cobaltstrike | 5e8f2949685c47ca07219e22e50bc42ce1f1fdbdd2ff232d541c8d04b6f0d87d

Analysis

max time kernel
124s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-11-2024 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

615d144a2ae1383f409f6a5e08d6aaa5
SHA1

38646d901d7d711d8ee74470519e2f52527f445d
SHA256

5e8f2949685c47ca07219e22e50bc42ce1f1fdbdd2ff232d541c8d04b6f0d87d
SHA512

c14c634e4d724514a3a02224ad2ca58ee085cab23e4f86f12d7572403ae3af120a25b0439f6b3f49e09b02a48e0ea1cd960ceeb31215794431e70ec47f0d03b9
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUn:T+q56utgpPF8u/7n

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\System\BzSEdwB.exe	cobalt_reflective_dll
C:\Windows\System\oLxGQts.exe	cobalt_reflective_dll
C:\Windows\System\hsmwKxT.exe	cobalt_reflective_dll
C:\Windows\System\uApbHdn.exe	cobalt_reflective_dll
C:\Windows\System\HQxRBvq.exe	cobalt_reflective_dll
C:\Windows\System\PbNeFVz.exe	cobalt_reflective_dll
C:\Windows\System\dpPrjxm.exe	cobalt_reflective_dll
C:\Windows\System\iaoubBU.exe	cobalt_reflective_dll
C:\Windows\System\DWFCrtA.exe	cobalt_reflective_dll
C:\Windows\System\AeNOuZK.exe	cobalt_reflective_dll
C:\Windows\System\sRgtlJr.exe	cobalt_reflective_dll
C:\Windows\System\xTHnKDt.exe	cobalt_reflective_dll
C:\Windows\System\KtPAhgM.exe	cobalt_reflective_dll
C:\Windows\System\uxRnELy.exe	cobalt_reflective_dll
C:\Windows\System\gMEyIzn.exe	cobalt_reflective_dll
C:\Windows\System\qwiQCWf.exe	cobalt_reflective_dll
C:\Windows\System\NCHdivJ.exe	cobalt_reflective_dll
C:\Windows\System\obVaZWa.exe	cobalt_reflective_dll
C:\Windows\System\jwLgZfv.exe	cobalt_reflective_dll
C:\Windows\System\rFlxHeW.exe	cobalt_reflective_dll
C:\Windows\System\zZrtgBD.exe	cobalt_reflective_dll
C:\Windows\System\RfoRCEp.exe	cobalt_reflective_dll
C:\Windows\System\NQRRZgi.exe	cobalt_reflective_dll
C:\Windows\System\nqlheog.exe	cobalt_reflective_dll
C:\Windows\System\AWVnbfo.exe	cobalt_reflective_dll
C:\Windows\System\whUfqbs.exe	cobalt_reflective_dll
C:\Windows\System\yxbizNJ.exe	cobalt_reflective_dll
C:\Windows\System\QmMeoaL.exe	cobalt_reflective_dll
C:\Windows\System\bvhlwUD.exe	cobalt_reflective_dll
C:\Windows\System\ImYMPsp.exe	cobalt_reflective_dll
C:\Windows\System\MjPngwN.exe	cobalt_reflective_dll
C:\Windows\System\OhsPvyt.exe	cobalt_reflective_dll
C:\Windows\System\bBRNHWW.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/3016-0-0x00007FF7CB040000-0x00007FF7CB394000-memory.dmp	xmrig
C:\Windows\System\BzSEdwB.exe	xmrig
behavioral2/memory/3496-6-0x00007FF743C30000-0x00007FF743F84000-memory.dmp	xmrig
C:\Windows\System\oLxGQts.exe	xmrig
behavioral2/memory/992-12-0x00007FF6901E0000-0x00007FF690534000-memory.dmp	xmrig
C:\Windows\System\hsmwKxT.exe	xmrig
C:\Windows\System\uApbHdn.exe	xmrig
behavioral2/memory/2180-24-0x00007FF72E060000-0x00007FF72E3B4000-memory.dmp	xmrig
C:\Windows\System\HQxRBvq.exe	xmrig
C:\Windows\System\PbNeFVz.exe	xmrig
C:\Windows\System\dpPrjxm.exe	xmrig
C:\Windows\System\iaoubBU.exe	xmrig
C:\Windows\System\DWFCrtA.exe	xmrig
behavioral2/memory/2776-18-0x00007FF73E720000-0x00007FF73EA74000-memory.dmp	xmrig
behavioral2/memory/628-43-0x00007FF699280000-0x00007FF6995D4000-memory.dmp	xmrig
behavioral2/memory/3832-60-0x00007FF60A690000-0x00007FF60A9E4000-memory.dmp	xmrig
behavioral2/memory/4748-69-0x00007FF79BEE0000-0x00007FF79C234000-memory.dmp	xmrig
behavioral2/memory/1276-70-0x00007FF6FCA30000-0x00007FF6FCD84000-memory.dmp	xmrig
C:\Windows\System\AeNOuZK.exe	xmrig
C:\Windows\System\sRgtlJr.exe	xmrig
behavioral2/memory/4556-100-0x00007FF6D8000000-0x00007FF6D8354000-memory.dmp	xmrig
behavioral2/memory/992-110-0x00007FF6901E0000-0x00007FF690534000-memory.dmp	xmrig
C:\Windows\System\xTHnKDt.exe	xmrig
C:\Windows\System\KtPAhgM.exe	xmrig
C:\Windows\System\uxRnELy.exe	xmrig
C:\Windows\System\gMEyIzn.exe	xmrig
C:\Windows\System\qwiQCWf.exe	xmrig
C:\Windows\System\NCHdivJ.exe	xmrig
C:\Windows\System\obVaZWa.exe	xmrig
C:\Windows\System\jwLgZfv.exe	xmrig
behavioral2/memory/772-194-0x00007FF6027C0000-0x00007FF602B14000-memory.dmp	xmrig
behavioral2/memory/5084-191-0x00007FF61D9E0000-0x00007FF61DD34000-memory.dmp	xmrig
behavioral2/memory/1708-190-0x00007FF7A30D0000-0x00007FF7A3424000-memory.dmp	xmrig
behavioral2/memory/3772-185-0x00007FF7AC0E0000-0x00007FF7AC434000-memory.dmp	xmrig
behavioral2/memory/1940-182-0x00007FF7ADE30000-0x00007FF7AE184000-memory.dmp	xmrig
C:\Windows\System\rFlxHeW.exe	xmrig
behavioral2/memory/2200-176-0x00007FF64D4B0000-0x00007FF64D804000-memory.dmp	xmrig
C:\Windows\System\zZrtgBD.exe	xmrig
behavioral2/memory/388-170-0x00007FF6A66F0000-0x00007FF6A6A44000-memory.dmp	xmrig
behavioral2/memory/4112-167-0x00007FF7BAFB0000-0x00007FF7BB304000-memory.dmp	xmrig
C:\Windows\System\RfoRCEp.exe	xmrig
behavioral2/memory/1476-161-0x00007FF6F4FF0000-0x00007FF6F5344000-memory.dmp	xmrig
behavioral2/memory/4556-160-0x00007FF6D8000000-0x00007FF6D8354000-memory.dmp	xmrig
behavioral2/memory/208-159-0x00007FF6ED9E0000-0x00007FF6EDD34000-memory.dmp	xmrig
behavioral2/memory/2176-153-0x00007FF785580000-0x00007FF7858D4000-memory.dmp	xmrig
C:\Windows\System\NQRRZgi.exe	xmrig
behavioral2/memory/5024-147-0x00007FF6B2DB0000-0x00007FF6B3104000-memory.dmp	xmrig
behavioral2/memory/3864-146-0x00007FF747280000-0x00007FF7475D4000-memory.dmp	xmrig
behavioral2/memory/2524-145-0x00007FF65B4E0000-0x00007FF65B834000-memory.dmp	xmrig
C:\Windows\System\nqlheog.exe	xmrig
behavioral2/memory/716-139-0x00007FF795690000-0x00007FF7959E4000-memory.dmp	xmrig
C:\Windows\System\AWVnbfo.exe	xmrig
behavioral2/memory/4224-133-0x00007FF6DD3B0000-0x00007FF6DD704000-memory.dmp	xmrig
behavioral2/memory/3944-132-0x00007FF6CAA90000-0x00007FF6CADE4000-memory.dmp	xmrig
C:\Windows\System\whUfqbs.exe	xmrig
behavioral2/memory/772-126-0x00007FF6027C0000-0x00007FF602B14000-memory.dmp	xmrig
behavioral2/memory/628-125-0x00007FF699280000-0x00007FF6995D4000-memory.dmp	xmrig
behavioral2/memory/2180-124-0x00007FF72E060000-0x00007FF72E3B4000-memory.dmp	xmrig
behavioral2/memory/1708-118-0x00007FF7A30D0000-0x00007FF7A3424000-memory.dmp	xmrig
behavioral2/memory/2776-117-0x00007FF73E720000-0x00007FF73EA74000-memory.dmp	xmrig
C:\Windows\System\yxbizNJ.exe	xmrig
behavioral2/memory/1940-112-0x00007FF7ADE30000-0x00007FF7AE184000-memory.dmp	xmrig
behavioral2/memory/4112-109-0x00007FF7BAFB0000-0x00007FF7BB304000-memory.dmp	xmrig
C:\Windows\System\QmMeoaL.exe	xmrig

Executes dropped EXE 64 IoCs

Processes:

BzSEdwB.exeoLxGQts.exehsmwKxT.exeuApbHdn.exeDWFCrtA.exedpPrjxm.exePbNeFVz.exeiaoubBU.exeHQxRBvq.exebBRNHWW.exeOhsPvyt.exeMjPngwN.exeAeNOuZK.exeImYMPsp.exesRgtlJr.exebvhlwUD.exeQmMeoaL.exeyxbizNJ.exexTHnKDt.exewhUfqbs.exeAWVnbfo.exenqlheog.exeNQRRZgi.exeKtPAhgM.exeRfoRCEp.exezZrtgBD.exerFlxHeW.exeuxRnELy.exegMEyIzn.exejwLgZfv.exeNCHdivJ.exeobVaZWa.exeqwiQCWf.exeblyyYFi.exefmJiTwl.exelZHvXPs.exeDSNTlvy.execoGeSte.exetTeNmar.exektLNfQc.exeigRHeyk.exeiXFWOSr.exeLtqwAZB.exeHvOTvHa.exeBpiIwaV.exeqYcAnsZ.exeaqjcfIN.exeqsKkNRS.exeGZzzBGP.exeyIUMMmO.exeUfHQCXv.exekxaBHzS.exeyncNkpy.exeLriJOtY.exefeYOVmy.exeUCPCyTr.exetXjfrHk.exevbQyxkU.exeZAhzNgE.exeLVjmMuM.exeKsuufQN.exeRZLFdBe.exeHFspdnH.exegdcvNyx.exe

pid	process
3496	BzSEdwB.exe
992	oLxGQts.exe
2776	hsmwKxT.exe
2180	uApbHdn.exe
628	DWFCrtA.exe
3944	dpPrjxm.exe
3832	PbNeFVz.exe
616	iaoubBU.exe
4748	HQxRBvq.exe
1276	bBRNHWW.exe
3036	OhsPvyt.exe
4956	MjPngwN.exe
2524	AeNOuZK.exe
3864	ImYMPsp.exe
208	sRgtlJr.exe
4556	bvhlwUD.exe
4112	QmMeoaL.exe
1940	yxbizNJ.exe
1708	xTHnKDt.exe
772	whUfqbs.exe
4224	AWVnbfo.exe
716	nqlheog.exe
5024	NQRRZgi.exe
2176	KtPAhgM.exe
1476	RfoRCEp.exe
388	zZrtgBD.exe
2200	rFlxHeW.exe
3772	uxRnELy.exe
5084	gMEyIzn.exe
4572	jwLgZfv.exe
4816	NCHdivJ.exe
4736	obVaZWa.exe
1556	qwiQCWf.exe
5056	blyyYFi.exe
3940	fmJiTwl.exe
4164	lZHvXPs.exe
3392	DSNTlvy.exe
1652	coGeSte.exe
4348	tTeNmar.exe
3048	ktLNfQc.exe
2252	igRHeyk.exe
3868	iXFWOSr.exe
3824	LtqwAZB.exe
912	HvOTvHa.exe
2096	BpiIwaV.exe
4184	qYcAnsZ.exe
2992	aqjcfIN.exe
4520	qsKkNRS.exe
4752	GZzzBGP.exe
536	yIUMMmO.exe
408	UfHQCXv.exe
3280	kxaBHzS.exe
4304	yncNkpy.exe
760	LriJOtY.exe
3920	feYOVmy.exe
1156	UCPCyTr.exe
3284	tXjfrHk.exe
3136	vbQyxkU.exe
2912	ZAhzNgE.exe
3192	LVjmMuM.exe
4480	KsuufQN.exe
5140	RZLFdBe.exe
5160	HFspdnH.exe
5184	gdcvNyx.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3016-0-0x00007FF7CB040000-0x00007FF7CB394000-memory.dmp	upx
C:\Windows\System\BzSEdwB.exe	upx
behavioral2/memory/3496-6-0x00007FF743C30000-0x00007FF743F84000-memory.dmp	upx
C:\Windows\System\oLxGQts.exe	upx
behavioral2/memory/992-12-0x00007FF6901E0000-0x00007FF690534000-memory.dmp	upx
C:\Windows\System\hsmwKxT.exe	upx
C:\Windows\System\uApbHdn.exe	upx
behavioral2/memory/2180-24-0x00007FF72E060000-0x00007FF72E3B4000-memory.dmp	upx
C:\Windows\System\HQxRBvq.exe	upx
C:\Windows\System\PbNeFVz.exe	upx
C:\Windows\System\dpPrjxm.exe	upx
C:\Windows\System\iaoubBU.exe	upx
C:\Windows\System\DWFCrtA.exe	upx
behavioral2/memory/2776-18-0x00007FF73E720000-0x00007FF73EA74000-memory.dmp	upx
behavioral2/memory/628-43-0x00007FF699280000-0x00007FF6995D4000-memory.dmp	upx
behavioral2/memory/3832-60-0x00007FF60A690000-0x00007FF60A9E4000-memory.dmp	upx
behavioral2/memory/4748-69-0x00007FF79BEE0000-0x00007FF79C234000-memory.dmp	upx
behavioral2/memory/1276-70-0x00007FF6FCA30000-0x00007FF6FCD84000-memory.dmp	upx
C:\Windows\System\AeNOuZK.exe	upx
C:\Windows\System\sRgtlJr.exe	upx
behavioral2/memory/4556-100-0x00007FF6D8000000-0x00007FF6D8354000-memory.dmp	upx
behavioral2/memory/992-110-0x00007FF6901E0000-0x00007FF690534000-memory.dmp	upx
C:\Windows\System\xTHnKDt.exe	upx
C:\Windows\System\KtPAhgM.exe	upx
C:\Windows\System\uxRnELy.exe	upx
C:\Windows\System\gMEyIzn.exe	upx
C:\Windows\System\qwiQCWf.exe	upx
C:\Windows\System\NCHdivJ.exe	upx
C:\Windows\System\obVaZWa.exe	upx
C:\Windows\System\jwLgZfv.exe	upx
behavioral2/memory/772-194-0x00007FF6027C0000-0x00007FF602B14000-memory.dmp	upx
behavioral2/memory/5084-191-0x00007FF61D9E0000-0x00007FF61DD34000-memory.dmp	upx
behavioral2/memory/1708-190-0x00007FF7A30D0000-0x00007FF7A3424000-memory.dmp	upx
behavioral2/memory/3772-185-0x00007FF7AC0E0000-0x00007FF7AC434000-memory.dmp	upx
behavioral2/memory/1940-182-0x00007FF7ADE30000-0x00007FF7AE184000-memory.dmp	upx
C:\Windows\System\rFlxHeW.exe	upx
behavioral2/memory/2200-176-0x00007FF64D4B0000-0x00007FF64D804000-memory.dmp	upx
C:\Windows\System\zZrtgBD.exe	upx
behavioral2/memory/388-170-0x00007FF6A66F0000-0x00007FF6A6A44000-memory.dmp	upx
behavioral2/memory/4112-167-0x00007FF7BAFB0000-0x00007FF7BB304000-memory.dmp	upx
C:\Windows\System\RfoRCEp.exe	upx
behavioral2/memory/1476-161-0x00007FF6F4FF0000-0x00007FF6F5344000-memory.dmp	upx
behavioral2/memory/4556-160-0x00007FF6D8000000-0x00007FF6D8354000-memory.dmp	upx
behavioral2/memory/208-159-0x00007FF6ED9E0000-0x00007FF6EDD34000-memory.dmp	upx
behavioral2/memory/2176-153-0x00007FF785580000-0x00007FF7858D4000-memory.dmp	upx
C:\Windows\System\NQRRZgi.exe	upx
behavioral2/memory/5024-147-0x00007FF6B2DB0000-0x00007FF6B3104000-memory.dmp	upx
behavioral2/memory/3864-146-0x00007FF747280000-0x00007FF7475D4000-memory.dmp	upx
behavioral2/memory/2524-145-0x00007FF65B4E0000-0x00007FF65B834000-memory.dmp	upx
C:\Windows\System\nqlheog.exe	upx
behavioral2/memory/716-139-0x00007FF795690000-0x00007FF7959E4000-memory.dmp	upx
C:\Windows\System\AWVnbfo.exe	upx
behavioral2/memory/4224-133-0x00007FF6DD3B0000-0x00007FF6DD704000-memory.dmp	upx
behavioral2/memory/3944-132-0x00007FF6CAA90000-0x00007FF6CADE4000-memory.dmp	upx
C:\Windows\System\whUfqbs.exe	upx
behavioral2/memory/772-126-0x00007FF6027C0000-0x00007FF602B14000-memory.dmp	upx
behavioral2/memory/628-125-0x00007FF699280000-0x00007FF6995D4000-memory.dmp	upx
behavioral2/memory/2180-124-0x00007FF72E060000-0x00007FF72E3B4000-memory.dmp	upx
behavioral2/memory/1708-118-0x00007FF7A30D0000-0x00007FF7A3424000-memory.dmp	upx
behavioral2/memory/2776-117-0x00007FF73E720000-0x00007FF73EA74000-memory.dmp	upx
C:\Windows\System\yxbizNJ.exe	upx
behavioral2/memory/1940-112-0x00007FF7ADE30000-0x00007FF7AE184000-memory.dmp	upx
behavioral2/memory/4112-109-0x00007FF7BAFB0000-0x00007FF7BB304000-memory.dmp	upx
C:\Windows\System\QmMeoaL.exe	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\hncFOxF.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fjxDyYa.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rNZGiyh.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\viKyFat.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLdTVOj.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hMFwKAg.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ihrtmbe.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FMGtZVh.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IkpPnZw.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EtmxvUd.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oEtZWmJ.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cmyhuog.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xEJjkBe.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXoLJSi.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nOtkkIY.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dWTioZP.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RvzLIfD.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kOYuhYO.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lLuGVsx.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DlsSOhP.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ehCmUFe.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hxIFoVK.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tKDifcz.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EzHifSP.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wdFkFxT.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BHWHumN.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Tfqkkcu.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BpiIwaV.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NJWUgKi.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JylVwHF.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YafMGbs.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RfXXFos.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FyMjFMt.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CdaSJTv.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JYkOkDd.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VpRJCBV.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jcOSggp.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ogTeuup.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VOnYGCf.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bEQsQns.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLFsJHk.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\obVaZWa.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\posrMJw.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UlzNIdE.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LcvgXOW.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PGtBKVU.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PhLSfxc.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GbetQtG.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qyPKjCO.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRbdpXR.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rRkBGGs.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZdrIuvZ.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PEIDCSB.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XggPhWb.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mYTuwOm.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OGbBcsq.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MAAtHxY.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bCZSuIo.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lbaJPqQ.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNuALaU.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHTnxOd.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HPIlzye.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TocPkJA.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QiFYbAr.exe	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 3016 wrote to memory of 3496	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	BzSEdwB.exe
PID 3016 wrote to memory of 3496	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	BzSEdwB.exe
PID 3016 wrote to memory of 992	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	oLxGQts.exe
PID 3016 wrote to memory of 992	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	oLxGQts.exe
PID 3016 wrote to memory of 2776	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	hsmwKxT.exe
PID 3016 wrote to memory of 2776	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	hsmwKxT.exe
PID 3016 wrote to memory of 2180	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	uApbHdn.exe
PID 3016 wrote to memory of 2180	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	uApbHdn.exe
PID 3016 wrote to memory of 628	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	DWFCrtA.exe
PID 3016 wrote to memory of 628	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	DWFCrtA.exe
PID 3016 wrote to memory of 3944	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	dpPrjxm.exe
PID 3016 wrote to memory of 3944	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	dpPrjxm.exe
PID 3016 wrote to memory of 3832	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	PbNeFVz.exe
PID 3016 wrote to memory of 3832	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	PbNeFVz.exe
PID 3016 wrote to memory of 616	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	iaoubBU.exe
PID 3016 wrote to memory of 616	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	iaoubBU.exe
PID 3016 wrote to memory of 4748	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	HQxRBvq.exe
PID 3016 wrote to memory of 4748	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	HQxRBvq.exe
PID 3016 wrote to memory of 1276	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	bBRNHWW.exe
PID 3016 wrote to memory of 1276	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	bBRNHWW.exe
PID 3016 wrote to memory of 3036	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	OhsPvyt.exe
PID 3016 wrote to memory of 3036	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	OhsPvyt.exe
PID 3016 wrote to memory of 4956	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	MjPngwN.exe
PID 3016 wrote to memory of 4956	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	MjPngwN.exe
PID 3016 wrote to memory of 2524	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	AeNOuZK.exe
PID 3016 wrote to memory of 2524	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	AeNOuZK.exe
PID 3016 wrote to memory of 3864	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	ImYMPsp.exe
PID 3016 wrote to memory of 3864	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	ImYMPsp.exe
PID 3016 wrote to memory of 208	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	sRgtlJr.exe
PID 3016 wrote to memory of 208	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	sRgtlJr.exe
PID 3016 wrote to memory of 4556	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	bvhlwUD.exe
PID 3016 wrote to memory of 4556	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	bvhlwUD.exe
PID 3016 wrote to memory of 4112	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	QmMeoaL.exe
PID 3016 wrote to memory of 4112	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	QmMeoaL.exe
PID 3016 wrote to memory of 1940	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	yxbizNJ.exe
PID 3016 wrote to memory of 1940	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	yxbizNJ.exe
PID 3016 wrote to memory of 1708	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	xTHnKDt.exe
PID 3016 wrote to memory of 1708	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	xTHnKDt.exe
PID 3016 wrote to memory of 772	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	whUfqbs.exe
PID 3016 wrote to memory of 772	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	whUfqbs.exe
PID 3016 wrote to memory of 4224	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	AWVnbfo.exe
PID 3016 wrote to memory of 4224	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	AWVnbfo.exe
PID 3016 wrote to memory of 716	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	nqlheog.exe
PID 3016 wrote to memory of 716	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	nqlheog.exe
PID 3016 wrote to memory of 5024	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	NQRRZgi.exe
PID 3016 wrote to memory of 5024	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	NQRRZgi.exe
PID 3016 wrote to memory of 2176	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	KtPAhgM.exe
PID 3016 wrote to memory of 2176	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	KtPAhgM.exe
PID 3016 wrote to memory of 1476	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	RfoRCEp.exe
PID 3016 wrote to memory of 1476	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	RfoRCEp.exe
PID 3016 wrote to memory of 388	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	zZrtgBD.exe
PID 3016 wrote to memory of 388	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	zZrtgBD.exe
PID 3016 wrote to memory of 2200	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	rFlxHeW.exe
PID 3016 wrote to memory of 2200	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	rFlxHeW.exe
PID 3016 wrote to memory of 3772	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	uxRnELy.exe
PID 3016 wrote to memory of 3772	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	uxRnELy.exe
PID 3016 wrote to memory of 5084	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	gMEyIzn.exe
PID 3016 wrote to memory of 5084	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	gMEyIzn.exe
PID 3016 wrote to memory of 4572	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	jwLgZfv.exe
PID 3016 wrote to memory of 4572	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	jwLgZfv.exe
PID 3016 wrote to memory of 4816	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	NCHdivJ.exe
PID 3016 wrote to memory of 4816	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	NCHdivJ.exe
PID 3016 wrote to memory of 4736	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	obVaZWa.exe
PID 3016 wrote to memory of 4736	3016	2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe	obVaZWa.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-19_615d144a2ae1383f409f6a5e08d6aaa5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Windows\System\BzSEdwB.exe
  C:\Windows\System\BzSEdwB.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\oLxGQts.exe
  C:\Windows\System\oLxGQts.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\hsmwKxT.exe
  C:\Windows\System\hsmwKxT.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\uApbHdn.exe
  C:\Windows\System\uApbHdn.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\DWFCrtA.exe
  C:\Windows\System\DWFCrtA.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\dpPrjxm.exe
  C:\Windows\System\dpPrjxm.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\PbNeFVz.exe
  C:\Windows\System\PbNeFVz.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\iaoubBU.exe
  C:\Windows\System\iaoubBU.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\HQxRBvq.exe
  C:\Windows\System\HQxRBvq.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\bBRNHWW.exe
  C:\Windows\System\bBRNHWW.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\OhsPvyt.exe
  C:\Windows\System\OhsPvyt.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\MjPngwN.exe
  C:\Windows\System\MjPngwN.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\AeNOuZK.exe
  C:\Windows\System\AeNOuZK.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\ImYMPsp.exe
  C:\Windows\System\ImYMPsp.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\sRgtlJr.exe
  C:\Windows\System\sRgtlJr.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\bvhlwUD.exe
  C:\Windows\System\bvhlwUD.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\QmMeoaL.exe
  C:\Windows\System\QmMeoaL.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\yxbizNJ.exe
  C:\Windows\System\yxbizNJ.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\xTHnKDt.exe
  C:\Windows\System\xTHnKDt.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\whUfqbs.exe
  C:\Windows\System\whUfqbs.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\AWVnbfo.exe
  C:\Windows\System\AWVnbfo.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\nqlheog.exe
  C:\Windows\System\nqlheog.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\NQRRZgi.exe
  C:\Windows\System\NQRRZgi.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\KtPAhgM.exe
  C:\Windows\System\KtPAhgM.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\RfoRCEp.exe
  C:\Windows\System\RfoRCEp.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\zZrtgBD.exe
  C:\Windows\System\zZrtgBD.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\rFlxHeW.exe
  C:\Windows\System\rFlxHeW.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\uxRnELy.exe
  C:\Windows\System\uxRnELy.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\gMEyIzn.exe
  C:\Windows\System\gMEyIzn.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\jwLgZfv.exe
  C:\Windows\System\jwLgZfv.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\NCHdivJ.exe
  C:\Windows\System\NCHdivJ.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\obVaZWa.exe
  C:\Windows\System\obVaZWa.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\qwiQCWf.exe
  C:\Windows\System\qwiQCWf.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\blyyYFi.exe
  C:\Windows\System\blyyYFi.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\fmJiTwl.exe
  C:\Windows\System\fmJiTwl.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\lZHvXPs.exe
  C:\Windows\System\lZHvXPs.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\DSNTlvy.exe
  C:\Windows\System\DSNTlvy.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\coGeSte.exe
  C:\Windows\System\coGeSte.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\tTeNmar.exe
  C:\Windows\System\tTeNmar.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\ktLNfQc.exe
  C:\Windows\System\ktLNfQc.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\igRHeyk.exe
  C:\Windows\System\igRHeyk.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\iXFWOSr.exe
  C:\Windows\System\iXFWOSr.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\LtqwAZB.exe
  C:\Windows\System\LtqwAZB.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\HvOTvHa.exe
  C:\Windows\System\HvOTvHa.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\BpiIwaV.exe
  C:\Windows\System\BpiIwaV.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\qYcAnsZ.exe
  C:\Windows\System\qYcAnsZ.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\aqjcfIN.exe
  C:\Windows\System\aqjcfIN.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\qsKkNRS.exe
  C:\Windows\System\qsKkNRS.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\GZzzBGP.exe
  C:\Windows\System\GZzzBGP.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\yIUMMmO.exe
  C:\Windows\System\yIUMMmO.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\UfHQCXv.exe
  C:\Windows\System\UfHQCXv.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\kxaBHzS.exe
  C:\Windows\System\kxaBHzS.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\yncNkpy.exe
  C:\Windows\System\yncNkpy.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\LriJOtY.exe
  C:\Windows\System\LriJOtY.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\feYOVmy.exe
  C:\Windows\System\feYOVmy.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\UCPCyTr.exe
  C:\Windows\System\UCPCyTr.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\tXjfrHk.exe
  C:\Windows\System\tXjfrHk.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\vbQyxkU.exe
  C:\Windows\System\vbQyxkU.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\ZAhzNgE.exe
  C:\Windows\System\ZAhzNgE.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\LVjmMuM.exe
  C:\Windows\System\LVjmMuM.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\KsuufQN.exe
  C:\Windows\System\KsuufQN.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\RZLFdBe.exe
  C:\Windows\System\RZLFdBe.exe
  2⤵
  - Executes dropped EXE
  PID:5140
- C:\Windows\System\HFspdnH.exe
  C:\Windows\System\HFspdnH.exe
  2⤵
  - Executes dropped EXE
  PID:5160
- C:\Windows\System\gdcvNyx.exe
  C:\Windows\System\gdcvNyx.exe
  2⤵
  - Executes dropped EXE
  PID:5184
- C:\Windows\System\SKJfddI.exe
  C:\Windows\System\SKJfddI.exe
  2⤵
  PID:5212
- C:\Windows\System\QWdgCwq.exe
  C:\Windows\System\QWdgCwq.exe
  2⤵
  PID:5240
- C:\Windows\System\XURhgYu.exe
  C:\Windows\System\XURhgYu.exe
  2⤵
  PID:5268
- C:\Windows\System\hGyuxHP.exe
  C:\Windows\System\hGyuxHP.exe
  2⤵
  PID:5296
- C:\Windows\System\xgPJSJV.exe
  C:\Windows\System\xgPJSJV.exe
  2⤵
  PID:5324
- C:\Windows\System\dFTsBkv.exe
  C:\Windows\System\dFTsBkv.exe
  2⤵
  PID:5352
- C:\Windows\System\FyMjFMt.exe
  C:\Windows\System\FyMjFMt.exe
  2⤵
  PID:5380
- C:\Windows\System\uRHQRXd.exe
  C:\Windows\System\uRHQRXd.exe
  2⤵
  PID:5420
- C:\Windows\System\sKUJuKQ.exe
  C:\Windows\System\sKUJuKQ.exe
  2⤵
  PID:5440
- C:\Windows\System\oiMhGKU.exe
  C:\Windows\System\oiMhGKU.exe
  2⤵
  PID:5476
- C:\Windows\System\GbetQtG.exe
  C:\Windows\System\GbetQtG.exe
  2⤵
  PID:5504
- C:\Windows\System\xjqVwEg.exe
  C:\Windows\System\xjqVwEg.exe
  2⤵
  PID:5532
- C:\Windows\System\okmYCBX.exe
  C:\Windows\System\okmYCBX.exe
  2⤵
  PID:5560
- C:\Windows\System\EtWkcUM.exe
  C:\Windows\System\EtWkcUM.exe
  2⤵
  PID:5576
- C:\Windows\System\YlCYfAO.exe
  C:\Windows\System\YlCYfAO.exe
  2⤵
  PID:5604
- C:\Windows\System\kdmKLAg.exe
  C:\Windows\System\kdmKLAg.exe
  2⤵
  PID:5632
- C:\Windows\System\MzShTHq.exe
  C:\Windows\System\MzShTHq.exe
  2⤵
  PID:5660
- C:\Windows\System\OlCbtTz.exe
  C:\Windows\System\OlCbtTz.exe
  2⤵
  PID:5692
- C:\Windows\System\YtbRjPV.exe
  C:\Windows\System\YtbRjPV.exe
  2⤵
  PID:5720
- C:\Windows\System\ZYLAdos.exe
  C:\Windows\System\ZYLAdos.exe
  2⤵
  PID:5744
- C:\Windows\System\RbpHxCP.exe
  C:\Windows\System\RbpHxCP.exe
  2⤵
  PID:5772
- C:\Windows\System\jcvqbbg.exe
  C:\Windows\System\jcvqbbg.exe
  2⤵
  PID:5800
- C:\Windows\System\zGRbxQR.exe
  C:\Windows\System\zGRbxQR.exe
  2⤵
  PID:5828
- C:\Windows\System\uVNVbkV.exe
  C:\Windows\System\uVNVbkV.exe
  2⤵
  PID:5856
- C:\Windows\System\ajbCvsP.exe
  C:\Windows\System\ajbCvsP.exe
  2⤵
  PID:5884
- C:\Windows\System\prSgEgG.exe
  C:\Windows\System\prSgEgG.exe
  2⤵
  PID:5924
- C:\Windows\System\HAAfwpL.exe
  C:\Windows\System\HAAfwpL.exe
  2⤵
  PID:5952
- C:\Windows\System\zkEmJIt.exe
  C:\Windows\System\zkEmJIt.exe
  2⤵
  PID:5980
- C:\Windows\System\IywPIeU.exe
  C:\Windows\System\IywPIeU.exe
  2⤵
  PID:5996
- C:\Windows\System\IJNNLsq.exe
  C:\Windows\System\IJNNLsq.exe
  2⤵
  PID:6024
- C:\Windows\System\wUrwwOe.exe
  C:\Windows\System\wUrwwOe.exe
  2⤵
  PID:6052
- C:\Windows\System\juAtzge.exe
  C:\Windows\System\juAtzge.exe
  2⤵
  PID:6080
- C:\Windows\System\cwhWjmH.exe
  C:\Windows\System\cwhWjmH.exe
  2⤵
  PID:6108
- C:\Windows\System\NPCYUYJ.exe
  C:\Windows\System\NPCYUYJ.exe
  2⤵
  PID:2580
- C:\Windows\System\yBPzcCN.exe
  C:\Windows\System\yBPzcCN.exe
  2⤵
  PID:1768
- C:\Windows\System\EVsnajb.exe
  C:\Windows\System\EVsnajb.exe
  2⤵
  PID:916
- C:\Windows\System\xEJjkBe.exe
  C:\Windows\System\xEJjkBe.exe
  2⤵
  PID:4984
- C:\Windows\System\STliiqz.exe
  C:\Windows\System\STliiqz.exe
  2⤵
  PID:4780
- C:\Windows\System\ayLLlNk.exe
  C:\Windows\System\ayLLlNk.exe
  2⤵
  PID:5128
- C:\Windows\System\uTinEhK.exe
  C:\Windows\System\uTinEhK.exe
  2⤵
  PID:5168
- C:\Windows\System\qtuyeGc.exe
  C:\Windows\System\qtuyeGc.exe
  2⤵
  PID:5228
- C:\Windows\System\SdiPScd.exe
  C:\Windows\System\SdiPScd.exe
  2⤵
  PID:5288
- C:\Windows\System\zHTnxOd.exe
  C:\Windows\System\zHTnxOd.exe
  2⤵
  PID:5344
- C:\Windows\System\fnzZvnP.exe
  C:\Windows\System\fnzZvnP.exe
  2⤵
  PID:5448
- C:\Windows\System\uWTJnmI.exe
  C:\Windows\System\uWTJnmI.exe
  2⤵
  PID:5516
- C:\Windows\System\xqMAkYS.exe
  C:\Windows\System\xqMAkYS.exe
  2⤵
  PID:5552
- C:\Windows\System\zYQNfRP.exe
  C:\Windows\System\zYQNfRP.exe
  2⤵
  PID:5616
- C:\Windows\System\ODByFXC.exe
  C:\Windows\System\ODByFXC.exe
  2⤵
  PID:5708
- C:\Windows\System\HPIlzye.exe
  C:\Windows\System\HPIlzye.exe
  2⤵
  PID:5764
- C:\Windows\System\PyoVxzl.exe
  C:\Windows\System\PyoVxzl.exe
  2⤵
  PID:5812
- C:\Windows\System\tkndVyQ.exe
  C:\Windows\System\tkndVyQ.exe
  2⤵
  PID:5872
- C:\Windows\System\KhzgtOq.exe
  C:\Windows\System\KhzgtOq.exe
  2⤵
  PID:5936
- C:\Windows\System\LwWHvtd.exe
  C:\Windows\System\LwWHvtd.exe
  2⤵
  PID:5992
- C:\Windows\System\ksYRtjl.exe
  C:\Windows\System\ksYRtjl.exe
  2⤵
  PID:6092
- C:\Windows\System\EsIIRne.exe
  C:\Windows\System\EsIIRne.exe
  2⤵
  PID:6132
- C:\Windows\System\WIuGrTV.exe
  C:\Windows\System\WIuGrTV.exe
  2⤵
  PID:1040
- C:\Windows\System\ZHvrJjI.exe
  C:\Windows\System\ZHvrJjI.exe
  2⤵
  PID:4144
- C:\Windows\System\QupqGtj.exe
  C:\Windows\System\QupqGtj.exe
  2⤵
  PID:5204
- C:\Windows\System\ZsSqYRl.exe
  C:\Windows\System\ZsSqYRl.exe
  2⤵
  PID:5340
- C:\Windows\System\XRbdpXR.exe
  C:\Windows\System\XRbdpXR.exe
  2⤵
  PID:5572
- C:\Windows\System\jJfynPI.exe
  C:\Windows\System\jJfynPI.exe
  2⤵
  PID:5684
- C:\Windows\System\JqrSPib.exe
  C:\Windows\System\JqrSPib.exe
  2⤵
  PID:5792
- C:\Windows\System\UVkOltB.exe
  C:\Windows\System\UVkOltB.exe
  2⤵
  PID:6156
- C:\Windows\System\XUlvTaQ.exe
  C:\Windows\System\XUlvTaQ.exe
  2⤵
  PID:6176
- C:\Windows\System\wPurIPI.exe
  C:\Windows\System\wPurIPI.exe
  2⤵
  PID:6200
- C:\Windows\System\MnuhVhn.exe
  C:\Windows\System\MnuhVhn.exe
  2⤵
  PID:6228
- C:\Windows\System\MBoBLCv.exe
  C:\Windows\System\MBoBLCv.exe
  2⤵
  PID:6256
- C:\Windows\System\WATMGHe.exe
  C:\Windows\System\WATMGHe.exe
  2⤵
  PID:6284
- C:\Windows\System\HiZBWhQ.exe
  C:\Windows\System\HiZBWhQ.exe
  2⤵
  PID:6312
- C:\Windows\System\EtZCSQV.exe
  C:\Windows\System\EtZCSQV.exe
  2⤵
  PID:6344
- C:\Windows\System\kFPogMU.exe
  C:\Windows\System\kFPogMU.exe
  2⤵
  PID:6368
- C:\Windows\System\CKGxloU.exe
  C:\Windows\System\CKGxloU.exe
  2⤵
  PID:6396
- C:\Windows\System\nOCECWb.exe
  C:\Windows\System\nOCECWb.exe
  2⤵
  PID:6436
- C:\Windows\System\lYXTSkx.exe
  C:\Windows\System\lYXTSkx.exe
  2⤵
  PID:6452
- C:\Windows\System\FBBiSrx.exe
  C:\Windows\System\FBBiSrx.exe
  2⤵
  PID:6480
- C:\Windows\System\zXwfgMs.exe
  C:\Windows\System\zXwfgMs.exe
  2⤵
  PID:6508
- C:\Windows\System\njzoUMw.exe
  C:\Windows\System\njzoUMw.exe
  2⤵
  PID:6548
- C:\Windows\System\aWThxxL.exe
  C:\Windows\System\aWThxxL.exe
  2⤵
  PID:6564
- C:\Windows\System\ONSLoTN.exe
  C:\Windows\System\ONSLoTN.exe
  2⤵
  PID:6592
- C:\Windows\System\TBsNror.exe
  C:\Windows\System\TBsNror.exe
  2⤵
  PID:6620
- C:\Windows\System\qyaJXqB.exe
  C:\Windows\System\qyaJXqB.exe
  2⤵
  PID:6648
- C:\Windows\System\CdaSJTv.exe
  C:\Windows\System\CdaSJTv.exe
  2⤵
  PID:6676
- C:\Windows\System\rUfZtNk.exe
  C:\Windows\System\rUfZtNk.exe
  2⤵
  PID:6704
- C:\Windows\System\rtPxBhB.exe
  C:\Windows\System\rtPxBhB.exe
  2⤵
  PID:6732
- C:\Windows\System\GxChlrV.exe
  C:\Windows\System\GxChlrV.exe
  2⤵
  PID:6760
- C:\Windows\System\tKkIQHZ.exe
  C:\Windows\System\tKkIQHZ.exe
  2⤵
  PID:6788
- C:\Windows\System\TbPFFOk.exe
  C:\Windows\System\TbPFFOk.exe
  2⤵
  PID:6816
- C:\Windows\System\tyodLsk.exe
  C:\Windows\System\tyodLsk.exe
  2⤵
  PID:6844
- C:\Windows\System\uComYVO.exe
  C:\Windows\System\uComYVO.exe
  2⤵
  PID:6884
- C:\Windows\System\ubexqzI.exe
  C:\Windows\System\ubexqzI.exe
  2⤵
  PID:6900
- C:\Windows\System\zMLrMcL.exe
  C:\Windows\System\zMLrMcL.exe
  2⤵
  PID:6940
- C:\Windows\System\SDGZNuJ.exe
  C:\Windows\System\SDGZNuJ.exe
  2⤵
  PID:6956
- C:\Windows\System\DFttPEw.exe
  C:\Windows\System\DFttPEw.exe
  2⤵
  PID:6984
- C:\Windows\System\viKyFat.exe
  C:\Windows\System\viKyFat.exe
  2⤵
  PID:7024
- C:\Windows\System\xpTPlqZ.exe
  C:\Windows\System\xpTPlqZ.exe
  2⤵
  PID:7052
- C:\Windows\System\WNMNuxY.exe
  C:\Windows\System\WNMNuxY.exe
  2⤵
  PID:7080
- C:\Windows\System\rHKzgHf.exe
  C:\Windows\System\rHKzgHf.exe
  2⤵
  PID:7108
- C:\Windows\System\yKvwGpr.exe
  C:\Windows\System\yKvwGpr.exe
  2⤵
  PID:7124
- C:\Windows\System\ltOROHY.exe
  C:\Windows\System\ltOROHY.exe
  2⤵
  PID:7152
- C:\Windows\System\aAnkpVf.exe
  C:\Windows\System\aAnkpVf.exe
  2⤵
  PID:6048
- C:\Windows\System\nHaopuQ.exe
  C:\Windows\System\nHaopuQ.exe
  2⤵
  PID:4716
- C:\Windows\System\FMGtZVh.exe
  C:\Windows\System\FMGtZVh.exe
  2⤵
  PID:4832
- C:\Windows\System\EEjwQJd.exe
  C:\Windows\System\EEjwQJd.exe
  2⤵
  PID:5644
- C:\Windows\System\rGSviCX.exe
  C:\Windows\System\rGSviCX.exe
  2⤵
  PID:5964
- C:\Windows\System\ztNSGCN.exe
  C:\Windows\System\ztNSGCN.exe
  2⤵
  PID:6212
- C:\Windows\System\brDSLMy.exe
  C:\Windows\System\brDSLMy.exe
  2⤵
  PID:6304
- C:\Windows\System\eewMgGX.exe
  C:\Windows\System\eewMgGX.exe
  2⤵
  PID:6364
- C:\Windows\System\cjmbmsp.exe
  C:\Windows\System\cjmbmsp.exe
  2⤵
  PID:6408
- C:\Windows\System\HPxAQde.exe
  C:\Windows\System\HPxAQde.exe
  2⤵
  PID:6496
- C:\Windows\System\ijeFdej.exe
  C:\Windows\System\ijeFdej.exe
  2⤵
  PID:6560
- C:\Windows\System\FZQGmDj.exe
  C:\Windows\System\FZQGmDj.exe
  2⤵
  PID:6588
- C:\Windows\System\poVuecZ.exe
  C:\Windows\System\poVuecZ.exe
  2⤵
  PID:6660
- C:\Windows\System\JYkOkDd.exe
  C:\Windows\System\JYkOkDd.exe
  2⤵
  PID:6720
- C:\Windows\System\hpkPnbe.exe
  C:\Windows\System\hpkPnbe.exe
  2⤵
  PID:6784
- C:\Windows\System\GGLJCAk.exe
  C:\Windows\System\GGLJCAk.exe
  2⤵
  PID:6856
- C:\Windows\System\MkvjmWM.exe
  C:\Windows\System\MkvjmWM.exe
  2⤵
  PID:6948
- C:\Windows\System\sCtOjsq.exe
  C:\Windows\System\sCtOjsq.exe
  2⤵
  PID:7012
- C:\Windows\System\zzskkte.exe
  C:\Windows\System\zzskkte.exe
  2⤵
  PID:7076
- C:\Windows\System\mJsqIBQ.exe
  C:\Windows\System\mJsqIBQ.exe
  2⤵
  PID:7116
- C:\Windows\System\Xzxwuit.exe
  C:\Windows\System\Xzxwuit.exe
  2⤵
  PID:6020
- C:\Windows\System\TlmYCNB.exe
  C:\Windows\System\TlmYCNB.exe
  2⤵
  PID:5412
- C:\Windows\System\lujFolE.exe
  C:\Windows\System\lujFolE.exe
  2⤵
  PID:6268
- C:\Windows\System\FYryEtE.exe
  C:\Windows\System\FYryEtE.exe
  2⤵
  PID:6392
- C:\Windows\System\IDWoNNr.exe
  C:\Windows\System\IDWoNNr.exe
  2⤵
  PID:6540
- C:\Windows\System\UvfswZN.exe
  C:\Windows\System\UvfswZN.exe
  2⤵
  PID:6632
- C:\Windows\System\muFEhZx.exe
  C:\Windows\System\muFEhZx.exe
  2⤵
  PID:6772
- C:\Windows\System\ZTvHoDb.exe
  C:\Windows\System\ZTvHoDb.exe
  2⤵
  PID:6928
- C:\Windows\System\GoTgwxl.exe
  C:\Windows\System\GoTgwxl.exe
  2⤵
  PID:7096
- C:\Windows\System\EcjDHGB.exe
  C:\Windows\System\EcjDHGB.exe
  2⤵
  PID:7192
- C:\Windows\System\wQvwmea.exe
  C:\Windows\System\wQvwmea.exe
  2⤵
  PID:7220
- C:\Windows\System\NwvjQff.exe
  C:\Windows\System\NwvjQff.exe
  2⤵
  PID:7248
- C:\Windows\System\EFlDDLL.exe
  C:\Windows\System\EFlDDLL.exe
  2⤵
  PID:7276
- C:\Windows\System\duQAMMq.exe
  C:\Windows\System\duQAMMq.exe
  2⤵
  PID:7316
- C:\Windows\System\IkpPnZw.exe
  C:\Windows\System\IkpPnZw.exe
  2⤵
  PID:7332
- C:\Windows\System\lvYKCxr.exe
  C:\Windows\System\lvYKCxr.exe
  2⤵
  PID:7360
- C:\Windows\System\xkDEOcm.exe
  C:\Windows\System\xkDEOcm.exe
  2⤵
  PID:7388
- C:\Windows\System\nhWAmTe.exe
  C:\Windows\System\nhWAmTe.exe
  2⤵
  PID:7416
- C:\Windows\System\RrjnoWl.exe
  C:\Windows\System\RrjnoWl.exe
  2⤵
  PID:7456
- C:\Windows\System\IJAMNBH.exe
  C:\Windows\System\IJAMNBH.exe
  2⤵
  PID:7472
- C:\Windows\System\HqgJHSU.exe
  C:\Windows\System\HqgJHSU.exe
  2⤵
  PID:7500
- C:\Windows\System\KnBSXzn.exe
  C:\Windows\System\KnBSXzn.exe
  2⤵
  PID:7528
- C:\Windows\System\irzVRLf.exe
  C:\Windows\System\irzVRLf.exe
  2⤵
  PID:7556
- C:\Windows\System\lLuGVsx.exe
  C:\Windows\System\lLuGVsx.exe
  2⤵
  PID:7584
- C:\Windows\System\XzOelKp.exe
  C:\Windows\System\XzOelKp.exe
  2⤵
  PID:7612
- C:\Windows\System\VpRJCBV.exe
  C:\Windows\System\VpRJCBV.exe
  2⤵
  PID:7640
- C:\Windows\System\NrLDSDS.exe
  C:\Windows\System\NrLDSDS.exe
  2⤵
  PID:7668
- C:\Windows\System\GlYkYLG.exe
  C:\Windows\System\GlYkYLG.exe
  2⤵
  PID:7696
- C:\Windows\System\OGbBcsq.exe
  C:\Windows\System\OGbBcsq.exe
  2⤵
  PID:7724
- C:\Windows\System\qowVWgu.exe
  C:\Windows\System\qowVWgu.exe
  2⤵
  PID:7752
- C:\Windows\System\hePNZpb.exe
  C:\Windows\System\hePNZpb.exe
  2⤵
  PID:7780
- C:\Windows\System\UcrjkoH.exe
  C:\Windows\System\UcrjkoH.exe
  2⤵
  PID:7796
- C:\Windows\System\wAcCpHt.exe
  C:\Windows\System\wAcCpHt.exe
  2⤵
  PID:7836
- C:\Windows\System\WIoHFAl.exe
  C:\Windows\System\WIoHFAl.exe
  2⤵
  PID:7864
- C:\Windows\System\LDOFRUN.exe
  C:\Windows\System\LDOFRUN.exe
  2⤵
  PID:7892
- C:\Windows\System\zVqZJxi.exe
  C:\Windows\System\zVqZJxi.exe
  2⤵
  PID:7920
- C:\Windows\System\qpGExlV.exe
  C:\Windows\System\qpGExlV.exe
  2⤵
  PID:7948
- C:\Windows\System\maOuuBP.exe
  C:\Windows\System\maOuuBP.exe
  2⤵
  PID:7976
- C:\Windows\System\rVFPnyV.exe
  C:\Windows\System\rVFPnyV.exe
  2⤵
  PID:8004
- C:\Windows\System\IOoSybA.exe
  C:\Windows\System\IOoSybA.exe
  2⤵
  PID:8032
- C:\Windows\System\ENMIPNg.exe
  C:\Windows\System\ENMIPNg.exe
  2⤵
  PID:8060
- C:\Windows\System\cmRVVpc.exe
  C:\Windows\System\cmRVVpc.exe
  2⤵
  PID:8088
- C:\Windows\System\USNySRE.exe
  C:\Windows\System\USNySRE.exe
  2⤵
  PID:8116
- C:\Windows\System\zuiSWkt.exe
  C:\Windows\System\zuiSWkt.exe
  2⤵
  PID:8144
- C:\Windows\System\ZqtRosE.exe
  C:\Windows\System\ZqtRosE.exe
  2⤵
  PID:8168
- C:\Windows\System\EfQEALF.exe
  C:\Windows\System\EfQEALF.exe
  2⤵
  PID:7164
- C:\Windows\System\adOpnIw.exe
  C:\Windows\System\adOpnIw.exe
  2⤵
  PID:6296
- C:\Windows\System\URdFqfj.exe
  C:\Windows\System\URdFqfj.exe
  2⤵
  PID:6616
- C:\Windows\System\cWnwTRe.exe
  C:\Windows\System\cWnwTRe.exe
  2⤵
  PID:6892
- C:\Windows\System\nUeuqAq.exe
  C:\Windows\System\nUeuqAq.exe
  2⤵
  PID:7184
- C:\Windows\System\vDOyOTh.exe
  C:\Windows\System\vDOyOTh.exe
  2⤵
  PID:7240
- C:\Windows\System\guGcdxp.exe
  C:\Windows\System\guGcdxp.exe
  2⤵
  PID:7308
- C:\Windows\System\rRkBGGs.exe
  C:\Windows\System\rRkBGGs.exe
  2⤵
  PID:7376
- C:\Windows\System\sCvCKPW.exe
  C:\Windows\System\sCvCKPW.exe
  2⤵
  PID:7440
- C:\Windows\System\ZwLROcZ.exe
  C:\Windows\System\ZwLROcZ.exe
  2⤵
  PID:7512
- C:\Windows\System\GBHftTn.exe
  C:\Windows\System\GBHftTn.exe
  2⤵
  PID:7572
- C:\Windows\System\oWxsoke.exe
  C:\Windows\System\oWxsoke.exe
  2⤵
  PID:7636
- C:\Windows\System\aImIRxp.exe
  C:\Windows\System\aImIRxp.exe
  2⤵
  PID:7708
- C:\Windows\System\WNZfjGa.exe
  C:\Windows\System\WNZfjGa.exe
  2⤵
  PID:7768
- C:\Windows\System\jVoGAJb.exe
  C:\Windows\System\jVoGAJb.exe
  2⤵
  PID:7828
- C:\Windows\System\tmCNvPl.exe
  C:\Windows\System\tmCNvPl.exe
  2⤵
  PID:7904
- C:\Windows\System\UaVTiXt.exe
  C:\Windows\System\UaVTiXt.exe
  2⤵
  PID:7960
- C:\Windows\System\HBSArpg.exe
  C:\Windows\System\HBSArpg.exe
  2⤵
  PID:8024
- C:\Windows\System\WladYvO.exe
  C:\Windows\System\WladYvO.exe
  2⤵
  PID:8080
- C:\Windows\System\MAAtHxY.exe
  C:\Windows\System\MAAtHxY.exe
  2⤵
  PID:8156
- C:\Windows\System\jbbIaQm.exe
  C:\Windows\System\jbbIaQm.exe
  2⤵
  PID:1000
- C:\Windows\System\OLhVEYT.exe
  C:\Windows\System\OLhVEYT.exe
  2⤵
  PID:6752
- C:\Windows\System\BuxlmYu.exe
  C:\Windows\System\BuxlmYu.exe
  2⤵
  PID:7232
- C:\Windows\System\skMHFVi.exe
  C:\Windows\System\skMHFVi.exe
  2⤵
  PID:7356
- C:\Windows\System\sGtQmuN.exe
  C:\Windows\System\sGtQmuN.exe
  2⤵
  PID:7492
- C:\Windows\System\FwKZexL.exe
  C:\Windows\System\FwKZexL.exe
  2⤵
  PID:7660
- C:\Windows\System\FxUcbji.exe
  C:\Windows\System\FxUcbji.exe
  2⤵
  PID:7820
- C:\Windows\System\gxOUeTR.exe
  C:\Windows\System\gxOUeTR.exe
  2⤵
  PID:7936
- C:\Windows\System\akljSKW.exe
  C:\Windows\System\akljSKW.exe
  2⤵
  PID:8200
- C:\Windows\System\TaRNpis.exe
  C:\Windows\System\TaRNpis.exe
  2⤵
  PID:8232
- C:\Windows\System\xPPjPry.exe
  C:\Windows\System\xPPjPry.exe
  2⤵
  PID:8256
- C:\Windows\System\slrGkYQ.exe
  C:\Windows\System\slrGkYQ.exe
  2⤵
  PID:8284
- C:\Windows\System\CbMJnCy.exe
  C:\Windows\System\CbMJnCy.exe
  2⤵
  PID:8312
- C:\Windows\System\uiVNjfL.exe
  C:\Windows\System\uiVNjfL.exe
  2⤵
  PID:8340
- C:\Windows\System\oAMXwfv.exe
  C:\Windows\System\oAMXwfv.exe
  2⤵
  PID:8368
- C:\Windows\System\oKvJNuz.exe
  C:\Windows\System\oKvJNuz.exe
  2⤵
  PID:8396
- C:\Windows\System\ZgtfVZd.exe
  C:\Windows\System\ZgtfVZd.exe
  2⤵
  PID:8424
- C:\Windows\System\ornVsbc.exe
  C:\Windows\System\ornVsbc.exe
  2⤵
  PID:8452
- C:\Windows\System\vSEIDVQ.exe
  C:\Windows\System\vSEIDVQ.exe
  2⤵
  PID:8480
- C:\Windows\System\BcLvKZJ.exe
  C:\Windows\System\BcLvKZJ.exe
  2⤵
  PID:8508
- C:\Windows\System\QUoLwRY.exe
  C:\Windows\System\QUoLwRY.exe
  2⤵
  PID:8536
- C:\Windows\System\LCeheyz.exe
  C:\Windows\System\LCeheyz.exe
  2⤵
  PID:8564
- C:\Windows\System\GBLVqyN.exe
  C:\Windows\System\GBLVqyN.exe
  2⤵
  PID:8588
- C:\Windows\System\SRUlwwO.exe
  C:\Windows\System\SRUlwwO.exe
  2⤵
  PID:8616
- C:\Windows\System\OKedUSS.exe
  C:\Windows\System\OKedUSS.exe
  2⤵
  PID:8648
- C:\Windows\System\AVQbZlU.exe
  C:\Windows\System\AVQbZlU.exe
  2⤵
  PID:8676
- C:\Windows\System\IXhEFYe.exe
  C:\Windows\System\IXhEFYe.exe
  2⤵
  PID:8692
- C:\Windows\System\cmlWCMV.exe
  C:\Windows\System\cmlWCMV.exe
  2⤵
  PID:8732
- C:\Windows\System\uAWAlYt.exe
  C:\Windows\System\uAWAlYt.exe
  2⤵
  PID:8760
- C:\Windows\System\yudfFnR.exe
  C:\Windows\System\yudfFnR.exe
  2⤵
  PID:8792
- C:\Windows\System\LQTGTnr.exe
  C:\Windows\System\LQTGTnr.exe
  2⤵
  PID:8816
- C:\Windows\System\bbwBgUx.exe
  C:\Windows\System\bbwBgUx.exe
  2⤵
  PID:8848
- C:\Windows\System\VCLYtrR.exe
  C:\Windows\System\VCLYtrR.exe
  2⤵
  PID:8872
- C:\Windows\System\YtKCWlA.exe
  C:\Windows\System\YtKCWlA.exe
  2⤵
  PID:8900
- C:\Windows\System\TLWIUtD.exe
  C:\Windows\System\TLWIUtD.exe
  2⤵
  PID:8928
- C:\Windows\System\ZiwjdZm.exe
  C:\Windows\System\ZiwjdZm.exe
  2⤵
  PID:8956
- C:\Windows\System\IPoZsSw.exe
  C:\Windows\System\IPoZsSw.exe
  2⤵
  PID:8984
- C:\Windows\System\AsTJMWy.exe
  C:\Windows\System\AsTJMWy.exe
  2⤵
  PID:9012
- C:\Windows\System\YhRRHmT.exe
  C:\Windows\System\YhRRHmT.exe
  2⤵
  PID:9040
- C:\Windows\System\KXNVCZw.exe
  C:\Windows\System\KXNVCZw.exe
  2⤵
  PID:9068
- C:\Windows\System\KjnDSjO.exe
  C:\Windows\System\KjnDSjO.exe
  2⤵
  PID:9096
- C:\Windows\System\wDoybkv.exe
  C:\Windows\System\wDoybkv.exe
  2⤵
  PID:9124
- C:\Windows\System\GMHFgTF.exe
  C:\Windows\System\GMHFgTF.exe
  2⤵
  PID:9152
- C:\Windows\System\xEKCrMy.exe
  C:\Windows\System\xEKCrMy.exe
  2⤵
  PID:9168
- C:\Windows\System\dtyioWl.exe
  C:\Windows\System\dtyioWl.exe
  2⤵
  PID:9196
- C:\Windows\System\BIlZyFA.exe
  C:\Windows\System\BIlZyFA.exe
  2⤵
  PID:8164
- C:\Windows\System\taWPkOt.exe
  C:\Windows\System\taWPkOt.exe
  2⤵
  PID:440
- C:\Windows\System\ZoMEYQo.exe
  C:\Windows\System\ZoMEYQo.exe
  2⤵
  PID:7412
- C:\Windows\System\XmuhFTw.exe
  C:\Windows\System\XmuhFTw.exe
  2⤵
  PID:7736
- C:\Windows\System\SsAKyuW.exe
  C:\Windows\System\SsAKyuW.exe
  2⤵
  PID:8048
- C:\Windows\System\jYMNLTt.exe
  C:\Windows\System\jYMNLTt.exe
  2⤵
  PID:8252
- C:\Windows\System\UTYzkmn.exe
  C:\Windows\System\UTYzkmn.exe
  2⤵
  PID:8324
- C:\Windows\System\UaCKKIB.exe
  C:\Windows\System\UaCKKIB.exe
  2⤵
  PID:8360
- C:\Windows\System\pLPKWwA.exe
  C:\Windows\System\pLPKWwA.exe
  2⤵
  PID:8416
- C:\Windows\System\bEQsQns.exe
  C:\Windows\System\bEQsQns.exe
  2⤵
  PID:8468
- C:\Windows\System\fUydMva.exe
  C:\Windows\System\fUydMva.exe
  2⤵
  PID:8532
- C:\Windows\System\rTzuVIG.exe
  C:\Windows\System\rTzuVIG.exe
  2⤵
  PID:8580
- C:\Windows\System\nbzCRYR.exe
  C:\Windows\System\nbzCRYR.exe
  2⤵
  PID:8644
- C:\Windows\System\raaRQap.exe
  C:\Windows\System\raaRQap.exe
  2⤵
  PID:8684
- C:\Windows\System\HEocnBw.exe
  C:\Windows\System\HEocnBw.exe
  2⤵
  PID:244
- C:\Windows\System\kfhHtUo.exe
  C:\Windows\System\kfhHtUo.exe
  2⤵
  PID:8800
- C:\Windows\System\xKQIZmz.exe
  C:\Windows\System\xKQIZmz.exe
  2⤵
  PID:8856
- C:\Windows\System\QgmnfPo.exe
  C:\Windows\System\QgmnfPo.exe
  2⤵
  PID:8912
- C:\Windows\System\lGJzBix.exe
  C:\Windows\System\lGJzBix.exe
  2⤵
  PID:8952
- C:\Windows\System\kcPVSId.exe
  C:\Windows\System\kcPVSId.exe
  2⤵
  PID:9008
- C:\Windows\System\vRckOXm.exe
  C:\Windows\System\vRckOXm.exe
  2⤵
  PID:9080
- C:\Windows\System\IgvOSGv.exe
  C:\Windows\System\IgvOSGv.exe
  2⤵
  PID:3964
- C:\Windows\System\RlwvtaB.exe
  C:\Windows\System\RlwvtaB.exe
  2⤵
  PID:9164
- C:\Windows\System\EqjmGeM.exe
  C:\Windows\System\EqjmGeM.exe
  2⤵
  PID:1208
- C:\Windows\System\BbBTzpm.exe
  C:\Windows\System\BbBTzpm.exe
  2⤵
  PID:7212
- C:\Windows\System\SaXZWAm.exe
  C:\Windows\System\SaXZWAm.exe
  2⤵
  PID:3264
- C:\Windows\System\evNCtws.exe
  C:\Windows\System\evNCtws.exe
  2⤵
  PID:8220
- C:\Windows\System\FzHzYcs.exe
  C:\Windows\System\FzHzYcs.exe
  2⤵
  PID:8328
- C:\Windows\System\pGcQdJR.exe
  C:\Windows\System\pGcQdJR.exe
  2⤵
  PID:2844
- C:\Windows\System\FMYxYOP.exe
  C:\Windows\System\FMYxYOP.exe
  2⤵
  PID:8528
- C:\Windows\System\RADVIXl.exe
  C:\Windows\System\RADVIXl.exe
  2⤵
  PID:8632
- C:\Windows\System\ftxwoLa.exe
  C:\Windows\System\ftxwoLa.exe
  2⤵
  PID:1580
- C:\Windows\System\JrXfDOz.exe
  C:\Windows\System\JrXfDOz.exe
  2⤵
  PID:8868
- C:\Windows\System\AgSRiKg.exe
  C:\Windows\System\AgSRiKg.exe
  2⤵
  PID:8996
- C:\Windows\System\PmFEZxW.exe
  C:\Windows\System\PmFEZxW.exe
  2⤵
  PID:9120
- C:\Windows\System\Zpjjwpu.exe
  C:\Windows\System\Zpjjwpu.exe
  2⤵
  PID:6352
- C:\Windows\System\QJdVBDV.exe
  C:\Windows\System\QJdVBDV.exe
  2⤵
  PID:2680
- C:\Windows\System\xghzpxT.exe
  C:\Windows\System\xghzpxT.exe
  2⤵
  PID:8412
- C:\Windows\System\AChRklu.exe
  C:\Windows\System\AChRklu.exe
  2⤵
  PID:2504
- C:\Windows\System\abPazZA.exe
  C:\Windows\System\abPazZA.exe
  2⤵
  PID:8940
- C:\Windows\System\WFSSZqw.exe
  C:\Windows\System\WFSSZqw.exe
  2⤵
  PID:9240
- C:\Windows\System\ZlUtzBu.exe
  C:\Windows\System\ZlUtzBu.exe
  2⤵
  PID:9268
- C:\Windows\System\twsbJBx.exe
  C:\Windows\System\twsbJBx.exe
  2⤵
  PID:9292
- C:\Windows\System\tPzZTAr.exe
  C:\Windows\System\tPzZTAr.exe
  2⤵
  PID:9324
- C:\Windows\System\qFicmDU.exe
  C:\Windows\System\qFicmDU.exe
  2⤵
  PID:9348
- C:\Windows\System\uyveATJ.exe
  C:\Windows\System\uyveATJ.exe
  2⤵
  PID:9376
- C:\Windows\System\ToaQNpz.exe
  C:\Windows\System\ToaQNpz.exe
  2⤵
  PID:9404
- C:\Windows\System\meEFGjn.exe
  C:\Windows\System\meEFGjn.exe
  2⤵
  PID:9432
- C:\Windows\System\lFWtNjo.exe
  C:\Windows\System\lFWtNjo.exe
  2⤵
  PID:9460
- C:\Windows\System\UXBhGsk.exe
  C:\Windows\System\UXBhGsk.exe
  2⤵
  PID:9488
- C:\Windows\System\ubcTNdQ.exe
  C:\Windows\System\ubcTNdQ.exe
  2⤵
  PID:9516
- C:\Windows\System\dawkpYl.exe
  C:\Windows\System\dawkpYl.exe
  2⤵
  PID:9544
- C:\Windows\System\wMAqoRe.exe
  C:\Windows\System\wMAqoRe.exe
  2⤵
  PID:9572
- C:\Windows\System\euTjcFL.exe
  C:\Windows\System\euTjcFL.exe
  2⤵
  PID:9596
- C:\Windows\System\oGCuBCw.exe
  C:\Windows\System\oGCuBCw.exe
  2⤵
  PID:9628
- C:\Windows\System\aKSiPFc.exe
  C:\Windows\System\aKSiPFc.exe
  2⤵
  PID:9656
- C:\Windows\System\EpYSJDb.exe
  C:\Windows\System\EpYSJDb.exe
  2⤵
  PID:9684
- C:\Windows\System\OcgsjJo.exe
  C:\Windows\System\OcgsjJo.exe
  2⤵
  PID:9712
- C:\Windows\System\oOuIWzd.exe
  C:\Windows\System\oOuIWzd.exe
  2⤵
  PID:9740
- C:\Windows\System\OsMtuUM.exe
  C:\Windows\System\OsMtuUM.exe
  2⤵
  PID:9768
- C:\Windows\System\ZdrIuvZ.exe
  C:\Windows\System\ZdrIuvZ.exe
  2⤵
  PID:9796
- C:\Windows\System\ffUGryb.exe
  C:\Windows\System\ffUGryb.exe
  2⤵
  PID:9824
- C:\Windows\System\MlKPthc.exe
  C:\Windows\System\MlKPthc.exe
  2⤵
  PID:9852
- C:\Windows\System\OjhnCFc.exe
  C:\Windows\System\OjhnCFc.exe
  2⤵
  PID:9880
- C:\Windows\System\Bjuckjg.exe
  C:\Windows\System\Bjuckjg.exe
  2⤵
  PID:9908
- C:\Windows\System\kiCgWFo.exe
  C:\Windows\System\kiCgWFo.exe
  2⤵
  PID:9940
- C:\Windows\System\NGCevRo.exe
  C:\Windows\System\NGCevRo.exe
  2⤵
  PID:9964
- C:\Windows\System\ejxpUTa.exe
  C:\Windows\System\ejxpUTa.exe
  2⤵
  PID:9988
- C:\Windows\System\puoHsgL.exe
  C:\Windows\System\puoHsgL.exe
  2⤵
  PID:10016
- C:\Windows\System\ZmnJHwf.exe
  C:\Windows\System\ZmnJHwf.exe
  2⤵
  PID:10044
- C:\Windows\System\SIHqHKz.exe
  C:\Windows\System\SIHqHKz.exe
  2⤵
  PID:10076
- C:\Windows\System\gHGLbQu.exe
  C:\Windows\System\gHGLbQu.exe
  2⤵
  PID:10104
- C:\Windows\System\rRVahkL.exe
  C:\Windows\System\rRVahkL.exe
  2⤵
  PID:10132
- C:\Windows\System\POrymlZ.exe
  C:\Windows\System\POrymlZ.exe
  2⤵
  PID:10160
- C:\Windows\System\WcsTapw.exe
  C:\Windows\System\WcsTapw.exe
  2⤵
  PID:10188
- C:\Windows\System\LyapBwb.exe
  C:\Windows\System\LyapBwb.exe
  2⤵
  PID:10216
- C:\Windows\System\DhZfMGL.exe
  C:\Windows\System\DhZfMGL.exe
  2⤵
  PID:9056
- C:\Windows\System\qzQvuJJ.exe
  C:\Windows\System\qzQvuJJ.exe
  2⤵
  PID:7876
- C:\Windows\System\rUYwDBL.exe
  C:\Windows\System\rUYwDBL.exe
  2⤵
  PID:4788
- C:\Windows\System\EtmxvUd.exe
  C:\Windows\System\EtmxvUd.exe
  2⤵
  PID:9248
- C:\Windows\System\RDEXfgC.exe
  C:\Windows\System\RDEXfgC.exe
  2⤵
  PID:9312
- C:\Windows\System\vrOSxRT.exe
  C:\Windows\System\vrOSxRT.exe
  2⤵
  PID:9364
- C:\Windows\System\NJWUgKi.exe
  C:\Windows\System\NJWUgKi.exe
  2⤵
  PID:9424
- C:\Windows\System\jwteOyP.exe
  C:\Windows\System\jwteOyP.exe
  2⤵
  PID:9484
- C:\Windows\System\nUgQRwv.exe
  C:\Windows\System\nUgQRwv.exe
  2⤵
  PID:9560
- C:\Windows\System\TgOFDjK.exe
  C:\Windows\System\TgOFDjK.exe
  2⤵
  PID:9648
- C:\Windows\System\jcOSggp.exe
  C:\Windows\System\jcOSggp.exe
  2⤵
  PID:9680
- C:\Windows\System\cfumYNh.exe
  C:\Windows\System\cfumYNh.exe
  2⤵
  PID:9752
- C:\Windows\System\zonsUHd.exe
  C:\Windows\System\zonsUHd.exe
  2⤵
  PID:9788
- C:\Windows\System\NmuDwqP.exe
  C:\Windows\System\NmuDwqP.exe
  2⤵
  PID:9872
- C:\Windows\System\LetWekJ.exe
  C:\Windows\System\LetWekJ.exe
  2⤵
  PID:9928
- C:\Windows\System\ZBXvqbD.exe
  C:\Windows\System\ZBXvqbD.exe
  2⤵
  PID:9980
- C:\Windows\System\EXEhrjs.exe
  C:\Windows\System\EXEhrjs.exe
  2⤵
  PID:10036
- C:\Windows\System\ttORCcH.exe
  C:\Windows\System\ttORCcH.exe
  2⤵
  PID:10100
- C:\Windows\System\cOOkADc.exe
  C:\Windows\System\cOOkADc.exe
  2⤵
  PID:10152
- C:\Windows\System\TsSuTcL.exe
  C:\Windows\System\TsSuTcL.exe
  2⤵
  PID:10228
- C:\Windows\System\jEzlLiL.exe
  C:\Windows\System\jEzlLiL.exe
  2⤵
  PID:7488
- C:\Windows\System\ezryfvR.exe
  C:\Windows\System\ezryfvR.exe
  2⤵
  PID:9220
- C:\Windows\System\FkLFjyL.exe
  C:\Windows\System\FkLFjyL.exe
  2⤵
  PID:9340
- C:\Windows\System\OqfvjVD.exe
  C:\Windows\System\OqfvjVD.exe
  2⤵
  PID:9472
- C:\Windows\System\LbOHHzZ.exe
  C:\Windows\System\LbOHHzZ.exe
  2⤵
  PID:9616
- C:\Windows\System\XHCrKMZ.exe
  C:\Windows\System\XHCrKMZ.exe
  2⤵
  PID:9708
- C:\Windows\System\CCyEHSV.exe
  C:\Windows\System\CCyEHSV.exe
  2⤵
  PID:9820
- C:\Windows\System\EOXuvdj.exe
  C:\Windows\System\EOXuvdj.exe
  2⤵
  PID:9904
- C:\Windows\System\KfqLZzu.exe
  C:\Windows\System\KfqLZzu.exe
  2⤵
  PID:10032
- C:\Windows\System\FRzgXKg.exe
  C:\Windows\System\FRzgXKg.exe
  2⤵
  PID:1772
- C:\Windows\System\LVMDPED.exe
  C:\Windows\System\LVMDPED.exe
  2⤵
  PID:9208
- C:\Windows\System\drBdoSI.exe
  C:\Windows\System\drBdoSI.exe
  2⤵
  PID:9304
- C:\Windows\System\hCVgIAz.exe
  C:\Windows\System\hCVgIAz.exe
  2⤵
  PID:4524
- C:\Windows\System\ASKfpSi.exe
  C:\Windows\System\ASKfpSi.exe
  2⤵
  PID:1460
- C:\Windows\System\DSZhyvT.exe
  C:\Windows\System\DSZhyvT.exe
  2⤵
  PID:1200
- C:\Windows\System\VIrvIRP.exe
  C:\Windows\System\VIrvIRP.exe
  2⤵
  PID:4080
- C:\Windows\System\mPVzBng.exe
  C:\Windows\System\mPVzBng.exe
  2⤵
  PID:1908
- C:\Windows\System\esBjUdu.exe
  C:\Windows\System\esBjUdu.exe
  2⤵
  PID:3932
- C:\Windows\System\sdVKrZm.exe
  C:\Windows\System\sdVKrZm.exe
  2⤵
  PID:4664
- C:\Windows\System\umUhlqS.exe
  C:\Windows\System\umUhlqS.exe
  2⤵
  PID:4944
- C:\Windows\System\IrOstce.exe
  C:\Windows\System\IrOstce.exe
  2⤵
  PID:4436
- C:\Windows\System\VCFvWwJ.exe
  C:\Windows\System\VCFvWwJ.exe
  2⤵
  PID:4108
- C:\Windows\System\ehCmUFe.exe
  C:\Windows\System\ehCmUFe.exe
  2⤵
  PID:3004
- C:\Windows\System\bCNyroS.exe
  C:\Windows\System\bCNyroS.exe
  2⤵
  PID:4036
- C:\Windows\System\ZeLUBKZ.exe
  C:\Windows\System\ZeLUBKZ.exe
  2⤵
  PID:372
- C:\Windows\System\iBJYviw.exe
  C:\Windows\System\iBJYviw.exe
  2⤵
  PID:1920
- C:\Windows\System\hxIFoVK.exe
  C:\Windows\System\hxIFoVK.exe
  2⤵
  PID:4712
- C:\Windows\System\MnUUGtj.exe
  C:\Windows\System\MnUUGtj.exe
  2⤵
  PID:4380
- C:\Windows\System\BozsnJh.exe
  C:\Windows\System\BozsnJh.exe
  2⤵
  PID:1784
- C:\Windows\System\FfiFUEY.exe
  C:\Windows\System\FfiFUEY.exe
  2⤵
  PID:2964
- C:\Windows\System\sEwQLYu.exe
  C:\Windows\System\sEwQLYu.exe
  2⤵
  PID:2732
- C:\Windows\System\ufANKLF.exe
  C:\Windows\System\ufANKLF.exe
  2⤵
  PID:5036
- C:\Windows\System\TtSsdSo.exe
  C:\Windows\System\TtSsdSo.exe
  2⤵
  PID:3428
- C:\Windows\System\tYYWziM.exe
  C:\Windows\System\tYYWziM.exe
  2⤵
  PID:764
- C:\Windows\System\NyILoCj.exe
  C:\Windows\System\NyILoCj.exe
  2⤵
  PID:3492
- C:\Windows\System\yTrNuwC.exe
  C:\Windows\System\yTrNuwC.exe
  2⤵
  PID:4432
- C:\Windows\System\gVIOnwy.exe
  C:\Windows\System\gVIOnwy.exe
  2⤵
  PID:4152
- C:\Windows\System\GmzTYJA.exe
  C:\Windows\System\GmzTYJA.exe
  2⤵
  PID:1328
- C:\Windows\System\WYpIUcn.exe
  C:\Windows\System\WYpIUcn.exe
  2⤵
  PID:704
- C:\Windows\System\rRaDCky.exe
  C:\Windows\System\rRaDCky.exe
  2⤵
  PID:2428
- C:\Windows\System\aDGLkan.exe
  C:\Windows\System\aDGLkan.exe
  2⤵
  PID:3540
- C:\Windows\System\YbyrAkb.exe
  C:\Windows\System\YbyrAkb.exe
  2⤵
  PID:10256
- C:\Windows\System\UNiclTh.exe
  C:\Windows\System\UNiclTh.exe
  2⤵
  PID:10284
- C:\Windows\System\AXoLJSi.exe
  C:\Windows\System\AXoLJSi.exe
  2⤵
  PID:10352
- C:\Windows\System\PVctBiH.exe
  C:\Windows\System\PVctBiH.exe
  2⤵
  PID:10372
- C:\Windows\System\iNzDVIk.exe
  C:\Windows\System\iNzDVIk.exe
  2⤵
  PID:10408
- C:\Windows\System\wIXvHpj.exe
  C:\Windows\System\wIXvHpj.exe
  2⤵
  PID:10428
- C:\Windows\System\zIURmwd.exe
  C:\Windows\System\zIURmwd.exe
  2⤵
  PID:10464
- C:\Windows\System\unigMAi.exe
  C:\Windows\System\unigMAi.exe
  2⤵
  PID:10496
- C:\Windows\System\wcshXXT.exe
  C:\Windows\System\wcshXXT.exe
  2⤵
  PID:10524
- C:\Windows\System\lFvzKWg.exe
  C:\Windows\System\lFvzKWg.exe
  2⤵
  PID:10552
- C:\Windows\System\TLLrhsb.exe
  C:\Windows\System\TLLrhsb.exe
  2⤵
  PID:10580
- C:\Windows\System\eNkrClD.exe
  C:\Windows\System\eNkrClD.exe
  2⤵
  PID:10612
- C:\Windows\System\yJGDxLk.exe
  C:\Windows\System\yJGDxLk.exe
  2⤵
  PID:10636
- C:\Windows\System\cbMurLG.exe
  C:\Windows\System\cbMurLG.exe
  2⤵
  PID:10668
- C:\Windows\System\AKdFgrI.exe
  C:\Windows\System\AKdFgrI.exe
  2⤵
  PID:10688
- C:\Windows\System\nAIaITy.exe
  C:\Windows\System\nAIaITy.exe
  2⤵
  PID:10724
- C:\Windows\System\xpTsKZo.exe
  C:\Windows\System\xpTsKZo.exe
  2⤵
  PID:10740
- C:\Windows\System\wjddBjR.exe
  C:\Windows\System\wjddBjR.exe
  2⤵
  PID:10780
- C:\Windows\System\UeyfAyG.exe
  C:\Windows\System\UeyfAyG.exe
  2⤵
  PID:10808
- C:\Windows\System\FAQVWMK.exe
  C:\Windows\System\FAQVWMK.exe
  2⤵
  PID:10836
- C:\Windows\System\AggjmhR.exe
  C:\Windows\System\AggjmhR.exe
  2⤵
  PID:10864
- C:\Windows\System\lMfkgUb.exe
  C:\Windows\System\lMfkgUb.exe
  2⤵
  PID:10896
- C:\Windows\System\HIfFDjw.exe
  C:\Windows\System\HIfFDjw.exe
  2⤵
  PID:10924
- C:\Windows\System\FLmnWsg.exe
  C:\Windows\System\FLmnWsg.exe
  2⤵
  PID:10952
- C:\Windows\System\ppeUkYL.exe
  C:\Windows\System\ppeUkYL.exe
  2⤵
  PID:10980
- C:\Windows\System\nuOoXWY.exe
  C:\Windows\System\nuOoXWY.exe
  2⤵
  PID:11008
- C:\Windows\System\RiufNbE.exe
  C:\Windows\System\RiufNbE.exe
  2⤵
  PID:11036
- C:\Windows\System\VjZPANH.exe
  C:\Windows\System\VjZPANH.exe
  2⤵
  PID:11072
- C:\Windows\System\IfUKAGF.exe
  C:\Windows\System\IfUKAGF.exe
  2⤵
  PID:11104
- C:\Windows\System\kataYQj.exe
  C:\Windows\System\kataYQj.exe
  2⤵
  PID:11132
- C:\Windows\System\JPnFpgA.exe
  C:\Windows\System\JPnFpgA.exe
  2⤵
  PID:11160
- C:\Windows\System\posrMJw.exe
  C:\Windows\System\posrMJw.exe
  2⤵
  PID:11204
- C:\Windows\System\rAMwTby.exe
  C:\Windows\System\rAMwTby.exe
  2⤵
  PID:11240
- C:\Windows\System\pyocXDL.exe
  C:\Windows\System\pyocXDL.exe
  2⤵
  PID:11256
- C:\Windows\System\vWnZWTz.exe
  C:\Windows\System\vWnZWTz.exe
  2⤵
  PID:10348
- C:\Windows\System\igEKosU.exe
  C:\Windows\System\igEKosU.exe
  2⤵
  PID:10400
- C:\Windows\System\pDVibdi.exe
  C:\Windows\System\pDVibdi.exe
  2⤵
  PID:10460
- C:\Windows\System\ZULWsyb.exe
  C:\Windows\System\ZULWsyb.exe
  2⤵
  PID:1080
- C:\Windows\System\wTrssOi.exe
  C:\Windows\System\wTrssOi.exe
  2⤵
  PID:10608
- C:\Windows\System\UlzNIdE.exe
  C:\Windows\System\UlzNIdE.exe
  2⤵
  PID:10652
- C:\Windows\System\aqMOKoA.exe
  C:\Windows\System\aqMOKoA.exe
  2⤵
  PID:10696
- C:\Windows\System\FvnczoS.exe
  C:\Windows\System\FvnczoS.exe
  2⤵
  PID:10764
- C:\Windows\System\iUarkpg.exe
  C:\Windows\System\iUarkpg.exe
  2⤵
  PID:10828
- C:\Windows\System\PEIDCSB.exe
  C:\Windows\System\PEIDCSB.exe
  2⤵
  PID:10908
- C:\Windows\System\PcflFRm.exe
  C:\Windows\System\PcflFRm.exe
  2⤵
  PID:10972
- C:\Windows\System\NbQiqIN.exe
  C:\Windows\System\NbQiqIN.exe
  2⤵
  PID:11004
- C:\Windows\System\tLdTVOj.exe
  C:\Windows\System\tLdTVOj.exe
  2⤵
  PID:11096
- C:\Windows\System\rqRaVVr.exe
  C:\Windows\System\rqRaVVr.exe
  2⤵
  PID:11180
- C:\Windows\System\TCKjzjm.exe
  C:\Windows\System\TCKjzjm.exe
  2⤵
  PID:11232
- C:\Windows\System\minxAyh.exe
  C:\Windows\System\minxAyh.exe
  2⤵
  PID:10276
- C:\Windows\System\HGemFbb.exe
  C:\Windows\System\HGemFbb.exe
  2⤵
  PID:10492
- C:\Windows\System\xAHDRWc.exe
  C:\Windows\System\xAHDRWc.exe
  2⤵
  PID:2676
- C:\Windows\System\acITiVA.exe
  C:\Windows\System\acITiVA.exe
  2⤵
  PID:1748
- C:\Windows\System\BrgGkPF.exe
  C:\Windows\System\BrgGkPF.exe
  2⤵
  PID:4828
- C:\Windows\System\WgIhfQc.exe
  C:\Windows\System\WgIhfQc.exe
  2⤵
  PID:10596
- C:\Windows\System\myMYeaO.exe
  C:\Windows\System\myMYeaO.exe
  2⤵
  PID:10316
- C:\Windows\System\riJocgU.exe
  C:\Windows\System\riJocgU.exe
  2⤵
  PID:1056
- C:\Windows\System\lbflnqZ.exe
  C:\Windows\System\lbflnqZ.exe
  2⤵
  PID:4644
- C:\Windows\System\sHnJwGu.exe
  C:\Windows\System\sHnJwGu.exe
  2⤵
  PID:11124
- C:\Windows\System\fBRrNoU.exe
  C:\Windows\System\fBRrNoU.exe
  2⤵
  PID:11200
- C:\Windows\System\EbviXUk.exe
  C:\Windows\System\EbviXUk.exe
  2⤵
  PID:10248
- C:\Windows\System\svVzKzY.exe
  C:\Windows\System\svVzKzY.exe
  2⤵
  PID:856
- C:\Windows\System\ScXRnOl.exe
  C:\Windows\System\ScXRnOl.exe
  2⤵
  PID:10800
- C:\Windows\System\nPBMnpg.exe
  C:\Windows\System\nPBMnpg.exe
  2⤵
  PID:11172
- C:\Windows\System\yUbhyoC.exe
  C:\Windows\System\yUbhyoC.exe
  2⤵
  PID:5472
- C:\Windows\System\OMVPSvx.exe
  C:\Windows\System\OMVPSvx.exe
  2⤵
  PID:5400
- C:\Windows\System\yUZRkgU.exe
  C:\Windows\System\yUZRkgU.exe
  2⤵
  PID:10392
- C:\Windows\System\fFAqoGq.exe
  C:\Windows\System\fFAqoGq.exe
  2⤵
  PID:11268
- C:\Windows\System\ddfpaVl.exe
  C:\Windows\System\ddfpaVl.exe
  2⤵
  PID:11332
- C:\Windows\System\juAeSnP.exe
  C:\Windows\System\juAeSnP.exe
  2⤵
  PID:11360
- C:\Windows\System\SkSbKLD.exe
  C:\Windows\System\SkSbKLD.exe
  2⤵
  PID:11388
- C:\Windows\System\NNzkJcu.exe
  C:\Windows\System\NNzkJcu.exe
  2⤵
  PID:11420
- C:\Windows\System\vBsQRmI.exe
  C:\Windows\System\vBsQRmI.exe
  2⤵
  PID:11448
- C:\Windows\System\EWObNlG.exe
  C:\Windows\System\EWObNlG.exe
  2⤵
  PID:11476
- C:\Windows\System\xFKUUUr.exe
  C:\Windows\System\xFKUUUr.exe
  2⤵
  PID:11504
- C:\Windows\System\GStUdcJ.exe
  C:\Windows\System\GStUdcJ.exe
  2⤵
  PID:11536
- C:\Windows\System\YriKuuI.exe
  C:\Windows\System\YriKuuI.exe
  2⤵
  PID:11580
- C:\Windows\System\mFsRZnP.exe
  C:\Windows\System\mFsRZnP.exe
  2⤵
  PID:11636
- C:\Windows\System\bBJdlsD.exe
  C:\Windows\System\bBJdlsD.exe
  2⤵
  PID:11668
- C:\Windows\System\gznEAXa.exe
  C:\Windows\System\gznEAXa.exe
  2⤵
  PID:11700
- C:\Windows\System\IzqCTlO.exe
  C:\Windows\System\IzqCTlO.exe
  2⤵
  PID:11732
- C:\Windows\System\VoqpdZH.exe
  C:\Windows\System\VoqpdZH.exe
  2⤵
  PID:11760
- C:\Windows\System\sHrkFfW.exe
  C:\Windows\System\sHrkFfW.exe
  2⤵
  PID:11796
- C:\Windows\System\XfICjRG.exe
  C:\Windows\System\XfICjRG.exe
  2⤵
  PID:11824
- C:\Windows\System\LcvgXOW.exe
  C:\Windows\System\LcvgXOW.exe
  2⤵
  PID:11852
- C:\Windows\System\gkTzzKC.exe
  C:\Windows\System\gkTzzKC.exe
  2⤵
  PID:11880
- C:\Windows\System\zuuSdNe.exe
  C:\Windows\System\zuuSdNe.exe
  2⤵
  PID:11908
- C:\Windows\System\GCQBJDK.exe
  C:\Windows\System\GCQBJDK.exe
  2⤵
  PID:11936
- C:\Windows\System\aTJKBrC.exe
  C:\Windows\System\aTJKBrC.exe
  2⤵
  PID:11964
- C:\Windows\System\wNhFUaD.exe
  C:\Windows\System\wNhFUaD.exe
  2⤵
  PID:11992
- C:\Windows\System\aZDzrqW.exe
  C:\Windows\System\aZDzrqW.exe
  2⤵
  PID:12024
- C:\Windows\System\EwUKGXM.exe
  C:\Windows\System\EwUKGXM.exe
  2⤵
  PID:12068
- C:\Windows\System\ponjozc.exe
  C:\Windows\System\ponjozc.exe
  2⤵
  PID:12096
- C:\Windows\System\sAuxiwT.exe
  C:\Windows\System\sAuxiwT.exe
  2⤵
  PID:12124
- C:\Windows\System\mdtqcOM.exe
  C:\Windows\System\mdtqcOM.exe
  2⤵
  PID:12160
- C:\Windows\System\osJkGNL.exe
  C:\Windows\System\osJkGNL.exe
  2⤵
  PID:12200
- C:\Windows\System\aCxjyyV.exe
  C:\Windows\System\aCxjyyV.exe
  2⤵
  PID:12272
- C:\Windows\System\XNdEdqX.exe
  C:\Windows\System\XNdEdqX.exe
  2⤵
  PID:11284
- C:\Windows\System\CcvCvMa.exe
  C:\Windows\System\CcvCvMa.exe
  2⤵
  PID:11324
- C:\Windows\System\cXUaBXE.exe
  C:\Windows\System\cXUaBXE.exe
  2⤵
  PID:11380
- C:\Windows\System\xpJnDyx.exe
  C:\Windows\System\xpJnDyx.exe
  2⤵
  PID:11444
- C:\Windows\System\lowMRSQ.exe
  C:\Windows\System\lowMRSQ.exe
  2⤵
  PID:11528
- C:\Windows\System\XggPhWb.exe
  C:\Windows\System\XggPhWb.exe
  2⤵
  PID:11568
- C:\Windows\System\LdjbPwp.exe
  C:\Windows\System\LdjbPwp.exe
  2⤵
  PID:11652
- C:\Windows\System\bGmxbQn.exe
  C:\Windows\System\bGmxbQn.exe
  2⤵
  PID:11752
- C:\Windows\System\zbioRrs.exe
  C:\Windows\System\zbioRrs.exe
  2⤵
  PID:11820
- C:\Windows\System\vuTsvJu.exe
  C:\Windows\System\vuTsvJu.exe
  2⤵
  PID:11892
- C:\Windows\System\efztiHL.exe
  C:\Windows\System\efztiHL.exe
  2⤵
  PID:11956
- C:\Windows\System\tmBpLOa.exe
  C:\Windows\System\tmBpLOa.exe
  2⤵
  PID:12048
- C:\Windows\System\OoOBchR.exe
  C:\Windows\System\OoOBchR.exe
  2⤵
  PID:12120
- C:\Windows\System\JVFHNDb.exe
  C:\Windows\System\JVFHNDb.exe
  2⤵
  PID:12252
- C:\Windows\System\XNZQgiL.exe
  C:\Windows\System\XNZQgiL.exe
  2⤵
  PID:11404
- C:\Windows\System\SOlHCGo.exe
  C:\Windows\System\SOlHCGo.exe
  2⤵
  PID:11532
- C:\Windows\System\yoOSRqX.exe
  C:\Windows\System\yoOSRqX.exe
  2⤵
  PID:11680
- C:\Windows\System\EgKQsDf.exe
  C:\Windows\System\EgKQsDf.exe
  2⤵
  PID:11876
- C:\Windows\System\cykjRZe.exe
  C:\Windows\System\cykjRZe.exe
  2⤵
  PID:12044
- C:\Windows\System\PHPSHJe.exe
  C:\Windows\System\PHPSHJe.exe
  2⤵
  PID:12216
- C:\Windows\System\EtsvNEl.exe
  C:\Windows\System\EtsvNEl.exe
  2⤵
  PID:11516
- C:\Windows\System\myVAWwC.exe
  C:\Windows\System\myVAWwC.exe
  2⤵
  PID:4820
- C:\Windows\System\bqpRLbY.exe
  C:\Windows\System\bqpRLbY.exe
  2⤵
  PID:11728
- C:\Windows\System\zjxWEYF.exe
  C:\Windows\System\zjxWEYF.exe
  2⤵
  PID:6208
- C:\Windows\System\wNXBrhN.exe
  C:\Windows\System\wNXBrhN.exe
  2⤵
  PID:6356
- C:\Windows\System\rFWCClm.exe
  C:\Windows\System\rFWCClm.exe
  2⤵
  PID:6416
- C:\Windows\System\pfevrHs.exe
  C:\Windows\System\pfevrHs.exe
  2⤵
  PID:6628
- C:\Windows\System\Vtswvni.exe
  C:\Windows\System\Vtswvni.exe
  2⤵
  PID:6748
- C:\Windows\System\DVAxHDi.exe
  C:\Windows\System\DVAxHDi.exe
  2⤵
  PID:3836
- C:\Windows\System\NkchxAi.exe
  C:\Windows\System\NkchxAi.exe
  2⤵
  PID:6612
- C:\Windows\System\hncFOxF.exe
  C:\Windows\System\hncFOxF.exe
  2⤵
  PID:6728
- C:\Windows\System\XTWfzRt.exe
  C:\Windows\System\XTWfzRt.exe
  2⤵
  PID:1964
- C:\Windows\System\zLFsJHk.exe
  C:\Windows\System\zLFsJHk.exe
  2⤵
  PID:3444
- C:\Windows\System\fXAwjUs.exe
  C:\Windows\System\fXAwjUs.exe
  2⤵
  PID:7008
- C:\Windows\System\mzMhoAD.exe
  C:\Windows\System\mzMhoAD.exe
  2⤵
  PID:12320
- C:\Windows\System\LSfxlax.exe
  C:\Windows\System\LSfxlax.exe
  2⤵
  PID:12348
- C:\Windows\System\zgoiZOE.exe
  C:\Windows\System\zgoiZOE.exe
  2⤵
  PID:12376
- C:\Windows\System\sZxfEls.exe
  C:\Windows\System\sZxfEls.exe
  2⤵
  PID:12452
- C:\Windows\System\ujvQCxf.exe
  C:\Windows\System\ujvQCxf.exe
  2⤵
  PID:12480
- C:\Windows\System\LVXPSXl.exe
  C:\Windows\System\LVXPSXl.exe
  2⤵
  PID:12528
- C:\Windows\System\sYMixvG.exe
  C:\Windows\System\sYMixvG.exe
  2⤵
  PID:12580
- C:\Windows\System\pPFxLkr.exe
  C:\Windows\System\pPFxLkr.exe
  2⤵
  PID:12608
- C:\Windows\System\pRTXJfe.exe
  C:\Windows\System\pRTXJfe.exe
  2⤵
  PID:12640
- C:\Windows\System\KijXgtL.exe
  C:\Windows\System\KijXgtL.exe
  2⤵
  PID:12684
- C:\Windows\System\hyGhbsF.exe
  C:\Windows\System\hyGhbsF.exe
  2⤵
  PID:12740
- C:\Windows\System\paWYLho.exe
  C:\Windows\System\paWYLho.exe
  2⤵
  PID:12768
- C:\Windows\System\vyZurcQ.exe
  C:\Windows\System\vyZurcQ.exe
  2⤵
  PID:12804
- C:\Windows\System\jFhcYLw.exe
  C:\Windows\System\jFhcYLw.exe
  2⤵
  PID:12840
- C:\Windows\System\pXAAXzc.exe
  C:\Windows\System\pXAAXzc.exe
  2⤵
  PID:12864
- C:\Windows\System\ayzAKZy.exe
  C:\Windows\System\ayzAKZy.exe
  2⤵
  PID:12908
- C:\Windows\System\ksmiygV.exe
  C:\Windows\System\ksmiygV.exe
  2⤵
  PID:12936
- C:\Windows\System\xxKmCCG.exe
  C:\Windows\System\xxKmCCG.exe
  2⤵
  PID:12964
- C:\Windows\System\TcaryVy.exe
  C:\Windows\System\TcaryVy.exe
  2⤵
  PID:12992
- C:\Windows\System\OUFGBjw.exe
  C:\Windows\System\OUFGBjw.exe
  2⤵
  PID:13020
- C:\Windows\System\rHcfQqA.exe
  C:\Windows\System\rHcfQqA.exe
  2⤵
  PID:13048
- C:\Windows\System\drBAZTp.exe
  C:\Windows\System\drBAZTp.exe
  2⤵
  PID:13076
- C:\Windows\System\pSFhnoB.exe
  C:\Windows\System\pSFhnoB.exe
  2⤵
  PID:13104
- C:\Windows\System\Ifzchyt.exe
  C:\Windows\System\Ifzchyt.exe
  2⤵
  PID:13132
- C:\Windows\System\hyTPhPP.exe
  C:\Windows\System\hyTPhPP.exe
  2⤵
  PID:13160
- C:\Windows\System\qHKiFPi.exe
  C:\Windows\System\qHKiFPi.exe
  2⤵
  PID:13188
- C:\Windows\System\OKiYPgT.exe
  C:\Windows\System\OKiYPgT.exe
  2⤵
  PID:13212
- C:\Windows\System\jTCVBYT.exe
  C:\Windows\System\jTCVBYT.exe
  2⤵
  PID:13244
- C:\Windows\System\OcBJFaz.exe
  C:\Windows\System\OcBJFaz.exe
  2⤵
  PID:13272
- C:\Windows\System\rjPDpRJ.exe
  C:\Windows\System\rjPDpRJ.exe
  2⤵
  PID:13300
- C:\Windows\System\YJDuVbM.exe
  C:\Windows\System\YJDuVbM.exe
  2⤵
  PID:7036
- C:\Windows\System\zhFXgeF.exe
  C:\Windows\System\zhFXgeF.exe
  2⤵
  PID:644
- C:\Windows\System\hAsEpBr.exe
  C:\Windows\System\hAsEpBr.exe
  2⤵
  PID:12364
- C:\Windows\System\aoFCgiq.exe
  C:\Windows\System\aoFCgiq.exe
  2⤵
  PID:6272
- C:\Windows\System\uzvtqXJ.exe
  C:\Windows\System\uzvtqXJ.exe
  2⤵
  PID:6920
- C:\Windows\System\VKNJISs.exe
  C:\Windows\System\VKNJISs.exe
  2⤵
  PID:6252
- C:\Windows\System\pAqCBAy.exe
  C:\Windows\System\pAqCBAy.exe
  2⤵
  PID:6424
- C:\Windows\System\CpLINpe.exe
  C:\Windows\System\CpLINpe.exe
  2⤵
  PID:6668
- C:\Windows\System\DUxmFwC.exe
  C:\Windows\System\DUxmFwC.exe
  2⤵
  PID:6932
- C:\Windows\System\pvbFJuB.exe
  C:\Windows\System\pvbFJuB.exe
  2⤵
  PID:7136
- C:\Windows\System\tKDifcz.exe
  C:\Windows\System\tKDifcz.exe
  2⤵
  PID:6384
- C:\Windows\System\yWNQhKE.exe
  C:\Windows\System\yWNQhKE.exe
  2⤵
  PID:2356
- C:\Windows\System\YlehqDF.exe
  C:\Windows\System\YlehqDF.exe
  2⤵
  PID:3592
- C:\Windows\System\KceETnx.exe
  C:\Windows\System\KceETnx.exe
  2⤵
  PID:5080
- C:\Windows\System\hHMqsYW.exe
  C:\Windows\System\hHMqsYW.exe
  2⤵
  PID:4868
- C:\Windows\System\DtmrFyX.exe
  C:\Windows\System\DtmrFyX.exe
  2⤵
  PID:4492
- C:\Windows\System\erumgJD.exe
  C:\Windows\System\erumgJD.exe
  2⤵
  PID:2376
- C:\Windows\System\KROPLTw.exe
  C:\Windows\System\KROPLTw.exe
  2⤵
  PID:12472
- C:\Windows\System\fcWiqFW.exe
  C:\Windows\System\fcWiqFW.exe
  2⤵
  PID:7216
- C:\Windows\System\LXjIksb.exe
  C:\Windows\System\LXjIksb.exe
  2⤵
  PID:2824
- C:\Windows\System\lrCNSVm.exe
  C:\Windows\System\lrCNSVm.exe
  2⤵
  PID:12588
- C:\Windows\System\txuhyXz.exe
  C:\Windows\System\txuhyXz.exe
  2⤵
  PID:12632
- C:\Windows\System\GFtFPFy.exe
  C:\Windows\System\GFtFPFy.exe
  2⤵
  PID:12724
- C:\Windows\System\YHDcQgL.exe
  C:\Windows\System\YHDcQgL.exe
  2⤵
  PID:12760
- C:\Windows\System\nMzYBnw.exe
  C:\Windows\System\nMzYBnw.exe
  2⤵
  PID:12816
- C:\Windows\System\EzHifSP.exe
  C:\Windows\System\EzHifSP.exe
  2⤵
  PID:5208
- C:\Windows\System\aZEZYmD.exe
  C:\Windows\System\aZEZYmD.exe
  2⤵
  PID:12876
- C:\Windows\System\pwRgyRv.exe
  C:\Windows\System\pwRgyRv.exe
  2⤵
  PID:12420
- C:\Windows\System\nOtkkIY.exe
  C:\Windows\System\nOtkkIY.exe
  2⤵
  PID:12428
- C:\Windows\System\vyjPVFu.exe
  C:\Windows\System\vyjPVFu.exe
  2⤵
  PID:5312
- C:\Windows\System\aOgKUSn.exe
  C:\Windows\System\aOgKUSn.exe
  2⤵
  PID:5348
- C:\Windows\System\piUxYLx.exe
  C:\Windows\System\piUxYLx.exe
  2⤵
  PID:5372
- C:\Windows\System\MvZrlCp.exe
  C:\Windows\System\MvZrlCp.exe
  2⤵
  PID:5388
- C:\Windows\System\EuSyWlj.exe
  C:\Windows\System\EuSyWlj.exe
  2⤵
  PID:13156
- C:\Windows\System\VGFDGGH.exe
  C:\Windows\System\VGFDGGH.exe
  2⤵
  PID:13200
- C:\Windows\System\NYQXRSn.exe
  C:\Windows\System\NYQXRSn.exe
  2⤵
  PID:7816
- C:\Windows\System\ClHeHWq.exe
  C:\Windows\System\ClHeHWq.exe
  2⤵
  PID:13296
- C:\Windows\System\uHAhYar.exe
  C:\Windows\System\uHAhYar.exe
  2⤵
  PID:6684
- C:\Windows\System\wwRAGIV.exe
  C:\Windows\System\wwRAGIV.exe
  2⤵
  PID:5592
- C:\Windows\System\prJCPMG.exe
  C:\Windows\System\prJCPMG.exe
  2⤵
  PID:1436
- C:\Windows\System\uDcAffQ.exe
  C:\Windows\System\uDcAffQ.exe
  2⤵
  PID:5668
- C:\Windows\System\iHmfxKZ.exe
  C:\Windows\System\iHmfxKZ.exe
  2⤵
  PID:6608
- C:\Windows\System\PlFofFx.exe
  C:\Windows\System\PlFofFx.exe
  2⤵
  PID:7032
- C:\Windows\System\byFTjCR.exe
  C:\Windows\System\byFTjCR.exe
  2⤵
  PID:8124
- C:\Windows\System\ueDplaD.exe
  C:\Windows\System\ueDplaD.exe
  2⤵
  PID:2684
- C:\Windows\System\jEjVwtX.exe
  C:\Windows\System\jEjVwtX.exe
  2⤵
  PID:5844
- C:\Windows\System\oIdYCXq.exe
  C:\Windows\System\oIdYCXq.exe
  2⤵
  PID:1696
- C:\Windows\System\FZNWZVj.exe
  C:\Windows\System\FZNWZVj.exe
  2⤵
  PID:3464
- C:\Windows\System\tyuMjfI.exe
  C:\Windows\System\tyuMjfI.exe
  2⤵
  PID:5920
- C:\Windows\System\RdaJesv.exe
  C:\Windows\System\RdaJesv.exe
  2⤵
  PID:4996
- C:\Windows\System\NNMHmbT.exe
  C:\Windows\System\NNMHmbT.exe
  2⤵
  PID:12672
- C:\Windows\System\nTWPyMo.exe
  C:\Windows\System\nTWPyMo.exe
  2⤵
  PID:12732
- C:\Windows\System\dWTioZP.exe
  C:\Windows\System\dWTioZP.exe
  2⤵
  PID:12860
- C:\Windows\System\BQksCUI.exe
  C:\Windows\System\BQksCUI.exe
  2⤵
  PID:12888
- C:\Windows\System\ngfGyXn.exe
  C:\Windows\System\ngfGyXn.exe
  2⤵
  PID:12132
- C:\Windows\System\hPtSlEx.exe
  C:\Windows\System\hPtSlEx.exe
  2⤵
  PID:13060
- C:\Windows\System\iDyvwat.exe
  C:\Windows\System\iDyvwat.exe
  2⤵
  PID:13100
- C:\Windows\System\DcOAmrY.exe
  C:\Windows\System\DcOAmrY.exe
  2⤵
  PID:4468
- C:\Windows\System\HdEhHze.exe
  C:\Windows\System\HdEhHze.exe
  2⤵
  PID:1880
- C:\Windows\System\mSajELm.exe
  C:\Windows\System\mSajELm.exe
  2⤵
  PID:11616
- C:\Windows\System\ubpDTeD.exe
  C:\Windows\System\ubpDTeD.exe
  2⤵
  PID:11564
- C:\Windows\System\jgBXMgc.exe
  C:\Windows\System\jgBXMgc.exe
  2⤵
  PID:12308
- C:\Windows\System\dqnTbjD.exe
  C:\Windows\System\dqnTbjD.exe
  2⤵
  PID:2416
- C:\Windows\System\SAJfTSd.exe
  C:\Windows\System\SAJfTSd.exe
  2⤵
  PID:5676
- C:\Windows\System\hKqeanF.exe
  C:\Windows\System\hKqeanF.exe
  2⤵
  PID:6968
- C:\Windows\System\GufHwJa.exe
  C:\Windows\System\GufHwJa.exe
  2⤵
  PID:6656
- C:\Windows\System\qZthRvw.exe
  C:\Windows\System\qZthRvw.exe
  2⤵
  PID:6196
- C:\Windows\System\qhaXDWm.exe
  C:\Windows\System\qhaXDWm.exe
  2⤵
  PID:8228
- C:\Windows\System\JiJfKKn.exe
  C:\Windows\System\JiJfKKn.exe
  2⤵
  PID:12492
- C:\Windows\System\DZDUpgn.exe
  C:\Windows\System\DZDUpgn.exe
  2⤵
  PID:12836
- C:\Windows\System\ILYMAdg.exe
  C:\Windows\System\ILYMAdg.exe
  2⤵
  PID:5824
- C:\Windows\System\zQOLtHK.exe
  C:\Windows\System\zQOLtHK.exe
  2⤵
  PID:13040
- C:\Windows\System\gOJqyZK.exe
  C:\Windows\System\gOJqyZK.exe
  2⤵
  PID:13228
- C:\Windows\System\ljxnfMR.exe
  C:\Windows\System\ljxnfMR.exe
  2⤵
  PID:11560
- C:\Windows\System\LOLctbK.exe
  C:\Windows\System\LOLctbK.exe
  2⤵
  PID:6140
- C:\Windows\System\MfxJmxx.exe
  C:\Windows\System\MfxJmxx.exe
  2⤵
  PID:2832
- C:\Windows\System\cBsNoSt.exe
  C:\Windows\System\cBsNoSt.exe
  2⤵
  PID:5252
- C:\Windows\System\mQwIWKu.exe
  C:\Windows\System\mQwIWKu.exe
  2⤵
  PID:6240
- C:\Windows\System\UYqMCjH.exe
  C:\Windows\System\UYqMCjH.exe
  2⤵
  PID:2192
- C:\Windows\System\NHKHrzS.exe
  C:\Windows\System\NHKHrzS.exe
  2⤵
  PID:5852
- C:\Windows\System\WwPXcDi.exe
  C:\Windows\System\WwPXcDi.exe
  2⤵
  PID:2876
- C:\Windows\System\CZLmpBp.exe
  C:\Windows\System\CZLmpBp.exe
  2⤵
  PID:5900
- C:\Windows\System\yMUTSHZ.exe
  C:\Windows\System\yMUTSHZ.exe
  2⤵
  PID:6016
- C:\Windows\System\HfjzkOH.exe
  C:\Windows\System\HfjzkOH.exe
  2⤵
  PID:5180
- C:\Windows\System\HHKDiEX.exe
  C:\Windows\System\HHKDiEX.exe
  2⤵
  PID:2848
- C:\Windows\System\gRUzAVj.exe
  C:\Windows\System\gRUzAVj.exe
  2⤵
  PID:6128
- C:\Windows\System\mYbKrdB.exe
  C:\Windows\System\mYbKrdB.exe
  2⤵
  PID:6036
- C:\Windows\System\rPQTEBN.exe
  C:\Windows\System\rPQTEBN.exe
  2⤵
  PID:3148
- C:\Windows\System\FoMhMBi.exe
  C:\Windows\System\FoMhMBi.exe
  2⤵
  PID:6404
- C:\Windows\System\yoLTwXJ.exe
  C:\Windows\System\yoLTwXJ.exe
  2⤵
  PID:13152
- C:\Windows\System\zRidyPw.exe
  C:\Windows\System\zRidyPw.exe
  2⤵
  PID:13336
- C:\Windows\System\ZwLbOCX.exe
  C:\Windows\System\ZwLbOCX.exe
  2⤵
  PID:13368
- C:\Windows\System\SrGnUSj.exe
  C:\Windows\System\SrGnUSj.exe
  2⤵
  PID:13392
- C:\Windows\System\BMtgaZB.exe
  C:\Windows\System\BMtgaZB.exe
  2⤵
  PID:13424
- C:\Windows\System\LQkHFtC.exe
  C:\Windows\System\LQkHFtC.exe
  2⤵
  PID:13448
- C:\Windows\System\IktbgOh.exe
  C:\Windows\System\IktbgOh.exe
  2⤵
  PID:13480
- C:\Windows\System\lxKQLAk.exe
  C:\Windows\System\lxKQLAk.exe
  2⤵
  PID:13508
- C:\Windows\System\cgPFgDE.exe
  C:\Windows\System\cgPFgDE.exe
  2⤵
  PID:13536
- C:\Windows\System\LaaCifm.exe
  C:\Windows\System\LaaCifm.exe
  2⤵
  PID:13564
- C:\Windows\System\TzJvnxV.exe
  C:\Windows\System\TzJvnxV.exe
  2⤵
  PID:13592
- C:\Windows\System\BtYtlPM.exe
  C:\Windows\System\BtYtlPM.exe
  2⤵
  PID:13624
- C:\Windows\System\wLQdWWB.exe
  C:\Windows\System\wLQdWWB.exe
  2⤵
  PID:13652
- C:\Windows\System\kdaJKgr.exe
  C:\Windows\System\kdaJKgr.exe
  2⤵
  PID:13680
- C:\Windows\System\JylVwHF.exe
  C:\Windows\System\JylVwHF.exe
  2⤵
  PID:13708
- C:\Windows\System\hEUzzkh.exe
  C:\Windows\System\hEUzzkh.exe
  2⤵
  PID:13736
- C:\Windows\System\BDGILVX.exe
  C:\Windows\System\BDGILVX.exe
  2⤵
  PID:13764
- C:\Windows\System\qWPgOiQ.exe
  C:\Windows\System\qWPgOiQ.exe
  2⤵
  PID:13792
- C:\Windows\System\YgrpdDp.exe
  C:\Windows\System\YgrpdDp.exe
  2⤵
  PID:13820
- C:\Windows\System\hZzVDCf.exe
  C:\Windows\System\hZzVDCf.exe
  2⤵
  PID:13856
- C:\Windows\System\RiVTKbK.exe
  C:\Windows\System\RiVTKbK.exe
  2⤵
  PID:13884
- C:\Windows\System\KtQCdmw.exe
  C:\Windows\System\KtQCdmw.exe
  2⤵
  PID:13912
- C:\Windows\System\wdFkFxT.exe
  C:\Windows\System\wdFkFxT.exe
  2⤵
  PID:13948
- C:\Windows\System\NnhnMfa.exe
  C:\Windows\System\NnhnMfa.exe
  2⤵
  PID:13976
- C:\Windows\System\ODnejFt.exe
  C:\Windows\System\ODnejFt.exe
  2⤵
  PID:14016
- C:\Windows\System\VvGLwQf.exe
  C:\Windows\System\VvGLwQf.exe
  2⤵
  PID:14056
- C:\Windows\System\xvShpeR.exe
  C:\Windows\System\xvShpeR.exe
  2⤵
  PID:14084
- C:\Windows\System\ogTeuup.exe
  C:\Windows\System\ogTeuup.exe
  2⤵
  PID:14116
- C:\Windows\System\UtkIdYP.exe
  C:\Windows\System\UtkIdYP.exe
  2⤵
  PID:14144
- C:\Windows\System\AItkINa.exe
  C:\Windows\System\AItkINa.exe
  2⤵
  PID:14172
- C:\Windows\System\XyjhRqS.exe
  C:\Windows\System\XyjhRqS.exe
  2⤵
  PID:14200
- C:\Windows\System\einOmPM.exe
  C:\Windows\System\einOmPM.exe
  2⤵
  PID:14228
- C:\Windows\System\NRTdzpw.exe
  C:\Windows\System\NRTdzpw.exe
  2⤵
  PID:14264
- C:\Windows\System\sRkKeCO.exe
  C:\Windows\System\sRkKeCO.exe
  2⤵
  PID:14308
- C:\Windows\System\ubOXBxZ.exe
  C:\Windows\System\ubOXBxZ.exe
  2⤵
  PID:13320
- C:\Windows\System\LPLqIwB.exe
  C:\Windows\System\LPLqIwB.exe
  2⤵
  PID:13384
- C:\Windows\System\fNUqQMs.exe
  C:\Windows\System\fNUqQMs.exe
  2⤵
  PID:13444
- C:\Windows\System\VYrcQuE.exe
  C:\Windows\System\VYrcQuE.exe
  2⤵
  PID:13520
- C:\Windows\System\fjxDyYa.exe
  C:\Windows\System\fjxDyYa.exe
  2⤵
  PID:13576
- C:\Windows\System\lwtFkPQ.exe
  C:\Windows\System\lwtFkPQ.exe
  2⤵
  PID:13616
- C:\Windows\System\mNLEIiH.exe
  C:\Windows\System\mNLEIiH.exe
  2⤵
  PID:6836
- C:\Windows\System\OAjXMLA.exe
  C:\Windows\System\OAjXMLA.exe
  2⤵
  PID:13728
- C:\Windows\System\musCkpk.exe
  C:\Windows\System\musCkpk.exe
  2⤵
  PID:13784
- C:\Windows\System\aLiNyiG.exe
  C:\Windows\System\aLiNyiG.exe
  2⤵
  PID:13832
- C:\Windows\System\RZttvqM.exe
  C:\Windows\System\RZttvqM.exe
  2⤵
  PID:5392
- C:\Windows\System\cporRUj.exe
  C:\Windows\System\cporRUj.exe
  2⤵
  PID:4856
- C:\Windows\System\ldYbOXf.exe
  C:\Windows\System\ldYbOXf.exe
  2⤵
  PID:7004
- C:\Windows\System\ABVVwYA.exe
  C:\Windows\System\ABVVwYA.exe
  2⤵
  PID:13956
- C:\Windows\System\feiQxAV.exe
  C:\Windows\System\feiQxAV.exe
  2⤵
  PID:13996
- C:\Windows\System\ZYQAeaj.exe
  C:\Windows\System\ZYQAeaj.exe
  2⤵
  PID:14076
- C:\Windows\System\IpxQEwd.exe
  C:\Windows\System\IpxQEwd.exe
  2⤵
  PID:14136
- C:\Windows\System\GjVRxuX.exe
  C:\Windows\System\GjVRxuX.exe
  2⤵
  PID:14184
- C:\Windows\System\eaOmDAC.exe
  C:\Windows\System\eaOmDAC.exe
  2⤵
  PID:14224
- C:\Windows\System\lNvLNPs.exe
  C:\Windows\System\lNvLNPs.exe
  2⤵
  PID:14296
- C:\Windows\System\Nsprxpm.exe
  C:\Windows\System\Nsprxpm.exe
  2⤵
  PID:13412
- C:\Windows\System\ZdUfnMo.exe
  C:\Windows\System\ZdUfnMo.exe
  2⤵
  PID:13556
- C:\Windows\System\kRcRvwP.exe
  C:\Windows\System\kRcRvwP.exe
  2⤵
  PID:13668
- C:\Windows\System\clLiaYH.exe
  C:\Windows\System\clLiaYH.exe
  2⤵
  PID:13780
- C:\Windows\System\yZgdlsl.exe
  C:\Windows\System\yZgdlsl.exe
  2⤵
  PID:3924
- C:\Windows\System\AOOtmMh.exe
  C:\Windows\System\AOOtmMh.exe
  2⤵
  PID:13908
- C:\Windows\System\ayqUYXV.exe
  C:\Windows\System\ayqUYXV.exe
  2⤵
  PID:9236
- C:\Windows\System\QZQabZF.exe
  C:\Windows\System\QZQabZF.exe
  2⤵
  PID:14168
- C:\Windows\System\gJLpfwo.exe
  C:\Windows\System\gJLpfwo.exe
  2⤵
  PID:14292
- C:\Windows\System\DZWjdRy.exe
  C:\Windows\System\DZWjdRy.exe
  2⤵
  PID:13532
- C:\Windows\System\zImjtqr.exe
  C:\Windows\System\zImjtqr.exe
  2⤵
  PID:13816
- C:\Windows\System\EOSWqzI.exe
  C:\Windows\System\EOSWqzI.exe
  2⤵
  PID:7072
- C:\Windows\System\BpKjfux.exe
  C:\Windows\System\BpKjfux.exe
  2⤵
  PID:14276
- C:\Windows\System\OawPJlv.exe
  C:\Windows\System\OawPJlv.exe
  2⤵
  PID:14092
- C:\Windows\System\fUpeZMm.exe
  C:\Windows\System\fUpeZMm.exe
  2⤵
  PID:3368
- C:\Windows\System\HZmFPoB.exe
  C:\Windows\System\HZmFPoB.exe
  2⤵
  PID:6700
- C:\Windows\System\JNdRsPW.exe
  C:\Windows\System\JNdRsPW.exe
  2⤵
  PID:6876
- C:\Windows\System\dknoqJP.exe
  C:\Windows\System\dknoqJP.exe
  2⤵
  PID:14352
- C:\Windows\System\NJOIZKR.exe
  C:\Windows\System\NJOIZKR.exe
  2⤵
  PID:14380
- C:\Windows\System\drkvHHv.exe
  C:\Windows\System\drkvHHv.exe
  2⤵
  PID:14424
- C:\Windows\System\JjblyQF.exe
  C:\Windows\System\JjblyQF.exe
  2⤵
  PID:14440
- C:\Windows\System\LQgtXhf.exe
  C:\Windows\System\LQgtXhf.exe
  2⤵
  PID:14468
- C:\Windows\System\FXZIxdi.exe
  C:\Windows\System\FXZIxdi.exe
  2⤵
  PID:14496
- C:\Windows\System\JMKWGda.exe
  C:\Windows\System\JMKWGda.exe
  2⤵
  PID:14524
- C:\Windows\System\OrQZkfc.exe
  C:\Windows\System\OrQZkfc.exe
  2⤵
  PID:14552
- C:\Windows\System\XtVoRnV.exe
  C:\Windows\System\XtVoRnV.exe
  2⤵
  PID:14580
- C:\Windows\System\WykyJtN.exe
  C:\Windows\System\WykyJtN.exe
  2⤵
  PID:14608
- C:\Windows\System\bwfhgnA.exe
  C:\Windows\System\bwfhgnA.exe
  2⤵
  PID:14636
- C:\Windows\System\piKlgnE.exe
  C:\Windows\System\piKlgnE.exe
  2⤵
  PID:14664
- C:\Windows\System\NTitnWi.exe
  C:\Windows\System\NTitnWi.exe
  2⤵
  PID:14692
- C:\Windows\System\jOgcllu.exe
  C:\Windows\System\jOgcllu.exe
  2⤵
  PID:14720
- C:\Windows\System\CwypPHk.exe
  C:\Windows\System\CwypPHk.exe
  2⤵
  PID:14748
- C:\Windows\System\UYPeBJf.exe
  C:\Windows\System\UYPeBJf.exe
  2⤵
  PID:14776
- C:\Windows\System\YpNEvez.exe
  C:\Windows\System\YpNEvez.exe
  2⤵
  PID:14804
- C:\Windows\System\UQnbiGv.exe
  C:\Windows\System\UQnbiGv.exe
  2⤵
  PID:14832
- C:\Windows\System\dOJBkBO.exe
  C:\Windows\System\dOJBkBO.exe
  2⤵
  PID:14860
- C:\Windows\System\eHoqwrA.exe
  C:\Windows\System\eHoqwrA.exe
  2⤵
  PID:14888
- C:\Windows\System\ZhieINL.exe
  C:\Windows\System\ZhieINL.exe
  2⤵
  PID:14916
- C:\Windows\System\yaJCqLQ.exe
  C:\Windows\System\yaJCqLQ.exe
  2⤵
  PID:14944
- C:\Windows\System\XnhvNsy.exe
  C:\Windows\System\XnhvNsy.exe
  2⤵
  PID:14988
- C:\Windows\System\KckHEJP.exe
  C:\Windows\System\KckHEJP.exe
  2⤵
  PID:15020
- C:\Windows\System\amNsaTV.exe
  C:\Windows\System\amNsaTV.exe
  2⤵
  PID:15068
- C:\Windows\System\EgLyLMF.exe
  C:\Windows\System\EgLyLMF.exe
  2⤵
  PID:15092
- C:\Windows\System\RyCxCkq.exe
  C:\Windows\System\RyCxCkq.exe
  2⤵
  PID:15124
- C:\Windows\System\SVzcHXf.exe
  C:\Windows\System\SVzcHXf.exe
  2⤵
  PID:15152
- C:\Windows\System\qiXNLka.exe
  C:\Windows\System\qiXNLka.exe
  2⤵
  PID:15180
- C:\Windows\System\ergwCWf.exe
  C:\Windows\System\ergwCWf.exe
  2⤵
  PID:15208
- C:\Windows\System\IFHVNal.exe
  C:\Windows\System\IFHVNal.exe
  2⤵
  PID:15236
- C:\Windows\System\gmQwXPz.exe
  C:\Windows\System\gmQwXPz.exe
  2⤵
  PID:15264
- C:\Windows\System\NUAtJZN.exe
  C:\Windows\System\NUAtJZN.exe
  2⤵
  PID:15292
- C:\Windows\System\IMhVIgY.exe
  C:\Windows\System\IMhVIgY.exe
  2⤵
  PID:15320
- C:\Windows\System\ukZznvC.exe
  C:\Windows\System\ukZznvC.exe
  2⤵
  PID:15348
- C:\Windows\System\JNHUaWB.exe
  C:\Windows\System\JNHUaWB.exe
  2⤵
  PID:7040
- C:\Windows\System\gIVfxep.exe
  C:\Windows\System\gIVfxep.exe
  2⤵
  PID:14408
- C:\Windows\System\uGgNTDE.exe
  C:\Windows\System\uGgNTDE.exe
  2⤵
  PID:7268
- C:\Windows\System\uqbRLHW.exe
  C:\Windows\System\uqbRLHW.exe
  2⤵
  PID:14508
- C:\Windows\System\BiEqqbA.exe
  C:\Windows\System\BiEqqbA.exe
  2⤵
  PID:7296
- C:\Windows\System\EFqlQzd.exe
  C:\Windows\System\EFqlQzd.exe
  2⤵
  PID:7352
- C:\Windows\System\udeauQS.exe
  C:\Windows\System\udeauQS.exe
  2⤵
  PID:7368
- C:\Windows\System\zCKjMcr.exe
  C:\Windows\System\zCKjMcr.exe
  2⤵
  PID:7408
- C:\Windows\System\NgiEkdn.exe
  C:\Windows\System\NgiEkdn.exe
  2⤵
  PID:7424
- C:\Windows\System\JNRpePt.exe
  C:\Windows\System\JNRpePt.exe
  2⤵
  PID:14788
- C:\Windows\System\RIRuBuo.exe
  C:\Windows\System\RIRuBuo.exe
  2⤵
  PID:14828
- C:\Windows\System\YoGtPFt.exe
  C:\Windows\System\YoGtPFt.exe
  2⤵
  PID:14872
- C:\Windows\System\SEHEHxm.exe
  C:\Windows\System\SEHEHxm.exe
  2⤵
  PID:14912
- C:\Windows\System\UcSVqVQ.exe
  C:\Windows\System\UcSVqVQ.exe
  2⤵
  PID:2108
- C:\Windows\System\XvXIcAS.exe
  C:\Windows\System\XvXIcAS.exe
  2⤵
  PID:10324
- C:\Windows\System\uLajBEf.exe
  C:\Windows\System\uLajBEf.exe
  2⤵
  PID:14964
- C:\Windows\System\VIVBnIG.exe
  C:\Windows\System\VIVBnIG.exe
  2⤵
  PID:4652
- C:\Windows\System\FdXHlZL.exe
  C:\Windows\System\FdXHlZL.exe
  2⤵
  PID:15056
- C:\Windows\System\MhBzJLe.exe
  C:\Windows\System\MhBzJLe.exe
  2⤵
  PID:7716
- C:\Windows\System\oWAvSrG.exe
  C:\Windows\System\oWAvSrG.exe
  2⤵
  PID:7732
- C:\Windows\System\KylHeQz.exe
  C:\Windows\System\KylHeQz.exe
  2⤵
  PID:15144
- C:\Windows\System\lMIwMVp.exe
  C:\Windows\System\lMIwMVp.exe
  2⤵
  PID:7760
- C:\Windows\System\krnohOi.exe
  C:\Windows\System\krnohOi.exe
  2⤵
  PID:7812
- C:\Windows\System\tchLbjT.exe
  C:\Windows\System\tchLbjT.exe
  2⤵
  PID:15260
- C:\Windows\System\IjhiKNG.exe
  C:\Windows\System\IjhiKNG.exe
  2⤵
  PID:7880
- C:\Windows\System\TRmiYCb.exe
  C:\Windows\System\TRmiYCb.exe
  2⤵
  PID:15340
- C:\Windows\System\EJdjaqW.exe
  C:\Windows\System\EJdjaqW.exe
  2⤵
  PID:14376
- C:\Windows\System\UmSWwts.exe
  C:\Windows\System\UmSWwts.exe
  2⤵
  PID:14436
- C:\Windows\System\AlfzMAA.exe
  C:\Windows\System\AlfzMAA.exe
  2⤵
  PID:14492
- C:\Windows\System\dYVprJn.exe
  C:\Windows\System\dYVprJn.exe
  2⤵
  PID:14564
- C:\Windows\System\ECcXjOL.exe
  C:\Windows\System\ECcXjOL.exe
  2⤵
  PID:8068
- C:\Windows\System\vJDneaD.exe
  C:\Windows\System\vJDneaD.exe
  2⤵
  PID:14660
- C:\Windows\System\mcaeDJn.exe
  C:\Windows\System\mcaeDJn.exe
  2⤵
  PID:8176
- C:\Windows\System\WXuhhVn.exe
  C:\Windows\System\WXuhhVn.exe
  2⤵
  PID:8180
- C:\Windows\System\iNKstfi.exe
  C:\Windows\System\iNKstfi.exe
  2⤵
  PID:14856
- C:\Windows\System\MOoeRji.exe
  C:\Windows\System\MOoeRji.exe
  2⤵
  PID:1828
- C:\Windows\System\krisEUr.exe
  C:\Windows\System\krisEUr.exe
  2⤵
  PID:3908
- C:\Windows\System\YYOcIBg.exe
  C:\Windows\System\YYOcIBg.exe
  2⤵
  PID:7620
- C:\Windows\System\gDVciqM.exe
  C:\Windows\System\gDVciqM.exe
  2⤵
  PID:15016
- C:\Windows\System\ZDfdWWo.exe
  C:\Windows\System\ZDfdWWo.exe
  2⤵
  PID:7400
- C:\Windows\System\ZeqDIaK.exe
  C:\Windows\System\ZeqDIaK.exe
  2⤵
  PID:15052
- C:\Windows\System\TFfyYcf.exe
  C:\Windows\System\TFfyYcf.exe
  2⤵
  PID:7568
- C:\Windows\System\gAbESeW.exe
  C:\Windows\System\gAbESeW.exe
  2⤵
  PID:7832
- C:\Windows\System\QYqbtJk.exe
  C:\Windows\System\QYqbtJk.exe
  2⤵
  PID:7764
- C:\Windows\System\uKwIgTM.exe
  C:\Windows\System\uKwIgTM.exe
  2⤵
  PID:9612
- C:\Windows\System\vARrgYn.exe
  C:\Windows\System\vARrgYn.exe
  2⤵
  PID:14488
- C:\Windows\System\VYpUukO.exe
  C:\Windows\System\VYpUukO.exe
  2⤵
  PID:8052
- C:\Windows\System\dDBlFtb.exe
  C:\Windows\System\dDBlFtb.exe
  2⤵
  PID:7144
- C:\Windows\System\zpVxSPu.exe
  C:\Windows\System\zpVxSPu.exe
  2⤵
  PID:6692
- C:\Windows\System\EVbmpcp.exe
  C:\Windows\System\EVbmpcp.exe
  2⤵
  PID:7000
- C:\Windows\System\kJviYVB.exe
  C:\Windows\System\kJviYVB.exe
  2⤵
  PID:7648
- C:\Windows\System\DlsSOhP.exe
  C:\Windows\System\DlsSOhP.exe
  2⤵
  PID:7600
- C:\Windows\System\XlDuyFA.exe
  C:\Windows\System\XlDuyFA.exe
  2⤵
  PID:7776
- C:\Windows\System\NLvArmx.exe
  C:\Windows\System\NLvArmx.exe
  2⤵
  PID:7860
- C:\Windows\System\gjiuDMG.exe
  C:\Windows\System\gjiuDMG.exe
  2⤵
  PID:14760
- C:\Windows\System\tVcuMxo.exe
  C:\Windows\System\tVcuMxo.exe
  2⤵
  PID:8000
- C:\Windows\System\FUVYPkf.exe
  C:\Windows\System\FUVYPkf.exe
  2⤵
  PID:8096
- C:\Windows\System\OoJQnlt.exe
  C:\Windows\System\OoJQnlt.exe
  2⤵
  PID:8280
- C:\Windows\System\VKcbiAw.exe
  C:\Windows\System\VKcbiAw.exe
  2⤵
  PID:7064
- C:\Windows\System\wEZDyTf.exe
  C:\Windows\System\wEZDyTf.exe
  2⤵
  PID:1888
- C:\Windows\System\AoJsxDp.exe
  C:\Windows\System\AoJsxDp.exe
  2⤵
  PID:8140
- C:\Windows\System\FQhcLjt.exe
  C:\Windows\System\FQhcLjt.exe
  2⤵
  PID:3636
- C:\Windows\System\oKaKPKW.exe
  C:\Windows\System\oKaKPKW.exe
  2⤵
  PID:2024
- C:\Windows\System\VUMStuM.exe
  C:\Windows\System\VUMStuM.exe
  2⤵
  PID:1800
- C:\Windows\System\IJZHirV.exe
  C:\Windows\System\IJZHirV.exe
  2⤵
  PID:2228
- C:\Windows\System\UQjRFgh.exe
  C:\Windows\System\UQjRFgh.exe
  2⤵
  PID:14364
- C:\Windows\System\KMoOgnv.exe
  C:\Windows\System\KMoOgnv.exe
  2⤵
  PID:8244
- C:\Windows\System\GqdMETK.exe
  C:\Windows\System\GqdMETK.exe
  2⤵
  PID:9976
- C:\Windows\System\jObWmNe.exe
  C:\Windows\System\jObWmNe.exe
  2⤵
  PID:2812
- C:\Windows\System\rCEkmtR.exe
  C:\Windows\System\rCEkmtR.exe
  2⤵
  PID:8516
- C:\Windows\System\zqgUjST.exe
  C:\Windows\System\zqgUjST.exe
  2⤵
  PID:8104
- C:\Windows\System\UOUnXZS.exe
  C:\Windows\System\UOUnXZS.exe
  2⤵
  PID:8596
- C:\Windows\System\dUYUJmA.exe
  C:\Windows\System\dUYUJmA.exe
  2⤵
  PID:4268
- C:\Windows\System\OGHSqhk.exe
  C:\Windows\System\OGHSqhk.exe
  2⤵
  PID:8636
- C:\Windows\System\UwIclGJ.exe
  C:\Windows\System\UwIclGJ.exe
  2⤵
  PID:2752
- C:\Windows\System\Yzzgtrf.exe
  C:\Windows\System\Yzzgtrf.exe
  2⤵
  PID:1744
- C:\Windows\System\lUfMhxQ.exe
  C:\Windows\System\lUfMhxQ.exe
  2⤵
  PID:2392
- C:\Windows\System\vDthAIP.exe
  C:\Windows\System\vDthAIP.exe
  2⤵
  PID:8756
- C:\Windows\System\stZnaBh.exe
  C:\Windows\System\stZnaBh.exe
  2⤵
  PID:7304
- C:\Windows\System\fCmCtoy.exe
  C:\Windows\System\fCmCtoy.exe
  2⤵
  PID:10272
- C:\Windows\System\gMcjYEZ.exe
  C:\Windows\System\gMcjYEZ.exe
  2⤵
  PID:8832
- C:\Windows\System\kHYNoju.exe
  C:\Windows\System\kHYNoju.exe
  2⤵
  PID:10340
- C:\Windows\System\ycFxkDx.exe
  C:\Windows\System\ycFxkDx.exe
  2⤵
  PID:3300
- C:\Windows\System\RiyEdyD.exe
  C:\Windows\System\RiyEdyD.exe
  2⤵
  PID:10440
- C:\Windows\System\qjuqVsf.exe
  C:\Windows\System\qjuqVsf.exe
  2⤵
  PID:8948
- C:\Windows\System\KnPbMrG.exe
  C:\Windows\System\KnPbMrG.exe
  2⤵
  PID:2020
- C:\Windows\System\MBztBXu.exe
  C:\Windows\System\MBztBXu.exe
  2⤵
  PID:14712
- C:\Windows\System\lDOxOOh.exe
  C:\Windows\System\lDOxOOh.exe
  2⤵
  PID:9020
- C:\Windows\System\HzNGjDi.exe
  C:\Windows\System\HzNGjDi.exe
  2⤵
  PID:10588
- C:\Windows\System\LXitsLE.exe
  C:\Windows\System\LXitsLE.exe
  2⤵
  PID:8460
- C:\Windows\System\NrdNtQU.exe
  C:\Windows\System\NrdNtQU.exe
  2⤵
  PID:9104
- C:\Windows\System\XdeoUuZ.exe
  C:\Windows\System\XdeoUuZ.exe
  2⤵
  PID:8980
- C:\Windows\System\whTGTrL.exe
  C:\Windows\System\whTGTrL.exe
  2⤵
  PID:10700
- C:\Windows\System\ZRolKIX.exe
  C:\Windows\System\ZRolKIX.exe
  2⤵
  PID:9204
- C:\Windows\System\oVoSAgp.exe
  C:\Windows\System\oVoSAgp.exe
  2⤵
  PID:8132
- C:\Windows\System\RtSRGJF.exe
  C:\Windows\System\RtSRGJF.exe
  2⤵
  PID:4532
- C:\Windows\System\SrxgutQ.exe
  C:\Windows\System\SrxgutQ.exe
  2⤵
  PID:7288
- C:\Windows\System\iIvZGJj.exe
  C:\Windows\System\iIvZGJj.exe
  2⤵
  PID:9188
- C:\Windows\System\TocPkJA.exe
  C:\Windows\System\TocPkJA.exe
  2⤵
  PID:10768
- C:\Windows\System\tQNDrqO.exe
  C:\Windows\System\tQNDrqO.exe
  2⤵
  PID:1568
- C:\Windows\System\ViSULmf.exe
  C:\Windows\System\ViSULmf.exe
  2⤵
  PID:10816
- C:\Windows\System\BgkNIrB.exe
  C:\Windows\System\BgkNIrB.exe
  2⤵
  PID:2148
- C:\Windows\System\MYQSOQA.exe
  C:\Windows\System\MYQSOQA.exe
  2⤵
  PID:4580
- C:\Windows\System\uvDrHoy.exe
  C:\Windows\System\uvDrHoy.exe
  2⤵
  PID:8392
- C:\Windows\System\RTGXOwG.exe
  C:\Windows\System\RTGXOwG.exe
  2⤵
  PID:10504
- C:\Windows\System\XCveYDQ.exe
  C:\Windows\System\XCveYDQ.exe
  2⤵
  PID:11060
- C:\Windows\System\VSChduI.exe
  C:\Windows\System\VSChduI.exe
  2⤵
  PID:8556
- C:\Windows\System\bCZSuIo.exe
  C:\Windows\System\bCZSuIo.exe
  2⤵
  PID:11152
- C:\Windows\System\ajrfQad.exe
  C:\Windows\System\ajrfQad.exe
  2⤵
  PID:10772
- C:\Windows\System\BdSEWNF.exe
  C:\Windows\System\BdSEWNF.exe
  2⤵
  PID:8464
- C:\Windows\System\yDaBBoi.exe
  C:\Windows\System\yDaBBoi.exe
  2⤵
  PID:8664
- C:\Windows\System\QhyMkgb.exe
  C:\Windows\System\QhyMkgb.exe
  2⤵
  PID:8492
- C:\Windows\System\ovQjRzv.exe
  C:\Windows\System\ovQjRzv.exe
  2⤵
  PID:8784
- C:\Windows\System\gRfmWxN.exe
  C:\Windows\System\gRfmWxN.exe
  2⤵
  PID:10624
- C:\Windows\System\puBAjuP.exe
  C:\Windows\System\puBAjuP.exe
  2⤵
  PID:10664
- C:\Windows\System\lbaJPqQ.exe
  C:\Windows\System\lbaJPqQ.exe
  2⤵
  PID:10804
- C:\Windows\System\WNdwZqr.exe
  C:\Windows\System\WNdwZqr.exe
  2⤵
  PID:10876
- C:\Windows\System\cVHiqow.exe
  C:\Windows\System\cVHiqow.exe
  2⤵
  PID:9028
- C:\Windows\System\vJDrzKo.exe
  C:\Windows\System\vJDrzKo.exe
  2⤵
  PID:11064
- C:\Windows\System\dNrKEpN.exe
  C:\Windows\System\dNrKEpN.exe
  2⤵
  PID:9088
- C:\Windows\System\MAbVNUC.exe
  C:\Windows\System\MAbVNUC.exe
  2⤵
  PID:7996
- C:\Windows\System\YafMGbs.exe
  C:\Windows\System\YafMGbs.exe
  2⤵
  PID:15376
- C:\Windows\System\IfxVbJE.exe
  C:\Windows\System\IfxVbJE.exe
  2⤵
  PID:15404
- C:\Windows\System\BrNxTqG.exe
  C:\Windows\System\BrNxTqG.exe
  2⤵
  PID:15436
- C:\Windows\System\hMFwKAg.exe
  C:\Windows\System\hMFwKAg.exe
  2⤵
  PID:15460
- C:\Windows\System\EVOUKMY.exe
  C:\Windows\System\EVOUKMY.exe
  2⤵
  PID:15488
- C:\Windows\System\BHWHumN.exe
  C:\Windows\System\BHWHumN.exe
  2⤵
  PID:15516
- C:\Windows\System\dCsncsb.exe
  C:\Windows\System\dCsncsb.exe
  2⤵
  PID:15544
- C:\Windows\System\GiphjHA.exe
  C:\Windows\System\GiphjHA.exe
  2⤵
  PID:15572
- C:\Windows\System\JHfnrTx.exe
  C:\Windows\System\JHfnrTx.exe
  2⤵
  PID:15600
- C:\Windows\System\PgQGImU.exe
  C:\Windows\System\PgQGImU.exe
  2⤵
  PID:15628
- C:\Windows\System\sZZjYNq.exe
  C:\Windows\System\sZZjYNq.exe
  2⤵
  PID:15656
- C:\Windows\System\ONouVvE.exe
  C:\Windows\System\ONouVvE.exe
  2⤵
  PID:15684
- C:\Windows\System\CJGcOur.exe
  C:\Windows\System\CJGcOur.exe
  2⤵
  PID:15712
- C:\Windows\System\OHJiEVK.exe
  C:\Windows\System\OHJiEVK.exe
  2⤵
  PID:15740
- C:\Windows\System\JDXigJP.exe
  C:\Windows\System\JDXigJP.exe
  2⤵
  PID:15768
- C:\Windows\System\VivJMFr.exe
  C:\Windows\System\VivJMFr.exe
  2⤵
  PID:15796
- C:\Windows\System\QzcuadD.exe
  C:\Windows\System\QzcuadD.exe
  2⤵
  PID:15824
- C:\Windows\System\OBFRTGw.exe
  C:\Windows\System\OBFRTGw.exe
  2⤵
  PID:15852
- C:\Windows\System\GErSavC.exe
  C:\Windows\System\GErSavC.exe
  2⤵
  PID:15880
- C:\Windows\System\SfpcGrV.exe
  C:\Windows\System\SfpcGrV.exe
  2⤵
  PID:15908
- C:\Windows\System\NYITrDV.exe
  C:\Windows\System\NYITrDV.exe
  2⤵
  PID:15936
- C:\Windows\System\PxRWSvB.exe
  C:\Windows\System\PxRWSvB.exe
  2⤵
  PID:15964
- C:\Windows\System\oKLjWrH.exe
  C:\Windows\System\oKLjWrH.exe
  2⤵
  PID:15996
- C:\Windows\System\PWOfSPb.exe
  C:\Windows\System\PWOfSPb.exe
  2⤵
  PID:16028
- C:\Windows\System\drrbPHR.exe
  C:\Windows\System\drrbPHR.exe
  2⤵
  PID:16060
- C:\Windows\System\HhGEZKj.exe
  C:\Windows\System\HhGEZKj.exe
  2⤵
  PID:16080
- C:\Windows\System\IJrpkms.exe
  C:\Windows\System\IJrpkms.exe
  2⤵
  PID:16108
- C:\Windows\System\cnZlzaM.exe
  C:\Windows\System\cnZlzaM.exe
  2⤵
  PID:16144
- C:\Windows\System\TgSJmBz.exe
  C:\Windows\System\TgSJmBz.exe
  2⤵
  PID:16164
- C:\Windows\System\pOdysJa.exe
  C:\Windows\System\pOdysJa.exe
  2⤵
  PID:16192
- C:\Windows\System\VzfZWMt.exe
  C:\Windows\System\VzfZWMt.exe
  2⤵
  PID:16220
- C:\Windows\System\evqdNZg.exe
  C:\Windows\System\evqdNZg.exe
  2⤵
  PID:16248
- C:\Windows\System\TcsBiCd.exe
  C:\Windows\System\TcsBiCd.exe
  2⤵
  PID:16276
- C:\Windows\System\RyOaBky.exe
  C:\Windows\System\RyOaBky.exe
  2⤵
  PID:16304
- C:\Windows\System\PkseVdm.exe
  C:\Windows\System\PkseVdm.exe
  2⤵
  PID:16332
- C:\Windows\System\jrnUKHW.exe
  C:\Windows\System\jrnUKHW.exe
  2⤵
  PID:16360
- C:\Windows\System\cPbGifZ.exe
  C:\Windows\System\cPbGifZ.exe
  2⤵
  PID:8304
- C:\Windows\System\qfrJlag.exe
  C:\Windows\System\qfrJlag.exe
  2⤵
  PID:8384
- C:\Windows\System\xVKRYqy.exe
  C:\Windows\System\xVKRYqy.exe
  2⤵
  PID:10448
- C:\Windows\System\PGtBKVU.exe
  C:\Windows\System\PGtBKVU.exe
  2⤵
  PID:15452
- C:\Windows\System\tdnKqfr.exe
  C:\Windows\System\tdnKqfr.exe
  2⤵
  PID:3560
- C:\Windows\System\LEPwYhM.exe
  C:\Windows\System\LEPwYhM.exe
  2⤵
  PID:1300
- C:\Windows\System\nMsYaOn.exe
  C:\Windows\System\nMsYaOn.exe
  2⤵
  PID:8772
- C:\Windows\System\zhNYOJE.exe
  C:\Windows\System\zhNYOJE.exe
  2⤵
  PID:15568
- C:\Windows\System\mJHFzbN.exe
  C:\Windows\System\mJHFzbN.exe
  2⤵
  PID:15596
- C:\Windows\System\xhGYbYQ.exe
  C:\Windows\System\xhGYbYQ.exe
  2⤵
  PID:9116
- C:\Windows\System\HxQCVGr.exe
  C:\Windows\System\HxQCVGr.exe
  2⤵
  PID:15668
- C:\Windows\System\kNzdyBl.exe
  C:\Windows\System\kNzdyBl.exe
  2⤵
  PID:6472
- C:\Windows\System\sVBLAjd.exe
  C:\Windows\System\sVBLAjd.exe
  2⤵
  PID:15728
- C:\Windows\System\BFLMFSB.exe
  C:\Windows\System\BFLMFSB.exe
  2⤵
  PID:15780
- C:\Windows\System\LLHlHUV.exe
  C:\Windows\System\LLHlHUV.exe
  2⤵
  PID:15808
- C:\Windows\System\ArxVWes.exe
  C:\Windows\System\ArxVWes.exe
  2⤵
  PID:4948
- C:\Windows\System\rCPfSBG.exe
  C:\Windows\System\rCPfSBG.exe
  2⤵
  PID:15876
- C:\Windows\System\mFqaPpS.exe
  C:\Windows\System\mFqaPpS.exe
  2⤵
  PID:2556
- C:\Windows\System\rYPgEPq.exe
  C:\Windows\System\rYPgEPq.exe
  2⤵
  PID:5488
- C:\Windows\System\EPLCqhi.exe
  C:\Windows\System\EPLCqhi.exe
  2⤵
  PID:9336
- C:\Windows\System\VPNLLXc.exe
  C:\Windows\System\VPNLLXc.exe
  2⤵
  PID:16020
- C:\Windows\System\HjgExfc.exe
  C:\Windows\System\HjgExfc.exe
  2⤵
  PID:11320
- C:\Windows\System\xTaEHkC.exe
  C:\Windows\System\xTaEHkC.exe
  2⤵
  PID:11340
- C:\Windows\System\LYJDnBq.exe
  C:\Windows\System\LYJDnBq.exe
  2⤵
  PID:9448
- C:\Windows\System\zUOfjCa.exe
  C:\Windows\System\zUOfjCa.exe
  2⤵
  PID:11408
- C:\Windows\System\WKvYqtH.exe
  C:\Windows\System\WKvYqtH.exe
  2⤵
  PID:11464
- C:\Windows\System\dZavNJI.exe
  C:\Windows\System\dZavNJI.exe
  2⤵
  PID:16204
- C:\Windows\System\WtihkHP.exe
  C:\Windows\System\WtihkHP.exe
  2⤵
  PID:16232
- C:\Windows\System\oiHgNHs.exe
  C:\Windows\System\oiHgNHs.exe
  2⤵
  PID:11552
- C:\Windows\System\ulWZala.exe
  C:\Windows\System\ulWZala.exe
  2⤵
  PID:16296
- C:\Windows\System\QhhDnNd.exe
  C:\Windows\System\QhhDnNd.exe
  2⤵
  PID:16344
- C:\Windows\System\YccZHzv.exe
  C:\Windows\System\YccZHzv.exe
  2⤵
  PID:9636
- C:\Windows\System\zsbXvQe.exe
  C:\Windows\System\zsbXvQe.exe
  2⤵
  PID:9664
- C:\Windows\System\MnYtETo.exe
  C:\Windows\System\MnYtETo.exe
  2⤵
  PID:9700
- C:\Windows\System\nGMCtZy.exe
  C:\Windows\System\nGMCtZy.exe
  2⤵
  PID:9720
- C:\Windows\System\oEtZWmJ.exe
  C:\Windows\System\oEtZWmJ.exe
  2⤵
  PID:8444
- C:\Windows\System\ZJCVCXS.exe
  C:\Windows\System\ZJCVCXS.exe
  2⤵
  PID:11812
- C:\Windows\System\DoRMAEw.exe
  C:\Windows\System\DoRMAEw.exe
  2⤵
  PID:11840
- C:\Windows\System\rrAuUUn.exe
  C:\Windows\System\rrAuUUn.exe
  2⤵
  PID:11868
- C:\Windows\System\fDxOoPb.exe
  C:\Windows\System\fDxOoPb.exe
  2⤵
  PID:10848
- C:\Windows\System\hcNvfWh.exe
  C:\Windows\System\hcNvfWh.exe
  2⤵
  PID:11916
- C:\Windows\System\CGwEwJM.exe
  C:\Windows\System\CGwEwJM.exe
  2⤵
  PID:11148
- C:\Windows\System\ednLbMD.exe
  C:\Windows\System\ednLbMD.exe
  2⤵
  PID:15696
- C:\Windows\System\sYmEAIW.exe
  C:\Windows\System\sYmEAIW.exe
  2⤵
  PID:12008
- C:\Windows\System\YCczuZz.exe
  C:\Windows\System\YCczuZz.exe
  2⤵
  PID:8836
- C:\Windows\System\BPxPOBm.exe
  C:\Windows\System\BPxPOBm.exe
  2⤵
  PID:15864
- C:\Windows\System\yhCFfrG.exe
  C:\Windows\System\yhCFfrG.exe
  2⤵
  PID:15928
- C:\Windows\System\UsztaJk.exe
  C:\Windows\System\UsztaJk.exe
  2⤵
  PID:9308
- C:\Windows\System\zGbEHUl.exe
  C:\Windows\System\zGbEHUl.exe
  2⤵
  PID:15992
- C:\Windows\System\DpQtryp.exe
  C:\Windows\System\DpQtryp.exe
  2⤵
  PID:10092
- C:\Windows\System\BwMqBEw.exe
  C:\Windows\System\BwMqBEw.exe
  2⤵
  PID:9412
- C:\Windows\System\dEGmldw.exe
  C:\Windows\System\dEGmldw.exe
  2⤵
  PID:11368
- C:\Windows\System\krJttbm.exe
  C:\Windows\System\krJttbm.exe
  2⤵
  PID:11436
- C:\Windows\System\krvFzwQ.exe
  C:\Windows\System\krvFzwQ.exe
  2⤵
  PID:9496
- C:\Windows\System\RHiSGrD.exe
  C:\Windows\System\RHiSGrD.exe
  2⤵
  PID:11028
- C:\Windows\System\fOXYddV.exe
  C:\Windows\System\fOXYddV.exe
  2⤵
  PID:4596
- C:\Windows\System\AOqsKOF.exe
  C:\Windows\System\AOqsKOF.exe
  2⤵
  PID:8576
- C:\Windows\System\UjarbQj.exe
  C:\Windows\System\UjarbQj.exe
  2⤵
  PID:16328
- C:\Windows\System\gsJTBUb.exe
  C:\Windows\System\gsJTBUb.exe
  2⤵
  PID:16380
- C:\Windows\System\cZrWFBl.exe
  C:\Windows\System\cZrWFBl.exe
  2⤵
  PID:11716
- C:\Windows\System\CYOoNqX.exe
  C:\Windows\System\CYOoNqX.exe
  2⤵
  PID:15428
- C:\Windows\System\ByIpKwB.exe
  C:\Windows\System\ByIpKwB.exe
  2⤵
  PID:11768
- C:\Windows\System\pVkDQNL.exe
  C:\Windows\System\pVkDQNL.exe
  2⤵
  PID:15484
- C:\Windows\System\aopvYEh.exe
  C:\Windows\System\aopvYEh.exe
  2⤵
  PID:9512
- C:\Windows\System\mWLuwIO.exe
  C:\Windows\System\mWLuwIO.exe
  2⤵
  PID:11576
- C:\Windows\System\SdBBdGc.exe
  C:\Windows\System\SdBBdGc.exe
  2⤵
  PID:11920
- C:\Windows\System\uDifoTe.exe
  C:\Windows\System\uDifoTe.exe
  2⤵
  PID:11952
- C:\Windows\System\Tfqkkcu.exe
  C:\Windows\System\Tfqkkcu.exe
  2⤵
  PID:11372
- C:\Windows\System\JdxeipB.exe
  C:\Windows\System\JdxeipB.exe
  2⤵
  PID:8276
- C:\Windows\System\DZGDFZQ.exe
  C:\Windows\System\DZGDFZQ.exe
  2⤵
  PID:9900
- C:\Windows\System\HYfxAro.exe
  C:\Windows\System\HYfxAro.exe
  2⤵
  PID:10028
- C:\Windows\System\uDbcVdm.exe
  C:\Windows\System\uDbcVdm.exe
  2⤵
  PID:12212
- C:\Windows\System\znmfvzP.exe
  C:\Windows\System\znmfvzP.exe
  2⤵
  PID:10072
- C:\Windows\System\tYrKLId.exe
  C:\Windows\System\tYrKLId.exe
  2⤵
  PID:16132
- C:\Windows\System\PHiQIze.exe
  C:\Windows\System\PHiQIze.exe
  2⤵
  PID:16160
- C:\Windows\System\MkApzSq.exe
  C:\Windows\System\MkApzSq.exe
  2⤵
  PID:11792
- C:\Windows\System\TYqnAwD.exe
  C:\Windows\System\TYqnAwD.exe
  2⤵
  PID:9276
- C:\Windows\System\hyMOvkQ.exe
  C:\Windows\System\hyMOvkQ.exe
  2⤵
  PID:9672
- C:\Windows\System\yrLgopH.exe
  C:\Windows\System\yrLgopH.exe
  2⤵
  PID:11744
- C:\Windows\System\XSqcxUS.exe
  C:\Windows\System\XSqcxUS.exe
  2⤵
  PID:9732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AWVnbfo.exe

Filesize
6.0MB

MD5
862abd81ebce2442b351ba983b54408f

SHA1
7e6a168396c2eb382b8a9ea95226db6736a001d7

SHA256
c20671aef92a0f5694d5f7b8e88435f723ce31c02c17d9f5944b02e8a15613eb

SHA512
d5f74f6bb1306def6f7240edbb2410e0eee7ecaa0a43b16e01753a50ba7a0d13cdf175475020dff7205d67f46b7079f82603c8676e4dac2d901976e06223d3d2

Download Submit
C:\Windows\System\AeNOuZK.exe

Filesize
6.0MB

MD5
895ffa90d6451ae82ce346fa1a6f8434

SHA1
2c284d1b4a35a1a18e0d9fba32b899e72ab088c9

SHA256
1488a4612c644f45a0184fa65ba64e42f89966718b870b6566f3d90e2e21e1e0

SHA512
96c49259027aed78382097da04916d5ae7bfc65e0cc11b466141e230731af2b512a751ab1b39fadb1adbb966694d038e4e76ae0d215cba49f463d1b002de4ffc

Download Submit
C:\Windows\System\BzSEdwB.exe

Filesize
6.0MB

MD5
48489c4f6be9575c3c8da4d1dedc13c4

SHA1
0739e887e4c23a707666af183db323926226d14c

SHA256
1281cc745765a6482018cc97aa179400787970403dd009194d05009ac46c9136

SHA512
8f132e7a1f9031e165f8b65530898ccf5e033212eb3a4b363043c1dd0544f82154c422d0dcad4acaefc6c6022d3b21ae35768982135fdcc7ab19c1e2840aadf7

Download Submit
C:\Windows\System\DWFCrtA.exe

Filesize
6.0MB

MD5
ddadb83c9ca3af398cc007b89fffca62

SHA1
1618f0fb19cd436da63e34d596a7afe97c1156e5

SHA256
f161208cdf031aae4d5aab1c6cbd9e55e9e31eb2c5ade1dfdacd0202a65a32bd

SHA512
eda8d3736f534162d550bd4eef056a72943f0214ed225f3f1c3e7a6924f75ca7580e33d2c03b0aec43031b7e0c35317fac7d3c11592a379836f64340a5736bdc

Download Submit
C:\Windows\System\HQxRBvq.exe

Filesize
6.0MB

MD5
ef840fcb0665c017d9f44f31de70d9e4

SHA1
ceb471f62fd6a7ca20e6321c30fffac0a67e0335

SHA256
f94326da7cf2506404d877d2441db9e16dbd77e548b3cf44e512ae79c573e501

SHA512
2e0d5a1dca84b20168cd17fc986462c1040fb97bc7a5a47bba68286f8c4838b0806c8cc8730b1eb70067398f9ca116337c93660d88e3f8ffb0ba16ad60a89b6b

Download Submit
C:\Windows\System\ImYMPsp.exe

Filesize
6.0MB

MD5
e20c0c7d394dde9a5e6ce2fff3e09094

SHA1
36095c252f9417aa02d6d27963daaebcd923b8f6

SHA256
48c258770ea72045e05a2184052c9e0006a8aeb169fb76036cddcffacbaa2d07

SHA512
682dace863091e8f8712a0ba24355043bae1c590d99dec4375fd2ca6d866b92097d45595561e03c7317eb5d45e88caddaf940a941be16604de375d754a672358

Download Submit
C:\Windows\System\KtPAhgM.exe

Filesize
6.0MB

MD5
22dfc41e063906287d713ff12faf04fe

SHA1
e1f84f5289208209977257dcc5a01531e7aedb36

SHA256
a3cb238672761153947033bfacb806f0bf6b54340330f462db42c871ec67789f

SHA512
c7178c7ba9fd12fafb995993678be871b7548d0f51a6089224785fb32ad37b9b07e63c68fddf21540b8e207b37eaf8991ef210dc08336ea50776c534e1c386f4

Download Submit
C:\Windows\System\MjPngwN.exe

Filesize
6.0MB

MD5
a9a2ba217969acdba813c20e8ef70e31

SHA1
9cc4a4fca851e2ca6fcf7f58fe0f985d044f332b

SHA256
f5d8fccc884b83082eb9185a1e532c056677ed1298cd38d5deca113a46fa4b87

SHA512
c8c1be3e0173f2adf3df0c64124eb38180b07e53e223a69b1d78ffc4f5e9f45eeac3a15d38770c6fd19fa9508e745a4a0cbc1e88d909e8788902ce9596b958cf

Download Submit
C:\Windows\System\NCHdivJ.exe

Filesize
6.0MB

MD5
4475698d4345e2d6d994d8224c1c43a2

SHA1
ef712cbb96fdd108e2494ff2340e89c627ea0ca2

SHA256
dba985eb6004b068332d0d4eeda348a0535b338ff51f05f6ae48073d1a71d716

SHA512
bcf0b0a542efc426cd8d13eab6887b88ab198b766c909abf794b287502f4c26429d6b802d7a324f0d494149ed6da98a4a1693122029b2051f04c8b848fd1eab5

Download Submit
C:\Windows\System\NQRRZgi.exe

Filesize
6.0MB

MD5
21f4ac574aa3e2fcf730ef4f4c1bda91

SHA1
b1da807a5d3dc1585b3f11c849fd820f72ce551f

SHA256
f74d91abde78b7de6519b5f34d63420c5febf09107e9db5f9a5b02d21dd10c98

SHA512
5e47291bcc5da72c8e22419271bb288c46fae13207248ded1b96f7359f0bcef841b08fe70f678fa6daf5b0405b071aacc325972b6a0ea989c0927d72b6adcead

Download Submit
C:\Windows\System\OhsPvyt.exe

Filesize
6.0MB

MD5
521d1741d8c324d4ce637d9ee647619e

SHA1
a786187535fd84964482e8c8445ffdff6bb746f9

SHA256
5c5c836d4c4f4816c2973076e5a1e1805c9e555ccd708f6b83cdcde5139d587e

SHA512
1146e1503a34e121a0d76448b4d24ce3e8ecd59c8230e1cff0c327d8b717c00eb5cdf799f8cd7108386f22c19495c1f1dd669497ddea9cae5e042487ef8697a9

Download Submit
C:\Windows\System\PbNeFVz.exe

Filesize
6.0MB

MD5
7ee5dd195479b396407e9330b5f7cafa

SHA1
ab514ed036253ea49811c12490a18138bf8d8a72

SHA256
0e89ca274deae525e335dbd37083c1f833d5000ec6b05a966662de9b6bbdb4b2

SHA512
e46b36c953367cefcb558b6388e900393da0557d350b11b9fc62adbe1b69bc08f9a0cb2336619492dbefad8a49c7e4d5937289cc83aadafc88132107edfd1886

Download Submit
C:\Windows\System\QmMeoaL.exe

Filesize
6.0MB

MD5
dfcdb1b35ba834421d381bb44da31c78

SHA1
14e881d677b972e5271bcb3b3eefb83cbad5fc3e

SHA256
d14258f7011911a46a5e746dd773f073fd3f6fce78671d7e4a280d9813a90107

SHA512
10871cec70487fc8e64dba04a8c3c752ca991142ec0a54dcf57cab82e6356804f1d6f1c8fe0d0952951f077a2851b85d321f3dcd48dad5f3200c88f9496b842c

Download Submit
C:\Windows\System\RfoRCEp.exe

Filesize
6.0MB

MD5
27018e452a298da26b5021f930d49fdb

SHA1
ad047462c73af64da09ac64789c2e49dcf9e3884

SHA256
7b39a71d761e7eb24a43c94c3f322d807d376fabf61cd924aba80ac4460b4bb6

SHA512
4cafa734372e250db16b6f6bff47016ed259887b87592e42672feb1aa1f11f401dc986d2ca9f4fc122fd5ed82a70afc10ec324b1e037e42c55ac72faf0cc7458

Download Submit
C:\Windows\System\bBRNHWW.exe

Filesize
6.0MB

MD5
8b11d3f5089cb79d53e530af8e4f5f3e

SHA1
753bafa25972bd0570a4b4627c6c173df5eb02b8

SHA256
954f9694af35fe2a6bff684a0498e0109e80a72764be2e9f4fcb9cfe9351877b

SHA512
496f288e1ab454f06c67ff1932814729aaa5a2b904dc6b746831add7f4ac0600255264fd477ff049d1f9535dfe4819f5d8d0bb68bf53de99739290c2b3d90b30

Download Submit
C:\Windows\System\bvhlwUD.exe

Filesize
6.0MB

MD5
526871d4ebef92d2d3a91540d1b8ceb5

SHA1
09e0a7caf83792d81743f2541d0ca87f1771fef7

SHA256
a1f54cb34de0d82456d2826067fe2ea678032275a610541ed4c650f2a232291a

SHA512
c843e65e2b1e5675caec0ef0628d83bd0a695f97197ac10b739e8b18b4e818372b8ed6553f552d5b19d2cd4b8513dc147cbfdeb768cbd260a34f13cbecfdcc7c

Download Submit
C:\Windows\System\dpPrjxm.exe

Filesize
6.0MB

MD5
4c514ae13f593b955c73d96cc95e941a

SHA1
9618747d14794c946ea50ab03dcaf9440177309f

SHA256
5d01d6fdd698d5cc38f9f85b93df307506643fa648ce1ab46767edac45d0d910

SHA512
596d2d474ae0e280c112d8a16ae36ff386976f927125855523431c8b82435c10d2081f9041ad78e1a75309c189b92cf327eb82839a6f69a651bc6857843836d4

Download Submit
C:\Windows\System\gMEyIzn.exe

Filesize
6.0MB

MD5
8485879d01346a5094adae74fe4074af

SHA1
2d3d73c3c29f630a0963c8cefd0eec2dd34b9695

SHA256
c39be7efbb017bc029739525355b75fb0accdac6bc5f6e7a580a2df572a9665c

SHA512
18af50cd657d43be2659d87af533882547977cfd9869e3daabed2cbd22f7df548b142d56cc0db6649dcf1ec1fccc81a1efb766046f27f48eb5510ee8648a0e2c

Download Submit
C:\Windows\System\hsmwKxT.exe

Filesize
6.0MB

MD5
813b65e6030a2c5f4c9107466d3c1a08

SHA1
0b8e1132658debe834444d2fea07bd80b1a1ce98

SHA256
a0347aa6567fed028dd7280dd1142a69a4033e03613ea0ef53bf1a7abe71d8f0

SHA512
49d2e4d938e26ba692ca805a9999cb6cc8bd83eb0994a5d5bdb7dac60098fc3d7bd1cadce648a22531b1f2df7794ea7cf4ed4d6d5fddf9f5072dff4eb2419c1e

Download Submit
C:\Windows\System\iaoubBU.exe

Filesize
6.0MB

MD5
f7da237e359861f627b620ea8988d436

SHA1
3e57e4d6b40f8ba7ed0e79a3e8b643be648fc86b

SHA256
507e3b2ba8a51b495c12aea46136f19e9dfa5034e0b64c7c7e026a216db80e3d

SHA512
f1c506d5726fb461d164052363c924a72a03fde57dbee7a6e218bcf12418d937356e681cecac9ab6c77f374ae62f6c4d1297f7e922b82e10967f008a89d00d75

Download Submit
C:\Windows\System\jwLgZfv.exe

Filesize
6.0MB

MD5
54db0498145cc0454d60508f468544ad

SHA1
8f230945d4daa66275959c811be2a7b9dd1556a8

SHA256
9f083311afe1649df98f880ea9e1ae87ee599378fa933ebebf88933ded304398

SHA512
24418da1fbeeda0e1ba401ff6e84658042c531dc6aeb3ce343861302a79edbcba44c3185eaa096e389c06fececab34d1d3f3e981f91d706f72fb2238ca33aea9

Download Submit
C:\Windows\System\nqlheog.exe

Filesize
6.0MB

MD5
aa8494924c8c4e06b591178b988e39f5

SHA1
4fe3c8ec6968ab35fb7a290b4e936969d27124b5

SHA256
223f2ecdbd077ae9f6f9c6534b740f28eeb3fddb968bdbab19f64ae750361a4a

SHA512
d9b6ac45eb595cb1c3be03ff83a7b4db5689a5526bc869e4fd02a30ddf37162402d6e367596e7ad35f3620f28fd00e4a7bedd1174ca1518d0246053344858c59

Download Submit
C:\Windows\System\oLxGQts.exe

Filesize
6.0MB

MD5
bcb91b8a4c3130c88edb3db8a723af81

SHA1
314fb9092ef652ec05047fd0b4e1863cb08a0b2b

SHA256
15285fd4edfef19a8730e7a44c8779b1139569313f8e6280f067a160420546ba

SHA512
cc32f0a4a6974cc1638b598e510a6a0d04f9c07e33fc0d625564ea44f08a10c99b27cd4810a43688f9a5563bc6172d3a0d5c2d6c04d53b459bb85d60cec81acc

Download Submit
C:\Windows\System\obVaZWa.exe

Filesize
6.0MB

MD5
7de13c5d09874786a54e9c6c8d5787b7

SHA1
8f9dc93cd1fdf169c9fe83a420d8042fadad1907

SHA256
633565baef4bc9d8eada173f7b35ed94150395de363f508a94ddd0a7e411cf3d

SHA512
612546693e6374d5c05486689cc710002a3e594a2559cdb04f2e0449c770d9e33fa0b8eb403669ac5acf45c12107a9431897a2bbc802731d6bd7940641a75a2d

Download Submit
C:\Windows\System\qwiQCWf.exe

Filesize
6.0MB

MD5
e5beab784abb4a5c473d3ff38ae74afa

SHA1
10df17bc53e61ec3da1e8b6616c8645d88cdf5f9

SHA256
88122184317d87169cd0109751e63a2fc9f259fa045d7a3f1707400cbcbb9108

SHA512
2b2accf87a4621a531863eb1d33ea2235eb5ce4d80840b9edac90fa7f520d0f26fa2ec21ac058f16251cba740338977bfe89a8a35556e3530ec90a251238eea5

Download Submit
C:\Windows\System\rFlxHeW.exe

Filesize
6.0MB

MD5
19e7478f42880f5e55b6be2f4c9cd5f2

SHA1
2ef366bc93298c06614313e4bc397f5139465d16

SHA256
fb1fcb7e60247af20cdfe53e58383772f61c32b836a96cbf942dff8c8dca7a4d

SHA512
08b724dcb21cac5106dca17587de8b924036a34491038cde6bd2cfb51d87642f630d94d5bffc88a3fc93b148cb65856856126ff82f95162598a38f92ccaa7e81

Download Submit
C:\Windows\System\sRgtlJr.exe

Filesize
6.0MB

MD5
97eebe5ec81330b523a56cabac3b859f

SHA1
d8e5efb3475e1398760cb20a60f32a84e77d0379

SHA256
fa34fcca5c432a9551c65a8522306a38517f70946b9c5a88ded170aeb8654da7

SHA512
da1fcd535e2bac802a1c2cbe62ff06ae5c394f1f9d432b2aa881dfb4ebec2a6dd96f235b3cd3b7c4538e26b524110af7ea205530b81f5da37d0e4d2743aa0763

Download Submit
C:\Windows\System\uApbHdn.exe

Filesize
6.0MB

MD5
3808f78762d0f8a369f60c49b811a2f4

SHA1
d3da9c9212ae6a192357d92a618f57813b62c8ab

SHA256
87c824d18e05f94af3dab53ac395c9c24150baaf4425a70200ca7d2cac50da1f

SHA512
b46c277ed617ec160a1903832e530725cfb7c5d3616c2d91b70b042501c9af35a20f84fbd0c139119825ed85d5b66964ae437030ae63fa6e71d9fde3171fc88c

Download Submit
C:\Windows\System\uxRnELy.exe

Filesize
6.0MB

MD5
23600b2d0c7fe4049bcbdeb2246f925f

SHA1
bc2e41c05e2dbd1579f88d9c1c02b19c4d66ba18

SHA256
c636466adc118e531cb6098b39e7f3e967e594a53439d9d24e4d0b3f150edb37

SHA512
41bd1a817b60c00feb8e385f304f2b80b07ac087718cfc1cb5047ad8509ea7b7e0adaa9110db56a141596d41b9cd9be0eba365c045c07aa01dd3b801a7c6f8ba

Download Submit
C:\Windows\System\whUfqbs.exe

Filesize
6.0MB

MD5
1dea00b31fbd0ca8a827ba22ce3c79bd

SHA1
89dbc05ee853cf9886883ca9db3e9ffcd556cb92

SHA256
8d385b3fd334b11be8f9f5956ed57973c458219b2af36e1b9a39745375b9a00b

SHA512
e27a72687e06e9c69c618b9cd892565f6fe0f3af1e61310fe589f3772f40c937d8ba292dbe5a3890ba3964a895af159bc619bef5e00ca147d39ef318f25bb7ca

Download Submit
C:\Windows\System\xTHnKDt.exe

Filesize
6.0MB

MD5
e4b1d4bec11694e1c4e01baa5eac2e8c

SHA1
626177e47c844597a678b33e3a25721a061f3d76

SHA256
a256903283eaeb2fda6941f2a4c9ed9190d39afd1a52a060213ef5225cd28ab6

SHA512
f0685cd9c5034bc69a6bfe5220c4b10f2260996edeee04abf9e05cd673a58faafe064c71d94a51c5a0af140c1e192cf4587f61169068a740ff73463a82949ddd

Download Submit
C:\Windows\System\yxbizNJ.exe

Filesize
6.0MB

MD5
1ec664cc5faaddd33b8ebd823dbf63bb

SHA1
b04c942f5b1dcdf46d52080a85609b69d44f62b5

SHA256
4f388dffda820868695622d713a7e5dc511e5180e358fa86a58bd064a35c9333

SHA512
18ce40375c843d3a6dedf778ba5c62a2e96fb1f672112f4f5c24b66158749e5cd3497a79ccdf4083f78cea5bd3279aaa4704704945b0913511ee7c6790e4f4fa

Download Submit
C:\Windows\System\zZrtgBD.exe

Filesize
6.0MB

MD5
e8dbab896fb38ac6604659a46e262eb3

SHA1
e286ede2d91bdbc616e6f58ace33babebacd0442

SHA256
fa81197b2a16809e663630306076dbc15fe5450726c06d36dcf64e812a63a96a

SHA512
8e8dd2da41c33b6126f85c4d900cfdc634f1816fa2737de32fd8bf86270f0c0994d9a6c9148d4be3dd14c471b138d720792aabaa2339c4c88a50678ab7c57c8a

Download Submit
memory/208-1784-0x00007FF6ED9E0000-0x00007FF6EDD34000-memory.dmp

Filesize
3.3MB

Download
memory/208-90-0x00007FF6ED9E0000-0x00007FF6EDD34000-memory.dmp

Filesize
3.3MB

Download
memory/208-159-0x00007FF6ED9E0000-0x00007FF6EDD34000-memory.dmp

Filesize
3.3MB

Download
memory/388-1834-0x00007FF6A66F0000-0x00007FF6A6A44000-memory.dmp

Filesize
3.3MB

Download
memory/388-1628-0x00007FF6A66F0000-0x00007FF6A6A44000-memory.dmp

Filesize
3.3MB

Download
memory/388-170-0x00007FF6A66F0000-0x00007FF6A6A44000-memory.dmp

Filesize
3.3MB

Download
memory/616-65-0x00007FF6EEEF0000-0x00007FF6EF244000-memory.dmp

Filesize
3.3MB

Download
memory/616-1773-0x00007FF6EEEF0000-0x00007FF6EF244000-memory.dmp

Filesize
3.3MB

Download
memory/628-43-0x00007FF699280000-0x00007FF6995D4000-memory.dmp

Filesize
3.3MB

Download
memory/628-125-0x00007FF699280000-0x00007FF6995D4000-memory.dmp

Filesize
3.3MB

Download
memory/628-1771-0x00007FF699280000-0x00007FF6995D4000-memory.dmp

Filesize
3.3MB

Download
memory/716-1432-0x00007FF795690000-0x00007FF7959E4000-memory.dmp

Filesize
3.3MB

Download
memory/716-1816-0x00007FF795690000-0x00007FF7959E4000-memory.dmp

Filesize
3.3MB

Download
memory/716-139-0x00007FF795690000-0x00007FF7959E4000-memory.dmp

Filesize
3.3MB

Download
memory/772-126-0x00007FF6027C0000-0x00007FF602B14000-memory.dmp

Filesize
3.3MB

Download
memory/772-1801-0x00007FF6027C0000-0x00007FF602B14000-memory.dmp

Filesize
3.3MB

Download
memory/772-194-0x00007FF6027C0000-0x00007FF602B14000-memory.dmp

Filesize
3.3MB

Download
memory/992-1760-0x00007FF6901E0000-0x00007FF690534000-memory.dmp

Filesize
3.3MB

Download
memory/992-12-0x00007FF6901E0000-0x00007FF690534000-memory.dmp

Filesize
3.3MB

Download
memory/992-110-0x00007FF6901E0000-0x00007FF690534000-memory.dmp

Filesize
3.3MB

Download
memory/1276-1774-0x00007FF6FCA30000-0x00007FF6FCD84000-memory.dmp

Filesize
3.3MB

Download
memory/1276-70-0x00007FF6FCA30000-0x00007FF6FCD84000-memory.dmp

Filesize
3.3MB

Download
memory/1476-1833-0x00007FF6F4FF0000-0x00007FF6F5344000-memory.dmp

Filesize
3.3MB

Download
memory/1476-161-0x00007FF6F4FF0000-0x00007FF6F5344000-memory.dmp

Filesize
3.3MB

Download
memory/1476-1586-0x00007FF6F4FF0000-0x00007FF6F5344000-memory.dmp

Filesize
3.3MB

Download
memory/1708-118-0x00007FF7A30D0000-0x00007FF7A3424000-memory.dmp

Filesize
3.3MB

Download
memory/1708-1802-0x00007FF7A30D0000-0x00007FF7A3424000-memory.dmp

Filesize
3.3MB

Download
memory/1708-190-0x00007FF7A30D0000-0x00007FF7A3424000-memory.dmp

Filesize
3.3MB

Download
memory/1940-182-0x00007FF7ADE30000-0x00007FF7AE184000-memory.dmp

Filesize
3.3MB

Download
memory/1940-112-0x00007FF7ADE30000-0x00007FF7AE184000-memory.dmp

Filesize
3.3MB

Download
memory/1940-1795-0x00007FF7ADE30000-0x00007FF7AE184000-memory.dmp

Filesize
3.3MB

Download
memory/2176-1535-0x00007FF785580000-0x00007FF7858D4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-153-0x00007FF785580000-0x00007FF7858D4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-1827-0x00007FF785580000-0x00007FF7858D4000-memory.dmp

Filesize
3.3MB

Download
memory/2180-1766-0x00007FF72E060000-0x00007FF72E3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2180-24-0x00007FF72E060000-0x00007FF72E3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2180-124-0x00007FF72E060000-0x00007FF72E3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-176-0x00007FF64D4B0000-0x00007FF64D804000-memory.dmp

Filesize
3.3MB

Download
memory/2200-1837-0x00007FF64D4B0000-0x00007FF64D804000-memory.dmp

Filesize
3.3MB

Download
memory/2200-1674-0x00007FF64D4B0000-0x00007FF64D804000-memory.dmp

Filesize
3.3MB

Download
memory/2524-145-0x00007FF65B4E0000-0x00007FF65B834000-memory.dmp

Filesize
3.3MB

Download
memory/2524-1783-0x00007FF65B4E0000-0x00007FF65B834000-memory.dmp

Filesize
3.3MB

Download
memory/2524-80-0x00007FF65B4E0000-0x00007FF65B834000-memory.dmp

Filesize
3.3MB

Download
memory/2776-18-0x00007FF73E720000-0x00007FF73EA74000-memory.dmp

Filesize
3.3MB

Download
memory/2776-1762-0x00007FF73E720000-0x00007FF73EA74000-memory.dmp

Filesize
3.3MB

Download
memory/2776-117-0x00007FF73E720000-0x00007FF73EA74000-memory.dmp

Filesize
3.3MB

Download
memory/3016-1-0x0000021D572E0000-0x0000021D572F0000-memory.dmp

Filesize
64KB

Download
memory/3016-0-0x00007FF7CB040000-0x00007FF7CB394000-memory.dmp

Filesize
3.3MB

Download
memory/3016-97-0x00007FF7CB040000-0x00007FF7CB394000-memory.dmp

Filesize
3.3MB

Download
memory/3036-1780-0x00007FF61B170000-0x00007FF61B4C4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-75-0x00007FF61B170000-0x00007FF61B4C4000-memory.dmp

Filesize
3.3MB

Download
memory/3496-1754-0x00007FF743C30000-0x00007FF743F84000-memory.dmp

Filesize
3.3MB

Download
memory/3496-6-0x00007FF743C30000-0x00007FF743F84000-memory.dmp

Filesize
3.3MB

Download
memory/3496-104-0x00007FF743C30000-0x00007FF743F84000-memory.dmp

Filesize
3.3MB

Download
memory/3772-1725-0x00007FF7AC0E0000-0x00007FF7AC434000-memory.dmp

Filesize
3.3MB

Download
memory/3772-185-0x00007FF7AC0E0000-0x00007FF7AC434000-memory.dmp

Filesize
3.3MB

Download
memory/3772-1836-0x00007FF7AC0E0000-0x00007FF7AC434000-memory.dmp

Filesize
3.3MB

Download
memory/3832-1772-0x00007FF60A690000-0x00007FF60A9E4000-memory.dmp

Filesize
3.3MB

Download
memory/3832-60-0x00007FF60A690000-0x00007FF60A9E4000-memory.dmp

Filesize
3.3MB

Download
memory/3864-87-0x00007FF747280000-0x00007FF7475D4000-memory.dmp

Filesize
3.3MB

Download
memory/3864-1786-0x00007FF747280000-0x00007FF7475D4000-memory.dmp

Filesize
3.3MB

Download
memory/3864-146-0x00007FF747280000-0x00007FF7475D4000-memory.dmp

Filesize
3.3MB

Download
memory/3944-132-0x00007FF6CAA90000-0x00007FF6CADE4000-memory.dmp

Filesize
3.3MB

Download
memory/3944-48-0x00007FF6CAA90000-0x00007FF6CADE4000-memory.dmp

Filesize
3.3MB

Download
memory/3944-1778-0x00007FF6CAA90000-0x00007FF6CADE4000-memory.dmp

Filesize
3.3MB

Download
memory/4112-1790-0x00007FF7BAFB0000-0x00007FF7BB304000-memory.dmp

Filesize
3.3MB

Download
memory/4112-167-0x00007FF7BAFB0000-0x00007FF7BB304000-memory.dmp

Filesize
3.3MB

Download
memory/4112-109-0x00007FF7BAFB0000-0x00007FF7BB304000-memory.dmp

Filesize
3.3MB

Download
memory/4224-133-0x00007FF6DD3B0000-0x00007FF6DD704000-memory.dmp

Filesize
3.3MB

Download
memory/4224-1374-0x00007FF6DD3B0000-0x00007FF6DD704000-memory.dmp

Filesize
3.3MB

Download
memory/4224-1809-0x00007FF6DD3B0000-0x00007FF6DD704000-memory.dmp

Filesize
3.3MB

Download
memory/4556-160-0x00007FF6D8000000-0x00007FF6D8354000-memory.dmp

Filesize
3.3MB

Download
memory/4556-1787-0x00007FF6D8000000-0x00007FF6D8354000-memory.dmp

Filesize
3.3MB

Download
memory/4556-100-0x00007FF6D8000000-0x00007FF6D8354000-memory.dmp

Filesize
3.3MB

Download
memory/4748-69-0x00007FF79BEE0000-0x00007FF79C234000-memory.dmp

Filesize
3.3MB

Download
memory/4748-1775-0x00007FF79BEE0000-0x00007FF79C234000-memory.dmp

Filesize
3.3MB

Download
memory/4956-77-0x00007FF65A7F0000-0x00007FF65AB44000-memory.dmp

Filesize
3.3MB

Download
memory/4956-1779-0x00007FF65A7F0000-0x00007FF65AB44000-memory.dmp

Filesize
3.3MB

Download
memory/5024-147-0x00007FF6B2DB0000-0x00007FF6B3104000-memory.dmp

Filesize
3.3MB

Download
memory/5024-1823-0x00007FF6B2DB0000-0x00007FF6B3104000-memory.dmp

Filesize
3.3MB

Download
memory/5024-1483-0x00007FF6B2DB0000-0x00007FF6B3104000-memory.dmp

Filesize
3.3MB

Download
memory/5084-191-0x00007FF61D9E0000-0x00007FF61DD34000-memory.dmp

Filesize
3.3MB

Download
memory/5084-1763-0x00007FF61D9E0000-0x00007FF61DD34000-memory.dmp

Filesize
3.3MB

Download
memory/5084-1835-0x00007FF61D9E0000-0x00007FF61DD34000-memory.dmp

Filesize
3.3MB

Download