cobaltstrike | f564258170d521ae7da9d985b3b9bb424cee9344ae52dc14b1fb9265f6e73e5d

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 02:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

9cfa94bd24774e685e905e745c5fed7d
SHA1

a4b24dfeb6d5e901a0ac38936ce7a52d697f12da
SHA256

f564258170d521ae7da9d985b3b9bb424cee9344ae52dc14b1fb9265f6e73e5d
SHA512

fa3511e95535bdad9a0f2004292c1762eecb5959bccb849e9fdc0a48a2cc0c24c8be33b67eabc27e950a79550c3990b04b33d219710d3c2a0aba2ac2fd805683
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU9:T+q56utgpPF8u/79

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\System\DKfQLIs.exe	cobalt_reflective_dll
C:\Windows\System\dUyUPTR.exe	cobalt_reflective_dll
C:\Windows\System\ChJZsDO.exe	cobalt_reflective_dll
C:\Windows\System\lcdSIoo.exe	cobalt_reflective_dll
C:\Windows\System\Ewqdlwm.exe	cobalt_reflective_dll
C:\Windows\System\gIGmDgl.exe	cobalt_reflective_dll
C:\Windows\System\lNSzAzH.exe	cobalt_reflective_dll
C:\Windows\System\GgfGGuM.exe	cobalt_reflective_dll
C:\Windows\System\VeCDXnl.exe	cobalt_reflective_dll
C:\Windows\System\mKeVUrm.exe	cobalt_reflective_dll
C:\Windows\System\SPduStP.exe	cobalt_reflective_dll
C:\Windows\System\JEZgzsR.exe	cobalt_reflective_dll
C:\Windows\System\xxpEoBl.exe	cobalt_reflective_dll
C:\Windows\System\IAMMPVq.exe	cobalt_reflective_dll
C:\Windows\System\lcTBgVl.exe	cobalt_reflective_dll
C:\Windows\System\fhTjXKt.exe	cobalt_reflective_dll
C:\Windows\System\PykkmsO.exe	cobalt_reflective_dll
C:\Windows\System\YfBPAnO.exe	cobalt_reflective_dll
C:\Windows\System\wkROMlX.exe	cobalt_reflective_dll
C:\Windows\System\lSapvyl.exe	cobalt_reflective_dll
C:\Windows\System\dtRWbkt.exe	cobalt_reflective_dll
C:\Windows\System\CBhiwKu.exe	cobalt_reflective_dll
C:\Windows\System\EXnqMPg.exe	cobalt_reflective_dll
C:\Windows\System\EDZOOXJ.exe	cobalt_reflective_dll
C:\Windows\System\vgGZkpr.exe	cobalt_reflective_dll
C:\Windows\System\accbFuh.exe	cobalt_reflective_dll
C:\Windows\System\FQSclvV.exe	cobalt_reflective_dll
C:\Windows\System\oZISMTi.exe	cobalt_reflective_dll
C:\Windows\System\VNvcWrn.exe	cobalt_reflective_dll
C:\Windows\System\vAcOXYA.exe	cobalt_reflective_dll
C:\Windows\System\abDKhTT.exe	cobalt_reflective_dll
C:\Windows\System\TvniZfc.exe	cobalt_reflective_dll
C:\Windows\System\MBqADvZ.exe	cobalt_reflective_dll
C:\Windows\System\ToSXdvO.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/4036-0-0x00007FF78EDD0000-0x00007FF78F124000-memory.dmp	xmrig
C:\Windows\System\DKfQLIs.exe	xmrig
C:\Windows\System\dUyUPTR.exe	xmrig
behavioral2/memory/1904-9-0x00007FF6E29C0000-0x00007FF6E2D14000-memory.dmp	xmrig
C:\Windows\System\ChJZsDO.exe	xmrig
C:\Windows\System\lcdSIoo.exe	xmrig
C:\Windows\System\Ewqdlwm.exe	xmrig
behavioral2/memory/2036-34-0x00007FF7A3CF0000-0x00007FF7A4044000-memory.dmp	xmrig
C:\Windows\System\gIGmDgl.exe	xmrig
C:\Windows\System\lNSzAzH.exe	xmrig
C:\Windows\System\GgfGGuM.exe	xmrig
C:\Windows\System\VeCDXnl.exe	xmrig
C:\Windows\System\mKeVUrm.exe	xmrig
C:\Windows\System\SPduStP.exe	xmrig
behavioral2/memory/3640-94-0x00007FF782450000-0x00007FF7827A4000-memory.dmp	xmrig
behavioral2/memory/4484-104-0x00007FF6CD0D0000-0x00007FF6CD424000-memory.dmp	xmrig
behavioral2/memory/4436-105-0x00007FF6ABC90000-0x00007FF6ABFE4000-memory.dmp	xmrig
behavioral2/memory/2308-103-0x00007FF693560000-0x00007FF6938B4000-memory.dmp	xmrig
C:\Windows\System\JEZgzsR.exe	xmrig
behavioral2/memory/4036-100-0x00007FF78EDD0000-0x00007FF78F124000-memory.dmp	xmrig
behavioral2/memory/4584-99-0x00007FF7BF0E0000-0x00007FF7BF434000-memory.dmp	xmrig
C:\Windows\System\xxpEoBl.exe	xmrig
C:\Windows\System\IAMMPVq.exe	xmrig
behavioral2/memory/4404-92-0x00007FF76BED0000-0x00007FF76C224000-memory.dmp	xmrig
behavioral2/memory/3828-84-0x00007FF6D9A40000-0x00007FF6D9D94000-memory.dmp	xmrig
behavioral2/memory/5064-81-0x00007FF792A80000-0x00007FF792DD4000-memory.dmp	xmrig
C:\Windows\System\lcTBgVl.exe	xmrig
C:\Windows\System\fhTjXKt.exe	xmrig
behavioral2/memory/2880-55-0x00007FF6B4290000-0x00007FF6B45E4000-memory.dmp	xmrig
behavioral2/memory/1972-54-0x00007FF7AB9A0000-0x00007FF7ABCF4000-memory.dmp	xmrig
behavioral2/memory/3272-46-0x00007FF722790000-0x00007FF722AE4000-memory.dmp	xmrig
behavioral2/memory/4536-33-0x00007FF714E60000-0x00007FF7151B4000-memory.dmp	xmrig
behavioral2/memory/1152-31-0x00007FF645940000-0x00007FF645C94000-memory.dmp	xmrig
behavioral2/memory/1452-25-0x00007FF65BCE0000-0x00007FF65C034000-memory.dmp	xmrig
C:\Windows\System\PykkmsO.exe	xmrig
behavioral2/memory/1424-14-0x00007FF763E60000-0x00007FF7641B4000-memory.dmp	xmrig
behavioral2/memory/1904-109-0x00007FF6E29C0000-0x00007FF6E2D14000-memory.dmp	xmrig
C:\Windows\System\YfBPAnO.exe	xmrig
C:\Windows\System\wkROMlX.exe	xmrig
behavioral2/memory/1152-120-0x00007FF645940000-0x00007FF645C94000-memory.dmp	xmrig
C:\Windows\System\lSapvyl.exe	xmrig
C:\Windows\System\dtRWbkt.exe	xmrig
behavioral2/memory/1616-149-0x00007FF6263E0000-0x00007FF626734000-memory.dmp	xmrig
behavioral2/memory/1972-155-0x00007FF7AB9A0000-0x00007FF7ABCF4000-memory.dmp	xmrig
behavioral2/memory/2848-159-0x00007FF6A1A90000-0x00007FF6A1DE4000-memory.dmp	xmrig
C:\Windows\System\CBhiwKu.exe	xmrig
behavioral2/memory/2560-156-0x00007FF6677D0000-0x00007FF667B24000-memory.dmp	xmrig
C:\Windows\System\EXnqMPg.exe	xmrig
behavioral2/memory/2036-150-0x00007FF7A3CF0000-0x00007FF7A4044000-memory.dmp	xmrig
behavioral2/memory/932-145-0x00007FF7DDCE0000-0x00007FF7DE034000-memory.dmp	xmrig
C:\Windows\System\EDZOOXJ.exe	xmrig
C:\Windows\System\vgGZkpr.exe	xmrig
behavioral2/memory/4084-137-0x00007FF76CCF0000-0x00007FF76D044000-memory.dmp	xmrig
behavioral2/memory/2856-131-0x00007FF6D1BB0000-0x00007FF6D1F04000-memory.dmp	xmrig
behavioral2/memory/4536-130-0x00007FF714E60000-0x00007FF7151B4000-memory.dmp	xmrig
behavioral2/memory/1564-125-0x00007FF6DB400000-0x00007FF6DB754000-memory.dmp	xmrig
behavioral2/memory/1452-116-0x00007FF65BCE0000-0x00007FF65C034000-memory.dmp	xmrig
behavioral2/memory/4832-114-0x00007FF706140000-0x00007FF706494000-memory.dmp	xmrig
behavioral2/memory/1424-110-0x00007FF763E60000-0x00007FF7641B4000-memory.dmp	xmrig
behavioral2/memory/3272-161-0x00007FF722790000-0x00007FF722AE4000-memory.dmp	xmrig
behavioral2/memory/2880-169-0x00007FF6B4290000-0x00007FF6B45E4000-memory.dmp	xmrig
C:\Windows\System\accbFuh.exe	xmrig
behavioral2/memory/4816-180-0x00007FF632060000-0x00007FF6323B4000-memory.dmp	xmrig
C:\Windows\System\FQSclvV.exe	xmrig

Executes dropped EXE 64 IoCs

Processes:

DKfQLIs.exedUyUPTR.exePykkmsO.exelcdSIoo.exeChJZsDO.exeEwqdlwm.exegIGmDgl.exefhTjXKt.exelcTBgVl.exelNSzAzH.exeGgfGGuM.exeVeCDXnl.exeSPduStP.exemKeVUrm.exeIAMMPVq.exexxpEoBl.exeJEZgzsR.exeYfBPAnO.exewkROMlX.exevgGZkpr.exeEDZOOXJ.exelSapvyl.exeEXnqMPg.exedtRWbkt.exeCBhiwKu.exeaccbFuh.exeMBqADvZ.exeToSXdvO.exeFQSclvV.exeTvniZfc.exeabDKhTT.exevAcOXYA.exeoZISMTi.exeVNvcWrn.exeMTbTvKa.exebPdzUUB.exeJGbNuRH.exekjlmASd.exexreGLip.exeYrnNsmH.exePCwGvzc.exenwPeDRE.exeWCFUjwW.exeaQhlSIq.exeAKYIUXu.exefxHBCLi.exezcLHchs.exeTcBUQCb.exenJUBIrL.exelMVvyGN.exeFPpAdYQ.exeQudblTt.exeqlBHbhG.exeNnOgpQa.exeOnFSEIn.exekklpmoQ.exeIcOUSQn.exefwweuUl.exeKYetaAm.exevFNUWsQ.exegNAPwUu.exeRRjPCAe.exelpcPzes.exeZpTuEVk.exe

pid	process
1904	DKfQLIs.exe
1424	dUyUPTR.exe
1452	PykkmsO.exe
1152	lcdSIoo.exe
4536	ChJZsDO.exe
2036	Ewqdlwm.exe
3272	gIGmDgl.exe
1972	fhTjXKt.exe
5064	lcTBgVl.exe
2880	lNSzAzH.exe
3828	GgfGGuM.exe
2308	VeCDXnl.exe
4484	SPduStP.exe
4404	mKeVUrm.exe
3640	IAMMPVq.exe
4584	xxpEoBl.exe
4436	JEZgzsR.exe
4832	YfBPAnO.exe
1564	wkROMlX.exe
2856	vgGZkpr.exe
4084	EDZOOXJ.exe
932	lSapvyl.exe
2560	EXnqMPg.exe
1616	dtRWbkt.exe
2848	CBhiwKu.exe
4816	accbFuh.exe
1104	MBqADvZ.exe
4388	ToSXdvO.exe
1664	FQSclvV.exe
2896	TvniZfc.exe
1016	abDKhTT.exe
5080	vAcOXYA.exe
2604	oZISMTi.exe
2432	VNvcWrn.exe
3968	MTbTvKa.exe
3948	bPdzUUB.exe
4384	JGbNuRH.exe
3764	kjlmASd.exe
2024	xreGLip.exe
396	YrnNsmH.exe
3236	PCwGvzc.exe
1068	nwPeDRE.exe
4228	WCFUjwW.exe
3468	aQhlSIq.exe
2920	AKYIUXu.exe
5000	fxHBCLi.exe
436	zcLHchs.exe
3472	TcBUQCb.exe
552	nJUBIrL.exe
4500	lMVvyGN.exe
4052	FPpAdYQ.exe
3224	QudblTt.exe
3532	qlBHbhG.exe
3024	NnOgpQa.exe
1772	OnFSEIn.exe
3040	kklpmoQ.exe
3604	IcOUSQn.exe
4920	fwweuUl.exe
3592	KYetaAm.exe
4332	vFNUWsQ.exe
184	gNAPwUu.exe
2924	RRjPCAe.exe
1164	lpcPzes.exe
3324	ZpTuEVk.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4036-0-0x00007FF78EDD0000-0x00007FF78F124000-memory.dmp	upx
C:\Windows\System\DKfQLIs.exe	upx
C:\Windows\System\dUyUPTR.exe	upx
behavioral2/memory/1904-9-0x00007FF6E29C0000-0x00007FF6E2D14000-memory.dmp	upx
C:\Windows\System\ChJZsDO.exe	upx
C:\Windows\System\lcdSIoo.exe	upx
C:\Windows\System\Ewqdlwm.exe	upx
behavioral2/memory/2036-34-0x00007FF7A3CF0000-0x00007FF7A4044000-memory.dmp	upx
C:\Windows\System\gIGmDgl.exe	upx
C:\Windows\System\lNSzAzH.exe	upx
C:\Windows\System\GgfGGuM.exe	upx
C:\Windows\System\VeCDXnl.exe	upx
C:\Windows\System\mKeVUrm.exe	upx
C:\Windows\System\SPduStP.exe	upx
behavioral2/memory/3640-94-0x00007FF782450000-0x00007FF7827A4000-memory.dmp	upx
behavioral2/memory/4484-104-0x00007FF6CD0D0000-0x00007FF6CD424000-memory.dmp	upx
behavioral2/memory/4436-105-0x00007FF6ABC90000-0x00007FF6ABFE4000-memory.dmp	upx
behavioral2/memory/2308-103-0x00007FF693560000-0x00007FF6938B4000-memory.dmp	upx
C:\Windows\System\JEZgzsR.exe	upx
behavioral2/memory/4036-100-0x00007FF78EDD0000-0x00007FF78F124000-memory.dmp	upx
behavioral2/memory/4584-99-0x00007FF7BF0E0000-0x00007FF7BF434000-memory.dmp	upx
C:\Windows\System\xxpEoBl.exe	upx
C:\Windows\System\IAMMPVq.exe	upx
behavioral2/memory/4404-92-0x00007FF76BED0000-0x00007FF76C224000-memory.dmp	upx
behavioral2/memory/3828-84-0x00007FF6D9A40000-0x00007FF6D9D94000-memory.dmp	upx
behavioral2/memory/5064-81-0x00007FF792A80000-0x00007FF792DD4000-memory.dmp	upx
C:\Windows\System\lcTBgVl.exe	upx
C:\Windows\System\fhTjXKt.exe	upx
behavioral2/memory/2880-55-0x00007FF6B4290000-0x00007FF6B45E4000-memory.dmp	upx
behavioral2/memory/1972-54-0x00007FF7AB9A0000-0x00007FF7ABCF4000-memory.dmp	upx
behavioral2/memory/3272-46-0x00007FF722790000-0x00007FF722AE4000-memory.dmp	upx
behavioral2/memory/4536-33-0x00007FF714E60000-0x00007FF7151B4000-memory.dmp	upx
behavioral2/memory/1152-31-0x00007FF645940000-0x00007FF645C94000-memory.dmp	upx
behavioral2/memory/1452-25-0x00007FF65BCE0000-0x00007FF65C034000-memory.dmp	upx
C:\Windows\System\PykkmsO.exe	upx
behavioral2/memory/1424-14-0x00007FF763E60000-0x00007FF7641B4000-memory.dmp	upx
behavioral2/memory/1904-109-0x00007FF6E29C0000-0x00007FF6E2D14000-memory.dmp	upx
C:\Windows\System\YfBPAnO.exe	upx
C:\Windows\System\wkROMlX.exe	upx
behavioral2/memory/1152-120-0x00007FF645940000-0x00007FF645C94000-memory.dmp	upx
C:\Windows\System\lSapvyl.exe	upx
C:\Windows\System\dtRWbkt.exe	upx
behavioral2/memory/1616-149-0x00007FF6263E0000-0x00007FF626734000-memory.dmp	upx
behavioral2/memory/1972-155-0x00007FF7AB9A0000-0x00007FF7ABCF4000-memory.dmp	upx
behavioral2/memory/2848-159-0x00007FF6A1A90000-0x00007FF6A1DE4000-memory.dmp	upx
C:\Windows\System\CBhiwKu.exe	upx
behavioral2/memory/2560-156-0x00007FF6677D0000-0x00007FF667B24000-memory.dmp	upx
C:\Windows\System\EXnqMPg.exe	upx
behavioral2/memory/2036-150-0x00007FF7A3CF0000-0x00007FF7A4044000-memory.dmp	upx
behavioral2/memory/932-145-0x00007FF7DDCE0000-0x00007FF7DE034000-memory.dmp	upx
C:\Windows\System\EDZOOXJ.exe	upx
C:\Windows\System\vgGZkpr.exe	upx
behavioral2/memory/4084-137-0x00007FF76CCF0000-0x00007FF76D044000-memory.dmp	upx
behavioral2/memory/2856-131-0x00007FF6D1BB0000-0x00007FF6D1F04000-memory.dmp	upx
behavioral2/memory/4536-130-0x00007FF714E60000-0x00007FF7151B4000-memory.dmp	upx
behavioral2/memory/1564-125-0x00007FF6DB400000-0x00007FF6DB754000-memory.dmp	upx
behavioral2/memory/1452-116-0x00007FF65BCE0000-0x00007FF65C034000-memory.dmp	upx
behavioral2/memory/4832-114-0x00007FF706140000-0x00007FF706494000-memory.dmp	upx
behavioral2/memory/1424-110-0x00007FF763E60000-0x00007FF7641B4000-memory.dmp	upx
behavioral2/memory/3272-161-0x00007FF722790000-0x00007FF722AE4000-memory.dmp	upx
behavioral2/memory/2880-169-0x00007FF6B4290000-0x00007FF6B45E4000-memory.dmp	upx
C:\Windows\System\accbFuh.exe	upx
behavioral2/memory/4816-180-0x00007FF632060000-0x00007FF6323B4000-memory.dmp	upx
C:\Windows\System\FQSclvV.exe	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\RRjPCAe.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXnLniI.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\orwgGkc.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aJRllBM.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpDGyCN.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Mixuuyy.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hbNjMkm.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Qqgvxyl.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cuCmvmV.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nTphkHm.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GBCxUcG.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tCkPdRJ.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pClVCHs.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvQiqtj.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\unvRiKX.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCZATjq.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JFgPbXR.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZzuwqKl.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HDyonhd.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UIEGOpj.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWsjquD.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fSwazCi.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hYsNhdc.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUrIepf.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MOSaaSS.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JSuODOX.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhYQYzr.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFaEegb.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sbgQLrA.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XxnrZIQ.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YpIanHf.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qtqQgTB.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PJdVsZy.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUGeLLp.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMlJkZW.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IqkYIoY.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rWCfIGc.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SDPkIyK.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CdQTOmX.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XqtjUcJ.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tTRIjZU.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SZoapRq.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WFCAJxQ.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ChJZsDO.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WixEMaB.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XtsPmrp.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLOSBQB.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DFyAoru.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuCCZED.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRIgviV.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\POTWDeU.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLTgDIC.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OoMjlQa.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dfRhMWS.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lTfVbtW.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HUqQSqr.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tZbqjLH.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sDDEIyt.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EfDXuse.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ExqdwtC.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SrzWzSY.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FQSclvV.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PIoIgtT.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OzHUTFH.exe	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 4036 wrote to memory of 1904	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	DKfQLIs.exe
PID 4036 wrote to memory of 1904	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	DKfQLIs.exe
PID 4036 wrote to memory of 1424	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	dUyUPTR.exe
PID 4036 wrote to memory of 1424	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	dUyUPTR.exe
PID 4036 wrote to memory of 1452	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	PykkmsO.exe
PID 4036 wrote to memory of 1452	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	PykkmsO.exe
PID 4036 wrote to memory of 1152	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	lcdSIoo.exe
PID 4036 wrote to memory of 1152	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	lcdSIoo.exe
PID 4036 wrote to memory of 4536	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	ChJZsDO.exe
PID 4036 wrote to memory of 4536	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	ChJZsDO.exe
PID 4036 wrote to memory of 2036	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	Ewqdlwm.exe
PID 4036 wrote to memory of 2036	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	Ewqdlwm.exe
PID 4036 wrote to memory of 3272	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	gIGmDgl.exe
PID 4036 wrote to memory of 3272	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	gIGmDgl.exe
PID 4036 wrote to memory of 5064	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	lcTBgVl.exe
PID 4036 wrote to memory of 5064	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	lcTBgVl.exe
PID 4036 wrote to memory of 1972	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	fhTjXKt.exe
PID 4036 wrote to memory of 1972	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	fhTjXKt.exe
PID 4036 wrote to memory of 2880	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	lNSzAzH.exe
PID 4036 wrote to memory of 2880	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	lNSzAzH.exe
PID 4036 wrote to memory of 3828	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	GgfGGuM.exe
PID 4036 wrote to memory of 3828	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	GgfGGuM.exe
PID 4036 wrote to memory of 2308	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	VeCDXnl.exe
PID 4036 wrote to memory of 2308	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	VeCDXnl.exe
PID 4036 wrote to memory of 4584	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	xxpEoBl.exe
PID 4036 wrote to memory of 4584	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	xxpEoBl.exe
PID 4036 wrote to memory of 4484	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	SPduStP.exe
PID 4036 wrote to memory of 4484	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	SPduStP.exe
PID 4036 wrote to memory of 4404	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	mKeVUrm.exe
PID 4036 wrote to memory of 4404	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	mKeVUrm.exe
PID 4036 wrote to memory of 3640	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	IAMMPVq.exe
PID 4036 wrote to memory of 3640	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	IAMMPVq.exe
PID 4036 wrote to memory of 4436	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	JEZgzsR.exe
PID 4036 wrote to memory of 4436	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	JEZgzsR.exe
PID 4036 wrote to memory of 4832	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	YfBPAnO.exe
PID 4036 wrote to memory of 4832	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	YfBPAnO.exe
PID 4036 wrote to memory of 2856	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	vgGZkpr.exe
PID 4036 wrote to memory of 2856	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	vgGZkpr.exe
PID 4036 wrote to memory of 1564	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	wkROMlX.exe
PID 4036 wrote to memory of 1564	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	wkROMlX.exe
PID 4036 wrote to memory of 4084	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	EDZOOXJ.exe
PID 4036 wrote to memory of 4084	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	EDZOOXJ.exe
PID 4036 wrote to memory of 932	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	lSapvyl.exe
PID 4036 wrote to memory of 932	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	lSapvyl.exe
PID 4036 wrote to memory of 2560	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	EXnqMPg.exe
PID 4036 wrote to memory of 2560	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	EXnqMPg.exe
PID 4036 wrote to memory of 1616	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	dtRWbkt.exe
PID 4036 wrote to memory of 1616	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	dtRWbkt.exe
PID 4036 wrote to memory of 2848	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	CBhiwKu.exe
PID 4036 wrote to memory of 2848	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	CBhiwKu.exe
PID 4036 wrote to memory of 4816	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	accbFuh.exe
PID 4036 wrote to memory of 4816	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	accbFuh.exe
PID 4036 wrote to memory of 1104	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	MBqADvZ.exe
PID 4036 wrote to memory of 1104	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	MBqADvZ.exe
PID 4036 wrote to memory of 4388	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	ToSXdvO.exe
PID 4036 wrote to memory of 4388	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	ToSXdvO.exe
PID 4036 wrote to memory of 1664	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	FQSclvV.exe
PID 4036 wrote to memory of 1664	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	FQSclvV.exe
PID 4036 wrote to memory of 2896	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	TvniZfc.exe
PID 4036 wrote to memory of 2896	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	TvniZfc.exe
PID 4036 wrote to memory of 5080	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	vAcOXYA.exe
PID 4036 wrote to memory of 5080	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	vAcOXYA.exe
PID 4036 wrote to memory of 1016	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	abDKhTT.exe
PID 4036 wrote to memory of 1016	4036	2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe	abDKhTT.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_9cfa94bd24774e685e905e745c5fed7d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Windows\System\DKfQLIs.exe
  C:\Windows\System\DKfQLIs.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\dUyUPTR.exe
  C:\Windows\System\dUyUPTR.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\PykkmsO.exe
  C:\Windows\System\PykkmsO.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\lcdSIoo.exe
  C:\Windows\System\lcdSIoo.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\ChJZsDO.exe
  C:\Windows\System\ChJZsDO.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\Ewqdlwm.exe
  C:\Windows\System\Ewqdlwm.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\gIGmDgl.exe
  C:\Windows\System\gIGmDgl.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\lcTBgVl.exe
  C:\Windows\System\lcTBgVl.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\fhTjXKt.exe
  C:\Windows\System\fhTjXKt.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\lNSzAzH.exe
  C:\Windows\System\lNSzAzH.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\GgfGGuM.exe
  C:\Windows\System\GgfGGuM.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\VeCDXnl.exe
  C:\Windows\System\VeCDXnl.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\xxpEoBl.exe
  C:\Windows\System\xxpEoBl.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\SPduStP.exe
  C:\Windows\System\SPduStP.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\mKeVUrm.exe
  C:\Windows\System\mKeVUrm.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\IAMMPVq.exe
  C:\Windows\System\IAMMPVq.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\JEZgzsR.exe
  C:\Windows\System\JEZgzsR.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\YfBPAnO.exe
  C:\Windows\System\YfBPAnO.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\vgGZkpr.exe
  C:\Windows\System\vgGZkpr.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\wkROMlX.exe
  C:\Windows\System\wkROMlX.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\EDZOOXJ.exe
  C:\Windows\System\EDZOOXJ.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\lSapvyl.exe
  C:\Windows\System\lSapvyl.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\EXnqMPg.exe
  C:\Windows\System\EXnqMPg.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\dtRWbkt.exe
  C:\Windows\System\dtRWbkt.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\CBhiwKu.exe
  C:\Windows\System\CBhiwKu.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\accbFuh.exe
  C:\Windows\System\accbFuh.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\MBqADvZ.exe
  C:\Windows\System\MBqADvZ.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\ToSXdvO.exe
  C:\Windows\System\ToSXdvO.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\FQSclvV.exe
  C:\Windows\System\FQSclvV.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\TvniZfc.exe
  C:\Windows\System\TvniZfc.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\vAcOXYA.exe
  C:\Windows\System\vAcOXYA.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\abDKhTT.exe
  C:\Windows\System\abDKhTT.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\oZISMTi.exe
  C:\Windows\System\oZISMTi.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\VNvcWrn.exe
  C:\Windows\System\VNvcWrn.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\MTbTvKa.exe
  C:\Windows\System\MTbTvKa.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\bPdzUUB.exe
  C:\Windows\System\bPdzUUB.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\JGbNuRH.exe
  C:\Windows\System\JGbNuRH.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\kjlmASd.exe
  C:\Windows\System\kjlmASd.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\xreGLip.exe
  C:\Windows\System\xreGLip.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\YrnNsmH.exe
  C:\Windows\System\YrnNsmH.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\PCwGvzc.exe
  C:\Windows\System\PCwGvzc.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\nwPeDRE.exe
  C:\Windows\System\nwPeDRE.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\WCFUjwW.exe
  C:\Windows\System\WCFUjwW.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\aQhlSIq.exe
  C:\Windows\System\aQhlSIq.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\AKYIUXu.exe
  C:\Windows\System\AKYIUXu.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\fxHBCLi.exe
  C:\Windows\System\fxHBCLi.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\zcLHchs.exe
  C:\Windows\System\zcLHchs.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\TcBUQCb.exe
  C:\Windows\System\TcBUQCb.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\nJUBIrL.exe
  C:\Windows\System\nJUBIrL.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\lMVvyGN.exe
  C:\Windows\System\lMVvyGN.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\FPpAdYQ.exe
  C:\Windows\System\FPpAdYQ.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\QudblTt.exe
  C:\Windows\System\QudblTt.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\qlBHbhG.exe
  C:\Windows\System\qlBHbhG.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\NnOgpQa.exe
  C:\Windows\System\NnOgpQa.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\OnFSEIn.exe
  C:\Windows\System\OnFSEIn.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\kklpmoQ.exe
  C:\Windows\System\kklpmoQ.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\IcOUSQn.exe
  C:\Windows\System\IcOUSQn.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\fwweuUl.exe
  C:\Windows\System\fwweuUl.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\KYetaAm.exe
  C:\Windows\System\KYetaAm.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\vFNUWsQ.exe
  C:\Windows\System\vFNUWsQ.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\gNAPwUu.exe
  C:\Windows\System\gNAPwUu.exe
  2⤵
  - Executes dropped EXE
  PID:184
- C:\Windows\System\RRjPCAe.exe
  C:\Windows\System\RRjPCAe.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\lpcPzes.exe
  C:\Windows\System\lpcPzes.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\ZpTuEVk.exe
  C:\Windows\System\ZpTuEVk.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System\UtVzPHw.exe
  C:\Windows\System\UtVzPHw.exe
  2⤵
  PID:1244
- C:\Windows\System\TjTYxKn.exe
  C:\Windows\System\TjTYxKn.exe
  2⤵
  PID:2636
- C:\Windows\System\OjVpLzk.exe
  C:\Windows\System\OjVpLzk.exe
  2⤵
  PID:4424
- C:\Windows\System\jLarNaG.exe
  C:\Windows\System\jLarNaG.exe
  2⤵
  PID:2344
- C:\Windows\System\beSsyAN.exe
  C:\Windows\System\beSsyAN.exe
  2⤵
  PID:1464
- C:\Windows\System\iPcNsxO.exe
  C:\Windows\System\iPcNsxO.exe
  2⤵
  PID:2608
- C:\Windows\System\bmGrqQu.exe
  C:\Windows\System\bmGrqQu.exe
  2⤵
  PID:4696
- C:\Windows\System\LitipMV.exe
  C:\Windows\System\LitipMV.exe
  2⤵
  PID:4256
- C:\Windows\System\OpCdoHP.exe
  C:\Windows\System\OpCdoHP.exe
  2⤵
  PID:2084
- C:\Windows\System\AKNiiWQ.exe
  C:\Windows\System\AKNiiWQ.exe
  2⤵
  PID:5052
- C:\Windows\System\FNxYqnl.exe
  C:\Windows\System\FNxYqnl.exe
  2⤵
  PID:3392
- C:\Windows\System\IPYQoVA.exe
  C:\Windows\System\IPYQoVA.exe
  2⤵
  PID:3568
- C:\Windows\System\gZCyEiN.exe
  C:\Windows\System\gZCyEiN.exe
  2⤵
  PID:4496
- C:\Windows\System\kBavsfY.exe
  C:\Windows\System\kBavsfY.exe
  2⤵
  PID:2196
- C:\Windows\System\RNTqCfD.exe
  C:\Windows\System\RNTqCfD.exe
  2⤵
  PID:3648
- C:\Windows\System\gbybiPP.exe
  C:\Windows\System\gbybiPP.exe
  2⤵
  PID:2280
- C:\Windows\System\iZJuZVm.exe
  C:\Windows\System\iZJuZVm.exe
  2⤵
  PID:3760
- C:\Windows\System\gFinOVb.exe
  C:\Windows\System\gFinOVb.exe
  2⤵
  PID:5128
- C:\Windows\System\WixEMaB.exe
  C:\Windows\System\WixEMaB.exe
  2⤵
  PID:5160
- C:\Windows\System\nwGwJwr.exe
  C:\Windows\System\nwGwJwr.exe
  2⤵
  PID:5188
- C:\Windows\System\aGFRjul.exe
  C:\Windows\System\aGFRjul.exe
  2⤵
  PID:5212
- C:\Windows\System\GvNsHKE.exe
  C:\Windows\System\GvNsHKE.exe
  2⤵
  PID:5244
- C:\Windows\System\wkdTyPa.exe
  C:\Windows\System\wkdTyPa.exe
  2⤵
  PID:5276
- C:\Windows\System\kNobINQ.exe
  C:\Windows\System\kNobINQ.exe
  2⤵
  PID:5312
- C:\Windows\System\AzivgHJ.exe
  C:\Windows\System\AzivgHJ.exe
  2⤵
  PID:5344
- C:\Windows\System\jtBPFOS.exe
  C:\Windows\System\jtBPFOS.exe
  2⤵
  PID:5368
- C:\Windows\System\ShdCJhB.exe
  C:\Windows\System\ShdCJhB.exe
  2⤵
  PID:5396
- C:\Windows\System\OYWYBEC.exe
  C:\Windows\System\OYWYBEC.exe
  2⤵
  PID:5420
- C:\Windows\System\uGrDZUn.exe
  C:\Windows\System\uGrDZUn.exe
  2⤵
  PID:5456
- C:\Windows\System\VUHUDxK.exe
  C:\Windows\System\VUHUDxK.exe
  2⤵
  PID:5484
- C:\Windows\System\BGMGLCc.exe
  C:\Windows\System\BGMGLCc.exe
  2⤵
  PID:5520
- C:\Windows\System\XfcciTG.exe
  C:\Windows\System\XfcciTG.exe
  2⤵
  PID:5540
- C:\Windows\System\GTQeGpB.exe
  C:\Windows\System\GTQeGpB.exe
  2⤵
  PID:5568
- C:\Windows\System\NXnLniI.exe
  C:\Windows\System\NXnLniI.exe
  2⤵
  PID:5600
- C:\Windows\System\tEhyrWb.exe
  C:\Windows\System\tEhyrWb.exe
  2⤵
  PID:5632
- C:\Windows\System\VFwlnCh.exe
  C:\Windows\System\VFwlnCh.exe
  2⤵
  PID:5664
- C:\Windows\System\BEgplQP.exe
  C:\Windows\System\BEgplQP.exe
  2⤵
  PID:5704
- C:\Windows\System\rEkblWz.exe
  C:\Windows\System\rEkblWz.exe
  2⤵
  PID:5760
- C:\Windows\System\qxZJGfl.exe
  C:\Windows\System\qxZJGfl.exe
  2⤵
  PID:5784
- C:\Windows\System\PIoIgtT.exe
  C:\Windows\System\PIoIgtT.exe
  2⤵
  PID:5812
- C:\Windows\System\YliqvWq.exe
  C:\Windows\System\YliqvWq.exe
  2⤵
  PID:5836
- C:\Windows\System\unvRiKX.exe
  C:\Windows\System\unvRiKX.exe
  2⤵
  PID:5876
- C:\Windows\System\oBfRsrg.exe
  C:\Windows\System\oBfRsrg.exe
  2⤵
  PID:5900
- C:\Windows\System\wdipDPR.exe
  C:\Windows\System\wdipDPR.exe
  2⤵
  PID:5932
- C:\Windows\System\lBncPAR.exe
  C:\Windows\System\lBncPAR.exe
  2⤵
  PID:5948
- C:\Windows\System\YvXFcqi.exe
  C:\Windows\System\YvXFcqi.exe
  2⤵
  PID:5992
- C:\Windows\System\maaRbcO.exe
  C:\Windows\System\maaRbcO.exe
  2⤵
  PID:6008
- C:\Windows\System\OVDDPDO.exe
  C:\Windows\System\OVDDPDO.exe
  2⤵
  PID:6048
- C:\Windows\System\kJpQEYW.exe
  C:\Windows\System\kJpQEYW.exe
  2⤵
  PID:6092
- C:\Windows\System\mddBLgV.exe
  C:\Windows\System\mddBLgV.exe
  2⤵
  PID:6140
- C:\Windows\System\dECpXBq.exe
  C:\Windows\System\dECpXBq.exe
  2⤵
  PID:5168
- C:\Windows\System\AkTyUJX.exe
  C:\Windows\System\AkTyUJX.exe
  2⤵
  PID:1620
- C:\Windows\System\bdtaRGr.exe
  C:\Windows\System\bdtaRGr.exe
  2⤵
  PID:5292
- C:\Windows\System\LDbpoTo.exe
  C:\Windows\System\LDbpoTo.exe
  2⤵
  PID:5376
- C:\Windows\System\EsWSylN.exe
  C:\Windows\System\EsWSylN.exe
  2⤵
  PID:5416
- C:\Windows\System\ljCIaZG.exe
  C:\Windows\System\ljCIaZG.exe
  2⤵
  PID:5504
- C:\Windows\System\mWekJeq.exe
  C:\Windows\System\mWekJeq.exe
  2⤵
  PID:5500
- C:\Windows\System\kWYCOSX.exe
  C:\Windows\System\kWYCOSX.exe
  2⤵
  PID:5616
- C:\Windows\System\QZNzksH.exe
  C:\Windows\System\QZNzksH.exe
  2⤵
  PID:5696
- C:\Windows\System\NlEsBWQ.exe
  C:\Windows\System\NlEsBWQ.exe
  2⤵
  PID:5768
- C:\Windows\System\LnYjgEk.exe
  C:\Windows\System\LnYjgEk.exe
  2⤵
  PID:5820
- C:\Windows\System\jXSrnzk.exe
  C:\Windows\System\jXSrnzk.exe
  2⤵
  PID:5908
- C:\Windows\System\HBccgAH.exe
  C:\Windows\System\HBccgAH.exe
  2⤵
  PID:4024
- C:\Windows\System\sbgQLrA.exe
  C:\Windows\System\sbgQLrA.exe
  2⤵
  PID:1668
- C:\Windows\System\KJWDuoh.exe
  C:\Windows\System\KJWDuoh.exe
  2⤵
  PID:6004
- C:\Windows\System\EhpYsBr.exe
  C:\Windows\System\EhpYsBr.exe
  2⤵
  PID:6088
- C:\Windows\System\EHVyhrg.exe
  C:\Windows\System\EHVyhrg.exe
  2⤵
  PID:2912
- C:\Windows\System\GXSlOnD.exe
  C:\Windows\System\GXSlOnD.exe
  2⤵
  PID:6112
- C:\Windows\System\byfnBhh.exe
  C:\Windows\System\byfnBhh.exe
  2⤵
  PID:5340
- C:\Windows\System\iTgjypm.exe
  C:\Windows\System\iTgjypm.exe
  2⤵
  PID:5532
- C:\Windows\System\PwrlhLy.exe
  C:\Windows\System\PwrlhLy.exe
  2⤵
  PID:3784
- C:\Windows\System\LWEbsKg.exe
  C:\Windows\System\LWEbsKg.exe
  2⤵
  PID:5828
- C:\Windows\System\GonkzHB.exe
  C:\Windows\System\GonkzHB.exe
  2⤵
  PID:5960
- C:\Windows\System\SKBpdeA.exe
  C:\Windows\System\SKBpdeA.exe
  2⤵
  PID:4288
- C:\Windows\System\wxbtMJv.exe
  C:\Windows\System\wxbtMJv.exe
  2⤵
  PID:6124
- C:\Windows\System\MckqpdL.exe
  C:\Windows\System\MckqpdL.exe
  2⤵
  PID:5552
- C:\Windows\System\vrPNRhn.exe
  C:\Windows\System\vrPNRhn.exe
  2⤵
  PID:1744
- C:\Windows\System\csRregd.exe
  C:\Windows\System\csRregd.exe
  2⤵
  PID:6064
- C:\Windows\System\gynUHav.exe
  C:\Windows\System\gynUHav.exe
  2⤵
  PID:3940
- C:\Windows\System\SZoapRq.exe
  C:\Windows\System\SZoapRq.exe
  2⤵
  PID:6152
- C:\Windows\System\jHvGVVD.exe
  C:\Windows\System\jHvGVVD.exe
  2⤵
  PID:6208
- C:\Windows\System\zFAfyIS.exe
  C:\Windows\System\zFAfyIS.exe
  2⤵
  PID:6284
- C:\Windows\System\QGEPczq.exe
  C:\Windows\System\QGEPczq.exe
  2⤵
  PID:6316
- C:\Windows\System\QgiAltX.exe
  C:\Windows\System\QgiAltX.exe
  2⤵
  PID:6348
- C:\Windows\System\OftnmtM.exe
  C:\Windows\System\OftnmtM.exe
  2⤵
  PID:6380
- C:\Windows\System\RdPGLEw.exe
  C:\Windows\System\RdPGLEw.exe
  2⤵
  PID:6412
- C:\Windows\System\YWBdQxw.exe
  C:\Windows\System\YWBdQxw.exe
  2⤵
  PID:6452
- C:\Windows\System\LwrUjYa.exe
  C:\Windows\System\LwrUjYa.exe
  2⤵
  PID:6488
- C:\Windows\System\oKiTqqN.exe
  C:\Windows\System\oKiTqqN.exe
  2⤵
  PID:6548
- C:\Windows\System\sIJzFKl.exe
  C:\Windows\System\sIJzFKl.exe
  2⤵
  PID:6576
- C:\Windows\System\PQkIDrn.exe
  C:\Windows\System\PQkIDrn.exe
  2⤵
  PID:6600
- C:\Windows\System\rcsvQMy.exe
  C:\Windows\System\rcsvQMy.exe
  2⤵
  PID:6628
- C:\Windows\System\rndFnVc.exe
  C:\Windows\System\rndFnVc.exe
  2⤵
  PID:6672
- C:\Windows\System\hecoPGc.exe
  C:\Windows\System\hecoPGc.exe
  2⤵
  PID:6688
- C:\Windows\System\UcRMOsg.exe
  C:\Windows\System\UcRMOsg.exe
  2⤵
  PID:6724
- C:\Windows\System\qriZRIb.exe
  C:\Windows\System\qriZRIb.exe
  2⤵
  PID:6756
- C:\Windows\System\UdpLLBU.exe
  C:\Windows\System\UdpLLBU.exe
  2⤵
  PID:6784
- C:\Windows\System\QgfxoLs.exe
  C:\Windows\System\QgfxoLs.exe
  2⤵
  PID:6812
- C:\Windows\System\Ynwhvez.exe
  C:\Windows\System\Ynwhvez.exe
  2⤵
  PID:6840
- C:\Windows\System\BLZQtVh.exe
  C:\Windows\System\BLZQtVh.exe
  2⤵
  PID:6860
- C:\Windows\System\wBpogHc.exe
  C:\Windows\System\wBpogHc.exe
  2⤵
  PID:6880
- C:\Windows\System\rGJRwRh.exe
  C:\Windows\System\rGJRwRh.exe
  2⤵
  PID:6916
- C:\Windows\System\dwFygTS.exe
  C:\Windows\System\dwFygTS.exe
  2⤵
  PID:6948
- C:\Windows\System\xQGKBEt.exe
  C:\Windows\System\xQGKBEt.exe
  2⤵
  PID:6980
- C:\Windows\System\qeyEaSx.exe
  C:\Windows\System\qeyEaSx.exe
  2⤵
  PID:7020
- C:\Windows\System\vYTohRT.exe
  C:\Windows\System\vYTohRT.exe
  2⤵
  PID:7048
- C:\Windows\System\WCceGwD.exe
  C:\Windows\System\WCceGwD.exe
  2⤵
  PID:7080
- C:\Windows\System\uvFqXAU.exe
  C:\Windows\System\uvFqXAU.exe
  2⤵
  PID:7108
- C:\Windows\System\CXfUzPG.exe
  C:\Windows\System\CXfUzPG.exe
  2⤵
  PID:7140
- C:\Windows\System\iCpUFMf.exe
  C:\Windows\System\iCpUFMf.exe
  2⤵
  PID:7164
- C:\Windows\System\mUbIyqZ.exe
  C:\Windows\System\mUbIyqZ.exe
  2⤵
  PID:6240
- C:\Windows\System\wcJFUcS.exe
  C:\Windows\System\wcJFUcS.exe
  2⤵
  PID:6324
- C:\Windows\System\StEhefE.exe
  C:\Windows\System\StEhefE.exe
  2⤵
  PID:6408
- C:\Windows\System\HhhftQK.exe
  C:\Windows\System\HhhftQK.exe
  2⤵
  PID:6476
- C:\Windows\System\dEidKuS.exe
  C:\Windows\System\dEidKuS.exe
  2⤵
  PID:6568
- C:\Windows\System\tLPWhxI.exe
  C:\Windows\System\tLPWhxI.exe
  2⤵
  PID:6484
- C:\Windows\System\bIBXDMy.exe
  C:\Windows\System\bIBXDMy.exe
  2⤵
  PID:6468
- C:\Windows\System\qrtbJBa.exe
  C:\Windows\System\qrtbJBa.exe
  2⤵
  PID:6684
- C:\Windows\System\DyJHzgP.exe
  C:\Windows\System\DyJHzgP.exe
  2⤵
  PID:6736
- C:\Windows\System\VNbuTgz.exe
  C:\Windows\System\VNbuTgz.exe
  2⤵
  PID:6820
- C:\Windows\System\kitWPKW.exe
  C:\Windows\System\kitWPKW.exe
  2⤵
  PID:4304
- C:\Windows\System\UjBeHEv.exe
  C:\Windows\System\UjBeHEv.exe
  2⤵
  PID:6932
- C:\Windows\System\oqzZHRO.exe
  C:\Windows\System\oqzZHRO.exe
  2⤵
  PID:6516
- C:\Windows\System\weJBkEI.exe
  C:\Windows\System\weJBkEI.exe
  2⤵
  PID:7040
- C:\Windows\System\xPPTUmA.exe
  C:\Windows\System\xPPTUmA.exe
  2⤵
  PID:7120
- C:\Windows\System\pZPmfVe.exe
  C:\Windows\System\pZPmfVe.exe
  2⤵
  PID:6268
- C:\Windows\System\utzXhZN.exe
  C:\Windows\System\utzXhZN.exe
  2⤵
  PID:6392
- C:\Windows\System\LzttOrC.exe
  C:\Windows\System\LzttOrC.exe
  2⤵
  PID:6592
- C:\Windows\System\heBxkYe.exe
  C:\Windows\System\heBxkYe.exe
  2⤵
  PID:6660
- C:\Windows\System\IJHAYGS.exe
  C:\Windows\System\IJHAYGS.exe
  2⤵
  PID:6780
- C:\Windows\System\VFCalkC.exe
  C:\Windows\System\VFCalkC.exe
  2⤵
  PID:6968
- C:\Windows\System\WAgxhmZ.exe
  C:\Windows\System\WAgxhmZ.exe
  2⤵
  PID:7128
- C:\Windows\System\FhZeeLo.exe
  C:\Windows\System\FhZeeLo.exe
  2⤵
  PID:6772
- C:\Windows\System\KfKKnoG.exe
  C:\Windows\System\KfKKnoG.exe
  2⤵
  PID:6868
- C:\Windows\System\sDbcnEX.exe
  C:\Windows\System\sDbcnEX.exe
  2⤵
  PID:4552
- C:\Windows\System\bFMPziF.exe
  C:\Windows\System\bFMPziF.exe
  2⤵
  PID:4872
- C:\Windows\System\uBnMSFA.exe
  C:\Windows\System\uBnMSFA.exe
  2⤵
  PID:3612
- C:\Windows\System\XtsPmrp.exe
  C:\Windows\System\XtsPmrp.exe
  2⤵
  PID:7008
- C:\Windows\System\tTopDXY.exe
  C:\Windows\System\tTopDXY.exe
  2⤵
  PID:3376
- C:\Windows\System\iGJGcQK.exe
  C:\Windows\System\iGJGcQK.exe
  2⤵
  PID:2672
- C:\Windows\System\BcNHQTn.exe
  C:\Windows\System\BcNHQTn.exe
  2⤵
  PID:5096
- C:\Windows\System\MrrIWfu.exe
  C:\Windows\System\MrrIWfu.exe
  2⤵
  PID:7180
- C:\Windows\System\BmGYMbD.exe
  C:\Windows\System\BmGYMbD.exe
  2⤵
  PID:7212
- C:\Windows\System\wFzsilk.exe
  C:\Windows\System\wFzsilk.exe
  2⤵
  PID:7248
- C:\Windows\System\mqUTJsX.exe
  C:\Windows\System\mqUTJsX.exe
  2⤵
  PID:7272
- C:\Windows\System\hgCDabz.exe
  C:\Windows\System\hgCDabz.exe
  2⤵
  PID:7300
- C:\Windows\System\xZSxOxR.exe
  C:\Windows\System\xZSxOxR.exe
  2⤵
  PID:7328
- C:\Windows\System\aUDFUtD.exe
  C:\Windows\System\aUDFUtD.exe
  2⤵
  PID:7360
- C:\Windows\System\dzdIBhY.exe
  C:\Windows\System\dzdIBhY.exe
  2⤵
  PID:7384
- C:\Windows\System\AQSAulV.exe
  C:\Windows\System\AQSAulV.exe
  2⤵
  PID:7404
- C:\Windows\System\JYHpcWV.exe
  C:\Windows\System\JYHpcWV.exe
  2⤵
  PID:7432
- C:\Windows\System\opSHWiR.exe
  C:\Windows\System\opSHWiR.exe
  2⤵
  PID:7468
- C:\Windows\System\NRkMQrs.exe
  C:\Windows\System\NRkMQrs.exe
  2⤵
  PID:7488
- C:\Windows\System\gziWHrm.exe
  C:\Windows\System\gziWHrm.exe
  2⤵
  PID:7520
- C:\Windows\System\POTWDeU.exe
  C:\Windows\System\POTWDeU.exe
  2⤵
  PID:7544
- C:\Windows\System\sZQDmqG.exe
  C:\Windows\System\sZQDmqG.exe
  2⤵
  PID:7572
- C:\Windows\System\TviDODP.exe
  C:\Windows\System\TviDODP.exe
  2⤵
  PID:7600
- C:\Windows\System\ewlJyJa.exe
  C:\Windows\System\ewlJyJa.exe
  2⤵
  PID:7628
- C:\Windows\System\DrdcMId.exe
  C:\Windows\System\DrdcMId.exe
  2⤵
  PID:7656
- C:\Windows\System\UtzrZeh.exe
  C:\Windows\System\UtzrZeh.exe
  2⤵
  PID:7684
- C:\Windows\System\gctKqRi.exe
  C:\Windows\System\gctKqRi.exe
  2⤵
  PID:7712
- C:\Windows\System\WYDqfTV.exe
  C:\Windows\System\WYDqfTV.exe
  2⤵
  PID:7740
- C:\Windows\System\XxnrZIQ.exe
  C:\Windows\System\XxnrZIQ.exe
  2⤵
  PID:7772
- C:\Windows\System\uuAVGIZ.exe
  C:\Windows\System\uuAVGIZ.exe
  2⤵
  PID:7796
- C:\Windows\System\ypaipAc.exe
  C:\Windows\System\ypaipAc.exe
  2⤵
  PID:7836
- C:\Windows\System\YpIanHf.exe
  C:\Windows\System\YpIanHf.exe
  2⤵
  PID:7872
- C:\Windows\System\RLQwpOH.exe
  C:\Windows\System\RLQwpOH.exe
  2⤵
  PID:7908
- C:\Windows\System\bOPwiwZ.exe
  C:\Windows\System\bOPwiwZ.exe
  2⤵
  PID:7940
- C:\Windows\System\ZSdIgCb.exe
  C:\Windows\System\ZSdIgCb.exe
  2⤵
  PID:7972
- C:\Windows\System\QUCCOkV.exe
  C:\Windows\System\QUCCOkV.exe
  2⤵
  PID:8004
- C:\Windows\System\HZmzJdh.exe
  C:\Windows\System\HZmzJdh.exe
  2⤵
  PID:8020
- C:\Windows\System\KJWpeMD.exe
  C:\Windows\System\KJWpeMD.exe
  2⤵
  PID:8036
- C:\Windows\System\xXSwgym.exe
  C:\Windows\System\xXSwgym.exe
  2⤵
  PID:8080
- C:\Windows\System\OeebplE.exe
  C:\Windows\System\OeebplE.exe
  2⤵
  PID:8108
- C:\Windows\System\cEalQvr.exe
  C:\Windows\System\cEalQvr.exe
  2⤵
  PID:8148
- C:\Windows\System\OlQHhNo.exe
  C:\Windows\System\OlQHhNo.exe
  2⤵
  PID:8172
- C:\Windows\System\JKiXsZz.exe
  C:\Windows\System\JKiXsZz.exe
  2⤵
  PID:7192
- C:\Windows\System\KTBQsrS.exe
  C:\Windows\System\KTBQsrS.exe
  2⤵
  PID:7256
- C:\Windows\System\IbvZCwD.exe
  C:\Windows\System\IbvZCwD.exe
  2⤵
  PID:7336
- C:\Windows\System\zCBBacy.exe
  C:\Windows\System\zCBBacy.exe
  2⤵
  PID:7392
- C:\Windows\System\ahCVTaQ.exe
  C:\Windows\System\ahCVTaQ.exe
  2⤵
  PID:7452
- C:\Windows\System\KAiTJFQ.exe
  C:\Windows\System\KAiTJFQ.exe
  2⤵
  PID:7508
- C:\Windows\System\DMXeDeg.exe
  C:\Windows\System\DMXeDeg.exe
  2⤵
  PID:7584
- C:\Windows\System\geAQdbt.exe
  C:\Windows\System\geAQdbt.exe
  2⤵
  PID:7648
- C:\Windows\System\wxKeQxl.exe
  C:\Windows\System\wxKeQxl.exe
  2⤵
  PID:7724
- C:\Windows\System\DLZdRjB.exe
  C:\Windows\System\DLZdRjB.exe
  2⤵
  PID:7780
- C:\Windows\System\IZHycuM.exe
  C:\Windows\System\IZHycuM.exe
  2⤵
  PID:7820
- C:\Windows\System\UjlQmjI.exe
  C:\Windows\System\UjlQmjI.exe
  2⤵
  PID:7924
- C:\Windows\System\nuTLVMO.exe
  C:\Windows\System\nuTLVMO.exe
  2⤵
  PID:8000
- C:\Windows\System\RUiCCls.exe
  C:\Windows\System\RUiCCls.exe
  2⤵
  PID:8060
- C:\Windows\System\DPErdMo.exe
  C:\Windows\System\DPErdMo.exe
  2⤵
  PID:8128
- C:\Windows\System\tPXePie.exe
  C:\Windows\System\tPXePie.exe
  2⤵
  PID:8184
- C:\Windows\System\WTitpTO.exe
  C:\Windows\System\WTitpTO.exe
  2⤵
  PID:7312
- C:\Windows\System\IFxfaTi.exe
  C:\Windows\System\IFxfaTi.exe
  2⤵
  PID:7428
- C:\Windows\System\iDXChRn.exe
  C:\Windows\System\iDXChRn.exe
  2⤵
  PID:7568
- C:\Windows\System\YVsTMQP.exe
  C:\Windows\System\YVsTMQP.exe
  2⤵
  PID:7736
- C:\Windows\System\fWSILBd.exe
  C:\Windows\System\fWSILBd.exe
  2⤵
  PID:7884
- C:\Windows\System\TkyDbVP.exe
  C:\Windows\System\TkyDbVP.exe
  2⤵
  PID:8028
- C:\Windows\System\yDxaUMw.exe
  C:\Windows\System\yDxaUMw.exe
  2⤵
  PID:8168
- C:\Windows\System\hurqTGE.exe
  C:\Windows\System\hurqTGE.exe
  2⤵
  PID:7500
- C:\Windows\System\USQCgdT.exe
  C:\Windows\System\USQCgdT.exe
  2⤵
  PID:7816
- C:\Windows\System\jKAtnEZ.exe
  C:\Windows\System\jKAtnEZ.exe
  2⤵
  PID:8164
- C:\Windows\System\CEzuiLX.exe
  C:\Windows\System\CEzuiLX.exe
  2⤵
  PID:7980
- C:\Windows\System\owdIzlN.exe
  C:\Windows\System\owdIzlN.exe
  2⤵
  PID:7708
- C:\Windows\System\eUOIMHa.exe
  C:\Windows\System\eUOIMHa.exe
  2⤵
  PID:8220
- C:\Windows\System\GrzmSSf.exe
  C:\Windows\System\GrzmSSf.exe
  2⤵
  PID:8248
- C:\Windows\System\vkuKHPU.exe
  C:\Windows\System\vkuKHPU.exe
  2⤵
  PID:8276
- C:\Windows\System\hQduoRL.exe
  C:\Windows\System\hQduoRL.exe
  2⤵
  PID:8304
- C:\Windows\System\FlKbAlY.exe
  C:\Windows\System\FlKbAlY.exe
  2⤵
  PID:8332
- C:\Windows\System\WScWQwO.exe
  C:\Windows\System\WScWQwO.exe
  2⤵
  PID:8360
- C:\Windows\System\hbNjMkm.exe
  C:\Windows\System\hbNjMkm.exe
  2⤵
  PID:8388
- C:\Windows\System\cCukzsL.exe
  C:\Windows\System\cCukzsL.exe
  2⤵
  PID:8416
- C:\Windows\System\MOSaaSS.exe
  C:\Windows\System\MOSaaSS.exe
  2⤵
  PID:8448
- C:\Windows\System\xnIlUdt.exe
  C:\Windows\System\xnIlUdt.exe
  2⤵
  PID:8472
- C:\Windows\System\IDgmEpX.exe
  C:\Windows\System\IDgmEpX.exe
  2⤵
  PID:8500
- C:\Windows\System\kxRfDGu.exe
  C:\Windows\System\kxRfDGu.exe
  2⤵
  PID:8528
- C:\Windows\System\veQqFAw.exe
  C:\Windows\System\veQqFAw.exe
  2⤵
  PID:8560
- C:\Windows\System\PAblVBF.exe
  C:\Windows\System\PAblVBF.exe
  2⤵
  PID:8588
- C:\Windows\System\bfaHsNu.exe
  C:\Windows\System\bfaHsNu.exe
  2⤵
  PID:8616
- C:\Windows\System\vbvponC.exe
  C:\Windows\System\vbvponC.exe
  2⤵
  PID:8644
- C:\Windows\System\VtAUumM.exe
  C:\Windows\System\VtAUumM.exe
  2⤵
  PID:8688
- C:\Windows\System\UPbcdzM.exe
  C:\Windows\System\UPbcdzM.exe
  2⤵
  PID:8704
- C:\Windows\System\QHzNCaa.exe
  C:\Windows\System\QHzNCaa.exe
  2⤵
  PID:8732
- C:\Windows\System\CpxnOcG.exe
  C:\Windows\System\CpxnOcG.exe
  2⤵
  PID:8760
- C:\Windows\System\hnDGxut.exe
  C:\Windows\System\hnDGxut.exe
  2⤵
  PID:8788
- C:\Windows\System\PzfrrFd.exe
  C:\Windows\System\PzfrrFd.exe
  2⤵
  PID:8828
- C:\Windows\System\VuKxkdP.exe
  C:\Windows\System\VuKxkdP.exe
  2⤵
  PID:8844
- C:\Windows\System\kZdLWJN.exe
  C:\Windows\System\kZdLWJN.exe
  2⤵
  PID:8872
- C:\Windows\System\cfEtHEm.exe
  C:\Windows\System\cfEtHEm.exe
  2⤵
  PID:8900
- C:\Windows\System\qJlYMcB.exe
  C:\Windows\System\qJlYMcB.exe
  2⤵
  PID:8928
- C:\Windows\System\pTZMarU.exe
  C:\Windows\System\pTZMarU.exe
  2⤵
  PID:8956
- C:\Windows\System\PeUiNxL.exe
  C:\Windows\System\PeUiNxL.exe
  2⤵
  PID:8984
- C:\Windows\System\mQtRurG.exe
  C:\Windows\System\mQtRurG.exe
  2⤵
  PID:9012
- C:\Windows\System\vSaMIHu.exe
  C:\Windows\System\vSaMIHu.exe
  2⤵
  PID:9040
- C:\Windows\System\vLdbqqZ.exe
  C:\Windows\System\vLdbqqZ.exe
  2⤵
  PID:9068
- C:\Windows\System\XcJlMTK.exe
  C:\Windows\System\XcJlMTK.exe
  2⤵
  PID:9096
- C:\Windows\System\LeWzHWf.exe
  C:\Windows\System\LeWzHWf.exe
  2⤵
  PID:9124
- C:\Windows\System\KOtFlVp.exe
  C:\Windows\System\KOtFlVp.exe
  2⤵
  PID:9152
- C:\Windows\System\qzgLxuq.exe
  C:\Windows\System\qzgLxuq.exe
  2⤵
  PID:9180
- C:\Windows\System\yWKtTwR.exe
  C:\Windows\System\yWKtTwR.exe
  2⤵
  PID:9212
- C:\Windows\System\SUZfAZy.exe
  C:\Windows\System\SUZfAZy.exe
  2⤵
  PID:8244
- C:\Windows\System\pVdpRgt.exe
  C:\Windows\System\pVdpRgt.exe
  2⤵
  PID:8316
- C:\Windows\System\JwQpozP.exe
  C:\Windows\System\JwQpozP.exe
  2⤵
  PID:8132
- C:\Windows\System\GVCVOyk.exe
  C:\Windows\System\GVCVOyk.exe
  2⤵
  PID:8436
- C:\Windows\System\UdyixBv.exe
  C:\Windows\System\UdyixBv.exe
  2⤵
  PID:8512
- C:\Windows\System\AtcMFFb.exe
  C:\Windows\System\AtcMFFb.exe
  2⤵
  PID:8572
- C:\Windows\System\MDCCOTe.exe
  C:\Windows\System\MDCCOTe.exe
  2⤵
  PID:8636
- C:\Windows\System\WmBBgri.exe
  C:\Windows\System\WmBBgri.exe
  2⤵
  PID:8700
- C:\Windows\System\wmBUVvZ.exe
  C:\Windows\System\wmBUVvZ.exe
  2⤵
  PID:8772
- C:\Windows\System\qtqQgTB.exe
  C:\Windows\System\qtqQgTB.exe
  2⤵
  PID:8840
- C:\Windows\System\TXeHFrv.exe
  C:\Windows\System\TXeHFrv.exe
  2⤵
  PID:8896
- C:\Windows\System\lJuJnuc.exe
  C:\Windows\System\lJuJnuc.exe
  2⤵
  PID:8968
- C:\Windows\System\zoiSwLi.exe
  C:\Windows\System\zoiSwLi.exe
  2⤵
  PID:9024
- C:\Windows\System\pfPAsQS.exe
  C:\Windows\System\pfPAsQS.exe
  2⤵
  PID:9088
- C:\Windows\System\sEetsyH.exe
  C:\Windows\System\sEetsyH.exe
  2⤵
  PID:9148
- C:\Windows\System\nJAvsTc.exe
  C:\Windows\System\nJAvsTc.exe
  2⤵
  PID:8212
- C:\Windows\System\LhVqeMb.exe
  C:\Windows\System\LhVqeMb.exe
  2⤵
  PID:8356
- C:\Windows\System\GOTOAkR.exe
  C:\Windows\System\GOTOAkR.exe
  2⤵
  PID:8492
- C:\Windows\System\NPUWCvh.exe
  C:\Windows\System\NPUWCvh.exe
  2⤵
  PID:8664
- C:\Windows\System\eLOSBQB.exe
  C:\Windows\System\eLOSBQB.exe
  2⤵
  PID:8824
- C:\Windows\System\wNXzRwA.exe
  C:\Windows\System\wNXzRwA.exe
  2⤵
  PID:8952
- C:\Windows\System\WysSmIP.exe
  C:\Windows\System\WysSmIP.exe
  2⤵
  PID:9116
- C:\Windows\System\uLpkMGp.exe
  C:\Windows\System\uLpkMGp.exe
  2⤵
  PID:8344
- C:\Windows\System\bqGexrR.exe
  C:\Windows\System\bqGexrR.exe
  2⤵
  PID:8612
- C:\Windows\System\DbEKdwB.exe
  C:\Windows\System\DbEKdwB.exe
  2⤵
  PID:9008
- C:\Windows\System\qKYrFGW.exe
  C:\Windows\System\qKYrFGW.exe
  2⤵
  PID:9196
- C:\Windows\System\hnZyjfE.exe
  C:\Windows\System\hnZyjfE.exe
  2⤵
  PID:8464
- C:\Windows\System\XLrTBJx.exe
  C:\Windows\System\XLrTBJx.exe
  2⤵
  PID:9232
- C:\Windows\System\qqwBVzK.exe
  C:\Windows\System\qqwBVzK.exe
  2⤵
  PID:9260
- C:\Windows\System\RvgzBSE.exe
  C:\Windows\System\RvgzBSE.exe
  2⤵
  PID:9288
- C:\Windows\System\diUNuJd.exe
  C:\Windows\System\diUNuJd.exe
  2⤵
  PID:9316
- C:\Windows\System\tyEwfGt.exe
  C:\Windows\System\tyEwfGt.exe
  2⤵
  PID:9344
- C:\Windows\System\yNDbPxN.exe
  C:\Windows\System\yNDbPxN.exe
  2⤵
  PID:9392
- C:\Windows\System\vPWhPUj.exe
  C:\Windows\System\vPWhPUj.exe
  2⤵
  PID:9412
- C:\Windows\System\MccIAnR.exe
  C:\Windows\System\MccIAnR.exe
  2⤵
  PID:9440
- C:\Windows\System\woARUtT.exe
  C:\Windows\System\woARUtT.exe
  2⤵
  PID:9492
- C:\Windows\System\GbayYzz.exe
  C:\Windows\System\GbayYzz.exe
  2⤵
  PID:9516
- C:\Windows\System\nXwLdUV.exe
  C:\Windows\System\nXwLdUV.exe
  2⤵
  PID:9548
- C:\Windows\System\weCOrMB.exe
  C:\Windows\System\weCOrMB.exe
  2⤵
  PID:9564
- C:\Windows\System\UMRShGG.exe
  C:\Windows\System\UMRShGG.exe
  2⤵
  PID:9584
- C:\Windows\System\TCOOobo.exe
  C:\Windows\System\TCOOobo.exe
  2⤵
  PID:9612
- C:\Windows\System\FvAUlvO.exe
  C:\Windows\System\FvAUlvO.exe
  2⤵
  PID:9636
- C:\Windows\System\hStTLFK.exe
  C:\Windows\System\hStTLFK.exe
  2⤵
  PID:9664
- C:\Windows\System\aBzZkzb.exe
  C:\Windows\System\aBzZkzb.exe
  2⤵
  PID:9720
- C:\Windows\System\HGedvVn.exe
  C:\Windows\System\HGedvVn.exe
  2⤵
  PID:9764
- C:\Windows\System\kPPFPHe.exe
  C:\Windows\System\kPPFPHe.exe
  2⤵
  PID:9796
- C:\Windows\System\arnHuEb.exe
  C:\Windows\System\arnHuEb.exe
  2⤵
  PID:9848
- C:\Windows\System\DFyAoru.exe
  C:\Windows\System\DFyAoru.exe
  2⤵
  PID:9868
- C:\Windows\System\rYHJDXE.exe
  C:\Windows\System\rYHJDXE.exe
  2⤵
  PID:9896
- C:\Windows\System\bkXYBGH.exe
  C:\Windows\System\bkXYBGH.exe
  2⤵
  PID:9924
- C:\Windows\System\qVlGYIJ.exe
  C:\Windows\System\qVlGYIJ.exe
  2⤵
  PID:9952
- C:\Windows\System\bJwHdlN.exe
  C:\Windows\System\bJwHdlN.exe
  2⤵
  PID:9980
- C:\Windows\System\wwpeSmO.exe
  C:\Windows\System\wwpeSmO.exe
  2⤵
  PID:10000
- C:\Windows\System\NpgDdfo.exe
  C:\Windows\System\NpgDdfo.exe
  2⤵
  PID:10048
- C:\Windows\System\vzMmVLB.exe
  C:\Windows\System\vzMmVLB.exe
  2⤵
  PID:10064
- C:\Windows\System\KSqrGCv.exe
  C:\Windows\System\KSqrGCv.exe
  2⤵
  PID:10092
- C:\Windows\System\LqQPSoJ.exe
  C:\Windows\System\LqQPSoJ.exe
  2⤵
  PID:10120
- C:\Windows\System\OkuJPkF.exe
  C:\Windows\System\OkuJPkF.exe
  2⤵
  PID:10148
- C:\Windows\System\XYTePwT.exe
  C:\Windows\System\XYTePwT.exe
  2⤵
  PID:10176
- C:\Windows\System\xXabREm.exe
  C:\Windows\System\xXabREm.exe
  2⤵
  PID:10204
- C:\Windows\System\loKeKGf.exe
  C:\Windows\System\loKeKGf.exe
  2⤵
  PID:10232
- C:\Windows\System\IDigjDa.exe
  C:\Windows\System\IDigjDa.exe
  2⤵
  PID:9252
- C:\Windows\System\BcbPqgt.exe
  C:\Windows\System\BcbPqgt.exe
  2⤵
  PID:9312
- C:\Windows\System\GZxqLnr.exe
  C:\Windows\System\GZxqLnr.exe
  2⤵
  PID:9380
- C:\Windows\System\zGToEQZ.exe
  C:\Windows\System\zGToEQZ.exe
  2⤵
  PID:4820
- C:\Windows\System\HYVWydt.exe
  C:\Windows\System\HYVWydt.exe
  2⤵
  PID:972
- C:\Windows\System\akJRinx.exe
  C:\Windows\System\akJRinx.exe
  2⤵
  PID:9436
- C:\Windows\System\StJyZTf.exe
  C:\Windows\System\StJyZTf.exe
  2⤵
  PID:1996
- C:\Windows\System\tALjLFV.exe
  C:\Windows\System\tALjLFV.exe
  2⤵
  PID:9508
- C:\Windows\System\OMRLrih.exe
  C:\Windows\System\OMRLrih.exe
  2⤵
  PID:9600
- C:\Windows\System\TfcERDs.exe
  C:\Windows\System\TfcERDs.exe
  2⤵
  PID:9632
- C:\Windows\System\TofWRjI.exe
  C:\Windows\System\TofWRjI.exe
  2⤵
  PID:9608
- C:\Windows\System\GjOXsnF.exe
  C:\Windows\System\GjOXsnF.exe
  2⤵
  PID:9424
- C:\Windows\System\XCrCYXX.exe
  C:\Windows\System\XCrCYXX.exe
  2⤵
  PID:3428
- C:\Windows\System\tvdIgKZ.exe
  C:\Windows\System\tvdIgKZ.exe
  2⤵
  PID:9836
- C:\Windows\System\vzmgfLR.exe
  C:\Windows\System\vzmgfLR.exe
  2⤵
  PID:9760
- C:\Windows\System\GkClojQ.exe
  C:\Windows\System\GkClojQ.exe
  2⤵
  PID:9888
- C:\Windows\System\vDybVSY.exe
  C:\Windows\System\vDybVSY.exe
  2⤵
  PID:9944
- C:\Windows\System\PnbMaXJ.exe
  C:\Windows\System\PnbMaXJ.exe
  2⤵
  PID:10024
- C:\Windows\System\HxWnjkU.exe
  C:\Windows\System\HxWnjkU.exe
  2⤵
  PID:10076
- C:\Windows\System\mfWZpkV.exe
  C:\Windows\System\mfWZpkV.exe
  2⤵
  PID:10132
- C:\Windows\System\sDWdYXa.exe
  C:\Windows\System\sDWdYXa.exe
  2⤵
  PID:10160
- C:\Windows\System\EVFdpmG.exe
  C:\Windows\System\EVFdpmG.exe
  2⤵
  PID:10188
- C:\Windows\System\udWbCjI.exe
  C:\Windows\System\udWbCjI.exe
  2⤵
  PID:10228
- C:\Windows\System\EIBIFYV.exe
  C:\Windows\System\EIBIFYV.exe
  2⤵
  PID:9340
- C:\Windows\System\uYBHJHQ.exe
  C:\Windows\System\uYBHJHQ.exe
  2⤵
  PID:1892
- C:\Windows\System\eQfJfXO.exe
  C:\Windows\System\eQfJfXO.exe
  2⤵
  PID:4868
- C:\Windows\System\MlCRkwg.exe
  C:\Windows\System\MlCRkwg.exe
  2⤵
  PID:9540
- C:\Windows\System\TuJIpiA.exe
  C:\Windows\System\TuJIpiA.exe
  2⤵
  PID:9648
- C:\Windows\System\kAcsptS.exe
  C:\Windows\System\kAcsptS.exe
  2⤵
  PID:9448
- C:\Windows\System\cpzppXb.exe
  C:\Windows\System\cpzppXb.exe
  2⤵
  PID:9920
- C:\Windows\System\orwgGkc.exe
  C:\Windows\System\orwgGkc.exe
  2⤵
  PID:10056
- C:\Windows\System\tLWKTLx.exe
  C:\Windows\System\tLWKTLx.exe
  2⤵
  PID:2528
- C:\Windows\System\ppMMzyx.exe
  C:\Windows\System\ppMMzyx.exe
  2⤵
  PID:10216
- C:\Windows\System\BkliwjC.exe
  C:\Windows\System\BkliwjC.exe
  2⤵
  PID:2676
- C:\Windows\System\wWTBTnh.exe
  C:\Windows\System\wWTBTnh.exe
  2⤵
  PID:9512
- C:\Windows\System\IepCgPm.exe
  C:\Windows\System\IepCgPm.exe
  2⤵
  PID:9776
- C:\Windows\System\qaFcfSa.exe
  C:\Windows\System\qaFcfSa.exe
  2⤵
  PID:9504
- C:\Windows\System\HjfmZza.exe
  C:\Windows\System\HjfmZza.exe
  2⤵
  PID:9388
- C:\Windows\System\tWYTloX.exe
  C:\Windows\System\tWYTloX.exe
  2⤵
  PID:9948
- C:\Windows\System\XbLXrZy.exe
  C:\Windows\System\XbLXrZy.exe
  2⤵
  PID:9732
- C:\Windows\System\isdjVRS.exe
  C:\Windows\System\isdjVRS.exe
  2⤵
  PID:10248
- C:\Windows\System\RqffhgU.exe
  C:\Windows\System\RqffhgU.exe
  2⤵
  PID:10276
- C:\Windows\System\zRAxISg.exe
  C:\Windows\System\zRAxISg.exe
  2⤵
  PID:10304
- C:\Windows\System\DsGkTEg.exe
  C:\Windows\System\DsGkTEg.exe
  2⤵
  PID:10340
- C:\Windows\System\OpNSCtJ.exe
  C:\Windows\System\OpNSCtJ.exe
  2⤵
  PID:10360
- C:\Windows\System\nXtAeKp.exe
  C:\Windows\System\nXtAeKp.exe
  2⤵
  PID:10388
- C:\Windows\System\LICmsJD.exe
  C:\Windows\System\LICmsJD.exe
  2⤵
  PID:10416
- C:\Windows\System\YmoKBoo.exe
  C:\Windows\System\YmoKBoo.exe
  2⤵
  PID:10444
- C:\Windows\System\MQtXTaY.exe
  C:\Windows\System\MQtXTaY.exe
  2⤵
  PID:10472
- C:\Windows\System\qotQaDL.exe
  C:\Windows\System\qotQaDL.exe
  2⤵
  PID:10500
- C:\Windows\System\zXsUIqL.exe
  C:\Windows\System\zXsUIqL.exe
  2⤵
  PID:10528
- C:\Windows\System\DQhcAys.exe
  C:\Windows\System\DQhcAys.exe
  2⤵
  PID:10556
- C:\Windows\System\OzHUTFH.exe
  C:\Windows\System\OzHUTFH.exe
  2⤵
  PID:10584
- C:\Windows\System\DXInlDY.exe
  C:\Windows\System\DXInlDY.exe
  2⤵
  PID:10616
- C:\Windows\System\vGtZYfN.exe
  C:\Windows\System\vGtZYfN.exe
  2⤵
  PID:10644
- C:\Windows\System\sEjUKwZ.exe
  C:\Windows\System\sEjUKwZ.exe
  2⤵
  PID:10672
- C:\Windows\System\ZduYVkC.exe
  C:\Windows\System\ZduYVkC.exe
  2⤵
  PID:10700
- C:\Windows\System\PJdVsZy.exe
  C:\Windows\System\PJdVsZy.exe
  2⤵
  PID:10728
- C:\Windows\System\FsPbfvN.exe
  C:\Windows\System\FsPbfvN.exe
  2⤵
  PID:10756
- C:\Windows\System\KARPSzo.exe
  C:\Windows\System\KARPSzo.exe
  2⤵
  PID:10784
- C:\Windows\System\sLSzLBy.exe
  C:\Windows\System\sLSzLBy.exe
  2⤵
  PID:10812
- C:\Windows\System\ZvRSSrL.exe
  C:\Windows\System\ZvRSSrL.exe
  2⤵
  PID:10840
- C:\Windows\System\QHprSMR.exe
  C:\Windows\System\QHprSMR.exe
  2⤵
  PID:10868
- C:\Windows\System\uQuJmDJ.exe
  C:\Windows\System\uQuJmDJ.exe
  2⤵
  PID:10896
- C:\Windows\System\GEYIdrs.exe
  C:\Windows\System\GEYIdrs.exe
  2⤵
  PID:10924
- C:\Windows\System\aJRllBM.exe
  C:\Windows\System\aJRllBM.exe
  2⤵
  PID:10952
- C:\Windows\System\EyAHPiY.exe
  C:\Windows\System\EyAHPiY.exe
  2⤵
  PID:10984
- C:\Windows\System\GdPQLON.exe
  C:\Windows\System\GdPQLON.exe
  2⤵
  PID:11008
- C:\Windows\System\ULBatvf.exe
  C:\Windows\System\ULBatvf.exe
  2⤵
  PID:11036
- C:\Windows\System\uCispDF.exe
  C:\Windows\System\uCispDF.exe
  2⤵
  PID:11064
- C:\Windows\System\YylhHqt.exe
  C:\Windows\System\YylhHqt.exe
  2⤵
  PID:11092
- C:\Windows\System\WNbLmll.exe
  C:\Windows\System\WNbLmll.exe
  2⤵
  PID:11120
- C:\Windows\System\WLYThyo.exe
  C:\Windows\System\WLYThyo.exe
  2⤵
  PID:11148
- C:\Windows\System\KDrMuNT.exe
  C:\Windows\System\KDrMuNT.exe
  2⤵
  PID:11176
- C:\Windows\System\DswnKYx.exe
  C:\Windows\System\DswnKYx.exe
  2⤵
  PID:11204
- C:\Windows\System\BZNvjuJ.exe
  C:\Windows\System\BZNvjuJ.exe
  2⤵
  PID:11232
- C:\Windows\System\kxVguJI.exe
  C:\Windows\System\kxVguJI.exe
  2⤵
  PID:11260
- C:\Windows\System\aaQkwpw.exe
  C:\Windows\System\aaQkwpw.exe
  2⤵
  PID:10300
- C:\Windows\System\XDAsfSW.exe
  C:\Windows\System\XDAsfSW.exe
  2⤵
  PID:10372
- C:\Windows\System\dzCMAzE.exe
  C:\Windows\System\dzCMAzE.exe
  2⤵
  PID:10440
- C:\Windows\System\aYIEWDG.exe
  C:\Windows\System\aYIEWDG.exe
  2⤵
  PID:10492
- C:\Windows\System\TGPqfCQ.exe
  C:\Windows\System\TGPqfCQ.exe
  2⤵
  PID:10552
- C:\Windows\System\asUDLWm.exe
  C:\Windows\System\asUDLWm.exe
  2⤵
  PID:10628
- C:\Windows\System\KqpGUGC.exe
  C:\Windows\System\KqpGUGC.exe
  2⤵
  PID:10668
- C:\Windows\System\tCkPdRJ.exe
  C:\Windows\System\tCkPdRJ.exe
  2⤵
  PID:10720
- C:\Windows\System\SOqsFpA.exe
  C:\Windows\System\SOqsFpA.exe
  2⤵
  PID:10776
- C:\Windows\System\noEBqlK.exe
  C:\Windows\System\noEBqlK.exe
  2⤵
  PID:10836
- C:\Windows\System\zxHFmFF.exe
  C:\Windows\System\zxHFmFF.exe
  2⤵
  PID:10908
- C:\Windows\System\nTXRaQY.exe
  C:\Windows\System\nTXRaQY.exe
  2⤵
  PID:10972
- C:\Windows\System\wBzvhzc.exe
  C:\Windows\System\wBzvhzc.exe
  2⤵
  PID:11028
- C:\Windows\System\UShrLXl.exe
  C:\Windows\System\UShrLXl.exe
  2⤵
  PID:11088
- C:\Windows\System\ghFfxnn.exe
  C:\Windows\System\ghFfxnn.exe
  2⤵
  PID:11144
- C:\Windows\System\uRUFewU.exe
  C:\Windows\System\uRUFewU.exe
  2⤵
  PID:11216
- C:\Windows\System\Weiwkoo.exe
  C:\Windows\System\Weiwkoo.exe
  2⤵
  PID:10352
- C:\Windows\System\OEKHCdA.exe
  C:\Windows\System\OEKHCdA.exe
  2⤵
  PID:4308
- C:\Windows\System\jbsHGUq.exe
  C:\Windows\System\jbsHGUq.exe
  2⤵
  PID:10484
- C:\Windows\System\emOoskS.exe
  C:\Windows\System\emOoskS.exe
  2⤵
  PID:10636
- C:\Windows\System\aUvNZGH.exe
  C:\Windows\System\aUvNZGH.exe
  2⤵
  PID:10752
- C:\Windows\System\uhGWUha.exe
  C:\Windows\System\uhGWUha.exe
  2⤵
  PID:10936
- C:\Windows\System\rbGqFIE.exe
  C:\Windows\System\rbGqFIE.exe
  2⤵
  PID:11076
- C:\Windows\System\ZjLCMks.exe
  C:\Windows\System\ZjLCMks.exe
  2⤵
  PID:11200
- C:\Windows\System\xNyebnR.exe
  C:\Windows\System\xNyebnR.exe
  2⤵
  PID:4328
- C:\Windows\System\rCyzMPw.exe
  C:\Windows\System\rCyzMPw.exe
  2⤵
  PID:10696
- C:\Windows\System\TGYnOIn.exe
  C:\Windows\System\TGYnOIn.exe
  2⤵
  PID:11020
- C:\Windows\System\KRFEUAC.exe
  C:\Windows\System\KRFEUAC.exe
  2⤵
  PID:4336
- C:\Windows\System\THxFicW.exe
  C:\Windows\System\THxFicW.exe
  2⤵
  PID:11140
- C:\Windows\System\VBgwcDs.exe
  C:\Windows\System\VBgwcDs.exe
  2⤵
  PID:11268
- C:\Windows\System\AKYAmsA.exe
  C:\Windows\System\AKYAmsA.exe
  2⤵
  PID:11292
- C:\Windows\System\iKGsoxn.exe
  C:\Windows\System\iKGsoxn.exe
  2⤵
  PID:11320
- C:\Windows\System\IcQgaHK.exe
  C:\Windows\System\IcQgaHK.exe
  2⤵
  PID:11348
- C:\Windows\System\FoXVDuA.exe
  C:\Windows\System\FoXVDuA.exe
  2⤵
  PID:11376
- C:\Windows\System\ogeadxM.exe
  C:\Windows\System\ogeadxM.exe
  2⤵
  PID:11404
- C:\Windows\System\OgCTzca.exe
  C:\Windows\System\OgCTzca.exe
  2⤵
  PID:11432
- C:\Windows\System\aJNCkKp.exe
  C:\Windows\System\aJNCkKp.exe
  2⤵
  PID:11460
- C:\Windows\System\GvKTYuu.exe
  C:\Windows\System\GvKTYuu.exe
  2⤵
  PID:11488
- C:\Windows\System\TuCCZED.exe
  C:\Windows\System\TuCCZED.exe
  2⤵
  PID:11516
- C:\Windows\System\NWUVKYJ.exe
  C:\Windows\System\NWUVKYJ.exe
  2⤵
  PID:11544
- C:\Windows\System\SDPkIyK.exe
  C:\Windows\System\SDPkIyK.exe
  2⤵
  PID:11572
- C:\Windows\System\pwswlkO.exe
  C:\Windows\System\pwswlkO.exe
  2⤵
  PID:11600
- C:\Windows\System\OGttLDR.exe
  C:\Windows\System\OGttLDR.exe
  2⤵
  PID:11628
- C:\Windows\System\intTkZB.exe
  C:\Windows\System\intTkZB.exe
  2⤵
  PID:11656
- C:\Windows\System\XSsGeqD.exe
  C:\Windows\System\XSsGeqD.exe
  2⤵
  PID:11684
- C:\Windows\System\CgFktWp.exe
  C:\Windows\System\CgFktWp.exe
  2⤵
  PID:11712
- C:\Windows\System\KDzpZFT.exe
  C:\Windows\System\KDzpZFT.exe
  2⤵
  PID:11740
- C:\Windows\System\xarPtil.exe
  C:\Windows\System\xarPtil.exe
  2⤵
  PID:11772
- C:\Windows\System\TRglBWN.exe
  C:\Windows\System\TRglBWN.exe
  2⤵
  PID:11800
- C:\Windows\System\ckuICnh.exe
  C:\Windows\System\ckuICnh.exe
  2⤵
  PID:11828
- C:\Windows\System\GnWbAgt.exe
  C:\Windows\System\GnWbAgt.exe
  2⤵
  PID:11864
- C:\Windows\System\OnWHFTR.exe
  C:\Windows\System\OnWHFTR.exe
  2⤵
  PID:11884
- C:\Windows\System\PqZMror.exe
  C:\Windows\System\PqZMror.exe
  2⤵
  PID:11912
- C:\Windows\System\aSzIxaL.exe
  C:\Windows\System\aSzIxaL.exe
  2⤵
  PID:11940
- C:\Windows\System\dAkQFjU.exe
  C:\Windows\System\dAkQFjU.exe
  2⤵
  PID:11968
- C:\Windows\System\sgaeJls.exe
  C:\Windows\System\sgaeJls.exe
  2⤵
  PID:11996
- C:\Windows\System\pvcSWIQ.exe
  C:\Windows\System\pvcSWIQ.exe
  2⤵
  PID:12024
- C:\Windows\System\nQoWgLY.exe
  C:\Windows\System\nQoWgLY.exe
  2⤵
  PID:12052
- C:\Windows\System\dtIbjyz.exe
  C:\Windows\System\dtIbjyz.exe
  2⤵
  PID:12080
- C:\Windows\System\GWpaCNC.exe
  C:\Windows\System\GWpaCNC.exe
  2⤵
  PID:12108
- C:\Windows\System\OINlHtl.exe
  C:\Windows\System\OINlHtl.exe
  2⤵
  PID:12136
- C:\Windows\System\DbWHVxk.exe
  C:\Windows\System\DbWHVxk.exe
  2⤵
  PID:12164
- C:\Windows\System\dnfusvx.exe
  C:\Windows\System\dnfusvx.exe
  2⤵
  PID:12192
- C:\Windows\System\gryWoim.exe
  C:\Windows\System\gryWoim.exe
  2⤵
  PID:12220
- C:\Windows\System\DAIgdoW.exe
  C:\Windows\System\DAIgdoW.exe
  2⤵
  PID:12248
- C:\Windows\System\ffkhtJi.exe
  C:\Windows\System\ffkhtJi.exe
  2⤵
  PID:12276
- C:\Windows\System\XsKOSnH.exe
  C:\Windows\System\XsKOSnH.exe
  2⤵
  PID:11304
- C:\Windows\System\ClsnlGJ.exe
  C:\Windows\System\ClsnlGJ.exe
  2⤵
  PID:11368
- C:\Windows\System\cSgETUQ.exe
  C:\Windows\System\cSgETUQ.exe
  2⤵
  PID:11456
- C:\Windows\System\lqGasUD.exe
  C:\Windows\System\lqGasUD.exe
  2⤵
  PID:11500
- C:\Windows\System\zeTkWLr.exe
  C:\Windows\System\zeTkWLr.exe
  2⤵
  PID:11568
- C:\Windows\System\lTfVbtW.exe
  C:\Windows\System\lTfVbtW.exe
  2⤵
  PID:11624
- C:\Windows\System\rKbnuFR.exe
  C:\Windows\System\rKbnuFR.exe
  2⤵
  PID:11696
- C:\Windows\System\NEhWtFZ.exe
  C:\Windows\System\NEhWtFZ.exe
  2⤵
  PID:11764
- C:\Windows\System\CkVuDqm.exe
  C:\Windows\System\CkVuDqm.exe
  2⤵
  PID:11820
- C:\Windows\System\JnwkHnl.exe
  C:\Windows\System\JnwkHnl.exe
  2⤵
  PID:11896
- C:\Windows\System\THFPWyN.exe
  C:\Windows\System\THFPWyN.exe
  2⤵
  PID:11960
- C:\Windows\System\DStxEVx.exe
  C:\Windows\System\DStxEVx.exe
  2⤵
  PID:12020
- C:\Windows\System\HQjvPOq.exe
  C:\Windows\System\HQjvPOq.exe
  2⤵
  PID:12092
- C:\Windows\System\ylVpEok.exe
  C:\Windows\System\ylVpEok.exe
  2⤵
  PID:12156
- C:\Windows\System\TBErBeP.exe
  C:\Windows\System\TBErBeP.exe
  2⤵
  PID:12216
- C:\Windows\System\BFODFdg.exe
  C:\Windows\System\BFODFdg.exe
  2⤵
  PID:12272
- C:\Windows\System\NJGvWmd.exe
  C:\Windows\System\NJGvWmd.exe
  2⤵
  PID:11452
- C:\Windows\System\FZOpwlk.exe
  C:\Windows\System\FZOpwlk.exe
  2⤵
  PID:11484
- C:\Windows\System\hYsNhdc.exe
  C:\Windows\System\hYsNhdc.exe
  2⤵
  PID:11620
- C:\Windows\System\YudimTK.exe
  C:\Windows\System\YudimTK.exe
  2⤵
  PID:11736
- C:\Windows\System\kBtTYMl.exe
  C:\Windows\System\kBtTYMl.exe
  2⤵
  PID:11852
- C:\Windows\System\PMGjySD.exe
  C:\Windows\System\PMGjySD.exe
  2⤵
  PID:2288
- C:\Windows\System\ZFavqoi.exe
  C:\Windows\System\ZFavqoi.exe
  2⤵
  PID:3172
- C:\Windows\System\WteBvkk.exe
  C:\Windows\System\WteBvkk.exe
  2⤵
  PID:12268
- C:\Windows\System\irxToHx.exe
  C:\Windows\System\irxToHx.exe
  2⤵
  PID:2824
- C:\Windows\System\TCoryOf.exe
  C:\Windows\System\TCoryOf.exe
  2⤵
  PID:11564
- C:\Windows\System\isCBSuI.exe
  C:\Windows\System\isCBSuI.exe
  2⤵
  PID:4964
- C:\Windows\System\qYkOple.exe
  C:\Windows\System\qYkOple.exe
  2⤵
  PID:11824
- C:\Windows\System\jRdJjzA.exe
  C:\Windows\System\jRdJjzA.exe
  2⤵
  PID:3744
- C:\Windows\System\NRMRHRa.exe
  C:\Windows\System\NRMRHRa.exe
  2⤵
  PID:1708
- C:\Windows\System\rTMEMJx.exe
  C:\Windows\System\rTMEMJx.exe
  2⤵
  PID:12204
- C:\Windows\System\MYSBZmV.exe
  C:\Windows\System\MYSBZmV.exe
  2⤵
  PID:11360
- C:\Windows\System\AxMSdKB.exe
  C:\Windows\System\AxMSdKB.exe
  2⤵
  PID:4044
- C:\Windows\System\QSlZyoV.exe
  C:\Windows\System\QSlZyoV.exe
  2⤵
  PID:4524
- C:\Windows\System\MnbFyjW.exe
  C:\Windows\System\MnbFyjW.exe
  2⤵
  PID:3756
- C:\Windows\System\UOYfOjE.exe
  C:\Windows\System\UOYfOjE.exe
  2⤵
  PID:2132
- C:\Windows\System\RgkpQcy.exe
  C:\Windows\System\RgkpQcy.exe
  2⤵
  PID:1768
- C:\Windows\System\KDQcjcJ.exe
  C:\Windows\System\KDQcjcJ.exe
  2⤵
  PID:3344
- C:\Windows\System\kSSkXKi.exe
  C:\Windows\System\kSSkXKi.exe
  2⤵
  PID:3328
- C:\Windows\System\TaadqYu.exe
  C:\Windows\System\TaadqYu.exe
  2⤵
  PID:4008
- C:\Windows\System\QrnKuuk.exe
  C:\Windows\System\QrnKuuk.exe
  2⤵
  PID:2072
- C:\Windows\System\VxTgDHs.exe
  C:\Windows\System\VxTgDHs.exe
  2⤵
  PID:3732
- C:\Windows\System\oZtVjqJ.exe
  C:\Windows\System\oZtVjqJ.exe
  2⤵
  PID:4476
- C:\Windows\System\PwjQtRE.exe
  C:\Windows\System\PwjQtRE.exe
  2⤵
  PID:12184
- C:\Windows\System\zfYpvBe.exe
  C:\Windows\System\zfYpvBe.exe
  2⤵
  PID:816
- C:\Windows\System\xLTgDIC.exe
  C:\Windows\System\xLTgDIC.exe
  2⤵
  PID:3116
- C:\Windows\System\fOGjiaS.exe
  C:\Windows\System\fOGjiaS.exe
  2⤵
  PID:1752
- C:\Windows\System\qpCDUEB.exe
  C:\Windows\System\qpCDUEB.exe
  2⤵
  PID:4852
- C:\Windows\System\tQutneb.exe
  C:\Windows\System\tQutneb.exe
  2⤵
  PID:4220
- C:\Windows\System\bdhfpJb.exe
  C:\Windows\System\bdhfpJb.exe
  2⤵
  PID:2364
- C:\Windows\System\iwyZhay.exe
  C:\Windows\System\iwyZhay.exe
  2⤵
  PID:1948
- C:\Windows\System\nZKokjo.exe
  C:\Windows\System\nZKokjo.exe
  2⤵
  PID:5144
- C:\Windows\System\CdQTOmX.exe
  C:\Windows\System\CdQTOmX.exe
  2⤵
  PID:4432
- C:\Windows\System\gHDSdgG.exe
  C:\Windows\System\gHDSdgG.exe
  2⤵
  PID:4676
- C:\Windows\System\obtIcVc.exe
  C:\Windows\System\obtIcVc.exe
  2⤵
  PID:11936
- C:\Windows\System\qKxkhIe.exe
  C:\Windows\System\qKxkhIe.exe
  2⤵
  PID:5256
- C:\Windows\System\gMlXVPr.exe
  C:\Windows\System\gMlXVPr.exe
  2⤵
  PID:5156
- C:\Windows\System\ceVJCjR.exe
  C:\Windows\System\ceVJCjR.exe
  2⤵
  PID:5272
- C:\Windows\System\QqRYHVY.exe
  C:\Windows\System\QqRYHVY.exe
  2⤵
  PID:5300
- C:\Windows\System\hVYfZXh.exe
  C:\Windows\System\hVYfZXh.exe
  2⤵
  PID:5304
- C:\Windows\System\GGGGxPl.exe
  C:\Windows\System\GGGGxPl.exe
  2⤵
  PID:12316
- C:\Windows\System\LwPrgUb.exe
  C:\Windows\System\LwPrgUb.exe
  2⤵
  PID:12348
- C:\Windows\System\GAMXPcK.exe
  C:\Windows\System\GAMXPcK.exe
  2⤵
  PID:12376
- C:\Windows\System\NfWBzVj.exe
  C:\Windows\System\NfWBzVj.exe
  2⤵
  PID:12404
- C:\Windows\System\jUvkNJH.exe
  C:\Windows\System\jUvkNJH.exe
  2⤵
  PID:12432
- C:\Windows\System\XLxrofX.exe
  C:\Windows\System\XLxrofX.exe
  2⤵
  PID:12460
- C:\Windows\System\uqrpKkH.exe
  C:\Windows\System\uqrpKkH.exe
  2⤵
  PID:12488
- C:\Windows\System\aHIFmjZ.exe
  C:\Windows\System\aHIFmjZ.exe
  2⤵
  PID:12516
- C:\Windows\System\RKucLzZ.exe
  C:\Windows\System\RKucLzZ.exe
  2⤵
  PID:12544
- C:\Windows\System\ccBuyRR.exe
  C:\Windows\System\ccBuyRR.exe
  2⤵
  PID:12572
- C:\Windows\System\bAdhASk.exe
  C:\Windows\System\bAdhASk.exe
  2⤵
  PID:12600
- C:\Windows\System\IMjXvUL.exe
  C:\Windows\System\IMjXvUL.exe
  2⤵
  PID:12628
- C:\Windows\System\rmnLKza.exe
  C:\Windows\System\rmnLKza.exe
  2⤵
  PID:12656
- C:\Windows\System\EXLlTJq.exe
  C:\Windows\System\EXLlTJq.exe
  2⤵
  PID:12684
- C:\Windows\System\rCZATjq.exe
  C:\Windows\System\rCZATjq.exe
  2⤵
  PID:12712
- C:\Windows\System\WNRLCRe.exe
  C:\Windows\System\WNRLCRe.exe
  2⤵
  PID:12740
- C:\Windows\System\mgTeJYy.exe
  C:\Windows\System\mgTeJYy.exe
  2⤵
  PID:12768
- C:\Windows\System\OzhqHsC.exe
  C:\Windows\System\OzhqHsC.exe
  2⤵
  PID:12796
- C:\Windows\System\bLDlmUR.exe
  C:\Windows\System\bLDlmUR.exe
  2⤵
  PID:12824
- C:\Windows\System\FGVcnYI.exe
  C:\Windows\System\FGVcnYI.exe
  2⤵
  PID:12852
- C:\Windows\System\SmJvXlq.exe
  C:\Windows\System\SmJvXlq.exe
  2⤵
  PID:12880
- C:\Windows\System\YQRMQou.exe
  C:\Windows\System\YQRMQou.exe
  2⤵
  PID:12908
- C:\Windows\System\UYTSECB.exe
  C:\Windows\System\UYTSECB.exe
  2⤵
  PID:12936
- C:\Windows\System\cfMmWWk.exe
  C:\Windows\System\cfMmWWk.exe
  2⤵
  PID:12964
- C:\Windows\System\VHyrTrj.exe
  C:\Windows\System\VHyrTrj.exe
  2⤵
  PID:12996
- C:\Windows\System\HDxFGGt.exe
  C:\Windows\System\HDxFGGt.exe
  2⤵
  PID:13024
- C:\Windows\System\RMZnOyi.exe
  C:\Windows\System\RMZnOyi.exe
  2⤵
  PID:13052
- C:\Windows\System\rucktvh.exe
  C:\Windows\System\rucktvh.exe
  2⤵
  PID:13080
- C:\Windows\System\sXSKqjn.exe
  C:\Windows\System\sXSKqjn.exe
  2⤵
  PID:13108
- C:\Windows\System\SFYokXY.exe
  C:\Windows\System\SFYokXY.exe
  2⤵
  PID:13152
- C:\Windows\System\GaJHRuz.exe
  C:\Windows\System\GaJHRuz.exe
  2⤵
  PID:13168
- C:\Windows\System\qRPnbIy.exe
  C:\Windows\System\qRPnbIy.exe
  2⤵
  PID:13196
- C:\Windows\System\DcbYLcI.exe
  C:\Windows\System\DcbYLcI.exe
  2⤵
  PID:13232
- C:\Windows\System\kzhKzVY.exe
  C:\Windows\System\kzhKzVY.exe
  2⤵
  PID:13264
- C:\Windows\System\mUMrKfK.exe
  C:\Windows\System\mUMrKfK.exe
  2⤵
  PID:13280
- C:\Windows\System\lZrLaIe.exe
  C:\Windows\System\lZrLaIe.exe
  2⤵
  PID:13296
- C:\Windows\System\aUGeLLp.exe
  C:\Windows\System\aUGeLLp.exe
  2⤵
  PID:5432
- C:\Windows\System\cgNMFLU.exe
  C:\Windows\System\cgNMFLU.exe
  2⤵
  PID:12388
- C:\Windows\System\KOUqLLD.exe
  C:\Windows\System\KOUqLLD.exe
  2⤵
  PID:12416
- C:\Windows\System\FEqOZAD.exe
  C:\Windows\System\FEqOZAD.exe
  2⤵
  PID:12512
- C:\Windows\System\jyhBDXK.exe
  C:\Windows\System\jyhBDXK.exe
  2⤵
  PID:12584
- C:\Windows\System\XOdHtYT.exe
  C:\Windows\System\XOdHtYT.exe
  2⤵
  PID:5516
- C:\Windows\System\GMmgEPY.exe
  C:\Windows\System\GMmgEPY.exe
  2⤵
  PID:12696
- C:\Windows\System\HUqQSqr.exe
  C:\Windows\System\HUqQSqr.exe
  2⤵
  PID:5548
- C:\Windows\System\xSZOdWU.exe
  C:\Windows\System\xSZOdWU.exe
  2⤵
  PID:12788
- C:\Windows\System\ZbTesJn.exe
  C:\Windows\System\ZbTesJn.exe
  2⤵
  PID:5628
- C:\Windows\System\PcxpTQe.exe
  C:\Windows\System\PcxpTQe.exe
  2⤵
  PID:5656
- C:\Windows\System\fBxLdoJ.exe
  C:\Windows\System\fBxLdoJ.exe
  2⤵
  PID:5748
- C:\Windows\System\hcUSEYd.exe
  C:\Windows\System\hcUSEYd.exe
  2⤵
  PID:12948
- C:\Windows\System\ZDTYbvh.exe
  C:\Windows\System\ZDTYbvh.exe
  2⤵
  PID:5852
- C:\Windows\System\PZplEjg.exe
  C:\Windows\System\PZplEjg.exe
  2⤵
  PID:5864
- C:\Windows\System\EforCop.exe
  C:\Windows\System\EforCop.exe
  2⤵
  PID:13104
- C:\Windows\System\TACnvxr.exe
  C:\Windows\System\TACnvxr.exe
  2⤵
  PID:5920
- C:\Windows\System\xRqYAtc.exe
  C:\Windows\System\xRqYAtc.exe
  2⤵
  PID:2620
- C:\Windows\System\OHmYuWK.exe
  C:\Windows\System\OHmYuWK.exe
  2⤵
  PID:4980
- C:\Windows\System\HfpMQFr.exe
  C:\Windows\System\HfpMQFr.exe
  2⤵
  PID:1504
- C:\Windows\System\ENPLmjH.exe
  C:\Windows\System\ENPLmjH.exe
  2⤵
  PID:1060
- C:\Windows\System\GqTtPUf.exe
  C:\Windows\System\GqTtPUf.exe
  2⤵
  PID:2324
- C:\Windows\System\tZbqjLH.exe
  C:\Windows\System\tZbqjLH.exe
  2⤵
  PID:6108
- C:\Windows\System\zttkUfl.exe
  C:\Windows\System\zttkUfl.exe
  2⤵
  PID:13260
- C:\Windows\System\iRqqflV.exe
  C:\Windows\System\iRqqflV.exe
  2⤵
  PID:5356
- C:\Windows\System\HPevxHk.exe
  C:\Windows\System\HPevxHk.exe
  2⤵
  PID:5268
- C:\Windows\System\PcHdZXy.exe
  C:\Windows\System\PcHdZXy.exe
  2⤵
  PID:388
- C:\Windows\System\LOGveaQ.exe
  C:\Windows\System\LOGveaQ.exe
  2⤵
  PID:12400
- C:\Windows\System\Qqgvxyl.exe
  C:\Windows\System\Qqgvxyl.exe
  2⤵
  PID:13212
- C:\Windows\System\RHJwdzm.exe
  C:\Windows\System\RHJwdzm.exe
  2⤵
  PID:5492
- C:\Windows\System\trHmGxQ.exe
  C:\Windows\System\trHmGxQ.exe
  2⤵
  PID:5684
- C:\Windows\System\kMeKndA.exe
  C:\Windows\System\kMeKndA.exe
  2⤵
  PID:12652
- C:\Windows\System\PfTZefa.exe
  C:\Windows\System\PfTZefa.exe
  2⤵
  PID:12724
- C:\Windows\System\qmFhZDW.exe
  C:\Windows\System\qmFhZDW.exe
  2⤵
  PID:5576
- C:\Windows\System\hbZzFHS.exe
  C:\Windows\System\hbZzFHS.exe
  2⤵
  PID:12336
- C:\Windows\System\HKesNDK.exe
  C:\Windows\System\HKesNDK.exe
  2⤵
  PID:3176
- C:\Windows\System\YXoNjlu.exe
  C:\Windows\System\YXoNjlu.exe
  2⤵
  PID:5980
- C:\Windows\System\qTILmmO.exe
  C:\Windows\System\qTILmmO.exe
  2⤵
  PID:6084
- C:\Windows\System\iVSjzbB.exe
  C:\Windows\System\iVSjzbB.exe
  2⤵
  PID:5896
- C:\Windows\System\UxIXJWO.exe
  C:\Windows\System\UxIXJWO.exe
  2⤵
  PID:5324
- C:\Windows\System\ovxLiWn.exe
  C:\Windows\System\ovxLiWn.exe
  2⤵
  PID:4728
- C:\Windows\System\cEsQSSP.exe
  C:\Windows\System\cEsQSSP.exe
  2⤵
  PID:5976
- C:\Windows\System\UJofiSk.exe
  C:\Windows\System\UJofiSk.exe
  2⤵
  PID:1272
- C:\Windows\System\LWpFKQO.exe
  C:\Windows\System\LWpFKQO.exe
  2⤵
  PID:6044
- C:\Windows\System\XtVWukN.exe
  C:\Windows\System\XtVWukN.exe
  2⤵
  PID:5232
- C:\Windows\System\JUqRzhr.exe
  C:\Windows\System\JUqRzhr.exe
  2⤵
  PID:5332
- C:\Windows\System\nMyncno.exe
  C:\Windows\System\nMyncno.exe
  2⤵
  PID:5444
- C:\Windows\System\WFCAJxQ.exe
  C:\Windows\System\WFCAJxQ.exe
  2⤵
  PID:12444
- C:\Windows\System\ZVnyqsZ.exe
  C:\Windows\System\ZVnyqsZ.exe
  2⤵
  PID:12984
- C:\Windows\System\tYtASKL.exe
  C:\Windows\System\tYtASKL.exe
  2⤵
  PID:12640
- C:\Windows\System\Idwiqev.exe
  C:\Windows\System\Idwiqev.exe
  2⤵
  PID:5796
- C:\Windows\System\AhLGSud.exe
  C:\Windows\System\AhLGSud.exe
  2⤵
  PID:12876
- C:\Windows\System\bzVoNDM.exe
  C:\Windows\System\bzVoNDM.exe
  2⤵
  PID:6056
- C:\Windows\System\jUviqWN.exe
  C:\Windows\System\jUviqWN.exe
  2⤵
  PID:13100
- C:\Windows\System\ESlHMsf.exe
  C:\Windows\System\ESlHMsf.exe
  2⤵
  PID:6444
- C:\Windows\System\YPgheuS.exe
  C:\Windows\System\YPgheuS.exe
  2⤵
  PID:5640
- C:\Windows\System\BxjRtDO.exe
  C:\Windows\System\BxjRtDO.exe
  2⤵
  PID:12480
- C:\Windows\System\BQSOpDZ.exe
  C:\Windows\System\BQSOpDZ.exe
  2⤵
  PID:6608
- C:\Windows\System\HoCiIKy.exe
  C:\Windows\System\HoCiIKy.exe
  2⤵
  PID:6620
- C:\Windows\System\FdctPnQ.exe
  C:\Windows\System\FdctPnQ.exe
  2⤵
  PID:5868
- C:\Windows\System\ssgovZF.exe
  C:\Windows\System\ssgovZF.exe
  2⤵
  PID:12508
- C:\Windows\System\dEXftfg.exe
  C:\Windows\System\dEXftfg.exe
  2⤵
  PID:6748
- C:\Windows\System\gpDGyCN.exe
  C:\Windows\System\gpDGyCN.exe
  2⤵
  PID:12820
- C:\Windows\System\eCuzOFf.exe
  C:\Windows\System\eCuzOFf.exe
  2⤵
  PID:13008
- C:\Windows\System\nmZZWez.exe
  C:\Windows\System\nmZZWez.exe
  2⤵
  PID:3692
- C:\Windows\System\NTMEOFu.exe
  C:\Windows\System\NTMEOFu.exe
  2⤵
  PID:4412
- C:\Windows\System\qVKZLFt.exe
  C:\Windows\System\qVKZLFt.exe
  2⤵
  PID:3036
- C:\Windows\System\BsdoZOl.exe
  C:\Windows\System\BsdoZOl.exe
  2⤵
  PID:5404
- C:\Windows\System\rCEsURy.exe
  C:\Windows\System\rCEsURy.exe
  2⤵
  PID:6768
- C:\Windows\System\aBSWclf.exe
  C:\Windows\System\aBSWclf.exe
  2⤵
  PID:13164
- C:\Windows\System\jQyMRFs.exe
  C:\Windows\System\jQyMRFs.exe
  2⤵
  PID:7064
- C:\Windows\System\HPTkRrc.exe
  C:\Windows\System\HPTkRrc.exe
  2⤵
  PID:7100
- C:\Windows\System\GMXiOCz.exe
  C:\Windows\System\GMXiOCz.exe
  2⤵
  PID:6236
- C:\Windows\System\NalpghK.exe
  C:\Windows\System\NalpghK.exe
  2⤵
  PID:6448
- C:\Windows\System\ePWrixw.exe
  C:\Windows\System\ePWrixw.exe
  2⤵
  PID:6648
- C:\Windows\System\SyLvvRf.exe
  C:\Windows\System\SyLvvRf.exe
  2⤵
  PID:7160
- C:\Windows\System\EdlNtqx.exe
  C:\Windows\System\EdlNtqx.exe
  2⤵
  PID:6304
- C:\Windows\System\HFAPPqO.exe
  C:\Windows\System\HFAPPqO.exe
  2⤵
  PID:6636
- C:\Windows\System\unIjjUd.exe
  C:\Windows\System\unIjjUd.exe
  2⤵
  PID:6512
- C:\Windows\System\MejizKR.exe
  C:\Windows\System\MejizKR.exe
  2⤵
  PID:6404
- C:\Windows\System\YzbAwdZ.exe
  C:\Windows\System\YzbAwdZ.exe
  2⤵
  PID:13332
- C:\Windows\System\otKbGte.exe
  C:\Windows\System\otKbGte.exe
  2⤵
  PID:13360
- C:\Windows\System\PPloxRV.exe
  C:\Windows\System\PPloxRV.exe
  2⤵
  PID:13388
- C:\Windows\System\eXNDlfF.exe
  C:\Windows\System\eXNDlfF.exe
  2⤵
  PID:13420
- C:\Windows\System\LbzBWvr.exe
  C:\Windows\System\LbzBWvr.exe
  2⤵
  PID:13464
- C:\Windows\System\kmYIzoO.exe
  C:\Windows\System\kmYIzoO.exe
  2⤵
  PID:13492
- C:\Windows\System\eesouab.exe
  C:\Windows\System\eesouab.exe
  2⤵
  PID:13520
- C:\Windows\System\VcaWPsw.exe
  C:\Windows\System\VcaWPsw.exe
  2⤵
  PID:13564
- C:\Windows\System\rRLxbQt.exe
  C:\Windows\System\rRLxbQt.exe
  2⤵
  PID:13592
- C:\Windows\System\rgJObiX.exe
  C:\Windows\System\rgJObiX.exe
  2⤵
  PID:13620
- C:\Windows\System\rzzvnzd.exe
  C:\Windows\System\rzzvnzd.exe
  2⤵
  PID:13664
- C:\Windows\System\oRYqYCh.exe
  C:\Windows\System\oRYqYCh.exe
  2⤵
  PID:13692
- C:\Windows\System\USQaMYi.exe
  C:\Windows\System\USQaMYi.exe
  2⤵
  PID:13720
- C:\Windows\System\KNXwjPv.exe
  C:\Windows\System\KNXwjPv.exe
  2⤵
  PID:13748
- C:\Windows\System\CxzVfTI.exe
  C:\Windows\System\CxzVfTI.exe
  2⤵
  PID:13780
- C:\Windows\System\QygMvzN.exe
  C:\Windows\System\QygMvzN.exe
  2⤵
  PID:13812
- C:\Windows\System\CRzWXxv.exe
  C:\Windows\System\CRzWXxv.exe
  2⤵
  PID:13844
- C:\Windows\System\pZPpqGl.exe
  C:\Windows\System\pZPpqGl.exe
  2⤵
  PID:13872
- C:\Windows\System\RlQuSpm.exe
  C:\Windows\System\RlQuSpm.exe
  2⤵
  PID:13912
- C:\Windows\System\DMpqObJ.exe
  C:\Windows\System\DMpqObJ.exe
  2⤵
  PID:13936
- C:\Windows\System\AVooqKg.exe
  C:\Windows\System\AVooqKg.exe
  2⤵
  PID:13964
- C:\Windows\System\XszEULG.exe
  C:\Windows\System\XszEULG.exe
  2⤵
  PID:13992
- C:\Windows\System\QFswftd.exe
  C:\Windows\System\QFswftd.exe
  2⤵
  PID:14020
- C:\Windows\System\lTbotal.exe
  C:\Windows\System\lTbotal.exe
  2⤵
  PID:14048
- C:\Windows\System\HOPTMMb.exe
  C:\Windows\System\HOPTMMb.exe
  2⤵
  PID:14076
- C:\Windows\System\pSDZAqs.exe
  C:\Windows\System\pSDZAqs.exe
  2⤵
  PID:14104
- C:\Windows\System\uhVXhAe.exe
  C:\Windows\System\uhVXhAe.exe
  2⤵
  PID:14132
- C:\Windows\System\gKVCqZs.exe
  C:\Windows\System\gKVCqZs.exe
  2⤵
  PID:14160
- C:\Windows\System\MqyzFzt.exe
  C:\Windows\System\MqyzFzt.exe
  2⤵
  PID:14188
- C:\Windows\System\fQKFUzd.exe
  C:\Windows\System\fQKFUzd.exe
  2⤵
  PID:14216
- C:\Windows\System\xjZBELi.exe
  C:\Windows\System\xjZBELi.exe
  2⤵
  PID:14244
- C:\Windows\System\gzNlRds.exe
  C:\Windows\System\gzNlRds.exe
  2⤵
  PID:14272
- C:\Windows\System\IjZxBce.exe
  C:\Windows\System\IjZxBce.exe
  2⤵
  PID:14300
- C:\Windows\System\vwYmoWx.exe
  C:\Windows\System\vwYmoWx.exe
  2⤵
  PID:14328
- C:\Windows\System\mHPjHoA.exe
  C:\Windows\System\mHPjHoA.exe
  2⤵
  PID:13344
- C:\Windows\System\OTmdEqH.exe
  C:\Windows\System\OTmdEqH.exe
  2⤵
  PID:13380
- C:\Windows\System\ParCeLG.exe
  C:\Windows\System\ParCeLG.exe
  2⤵
  PID:6912
- C:\Windows\System\PAyaAuj.exe
  C:\Windows\System\PAyaAuj.exe
  2⤵
  PID:6972
- C:\Windows\System\CONiCLX.exe
  C:\Windows\System\CONiCLX.exe
  2⤵
  PID:13532
- C:\Windows\System\jZCrKGr.exe
  C:\Windows\System\jZCrKGr.exe
  2⤵
  PID:3492
- C:\Windows\System\OvAQKYz.exe
  C:\Windows\System\OvAQKYz.exe
  2⤵
  PID:13408
- C:\Windows\System\SgzuUNm.exe
  C:\Windows\System\SgzuUNm.exe
  2⤵
  PID:13632
- C:\Windows\System\ODdTJAE.exe
  C:\Windows\System\ODdTJAE.exe
  2⤵
  PID:13684
- C:\Windows\System\XfIqczo.exe
  C:\Windows\System\XfIqczo.exe
  2⤵
  PID:6872
- C:\Windows\System\uIbOxXB.exe
  C:\Windows\System\uIbOxXB.exe
  2⤵
  PID:13776
- C:\Windows\System\ebQPzwu.exe
  C:\Windows\System\ebQPzwu.exe
  2⤵
  PID:13836
- C:\Windows\System\KHHUDyu.exe
  C:\Windows\System\KHHUDyu.exe
  2⤵
  PID:13884
- C:\Windows\System\QsYBuMI.exe
  C:\Windows\System\QsYBuMI.exe
  2⤵
  PID:13900
- C:\Windows\System\sXLsBNK.exe
  C:\Windows\System\sXLsBNK.exe
  2⤵
  PID:13540
- C:\Windows\System\DXFLudx.exe
  C:\Windows\System\DXFLudx.exe
  2⤵
  PID:13948
- C:\Windows\System\vRXOiKK.exe
  C:\Windows\System\vRXOiKK.exe
  2⤵
  PID:13976
- C:\Windows\System\BLbyuxR.exe
  C:\Windows\System\BLbyuxR.exe
  2⤵
  PID:6220
- C:\Windows\System\UJkMVZV.exe
  C:\Windows\System\UJkMVZV.exe
  2⤵
  PID:14072
- C:\Windows\System\pJfNbru.exe
  C:\Windows\System\pJfNbru.exe
  2⤵
  PID:14128
- C:\Windows\System\jTRngrC.exe
  C:\Windows\System\jTRngrC.exe
  2⤵
  PID:14152
- C:\Windows\System\BTvGCDN.exe
  C:\Windows\System\BTvGCDN.exe
  2⤵
  PID:14200
- C:\Windows\System\RFBdMkQ.exe
  C:\Windows\System\RFBdMkQ.exe
  2⤵
  PID:14240
- C:\Windows\System\XqtjUcJ.exe
  C:\Windows\System\XqtjUcJ.exe
  2⤵
  PID:14292
- C:\Windows\System\XYOecEW.exe
  C:\Windows\System\XYOecEW.exe
  2⤵
  PID:13324
- C:\Windows\System\kpFyWCA.exe
  C:\Windows\System\kpFyWCA.exe
  2⤵
  PID:13832
- C:\Windows\System\EKEZUSU.exe
  C:\Windows\System\EKEZUSU.exe
  2⤵
  PID:13460
- C:\Windows\System\QuVKdOO.exe
  C:\Windows\System\QuVKdOO.exe
  2⤵
  PID:7380
- C:\Windows\System\EsvBfGE.exe
  C:\Windows\System\EsvBfGE.exe
  2⤵
  PID:4880
- C:\Windows\System\FZhlLTZ.exe
  C:\Windows\System\FZhlLTZ.exe
  2⤵
  PID:7460
- C:\Windows\System\VQvNmtl.exe
  C:\Windows\System\VQvNmtl.exe
  2⤵
  PID:13676
- C:\Windows\System\shDcIOk.exe
  C:\Windows\System\shDcIOk.exe
  2⤵
  PID:5032
- C:\Windows\System\BHVWMHF.exe
  C:\Windows\System\BHVWMHF.exe
  2⤵
  PID:6376
- C:\Windows\System\EtMGDBo.exe
  C:\Windows\System\EtMGDBo.exe
  2⤵
  PID:7616
- C:\Windows\System\rhdQIuD.exe
  C:\Windows\System\rhdQIuD.exe
  2⤵
  PID:13800
- C:\Windows\System\UapqHxv.exe
  C:\Windows\System\UapqHxv.exe
  2⤵
  PID:7700
- C:\Windows\System\dOiFcZq.exe
  C:\Windows\System\dOiFcZq.exe
  2⤵
  PID:7728
- C:\Windows\System\UExdVUT.exe
  C:\Windows\System\UExdVUT.exe
  2⤵
  PID:7784
- C:\Windows\System\DPNfkHM.exe
  C:\Windows\System\DPNfkHM.exe
  2⤵
  PID:14144
- C:\Windows\System\sCnftrW.exe
  C:\Windows\System\sCnftrW.exe
  2⤵
  PID:7828
- C:\Windows\System\silPgjM.exe
  C:\Windows\System\silPgjM.exe
  2⤵
  PID:7880
- C:\Windows\System\MzGBHKl.exe
  C:\Windows\System\MzGBHKl.exe
  2⤵
  PID:7936
- C:\Windows\System\oXqzSHf.exe
  C:\Windows\System\oXqzSHf.exe
  2⤵
  PID:7988
- C:\Windows\System\yCogefu.exe
  C:\Windows\System\yCogefu.exe
  2⤵
  PID:13416
- C:\Windows\System\XRPPgJD.exe
  C:\Windows\System\XRPPgJD.exe
  2⤵
  PID:6164
- C:\Windows\System\FcpQqMb.exe
  C:\Windows\System\FcpQqMb.exe
  2⤵
  PID:8116
- C:\Windows\System\gYkPNUm.exe
  C:\Windows\System\gYkPNUm.exe
  2⤵
  PID:7496
- C:\Windows\System\GhfGOQs.exe
  C:\Windows\System\GhfGOQs.exe
  2⤵
  PID:7204
- C:\Windows\System\HDyonhd.exe
  C:\Windows\System\HDyonhd.exe
  2⤵
  PID:13864
- C:\Windows\System\aMTgjQW.exe
  C:\Windows\System\aMTgjQW.exe
  2⤵
  PID:7316
- C:\Windows\System\CnOpMie.exe
  C:\Windows\System\CnOpMie.exe
  2⤵
  PID:924
- C:\Windows\System\cAywSpH.exe
  C:\Windows\System\cAywSpH.exe
  2⤵
  PID:7748
- C:\Windows\System\SneNADq.exe
  C:\Windows\System\SneNADq.exe
  2⤵
  PID:7596
- C:\Windows\System\YhcixdM.exe
  C:\Windows\System\YhcixdM.exe
  2⤵
  PID:7196
- C:\Windows\System\KZFeOsB.exe
  C:\Windows\System\KZFeOsB.exe
  2⤵
  PID:7904
- C:\Windows\System\IkgjlAx.exe
  C:\Windows\System\IkgjlAx.exe
  2⤵
  PID:13608
- C:\Windows\System\tuviXds.exe
  C:\Windows\System\tuviXds.exe
  2⤵
  PID:8052
- C:\Windows\System\DcqyzmQ.exe
  C:\Windows\System\DcqyzmQ.exe
  2⤵
  PID:8124
- C:\Windows\System\TEMCAhA.exe
  C:\Windows\System\TEMCAhA.exe
  2⤵
  PID:7188
- C:\Windows\System\syzkLBy.exe
  C:\Windows\System\syzkLBy.exe
  2⤵
  PID:4540
- C:\Windows\System\fZYSpzq.exe
  C:\Windows\System\fZYSpzq.exe
  2⤵
  PID:7676
- C:\Windows\System\fTmzNfQ.exe
  C:\Windows\System\fTmzNfQ.exe
  2⤵
  PID:7672
- C:\Windows\System\uUAfeUu.exe
  C:\Windows\System\uUAfeUu.exe
  2⤵
  PID:7476
- C:\Windows\System\ZhIRlZX.exe
  C:\Windows\System\ZhIRlZX.exe
  2⤵
  PID:7232
- C:\Windows\System\NSlSIRG.exe
  C:\Windows\System\NSlSIRG.exe
  2⤵
  PID:8012
- C:\Windows\System\oXeITLz.exe
  C:\Windows\System\oXeITLz.exe
  2⤵
  PID:7372
- C:\Windows\System\MvmuaJQ.exe
  C:\Windows\System\MvmuaJQ.exe
  2⤵
  PID:8088
- C:\Windows\System\JrxDPHD.exe
  C:\Windows\System\JrxDPHD.exe
  2⤵
  PID:8228
- C:\Windows\System\XNYJGHd.exe
  C:\Windows\System\XNYJGHd.exe
  2⤵
  PID:7560
- C:\Windows\System\GXzTmaM.exe
  C:\Windows\System\GXzTmaM.exe
  2⤵
  PID:13548
- C:\Windows\System\JSuODOX.exe
  C:\Windows\System\JSuODOX.exe
  2⤵
  PID:8120
- C:\Windows\System\rkOcbWc.exe
  C:\Windows\System\rkOcbWc.exe
  2⤵
  PID:7536
- C:\Windows\System\ZnauOID.exe
  C:\Windows\System\ZnauOID.exe
  2⤵
  PID:7892
- C:\Windows\System\xIUOhzD.exe
  C:\Windows\System\xIUOhzD.exe
  2⤵
  PID:8444
- C:\Windows\System\teIZDQe.exe
  C:\Windows\System\teIZDQe.exe
  2⤵
  PID:8256
- C:\Windows\System\qxWXjTK.exe
  C:\Windows\System\qxWXjTK.exe
  2⤵
  PID:8544
- C:\Windows\System\pmWQdiA.exe
  C:\Windows\System\pmWQdiA.exe
  2⤵
  PID:8368
- C:\Windows\System\CfXWXhE.exe
  C:\Windows\System\CfXWXhE.exe
  2⤵
  PID:7224
- C:\Windows\System\hgwPiLQ.exe
  C:\Windows\System\hgwPiLQ.exe
  2⤵
  PID:7280
- C:\Windows\System\lHnomTn.exe
  C:\Windows\System\lHnomTn.exe
  2⤵
  PID:8740
- C:\Windows\System\NpCXTdU.exe
  C:\Windows\System\NpCXTdU.exe
  2⤵
  PID:8776
- C:\Windows\System\pRCZALA.exe
  C:\Windows\System\pRCZALA.exe
  2⤵
  PID:8632
- C:\Windows\System\xTayBBN.exe
  C:\Windows\System\xTayBBN.exe
  2⤵
  PID:8068
- C:\Windows\System\LVxjffZ.exe
  C:\Windows\System\LVxjffZ.exe
  2⤵
  PID:8852
- C:\Windows\System\sQkxRJo.exe
  C:\Windows\System\sQkxRJo.exe
  2⤵
  PID:8748
- C:\Windows\System\iDHyULq.exe
  C:\Windows\System\iDHyULq.exe
  2⤵
  PID:8944
- C:\Windows\System\UDbWurE.exe
  C:\Windows\System\UDbWurE.exe
  2⤵
  PID:8460
- C:\Windows\System\aFaEegb.exe
  C:\Windows\System\aFaEegb.exe
  2⤵
  PID:9104
- C:\Windows\System\DVpptEf.exe
  C:\Windows\System\DVpptEf.exe
  2⤵
  PID:9020
- C:\Windows\System\ZiiiTQN.exe
  C:\Windows\System\ZiiiTQN.exe
  2⤵
  PID:9084
- C:\Windows\System\YPwbqoY.exe
  C:\Windows\System\YPwbqoY.exe
  2⤵
  PID:8352
- C:\Windows\System\bpTjDQs.exe
  C:\Windows\System\bpTjDQs.exe
  2⤵
  PID:8964
- C:\Windows\System\szlEocB.exe
  C:\Windows\System\szlEocB.exe
  2⤵
  PID:8216
- C:\Windows\System\zfXuAFT.exe
  C:\Windows\System\zfXuAFT.exe
  2⤵
  PID:8540
- C:\Windows\System\Rfnzhjt.exe
  C:\Windows\System\Rfnzhjt.exe
  2⤵
  PID:9132
- C:\Windows\System\wFUWoss.exe
  C:\Windows\System\wFUWoss.exe
  2⤵
  PID:8724
- C:\Windows\System\pFiWXpC.exe
  C:\Windows\System\pFiWXpC.exe
  2⤵
  PID:8596
- C:\Windows\System\WggwJqK.exe
  C:\Windows\System\WggwJqK.exe
  2⤵
  PID:8204
- C:\Windows\System\iZtGTBh.exe
  C:\Windows\System\iZtGTBh.exe
  2⤵
  PID:9140
- C:\Windows\System\MyMzfTR.exe
  C:\Windows\System\MyMzfTR.exe
  2⤵
  PID:9172
- C:\Windows\System\zahJAIN.exe
  C:\Windows\System\zahJAIN.exe
  2⤵
  PID:9004
- C:\Windows\System\sJTMmEg.exe
  C:\Windows\System\sJTMmEg.exe
  2⤵
  PID:9036
- C:\Windows\System\BQcPoIP.exe
  C:\Windows\System\BQcPoIP.exe
  2⤵
  PID:8892
- C:\Windows\System\RHLTQMb.exe
  C:\Windows\System\RHLTQMb.exe
  2⤵
  PID:8556
- C:\Windows\System\lyEjYqw.exe
  C:\Windows\System\lyEjYqw.exe
  2⤵
  PID:8744
- C:\Windows\System\GhYQYzr.exe
  C:\Windows\System\GhYQYzr.exe
  2⤵
  PID:8400
- C:\Windows\System\dNQynov.exe
  C:\Windows\System\dNQynov.exe
  2⤵
  PID:8800
- C:\Windows\System\xjRAcVB.exe
  C:\Windows\System\xjRAcVB.exe
  2⤵
  PID:9220
- C:\Windows\System\QXZFfgd.exe
  C:\Windows\System\QXZFfgd.exe
  2⤵
  PID:9240
- C:\Windows\System\whJDoOz.exe
  C:\Windows\System\whJDoOz.exe
  2⤵
  PID:8428
- C:\Windows\System\FwOqHMw.exe
  C:\Windows\System\FwOqHMw.exe
  2⤵
  PID:9248
- C:\Windows\System\yJsqxhC.exe
  C:\Windows\System\yJsqxhC.exe
  2⤵
  PID:9276
- C:\Windows\System\XHJJSTt.exe
  C:\Windows\System\XHJJSTt.exe
  2⤵
  PID:9324
- C:\Windows\System\YVxWXig.exe
  C:\Windows\System\YVxWXig.exe
  2⤵
  PID:9376
- C:\Windows\System\NUrIepf.exe
  C:\Windows\System\NUrIepf.exe
  2⤵
  PID:14492
- C:\Windows\System\IqkYIoY.exe
  C:\Windows\System\IqkYIoY.exe
  2⤵
  PID:14508
- C:\Windows\System\DBjbMbM.exe
  C:\Windows\System\DBjbMbM.exe
  2⤵
  PID:14536
- C:\Windows\System\UJSjOGe.exe
  C:\Windows\System\UJSjOGe.exe
  2⤵
  PID:14564
- C:\Windows\System\suneYEM.exe
  C:\Windows\System\suneYEM.exe
  2⤵
  PID:14592
- C:\Windows\System\jTdRzwl.exe
  C:\Windows\System\jTdRzwl.exe
  2⤵
  PID:14620
- C:\Windows\System\HMGkyVU.exe
  C:\Windows\System\HMGkyVU.exe
  2⤵
  PID:14648
- C:\Windows\System\pYuleQR.exe
  C:\Windows\System\pYuleQR.exe
  2⤵
  PID:14688
- C:\Windows\System\TxOsXCD.exe
  C:\Windows\System\TxOsXCD.exe
  2⤵
  PID:14708
- C:\Windows\System\rNwVYcw.exe
  C:\Windows\System\rNwVYcw.exe
  2⤵
  PID:14736
- C:\Windows\System\JMiAafu.exe
  C:\Windows\System\JMiAafu.exe
  2⤵
  PID:14764
- C:\Windows\System\dadMwfr.exe
  C:\Windows\System\dadMwfr.exe
  2⤵
  PID:14792
- C:\Windows\System\xVsHnyo.exe
  C:\Windows\System\xVsHnyo.exe
  2⤵
  PID:14820
- C:\Windows\System\twFLfxe.exe
  C:\Windows\System\twFLfxe.exe
  2⤵
  PID:14948
- C:\Windows\System\WrYFPRw.exe
  C:\Windows\System\WrYFPRw.exe
  2⤵
  PID:14968
- C:\Windows\System\lrdaAzH.exe
  C:\Windows\System\lrdaAzH.exe
  2⤵
  PID:14996
- C:\Windows\System\QVWkFoH.exe
  C:\Windows\System\QVWkFoH.exe
  2⤵
  PID:15024
- C:\Windows\System\coCeqLU.exe
  C:\Windows\System\coCeqLU.exe
  2⤵
  PID:15052
- C:\Windows\System\ZWIABgo.exe
  C:\Windows\System\ZWIABgo.exe
  2⤵
  PID:15080
- C:\Windows\System\kvPsdjY.exe
  C:\Windows\System\kvPsdjY.exe
  2⤵
  PID:15108
- C:\Windows\System\IUoiGeZ.exe
  C:\Windows\System\IUoiGeZ.exe
  2⤵
  PID:15136
- C:\Windows\System\VlVjnwF.exe
  C:\Windows\System\VlVjnwF.exe
  2⤵
  PID:15164
- C:\Windows\System\mSYSqmu.exe
  C:\Windows\System\mSYSqmu.exe
  2⤵
  PID:15192
- C:\Windows\System\tAaZfJD.exe
  C:\Windows\System\tAaZfJD.exe
  2⤵
  PID:15220
- C:\Windows\System\UnhEWkr.exe
  C:\Windows\System\UnhEWkr.exe
  2⤵
  PID:15248
- C:\Windows\System\GXmxkPM.exe
  C:\Windows\System\GXmxkPM.exe
  2⤵
  PID:15276
- C:\Windows\System\GRjRhBz.exe
  C:\Windows\System\GRjRhBz.exe
  2⤵
  PID:15304
- C:\Windows\System\yzVoznD.exe
  C:\Windows\System\yzVoznD.exe
  2⤵
  PID:15332
- C:\Windows\System\BAJLabv.exe
  C:\Windows\System\BAJLabv.exe
  2⤵
  PID:4040
- C:\Windows\System\zoIKumD.exe
  C:\Windows\System\zoIKumD.exe
  2⤵
  PID:14380
- C:\Windows\System\lIkFxJo.exe
  C:\Windows\System\lIkFxJo.exe
  2⤵
  PID:14408
- C:\Windows\System\eiutGZU.exe
  C:\Windows\System\eiutGZU.exe
  2⤵
  PID:14424
- C:\Windows\System\DMwnrjB.exe
  C:\Windows\System\DMwnrjB.exe
  2⤵
  PID:14476
- C:\Windows\System\KQxsrgt.exe
  C:\Windows\System\KQxsrgt.exe
  2⤵
  PID:6500
- C:\Windows\System\MsMTdjN.exe
  C:\Windows\System\MsMTdjN.exe
  2⤵
  PID:14672
- C:\Windows\System\lhoevOX.exe
  C:\Windows\System\lhoevOX.exe
  2⤵
  PID:14720
- C:\Windows\System\mjUQSJS.exe
  C:\Windows\System\mjUQSJS.exe
  2⤵
  PID:14776
- C:\Windows\System\lGlCEyA.exe
  C:\Windows\System\lGlCEyA.exe
  2⤵
  PID:14840
- C:\Windows\System\iqEvLeC.exe
  C:\Windows\System\iqEvLeC.exe
  2⤵
  PID:14876
- C:\Windows\System\mGikyvq.exe
  C:\Windows\System\mGikyvq.exe
  2⤵
  PID:14920
- C:\Windows\System\PpGbfnq.exe
  C:\Windows\System\PpGbfnq.exe
  2⤵
  PID:15016
- C:\Windows\System\XYuqnoU.exe
  C:\Windows\System\XYuqnoU.exe
  2⤵
  PID:15048
- C:\Windows\System\ruPHKxV.exe
  C:\Windows\System\ruPHKxV.exe
  2⤵
  PID:9816
- C:\Windows\System\kXOqZIr.exe
  C:\Windows\System\kXOqZIr.exe
  2⤵
  PID:15128
- C:\Windows\System\FVsijgV.exe
  C:\Windows\System\FVsijgV.exe
  2⤵
  PID:15188
- C:\Windows\System\lzTAOcC.exe
  C:\Windows\System\lzTAOcC.exe
  2⤵
  PID:15300
- C:\Windows\System\ccnVdTN.exe
  C:\Windows\System\ccnVdTN.exe
  2⤵
  PID:9932
- C:\Windows\System\tNTujbA.exe
  C:\Windows\System\tNTujbA.exe
  2⤵
  PID:14548
- C:\Windows\System\BiHjgaT.exe
  C:\Windows\System\BiHjgaT.exe
  2⤵
  PID:10072
- C:\Windows\System\XrgNSoL.exe
  C:\Windows\System\XrgNSoL.exe
  2⤵
  PID:14644
- C:\Windows\System\OGPADOM.exe
  C:\Windows\System\OGPADOM.exe
  2⤵
  PID:8296
- C:\Windows\System\PamKvQL.exe
  C:\Windows\System\PamKvQL.exe
  2⤵
  PID:14872
- C:\Windows\System\gfsWTHQ.exe
  C:\Windows\System\gfsWTHQ.exe
  2⤵
  PID:14896
- C:\Windows\System\yDveATG.exe
  C:\Windows\System\yDveATG.exe
  2⤵
  PID:14916
- C:\Windows\System\UAXCZHF.exe
  C:\Windows\System\UAXCZHF.exe
  2⤵
  PID:6976
- C:\Windows\System\rCzGgWh.exe
  C:\Windows\System\rCzGgWh.exe
  2⤵
  PID:14980
- C:\Windows\System\bkFgrAM.exe
  C:\Windows\System\bkFgrAM.exe
  2⤵
  PID:6332
- C:\Windows\System\iJPySSy.exe
  C:\Windows\System\iJPySSy.exe
  2⤵
  PID:9364
- C:\Windows\System\jaVNOav.exe
  C:\Windows\System\jaVNOav.exe
  2⤵
  PID:3400
- C:\Windows\System\NQFFJLR.exe
  C:\Windows\System\NQFFJLR.exe
  2⤵
  PID:15260
- C:\Windows\System\okcNZtd.exe
  C:\Windows\System\okcNZtd.exe
  2⤵
  PID:15296
- C:\Windows\System\UPseCbf.exe
  C:\Windows\System\UPseCbf.exe
  2⤵
  PID:15324
- C:\Windows\System\zqpXZsV.exe
  C:\Windows\System\zqpXZsV.exe
  2⤵
  PID:9904
- C:\Windows\System\HOuZJUh.exe
  C:\Windows\System\HOuZJUh.exe
  2⤵
  PID:14388
- C:\Windows\System\OvnlxNn.exe
  C:\Windows\System\OvnlxNn.exe
  2⤵
  PID:1960
- C:\Windows\System\viXAlWL.exe
  C:\Windows\System\viXAlWL.exe
  2⤵
  PID:9428
- C:\Windows\System\Nnnuovv.exe
  C:\Windows\System\Nnnuovv.exe
  2⤵
  PID:14460
- C:\Windows\System\vqCWtng.exe
  C:\Windows\System\vqCWtng.exe
  2⤵
  PID:14560
- C:\Windows\System\pQBNqel.exe
  C:\Windows\System\pQBNqel.exe
  2⤵
  PID:9964
- C:\Windows\System\Vbcwrgu.exe
  C:\Windows\System\Vbcwrgu.exe
  2⤵
  PID:10140
- C:\Windows\System\YvnuDrK.exe
  C:\Windows\System\YvnuDrK.exe
  2⤵
  PID:6964
- C:\Windows\System\VcwuYIR.exe
  C:\Windows\System\VcwuYIR.exe
  2⤵
  PID:14928
- C:\Windows\System\nTphkHm.exe
  C:\Windows\System\nTphkHm.exe
  2⤵
  PID:9336
- C:\Windows\System\ZzuwqKl.exe
  C:\Windows\System\ZzuwqKl.exe
  2⤵
  PID:15092
- C:\Windows\System\rrEQVDu.exe
  C:\Windows\System\rrEQVDu.exe
  2⤵
  PID:15244
- C:\Windows\System\CzdSufm.exe
  C:\Windows\System\CzdSufm.exe
  2⤵
  PID:9884
- C:\Windows\System\xiVETHI.exe
  C:\Windows\System\xiVETHI.exe
  2⤵
  PID:10196
- C:\Windows\System\pmJsoFa.exe
  C:\Windows\System\pmJsoFa.exe
  2⤵
  PID:1516
- C:\Windows\System\bhywAFW.exe
  C:\Windows\System\bhywAFW.exe
  2⤵
  PID:9780
- C:\Windows\System\dJSenOO.exe
  C:\Windows\System\dJSenOO.exe
  2⤵
  PID:9536
- C:\Windows\System\kwzEPIf.exe
  C:\Windows\System\kwzEPIf.exe
  2⤵
  PID:10284
- C:\Windows\System\sgXORvU.exe
  C:\Windows\System\sgXORvU.exe
  2⤵
  PID:10320
- C:\Windows\System\mXBeFRb.exe
  C:\Windows\System\mXBeFRb.exe
  2⤵
  PID:10332
- C:\Windows\System\wehPrqF.exe
  C:\Windows\System\wehPrqF.exe
  2⤵
  PID:3516
- C:\Windows\System\qAyupjU.exe
  C:\Windows\System\qAyupjU.exe
  2⤵
  PID:14848
- C:\Windows\System\GkJDYzk.exe
  C:\Windows\System\GkJDYzk.exe
  2⤵
  PID:10452
- C:\Windows\System\HmzxbQv.exe
  C:\Windows\System\HmzxbQv.exe
  2⤵
  PID:9628
- C:\Windows\System\thEWZhK.exe
  C:\Windows\System\thEWZhK.exe
  2⤵
  PID:10508
- C:\Windows\System\OaXpHog.exe
  C:\Windows\System\OaXpHog.exe
  2⤵
  PID:10536
- C:\Windows\System\yWsjquD.exe
  C:\Windows\System\yWsjquD.exe
  2⤵
  PID:9488
- C:\Windows\System\LWbcNfc.exe
  C:\Windows\System\LWbcNfc.exe
  2⤵
  PID:10632
- C:\Windows\System\RFawmuc.exe
  C:\Windows\System\RFawmuc.exe
  2⤵
  PID:14936
- C:\Windows\System\LSXgUEV.exe
  C:\Windows\System\LSXgUEV.exe
  2⤵
  PID:14960
- C:\Windows\System\JgdlMEk.exe
  C:\Windows\System\JgdlMEk.exe
  2⤵
  PID:10744
- C:\Windows\System\TfQxNWg.exe
  C:\Windows\System\TfQxNWg.exe
  2⤵
  PID:10772
- C:\Windows\System\eLdhqSQ.exe
  C:\Windows\System\eLdhqSQ.exe
  2⤵
  PID:10792
- C:\Windows\System\dCmGkJX.exe
  C:\Windows\System\dCmGkJX.exe
  2⤵
  PID:10516
- C:\Windows\System\GClSOKE.exe
  C:\Windows\System\GClSOKE.exe
  2⤵
  PID:10884
- C:\Windows\System\nBTryKE.exe
  C:\Windows\System\nBTryKE.exe
  2⤵
  PID:10600
- C:\Windows\System\qAIOZyg.exe
  C:\Windows\System\qAIOZyg.exe
  2⤵
  PID:11016
- C:\Windows\System\aLzFjPS.exe
  C:\Windows\System\aLzFjPS.exe
  2⤵
  PID:10404
- C:\Windows\System\IljPUvr.exe
  C:\Windows\System\IljPUvr.exe
  2⤵
  PID:14892
- C:\Windows\System\vwDzXth.exe
  C:\Windows\System\vwDzXth.exe
  2⤵
  PID:10680
- C:\Windows\System\GBCxUcG.exe
  C:\Windows\System\GBCxUcG.exe
  2⤵
  PID:11128
- C:\Windows\System\LFPqzrf.exe
  C:\Windows\System\LFPqzrf.exe
  2⤵
  PID:11192
- C:\Windows\System\ictxyqc.exe
  C:\Windows\System\ictxyqc.exe
  2⤵
  PID:11220
- C:\Windows\System\WlcYpHx.exe
  C:\Windows\System\WlcYpHx.exe
  2⤵
  PID:10940
- C:\Windows\System\zQzOaad.exe
  C:\Windows\System\zQzOaad.exe
  2⤵
  PID:14804
- C:\Windows\System\ExqdwtC.exe
  C:\Windows\System\ExqdwtC.exe
  2⤵
  PID:10128
- C:\Windows\System\mHvdrnp.exe
  C:\Windows\System\mHvdrnp.exe
  2⤵
  PID:10436
- C:\Windows\System\lcvYQob.exe
  C:\Windows\System\lcvYQob.exe
  2⤵
  PID:9484
- C:\Windows\System\siBNQQc.exe
  C:\Windows\System\siBNQQc.exe
  2⤵
  PID:10828
- C:\Windows\System\JBhAZSR.exe
  C:\Windows\System\JBhAZSR.exe
  2⤵
  PID:11240
- C:\Windows\System\TyHdjbL.exe
  C:\Windows\System\TyHdjbL.exe
  2⤵
  PID:11024
- C:\Windows\System\FAVGhut.exe
  C:\Windows\System\FAVGhut.exe
  2⤵
  PID:11072
- C:\Windows\System\zCJZLJb.exe
  C:\Windows\System\zCJZLJb.exe
  2⤵
  PID:10944
- C:\Windows\System\tTRIjZU.exe
  C:\Windows\System\tTRIjZU.exe
  2⤵
  PID:9860
- C:\Windows\System\eIIfyYw.exe
  C:\Windows\System\eIIfyYw.exe
  2⤵
  PID:10724
- C:\Windows\System\MFxtjeA.exe
  C:\Windows\System\MFxtjeA.exe
  2⤵
  PID:10384
- C:\Windows\System\VZFDyhR.exe
  C:\Windows\System\VZFDyhR.exe
  2⤵
  PID:3584
- C:\Windows\System\ZGWliOb.exe
  C:\Windows\System\ZGWliOb.exe
  2⤵
  PID:8064
- C:\Windows\System\bqnPybP.exe
  C:\Windows\System\bqnPybP.exe
  2⤵
  PID:11248
- C:\Windows\System\VrfswJn.exe
  C:\Windows\System\VrfswJn.exe
  2⤵
  PID:10580
- C:\Windows\System\bLbTFBE.exe
  C:\Windows\System\bLbTFBE.exe
  2⤵
  PID:10664
- C:\Windows\System\gKGhiCG.exe
  C:\Windows\System\gKGhiCG.exe
  2⤵
  PID:15380
- C:\Windows\System\QmDjJAT.exe
  C:\Windows\System\QmDjJAT.exe
  2⤵
  PID:15408
- C:\Windows\System\vJXeSST.exe
  C:\Windows\System\vJXeSST.exe
  2⤵
  PID:15436
- C:\Windows\System\YjeuhCy.exe
  C:\Windows\System\YjeuhCy.exe
  2⤵
  PID:15464
- C:\Windows\System\yspghbr.exe
  C:\Windows\System\yspghbr.exe
  2⤵
  PID:15496
- C:\Windows\System\yQaQwsk.exe
  C:\Windows\System\yQaQwsk.exe
  2⤵
  PID:15524
- C:\Windows\System\drHcpBI.exe
  C:\Windows\System\drHcpBI.exe
  2⤵
  PID:15552
- C:\Windows\System\tBRwPWX.exe
  C:\Windows\System\tBRwPWX.exe
  2⤵
  PID:15596
- C:\Windows\System\kqxVaxG.exe
  C:\Windows\System\kqxVaxG.exe
  2⤵
  PID:15624
- C:\Windows\System\bcyEwui.exe
  C:\Windows\System\bcyEwui.exe
  2⤵
  PID:15652
- C:\Windows\System\HZpnvQm.exe
  C:\Windows\System\HZpnvQm.exe
  2⤵
  PID:15680
- C:\Windows\System\peRWkfu.exe
  C:\Windows\System\peRWkfu.exe
  2⤵
  PID:15708
- C:\Windows\System\YqQQjKx.exe
  C:\Windows\System\YqQQjKx.exe
  2⤵
  PID:15760
- C:\Windows\System\PQPHpYh.exe
  C:\Windows\System\PQPHpYh.exe
  2⤵
  PID:15776
- C:\Windows\System\QIjrcPR.exe
  C:\Windows\System\QIjrcPR.exe
  2⤵
  PID:15804
- C:\Windows\System\OJefeYW.exe
  C:\Windows\System\OJefeYW.exe
  2⤵
  PID:15832
- C:\Windows\System\maGNroj.exe
  C:\Windows\System\maGNroj.exe
  2⤵
  PID:15860
- C:\Windows\System\XCtkkhX.exe
  C:\Windows\System\XCtkkhX.exe
  2⤵
  PID:15888
- C:\Windows\System\rbZTjwa.exe
  C:\Windows\System\rbZTjwa.exe
  2⤵
  PID:15916
- C:\Windows\System\pClVCHs.exe
  C:\Windows\System\pClVCHs.exe
  2⤵
  PID:15944
- C:\Windows\System\fWAqMXU.exe
  C:\Windows\System\fWAqMXU.exe
  2⤵
  PID:15972
- C:\Windows\System\iGgxEDF.exe
  C:\Windows\System\iGgxEDF.exe
  2⤵
  PID:16000
- C:\Windows\System\BBVSStR.exe
  C:\Windows\System\BBVSStR.exe
  2⤵
  PID:16028
- C:\Windows\System\BbdaPeU.exe
  C:\Windows\System\BbdaPeU.exe
  2⤵
  PID:16056
- C:\Windows\System\yadbwpm.exe
  C:\Windows\System\yadbwpm.exe
  2⤵
  PID:16084
- C:\Windows\System\GMzfUrZ.exe
  C:\Windows\System\GMzfUrZ.exe
  2⤵
  PID:16112
- C:\Windows\System\wUsZhPB.exe
  C:\Windows\System\wUsZhPB.exe
  2⤵
  PID:16140
- C:\Windows\System\oigyNHU.exe
  C:\Windows\System\oigyNHU.exe
  2⤵
  PID:16168
- C:\Windows\System\qiCtwbi.exe
  C:\Windows\System\qiCtwbi.exe
  2⤵
  PID:16196
- C:\Windows\System\CIfIdFI.exe
  C:\Windows\System\CIfIdFI.exe
  2⤵
  PID:16236
- C:\Windows\System\dUytJHm.exe
  C:\Windows\System\dUytJHm.exe
  2⤵
  PID:16272
- C:\Windows\System\jJaaxqF.exe
  C:\Windows\System\jJaaxqF.exe
  2⤵
  PID:16300
- C:\Windows\System\mkuRQxx.exe
  C:\Windows\System\mkuRQxx.exe
  2⤵
  PID:16328
- C:\Windows\System\ppmaRiR.exe
  C:\Windows\System\ppmaRiR.exe
  2⤵
  PID:16356
- C:\Windows\System\KwQElrF.exe
  C:\Windows\System\KwQElrF.exe
  2⤵
  PID:15364
- C:\Windows\System\TzSncRQ.exe
  C:\Windows\System\TzSncRQ.exe
  2⤵
  PID:15400
- C:\Windows\System\dtBzIYo.exe
  C:\Windows\System\dtBzIYo.exe
  2⤵
  PID:15428
- C:\Windows\System\DKRtxqq.exe
  C:\Windows\System\DKRtxqq.exe
  2⤵
  PID:10548
- C:\Windows\System\GBpcAuM.exe
  C:\Windows\System\GBpcAuM.exe
  2⤵
  PID:15536
- C:\Windows\System\KxKEQaQ.exe
  C:\Windows\System\KxKEQaQ.exe
  2⤵
  PID:15548
- C:\Windows\System\kIHHdil.exe
  C:\Windows\System\kIHHdil.exe
  2⤵
  PID:10328
- C:\Windows\System\IMDHcuC.exe
  C:\Windows\System\IMDHcuC.exe
  2⤵
  PID:11000
- C:\Windows\System\ufSEUNE.exe
  C:\Windows\System\ufSEUNE.exe
  2⤵
  PID:15648
- C:\Windows\System\VUuLcCd.exe
  C:\Windows\System\VUuLcCd.exe
  2⤵
  PID:15700
- C:\Windows\System\CiTyZrf.exe
  C:\Windows\System\CiTyZrf.exe
  2⤵
  PID:15728
- C:\Windows\System\dfRhMWS.exe
  C:\Windows\System\dfRhMWS.exe
  2⤵
  PID:11412
- C:\Windows\System\rWCfIGc.exe
  C:\Windows\System\rWCfIGc.exe
  2⤵
  PID:11476
- C:\Windows\System\kijLMpN.exe
  C:\Windows\System\kijLMpN.exe
  2⤵
  PID:11496
- C:\Windows\System\EnzeBcS.exe
  C:\Windows\System\EnzeBcS.exe
  2⤵
  PID:15872
- C:\Windows\System\azBipNu.exe
  C:\Windows\System\azBipNu.exe
  2⤵
  PID:15912
- C:\Windows\System\qavEDmf.exe
  C:\Windows\System\qavEDmf.exe
  2⤵
  PID:11692
- C:\Windows\System\fSwazCi.exe
  C:\Windows\System\fSwazCi.exe
  2⤵
  PID:16052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CBhiwKu.exe

Filesize
6.0MB

MD5
70816c6de18cc85eba536001545650c1

SHA1
e6a6e400e5383b936d97c90a8c84056b999d6ea5

SHA256
7730b050455fb527d7797696a549b31909acdfc3e139a35093b62263c39ee230

SHA512
d28f893de8e9464b4a7ae3650c53b4fe6999f970514db5bc4a9ff1c7f255707f2c7e91f95d7c41c2723f73f6fb4b02ed82d04ec6e75ee166261c6e2a960fee34

Download Submit
C:\Windows\System\ChJZsDO.exe

Filesize
6.0MB

MD5
c2de0d3723e3f7fdfb0ca80896af83d3

SHA1
dc054639b10ed0f2eb725c1ba82b856d6c633ac5

SHA256
2d6ddf250332e53262b91a68ba9eaaac2364ba53d0721d3e68ce2eae6fa56c43

SHA512
cc84c794c00a6444e81e2434628bf566a0816dcd879d655bff9d478d24780c91205cd66019d00ee0e7a21373cb5c4c28fcabf12b30440021c417566ca97b7e98

Download Submit
C:\Windows\System\DKfQLIs.exe

Filesize
6.0MB

MD5
689eda247f971c03dd3e9d4c0ab5cbd7

SHA1
6b64aacfa2c889ee30a11def122c3eb2b1e2c8c5

SHA256
fe39c596d9dc3bff665bc6bff464d0b24713c880f899b6d1da7eefaba191f0a1

SHA512
095f8ba8bc04b7ece5bd33926a9d0311fe369e31dd2e845e7717f23aeffca43eb5b00605d077926f6e89d379a32d1b3c1804ebfd165eb03e8d26c6dd18ddcff5

Download Submit
C:\Windows\System\EDZOOXJ.exe

Filesize
6.0MB

MD5
d67c3bfa1bfb48f2fa4a11fcf44ed7fa

SHA1
71b1db103cd4fb9c10b56c482b83a2baead44e31

SHA256
f96782fa572ef7470c6e133f9a0adbf324e979120840b87cbddaa1561fc2be1f

SHA512
d5b7868347201828fdebf16ddf6b8c1f6dbc561f590978ea24b146e2933c58f426602519304b4bfedd543f1360dc9ce783bf540e9b55bacda5391bd4ba30858a

Download Submit
C:\Windows\System\EXnqMPg.exe

Filesize
6.0MB

MD5
d558d301be7995a5f40fabb816969187

SHA1
52bddf17dd551d498dc3e1fda51a5f2d640b3e8a

SHA256
29b3f2334ce24804cace03b7ccb03e0620ba87e85aadad9aaa07f846b6a25b17

SHA512
1883cb428ba841790ea189bc2a10e68b82ba532fc13804a7d9160b2b5f67083eeb13ad07b9423c2114df56d312d8a8d62d11ac4e47a07a505f08e354334fbf7a

Download Submit
C:\Windows\System\Ewqdlwm.exe

Filesize
6.0MB

MD5
12a4aa6b0ae21efc55dc0ab2905c5b59

SHA1
3e3bafbe9ec1140f2a1b364d3009c3def2b6f6ba

SHA256
1800d5dec00076830909bc944a9f6ba9360355e2ec41dc2cde61e6e0ae409f90

SHA512
aea33fddb93ec3ad05ae5d4953ab94b5e80d230c0e5ce0e755e9a7154f376dc2e77ec59913b4708bf3b2993c154fad22478779b04e2ac4c60c35384ced31e6e2

Download Submit
C:\Windows\System\FQSclvV.exe

Filesize
6.0MB

MD5
fa0f78363d1daae7dbd437254ce97357

SHA1
8aa17deb683d52404167bf2514c6e89cd0ac4444

SHA256
2b44554ca0b1113e049b069c3ab32aaa38e10918be8b34e39dbef8c1607b8379

SHA512
f81e88cf5fb9fed6748c9079e620c86d1a994a4eacddb99e62c6409228bf751ed3339b2c06f0ad6bb2fe3dbe761ef35da732ee3676d9b1117f9f15da77e7a883

Download Submit
C:\Windows\System\GgfGGuM.exe

Filesize
6.0MB

MD5
ba9fb117b9c862e561f1615d4c03eb4f

SHA1
2a0356b2e0070c611fa0913c89f0a7a6c8bb42ae

SHA256
4e8b194069de345b4388e173f869d527e4ed83dad3c5a8cc97bac7c837ae79b7

SHA512
4e6a5f3471090635f24f78e453ce5e2f51f4dc7a3d88f073e10d3a93a07e2911b3dcb9ec7f983ac150faaafe824ff6ab5b82251950844a08572d8aca395ac949

Download Submit
C:\Windows\System\IAMMPVq.exe

Filesize
6.0MB

MD5
13383413c2cede40033d91558a165623

SHA1
3946cca6c6c5275317d189a885ba7be1479d57a3

SHA256
1314da6da59d279b2d1d5d41b48db01c6763cee549c7255eb68d84273052acfc

SHA512
d75063d0249cdd55c4630115f00e8bb9feb03212787c7960abdcf75142a33f9c0e66441aa2511f20e6dffc652089fb6b9add62ed1cb7334e1e5761a09a62dcb7

Download Submit
C:\Windows\System\JEZgzsR.exe

Filesize
6.0MB

MD5
f559e185a15ac59458c687be684af998

SHA1
0e14c5b15ba9d85580386d531e649176a237e721

SHA256
49d119be11a8df177b4413987654026053123a7cbfea88a470d154ce7c19df6d

SHA512
a658b3219ba7f759e3bc79e568fe353ae99da876a956ca52a9fd83dbf5c2c0110ac8bb91adad13997ecb35e6085961fd5e69d22b4bfcfdb64064ba3cc2148dcf

Download Submit
C:\Windows\System\MBqADvZ.exe

Filesize
6.0MB

MD5
bec6d0d21b020dd1ebaf35c6fb353d5d

SHA1
8d376f7a5eaf6c5e8ff3b941b36455df6f7421d9

SHA256
e09e32df27c8065d9e3cb82d1954f3dc2aa38bebf4b798d0c136cdf801d6bbc9

SHA512
4418edde51c7ea1414e143bde186830469c93dfac864229e1a4be5922d88f6750e7eec0542e5fab6235730741d0443bd9fb39b910f331883204a0c6fdcbf2cfb

Download Submit
C:\Windows\System\PykkmsO.exe

Filesize
6.0MB

MD5
75ecb5ed81e30d81d0c1487178e3f28f

SHA1
380ab36bf933e340a96a3c80d1cf47782ebbe5d9

SHA256
3cc4e139861cbf83c748dbefebed5c543f18cc62c825c4f198c47b3b95d9b01d

SHA512
1b761af324be19dc8edc7f85d9a934f50886f7943d8b30ff60f3df10619062f78c370b7f05a049011f3005676227e9908c893e0a3b1fd62377e04dcdbe442616

Download Submit
C:\Windows\System\SPduStP.exe

Filesize
6.0MB

MD5
32f2bb96793d9f3e4a497ef901d21708

SHA1
9847b274d6f4cb4c8ee226ffcf9928305ca7bc67

SHA256
b76f2b866ec71847d11892ebbacd5cee477660a0a2244abfe36b6f7e9214cea5

SHA512
1d99816d008ac5af4b24a4a6cba19051accd6f31b45a821f4d9988b40cf564b3b1e62ff0015e746e1a439f87e2dd0713ddfa9769df34056e8208894516d3a87c

Download Submit
C:\Windows\System\ToSXdvO.exe

Filesize
6.0MB

MD5
a897d3ca22957e107b7189a59a06f791

SHA1
017b8c91e6a7e4a3c269d6b5bda6097a8cdb3559

SHA256
1d29d2c838a406fb84f79c885299a43a76e3d79708e5052ad7d930ebf41eda67

SHA512
d12aca49ec95a49f0e94962f04e6e4d903749f96487c3bbd22ee285e9058af82be9f85caed87654f97f083b5a476a42c05f540cbb98e4566e38ff4125495b498

Download Submit
C:\Windows\System\TvniZfc.exe

Filesize
6.0MB

MD5
f8536731ece42f0e3147a04ed2147302

SHA1
1cecc11fa44f644fcbbb896c6be2786e1f2343e0

SHA256
2caaa37f39cca3f438722e8026a2843602a0c178eb7aaffd0bd26d39f4b7ed8e

SHA512
d090ec0d57c3f015c96c73e27719af29652932d5761a4d0fbae1045aaacd364a879c1be538fdbda1525de546d0466402342b67e9c8b175b548022d3448cc66b1

Download Submit
C:\Windows\System\VNvcWrn.exe

Filesize
6.0MB

MD5
b6ee549c162f05cbd6c282ff866990ab

SHA1
ccf687d0c3c5bc8c11a2920009ba89a1fcc7a291

SHA256
f6b1e0788452c823d7f3fd896259b0fee30694faecae15e4113fef640fe3545d

SHA512
fdc45f42490e80b111fac76fe8ada1b22945099498a809f3d74224ff85ab1ab7c70aae225fcafdbc13976ca884103347e38c68b1b816ef68aa8bee6d2a17c32d

Download Submit
C:\Windows\System\VeCDXnl.exe

Filesize
6.0MB

MD5
b1d8932b9f9ce73913b92aea3dbbacf4

SHA1
0e0391d7f7c0838a84311185a626ca1c46e209be

SHA256
aadde79c4ee4111009b6406180f848eb03f6990d14f5b6ba2c9fa6253ef6e80e

SHA512
79c322be4b29f742d9655441c5fd1e691c219e63d9b91f2b8ae9e490753fa2dcbf9f97677acd984edce756460fe4fe859b9040a98852c3f0f7734ef5b206aa35

Download Submit
C:\Windows\System\YfBPAnO.exe

Filesize
6.0MB

MD5
5b9a6d27ce787ae9e6420e2782d506c2

SHA1
ae20bf7cd4bea65c23dd2afcab7278603854a88f

SHA256
f2ab74eb3cc7644aaddbd32dffca23cae5eb5295bc1666f64f7105eec558ea0d

SHA512
0d88f6b4aca951365d25c8bed76b6779b94bf2192372a9e3d7260c81054a6ee772e81d1de23cc7f4146622d363e7d539f1d2b4ff8fc7e6ab55a6c6438206c8f0

Download Submit
C:\Windows\System\abDKhTT.exe

Filesize
6.0MB

MD5
bf8347190894bf36571c5e86be3c599a

SHA1
d2f34a081d765e9913f8640739f330be98ae025f

SHA256
4f09a21e07369635031e800dfd26c43117b5ecfa79c029317b3b331d46c8c3c7

SHA512
f5be007e99dd0931927f78931a9203e1574dd4361f7f1f58493fae6f38a194bdc052b2a6fd33cbe5b6ec6ffe7655d0fe446aef4fe64884f63683a0046385cea6

Download Submit
C:\Windows\System\accbFuh.exe

Filesize
6.0MB

MD5
a8058f6807208f19931d808162402cf2

SHA1
9ced0d6bfcd7c52754a4a387c875765de15ad04b

SHA256
6d57b5413475b8b85a5f69ddaac20ca6c078f29a13f68bc44062923f5a7e63cb

SHA512
16c9d397c0b667536c384c7d895ee530f2c1e7683bd9f0ddf2c97488a8ae9ee25edfff2610a7aad11c474f7d91224b6cc5357fb409bd3c0695371755515f62c5

Download Submit
C:\Windows\System\dUyUPTR.exe

Filesize
6.0MB

MD5
e84894180659a5c2e3f5ccaa398f7858

SHA1
c4b48805eb34ce3e6fd0a241f0c5c088e6aaec50

SHA256
205c8ee18e7aaf701a4db268a72e723cb1721d0f0a3bd02f4dc73b9d3f31eea4

SHA512
280133e1e1b6662f4077758cd16c2fdd42a164b2a0986bb61b5e75d9b3b40948598bc2e0b5b2b0a570892405252c27b3d8af473121c2276ed0cfe238a338c6ab

Download Submit
C:\Windows\System\dtRWbkt.exe

Filesize
6.0MB

MD5
0a1bb059171c6134fe9f7c270032e04b

SHA1
7d0ba64cfb7caac76f8129cf36127ba7f68296fc

SHA256
89b8f5feebc52e6628ad15c7dcf6918a2e25c14af23b64c585b3bfaced4354af

SHA512
a3daa8face76789a55087fae1377291403d00ffae57d5a8fb88ff367e2df2546d74ef6ba50d55cccf229013ad5e02e8e79f69ceb1c84f3cd1e808c2660538467

Download Submit
C:\Windows\System\fhTjXKt.exe

Filesize
6.0MB

MD5
117bfdd9482fb4126d4a69fcd8d6ce8c

SHA1
a2e9644204dc3ff40a2d68b39d6f8f384a2be98c

SHA256
692a4593a6e9c31fa988737a7e854ac5f77bb1981c9c416ad2772de9ae553ecc

SHA512
01d4d4f5bf727b844d170a3c8c187009a1704b0c6d965c3b6b30af5d9d1c1bdb3ba87a3fce534bc023a4030da4284ec0552c96bcc825453b9a2b68aec33834d6

Download Submit
C:\Windows\System\gIGmDgl.exe

Filesize
6.0MB

MD5
d208899fc6af71d0a6ae8ad00fe36eeb

SHA1
289e519a5a190679310119d1c43a64b59fc5a339

SHA256
88d7e2d3d249539158fed25fdaeff6a6f2b4f36169cd5a8b6bd9bb03b87d0965

SHA512
94e0df60658f9ea5fb991e9e0a8180bd6efd9249d4a0c1636c45833b87288da62a7f4318ef25c96a5133fd04a30bc945e19dd3e7e6530c1f760df05359d6bf50

Download Submit
C:\Windows\System\lNSzAzH.exe

Filesize
6.0MB

MD5
3b4b6e26dce0d768d1e9192feb9bd4d1

SHA1
18781a75d65f3bf087338f44d3275dddae0f90f7

SHA256
2cadbceb967e691201e25971b002cc6631b310cd46f4a451562e8863c0613486

SHA512
236a37b7f32410610a224e658fdddaca23a5693802258f9fca18921e400e94acf6f830ca445e30a9ccc7f133443881c58dfdb0b2a5083f46e455a68567375b28

Download Submit
C:\Windows\System\lSapvyl.exe

Filesize
6.0MB

MD5
704c556194e1b43d5b1b4a722f8641fe

SHA1
1695e831881792c24115669366646d13e792709d

SHA256
612537f9e02feb4c066af48bf5e922110b4b71b52bd59f33da2389086c115d55

SHA512
2d55abe78582a728a1c06ef8d4ef78d6165a9381e5964a36d927483162bf5f34026020e2d33a73d40c8bd0d70521ccda742bae481fe894deec821bbef9085f0b

Download Submit
C:\Windows\System\lcTBgVl.exe

Filesize
6.0MB

MD5
19035abd4921b0d94d81597da8bb0208

SHA1
a0645505b3f95ca0debb67c3ecc702db191dbeaa

SHA256
ca0c6a61627b75ebb1a8413d56f3c97eb0d16d41a9760a79b4b1c308777e1fcb

SHA512
3bab7d66e7766c4c9b40c81971630b34689ed23d81d4925cef2692d3f60ffb675f0c3fe9bd306c2d225cd96b1e3861039c04268e0977dd9fa6c0ebad5539852b

Download Submit
C:\Windows\System\lcdSIoo.exe

Filesize
6.0MB

MD5
b01e5103ee5c32b8b1022db2bb513cbc

SHA1
fd9c0c5abaf56a5cab6e009e98f86e29d43a3a99

SHA256
53ffc00217cbb571550fa2256cc7ba2cd13e23988de79d437eafa5751c7fdc38

SHA512
6bfb1d3b2efa83e5e0007f188fc75baf5ab75e9d9601708fab43a47e600b824e31f6d560f3af1e49173d8371d22ec7823ea96b20a948a1cf017335a59e138281

Download Submit
C:\Windows\System\mKeVUrm.exe

Filesize
6.0MB

MD5
845ab16372fa3ec6e1c35064737d1756

SHA1
b73a2087a2ea326ba035486c9a37246c6dd9ebf0

SHA256
b0f852f1a1b48dab523c1ba64b615bb4a200a210cc91249412a9dca169ba4880

SHA512
2d9e45741fcc54563051c4840e85d0611412bdcfc54d3c05c5307f48ddf2779b110e1c965842f38b79678c5d5008ea46521f74c0048b65d203e9384484c3ff6a

Download Submit
C:\Windows\System\oZISMTi.exe

Filesize
6.0MB

MD5
a790c3fd5df8e7edd2f0ab550e7c6db2

SHA1
34302c9b72ddbe23521031c00147844a6043c0dd

SHA256
b12e195466cca62f05441dfcd676290ce765faac2e56dfad9b880792317d411b

SHA512
f00459efbc9619f55bb8bc17d934f30f07bb75443db5f32fb6250b5e81348f1b17fb3d64c6cbccc0dfe11fb6cd1ab5b47de6d5fac290beefc50c18fd7092f1a6

Download Submit
C:\Windows\System\vAcOXYA.exe

Filesize
6.0MB

MD5
ac2944afeaade4c351128ad21d3a947b

SHA1
21d667932b7aa5c48c7f1d1627d38cabb91efb28

SHA256
94cdab037eb9b9b7a9c78b006cd72afb2eb62e7e37018ddd582049a22669b077

SHA512
93fc895dbfcb0f06c5c6557ddc361d31ea28681ea01a509486754e366723e6a266ed7fe4d0d10d474bb9cb1e84d1670cfa69950e2d793d0315484a19927b8c74

Download Submit
C:\Windows\System\vgGZkpr.exe

Filesize
6.0MB

MD5
df3200bf43c558c5c69d947ed6bdca66

SHA1
c1879d34382d8ac5703ad85aff452e8950d38b8f

SHA256
de7900c3ef1f75c58f1d352f63b73c32a41551d9f9b048f6c4667003fc724703

SHA512
3076095b809026000ebe211ff488241f73bf4ac30f5d7512da3646a9307aa784407db9e72305b265d2cb2b145f42c77729d8bb06dfce08006c490cebe55f5b57

Download Submit
C:\Windows\System\wkROMlX.exe

Filesize
6.0MB

MD5
d6421e6a9b621f052fa101e3665e730e

SHA1
1b50b0db2aa3d9db14b4ab934450f5ddfd0e3765

SHA256
3dc0fafd9625c5538414728c98735f62c7bdf167f5c3cceeeb493941ff1d75df

SHA512
1a42066a77ebaa4073d18d8e65f90b28ad364ef8fa77b59a930e4e5536f4c026803195fa8fa0bce8cc20e817b1e0e121d6ee1ac3837a78d4a699458c1e5a1839

Download Submit
C:\Windows\System\xxpEoBl.exe

Filesize
6.0MB

MD5
3ec59939cf7527032fb435a03549772c

SHA1
8ecb14533c15440675036a8ee2e2195cf0e06914

SHA256
b7bf0f9bb25c7b7a882ece26f383ea899f827f36823c9329d36fe0044b993336

SHA512
0f70b39cb6f0bc5fc7fd926c710030d063e609b28c80991d05030d71afe1887b1ff507385bbcde6b98413ef21929554983741f3f43494cca6eaa4139204ea5a8

Download Submit
memory/932-389-0x00007FF7DDCE0000-0x00007FF7DE034000-memory.dmp

Filesize
3.3MB

Download
memory/932-1727-0x00007FF7DDCE0000-0x00007FF7DE034000-memory.dmp

Filesize
3.3MB

Download
memory/932-145-0x00007FF7DDCE0000-0x00007FF7DE034000-memory.dmp

Filesize
3.3MB

Download
memory/1104-1938-0x00007FF7E3590000-0x00007FF7E38E4000-memory.dmp

Filesize
3.3MB

Download
memory/1104-185-0x00007FF7E3590000-0x00007FF7E38E4000-memory.dmp

Filesize
3.3MB

Download
memory/1152-31-0x00007FF645940000-0x00007FF645C94000-memory.dmp

Filesize
3.3MB

Download
memory/1152-120-0x00007FF645940000-0x00007FF645C94000-memory.dmp

Filesize
3.3MB

Download
memory/1152-1131-0x00007FF645940000-0x00007FF645C94000-memory.dmp

Filesize
3.3MB

Download
memory/1424-14-0x00007FF763E60000-0x00007FF7641B4000-memory.dmp

Filesize
3.3MB

Download
memory/1424-1125-0x00007FF763E60000-0x00007FF7641B4000-memory.dmp

Filesize
3.3MB

Download
memory/1424-110-0x00007FF763E60000-0x00007FF7641B4000-memory.dmp

Filesize
3.3MB

Download
memory/1452-116-0x00007FF65BCE0000-0x00007FF65C034000-memory.dmp

Filesize
3.3MB

Download
memory/1452-1126-0x00007FF65BCE0000-0x00007FF65C034000-memory.dmp

Filesize
3.3MB

Download
memory/1452-25-0x00007FF65BCE0000-0x00007FF65C034000-memory.dmp

Filesize
3.3MB

Download
memory/1564-125-0x00007FF6DB400000-0x00007FF6DB754000-memory.dmp

Filesize
3.3MB

Download
memory/1564-339-0x00007FF6DB400000-0x00007FF6DB754000-memory.dmp

Filesize
3.3MB

Download
memory/1564-1711-0x00007FF6DB400000-0x00007FF6DB754000-memory.dmp

Filesize
3.3MB

Download
memory/1616-1732-0x00007FF6263E0000-0x00007FF626734000-memory.dmp

Filesize
3.3MB

Download
memory/1616-390-0x00007FF6263E0000-0x00007FF626734000-memory.dmp

Filesize
3.3MB

Download
memory/1616-149-0x00007FF6263E0000-0x00007FF626734000-memory.dmp

Filesize
3.3MB

Download
memory/1664-1955-0x00007FF6B71F0000-0x00007FF6B7544000-memory.dmp

Filesize
3.3MB

Download
memory/1664-603-0x00007FF6B71F0000-0x00007FF6B7544000-memory.dmp

Filesize
3.3MB

Download
memory/1664-206-0x00007FF6B71F0000-0x00007FF6B7544000-memory.dmp

Filesize
3.3MB

Download
memory/1904-9-0x00007FF6E29C0000-0x00007FF6E2D14000-memory.dmp

Filesize
3.3MB

Download
memory/1904-109-0x00007FF6E29C0000-0x00007FF6E2D14000-memory.dmp

Filesize
3.3MB

Download
memory/1904-1121-0x00007FF6E29C0000-0x00007FF6E2D14000-memory.dmp

Filesize
3.3MB

Download
memory/1972-155-0x00007FF7AB9A0000-0x00007FF7ABCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1972-1141-0x00007FF7AB9A0000-0x00007FF7ABCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1972-54-0x00007FF7AB9A0000-0x00007FF7ABCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-150-0x00007FF7A3CF0000-0x00007FF7A4044000-memory.dmp

Filesize
3.3MB

Download
memory/2036-34-0x00007FF7A3CF0000-0x00007FF7A4044000-memory.dmp

Filesize
3.3MB

Download
memory/2036-1130-0x00007FF7A3CF0000-0x00007FF7A4044000-memory.dmp

Filesize
3.3MB

Download
memory/2308-1164-0x00007FF693560000-0x00007FF6938B4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-103-0x00007FF693560000-0x00007FF6938B4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-1730-0x00007FF6677D0000-0x00007FF667B24000-memory.dmp

Filesize
3.3MB

Download
memory/2560-156-0x00007FF6677D0000-0x00007FF667B24000-memory.dmp

Filesize
3.3MB

Download
memory/2848-1735-0x00007FF6A1A90000-0x00007FF6A1DE4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-464-0x00007FF6A1A90000-0x00007FF6A1DE4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-159-0x00007FF6A1A90000-0x00007FF6A1DE4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-388-0x00007FF6D1BB0000-0x00007FF6D1F04000-memory.dmp

Filesize
3.3MB

Download
memory/2856-1721-0x00007FF6D1BB0000-0x00007FF6D1F04000-memory.dmp

Filesize
3.3MB

Download
memory/2856-131-0x00007FF6D1BB0000-0x00007FF6D1F04000-memory.dmp

Filesize
3.3MB

Download
memory/2880-55-0x00007FF6B4290000-0x00007FF6B45E4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-169-0x00007FF6B4290000-0x00007FF6B45E4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-1140-0x00007FF6B4290000-0x00007FF6B45E4000-memory.dmp

Filesize
3.3MB

Download
memory/3272-161-0x00007FF722790000-0x00007FF722AE4000-memory.dmp

Filesize
3.3MB

Download
memory/3272-1134-0x00007FF722790000-0x00007FF722AE4000-memory.dmp

Filesize
3.3MB

Download
memory/3272-46-0x00007FF722790000-0x00007FF722AE4000-memory.dmp

Filesize
3.3MB

Download
memory/3640-94-0x00007FF782450000-0x00007FF7827A4000-memory.dmp

Filesize
3.3MB

Download
memory/3640-164-0x00007FF782450000-0x00007FF7827A4000-memory.dmp

Filesize
3.3MB

Download
memory/3640-1170-0x00007FF782450000-0x00007FF7827A4000-memory.dmp

Filesize
3.3MB

Download
memory/3828-1144-0x00007FF6D9A40000-0x00007FF6D9D94000-memory.dmp

Filesize
3.3MB

Download
memory/3828-84-0x00007FF6D9A40000-0x00007FF6D9D94000-memory.dmp

Filesize
3.3MB

Download
memory/4036-100-0x00007FF78EDD0000-0x00007FF78F124000-memory.dmp

Filesize
3.3MB

Download
memory/4036-1-0x0000024191180000-0x0000024191190000-memory.dmp

Filesize
64KB

Download
memory/4036-0-0x00007FF78EDD0000-0x00007FF78F124000-memory.dmp

Filesize
3.3MB

Download
memory/4084-419-0x00007FF76CCF0000-0x00007FF76D044000-memory.dmp

Filesize
3.3MB

Download
memory/4084-1725-0x00007FF76CCF0000-0x00007FF76D044000-memory.dmp

Filesize
3.3MB

Download
memory/4084-137-0x00007FF76CCF0000-0x00007FF76D044000-memory.dmp

Filesize
3.3MB

Download
memory/4388-1940-0x00007FF6B4E70000-0x00007FF6B51C4000-memory.dmp

Filesize
3.3MB

Download
memory/4388-205-0x00007FF6B4E70000-0x00007FF6B51C4000-memory.dmp

Filesize
3.3MB

Download
memory/4404-92-0x00007FF76BED0000-0x00007FF76C224000-memory.dmp

Filesize
3.3MB

Download
memory/4404-1163-0x00007FF76BED0000-0x00007FF76C224000-memory.dmp

Filesize
3.3MB

Download
memory/4436-105-0x00007FF6ABC90000-0x00007FF6ABFE4000-memory.dmp

Filesize
3.3MB

Download
memory/4436-1175-0x00007FF6ABC90000-0x00007FF6ABFE4000-memory.dmp

Filesize
3.3MB

Download
memory/4484-104-0x00007FF6CD0D0000-0x00007FF6CD424000-memory.dmp

Filesize
3.3MB

Download
memory/4484-1162-0x00007FF6CD0D0000-0x00007FF6CD424000-memory.dmp

Filesize
3.3MB

Download
memory/4536-130-0x00007FF714E60000-0x00007FF7151B4000-memory.dmp

Filesize
3.3MB

Download
memory/4536-33-0x00007FF714E60000-0x00007FF7151B4000-memory.dmp

Filesize
3.3MB

Download
memory/4536-1129-0x00007FF714E60000-0x00007FF7151B4000-memory.dmp

Filesize
3.3MB

Download
memory/4584-195-0x00007FF7BF0E0000-0x00007FF7BF434000-memory.dmp

Filesize
3.3MB

Download
memory/4584-1171-0x00007FF7BF0E0000-0x00007FF7BF434000-memory.dmp

Filesize
3.3MB

Download
memory/4584-99-0x00007FF7BF0E0000-0x00007FF7BF434000-memory.dmp

Filesize
3.3MB

Download
memory/4816-1943-0x00007FF632060000-0x00007FF6323B4000-memory.dmp

Filesize
3.3MB

Download
memory/4816-180-0x00007FF632060000-0x00007FF6323B4000-memory.dmp

Filesize
3.3MB

Download
memory/4816-504-0x00007FF632060000-0x00007FF6323B4000-memory.dmp

Filesize
3.3MB

Download
memory/4832-114-0x00007FF706140000-0x00007FF706494000-memory.dmp

Filesize
3.3MB

Download
memory/4832-1704-0x00007FF706140000-0x00007FF706494000-memory.dmp

Filesize
3.3MB

Download
memory/5064-81-0x00007FF792A80000-0x00007FF792DD4000-memory.dmp

Filesize
3.3MB

Download
memory/5064-1138-0x00007FF792A80000-0x00007FF792DD4000-memory.dmp

Filesize
3.3MB

Download