cobaltstrike | 3917b3db710fec34201ecc0b1354ea6634312884cc2b7cbae84174ebadc53863

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

10d595b3eac8e43c7e4b254310f33bd4
SHA1

3e77a07a1b45e3075785d6370d4872b506698ff9
SHA256

3917b3db710fec34201ecc0b1354ea6634312884cc2b7cbae84174ebadc53863
SHA512

e58e22e9fc7d193872c0b9240e7df8d8ac697545b1da87f0752078a0a2fffd937f644c1440c8eae2fd50cfbe729f1723a670c0341658b938d73849af4218c403
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU3:T+q56utgpPF8u/73

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\System\iLjpWiY.exe	cobalt_reflective_dll
C:\Windows\System\HLJEAjy.exe	cobalt_reflective_dll
C:\Windows\System\awgaELG.exe	cobalt_reflective_dll
C:\Windows\System\vTWZBvA.exe	cobalt_reflective_dll
C:\Windows\System\eUvmWXG.exe	cobalt_reflective_dll
C:\Windows\System\ZfdwFEL.exe	cobalt_reflective_dll
C:\Windows\System\PdHAplS.exe	cobalt_reflective_dll
C:\Windows\System\rYWnmaR.exe	cobalt_reflective_dll
C:\Windows\System\nlIueHe.exe	cobalt_reflective_dll
C:\Windows\System\MfAKdjf.exe	cobalt_reflective_dll
C:\Windows\System\NgFQcDW.exe	cobalt_reflective_dll
C:\Windows\System\RCABQDK.exe	cobalt_reflective_dll
C:\Windows\System\AWUAdcA.exe	cobalt_reflective_dll
C:\Windows\System\GCUYEYA.exe	cobalt_reflective_dll
C:\Windows\System\NRBeXaY.exe	cobalt_reflective_dll
C:\Windows\System\xmqCpNg.exe	cobalt_reflective_dll
C:\Windows\System\uUMydFS.exe	cobalt_reflective_dll
C:\Windows\System\uEbZCsB.exe	cobalt_reflective_dll
C:\Windows\System\wPJBgEB.exe	cobalt_reflective_dll
C:\Windows\System\wiVTeIj.exe	cobalt_reflective_dll
C:\Windows\System\bdqQdlp.exe	cobalt_reflective_dll
C:\Windows\System\BUCGWtc.exe	cobalt_reflective_dll
C:\Windows\System\DHBPzen.exe	cobalt_reflective_dll
C:\Windows\System\qQilPIK.exe	cobalt_reflective_dll
C:\Windows\System\ZNLmOMS.exe	cobalt_reflective_dll
C:\Windows\System\UQWVBFC.exe	cobalt_reflective_dll
C:\Windows\System\srsBnKe.exe	cobalt_reflective_dll
C:\Windows\System\iYWMlat.exe	cobalt_reflective_dll
C:\Windows\System\uEJmiWE.exe	cobalt_reflective_dll
C:\Windows\System\OUousCl.exe	cobalt_reflective_dll
C:\Windows\System\EZianek.exe	cobalt_reflective_dll
C:\Windows\System\wYrCAmV.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/3352-0-0x00007FF69A2D0000-0x00007FF69A624000-memory.dmp	xmrig
C:\Windows\System\iLjpWiY.exe	xmrig
behavioral2/memory/3888-8-0x00007FF733BF0000-0x00007FF733F44000-memory.dmp	xmrig
C:\Windows\System\HLJEAjy.exe	xmrig
C:\Windows\System\awgaELG.exe	xmrig
behavioral2/memory/4436-18-0x00007FF7D0F50000-0x00007FF7D12A4000-memory.dmp	xmrig
C:\Windows\System\vTWZBvA.exe	xmrig
behavioral2/memory/1424-30-0x00007FF6CDA80000-0x00007FF6CDDD4000-memory.dmp	xmrig
C:\Windows\System\eUvmWXG.exe	xmrig
behavioral2/memory/4176-24-0x00007FF70DAD0000-0x00007FF70DE24000-memory.dmp	xmrig
behavioral2/memory/2040-14-0x00007FF7F0F40000-0x00007FF7F1294000-memory.dmp	xmrig
C:\Windows\System\ZfdwFEL.exe	xmrig
behavioral2/memory/1724-37-0x00007FF73CDB0000-0x00007FF73D104000-memory.dmp	xmrig
C:\Windows\System\PdHAplS.exe	xmrig
behavioral2/memory/2672-44-0x00007FF7A0860000-0x00007FF7A0BB4000-memory.dmp	xmrig
C:\Windows\System\rYWnmaR.exe	xmrig
behavioral2/memory/1912-50-0x00007FF6FFD50000-0x00007FF7000A4000-memory.dmp	xmrig
C:\Windows\System\nlIueHe.exe	xmrig
behavioral2/memory/3352-54-0x00007FF69A2D0000-0x00007FF69A624000-memory.dmp	xmrig
behavioral2/memory/1812-55-0x00007FF690F30000-0x00007FF691284000-memory.dmp	xmrig
C:\Windows\System\MfAKdjf.exe	xmrig
behavioral2/memory/3888-58-0x00007FF733BF0000-0x00007FF733F44000-memory.dmp	xmrig
behavioral2/memory/4312-65-0x00007FF609260000-0x00007FF6095B4000-memory.dmp	xmrig
behavioral2/memory/2040-62-0x00007FF7F0F40000-0x00007FF7F1294000-memory.dmp	xmrig
C:\Windows\System\NgFQcDW.exe	xmrig
behavioral2/memory/948-71-0x00007FF7F22E0000-0x00007FF7F2634000-memory.dmp	xmrig
behavioral2/memory/4436-69-0x00007FF7D0F50000-0x00007FF7D12A4000-memory.dmp	xmrig
C:\Windows\System\RCABQDK.exe	xmrig
behavioral2/memory/4176-76-0x00007FF70DAD0000-0x00007FF70DE24000-memory.dmp	xmrig
behavioral2/memory/1424-83-0x00007FF6CDA80000-0x00007FF6CDDD4000-memory.dmp	xmrig
behavioral2/memory/3552-86-0x00007FF787DB0000-0x00007FF788104000-memory.dmp	xmrig
C:\Windows\System\AWUAdcA.exe	xmrig
behavioral2/memory/2336-81-0x00007FF6B58B0000-0x00007FF6B5C04000-memory.dmp	xmrig
C:\Windows\System\GCUYEYA.exe	xmrig
behavioral2/memory/1656-90-0x00007FF7FA170000-0x00007FF7FA4C4000-memory.dmp	xmrig
behavioral2/memory/1724-93-0x00007FF73CDB0000-0x00007FF73D104000-memory.dmp	xmrig
C:\Windows\System\NRBeXaY.exe	xmrig
behavioral2/memory/2672-98-0x00007FF7A0860000-0x00007FF7A0BB4000-memory.dmp	xmrig
behavioral2/memory/4336-100-0x00007FF61ADB0000-0x00007FF61B104000-memory.dmp	xmrig
behavioral2/memory/1912-101-0x00007FF6FFD50000-0x00007FF7000A4000-memory.dmp	xmrig
C:\Windows\System\xmqCpNg.exe	xmrig
C:\Windows\System\uUMydFS.exe	xmrig
behavioral2/memory/2800-112-0x00007FF6D2DE0000-0x00007FF6D3134000-memory.dmp	xmrig
behavioral2/memory/1700-110-0x00007FF7B20E0000-0x00007FF7B2434000-memory.dmp	xmrig
behavioral2/memory/1812-109-0x00007FF690F30000-0x00007FF691284000-memory.dmp	xmrig
behavioral2/memory/4312-115-0x00007FF609260000-0x00007FF6095B4000-memory.dmp	xmrig
behavioral2/memory/948-119-0x00007FF7F22E0000-0x00007FF7F2634000-memory.dmp	xmrig
C:\Windows\System\uEbZCsB.exe	xmrig
behavioral2/memory/2748-127-0x00007FF635F80000-0x00007FF6362D4000-memory.dmp	xmrig
behavioral2/memory/2336-126-0x00007FF6B58B0000-0x00007FF6B5C04000-memory.dmp	xmrig
C:\Windows\System\wPJBgEB.exe	xmrig
behavioral2/memory/4588-120-0x00007FF79FD60000-0x00007FF7A00B4000-memory.dmp	xmrig
behavioral2/memory/3552-130-0x00007FF787DB0000-0x00007FF788104000-memory.dmp	xmrig
C:\Windows\System\wiVTeIj.exe	xmrig
behavioral2/memory/3968-139-0x00007FF661E40000-0x00007FF662194000-memory.dmp	xmrig
C:\Windows\System\bdqQdlp.exe	xmrig
C:\Windows\System\BUCGWtc.exe	xmrig
behavioral2/memory/4336-145-0x00007FF61ADB0000-0x00007FF61B104000-memory.dmp	xmrig
behavioral2/memory/3936-146-0x00007FF7592B0000-0x00007FF759604000-memory.dmp	xmrig
behavioral2/memory/2236-143-0x00007FF657EA0000-0x00007FF6581F4000-memory.dmp	xmrig
behavioral2/memory/1656-134-0x00007FF7FA170000-0x00007FF7FA4C4000-memory.dmp	xmrig
C:\Windows\System\DHBPzen.exe	xmrig
behavioral2/memory/2140-154-0x00007FF7C8C30000-0x00007FF7C8F84000-memory.dmp	xmrig
C:\Windows\System\qQilPIK.exe	xmrig

Executes dropped EXE 64 IoCs

Processes:

iLjpWiY.exeawgaELG.exeHLJEAjy.exevTWZBvA.exeeUvmWXG.exeZfdwFEL.exePdHAplS.exerYWnmaR.exenlIueHe.exeMfAKdjf.exeNgFQcDW.exeRCABQDK.exeAWUAdcA.exeGCUYEYA.exeNRBeXaY.exexmqCpNg.exeuUMydFS.exewPJBgEB.exeuEbZCsB.exewiVTeIj.exebdqQdlp.exeBUCGWtc.exeDHBPzen.exeqQilPIK.exeUQWVBFC.exeZNLmOMS.exesrsBnKe.exeiYWMlat.exeuEJmiWE.exeOUousCl.exeEZianek.exewYrCAmV.exemXMDuyu.exebgpuVxP.exepSLqdtv.exevuutETK.exeNQZHmvk.exewXQwtqu.exeQJGMhRW.exeEsaRcKb.exemxnEyCD.exepuVGXvg.exekdAeZbb.exeagobwIB.exeXwmCWqP.exewItrTWA.exeGQoEkKe.exepSTHolw.exeaGiEqjQ.exeOqTYSYS.exeFGEVFOv.exeEAYQOjy.exeHMgtCdl.exekGfebJI.exeMfuWIDD.exeXeKWDUk.exeFLNgzLj.exeInnhBAq.exeevvqEKV.exeBtNuMTv.exefUjvGgk.exenyMmjZZ.exeVNLApNO.exeArQGBKY.exe

pid	process
3888	iLjpWiY.exe
2040	awgaELG.exe
4436	HLJEAjy.exe
4176	vTWZBvA.exe
1424	eUvmWXG.exe
1724	ZfdwFEL.exe
2672	PdHAplS.exe
1912	rYWnmaR.exe
1812	nlIueHe.exe
4312	MfAKdjf.exe
948	NgFQcDW.exe
2336	RCABQDK.exe
3552	AWUAdcA.exe
1656	GCUYEYA.exe
4336	NRBeXaY.exe
1700	xmqCpNg.exe
2800	uUMydFS.exe
4588	wPJBgEB.exe
2748	uEbZCsB.exe
3968	wiVTeIj.exe
2236	bdqQdlp.exe
3936	BUCGWtc.exe
2140	DHBPzen.exe
3904	qQilPIK.exe
1616	UQWVBFC.exe
1216	ZNLmOMS.exe
4296	srsBnKe.exe
3856	iYWMlat.exe
2296	uEJmiWE.exe
4200	OUousCl.exe
3108	EZianek.exe
4332	wYrCAmV.exe
4252	mXMDuyu.exe
760	bgpuVxP.exe
4372	pSLqdtv.exe
2532	vuutETK.exe
2624	NQZHmvk.exe
1764	wXQwtqu.exe
1708	QJGMhRW.exe
636	EsaRcKb.exe
1404	mxnEyCD.exe
4740	puVGXvg.exe
1336	kdAeZbb.exe
3916	agobwIB.exe
844	XwmCWqP.exe
2832	wItrTWA.exe
2780	GQoEkKe.exe
316	pSTHolw.exe
4744	aGiEqjQ.exe
4880	OqTYSYS.exe
2908	FGEVFOv.exe
4764	EAYQOjy.exe
3120	HMgtCdl.exe
3680	kGfebJI.exe
4008	MfuWIDD.exe
1092	XeKWDUk.exe
1100	FLNgzLj.exe
4828	InnhBAq.exe
3948	evvqEKV.exe
1732	BtNuMTv.exe
2452	fUjvGgk.exe
1252	nyMmjZZ.exe
772	VNLApNO.exe
1076	ArQGBKY.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3352-0-0x00007FF69A2D0000-0x00007FF69A624000-memory.dmp	upx
C:\Windows\System\iLjpWiY.exe	upx
behavioral2/memory/3888-8-0x00007FF733BF0000-0x00007FF733F44000-memory.dmp	upx
C:\Windows\System\HLJEAjy.exe	upx
C:\Windows\System\awgaELG.exe	upx
behavioral2/memory/4436-18-0x00007FF7D0F50000-0x00007FF7D12A4000-memory.dmp	upx
C:\Windows\System\vTWZBvA.exe	upx
behavioral2/memory/1424-30-0x00007FF6CDA80000-0x00007FF6CDDD4000-memory.dmp	upx
C:\Windows\System\eUvmWXG.exe	upx
behavioral2/memory/4176-24-0x00007FF70DAD0000-0x00007FF70DE24000-memory.dmp	upx
behavioral2/memory/2040-14-0x00007FF7F0F40000-0x00007FF7F1294000-memory.dmp	upx
C:\Windows\System\ZfdwFEL.exe	upx
behavioral2/memory/1724-37-0x00007FF73CDB0000-0x00007FF73D104000-memory.dmp	upx
C:\Windows\System\PdHAplS.exe	upx
behavioral2/memory/2672-44-0x00007FF7A0860000-0x00007FF7A0BB4000-memory.dmp	upx
C:\Windows\System\rYWnmaR.exe	upx
behavioral2/memory/1912-50-0x00007FF6FFD50000-0x00007FF7000A4000-memory.dmp	upx
C:\Windows\System\nlIueHe.exe	upx
behavioral2/memory/3352-54-0x00007FF69A2D0000-0x00007FF69A624000-memory.dmp	upx
behavioral2/memory/1812-55-0x00007FF690F30000-0x00007FF691284000-memory.dmp	upx
C:\Windows\System\MfAKdjf.exe	upx
behavioral2/memory/3888-58-0x00007FF733BF0000-0x00007FF733F44000-memory.dmp	upx
behavioral2/memory/4312-65-0x00007FF609260000-0x00007FF6095B4000-memory.dmp	upx
behavioral2/memory/2040-62-0x00007FF7F0F40000-0x00007FF7F1294000-memory.dmp	upx
C:\Windows\System\NgFQcDW.exe	upx
behavioral2/memory/948-71-0x00007FF7F22E0000-0x00007FF7F2634000-memory.dmp	upx
behavioral2/memory/4436-69-0x00007FF7D0F50000-0x00007FF7D12A4000-memory.dmp	upx
C:\Windows\System\RCABQDK.exe	upx
behavioral2/memory/4176-76-0x00007FF70DAD0000-0x00007FF70DE24000-memory.dmp	upx
behavioral2/memory/1424-83-0x00007FF6CDA80000-0x00007FF6CDDD4000-memory.dmp	upx
behavioral2/memory/3552-86-0x00007FF787DB0000-0x00007FF788104000-memory.dmp	upx
C:\Windows\System\AWUAdcA.exe	upx
behavioral2/memory/2336-81-0x00007FF6B58B0000-0x00007FF6B5C04000-memory.dmp	upx
C:\Windows\System\GCUYEYA.exe	upx
behavioral2/memory/1656-90-0x00007FF7FA170000-0x00007FF7FA4C4000-memory.dmp	upx
behavioral2/memory/1724-93-0x00007FF73CDB0000-0x00007FF73D104000-memory.dmp	upx
C:\Windows\System\NRBeXaY.exe	upx
behavioral2/memory/2672-98-0x00007FF7A0860000-0x00007FF7A0BB4000-memory.dmp	upx
behavioral2/memory/4336-100-0x00007FF61ADB0000-0x00007FF61B104000-memory.dmp	upx
behavioral2/memory/1912-101-0x00007FF6FFD50000-0x00007FF7000A4000-memory.dmp	upx
C:\Windows\System\xmqCpNg.exe	upx
C:\Windows\System\uUMydFS.exe	upx
behavioral2/memory/2800-112-0x00007FF6D2DE0000-0x00007FF6D3134000-memory.dmp	upx
behavioral2/memory/1700-110-0x00007FF7B20E0000-0x00007FF7B2434000-memory.dmp	upx
behavioral2/memory/1812-109-0x00007FF690F30000-0x00007FF691284000-memory.dmp	upx
behavioral2/memory/4312-115-0x00007FF609260000-0x00007FF6095B4000-memory.dmp	upx
behavioral2/memory/948-119-0x00007FF7F22E0000-0x00007FF7F2634000-memory.dmp	upx
C:\Windows\System\uEbZCsB.exe	upx
behavioral2/memory/2748-127-0x00007FF635F80000-0x00007FF6362D4000-memory.dmp	upx
behavioral2/memory/2336-126-0x00007FF6B58B0000-0x00007FF6B5C04000-memory.dmp	upx
C:\Windows\System\wPJBgEB.exe	upx
behavioral2/memory/4588-120-0x00007FF79FD60000-0x00007FF7A00B4000-memory.dmp	upx
behavioral2/memory/3552-130-0x00007FF787DB0000-0x00007FF788104000-memory.dmp	upx
C:\Windows\System\wiVTeIj.exe	upx
behavioral2/memory/3968-139-0x00007FF661E40000-0x00007FF662194000-memory.dmp	upx
C:\Windows\System\bdqQdlp.exe	upx
C:\Windows\System\BUCGWtc.exe	upx
behavioral2/memory/4336-145-0x00007FF61ADB0000-0x00007FF61B104000-memory.dmp	upx
behavioral2/memory/3936-146-0x00007FF7592B0000-0x00007FF759604000-memory.dmp	upx
behavioral2/memory/2236-143-0x00007FF657EA0000-0x00007FF6581F4000-memory.dmp	upx
behavioral2/memory/1656-134-0x00007FF7FA170000-0x00007FF7FA4C4000-memory.dmp	upx
C:\Windows\System\DHBPzen.exe	upx
behavioral2/memory/2140-154-0x00007FF7C8C30000-0x00007FF7C8F84000-memory.dmp	upx
C:\Windows\System\qQilPIK.exe	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\mSMuThy.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LjwdBDf.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GBabNPm.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iupcHIS.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EjOijLG.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GUprrJR.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SXiZqqG.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKdPOHc.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnSCCxT.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ishkZHq.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hMoLrSc.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\djSyDeI.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eZZEJBx.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hVwIzsJ.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FTHtufB.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eaOVEYE.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvfstbM.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RivOaBm.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KtpmDaJ.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kMmwsuf.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xoWWDAZ.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFSQdzc.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mzWLDIf.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PYctfDn.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dvxLsBN.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XSyKXon.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VCylJJr.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpafQyj.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TBlQLjo.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NQqdVdH.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mxnEyCD.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCKBjxO.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FRXKNpP.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PVlcaHn.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PeWlrLz.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdVokPN.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\avHjdJf.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gmfwiBF.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fmhtSYP.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTAROtK.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MQUdRqH.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zlfqnEo.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TJhzypE.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XVmEfpA.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ltIUawo.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QYAVanU.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mFeVTLd.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RpSEXcv.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uecGbEm.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MVHUmhG.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SNWFvfL.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sziUaIg.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzmuOfm.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lcQtrZz.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZFZbzjB.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OSCumYW.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KjaorCE.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uIfaDWC.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gfskwbd.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ciCstzR.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvJPBZE.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QNoMLCM.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DkGAzJa.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vWhAEIR.exe	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 3352 wrote to memory of 3888	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	iLjpWiY.exe
PID 3352 wrote to memory of 3888	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	iLjpWiY.exe
PID 3352 wrote to memory of 2040	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	awgaELG.exe
PID 3352 wrote to memory of 2040	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	awgaELG.exe
PID 3352 wrote to memory of 4436	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	HLJEAjy.exe
PID 3352 wrote to memory of 4436	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	HLJEAjy.exe
PID 3352 wrote to memory of 4176	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	vTWZBvA.exe
PID 3352 wrote to memory of 4176	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	vTWZBvA.exe
PID 3352 wrote to memory of 1424	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	eUvmWXG.exe
PID 3352 wrote to memory of 1424	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	eUvmWXG.exe
PID 3352 wrote to memory of 1724	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	ZfdwFEL.exe
PID 3352 wrote to memory of 1724	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	ZfdwFEL.exe
PID 3352 wrote to memory of 2672	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	PdHAplS.exe
PID 3352 wrote to memory of 2672	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	PdHAplS.exe
PID 3352 wrote to memory of 1912	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	rYWnmaR.exe
PID 3352 wrote to memory of 1912	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	rYWnmaR.exe
PID 3352 wrote to memory of 1812	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	nlIueHe.exe
PID 3352 wrote to memory of 1812	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	nlIueHe.exe
PID 3352 wrote to memory of 4312	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	MfAKdjf.exe
PID 3352 wrote to memory of 4312	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	MfAKdjf.exe
PID 3352 wrote to memory of 948	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	NgFQcDW.exe
PID 3352 wrote to memory of 948	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	NgFQcDW.exe
PID 3352 wrote to memory of 2336	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	RCABQDK.exe
PID 3352 wrote to memory of 2336	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	RCABQDK.exe
PID 3352 wrote to memory of 3552	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	AWUAdcA.exe
PID 3352 wrote to memory of 3552	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	AWUAdcA.exe
PID 3352 wrote to memory of 1656	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	GCUYEYA.exe
PID 3352 wrote to memory of 1656	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	GCUYEYA.exe
PID 3352 wrote to memory of 4336	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	NRBeXaY.exe
PID 3352 wrote to memory of 4336	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	NRBeXaY.exe
PID 3352 wrote to memory of 1700	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	xmqCpNg.exe
PID 3352 wrote to memory of 1700	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	xmqCpNg.exe
PID 3352 wrote to memory of 2800	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	uUMydFS.exe
PID 3352 wrote to memory of 2800	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	uUMydFS.exe
PID 3352 wrote to memory of 4588	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	wPJBgEB.exe
PID 3352 wrote to memory of 4588	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	wPJBgEB.exe
PID 3352 wrote to memory of 2748	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	uEbZCsB.exe
PID 3352 wrote to memory of 2748	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	uEbZCsB.exe
PID 3352 wrote to memory of 3968	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	wiVTeIj.exe
PID 3352 wrote to memory of 3968	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	wiVTeIj.exe
PID 3352 wrote to memory of 2236	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	bdqQdlp.exe
PID 3352 wrote to memory of 2236	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	bdqQdlp.exe
PID 3352 wrote to memory of 3936	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	BUCGWtc.exe
PID 3352 wrote to memory of 3936	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	BUCGWtc.exe
PID 3352 wrote to memory of 2140	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	DHBPzen.exe
PID 3352 wrote to memory of 2140	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	DHBPzen.exe
PID 3352 wrote to memory of 3904	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	qQilPIK.exe
PID 3352 wrote to memory of 3904	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	qQilPIK.exe
PID 3352 wrote to memory of 1616	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	UQWVBFC.exe
PID 3352 wrote to memory of 1616	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	UQWVBFC.exe
PID 3352 wrote to memory of 1216	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	ZNLmOMS.exe
PID 3352 wrote to memory of 1216	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	ZNLmOMS.exe
PID 3352 wrote to memory of 4296	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	srsBnKe.exe
PID 3352 wrote to memory of 4296	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	srsBnKe.exe
PID 3352 wrote to memory of 3856	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	iYWMlat.exe
PID 3352 wrote to memory of 3856	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	iYWMlat.exe
PID 3352 wrote to memory of 2296	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	uEJmiWE.exe
PID 3352 wrote to memory of 2296	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	uEJmiWE.exe
PID 3352 wrote to memory of 4200	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	OUousCl.exe
PID 3352 wrote to memory of 4200	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	OUousCl.exe
PID 3352 wrote to memory of 3108	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	EZianek.exe
PID 3352 wrote to memory of 3108	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	EZianek.exe
PID 3352 wrote to memory of 4332	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	wYrCAmV.exe
PID 3352 wrote to memory of 4332	3352	2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe	wYrCAmV.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_10d595b3eac8e43c7e4b254310f33bd4_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3352
- C:\Windows\System\iLjpWiY.exe
  C:\Windows\System\iLjpWiY.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\awgaELG.exe
  C:\Windows\System\awgaELG.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\HLJEAjy.exe
  C:\Windows\System\HLJEAjy.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\vTWZBvA.exe
  C:\Windows\System\vTWZBvA.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\eUvmWXG.exe
  C:\Windows\System\eUvmWXG.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\ZfdwFEL.exe
  C:\Windows\System\ZfdwFEL.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\PdHAplS.exe
  C:\Windows\System\PdHAplS.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\rYWnmaR.exe
  C:\Windows\System\rYWnmaR.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\nlIueHe.exe
  C:\Windows\System\nlIueHe.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\MfAKdjf.exe
  C:\Windows\System\MfAKdjf.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\NgFQcDW.exe
  C:\Windows\System\NgFQcDW.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\RCABQDK.exe
  C:\Windows\System\RCABQDK.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\AWUAdcA.exe
  C:\Windows\System\AWUAdcA.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\GCUYEYA.exe
  C:\Windows\System\GCUYEYA.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\NRBeXaY.exe
  C:\Windows\System\NRBeXaY.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\xmqCpNg.exe
  C:\Windows\System\xmqCpNg.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\uUMydFS.exe
  C:\Windows\System\uUMydFS.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\wPJBgEB.exe
  C:\Windows\System\wPJBgEB.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\uEbZCsB.exe
  C:\Windows\System\uEbZCsB.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\wiVTeIj.exe
  C:\Windows\System\wiVTeIj.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\bdqQdlp.exe
  C:\Windows\System\bdqQdlp.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\BUCGWtc.exe
  C:\Windows\System\BUCGWtc.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\DHBPzen.exe
  C:\Windows\System\DHBPzen.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\qQilPIK.exe
  C:\Windows\System\qQilPIK.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\UQWVBFC.exe
  C:\Windows\System\UQWVBFC.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\ZNLmOMS.exe
  C:\Windows\System\ZNLmOMS.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\srsBnKe.exe
  C:\Windows\System\srsBnKe.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\iYWMlat.exe
  C:\Windows\System\iYWMlat.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\uEJmiWE.exe
  C:\Windows\System\uEJmiWE.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\OUousCl.exe
  C:\Windows\System\OUousCl.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\EZianek.exe
  C:\Windows\System\EZianek.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\wYrCAmV.exe
  C:\Windows\System\wYrCAmV.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\mXMDuyu.exe
  C:\Windows\System\mXMDuyu.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\bgpuVxP.exe
  C:\Windows\System\bgpuVxP.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\pSLqdtv.exe
  C:\Windows\System\pSLqdtv.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\vuutETK.exe
  C:\Windows\System\vuutETK.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\NQZHmvk.exe
  C:\Windows\System\NQZHmvk.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\wXQwtqu.exe
  C:\Windows\System\wXQwtqu.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\QJGMhRW.exe
  C:\Windows\System\QJGMhRW.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\EsaRcKb.exe
  C:\Windows\System\EsaRcKb.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\mxnEyCD.exe
  C:\Windows\System\mxnEyCD.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\puVGXvg.exe
  C:\Windows\System\puVGXvg.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\kdAeZbb.exe
  C:\Windows\System\kdAeZbb.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\agobwIB.exe
  C:\Windows\System\agobwIB.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\wItrTWA.exe
  C:\Windows\System\wItrTWA.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\XwmCWqP.exe
  C:\Windows\System\XwmCWqP.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\GQoEkKe.exe
  C:\Windows\System\GQoEkKe.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\pSTHolw.exe
  C:\Windows\System\pSTHolw.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\aGiEqjQ.exe
  C:\Windows\System\aGiEqjQ.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\OqTYSYS.exe
  C:\Windows\System\OqTYSYS.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\FGEVFOv.exe
  C:\Windows\System\FGEVFOv.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\EAYQOjy.exe
  C:\Windows\System\EAYQOjy.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\HMgtCdl.exe
  C:\Windows\System\HMgtCdl.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\kGfebJI.exe
  C:\Windows\System\kGfebJI.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\MfuWIDD.exe
  C:\Windows\System\MfuWIDD.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\XeKWDUk.exe
  C:\Windows\System\XeKWDUk.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\FLNgzLj.exe
  C:\Windows\System\FLNgzLj.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\InnhBAq.exe
  C:\Windows\System\InnhBAq.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\evvqEKV.exe
  C:\Windows\System\evvqEKV.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\BtNuMTv.exe
  C:\Windows\System\BtNuMTv.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\fUjvGgk.exe
  C:\Windows\System\fUjvGgk.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\nyMmjZZ.exe
  C:\Windows\System\nyMmjZZ.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\VNLApNO.exe
  C:\Windows\System\VNLApNO.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\ArQGBKY.exe
  C:\Windows\System\ArQGBKY.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\aYsahrx.exe
  C:\Windows\System\aYsahrx.exe
  2⤵
  PID:2188
- C:\Windows\System\vWQZXRZ.exe
  C:\Windows\System\vWQZXRZ.exe
  2⤵
  PID:2320
- C:\Windows\System\AmYMqts.exe
  C:\Windows\System\AmYMqts.exe
  2⤵
  PID:5060
- C:\Windows\System\juiGEgS.exe
  C:\Windows\System\juiGEgS.exe
  2⤵
  PID:848
- C:\Windows\System\CUAYUcF.exe
  C:\Windows\System\CUAYUcF.exe
  2⤵
  PID:2588
- C:\Windows\System\fbnAyaQ.exe
  C:\Windows\System\fbnAyaQ.exe
  2⤵
  PID:4948
- C:\Windows\System\MVHUmhG.exe
  C:\Windows\System\MVHUmhG.exe
  2⤵
  PID:1644
- C:\Windows\System\xcNzBjI.exe
  C:\Windows\System\xcNzBjI.exe
  2⤵
  PID:4528
- C:\Windows\System\yIGYdTY.exe
  C:\Windows\System\yIGYdTY.exe
  2⤵
  PID:4156
- C:\Windows\System\YnZMsyr.exe
  C:\Windows\System\YnZMsyr.exe
  2⤵
  PID:4816
- C:\Windows\System\lbhddpA.exe
  C:\Windows\System\lbhddpA.exe
  2⤵
  PID:3432
- C:\Windows\System\uHCApDB.exe
  C:\Windows\System\uHCApDB.exe
  2⤵
  PID:5016
- C:\Windows\System\poNTSPl.exe
  C:\Windows\System\poNTSPl.exe
  2⤵
  PID:4544
- C:\Windows\System\tAICMHl.exe
  C:\Windows\System\tAICMHl.exe
  2⤵
  PID:972
- C:\Windows\System\uROpluf.exe
  C:\Windows\System\uROpluf.exe
  2⤵
  PID:3864
- C:\Windows\System\QEwSelJ.exe
  C:\Windows\System\QEwSelJ.exe
  2⤵
  PID:3684
- C:\Windows\System\DkGAzJa.exe
  C:\Windows\System\DkGAzJa.exe
  2⤵
  PID:3896
- C:\Windows\System\kwgmUxK.exe
  C:\Windows\System\kwgmUxK.exe
  2⤵
  PID:4848
- C:\Windows\System\YssknsT.exe
  C:\Windows\System\YssknsT.exe
  2⤵
  PID:1632
- C:\Windows\System\OtlfuSO.exe
  C:\Windows\System\OtlfuSO.exe
  2⤵
  PID:116
- C:\Windows\System\BzmUQQY.exe
  C:\Windows\System\BzmUQQY.exe
  2⤵
  PID:3928
- C:\Windows\System\knREPOt.exe
  C:\Windows\System\knREPOt.exe
  2⤵
  PID:2688
- C:\Windows\System\FuYeQXX.exe
  C:\Windows\System\FuYeQXX.exe
  2⤵
  PID:4052
- C:\Windows\System\rHRYnpr.exe
  C:\Windows\System\rHRYnpr.exe
  2⤵
  PID:3020
- C:\Windows\System\YqDKHBR.exe
  C:\Windows\System\YqDKHBR.exe
  2⤵
  PID:2148
- C:\Windows\System\teVEIJt.exe
  C:\Windows\System\teVEIJt.exe
  2⤵
  PID:1628
- C:\Windows\System\EuRtvRX.exe
  C:\Windows\System\EuRtvRX.exe
  2⤵
  PID:1876
- C:\Windows\System\oNuOnmh.exe
  C:\Windows\System\oNuOnmh.exe
  2⤵
  PID:468
- C:\Windows\System\fdujtFz.exe
  C:\Windows\System\fdujtFz.exe
  2⤵
  PID:4856
- C:\Windows\System\SViavFD.exe
  C:\Windows\System\SViavFD.exe
  2⤵
  PID:5144
- C:\Windows\System\BLrjExL.exe
  C:\Windows\System\BLrjExL.exe
  2⤵
  PID:5184
- C:\Windows\System\hMLalYk.exe
  C:\Windows\System\hMLalYk.exe
  2⤵
  PID:5208
- C:\Windows\System\afYVlfz.exe
  C:\Windows\System\afYVlfz.exe
  2⤵
  PID:5232
- C:\Windows\System\kuBUdrk.exe
  C:\Windows\System\kuBUdrk.exe
  2⤵
  PID:5268
- C:\Windows\System\KxTMbwO.exe
  C:\Windows\System\KxTMbwO.exe
  2⤵
  PID:5292
- C:\Windows\System\qrWnLfp.exe
  C:\Windows\System\qrWnLfp.exe
  2⤵
  PID:5328
- C:\Windows\System\zJpFTWB.exe
  C:\Windows\System\zJpFTWB.exe
  2⤵
  PID:5360
- C:\Windows\System\BabCiUk.exe
  C:\Windows\System\BabCiUk.exe
  2⤵
  PID:5384
- C:\Windows\System\SioTMTs.exe
  C:\Windows\System\SioTMTs.exe
  2⤵
  PID:5408
- C:\Windows\System\SIhcgxk.exe
  C:\Windows\System\SIhcgxk.exe
  2⤵
  PID:5432
- C:\Windows\System\etDhyjU.exe
  C:\Windows\System\etDhyjU.exe
  2⤵
  PID:5472
- C:\Windows\System\XIoZGJA.exe
  C:\Windows\System\XIoZGJA.exe
  2⤵
  PID:5500
- C:\Windows\System\uVnAtsN.exe
  C:\Windows\System\uVnAtsN.exe
  2⤵
  PID:5528
- C:\Windows\System\ELrRgWy.exe
  C:\Windows\System\ELrRgWy.exe
  2⤵
  PID:5560
- C:\Windows\System\lKnUVrv.exe
  C:\Windows\System\lKnUVrv.exe
  2⤵
  PID:5588
- C:\Windows\System\fmjDELT.exe
  C:\Windows\System\fmjDELT.exe
  2⤵
  PID:5620
- C:\Windows\System\SyRlyqN.exe
  C:\Windows\System\SyRlyqN.exe
  2⤵
  PID:5648
- C:\Windows\System\WmwHEbJ.exe
  C:\Windows\System\WmwHEbJ.exe
  2⤵
  PID:5672
- C:\Windows\System\yBjnQDN.exe
  C:\Windows\System\yBjnQDN.exe
  2⤵
  PID:5700
- C:\Windows\System\ajqMMqI.exe
  C:\Windows\System\ajqMMqI.exe
  2⤵
  PID:5728
- C:\Windows\System\DytrLyS.exe
  C:\Windows\System\DytrLyS.exe
  2⤵
  PID:5756
- C:\Windows\System\NhbZuAO.exe
  C:\Windows\System\NhbZuAO.exe
  2⤵
  PID:5784
- C:\Windows\System\KgnAbHc.exe
  C:\Windows\System\KgnAbHc.exe
  2⤵
  PID:5816
- C:\Windows\System\RXONXet.exe
  C:\Windows\System\RXONXet.exe
  2⤵
  PID:5836
- C:\Windows\System\DvOsThO.exe
  C:\Windows\System\DvOsThO.exe
  2⤵
  PID:5868
- C:\Windows\System\cZRPsJD.exe
  C:\Windows\System\cZRPsJD.exe
  2⤵
  PID:5896
- C:\Windows\System\eajoYcg.exe
  C:\Windows\System\eajoYcg.exe
  2⤵
  PID:5924
- C:\Windows\System\rdzPyHY.exe
  C:\Windows\System\rdzPyHY.exe
  2⤵
  PID:5952
- C:\Windows\System\EjOijLG.exe
  C:\Windows\System\EjOijLG.exe
  2⤵
  PID:5984
- C:\Windows\System\tXPvYtl.exe
  C:\Windows\System\tXPvYtl.exe
  2⤵
  PID:6000
- C:\Windows\System\nRYGOAB.exe
  C:\Windows\System\nRYGOAB.exe
  2⤵
  PID:6036
- C:\Windows\System\sETdASV.exe
  C:\Windows\System\sETdASV.exe
  2⤵
  PID:6068
- C:\Windows\System\xqMeaUx.exe
  C:\Windows\System\xqMeaUx.exe
  2⤵
  PID:6092
- C:\Windows\System\TZbrlTe.exe
  C:\Windows\System\TZbrlTe.exe
  2⤵
  PID:6116
- C:\Windows\System\tbQlUsf.exe
  C:\Windows\System\tbQlUsf.exe
  2⤵
  PID:5132
- C:\Windows\System\sdUUssE.exe
  C:\Windows\System\sdUUssE.exe
  2⤵
  PID:5136
- C:\Windows\System\eZZEJBx.exe
  C:\Windows\System\eZZEJBx.exe
  2⤵
  PID:5260
- C:\Windows\System\Yqagrgi.exe
  C:\Windows\System\Yqagrgi.exe
  2⤵
  PID:5316
- C:\Windows\System\dDDDMKC.exe
  C:\Windows\System\dDDDMKC.exe
  2⤵
  PID:5368
- C:\Windows\System\HdVEocm.exe
  C:\Windows\System\HdVEocm.exe
  2⤵
  PID:5428
- C:\Windows\System\bLHavFn.exe
  C:\Windows\System\bLHavFn.exe
  2⤵
  PID:5492
- C:\Windows\System\XYSUeyr.exe
  C:\Windows\System\XYSUeyr.exe
  2⤵
  PID:5568
- C:\Windows\System\GtEYTag.exe
  C:\Windows\System\GtEYTag.exe
  2⤵
  PID:5608
- C:\Windows\System\NUDcJci.exe
  C:\Windows\System\NUDcJci.exe
  2⤵
  PID:5684
- C:\Windows\System\phXCZdB.exe
  C:\Windows\System\phXCZdB.exe
  2⤵
  PID:5764
- C:\Windows\System\lPbyTfB.exe
  C:\Windows\System\lPbyTfB.exe
  2⤵
  PID:5824
- C:\Windows\System\LiruNhK.exe
  C:\Windows\System\LiruNhK.exe
  2⤵
  PID:5876
- C:\Windows\System\iyLWHyQ.exe
  C:\Windows\System\iyLWHyQ.exe
  2⤵
  PID:5960
- C:\Windows\System\tbuPbeo.exe
  C:\Windows\System\tbuPbeo.exe
  2⤵
  PID:6012
- C:\Windows\System\mKHicCm.exe
  C:\Windows\System\mKHicCm.exe
  2⤵
  PID:6128
- C:\Windows\System\OFCxRhP.exe
  C:\Windows\System\OFCxRhP.exe
  2⤵
  PID:5280
- C:\Windows\System\UiokSXO.exe
  C:\Windows\System\UiokSXO.exe
  2⤵
  PID:5392
- C:\Windows\System\mgeVaBU.exe
  C:\Windows\System\mgeVaBU.exe
  2⤵
  PID:5664
- C:\Windows\System\ulryiLH.exe
  C:\Windows\System\ulryiLH.exe
  2⤵
  PID:2896
- C:\Windows\System\fozskpi.exe
  C:\Windows\System\fozskpi.exe
  2⤵
  PID:6060
- C:\Windows\System\cPUpvmO.exe
  C:\Windows\System\cPUpvmO.exe
  2⤵
  PID:5200
- C:\Windows\System\KXJXxeM.exe
  C:\Windows\System\KXJXxeM.exe
  2⤵
  PID:5908
- C:\Windows\System\XJkXugr.exe
  C:\Windows\System\XJkXugr.exe
  2⤵
  PID:2808
- C:\Windows\System\eXrZlIo.exe
  C:\Windows\System\eXrZlIo.exe
  2⤵
  PID:5720
- C:\Windows\System\dOXWkvL.exe
  C:\Windows\System\dOXWkvL.exe
  2⤵
  PID:5992
- C:\Windows\System\YkPyddn.exe
  C:\Windows\System\YkPyddn.exe
  2⤵
  PID:3316
- C:\Windows\System\lElqBiB.exe
  C:\Windows\System\lElqBiB.exe
  2⤵
  PID:5776
- C:\Windows\System\fKzcVmx.exe
  C:\Windows\System\fKzcVmx.exe
  2⤵
  PID:5996
- C:\Windows\System\RTzAjgm.exe
  C:\Windows\System\RTzAjgm.exe
  2⤵
  PID:6148
- C:\Windows\System\pTUnFIm.exe
  C:\Windows\System\pTUnFIm.exe
  2⤵
  PID:6176
- C:\Windows\System\KXgUovd.exe
  C:\Windows\System\KXgUovd.exe
  2⤵
  PID:6204
- C:\Windows\System\jVfptXS.exe
  C:\Windows\System\jVfptXS.exe
  2⤵
  PID:6232
- C:\Windows\System\mJearrE.exe
  C:\Windows\System\mJearrE.exe
  2⤵
  PID:6252
- C:\Windows\System\nnpuYBl.exe
  C:\Windows\System\nnpuYBl.exe
  2⤵
  PID:6284
- C:\Windows\System\LCNnSLV.exe
  C:\Windows\System\LCNnSLV.exe
  2⤵
  PID:6320
- C:\Windows\System\dSaoWMW.exe
  C:\Windows\System\dSaoWMW.exe
  2⤵
  PID:6344
- C:\Windows\System\UeECXKj.exe
  C:\Windows\System\UeECXKj.exe
  2⤵
  PID:6376
- C:\Windows\System\GIGdDQD.exe
  C:\Windows\System\GIGdDQD.exe
  2⤵
  PID:6408
- C:\Windows\System\IEybqow.exe
  C:\Windows\System\IEybqow.exe
  2⤵
  PID:6436
- C:\Windows\System\nTCJHUW.exe
  C:\Windows\System\nTCJHUW.exe
  2⤵
  PID:6468
- C:\Windows\System\FXlBiqG.exe
  C:\Windows\System\FXlBiqG.exe
  2⤵
  PID:6488
- C:\Windows\System\AqvGIHl.exe
  C:\Windows\System\AqvGIHl.exe
  2⤵
  PID:6524
- C:\Windows\System\FLWSwAJ.exe
  C:\Windows\System\FLWSwAJ.exe
  2⤵
  PID:6540
- C:\Windows\System\rUuttNy.exe
  C:\Windows\System\rUuttNy.exe
  2⤵
  PID:6576
- C:\Windows\System\FVAOmYs.exe
  C:\Windows\System\FVAOmYs.exe
  2⤵
  PID:6596
- C:\Windows\System\ojVgxuW.exe
  C:\Windows\System\ojVgxuW.exe
  2⤵
  PID:6620
- C:\Windows\System\WdFPuLp.exe
  C:\Windows\System\WdFPuLp.exe
  2⤵
  PID:6656
- C:\Windows\System\ANHpzmP.exe
  C:\Windows\System\ANHpzmP.exe
  2⤵
  PID:6684
- C:\Windows\System\GUfknhC.exe
  C:\Windows\System\GUfknhC.exe
  2⤵
  PID:6712
- C:\Windows\System\RZUKPlY.exe
  C:\Windows\System\RZUKPlY.exe
  2⤵
  PID:6740
- C:\Windows\System\ttlZKBz.exe
  C:\Windows\System\ttlZKBz.exe
  2⤵
  PID:6776
- C:\Windows\System\ePyZzGC.exe
  C:\Windows\System\ePyZzGC.exe
  2⤵
  PID:6804
- C:\Windows\System\IPQkvjv.exe
  C:\Windows\System\IPQkvjv.exe
  2⤵
  PID:6828
- C:\Windows\System\lFNkyLi.exe
  C:\Windows\System\lFNkyLi.exe
  2⤵
  PID:6864
- C:\Windows\System\ZcJYkQk.exe
  C:\Windows\System\ZcJYkQk.exe
  2⤵
  PID:6884
- C:\Windows\System\NnxeEYa.exe
  C:\Windows\System\NnxeEYa.exe
  2⤵
  PID:6920
- C:\Windows\System\JkwSRYB.exe
  C:\Windows\System\JkwSRYB.exe
  2⤵
  PID:6944
- C:\Windows\System\iLjbUWZ.exe
  C:\Windows\System\iLjbUWZ.exe
  2⤵
  PID:6976
- C:\Windows\System\XbnXAmM.exe
  C:\Windows\System\XbnXAmM.exe
  2⤵
  PID:6996
- C:\Windows\System\ASHhoFh.exe
  C:\Windows\System\ASHhoFh.exe
  2⤵
  PID:7032
- C:\Windows\System\AqyDizb.exe
  C:\Windows\System\AqyDizb.exe
  2⤵
  PID:7056
- C:\Windows\System\YlYXLrS.exe
  C:\Windows\System\YlYXLrS.exe
  2⤵
  PID:7100
- C:\Windows\System\auvJPdn.exe
  C:\Windows\System\auvJPdn.exe
  2⤵
  PID:7128
- C:\Windows\System\dcjuHoK.exe
  C:\Windows\System\dcjuHoK.exe
  2⤵
  PID:7164
- C:\Windows\System\hWCsjox.exe
  C:\Windows\System\hWCsjox.exe
  2⤵
  PID:6188
- C:\Windows\System\XLnNrvh.exe
  C:\Windows\System\XLnNrvh.exe
  2⤵
  PID:6244
- C:\Windows\System\EfJiXjO.exe
  C:\Windows\System\EfJiXjO.exe
  2⤵
  PID:6328
- C:\Windows\System\ZqyenSr.exe
  C:\Windows\System\ZqyenSr.exe
  2⤵
  PID:6392
- C:\Windows\System\lxnupBO.exe
  C:\Windows\System\lxnupBO.exe
  2⤵
  PID:6460
- C:\Windows\System\UuWosZV.exe
  C:\Windows\System\UuWosZV.exe
  2⤵
  PID:6504
- C:\Windows\System\dszlNHx.exe
  C:\Windows\System\dszlNHx.exe
  2⤵
  PID:6584
- C:\Windows\System\NvhwOAM.exe
  C:\Windows\System\NvhwOAM.exe
  2⤵
  PID:6640
- C:\Windows\System\RwuIFnc.exe
  C:\Windows\System\RwuIFnc.exe
  2⤵
  PID:6708
- C:\Windows\System\BLhtuqC.exe
  C:\Windows\System\BLhtuqC.exe
  2⤵
  PID:6760
- C:\Windows\System\HQgahqm.exe
  C:\Windows\System\HQgahqm.exe
  2⤵
  PID:6816
- C:\Windows\System\RIfSGsG.exe
  C:\Windows\System\RIfSGsG.exe
  2⤵
  PID:6872
- C:\Windows\System\RbuMnRw.exe
  C:\Windows\System\RbuMnRw.exe
  2⤵
  PID:6936
- C:\Windows\System\muxUWCt.exe
  C:\Windows\System\muxUWCt.exe
  2⤵
  PID:7016
- C:\Windows\System\VHnndIq.exe
  C:\Windows\System\VHnndIq.exe
  2⤵
  PID:7048
- C:\Windows\System\voeYckS.exe
  C:\Windows\System\voeYckS.exe
  2⤵
  PID:7020
- C:\Windows\System\wGdKfrZ.exe
  C:\Windows\System\wGdKfrZ.exe
  2⤵
  PID:7152
- C:\Windows\System\VDdaXgs.exe
  C:\Windows\System\VDdaXgs.exe
  2⤵
  PID:6264
- C:\Windows\System\dnsDDXk.exe
  C:\Windows\System\dnsDDXk.exe
  2⤵
  PID:6360
- C:\Windows\System\dBJsXHH.exe
  C:\Windows\System\dBJsXHH.exe
  2⤵
  PID:6552
- C:\Windows\System\mFeVTLd.exe
  C:\Windows\System\mFeVTLd.exe
  2⤵
  PID:6984
- C:\Windows\System\wiGXyyz.exe
  C:\Windows\System\wiGXyyz.exe
  2⤵
  PID:6836
- C:\Windows\System\JgZnOQP.exe
  C:\Windows\System\JgZnOQP.exe
  2⤵
  PID:6964
- C:\Windows\System\jExnACR.exe
  C:\Windows\System\jExnACR.exe
  2⤵
  PID:7040
- C:\Windows\System\OGuJmKg.exe
  C:\Windows\System\OGuJmKg.exe
  2⤵
  PID:6224
- C:\Windows\System\QymTRnG.exe
  C:\Windows\System\QymTRnG.exe
  2⤵
  PID:6672
- C:\Windows\System\UQjxfpH.exe
  C:\Windows\System\UQjxfpH.exe
  2⤵
  PID:6880
- C:\Windows\System\cuKOERn.exe
  C:\Windows\System\cuKOERn.exe
  2⤵
  PID:6336
- C:\Windows\System\Rfzueru.exe
  C:\Windows\System\Rfzueru.exe
  2⤵
  PID:7092
- C:\Windows\System\PYctfDn.exe
  C:\Windows\System\PYctfDn.exe
  2⤵
  PID:7172
- C:\Windows\System\viTSWki.exe
  C:\Windows\System\viTSWki.exe
  2⤵
  PID:7200
- C:\Windows\System\rECowTx.exe
  C:\Windows\System\rECowTx.exe
  2⤵
  PID:7228
- C:\Windows\System\fCcIDsn.exe
  C:\Windows\System\fCcIDsn.exe
  2⤵
  PID:7256
- C:\Windows\System\RlDBLXH.exe
  C:\Windows\System\RlDBLXH.exe
  2⤵
  PID:7280
- C:\Windows\System\GakBVuW.exe
  C:\Windows\System\GakBVuW.exe
  2⤵
  PID:7312
- C:\Windows\System\brsILuH.exe
  C:\Windows\System\brsILuH.exe
  2⤵
  PID:7340
- C:\Windows\System\pcRmtfv.exe
  C:\Windows\System\pcRmtfv.exe
  2⤵
  PID:7364
- C:\Windows\System\IgOuCiI.exe
  C:\Windows\System\IgOuCiI.exe
  2⤵
  PID:7388
- C:\Windows\System\mTIfmes.exe
  C:\Windows\System\mTIfmes.exe
  2⤵
  PID:7416
- C:\Windows\System\vWhAEIR.exe
  C:\Windows\System\vWhAEIR.exe
  2⤵
  PID:7444
- C:\Windows\System\AcaBJQw.exe
  C:\Windows\System\AcaBJQw.exe
  2⤵
  PID:7472
- C:\Windows\System\nRRoJPx.exe
  C:\Windows\System\nRRoJPx.exe
  2⤵
  PID:7500
- C:\Windows\System\zpASAdx.exe
  C:\Windows\System\zpASAdx.exe
  2⤵
  PID:7528
- C:\Windows\System\AGyvMdf.exe
  C:\Windows\System\AGyvMdf.exe
  2⤵
  PID:7556
- C:\Windows\System\ljYkjJj.exe
  C:\Windows\System\ljYkjJj.exe
  2⤵
  PID:7584
- C:\Windows\System\ZsXKvtA.exe
  C:\Windows\System\ZsXKvtA.exe
  2⤵
  PID:7612
- C:\Windows\System\DQsJCtM.exe
  C:\Windows\System\DQsJCtM.exe
  2⤵
  PID:7640
- C:\Windows\System\wijyZVu.exe
  C:\Windows\System\wijyZVu.exe
  2⤵
  PID:7668
- C:\Windows\System\qxskJGv.exe
  C:\Windows\System\qxskJGv.exe
  2⤵
  PID:7700
- C:\Windows\System\ckvlFoW.exe
  C:\Windows\System\ckvlFoW.exe
  2⤵
  PID:7728
- C:\Windows\System\utCXTZm.exe
  C:\Windows\System\utCXTZm.exe
  2⤵
  PID:7768
- C:\Windows\System\qFLKNsT.exe
  C:\Windows\System\qFLKNsT.exe
  2⤵
  PID:7788
- C:\Windows\System\SXuhgLT.exe
  C:\Windows\System\SXuhgLT.exe
  2⤵
  PID:7812
- C:\Windows\System\MdwDtEf.exe
  C:\Windows\System\MdwDtEf.exe
  2⤵
  PID:7840
- C:\Windows\System\uKquVVC.exe
  C:\Windows\System\uKquVVC.exe
  2⤵
  PID:7868
- C:\Windows\System\yipAxVR.exe
  C:\Windows\System\yipAxVR.exe
  2⤵
  PID:7896
- C:\Windows\System\wOyVmKC.exe
  C:\Windows\System\wOyVmKC.exe
  2⤵
  PID:7924
- C:\Windows\System\FPZVwPQ.exe
  C:\Windows\System\FPZVwPQ.exe
  2⤵
  PID:7952
- C:\Windows\System\zcPmIbo.exe
  C:\Windows\System\zcPmIbo.exe
  2⤵
  PID:7980
- C:\Windows\System\gKeWXso.exe
  C:\Windows\System\gKeWXso.exe
  2⤵
  PID:8008
- C:\Windows\System\ZTLUIrK.exe
  C:\Windows\System\ZTLUIrK.exe
  2⤵
  PID:8036
- C:\Windows\System\NVEbINv.exe
  C:\Windows\System\NVEbINv.exe
  2⤵
  PID:8064
- C:\Windows\System\ZrwPAVk.exe
  C:\Windows\System\ZrwPAVk.exe
  2⤵
  PID:8092
- C:\Windows\System\kONHzEn.exe
  C:\Windows\System\kONHzEn.exe
  2⤵
  PID:8120
- C:\Windows\System\qkxhwXG.exe
  C:\Windows\System\qkxhwXG.exe
  2⤵
  PID:8148
- C:\Windows\System\Vhabvad.exe
  C:\Windows\System\Vhabvad.exe
  2⤵
  PID:8176
- C:\Windows\System\uqnqGHI.exe
  C:\Windows\System\uqnqGHI.exe
  2⤵
  PID:7188
- C:\Windows\System\FBfqDEK.exe
  C:\Windows\System\FBfqDEK.exe
  2⤵
  PID:7264
- C:\Windows\System\FGPqWiX.exe
  C:\Windows\System\FGPqWiX.exe
  2⤵
  PID:7324
- C:\Windows\System\rrhfRsc.exe
  C:\Windows\System\rrhfRsc.exe
  2⤵
  PID:7356
- C:\Windows\System\TXlImpe.exe
  C:\Windows\System\TXlImpe.exe
  2⤵
  PID:7428
- C:\Windows\System\mDOdVPe.exe
  C:\Windows\System\mDOdVPe.exe
  2⤵
  PID:7492
- C:\Windows\System\eEagmYJ.exe
  C:\Windows\System\eEagmYJ.exe
  2⤵
  PID:7552
- C:\Windows\System\VMFMuZF.exe
  C:\Windows\System\VMFMuZF.exe
  2⤵
  PID:7624
- C:\Windows\System\uPDNQNN.exe
  C:\Windows\System\uPDNQNN.exe
  2⤵
  PID:7692
- C:\Windows\System\uFwmaQl.exe
  C:\Windows\System\uFwmaQl.exe
  2⤵
  PID:7760
- C:\Windows\System\WhLlbHJ.exe
  C:\Windows\System\WhLlbHJ.exe
  2⤵
  PID:7836
- C:\Windows\System\FrsvoVA.exe
  C:\Windows\System\FrsvoVA.exe
  2⤵
  PID:7888
- C:\Windows\System\QgQotYp.exe
  C:\Windows\System\QgQotYp.exe
  2⤵
  PID:7972
- C:\Windows\System\zUxeeje.exe
  C:\Windows\System\zUxeeje.exe
  2⤵
  PID:2592
- C:\Windows\System\cjvdRhY.exe
  C:\Windows\System\cjvdRhY.exe
  2⤵
  PID:8084
- C:\Windows\System\zamUSZn.exe
  C:\Windows\System\zamUSZn.exe
  2⤵
  PID:8144
- C:\Windows\System\xDliHQf.exe
  C:\Windows\System\xDliHQf.exe
  2⤵
  PID:7184
- C:\Windows\System\vFkpcPw.exe
  C:\Windows\System\vFkpcPw.exe
  2⤵
  PID:7348
- C:\Windows\System\zpXPsvZ.exe
  C:\Windows\System\zpXPsvZ.exe
  2⤵
  PID:7484
- C:\Windows\System\ZCKBjxO.exe
  C:\Windows\System\ZCKBjxO.exe
  2⤵
  PID:7652
- C:\Windows\System\eCGzdtt.exe
  C:\Windows\System\eCGzdtt.exe
  2⤵
  PID:7748
- C:\Windows\System\lEDcXoT.exe
  C:\Windows\System\lEDcXoT.exe
  2⤵
  PID:7916
- C:\Windows\System\yirlGDc.exe
  C:\Windows\System\yirlGDc.exe
  2⤵
  PID:8048
- C:\Windows\System\EjWBYaw.exe
  C:\Windows\System\EjWBYaw.exe
  2⤵
  PID:7688
- C:\Windows\System\SKsvtEB.exe
  C:\Windows\System\SKsvtEB.exe
  2⤵
  PID:7920
- C:\Windows\System\VmqZZsw.exe
  C:\Windows\System\VmqZZsw.exe
  2⤵
  PID:7580
- C:\Windows\System\gUmZKxH.exe
  C:\Windows\System\gUmZKxH.exe
  2⤵
  PID:7468
- C:\Windows\System\iojmURB.exe
  C:\Windows\System\iojmURB.exe
  2⤵
  PID:8172
- C:\Windows\System\oNLYlnt.exe
  C:\Windows\System\oNLYlnt.exe
  2⤵
  PID:7412
- C:\Windows\System\VdAiYXO.exe
  C:\Windows\System\VdAiYXO.exe
  2⤵
  PID:1848
- C:\Windows\System\YQEHxLd.exe
  C:\Windows\System\YQEHxLd.exe
  2⤵
  PID:7740
- C:\Windows\System\nznpvXj.exe
  C:\Windows\System\nznpvXj.exe
  2⤵
  PID:8212
- C:\Windows\System\fYlPFlo.exe
  C:\Windows\System\fYlPFlo.exe
  2⤵
  PID:8240
- C:\Windows\System\xLHYurG.exe
  C:\Windows\System\xLHYurG.exe
  2⤵
  PID:8268
- C:\Windows\System\UEtMKQE.exe
  C:\Windows\System\UEtMKQE.exe
  2⤵
  PID:8296
- C:\Windows\System\cWKtxTq.exe
  C:\Windows\System\cWKtxTq.exe
  2⤵
  PID:8324
- C:\Windows\System\sGHXIRO.exe
  C:\Windows\System\sGHXIRO.exe
  2⤵
  PID:8352
- C:\Windows\System\tPrtYcG.exe
  C:\Windows\System\tPrtYcG.exe
  2⤵
  PID:8380
- C:\Windows\System\qWxilPJ.exe
  C:\Windows\System\qWxilPJ.exe
  2⤵
  PID:8408
- C:\Windows\System\NVbHLlg.exe
  C:\Windows\System\NVbHLlg.exe
  2⤵
  PID:8436
- C:\Windows\System\sNtMgaG.exe
  C:\Windows\System\sNtMgaG.exe
  2⤵
  PID:8464
- C:\Windows\System\CDoKMmn.exe
  C:\Windows\System\CDoKMmn.exe
  2⤵
  PID:8492
- C:\Windows\System\PJHwNJq.exe
  C:\Windows\System\PJHwNJq.exe
  2⤵
  PID:8520
- C:\Windows\System\DAFHBFM.exe
  C:\Windows\System\DAFHBFM.exe
  2⤵
  PID:8548
- C:\Windows\System\MmsaoAv.exe
  C:\Windows\System\MmsaoAv.exe
  2⤵
  PID:8576
- C:\Windows\System\fadpAYy.exe
  C:\Windows\System\fadpAYy.exe
  2⤵
  PID:8604
- C:\Windows\System\DNzdAoL.exe
  C:\Windows\System\DNzdAoL.exe
  2⤵
  PID:8632
- C:\Windows\System\fTAROtK.exe
  C:\Windows\System\fTAROtK.exe
  2⤵
  PID:8660
- C:\Windows\System\eYSUvGF.exe
  C:\Windows\System\eYSUvGF.exe
  2⤵
  PID:8688
- C:\Windows\System\qIYzJaD.exe
  C:\Windows\System\qIYzJaD.exe
  2⤵
  PID:8720
- C:\Windows\System\WhmgYOz.exe
  C:\Windows\System\WhmgYOz.exe
  2⤵
  PID:8748
- C:\Windows\System\uyZFgNp.exe
  C:\Windows\System\uyZFgNp.exe
  2⤵
  PID:8776
- C:\Windows\System\DLFllkS.exe
  C:\Windows\System\DLFllkS.exe
  2⤵
  PID:8804
- C:\Windows\System\uGQkWhW.exe
  C:\Windows\System\uGQkWhW.exe
  2⤵
  PID:8832
- C:\Windows\System\ajdZdiB.exe
  C:\Windows\System\ajdZdiB.exe
  2⤵
  PID:8860
- C:\Windows\System\rmXXlJS.exe
  C:\Windows\System\rmXXlJS.exe
  2⤵
  PID:8888
- C:\Windows\System\ZDyPBca.exe
  C:\Windows\System\ZDyPBca.exe
  2⤵
  PID:8916
- C:\Windows\System\FeznBhW.exe
  C:\Windows\System\FeznBhW.exe
  2⤵
  PID:8944
- C:\Windows\System\ZBsPunx.exe
  C:\Windows\System\ZBsPunx.exe
  2⤵
  PID:8984
- C:\Windows\System\QbrqGbl.exe
  C:\Windows\System\QbrqGbl.exe
  2⤵
  PID:9000
- C:\Windows\System\UvyCnOz.exe
  C:\Windows\System\UvyCnOz.exe
  2⤵
  PID:9028
- C:\Windows\System\ppKaCwc.exe
  C:\Windows\System\ppKaCwc.exe
  2⤵
  PID:9056
- C:\Windows\System\YtZbXTN.exe
  C:\Windows\System\YtZbXTN.exe
  2⤵
  PID:9084
- C:\Windows\System\aTSJtGb.exe
  C:\Windows\System\aTSJtGb.exe
  2⤵
  PID:9112
- C:\Windows\System\LbrgKaS.exe
  C:\Windows\System\LbrgKaS.exe
  2⤵
  PID:9140
- C:\Windows\System\NLdnRvV.exe
  C:\Windows\System\NLdnRvV.exe
  2⤵
  PID:9168
- C:\Windows\System\zImKgbw.exe
  C:\Windows\System\zImKgbw.exe
  2⤵
  PID:9196
- C:\Windows\System\cxSOyWF.exe
  C:\Windows\System\cxSOyWF.exe
  2⤵
  PID:8208
- C:\Windows\System\pplClRd.exe
  C:\Windows\System\pplClRd.exe
  2⤵
  PID:8288
- C:\Windows\System\dBVSrdt.exe
  C:\Windows\System\dBVSrdt.exe
  2⤵
  PID:8364
- C:\Windows\System\izsSOmy.exe
  C:\Windows\System\izsSOmy.exe
  2⤵
  PID:8428
- C:\Windows\System\WyenkWU.exe
  C:\Windows\System\WyenkWU.exe
  2⤵
  PID:8484
- C:\Windows\System\AzunaIY.exe
  C:\Windows\System\AzunaIY.exe
  2⤵
  PID:8544
- C:\Windows\System\kSyXnOj.exe
  C:\Windows\System\kSyXnOj.exe
  2⤵
  PID:8616
- C:\Windows\System\lcQtrZz.exe
  C:\Windows\System\lcQtrZz.exe
  2⤵
  PID:8680
- C:\Windows\System\WldJLAc.exe
  C:\Windows\System\WldJLAc.exe
  2⤵
  PID:8744
- C:\Windows\System\ngjHGav.exe
  C:\Windows\System\ngjHGav.exe
  2⤵
  PID:8816
- C:\Windows\System\cvTnFVW.exe
  C:\Windows\System\cvTnFVW.exe
  2⤵
  PID:8884
- C:\Windows\System\xzbpOoB.exe
  C:\Windows\System\xzbpOoB.exe
  2⤵
  PID:8992
- C:\Windows\System\GILqQbJ.exe
  C:\Windows\System\GILqQbJ.exe
  2⤵
  PID:9024
- C:\Windows\System\kEJRgLP.exe
  C:\Windows\System\kEJRgLP.exe
  2⤵
  PID:6140
- C:\Windows\System\FBIfTRv.exe
  C:\Windows\System\FBIfTRv.exe
  2⤵
  PID:9124
- C:\Windows\System\iGzQJWW.exe
  C:\Windows\System\iGzQJWW.exe
  2⤵
  PID:9164
- C:\Windows\System\UIxuofD.exe
  C:\Windows\System\UIxuofD.exe
  2⤵
  PID:8252
- C:\Windows\System\HDBsSgb.exe
  C:\Windows\System\HDBsSgb.exe
  2⤵
  PID:8348
- C:\Windows\System\ZNMTGaq.exe
  C:\Windows\System\ZNMTGaq.exe
  2⤵
  PID:8512
- C:\Windows\System\PhNFgGz.exe
  C:\Windows\System\PhNFgGz.exe
  2⤵
  PID:8656
- C:\Windows\System\tUsAQbl.exe
  C:\Windows\System\tUsAQbl.exe
  2⤵
  PID:8800
- C:\Windows\System\RCksfjp.exe
  C:\Windows\System\RCksfjp.exe
  2⤵
  PID:8956
- C:\Windows\System\aOTsMqv.exe
  C:\Windows\System\aOTsMqv.exe
  2⤵
  PID:8980
- C:\Windows\System\pfdYmCV.exe
  C:\Windows\System\pfdYmCV.exe
  2⤵
  PID:9156
- C:\Windows\System\YoiKKjY.exe
  C:\Windows\System\YoiKKjY.exe
  2⤵
  PID:8260
- C:\Windows\System\pTPoPfU.exe
  C:\Windows\System\pTPoPfU.exe
  2⤵
  PID:8572
- C:\Windows\System\hHkuvXQ.exe
  C:\Windows\System\hHkuvXQ.exe
  2⤵
  PID:944
- C:\Windows\System\GNYnFkC.exe
  C:\Windows\System\GNYnFkC.exe
  2⤵
  PID:9104
- C:\Windows\System\QYTqaAT.exe
  C:\Windows\System\QYTqaAT.exe
  2⤵
  PID:2032
- C:\Windows\System\KkuPAsL.exe
  C:\Windows\System\KkuPAsL.exe
  2⤵
  PID:9108
- C:\Windows\System\fXYRYlQ.exe
  C:\Windows\System\fXYRYlQ.exe
  2⤵
  PID:2388
- C:\Windows\System\VuoIAcD.exe
  C:\Windows\System\VuoIAcD.exe
  2⤵
  PID:9224
- C:\Windows\System\fZxOoPJ.exe
  C:\Windows\System\fZxOoPJ.exe
  2⤵
  PID:9244
- C:\Windows\System\WkfQUZc.exe
  C:\Windows\System\WkfQUZc.exe
  2⤵
  PID:9268
- C:\Windows\System\xVEJhsD.exe
  C:\Windows\System\xVEJhsD.exe
  2⤵
  PID:9296
- C:\Windows\System\dvxLsBN.exe
  C:\Windows\System\dvxLsBN.exe
  2⤵
  PID:9324
- C:\Windows\System\HoPvgci.exe
  C:\Windows\System\HoPvgci.exe
  2⤵
  PID:9352
- C:\Windows\System\PaROZeA.exe
  C:\Windows\System\PaROZeA.exe
  2⤵
  PID:9380
- C:\Windows\System\cTyxLdL.exe
  C:\Windows\System\cTyxLdL.exe
  2⤵
  PID:9408
- C:\Windows\System\jSdcTYH.exe
  C:\Windows\System\jSdcTYH.exe
  2⤵
  PID:9436
- C:\Windows\System\LdOacTo.exe
  C:\Windows\System\LdOacTo.exe
  2⤵
  PID:9464
- C:\Windows\System\BElZZYF.exe
  C:\Windows\System\BElZZYF.exe
  2⤵
  PID:9484
- C:\Windows\System\XbjjmDH.exe
  C:\Windows\System\XbjjmDH.exe
  2⤵
  PID:9528
- C:\Windows\System\fJPPyZK.exe
  C:\Windows\System\fJPPyZK.exe
  2⤵
  PID:9556
- C:\Windows\System\BJmyIAW.exe
  C:\Windows\System\BJmyIAW.exe
  2⤵
  PID:9584
- C:\Windows\System\wgZwQxO.exe
  C:\Windows\System\wgZwQxO.exe
  2⤵
  PID:9612
- C:\Windows\System\iSjdPDO.exe
  C:\Windows\System\iSjdPDO.exe
  2⤵
  PID:9640
- C:\Windows\System\AdGHFqR.exe
  C:\Windows\System\AdGHFqR.exe
  2⤵
  PID:9668
- C:\Windows\System\asqdwlU.exe
  C:\Windows\System\asqdwlU.exe
  2⤵
  PID:9696
- C:\Windows\System\hVwIzsJ.exe
  C:\Windows\System\hVwIzsJ.exe
  2⤵
  PID:9724
- C:\Windows\System\LYHSfgo.exe
  C:\Windows\System\LYHSfgo.exe
  2⤵
  PID:9752
- C:\Windows\System\dodmawo.exe
  C:\Windows\System\dodmawo.exe
  2⤵
  PID:9780
- C:\Windows\System\FRXKNpP.exe
  C:\Windows\System\FRXKNpP.exe
  2⤵
  PID:9824
- C:\Windows\System\tXMOlEM.exe
  C:\Windows\System\tXMOlEM.exe
  2⤵
  PID:9840
- C:\Windows\System\GCEslzT.exe
  C:\Windows\System\GCEslzT.exe
  2⤵
  PID:9868
- C:\Windows\System\DZApovO.exe
  C:\Windows\System\DZApovO.exe
  2⤵
  PID:9900
- C:\Windows\System\lLxeLJJ.exe
  C:\Windows\System\lLxeLJJ.exe
  2⤵
  PID:9924
- C:\Windows\System\PcaRPdJ.exe
  C:\Windows\System\PcaRPdJ.exe
  2⤵
  PID:9952
- C:\Windows\System\ojqzGTn.exe
  C:\Windows\System\ojqzGTn.exe
  2⤵
  PID:9980
- C:\Windows\System\deGpIsY.exe
  C:\Windows\System\deGpIsY.exe
  2⤵
  PID:10008
- C:\Windows\System\YYzsZhN.exe
  C:\Windows\System\YYzsZhN.exe
  2⤵
  PID:10036
- C:\Windows\System\NCUiVIa.exe
  C:\Windows\System\NCUiVIa.exe
  2⤵
  PID:10064
- C:\Windows\System\ydcQekv.exe
  C:\Windows\System\ydcQekv.exe
  2⤵
  PID:10092
- C:\Windows\System\PVlcaHn.exe
  C:\Windows\System\PVlcaHn.exe
  2⤵
  PID:10120
- C:\Windows\System\gJHnIJy.exe
  C:\Windows\System\gJHnIJy.exe
  2⤵
  PID:10148
- C:\Windows\System\YQuKeeR.exe
  C:\Windows\System\YQuKeeR.exe
  2⤵
  PID:10176
- C:\Windows\System\aADpOqd.exe
  C:\Windows\System\aADpOqd.exe
  2⤵
  PID:10204
- C:\Windows\System\DuKDYWJ.exe
  C:\Windows\System\DuKDYWJ.exe
  2⤵
  PID:10236
- C:\Windows\System\iukLIUl.exe
  C:\Windows\System\iukLIUl.exe
  2⤵
  PID:9260
- C:\Windows\System\oVLUYiZ.exe
  C:\Windows\System\oVLUYiZ.exe
  2⤵
  PID:9316
- C:\Windows\System\SLpdneQ.exe
  C:\Windows\System\SLpdneQ.exe
  2⤵
  PID:4260
- C:\Windows\System\aGHovWW.exe
  C:\Windows\System\aGHovWW.exe
  2⤵
  PID:9428
- C:\Windows\System\GpWmlrY.exe
  C:\Windows\System\GpWmlrY.exe
  2⤵
  PID:9480
- C:\Windows\System\WQDBVek.exe
  C:\Windows\System\WQDBVek.exe
  2⤵
  PID:9544
- C:\Windows\System\gewewIk.exe
  C:\Windows\System\gewewIk.exe
  2⤵
  PID:9604
- C:\Windows\System\hvvlthe.exe
  C:\Windows\System\hvvlthe.exe
  2⤵
  PID:9664
- C:\Windows\System\NuCljWK.exe
  C:\Windows\System\NuCljWK.exe
  2⤵
  PID:9736
- C:\Windows\System\BbAuMDo.exe
  C:\Windows\System\BbAuMDo.exe
  2⤵
  PID:9800
- C:\Windows\System\jFhWooa.exe
  C:\Windows\System\jFhWooa.exe
  2⤵
  PID:2584
- C:\Windows\System\DsTcNlE.exe
  C:\Windows\System\DsTcNlE.exe
  2⤵
  PID:9892
- C:\Windows\System\VTUKKek.exe
  C:\Windows\System\VTUKKek.exe
  2⤵
  PID:9964
- C:\Windows\System\sEhdEZE.exe
  C:\Windows\System\sEhdEZE.exe
  2⤵
  PID:10024
- C:\Windows\System\kkFFREe.exe
  C:\Windows\System\kkFFREe.exe
  2⤵
  PID:10084
- C:\Windows\System\AQIXkvZ.exe
  C:\Windows\System\AQIXkvZ.exe
  2⤵
  PID:10144
- C:\Windows\System\txinfOy.exe
  C:\Windows\System\txinfOy.exe
  2⤵
  PID:10220
- C:\Windows\System\ejQnKdK.exe
  C:\Windows\System\ejQnKdK.exe
  2⤵
  PID:9308
- C:\Windows\System\raJoZNO.exe
  C:\Windows\System\raJoZNO.exe
  2⤵
  PID:9420
- C:\Windows\System\sMWlKoF.exe
  C:\Windows\System\sMWlKoF.exe
  2⤵
  PID:9576
- C:\Windows\System\YvDQngo.exe
  C:\Windows\System\YvDQngo.exe
  2⤵
  PID:9716
- C:\Windows\System\qZNULZG.exe
  C:\Windows\System\qZNULZG.exe
  2⤵
  PID:9836
- C:\Windows\System\jcUVjST.exe
  C:\Windows\System\jcUVjST.exe
  2⤵
  PID:9996
- C:\Windows\System\fpafQyj.exe
  C:\Windows\System\fpafQyj.exe
  2⤵
  PID:10132
- C:\Windows\System\qBNTgLz.exe
  C:\Windows\System\qBNTgLz.exe
  2⤵
  PID:9288
- C:\Windows\System\rRJpUOc.exe
  C:\Windows\System\rRJpUOc.exe
  2⤵
  PID:9632
- C:\Windows\System\lDynDcu.exe
  C:\Windows\System\lDynDcu.exe
  2⤵
  PID:9944
- C:\Windows\System\xZWUCcG.exe
  C:\Windows\System\xZWUCcG.exe
  2⤵
  PID:2892
- C:\Windows\System\HWvrwfV.exe
  C:\Windows\System\HWvrwfV.exe
  2⤵
  PID:10116
- C:\Windows\System\NzkivAI.exe
  C:\Windows\System\NzkivAI.exe
  2⤵
  PID:10244
- C:\Windows\System\biUXyTm.exe
  C:\Windows\System\biUXyTm.exe
  2⤵
  PID:10272
- C:\Windows\System\sgSmNvs.exe
  C:\Windows\System\sgSmNvs.exe
  2⤵
  PID:10300
- C:\Windows\System\KSXgYJk.exe
  C:\Windows\System\KSXgYJk.exe
  2⤵
  PID:10320
- C:\Windows\System\MQUdRqH.exe
  C:\Windows\System\MQUdRqH.exe
  2⤵
  PID:10356
- C:\Windows\System\GcBpXGd.exe
  C:\Windows\System\GcBpXGd.exe
  2⤵
  PID:10388
- C:\Windows\System\acWxFvV.exe
  C:\Windows\System\acWxFvV.exe
  2⤵
  PID:10416
- C:\Windows\System\SkTADup.exe
  C:\Windows\System\SkTADup.exe
  2⤵
  PID:10444
- C:\Windows\System\Lerobet.exe
  C:\Windows\System\Lerobet.exe
  2⤵
  PID:10472
- C:\Windows\System\mdzgtJt.exe
  C:\Windows\System\mdzgtJt.exe
  2⤵
  PID:10504
- C:\Windows\System\UIMuqWM.exe
  C:\Windows\System\UIMuqWM.exe
  2⤵
  PID:10532
- C:\Windows\System\sfVjJlB.exe
  C:\Windows\System\sfVjJlB.exe
  2⤵
  PID:10560
- C:\Windows\System\kmIGRwj.exe
  C:\Windows\System\kmIGRwj.exe
  2⤵
  PID:10588
- C:\Windows\System\HDTkrRE.exe
  C:\Windows\System\HDTkrRE.exe
  2⤵
  PID:10628
- C:\Windows\System\UndsKVb.exe
  C:\Windows\System\UndsKVb.exe
  2⤵
  PID:10644
- C:\Windows\System\wQmITJs.exe
  C:\Windows\System\wQmITJs.exe
  2⤵
  PID:10672
- C:\Windows\System\WWJYXtL.exe
  C:\Windows\System\WWJYXtL.exe
  2⤵
  PID:10700
- C:\Windows\System\zktzkYC.exe
  C:\Windows\System\zktzkYC.exe
  2⤵
  PID:10732
- C:\Windows\System\AZbHezG.exe
  C:\Windows\System\AZbHezG.exe
  2⤵
  PID:10760
- C:\Windows\System\YYISmTT.exe
  C:\Windows\System\YYISmTT.exe
  2⤵
  PID:10788
- C:\Windows\System\QulBuUA.exe
  C:\Windows\System\QulBuUA.exe
  2⤵
  PID:10816
- C:\Windows\System\zlfqnEo.exe
  C:\Windows\System\zlfqnEo.exe
  2⤵
  PID:10844
- C:\Windows\System\PvHJiqh.exe
  C:\Windows\System\PvHJiqh.exe
  2⤵
  PID:10876
- C:\Windows\System\MgyWBeZ.exe
  C:\Windows\System\MgyWBeZ.exe
  2⤵
  PID:10908
- C:\Windows\System\qLWiWGf.exe
  C:\Windows\System\qLWiWGf.exe
  2⤵
  PID:10936
- C:\Windows\System\JeygCKK.exe
  C:\Windows\System\JeygCKK.exe
  2⤵
  PID:10964
- C:\Windows\System\XKcvsPu.exe
  C:\Windows\System\XKcvsPu.exe
  2⤵
  PID:10992
- C:\Windows\System\GUprrJR.exe
  C:\Windows\System\GUprrJR.exe
  2⤵
  PID:11020
- C:\Windows\System\tSHKpWb.exe
  C:\Windows\System\tSHKpWb.exe
  2⤵
  PID:11048
- C:\Windows\System\KqAepWM.exe
  C:\Windows\System\KqAepWM.exe
  2⤵
  PID:11076
- C:\Windows\System\qPScgfT.exe
  C:\Windows\System\qPScgfT.exe
  2⤵
  PID:11116
- C:\Windows\System\ZXiGFjJ.exe
  C:\Windows\System\ZXiGFjJ.exe
  2⤵
  PID:11132
- C:\Windows\System\ONDCmeL.exe
  C:\Windows\System\ONDCmeL.exe
  2⤵
  PID:11160
- C:\Windows\System\VhVXqDu.exe
  C:\Windows\System\VhVXqDu.exe
  2⤵
  PID:11188
- C:\Windows\System\EFOCcIs.exe
  C:\Windows\System\EFOCcIs.exe
  2⤵
  PID:11216
- C:\Windows\System\LzIUWwK.exe
  C:\Windows\System\LzIUWwK.exe
  2⤵
  PID:11248
- C:\Windows\System\CgMzTgD.exe
  C:\Windows\System\CgMzTgD.exe
  2⤵
  PID:10268
- C:\Windows\System\IPNTMUg.exe
  C:\Windows\System\IPNTMUg.exe
  2⤵
  PID:10332
- C:\Windows\System\SNWFvfL.exe
  C:\Windows\System\SNWFvfL.exe
  2⤵
  PID:10412
- C:\Windows\System\LOllcly.exe
  C:\Windows\System\LOllcly.exe
  2⤵
  PID:10460
- C:\Windows\System\CPPRHHo.exe
  C:\Windows\System\CPPRHHo.exe
  2⤵
  PID:10524
- C:\Windows\System\xIcYLKr.exe
  C:\Windows\System\xIcYLKr.exe
  2⤵
  PID:10580
- C:\Windows\System\OitSOsl.exe
  C:\Windows\System\OitSOsl.exe
  2⤵
  PID:10636
- C:\Windows\System\YDxtRIr.exe
  C:\Windows\System\YDxtRIr.exe
  2⤵
  PID:10712
- C:\Windows\System\UYGRdSb.exe
  C:\Windows\System\UYGRdSb.exe
  2⤵
  PID:10756
- C:\Windows\System\ZoYhrRI.exe
  C:\Windows\System\ZoYhrRI.exe
  2⤵
  PID:10828
- C:\Windows\System\CBZymcX.exe
  C:\Windows\System\CBZymcX.exe
  2⤵
  PID:10872
- C:\Windows\System\AopIbwv.exe
  C:\Windows\System\AopIbwv.exe
  2⤵
  PID:10928
- C:\Windows\System\upmnxcs.exe
  C:\Windows\System\upmnxcs.exe
  2⤵
  PID:10988
- C:\Windows\System\hkEJsdg.exe
  C:\Windows\System\hkEJsdg.exe
  2⤵
  PID:11060
- C:\Windows\System\ROHovtq.exe
  C:\Windows\System\ROHovtq.exe
  2⤵
  PID:11152
- C:\Windows\System\iVFvvOZ.exe
  C:\Windows\System\iVFvvOZ.exe
  2⤵
  PID:11184
- C:\Windows\System\WSiMojI.exe
  C:\Windows\System\WSiMojI.exe
  2⤵
  PID:9548
- C:\Windows\System\MVRccOs.exe
  C:\Windows\System\MVRccOs.exe
  2⤵
  PID:10372
- C:\Windows\System\RyHdWJt.exe
  C:\Windows\System\RyHdWJt.exe
  2⤵
  PID:10516
- C:\Windows\System\PvUNNdh.exe
  C:\Windows\System\PvUNNdh.exe
  2⤵
  PID:10612
- C:\Windows\System\jSgMxAv.exe
  C:\Windows\System\jSgMxAv.exe
  2⤵
  PID:10752
- C:\Windows\System\PijXDdA.exe
  C:\Windows\System\PijXDdA.exe
  2⤵
  PID:4572
- C:\Windows\System\JppsYqe.exe
  C:\Windows\System\JppsYqe.exe
  2⤵
  PID:11032
- C:\Windows\System\YWUpvwN.exe
  C:\Windows\System\YWUpvwN.exe
  2⤵
  PID:11172
- C:\Windows\System\noIvcEZ.exe
  C:\Windows\System\noIvcEZ.exe
  2⤵
  PID:10316
- C:\Windows\System\oWUNdqG.exe
  C:\Windows\System\oWUNdqG.exe
  2⤵
  PID:9540
- C:\Windows\System\yGrZocm.exe
  C:\Windows\System\yGrZocm.exe
  2⤵
  PID:10884
- C:\Windows\System\GIEqHre.exe
  C:\Windows\System\GIEqHre.exe
  2⤵
  PID:11244
- C:\Windows\System\nMHYzMY.exe
  C:\Windows\System\nMHYzMY.exe
  2⤵
  PID:10868
- C:\Windows\System\nbDUoSF.exe
  C:\Windows\System\nbDUoSF.exe
  2⤵
  PID:10572
- C:\Windows\System\PMlAcMG.exe
  C:\Windows\System\PMlAcMG.exe
  2⤵
  PID:11284
- C:\Windows\System\pglFxgU.exe
  C:\Windows\System\pglFxgU.exe
  2⤵
  PID:11312
- C:\Windows\System\jtDHmeU.exe
  C:\Windows\System\jtDHmeU.exe
  2⤵
  PID:11340
- C:\Windows\System\wgSWWYr.exe
  C:\Windows\System\wgSWWYr.exe
  2⤵
  PID:11368
- C:\Windows\System\LQDOPKE.exe
  C:\Windows\System\LQDOPKE.exe
  2⤵
  PID:11396
- C:\Windows\System\LcSNlYo.exe
  C:\Windows\System\LcSNlYo.exe
  2⤵
  PID:11424
- C:\Windows\System\cUjXAyN.exe
  C:\Windows\System\cUjXAyN.exe
  2⤵
  PID:11452
- C:\Windows\System\fCjDIuZ.exe
  C:\Windows\System\fCjDIuZ.exe
  2⤵
  PID:11480
- C:\Windows\System\NvutASR.exe
  C:\Windows\System\NvutASR.exe
  2⤵
  PID:11508
- C:\Windows\System\vABpgrT.exe
  C:\Windows\System\vABpgrT.exe
  2⤵
  PID:11536
- C:\Windows\System\mltLFnC.exe
  C:\Windows\System\mltLFnC.exe
  2⤵
  PID:11564
- C:\Windows\System\HIQcRRS.exe
  C:\Windows\System\HIQcRRS.exe
  2⤵
  PID:11608
- C:\Windows\System\GWvnrjf.exe
  C:\Windows\System\GWvnrjf.exe
  2⤵
  PID:11624
- C:\Windows\System\putiHhy.exe
  C:\Windows\System\putiHhy.exe
  2⤵
  PID:11652
- C:\Windows\System\gyGoZFt.exe
  C:\Windows\System\gyGoZFt.exe
  2⤵
  PID:11680
- C:\Windows\System\NByTZvy.exe
  C:\Windows\System\NByTZvy.exe
  2⤵
  PID:11708
- C:\Windows\System\ThBlvoX.exe
  C:\Windows\System\ThBlvoX.exe
  2⤵
  PID:11736
- C:\Windows\System\fWSWeWS.exe
  C:\Windows\System\fWSWeWS.exe
  2⤵
  PID:11764
- C:\Windows\System\EZtOaEI.exe
  C:\Windows\System\EZtOaEI.exe
  2⤵
  PID:11792
- C:\Windows\System\MEHpkJv.exe
  C:\Windows\System\MEHpkJv.exe
  2⤵
  PID:11820
- C:\Windows\System\tqBQwZo.exe
  C:\Windows\System\tqBQwZo.exe
  2⤵
  PID:11852
- C:\Windows\System\tnmoPHH.exe
  C:\Windows\System\tnmoPHH.exe
  2⤵
  PID:11880
- C:\Windows\System\drEqfMY.exe
  C:\Windows\System\drEqfMY.exe
  2⤵
  PID:11912
- C:\Windows\System\QzQiOln.exe
  C:\Windows\System\QzQiOln.exe
  2⤵
  PID:11940
- C:\Windows\System\VuIDlkL.exe
  C:\Windows\System\VuIDlkL.exe
  2⤵
  PID:11976
- C:\Windows\System\oNVzfOp.exe
  C:\Windows\System\oNVzfOp.exe
  2⤵
  PID:12020
- C:\Windows\System\QUVMxAl.exe
  C:\Windows\System\QUVMxAl.exe
  2⤵
  PID:12036
- C:\Windows\System\anCdpDM.exe
  C:\Windows\System\anCdpDM.exe
  2⤵
  PID:12076
- C:\Windows\System\KWDfCHc.exe
  C:\Windows\System\KWDfCHc.exe
  2⤵
  PID:12116
- C:\Windows\System\BCpFHsM.exe
  C:\Windows\System\BCpFHsM.exe
  2⤵
  PID:12156
- C:\Windows\System\djSyDeI.exe
  C:\Windows\System\djSyDeI.exe
  2⤵
  PID:12188
- C:\Windows\System\CEWfhUY.exe
  C:\Windows\System\CEWfhUY.exe
  2⤵
  PID:12224
- C:\Windows\System\FTHtufB.exe
  C:\Windows\System\FTHtufB.exe
  2⤵
  PID:12256
- C:\Windows\System\YvIlzpG.exe
  C:\Windows\System\YvIlzpG.exe
  2⤵
  PID:11268
- C:\Windows\System\GWgQNFi.exe
  C:\Windows\System\GWgQNFi.exe
  2⤵
  PID:11332
- C:\Windows\System\WjGGoHf.exe
  C:\Windows\System\WjGGoHf.exe
  2⤵
  PID:11408
- C:\Windows\System\AZopzgY.exe
  C:\Windows\System\AZopzgY.exe
  2⤵
  PID:11464
- C:\Windows\System\vycDfbp.exe
  C:\Windows\System\vycDfbp.exe
  2⤵
  PID:11528
- C:\Windows\System\VzJBKFU.exe
  C:\Windows\System\VzJBKFU.exe
  2⤵
  PID:11600
- C:\Windows\System\FjAoibr.exe
  C:\Windows\System\FjAoibr.exe
  2⤵
  PID:11664
- C:\Windows\System\PNLTlYg.exe
  C:\Windows\System\PNLTlYg.exe
  2⤵
  PID:11728
- C:\Windows\System\zNmBNne.exe
  C:\Windows\System\zNmBNne.exe
  2⤵
  PID:11788
- C:\Windows\System\tSjHuVa.exe
  C:\Windows\System\tSjHuVa.exe
  2⤵
  PID:1280
- C:\Windows\System\UzkJoId.exe
  C:\Windows\System\UzkJoId.exe
  2⤵
  PID:11848
- C:\Windows\System\rLXDPKI.exe
  C:\Windows\System\rLXDPKI.exe
  2⤵
  PID:11972
- C:\Windows\System\lnipRFj.exe
  C:\Windows\System\lnipRFj.exe
  2⤵
  PID:4216
- C:\Windows\System\cBpGNQT.exe
  C:\Windows\System\cBpGNQT.exe
  2⤵
  PID:4208
- C:\Windows\System\jWqMjVK.exe
  C:\Windows\System\jWqMjVK.exe
  2⤵
  PID:11604
- C:\Windows\System\yhtnXEr.exe
  C:\Windows\System\yhtnXEr.exe
  2⤵
  PID:11960
- C:\Windows\System\bZqEWUc.exe
  C:\Windows\System\bZqEWUc.exe
  2⤵
  PID:12248
- C:\Windows\System\DbUFnYQ.exe
  C:\Windows\System\DbUFnYQ.exe
  2⤵
  PID:12280
- C:\Windows\System\lDpZmlJ.exe
  C:\Windows\System\lDpZmlJ.exe
  2⤵
  PID:2412
- C:\Windows\System\simnrlD.exe
  C:\Windows\System\simnrlD.exe
  2⤵
  PID:12276
- C:\Windows\System\PAroTmU.exe
  C:\Windows\System\PAroTmU.exe
  2⤵
  PID:12100
- C:\Windows\System\xMApFJM.exe
  C:\Windows\System\xMApFJM.exe
  2⤵
  PID:11620
- C:\Windows\System\ZFZbzjB.exe
  C:\Windows\System\ZFZbzjB.exe
  2⤵
  PID:11756
- C:\Windows\System\jlZiHoB.exe
  C:\Windows\System\jlZiHoB.exe
  2⤵
  PID:11844
- C:\Windows\System\aCADEnm.exe
  C:\Windows\System\aCADEnm.exe
  2⤵
  PID:12004
- C:\Windows\System\VpKeseU.exe
  C:\Windows\System\VpKeseU.exe
  2⤵
  PID:11920
- C:\Windows\System\atYQhNC.exe
  C:\Windows\System\atYQhNC.exe
  2⤵
  PID:3468
- C:\Windows\System\SQzmmXI.exe
  C:\Windows\System\SQzmmXI.exe
  2⤵
  PID:3624
- C:\Windows\System\HQgPXjg.exe
  C:\Windows\System\HQgPXjg.exe
  2⤵
  PID:5076
- C:\Windows\System\myuHqdT.exe
  C:\Windows\System\myuHqdT.exe
  2⤵
  PID:2384
- C:\Windows\System\ujhYple.exe
  C:\Windows\System\ujhYple.exe
  2⤵
  PID:11704
- C:\Windows\System\OEYwJiL.exe
  C:\Windows\System\OEYwJiL.exe
  2⤵
  PID:11904
- C:\Windows\System\gSAewws.exe
  C:\Windows\System\gSAewws.exe
  2⤵
  PID:1140
- C:\Windows\System\cTAYGhV.exe
  C:\Windows\System\cTAYGhV.exe
  2⤵
  PID:12204
- C:\Windows\System\XbwbzgE.exe
  C:\Windows\System\XbwbzgE.exe
  2⤵
  PID:1328
- C:\Windows\System\JVKxiBc.exe
  C:\Windows\System\JVKxiBc.exe
  2⤵
  PID:4940
- C:\Windows\System\hqMwopX.exe
  C:\Windows\System\hqMwopX.exe
  2⤵
  PID:3612
- C:\Windows\System\hZPkisI.exe
  C:\Windows\System\hZPkisI.exe
  2⤵
  PID:4320
- C:\Windows\System\NrWhXAO.exe
  C:\Windows\System\NrWhXAO.exe
  2⤵
  PID:2880
- C:\Windows\System\luJxgHi.exe
  C:\Windows\System\luJxgHi.exe
  2⤵
  PID:2560
- C:\Windows\System\GtbEZXs.exe
  C:\Windows\System\GtbEZXs.exe
  2⤵
  PID:4268
- C:\Windows\System\auCDeyi.exe
  C:\Windows\System\auCDeyi.exe
  2⤵
  PID:10312
- C:\Windows\System\ApmgBay.exe
  C:\Windows\System\ApmgBay.exe
  2⤵
  PID:2460
- C:\Windows\System\yzYNYFI.exe
  C:\Windows\System\yzYNYFI.exe
  2⤵
  PID:2464
- C:\Windows\System\jKHeeYE.exe
  C:\Windows\System\jKHeeYE.exe
  2⤵
  PID:456
- C:\Windows\System\KLZZJGi.exe
  C:\Windows\System\KLZZJGi.exe
  2⤵
  PID:3396
- C:\Windows\System\louFmNL.exe
  C:\Windows\System\louFmNL.exe
  2⤵
  PID:2960
- C:\Windows\System\atNIXyr.exe
  C:\Windows\System\atNIXyr.exe
  2⤵
  PID:2292
- C:\Windows\System\ygBzQmw.exe
  C:\Windows\System\ygBzQmw.exe
  2⤵
  PID:2744
- C:\Windows\System\LbAxvfe.exe
  C:\Windows\System\LbAxvfe.exe
  2⤵
  PID:12312
- C:\Windows\System\CvEYOUa.exe
  C:\Windows\System\CvEYOUa.exe
  2⤵
  PID:12336
- C:\Windows\System\hvuaiPE.exe
  C:\Windows\System\hvuaiPE.exe
  2⤵
  PID:12392
- C:\Windows\System\AnVBhvW.exe
  C:\Windows\System\AnVBhvW.exe
  2⤵
  PID:12408
- C:\Windows\System\RpSEXcv.exe
  C:\Windows\System\RpSEXcv.exe
  2⤵
  PID:12436
- C:\Windows\System\eBuEizF.exe
  C:\Windows\System\eBuEizF.exe
  2⤵
  PID:12464
- C:\Windows\System\jmcTZyr.exe
  C:\Windows\System\jmcTZyr.exe
  2⤵
  PID:12496
- C:\Windows\System\uBiYqxY.exe
  C:\Windows\System\uBiYqxY.exe
  2⤵
  PID:12524
- C:\Windows\System\VnqBVOc.exe
  C:\Windows\System\VnqBVOc.exe
  2⤵
  PID:12552
- C:\Windows\System\fgEgIYI.exe
  C:\Windows\System\fgEgIYI.exe
  2⤵
  PID:12580
- C:\Windows\System\tjDdMSq.exe
  C:\Windows\System\tjDdMSq.exe
  2⤵
  PID:12608
- C:\Windows\System\HvHeNCp.exe
  C:\Windows\System\HvHeNCp.exe
  2⤵
  PID:12636
- C:\Windows\System\woPMzdt.exe
  C:\Windows\System\woPMzdt.exe
  2⤵
  PID:12664
- C:\Windows\System\qkxekMf.exe
  C:\Windows\System\qkxekMf.exe
  2⤵
  PID:12692
- C:\Windows\System\KlMRSEi.exe
  C:\Windows\System\KlMRSEi.exe
  2⤵
  PID:12720
- C:\Windows\System\VzRjdMR.exe
  C:\Windows\System\VzRjdMR.exe
  2⤵
  PID:12748
- C:\Windows\System\UETkkfC.exe
  C:\Windows\System\UETkkfC.exe
  2⤵
  PID:12776
- C:\Windows\System\RuEJOnq.exe
  C:\Windows\System\RuEJOnq.exe
  2⤵
  PID:12804
- C:\Windows\System\vfFbvMT.exe
  C:\Windows\System\vfFbvMT.exe
  2⤵
  PID:12832
- C:\Windows\System\JCOvuEm.exe
  C:\Windows\System\JCOvuEm.exe
  2⤵
  PID:12860
- C:\Windows\System\FecBkWG.exe
  C:\Windows\System\FecBkWG.exe
  2⤵
  PID:12888
- C:\Windows\System\bYCjNcA.exe
  C:\Windows\System\bYCjNcA.exe
  2⤵
  PID:12916
- C:\Windows\System\EXjROyi.exe
  C:\Windows\System\EXjROyi.exe
  2⤵
  PID:12944
- C:\Windows\System\qKwSDzN.exe
  C:\Windows\System\qKwSDzN.exe
  2⤵
  PID:12972
- C:\Windows\System\gJHcnbW.exe
  C:\Windows\System\gJHcnbW.exe
  2⤵
  PID:13000
- C:\Windows\System\nOsZIsd.exe
  C:\Windows\System\nOsZIsd.exe
  2⤵
  PID:13028
- C:\Windows\System\KefiQQh.exe
  C:\Windows\System\KefiQQh.exe
  2⤵
  PID:13056
- C:\Windows\System\ZDJJreQ.exe
  C:\Windows\System\ZDJJreQ.exe
  2⤵
  PID:13084
- C:\Windows\System\SGMSqax.exe
  C:\Windows\System\SGMSqax.exe
  2⤵
  PID:13112
- C:\Windows\System\QyQSXSG.exe
  C:\Windows\System\QyQSXSG.exe
  2⤵
  PID:13140
- C:\Windows\System\vKzNaCK.exe
  C:\Windows\System\vKzNaCK.exe
  2⤵
  PID:13168
- C:\Windows\System\oFQVTIu.exe
  C:\Windows\System\oFQVTIu.exe
  2⤵
  PID:13200
- C:\Windows\System\TJhzypE.exe
  C:\Windows\System\TJhzypE.exe
  2⤵
  PID:13228
- C:\Windows\System\iObjlNx.exe
  C:\Windows\System\iObjlNx.exe
  2⤵
  PID:13256
- C:\Windows\System\lkZQjuy.exe
  C:\Windows\System\lkZQjuy.exe
  2⤵
  PID:13284
- C:\Windows\System\lAiPtLf.exe
  C:\Windows\System\lAiPtLf.exe
  2⤵
  PID:12292
- C:\Windows\System\GYqDAEf.exe
  C:\Windows\System\GYqDAEf.exe
  2⤵
  PID:4292
- C:\Windows\System\CWWqXBI.exe
  C:\Windows\System\CWWqXBI.exe
  2⤵
  PID:2044
- C:\Windows\System\FVqIQHv.exe
  C:\Windows\System\FVqIQHv.exe
  2⤵
  PID:3944
- C:\Windows\System\patKILz.exe
  C:\Windows\System\patKILz.exe
  2⤵
  PID:1556
- C:\Windows\System\IrjVAvj.exe
  C:\Windows\System\IrjVAvj.exe
  2⤵
  PID:2844
- C:\Windows\System\VsxMzFh.exe
  C:\Windows\System\VsxMzFh.exe
  2⤵
  PID:2176
- C:\Windows\System\kATdIKn.exe
  C:\Windows\System\kATdIKn.exe
  2⤵
  PID:12448
- C:\Windows\System\uCQwTiD.exe
  C:\Windows\System\uCQwTiD.exe
  2⤵
  PID:824
- C:\Windows\System\JKLHLAJ.exe
  C:\Windows\System\JKLHLAJ.exe
  2⤵
  PID:2944
- C:\Windows\System\mEOWKfs.exe
  C:\Windows\System\mEOWKfs.exe
  2⤵
  PID:12548
- C:\Windows\System\KUwAMOb.exe
  C:\Windows\System\KUwAMOb.exe
  2⤵
  PID:12604
- C:\Windows\System\bsIhOqa.exe
  C:\Windows\System\bsIhOqa.exe
  2⤵
  PID:12676
- C:\Windows\System\beFYfIg.exe
  C:\Windows\System\beFYfIg.exe
  2⤵
  PID:12740
- C:\Windows\System\ZGHVOVA.exe
  C:\Windows\System\ZGHVOVA.exe
  2⤵
  PID:12796
- C:\Windows\System\iEhDovZ.exe
  C:\Windows\System\iEhDovZ.exe
  2⤵
  PID:12844
- C:\Windows\System\CaiSQXw.exe
  C:\Windows\System\CaiSQXw.exe
  2⤵
  PID:5264
- C:\Windows\System\rpAJnXO.exe
  C:\Windows\System\rpAJnXO.exe
  2⤵
  PID:5304
- C:\Windows\System\mroVSRL.exe
  C:\Windows\System\mroVSRL.exe
  2⤵
  PID:5320
- C:\Windows\System\GJNpKJx.exe
  C:\Windows\System\GJNpKJx.exe
  2⤵
  PID:12996
- C:\Windows\System\OGhzsME.exe
  C:\Windows\System\OGhzsME.exe
  2⤵
  PID:13040
- C:\Windows\System\cYCZgID.exe
  C:\Windows\System\cYCZgID.exe
  2⤵
  PID:13076
- C:\Windows\System\YWOIsZi.exe
  C:\Windows\System\YWOIsZi.exe
  2⤵
  PID:5468
- C:\Windows\System\URASxHO.exe
  C:\Windows\System\URASxHO.exe
  2⤵
  PID:13160
- C:\Windows\System\HfYNaLo.exe
  C:\Windows\System\HfYNaLo.exe
  2⤵
  PID:13212
- C:\Windows\System\AmVzPAZ.exe
  C:\Windows\System\AmVzPAZ.exe
  2⤵
  PID:5580
- C:\Windows\System\zwxmEvK.exe
  C:\Windows\System\zwxmEvK.exe
  2⤵
  PID:13272
- C:\Windows\System\WdWzVCO.exe
  C:\Windows\System\WdWzVCO.exe
  2⤵
  PID:5632
- C:\Windows\System\BJCFUBq.exe
  C:\Windows\System\BJCFUBq.exe
  2⤵
  PID:12344
- C:\Windows\System\kWHvwSh.exe
  C:\Windows\System\kWHvwSh.exe
  2⤵
  PID:1944
- C:\Windows\System\XVmEfpA.exe
  C:\Windows\System\XVmEfpA.exe
  2⤵
  PID:5724
- C:\Windows\System\MdPqlhV.exe
  C:\Windows\System\MdPqlhV.exe
  2⤵
  PID:12432
- C:\Windows\System\GJfBPAy.exe
  C:\Windows\System\GJfBPAy.exe
  2⤵
  PID:5828
- C:\Windows\System\VEGuMGm.exe
  C:\Windows\System\VEGuMGm.exe
  2⤵
  PID:5860
- C:\Windows\System\FFLESxo.exe
  C:\Windows\System\FFLESxo.exe
  2⤵
  PID:1576
- C:\Windows\System\ZBerPHv.exe
  C:\Windows\System\ZBerPHv.exe
  2⤵
  PID:5940
- C:\Windows\System\tgvNmOG.exe
  C:\Windows\System\tgvNmOG.exe
  2⤵
  PID:6032
- C:\Windows\System\gYTRxjh.exe
  C:\Windows\System\gYTRxjh.exe
  2⤵
  PID:6088
- C:\Windows\System\sEEcVwq.exe
  C:\Windows\System\sEEcVwq.exe
  2⤵
  PID:5140
- C:\Windows\System\OSCumYW.exe
  C:\Windows\System\OSCumYW.exe
  2⤵
  PID:12660
- C:\Windows\System\fJYFaqX.exe
  C:\Windows\System\fJYFaqX.exe
  2⤵
  PID:5308
- C:\Windows\System\TRQyFdg.exe
  C:\Windows\System\TRQyFdg.exe
  2⤵
  PID:5204
- C:\Windows\System\PGkYEQw.exe
  C:\Windows\System\PGkYEQw.exe
  2⤵
  PID:12900
- C:\Windows\System\MuPJEzm.exe
  C:\Windows\System\MuPJEzm.exe
  2⤵
  PID:5536
- C:\Windows\System\KeUOedL.exe
  C:\Windows\System\KeUOedL.exe
  2⤵
  PID:5636
- C:\Windows\System\JltTXvj.exe
  C:\Windows\System\JltTXvj.exe
  2⤵
  PID:13068
- C:\Windows\System\zhglaiD.exe
  C:\Windows\System\zhglaiD.exe
  2⤵
  PID:13124
- C:\Windows\System\pjJggoq.exe
  C:\Windows\System\pjJggoq.exe
  2⤵
  PID:13192
- C:\Windows\System\pBnvphP.exe
  C:\Windows\System\pBnvphP.exe
  2⤵
  PID:13248
- C:\Windows\System\IEkiMEE.exe
  C:\Windows\System\IEkiMEE.exe
  2⤵
  PID:5660
- C:\Windows\System\nSQJMtb.exe
  C:\Windows\System\nSQJMtb.exe
  2⤵
  PID:5716
- C:\Windows\System\lGAghFn.exe
  C:\Windows\System\lGAghFn.exe
  2⤵
  PID:3876
- C:\Windows\System\peDXrqH.exe
  C:\Windows\System\peDXrqH.exe
  2⤵
  PID:3224
- C:\Windows\System\WLqYQFI.exe
  C:\Windows\System\WLqYQFI.exe
  2⤵
  PID:6052
- C:\Windows\System\FYKyeic.exe
  C:\Windows\System\FYKyeic.exe
  2⤵
  PID:6132
- C:\Windows\System\sArEGuY.exe
  C:\Windows\System\sArEGuY.exe
  2⤵
  PID:12704
- C:\Windows\System\mpgHhHn.exe
  C:\Windows\System\mpgHhHn.exe
  2⤵
  PID:12788
- C:\Windows\System\IFMuhlq.exe
  C:\Windows\System\IFMuhlq.exe
  2⤵
  PID:12880
- C:\Windows\System\gvBCqer.exe
  C:\Windows\System\gvBCqer.exe
  2⤵
  PID:2220
- C:\Windows\System\RUuhTht.exe
  C:\Windows\System\RUuhTht.exe
  2⤵
  PID:5712
- C:\Windows\System\JgHTqNb.exe
  C:\Windows\System\JgHTqNb.exe
  2⤵
  PID:5496
- C:\Windows\System\NdVJZuy.exe
  C:\Windows\System\NdVJZuy.exe
  2⤵
  PID:5888
- C:\Windows\System\oUSljaN.exe
  C:\Windows\System\oUSljaN.exe
  2⤵
  PID:3976
- C:\Windows\System\RXLssFS.exe
  C:\Windows\System\RXLssFS.exe
  2⤵
  PID:6172
- C:\Windows\System\CgsjLCE.exe
  C:\Windows\System\CgsjLCE.exe
  2⤵
  PID:6228
- C:\Windows\System\YFQNwoh.exe
  C:\Windows\System\YFQNwoh.exe
  2⤵
  PID:6296
- C:\Windows\System\gtHfUzv.exe
  C:\Windows\System\gtHfUzv.exe
  2⤵
  PID:6304
- C:\Windows\System\TAcTHQc.exe
  C:\Windows\System\TAcTHQc.exe
  2⤵
  PID:6048
- C:\Windows\System\vtIulEO.exe
  C:\Windows\System\vtIulEO.exe
  2⤵
  PID:5556
- C:\Windows\System\CPryMIc.exe
  C:\Windows\System\CPryMIc.exe
  2⤵
  PID:6428
- C:\Windows\System\EGLUrvn.exe
  C:\Windows\System\EGLUrvn.exe
  2⤵
  PID:5812
- C:\Windows\System\gWJLSVL.exe
  C:\Windows\System\gWJLSVL.exe
  2⤵
  PID:12400
- C:\Windows\System\fFuOrIw.exe
  C:\Windows\System\fFuOrIw.exe
  2⤵
  PID:6556
- C:\Windows\System\cLFfKJa.exe
  C:\Windows\System\cLFfKJa.exe
  2⤵
  PID:6260
- C:\Windows\System\NWLLwdH.exe
  C:\Windows\System\NWLLwdH.exe
  2⤵
  PID:6612
- C:\Windows\System\JPixGnr.exe
  C:\Windows\System\JPixGnr.exe
  2⤵
  PID:6664
- C:\Windows\System\ydJIdCU.exe
  C:\Windows\System\ydJIdCU.exe
  2⤵
  PID:6700
- C:\Windows\System\VslaYrM.exe
  C:\Windows\System\VslaYrM.exe
  2⤵
  PID:3596
- C:\Windows\System\cVrLzgv.exe
  C:\Windows\System\cVrLzgv.exe
  2⤵
  PID:6028
- C:\Windows\System\xFnHzxf.exe
  C:\Windows\System\xFnHzxf.exe
  2⤵
  PID:6800
- C:\Windows\System\RHTmPvm.exe
  C:\Windows\System\RHTmPvm.exe
  2⤵
  PID:13108
- C:\Windows\System\dGnGegM.exe
  C:\Windows\System\dGnGegM.exe
  2⤵
  PID:6756
- C:\Windows\System\isFEeNa.exe
  C:\Windows\System\isFEeNa.exe
  2⤵
  PID:1480
- C:\Windows\System\MvjifOI.exe
  C:\Windows\System\MvjifOI.exe
  2⤵
  PID:4280
- C:\Windows\System\dCFbZzo.exe
  C:\Windows\System\dCFbZzo.exe
  2⤵
  PID:6972
- C:\Windows\System\RlFxhSN.exe
  C:\Windows\System\RlFxhSN.exe
  2⤵
  PID:6568
- C:\Windows\System\tOyStal.exe
  C:\Windows\System\tOyStal.exe
  2⤵
  PID:13320
- C:\Windows\System\xlQpqhR.exe
  C:\Windows\System\xlQpqhR.exe
  2⤵
  PID:13352
- C:\Windows\System\WdlvSGB.exe
  C:\Windows\System\WdlvSGB.exe
  2⤵
  PID:13380
- C:\Windows\System\eaOVEYE.exe
  C:\Windows\System\eaOVEYE.exe
  2⤵
  PID:13408
- C:\Windows\System\nuHqVpN.exe
  C:\Windows\System\nuHqVpN.exe
  2⤵
  PID:13436
- C:\Windows\System\lQonBkQ.exe
  C:\Windows\System\lQonBkQ.exe
  2⤵
  PID:13464
- C:\Windows\System\sKHzGVW.exe
  C:\Windows\System\sKHzGVW.exe
  2⤵
  PID:13492
- C:\Windows\System\TCUstMd.exe
  C:\Windows\System\TCUstMd.exe
  2⤵
  PID:13520
- C:\Windows\System\RWRhVwh.exe
  C:\Windows\System\RWRhVwh.exe
  2⤵
  PID:13548
- C:\Windows\System\wBCdvDg.exe
  C:\Windows\System\wBCdvDg.exe
  2⤵
  PID:13576
- C:\Windows\System\ZldrZfz.exe
  C:\Windows\System\ZldrZfz.exe
  2⤵
  PID:13604
- C:\Windows\System\EWrNHJw.exe
  C:\Windows\System\EWrNHJw.exe
  2⤵
  PID:13632
- C:\Windows\System\zObLfmI.exe
  C:\Windows\System\zObLfmI.exe
  2⤵
  PID:13660
- C:\Windows\System\bMxQXgd.exe
  C:\Windows\System\bMxQXgd.exe
  2⤵
  PID:13688
- C:\Windows\System\nnGLBFv.exe
  C:\Windows\System\nnGLBFv.exe
  2⤵
  PID:13716
- C:\Windows\System\hnbIhDq.exe
  C:\Windows\System\hnbIhDq.exe
  2⤵
  PID:13744
- C:\Windows\System\ZIsgENA.exe
  C:\Windows\System\ZIsgENA.exe
  2⤵
  PID:13772
- C:\Windows\System\lPIdhja.exe
  C:\Windows\System\lPIdhja.exe
  2⤵
  PID:13800
- C:\Windows\System\FJsPcbO.exe
  C:\Windows\System\FJsPcbO.exe
  2⤵
  PID:13828
- C:\Windows\System\SBqsZGr.exe
  C:\Windows\System\SBqsZGr.exe
  2⤵
  PID:13856
- C:\Windows\System\fhKQDAl.exe
  C:\Windows\System\fhKQDAl.exe
  2⤵
  PID:13884
- C:\Windows\System\RPcmtXR.exe
  C:\Windows\System\RPcmtXR.exe
  2⤵
  PID:13912
- C:\Windows\System\XBspdsF.exe
  C:\Windows\System\XBspdsF.exe
  2⤵
  PID:13940
- C:\Windows\System\LbrtSQe.exe
  C:\Windows\System\LbrtSQe.exe
  2⤵
  PID:13972
- C:\Windows\System\OUUeUZo.exe
  C:\Windows\System\OUUeUZo.exe
  2⤵
  PID:14000
- C:\Windows\System\dgBYhcD.exe
  C:\Windows\System\dgBYhcD.exe
  2⤵
  PID:14028
- C:\Windows\System\ThsAUmR.exe
  C:\Windows\System\ThsAUmR.exe
  2⤵
  PID:14056
- C:\Windows\System\QaBoWnF.exe
  C:\Windows\System\QaBoWnF.exe
  2⤵
  PID:14084
- C:\Windows\System\FmEKfRC.exe
  C:\Windows\System\FmEKfRC.exe
  2⤵
  PID:14112
- C:\Windows\System\KjaorCE.exe
  C:\Windows\System\KjaorCE.exe
  2⤵
  PID:14140
- C:\Windows\System\luXZhhw.exe
  C:\Windows\System\luXZhhw.exe
  2⤵
  PID:14168
- C:\Windows\System\FulmZnT.exe
  C:\Windows\System\FulmZnT.exe
  2⤵
  PID:14196
- C:\Windows\System\kOFzFZb.exe
  C:\Windows\System\kOFzFZb.exe
  2⤵
  PID:14224
- C:\Windows\System\PeWlrLz.exe
  C:\Windows\System\PeWlrLz.exe
  2⤵
  PID:14252
- C:\Windows\System\CcqQXfK.exe
  C:\Windows\System\CcqQXfK.exe
  2⤵
  PID:14280
- C:\Windows\System\qpGufer.exe
  C:\Windows\System\qpGufer.exe
  2⤵
  PID:14308
- C:\Windows\System\VOxJOtQ.exe
  C:\Windows\System\VOxJOtQ.exe
  2⤵
  PID:6856
- C:\Windows\System\ylmRilr.exe
  C:\Windows\System\ylmRilr.exe
  2⤵
  PID:13376
- C:\Windows\System\yjvxogr.exe
  C:\Windows\System\yjvxogr.exe
  2⤵
  PID:13448
- C:\Windows\System\lOAFISE.exe
  C:\Windows\System\lOAFISE.exe
  2⤵
  PID:7084
- C:\Windows\System\WNdEOOX.exe
  C:\Windows\System\WNdEOOX.exe
  2⤵
  PID:13532
- C:\Windows\System\mYEucdf.exe
  C:\Windows\System\mYEucdf.exe
  2⤵
  PID:13596
- C:\Windows\System\pTdLFKR.exe
  C:\Windows\System\pTdLFKR.exe
  2⤵
  PID:13644
- C:\Windows\System\KNXsCyX.exe
  C:\Windows\System\KNXsCyX.exe
  2⤵
  PID:13708
- C:\Windows\System\dBurYYk.exe
  C:\Windows\System\dBurYYk.exe
  2⤵
  PID:13768
- C:\Windows\System\xDcrEXI.exe
  C:\Windows\System\xDcrEXI.exe
  2⤵
  PID:13824
- C:\Windows\System\BgDylXh.exe
  C:\Windows\System\BgDylXh.exe
  2⤵
  PID:13852
- C:\Windows\System\yMmCNxO.exe
  C:\Windows\System\yMmCNxO.exe
  2⤵
  PID:13880
- C:\Windows\System\TvfstbM.exe
  C:\Windows\System\TvfstbM.exe
  2⤵
  PID:13908
- C:\Windows\System\aRbjBjs.exe
  C:\Windows\System\aRbjBjs.exe
  2⤵
  PID:1340
- C:\Windows\System\CSocHPS.exe
  C:\Windows\System\CSocHPS.exe
  2⤵
  PID:6448
- C:\Windows\System\rrQEXkK.exe
  C:\Windows\System\rrQEXkK.exe
  2⤵
  PID:6564
- C:\Windows\System\FLPTSaj.exe
  C:\Windows\System\FLPTSaj.exe
  2⤵
  PID:14048
- C:\Windows\System\MCNyhmy.exe
  C:\Windows\System\MCNyhmy.exe
  2⤵
  PID:14096
- C:\Windows\System\tKATfHd.exe
  C:\Windows\System\tKATfHd.exe
  2⤵
  PID:6812
- C:\Windows\System\UTcHhdp.exe
  C:\Windows\System\UTcHhdp.exe
  2⤵
  PID:14136
- C:\Windows\System\yswaylR.exe
  C:\Windows\System\yswaylR.exe
  2⤵
  PID:6992
- C:\Windows\System\mTLWxab.exe
  C:\Windows\System\mTLWxab.exe
  2⤵
  PID:14216
- C:\Windows\System\bemVOoJ.exe
  C:\Windows\System\bemVOoJ.exe
  2⤵
  PID:2804
- C:\Windows\System\zxLALic.exe
  C:\Windows\System\zxLALic.exe
  2⤵
  PID:7120
- C:\Windows\System\rTFSdVi.exe
  C:\Windows\System\rTFSdVi.exe
  2⤵
  PID:14320
- C:\Windows\System\pYKwxgi.exe
  C:\Windows\System\pYKwxgi.exe
  2⤵
  PID:6536
- C:\Windows\System\BONPEMe.exe
  C:\Windows\System\BONPEMe.exe
  2⤵
  PID:6676
- C:\Windows\System\vmPdSLp.exe
  C:\Windows\System\vmPdSLp.exe
  2⤵
  PID:7116
- C:\Windows\System\KNzrrEq.exe
  C:\Windows\System\KNzrrEq.exe
  2⤵
  PID:1636
- C:\Windows\System\rnuXUCC.exe
  C:\Windows\System\rnuXUCC.exe
  2⤵
  PID:13672
- C:\Windows\System\jucjacH.exe
  C:\Windows\System\jucjacH.exe
  2⤵
  PID:6608
- C:\Windows\System\otwgqCm.exe
  C:\Windows\System\otwgqCm.exe
  2⤵
  PID:6388
- C:\Windows\System\hORYfCh.exe
  C:\Windows\System\hORYfCh.exe
  2⤵
  PID:1156
- C:\Windows\System\RDzrXLu.exe
  C:\Windows\System\RDzrXLu.exe
  2⤵
  PID:13904
- C:\Windows\System\rTqtfWy.exe
  C:\Windows\System\rTqtfWy.exe
  2⤵
  PID:13964
- C:\Windows\System\wFpwiXe.exe
  C:\Windows\System\wFpwiXe.exe
  2⤵
  PID:14012
- C:\Windows\System\nkCOSgd.exe
  C:\Windows\System\nkCOSgd.exe
  2⤵
  PID:7288
- C:\Windows\System\PrprCYI.exe
  C:\Windows\System\PrprCYI.exe
  2⤵
  PID:14124
- C:\Windows\System\jCZPcLK.exe
  C:\Windows\System\jCZPcLK.exe
  2⤵
  PID:14160
- C:\Windows\System\ccJUJlO.exe
  C:\Windows\System\ccJUJlO.exe
  2⤵
  PID:7396
- C:\Windows\System\DlaYjDq.exe
  C:\Windows\System\DlaYjDq.exe
  2⤵
  PID:932
- C:\Windows\System\qTNitQn.exe
  C:\Windows\System\qTNitQn.exe
  2⤵
  PID:7488
- C:\Windows\System\mCOemRc.exe
  C:\Windows\System\mCOemRc.exe
  2⤵
  PID:13364
- C:\Windows\System\wLGBqAN.exe
  C:\Windows\System\wLGBqAN.exe
  2⤵
  PID:13488
- C:\Windows\System\uQaNWfU.exe
  C:\Windows\System\uQaNWfU.exe
  2⤵
  PID:7600
- C:\Windows\System\OZuujBc.exe
  C:\Windows\System\OZuujBc.exe
  2⤵
  PID:7144
- C:\Windows\System\JDzETHq.exe
  C:\Windows\System\JDzETHq.exe
  2⤵
  PID:7684
- C:\Windows\System\llVHnVZ.exe
  C:\Windows\System\llVHnVZ.exe
  2⤵
  PID:7156
- C:\Windows\System\tiArvDI.exe
  C:\Windows\System\tiArvDI.exe
  2⤵
  PID:7756
- C:\Windows\System\zcVYXkc.exe
  C:\Windows\System\zcVYXkc.exe
  2⤵
  PID:7784
- C:\Windows\System\ETJFZEF.exe
  C:\Windows\System\ETJFZEF.exe
  2⤵
  PID:7856
- C:\Windows\System\cbXBlcJ.exe
  C:\Windows\System\cbXBlcJ.exe
  2⤵
  PID:7308
- C:\Windows\System\JOesdHY.exe
  C:\Windows\System\JOesdHY.exe
  2⤵
  PID:6908
- C:\Windows\System\rvHKZjZ.exe
  C:\Windows\System\rvHKZjZ.exe
  2⤵
  PID:7080
- C:\Windows\System\oTHlset.exe
  C:\Windows\System\oTHlset.exe
  2⤵
  PID:7988
- C:\Windows\System\QYAXCwd.exe
  C:\Windows\System\QYAXCwd.exe
  2⤵
  PID:8016
- C:\Windows\System\avkhHZf.exe
  C:\Windows\System\avkhHZf.exe
  2⤵
  PID:13572
- C:\Windows\System\cllkGdH.exe
  C:\Windows\System\cllkGdH.exe
  2⤵
  PID:8100
- C:\Windows\System\IaMgKHc.exe
  C:\Windows\System\IaMgKHc.exe
  2⤵
  PID:8164
- C:\Windows\System\XSyKXon.exe
  C:\Windows\System\XSyKXon.exe
  2⤵
  PID:7096
- C:\Windows\System\ffJmTaM.exe
  C:\Windows\System\ffJmTaM.exe
  2⤵
  PID:7296
- C:\Windows\System\RLsslYM.exe
  C:\Windows\System\RLsslYM.exe
  2⤵
  PID:7276
- C:\Windows\System\wynLxXC.exe
  C:\Windows\System\wynLxXC.exe
  2⤵
  PID:7332
- C:\Windows\System\crdwKtD.exe
  C:\Windows\System\crdwKtD.exe
  2⤵
  PID:7088
- C:\Windows\System\RrNRgNE.exe
  C:\Windows\System\RrNRgNE.exe
  2⤵
  PID:8108
- C:\Windows\System\ksUALaQ.exe
  C:\Windows\System\ksUALaQ.exe
  2⤵
  PID:13756
- C:\Windows\System\MnBWIhm.exe
  C:\Windows\System\MnBWIhm.exe
  2⤵
  PID:7236
- C:\Windows\System\UlQbTXr.exe
  C:\Windows\System\UlQbTXr.exe
  2⤵
  PID:7944
- C:\Windows\System\mSMuThy.exe
  C:\Windows\System\mSMuThy.exe
  2⤵
  PID:7456
- C:\Windows\System\DFpYrME.exe
  C:\Windows\System\DFpYrME.exe
  2⤵
  PID:7660
- C:\Windows\System\CDcBaYC.exe
  C:\Windows\System\CDcBaYC.exe
  2⤵
  PID:2476
- C:\Windows\System\nNOucEQ.exe
  C:\Windows\System\nNOucEQ.exe
  2⤵
  PID:6900
- C:\Windows\System\MSoExKj.exe
  C:\Windows\System\MSoExKj.exe
  2⤵
  PID:7664
- C:\Windows\System\uIfaDWC.exe
  C:\Windows\System\uIfaDWC.exe
  2⤵
  PID:5176
- C:\Windows\System\iUgkXKk.exe
  C:\Windows\System\iUgkXKk.exe
  2⤵
  PID:8004
- C:\Windows\System\eDhtNbP.exe
  C:\Windows\System\eDhtNbP.exe
  2⤵
  PID:8060
- C:\Windows\System\gNDhrsW.exe
  C:\Windows\System\gNDhrsW.exe
  2⤵
  PID:7780
- C:\Windows\System\bfdVtOw.exe
  C:\Windows\System\bfdVtOw.exe
  2⤵
  PID:7300
- C:\Windows\System\vJBCngp.exe
  C:\Windows\System\vJBCngp.exe
  2⤵
  PID:8132
- C:\Windows\System\MZnwBSs.exe
  C:\Windows\System\MZnwBSs.exe
  2⤵
  PID:3692
- C:\Windows\System\MuzXdNp.exe
  C:\Windows\System\MuzXdNp.exe
  2⤵
  PID:7960
- C:\Windows\System\fdxTOmN.exe
  C:\Windows\System\fdxTOmN.exe
  2⤵
  PID:8248
- C:\Windows\System\wFgERgO.exe
  C:\Windows\System\wFgERgO.exe
  2⤵
  PID:8304
- C:\Windows\System\NyMAksg.exe
  C:\Windows\System\NyMAksg.exe
  2⤵
  PID:8228
- C:\Windows\System\wtiNhYL.exe
  C:\Windows\System\wtiNhYL.exe
  2⤵
  PID:8396
- C:\Windows\System\gBvRVaL.exe
  C:\Windows\System\gBvRVaL.exe
  2⤵
  PID:8360
- C:\Windows\System\ltIUawo.exe
  C:\Windows\System\ltIUawo.exe
  2⤵
  PID:8480
- C:\Windows\System\HHVjZXQ.exe
  C:\Windows\System\HHVjZXQ.exe
  2⤵
  PID:8424
- C:\Windows\System\CZOHWaq.exe
  C:\Windows\System\CZOHWaq.exe
  2⤵
  PID:14344
- C:\Windows\System\IrlMBzg.exe
  C:\Windows\System\IrlMBzg.exe
  2⤵
  PID:14372
- C:\Windows\System\QtuHbey.exe
  C:\Windows\System\QtuHbey.exe
  2⤵
  PID:14400
- C:\Windows\System\QFQJfKM.exe
  C:\Windows\System\QFQJfKM.exe
  2⤵
  PID:14428
- C:\Windows\System\NBDaUgZ.exe
  C:\Windows\System\NBDaUgZ.exe
  2⤵
  PID:14456
- C:\Windows\System\SpbSsRZ.exe
  C:\Windows\System\SpbSsRZ.exe
  2⤵
  PID:14484
- C:\Windows\System\CMHspXS.exe
  C:\Windows\System\CMHspXS.exe
  2⤵
  PID:14512
- C:\Windows\System\McFyXKD.exe
  C:\Windows\System\McFyXKD.exe
  2⤵
  PID:14540
- C:\Windows\System\QYJLiCw.exe
  C:\Windows\System\QYJLiCw.exe
  2⤵
  PID:14568
- C:\Windows\System\KieUreS.exe
  C:\Windows\System\KieUreS.exe
  2⤵
  PID:14600
- C:\Windows\System\UtjOULs.exe
  C:\Windows\System\UtjOULs.exe
  2⤵
  PID:14628
- C:\Windows\System\MDXuiNk.exe
  C:\Windows\System\MDXuiNk.exe
  2⤵
  PID:14656
- C:\Windows\System\ZaWYgRl.exe
  C:\Windows\System\ZaWYgRl.exe
  2⤵
  PID:14684
- C:\Windows\System\sVjjgWH.exe
  C:\Windows\System\sVjjgWH.exe
  2⤵
  PID:14712
- C:\Windows\System\rJPSodU.exe
  C:\Windows\System\rJPSodU.exe
  2⤵
  PID:14740
- C:\Windows\System\CFqBPVV.exe
  C:\Windows\System\CFqBPVV.exe
  2⤵
  PID:14768
- C:\Windows\System\xNJeSRa.exe
  C:\Windows\System\xNJeSRa.exe
  2⤵
  PID:14796
- C:\Windows\System\cYLRPbQ.exe
  C:\Windows\System\cYLRPbQ.exe
  2⤵
  PID:14824
- C:\Windows\System\KvqjUJt.exe
  C:\Windows\System\KvqjUJt.exe
  2⤵
  PID:14904
- C:\Windows\System\hUIkKeh.exe
  C:\Windows\System\hUIkKeh.exe
  2⤵
  PID:14940
- C:\Windows\System\itXwkMO.exe
  C:\Windows\System\itXwkMO.exe
  2⤵
  PID:14996
- C:\Windows\System\DYOvkUe.exe
  C:\Windows\System\DYOvkUe.exe
  2⤵
  PID:15040
- C:\Windows\System\MFXJUcy.exe
  C:\Windows\System\MFXJUcy.exe
  2⤵
  PID:15068
- C:\Windows\System\oamhRwv.exe
  C:\Windows\System\oamhRwv.exe
  2⤵
  PID:15096
- C:\Windows\System\MNWitql.exe
  C:\Windows\System\MNWitql.exe
  2⤵
  PID:15124
- C:\Windows\System\vbIvlZK.exe
  C:\Windows\System\vbIvlZK.exe
  2⤵
  PID:15152
- C:\Windows\System\dTixXhM.exe
  C:\Windows\System\dTixXhM.exe
  2⤵
  PID:15184
- C:\Windows\System\HzhDnzW.exe
  C:\Windows\System\HzhDnzW.exe
  2⤵
  PID:15212
- C:\Windows\System\HrQbHra.exe
  C:\Windows\System\HrQbHra.exe
  2⤵
  PID:15240
- C:\Windows\System\oCsMOTc.exe
  C:\Windows\System\oCsMOTc.exe
  2⤵
  PID:15268
- C:\Windows\System\AihxTIW.exe
  C:\Windows\System\AihxTIW.exe
  2⤵
  PID:15296
- C:\Windows\System\ArwCpnS.exe
  C:\Windows\System\ArwCpnS.exe
  2⤵
  PID:15324
- C:\Windows\System\SXiZqqG.exe
  C:\Windows\System\SXiZqqG.exe
  2⤵
  PID:8560
- C:\Windows\System\AWoqFuM.exe
  C:\Windows\System\AWoqFuM.exe
  2⤵
  PID:14356
- C:\Windows\System\etKCuta.exe
  C:\Windows\System\etKCuta.exe
  2⤵
  PID:14384
- C:\Windows\System\LPsCABm.exe
  C:\Windows\System\LPsCABm.exe
  2⤵
  PID:14420
- C:\Windows\System\NSUdxgi.exe
  C:\Windows\System\NSUdxgi.exe
  2⤵
  PID:8708
- C:\Windows\System\EXdQfgN.exe
  C:\Windows\System\EXdQfgN.exe
  2⤵
  PID:8764
- C:\Windows\System\FppvRUs.exe
  C:\Windows\System\FppvRUs.exe
  2⤵
  PID:14524
- C:\Windows\System\jXcgPTz.exe
  C:\Windows\System\jXcgPTz.exe
  2⤵
  PID:14564
- C:\Windows\System\LHpVmGF.exe
  C:\Windows\System\LHpVmGF.exe
  2⤵
  PID:8872
- C:\Windows\System\QMRuvHV.exe
  C:\Windows\System\QMRuvHV.exe
  2⤵
  PID:14648
- C:\Windows\System\ACRtbdX.exe
  C:\Windows\System\ACRtbdX.exe
  2⤵
  PID:8960
- C:\Windows\System\ryOtMou.exe
  C:\Windows\System\ryOtMou.exe
  2⤵
  PID:14724
- C:\Windows\System\YYLaXmO.exe
  C:\Windows\System\YYLaXmO.exe
  2⤵
  PID:14788
- C:\Windows\System\HwkzFNG.exe
  C:\Windows\System\HwkzFNG.exe
  2⤵
  PID:14848
- C:\Windows\System\rOTZvpx.exe
  C:\Windows\System\rOTZvpx.exe
  2⤵
  PID:14868
- C:\Windows\System\CtftTxV.exe
  C:\Windows\System\CtftTxV.exe
  2⤵
  PID:14888
- C:\Windows\System\zPTRErX.exe
  C:\Windows\System\zPTRErX.exe
  2⤵
  PID:14932
- C:\Windows\System\ssSjVPt.exe
  C:\Windows\System\ssSjVPt.exe
  2⤵
  PID:14952
- C:\Windows\System\lhjESJq.exe
  C:\Windows\System\lhjESJq.exe
  2⤵
  PID:9176
- C:\Windows\System\yFRwBpo.exe
  C:\Windows\System\yFRwBpo.exe
  2⤵
  PID:9212
- C:\Windows\System\jVivEZV.exe
  C:\Windows\System\jVivEZV.exe
  2⤵
  PID:8232
- C:\Windows\System\udyCyiP.exe
  C:\Windows\System\udyCyiP.exe
  2⤵
  PID:15036
- C:\Windows\System\pgeIcHP.exe
  C:\Windows\System\pgeIcHP.exe
  2⤵
  PID:15056
- C:\Windows\System\hIzKidd.exe
  C:\Windows\System\hIzKidd.exe
  2⤵
  PID:8400
- C:\Windows\System\jGDlAsX.exe
  C:\Windows\System\jGDlAsX.exe
  2⤵
  PID:8448
- C:\Windows\System\DFaEoWC.exe
  C:\Windows\System\DFaEoWC.exe
  2⤵
  PID:8588
- C:\Windows\System\WZwNutn.exe
  C:\Windows\System\WZwNutn.exe
  2⤵
  PID:8652
- C:\Windows\System\fQEEGpq.exe
  C:\Windows\System\fQEEGpq.exe
  2⤵
  PID:15280
- C:\Windows\System\ooOhXhV.exe
  C:\Windows\System\ooOhXhV.exe
  2⤵
  PID:15320
- C:\Windows\System\cCryZsu.exe
  C:\Windows\System\cCryZsu.exe
  2⤵
  PID:9080
- C:\Windows\System\AZFTzRx.exe
  C:\Windows\System\AZFTzRx.exe
  2⤵
  PID:8856
- C:\Windows\System\DEYihYr.exe
  C:\Windows\System\DEYihYr.exe
  2⤵
  PID:14836
- C:\Windows\System\ZGJgior.exe
  C:\Windows\System\ZGJgior.exe
  2⤵
  PID:14872
- C:\Windows\System\RGrgwgw.exe
  C:\Windows\System\RGrgwgw.exe
  2⤵
  PID:9160
- C:\Windows\System\gFNeTDM.exe
  C:\Windows\System\gFNeTDM.exe
  2⤵
  PID:9048
- C:\Windows\System\ZeSjdCb.exe
  C:\Windows\System\ZeSjdCb.exe
  2⤵
  PID:15080
- C:\Windows\System\RiGWtjI.exe
  C:\Windows\System\RiGWtjI.exe
  2⤵
  PID:15108
- C:\Windows\System\loOQgQf.exe
  C:\Windows\System\loOQgQf.exe
  2⤵
  PID:9312
- C:\Windows\System\dofoHiN.exe
  C:\Windows\System\dofoHiN.exe
  2⤵
  PID:15236
- C:\Windows\System\xxidDEZ.exe
  C:\Windows\System\xxidDEZ.exe
  2⤵
  PID:9388
- C:\Windows\System\ZqeoXPf.exe
  C:\Windows\System\ZqeoXPf.exe
  2⤵
  PID:9452
- C:\Windows\System\BlHlVRD.exe
  C:\Windows\System\BlHlVRD.exe
  2⤵
  PID:7516
- C:\Windows\System\TgsxdPl.exe
  C:\Windows\System\TgsxdPl.exe
  2⤵
  PID:5972
- C:\Windows\System\VABWrTU.exe
  C:\Windows\System\VABWrTU.exe
  2⤵
  PID:14452
- C:\Windows\System\SezTMub.exe
  C:\Windows\System\SezTMub.exe
  2⤵
  PID:9552
- C:\Windows\System\jfQuIxT.exe
  C:\Windows\System\jfQuIxT.exe
  2⤵
  PID:8784
- C:\Windows\System\EraveQb.exe
  C:\Windows\System\EraveQb.exe
  2⤵
  PID:7072
- C:\Windows\System\SVqQIXH.exe
  C:\Windows\System\SVqQIXH.exe
  2⤵
  PID:9656
- C:\Windows\System\ciCstzR.exe
  C:\Windows\System\ciCstzR.exe
  2⤵
  PID:8896
- C:\Windows\System\VbIQvUk.exe
  C:\Windows\System\VbIQvUk.exe
  2⤵
  PID:9732
- C:\Windows\System\bdmjuiC.exe
  C:\Windows\System\bdmjuiC.exe
  2⤵
  PID:14764
- C:\Windows\System\exVjswA.exe
  C:\Windows\System\exVjswA.exe
  2⤵
  PID:14856
- C:\Windows\System\uecGbEm.exe
  C:\Windows\System\uecGbEm.exe
  2⤵
  PID:9064
- C:\Windows\System\rpVyMtV.exe
  C:\Windows\System\rpVyMtV.exe
  2⤵
  PID:9100
- C:\Windows\System\DiupYbL.exe
  C:\Windows\System\DiupYbL.exe
  2⤵
  PID:14928
- C:\Windows\System\spHxnie.exe
  C:\Windows\System\spHxnie.exe
  2⤵
  PID:6644
- C:\Windows\System\UNvQyED.exe
  C:\Windows\System\UNvQyED.exe
  2⤵
  PID:14960
- C:\Windows\System\NaIIMVO.exe
  C:\Windows\System\NaIIMVO.exe
  2⤵
  PID:8796
- C:\Windows\System\RxedyOf.exe
  C:\Windows\System\RxedyOf.exe
  2⤵
  PID:10108
- C:\Windows\System\hKQcWSX.exe
  C:\Windows\System\hKQcWSX.exe
  2⤵
  PID:10164
- C:\Windows\System\dIySwnL.exe
  C:\Windows\System\dIySwnL.exe
  2⤵
  PID:9240
- C:\Windows\System\OSUkGKk.exe
  C:\Windows\System\OSUkGKk.exe
  2⤵
  PID:8736
- C:\Windows\System\XwMJtod.exe
  C:\Windows\System\XwMJtod.exe
  2⤵
  PID:8700
- C:\Windows\System\SauHmzT.exe
  C:\Windows\System\SauHmzT.exe
  2⤵
  PID:9416
- C:\Windows\System\SaeQwlT.exe
  C:\Windows\System\SaeQwlT.exe
  2⤵
  PID:7008
- C:\Windows\System\HnlXfZF.exe
  C:\Windows\System\HnlXfZF.exe
  2⤵
  PID:14392
- C:\Windows\System\yAnhqdz.exe
  C:\Windows\System\yAnhqdz.exe
  2⤵
  PID:14504
- C:\Windows\System\aJmGZSH.exe
  C:\Windows\System\aJmGZSH.exe
  2⤵
  PID:9772
- C:\Windows\System\IuZXomv.exe
  C:\Windows\System\IuZXomv.exe
  2⤵
  PID:14584
- C:\Windows\System\BfOTpcP.exe
  C:\Windows\System\BfOTpcP.exe
  2⤵
  PID:9704
- C:\Windows\System\YQLoHWh.exe
  C:\Windows\System\YQLoHWh.exe
  2⤵
  PID:3628
- C:\Windows\System\ljUqrea.exe
  C:\Windows\System\ljUqrea.exe
  2⤵
  PID:9788
- C:\Windows\System\AFfDCIx.exe
  C:\Windows\System\AFfDCIx.exe
  2⤵
  PID:14876
- C:\Windows\System\LjwdBDf.exe
  C:\Windows\System\LjwdBDf.exe
  2⤵
  PID:1528
- C:\Windows\System\dOlSmZx.exe
  C:\Windows\System\dOlSmZx.exe
  2⤵
  PID:14920
- C:\Windows\System\eMdzhpy.exe
  C:\Windows\System\eMdzhpy.exe
  2⤵
  PID:1468
- C:\Windows\System\fltVMwL.exe
  C:\Windows\System\fltVMwL.exe
  2⤵
  PID:9120
- C:\Windows\System\chCIgpj.exe
  C:\Windows\System\chCIgpj.exe
  2⤵
  PID:10044
- C:\Windows\System\LjrFNqW.exe
  C:\Windows\System\LjrFNqW.exe
  2⤵
  PID:9400
- C:\Windows\System\TjiRLPy.exe
  C:\Windows\System\TjiRLPy.exe
  2⤵
  PID:2952
- C:\Windows\System\fOgftOw.exe
  C:\Windows\System\fOgftOw.exe
  2⤵
  PID:9792
- C:\Windows\System\FiJxSWz.exe
  C:\Windows\System\FiJxSWz.exe
  2⤵
  PID:9252
- C:\Windows\System\gmfwiBF.exe
  C:\Windows\System\gmfwiBF.exe
  2⤵
  PID:9372
- C:\Windows\System\AXJnQdH.exe
  C:\Windows\System\AXJnQdH.exe
  2⤵
  PID:10328
- C:\Windows\System\JgeKXBk.exe
  C:\Windows\System\JgeKXBk.exe
  2⤵
  PID:14476
- C:\Windows\System\VfaTEIR.exe
  C:\Windows\System\VfaTEIR.exe
  2⤵
  PID:10424
- C:\Windows\System\ejBFrwg.exe
  C:\Windows\System\ejBFrwg.exe
  2⤵
  PID:8712
- C:\Windows\System\BQjyYKY.exe
  C:\Windows\System\BQjyYKY.exe
  2⤵
  PID:4760
- C:\Windows\System\mGUgteH.exe
  C:\Windows\System\mGUgteH.exe
  2⤵
  PID:10576
- C:\Windows\System\eROJSmd.exe
  C:\Windows\System\eROJSmd.exe
  2⤵
  PID:9916
- C:\Windows\System\puONKQH.exe
  C:\Windows\System\puONKQH.exe
  2⤵
  PID:9676
- C:\Windows\System\zCTlgPK.exe
  C:\Windows\System\zCTlgPK.exe
  2⤵
  PID:10104
- C:\Windows\System\DWsARTA.exe
  C:\Windows\System\DWsARTA.exe
  2⤵
  PID:9008
- C:\Windows\System\JRFDHQI.exe
  C:\Windows\System\JRFDHQI.exe
  2⤵
  PID:10804
- C:\Windows\System\trRXonU.exe
  C:\Windows\System\trRXonU.exe
  2⤵
  PID:9776
- C:\Windows\System\VThunQh.exe
  C:\Windows\System\VThunQh.exe
  2⤵
  PID:9880
- C:\Windows\System\YfzlKPG.exe
  C:\Windows\System\YfzlKPG.exe
  2⤵
  PID:2112
- C:\Windows\System\lRsZFmH.exe
  C:\Windows\System\lRsZFmH.exe
  2⤵
  PID:10184
- C:\Windows\System\CwtdaZE.exe
  C:\Windows\System\CwtdaZE.exe
  2⤵
  PID:10260
- C:\Windows\System\sFEiSDd.exe
  C:\Windows\System\sFEiSDd.exe
  2⤵
  PID:9628
- C:\Windows\System\qQRqKIn.exe
  C:\Windows\System\qQRqKIn.exe
  2⤵
  PID:11008
- C:\Windows\System\DymThvd.exe
  C:\Windows\System\DymThvd.exe
  2⤵
  PID:9684
- C:\Windows\System\mPKjgRu.exe
  C:\Windows\System\mPKjgRu.exe
  2⤵
  PID:11084
- C:\Windows\System\rKPYbIE.exe
  C:\Windows\System\rKPYbIE.exe
  2⤵
  PID:10596
- C:\Windows\System\GBAXRMC.exe
  C:\Windows\System\GBAXRMC.exe
  2⤵
  PID:10688
- C:\Windows\System\VfOlfiX.exe
  C:\Windows\System\VfOlfiX.exe
  2⤵
  PID:9096
- C:\Windows\System\OGyXPCF.exe
  C:\Windows\System\OGyXPCF.exe
  2⤵
  PID:10776
- C:\Windows\System\JznASRI.exe
  C:\Windows\System\JznASRI.exe
  2⤵
  PID:7852
- C:\Windows\System\TTKCGSu.exe
  C:\Windows\System\TTKCGSu.exe
  2⤵
  PID:10364
- C:\Windows\System\ihJLXqX.exe
  C:\Windows\System\ihJLXqX.exe
  2⤵
  PID:9404
- C:\Windows\System\DcQzZqb.exe
  C:\Windows\System\DcQzZqb.exe
  2⤵
  PID:10556
- C:\Windows\System\Urgxkkn.exe
  C:\Windows\System\Urgxkkn.exe
  2⤵
  PID:3584
- C:\Windows\System\GkfhaNt.exe
  C:\Windows\System\GkfhaNt.exe
  2⤵
  PID:10980
- C:\Windows\System\ZhrXPzF.exe
  C:\Windows\System\ZhrXPzF.exe
  2⤵
  PID:11064
- C:\Windows\System\tfNcMhK.exe
  C:\Windows\System\tfNcMhK.exe
  2⤵
  PID:11140
- C:\Windows\System\cMCCqbq.exe
  C:\Windows\System\cMCCqbq.exe
  2⤵
  PID:11224
- C:\Windows\System\tKrrseO.exe
  C:\Windows\System\tKrrseO.exe
  2⤵
  PID:10864
- C:\Windows\System\hXugyzZ.exe
  C:\Windows\System\hXugyzZ.exe
  2⤵
  PID:10076
- C:\Windows\System\xbCytWr.exe
  C:\Windows\System\xbCytWr.exe
  2⤵
  PID:10468
- C:\Windows\System\ZMFtSBQ.exe
  C:\Windows\System\ZMFtSBQ.exe
  2⤵
  PID:10916
- C:\Windows\System\bOUGnjd.exe
  C:\Windows\System\bOUGnjd.exe
  2⤵
  PID:7540
- C:\Windows\System\QYAVanU.exe
  C:\Windows\System\QYAVanU.exe
  2⤵
  PID:10428
- C:\Windows\System\TZEQvIn.exe
  C:\Windows\System\TZEQvIn.exe
  2⤵
  PID:10780
- C:\Windows\System\UYCqHRM.exe
  C:\Windows\System\UYCqHRM.exe
  2⤵
  PID:10784
- C:\Windows\System\zDTzUQr.exe
  C:\Windows\System\zDTzUQr.exe
  2⤵
  PID:11044
- C:\Windows\System\fmhtSYP.exe
  C:\Windows\System\fmhtSYP.exe
  2⤵
  PID:11128
- C:\Windows\System\nIbGlNx.exe
  C:\Windows\System\nIbGlNx.exe
  2⤵
  PID:10808
- C:\Windows\System\JPDxDkt.exe
  C:\Windows\System\JPDxDkt.exe
  2⤵
  PID:10984
- C:\Windows\System\DJtXuJn.exe
  C:\Windows\System\DJtXuJn.exe
  2⤵
  PID:11100
- C:\Windows\System\JYaAVqH.exe
  C:\Windows\System\JYaAVqH.exe
  2⤵
  PID:10824
- C:\Windows\System\PiJVthQ.exe
  C:\Windows\System\PiJVthQ.exe
  2⤵
  PID:11320
- C:\Windows\System\sJhwRay.exe
  C:\Windows\System\sJhwRay.exe
  2⤵
  PID:11144
- C:\Windows\System\oSGrysP.exe
  C:\Windows\System\oSGrysP.exe
  2⤵
  PID:11412
- C:\Windows\System\TTxLZCN.exe
  C:\Windows\System\TTxLZCN.exe
  2⤵
  PID:10500
- C:\Windows\System\EuqrxNm.exe
  C:\Windows\System\EuqrxNm.exe
  2⤵
  PID:11496
- C:\Windows\System\eZCEIkP.exe
  C:\Windows\System\eZCEIkP.exe
  2⤵
  PID:11544
- C:\Windows\System\yWaQGKV.exe
  C:\Windows\System\yWaQGKV.exe
  2⤵
  PID:11572
- C:\Windows\System\DDaMSMf.exe
  C:\Windows\System\DDaMSMf.exe
  2⤵
  PID:11640
- C:\Windows\System\rgVDjQd.exe
  C:\Windows\System\rgVDjQd.exe
  2⤵
  PID:11696
- C:\Windows\System\JbFldpb.exe
  C:\Windows\System\JbFldpb.exe
  2⤵
  PID:11668
- C:\Windows\System\AFXNHPW.exe
  C:\Windows\System\AFXNHPW.exe
  2⤵
  PID:11772
- C:\Windows\System\rFCcBeM.exe
  C:\Windows\System\rFCcBeM.exe
  2⤵
  PID:11780
- C:\Windows\System\WnqWTLO.exe
  C:\Windows\System\WnqWTLO.exe
  2⤵
  PID:11868
- C:\Windows\System\gwQgQcW.exe
  C:\Windows\System\gwQgQcW.exe
  2⤵
  PID:15376
- C:\Windows\System\FKdPOHc.exe
  C:\Windows\System\FKdPOHc.exe
  2⤵
  PID:15404
- C:\Windows\System\wmnvfyG.exe
  C:\Windows\System\wmnvfyG.exe
  2⤵
  PID:15432
- C:\Windows\System\FcNYmgJ.exe
  C:\Windows\System\FcNYmgJ.exe
  2⤵
  PID:15460
- C:\Windows\System\SHJUDRK.exe
  C:\Windows\System\SHJUDRK.exe
  2⤵
  PID:15488
- C:\Windows\System\HtVIvJu.exe
  C:\Windows\System\HtVIvJu.exe
  2⤵
  PID:15516
- C:\Windows\System\xoWWDAZ.exe
  C:\Windows\System\xoWWDAZ.exe
  2⤵
  PID:15544
- C:\Windows\System\QkMZdkX.exe
  C:\Windows\System\QkMZdkX.exe
  2⤵
  PID:15572
- C:\Windows\System\QCHvkvX.exe
  C:\Windows\System\QCHvkvX.exe
  2⤵
  PID:15600
- C:\Windows\System\PWiPJiC.exe
  C:\Windows\System\PWiPJiC.exe
  2⤵
  PID:15628
- C:\Windows\System\dJeJrFY.exe
  C:\Windows\System\dJeJrFY.exe
  2⤵
  PID:15656
- C:\Windows\System\BBTlSmk.exe
  C:\Windows\System\BBTlSmk.exe
  2⤵
  PID:15684
- C:\Windows\System\oYkkWAM.exe
  C:\Windows\System\oYkkWAM.exe
  2⤵
  PID:15712
- C:\Windows\System\LSsSbCK.exe
  C:\Windows\System\LSsSbCK.exe
  2⤵
  PID:15744
- C:\Windows\System\ZlKZquC.exe
  C:\Windows\System\ZlKZquC.exe
  2⤵
  PID:15772
- C:\Windows\System\thlczzp.exe
  C:\Windows\System\thlczzp.exe
  2⤵
  PID:15800
- C:\Windows\System\qLlxIpo.exe
  C:\Windows\System\qLlxIpo.exe
  2⤵
  PID:15828
- C:\Windows\System\LEfYvXJ.exe
  C:\Windows\System\LEfYvXJ.exe
  2⤵
  PID:15856
- C:\Windows\System\hMoLrSc.exe
  C:\Windows\System\hMoLrSc.exe
  2⤵
  PID:15884
- C:\Windows\System\sSgiImB.exe
  C:\Windows\System\sSgiImB.exe
  2⤵
  PID:15912
- C:\Windows\System\NQqdVdH.exe
  C:\Windows\System\NQqdVdH.exe
  2⤵
  PID:15944
- C:\Windows\System\TTjomkQ.exe
  C:\Windows\System\TTjomkQ.exe
  2⤵
  PID:15972
- C:\Windows\System\rGybElF.exe
  C:\Windows\System\rGybElF.exe
  2⤵
  PID:16000
- C:\Windows\System\BsFBGfw.exe
  C:\Windows\System\BsFBGfw.exe
  2⤵
  PID:16028
- C:\Windows\System\CjeaAab.exe
  C:\Windows\System\CjeaAab.exe
  2⤵
  PID:16060
- C:\Windows\System\YKROeAp.exe
  C:\Windows\System\YKROeAp.exe
  2⤵
  PID:16088
- C:\Windows\System\hYiFKof.exe
  C:\Windows\System\hYiFKof.exe
  2⤵
  PID:16116
- C:\Windows\System\rsWoMCP.exe
  C:\Windows\System\rsWoMCP.exe
  2⤵
  PID:16144
- C:\Windows\System\qdLWxFO.exe
  C:\Windows\System\qdLWxFO.exe
  2⤵
  PID:16176
- C:\Windows\System\biaCxef.exe
  C:\Windows\System\biaCxef.exe
  2⤵
  PID:16204
- C:\Windows\System\iKYlCVM.exe
  C:\Windows\System\iKYlCVM.exe
  2⤵
  PID:16232
- C:\Windows\System\HtKdUwq.exe
  C:\Windows\System\HtKdUwq.exe
  2⤵
  PID:16260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AWUAdcA.exe

Filesize
6.0MB

MD5
bde40c79c821f6c5a8d9a2f85e1b825c

SHA1
6e1f6c35dbd11388eb8de9a3ead0087b5f00e882

SHA256
d2143f8044a41050e745fdee2c8ec70551452a155b84ac4699f28e81370de94f

SHA512
7f069634aa87d254502177d6e744e9bcd491e4b1ca0f50952a5cadbb20032cc8bc11ac6a77eb52a104a04b8944792fb1f3cb5548b08e2af7499c99c8fdfbbab9

Download Submit
C:\Windows\System\BUCGWtc.exe

Filesize
6.0MB

MD5
54de80bd458f4534b5db54f036b89946

SHA1
34dca3c50f9162b46737666f28df6c2f127cdb25

SHA256
6c34d4bf6e54d51073e23a9b49c359136bda39736b6b4ccefeadfbe583a77b1e

SHA512
2bbd6cf745906bbf5783e3b85605bb739d54fdc663f44442b90a15e09674839e6820a99893ca4e385a34305a372a1cb9155e0853ab9d053e25554d8bcea450a6

Download Submit
C:\Windows\System\DHBPzen.exe

Filesize
6.0MB

MD5
20f3846b14de591f2202a5a22da712ba

SHA1
ed0526475c88e7cb6036f4daacef9372cb397cf7

SHA256
e8052a8478c4aa096b1a4dcc09181e88d32caa8aba5e7ac7a8e3fb89e3bc61be

SHA512
a809e29f012c836532f88a63dd709212c03a8da2f297403844bfd619ef3d692a3e3684fdc6b1a2d69302cef8058b7bc5c7b63b47c8972531b0a157c48e2e81eb

Download Submit
C:\Windows\System\EZianek.exe

Filesize
6.0MB

MD5
0d00430447c44ed565301ebe90c4bd94

SHA1
1fb70e2fa18551f412e0f9c2a79475946bb5bbc8

SHA256
7c1d1bcac555ad12fc940bab61a4cd4475e0f9dccb879467942b3aeb326b7917

SHA512
0a2d5eb2da27d7ae06904d569081188f401c2474cdb3a1f1c6d7f3a9cfd5767382d3b0e6bad16338703ce166de117c219f84c698e6996047b7e1bef085626693

Download Submit
C:\Windows\System\GCUYEYA.exe

Filesize
6.0MB

MD5
fff911e4895c508a1d71a38c5f150a44

SHA1
242dc3fd479624d13dac35449175e1a2121aaa45

SHA256
a294706e764384d0dbfb533d2a340be4cf692f41143d80be07f890582f329d43

SHA512
b7abc3715606780ecbcafc40037ee0d46108904b198e630fb90750982b805616ea4978860e367c829fad277a32af8a4c0e7f7b34b318b56d10c74415c49dabf5

Download Submit
C:\Windows\System\HLJEAjy.exe

Filesize
6.0MB

MD5
61fea8ac8e94860b3ff81609d8e4721b

SHA1
2f2d2c3c0c281b68b2d121409b77607e2d8fe1a7

SHA256
9d3f685de060af9e907988131f74476b5013f2c938c74852119739e27367e70a

SHA512
3b60f22e8606041d354ac94fbb738871601f0fb289e5bff92655a0378a921817390f105a943f629e0d44c8dcdee6e8a898678631d41e8f7bc31fef94c4906800

Download Submit
C:\Windows\System\MfAKdjf.exe

Filesize
6.0MB

MD5
1c88dbea5c07e586387782c3849f8eca

SHA1
7128a80d00cc19caa4ca7834b6d5ea0f332620aa

SHA256
36afbbca2df301c3cbfd163ce6b26c8029df1cb933534f94605ecdf16abf82c6

SHA512
ad5354fd21743890df0ad7eff323f30f674427068e19c15d2c9eee98512e263717f6be91e15257b39a69819932eca915e9aaa743806bc3329595fbb90dbfe0e7

Download Submit
C:\Windows\System\NRBeXaY.exe

Filesize
6.0MB

MD5
438d9442cc1e98242c81e9c48ef11b8a

SHA1
aa6bb357d9c85fef8a631a688d79e23ec64161a5

SHA256
84cd0848469987a8034ec5f3da14c387be9faf60980bae05605819bbc63d24c4

SHA512
6111f2e297405befcbb25af424d154b33f82384313a7af2f81ededcc1ff94b351aea7fde492d6f6260e1a9c0b007872f0b1b6e571cc41ebf79ca22a86d9f7ec9

Download Submit
C:\Windows\System\NgFQcDW.exe

Filesize
6.0MB

MD5
34ca07e8f2337a3141bb270881d7cdbf

SHA1
63b26533c3e9ba7f88bbdc23a81f1c48f1d0ba0a

SHA256
da645fd5a9b88313fa30f50c515f3d16d4a26d9df906a29189fd6a894858824d

SHA512
738940762b45be3046be04ad03916a2ca19a5f4a764c975a0ae1b2f1ac4c2e2b63949c320791c8adc03a2e785509093c0727bb6e48d513146c801ddc4d8dbad7

Download Submit
C:\Windows\System\OUousCl.exe

Filesize
6.0MB

MD5
309db35e55d20298bf8c4284691dc1a3

SHA1
4203273b9c6c0084e11cc25d23a11ef7e44c6497

SHA256
d36aa31622d5025f85452af014dfc7f44f94fe8b2d39880b09402106a0c7aba4

SHA512
7e6571d3f2d759cf91409e0768344549eb37a2372deb59b2c1eb0f9aeac8cfd5bb3cf4e1e5683c434259c20e091b56a910cc8c69b1445d4a6a50b63e468dca23

Download Submit
C:\Windows\System\PdHAplS.exe

Filesize
6.0MB

MD5
843d4750f2d2e63d07a9fcd8ea5618b4

SHA1
a39242fe1c8930119be803ab46bb1cd5a0eefda0

SHA256
a520e6f31cc6d5c7dc61ce5d2391e4269e924278821a29921d152953eb309674

SHA512
e6bf11b1cd750d932697c5953289659988050e73e149887bd7160daac6d96908d2dfa5a654b807cc8673a8fa16eb4e453e2b598515676eef9e40589cee7a1d98

Download Submit
C:\Windows\System\RCABQDK.exe

Filesize
6.0MB

MD5
5a916c5c3b09974c44ce11811abb83fb

SHA1
5c66caea82432123bc1c0132ef2d54bb6c005eb9

SHA256
6257a7c8b7ea05ad21a6eb974b1685f3ff35572465fefb8f42167483a6b3e680

SHA512
e1e486f89e4040370c679722c87dd8ea2ce7f22044f55cf3aeac49551f1b9a8cf3c6d9756c862af0b2150ed9afb92b590935cc44d8f22d893ac1ef36fac415ac

Download Submit
C:\Windows\System\UQWVBFC.exe

Filesize
6.0MB

MD5
f5806eaff990389e981803634a7724f2

SHA1
a75f6de06f310971c4e27075d812da6b4331b08d

SHA256
da7556cd7fefbb3f82c136d379880592158485ec63e5d4705c049e60a5e39e94

SHA512
e5774ef06991cd44d4bc3f23063acd9ab09ed3e3900fe3f995d3f3da6bacf0700843d208bed888714b9b1b731d3beaccd2fe5cd75c1779fc8622586ac669a8d6

Download Submit
C:\Windows\System\ZNLmOMS.exe

Filesize
6.0MB

MD5
f2917e7cc85c6df23b03c1aa4896a314

SHA1
8894b1e63ab6f51e61c300ff4f6eb8002eb5d53b

SHA256
c37b8d6d6b44f885d52cbbca453a67ffc5a7af57647dc60275ccf78a793fdf17

SHA512
f2b9c66882bed1272f118c8c4c83bce4557a5ae2b1cd0e88a737fad3ecb017c5ce7555ef4cc2ac8d58e8fca1d3f3f74acf4cc9fd6167238afa79159d3161f4f5

Download Submit
C:\Windows\System\ZfdwFEL.exe

Filesize
6.0MB

MD5
2ea9c66f03a5f4213b7be7a5c4f59f16

SHA1
77d3bac8a7681b368844737020598b17668db14d

SHA256
6a5804782209abc17c7a2ff14b0e384f15b09fd50638cd9d9d397b74ead431fe

SHA512
8260474a07dd2155664192531f657dccb38f9a71ac266d9afd4ca53ce0a210dbb524114b64d9b9439086fb3e1fbb712384f6b2251acfdcd1575224ffb89e0eca

Download Submit
C:\Windows\System\awgaELG.exe

Filesize
6.0MB

MD5
309946d657614bca307fb4cbf4603d25

SHA1
1b1334a0a69d1ba7ef1feaad120e0d82509a52bb

SHA256
5e40ddc9e29b53b9af470efa55cbb166d04228d47dec3fdf5ec112731bb7a2d4

SHA512
d2fd7df7c8ad77c1e47f4f334170d082e607cde25ef8cbc222d409db2b7d091785321cd278264a0222a0d153818d87e57a72245f820e2be9d346ffc1dc249d19

Download Submit
C:\Windows\System\bdqQdlp.exe

Filesize
6.0MB

MD5
4a9f1d7bd9bf9c72a07d093ba6df3526

SHA1
d3a8e77328df4a360b5734eaf09f4208ecf448d2

SHA256
72174dd2d16a4eb918964039bcac4fdfa890ef958cd6a4e0f1bc6f2876c4912b

SHA512
537a2009c9e0d4a771adf2651c8bd32b95bb220d426a564867e235a9309d95964496f7a4782dd53d9a8286a3d48c145bb09ac65b49cf89d99a452b573dec884c

Download Submit
C:\Windows\System\eUvmWXG.exe

Filesize
6.0MB

MD5
40dce078933d273347e816d93369537d

SHA1
ee87daf8de6c04f1d7e74c74894b719864c2c71f

SHA256
cdf0f98072139f3e0943f391d9e9511c00b6816c204270316f6d2c77c941fc14

SHA512
6f6672a4495fa24bf98366fc8457388a9284e0e7c867b70b6f02d59e94d8df811af586822599aac5621e3e722601edf300b660a0500f58c0bbcc2ded0181aa69

Download Submit
C:\Windows\System\iLjpWiY.exe

Filesize
6.0MB

MD5
48a247a54c3509c2a31b09d3a63974f4

SHA1
10ae38b73f7be416e130d47eb8339f9c1fc5c8b7

SHA256
9e093e5965410b63ee14e40305a823a5266409338907fdb00fb61e28be426655

SHA512
f830a8c803654a12a006b327b1ed5e533f92f5e0b026540b091afd4ad7f38b4dcfbc2d5c4564e267f4401eac4999a956679ab3d9a71f87086cbaab0fd656ed8e

Download Submit
C:\Windows\System\iYWMlat.exe

Filesize
6.0MB

MD5
9f86e75359ccd2b06ee901a960c885c0

SHA1
a21d805ad83b1398b33ed9a2338e5420323b715e

SHA256
4f1d2c9448acf4beb3ce09d03b740fa7128cbe4c44d5b2cd400a5b346ae62bd0

SHA512
e9a1abca2f40f7f2bd5666163156c43eb2f44f5399e0113c374f175041106c9a40569f51fe9eef65674c8fac5f656b18f83c2ba03ffebbba6b30c5241e494b0a

Download Submit
C:\Windows\System\nlIueHe.exe

Filesize
6.0MB

MD5
e56961080371abc82feb841b0260c48a

SHA1
48a0fcc43743c095d2a1a3644f2ab72eac181fe6

SHA256
abccface311fd1dc11a1a367c1cc96878e4fabd95240d277fea85448a0987a05

SHA512
ea37714a06c0dc279c331d8335d0b20a0fd7f577e0cfc285e6c89938b80b26abd1f292a2d5e12e75b412581cdb526613e13bbe55116e051a203614b2f4bd81c8

Download Submit
C:\Windows\System\qQilPIK.exe

Filesize
6.0MB

MD5
b3372e1d5fdd59a91365b7a9938bb747

SHA1
f3e11857763ed0227080c52143840efb413ca142

SHA256
4789d90b7597b5293681d017b439857f47dac387b0487e5419958c8a77e44bc3

SHA512
137763c6b32ca87b1942b67503b15145c1507a017e93b377f221e9a20dc43a9a04e7f55c4be82cd2af4131bbeaeefeb1498c6cb32e44f354144b4d5c2bbdc1bb

Download Submit
C:\Windows\System\rYWnmaR.exe

Filesize
6.0MB

MD5
450df4c5774fe402fc62840f4559635b

SHA1
5d5107f83822d237092e91d91caf46efa7c43170

SHA256
2a89d1e3df3d061a572db08e181149057da046d572affefa89be4bc844c385e3

SHA512
239f6ccbfe53e43d4fdabb0bea1eae3bd7364030f5d295fc6bf3afa4d3d92d1d45a2bfc82ce659362a1e7fc6fe2d318e30ba40ef7bc730644cf0cc183d3d30be

Download Submit
C:\Windows\System\srsBnKe.exe

Filesize
6.0MB

MD5
3b76edca8f91995dfaa4d11047bc821f

SHA1
56d6ce1c2770dbede2ca87c7628ce5d7c7596091

SHA256
e4c23afb87b3736454633554ac76babd0c0f8d9f91d055e97b6c7a958f823e89

SHA512
1d8a2f68764fe72c2969515678b132fc9340f72f26dd7810f19ec299d7dd5022318badf57eaafc5e2321046ac515dfc6b182c312ba6f0a91839937621f9dbae8

Download Submit
C:\Windows\System\uEJmiWE.exe

Filesize
6.0MB

MD5
fe14b1d62c87482773bfd7149aa62a67

SHA1
b5dc404eade5aff22e995e57441da18b3c3b9be2

SHA256
d97f26bbd4e5ffd736bea473d5e487637b3c15f4a1f160aa862f2664c4f4ca97

SHA512
e4dec8e6ef18f5d0851b99a7a437241ce2ed5dfdc77088ed976d5fb5363c419935dfa30efcfda07ce23660ef982c372ade2de9b39047cab86853caba43c5ea80

Download Submit
C:\Windows\System\uEbZCsB.exe

Filesize
6.0MB

MD5
524aa84309e2f44b7efbbe89f0bbdcce

SHA1
871c2fde9236fa7d5585c87a076c64645e937d32

SHA256
7069051a5b9548d484cc8af34fd829dfc9b377b6b8d4a2437b4f47c891f0358a

SHA512
ab19dc47835a568215e70575dd3d4a270b296631985ce8e3b8fd39c507d452ebb6333e40a5377fd534ec47b1704e5f4bcb4817c9f4ed74cdf49841f74f9af832

Download Submit
C:\Windows\System\uUMydFS.exe

Filesize
6.0MB

MD5
39394a0ab6e04c1f36c91bf1d08264a8

SHA1
d9f52c4a276d502201e1a104ea23cc7b565faf66

SHA256
bc4a0d4ad0df882363651d2ce2d254fa44675208e18c9b7e4099c1c4d8c45257

SHA512
d07632725eb9a13c63d226fee96960393b1684a2e9f3551f1c345f35c1bc2bd63f006077966ff2b61f7523c818bb0a7ffba01b60bf7b783ffb3a88754ed59898

Download Submit
C:\Windows\System\vTWZBvA.exe

Filesize
6.0MB

MD5
30d4654dc91437e6c9ed4d464d4ec55a

SHA1
5bb910c35e3fee63313079c6743c0a37b24eef22

SHA256
cbca9172dfc5ec7b52cbdd2dca3622c71a08271a291c2c58cf0b1a97825837d2

SHA512
746b155eb4ed05ecf85bdfbac892b377b83a8991f9e131125ddbeab0543ce60f6ffccd6b47ef9cfbbc85ba83bb1ff5cde579f09e3c153caf07f0beaeba3ae662

Download Submit
C:\Windows\System\wPJBgEB.exe

Filesize
6.0MB

MD5
fa1a2f0d7dec7d5885a33303f3f13fb2

SHA1
ad70b7674ad1c3fbadfb2cfe148e157cf193e4a1

SHA256
f857d24bee4384186f0b8453a10dcc291d007719e8be080c11bcb40160e832d4

SHA512
8e2a08dbfc6d93b0467b68a7915d7a598fa11a818f81e32ff69618782e20e2fa9a8fb6b04c381b704246f07e1289c1af6bc6215071881ee4d8120171b8477781

Download Submit
C:\Windows\System\wYrCAmV.exe

Filesize
6.0MB

MD5
25fa42ea3616187165d74ebb30dc5553

SHA1
b8d2f1410648d39a233619c517eb31e6af2b8da8

SHA256
5f98228d156c19fce82211c4a4279100b90bcea10a57fb311d1fac3027c8fc0d

SHA512
0c9f07fe8fb682e4b6d7f6038dbcbe1c51fafabc30b04d3f7ad18d76c8aa8ba3b38f7636f631f7a3b4c52897b4bd1f0331b3900e3167411105e7d7e1c44fb860

Download Submit
C:\Windows\System\wiVTeIj.exe

Filesize
6.0MB

MD5
e49c1aad53d5aba14a673e2885d9b702

SHA1
a310398a79ed46d63d4c3b959b72053cfd5a511d

SHA256
82e29c145520c148af5b51a93e7f235531bfb0edc55e861c388cb6580d0fa4b4

SHA512
7b08915c86d38a66bd8c6aadb44014111645e2595b392006fb965175d87b96825746626b5e13eae76398517ebd979497d6b6d84a5aeb39d6e71b1b01d3b51220

Download Submit
C:\Windows\System\xmqCpNg.exe

Filesize
6.0MB

MD5
10e4fbdae853f367c4ffe4eee5765539

SHA1
0d940398a2981598869a41d5b2ab850dba5b439c

SHA256
8d3541e78483921ba32d4374156d6d4617acff378704139388527fc7107e166a

SHA512
6964c8894c2e387dd617d3f4b2eabcdb5c24869cf59a0896d31828d2fefd38d174d8c0a3d9394a14c13f53e8184a67cc4f79e2fd808e5dc5097189be96a7b69f

Download Submit
memory/948-119-0x00007FF7F22E0000-0x00007FF7F2634000-memory.dmp

Filesize
3.3MB

Download
memory/948-71-0x00007FF7F22E0000-0x00007FF7F2634000-memory.dmp

Filesize
3.3MB

Download
memory/948-1145-0x00007FF7F22E0000-0x00007FF7F2634000-memory.dmp

Filesize
3.3MB

Download
memory/1216-1865-0x00007FF690AD0000-0x00007FF690E24000-memory.dmp

Filesize
3.3MB

Download
memory/1216-178-0x00007FF690AD0000-0x00007FF690E24000-memory.dmp

Filesize
3.3MB

Download
memory/1424-697-0x00007FF6CDA80000-0x00007FF6CDDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1424-83-0x00007FF6CDA80000-0x00007FF6CDDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1424-30-0x00007FF6CDA80000-0x00007FF6CDDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1616-170-0x00007FF79C980000-0x00007FF79CCD4000-memory.dmp

Filesize
3.3MB

Download
memory/1616-1862-0x00007FF79C980000-0x00007FF79CCD4000-memory.dmp

Filesize
3.3MB

Download
memory/1616-398-0x00007FF79C980000-0x00007FF79CCD4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-1234-0x00007FF7FA170000-0x00007FF7FA4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-134-0x00007FF7FA170000-0x00007FF7FA4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-90-0x00007FF7FA170000-0x00007FF7FA4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1700-110-0x00007FF7B20E0000-0x00007FF7B2434000-memory.dmp

Filesize
3.3MB

Download
memory/1700-1471-0x00007FF7B20E0000-0x00007FF7B2434000-memory.dmp

Filesize
3.3MB

Download
memory/1724-37-0x00007FF73CDB0000-0x00007FF73D104000-memory.dmp

Filesize
3.3MB

Download
memory/1724-929-0x00007FF73CDB0000-0x00007FF73D104000-memory.dmp

Filesize
3.3MB

Download
memory/1724-93-0x00007FF73CDB0000-0x00007FF73D104000-memory.dmp

Filesize
3.3MB

Download
memory/1812-55-0x00007FF690F30000-0x00007FF691284000-memory.dmp

Filesize
3.3MB

Download
memory/1812-109-0x00007FF690F30000-0x00007FF691284000-memory.dmp

Filesize
3.3MB

Download
memory/1812-962-0x00007FF690F30000-0x00007FF691284000-memory.dmp

Filesize
3.3MB

Download
memory/1912-101-0x00007FF6FFD50000-0x00007FF7000A4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-50-0x00007FF6FFD50000-0x00007FF7000A4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-956-0x00007FF6FFD50000-0x00007FF7000A4000-memory.dmp

Filesize
3.3MB

Download
memory/2040-62-0x00007FF7F0F40000-0x00007FF7F1294000-memory.dmp

Filesize
3.3MB

Download
memory/2040-14-0x00007FF7F0F40000-0x00007FF7F1294000-memory.dmp

Filesize
3.3MB

Download
memory/2040-686-0x00007FF7F0F40000-0x00007FF7F1294000-memory.dmp

Filesize
3.3MB

Download
memory/2140-1858-0x00007FF7C8C30000-0x00007FF7C8F84000-memory.dmp

Filesize
3.3MB

Download
memory/2140-345-0x00007FF7C8C30000-0x00007FF7C8F84000-memory.dmp

Filesize
3.3MB

Download
memory/2140-154-0x00007FF7C8C30000-0x00007FF7C8F84000-memory.dmp

Filesize
3.3MB

Download
memory/2236-209-0x00007FF657EA0000-0x00007FF6581F4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-143-0x00007FF657EA0000-0x00007FF6581F4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-1677-0x00007FF657EA0000-0x00007FF6581F4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-1996-0x00007FF6D0B70000-0x00007FF6D0EC4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-192-0x00007FF6D0B70000-0x00007FF6D0EC4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-641-0x00007FF6D0B70000-0x00007FF6D0EC4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-1181-0x00007FF6B58B0000-0x00007FF6B5C04000-memory.dmp

Filesize
3.3MB

Download
memory/2336-126-0x00007FF6B58B0000-0x00007FF6B5C04000-memory.dmp

Filesize
3.3MB

Download
memory/2336-81-0x00007FF6B58B0000-0x00007FF6B5C04000-memory.dmp

Filesize
3.3MB

Download
memory/2672-939-0x00007FF7A0860000-0x00007FF7A0BB4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-98-0x00007FF7A0860000-0x00007FF7A0BB4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-44-0x00007FF7A0860000-0x00007FF7A0BB4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-127-0x00007FF635F80000-0x00007FF6362D4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-1536-0x00007FF635F80000-0x00007FF6362D4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-184-0x00007FF635F80000-0x00007FF6362D4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1474-0x00007FF6D2DE0000-0x00007FF6D3134000-memory.dmp

Filesize
3.3MB

Download
memory/2800-159-0x00007FF6D2DE0000-0x00007FF6D3134000-memory.dmp

Filesize
3.3MB

Download
memory/2800-112-0x00007FF6D2DE0000-0x00007FF6D3134000-memory.dmp

Filesize
3.3MB

Download
memory/3352-0-0x00007FF69A2D0000-0x00007FF69A624000-memory.dmp

Filesize
3.3MB

Download
memory/3352-54-0x00007FF69A2D0000-0x00007FF69A624000-memory.dmp

Filesize
3.3MB

Download
memory/3352-1-0x000001D818BF0000-0x000001D818C00000-memory.dmp

Filesize
64KB

Download
memory/3552-86-0x00007FF787DB0000-0x00007FF788104000-memory.dmp

Filesize
3.3MB

Download
memory/3552-1187-0x00007FF787DB0000-0x00007FF788104000-memory.dmp

Filesize
3.3MB

Download
memory/3552-130-0x00007FF787DB0000-0x00007FF788104000-memory.dmp

Filesize
3.3MB

Download
memory/3856-1998-0x00007FF662C80000-0x00007FF662FD4000-memory.dmp

Filesize
3.3MB

Download
memory/3856-542-0x00007FF662C80000-0x00007FF662FD4000-memory.dmp

Filesize
3.3MB

Download
memory/3856-190-0x00007FF662C80000-0x00007FF662FD4000-memory.dmp

Filesize
3.3MB

Download
memory/3888-684-0x00007FF733BF0000-0x00007FF733F44000-memory.dmp

Filesize
3.3MB

Download
memory/3888-58-0x00007FF733BF0000-0x00007FF733F44000-memory.dmp

Filesize
3.3MB

Download
memory/3888-8-0x00007FF733BF0000-0x00007FF733F44000-memory.dmp

Filesize
3.3MB

Download
memory/3904-1857-0x00007FF671770000-0x00007FF671AC4000-memory.dmp

Filesize
3.3MB

Download
memory/3904-161-0x00007FF671770000-0x00007FF671AC4000-memory.dmp

Filesize
3.3MB

Download
memory/3904-396-0x00007FF671770000-0x00007FF671AC4000-memory.dmp

Filesize
3.3MB

Download
memory/3936-1673-0x00007FF7592B0000-0x00007FF759604000-memory.dmp

Filesize
3.3MB

Download
memory/3936-247-0x00007FF7592B0000-0x00007FF759604000-memory.dmp

Filesize
3.3MB

Download
memory/3936-146-0x00007FF7592B0000-0x00007FF759604000-memory.dmp

Filesize
3.3MB

Download
memory/3968-139-0x00007FF661E40000-0x00007FF662194000-memory.dmp

Filesize
3.3MB

Download
memory/3968-193-0x00007FF661E40000-0x00007FF662194000-memory.dmp

Filesize
3.3MB

Download
memory/3968-1669-0x00007FF661E40000-0x00007FF662194000-memory.dmp

Filesize
3.3MB

Download
memory/4176-24-0x00007FF70DAD0000-0x00007FF70DE24000-memory.dmp

Filesize
3.3MB

Download
memory/4176-692-0x00007FF70DAD0000-0x00007FF70DE24000-memory.dmp

Filesize
3.3MB

Download
memory/4176-76-0x00007FF70DAD0000-0x00007FF70DE24000-memory.dmp

Filesize
3.3MB

Download
memory/4296-1992-0x00007FF685800000-0x00007FF685B54000-memory.dmp

Filesize
3.3MB

Download
memory/4296-541-0x00007FF685800000-0x00007FF685B54000-memory.dmp

Filesize
3.3MB

Download
memory/4296-185-0x00007FF685800000-0x00007FF685B54000-memory.dmp

Filesize
3.3MB

Download
memory/4312-115-0x00007FF609260000-0x00007FF6095B4000-memory.dmp

Filesize
3.3MB

Download
memory/4312-1111-0x00007FF609260000-0x00007FF6095B4000-memory.dmp

Filesize
3.3MB

Download
memory/4312-65-0x00007FF609260000-0x00007FF6095B4000-memory.dmp

Filesize
3.3MB

Download
memory/4336-1412-0x00007FF61ADB0000-0x00007FF61B104000-memory.dmp

Filesize
3.3MB

Download
memory/4336-100-0x00007FF61ADB0000-0x00007FF61B104000-memory.dmp

Filesize
3.3MB

Download
memory/4336-145-0x00007FF61ADB0000-0x00007FF61B104000-memory.dmp

Filesize
3.3MB

Download
memory/4436-689-0x00007FF7D0F50000-0x00007FF7D12A4000-memory.dmp

Filesize
3.3MB

Download
memory/4436-69-0x00007FF7D0F50000-0x00007FF7D12A4000-memory.dmp

Filesize
3.3MB

Download
memory/4436-18-0x00007FF7D0F50000-0x00007FF7D12A4000-memory.dmp

Filesize
3.3MB

Download
memory/4588-1532-0x00007FF79FD60000-0x00007FF7A00B4000-memory.dmp

Filesize
3.3MB

Download
memory/4588-120-0x00007FF79FD60000-0x00007FF7A00B4000-memory.dmp

Filesize
3.3MB

Download
memory/4588-177-0x00007FF79FD60000-0x00007FF7A00B4000-memory.dmp

Filesize
3.3MB

Download