cobaltstrike | 48d076b1816e1baf87ae8be490382fc3911243695a09bd1b8b1da2f4f464f007

Analysis

max time kernel
129s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-11-2024 01:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b7ac43535b87c71699bf9f0c4106ca12
SHA1

fbea948ac5ee66db81acb899f2e01631d5d8ea65
SHA256

48d076b1816e1baf87ae8be490382fc3911243695a09bd1b8b1da2f4f464f007
SHA512

4117fea158a1b00fb83118f1efc84ed65aa02ed901e363342e4cd74fd1340ba49189cfad1ecc1d9dae8dab5b79411dbbdd9755680dda6c35169d383d65452c4b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUl:T+q56utgpPF8u/7l

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\System\BDdSJUF.exe	cobalt_reflective_dll
C:\Windows\System\zxwMREG.exe	cobalt_reflective_dll
C:\Windows\System\SJozDSe.exe	cobalt_reflective_dll
C:\Windows\System\cHCOcZG.exe	cobalt_reflective_dll
C:\Windows\System\JGANSDF.exe	cobalt_reflective_dll
C:\Windows\System\hxiNRFV.exe	cobalt_reflective_dll
C:\Windows\System\lWOYyQd.exe	cobalt_reflective_dll
C:\Windows\System\wHuVlnO.exe	cobalt_reflective_dll
C:\Windows\System\OwYLYWd.exe	cobalt_reflective_dll
C:\Windows\System\aKDZwGu.exe	cobalt_reflective_dll
C:\Windows\System\rxGbeaF.exe	cobalt_reflective_dll
C:\Windows\System\xmsJPWu.exe	cobalt_reflective_dll
C:\Windows\System\cWOQZCf.exe	cobalt_reflective_dll
C:\Windows\System\FEsCtyj.exe	cobalt_reflective_dll
C:\Windows\System\QYndafP.exe	cobalt_reflective_dll
C:\Windows\System\tjoyDiy.exe	cobalt_reflective_dll
C:\Windows\System\lDtHAWP.exe	cobalt_reflective_dll
C:\Windows\System\lbBllGH.exe	cobalt_reflective_dll
C:\Windows\System\iYpnchS.exe	cobalt_reflective_dll
C:\Windows\System\vOkvYps.exe	cobalt_reflective_dll
C:\Windows\System\rGWwzsp.exe	cobalt_reflective_dll
C:\Windows\System\gOKismd.exe	cobalt_reflective_dll
C:\Windows\System\pUAdaFe.exe	cobalt_reflective_dll
C:\Windows\System\vxueyxF.exe	cobalt_reflective_dll
C:\Windows\System\URNRKqx.exe	cobalt_reflective_dll
C:\Windows\System\dbKUIXT.exe	cobalt_reflective_dll
C:\Windows\System\kUbXHYY.exe	cobalt_reflective_dll
C:\Windows\System\ngdruri.exe	cobalt_reflective_dll
C:\Windows\System\uBccydt.exe	cobalt_reflective_dll
C:\Windows\System\vonsApg.exe	cobalt_reflective_dll
C:\Windows\System\Jsvslis.exe	cobalt_reflective_dll
C:\Windows\System\fdRkRYo.exe	cobalt_reflective_dll
C:\Windows\System\MJgnfbh.exe	cobalt_reflective_dll
C:\Windows\System\kLwHjBb.exe	cobalt_reflective_dll
C:\Windows\System\IoJIlTK.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/2456-0-0x00007FF7179B0000-0x00007FF717D04000-memory.dmp	xmrig
C:\Windows\System\BDdSJUF.exe	xmrig
C:\Windows\System\zxwMREG.exe	xmrig
C:\Windows\System\SJozDSe.exe	xmrig
C:\Windows\System\cHCOcZG.exe	xmrig
behavioral2/memory/3716-25-0x00007FF7BC270000-0x00007FF7BC5C4000-memory.dmp	xmrig
C:\Windows\System\JGANSDF.exe	xmrig
behavioral2/memory/936-30-0x00007FF64D9C0000-0x00007FF64DD14000-memory.dmp	xmrig
behavioral2/memory/1988-23-0x00007FF68D140000-0x00007FF68D494000-memory.dmp	xmrig
behavioral2/memory/1912-20-0x00007FF624DD0000-0x00007FF625124000-memory.dmp	xmrig
behavioral2/memory/624-6-0x00007FF7A0FE0000-0x00007FF7A1334000-memory.dmp	xmrig
C:\Windows\System\hxiNRFV.exe	xmrig
behavioral2/memory/3020-36-0x00007FF65DDC0000-0x00007FF65E114000-memory.dmp	xmrig
behavioral2/memory/4320-43-0x00007FF7E0140000-0x00007FF7E0494000-memory.dmp	xmrig
C:\Windows\System\lWOYyQd.exe	xmrig
C:\Windows\System\wHuVlnO.exe	xmrig
C:\Windows\System\OwYLYWd.exe	xmrig
behavioral2/memory/2888-56-0x00007FF733790000-0x00007FF733AE4000-memory.dmp	xmrig
behavioral2/memory/1620-55-0x00007FF790030000-0x00007FF790384000-memory.dmp	xmrig
behavioral2/memory/2456-59-0x00007FF7179B0000-0x00007FF717D04000-memory.dmp	xmrig
C:\Windows\System\aKDZwGu.exe	xmrig
C:\Windows\System\rxGbeaF.exe	xmrig
C:\Windows\System\xmsJPWu.exe	xmrig
behavioral2/memory/4396-81-0x00007FF745FD0000-0x00007FF746324000-memory.dmp	xmrig
C:\Windows\System\cWOQZCf.exe	xmrig
C:\Windows\System\FEsCtyj.exe	xmrig
C:\Windows\System\QYndafP.exe	xmrig
behavioral2/memory/3020-116-0x00007FF65DDC0000-0x00007FF65E114000-memory.dmp	xmrig
behavioral2/memory/2636-115-0x00007FF6984B0000-0x00007FF698804000-memory.dmp	xmrig
C:\Windows\System\tjoyDiy.exe	xmrig
behavioral2/memory/756-112-0x00007FF6DC010000-0x00007FF6DC364000-memory.dmp	xmrig
behavioral2/memory/516-108-0x00007FF7D21E0000-0x00007FF7D2534000-memory.dmp	xmrig
behavioral2/memory/1352-104-0x00007FF743330000-0x00007FF743684000-memory.dmp	xmrig
behavioral2/memory/4988-103-0x00007FF7412B0000-0x00007FF741604000-memory.dmp	xmrig
C:\Windows\System\lDtHAWP.exe	xmrig
behavioral2/memory/936-87-0x00007FF64D9C0000-0x00007FF64DD14000-memory.dmp	xmrig
behavioral2/memory/372-84-0x00007FF6C6830000-0x00007FF6C6B84000-memory.dmp	xmrig
C:\Windows\System\lbBllGH.exe	xmrig
behavioral2/memory/1988-76-0x00007FF68D140000-0x00007FF68D494000-memory.dmp	xmrig
behavioral2/memory/2616-72-0x00007FF686EE0000-0x00007FF687234000-memory.dmp	xmrig
behavioral2/memory/1960-68-0x00007FF6DD440000-0x00007FF6DD794000-memory.dmp	xmrig
behavioral2/memory/1912-67-0x00007FF624DD0000-0x00007FF625124000-memory.dmp	xmrig
behavioral2/memory/624-65-0x00007FF7A0FE0000-0x00007FF7A1334000-memory.dmp	xmrig
C:\Windows\System\iYpnchS.exe	xmrig
behavioral2/memory/4320-122-0x00007FF7E0140000-0x00007FF7E0494000-memory.dmp	xmrig
behavioral2/memory/2628-132-0x00007FF6C1140000-0x00007FF6C1494000-memory.dmp	xmrig
C:\Windows\System\vOkvYps.exe	xmrig
C:\Windows\System\rGWwzsp.exe	xmrig
behavioral2/memory/4176-131-0x00007FF61E220000-0x00007FF61E574000-memory.dmp	xmrig
behavioral2/memory/1620-130-0x00007FF790030000-0x00007FF790384000-memory.dmp	xmrig
behavioral2/memory/2576-125-0x00007FF69A260000-0x00007FF69A5B4000-memory.dmp	xmrig
C:\Windows\System\gOKismd.exe	xmrig
C:\Windows\System\pUAdaFe.exe	xmrig
C:\Windows\System\vxueyxF.exe	xmrig
C:\Windows\System\URNRKqx.exe	xmrig
behavioral2/memory/372-163-0x00007FF6C6830000-0x00007FF6C6B84000-memory.dmp	xmrig
C:\Windows\System\dbKUIXT.exe	xmrig
C:\Windows\System\kUbXHYY.exe	xmrig
C:\Windows\System\ngdruri.exe	xmrig
behavioral2/memory/756-215-0x00007FF6DC010000-0x00007FF6DC364000-memory.dmp	xmrig
behavioral2/memory/1832-219-0x00007FF7A72E0000-0x00007FF7A7634000-memory.dmp	xmrig
behavioral2/memory/4648-209-0x00007FF77CEC0000-0x00007FF77D214000-memory.dmp	xmrig
behavioral2/memory/4936-208-0x00007FF7BAB90000-0x00007FF7BAEE4000-memory.dmp	xmrig
C:\Windows\System\uBccydt.exe	xmrig

Executes dropped EXE 64 IoCs

Processes:

BDdSJUF.exezxwMREG.exeSJozDSe.execHCOcZG.exeJGANSDF.exehxiNRFV.exelWOYyQd.exewHuVlnO.exeOwYLYWd.exeaKDZwGu.exerxGbeaF.exelbBllGH.exexmsJPWu.exelDtHAWP.execWOQZCf.exeQYndafP.exeFEsCtyj.exetjoyDiy.exeiYpnchS.exerGWwzsp.exevOkvYps.exegOKismd.exepUAdaFe.exevxueyxF.exeURNRKqx.exedbKUIXT.exeIoJIlTK.exekLwHjBb.exekUbXHYY.exeMJgnfbh.exefdRkRYo.exeJsvslis.exevonsApg.exeuBccydt.exengdruri.exeytEHcWO.exeGyKcxDn.exeSMvcPeU.exeKgazSBb.exekhzWeuK.exeuLuYXNO.exeshgeuYy.exeTguVwxp.exeRABUIWz.exeotWKreE.exeCmVtMdx.exeosokyFZ.execJlcjXR.exeysYmSpU.exeWKqfTlI.exexmEiZId.exesemrdHo.exeBgsJatp.exeXQYezcH.exeoLScExn.exeovxpngA.exegbbzMCr.exeffYvxZm.exevwGYLpE.exeIzfEyak.exeQjrqPvt.exefYCYbFq.exexiODdHh.exekItOtQV.exe

pid	process
624	BDdSJUF.exe
1912	zxwMREG.exe
3716	SJozDSe.exe
1988	cHCOcZG.exe
936	JGANSDF.exe
3020	hxiNRFV.exe
4320	lWOYyQd.exe
1620	wHuVlnO.exe
2888	OwYLYWd.exe
1960	aKDZwGu.exe
2616	rxGbeaF.exe
4396	lbBllGH.exe
372	xmsJPWu.exe
516	lDtHAWP.exe
756	cWOQZCf.exe
4988	QYndafP.exe
2636	FEsCtyj.exe
1352	tjoyDiy.exe
2576	iYpnchS.exe
4176	rGWwzsp.exe
2628	vOkvYps.exe
4056	gOKismd.exe
1132	pUAdaFe.exe
4580	vxueyxF.exe
2956	URNRKqx.exe
1832	dbKUIXT.exe
3936	IoJIlTK.exe
4936	kLwHjBb.exe
4648	kUbXHYY.exe
2808	MJgnfbh.exe
3160	fdRkRYo.exe
1128	Jsvslis.exe
4540	vonsApg.exe
4932	uBccydt.exe
2996	ngdruri.exe
3804	ytEHcWO.exe
3508	GyKcxDn.exe
3104	SMvcPeU.exe
1236	KgazSBb.exe
4336	khzWeuK.exe
4532	uLuYXNO.exe
3712	shgeuYy.exe
3248	TguVwxp.exe
3460	RABUIWz.exe
4036	otWKreE.exe
2264	CmVtMdx.exe
4144	osokyFZ.exe
4616	cJlcjXR.exe
1472	ysYmSpU.exe
4900	WKqfTlI.exe
4332	xmEiZId.exe
2400	semrdHo.exe
5024	BgsJatp.exe
3012	XQYezcH.exe
4512	oLScExn.exe
1336	ovxpngA.exe
1632	gbbzMCr.exe
3684	ffYvxZm.exe
4956	vwGYLpE.exe
3036	IzfEyak.exe
4628	QjrqPvt.exe
4620	fYCYbFq.exe
5008	xiODdHh.exe
4876	kItOtQV.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2456-0-0x00007FF7179B0000-0x00007FF717D04000-memory.dmp	upx
C:\Windows\System\BDdSJUF.exe	upx
C:\Windows\System\zxwMREG.exe	upx
C:\Windows\System\SJozDSe.exe	upx
C:\Windows\System\cHCOcZG.exe	upx
behavioral2/memory/3716-25-0x00007FF7BC270000-0x00007FF7BC5C4000-memory.dmp	upx
C:\Windows\System\JGANSDF.exe	upx
behavioral2/memory/936-30-0x00007FF64D9C0000-0x00007FF64DD14000-memory.dmp	upx
behavioral2/memory/1988-23-0x00007FF68D140000-0x00007FF68D494000-memory.dmp	upx
behavioral2/memory/1912-20-0x00007FF624DD0000-0x00007FF625124000-memory.dmp	upx
behavioral2/memory/624-6-0x00007FF7A0FE0000-0x00007FF7A1334000-memory.dmp	upx
C:\Windows\System\hxiNRFV.exe	upx
behavioral2/memory/3020-36-0x00007FF65DDC0000-0x00007FF65E114000-memory.dmp	upx
behavioral2/memory/4320-43-0x00007FF7E0140000-0x00007FF7E0494000-memory.dmp	upx
C:\Windows\System\lWOYyQd.exe	upx
C:\Windows\System\wHuVlnO.exe	upx
C:\Windows\System\OwYLYWd.exe	upx
behavioral2/memory/2888-56-0x00007FF733790000-0x00007FF733AE4000-memory.dmp	upx
behavioral2/memory/1620-55-0x00007FF790030000-0x00007FF790384000-memory.dmp	upx
behavioral2/memory/2456-59-0x00007FF7179B0000-0x00007FF717D04000-memory.dmp	upx
C:\Windows\System\aKDZwGu.exe	upx
C:\Windows\System\rxGbeaF.exe	upx
C:\Windows\System\xmsJPWu.exe	upx
behavioral2/memory/4396-81-0x00007FF745FD0000-0x00007FF746324000-memory.dmp	upx
C:\Windows\System\cWOQZCf.exe	upx
C:\Windows\System\FEsCtyj.exe	upx
C:\Windows\System\QYndafP.exe	upx
behavioral2/memory/3020-116-0x00007FF65DDC0000-0x00007FF65E114000-memory.dmp	upx
behavioral2/memory/2636-115-0x00007FF6984B0000-0x00007FF698804000-memory.dmp	upx
C:\Windows\System\tjoyDiy.exe	upx
behavioral2/memory/756-112-0x00007FF6DC010000-0x00007FF6DC364000-memory.dmp	upx
behavioral2/memory/516-108-0x00007FF7D21E0000-0x00007FF7D2534000-memory.dmp	upx
behavioral2/memory/1352-104-0x00007FF743330000-0x00007FF743684000-memory.dmp	upx
behavioral2/memory/4988-103-0x00007FF7412B0000-0x00007FF741604000-memory.dmp	upx
C:\Windows\System\lDtHAWP.exe	upx
behavioral2/memory/936-87-0x00007FF64D9C0000-0x00007FF64DD14000-memory.dmp	upx
behavioral2/memory/372-84-0x00007FF6C6830000-0x00007FF6C6B84000-memory.dmp	upx
C:\Windows\System\lbBllGH.exe	upx
behavioral2/memory/1988-76-0x00007FF68D140000-0x00007FF68D494000-memory.dmp	upx
behavioral2/memory/2616-72-0x00007FF686EE0000-0x00007FF687234000-memory.dmp	upx
behavioral2/memory/1960-68-0x00007FF6DD440000-0x00007FF6DD794000-memory.dmp	upx
behavioral2/memory/1912-67-0x00007FF624DD0000-0x00007FF625124000-memory.dmp	upx
behavioral2/memory/624-65-0x00007FF7A0FE0000-0x00007FF7A1334000-memory.dmp	upx
C:\Windows\System\iYpnchS.exe	upx
behavioral2/memory/4320-122-0x00007FF7E0140000-0x00007FF7E0494000-memory.dmp	upx
behavioral2/memory/2628-132-0x00007FF6C1140000-0x00007FF6C1494000-memory.dmp	upx
C:\Windows\System\vOkvYps.exe	upx
C:\Windows\System\rGWwzsp.exe	upx
behavioral2/memory/4176-131-0x00007FF61E220000-0x00007FF61E574000-memory.dmp	upx
behavioral2/memory/1620-130-0x00007FF790030000-0x00007FF790384000-memory.dmp	upx
behavioral2/memory/2576-125-0x00007FF69A260000-0x00007FF69A5B4000-memory.dmp	upx
C:\Windows\System\gOKismd.exe	upx
C:\Windows\System\pUAdaFe.exe	upx
C:\Windows\System\vxueyxF.exe	upx
C:\Windows\System\URNRKqx.exe	upx
behavioral2/memory/372-163-0x00007FF6C6830000-0x00007FF6C6B84000-memory.dmp	upx
C:\Windows\System\dbKUIXT.exe	upx
C:\Windows\System\kUbXHYY.exe	upx
C:\Windows\System\ngdruri.exe	upx
behavioral2/memory/756-215-0x00007FF6DC010000-0x00007FF6DC364000-memory.dmp	upx
behavioral2/memory/1832-219-0x00007FF7A72E0000-0x00007FF7A7634000-memory.dmp	upx
behavioral2/memory/4648-209-0x00007FF77CEC0000-0x00007FF77D214000-memory.dmp	upx
behavioral2/memory/4936-208-0x00007FF7BAB90000-0x00007FF7BAEE4000-memory.dmp	upx
C:\Windows\System\uBccydt.exe	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\baRjDfX.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\snxYduy.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPthQsf.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Olwillp.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lXVMXsf.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hboNEdD.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJHjCHB.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rEiETpG.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wbemmbj.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HIYfSvR.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWWkyqQ.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aiEmoNS.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RljBKEG.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NtTCzZW.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\paJxNea.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hmidSwC.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZoHNGnf.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QZMqRql.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qmVFgqJ.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EuyWREu.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wpXPyRc.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OUVtjxY.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HndUfFr.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\msysqjM.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xCldYvc.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JLkjEIX.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jtiOQck.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RAVqwDS.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VVwtTaM.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqvFIWG.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xIPWttg.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IvBmOwf.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\upYEHSU.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LeRQeVk.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ScouWdJ.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YJUrOTl.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPVLQAA.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\doVHIpu.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHzJcYz.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SNkbnrr.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FUKofAE.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IejXkfx.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YseUOHR.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PVDFxiH.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GVQWnox.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BooWRFb.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BPWslcu.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IiYINhE.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUugboY.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\auhuAjs.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zUXPWpX.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nvCRQuq.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\shgeuYy.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TYvvDTZ.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GPxKaPh.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tXccfio.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYpqMHD.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YRniqcM.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\chqvWco.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tvXfXQe.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gzynqLd.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jkPYsLX.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XxCsDhP.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lbBllGH.exe	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2456 wrote to memory of 624	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	BDdSJUF.exe
PID 2456 wrote to memory of 624	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	BDdSJUF.exe
PID 2456 wrote to memory of 1912	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	zxwMREG.exe
PID 2456 wrote to memory of 1912	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	zxwMREG.exe
PID 2456 wrote to memory of 3716	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	SJozDSe.exe
PID 2456 wrote to memory of 3716	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	SJozDSe.exe
PID 2456 wrote to memory of 1988	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	cHCOcZG.exe
PID 2456 wrote to memory of 1988	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	cHCOcZG.exe
PID 2456 wrote to memory of 936	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	JGANSDF.exe
PID 2456 wrote to memory of 936	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	JGANSDF.exe
PID 2456 wrote to memory of 3020	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	hxiNRFV.exe
PID 2456 wrote to memory of 3020	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	hxiNRFV.exe
PID 2456 wrote to memory of 4320	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	lWOYyQd.exe
PID 2456 wrote to memory of 4320	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	lWOYyQd.exe
PID 2456 wrote to memory of 1620	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	wHuVlnO.exe
PID 2456 wrote to memory of 1620	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	wHuVlnO.exe
PID 2456 wrote to memory of 2888	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	OwYLYWd.exe
PID 2456 wrote to memory of 2888	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	OwYLYWd.exe
PID 2456 wrote to memory of 1960	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	aKDZwGu.exe
PID 2456 wrote to memory of 1960	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	aKDZwGu.exe
PID 2456 wrote to memory of 2616	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	rxGbeaF.exe
PID 2456 wrote to memory of 2616	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	rxGbeaF.exe
PID 2456 wrote to memory of 4396	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	lbBllGH.exe
PID 2456 wrote to memory of 4396	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	lbBllGH.exe
PID 2456 wrote to memory of 372	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	xmsJPWu.exe
PID 2456 wrote to memory of 372	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	xmsJPWu.exe
PID 2456 wrote to memory of 516	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	lDtHAWP.exe
PID 2456 wrote to memory of 516	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	lDtHAWP.exe
PID 2456 wrote to memory of 756	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	cWOQZCf.exe
PID 2456 wrote to memory of 756	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	cWOQZCf.exe
PID 2456 wrote to memory of 4988	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	QYndafP.exe
PID 2456 wrote to memory of 4988	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	QYndafP.exe
PID 2456 wrote to memory of 2636	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	FEsCtyj.exe
PID 2456 wrote to memory of 2636	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	FEsCtyj.exe
PID 2456 wrote to memory of 1352	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	tjoyDiy.exe
PID 2456 wrote to memory of 1352	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	tjoyDiy.exe
PID 2456 wrote to memory of 2576	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	iYpnchS.exe
PID 2456 wrote to memory of 2576	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	iYpnchS.exe
PID 2456 wrote to memory of 4176	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	rGWwzsp.exe
PID 2456 wrote to memory of 4176	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	rGWwzsp.exe
PID 2456 wrote to memory of 2628	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	vOkvYps.exe
PID 2456 wrote to memory of 2628	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	vOkvYps.exe
PID 2456 wrote to memory of 4056	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	gOKismd.exe
PID 2456 wrote to memory of 4056	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	gOKismd.exe
PID 2456 wrote to memory of 1132	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	pUAdaFe.exe
PID 2456 wrote to memory of 1132	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	pUAdaFe.exe
PID 2456 wrote to memory of 4580	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	vxueyxF.exe
PID 2456 wrote to memory of 4580	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	vxueyxF.exe
PID 2456 wrote to memory of 2956	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	URNRKqx.exe
PID 2456 wrote to memory of 2956	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	URNRKqx.exe
PID 2456 wrote to memory of 1832	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	dbKUIXT.exe
PID 2456 wrote to memory of 1832	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	dbKUIXT.exe
PID 2456 wrote to memory of 3936	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	IoJIlTK.exe
PID 2456 wrote to memory of 3936	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	IoJIlTK.exe
PID 2456 wrote to memory of 4936	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	kLwHjBb.exe
PID 2456 wrote to memory of 4936	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	kLwHjBb.exe
PID 2456 wrote to memory of 4648	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	kUbXHYY.exe
PID 2456 wrote to memory of 4648	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	kUbXHYY.exe
PID 2456 wrote to memory of 2996	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	ngdruri.exe
PID 2456 wrote to memory of 2996	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	ngdruri.exe
PID 2456 wrote to memory of 2808	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	MJgnfbh.exe
PID 2456 wrote to memory of 2808	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	MJgnfbh.exe
PID 2456 wrote to memory of 3160	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	fdRkRYo.exe
PID 2456 wrote to memory of 3160	2456	2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe	fdRkRYo.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-19_b7ac43535b87c71699bf9f0c4106ca12_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Windows\System\BDdSJUF.exe
  C:\Windows\System\BDdSJUF.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\zxwMREG.exe
  C:\Windows\System\zxwMREG.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\SJozDSe.exe
  C:\Windows\System\SJozDSe.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\cHCOcZG.exe
  C:\Windows\System\cHCOcZG.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\JGANSDF.exe
  C:\Windows\System\JGANSDF.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\hxiNRFV.exe
  C:\Windows\System\hxiNRFV.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\lWOYyQd.exe
  C:\Windows\System\lWOYyQd.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\wHuVlnO.exe
  C:\Windows\System\wHuVlnO.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\OwYLYWd.exe
  C:\Windows\System\OwYLYWd.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\aKDZwGu.exe
  C:\Windows\System\aKDZwGu.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\rxGbeaF.exe
  C:\Windows\System\rxGbeaF.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\lbBllGH.exe
  C:\Windows\System\lbBllGH.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\xmsJPWu.exe
  C:\Windows\System\xmsJPWu.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\lDtHAWP.exe
  C:\Windows\System\lDtHAWP.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\cWOQZCf.exe
  C:\Windows\System\cWOQZCf.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\QYndafP.exe
  C:\Windows\System\QYndafP.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\FEsCtyj.exe
  C:\Windows\System\FEsCtyj.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\tjoyDiy.exe
  C:\Windows\System\tjoyDiy.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\iYpnchS.exe
  C:\Windows\System\iYpnchS.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\rGWwzsp.exe
  C:\Windows\System\rGWwzsp.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\vOkvYps.exe
  C:\Windows\System\vOkvYps.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\gOKismd.exe
  C:\Windows\System\gOKismd.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\pUAdaFe.exe
  C:\Windows\System\pUAdaFe.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\vxueyxF.exe
  C:\Windows\System\vxueyxF.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\URNRKqx.exe
  C:\Windows\System\URNRKqx.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\dbKUIXT.exe
  C:\Windows\System\dbKUIXT.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\IoJIlTK.exe
  C:\Windows\System\IoJIlTK.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\kLwHjBb.exe
  C:\Windows\System\kLwHjBb.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\kUbXHYY.exe
  C:\Windows\System\kUbXHYY.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\ngdruri.exe
  C:\Windows\System\ngdruri.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\MJgnfbh.exe
  C:\Windows\System\MJgnfbh.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\fdRkRYo.exe
  C:\Windows\System\fdRkRYo.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\Jsvslis.exe
  C:\Windows\System\Jsvslis.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\vonsApg.exe
  C:\Windows\System\vonsApg.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\uBccydt.exe
  C:\Windows\System\uBccydt.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\ytEHcWO.exe
  C:\Windows\System\ytEHcWO.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System\GyKcxDn.exe
  C:\Windows\System\GyKcxDn.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\SMvcPeU.exe
  C:\Windows\System\SMvcPeU.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\KgazSBb.exe
  C:\Windows\System\KgazSBb.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\khzWeuK.exe
  C:\Windows\System\khzWeuK.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\uLuYXNO.exe
  C:\Windows\System\uLuYXNO.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\shgeuYy.exe
  C:\Windows\System\shgeuYy.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\TguVwxp.exe
  C:\Windows\System\TguVwxp.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\RABUIWz.exe
  C:\Windows\System\RABUIWz.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\otWKreE.exe
  C:\Windows\System\otWKreE.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\CmVtMdx.exe
  C:\Windows\System\CmVtMdx.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\osokyFZ.exe
  C:\Windows\System\osokyFZ.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\cJlcjXR.exe
  C:\Windows\System\cJlcjXR.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\ysYmSpU.exe
  C:\Windows\System\ysYmSpU.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\WKqfTlI.exe
  C:\Windows\System\WKqfTlI.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\xmEiZId.exe
  C:\Windows\System\xmEiZId.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\semrdHo.exe
  C:\Windows\System\semrdHo.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\BgsJatp.exe
  C:\Windows\System\BgsJatp.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\XQYezcH.exe
  C:\Windows\System\XQYezcH.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\oLScExn.exe
  C:\Windows\System\oLScExn.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\ovxpngA.exe
  C:\Windows\System\ovxpngA.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\gbbzMCr.exe
  C:\Windows\System\gbbzMCr.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\ffYvxZm.exe
  C:\Windows\System\ffYvxZm.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\vwGYLpE.exe
  C:\Windows\System\vwGYLpE.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\IzfEyak.exe
  C:\Windows\System\IzfEyak.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\QjrqPvt.exe
  C:\Windows\System\QjrqPvt.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\fYCYbFq.exe
  C:\Windows\System\fYCYbFq.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\xiODdHh.exe
  C:\Windows\System\xiODdHh.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\kItOtQV.exe
  C:\Windows\System\kItOtQV.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\NHQmdXp.exe
  C:\Windows\System\NHQmdXp.exe
  2⤵
  PID:5076
- C:\Windows\System\StAjRIG.exe
  C:\Windows\System\StAjRIG.exe
  2⤵
  PID:4860
- C:\Windows\System\OTBlgPM.exe
  C:\Windows\System\OTBlgPM.exe
  2⤵
  PID:3696
- C:\Windows\System\doVHIpu.exe
  C:\Windows\System\doVHIpu.exe
  2⤵
  PID:5088
- C:\Windows\System\FEECcZw.exe
  C:\Windows\System\FEECcZw.exe
  2⤵
  PID:3076
- C:\Windows\System\AyOloBm.exe
  C:\Windows\System\AyOloBm.exe
  2⤵
  PID:3916
- C:\Windows\System\CkQkQvy.exe
  C:\Windows\System\CkQkQvy.exe
  2⤵
  PID:4460
- C:\Windows\System\pXbxSGw.exe
  C:\Windows\System\pXbxSGw.exe
  2⤵
  PID:1928
- C:\Windows\System\QIskKXa.exe
  C:\Windows\System\QIskKXa.exe
  2⤵
  PID:3656
- C:\Windows\System\rwoYyWg.exe
  C:\Windows\System\rwoYyWg.exe
  2⤵
  PID:4808
- C:\Windows\System\xUDWbpQ.exe
  C:\Windows\System\xUDWbpQ.exe
  2⤵
  PID:4224
- C:\Windows\System\JdjdhWP.exe
  C:\Windows\System\JdjdhWP.exe
  2⤵
  PID:1560
- C:\Windows\System\eGEbQtG.exe
  C:\Windows\System\eGEbQtG.exe
  2⤵
  PID:2764
- C:\Windows\System\BHdGwYU.exe
  C:\Windows\System\BHdGwYU.exe
  2⤵
  PID:3056
- C:\Windows\System\CKqgAdH.exe
  C:\Windows\System\CKqgAdH.exe
  2⤵
  PID:2584
- C:\Windows\System\EeGROTs.exe
  C:\Windows\System\EeGROTs.exe
  2⤵
  PID:3528
- C:\Windows\System\OHcqRAh.exe
  C:\Windows\System\OHcqRAh.exe
  2⤵
  PID:3580
- C:\Windows\System\IGqRblo.exe
  C:\Windows\System\IGqRblo.exe
  2⤵
  PID:2592
- C:\Windows\System\UMmfaPy.exe
  C:\Windows\System\UMmfaPy.exe
  2⤵
  PID:1124
- C:\Windows\System\ZnHgsNm.exe
  C:\Windows\System\ZnHgsNm.exe
  2⤵
  PID:3908
- C:\Windows\System\jpCvopn.exe
  C:\Windows\System\jpCvopn.exe
  2⤵
  PID:3116
- C:\Windows\System\wGuXACV.exe
  C:\Windows\System\wGuXACV.exe
  2⤵
  PID:4740
- C:\Windows\System\tVfjOAm.exe
  C:\Windows\System\tVfjOAm.exe
  2⤵
  PID:5140
- C:\Windows\System\AAhCCgT.exe
  C:\Windows\System\AAhCCgT.exe
  2⤵
  PID:5168
- C:\Windows\System\xluXRQu.exe
  C:\Windows\System\xluXRQu.exe
  2⤵
  PID:5236
- C:\Windows\System\nBOZiYw.exe
  C:\Windows\System\nBOZiYw.exe
  2⤵
  PID:5260
- C:\Windows\System\fHxhqzY.exe
  C:\Windows\System\fHxhqzY.exe
  2⤵
  PID:5284
- C:\Windows\System\eRrIJdP.exe
  C:\Windows\System\eRrIJdP.exe
  2⤵
  PID:5316
- C:\Windows\System\tzymPbR.exe
  C:\Windows\System\tzymPbR.exe
  2⤵
  PID:5348
- C:\Windows\System\rEiETpG.exe
  C:\Windows\System\rEiETpG.exe
  2⤵
  PID:5380
- C:\Windows\System\MogOWJn.exe
  C:\Windows\System\MogOWJn.exe
  2⤵
  PID:5404
- C:\Windows\System\OVSPeGl.exe
  C:\Windows\System\OVSPeGl.exe
  2⤵
  PID:5448
- C:\Windows\System\KcIOklX.exe
  C:\Windows\System\KcIOklX.exe
  2⤵
  PID:5468
- C:\Windows\System\xQCJciV.exe
  C:\Windows\System\xQCJciV.exe
  2⤵
  PID:5496
- C:\Windows\System\ZoHNGnf.exe
  C:\Windows\System\ZoHNGnf.exe
  2⤵
  PID:5520
- C:\Windows\System\dokmaaJ.exe
  C:\Windows\System\dokmaaJ.exe
  2⤵
  PID:5548
- C:\Windows\System\DaHKsAs.exe
  C:\Windows\System\DaHKsAs.exe
  2⤵
  PID:5584
- C:\Windows\System\WJJSJHM.exe
  C:\Windows\System\WJJSJHM.exe
  2⤵
  PID:5608
- C:\Windows\System\HcgfNqZ.exe
  C:\Windows\System\HcgfNqZ.exe
  2⤵
  PID:5636
- C:\Windows\System\rhepubw.exe
  C:\Windows\System\rhepubw.exe
  2⤵
  PID:5672
- C:\Windows\System\QQdwdkA.exe
  C:\Windows\System\QQdwdkA.exe
  2⤵
  PID:5696
- C:\Windows\System\ySyyJUL.exe
  C:\Windows\System\ySyyJUL.exe
  2⤵
  PID:5728
- C:\Windows\System\BBkibQG.exe
  C:\Windows\System\BBkibQG.exe
  2⤵
  PID:5752
- C:\Windows\System\kvzXFwI.exe
  C:\Windows\System\kvzXFwI.exe
  2⤵
  PID:5784
- C:\Windows\System\XGdozSA.exe
  C:\Windows\System\XGdozSA.exe
  2⤵
  PID:5812
- C:\Windows\System\abkgUSv.exe
  C:\Windows\System\abkgUSv.exe
  2⤵
  PID:5836
- C:\Windows\System\nodhnEg.exe
  C:\Windows\System\nodhnEg.exe
  2⤵
  PID:5868
- C:\Windows\System\ENNNUGR.exe
  C:\Windows\System\ENNNUGR.exe
  2⤵
  PID:5900
- C:\Windows\System\pKVQprG.exe
  C:\Windows\System\pKVQprG.exe
  2⤵
  PID:5928
- C:\Windows\System\ERjEWOB.exe
  C:\Windows\System\ERjEWOB.exe
  2⤵
  PID:5948
- C:\Windows\System\NGwFmDd.exe
  C:\Windows\System\NGwFmDd.exe
  2⤵
  PID:5980
- C:\Windows\System\IyxZhsL.exe
  C:\Windows\System\IyxZhsL.exe
  2⤵
  PID:6012
- C:\Windows\System\tiTqjRa.exe
  C:\Windows\System\tiTqjRa.exe
  2⤵
  PID:6040
- C:\Windows\System\BPWslcu.exe
  C:\Windows\System\BPWslcu.exe
  2⤵
  PID:6060
- C:\Windows\System\oSddAaI.exe
  C:\Windows\System\oSddAaI.exe
  2⤵
  PID:6096
- C:\Windows\System\LmzYWEn.exe
  C:\Windows\System\LmzYWEn.exe
  2⤵
  PID:6128
- C:\Windows\System\JUzMsKd.exe
  C:\Windows\System\JUzMsKd.exe
  2⤵
  PID:2392
- C:\Windows\System\mktwMFZ.exe
  C:\Windows\System\mktwMFZ.exe
  2⤵
  PID:5160
- C:\Windows\System\GNnSBoA.exe
  C:\Windows\System\GNnSBoA.exe
  2⤵
  PID:5276
- C:\Windows\System\eZKEAsx.exe
  C:\Windows\System\eZKEAsx.exe
  2⤵
  PID:5324
- C:\Windows\System\PDcsLXG.exe
  C:\Windows\System\PDcsLXG.exe
  2⤵
  PID:5400
- C:\Windows\System\aFXlZiv.exe
  C:\Windows\System\aFXlZiv.exe
  2⤵
  PID:1848
- C:\Windows\System\nYcMvKy.exe
  C:\Windows\System\nYcMvKy.exe
  2⤵
  PID:844
- C:\Windows\System\bqvXwxE.exe
  C:\Windows\System\bqvXwxE.exe
  2⤵
  PID:2520
- C:\Windows\System\nqEKqKf.exe
  C:\Windows\System\nqEKqKf.exe
  2⤵
  PID:5504
- C:\Windows\System\jFCGlWb.exe
  C:\Windows\System\jFCGlWb.exe
  2⤵
  PID:5568
- C:\Windows\System\LrPEPea.exe
  C:\Windows\System\LrPEPea.exe
  2⤵
  PID:5628
- C:\Windows\System\ibXgAZN.exe
  C:\Windows\System\ibXgAZN.exe
  2⤵
  PID:5688
- C:\Windows\System\TaLYFFD.exe
  C:\Windows\System\TaLYFFD.exe
  2⤵
  PID:5760
- C:\Windows\System\eBnxMPt.exe
  C:\Windows\System\eBnxMPt.exe
  2⤵
  PID:5824
- C:\Windows\System\DlOAYWt.exe
  C:\Windows\System\DlOAYWt.exe
  2⤵
  PID:5888
- C:\Windows\System\nfhGqku.exe
  C:\Windows\System\nfhGqku.exe
  2⤵
  PID:5940
- C:\Windows\System\lrHxxIR.exe
  C:\Windows\System\lrHxxIR.exe
  2⤵
  PID:6004
- C:\Windows\System\FHbxPtz.exe
  C:\Windows\System\FHbxPtz.exe
  2⤵
  PID:6052
- C:\Windows\System\zPawwbQ.exe
  C:\Windows\System\zPawwbQ.exe
  2⤵
  PID:5212
- C:\Windows\System\kBZwDmO.exe
  C:\Windows\System\kBZwDmO.exe
  2⤵
  PID:5396
- C:\Windows\System\gbPTUKO.exe
  C:\Windows\System\gbPTUKO.exe
  2⤵
  PID:5436
- C:\Windows\System\VKAKojb.exe
  C:\Windows\System\VKAKojb.exe
  2⤵
  PID:5660
- C:\Windows\System\XxmjjMY.exe
  C:\Windows\System\XxmjjMY.exe
  2⤵
  PID:5924
- C:\Windows\System\VMnSkdS.exe
  C:\Windows\System\VMnSkdS.exe
  2⤵
  PID:5532
- C:\Windows\System\ehEqeCK.exe
  C:\Windows\System\ehEqeCK.exe
  2⤵
  PID:6156
- C:\Windows\System\dpDNlTt.exe
  C:\Windows\System\dpDNlTt.exe
  2⤵
  PID:6184
- C:\Windows\System\wkdsyAf.exe
  C:\Windows\System\wkdsyAf.exe
  2⤵
  PID:6216
- C:\Windows\System\tCcnvDY.exe
  C:\Windows\System\tCcnvDY.exe
  2⤵
  PID:6272
- C:\Windows\System\AyiNWVC.exe
  C:\Windows\System\AyiNWVC.exe
  2⤵
  PID:6324
- C:\Windows\System\cszmoTD.exe
  C:\Windows\System\cszmoTD.exe
  2⤵
  PID:6340
- C:\Windows\System\tCeQLHU.exe
  C:\Windows\System\tCeQLHU.exe
  2⤵
  PID:6380
- C:\Windows\System\KfrUMuW.exe
  C:\Windows\System\KfrUMuW.exe
  2⤵
  PID:6404
- C:\Windows\System\BYKUpSA.exe
  C:\Windows\System\BYKUpSA.exe
  2⤵
  PID:6424
- C:\Windows\System\HIYfSvR.exe
  C:\Windows\System\HIYfSvR.exe
  2⤵
  PID:6468
- C:\Windows\System\mOYAmBp.exe
  C:\Windows\System\mOYAmBp.exe
  2⤵
  PID:6492
- C:\Windows\System\spOYABm.exe
  C:\Windows\System\spOYABm.exe
  2⤵
  PID:6516
- C:\Windows\System\jzOfWEJ.exe
  C:\Windows\System\jzOfWEJ.exe
  2⤵
  PID:6548
- C:\Windows\System\VjecJYV.exe
  C:\Windows\System\VjecJYV.exe
  2⤵
  PID:6580
- C:\Windows\System\fOIBWwj.exe
  C:\Windows\System\fOIBWwj.exe
  2⤵
  PID:6608
- C:\Windows\System\zVcsCTb.exe
  C:\Windows\System\zVcsCTb.exe
  2⤵
  PID:6636
- C:\Windows\System\OCysjZM.exe
  C:\Windows\System\OCysjZM.exe
  2⤵
  PID:6664
- C:\Windows\System\YRnEwpp.exe
  C:\Windows\System\YRnEwpp.exe
  2⤵
  PID:6692
- C:\Windows\System\MklWuMY.exe
  C:\Windows\System\MklWuMY.exe
  2⤵
  PID:6720
- C:\Windows\System\AeplJaO.exe
  C:\Windows\System\AeplJaO.exe
  2⤵
  PID:6748
- C:\Windows\System\JCnBGEN.exe
  C:\Windows\System\JCnBGEN.exe
  2⤵
  PID:6776
- C:\Windows\System\qUUgDNy.exe
  C:\Windows\System\qUUgDNy.exe
  2⤵
  PID:6804
- C:\Windows\System\biCLdEd.exe
  C:\Windows\System\biCLdEd.exe
  2⤵
  PID:6832
- C:\Windows\System\Lywtqya.exe
  C:\Windows\System\Lywtqya.exe
  2⤵
  PID:6864
- C:\Windows\System\EBxhNcY.exe
  C:\Windows\System\EBxhNcY.exe
  2⤵
  PID:6888
- C:\Windows\System\AXSwbuo.exe
  C:\Windows\System\AXSwbuo.exe
  2⤵
  PID:6920
- C:\Windows\System\IiYINhE.exe
  C:\Windows\System\IiYINhE.exe
  2⤵
  PID:6944
- C:\Windows\System\PZRiTag.exe
  C:\Windows\System\PZRiTag.exe
  2⤵
  PID:6968
- C:\Windows\System\InuaThn.exe
  C:\Windows\System\InuaThn.exe
  2⤵
  PID:7000
- C:\Windows\System\ZzwURTD.exe
  C:\Windows\System\ZzwURTD.exe
  2⤵
  PID:7024
- C:\Windows\System\yqLlhsN.exe
  C:\Windows\System\yqLlhsN.exe
  2⤵
  PID:7060
- C:\Windows\System\qGoMkPk.exe
  C:\Windows\System\qGoMkPk.exe
  2⤵
  PID:7084
- C:\Windows\System\qrDxlCW.exe
  C:\Windows\System\qrDxlCW.exe
  2⤵
  PID:7116
- C:\Windows\System\DdGEwND.exe
  C:\Windows\System\DdGEwND.exe
  2⤵
  PID:7144
- C:\Windows\System\LHqViKu.exe
  C:\Windows\System\LHqViKu.exe
  2⤵
  PID:5336
- C:\Windows\System\qZgxOKd.exe
  C:\Windows\System\qZgxOKd.exe
  2⤵
  PID:6360
- C:\Windows\System\qAcJrgH.exe
  C:\Windows\System\qAcJrgH.exe
  2⤵
  PID:6296
- C:\Windows\System\CZVKsZn.exe
  C:\Windows\System\CZVKsZn.exe
  2⤵
  PID:6396
- C:\Windows\System\DoQKmbH.exe
  C:\Windows\System\DoQKmbH.exe
  2⤵
  PID:6476
- C:\Windows\System\kmLocXy.exe
  C:\Windows\System\kmLocXy.exe
  2⤵
  PID:6568
- C:\Windows\System\YMHWZmI.exe
  C:\Windows\System\YMHWZmI.exe
  2⤵
  PID:6712
- C:\Windows\System\aJkoGMw.exe
  C:\Windows\System\aJkoGMw.exe
  2⤵
  PID:6784
- C:\Windows\System\LOnqraj.exe
  C:\Windows\System\LOnqraj.exe
  2⤵
  PID:6852
- C:\Windows\System\oDiwUKJ.exe
  C:\Windows\System\oDiwUKJ.exe
  2⤵
  PID:6908
- C:\Windows\System\IbobaGn.exe
  C:\Windows\System\IbobaGn.exe
  2⤵
  PID:6980
- C:\Windows\System\spPxgzP.exe
  C:\Windows\System\spPxgzP.exe
  2⤵
  PID:7044
- C:\Windows\System\XNKkxRK.exe
  C:\Windows\System\XNKkxRK.exe
  2⤵
  PID:7104
- C:\Windows\System\AJfMeNA.exe
  C:\Windows\System\AJfMeNA.exe
  2⤵
  PID:7156
- C:\Windows\System\NzvxciT.exe
  C:\Windows\System\NzvxciT.exe
  2⤵
  PID:1736
- C:\Windows\System\cOqMYfg.exe
  C:\Windows\System\cOqMYfg.exe
  2⤵
  PID:5484
- C:\Windows\System\dLYwqwH.exe
  C:\Windows\System\dLYwqwH.exe
  2⤵
  PID:6432
- C:\Windows\System\qUupCqd.exe
  C:\Windows\System\qUupCqd.exe
  2⤵
  PID:6624
- C:\Windows\System\uoUlooi.exe
  C:\Windows\System\uoUlooi.exe
  2⤵
  PID:6736
- C:\Windows\System\PwgJltm.exe
  C:\Windows\System\PwgJltm.exe
  2⤵
  PID:6876
- C:\Windows\System\XMkoBCy.exe
  C:\Windows\System\XMkoBCy.exe
  2⤵
  PID:1776
- C:\Windows\System\hQGxtkQ.exe
  C:\Windows\System\hQGxtkQ.exe
  2⤵
  PID:7092
- C:\Windows\System\JVmhRby.exe
  C:\Windows\System\JVmhRby.exe
  2⤵
  PID:6304
- C:\Windows\System\IGowzLj.exe
  C:\Windows\System\IGowzLj.exe
  2⤵
  PID:4716
- C:\Windows\System\jfnfXsr.exe
  C:\Windows\System\jfnfXsr.exe
  2⤵
  PID:4568
- C:\Windows\System\CRrTWbf.exe
  C:\Windows\System\CRrTWbf.exe
  2⤵
  PID:6656
- C:\Windows\System\vdLdACZ.exe
  C:\Windows\System\vdLdACZ.exe
  2⤵
  PID:6820
- C:\Windows\System\sLvpCaN.exe
  C:\Windows\System\sLvpCaN.exe
  2⤵
  PID:2476
- C:\Windows\System\EDeZQos.exe
  C:\Windows\System\EDeZQos.exe
  2⤵
  PID:5460
- C:\Windows\System\jGLqKpE.exe
  C:\Windows\System\jGLqKpE.exe
  2⤵
  PID:6644
- C:\Windows\System\tpTCxhN.exe
  C:\Windows\System\tpTCxhN.exe
  2⤵
  PID:7008
- C:\Windows\System\baRjDfX.exe
  C:\Windows\System\baRjDfX.exe
  2⤵
  PID:6936
- C:\Windows\System\chqvWco.exe
  C:\Windows\System\chqvWco.exe
  2⤵
  PID:7176
- C:\Windows\System\FwNNbhx.exe
  C:\Windows\System\FwNNbhx.exe
  2⤵
  PID:7200
- C:\Windows\System\VystbrJ.exe
  C:\Windows\System\VystbrJ.exe
  2⤵
  PID:7220
- C:\Windows\System\nJImhAq.exe
  C:\Windows\System\nJImhAq.exe
  2⤵
  PID:7260
- C:\Windows\System\fVOhJHx.exe
  C:\Windows\System\fVOhJHx.exe
  2⤵
  PID:7284
- C:\Windows\System\xHeDSux.exe
  C:\Windows\System\xHeDSux.exe
  2⤵
  PID:7312
- C:\Windows\System\kdzBewt.exe
  C:\Windows\System\kdzBewt.exe
  2⤵
  PID:7340
- C:\Windows\System\jApTamC.exe
  C:\Windows\System\jApTamC.exe
  2⤵
  PID:7372
- C:\Windows\System\nKMYSWX.exe
  C:\Windows\System\nKMYSWX.exe
  2⤵
  PID:7404
- C:\Windows\System\FsdEsyi.exe
  C:\Windows\System\FsdEsyi.exe
  2⤵
  PID:7432
- C:\Windows\System\OcFdtsm.exe
  C:\Windows\System\OcFdtsm.exe
  2⤵
  PID:7456
- C:\Windows\System\DgiYkEW.exe
  C:\Windows\System\DgiYkEW.exe
  2⤵
  PID:7488
- C:\Windows\System\tiQrrXa.exe
  C:\Windows\System\tiQrrXa.exe
  2⤵
  PID:7516
- C:\Windows\System\AqpzOms.exe
  C:\Windows\System\AqpzOms.exe
  2⤵
  PID:7536
- C:\Windows\System\lbkNYGP.exe
  C:\Windows\System\lbkNYGP.exe
  2⤵
  PID:7580
- C:\Windows\System\sOykGIS.exe
  C:\Windows\System\sOykGIS.exe
  2⤵
  PID:7604
- C:\Windows\System\RAVqwDS.exe
  C:\Windows\System\RAVqwDS.exe
  2⤵
  PID:7632
- C:\Windows\System\BTSohkK.exe
  C:\Windows\System\BTSohkK.exe
  2⤵
  PID:7656
- C:\Windows\System\kfdinzC.exe
  C:\Windows\System\kfdinzC.exe
  2⤵
  PID:7688
- C:\Windows\System\xxzdrXT.exe
  C:\Windows\System\xxzdrXT.exe
  2⤵
  PID:7716
- C:\Windows\System\KPBHzGL.exe
  C:\Windows\System\KPBHzGL.exe
  2⤵
  PID:7744
- C:\Windows\System\FXoasMw.exe
  C:\Windows\System\FXoasMw.exe
  2⤵
  PID:7772
- C:\Windows\System\IoEpRFC.exe
  C:\Windows\System\IoEpRFC.exe
  2⤵
  PID:7800
- C:\Windows\System\cJgPhfy.exe
  C:\Windows\System\cJgPhfy.exe
  2⤵
  PID:7824
- C:\Windows\System\AlmAmUt.exe
  C:\Windows\System\AlmAmUt.exe
  2⤵
  PID:7856
- C:\Windows\System\dFzljNa.exe
  C:\Windows\System\dFzljNa.exe
  2⤵
  PID:7884
- C:\Windows\System\FpxTujb.exe
  C:\Windows\System\FpxTujb.exe
  2⤵
  PID:7912
- C:\Windows\System\QaPbwUF.exe
  C:\Windows\System\QaPbwUF.exe
  2⤵
  PID:7932
- C:\Windows\System\oHBqcJQ.exe
  C:\Windows\System\oHBqcJQ.exe
  2⤵
  PID:7960
- C:\Windows\System\VvQEDzU.exe
  C:\Windows\System\VvQEDzU.exe
  2⤵
  PID:7988
- C:\Windows\System\jDZXGdv.exe
  C:\Windows\System\jDZXGdv.exe
  2⤵
  PID:8016
- C:\Windows\System\PassyPp.exe
  C:\Windows\System\PassyPp.exe
  2⤵
  PID:8056
- C:\Windows\System\CMWClDn.exe
  C:\Windows\System\CMWClDn.exe
  2⤵
  PID:8084
- C:\Windows\System\zvbqdAd.exe
  C:\Windows\System\zvbqdAd.exe
  2⤵
  PID:8112
- C:\Windows\System\BrLhWZM.exe
  C:\Windows\System\BrLhWZM.exe
  2⤵
  PID:8140
- C:\Windows\System\DlTXALl.exe
  C:\Windows\System\DlTXALl.exe
  2⤵
  PID:8168
- C:\Windows\System\JBXDQOt.exe
  C:\Windows\System\JBXDQOt.exe
  2⤵
  PID:7172
- C:\Windows\System\mGeeKoR.exe
  C:\Windows\System\mGeeKoR.exe
  2⤵
  PID:7276
- C:\Windows\System\znACKna.exe
  C:\Windows\System\znACKna.exe
  2⤵
  PID:7324
- C:\Windows\System\vbuIPpT.exe
  C:\Windows\System\vbuIPpT.exe
  2⤵
  PID:7392
- C:\Windows\System\cxlTvuj.exe
  C:\Windows\System\cxlTvuj.exe
  2⤵
  PID:7448
- C:\Windows\System\snxYduy.exe
  C:\Windows\System\snxYduy.exe
  2⤵
  PID:7524
- C:\Windows\System\egCwvTP.exe
  C:\Windows\System\egCwvTP.exe
  2⤵
  PID:7588
- C:\Windows\System\JrghAhZ.exe
  C:\Windows\System\JrghAhZ.exe
  2⤵
  PID:7648
- C:\Windows\System\TZURVof.exe
  C:\Windows\System\TZURVof.exe
  2⤵
  PID:7724
- C:\Windows\System\nEhwfYc.exe
  C:\Windows\System\nEhwfYc.exe
  2⤵
  PID:7784
- C:\Windows\System\GErYLXd.exe
  C:\Windows\System\GErYLXd.exe
  2⤵
  PID:7844
- C:\Windows\System\zMAjGTB.exe
  C:\Windows\System\zMAjGTB.exe
  2⤵
  PID:7920
- C:\Windows\System\UXHLAtN.exe
  C:\Windows\System\UXHLAtN.exe
  2⤵
  PID:7980
- C:\Windows\System\tsBxQAM.exe
  C:\Windows\System\tsBxQAM.exe
  2⤵
  PID:8052
- C:\Windows\System\RjGiHmR.exe
  C:\Windows\System\RjGiHmR.exe
  2⤵
  PID:8104
- C:\Windows\System\jIFwUAx.exe
  C:\Windows\System\jIFwUAx.exe
  2⤵
  PID:8164
- C:\Windows\System\RyjwLrZ.exe
  C:\Windows\System\RyjwLrZ.exe
  2⤵
  PID:2664
- C:\Windows\System\VWpRbDC.exe
  C:\Windows\System\VWpRbDC.exe
  2⤵
  PID:7380
- C:\Windows\System\ZRylOuN.exe
  C:\Windows\System\ZRylOuN.exe
  2⤵
  PID:4300
- C:\Windows\System\NCnkSTy.exe
  C:\Windows\System\NCnkSTy.exe
  2⤵
  PID:7680
- C:\Windows\System\DTeAiKX.exe
  C:\Windows\System\DTeAiKX.exe
  2⤵
  PID:7832
- C:\Windows\System\HOCFaFW.exe
  C:\Windows\System\HOCFaFW.exe
  2⤵
  PID:8028
- C:\Windows\System\LnZMaVZ.exe
  C:\Windows\System\LnZMaVZ.exe
  2⤵
  PID:8096
- C:\Windows\System\hHrMquk.exe
  C:\Windows\System\hHrMquk.exe
  2⤵
  PID:7368
- C:\Windows\System\TPyXGpu.exe
  C:\Windows\System\TPyXGpu.exe
  2⤵
  PID:7752
- C:\Windows\System\LuEPfEt.exe
  C:\Windows\System\LuEPfEt.exe
  2⤵
  PID:7296
- C:\Windows\System\MsjtMNi.exe
  C:\Windows\System\MsjtMNi.exe
  2⤵
  PID:8008
- C:\Windows\System\BrSzIzd.exe
  C:\Windows\System\BrSzIzd.exe
  2⤵
  PID:8160
- C:\Windows\System\ybSncbx.exe
  C:\Windows\System\ybSncbx.exe
  2⤵
  PID:8224
- C:\Windows\System\wFaPEQY.exe
  C:\Windows\System\wFaPEQY.exe
  2⤵
  PID:8244
- C:\Windows\System\VQxOgbg.exe
  C:\Windows\System\VQxOgbg.exe
  2⤵
  PID:8276
- C:\Windows\System\tUkFcis.exe
  C:\Windows\System\tUkFcis.exe
  2⤵
  PID:8292
- C:\Windows\System\RPthQsf.exe
  C:\Windows\System\RPthQsf.exe
  2⤵
  PID:8312
- C:\Windows\System\RUQknJQ.exe
  C:\Windows\System\RUQknJQ.exe
  2⤵
  PID:8360
- C:\Windows\System\etfmdbo.exe
  C:\Windows\System\etfmdbo.exe
  2⤵
  PID:8388
- C:\Windows\System\FoUANGr.exe
  C:\Windows\System\FoUANGr.exe
  2⤵
  PID:8416
- C:\Windows\System\luPiUic.exe
  C:\Windows\System\luPiUic.exe
  2⤵
  PID:8444
- C:\Windows\System\ZtNjqER.exe
  C:\Windows\System\ZtNjqER.exe
  2⤵
  PID:8480
- C:\Windows\System\fdCNSfL.exe
  C:\Windows\System\fdCNSfL.exe
  2⤵
  PID:8508
- C:\Windows\System\nDXMNQx.exe
  C:\Windows\System\nDXMNQx.exe
  2⤵
  PID:8536
- C:\Windows\System\eJABZbu.exe
  C:\Windows\System\eJABZbu.exe
  2⤵
  PID:8564
- C:\Windows\System\fTgLUwC.exe
  C:\Windows\System\fTgLUwC.exe
  2⤵
  PID:8592
- C:\Windows\System\Heheabp.exe
  C:\Windows\System\Heheabp.exe
  2⤵
  PID:8620
- C:\Windows\System\lITqERL.exe
  C:\Windows\System\lITqERL.exe
  2⤵
  PID:8648
- C:\Windows\System\PpqjhWs.exe
  C:\Windows\System\PpqjhWs.exe
  2⤵
  PID:8676
- C:\Windows\System\mzPOaeH.exe
  C:\Windows\System\mzPOaeH.exe
  2⤵
  PID:8704
- C:\Windows\System\xlVJIYf.exe
  C:\Windows\System\xlVJIYf.exe
  2⤵
  PID:8732
- C:\Windows\System\WRZWMSl.exe
  C:\Windows\System\WRZWMSl.exe
  2⤵
  PID:8760
- C:\Windows\System\gaPuxhP.exe
  C:\Windows\System\gaPuxhP.exe
  2⤵
  PID:8788
- C:\Windows\System\vBmOuUK.exe
  C:\Windows\System\vBmOuUK.exe
  2⤵
  PID:8816
- C:\Windows\System\fJUQjiv.exe
  C:\Windows\System\fJUQjiv.exe
  2⤵
  PID:8844
- C:\Windows\System\ZnEAuOn.exe
  C:\Windows\System\ZnEAuOn.exe
  2⤵
  PID:8872
- C:\Windows\System\JzLRyeD.exe
  C:\Windows\System\JzLRyeD.exe
  2⤵
  PID:8904
- C:\Windows\System\VMibbRW.exe
  C:\Windows\System\VMibbRW.exe
  2⤵
  PID:8932
- C:\Windows\System\QnHtMbz.exe
  C:\Windows\System\QnHtMbz.exe
  2⤵
  PID:8964
- C:\Windows\System\FbDdYzN.exe
  C:\Windows\System\FbDdYzN.exe
  2⤵
  PID:8992
- C:\Windows\System\tKTOtKF.exe
  C:\Windows\System\tKTOtKF.exe
  2⤵
  PID:9020
- C:\Windows\System\xIPWttg.exe
  C:\Windows\System\xIPWttg.exe
  2⤵
  PID:9048
- C:\Windows\System\rRjfAWb.exe
  C:\Windows\System\rRjfAWb.exe
  2⤵
  PID:9088
- C:\Windows\System\VvIjqzL.exe
  C:\Windows\System\VvIjqzL.exe
  2⤵
  PID:9104
- C:\Windows\System\LSNeHTk.exe
  C:\Windows\System\LSNeHTk.exe
  2⤵
  PID:9132
- C:\Windows\System\UjSqAPX.exe
  C:\Windows\System\UjSqAPX.exe
  2⤵
  PID:9160
- C:\Windows\System\UTtflVl.exe
  C:\Windows\System\UTtflVl.exe
  2⤵
  PID:9196
- C:\Windows\System\mwuQFZi.exe
  C:\Windows\System\mwuQFZi.exe
  2⤵
  PID:7352
- C:\Windows\System\yMvTslJ.exe
  C:\Windows\System\yMvTslJ.exe
  2⤵
  PID:8268
- C:\Windows\System\xTbmKwE.exe
  C:\Windows\System\xTbmKwE.exe
  2⤵
  PID:8300
- C:\Windows\System\RcgThxq.exe
  C:\Windows\System\RcgThxq.exe
  2⤵
  PID:8400
- C:\Windows\System\JeqjkJu.exe
  C:\Windows\System\JeqjkJu.exe
  2⤵
  PID:6048
- C:\Windows\System\aHkGXdP.exe
  C:\Windows\System\aHkGXdP.exe
  2⤵
  PID:8504
- C:\Windows\System\IWAvzGm.exe
  C:\Windows\System\IWAvzGm.exe
  2⤵
  PID:8576
- C:\Windows\System\lyCXsXs.exe
  C:\Windows\System\lyCXsXs.exe
  2⤵
  PID:8640
- C:\Windows\System\hwoFkgt.exe
  C:\Windows\System\hwoFkgt.exe
  2⤵
  PID:8700
- C:\Windows\System\ejSVFdD.exe
  C:\Windows\System\ejSVFdD.exe
  2⤵
  PID:8752
- C:\Windows\System\OUVtjxY.exe
  C:\Windows\System\OUVtjxY.exe
  2⤵
  PID:8808
- C:\Windows\System\tvXfXQe.exe
  C:\Windows\System\tvXfXQe.exe
  2⤵
  PID:8868
- C:\Windows\System\CPgwPly.exe
  C:\Windows\System\CPgwPly.exe
  2⤵
  PID:8944
- C:\Windows\System\BooWRFb.exe
  C:\Windows\System\BooWRFb.exe
  2⤵
  PID:2428
- C:\Windows\System\krdxYmI.exe
  C:\Windows\System\krdxYmI.exe
  2⤵
  PID:9060
- C:\Windows\System\aTHehfw.exe
  C:\Windows\System\aTHehfw.exe
  2⤵
  PID:9124
- C:\Windows\System\ecJzrrS.exe
  C:\Windows\System\ecJzrrS.exe
  2⤵
  PID:9184
- C:\Windows\System\LbZLOQu.exe
  C:\Windows\System\LbZLOQu.exe
  2⤵
  PID:8284
- C:\Windows\System\nUKTEpw.exe
  C:\Windows\System\nUKTEpw.exe
  2⤵
  PID:8440
- C:\Windows\System\jUCokOr.exe
  C:\Windows\System\jUCokOr.exe
  2⤵
  PID:8604
- C:\Windows\System\qTIpMZR.exe
  C:\Windows\System\qTIpMZR.exe
  2⤵
  PID:2960
- C:\Windows\System\ZsMerYr.exe
  C:\Windows\System\ZsMerYr.exe
  2⤵
  PID:8864
- C:\Windows\System\XTQnPjH.exe
  C:\Windows\System\XTQnPjH.exe
  2⤵
  PID:9004
- C:\Windows\System\EZeJEjN.exe
  C:\Windows\System\EZeJEjN.exe
  2⤵
  PID:9152
- C:\Windows\System\eiDiWHB.exe
  C:\Windows\System\eiDiWHB.exe
  2⤵
  PID:8384
- C:\Windows\System\GdKFZTv.exe
  C:\Windows\System\GdKFZTv.exe
  2⤵
  PID:8560
- C:\Windows\System\TOoBjqn.exe
  C:\Windows\System\TOoBjqn.exe
  2⤵
  PID:8924
- C:\Windows\System\SqnDZCt.exe
  C:\Windows\System\SqnDZCt.exe
  2⤵
  PID:3672
- C:\Windows\System\BEtMIAH.exe
  C:\Windows\System\BEtMIAH.exe
  2⤵
  PID:8856
- C:\Windows\System\dFfSmMm.exe
  C:\Windows\System\dFfSmMm.exe
  2⤵
  PID:9212
- C:\Windows\System\yUXdyLq.exe
  C:\Windows\System\yUXdyLq.exe
  2⤵
  PID:9244
- C:\Windows\System\JqvBoiL.exe
  C:\Windows\System\JqvBoiL.exe
  2⤵
  PID:9272
- C:\Windows\System\qnFDcZE.exe
  C:\Windows\System\qnFDcZE.exe
  2⤵
  PID:9312
- C:\Windows\System\ZbABxlc.exe
  C:\Windows\System\ZbABxlc.exe
  2⤵
  PID:9328
- C:\Windows\System\DRrjnif.exe
  C:\Windows\System\DRrjnif.exe
  2⤵
  PID:9356
- C:\Windows\System\rQcOUDV.exe
  C:\Windows\System\rQcOUDV.exe
  2⤵
  PID:9384
- C:\Windows\System\ItATHKg.exe
  C:\Windows\System\ItATHKg.exe
  2⤵
  PID:9412
- C:\Windows\System\UcoihYW.exe
  C:\Windows\System\UcoihYW.exe
  2⤵
  PID:9440
- C:\Windows\System\stwucSd.exe
  C:\Windows\System\stwucSd.exe
  2⤵
  PID:9468
- C:\Windows\System\gjdOCgA.exe
  C:\Windows\System\gjdOCgA.exe
  2⤵
  PID:9496
- C:\Windows\System\zpsDOFS.exe
  C:\Windows\System\zpsDOFS.exe
  2⤵
  PID:9524
- C:\Windows\System\eyEfdkV.exe
  C:\Windows\System\eyEfdkV.exe
  2⤵
  PID:9552
- C:\Windows\System\XdeFacg.exe
  C:\Windows\System\XdeFacg.exe
  2⤵
  PID:9580
- C:\Windows\System\BAvfFYQ.exe
  C:\Windows\System\BAvfFYQ.exe
  2⤵
  PID:9608
- C:\Windows\System\vzOdMoU.exe
  C:\Windows\System\vzOdMoU.exe
  2⤵
  PID:9640
- C:\Windows\System\KyuxKue.exe
  C:\Windows\System\KyuxKue.exe
  2⤵
  PID:9668
- C:\Windows\System\mVhTlAH.exe
  C:\Windows\System\mVhTlAH.exe
  2⤵
  PID:9696
- C:\Windows\System\yzjhzzI.exe
  C:\Windows\System\yzjhzzI.exe
  2⤵
  PID:9724
- C:\Windows\System\DQsOuiN.exe
  C:\Windows\System\DQsOuiN.exe
  2⤵
  PID:9752
- C:\Windows\System\OQuZpgJ.exe
  C:\Windows\System\OQuZpgJ.exe
  2⤵
  PID:9780
- C:\Windows\System\nHenPjk.exe
  C:\Windows\System\nHenPjk.exe
  2⤵
  PID:9808
- C:\Windows\System\hawEygN.exe
  C:\Windows\System\hawEygN.exe
  2⤵
  PID:9836
- C:\Windows\System\HObLlMw.exe
  C:\Windows\System\HObLlMw.exe
  2⤵
  PID:9872
- C:\Windows\System\rbhxBLZ.exe
  C:\Windows\System\rbhxBLZ.exe
  2⤵
  PID:9892
- C:\Windows\System\BCENJeE.exe
  C:\Windows\System\BCENJeE.exe
  2⤵
  PID:9920
- C:\Windows\System\ImGtCuH.exe
  C:\Windows\System\ImGtCuH.exe
  2⤵
  PID:9948
- C:\Windows\System\NHKPMmQ.exe
  C:\Windows\System\NHKPMmQ.exe
  2⤵
  PID:9976
- C:\Windows\System\VsCaOco.exe
  C:\Windows\System\VsCaOco.exe
  2⤵
  PID:10004
- C:\Windows\System\yGHhfLA.exe
  C:\Windows\System\yGHhfLA.exe
  2⤵
  PID:10032
- C:\Windows\System\XudsLaW.exe
  C:\Windows\System\XudsLaW.exe
  2⤵
  PID:10060
- C:\Windows\System\LxpjZGp.exe
  C:\Windows\System\LxpjZGp.exe
  2⤵
  PID:10096
- C:\Windows\System\cpdPtSN.exe
  C:\Windows\System\cpdPtSN.exe
  2⤵
  PID:10116
- C:\Windows\System\TulVljr.exe
  C:\Windows\System\TulVljr.exe
  2⤵
  PID:10144
- C:\Windows\System\ZLYLivq.exe
  C:\Windows\System\ZLYLivq.exe
  2⤵
  PID:10172
- C:\Windows\System\NplQjQJ.exe
  C:\Windows\System\NplQjQJ.exe
  2⤵
  PID:10200
- C:\Windows\System\mpGfJEG.exe
  C:\Windows\System\mpGfJEG.exe
  2⤵
  PID:10228
- C:\Windows\System\kRhjKvX.exe
  C:\Windows\System\kRhjKvX.exe
  2⤵
  PID:9240
- C:\Windows\System\ywtbWXg.exe
  C:\Windows\System\ywtbWXg.exe
  2⤵
  PID:9296
- C:\Windows\System\FZYvfse.exe
  C:\Windows\System\FZYvfse.exe
  2⤵
  PID:9376
- C:\Windows\System\OrGXKzr.exe
  C:\Windows\System\OrGXKzr.exe
  2⤵
  PID:9436
- C:\Windows\System\SDsuyio.exe
  C:\Windows\System\SDsuyio.exe
  2⤵
  PID:9492
- C:\Windows\System\pAsvgdx.exe
  C:\Windows\System\pAsvgdx.exe
  2⤵
  PID:2448
- C:\Windows\System\skFYPPX.exe
  C:\Windows\System\skFYPPX.exe
  2⤵
  PID:9632
- C:\Windows\System\APlgTth.exe
  C:\Windows\System\APlgTth.exe
  2⤵
  PID:9688
- C:\Windows\System\ucPoetk.exe
  C:\Windows\System\ucPoetk.exe
  2⤵
  PID:9764
- C:\Windows\System\wgHdFat.exe
  C:\Windows\System\wgHdFat.exe
  2⤵
  PID:9828
- C:\Windows\System\bGiuHmr.exe
  C:\Windows\System\bGiuHmr.exe
  2⤵
  PID:9888
- C:\Windows\System\GynUVrp.exe
  C:\Windows\System\GynUVrp.exe
  2⤵
  PID:9960
- C:\Windows\System\ZcgtxRn.exe
  C:\Windows\System\ZcgtxRn.exe
  2⤵
  PID:3952
- C:\Windows\System\gMrzqSv.exe
  C:\Windows\System\gMrzqSv.exe
  2⤵
  PID:10072
- C:\Windows\System\BOfdPPK.exe
  C:\Windows\System\BOfdPPK.exe
  2⤵
  PID:10128
- C:\Windows\System\sGsWuVB.exe
  C:\Windows\System\sGsWuVB.exe
  2⤵
  PID:10220
- C:\Windows\System\NaunVOS.exe
  C:\Windows\System\NaunVOS.exe
  2⤵
  PID:9292
- C:\Windows\System\tGyTEiL.exe
  C:\Windows\System\tGyTEiL.exe
  2⤵
  PID:9548
- C:\Windows\System\BpkNCDV.exe
  C:\Windows\System\BpkNCDV.exe
  2⤵
  PID:9748
- C:\Windows\System\giTuIoy.exe
  C:\Windows\System\giTuIoy.exe
  2⤵
  PID:9940
- C:\Windows\System\XCbJNae.exe
  C:\Windows\System\XCbJNae.exe
  2⤵
  PID:10112
- C:\Windows\System\zNgQpnZ.exe
  C:\Windows\System\zNgQpnZ.exe
  2⤵
  PID:9236
- C:\Windows\System\ujmUXsh.exe
  C:\Windows\System\ujmUXsh.exe
  2⤵
  PID:9744
- C:\Windows\System\sDijlhF.exe
  C:\Windows\System\sDijlhF.exe
  2⤵
  PID:6300
- C:\Windows\System\JiCVefd.exe
  C:\Windows\System\JiCVefd.exe
  2⤵
  PID:6244
- C:\Windows\System\WybZLvW.exe
  C:\Windows\System\WybZLvW.exe
  2⤵
  PID:9424
- C:\Windows\System\zuibfdC.exe
  C:\Windows\System\zuibfdC.exe
  2⤵
  PID:1992
- C:\Windows\System\gkbaPID.exe
  C:\Windows\System\gkbaPID.exe
  2⤵
  PID:6460
- C:\Windows\System\jXsHxHh.exe
  C:\Windows\System\jXsHxHh.exe
  2⤵
  PID:10260
- C:\Windows\System\KIoeLYO.exe
  C:\Windows\System\KIoeLYO.exe
  2⤵
  PID:10288
- C:\Windows\System\yTmaYUO.exe
  C:\Windows\System\yTmaYUO.exe
  2⤵
  PID:10316
- C:\Windows\System\NmshOHn.exe
  C:\Windows\System\NmshOHn.exe
  2⤵
  PID:10344
- C:\Windows\System\JjdjeaD.exe
  C:\Windows\System\JjdjeaD.exe
  2⤵
  PID:10372
- C:\Windows\System\ERBqhwo.exe
  C:\Windows\System\ERBqhwo.exe
  2⤵
  PID:10400
- C:\Windows\System\YDfccky.exe
  C:\Windows\System\YDfccky.exe
  2⤵
  PID:10428
- C:\Windows\System\wpXPyRc.exe
  C:\Windows\System\wpXPyRc.exe
  2⤵
  PID:10456
- C:\Windows\System\KAkRAxI.exe
  C:\Windows\System\KAkRAxI.exe
  2⤵
  PID:10484
- C:\Windows\System\rlqleXR.exe
  C:\Windows\System\rlqleXR.exe
  2⤵
  PID:10512
- C:\Windows\System\KGBCNyB.exe
  C:\Windows\System\KGBCNyB.exe
  2⤵
  PID:10544
- C:\Windows\System\aiEMZFq.exe
  C:\Windows\System\aiEMZFq.exe
  2⤵
  PID:10576
- C:\Windows\System\YolZffm.exe
  C:\Windows\System\YolZffm.exe
  2⤵
  PID:10612
- C:\Windows\System\JRazVbe.exe
  C:\Windows\System\JRazVbe.exe
  2⤵
  PID:10644
- C:\Windows\System\GesPYGa.exe
  C:\Windows\System\GesPYGa.exe
  2⤵
  PID:10672
- C:\Windows\System\Sosimyh.exe
  C:\Windows\System\Sosimyh.exe
  2⤵
  PID:10704
- C:\Windows\System\RGyxcgV.exe
  C:\Windows\System\RGyxcgV.exe
  2⤵
  PID:10732
- C:\Windows\System\hmDDCGi.exe
  C:\Windows\System\hmDDCGi.exe
  2⤵
  PID:10760
- C:\Windows\System\LmcCJaM.exe
  C:\Windows\System\LmcCJaM.exe
  2⤵
  PID:10788
- C:\Windows\System\bZIoeQS.exe
  C:\Windows\System\bZIoeQS.exe
  2⤵
  PID:10816
- C:\Windows\System\gqhdvpO.exe
  C:\Windows\System\gqhdvpO.exe
  2⤵
  PID:10844
- C:\Windows\System\mMneuvG.exe
  C:\Windows\System\mMneuvG.exe
  2⤵
  PID:10872
- C:\Windows\System\DqzLspm.exe
  C:\Windows\System\DqzLspm.exe
  2⤵
  PID:10900
- C:\Windows\System\TzihkXP.exe
  C:\Windows\System\TzihkXP.exe
  2⤵
  PID:10928
- C:\Windows\System\IejXkfx.exe
  C:\Windows\System\IejXkfx.exe
  2⤵
  PID:10956
- C:\Windows\System\ZdIKyPb.exe
  C:\Windows\System\ZdIKyPb.exe
  2⤵
  PID:10984
- C:\Windows\System\liWFKlM.exe
  C:\Windows\System\liWFKlM.exe
  2⤵
  PID:11012
- C:\Windows\System\ttYBFuG.exe
  C:\Windows\System\ttYBFuG.exe
  2⤵
  PID:11040
- C:\Windows\System\wFGOXWI.exe
  C:\Windows\System\wFGOXWI.exe
  2⤵
  PID:11080
- C:\Windows\System\pxjMHoi.exe
  C:\Windows\System\pxjMHoi.exe
  2⤵
  PID:11096
- C:\Windows\System\rMloMAI.exe
  C:\Windows\System\rMloMAI.exe
  2⤵
  PID:11124
- C:\Windows\System\GAYmBTu.exe
  C:\Windows\System\GAYmBTu.exe
  2⤵
  PID:11152
- C:\Windows\System\iTBBeDq.exe
  C:\Windows\System\iTBBeDq.exe
  2⤵
  PID:11180
- C:\Windows\System\LUugboY.exe
  C:\Windows\System\LUugboY.exe
  2⤵
  PID:11208
- C:\Windows\System\vpJknrm.exe
  C:\Windows\System\vpJknrm.exe
  2⤵
  PID:11236
- C:\Windows\System\GmqjPEC.exe
  C:\Windows\System\GmqjPEC.exe
  2⤵
  PID:6316
- C:\Windows\System\SDeSIYb.exe
  C:\Windows\System\SDeSIYb.exe
  2⤵
  PID:10308
- C:\Windows\System\KPajPmd.exe
  C:\Windows\System\KPajPmd.exe
  2⤵
  PID:10364
- C:\Windows\System\ZVAMCBN.exe
  C:\Windows\System\ZVAMCBN.exe
  2⤵
  PID:10440
- C:\Windows\System\jnzFwXL.exe
  C:\Windows\System\jnzFwXL.exe
  2⤵
  PID:10496
- C:\Windows\System\gzoUaTX.exe
  C:\Windows\System\gzoUaTX.exe
  2⤵
  PID:10540
- C:\Windows\System\OGAofmT.exe
  C:\Windows\System\OGAofmT.exe
  2⤵
  PID:2868
- C:\Windows\System\fSueujb.exe
  C:\Windows\System\fSueujb.exe
  2⤵
  PID:10636
- C:\Windows\System\RnfrGHp.exe
  C:\Windows\System\RnfrGHp.exe
  2⤵
  PID:10688
- C:\Windows\System\AJrEULk.exe
  C:\Windows\System\AJrEULk.exe
  2⤵
  PID:10744
- C:\Windows\System\LkjHolR.exe
  C:\Windows\System\LkjHolR.exe
  2⤵
  PID:3512
- C:\Windows\System\dlnKTFQ.exe
  C:\Windows\System\dlnKTFQ.exe
  2⤵
  PID:10828
- C:\Windows\System\hxYfYQM.exe
  C:\Windows\System\hxYfYQM.exe
  2⤵
  PID:10892
- C:\Windows\System\GkPIbMo.exe
  C:\Windows\System\GkPIbMo.exe
  2⤵
  PID:10952
- C:\Windows\System\PJkmbTr.exe
  C:\Windows\System\PJkmbTr.exe
  2⤵
  PID:11024
- C:\Windows\System\mrcXBEM.exe
  C:\Windows\System\mrcXBEM.exe
  2⤵
  PID:11088
- C:\Windows\System\hEHIUcP.exe
  C:\Windows\System\hEHIUcP.exe
  2⤵
  PID:11148
- C:\Windows\System\YSDBoNJ.exe
  C:\Windows\System\YSDBoNJ.exe
  2⤵
  PID:11220
- C:\Windows\System\auhuAjs.exe
  C:\Windows\System\auhuAjs.exe
  2⤵
  PID:10272
- C:\Windows\System\NXpeKTs.exe
  C:\Windows\System\NXpeKTs.exe
  2⤵
  PID:10420
- C:\Windows\System\cclvAza.exe
  C:\Windows\System\cclvAza.exe
  2⤵
  PID:10536
- C:\Windows\System\WTdeVNk.exe
  C:\Windows\System\WTdeVNk.exe
  2⤵
  PID:10700
- C:\Windows\System\WBxAhil.exe
  C:\Windows\System\WBxAhil.exe
  2⤵
  PID:10784
- C:\Windows\System\qfGGCuz.exe
  C:\Windows\System\qfGGCuz.exe
  2⤵
  PID:10884
- C:\Windows\System\wzXcqrW.exe
  C:\Windows\System\wzXcqrW.exe
  2⤵
  PID:11076
- C:\Windows\System\cPZHYmk.exe
  C:\Windows\System\cPZHYmk.exe
  2⤵
  PID:11204
- C:\Windows\System\WwfrGFx.exe
  C:\Windows\System\WwfrGFx.exe
  2⤵
  PID:10480
- C:\Windows\System\JVxXVkw.exe
  C:\Windows\System\JVxXVkw.exe
  2⤵
  PID:10772
- C:\Windows\System\JosrTWQ.exe
  C:\Windows\System\JosrTWQ.exe
  2⤵
  PID:11052
- C:\Windows\System\jbuAFIu.exe
  C:\Windows\System\jbuAFIu.exe
  2⤵
  PID:4216
- C:\Windows\System\UATMdci.exe
  C:\Windows\System\UATMdci.exe
  2⤵
  PID:11004
- C:\Windows\System\CbcfKjW.exe
  C:\Windows\System\CbcfKjW.exe
  2⤵
  PID:10868
- C:\Windows\System\kQEAFdI.exe
  C:\Windows\System\kQEAFdI.exe
  2⤵
  PID:10396
- C:\Windows\System\NRtUcde.exe
  C:\Windows\System\NRtUcde.exe
  2⤵
  PID:3132
- C:\Windows\System\fhSCrZG.exe
  C:\Windows\System\fhSCrZG.exe
  2⤵
  PID:3720
- C:\Windows\System\dNUbZMk.exe
  C:\Windows\System\dNUbZMk.exe
  2⤵
  PID:11280
- C:\Windows\System\mUUqWVO.exe
  C:\Windows\System\mUUqWVO.exe
  2⤵
  PID:11308
- C:\Windows\System\UBbTcFp.exe
  C:\Windows\System\UBbTcFp.exe
  2⤵
  PID:11348
- C:\Windows\System\vwOGpKy.exe
  C:\Windows\System\vwOGpKy.exe
  2⤵
  PID:11364
- C:\Windows\System\gaqFlUO.exe
  C:\Windows\System\gaqFlUO.exe
  2⤵
  PID:11392
- C:\Windows\System\FFZhTPV.exe
  C:\Windows\System\FFZhTPV.exe
  2⤵
  PID:11420
- C:\Windows\System\SweyXhh.exe
  C:\Windows\System\SweyXhh.exe
  2⤵
  PID:11448
- C:\Windows\System\FNYPWZa.exe
  C:\Windows\System\FNYPWZa.exe
  2⤵
  PID:11476
- C:\Windows\System\jqzyHbn.exe
  C:\Windows\System\jqzyHbn.exe
  2⤵
  PID:11504
- C:\Windows\System\fbdARYb.exe
  C:\Windows\System\fbdARYb.exe
  2⤵
  PID:11532
- C:\Windows\System\ztAKhrh.exe
  C:\Windows\System\ztAKhrh.exe
  2⤵
  PID:11560
- C:\Windows\System\shZXIvz.exe
  C:\Windows\System\shZXIvz.exe
  2⤵
  PID:11592
- C:\Windows\System\uaDaZHx.exe
  C:\Windows\System\uaDaZHx.exe
  2⤵
  PID:11620
- C:\Windows\System\WsDykto.exe
  C:\Windows\System\WsDykto.exe
  2⤵
  PID:11648
- C:\Windows\System\eORhaVZ.exe
  C:\Windows\System\eORhaVZ.exe
  2⤵
  PID:11676
- C:\Windows\System\zGbxjaF.exe
  C:\Windows\System\zGbxjaF.exe
  2⤵
  PID:11704
- C:\Windows\System\XGKtqEU.exe
  C:\Windows\System\XGKtqEU.exe
  2⤵
  PID:11732
- C:\Windows\System\cDREFpN.exe
  C:\Windows\System\cDREFpN.exe
  2⤵
  PID:11760
- C:\Windows\System\rFeIIIL.exe
  C:\Windows\System\rFeIIIL.exe
  2⤵
  PID:11788
- C:\Windows\System\nGQhJjj.exe
  C:\Windows\System\nGQhJjj.exe
  2⤵
  PID:11816
- C:\Windows\System\YrqfmOX.exe
  C:\Windows\System\YrqfmOX.exe
  2⤵
  PID:11844
- C:\Windows\System\HYDwZll.exe
  C:\Windows\System\HYDwZll.exe
  2⤵
  PID:11872
- C:\Windows\System\TpbRPFA.exe
  C:\Windows\System\TpbRPFA.exe
  2⤵
  PID:11900
- C:\Windows\System\Cbxghew.exe
  C:\Windows\System\Cbxghew.exe
  2⤵
  PID:11928
- C:\Windows\System\AvYkawa.exe
  C:\Windows\System\AvYkawa.exe
  2⤵
  PID:11956
- C:\Windows\System\mIAmZiE.exe
  C:\Windows\System\mIAmZiE.exe
  2⤵
  PID:11988
- C:\Windows\System\grkAdsS.exe
  C:\Windows\System\grkAdsS.exe
  2⤵
  PID:12012
- C:\Windows\System\GWifyol.exe
  C:\Windows\System\GWifyol.exe
  2⤵
  PID:12040
- C:\Windows\System\fgosHoC.exe
  C:\Windows\System\fgosHoC.exe
  2⤵
  PID:12072
- C:\Windows\System\AwKCjRo.exe
  C:\Windows\System\AwKCjRo.exe
  2⤵
  PID:12108
- C:\Windows\System\oSJieEC.exe
  C:\Windows\System\oSJieEC.exe
  2⤵
  PID:12140
- C:\Windows\System\JIDuVVf.exe
  C:\Windows\System\JIDuVVf.exe
  2⤵
  PID:12156
- C:\Windows\System\vuuHwBx.exe
  C:\Windows\System\vuuHwBx.exe
  2⤵
  PID:12220
- C:\Windows\System\pcVAaWj.exe
  C:\Windows\System\pcVAaWj.exe
  2⤵
  PID:12248
- C:\Windows\System\ZNfanNx.exe
  C:\Windows\System\ZNfanNx.exe
  2⤵
  PID:12276
- C:\Windows\System\xWWkyqQ.exe
  C:\Windows\System\xWWkyqQ.exe
  2⤵
  PID:11272
- C:\Windows\System\MLTZijB.exe
  C:\Windows\System\MLTZijB.exe
  2⤵
  PID:11360
- C:\Windows\System\VBeeOdT.exe
  C:\Windows\System\VBeeOdT.exe
  2⤵
  PID:11416
- C:\Windows\System\ejyOWwM.exe
  C:\Windows\System\ejyOWwM.exe
  2⤵
  PID:11468
- C:\Windows\System\wDHBzoQ.exe
  C:\Windows\System\wDHBzoQ.exe
  2⤵
  PID:11552
- C:\Windows\System\kixYtDu.exe
  C:\Windows\System\kixYtDu.exe
  2⤵
  PID:11612
- C:\Windows\System\BgnMnfm.exe
  C:\Windows\System\BgnMnfm.exe
  2⤵
  PID:2660
- C:\Windows\System\pHvjaVH.exe
  C:\Windows\System\pHvjaVH.exe
  2⤵
  PID:11688
- C:\Windows\System\gazGGQq.exe
  C:\Windows\System\gazGGQq.exe
  2⤵
  PID:1592
- C:\Windows\System\jWRMsxP.exe
  C:\Windows\System\jWRMsxP.exe
  2⤵
  PID:11724
- C:\Windows\System\EphCKPW.exe
  C:\Windows\System\EphCKPW.exe
  2⤵
  PID:11808
- C:\Windows\System\tqPfXCn.exe
  C:\Windows\System\tqPfXCn.exe
  2⤵
  PID:11868
- C:\Windows\System\iJGoqEA.exe
  C:\Windows\System\iJGoqEA.exe
  2⤵
  PID:11940
- C:\Windows\System\GtFYmVE.exe
  C:\Windows\System\GtFYmVE.exe
  2⤵
  PID:11980
- C:\Windows\System\lzlmHoD.exe
  C:\Windows\System\lzlmHoD.exe
  2⤵
  PID:2324
- C:\Windows\System\bvQvlpf.exe
  C:\Windows\System\bvQvlpf.exe
  2⤵
  PID:12036
- C:\Windows\System\XBsqUvS.exe
  C:\Windows\System\XBsqUvS.exe
  2⤵
  PID:12120
- C:\Windows\System\QtyzhBS.exe
  C:\Windows\System\QtyzhBS.exe
  2⤵
  PID:12028
- C:\Windows\System\kKsolrI.exe
  C:\Windows\System\kKsolrI.exe
  2⤵
  PID:3760
- C:\Windows\System\QhwSJoy.exe
  C:\Windows\System\QhwSJoy.exe
  2⤵
  PID:12212
- C:\Windows\System\dagBeHb.exe
  C:\Windows\System\dagBeHb.exe
  2⤵
  PID:12268
- C:\Windows\System\cpONmhP.exe
  C:\Windows\System\cpONmhP.exe
  2⤵
  PID:11320
- C:\Windows\System\fQQCKDR.exe
  C:\Windows\System\fQQCKDR.exe
  2⤵
  PID:11496
- C:\Windows\System\HCHIapy.exe
  C:\Windows\System\HCHIapy.exe
  2⤵
  PID:12204
- C:\Windows\System\gHMDCDB.exe
  C:\Windows\System\gHMDCDB.exe
  2⤵
  PID:976
- C:\Windows\System\AtpZJIp.exe
  C:\Windows\System\AtpZJIp.exe
  2⤵
  PID:11728
- C:\Windows\System\ukIjVwL.exe
  C:\Windows\System\ukIjVwL.exe
  2⤵
  PID:11896
- C:\Windows\System\uRrYWuG.exe
  C:\Windows\System\uRrYWuG.exe
  2⤵
  PID:12008
- C:\Windows\System\WfXdKud.exe
  C:\Windows\System\WfXdKud.exe
  2⤵
  PID:12104
- C:\Windows\System\jMUvMgF.exe
  C:\Windows\System\jMUvMgF.exe
  2⤵
  PID:1444
- C:\Windows\System\cjkngzs.exe
  C:\Windows\System\cjkngzs.exe
  2⤵
  PID:12284
- C:\Windows\System\EljFqdw.exe
  C:\Windows\System\EljFqdw.exe
  2⤵
  PID:4884
- C:\Windows\System\QwnAGHI.exe
  C:\Windows\System\QwnAGHI.exe
  2⤵
  PID:11696
- C:\Windows\System\hoXzunV.exe
  C:\Windows\System\hoXzunV.exe
  2⤵
  PID:12056
- C:\Windows\System\GumSVVe.exe
  C:\Windows\System\GumSVVe.exe
  2⤵
  PID:11780
- C:\Windows\System\dPyRuVz.exe
  C:\Windows\System\dPyRuVz.exe
  2⤵
  PID:380
- C:\Windows\System\gfSGIdY.exe
  C:\Windows\System\gfSGIdY.exe
  2⤵
  PID:1660
- C:\Windows\System\IDxmlWd.exe
  C:\Windows\System\IDxmlWd.exe
  2⤵
  PID:4372
- C:\Windows\System\BPrjudF.exe
  C:\Windows\System\BPrjudF.exe
  2⤵
  PID:12316
- C:\Windows\System\IvBmOwf.exe
  C:\Windows\System\IvBmOwf.exe
  2⤵
  PID:12344
- C:\Windows\System\JhaUZip.exe
  C:\Windows\System\JhaUZip.exe
  2⤵
  PID:12372
- C:\Windows\System\FIiOGlE.exe
  C:\Windows\System\FIiOGlE.exe
  2⤵
  PID:12400
- C:\Windows\System\JCmojul.exe
  C:\Windows\System\JCmojul.exe
  2⤵
  PID:12428
- C:\Windows\System\RykbwgU.exe
  C:\Windows\System\RykbwgU.exe
  2⤵
  PID:12456
- C:\Windows\System\qWYHlWK.exe
  C:\Windows\System\qWYHlWK.exe
  2⤵
  PID:12484
- C:\Windows\System\hziYEOt.exe
  C:\Windows\System\hziYEOt.exe
  2⤵
  PID:12512
- C:\Windows\System\hQBgqyX.exe
  C:\Windows\System\hQBgqyX.exe
  2⤵
  PID:12540
- C:\Windows\System\IrJthjU.exe
  C:\Windows\System\IrJthjU.exe
  2⤵
  PID:12568
- C:\Windows\System\GXaGESs.exe
  C:\Windows\System\GXaGESs.exe
  2⤵
  PID:12596
- C:\Windows\System\KrzsSfU.exe
  C:\Windows\System\KrzsSfU.exe
  2⤵
  PID:12624
- C:\Windows\System\QOtGiVf.exe
  C:\Windows\System\QOtGiVf.exe
  2⤵
  PID:12652
- C:\Windows\System\YVONKml.exe
  C:\Windows\System\YVONKml.exe
  2⤵
  PID:12680
- C:\Windows\System\DofjogB.exe
  C:\Windows\System\DofjogB.exe
  2⤵
  PID:12708
- C:\Windows\System\ercJHDN.exe
  C:\Windows\System\ercJHDN.exe
  2⤵
  PID:12736
- C:\Windows\System\KUvUzBt.exe
  C:\Windows\System\KUvUzBt.exe
  2⤵
  PID:12764
- C:\Windows\System\Zesadel.exe
  C:\Windows\System\Zesadel.exe
  2⤵
  PID:12792
- C:\Windows\System\SEoMpWD.exe
  C:\Windows\System\SEoMpWD.exe
  2⤵
  PID:12820
- C:\Windows\System\XdPzZMz.exe
  C:\Windows\System\XdPzZMz.exe
  2⤵
  PID:12860
- C:\Windows\System\yGusvjd.exe
  C:\Windows\System\yGusvjd.exe
  2⤵
  PID:12876
- C:\Windows\System\PtCRjPG.exe
  C:\Windows\System\PtCRjPG.exe
  2⤵
  PID:12904
- C:\Windows\System\DEAhFto.exe
  C:\Windows\System\DEAhFto.exe
  2⤵
  PID:12932
- C:\Windows\System\ynKktYF.exe
  C:\Windows\System\ynKktYF.exe
  2⤵
  PID:12964
- C:\Windows\System\EZBqGvD.exe
  C:\Windows\System\EZBqGvD.exe
  2⤵
  PID:12992
- C:\Windows\System\ZzrQdYt.exe
  C:\Windows\System\ZzrQdYt.exe
  2⤵
  PID:13020
- C:\Windows\System\gCLdXsV.exe
  C:\Windows\System\gCLdXsV.exe
  2⤵
  PID:13048
- C:\Windows\System\RKIrcIe.exe
  C:\Windows\System\RKIrcIe.exe
  2⤵
  PID:13076
- C:\Windows\System\kRMVUMn.exe
  C:\Windows\System\kRMVUMn.exe
  2⤵
  PID:13104
- C:\Windows\System\eFeGCgZ.exe
  C:\Windows\System\eFeGCgZ.exe
  2⤵
  PID:13132
- C:\Windows\System\AwsuEIV.exe
  C:\Windows\System\AwsuEIV.exe
  2⤵
  PID:13160
- C:\Windows\System\cWirjcz.exe
  C:\Windows\System\cWirjcz.exe
  2⤵
  PID:13188
- C:\Windows\System\OHEiMpF.exe
  C:\Windows\System\OHEiMpF.exe
  2⤵
  PID:13216
- C:\Windows\System\gQDxuBY.exe
  C:\Windows\System\gQDxuBY.exe
  2⤵
  PID:13244
- C:\Windows\System\tphwZPe.exe
  C:\Windows\System\tphwZPe.exe
  2⤵
  PID:13272
- C:\Windows\System\vEiuwPx.exe
  C:\Windows\System\vEiuwPx.exe
  2⤵
  PID:13300
- C:\Windows\System\KEMMOuI.exe
  C:\Windows\System\KEMMOuI.exe
  2⤵
  PID:12328
- C:\Windows\System\aCYAVLK.exe
  C:\Windows\System\aCYAVLK.exe
  2⤵
  PID:12392
- C:\Windows\System\ZGqChOq.exe
  C:\Windows\System\ZGqChOq.exe
  2⤵
  PID:12452
- C:\Windows\System\owjtATE.exe
  C:\Windows\System\owjtATE.exe
  2⤵
  PID:12524
- C:\Windows\System\IXzbldz.exe
  C:\Windows\System\IXzbldz.exe
  2⤵
  PID:12588
- C:\Windows\System\wSbADuh.exe
  C:\Windows\System\wSbADuh.exe
  2⤵
  PID:4232
- C:\Windows\System\VuBBmXe.exe
  C:\Windows\System\VuBBmXe.exe
  2⤵
  PID:12644
- C:\Windows\System\lvXcCos.exe
  C:\Windows\System\lvXcCos.exe
  2⤵
  PID:12704
- C:\Windows\System\XXcZITl.exe
  C:\Windows\System\XXcZITl.exe
  2⤵
  PID:12776
- C:\Windows\System\NUgkBQY.exe
  C:\Windows\System\NUgkBQY.exe
  2⤵
  PID:12840
- C:\Windows\System\gKsuHCO.exe
  C:\Windows\System\gKsuHCO.exe
  2⤵
  PID:12888
- C:\Windows\System\tJZxPil.exe
  C:\Windows\System\tJZxPil.exe
  2⤵
  PID:2084
- C:\Windows\System\LZePULP.exe
  C:\Windows\System\LZePULP.exe
  2⤵
  PID:12956
- C:\Windows\System\RUZlZvP.exe
  C:\Windows\System\RUZlZvP.exe
  2⤵
  PID:3868
- C:\Windows\System\FYDJyVN.exe
  C:\Windows\System\FYDJyVN.exe
  2⤵
  PID:13068
- C:\Windows\System\KSCKBRF.exe
  C:\Windows\System\KSCKBRF.exe
  2⤵
  PID:3912
- C:\Windows\System\UPcmucE.exe
  C:\Windows\System\UPcmucE.exe
  2⤵
  PID:13156
- C:\Windows\System\gYjRKie.exe
  C:\Windows\System\gYjRKie.exe
  2⤵
  PID:4812
- C:\Windows\System\UUQsGZn.exe
  C:\Windows\System\UUQsGZn.exe
  2⤵
  PID:13240
- C:\Windows\System\HndUfFr.exe
  C:\Windows\System\HndUfFr.exe
  2⤵
  PID:11984
- C:\Windows\System\kDZteDH.exe
  C:\Windows\System\kDZteDH.exe
  2⤵
  PID:12384
- C:\Windows\System\kXzzlCx.exe
  C:\Windows\System\kXzzlCx.exe
  2⤵
  PID:12504
- C:\Windows\System\OAOkzHR.exe
  C:\Windows\System\OAOkzHR.exe
  2⤵
  PID:2004
- C:\Windows\System\FNwZwKL.exe
  C:\Windows\System\FNwZwKL.exe
  2⤵
  PID:12692
- C:\Windows\System\XWSuJMW.exe
  C:\Windows\System\XWSuJMW.exe
  2⤵
  PID:12760
- C:\Windows\System\pgwZUMJ.exe
  C:\Windows\System\pgwZUMJ.exe
  2⤵
  PID:3668
- C:\Windows\System\eHxRgJo.exe
  C:\Windows\System\eHxRgJo.exe
  2⤵
  PID:12900
- C:\Windows\System\jAFIKke.exe
  C:\Windows\System\jAFIKke.exe
  2⤵
  PID:13012
- C:\Windows\System\xLXIQMc.exe
  C:\Windows\System\xLXIQMc.exe
  2⤵
  PID:1356
- C:\Windows\System\snXXZNz.exe
  C:\Windows\System\snXXZNz.exe
  2⤵
  PID:13116
- C:\Windows\System\TmsbtVy.exe
  C:\Windows\System\TmsbtVy.exe
  2⤵
  PID:13268
- C:\Windows\System\GSyxxPl.exe
  C:\Windows\System\GSyxxPl.exe
  2⤵
  PID:12356
- C:\Windows\System\fWtNjUE.exe
  C:\Windows\System\fWtNjUE.exe
  2⤵
  PID:4600
- C:\Windows\System\hDkChWa.exe
  C:\Windows\System\hDkChWa.exe
  2⤵
  PID:2936
- C:\Windows\System\dxktFyl.exe
  C:\Windows\System\dxktFyl.exe
  2⤵
  PID:2560
- C:\Windows\System\XBlVgLL.exe
  C:\Windows\System\XBlVgLL.exe
  2⤵
  PID:3488
- C:\Windows\System\wqwtVhO.exe
  C:\Windows\System\wqwtVhO.exe
  2⤵
  PID:2928
- C:\Windows\System\ILYxfia.exe
  C:\Windows\System\ILYxfia.exe
  2⤵
  PID:13016
- C:\Windows\System\msysqjM.exe
  C:\Windows\System\msysqjM.exe
  2⤵
  PID:1512
- C:\Windows\System\bFPRLUb.exe
  C:\Windows\System\bFPRLUb.exe
  2⤵
  PID:4360
- C:\Windows\System\xDUckFz.exe
  C:\Windows\System\xDUckFz.exe
  2⤵
  PID:2028
- C:\Windows\System\dWUjsil.exe
  C:\Windows\System\dWUjsil.exe
  2⤵
  PID:4864
- C:\Windows\System\jHGKDEf.exe
  C:\Windows\System\jHGKDEf.exe
  2⤵
  PID:3000
- C:\Windows\System\xHOniVM.exe
  C:\Windows\System\xHOniVM.exe
  2⤵
  PID:2504
- C:\Windows\System\wmYbJaT.exe
  C:\Windows\System\wmYbJaT.exe
  2⤵
  PID:1476
- C:\Windows\System\RLgUCUe.exe
  C:\Windows\System\RLgUCUe.exe
  2⤵
  PID:4968
- C:\Windows\System\XbgujzN.exe
  C:\Windows\System\XbgujzN.exe
  2⤵
  PID:2760
- C:\Windows\System\XtLCziD.exe
  C:\Windows\System\XtLCziD.exe
  2⤵
  PID:13208
- C:\Windows\System\rKmvcVr.exe
  C:\Windows\System\rKmvcVr.exe
  2⤵
  PID:5432
- C:\Windows\System\kKtAvYK.exe
  C:\Windows\System\kKtAvYK.exe
  2⤵
  PID:5464
- C:\Windows\System\caewhim.exe
  C:\Windows\System\caewhim.exe
  2⤵
  PID:440
- C:\Windows\System\qcIvdpR.exe
  C:\Windows\System\qcIvdpR.exe
  2⤵
  PID:5508
- C:\Windows\System\kDgdlvD.exe
  C:\Windows\System\kDgdlvD.exe
  2⤵
  PID:5364
- C:\Windows\System\RibZhvM.exe
  C:\Windows\System\RibZhvM.exe
  2⤵
  PID:5564
- C:\Windows\System\NqGgERn.exe
  C:\Windows\System\NqGgERn.exe
  2⤵
  PID:5480
- C:\Windows\System\BQmQemI.exe
  C:\Windows\System\BQmQemI.exe
  2⤵
  PID:2200
- C:\Windows\System\rlDrGDN.exe
  C:\Windows\System\rlDrGDN.exe
  2⤵
  PID:13332
- C:\Windows\System\HwxHGOB.exe
  C:\Windows\System\HwxHGOB.exe
  2⤵
  PID:13360
- C:\Windows\System\EAATWgo.exe
  C:\Windows\System\EAATWgo.exe
  2⤵
  PID:13396
- C:\Windows\System\OgdEovl.exe
  C:\Windows\System\OgdEovl.exe
  2⤵
  PID:13420
- C:\Windows\System\QYwuFiz.exe
  C:\Windows\System\QYwuFiz.exe
  2⤵
  PID:13444
- C:\Windows\System\qAmPHrT.exe
  C:\Windows\System\qAmPHrT.exe
  2⤵
  PID:13464
- C:\Windows\System\AEsEaka.exe
  C:\Windows\System\AEsEaka.exe
  2⤵
  PID:13500
- C:\Windows\System\Olwillp.exe
  C:\Windows\System\Olwillp.exe
  2⤵
  PID:13524
- C:\Windows\System\QuHJrbQ.exe
  C:\Windows\System\QuHJrbQ.exe
  2⤵
  PID:13560
- C:\Windows\System\VwsWCpl.exe
  C:\Windows\System\VwsWCpl.exe
  2⤵
  PID:13624
- C:\Windows\System\XaWnhxS.exe
  C:\Windows\System\XaWnhxS.exe
  2⤵
  PID:13644
- C:\Windows\System\nImniCI.exe
  C:\Windows\System\nImniCI.exe
  2⤵
  PID:13660
- C:\Windows\System\vTnuGHr.exe
  C:\Windows\System\vTnuGHr.exe
  2⤵
  PID:13688
- C:\Windows\System\YseUOHR.exe
  C:\Windows\System\YseUOHR.exe
  2⤵
  PID:13740
- C:\Windows\System\zoYyPer.exe
  C:\Windows\System\zoYyPer.exe
  2⤵
  PID:13756
- C:\Windows\System\ainRYQk.exe
  C:\Windows\System\ainRYQk.exe
  2⤵
  PID:13784
- C:\Windows\System\qPZNtPI.exe
  C:\Windows\System\qPZNtPI.exe
  2⤵
  PID:13812
- C:\Windows\System\DDKKFjn.exe
  C:\Windows\System\DDKKFjn.exe
  2⤵
  PID:13840
- C:\Windows\System\ZkpXtyY.exe
  C:\Windows\System\ZkpXtyY.exe
  2⤵
  PID:13868
- C:\Windows\System\OODmGhI.exe
  C:\Windows\System\OODmGhI.exe
  2⤵
  PID:13896
- C:\Windows\System\XGGNydh.exe
  C:\Windows\System\XGGNydh.exe
  2⤵
  PID:13924
- C:\Windows\System\PVDFxiH.exe
  C:\Windows\System\PVDFxiH.exe
  2⤵
  PID:13952
- C:\Windows\System\CdUMORl.exe
  C:\Windows\System\CdUMORl.exe
  2⤵
  PID:13980
- C:\Windows\System\ShUrHGk.exe
  C:\Windows\System\ShUrHGk.exe
  2⤵
  PID:14008
- C:\Windows\System\IEokIBk.exe
  C:\Windows\System\IEokIBk.exe
  2⤵
  PID:14036
- C:\Windows\System\ntJTatN.exe
  C:\Windows\System\ntJTatN.exe
  2⤵
  PID:14064
- C:\Windows\System\hQdWbAa.exe
  C:\Windows\System\hQdWbAa.exe
  2⤵
  PID:14092
- C:\Windows\System\nzUQICh.exe
  C:\Windows\System\nzUQICh.exe
  2⤵
  PID:14120
- C:\Windows\System\dDhlrjN.exe
  C:\Windows\System\dDhlrjN.exe
  2⤵
  PID:14148
- C:\Windows\System\nMDsBTJ.exe
  C:\Windows\System\nMDsBTJ.exe
  2⤵
  PID:14180
- C:\Windows\System\FNcxrFX.exe
  C:\Windows\System\FNcxrFX.exe
  2⤵
  PID:14208
- C:\Windows\System\JYVCzGm.exe
  C:\Windows\System\JYVCzGm.exe
  2⤵
  PID:14236
- C:\Windows\System\vRziywD.exe
  C:\Windows\System\vRziywD.exe
  2⤵
  PID:14264
- C:\Windows\System\DxTzZiQ.exe
  C:\Windows\System\DxTzZiQ.exe
  2⤵
  PID:14292
- C:\Windows\System\jbnoIWa.exe
  C:\Windows\System\jbnoIWa.exe
  2⤵
  PID:14320
- C:\Windows\System\XCfMrZs.exe
  C:\Windows\System\XCfMrZs.exe
  2⤵
  PID:5656
- C:\Windows\System\avCHwSX.exe
  C:\Windows\System\avCHwSX.exe
  2⤵
  PID:5748
- C:\Windows\System\wHliVjV.exe
  C:\Windows\System\wHliVjV.exe
  2⤵
  PID:3308
- C:\Windows\System\aDhTQKk.exe
  C:\Windows\System\aDhTQKk.exe
  2⤵
  PID:13384
- C:\Windows\System\DGZzIeI.exe
  C:\Windows\System\DGZzIeI.exe
  2⤵
  PID:5916
- C:\Windows\System\QZMqRql.exe
  C:\Windows\System\QZMqRql.exe
  2⤵
  PID:5976
- C:\Windows\System\upbUKSh.exe
  C:\Windows\System\upbUKSh.exe
  2⤵
  PID:3320
- C:\Windows\System\iWICBLS.exe
  C:\Windows\System\iWICBLS.exe
  2⤵
  PID:13484
- C:\Windows\System\HbGAHmJ.exe
  C:\Windows\System\HbGAHmJ.exe
  2⤵
  PID:13508
- C:\Windows\System\YNBEELU.exe
  C:\Windows\System\YNBEELU.exe
  2⤵
  PID:13544
- C:\Windows\System\ANbxyFX.exe
  C:\Windows\System\ANbxyFX.exe
  2⤵
  PID:1708
- C:\Windows\System\QuIcPnN.exe
  C:\Windows\System\QuIcPnN.exe
  2⤵
  PID:5124
- C:\Windows\System\TaHhamM.exe
  C:\Windows\System\TaHhamM.exe
  2⤵
  PID:5304
- C:\Windows\System\JOHGHuQ.exe
  C:\Windows\System\JOHGHuQ.exe
  2⤵
  PID:2500
- C:\Windows\System\UzXiJkK.exe
  C:\Windows\System\UzXiJkK.exe
  2⤵
  PID:13636
- C:\Windows\System\edtgocA.exe
  C:\Windows\System\edtgocA.exe
  2⤵
  PID:13640
- C:\Windows\System\tkHnexu.exe
  C:\Windows\System\tkHnexu.exe
  2⤵
  PID:5664
- C:\Windows\System\jzrxWtV.exe
  C:\Windows\System\jzrxWtV.exe
  2⤵
  PID:13404
- C:\Windows\System\Ernuofk.exe
  C:\Windows\System\Ernuofk.exe
  2⤵
  PID:2712
- C:\Windows\System\WGWeEnm.exe
  C:\Windows\System\WGWeEnm.exe
  2⤵
  PID:1932
- C:\Windows\System\FUKofAE.exe
  C:\Windows\System\FUKofAE.exe
  2⤵
  PID:4368
- C:\Windows\System\Xlqtrvn.exe
  C:\Windows\System\Xlqtrvn.exe
  2⤵
  PID:13724
- C:\Windows\System\hmrSaoB.exe
  C:\Windows\System\hmrSaoB.exe
  2⤵
  PID:13776
- C:\Windows\System\hvLOnXT.exe
  C:\Windows\System\hvLOnXT.exe
  2⤵
  PID:13824
- C:\Windows\System\HjZjURt.exe
  C:\Windows\System\HjZjURt.exe
  2⤵
  PID:5536
- C:\Windows\System\dWsxAOI.exe
  C:\Windows\System\dWsxAOI.exe
  2⤵
  PID:13892
- C:\Windows\System\LRAmhjw.exe
  C:\Windows\System\LRAmhjw.exe
  2⤵
  PID:13944
- C:\Windows\System\TACsXpY.exe
  C:\Windows\System\TACsXpY.exe
  2⤵
  PID:6148
- C:\Windows\System\YZPSKER.exe
  C:\Windows\System\YZPSKER.exe
  2⤵
  PID:14032
- C:\Windows\System\kmWwyHK.exe
  C:\Windows\System\kmWwyHK.exe
  2⤵
  PID:6228
- C:\Windows\System\tkaClzu.exe
  C:\Windows\System\tkaClzu.exe
  2⤵
  PID:14112
- C:\Windows\System\uHRXtGu.exe
  C:\Windows\System\uHRXtGu.exe
  2⤵
  PID:14164
- C:\Windows\System\kWqnDhH.exe
  C:\Windows\System\kWqnDhH.exe
  2⤵
  PID:14200
- C:\Windows\System\vdKAEFG.exe
  C:\Windows\System\vdKAEFG.exe
  2⤵
  PID:6364
- C:\Windows\System\PHelGhR.exe
  C:\Windows\System\PHelGhR.exe
  2⤵
  PID:14288
- C:\Windows\System\jjGNvgG.exe
  C:\Windows\System\jjGNvgG.exe
  2⤵
  PID:4412
- C:\Windows\System\wIWvHQI.exe
  C:\Windows\System\wIWvHQI.exe
  2⤵
  PID:13324
- C:\Windows\System\JCHuVTS.exe
  C:\Windows\System\JCHuVTS.exe
  2⤵
  PID:5860
- C:\Windows\System\xSuymrc.exe
  C:\Windows\System\xSuymrc.exe
  2⤵
  PID:13392
- C:\Windows\System\AlWtyxZ.exe
  C:\Windows\System\AlWtyxZ.exe
  2⤵
  PID:6544
- C:\Windows\System\zpQWjJM.exe
  C:\Windows\System\zpQWjJM.exe
  2⤵
  PID:6068
- C:\Windows\System\ggFaXhY.exe
  C:\Windows\System\ggFaXhY.exe
  2⤵
  PID:13572
- C:\Windows\System\zApklhW.exe
  C:\Windows\System\zApklhW.exe
  2⤵
  PID:13532
- C:\Windows\System\PKtdgrz.exe
  C:\Windows\System\PKtdgrz.exe
  2⤵
  PID:1012
- C:\Windows\System\uVzBfAn.exe
  C:\Windows\System\uVzBfAn.exe
  2⤵
  PID:6740
- C:\Windows\System\PRGAbwp.exe
  C:\Windows\System\PRGAbwp.exe
  2⤵
  PID:6772
- C:\Windows\System\Cziqjkm.exe
  C:\Windows\System\Cziqjkm.exe
  2⤵
  PID:5820
- C:\Windows\System\ZKNXsqg.exe
  C:\Windows\System\ZKNXsqg.exe
  2⤵
  PID:13428
- C:\Windows\System\BvmRdaP.exe
  C:\Windows\System\BvmRdaP.exe
  2⤵
  PID:5920
- C:\Windows\System\UNMxeqH.exe
  C:\Windows\System\UNMxeqH.exe
  2⤵
  PID:6080
- C:\Windows\System\AMdAJph.exe
  C:\Windows\System\AMdAJph.exe
  2⤵
  PID:6976
- C:\Windows\System\VnXNoQx.exe
  C:\Windows\System\VnXNoQx.exe
  2⤵
  PID:13860
- C:\Windows\System\uDGPlxo.exe
  C:\Windows\System\uDGPlxo.exe
  2⤵
  PID:5744
- C:\Windows\System\bAwZjSx.exe
  C:\Windows\System\bAwZjSx.exe
  2⤵
  PID:5516
- C:\Windows\System\biekBmx.exe
  C:\Windows\System\biekBmx.exe
  2⤵
  PID:7136
- C:\Windows\System\lODMRjg.exe
  C:\Windows\System\lODMRjg.exe
  2⤵
  PID:6240
- C:\Windows\System\pcyIxtD.exe
  C:\Windows\System\pcyIxtD.exe
  2⤵
  PID:6332
- C:\Windows\System\Sgumrhs.exe
  C:\Windows\System\Sgumrhs.exe
  2⤵
  PID:6356
- C:\Windows\System\ZEYhSBq.exe
  C:\Windows\System\ZEYhSBq.exe
  2⤵
  PID:14276
- C:\Windows\System\tXccfio.exe
  C:\Windows\System\tXccfio.exe
  2⤵
  PID:14316
- C:\Windows\System\XmzPrLs.exe
  C:\Windows\System\XmzPrLs.exe
  2⤵
  PID:5604
- C:\Windows\System\aiEmoNS.exe
  C:\Windows\System\aiEmoNS.exe
  2⤵
  PID:5892
- C:\Windows\System\tnxzief.exe
  C:\Windows\System\tnxzief.exe
  2⤵
  PID:6560
- C:\Windows\System\fpGuiTG.exe
  C:\Windows\System\fpGuiTG.exe
  2⤵
  PID:6116
- C:\Windows\System\YFXRaQG.exe
  C:\Windows\System\YFXRaQG.exe
  2⤵
  PID:4484
- C:\Windows\System\vkrvjOt.exe
  C:\Windows\System\vkrvjOt.exe
  2⤵
  PID:7020
- C:\Windows\System\ignCCRG.exe
  C:\Windows\System\ignCCRG.exe
  2⤵
  PID:14156
- C:\Windows\System\SVgRvZm.exe
  C:\Windows\System\SVgRvZm.exe
  2⤵
  PID:6796
- C:\Windows\System\OEptdRV.exe
  C:\Windows\System\OEptdRV.exe
  2⤵
  PID:6368
- C:\Windows\System\VPHbLmQ.exe
  C:\Windows\System\VPHbLmQ.exe
  2⤵
  PID:13768
- C:\Windows\System\dnAylps.exe
  C:\Windows\System\dnAylps.exe
  2⤵
  PID:7056
- C:\Windows\System\XWtHPVW.exe
  C:\Windows\System\XWtHPVW.exe
  2⤵
  PID:7112
- C:\Windows\System\IyhAykc.exe
  C:\Windows\System\IyhAykc.exe
  2⤵
  PID:7164
- C:\Windows\System\ypkKbmi.exe
  C:\Windows\System\ypkKbmi.exe
  2⤵
  PID:6400
- C:\Windows\System\cgIuAft.exe
  C:\Windows\System\cgIuAft.exe
  2⤵
  PID:6372
- C:\Windows\System\kInyqvN.exe
  C:\Windows\System\kInyqvN.exe
  2⤵
  PID:4800
- C:\Windows\System\FPYumCr.exe
  C:\Windows\System\FPYumCr.exe
  2⤵
  PID:4556
- C:\Windows\System\oufSCEi.exe
  C:\Windows\System\oufSCEi.exe
  2⤵
  PID:6932
- C:\Windows\System\pBfclde.exe
  C:\Windows\System\pBfclde.exe
  2⤵
  PID:6672
- C:\Windows\System\jXUJrnf.exe
  C:\Windows\System\jXUJrnf.exe
  2⤵
  PID:6600
- C:\Windows\System\oWSOOAN.exe
  C:\Windows\System\oWSOOAN.exe
  2⤵
  PID:5156
- C:\Windows\System\gHdFxLy.exe
  C:\Windows\System\gHdFxLy.exe
  2⤵
  PID:6464
- C:\Windows\System\uLErJrV.exe
  C:\Windows\System\uLErJrV.exe
  2⤵
  PID:3880
- C:\Windows\System\DcBKjeO.exe
  C:\Windows\System\DcBKjeO.exe
  2⤵
  PID:5600
- C:\Windows\System\aqSHJcn.exe
  C:\Windows\System\aqSHJcn.exe
  2⤵
  PID:7796
- C:\Windows\System\vjrKOzD.exe
  C:\Windows\System\vjrKOzD.exe
  2⤵
  PID:2104
- C:\Windows\System\qZpxEGX.exe
  C:\Windows\System\qZpxEGX.exe
  2⤵
  PID:7388
- C:\Windows\System\MifVgUq.exe
  C:\Windows\System\MifVgUq.exe
  2⤵
  PID:7940
- C:\Windows\System\xPXEMKS.exe
  C:\Windows\System\xPXEMKS.exe
  2⤵
  PID:612
- C:\Windows\System\jdPkXoJ.exe
  C:\Windows\System\jdPkXoJ.exe
  2⤵
  PID:8072
- C:\Windows\System\RljBKEG.exe
  C:\Windows\System\RljBKEG.exe
  2⤵
  PID:6840
- C:\Windows\System\upYEHSU.exe
  C:\Windows\System\upYEHSU.exe
  2⤵
  PID:7568
- C:\Windows\System\NrXjweE.exe
  C:\Windows\System\NrXjweE.exe
  2⤵
  PID:4672
- C:\Windows\System\RPJdjyb.exe
  C:\Windows\System\RPJdjyb.exe
  2⤵
  PID:7620
- C:\Windows\System\VLRTpYn.exe
  C:\Windows\System\VLRTpYn.exe
  2⤵
  PID:7652
- C:\Windows\System\UCpGFyr.exe
  C:\Windows\System\UCpGFyr.exe
  2⤵
  PID:7360
- C:\Windows\System\tsqkHOd.exe
  C:\Windows\System\tsqkHOd.exe
  2⤵
  PID:7048
- C:\Windows\System\BTVdGkc.exe
  C:\Windows\System\BTVdGkc.exe
  2⤵
  PID:14060
- C:\Windows\System\hboNEdD.exe
  C:\Windows\System\hboNEdD.exe
  2⤵
  PID:7836
- C:\Windows\System\FlCSLIo.exe
  C:\Windows\System\FlCSLIo.exe
  2⤵
  PID:7696
- C:\Windows\System\BZAvjiQ.exe
  C:\Windows\System\BZAvjiQ.exe
  2⤵
  PID:3740
- C:\Windows\System\mFKGUUz.exe
  C:\Windows\System\mFKGUUz.exe
  2⤵
  PID:7808
- C:\Windows\System\ZSmNSOJ.exe
  C:\Windows\System\ZSmNSOJ.exe
  2⤵
  PID:7976
- C:\Windows\System\ZeeyYxO.exe
  C:\Windows\System\ZeeyYxO.exe
  2⤵
  PID:8004
- C:\Windows\System\TYvvDTZ.exe
  C:\Windows\System\TYvvDTZ.exe
  2⤵
  PID:7560
- C:\Windows\System\eOhgPeb.exe
  C:\Windows\System\eOhgPeb.exe
  2⤵
  PID:7036
- C:\Windows\System\nbYaueI.exe
  C:\Windows\System\nbYaueI.exe
  2⤵
  PID:7616
- C:\Windows\System\bNMwHxP.exe
  C:\Windows\System\bNMwHxP.exe
  2⤵
  PID:7900
- C:\Windows\System\WAxXaBk.exe
  C:\Windows\System\WAxXaBk.exe
  2⤵
  PID:7564
- C:\Windows\System\lJvayqs.exe
  C:\Windows\System\lJvayqs.exe
  2⤵
  PID:7328
- C:\Windows\System\RKaANVC.exe
  C:\Windows\System\RKaANVC.exe
  2⤵
  PID:7532
- C:\Windows\System\wQXIlcx.exe
  C:\Windows\System\wQXIlcx.exe
  2⤵
  PID:7816
- C:\Windows\System\UeNHjqU.exe
  C:\Windows\System\UeNHjqU.exe
  2⤵
  PID:8496
- C:\Windows\System\hOxFVeH.exe
  C:\Windows\System\hOxFVeH.exe
  2⤵
  PID:8664
- C:\Windows\System\fiEDACt.exe
  C:\Windows\System\fiEDACt.exe
  2⤵
  PID:8684
- C:\Windows\System\ebeojHa.exe
  C:\Windows\System\ebeojHa.exe
  2⤵
  PID:7500
- C:\Windows\System\fSbRQij.exe
  C:\Windows\System\fSbRQij.exe
  2⤵
  PID:6212
- C:\Windows\System\IPnaVSa.exe
  C:\Windows\System\IPnaVSa.exe
  2⤵
  PID:6564
- C:\Windows\System\vDUqSQx.exe
  C:\Windows\System\vDUqSQx.exe
  2⤵
  PID:8136
- C:\Windows\System\tpMBjqC.exe
  C:\Windows\System\tpMBjqC.exe
  2⤵
  PID:7572
- C:\Windows\System\NbCfrbT.exe
  C:\Windows\System\NbCfrbT.exe
  2⤵
  PID:8432
- C:\Windows\System\UjYhxJu.exe
  C:\Windows\System\UjYhxJu.exe
  2⤵
  PID:6124
- C:\Windows\System\iKEiQEe.exe
  C:\Windows\System\iKEiQEe.exe
  2⤵
  PID:6912
- C:\Windows\System\uUnhkHk.exe
  C:\Windows\System\uUnhkHk.exe
  2⤵
  PID:8980
- C:\Windows\System\FbVosuh.exe
  C:\Windows\System\FbVosuh.exe
  2⤵
  PID:8524
- C:\Windows\System\OyuiDrf.exe
  C:\Windows\System\OyuiDrf.exe
  2⤵
  PID:9008
- C:\Windows\System\hhuXbdk.exe
  C:\Windows\System\hhuXbdk.exe
  2⤵
  PID:9056
- C:\Windows\System\AUeZBSb.exe
  C:\Windows\System\AUeZBSb.exe
  2⤵
  PID:7496
- C:\Windows\System\NmwDFHE.exe
  C:\Windows\System\NmwDFHE.exe
  2⤵
  PID:8240
- C:\Windows\System\pJtAunm.exe
  C:\Windows\System\pJtAunm.exe
  2⤵
  PID:8368
- C:\Windows\System\OcIXtHg.exe
  C:\Windows\System\OcIXtHg.exe
  2⤵
  PID:7480
- C:\Windows\System\sWxOhXp.exe
  C:\Windows\System\sWxOhXp.exe
  2⤵
  PID:8032
- C:\Windows\System\Pdtjuzw.exe
  C:\Windows\System\Pdtjuzw.exe
  2⤵
  PID:7280
- C:\Windows\System\PlEaENj.exe
  C:\Windows\System\PlEaENj.exe
  2⤵
  PID:7252
- C:\Windows\System\ENpXSpD.exe
  C:\Windows\System\ENpXSpD.exe
  2⤵
  PID:8548
- C:\Windows\System\LcVixME.exe
  C:\Windows\System\LcVixME.exe
  2⤵
  PID:8588
- C:\Windows\System\ZlnUjHR.exe
  C:\Windows\System\ZlnUjHR.exe
  2⤵
  PID:8744
- C:\Windows\System\VFRUGdA.exe
  C:\Windows\System\VFRUGdA.exe
  2⤵
  PID:5312
- C:\Windows\System\JyvFYPE.exe
  C:\Windows\System\JyvFYPE.exe
  2⤵
  PID:7336
- C:\Windows\System\oXujdxO.exe
  C:\Windows\System\oXujdxO.exe
  2⤵
  PID:8956
- C:\Windows\System\CNLBlKY.exe
  C:\Windows\System\CNLBlKY.exe
  2⤵
  PID:9188
- C:\Windows\System\gFqixRX.exe
  C:\Windows\System\gFqixRX.exe
  2⤵
  PID:8380
- C:\Windows\System\PkfasML.exe
  C:\Windows\System\PkfasML.exe
  2⤵
  PID:8600
- C:\Windows\System\TLZYIKm.exe
  C:\Windows\System\TLZYIKm.exe
  2⤵
  PID:8200
- C:\Windows\System\ScouWdJ.exe
  C:\Windows\System\ScouWdJ.exe
  2⤵
  PID:5592
- C:\Windows\System\jHtyuOI.exe
  C:\Windows\System\jHtyuOI.exe
  2⤵
  PID:8236
- C:\Windows\System\MRhSySN.exe
  C:\Windows\System\MRhSySN.exe
  2⤵
  PID:8800
- C:\Windows\System\lOmsqRp.exe
  C:\Windows\System\lOmsqRp.exe
  2⤵
  PID:8556
- C:\Windows\System\CKsnJDy.exe
  C:\Windows\System\CKsnJDy.exe
  2⤵
  PID:8500
- C:\Windows\System\uTmttDr.exe
  C:\Windows\System\uTmttDr.exe
  2⤵
  PID:9232
- C:\Windows\System\dzOIRpq.exe
  C:\Windows\System\dzOIRpq.exe
  2⤵
  PID:8476
- C:\Windows\System\eXDsRwA.exe
  C:\Windows\System\eXDsRwA.exe
  2⤵
  PID:8928
- C:\Windows\System\AHzJcYz.exe
  C:\Windows\System\AHzJcYz.exe
  2⤵
  PID:8828
- C:\Windows\System\AjdGphu.exe
  C:\Windows\System\AjdGphu.exe
  2⤵
  PID:9428
- C:\Windows\System\cJHjCHB.exe
  C:\Windows\System\cJHjCHB.exe
  2⤵
  PID:8208
- C:\Windows\System\cCztQax.exe
  C:\Windows\System\cCztQax.exe
  2⤵
  PID:9476
- C:\Windows\System\UOPgXyi.exe
  C:\Windows\System\UOPgXyi.exe
  2⤵
  PID:5560
- C:\Windows\System\QnfJPPi.exe
  C:\Windows\System\QnfJPPi.exe
  2⤵
  PID:9568
- C:\Windows\System\zSwNFsE.exe
  C:\Windows\System\zSwNFsE.exe
  2⤵
  PID:9364
- C:\Windows\System\eOLdags.exe
  C:\Windows\System\eOLdags.exe
  2⤵
  PID:3492
- C:\Windows\System\gzynqLd.exe
  C:\Windows\System\gzynqLd.exe
  2⤵
  PID:8772
- C:\Windows\System\cTwvDPm.exe
  C:\Windows\System\cTwvDPm.exe
  2⤵
  PID:9336
- C:\Windows\System\eegPURR.exe
  C:\Windows\System\eegPURR.exe
  2⤵
  PID:9788
- C:\Windows\System\irbCqMI.exe
  C:\Windows\System\irbCqMI.exe
  2⤵
  PID:9484
- C:\Windows\System\EfGOjLE.exe
  C:\Windows\System\EfGOjLE.exe
  2⤵
  PID:9900
- C:\Windows\System\xGCjUFg.exe
  C:\Windows\System\xGCjUFg.exe
  2⤵
  PID:9796
- C:\Windows\System\EnRnGJk.exe
  C:\Windows\System\EnRnGJk.exe
  2⤵
  PID:9704
- C:\Windows\System\rVikANL.exe
  C:\Windows\System\rVikANL.exe
  2⤵
  PID:9648
- C:\Windows\System\RqFHGKZ.exe
  C:\Windows\System\RqFHGKZ.exe
  2⤵
  PID:10188
- C:\Windows\System\lTManRD.exe
  C:\Windows\System\lTManRD.exe
  2⤵
  PID:10088
- C:\Windows\System\NqQRVOx.exe
  C:\Windows\System\NqQRVOx.exe
  2⤵
  PID:10132
- C:\Windows\System\dkdmfBq.exe
  C:\Windows\System\dkdmfBq.exe
  2⤵
  PID:8552
- C:\Windows\System\sCqZiRq.exe
  C:\Windows\System\sCqZiRq.exe
  2⤵
  PID:9908
- C:\Windows\System\wWgFmJz.exe
  C:\Windows\System\wWgFmJz.exe
  2⤵
  PID:10068
- C:\Windows\System\zDNJIAy.exe
  C:\Windows\System\zDNJIAy.exe
  2⤵
  PID:9956
- C:\Windows\System\KCLpJeJ.exe
  C:\Windows\System\KCLpJeJ.exe
  2⤵
  PID:9348
- C:\Windows\System\UkMmOfQ.exe
  C:\Windows\System\UkMmOfQ.exe
  2⤵
  PID:9928
- C:\Windows\System\PbPDzaV.exe
  C:\Windows\System\PbPDzaV.exe
  2⤵
  PID:9776
- C:\Windows\System\wnxyelq.exe
  C:\Windows\System\wnxyelq.exe
  2⤵
  PID:9656
- C:\Windows\System\ZPPsGTD.exe
  C:\Windows\System\ZPPsGTD.exe
  2⤵
  PID:9848
- C:\Windows\System\bJzDmuh.exe
  C:\Windows\System\bJzDmuh.exe
  2⤵
  PID:10168
- C:\Windows\System\GzlRClq.exe
  C:\Windows\System\GzlRClq.exe
  2⤵
  PID:764
- C:\Windows\System\EPeFkHR.exe
  C:\Windows\System\EPeFkHR.exe
  2⤵
  PID:9340
- C:\Windows\System\jKNfvsX.exe
  C:\Windows\System\jKNfvsX.exe
  2⤵
  PID:9964
- C:\Windows\System\BPVWbmw.exe
  C:\Windows\System\BPVWbmw.exe
  2⤵
  PID:14352
- C:\Windows\System\ZrQYfcr.exe
  C:\Windows\System\ZrQYfcr.exe
  2⤵
  PID:14380
- C:\Windows\System\SMbLfBu.exe
  C:\Windows\System\SMbLfBu.exe
  2⤵
  PID:14408
- C:\Windows\System\nvCRQuq.exe
  C:\Windows\System\nvCRQuq.exe
  2⤵
  PID:14436
- C:\Windows\System\tMmkbFt.exe
  C:\Windows\System\tMmkbFt.exe
  2⤵
  PID:14464
- C:\Windows\System\XIXPilj.exe
  C:\Windows\System\XIXPilj.exe
  2⤵
  PID:14492
- C:\Windows\System\CgMXkbz.exe
  C:\Windows\System\CgMXkbz.exe
  2⤵
  PID:14520
- C:\Windows\System\ylZfatC.exe
  C:\Windows\System\ylZfatC.exe
  2⤵
  PID:14548
- C:\Windows\System\sbRTkfn.exe
  C:\Windows\System\sbRTkfn.exe
  2⤵
  PID:14588
- C:\Windows\System\Ixqxeky.exe
  C:\Windows\System\Ixqxeky.exe
  2⤵
  PID:14604
- C:\Windows\System\LOgKtYM.exe
  C:\Windows\System\LOgKtYM.exe
  2⤵
  PID:14632
- C:\Windows\System\yKcJckG.exe
  C:\Windows\System\yKcJckG.exe
  2⤵
  PID:14660
- C:\Windows\System\FawHiCu.exe
  C:\Windows\System\FawHiCu.exe
  2⤵
  PID:14692
- C:\Windows\System\RwerOcg.exe
  C:\Windows\System\RwerOcg.exe
  2⤵
  PID:14852
- C:\Windows\System\Wqojxvn.exe
  C:\Windows\System\Wqojxvn.exe
  2⤵
  PID:14892
- C:\Windows\System\qmVFgqJ.exe
  C:\Windows\System\qmVFgqJ.exe
  2⤵
  PID:14920
- C:\Windows\System\pEcPoVh.exe
  C:\Windows\System\pEcPoVh.exe
  2⤵
  PID:14952
- C:\Windows\System\fvYCycc.exe
  C:\Windows\System\fvYCycc.exe
  2⤵
  PID:14980
- C:\Windows\System\IaIUfpD.exe
  C:\Windows\System\IaIUfpD.exe
  2⤵
  PID:15008
- C:\Windows\System\qcyFFGw.exe
  C:\Windows\System\qcyFFGw.exe
  2⤵
  PID:15036
- C:\Windows\System\DhlGYzX.exe
  C:\Windows\System\DhlGYzX.exe
  2⤵
  PID:15064
- C:\Windows\System\NLbhMAb.exe
  C:\Windows\System\NLbhMAb.exe
  2⤵
  PID:15092
- C:\Windows\System\HwQXTAx.exe
  C:\Windows\System\HwQXTAx.exe
  2⤵
  PID:15120
- C:\Windows\System\asFrbld.exe
  C:\Windows\System\asFrbld.exe
  2⤵
  PID:15148
- C:\Windows\System\YlGpejI.exe
  C:\Windows\System\YlGpejI.exe
  2⤵
  PID:15176
- C:\Windows\System\tYiEbCP.exe
  C:\Windows\System\tYiEbCP.exe
  2⤵
  PID:15204
- C:\Windows\System\ioRktOl.exe
  C:\Windows\System\ioRktOl.exe
  2⤵
  PID:15232
- C:\Windows\System\jJEBrLu.exe
  C:\Windows\System\jJEBrLu.exe
  2⤵
  PID:15260
- C:\Windows\System\CxQYywD.exe
  C:\Windows\System\CxQYywD.exe
  2⤵
  PID:15288
- C:\Windows\System\ybxgqLB.exe
  C:\Windows\System\ybxgqLB.exe
  2⤵
  PID:15316
- C:\Windows\System\wJBNule.exe
  C:\Windows\System\wJBNule.exe
  2⤵
  PID:15344
- C:\Windows\System\LokJyNc.exe
  C:\Windows\System\LokJyNc.exe
  2⤵
  PID:14364
- C:\Windows\System\yRJjJCb.exe
  C:\Windows\System\yRJjJCb.exe
  2⤵
  PID:9988
- C:\Windows\System\vBaUygn.exe
  C:\Windows\System\vBaUygn.exe
  2⤵
  PID:14432
- C:\Windows\System\MHDwbVa.exe
  C:\Windows\System\MHDwbVa.exe
  2⤵
  PID:14484
- C:\Windows\System\zIfXgfX.exe
  C:\Windows\System\zIfXgfX.exe
  2⤵
  PID:14512
- C:\Windows\System\jzKilJh.exe
  C:\Windows\System\jzKilJh.exe
  2⤵
  PID:10024
- C:\Windows\System\uQLMCRS.exe
  C:\Windows\System\uQLMCRS.exe
  2⤵
  PID:10244
- C:\Windows\System\IxqmzTd.exe
  C:\Windows\System\IxqmzTd.exe
  2⤵
  PID:14616
- C:\Windows\System\BqEyEtO.exe
  C:\Windows\System\BqEyEtO.exe
  2⤵
  PID:10324
- C:\Windows\System\gnqcfec.exe
  C:\Windows\System\gnqcfec.exe
  2⤵
  PID:14672
- C:\Windows\System\BnqoXFv.exe
  C:\Windows\System\BnqoXFv.exe
  2⤵
  PID:14712
- C:\Windows\System\UyRIOuv.exe
  C:\Windows\System\UyRIOuv.exe
  2⤵
  PID:14740
- C:\Windows\System\ObLojNT.exe
  C:\Windows\System\ObLojNT.exe
  2⤵
  PID:14764
- C:\Windows\System\oBZEZJZ.exe
  C:\Windows\System\oBZEZJZ.exe
  2⤵
  PID:14784
- C:\Windows\System\KLztMyn.exe
  C:\Windows\System\KLztMyn.exe
  2⤵
  PID:10528
- C:\Windows\System\iUNvxPS.exe
  C:\Windows\System\iUNvxPS.exe
  2⤵
  PID:14868
- C:\Windows\System\nsjDWkK.exe
  C:\Windows\System\nsjDWkK.exe
  2⤵
  PID:14992
- C:\Windows\System\ibBzSEn.exe
  C:\Windows\System\ibBzSEn.exe
  2⤵
  PID:15076
- C:\Windows\System\vefKYrY.exe
  C:\Windows\System\vefKYrY.exe
  2⤵
  PID:2508
- C:\Windows\System\IIADjpR.exe
  C:\Windows\System\IIADjpR.exe
  2⤵
  PID:15144
- C:\Windows\System\UbAUcKF.exe
  C:\Windows\System\UbAUcKF.exe
  2⤵
  PID:15216
- C:\Windows\System\uZeyNZs.exe
  C:\Windows\System\uZeyNZs.exe
  2⤵
  PID:744
- C:\Windows\System\bvKahyq.exe
  C:\Windows\System\bvKahyq.exe
  2⤵
  PID:10684
- C:\Windows\System\GxAMkVt.exe
  C:\Windows\System\GxAMkVt.exe
  2⤵
  PID:15356
- C:\Windows\System\jtiOQck.exe
  C:\Windows\System\jtiOQck.exe
  2⤵
  PID:10016
- C:\Windows\System\mWXynrp.exe
  C:\Windows\System\mWXynrp.exe
  2⤵
  PID:14428
- C:\Windows\System\fracIXZ.exe
  C:\Windows\System\fracIXZ.exe
  2⤵
  PID:10888
- C:\Windows\System\QECdRkh.exe
  C:\Windows\System\QECdRkh.exe
  2⤵
  PID:10916
- C:\Windows\System\jWuzBul.exe
  C:\Windows\System\jWuzBul.exe
  2⤵
  PID:9228
- C:\Windows\System\QtgkNcT.exe
  C:\Windows\System\QtgkNcT.exe
  2⤵
  PID:14628
- C:\Windows\System\xdmSMqS.exe
  C:\Windows\System\xdmSMqS.exe
  2⤵
  PID:14680
- C:\Windows\System\WdbTutK.exe
  C:\Windows\System\WdbTutK.exe
  2⤵
  PID:14728
- C:\Windows\System\BjjHVpG.exe
  C:\Windows\System\BjjHVpG.exe
  2⤵
  PID:14760
- C:\Windows\System\rhdhosf.exe
  C:\Windows\System\rhdhosf.exe
  2⤵
  PID:14808
- C:\Windows\System\WZXywZA.exe
  C:\Windows\System\WZXywZA.exe
  2⤵
  PID:14828
- C:\Windows\System\XGxOfvu.exe
  C:\Windows\System\XGxOfvu.exe
  2⤵
  PID:14860
- C:\Windows\System\njCnWUq.exe
  C:\Windows\System\njCnWUq.exe
  2⤵
  PID:14884
- C:\Windows\System\BtqnpeF.exe
  C:\Windows\System\BtqnpeF.exe
  2⤵
  PID:10596
- C:\Windows\System\OuriCjR.exe
  C:\Windows\System\OuriCjR.exe
  2⤵
  PID:10328
- C:\Windows\System\GVQWnox.exe
  C:\Windows\System\GVQWnox.exe
  2⤵
  PID:15028
- C:\Windows\System\Okjgauf.exe
  C:\Windows\System\Okjgauf.exe
  2⤵
  PID:10560
- C:\Windows\System\gHfNOxW.exe
  C:\Windows\System\gHfNOxW.exe
  2⤵
  PID:10780
- C:\Windows\System\hlXuQpd.exe
  C:\Windows\System\hlXuQpd.exe
  2⤵
  PID:10924
- C:\Windows\System\iBuZuuP.exe
  C:\Windows\System\iBuZuuP.exe
  2⤵
  PID:11060
- C:\Windows\System\vymUygW.exe
  C:\Windows\System\vymUygW.exe
  2⤵
  PID:15172
- C:\Windows\System\QWbjctP.exe
  C:\Windows\System\QWbjctP.exe
  2⤵
  PID:15272
- C:\Windows\System\BHMKtnx.exe
  C:\Windows\System\BHMKtnx.exe
  2⤵
  PID:10300
- C:\Windows\System\paJxNea.exe
  C:\Windows\System\paJxNea.exe
  2⤵
  PID:14392
- C:\Windows\System\jkPYsLX.exe
  C:\Windows\System\jkPYsLX.exe
  2⤵
  PID:10824
- C:\Windows\System\liQEDVj.exe
  C:\Windows\System\liQEDVj.exe
  2⤵
  PID:6232
- C:\Windows\System\FrfjEan.exe
  C:\Windows\System\FrfjEan.exe
  2⤵
  PID:14600
- C:\Windows\System\kcpmLGF.exe
  C:\Windows\System\kcpmLGF.exe
  2⤵
  PID:11020
- C:\Windows\System\ocACpDv.exe
  C:\Windows\System\ocACpDv.exe
  2⤵
  PID:14752
- C:\Windows\System\dNAYNLH.exe
  C:\Windows\System\dNAYNLH.exe
  2⤵
  PID:14848
- C:\Windows\System\NirqyLK.exe
  C:\Windows\System\NirqyLK.exe
  2⤵
  PID:10584
- C:\Windows\System\qzmhTIS.exe
  C:\Windows\System\qzmhTIS.exe
  2⤵
  PID:6760
- C:\Windows\System\YJUrOTl.exe
  C:\Windows\System\YJUrOTl.exe
  2⤵
  PID:10508
- C:\Windows\System\HvUTdqx.exe
  C:\Windows\System\HvUTdqx.exe
  2⤵
  PID:10416
- C:\Windows\System\hGRrGlX.exe
  C:\Windows\System\hGRrGlX.exe
  2⤵
  PID:15132
- C:\Windows\System\IhYuVsH.exe
  C:\Windows\System\IhYuVsH.exe
  2⤵
  PID:15300
- C:\Windows\System\SNkbnrr.exe
  C:\Windows\System\SNkbnrr.exe
  2⤵
  PID:10768
- C:\Windows\System\esKgxic.exe
  C:\Windows\System\esKgxic.exe
  2⤵
  PID:10104
- C:\Windows\System\xNTggKq.exe
  C:\Windows\System\xNTggKq.exe
  2⤵
  PID:10368
- C:\Windows\System\xmMYKhh.exe
  C:\Windows\System\xmMYKhh.exe
  2⤵
  PID:10992
- C:\Windows\System\zMvaEJO.exe
  C:\Windows\System\zMvaEJO.exe
  2⤵
  PID:10336
- C:\Windows\System\sNBtOiv.exe
  C:\Windows\System\sNBtOiv.exe
  2⤵
  PID:11372
- C:\Windows\System\WJOpyWa.exe
  C:\Windows\System\WJOpyWa.exe
  2⤵
  PID:11400
- C:\Windows\System\VMQrJIr.exe
  C:\Windows\System\VMQrJIr.exe
  2⤵
  PID:11464
- C:\Windows\System\sllbgHN.exe
  C:\Windows\System\sllbgHN.exe
  2⤵
  PID:11492
- C:\Windows\System\gDkvAeL.exe
  C:\Windows\System\gDkvAeL.exe
  2⤵
  PID:11548
- C:\Windows\System\kqyZJYn.exe
  C:\Windows\System\kqyZJYn.exe
  2⤵
  PID:11600
- C:\Windows\System\vXIygTj.exe
  C:\Windows\System\vXIygTj.exe
  2⤵
  PID:10664
- C:\Windows\System\wUahmEU.exe
  C:\Windows\System\wUahmEU.exe
  2⤵
  PID:11692
- C:\Windows\System\lloDSTp.exe
  C:\Windows\System\lloDSTp.exe
  2⤵
  PID:11336
- C:\Windows\System\sJSxATI.exe
  C:\Windows\System\sJSxATI.exe
  2⤵
  PID:11380
- C:\Windows\System\jOErTGk.exe
  C:\Windows\System\jOErTGk.exe
  2⤵
  PID:10468
- C:\Windows\System\xEwNhjE.exe
  C:\Windows\System\xEwNhjE.exe
  2⤵
  PID:10624
- C:\Windows\System\efDIldR.exe
  C:\Windows\System\efDIldR.exe
  2⤵
  PID:2536
- C:\Windows\System\sPoKDbx.exe
  C:\Windows\System\sPoKDbx.exe
  2⤵
  PID:11936
- C:\Windows\System\ZWArbMv.exe
  C:\Windows\System\ZWArbMv.exe
  2⤵
  PID:11636
- C:\Windows\System\LjNHiMz.exe
  C:\Windows\System\LjNHiMz.exe
  2⤵
  PID:11316
- C:\Windows\System\WXMKbvG.exe
  C:\Windows\System\WXMKbvG.exe
  2⤵
  PID:12084
- C:\Windows\System\xixnjsJ.exe
  C:\Windows\System\xixnjsJ.exe
  2⤵
  PID:11512
- C:\Windows\System\KvPBVcv.exe
  C:\Windows\System\KvPBVcv.exe
  2⤵
  PID:11944
- C:\Windows\System\XeOwakX.exe
  C:\Windows\System\XeOwakX.exe
  2⤵
  PID:11768
- C:\Windows\System\GUeQPQf.exe
  C:\Windows\System\GUeQPQf.exe
  2⤵
  PID:12180
- C:\Windows\System\bnpvtrS.exe
  C:\Windows\System\bnpvtrS.exe
  2⤵
  PID:11880
- C:\Windows\System\EuyWREu.exe
  C:\Windows\System\EuyWREu.exe
  2⤵
  PID:15388
- C:\Windows\System\AhtyVNG.exe
  C:\Windows\System\AhtyVNG.exe
  2⤵
  PID:15416
- C:\Windows\System\dvWdSSm.exe
  C:\Windows\System\dvWdSSm.exe
  2⤵
  PID:15444
- C:\Windows\System\EZyoaaG.exe
  C:\Windows\System\EZyoaaG.exe
  2⤵
  PID:15472
- C:\Windows\System\HwMIBCT.exe
  C:\Windows\System\HwMIBCT.exe
  2⤵
  PID:15500
- C:\Windows\System\xmEWulF.exe
  C:\Windows\System\xmEWulF.exe
  2⤵
  PID:15528
- C:\Windows\System\Ttbdymy.exe
  C:\Windows\System\Ttbdymy.exe
  2⤵
  PID:15560
- C:\Windows\System\hpDpUJt.exe
  C:\Windows\System\hpDpUJt.exe
  2⤵
  PID:15588
- C:\Windows\System\kaApPeU.exe
  C:\Windows\System\kaApPeU.exe
  2⤵
  PID:15616
- C:\Windows\System\SufplgD.exe
  C:\Windows\System\SufplgD.exe
  2⤵
  PID:15644
- C:\Windows\System\dviIXTU.exe
  C:\Windows\System\dviIXTU.exe
  2⤵
  PID:15672
- C:\Windows\System\iYNlRUT.exe
  C:\Windows\System\iYNlRUT.exe
  2⤵
  PID:15700
- C:\Windows\System\bBbnQQH.exe
  C:\Windows\System\bBbnQQH.exe
  2⤵
  PID:15728
- C:\Windows\System\dbwLfWo.exe
  C:\Windows\System\dbwLfWo.exe
  2⤵
  PID:15756
- C:\Windows\System\efeLgag.exe
  C:\Windows\System\efeLgag.exe
  2⤵
  PID:15784
- C:\Windows\System\tWixuuk.exe
  C:\Windows\System\tWixuuk.exe
  2⤵
  PID:15812
- C:\Windows\System\FxyAOkP.exe
  C:\Windows\System\FxyAOkP.exe
  2⤵
  PID:15840
- C:\Windows\System\sezXMXO.exe
  C:\Windows\System\sezXMXO.exe
  2⤵
  PID:15868
- C:\Windows\System\jKuYfwc.exe
  C:\Windows\System\jKuYfwc.exe
  2⤵
  PID:15896
- C:\Windows\System\CazXjNP.exe
  C:\Windows\System\CazXjNP.exe
  2⤵
  PID:15924
- C:\Windows\System\BpPxebi.exe
  C:\Windows\System\BpPxebi.exe
  2⤵
  PID:15952
- C:\Windows\System\utvANQm.exe
  C:\Windows\System\utvANQm.exe
  2⤵
  PID:15980
- C:\Windows\System\qMQwdIW.exe
  C:\Windows\System\qMQwdIW.exe
  2⤵
  PID:16008
- C:\Windows\System\AWEiMIX.exe
  C:\Windows\System\AWEiMIX.exe
  2⤵
  PID:16036
- C:\Windows\System\jCSdIFt.exe
  C:\Windows\System\jCSdIFt.exe
  2⤵
  PID:16064
- C:\Windows\System\ZxhLzye.exe
  C:\Windows\System\ZxhLzye.exe
  2⤵
  PID:16104
- C:\Windows\System\fgbCnnU.exe
  C:\Windows\System\fgbCnnU.exe
  2⤵
  PID:16120
- C:\Windows\System\kJROtCx.exe
  C:\Windows\System\kJROtCx.exe
  2⤵
  PID:16148
- C:\Windows\System\RJbGeCG.exe
  C:\Windows\System\RJbGeCG.exe
  2⤵
  PID:16176
- C:\Windows\System\AAuwNgG.exe
  C:\Windows\System\AAuwNgG.exe
  2⤵
  PID:16208
- C:\Windows\System\wQuPKmg.exe
  C:\Windows\System\wQuPKmg.exe
  2⤵
  PID:16244
- C:\Windows\System\WhHqJzC.exe
  C:\Windows\System\WhHqJzC.exe
  2⤵
  PID:16272
- C:\Windows\System\DopugYB.exe
  C:\Windows\System\DopugYB.exe
  2⤵
  PID:16300
- C:\Windows\System\AOKwUuS.exe
  C:\Windows\System\AOKwUuS.exe
  2⤵
  PID:16328
- C:\Windows\System\pNtUBbZ.exe
  C:\Windows\System\pNtUBbZ.exe
  2⤵
  PID:16368
- C:\Windows\System\oEHTwpf.exe
  C:\Windows\System\oEHTwpf.exe
  2⤵
  PID:11116
- C:\Windows\System\BTCTbSH.exe
  C:\Windows\System\BTCTbSH.exe
  2⤵
  PID:15408
- C:\Windows\System\jEDNlvJ.exe
  C:\Windows\System\jEDNlvJ.exe
  2⤵
  PID:15464
- C:\Windows\System\tdbzgDk.exe
  C:\Windows\System\tdbzgDk.exe
  2⤵
  PID:15524
- C:\Windows\System\NeeQQjw.exe
  C:\Windows\System\NeeQQjw.exe
  2⤵
  PID:15580
- C:\Windows\System\nkgDVVj.exe
  C:\Windows\System\nkgDVVj.exe
  2⤵
  PID:15640
- C:\Windows\System\BRALXzJ.exe
  C:\Windows\System\BRALXzJ.exe
  2⤵
  PID:15712
- C:\Windows\System\QuWwcEF.exe
  C:\Windows\System\QuWwcEF.exe
  2⤵
  PID:15776
- C:\Windows\System\iuQqJwR.exe
  C:\Windows\System\iuQqJwR.exe
  2⤵
  PID:15832
- C:\Windows\System\RnkJLeG.exe
  C:\Windows\System\RnkJLeG.exe
  2⤵
  PID:15892
- C:\Windows\System\rXSpfgf.exe
  C:\Windows\System\rXSpfgf.exe
  2⤵
  PID:15964
- C:\Windows\System\AhWzfGJ.exe
  C:\Windows\System\AhWzfGJ.exe
  2⤵
  PID:16020
- C:\Windows\System\JqtrwLY.exe
  C:\Windows\System\JqtrwLY.exe
  2⤵
  PID:16076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BDdSJUF.exe

Filesize
6.0MB

MD5
3f01ab30e99f16cadeca295444deb2d6

SHA1
86214c48043020a52499b2450290372c4174d50f

SHA256
5d1b7714829c4b6d5ab75a6ba240e44bdeb904f24e0f096090e0ce25808785f0

SHA512
381b3106966d6e09565a9b81cb22a94d0af45e79de5bf34961852e5e2f4b8e0ccea4f82c01bc85f296fe9dcd3dc0d4e6b5ae8d1bafe7a6102aa2916d3d083c51

Download Submit
C:\Windows\System\FEsCtyj.exe

Filesize
6.0MB

MD5
cc87e6509d2e0ee50455fde9756bb90d

SHA1
2d20eea2be8fb4ebf2eb53ed534d2049089ab3d0

SHA256
0d166bc9e14cb737e0d70440e533139b523ee3193ae1ec7ad0c2a81a9373c81b

SHA512
35f0c0a329e9dc9d3378390deef37dce3fd1a601e57233b7bc7fdd48093d5673274f0eb0ab1d8b52ef094424c43f57aee0875b455cedd154751dead9d48d674d

Download Submit
C:\Windows\System\IoJIlTK.exe

Filesize
6.0MB

MD5
16130e358c93aa992f3e35ebd9669bf6

SHA1
5cd23358ca4b97dc47abe03d242d9943dfd1144f

SHA256
e417cdfdf1a448d3a0be66222afa1ed781eecbf6f99c2c07a7cae07f4e65bed3

SHA512
138d408b92690972fe7636ade2239af723ac08663390bf625776d0ee194379def269bdbd28485048178cc3bb697e420c3ab87069560be9668daf578dadb295f7

Download Submit
C:\Windows\System\JGANSDF.exe

Filesize
6.0MB

MD5
ea8d08e9ab4bdb2489b8c9919080b5f0

SHA1
a455a91f4f9bfe49fd6950cf5dc5a1098c1e683d

SHA256
6130bed89d5f2815e93539f4654337177625373be699568e964d8da6151843d2

SHA512
5ac47345d529690e365d08bbb754fd344d1937368d9f5bdca39cbf46605ba1f5c55989c4b9e047236149e8d884afe427fb36fb2172d4e35d9b0697138ffe7a4a

Download Submit
C:\Windows\System\Jsvslis.exe

Filesize
6.0MB

MD5
498686ad3be1aea8b38c6b8989031aa8

SHA1
5766c389084279fd912e0a3d1f8281817e747676

SHA256
0983705a50f560f95fb38759c355731318d3f05d6476ddd8d5e0a7216f9bdf7c

SHA512
7b225604835fa7f1181d910321b65bba27bcf70bbc1dcb3091e034fd438b8ebff363b488942ceab3200149b1a6826fe0bbee3a4a8a38dc598616d6cfb56192e3

Download Submit
C:\Windows\System\MJgnfbh.exe

Filesize
6.0MB

MD5
749b1fe0ae9e215f915728c163b2a62f

SHA1
73c6106d4b40082891116fc9017f4e631807e525

SHA256
98562a44b68d4d9bac9746009debafe549e67080ac7abd68a14239e5e83f67fd

SHA512
5e8ec9eae908cbc556599fc90fb43c2da2573d25bf0e3b33480dbe407c33b6744af4631a5822471b45ac7a64b1027c531b34d0fee899048f7dc414d6195f116d

Download Submit
C:\Windows\System\OwYLYWd.exe

Filesize
6.0MB

MD5
b7912c3f1a1844188d80d35e2a94757a

SHA1
60a9960990752fec3dfe335cfa58a64f113dab5f

SHA256
84d3ce9a96fa60cb5cc36bcd119e4897f6e1064eed119aa2a91a98b43d4bd3e7

SHA512
ffd466193d43824b6f47dd73e8068514b778c831809da06aa5659bdbf907e4690a6bb4aba080ad79e5d7e262ee6cd7a6df974c527ddd7a3b757d076e1bc668b7

Download Submit
C:\Windows\System\QYndafP.exe

Filesize
6.0MB

MD5
1e73485a39a26bf1cf922ed2828cbe67

SHA1
9af83e4a091622f368062650f9a31fb450f41cec

SHA256
d478ff83356ff13f4cf1f41ac91d277f17fa6991a05be0c40cc86dc154386fe1

SHA512
53b1fb29d884070993ea598e137de5353a95571925c7e05c1c48bdd0543206bf68fa36ceda0a5ef6214669ed1fb4b0763a1d01637aa0eeb07447edc5a83689d2

Download Submit
C:\Windows\System\SJozDSe.exe

Filesize
6.0MB

MD5
a1821e32054f90a32c29660bd9abd94f

SHA1
5ffded36dfa2e5bfea2f77faf42cc6ac4ee382be

SHA256
70c0f520f4c0d8cdee521f59704310ee37a1d70638708347399d19e2510a23f0

SHA512
a33e3e4df58f154525fbfbb32f2fcf703251c9deb466ad64d61a74c0c15e8497c9991e6c9f57fdbcc26841a8a10f58a80ca344b2ce0d2b552712e7c6ff5dd03a

Download Submit
C:\Windows\System\URNRKqx.exe

Filesize
6.0MB

MD5
7ba7f88e9f4d5518723baed7da45252d

SHA1
f54b4dae6619d987289824ce064f24011a74fe6a

SHA256
a08a98aedeaf2b42f979888244d9a743db344e9db71f9664c1ecbe0668d145eb

SHA512
6647d016b3884273498a336d7ef6be8c3a14a693e75c78602bcb1754542193560c89403b53b580d443a486ed9264f98f47a25e88feb8ea09470e1eb0c0399bf8

Download Submit
C:\Windows\System\aKDZwGu.exe

Filesize
6.0MB

MD5
705d719cc09c85d817469ac8940534af

SHA1
a9fd4fc1d85d19109da3543dfa351a06c4e97900

SHA256
2984cbda133f46132e580b7d7a1862a4afb86feb1b9da22a14a88495429b6b7d

SHA512
5d4f0ec5b20cf1248447968a41b736678532d793e9488c1c707ebebf7bc161d1007c7703c8399a4efee16d136f8a5b5dba4ee1cdf51ac5e97b96df625b5dc0b5

Download Submit
C:\Windows\System\cHCOcZG.exe

Filesize
6.0MB

MD5
27977ed6e6dec8a15ced13ab6d4b8541

SHA1
4ae6528e89838586be32c3bca932986e0abdea3b

SHA256
5c0f0c39fb650e58ca2bf1d61423e7330e74172e7a98cbf8618789a0b33bf2ec

SHA512
9dc5a8f0b6a8681c5fe01ad3f274e6f5aea1165128bcda268c9562a0a52d1bc56efd566b4839ef101dce12305d9a0ec9f5d14f0053856005cdf5cac17c0a46ba

Download Submit
C:\Windows\System\cWOQZCf.exe

Filesize
6.0MB

MD5
fecf4a2be7402535f84f4f247c15a4c8

SHA1
ddc51fbb4eeba429dfdbbacf7460bda62afe88b2

SHA256
338b27ed9feef96df951e8f92e297b03ebc69985e55bc335d004ab192d8d23d9

SHA512
e0d122b63a0633b40829839252b5d2a13ef93fa790202e4d00524087b951ad127c0eef42ff9ca1991dc781a406717c50962609525f22cac7562a2eaaa9c0312f

Download Submit
C:\Windows\System\dbKUIXT.exe

Filesize
6.0MB

MD5
cfe3c4870f48b9b925e54cecb9946a2a

SHA1
a0252c7b1150dca1241be7c3a89e2d3d919b0afc

SHA256
1bf7cbc8090b2504256af91fb984ca86b48b5eabf57a49cf42d03a7ce3066c07

SHA512
ab585bcb4ed50839f3a80c8ab60e36fea26afb9fd257da9679535e122cc58f5583405b58caf0512b2adccbcf587ff129e0fba29d92de3fc05fd8131f831a87e2

Download Submit
C:\Windows\System\fdRkRYo.exe

Filesize
6.0MB

MD5
1015e9fea2a300bbbce8e7f6bc1fa6f5

SHA1
2bfdde64af3a936ae427e20f6905990769454405

SHA256
bf01860aafec4b67119177d3535275edefe0ec3e9d3c285abe23606384165b2c

SHA512
065c450874e9fc225e0ac28b266c8cf770ebddbf274a2a8ee778978fc8c748acd263ccae74661af9f62391c48f74202426208811906a56c37047a755fc0592fc

Download Submit
C:\Windows\System\gOKismd.exe

Filesize
6.0MB

MD5
4661256757d3c548b5b2140417c81174

SHA1
12195a8f484480e09498cbb64afd7e209364a1a5

SHA256
0350fc9a0130ce29804d83723cbd6922c45a705dd307e91f14ebb9999f1bf58d

SHA512
ad30d54cd20521c9fc3d77bf78ad5e5fc4443f75ea6b8b605a626f4924e6f92274743a6e26500d28de1227ffd1d37993e7eea9eb4657b0756426ce4588018102

Download Submit
C:\Windows\System\hxiNRFV.exe

Filesize
6.0MB

MD5
e232c21fd050aa700f8794bd39b20b46

SHA1
8f5d05e42b69177c5d25829ed080d2bb14324fc4

SHA256
aa83f2bdb368d54c58e38ddd9c09c038b92ce3c17db1faaf5dc27d5b902291a6

SHA512
88ff631d4d8a2f8834c9b0056fb90630db68c62e6763aceb9f9701eacbd9fada686292f7a013d3b5e3aead6071b8439fe226a41db26b5b8e11327ae5ae99b792

Download Submit
C:\Windows\System\iYpnchS.exe

Filesize
6.0MB

MD5
f7fae6ece48f06cff2d51c66ba04b867

SHA1
b6a10a9fd2151ea7a7077445890e63d0bdf57381

SHA256
7b1eed892c4957393367788434dce604034b10bb1b9519c272a7a911b4a8f06d

SHA512
3a6fe408e9fc48ba92d08385bbdc5a2c4a1e7bcdcc9d016dafa40fd66e9b220353972eed534b81d72adfe517a50819a4e5324f82234811d01af289151d8d6940

Download Submit
C:\Windows\System\kLwHjBb.exe

Filesize
6.0MB

MD5
58e1e53e9ae5b4d3bdec15d962446411

SHA1
8109509a59c9e7b11841ee0c882ea058f7581445

SHA256
7ba3d8d87916de364073dd6b7f9831cddc837872c99951c27bef9b555148434b

SHA512
b0841b205abf1aa590f93c0fe93b18a16afa58e667385db69080c2ca5eb187247f28d5af3999158f830bdce157fb9a8178843af7d576fe1c3dcd41d8976bac74

Download Submit
C:\Windows\System\kUbXHYY.exe

Filesize
6.0MB

MD5
37c3a1641bdc487d318d2ed852e03d9a

SHA1
375a991fdb5f341d8e2e75d03a3f1677d60f0f3a

SHA256
6e2eed1f8b66b675f5a2fb1b3831c8a6eb8f8b2c0cee405c38b01a59f6f00f75

SHA512
f158a6f60ad1e2a6dcd6c967cc4d5abd44d6a6ac04a98aee2f95f51d6114bf3700a11b489534f99901bded114a6bc86f5f9951eab0535d49c1156a88ddd314a7

Download Submit
C:\Windows\System\lDtHAWP.exe

Filesize
6.0MB

MD5
5380fab0c7df97a1da36e14435fc2f3f

SHA1
0b98cbc86f7f4943014fb6debb2796980223a839

SHA256
c76e276c5e5f4b3d1acf6650e12bdca53ef60fc2c7266cbdb25f77e0ca1bf582

SHA512
2913b0a041da91a3836c818cd3db00f0b6d1d7f407c915441475aa2852f67dfa60e3552c9aff362ace1aa1a43b3a964dd049db54d1e534914f2e6765ec67d79f

Download Submit
C:\Windows\System\lWOYyQd.exe

Filesize
6.0MB

MD5
e20f106a2eccc57d3c2325b6e9d2e57c

SHA1
862ecd7714786824ffb14b941ba945733aa096ff

SHA256
36a4735bc93de98f3fab9377375bd37ea010aaff54d4a6863ca70254e01716f0

SHA512
66c28ce4fdafc4b9772cd4a72b042530f565f39c84ae6e29bf944f1892d7e566871fb265073d22a7f28a1e465c4160cb95c86eeac04c8a33f771b03ee640bf67

Download Submit
C:\Windows\System\lbBllGH.exe

Filesize
6.0MB

MD5
727855af13eded2c09756757094f5be2

SHA1
720e6560f4ec26de64e4cd8bc0366403d468acba

SHA256
b7e87144b325699736abd94551aba5c724be4ce198b2eaaeda7c18bb6996a8d3

SHA512
7acb6f3490e824a53497c748b12e5299dc132fea3383cb60b2a5a8fa130866435f259912ae7f5864a1bad63325a6a55e802aefc9a129b9516c0281c6d92477ee

Download Submit
C:\Windows\System\ngdruri.exe

Filesize
6.0MB

MD5
3dca928c2fe165b5cb3d7b5b5bd73562

SHA1
3c39ecd8ed29f56a40904f57a04766c885834564

SHA256
6724c0600870e4b67912e6be0e7bd37cf5dea2b6d3da33f05a7d73514444b10b

SHA512
128fa040a6635f934f39de8d635f5861251547818d263100be1ed3f44404052236d18f0dbc688989324546dcdeb00578e2eab1f44dac073068a312dc47d8ec16

Download Submit
C:\Windows\System\pUAdaFe.exe

Filesize
6.0MB

MD5
599eb259104bf569014417b77a7878a7

SHA1
3b1d2a2a89d0db58a8498e3551e3643ff860b56e

SHA256
20f108c2015559c35eb7d8a1f558161f6986ba8191f01a274049abae42543dc5

SHA512
c65f4562ad03ab588a194714a1620c0a76debe09189d439fa2a79ba705a4ce10460a4a7fb6deeaaaaab36d9eb03e60ee37c76aacaf33c8229f70bd8a503acd09

Download Submit
C:\Windows\System\rGWwzsp.exe

Filesize
6.0MB

MD5
865a00ecfd785d356dd0ebfb903b3fbf

SHA1
65c481cac386be087fe4bdd91af243ea9b9728a4

SHA256
ee69214b1f63163436c6369dc13a8c1f2a04f6517b83fe34db75673e5fd2c5d9

SHA512
000923d4061a77fa2280479b5cc5ac2c40d3ba33fb513dc0824863061d06117ba438fb7ae23430d0c54271dafe63fe6ec7d5975bfba21acfdfd46debe5b1d0ac

Download Submit
C:\Windows\System\rxGbeaF.exe

Filesize
6.0MB

MD5
95bfa3c83a02d203fb26eb31cc42c780

SHA1
6fd58ba5485a9e96a325c34d49689d6193a3f7b4

SHA256
8710c575baa88185b103b3bd112f320351bf2007627fe668e94adbefcd3fbdd2

SHA512
39dbf359761b2731b3e5782a191b539a57a0ae85ba9f04dad6f7f904fa5d76d4007cb28136785a1efe43430aadc00abbbf24c477cc4781968a15eee8afa343b5

Download Submit
C:\Windows\System\tjoyDiy.exe

Filesize
6.0MB

MD5
dd695321703d0e25b88749fd300de937

SHA1
c4118d0844eea028a127d766a2ea144c96733aa7

SHA256
3907cb190ae0d63c6abfa678b7307885abaa1965e61593244b3542dec17c32c8

SHA512
87cb5696874b2aef47e6f4a63b2c7aa85f42d470ffe44a090c7ca0a8b63bb4413824825a770be31396e9eafea6db6cdffa52d1a2a5cb89fd0d20461b1f0217b1

Download Submit
C:\Windows\System\uBccydt.exe

Filesize
6.0MB

MD5
5d9cb63a7e004953fd5465bf2fbe4bf6

SHA1
b89e042a351c83b74ae9bbd7b1dc52d42abcf196

SHA256
b0751fe94380475cf0663dc8e4e97ea6ff24cfeb5b5ef1bf4ee4ee054da2d79c

SHA512
37505739ac663126ce5ce0415ba7a44685f909cf1232192b1d5d42b414e5f278ab7b9aaf06134346b0d250233ebeeff6f73aab5e0fc6da165e3d49584d31e210

Download Submit
C:\Windows\System\vOkvYps.exe

Filesize
6.0MB

MD5
9066dae425914a266d6022faeb8db4d0

SHA1
8c94c52ecc6643bdd566f9e63c53781b8be93a29

SHA256
05d46d2ff7e7568f453ac76b716e8a58c1a798feefec650b4f78ad139679fdf7

SHA512
c2d9cacb3e9ea1801f32a457646fabc8382083c62ce29fc1741e091ecb57e410d48c0100ecf58c87ef1cfceb7340eb90d9b4e0b5987bc058a375d381c108e1db

Download Submit
C:\Windows\System\vonsApg.exe

Filesize
6.0MB

MD5
8cccfceb55fa5ab4a56bce46849d5700

SHA1
af7af9f3ab0585d3368f67cdc8f17d12cc272942

SHA256
61214688bb538d5c8ad78c3c8eb7771b60211be96865ec6edffb129a14c11f08

SHA512
ea4c1511320effac5b1ce988be9803bda02ec74633aa0c36f34b2b455549da7a8fdab271456459b947a972754a688f12ddb6f04d3f04e88cd4b67940be12d311

Download Submit
C:\Windows\System\vxueyxF.exe

Filesize
6.0MB

MD5
66015fd144bf7b2f67f8142c5fd305a3

SHA1
32adad93ccdba3b1f769ad15a51b0430892b85f7

SHA256
2c90dc8f8ace99544e67c523ecc5c0222c98ec68befa190b144b6939fefb86f3

SHA512
65988e6fbd78c6ba9e4ce97b3e8a5859d96df0e05fc0b34c906b172be2a0564dac18b9b78f72b986ae02de327cdc9d553d231d9c2f74719c1f089e251ce66fb3

Download Submit
C:\Windows\System\wHuVlnO.exe

Filesize
6.0MB

MD5
cc4ebf5c9189a8afa454d5b1c03f76f3

SHA1
ffc06509afc077d1e27e1a7a44118bb26399b173

SHA256
5c2db49ab55c6f8c65390218e22db6b196fa6038cc39098b8dcbfe97bb1c099a

SHA512
909fcae7c8f278369d174b5bd89b3e7569e52b13af1371343e8ef5be10ef73a4a404d7e0dbf5aa6f519e4ccb5c7aedc4f094b41af9975354f1051f3b2458302c

Download Submit
C:\Windows\System\xmsJPWu.exe

Filesize
6.0MB

MD5
c6b5fda07aa7e9fe060f2fcb1ece5e23

SHA1
23c404ffc3d2fc1bc93d75b79172ccd4f539d9ef

SHA256
2e8692132539fb860b0471065ce65e7c37e7eeba077c9d47356396ec0d2afb11

SHA512
d92f7dbc76225ac57af16b907f1ea2b76ae58a1718612e0021a984409cbc5d41505f0aa1b7094625a3fe333ff840fc1f8bce7473e88fbdf5b861f24a8e2ca9ce

Download Submit
C:\Windows\System\zxwMREG.exe

Filesize
6.0MB

MD5
fa426a46aac39d9463039dae9be1dece

SHA1
d8a8a9be82080aca562652c7b717273ae681af20

SHA256
9e5b2a927322d0b9af4e43541b7d50fbbe3c7d9e7d67c9d5412b24bbb51497a3

SHA512
20f6f36e041dce9806f482232ec54cf32942c30a2eaa5ea61ed487249268a24c66f72c8d3d9327aae5bccae9a45c41d8e42e652188f1d991ab23f893cf110cc5

Download Submit
memory/372-163-0x00007FF6C6830000-0x00007FF6C6B84000-memory.dmp

Filesize
3.3MB

Download
memory/372-1633-0x00007FF6C6830000-0x00007FF6C6B84000-memory.dmp

Filesize
3.3MB

Download
memory/372-84-0x00007FF6C6830000-0x00007FF6C6B84000-memory.dmp

Filesize
3.3MB

Download
memory/516-108-0x00007FF7D21E0000-0x00007FF7D2534000-memory.dmp

Filesize
3.3MB

Download
memory/516-1637-0x00007FF7D21E0000-0x00007FF7D2534000-memory.dmp

Filesize
3.3MB

Download
memory/624-65-0x00007FF7A0FE0000-0x00007FF7A1334000-memory.dmp

Filesize
3.3MB

Download
memory/624-6-0x00007FF7A0FE0000-0x00007FF7A1334000-memory.dmp

Filesize
3.3MB

Download
memory/624-1350-0x00007FF7A0FE0000-0x00007FF7A1334000-memory.dmp

Filesize
3.3MB

Download
memory/756-112-0x00007FF6DC010000-0x00007FF6DC364000-memory.dmp

Filesize
3.3MB

Download
memory/756-1640-0x00007FF6DC010000-0x00007FF6DC364000-memory.dmp

Filesize
3.3MB

Download
memory/756-215-0x00007FF6DC010000-0x00007FF6DC364000-memory.dmp

Filesize
3.3MB

Download
memory/936-87-0x00007FF64D9C0000-0x00007FF64DD14000-memory.dmp

Filesize
3.3MB

Download
memory/936-30-0x00007FF64D9C0000-0x00007FF64DD14000-memory.dmp

Filesize
3.3MB

Download
memory/936-1361-0x00007FF64D9C0000-0x00007FF64DD14000-memory.dmp

Filesize
3.3MB

Download
memory/1132-519-0x00007FF7D7370000-0x00007FF7D76C4000-memory.dmp

Filesize
3.3MB

Download
memory/1132-151-0x00007FF7D7370000-0x00007FF7D76C4000-memory.dmp

Filesize
3.3MB

Download
memory/1132-2055-0x00007FF7D7370000-0x00007FF7D76C4000-memory.dmp

Filesize
3.3MB

Download
memory/1352-104-0x00007FF743330000-0x00007FF743684000-memory.dmp

Filesize
3.3MB

Download
memory/1352-188-0x00007FF743330000-0x00007FF743684000-memory.dmp

Filesize
3.3MB

Download
memory/1352-1643-0x00007FF743330000-0x00007FF743684000-memory.dmp

Filesize
3.3MB

Download
memory/1620-130-0x00007FF790030000-0x00007FF790384000-memory.dmp

Filesize
3.3MB

Download
memory/1620-55-0x00007FF790030000-0x00007FF790384000-memory.dmp

Filesize
3.3MB

Download
memory/1620-1518-0x00007FF790030000-0x00007FF790384000-memory.dmp

Filesize
3.3MB

Download
memory/1832-2058-0x00007FF7A72E0000-0x00007FF7A7634000-memory.dmp

Filesize
3.3MB

Download
memory/1832-219-0x00007FF7A72E0000-0x00007FF7A7634000-memory.dmp

Filesize
3.3MB

Download
memory/1912-20-0x00007FF624DD0000-0x00007FF625124000-memory.dmp

Filesize
3.3MB

Download
memory/1912-1353-0x00007FF624DD0000-0x00007FF625124000-memory.dmp

Filesize
3.3MB

Download
memory/1912-67-0x00007FF624DD0000-0x00007FF625124000-memory.dmp

Filesize
3.3MB

Download
memory/1960-68-0x00007FF6DD440000-0x00007FF6DD794000-memory.dmp

Filesize
3.3MB

Download
memory/1960-1613-0x00007FF6DD440000-0x00007FF6DD794000-memory.dmp

Filesize
3.3MB

Download
memory/1988-76-0x00007FF68D140000-0x00007FF68D494000-memory.dmp

Filesize
3.3MB

Download
memory/1988-23-0x00007FF68D140000-0x00007FF68D494000-memory.dmp

Filesize
3.3MB

Download
memory/1988-1362-0x00007FF68D140000-0x00007FF68D494000-memory.dmp

Filesize
3.3MB

Download
memory/2456-59-0x00007FF7179B0000-0x00007FF717D04000-memory.dmp

Filesize
3.3MB

Download
memory/2456-1-0x000001CDF9A30000-0x000001CDF9A40000-memory.dmp

Filesize
64KB

Download
memory/2456-0-0x00007FF7179B0000-0x00007FF717D04000-memory.dmp

Filesize
3.3MB

Download
memory/2576-1952-0x00007FF69A260000-0x00007FF69A5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-281-0x00007FF69A260000-0x00007FF69A5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-125-0x00007FF69A260000-0x00007FF69A5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-142-0x00007FF686EE0000-0x00007FF687234000-memory.dmp

Filesize
3.3MB

Download
memory/2616-72-0x00007FF686EE0000-0x00007FF687234000-memory.dmp

Filesize
3.3MB

Download
memory/2616-1621-0x00007FF686EE0000-0x00007FF687234000-memory.dmp

Filesize
3.3MB

Download
memory/2628-321-0x00007FF6C1140000-0x00007FF6C1494000-memory.dmp

Filesize
3.3MB

Download
memory/2628-132-0x00007FF6C1140000-0x00007FF6C1494000-memory.dmp

Filesize
3.3MB

Download
memory/2628-1953-0x00007FF6C1140000-0x00007FF6C1494000-memory.dmp

Filesize
3.3MB

Download
memory/2636-115-0x00007FF6984B0000-0x00007FF698804000-memory.dmp

Filesize
3.3MB

Download
memory/2636-1641-0x00007FF6984B0000-0x00007FF698804000-memory.dmp

Filesize
3.3MB

Download
memory/2888-56-0x00007FF733790000-0x00007FF733AE4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-1515-0x00007FF733790000-0x00007FF733AE4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-2061-0x00007FF74F440000-0x00007FF74F794000-memory.dmp

Filesize
3.3MB

Download
memory/2956-195-0x00007FF74F440000-0x00007FF74F794000-memory.dmp

Filesize
3.3MB

Download
memory/3020-1502-0x00007FF65DDC0000-0x00007FF65E114000-memory.dmp

Filesize
3.3MB

Download
memory/3020-36-0x00007FF65DDC0000-0x00007FF65E114000-memory.dmp

Filesize
3.3MB

Download
memory/3020-116-0x00007FF65DDC0000-0x00007FF65E114000-memory.dmp

Filesize
3.3MB

Download
memory/3716-1358-0x00007FF7BC270000-0x00007FF7BC5C4000-memory.dmp

Filesize
3.3MB

Download
memory/3716-25-0x00007FF7BC270000-0x00007FF7BC5C4000-memory.dmp

Filesize
3.3MB

Download
memory/3936-201-0x00007FF7B2C60000-0x00007FF7B2FB4000-memory.dmp

Filesize
3.3MB

Download
memory/3936-2057-0x00007FF7B2C60000-0x00007FF7B2FB4000-memory.dmp

Filesize
3.3MB

Download
memory/4056-145-0x00007FF6AB440000-0x00007FF6AB794000-memory.dmp

Filesize
3.3MB

Download
memory/4056-2042-0x00007FF6AB440000-0x00007FF6AB794000-memory.dmp

Filesize
3.3MB

Download
memory/4176-1956-0x00007FF61E220000-0x00007FF61E574000-memory.dmp

Filesize
3.3MB

Download
memory/4176-131-0x00007FF61E220000-0x00007FF61E574000-memory.dmp

Filesize
3.3MB

Download
memory/4176-319-0x00007FF61E220000-0x00007FF61E574000-memory.dmp

Filesize
3.3MB

Download
memory/4320-1508-0x00007FF7E0140000-0x00007FF7E0494000-memory.dmp

Filesize
3.3MB

Download
memory/4320-43-0x00007FF7E0140000-0x00007FF7E0494000-memory.dmp

Filesize
3.3MB

Download
memory/4320-122-0x00007FF7E0140000-0x00007FF7E0494000-memory.dmp

Filesize
3.3MB

Download
memory/4396-1624-0x00007FF745FD0000-0x00007FF746324000-memory.dmp

Filesize
3.3MB

Download
memory/4396-147-0x00007FF745FD0000-0x00007FF746324000-memory.dmp

Filesize
3.3MB

Download
memory/4396-81-0x00007FF745FD0000-0x00007FF746324000-memory.dmp

Filesize
3.3MB

Download
memory/4580-568-0x00007FF6E3E70000-0x00007FF6E41C4000-memory.dmp

Filesize
3.3MB

Download
memory/4580-156-0x00007FF6E3E70000-0x00007FF6E41C4000-memory.dmp

Filesize
3.3MB

Download
memory/4580-2053-0x00007FF6E3E70000-0x00007FF6E41C4000-memory.dmp

Filesize
3.3MB

Download
memory/4648-2073-0x00007FF77CEC0000-0x00007FF77D214000-memory.dmp

Filesize
3.3MB

Download
memory/4648-209-0x00007FF77CEC0000-0x00007FF77D214000-memory.dmp

Filesize
3.3MB

Download
memory/4936-2067-0x00007FF7BAB90000-0x00007FF7BAEE4000-memory.dmp

Filesize
3.3MB

Download
memory/4936-208-0x00007FF7BAB90000-0x00007FF7BAEE4000-memory.dmp

Filesize
3.3MB

Download
memory/4988-103-0x00007FF7412B0000-0x00007FF741604000-memory.dmp

Filesize
3.3MB

Download
memory/4988-1642-0x00007FF7412B0000-0x00007FF741604000-memory.dmp

Filesize
3.3MB

Download
memory/4988-153-0x00007FF7412B0000-0x00007FF741604000-memory.dmp

Filesize
3.3MB

Download