cobaltstrike | 917d21101425cddc6f1520a4be98c8166a4d48cbb9ca9f92c0f0e668bc0dc5a8

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-11-2024 05:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

649ff0b8cf0790141ac1b2efa7d247f1
SHA1

00727efc74d548c407f9d4e0abbc52c72bba232b
SHA256

917d21101425cddc6f1520a4be98c8166a4d48cbb9ca9f92c0f0e668bc0dc5a8
SHA512

695e7fa575bb5d37f8d266d7f26ac0cac9481bcca2c8fc906be8d546eed3278fb8019eb9dd704bb7e9c07c786244d01be2aac29d3505d23d56cf4abccbddf99a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUC:T+q56utgpPF8u/7C

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\System\bNYCvQu.exe	cobalt_reflective_dll
C:\Windows\System\rshPArY.exe	cobalt_reflective_dll
C:\Windows\System\kiXdzyj.exe	cobalt_reflective_dll
C:\Windows\System\uZZMpRt.exe	cobalt_reflective_dll
C:\Windows\System\WcwAvjg.exe	cobalt_reflective_dll
C:\Windows\System\mxFZnmj.exe	cobalt_reflective_dll
C:\Windows\System\ulPXCci.exe	cobalt_reflective_dll
C:\Windows\System\zfrxclU.exe	cobalt_reflective_dll
C:\Windows\System\MiiPMWn.exe	cobalt_reflective_dll
C:\Windows\System\xwLcsZj.exe	cobalt_reflective_dll
C:\Windows\System\djjPNVb.exe	cobalt_reflective_dll
C:\Windows\System\RrqCOVz.exe	cobalt_reflective_dll
C:\Windows\System\GxjMlph.exe	cobalt_reflective_dll
C:\Windows\System\BwOciSc.exe	cobalt_reflective_dll
C:\Windows\System\PgYrMGW.exe	cobalt_reflective_dll
C:\Windows\System\yHJWfKd.exe	cobalt_reflective_dll
C:\Windows\System\sDyeXEa.exe	cobalt_reflective_dll
C:\Windows\System\vVIPVZe.exe	cobalt_reflective_dll
C:\Windows\System\zcbvoiC.exe	cobalt_reflective_dll
C:\Windows\System\dWBrdfq.exe	cobalt_reflective_dll
C:\Windows\System\BuQwfmB.exe	cobalt_reflective_dll
C:\Windows\System\pcHNlAE.exe	cobalt_reflective_dll
C:\Windows\System\HQncWbz.exe	cobalt_reflective_dll
C:\Windows\System\IZomqJI.exe	cobalt_reflective_dll
C:\Windows\System\gDbnLAn.exe	cobalt_reflective_dll
C:\Windows\System\qrFHjuG.exe	cobalt_reflective_dll
C:\Windows\System\QooUxDV.exe	cobalt_reflective_dll
C:\Windows\System\xavLdNX.exe	cobalt_reflective_dll
C:\Windows\System\uNpeDfZ.exe	cobalt_reflective_dll
C:\Windows\System\IyAThvt.exe	cobalt_reflective_dll
C:\Windows\System\oJoJYGo.exe	cobalt_reflective_dll
C:\Windows\System\yJSRZIS.exe	cobalt_reflective_dll
C:\Windows\System\NLXcejm.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/4044-0-0x00007FF629E00000-0x00007FF62A154000-memory.dmp	xmrig
C:\Windows\System\bNYCvQu.exe	xmrig
C:\Windows\System\rshPArY.exe	xmrig
C:\Windows\System\kiXdzyj.exe	xmrig
behavioral2/memory/656-18-0x00007FF66C030000-0x00007FF66C384000-memory.dmp	xmrig
behavioral2/memory/4224-16-0x00007FF7352C0000-0x00007FF735614000-memory.dmp	xmrig
behavioral2/memory/4288-11-0x00007FF73D850000-0x00007FF73DBA4000-memory.dmp	xmrig
C:\Windows\System\uZZMpRt.exe	xmrig
behavioral2/memory/3484-26-0x00007FF6A8040000-0x00007FF6A8394000-memory.dmp	xmrig
C:\Windows\System\WcwAvjg.exe	xmrig
C:\Windows\System\mxFZnmj.exe	xmrig
behavioral2/memory/2576-36-0x00007FF6FB860000-0x00007FF6FBBB4000-memory.dmp	xmrig
behavioral2/memory/3700-31-0x00007FF7D8760000-0x00007FF7D8AB4000-memory.dmp	xmrig
C:\Windows\System\ulPXCci.exe	xmrig
C:\Windows\System\zfrxclU.exe	xmrig
behavioral2/memory/4928-50-0x00007FF699050000-0x00007FF6993A4000-memory.dmp	xmrig
behavioral2/memory/2296-44-0x00007FF6651F0000-0x00007FF665544000-memory.dmp	xmrig
C:\Windows\System\MiiPMWn.exe	xmrig
behavioral2/memory/1884-65-0x00007FF6907F0000-0x00007FF690B44000-memory.dmp	xmrig
behavioral2/memory/4224-72-0x00007FF7352C0000-0x00007FF735614000-memory.dmp	xmrig
behavioral2/memory/4248-85-0x00007FF623450000-0x00007FF6237A4000-memory.dmp	xmrig
behavioral2/memory/656-93-0x00007FF66C030000-0x00007FF66C384000-memory.dmp	xmrig
behavioral2/memory/2164-99-0x00007FF6A1850000-0x00007FF6A1BA4000-memory.dmp	xmrig
behavioral2/memory/2444-105-0x00007FF63B880000-0x00007FF63BBD4000-memory.dmp	xmrig
C:\Windows\System\xwLcsZj.exe	xmrig
C:\Windows\System\djjPNVb.exe	xmrig
behavioral2/memory/1604-131-0x00007FF75AFB0000-0x00007FF75B304000-memory.dmp	xmrig
C:\Windows\System\RrqCOVz.exe	xmrig
C:\Windows\System\GxjMlph.exe	xmrig
behavioral2/memory/1976-174-0x00007FF643950000-0x00007FF643CA4000-memory.dmp	xmrig
C:\Windows\System\BwOciSc.exe	xmrig
behavioral2/memory/2296-370-0x00007FF6651F0000-0x00007FF665544000-memory.dmp	xmrig
C:\Windows\System\PgYrMGW.exe	xmrig
C:\Windows\System\yHJWfKd.exe	xmrig
C:\Windows\System\sDyeXEa.exe	xmrig
behavioral2/memory/3284-193-0x00007FF7979B0000-0x00007FF797D04000-memory.dmp	xmrig
C:\Windows\System\vVIPVZe.exe	xmrig
behavioral2/memory/2576-188-0x00007FF6FB860000-0x00007FF6FBBB4000-memory.dmp	xmrig
behavioral2/memory/4916-183-0x00007FF7C7970000-0x00007FF7C7CC4000-memory.dmp	xmrig
behavioral2/memory/3504-177-0x00007FF7AD350000-0x00007FF7AD6A4000-memory.dmp	xmrig
behavioral2/memory/3700-173-0x00007FF7D8760000-0x00007FF7D8AB4000-memory.dmp	xmrig
C:\Windows\System\zcbvoiC.exe	xmrig
behavioral2/memory/3612-170-0x00007FF661F00000-0x00007FF662254000-memory.dmp	xmrig
C:\Windows\System\dWBrdfq.exe	xmrig
behavioral2/memory/4128-165-0x00007FF6BF1B0000-0x00007FF6BF504000-memory.dmp	xmrig
behavioral2/memory/4664-164-0x00007FF7563F0000-0x00007FF756744000-memory.dmp	xmrig
behavioral2/memory/3804-162-0x00007FF60D130000-0x00007FF60D484000-memory.dmp	xmrig
C:\Windows\System\BuQwfmB.exe	xmrig
C:\Windows\System\pcHNlAE.exe	xmrig
C:\Windows\System\HQncWbz.exe	xmrig
C:\Windows\System\IZomqJI.exe	xmrig
C:\Windows\System\gDbnLAn.exe	xmrig
C:\Windows\System\qrFHjuG.exe	xmrig
C:\Windows\System\QooUxDV.exe	xmrig
behavioral2/memory/3484-125-0x00007FF6A8040000-0x00007FF6A8394000-memory.dmp	xmrig
behavioral2/memory/3592-121-0x00007FF64ADC0000-0x00007FF64B114000-memory.dmp	xmrig
behavioral2/memory/644-120-0x00007FF6F9490000-0x00007FF6F97E4000-memory.dmp	xmrig
behavioral2/memory/2224-117-0x00007FF78E9E0000-0x00007FF78ED34000-memory.dmp	xmrig
behavioral2/memory/1636-115-0x00007FF6C5760000-0x00007FF6C5AB4000-memory.dmp	xmrig
behavioral2/memory/1680-112-0x00007FF735DF0000-0x00007FF736144000-memory.dmp	xmrig
C:\Windows\System\xavLdNX.exe	xmrig
behavioral2/memory/4760-98-0x00007FF6D37B0000-0x00007FF6D3B04000-memory.dmp	xmrig
C:\Windows\System\uNpeDfZ.exe	xmrig
C:\Windows\System\IyAThvt.exe	xmrig

Executes dropped EXE 64 IoCs

Processes:

bNYCvQu.exekiXdzyj.exershPArY.exeuZZMpRt.exeWcwAvjg.exemxFZnmj.exeulPXCci.exezfrxclU.exeNLXcejm.exeMiiPMWn.exeoJoJYGo.exeyJSRZIS.exeIyAThvt.exeuNpeDfZ.exexavLdNX.exeRrqCOVz.exeQooUxDV.exeqrFHjuG.exegDbnLAn.exeIZomqJI.exeHQncWbz.exexwLcsZj.exedjjPNVb.exeBuQwfmB.exepcHNlAE.exedWBrdfq.exeGxjMlph.exezcbvoiC.exeBwOciSc.exesDyeXEa.exeyHJWfKd.exevVIPVZe.exePgYrMGW.exeupVHeFb.exeToraLhw.exeGNvEyvl.exeZMnThhT.exebnFyXip.exesSVqrOd.exegIylujw.exeJsKYTfn.exetcMPLHp.exeqKvYhZz.exewBELgEP.exeBzkYemY.exeWrMPdXL.exeAiDfrno.exeBSoOfxt.exeYVyumAN.exeNQImVBo.exeYFxegWG.exeEFQyjZf.execaHwlaU.exeteYvDZD.exeOZrcZqx.exepeUpRJr.exeqWWzJwl.exewuviorN.exebvcnZKM.exeFmVZBKp.exeMWIJpja.exeoWhZsnB.exeIexRnZs.exeDljGjcD.exe

pid	process
4288	bNYCvQu.exe
4224	kiXdzyj.exe
656	rshPArY.exe
3484	uZZMpRt.exe
3700	WcwAvjg.exe
2576	mxFZnmj.exe
2296	ulPXCci.exe
4928	zfrxclU.exe
3280	NLXcejm.exe
1884	MiiPMWn.exe
3996	oJoJYGo.exe
4248	yJSRZIS.exe
1636	IyAThvt.exe
4760	uNpeDfZ.exe
2224	xavLdNX.exe
2164	RrqCOVz.exe
644	QooUxDV.exe
2444	qrFHjuG.exe
3592	gDbnLAn.exe
1680	IZomqJI.exe
1604	HQncWbz.exe
3804	xwLcsZj.exe
1976	djjPNVb.exe
3504	BuQwfmB.exe
4664	pcHNlAE.exe
4128	dWBrdfq.exe
3612	GxjMlph.exe
4916	zcbvoiC.exe
3284	BwOciSc.exe
892	sDyeXEa.exe
1216	yHJWfKd.exe
5048	vVIPVZe.exe
4284	PgYrMGW.exe
3476	upVHeFb.exe
1052	ToraLhw.exe
3060	GNvEyvl.exe
3244	ZMnThhT.exe
4040	bnFyXip.exe
5116	sSVqrOd.exe
4596	gIylujw.exe
1868	JsKYTfn.exe
2144	tcMPLHp.exe
3564	qKvYhZz.exe
4620	wBELgEP.exe
4776	BzkYemY.exe
2420	WrMPdXL.exe
100	AiDfrno.exe
1792	BSoOfxt.exe
4200	YVyumAN.exe
3092	NQImVBo.exe
4216	YFxegWG.exe
3812	EFQyjZf.exe
952	caHwlaU.exe
4908	teYvDZD.exe
1416	OZrcZqx.exe
2104	peUpRJr.exe
3260	qWWzJwl.exe
3952	wuviorN.exe
1436	bvcnZKM.exe
3520	FmVZBKp.exe
3796	MWIJpja.exe
3424	oWhZsnB.exe
4104	IexRnZs.exe
4876	DljGjcD.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4044-0-0x00007FF629E00000-0x00007FF62A154000-memory.dmp	upx
C:\Windows\System\bNYCvQu.exe	upx
C:\Windows\System\rshPArY.exe	upx
C:\Windows\System\kiXdzyj.exe	upx
behavioral2/memory/656-18-0x00007FF66C030000-0x00007FF66C384000-memory.dmp	upx
behavioral2/memory/4224-16-0x00007FF7352C0000-0x00007FF735614000-memory.dmp	upx
behavioral2/memory/4288-11-0x00007FF73D850000-0x00007FF73DBA4000-memory.dmp	upx
C:\Windows\System\uZZMpRt.exe	upx
behavioral2/memory/3484-26-0x00007FF6A8040000-0x00007FF6A8394000-memory.dmp	upx
C:\Windows\System\WcwAvjg.exe	upx
C:\Windows\System\mxFZnmj.exe	upx
behavioral2/memory/2576-36-0x00007FF6FB860000-0x00007FF6FBBB4000-memory.dmp	upx
behavioral2/memory/3700-31-0x00007FF7D8760000-0x00007FF7D8AB4000-memory.dmp	upx
C:\Windows\System\ulPXCci.exe	upx
C:\Windows\System\zfrxclU.exe	upx
behavioral2/memory/4928-50-0x00007FF699050000-0x00007FF6993A4000-memory.dmp	upx
behavioral2/memory/2296-44-0x00007FF6651F0000-0x00007FF665544000-memory.dmp	upx
C:\Windows\System\MiiPMWn.exe	upx
behavioral2/memory/1884-65-0x00007FF6907F0000-0x00007FF690B44000-memory.dmp	upx
behavioral2/memory/4224-72-0x00007FF7352C0000-0x00007FF735614000-memory.dmp	upx
behavioral2/memory/4248-85-0x00007FF623450000-0x00007FF6237A4000-memory.dmp	upx
behavioral2/memory/656-93-0x00007FF66C030000-0x00007FF66C384000-memory.dmp	upx
behavioral2/memory/2164-99-0x00007FF6A1850000-0x00007FF6A1BA4000-memory.dmp	upx
behavioral2/memory/2444-105-0x00007FF63B880000-0x00007FF63BBD4000-memory.dmp	upx
C:\Windows\System\xwLcsZj.exe	upx
C:\Windows\System\djjPNVb.exe	upx
behavioral2/memory/1604-131-0x00007FF75AFB0000-0x00007FF75B304000-memory.dmp	upx
C:\Windows\System\RrqCOVz.exe	upx
C:\Windows\System\GxjMlph.exe	upx
behavioral2/memory/1976-174-0x00007FF643950000-0x00007FF643CA4000-memory.dmp	upx
C:\Windows\System\BwOciSc.exe	upx
behavioral2/memory/2296-370-0x00007FF6651F0000-0x00007FF665544000-memory.dmp	upx
C:\Windows\System\PgYrMGW.exe	upx
C:\Windows\System\yHJWfKd.exe	upx
C:\Windows\System\sDyeXEa.exe	upx
behavioral2/memory/3284-193-0x00007FF7979B0000-0x00007FF797D04000-memory.dmp	upx
C:\Windows\System\vVIPVZe.exe	upx
behavioral2/memory/2576-188-0x00007FF6FB860000-0x00007FF6FBBB4000-memory.dmp	upx
behavioral2/memory/4916-183-0x00007FF7C7970000-0x00007FF7C7CC4000-memory.dmp	upx
behavioral2/memory/3504-177-0x00007FF7AD350000-0x00007FF7AD6A4000-memory.dmp	upx
behavioral2/memory/3700-173-0x00007FF7D8760000-0x00007FF7D8AB4000-memory.dmp	upx
C:\Windows\System\zcbvoiC.exe	upx
behavioral2/memory/3612-170-0x00007FF661F00000-0x00007FF662254000-memory.dmp	upx
C:\Windows\System\dWBrdfq.exe	upx
behavioral2/memory/4128-165-0x00007FF6BF1B0000-0x00007FF6BF504000-memory.dmp	upx
behavioral2/memory/4664-164-0x00007FF7563F0000-0x00007FF756744000-memory.dmp	upx
behavioral2/memory/3804-162-0x00007FF60D130000-0x00007FF60D484000-memory.dmp	upx
C:\Windows\System\BuQwfmB.exe	upx
C:\Windows\System\pcHNlAE.exe	upx
C:\Windows\System\HQncWbz.exe	upx
C:\Windows\System\IZomqJI.exe	upx
C:\Windows\System\gDbnLAn.exe	upx
C:\Windows\System\qrFHjuG.exe	upx
C:\Windows\System\QooUxDV.exe	upx
behavioral2/memory/3484-125-0x00007FF6A8040000-0x00007FF6A8394000-memory.dmp	upx
behavioral2/memory/3592-121-0x00007FF64ADC0000-0x00007FF64B114000-memory.dmp	upx
behavioral2/memory/644-120-0x00007FF6F9490000-0x00007FF6F97E4000-memory.dmp	upx
behavioral2/memory/2224-117-0x00007FF78E9E0000-0x00007FF78ED34000-memory.dmp	upx
behavioral2/memory/1636-115-0x00007FF6C5760000-0x00007FF6C5AB4000-memory.dmp	upx
behavioral2/memory/1680-112-0x00007FF735DF0000-0x00007FF736144000-memory.dmp	upx
C:\Windows\System\xavLdNX.exe	upx
behavioral2/memory/4760-98-0x00007FF6D37B0000-0x00007FF6D3B04000-memory.dmp	upx
C:\Windows\System\uNpeDfZ.exe	upx
C:\Windows\System\IyAThvt.exe	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\maMctoB.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lJHlLsX.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OcHhdgt.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYmcmjJ.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVbppxU.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YugEPuS.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yuyUulN.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HbyimHb.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LLOqCLK.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VnTeKIb.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBAuHYH.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KAcwDOT.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WhkuoYY.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PjFdPYN.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YcTYdOS.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vQwgvoz.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VgZiNnK.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QiSGkUq.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GSOSQWp.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HSIbvoy.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RJZXfST.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tFuCbHg.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSjuhmZ.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgMMfla.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\phoFBKs.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZcQGPPs.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GLlTZTW.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bbdEqDG.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xmTZxZJ.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZuVAUAT.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gIXxQcU.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xRJEcrz.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cEbAqkb.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\quPIzqv.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iYFaQDR.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uDwSHdo.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YmJCMZp.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XxkGByZ.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mZLdyqw.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wBAlcJC.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BApSbKU.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vebwKtm.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XfdHdJd.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OJFuNyk.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KCTLiZl.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\osCXTqQ.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\purMatV.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWOVjRH.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HMqoJgA.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wpcoiiw.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tDIBfCW.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yfQAofz.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TwGflDN.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NchIsUG.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kiXdzyj.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FmVZBKp.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PevRBPB.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\boFPPrh.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UicUamC.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDDOVjM.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LGQZunM.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\geNpeQj.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IySSZcG.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mxFZnmj.exe	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 4044 wrote to memory of 4288	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	bNYCvQu.exe
PID 4044 wrote to memory of 4288	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	bNYCvQu.exe
PID 4044 wrote to memory of 4224	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	kiXdzyj.exe
PID 4044 wrote to memory of 4224	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	kiXdzyj.exe
PID 4044 wrote to memory of 656	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	rshPArY.exe
PID 4044 wrote to memory of 656	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	rshPArY.exe
PID 4044 wrote to memory of 3484	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	uZZMpRt.exe
PID 4044 wrote to memory of 3484	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	uZZMpRt.exe
PID 4044 wrote to memory of 3700	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	WcwAvjg.exe
PID 4044 wrote to memory of 3700	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	WcwAvjg.exe
PID 4044 wrote to memory of 2576	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	mxFZnmj.exe
PID 4044 wrote to memory of 2576	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	mxFZnmj.exe
PID 4044 wrote to memory of 2296	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	ulPXCci.exe
PID 4044 wrote to memory of 2296	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	ulPXCci.exe
PID 4044 wrote to memory of 4928	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	zfrxclU.exe
PID 4044 wrote to memory of 4928	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	zfrxclU.exe
PID 4044 wrote to memory of 3280	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	NLXcejm.exe
PID 4044 wrote to memory of 3280	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	NLXcejm.exe
PID 4044 wrote to memory of 1884	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	MiiPMWn.exe
PID 4044 wrote to memory of 1884	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	MiiPMWn.exe
PID 4044 wrote to memory of 4248	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	yJSRZIS.exe
PID 4044 wrote to memory of 4248	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	yJSRZIS.exe
PID 4044 wrote to memory of 3996	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	oJoJYGo.exe
PID 4044 wrote to memory of 3996	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	oJoJYGo.exe
PID 4044 wrote to memory of 1636	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	IyAThvt.exe
PID 4044 wrote to memory of 1636	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	IyAThvt.exe
PID 4044 wrote to memory of 4760	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	uNpeDfZ.exe
PID 4044 wrote to memory of 4760	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	uNpeDfZ.exe
PID 4044 wrote to memory of 2224	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	xavLdNX.exe
PID 4044 wrote to memory of 2224	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	xavLdNX.exe
PID 4044 wrote to memory of 2444	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	qrFHjuG.exe
PID 4044 wrote to memory of 2444	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	qrFHjuG.exe
PID 4044 wrote to memory of 2164	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	RrqCOVz.exe
PID 4044 wrote to memory of 2164	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	RrqCOVz.exe
PID 4044 wrote to memory of 644	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	QooUxDV.exe
PID 4044 wrote to memory of 644	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	QooUxDV.exe
PID 4044 wrote to memory of 3592	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	gDbnLAn.exe
PID 4044 wrote to memory of 3592	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	gDbnLAn.exe
PID 4044 wrote to memory of 1680	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	IZomqJI.exe
PID 4044 wrote to memory of 1680	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	IZomqJI.exe
PID 4044 wrote to memory of 1604	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	HQncWbz.exe
PID 4044 wrote to memory of 1604	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	HQncWbz.exe
PID 4044 wrote to memory of 3804	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	xwLcsZj.exe
PID 4044 wrote to memory of 3804	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	xwLcsZj.exe
PID 4044 wrote to memory of 1976	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	djjPNVb.exe
PID 4044 wrote to memory of 1976	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	djjPNVb.exe
PID 4044 wrote to memory of 4664	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	pcHNlAE.exe
PID 4044 wrote to memory of 4664	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	pcHNlAE.exe
PID 4044 wrote to memory of 3504	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	BuQwfmB.exe
PID 4044 wrote to memory of 3504	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	BuQwfmB.exe
PID 4044 wrote to memory of 4128	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	dWBrdfq.exe
PID 4044 wrote to memory of 4128	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	dWBrdfq.exe
PID 4044 wrote to memory of 3612	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	GxjMlph.exe
PID 4044 wrote to memory of 3612	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	GxjMlph.exe
PID 4044 wrote to memory of 4916	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	zcbvoiC.exe
PID 4044 wrote to memory of 4916	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	zcbvoiC.exe
PID 4044 wrote to memory of 3284	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	BwOciSc.exe
PID 4044 wrote to memory of 3284	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	BwOciSc.exe
PID 4044 wrote to memory of 892	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	sDyeXEa.exe
PID 4044 wrote to memory of 892	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	sDyeXEa.exe
PID 4044 wrote to memory of 1216	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	yHJWfKd.exe
PID 4044 wrote to memory of 1216	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	yHJWfKd.exe
PID 4044 wrote to memory of 5048	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	vVIPVZe.exe
PID 4044 wrote to memory of 5048	4044	2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe	vVIPVZe.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-18_649ff0b8cf0790141ac1b2efa7d247f1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4044
- C:\Windows\System\bNYCvQu.exe
  C:\Windows\System\bNYCvQu.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\kiXdzyj.exe
  C:\Windows\System\kiXdzyj.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\rshPArY.exe
  C:\Windows\System\rshPArY.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\uZZMpRt.exe
  C:\Windows\System\uZZMpRt.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\WcwAvjg.exe
  C:\Windows\System\WcwAvjg.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\mxFZnmj.exe
  C:\Windows\System\mxFZnmj.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\ulPXCci.exe
  C:\Windows\System\ulPXCci.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\zfrxclU.exe
  C:\Windows\System\zfrxclU.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\NLXcejm.exe
  C:\Windows\System\NLXcejm.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\MiiPMWn.exe
  C:\Windows\System\MiiPMWn.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\yJSRZIS.exe
  C:\Windows\System\yJSRZIS.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\oJoJYGo.exe
  C:\Windows\System\oJoJYGo.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\IyAThvt.exe
  C:\Windows\System\IyAThvt.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\uNpeDfZ.exe
  C:\Windows\System\uNpeDfZ.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\xavLdNX.exe
  C:\Windows\System\xavLdNX.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\qrFHjuG.exe
  C:\Windows\System\qrFHjuG.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\RrqCOVz.exe
  C:\Windows\System\RrqCOVz.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\QooUxDV.exe
  C:\Windows\System\QooUxDV.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\gDbnLAn.exe
  C:\Windows\System\gDbnLAn.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\IZomqJI.exe
  C:\Windows\System\IZomqJI.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\HQncWbz.exe
  C:\Windows\System\HQncWbz.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\xwLcsZj.exe
  C:\Windows\System\xwLcsZj.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System\djjPNVb.exe
  C:\Windows\System\djjPNVb.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\pcHNlAE.exe
  C:\Windows\System\pcHNlAE.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\BuQwfmB.exe
  C:\Windows\System\BuQwfmB.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\dWBrdfq.exe
  C:\Windows\System\dWBrdfq.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\GxjMlph.exe
  C:\Windows\System\GxjMlph.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\zcbvoiC.exe
  C:\Windows\System\zcbvoiC.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\BwOciSc.exe
  C:\Windows\System\BwOciSc.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\sDyeXEa.exe
  C:\Windows\System\sDyeXEa.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\yHJWfKd.exe
  C:\Windows\System\yHJWfKd.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\vVIPVZe.exe
  C:\Windows\System\vVIPVZe.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\PgYrMGW.exe
  C:\Windows\System\PgYrMGW.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\upVHeFb.exe
  C:\Windows\System\upVHeFb.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\ToraLhw.exe
  C:\Windows\System\ToraLhw.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\GNvEyvl.exe
  C:\Windows\System\GNvEyvl.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\ZMnThhT.exe
  C:\Windows\System\ZMnThhT.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\bnFyXip.exe
  C:\Windows\System\bnFyXip.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\sSVqrOd.exe
  C:\Windows\System\sSVqrOd.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\gIylujw.exe
  C:\Windows\System\gIylujw.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\JsKYTfn.exe
  C:\Windows\System\JsKYTfn.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\tcMPLHp.exe
  C:\Windows\System\tcMPLHp.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\qKvYhZz.exe
  C:\Windows\System\qKvYhZz.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\wBELgEP.exe
  C:\Windows\System\wBELgEP.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\BzkYemY.exe
  C:\Windows\System\BzkYemY.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\WrMPdXL.exe
  C:\Windows\System\WrMPdXL.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\AiDfrno.exe
  C:\Windows\System\AiDfrno.exe
  2⤵
  - Executes dropped EXE
  PID:100
- C:\Windows\System\BSoOfxt.exe
  C:\Windows\System\BSoOfxt.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\YVyumAN.exe
  C:\Windows\System\YVyumAN.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\NQImVBo.exe
  C:\Windows\System\NQImVBo.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\YFxegWG.exe
  C:\Windows\System\YFxegWG.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\EFQyjZf.exe
  C:\Windows\System\EFQyjZf.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\caHwlaU.exe
  C:\Windows\System\caHwlaU.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\teYvDZD.exe
  C:\Windows\System\teYvDZD.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\OZrcZqx.exe
  C:\Windows\System\OZrcZqx.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\peUpRJr.exe
  C:\Windows\System\peUpRJr.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\qWWzJwl.exe
  C:\Windows\System\qWWzJwl.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\wuviorN.exe
  C:\Windows\System\wuviorN.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\bvcnZKM.exe
  C:\Windows\System\bvcnZKM.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\FmVZBKp.exe
  C:\Windows\System\FmVZBKp.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\MWIJpja.exe
  C:\Windows\System\MWIJpja.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\oWhZsnB.exe
  C:\Windows\System\oWhZsnB.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\IexRnZs.exe
  C:\Windows\System\IexRnZs.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\DljGjcD.exe
  C:\Windows\System\DljGjcD.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\WCmrUKr.exe
  C:\Windows\System\WCmrUKr.exe
  2⤵
  PID:4408
- C:\Windows\System\bTLRFnt.exe
  C:\Windows\System\bTLRFnt.exe
  2⤵
  PID:948
- C:\Windows\System\irqQyZC.exe
  C:\Windows\System\irqQyZC.exe
  2⤵
  PID:2852
- C:\Windows\System\inbzpnW.exe
  C:\Windows\System\inbzpnW.exe
  2⤵
  PID:2672
- C:\Windows\System\oxpCmys.exe
  C:\Windows\System\oxpCmys.exe
  2⤵
  PID:4524
- C:\Windows\System\AsiydPA.exe
  C:\Windows\System\AsiydPA.exe
  2⤵
  PID:888
- C:\Windows\System\QAdLhtA.exe
  C:\Windows\System\QAdLhtA.exe
  2⤵
  PID:3084
- C:\Windows\System\dNUcSWd.exe
  C:\Windows\System\dNUcSWd.exe
  2⤵
  PID:1448
- C:\Windows\System\ckgAWoc.exe
  C:\Windows\System\ckgAWoc.exe
  2⤵
  PID:1176
- C:\Windows\System\mSrzcjy.exe
  C:\Windows\System\mSrzcjy.exe
  2⤵
  PID:4392
- C:\Windows\System\fRvGERS.exe
  C:\Windows\System\fRvGERS.exe
  2⤵
  PID:4428
- C:\Windows\System\nBtEGAd.exe
  C:\Windows\System\nBtEGAd.exe
  2⤵
  PID:212
- C:\Windows\System\sOwcYrZ.exe
  C:\Windows\System\sOwcYrZ.exe
  2⤵
  PID:1540
- C:\Windows\System\jUhgfWR.exe
  C:\Windows\System\jUhgfWR.exe
  2⤵
  PID:5152
- C:\Windows\System\geKsJek.exe
  C:\Windows\System\geKsJek.exe
  2⤵
  PID:5176
- C:\Windows\System\mooVZXX.exe
  C:\Windows\System\mooVZXX.exe
  2⤵
  PID:5204
- C:\Windows\System\wDqQGbZ.exe
  C:\Windows\System\wDqQGbZ.exe
  2⤵
  PID:5244
- C:\Windows\System\JcqRYka.exe
  C:\Windows\System\JcqRYka.exe
  2⤵
  PID:5264
- C:\Windows\System\HIMLboj.exe
  C:\Windows\System\HIMLboj.exe
  2⤵
  PID:5288
- C:\Windows\System\GsrLTlo.exe
  C:\Windows\System\GsrLTlo.exe
  2⤵
  PID:5320
- C:\Windows\System\PHANJBJ.exe
  C:\Windows\System\PHANJBJ.exe
  2⤵
  PID:5348
- C:\Windows\System\jrHJRuN.exe
  C:\Windows\System\jrHJRuN.exe
  2⤵
  PID:5388
- C:\Windows\System\zeBFUbs.exe
  C:\Windows\System\zeBFUbs.exe
  2⤵
  PID:5404
- C:\Windows\System\eqUFpZg.exe
  C:\Windows\System\eqUFpZg.exe
  2⤵
  PID:5424
- C:\Windows\System\poctgMU.exe
  C:\Windows\System\poctgMU.exe
  2⤵
  PID:5448
- C:\Windows\System\fnEYLOy.exe
  C:\Windows\System\fnEYLOy.exe
  2⤵
  PID:5484
- C:\Windows\System\npzTefZ.exe
  C:\Windows\System\npzTefZ.exe
  2⤵
  PID:5504
- C:\Windows\System\vjzMmJJ.exe
  C:\Windows\System\vjzMmJJ.exe
  2⤵
  PID:5780
- C:\Windows\System\zQTznyE.exe
  C:\Windows\System\zQTznyE.exe
  2⤵
  PID:5812
- C:\Windows\System\GGtCqIc.exe
  C:\Windows\System\GGtCqIc.exe
  2⤵
  PID:5888
- C:\Windows\System\ljrYSfm.exe
  C:\Windows\System\ljrYSfm.exe
  2⤵
  PID:5964
- C:\Windows\System\IoelEdp.exe
  C:\Windows\System\IoelEdp.exe
  2⤵
  PID:6012
- C:\Windows\System\lCZPxdb.exe
  C:\Windows\System\lCZPxdb.exe
  2⤵
  PID:6048
- C:\Windows\System\BbxIkYp.exe
  C:\Windows\System\BbxIkYp.exe
  2⤵
  PID:6076
- C:\Windows\System\ZJVyBJL.exe
  C:\Windows\System\ZJVyBJL.exe
  2⤵
  PID:6136
- C:\Windows\System\JvQJBXa.exe
  C:\Windows\System\JvQJBXa.exe
  2⤵
  PID:2100
- C:\Windows\System\csLHWYj.exe
  C:\Windows\System\csLHWYj.exe
  2⤵
  PID:1952
- C:\Windows\System\sPJlMge.exe
  C:\Windows\System\sPJlMge.exe
  2⤵
  PID:5160
- C:\Windows\System\KSsfEOK.exe
  C:\Windows\System\KSsfEOK.exe
  2⤵
  PID:5228
- C:\Windows\System\KMbwBeS.exe
  C:\Windows\System\KMbwBeS.exe
  2⤵
  PID:5296
- C:\Windows\System\cokhNUS.exe
  C:\Windows\System\cokhNUS.exe
  2⤵
  PID:5372
- C:\Windows\System\RXnUiwj.exe
  C:\Windows\System\RXnUiwj.exe
  2⤵
  PID:404
- C:\Windows\System\xlTAHie.exe
  C:\Windows\System\xlTAHie.exe
  2⤵
  PID:5480
- C:\Windows\System\QWCHMam.exe
  C:\Windows\System\QWCHMam.exe
  2⤵
  PID:2380
- C:\Windows\System\UkYBKsd.exe
  C:\Windows\System\UkYBKsd.exe
  2⤵
  PID:1148
- C:\Windows\System\sMASjJI.exe
  C:\Windows\System\sMASjJI.exe
  2⤵
  PID:2004
- C:\Windows\System\xTtLraV.exe
  C:\Windows\System\xTtLraV.exe
  2⤵
  PID:5572
- C:\Windows\System\NRFVtyo.exe
  C:\Windows\System\NRFVtyo.exe
  2⤵
  PID:3624
- C:\Windows\System\uNyLSDX.exe
  C:\Windows\System\uNyLSDX.exe
  2⤵
  PID:2728
- C:\Windows\System\iaJjtcC.exe
  C:\Windows\System\iaJjtcC.exe
  2⤵
  PID:4340
- C:\Windows\System\fUCJRIQ.exe
  C:\Windows\System\fUCJRIQ.exe
  2⤵
  PID:1840
- C:\Windows\System\JsSSPKv.exe
  C:\Windows\System\JsSSPKv.exe
  2⤵
  PID:752
- C:\Windows\System\ZkXIaYC.exe
  C:\Windows\System\ZkXIaYC.exe
  2⤵
  PID:4852
- C:\Windows\System\mMDLqDB.exe
  C:\Windows\System\mMDLqDB.exe
  2⤵
  PID:5940
- C:\Windows\System\dppmKHo.exe
  C:\Windows\System\dppmKHo.exe
  2⤵
  PID:6008
- C:\Windows\System\uxVFlcF.exe
  C:\Windows\System\uxVFlcF.exe
  2⤵
  PID:6040
- C:\Windows\System\TCDJPZC.exe
  C:\Windows\System\TCDJPZC.exe
  2⤵
  PID:6072
- C:\Windows\System\TpkKlKA.exe
  C:\Windows\System\TpkKlKA.exe
  2⤵
  PID:2216
- C:\Windows\System\puWBFUb.exe
  C:\Windows\System\puWBFUb.exe
  2⤵
  PID:5092
- C:\Windows\System\aAzvtkW.exe
  C:\Windows\System\aAzvtkW.exe
  2⤵
  PID:1088
- C:\Windows\System\yTVnmuz.exe
  C:\Windows\System\yTVnmuz.exe
  2⤵
  PID:5312
- C:\Windows\System\fbxeFaF.exe
  C:\Windows\System\fbxeFaF.exe
  2⤵
  PID:5752
- C:\Windows\System\KeyaKTJ.exe
  C:\Windows\System\KeyaKTJ.exe
  2⤵
  PID:4976
- C:\Windows\System\WIIeVld.exe
  C:\Windows\System\WIIeVld.exe
  2⤵
  PID:1332
- C:\Windows\System\rfyyczU.exe
  C:\Windows\System\rfyyczU.exe
  2⤵
  PID:5536
- C:\Windows\System\FafOTMQ.exe
  C:\Windows\System\FafOTMQ.exe
  2⤵
  PID:4540
- C:\Windows\System\PlQVoob.exe
  C:\Windows\System\PlQVoob.exe
  2⤵
  PID:732
- C:\Windows\System\nFnrzwz.exe
  C:\Windows\System\nFnrzwz.exe
  2⤵
  PID:1460
- C:\Windows\System\tpbXlRr.exe
  C:\Windows\System\tpbXlRr.exe
  2⤵
  PID:4884
- C:\Windows\System\vYioNXw.exe
  C:\Windows\System\vYioNXw.exe
  2⤵
  PID:3532
- C:\Windows\System\OGRJEoz.exe
  C:\Windows\System\OGRJEoz.exe
  2⤵
  PID:2656
- C:\Windows\System\nGtSGXo.exe
  C:\Windows\System\nGtSGXo.exe
  2⤵
  PID:4240
- C:\Windows\System\cOfOmPV.exe
  C:\Windows\System\cOfOmPV.exe
  2⤵
  PID:1776
- C:\Windows\System\zsvDtaU.exe
  C:\Windows\System\zsvDtaU.exe
  2⤵
  PID:4368
- C:\Windows\System\DzxgVKs.exe
  C:\Windows\System\DzxgVKs.exe
  2⤵
  PID:5440
- C:\Windows\System\wBAlcJC.exe
  C:\Windows\System\wBAlcJC.exe
  2⤵
  PID:5188
- C:\Windows\System\eltOFow.exe
  C:\Windows\System\eltOFow.exe
  2⤵
  PID:2752
- C:\Windows\System\FzHgdbF.exe
  C:\Windows\System\FzHgdbF.exe
  2⤵
  PID:5024
- C:\Windows\System\cbHvpmR.exe
  C:\Windows\System\cbHvpmR.exe
  2⤵
  PID:6068
- C:\Windows\System\YbyaxZN.exe
  C:\Windows\System\YbyaxZN.exe
  2⤵
  PID:6160
- C:\Windows\System\VfxzZkz.exe
  C:\Windows\System\VfxzZkz.exe
  2⤵
  PID:6176
- C:\Windows\System\OozSEqy.exe
  C:\Windows\System\OozSEqy.exe
  2⤵
  PID:6220
- C:\Windows\System\uYpehRF.exe
  C:\Windows\System\uYpehRF.exe
  2⤵
  PID:6248
- C:\Windows\System\OcMibrt.exe
  C:\Windows\System\OcMibrt.exe
  2⤵
  PID:6272
- C:\Windows\System\ytyjJrq.exe
  C:\Windows\System\ytyjJrq.exe
  2⤵
  PID:6308
- C:\Windows\System\WSGHMJL.exe
  C:\Windows\System\WSGHMJL.exe
  2⤵
  PID:6324
- C:\Windows\System\DBAcfnc.exe
  C:\Windows\System\DBAcfnc.exe
  2⤵
  PID:6360
- C:\Windows\System\zDDwGHX.exe
  C:\Windows\System\zDDwGHX.exe
  2⤵
  PID:6392
- C:\Windows\System\earIzor.exe
  C:\Windows\System\earIzor.exe
  2⤵
  PID:6420
- C:\Windows\System\UumWKVn.exe
  C:\Windows\System\UumWKVn.exe
  2⤵
  PID:6448
- C:\Windows\System\iQWTNJc.exe
  C:\Windows\System\iQWTNJc.exe
  2⤵
  PID:6480
- C:\Windows\System\BApSbKU.exe
  C:\Windows\System\BApSbKU.exe
  2⤵
  PID:6504
- C:\Windows\System\NaVVkbu.exe
  C:\Windows\System\NaVVkbu.exe
  2⤵
  PID:6532
- C:\Windows\System\mpCIFxW.exe
  C:\Windows\System\mpCIFxW.exe
  2⤵
  PID:6564
- C:\Windows\System\qnrjYGY.exe
  C:\Windows\System\qnrjYGY.exe
  2⤵
  PID:6596
- C:\Windows\System\kttyIua.exe
  C:\Windows\System\kttyIua.exe
  2⤵
  PID:6628
- C:\Windows\System\QDsAZMM.exe
  C:\Windows\System\QDsAZMM.exe
  2⤵
  PID:6644
- C:\Windows\System\moqAjTW.exe
  C:\Windows\System\moqAjTW.exe
  2⤵
  PID:6680
- C:\Windows\System\isjvgSZ.exe
  C:\Windows\System\isjvgSZ.exe
  2⤵
  PID:6716
- C:\Windows\System\wREsYBc.exe
  C:\Windows\System\wREsYBc.exe
  2⤵
  PID:6740
- C:\Windows\System\zTabYAo.exe
  C:\Windows\System\zTabYAo.exe
  2⤵
  PID:6760
- C:\Windows\System\WzgiAln.exe
  C:\Windows\System\WzgiAln.exe
  2⤵
  PID:6792
- C:\Windows\System\lPqqoFP.exe
  C:\Windows\System\lPqqoFP.exe
  2⤵
  PID:6824
- C:\Windows\System\XygOyKv.exe
  C:\Windows\System\XygOyKv.exe
  2⤵
  PID:6852
- C:\Windows\System\pUMzafp.exe
  C:\Windows\System\pUMzafp.exe
  2⤵
  PID:6884
- C:\Windows\System\fVNOufX.exe
  C:\Windows\System\fVNOufX.exe
  2⤵
  PID:6900
- C:\Windows\System\GbmPWDL.exe
  C:\Windows\System\GbmPWDL.exe
  2⤵
  PID:6924
- C:\Windows\System\VtGIkKV.exe
  C:\Windows\System\VtGIkKV.exe
  2⤵
  PID:6960
- C:\Windows\System\iYFaQDR.exe
  C:\Windows\System\iYFaQDR.exe
  2⤵
  PID:6996
- C:\Windows\System\fZLzPtS.exe
  C:\Windows\System\fZLzPtS.exe
  2⤵
  PID:7028
- C:\Windows\System\AIJpWjq.exe
  C:\Windows\System\AIJpWjq.exe
  2⤵
  PID:7060
- C:\Windows\System\BblEvEe.exe
  C:\Windows\System\BblEvEe.exe
  2⤵
  PID:7088
- C:\Windows\System\xmTZxZJ.exe
  C:\Windows\System\xmTZxZJ.exe
  2⤵
  PID:7112
- C:\Windows\System\SirABYa.exe
  C:\Windows\System\SirABYa.exe
  2⤵
  PID:7148
- C:\Windows\System\cRPtADj.exe
  C:\Windows\System\cRPtADj.exe
  2⤵
  PID:6212
- C:\Windows\System\PYaHKaY.exe
  C:\Windows\System\PYaHKaY.exe
  2⤵
  PID:2712
- C:\Windows\System\ZOirlTq.exe
  C:\Windows\System\ZOirlTq.exe
  2⤵
  PID:6344
- C:\Windows\System\QkkJtDC.exe
  C:\Windows\System\QkkJtDC.exe
  2⤵
  PID:6428
- C:\Windows\System\FfeeOWa.exe
  C:\Windows\System\FfeeOWa.exe
  2⤵
  PID:6500
- C:\Windows\System\CPoUbAh.exe
  C:\Windows\System\CPoUbAh.exe
  2⤵
  PID:6216
- C:\Windows\System\pGrlghs.exe
  C:\Windows\System\pGrlghs.exe
  2⤵
  PID:6688
- C:\Windows\System\xkAJDuw.exe
  C:\Windows\System\xkAJDuw.exe
  2⤵
  PID:6772
- C:\Windows\System\LFEGuWo.exe
  C:\Windows\System\LFEGuWo.exe
  2⤵
  PID:6832
- C:\Windows\System\wXOyUFP.exe
  C:\Windows\System\wXOyUFP.exe
  2⤵
  PID:6864
- C:\Windows\System\TCnppxK.exe
  C:\Windows\System\TCnppxK.exe
  2⤵
  PID:6916
- C:\Windows\System\fZosRrh.exe
  C:\Windows\System\fZosRrh.exe
  2⤵
  PID:7008
- C:\Windows\System\ZuVAUAT.exe
  C:\Windows\System\ZuVAUAT.exe
  2⤵
  PID:6908
- C:\Windows\System\LlZFvWx.exe
  C:\Windows\System\LlZFvWx.exe
  2⤵
  PID:7104
- C:\Windows\System\MqoCUPZ.exe
  C:\Windows\System\MqoCUPZ.exe
  2⤵
  PID:7156
- C:\Windows\System\ChsObCe.exe
  C:\Windows\System\ChsObCe.exe
  2⤵
  PID:6304
- C:\Windows\System\siOVonO.exe
  C:\Windows\System\siOVonO.exe
  2⤵
  PID:6528
- C:\Windows\System\hgKJNQU.exe
  C:\Windows\System\hgKJNQU.exe
  2⤵
  PID:6672
- C:\Windows\System\BbNZCdr.exe
  C:\Windows\System\BbNZCdr.exe
  2⤵
  PID:6860
- C:\Windows\System\AkAIlJR.exe
  C:\Windows\System\AkAIlJR.exe
  2⤵
  PID:6476
- C:\Windows\System\eiftpSp.exe
  C:\Windows\System\eiftpSp.exe
  2⤵
  PID:7048
- C:\Windows\System\nGWYgVy.exe
  C:\Windows\System\nGWYgVy.exe
  2⤵
  PID:2696
- C:\Windows\System\qloddaj.exe
  C:\Windows\System\qloddaj.exe
  2⤵
  PID:6388
- C:\Windows\System\jhUirAn.exe
  C:\Windows\System\jhUirAn.exe
  2⤵
  PID:6912
- C:\Windows\System\GoftGnL.exe
  C:\Windows\System\GoftGnL.exe
  2⤵
  PID:6588
- C:\Windows\System\FipvkYz.exe
  C:\Windows\System\FipvkYz.exe
  2⤵
  PID:6416
- C:\Windows\System\ciZXHpw.exe
  C:\Windows\System\ciZXHpw.exe
  2⤵
  PID:7196
- C:\Windows\System\QzKqPzR.exe
  C:\Windows\System\QzKqPzR.exe
  2⤵
  PID:7212
- C:\Windows\System\qVPgjFS.exe
  C:\Windows\System\qVPgjFS.exe
  2⤵
  PID:7252
- C:\Windows\System\FERbuLO.exe
  C:\Windows\System\FERbuLO.exe
  2⤵
  PID:7268
- C:\Windows\System\aRtYQXl.exe
  C:\Windows\System\aRtYQXl.exe
  2⤵
  PID:7308
- C:\Windows\System\eqlvVMX.exe
  C:\Windows\System\eqlvVMX.exe
  2⤵
  PID:7332
- C:\Windows\System\TCeZUvt.exe
  C:\Windows\System\TCeZUvt.exe
  2⤵
  PID:7376
- C:\Windows\System\SkfiFIN.exe
  C:\Windows\System\SkfiFIN.exe
  2⤵
  PID:7404
- C:\Windows\System\EaYAqie.exe
  C:\Windows\System\EaYAqie.exe
  2⤵
  PID:7428
- C:\Windows\System\bmGUDvg.exe
  C:\Windows\System\bmGUDvg.exe
  2⤵
  PID:7460
- C:\Windows\System\gsapYRZ.exe
  C:\Windows\System\gsapYRZ.exe
  2⤵
  PID:7488
- C:\Windows\System\CixbVlM.exe
  C:\Windows\System\CixbVlM.exe
  2⤵
  PID:7516
- C:\Windows\System\BwftNvz.exe
  C:\Windows\System\BwftNvz.exe
  2⤵
  PID:7560
- C:\Windows\System\QnpXTRf.exe
  C:\Windows\System\QnpXTRf.exe
  2⤵
  PID:7588
- C:\Windows\System\FdGBxUA.exe
  C:\Windows\System\FdGBxUA.exe
  2⤵
  PID:7616
- C:\Windows\System\UBiGguv.exe
  C:\Windows\System\UBiGguv.exe
  2⤵
  PID:7648
- C:\Windows\System\hjezvca.exe
  C:\Windows\System\hjezvca.exe
  2⤵
  PID:7676
- C:\Windows\System\KxefLWE.exe
  C:\Windows\System\KxefLWE.exe
  2⤵
  PID:7700
- C:\Windows\System\ogFoWla.exe
  C:\Windows\System\ogFoWla.exe
  2⤵
  PID:7720
- C:\Windows\System\DhQGmgp.exe
  C:\Windows\System\DhQGmgp.exe
  2⤵
  PID:7752
- C:\Windows\System\YeVQoxS.exe
  C:\Windows\System\YeVQoxS.exe
  2⤵
  PID:7784
- C:\Windows\System\jsWLAYd.exe
  C:\Windows\System\jsWLAYd.exe
  2⤵
  PID:7812
- C:\Windows\System\inlXEvN.exe
  C:\Windows\System\inlXEvN.exe
  2⤵
  PID:7844
- C:\Windows\System\NpttBhN.exe
  C:\Windows\System\NpttBhN.exe
  2⤵
  PID:7860
- C:\Windows\System\whWOvYA.exe
  C:\Windows\System\whWOvYA.exe
  2⤵
  PID:7888
- C:\Windows\System\NYBFAMv.exe
  C:\Windows\System\NYBFAMv.exe
  2⤵
  PID:7916
- C:\Windows\System\VBlGbSr.exe
  C:\Windows\System\VBlGbSr.exe
  2⤵
  PID:7944
- C:\Windows\System\LOeIsie.exe
  C:\Windows\System\LOeIsie.exe
  2⤵
  PID:7972
- C:\Windows\System\TcqbKgF.exe
  C:\Windows\System\TcqbKgF.exe
  2⤵
  PID:8012
- C:\Windows\System\RlkXSaG.exe
  C:\Windows\System\RlkXSaG.exe
  2⤵
  PID:8044
- C:\Windows\System\DDaWmFC.exe
  C:\Windows\System\DDaWmFC.exe
  2⤵
  PID:8072
- C:\Windows\System\HIkoqsw.exe
  C:\Windows\System\HIkoqsw.exe
  2⤵
  PID:8112
- C:\Windows\System\gnVjWPG.exe
  C:\Windows\System\gnVjWPG.exe
  2⤵
  PID:8152
- C:\Windows\System\KAkOSkQ.exe
  C:\Windows\System\KAkOSkQ.exe
  2⤵
  PID:8184
- C:\Windows\System\dSwQIzX.exe
  C:\Windows\System\dSwQIzX.exe
  2⤵
  PID:7204
- C:\Windows\System\EwmXvHF.exe
  C:\Windows\System\EwmXvHF.exe
  2⤵
  PID:7248
- C:\Windows\System\VkfonSH.exe
  C:\Windows\System\VkfonSH.exe
  2⤵
  PID:7328
- C:\Windows\System\BGNgHok.exe
  C:\Windows\System\BGNgHok.exe
  2⤵
  PID:7416
- C:\Windows\System\BpAkjjk.exe
  C:\Windows\System\BpAkjjk.exe
  2⤵
  PID:7476
- C:\Windows\System\CwwaIUc.exe
  C:\Windows\System\CwwaIUc.exe
  2⤵
  PID:4604
- C:\Windows\System\lCueBSE.exe
  C:\Windows\System\lCueBSE.exe
  2⤵
  PID:5724
- C:\Windows\System\vkUEfzA.exe
  C:\Windows\System\vkUEfzA.exe
  2⤵
  PID:5712
- C:\Windows\System\HBpchIl.exe
  C:\Windows\System\HBpchIl.exe
  2⤵
  PID:7600
- C:\Windows\System\hnODqBb.exe
  C:\Windows\System\hnODqBb.exe
  2⤵
  PID:7672
- C:\Windows\System\wfgzcbd.exe
  C:\Windows\System\wfgzcbd.exe
  2⤵
  PID:7732
- C:\Windows\System\PIxYCOT.exe
  C:\Windows\System\PIxYCOT.exe
  2⤵
  PID:7796
- C:\Windows\System\XWWGZdg.exe
  C:\Windows\System\XWWGZdg.exe
  2⤵
  PID:7856
- C:\Windows\System\EisyCsQ.exe
  C:\Windows\System\EisyCsQ.exe
  2⤵
  PID:7940
- C:\Windows\System\nNcfAFn.exe
  C:\Windows\System\nNcfAFn.exe
  2⤵
  PID:7984
- C:\Windows\System\UfYchbV.exe
  C:\Windows\System\UfYchbV.exe
  2⤵
  PID:8056
- C:\Windows\System\WAuAtMh.exe
  C:\Windows\System\WAuAtMh.exe
  2⤵
  PID:568
- C:\Windows\System\AgCzvwf.exe
  C:\Windows\System\AgCzvwf.exe
  2⤵
  PID:8164
- C:\Windows\System\fgMMfla.exe
  C:\Windows\System\fgMMfla.exe
  2⤵
  PID:7232
- C:\Windows\System\aGRBogy.exe
  C:\Windows\System\aGRBogy.exe
  2⤵
  PID:7388
- C:\Windows\System\LaBNhvr.exe
  C:\Windows\System\LaBNhvr.exe
  2⤵
  PID:2268
- C:\Windows\System\QHDozqe.exe
  C:\Windows\System\QHDozqe.exe
  2⤵
  PID:5764
- C:\Windows\System\oQypIRK.exe
  C:\Windows\System\oQypIRK.exe
  2⤵
  PID:1300
- C:\Windows\System\NesRUee.exe
  C:\Windows\System\NesRUee.exe
  2⤵
  PID:7716
- C:\Windows\System\fWDOenA.exe
  C:\Windows\System\fWDOenA.exe
  2⤵
  PID:7832
- C:\Windows\System\vwTWCAu.exe
  C:\Windows\System\vwTWCAu.exe
  2⤵
  PID:4624
- C:\Windows\System\IEDKbfI.exe
  C:\Windows\System\IEDKbfI.exe
  2⤵
  PID:8084
- C:\Windows\System\KARYXsg.exe
  C:\Windows\System\KARYXsg.exe
  2⤵
  PID:5924
- C:\Windows\System\dzRZhRJ.exe
  C:\Windows\System\dzRZhRJ.exe
  2⤵
  PID:7504
- C:\Windows\System\AjoLgmk.exe
  C:\Windows\System\AjoLgmk.exe
  2⤵
  PID:7708
- C:\Windows\System\hKajhTP.exe
  C:\Windows\System\hKajhTP.exe
  2⤵
  PID:8024
- C:\Windows\System\FTQOsRV.exe
  C:\Windows\System\FTQOsRV.exe
  2⤵
  PID:7468
- C:\Windows\System\poMKJyz.exe
  C:\Windows\System\poMKJyz.exe
  2⤵
  PID:7824
- C:\Windows\System\GcAjZmI.exe
  C:\Windows\System\GcAjZmI.exe
  2⤵
  PID:8196
- C:\Windows\System\BnEmBpr.exe
  C:\Windows\System\BnEmBpr.exe
  2⤵
  PID:8228
- C:\Windows\System\pCScPOi.exe
  C:\Windows\System\pCScPOi.exe
  2⤵
  PID:8260
- C:\Windows\System\jzrYolY.exe
  C:\Windows\System\jzrYolY.exe
  2⤵
  PID:8288
- C:\Windows\System\kQsMroV.exe
  C:\Windows\System\kQsMroV.exe
  2⤵
  PID:8304
- C:\Windows\System\BOiVUqX.exe
  C:\Windows\System\BOiVUqX.exe
  2⤵
  PID:8328
- C:\Windows\System\lGBWwra.exe
  C:\Windows\System\lGBWwra.exe
  2⤵
  PID:8372
- C:\Windows\System\yIeIcWC.exe
  C:\Windows\System\yIeIcWC.exe
  2⤵
  PID:8392
- C:\Windows\System\RbfqUUA.exe
  C:\Windows\System\RbfqUUA.exe
  2⤵
  PID:8420
- C:\Windows\System\dMyHrpj.exe
  C:\Windows\System\dMyHrpj.exe
  2⤵
  PID:8456
- C:\Windows\System\XPwDxBt.exe
  C:\Windows\System\XPwDxBt.exe
  2⤵
  PID:8488
- C:\Windows\System\UZOkOTf.exe
  C:\Windows\System\UZOkOTf.exe
  2⤵
  PID:8516
- C:\Windows\System\YednftL.exe
  C:\Windows\System\YednftL.exe
  2⤵
  PID:8548
- C:\Windows\System\FLQAsGY.exe
  C:\Windows\System\FLQAsGY.exe
  2⤵
  PID:8568
- C:\Windows\System\wCPwjNG.exe
  C:\Windows\System\wCPwjNG.exe
  2⤵
  PID:8596
- C:\Windows\System\nywbiJI.exe
  C:\Windows\System\nywbiJI.exe
  2⤵
  PID:8624
- C:\Windows\System\mATXEev.exe
  C:\Windows\System\mATXEev.exe
  2⤵
  PID:8648
- C:\Windows\System\VJEIXlH.exe
  C:\Windows\System\VJEIXlH.exe
  2⤵
  PID:8680
- C:\Windows\System\TSPrZIi.exe
  C:\Windows\System\TSPrZIi.exe
  2⤵
  PID:8708
- C:\Windows\System\GfMzuib.exe
  C:\Windows\System\GfMzuib.exe
  2⤵
  PID:8744
- C:\Windows\System\PFJzKZv.exe
  C:\Windows\System\PFJzKZv.exe
  2⤵
  PID:8796
- C:\Windows\System\JpKQAhi.exe
  C:\Windows\System\JpKQAhi.exe
  2⤵
  PID:8824
- C:\Windows\System\RxUJmnM.exe
  C:\Windows\System\RxUJmnM.exe
  2⤵
  PID:8868
- C:\Windows\System\nAClFWA.exe
  C:\Windows\System\nAClFWA.exe
  2⤵
  PID:8896
- C:\Windows\System\bGLWfTC.exe
  C:\Windows\System\bGLWfTC.exe
  2⤵
  PID:8928
- C:\Windows\System\CmSBGJR.exe
  C:\Windows\System\CmSBGJR.exe
  2⤵
  PID:8956
- C:\Windows\System\aAHzgmO.exe
  C:\Windows\System\aAHzgmO.exe
  2⤵
  PID:8976
- C:\Windows\System\HqOoXkH.exe
  C:\Windows\System\HqOoXkH.exe
  2⤵
  PID:9012
- C:\Windows\System\PAZMnir.exe
  C:\Windows\System\PAZMnir.exe
  2⤵
  PID:9036
- C:\Windows\System\ogqfJbi.exe
  C:\Windows\System\ogqfJbi.exe
  2⤵
  PID:9064
- C:\Windows\System\jCLOZui.exe
  C:\Windows\System\jCLOZui.exe
  2⤵
  PID:9096
- C:\Windows\System\OtIpuRg.exe
  C:\Windows\System\OtIpuRg.exe
  2⤵
  PID:9116
- C:\Windows\System\GATpgaf.exe
  C:\Windows\System\GATpgaf.exe
  2⤵
  PID:9160
- C:\Windows\System\LyZxody.exe
  C:\Windows\System\LyZxody.exe
  2⤵
  PID:9176
- C:\Windows\System\wYKFyph.exe
  C:\Windows\System\wYKFyph.exe
  2⤵
  PID:9212
- C:\Windows\System\hXFacLk.exe
  C:\Windows\System\hXFacLk.exe
  2⤵
  PID:8136
- C:\Windows\System\udEXqJF.exe
  C:\Windows\System\udEXqJF.exe
  2⤵
  PID:8268
- C:\Windows\System\LpugZqd.exe
  C:\Windows\System\LpugZqd.exe
  2⤵
  PID:8312
- C:\Windows\System\YwRpdka.exe
  C:\Windows\System\YwRpdka.exe
  2⤵
  PID:8404
- C:\Windows\System\unOgHJg.exe
  C:\Windows\System\unOgHJg.exe
  2⤵
  PID:6372
- C:\Windows\System\juYJmOT.exe
  C:\Windows\System\juYJmOT.exe
  2⤵
  PID:8500
- C:\Windows\System\QBAuHYH.exe
  C:\Windows\System\QBAuHYH.exe
  2⤵
  PID:8536
- C:\Windows\System\oASOCPg.exe
  C:\Windows\System\oASOCPg.exe
  2⤵
  PID:8592
- C:\Windows\System\npsDJlh.exe
  C:\Windows\System\npsDJlh.exe
  2⤵
  PID:8692
- C:\Windows\System\YugEPuS.exe
  C:\Windows\System\YugEPuS.exe
  2⤵
  PID:8736
- C:\Windows\System\aWmwNpG.exe
  C:\Windows\System\aWmwNpG.exe
  2⤵
  PID:8820
- C:\Windows\System\CyPabhd.exe
  C:\Windows\System\CyPabhd.exe
  2⤵
  PID:8096
- C:\Windows\System\fyVZZCL.exe
  C:\Windows\System\fyVZZCL.exe
  2⤵
  PID:8092
- C:\Windows\System\QCndAKf.exe
  C:\Windows\System\QCndAKf.exe
  2⤵
  PID:8964
- C:\Windows\System\WAiElaw.exe
  C:\Windows\System\WAiElaw.exe
  2⤵
  PID:8360
- C:\Windows\System\BZlsWow.exe
  C:\Windows\System\BZlsWow.exe
  2⤵
  PID:9072
- C:\Windows\System\WwfQXHa.exe
  C:\Windows\System\WwfQXHa.exe
  2⤵
  PID:984
- C:\Windows\System\hcRxzGD.exe
  C:\Windows\System\hcRxzGD.exe
  2⤵
  PID:9188
- C:\Windows\System\HLsunDv.exe
  C:\Windows\System\HLsunDv.exe
  2⤵
  PID:8224
- C:\Windows\System\QbmduSX.exe
  C:\Windows\System\QbmduSX.exe
  2⤵
  PID:8356
- C:\Windows\System\tyKxCmX.exe
  C:\Windows\System\tyKxCmX.exe
  2⤵
  PID:8476
- C:\Windows\System\ixlElHI.exe
  C:\Windows\System\ixlElHI.exe
  2⤵
  PID:8584
- C:\Windows\System\AvkAcmu.exe
  C:\Windows\System\AvkAcmu.exe
  2⤵
  PID:8720
- C:\Windows\System\BPqbvkc.exe
  C:\Windows\System\BPqbvkc.exe
  2⤵
  PID:8104
- C:\Windows\System\KNLFlge.exe
  C:\Windows\System\KNLFlge.exe
  2⤵
  PID:8988
- C:\Windows\System\ARWMPXy.exe
  C:\Windows\System\ARWMPXy.exe
  2⤵
  PID:9104
- C:\Windows\System\BJOTpSI.exe
  C:\Windows\System\BJOTpSI.exe
  2⤵
  PID:8296
- C:\Windows\System\ipJvQCZ.exe
  C:\Windows\System\ipJvQCZ.exe
  2⤵
  PID:1584
- C:\Windows\System\YToWSOI.exe
  C:\Windows\System\YToWSOI.exe
  2⤵
  PID:6256
- C:\Windows\System\ljPLEmh.exe
  C:\Windows\System\ljPLEmh.exe
  2⤵
  PID:9084
- C:\Windows\System\NJFyWCe.exe
  C:\Windows\System\NJFyWCe.exe
  2⤵
  PID:244
- C:\Windows\System\bKoMPyo.exe
  C:\Windows\System\bKoMPyo.exe
  2⤵
  PID:2568
- C:\Windows\System\PflqWrI.exe
  C:\Windows\System\PflqWrI.exe
  2⤵
  PID:9220
- C:\Windows\System\uCgDEau.exe
  C:\Windows\System\uCgDEau.exe
  2⤵
  PID:9252
- C:\Windows\System\VEklYvi.exe
  C:\Windows\System\VEklYvi.exe
  2⤵
  PID:9276
- C:\Windows\System\gXdJpac.exe
  C:\Windows\System\gXdJpac.exe
  2⤵
  PID:9308
- C:\Windows\System\BhIgcOH.exe
  C:\Windows\System\BhIgcOH.exe
  2⤵
  PID:9344
- C:\Windows\System\fslQhTV.exe
  C:\Windows\System\fslQhTV.exe
  2⤵
  PID:9368
- C:\Windows\System\qzTboBa.exe
  C:\Windows\System\qzTboBa.exe
  2⤵
  PID:9388
- C:\Windows\System\VGrobrN.exe
  C:\Windows\System\VGrobrN.exe
  2⤵
  PID:9416
- C:\Windows\System\BsHmMPP.exe
  C:\Windows\System\BsHmMPP.exe
  2⤵
  PID:9448
- C:\Windows\System\BAmmyuK.exe
  C:\Windows\System\BAmmyuK.exe
  2⤵
  PID:9480
- C:\Windows\System\PZadtFJ.exe
  C:\Windows\System\PZadtFJ.exe
  2⤵
  PID:9500
- C:\Windows\System\annaLTU.exe
  C:\Windows\System\annaLTU.exe
  2⤵
  PID:9532
- C:\Windows\System\vcDrOhz.exe
  C:\Windows\System\vcDrOhz.exe
  2⤵
  PID:9560
- C:\Windows\System\DiunIdu.exe
  C:\Windows\System\DiunIdu.exe
  2⤵
  PID:9604
- C:\Windows\System\DpWTErF.exe
  C:\Windows\System\DpWTErF.exe
  2⤵
  PID:9620
- C:\Windows\System\RfgeEGJ.exe
  C:\Windows\System\RfgeEGJ.exe
  2⤵
  PID:9656
- C:\Windows\System\kLSakIf.exe
  C:\Windows\System\kLSakIf.exe
  2⤵
  PID:9688
- C:\Windows\System\KdLvezo.exe
  C:\Windows\System\KdLvezo.exe
  2⤵
  PID:9716
- C:\Windows\System\NYmnWTd.exe
  C:\Windows\System\NYmnWTd.exe
  2⤵
  PID:9736
- C:\Windows\System\eoFvMDx.exe
  C:\Windows\System\eoFvMDx.exe
  2⤵
  PID:9764
- C:\Windows\System\pCuonYd.exe
  C:\Windows\System\pCuonYd.exe
  2⤵
  PID:9792
- C:\Windows\System\BQsvnxJ.exe
  C:\Windows\System\BQsvnxJ.exe
  2⤵
  PID:9824
- C:\Windows\System\GklEkTR.exe
  C:\Windows\System\GklEkTR.exe
  2⤵
  PID:9848
- C:\Windows\System\KFqffat.exe
  C:\Windows\System\KFqffat.exe
  2⤵
  PID:9880
- C:\Windows\System\qLOGeDe.exe
  C:\Windows\System\qLOGeDe.exe
  2⤵
  PID:9912
- C:\Windows\System\HAjjMKX.exe
  C:\Windows\System\HAjjMKX.exe
  2⤵
  PID:9932
- C:\Windows\System\QQrryQI.exe
  C:\Windows\System\QQrryQI.exe
  2⤵
  PID:9960
- C:\Windows\System\JuUwLOt.exe
  C:\Windows\System\JuUwLOt.exe
  2⤵
  PID:9996
- C:\Windows\System\AsfUmzd.exe
  C:\Windows\System\AsfUmzd.exe
  2⤵
  PID:10024
- C:\Windows\System\nStvuWv.exe
  C:\Windows\System\nStvuWv.exe
  2⤵
  PID:10048
- C:\Windows\System\ZtxkUbQ.exe
  C:\Windows\System\ZtxkUbQ.exe
  2⤵
  PID:10072
- C:\Windows\System\qsEAaLn.exe
  C:\Windows\System\qsEAaLn.exe
  2⤵
  PID:10100
- C:\Windows\System\VAbUOgW.exe
  C:\Windows\System\VAbUOgW.exe
  2⤵
  PID:10128
- C:\Windows\System\QXjJXYp.exe
  C:\Windows\System\QXjJXYp.exe
  2⤵
  PID:10156
- C:\Windows\System\BHuTrbf.exe
  C:\Windows\System\BHuTrbf.exe
  2⤵
  PID:10196
- C:\Windows\System\BeRXBFI.exe
  C:\Windows\System\BeRXBFI.exe
  2⤵
  PID:10220
- C:\Windows\System\hydpIoj.exe
  C:\Windows\System\hydpIoj.exe
  2⤵
  PID:9044
- C:\Windows\System\MYfPEHq.exe
  C:\Windows\System\MYfPEHq.exe
  2⤵
  PID:9288
- C:\Windows\System\SLmnpwl.exe
  C:\Windows\System\SLmnpwl.exe
  2⤵
  PID:9356
- C:\Windows\System\oGLQMAv.exe
  C:\Windows\System\oGLQMAv.exe
  2⤵
  PID:9412
- C:\Windows\System\OHCaxxd.exe
  C:\Windows\System\OHCaxxd.exe
  2⤵
  PID:9492
- C:\Windows\System\qiyMYHr.exe
  C:\Windows\System\qiyMYHr.exe
  2⤵
  PID:9544
- C:\Windows\System\gxMlHug.exe
  C:\Windows\System\gxMlHug.exe
  2⤵
  PID:9612
- C:\Windows\System\pVEpBKi.exe
  C:\Windows\System\pVEpBKi.exe
  2⤵
  PID:9684
- C:\Windows\System\SUKQUGG.exe
  C:\Windows\System\SUKQUGG.exe
  2⤵
  PID:9748
- C:\Windows\System\DjsfnNC.exe
  C:\Windows\System\DjsfnNC.exe
  2⤵
  PID:9812
- C:\Windows\System\bkPJFSq.exe
  C:\Windows\System\bkPJFSq.exe
  2⤵
  PID:9872
- C:\Windows\System\kraHank.exe
  C:\Windows\System\kraHank.exe
  2⤵
  PID:9928
- C:\Windows\System\AgxLqon.exe
  C:\Windows\System\AgxLqon.exe
  2⤵
  PID:10004
- C:\Windows\System\mViMaxh.exe
  C:\Windows\System\mViMaxh.exe
  2⤵
  PID:10056
- C:\Windows\System\QJXCPZi.exe
  C:\Windows\System\QJXCPZi.exe
  2⤵
  PID:10120
- C:\Windows\System\fmCVfEE.exe
  C:\Windows\System\fmCVfEE.exe
  2⤵
  PID:10184
- C:\Windows\System\csXWBAm.exe
  C:\Windows\System\csXWBAm.exe
  2⤵
  PID:9028
- C:\Windows\System\AwOlmXj.exe
  C:\Windows\System\AwOlmXj.exe
  2⤵
  PID:8464
- C:\Windows\System\lMAFMEU.exe
  C:\Windows\System\lMAFMEU.exe
  2⤵
  PID:9512
- C:\Windows\System\Gfbttkp.exe
  C:\Windows\System\Gfbttkp.exe
  2⤵
  PID:9640
- C:\Windows\System\PeZJKok.exe
  C:\Windows\System\PeZJKok.exe
  2⤵
  PID:9780
- C:\Windows\System\xAFHNKv.exe
  C:\Windows\System\xAFHNKv.exe
  2⤵
  PID:9896
- C:\Windows\System\QGjLLFr.exe
  C:\Windows\System\QGjLLFr.exe
  2⤵
  PID:9528
- C:\Windows\System\FuraEau.exe
  C:\Windows\System\FuraEau.exe
  2⤵
  PID:10176
- C:\Windows\System\lWVbeIt.exe
  C:\Windows\System\lWVbeIt.exe
  2⤵
  PID:9436
- C:\Windows\System\gQDPsKw.exe
  C:\Windows\System\gQDPsKw.exe
  2⤵
  PID:9700
- C:\Windows\System\GEEMqhp.exe
  C:\Windows\System\GEEMqhp.exe
  2⤵
  PID:452
- C:\Windows\System\EPeLzyM.exe
  C:\Windows\System\EPeLzyM.exe
  2⤵
  PID:4176
- C:\Windows\System\CpKooSb.exe
  C:\Windows\System\CpKooSb.exe
  2⤵
  PID:9732
- C:\Windows\System\WwZxVDr.exe
  C:\Windows\System\WwZxVDr.exe
  2⤵
  PID:9572
- C:\Windows\System\QhyBsQg.exe
  C:\Windows\System\QhyBsQg.exe
  2⤵
  PID:10248
- C:\Windows\System\wdMWBEi.exe
  C:\Windows\System\wdMWBEi.exe
  2⤵
  PID:10276
- C:\Windows\System\uDwSHdo.exe
  C:\Windows\System\uDwSHdo.exe
  2⤵
  PID:10304
- C:\Windows\System\LHcCXnl.exe
  C:\Windows\System\LHcCXnl.exe
  2⤵
  PID:10340
- C:\Windows\System\EQeFAMu.exe
  C:\Windows\System\EQeFAMu.exe
  2⤵
  PID:10368
- C:\Windows\System\nsrnPcD.exe
  C:\Windows\System\nsrnPcD.exe
  2⤵
  PID:10388
- C:\Windows\System\NWzYMsm.exe
  C:\Windows\System\NWzYMsm.exe
  2⤵
  PID:10424
- C:\Windows\System\TDJCkSS.exe
  C:\Windows\System\TDJCkSS.exe
  2⤵
  PID:10452
- C:\Windows\System\laEurRr.exe
  C:\Windows\System\laEurRr.exe
  2⤵
  PID:10472
- C:\Windows\System\GVBeyHO.exe
  C:\Windows\System\GVBeyHO.exe
  2⤵
  PID:10500
- C:\Windows\System\IKbxxXl.exe
  C:\Windows\System\IKbxxXl.exe
  2⤵
  PID:10536
- C:\Windows\System\TGBmpAb.exe
  C:\Windows\System\TGBmpAb.exe
  2⤵
  PID:10564
- C:\Windows\System\bJtrtES.exe
  C:\Windows\System\bJtrtES.exe
  2⤵
  PID:10592
- C:\Windows\System\vnpQkQa.exe
  C:\Windows\System\vnpQkQa.exe
  2⤵
  PID:10616
- C:\Windows\System\iJFxwwp.exe
  C:\Windows\System\iJFxwwp.exe
  2⤵
  PID:10648
- C:\Windows\System\iiXsRTq.exe
  C:\Windows\System\iiXsRTq.exe
  2⤵
  PID:10684
- C:\Windows\System\oVacUJf.exe
  C:\Windows\System\oVacUJf.exe
  2⤵
  PID:10708
- C:\Windows\System\oGpzofy.exe
  C:\Windows\System\oGpzofy.exe
  2⤵
  PID:10732
- C:\Windows\System\ZSYuHlO.exe
  C:\Windows\System\ZSYuHlO.exe
  2⤵
  PID:10760
- C:\Windows\System\nUCEEjK.exe
  C:\Windows\System\nUCEEjK.exe
  2⤵
  PID:10788
- C:\Windows\System\vLpdeVl.exe
  C:\Windows\System\vLpdeVl.exe
  2⤵
  PID:10828
- C:\Windows\System\RRmfofO.exe
  C:\Windows\System\RRmfofO.exe
  2⤵
  PID:10844
- C:\Windows\System\EHvsxiD.exe
  C:\Windows\System\EHvsxiD.exe
  2⤵
  PID:10880
- C:\Windows\System\IpczDNy.exe
  C:\Windows\System\IpczDNy.exe
  2⤵
  PID:10900
- C:\Windows\System\miALTts.exe
  C:\Windows\System\miALTts.exe
  2⤵
  PID:10936
- C:\Windows\System\YiosLaP.exe
  C:\Windows\System\YiosLaP.exe
  2⤵
  PID:10956
- C:\Windows\System\MMooCaL.exe
  C:\Windows\System\MMooCaL.exe
  2⤵
  PID:10984
- C:\Windows\System\TbGsJmN.exe
  C:\Windows\System\TbGsJmN.exe
  2⤵
  PID:11012
- C:\Windows\System\BQTozUb.exe
  C:\Windows\System\BQTozUb.exe
  2⤵
  PID:11044
- C:\Windows\System\SfGMHtc.exe
  C:\Windows\System\SfGMHtc.exe
  2⤵
  PID:11068
- C:\Windows\System\zAgmxiN.exe
  C:\Windows\System\zAgmxiN.exe
  2⤵
  PID:11096
- C:\Windows\System\eZHBSTm.exe
  C:\Windows\System\eZHBSTm.exe
  2⤵
  PID:11132
- C:\Windows\System\enSYawg.exe
  C:\Windows\System\enSYawg.exe
  2⤵
  PID:11160
- C:\Windows\System\HITvAwK.exe
  C:\Windows\System\HITvAwK.exe
  2⤵
  PID:11188
- C:\Windows\System\eeGMIhe.exe
  C:\Windows\System\eeGMIhe.exe
  2⤵
  PID:11216
- C:\Windows\System\IoJtqqG.exe
  C:\Windows\System\IoJtqqG.exe
  2⤵
  PID:11244
- C:\Windows\System\MSCNPyL.exe
  C:\Windows\System\MSCNPyL.exe
  2⤵
  PID:10260
- C:\Windows\System\ezliOSh.exe
  C:\Windows\System\ezliOSh.exe
  2⤵
  PID:10328
- C:\Windows\System\AoQSfCf.exe
  C:\Windows\System\AoQSfCf.exe
  2⤵
  PID:10400
- C:\Windows\System\ZbaJjyR.exe
  C:\Windows\System\ZbaJjyR.exe
  2⤵
  PID:10492
- C:\Windows\System\CLGpSgT.exe
  C:\Windows\System\CLGpSgT.exe
  2⤵
  PID:10548
- C:\Windows\System\amaqVee.exe
  C:\Windows\System\amaqVee.exe
  2⤵
  PID:10572
- C:\Windows\System\mDBZTKI.exe
  C:\Windows\System\mDBZTKI.exe
  2⤵
  PID:10636
- C:\Windows\System\pWOYOta.exe
  C:\Windows\System\pWOYOta.exe
  2⤵
  PID:10716
- C:\Windows\System\pEhASEf.exe
  C:\Windows\System\pEhASEf.exe
  2⤵
  PID:5232
- C:\Windows\System\hcHRSoK.exe
  C:\Windows\System\hcHRSoK.exe
  2⤵
  PID:10808
- C:\Windows\System\lAgKeWK.exe
  C:\Windows\System\lAgKeWK.exe
  2⤵
  PID:10888
- C:\Windows\System\JKtUpXr.exe
  C:\Windows\System\JKtUpXr.exe
  2⤵
  PID:10920
- C:\Windows\System\RKVStff.exe
  C:\Windows\System\RKVStff.exe
  2⤵
  PID:10996
- C:\Windows\System\cRxIvJt.exe
  C:\Windows\System\cRxIvJt.exe
  2⤵
  PID:11052
- C:\Windows\System\wGBMDIB.exe
  C:\Windows\System\wGBMDIB.exe
  2⤵
  PID:2232
- C:\Windows\System\luwxcoa.exe
  C:\Windows\System\luwxcoa.exe
  2⤵
  PID:11184
- C:\Windows\System\aRBunVq.exe
  C:\Windows\System\aRBunVq.exe
  2⤵
  PID:11208
- C:\Windows\System\vzZqYml.exe
  C:\Windows\System\vzZqYml.exe
  2⤵
  PID:11240
- C:\Windows\System\OyrJgYY.exe
  C:\Windows\System\OyrJgYY.exe
  2⤵
  PID:10356
- C:\Windows\System\DrrISMB.exe
  C:\Windows\System\DrrISMB.exe
  2⤵
  PID:10512
- C:\Windows\System\aGgSBFY.exe
  C:\Windows\System\aGgSBFY.exe
  2⤵
  PID:10672
- C:\Windows\System\cJfiGta.exe
  C:\Windows\System\cJfiGta.exe
  2⤵
  PID:10800
- C:\Windows\System\QOFzdVq.exe
  C:\Windows\System\QOFzdVq.exe
  2⤵
  PID:10948
- C:\Windows\System\mAOSunV.exe
  C:\Windows\System\mAOSunV.exe
  2⤵
  PID:1580
- C:\Windows\System\ZcFHgrb.exe
  C:\Windows\System\ZcFHgrb.exe
  2⤵
  PID:5632
- C:\Windows\System\QQEbVyp.exe
  C:\Windows\System\QQEbVyp.exe
  2⤵
  PID:5580
- C:\Windows\System\smMScCY.exe
  C:\Windows\System\smMScCY.exe
  2⤵
  PID:10324
- C:\Windows\System\PThHsfo.exe
  C:\Windows\System\PThHsfo.exe
  2⤵
  PID:10468
- C:\Windows\System\KoYxypj.exe
  C:\Windows\System\KoYxypj.exe
  2⤵
  PID:10840
- C:\Windows\System\JTtNsxJ.exe
  C:\Windows\System\JTtNsxJ.exe
  2⤵
  PID:1256
- C:\Windows\System\npfCwKh.exe
  C:\Windows\System\npfCwKh.exe
  2⤵
  PID:11236
- C:\Windows\System\jQPACce.exe
  C:\Windows\System\jQPACce.exe
  2⤵
  PID:10772
- C:\Windows\System\bdXInpG.exe
  C:\Windows\System\bdXInpG.exe
  2⤵
  PID:10460
- C:\Windows\System\rEaTgDo.exe
  C:\Windows\System\rEaTgDo.exe
  2⤵
  PID:11268
- C:\Windows\System\dizhIlj.exe
  C:\Windows\System\dizhIlj.exe
  2⤵
  PID:11292
- C:\Windows\System\qjqxFxN.exe
  C:\Windows\System\qjqxFxN.exe
  2⤵
  PID:11320
- C:\Windows\System\uNiqzkc.exe
  C:\Windows\System\uNiqzkc.exe
  2⤵
  PID:11348
- C:\Windows\System\zLNUdKN.exe
  C:\Windows\System\zLNUdKN.exe
  2⤵
  PID:11380
- C:\Windows\System\nOhQLTz.exe
  C:\Windows\System\nOhQLTz.exe
  2⤵
  PID:11420
- C:\Windows\System\fAZJuon.exe
  C:\Windows\System\fAZJuon.exe
  2⤵
  PID:11436
- C:\Windows\System\bSrMUjE.exe
  C:\Windows\System\bSrMUjE.exe
  2⤵
  PID:11468
- C:\Windows\System\NxSqJLt.exe
  C:\Windows\System\NxSqJLt.exe
  2⤵
  PID:11500
- C:\Windows\System\WpbztEa.exe
  C:\Windows\System\WpbztEa.exe
  2⤵
  PID:11520
- C:\Windows\System\LQxYnuA.exe
  C:\Windows\System\LQxYnuA.exe
  2⤵
  PID:11548
- C:\Windows\System\GJXmgjY.exe
  C:\Windows\System\GJXmgjY.exe
  2⤵
  PID:11580
- C:\Windows\System\HmWcAJY.exe
  C:\Windows\System\HmWcAJY.exe
  2⤵
  PID:11616
- C:\Windows\System\aOoNPRr.exe
  C:\Windows\System\aOoNPRr.exe
  2⤵
  PID:11640
- C:\Windows\System\wsoAGyh.exe
  C:\Windows\System\wsoAGyh.exe
  2⤵
  PID:11672
- C:\Windows\System\mGIcLJB.exe
  C:\Windows\System\mGIcLJB.exe
  2⤵
  PID:11704
- C:\Windows\System\fcBixos.exe
  C:\Windows\System\fcBixos.exe
  2⤵
  PID:11728
- C:\Windows\System\KuPxqfP.exe
  C:\Windows\System\KuPxqfP.exe
  2⤵
  PID:11756
- C:\Windows\System\rXGQiSm.exe
  C:\Windows\System\rXGQiSm.exe
  2⤵
  PID:11784
- C:\Windows\System\wbVCSLi.exe
  C:\Windows\System\wbVCSLi.exe
  2⤵
  PID:11816
- C:\Windows\System\ZPdxjbK.exe
  C:\Windows\System\ZPdxjbK.exe
  2⤵
  PID:11848
- C:\Windows\System\klWqABk.exe
  C:\Windows\System\klWqABk.exe
  2⤵
  PID:11868
- C:\Windows\System\PevRBPB.exe
  C:\Windows\System\PevRBPB.exe
  2⤵
  PID:11896
- C:\Windows\System\qUjjqHq.exe
  C:\Windows\System\qUjjqHq.exe
  2⤵
  PID:11928
- C:\Windows\System\GdQvhYL.exe
  C:\Windows\System\GdQvhYL.exe
  2⤵
  PID:11956
- C:\Windows\System\IqWABUf.exe
  C:\Windows\System\IqWABUf.exe
  2⤵
  PID:11988
- C:\Windows\System\tUuHlbP.exe
  C:\Windows\System\tUuHlbP.exe
  2⤵
  PID:12020
- C:\Windows\System\elvODWq.exe
  C:\Windows\System\elvODWq.exe
  2⤵
  PID:12052
- C:\Windows\System\rqztfut.exe
  C:\Windows\System\rqztfut.exe
  2⤵
  PID:12072
- C:\Windows\System\QmGgnql.exe
  C:\Windows\System\QmGgnql.exe
  2⤵
  PID:12100
- C:\Windows\System\cbIumVF.exe
  C:\Windows\System\cbIumVF.exe
  2⤵
  PID:12128
- C:\Windows\System\EtchjHR.exe
  C:\Windows\System\EtchjHR.exe
  2⤵
  PID:12156
- C:\Windows\System\MmCjOFY.exe
  C:\Windows\System\MmCjOFY.exe
  2⤵
  PID:12184
- C:\Windows\System\BXztuYD.exe
  C:\Windows\System\BXztuYD.exe
  2⤵
  PID:12216
- C:\Windows\System\cxgwxkP.exe
  C:\Windows\System\cxgwxkP.exe
  2⤵
  PID:12248
- C:\Windows\System\eUsmSud.exe
  C:\Windows\System\eUsmSud.exe
  2⤵
  PID:12280
- C:\Windows\System\zmjZZYr.exe
  C:\Windows\System\zmjZZYr.exe
  2⤵
  PID:11312
- C:\Windows\System\HHDTQYP.exe
  C:\Windows\System\HHDTQYP.exe
  2⤵
  PID:11416
- C:\Windows\System\Goftqhp.exe
  C:\Windows\System\Goftqhp.exe
  2⤵
  PID:11488
- C:\Windows\System\ACyEZJF.exe
  C:\Windows\System\ACyEZJF.exe
  2⤵
  PID:11532
- C:\Windows\System\WUcTXpP.exe
  C:\Windows\System\WUcTXpP.exe
  2⤵
  PID:11588
- C:\Windows\System\lentAEE.exe
  C:\Windows\System\lentAEE.exe
  2⤵
  PID:11684
- C:\Windows\System\hYXmDMx.exe
  C:\Windows\System\hYXmDMx.exe
  2⤵
  PID:11556
- C:\Windows\System\wqflvqG.exe
  C:\Windows\System\wqflvqG.exe
  2⤵
  PID:11780
- C:\Windows\System\itFEbEm.exe
  C:\Windows\System\itFEbEm.exe
  2⤵
  PID:11856
- C:\Windows\System\pQCYggB.exe
  C:\Windows\System\pQCYggB.exe
  2⤵
  PID:11888
- C:\Windows\System\CSJBeJC.exe
  C:\Windows\System\CSJBeJC.exe
  2⤵
  PID:11968
- C:\Windows\System\ZixWlRw.exe
  C:\Windows\System\ZixWlRw.exe
  2⤵
  PID:12028
- C:\Windows\System\zNyrwXT.exe
  C:\Windows\System\zNyrwXT.exe
  2⤵
  PID:12068
- C:\Windows\System\ZkeMnUz.exe
  C:\Windows\System\ZkeMnUz.exe
  2⤵
  PID:12140
- C:\Windows\System\eHqTHxy.exe
  C:\Windows\System\eHqTHxy.exe
  2⤵
  PID:1644
- C:\Windows\System\wQaNcZD.exe
  C:\Windows\System\wQaNcZD.exe
  2⤵
  PID:1252
- C:\Windows\System\JQSQoRP.exe
  C:\Windows\System\JQSQoRP.exe
  2⤵
  PID:12276
- C:\Windows\System\PHXbXdY.exe
  C:\Windows\System\PHXbXdY.exe
  2⤵
  PID:4092
- C:\Windows\System\DTattkQ.exe
  C:\Windows\System\DTattkQ.exe
  2⤵
  PID:11484
- C:\Windows\System\ExQUuAS.exe
  C:\Windows\System\ExQUuAS.exe
  2⤵
  PID:1472
- C:\Windows\System\AXjlMbJ.exe
  C:\Windows\System\AXjlMbJ.exe
  2⤵
  PID:11696
- C:\Windows\System\hCefwjH.exe
  C:\Windows\System\hCefwjH.exe
  2⤵
  PID:11392
- C:\Windows\System\purMatV.exe
  C:\Windows\System\purMatV.exe
  2⤵
  PID:2072
- C:\Windows\System\syfsRrx.exe
  C:\Windows\System\syfsRrx.exe
  2⤵
  PID:11904
- C:\Windows\System\jWUGeEv.exe
  C:\Windows\System\jWUGeEv.exe
  2⤵
  PID:12180
- C:\Windows\System\qPfjlub.exe
  C:\Windows\System\qPfjlub.exe
  2⤵
  PID:12192
- C:\Windows\System\CdRFmVO.exe
  C:\Windows\System\CdRFmVO.exe
  2⤵
  PID:4316
- C:\Windows\System\PXudhOf.exe
  C:\Windows\System\PXudhOf.exe
  2⤵
  PID:556
- C:\Windows\System\zqpiPuW.exe
  C:\Windows\System\zqpiPuW.exe
  2⤵
  PID:4060
- C:\Windows\System\nIoeufa.exe
  C:\Windows\System\nIoeufa.exe
  2⤵
  PID:12124
- C:\Windows\System\jLZABqp.exe
  C:\Windows\System\jLZABqp.exe
  2⤵
  PID:1036
- C:\Windows\System\ykACPdL.exe
  C:\Windows\System\ykACPdL.exe
  2⤵
  PID:11664
- C:\Windows\System\JLHAewQ.exe
  C:\Windows\System\JLHAewQ.exe
  2⤵
  PID:11808
- C:\Windows\System\KOOeUjK.exe
  C:\Windows\System\KOOeUjK.exe
  2⤵
  PID:852
- C:\Windows\System\maMctoB.exe
  C:\Windows\System\maMctoB.exe
  2⤵
  PID:4892
- C:\Windows\System\lsXrrCy.exe
  C:\Windows\System\lsXrrCy.exe
  2⤵
  PID:3068
- C:\Windows\System\lBfgniX.exe
  C:\Windows\System\lBfgniX.exe
  2⤵
  PID:4984
- C:\Windows\System\mNWebEo.exe
  C:\Windows\System\mNWebEo.exe
  2⤵
  PID:5916
- C:\Windows\System\eClkAMy.exe
  C:\Windows\System\eClkAMy.exe
  2⤵
  PID:5084
- C:\Windows\System\fAzndLq.exe
  C:\Windows\System\fAzndLq.exe
  2⤵
  PID:3928
- C:\Windows\System\caezzeF.exe
  C:\Windows\System\caezzeF.exe
  2⤵
  PID:4136
- C:\Windows\System\rrSVRMp.exe
  C:\Windows\System\rrSVRMp.exe
  2⤵
  PID:696
- C:\Windows\System\MGVoBBn.exe
  C:\Windows\System\MGVoBBn.exe
  2⤵
  PID:12008
- C:\Windows\System\dGNgvwl.exe
  C:\Windows\System\dGNgvwl.exe
  2⤵
  PID:1988
- C:\Windows\System\ldQxvjp.exe
  C:\Windows\System\ldQxvjp.exe
  2⤵
  PID:11948
- C:\Windows\System\CPoGgAk.exe
  C:\Windows\System\CPoGgAk.exe
  2⤵
  PID:12224
- C:\Windows\System\HhrLcmq.exe
  C:\Windows\System\HhrLcmq.exe
  2⤵
  PID:11400
- C:\Windows\System\FrOxKCq.exe
  C:\Windows\System\FrOxKCq.exe
  2⤵
  PID:4972
- C:\Windows\System\egNUCjk.exe
  C:\Windows\System\egNUCjk.exe
  2⤵
  PID:3908
- C:\Windows\System\iunmmqe.exe
  C:\Windows\System\iunmmqe.exe
  2⤵
  PID:824
- C:\Windows\System\tABuutz.exe
  C:\Windows\System\tABuutz.exe
  2⤵
  PID:5904
- C:\Windows\System\IpNevVh.exe
  C:\Windows\System\IpNevVh.exe
  2⤵
  PID:5976
- C:\Windows\System\lujWJUI.exe
  C:\Windows\System\lujWJUI.exe
  2⤵
  PID:1872
- C:\Windows\System\FrwtCXn.exe
  C:\Windows\System\FrwtCXn.exe
  2⤵
  PID:4576
- C:\Windows\System\KsLmrbE.exe
  C:\Windows\System\KsLmrbE.exe
  2⤵
  PID:6084
- C:\Windows\System\hbHLwNH.exe
  C:\Windows\System\hbHLwNH.exe
  2⤵
  PID:440
- C:\Windows\System\chpAlef.exe
  C:\Windows\System\chpAlef.exe
  2⤵
  PID:2264
- C:\Windows\System\wTvamhl.exe
  C:\Windows\System\wTvamhl.exe
  2⤵
  PID:2756
- C:\Windows\System\nZvXCId.exe
  C:\Windows\System\nZvXCId.exe
  2⤵
  PID:5144
- C:\Windows\System\xtBvfGr.exe
  C:\Windows\System\xtBvfGr.exe
  2⤵
  PID:5212
- C:\Windows\System\qsAsjse.exe
  C:\Windows\System\qsAsjse.exe
  2⤵
  PID:12304
- C:\Windows\System\xZxYKyF.exe
  C:\Windows\System\xZxYKyF.exe
  2⤵
  PID:12340
- C:\Windows\System\VUQlPIw.exe
  C:\Windows\System\VUQlPIw.exe
  2⤵
  PID:12368
- C:\Windows\System\KgSpLVB.exe
  C:\Windows\System\KgSpLVB.exe
  2⤵
  PID:12388
- C:\Windows\System\ComtIhw.exe
  C:\Windows\System\ComtIhw.exe
  2⤵
  PID:12416
- C:\Windows\System\FTqrhop.exe
  C:\Windows\System\FTqrhop.exe
  2⤵
  PID:12444
- C:\Windows\System\eVpakWa.exe
  C:\Windows\System\eVpakWa.exe
  2⤵
  PID:12472
- C:\Windows\System\pcZSfFP.exe
  C:\Windows\System\pcZSfFP.exe
  2⤵
  PID:12500
- C:\Windows\System\WWGNqyx.exe
  C:\Windows\System\WWGNqyx.exe
  2⤵
  PID:12536
- C:\Windows\System\lWSziDD.exe
  C:\Windows\System\lWSziDD.exe
  2⤵
  PID:12556
- C:\Windows\System\aPuyTDD.exe
  C:\Windows\System\aPuyTDD.exe
  2⤵
  PID:12592
- C:\Windows\System\roWITCv.exe
  C:\Windows\System\roWITCv.exe
  2⤵
  PID:12612
- C:\Windows\System\phoFBKs.exe
  C:\Windows\System\phoFBKs.exe
  2⤵
  PID:12648
- C:\Windows\System\ULpRsxY.exe
  C:\Windows\System\ULpRsxY.exe
  2⤵
  PID:12668
- C:\Windows\System\dynJueo.exe
  C:\Windows\System\dynJueo.exe
  2⤵
  PID:12696
- C:\Windows\System\mYjnPbu.exe
  C:\Windows\System\mYjnPbu.exe
  2⤵
  PID:12728
- C:\Windows\System\aFwwRej.exe
  C:\Windows\System\aFwwRej.exe
  2⤵
  PID:12756
- C:\Windows\System\zYAjoyn.exe
  C:\Windows\System\zYAjoyn.exe
  2⤵
  PID:12784
- C:\Windows\System\WcwvqAE.exe
  C:\Windows\System\WcwvqAE.exe
  2⤵
  PID:12812
- C:\Windows\System\EVTchao.exe
  C:\Windows\System\EVTchao.exe
  2⤵
  PID:12840
- C:\Windows\System\fHGYoxL.exe
  C:\Windows\System\fHGYoxL.exe
  2⤵
  PID:12872
- C:\Windows\System\nJPilTW.exe
  C:\Windows\System\nJPilTW.exe
  2⤵
  PID:12900
- C:\Windows\System\Dclwsme.exe
  C:\Windows\System\Dclwsme.exe
  2⤵
  PID:12924
- C:\Windows\System\gqaiwzB.exe
  C:\Windows\System\gqaiwzB.exe
  2⤵
  PID:12952
- C:\Windows\System\eZdsMRf.exe
  C:\Windows\System\eZdsMRf.exe
  2⤵
  PID:12980
- C:\Windows\System\FkgUOAc.exe
  C:\Windows\System\FkgUOAc.exe
  2⤵
  PID:13012
- C:\Windows\System\gqeOYyy.exe
  C:\Windows\System\gqeOYyy.exe
  2⤵
  PID:13036
- C:\Windows\System\VjlnAyZ.exe
  C:\Windows\System\VjlnAyZ.exe
  2⤵
  PID:13064
- C:\Windows\System\uJNoTVq.exe
  C:\Windows\System\uJNoTVq.exe
  2⤵
  PID:13092
- C:\Windows\System\KzGidUk.exe
  C:\Windows\System\KzGidUk.exe
  2⤵
  PID:13132
- C:\Windows\System\ZcQGPPs.exe
  C:\Windows\System\ZcQGPPs.exe
  2⤵
  PID:13148
- C:\Windows\System\MFPDWYP.exe
  C:\Windows\System\MFPDWYP.exe
  2⤵
  PID:13176
- C:\Windows\System\ZkFhOtP.exe
  C:\Windows\System\ZkFhOtP.exe
  2⤵
  PID:13204
- C:\Windows\System\FyUvwBX.exe
  C:\Windows\System\FyUvwBX.exe
  2⤵
  PID:13232
- C:\Windows\System\okqWQWd.exe
  C:\Windows\System\okqWQWd.exe
  2⤵
  PID:13260
- C:\Windows\System\KUmKNWE.exe
  C:\Windows\System\KUmKNWE.exe
  2⤵
  PID:13288
- C:\Windows\System\defJeQy.exe
  C:\Windows\System\defJeQy.exe
  2⤵
  PID:5280
- C:\Windows\System\LSgIwxl.exe
  C:\Windows\System\LSgIwxl.exe
  2⤵
  PID:5340
- C:\Windows\System\kykTRiF.exe
  C:\Windows\System\kykTRiF.exe
  2⤵
  PID:12356
- C:\Windows\System\sOwctGY.exe
  C:\Windows\System\sOwctGY.exe
  2⤵
  PID:12400
- C:\Windows\System\wtIKCqK.exe
  C:\Windows\System\wtIKCqK.exe
  2⤵
  PID:5112
- C:\Windows\System\NyhDWyh.exe
  C:\Windows\System\NyhDWyh.exe
  2⤵
  PID:12456
- C:\Windows\System\NVkzwdc.exe
  C:\Windows\System\NVkzwdc.exe
  2⤵
  PID:2172
- C:\Windows\System\QZgUozC.exe
  C:\Windows\System\QZgUozC.exe
  2⤵
  PID:12524
- C:\Windows\System\GOHzFZb.exe
  C:\Windows\System\GOHzFZb.exe
  2⤵
  PID:12568
- C:\Windows\System\iFOHTFO.exe
  C:\Windows\System\iFOHTFO.exe
  2⤵
  PID:12608
- C:\Windows\System\vebwKtm.exe
  C:\Windows\System\vebwKtm.exe
  2⤵
  PID:12636
- C:\Windows\System\GSHqaRJ.exe
  C:\Windows\System\GSHqaRJ.exe
  2⤵
  PID:2384
- C:\Windows\System\NxckfBd.exe
  C:\Windows\System\NxckfBd.exe
  2⤵
  PID:2300
- C:\Windows\System\RDguvhw.exe
  C:\Windows\System\RDguvhw.exe
  2⤵
  PID:12748
- C:\Windows\System\EMqYxsm.exe
  C:\Windows\System\EMqYxsm.exe
  2⤵
  PID:12796
- C:\Windows\System\FmcrreF.exe
  C:\Windows\System\FmcrreF.exe
  2⤵
  PID:12808
- C:\Windows\System\hOqgFib.exe
  C:\Windows\System\hOqgFib.exe
  2⤵
  PID:3976
- C:\Windows\System\RIGTvxo.exe
  C:\Windows\System\RIGTvxo.exe
  2⤵
  PID:12888
- C:\Windows\System\rhvGkwc.exe
  C:\Windows\System\rhvGkwc.exe
  2⤵
  PID:12916
- C:\Windows\System\LCWvUOo.exe
  C:\Windows\System\LCWvUOo.exe
  2⤵
  PID:4696
- C:\Windows\System\HFFwVAT.exe
  C:\Windows\System\HFFwVAT.exe
  2⤵
  PID:12992
- C:\Windows\System\gylaUOu.exe
  C:\Windows\System\gylaUOu.exe
  2⤵
  PID:4464
- C:\Windows\System\UgCfMha.exe
  C:\Windows\System\UgCfMha.exe
  2⤵
  PID:13056
- C:\Windows\System\HHUMCUq.exe
  C:\Windows\System\HHUMCUq.exe
  2⤵
  PID:5224
- C:\Windows\System\mZFtKVy.exe
  C:\Windows\System\mZFtKVy.exe
  2⤵
  PID:13124
- C:\Windows\System\wBXmfrU.exe
  C:\Windows\System\wBXmfrU.exe
  2⤵
  PID:13144
- C:\Windows\System\cFKgkck.exe
  C:\Windows\System\cFKgkck.exe
  2⤵
  PID:13172
- C:\Windows\System\nevKaEO.exe
  C:\Windows\System\nevKaEO.exe
  2⤵
  PID:4788
- C:\Windows\System\CZNsYEV.exe
  C:\Windows\System\CZNsYEV.exe
  2⤵
  PID:2776
- C:\Windows\System\oCQeMkp.exe
  C:\Windows\System\oCQeMkp.exe
  2⤵
  PID:2368
- C:\Windows\System\svrXUIO.exe
  C:\Windows\System\svrXUIO.exe
  2⤵
  PID:13308
- C:\Windows\System\NipZVtX.exe
  C:\Windows\System\NipZVtX.exe
  2⤵
  PID:5436
- C:\Windows\System\WakvGpw.exe
  C:\Windows\System\WakvGpw.exe
  2⤵
  PID:2088
- C:\Windows\System\EYMFBwk.exe
  C:\Windows\System\EYMFBwk.exe
  2⤵
  PID:5500
- C:\Windows\System\SkPySHF.exe
  C:\Windows\System\SkPySHF.exe
  2⤵
  PID:2800
- C:\Windows\System\eKGGxDx.exe
  C:\Windows\System\eKGGxDx.exe
  2⤵
  PID:12512
- C:\Windows\System\hWbCyBi.exe
  C:\Windows\System\hWbCyBi.exe
  2⤵
  PID:12520
- C:\Windows\System\XhIkeTB.exe
  C:\Windows\System\XhIkeTB.exe
  2⤵
  PID:5576
- C:\Windows\System\QybzjRZ.exe
  C:\Windows\System\QybzjRZ.exe
  2⤵
  PID:1628
- C:\Windows\System\hUEjMeT.exe
  C:\Windows\System\hUEjMeT.exe
  2⤵
  PID:1900
- C:\Windows\System\FuUdfTt.exe
  C:\Windows\System\FuUdfTt.exe
  2⤵
  PID:376
- C:\Windows\System\DDrEzOA.exe
  C:\Windows\System\DDrEzOA.exe
  2⤵
  PID:5004
- C:\Windows\System\UHBFDlU.exe
  C:\Windows\System\UHBFDlU.exe
  2⤵
  PID:6004
- C:\Windows\System\zHvpXjJ.exe
  C:\Windows\System\zHvpXjJ.exe
  2⤵
  PID:5164
- C:\Windows\System\sNVdrRR.exe
  C:\Windows\System\sNVdrRR.exe
  2⤵
  PID:12976
- C:\Windows\System\szvtBTa.exe
  C:\Windows\System\szvtBTa.exe
  2⤵
  PID:5620
- C:\Windows\System\sxEQhuu.exe
  C:\Windows\System\sxEQhuu.exe
  2⤵
  PID:13020
- C:\Windows\System\QZAmmwA.exe
  C:\Windows\System\QZAmmwA.exe
  2⤵
  PID:13088
- C:\Windows\System\WMtlEXc.exe
  C:\Windows\System\WMtlEXc.exe
  2⤵
  PID:5272
- C:\Windows\System\VHlqFUM.exe
  C:\Windows\System\VHlqFUM.exe
  2⤵
  PID:13168
- C:\Windows\System\GEJKVxF.exe
  C:\Windows\System\GEJKVxF.exe
  2⤵
  PID:6436
- C:\Windows\System\GPhOcpx.exe
  C:\Windows\System\GPhOcpx.exe
  2⤵
  PID:5804
- C:\Windows\System\wJfKdYM.exe
  C:\Windows\System\wJfKdYM.exe
  2⤵
  PID:6512
- C:\Windows\System\glRRVKH.exe
  C:\Windows\System\glRRVKH.exe
  2⤵
  PID:1468
- C:\Windows\System\pekdpFz.exe
  C:\Windows\System\pekdpFz.exe
  2⤵
  PID:12496
- C:\Windows\System\gOUhdWL.exe
  C:\Windows\System\gOUhdWL.exe
  2⤵
  PID:12600
- C:\Windows\System\fJYTIyQ.exe
  C:\Windows\System\fJYTIyQ.exe
  2⤵
  PID:2000
- C:\Windows\System\SzqiApu.exe
  C:\Windows\System\SzqiApu.exe
  2⤵
  PID:6152
- C:\Windows\System\KZPetZU.exe
  C:\Windows\System\KZPetZU.exe
  2⤵
  PID:6700
- C:\Windows\System\TAXfWCH.exe
  C:\Windows\System\TAXfWCH.exe
  2⤵
  PID:5168
- C:\Windows\System\PUFvOGJ.exe
  C:\Windows\System\PUFvOGJ.exe
  2⤵
  PID:6768
- C:\Windows\System\KiVPcEq.exe
  C:\Windows\System\KiVPcEq.exe
  2⤵
  PID:13032
- C:\Windows\System\XxSlqVV.exe
  C:\Windows\System\XxSlqVV.exe
  2⤵
  PID:5532
- C:\Windows\System\cMJJkkX.exe
  C:\Windows\System\cMJJkkX.exe
  2⤵
  PID:3300
- C:\Windows\System\FvNrGfl.exe
  C:\Windows\System\FvNrGfl.exe
  2⤵
  PID:13272
- C:\Windows\System\MoJdvFz.exe
  C:\Windows\System\MoJdvFz.exe
  2⤵
  PID:5456
- C:\Windows\System\JQctjLH.exe
  C:\Windows\System\JQctjLH.exe
  2⤵
  PID:1908
- C:\Windows\System\LxQDqGa.exe
  C:\Windows\System\LxQDqGa.exe
  2⤵
  PID:6676
- C:\Windows\System\DPqnSLw.exe
  C:\Windows\System\DPqnSLw.exe
  2⤵
  PID:6776
- C:\Windows\System\PrkxuUE.exe
  C:\Windows\System\PrkxuUE.exe
  2⤵
  PID:4740
- C:\Windows\System\SdcnUYL.exe
  C:\Windows\System\SdcnUYL.exe
  2⤵
  PID:6876
- C:\Windows\System\TZQsjMl.exe
  C:\Windows\System\TZQsjMl.exe
  2⤵
  PID:6936
- C:\Windows\System\QjHqSjI.exe
  C:\Windows\System\QjHqSjI.exe
  2⤵
  PID:1072
- C:\Windows\System\vvAbIco.exe
  C:\Windows\System\vvAbIco.exe
  2⤵
  PID:6844
- C:\Windows\System\RJZXfST.exe
  C:\Windows\System\RJZXfST.exe
  2⤵
  PID:12324
- C:\Windows\System\cXYRYFe.exe
  C:\Windows\System\cXYRYFe.exe
  2⤵
  PID:3628
- C:\Windows\System\VcouUtC.exe
  C:\Windows\System\VcouUtC.exe
  2⤵
  PID:3044
- C:\Windows\System\wuFiTkC.exe
  C:\Windows\System\wuFiTkC.exe
  2⤵
  PID:7024
- C:\Windows\System\qTfbNBm.exe
  C:\Windows\System\qTfbNBm.exe
  2⤵
  PID:13340
- C:\Windows\System\kDFFNON.exe
  C:\Windows\System\kDFFNON.exe
  2⤵
  PID:13368
- C:\Windows\System\goKGKYm.exe
  C:\Windows\System\goKGKYm.exe
  2⤵
  PID:13396
- C:\Windows\System\lygqjHV.exe
  C:\Windows\System\lygqjHV.exe
  2⤵
  PID:13424
- C:\Windows\System\ccBaoHO.exe
  C:\Windows\System\ccBaoHO.exe
  2⤵
  PID:13452
- C:\Windows\System\bgUqIxT.exe
  C:\Windows\System\bgUqIxT.exe
  2⤵
  PID:13484
- C:\Windows\System\pCcazls.exe
  C:\Windows\System\pCcazls.exe
  2⤵
  PID:13508
- C:\Windows\System\jQwyUKe.exe
  C:\Windows\System\jQwyUKe.exe
  2⤵
  PID:13536
- C:\Windows\System\PtTlFij.exe
  C:\Windows\System\PtTlFij.exe
  2⤵
  PID:13564
- C:\Windows\System\MpxkmsP.exe
  C:\Windows\System\MpxkmsP.exe
  2⤵
  PID:13592
- C:\Windows\System\hNPjejJ.exe
  C:\Windows\System\hNPjejJ.exe
  2⤵
  PID:13620
- C:\Windows\System\BPtbwXI.exe
  C:\Windows\System\BPtbwXI.exe
  2⤵
  PID:13656
- C:\Windows\System\JMxwflh.exe
  C:\Windows\System\JMxwflh.exe
  2⤵
  PID:13676
- C:\Windows\System\OkAfIZw.exe
  C:\Windows\System\OkAfIZw.exe
  2⤵
  PID:13704
- C:\Windows\System\xorlfFv.exe
  C:\Windows\System\xorlfFv.exe
  2⤵
  PID:13732
- C:\Windows\System\WVDQGQD.exe
  C:\Windows\System\WVDQGQD.exe
  2⤵
  PID:13760
- C:\Windows\System\nmHzwdM.exe
  C:\Windows\System\nmHzwdM.exe
  2⤵
  PID:13788
- C:\Windows\System\bOXABlj.exe
  C:\Windows\System\bOXABlj.exe
  2⤵
  PID:13828
- C:\Windows\System\TFPKvTR.exe
  C:\Windows\System\TFPKvTR.exe
  2⤵
  PID:13844
- C:\Windows\System\MCPUfWv.exe
  C:\Windows\System\MCPUfWv.exe
  2⤵
  PID:13872
- C:\Windows\System\YyUmGeC.exe
  C:\Windows\System\YyUmGeC.exe
  2⤵
  PID:13900
- C:\Windows\System\shFDFgg.exe
  C:\Windows\System\shFDFgg.exe
  2⤵
  PID:13928
- C:\Windows\System\LuxHboR.exe
  C:\Windows\System\LuxHboR.exe
  2⤵
  PID:13956
- C:\Windows\System\dPQxzzV.exe
  C:\Windows\System\dPQxzzV.exe
  2⤵
  PID:13984
- C:\Windows\System\PafWWlA.exe
  C:\Windows\System\PafWWlA.exe
  2⤵
  PID:14024
- C:\Windows\System\mTjVNjk.exe
  C:\Windows\System\mTjVNjk.exe
  2⤵
  PID:14044
- C:\Windows\System\bXzugqn.exe
  C:\Windows\System\bXzugqn.exe
  2⤵
  PID:14072
- C:\Windows\System\sPSJOcz.exe
  C:\Windows\System\sPSJOcz.exe
  2⤵
  PID:14112
- C:\Windows\System\pQLEqwv.exe
  C:\Windows\System\pQLEqwv.exe
  2⤵
  PID:14128
- C:\Windows\System\JLNWLzf.exe
  C:\Windows\System\JLNWLzf.exe
  2⤵
  PID:14156
- C:\Windows\System\xLrFqNa.exe
  C:\Windows\System\xLrFqNa.exe
  2⤵
  PID:14184
- C:\Windows\System\FpifoKj.exe
  C:\Windows\System\FpifoKj.exe
  2⤵
  PID:14212
- C:\Windows\System\WDibqKc.exe
  C:\Windows\System\WDibqKc.exe
  2⤵
  PID:14240
- C:\Windows\System\zjaEpul.exe
  C:\Windows\System\zjaEpul.exe
  2⤵
  PID:14268
- C:\Windows\System\TMGMDcJ.exe
  C:\Windows\System\TMGMDcJ.exe
  2⤵
  PID:14296
- C:\Windows\System\TuaHBnh.exe
  C:\Windows\System\TuaHBnh.exe
  2⤵
  PID:14324
- C:\Windows\System\sndMHgz.exe
  C:\Windows\System\sndMHgz.exe
  2⤵
  PID:13336
- C:\Windows\System\luDcXJc.exe
  C:\Windows\System\luDcXJc.exe
  2⤵
  PID:13388
- C:\Windows\System\FIqYnHa.exe
  C:\Windows\System\FIqYnHa.exe
  2⤵
  PID:13436
- C:\Windows\System\qVgFlsJ.exe
  C:\Windows\System\qVgFlsJ.exe
  2⤵
  PID:13520
- C:\Windows\System\GzUGoPd.exe
  C:\Windows\System\GzUGoPd.exe
  2⤵
  PID:13560
- C:\Windows\System\DsbsYSf.exe
  C:\Windows\System\DsbsYSf.exe
  2⤵
  PID:6836
- C:\Windows\System\IWOVjRH.exe
  C:\Windows\System\IWOVjRH.exe
  2⤵
  PID:6868
- C:\Windows\System\cLZwvtH.exe
  C:\Windows\System\cLZwvtH.exe
  2⤵
  PID:13700
- C:\Windows\System\mlCCFsq.exe
  C:\Windows\System\mlCCFsq.exe
  2⤵
  PID:6984
- C:\Windows\System\LEllWWI.exe
  C:\Windows\System\LEllWWI.exe
  2⤵
  PID:13780
- C:\Windows\System\QKxREGy.exe
  C:\Windows\System\QKxREGy.exe
  2⤵
  PID:13836
- C:\Windows\System\CwaTdQo.exe
  C:\Windows\System\CwaTdQo.exe
  2⤵
  PID:13892
- C:\Windows\System\LfTSEyh.exe
  C:\Windows\System\LfTSEyh.exe
  2⤵
  PID:6316
- C:\Windows\System\yefwEbM.exe
  C:\Windows\System\yefwEbM.exe
  2⤵
  PID:13980
- C:\Windows\System\HMqoJgA.exe
  C:\Windows\System\HMqoJgA.exe
  2⤵
  PID:14056
- C:\Windows\System\vawvmQe.exe
  C:\Windows\System\vawvmQe.exe
  2⤵
  PID:14108
- C:\Windows\System\pesDBuX.exe
  C:\Windows\System\pesDBuX.exe
  2⤵
  PID:14124
- C:\Windows\System\IMTDCoN.exe
  C:\Windows\System\IMTDCoN.exe
  2⤵
  PID:14176
- C:\Windows\System\YjoXwcc.exe
  C:\Windows\System\YjoXwcc.exe
  2⤵
  PID:14224
- C:\Windows\System\IqDeLil.exe
  C:\Windows\System\IqDeLil.exe
  2⤵
  PID:14264
- C:\Windows\System\ExDYClR.exe
  C:\Windows\System\ExDYClR.exe
  2⤵
  PID:13332
- C:\Windows\System\eUdsTxt.exe
  C:\Windows\System\eUdsTxt.exe
  2⤵
  PID:13416
- C:\Windows\System\oxVhnLm.exe
  C:\Windows\System\oxVhnLm.exe
  2⤵
  PID:13556
- C:\Windows\System\gBEZcOS.exe
  C:\Windows\System\gBEZcOS.exe
  2⤵
  PID:13644
- C:\Windows\System\GvciaTf.exe
  C:\Windows\System\GvciaTf.exe
  2⤵
  PID:6988
- C:\Windows\System\TRIGRky.exe
  C:\Windows\System\TRIGRky.exe
  2⤵
  PID:13808
- C:\Windows\System\kVIQxpB.exe
  C:\Windows\System\kVIQxpB.exe
  2⤵
  PID:13884
- C:\Windows\System\WXmqQXe.exe
  C:\Windows\System\WXmqQXe.exe
  2⤵
  PID:7344
- C:\Windows\System\tkKnUtC.exe
  C:\Windows\System\tkKnUtC.exe
  2⤵
  PID:14036
- C:\Windows\System\fCnnxig.exe
  C:\Windows\System\fCnnxig.exe
  2⤵
  PID:7080
- C:\Windows\System\JwYuuQx.exe
  C:\Windows\System\JwYuuQx.exe
  2⤵
  PID:7456
- C:\Windows\System\OlTWLIb.exe
  C:\Windows\System\OlTWLIb.exe
  2⤵
  PID:7484
- C:\Windows\System\TSyGAWz.exe
  C:\Windows\System\TSyGAWz.exe
  2⤵
  PID:6616
- C:\Windows\System\UHBzzWD.exe
  C:\Windows\System\UHBzzWD.exe
  2⤵
  PID:7584
- C:\Windows\System\lOKsZWU.exe
  C:\Windows\System\lOKsZWU.exe
  2⤵
  PID:7228
- C:\Windows\System\VxuWJrM.exe
  C:\Windows\System\VxuWJrM.exe
  2⤵
  PID:7668
- C:\Windows\System\fyGZwJA.exe
  C:\Windows\System\fyGZwJA.exe
  2⤵
  PID:14008
- C:\Windows\System\BHhQvci.exe
  C:\Windows\System\BHhQvci.exe
  2⤵
  PID:7068
- C:\Windows\System\ZaYsZXr.exe
  C:\Windows\System\ZaYsZXr.exe
  2⤵
  PID:14292
- C:\Windows\System\MmcOkKg.exe
  C:\Windows\System\MmcOkKg.exe
  2⤵
  PID:7772
- C:\Windows\System\FpoULDx.exe
  C:\Windows\System\FpoULDx.exe
  2⤵
  PID:7800
- C:\Windows\System\GRydtML.exe
  C:\Windows\System\GRydtML.exe
  2⤵
  PID:13968
- C:\Windows\System\wWtgrKP.exe
  C:\Windows\System\wWtgrKP.exe
  2⤵
  PID:7728
- C:\Windows\System\AXuaBgg.exe
  C:\Windows\System\AXuaBgg.exe
  2⤵
  PID:7896
- C:\Windows\System\DnuIXyz.exe
  C:\Windows\System\DnuIXyz.exe
  2⤵
  PID:7952
- C:\Windows\System\waqetON.exe
  C:\Windows\System\waqetON.exe
  2⤵
  PID:7292
- C:\Windows\System\dgJTzwy.exe
  C:\Windows\System\dgJTzwy.exe
  2⤵
  PID:3136
- C:\Windows\System\aYlxBmu.exe
  C:\Windows\System\aYlxBmu.exe
  2⤵
  PID:7904
- C:\Windows\System\GDeKPkJ.exe
  C:\Windows\System\GDeKPkJ.exe
  2⤵
  PID:8080
- C:\Windows\System\oNuWtXu.exe
  C:\Windows\System\oNuWtXu.exe
  2⤵
  PID:2608
- C:\Windows\System\EUighvC.exe
  C:\Windows\System\EUighvC.exe
  2⤵
  PID:7748
- C:\Windows\System\lQHOoYj.exe
  C:\Windows\System\lQHOoYj.exe
  2⤵
  PID:8004
- C:\Windows\System\TbFykUe.exe
  C:\Windows\System\TbFykUe.exe
  2⤵
  PID:8180
- C:\Windows\System\mZeHIdI.exe
  C:\Windows\System\mZeHIdI.exe
  2⤵
  PID:1532
- C:\Windows\System\pWoEQcx.exe
  C:\Windows\System\pWoEQcx.exe
  2⤵
  PID:3916
- C:\Windows\System\uBbrMuj.exe
  C:\Windows\System\uBbrMuj.exe
  2⤵
  PID:5728
- C:\Windows\System\mbefVHQ.exe
  C:\Windows\System\mbefVHQ.exe
  2⤵
  PID:14356
- C:\Windows\System\hHVzWli.exe
  C:\Windows\System\hHVzWli.exe
  2⤵
  PID:14388
- C:\Windows\System\xLJQKVI.exe
  C:\Windows\System\xLJQKVI.exe
  2⤵
  PID:14412
- C:\Windows\System\EWhoIZm.exe
  C:\Windows\System\EWhoIZm.exe
  2⤵
  PID:14440
- C:\Windows\System\OleAXlH.exe
  C:\Windows\System\OleAXlH.exe
  2⤵
  PID:14468
- C:\Windows\System\oAPeNpR.exe
  C:\Windows\System\oAPeNpR.exe
  2⤵
  PID:14496
- C:\Windows\System\EWVAdAG.exe
  C:\Windows\System\EWVAdAG.exe
  2⤵
  PID:14524
- C:\Windows\System\PJQrsmI.exe
  C:\Windows\System\PJQrsmI.exe
  2⤵
  PID:14564
- C:\Windows\System\aApRPgb.exe
  C:\Windows\System\aApRPgb.exe
  2⤵
  PID:14580
- C:\Windows\System\pReraov.exe
  C:\Windows\System\pReraov.exe
  2⤵
  PID:14608
- C:\Windows\System\VmFxCeK.exe
  C:\Windows\System\VmFxCeK.exe
  2⤵
  PID:14640
- C:\Windows\System\sPKRaHc.exe
  C:\Windows\System\sPKRaHc.exe
  2⤵
  PID:14664
- C:\Windows\System\BVzlTUu.exe
  C:\Windows\System\BVzlTUu.exe
  2⤵
  PID:14700
- C:\Windows\System\ZdJVLnl.exe
  C:\Windows\System\ZdJVLnl.exe
  2⤵
  PID:14720
- C:\Windows\System\HPFAiKq.exe
  C:\Windows\System\HPFAiKq.exe
  2⤵
  PID:14748
- C:\Windows\System\AkWkcTp.exe
  C:\Windows\System\AkWkcTp.exe
  2⤵
  PID:14776
- C:\Windows\System\uwKqZIu.exe
  C:\Windows\System\uwKqZIu.exe
  2⤵
  PID:14804
- C:\Windows\System\XcEodkx.exe
  C:\Windows\System\XcEodkx.exe
  2⤵
  PID:14832
- C:\Windows\System\crEbyIF.exe
  C:\Windows\System\crEbyIF.exe
  2⤵
  PID:14860
- C:\Windows\System\tpzqrgD.exe
  C:\Windows\System\tpzqrgD.exe
  2⤵
  PID:14888
- C:\Windows\System\wlHwZqR.exe
  C:\Windows\System\wlHwZqR.exe
  2⤵
  PID:14916
- C:\Windows\System\WmKzpCn.exe
  C:\Windows\System\WmKzpCn.exe
  2⤵
  PID:14948
- C:\Windows\System\VqYFCQE.exe
  C:\Windows\System\VqYFCQE.exe
  2⤵
  PID:14976
- C:\Windows\System\PgNKnSu.exe
  C:\Windows\System\PgNKnSu.exe
  2⤵
  PID:15004
- C:\Windows\System\wlIUgxR.exe
  C:\Windows\System\wlIUgxR.exe
  2⤵
  PID:15036
- C:\Windows\System\zUnJdBn.exe
  C:\Windows\System\zUnJdBn.exe
  2⤵
  PID:15060
- C:\Windows\System\FnlciaO.exe
  C:\Windows\System\FnlciaO.exe
  2⤵
  PID:15088
- C:\Windows\System\wgCHqBQ.exe
  C:\Windows\System\wgCHqBQ.exe
  2⤵
  PID:15116
- C:\Windows\System\iSgUgeU.exe
  C:\Windows\System\iSgUgeU.exe
  2⤵
  PID:15144
- C:\Windows\System\ohCEJro.exe
  C:\Windows\System\ohCEJro.exe
  2⤵
  PID:15176
- C:\Windows\System\BkdvunI.exe
  C:\Windows\System\BkdvunI.exe
  2⤵
  PID:15200
- C:\Windows\System\CJfgEXv.exe
  C:\Windows\System\CJfgEXv.exe
  2⤵
  PID:15228
- C:\Windows\System\yneZWVR.exe
  C:\Windows\System\yneZWVR.exe
  2⤵
  PID:15256
- C:\Windows\System\zcJBFlL.exe
  C:\Windows\System\zcJBFlL.exe
  2⤵
  PID:15288
- C:\Windows\System\CNMGgpb.exe
  C:\Windows\System\CNMGgpb.exe
  2⤵
  PID:15320
- C:\Windows\System\zrDOnmM.exe
  C:\Windows\System\zrDOnmM.exe
  2⤵
  PID:14340
- C:\Windows\System\FMTUXfe.exe
  C:\Windows\System\FMTUXfe.exe
  2⤵
  PID:5760
- C:\Windows\System\EtwhlHx.exe
  C:\Windows\System\EtwhlHx.exe
  2⤵
  PID:3992
- C:\Windows\System\DfQvCbA.exe
  C:\Windows\System\DfQvCbA.exe
  2⤵
  PID:7768
- C:\Windows\System\RNxAdsu.exe
  C:\Windows\System\RNxAdsu.exe
  2⤵
  PID:7840
- C:\Windows\System\OuhJWeO.exe
  C:\Windows\System\OuhJWeO.exe
  2⤵
  PID:14516
- C:\Windows\System\CikpRXa.exe
  C:\Windows\System\CikpRXa.exe
  2⤵
  PID:14548
- C:\Windows\System\pJxtRcl.exe
  C:\Windows\System\pJxtRcl.exe
  2⤵
  PID:1732
- C:\Windows\System\qRApqIF.exe
  C:\Windows\System\qRApqIF.exe
  2⤵
  PID:14632
- C:\Windows\System\kQHrPnK.exe
  C:\Windows\System\kQHrPnK.exe
  2⤵
  PID:14676
- C:\Windows\System\YGqvcFM.exe
  C:\Windows\System\YGqvcFM.exe
  2⤵
  PID:14712
- C:\Windows\System\OImNTmq.exe
  C:\Windows\System\OImNTmq.exe
  2⤵
  PID:14744
- C:\Windows\System\XqmCjrM.exe
  C:\Windows\System\XqmCjrM.exe
  2⤵
  PID:7596
- C:\Windows\System\UNHPYJm.exe
  C:\Windows\System\UNHPYJm.exe
  2⤵
  PID:14844
- C:\Windows\System\vkvFhuF.exe
  C:\Windows\System\vkvFhuF.exe
  2⤵
  PID:7996
- C:\Windows\System\eGzgJUN.exe
  C:\Windows\System\eGzgJUN.exe
  2⤵
  PID:14928
- C:\Windows\System\JzNLKoO.exe
  C:\Windows\System\JzNLKoO.exe
  2⤵
  PID:14968
- C:\Windows\System\NDDgRBF.exe
  C:\Windows\System\NDDgRBF.exe
  2⤵
  PID:15024
- C:\Windows\System\EUtFnDl.exe
  C:\Windows\System\EUtFnDl.exe
  2⤵
  PID:8028
- C:\Windows\System\kUQuqXw.exe
  C:\Windows\System\kUQuqXw.exe
  2⤵
  PID:15108
- C:\Windows\System\ELdzLVp.exe
  C:\Windows\System\ELdzLVp.exe
  2⤵
  PID:15156
- C:\Windows\System\LaAldgy.exe
  C:\Windows\System\LaAldgy.exe
  2⤵
  PID:8216
- C:\Windows\System\hlVbslQ.exe
  C:\Windows\System\hlVbslQ.exe
  2⤵
  PID:15220
- C:\Windows\System\sUgckrJ.exe
  C:\Windows\System\sUgckrJ.exe
  2⤵
  PID:15268
- C:\Windows\System\lPafHaD.exe
  C:\Windows\System\lPafHaD.exe
  2⤵
  PID:8336
- C:\Windows\System\pMwsqaB.exe
  C:\Windows\System\pMwsqaB.exe
  2⤵
  PID:8364
- C:\Windows\System\eKdUUbq.exe
  C:\Windows\System\eKdUUbq.exe
  2⤵
  PID:5772
- C:\Windows\System\ZYLQbsH.exe
  C:\Windows\System\ZYLQbsH.exe
  2⤵
  PID:14380
- C:\Windows\System\xaTTIOT.exe
  C:\Windows\System\xaTTIOT.exe
  2⤵
  PID:8544
- C:\Windows\System\KFAVFMG.exe
  C:\Windows\System\KFAVFMG.exe
  2⤵
  PID:14492
- C:\Windows\System\FMrPwxl.exe
  C:\Windows\System\FMrPwxl.exe
  2⤵
  PID:8660
- C:\Windows\System\VifAYCV.exe
  C:\Windows\System\VifAYCV.exe
  2⤵
  PID:8696
- C:\Windows\System\uNAetJf.exe
  C:\Windows\System\uNAetJf.exe
  2⤵
  PID:564
- C:\Windows\System\boFPPrh.exe
  C:\Windows\System\boFPPrh.exe
  2⤵
  PID:5788
- C:\Windows\System\FctjCdL.exe
  C:\Windows\System\FctjCdL.exe
  2⤵
  PID:5332
- C:\Windows\System\WISuuSM.exe
  C:\Windows\System\WISuuSM.exe
  2⤵
  PID:8860
- C:\Windows\System\gdtzeee.exe
  C:\Windows\System\gdtzeee.exe
  2⤵
  PID:7760
- C:\Windows\System\uMFGHBY.exe
  C:\Windows\System\uMFGHBY.exe
  2⤵
  PID:14908
- C:\Windows\System\KAcwDOT.exe
  C:\Windows\System\KAcwDOT.exe
  2⤵
  PID:8992
- C:\Windows\System\AaLmffV.exe
  C:\Windows\System\AaLmffV.exe
  2⤵
  PID:14996
- C:\Windows\System\ELkwxLG.exe
  C:\Windows\System\ELkwxLG.exe
  2⤵
  PID:9060
- C:\Windows\System\sLjGJHY.exe
  C:\Windows\System\sLjGJHY.exe
  2⤵
  PID:5768
- C:\Windows\System\GUYfrkm.exe
  C:\Windows\System\GUYfrkm.exe
  2⤵
  PID:9148
- C:\Windows\System\bhzQwCh.exe
  C:\Windows\System\bhzQwCh.exe
  2⤵
  PID:8248
- C:\Windows\System\USJBlgr.exe
  C:\Windows\System\USJBlgr.exe
  2⤵
  PID:15300
- C:\Windows\System\ZZJRrBM.exe
  C:\Windows\System\ZZJRrBM.exe
  2⤵
  PID:8352
- C:\Windows\System\wjdPUDN.exe
  C:\Windows\System\wjdPUDN.exe
  2⤵
  PID:8764
- C:\Windows\System\mmdmOoS.exe
  C:\Windows\System\mmdmOoS.exe
  2⤵
  PID:8856
- C:\Windows\System\TNPBmsW.exe
  C:\Windows\System\TNPBmsW.exe
  2⤵
  PID:8888
- C:\Windows\System\njNhnne.exe
  C:\Windows\System\njNhnne.exe
  2⤵
  PID:6184
- C:\Windows\System\YdoSxrs.exe
  C:\Windows\System\YdoSxrs.exe
  2⤵
  PID:9004
- C:\Windows\System\YUCqOuD.exe
  C:\Windows\System\YUCqOuD.exe
  2⤵
  PID:8444
- C:\Windows\System\BGzeZEu.exe
  C:\Windows\System\BGzeZEu.exe
  2⤵
  PID:9092
- C:\Windows\System\pQNYiOM.exe
  C:\Windows\System\pQNYiOM.exe
  2⤵
  PID:7300
- C:\Windows\System\AHKHyzh.exe
  C:\Windows\System\AHKHyzh.exe
  2⤵
  PID:8972
- C:\Windows\System\gbqYSeB.exe
  C:\Windows\System\gbqYSeB.exe
  2⤵
  PID:8272
- C:\Windows\System\aFqQard.exe
  C:\Windows\System\aFqQard.exe
  2⤵
  PID:8440
- C:\Windows\System\oPusezt.exe
  C:\Windows\System\oPusezt.exe
  2⤵
  PID:14936
- C:\Windows\System\hBkfWnX.exe
  C:\Windows\System\hBkfWnX.exe
  2⤵
  PID:7684
- C:\Windows\System\HxKiIHc.exe
  C:\Windows\System\HxKiIHc.exe
  2⤵
  PID:6460
- C:\Windows\System\hQbXtII.exe
  C:\Windows\System\hQbXtII.exe
  2⤵
  PID:8604
- C:\Windows\System\AObzYYu.exe
  C:\Windows\System\AObzYYu.exe
  2⤵
  PID:6972
- C:\Windows\System\nGuTnGX.exe
  C:\Windows\System\nGuTnGX.exe
  2⤵
  PID:6548
- C:\Windows\System\UfZjYri.exe
  C:\Windows\System\UfZjYri.exe
  2⤵
  PID:8792
- C:\Windows\System\fxSdGwC.exe
  C:\Windows\System\fxSdGwC.exe
  2⤵
  PID:9360
- C:\Windows\System\dYEFkfj.exe
  C:\Windows\System\dYEFkfj.exe
  2⤵
  PID:9396
- C:\Windows\System\WhkuoYY.exe
  C:\Windows\System\WhkuoYY.exe
  2⤵
  PID:14708
- C:\Windows\System\oQeyuiP.exe
  C:\Windows\System\oQeyuiP.exe
  2⤵
  PID:9476
- C:\Windows\System\BlOFQOW.exe
  C:\Windows\System\BlOFQOW.exe
  2⤵
  PID:8892
- C:\Windows\System\RQEvfpl.exe
  C:\Windows\System\RQEvfpl.exe
  2⤵
  PID:5104
- C:\Windows\System\YtmLfut.exe
  C:\Windows\System\YtmLfut.exe
  2⤵
  PID:9568
- C:\Windows\System\MJvYNkL.exe
  C:\Windows\System\MJvYNkL.exe
  2⤵
  PID:8676
- C:\Windows\System\QVPjmlO.exe
  C:\Windows\System\QVPjmlO.exe
  2⤵
  PID:8508
- C:\Windows\System\rYWCXgW.exe
  C:\Windows\System\rYWCXgW.exe
  2⤵
  PID:9712
- C:\Windows\System\oaHhNIL.exe
  C:\Windows\System\oaHhNIL.exe
  2⤵
  PID:9744
- C:\Windows\System\amJrkVW.exe
  C:\Windows\System\amJrkVW.exe
  2⤵
  PID:9800
- C:\Windows\System\zuTiblU.exe
  C:\Windows\System\zuTiblU.exe
  2⤵
  PID:8704
- C:\Windows\System\MIvBjkl.exe
  C:\Windows\System\MIvBjkl.exe
  2⤵
  PID:9228
- C:\Windows\System\CMXBuII.exe
  C:\Windows\System\CMXBuII.exe
  2⤵
  PID:9320
- C:\Windows\System\wxAoRoe.exe
  C:\Windows\System\wxAoRoe.exe
  2⤵
  PID:9336
- C:\Windows\System\jBPVCXs.exe
  C:\Windows\System\jBPVCXs.exe
  2⤵
  PID:9260
- C:\Windows\System\NuHPcoU.exe
  C:\Windows\System\NuHPcoU.exe
  2⤵
  PID:3208
- C:\Windows\System\dXxAjuC.exe
  C:\Windows\System\dXxAjuC.exe
  2⤵
  PID:9468
- C:\Windows\System\leMEOyi.exe
  C:\Windows\System\leMEOyi.exe
  2⤵
  PID:9552
- C:\Windows\System\FIHICcO.exe
  C:\Windows\System\FIHICcO.exe
  2⤵
  PID:9516
- C:\Windows\System\owpjBxq.exe
  C:\Windows\System\owpjBxq.exe
  2⤵
  PID:9844
- C:\Windows\System\lYdeHLL.exe
  C:\Windows\System\lYdeHLL.exe
  2⤵
  PID:9596
- C:\Windows\System\KvxYoQy.exe
  C:\Windows\System\KvxYoQy.exe
  2⤵
  PID:15140
- C:\Windows\System\kpKCkUj.exe
  C:\Windows\System\kpKCkUj.exe
  2⤵
  PID:8612
- C:\Windows\System\krglPDF.exe
  C:\Windows\System\krglPDF.exe
  2⤵
  PID:6320
- C:\Windows\System\FIfddXe.exe
  C:\Windows\System\FIfddXe.exe
  2⤵
  PID:9704
- C:\Windows\System\FBgLdVx.exe
  C:\Windows\System\FBgLdVx.exe
  2⤵
  PID:6340
- C:\Windows\System\WUWABZE.exe
  C:\Windows\System\WUWABZE.exe
  2⤵
  PID:3616
- C:\Windows\System\oYfkmjA.exe
  C:\Windows\System\oYfkmjA.exe
  2⤵
  PID:6892
- C:\Windows\System\rnueYSy.exe
  C:\Windows\System\rnueYSy.exe
  2⤵
  PID:9904
- C:\Windows\System\KXvkLAV.exe
  C:\Windows\System\KXvkLAV.exe
  2⤵
  PID:7172
- C:\Windows\System\swWZqbG.exe
  C:\Windows\System\swWZqbG.exe
  2⤵
  PID:9340
- C:\Windows\System\XlARphm.exe
  C:\Windows\System\XlARphm.exe
  2⤵
  PID:8912
- C:\Windows\System\mAfCYAx.exe
  C:\Windows\System\mAfCYAx.exe
  2⤵
  PID:10148
- C:\Windows\System\rEFeSaN.exe
  C:\Windows\System\rEFeSaN.exe
  2⤵
  PID:7280
- C:\Windows\System\SXDDWZc.exe
  C:\Windows\System\SXDDWZc.exe
  2⤵
  PID:10264
- C:\Windows\System\QQNGDKk.exe
  C:\Windows\System\QQNGDKk.exe
  2⤵
  PID:10284
- C:\Windows\System\fHkwTFH.exe
  C:\Windows\System\fHkwTFH.exe
  2⤵
  PID:9304
- C:\Windows\System\GCxXPwX.exe
  C:\Windows\System\GCxXPwX.exe
  2⤵
  PID:2652
- C:\Windows\System\TFwdWTv.exe
  C:\Windows\System\TFwdWTv.exe
  2⤵
  PID:9300
- C:\Windows\System\tpbgwJu.exe
  C:\Windows\System\tpbgwJu.exe
  2⤵
  PID:10480
- C:\Windows\System\rjFLqsj.exe
  C:\Windows\System\rjFLqsj.exe
  2⤵
  PID:9724
- C:\Windows\System\GNAUHap.exe
  C:\Windows\System\GNAUHap.exe
  2⤵
  PID:10556
- C:\Windows\System\Naqfhev.exe
  C:\Windows\System\Naqfhev.exe
  2⤵
  PID:7556
- C:\Windows\System\hPaiVfE.exe
  C:\Windows\System\hPaiVfE.exe
  2⤵
  PID:9952
- C:\Windows\System\mwwgJjY.exe
  C:\Windows\System\mwwgJjY.exe
  2⤵
  PID:10068
- C:\Windows\System\AZxmfMH.exe
  C:\Windows\System\AZxmfMH.exe
  2⤵
  PID:532
- C:\Windows\System\PAfqnDr.exe
  C:\Windows\System\PAfqnDr.exe
  2⤵
  PID:9668
- C:\Windows\System\inDRQYW.exe
  C:\Windows\System\inDRQYW.exe
  2⤵
  PID:10776
- C:\Windows\System\qdLVErQ.exe
  C:\Windows\System\qdLVErQ.exe
  2⤵
  PID:10040
- C:\Windows\System\ATXvUFN.exe
  C:\Windows\System\ATXvUFN.exe
  2⤵
  PID:10236
- C:\Windows\System\BIyWXsd.exe
  C:\Windows\System\BIyWXsd.exe
  2⤵
  PID:10876
- C:\Windows\System\dLprVXH.exe
  C:\Windows\System\dLprVXH.exe
  2⤵
  PID:10928
- C:\Windows\System\tDIBfCW.exe
  C:\Windows\System\tDIBfCW.exe
  2⤵
  PID:10080
- C:\Windows\System\WLVtJpF.exe
  C:\Windows\System\WLVtJpF.exe
  2⤵
  PID:14508
- C:\Windows\System\SLWmbkO.exe
  C:\Windows\System\SLWmbkO.exe
  2⤵
  PID:10136
- C:\Windows\System\mbkMqmU.exe
  C:\Windows\System\mbkMqmU.exe
  2⤵
  PID:5744
- C:\Windows\System\CNaBawf.exe
  C:\Windows\System\CNaBawf.exe
  2⤵
  PID:4372
- C:\Windows\System\KCTLiZl.exe
  C:\Windows\System\KCTLiZl.exe
  2⤵
  PID:11128
- C:\Windows\System\JvibDlP.exe
  C:\Windows\System\JvibDlP.exe
  2⤵
  PID:11196
- C:\Windows\System\QLpgXyo.exe
  C:\Windows\System\QLpgXyo.exe
  2⤵
  PID:10420
- C:\Windows\System\ovwORSB.exe
  C:\Windows\System\ovwORSB.exe
  2⤵
  PID:9440
- C:\Windows\System\luXUpQW.exe
  C:\Windows\System\luXUpQW.exe
  2⤵
  PID:10516
- C:\Windows\System\uaMfRqG.exe
  C:\Windows\System\uaMfRqG.exe
  2⤵
  PID:9540
- C:\Windows\System\VgZiNnK.exe
  C:\Windows\System\VgZiNnK.exe
  2⤵
  PID:10612
- C:\Windows\System\RowgVFV.exe
  C:\Windows\System\RowgVFV.exe
  2⤵
  PID:10664
- C:\Windows\System\HGBTZhQ.exe
  C:\Windows\System\HGBTZhQ.exe
  2⤵
  PID:10696
- C:\Windows\System\ubWBVDA.exe
  C:\Windows\System\ubWBVDA.exe
  2⤵
  PID:10172
- C:\Windows\System\bsiGvWy.exe
  C:\Windows\System\bsiGvWy.exe
  2⤵
  PID:10804
- C:\Windows\System\PiLtlvy.exe
  C:\Windows\System\PiLtlvy.exe
  2⤵
  PID:9600
- C:\Windows\System\KLVtzJr.exe
  C:\Windows\System\KLVtzJr.exe
  2⤵
  PID:9860
- C:\Windows\System\gLpwqWe.exe
  C:\Windows\System\gLpwqWe.exe
  2⤵
  PID:8576
- C:\Windows\System\RZPibBl.exe
  C:\Windows\System\RZPibBl.exe
  2⤵
  PID:7304
- C:\Windows\System\YmjaVzn.exe
  C:\Windows\System\YmjaVzn.exe
  2⤵
  PID:10288
- C:\Windows\System\OnWnkdI.exe
  C:\Windows\System\OnWnkdI.exe
  2⤵
  PID:10384
- C:\Windows\System\jDnvFbU.exe
  C:\Windows\System\jDnvFbU.exe
  2⤵
  PID:10396
- C:\Windows\System\hOpWuxY.exe
  C:\Windows\System\hOpWuxY.exe
  2⤵
  PID:7624
- C:\Windows\System\rhSiLyw.exe
  C:\Windows\System\rhSiLyw.exe
  2⤵
  PID:10376
- C:\Windows\System\OyRTzvj.exe
  C:\Windows\System\OyRTzvj.exe
  2⤵
  PID:10588
- C:\Windows\System\QTvJzOe.exe
  C:\Windows\System\QTvJzOe.exe
  2⤵
  PID:10580
- C:\Windows\System\dTKCZUX.exe
  C:\Windows\System\dTKCZUX.exe
  2⤵
  PID:7324
- C:\Windows\System\DMcsOwT.exe
  C:\Windows\System\DMcsOwT.exe
  2⤵
  PID:10892
- C:\Windows\System\SzVYdpN.exe
  C:\Windows\System\SzVYdpN.exe
  2⤵
  PID:10912
- C:\Windows\System\NUTuzlB.exe
  C:\Windows\System\NUTuzlB.exe
  2⤵
  PID:11036
- C:\Windows\System\YbeTShX.exe
  C:\Windows\System\YbeTShX.exe
  2⤵
  PID:8640
- C:\Windows\System\XrsTfHG.exe
  C:\Windows\System\XrsTfHG.exe
  2⤵
  PID:11076
- C:\Windows\System\XOJcTHb.exe
  C:\Windows\System\XOJcTHb.exe
  2⤵
  PID:11388
- C:\Windows\System\fRnbUSn.exe
  C:\Windows\System\fRnbUSn.exe
  2⤵
  PID:11452
- C:\Windows\System\IpRqceC.exe
  C:\Windows\System\IpRqceC.exe
  2⤵
  PID:11496
- C:\Windows\System\BeTxDxc.exe
  C:\Windows\System\BeTxDxc.exe
  2⤵
  PID:11008
- C:\Windows\System\iqNVChZ.exe
  C:\Windows\System\iqNVChZ.exe
  2⤵
  PID:11564
- C:\Windows\System\YmOvAjA.exe
  C:\Windows\System\YmOvAjA.exe
  2⤵
  PID:9856
- C:\Windows\System\oLQeFAP.exe
  C:\Windows\System\oLQeFAP.exe
  2⤵
  PID:11716
- C:\Windows\System\TScHxrJ.exe
  C:\Windows\System\TScHxrJ.exe
  2⤵
  PID:1228
- C:\Windows\System\NGvHXBc.exe
  C:\Windows\System\NGvHXBc.exe
  2⤵
  PID:11772
- C:\Windows\System\JhqcsZx.exe
  C:\Windows\System\JhqcsZx.exe
  2⤵
  PID:11356
- C:\Windows\System\RyTIbtI.exe
  C:\Windows\System\RyTIbtI.exe
  2⤵
  PID:11844
- C:\Windows\System\lJHlLsX.exe
  C:\Windows\System\lJHlLsX.exe
  2⤵
  PID:11252
- C:\Windows\System\FzvCcOS.exe
  C:\Windows\System\FzvCcOS.exe
  2⤵
  PID:11972
- C:\Windows\System\PjxZSgA.exe
  C:\Windows\System\PjxZSgA.exe
  2⤵
  PID:10608
- C:\Windows\System\AbgaGDt.exe
  C:\Windows\System\AbgaGDt.exe
  2⤵
  PID:5680
- C:\Windows\System\yCdYuzR.exe
  C:\Windows\System\yCdYuzR.exe
  2⤵
  PID:12044
- C:\Windows\System\ULXwunr.exe
  C:\Windows\System\ULXwunr.exe
  2⤵
  PID:12080
- C:\Windows\System\GWriMZG.exe
  C:\Windows\System\GWriMZG.exe
  2⤵
  PID:12136
- C:\Windows\System\jeZiAje.exe
  C:\Windows\System\jeZiAje.exe
  2⤵
  PID:12204
- C:\Windows\System\gZyfgNx.exe
  C:\Windows\System\gZyfgNx.exe
  2⤵
  PID:9924
- C:\Windows\System\tTifWps.exe
  C:\Windows\System\tTifWps.exe
  2⤵
  PID:7320
- C:\Windows\System\spGRMnH.exe
  C:\Windows\System\spGRMnH.exe
  2⤵
  PID:10244
- C:\Windows\System\sQFLnhP.exe
  C:\Windows\System\sQFLnhP.exe
  2⤵
  PID:8656
- C:\Windows\System\qZCBZXH.exe
  C:\Windows\System\qZCBZXH.exe
  2⤵
  PID:12144
- C:\Windows\System\rszHDJt.exe
  C:\Windows\System\rszHDJt.exe
  2⤵
  PID:11460
- C:\Windows\System\mjAoehn.exe
  C:\Windows\System\mjAoehn.exe
  2⤵
  PID:11372
- C:\Windows\System\TzITogC.exe
  C:\Windows\System\TzITogC.exe
  2⤵
  PID:15380
- C:\Windows\System\qyrhCny.exe
  C:\Windows\System\qyrhCny.exe
  2⤵
  PID:15420
- C:\Windows\System\AMvwYex.exe
  C:\Windows\System\AMvwYex.exe
  2⤵
  PID:15440
- C:\Windows\System\ZJSXCaY.exe
  C:\Windows\System\ZJSXCaY.exe
  2⤵
  PID:15468
- C:\Windows\System\UGHRgee.exe
  C:\Windows\System\UGHRgee.exe
  2⤵
  PID:15508
- C:\Windows\System\XyWihev.exe
  C:\Windows\System\XyWihev.exe
  2⤵
  PID:15528
- C:\Windows\System\CBtdmof.exe
  C:\Windows\System\CBtdmof.exe
  2⤵
  PID:15564
- C:\Windows\System\CvCkomb.exe
  C:\Windows\System\CvCkomb.exe
  2⤵
  PID:15580
- C:\Windows\System\upABlTa.exe
  C:\Windows\System\upABlTa.exe
  2⤵
  PID:15608
- C:\Windows\System\hmYjuAG.exe
  C:\Windows\System\hmYjuAG.exe
  2⤵
  PID:15644
- C:\Windows\System\SeZKLEo.exe
  C:\Windows\System\SeZKLEo.exe
  2⤵
  PID:15664
- C:\Windows\System\PnxkGGe.exe
  C:\Windows\System\PnxkGGe.exe
  2⤵
  PID:15700
- C:\Windows\System\yEbXBjH.exe
  C:\Windows\System\yEbXBjH.exe
  2⤵
  PID:15728
- C:\Windows\System\iyYDnXe.exe
  C:\Windows\System\iyYDnXe.exe
  2⤵
  PID:15752
- C:\Windows\System\RJiXfbZ.exe
  C:\Windows\System\RJiXfbZ.exe
  2⤵
  PID:15780
- C:\Windows\System\EgXPzGM.exe
  C:\Windows\System\EgXPzGM.exe
  2⤵
  PID:15808
- C:\Windows\System\ZKEslAq.exe
  C:\Windows\System\ZKEslAq.exe
  2⤵
  PID:15836
- C:\Windows\System\ZEsqYeE.exe
  C:\Windows\System\ZEsqYeE.exe
  2⤵
  PID:15872
- C:\Windows\System\GvcvpZj.exe
  C:\Windows\System\GvcvpZj.exe
  2⤵
  PID:15892
- C:\Windows\System\GLlTZTW.exe
  C:\Windows\System\GLlTZTW.exe
  2⤵
  PID:15928
- C:\Windows\System\HEwPDBa.exe
  C:\Windows\System\HEwPDBa.exe
  2⤵
  PID:15948
- C:\Windows\System\WmeJtvz.exe
  C:\Windows\System\WmeJtvz.exe
  2⤵
  PID:15984
- C:\Windows\System\DgEWFhZ.exe
  C:\Windows\System\DgEWFhZ.exe
  2⤵
  PID:16004
- C:\Windows\System\MXEIbDK.exe
  C:\Windows\System\MXEIbDK.exe
  2⤵
  PID:16040
- C:\Windows\System\CqbArUD.exe
  C:\Windows\System\CqbArUD.exe
  2⤵
  PID:16060
- C:\Windows\System\qRHIlnN.exe
  C:\Windows\System\qRHIlnN.exe
  2⤵
  PID:16092
- C:\Windows\System\JOuUnum.exe
  C:\Windows\System\JOuUnum.exe
  2⤵
  PID:16116
- C:\Windows\System\EfOGVOc.exe
  C:\Windows\System\EfOGVOc.exe
  2⤵
  PID:16156
- C:\Windows\System\dJUyveR.exe
  C:\Windows\System\dJUyveR.exe
  2⤵
  PID:16176
- C:\Windows\System\UhliyiY.exe
  C:\Windows\System\UhliyiY.exe
  2⤵
  PID:16200
- C:\Windows\System\mTPSVDp.exe
  C:\Windows\System\mTPSVDp.exe
  2⤵
  PID:16228
- C:\Windows\System\ymekAuJ.exe
  C:\Windows\System\ymekAuJ.exe
  2⤵
  PID:16256
- C:\Windows\System\HRiiezn.exe
  C:\Windows\System\HRiiezn.exe
  2⤵
  PID:16288
- C:\Windows\System\eYiYLcL.exe
  C:\Windows\System\eYiYLcL.exe
  2⤵
  PID:16316
- C:\Windows\System\XKJEEqV.exe
  C:\Windows\System\XKJEEqV.exe
  2⤵
  PID:16352
- C:\Windows\System\wsQUCcK.exe
  C:\Windows\System\wsQUCcK.exe
  2⤵
  PID:16372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BuQwfmB.exe

Filesize
6.0MB

MD5
8e624d14584e70411896bbe84d6304f7

SHA1
6fc4c65b504f3832b0fcd75c7879ef73f116acbc

SHA256
eb3dd1c7ae539bef55718a7c225200d0347559b39b2c7c76a13ac5e9d0edaca8

SHA512
43300a6fa6d024332519cd38f7bd808c15ae767e8907565ec264389bd29c3bf580b2967f8735b34b11d3fdeb904f1bd4ccd0e46394e9e82271a1e8ed9f0c63e1

Download Submit
C:\Windows\System\BwOciSc.exe

Filesize
6.0MB

MD5
cd2a64f15cea74cafdcad8730f3ac20b

SHA1
a2825334294c13b7f8d426a6e0964be09a863cac

SHA256
b32c7e862c5a321fae363ee33e8c342ad80566bb9eeb603e24b3fba44c0759d1

SHA512
07681caf1426d3e23ca7653f0ee37554f436cc4f557879bc34364327103eeadc24012e1fdbcd1088324341a6ecbc5a004412fa7771483cef7a5fb07e096cf90f

Download Submit
C:\Windows\System\GxjMlph.exe

Filesize
6.0MB

MD5
a4049417ac00e47ddbe1d5c613b9e5aa

SHA1
55fc07dc88cfd25dcd92a4fc2e4de8c7d5e45c29

SHA256
e42091a06aa1a0cb54682904068bd8e97088151652f6f1b0e97dec6f5b50bbe8

SHA512
694a6c8643e121b497e6cac39744e6007eae1de9050b56c73cfe39f0bcd81fab37d9347fe44e409b3a0a6a8cd078418634a8c017d54d8289c31c74ecd15b7fe4

Download Submit
C:\Windows\System\HQncWbz.exe

Filesize
6.0MB

MD5
0bc145dff6bc884f318acba829177e33

SHA1
6ddfdbdb8735cd8ddd1227396704a7bd712bd11f

SHA256
01d5cabfddfafd05d870d6f31aa91d8a04dffa8d5217f05511bffdfe884a4e53

SHA512
85e834e9368db9353b51bf1d557279b785cd5708fe04892ec0e97d20976a7fe48be67aaadb5196b2bbccb67b00437093469889d9ab883f41773d29d98ad1a6fb

Download Submit
C:\Windows\System\IZomqJI.exe

Filesize
6.0MB

MD5
17517d880bca0ef4fab819e4fdb25ccf

SHA1
177cbad8c27c7c3c067f266d710ee9d7153d6736

SHA256
5afef7cdcd9a7f9a4a21ced7983f6c67f0a150e64f4c97e332b882bb4e673ce7

SHA512
68f2db9212c69336197a2209cdd4fd018aa42428d9a30098c35afe785446f73f1c0d0b2dd72aed698408ea049a0fefcdc1d6dea5721dc948f1a6836299caeee6

Download Submit
C:\Windows\System\IyAThvt.exe

Filesize
6.0MB

MD5
08034527e2a28e1761fa70f16a680634

SHA1
e77320eab1fcb6cdce945f408ec2ba9f23b083f7

SHA256
11560f4e64100ac28236f938e397b66eb6de1aed848b0d11f8f4fd6b5916f63b

SHA512
9f43b74784f0807f2c3706b90d3ab771f35668211cb26d045e5a4f5004febb8ef503a0e15370c4ad40be92a65eef6badb46a26b9cd611de8ff2660fb07ea8cdc

Download Submit
C:\Windows\System\MiiPMWn.exe

Filesize
6.0MB

MD5
2217b2fa7fe76c77808078a330dcdd30

SHA1
5d4f524131ade650d4ad595541a28c362e5a07ef

SHA256
c169726b96fe8c73baa9ecb14a160159c6b8863919251d603502ee5097ba3b9c

SHA512
e011d0338149df27a3563d670de0cb815f956393b398f5ce5141c736d7d6ee51dd6d17fd4dc6cc9a563f496e8627c12ea6c0e2f595e4918787d48938c0259948

Download Submit
C:\Windows\System\NLXcejm.exe

Filesize
6.0MB

MD5
0c81113490bf07b529417bade314776e

SHA1
f3efa28a597966cfeb03d423365aa124d9f014c8

SHA256
3fd060d65720827678d70dacbd84fa1ac8333d8e8bf9c5e90413068cd7e6086e

SHA512
f4164f90d2117f9013b2041d099f5e03745aeb8f9b3486b0ec1d03ed4dc50515e0962fd19617eaaaa996e4a87a3d85bf95284d5990cf8e02f8623adfdf7f92b6

Download Submit
C:\Windows\System\PgYrMGW.exe

Filesize
6.0MB

MD5
9ce970f5108f2760ce8d74dc40a5ed14

SHA1
97c058fede049fd19dd92a61a1fbbfba1dad898c

SHA256
8c255a789d6c20fcf46fcf1ba1ec0a9e9f0f490ac3b21441473317103386b133

SHA512
c6956c70d50056415348ee5281e0c82819c58f04060e11affb1fd39dc8aeb820845117c341cbdbda6ab8bb98c4feb5c24ae36f4985cde641d7aec0c3c63c5c68

Download Submit
C:\Windows\System\QooUxDV.exe

Filesize
6.0MB

MD5
a41853aa1743456d7f86eb647005b84b

SHA1
3b39faa4944570cc794f06210ed0959c1e56cf08

SHA256
071679ff68e4245cb70e74a08b0d6a38adfab50451bf72341234f2a49a4e6f50

SHA512
4ccde5a8ebe2dad6e0b7c105057d5bc7c0c49a606608eac09ea935ebce27708a59a44358c07974fea782fc3b1bc53503000ed3efe2faf3158e72d0a570c0d9c9

Download Submit
C:\Windows\System\RrqCOVz.exe

Filesize
6.0MB

MD5
db800b35b21fb50cf0e7a7421ebe38ea

SHA1
375a2541b561f6ed9f15a13ba76583d9ad2ede59

SHA256
4e04748e0304a3eab7b8336a88e5d177c5f2f21bf062704693063eb411b028f5

SHA512
068088f1ee6e71c5bb03d578807bf38bff4daf4fa5abbb0bf54dc8f5e442be7fe75b4b5c3b929c91c4aa29dad04c93a7577be039aa66147bcaa037e8739daf5b

Download Submit
C:\Windows\System\WcwAvjg.exe

Filesize
6.0MB

MD5
bdde19a58ca234d510478131d29c3ef0

SHA1
cc570fddf6cf3beb885070adfef81da5397530c5

SHA256
24eca9f993ec0cc06fe2d8624fc771561367394517b6d923f10f45f8dfb58264

SHA512
1a1d37697892cdeaa347e5c606cb7d3042d8e1a63c9a4e599e9c03f79f4a1c44d2be35b1ee796f69156ad8de3a20d4d0fce1b1071ec69a4653a1f01ef21e7901

Download Submit
C:\Windows\System\bNYCvQu.exe

Filesize
6.0MB

MD5
a4ae334a81993f6cc6e0c371a8db7d5f

SHA1
40d8e13386fa2351c977c764377f94659ca39d1d

SHA256
b62e73e1ecceb668f6d1c6037a1e143098c938721c09340c5f5573d53d06a347

SHA512
fe0446ea68161815eb34273f3c4b69aa50a3fa914511bda660fb05872350d148fde58c91b39a7fb518a85aa4ef7bcb9e3ed846d138b41d64bd6d9856dd2380b7

Download Submit
C:\Windows\System\dWBrdfq.exe

Filesize
6.0MB

MD5
1154605a30c94cbd54959c7275c74743

SHA1
0f1cb1bf756d99e55cbc03406b25bf314736e8b3

SHA256
d135a9d7ab1c00db378ac30fca1c8b4187cc4b5cb1189c69ccb675376e1c577f

SHA512
55c96662827f4e04402e2d5498ca226c7255f0e91be85f5a4807ea5bf72babc9931ce96406f81ddba9242eaad4adcdb112b583c8356ed1edf110dc640c239f4c

Download Submit
C:\Windows\System\djjPNVb.exe

Filesize
6.0MB

MD5
f815ee2af7c732f792061e8616f3db82

SHA1
f3ff955949046bb7d5cfb9e9099caf5d93a14060

SHA256
0a640211f3deaa9571a1900a7b6523aff9c41d9ce4dcf74dbe465f2521345ec8

SHA512
6587a649201baad58f1b1ff8578053f1b78361b2760c0ede39088656f5d25802b939a4021e7b6c415f8d0c0cd74823d792eb6f03a4cd6e5a44216ff8fab4f1c7

Download Submit
C:\Windows\System\gDbnLAn.exe

Filesize
6.0MB

MD5
860b993f716c58787cca004fd4050ef9

SHA1
a43ded0e79b8a9564e6adddd0f5fffc97b13f260

SHA256
9654ec79ae7e50abbf3ae1128f6426506bf23441e65bf6270700c3a872c4b942

SHA512
668865db4c3ea835ec5046172d768d4b326667dbc345955c2e8123a109a1f8f6a6c7348e5b16db587a9583356ca14d4c20f63682e3e60bbba635af178b8520f2

Download Submit
C:\Windows\System\kiXdzyj.exe

Filesize
6.0MB

MD5
e1fdf1d7772729f75c0bd051f4c523da

SHA1
e79aa5d86b3fcd951a9cbcde82d34386abc0f3fc

SHA256
22d893122f0237d2e76f13be27e92486418325e33fe805bc1c36af1ff70dcd27

SHA512
3bbe4944b8ddb1725b7bf369b33c1639993658cf7a4c3fc33bc9232527bce49f5b7ebecd37c355bea8abc591a2b7f17ff252d01b788c9428f7578cfc95ac5851

Download Submit
C:\Windows\System\mxFZnmj.exe

Filesize
6.0MB

MD5
fdfaa132291fcfd78075ad790a300bb0

SHA1
e1589be5b9dc0429845788fc1c3e3af369abdcd0

SHA256
0cae93c3f99ddcff171683d57b0a0b61d241ab4713478170c42ce13f41b2d48e

SHA512
f98a86f94d384149284af7e9c5a9da6b45362390b4571cf6805e091d0a1f3e52373e7cde3c67bd1f5dc198e33bd5aa44ea970cb42aa6c6ede1cad0f52e28b5f2

Download Submit
C:\Windows\System\oJoJYGo.exe

Filesize
6.0MB

MD5
b7a14f4d672c7aadd820a6cd4231f071

SHA1
b2d78e1427c43990f6fddb2a62c576964a07d1af

SHA256
24727c3105ca9c12753e78c5e96b3a04cae89bc48571887b3cbb476e786ccd49

SHA512
0f0200310ed12759beaacf4921a1cb9c2aed1fec00e0c8161553f59f5a3646d5bae17aeb6da7abca9ef0e4f7195b8c582cf859dcff96268a54ca1f9ea105dd38

Download Submit
C:\Windows\System\pcHNlAE.exe

Filesize
6.0MB

MD5
d47fafa567743ed242dbac02aa7ed22f

SHA1
48b3ac57d9940bb3e5e9c217ef1a58212b2907fd

SHA256
73be4a65f56f0bf580f50460f2e3fe3ca82f4259c3ad2dd75c1915e8ef8ea74b

SHA512
ed6d49413e1ab358022e9a9268c907fdb6414ad2357f3ab6ff7a38832f3d6304333ab55810257bec88f7cb0502aa6c5b118b153168d33991e9f3d5f20624f612

Download Submit
C:\Windows\System\qrFHjuG.exe

Filesize
6.0MB

MD5
a9108952591ca3a6abf67468bbdfc569

SHA1
3bf45a48fbd27d0f87042a8bcbdd78ab72f8d930

SHA256
a69388691acfae367367e53926a5c7c727b9331db92e439913447c3fffdf6a3a

SHA512
b15ac3b5e8d5c702c86ef7b7d0c8e2228ff4fd124eb2d922c6369099e16c2c3d58d119a7e64a07505612a7c1129c649aa35a0739752e64d487d7e6306c4f19dd

Download Submit
C:\Windows\System\rshPArY.exe

Filesize
6.0MB

MD5
9a125bc729fa53534383723bbd53cf0f

SHA1
91f11f2355f4348f2402bce7dc7d05042379f771

SHA256
f5454d5e588a132ca2135ed6cfb60430f51dfc3b6af019c75d47cbc1b688bca6

SHA512
4b3bcdc47af126d1fb18c7241c47b8b6bdd27814a45589445a3b66c98b77610f96ad776ab0eebe3cd5ad171755506f8fe35584ab746122b70ba709437ed281ef

Download Submit
C:\Windows\System\sDyeXEa.exe

Filesize
6.0MB

MD5
81722828524a1d5a4957db0b025a2e46

SHA1
8c2f5422f0e291b20dbd7768b19f409169234860

SHA256
f4a84670292581c0e92fe04fb2bb4a3b26b076c651eab2d4b8c64b84b1b6935f

SHA512
51343d600e5f1368b4362ff6d11ffe0bdda0fb4f5ade4dc6a220f1c81acb0c25f9cb513a87caa46a48ea66d04d0848e7010bb93d2945f15096358793b377314a

Download Submit
C:\Windows\System\uNpeDfZ.exe

Filesize
6.0MB

MD5
ba032edf4069000b2bc112d4b67d9ab4

SHA1
493e2609d7ec011c25aca06512ae893f286c64ed

SHA256
df62a69c2d7376b747a61294f308fe39c38a3d7259c02af823be0a2159cbf79e

SHA512
cbe18b454d57d57fabeec2d46a036f6529fa4ab094de9f8e37acdbbd5b4735dfafbcb41d608c2cf51a8ad0d686afa1926eeef0735d98f7dabc0430874e5c8547

Download Submit
C:\Windows\System\uZZMpRt.exe

Filesize
6.0MB

MD5
15e382c1259e45a6a19ce19c35294b89

SHA1
e089b6f11074bd7919a9d4936e7c6f1538bf72d7

SHA256
5501dc27c843b4ebac066754e37e067549354e1d8d073812dac92f99e74e2a61

SHA512
4470cc73ed23a362779687ad801bd5515b9f5b4c875ecdadba12fd65a79c45da1ac22b9c0f0ebc4eeb2ead6db4669dbdec4b531825fb5d7b40cc0254f06ae7ab

Download Submit
C:\Windows\System\ulPXCci.exe

Filesize
6.0MB

MD5
c0081ec5400da49db16e8d220c946a3e

SHA1
ba51e65a89fb46599b1e9bec3537ae2fb9da8ff4

SHA256
d2f23bfea483784263f8ea1274e9541d6e5d7485aee1219c4e79794a51cf1103

SHA512
5d93cc689cf9a68d46f3c5c1783cbaa59c30db2a85e8c55d7614bd2ac4422fa138e94e55c6efc3863bcdd0db2cbeead22ebd3b04cc86c315a10b293cf3b3286c

Download Submit
C:\Windows\System\vVIPVZe.exe

Filesize
6.0MB

MD5
d5d69e6b45c482577b72fb3a862ce5c8

SHA1
335fc97714059ecda70b01b10d357c085e8a276b

SHA256
504b3333a4875a4ad5d8f27715899c8d213f11d948948a349618ad430bc5f18a

SHA512
2cfc12262070c22a99275692c4efddbec6128e4f416fcca176ce9eec77fbfa80c8cad98bd1dcdc58ef889846b25b718b4d1478f0b2f4cd3a08c5d1920d39b719

Download Submit
C:\Windows\System\xavLdNX.exe

Filesize
6.0MB

MD5
c0bd512f29a0b8dd21bcc422df53ee70

SHA1
0c32eed05d3e83fabfbd897e816e27513fa3192f

SHA256
6a8bd32efba0afaadc6e46caf5ca9830b0eb9eab3f173ce63b1e4fda3ac49099

SHA512
3d20761e487a3575d6ea222c7056dccdfaa6257821b36c52fd18566d1a010735c007fc690daad46e6ceed0addf6ae5ff761616a916c611eaea073e9c2c25edc7

Download Submit
C:\Windows\System\xwLcsZj.exe

Filesize
6.0MB

MD5
74bc66d707cb8ff00f77e93baebf52f4

SHA1
097ec2b8b36b60eb681cd4f91f81eb658d5fc3b6

SHA256
ff1226403bd64c766e346fd7e015ac993428aff95d04eef438fdf0db9e571586

SHA512
d8331c3c8efdd19ef5c5976c449473b7e289214b04570d206b93867af587236adf41f3790bd5d5558296ba5431298c4fecdc93eec8f4a09614412b065ab3b382

Download Submit
C:\Windows\System\yHJWfKd.exe

Filesize
6.0MB

MD5
64bf137423db99c69c826c158fdd4480

SHA1
4994ff50d91d9f98c6033f09e2e6f378665f8381

SHA256
0847f7dba59a15278e8d79848c2f1da69c885419772259689e3c8f8ffe3a8070

SHA512
818cb0cf499d39b073435901409de85b604d0599ecb7d25eb3ef09fb10c6aa7eb82a79aa04f261578314c51f8f3d5523de61735cf3c5050117a897d7bf005fe6

Download Submit
C:\Windows\System\yJSRZIS.exe

Filesize
6.0MB

MD5
f42e0867e8dd9319639c73c0d41cb18d

SHA1
1bb7a45803c6ddcb515b73b989ff7f0bf38d0f52

SHA256
5d52e39a66f84f015cfd73dca2175c225940d79225f049a4bed56a0acd501b1c

SHA512
03d183b477ec01f7086a15980483a114a651422b520da63dd0062178e4b49a1d39100a99a1e266bb36392bb5bead67dd7c49c352d68ddd8c6622ae8606e28a7a

Download Submit
C:\Windows\System\zcbvoiC.exe

Filesize
6.0MB

MD5
509313c9fa6ce4dff2261e2bcddf322e

SHA1
b8c2314ce8bb07e74cf12ff3afd78b89bd8e7de6

SHA256
41177f17eedaaf128d4aa63879fa5d7891574ad057e40574f1e905e0a19c0af3

SHA512
153a512be62ecf80d6cc88456460f20251a7dcccaedf8878a5b10311eb86122f495f843957cf0668f052699222e89b62150b6dff6589568aaf6f154d8d18d5c2

Download Submit
C:\Windows\System\zfrxclU.exe

Filesize
6.0MB

MD5
f0ace7f750ee20470d139e49ed798605

SHA1
2d85f3da01793314fe30693be8e596c9789be718

SHA256
fc16c2cc12aced69976ae489b979346389b6a2ae0272c18aa6b001d6ac5b35b6

SHA512
e2fca64036e5592d65de414afd117af8b5ac597b9bdff599880e9cb443ceff9d8f62ca0bcf498cbfffa9726b8af1253d79bd45f823eeea24ff3ca7102de63e88

Download Submit
memory/644-620-0x00007FF6F9490000-0x00007FF6F97E4000-memory.dmp

Filesize
3.3MB

Download
memory/644-120-0x00007FF6F9490000-0x00007FF6F97E4000-memory.dmp

Filesize
3.3MB

Download
memory/644-1730-0x00007FF6F9490000-0x00007FF6F97E4000-memory.dmp

Filesize
3.3MB

Download
memory/656-1486-0x00007FF66C030000-0x00007FF66C384000-memory.dmp

Filesize
3.3MB

Download
memory/656-18-0x00007FF66C030000-0x00007FF66C384000-memory.dmp

Filesize
3.3MB

Download
memory/656-93-0x00007FF66C030000-0x00007FF66C384000-memory.dmp

Filesize
3.3MB

Download
memory/1604-621-0x00007FF75AFB0000-0x00007FF75B304000-memory.dmp

Filesize
3.3MB

Download
memory/1604-131-0x00007FF75AFB0000-0x00007FF75B304000-memory.dmp

Filesize
3.3MB

Download
memory/1604-1745-0x00007FF75AFB0000-0x00007FF75B304000-memory.dmp

Filesize
3.3MB

Download
memory/1636-115-0x00007FF6C5760000-0x00007FF6C5AB4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-1657-0x00007FF6C5760000-0x00007FF6C5AB4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-1744-0x00007FF735DF0000-0x00007FF736144000-memory.dmp

Filesize
3.3MB

Download
memory/1680-574-0x00007FF735DF0000-0x00007FF736144000-memory.dmp

Filesize
3.3MB

Download
memory/1680-112-0x00007FF735DF0000-0x00007FF736144000-memory.dmp

Filesize
3.3MB

Download
memory/1884-65-0x00007FF6907F0000-0x00007FF690B44000-memory.dmp

Filesize
3.3MB

Download
memory/1884-1650-0x00007FF6907F0000-0x00007FF690B44000-memory.dmp

Filesize
3.3MB

Download
memory/1884-422-0x00007FF6907F0000-0x00007FF690B44000-memory.dmp

Filesize
3.3MB

Download
memory/1976-174-0x00007FF643950000-0x00007FF643CA4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-1739-0x00007FF643950000-0x00007FF643CA4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-529-0x00007FF6A1850000-0x00007FF6A1BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-1737-0x00007FF6A1850000-0x00007FF6A1BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-99-0x00007FF6A1850000-0x00007FF6A1BA4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-1668-0x00007FF78E9E0000-0x00007FF78ED34000-memory.dmp

Filesize
3.3MB

Download
memory/2224-117-0x00007FF78E9E0000-0x00007FF78ED34000-memory.dmp

Filesize
3.3MB

Download
memory/2296-370-0x00007FF6651F0000-0x00007FF665544000-memory.dmp

Filesize
3.3MB

Download
memory/2296-44-0x00007FF6651F0000-0x00007FF665544000-memory.dmp

Filesize
3.3MB

Download
memory/2296-1610-0x00007FF6651F0000-0x00007FF665544000-memory.dmp

Filesize
3.3MB

Download
memory/2444-105-0x00007FF63B880000-0x00007FF63BBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-1729-0x00007FF63B880000-0x00007FF63BBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-532-0x00007FF63B880000-0x00007FF63BBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-36-0x00007FF6FB860000-0x00007FF6FBBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-188-0x00007FF6FB860000-0x00007FF6FBBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-1578-0x00007FF6FB860000-0x00007FF6FBBB4000-memory.dmp

Filesize
3.3MB

Download
memory/3280-419-0x00007FF621040000-0x00007FF621394000-memory.dmp

Filesize
3.3MB

Download
memory/3280-58-0x00007FF621040000-0x00007FF621394000-memory.dmp

Filesize
3.3MB

Download
memory/3280-1642-0x00007FF621040000-0x00007FF621394000-memory.dmp

Filesize
3.3MB

Download
memory/3284-193-0x00007FF7979B0000-0x00007FF797D04000-memory.dmp

Filesize
3.3MB

Download
memory/3284-722-0x00007FF7979B0000-0x00007FF797D04000-memory.dmp

Filesize
3.3MB

Download
memory/3284-1762-0x00007FF7979B0000-0x00007FF797D04000-memory.dmp

Filesize
3.3MB

Download
memory/3484-1552-0x00007FF6A8040000-0x00007FF6A8394000-memory.dmp

Filesize
3.3MB

Download
memory/3484-26-0x00007FF6A8040000-0x00007FF6A8394000-memory.dmp

Filesize
3.3MB

Download
memory/3484-125-0x00007FF6A8040000-0x00007FF6A8394000-memory.dmp

Filesize
3.3MB

Download
memory/3504-177-0x00007FF7AD350000-0x00007FF7AD6A4000-memory.dmp

Filesize
3.3MB

Download
memory/3504-1734-0x00007FF7AD350000-0x00007FF7AD6A4000-memory.dmp

Filesize
3.3MB

Download
memory/3592-1743-0x00007FF64ADC0000-0x00007FF64B114000-memory.dmp

Filesize
3.3MB

Download
memory/3592-575-0x00007FF64ADC0000-0x00007FF64B114000-memory.dmp

Filesize
3.3MB

Download
memory/3592-121-0x00007FF64ADC0000-0x00007FF64B114000-memory.dmp

Filesize
3.3MB

Download
memory/3612-1752-0x00007FF661F00000-0x00007FF662254000-memory.dmp

Filesize
3.3MB

Download
memory/3612-170-0x00007FF661F00000-0x00007FF662254000-memory.dmp

Filesize
3.3MB

Download
memory/3612-660-0x00007FF661F00000-0x00007FF662254000-memory.dmp

Filesize
3.3MB

Download
memory/3700-173-0x00007FF7D8760000-0x00007FF7D8AB4000-memory.dmp

Filesize
3.3MB

Download
memory/3700-31-0x00007FF7D8760000-0x00007FF7D8AB4000-memory.dmp

Filesize
3.3MB

Download
memory/3700-1572-0x00007FF7D8760000-0x00007FF7D8AB4000-memory.dmp

Filesize
3.3MB

Download
memory/3804-162-0x00007FF60D130000-0x00007FF60D484000-memory.dmp

Filesize
3.3MB

Download
memory/3804-624-0x00007FF60D130000-0x00007FF60D484000-memory.dmp

Filesize
3.3MB

Download
memory/3804-1728-0x00007FF60D130000-0x00007FF60D484000-memory.dmp

Filesize
3.3MB

Download
memory/3996-523-0x00007FF6907A0000-0x00007FF690AF4000-memory.dmp

Filesize
3.3MB

Download
memory/3996-77-0x00007FF6907A0000-0x00007FF690AF4000-memory.dmp

Filesize
3.3MB

Download
memory/3996-1658-0x00007FF6907A0000-0x00007FF690AF4000-memory.dmp

Filesize
3.3MB

Download
memory/4044-0-0x00007FF629E00000-0x00007FF62A154000-memory.dmp

Filesize
3.3MB

Download
memory/4044-54-0x00007FF629E00000-0x00007FF62A154000-memory.dmp

Filesize
3.3MB

Download
memory/4044-1-0x0000015753160000-0x0000015753170000-memory.dmp

Filesize
64KB

Download
memory/4128-657-0x00007FF6BF1B0000-0x00007FF6BF504000-memory.dmp

Filesize
3.3MB

Download
memory/4128-1750-0x00007FF6BF1B0000-0x00007FF6BF504000-memory.dmp

Filesize
3.3MB

Download
memory/4128-165-0x00007FF6BF1B0000-0x00007FF6BF504000-memory.dmp

Filesize
3.3MB

Download
memory/4224-1480-0x00007FF7352C0000-0x00007FF735614000-memory.dmp

Filesize
3.3MB

Download
memory/4224-16-0x00007FF7352C0000-0x00007FF735614000-memory.dmp

Filesize
3.3MB

Download
memory/4224-72-0x00007FF7352C0000-0x00007FF735614000-memory.dmp

Filesize
3.3MB

Download
memory/4248-524-0x00007FF623450000-0x00007FF6237A4000-memory.dmp

Filesize
3.3MB

Download
memory/4248-1660-0x00007FF623450000-0x00007FF6237A4000-memory.dmp

Filesize
3.3MB

Download
memory/4248-85-0x00007FF623450000-0x00007FF6237A4000-memory.dmp

Filesize
3.3MB

Download
memory/4288-57-0x00007FF73D850000-0x00007FF73DBA4000-memory.dmp

Filesize
3.3MB

Download
memory/4288-11-0x00007FF73D850000-0x00007FF73DBA4000-memory.dmp

Filesize
3.3MB

Download
memory/4288-1472-0x00007FF73D850000-0x00007FF73DBA4000-memory.dmp

Filesize
3.3MB

Download
memory/4664-1738-0x00007FF7563F0000-0x00007FF756744000-memory.dmp

Filesize
3.3MB

Download
memory/4664-164-0x00007FF7563F0000-0x00007FF756744000-memory.dmp

Filesize
3.3MB

Download
memory/4760-528-0x00007FF6D37B0000-0x00007FF6D3B04000-memory.dmp

Filesize
3.3MB

Download
memory/4760-98-0x00007FF6D37B0000-0x00007FF6D3B04000-memory.dmp

Filesize
3.3MB

Download
memory/4760-1669-0x00007FF6D37B0000-0x00007FF6D3B04000-memory.dmp

Filesize
3.3MB

Download
memory/4916-1754-0x00007FF7C7970000-0x00007FF7C7CC4000-memory.dmp

Filesize
3.3MB

Download
memory/4916-183-0x00007FF7C7970000-0x00007FF7C7CC4000-memory.dmp

Filesize
3.3MB

Download
memory/4928-50-0x00007FF699050000-0x00007FF6993A4000-memory.dmp

Filesize
3.3MB

Download
memory/4928-377-0x00007FF699050000-0x00007FF6993A4000-memory.dmp

Filesize
3.3MB

Download
memory/4928-1618-0x00007FF699050000-0x00007FF6993A4000-memory.dmp

Filesize
3.3MB

Download