cobaltstrike | 2f909b95f1a22c5f2d8374a07d7fe157e6d8e00c1269a6baafb8e7a6193e27bd

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

87f49d0845db5056f358d6dfb59e721c
SHA1

4a8da77ab0634ccadb897cc648cd43ea79c429be
SHA256

2f909b95f1a22c5f2d8374a07d7fe157e6d8e00c1269a6baafb8e7a6193e27bd
SHA512

641b8a6a38e4b67bff8e3fc7b0a87c97686d578cad307cd258d1b9385403b65981a5f53c5732957f4aa158545c824f665344c41d54fbbce407041e79039ca63a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUE:T+q56utgpPF8u/7E

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\System\nSEGPWO.exe	cobalt_reflective_dll
C:\Windows\System\tGiZosl.exe	cobalt_reflective_dll
C:\Windows\System\HDLHKTd.exe	cobalt_reflective_dll
C:\Windows\System\ZhWhawM.exe	cobalt_reflective_dll
C:\Windows\System\CclKGFi.exe	cobalt_reflective_dll
C:\Windows\System\OpZVAnq.exe	cobalt_reflective_dll
C:\Windows\System\BBqHacM.exe	cobalt_reflective_dll
C:\Windows\System\FgojJos.exe	cobalt_reflective_dll
C:\Windows\System\yCEpBqN.exe	cobalt_reflective_dll
C:\Windows\System\PYXFYIe.exe	cobalt_reflective_dll
C:\Windows\System\gQlivun.exe	cobalt_reflective_dll
C:\Windows\System\piqNYdX.exe	cobalt_reflective_dll
C:\Windows\System\qjmYiyJ.exe	cobalt_reflective_dll
C:\Windows\System\vkIichi.exe	cobalt_reflective_dll
C:\Windows\System\RMyfoai.exe	cobalt_reflective_dll
C:\Windows\System\tVdIVMT.exe	cobalt_reflective_dll
C:\Windows\System\ICCkbDy.exe	cobalt_reflective_dll
C:\Windows\System\aQRnSCo.exe	cobalt_reflective_dll
C:\Windows\System\hLgqMXB.exe	cobalt_reflective_dll
C:\Windows\System\eMLnvAq.exe	cobalt_reflective_dll
C:\Windows\System\mBshDhs.exe	cobalt_reflective_dll
C:\Windows\System\ibdQsBi.exe	cobalt_reflective_dll
C:\Windows\System\wabIrBV.exe	cobalt_reflective_dll
C:\Windows\System\wvyliEZ.exe	cobalt_reflective_dll
C:\Windows\System\bjorogC.exe	cobalt_reflective_dll
C:\Windows\System\UsBwysj.exe	cobalt_reflective_dll
C:\Windows\System\klLpAlH.exe	cobalt_reflective_dll
C:\Windows\System\rUhwsCX.exe	cobalt_reflective_dll
C:\Windows\System\rDQfDQU.exe	cobalt_reflective_dll
C:\Windows\System\krNpaYf.exe	cobalt_reflective_dll
C:\Windows\System\dgaQXOt.exe	cobalt_reflective_dll
C:\Windows\System\rhXeRKj.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/3552-0-0x00007FF6E2FF0000-0x00007FF6E3344000-memory.dmp	xmrig
C:\Windows\System\nSEGPWO.exe	xmrig
behavioral2/memory/3368-7-0x00007FF654B40000-0x00007FF654E94000-memory.dmp	xmrig
C:\Windows\System\tGiZosl.exe	xmrig
behavioral2/memory/3776-14-0x00007FF777360000-0x00007FF7776B4000-memory.dmp	xmrig
C:\Windows\System\HDLHKTd.exe	xmrig
C:\Windows\System\ZhWhawM.exe	xmrig
behavioral2/memory/1576-18-0x00007FF605440000-0x00007FF605794000-memory.dmp	xmrig
behavioral2/memory/1396-24-0x00007FF7D15E0000-0x00007FF7D1934000-memory.dmp	xmrig
C:\Windows\System\CclKGFi.exe	xmrig
C:\Windows\System\OpZVAnq.exe	xmrig
behavioral2/memory/1900-36-0x00007FF7C3CA0000-0x00007FF7C3FF4000-memory.dmp	xmrig
C:\Windows\System\BBqHacM.exe	xmrig
C:\Windows\System\FgojJos.exe	xmrig
behavioral2/memory/1164-54-0x00007FF7C54E0000-0x00007FF7C5834000-memory.dmp	xmrig
behavioral2/memory/3552-60-0x00007FF6E2FF0000-0x00007FF6E3344000-memory.dmp	xmrig
C:\Windows\System\yCEpBqN.exe	xmrig
behavioral2/memory/3368-67-0x00007FF654B40000-0x00007FF654E94000-memory.dmp	xmrig
C:\Windows\System\PYXFYIe.exe	xmrig
C:\Windows\System\gQlivun.exe	xmrig
C:\Windows\System\piqNYdX.exe	xmrig
C:\Windows\System\qjmYiyJ.exe	xmrig
C:\Windows\System\vkIichi.exe	xmrig
behavioral2/memory/1132-151-0x00007FF757290000-0x00007FF7575E4000-memory.dmp	xmrig
behavioral2/memory/3644-164-0x00007FF7BB8E0000-0x00007FF7BBC34000-memory.dmp	xmrig
C:\Windows\System\RMyfoai.exe	xmrig
C:\Windows\System\tVdIVMT.exe	xmrig
behavioral2/memory/2672-1121-0x00007FF729230000-0x00007FF729584000-memory.dmp	xmrig
behavioral2/memory/4900-1152-0x00007FF7F77A0000-0x00007FF7F7AF4000-memory.dmp	xmrig
behavioral2/memory/2872-1209-0x00007FF64FA00000-0x00007FF64FD54000-memory.dmp	xmrig
C:\Windows\System\ICCkbDy.exe	xmrig
C:\Windows\System\aQRnSCo.exe	xmrig
C:\Windows\System\hLgqMXB.exe	xmrig
behavioral2/memory/4616-194-0x00007FF631D00000-0x00007FF632054000-memory.dmp	xmrig
behavioral2/memory/440-193-0x00007FF640FD0000-0x00007FF641324000-memory.dmp	xmrig
C:\Windows\System\eMLnvAq.exe	xmrig
behavioral2/memory/220-189-0x00007FF7BC960000-0x00007FF7BCCB4000-memory.dmp	xmrig
behavioral2/memory/4176-188-0x00007FF7A4DC0000-0x00007FF7A5114000-memory.dmp	xmrig
behavioral2/memory/1812-182-0x00007FF6EA980000-0x00007FF6EACD4000-memory.dmp	xmrig
C:\Windows\System\mBshDhs.exe	xmrig
behavioral2/memory/3144-176-0x00007FF6417A0000-0x00007FF641AF4000-memory.dmp	xmrig
behavioral2/memory/2956-175-0x00007FF6FA9D0000-0x00007FF6FAD24000-memory.dmp	xmrig
C:\Windows\System\ibdQsBi.exe	xmrig
behavioral2/memory/2056-170-0x00007FF743460000-0x00007FF7437B4000-memory.dmp	xmrig
behavioral2/memory/4560-169-0x00007FF7473A0000-0x00007FF7476F4000-memory.dmp	xmrig
C:\Windows\System\wabIrBV.exe	xmrig
behavioral2/memory/1432-163-0x00007FF6957C0000-0x00007FF695B14000-memory.dmp	xmrig
behavioral2/memory/380-160-0x00007FF68A810000-0x00007FF68AB64000-memory.dmp	xmrig
C:\Windows\System\wvyliEZ.exe	xmrig
behavioral2/memory/4088-152-0x00007FF6E1F80000-0x00007FF6E22D4000-memory.dmp	xmrig
C:\Windows\System\bjorogC.exe	xmrig
behavioral2/memory/2872-145-0x00007FF64FA00000-0x00007FF64FD54000-memory.dmp	xmrig
behavioral2/memory/1912-144-0x00007FF792820000-0x00007FF792B74000-memory.dmp	xmrig
C:\Windows\System\UsBwysj.exe	xmrig
behavioral2/memory/4900-139-0x00007FF7F77A0000-0x00007FF7F7AF4000-memory.dmp	xmrig
behavioral2/memory/2272-138-0x00007FF722120000-0x00007FF722474000-memory.dmp	xmrig
C:\Windows\System\klLpAlH.exe	xmrig
behavioral2/memory/2672-133-0x00007FF729230000-0x00007FF729584000-memory.dmp	xmrig
behavioral2/memory/4240-130-0x00007FF76E830000-0x00007FF76EB84000-memory.dmp	xmrig
C:\Windows\System\rUhwsCX.exe	xmrig
behavioral2/memory/220-126-0x00007FF7BC960000-0x00007FF7BCCB4000-memory.dmp	xmrig
behavioral2/memory/1164-125-0x00007FF7C54E0000-0x00007FF7C5834000-memory.dmp	xmrig
behavioral2/memory/4176-120-0x00007FF7A4DC0000-0x00007FF7A5114000-memory.dmp	xmrig
behavioral2/memory/3620-117-0x00007FF7CE1F0000-0x00007FF7CE544000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

nSEGPWO.exetGiZosl.exeHDLHKTd.exeZhWhawM.exeCclKGFi.exeOpZVAnq.exeBBqHacM.exeFgojJos.exerhXeRKj.exeyCEpBqN.exedgaQXOt.exePYXFYIe.exegQlivun.exekrNpaYf.exeqjmYiyJ.exepiqNYdX.exerDQfDQU.exevkIichi.exerUhwsCX.exeklLpAlH.exeUsBwysj.exebjorogC.exewvyliEZ.exewabIrBV.exeibdQsBi.exemBshDhs.exeRMyfoai.exeeMLnvAq.exehLgqMXB.exetVdIVMT.exeaQRnSCo.exeICCkbDy.exeWjqduYB.exeMYtXVRs.exednWPqmc.exeaMmqcrv.exeiMXXMVE.exeLgqYuZb.exekWULWdk.exeGCURJha.execJelfHV.execPuVQFE.exePlpbgFk.exeswTDnip.exempTnOYJ.exeFLwLBwJ.exedbjzjYf.exeoaKLwnR.exehvxbrWH.exefuHgMgZ.exeKlilFTj.exehErcAST.exezopcdNK.exeYNtWLhP.exeETDruik.exeLYUuOWO.exerrMKXEx.exeuIOsCdP.exexMUgsdV.exePtYAHEc.exegAKceTr.exegQfETcP.execDVLwox.exeCWklsua.exe

pid	process
3368	nSEGPWO.exe
3776	tGiZosl.exe
1576	HDLHKTd.exe
1396	ZhWhawM.exe
3524	CclKGFi.exe
1900	OpZVAnq.exe
2040	BBqHacM.exe
3620	FgojJos.exe
1164	rhXeRKj.exe
4240	yCEpBqN.exe
2272	dgaQXOt.exe
1912	PYXFYIe.exe
1132	gQlivun.exe
380	krNpaYf.exe
3644	qjmYiyJ.exe
2056	piqNYdX.exe
2956	rDQfDQU.exe
4176	vkIichi.exe
220	rUhwsCX.exe
2672	klLpAlH.exe
4900	UsBwysj.exe
2872	bjorogC.exe
4088	wvyliEZ.exe
1432	wabIrBV.exe
4560	ibdQsBi.exe
3144	mBshDhs.exe
1812	RMyfoai.exe
440	eMLnvAq.exe
4616	hLgqMXB.exe
4888	tVdIVMT.exe
688	aQRnSCo.exe
4624	ICCkbDy.exe
4020	WjqduYB.exe
1904	MYtXVRs.exe
4892	dnWPqmc.exe
3876	aMmqcrv.exe
1220	iMXXMVE.exe
4952	LgqYuZb.exe
4444	kWULWdk.exe
4448	GCURJha.exe
2488	cJelfHV.exe
4936	cPuVQFE.exe
2008	PlpbgFk.exe
2996	swTDnip.exe
4796	mpTnOYJ.exe
4112	FLwLBwJ.exe
1564	dbjzjYf.exe
3616	oaKLwnR.exe
3180	hvxbrWH.exe
116	fuHgMgZ.exe
2848	KlilFTj.exe
3364	hErcAST.exe
1100	zopcdNK.exe
1296	YNtWLhP.exe
5040	ETDruik.exe
1000	LYUuOWO.exe
4488	rrMKXEx.exe
3572	uIOsCdP.exe
2168	xMUgsdV.exe
3676	PtYAHEc.exe
1704	gAKceTr.exe
3768	gQfETcP.exe
5124	cDVLwox.exe
5152	CWklsua.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3552-0-0x00007FF6E2FF0000-0x00007FF6E3344000-memory.dmp	upx
C:\Windows\System\nSEGPWO.exe	upx
behavioral2/memory/3368-7-0x00007FF654B40000-0x00007FF654E94000-memory.dmp	upx
C:\Windows\System\tGiZosl.exe	upx
behavioral2/memory/3776-14-0x00007FF777360000-0x00007FF7776B4000-memory.dmp	upx
C:\Windows\System\HDLHKTd.exe	upx
C:\Windows\System\ZhWhawM.exe	upx
behavioral2/memory/1576-18-0x00007FF605440000-0x00007FF605794000-memory.dmp	upx
behavioral2/memory/1396-24-0x00007FF7D15E0000-0x00007FF7D1934000-memory.dmp	upx
C:\Windows\System\CclKGFi.exe	upx
C:\Windows\System\OpZVAnq.exe	upx
behavioral2/memory/1900-36-0x00007FF7C3CA0000-0x00007FF7C3FF4000-memory.dmp	upx
C:\Windows\System\BBqHacM.exe	upx
C:\Windows\System\FgojJos.exe	upx
behavioral2/memory/1164-54-0x00007FF7C54E0000-0x00007FF7C5834000-memory.dmp	upx
behavioral2/memory/3552-60-0x00007FF6E2FF0000-0x00007FF6E3344000-memory.dmp	upx
C:\Windows\System\yCEpBqN.exe	upx
behavioral2/memory/3368-67-0x00007FF654B40000-0x00007FF654E94000-memory.dmp	upx
C:\Windows\System\PYXFYIe.exe	upx
C:\Windows\System\gQlivun.exe	upx
C:\Windows\System\piqNYdX.exe	upx
C:\Windows\System\qjmYiyJ.exe	upx
C:\Windows\System\vkIichi.exe	upx
behavioral2/memory/1132-151-0x00007FF757290000-0x00007FF7575E4000-memory.dmp	upx
behavioral2/memory/3644-164-0x00007FF7BB8E0000-0x00007FF7BBC34000-memory.dmp	upx
C:\Windows\System\RMyfoai.exe	upx
C:\Windows\System\tVdIVMT.exe	upx
behavioral2/memory/2672-1121-0x00007FF729230000-0x00007FF729584000-memory.dmp	upx
behavioral2/memory/4900-1152-0x00007FF7F77A0000-0x00007FF7F7AF4000-memory.dmp	upx
behavioral2/memory/2872-1209-0x00007FF64FA00000-0x00007FF64FD54000-memory.dmp	upx
C:\Windows\System\ICCkbDy.exe	upx
C:\Windows\System\aQRnSCo.exe	upx
C:\Windows\System\hLgqMXB.exe	upx
behavioral2/memory/4616-194-0x00007FF631D00000-0x00007FF632054000-memory.dmp	upx
behavioral2/memory/440-193-0x00007FF640FD0000-0x00007FF641324000-memory.dmp	upx
C:\Windows\System\eMLnvAq.exe	upx
behavioral2/memory/220-189-0x00007FF7BC960000-0x00007FF7BCCB4000-memory.dmp	upx
behavioral2/memory/4176-188-0x00007FF7A4DC0000-0x00007FF7A5114000-memory.dmp	upx
behavioral2/memory/1812-182-0x00007FF6EA980000-0x00007FF6EACD4000-memory.dmp	upx
C:\Windows\System\mBshDhs.exe	upx
behavioral2/memory/3144-176-0x00007FF6417A0000-0x00007FF641AF4000-memory.dmp	upx
behavioral2/memory/2956-175-0x00007FF6FA9D0000-0x00007FF6FAD24000-memory.dmp	upx
C:\Windows\System\ibdQsBi.exe	upx
behavioral2/memory/2056-170-0x00007FF743460000-0x00007FF7437B4000-memory.dmp	upx
behavioral2/memory/4560-169-0x00007FF7473A0000-0x00007FF7476F4000-memory.dmp	upx
C:\Windows\System\wabIrBV.exe	upx
behavioral2/memory/1432-163-0x00007FF6957C0000-0x00007FF695B14000-memory.dmp	upx
behavioral2/memory/380-160-0x00007FF68A810000-0x00007FF68AB64000-memory.dmp	upx
C:\Windows\System\wvyliEZ.exe	upx
behavioral2/memory/4088-152-0x00007FF6E1F80000-0x00007FF6E22D4000-memory.dmp	upx
C:\Windows\System\bjorogC.exe	upx
behavioral2/memory/2872-145-0x00007FF64FA00000-0x00007FF64FD54000-memory.dmp	upx
behavioral2/memory/1912-144-0x00007FF792820000-0x00007FF792B74000-memory.dmp	upx
C:\Windows\System\UsBwysj.exe	upx
behavioral2/memory/4900-139-0x00007FF7F77A0000-0x00007FF7F7AF4000-memory.dmp	upx
behavioral2/memory/2272-138-0x00007FF722120000-0x00007FF722474000-memory.dmp	upx
C:\Windows\System\klLpAlH.exe	upx
behavioral2/memory/2672-133-0x00007FF729230000-0x00007FF729584000-memory.dmp	upx
behavioral2/memory/4240-130-0x00007FF76E830000-0x00007FF76EB84000-memory.dmp	upx
C:\Windows\System\rUhwsCX.exe	upx
behavioral2/memory/220-126-0x00007FF7BC960000-0x00007FF7BCCB4000-memory.dmp	upx
behavioral2/memory/1164-125-0x00007FF7C54E0000-0x00007FF7C5834000-memory.dmp	upx
behavioral2/memory/4176-120-0x00007FF7A4DC0000-0x00007FF7A5114000-memory.dmp	upx
behavioral2/memory/3620-117-0x00007FF7CE1F0000-0x00007FF7CE544000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\LYUuOWO.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cUzZkSv.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCARpLs.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HKMYFHX.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ceaqier.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FqafKUt.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HLiWYJl.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iQsdpSV.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pmSPvOT.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bEgQWuG.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhpMpKg.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ownaVQu.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFnNTQq.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kndKYLs.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tpstSJh.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUjIiIw.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfSTgMs.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPblXIP.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ziAgeYa.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mPRVGtE.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKFPFlY.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CxmwSxV.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FaseyqI.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MwWZCeG.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JCFtxPv.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cFpwJjA.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zxaijpf.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUqQmIp.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YbODANk.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EWxnvwR.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wTfrann.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AfMIstF.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nJglhTZ.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KmgWgSA.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLAzUTc.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eDnDfxb.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FRrOBew.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vVARJWn.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QjhkvEi.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cXqZNaV.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CsPdcOp.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kaStUwt.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gROaMbZ.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IAvZHPt.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EVEmZwa.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LipWVGI.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMmqcrv.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wCfdYFq.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MQVrBwq.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AknOGqn.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qyQmFBH.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZlENunb.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qxSIilv.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvfskLj.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NekxUrj.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UEMqRba.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QTCOLIH.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FAstBks.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eajiBGp.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qZeaYWl.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wnhoFwe.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWkrhVS.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oaKLwnR.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbDUYwQ.exe	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 3552 wrote to memory of 3368	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	nSEGPWO.exe
PID 3552 wrote to memory of 3368	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	nSEGPWO.exe
PID 3552 wrote to memory of 3776	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	tGiZosl.exe
PID 3552 wrote to memory of 3776	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	tGiZosl.exe
PID 3552 wrote to memory of 1576	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	HDLHKTd.exe
PID 3552 wrote to memory of 1576	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	HDLHKTd.exe
PID 3552 wrote to memory of 1396	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	ZhWhawM.exe
PID 3552 wrote to memory of 1396	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	ZhWhawM.exe
PID 3552 wrote to memory of 3524	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	CclKGFi.exe
PID 3552 wrote to memory of 3524	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	CclKGFi.exe
PID 3552 wrote to memory of 1900	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	OpZVAnq.exe
PID 3552 wrote to memory of 1900	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	OpZVAnq.exe
PID 3552 wrote to memory of 2040	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	BBqHacM.exe
PID 3552 wrote to memory of 2040	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	BBqHacM.exe
PID 3552 wrote to memory of 3620	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	FgojJos.exe
PID 3552 wrote to memory of 3620	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	FgojJos.exe
PID 3552 wrote to memory of 1164	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	rhXeRKj.exe
PID 3552 wrote to memory of 1164	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	rhXeRKj.exe
PID 3552 wrote to memory of 4240	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	yCEpBqN.exe
PID 3552 wrote to memory of 4240	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	yCEpBqN.exe
PID 3552 wrote to memory of 2272	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	dgaQXOt.exe
PID 3552 wrote to memory of 2272	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	dgaQXOt.exe
PID 3552 wrote to memory of 1912	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	PYXFYIe.exe
PID 3552 wrote to memory of 1912	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	PYXFYIe.exe
PID 3552 wrote to memory of 1132	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	gQlivun.exe
PID 3552 wrote to memory of 1132	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	gQlivun.exe
PID 3552 wrote to memory of 380	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	krNpaYf.exe
PID 3552 wrote to memory of 380	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	krNpaYf.exe
PID 3552 wrote to memory of 3644	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	qjmYiyJ.exe
PID 3552 wrote to memory of 3644	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	qjmYiyJ.exe
PID 3552 wrote to memory of 2056	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	piqNYdX.exe
PID 3552 wrote to memory of 2056	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	piqNYdX.exe
PID 3552 wrote to memory of 2956	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	rDQfDQU.exe
PID 3552 wrote to memory of 2956	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	rDQfDQU.exe
PID 3552 wrote to memory of 4176	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	vkIichi.exe
PID 3552 wrote to memory of 4176	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	vkIichi.exe
PID 3552 wrote to memory of 220	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	rUhwsCX.exe
PID 3552 wrote to memory of 220	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	rUhwsCX.exe
PID 3552 wrote to memory of 2672	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	klLpAlH.exe
PID 3552 wrote to memory of 2672	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	klLpAlH.exe
PID 3552 wrote to memory of 4900	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	UsBwysj.exe
PID 3552 wrote to memory of 4900	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	UsBwysj.exe
PID 3552 wrote to memory of 2872	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	bjorogC.exe
PID 3552 wrote to memory of 2872	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	bjorogC.exe
PID 3552 wrote to memory of 4088	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	wvyliEZ.exe
PID 3552 wrote to memory of 4088	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	wvyliEZ.exe
PID 3552 wrote to memory of 1432	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	wabIrBV.exe
PID 3552 wrote to memory of 1432	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	wabIrBV.exe
PID 3552 wrote to memory of 4560	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	ibdQsBi.exe
PID 3552 wrote to memory of 4560	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	ibdQsBi.exe
PID 3552 wrote to memory of 3144	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	mBshDhs.exe
PID 3552 wrote to memory of 3144	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	mBshDhs.exe
PID 3552 wrote to memory of 1812	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	RMyfoai.exe
PID 3552 wrote to memory of 1812	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	RMyfoai.exe
PID 3552 wrote to memory of 440	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	eMLnvAq.exe
PID 3552 wrote to memory of 440	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	eMLnvAq.exe
PID 3552 wrote to memory of 4616	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	hLgqMXB.exe
PID 3552 wrote to memory of 4616	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	hLgqMXB.exe
PID 3552 wrote to memory of 4888	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	tVdIVMT.exe
PID 3552 wrote to memory of 4888	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	tVdIVMT.exe
PID 3552 wrote to memory of 688	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	aQRnSCo.exe
PID 3552 wrote to memory of 688	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	aQRnSCo.exe
PID 3552 wrote to memory of 4624	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	ICCkbDy.exe
PID 3552 wrote to memory of 4624	3552	2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe	ICCkbDy.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_87f49d0845db5056f358d6dfb59e721c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3552
- C:\Windows\System\nSEGPWO.exe
  C:\Windows\System\nSEGPWO.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\tGiZosl.exe
  C:\Windows\System\tGiZosl.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\HDLHKTd.exe
  C:\Windows\System\HDLHKTd.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\ZhWhawM.exe
  C:\Windows\System\ZhWhawM.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\CclKGFi.exe
  C:\Windows\System\CclKGFi.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\OpZVAnq.exe
  C:\Windows\System\OpZVAnq.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\BBqHacM.exe
  C:\Windows\System\BBqHacM.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\FgojJos.exe
  C:\Windows\System\FgojJos.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\rhXeRKj.exe
  C:\Windows\System\rhXeRKj.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\yCEpBqN.exe
  C:\Windows\System\yCEpBqN.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\dgaQXOt.exe
  C:\Windows\System\dgaQXOt.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\PYXFYIe.exe
  C:\Windows\System\PYXFYIe.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\gQlivun.exe
  C:\Windows\System\gQlivun.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\krNpaYf.exe
  C:\Windows\System\krNpaYf.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\qjmYiyJ.exe
  C:\Windows\System\qjmYiyJ.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\piqNYdX.exe
  C:\Windows\System\piqNYdX.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\rDQfDQU.exe
  C:\Windows\System\rDQfDQU.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\vkIichi.exe
  C:\Windows\System\vkIichi.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\rUhwsCX.exe
  C:\Windows\System\rUhwsCX.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\klLpAlH.exe
  C:\Windows\System\klLpAlH.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\UsBwysj.exe
  C:\Windows\System\UsBwysj.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\bjorogC.exe
  C:\Windows\System\bjorogC.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\wvyliEZ.exe
  C:\Windows\System\wvyliEZ.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\wabIrBV.exe
  C:\Windows\System\wabIrBV.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\ibdQsBi.exe
  C:\Windows\System\ibdQsBi.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\mBshDhs.exe
  C:\Windows\System\mBshDhs.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\RMyfoai.exe
  C:\Windows\System\RMyfoai.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\eMLnvAq.exe
  C:\Windows\System\eMLnvAq.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\hLgqMXB.exe
  C:\Windows\System\hLgqMXB.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\tVdIVMT.exe
  C:\Windows\System\tVdIVMT.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\aQRnSCo.exe
  C:\Windows\System\aQRnSCo.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\ICCkbDy.exe
  C:\Windows\System\ICCkbDy.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\WjqduYB.exe
  C:\Windows\System\WjqduYB.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\MYtXVRs.exe
  C:\Windows\System\MYtXVRs.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\dnWPqmc.exe
  C:\Windows\System\dnWPqmc.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\aMmqcrv.exe
  C:\Windows\System\aMmqcrv.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\iMXXMVE.exe
  C:\Windows\System\iMXXMVE.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\LgqYuZb.exe
  C:\Windows\System\LgqYuZb.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\kWULWdk.exe
  C:\Windows\System\kWULWdk.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\GCURJha.exe
  C:\Windows\System\GCURJha.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\cJelfHV.exe
  C:\Windows\System\cJelfHV.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\cPuVQFE.exe
  C:\Windows\System\cPuVQFE.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\PlpbgFk.exe
  C:\Windows\System\PlpbgFk.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\swTDnip.exe
  C:\Windows\System\swTDnip.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\mpTnOYJ.exe
  C:\Windows\System\mpTnOYJ.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\FLwLBwJ.exe
  C:\Windows\System\FLwLBwJ.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\dbjzjYf.exe
  C:\Windows\System\dbjzjYf.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\oaKLwnR.exe
  C:\Windows\System\oaKLwnR.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\hvxbrWH.exe
  C:\Windows\System\hvxbrWH.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\fuHgMgZ.exe
  C:\Windows\System\fuHgMgZ.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\KlilFTj.exe
  C:\Windows\System\KlilFTj.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\hErcAST.exe
  C:\Windows\System\hErcAST.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\zopcdNK.exe
  C:\Windows\System\zopcdNK.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\YNtWLhP.exe
  C:\Windows\System\YNtWLhP.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\ETDruik.exe
  C:\Windows\System\ETDruik.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\LYUuOWO.exe
  C:\Windows\System\LYUuOWO.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\rrMKXEx.exe
  C:\Windows\System\rrMKXEx.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\uIOsCdP.exe
  C:\Windows\System\uIOsCdP.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\xMUgsdV.exe
  C:\Windows\System\xMUgsdV.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\PtYAHEc.exe
  C:\Windows\System\PtYAHEc.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\gAKceTr.exe
  C:\Windows\System\gAKceTr.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\gQfETcP.exe
  C:\Windows\System\gQfETcP.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\cDVLwox.exe
  C:\Windows\System\cDVLwox.exe
  2⤵
  - Executes dropped EXE
  PID:5124
- C:\Windows\System\CWklsua.exe
  C:\Windows\System\CWklsua.exe
  2⤵
  - Executes dropped EXE
  PID:5152
- C:\Windows\System\kjsWgLY.exe
  C:\Windows\System\kjsWgLY.exe
  2⤵
  PID:5192
- C:\Windows\System\vPESefx.exe
  C:\Windows\System\vPESefx.exe
  2⤵
  PID:5208
- C:\Windows\System\OwexHAB.exe
  C:\Windows\System\OwexHAB.exe
  2⤵
  PID:5236
- C:\Windows\System\aRyxuMf.exe
  C:\Windows\System\aRyxuMf.exe
  2⤵
  PID:5276
- C:\Windows\System\VtuDSDT.exe
  C:\Windows\System\VtuDSDT.exe
  2⤵
  PID:5304
- C:\Windows\System\sxLxcvJ.exe
  C:\Windows\System\sxLxcvJ.exe
  2⤵
  PID:5332
- C:\Windows\System\wMhmZOo.exe
  C:\Windows\System\wMhmZOo.exe
  2⤵
  PID:5348
- C:\Windows\System\BncSunP.exe
  C:\Windows\System\BncSunP.exe
  2⤵
  PID:5376
- C:\Windows\System\FDiQyCh.exe
  C:\Windows\System\FDiQyCh.exe
  2⤵
  PID:5408
- C:\Windows\System\HOSzcFp.exe
  C:\Windows\System\HOSzcFp.exe
  2⤵
  PID:5448
- C:\Windows\System\QfbqXWK.exe
  C:\Windows\System\QfbqXWK.exe
  2⤵
  PID:5464
- C:\Windows\System\vQLvAAj.exe
  C:\Windows\System\vQLvAAj.exe
  2⤵
  PID:5492
- C:\Windows\System\LbWCpig.exe
  C:\Windows\System\LbWCpig.exe
  2⤵
  PID:5532
- C:\Windows\System\arlysFt.exe
  C:\Windows\System\arlysFt.exe
  2⤵
  PID:5548
- C:\Windows\System\MszyRFH.exe
  C:\Windows\System\MszyRFH.exe
  2⤵
  PID:5576
- C:\Windows\System\AVdrlNF.exe
  C:\Windows\System\AVdrlNF.exe
  2⤵
  PID:5604
- C:\Windows\System\wXNfQjw.exe
  C:\Windows\System\wXNfQjw.exe
  2⤵
  PID:5644
- C:\Windows\System\GDcSPRU.exe
  C:\Windows\System\GDcSPRU.exe
  2⤵
  PID:5660
- C:\Windows\System\gphGIuH.exe
  C:\Windows\System\gphGIuH.exe
  2⤵
  PID:5688
- C:\Windows\System\ziCoWyW.exe
  C:\Windows\System\ziCoWyW.exe
  2⤵
  PID:5716
- C:\Windows\System\rLDnyWt.exe
  C:\Windows\System\rLDnyWt.exe
  2⤵
  PID:5744
- C:\Windows\System\KTgLRxP.exe
  C:\Windows\System\KTgLRxP.exe
  2⤵
  PID:5760
- C:\Windows\System\YiIZKCF.exe
  C:\Windows\System\YiIZKCF.exe
  2⤵
  PID:5800
- C:\Windows\System\FXZpRnO.exe
  C:\Windows\System\FXZpRnO.exe
  2⤵
  PID:5828
- C:\Windows\System\pSyvFkI.exe
  C:\Windows\System\pSyvFkI.exe
  2⤵
  PID:5860
- C:\Windows\System\dEoXsCP.exe
  C:\Windows\System\dEoXsCP.exe
  2⤵
  PID:5884
- C:\Windows\System\mylMOcK.exe
  C:\Windows\System\mylMOcK.exe
  2⤵
  PID:5900
- C:\Windows\System\fhmeYrJ.exe
  C:\Windows\System\fhmeYrJ.exe
  2⤵
  PID:5940
- C:\Windows\System\FUzNDIN.exe
  C:\Windows\System\FUzNDIN.exe
  2⤵
  PID:5968
- C:\Windows\System\hBMyBcE.exe
  C:\Windows\System\hBMyBcE.exe
  2⤵
  PID:5996
- C:\Windows\System\FxTKOvw.exe
  C:\Windows\System\FxTKOvw.exe
  2⤵
  PID:6024
- C:\Windows\System\raSqxvO.exe
  C:\Windows\System\raSqxvO.exe
  2⤵
  PID:6052
- C:\Windows\System\yNnfmPR.exe
  C:\Windows\System\yNnfmPR.exe
  2⤵
  PID:6080
- C:\Windows\System\KjEfvYP.exe
  C:\Windows\System\KjEfvYP.exe
  2⤵
  PID:6096
- C:\Windows\System\uOfMQKr.exe
  C:\Windows\System\uOfMQKr.exe
  2⤵
  PID:6136
- C:\Windows\System\ZMmobWM.exe
  C:\Windows\System\ZMmobWM.exe
  2⤵
  PID:460
- C:\Windows\System\ziAgeYa.exe
  C:\Windows\System\ziAgeYa.exe
  2⤵
  PID:5116
- C:\Windows\System\ExVWSWI.exe
  C:\Windows\System\ExVWSWI.exe
  2⤵
  PID:2508
- C:\Windows\System\vDuaWbU.exe
  C:\Windows\System\vDuaWbU.exe
  2⤵
  PID:3732
- C:\Windows\System\OnaPJCD.exe
  C:\Windows\System\OnaPJCD.exe
  2⤵
  PID:1252
- C:\Windows\System\aSMnlnn.exe
  C:\Windows\System\aSMnlnn.exe
  2⤵
  PID:5136
- C:\Windows\System\fjsLhZk.exe
  C:\Windows\System\fjsLhZk.exe
  2⤵
  PID:5200
- C:\Windows\System\YdJyquW.exe
  C:\Windows\System\YdJyquW.exe
  2⤵
  PID:5264
- C:\Windows\System\szbgIpA.exe
  C:\Windows\System\szbgIpA.exe
  2⤵
  PID:5324
- C:\Windows\System\AmyqcjB.exe
  C:\Windows\System\AmyqcjB.exe
  2⤵
  PID:5364
- C:\Windows\System\QCoowFr.exe
  C:\Windows\System\QCoowFr.exe
  2⤵
  PID:5476
- C:\Windows\System\FGhPFhz.exe
  C:\Windows\System\FGhPFhz.exe
  2⤵
  PID:5524
- C:\Windows\System\MmeZPQw.exe
  C:\Windows\System\MmeZPQw.exe
  2⤵
  PID:5596
- C:\Windows\System\wcsJQXl.exe
  C:\Windows\System\wcsJQXl.exe
  2⤵
  PID:5656
- C:\Windows\System\dvAGHnv.exe
  C:\Windows\System\dvAGHnv.exe
  2⤵
  PID:5728
- C:\Windows\System\XkLCaue.exe
  C:\Windows\System\XkLCaue.exe
  2⤵
  PID:5788
- C:\Windows\System\flDcqFo.exe
  C:\Windows\System\flDcqFo.exe
  2⤵
  PID:5856
- C:\Windows\System\vDLfjze.exe
  C:\Windows\System\vDLfjze.exe
  2⤵
  PID:5892
- C:\Windows\System\RdWQsAa.exe
  C:\Windows\System\RdWQsAa.exe
  2⤵
  PID:5988
- C:\Windows\System\phDmrvT.exe
  C:\Windows\System\phDmrvT.exe
  2⤵
  PID:6044
- C:\Windows\System\DbvKcwi.exe
  C:\Windows\System\DbvKcwi.exe
  2⤵
  PID:6120
- C:\Windows\System\SZpJWMq.exe
  C:\Windows\System\SZpJWMq.exe
  2⤵
  PID:4772
- C:\Windows\System\Gvvamqv.exe
  C:\Windows\System\Gvvamqv.exe
  2⤵
  PID:716
- C:\Windows\System\XWICVQu.exe
  C:\Windows\System\XWICVQu.exe
  2⤵
  PID:5180
- C:\Windows\System\Mxqnanz.exe
  C:\Windows\System\Mxqnanz.exe
  2⤵
  PID:5300
- C:\Windows\System\fbPFhnm.exe
  C:\Windows\System\fbPFhnm.exe
  2⤵
  PID:5440
- C:\Windows\System\QwlOMVU.exe
  C:\Windows\System\QwlOMVU.exe
  2⤵
  PID:5616
- C:\Windows\System\dewLXvz.exe
  C:\Windows\System\dewLXvz.exe
  2⤵
  PID:5772
- C:\Windows\System\aGYUIqa.exe
  C:\Windows\System\aGYUIqa.exe
  2⤵
  PID:6168
- C:\Windows\System\CmKagMP.exe
  C:\Windows\System\CmKagMP.exe
  2⤵
  PID:6196
- C:\Windows\System\MIWtEYm.exe
  C:\Windows\System\MIWtEYm.exe
  2⤵
  PID:6224
- C:\Windows\System\HVdEVnK.exe
  C:\Windows\System\HVdEVnK.exe
  2⤵
  PID:6252
- C:\Windows\System\wCfdYFq.exe
  C:\Windows\System\wCfdYFq.exe
  2⤵
  PID:6268
- C:\Windows\System\QPXuqLl.exe
  C:\Windows\System\QPXuqLl.exe
  2⤵
  PID:6308
- C:\Windows\System\EDjdnyk.exe
  C:\Windows\System\EDjdnyk.exe
  2⤵
  PID:6348
- C:\Windows\System\kIGMxck.exe
  C:\Windows\System\kIGMxck.exe
  2⤵
  PID:6364
- C:\Windows\System\ojADbXf.exe
  C:\Windows\System\ojADbXf.exe
  2⤵
  PID:6388
- C:\Windows\System\cUzZkSv.exe
  C:\Windows\System\cUzZkSv.exe
  2⤵
  PID:6416
- C:\Windows\System\vOPKQGe.exe
  C:\Windows\System\vOPKQGe.exe
  2⤵
  PID:6444
- C:\Windows\System\GejygJJ.exe
  C:\Windows\System\GejygJJ.exe
  2⤵
  PID:6476
- C:\Windows\System\ofWkrHy.exe
  C:\Windows\System\ofWkrHy.exe
  2⤵
  PID:6504
- C:\Windows\System\JGLojQT.exe
  C:\Windows\System\JGLojQT.exe
  2⤵
  PID:6520
- C:\Windows\System\pFwKRCX.exe
  C:\Windows\System\pFwKRCX.exe
  2⤵
  PID:6560
- C:\Windows\System\zdZALAh.exe
  C:\Windows\System\zdZALAh.exe
  2⤵
  PID:6592
- C:\Windows\System\ZlgBnTd.exe
  C:\Windows\System\ZlgBnTd.exe
  2⤵
  PID:6616
- C:\Windows\System\mSoPdPJ.exe
  C:\Windows\System\mSoPdPJ.exe
  2⤵
  PID:6656
- C:\Windows\System\zqgqmfg.exe
  C:\Windows\System\zqgqmfg.exe
  2⤵
  PID:6680
- C:\Windows\System\sCARpLs.exe
  C:\Windows\System\sCARpLs.exe
  2⤵
  PID:6712
- C:\Windows\System\PNXxHDU.exe
  C:\Windows\System\PNXxHDU.exe
  2⤵
  PID:6728
- C:\Windows\System\BCVWydd.exe
  C:\Windows\System\BCVWydd.exe
  2⤵
  PID:6752
- C:\Windows\System\VwleknQ.exe
  C:\Windows\System\VwleknQ.exe
  2⤵
  PID:6784
- C:\Windows\System\irvjEHP.exe
  C:\Windows\System\irvjEHP.exe
  2⤵
  PID:6812
- C:\Windows\System\dwrjrwc.exe
  C:\Windows\System\dwrjrwc.exe
  2⤵
  PID:6848
- C:\Windows\System\RDCZGLt.exe
  C:\Windows\System\RDCZGLt.exe
  2⤵
  PID:6868
- C:\Windows\System\mPRVGtE.exe
  C:\Windows\System\mPRVGtE.exe
  2⤵
  PID:6896
- C:\Windows\System\NFRPNJU.exe
  C:\Windows\System\NFRPNJU.exe
  2⤵
  PID:6924
- C:\Windows\System\FcnLppX.exe
  C:\Windows\System\FcnLppX.exe
  2⤵
  PID:6952
- C:\Windows\System\zVuVOzS.exe
  C:\Windows\System\zVuVOzS.exe
  2⤵
  PID:6976
- C:\Windows\System\RENTzxN.exe
  C:\Windows\System\RENTzxN.exe
  2⤵
  PID:7008
- C:\Windows\System\MdWrYYz.exe
  C:\Windows\System\MdWrYYz.exe
  2⤵
  PID:7036
- C:\Windows\System\QTCOLIH.exe
  C:\Windows\System\QTCOLIH.exe
  2⤵
  PID:7064
- C:\Windows\System\iRtoJzR.exe
  C:\Windows\System\iRtoJzR.exe
  2⤵
  PID:7092
- C:\Windows\System\uOMoBoD.exe
  C:\Windows\System\uOMoBoD.exe
  2⤵
  PID:7120
- C:\Windows\System\nlkxWML.exe
  C:\Windows\System\nlkxWML.exe
  2⤵
  PID:7148
- C:\Windows\System\eyctZpQ.exe
  C:\Windows\System\eyctZpQ.exe
  2⤵
  PID:5840
- C:\Windows\System\TQVndhd.exe
  C:\Windows\System\TQVndhd.exe
  2⤵
  PID:6012
- C:\Windows\System\iberUAp.exe
  C:\Windows\System\iberUAp.exe
  2⤵
  PID:3536
- C:\Windows\System\YbODANk.exe
  C:\Windows\System\YbODANk.exe
  2⤵
  PID:1256
- C:\Windows\System\wFEKbyK.exe
  C:\Windows\System\wFEKbyK.exe
  2⤵
  PID:5360
- C:\Windows\System\tpoPFnR.exe
  C:\Windows\System\tpoPFnR.exe
  2⤵
  PID:5700
- C:\Windows\System\wnhTLbD.exe
  C:\Windows\System\wnhTLbD.exe
  2⤵
  PID:6188
- C:\Windows\System\vohKxuB.exe
  C:\Windows\System\vohKxuB.exe
  2⤵
  PID:6260
- C:\Windows\System\FAstBks.exe
  C:\Windows\System\FAstBks.exe
  2⤵
  PID:6356
- C:\Windows\System\aHJGSxT.exe
  C:\Windows\System\aHJGSxT.exe
  2⤵
  PID:6412
- C:\Windows\System\XstQyqZ.exe
  C:\Windows\System\XstQyqZ.exe
  2⤵
  PID:6488
- C:\Windows\System\SPcSqaC.exe
  C:\Windows\System\SPcSqaC.exe
  2⤵
  PID:6548
- C:\Windows\System\mNQwnXE.exe
  C:\Windows\System\mNQwnXE.exe
  2⤵
  PID:6612
- C:\Windows\System\NwLWLtn.exe
  C:\Windows\System\NwLWLtn.exe
  2⤵
  PID:6676
- C:\Windows\System\asyGHou.exe
  C:\Windows\System\asyGHou.exe
  2⤵
  PID:6740
- C:\Windows\System\SIoXfqq.exe
  C:\Windows\System\SIoXfqq.exe
  2⤵
  PID:6800
- C:\Windows\System\ZtNjKkA.exe
  C:\Windows\System\ZtNjKkA.exe
  2⤵
  PID:6864
- C:\Windows\System\rCYHewK.exe
  C:\Windows\System\rCYHewK.exe
  2⤵
  PID:6936
- C:\Windows\System\fzMdiIV.exe
  C:\Windows\System\fzMdiIV.exe
  2⤵
  PID:7000
- C:\Windows\System\ylJcTUi.exe
  C:\Windows\System\ylJcTUi.exe
  2⤵
  PID:7084
- C:\Windows\System\WqbDGMQ.exe
  C:\Windows\System\WqbDGMQ.exe
  2⤵
  PID:7132
- C:\Windows\System\uxXasHj.exe
  C:\Windows\System\uxXasHj.exe
  2⤵
  PID:1128
- C:\Windows\System\VyfJpSx.exe
  C:\Windows\System\VyfJpSx.exe
  2⤵
  PID:2572
- C:\Windows\System\gxHmyZB.exe
  C:\Windows\System\gxHmyZB.exe
  2⤵
  PID:6156
- C:\Windows\System\mXpIItm.exe
  C:\Windows\System\mXpIItm.exe
  2⤵
  PID:6320
- C:\Windows\System\dTkIstm.exe
  C:\Windows\System\dTkIstm.exe
  2⤵
  PID:6460
- C:\Windows\System\gqdaYFl.exe
  C:\Windows\System\gqdaYFl.exe
  2⤵
  PID:6600
- C:\Windows\System\WuRiZOd.exe
  C:\Windows\System\WuRiZOd.exe
  2⤵
  PID:6768
- C:\Windows\System\wvgsstg.exe
  C:\Windows\System\wvgsstg.exe
  2⤵
  PID:7184
- C:\Windows\System\VHBdeux.exe
  C:\Windows\System\VHBdeux.exe
  2⤵
  PID:7212
- C:\Windows\System\DljQyHC.exe
  C:\Windows\System\DljQyHC.exe
  2⤵
  PID:7244
- C:\Windows\System\negkftF.exe
  C:\Windows\System\negkftF.exe
  2⤵
  PID:7292
- C:\Windows\System\LFWotGw.exe
  C:\Windows\System\LFWotGw.exe
  2⤵
  PID:7320
- C:\Windows\System\shjVfZF.exe
  C:\Windows\System\shjVfZF.exe
  2⤵
  PID:7336
- C:\Windows\System\bXJggmL.exe
  C:\Windows\System\bXJggmL.exe
  2⤵
  PID:7364
- C:\Windows\System\lbdNpCk.exe
  C:\Windows\System\lbdNpCk.exe
  2⤵
  PID:7392
- C:\Windows\System\pKrkZGt.exe
  C:\Windows\System\pKrkZGt.exe
  2⤵
  PID:7420
- C:\Windows\System\LjSGCKN.exe
  C:\Windows\System\LjSGCKN.exe
  2⤵
  PID:7444
- C:\Windows\System\NykDwZW.exe
  C:\Windows\System\NykDwZW.exe
  2⤵
  PID:7472
- C:\Windows\System\eajiBGp.exe
  C:\Windows\System\eajiBGp.exe
  2⤵
  PID:7504
- C:\Windows\System\NPdYZWG.exe
  C:\Windows\System\NPdYZWG.exe
  2⤵
  PID:7532
- C:\Windows\System\iJkeRpk.exe
  C:\Windows\System\iJkeRpk.exe
  2⤵
  PID:7548
- C:\Windows\System\laMlkgR.exe
  C:\Windows\System\laMlkgR.exe
  2⤵
  PID:7588
- C:\Windows\System\SbRUrrm.exe
  C:\Windows\System\SbRUrrm.exe
  2⤵
  PID:7616
- C:\Windows\System\ZMnxlTi.exe
  C:\Windows\System\ZMnxlTi.exe
  2⤵
  PID:7632
- C:\Windows\System\RCJBUiE.exe
  C:\Windows\System\RCJBUiE.exe
  2⤵
  PID:7660
- C:\Windows\System\bKjgeXG.exe
  C:\Windows\System\bKjgeXG.exe
  2⤵
  PID:7704
- C:\Windows\System\iELRPzs.exe
  C:\Windows\System\iELRPzs.exe
  2⤵
  PID:7732
- C:\Windows\System\gCxuPcS.exe
  C:\Windows\System\gCxuPcS.exe
  2⤵
  PID:7760
- C:\Windows\System\dVOivbW.exe
  C:\Windows\System\dVOivbW.exe
  2⤵
  PID:7800
- C:\Windows\System\loYVWgt.exe
  C:\Windows\System\loYVWgt.exe
  2⤵
  PID:7816
- C:\Windows\System\jKEZlwu.exe
  C:\Windows\System\jKEZlwu.exe
  2⤵
  PID:7844
- C:\Windows\System\nVAvqvt.exe
  C:\Windows\System\nVAvqvt.exe
  2⤵
  PID:7872
- C:\Windows\System\KmHmBCJ.exe
  C:\Windows\System\KmHmBCJ.exe
  2⤵
  PID:7900
- C:\Windows\System\aOpRcaf.exe
  C:\Windows\System\aOpRcaf.exe
  2⤵
  PID:7928
- C:\Windows\System\nLAzUTc.exe
  C:\Windows\System\nLAzUTc.exe
  2⤵
  PID:7944
- C:\Windows\System\PxNkobu.exe
  C:\Windows\System\PxNkobu.exe
  2⤵
  PID:7984
- C:\Windows\System\QTBSJsB.exe
  C:\Windows\System\QTBSJsB.exe
  2⤵
  PID:8012
- C:\Windows\System\aRbHAlx.exe
  C:\Windows\System\aRbHAlx.exe
  2⤵
  PID:8040
- C:\Windows\System\XSsvNBT.exe
  C:\Windows\System\XSsvNBT.exe
  2⤵
  PID:8072
- C:\Windows\System\HLpLtgC.exe
  C:\Windows\System\HLpLtgC.exe
  2⤵
  PID:8096
- C:\Windows\System\zDhUXal.exe
  C:\Windows\System\zDhUXal.exe
  2⤵
  PID:8124
- C:\Windows\System\YafCIiB.exe
  C:\Windows\System\YafCIiB.exe
  2⤵
  PID:8152
- C:\Windows\System\aEZwQdo.exe
  C:\Windows\System\aEZwQdo.exe
  2⤵
  PID:8180
- C:\Windows\System\bPwaBZk.exe
  C:\Windows\System\bPwaBZk.exe
  2⤵
  PID:6860
- C:\Windows\System\ZyBLsAq.exe
  C:\Windows\System\ZyBLsAq.exe
  2⤵
  PID:7028
- C:\Windows\System\gckHolW.exe
  C:\Windows\System\gckHolW.exe
  2⤵
  PID:5924
- C:\Windows\System\JVjkkPD.exe
  C:\Windows\System\JVjkkPD.exe
  2⤵
  PID:5684
- C:\Windows\System\JCFtxPv.exe
  C:\Windows\System\JCFtxPv.exe
  2⤵
  PID:6580
- C:\Windows\System\xLdLMQm.exe
  C:\Windows\System\xLdLMQm.exe
  2⤵
  PID:7176
- C:\Windows\System\vneIdwL.exe
  C:\Windows\System\vneIdwL.exe
  2⤵
  PID:7232
- C:\Windows\System\MQVrBwq.exe
  C:\Windows\System\MQVrBwq.exe
  2⤵
  PID:7280
- C:\Windows\System\CYKgHoX.exe
  C:\Windows\System\CYKgHoX.exe
  2⤵
  PID:7360
- C:\Windows\System\NxcQZFr.exe
  C:\Windows\System\NxcQZFr.exe
  2⤵
  PID:7436
- C:\Windows\System\rTQbXnS.exe
  C:\Windows\System\rTQbXnS.exe
  2⤵
  PID:7500
- C:\Windows\System\AbtEWzl.exe
  C:\Windows\System\AbtEWzl.exe
  2⤵
  PID:7540
- C:\Windows\System\MdfMMYi.exe
  C:\Windows\System\MdfMMYi.exe
  2⤵
  PID:7624
- C:\Windows\System\OJxeGTB.exe
  C:\Windows\System\OJxeGTB.exe
  2⤵
  PID:7692
- C:\Windows\System\ZaTKvPm.exe
  C:\Windows\System\ZaTKvPm.exe
  2⤵
  PID:7728
- C:\Windows\System\YbFihVk.exe
  C:\Windows\System\YbFihVk.exe
  2⤵
  PID:7828
- C:\Windows\System\ggYWdfI.exe
  C:\Windows\System\ggYWdfI.exe
  2⤵
  PID:7884
- C:\Windows\System\AdtYpXF.exe
  C:\Windows\System\AdtYpXF.exe
  2⤵
  PID:7972
- C:\Windows\System\RQQtLIX.exe
  C:\Windows\System\RQQtLIX.exe
  2⤵
  PID:8008
- C:\Windows\System\gjNmNSM.exe
  C:\Windows\System\gjNmNSM.exe
  2⤵
  PID:8064
- C:\Windows\System\DyiFRGL.exe
  C:\Windows\System\DyiFRGL.exe
  2⤵
  PID:8144
- C:\Windows\System\vYTXcaP.exe
  C:\Windows\System\vYTXcaP.exe
  2⤵
  PID:6836
- C:\Windows\System\rOChuoN.exe
  C:\Windows\System\rOChuoN.exe
  2⤵
  PID:6992
- C:\Windows\System\HLiWYJl.exe
  C:\Windows\System\HLiWYJl.exe
  2⤵
  PID:6284
- C:\Windows\System\kjSEADE.exe
  C:\Windows\System\kjSEADE.exe
  2⤵
  PID:7204
- C:\Windows\System\FKFPFlY.exe
  C:\Windows\System\FKFPFlY.exe
  2⤵
  PID:7348
- C:\Windows\System\taaWORV.exe
  C:\Windows\System\taaWORV.exe
  2⤵
  PID:7524
- C:\Windows\System\cpzsxaS.exe
  C:\Windows\System\cpzsxaS.exe
  2⤵
  PID:7672
- C:\Windows\System\JQTmlxg.exe
  C:\Windows\System\JQTmlxg.exe
  2⤵
  PID:7808
- C:\Windows\System\cGaqroK.exe
  C:\Windows\System\cGaqroK.exe
  2⤵
  PID:7956
- C:\Windows\System\ZPoFSpT.exe
  C:\Windows\System\ZPoFSpT.exe
  2⤵
  PID:8108
- C:\Windows\System\VrXteIZ.exe
  C:\Windows\System\VrXteIZ.exe
  2⤵
  PID:8172
- C:\Windows\System\OfKugoG.exe
  C:\Windows\System\OfKugoG.exe
  2⤵
  PID:5520
- C:\Windows\System\IfTxApn.exe
  C:\Windows\System\IfTxApn.exe
  2⤵
  PID:7468
- C:\Windows\System\gNshsKd.exe
  C:\Windows\System\gNshsKd.exe
  2⤵
  PID:8196
- C:\Windows\System\OkVtLVH.exe
  C:\Windows\System\OkVtLVH.exe
  2⤵
  PID:8224
- C:\Windows\System\NZSGbus.exe
  C:\Windows\System\NZSGbus.exe
  2⤵
  PID:8248
- C:\Windows\System\bvetWXy.exe
  C:\Windows\System\bvetWXy.exe
  2⤵
  PID:8280
- C:\Windows\System\emtUcjH.exe
  C:\Windows\System\emtUcjH.exe
  2⤵
  PID:8308
- C:\Windows\System\BOzUfhL.exe
  C:\Windows\System\BOzUfhL.exe
  2⤵
  PID:8324
- C:\Windows\System\uiHbhiF.exe
  C:\Windows\System\uiHbhiF.exe
  2⤵
  PID:8352
- C:\Windows\System\hhUidAO.exe
  C:\Windows\System\hhUidAO.exe
  2⤵
  PID:8384
- C:\Windows\System\tcZEaBa.exe
  C:\Windows\System\tcZEaBa.exe
  2⤵
  PID:8408
- C:\Windows\System\eTvoPOb.exe
  C:\Windows\System\eTvoPOb.exe
  2⤵
  PID:8448
- C:\Windows\System\vcZCsxN.exe
  C:\Windows\System\vcZCsxN.exe
  2⤵
  PID:8476
- C:\Windows\System\UFPvFiE.exe
  C:\Windows\System\UFPvFiE.exe
  2⤵
  PID:8504
- C:\Windows\System\CNefihu.exe
  C:\Windows\System\CNefihu.exe
  2⤵
  PID:8532
- C:\Windows\System\TlZHJVp.exe
  C:\Windows\System\TlZHJVp.exe
  2⤵
  PID:8548
- C:\Windows\System\eRRiZJo.exe
  C:\Windows\System\eRRiZJo.exe
  2⤵
  PID:8588
- C:\Windows\System\AojExbi.exe
  C:\Windows\System\AojExbi.exe
  2⤵
  PID:8616
- C:\Windows\System\mthObeF.exe
  C:\Windows\System\mthObeF.exe
  2⤵
  PID:8632
- C:\Windows\System\eobiNys.exe
  C:\Windows\System\eobiNys.exe
  2⤵
  PID:8672
- C:\Windows\System\bbhgVdW.exe
  C:\Windows\System\bbhgVdW.exe
  2⤵
  PID:8700
- C:\Windows\System\DnKWrWV.exe
  C:\Windows\System\DnKWrWV.exe
  2⤵
  PID:8728
- C:\Windows\System\xxcaLhP.exe
  C:\Windows\System\xxcaLhP.exe
  2⤵
  PID:8756
- C:\Windows\System\EGODkXt.exe
  C:\Windows\System\EGODkXt.exe
  2⤵
  PID:8784
- C:\Windows\System\uhpMpKg.exe
  C:\Windows\System\uhpMpKg.exe
  2⤵
  PID:8812
- C:\Windows\System\owDEaLO.exe
  C:\Windows\System\owDEaLO.exe
  2⤵
  PID:8840
- C:\Windows\System\DUYTsOF.exe
  C:\Windows\System\DUYTsOF.exe
  2⤵
  PID:8868
- C:\Windows\System\bOnrZre.exe
  C:\Windows\System\bOnrZre.exe
  2⤵
  PID:8900
- C:\Windows\System\mkwdZlO.exe
  C:\Windows\System\mkwdZlO.exe
  2⤵
  PID:8924
- C:\Windows\System\QvDPTqA.exe
  C:\Windows\System\QvDPTqA.exe
  2⤵
  PID:8940
- C:\Windows\System\yBeVcvd.exe
  C:\Windows\System\yBeVcvd.exe
  2⤵
  PID:8980
- C:\Windows\System\wQFHAHc.exe
  C:\Windows\System\wQFHAHc.exe
  2⤵
  PID:9008
- C:\Windows\System\UiJtQoQ.exe
  C:\Windows\System\UiJtQoQ.exe
  2⤵
  PID:9036
- C:\Windows\System\eVlIbBh.exe
  C:\Windows\System\eVlIbBh.exe
  2⤵
  PID:9052
- C:\Windows\System\vkkzTLm.exe
  C:\Windows\System\vkkzTLm.exe
  2⤵
  PID:9080
- C:\Windows\System\ycmXAyi.exe
  C:\Windows\System\ycmXAyi.exe
  2⤵
  PID:9108
- C:\Windows\System\oomuTTZ.exe
  C:\Windows\System\oomuTTZ.exe
  2⤵
  PID:9136
- C:\Windows\System\JDUCBwr.exe
  C:\Windows\System\JDUCBwr.exe
  2⤵
  PID:9164
- C:\Windows\System\GwSGobR.exe
  C:\Windows\System\GwSGobR.exe
  2⤵
  PID:9204
- C:\Windows\System\RbRlBYd.exe
  C:\Windows\System\RbRlBYd.exe
  2⤵
  PID:4700
- C:\Windows\System\ICrLNHy.exe
  C:\Windows\System\ICrLNHy.exe
  2⤵
  PID:6108
- C:\Windows\System\ouWexyY.exe
  C:\Windows\System\ouWexyY.exe
  2⤵
  PID:1188
- C:\Windows\System\sFohyBL.exe
  C:\Windows\System\sFohyBL.exe
  2⤵
  PID:8236
- C:\Windows\System\iwnZtUw.exe
  C:\Windows\System\iwnZtUw.exe
  2⤵
  PID:8296
- C:\Windows\System\YFtKmDG.exe
  C:\Windows\System\YFtKmDG.exe
  2⤵
  PID:3428
- C:\Windows\System\bFUhjci.exe
  C:\Windows\System\bFUhjci.exe
  2⤵
  PID:8392
- C:\Windows\System\nALUYMk.exe
  C:\Windows\System\nALUYMk.exe
  2⤵
  PID:8440
- C:\Windows\System\UeBWfKg.exe
  C:\Windows\System\UeBWfKg.exe
  2⤵
  PID:8492
- C:\Windows\System\woQnWfX.exe
  C:\Windows\System\woQnWfX.exe
  2⤵
  PID:8528
- C:\Windows\System\lQaaNfV.exe
  C:\Windows\System\lQaaNfV.exe
  2⤵
  PID:8624
- C:\Windows\System\kbpwjXp.exe
  C:\Windows\System\kbpwjXp.exe
  2⤵
  PID:8684
- C:\Windows\System\nYqKajC.exe
  C:\Windows\System\nYqKajC.exe
  2⤵
  PID:8748
- C:\Windows\System\vVNUBLA.exe
  C:\Windows\System\vVNUBLA.exe
  2⤵
  PID:8824
- C:\Windows\System\sIULzyz.exe
  C:\Windows\System\sIULzyz.exe
  2⤵
  PID:3256
- C:\Windows\System\PtCnXIu.exe
  C:\Windows\System\PtCnXIu.exe
  2⤵
  PID:4092
- C:\Windows\System\tKonqeT.exe
  C:\Windows\System\tKonqeT.exe
  2⤵
  PID:1620
- C:\Windows\System\nBhwvea.exe
  C:\Windows\System\nBhwvea.exe
  2⤵
  PID:5024
- C:\Windows\System\cFpwJjA.exe
  C:\Windows\System\cFpwJjA.exe
  2⤵
  PID:3984
- C:\Windows\System\jEJdrqJ.exe
  C:\Windows\System\jEJdrqJ.exe
  2⤵
  PID:9024
- C:\Windows\System\emrlkBe.exe
  C:\Windows\System\emrlkBe.exe
  2⤵
  PID:4704
- C:\Windows\System\BkGVXMx.exe
  C:\Windows\System\BkGVXMx.exe
  2⤵
  PID:9120
- C:\Windows\System\kbRTXFv.exe
  C:\Windows\System\kbRTXFv.exe
  2⤵
  PID:9176
- C:\Windows\System\upNHetR.exe
  C:\Windows\System\upNHetR.exe
  2⤵
  PID:7936
- C:\Windows\System\GBRTSqv.exe
  C:\Windows\System\GBRTSqv.exe
  2⤵
  PID:3020
- C:\Windows\System\abgDWRv.exe
  C:\Windows\System\abgDWRv.exe
  2⤵
  PID:1724
- C:\Windows\System\WmXrmoj.exe
  C:\Windows\System\WmXrmoj.exe
  2⤵
  PID:8292
- C:\Windows\System\RdlSPtn.exe
  C:\Windows\System\RdlSPtn.exe
  2⤵
  PID:8368
- C:\Windows\System\QzrQDDG.exe
  C:\Windows\System\QzrQDDG.exe
  2⤵
  PID:8516
- C:\Windows\System\UNlqqtN.exe
  C:\Windows\System\UNlqqtN.exe
  2⤵
  PID:8660
- C:\Windows\System\HKMYFHX.exe
  C:\Windows\System\HKMYFHX.exe
  2⤵
  PID:8780
- C:\Windows\System\WPdXiDB.exe
  C:\Windows\System\WPdXiDB.exe
  2⤵
  PID:8880
- C:\Windows\System\PdyiGyz.exe
  C:\Windows\System\PdyiGyz.exe
  2⤵
  PID:9000
- C:\Windows\System\kjGlfBX.exe
  C:\Windows\System\kjGlfBX.exe
  2⤵
  PID:3736
- C:\Windows\System\uEIftFe.exe
  C:\Windows\System\uEIftFe.exe
  2⤵
  PID:9152
- C:\Windows\System\yRxyLDq.exe
  C:\Windows\System\yRxyLDq.exe
  2⤵
  PID:1028
- C:\Windows\System\zRGvEWo.exe
  C:\Windows\System\zRGvEWo.exe
  2⤵
  PID:8432
- C:\Windows\System\FITMEOx.exe
  C:\Windows\System\FITMEOx.exe
  2⤵
  PID:1716
- C:\Windows\System\gyvsqiD.exe
  C:\Windows\System\gyvsqiD.exe
  2⤵
  PID:4084
- C:\Windows\System\bRgTbVa.exe
  C:\Windows\System\bRgTbVa.exe
  2⤵
  PID:1860
- C:\Windows\System\jrzdIZf.exe
  C:\Windows\System\jrzdIZf.exe
  2⤵
  PID:4980
- C:\Windows\System\EbCRRTB.exe
  C:\Windows\System\EbCRRTB.exe
  2⤵
  PID:4412
- C:\Windows\System\eDnDfxb.exe
  C:\Windows\System\eDnDfxb.exe
  2⤵
  PID:2368
- C:\Windows\System\zFXHmcR.exe
  C:\Windows\System\zFXHmcR.exe
  2⤵
  PID:1712
- C:\Windows\System\FDDqDji.exe
  C:\Windows\System\FDDqDji.exe
  2⤵
  PID:9048
- C:\Windows\System\zdqVRMq.exe
  C:\Windows\System\zdqVRMq.exe
  2⤵
  PID:2580
- C:\Windows\System\gCaFXJl.exe
  C:\Windows\System\gCaFXJl.exe
  2⤵
  PID:772
- C:\Windows\System\rdnYiud.exe
  C:\Windows\System\rdnYiud.exe
  2⤵
  PID:2036
- C:\Windows\System\nswtBCM.exe
  C:\Windows\System\nswtBCM.exe
  2⤵
  PID:3784
- C:\Windows\System\BWHTmMh.exe
  C:\Windows\System\BWHTmMh.exe
  2⤵
  PID:1624
- C:\Windows\System\WKprftU.exe
  C:\Windows\System\WKprftU.exe
  2⤵
  PID:3672
- C:\Windows\System\FyZVKqg.exe
  C:\Windows\System\FyZVKqg.exe
  2⤵
  PID:4456
- C:\Windows\System\csHWXEs.exe
  C:\Windows\System\csHWXEs.exe
  2⤵
  PID:2136
- C:\Windows\System\TFbAYZM.exe
  C:\Windows\System\TFbAYZM.exe
  2⤵
  PID:4896
- C:\Windows\System\Ceaqier.exe
  C:\Windows\System\Ceaqier.exe
  2⤵
  PID:4308
- C:\Windows\System\ZdIeEyb.exe
  C:\Windows\System\ZdIeEyb.exe
  2⤵
  PID:4368
- C:\Windows\System\MXRIYIs.exe
  C:\Windows\System\MXRIYIs.exe
  2⤵
  PID:1288
- C:\Windows\System\nnAwVvP.exe
  C:\Windows\System\nnAwVvP.exe
  2⤵
  PID:640
- C:\Windows\System\FDpqEpJ.exe
  C:\Windows\System\FDpqEpJ.exe
  2⤵
  PID:3184
- C:\Windows\System\KtadxZm.exe
  C:\Windows\System\KtadxZm.exe
  2⤵
  PID:1088
- C:\Windows\System\MSPuONh.exe
  C:\Windows\System\MSPuONh.exe
  2⤵
  PID:9232
- C:\Windows\System\CxmwSxV.exe
  C:\Windows\System\CxmwSxV.exe
  2⤵
  PID:9260
- C:\Windows\System\SNVZlpk.exe
  C:\Windows\System\SNVZlpk.exe
  2⤵
  PID:9288
- C:\Windows\System\DcOKcvI.exe
  C:\Windows\System\DcOKcvI.exe
  2⤵
  PID:9320
- C:\Windows\System\gPQcayx.exe
  C:\Windows\System\gPQcayx.exe
  2⤵
  PID:9348
- C:\Windows\System\zCRRwfB.exe
  C:\Windows\System\zCRRwfB.exe
  2⤵
  PID:9376
- C:\Windows\System\lgjNNyi.exe
  C:\Windows\System\lgjNNyi.exe
  2⤵
  PID:9404
- C:\Windows\System\hNjGkvs.exe
  C:\Windows\System\hNjGkvs.exe
  2⤵
  PID:9452
- C:\Windows\System\JnDOWme.exe
  C:\Windows\System\JnDOWme.exe
  2⤵
  PID:9496
- C:\Windows\System\GJDAQFv.exe
  C:\Windows\System\GJDAQFv.exe
  2⤵
  PID:9560
- C:\Windows\System\BTJXKyT.exe
  C:\Windows\System\BTJXKyT.exe
  2⤵
  PID:9660
- C:\Windows\System\MlISBzE.exe
  C:\Windows\System\MlISBzE.exe
  2⤵
  PID:9700
- C:\Windows\System\TWIDXtB.exe
  C:\Windows\System\TWIDXtB.exe
  2⤵
  PID:9760
- C:\Windows\System\IqHkqqe.exe
  C:\Windows\System\IqHkqqe.exe
  2⤵
  PID:9784
- C:\Windows\System\AknOGqn.exe
  C:\Windows\System\AknOGqn.exe
  2⤵
  PID:9848
- C:\Windows\System\XkUvmDf.exe
  C:\Windows\System\XkUvmDf.exe
  2⤵
  PID:9876
- C:\Windows\System\mKtuWBX.exe
  C:\Windows\System\mKtuWBX.exe
  2⤵
  PID:9912
- C:\Windows\System\iJbUdZW.exe
  C:\Windows\System\iJbUdZW.exe
  2⤵
  PID:9940
- C:\Windows\System\qyQmFBH.exe
  C:\Windows\System\qyQmFBH.exe
  2⤵
  PID:9980
- C:\Windows\System\dRxdRDV.exe
  C:\Windows\System\dRxdRDV.exe
  2⤵
  PID:10016
- C:\Windows\System\KNaWhuf.exe
  C:\Windows\System\KNaWhuf.exe
  2⤵
  PID:10048
- C:\Windows\System\XiJCddL.exe
  C:\Windows\System\XiJCddL.exe
  2⤵
  PID:10104
- C:\Windows\System\eJMRfQJ.exe
  C:\Windows\System\eJMRfQJ.exe
  2⤵
  PID:10132
- C:\Windows\System\KBZPTzs.exe
  C:\Windows\System\KBZPTzs.exe
  2⤵
  PID:10164
- C:\Windows\System\RNEBiMj.exe
  C:\Windows\System\RNEBiMj.exe
  2⤵
  PID:10192
- C:\Windows\System\PhAsNBr.exe
  C:\Windows\System\PhAsNBr.exe
  2⤵
  PID:10220
- C:\Windows\System\kflzZTg.exe
  C:\Windows\System\kflzZTg.exe
  2⤵
  PID:9244
- C:\Windows\System\BWtCWOJ.exe
  C:\Windows\System\BWtCWOJ.exe
  2⤵
  PID:9284
- C:\Windows\System\CWqKmFr.exe
  C:\Windows\System\CWqKmFr.exe
  2⤵
  PID:9368
- C:\Windows\System\exMzXrU.exe
  C:\Windows\System\exMzXrU.exe
  2⤵
  PID:9448
- C:\Windows\System\bkeBJsk.exe
  C:\Windows\System\bkeBJsk.exe
  2⤵
  PID:9492
- C:\Windows\System\vXXTQVB.exe
  C:\Windows\System\vXXTQVB.exe
  2⤵
  PID:9644
- C:\Windows\System\HkyWHeA.exe
  C:\Windows\System\HkyWHeA.exe
  2⤵
  PID:2360
- C:\Windows\System\FRrOBew.exe
  C:\Windows\System\FRrOBew.exe
  2⤵
  PID:9820
- C:\Windows\System\xvMNeAn.exe
  C:\Windows\System\xvMNeAn.exe
  2⤵
  PID:996
- C:\Windows\System\sfhrLIh.exe
  C:\Windows\System\sfhrLIh.exe
  2⤵
  PID:9956
- C:\Windows\System\jVFuJVE.exe
  C:\Windows\System\jVFuJVE.exe
  2⤵
  PID:10044
- C:\Windows\System\zODvsRq.exe
  C:\Windows\System\zODvsRq.exe
  2⤵
  PID:10140
- C:\Windows\System\LIsxhAo.exe
  C:\Windows\System\LIsxhAo.exe
  2⤵
  PID:10068
- C:\Windows\System\osiiudH.exe
  C:\Windows\System\osiiudH.exe
  2⤵
  PID:10232
- C:\Windows\System\QqLlllE.exe
  C:\Windows\System\QqLlllE.exe
  2⤵
  PID:9364
- C:\Windows\System\MQMjMsU.exe
  C:\Windows\System\MQMjMsU.exe
  2⤵
  PID:9552
- C:\Windows\System\QlZvsaK.exe
  C:\Windows\System\QlZvsaK.exe
  2⤵
  PID:9776
- C:\Windows\System\zVKFBHl.exe
  C:\Windows\System\zVKFBHl.exe
  2⤵
  PID:9308
- C:\Windows\System\tcpVHLz.exe
  C:\Windows\System\tcpVHLz.exe
  2⤵
  PID:4468
- C:\Windows\System\aexrFcm.exe
  C:\Windows\System\aexrFcm.exe
  2⤵
  PID:10176
- C:\Windows\System\mXADyth.exe
  C:\Windows\System\mXADyth.exe
  2⤵
  PID:4804
- C:\Windows\System\ZTrjwek.exe
  C:\Windows\System\ZTrjwek.exe
  2⤵
  PID:9904
- C:\Windows\System\wtFhsFH.exe
  C:\Windows\System\wtFhsFH.exe
  2⤵
  PID:9344
- C:\Windows\System\AauISRH.exe
  C:\Windows\System\AauISRH.exe
  2⤵
  PID:9924
- C:\Windows\System\LkocqVA.exe
  C:\Windows\System\LkocqVA.exe
  2⤵
  PID:10252
- C:\Windows\System\LoaHydF.exe
  C:\Windows\System\LoaHydF.exe
  2⤵
  PID:10280
- C:\Windows\System\RzSYuKt.exe
  C:\Windows\System\RzSYuKt.exe
  2⤵
  PID:10308
- C:\Windows\System\RpWZdju.exe
  C:\Windows\System\RpWZdju.exe
  2⤵
  PID:10336
- C:\Windows\System\PLaPpMI.exe
  C:\Windows\System\PLaPpMI.exe
  2⤵
  PID:10384
- C:\Windows\System\wpVPjzI.exe
  C:\Windows\System\wpVPjzI.exe
  2⤵
  PID:10428
- C:\Windows\System\qwCHEpm.exe
  C:\Windows\System\qwCHEpm.exe
  2⤵
  PID:10464
- C:\Windows\System\KCahdbz.exe
  C:\Windows\System\KCahdbz.exe
  2⤵
  PID:10492
- C:\Windows\System\BSXYDeK.exe
  C:\Windows\System\BSXYDeK.exe
  2⤵
  PID:10520
- C:\Windows\System\ElOftuq.exe
  C:\Windows\System\ElOftuq.exe
  2⤵
  PID:10548
- C:\Windows\System\TfJeUSX.exe
  C:\Windows\System\TfJeUSX.exe
  2⤵
  PID:10576
- C:\Windows\System\VeYedDa.exe
  C:\Windows\System\VeYedDa.exe
  2⤵
  PID:10604
- C:\Windows\System\vVARJWn.exe
  C:\Windows\System\vVARJWn.exe
  2⤵
  PID:10632
- C:\Windows\System\qcBPmDh.exe
  C:\Windows\System\qcBPmDh.exe
  2⤵
  PID:10660
- C:\Windows\System\XWhAqTP.exe
  C:\Windows\System\XWhAqTP.exe
  2⤵
  PID:10688
- C:\Windows\System\CzLMGBD.exe
  C:\Windows\System\CzLMGBD.exe
  2⤵
  PID:10716
- C:\Windows\System\rVIuzNM.exe
  C:\Windows\System\rVIuzNM.exe
  2⤵
  PID:10748
- C:\Windows\System\qZeaYWl.exe
  C:\Windows\System\qZeaYWl.exe
  2⤵
  PID:10776
- C:\Windows\System\xXCwPyn.exe
  C:\Windows\System\xXCwPyn.exe
  2⤵
  PID:10804
- C:\Windows\System\msAijHb.exe
  C:\Windows\System\msAijHb.exe
  2⤵
  PID:10832
- C:\Windows\System\YtpOKYH.exe
  C:\Windows\System\YtpOKYH.exe
  2⤵
  PID:10860
- C:\Windows\System\HnuGNMs.exe
  C:\Windows\System\HnuGNMs.exe
  2⤵
  PID:10888
- C:\Windows\System\lhhttnI.exe
  C:\Windows\System\lhhttnI.exe
  2⤵
  PID:10916
- C:\Windows\System\XVEYKMy.exe
  C:\Windows\System\XVEYKMy.exe
  2⤵
  PID:10944
- C:\Windows\System\UnPBAEn.exe
  C:\Windows\System\UnPBAEn.exe
  2⤵
  PID:10976
- C:\Windows\System\rDruPFy.exe
  C:\Windows\System\rDruPFy.exe
  2⤵
  PID:11004
- C:\Windows\System\Rewqius.exe
  C:\Windows\System\Rewqius.exe
  2⤵
  PID:11032
- C:\Windows\System\JPzDJCV.exe
  C:\Windows\System\JPzDJCV.exe
  2⤵
  PID:11060
- C:\Windows\System\tTXSLru.exe
  C:\Windows\System\tTXSLru.exe
  2⤵
  PID:11088
- C:\Windows\System\YuNUbbA.exe
  C:\Windows\System\YuNUbbA.exe
  2⤵
  PID:11116
- C:\Windows\System\CPaRkfV.exe
  C:\Windows\System\CPaRkfV.exe
  2⤵
  PID:11140
- C:\Windows\System\bdJKWlW.exe
  C:\Windows\System\bdJKWlW.exe
  2⤵
  PID:11176
- C:\Windows\System\JnUENBy.exe
  C:\Windows\System\JnUENBy.exe
  2⤵
  PID:11204
- C:\Windows\System\eQbtrHN.exe
  C:\Windows\System\eQbtrHN.exe
  2⤵
  PID:11236
- C:\Windows\System\pEwhlwo.exe
  C:\Windows\System\pEwhlwo.exe
  2⤵
  PID:10248
- C:\Windows\System\HYDcVEA.exe
  C:\Windows\System\HYDcVEA.exe
  2⤵
  PID:10304
- C:\Windows\System\yhTExGT.exe
  C:\Windows\System\yhTExGT.exe
  2⤵
  PID:10424
- C:\Windows\System\JrDwtHz.exe
  C:\Windows\System\JrDwtHz.exe
  2⤵
  PID:10512
- C:\Windows\System\heTRaMi.exe
  C:\Windows\System\heTRaMi.exe
  2⤵
  PID:10620
- C:\Windows\System\IKDZwYI.exe
  C:\Windows\System\IKDZwYI.exe
  2⤵
  PID:10708
- C:\Windows\System\VIqXqRp.exe
  C:\Windows\System\VIqXqRp.exe
  2⤵
  PID:10768
- C:\Windows\System\jYtKHOb.exe
  C:\Windows\System\jYtKHOb.exe
  2⤵
  PID:10828
- C:\Windows\System\kkovXPg.exe
  C:\Windows\System\kkovXPg.exe
  2⤵
  PID:10908
- C:\Windows\System\cNpjyct.exe
  C:\Windows\System\cNpjyct.exe
  2⤵
  PID:10968
- C:\Windows\System\GvZlYzn.exe
  C:\Windows\System\GvZlYzn.exe
  2⤵
  PID:11000
- C:\Windows\System\RoLyoFK.exe
  C:\Windows\System\RoLyoFK.exe
  2⤵
  PID:11100
- C:\Windows\System\SvjUFte.exe
  C:\Windows\System\SvjUFte.exe
  2⤵
  PID:11192
- C:\Windows\System\VNFApVI.exe
  C:\Windows\System\VNFApVI.exe
  2⤵
  PID:3600
- C:\Windows\System\qqlyWRD.exe
  C:\Windows\System\qqlyWRD.exe
  2⤵
  PID:10276
- C:\Windows\System\NItUesH.exe
  C:\Windows\System\NItUesH.exe
  2⤵
  PID:10456
- C:\Windows\System\CxYLlyf.exe
  C:\Windows\System\CxYLlyf.exe
  2⤵
  PID:10680
- C:\Windows\System\jzlnIhY.exe
  C:\Windows\System\jzlnIhY.exe
  2⤵
  PID:9524
- C:\Windows\System\FQLQKlT.exe
  C:\Windows\System\FQLQKlT.exe
  2⤵
  PID:10900
- C:\Windows\System\ipAyASr.exe
  C:\Windows\System\ipAyASr.exe
  2⤵
  PID:11080
- C:\Windows\System\exhukBU.exe
  C:\Windows\System\exhukBU.exe
  2⤵
  PID:11256
- C:\Windows\System\fMlHBNo.exe
  C:\Windows\System\fMlHBNo.exe
  2⤵
  PID:2784
- C:\Windows\System\FaseyqI.exe
  C:\Windows\System\FaseyqI.exe
  2⤵
  PID:4832
- C:\Windows\System\FFIPMkx.exe
  C:\Windows\System\FFIPMkx.exe
  2⤵
  PID:11268
- C:\Windows\System\SquqbDV.exe
  C:\Windows\System\SquqbDV.exe
  2⤵
  PID:11296
- C:\Windows\System\WgqwPyb.exe
  C:\Windows\System\WgqwPyb.exe
  2⤵
  PID:11328
- C:\Windows\System\RSPIRDV.exe
  C:\Windows\System\RSPIRDV.exe
  2⤵
  PID:11356
- C:\Windows\System\nzVOsMv.exe
  C:\Windows\System\nzVOsMv.exe
  2⤵
  PID:11396
- C:\Windows\System\BIAckXg.exe
  C:\Windows\System\BIAckXg.exe
  2⤵
  PID:11424
- C:\Windows\System\RkmQnxe.exe
  C:\Windows\System\RkmQnxe.exe
  2⤵
  PID:11452
- C:\Windows\System\GHEiHpD.exe
  C:\Windows\System\GHEiHpD.exe
  2⤵
  PID:11484
- C:\Windows\System\VoQzvvO.exe
  C:\Windows\System\VoQzvvO.exe
  2⤵
  PID:11516
- C:\Windows\System\JKAxAJX.exe
  C:\Windows\System\JKAxAJX.exe
  2⤵
  PID:11548
- C:\Windows\System\OPabuiH.exe
  C:\Windows\System\OPabuiH.exe
  2⤵
  PID:11576
- C:\Windows\System\LFfELaS.exe
  C:\Windows\System\LFfELaS.exe
  2⤵
  PID:11604
- C:\Windows\System\vrFzaQH.exe
  C:\Windows\System\vrFzaQH.exe
  2⤵
  PID:11632
- C:\Windows\System\UqFQArs.exe
  C:\Windows\System\UqFQArs.exe
  2⤵
  PID:11660
- C:\Windows\System\QTMaWjd.exe
  C:\Windows\System\QTMaWjd.exe
  2⤵
  PID:11688
- C:\Windows\System\chSMUKg.exe
  C:\Windows\System\chSMUKg.exe
  2⤵
  PID:11716
- C:\Windows\System\VxEyqFG.exe
  C:\Windows\System\VxEyqFG.exe
  2⤵
  PID:11744
- C:\Windows\System\ovwdazL.exe
  C:\Windows\System\ovwdazL.exe
  2⤵
  PID:11772
- C:\Windows\System\dbnfgGB.exe
  C:\Windows\System\dbnfgGB.exe
  2⤵
  PID:11800
- C:\Windows\System\MwWZCeG.exe
  C:\Windows\System\MwWZCeG.exe
  2⤵
  PID:11828
- C:\Windows\System\XeCAJtA.exe
  C:\Windows\System\XeCAJtA.exe
  2⤵
  PID:11856
- C:\Windows\System\zpRxdOR.exe
  C:\Windows\System\zpRxdOR.exe
  2⤵
  PID:11884
- C:\Windows\System\utSYPvi.exe
  C:\Windows\System\utSYPvi.exe
  2⤵
  PID:11924
- C:\Windows\System\RHUilCI.exe
  C:\Windows\System\RHUilCI.exe
  2⤵
  PID:11940
- C:\Windows\System\ZhNEpfo.exe
  C:\Windows\System\ZhNEpfo.exe
  2⤵
  PID:11968
- C:\Windows\System\BfRCpcb.exe
  C:\Windows\System\BfRCpcb.exe
  2⤵
  PID:12004
- C:\Windows\System\mgVCsbI.exe
  C:\Windows\System\mgVCsbI.exe
  2⤵
  PID:12044
- C:\Windows\System\KzSYLtJ.exe
  C:\Windows\System\KzSYLtJ.exe
  2⤵
  PID:12076
- C:\Windows\System\JLsWQOr.exe
  C:\Windows\System\JLsWQOr.exe
  2⤵
  PID:12104
- C:\Windows\System\hlQwENW.exe
  C:\Windows\System\hlQwENW.exe
  2⤵
  PID:12132
- C:\Windows\System\DhpgOCr.exe
  C:\Windows\System\DhpgOCr.exe
  2⤵
  PID:12160
- C:\Windows\System\MpPBJyH.exe
  C:\Windows\System\MpPBJyH.exe
  2⤵
  PID:12196
- C:\Windows\System\JlLPaUJ.exe
  C:\Windows\System\JlLPaUJ.exe
  2⤵
  PID:12224
- C:\Windows\System\dBnBLuF.exe
  C:\Windows\System\dBnBLuF.exe
  2⤵
  PID:12252
- C:\Windows\System\jpomGxk.exe
  C:\Windows\System\jpomGxk.exe
  2⤵
  PID:12280
- C:\Windows\System\uXeohnT.exe
  C:\Windows\System\uXeohnT.exe
  2⤵
  PID:11292
- C:\Windows\System\IAvZHPt.exe
  C:\Windows\System\IAvZHPt.exe
  2⤵
  PID:11380
- C:\Windows\System\PhUbRhx.exe
  C:\Windows\System\PhUbRhx.exe
  2⤵
  PID:3312
- C:\Windows\System\XlDwYoj.exe
  C:\Windows\System\XlDwYoj.exe
  2⤵
  PID:11508
- C:\Windows\System\gebtkJh.exe
  C:\Windows\System\gebtkJh.exe
  2⤵
  PID:11572
- C:\Windows\System\yImqqlr.exe
  C:\Windows\System\yImqqlr.exe
  2⤵
  PID:5268
- C:\Windows\System\fjBmZfD.exe
  C:\Windows\System\fjBmZfD.exe
  2⤵
  PID:11672
- C:\Windows\System\AZXpMzR.exe
  C:\Windows\System\AZXpMzR.exe
  2⤵
  PID:11728
- C:\Windows\System\RVeIXDM.exe
  C:\Windows\System\RVeIXDM.exe
  2⤵
  PID:11812
- C:\Windows\System\AEbgykO.exe
  C:\Windows\System\AEbgykO.exe
  2⤵
  PID:11848
- C:\Windows\System\qtYftPa.exe
  C:\Windows\System\qtYftPa.exe
  2⤵
  PID:11896
- C:\Windows\System\DgIHPdm.exe
  C:\Windows\System\DgIHPdm.exe
  2⤵
  PID:3760
- C:\Windows\System\WAaZFzt.exe
  C:\Windows\System\WAaZFzt.exe
  2⤵
  PID:11952
- C:\Windows\System\fukjRcH.exe
  C:\Windows\System\fukjRcH.exe
  2⤵
  PID:12032
- C:\Windows\System\pmdNAXX.exe
  C:\Windows\System\pmdNAXX.exe
  2⤵
  PID:12100
- C:\Windows\System\xbQpMCJ.exe
  C:\Windows\System\xbQpMCJ.exe
  2⤵
  PID:12172
- C:\Windows\System\AdQeoHX.exe
  C:\Windows\System\AdQeoHX.exe
  2⤵
  PID:12248
- C:\Windows\System\UuVkOSb.exe
  C:\Windows\System\UuVkOSb.exe
  2⤵
  PID:11280
- C:\Windows\System\xcqZVco.exe
  C:\Windows\System\xcqZVco.exe
  2⤵
  PID:11368
- C:\Windows\System\AduLmOW.exe
  C:\Windows\System\AduLmOW.exe
  2⤵
  PID:11460
- C:\Windows\System\NPEawiL.exe
  C:\Windows\System\NPEawiL.exe
  2⤵
  PID:5312
- C:\Windows\System\ltoqVWe.exe
  C:\Windows\System\ltoqVWe.exe
  2⤵
  PID:11796
- C:\Windows\System\DpKplVj.exe
  C:\Windows\System\DpKplVj.exe
  2⤵
  PID:5512
- C:\Windows\System\jmFrDxF.exe
  C:\Windows\System\jmFrDxF.exe
  2⤵
  PID:11936
- C:\Windows\System\rIBwkkQ.exe
  C:\Windows\System\rIBwkkQ.exe
  2⤵
  PID:12092
- C:\Windows\System\xUwZZwe.exe
  C:\Windows\System\xUwZZwe.exe
  2⤵
  PID:5780
- C:\Windows\System\dmRXJUr.exe
  C:\Windows\System\dmRXJUr.exe
  2⤵
  PID:2600
- C:\Windows\System\QAWQDHh.exe
  C:\Windows\System\QAWQDHh.exe
  2⤵
  PID:9516
- C:\Windows\System\LFxpGWu.exe
  C:\Windows\System\LFxpGWu.exe
  2⤵
  PID:1972
- C:\Windows\System\eZtuTSf.exe
  C:\Windows\System\eZtuTSf.exe
  2⤵
  PID:6032
- C:\Windows\System\xkvYMqc.exe
  C:\Windows\System\xkvYMqc.exe
  2⤵
  PID:5456
- C:\Windows\System\qPFMDon.exe
  C:\Windows\System\qPFMDon.exe
  2⤵
  PID:12028
- C:\Windows\System\nGvaVfL.exe
  C:\Windows\System\nGvaVfL.exe
  2⤵
  PID:11324
- C:\Windows\System\iFgUvSy.exe
  C:\Windows\System\iFgUvSy.exe
  2⤵
  PID:11600
- C:\Windows\System\VqRpOhh.exe
  C:\Windows\System\VqRpOhh.exe
  2⤵
  PID:6116
- C:\Windows\System\YqZWFHC.exe
  C:\Windows\System\YqZWFHC.exe
  2⤵
  PID:2416
- C:\Windows\System\VplKYxu.exe
  C:\Windows\System\VplKYxu.exe
  2⤵
  PID:12292
- C:\Windows\System\CsPdcOp.exe
  C:\Windows\System\CsPdcOp.exe
  2⤵
  PID:12328
- C:\Windows\System\lyNWnyf.exe
  C:\Windows\System\lyNWnyf.exe
  2⤵
  PID:12356
- C:\Windows\System\bLJradE.exe
  C:\Windows\System\bLJradE.exe
  2⤵
  PID:12372
- C:\Windows\System\FfYvqqh.exe
  C:\Windows\System\FfYvqqh.exe
  2⤵
  PID:12404
- C:\Windows\System\DWgHBBR.exe
  C:\Windows\System\DWgHBBR.exe
  2⤵
  PID:12452
- C:\Windows\System\PrLQqFV.exe
  C:\Windows\System\PrLQqFV.exe
  2⤵
  PID:12472
- C:\Windows\System\ZMdVUyo.exe
  C:\Windows\System\ZMdVUyo.exe
  2⤵
  PID:12512
- C:\Windows\System\EeWcqCu.exe
  C:\Windows\System\EeWcqCu.exe
  2⤵
  PID:12536
- C:\Windows\System\BZBKcXx.exe
  C:\Windows\System\BZBKcXx.exe
  2⤵
  PID:12568
- C:\Windows\System\NKPZPOl.exe
  C:\Windows\System\NKPZPOl.exe
  2⤵
  PID:12608
- C:\Windows\System\FeyfVyP.exe
  C:\Windows\System\FeyfVyP.exe
  2⤵
  PID:12628
- C:\Windows\System\jnJPRcU.exe
  C:\Windows\System\jnJPRcU.exe
  2⤵
  PID:12672
- C:\Windows\System\MtIIbLL.exe
  C:\Windows\System\MtIIbLL.exe
  2⤵
  PID:12704
- C:\Windows\System\zxaijpf.exe
  C:\Windows\System\zxaijpf.exe
  2⤵
  PID:12732
- C:\Windows\System\bjCVAnD.exe
  C:\Windows\System\bjCVAnD.exe
  2⤵
  PID:12760
- C:\Windows\System\kndKYLs.exe
  C:\Windows\System\kndKYLs.exe
  2⤵
  PID:12796
- C:\Windows\System\GqUiOac.exe
  C:\Windows\System\GqUiOac.exe
  2⤵
  PID:12864
- C:\Windows\System\kjTUMtU.exe
  C:\Windows\System\kjTUMtU.exe
  2⤵
  PID:12896
- C:\Windows\System\GOAtkHC.exe
  C:\Windows\System\GOAtkHC.exe
  2⤵
  PID:12936
- C:\Windows\System\vNWulDM.exe
  C:\Windows\System\vNWulDM.exe
  2⤵
  PID:13000
- C:\Windows\System\kJPUSYP.exe
  C:\Windows\System\kJPUSYP.exe
  2⤵
  PID:13016
- C:\Windows\System\Gbpiwvb.exe
  C:\Windows\System\Gbpiwvb.exe
  2⤵
  PID:13032
- C:\Windows\System\FtBiCBB.exe
  C:\Windows\System\FtBiCBB.exe
  2⤵
  PID:13048
- C:\Windows\System\wyxtxpT.exe
  C:\Windows\System\wyxtxpT.exe
  2⤵
  PID:13068
- C:\Windows\System\Craxtah.exe
  C:\Windows\System\Craxtah.exe
  2⤵
  PID:13100
- C:\Windows\System\IpmmQDr.exe
  C:\Windows\System\IpmmQDr.exe
  2⤵
  PID:13128
- C:\Windows\System\xebUCBm.exe
  C:\Windows\System\xebUCBm.exe
  2⤵
  PID:13148
- C:\Windows\System\FPaibIt.exe
  C:\Windows\System\FPaibIt.exe
  2⤵
  PID:13180
- C:\Windows\System\ObnUdcu.exe
  C:\Windows\System\ObnUdcu.exe
  2⤵
  PID:13268
- C:\Windows\System\gWgosfe.exe
  C:\Windows\System\gWgosfe.exe
  2⤵
  PID:13284
- C:\Windows\System\NJgMCpL.exe
  C:\Windows\System\NJgMCpL.exe
  2⤵
  PID:5636
- C:\Windows\System\QivBehr.exe
  C:\Windows\System\QivBehr.exe
  2⤵
  PID:12340
- C:\Windows\System\tQHgGWf.exe
  C:\Windows\System\tQHgGWf.exe
  2⤵
  PID:932
- C:\Windows\System\HSGcOlk.exe
  C:\Windows\System\HSGcOlk.exe
  2⤵
  PID:12368
- C:\Windows\System\iQsdpSV.exe
  C:\Windows\System\iQsdpSV.exe
  2⤵
  PID:2044
- C:\Windows\System\SxNZKaS.exe
  C:\Windows\System\SxNZKaS.exe
  2⤵
  PID:12464
- C:\Windows\System\RuIQadw.exe
  C:\Windows\System\RuIQadw.exe
  2⤵
  PID:12524
- C:\Windows\System\LHGlzzN.exe
  C:\Windows\System\LHGlzzN.exe
  2⤵
  PID:12576
- C:\Windows\System\hhGmnQm.exe
  C:\Windows\System\hhGmnQm.exe
  2⤵
  PID:4712
- C:\Windows\System\dazmHOE.exe
  C:\Windows\System\dazmHOE.exe
  2⤵
  PID:4800
- C:\Windows\System\WIXFgoQ.exe
  C:\Windows\System\WIXFgoQ.exe
  2⤵
  PID:12664
- C:\Windows\System\AwtTzFU.exe
  C:\Windows\System\AwtTzFU.exe
  2⤵
  PID:6692
- C:\Windows\System\gzJDBgd.exe
  C:\Windows\System\gzJDBgd.exe
  2⤵
  PID:6792
- C:\Windows\System\hoioQiR.exe
  C:\Windows\System\hoioQiR.exe
  2⤵
  PID:6904
- C:\Windows\System\wnkirKE.exe
  C:\Windows\System\wnkirKE.exe
  2⤵
  PID:5060
- C:\Windows\System\WgCogHR.exe
  C:\Windows\System\WgCogHR.exe
  2⤵
  PID:1312
- C:\Windows\System\ZZMvUOq.exe
  C:\Windows\System\ZZMvUOq.exe
  2⤵
  PID:12776
- C:\Windows\System\YrcNlPz.exe
  C:\Windows\System\YrcNlPz.exe
  2⤵
  PID:12808
- C:\Windows\System\HibdVbP.exe
  C:\Windows\System\HibdVbP.exe
  2⤵
  PID:5952
- C:\Windows\System\fBEkqrF.exe
  C:\Windows\System\fBEkqrF.exe
  2⤵
  PID:5404
- C:\Windows\System\kvmaEhS.exe
  C:\Windows\System\kvmaEhS.exe
  2⤵
  PID:6340
- C:\Windows\System\PkcGKxW.exe
  C:\Windows\System\PkcGKxW.exe
  2⤵
  PID:6496
- C:\Windows\System\khSvInh.exe
  C:\Windows\System\khSvInh.exe
  2⤵
  PID:12448
- C:\Windows\System\ownaVQu.exe
  C:\Windows\System\ownaVQu.exe
  2⤵
  PID:12852
- C:\Windows\System\MdWjhgs.exe
  C:\Windows\System\MdWjhgs.exe
  2⤵
  PID:2524
- C:\Windows\System\ljTyFyb.exe
  C:\Windows\System\ljTyFyb.exe
  2⤵
  PID:12928
- C:\Windows\System\GpCDqXz.exe
  C:\Windows\System\GpCDqXz.exe
  2⤵
  PID:3024
- C:\Windows\System\MWbXZqd.exe
  C:\Windows\System\MWbXZqd.exe
  2⤵
  PID:7032
- C:\Windows\System\OVpcnCT.exe
  C:\Windows\System\OVpcnCT.exe
  2⤵
  PID:2148
- C:\Windows\System\fuqJWxC.exe
  C:\Windows\System\fuqJWxC.exe
  2⤵
  PID:844
- C:\Windows\System\OhNSdUd.exe
  C:\Windows\System\OhNSdUd.exe
  2⤵
  PID:5260
- C:\Windows\System\feAuTbt.exe
  C:\Windows\System\feAuTbt.exe
  2⤵
  PID:13096
- C:\Windows\System\KsooYHQ.exe
  C:\Windows\System\KsooYHQ.exe
  2⤵
  PID:13120
- C:\Windows\System\RRcqudA.exe
  C:\Windows\System\RRcqudA.exe
  2⤵
  PID:12744
- C:\Windows\System\eoEviMN.exe
  C:\Windows\System\eoEviMN.exe
  2⤵
  PID:4420
- C:\Windows\System\qlFQKds.exe
  C:\Windows\System\qlFQKds.exe
  2⤵
  PID:13188
- C:\Windows\System\RpBDpsE.exe
  C:\Windows\System\RpBDpsE.exe
  2⤵
  PID:13216
- C:\Windows\System\eRwDZQu.exe
  C:\Windows\System\eRwDZQu.exe
  2⤵
  PID:444
- C:\Windows\System\QQkqVmf.exe
  C:\Windows\System\QQkqVmf.exe
  2⤵
  PID:7264
- C:\Windows\System\GZmEbvK.exe
  C:\Windows\System\GZmEbvK.exe
  2⤵
  PID:7380
- C:\Windows\System\caycmKU.exe
  C:\Windows\System\caycmKU.exe
  2⤵
  PID:7456
- C:\Windows\System\kEgvoCH.exe
  C:\Windows\System\kEgvoCH.exe
  2⤵
  PID:3400
- C:\Windows\System\XtqbrCw.exe
  C:\Windows\System\XtqbrCw.exe
  2⤵
  PID:924
- C:\Windows\System\LXlXCDU.exe
  C:\Windows\System\LXlXCDU.exe
  2⤵
  PID:13300
- C:\Windows\System\yjECdSB.exe
  C:\Windows\System\yjECdSB.exe
  2⤵
  PID:12308
- C:\Windows\System\FCLJzYC.exe
  C:\Windows\System\FCLJzYC.exe
  2⤵
  PID:4452
- C:\Windows\System\ODlLDaR.exe
  C:\Windows\System\ODlLDaR.exe
  2⤵
  PID:2132
- C:\Windows\System\bclBwYo.exe
  C:\Windows\System\bclBwYo.exe
  2⤵
  PID:12884
- C:\Windows\System\kpdQaNd.exe
  C:\Windows\System\kpdQaNd.exe
  2⤵
  PID:7796
- C:\Windows\System\kmFNnYD.exe
  C:\Windows\System\kmFNnYD.exe
  2⤵
  PID:12904
- C:\Windows\System\hjzmlPy.exe
  C:\Windows\System\hjzmlPy.exe
  2⤵
  PID:5160
- C:\Windows\System\hgoEHDv.exe
  C:\Windows\System\hgoEHDv.exe
  2⤵
  PID:5252
- C:\Windows\System\bGMcCXD.exe
  C:\Windows\System\bGMcCXD.exe
  2⤵
  PID:12564
- C:\Windows\System\HzeyoXO.exe
  C:\Windows\System\HzeyoXO.exe
  2⤵
  PID:12924
- C:\Windows\System\MdzWmja.exe
  C:\Windows\System\MdzWmja.exe
  2⤵
  PID:4692
- C:\Windows\System\MjfXsww.exe
  C:\Windows\System\MjfXsww.exe
  2⤵
  PID:12684
- C:\Windows\System\iOFhePl.exe
  C:\Windows\System\iOFhePl.exe
  2⤵
  PID:6780
- C:\Windows\System\IQUEzXb.exe
  C:\Windows\System\IQUEzXb.exe
  2⤵
  PID:6832
- C:\Windows\System\lJBwRJw.exe
  C:\Windows\System\lJBwRJw.exe
  2⤵
  PID:12660
- C:\Windows\System\FpsnVbf.exe
  C:\Windows\System\FpsnVbf.exe
  2⤵
  PID:5080
- C:\Windows\System\gpoFJxL.exe
  C:\Windows\System\gpoFJxL.exe
  2⤵
  PID:12792
- C:\Windows\System\iiUeurO.exe
  C:\Windows\System\iiUeurO.exe
  2⤵
  PID:5568
- C:\Windows\System\EUZrWgm.exe
  C:\Windows\System\EUZrWgm.exe
  2⤵
  PID:5620
- C:\Windows\System\yZNcGJS.exe
  C:\Windows\System\yZNcGJS.exe
  2⤵
  PID:5624
- C:\Windows\System\apZNxoz.exe
  C:\Windows\System\apZNxoz.exe
  2⤵
  PID:5680
- C:\Windows\System\tpstSJh.exe
  C:\Windows\System\tpstSJh.exe
  2⤵
  PID:5740
- C:\Windows\System\uAdDWBg.exe
  C:\Windows\System\uAdDWBg.exe
  2⤵
  PID:12948
- C:\Windows\System\SJKfDpa.exe
  C:\Windows\System\SJKfDpa.exe
  2⤵
  PID:7144
- C:\Windows\System\UpjoplZ.exe
  C:\Windows\System\UpjoplZ.exe
  2⤵
  PID:5836
- C:\Windows\System\zRjLabZ.exe
  C:\Windows\System\zRjLabZ.exe
  2⤵
  PID:5852
- C:\Windows\System\ZXXuwDS.exe
  C:\Windows\System\ZXXuwDS.exe
  2⤵
  PID:5916
- C:\Windows\System\QeadHjc.exe
  C:\Windows\System\QeadHjc.exe
  2⤵
  PID:5964
- C:\Windows\System\WbnHEOv.exe
  C:\Windows\System\WbnHEOv.exe
  2⤵
  PID:13168
- C:\Windows\System\rWlbUAc.exe
  C:\Windows\System\rWlbUAc.exe
  2⤵
  PID:6004
- C:\Windows\System\gnORnnq.exe
  C:\Windows\System\gnORnnq.exe
  2⤵
  PID:7268
- C:\Windows\System\myirdVW.exe
  C:\Windows\System\myirdVW.exe
  2⤵
  PID:7400
- C:\Windows\System\nyXsQaR.exe
  C:\Windows\System\nyXsQaR.exe
  2⤵
  PID:832
- C:\Windows\System\cngLmjw.exe
  C:\Windows\System\cngLmjw.exe
  2⤵
  PID:13280
- C:\Windows\System\UiRqvyM.exe
  C:\Windows\System\UiRqvyM.exe
  2⤵
  PID:3924
- C:\Windows\System\PZMTCum.exe
  C:\Windows\System\PZMTCum.exe
  2⤵
  PID:5396
- C:\Windows\System\RNcIiHj.exe
  C:\Windows\System\RNcIiHj.exe
  2⤵
  PID:9832
- C:\Windows\System\QgWIlgy.exe
  C:\Windows\System\QgWIlgy.exe
  2⤵
  PID:7824
- C:\Windows\System\IbhqdJu.exe
  C:\Windows\System\IbhqdJu.exe
  2⤵
  PID:5168
- C:\Windows\System\CuxUInV.exe
  C:\Windows\System\CuxUInV.exe
  2⤵
  PID:12912
- C:\Windows\System\djmQMVj.exe
  C:\Windows\System\djmQMVj.exe
  2⤵
  PID:12992
- C:\Windows\System\CMewhRm.exe
  C:\Windows\System\CMewhRm.exe
  2⤵
  PID:4764
- C:\Windows\System\UdupyZM.exe
  C:\Windows\System\UdupyZM.exe
  2⤵
  PID:5432
- C:\Windows\System\kaStUwt.exe
  C:\Windows\System\kaStUwt.exe
  2⤵
  PID:5708
- C:\Windows\System\GpWCQTt.exe
  C:\Windows\System\GpWCQTt.exe
  2⤵
  PID:5556
- C:\Windows\System\gizOajN.exe
  C:\Windows\System\gizOajN.exe
  2⤵
  PID:6036
- C:\Windows\System\xBfpaKI.exe
  C:\Windows\System\xBfpaKI.exe
  2⤵
  PID:1956
- C:\Windows\System\UATLfZc.exe
  C:\Windows\System\UATLfZc.exe
  2⤵
  PID:5932
- C:\Windows\System\XZGGoYj.exe
  C:\Windows\System\XZGGoYj.exe
  2⤵
  PID:11992
- C:\Windows\System\mZlmjmL.exe
  C:\Windows\System\mZlmjmL.exe
  2⤵
  PID:3916
- C:\Windows\System\XMfKBbT.exe
  C:\Windows\System\XMfKBbT.exe
  2⤵
  PID:13028
- C:\Windows\System\xwMVSpJ.exe
  C:\Windows\System\xwMVSpJ.exe
  2⤵
  PID:2892
- C:\Windows\System\STbfHkE.exe
  C:\Windows\System\STbfHkE.exe
  2⤵
  PID:5976
- C:\Windows\System\mzopwxu.exe
  C:\Windows\System\mzopwxu.exe
  2⤵
  PID:7240
- C:\Windows\System\ZotjlEb.exe
  C:\Windows\System\ZotjlEb.exe
  2⤵
  PID:2164
- C:\Windows\System\fcismej.exe
  C:\Windows\System\fcismej.exe
  2⤵
  PID:13276
- C:\Windows\System\jAeFPgf.exe
  C:\Windows\System\jAeFPgf.exe
  2⤵
  PID:6192
- C:\Windows\System\RDIDNAM.exe
  C:\Windows\System\RDIDNAM.exe
  2⤵
  PID:12468
- C:\Windows\System\RgSElXd.exe
  C:\Windows\System\RgSElXd.exe
  2⤵
  PID:4564
- C:\Windows\System\ueDmvFr.exe
  C:\Windows\System\ueDmvFr.exe
  2⤵
  PID:7276
- C:\Windows\System\KHnFtES.exe
  C:\Windows\System\KHnFtES.exe
  2⤵
  PID:5544
- C:\Windows\System\qSLmUjx.exe
  C:\Windows\System\qSLmUjx.exe
  2⤵
  PID:6372
- C:\Windows\System\FhCVzbO.exe
  C:\Windows\System\FhCVzbO.exe
  2⤵
  PID:6400
- C:\Windows\System\JLHdFip.exe
  C:\Windows\System\JLHdFip.exe
  2⤵
  PID:5980
- C:\Windows\System\brrcjqe.exe
  C:\Windows\System\brrcjqe.exe
  2⤵
  PID:7328
- C:\Windows\System\tYcBPSr.exe
  C:\Windows\System\tYcBPSr.exe
  2⤵
  PID:5088
- C:\Windows\System\tHyFmoX.exe
  C:\Windows\System\tHyFmoX.exe
  2⤵
  PID:5936
- C:\Windows\System\hkSXzDd.exe
  C:\Windows\System\hkSXzDd.exe
  2⤵
  PID:6048
- C:\Windows\System\XQDwceZ.exe
  C:\Windows\System\XQDwceZ.exe
  2⤵
  PID:5752
- C:\Windows\System\gCJuweG.exe
  C:\Windows\System\gCJuweG.exe
  2⤵
  PID:8652
- C:\Windows\System\jgZPbzx.exe
  C:\Windows\System\jgZPbzx.exe
  2⤵
  PID:5176
- C:\Windows\System\FMiNfoD.exe
  C:\Windows\System\FMiNfoD.exe
  2⤵
  PID:9184
- C:\Windows\System\BhiVMzv.exe
  C:\Windows\System\BhiVMzv.exe
  2⤵
  PID:5756
- C:\Windows\System\JCiPriY.exe
  C:\Windows\System\JCiPriY.exe
  2⤵
  PID:6428
- C:\Windows\System\NAlbhFY.exe
  C:\Windows\System\NAlbhFY.exe
  2⤵
  PID:2412
- C:\Windows\System\GhzPWHp.exe
  C:\Windows\System\GhzPWHp.exe
  2⤵
  PID:7352
- C:\Windows\System\qSpdDLT.exe
  C:\Windows\System\qSpdDLT.exe
  2⤵
  PID:6996
- C:\Windows\System\aJJuPFe.exe
  C:\Windows\System\aJJuPFe.exe
  2⤵
  PID:5420
- C:\Windows\System\iUHlGbn.exe
  C:\Windows\System\iUHlGbn.exe
  2⤵
  PID:7044
- C:\Windows\System\JqaSgMI.exe
  C:\Windows\System\JqaSgMI.exe
  2⤵
  PID:7080
- C:\Windows\System\YSPlitN.exe
  C:\Windows\System\YSPlitN.exe
  2⤵
  PID:8804
- C:\Windows\System\WiTrqNP.exe
  C:\Windows\System\WiTrqNP.exe
  2⤵
  PID:5472
- C:\Windows\System\rnQFuZy.exe
  C:\Windows\System\rnQFuZy.exe
  2⤵
  PID:6984
- C:\Windows\System\cmcDDfO.exe
  C:\Windows\System\cmcDDfO.exe
  2⤵
  PID:5248
- C:\Windows\System\qVBPRNy.exe
  C:\Windows\System\qVBPRNy.exe
  2⤵
  PID:13320
- C:\Windows\System\uKMzgxb.exe
  C:\Windows\System\uKMzgxb.exe
  2⤵
  PID:13348
- C:\Windows\System\KYyPHCD.exe
  C:\Windows\System\KYyPHCD.exe
  2⤵
  PID:13376
- C:\Windows\System\IFXTRMO.exe
  C:\Windows\System\IFXTRMO.exe
  2⤵
  PID:13408
- C:\Windows\System\vUvCEUs.exe
  C:\Windows\System\vUvCEUs.exe
  2⤵
  PID:13436
- C:\Windows\System\plIrDeL.exe
  C:\Windows\System\plIrDeL.exe
  2⤵
  PID:13464
- C:\Windows\System\rqMMwcY.exe
  C:\Windows\System\rqMMwcY.exe
  2⤵
  PID:13492
- C:\Windows\System\LkUpmby.exe
  C:\Windows\System\LkUpmby.exe
  2⤵
  PID:13520
- C:\Windows\System\pcYwVNa.exe
  C:\Windows\System\pcYwVNa.exe
  2⤵
  PID:13548
- C:\Windows\System\rAmzLbK.exe
  C:\Windows\System\rAmzLbK.exe
  2⤵
  PID:13576
- C:\Windows\System\ZlENunb.exe
  C:\Windows\System\ZlENunb.exe
  2⤵
  PID:13608
- C:\Windows\System\LAlkJja.exe
  C:\Windows\System\LAlkJja.exe
  2⤵
  PID:13632
- C:\Windows\System\uyHUycQ.exe
  C:\Windows\System\uyHUycQ.exe
  2⤵
  PID:13660
- C:\Windows\System\qyVDrCW.exe
  C:\Windows\System\qyVDrCW.exe
  2⤵
  PID:13688
- C:\Windows\System\RzkKlTn.exe
  C:\Windows\System\RzkKlTn.exe
  2⤵
  PID:13716
- C:\Windows\System\ANXpmFn.exe
  C:\Windows\System\ANXpmFn.exe
  2⤵
  PID:13744
- C:\Windows\System\LFZjAqm.exe
  C:\Windows\System\LFZjAqm.exe
  2⤵
  PID:13772
- C:\Windows\System\gcGFIZA.exe
  C:\Windows\System\gcGFIZA.exe
  2⤵
  PID:13800
- C:\Windows\System\jAPDyxC.exe
  C:\Windows\System\jAPDyxC.exe
  2⤵
  PID:13828
- C:\Windows\System\naWKesa.exe
  C:\Windows\System\naWKesa.exe
  2⤵
  PID:13856
- C:\Windows\System\XcCJyun.exe
  C:\Windows\System\XcCJyun.exe
  2⤵
  PID:13884
- C:\Windows\System\fgrcBqA.exe
  C:\Windows\System\fgrcBqA.exe
  2⤵
  PID:13912
- C:\Windows\System\ZKPVenX.exe
  C:\Windows\System\ZKPVenX.exe
  2⤵
  PID:13940
- C:\Windows\System\kxfWCQv.exe
  C:\Windows\System\kxfWCQv.exe
  2⤵
  PID:13968
- C:\Windows\System\fSOXIAP.exe
  C:\Windows\System\fSOXIAP.exe
  2⤵
  PID:13996
- C:\Windows\System\woBKmzh.exe
  C:\Windows\System\woBKmzh.exe
  2⤵
  PID:14024
- C:\Windows\System\OCDsLrG.exe
  C:\Windows\System\OCDsLrG.exe
  2⤵
  PID:14052
- C:\Windows\System\serQiGo.exe
  C:\Windows\System\serQiGo.exe
  2⤵
  PID:14092
- C:\Windows\System\lPWQdyi.exe
  C:\Windows\System\lPWQdyi.exe
  2⤵
  PID:14120
- C:\Windows\System\jqLLBdC.exe
  C:\Windows\System\jqLLBdC.exe
  2⤵
  PID:14148
- C:\Windows\System\gcrBgWg.exe
  C:\Windows\System\gcrBgWg.exe
  2⤵
  PID:14176
- C:\Windows\System\YUyocLw.exe
  C:\Windows\System\YUyocLw.exe
  2⤵
  PID:14204
- C:\Windows\System\hJxEHRJ.exe
  C:\Windows\System\hJxEHRJ.exe
  2⤵
  PID:14232
- C:\Windows\System\gXvnQSA.exe
  C:\Windows\System\gXvnQSA.exe
  2⤵
  PID:14260
- C:\Windows\System\eUacQOD.exe
  C:\Windows\System\eUacQOD.exe
  2⤵
  PID:14288
- C:\Windows\System\qkmJWyQ.exe
  C:\Windows\System\qkmJWyQ.exe
  2⤵
  PID:14316
- C:\Windows\System\Kzxfzjr.exe
  C:\Windows\System\Kzxfzjr.exe
  2⤵
  PID:13332
- C:\Windows\System\fGoxSmI.exe
  C:\Windows\System\fGoxSmI.exe
  2⤵
  PID:13396
- C:\Windows\System\vamxrdC.exe
  C:\Windows\System\vamxrdC.exe
  2⤵
  PID:13460
- C:\Windows\System\LNdPZvD.exe
  C:\Windows\System\LNdPZvD.exe
  2⤵
  PID:13532
- C:\Windows\System\vlIHdRe.exe
  C:\Windows\System\vlIHdRe.exe
  2⤵
  PID:13596
- C:\Windows\System\DFgLyrJ.exe
  C:\Windows\System\DFgLyrJ.exe
  2⤵
  PID:13652
- C:\Windows\System\QOysfrJ.exe
  C:\Windows\System\QOysfrJ.exe
  2⤵
  PID:13712
- C:\Windows\System\NvBVljM.exe
  C:\Windows\System\NvBVljM.exe
  2⤵
  PID:6704
- C:\Windows\System\RYoOIyP.exe
  C:\Windows\System\RYoOIyP.exe
  2⤵
  PID:13812
- C:\Windows\System\wEyyrCJ.exe
  C:\Windows\System\wEyyrCJ.exe
  2⤵
  PID:13852
- C:\Windows\System\gROaMbZ.exe
  C:\Windows\System\gROaMbZ.exe
  2⤵
  PID:13896
- C:\Windows\System\CHwphvJ.exe
  C:\Windows\System\CHwphvJ.exe
  2⤵
  PID:13932
- C:\Windows\System\pOpZHND.exe
  C:\Windows\System\pOpZHND.exe
  2⤵
  PID:13980
- C:\Windows\System\AtQDUnM.exe
  C:\Windows\System\AtQDUnM.exe
  2⤵
  PID:14020
- C:\Windows\System\AFnNTQq.exe
  C:\Windows\System\AFnNTQq.exe
  2⤵
  PID:14088
- C:\Windows\System\gdynUDx.exe
  C:\Windows\System\gdynUDx.exe
  2⤵
  PID:14132
- C:\Windows\System\HaKWroI.exe
  C:\Windows\System\HaKWroI.exe
  2⤵
  PID:6236
- C:\Windows\System\KUaWXfd.exe
  C:\Windows\System\KUaWXfd.exe
  2⤵
  PID:14224
- C:\Windows\System\VINrPjT.exe
  C:\Windows\System\VINrPjT.exe
  2⤵
  PID:14280
- C:\Windows\System\MpJKnRF.exe
  C:\Windows\System\MpJKnRF.exe
  2⤵
  PID:14328
- C:\Windows\System\UrBDJtu.exe
  C:\Windows\System\UrBDJtu.exe
  2⤵
  PID:7192
- C:\Windows\System\kXTjbEs.exe
  C:\Windows\System\kXTjbEs.exe
  2⤵
  PID:13516
- C:\Windows\System\LGtyjDV.exe
  C:\Windows\System\LGtyjDV.exe
  2⤵
  PID:13644
- C:\Windows\System\MSDqTUv.exe
  C:\Windows\System\MSDqTUv.exe
  2⤵
  PID:13768
- C:\Windows\System\ANjQiBy.exe
  C:\Windows\System\ANjQiBy.exe
  2⤵
  PID:6824
- C:\Windows\System\ZDxhmtn.exe
  C:\Windows\System\ZDxhmtn.exe
  2⤵
  PID:13960
- C:\Windows\System\iRRSEVx.exe
  C:\Windows\System\iRRSEVx.exe
  2⤵
  PID:3008
- C:\Windows\System\YSFViRN.exe
  C:\Windows\System\YSFViRN.exe
  2⤵
  PID:3496
- C:\Windows\System\YWiuVEu.exe
  C:\Windows\System\YWiuVEu.exe
  2⤵
  PID:14188
- C:\Windows\System\oKNlSWY.exe
  C:\Windows\System\oKNlSWY.exe
  2⤵
  PID:6336
- C:\Windows\System\wUXAwtb.exe
  C:\Windows\System\wUXAwtb.exe
  2⤵
  PID:6532
- C:\Windows\System\QpKsoYI.exe
  C:\Windows\System\QpKsoYI.exe
  2⤵
  PID:7564
- C:\Windows\System\OZtIiML.exe
  C:\Windows\System\OZtIiML.exe
  2⤵
  PID:7612
- C:\Windows\System\rlizEvS.exe
  C:\Windows\System\rlizEvS.exe
  2⤵
  PID:13708
- C:\Windows\System\VvqskNZ.exe
  C:\Windows\System\VvqskNZ.exe
  2⤵
  PID:13756
- C:\Windows\System\uQnwnbI.exe
  C:\Windows\System\uQnwnbI.exe
  2⤵
  PID:4076
- C:\Windows\System\vicbPjm.exe
  C:\Windows\System\vicbPjm.exe
  2⤵
  PID:1444
- C:\Windows\System\bcEWBZx.exe
  C:\Windows\System\bcEWBZx.exe
  2⤵
  PID:2068
- C:\Windows\System\AYejbSB.exe
  C:\Windows\System\AYejbSB.exe
  2⤵
  PID:3176
- C:\Windows\System\bbVHljP.exe
  C:\Windows\System\bbVHljP.exe
  2⤵
  PID:1732
- C:\Windows\System\vBxDOqv.exe
  C:\Windows\System\vBxDOqv.exe
  2⤵
  PID:1480
- C:\Windows\System\mhuMKwE.exe
  C:\Windows\System\mhuMKwE.exe
  2⤵
  PID:7208
- C:\Windows\System\KqkduIn.exe
  C:\Windows\System\KqkduIn.exe
  2⤵
  PID:7888
- C:\Windows\System\rvUStxj.exe
  C:\Windows\System\rvUStxj.exe
  2⤵
  PID:7924
- C:\Windows\System\wqFSYwH.exe
  C:\Windows\System\wqFSYwH.exe
  2⤵
  PID:9248
- C:\Windows\System\lyztlrK.exe
  C:\Windows\System\lyztlrK.exe
  2⤵
  PID:7952
- C:\Windows\System\JldOYUk.exe
  C:\Windows\System\JldOYUk.exe
  2⤵
  PID:9296
- C:\Windows\System\znLINQZ.exe
  C:\Windows\System\znLINQZ.exe
  2⤵
  PID:3904
- C:\Windows\System\FcdRDCc.exe
  C:\Windows\System\FcdRDCc.exe
  2⤵
  PID:4668
- C:\Windows\System\nlxVdyr.exe
  C:\Windows\System\nlxVdyr.exe
  2⤵
  PID:8056
- C:\Windows\System\OCBwZKJ.exe
  C:\Windows\System\OCBwZKJ.exe
  2⤵
  PID:9424
- C:\Windows\System\FqafKUt.exe
  C:\Windows\System\FqafKUt.exe
  2⤵
  PID:4156
- C:\Windows\System\bzFNYvD.exe
  C:\Windows\System\bzFNYvD.exe
  2⤵
  PID:9220
- C:\Windows\System\MXEsRAa.exe
  C:\Windows\System\MXEsRAa.exe
  2⤵
  PID:8188
- C:\Windows\System\hWvktCr.exe
  C:\Windows\System\hWvktCr.exe
  2⤵
  PID:9572
- C:\Windows\System\qpCPFku.exe
  C:\Windows\System\qpCPFku.exe
  2⤵
  PID:9328
- C:\Windows\System\QwqNIEE.exe
  C:\Windows\System\QwqNIEE.exe
  2⤵
  PID:1864
- C:\Windows\System\MiFCsdu.exe
  C:\Windows\System\MiFCsdu.exe
  2⤵
  PID:8104
- C:\Windows\System\hPFsOsu.exe
  C:\Windows\System\hPFsOsu.exe
  2⤵
  PID:9464
- C:\Windows\System\DDxaRyL.exe
  C:\Windows\System\DDxaRyL.exe
  2⤵
  PID:6384
- C:\Windows\System\jUnyLvo.exe
  C:\Windows\System\jUnyLvo.exe
  2⤵
  PID:7196
- C:\Windows\System\OZuteKl.exe
  C:\Windows\System\OZuteKl.exe
  2⤵
  PID:9356
- C:\Windows\System\CQruwmw.exe
  C:\Windows\System\CQruwmw.exe
  2⤵
  PID:7384
- C:\Windows\System\bHFyvnC.exe
  C:\Windows\System\bHFyvnC.exe
  2⤵
  PID:7388
- C:\Windows\System\SbmIJyO.exe
  C:\Windows\System\SbmIJyO.exe
  2⤵
  PID:7684
- C:\Windows\System\swzwcue.exe
  C:\Windows\System\swzwcue.exe
  2⤵
  PID:9336
- C:\Windows\System\dSrVXSv.exe
  C:\Windows\System\dSrVXSv.exe
  2⤵
  PID:9952
- C:\Windows\System\QRZMupD.exe
  C:\Windows\System\QRZMupD.exe
  2⤵
  PID:10024
- C:\Windows\System\GnUaxID.exe
  C:\Windows\System\GnUaxID.exe
  2⤵
  PID:7576
- C:\Windows\System\auvfIUa.exe
  C:\Windows\System\auvfIUa.exe
  2⤵
  PID:7864
- C:\Windows\System\KSCEbQq.exe
  C:\Windows\System\KSCEbQq.exe
  2⤵
  PID:7644
- C:\Windows\System\YDGChvo.exe
  C:\Windows\System\YDGChvo.exe
  2⤵
  PID:7228
- C:\Windows\System\sQWSMvI.exe
  C:\Windows\System\sQWSMvI.exe
  2⤵
  PID:8028
- C:\Windows\System\GbKcwck.exe
  C:\Windows\System\GbKcwck.exe
  2⤵
  PID:8092
- C:\Windows\System\cFnqgWS.exe
  C:\Windows\System\cFnqgWS.exe
  2⤵
  PID:8088
- C:\Windows\System\ZgkKFSB.exe
  C:\Windows\System\ZgkKFSB.exe
  2⤵
  PID:8116
- C:\Windows\System\lpzzqhK.exe
  C:\Windows\System\lpzzqhK.exe
  2⤵
  PID:9684
- C:\Windows\System\NusTqgS.exe
  C:\Windows\System\NusTqgS.exe
  2⤵
  PID:9676
- C:\Windows\System\DPEUTMp.exe
  C:\Windows\System\DPEUTMp.exe
  2⤵
  PID:14344
- C:\Windows\System\VdHSdIV.exe
  C:\Windows\System\VdHSdIV.exe
  2⤵
  PID:14380
- C:\Windows\System\mYHqyAT.exe
  C:\Windows\System\mYHqyAT.exe
  2⤵
  PID:14416
- C:\Windows\System\lCJZslj.exe
  C:\Windows\System\lCJZslj.exe
  2⤵
  PID:14448
- C:\Windows\System\fPfOkGJ.exe
  C:\Windows\System\fPfOkGJ.exe
  2⤵
  PID:14480
- C:\Windows\System\YLdxWvs.exe
  C:\Windows\System\YLdxWvs.exe
  2⤵
  PID:14508
- C:\Windows\System\FMQprub.exe
  C:\Windows\System\FMQprub.exe
  2⤵
  PID:14532
- C:\Windows\System\CAHTMTH.exe
  C:\Windows\System\CAHTMTH.exe
  2⤵
  PID:14564
- C:\Windows\System\KpHhFhI.exe
  C:\Windows\System\KpHhFhI.exe
  2⤵
  PID:14592
- C:\Windows\System\VGhzOeQ.exe
  C:\Windows\System\VGhzOeQ.exe
  2⤵
  PID:14620
- C:\Windows\System\EWJywea.exe
  C:\Windows\System\EWJywea.exe
  2⤵
  PID:14652
- C:\Windows\System\PXHArik.exe
  C:\Windows\System\PXHArik.exe
  2⤵
  PID:14680
- C:\Windows\System\iBfrtiw.exe
  C:\Windows\System\iBfrtiw.exe
  2⤵
  PID:14708
- C:\Windows\System\fXrncMI.exe
  C:\Windows\System\fXrncMI.exe
  2⤵
  PID:14748
- C:\Windows\System\tCBixhY.exe
  C:\Windows\System\tCBixhY.exe
  2⤵
  PID:14764
- C:\Windows\System\KrjCKWV.exe
  C:\Windows\System\KrjCKWV.exe
  2⤵
  PID:14792
- C:\Windows\System\ppTrDyJ.exe
  C:\Windows\System\ppTrDyJ.exe
  2⤵
  PID:14820
- C:\Windows\System\nMqfTiP.exe
  C:\Windows\System\nMqfTiP.exe
  2⤵
  PID:14848
- C:\Windows\System\iMRcGLa.exe
  C:\Windows\System\iMRcGLa.exe
  2⤵
  PID:14876
- C:\Windows\System\ziDRCqm.exe
  C:\Windows\System\ziDRCqm.exe
  2⤵
  PID:14904
- C:\Windows\System\EeCUejJ.exe
  C:\Windows\System\EeCUejJ.exe
  2⤵
  PID:14932
- C:\Windows\System\NigiIwW.exe
  C:\Windows\System\NigiIwW.exe
  2⤵
  PID:14960
- C:\Windows\System\gQYSSDZ.exe
  C:\Windows\System\gQYSSDZ.exe
  2⤵
  PID:14988
- C:\Windows\System\MybAiEj.exe
  C:\Windows\System\MybAiEj.exe
  2⤵
  PID:15016
- C:\Windows\System\hibeoms.exe
  C:\Windows\System\hibeoms.exe
  2⤵
  PID:15044
- C:\Windows\System\BNMiGiO.exe
  C:\Windows\System\BNMiGiO.exe
  2⤵
  PID:15072
- C:\Windows\System\MCwpBAl.exe
  C:\Windows\System\MCwpBAl.exe
  2⤵
  PID:15100
- C:\Windows\System\REvXVrl.exe
  C:\Windows\System\REvXVrl.exe
  2⤵
  PID:15132
- C:\Windows\System\EXmjaFq.exe
  C:\Windows\System\EXmjaFq.exe
  2⤵
  PID:15160
- C:\Windows\System\tyzDLYb.exe
  C:\Windows\System\tyzDLYb.exe
  2⤵
  PID:15188
- C:\Windows\System\EWxnvwR.exe
  C:\Windows\System\EWxnvwR.exe
  2⤵
  PID:15216
- C:\Windows\System\SVaFcoA.exe
  C:\Windows\System\SVaFcoA.exe
  2⤵
  PID:15244
- C:\Windows\System\GHGVyoM.exe
  C:\Windows\System\GHGVyoM.exe
  2⤵
  PID:15272
- C:\Windows\System\GMnMsmp.exe
  C:\Windows\System\GMnMsmp.exe
  2⤵
  PID:15300
- C:\Windows\System\ReJkfLf.exe
  C:\Windows\System\ReJkfLf.exe
  2⤵
  PID:15328
- C:\Windows\System\aZajKgY.exe
  C:\Windows\System\aZajKgY.exe
  2⤵
  PID:15356
- C:\Windows\System\MvWfLQa.exe
  C:\Windows\System\MvWfLQa.exe
  2⤵
  PID:7404
- C:\Windows\System\zlKLRBX.exe
  C:\Windows\System\zlKLRBX.exe
  2⤵
  PID:14408
- C:\Windows\System\xrcYwld.exe
  C:\Windows\System\xrcYwld.exe
  2⤵
  PID:14440
- C:\Windows\System\RxRGGti.exe
  C:\Windows\System\RxRGGti.exe
  2⤵
  PID:2492
- C:\Windows\System\kHqBvrp.exe
  C:\Windows\System\kHqBvrp.exe
  2⤵
  PID:14524
- C:\Windows\System\LTVONJB.exe
  C:\Windows\System\LTVONJB.exe
  2⤵
  PID:9228
- C:\Windows\System\bidxuOf.exe
  C:\Windows\System\bidxuOf.exe
  2⤵
  PID:14588
- C:\Windows\System\KefqnMI.exe
  C:\Windows\System\KefqnMI.exe
  2⤵
  PID:14616
- C:\Windows\System\jvUSqHK.exe
  C:\Windows\System\jvUSqHK.exe
  2⤵
  PID:14648
- C:\Windows\System\nTrfske.exe
  C:\Windows\System\nTrfske.exe
  2⤵
  PID:14692
- C:\Windows\System\DaFEQnR.exe
  C:\Windows\System\DaFEQnR.exe
  2⤵
  PID:3404
- C:\Windows\System\hisNIHy.exe
  C:\Windows\System\hisNIHy.exe
  2⤵
  PID:14368
- C:\Windows\System\kJLJccn.exe
  C:\Windows\System\kJLJccn.exe
  2⤵
  PID:14640
- C:\Windows\System\wvYZNqq.exe
  C:\Windows\System\wvYZNqq.exe
  2⤵
  PID:9772
- C:\Windows\System\TNpMrKU.exe
  C:\Windows\System\TNpMrKU.exe
  2⤵
  PID:14812
- C:\Windows\System\vjmtOQB.exe
  C:\Windows\System\vjmtOQB.exe
  2⤵
  PID:14860
- C:\Windows\System\owZpLQQ.exe
  C:\Windows\System\owZpLQQ.exe
  2⤵
  PID:14896
- C:\Windows\System\agnYRfW.exe
  C:\Windows\System\agnYRfW.exe
  2⤵
  PID:9340
- C:\Windows\System\EpIPmEa.exe
  C:\Windows\System\EpIPmEa.exe
  2⤵
  PID:10260
- C:\Windows\System\lRTbzFG.exe
  C:\Windows\System\lRTbzFG.exe
  2⤵
  PID:15008
- C:\Windows\System\jjCdMUM.exe
  C:\Windows\System\jjCdMUM.exe
  2⤵
  PID:8416
- C:\Windows\System\FAXnGkW.exe
  C:\Windows\System\FAXnGkW.exe
  2⤵
  PID:8444
- C:\Windows\System\bqWyKLk.exe
  C:\Windows\System\bqWyKLk.exe
  2⤵
  PID:15092
- C:\Windows\System\HSTnpUK.exe
  C:\Windows\System\HSTnpUK.exe
  2⤵
  PID:15124
- C:\Windows\System\EoNSPdb.exe
  C:\Windows\System\EoNSPdb.exe
  2⤵
  PID:10440
- C:\Windows\System\cfmOASR.exe
  C:\Windows\System\cfmOASR.exe
  2⤵
  PID:15184
- C:\Windows\System\IXJiTYv.exe
  C:\Windows\System\IXJiTYv.exe
  2⤵
  PID:10528
- C:\Windows\System\LNSXrOg.exe
  C:\Windows\System\LNSXrOg.exe
  2⤵
  PID:15256
- C:\Windows\System\JUBdzGl.exe
  C:\Windows\System\JUBdzGl.exe
  2⤵
  PID:10592
- C:\Windows\System\VSbavvK.exe
  C:\Windows\System\VSbavvK.exe
  2⤵
  PID:15320
- C:\Windows\System\qxSIilv.exe
  C:\Windows\System\qxSIilv.exe
  2⤵
  PID:10640
- C:\Windows\System\LVHdhyH.exe
  C:\Windows\System\LVHdhyH.exe
  2⤵
  PID:14356
- C:\Windows\System\RASgeFW.exe
  C:\Windows\System\RASgeFW.exe
  2⤵
  PID:8716
- C:\Windows\System\MMuOMZg.exe
  C:\Windows\System\MMuOMZg.exe
  2⤵
  PID:8744
- C:\Windows\System\lxScaQp.exe
  C:\Windows\System\lxScaQp.exe
  2⤵
  PID:7788
- C:\Windows\System\xnRCdOA.exe
  C:\Windows\System\xnRCdOA.exe
  2⤵
  PID:9272
- C:\Windows\System\vUoQrmV.exe
  C:\Windows\System\vUoQrmV.exe
  2⤵
  PID:10784
- C:\Windows\System\tPVFiee.exe
  C:\Windows\System\tPVFiee.exe
  2⤵
  PID:8848
- C:\Windows\System\mWAgNOq.exe
  C:\Windows\System\mWAgNOq.exe
  2⤵
  PID:15108
- C:\Windows\System\TXUdIGj.exe
  C:\Windows\System\TXUdIGj.exe
  2⤵
  PID:8884
- C:\Windows\System\iPDOVfH.exe
  C:\Windows\System\iPDOVfH.exe
  2⤵
  PID:10904
- C:\Windows\System\grLvFjW.exe
  C:\Windows\System\grLvFjW.exe
  2⤵
  PID:14744
- C:\Windows\System\NjhsfZL.exe
  C:\Windows\System\NjhsfZL.exe
  2⤵
  PID:14760
- C:\Windows\System\JOTGsPG.exe
  C:\Windows\System\JOTGsPG.exe
  2⤵
  PID:8988
- C:\Windows\System\xVbKdRZ.exe
  C:\Windows\System\xVbKdRZ.exe
  2⤵
  PID:9016
- C:\Windows\System\pgRKrnT.exe
  C:\Windows\System\pgRKrnT.exe
  2⤵
  PID:2472
- C:\Windows\System\TCuUUnQ.exe
  C:\Windows\System\TCuUUnQ.exe
  2⤵
  PID:9060
- C:\Windows\System\JbDUYwQ.exe
  C:\Windows\System\JbDUYwQ.exe
  2⤵
  PID:9104
- C:\Windows\System\nMoHWJS.exe
  C:\Windows\System\nMoHWJS.exe
  2⤵
  PID:9132
- C:\Windows\System\BqGseID.exe
  C:\Windows\System\BqGseID.exe
  2⤵
  PID:11160
- C:\Windows\System\XqYbJZI.exe
  C:\Windows\System\XqYbJZI.exe
  2⤵
  PID:8500
- C:\Windows\System\dfMVVjt.exe
  C:\Windows\System\dfMVVjt.exe
  2⤵
  PID:15172
- C:\Windows\System\FhZChpa.exe
  C:\Windows\System\FhZChpa.exe
  2⤵
  PID:11244
- C:\Windows\System\RgbqXGH.exe
  C:\Windows\System\RgbqXGH.exe
  2⤵
  PID:15240
- C:\Windows\System\hJMqPnn.exe
  C:\Windows\System\hJMqPnn.exe
  2⤵
  PID:15296
- C:\Windows\System\jwDPpQj.exe
  C:\Windows\System\jwDPpQj.exe
  2⤵
  PID:8272
- C:\Windows\System\zfdwcmc.exe
  C:\Windows\System\zfdwcmc.exe
  2⤵
  PID:10704
- C:\Windows\System\FkXqfYn.exe
  C:\Windows\System\FkXqfYn.exe
  2⤵
  PID:7600
- C:\Windows\System\KXkQAGU.exe
  C:\Windows\System\KXkQAGU.exe
  2⤵
  PID:14476
- C:\Windows\System\YjTUzie.exe
  C:\Windows\System\YjTUzie.exe
  2⤵
  PID:8060
- C:\Windows\System\pYDatnF.exe
  C:\Windows\System\pYDatnF.exe
  2⤵
  PID:10856
- C:\Windows\System\DlHVMCj.exe
  C:\Windows\System\DlHVMCj.exe
  2⤵
  PID:1996
- C:\Windows\System\hiTKFni.exe
  C:\Windows\System\hiTKFni.exe
  2⤵
  PID:14700
- C:\Windows\System\LSeiMIf.exe
  C:\Windows\System\LSeiMIf.exe
  2⤵
  PID:7260
- C:\Windows\System\vLwZvbw.exe
  C:\Windows\System\vLwZvbw.exe
  2⤵
  PID:10952
- C:\Windows\System\Rbkeydo.exe
  C:\Windows\System\Rbkeydo.exe
  2⤵
  PID:11228
- C:\Windows\System\aUjIiIw.exe
  C:\Windows\System\aUjIiIw.exe
  2⤵
  PID:10404
- C:\Windows\System\fdzzmaK.exe
  C:\Windows\System\fdzzmaK.exe
  2⤵
  PID:4912
- C:\Windows\System\gMpLyqw.exe
  C:\Windows\System\gMpLyqw.exe
  2⤵
  PID:10744
- C:\Windows\System\quoPepq.exe
  C:\Windows\System\quoPepq.exe
  2⤵
  PID:10320
- C:\Windows\System\SeNceNJ.exe
  C:\Windows\System\SeNceNJ.exe
  2⤵
  PID:10956
- C:\Windows\System\gGEeXNU.exe
  C:\Windows\System\gGEeXNU.exe
  2⤵
  PID:8916
- C:\Windows\System\WWdzRqr.exe
  C:\Windows\System\WWdzRqr.exe
  2⤵
  PID:10348
- C:\Windows\System\IKJLCTF.exe
  C:\Windows\System\IKJLCTF.exe
  2⤵
  PID:8052
- C:\Windows\System\ChWUyKD.exe
  C:\Windows\System\ChWUyKD.exe
  2⤵
  PID:3868
- C:\Windows\System\wUrpQPu.exe
  C:\Windows\System\wUrpQPu.exe
  2⤵
  PID:15268
- C:\Windows\System\VVjVZcQ.exe
  C:\Windows\System\VVjVZcQ.exe
  2⤵
  PID:11364
- C:\Windows\System\uPPtvIf.exe
  C:\Windows\System\uPPtvIf.exe
  2⤵
  PID:4656
- C:\Windows\System\gmJryOa.exe
  C:\Windows\System\gmJryOa.exe
  2⤵
  PID:8404
- C:\Windows\System\ZRIagVC.exe
  C:\Windows\System\ZRIagVC.exe
  2⤵
  PID:10800
- C:\Windows\System\oFOrhio.exe
  C:\Windows\System\oFOrhio.exe
  2⤵
  PID:14604
- C:\Windows\System\QeODHeJ.exe
  C:\Windows\System\QeODHeJ.exe
  2⤵
  PID:2864
- C:\Windows\System\AvfskLj.exe
  C:\Windows\System\AvfskLj.exe
  2⤵
  PID:8912
- C:\Windows\System\hrtBCqN.exe
  C:\Windows\System\hrtBCqN.exe
  2⤵
  PID:14728
- C:\Windows\System\jgNgeSA.exe
  C:\Windows\System\jgNgeSA.exe
  2⤵
  PID:11612
- C:\Windows\System\lBnWgoN.exe
  C:\Windows\System\lBnWgoN.exe
  2⤵
  PID:11020
- C:\Windows\System\HKnpDkU.exe
  C:\Windows\System\HKnpDkU.exe
  2⤵
  PID:11068
- C:\Windows\System\mGXrTPJ.exe
  C:\Windows\System\mGXrTPJ.exe
  2⤵
  PID:3472
- C:\Windows\System\xUidkUf.exe
  C:\Windows\System\xUidkUf.exe
  2⤵
  PID:11696
- C:\Windows\System\gYFpNaA.exe
  C:\Windows\System\gYFpNaA.exe
  2⤵
  PID:8936
- C:\Windows\System\duSSLxJ.exe
  C:\Windows\System\duSSLxJ.exe
  2⤵
  PID:9020
- C:\Windows\System\KKFlnAt.exe
  C:\Windows\System\KKFlnAt.exe
  2⤵
  PID:11808
- C:\Windows\System\iaeyEZb.exe
  C:\Windows\System\iaeyEZb.exe
  2⤵
  PID:7160
- C:\Windows\System\krLMBQB.exe
  C:\Windows\System\krLMBQB.exe
  2⤵
  PID:8216
- C:\Windows\System\GEfeqaG.exe
  C:\Windows\System\GEfeqaG.exe
  2⤵
  PID:11892
- C:\Windows\System\HQGHbRk.exe
  C:\Windows\System\HQGHbRk.exe
  2⤵
  PID:9188
- C:\Windows\System\YOrVkLz.exe
  C:\Windows\System\YOrVkLz.exe
  2⤵
  PID:8572
- C:\Windows\System\MbMnJcT.exe
  C:\Windows\System\MbMnJcT.exe
  2⤵
  PID:11964
- C:\Windows\System\bKhVCpt.exe
  C:\Windows\System\bKhVCpt.exe
  2⤵
  PID:11584
- C:\Windows\System\hMsRQJa.exe
  C:\Windows\System\hMsRQJa.exe
  2⤵
  PID:11124
- C:\Windows\System\vjdtKgz.exe
  C:\Windows\System\vjdtKgz.exe
  2⤵
  PID:15000
- C:\Windows\System\IQSgbgu.exe
  C:\Windows\System\IQSgbgu.exe
  2⤵
  PID:11704
- C:\Windows\System\MjRJJHa.exe
  C:\Windows\System\MjRJJHa.exe
  2⤵
  PID:9212
- C:\Windows\System\NcZWSEz.exe
  C:\Windows\System\NcZWSEz.exe
  2⤵
  PID:880
- C:\Windows\System\QjhkvEi.exe
  C:\Windows\System\QjhkvEi.exe
  2⤵
  PID:11840
- C:\Windows\System\dMtbEVx.exe
  C:\Windows\System\dMtbEVx.exe
  2⤵
  PID:12260
- C:\Windows\System\fUwOVqQ.exe
  C:\Windows\System\fUwOVqQ.exe
  2⤵
  PID:11028
- C:\Windows\System\tYlxqMW.exe
  C:\Windows\System\tYlxqMW.exe
  2⤵
  PID:14404
- C:\Windows\System\DuHjlKG.exe
  C:\Windows\System\DuHjlKG.exe
  2⤵
  PID:8644
- C:\Windows\System\BkfjkGu.exe
  C:\Windows\System\BkfjkGu.exe
  2⤵
  PID:8800
- C:\Windows\System\AtdHtrS.exe
  C:\Windows\System\AtdHtrS.exe
  2⤵
  PID:5172
- C:\Windows\System\XXczvcc.exe
  C:\Windows\System\XXczvcc.exe
  2⤵
  PID:14888
- C:\Windows\System\PfbJSPe.exe
  C:\Windows\System\PfbJSPe.exe
  2⤵
  PID:12212
- C:\Windows\System\yQGMsVM.exe
  C:\Windows\System\yQGMsVM.exe
  2⤵
  PID:14472
- C:\Windows\System\dQXZJRG.exe
  C:\Windows\System\dQXZJRG.exe
  2⤵
  PID:14676
- C:\Windows\System\XtXhvGC.exe
  C:\Windows\System\XtXhvGC.exe
  2⤵
  PID:12020
- C:\Windows\System\MstzAyA.exe
  C:\Windows\System\MstzAyA.exe
  2⤵
  PID:12084
- C:\Windows\System\UGZYBhB.exe
  C:\Windows\System\UGZYBhB.exe
  2⤵
  PID:11528
- C:\Windows\System\DmfenlV.exe
  C:\Windows\System\DmfenlV.exe
  2⤵
  PID:11764
- C:\Windows\System\LfHPtwb.exe
  C:\Windows\System\LfHPtwb.exe
  2⤵
  PID:11916
- C:\Windows\System\GIqAFXX.exe
  C:\Windows\System\GIqAFXX.exe
  2⤵
  PID:11976
- C:\Windows\System\RVtlioC.exe
  C:\Windows\System\RVtlioC.exe
  2⤵
  PID:11544
- C:\Windows\System\bgrflqO.exe
  C:\Windows\System\bgrflqO.exe
  2⤵
  PID:12128
- C:\Windows\System\nfpCvIr.exe
  C:\Windows\System\nfpCvIr.exe
  2⤵
  PID:11880
- C:\Windows\System\TynIFEU.exe
  C:\Windows\System\TynIFEU.exe
  2⤵
  PID:12056
- C:\Windows\System\nmiLxZP.exe
  C:\Windows\System\nmiLxZP.exe
  2⤵
  PID:9612
- C:\Windows\System\lUqQmIp.exe
  C:\Windows\System\lUqQmIp.exe
  2⤵
  PID:12208
- C:\Windows\System\rruCCqL.exe
  C:\Windows\System\rruCCqL.exe
  2⤵
  PID:8316
- C:\Windows\System\uVTyyyJ.exe
  C:\Windows\System\uVTyyyJ.exe
  2⤵
  PID:2420
- C:\Windows\System\EnjsmyF.exe
  C:\Windows\System\EnjsmyF.exe
  2⤵
  PID:4480
- C:\Windows\System\JytBEut.exe
  C:\Windows\System\JytBEut.exe
  2⤵
  PID:15388
- C:\Windows\System\dTkPofd.exe
  C:\Windows\System\dTkPofd.exe
  2⤵
  PID:15416
- C:\Windows\System\EVEmZwa.exe
  C:\Windows\System\EVEmZwa.exe
  2⤵
  PID:15452
- C:\Windows\System\cBKlDmh.exe
  C:\Windows\System\cBKlDmh.exe
  2⤵
  PID:15472
- C:\Windows\System\ftDmtrm.exe
  C:\Windows\System\ftDmtrm.exe
  2⤵
  PID:15500
- C:\Windows\System\wblsXot.exe
  C:\Windows\System\wblsXot.exe
  2⤵
  PID:15528
- C:\Windows\System\mLXjKFb.exe
  C:\Windows\System\mLXjKFb.exe
  2⤵
  PID:15556
- C:\Windows\System\pmSPvOT.exe
  C:\Windows\System\pmSPvOT.exe
  2⤵
  PID:15584
- C:\Windows\System\sATNcaD.exe
  C:\Windows\System\sATNcaD.exe
  2⤵
  PID:15612
- C:\Windows\System\kFbXKYK.exe
  C:\Windows\System\kFbXKYK.exe
  2⤵
  PID:15640
- C:\Windows\System\sGGqnnm.exe
  C:\Windows\System\sGGqnnm.exe
  2⤵
  PID:15668
- C:\Windows\System\gbxPiEL.exe
  C:\Windows\System\gbxPiEL.exe
  2⤵
  PID:15696
- C:\Windows\System\FkrWJOI.exe
  C:\Windows\System\FkrWJOI.exe
  2⤵
  PID:15724
- C:\Windows\System\uMyksUh.exe
  C:\Windows\System\uMyksUh.exe
  2⤵
  PID:15752
- C:\Windows\System\kbAFJHk.exe
  C:\Windows\System\kbAFJHk.exe
  2⤵
  PID:15780
- C:\Windows\System\XBrtcQY.exe
  C:\Windows\System\XBrtcQY.exe
  2⤵
  PID:15808
- C:\Windows\System\oZSyGht.exe
  C:\Windows\System\oZSyGht.exe
  2⤵
  PID:15836
- C:\Windows\System\RqRvHjc.exe
  C:\Windows\System\RqRvHjc.exe
  2⤵
  PID:15864
- C:\Windows\System\FBXQNaK.exe
  C:\Windows\System\FBXQNaK.exe
  2⤵
  PID:15892
- C:\Windows\System\AlnyuOq.exe
  C:\Windows\System\AlnyuOq.exe
  2⤵
  PID:15920
- C:\Windows\System\vwrbfYL.exe
  C:\Windows\System\vwrbfYL.exe
  2⤵
  PID:15948
- C:\Windows\System\vBHgiQZ.exe
  C:\Windows\System\vBHgiQZ.exe
  2⤵
  PID:15992
- C:\Windows\System\XvoKcnD.exe
  C:\Windows\System\XvoKcnD.exe
  2⤵
  PID:16008
- C:\Windows\System\AXuHSKH.exe
  C:\Windows\System\AXuHSKH.exe
  2⤵
  PID:16036
- C:\Windows\System\ylHrxIa.exe
  C:\Windows\System\ylHrxIa.exe
  2⤵
  PID:16064
- C:\Windows\System\xlGapmu.exe
  C:\Windows\System\xlGapmu.exe
  2⤵
  PID:16092
- C:\Windows\System\hQyNqjf.exe
  C:\Windows\System\hQyNqjf.exe
  2⤵
  PID:16120
- C:\Windows\System\JcmWMzS.exe
  C:\Windows\System\JcmWMzS.exe
  2⤵
  PID:16148
- C:\Windows\System\XFpTcTp.exe
  C:\Windows\System\XFpTcTp.exe
  2⤵
  PID:16176
- C:\Windows\System\vzgilOX.exe
  C:\Windows\System\vzgilOX.exe
  2⤵
  PID:16204
- C:\Windows\System\oMlioiM.exe
  C:\Windows\System\oMlioiM.exe
  2⤵
  PID:16232
- C:\Windows\System\aHMDIGZ.exe
  C:\Windows\System\aHMDIGZ.exe
  2⤵
  PID:16260
- C:\Windows\System\wTfrann.exe
  C:\Windows\System\wTfrann.exe
  2⤵
  PID:16288
- C:\Windows\System\ODJGKUr.exe
  C:\Windows\System\ODJGKUr.exe
  2⤵
  PID:16316
- C:\Windows\System\KGCbilz.exe
  C:\Windows\System\KGCbilz.exe
  2⤵
  PID:16344
- C:\Windows\System\NESsQdH.exe
  C:\Windows\System\NESsQdH.exe
  2⤵
  PID:16372
- C:\Windows\System\inHcTnW.exe
  C:\Windows\System\inHcTnW.exe
  2⤵
  PID:15380
- C:\Windows\System\PASNldh.exe
  C:\Windows\System\PASNldh.exe
  2⤵
  PID:6132
- C:\Windows\System\NdwqbND.exe
  C:\Windows\System\NdwqbND.exe
  2⤵
  PID:12244
- C:\Windows\System\WMEamQi.exe
  C:\Windows\System\WMEamQi.exe
  2⤵
  PID:15512
- C:\Windows\System\gNGSfub.exe
  C:\Windows\System\gNGSfub.exe
  2⤵
  PID:9668
- C:\Windows\System\RoRDSlm.exe
  C:\Windows\System\RoRDSlm.exe
  2⤵
  PID:15632
- C:\Windows\System\cXqZNaV.exe
  C:\Windows\System\cXqZNaV.exe
  2⤵
  PID:12000
- C:\Windows\System\gcetZHm.exe
  C:\Windows\System\gcetZHm.exe
  2⤵
  PID:4984
- C:\Windows\System\aTmxVLA.exe
  C:\Windows\System\aTmxVLA.exe
  2⤵
  PID:15744
- C:\Windows\System\qQnkrxx.exe
  C:\Windows\System\qQnkrxx.exe
  2⤵
  PID:15800
- C:\Windows\System\IBsCHIa.exe
  C:\Windows\System\IBsCHIa.exe
  2⤵
  PID:15832
- C:\Windows\System\XAIQXlp.exe
  C:\Windows\System\XAIQXlp.exe
  2⤵
  PID:10072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BBqHacM.exe

Filesize
6.0MB

MD5
e43df6af471105080717d992697f162f

SHA1
0ca4acf6b8034416dc737ad0722cdd906bef3247

SHA256
6691fd86ba8feefa36c02cb0e2ce91b941523cb4ca1b73d49dd06b2e870dd128

SHA512
3718b64f82508c19dd5f247faf58c0ec4e8e7bb433ee1145d99b266ac775930435e6122ad2dd81c6e12d5863ecc5b24bfca145277587339c4614fb966e8260ed

Download Submit
C:\Windows\System\CclKGFi.exe

Filesize
6.0MB

MD5
383bf496d0a1352fc312407850a839ba

SHA1
6d21a1f8d5f9883cbc5cad22aabd3573daf6bd34

SHA256
e7e491dd9f03e6f76469c791efa490eecdf708511829bc509d000b702255ed87

SHA512
8efdf0bd9e0d710061666ebab16f633afcc74e7ff1b4c49b6e0b4861a83ca65dc927199619a38feb8bb7dc124c8127edd7043d75ed6919a2959bd212956ac084

Download Submit
C:\Windows\System\FgojJos.exe

Filesize
6.0MB

MD5
b29942b964a0750bc74452188bf387e7

SHA1
65e32aaad56318f79e6cfb8b61f7e11375cdcb38

SHA256
8e2dc4e895ba55b55447f8e7ebf3e029d2f1870a6269d1ad9da90700d0554cd0

SHA512
b97a822121f6cf8b3e53e1bd06b4dbb74d78d58082d947dbc0129d9646239eea36f77f928557cdbfd3915a696b543f5aecd91a7408841c830963a535d66090a4

Download Submit
C:\Windows\System\HDLHKTd.exe

Filesize
6.0MB

MD5
5ed171d109cf532c7b8c6487488e1211

SHA1
1c3a66f8ceaa8bc8cdb4b6c39454c635aba199fd

SHA256
4c42cec31491491d1d8717033219ad129d89a3bad79ca7443a41d2b54faeca7c

SHA512
dd5e4d6207f7a7bd183608b760469687da1cc0dcf9cc9ef99def58a9609690d41fa9f3b048dac4a48bc7e178443a79d5f53bc20bbd01f8b86479674f7d37e0c4

Download Submit
C:\Windows\System\ICCkbDy.exe

Filesize
6.0MB

MD5
860586e6bb6d5536505dea125ac63f67

SHA1
fc160bbbf0714d51495ca1ac3b13e93dd4d8f5c6

SHA256
1a43672a58868441887a97770d0c6e24df28e63524fa65f4fc1a172e5fc6791a

SHA512
4603ba4e1cc71086508a932c9dc44a62ff6e63e91e600e679c4d88e297c72b1a745db3a6c240311d3da99799c459b5b0763b14dcecbe104b820d3e3b2c3cb46f

Download Submit
C:\Windows\System\OpZVAnq.exe

Filesize
6.0MB

MD5
ba1d26711a6831badab5a53214e6b3bf

SHA1
cc0d9080bc8e96435b7de85d25e3c664e62cb531

SHA256
afc9d02a064b9ba77a7cd22944124c7065e092186a4665f85b9105ee4609bc4f

SHA512
832c69195acd0ad1b59b14239d8ea2993e07ec906454ecf184d73293e68147d535a721326f1ef0295ef23c4309e4e7bd917f51a987bc120535add360adf34ffd

Download Submit
C:\Windows\System\PYXFYIe.exe

Filesize
6.0MB

MD5
3ef83fe115fcbec7cee5397d976f6a7a

SHA1
fa0387d02ed511e37ee289f639f51b9ab207d805

SHA256
ea9426a3c9f441f71c1ac4f0172f386d7407ea61cf7b5b0820b462046ca9b1b2

SHA512
ace4b31a0ff5a4c808743376cee9b52470f908cd44004930b9838b469fdb1d62a49e359bd3c93459e601b61a07d5d6a588792917539cbf08871f83ea8b218a78

Download Submit
C:\Windows\System\RMyfoai.exe

Filesize
6.0MB

MD5
5cf333c6527941f3d46a2ab0edc568e7

SHA1
17d9d6fc4eba14c2726f6e13708973b82fbf4421

SHA256
2691876014740ab06c1e29194dc4d4efca85e50cc50f2a8d3b285667bdb020a2

SHA512
72c547bf9f255761ec12d30f44f603034c4dab51e2fe6ea30ce84d9043184c50ab5888155d4e4ca921841c8267363aa2f351c0dc3e223b00aea74f9f9f2fbcbb

Download Submit
C:\Windows\System\UsBwysj.exe

Filesize
6.0MB

MD5
df7dd46ba51278cfde51b9b90d550572

SHA1
705686557b34d83ccae10efdc905f7a575a0faa3

SHA256
8f49c0049884d3370c21880fe70506403b03156186ad651dd82edde1e6dd2de1

SHA512
f1c19799bbcfa6b687f8415bfb75f32329ead11d882e4fdb10f9759c84d912d055ed358e2026d4d451e2446e865048b6ef77c7da4eb501f8f1a0466ab8b73e9a

Download Submit
C:\Windows\System\ZhWhawM.exe

Filesize
6.0MB

MD5
ff475ad556b68f5190a8a92abb58aee4

SHA1
80f2493e56832317b48d1d7148d6901fea6a7bf9

SHA256
9c2a32a106e8411a11fba6e3ac2fee1098a6ea18570147907b330b55a40b1794

SHA512
894c11e0c6ffbb71fdd441437f1f4fd599894705ad7664dc53d41dcc8bea45388780e14669668bae4bdcac731ad854037aec4f718662a4ae183f75c7240fedbd

Download Submit
C:\Windows\System\aQRnSCo.exe

Filesize
6.0MB

MD5
6736044508ba1af2005ec0f64440c167

SHA1
1d1ee8b20b6f1361a78a67f878cad337c17c780a

SHA256
b0c00c01156cd3c1b862e562dbb992acd0b293d8061322e6620b0e1d95990995

SHA512
bec4340f72e305f2da875573c61f35db85bfa41d46b48d5ac009ba12e2fdcc5c4137d0d0c5498c5bc636e68bb5f4f22fbe36e90a52d191ceb3f3a18cf50e6759

Download Submit
C:\Windows\System\bjorogC.exe

Filesize
6.0MB

MD5
cd5dbbbe7a07923c591e372fccac523e

SHA1
b9948ec54315f9f23407bb954adfad6eba230416

SHA256
f286d7a6045c2db7f356480c9ccab706b129771d9551f715594487c6501ea23c

SHA512
c801581232934b5f6a756ceed21ea977caf148657d76ee3ae508a5969c1488bfa03c9ac76026ccff4096178ca79df888d260ab1c4c11ba377c2726b102d1dacd

Download Submit
C:\Windows\System\dgaQXOt.exe

Filesize
6.0MB

MD5
0a593e905eb93a26ea0b8144788379d8

SHA1
6da3a3f615bb05b4529428f26ee80d9a0c3c510d

SHA256
255ce410f3c77462223125c79eb50cf0969b20739a29aa9cb7c94d8c232a64f8

SHA512
b27035533de94a502c960cf180675a257bd9ae070fe3667ae6a41f5cfa1081ab3164fc136acd3d0f976c81c192e5849600a7892f3cbfb3684b68af25c31a62f1

Download Submit
C:\Windows\System\eMLnvAq.exe

Filesize
6.0MB

MD5
04ba6c4bf5395958798e6ce9f01b5c05

SHA1
b0c852202f4f8904144f81b818906126312061c9

SHA256
108b39e2ce68e87a94fc56e12fecae998083884b1d010c4f0f231e76688c1545

SHA512
7ef55485b8ec29366f29f43f15fe7d35bdf7e427fa4d95ceaffc73f4885cf0c07f26f886fb7b46731d434eb08a8381046c6faaefc00f135052aa40c14c4bdfc6

Download Submit
C:\Windows\System\gQlivun.exe

Filesize
6.0MB

MD5
c6aadd67d729aba58de30ce731d76365

SHA1
842556b60fdb804c15687879e7156e5ad9fdf918

SHA256
4ea3e3ab5059b3fda57031dc4787e24365805d7e5f2471f875df2a5effe30463

SHA512
30ca1b8cafbf7422efd1fcdd80be7378a7286146256610d1bdb98fdd6b24cf0b38ccc02406bdda6c4bb490d2f642287307b06b299288cc10aea05786ea5aeadd

Download Submit
C:\Windows\System\hLgqMXB.exe

Filesize
6.0MB

MD5
83acc5e3d44492ac635dc9f970c9fb65

SHA1
1c6ee1555e2a7e640ff454ddec0c78edd6ebbb9d

SHA256
d0f827f1c3164e63d3db8f4c5529ee9e5bb228face46250b49c1ab5ea26b1fc9

SHA512
00dd1c9d3bac8dc84c61d285d2a5b453fdf725e49e15624d5f03ab74e9b48c7f1ac2a023fcbe1dfc28962c80628e49f340c8d862edddb07274e74fd015323386

Download Submit
C:\Windows\System\ibdQsBi.exe

Filesize
6.0MB

MD5
af0d9f7005cf5b77a3a9e031bfab12dc

SHA1
785ff7720ffc1d32ce68427f94893ea29f922f75

SHA256
ad7f09497a3bd9ceb26245cbc26f8af473c8289adeeca31669c605889dfc54d3

SHA512
233784484b05f390be219bfda79edaada1024de24c2817f5e323e35f7035f83cff404c7e7baf6e5e43e38c915b8ac9c45e48ae56fb80f97c1dcaa368c81f0496

Download Submit
C:\Windows\System\klLpAlH.exe

Filesize
6.0MB

MD5
dc89a2c9c7bb737890b45c6c13d52edf

SHA1
5d807f82faa6f0615fb5e6aa055c5023082b6b6f

SHA256
47c9bb8448d566a80f21367477d22a4be163ba00f69fea1fb508e8050618ede2

SHA512
9337405c1f4267cb23cadb9dde528bc54c325e90746fabae57ccdbae4ca91f5c4d5d2ceb3e0b365191c9c6d67d7f3272d5413cd852d8d20a2069f91febedc833

Download Submit
C:\Windows\System\krNpaYf.exe

Filesize
6.0MB

MD5
99df051fb800caca3b04cafa957d7586

SHA1
651f749f3c9b519fb19ef20ef154b5555a0b786b

SHA256
c47771f6617667b523ad1f9df52304df9f497d8f64e3d712ea5d18c329e8146d

SHA512
deaa9e3ec15215bc62a23155f6a4544187edbc07f1a90f4e3ffc99a2567c994362f858dd1cf31bd2801fa69ee923ddbccafa3743be6256b2d0b3806179b1d1d5

Download Submit
C:\Windows\System\mBshDhs.exe

Filesize
6.0MB

MD5
11ff67b98e9d43a06859d9a8473a8716

SHA1
cf261bd4533e64b88e70a1c25029f8ac7d3aa55e

SHA256
f1d422bcbde5e6b6152f26549694fa40bd78a17267c6e22d6559a00637ac0b38

SHA512
fd155095f774d22a0b824c98d7667a8d03606bd24aa27e5fdddf3892e348118a954f1d12015615bab0055bdfea58902ab7fac2ce0a09315cf84d182e4bbc5ca2

Download Submit
C:\Windows\System\nSEGPWO.exe

Filesize
6.0MB

MD5
ca46b022b7349b78f5d8e23acfe39c33

SHA1
9c4fbdf48f27a816668e156634a80b8fb6e3fd9f

SHA256
8ee8d2bcaaf374a7638f7ccfe2e7330f5d715209b1b261ad82b5e8ee4b522c9f

SHA512
ff53c4f0e7ab5d71144c1814bf8235a7ca7ed7a8390fc895d0d04b4824ee43c10419a9a4450179d416f396581c50caa7e86ed537258ff44c1c786e2842cef3ce

Download Submit
C:\Windows\System\piqNYdX.exe

Filesize
6.0MB

MD5
4920c242c4b6fec112636fe07f86e5c1

SHA1
34283e6e5d13c32e39e8e292654f461331ef0c34

SHA256
1f9928f776ec1442bdc36fd6649e3bdc3e3fc63c74a137f29375425d90a32d69

SHA512
f2df222c7ead1c2fbc88e56bf0fd8f528c4b1b5d99831a4b7fb4971be67279d41b96fdf31de3238e2c533a3cedd993b4d28370d36d9426c1003978c8e38a28b6

Download Submit
C:\Windows\System\qjmYiyJ.exe

Filesize
6.0MB

MD5
1f3902297afee76ebcf8d1b0bd8245f8

SHA1
0d6d1143d3125343d71aabdb52c3bd2cf2baf509

SHA256
737bb3f7f46d3bf2ed80e8f117c2a6d8bf8344c092ccb180a7b5cacc755b0326

SHA512
1c7f847b6f90b5efd9303966897d85d13773a988794348c772881def7a5e5d82d5c30645d96ffd23687d75ca349a8fab190d6db54768212b4d9849ba24bc4af6

Download Submit
C:\Windows\System\rDQfDQU.exe

Filesize
6.0MB

MD5
7497e6bb1f78f95714961a80c66a8375

SHA1
ff15aa21a91019dab34ac8fe0f1efc62acfc1b48

SHA256
4fbc0b76ba3f920496ec658c33abc1a313291807ecceaec77f38c6f624a627d4

SHA512
ff476aa1e459debf1a398fb927f1c201d00177e2b808bb14c68b8b3245d57df45f4554b1c294668c146f0e1ac2747371f246b0cf19cb4ae414300187680a3957

Download Submit
C:\Windows\System\rUhwsCX.exe

Filesize
6.0MB

MD5
ebfd0b4fa5e008168dede410b74ebaf0

SHA1
372f4277a85fb39f84f93ff504706cda96b55c56

SHA256
96574e697e27a7fdf2d138c4c9982f8b587cae8557d8c6864b038d338337f2ad

SHA512
f51f6b64bb9d516bfaca274d411f53c9e69afc4ae874cb2782461619b8f0de5e65406f588a3e4f29434458da196a7df3112b88962048c7458b55123514e39b36

Download Submit
C:\Windows\System\rhXeRKj.exe

Filesize
6.0MB

MD5
ebd2bd60a9c71787b731153c93cf685d

SHA1
6925c489b9025f9faebd073742293730bcd58c9f

SHA256
11f18b77ee0fe0e9b5ea4bded622e72ef4d4750f6bde08dae9ad76ac373c8a74

SHA512
d438b1122bf82db9acc0f408c8b21f635492f5cd1e709924f2eed8a052cae3cf528f0ee7ec1a214a995b8902b5aabd0e2e5727c5db72961a0c6dd073c8595dd1

Download Submit
C:\Windows\System\tGiZosl.exe

Filesize
6.0MB

MD5
8a1d9d4c3d3d2483b6c351f0d33c1e83

SHA1
3b93d8d3ae0e7d78196d6ce56760d1f79da1824e

SHA256
6f831a0dbdadcaea78b291cc27faeeeddfad104c4ce7a150010baf5858c8e7e2

SHA512
c6748152be24587d98b4b2c6f439c656255c17208d3d81d9455c5583adc7a8b9b5e30de44fd6fb5406f48c3f34b0ca45d3f7c581a75aa7c54a0c9a57d4ea4be6

Download Submit
C:\Windows\System\tVdIVMT.exe

Filesize
6.0MB

MD5
2b44b94d3df6cf37dde0958d38a815a2

SHA1
b9250c0e42369ff7f4673481fd1585c7b5ad6071

SHA256
950f987551601f47ed404d32ab14fcaeab57649793bba965e86299fff2d87a4c

SHA512
b76f238e76a9717d28652b8d28ce18f4b2641c3c8ee597a17916a080070ba21373521fcddafafdc42c016e7477d6aced08a88e89773af9c0dbe3ff345c40b8ca

Download Submit
C:\Windows\System\vkIichi.exe

Filesize
6.0MB

MD5
3ecf83f2ced72432f790005874148853

SHA1
db901d6118eca8da817cdd4adbd189f87463f3a4

SHA256
ee2ec151992643695d4500df1f07cc8c865e109476b006befc0a26eb15e99314

SHA512
67954154d34e185ad5ba082e2e0a0570af90047fa4f75775825649ffad0761d46548a882f70ea9ec8e8fe9224fa0e5aad60ecb4ff51c2b278a080850af2d9aca

Download Submit
C:\Windows\System\wabIrBV.exe

Filesize
6.0MB

MD5
b5300243c97b05bbf8a79c6c2bc42fa0

SHA1
4a80a403cadded5b1b4937611773644162e68b30

SHA256
3e6d8224608ce4763d6aff691ac70e693c2a95d6abc3d6710edd5ce06d8faad2

SHA512
f015822c65dcc019ebf059cb1b0289eced427b9d29252668fe4beea6ac94b034e891d1d711f3b3898aae2a46aa525ddf0e9594abe5c222ded1d4e6421c9cc430

Download Submit
C:\Windows\System\wvyliEZ.exe

Filesize
6.0MB

MD5
b7f2659d5ebabdebe2c607151cc45c51

SHA1
2725304bbd569d324053b0df96f9b2b5b6a1721d

SHA256
583b980c9848348e0864ed9ed7c217da779cc4f857052de24e9399c9ea4b9650

SHA512
5a6c877856a5bc650f3ace4cf26e3a20f3072ddcad71d84fc7902f42e35fc07fad3808415178f436bd4aa0a82601233ee95deb8e9e0b66f78474cea771b5b6e1

Download Submit
C:\Windows\System\yCEpBqN.exe

Filesize
6.0MB

MD5
5fea226d95e6918756eef7f05851a9dc

SHA1
dbff9125f299cbda7ef9d6c831514b911a1cd590

SHA256
faefa578d07e8a36235936f9d6d06ebb6abf404eeeaa4216ba502cdf0cc16f72

SHA512
684dba57116fd00a2be4a40cf4564a052a165ea50453feb565a15d83ed71d6344eb197393f086de560506238149c1bd9c3d329589212208ec81930cfa0d6f38a

Download Submit
memory/220-126-0x00007FF7BC960000-0x00007FF7BCCB4000-memory.dmp

Filesize
3.3MB

Download
memory/220-1800-0x00007FF7BC960000-0x00007FF7BCCB4000-memory.dmp

Filesize
3.3MB

Download
memory/220-189-0x00007FF7BC960000-0x00007FF7BCCB4000-memory.dmp

Filesize
3.3MB

Download
memory/380-91-0x00007FF68A810000-0x00007FF68AB64000-memory.dmp

Filesize
3.3MB

Download
memory/380-160-0x00007FF68A810000-0x00007FF68AB64000-memory.dmp

Filesize
3.3MB

Download
memory/380-1786-0x00007FF68A810000-0x00007FF68AB64000-memory.dmp

Filesize
3.3MB

Download
memory/440-1437-0x00007FF640FD0000-0x00007FF641324000-memory.dmp

Filesize
3.3MB

Download
memory/440-193-0x00007FF640FD0000-0x00007FF641324000-memory.dmp

Filesize
3.3MB

Download
memory/440-1820-0x00007FF640FD0000-0x00007FF641324000-memory.dmp

Filesize
3.3MB

Download
memory/1132-84-0x00007FF757290000-0x00007FF7575E4000-memory.dmp

Filesize
3.3MB

Download
memory/1132-151-0x00007FF757290000-0x00007FF7575E4000-memory.dmp

Filesize
3.3MB

Download
memory/1132-1784-0x00007FF757290000-0x00007FF7575E4000-memory.dmp

Filesize
3.3MB

Download
memory/1164-1780-0x00007FF7C54E0000-0x00007FF7C5834000-memory.dmp

Filesize
3.3MB

Download
memory/1164-125-0x00007FF7C54E0000-0x00007FF7C5834000-memory.dmp

Filesize
3.3MB

Download
memory/1164-54-0x00007FF7C54E0000-0x00007FF7C5834000-memory.dmp

Filesize
3.3MB

Download
memory/1396-90-0x00007FF7D15E0000-0x00007FF7D1934000-memory.dmp

Filesize
3.3MB

Download
memory/1396-1751-0x00007FF7D15E0000-0x00007FF7D1934000-memory.dmp

Filesize
3.3MB

Download
memory/1396-24-0x00007FF7D15E0000-0x00007FF7D1934000-memory.dmp

Filesize
3.3MB

Download
memory/1432-1254-0x00007FF6957C0000-0x00007FF695B14000-memory.dmp

Filesize
3.3MB

Download
memory/1432-163-0x00007FF6957C0000-0x00007FF695B14000-memory.dmp

Filesize
3.3MB

Download
memory/1432-1810-0x00007FF6957C0000-0x00007FF695B14000-memory.dmp

Filesize
3.3MB

Download
memory/1576-1748-0x00007FF605440000-0x00007FF605794000-memory.dmp

Filesize
3.3MB

Download
memory/1576-18-0x00007FF605440000-0x00007FF605794000-memory.dmp

Filesize
3.3MB

Download
memory/1576-81-0x00007FF605440000-0x00007FF605794000-memory.dmp

Filesize
3.3MB

Download
memory/1812-1433-0x00007FF6EA980000-0x00007FF6EACD4000-memory.dmp

Filesize
3.3MB

Download
memory/1812-1815-0x00007FF6EA980000-0x00007FF6EACD4000-memory.dmp

Filesize
3.3MB

Download
memory/1812-182-0x00007FF6EA980000-0x00007FF6EACD4000-memory.dmp

Filesize
3.3MB

Download
memory/1900-107-0x00007FF7C3CA0000-0x00007FF7C3FF4000-memory.dmp

Filesize
3.3MB

Download
memory/1900-1772-0x00007FF7C3CA0000-0x00007FF7C3FF4000-memory.dmp

Filesize
3.3MB

Download
memory/1900-36-0x00007FF7C3CA0000-0x00007FF7C3FF4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-144-0x00007FF792820000-0x00007FF792B74000-memory.dmp

Filesize
3.3MB

Download
memory/1912-1789-0x00007FF792820000-0x00007FF792B74000-memory.dmp

Filesize
3.3MB

Download
memory/1912-77-0x00007FF792820000-0x00007FF792B74000-memory.dmp

Filesize
3.3MB

Download
memory/2040-40-0x00007FF722470000-0x00007FF7227C4000-memory.dmp

Filesize
3.3MB

Download
memory/2040-1773-0x00007FF722470000-0x00007FF7227C4000-memory.dmp

Filesize
3.3MB

Download
memory/2040-109-0x00007FF722470000-0x00007FF7227C4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-170-0x00007FF743460000-0x00007FF7437B4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-106-0x00007FF743460000-0x00007FF7437B4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-1791-0x00007FF743460000-0x00007FF7437B4000-memory.dmp

Filesize
3.3MB

Download
memory/2272-68-0x00007FF722120000-0x00007FF722474000-memory.dmp

Filesize
3.3MB

Download
memory/2272-138-0x00007FF722120000-0x00007FF722474000-memory.dmp

Filesize
3.3MB

Download
memory/2272-1783-0x00007FF722120000-0x00007FF722474000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1121-0x00007FF729230000-0x00007FF729584000-memory.dmp

Filesize
3.3MB

Download
memory/2672-133-0x00007FF729230000-0x00007FF729584000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1801-0x00007FF729230000-0x00007FF729584000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1802-0x00007FF64FA00000-0x00007FF64FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1209-0x00007FF64FA00000-0x00007FF64FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2872-145-0x00007FF64FA00000-0x00007FF64FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2956-175-0x00007FF6FA9D0000-0x00007FF6FAD24000-memory.dmp

Filesize
3.3MB

Download
memory/2956-1808-0x00007FF6FA9D0000-0x00007FF6FAD24000-memory.dmp

Filesize
3.3MB

Download
memory/2956-112-0x00007FF6FA9D0000-0x00007FF6FAD24000-memory.dmp

Filesize
3.3MB

Download
memory/3144-1803-0x00007FF6417A0000-0x00007FF641AF4000-memory.dmp

Filesize
3.3MB

Download
memory/3144-176-0x00007FF6417A0000-0x00007FF641AF4000-memory.dmp

Filesize
3.3MB

Download
memory/3144-1391-0x00007FF6417A0000-0x00007FF641AF4000-memory.dmp

Filesize
3.3MB

Download
memory/3368-67-0x00007FF654B40000-0x00007FF654E94000-memory.dmp

Filesize
3.3MB

Download
memory/3368-7-0x00007FF654B40000-0x00007FF654E94000-memory.dmp

Filesize
3.3MB

Download
memory/3368-1730-0x00007FF654B40000-0x00007FF654E94000-memory.dmp

Filesize
3.3MB

Download
memory/3524-32-0x00007FF747510000-0x00007FF747864000-memory.dmp

Filesize
3.3MB

Download
memory/3524-1767-0x00007FF747510000-0x00007FF747864000-memory.dmp

Filesize
3.3MB

Download
memory/3524-98-0x00007FF747510000-0x00007FF747864000-memory.dmp

Filesize
3.3MB

Download
memory/3552-0-0x00007FF6E2FF0000-0x00007FF6E3344000-memory.dmp

Filesize
3.3MB

Download
memory/3552-60-0x00007FF6E2FF0000-0x00007FF6E3344000-memory.dmp

Filesize
3.3MB

Download
memory/3552-1-0x00000216BC360000-0x00000216BC370000-memory.dmp

Filesize
64KB

Download
memory/3620-117-0x00007FF7CE1F0000-0x00007FF7CE544000-memory.dmp

Filesize
3.3MB

Download
memory/3620-1776-0x00007FF7CE1F0000-0x00007FF7CE544000-memory.dmp

Filesize
3.3MB

Download
memory/3620-48-0x00007FF7CE1F0000-0x00007FF7CE544000-memory.dmp

Filesize
3.3MB

Download
memory/3644-164-0x00007FF7BB8E0000-0x00007FF7BBC34000-memory.dmp

Filesize
3.3MB

Download
memory/3644-100-0x00007FF7BB8E0000-0x00007FF7BBC34000-memory.dmp

Filesize
3.3MB

Download
memory/3644-1795-0x00007FF7BB8E0000-0x00007FF7BBC34000-memory.dmp

Filesize
3.3MB

Download
memory/3776-74-0x00007FF777360000-0x00007FF7776B4000-memory.dmp

Filesize
3.3MB

Download
memory/3776-14-0x00007FF777360000-0x00007FF7776B4000-memory.dmp

Filesize
3.3MB

Download
memory/3776-1737-0x00007FF777360000-0x00007FF7776B4000-memory.dmp

Filesize
3.3MB

Download
memory/4088-1809-0x00007FF6E1F80000-0x00007FF6E22D4000-memory.dmp

Filesize
3.3MB

Download
memory/4088-1253-0x00007FF6E1F80000-0x00007FF6E22D4000-memory.dmp

Filesize
3.3MB

Download
memory/4088-152-0x00007FF6E1F80000-0x00007FF6E22D4000-memory.dmp

Filesize
3.3MB

Download
memory/4176-188-0x00007FF7A4DC0000-0x00007FF7A5114000-memory.dmp

Filesize
3.3MB

Download
memory/4176-1807-0x00007FF7A4DC0000-0x00007FF7A5114000-memory.dmp

Filesize
3.3MB

Download
memory/4176-120-0x00007FF7A4DC0000-0x00007FF7A5114000-memory.dmp

Filesize
3.3MB

Download
memory/4240-130-0x00007FF76E830000-0x00007FF76EB84000-memory.dmp

Filesize
3.3MB

Download
memory/4240-61-0x00007FF76E830000-0x00007FF76EB84000-memory.dmp

Filesize
3.3MB

Download
memory/4240-1785-0x00007FF76E830000-0x00007FF76EB84000-memory.dmp

Filesize
3.3MB

Download
memory/4560-169-0x00007FF7473A0000-0x00007FF7476F4000-memory.dmp

Filesize
3.3MB

Download
memory/4560-1811-0x00007FF7473A0000-0x00007FF7476F4000-memory.dmp

Filesize
3.3MB

Download
memory/4560-1297-0x00007FF7473A0000-0x00007FF7476F4000-memory.dmp

Filesize
3.3MB

Download
memory/4616-1537-0x00007FF631D00000-0x00007FF632054000-memory.dmp

Filesize
3.3MB

Download
memory/4616-1821-0x00007FF631D00000-0x00007FF632054000-memory.dmp

Filesize
3.3MB

Download
memory/4616-194-0x00007FF631D00000-0x00007FF632054000-memory.dmp

Filesize
3.3MB

Download
memory/4900-139-0x00007FF7F77A0000-0x00007FF7F7AF4000-memory.dmp

Filesize
3.3MB

Download
memory/4900-1806-0x00007FF7F77A0000-0x00007FF7F7AF4000-memory.dmp

Filesize
3.3MB

Download
memory/4900-1152-0x00007FF7F77A0000-0x00007FF7F7AF4000-memory.dmp

Filesize
3.3MB

Download