cobaltstrike | 3bd7f7437d6bf110f56afd32eb21ed74ad6db4852c14bde31f50746316526558

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a409f1851bbda4b4c503fcb21d10c92a
SHA1

71eaf6fd3764a35cca0d5c1f4a02df6f76970057
SHA256

3bd7f7437d6bf110f56afd32eb21ed74ad6db4852c14bde31f50746316526558
SHA512

58a9936fc04ca11a84ff7187dd2b6b8069a3923c61b3198f38d25b002a982f211b2337b331e68d4263baf1a53c6cbb872eaf9b20747e5039a08dad6d8e7a9240
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUT:T+q56utgpPF8u/7T

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\System\RsBODqW.exe	cobalt_reflective_dll
C:\Windows\System\EBcZFWK.exe	cobalt_reflective_dll
C:\Windows\System\UUaEhrw.exe	cobalt_reflective_dll
C:\Windows\System\yKxTtLm.exe	cobalt_reflective_dll
C:\Windows\System\MxCTOcy.exe	cobalt_reflective_dll
C:\Windows\System\QfCBmUM.exe	cobalt_reflective_dll
C:\Windows\System\blCsALA.exe	cobalt_reflective_dll
C:\Windows\System\LnIdECV.exe	cobalt_reflective_dll
C:\Windows\System\PCkOrYy.exe	cobalt_reflective_dll
C:\Windows\System\CzRLBCS.exe	cobalt_reflective_dll
C:\Windows\System\XPyDiGo.exe	cobalt_reflective_dll
C:\Windows\System\IKqPlWF.exe	cobalt_reflective_dll
C:\Windows\System\XFVIwim.exe	cobalt_reflective_dll
C:\Windows\System\IUsRdBd.exe	cobalt_reflective_dll
C:\Windows\System\vcOWorj.exe	cobalt_reflective_dll
C:\Windows\System\mISjIZY.exe	cobalt_reflective_dll
C:\Windows\System\JXVXBdA.exe	cobalt_reflective_dll
C:\Windows\System\QydDwdp.exe	cobalt_reflective_dll
C:\Windows\System\HavSprT.exe	cobalt_reflective_dll
C:\Windows\System\SuPALsC.exe	cobalt_reflective_dll
C:\Windows\System\JXJkiEz.exe	cobalt_reflective_dll
C:\Windows\System\QOeYddU.exe	cobalt_reflective_dll
C:\Windows\System\uSMEqPj.exe	cobalt_reflective_dll
C:\Windows\System\CWAcEYh.exe	cobalt_reflective_dll
C:\Windows\System\arnWWfE.exe	cobalt_reflective_dll
C:\Windows\System\SqEoNSg.exe	cobalt_reflective_dll
C:\Windows\System\OMMWxPt.exe	cobalt_reflective_dll
C:\Windows\System\AWeRgpm.exe	cobalt_reflective_dll
C:\Windows\System\kNbivhB.exe	cobalt_reflective_dll
C:\Windows\System\muTeoaY.exe	cobalt_reflective_dll
C:\Windows\System\KgXaBdi.exe	cobalt_reflective_dll
C:\Windows\System\shCeIWr.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/3136-0-0x00007FF789BF0000-0x00007FF789F44000-memory.dmp	xmrig
C:\Windows\System\RsBODqW.exe	xmrig
behavioral2/memory/224-7-0x00007FF758140000-0x00007FF758494000-memory.dmp	xmrig
C:\Windows\System\EBcZFWK.exe	xmrig
C:\Windows\System\UUaEhrw.exe	xmrig
behavioral2/memory/3912-12-0x00007FF628D00000-0x00007FF629054000-memory.dmp	xmrig
behavioral2/memory/2980-17-0x00007FF799210000-0x00007FF799564000-memory.dmp	xmrig
C:\Windows\System\yKxTtLm.exe	xmrig
behavioral2/memory/432-26-0x00007FF7CE100000-0x00007FF7CE454000-memory.dmp	xmrig
C:\Windows\System\MxCTOcy.exe	xmrig
C:\Windows\System\QfCBmUM.exe	xmrig
behavioral2/memory/4352-34-0x00007FF646100000-0x00007FF646454000-memory.dmp	xmrig
C:\Windows\System\blCsALA.exe	xmrig
behavioral2/memory/4508-38-0x00007FF784020000-0x00007FF784374000-memory.dmp	xmrig
C:\Windows\System\LnIdECV.exe	xmrig
C:\Windows\System\PCkOrYy.exe	xmrig
behavioral2/memory/3136-55-0x00007FF789BF0000-0x00007FF789F44000-memory.dmp	xmrig
behavioral2/memory/4192-57-0x00007FF6B5960000-0x00007FF6B5CB4000-memory.dmp	xmrig
C:\Windows\System\CzRLBCS.exe	xmrig
behavioral2/memory/224-62-0x00007FF758140000-0x00007FF758494000-memory.dmp	xmrig
behavioral2/memory/2940-61-0x00007FF663D90000-0x00007FF6640E4000-memory.dmp	xmrig
behavioral2/memory/4292-58-0x00007FF7BB4F0000-0x00007FF7BB844000-memory.dmp	xmrig
behavioral2/memory/3236-42-0x00007FF60D3F0000-0x00007FF60D744000-memory.dmp	xmrig
C:\Windows\System\XPyDiGo.exe	xmrig
behavioral2/memory/3912-66-0x00007FF628D00000-0x00007FF629054000-memory.dmp	xmrig
behavioral2/memory/1964-72-0x00007FF67AEC0000-0x00007FF67B214000-memory.dmp	xmrig
C:\Windows\System\IKqPlWF.exe	xmrig
behavioral2/memory/2404-76-0x00007FF776A20000-0x00007FF776D74000-memory.dmp	xmrig
behavioral2/memory/2980-71-0x00007FF799210000-0x00007FF799564000-memory.dmp	xmrig
behavioral2/memory/432-81-0x00007FF7CE100000-0x00007FF7CE454000-memory.dmp	xmrig
C:\Windows\System\XFVIwim.exe	xmrig
behavioral2/memory/2692-84-0x00007FF77B230000-0x00007FF77B584000-memory.dmp	xmrig
C:\Windows\System\IUsRdBd.exe	xmrig
behavioral2/memory/3236-89-0x00007FF60D3F0000-0x00007FF60D744000-memory.dmp	xmrig
behavioral2/memory/1404-90-0x00007FF733F50000-0x00007FF7342A4000-memory.dmp	xmrig
C:\Windows\System\vcOWorj.exe	xmrig
behavioral2/memory/3012-100-0x00007FF7FBF00000-0x00007FF7FC254000-memory.dmp	xmrig
C:\Windows\System\mISjIZY.exe	xmrig
behavioral2/memory/2940-115-0x00007FF663D90000-0x00007FF6640E4000-memory.dmp	xmrig
behavioral2/memory/2236-116-0x00007FF63D1D0000-0x00007FF63D524000-memory.dmp	xmrig
behavioral2/memory/332-113-0x00007FF66CD70000-0x00007FF66D0C4000-memory.dmp	xmrig
behavioral2/memory/4292-109-0x00007FF7BB4F0000-0x00007FF7BB844000-memory.dmp	xmrig
C:\Windows\System\JXVXBdA.exe	xmrig
behavioral2/memory/1144-99-0x00007FF61D350000-0x00007FF61D6A4000-memory.dmp	xmrig
C:\Windows\System\QydDwdp.exe	xmrig
C:\Windows\System\HavSprT.exe	xmrig
behavioral2/memory/3976-123-0x00007FF6E5F20000-0x00007FF6E6274000-memory.dmp	xmrig
behavioral2/memory/2404-131-0x00007FF776A20000-0x00007FF776D74000-memory.dmp	xmrig
C:\Windows\System\SuPALsC.exe	xmrig
behavioral2/memory/3368-136-0x00007FF69E610000-0x00007FF69E964000-memory.dmp	xmrig
C:\Windows\System\JXJkiEz.exe	xmrig
behavioral2/memory/1724-142-0x00007FF647040000-0x00007FF647394000-memory.dmp	xmrig
behavioral2/memory/2692-141-0x00007FF77B230000-0x00007FF77B584000-memory.dmp	xmrig
behavioral2/memory/1808-137-0x00007FF6A64A0000-0x00007FF6A67F4000-memory.dmp	xmrig
C:\Windows\System\QOeYddU.exe	xmrig
behavioral2/memory/1404-145-0x00007FF733F50000-0x00007FF7342A4000-memory.dmp	xmrig
behavioral2/memory/1144-146-0x00007FF61D350000-0x00007FF61D6A4000-memory.dmp	xmrig
C:\Windows\System\uSMEqPj.exe	xmrig
C:\Windows\System\CWAcEYh.exe	xmrig
behavioral2/memory/848-160-0x00007FF718380000-0x00007FF7186D4000-memory.dmp	xmrig
C:\Windows\System\arnWWfE.exe	xmrig
C:\Windows\System\SqEoNSg.exe	xmrig
behavioral2/memory/116-176-0x00007FF6FA7A0000-0x00007FF6FAAF4000-memory.dmp	xmrig
behavioral2/memory/4412-167-0x00007FF7B1260000-0x00007FF7B15B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

RsBODqW.exeEBcZFWK.exeUUaEhrw.exeyKxTtLm.exeMxCTOcy.exeQfCBmUM.exeblCsALA.exeLnIdECV.exePCkOrYy.exeCzRLBCS.exeXPyDiGo.exeIKqPlWF.exeXFVIwim.exeIUsRdBd.exevcOWorj.exeQydDwdp.exeJXVXBdA.exemISjIZY.exeHavSprT.exeSuPALsC.exeQOeYddU.exeJXJkiEz.exeuSMEqPj.exeOMMWxPt.exeCWAcEYh.exearnWWfE.exeSqEoNSg.exeAWeRgpm.exekNbivhB.exemuTeoaY.exeKgXaBdi.exeshCeIWr.exeEcphpSH.exeJhEctyJ.exeaNQLbwM.exenjkZVAx.exevwCZdin.exeQknmbtq.exeIAFEluw.exegIalHVh.exesahjKBn.exeHzfAMMu.exeBKSkUKS.exeQGtnWNb.exepxiLiPI.exeWMOcRXB.exeoPnVboo.exefCqGBoK.exepgwfcUW.exezXivLvC.exedHbWuDC.exeNNPwsun.exeTeTkfqe.exejVrAnQa.exeopgOrcs.exeTxDyQzQ.exeXxHxVJS.exeGrBrfrM.exeLBrpMxn.exeQrftnQX.exenFwtcgV.exeSRZIZib.exeocQRMOU.exeLGsOnIV.exe

pid	process
224	RsBODqW.exe
3912	EBcZFWK.exe
2980	UUaEhrw.exe
432	yKxTtLm.exe
4352	MxCTOcy.exe
4508	QfCBmUM.exe
3236	blCsALA.exe
4192	LnIdECV.exe
2940	PCkOrYy.exe
4292	CzRLBCS.exe
1964	XPyDiGo.exe
2404	IKqPlWF.exe
2692	XFVIwim.exe
1404	IUsRdBd.exe
1144	vcOWorj.exe
3012	QydDwdp.exe
332	JXVXBdA.exe
2236	mISjIZY.exe
3976	HavSprT.exe
3368	SuPALsC.exe
1808	QOeYddU.exe
1724	JXJkiEz.exe
64	uSMEqPj.exe
848	OMMWxPt.exe
1688	CWAcEYh.exe
4412	arnWWfE.exe
116	SqEoNSg.exe
1020	AWeRgpm.exe
4440	kNbivhB.exe
2216	muTeoaY.exe
1548	KgXaBdi.exe
5080	shCeIWr.exe
4912	EcphpSH.exe
3192	JhEctyJ.exe
3728	aNQLbwM.exe
3060	njkZVAx.exe
516	vwCZdin.exe
1572	Qknmbtq.exe
2948	IAFEluw.exe
1292	gIalHVh.exe
4008	sahjKBn.exe
1644	HzfAMMu.exe
3372	BKSkUKS.exe
4492	QGtnWNb.exe
4140	pxiLiPI.exe
668	WMOcRXB.exe
2516	oPnVboo.exe
4600	fCqGBoK.exe
3968	pgwfcUW.exe
1540	zXivLvC.exe
2040	dHbWuDC.exe
316	NNPwsun.exe
2736	TeTkfqe.exe
4868	jVrAnQa.exe
3404	opgOrcs.exe
4932	TxDyQzQ.exe
4836	XxHxVJS.exe
1432	GrBrfrM.exe
1316	LBrpMxn.exe
400	QrftnQX.exe
772	nFwtcgV.exe
3172	SRZIZib.exe
4708	ocQRMOU.exe
3764	LGsOnIV.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3136-0-0x00007FF789BF0000-0x00007FF789F44000-memory.dmp	upx
C:\Windows\System\RsBODqW.exe	upx
behavioral2/memory/224-7-0x00007FF758140000-0x00007FF758494000-memory.dmp	upx
C:\Windows\System\EBcZFWK.exe	upx
C:\Windows\System\UUaEhrw.exe	upx
behavioral2/memory/3912-12-0x00007FF628D00000-0x00007FF629054000-memory.dmp	upx
behavioral2/memory/2980-17-0x00007FF799210000-0x00007FF799564000-memory.dmp	upx
C:\Windows\System\yKxTtLm.exe	upx
behavioral2/memory/432-26-0x00007FF7CE100000-0x00007FF7CE454000-memory.dmp	upx
C:\Windows\System\MxCTOcy.exe	upx
C:\Windows\System\QfCBmUM.exe	upx
behavioral2/memory/4352-34-0x00007FF646100000-0x00007FF646454000-memory.dmp	upx
C:\Windows\System\blCsALA.exe	upx
behavioral2/memory/4508-38-0x00007FF784020000-0x00007FF784374000-memory.dmp	upx
C:\Windows\System\LnIdECV.exe	upx
C:\Windows\System\PCkOrYy.exe	upx
behavioral2/memory/3136-55-0x00007FF789BF0000-0x00007FF789F44000-memory.dmp	upx
behavioral2/memory/4192-57-0x00007FF6B5960000-0x00007FF6B5CB4000-memory.dmp	upx
C:\Windows\System\CzRLBCS.exe	upx
behavioral2/memory/224-62-0x00007FF758140000-0x00007FF758494000-memory.dmp	upx
behavioral2/memory/2940-61-0x00007FF663D90000-0x00007FF6640E4000-memory.dmp	upx
behavioral2/memory/4292-58-0x00007FF7BB4F0000-0x00007FF7BB844000-memory.dmp	upx
behavioral2/memory/3236-42-0x00007FF60D3F0000-0x00007FF60D744000-memory.dmp	upx
C:\Windows\System\XPyDiGo.exe	upx
behavioral2/memory/3912-66-0x00007FF628D00000-0x00007FF629054000-memory.dmp	upx
behavioral2/memory/1964-72-0x00007FF67AEC0000-0x00007FF67B214000-memory.dmp	upx
C:\Windows\System\IKqPlWF.exe	upx
behavioral2/memory/2404-76-0x00007FF776A20000-0x00007FF776D74000-memory.dmp	upx
behavioral2/memory/2980-71-0x00007FF799210000-0x00007FF799564000-memory.dmp	upx
behavioral2/memory/432-81-0x00007FF7CE100000-0x00007FF7CE454000-memory.dmp	upx
C:\Windows\System\XFVIwim.exe	upx
behavioral2/memory/2692-84-0x00007FF77B230000-0x00007FF77B584000-memory.dmp	upx
C:\Windows\System\IUsRdBd.exe	upx
behavioral2/memory/3236-89-0x00007FF60D3F0000-0x00007FF60D744000-memory.dmp	upx
behavioral2/memory/1404-90-0x00007FF733F50000-0x00007FF7342A4000-memory.dmp	upx
C:\Windows\System\vcOWorj.exe	upx
behavioral2/memory/3012-100-0x00007FF7FBF00000-0x00007FF7FC254000-memory.dmp	upx
C:\Windows\System\mISjIZY.exe	upx
behavioral2/memory/2940-115-0x00007FF663D90000-0x00007FF6640E4000-memory.dmp	upx
behavioral2/memory/2236-116-0x00007FF63D1D0000-0x00007FF63D524000-memory.dmp	upx
behavioral2/memory/332-113-0x00007FF66CD70000-0x00007FF66D0C4000-memory.dmp	upx
behavioral2/memory/4292-109-0x00007FF7BB4F0000-0x00007FF7BB844000-memory.dmp	upx
C:\Windows\System\JXVXBdA.exe	upx
behavioral2/memory/1144-99-0x00007FF61D350000-0x00007FF61D6A4000-memory.dmp	upx
C:\Windows\System\QydDwdp.exe	upx
C:\Windows\System\HavSprT.exe	upx
behavioral2/memory/3976-123-0x00007FF6E5F20000-0x00007FF6E6274000-memory.dmp	upx
behavioral2/memory/2404-131-0x00007FF776A20000-0x00007FF776D74000-memory.dmp	upx
C:\Windows\System\SuPALsC.exe	upx
behavioral2/memory/3368-136-0x00007FF69E610000-0x00007FF69E964000-memory.dmp	upx
C:\Windows\System\JXJkiEz.exe	upx
behavioral2/memory/1724-142-0x00007FF647040000-0x00007FF647394000-memory.dmp	upx
behavioral2/memory/2692-141-0x00007FF77B230000-0x00007FF77B584000-memory.dmp	upx
behavioral2/memory/1808-137-0x00007FF6A64A0000-0x00007FF6A67F4000-memory.dmp	upx
C:\Windows\System\QOeYddU.exe	upx
behavioral2/memory/1404-145-0x00007FF733F50000-0x00007FF7342A4000-memory.dmp	upx
behavioral2/memory/1144-146-0x00007FF61D350000-0x00007FF61D6A4000-memory.dmp	upx
C:\Windows\System\uSMEqPj.exe	upx
C:\Windows\System\CWAcEYh.exe	upx
behavioral2/memory/848-160-0x00007FF718380000-0x00007FF7186D4000-memory.dmp	upx
C:\Windows\System\arnWWfE.exe	upx
C:\Windows\System\SqEoNSg.exe	upx
behavioral2/memory/116-176-0x00007FF6FA7A0000-0x00007FF6FAAF4000-memory.dmp	upx
behavioral2/memory/4412-167-0x00007FF7B1260000-0x00007FF7B15B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\XJBMEtT.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eVaFGvR.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CCZBSIM.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mmGBEEC.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cuxtHOb.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\focUMFP.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHUukHB.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DUOYEqp.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SRobZjM.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\igWLuBf.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wNBotMo.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nqgCfNO.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWKazab.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hsEKwtw.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AWnNFJD.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OXxCZtS.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngbaMho.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EgDlPix.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QPgUreY.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\itVmrIJ.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdvxEml.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oKyvMef.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Sjgffgu.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbMvwcj.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\stUgzyV.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBubrmu.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jGZUcZF.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AdrPYed.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uZMPheW.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OLkjMhZ.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ytMgnoQ.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KwKrsDy.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PXSAMYf.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DIDwXxO.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLtXden.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZQdPbIw.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hvorzZD.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cFyBlyq.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qBqDvnd.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEzLsmX.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zmxFsfo.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBivzFs.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TUkfnPN.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wWRkZDO.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zAHDMBD.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hdmkQEA.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GEsFIGV.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\djeTlFP.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VFNxTyk.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ohyJCJR.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DZJEhuu.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZYPWvrS.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ebhzqLS.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wmLIXOu.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jyedofp.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kNbivhB.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tdErxaD.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KIXFsld.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VvgWENU.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hnzUOBv.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KVDZqZs.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hfGCQJX.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AdThoUC.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LjENiLK.exe	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 3136 wrote to memory of 224	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	RsBODqW.exe
PID 3136 wrote to memory of 224	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	RsBODqW.exe
PID 3136 wrote to memory of 3912	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	EBcZFWK.exe
PID 3136 wrote to memory of 3912	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	EBcZFWK.exe
PID 3136 wrote to memory of 2980	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	UUaEhrw.exe
PID 3136 wrote to memory of 2980	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	UUaEhrw.exe
PID 3136 wrote to memory of 432	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	yKxTtLm.exe
PID 3136 wrote to memory of 432	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	yKxTtLm.exe
PID 3136 wrote to memory of 4352	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	MxCTOcy.exe
PID 3136 wrote to memory of 4352	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	MxCTOcy.exe
PID 3136 wrote to memory of 4508	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	QfCBmUM.exe
PID 3136 wrote to memory of 4508	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	QfCBmUM.exe
PID 3136 wrote to memory of 3236	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	blCsALA.exe
PID 3136 wrote to memory of 3236	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	blCsALA.exe
PID 3136 wrote to memory of 4192	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	LnIdECV.exe
PID 3136 wrote to memory of 4192	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	LnIdECV.exe
PID 3136 wrote to memory of 2940	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	PCkOrYy.exe
PID 3136 wrote to memory of 2940	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	PCkOrYy.exe
PID 3136 wrote to memory of 4292	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	CzRLBCS.exe
PID 3136 wrote to memory of 4292	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	CzRLBCS.exe
PID 3136 wrote to memory of 1964	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	XPyDiGo.exe
PID 3136 wrote to memory of 1964	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	XPyDiGo.exe
PID 3136 wrote to memory of 2404	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	IKqPlWF.exe
PID 3136 wrote to memory of 2404	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	IKqPlWF.exe
PID 3136 wrote to memory of 2692	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	XFVIwim.exe
PID 3136 wrote to memory of 2692	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	XFVIwim.exe
PID 3136 wrote to memory of 1404	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	IUsRdBd.exe
PID 3136 wrote to memory of 1404	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	IUsRdBd.exe
PID 3136 wrote to memory of 1144	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	vcOWorj.exe
PID 3136 wrote to memory of 1144	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	vcOWorj.exe
PID 3136 wrote to memory of 3012	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	QydDwdp.exe
PID 3136 wrote to memory of 3012	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	QydDwdp.exe
PID 3136 wrote to memory of 332	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	JXVXBdA.exe
PID 3136 wrote to memory of 332	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	JXVXBdA.exe
PID 3136 wrote to memory of 2236	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	mISjIZY.exe
PID 3136 wrote to memory of 2236	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	mISjIZY.exe
PID 3136 wrote to memory of 3976	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	HavSprT.exe
PID 3136 wrote to memory of 3976	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	HavSprT.exe
PID 3136 wrote to memory of 3368	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	SuPALsC.exe
PID 3136 wrote to memory of 3368	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	SuPALsC.exe
PID 3136 wrote to memory of 1808	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	QOeYddU.exe
PID 3136 wrote to memory of 1808	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	QOeYddU.exe
PID 3136 wrote to memory of 1724	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	JXJkiEz.exe
PID 3136 wrote to memory of 1724	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	JXJkiEz.exe
PID 3136 wrote to memory of 64	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	uSMEqPj.exe
PID 3136 wrote to memory of 64	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	uSMEqPj.exe
PID 3136 wrote to memory of 848	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	OMMWxPt.exe
PID 3136 wrote to memory of 848	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	OMMWxPt.exe
PID 3136 wrote to memory of 1688	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	CWAcEYh.exe
PID 3136 wrote to memory of 1688	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	CWAcEYh.exe
PID 3136 wrote to memory of 4412	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	arnWWfE.exe
PID 3136 wrote to memory of 4412	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	arnWWfE.exe
PID 3136 wrote to memory of 116	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	SqEoNSg.exe
PID 3136 wrote to memory of 116	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	SqEoNSg.exe
PID 3136 wrote to memory of 1020	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	AWeRgpm.exe
PID 3136 wrote to memory of 1020	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	AWeRgpm.exe
PID 3136 wrote to memory of 4440	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	kNbivhB.exe
PID 3136 wrote to memory of 4440	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	kNbivhB.exe
PID 3136 wrote to memory of 2216	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	muTeoaY.exe
PID 3136 wrote to memory of 2216	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	muTeoaY.exe
PID 3136 wrote to memory of 1548	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	KgXaBdi.exe
PID 3136 wrote to memory of 1548	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	KgXaBdi.exe
PID 3136 wrote to memory of 5080	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	shCeIWr.exe
PID 3136 wrote to memory of 5080	3136	2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe	shCeIWr.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_a409f1851bbda4b4c503fcb21d10c92a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3136
- C:\Windows\System\RsBODqW.exe
  C:\Windows\System\RsBODqW.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\EBcZFWK.exe
  C:\Windows\System\EBcZFWK.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\UUaEhrw.exe
  C:\Windows\System\UUaEhrw.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\yKxTtLm.exe
  C:\Windows\System\yKxTtLm.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\MxCTOcy.exe
  C:\Windows\System\MxCTOcy.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\QfCBmUM.exe
  C:\Windows\System\QfCBmUM.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\blCsALA.exe
  C:\Windows\System\blCsALA.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\LnIdECV.exe
  C:\Windows\System\LnIdECV.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\PCkOrYy.exe
  C:\Windows\System\PCkOrYy.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\CzRLBCS.exe
  C:\Windows\System\CzRLBCS.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\XPyDiGo.exe
  C:\Windows\System\XPyDiGo.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\IKqPlWF.exe
  C:\Windows\System\IKqPlWF.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\XFVIwim.exe
  C:\Windows\System\XFVIwim.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\IUsRdBd.exe
  C:\Windows\System\IUsRdBd.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\vcOWorj.exe
  C:\Windows\System\vcOWorj.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\QydDwdp.exe
  C:\Windows\System\QydDwdp.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\JXVXBdA.exe
  C:\Windows\System\JXVXBdA.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\mISjIZY.exe
  C:\Windows\System\mISjIZY.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\HavSprT.exe
  C:\Windows\System\HavSprT.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\SuPALsC.exe
  C:\Windows\System\SuPALsC.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\QOeYddU.exe
  C:\Windows\System\QOeYddU.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\JXJkiEz.exe
  C:\Windows\System\JXJkiEz.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\uSMEqPj.exe
  C:\Windows\System\uSMEqPj.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\OMMWxPt.exe
  C:\Windows\System\OMMWxPt.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\CWAcEYh.exe
  C:\Windows\System\CWAcEYh.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\arnWWfE.exe
  C:\Windows\System\arnWWfE.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\SqEoNSg.exe
  C:\Windows\System\SqEoNSg.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\AWeRgpm.exe
  C:\Windows\System\AWeRgpm.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\kNbivhB.exe
  C:\Windows\System\kNbivhB.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\muTeoaY.exe
  C:\Windows\System\muTeoaY.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\KgXaBdi.exe
  C:\Windows\System\KgXaBdi.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\shCeIWr.exe
  C:\Windows\System\shCeIWr.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\EcphpSH.exe
  C:\Windows\System\EcphpSH.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\JhEctyJ.exe
  C:\Windows\System\JhEctyJ.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\aNQLbwM.exe
  C:\Windows\System\aNQLbwM.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\njkZVAx.exe
  C:\Windows\System\njkZVAx.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\vwCZdin.exe
  C:\Windows\System\vwCZdin.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\Qknmbtq.exe
  C:\Windows\System\Qknmbtq.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\IAFEluw.exe
  C:\Windows\System\IAFEluw.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\gIalHVh.exe
  C:\Windows\System\gIalHVh.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\sahjKBn.exe
  C:\Windows\System\sahjKBn.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\HzfAMMu.exe
  C:\Windows\System\HzfAMMu.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\BKSkUKS.exe
  C:\Windows\System\BKSkUKS.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\QGtnWNb.exe
  C:\Windows\System\QGtnWNb.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\pxiLiPI.exe
  C:\Windows\System\pxiLiPI.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\WMOcRXB.exe
  C:\Windows\System\WMOcRXB.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\oPnVboo.exe
  C:\Windows\System\oPnVboo.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\fCqGBoK.exe
  C:\Windows\System\fCqGBoK.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\pgwfcUW.exe
  C:\Windows\System\pgwfcUW.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\zXivLvC.exe
  C:\Windows\System\zXivLvC.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\dHbWuDC.exe
  C:\Windows\System\dHbWuDC.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\NNPwsun.exe
  C:\Windows\System\NNPwsun.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\TeTkfqe.exe
  C:\Windows\System\TeTkfqe.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\jVrAnQa.exe
  C:\Windows\System\jVrAnQa.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\opgOrcs.exe
  C:\Windows\System\opgOrcs.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\TxDyQzQ.exe
  C:\Windows\System\TxDyQzQ.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\XxHxVJS.exe
  C:\Windows\System\XxHxVJS.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\GrBrfrM.exe
  C:\Windows\System\GrBrfrM.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\LBrpMxn.exe
  C:\Windows\System\LBrpMxn.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\QrftnQX.exe
  C:\Windows\System\QrftnQX.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\nFwtcgV.exe
  C:\Windows\System\nFwtcgV.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\SRZIZib.exe
  C:\Windows\System\SRZIZib.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\ocQRMOU.exe
  C:\Windows\System\ocQRMOU.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\LGsOnIV.exe
  C:\Windows\System\LGsOnIV.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\BLhqtbr.exe
  C:\Windows\System\BLhqtbr.exe
  2⤵
  PID:1880
- C:\Windows\System\zFmdgTf.exe
  C:\Windows\System\zFmdgTf.exe
  2⤵
  PID:548
- C:\Windows\System\NyBnIet.exe
  C:\Windows\System\NyBnIet.exe
  2⤵
  PID:5112
- C:\Windows\System\zHgpftM.exe
  C:\Windows\System\zHgpftM.exe
  2⤵
  PID:844
- C:\Windows\System\SFMLTLs.exe
  C:\Windows\System\SFMLTLs.exe
  2⤵
  PID:4196
- C:\Windows\System\YwifRyn.exe
  C:\Windows\System\YwifRyn.exe
  2⤵
  PID:632
- C:\Windows\System\OyzTmcy.exe
  C:\Windows\System\OyzTmcy.exe
  2⤵
  PID:2772
- C:\Windows\System\UjmJIau.exe
  C:\Windows\System\UjmJIau.exe
  2⤵
  PID:464
- C:\Windows\System\AUDBuTg.exe
  C:\Windows\System\AUDBuTg.exe
  2⤵
  PID:3332
- C:\Windows\System\qpaHEbs.exe
  C:\Windows\System\qpaHEbs.exe
  2⤵
  PID:4592
- C:\Windows\System\PccAYTl.exe
  C:\Windows\System\PccAYTl.exe
  2⤵
  PID:716
- C:\Windows\System\fgDPnDb.exe
  C:\Windows\System\fgDPnDb.exe
  2⤵
  PID:2116
- C:\Windows\System\wWGAApU.exe
  C:\Windows\System\wWGAApU.exe
  2⤵
  PID:4988
- C:\Windows\System\wEiZXHz.exe
  C:\Windows\System\wEiZXHz.exe
  2⤵
  PID:800
- C:\Windows\System\FHoqxnL.exe
  C:\Windows\System\FHoqxnL.exe
  2⤵
  PID:1876
- C:\Windows\System\UPInmRa.exe
  C:\Windows\System\UPInmRa.exe
  2⤵
  PID:2452
- C:\Windows\System\JDHJinW.exe
  C:\Windows\System\JDHJinW.exe
  2⤵
  PID:4220
- C:\Windows\System\ntIqrcs.exe
  C:\Windows\System\ntIqrcs.exe
  2⤵
  PID:5024
- C:\Windows\System\TDkaOGV.exe
  C:\Windows\System\TDkaOGV.exe
  2⤵
  PID:4936
- C:\Windows\System\tSiOdtf.exe
  C:\Windows\System\tSiOdtf.exe
  2⤵
  PID:4028
- C:\Windows\System\PSAWOhY.exe
  C:\Windows\System\PSAWOhY.exe
  2⤵
  PID:2504
- C:\Windows\System\xZfXnuf.exe
  C:\Windows\System\xZfXnuf.exe
  2⤵
  PID:3328
- C:\Windows\System\ucVVHaS.exe
  C:\Windows\System\ucVVHaS.exe
  2⤵
  PID:2800
- C:\Windows\System\ROOIuhd.exe
  C:\Windows\System\ROOIuhd.exe
  2⤵
  PID:5128
- C:\Windows\System\huxaeRN.exe
  C:\Windows\System\huxaeRN.exe
  2⤵
  PID:5160
- C:\Windows\System\FHqByaC.exe
  C:\Windows\System\FHqByaC.exe
  2⤵
  PID:5184
- C:\Windows\System\OhXAYxR.exe
  C:\Windows\System\OhXAYxR.exe
  2⤵
  PID:5204
- C:\Windows\System\cGeTkgV.exe
  C:\Windows\System\cGeTkgV.exe
  2⤵
  PID:5244
- C:\Windows\System\ossozuC.exe
  C:\Windows\System\ossozuC.exe
  2⤵
  PID:5260
- C:\Windows\System\sLQSOug.exe
  C:\Windows\System\sLQSOug.exe
  2⤵
  PID:5288
- C:\Windows\System\trrcAvG.exe
  C:\Windows\System\trrcAvG.exe
  2⤵
  PID:5320
- C:\Windows\System\JapbiyN.exe
  C:\Windows\System\JapbiyN.exe
  2⤵
  PID:5344
- C:\Windows\System\dGeLenn.exe
  C:\Windows\System\dGeLenn.exe
  2⤵
  PID:5376
- C:\Windows\System\DOYjgMP.exe
  C:\Windows\System\DOYjgMP.exe
  2⤵
  PID:5412
- C:\Windows\System\ZwdJYFt.exe
  C:\Windows\System\ZwdJYFt.exe
  2⤵
  PID:5452
- C:\Windows\System\iYsVxav.exe
  C:\Windows\System\iYsVxav.exe
  2⤵
  PID:5500
- C:\Windows\System\WZxhvMT.exe
  C:\Windows\System\WZxhvMT.exe
  2⤵
  PID:5516
- C:\Windows\System\CsJhYfA.exe
  C:\Windows\System\CsJhYfA.exe
  2⤵
  PID:5544
- C:\Windows\System\eLqCXpK.exe
  C:\Windows\System\eLqCXpK.exe
  2⤵
  PID:5560
- C:\Windows\System\wJPYXrz.exe
  C:\Windows\System\wJPYXrz.exe
  2⤵
  PID:5584
- C:\Windows\System\teriJBp.exe
  C:\Windows\System\teriJBp.exe
  2⤵
  PID:5636
- C:\Windows\System\IzqpJnK.exe
  C:\Windows\System\IzqpJnK.exe
  2⤵
  PID:5668
- C:\Windows\System\KddpHna.exe
  C:\Windows\System\KddpHna.exe
  2⤵
  PID:5688
- C:\Windows\System\SNqikEa.exe
  C:\Windows\System\SNqikEa.exe
  2⤵
  PID:5716
- C:\Windows\System\NjByhEi.exe
  C:\Windows\System\NjByhEi.exe
  2⤵
  PID:5760
- C:\Windows\System\SooBMHI.exe
  C:\Windows\System\SooBMHI.exe
  2⤵
  PID:5780
- C:\Windows\System\UsTTGAL.exe
  C:\Windows\System\UsTTGAL.exe
  2⤵
  PID:5816
- C:\Windows\System\EqHGkzw.exe
  C:\Windows\System\EqHGkzw.exe
  2⤵
  PID:5844
- C:\Windows\System\angSGDQ.exe
  C:\Windows\System\angSGDQ.exe
  2⤵
  PID:5872
- C:\Windows\System\PmsUmDS.exe
  C:\Windows\System\PmsUmDS.exe
  2⤵
  PID:5900
- C:\Windows\System\wlntjYs.exe
  C:\Windows\System\wlntjYs.exe
  2⤵
  PID:5928
- C:\Windows\System\OxrrILT.exe
  C:\Windows\System\OxrrILT.exe
  2⤵
  PID:5960
- C:\Windows\System\fcOyhyk.exe
  C:\Windows\System\fcOyhyk.exe
  2⤵
  PID:5988
- C:\Windows\System\IizZOfx.exe
  C:\Windows\System\IizZOfx.exe
  2⤵
  PID:6012
- C:\Windows\System\EFgzhFw.exe
  C:\Windows\System\EFgzhFw.exe
  2⤵
  PID:6040
- C:\Windows\System\FzhLIHx.exe
  C:\Windows\System\FzhLIHx.exe
  2⤵
  PID:6068
- C:\Windows\System\lecboMS.exe
  C:\Windows\System\lecboMS.exe
  2⤵
  PID:6092
- C:\Windows\System\NdWkdVt.exe
  C:\Windows\System\NdWkdVt.exe
  2⤵
  PID:6116
- C:\Windows\System\LiUGhUL.exe
  C:\Windows\System\LiUGhUL.exe
  2⤵
  PID:5140
- C:\Windows\System\HNnTgxI.exe
  C:\Windows\System\HNnTgxI.exe
  2⤵
  PID:5224
- C:\Windows\System\xIZXcDO.exe
  C:\Windows\System\xIZXcDO.exe
  2⤵
  PID:5280
- C:\Windows\System\PYGvLID.exe
  C:\Windows\System\PYGvLID.exe
  2⤵
  PID:5356
- C:\Windows\System\cyTBpYw.exe
  C:\Windows\System\cyTBpYw.exe
  2⤵
  PID:5420
- C:\Windows\System\deAEvQW.exe
  C:\Windows\System\deAEvQW.exe
  2⤵
  PID:5508
- C:\Windows\System\UpJtgAP.exe
  C:\Windows\System\UpJtgAP.exe
  2⤵
  PID:5572
- C:\Windows\System\bnGrOiM.exe
  C:\Windows\System\bnGrOiM.exe
  2⤵
  PID:5644
- C:\Windows\System\appkxhy.exe
  C:\Windows\System\appkxhy.exe
  2⤵
  PID:5700
- C:\Windows\System\IgWCRvF.exe
  C:\Windows\System\IgWCRvF.exe
  2⤵
  PID:5740
- C:\Windows\System\ZVIwHpW.exe
  C:\Windows\System\ZVIwHpW.exe
  2⤵
  PID:5808
- C:\Windows\System\DUKQwQo.exe
  C:\Windows\System\DUKQwQo.exe
  2⤵
  PID:5864
- C:\Windows\System\gCZwJVC.exe
  C:\Windows\System\gCZwJVC.exe
  2⤵
  PID:5936
- C:\Windows\System\bMiKIyI.exe
  C:\Windows\System\bMiKIyI.exe
  2⤵
  PID:5996
- C:\Windows\System\dUZwOJE.exe
  C:\Windows\System\dUZwOJE.exe
  2⤵
  PID:6052
- C:\Windows\System\brudbif.exe
  C:\Windows\System\brudbif.exe
  2⤵
  PID:6124
- C:\Windows\System\tdErxaD.exe
  C:\Windows\System\tdErxaD.exe
  2⤵
  PID:6080
- C:\Windows\System\sxwCNAv.exe
  C:\Windows\System\sxwCNAv.exe
  2⤵
  PID:760
- C:\Windows\System\jIdCyLG.exe
  C:\Windows\System\jIdCyLG.exe
  2⤵
  PID:5528
- C:\Windows\System\gCQNXlr.exe
  C:\Windows\System\gCQNXlr.exe
  2⤵
  PID:5680
- C:\Windows\System\rfuKvQF.exe
  C:\Windows\System\rfuKvQF.exe
  2⤵
  PID:5852
- C:\Windows\System\pduXXfa.exe
  C:\Windows\System\pduXXfa.exe
  2⤵
  PID:5980
- C:\Windows\System\gNdibZf.exe
  C:\Windows\System\gNdibZf.exe
  2⤵
  PID:6084
- C:\Windows\System\xENumFV.exe
  C:\Windows\System\xENumFV.exe
  2⤵
  PID:5388
- C:\Windows\System\BRjoSVP.exe
  C:\Windows\System\BRjoSVP.exe
  2⤵
  PID:5748
- C:\Windows\System\DhcwDfS.exe
  C:\Windows\System\DhcwDfS.exe
  2⤵
  PID:6100
- C:\Windows\System\UmgdygQ.exe
  C:\Windows\System\UmgdygQ.exe
  2⤵
  PID:5828
- C:\Windows\System\MxlupGt.exe
  C:\Windows\System\MxlupGt.exe
  2⤵
  PID:5168
- C:\Windows\System\pyeStaL.exe
  C:\Windows\System\pyeStaL.exe
  2⤵
  PID:6172
- C:\Windows\System\LMLIuCi.exe
  C:\Windows\System\LMLIuCi.exe
  2⤵
  PID:6196
- C:\Windows\System\KwToJGO.exe
  C:\Windows\System\KwToJGO.exe
  2⤵
  PID:6224
- C:\Windows\System\GLAOGwx.exe
  C:\Windows\System\GLAOGwx.exe
  2⤵
  PID:6252
- C:\Windows\System\LUVurcL.exe
  C:\Windows\System\LUVurcL.exe
  2⤵
  PID:6272
- C:\Windows\System\GItFfXL.exe
  C:\Windows\System\GItFfXL.exe
  2⤵
  PID:6312
- C:\Windows\System\djXpXWP.exe
  C:\Windows\System\djXpXWP.exe
  2⤵
  PID:6344
- C:\Windows\System\gjcUdOx.exe
  C:\Windows\System\gjcUdOx.exe
  2⤵
  PID:6368
- C:\Windows\System\ngbaMho.exe
  C:\Windows\System\ngbaMho.exe
  2⤵
  PID:6404
- C:\Windows\System\csWpCRr.exe
  C:\Windows\System\csWpCRr.exe
  2⤵
  PID:6432
- C:\Windows\System\RzAcjlu.exe
  C:\Windows\System\RzAcjlu.exe
  2⤵
  PID:6460
- C:\Windows\System\RbLYxhQ.exe
  C:\Windows\System\RbLYxhQ.exe
  2⤵
  PID:6492
- C:\Windows\System\wbRJZpW.exe
  C:\Windows\System\wbRJZpW.exe
  2⤵
  PID:6516
- C:\Windows\System\QbJpusG.exe
  C:\Windows\System\QbJpusG.exe
  2⤵
  PID:6552
- C:\Windows\System\OkyDRyr.exe
  C:\Windows\System\OkyDRyr.exe
  2⤵
  PID:6572
- C:\Windows\System\XfUMihw.exe
  C:\Windows\System\XfUMihw.exe
  2⤵
  PID:6608
- C:\Windows\System\sUQDPNH.exe
  C:\Windows\System\sUQDPNH.exe
  2⤵
  PID:6628
- C:\Windows\System\RiSEyHV.exe
  C:\Windows\System\RiSEyHV.exe
  2⤵
  PID:6660
- C:\Windows\System\toOAlva.exe
  C:\Windows\System\toOAlva.exe
  2⤵
  PID:6692
- C:\Windows\System\ZULbtWj.exe
  C:\Windows\System\ZULbtWj.exe
  2⤵
  PID:6720
- C:\Windows\System\sROdehu.exe
  C:\Windows\System\sROdehu.exe
  2⤵
  PID:6748
- C:\Windows\System\UPedHjz.exe
  C:\Windows\System\UPedHjz.exe
  2⤵
  PID:6788
- C:\Windows\System\SVnfTUo.exe
  C:\Windows\System\SVnfTUo.exe
  2⤵
  PID:6812
- C:\Windows\System\eraswAB.exe
  C:\Windows\System\eraswAB.exe
  2⤵
  PID:6844
- C:\Windows\System\PYEMPFo.exe
  C:\Windows\System\PYEMPFo.exe
  2⤵
  PID:6872
- C:\Windows\System\FuVrvlb.exe
  C:\Windows\System\FuVrvlb.exe
  2⤵
  PID:6904
- C:\Windows\System\iFMpiOr.exe
  C:\Windows\System\iFMpiOr.exe
  2⤵
  PID:6932
- C:\Windows\System\zAHDMBD.exe
  C:\Windows\System\zAHDMBD.exe
  2⤵
  PID:6964
- C:\Windows\System\svldfEe.exe
  C:\Windows\System\svldfEe.exe
  2⤵
  PID:6988
- C:\Windows\System\ZPAzthy.exe
  C:\Windows\System\ZPAzthy.exe
  2⤵
  PID:7016
- C:\Windows\System\kyPWnYC.exe
  C:\Windows\System\kyPWnYC.exe
  2⤵
  PID:7048
- C:\Windows\System\VizarXy.exe
  C:\Windows\System\VizarXy.exe
  2⤵
  PID:7072
- C:\Windows\System\unVDYDH.exe
  C:\Windows\System\unVDYDH.exe
  2⤵
  PID:7104
- C:\Windows\System\pKgaERh.exe
  C:\Windows\System\pKgaERh.exe
  2⤵
  PID:7128
- C:\Windows\System\eZOZrTl.exe
  C:\Windows\System\eZOZrTl.exe
  2⤵
  PID:7156
- C:\Windows\System\KAIemyy.exe
  C:\Windows\System\KAIemyy.exe
  2⤵
  PID:6188
- C:\Windows\System\dgypuFf.exe
  C:\Windows\System\dgypuFf.exe
  2⤵
  PID:6260
- C:\Windows\System\hEmYvGG.exe
  C:\Windows\System\hEmYvGG.exe
  2⤵
  PID:6324
- C:\Windows\System\pXLCLwz.exe
  C:\Windows\System\pXLCLwz.exe
  2⤵
  PID:6376
- C:\Windows\System\TEryrXS.exe
  C:\Windows\System\TEryrXS.exe
  2⤵
  PID:6444
- C:\Windows\System\YqxAMKV.exe
  C:\Windows\System\YqxAMKV.exe
  2⤵
  PID:6512
- C:\Windows\System\MyejNCe.exe
  C:\Windows\System\MyejNCe.exe
  2⤵
  PID:6584
- C:\Windows\System\GJZQEOV.exe
  C:\Windows\System\GJZQEOV.exe
  2⤵
  PID:6680
- C:\Windows\System\ggIKMkK.exe
  C:\Windows\System\ggIKMkK.exe
  2⤵
  PID:6636
- C:\Windows\System\scoPJOo.exe
  C:\Windows\System\scoPJOo.exe
  2⤵
  PID:6768
- C:\Windows\System\PulYBur.exe
  C:\Windows\System\PulYBur.exe
  2⤵
  PID:6852
- C:\Windows\System\COTDyGB.exe
  C:\Windows\System\COTDyGB.exe
  2⤵
  PID:6892
- C:\Windows\System\RCmpBLc.exe
  C:\Windows\System\RCmpBLc.exe
  2⤵
  PID:6952
- C:\Windows\System\uovqxwY.exe
  C:\Windows\System\uovqxwY.exe
  2⤵
  PID:7024
- C:\Windows\System\vSIxmct.exe
  C:\Windows\System\vSIxmct.exe
  2⤵
  PID:7084
- C:\Windows\System\dYkLzhF.exe
  C:\Windows\System\dYkLzhF.exe
  2⤵
  PID:7148
- C:\Windows\System\xCEkYbe.exe
  C:\Windows\System\xCEkYbe.exe
  2⤵
  PID:6288
- C:\Windows\System\gHunlUl.exe
  C:\Windows\System\gHunlUl.exe
  2⤵
  PID:6416
- C:\Windows\System\ZNZkxqh.exe
  C:\Windows\System\ZNZkxqh.exe
  2⤵
  PID:6616
- C:\Windows\System\LiWOsok.exe
  C:\Windows\System\LiWOsok.exe
  2⤵
  PID:6712
- C:\Windows\System\DiOFcYx.exe
  C:\Windows\System\DiOFcYx.exe
  2⤵
  PID:6804
- C:\Windows\System\QjQZGBB.exe
  C:\Windows\System\QjQZGBB.exe
  2⤵
  PID:6940
- C:\Windows\System\oYVurAP.exe
  C:\Windows\System\oYVurAP.exe
  2⤵
  PID:7056
- C:\Windows\System\tGSLxtp.exe
  C:\Windows\System\tGSLxtp.exe
  2⤵
  PID:6356
- C:\Windows\System\FnTQUcZ.exe
  C:\Windows\System\FnTQUcZ.exe
  2⤵
  PID:2200
- C:\Windows\System\jjIDhdh.exe
  C:\Windows\System\jjIDhdh.exe
  2⤵
  PID:5016
- C:\Windows\System\kHjFzBP.exe
  C:\Windows\System\kHjFzBP.exe
  2⤵
  PID:6596
- C:\Windows\System\mzWJZBw.exe
  C:\Windows\System\mzWJZBw.exe
  2⤵
  PID:6880
- C:\Windows\System\acYFsiY.exe
  C:\Windows\System\acYFsiY.exe
  2⤵
  PID:7032
- C:\Windows\System\fqyCtqL.exe
  C:\Windows\System\fqyCtqL.exe
  2⤵
  PID:7196
- C:\Windows\System\pXOVemL.exe
  C:\Windows\System\pXOVemL.exe
  2⤵
  PID:7224
- C:\Windows\System\vJttOve.exe
  C:\Windows\System\vJttOve.exe
  2⤵
  PID:7252
- C:\Windows\System\vhXBtkL.exe
  C:\Windows\System\vhXBtkL.exe
  2⤵
  PID:7280
- C:\Windows\System\phZOpkp.exe
  C:\Windows\System\phZOpkp.exe
  2⤵
  PID:7308
- C:\Windows\System\HtOiufq.exe
  C:\Windows\System\HtOiufq.exe
  2⤵
  PID:7332
- C:\Windows\System\gqljFdo.exe
  C:\Windows\System\gqljFdo.exe
  2⤵
  PID:7356
- C:\Windows\System\QltXRPB.exe
  C:\Windows\System\QltXRPB.exe
  2⤵
  PID:7384
- C:\Windows\System\PIMHhnN.exe
  C:\Windows\System\PIMHhnN.exe
  2⤵
  PID:7412
- C:\Windows\System\nvFVWDK.exe
  C:\Windows\System\nvFVWDK.exe
  2⤵
  PID:7440
- C:\Windows\System\JyqMmcr.exe
  C:\Windows\System\JyqMmcr.exe
  2⤵
  PID:7468
- C:\Windows\System\VyoqCwB.exe
  C:\Windows\System\VyoqCwB.exe
  2⤵
  PID:7500
- C:\Windows\System\BmyyFTH.exe
  C:\Windows\System\BmyyFTH.exe
  2⤵
  PID:7528
- C:\Windows\System\hdmkQEA.exe
  C:\Windows\System\hdmkQEA.exe
  2⤵
  PID:7560
- C:\Windows\System\zjaHWCn.exe
  C:\Windows\System\zjaHWCn.exe
  2⤵
  PID:7600
- C:\Windows\System\fRSbesK.exe
  C:\Windows\System\fRSbesK.exe
  2⤵
  PID:7616
- C:\Windows\System\FfRkkZW.exe
  C:\Windows\System\FfRkkZW.exe
  2⤵
  PID:7648
- C:\Windows\System\kcryMHO.exe
  C:\Windows\System\kcryMHO.exe
  2⤵
  PID:7684
- C:\Windows\System\YYkjncF.exe
  C:\Windows\System\YYkjncF.exe
  2⤵
  PID:7716
- C:\Windows\System\oKyvMef.exe
  C:\Windows\System\oKyvMef.exe
  2⤵
  PID:7740
- C:\Windows\System\PBticfm.exe
  C:\Windows\System\PBticfm.exe
  2⤵
  PID:7764
- C:\Windows\System\MQsPMzq.exe
  C:\Windows\System\MQsPMzq.exe
  2⤵
  PID:7804
- C:\Windows\System\BcPBJiq.exe
  C:\Windows\System\BcPBJiq.exe
  2⤵
  PID:7832
- C:\Windows\System\EJQEqtF.exe
  C:\Windows\System\EJQEqtF.exe
  2⤵
  PID:7868
- C:\Windows\System\OPghQzH.exe
  C:\Windows\System\OPghQzH.exe
  2⤵
  PID:7888
- C:\Windows\System\UHKrQxR.exe
  C:\Windows\System\UHKrQxR.exe
  2⤵
  PID:7916
- C:\Windows\System\uhMXPmN.exe
  C:\Windows\System\uhMXPmN.exe
  2⤵
  PID:7944
- C:\Windows\System\SfZAyeD.exe
  C:\Windows\System\SfZAyeD.exe
  2⤵
  PID:7972
- C:\Windows\System\OGJTZuN.exe
  C:\Windows\System\OGJTZuN.exe
  2⤵
  PID:8000
- C:\Windows\System\oMhOMPu.exe
  C:\Windows\System\oMhOMPu.exe
  2⤵
  PID:8032
- C:\Windows\System\ftObrNN.exe
  C:\Windows\System\ftObrNN.exe
  2⤵
  PID:8060
- C:\Windows\System\lMrPZrc.exe
  C:\Windows\System\lMrPZrc.exe
  2⤵
  PID:8088
- C:\Windows\System\ENCgkmr.exe
  C:\Windows\System\ENCgkmr.exe
  2⤵
  PID:8120
- C:\Windows\System\OVCSnWC.exe
  C:\Windows\System\OVCSnWC.exe
  2⤵
  PID:8148
- C:\Windows\System\mYgmYfd.exe
  C:\Windows\System\mYgmYfd.exe
  2⤵
  PID:8176
- C:\Windows\System\AUhpvKW.exe
  C:\Windows\System\AUhpvKW.exe
  2⤵
  PID:7188
- C:\Windows\System\jjLFBNf.exe
  C:\Windows\System\jjLFBNf.exe
  2⤵
  PID:7244
- C:\Windows\System\CHXCzVz.exe
  C:\Windows\System\CHXCzVz.exe
  2⤵
  PID:7320
- C:\Windows\System\afYvlIc.exe
  C:\Windows\System\afYvlIc.exe
  2⤵
  PID:7368
- C:\Windows\System\HwcEgHj.exe
  C:\Windows\System\HwcEgHj.exe
  2⤵
  PID:3776
- C:\Windows\System\KCcTQVw.exe
  C:\Windows\System\KCcTQVw.exe
  2⤵
  PID:7464
- C:\Windows\System\UzevjvP.exe
  C:\Windows\System\UzevjvP.exe
  2⤵
  PID:4788
- C:\Windows\System\nQpSlRB.exe
  C:\Windows\System\nQpSlRB.exe
  2⤵
  PID:7608
- C:\Windows\System\HnQzsBf.exe
  C:\Windows\System\HnQzsBf.exe
  2⤵
  PID:4228
- C:\Windows\System\wgAbNKN.exe
  C:\Windows\System\wgAbNKN.exe
  2⤵
  PID:7680
- C:\Windows\System\GEIBdZc.exe
  C:\Windows\System\GEIBdZc.exe
  2⤵
  PID:7732
- C:\Windows\System\YXLYIeX.exe
  C:\Windows\System\YXLYIeX.exe
  2⤵
  PID:7624
- C:\Windows\System\nXDZbmt.exe
  C:\Windows\System\nXDZbmt.exe
  2⤵
  PID:7828
- C:\Windows\System\ahUnemk.exe
  C:\Windows\System\ahUnemk.exe
  2⤵
  PID:7900
- C:\Windows\System\wJQKgoz.exe
  C:\Windows\System\wJQKgoz.exe
  2⤵
  PID:7968
- C:\Windows\System\zKPhtlm.exe
  C:\Windows\System\zKPhtlm.exe
  2⤵
  PID:8048
- C:\Windows\System\dKgtYbM.exe
  C:\Windows\System\dKgtYbM.exe
  2⤵
  PID:8100
- C:\Windows\System\MmuZFdf.exe
  C:\Windows\System\MmuZFdf.exe
  2⤵
  PID:8160
- C:\Windows\System\BnCyCYt.exe
  C:\Windows\System\BnCyCYt.exe
  2⤵
  PID:7236
- C:\Windows\System\ctprVcm.exe
  C:\Windows\System\ctprVcm.exe
  2⤵
  PID:7348
- C:\Windows\System\NxMgScl.exe
  C:\Windows\System\NxMgScl.exe
  2⤵
  PID:2072
- C:\Windows\System\thPsuvL.exe
  C:\Windows\System\thPsuvL.exe
  2⤵
  PID:7596
- C:\Windows\System\jnHGqMP.exe
  C:\Windows\System\jnHGqMP.exe
  2⤵
  PID:7708
- C:\Windows\System\qNRHxtq.exe
  C:\Windows\System\qNRHxtq.exe
  2⤵
  PID:7824
- C:\Windows\System\BioLlXx.exe
  C:\Windows\System\BioLlXx.exe
  2⤵
  PID:7992
- C:\Windows\System\fnwXjlk.exe
  C:\Windows\System\fnwXjlk.exe
  2⤵
  PID:8132
- C:\Windows\System\NzmSsQS.exe
  C:\Windows\System\NzmSsQS.exe
  2⤵
  PID:512
- C:\Windows\System\NkyfzZQ.exe
  C:\Windows\System\NkyfzZQ.exe
  2⤵
  PID:7712
- C:\Windows\System\AmOzQuW.exe
  C:\Windows\System\AmOzQuW.exe
  2⤵
  PID:7940
- C:\Windows\System\RYjSlLo.exe
  C:\Windows\System\RYjSlLo.exe
  2⤵
  PID:7216
- C:\Windows\System\QXiswIA.exe
  C:\Windows\System\QXiswIA.exe
  2⤵
  PID:7816
- C:\Windows\System\OVHmnav.exe
  C:\Windows\System\OVHmnav.exe
  2⤵
  PID:7180
- C:\Windows\System\OjZSYbq.exe
  C:\Windows\System\OjZSYbq.exe
  2⤵
  PID:8212
- C:\Windows\System\QmafaID.exe
  C:\Windows\System\QmafaID.exe
  2⤵
  PID:8240
- C:\Windows\System\UJqTuPQ.exe
  C:\Windows\System\UJqTuPQ.exe
  2⤵
  PID:8268
- C:\Windows\System\jPcmfWh.exe
  C:\Windows\System\jPcmfWh.exe
  2⤵
  PID:8296
- C:\Windows\System\PWftqdv.exe
  C:\Windows\System\PWftqdv.exe
  2⤵
  PID:8324
- C:\Windows\System\fTIjYXY.exe
  C:\Windows\System\fTIjYXY.exe
  2⤵
  PID:8352
- C:\Windows\System\QHiKJjY.exe
  C:\Windows\System\QHiKJjY.exe
  2⤵
  PID:8380
- C:\Windows\System\cxMtaLj.exe
  C:\Windows\System\cxMtaLj.exe
  2⤵
  PID:8408
- C:\Windows\System\KUEOyWb.exe
  C:\Windows\System\KUEOyWb.exe
  2⤵
  PID:8436
- C:\Windows\System\POeNUYx.exe
  C:\Windows\System\POeNUYx.exe
  2⤵
  PID:8464
- C:\Windows\System\NmTXrzk.exe
  C:\Windows\System\NmTXrzk.exe
  2⤵
  PID:8492
- C:\Windows\System\hygRCtM.exe
  C:\Windows\System\hygRCtM.exe
  2⤵
  PID:8524
- C:\Windows\System\eBINeAL.exe
  C:\Windows\System\eBINeAL.exe
  2⤵
  PID:8552
- C:\Windows\System\xmvNxrP.exe
  C:\Windows\System\xmvNxrP.exe
  2⤵
  PID:8584
- C:\Windows\System\vjnxtws.exe
  C:\Windows\System\vjnxtws.exe
  2⤵
  PID:8608
- C:\Windows\System\jfPxSLK.exe
  C:\Windows\System\jfPxSLK.exe
  2⤵
  PID:8636
- C:\Windows\System\QMTlWSI.exe
  C:\Windows\System\QMTlWSI.exe
  2⤵
  PID:8664
- C:\Windows\System\wKScYHG.exe
  C:\Windows\System\wKScYHG.exe
  2⤵
  PID:8692
- C:\Windows\System\PAFxxof.exe
  C:\Windows\System\PAFxxof.exe
  2⤵
  PID:8720
- C:\Windows\System\pjaFluc.exe
  C:\Windows\System\pjaFluc.exe
  2⤵
  PID:8748
- C:\Windows\System\mSufkcS.exe
  C:\Windows\System\mSufkcS.exe
  2⤵
  PID:8776
- C:\Windows\System\coltraE.exe
  C:\Windows\System\coltraE.exe
  2⤵
  PID:8804
- C:\Windows\System\wNBotMo.exe
  C:\Windows\System\wNBotMo.exe
  2⤵
  PID:8832
- C:\Windows\System\gsUhtyA.exe
  C:\Windows\System\gsUhtyA.exe
  2⤵
  PID:8860
- C:\Windows\System\xrcmauY.exe
  C:\Windows\System\xrcmauY.exe
  2⤵
  PID:8888
- C:\Windows\System\QNvTfuz.exe
  C:\Windows\System\QNvTfuz.exe
  2⤵
  PID:8916
- C:\Windows\System\ikSJXqY.exe
  C:\Windows\System\ikSJXqY.exe
  2⤵
  PID:8944
- C:\Windows\System\qhLuvgb.exe
  C:\Windows\System\qhLuvgb.exe
  2⤵
  PID:8972
- C:\Windows\System\LaIfLkh.exe
  C:\Windows\System\LaIfLkh.exe
  2⤵
  PID:9000
- C:\Windows\System\hhzLttW.exe
  C:\Windows\System\hhzLttW.exe
  2⤵
  PID:9028
- C:\Windows\System\gJuYRSv.exe
  C:\Windows\System\gJuYRSv.exe
  2⤵
  PID:9056
- C:\Windows\System\BUiLiTA.exe
  C:\Windows\System\BUiLiTA.exe
  2⤵
  PID:9084
- C:\Windows\System\rIMuTgD.exe
  C:\Windows\System\rIMuTgD.exe
  2⤵
  PID:9112
- C:\Windows\System\fyKHssT.exe
  C:\Windows\System\fyKHssT.exe
  2⤵
  PID:9140
- C:\Windows\System\OQnmMDq.exe
  C:\Windows\System\OQnmMDq.exe
  2⤵
  PID:9168
- C:\Windows\System\EgDlPix.exe
  C:\Windows\System\EgDlPix.exe
  2⤵
  PID:9196
- C:\Windows\System\VmxOhPu.exe
  C:\Windows\System\VmxOhPu.exe
  2⤵
  PID:8228
- C:\Windows\System\LkiBVMS.exe
  C:\Windows\System\LkiBVMS.exe
  2⤵
  PID:8264
- C:\Windows\System\pRBObzD.exe
  C:\Windows\System\pRBObzD.exe
  2⤵
  PID:8320
- C:\Windows\System\IlpIYYn.exe
  C:\Windows\System\IlpIYYn.exe
  2⤵
  PID:8372
- C:\Windows\System\mqjWTsh.exe
  C:\Windows\System\mqjWTsh.exe
  2⤵
  PID:8448
- C:\Windows\System\AdThoUC.exe
  C:\Windows\System\AdThoUC.exe
  2⤵
  PID:8488
- C:\Windows\System\PMvpPCf.exe
  C:\Windows\System\PMvpPCf.exe
  2⤵
  PID:8564
- C:\Windows\System\HVqmawV.exe
  C:\Windows\System\HVqmawV.exe
  2⤵
  PID:8628
- C:\Windows\System\fbzebCQ.exe
  C:\Windows\System\fbzebCQ.exe
  2⤵
  PID:8688
- C:\Windows\System\WBiUxim.exe
  C:\Windows\System\WBiUxim.exe
  2⤵
  PID:8772
- C:\Windows\System\OkLkJXB.exe
  C:\Windows\System\OkLkJXB.exe
  2⤵
  PID:8824
- C:\Windows\System\JeSDEmk.exe
  C:\Windows\System\JeSDEmk.exe
  2⤵
  PID:8884
- C:\Windows\System\JLDsgmn.exe
  C:\Windows\System\JLDsgmn.exe
  2⤵
  PID:8956
- C:\Windows\System\NaJEXdm.exe
  C:\Windows\System\NaJEXdm.exe
  2⤵
  PID:9020
- C:\Windows\System\HHbgpHs.exe
  C:\Windows\System\HHbgpHs.exe
  2⤵
  PID:9076
- C:\Windows\System\KFuZhGc.exe
  C:\Windows\System\KFuZhGc.exe
  2⤵
  PID:9136
- C:\Windows\System\TrWzxAg.exe
  C:\Windows\System\TrWzxAg.exe
  2⤵
  PID:9208
- C:\Windows\System\YVGmHSH.exe
  C:\Windows\System\YVGmHSH.exe
  2⤵
  PID:8308
- C:\Windows\System\IffYBak.exe
  C:\Windows\System\IffYBak.exe
  2⤵
  PID:8460
- C:\Windows\System\rkzbZJY.exe
  C:\Windows\System\rkzbZJY.exe
  2⤵
  PID:8604
- C:\Windows\System\zbrIlsO.exe
  C:\Windows\System\zbrIlsO.exe
  2⤵
  PID:8800
- C:\Windows\System\ImReVny.exe
  C:\Windows\System\ImReVny.exe
  2⤵
  PID:8940
- C:\Windows\System\YKFuWbc.exe
  C:\Windows\System\YKFuWbc.exe
  2⤵
  PID:9104
- C:\Windows\System\NvMvAsR.exe
  C:\Windows\System\NvMvAsR.exe
  2⤵
  PID:8260
- C:\Windows\System\UvlBSHK.exe
  C:\Windows\System\UvlBSHK.exe
  2⤵
  PID:8196
- C:\Windows\System\VlUqTxg.exe
  C:\Windows\System\VlUqTxg.exe
  2⤵
  PID:8744
- C:\Windows\System\EHRdmtZ.exe
  C:\Windows\System\EHRdmtZ.exe
  2⤵
  PID:8656
- C:\Windows\System\BjpzVlr.exe
  C:\Windows\System\BjpzVlr.exe
  2⤵
  PID:3388
- C:\Windows\System\Rttwpwp.exe
  C:\Windows\System\Rttwpwp.exe
  2⤵
  PID:1608
- C:\Windows\System\IvadKCC.exe
  C:\Windows\System\IvadKCC.exe
  2⤵
  PID:8872
- C:\Windows\System\wQyInxU.exe
  C:\Windows\System\wQyInxU.exe
  2⤵
  PID:5000
- C:\Windows\System\ADSvQWm.exe
  C:\Windows\System\ADSvQWm.exe
  2⤵
  PID:5060
- C:\Windows\System\txEvJEv.exe
  C:\Windows\System\txEvJEv.exe
  2⤵
  PID:9232
- C:\Windows\System\CMhoDSo.exe
  C:\Windows\System\CMhoDSo.exe
  2⤵
  PID:9260
- C:\Windows\System\OrGxgaP.exe
  C:\Windows\System\OrGxgaP.exe
  2⤵
  PID:9288
- C:\Windows\System\upmgPSM.exe
  C:\Windows\System\upmgPSM.exe
  2⤵
  PID:9316
- C:\Windows\System\ccJIJHB.exe
  C:\Windows\System\ccJIJHB.exe
  2⤵
  PID:9344
- C:\Windows\System\rTQirAa.exe
  C:\Windows\System\rTQirAa.exe
  2⤵
  PID:9372
- C:\Windows\System\haktooy.exe
  C:\Windows\System\haktooy.exe
  2⤵
  PID:9404
- C:\Windows\System\xjrwZeA.exe
  C:\Windows\System\xjrwZeA.exe
  2⤵
  PID:9440
- C:\Windows\System\MwfXwgh.exe
  C:\Windows\System\MwfXwgh.exe
  2⤵
  PID:9468
- C:\Windows\System\oiVyIYb.exe
  C:\Windows\System\oiVyIYb.exe
  2⤵
  PID:9496
- C:\Windows\System\MWEKWdK.exe
  C:\Windows\System\MWEKWdK.exe
  2⤵
  PID:9524
- C:\Windows\System\gRqiOeu.exe
  C:\Windows\System\gRqiOeu.exe
  2⤵
  PID:9552
- C:\Windows\System\RKbRHwV.exe
  C:\Windows\System\RKbRHwV.exe
  2⤵
  PID:9580
- C:\Windows\System\iwmYkaC.exe
  C:\Windows\System\iwmYkaC.exe
  2⤵
  PID:9608
- C:\Windows\System\quyXgtn.exe
  C:\Windows\System\quyXgtn.exe
  2⤵
  PID:9636
- C:\Windows\System\ejibBCG.exe
  C:\Windows\System\ejibBCG.exe
  2⤵
  PID:9664
- C:\Windows\System\PhIFYaC.exe
  C:\Windows\System\PhIFYaC.exe
  2⤵
  PID:9704
- C:\Windows\System\ZgmWDNX.exe
  C:\Windows\System\ZgmWDNX.exe
  2⤵
  PID:9720
- C:\Windows\System\hzyiNaD.exe
  C:\Windows\System\hzyiNaD.exe
  2⤵
  PID:9748
- C:\Windows\System\aBkjdXS.exe
  C:\Windows\System\aBkjdXS.exe
  2⤵
  PID:9780
- C:\Windows\System\hkmCmEZ.exe
  C:\Windows\System\hkmCmEZ.exe
  2⤵
  PID:9804
- C:\Windows\System\AFgEsqW.exe
  C:\Windows\System\AFgEsqW.exe
  2⤵
  PID:9832
- C:\Windows\System\bKbDgyx.exe
  C:\Windows\System\bKbDgyx.exe
  2⤵
  PID:9860
- C:\Windows\System\bBammOa.exe
  C:\Windows\System\bBammOa.exe
  2⤵
  PID:9892
- C:\Windows\System\lVsvnts.exe
  C:\Windows\System\lVsvnts.exe
  2⤵
  PID:9920
- C:\Windows\System\hvorzZD.exe
  C:\Windows\System\hvorzZD.exe
  2⤵
  PID:9948
- C:\Windows\System\TpQPucs.exe
  C:\Windows\System\TpQPucs.exe
  2⤵
  PID:9976
- C:\Windows\System\zccvFRB.exe
  C:\Windows\System\zccvFRB.exe
  2⤵
  PID:10004
- C:\Windows\System\cVptaFc.exe
  C:\Windows\System\cVptaFc.exe
  2⤵
  PID:10036
- C:\Windows\System\ciHmRlv.exe
  C:\Windows\System\ciHmRlv.exe
  2⤵
  PID:10060
- C:\Windows\System\FALjWvD.exe
  C:\Windows\System\FALjWvD.exe
  2⤵
  PID:10088
- C:\Windows\System\HBPRffD.exe
  C:\Windows\System\HBPRffD.exe
  2⤵
  PID:10116
- C:\Windows\System\DDHPskv.exe
  C:\Windows\System\DDHPskv.exe
  2⤵
  PID:10144
- C:\Windows\System\kEVfTZK.exe
  C:\Windows\System\kEVfTZK.exe
  2⤵
  PID:10172
- C:\Windows\System\HXdRTVA.exe
  C:\Windows\System\HXdRTVA.exe
  2⤵
  PID:10200
- C:\Windows\System\TxNuPps.exe
  C:\Windows\System\TxNuPps.exe
  2⤵
  PID:10228
- C:\Windows\System\DKfCqOu.exe
  C:\Windows\System\DKfCqOu.exe
  2⤵
  PID:9252
- C:\Windows\System\imkpmdo.exe
  C:\Windows\System\imkpmdo.exe
  2⤵
  PID:9308
- C:\Windows\System\MvCGyiY.exe
  C:\Windows\System\MvCGyiY.exe
  2⤵
  PID:9368
- C:\Windows\System\vjTKOQo.exe
  C:\Windows\System\vjTKOQo.exe
  2⤵
  PID:1924
- C:\Windows\System\jpoBzLq.exe
  C:\Windows\System\jpoBzLq.exe
  2⤵
  PID:9424
- C:\Windows\System\dTwYISi.exe
  C:\Windows\System\dTwYISi.exe
  2⤵
  PID:9412
- C:\Windows\System\RbnAxJn.exe
  C:\Windows\System\RbnAxJn.exe
  2⤵
  PID:9540
- C:\Windows\System\HRJAJXk.exe
  C:\Windows\System\HRJAJXk.exe
  2⤵
  PID:9600
- C:\Windows\System\fkboCMa.exe
  C:\Windows\System\fkboCMa.exe
  2⤵
  PID:9660
- C:\Windows\System\zmxFsfo.exe
  C:\Windows\System\zmxFsfo.exe
  2⤵
  PID:9732
- C:\Windows\System\yPpGMnM.exe
  C:\Windows\System\yPpGMnM.exe
  2⤵
  PID:9788
- C:\Windows\System\SCRaJLO.exe
  C:\Windows\System\SCRaJLO.exe
  2⤵
  PID:9856
- C:\Windows\System\PzhZVtQ.exe
  C:\Windows\System\PzhZVtQ.exe
  2⤵
  PID:9944
- C:\Windows\System\uIxYVSR.exe
  C:\Windows\System\uIxYVSR.exe
  2⤵
  PID:10000
- C:\Windows\System\lklvafh.exe
  C:\Windows\System\lklvafh.exe
  2⤵
  PID:10084
- C:\Windows\System\WwhOfeN.exe
  C:\Windows\System\WwhOfeN.exe
  2⤵
  PID:10164
- C:\Windows\System\mXsHNzv.exe
  C:\Windows\System\mXsHNzv.exe
  2⤵
  PID:10224
- C:\Windows\System\aXEaWPR.exe
  C:\Windows\System\aXEaWPR.exe
  2⤵
  PID:9340
- C:\Windows\System\jjYmxXH.exe
  C:\Windows\System\jjYmxXH.exe
  2⤵
  PID:3084
- C:\Windows\System\TVpQlxZ.exe
  C:\Windows\System\TVpQlxZ.exe
  2⤵
  PID:9516
- C:\Windows\System\bRHzwpE.exe
  C:\Windows\System\bRHzwpE.exe
  2⤵
  PID:9648
- C:\Windows\System\hNxNBPy.exe
  C:\Windows\System\hNxNBPy.exe
  2⤵
  PID:9824
- C:\Windows\System\SICvaMG.exe
  C:\Windows\System\SICvaMG.exe
  2⤵
  PID:656
- C:\Windows\System\jUDPtMZ.exe
  C:\Windows\System\jUDPtMZ.exe
  2⤵
  PID:10076
- C:\Windows\System\SojLBYs.exe
  C:\Windows\System\SojLBYs.exe
  2⤵
  PID:10140
- C:\Windows\System\eVEahDI.exe
  C:\Windows\System\eVEahDI.exe
  2⤵
  PID:8740
- C:\Windows\System\ixqwaSq.exe
  C:\Windows\System\ixqwaSq.exe
  2⤵
  PID:9628
- C:\Windows\System\JpmWsIv.exe
  C:\Windows\System\JpmWsIv.exe
  2⤵
  PID:9936
- C:\Windows\System\KTVwAnt.exe
  C:\Windows\System\KTVwAnt.exe
  2⤵
  PID:10212
- C:\Windows\System\RUKQYjf.exe
  C:\Windows\System\RUKQYjf.exe
  2⤵
  PID:9912
- C:\Windows\System\xTHWVjS.exe
  C:\Windows\System\xTHWVjS.exe
  2⤵
  PID:9592
- C:\Windows\System\jZNQdTf.exe
  C:\Windows\System\jZNQdTf.exe
  2⤵
  PID:10248
- C:\Windows\System\HoYHzKS.exe
  C:\Windows\System\HoYHzKS.exe
  2⤵
  PID:10276
- C:\Windows\System\XNIMEeA.exe
  C:\Windows\System\XNIMEeA.exe
  2⤵
  PID:10308
- C:\Windows\System\LYVLtRy.exe
  C:\Windows\System\LYVLtRy.exe
  2⤵
  PID:10336
- C:\Windows\System\RDptPCl.exe
  C:\Windows\System\RDptPCl.exe
  2⤵
  PID:10364
- C:\Windows\System\VKhxfJi.exe
  C:\Windows\System\VKhxfJi.exe
  2⤵
  PID:10392
- C:\Windows\System\jWnicXo.exe
  C:\Windows\System\jWnicXo.exe
  2⤵
  PID:10420
- C:\Windows\System\OWcJBgM.exe
  C:\Windows\System\OWcJBgM.exe
  2⤵
  PID:10448
- C:\Windows\System\RahnGaP.exe
  C:\Windows\System\RahnGaP.exe
  2⤵
  PID:10476
- C:\Windows\System\nqgCfNO.exe
  C:\Windows\System\nqgCfNO.exe
  2⤵
  PID:10504
- C:\Windows\System\oWDevLb.exe
  C:\Windows\System\oWDevLb.exe
  2⤵
  PID:10532
- C:\Windows\System\PPrgMrs.exe
  C:\Windows\System\PPrgMrs.exe
  2⤵
  PID:10560
- C:\Windows\System\vEgmYsA.exe
  C:\Windows\System\vEgmYsA.exe
  2⤵
  PID:10588
- C:\Windows\System\bPXUsNf.exe
  C:\Windows\System\bPXUsNf.exe
  2⤵
  PID:10616
- C:\Windows\System\pPzGbhF.exe
  C:\Windows\System\pPzGbhF.exe
  2⤵
  PID:10644
- C:\Windows\System\cyVGwCG.exe
  C:\Windows\System\cyVGwCG.exe
  2⤵
  PID:10672
- C:\Windows\System\rdVxJgO.exe
  C:\Windows\System\rdVxJgO.exe
  2⤵
  PID:10700
- C:\Windows\System\yBSoBJV.exe
  C:\Windows\System\yBSoBJV.exe
  2⤵
  PID:10728
- C:\Windows\System\MWzXNQw.exe
  C:\Windows\System\MWzXNQw.exe
  2⤵
  PID:10756
- C:\Windows\System\EmYJSOX.exe
  C:\Windows\System\EmYJSOX.exe
  2⤵
  PID:10788
- C:\Windows\System\FSkRkfg.exe
  C:\Windows\System\FSkRkfg.exe
  2⤵
  PID:10816
- C:\Windows\System\GXZqtPK.exe
  C:\Windows\System\GXZqtPK.exe
  2⤵
  PID:10844
- C:\Windows\System\kQpeaKu.exe
  C:\Windows\System\kQpeaKu.exe
  2⤵
  PID:10872
- C:\Windows\System\XmsYmtJ.exe
  C:\Windows\System\XmsYmtJ.exe
  2⤵
  PID:10900
- C:\Windows\System\tmuLZTU.exe
  C:\Windows\System\tmuLZTU.exe
  2⤵
  PID:10928
- C:\Windows\System\RPwiEkV.exe
  C:\Windows\System\RPwiEkV.exe
  2⤵
  PID:10956
- C:\Windows\System\GumIudQ.exe
  C:\Windows\System\GumIudQ.exe
  2⤵
  PID:10984
- C:\Windows\System\XKgrxjq.exe
  C:\Windows\System\XKgrxjq.exe
  2⤵
  PID:11012
- C:\Windows\System\rHuTvDc.exe
  C:\Windows\System\rHuTvDc.exe
  2⤵
  PID:11048
- C:\Windows\System\raAtEFS.exe
  C:\Windows\System\raAtEFS.exe
  2⤵
  PID:11068
- C:\Windows\System\AnUlCyU.exe
  C:\Windows\System\AnUlCyU.exe
  2⤵
  PID:11096
- C:\Windows\System\LiELOCJ.exe
  C:\Windows\System\LiELOCJ.exe
  2⤵
  PID:11124
- C:\Windows\System\yYdncZe.exe
  C:\Windows\System\yYdncZe.exe
  2⤵
  PID:11152
- C:\Windows\System\dOhwrTI.exe
  C:\Windows\System\dOhwrTI.exe
  2⤵
  PID:11180
- C:\Windows\System\hUXWiVi.exe
  C:\Windows\System\hUXWiVi.exe
  2⤵
  PID:11208
- C:\Windows\System\QMtpmYT.exe
  C:\Windows\System\QMtpmYT.exe
  2⤵
  PID:11236
- C:\Windows\System\sTyEGHK.exe
  C:\Windows\System\sTyEGHK.exe
  2⤵
  PID:9880
- C:\Windows\System\SeABgMi.exe
  C:\Windows\System\SeABgMi.exe
  2⤵
  PID:10292
- C:\Windows\System\vgiYdzV.exe
  C:\Windows\System\vgiYdzV.exe
  2⤵
  PID:10356
- C:\Windows\System\yYWpAaG.exe
  C:\Windows\System\yYWpAaG.exe
  2⤵
  PID:10440
- C:\Windows\System\jvANiNT.exe
  C:\Windows\System\jvANiNT.exe
  2⤵
  PID:10492
- C:\Windows\System\lNKOgot.exe
  C:\Windows\System\lNKOgot.exe
  2⤵
  PID:10552
- C:\Windows\System\meEQRvL.exe
  C:\Windows\System\meEQRvL.exe
  2⤵
  PID:10608
- C:\Windows\System\jxuzQDz.exe
  C:\Windows\System\jxuzQDz.exe
  2⤵
  PID:10656
- C:\Windows\System\mnLMjSV.exe
  C:\Windows\System\mnLMjSV.exe
  2⤵
  PID:10712
- C:\Windows\System\GSjQmLb.exe
  C:\Windows\System\GSjQmLb.exe
  2⤵
  PID:10748
- C:\Windows\System\MizCNyS.exe
  C:\Windows\System\MizCNyS.exe
  2⤵
  PID:2080
- C:\Windows\System\sxtMHSW.exe
  C:\Windows\System\sxtMHSW.exe
  2⤵
  PID:10840
- C:\Windows\System\kQrOqss.exe
  C:\Windows\System\kQrOqss.exe
  2⤵
  PID:10912
- C:\Windows\System\GZzMTxE.exe
  C:\Windows\System\GZzMTxE.exe
  2⤵
  PID:10976
- C:\Windows\System\ZYuLVrw.exe
  C:\Windows\System\ZYuLVrw.exe
  2⤵
  PID:2348
- C:\Windows\System\RjfuBoJ.exe
  C:\Windows\System\RjfuBoJ.exe
  2⤵
  PID:11092
- C:\Windows\System\NlrbANa.exe
  C:\Windows\System\NlrbANa.exe
  2⤵
  PID:11148
- C:\Windows\System\ePCQsso.exe
  C:\Windows\System\ePCQsso.exe
  2⤵
  PID:11232
- C:\Windows\System\LMqwFaG.exe
  C:\Windows\System\LMqwFaG.exe
  2⤵
  PID:10776
- C:\Windows\System\VBmvmmb.exe
  C:\Windows\System\VBmvmmb.exe
  2⤵
  PID:10520
- C:\Windows\System\grdnuUN.exe
  C:\Windows\System\grdnuUN.exe
  2⤵
  PID:4720
- C:\Windows\System\UMXxtTz.exe
  C:\Windows\System\UMXxtTz.exe
  2⤵
  PID:4848
- C:\Windows\System\kQAoAuj.exe
  C:\Windows\System\kQAoAuj.exe
  2⤵
  PID:10868
- C:\Windows\System\wwLUGdz.exe
  C:\Windows\System\wwLUGdz.exe
  2⤵
  PID:11024
- C:\Windows\System\ILorXxt.exe
  C:\Windows\System\ILorXxt.exe
  2⤵
  PID:3592
- C:\Windows\System\ukDtxrB.exe
  C:\Windows\System\ukDtxrB.exe
  2⤵
  PID:924
- C:\Windows\System\ejLfGYU.exe
  C:\Windows\System\ejLfGYU.exe
  2⤵
  PID:11220
- C:\Windows\System\dUHsdYx.exe
  C:\Windows\System\dUHsdYx.exe
  2⤵
  PID:10468
- C:\Windows\System\DDvfQQR.exe
  C:\Windows\System\DDvfQQR.exe
  2⤵
  PID:2900
- C:\Windows\System\vYOEYok.exe
  C:\Windows\System\vYOEYok.exe
  2⤵
  PID:3928
- C:\Windows\System\IzuoNre.exe
  C:\Windows\System\IzuoNre.exe
  2⤵
  PID:404
- C:\Windows\System\RtGFQfQ.exe
  C:\Windows\System\RtGFQfQ.exe
  2⤵
  PID:4972
- C:\Windows\System\LltTwhp.exe
  C:\Windows\System\LltTwhp.exe
  2⤵
  PID:11228
- C:\Windows\System\WecCfDV.exe
  C:\Windows\System\WecCfDV.exe
  2⤵
  PID:11008
- C:\Windows\System\gIGmFSY.exe
  C:\Windows\System\gIGmFSY.exe
  2⤵
  PID:11272
- C:\Windows\System\FrxxMmD.exe
  C:\Windows\System\FrxxMmD.exe
  2⤵
  PID:11300
- C:\Windows\System\ZlVAdOL.exe
  C:\Windows\System\ZlVAdOL.exe
  2⤵
  PID:11328
- C:\Windows\System\eOExqEg.exe
  C:\Windows\System\eOExqEg.exe
  2⤵
  PID:11360
- C:\Windows\System\ApryBTH.exe
  C:\Windows\System\ApryBTH.exe
  2⤵
  PID:11388
- C:\Windows\System\syllxOA.exe
  C:\Windows\System\syllxOA.exe
  2⤵
  PID:11416
- C:\Windows\System\HZxLuJL.exe
  C:\Windows\System\HZxLuJL.exe
  2⤵
  PID:11444
- C:\Windows\System\yXNpqRL.exe
  C:\Windows\System\yXNpqRL.exe
  2⤵
  PID:11472
- C:\Windows\System\EAgVGxw.exe
  C:\Windows\System\EAgVGxw.exe
  2⤵
  PID:11504
- C:\Windows\System\TVOofdB.exe
  C:\Windows\System\TVOofdB.exe
  2⤵
  PID:11532
- C:\Windows\System\fktCGus.exe
  C:\Windows\System\fktCGus.exe
  2⤵
  PID:11568
- C:\Windows\System\lrsvHRG.exe
  C:\Windows\System\lrsvHRG.exe
  2⤵
  PID:11588
- C:\Windows\System\azPjYof.exe
  C:\Windows\System\azPjYof.exe
  2⤵
  PID:11616
- C:\Windows\System\LaVqkPE.exe
  C:\Windows\System\LaVqkPE.exe
  2⤵
  PID:11644
- C:\Windows\System\sAPgdmT.exe
  C:\Windows\System\sAPgdmT.exe
  2⤵
  PID:11672
- C:\Windows\System\HYOpHCt.exe
  C:\Windows\System\HYOpHCt.exe
  2⤵
  PID:11700
- C:\Windows\System\ScaMbjr.exe
  C:\Windows\System\ScaMbjr.exe
  2⤵
  PID:11728
- C:\Windows\System\UMLvikT.exe
  C:\Windows\System\UMLvikT.exe
  2⤵
  PID:11756
- C:\Windows\System\JzcDTBp.exe
  C:\Windows\System\JzcDTBp.exe
  2⤵
  PID:11784
- C:\Windows\System\jdFUdyH.exe
  C:\Windows\System\jdFUdyH.exe
  2⤵
  PID:11812
- C:\Windows\System\RjPnWEY.exe
  C:\Windows\System\RjPnWEY.exe
  2⤵
  PID:11840
- C:\Windows\System\hvITVon.exe
  C:\Windows\System\hvITVon.exe
  2⤵
  PID:11868
- C:\Windows\System\YVjOlNy.exe
  C:\Windows\System\YVjOlNy.exe
  2⤵
  PID:11896
- C:\Windows\System\bIWFRrD.exe
  C:\Windows\System\bIWFRrD.exe
  2⤵
  PID:11924
- C:\Windows\System\DVXGKzE.exe
  C:\Windows\System\DVXGKzE.exe
  2⤵
  PID:11952
- C:\Windows\System\bapOoZS.exe
  C:\Windows\System\bapOoZS.exe
  2⤵
  PID:11980
- C:\Windows\System\zdaMZzT.exe
  C:\Windows\System\zdaMZzT.exe
  2⤵
  PID:12008
- C:\Windows\System\XfOgkuy.exe
  C:\Windows\System\XfOgkuy.exe
  2⤵
  PID:12036
- C:\Windows\System\VWVlbXM.exe
  C:\Windows\System\VWVlbXM.exe
  2⤵
  PID:12064
- C:\Windows\System\oUAVDqo.exe
  C:\Windows\System\oUAVDqo.exe
  2⤵
  PID:12092
- C:\Windows\System\yeLvtJx.exe
  C:\Windows\System\yeLvtJx.exe
  2⤵
  PID:12132
- C:\Windows\System\sOtMDub.exe
  C:\Windows\System\sOtMDub.exe
  2⤵
  PID:12152
- C:\Windows\System\IDlkKwp.exe
  C:\Windows\System\IDlkKwp.exe
  2⤵
  PID:12180
- C:\Windows\System\fAPMuhA.exe
  C:\Windows\System\fAPMuhA.exe
  2⤵
  PID:12208
- C:\Windows\System\inTGNcD.exe
  C:\Windows\System\inTGNcD.exe
  2⤵
  PID:12236
- C:\Windows\System\FMGCVHV.exe
  C:\Windows\System\FMGCVHV.exe
  2⤵
  PID:12272
- C:\Windows\System\enlwlfZ.exe
  C:\Windows\System\enlwlfZ.exe
  2⤵
  PID:11268
- C:\Windows\System\TdEPGoo.exe
  C:\Windows\System\TdEPGoo.exe
  2⤵
  PID:11340
- C:\Windows\System\McOcZAv.exe
  C:\Windows\System\McOcZAv.exe
  2⤵
  PID:11400
- C:\Windows\System\FQqNpdk.exe
  C:\Windows\System\FQqNpdk.exe
  2⤵
  PID:1864
- C:\Windows\System\kvvfpmg.exe
  C:\Windows\System\kvvfpmg.exe
  2⤵
  PID:11516
- C:\Windows\System\gqsarIX.exe
  C:\Windows\System\gqsarIX.exe
  2⤵
  PID:11556
- C:\Windows\System\uWWJiDl.exe
  C:\Windows\System\uWWJiDl.exe
  2⤵
  PID:11640
- C:\Windows\System\jPAGNSJ.exe
  C:\Windows\System\jPAGNSJ.exe
  2⤵
  PID:11668
- C:\Windows\System\KNSqgwb.exe
  C:\Windows\System\KNSqgwb.exe
  2⤵
  PID:11752
- C:\Windows\System\eOLVXJh.exe
  C:\Windows\System\eOLVXJh.exe
  2⤵
  PID:11824
- C:\Windows\System\kFwUvMf.exe
  C:\Windows\System\kFwUvMf.exe
  2⤵
  PID:11888
- C:\Windows\System\InFJBbT.exe
  C:\Windows\System\InFJBbT.exe
  2⤵
  PID:11964
- C:\Windows\System\lBgLmlM.exe
  C:\Windows\System\lBgLmlM.exe
  2⤵
  PID:11972
- C:\Windows\System\tzjdxTs.exe
  C:\Windows\System\tzjdxTs.exe
  2⤵
  PID:12000
- C:\Windows\System\wtLropH.exe
  C:\Windows\System\wtLropH.exe
  2⤵
  PID:12032
- C:\Windows\System\XJBMEtT.exe
  C:\Windows\System\XJBMEtT.exe
  2⤵
  PID:2852
- C:\Windows\System\MLrkZEh.exe
  C:\Windows\System\MLrkZEh.exe
  2⤵
  PID:2552
- C:\Windows\System\hvLMXQR.exe
  C:\Windows\System\hvLMXQR.exe
  2⤵
  PID:1648
- C:\Windows\System\MuwxOJy.exe
  C:\Windows\System\MuwxOJy.exe
  2⤵
  PID:1804
- C:\Windows\System\KbUiCDs.exe
  C:\Windows\System\KbUiCDs.exe
  2⤵
  PID:3644
- C:\Windows\System\OUQPQCH.exe
  C:\Windows\System\OUQPQCH.exe
  2⤵
  PID:11296
- C:\Windows\System\qShwRmo.exe
  C:\Windows\System\qShwRmo.exe
  2⤵
  PID:10460
- C:\Windows\System\CbaCkBQ.exe
  C:\Windows\System\CbaCkBQ.exe
  2⤵
  PID:11428
- C:\Windows\System\BmWKUUi.exe
  C:\Windows\System\BmWKUUi.exe
  2⤵
  PID:11496
- C:\Windows\System\nyHCEDA.exe
  C:\Windows\System\nyHCEDA.exe
  2⤵
  PID:4596
- C:\Windows\System\FUESMFc.exe
  C:\Windows\System\FUESMFc.exe
  2⤵
  PID:3856
- C:\Windows\System\CrTHJim.exe
  C:\Windows\System\CrTHJim.exe
  2⤵
  PID:11748
- C:\Windows\System\JxvPsdO.exe
  C:\Windows\System\JxvPsdO.exe
  2⤵
  PID:3572
- C:\Windows\System\hdAdcRh.exe
  C:\Windows\System\hdAdcRh.exe
  2⤵
  PID:3624
- C:\Windows\System\JItvlex.exe
  C:\Windows\System\JItvlex.exe
  2⤵
  PID:11580
- C:\Windows\System\wvgFsjo.exe
  C:\Windows\System\wvgFsjo.exe
  2⤵
  PID:12140
- C:\Windows\System\iyBRxvF.exe
  C:\Windows\System\iyBRxvF.exe
  2⤵
  PID:5056
- C:\Windows\System\VhlPLms.exe
  C:\Windows\System\VhlPLms.exe
  2⤵
  PID:11908
- C:\Windows\System\UkjhHZK.exe
  C:\Windows\System\UkjhHZK.exe
  2⤵
  PID:12164
- C:\Windows\System\XDfCLUm.exe
  C:\Windows\System\XDfCLUm.exe
  2⤵
  PID:3492
- C:\Windows\System\ACsHVeF.exe
  C:\Windows\System\ACsHVeF.exe
  2⤵
  PID:4084
- C:\Windows\System\iDJsxey.exe
  C:\Windows\System\iDJsxey.exe
  2⤵
  PID:1528
- C:\Windows\System\rdaHMGk.exe
  C:\Windows\System\rdaHMGk.exe
  2⤵
  PID:884
- C:\Windows\System\GNmGFRw.exe
  C:\Windows\System\GNmGFRw.exe
  2⤵
  PID:11464
- C:\Windows\System\lpRAEvT.exe
  C:\Windows\System\lpRAEvT.exe
  2⤵
  PID:3268
- C:\Windows\System\pxuNGne.exe
  C:\Windows\System\pxuNGne.exe
  2⤵
  PID:11740
- C:\Windows\System\BMbsIJb.exe
  C:\Windows\System\BMbsIJb.exe
  2⤵
  PID:4100
- C:\Windows\System\cudydAS.exe
  C:\Windows\System\cudydAS.exe
  2⤵
  PID:1424
- C:\Windows\System\ewrAqBa.exe
  C:\Windows\System\ewrAqBa.exe
  2⤵
  PID:3140
- C:\Windows\System\YKvroVa.exe
  C:\Windows\System\YKvroVa.exe
  2⤵
  PID:3124
- C:\Windows\System\KCDQQic.exe
  C:\Windows\System\KCDQQic.exe
  2⤵
  PID:4964
- C:\Windows\System\BuymFIs.exe
  C:\Windows\System\BuymFIs.exe
  2⤵
  PID:1800
- C:\Windows\System\fUUsRrs.exe
  C:\Windows\System\fUUsRrs.exe
  2⤵
  PID:2432
- C:\Windows\System\lBzPFhx.exe
  C:\Windows\System\lBzPFhx.exe
  2⤵
  PID:2300
- C:\Windows\System\evRCmBz.exe
  C:\Windows\System\evRCmBz.exe
  2⤵
  PID:5212
- C:\Windows\System\nFLXbCr.exe
  C:\Windows\System\nFLXbCr.exe
  2⤵
  PID:4160
- C:\Windows\System\aRfuoiH.exe
  C:\Windows\System\aRfuoiH.exe
  2⤵
  PID:2888
- C:\Windows\System\tGazgNy.exe
  C:\Windows\System\tGazgNy.exe
  2⤵
  PID:3428
- C:\Windows\System\NeMbZbX.exe
  C:\Windows\System\NeMbZbX.exe
  2⤵
  PID:5352
- C:\Windows\System\UBHZIUC.exe
  C:\Windows\System\UBHZIUC.exe
  2⤵
  PID:12148
- C:\Windows\System\rFhdkwB.exe
  C:\Windows\System\rFhdkwB.exe
  2⤵
  PID:4136
- C:\Windows\System\ixopWwa.exe
  C:\Windows\System\ixopWwa.exe
  2⤵
  PID:11320
- C:\Windows\System\aXQUpNY.exe
  C:\Windows\System\aXQUpNY.exe
  2⤵
  PID:4336
- C:\Windows\System\BTCMzmU.exe
  C:\Windows\System\BTCMzmU.exe
  2⤵
  PID:1028
- C:\Windows\System\RAmiCkT.exe
  C:\Windows\System\RAmiCkT.exe
  2⤵
  PID:5576
- C:\Windows\System\wZXXZiM.exe
  C:\Windows\System\wZXXZiM.exe
  2⤵
  PID:5408
- C:\Windows\System\yeZhLmC.exe
  C:\Windows\System\yeZhLmC.exe
  2⤵
  PID:5236
- C:\Windows\System\pGbqRHy.exe
  C:\Windows\System\pGbqRHy.exe
  2⤵
  PID:5704
- C:\Windows\System\yCVbtwM.exe
  C:\Windows\System\yCVbtwM.exe
  2⤵
  PID:5628
- C:\Windows\System\QNgWwsI.exe
  C:\Windows\System\QNgWwsI.exe
  2⤵
  PID:4944
- C:\Windows\System\GVObEmD.exe
  C:\Windows\System\GVObEmD.exe
  2⤵
  PID:5756
- C:\Windows\System\nWIdxRi.exe
  C:\Windows\System\nWIdxRi.exe
  2⤵
  PID:5632
- C:\Windows\System\bQwTAsr.exe
  C:\Windows\System\bQwTAsr.exe
  2⤵
  PID:5896
- C:\Windows\System\QaqkTgB.exe
  C:\Windows\System\QaqkTgB.exe
  2⤵
  PID:5956
- C:\Windows\System\JlkHWxA.exe
  C:\Windows\System\JlkHWxA.exe
  2⤵
  PID:5840
- C:\Windows\System\uKpnrup.exe
  C:\Windows\System\uKpnrup.exe
  2⤵
  PID:6008
- C:\Windows\System\SezltyC.exe
  C:\Windows\System\SezltyC.exe
  2⤵
  PID:12312
- C:\Windows\System\TXEzixK.exe
  C:\Windows\System\TXEzixK.exe
  2⤵
  PID:12340
- C:\Windows\System\OfmgpHv.exe
  C:\Windows\System\OfmgpHv.exe
  2⤵
  PID:12368
- C:\Windows\System\xNOSRNI.exe
  C:\Windows\System\xNOSRNI.exe
  2⤵
  PID:12396
- C:\Windows\System\ZasCrSz.exe
  C:\Windows\System\ZasCrSz.exe
  2⤵
  PID:12424
- C:\Windows\System\OgdZUdM.exe
  C:\Windows\System\OgdZUdM.exe
  2⤵
  PID:12456
- C:\Windows\System\liSgHKG.exe
  C:\Windows\System\liSgHKG.exe
  2⤵
  PID:12484
- C:\Windows\System\jWKazab.exe
  C:\Windows\System\jWKazab.exe
  2⤵
  PID:12512
- C:\Windows\System\LGlQFJC.exe
  C:\Windows\System\LGlQFJC.exe
  2⤵
  PID:12540
- C:\Windows\System\NUvJSQw.exe
  C:\Windows\System\NUvJSQw.exe
  2⤵
  PID:12568
- C:\Windows\System\yPcDIUF.exe
  C:\Windows\System\yPcDIUF.exe
  2⤵
  PID:12596
- C:\Windows\System\JJqEbfg.exe
  C:\Windows\System\JJqEbfg.exe
  2⤵
  PID:12624
- C:\Windows\System\QlaKJsI.exe
  C:\Windows\System\QlaKJsI.exe
  2⤵
  PID:12652
- C:\Windows\System\SnBhQsM.exe
  C:\Windows\System\SnBhQsM.exe
  2⤵
  PID:12680
- C:\Windows\System\hhBacMc.exe
  C:\Windows\System\hhBacMc.exe
  2⤵
  PID:12708
- C:\Windows\System\xnBMmAi.exe
  C:\Windows\System\xnBMmAi.exe
  2⤵
  PID:12736
- C:\Windows\System\zwAiEvB.exe
  C:\Windows\System\zwAiEvB.exe
  2⤵
  PID:12764
- C:\Windows\System\jhdJPtS.exe
  C:\Windows\System\jhdJPtS.exe
  2⤵
  PID:12792
- C:\Windows\System\VuVTgkX.exe
  C:\Windows\System\VuVTgkX.exe
  2⤵
  PID:12820
- C:\Windows\System\tuUBQyr.exe
  C:\Windows\System\tuUBQyr.exe
  2⤵
  PID:12848
- C:\Windows\System\gnKTGgt.exe
  C:\Windows\System\gnKTGgt.exe
  2⤵
  PID:12876
- C:\Windows\System\REaEXmt.exe
  C:\Windows\System\REaEXmt.exe
  2⤵
  PID:12904
- C:\Windows\System\WSrXmNs.exe
  C:\Windows\System\WSrXmNs.exe
  2⤵
  PID:12932
- C:\Windows\System\KHPFYog.exe
  C:\Windows\System\KHPFYog.exe
  2⤵
  PID:12964
- C:\Windows\System\YQhzufS.exe
  C:\Windows\System\YQhzufS.exe
  2⤵
  PID:12992
- C:\Windows\System\PtdRHbt.exe
  C:\Windows\System\PtdRHbt.exe
  2⤵
  PID:13024
- C:\Windows\System\rsAVqdi.exe
  C:\Windows\System\rsAVqdi.exe
  2⤵
  PID:13056
- C:\Windows\System\IKsuHOU.exe
  C:\Windows\System\IKsuHOU.exe
  2⤵
  PID:13084
- C:\Windows\System\pvTIRTR.exe
  C:\Windows\System\pvTIRTR.exe
  2⤵
  PID:13112
- C:\Windows\System\XmGXhju.exe
  C:\Windows\System\XmGXhju.exe
  2⤵
  PID:13140
- C:\Windows\System\VuroESf.exe
  C:\Windows\System\VuroESf.exe
  2⤵
  PID:13168
- C:\Windows\System\MVjvZhz.exe
  C:\Windows\System\MVjvZhz.exe
  2⤵
  PID:13196
- C:\Windows\System\aYrKMDF.exe
  C:\Windows\System\aYrKMDF.exe
  2⤵
  PID:13224
- C:\Windows\System\BEjVkZt.exe
  C:\Windows\System\BEjVkZt.exe
  2⤵
  PID:13252
- C:\Windows\System\vAcYSLc.exe
  C:\Windows\System\vAcYSLc.exe
  2⤵
  PID:13280
- C:\Windows\System\RRVhBQd.exe
  C:\Windows\System\RRVhBQd.exe
  2⤵
  PID:13308
- C:\Windows\System\YuAeXRO.exe
  C:\Windows\System\YuAeXRO.exe
  2⤵
  PID:5360
- C:\Windows\System\IrFhznv.exe
  C:\Windows\System\IrFhznv.exe
  2⤵
  PID:6112
- C:\Windows\System\ehhBiXm.exe
  C:\Windows\System\ehhBiXm.exe
  2⤵
  PID:12392
- C:\Windows\System\YEtZFoF.exe
  C:\Windows\System\YEtZFoF.exe
  2⤵
  PID:12448
- C:\Windows\System\QDZdhah.exe
  C:\Windows\System\QDZdhah.exe
  2⤵
  PID:12496
- C:\Windows\System\nPkRPxe.exe
  C:\Windows\System\nPkRPxe.exe
  2⤵
  PID:5328
- C:\Windows\System\FxKRdXQ.exe
  C:\Windows\System\FxKRdXQ.exe
  2⤵
  PID:12560
- C:\Windows\System\GEsFIGV.exe
  C:\Windows\System\GEsFIGV.exe
  2⤵
  PID:5552
- C:\Windows\System\IMhCHdI.exe
  C:\Windows\System\IMhCHdI.exe
  2⤵
  PID:5624
- C:\Windows\System\OlZgSEy.exe
  C:\Windows\System\OlZgSEy.exe
  2⤵
  PID:12704
- C:\Windows\System\wbhxhsN.exe
  C:\Windows\System\wbhxhsN.exe
  2⤵
  PID:5772
- C:\Windows\System\MUnlMDa.exe
  C:\Windows\System\MUnlMDa.exe
  2⤵
  PID:12784
- C:\Windows\System\BzqQbgP.exe
  C:\Windows\System\BzqQbgP.exe
  2⤵
  PID:12840
- C:\Windows\System\ZtpbEDg.exe
  C:\Windows\System\ZtpbEDg.exe
  2⤵
  PID:12888
- C:\Windows\System\fIjnNoV.exe
  C:\Windows\System\fIjnNoV.exe
  2⤵
  PID:6108
- C:\Windows\System\WoEaIhn.exe
  C:\Windows\System\WoEaIhn.exe
  2⤵
  PID:12960
- C:\Windows\System\xtTljQZ.exe
  C:\Windows\System\xtTljQZ.exe
  2⤵
  PID:13004
- C:\Windows\System\jeSmhwh.exe
  C:\Windows\System\jeSmhwh.exe
  2⤵
  PID:13036
- C:\Windows\System\qgaEDzl.exe
  C:\Windows\System\qgaEDzl.exe
  2⤵
  PID:6060
- C:\Windows\System\WcyeqbP.exe
  C:\Windows\System\WcyeqbP.exe
  2⤵
  PID:5712
- C:\Windows\System\MeeFkoI.exe
  C:\Windows\System\MeeFkoI.exe
  2⤵
  PID:13104
- C:\Windows\System\LoVtOJP.exe
  C:\Windows\System\LoVtOJP.exe
  2⤵
  PID:13152
- C:\Windows\System\lHbbAoU.exe
  C:\Windows\System\lHbbAoU.exe
  2⤵
  PID:13192
- C:\Windows\System\rZIEVch.exe
  C:\Windows\System\rZIEVch.exe
  2⤵
  PID:6192
- C:\Windows\System\MfDPZPg.exe
  C:\Windows\System\MfDPZPg.exe
  2⤵
  PID:6212
- C:\Windows\System\DsFZuxE.exe
  C:\Windows\System\DsFZuxE.exe
  2⤵
  PID:6244
- C:\Windows\System\XADocdR.exe
  C:\Windows\System\XADocdR.exe
  2⤵
  PID:6284
- C:\Windows\System\qBoJdJi.exe
  C:\Windows\System\qBoJdJi.exe
  2⤵
  PID:12420
- C:\Windows\System\xlQeBcr.exe
  C:\Windows\System\xlQeBcr.exe
  2⤵
  PID:5312
- C:\Windows\System\mKIaTAB.exe
  C:\Windows\System\mKIaTAB.exe
  2⤵
  PID:6396
- C:\Windows\System\djeTlFP.exe
  C:\Windows\System\djeTlFP.exe
  2⤵
  PID:6420
- C:\Windows\System\fGrSpNV.exe
  C:\Windows\System\fGrSpNV.exe
  2⤵
  PID:12648
- C:\Windows\System\xknmyPa.exe
  C:\Windows\System\xknmyPa.exe
  2⤵
  PID:12700
- C:\Windows\System\uPvbcCD.exe
  C:\Windows\System\uPvbcCD.exe
  2⤵
  PID:6548
- C:\Windows\System\olctcIX.exe
  C:\Windows\System\olctcIX.exe
  2⤵
  PID:12896
- C:\Windows\System\GVMBbgq.exe
  C:\Windows\System\GVMBbgq.exe
  2⤵
  PID:6600
- C:\Windows\System\gHIaSLq.exe
  C:\Windows\System\gHIaSLq.exe
  2⤵
  PID:5612
- C:\Windows\System\LEWEekT.exe
  C:\Windows\System\LEWEekT.exe
  2⤵
  PID:13068
- C:\Windows\System\JbhKssg.exe
  C:\Windows\System\JbhKssg.exe
  2⤵
  PID:5464
- C:\Windows\System\rNDKnkK.exe
  C:\Windows\System\rNDKnkK.exe
  2⤵
  PID:13220
- C:\Windows\System\WdAGBKL.exe
  C:\Windows\System\WdAGBKL.exe
  2⤵
  PID:13276
- C:\Windows\System\BWvsaDI.exe
  C:\Windows\System\BWvsaDI.exe
  2⤵
  PID:12352
- C:\Windows\System\kIbJyoD.exe
  C:\Windows\System\kIbJyoD.exe
  2⤵
  PID:5216
- C:\Windows\System\GRvCESG.exe
  C:\Windows\System\GRvCESG.exe
  2⤵
  PID:6800
- C:\Windows\System\DyoEetz.exe
  C:\Windows\System\DyoEetz.exe
  2⤵
  PID:6828
- C:\Windows\System\gxdOFyI.exe
  C:\Windows\System\gxdOFyI.exe
  2⤵
  PID:12620
- C:\Windows\System\MbLficD.exe
  C:\Windows\System\MbLficD.exe
  2⤵
  PID:5836
- C:\Windows\System\mdKYPEE.exe
  C:\Windows\System\mdKYPEE.exe
  2⤵
  PID:12900
- C:\Windows\System\ebhzqLS.exe
  C:\Windows\System\ebhzqLS.exe
  2⤵
  PID:6984
- C:\Windows\System\nqhboKH.exe
  C:\Windows\System\nqhboKH.exe
  2⤵
  PID:6088
- C:\Windows\System\lUnsyTK.exe
  C:\Windows\System\lUnsyTK.exe
  2⤵
  PID:7068
- C:\Windows\System\rOjwdHO.exe
  C:\Windows\System\rOjwdHO.exe
  2⤵
  PID:7096
- C:\Windows\System\mRzmPbk.exe
  C:\Windows\System\mRzmPbk.exe
  2⤵
  PID:6764
- C:\Windows\System\iGDGLbu.exe
  C:\Windows\System\iGDGLbu.exe
  2⤵
  PID:5436
- C:\Windows\System\pQKdSJM.exe
  C:\Windows\System\pQKdSJM.exe
  2⤵
  PID:12564
- C:\Windows\System\SxTHWqD.exe
  C:\Windows\System\SxTHWqD.exe
  2⤵
  PID:6452
- C:\Windows\System\yAihndf.exe
  C:\Windows\System\yAihndf.exe
  2⤵
  PID:6604
- C:\Windows\System\AjnlWKo.exe
  C:\Windows\System\AjnlWKo.exe
  2⤵
  PID:6484
- C:\Windows\System\gDDTYhb.exe
  C:\Windows\System\gDDTYhb.exe
  2⤵
  PID:13180
- C:\Windows\System\pozGhNr.exe
  C:\Windows\System\pozGhNr.exe
  2⤵
  PID:7124
- C:\Windows\System\IMLmcvi.exe
  C:\Windows\System\IMLmcvi.exe
  2⤵
  PID:5092
- C:\Windows\System\yTCWdKE.exe
  C:\Windows\System\yTCWdKE.exe
  2⤵
  PID:12956
- C:\Windows\System\QwaJcKr.exe
  C:\Windows\System\QwaJcKr.exe
  2⤵
  PID:6832
- C:\Windows\System\rBLuzXQ.exe
  C:\Windows\System\rBLuzXQ.exe
  2⤵
  PID:6944
- C:\Windows\System\erRksOc.exe
  C:\Windows\System\erRksOc.exe
  2⤵
  PID:6624
- C:\Windows\System\wDriPmP.exe
  C:\Windows\System\wDriPmP.exe
  2⤵
  PID:6332
- C:\Windows\System\TVaVDmn.exe
  C:\Windows\System\TVaVDmn.exe
  2⤵
  PID:6392
- C:\Windows\System\OxTkFod.exe
  C:\Windows\System\OxTkFod.exe
  2⤵
  PID:6388
- C:\Windows\System\NXxIfoD.exe
  C:\Windows\System\NXxIfoD.exe
  2⤵
  PID:6564
- C:\Windows\System\tSsJFwr.exe
  C:\Windows\System\tSsJFwr.exe
  2⤵
  PID:6264
- C:\Windows\System\sWnMQSw.exe
  C:\Windows\System\sWnMQSw.exe
  2⤵
  PID:6796
- C:\Windows\System\jlPVgMD.exe
  C:\Windows\System\jlPVgMD.exe
  2⤵
  PID:6864
- C:\Windows\System\qmTFkBQ.exe
  C:\Windows\System\qmTFkBQ.exe
  2⤵
  PID:1376
- C:\Windows\System\mqFIObd.exe
  C:\Windows\System\mqFIObd.exe
  2⤵
  PID:5656
- C:\Windows\System\UcMRlbC.exe
  C:\Windows\System\UcMRlbC.exe
  2⤵
  PID:13340
- C:\Windows\System\HJYsdmp.exe
  C:\Windows\System\HJYsdmp.exe
  2⤵
  PID:13368
- C:\Windows\System\rCtAVvN.exe
  C:\Windows\System\rCtAVvN.exe
  2⤵
  PID:13396
- C:\Windows\System\IhhDGFS.exe
  C:\Windows\System\IhhDGFS.exe
  2⤵
  PID:13424
- C:\Windows\System\AMTBxsl.exe
  C:\Windows\System\AMTBxsl.exe
  2⤵
  PID:13452
- C:\Windows\System\vOnCcTO.exe
  C:\Windows\System\vOnCcTO.exe
  2⤵
  PID:13480
- C:\Windows\System\hAEuZDm.exe
  C:\Windows\System\hAEuZDm.exe
  2⤵
  PID:13508
- C:\Windows\System\pFckGwA.exe
  C:\Windows\System\pFckGwA.exe
  2⤵
  PID:13536
- C:\Windows\System\LraoDOY.exe
  C:\Windows\System\LraoDOY.exe
  2⤵
  PID:13568
- C:\Windows\System\zcKlMAK.exe
  C:\Windows\System\zcKlMAK.exe
  2⤵
  PID:13596
- C:\Windows\System\nyZGPzf.exe
  C:\Windows\System\nyZGPzf.exe
  2⤵
  PID:13624
- C:\Windows\System\Sjgffgu.exe
  C:\Windows\System\Sjgffgu.exe
  2⤵
  PID:13652
- C:\Windows\System\fXRTRqD.exe
  C:\Windows\System\fXRTRqD.exe
  2⤵
  PID:13680
- C:\Windows\System\oReAoeM.exe
  C:\Windows\System\oReAoeM.exe
  2⤵
  PID:13708
- C:\Windows\System\AZmgHbj.exe
  C:\Windows\System\AZmgHbj.exe
  2⤵
  PID:13736
- C:\Windows\System\dUdBWMN.exe
  C:\Windows\System\dUdBWMN.exe
  2⤵
  PID:13764
- C:\Windows\System\PzjodjH.exe
  C:\Windows\System\PzjodjH.exe
  2⤵
  PID:13792
- C:\Windows\System\FnGHFWy.exe
  C:\Windows\System\FnGHFWy.exe
  2⤵
  PID:13820
- C:\Windows\System\RFsRgUB.exe
  C:\Windows\System\RFsRgUB.exe
  2⤵
  PID:13848
- C:\Windows\System\ZiGuAGA.exe
  C:\Windows\System\ZiGuAGA.exe
  2⤵
  PID:13876
- C:\Windows\System\HOuBKIl.exe
  C:\Windows\System\HOuBKIl.exe
  2⤵
  PID:13904
- C:\Windows\System\mIiPxjO.exe
  C:\Windows\System\mIiPxjO.exe
  2⤵
  PID:13932
- C:\Windows\System\MYyWmIz.exe
  C:\Windows\System\MYyWmIz.exe
  2⤵
  PID:13960
- C:\Windows\System\hkwkcnb.exe
  C:\Windows\System\hkwkcnb.exe
  2⤵
  PID:13988
- C:\Windows\System\TdwrRFd.exe
  C:\Windows\System\TdwrRFd.exe
  2⤵
  PID:14016
- C:\Windows\System\zLTzkPC.exe
  C:\Windows\System\zLTzkPC.exe
  2⤵
  PID:14044
- C:\Windows\System\zKUeKhJ.exe
  C:\Windows\System\zKUeKhJ.exe
  2⤵
  PID:14072
- C:\Windows\System\yFqIkNe.exe
  C:\Windows\System\yFqIkNe.exe
  2⤵
  PID:14100
- C:\Windows\System\fxKsAlp.exe
  C:\Windows\System\fxKsAlp.exe
  2⤵
  PID:14128
- C:\Windows\System\yOpBDzw.exe
  C:\Windows\System\yOpBDzw.exe
  2⤵
  PID:14156
- C:\Windows\System\TZmBCYv.exe
  C:\Windows\System\TZmBCYv.exe
  2⤵
  PID:14184
- C:\Windows\System\qHUukHB.exe
  C:\Windows\System\qHUukHB.exe
  2⤵
  PID:14212
- C:\Windows\System\hMLeeye.exe
  C:\Windows\System\hMLeeye.exe
  2⤵
  PID:14244
- C:\Windows\System\nBmIYSo.exe
  C:\Windows\System\nBmIYSo.exe
  2⤵
  PID:14272
- C:\Windows\System\cZWHIqV.exe
  C:\Windows\System\cZWHIqV.exe
  2⤵
  PID:14300
- C:\Windows\System\iiYtWpO.exe
  C:\Windows\System\iiYtWpO.exe
  2⤵
  PID:14328
- C:\Windows\System\WKhbtEC.exe
  C:\Windows\System\WKhbtEC.exe
  2⤵
  PID:13336
- C:\Windows\System\tFXFhhi.exe
  C:\Windows\System\tFXFhhi.exe
  2⤵
  PID:6148
- C:\Windows\System\WlBbWXx.exe
  C:\Windows\System\WlBbWXx.exe
  2⤵
  PID:13416
- C:\Windows\System\JvUhdEv.exe
  C:\Windows\System\JvUhdEv.exe
  2⤵
  PID:13448
- C:\Windows\System\wzSPJnJ.exe
  C:\Windows\System\wzSPJnJ.exe
  2⤵
  PID:13500
- C:\Windows\System\vHvQIdS.exe
  C:\Windows\System\vHvQIdS.exe
  2⤵
  PID:7248
- C:\Windows\System\CArUroa.exe
  C:\Windows\System\CArUroa.exe
  2⤵
  PID:13580
- C:\Windows\System\XzHodJv.exe
  C:\Windows\System\XzHodJv.exe
  2⤵
  PID:7300
- C:\Windows\System\KtEtQfc.exe
  C:\Windows\System\KtEtQfc.exe
  2⤵
  PID:13672
- C:\Windows\System\uZMPheW.exe
  C:\Windows\System\uZMPheW.exe
  2⤵
  PID:13720
- C:\Windows\System\xiFBpvf.exe
  C:\Windows\System\xiFBpvf.exe
  2⤵
  PID:13748
- C:\Windows\System\zrRTdwE.exe
  C:\Windows\System\zrRTdwE.exe
  2⤵
  PID:13788
- C:\Windows\System\gJpjHau.exe
  C:\Windows\System\gJpjHau.exe
  2⤵
  PID:13832
- C:\Windows\System\aFwOjZy.exe
  C:\Windows\System\aFwOjZy.exe
  2⤵
  PID:7540
- C:\Windows\System\jYKIGNw.exe
  C:\Windows\System\jYKIGNw.exe
  2⤵
  PID:7584
- C:\Windows\System\grrFwhI.exe
  C:\Windows\System\grrFwhI.exe
  2⤵
  PID:13972
- C:\Windows\System\QyshLRk.exe
  C:\Windows\System\QyshLRk.exe
  2⤵
  PID:14036
- C:\Windows\System\nBXoZVX.exe
  C:\Windows\System\nBXoZVX.exe
  2⤵
  PID:7656
- C:\Windows\System\jqWKjnD.exe
  C:\Windows\System\jqWKjnD.exe
  2⤵
  PID:14124
- C:\Windows\System\bFMfkmU.exe
  C:\Windows\System\bFMfkmU.exe
  2⤵
  PID:14176
- C:\Windows\System\oNVKzAp.exe
  C:\Windows\System\oNVKzAp.exe
  2⤵
  PID:14224
- C:\Windows\System\bAuSjpm.exe
  C:\Windows\System\bAuSjpm.exe
  2⤵
  PID:14268
- C:\Windows\System\okCBFdR.exe
  C:\Windows\System\okCBFdR.exe
  2⤵
  PID:14312
- C:\Windows\System\RexuppA.exe
  C:\Windows\System\RexuppA.exe
  2⤵
  PID:13332
- C:\Windows\System\qBEqZxi.exe
  C:\Windows\System\qBEqZxi.exe
  2⤵
  PID:6860
- C:\Windows\System\dShbYBl.exe
  C:\Windows\System\dShbYBl.exe
  2⤵
  PID:13476
- C:\Windows\System\eeZhxmq.exe
  C:\Windows\System\eeZhxmq.exe
  2⤵
  PID:5004
- C:\Windows\System\SzsgDnN.exe
  C:\Windows\System\SzsgDnN.exe
  2⤵
  PID:7896
- C:\Windows\System\lupXfBY.exe
  C:\Windows\System\lupXfBY.exe
  2⤵
  PID:7924
- C:\Windows\System\BNNwkaa.exe
  C:\Windows\System\BNNwkaa.exe
  2⤵
  PID:13700
- C:\Windows\System\CBivzFs.exe
  C:\Windows\System\CBivzFs.exe
  2⤵
  PID:7420
- C:\Windows\System\cCXgOyg.exe
  C:\Windows\System\cCXgOyg.exe
  2⤵
  PID:13784
- C:\Windows\System\HTzjvFn.exe
  C:\Windows\System\HTzjvFn.exe
  2⤵
  PID:8104
- C:\Windows\System\mkNwUje.exe
  C:\Windows\System\mkNwUje.exe
  2⤵
  PID:13900
- C:\Windows\System\PCOoQQQ.exe
  C:\Windows\System\PCOoQQQ.exe
  2⤵
  PID:6716
- C:\Windows\System\bnXKxTB.exe
  C:\Windows\System\bnXKxTB.exe
  2⤵
  PID:14064
- C:\Windows\System\RuvFGLf.exe
  C:\Windows\System\RuvFGLf.exe
  2⤵
  PID:7340
- C:\Windows\System\rfmgLxX.exe
  C:\Windows\System\rfmgLxX.exe
  2⤵
  PID:4656
- C:\Windows\System\nLWgEsP.exe
  C:\Windows\System\nLWgEsP.exe
  2⤵
  PID:14208
- C:\Windows\System\HjxRHaF.exe
  C:\Windows\System\HjxRHaF.exe
  2⤵
  PID:7580
- C:\Windows\System\jqoaTiI.exe
  C:\Windows\System\jqoaTiI.exe
  2⤵
  PID:6884
- C:\Windows\System\OhumCWP.exe
  C:\Windows\System\OhumCWP.exe
  2⤵
  PID:3932
- C:\Windows\System\ntdkioI.exe
  C:\Windows\System\ntdkioI.exe
  2⤵
  PID:7220
- C:\Windows\System\mTYRrzs.exe
  C:\Windows\System\mTYRrzs.exe
  2⤵
  PID:13620
- C:\Windows\System\XkmlxLp.exe
  C:\Windows\System\XkmlxLp.exe
  2⤵
  PID:7964
- C:\Windows\System\jUVchLr.exe
  C:\Windows\System\jUVchLr.exe
  2⤵
  PID:7428
- C:\Windows\System\HOuKSAi.exe
  C:\Windows\System\HOuKSAi.exe
  2⤵
  PID:7172
- C:\Windows\System\eGqfXWP.exe
  C:\Windows\System\eGqfXWP.exe
  2⤵
  PID:7452
- C:\Windows\System\tHBDkcJ.exe
  C:\Windows\System\tHBDkcJ.exe
  2⤵
  PID:4808
- C:\Windows\System\SvbvJMr.exe
  C:\Windows\System\SvbvJMr.exe
  2⤵
  PID:7232
- C:\Windows\System\aqmpXFu.exe
  C:\Windows\System\aqmpXFu.exe
  2⤵
  PID:14140
- C:\Windows\System\QfKZqNC.exe
  C:\Windows\System\QfKZqNC.exe
  2⤵
  PID:8108
- C:\Windows\System\PqxLEcX.exe
  C:\Windows\System\PqxLEcX.exe
  2⤵
  PID:5660
- C:\Windows\System\EsCdbSp.exe
  C:\Windows\System\EsCdbSp.exe
  2⤵
  PID:13324
- C:\Windows\System\GRrcyYJ.exe
  C:\Windows\System\GRrcyYJ.exe
  2⤵
  PID:7184
- C:\Windows\System\eflOzWJ.exe
  C:\Windows\System\eflOzWJ.exe
  2⤵
  PID:7996
- C:\Windows\System\NebGtyP.exe
  C:\Windows\System\NebGtyP.exe
  2⤵
  PID:13728
- C:\Windows\System\HXKNGVm.exe
  C:\Windows\System\HXKNGVm.exe
  2⤵
  PID:7288
- C:\Windows\System\vugUkby.exe
  C:\Windows\System\vugUkby.exe
  2⤵
  PID:8220
- C:\Windows\System\vCiwvnN.exe
  C:\Windows\System\vCiwvnN.exe
  2⤵
  PID:8256
- C:\Windows\System\qkuwvIi.exe
  C:\Windows\System\qkuwvIi.exe
  2⤵
  PID:7404
- C:\Windows\System\LwxRdKg.exe
  C:\Windows\System\LwxRdKg.exe
  2⤵
  PID:8332
- C:\Windows\System\GdagxxI.exe
  C:\Windows\System\GdagxxI.exe
  2⤵
  PID:14292
- C:\Windows\System\VLdlyDt.exe
  C:\Windows\System\VLdlyDt.exe
  2⤵
  PID:7692
- C:\Windows\System\jkWTOdP.exe
  C:\Windows\System\jkWTOdP.exe
  2⤵
  PID:4296
- C:\Windows\System\gyNIOZL.exe
  C:\Windows\System\gyNIOZL.exe
  2⤵
  PID:13840
- C:\Windows\System\qnwKYsm.exe
  C:\Windows\System\qnwKYsm.exe
  2⤵
  PID:8540
- C:\Windows\System\GOrbcmh.exe
  C:\Windows\System\GOrbcmh.exe
  2⤵
  PID:8560
- C:\Windows\System\pLKzoiM.exe
  C:\Windows\System\pLKzoiM.exe
  2⤵
  PID:8336
- C:\Windows\System\zEnnMFE.exe
  C:\Windows\System\zEnnMFE.exe
  2⤵
  PID:8424
- C:\Windows\System\PvmeKtI.exe
  C:\Windows\System\PvmeKtI.exe
  2⤵
  PID:8672
- C:\Windows\System\MhVjDGM.exe
  C:\Windows\System\MhVjDGM.exe
  2⤵
  PID:1632
- C:\Windows\System\SSPgvUP.exe
  C:\Windows\System\SSPgvUP.exe
  2⤵
  PID:5676
- C:\Windows\System\bRbgCPl.exe
  C:\Windows\System\bRbgCPl.exe
  2⤵
  PID:7492
- C:\Windows\System\IcshUGO.exe
  C:\Windows\System\IcshUGO.exe
  2⤵
  PID:8416
- C:\Windows\System\WBCplsi.exe
  C:\Windows\System\WBCplsi.exe
  2⤵
  PID:8680
- C:\Windows\System\hrIJpWu.exe
  C:\Windows\System\hrIJpWu.exe
  2⤵
  PID:8932
- C:\Windows\System\lxilaOe.exe
  C:\Windows\System\lxilaOe.exe
  2⤵
  PID:8756
- C:\Windows\System\nVbjcBB.exe
  C:\Windows\System\nVbjcBB.exe
  2⤵
  PID:9012
- C:\Windows\System\LnnNzuX.exe
  C:\Windows\System\LnnNzuX.exe
  2⤵
  PID:9036
- C:\Windows\System\LOecUJc.exe
  C:\Windows\System\LOecUJc.exe
  2⤵
  PID:8952
- C:\Windows\System\jiJINVr.exe
  C:\Windows\System\jiJINVr.exe
  2⤵
  PID:9128
- C:\Windows\System\WsQnTpJ.exe
  C:\Windows\System\WsQnTpJ.exe
  2⤵
  PID:5684
- C:\Windows\System\RGegyeM.exe
  C:\Windows\System\RGegyeM.exe
  2⤵
  PID:9044
- C:\Windows\System\bamthcL.exe
  C:\Windows\System\bamthcL.exe
  2⤵
  PID:8236
- C:\Windows\System\rONQOLa.exe
  C:\Windows\System\rONQOLa.exe
  2⤵
  PID:9148
- C:\Windows\System\wZOXJQn.exe
  C:\Windows\System\wZOXJQn.exe
  2⤵
  PID:8392
- C:\Windows\System\KSlpxhJ.exe
  C:\Windows\System\KSlpxhJ.exe
  2⤵
  PID:8292
- C:\Windows\System\rvtcLBi.exe
  C:\Windows\System\rvtcLBi.exe
  2⤵
  PID:14364
- C:\Windows\System\sDxLasf.exe
  C:\Windows\System\sDxLasf.exe
  2⤵
  PID:14392
- C:\Windows\System\VZfIgzO.exe
  C:\Windows\System\VZfIgzO.exe
  2⤵
  PID:14420
- C:\Windows\System\siUsJsY.exe
  C:\Windows\System\siUsJsY.exe
  2⤵
  PID:14448
- C:\Windows\System\wtdipSh.exe
  C:\Windows\System\wtdipSh.exe
  2⤵
  PID:14476
- C:\Windows\System\LLuXXuC.exe
  C:\Windows\System\LLuXXuC.exe
  2⤵
  PID:14504
- C:\Windows\System\XtBGvJG.exe
  C:\Windows\System\XtBGvJG.exe
  2⤵
  PID:14532
- C:\Windows\System\mcrTGVz.exe
  C:\Windows\System\mcrTGVz.exe
  2⤵
  PID:14560
- C:\Windows\System\yAnAqmX.exe
  C:\Windows\System\yAnAqmX.exe
  2⤵
  PID:14588
- C:\Windows\System\CXATqOl.exe
  C:\Windows\System\CXATqOl.exe
  2⤵
  PID:14616
- C:\Windows\System\RjrVgNk.exe
  C:\Windows\System\RjrVgNk.exe
  2⤵
  PID:14644
- C:\Windows\System\AjawIAg.exe
  C:\Windows\System\AjawIAg.exe
  2⤵
  PID:14672
- C:\Windows\System\cOWUTzO.exe
  C:\Windows\System\cOWUTzO.exe
  2⤵
  PID:14700
- C:\Windows\System\CBubrmu.exe
  C:\Windows\System\CBubrmu.exe
  2⤵
  PID:14728
- C:\Windows\System\AsCgFUf.exe
  C:\Windows\System\AsCgFUf.exe
  2⤵
  PID:14756
- C:\Windows\System\NrUySWc.exe
  C:\Windows\System\NrUySWc.exe
  2⤵
  PID:14784
- C:\Windows\System\PsqFWas.exe
  C:\Windows\System\PsqFWas.exe
  2⤵
  PID:14812
- C:\Windows\System\RywqzpC.exe
  C:\Windows\System\RywqzpC.exe
  2⤵
  PID:14840
- C:\Windows\System\BoJMuCo.exe
  C:\Windows\System\BoJMuCo.exe
  2⤵
  PID:14868
- C:\Windows\System\rxMQhDN.exe
  C:\Windows\System\rxMQhDN.exe
  2⤵
  PID:14896
- C:\Windows\System\hIrMxKa.exe
  C:\Windows\System\hIrMxKa.exe
  2⤵
  PID:14924
- C:\Windows\System\sbVlrgv.exe
  C:\Windows\System\sbVlrgv.exe
  2⤵
  PID:14952
- C:\Windows\System\yzlYXiA.exe
  C:\Windows\System\yzlYXiA.exe
  2⤵
  PID:14980
- C:\Windows\System\kGVvVhT.exe
  C:\Windows\System\kGVvVhT.exe
  2⤵
  PID:15012
- C:\Windows\System\xjBhLEY.exe
  C:\Windows\System\xjBhLEY.exe
  2⤵
  PID:15040
- C:\Windows\System\beDzvsl.exe
  C:\Windows\System\beDzvsl.exe
  2⤵
  PID:15068
- C:\Windows\System\MwpkCjL.exe
  C:\Windows\System\MwpkCjL.exe
  2⤵
  PID:15096
- C:\Windows\System\VlEiIAS.exe
  C:\Windows\System\VlEiIAS.exe
  2⤵
  PID:15124
- C:\Windows\System\YXZBbOh.exe
  C:\Windows\System\YXZBbOh.exe
  2⤵
  PID:15152
- C:\Windows\System\BZQuRaj.exe
  C:\Windows\System\BZQuRaj.exe
  2⤵
  PID:15232
- C:\Windows\System\fwGpcJl.exe
  C:\Windows\System\fwGpcJl.exe
  2⤵
  PID:15276
- C:\Windows\System\mUclZrL.exe
  C:\Windows\System\mUclZrL.exe
  2⤵
  PID:15300
- C:\Windows\System\xynBRhh.exe
  C:\Windows\System\xynBRhh.exe
  2⤵
  PID:15328
- C:\Windows\System\xHibcgR.exe
  C:\Windows\System\xHibcgR.exe
  2⤵
  PID:15356
- C:\Windows\System\DUOYEqp.exe
  C:\Windows\System\DUOYEqp.exe
  2⤵
  PID:14360
- C:\Windows\System\eRJaKnn.exe
  C:\Windows\System\eRJaKnn.exe
  2⤵
  PID:14404
- C:\Windows\System\FehKvIY.exe
  C:\Windows\System\FehKvIY.exe
  2⤵
  PID:8768
- C:\Windows\System\yADppyu.exe
  C:\Windows\System\yADppyu.exe
  2⤵
  PID:14468
- C:\Windows\System\oeoCCIO.exe
  C:\Windows\System\oeoCCIO.exe
  2⤵
  PID:8968
- C:\Windows\System\bvqxSNq.exe
  C:\Windows\System\bvqxSNq.exe
  2⤵
  PID:14556
- C:\Windows\System\IjvkLAt.exe
  C:\Windows\System\IjvkLAt.exe
  2⤵
  PID:9184
- C:\Windows\System\QzqkkhP.exe
  C:\Windows\System\QzqkkhP.exe
  2⤵
  PID:14636
- C:\Windows\System\ckUAlnj.exe
  C:\Windows\System\ckUAlnj.exe
  2⤵
  PID:14668
- C:\Windows\System\pRkMBmp.exe
  C:\Windows\System\pRkMBmp.exe
  2⤵
  PID:14720
- C:\Windows\System\tnBJRcO.exe
  C:\Windows\System\tnBJRcO.exe
  2⤵
  PID:14768
- C:\Windows\System\NdZEsQF.exe
  C:\Windows\System\NdZEsQF.exe
  2⤵
  PID:14808
- C:\Windows\System\CJgFJLS.exe
  C:\Windows\System\CJgFJLS.exe
  2⤵
  PID:14864
- C:\Windows\System\bANyUol.exe
  C:\Windows\System\bANyUol.exe
  2⤵
  PID:14916
- C:\Windows\System\aCsZylw.exe
  C:\Windows\System\aCsZylw.exe
  2⤵
  PID:14964
- C:\Windows\System\qbkjRih.exe
  C:\Windows\System\qbkjRih.exe
  2⤵
  PID:6656
- C:\Windows\System\fnvqXTv.exe
  C:\Windows\System\fnvqXTv.exe
  2⤵
  PID:15036
- C:\Windows\System\nQGjmtv.exe
  C:\Windows\System\nQGjmtv.exe
  2⤵
  PID:15112
- C:\Windows\System\dSFuCmf.exe
  C:\Windows\System\dSFuCmf.exe
  2⤵
  PID:9160
- C:\Windows\System\DPJVsNp.exe
  C:\Windows\System\DPJVsNp.exe
  2⤵
  PID:15200
- C:\Windows\System\srExgiR.exe
  C:\Windows\System\srExgiR.exe
  2⤵
  PID:8208
- C:\Windows\System\ktutsxI.exe
  C:\Windows\System\ktutsxI.exe
  2⤵
  PID:15240
- C:\Windows\System\KZnMcSe.exe
  C:\Windows\System\KZnMcSe.exe
  2⤵
  PID:15296
- C:\Windows\System\bsZEnXz.exe
  C:\Windows\System\bsZEnXz.exe
  2⤵
  PID:15348
- C:\Windows\System\FdaqnxE.exe
  C:\Windows\System\FdaqnxE.exe
  2⤵
  PID:14388
- C:\Windows\System\FhAmMGq.exe
  C:\Windows\System\FhAmMGq.exe
  2⤵
  PID:8848
- C:\Windows\System\BALnZAx.exe
  C:\Windows\System\BALnZAx.exe
  2⤵
  PID:9512
- C:\Windows\System\edVcEfM.exe
  C:\Windows\System\edVcEfM.exe
  2⤵
  PID:1564
- C:\Windows\System\dLKxbDP.exe
  C:\Windows\System\dLKxbDP.exe
  2⤵
  PID:14696
- C:\Windows\System\vvDOxdT.exe
  C:\Windows\System\vvDOxdT.exe
  2⤵
  PID:9644
- C:\Windows\System\iZFyBUu.exe
  C:\Windows\System\iZFyBUu.exe
  2⤵
  PID:9680
- C:\Windows\System\otHfGTo.exe
  C:\Windows\System\otHfGTo.exe
  2⤵
  PID:8400
- C:\Windows\System\SQNmBQU.exe
  C:\Windows\System\SQNmBQU.exe
  2⤵
  PID:8936
- C:\Windows\System\JRJRdHG.exe
  C:\Windows\System\JRJRdHG.exe
  2⤵
  PID:15116
- C:\Windows\System\nwzHeyL.exe
  C:\Windows\System\nwzHeyL.exe
  2⤵
  PID:2100
- C:\Windows\System\sHolRCU.exe
  C:\Windows\System\sHolRCU.exe
  2⤵
  PID:9764
- C:\Windows\System\zbMvwcj.exe
  C:\Windows\System\zbMvwcj.exe
  2⤵
  PID:15212
- C:\Windows\System\RLTYPei.exe
  C:\Windows\System\RLTYPei.exe
  2⤵
  PID:9240
- C:\Windows\System\bLzwLqt.exe
  C:\Windows\System\bLzwLqt.exe
  2⤵
  PID:9332
- C:\Windows\System\rVHzEHh.exe
  C:\Windows\System\rVHzEHh.exe
  2⤵
  PID:9932
- C:\Windows\System\micbDqy.exe
  C:\Windows\System\micbDqy.exe
  2⤵
  PID:9960
- C:\Windows\System\KvmrIHV.exe
  C:\Windows\System\KvmrIHV.exe
  2⤵
  PID:8856
- C:\Windows\System\oVYQIiK.exe
  C:\Windows\System\oVYQIiK.exe
  2⤵
  PID:10032
- C:\Windows\System\YwnkyrD.exe
  C:\Windows\System\YwnkyrD.exe
  2⤵
  PID:14600
- C:\Windows\System\iYidlQR.exe
  C:\Windows\System\iYidlQR.exe
  2⤵
  PID:10132
- C:\Windows\System\YqeIFVj.exe
  C:\Windows\System\YqeIFVj.exe
  2⤵
  PID:14748
- C:\Windows\System\RxLaMYk.exe
  C:\Windows\System\RxLaMYk.exe
  2⤵
  PID:9616
- C:\Windows\System\URkkUCv.exe
  C:\Windows\System\URkkUCv.exe
  2⤵
  PID:7136
- C:\Windows\System\OAroFYk.exe
  C:\Windows\System\OAroFYk.exe
  2⤵
  PID:9284
- C:\Windows\System\hMUCpkG.exe
  C:\Windows\System\hMUCpkG.exe
  2⤵
  PID:15220
- C:\Windows\System\QaIxKmr.exe
  C:\Windows\System\QaIxKmr.exe
  2⤵
  PID:9744
- C:\Windows\System\ZFrmcQE.exe
  C:\Windows\System\ZFrmcQE.exe
  2⤵
  PID:14460
- C:\Windows\System\OFNaazS.exe
  C:\Windows\System\OFNaazS.exe
  2⤵
  PID:14552
- C:\Windows\System\mbiqFVH.exe
  C:\Windows\System\mbiqFVH.exe
  2⤵
  PID:8852
- C:\Windows\System\UCmcaUP.exe
  C:\Windows\System\UCmcaUP.exe
  2⤵
  PID:15092
- C:\Windows\System\rUSnqzW.exe
  C:\Windows\System\rUSnqzW.exe
  2⤵
  PID:15148
- C:\Windows\System\JQsXyqF.exe
  C:\Windows\System\JQsXyqF.exe
  2⤵
  PID:10188
- C:\Windows\System\OzxAFSm.exe
  C:\Windows\System\OzxAFSm.exe
  2⤵
  PID:9792
- C:\Windows\System\fwGIGep.exe
  C:\Windows\System\fwGIGep.exe
  2⤵
  PID:9620
- C:\Windows\System\qICnLPP.exe
  C:\Windows\System\qICnLPP.exe
  2⤵
  PID:9296
- C:\Windows\System\AIVhXba.exe
  C:\Windows\System\AIVhXba.exe
  2⤵
  PID:4816
- C:\Windows\System\mbktgJL.exe
  C:\Windows\System\mbktgJL.exe
  2⤵
  PID:9800
- C:\Windows\System\QUgJOOO.exe
  C:\Windows\System\QUgJOOO.exe
  2⤵
  PID:9360
- C:\Windows\System\ReVsFyM.exe
  C:\Windows\System\ReVsFyM.exe
  2⤵
  PID:8660
- C:\Windows\System\ZUNcXak.exe
  C:\Windows\System\ZUNcXak.exe
  2⤵
  PID:10072
- C:\Windows\System\jFpPxqS.exe
  C:\Windows\System\jFpPxqS.exe
  2⤵
  PID:14804
- C:\Windows\System\OTGLine.exe
  C:\Windows\System\OTGLine.exe
  2⤵
  PID:9996
- C:\Windows\System\LYqXnhh.exe
  C:\Windows\System\LYqXnhh.exe
  2⤵
  PID:10296
- C:\Windows\System\HKuYWsm.exe
  C:\Windows\System\HKuYWsm.exe
  2⤵
  PID:10376
- C:\Windows\System\uhdPkgK.exe
  C:\Windows\System\uhdPkgK.exe
  2⤵
  PID:10236
- C:\Windows\System\cgROAzy.exe
  C:\Windows\System\cgROAzy.exe
  2⤵
  PID:4928
- C:\Windows\System\SefObKe.exe
  C:\Windows\System\SefObKe.exe
  2⤵
  PID:4952
- C:\Windows\System\COAYedl.exe
  C:\Windows\System\COAYedl.exe
  2⤵
  PID:10568
- C:\Windows\System\NBzmYDj.exe
  C:\Windows\System\NBzmYDj.exe
  2⤵
  PID:9572
- C:\Windows\System\SWfOozA.exe
  C:\Windows\System\SWfOozA.exe
  2⤵
  PID:9684
- C:\Windows\System\jNAzrGP.exe
  C:\Windows\System\jNAzrGP.exe
  2⤵
  PID:10680
- C:\Windows\System\ecXVEjD.exe
  C:\Windows\System\ecXVEjD.exe
  2⤵
  PID:10744
- C:\Windows\System\NDsjFVb.exe
  C:\Windows\System\NDsjFVb.exe
  2⤵
  PID:9904
- C:\Windows\System\QLEDdbE.exe
  C:\Windows\System\QLEDdbE.exe
  2⤵
  PID:10832
- C:\Windows\System\wNASQPz.exe
  C:\Windows\System\wNASQPz.exe
  2⤵
  PID:10108
- C:\Windows\System\sJYztdq.exe
  C:\Windows\System\sJYztdq.exe
  2⤵
  PID:10908
- C:\Windows\System\YWZoLQn.exe
  C:\Windows\System\YWZoLQn.exe
  2⤵
  PID:10324
- C:\Windows\System\eVaFGvR.exe
  C:\Windows\System\eVaFGvR.exe
  2⤵
  PID:10428
- C:\Windows\System\vckUtTL.exe
  C:\Windows\System\vckUtTL.exe
  2⤵
  PID:9400
- C:\Windows\System\SYPpHHr.exe
  C:\Windows\System\SYPpHHr.exe
  2⤵
  PID:11076
- C:\Windows\System\epZjmyn.exe
  C:\Windows\System\epZjmyn.exe
  2⤵
  PID:11132
- C:\Windows\System\dUIntKc.exe
  C:\Windows\System\dUIntKc.exe
  2⤵
  PID:11168
- C:\Windows\System\zIbVkVP.exe
  C:\Windows\System\zIbVkVP.exe
  2⤵
  PID:11224
- C:\Windows\System\yVwgrCN.exe
  C:\Windows\System\yVwgrCN.exe
  2⤵
  PID:10796
- C:\Windows\System\QDvZSoE.exe
  C:\Windows\System\QDvZSoE.exe
  2⤵
  PID:3620
- C:\Windows\System\iUTyDFj.exe
  C:\Windows\System\iUTyDFj.exe
  2⤵
  PID:10380
- C:\Windows\System\lKSISfi.exe
  C:\Windows\System\lKSISfi.exe
  2⤵
  PID:10348
- C:\Windows\System\JMorUOi.exe
  C:\Windows\System\JMorUOi.exe
  2⤵
  PID:10584
- C:\Windows\System\iaGnHhw.exe
  C:\Windows\System\iaGnHhw.exe
  2⤵
  PID:10540
- C:\Windows\System\JfVjory.exe
  C:\Windows\System\JfVjory.exe
  2⤵
  PID:9576
- C:\Windows\System\eToLYOu.exe
  C:\Windows\System\eToLYOu.exe
  2⤵
  PID:9816
- C:\Windows\System\AsnVzfR.exe
  C:\Windows\System\AsnVzfR.exe
  2⤵
  PID:10864
- C:\Windows\System\cSyTVXE.exe
  C:\Windows\System\cSyTVXE.exe
  2⤵
  PID:10304
- C:\Windows\System\OAmtMuJ.exe
  C:\Windows\System\OAmtMuJ.exe
  2⤵
  PID:11060
- C:\Windows\System\kjLaCKW.exe
  C:\Windows\System\kjLaCKW.exe
  2⤵
  PID:10628
- C:\Windows\System\OtBfOKT.exe
  C:\Windows\System\OtBfOKT.exe
  2⤵
  PID:10048
- C:\Windows\System\yTNHyPw.exe
  C:\Windows\System\yTNHyPw.exe
  2⤵
  PID:10852
- C:\Windows\System\gTSQgUo.exe
  C:\Windows\System\gTSQgUo.exe
  2⤵
  PID:11028
- C:\Windows\System\qoONNBX.exe
  C:\Windows\System\qoONNBX.exe
  2⤵
  PID:10888
- C:\Windows\System\zLlLUPd.exe
  C:\Windows\System\zLlLUPd.exe
  2⤵
  PID:11256
- C:\Windows\System\QsYPmfa.exe
  C:\Windows\System\QsYPmfa.exe
  2⤵
  PID:2352
- C:\Windows\System\JLjejJq.exe
  C:\Windows\System\JLjejJq.exe
  2⤵
  PID:15388
- C:\Windows\System\xikDorU.exe
  C:\Windows\System\xikDorU.exe
  2⤵
  PID:15416
- C:\Windows\System\wORNCeY.exe
  C:\Windows\System\wORNCeY.exe
  2⤵
  PID:15444
- C:\Windows\System\stTbafU.exe
  C:\Windows\System\stTbafU.exe
  2⤵
  PID:15476
- C:\Windows\System\cqtCBie.exe
  C:\Windows\System\cqtCBie.exe
  2⤵
  PID:15504
- C:\Windows\System\inrTxRd.exe
  C:\Windows\System\inrTxRd.exe
  2⤵
  PID:15532
- C:\Windows\System\aRDHLpf.exe
  C:\Windows\System\aRDHLpf.exe
  2⤵
  PID:15560
- C:\Windows\System\qgltUEd.exe
  C:\Windows\System\qgltUEd.exe
  2⤵
  PID:15588
- C:\Windows\System\LHzHehO.exe
  C:\Windows\System\LHzHehO.exe
  2⤵
  PID:15616
- C:\Windows\System\dCMWVxY.exe
  C:\Windows\System\dCMWVxY.exe
  2⤵
  PID:15644
- C:\Windows\System\tUsOqZq.exe
  C:\Windows\System\tUsOqZq.exe
  2⤵
  PID:15672
- C:\Windows\System\jGZUcZF.exe
  C:\Windows\System\jGZUcZF.exe
  2⤵
  PID:15700
- C:\Windows\System\FBVAAtb.exe
  C:\Windows\System\FBVAAtb.exe
  2⤵
  PID:15728
- C:\Windows\System\yUCNell.exe
  C:\Windows\System\yUCNell.exe
  2⤵
  PID:15756
- C:\Windows\System\AsWPXcM.exe
  C:\Windows\System\AsWPXcM.exe
  2⤵
  PID:15784
- C:\Windows\System\QgVJzUW.exe
  C:\Windows\System\QgVJzUW.exe
  2⤵
  PID:15812
- C:\Windows\System\naLWeCS.exe
  C:\Windows\System\naLWeCS.exe
  2⤵
  PID:15840
- C:\Windows\System\bPTgJCx.exe
  C:\Windows\System\bPTgJCx.exe
  2⤵
  PID:15868
- C:\Windows\System\YfVkCTS.exe
  C:\Windows\System\YfVkCTS.exe
  2⤵
  PID:15896
- C:\Windows\System\mnzzpwO.exe
  C:\Windows\System\mnzzpwO.exe
  2⤵
  PID:15924
- C:\Windows\System\pLHIzRt.exe
  C:\Windows\System\pLHIzRt.exe
  2⤵
  PID:15952
- C:\Windows\System\pnrEmPO.exe
  C:\Windows\System\pnrEmPO.exe
  2⤵
  PID:15980
- C:\Windows\System\PAzQZJo.exe
  C:\Windows\System\PAzQZJo.exe
  2⤵
  PID:16008
- C:\Windows\System\iACBVhE.exe
  C:\Windows\System\iACBVhE.exe
  2⤵
  PID:16036
- C:\Windows\System\rcGrdbG.exe
  C:\Windows\System\rcGrdbG.exe
  2⤵
  PID:16068
- C:\Windows\System\MACgAnL.exe
  C:\Windows\System\MACgAnL.exe
  2⤵
  PID:16112
- C:\Windows\System\gxOViqf.exe
  C:\Windows\System\gxOViqf.exe
  2⤵
  PID:16132
- C:\Windows\System\rKDoyTS.exe
  C:\Windows\System\rKDoyTS.exe
  2⤵
  PID:16160
- C:\Windows\System\HgVQzoF.exe
  C:\Windows\System\HgVQzoF.exe
  2⤵
  PID:16188
- C:\Windows\System\SgpTGqz.exe
  C:\Windows\System\SgpTGqz.exe
  2⤵
  PID:16224
- C:\Windows\System\hsEKwtw.exe
  C:\Windows\System\hsEKwtw.exe
  2⤵
  PID:16252
- C:\Windows\System\wmLIXOu.exe
  C:\Windows\System\wmLIXOu.exe
  2⤵
  PID:16292
- C:\Windows\System\vDgDgCQ.exe
  C:\Windows\System\vDgDgCQ.exe
  2⤵
  PID:16312
- C:\Windows\System\IEEpgsK.exe
  C:\Windows\System\IEEpgsK.exe
  2⤵
  PID:16340
- C:\Windows\System\wMHLExO.exe
  C:\Windows\System\wMHLExO.exe
  2⤵
  PID:16368
- C:\Windows\System\VzcTclA.exe
  C:\Windows\System\VzcTclA.exe
  2⤵
  PID:10352
- C:\Windows\System\BFZVsdI.exe
  C:\Windows\System\BFZVsdI.exe
  2⤵
  PID:15412
- C:\Windows\System\esuCUzE.exe
  C:\Windows\System\esuCUzE.exe
  2⤵
  PID:10800
- C:\Windows\System\eUHbZIu.exe
  C:\Windows\System\eUHbZIu.exe
  2⤵
  PID:15496
- C:\Windows\System\MFRquqb.exe
  C:\Windows\System\MFRquqb.exe
  2⤵
  PID:15524
- C:\Windows\System\RxmqPMo.exe
  C:\Windows\System\RxmqPMo.exe
  2⤵
  PID:10272
- C:\Windows\System\VwUKyZA.exe
  C:\Windows\System\VwUKyZA.exe
  2⤵
  PID:15608
- C:\Windows\System\lTDvTWf.exe
  C:\Windows\System\lTDvTWf.exe
  2⤵
  PID:11192
- C:\Windows\System\GRAUOEf.exe
  C:\Windows\System\GRAUOEf.exe
  2⤵
  PID:15684
- C:\Windows\System\tDuWjwM.exe
  C:\Windows\System\tDuWjwM.exe
  2⤵
  PID:15724
- C:\Windows\System\ptroJNP.exe
  C:\Windows\System\ptroJNP.exe
  2⤵
  PID:10944
- C:\Windows\System\zdIKGMv.exe
  C:\Windows\System\zdIKGMv.exe
  2⤵
  PID:15804
- C:\Windows\System\aaEjuyO.exe
  C:\Windows\System\aaEjuyO.exe
  2⤵
  PID:11344
- C:\Windows\System\AWnNFJD.exe
  C:\Windows\System\AWnNFJD.exe
  2⤵
  PID:11368
- C:\Windows\System\QimEDsM.exe
  C:\Windows\System\QimEDsM.exe
  2⤵
  PID:11424
- C:\Windows\System\rHvQbDW.exe
  C:\Windows\System\rHvQbDW.exe
  2⤵
  PID:15944
- C:\Windows\System\LgfDSYj.exe
  C:\Windows\System\LgfDSYj.exe
  2⤵
  PID:15976
- C:\Windows\System\rYZDnNE.exe
  C:\Windows\System\rYZDnNE.exe
  2⤵
  PID:16020
- C:\Windows\System\QPgUreY.exe
  C:\Windows\System\QPgUreY.exe
  2⤵
  PID:11560
- C:\Windows\System\KgpIusz.exe
  C:\Windows\System\KgpIusz.exe
  2⤵
  PID:11624
- C:\Windows\System\WGmPwbC.exe
  C:\Windows\System\WGmPwbC.exe
  2⤵
  PID:820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AWeRgpm.exe

Filesize
6.0MB

MD5
1299bdb65f532e8cea22582acad5c460

SHA1
8930b8e6cb42b1846d5c7d74ed268b79287d56be

SHA256
e366b9d879550ecaed0b82168a7c6d1c6f150675e707d4d262e0d165220ce2fd

SHA512
aae2156827800a4c5f019c20268a9816e7c5879ac25bb31dec124c1db3f1f0c9742b8993f24206bb0d20a85548d63b862be327db123dcf3c6750ea6073b00434

Download Submit
C:\Windows\System\CWAcEYh.exe

Filesize
6.0MB

MD5
a8c945c441d4319678abd0f2eed1f9c4

SHA1
4aef90372fac947b2f71e426d1472df346c061b6

SHA256
e5e3cea05bd8375a2705ed26f768d63d6901ac9aa7b28043eacb3952a8dd1a8f

SHA512
690e357fad6113fb509a87802fa8a052aa92a2a9a0294d5181f5e81089a40bec2f74693aea80600d9b2f52b5b3920158c4d29f4561d3bb7657faca9e5794b1b3

Download Submit
C:\Windows\System\CzRLBCS.exe

Filesize
6.0MB

MD5
51b433bb1ebcb2debc9abf3e8aa777a0

SHA1
25ef8df41d854830fbd9ada62ff8107ccf0a8048

SHA256
3967d6d11f1bcda6915067696a4c16ffac686e9202078340a53619d8cfafdb79

SHA512
4451c17f5944394c3a05a73acf946625f9a32ad59231dbd7e62e2291868ee7c9080a9a0197950953c45144779c3a99af6645bcafa4adade285683f8f4291abd3

Download Submit
C:\Windows\System\EBcZFWK.exe

Filesize
6.0MB

MD5
44df3d6a694071d32cdd4be0226df5f5

SHA1
1c8f1f84978014844d8ab049c7e04901385e190b

SHA256
13f883541127961c11d73cbec8f1037ab0dfeda68a8013d629d71ae793308821

SHA512
b097e7bfff829dc8ac4ff8d1b090cdb787490e954a373501ef810d63bcbb25dfd8b8a113ada22e510cb5f8a104dcb79a7e126b62c0d6cd2ef978fe0ccc0bdf2a

Download Submit
C:\Windows\System\HavSprT.exe

Filesize
6.0MB

MD5
64765eb038dd54dc5b9bed758380c356

SHA1
bbed4951b62ca79a0f9bb2f86052daf960e512d6

SHA256
d39b9b5297b5b8075ec84654d3e82386774cc1a9748153298dd5c873c1eff388

SHA512
ae052a6e64efc081dfc23f13db2fe66a34d36f08244b1f4e193420ff762ce0793dd022fbe8a4674b127902103116d014875f2ece01ff901abb59132e86ff6bef

Download Submit
C:\Windows\System\IKqPlWF.exe

Filesize
6.0MB

MD5
4b47d5d7310cea85dd40edc8aeed3714

SHA1
20832836d8c059d1a22a12d453228d4de2c1ab5b

SHA256
4713c92c7501594220f77db9b3ce5c99b2df0657fac8caf5b37cef9b8b7d221f

SHA512
613e4be2817ae5e60316cf300763abfa3f8e4a3895004142fdaef62ef08aa09bbdae8d60af8029d8422f8b38fc104db8a13d3fd9ad8184fc2eccb703b5a57895

Download Submit
C:\Windows\System\IUsRdBd.exe

Filesize
6.0MB

MD5
62d56f7b166677a34e089f94674578a1

SHA1
1ca1397da4692e5806e7ef29039e59a631fe3006

SHA256
b17994afd272ba302e67ac2fda53043abc29670972d11fdcaa5af3788fc7c797

SHA512
d5538613f0be90933c004fbfc3515887caca50460ccbbce3187f99c8a2a7404da17924c6f88e72d65ef174efd3c60aa3b8aecfa26eccec42b1e219675ec2c070

Download Submit
C:\Windows\System\JXJkiEz.exe

Filesize
6.0MB

MD5
4b57233405aabfc0a8455128172ebf9e

SHA1
d3ec0ddd3ce61962de2a0b11531e3683dd1599fa

SHA256
b05b1ab00ad8013a7ec6308ec909358b28debcaad665c80f9d3996cd42ec0344

SHA512
db69f04ee99059132b737350b7bc662209b2964a4798d911cdf342757ed1783e0087dec1da5d38d1d5be5f039724d58cf9a9b009d840aa14c9d818ba882d71a1

Download Submit
C:\Windows\System\JXVXBdA.exe

Filesize
6.0MB

MD5
c5164248c094922b2a3a66595d25ce46

SHA1
223c06c9a0f29843cdbe396e820399e8820224c2

SHA256
26f57215aecacf701dbfd76f73c478d18169799aa1dfd6306ffc40935a2896fe

SHA512
b2b925475b88e16b2441edd8ea66d8936d78b73998464efe5567c1b59e17f9366ae7fd63c60ddac03d33f6f640888719d75b5a4dcbba6e71f194bb390bf80f56

Download Submit
C:\Windows\System\KgXaBdi.exe

Filesize
6.0MB

MD5
5e1466118d1ae4c9a0642884ba9e1148

SHA1
c21494b01f7af2976c691b662244257ffbcdc7e8

SHA256
f87d234de63093f55d020e8e4787df4e73d6fa9f0f579408b167cdb16712c05e

SHA512
73e5b53428e423c2cf5df9b392385eab032e64df951afcb97cfc843d7e3cf39ea1a7c11e65c4ea6e62f2a81eeff52edb498c44070662a102bedb61701f8a7db3

Download Submit
C:\Windows\System\LnIdECV.exe

Filesize
6.0MB

MD5
e287c16953cacb777f0019dd73a88af1

SHA1
efe189e0e33c132d48256aaa560015afb68318e8

SHA256
236abbdf441af23109f2395f1c4e4e8c4d99c871ab08d8e8327d4da9445fd2ae

SHA512
7a315112d7c89eb355bc52fad90b9e49d6790273c22f629f73577ef5b8177bf55a48b00989d318cf023cbf900fd897deee79eed883194b31401cf9a22cb82ae7

Download Submit
C:\Windows\System\MxCTOcy.exe

Filesize
6.0MB

MD5
65a9eb77ad3bc9b37fe8ffb0e6cbbffc

SHA1
8c3f01ce2444fe8ae86b9c9843799ce0b074b90f

SHA256
8f369831e952fda4700176e86287edd28c24a6f2d7425d00f2f54982f3523ecb

SHA512
cbf3998973cd947fa4702268cfb32ba4b24f3585a0549caeb29014d32e8e2cccfc168cd37bcf9d6499095ad644737401e085cb6bc5df53d708089b9e33ef0668

Download Submit
C:\Windows\System\OMMWxPt.exe

Filesize
6.0MB

MD5
a2c6895754f03adb7988d1b7660a9cb2

SHA1
44d4f3f7291cf73d28779e0e0e429db2356e6228

SHA256
430d206e021909bf32dfabcf2eb8bb7f99ac2f81c97ea3b89eff997318119209

SHA512
82dea9fd42ff276a910a1a115a335db3940cf5eaeb57faf069ccaf241fe08de979d29cf1182ab02df5a9f48d4596768811eba298be8648651088018565bdb74d

Download Submit
C:\Windows\System\PCkOrYy.exe

Filesize
6.0MB

MD5
369405218cb6add4d6042b0cd84c6ba6

SHA1
222952d35ff389e5373591c7392103c8a1e6422c

SHA256
62c8f0758de20d4e1eca3c4ecb4d6359d0af290cf1cd6ae9aa3c3f71a6ae729f

SHA512
e82bb4f4c11f5217e1f19d266985f7dcd332b58e6b4db99e0a0c9b32e7d9982b41af655f8ead81eda5970ccd01242b8dddb221e3112210324345cd15ddc73d4f

Download Submit
C:\Windows\System\QOeYddU.exe

Filesize
6.0MB

MD5
fdd0601489569ea0ae7fda09c8b46b52

SHA1
6f181adf094c1ffda02e7880fc07f1c72d742d64

SHA256
88a5dbf040daaa976f78a18833b54dfe580745c3fbedd7490b19659c2847c6e0

SHA512
047cad953924565139d2120f58c527966be984aaf7fe1d9569e555a8cd8465dc11f78412f1e6d867c610665b2f0387721ae96a617dc41cfdbb154ec18fa90555

Download Submit
C:\Windows\System\QfCBmUM.exe

Filesize
6.0MB

MD5
a72614750593d73fa435a43f18151158

SHA1
8a8f6a6a26bb5e2cdcfa1d08292b43f8c8e9826a

SHA256
6455e3d3d6d2487503c619c20039b1dce01792c0fa5a085d6f7862b5017074db

SHA512
65ba53c303dc5dd12f442bcf1c8520571d4142a17a14678a1367d56520198ab81b0168244a50ee93adc18684690608427c82d9b439a9f0687619714c7254460a

Download Submit
C:\Windows\System\QydDwdp.exe

Filesize
6.0MB

MD5
738581af49c8b7d878db53c548a4d3a3

SHA1
3d196373c663a0bb94dcf803653c508c3a693674

SHA256
2bd19d83bd6e8a4d76f3f81518815d47c3a873f47d657e6d2058cd5320c561ba

SHA512
cc0a02f71fe25c6b439e17649c12dc825837b1b8c4156a6e87827021665315ae5761fc9b25eac5b3ae0a3e1857c8aba91e9f9d30af2dd4e8dccf772d5cdf693c

Download Submit
C:\Windows\System\RsBODqW.exe

Filesize
6.0MB

MD5
251ded58efd673a3f34b1b5f050d8d58

SHA1
4bc5a8267059dbc6eabc0c7524bf9be1c8f51722

SHA256
022822b173b3847c5f4a95e191468a14bbac5e36840e48f208866ded1ab66919

SHA512
88f4214f7d75fea52aab24be0386df8eca39acc3b8d6571dc8d2cc492b2af03d28e9b32b9c1ed55e484d6925cd8888457390d0ca36f8a5098a80d8c9eb6c00fd

Download Submit
C:\Windows\System\SqEoNSg.exe

Filesize
6.0MB

MD5
1bb0fdcccd824ee53af9694512fb47a9

SHA1
3ba27b5f3f5257dcb91a6e9d7ac72e2a302b0edd

SHA256
2877e08b3eb48a980f7c9019fddfefe4cecdb4f4f64dca88d9aa4d70618bab78

SHA512
3e2c802df5d30ba582ed76174417c5428dfad5ed57936f9f6d43ccdd51e0dc76b14c68823a88283eadc5371d65617f9c8397b33b7d27a1fa3f0bacad58c4a0c8

Download Submit
C:\Windows\System\SuPALsC.exe

Filesize
6.0MB

MD5
9b71cc24c66473cf297ae189af38e818

SHA1
55982bbbaac662322f5bbf75462d07d53b482d5d

SHA256
b3fe1cde0f65c576405a21018e2892e755c35737b8ed5ebb125738a64e372d40

SHA512
47e74e44754c6b86bb9201902d4920aee0dd61982b5bc516ca88a59dfafc3eda3f6fbd3602c0c5568cb0bb029a51bfeb94db29df496277a9a310ff74b9a479db

Download Submit
C:\Windows\System\UUaEhrw.exe

Filesize
6.0MB

MD5
5c3e614e7057655410764a42a7b1c399

SHA1
f136168c96645bc5cec3af3db929558e7b2f6983

SHA256
df083598c456ad35d8e0a7fd95b5e7941f55e217a69ea0fe90a839600f6269c2

SHA512
79e6a5167416b8ad538dee160da3e980d36d27c0bc4631d9957eab08805f14f61f9165fea46b9e6e85d96f97036affa7bccdada40ec2cdff85177f7ea4ca3fe2

Download Submit
C:\Windows\System\XFVIwim.exe

Filesize
6.0MB

MD5
9d56e557e8134d9d4a9d8c76e08395be

SHA1
e641f1d559c601c954877af6412b9d376b9c3045

SHA256
847eda65b82d54b236389a1a30cb60d4875e156d4edcd7e9639f9b679d5d5ac1

SHA512
46c6be6903f82f79eb466e45fc71becb6fde8dcfd98fed747d86755cc0c64e9f3f5797ba29bfc939885b3a5b165c329aa2fbf71fca19257c6a1b63e633420be2

Download Submit
C:\Windows\System\XPyDiGo.exe

Filesize
6.0MB

MD5
f8d9b351041f0dacb893f1f1c13e05b9

SHA1
f69a203a95d4b49e72a0060c0ef57cc75a4293e5

SHA256
a73d0fdf138bd29665f4d3ed224462f8f3dfff9a77a27c2480695ac02149f145

SHA512
ead4529c6ce9ece56e4a2b99350ced9453873aa360c9afbfb2174659725efc33dab75d2f8bfac982e76cad654791dbf91c4b02259296287a9a9c746f86204daf

Download Submit
C:\Windows\System\arnWWfE.exe

Filesize
6.0MB

MD5
2e92fee60f5f6401b48f242488620856

SHA1
efd27279388018e30aff50d6aa1a6126b7481336

SHA256
da548ba3f0609e16a0d989a3ab9574e3940a2fcc04637036df70992710ee9fcd

SHA512
3a245e4496c8ac36e89dd1c46f2d490fee5bf8d78a9d0df745ec1889fe4463c32647e4713a1c6a78be330d7caae702bbb50f185efd7d1e5a97737fb553719415

Download Submit
C:\Windows\System\blCsALA.exe

Filesize
6.0MB

MD5
dd50b608794f6d1c3b71894ccca65dcd

SHA1
e320140495cdecc53979bb58e85c70b9043dc624

SHA256
244b93753aa5fcd78d7478e7a41f87318340fa08dff7933790197a62b99de29e

SHA512
b5d5a2900438db4a966d14ef83d311d178aad30d73e3301d61e0fa146bb8119809fb20a18b7f688c14da6c94f30d34fb298b632a91a229b30fda3b858562a16b

Download Submit
C:\Windows\System\kNbivhB.exe

Filesize
6.0MB

MD5
d7a59e551be3928b993f94224eb0decd

SHA1
7115ffa6fcd2019255647760c3732662ff95244b

SHA256
7c7ba41ca8a00ed01fcb4e370005bf2e59948be38fc3e6b5132ab3cb302a2d06

SHA512
c674b21fb11cd583f2355041ea41fc152b9df37285b0af0ef3b3ed45b1e9e0cd47a55b1a9361b71b25066cea07bcd7b54e3927173b23891b90d52cd8a1d14f73

Download Submit
C:\Windows\System\mISjIZY.exe

Filesize
6.0MB

MD5
079b1e85e5b909e4cf02b1cca4717cf0

SHA1
e62b6ed179532529faf2c4a39fe49ec2c416cda5

SHA256
0ce4a3eeaf26fffdbe0d287a2697690b8de7beea07a4bc5aa05a1c32e886d34c

SHA512
6016decff3e8b2009bbf7cf245762d59c0339b6a2efcf98c0476466f731b2b0189c9f23365d198356b261eefd8ed0c10d8023c2ca396a4c17bca685ab9b36870

Download Submit
C:\Windows\System\muTeoaY.exe

Filesize
6.0MB

MD5
698ae0479a1263e0e13e1d726ca483d3

SHA1
7c996d20c027cf8d2858bc50704117760982e4a4

SHA256
45f2d7c9c8652982ea37b5adb9026f2d49a7fd80fe04e1eb277d881ffabfae91

SHA512
79a145ae4b2cc70e2246b6e8be38ebdb6aaac7a2418710b0fe7f0873cf6ebf655cbba3e47b6c6eefdbfdcc8d77c74999ac6ac902843a76d4c7a2b07ae1984712

Download Submit
C:\Windows\System\shCeIWr.exe

Filesize
6.0MB

MD5
8699d4c143e5274759543c4b9d08c29b

SHA1
82e10a5be84dea20d5e0de247a9c53388b471cdc

SHA256
de1410bbb61b4eca27e22630dd4341282ca33ae18f27c01606aaf68e3e9b9562

SHA512
9d9b63a5b2c29d738779cb755bb98c5d824be2961e113e983f0b84d51eadcad2b4b2b08839d130316892b235aa3890af4d2c44954f4091ed0ee9b721a58990ce

Download Submit
C:\Windows\System\uSMEqPj.exe

Filesize
6.0MB

MD5
d8d687d3b94891e5929da9189b53394b

SHA1
6bd57e6867e7d1f71bab48b99f6b0e462f7b8753

SHA256
dfa922b10d39119c47243a8c243a1430320d073beb59c5febe4ef34a14b1fd7a

SHA512
2ce6dea468ed940d2e584974e7586230a3807959a0cc87577b5981906aa9c5ecca8c2018104f8fa06279e283c50ddfb3885689f8a19e1418aa0935efdcbffe19

Download Submit
C:\Windows\System\vcOWorj.exe

Filesize
6.0MB

MD5
b2376f34477566b385796f4b02780f47

SHA1
34c3f35ce47e89f7599b869412506938d7bb5908

SHA256
5bd1016359e31d486a9da5ea20270683be37656fa8b065b4cf3bea162b34afa0

SHA512
c9d4314531b923722ab4e043cdbd59bf447c18fe871e78845f76bb0e5f44c24022f62e3e569f9cc17e773712d4fbf5392e34e7777828a50761c4a5a689e2d35a

Download Submit
C:\Windows\System\yKxTtLm.exe

Filesize
6.0MB

MD5
0c83ba53aa95c10af90917eb35a724df

SHA1
9e49cd6f30c5417ba749f5b4af53a58c73616a69

SHA256
5bf1cc43ba854bb4538b51e6ec812593c0a10be6ee73390645a276091cbf2364

SHA512
a3de53809546c1e21f710e1463d71ee766005d3dadf3b80b522d800585b3424a6b85e5b3de0c22ae6a6fdd00719121f198d057cf300b347d53243a6b6060c253

Download Submit
memory/64-1721-0x00007FF6120F0000-0x00007FF612444000-memory.dmp

Filesize
3.3MB

Download
memory/64-274-0x00007FF6120F0000-0x00007FF612444000-memory.dmp

Filesize
3.3MB

Download
memory/64-151-0x00007FF6120F0000-0x00007FF612444000-memory.dmp

Filesize
3.3MB

Download
memory/116-474-0x00007FF6FA7A0000-0x00007FF6FAAF4000-memory.dmp

Filesize
3.3MB

Download
memory/116-176-0x00007FF6FA7A0000-0x00007FF6FAAF4000-memory.dmp

Filesize
3.3MB

Download
memory/116-1744-0x00007FF6FA7A0000-0x00007FF6FAAF4000-memory.dmp

Filesize
3.3MB

Download
memory/224-602-0x00007FF758140000-0x00007FF758494000-memory.dmp

Filesize
3.3MB

Download
memory/224-62-0x00007FF758140000-0x00007FF758494000-memory.dmp

Filesize
3.3MB

Download
memory/224-7-0x00007FF758140000-0x00007FF758494000-memory.dmp

Filesize
3.3MB

Download
memory/332-1322-0x00007FF66CD70000-0x00007FF66D0C4000-memory.dmp

Filesize
3.3MB

Download
memory/332-113-0x00007FF66CD70000-0x00007FF66D0C4000-memory.dmp

Filesize
3.3MB

Download
memory/432-81-0x00007FF7CE100000-0x00007FF7CE454000-memory.dmp

Filesize
3.3MB

Download
memory/432-740-0x00007FF7CE100000-0x00007FF7CE454000-memory.dmp

Filesize
3.3MB

Download
memory/432-26-0x00007FF7CE100000-0x00007FF7CE454000-memory.dmp

Filesize
3.3MB

Download
memory/848-275-0x00007FF718380000-0x00007FF7186D4000-memory.dmp

Filesize
3.3MB

Download
memory/848-1741-0x00007FF718380000-0x00007FF7186D4000-memory.dmp

Filesize
3.3MB

Download
memory/848-160-0x00007FF718380000-0x00007FF7186D4000-memory.dmp

Filesize
3.3MB

Download
memory/1020-188-0x00007FF772350000-0x00007FF7726A4000-memory.dmp

Filesize
3.3MB

Download
memory/1020-1990-0x00007FF772350000-0x00007FF7726A4000-memory.dmp

Filesize
3.3MB

Download
memory/1144-99-0x00007FF61D350000-0x00007FF61D6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1144-1320-0x00007FF61D350000-0x00007FF61D6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1144-146-0x00007FF61D350000-0x00007FF61D6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1404-1196-0x00007FF733F50000-0x00007FF7342A4000-memory.dmp

Filesize
3.3MB

Download
memory/1404-90-0x00007FF733F50000-0x00007FF7342A4000-memory.dmp

Filesize
3.3MB

Download
memory/1404-145-0x00007FF733F50000-0x00007FF7342A4000-memory.dmp

Filesize
3.3MB

Download
memory/1688-317-0x00007FF654530000-0x00007FF654884000-memory.dmp

Filesize
3.3MB

Download
memory/1688-164-0x00007FF654530000-0x00007FF654884000-memory.dmp

Filesize
3.3MB

Download
memory/1688-1737-0x00007FF654530000-0x00007FF654884000-memory.dmp

Filesize
3.3MB

Download
memory/1724-1545-0x00007FF647040000-0x00007FF647394000-memory.dmp

Filesize
3.3MB

Download
memory/1724-142-0x00007FF647040000-0x00007FF647394000-memory.dmp

Filesize
3.3MB

Download
memory/1724-210-0x00007FF647040000-0x00007FF647394000-memory.dmp

Filesize
3.3MB

Download
memory/1808-1538-0x00007FF6A64A0000-0x00007FF6A67F4000-memory.dmp

Filesize
3.3MB

Download
memory/1808-137-0x00007FF6A64A0000-0x00007FF6A67F4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-1133-0x00007FF67AEC0000-0x00007FF67B214000-memory.dmp

Filesize
3.3MB

Download
memory/1964-72-0x00007FF67AEC0000-0x00007FF67B214000-memory.dmp

Filesize
3.3MB

Download
memory/2236-166-0x00007FF63D1D0000-0x00007FF63D524000-memory.dmp

Filesize
3.3MB

Download
memory/2236-116-0x00007FF63D1D0000-0x00007FF63D524000-memory.dmp

Filesize
3.3MB

Download
memory/2236-1328-0x00007FF63D1D0000-0x00007FF63D524000-memory.dmp

Filesize
3.3MB

Download
memory/2404-76-0x00007FF776A20000-0x00007FF776D74000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1137-0x00007FF776A20000-0x00007FF776D74000-memory.dmp

Filesize
3.3MB

Download
memory/2404-131-0x00007FF776A20000-0x00007FF776D74000-memory.dmp

Filesize
3.3MB

Download
memory/2692-84-0x00007FF77B230000-0x00007FF77B584000-memory.dmp

Filesize
3.3MB

Download
memory/2692-141-0x00007FF77B230000-0x00007FF77B584000-memory.dmp

Filesize
3.3MB

Download
memory/2692-1192-0x00007FF77B230000-0x00007FF77B584000-memory.dmp

Filesize
3.3MB

Download
memory/2940-823-0x00007FF663D90000-0x00007FF6640E4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-61-0x00007FF663D90000-0x00007FF6640E4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-115-0x00007FF663D90000-0x00007FF6640E4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-71-0x00007FF799210000-0x00007FF799564000-memory.dmp

Filesize
3.3MB

Download
memory/2980-17-0x00007FF799210000-0x00007FF799564000-memory.dmp

Filesize
3.3MB

Download
memory/2980-621-0x00007FF799210000-0x00007FF799564000-memory.dmp

Filesize
3.3MB

Download
memory/3012-1325-0x00007FF7FBF00000-0x00007FF7FC254000-memory.dmp

Filesize
3.3MB

Download
memory/3012-100-0x00007FF7FBF00000-0x00007FF7FC254000-memory.dmp

Filesize
3.3MB

Download
memory/3012-150-0x00007FF7FBF00000-0x00007FF7FC254000-memory.dmp

Filesize
3.3MB

Download
memory/3136-0-0x00007FF789BF0000-0x00007FF789F44000-memory.dmp

Filesize
3.3MB

Download
memory/3136-55-0x00007FF789BF0000-0x00007FF789F44000-memory.dmp

Filesize
3.3MB

Download
memory/3136-1-0x00000199AB0F0000-0x00000199AB100000-memory.dmp

Filesize
64KB

Download
memory/3236-811-0x00007FF60D3F0000-0x00007FF60D744000-memory.dmp

Filesize
3.3MB

Download
memory/3236-42-0x00007FF60D3F0000-0x00007FF60D744000-memory.dmp

Filesize
3.3MB

Download
memory/3236-89-0x00007FF60D3F0000-0x00007FF60D744000-memory.dmp

Filesize
3.3MB

Download
memory/3368-189-0x00007FF69E610000-0x00007FF69E964000-memory.dmp

Filesize
3.3MB

Download
memory/3368-1542-0x00007FF69E610000-0x00007FF69E964000-memory.dmp

Filesize
3.3MB

Download
memory/3368-136-0x00007FF69E610000-0x00007FF69E964000-memory.dmp

Filesize
3.3MB

Download
memory/3912-12-0x00007FF628D00000-0x00007FF629054000-memory.dmp

Filesize
3.3MB

Download
memory/3912-617-0x00007FF628D00000-0x00007FF629054000-memory.dmp

Filesize
3.3MB

Download
memory/3912-66-0x00007FF628D00000-0x00007FF629054000-memory.dmp

Filesize
3.3MB

Download
memory/3976-123-0x00007FF6E5F20000-0x00007FF6E6274000-memory.dmp

Filesize
3.3MB

Download
memory/3976-186-0x00007FF6E5F20000-0x00007FF6E6274000-memory.dmp

Filesize
3.3MB

Download
memory/3976-1535-0x00007FF6E5F20000-0x00007FF6E6274000-memory.dmp

Filesize
3.3MB

Download
memory/4192-812-0x00007FF6B5960000-0x00007FF6B5CB4000-memory.dmp

Filesize
3.3MB

Download
memory/4192-57-0x00007FF6B5960000-0x00007FF6B5CB4000-memory.dmp

Filesize
3.3MB

Download
memory/4292-58-0x00007FF7BB4F0000-0x00007FF7BB844000-memory.dmp

Filesize
3.3MB

Download
memory/4292-109-0x00007FF7BB4F0000-0x00007FF7BB844000-memory.dmp

Filesize
3.3MB

Download
memory/4292-819-0x00007FF7BB4F0000-0x00007FF7BB844000-memory.dmp

Filesize
3.3MB

Download
memory/4352-34-0x00007FF646100000-0x00007FF646454000-memory.dmp

Filesize
3.3MB

Download
memory/4352-795-0x00007FF646100000-0x00007FF646454000-memory.dmp

Filesize
3.3MB

Download
memory/4412-420-0x00007FF7B1260000-0x00007FF7B15B4000-memory.dmp

Filesize
3.3MB

Download
memory/4412-1742-0x00007FF7B1260000-0x00007FF7B15B4000-memory.dmp

Filesize
3.3MB

Download
memory/4412-167-0x00007FF7B1260000-0x00007FF7B15B4000-memory.dmp

Filesize
3.3MB

Download
memory/4440-579-0x00007FF78DFD0000-0x00007FF78E324000-memory.dmp

Filesize
3.3MB

Download
memory/4440-195-0x00007FF78DFD0000-0x00007FF78E324000-memory.dmp

Filesize
3.3MB

Download
memory/4440-1998-0x00007FF78DFD0000-0x00007FF78E324000-memory.dmp

Filesize
3.3MB

Download
memory/4508-801-0x00007FF784020000-0x00007FF784374000-memory.dmp

Filesize
3.3MB

Download
memory/4508-38-0x00007FF784020000-0x00007FF784374000-memory.dmp

Filesize
3.3MB

Download