cobaltstrike | e690c29787a1bb277b992dcc9f75a7ff50fa8f2adf9b5add3942d075c736063e

Analysis

max time kernel
126s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

42a9d73d7805fecfbdc21e0ca4ab7db1
SHA1

0903af8b26d383972adcc5f6fbf7ca0afb177053
SHA256

e690c29787a1bb277b992dcc9f75a7ff50fa8f2adf9b5add3942d075c736063e
SHA512

8a5b044be9f04de642073017d50fda9d314cd19cd472271e33ac4059cab216ba5946ec84cb59f029599178c8dc023da2685756083f8471e0ffdc564dd1cf8a4a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUV:T+q56utgpPF8u/7V

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\System\hGnLqFp.exe	cobalt_reflective_dll
C:\Windows\System\rdXPeKS.exe	cobalt_reflective_dll
C:\Windows\System\hYAeWXB.exe	cobalt_reflective_dll
C:\Windows\System\tOUZFdt.exe	cobalt_reflective_dll
C:\Windows\System\RekiRYp.exe	cobalt_reflective_dll
C:\Windows\System\JAmsYkW.exe	cobalt_reflective_dll
C:\Windows\System\qmwhjed.exe	cobalt_reflective_dll
C:\Windows\System\YQBEHsr.exe	cobalt_reflective_dll
C:\Windows\System\EPTexjx.exe	cobalt_reflective_dll
C:\Windows\System\hwtyoMH.exe	cobalt_reflective_dll
C:\Windows\System\dJQXdJP.exe	cobalt_reflective_dll
C:\Windows\System\hblTPMn.exe	cobalt_reflective_dll
C:\Windows\System\GpPwJrn.exe	cobalt_reflective_dll
C:\Windows\System\HABmeZb.exe	cobalt_reflective_dll
C:\Windows\System\FaKeGwi.exe	cobalt_reflective_dll
C:\Windows\System\UAMiWUJ.exe	cobalt_reflective_dll
C:\Windows\System\HJaWHoD.exe	cobalt_reflective_dll
C:\Windows\System\foaLyWf.exe	cobalt_reflective_dll
C:\Windows\System\JiWICiP.exe	cobalt_reflective_dll
C:\Windows\System\dZCxBEA.exe	cobalt_reflective_dll
C:\Windows\System\VcsCokH.exe	cobalt_reflective_dll
C:\Windows\System\HKTkbtj.exe	cobalt_reflective_dll
C:\Windows\System\djnrFvJ.exe	cobalt_reflective_dll
C:\Windows\System\IjWePIU.exe	cobalt_reflective_dll
C:\Windows\System\zFiSytA.exe	cobalt_reflective_dll
C:\Windows\System\YnmodXh.exe	cobalt_reflective_dll
C:\Windows\System\eimZXYZ.exe	cobalt_reflective_dll
C:\Windows\System\WuuCnIG.exe	cobalt_reflective_dll
C:\Windows\System\dpuXhWu.exe	cobalt_reflective_dll
C:\Windows\System\FHWhOvn.exe	cobalt_reflective_dll
C:\Windows\System\bBaMWpq.exe	cobalt_reflective_dll
C:\Windows\System\lUDvXVN.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/3952-0-0x00007FF6E2670000-0x00007FF6E29C4000-memory.dmp	xmrig
C:\Windows\System\hGnLqFp.exe	xmrig
behavioral2/memory/1780-12-0x00007FF633EE0000-0x00007FF634234000-memory.dmp	xmrig
C:\Windows\System\rdXPeKS.exe	xmrig
C:\Windows\System\hYAeWXB.exe	xmrig
C:\Windows\System\tOUZFdt.exe	xmrig
C:\Windows\System\RekiRYp.exe	xmrig
C:\Windows\System\JAmsYkW.exe	xmrig
C:\Windows\System\qmwhjed.exe	xmrig
C:\Windows\System\YQBEHsr.exe	xmrig
C:\Windows\System\EPTexjx.exe	xmrig
C:\Windows\System\hwtyoMH.exe	xmrig
C:\Windows\System\dJQXdJP.exe	xmrig
C:\Windows\System\hblTPMn.exe	xmrig
C:\Windows\System\GpPwJrn.exe	xmrig
C:\Windows\System\HABmeZb.exe	xmrig
C:\Windows\System\FaKeGwi.exe	xmrig
behavioral2/memory/3084-867-0x00007FF6F0000000-0x00007FF6F0354000-memory.dmp	xmrig
behavioral2/memory/712-873-0x00007FF733750000-0x00007FF733AA4000-memory.dmp	xmrig
behavioral2/memory/3660-875-0x00007FF6AE7C0000-0x00007FF6AEB14000-memory.dmp	xmrig
behavioral2/memory/2536-876-0x00007FF7136D0000-0x00007FF713A24000-memory.dmp	xmrig
behavioral2/memory/524-874-0x00007FF7BC4E0000-0x00007FF7BC834000-memory.dmp	xmrig
behavioral2/memory/112-878-0x00007FF656BD0000-0x00007FF656F24000-memory.dmp	xmrig
behavioral2/memory/432-877-0x00007FF7F38E0000-0x00007FF7F3C34000-memory.dmp	xmrig
behavioral2/memory/5068-872-0x00007FF6E97F0000-0x00007FF6E9B44000-memory.dmp	xmrig
behavioral2/memory/4644-879-0x00007FF63ECC0000-0x00007FF63F014000-memory.dmp	xmrig
behavioral2/memory/3196-880-0x00007FF6177D0000-0x00007FF617B24000-memory.dmp	xmrig
behavioral2/memory/2924-884-0x00007FF721D30000-0x00007FF722084000-memory.dmp	xmrig
behavioral2/memory/3656-883-0x00007FF7A0270000-0x00007FF7A05C4000-memory.dmp	xmrig
behavioral2/memory/384-886-0x00007FF6CF450000-0x00007FF6CF7A4000-memory.dmp	xmrig
behavioral2/memory/2880-891-0x00007FF7EBFE0000-0x00007FF7EC334000-memory.dmp	xmrig
behavioral2/memory/3028-894-0x00007FF62B910000-0x00007FF62BC64000-memory.dmp	xmrig
behavioral2/memory/5116-896-0x00007FF752000000-0x00007FF752354000-memory.dmp	xmrig
behavioral2/memory/2808-901-0x00007FF6E9E80000-0x00007FF6EA1D4000-memory.dmp	xmrig
behavioral2/memory/396-908-0x00007FF6E87D0000-0x00007FF6E8B24000-memory.dmp	xmrig
behavioral2/memory/5052-909-0x00007FF71E400000-0x00007FF71E754000-memory.dmp	xmrig
behavioral2/memory/1944-900-0x00007FF660690000-0x00007FF6609E4000-memory.dmp	xmrig
behavioral2/memory/4916-899-0x00007FF6D78B0000-0x00007FF6D7C04000-memory.dmp	xmrig
behavioral2/memory/3356-893-0x00007FF6EFD10000-0x00007FF6F0064000-memory.dmp	xmrig
behavioral2/memory/2532-892-0x00007FF626230000-0x00007FF626584000-memory.dmp	xmrig
behavioral2/memory/3628-888-0x00007FF795EB0000-0x00007FF796204000-memory.dmp	xmrig
behavioral2/memory/2004-887-0x00007FF73D310000-0x00007FF73D664000-memory.dmp	xmrig
C:\Windows\System\UAMiWUJ.exe	xmrig
C:\Windows\System\HJaWHoD.exe	xmrig
C:\Windows\System\foaLyWf.exe	xmrig
C:\Windows\System\JiWICiP.exe	xmrig
C:\Windows\System\dZCxBEA.exe	xmrig
C:\Windows\System\VcsCokH.exe	xmrig
C:\Windows\System\HKTkbtj.exe	xmrig
C:\Windows\System\djnrFvJ.exe	xmrig
C:\Windows\System\IjWePIU.exe	xmrig
C:\Windows\System\zFiSytA.exe	xmrig
C:\Windows\System\YnmodXh.exe	xmrig
C:\Windows\System\eimZXYZ.exe	xmrig
C:\Windows\System\WuuCnIG.exe	xmrig
C:\Windows\System\dpuXhWu.exe	xmrig
C:\Windows\System\FHWhOvn.exe	xmrig
behavioral2/memory/2380-31-0x00007FF76A960000-0x00007FF76ACB4000-memory.dmp	xmrig
C:\Windows\System\bBaMWpq.exe	xmrig
behavioral2/memory/4280-19-0x00007FF693910000-0x00007FF693C64000-memory.dmp	xmrig
C:\Windows\System\lUDvXVN.exe	xmrig
behavioral2/memory/2768-6-0x00007FF743AF0000-0x00007FF743E44000-memory.dmp	xmrig
behavioral2/memory/3952-1064-0x00007FF6E2670000-0x00007FF6E29C4000-memory.dmp	xmrig
behavioral2/memory/2768-1118-0x00007FF743AF0000-0x00007FF743E44000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

hGnLqFp.exelUDvXVN.exehYAeWXB.exerdXPeKS.exebBaMWpq.exetOUZFdt.exeFHWhOvn.exeRekiRYp.exeJAmsYkW.exeqmwhjed.exedpuXhWu.exeWuuCnIG.exeYQBEHsr.exeEPTexjx.exeeimZXYZ.exehwtyoMH.exedJQXdJP.exeYnmodXh.exehblTPMn.exezFiSytA.exeIjWePIU.exedjnrFvJ.exeHKTkbtj.exeVcsCokH.exedZCxBEA.exeGpPwJrn.exeJiWICiP.exeHABmeZb.exefoaLyWf.exeFaKeGwi.exeHJaWHoD.exeUAMiWUJ.exezSwsKdQ.exeMrMuySu.exeZOULuKB.exeQzjoaog.exeJIsIlrL.exebSOxYAK.exeJQNoqwL.exemwPMUke.exeiqEulGc.exemOwbznm.exeUzNYEQN.exeEwHhNGX.exetZrCxmo.exeDjbnqDC.exeTaFHOkW.exetwwYqwB.exeqdBPeVK.exesHyGkGi.exeIgyDIOg.exeMVyjwRP.exegGWnjcT.exeFzURpzF.exeAbESSYd.exePUbpGYp.exeCxXcita.exebpiKkWs.exeZJJJoly.exegBpiGjb.exeBmAOrYj.exelaUeDSZ.exeLucOyiM.exejdwxczf.exe

pid	process
2768	hGnLqFp.exe
1780	lUDvXVN.exe
4280	hYAeWXB.exe
2380	rdXPeKS.exe
3084	bBaMWpq.exe
5052	tOUZFdt.exe
5068	FHWhOvn.exe
712	RekiRYp.exe
524	JAmsYkW.exe
3660	qmwhjed.exe
2536	dpuXhWu.exe
432	WuuCnIG.exe
112	YQBEHsr.exe
4644	EPTexjx.exe
3196	eimZXYZ.exe
3656	hwtyoMH.exe
2924	dJQXdJP.exe
384	YnmodXh.exe
2004	hblTPMn.exe
3628	zFiSytA.exe
2880	IjWePIU.exe
2532	djnrFvJ.exe
3356	HKTkbtj.exe
3028	VcsCokH.exe
5116	dZCxBEA.exe
4916	GpPwJrn.exe
1944	JiWICiP.exe
2808	HABmeZb.exe
396	foaLyWf.exe
1412	FaKeGwi.exe
3080	HJaWHoD.exe
4080	UAMiWUJ.exe
4848	zSwsKdQ.exe
1636	MrMuySu.exe
4672	ZOULuKB.exe
2456	Qzjoaog.exe
1104	JIsIlrL.exe
2836	bSOxYAK.exe
4696	JQNoqwL.exe
632	mwPMUke.exe
4600	iqEulGc.exe
2680	mOwbznm.exe
4256	UzNYEQN.exe
8	EwHhNGX.exe
1468	tZrCxmo.exe
3480	DjbnqDC.exe
4636	TaFHOkW.exe
1228	twwYqwB.exe
4248	qdBPeVK.exe
1012	sHyGkGi.exe
4928	IgyDIOg.exe
1256	MVyjwRP.exe
4844	gGWnjcT.exe
312	FzURpzF.exe
4932	AbESSYd.exe
1696	PUbpGYp.exe
1520	CxXcita.exe
4240	bpiKkWs.exe
2840	ZJJJoly.exe
5028	gBpiGjb.exe
4388	BmAOrYj.exe
1980	laUeDSZ.exe
4592	LucOyiM.exe
3512	jdwxczf.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3952-0-0x00007FF6E2670000-0x00007FF6E29C4000-memory.dmp	upx
C:\Windows\System\hGnLqFp.exe	upx
behavioral2/memory/1780-12-0x00007FF633EE0000-0x00007FF634234000-memory.dmp	upx
C:\Windows\System\rdXPeKS.exe	upx
C:\Windows\System\hYAeWXB.exe	upx
C:\Windows\System\tOUZFdt.exe	upx
C:\Windows\System\RekiRYp.exe	upx
C:\Windows\System\JAmsYkW.exe	upx
C:\Windows\System\qmwhjed.exe	upx
C:\Windows\System\YQBEHsr.exe	upx
C:\Windows\System\EPTexjx.exe	upx
C:\Windows\System\hwtyoMH.exe	upx
C:\Windows\System\dJQXdJP.exe	upx
C:\Windows\System\hblTPMn.exe	upx
C:\Windows\System\GpPwJrn.exe	upx
C:\Windows\System\HABmeZb.exe	upx
C:\Windows\System\FaKeGwi.exe	upx
behavioral2/memory/3084-867-0x00007FF6F0000000-0x00007FF6F0354000-memory.dmp	upx
behavioral2/memory/712-873-0x00007FF733750000-0x00007FF733AA4000-memory.dmp	upx
behavioral2/memory/3660-875-0x00007FF6AE7C0000-0x00007FF6AEB14000-memory.dmp	upx
behavioral2/memory/2536-876-0x00007FF7136D0000-0x00007FF713A24000-memory.dmp	upx
behavioral2/memory/524-874-0x00007FF7BC4E0000-0x00007FF7BC834000-memory.dmp	upx
behavioral2/memory/112-878-0x00007FF656BD0000-0x00007FF656F24000-memory.dmp	upx
behavioral2/memory/432-877-0x00007FF7F38E0000-0x00007FF7F3C34000-memory.dmp	upx
behavioral2/memory/5068-872-0x00007FF6E97F0000-0x00007FF6E9B44000-memory.dmp	upx
behavioral2/memory/4644-879-0x00007FF63ECC0000-0x00007FF63F014000-memory.dmp	upx
behavioral2/memory/3196-880-0x00007FF6177D0000-0x00007FF617B24000-memory.dmp	upx
behavioral2/memory/2924-884-0x00007FF721D30000-0x00007FF722084000-memory.dmp	upx
behavioral2/memory/3656-883-0x00007FF7A0270000-0x00007FF7A05C4000-memory.dmp	upx
behavioral2/memory/384-886-0x00007FF6CF450000-0x00007FF6CF7A4000-memory.dmp	upx
behavioral2/memory/2880-891-0x00007FF7EBFE0000-0x00007FF7EC334000-memory.dmp	upx
behavioral2/memory/3028-894-0x00007FF62B910000-0x00007FF62BC64000-memory.dmp	upx
behavioral2/memory/5116-896-0x00007FF752000000-0x00007FF752354000-memory.dmp	upx
behavioral2/memory/2808-901-0x00007FF6E9E80000-0x00007FF6EA1D4000-memory.dmp	upx
behavioral2/memory/396-908-0x00007FF6E87D0000-0x00007FF6E8B24000-memory.dmp	upx
behavioral2/memory/5052-909-0x00007FF71E400000-0x00007FF71E754000-memory.dmp	upx
behavioral2/memory/1944-900-0x00007FF660690000-0x00007FF6609E4000-memory.dmp	upx
behavioral2/memory/4916-899-0x00007FF6D78B0000-0x00007FF6D7C04000-memory.dmp	upx
behavioral2/memory/3356-893-0x00007FF6EFD10000-0x00007FF6F0064000-memory.dmp	upx
behavioral2/memory/2532-892-0x00007FF626230000-0x00007FF626584000-memory.dmp	upx
behavioral2/memory/3628-888-0x00007FF795EB0000-0x00007FF796204000-memory.dmp	upx
behavioral2/memory/2004-887-0x00007FF73D310000-0x00007FF73D664000-memory.dmp	upx
C:\Windows\System\UAMiWUJ.exe	upx
C:\Windows\System\HJaWHoD.exe	upx
C:\Windows\System\foaLyWf.exe	upx
C:\Windows\System\JiWICiP.exe	upx
C:\Windows\System\dZCxBEA.exe	upx
C:\Windows\System\VcsCokH.exe	upx
C:\Windows\System\HKTkbtj.exe	upx
C:\Windows\System\djnrFvJ.exe	upx
C:\Windows\System\IjWePIU.exe	upx
C:\Windows\System\zFiSytA.exe	upx
C:\Windows\System\YnmodXh.exe	upx
C:\Windows\System\eimZXYZ.exe	upx
C:\Windows\System\WuuCnIG.exe	upx
C:\Windows\System\dpuXhWu.exe	upx
C:\Windows\System\FHWhOvn.exe	upx
behavioral2/memory/2380-31-0x00007FF76A960000-0x00007FF76ACB4000-memory.dmp	upx
C:\Windows\System\bBaMWpq.exe	upx
behavioral2/memory/4280-19-0x00007FF693910000-0x00007FF693C64000-memory.dmp	upx
C:\Windows\System\lUDvXVN.exe	upx
behavioral2/memory/2768-6-0x00007FF743AF0000-0x00007FF743E44000-memory.dmp	upx
behavioral2/memory/3952-1064-0x00007FF6E2670000-0x00007FF6E29C4000-memory.dmp	upx
behavioral2/memory/2768-1118-0x00007FF743AF0000-0x00007FF743E44000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\LvvZNAM.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TkkFika.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mENOdia.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qtWXNUx.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ptwECTN.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hYAeWXB.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CvFUFsJ.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qIHAOSh.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QzCeffo.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UspRlEF.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gGWnjcT.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmAOrYj.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RCazKXj.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXyCLzl.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\koVVzRj.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YfxUNJa.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XJFjpLq.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RMgsTDE.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ADIBbFL.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SubPSib.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fxvJyeZ.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HwuJbzb.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JRrbEJs.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bRShPMn.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ExNQYOk.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kjHdoqP.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yJgSKWr.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMmjSTU.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AruNTXO.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bkUUAsf.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bLyStSJ.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSvUist.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KeUdjAm.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvwqfHi.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FurhKna.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYSJFaF.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLIoMlZ.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xyRPRhD.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nkbfKlD.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IFIXVVo.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ijANqXe.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UVTzSvq.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CPUZhcI.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNjptmd.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\exQGQYJ.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kmLzJbz.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IPupVsn.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xddBSGe.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bnjheJI.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MzhJhbh.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eCgfuCL.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uYSvuNc.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdfaoJQ.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mUNVflY.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CENYtMq.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QkJYbCQ.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UQLofay.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNOQXYc.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hblTPMn.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ksPuinB.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xkrGzUP.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jMeaiDo.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvbqXek.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\stzrwnC.exe	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 3952 wrote to memory of 2768	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	hGnLqFp.exe
PID 3952 wrote to memory of 2768	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	hGnLqFp.exe
PID 3952 wrote to memory of 1780	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	lUDvXVN.exe
PID 3952 wrote to memory of 1780	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	lUDvXVN.exe
PID 3952 wrote to memory of 4280	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	hYAeWXB.exe
PID 3952 wrote to memory of 4280	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	hYAeWXB.exe
PID 3952 wrote to memory of 2380	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	rdXPeKS.exe
PID 3952 wrote to memory of 2380	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	rdXPeKS.exe
PID 3952 wrote to memory of 3084	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	bBaMWpq.exe
PID 3952 wrote to memory of 3084	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	bBaMWpq.exe
PID 3952 wrote to memory of 5052	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	tOUZFdt.exe
PID 3952 wrote to memory of 5052	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	tOUZFdt.exe
PID 3952 wrote to memory of 5068	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	FHWhOvn.exe
PID 3952 wrote to memory of 5068	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	FHWhOvn.exe
PID 3952 wrote to memory of 712	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	RekiRYp.exe
PID 3952 wrote to memory of 712	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	RekiRYp.exe
PID 3952 wrote to memory of 524	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	JAmsYkW.exe
PID 3952 wrote to memory of 524	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	JAmsYkW.exe
PID 3952 wrote to memory of 3660	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	qmwhjed.exe
PID 3952 wrote to memory of 3660	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	qmwhjed.exe
PID 3952 wrote to memory of 2536	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	dpuXhWu.exe
PID 3952 wrote to memory of 2536	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	dpuXhWu.exe
PID 3952 wrote to memory of 432	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	WuuCnIG.exe
PID 3952 wrote to memory of 432	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	WuuCnIG.exe
PID 3952 wrote to memory of 112	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	YQBEHsr.exe
PID 3952 wrote to memory of 112	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	YQBEHsr.exe
PID 3952 wrote to memory of 4644	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	EPTexjx.exe
PID 3952 wrote to memory of 4644	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	EPTexjx.exe
PID 3952 wrote to memory of 3196	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	eimZXYZ.exe
PID 3952 wrote to memory of 3196	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	eimZXYZ.exe
PID 3952 wrote to memory of 3656	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	hwtyoMH.exe
PID 3952 wrote to memory of 3656	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	hwtyoMH.exe
PID 3952 wrote to memory of 2924	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	dJQXdJP.exe
PID 3952 wrote to memory of 2924	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	dJQXdJP.exe
PID 3952 wrote to memory of 384	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	YnmodXh.exe
PID 3952 wrote to memory of 384	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	YnmodXh.exe
PID 3952 wrote to memory of 2004	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	hblTPMn.exe
PID 3952 wrote to memory of 2004	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	hblTPMn.exe
PID 3952 wrote to memory of 3628	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	zFiSytA.exe
PID 3952 wrote to memory of 3628	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	zFiSytA.exe
PID 3952 wrote to memory of 2880	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	IjWePIU.exe
PID 3952 wrote to memory of 2880	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	IjWePIU.exe
PID 3952 wrote to memory of 2532	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	djnrFvJ.exe
PID 3952 wrote to memory of 2532	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	djnrFvJ.exe
PID 3952 wrote to memory of 3356	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	HKTkbtj.exe
PID 3952 wrote to memory of 3356	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	HKTkbtj.exe
PID 3952 wrote to memory of 3028	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	VcsCokH.exe
PID 3952 wrote to memory of 3028	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	VcsCokH.exe
PID 3952 wrote to memory of 5116	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	dZCxBEA.exe
PID 3952 wrote to memory of 5116	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	dZCxBEA.exe
PID 3952 wrote to memory of 4916	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	GpPwJrn.exe
PID 3952 wrote to memory of 4916	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	GpPwJrn.exe
PID 3952 wrote to memory of 1944	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	JiWICiP.exe
PID 3952 wrote to memory of 1944	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	JiWICiP.exe
PID 3952 wrote to memory of 2808	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	HABmeZb.exe
PID 3952 wrote to memory of 2808	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	HABmeZb.exe
PID 3952 wrote to memory of 396	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	foaLyWf.exe
PID 3952 wrote to memory of 396	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	foaLyWf.exe
PID 3952 wrote to memory of 1412	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	FaKeGwi.exe
PID 3952 wrote to memory of 1412	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	FaKeGwi.exe
PID 3952 wrote to memory of 3080	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	HJaWHoD.exe
PID 3952 wrote to memory of 3080	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	HJaWHoD.exe
PID 3952 wrote to memory of 4080	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	UAMiWUJ.exe
PID 3952 wrote to memory of 4080	3952	2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe	UAMiWUJ.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_42a9d73d7805fecfbdc21e0ca4ab7db1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3952
- C:\Windows\System\hGnLqFp.exe
  C:\Windows\System\hGnLqFp.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\lUDvXVN.exe
  C:\Windows\System\lUDvXVN.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\hYAeWXB.exe
  C:\Windows\System\hYAeWXB.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\rdXPeKS.exe
  C:\Windows\System\rdXPeKS.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\bBaMWpq.exe
  C:\Windows\System\bBaMWpq.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\tOUZFdt.exe
  C:\Windows\System\tOUZFdt.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\FHWhOvn.exe
  C:\Windows\System\FHWhOvn.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\RekiRYp.exe
  C:\Windows\System\RekiRYp.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\JAmsYkW.exe
  C:\Windows\System\JAmsYkW.exe
  2⤵
  - Executes dropped EXE
  PID:524
- C:\Windows\System\qmwhjed.exe
  C:\Windows\System\qmwhjed.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\dpuXhWu.exe
  C:\Windows\System\dpuXhWu.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\WuuCnIG.exe
  C:\Windows\System\WuuCnIG.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\YQBEHsr.exe
  C:\Windows\System\YQBEHsr.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\EPTexjx.exe
  C:\Windows\System\EPTexjx.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\eimZXYZ.exe
  C:\Windows\System\eimZXYZ.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\hwtyoMH.exe
  C:\Windows\System\hwtyoMH.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\dJQXdJP.exe
  C:\Windows\System\dJQXdJP.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\YnmodXh.exe
  C:\Windows\System\YnmodXh.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\hblTPMn.exe
  C:\Windows\System\hblTPMn.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\zFiSytA.exe
  C:\Windows\System\zFiSytA.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\IjWePIU.exe
  C:\Windows\System\IjWePIU.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\djnrFvJ.exe
  C:\Windows\System\djnrFvJ.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\HKTkbtj.exe
  C:\Windows\System\HKTkbtj.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\VcsCokH.exe
  C:\Windows\System\VcsCokH.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\dZCxBEA.exe
  C:\Windows\System\dZCxBEA.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\GpPwJrn.exe
  C:\Windows\System\GpPwJrn.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\JiWICiP.exe
  C:\Windows\System\JiWICiP.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\HABmeZb.exe
  C:\Windows\System\HABmeZb.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\foaLyWf.exe
  C:\Windows\System\foaLyWf.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\FaKeGwi.exe
  C:\Windows\System\FaKeGwi.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\HJaWHoD.exe
  C:\Windows\System\HJaWHoD.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\UAMiWUJ.exe
  C:\Windows\System\UAMiWUJ.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\zSwsKdQ.exe
  C:\Windows\System\zSwsKdQ.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\MrMuySu.exe
  C:\Windows\System\MrMuySu.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\ZOULuKB.exe
  C:\Windows\System\ZOULuKB.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\Qzjoaog.exe
  C:\Windows\System\Qzjoaog.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\JIsIlrL.exe
  C:\Windows\System\JIsIlrL.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\bSOxYAK.exe
  C:\Windows\System\bSOxYAK.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\JQNoqwL.exe
  C:\Windows\System\JQNoqwL.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\mwPMUke.exe
  C:\Windows\System\mwPMUke.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\iqEulGc.exe
  C:\Windows\System\iqEulGc.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\mOwbznm.exe
  C:\Windows\System\mOwbznm.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\UzNYEQN.exe
  C:\Windows\System\UzNYEQN.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\EwHhNGX.exe
  C:\Windows\System\EwHhNGX.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\tZrCxmo.exe
  C:\Windows\System\tZrCxmo.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\DjbnqDC.exe
  C:\Windows\System\DjbnqDC.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\TaFHOkW.exe
  C:\Windows\System\TaFHOkW.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\twwYqwB.exe
  C:\Windows\System\twwYqwB.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\qdBPeVK.exe
  C:\Windows\System\qdBPeVK.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\sHyGkGi.exe
  C:\Windows\System\sHyGkGi.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\IgyDIOg.exe
  C:\Windows\System\IgyDIOg.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\MVyjwRP.exe
  C:\Windows\System\MVyjwRP.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\gGWnjcT.exe
  C:\Windows\System\gGWnjcT.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\FzURpzF.exe
  C:\Windows\System\FzURpzF.exe
  2⤵
  - Executes dropped EXE
  PID:312
- C:\Windows\System\AbESSYd.exe
  C:\Windows\System\AbESSYd.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\PUbpGYp.exe
  C:\Windows\System\PUbpGYp.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\CxXcita.exe
  C:\Windows\System\CxXcita.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\bpiKkWs.exe
  C:\Windows\System\bpiKkWs.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\ZJJJoly.exe
  C:\Windows\System\ZJJJoly.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\gBpiGjb.exe
  C:\Windows\System\gBpiGjb.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\BmAOrYj.exe
  C:\Windows\System\BmAOrYj.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\laUeDSZ.exe
  C:\Windows\System\laUeDSZ.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\LucOyiM.exe
  C:\Windows\System\LucOyiM.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\jdwxczf.exe
  C:\Windows\System\jdwxczf.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\oQljksj.exe
  C:\Windows\System\oQljksj.exe
  2⤵
  PID:932
- C:\Windows\System\BKtSBxs.exe
  C:\Windows\System\BKtSBxs.exe
  2⤵
  PID:2024
- C:\Windows\System\tZclyXp.exe
  C:\Windows\System\tZclyXp.exe
  2⤵
  PID:4628
- C:\Windows\System\YfxUNJa.exe
  C:\Windows\System\YfxUNJa.exe
  2⤵
  PID:1400
- C:\Windows\System\otWgSWg.exe
  C:\Windows\System\otWgSWg.exe
  2⤵
  PID:1600
- C:\Windows\System\ifcOiSK.exe
  C:\Windows\System\ifcOiSK.exe
  2⤵
  PID:2436
- C:\Windows\System\mCbonka.exe
  C:\Windows\System\mCbonka.exe
  2⤵
  PID:2968
- C:\Windows\System\DBgocBG.exe
  C:\Windows\System\DBgocBG.exe
  2⤵
  PID:4820
- C:\Windows\System\TROzJUr.exe
  C:\Windows\System\TROzJUr.exe
  2⤵
  PID:4492
- C:\Windows\System\xfZPvEM.exe
  C:\Windows\System\xfZPvEM.exe
  2⤵
  PID:1748
- C:\Windows\System\hlbcMvv.exe
  C:\Windows\System\hlbcMvv.exe
  2⤵
  PID:2252
- C:\Windows\System\UTBFdni.exe
  C:\Windows\System\UTBFdni.exe
  2⤵
  PID:2568
- C:\Windows\System\QSZFJUh.exe
  C:\Windows\System\QSZFJUh.exe
  2⤵
  PID:4164
- C:\Windows\System\gaEaPYw.exe
  C:\Windows\System\gaEaPYw.exe
  2⤵
  PID:3684
- C:\Windows\System\tepZdLZ.exe
  C:\Windows\System\tepZdLZ.exe
  2⤵
  PID:1812
- C:\Windows\System\FpUMsYr.exe
  C:\Windows\System\FpUMsYr.exe
  2⤵
  PID:5032
- C:\Windows\System\bFKazsy.exe
  C:\Windows\System\bFKazsy.exe
  2⤵
  PID:4260
- C:\Windows\System\USthYXy.exe
  C:\Windows\System\USthYXy.exe
  2⤵
  PID:4108
- C:\Windows\System\DDoFCNv.exe
  C:\Windows\System\DDoFCNv.exe
  2⤵
  PID:3856
- C:\Windows\System\tArzSLX.exe
  C:\Windows\System\tArzSLX.exe
  2⤵
  PID:2664
- C:\Windows\System\zaqJnPm.exe
  C:\Windows\System\zaqJnPm.exe
  2⤵
  PID:2852
- C:\Windows\System\CveHxde.exe
  C:\Windows\System\CveHxde.exe
  2⤵
  PID:5140
- C:\Windows\System\gsarBkj.exe
  C:\Windows\System\gsarBkj.exe
  2⤵
  PID:5168
- C:\Windows\System\zoGpTxa.exe
  C:\Windows\System\zoGpTxa.exe
  2⤵
  PID:5208
- C:\Windows\System\QKHoWJT.exe
  C:\Windows\System\QKHoWJT.exe
  2⤵
  PID:5224
- C:\Windows\System\WFxgRyU.exe
  C:\Windows\System\WFxgRyU.exe
  2⤵
  PID:5264
- C:\Windows\System\dQFYqrC.exe
  C:\Windows\System\dQFYqrC.exe
  2⤵
  PID:5280
- C:\Windows\System\NBxhVCF.exe
  C:\Windows\System\NBxhVCF.exe
  2⤵
  PID:5316
- C:\Windows\System\WzjIEau.exe
  C:\Windows\System\WzjIEau.exe
  2⤵
  PID:5336
- C:\Windows\System\CMcOlbb.exe
  C:\Windows\System\CMcOlbb.exe
  2⤵
  PID:5364
- C:\Windows\System\Vghhkxg.exe
  C:\Windows\System\Vghhkxg.exe
  2⤵
  PID:5392
- C:\Windows\System\ItzAEnZ.exe
  C:\Windows\System\ItzAEnZ.exe
  2⤵
  PID:5432
- C:\Windows\System\qzkstvi.exe
  C:\Windows\System\qzkstvi.exe
  2⤵
  PID:5448
- C:\Windows\System\aUZnvvW.exe
  C:\Windows\System\aUZnvvW.exe
  2⤵
  PID:5476
- C:\Windows\System\bTkLFiC.exe
  C:\Windows\System\bTkLFiC.exe
  2⤵
  PID:5504
- C:\Windows\System\lhoJqrL.exe
  C:\Windows\System\lhoJqrL.exe
  2⤵
  PID:5544
- C:\Windows\System\YVDixqA.exe
  C:\Windows\System\YVDixqA.exe
  2⤵
  PID:5560
- C:\Windows\System\wxsauFa.exe
  C:\Windows\System\wxsauFa.exe
  2⤵
  PID:5588
- C:\Windows\System\EIYZKwA.exe
  C:\Windows\System\EIYZKwA.exe
  2⤵
  PID:5616
- C:\Windows\System\uLLWOSs.exe
  C:\Windows\System\uLLWOSs.exe
  2⤵
  PID:5644
- C:\Windows\System\nHBvYbr.exe
  C:\Windows\System\nHBvYbr.exe
  2⤵
  PID:5672
- C:\Windows\System\USaEKYv.exe
  C:\Windows\System\USaEKYv.exe
  2⤵
  PID:5700
- C:\Windows\System\jWkQffB.exe
  C:\Windows\System\jWkQffB.exe
  2⤵
  PID:5728
- C:\Windows\System\laSarDF.exe
  C:\Windows\System\laSarDF.exe
  2⤵
  PID:5756
- C:\Windows\System\pTffUIj.exe
  C:\Windows\System\pTffUIj.exe
  2⤵
  PID:5784
- C:\Windows\System\FflIcqC.exe
  C:\Windows\System\FflIcqC.exe
  2⤵
  PID:5812
- C:\Windows\System\zFPzlsd.exe
  C:\Windows\System\zFPzlsd.exe
  2⤵
  PID:5840
- C:\Windows\System\hjBBmck.exe
  C:\Windows\System\hjBBmck.exe
  2⤵
  PID:5868
- C:\Windows\System\UdRtJtw.exe
  C:\Windows\System\UdRtJtw.exe
  2⤵
  PID:5896
- C:\Windows\System\FKgblEE.exe
  C:\Windows\System\FKgblEE.exe
  2⤵
  PID:5924
- C:\Windows\System\KUFChdo.exe
  C:\Windows\System\KUFChdo.exe
  2⤵
  PID:5952
- C:\Windows\System\CvFUFsJ.exe
  C:\Windows\System\CvFUFsJ.exe
  2⤵
  PID:5980
- C:\Windows\System\SUYlfZA.exe
  C:\Windows\System\SUYlfZA.exe
  2⤵
  PID:6008
- C:\Windows\System\KhaJSqG.exe
  C:\Windows\System\KhaJSqG.exe
  2⤵
  PID:6036
- C:\Windows\System\jzoLvRj.exe
  C:\Windows\System\jzoLvRj.exe
  2⤵
  PID:6064
- C:\Windows\System\LEUBUCk.exe
  C:\Windows\System\LEUBUCk.exe
  2⤵
  PID:6104
- C:\Windows\System\DDSxbEj.exe
  C:\Windows\System\DDSxbEj.exe
  2⤵
  PID:6120
- C:\Windows\System\LvvZNAM.exe
  C:\Windows\System\LvvZNAM.exe
  2⤵
  PID:392
- C:\Windows\System\tNGjoVg.exe
  C:\Windows\System\tNGjoVg.exe
  2⤵
  PID:4620
- C:\Windows\System\tbKrlKg.exe
  C:\Windows\System\tbKrlKg.exe
  2⤵
  PID:1688
- C:\Windows\System\leBYWoz.exe
  C:\Windows\System\leBYWoz.exe
  2⤵
  PID:5196
- C:\Windows\System\kmLzJbz.exe
  C:\Windows\System\kmLzJbz.exe
  2⤵
  PID:5256
- C:\Windows\System\ZHaZtLU.exe
  C:\Windows\System\ZHaZtLU.exe
  2⤵
  PID:5304
- C:\Windows\System\ekxmfRu.exe
  C:\Windows\System\ekxmfRu.exe
  2⤵
  PID:5360
- C:\Windows\System\XrAqBXg.exe
  C:\Windows\System\XrAqBXg.exe
  2⤵
  PID:5424
- C:\Windows\System\NvprQol.exe
  C:\Windows\System\NvprQol.exe
  2⤵
  PID:5492
- C:\Windows\System\zCEhDcX.exe
  C:\Windows\System\zCEhDcX.exe
  2⤵
  PID:5552
- C:\Windows\System\sIZwytV.exe
  C:\Windows\System\sIZwytV.exe
  2⤵
  PID:5628
- C:\Windows\System\LcyAPIX.exe
  C:\Windows\System\LcyAPIX.exe
  2⤵
  PID:5692
- C:\Windows\System\MqQLhEW.exe
  C:\Windows\System\MqQLhEW.exe
  2⤵
  PID:5752
- C:\Windows\System\HHvfPWo.exe
  C:\Windows\System\HHvfPWo.exe
  2⤵
  PID:5824
- C:\Windows\System\lUQLspR.exe
  C:\Windows\System\lUQLspR.exe
  2⤵
  PID:5916
- C:\Windows\System\zwoegTY.exe
  C:\Windows\System\zwoegTY.exe
  2⤵
  PID:5972
- C:\Windows\System\vhVqGEA.exe
  C:\Windows\System\vhVqGEA.exe
  2⤵
  PID:6020
- C:\Windows\System\kOMuPNa.exe
  C:\Windows\System\kOMuPNa.exe
  2⤵
  PID:6088
- C:\Windows\System\HOFYXvm.exe
  C:\Windows\System\HOFYXvm.exe
  2⤵
  PID:2504
- C:\Windows\System\iEduruJ.exe
  C:\Windows\System\iEduruJ.exe
  2⤵
  PID:5180
- C:\Windows\System\VfLZAlK.exe
  C:\Windows\System\VfLZAlK.exe
  2⤵
  PID:5332
- C:\Windows\System\IAWJVvU.exe
  C:\Windows\System\IAWJVvU.exe
  2⤵
  PID:5420
- C:\Windows\System\xCHPwrB.exe
  C:\Windows\System\xCHPwrB.exe
  2⤵
  PID:5580
- C:\Windows\System\doGMrcg.exe
  C:\Windows\System\doGMrcg.exe
  2⤵
  PID:5720
- C:\Windows\System\DQinLRd.exe
  C:\Windows\System\DQinLRd.exe
  2⤵
  PID:5948
- C:\Windows\System\rPDNhoM.exe
  C:\Windows\System\rPDNhoM.exe
  2⤵
  PID:6048
- C:\Windows\System\bhNIFyR.exe
  C:\Windows\System\bhNIFyR.exe
  2⤵
  PID:6160
- C:\Windows\System\RWSKfwa.exe
  C:\Windows\System\RWSKfwa.exe
  2⤵
  PID:6188
- C:\Windows\System\KYALsoY.exe
  C:\Windows\System\KYALsoY.exe
  2⤵
  PID:6204
- C:\Windows\System\JxbBBPP.exe
  C:\Windows\System\JxbBBPP.exe
  2⤵
  PID:6232
- C:\Windows\System\kEvKrIi.exe
  C:\Windows\System\kEvKrIi.exe
  2⤵
  PID:6260
- C:\Windows\System\ksPuinB.exe
  C:\Windows\System\ksPuinB.exe
  2⤵
  PID:6288
- C:\Windows\System\ZEneKbD.exe
  C:\Windows\System\ZEneKbD.exe
  2⤵
  PID:6316
- C:\Windows\System\hXgIaOr.exe
  C:\Windows\System\hXgIaOr.exe
  2⤵
  PID:6344
- C:\Windows\System\sDjAojr.exe
  C:\Windows\System\sDjAojr.exe
  2⤵
  PID:6372
- C:\Windows\System\cegbyQj.exe
  C:\Windows\System\cegbyQj.exe
  2⤵
  PID:6412
- C:\Windows\System\vEJsuWX.exe
  C:\Windows\System\vEJsuWX.exe
  2⤵
  PID:6440
- C:\Windows\System\EkKHIZA.exe
  C:\Windows\System\EkKHIZA.exe
  2⤵
  PID:6456
- C:\Windows\System\uWuHccr.exe
  C:\Windows\System\uWuHccr.exe
  2⤵
  PID:6484
- C:\Windows\System\NayHzPz.exe
  C:\Windows\System\NayHzPz.exe
  2⤵
  PID:6500
- C:\Windows\System\ymyoYXU.exe
  C:\Windows\System\ymyoYXU.exe
  2⤵
  PID:6540
- C:\Windows\System\PwIogtc.exe
  C:\Windows\System\PwIogtc.exe
  2⤵
  PID:6568
- C:\Windows\System\KoGtdqz.exe
  C:\Windows\System\KoGtdqz.exe
  2⤵
  PID:6596
- C:\Windows\System\PfkSyLi.exe
  C:\Windows\System\PfkSyLi.exe
  2⤵
  PID:6624
- C:\Windows\System\uvwqfHi.exe
  C:\Windows\System\uvwqfHi.exe
  2⤵
  PID:6652
- C:\Windows\System\biQVtPg.exe
  C:\Windows\System\biQVtPg.exe
  2⤵
  PID:6692
- C:\Windows\System\ZybeILo.exe
  C:\Windows\System\ZybeILo.exe
  2⤵
  PID:6708
- C:\Windows\System\FPknLYm.exe
  C:\Windows\System\FPknLYm.exe
  2⤵
  PID:6736
- C:\Windows\System\SOEdysf.exe
  C:\Windows\System\SOEdysf.exe
  2⤵
  PID:6764
- C:\Windows\System\phDJKBC.exe
  C:\Windows\System\phDJKBC.exe
  2⤵
  PID:6804
- C:\Windows\System\CejewxD.exe
  C:\Windows\System\CejewxD.exe
  2⤵
  PID:6820
- C:\Windows\System\ZKKdBPf.exe
  C:\Windows\System\ZKKdBPf.exe
  2⤵
  PID:6848
- C:\Windows\System\MVVwIBT.exe
  C:\Windows\System\MVVwIBT.exe
  2⤵
  PID:6876
- C:\Windows\System\SqGCKMN.exe
  C:\Windows\System\SqGCKMN.exe
  2⤵
  PID:6904
- C:\Windows\System\IutGGOI.exe
  C:\Windows\System\IutGGOI.exe
  2⤵
  PID:6928
- C:\Windows\System\eCgfuCL.exe
  C:\Windows\System\eCgfuCL.exe
  2⤵
  PID:6960
- C:\Windows\System\mNayCnz.exe
  C:\Windows\System\mNayCnz.exe
  2⤵
  PID:6976
- C:\Windows\System\kITmWty.exe
  C:\Windows\System\kITmWty.exe
  2⤵
  PID:7012
- C:\Windows\System\YneIuSD.exe
  C:\Windows\System\YneIuSD.exe
  2⤵
  PID:7056
- C:\Windows\System\jZlhbdG.exe
  C:\Windows\System\jZlhbdG.exe
  2⤵
  PID:7084
- C:\Windows\System\nuykqwv.exe
  C:\Windows\System\nuykqwv.exe
  2⤵
  PID:7112
- C:\Windows\System\LxKbTPd.exe
  C:\Windows\System\LxKbTPd.exe
  2⤵
  PID:7140
- C:\Windows\System\xUhqGSV.exe
  C:\Windows\System\xUhqGSV.exe
  2⤵
  PID:7156
- C:\Windows\System\tKSoWgr.exe
  C:\Windows\System\tKSoWgr.exe
  2⤵
  PID:5236
- C:\Windows\System\sFKVmkO.exe
  C:\Windows\System\sFKVmkO.exe
  2⤵
  PID:5664
- C:\Windows\System\MqjTdzc.exe
  C:\Windows\System\MqjTdzc.exe
  2⤵
  PID:5892
- C:\Windows\System\KrkHyyP.exe
  C:\Windows\System\KrkHyyP.exe
  2⤵
  PID:6172
- C:\Windows\System\oBlcvjR.exe
  C:\Windows\System\oBlcvjR.exe
  2⤵
  PID:6220
- C:\Windows\System\zbsXCkq.exe
  C:\Windows\System\zbsXCkq.exe
  2⤵
  PID:6308
- C:\Windows\System\gvVPGMc.exe
  C:\Windows\System\gvVPGMc.exe
  2⤵
  PID:6356
- C:\Windows\System\AXBgndv.exe
  C:\Windows\System\AXBgndv.exe
  2⤵
  PID:6448
- C:\Windows\System\OpsNAyO.exe
  C:\Windows\System\OpsNAyO.exe
  2⤵
  PID:6476
- C:\Windows\System\bhWxTJE.exe
  C:\Windows\System\bhWxTJE.exe
  2⤵
  PID:6552
- C:\Windows\System\NbILRci.exe
  C:\Windows\System\NbILRci.exe
  2⤵
  PID:6608
- C:\Windows\System\GuzzKEY.exe
  C:\Windows\System\GuzzKEY.exe
  2⤵
  PID:6676
- C:\Windows\System\YAGuQoA.exe
  C:\Windows\System\YAGuQoA.exe
  2⤵
  PID:6732
- C:\Windows\System\GXXvruK.exe
  C:\Windows\System\GXXvruK.exe
  2⤵
  PID:6776
- C:\Windows\System\EyMohbq.exe
  C:\Windows\System\EyMohbq.exe
  2⤵
  PID:6860
- C:\Windows\System\xjUjFSt.exe
  C:\Windows\System\xjUjFSt.exe
  2⤵
  PID:6948
- C:\Windows\System\aFoHReE.exe
  C:\Windows\System\aFoHReE.exe
  2⤵
  PID:6988
- C:\Windows\System\EvYOPHn.exe
  C:\Windows\System\EvYOPHn.exe
  2⤵
  PID:7076
- C:\Windows\System\tyoCTOS.exe
  C:\Windows\System\tyoCTOS.exe
  2⤵
  PID:7120
- C:\Windows\System\yvryXSi.exe
  C:\Windows\System\yvryXSi.exe
  2⤵
  PID:5132
- C:\Windows\System\ijANqXe.exe
  C:\Windows\System\ijANqXe.exe
  2⤵
  PID:6112
- C:\Windows\System\HygHAuI.exe
  C:\Windows\System\HygHAuI.exe
  2⤵
  PID:6280
- C:\Windows\System\xsMLoDf.exe
  C:\Windows\System\xsMLoDf.exe
  2⤵
  PID:6420
- C:\Windows\System\TLdTNkl.exe
  C:\Windows\System\TLdTNkl.exe
  2⤵
  PID:6512
- C:\Windows\System\cInJyFW.exe
  C:\Windows\System\cInJyFW.exe
  2⤵
  PID:6648
- C:\Windows\System\JTMLWFd.exe
  C:\Windows\System\JTMLWFd.exe
  2⤵
  PID:4832
- C:\Windows\System\WHuiJSX.exe
  C:\Windows\System\WHuiJSX.exe
  2⤵
  PID:7008
- C:\Windows\System\KlxUjQP.exe
  C:\Windows\System\KlxUjQP.exe
  2⤵
  PID:5612
- C:\Windows\System\pZCgjLE.exe
  C:\Windows\System\pZCgjLE.exe
  2⤵
  PID:6384
- C:\Windows\System\EjqRqnN.exe
  C:\Windows\System\EjqRqnN.exe
  2⤵
  PID:6584
- C:\Windows\System\TzFnQTD.exe
  C:\Windows\System\TzFnQTD.exe
  2⤵
  PID:6924
- C:\Windows\System\gUMnAeA.exe
  C:\Windows\System\gUMnAeA.exe
  2⤵
  PID:7188
- C:\Windows\System\YNAgAAQ.exe
  C:\Windows\System\YNAgAAQ.exe
  2⤵
  PID:7228
- C:\Windows\System\igpEMKI.exe
  C:\Windows\System\igpEMKI.exe
  2⤵
  PID:7256
- C:\Windows\System\ySCubwC.exe
  C:\Windows\System\ySCubwC.exe
  2⤵
  PID:7272
- C:\Windows\System\soOFIJh.exe
  C:\Windows\System\soOFIJh.exe
  2⤵
  PID:7300
- C:\Windows\System\lOEzhAZ.exe
  C:\Windows\System\lOEzhAZ.exe
  2⤵
  PID:7328
- C:\Windows\System\kXLCCJb.exe
  C:\Windows\System\kXLCCJb.exe
  2⤵
  PID:7356
- C:\Windows\System\vvoEjCQ.exe
  C:\Windows\System\vvoEjCQ.exe
  2⤵
  PID:7384
- C:\Windows\System\LrUkgjn.exe
  C:\Windows\System\LrUkgjn.exe
  2⤵
  PID:7420
- C:\Windows\System\FbiFTms.exe
  C:\Windows\System\FbiFTms.exe
  2⤵
  PID:7440
- C:\Windows\System\uYSvuNc.exe
  C:\Windows\System\uYSvuNc.exe
  2⤵
  PID:7480
- C:\Windows\System\NdfaoJQ.exe
  C:\Windows\System\NdfaoJQ.exe
  2⤵
  PID:7508
- C:\Windows\System\ASSrGuS.exe
  C:\Windows\System\ASSrGuS.exe
  2⤵
  PID:7536
- C:\Windows\System\ccmyozu.exe
  C:\Windows\System\ccmyozu.exe
  2⤵
  PID:7552
- C:\Windows\System\QHdOSBy.exe
  C:\Windows\System\QHdOSBy.exe
  2⤵
  PID:7580
- C:\Windows\System\nGCUjnj.exe
  C:\Windows\System\nGCUjnj.exe
  2⤵
  PID:7608
- C:\Windows\System\WuPDnih.exe
  C:\Windows\System\WuPDnih.exe
  2⤵
  PID:7636
- C:\Windows\System\PBwaoWs.exe
  C:\Windows\System\PBwaoWs.exe
  2⤵
  PID:7664
- C:\Windows\System\xGyoXRg.exe
  C:\Windows\System\xGyoXRg.exe
  2⤵
  PID:7692
- C:\Windows\System\WnpXbVh.exe
  C:\Windows\System\WnpXbVh.exe
  2⤵
  PID:7720
- C:\Windows\System\ApOevKs.exe
  C:\Windows\System\ApOevKs.exe
  2⤵
  PID:7748
- C:\Windows\System\jwCxuJN.exe
  C:\Windows\System\jwCxuJN.exe
  2⤵
  PID:7788
- C:\Windows\System\YVGIXUr.exe
  C:\Windows\System\YVGIXUr.exe
  2⤵
  PID:7804
- C:\Windows\System\TVPMGsA.exe
  C:\Windows\System\TVPMGsA.exe
  2⤵
  PID:7832
- C:\Windows\System\KZmhcpu.exe
  C:\Windows\System\KZmhcpu.exe
  2⤵
  PID:7860
- C:\Windows\System\FWEoyaw.exe
  C:\Windows\System\FWEoyaw.exe
  2⤵
  PID:7888
- C:\Windows\System\oDzOIIM.exe
  C:\Windows\System\oDzOIIM.exe
  2⤵
  PID:7916
- C:\Windows\System\sYeYgDe.exe
  C:\Windows\System\sYeYgDe.exe
  2⤵
  PID:7948
- C:\Windows\System\bKNQRVR.exe
  C:\Windows\System\bKNQRVR.exe
  2⤵
  PID:7972
- C:\Windows\System\fPfpUvP.exe
  C:\Windows\System\fPfpUvP.exe
  2⤵
  PID:8000
- C:\Windows\System\kJMWpbI.exe
  C:\Windows\System\kJMWpbI.exe
  2⤵
  PID:8016
- C:\Windows\System\XcBdJkS.exe
  C:\Windows\System\XcBdJkS.exe
  2⤵
  PID:8044
- C:\Windows\System\KduoJAs.exe
  C:\Windows\System\KduoJAs.exe
  2⤵
  PID:8072
- C:\Windows\System\zEgDUDb.exe
  C:\Windows\System\zEgDUDb.exe
  2⤵
  PID:8112
- C:\Windows\System\lLarcGh.exe
  C:\Windows\System\lLarcGh.exe
  2⤵
  PID:8140
- C:\Windows\System\tXPrCgd.exe
  C:\Windows\System\tXPrCgd.exe
  2⤵
  PID:8168
- C:\Windows\System\wIIemFj.exe
  C:\Windows\System\wIIemFj.exe
  2⤵
  PID:7100
- C:\Windows\System\eFlsEMY.exe
  C:\Windows\System\eFlsEMY.exe
  2⤵
  PID:7172
- C:\Windows\System\TvfqlVD.exe
  C:\Windows\System\TvfqlVD.exe
  2⤵
  PID:7204
- C:\Windows\System\gQHgipQ.exe
  C:\Windows\System\gQHgipQ.exe
  2⤵
  PID:7288
- C:\Windows\System\MetjPPa.exe
  C:\Windows\System\MetjPPa.exe
  2⤵
  PID:7320
- C:\Windows\System\etfGlVO.exe
  C:\Windows\System\etfGlVO.exe
  2⤵
  PID:7408
- C:\Windows\System\zrewPww.exe
  C:\Windows\System\zrewPww.exe
  2⤵
  PID:7472
- C:\Windows\System\Iwvqnin.exe
  C:\Windows\System\Iwvqnin.exe
  2⤵
  PID:7520
- C:\Windows\System\IPupVsn.exe
  C:\Windows\System\IPupVsn.exe
  2⤵
  PID:7576
- C:\Windows\System\YkJRmDP.exe
  C:\Windows\System\YkJRmDP.exe
  2⤵
  PID:7648
- C:\Windows\System\hOXGYwy.exe
  C:\Windows\System\hOXGYwy.exe
  2⤵
  PID:7708
- C:\Windows\System\XHeoaVA.exe
  C:\Windows\System\XHeoaVA.exe
  2⤵
  PID:7760
- C:\Windows\System\QWwVSuH.exe
  C:\Windows\System\QWwVSuH.exe
  2⤵
  PID:1044
- C:\Windows\System\TwBoSSs.exe
  C:\Windows\System\TwBoSSs.exe
  2⤵
  PID:1000
- C:\Windows\System\DxkIAvm.exe
  C:\Windows\System\DxkIAvm.exe
  2⤵
  PID:7936
- C:\Windows\System\RHsfQJM.exe
  C:\Windows\System\RHsfQJM.exe
  2⤵
  PID:232
- C:\Windows\System\uTzHGpS.exe
  C:\Windows\System\uTzHGpS.exe
  2⤵
  PID:4460
- C:\Windows\System\WVLlJxM.exe
  C:\Windows\System\WVLlJxM.exe
  2⤵
  PID:7372
- C:\Windows\System\Fbismbe.exe
  C:\Windows\System\Fbismbe.exe
  2⤵
  PID:7572
- C:\Windows\System\FurhKna.exe
  C:\Windows\System\FurhKna.exe
  2⤵
  PID:7740
- C:\Windows\System\YYPIrOa.exe
  C:\Windows\System\YYPIrOa.exe
  2⤵
  PID:4852
- C:\Windows\System\nTCWzNU.exe
  C:\Windows\System\nTCWzNU.exe
  2⤵
  PID:3000
- C:\Windows\System\BaNXngT.exe
  C:\Windows\System\BaNXngT.exe
  2⤵
  PID:2708
- C:\Windows\System\PTAcVZH.exe
  C:\Windows\System\PTAcVZH.exe
  2⤵
  PID:4864
- C:\Windows\System\dGmnrXB.exe
  C:\Windows\System\dGmnrXB.exe
  2⤵
  PID:4964
- C:\Windows\System\MJJbUYz.exe
  C:\Windows\System\MJJbUYz.exe
  2⤵
  PID:1304
- C:\Windows\System\GBffuGR.exe
  C:\Windows\System\GBffuGR.exe
  2⤵
  PID:7352
- C:\Windows\System\igxnebL.exe
  C:\Windows\System\igxnebL.exe
  2⤵
  PID:7872
- C:\Windows\System\vNkaldA.exe
  C:\Windows\System\vNkaldA.exe
  2⤵
  PID:7268
- C:\Windows\System\MLugpOF.exe
  C:\Windows\System\MLugpOF.exe
  2⤵
  PID:8056
- C:\Windows\System\SkuAari.exe
  C:\Windows\System\SkuAari.exe
  2⤵
  PID:852
- C:\Windows\System\vhMplrO.exe
  C:\Windows\System\vhMplrO.exe
  2⤵
  PID:3280
- C:\Windows\System\gzTioaW.exe
  C:\Windows\System\gzTioaW.exe
  2⤵
  PID:3944
- C:\Windows\System\olsYgWa.exe
  C:\Windows\System\olsYgWa.exe
  2⤵
  PID:8064
- C:\Windows\System\bvqbZkj.exe
  C:\Windows\System\bvqbZkj.exe
  2⤵
  PID:1568
- C:\Windows\System\HEAZwzQ.exe
  C:\Windows\System\HEAZwzQ.exe
  2⤵
  PID:7736
- C:\Windows\System\WYOidhV.exe
  C:\Windows\System\WYOidhV.exe
  2⤵
  PID:7200
- C:\Windows\System\GyviiJk.exe
  C:\Windows\System\GyviiJk.exe
  2⤵
  PID:8196
- C:\Windows\System\IhOOMNx.exe
  C:\Windows\System\IhOOMNx.exe
  2⤵
  PID:8244
- C:\Windows\System\eSiOtsK.exe
  C:\Windows\System\eSiOtsK.exe
  2⤵
  PID:8272
- C:\Windows\System\TiAVSis.exe
  C:\Windows\System\TiAVSis.exe
  2⤵
  PID:8304
- C:\Windows\System\TqjDOlr.exe
  C:\Windows\System\TqjDOlr.exe
  2⤵
  PID:8368
- C:\Windows\System\TNMIIju.exe
  C:\Windows\System\TNMIIju.exe
  2⤵
  PID:8400
- C:\Windows\System\EFBmjaD.exe
  C:\Windows\System\EFBmjaD.exe
  2⤵
  PID:8428
- C:\Windows\System\uhmJjLQ.exe
  C:\Windows\System\uhmJjLQ.exe
  2⤵
  PID:8512
- C:\Windows\System\OlmcHnm.exe
  C:\Windows\System\OlmcHnm.exe
  2⤵
  PID:8584
- C:\Windows\System\keTAsBD.exe
  C:\Windows\System\keTAsBD.exe
  2⤵
  PID:8616
- C:\Windows\System\lqHGHCu.exe
  C:\Windows\System\lqHGHCu.exe
  2⤵
  PID:8656
- C:\Windows\System\WhqsRfO.exe
  C:\Windows\System\WhqsRfO.exe
  2⤵
  PID:8708
- C:\Windows\System\bDgFvwo.exe
  C:\Windows\System\bDgFvwo.exe
  2⤵
  PID:8768
- C:\Windows\System\NrNLwPm.exe
  C:\Windows\System\NrNLwPm.exe
  2⤵
  PID:8804
- C:\Windows\System\gDRxREK.exe
  C:\Windows\System\gDRxREK.exe
  2⤵
  PID:8836
- C:\Windows\System\SwtlCvi.exe
  C:\Windows\System\SwtlCvi.exe
  2⤵
  PID:8864
- C:\Windows\System\BHZbxCm.exe
  C:\Windows\System\BHZbxCm.exe
  2⤵
  PID:8912
- C:\Windows\System\KuMjjwP.exe
  C:\Windows\System\KuMjjwP.exe
  2⤵
  PID:8956
- C:\Windows\System\LgwCjzf.exe
  C:\Windows\System\LgwCjzf.exe
  2⤵
  PID:8984
- C:\Windows\System\nShqWfy.exe
  C:\Windows\System\nShqWfy.exe
  2⤵
  PID:9020
- C:\Windows\System\ZBQftkJ.exe
  C:\Windows\System\ZBQftkJ.exe
  2⤵
  PID:9052
- C:\Windows\System\TJDsryA.exe
  C:\Windows\System\TJDsryA.exe
  2⤵
  PID:9080
- C:\Windows\System\YCGfWCU.exe
  C:\Windows\System\YCGfWCU.exe
  2⤵
  PID:9108
- C:\Windows\System\KZuohtU.exe
  C:\Windows\System\KZuohtU.exe
  2⤵
  PID:9140
- C:\Windows\System\ObTRgHH.exe
  C:\Windows\System\ObTRgHH.exe
  2⤵
  PID:9160
- C:\Windows\System\IVJNaSy.exe
  C:\Windows\System\IVJNaSy.exe
  2⤵
  PID:9192
- C:\Windows\System\VwKwkeZ.exe
  C:\Windows\System\VwKwkeZ.exe
  2⤵
  PID:8216
- C:\Windows\System\TkOBZsC.exe
  C:\Windows\System\TkOBZsC.exe
  2⤵
  PID:8264
- C:\Windows\System\KIVumch.exe
  C:\Windows\System\KIVumch.exe
  2⤵
  PID:1508
- C:\Windows\System\EFQNDGh.exe
  C:\Windows\System\EFQNDGh.exe
  2⤵
  PID:8392
- C:\Windows\System\MoBsZSo.exe
  C:\Windows\System\MoBsZSo.exe
  2⤵
  PID:8496
- C:\Windows\System\ydRDMQy.exe
  C:\Windows\System\ydRDMQy.exe
  2⤵
  PID:8648
- C:\Windows\System\nkbfKlD.exe
  C:\Windows\System\nkbfKlD.exe
  2⤵
  PID:8764
- C:\Windows\System\TYaBAxC.exe
  C:\Windows\System\TYaBAxC.exe
  2⤵
  PID:8820
- C:\Windows\System\rVWuiWy.exe
  C:\Windows\System\rVWuiWy.exe
  2⤵
  PID:8908
- C:\Windows\System\TumPakV.exe
  C:\Windows\System\TumPakV.exe
  2⤵
  PID:8728
- C:\Windows\System\nwoZlYX.exe
  C:\Windows\System\nwoZlYX.exe
  2⤵
  PID:8936
- C:\Windows\System\APBEzOt.exe
  C:\Windows\System\APBEzOt.exe
  2⤵
  PID:8388
- C:\Windows\System\iPDwuHV.exe
  C:\Windows\System\iPDwuHV.exe
  2⤵
  PID:9132
- C:\Windows\System\tCPDUkT.exe
  C:\Windows\System\tCPDUkT.exe
  2⤵
  PID:8180
- C:\Windows\System\sNIsFNs.exe
  C:\Windows\System\sNIsFNs.exe
  2⤵
  PID:8348
- C:\Windows\System\hPjOBCM.exe
  C:\Windows\System\hPjOBCM.exe
  2⤵
  PID:8580
- C:\Windows\System\nwEshaj.exe
  C:\Windows\System\nwEshaj.exe
  2⤵
  PID:8760
- C:\Windows\System\rYsLHdd.exe
  C:\Windows\System\rYsLHdd.exe
  2⤵
  PID:8904
- C:\Windows\System\kYSJFaF.exe
  C:\Windows\System\kYSJFaF.exe
  2⤵
  PID:8968
- C:\Windows\System\cWBYysb.exe
  C:\Windows\System\cWBYysb.exe
  2⤵
  PID:1360
- C:\Windows\System\zjsCerY.exe
  C:\Windows\System\zjsCerY.exe
  2⤵
  PID:9148
- C:\Windows\System\vRVfZbI.exe
  C:\Windows\System\vRVfZbI.exe
  2⤵
  PID:8632
- C:\Windows\System\zLGtjld.exe
  C:\Windows\System\zLGtjld.exe
  2⤵
  PID:8796
- C:\Windows\System\YJhRoxy.exe
  C:\Windows\System\YJhRoxy.exe
  2⤵
  PID:9044
- C:\Windows\System\fbWDiaB.exe
  C:\Windows\System\fbWDiaB.exe
  2⤵
  PID:8720
- C:\Windows\System\xddBSGe.exe
  C:\Windows\System\xddBSGe.exe
  2⤵
  PID:3104
- C:\Windows\System\mhUgSbM.exe
  C:\Windows\System\mhUgSbM.exe
  2⤵
  PID:9224
- C:\Windows\System\sttUNtt.exe
  C:\Windows\System\sttUNtt.exe
  2⤵
  PID:9256
- C:\Windows\System\VHvGeKy.exe
  C:\Windows\System\VHvGeKy.exe
  2⤵
  PID:9276
- C:\Windows\System\MVcSvLF.exe
  C:\Windows\System\MVcSvLF.exe
  2⤵
  PID:9332
- C:\Windows\System\xMzYNfb.exe
  C:\Windows\System\xMzYNfb.exe
  2⤵
  PID:9360
- C:\Windows\System\gRXdRmq.exe
  C:\Windows\System\gRXdRmq.exe
  2⤵
  PID:9388
- C:\Windows\System\mUNVflY.exe
  C:\Windows\System\mUNVflY.exe
  2⤵
  PID:9424
- C:\Windows\System\tQOiCQv.exe
  C:\Windows\System\tQOiCQv.exe
  2⤵
  PID:9464
- C:\Windows\System\dZfycmz.exe
  C:\Windows\System\dZfycmz.exe
  2⤵
  PID:9496
- C:\Windows\System\iSjffQq.exe
  C:\Windows\System\iSjffQq.exe
  2⤵
  PID:9560
- C:\Windows\System\vPiwMcf.exe
  C:\Windows\System\vPiwMcf.exe
  2⤵
  PID:9592
- C:\Windows\System\wKfAiAE.exe
  C:\Windows\System\wKfAiAE.exe
  2⤵
  PID:9620
- C:\Windows\System\jPWCwcd.exe
  C:\Windows\System\jPWCwcd.exe
  2⤵
  PID:9664
- C:\Windows\System\UHOvXrU.exe
  C:\Windows\System\UHOvXrU.exe
  2⤵
  PID:9684
- C:\Windows\System\WztWmdG.exe
  C:\Windows\System\WztWmdG.exe
  2⤵
  PID:9720
- C:\Windows\System\yYwWMpW.exe
  C:\Windows\System\yYwWMpW.exe
  2⤵
  PID:9748
- C:\Windows\System\JgcGFkH.exe
  C:\Windows\System\JgcGFkH.exe
  2⤵
  PID:9768
- C:\Windows\System\bqdygpl.exe
  C:\Windows\System\bqdygpl.exe
  2⤵
  PID:9808
- C:\Windows\System\NZLTmSC.exe
  C:\Windows\System\NZLTmSC.exe
  2⤵
  PID:9844
- C:\Windows\System\NZNIbil.exe
  C:\Windows\System\NZNIbil.exe
  2⤵
  PID:9876
- C:\Windows\System\xkmGGxP.exe
  C:\Windows\System\xkmGGxP.exe
  2⤵
  PID:9912
- C:\Windows\System\ZKnaCPf.exe
  C:\Windows\System\ZKnaCPf.exe
  2⤵
  PID:9940
- C:\Windows\System\TVEadeo.exe
  C:\Windows\System\TVEadeo.exe
  2⤵
  PID:9968
- C:\Windows\System\tYwqaRu.exe
  C:\Windows\System\tYwqaRu.exe
  2⤵
  PID:9996
- C:\Windows\System\zNzmxOi.exe
  C:\Windows\System\zNzmxOi.exe
  2⤵
  PID:10028
- C:\Windows\System\moSwMjh.exe
  C:\Windows\System\moSwMjh.exe
  2⤵
  PID:10056
- C:\Windows\System\aGpevQE.exe
  C:\Windows\System\aGpevQE.exe
  2⤵
  PID:10084
- C:\Windows\System\ZIJmojM.exe
  C:\Windows\System\ZIJmojM.exe
  2⤵
  PID:10112
- C:\Windows\System\hfcnqzP.exe
  C:\Windows\System\hfcnqzP.exe
  2⤵
  PID:10144
- C:\Windows\System\mNRhCir.exe
  C:\Windows\System\mNRhCir.exe
  2⤵
  PID:10172
- C:\Windows\System\kVlmCGG.exe
  C:\Windows\System\kVlmCGG.exe
  2⤵
  PID:10200
- C:\Windows\System\fRLcbKP.exe
  C:\Windows\System\fRLcbKP.exe
  2⤵
  PID:10228
- C:\Windows\System\WLISbuE.exe
  C:\Windows\System\WLISbuE.exe
  2⤵
  PID:9248
- C:\Windows\System\iIoMTus.exe
  C:\Windows\System\iIoMTus.exe
  2⤵
  PID:9308
- C:\Windows\System\paBkGQh.exe
  C:\Windows\System\paBkGQh.exe
  2⤵
  PID:9380
- C:\Windows\System\wOlwNTe.exe
  C:\Windows\System\wOlwNTe.exe
  2⤵
  PID:9456
- C:\Windows\System\KhdXvPi.exe
  C:\Windows\System\KhdXvPi.exe
  2⤵
  PID:9576
- C:\Windows\System\OHjgBop.exe
  C:\Windows\System\OHjgBop.exe
  2⤵
  PID:9632
- C:\Windows\System\zZmnjjx.exe
  C:\Windows\System\zZmnjjx.exe
  2⤵
  PID:9712
- C:\Windows\System\uiZOikp.exe
  C:\Windows\System\uiZOikp.exe
  2⤵
  PID:9764
- C:\Windows\System\hoQlYBU.exe
  C:\Windows\System\hoQlYBU.exe
  2⤵
  PID:9836
- C:\Windows\System\tAiCcAS.exe
  C:\Windows\System\tAiCcAS.exe
  2⤵
  PID:8452
- C:\Windows\System\RCazKXj.exe
  C:\Windows\System\RCazKXj.exe
  2⤵
  PID:9872
- C:\Windows\System\YJllqCw.exe
  C:\Windows\System\YJllqCw.exe
  2⤵
  PID:9964
- C:\Windows\System\IwkTNkb.exe
  C:\Windows\System\IwkTNkb.exe
  2⤵
  PID:9992
- C:\Windows\System\gTtaegG.exe
  C:\Windows\System\gTtaegG.exe
  2⤵
  PID:10052
- C:\Windows\System\QmkXtse.exe
  C:\Windows\System\QmkXtse.exe
  2⤵
  PID:10108
- C:\Windows\System\DzZbmXP.exe
  C:\Windows\System\DzZbmXP.exe
  2⤵
  PID:10184
- C:\Windows\System\dQyGIWV.exe
  C:\Windows\System\dQyGIWV.exe
  2⤵
  PID:9236
- C:\Windows\System\cKsZJcM.exe
  C:\Windows\System\cKsZJcM.exe
  2⤵
  PID:9420
- C:\Windows\System\GwtXQlO.exe
  C:\Windows\System\GwtXQlO.exe
  2⤵
  PID:9612
- C:\Windows\System\ZJJPDoM.exe
  C:\Windows\System\ZJJPDoM.exe
  2⤵
  PID:5024
- C:\Windows\System\GtVXSJr.exe
  C:\Windows\System\GtVXSJr.exe
  2⤵
  PID:3864
- C:\Windows\System\VONmcrj.exe
  C:\Windows\System\VONmcrj.exe
  2⤵
  PID:8676
- C:\Windows\System\sdzLXxt.exe
  C:\Windows\System\sdzLXxt.exe
  2⤵
  PID:2248
- C:\Windows\System\kArWzAH.exe
  C:\Windows\System\kArWzAH.exe
  2⤵
  PID:10136
- C:\Windows\System\YbUnVtr.exe
  C:\Windows\System\YbUnVtr.exe
  2⤵
  PID:9372
- C:\Windows\System\nLrrmuo.exe
  C:\Windows\System\nLrrmuo.exe
  2⤵
  PID:9740
- C:\Windows\System\ZlnSQPm.exe
  C:\Windows\System\ZlnSQPm.exe
  2⤵
  PID:9936
- C:\Windows\System\dLWKITp.exe
  C:\Windows\System\dLWKITp.exe
  2⤵
  PID:10104
- C:\Windows\System\PasoGie.exe
  C:\Windows\System\PasoGie.exe
  2⤵
  PID:8336
- C:\Windows\System\BIyDhsH.exe
  C:\Windows\System\BIyDhsH.exe
  2⤵
  PID:9648
- C:\Windows\System\KInLkuV.exe
  C:\Windows\System\KInLkuV.exe
  2⤵
  PID:10248
- C:\Windows\System\ibmPoRf.exe
  C:\Windows\System\ibmPoRf.exe
  2⤵
  PID:10276
- C:\Windows\System\uZCZkUG.exe
  C:\Windows\System\uZCZkUG.exe
  2⤵
  PID:10304
- C:\Windows\System\nzBMikN.exe
  C:\Windows\System\nzBMikN.exe
  2⤵
  PID:10332
- C:\Windows\System\hoKddGE.exe
  C:\Windows\System\hoKddGE.exe
  2⤵
  PID:10348
- C:\Windows\System\jqHPmmL.exe
  C:\Windows\System\jqHPmmL.exe
  2⤵
  PID:10368
- C:\Windows\System\Xrxqftc.exe
  C:\Windows\System\Xrxqftc.exe
  2⤵
  PID:10404
- C:\Windows\System\llzDIbX.exe
  C:\Windows\System\llzDIbX.exe
  2⤵
  PID:10424
- C:\Windows\System\ozbqOcE.exe
  C:\Windows\System\ozbqOcE.exe
  2⤵
  PID:10444
- C:\Windows\System\CXKpexX.exe
  C:\Windows\System\CXKpexX.exe
  2⤵
  PID:10464
- C:\Windows\System\lxuxNYn.exe
  C:\Windows\System\lxuxNYn.exe
  2⤵
  PID:10484
- C:\Windows\System\dXyCLzl.exe
  C:\Windows\System\dXyCLzl.exe
  2⤵
  PID:10508
- C:\Windows\System\oIdTiRG.exe
  C:\Windows\System\oIdTiRG.exe
  2⤵
  PID:10560
- C:\Windows\System\ZbxgwOs.exe
  C:\Windows\System\ZbxgwOs.exe
  2⤵
  PID:10612
- C:\Windows\System\QOOKEQg.exe
  C:\Windows\System\QOOKEQg.exe
  2⤵
  PID:10644
- C:\Windows\System\jaZdHcZ.exe
  C:\Windows\System\jaZdHcZ.exe
  2⤵
  PID:10672
- C:\Windows\System\EJrgkZX.exe
  C:\Windows\System\EJrgkZX.exe
  2⤵
  PID:10700
- C:\Windows\System\qYdmWpk.exe
  C:\Windows\System\qYdmWpk.exe
  2⤵
  PID:10728
- C:\Windows\System\CKIZFWr.exe
  C:\Windows\System\CKIZFWr.exe
  2⤵
  PID:10756
- C:\Windows\System\fQrPXgX.exe
  C:\Windows\System\fQrPXgX.exe
  2⤵
  PID:10784
- C:\Windows\System\PoZDIGo.exe
  C:\Windows\System\PoZDIGo.exe
  2⤵
  PID:10812
- C:\Windows\System\WwzQsLf.exe
  C:\Windows\System\WwzQsLf.exe
  2⤵
  PID:10840
- C:\Windows\System\JITGfDI.exe
  C:\Windows\System\JITGfDI.exe
  2⤵
  PID:10868
- C:\Windows\System\pmoQVyt.exe
  C:\Windows\System\pmoQVyt.exe
  2⤵
  PID:10896
- C:\Windows\System\LxVcDNE.exe
  C:\Windows\System\LxVcDNE.exe
  2⤵
  PID:10924
- C:\Windows\System\hYMbVzH.exe
  C:\Windows\System\hYMbVzH.exe
  2⤵
  PID:10952
- C:\Windows\System\xUdFcug.exe
  C:\Windows\System\xUdFcug.exe
  2⤵
  PID:10980
- C:\Windows\System\DaYpPSc.exe
  C:\Windows\System\DaYpPSc.exe
  2⤵
  PID:11008
- C:\Windows\System\gkvVzUm.exe
  C:\Windows\System\gkvVzUm.exe
  2⤵
  PID:11036
- C:\Windows\System\iPUUfBP.exe
  C:\Windows\System\iPUUfBP.exe
  2⤵
  PID:11064
- C:\Windows\System\ixxduLs.exe
  C:\Windows\System\ixxduLs.exe
  2⤵
  PID:11092
- C:\Windows\System\BQdAOuJ.exe
  C:\Windows\System\BQdAOuJ.exe
  2⤵
  PID:11120
- C:\Windows\System\UVTzSvq.exe
  C:\Windows\System\UVTzSvq.exe
  2⤵
  PID:11152
- C:\Windows\System\kNHJBRU.exe
  C:\Windows\System\kNHJBRU.exe
  2⤵
  PID:11180
- C:\Windows\System\exIyGCS.exe
  C:\Windows\System\exIyGCS.exe
  2⤵
  PID:11208
- C:\Windows\System\NlzcqdU.exe
  C:\Windows\System\NlzcqdU.exe
  2⤵
  PID:11236
- C:\Windows\System\EwxcIuN.exe
  C:\Windows\System\EwxcIuN.exe
  2⤵
  PID:10096
- C:\Windows\System\VixiCMd.exe
  C:\Windows\System\VixiCMd.exe
  2⤵
  PID:3124
- C:\Windows\System\SlPnEDF.exe
  C:\Windows\System\SlPnEDF.exe
  2⤵
  PID:10340
- C:\Windows\System\OaGFhcN.exe
  C:\Windows\System\OaGFhcN.exe
  2⤵
  PID:10388
- C:\Windows\System\gyEveFg.exe
  C:\Windows\System\gyEveFg.exe
  2⤵
  PID:10480
- C:\Windows\System\WuyDSMH.exe
  C:\Windows\System\WuyDSMH.exe
  2⤵
  PID:10548
- C:\Windows\System\OQXYzgk.exe
  C:\Windows\System\OQXYzgk.exe
  2⤵
  PID:10596
- C:\Windows\System\rapzrWv.exe
  C:\Windows\System\rapzrWv.exe
  2⤵
  PID:10664
- C:\Windows\System\afwtaQJ.exe
  C:\Windows\System\afwtaQJ.exe
  2⤵
  PID:10720
- C:\Windows\System\QkoXQjY.exe
  C:\Windows\System\QkoXQjY.exe
  2⤵
  PID:10832
- C:\Windows\System\quDeSsS.exe
  C:\Windows\System\quDeSsS.exe
  2⤵
  PID:10908
- C:\Windows\System\JdYEYyn.exe
  C:\Windows\System\JdYEYyn.exe
  2⤵
  PID:11020
- C:\Windows\System\jAqBdMc.exe
  C:\Windows\System\jAqBdMc.exe
  2⤵
  PID:11112
- C:\Windows\System\DqlHoTZ.exe
  C:\Windows\System\DqlHoTZ.exe
  2⤵
  PID:11192
- C:\Windows\System\hsAEkPN.exe
  C:\Windows\System\hsAEkPN.exe
  2⤵
  PID:10392
- C:\Windows\System\RgtSRvC.exe
  C:\Windows\System\RgtSRvC.exe
  2⤵
  PID:10540
- C:\Windows\System\OAoNhPS.exe
  C:\Windows\System\OAoNhPS.exe
  2⤵
  PID:10752
- C:\Windows\System\AxDguGL.exe
  C:\Windows\System\AxDguGL.exe
  2⤵
  PID:10992
- C:\Windows\System\wezRDlG.exe
  C:\Windows\System\wezRDlG.exe
  2⤵
  PID:11172
- C:\Windows\System\AQnHGKA.exe
  C:\Windows\System\AQnHGKA.exe
  2⤵
  PID:10580
- C:\Windows\System\QzCnNqP.exe
  C:\Windows\System\QzCnNqP.exe
  2⤵
  PID:11000
- C:\Windows\System\upzIGYh.exe
  C:\Windows\System\upzIGYh.exe
  2⤵
  PID:5080
- C:\Windows\System\zeynKae.exe
  C:\Windows\System\zeynKae.exe
  2⤵
  PID:11284
- C:\Windows\System\jrWWgox.exe
  C:\Windows\System\jrWWgox.exe
  2⤵
  PID:11312
- C:\Windows\System\HKkZenM.exe
  C:\Windows\System\HKkZenM.exe
  2⤵
  PID:11340
- C:\Windows\System\KYDfHcS.exe
  C:\Windows\System\KYDfHcS.exe
  2⤵
  PID:11368
- C:\Windows\System\MvPlrnP.exe
  C:\Windows\System\MvPlrnP.exe
  2⤵
  PID:11396
- C:\Windows\System\dbaPjsC.exe
  C:\Windows\System\dbaPjsC.exe
  2⤵
  PID:11424
- C:\Windows\System\TkkFika.exe
  C:\Windows\System\TkkFika.exe
  2⤵
  PID:11452
- C:\Windows\System\fTEPokD.exe
  C:\Windows\System\fTEPokD.exe
  2⤵
  PID:11480
- C:\Windows\System\llUkjoO.exe
  C:\Windows\System\llUkjoO.exe
  2⤵
  PID:11508
- C:\Windows\System\DjffiUI.exe
  C:\Windows\System\DjffiUI.exe
  2⤵
  PID:11536
- C:\Windows\System\dfTmqSr.exe
  C:\Windows\System\dfTmqSr.exe
  2⤵
  PID:11564
- C:\Windows\System\lDuNBog.exe
  C:\Windows\System\lDuNBog.exe
  2⤵
  PID:11592
- C:\Windows\System\OgcEkzV.exe
  C:\Windows\System\OgcEkzV.exe
  2⤵
  PID:11620
- C:\Windows\System\dZHaYfb.exe
  C:\Windows\System\dZHaYfb.exe
  2⤵
  PID:11648
- C:\Windows\System\AWntGit.exe
  C:\Windows\System\AWntGit.exe
  2⤵
  PID:11672
- C:\Windows\System\QkwfxDA.exe
  C:\Windows\System\QkwfxDA.exe
  2⤵
  PID:11704
- C:\Windows\System\cZByfRs.exe
  C:\Windows\System\cZByfRs.exe
  2⤵
  PID:11732
- C:\Windows\System\NivhVjA.exe
  C:\Windows\System\NivhVjA.exe
  2⤵
  PID:11764
- C:\Windows\System\ObaJLvR.exe
  C:\Windows\System\ObaJLvR.exe
  2⤵
  PID:11792
- C:\Windows\System\MdWZXlr.exe
  C:\Windows\System\MdWZXlr.exe
  2⤵
  PID:11820
- C:\Windows\System\DwwkHcA.exe
  C:\Windows\System\DwwkHcA.exe
  2⤵
  PID:11848
- C:\Windows\System\RQQkLSj.exe
  C:\Windows\System\RQQkLSj.exe
  2⤵
  PID:11872
- C:\Windows\System\NChyOKh.exe
  C:\Windows\System\NChyOKh.exe
  2⤵
  PID:11908
- C:\Windows\System\aOwJhJJ.exe
  C:\Windows\System\aOwJhJJ.exe
  2⤵
  PID:11932
- C:\Windows\System\GwQiRKC.exe
  C:\Windows\System\GwQiRKC.exe
  2⤵
  PID:11960
- C:\Windows\System\oNTbxuF.exe
  C:\Windows\System\oNTbxuF.exe
  2⤵
  PID:11988
- C:\Windows\System\GgyjwSr.exe
  C:\Windows\System\GgyjwSr.exe
  2⤵
  PID:12016
- C:\Windows\System\mENOdia.exe
  C:\Windows\System\mENOdia.exe
  2⤵
  PID:12048
- C:\Windows\System\qPSiiFA.exe
  C:\Windows\System\qPSiiFA.exe
  2⤵
  PID:12068
- C:\Windows\System\DjkXAMU.exe
  C:\Windows\System\DjkXAMU.exe
  2⤵
  PID:12092
- C:\Windows\System\bQGyiNS.exe
  C:\Windows\System\bQGyiNS.exe
  2⤵
  PID:12140
- C:\Windows\System\hrFDHET.exe
  C:\Windows\System\hrFDHET.exe
  2⤵
  PID:12176
- C:\Windows\System\dXycgYF.exe
  C:\Windows\System\dXycgYF.exe
  2⤵
  PID:12196
- C:\Windows\System\GXAFkur.exe
  C:\Windows\System\GXAFkur.exe
  2⤵
  PID:12216
- C:\Windows\System\vvuoCIv.exe
  C:\Windows\System\vvuoCIv.exe
  2⤵
  PID:12240
- C:\Windows\System\SzfDfeU.exe
  C:\Windows\System\SzfDfeU.exe
  2⤵
  PID:12272
- C:\Windows\System\fNPaFgA.exe
  C:\Windows\System\fNPaFgA.exe
  2⤵
  PID:11308
- C:\Windows\System\qUkQqsV.exe
  C:\Windows\System\qUkQqsV.exe
  2⤵
  PID:11448
- C:\Windows\System\LSbhvmY.exe
  C:\Windows\System\LSbhvmY.exe
  2⤵
  PID:11520
- C:\Windows\System\Gwwlvck.exe
  C:\Windows\System\Gwwlvck.exe
  2⤵
  PID:11576
- C:\Windows\System\gXEfZRA.exe
  C:\Windows\System\gXEfZRA.exe
  2⤵
  PID:11636
- C:\Windows\System\xkrGzUP.exe
  C:\Windows\System\xkrGzUP.exe
  2⤵
  PID:11668
- C:\Windows\System\qtWXNUx.exe
  C:\Windows\System\qtWXNUx.exe
  2⤵
  PID:11756
- C:\Windows\System\lXkMUWz.exe
  C:\Windows\System\lXkMUWz.exe
  2⤵
  PID:11832
- C:\Windows\System\rLIilnT.exe
  C:\Windows\System\rLIilnT.exe
  2⤵
  PID:12124
- C:\Windows\System\pcoLVrn.exe
  C:\Windows\System\pcoLVrn.exe
  2⤵
  PID:8484
- C:\Windows\System\gDPMWOk.exe
  C:\Windows\System\gDPMWOk.exe
  2⤵
  PID:12188
- C:\Windows\System\yJNmxYV.exe
  C:\Windows\System\yJNmxYV.exe
  2⤵
  PID:12212
- C:\Windows\System\bsFFbqm.exe
  C:\Windows\System\bsFFbqm.exe
  2⤵
  PID:4968
- C:\Windows\System\FOyPNPr.exe
  C:\Windows\System\FOyPNPr.exe
  2⤵
  PID:2176
- C:\Windows\System\IxUHAlM.exe
  C:\Windows\System\IxUHAlM.exe
  2⤵
  PID:6312
- C:\Windows\System\SYmDvax.exe
  C:\Windows\System\SYmDvax.exe
  2⤵
  PID:6352
- C:\Windows\System\lzYwXsN.exe
  C:\Windows\System\lzYwXsN.exe
  2⤵
  PID:6436
- C:\Windows\System\knzIWxS.exe
  C:\Windows\System\knzIWxS.exe
  2⤵
  PID:11612
- C:\Windows\System\udQMOKr.exe
  C:\Windows\System\udQMOKr.exe
  2⤵
  PID:4452
- C:\Windows\System\PUGuhIO.exe
  C:\Windows\System\PUGuhIO.exe
  2⤵
  PID:3876
- C:\Windows\System\skuPIKa.exe
  C:\Windows\System\skuPIKa.exe
  2⤵
  PID:11760
- C:\Windows\System\KHgFMVQ.exe
  C:\Windows\System\KHgFMVQ.exe
  2⤵
  PID:3528
- C:\Windows\System\LFdKwhe.exe
  C:\Windows\System\LFdKwhe.exe
  2⤵
  PID:11724
- C:\Windows\System\JlFaZfo.exe
  C:\Windows\System\JlFaZfo.exe
  2⤵
  PID:3228
- C:\Windows\System\jeSmtVE.exe
  C:\Windows\System\jeSmtVE.exe
  2⤵
  PID:12228
- C:\Windows\System\mLVRyjC.exe
  C:\Windows\System\mLVRyjC.exe
  2⤵
  PID:11644
- C:\Windows\System\bkQoIlA.exe
  C:\Windows\System\bkQoIlA.exe
  2⤵
  PID:8464
- C:\Windows\System\VRhKXsj.exe
  C:\Windows\System\VRhKXsj.exe
  2⤵
  PID:6756
- C:\Windows\System\JRrbEJs.exe
  C:\Windows\System\JRrbEJs.exe
  2⤵
  PID:6828
- C:\Windows\System\IdmAQdZ.exe
  C:\Windows\System\IdmAQdZ.exe
  2⤵
  PID:6956
- C:\Windows\System\uViPmst.exe
  C:\Windows\System\uViPmst.exe
  2⤵
  PID:7024
- C:\Windows\System\xiYRXrW.exe
  C:\Windows\System\xiYRXrW.exe
  2⤵
  PID:7124
- C:\Windows\System\SuxSrHn.exe
  C:\Windows\System\SuxSrHn.exe
  2⤵
  PID:5472
- C:\Windows\System\QGpACkG.exe
  C:\Windows\System\QGpACkG.exe
  2⤵
  PID:6180
- C:\Windows\System\rZdftIR.exe
  C:\Windows\System\rZdftIR.exe
  2⤵
  PID:6496
- C:\Windows\System\JdkbjnD.exe
  C:\Windows\System\JdkbjnD.exe
  2⤵
  PID:6616
- C:\Windows\System\WaWjDRw.exe
  C:\Windows\System\WaWjDRw.exe
  2⤵
  PID:6900
- C:\Windows\System\oZahJvz.exe
  C:\Windows\System\oZahJvz.exe
  2⤵
  PID:7132
- C:\Windows\System\ChiHnDp.exe
  C:\Windows\System\ChiHnDp.exe
  2⤵
  PID:3640
- C:\Windows\System\CENYtMq.exe
  C:\Windows\System\CENYtMq.exe
  2⤵
  PID:6888
- C:\Windows\System\tbFhbpJ.exe
  C:\Windows\System\tbFhbpJ.exe
  2⤵
  PID:7104
- C:\Windows\System\vavPVAT.exe
  C:\Windows\System\vavPVAT.exe
  2⤵
  PID:7208
- C:\Windows\System\XlUcKis.exe
  C:\Windows\System\XlUcKis.exe
  2⤵
  PID:11816
- C:\Windows\System\vYnoTBT.exe
  C:\Windows\System\vYnoTBT.exe
  2⤵
  PID:11844
- C:\Windows\System\mJfXIjq.exe
  C:\Windows\System\mJfXIjq.exe
  2⤵
  PID:2888
- C:\Windows\System\SXRuCzO.exe
  C:\Windows\System\SXRuCzO.exe
  2⤵
  PID:4424
- C:\Windows\System\hoJuzgb.exe
  C:\Windows\System\hoJuzgb.exe
  2⤵
  PID:2180
- C:\Windows\System\CqCjGLa.exe
  C:\Windows\System\CqCjGLa.exe
  2⤵
  PID:2076
- C:\Windows\System\aswSpET.exe
  C:\Windows\System\aswSpET.exe
  2⤵
  PID:5076
- C:\Windows\System\puWQIXm.exe
  C:\Windows\System\puWQIXm.exe
  2⤵
  PID:2892
- C:\Windows\System\xUnmJZO.exe
  C:\Windows\System\xUnmJZO.exe
  2⤵
  PID:2516
- C:\Windows\System\jXsIIOy.exe
  C:\Windows\System\jXsIIOy.exe
  2⤵
  PID:1352
- C:\Windows\System\EnDUmsW.exe
  C:\Windows\System\EnDUmsW.exe
  2⤵
  PID:3192
- C:\Windows\System\efQKRgj.exe
  C:\Windows\System\efQKRgj.exe
  2⤵
  PID:2984
- C:\Windows\System\FzEtLjI.exe
  C:\Windows\System\FzEtLjI.exe
  2⤵
  PID:4640
- C:\Windows\System\kIjIPnI.exe
  C:\Windows\System\kIjIPnI.exe
  2⤵
  PID:4868
- C:\Windows\System\PzfJQHx.exe
  C:\Windows\System\PzfJQHx.exe
  2⤵
  PID:3004
- C:\Windows\System\YLIoMlZ.exe
  C:\Windows\System\YLIoMlZ.exe
  2⤵
  PID:4612
- C:\Windows\System\ojiihfZ.exe
  C:\Windows\System\ojiihfZ.exe
  2⤵
  PID:12156
- C:\Windows\System\agoaoWf.exe
  C:\Windows\System\agoaoWf.exe
  2⤵
  PID:12232
- C:\Windows\System\MyglAcX.exe
  C:\Windows\System\MyglAcX.exe
  2⤵
  PID:4604
- C:\Windows\System\BhlFMKB.exe
  C:\Windows\System\BhlFMKB.exe
  2⤵
  PID:1844
- C:\Windows\System\qhjNvts.exe
  C:\Windows\System\qhjNvts.exe
  2⤵
  PID:9104
- C:\Windows\System\kCJgLEy.exe
  C:\Windows\System\kCJgLEy.exe
  2⤵
  PID:9184
- C:\Windows\System\ZbnWKhw.exe
  C:\Windows\System\ZbnWKhw.exe
  2⤵
  PID:9100
- C:\Windows\System\ODYCbsy.exe
  C:\Windows\System\ODYCbsy.exe
  2⤵
  PID:5372
- C:\Windows\System\wWQEkyg.exe
  C:\Windows\System\wWQEkyg.exe
  2⤵
  PID:6364
- C:\Windows\System\MBLcbTM.exe
  C:\Windows\System\MBLcbTM.exe
  2⤵
  PID:12084
- C:\Windows\System\YhABRyJ.exe
  C:\Windows\System\YhABRyJ.exe
  2⤵
  PID:4000
- C:\Windows\System\WRZcPYZ.exe
  C:\Windows\System\WRZcPYZ.exe
  2⤵
  PID:452
- C:\Windows\System\STemIGd.exe
  C:\Windows\System\STemIGd.exe
  2⤵
  PID:5540
- C:\Windows\System\HwGoujV.exe
  C:\Windows\System\HwGoujV.exe
  2⤵
  PID:11788
- C:\Windows\System\AruNTXO.exe
  C:\Windows\System\AruNTXO.exe
  2⤵
  PID:11364
- C:\Windows\System\vHlCeMX.exe
  C:\Windows\System\vHlCeMX.exe
  2⤵
  PID:6660
- C:\Windows\System\aNNOTJp.exe
  C:\Windows\System\aNNOTJp.exe
  2⤵
  PID:5668
- C:\Windows\System\bZNtGQX.exe
  C:\Windows\System\bZNtGQX.exe
  2⤵
  PID:6912
- C:\Windows\System\JgEXTCN.exe
  C:\Windows\System\JgEXTCN.exe
  2⤵
  PID:7096
- C:\Windows\System\wFlqCpb.exe
  C:\Windows\System\wFlqCpb.exe
  2⤵
  PID:5660
- C:\Windows\System\XJFjpLq.exe
  C:\Windows\System\XJFjpLq.exe
  2⤵
  PID:6404
- C:\Windows\System\soBnjjE.exe
  C:\Windows\System\soBnjjE.exe
  2⤵
  PID:6892
- C:\Windows\System\gSnxeAA.exe
  C:\Windows\System\gSnxeAA.exe
  2⤵
  PID:5528
- C:\Windows\System\eZBBGTT.exe
  C:\Windows\System\eZBBGTT.exe
  2⤵
  PID:6700
- C:\Windows\System\bHpEjzE.exe
  C:\Windows\System\bHpEjzE.exe
  2⤵
  PID:6920
- C:\Windows\System\dfpMxci.exe
  C:\Windows\System\dfpMxci.exe
  2⤵
  PID:3172
- C:\Windows\System\lsfAFIt.exe
  C:\Windows\System\lsfAFIt.exe
  2⤵
  PID:7944
- C:\Windows\System\wRIMeIu.exe
  C:\Windows\System\wRIMeIu.exe
  2⤵
  PID:3316
- C:\Windows\System\ExAOKLm.exe
  C:\Windows\System\ExAOKLm.exe
  2⤵
  PID:3948
- C:\Windows\System\ZFTRCtq.exe
  C:\Windows\System\ZFTRCtq.exe
  2⤵
  PID:60
- C:\Windows\System\njEybda.exe
  C:\Windows\System\njEybda.exe
  2⤵
  PID:224
- C:\Windows\System\mRjkCyu.exe
  C:\Windows\System\mRjkCyu.exe
  2⤵
  PID:6044
- C:\Windows\System\stzrwnC.exe
  C:\Windows\System\stzrwnC.exe
  2⤵
  PID:3884
- C:\Windows\System\UzZWbIV.exe
  C:\Windows\System\UzZWbIV.exe
  2⤵
  PID:8092
- C:\Windows\System\KQcEnCK.exe
  C:\Windows\System\KQcEnCK.exe
  2⤵
  PID:2288
- C:\Windows\System\xMlwXnB.exe
  C:\Windows\System\xMlwXnB.exe
  2⤵
  PID:2344
- C:\Windows\System\OVyohUW.exe
  C:\Windows\System\OVyohUW.exe
  2⤵
  PID:2996
- C:\Windows\System\bkUUAsf.exe
  C:\Windows\System\bkUUAsf.exe
  2⤵
  PID:2104
- C:\Windows\System\FAYWWED.exe
  C:\Windows\System\FAYWWED.exe
  2⤵
  PID:11296
- C:\Windows\System\paAWWZw.exe
  C:\Windows\System\paAWWZw.exe
  2⤵
  PID:5356
- C:\Windows\System\OWtPgyx.exe
  C:\Windows\System\OWtPgyx.exe
  2⤵
  PID:6340
- C:\Windows\System\fBCVoGT.exe
  C:\Windows\System\fBCVoGT.exe
  2⤵
  PID:5456
- C:\Windows\System\qaXkPhX.exe
  C:\Windows\System\qaXkPhX.exe
  2⤵
  PID:2980
- C:\Windows\System\FZyPeHq.exe
  C:\Windows\System\FZyPeHq.exe
  2⤵
  PID:5576
- C:\Windows\System\ksGLJLe.exe
  C:\Windows\System\ksGLJLe.exe
  2⤵
  PID:5684
- C:\Windows\System\mJkseuF.exe
  C:\Windows\System\mJkseuF.exe
  2⤵
  PID:5724
- C:\Windows\System\lsIdVft.exe
  C:\Windows\System\lsIdVft.exe
  2⤵
  PID:6984
- C:\Windows\System\cPOAqoq.exe
  C:\Windows\System\cPOAqoq.exe
  2⤵
  PID:5708
- C:\Windows\System\hRspfoY.exe
  C:\Windows\System\hRspfoY.exe
  2⤵
  PID:6304
- C:\Windows\System\udEdArz.exe
  C:\Windows\System\udEdArz.exe
  2⤵
  PID:6944
- C:\Windows\System\KFVaHMb.exe
  C:\Windows\System\KFVaHMb.exe
  2⤵
  PID:3620
- C:\Windows\System\LLgjunk.exe
  C:\Windows\System\LLgjunk.exe
  2⤵
  PID:8136
- C:\Windows\System\kklqpys.exe
  C:\Windows\System\kklqpys.exe
  2⤵
  PID:1664
- C:\Windows\System\jMeaiDo.exe
  C:\Windows\System\jMeaiDo.exe
  2⤵
  PID:5160
- C:\Windows\System\Vlhmhsd.exe
  C:\Windows\System\Vlhmhsd.exe
  2⤵
  PID:5248
- C:\Windows\System\UhMiOuM.exe
  C:\Windows\System\UhMiOuM.exe
  2⤵
  PID:4948
- C:\Windows\System\bGwrNnY.exe
  C:\Windows\System\bGwrNnY.exe
  2⤵
  PID:6080
- C:\Windows\System\lVqJhGr.exe
  C:\Windows\System\lVqJhGr.exe
  2⤵
  PID:6100
- C:\Windows\System\ANizHlI.exe
  C:\Windows\System\ANizHlI.exe
  2⤵
  PID:2236
- C:\Windows\System\QYkAETl.exe
  C:\Windows\System\QYkAETl.exe
  2⤵
  PID:5252
- C:\Windows\System\lgfrMLK.exe
  C:\Windows\System\lgfrMLK.exe
  2⤵
  PID:9124
- C:\Windows\System\WEYomHb.exe
  C:\Windows\System\WEYomHb.exe
  2⤵
  PID:5500
- C:\Windows\System\NGtfVBl.exe
  C:\Windows\System\NGtfVBl.exe
  2⤵
  PID:11532
- C:\Windows\System\YgrKAzk.exe
  C:\Windows\System\YgrKAzk.exe
  2⤵
  PID:5796
- C:\Windows\System\NLuzBQm.exe
  C:\Windows\System\NLuzBQm.exe
  2⤵
  PID:3984
- C:\Windows\System\vbUgrUq.exe
  C:\Windows\System\vbUgrUq.exe
  2⤵
  PID:6032
- C:\Windows\System\mScXdKy.exe
  C:\Windows\System\mScXdKy.exe
  2⤵
  PID:5976
- C:\Windows\System\AecrvWj.exe
  C:\Windows\System\AecrvWj.exe
  2⤵
  PID:5468
- C:\Windows\System\yZaODhB.exe
  C:\Windows\System\yZaODhB.exe
  2⤵
  PID:2600
- C:\Windows\System\yyrRItK.exe
  C:\Windows\System\yyrRItK.exe
  2⤵
  PID:5192
- C:\Windows\System\gjteCyj.exe
  C:\Windows\System\gjteCyj.exe
  2⤵
  PID:6556
- C:\Windows\System\tnfIVuZ.exe
  C:\Windows\System\tnfIVuZ.exe
  2⤵
  PID:5344
- C:\Windows\System\AHUouad.exe
  C:\Windows\System\AHUouad.exe
  2⤵
  PID:6368
- C:\Windows\System\vIXDeDc.exe
  C:\Windows\System\vIXDeDc.exe
  2⤵
  PID:3448
- C:\Windows\System\gYXwWYj.exe
  C:\Windows\System\gYXwWYj.exe
  2⤵
  PID:5104
- C:\Windows\System\rdpxWoc.exe
  C:\Windows\System\rdpxWoc.exe
  2⤵
  PID:6076
- C:\Windows\System\ufXHORY.exe
  C:\Windows\System\ufXHORY.exe
  2⤵
  PID:6576
- C:\Windows\System\bttFBaO.exe
  C:\Windows\System\bttFBaO.exe
  2⤵
  PID:2976
- C:\Windows\System\eSFvlPX.exe
  C:\Windows\System\eSFvlPX.exe
  2⤵
  PID:4156
- C:\Windows\System\DGimEiM.exe
  C:\Windows\System\DGimEiM.exe
  2⤵
  PID:5124
- C:\Windows\System\PWjZEyt.exe
  C:\Windows\System\PWjZEyt.exe
  2⤵
  PID:8188
- C:\Windows\System\lAHjuIQ.exe
  C:\Windows\System\lAHjuIQ.exe
  2⤵
  PID:6516
- C:\Windows\System\HcNHkna.exe
  C:\Windows\System\HcNHkna.exe
  2⤵
  PID:3820
- C:\Windows\System\INeEZPb.exe
  C:\Windows\System\INeEZPb.exe
  2⤵
  PID:12308
- C:\Windows\System\uYknQJT.exe
  C:\Windows\System\uYknQJT.exe
  2⤵
  PID:12336
- C:\Windows\System\cXXRbCA.exe
  C:\Windows\System\cXXRbCA.exe
  2⤵
  PID:12364
- C:\Windows\System\YCTCXcn.exe
  C:\Windows\System\YCTCXcn.exe
  2⤵
  PID:12392
- C:\Windows\System\uEjbirB.exe
  C:\Windows\System\uEjbirB.exe
  2⤵
  PID:12420
- C:\Windows\System\SByOZxH.exe
  C:\Windows\System\SByOZxH.exe
  2⤵
  PID:12448
- C:\Windows\System\bRShPMn.exe
  C:\Windows\System\bRShPMn.exe
  2⤵
  PID:12476
- C:\Windows\System\lBgqHzq.exe
  C:\Windows\System\lBgqHzq.exe
  2⤵
  PID:12504
- C:\Windows\System\DxGGGzH.exe
  C:\Windows\System\DxGGGzH.exe
  2⤵
  PID:12532
- C:\Windows\System\qfdFDmF.exe
  C:\Windows\System\qfdFDmF.exe
  2⤵
  PID:12560
- C:\Windows\System\fZMNvSW.exe
  C:\Windows\System\fZMNvSW.exe
  2⤵
  PID:12588
- C:\Windows\System\HvbqXek.exe
  C:\Windows\System\HvbqXek.exe
  2⤵
  PID:12616
- C:\Windows\System\RMgsTDE.exe
  C:\Windows\System\RMgsTDE.exe
  2⤵
  PID:12644
- C:\Windows\System\jrwyoGO.exe
  C:\Windows\System\jrwyoGO.exe
  2⤵
  PID:12672
- C:\Windows\System\QLmqtYS.exe
  C:\Windows\System\QLmqtYS.exe
  2⤵
  PID:12700
- C:\Windows\System\dnhDelD.exe
  C:\Windows\System\dnhDelD.exe
  2⤵
  PID:12728
- C:\Windows\System\niUYFJd.exe
  C:\Windows\System\niUYFJd.exe
  2⤵
  PID:12756
- C:\Windows\System\fJPEiJa.exe
  C:\Windows\System\fJPEiJa.exe
  2⤵
  PID:12784
- C:\Windows\System\sagIdwa.exe
  C:\Windows\System\sagIdwa.exe
  2⤵
  PID:12812
- C:\Windows\System\ELwVLNu.exe
  C:\Windows\System\ELwVLNu.exe
  2⤵
  PID:12840
- C:\Windows\System\NNLZqkD.exe
  C:\Windows\System\NNLZqkD.exe
  2⤵
  PID:12868
- C:\Windows\System\LmpshyT.exe
  C:\Windows\System\LmpshyT.exe
  2⤵
  PID:12900
- C:\Windows\System\SvFfAuy.exe
  C:\Windows\System\SvFfAuy.exe
  2⤵
  PID:12916
- C:\Windows\System\tvwugDk.exe
  C:\Windows\System\tvwugDk.exe
  2⤵
  PID:12948
- C:\Windows\System\uAxnCqA.exe
  C:\Windows\System\uAxnCqA.exe
  2⤵
  PID:12980
- C:\Windows\System\SCsKTvj.exe
  C:\Windows\System\SCsKTvj.exe
  2⤵
  PID:13000
- C:\Windows\System\cqqqHCj.exe
  C:\Windows\System\cqqqHCj.exe
  2⤵
  PID:13032
- C:\Windows\System\BjhxWOJ.exe
  C:\Windows\System\BjhxWOJ.exe
  2⤵
  PID:13068
- C:\Windows\System\EYpbsCK.exe
  C:\Windows\System\EYpbsCK.exe
  2⤵
  PID:13096
- C:\Windows\System\dZDuwMe.exe
  C:\Windows\System\dZDuwMe.exe
  2⤵
  PID:13124
- C:\Windows\System\yVHIHdu.exe
  C:\Windows\System\yVHIHdu.exe
  2⤵
  PID:13152
- C:\Windows\System\VBrWKvM.exe
  C:\Windows\System\VBrWKvM.exe
  2⤵
  PID:13180
- C:\Windows\System\KkByRLl.exe
  C:\Windows\System\KkByRLl.exe
  2⤵
  PID:13196
- C:\Windows\System\nxyFGDi.exe
  C:\Windows\System\nxyFGDi.exe
  2⤵
  PID:13224
- C:\Windows\System\WuGXWFL.exe
  C:\Windows\System\WuGXWFL.exe
  2⤵
  PID:13264
- C:\Windows\System\tBcKQcc.exe
  C:\Windows\System\tBcKQcc.exe
  2⤵
  PID:13292
- C:\Windows\System\efGAseL.exe
  C:\Windows\System\efGAseL.exe
  2⤵
  PID:12304
- C:\Windows\System\sgRdlaP.exe
  C:\Windows\System\sgRdlaP.exe
  2⤵
  PID:12376
- C:\Windows\System\PWGixuX.exe
  C:\Windows\System\PWGixuX.exe
  2⤵
  PID:12432
- C:\Windows\System\UkpLFXj.exe
  C:\Windows\System\UkpLFXj.exe
  2⤵
  PID:12500
- C:\Windows\System\vnQdyuC.exe
  C:\Windows\System\vnQdyuC.exe
  2⤵
  PID:12552
- C:\Windows\System\hLsQQbn.exe
  C:\Windows\System\hLsQQbn.exe
  2⤵
  PID:12612
- C:\Windows\System\JgtZxNL.exe
  C:\Windows\System\JgtZxNL.exe
  2⤵
  PID:12696
- C:\Windows\System\oXlMcbA.exe
  C:\Windows\System\oXlMcbA.exe
  2⤵
  PID:12768
- C:\Windows\System\ulKANnl.exe
  C:\Windows\System\ulKANnl.exe
  2⤵
  PID:12836
- C:\Windows\System\HCxtKzV.exe
  C:\Windows\System\HCxtKzV.exe
  2⤵
  PID:12896
- C:\Windows\System\NYyJJzV.exe
  C:\Windows\System\NYyJJzV.exe
  2⤵
  PID:12964
- C:\Windows\System\SFFmCzk.exe
  C:\Windows\System\SFFmCzk.exe
  2⤵
  PID:13040
- C:\Windows\System\ExNQYOk.exe
  C:\Windows\System\ExNQYOk.exe
  2⤵
  PID:13092
- C:\Windows\System\bLyStSJ.exe
  C:\Windows\System\bLyStSJ.exe
  2⤵
  PID:13172
- C:\Windows\System\uOtMqTP.exe
  C:\Windows\System\uOtMqTP.exe
  2⤵
  PID:13220
- C:\Windows\System\oOUZQDD.exe
  C:\Windows\System\oOUZQDD.exe
  2⤵
  PID:13288
- C:\Windows\System\mahMzuF.exe
  C:\Windows\System\mahMzuF.exe
  2⤵
  PID:12404
- C:\Windows\System\TocCYXs.exe
  C:\Windows\System\TocCYXs.exe
  2⤵
  PID:12544
- C:\Windows\System\WttoLOD.exe
  C:\Windows\System\WttoLOD.exe
  2⤵
  PID:12660
- C:\Windows\System\uaxxDNb.exe
  C:\Windows\System\uaxxDNb.exe
  2⤵
  PID:12808
- C:\Windows\System\lCmhPHa.exe
  C:\Windows\System\lCmhPHa.exe
  2⤵
  PID:12936
- C:\Windows\System\eWxEDvL.exe
  C:\Windows\System\eWxEDvL.exe
  2⤵
  PID:13056
- C:\Windows\System\XWyHAYw.exe
  C:\Windows\System\XWyHAYw.exe
  2⤵
  PID:13088
- C:\Windows\System\BGKbZDZ.exe
  C:\Windows\System\BGKbZDZ.exe
  2⤵
  PID:2788
- C:\Windows\System\uFbPqjz.exe
  C:\Windows\System\uFbPqjz.exe
  2⤵
  PID:7852
- C:\Windows\System\bcIBVVC.exe
  C:\Windows\System\bcIBVVC.exe
  2⤵
  PID:4712
- C:\Windows\System\HkXcAYh.exe
  C:\Windows\System\HkXcAYh.exe
  2⤵
  PID:12752
- C:\Windows\System\fUTjezl.exe
  C:\Windows\System\fUTjezl.exe
  2⤵
  PID:7544
- C:\Windows\System\kIYlTtu.exe
  C:\Windows\System\kIYlTtu.exe
  2⤵
  PID:8224
- C:\Windows\System\SgMtjSo.exe
  C:\Windows\System\SgMtjSo.exe
  2⤵
  PID:8252
- C:\Windows\System\ObQAYPK.exe
  C:\Windows\System\ObQAYPK.exe
  2⤵
  PID:12300
- C:\Windows\System\hFglvgB.exe
  C:\Windows\System\hFglvgB.exe
  2⤵
  PID:12608
- C:\Windows\System\BHUCKtR.exe
  C:\Windows\System\BHUCKtR.exe
  2⤵
  PID:1064
- C:\Windows\System\kjHdoqP.exe
  C:\Windows\System\kjHdoqP.exe
  2⤵
  PID:12956
- C:\Windows\System\lQhNxVz.exe
  C:\Windows\System\lQhNxVz.exe
  2⤵
  PID:8532
- C:\Windows\System\AtBENko.exe
  C:\Windows\System\AtBENko.exe
  2⤵
  PID:13080
- C:\Windows\System\SfmONNw.exe
  C:\Windows\System\SfmONNw.exe
  2⤵
  PID:3312
- C:\Windows\System\NcbQukI.exe
  C:\Windows\System\NcbQukI.exe
  2⤵
  PID:7376
- C:\Windows\System\YSFKscf.exe
  C:\Windows\System\YSFKscf.exe
  2⤵
  PID:7392
- C:\Windows\System\AZzkGWJ.exe
  C:\Windows\System\AZzkGWJ.exe
  2⤵
  PID:7824
- C:\Windows\System\SvMyofD.exe
  C:\Windows\System\SvMyofD.exe
  2⤵
  PID:7404
- C:\Windows\System\pRKjRkX.exe
  C:\Windows\System\pRKjRkX.exe
  2⤵
  PID:8788
- C:\Windows\System\EFdpaIP.exe
  C:\Windows\System\EFdpaIP.exe
  2⤵
  PID:7448
- C:\Windows\System\DLVmJDh.exe
  C:\Windows\System\DLVmJDh.exe
  2⤵
  PID:8324
- C:\Windows\System\JeGfmLc.exe
  C:\Windows\System\JeGfmLc.exe
  2⤵
  PID:7504
- C:\Windows\System\UaSAKqu.exe
  C:\Windows\System\UaSAKqu.exe
  2⤵
  PID:4004
- C:\Windows\System\TIbZjSS.exe
  C:\Windows\System\TIbZjSS.exe
  2⤵
  PID:1840
- C:\Windows\System\DEGYPmh.exe
  C:\Windows\System\DEGYPmh.exe
  2⤵
  PID:7568
- C:\Windows\System\oBVBuVh.exe
  C:\Windows\System\oBVBuVh.exe
  2⤵
  PID:7476
- C:\Windows\System\DHUutoL.exe
  C:\Windows\System\DHUutoL.exe
  2⤵
  PID:8876
- C:\Windows\System\WHGMnRN.exe
  C:\Windows\System\WHGMnRN.exe
  2⤵
  PID:9096
- C:\Windows\System\GDoRGjr.exe
  C:\Windows\System\GDoRGjr.exe
  2⤵
  PID:7644
- C:\Windows\System\hsBfwOa.exe
  C:\Windows\System\hsBfwOa.exe
  2⤵
  PID:8628
- C:\Windows\System\hZfIrgk.exe
  C:\Windows\System\hZfIrgk.exe
  2⤵
  PID:9168
- C:\Windows\System\RHHIhQN.exe
  C:\Windows\System\RHHIhQN.exe
  2⤵
  PID:7700
- C:\Windows\System\ClrjpwA.exe
  C:\Windows\System\ClrjpwA.exe
  2⤵
  PID:8204
- C:\Windows\System\yJgSKWr.exe
  C:\Windows\System\yJgSKWr.exe
  2⤵
  PID:9188
- C:\Windows\System\oMalzKq.exe
  C:\Windows\System\oMalzKq.exe
  2⤵
  PID:7764
- C:\Windows\System\PbnbNMM.exe
  C:\Windows\System\PbnbNMM.exe
  2⤵
  PID:8424
- C:\Windows\System\uuUHOwg.exe
  C:\Windows\System\uuUHOwg.exe
  2⤵
  PID:8284
- C:\Windows\System\gUgNyrS.exe
  C:\Windows\System\gUgNyrS.exe
  2⤵
  PID:976
- C:\Windows\System\kVijiBv.exe
  C:\Windows\System\kVijiBv.exe
  2⤵
  PID:7868
- C:\Windows\System\QkJYbCQ.exe
  C:\Windows\System\QkJYbCQ.exe
  2⤵
  PID:8884
- C:\Windows\System\WzYBBoG.exe
  C:\Windows\System\WzYBBoG.exe
  2⤵
  PID:8896
- C:\Windows\System\KiHbLFv.exe
  C:\Windows\System\KiHbLFv.exe
  2⤵
  PID:1852
- C:\Windows\System\IWlQGog.exe
  C:\Windows\System\IWlQGog.exe
  2⤵
  PID:5092
- C:\Windows\System\ygfqbTD.exe
  C:\Windows\System\ygfqbTD.exe
  2⤵
  PID:3668
- C:\Windows\System\uSYpEwo.exe
  C:\Windows\System\uSYpEwo.exe
  2⤵
  PID:9136
- C:\Windows\System\bYLRGJv.exe
  C:\Windows\System\bYLRGJv.exe
  2⤵
  PID:8040
- C:\Windows\System\CAPMbUw.exe
  C:\Windows\System\CAPMbUw.exe
  2⤵
  PID:8948
- C:\Windows\System\AlCudkK.exe
  C:\Windows\System\AlCudkK.exe
  2⤵
  PID:13340
- C:\Windows\System\TiakSuL.exe
  C:\Windows\System\TiakSuL.exe
  2⤵
  PID:13368
- C:\Windows\System\nyoEfWv.exe
  C:\Windows\System\nyoEfWv.exe
  2⤵
  PID:13396
- C:\Windows\System\dWVIPjl.exe
  C:\Windows\System\dWVIPjl.exe
  2⤵
  PID:13428
- C:\Windows\System\IzWZNdb.exe
  C:\Windows\System\IzWZNdb.exe
  2⤵
  PID:13452
- C:\Windows\System\ZQNyopb.exe
  C:\Windows\System\ZQNyopb.exe
  2⤵
  PID:13484
- C:\Windows\System\RyflfaR.exe
  C:\Windows\System\RyflfaR.exe
  2⤵
  PID:13512
- C:\Windows\System\NcARrLh.exe
  C:\Windows\System\NcARrLh.exe
  2⤵
  PID:13540
- C:\Windows\System\QOWnowb.exe
  C:\Windows\System\QOWnowb.exe
  2⤵
  PID:13568
- C:\Windows\System\IuhaJIR.exe
  C:\Windows\System\IuhaJIR.exe
  2⤵
  PID:13596
- C:\Windows\System\miwtGpX.exe
  C:\Windows\System\miwtGpX.exe
  2⤵
  PID:13624
- C:\Windows\System\ANPwHWZ.exe
  C:\Windows\System\ANPwHWZ.exe
  2⤵
  PID:13652
- C:\Windows\System\yYlYniF.exe
  C:\Windows\System\yYlYniF.exe
  2⤵
  PID:13680
- C:\Windows\System\CVAepUs.exe
  C:\Windows\System\CVAepUs.exe
  2⤵
  PID:13708
- C:\Windows\System\EaBUfbI.exe
  C:\Windows\System\EaBUfbI.exe
  2⤵
  PID:13736
- C:\Windows\System\UvuwmCK.exe
  C:\Windows\System\UvuwmCK.exe
  2⤵
  PID:13764
- C:\Windows\System\JwAeonb.exe
  C:\Windows\System\JwAeonb.exe
  2⤵
  PID:13792
- C:\Windows\System\oYVvTga.exe
  C:\Windows\System\oYVvTga.exe
  2⤵
  PID:13820
- C:\Windows\System\jksZVqX.exe
  C:\Windows\System\jksZVqX.exe
  2⤵
  PID:13848
- C:\Windows\System\lGVeMfE.exe
  C:\Windows\System\lGVeMfE.exe
  2⤵
  PID:13876
- C:\Windows\System\CXMMVwF.exe
  C:\Windows\System\CXMMVwF.exe
  2⤵
  PID:13904
- C:\Windows\System\mFMsott.exe
  C:\Windows\System\mFMsott.exe
  2⤵
  PID:13932
- C:\Windows\System\xsnSrzl.exe
  C:\Windows\System\xsnSrzl.exe
  2⤵
  PID:13960
- C:\Windows\System\vnLDsgB.exe
  C:\Windows\System\vnLDsgB.exe
  2⤵
  PID:13988
- C:\Windows\System\XkFwtWe.exe
  C:\Windows\System\XkFwtWe.exe
  2⤵
  PID:14016
- C:\Windows\System\yyMEWYm.exe
  C:\Windows\System\yyMEWYm.exe
  2⤵
  PID:14044
- C:\Windows\System\mdGKDBS.exe
  C:\Windows\System\mdGKDBS.exe
  2⤵
  PID:14072
- C:\Windows\System\BBTMDtN.exe
  C:\Windows\System\BBTMDtN.exe
  2⤵
  PID:14100
- C:\Windows\System\ZGBUUtT.exe
  C:\Windows\System\ZGBUUtT.exe
  2⤵
  PID:14128
- C:\Windows\System\NGBsAAs.exe
  C:\Windows\System\NGBsAAs.exe
  2⤵
  PID:14172
- C:\Windows\System\CHXOWMh.exe
  C:\Windows\System\CHXOWMh.exe
  2⤵
  PID:14188
- C:\Windows\System\BCKxgXS.exe
  C:\Windows\System\BCKxgXS.exe
  2⤵
  PID:14216
- C:\Windows\System\cWNJbtS.exe
  C:\Windows\System\cWNJbtS.exe
  2⤵
  PID:14244
- C:\Windows\System\xdayfLK.exe
  C:\Windows\System\xdayfLK.exe
  2⤵
  PID:14280
- C:\Windows\System\qyJUGIc.exe
  C:\Windows\System\qyJUGIc.exe
  2⤵
  PID:14300
- C:\Windows\System\WPboDYO.exe
  C:\Windows\System\WPboDYO.exe
  2⤵
  PID:14328
- C:\Windows\System\NiGrKtT.exe
  C:\Windows\System\NiGrKtT.exe
  2⤵
  PID:8352
- C:\Windows\System\zuBPWKF.exe
  C:\Windows\System\zuBPWKF.exe
  2⤵
  PID:13352
- C:\Windows\System\YUppVaz.exe
  C:\Windows\System\YUppVaz.exe
  2⤵
  PID:8108
- C:\Windows\System\aFznQPu.exe
  C:\Windows\System\aFznQPu.exe
  2⤵
  PID:13408
- C:\Windows\System\pWqXBOc.exe
  C:\Windows\System\pWqXBOc.exe
  2⤵
  PID:8148
- C:\Windows\System\YICltMU.exe
  C:\Windows\System\YICltMU.exe
  2⤵
  PID:4668
- C:\Windows\System\NtUnElv.exe
  C:\Windows\System\NtUnElv.exe
  2⤵
  PID:444
- C:\Windows\System\RhkNDII.exe
  C:\Windows\System\RhkNDII.exe
  2⤵
  PID:8856
- C:\Windows\System\fddQcdI.exe
  C:\Windows\System\fddQcdI.exe
  2⤵
  PID:3784
- C:\Windows\System\SckBwtX.exe
  C:\Windows\System\SckBwtX.exe
  2⤵
  PID:13608
- C:\Windows\System\QrGqOSL.exe
  C:\Windows\System\QrGqOSL.exe
  2⤵
  PID:7312
- C:\Windows\System\pLIGZZo.exe
  C:\Windows\System\pLIGZZo.exe
  2⤵
  PID:13672
- C:\Windows\System\QRMgbsO.exe
  C:\Windows\System\QRMgbsO.exe
  2⤵
  PID:13720
- C:\Windows\System\Ytmdvjr.exe
  C:\Windows\System\Ytmdvjr.exe
  2⤵
  PID:13756
- C:\Windows\System\bqqPdkj.exe
  C:\Windows\System\bqqPdkj.exe
  2⤵
  PID:7548
- C:\Windows\System\aYpJZjD.exe
  C:\Windows\System\aYpJZjD.exe
  2⤵
  PID:13844
- C:\Windows\System\AyFAleX.exe
  C:\Windows\System\AyFAleX.exe
  2⤵
  PID:9444
- C:\Windows\System\uGNhrLl.exe
  C:\Windows\System\uGNhrLl.exe
  2⤵
  PID:13920
- C:\Windows\System\jxZfCvn.exe
  C:\Windows\System\jxZfCvn.exe
  2⤵
  PID:7776
- C:\Windows\System\gjPxsnX.exe
  C:\Windows\System\gjPxsnX.exe
  2⤵
  PID:13984
- C:\Windows\System\wGQThcG.exe
  C:\Windows\System\wGQThcG.exe
  2⤵
  PID:14012
- C:\Windows\System\EDqUJwP.exe
  C:\Windows\System\EDqUJwP.exe
  2⤵
  PID:7928
- C:\Windows\System\FxcYTPp.exe
  C:\Windows\System\FxcYTPp.exe
  2⤵
  PID:7816
- C:\Windows\System\qspBTAT.exe
  C:\Windows\System\qspBTAT.exe
  2⤵
  PID:14120
- C:\Windows\System\axucIUW.exe
  C:\Windows\System\axucIUW.exe
  2⤵
  PID:14168
- C:\Windows\System\mlOPTab.exe
  C:\Windows\System\mlOPTab.exe
  2⤵
  PID:14232
- C:\Windows\System\nHndREr.exe
  C:\Windows\System\nHndREr.exe
  2⤵
  PID:8132
- C:\Windows\System\sgEzkNw.exe
  C:\Windows\System\sgEzkNw.exe
  2⤵
  PID:14296
- C:\Windows\System\ppyVlaa.exe
  C:\Windows\System\ppyVlaa.exe
  2⤵
  PID:8052
- C:\Windows\System\nDtzDsG.exe
  C:\Windows\System\nDtzDsG.exe
  2⤵
  PID:13380
- C:\Windows\System\ujuRxGG.exe
  C:\Windows\System\ujuRxGG.exe
  2⤵
  PID:13436
- C:\Windows\System\VeDUliy.exe
  C:\Windows\System\VeDUliy.exe
  2⤵
  PID:13496
- C:\Windows\System\gdTRcPR.exe
  C:\Windows\System\gdTRcPR.exe
  2⤵
  PID:9976
- C:\Windows\System\TMpIfeT.exe
  C:\Windows\System\TMpIfeT.exe
  2⤵
  PID:10008
- C:\Windows\System\fxvJyeZ.exe
  C:\Windows\System\fxvJyeZ.exe
  2⤵
  PID:2080
- C:\Windows\System\bSvUist.exe
  C:\Windows\System\bSvUist.exe
  2⤵
  PID:10064
- C:\Windows\System\pKnAnbT.exe
  C:\Windows\System\pKnAnbT.exe
  2⤵
  PID:13700
- C:\Windows\System\IFIXVVo.exe
  C:\Windows\System\IFIXVVo.exe
  2⤵
  PID:13732
- C:\Windows\System\JKhbKGK.exe
  C:\Windows\System\JKhbKGK.exe
  2⤵
  PID:10188
- C:\Windows\System\Uiycfjb.exe
  C:\Windows\System\Uiycfjb.exe
  2⤵
  PID:13868
- C:\Windows\System\vCGkGeE.exe
  C:\Windows\System\vCGkGeE.exe
  2⤵
  PID:9472
- C:\Windows\System\BguBbGn.exe
  C:\Windows\System\BguBbGn.exe
  2⤵
  PID:7780
- C:\Windows\System\PjJfhLN.exe
  C:\Windows\System\PjJfhLN.exe
  2⤵
  PID:9572
- C:\Windows\System\FSArYdg.exe
  C:\Windows\System\FSArYdg.exe
  2⤵
  PID:14040
- C:\Windows\System\mJpCpoV.exe
  C:\Windows\System\mJpCpoV.exe
  2⤵
  PID:14112
- C:\Windows\System\ohuqFcy.exe
  C:\Windows\System\ohuqFcy.exe
  2⤵
  PID:14148
- C:\Windows\System\nPMoobJ.exe
  C:\Windows\System\nPMoobJ.exe
  2⤵
  PID:9800
- C:\Windows\System\OIehvmA.exe
  C:\Windows\System\OIehvmA.exe
  2⤵
  PID:8440
- C:\Windows\System\NgyjBVF.exe
  C:\Windows\System\NgyjBVF.exe
  2⤵
  PID:9900
- C:\Windows\System\bGsfHOz.exe
  C:\Windows\System\bGsfHOz.exe
  2⤵
  PID:9956
- C:\Windows\System\jjNtaCn.exe
  C:\Windows\System\jjNtaCn.exe
  2⤵
  PID:10024
- C:\Windows\System\UQLofay.exe
  C:\Windows\System\UQLofay.exe
  2⤵
  PID:13552
- C:\Windows\System\HwuJbzb.exe
  C:\Windows\System\HwuJbzb.exe
  2⤵
  PID:10036
- C:\Windows\System\QqMJfoM.exe
  C:\Windows\System\QqMJfoM.exe
  2⤵
  PID:10092
- C:\Windows\System\HgGrNfp.exe
  C:\Windows\System\HgGrNfp.exe
  2⤵
  PID:13788
- C:\Windows\System\ZXHtXeJ.exe
  C:\Windows\System\ZXHtXeJ.exe
  2⤵
  PID:10208
- C:\Windows\System\FKOviaW.exe
  C:\Windows\System\FKOviaW.exe
  2⤵
  PID:9268
- C:\Windows\System\FHJRIGV.exe
  C:\Windows\System\FHJRIGV.exe
  2⤵
  PID:4796
- C:\Windows\System\eZCmmvZ.exe
  C:\Windows\System\eZCmmvZ.exe
  2⤵
  PID:7900
- C:\Windows\System\huouJys.exe
  C:\Windows\System\huouJys.exe
  2⤵
  PID:7956
- C:\Windows\System\qStEFUz.exe
  C:\Windows\System\qStEFUz.exe
  2⤵
  PID:14288
- C:\Windows\System\LnOnPvn.exe
  C:\Windows\System\LnOnPvn.exe
  2⤵
  PID:2540
- C:\Windows\System\VtVwxQq.exe
  C:\Windows\System\VtVwxQq.exe
  2⤵
  PID:3636
- C:\Windows\System\SNPLdCS.exe
  C:\Windows\System\SNPLdCS.exe
  2⤵
  PID:7436
- C:\Windows\System\LoQccNX.exe
  C:\Windows\System\LoQccNX.exe
  2⤵
  PID:10292
- C:\Windows\System\KeUdjAm.exe
  C:\Windows\System\KeUdjAm.exe
  2⤵
  PID:9484
- C:\Windows\System\wpmjzAd.exe
  C:\Windows\System\wpmjzAd.exe
  2⤵
  PID:13916
- C:\Windows\System\QmdkVsh.exe
  C:\Windows\System\QmdkVsh.exe
  2⤵
  PID:7984
- C:\Windows\System\RwhvxkE.exe
  C:\Windows\System\RwhvxkE.exe
  2⤵
  PID:9788
- C:\Windows\System\xqnaGRy.exe
  C:\Windows\System\xqnaGRy.exe
  2⤵
  PID:10020
- C:\Windows\System\hBpNKXA.exe
  C:\Windows\System\hBpNKXA.exe
  2⤵
  PID:7632
- C:\Windows\System\GaWptLj.exe
  C:\Windows\System\GaWptLj.exe
  2⤵
  PID:10608
- C:\Windows\System\Mqdscci.exe
  C:\Windows\System\Mqdscci.exe
  2⤵
  PID:8996
- C:\Windows\System\lBEWudh.exe
  C:\Windows\System\lBEWudh.exe
  2⤵
  PID:14208
- C:\Windows\System\LsdsFHw.exe
  C:\Windows\System\LsdsFHw.exe
  2⤵
  PID:9396
- C:\Windows\System\FHPKmdE.exe
  C:\Windows\System\FHPKmdE.exe
  2⤵
  PID:10764
- C:\Windows\System\GSxlGrw.exe
  C:\Windows\System\GSxlGrw.exe
  2⤵
  PID:10624
- C:\Windows\System\WiQRoxB.exe
  C:\Windows\System\WiQRoxB.exe
  2⤵
  PID:10848
- C:\Windows\System\CPUZhcI.exe
  C:\Windows\System\CPUZhcI.exe
  2⤵
  PID:10568
- C:\Windows\System\OAEKxNy.exe
  C:\Windows\System\OAEKxNy.exe
  2⤵
  PID:10820
- C:\Windows\System\KQoFoQk.exe
  C:\Windows\System\KQoFoQk.exe
  2⤵
  PID:10708
- C:\Windows\System\sbmcUsw.exe
  C:\Windows\System\sbmcUsw.exe
  2⤵
  PID:10632
- C:\Windows\System\PRjMsbf.exe
  C:\Windows\System\PRjMsbf.exe
  2⤵
  PID:11052
- C:\Windows\System\yveFxNA.exe
  C:\Windows\System\yveFxNA.exe
  2⤵
  PID:11016
- C:\Windows\System\LErLfAL.exe
  C:\Windows\System\LErLfAL.exe
  2⤵
  PID:11136
- C:\Windows\System\ySCVwRs.exe
  C:\Windows\System\ySCVwRs.exe
  2⤵
  PID:11160
- C:\Windows\System\XExWHWN.exe
  C:\Windows\System\XExWHWN.exe
  2⤵
  PID:14344
- C:\Windows\System\uSBGmyT.exe
  C:\Windows\System\uSBGmyT.exe
  2⤵
  PID:14372
- C:\Windows\System\SMeGvcV.exe
  C:\Windows\System\SMeGvcV.exe
  2⤵
  PID:14400
- C:\Windows\System\VczObvX.exe
  C:\Windows\System\VczObvX.exe
  2⤵
  PID:14428
- C:\Windows\System\fdgYOLD.exe
  C:\Windows\System\fdgYOLD.exe
  2⤵
  PID:14456
- C:\Windows\System\KtSNgaI.exe
  C:\Windows\System\KtSNgaI.exe
  2⤵
  PID:14472
- C:\Windows\System\ASOKTqr.exe
  C:\Windows\System\ASOKTqr.exe
  2⤵
  PID:14512
- C:\Windows\System\TCaeSbk.exe
  C:\Windows\System\TCaeSbk.exe
  2⤵
  PID:14540
- C:\Windows\System\AogUoJA.exe
  C:\Windows\System\AogUoJA.exe
  2⤵
  PID:14580
- C:\Windows\System\QCShrXq.exe
  C:\Windows\System\QCShrXq.exe
  2⤵
  PID:14596
- C:\Windows\System\scqjGiD.exe
  C:\Windows\System\scqjGiD.exe
  2⤵
  PID:14624
- C:\Windows\System\PwgSWFx.exe
  C:\Windows\System\PwgSWFx.exe
  2⤵
  PID:14652
- C:\Windows\System\RvhnnLO.exe
  C:\Windows\System\RvhnnLO.exe
  2⤵
  PID:14680
- C:\Windows\System\xWIVtFA.exe
  C:\Windows\System\xWIVtFA.exe
  2⤵
  PID:14708
- C:\Windows\System\FDvOWQK.exe
  C:\Windows\System\FDvOWQK.exe
  2⤵
  PID:14736
- C:\Windows\System\xKAjwvG.exe
  C:\Windows\System\xKAjwvG.exe
  2⤵
  PID:14764
- C:\Windows\System\WmHWmsA.exe
  C:\Windows\System\WmHWmsA.exe
  2⤵
  PID:14792
- C:\Windows\System\ibxsTPH.exe
  C:\Windows\System\ibxsTPH.exe
  2⤵
  PID:14820
- C:\Windows\System\QBpvbZu.exe
  C:\Windows\System\QBpvbZu.exe
  2⤵
  PID:14848
- C:\Windows\System\bnjheJI.exe
  C:\Windows\System\bnjheJI.exe
  2⤵
  PID:14876
- C:\Windows\System\DfvQyMu.exe
  C:\Windows\System\DfvQyMu.exe
  2⤵
  PID:14904
- C:\Windows\System\cfnxJLe.exe
  C:\Windows\System\cfnxJLe.exe
  2⤵
  PID:14932
- C:\Windows\System\hLSwWgQ.exe
  C:\Windows\System\hLSwWgQ.exe
  2⤵
  PID:14964
- C:\Windows\System\NYothVH.exe
  C:\Windows\System\NYothVH.exe
  2⤵
  PID:14992
- C:\Windows\System\WGvRMzp.exe
  C:\Windows\System\WGvRMzp.exe
  2⤵
  PID:15020
- C:\Windows\System\OiKZqsW.exe
  C:\Windows\System\OiKZqsW.exe
  2⤵
  PID:15048
- C:\Windows\System\ZbLqjNN.exe
  C:\Windows\System\ZbLqjNN.exe
  2⤵
  PID:15076
- C:\Windows\System\vmJTSAj.exe
  C:\Windows\System\vmJTSAj.exe
  2⤵
  PID:15104
- C:\Windows\System\NQAAEMF.exe
  C:\Windows\System\NQAAEMF.exe
  2⤵
  PID:15132
- C:\Windows\System\WPkopoO.exe
  C:\Windows\System\WPkopoO.exe
  2⤵
  PID:15160
- C:\Windows\System\JYCneLe.exe
  C:\Windows\System\JYCneLe.exe
  2⤵
  PID:15188
- C:\Windows\System\OnjGjRR.exe
  C:\Windows\System\OnjGjRR.exe
  2⤵
  PID:15216
- C:\Windows\System\xPDZXfW.exe
  C:\Windows\System\xPDZXfW.exe
  2⤵
  PID:15244
- C:\Windows\System\LZDbrJG.exe
  C:\Windows\System\LZDbrJG.exe
  2⤵
  PID:15272
- C:\Windows\System\hoGovTZ.exe
  C:\Windows\System\hoGovTZ.exe
  2⤵
  PID:15300
- C:\Windows\System\rQYLkmI.exe
  C:\Windows\System\rQYLkmI.exe
  2⤵
  PID:15328
- C:\Windows\System\DGiwhrl.exe
  C:\Windows\System\DGiwhrl.exe
  2⤵
  PID:15356
- C:\Windows\System\lJSqAhi.exe
  C:\Windows\System\lJSqAhi.exe
  2⤵
  PID:14368
- C:\Windows\System\TPkRlRV.exe
  C:\Windows\System\TPkRlRV.exe
  2⤵
  PID:10260
- C:\Windows\System\CMvLtAr.exe
  C:\Windows\System\CMvLtAr.exe
  2⤵
  PID:14452
- C:\Windows\System\jsUtYOy.exe
  C:\Windows\System\jsUtYOy.exe
  2⤵
  PID:5152
- C:\Windows\System\IDHnQSp.exe
  C:\Windows\System\IDHnQSp.exe
  2⤵
  PID:2832
- C:\Windows\System\NZvExiP.exe
  C:\Windows\System\NZvExiP.exe
  2⤵
  PID:14528
- C:\Windows\System\XaoAsYB.exe
  C:\Windows\System\XaoAsYB.exe
  2⤵
  PID:10636
- C:\Windows\System\pvEHbOP.exe
  C:\Windows\System\pvEHbOP.exe
  2⤵
  PID:10768
- C:\Windows\System\bWZdxpg.exe
  C:\Windows\System\bWZdxpg.exe
  2⤵
  PID:14620
- C:\Windows\System\QGPHkop.exe
  C:\Windows\System\QGPHkop.exe
  2⤵
  PID:14692
- C:\Windows\System\iWChCfE.exe
  C:\Windows\System\iWChCfE.exe
  2⤵
  PID:14732
- C:\Windows\System\cRWJIXu.exe
  C:\Windows\System\cRWJIXu.exe
  2⤵
  PID:10420
- C:\Windows\System\ajRyjYI.exe
  C:\Windows\System\ajRyjYI.exe
  2⤵
  PID:14804
- C:\Windows\System\dUaqCEY.exe
  C:\Windows\System\dUaqCEY.exe
  2⤵
  PID:10452
- C:\Windows\System\mWTUykY.exe
  C:\Windows\System\mWTUykY.exe
  2⤵
  PID:14868
- C:\Windows\System\nWyRQvN.exe
  C:\Windows\System\nWyRQvN.exe
  2⤵
  PID:7500
- C:\Windows\System\qtHuKig.exe
  C:\Windows\System\qtHuKig.exe
  2⤵
  PID:14956
- C:\Windows\System\vMmjSTU.exe
  C:\Windows\System\vMmjSTU.exe
  2⤵
  PID:14988
- C:\Windows\System\dmyZzUz.exe
  C:\Windows\System\dmyZzUz.exe
  2⤵
  PID:11076
- C:\Windows\System\coGQqLu.exe
  C:\Windows\System\coGQqLu.exe
  2⤵
  PID:11292
- C:\Windows\System\JQiIZuf.exe
  C:\Windows\System\JQiIZuf.exe
  2⤵
  PID:11348
- C:\Windows\System\wAelGvC.exe
  C:\Windows\System\wAelGvC.exe
  2⤵
  PID:15152
- C:\Windows\System\qcmkBYo.exe
  C:\Windows\System\qcmkBYo.exe
  2⤵
  PID:15204
- C:\Windows\System\IrrcZgn.exe
  C:\Windows\System\IrrcZgn.exe
  2⤵
  PID:15228
- C:\Windows\System\shmRMwM.exe
  C:\Windows\System\shmRMwM.exe
  2⤵
  PID:11524
- C:\Windows\System\lvJnCHU.exe
  C:\Windows\System\lvJnCHU.exe
  2⤵
  PID:11544
- C:\Windows\System\AqXpNJV.exe
  C:\Windows\System\AqXpNJV.exe
  2⤵
  PID:15352
- C:\Windows\System\fzllbzP.exe
  C:\Windows\System\fzllbzP.exe
  2⤵
  PID:11600
- C:\Windows\System\alwJMeG.exe
  C:\Windows\System\alwJMeG.exe
  2⤵
  PID:10300
- C:\Windows\System\eVMIKdc.exe
  C:\Windows\System\eVMIKdc.exe
  2⤵
  PID:1528
- C:\Windows\System\njtLYSl.exe
  C:\Windows\System\njtLYSl.exe
  2⤵
  PID:10500
- C:\Windows\System\VsDCeur.exe
  C:\Windows\System\VsDCeur.exe
  2⤵
  PID:10696
- C:\Windows\System\JRyDyTT.exe
  C:\Windows\System\JRyDyTT.exe
  2⤵
  PID:10808
- C:\Windows\System\jitXMoS.exe
  C:\Windows\System\jitXMoS.exe
  2⤵
  PID:14720
- C:\Windows\System\cooPwKK.exe
  C:\Windows\System\cooPwKK.exe
  2⤵
  PID:14760
- C:\Windows\System\hqGDMaL.exe
  C:\Windows\System\hqGDMaL.exe
  2⤵
  PID:14832
- C:\Windows\System\CywoCLL.exe
  C:\Windows\System\CywoCLL.exe
  2⤵
  PID:2472
- C:\Windows\System\EOrBSxZ.exe
  C:\Windows\System\EOrBSxZ.exe
  2⤵
  PID:14896
- C:\Windows\System\qzPWeWF.exe
  C:\Windows\System\qzPWeWF.exe
  2⤵
  PID:14984
- C:\Windows\System\bCElfXF.exe
  C:\Windows\System\bCElfXF.exe
  2⤵
  PID:15096
- C:\Windows\System\xhLJuKT.exe
  C:\Windows\System\xhLJuKT.exe
  2⤵
  PID:11376
- C:\Windows\System\bDgpPry.exe
  C:\Windows\System\bDgpPry.exe
  2⤵
  PID:15256
- C:\Windows\System\TVarEhA.exe
  C:\Windows\System\TVarEhA.exe
  2⤵
  PID:15324
- C:\Windows\System\SSYirBv.exe
  C:\Windows\System\SSYirBv.exe
  2⤵
  PID:11608
- C:\Windows\System\jtTOsxw.exe
  C:\Windows\System\jtTOsxw.exe
  2⤵
  PID:11380
- C:\Windows\System\mDpRTpb.exe
  C:\Windows\System\mDpRTpb.exe
  2⤵
  PID:10532
- C:\Windows\System\oigWyim.exe
  C:\Windows\System\oigWyim.exe
  2⤵
  PID:14672
- C:\Windows\System\IxXtuYS.exe
  C:\Windows\System\IxXtuYS.exe
  2⤵
  PID:14784
- C:\Windows\System\TCoCsSz.exe
  C:\Windows\System\TCoCsSz.exe
  2⤵
  PID:8952
- C:\Windows\System\TBWaoJI.exe
  C:\Windows\System\TBWaoJI.exe
  2⤵
  PID:11300
- C:\Windows\System\uJAanin.exe
  C:\Windows\System\uJAanin.exe
  2⤵
  PID:11468
- C:\Windows\System\cRTCFMa.exe
  C:\Windows\System\cRTCFMa.exe
  2⤵
  PID:11552
- C:\Windows\System\EUGpTot.exe
  C:\Windows\System\EUGpTot.exe
  2⤵
  PID:11712
- C:\Windows\System\KoBTMSk.exe
  C:\Windows\System\KoBTMSk.exe
  2⤵
  PID:11920
- C:\Windows\System\pfwLuoA.exe
  C:\Windows\System\pfwLuoA.exe
  2⤵
  PID:15072
- C:\Windows\System\AzYdADT.exe
  C:\Windows\System\AzYdADT.exe
  2⤵
  PID:11244
- C:\Windows\System\kozICXZ.exe
  C:\Windows\System\kozICXZ.exe
  2⤵
  PID:10712
- C:\Windows\System\GtGPlZe.exe
  C:\Windows\System\GtGPlZe.exe
  2⤵
  PID:11996
- C:\Windows\System\pabqmpp.exe
  C:\Windows\System\pabqmpp.exe
  2⤵
  PID:15376
- C:\Windows\System\jWvxSOw.exe
  C:\Windows\System\jWvxSOw.exe
  2⤵
  PID:15404
- C:\Windows\System\TQOaRmN.exe
  C:\Windows\System\TQOaRmN.exe
  2⤵
  PID:15432
- C:\Windows\System\SIDtDor.exe
  C:\Windows\System\SIDtDor.exe
  2⤵
  PID:15460
- C:\Windows\System\AtcehEF.exe
  C:\Windows\System\AtcehEF.exe
  2⤵
  PID:15480
- C:\Windows\System\ZIENvCM.exe
  C:\Windows\System\ZIENvCM.exe
  2⤵
  PID:15516
- C:\Windows\System\blrISEo.exe
  C:\Windows\System\blrISEo.exe
  2⤵
  PID:15544
- C:\Windows\System\jsIjhYl.exe
  C:\Windows\System\jsIjhYl.exe
  2⤵
  PID:15572
- C:\Windows\System\NWWSTRT.exe
  C:\Windows\System\NWWSTRT.exe
  2⤵
  PID:15600
- C:\Windows\System\PYsXUSI.exe
  C:\Windows\System\PYsXUSI.exe
  2⤵
  PID:15628
- C:\Windows\System\htfMfYI.exe
  C:\Windows\System\htfMfYI.exe
  2⤵
  PID:15656
- C:\Windows\System\kLpfxza.exe
  C:\Windows\System\kLpfxza.exe
  2⤵
  PID:15684
- C:\Windows\System\MNikqyJ.exe
  C:\Windows\System\MNikqyJ.exe
  2⤵
  PID:15712
- C:\Windows\System\CvQnexd.exe
  C:\Windows\System\CvQnexd.exe
  2⤵
  PID:15752
- C:\Windows\System\DAypQWb.exe
  C:\Windows\System\DAypQWb.exe
  2⤵
  PID:15768
- C:\Windows\System\mZlJdCo.exe
  C:\Windows\System\mZlJdCo.exe
  2⤵
  PID:15796
- C:\Windows\System\wvDsEQZ.exe
  C:\Windows\System\wvDsEQZ.exe
  2⤵
  PID:15824
- C:\Windows\System\lNbmbIK.exe
  C:\Windows\System\lNbmbIK.exe
  2⤵
  PID:15852
- C:\Windows\System\cFHNvuu.exe
  C:\Windows\System\cFHNvuu.exe
  2⤵
  PID:15884
- C:\Windows\System\XpCvksR.exe
  C:\Windows\System\XpCvksR.exe
  2⤵
  PID:15912
- C:\Windows\System\aPmcWsx.exe
  C:\Windows\System\aPmcWsx.exe
  2⤵
  PID:15940
- C:\Windows\System\MzhJhbh.exe
  C:\Windows\System\MzhJhbh.exe
  2⤵
  PID:15968
- C:\Windows\System\DNRwxgL.exe
  C:\Windows\System\DNRwxgL.exe
  2⤵
  PID:15996
- C:\Windows\System\CaSCGSp.exe
  C:\Windows\System\CaSCGSp.exe
  2⤵
  PID:16024
- C:\Windows\System\gQfgBHB.exe
  C:\Windows\System\gQfgBHB.exe
  2⤵
  PID:16052
- C:\Windows\System\BGjsPHu.exe
  C:\Windows\System\BGjsPHu.exe
  2⤵
  PID:16080
- C:\Windows\System\OZcoVFp.exe
  C:\Windows\System\OZcoVFp.exe
  2⤵
  PID:16108
- C:\Windows\System\ffAQSCX.exe
  C:\Windows\System\ffAQSCX.exe
  2⤵
  PID:16136
- C:\Windows\System\qBJVUhe.exe
  C:\Windows\System\qBJVUhe.exe
  2⤵
  PID:16164
- C:\Windows\System\RXcrxRu.exe
  C:\Windows\System\RXcrxRu.exe
  2⤵
  PID:16192
- C:\Windows\System\Tpswaib.exe
  C:\Windows\System\Tpswaib.exe
  2⤵
  PID:16220
- C:\Windows\System\hBXFOsj.exe
  C:\Windows\System\hBXFOsj.exe
  2⤵
  PID:16248
- C:\Windows\System\AMOdxia.exe
  C:\Windows\System\AMOdxia.exe
  2⤵
  PID:16276
- C:\Windows\System\OmtdxDy.exe
  C:\Windows\System\OmtdxDy.exe
  2⤵
  PID:16304
- C:\Windows\System\kPrMclF.exe
  C:\Windows\System\kPrMclF.exe
  2⤵
  PID:16332
- C:\Windows\System\oJEUzmO.exe
  C:\Windows\System\oJEUzmO.exe
  2⤵
  PID:16360
- C:\Windows\System\PWVJJDQ.exe
  C:\Windows\System\PWVJJDQ.exe
  2⤵
  PID:15372
- C:\Windows\System\rmYWhGm.exe
  C:\Windows\System\rmYWhGm.exe
  2⤵
  PID:15396
- C:\Windows\System\JfnHLIb.exe
  C:\Windows\System\JfnHLIb.exe
  2⤵
  PID:15452
- C:\Windows\System\ADIBbFL.exe
  C:\Windows\System\ADIBbFL.exe
  2⤵
  PID:15488
- C:\Windows\System\aXgAVFk.exe
  C:\Windows\System\aXgAVFk.exe
  2⤵
  PID:15540
- C:\Windows\System\IHHnwJL.exe
  C:\Windows\System\IHHnwJL.exe
  2⤵
  PID:15596
- C:\Windows\System\CjtfWUx.exe
  C:\Windows\System\CjtfWUx.exe
  2⤵
  PID:15668
- C:\Windows\System\lqJSFQe.exe
  C:\Windows\System\lqJSFQe.exe
  2⤵
  PID:15724
- C:\Windows\System\IbSGKlq.exe
  C:\Windows\System\IbSGKlq.exe
  2⤵
  PID:15780
- C:\Windows\System\TANnVoh.exe
  C:\Windows\System\TANnVoh.exe
  2⤵
  PID:15816
- C:\Windows\System\hCLNuwh.exe
  C:\Windows\System\hCLNuwh.exe
  2⤵
  PID:15864
- C:\Windows\System\YYrWfEw.exe
  C:\Windows\System\YYrWfEw.exe
  2⤵
  PID:15932
- C:\Windows\System\amhpYSZ.exe
  C:\Windows\System\amhpYSZ.exe
  2⤵
  PID:9852
- C:\Windows\System\gORbtML.exe
  C:\Windows\System\gORbtML.exe
  2⤵
  PID:16044
- C:\Windows\System\fyJBWxf.exe
  C:\Windows\System\fyJBWxf.exe
  2⤵
  PID:16100
- C:\Windows\System\ZPoOxZt.exe
  C:\Windows\System\ZPoOxZt.exe
  2⤵
  PID:16176
- C:\Windows\System\TpVYWCS.exe
  C:\Windows\System\TpVYWCS.exe
  2⤵
  PID:16240
- C:\Windows\System\dhsVgcG.exe
  C:\Windows\System\dhsVgcG.exe
  2⤵
  PID:16300
- C:\Windows\System\vrDKFqg.exe
  C:\Windows\System\vrDKFqg.exe
  2⤵
  PID:16372
- C:\Windows\System\TyiKPNa.exe
  C:\Windows\System\TyiKPNa.exe
  2⤵
  PID:9348
- C:\Windows\System\sYJKMjy.exe
  C:\Windows\System\sYJKMjy.exe
  2⤵
  PID:15500
- C:\Windows\System\EFalich.exe
  C:\Windows\System\EFalich.exe
  2⤵
  PID:9556
- C:\Windows\System\YWebYNq.exe
  C:\Windows\System\YWebYNq.exe
  2⤵
  PID:15748
- C:\Windows\System\IcIcPfj.exe
  C:\Windows\System\IcIcPfj.exe
  2⤵
  PID:15848
- C:\Windows\System\usUtLHL.exe
  C:\Windows\System\usUtLHL.exe
  2⤵
  PID:9856
- C:\Windows\System\zIXejRB.exe
  C:\Windows\System\zIXejRB.exe
  2⤵
  PID:16216
- C:\Windows\System\jTMOtBJ.exe
  C:\Windows\System\jTMOtBJ.exe
  2⤵
  PID:16296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\EPTexjx.exe

Filesize
6.0MB

MD5
ff4d7d2e12dfd676256ef39f9e02f3bc

SHA1
6466728d3659e56e7ff80c585a9b2f54ea154df0

SHA256
a064fc7de459b74d3c6c4e41ed231ff2b56858188072dab6d7dc6ce30cefa260

SHA512
6ff39bb807a0223bfcc36e1201428db0d0d165a612cf07a272acc56da093a6c193abfbcfebb365ac68ac1dd6e4526af529b5db8c1cd929826fd601527e8852d8

Download Submit
C:\Windows\System\FHWhOvn.exe

Filesize
6.0MB

MD5
a22bf8d9f72cdcc239ba0dfa8813c62a

SHA1
5ef7b34d8628f41eeb6a9af8926fa866e44b7fa9

SHA256
2523c1d98e1b2d24f11cdbe2d74925b656d53e1cdd2c9b8763d52fd56b050be5

SHA512
7c0ff9eb6dbf95b8fc814ccfe219b684a291268c15b1f4b3b23b1114567d6eb60a1b5150acfa2eb3b98830bb366c551372fc0d2cbc796d5e36298ec0e06648aa

Download Submit
C:\Windows\System\FaKeGwi.exe

Filesize
6.0MB

MD5
4bd948e84f2ff5c58354d5165b330863

SHA1
4d9d2ad9dfc2ef6aa959575d9714a5c70706ecf0

SHA256
23dd5825a24a4f009cf70a09084472a560526a6e522641a545522ceaece35c88

SHA512
029f65bb0501c1d505443caa7e334b5954147f5180cb2b31287a9cc26c9d3eb7080c53d3e792fc7bb0ea9e2c5c4a80575c8d047e664cfe416b6992278c1f4910

Download Submit
C:\Windows\System\GpPwJrn.exe

Filesize
6.0MB

MD5
27c0a29e3729aca4bd1c2199912ad1af

SHA1
41ab6c0d76d52141eb9c215bc3f61dc18774c049

SHA256
f7217078a251fd107704c94f69091f948d02ab6e8df228d3124b04ea066de374

SHA512
801fa28017dde2f680470408e54100fcde102a3c304c76ccafefb24f72476a05388a2ea1b69516e72525991528f499afb0a9ac4a9aee1c5a6a0bae43cf26d3d7

Download Submit
C:\Windows\System\HABmeZb.exe

Filesize
6.0MB

MD5
781b0f39543e49723f58fea1309b7698

SHA1
8e6097d2d3ee94359f81476137d10a0e7c0ca117

SHA256
1c1bb6f97e68bc82a314235d4bafc0faa4c90467251c4714819202e977550df3

SHA512
c9628fb73e63d684d11ebb5052f7762f086036305ebdf78684347c5ca0be968db51c572d31b37f46e89fac3a232370bdfa57e7139656ceceefaba22aff3ab8a4

Download Submit
C:\Windows\System\HJaWHoD.exe

Filesize
6.0MB

MD5
df9e4ce6e32f6f976ece7a496db7e57d

SHA1
b7d7106ea459e6df2e5c33309f11109d8fdbabe7

SHA256
416096421da1080822758c929628f6547f7be10785a6a130393f7976733e34f7

SHA512
0380aded0f922e2cf1de9e30f763bed9c4076a141b2fb6eb37073377986b26e09abde5991674655403f2222735800bb03dd5ff60f1b9ca4071e3a97d7d99efb5

Download Submit
C:\Windows\System\HKTkbtj.exe

Filesize
6.0MB

MD5
6224c6a4a3f637bef153c665421829f1

SHA1
8a483f27e8cae8551540cfe588d3491c2f51324a

SHA256
5e65bae7026fe78da0d97ed8e5edb015d314b36478c170275c9067d1908b2745

SHA512
4cbcc63ac6b17bb85de5cb8e64476f02145abc723dc7ec0da98cbdc73b36ea60e1c592041a8c1669046637e4d47907e8a286f5d899b3c192ab9fa571a91d6213

Download Submit
C:\Windows\System\IjWePIU.exe

Filesize
6.0MB

MD5
327ae6bb3115b8945b4e370db1839df9

SHA1
b2447ef61fe9645d3784f2ef8054b89b54296b6a

SHA256
e7d0157d978793fab7720f86224805b86abd2c6a8e9e929e128014908be923fd

SHA512
5d6cbbe137f00a13a28c68e3b2083ea84bb5fe5bc6d678d301765d0c9f5a20bb4a74cf004ddc3a968d3b71ee6ad7673614d138dca6e0bfc1b1b16a48b6082349

Download Submit
C:\Windows\System\JAmsYkW.exe

Filesize
6.0MB

MD5
e85ea1aa4205cb345f83b6bb616355a0

SHA1
1173a4bd1c6a69de29c50b58ef41332895645917

SHA256
c9396fd2add897ef42258a69aa3bc5ea41dcdd9bde98793bbc56173400f3d232

SHA512
dbeec57d4fcf359c72f6f63a59bcdb59c4b24d90208250481223af8ea8b908e514c8e30e95116ef1510d225410545a3ad06c38245dbf876a7cd98c80f2270eac

Download Submit
C:\Windows\System\JiWICiP.exe

Filesize
6.0MB

MD5
084059a9c67d69477f59b47b68780852

SHA1
eb7e6035baec2c1cbc451864b9d7ccb40246c13e

SHA256
2c56ffbb9613162398f16235e41d8841cad1ce6ba3405be66b37b6f65cb952df

SHA512
89600adb64559f42a572bd78706c975ac5c08978e387085cc8fbed68831ecc509ccac8ad864d36ea66553ab51e4eac5de4f35ee3c5633cbbb646c9ac2b0fe993

Download Submit
C:\Windows\System\RekiRYp.exe

Filesize
6.0MB

MD5
9ceb39d5e080a3563704bcb507c2a1d3

SHA1
1828ef125e7aecae90a02916e4de94d30e428ad2

SHA256
5e30a97792ac7c665814203fe99a7ad5bbb851e2bf214a17ed7afd4b4f0247f0

SHA512
a2a377c4b7b573237b8a10a30d0ecac45919967218afafb359cd51bbe3775052a3939cd9a8a100a87abcfdc1d1b0220dcbfc0d17e924a738d3dc28d18afff97c

Download Submit
C:\Windows\System\UAMiWUJ.exe

Filesize
6.0MB

MD5
fe1136b6dfb4a189e0d48d6f244d2818

SHA1
30da19b1bea0c48ec68eb0b7927c9a235021b91f

SHA256
f780456d1e90dc97397cadcbaed46a28d11667d947f057f102c27290308fd56e

SHA512
7e9fc09cd6b48e6a748809b1c9e12aa1f09fb00821fc34421e06124f752628c8e588e0e19bc10f3fc3e680a2e5eda7fc3a15fe2039e03ee917590877b10e32f7

Download Submit
C:\Windows\System\VcsCokH.exe

Filesize
6.0MB

MD5
25efb2f30f8045d8ddbdf5c45ecf9ac6

SHA1
3c702c2219084e394153921854865389a0a30473

SHA256
05447358e4c4162b095b1e2c62248fa7ad16627a8b61bf715cc06bbd826ae362

SHA512
e74d4a2ea5e0d994831cbb48da6164097cf508d172b394ed0dd945593aabf1d95d78654302432b679c4487e6e07c20eb6b0880491a411b4445c70f8d90f50025

Download Submit
C:\Windows\System\WuuCnIG.exe

Filesize
6.0MB

MD5
c0fc81078aa8b7fde451a47817f89784

SHA1
0c46b154b1d7b1f370482c4c21ae6807acb3e1a6

SHA256
638942c48614be9b518679873753396996d029c890fd20cc4787cfac34b07b26

SHA512
461a028bb4c61602f74a12442bb8c0be407eb36e6ac322a5849fbdcb4b2c49126bf48bb8218107d8e09252cf2ed4db32c7896207d53d40b974d2ae55b9c4195b

Download Submit
C:\Windows\System\YQBEHsr.exe

Filesize
6.0MB

MD5
2e50983b6681b0c5f5c1f8ebfa5256b4

SHA1
9908f1b95dc164311cd5647ae9e7b3193e08586a

SHA256
bea41bee456d679826c9387b7fd71cb3c254df1723b24463413c9d82c0aad9c9

SHA512
df70f3b1f6eef97d35e1cfe2badda18f02aefb50af30e126f71d2d7d0759bfd15f5b6ae7f2c7b3a263e95a9a364df939364d1cee4678ea1c4fc695df5a0cad69

Download Submit
C:\Windows\System\YnmodXh.exe

Filesize
6.0MB

MD5
45857c6b0815c7e51e454fc13dfe6167

SHA1
f2b4e0bf91d55866e2a5b0dea7b00e1a2aa6121b

SHA256
15a366628a66f1e290a7ed5028f458c1fbab366b9ed43a3b16d3014be59113d2

SHA512
4b4bcb45be3afafcb64edebcf244dbffb5511aa5563721220ddf9896d93dc9267f890cae8fccb6a60dd9501ce95c6fa4583b03720e5f5d1d408eafcb831b9954

Download Submit
C:\Windows\System\bBaMWpq.exe

Filesize
6.0MB

MD5
80f17d0b027df0af94c6e3b6fa41d3c5

SHA1
0f05638a9db033c96831994243170702568f3040

SHA256
1589546ff24029f7d2ea20b4263d4c590dea431fb884aabf62abfa644f1d22ea

SHA512
3d20820ee07a23424233c778ef800fd38981c65dc4d6e87f18cca1e2e39a876b781d50edeab64ce6dba4cd25a1b107d6836eef65248eb00b9242a84f5a13a972

Download Submit
C:\Windows\System\dJQXdJP.exe

Filesize
6.0MB

MD5
f58ab8e3eeaae241f71da293b3d1e7df

SHA1
2b455de6bc75cd977417c8220d898cf7873e74a9

SHA256
b6243133f2673ac1284f80063d82fc30e3cd9e57a128addc1d7ee4ea5da24508

SHA512
8554c5fc90cc5b6afe5026665e5e2d22187132791f3e38c10b0bf72ae63fa9cdf3380d91c5611a4408b06ba2f9c36ad44b4c14106ba76c76c62bf8f163da2484

Download Submit
C:\Windows\System\dZCxBEA.exe

Filesize
6.0MB

MD5
8252e997d82df13fe8ce4e7d8da6fb49

SHA1
263c8bea559024c8bc5faaba52a1a13608bbb0be

SHA256
ab00caa7978fb174a1478072f42ecaefc6c35a85ad5f62c8664a0500aac1e87a

SHA512
f9351a100cc6a4e0870cd6094e3499355665b798cc1ffffa1724840258971c39638ee2634d42f15229dda7aa1d1faa092c955ca4e89a073294c42c262e49fc49

Download Submit
C:\Windows\System\djnrFvJ.exe

Filesize
6.0MB

MD5
b479f4b59c6ce456cdfcb63f8c512c84

SHA1
f7d2c69d5921ef275260f46e1c37e7b7f882e39f

SHA256
db223b965c4b603026db81d00469d7e900ff100dd28d903b4fb4ce3a6bb8e0fa

SHA512
4f2676c061b188caef42b2f673b05dfea8dd31eb8deb29feaed81738255f7f9d6e2be31846bde1504ff2c59a6c44ce23faa50d59a4e07d04a1848cc01f03928c

Download Submit
C:\Windows\System\dpuXhWu.exe

Filesize
6.0MB

MD5
59f9e484e0d34db3784d8067a197feed

SHA1
49ee19d1cd9cdfb1603bc939f41be70c9e38c066

SHA256
051cf36322203fe5fef22a967d80b2c9788b55288805c214028ec7caa050c82f

SHA512
20f1a40398947064fb272d46e1cf57b0c0bee6847e718f07d5472d2865a20425fd0bf4316972c8fa0120ea8997f5959838cef50535dc6658a931fec31400a223

Download Submit
C:\Windows\System\eimZXYZ.exe

Filesize
6.0MB

MD5
c40b58102ea6ceac4ca1e876141655db

SHA1
dddce4c2442cc68bfd12199d766551326bbf4109

SHA256
3eee3d3c15ad759341a0a0ebbd7e5a869475cc770a62d6164b0960e1f904597d

SHA512
e859dcc0e5062828583c899d8f93b2ec8d4d53c5c26039d3d979879cc78c11e931920c83c72626f55ba1ebd70441b0c27dd9c7655cabedf5be47a47b51d59892

Download Submit
C:\Windows\System\foaLyWf.exe

Filesize
6.0MB

MD5
23b8eb679d9df81ee1fe4940a5843fa4

SHA1
f5ed76ff09337f64c84e74dafa285b67560b2b37

SHA256
48879386f59b1c618ac62aaf5d579e6a3d7fad1f89a7b836b0eda364aa766fd7

SHA512
10f130c0abaec1b4b357484fed545d5b45c3a790e6db6b87214dab07870801db9ac0ed35542a42077426700e86850ca6b894a6d97de59f9b6ddf18ef1d21d7fa

Download Submit
C:\Windows\System\hGnLqFp.exe

Filesize
6.0MB

MD5
f038321c67ab21f9d12187199c7bded5

SHA1
77916c414cd03de1ed2f41e9481eb0f50421b25f

SHA256
76ed4cabe9c09a763994f9b49acbec9c0b024ff4a6a1454b421969d9004d1e25

SHA512
64f4e6c0c889e401000543cb88728c57cfe01d1bee2519e0aac462601bb260fe6a74ed9a823a3458784f0bdff9b8c249442377acbdff9c48b3cd0f3ad2eea8dc

Download Submit
C:\Windows\System\hYAeWXB.exe

Filesize
6.0MB

MD5
1ce96335cd0f6614b9dd42790dcfed40

SHA1
d37d7339768f58f0a125dd796d22c4c152614e03

SHA256
70b65d8bb3cb474f388327bef35ec99b976fcba40005eebc3471d1fc01d1ac4d

SHA512
db57d4acb9d4441dbcc63f7941fb44374aca0af6c42cb8f00830e9f8c61be5f34d939617c92365edf9a53b45d7ec65a94fa8edc202abfdfc41978f16c314b836

Download Submit
C:\Windows\System\hblTPMn.exe

Filesize
6.0MB

MD5
2a5d89ba715361236fd523eed891bf75

SHA1
5c5dc6e6e60df1f65fd09c93485c982758f76ae4

SHA256
f3e98d3dc3bf3e76397a3e99305d5b86932eb0350055bd71c8f18ffca6bfe645

SHA512
c1bf187fa446b1b15334dea58d864a185c39b940d9b2fc3580ce842d7e8831dc835921cde822e71c2e6ec7d7e38d993f5f4ee3809ccf4842179d57abd99c3434

Download Submit
C:\Windows\System\hwtyoMH.exe

Filesize
6.0MB

MD5
9fb598bf01996ad7ebd111fd4d76737a

SHA1
261842ba8ba9a835b471f19ffebd8e07114e6961

SHA256
a7937a1b8299bf8a732343e168a0270ca3cf1f11d22bd1472ec3da374b7110fb

SHA512
d312fc162b9e9265c258578bd510904e9880bf6443c794e7b8d3728ee954156d72b8a0ec4ddcb5f25169e14166e195c7853ac140b41fc0bc2a65f02224e96db8

Download Submit
C:\Windows\System\lUDvXVN.exe

Filesize
6.0MB

MD5
603130b42cf7d43fc8fa7b1da916cf4a

SHA1
2cd252e607a6c1bbefd897266543bdd736a0136f

SHA256
8abc44e099dbee37b4d2b7206a17be2420c0974c47cda5541b8cf4a9f1f31d1f

SHA512
2180ce626fc399a667a1fc810dc597dabebdeaeb54f4db08ace994124175f6593fc323880138cf8b238c3a28a82362e4407456a4d1686e9d97d58e270878dd0a

Download Submit
C:\Windows\System\qmwhjed.exe

Filesize
6.0MB

MD5
4ef03830f2827d1598ddc79211775a7f

SHA1
5dc08e08c5caaf92b3f1dd0c4c2da39d5cb60e0d

SHA256
43c3ccbeb678c9326866618f3c8f39817d043162b4a544a4a09d0af7cc72c234

SHA512
66a3b0f74b44a75861fdee8fa69b5d1b2a07fe449b6cae7b688b1e8a65110acd344d18e3e47bf407024197a23c7b2aefb9c641d4f81ec23a695aa75e218d677d

Download Submit
C:\Windows\System\rdXPeKS.exe

Filesize
6.0MB

MD5
594117a488d1b99261af3c2c63edbb43

SHA1
43ae81b4e69370f4127580d8100fd22ab5db7c09

SHA256
75b67548f9feeee1dbb66ea8db4cfba0212e593311def95b632d35c15e114aef

SHA512
483a31e84a463e9bcc8769a51d5f89be592e36854741620d9176aa3c3291292456a84fc790bab37d6ed97b500bd467740afb88cc72ae41c229fdf3594cbed75e

Download Submit
C:\Windows\System\tOUZFdt.exe

Filesize
6.0MB

MD5
15b9d998985b224681822d089a9d7805

SHA1
02b8d7e4d8c6391dc63511f02bae70e83af9ce37

SHA256
53b41f587ca3dc415adbe1461faadf96af7f662101c07e348d4f992e3185cf07

SHA512
55907e4ea3cf3887ca88b8c40fdabdc7184f2869b14ce07d40155460c2d7a74d064db569454f5a55eedf2ea4c3a09c63881f44f8f47bad21f82501bc04ed6492

Download Submit
C:\Windows\System\zFiSytA.exe

Filesize
6.0MB

MD5
cd6ec1d8da5a176590f16d94cc8d4a99

SHA1
58515e9fdc3d64f4e2afc2909d0c365ccc1edd63

SHA256
e02bf3f84ebfb2d49712dae45d78af1faa9ba40814108b7880927a148955f9bf

SHA512
93524506a3864fe8cfe49eb786a4736188721e0d8e99ecf87263f1b12e4dc18b99d1e267525eb7f1d013323b1e7348c322b18f121fd512ade48c4ce16425f9f6

Download Submit
memory/112-878-0x00007FF656BD0000-0x00007FF656F24000-memory.dmp

Filesize
3.3MB

Download
memory/112-1601-0x00007FF656BD0000-0x00007FF656F24000-memory.dmp

Filesize
3.3MB

Download
memory/384-886-0x00007FF6CF450000-0x00007FF6CF7A4000-memory.dmp

Filesize
3.3MB

Download
memory/384-1617-0x00007FF6CF450000-0x00007FF6CF7A4000-memory.dmp

Filesize
3.3MB

Download
memory/396-908-0x00007FF6E87D0000-0x00007FF6E8B24000-memory.dmp

Filesize
3.3MB

Download
memory/396-1636-0x00007FF6E87D0000-0x00007FF6E8B24000-memory.dmp

Filesize
3.3MB

Download
memory/432-877-0x00007FF7F38E0000-0x00007FF7F3C34000-memory.dmp

Filesize
3.3MB

Download
memory/432-1603-0x00007FF7F38E0000-0x00007FF7F3C34000-memory.dmp

Filesize
3.3MB

Download
memory/524-874-0x00007FF7BC4E0000-0x00007FF7BC834000-memory.dmp

Filesize
3.3MB

Download
memory/524-1594-0x00007FF7BC4E0000-0x00007FF7BC834000-memory.dmp

Filesize
3.3MB

Download
memory/712-873-0x00007FF733750000-0x00007FF733AA4000-memory.dmp

Filesize
3.3MB

Download
memory/712-1589-0x00007FF733750000-0x00007FF733AA4000-memory.dmp

Filesize
3.3MB

Download
memory/1780-1161-0x00007FF633EE0000-0x00007FF634234000-memory.dmp

Filesize
3.3MB

Download
memory/1780-1562-0x00007FF633EE0000-0x00007FF634234000-memory.dmp

Filesize
3.3MB

Download
memory/1780-12-0x00007FF633EE0000-0x00007FF634234000-memory.dmp

Filesize
3.3MB

Download
memory/1944-900-0x00007FF660690000-0x00007FF6609E4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-1627-0x00007FF660690000-0x00007FF6609E4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-887-0x00007FF73D310000-0x00007FF73D664000-memory.dmp

Filesize
3.3MB

Download
memory/2004-1616-0x00007FF73D310000-0x00007FF73D664000-memory.dmp

Filesize
3.3MB

Download
memory/2380-31-0x00007FF76A960000-0x00007FF76ACB4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1571-0x00007FF76A960000-0x00007FF76ACB4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-892-0x00007FF626230000-0x00007FF626584000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1619-0x00007FF626230000-0x00007FF626584000-memory.dmp

Filesize
3.3MB

Download
memory/2536-1604-0x00007FF7136D0000-0x00007FF713A24000-memory.dmp

Filesize
3.3MB

Download
memory/2536-876-0x00007FF7136D0000-0x00007FF713A24000-memory.dmp

Filesize
3.3MB

Download
memory/2768-6-0x00007FF743AF0000-0x00007FF743E44000-memory.dmp

Filesize
3.3MB

Download
memory/2768-1118-0x00007FF743AF0000-0x00007FF743E44000-memory.dmp

Filesize
3.3MB

Download
memory/2768-1556-0x00007FF743AF0000-0x00007FF743E44000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1629-0x00007FF6E9E80000-0x00007FF6EA1D4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-901-0x00007FF6E9E80000-0x00007FF6EA1D4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-1599-0x00007FF7EBFE0000-0x00007FF7EC334000-memory.dmp

Filesize
3.3MB

Download
memory/2880-891-0x00007FF7EBFE0000-0x00007FF7EC334000-memory.dmp

Filesize
3.3MB

Download
memory/2924-1598-0x00007FF721D30000-0x00007FF722084000-memory.dmp

Filesize
3.3MB

Download
memory/2924-884-0x00007FF721D30000-0x00007FF722084000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1622-0x00007FF62B910000-0x00007FF62BC64000-memory.dmp

Filesize
3.3MB

Download
memory/3028-894-0x00007FF62B910000-0x00007FF62BC64000-memory.dmp

Filesize
3.3MB

Download
memory/3084-1575-0x00007FF6F0000000-0x00007FF6F0354000-memory.dmp

Filesize
3.3MB

Download
memory/3084-867-0x00007FF6F0000000-0x00007FF6F0354000-memory.dmp

Filesize
3.3MB

Download
memory/3196-1608-0x00007FF6177D0000-0x00007FF617B24000-memory.dmp

Filesize
3.3MB

Download
memory/3196-880-0x00007FF6177D0000-0x00007FF617B24000-memory.dmp

Filesize
3.3MB

Download
memory/3356-893-0x00007FF6EFD10000-0x00007FF6F0064000-memory.dmp

Filesize
3.3MB

Download
memory/3356-1618-0x00007FF6EFD10000-0x00007FF6F0064000-memory.dmp

Filesize
3.3MB

Download
memory/3628-888-0x00007FF795EB0000-0x00007FF796204000-memory.dmp

Filesize
3.3MB

Download
memory/3628-1612-0x00007FF795EB0000-0x00007FF796204000-memory.dmp

Filesize
3.3MB

Download
memory/3656-1613-0x00007FF7A0270000-0x00007FF7A05C4000-memory.dmp

Filesize
3.3MB

Download
memory/3656-883-0x00007FF7A0270000-0x00007FF7A05C4000-memory.dmp

Filesize
3.3MB

Download
memory/3660-1606-0x00007FF6AE7C0000-0x00007FF6AEB14000-memory.dmp

Filesize
3.3MB

Download
memory/3660-875-0x00007FF6AE7C0000-0x00007FF6AEB14000-memory.dmp

Filesize
3.3MB

Download
memory/3952-0-0x00007FF6E2670000-0x00007FF6E29C4000-memory.dmp

Filesize
3.3MB

Download
memory/3952-1-0x000001B19BDC0000-0x000001B19BDD0000-memory.dmp

Filesize
64KB

Download
memory/3952-1064-0x00007FF6E2670000-0x00007FF6E29C4000-memory.dmp

Filesize
3.3MB

Download
memory/4280-19-0x00007FF693910000-0x00007FF693C64000-memory.dmp

Filesize
3.3MB

Download
memory/4280-1567-0x00007FF693910000-0x00007FF693C64000-memory.dmp

Filesize
3.3MB

Download
memory/4280-1211-0x00007FF693910000-0x00007FF693C64000-memory.dmp

Filesize
3.3MB

Download
memory/4644-879-0x00007FF63ECC0000-0x00007FF63F014000-memory.dmp

Filesize
3.3MB

Download
memory/4644-1609-0x00007FF63ECC0000-0x00007FF63F014000-memory.dmp

Filesize
3.3MB

Download
memory/4916-1626-0x00007FF6D78B0000-0x00007FF6D7C04000-memory.dmp

Filesize
3.3MB

Download
memory/4916-899-0x00007FF6D78B0000-0x00007FF6D7C04000-memory.dmp

Filesize
3.3MB

Download
memory/5052-1581-0x00007FF71E400000-0x00007FF71E754000-memory.dmp

Filesize
3.3MB

Download
memory/5052-909-0x00007FF71E400000-0x00007FF71E754000-memory.dmp

Filesize
3.3MB

Download
memory/5068-1584-0x00007FF6E97F0000-0x00007FF6E9B44000-memory.dmp

Filesize
3.3MB

Download
memory/5068-872-0x00007FF6E97F0000-0x00007FF6E9B44000-memory.dmp

Filesize
3.3MB

Download
memory/5116-1630-0x00007FF752000000-0x00007FF752354000-memory.dmp

Filesize
3.3MB

Download
memory/5116-896-0x00007FF752000000-0x00007FF752354000-memory.dmp

Filesize
3.3MB

Download