cobaltstrike | d5c133abd138080d2b9996d8c8f4ba7eb32d4b8f9dcd1ab0ea34e940e8f70b9c

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

1a73ded1f25464deff06dce4c43bc6dd
SHA1

414c940284921bca74baf6d37752493a6b5c329a
SHA256

d5c133abd138080d2b9996d8c8f4ba7eb32d4b8f9dcd1ab0ea34e940e8f70b9c
SHA512

1bbe77377337ae5922365fa2184b30d7d46d4db9146a9507e11bcefe7c8605e2f4c450ba2d73b76a656dc4876851598cf8a672db053afc13cd07dcd71fc6d894
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUv:T+q56utgpPF8u/7v

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\System\ikUHEfL.exe	cobalt_reflective_dll
C:\Windows\System\PEgEZal.exe	cobalt_reflective_dll
C:\Windows\System\PUfunnW.exe	cobalt_reflective_dll
C:\Windows\System\CQIPsNx.exe	cobalt_reflective_dll
C:\Windows\System\tPKbGKD.exe	cobalt_reflective_dll
C:\Windows\System\oMAAbXn.exe	cobalt_reflective_dll
C:\Windows\System\WgiDesl.exe	cobalt_reflective_dll
C:\Windows\System\YWPpovH.exe	cobalt_reflective_dll
C:\Windows\System\AgCXCQz.exe	cobalt_reflective_dll
C:\Windows\System\VzUwbzs.exe	cobalt_reflective_dll
C:\Windows\System\vVUeDsa.exe	cobalt_reflective_dll
C:\Windows\System\BZIeERU.exe	cobalt_reflective_dll
C:\Windows\System\EXqaooV.exe	cobalt_reflective_dll
C:\Windows\System\dXdKCWr.exe	cobalt_reflective_dll
C:\Windows\System\rkLQsdd.exe	cobalt_reflective_dll
C:\Windows\System\BmwBTzQ.exe	cobalt_reflective_dll
C:\Windows\System\NsFJYtI.exe	cobalt_reflective_dll
C:\Windows\System\cAFwHzs.exe	cobalt_reflective_dll
C:\Windows\System\aGlYjDo.exe	cobalt_reflective_dll
C:\Windows\System\GHrrNTC.exe	cobalt_reflective_dll
C:\Windows\System\wYtKTvM.exe	cobalt_reflective_dll
C:\Windows\System\lNgtcZC.exe	cobalt_reflective_dll
C:\Windows\System\aNawzig.exe	cobalt_reflective_dll
C:\Windows\System\KaWFNBH.exe	cobalt_reflective_dll
C:\Windows\System\QbJmfzF.exe	cobalt_reflective_dll
C:\Windows\System\nGmaRhL.exe	cobalt_reflective_dll
C:\Windows\System\Vdzebxj.exe	cobalt_reflective_dll
C:\Windows\System\iaQKJvP.exe	cobalt_reflective_dll
C:\Windows\System\LBcBaJw.exe	cobalt_reflective_dll
C:\Windows\System\DgouqKy.exe	cobalt_reflective_dll
C:\Windows\System\WCpDIzg.exe	cobalt_reflective_dll
C:\Windows\System\NJrzlsE.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/4860-0-0x00007FF6C9180000-0x00007FF6C94D4000-memory.dmp	xmrig
C:\Windows\System\ikUHEfL.exe	xmrig
behavioral2/memory/5068-7-0x00007FF63B650000-0x00007FF63B9A4000-memory.dmp	xmrig
C:\Windows\System\PEgEZal.exe	xmrig
behavioral2/memory/5032-12-0x00007FF7F2430000-0x00007FF7F2784000-memory.dmp	xmrig
C:\Windows\System\PUfunnW.exe	xmrig
behavioral2/memory/1240-18-0x00007FF6C9CF0000-0x00007FF6CA044000-memory.dmp	xmrig
C:\Windows\System\CQIPsNx.exe	xmrig
behavioral2/memory/4432-28-0x00007FF702030000-0x00007FF702384000-memory.dmp	xmrig
C:\Windows\System\tPKbGKD.exe	xmrig
behavioral2/memory/3336-29-0x00007FF7A8600000-0x00007FF7A8954000-memory.dmp	xmrig
C:\Windows\System\oMAAbXn.exe	xmrig
behavioral2/memory/1180-36-0x00007FF73D4B0000-0x00007FF73D804000-memory.dmp	xmrig
behavioral2/memory/4176-42-0x00007FF7BD9F0000-0x00007FF7BDD44000-memory.dmp	xmrig
C:\Windows\System\WgiDesl.exe	xmrig
C:\Windows\System\YWPpovH.exe	xmrig
C:\Windows\System\AgCXCQz.exe	xmrig
C:\Windows\System\VzUwbzs.exe	xmrig
behavioral2/memory/3336-96-0x00007FF7A8600000-0x00007FF7A8954000-memory.dmp	xmrig
behavioral2/memory/4872-103-0x00007FF66E3A0000-0x00007FF66E6F4000-memory.dmp	xmrig
C:\Windows\System\vVUeDsa.exe	xmrig
C:\Windows\System\BZIeERU.exe	xmrig
behavioral2/memory/1960-130-0x00007FF6CFD10000-0x00007FF6D0064000-memory.dmp	xmrig
behavioral2/memory/4576-137-0x00007FF75AAE0000-0x00007FF75AE34000-memory.dmp	xmrig
C:\Windows\System\EXqaooV.exe	xmrig
behavioral2/memory/4872-172-0x00007FF66E3A0000-0x00007FF66E6F4000-memory.dmp	xmrig
C:\Windows\System\dXdKCWr.exe	xmrig
C:\Windows\System\rkLQsdd.exe	xmrig
C:\Windows\System\BmwBTzQ.exe	xmrig
C:\Windows\System\NsFJYtI.exe	xmrig
behavioral2/memory/1980-199-0x00007FF6BF7D0000-0x00007FF6BFB24000-memory.dmp	xmrig
behavioral2/memory/3164-195-0x00007FF6D8B20000-0x00007FF6D8E74000-memory.dmp	xmrig
C:\Windows\System\cAFwHzs.exe	xmrig
behavioral2/memory/1492-189-0x00007FF6A0100000-0x00007FF6A0454000-memory.dmp	xmrig
C:\Windows\System\aGlYjDo.exe	xmrig
behavioral2/memory/3820-184-0x00007FF7750D0000-0x00007FF775424000-memory.dmp	xmrig
behavioral2/memory/1848-183-0x00007FF7D1BA0000-0x00007FF7D1EF4000-memory.dmp	xmrig
behavioral2/memory/3012-180-0x00007FF7DD220000-0x00007FF7DD574000-memory.dmp	xmrig
C:\Windows\System\GHrrNTC.exe	xmrig
behavioral2/memory/3808-175-0x00007FF7E62E0000-0x00007FF7E6634000-memory.dmp	xmrig
C:\Windows\System\wYtKTvM.exe	xmrig
behavioral2/memory/2892-166-0x00007FF7E4970000-0x00007FF7E4CC4000-memory.dmp	xmrig
C:\Windows\System\lNgtcZC.exe	xmrig
behavioral2/memory/3128-160-0x00007FF6283B0000-0x00007FF628704000-memory.dmp	xmrig
behavioral2/memory/1464-159-0x00007FF731530000-0x00007FF731884000-memory.dmp	xmrig
behavioral2/memory/3472-158-0x00007FF657FB0000-0x00007FF658304000-memory.dmp	xmrig
C:\Windows\System\aNawzig.exe	xmrig
behavioral2/memory/1104-152-0x00007FF7A05E0000-0x00007FF7A0934000-memory.dmp	xmrig
behavioral2/memory/4468-151-0x00007FF6EF740000-0x00007FF6EFA94000-memory.dmp	xmrig
behavioral2/memory/1900-145-0x00007FF76C9A0000-0x00007FF76CCF4000-memory.dmp	xmrig
behavioral2/memory/4960-144-0x00007FF621550000-0x00007FF6218A4000-memory.dmp	xmrig
C:\Windows\System\KaWFNBH.exe	xmrig
behavioral2/memory/4676-138-0x00007FF768770000-0x00007FF768AC4000-memory.dmp	xmrig
C:\Windows\System\QbJmfzF.exe	xmrig
behavioral2/memory/1800-131-0x00007FF6F8200000-0x00007FF6F8554000-memory.dmp	xmrig
behavioral2/memory/3164-124-0x00007FF6D8B20000-0x00007FF6D8E74000-memory.dmp	xmrig
behavioral2/memory/3776-123-0x00007FF658A60000-0x00007FF658DB4000-memory.dmp	xmrig
C:\Windows\System\nGmaRhL.exe	xmrig
behavioral2/memory/3820-117-0x00007FF7750D0000-0x00007FF775424000-memory.dmp	xmrig
behavioral2/memory/744-116-0x00007FF7D2E60000-0x00007FF7D31B4000-memory.dmp	xmrig
behavioral2/memory/3012-110-0x00007FF7DD220000-0x00007FF7DD574000-memory.dmp	xmrig
behavioral2/memory/4176-109-0x00007FF7BD9F0000-0x00007FF7BDD44000-memory.dmp	xmrig
C:\Windows\System\Vdzebxj.exe	xmrig
C:\Windows\System\iaQKJvP.exe	xmrig

Executes dropped EXE 64 IoCs

Processes:

ikUHEfL.exePUfunnW.exePEgEZal.exeCQIPsNx.exetPKbGKD.exeoMAAbXn.exeNJrzlsE.exeWgiDesl.exeYWPpovH.exeWCpDIzg.exeDgouqKy.exeAgCXCQz.exeLBcBaJw.exeVzUwbzs.exeiaQKJvP.exeVdzebxj.exevVUeDsa.exenGmaRhL.exeBZIeERU.exeQbJmfzF.exeKaWFNBH.exeEXqaooV.exeaNawzig.exelNgtcZC.exewYtKTvM.exeGHrrNTC.exeaGlYjDo.execAFwHzs.exeNsFJYtI.exeBmwBTzQ.exerkLQsdd.exedXdKCWr.exezMmWZFu.exeiJurHor.exeVyFHGkb.exewiDkdJi.exeOYDbRfn.exeWufIEJf.exeqvdJAcz.exeltImqsC.exeFivXwmg.exelPGsEMy.exeeAvaBVk.exenkaSJWd.exezYVmOPj.exejFEQRii.exeBChRqGU.exeRGYGCkR.exeJvQwfiw.exeybUukQY.exeUtOdiGz.execMTmadX.exeSYrtPyD.exerSvBuGs.exeUgmAawX.exezqpSPAj.exeRaiDhXT.exeIoNoXLm.exensBrwyF.exeyKpXvqD.exetLCuvub.exewxiToBZ.exevWuOAIh.exeUhVrckV.exe

pid	process
5068	ikUHEfL.exe
5032	PUfunnW.exe
1240	PEgEZal.exe
4432	CQIPsNx.exe
3336	tPKbGKD.exe
1180	oMAAbXn.exe
4176	NJrzlsE.exe
744	WgiDesl.exe
3776	YWPpovH.exe
1960	WCpDIzg.exe
4576	DgouqKy.exe
4960	AgCXCQz.exe
4468	LBcBaJw.exe
3472	VzUwbzs.exe
1464	iaQKJvP.exe
4872	Vdzebxj.exe
3012	vVUeDsa.exe
3820	nGmaRhL.exe
3164	BZIeERU.exe
1800	QbJmfzF.exe
4676	KaWFNBH.exe
1900	EXqaooV.exe
1104	aNawzig.exe
3128	lNgtcZC.exe
2892	wYtKTvM.exe
3808	GHrrNTC.exe
1848	aGlYjDo.exe
1492	cAFwHzs.exe
1980	NsFJYtI.exe
3752	BmwBTzQ.exe
2820	rkLQsdd.exe
1060	dXdKCWr.exe
208	zMmWZFu.exe
2492	iJurHor.exe
264	VyFHGkb.exe
4760	wiDkdJi.exe
4200	OYDbRfn.exe
1568	WufIEJf.exe
4424	qvdJAcz.exe
1988	ltImqsC.exe
3260	FivXwmg.exe
1332	lPGsEMy.exe
3016	eAvaBVk.exe
316	nkaSJWd.exe
1716	zYVmOPj.exe
3508	jFEQRii.exe
4508	BChRqGU.exe
2940	RGYGCkR.exe
848	JvQwfiw.exe
4552	ybUukQY.exe
4044	UtOdiGz.exe
1956	cMTmadX.exe
3456	SYrtPyD.exe
2932	rSvBuGs.exe
1216	UgmAawX.exe
1976	zqpSPAj.exe
4404	RaiDhXT.exe
2360	IoNoXLm.exe
3124	nsBrwyF.exe
1372	yKpXvqD.exe
3552	tLCuvub.exe
720	wxiToBZ.exe
3180	vWuOAIh.exe
4364	UhVrckV.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4860-0-0x00007FF6C9180000-0x00007FF6C94D4000-memory.dmp	upx
C:\Windows\System\ikUHEfL.exe	upx
behavioral2/memory/5068-7-0x00007FF63B650000-0x00007FF63B9A4000-memory.dmp	upx
C:\Windows\System\PEgEZal.exe	upx
behavioral2/memory/5032-12-0x00007FF7F2430000-0x00007FF7F2784000-memory.dmp	upx
C:\Windows\System\PUfunnW.exe	upx
behavioral2/memory/1240-18-0x00007FF6C9CF0000-0x00007FF6CA044000-memory.dmp	upx
C:\Windows\System\CQIPsNx.exe	upx
behavioral2/memory/4432-28-0x00007FF702030000-0x00007FF702384000-memory.dmp	upx
C:\Windows\System\tPKbGKD.exe	upx
behavioral2/memory/3336-29-0x00007FF7A8600000-0x00007FF7A8954000-memory.dmp	upx
C:\Windows\System\oMAAbXn.exe	upx
behavioral2/memory/1180-36-0x00007FF73D4B0000-0x00007FF73D804000-memory.dmp	upx
behavioral2/memory/4176-42-0x00007FF7BD9F0000-0x00007FF7BDD44000-memory.dmp	upx
C:\Windows\System\WgiDesl.exe	upx
C:\Windows\System\YWPpovH.exe	upx
C:\Windows\System\AgCXCQz.exe	upx
C:\Windows\System\VzUwbzs.exe	upx
behavioral2/memory/3336-96-0x00007FF7A8600000-0x00007FF7A8954000-memory.dmp	upx
behavioral2/memory/4872-103-0x00007FF66E3A0000-0x00007FF66E6F4000-memory.dmp	upx
C:\Windows\System\vVUeDsa.exe	upx
C:\Windows\System\BZIeERU.exe	upx
behavioral2/memory/1960-130-0x00007FF6CFD10000-0x00007FF6D0064000-memory.dmp	upx
behavioral2/memory/4576-137-0x00007FF75AAE0000-0x00007FF75AE34000-memory.dmp	upx
C:\Windows\System\EXqaooV.exe	upx
behavioral2/memory/4872-172-0x00007FF66E3A0000-0x00007FF66E6F4000-memory.dmp	upx
C:\Windows\System\dXdKCWr.exe	upx
C:\Windows\System\rkLQsdd.exe	upx
C:\Windows\System\BmwBTzQ.exe	upx
C:\Windows\System\NsFJYtI.exe	upx
behavioral2/memory/1980-199-0x00007FF6BF7D0000-0x00007FF6BFB24000-memory.dmp	upx
behavioral2/memory/3164-195-0x00007FF6D8B20000-0x00007FF6D8E74000-memory.dmp	upx
C:\Windows\System\cAFwHzs.exe	upx
behavioral2/memory/1492-189-0x00007FF6A0100000-0x00007FF6A0454000-memory.dmp	upx
C:\Windows\System\aGlYjDo.exe	upx
behavioral2/memory/3820-184-0x00007FF7750D0000-0x00007FF775424000-memory.dmp	upx
behavioral2/memory/1848-183-0x00007FF7D1BA0000-0x00007FF7D1EF4000-memory.dmp	upx
behavioral2/memory/3012-180-0x00007FF7DD220000-0x00007FF7DD574000-memory.dmp	upx
C:\Windows\System\GHrrNTC.exe	upx
behavioral2/memory/3808-175-0x00007FF7E62E0000-0x00007FF7E6634000-memory.dmp	upx
C:\Windows\System\wYtKTvM.exe	upx
behavioral2/memory/2892-166-0x00007FF7E4970000-0x00007FF7E4CC4000-memory.dmp	upx
C:\Windows\System\lNgtcZC.exe	upx
behavioral2/memory/3128-160-0x00007FF6283B0000-0x00007FF628704000-memory.dmp	upx
behavioral2/memory/1464-159-0x00007FF731530000-0x00007FF731884000-memory.dmp	upx
behavioral2/memory/3472-158-0x00007FF657FB0000-0x00007FF658304000-memory.dmp	upx
C:\Windows\System\aNawzig.exe	upx
behavioral2/memory/1104-152-0x00007FF7A05E0000-0x00007FF7A0934000-memory.dmp	upx
behavioral2/memory/4468-151-0x00007FF6EF740000-0x00007FF6EFA94000-memory.dmp	upx
behavioral2/memory/1900-145-0x00007FF76C9A0000-0x00007FF76CCF4000-memory.dmp	upx
behavioral2/memory/4960-144-0x00007FF621550000-0x00007FF6218A4000-memory.dmp	upx
C:\Windows\System\KaWFNBH.exe	upx
behavioral2/memory/4676-138-0x00007FF768770000-0x00007FF768AC4000-memory.dmp	upx
C:\Windows\System\QbJmfzF.exe	upx
behavioral2/memory/1800-131-0x00007FF6F8200000-0x00007FF6F8554000-memory.dmp	upx
behavioral2/memory/3164-124-0x00007FF6D8B20000-0x00007FF6D8E74000-memory.dmp	upx
behavioral2/memory/3776-123-0x00007FF658A60000-0x00007FF658DB4000-memory.dmp	upx
C:\Windows\System\nGmaRhL.exe	upx
behavioral2/memory/3820-117-0x00007FF7750D0000-0x00007FF775424000-memory.dmp	upx
behavioral2/memory/744-116-0x00007FF7D2E60000-0x00007FF7D31B4000-memory.dmp	upx
behavioral2/memory/3012-110-0x00007FF7DD220000-0x00007FF7DD574000-memory.dmp	upx
behavioral2/memory/4176-109-0x00007FF7BD9F0000-0x00007FF7BDD44000-memory.dmp	upx
C:\Windows\System\Vdzebxj.exe	upx
C:\Windows\System\iaQKJvP.exe	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\ikUHEfL.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zqbwmmM.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RtybcFn.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxwyFDm.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFivoNd.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\shcRguZ.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RxmtSxn.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\abjJYRP.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TpucBbh.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YhTTGOf.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPCCQzF.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HFuryXN.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VCXSEmN.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\awCqnsJ.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UKKFSlT.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QmKNLFB.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NzylkBA.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aouKvOi.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIafhpV.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pcnRLNs.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXHTXdk.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lIagcsD.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFEfORA.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OoaFEqY.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aZWLOWJ.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\miCwzRy.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BOlsHnf.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKwHsAv.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmwBTzQ.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PKKhLAb.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MkuBNcO.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPEVjYo.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TZhlCrp.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgVwamq.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kwynRQR.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hRScjLq.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XueuWDI.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rEtAJNd.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KuTeWrO.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oThZlsw.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xtyJOIH.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jKByVns.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fltWEzB.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\quIygbN.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CyixUTK.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xXtYweW.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WLspgpo.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iQVsLmG.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bdZIwmK.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gtReoib.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jZVqBYC.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\irhRUVB.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnpNorf.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XkgGqDx.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LhnKaQy.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dmbprxO.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pLVguFX.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aWtBCIH.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLsumMg.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BObVJII.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHYShBA.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Xpjlmrk.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QNwOUWn.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLbUvNr.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 4860 wrote to memory of 5068	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	ikUHEfL.exe
PID 4860 wrote to memory of 5068	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	ikUHEfL.exe
PID 4860 wrote to memory of 5032	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	PUfunnW.exe
PID 4860 wrote to memory of 5032	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	PUfunnW.exe
PID 4860 wrote to memory of 1240	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	PEgEZal.exe
PID 4860 wrote to memory of 1240	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	PEgEZal.exe
PID 4860 wrote to memory of 4432	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	CQIPsNx.exe
PID 4860 wrote to memory of 4432	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	CQIPsNx.exe
PID 4860 wrote to memory of 3336	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	tPKbGKD.exe
PID 4860 wrote to memory of 3336	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	tPKbGKD.exe
PID 4860 wrote to memory of 1180	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	oMAAbXn.exe
PID 4860 wrote to memory of 1180	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	oMAAbXn.exe
PID 4860 wrote to memory of 4176	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	NJrzlsE.exe
PID 4860 wrote to memory of 4176	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	NJrzlsE.exe
PID 4860 wrote to memory of 744	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	WgiDesl.exe
PID 4860 wrote to memory of 744	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	WgiDesl.exe
PID 4860 wrote to memory of 3776	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	YWPpovH.exe
PID 4860 wrote to memory of 3776	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	YWPpovH.exe
PID 4860 wrote to memory of 1960	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	WCpDIzg.exe
PID 4860 wrote to memory of 1960	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	WCpDIzg.exe
PID 4860 wrote to memory of 4576	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	DgouqKy.exe
PID 4860 wrote to memory of 4576	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	DgouqKy.exe
PID 4860 wrote to memory of 4960	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	AgCXCQz.exe
PID 4860 wrote to memory of 4960	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	AgCXCQz.exe
PID 4860 wrote to memory of 4468	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	LBcBaJw.exe
PID 4860 wrote to memory of 4468	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	LBcBaJw.exe
PID 4860 wrote to memory of 3472	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	VzUwbzs.exe
PID 4860 wrote to memory of 3472	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	VzUwbzs.exe
PID 4860 wrote to memory of 1464	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	iaQKJvP.exe
PID 4860 wrote to memory of 1464	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	iaQKJvP.exe
PID 4860 wrote to memory of 4872	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	Vdzebxj.exe
PID 4860 wrote to memory of 4872	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	Vdzebxj.exe
PID 4860 wrote to memory of 3012	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	vVUeDsa.exe
PID 4860 wrote to memory of 3012	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	vVUeDsa.exe
PID 4860 wrote to memory of 3820	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	nGmaRhL.exe
PID 4860 wrote to memory of 3820	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	nGmaRhL.exe
PID 4860 wrote to memory of 3164	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	BZIeERU.exe
PID 4860 wrote to memory of 3164	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	BZIeERU.exe
PID 4860 wrote to memory of 1800	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	QbJmfzF.exe
PID 4860 wrote to memory of 1800	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	QbJmfzF.exe
PID 4860 wrote to memory of 4676	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	KaWFNBH.exe
PID 4860 wrote to memory of 4676	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	KaWFNBH.exe
PID 4860 wrote to memory of 1900	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	EXqaooV.exe
PID 4860 wrote to memory of 1900	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	EXqaooV.exe
PID 4860 wrote to memory of 1104	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	aNawzig.exe
PID 4860 wrote to memory of 1104	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	aNawzig.exe
PID 4860 wrote to memory of 3128	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	lNgtcZC.exe
PID 4860 wrote to memory of 3128	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	lNgtcZC.exe
PID 4860 wrote to memory of 2892	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	wYtKTvM.exe
PID 4860 wrote to memory of 2892	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	wYtKTvM.exe
PID 4860 wrote to memory of 3808	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	GHrrNTC.exe
PID 4860 wrote to memory of 3808	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	GHrrNTC.exe
PID 4860 wrote to memory of 1848	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	aGlYjDo.exe
PID 4860 wrote to memory of 1848	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	aGlYjDo.exe
PID 4860 wrote to memory of 1492	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	cAFwHzs.exe
PID 4860 wrote to memory of 1492	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	cAFwHzs.exe
PID 4860 wrote to memory of 1980	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	NsFJYtI.exe
PID 4860 wrote to memory of 1980	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	NsFJYtI.exe
PID 4860 wrote to memory of 3752	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	BmwBTzQ.exe
PID 4860 wrote to memory of 3752	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	BmwBTzQ.exe
PID 4860 wrote to memory of 2820	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	rkLQsdd.exe
PID 4860 wrote to memory of 2820	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	rkLQsdd.exe
PID 4860 wrote to memory of 1060	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	dXdKCWr.exe
PID 4860 wrote to memory of 1060	4860	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	dXdKCWr.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4860
- C:\Windows\System\ikUHEfL.exe
  C:\Windows\System\ikUHEfL.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\PUfunnW.exe
  C:\Windows\System\PUfunnW.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\PEgEZal.exe
  C:\Windows\System\PEgEZal.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\CQIPsNx.exe
  C:\Windows\System\CQIPsNx.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\tPKbGKD.exe
  C:\Windows\System\tPKbGKD.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\oMAAbXn.exe
  C:\Windows\System\oMAAbXn.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\NJrzlsE.exe
  C:\Windows\System\NJrzlsE.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\WgiDesl.exe
  C:\Windows\System\WgiDesl.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\YWPpovH.exe
  C:\Windows\System\YWPpovH.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\WCpDIzg.exe
  C:\Windows\System\WCpDIzg.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\DgouqKy.exe
  C:\Windows\System\DgouqKy.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\AgCXCQz.exe
  C:\Windows\System\AgCXCQz.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\LBcBaJw.exe
  C:\Windows\System\LBcBaJw.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\VzUwbzs.exe
  C:\Windows\System\VzUwbzs.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\iaQKJvP.exe
  C:\Windows\System\iaQKJvP.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\Vdzebxj.exe
  C:\Windows\System\Vdzebxj.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\vVUeDsa.exe
  C:\Windows\System\vVUeDsa.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\nGmaRhL.exe
  C:\Windows\System\nGmaRhL.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\BZIeERU.exe
  C:\Windows\System\BZIeERU.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\QbJmfzF.exe
  C:\Windows\System\QbJmfzF.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\KaWFNBH.exe
  C:\Windows\System\KaWFNBH.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\EXqaooV.exe
  C:\Windows\System\EXqaooV.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\aNawzig.exe
  C:\Windows\System\aNawzig.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\lNgtcZC.exe
  C:\Windows\System\lNgtcZC.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\wYtKTvM.exe
  C:\Windows\System\wYtKTvM.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\GHrrNTC.exe
  C:\Windows\System\GHrrNTC.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System\aGlYjDo.exe
  C:\Windows\System\aGlYjDo.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\cAFwHzs.exe
  C:\Windows\System\cAFwHzs.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\NsFJYtI.exe
  C:\Windows\System\NsFJYtI.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\BmwBTzQ.exe
  C:\Windows\System\BmwBTzQ.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\rkLQsdd.exe
  C:\Windows\System\rkLQsdd.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\dXdKCWr.exe
  C:\Windows\System\dXdKCWr.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\zMmWZFu.exe
  C:\Windows\System\zMmWZFu.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\iJurHor.exe
  C:\Windows\System\iJurHor.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\VyFHGkb.exe
  C:\Windows\System\VyFHGkb.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\wiDkdJi.exe
  C:\Windows\System\wiDkdJi.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\OYDbRfn.exe
  C:\Windows\System\OYDbRfn.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\WufIEJf.exe
  C:\Windows\System\WufIEJf.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\qvdJAcz.exe
  C:\Windows\System\qvdJAcz.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\ltImqsC.exe
  C:\Windows\System\ltImqsC.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\FivXwmg.exe
  C:\Windows\System\FivXwmg.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\lPGsEMy.exe
  C:\Windows\System\lPGsEMy.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\eAvaBVk.exe
  C:\Windows\System\eAvaBVk.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\nkaSJWd.exe
  C:\Windows\System\nkaSJWd.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\zYVmOPj.exe
  C:\Windows\System\zYVmOPj.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\jFEQRii.exe
  C:\Windows\System\jFEQRii.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\BChRqGU.exe
  C:\Windows\System\BChRqGU.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\RGYGCkR.exe
  C:\Windows\System\RGYGCkR.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\JvQwfiw.exe
  C:\Windows\System\JvQwfiw.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\ybUukQY.exe
  C:\Windows\System\ybUukQY.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\UtOdiGz.exe
  C:\Windows\System\UtOdiGz.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\cMTmadX.exe
  C:\Windows\System\cMTmadX.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\SYrtPyD.exe
  C:\Windows\System\SYrtPyD.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\rSvBuGs.exe
  C:\Windows\System\rSvBuGs.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\UgmAawX.exe
  C:\Windows\System\UgmAawX.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\zqpSPAj.exe
  C:\Windows\System\zqpSPAj.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\RaiDhXT.exe
  C:\Windows\System\RaiDhXT.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\IoNoXLm.exe
  C:\Windows\System\IoNoXLm.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\nsBrwyF.exe
  C:\Windows\System\nsBrwyF.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\yKpXvqD.exe
  C:\Windows\System\yKpXvqD.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\tLCuvub.exe
  C:\Windows\System\tLCuvub.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\wxiToBZ.exe
  C:\Windows\System\wxiToBZ.exe
  2⤵
  - Executes dropped EXE
  PID:720
- C:\Windows\System\vWuOAIh.exe
  C:\Windows\System\vWuOAIh.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\UhVrckV.exe
  C:\Windows\System\UhVrckV.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\edNneBU.exe
  C:\Windows\System\edNneBU.exe
  2⤵
  PID:1204
- C:\Windows\System\TzomhLF.exe
  C:\Windows\System\TzomhLF.exe
  2⤵
  PID:916
- C:\Windows\System\UKKFSlT.exe
  C:\Windows\System\UKKFSlT.exe
  2⤵
  PID:5148
- C:\Windows\System\wlrbkXu.exe
  C:\Windows\System\wlrbkXu.exe
  2⤵
  PID:5176
- C:\Windows\System\ntjJnxc.exe
  C:\Windows\System\ntjJnxc.exe
  2⤵
  PID:5204
- C:\Windows\System\uxOyXMu.exe
  C:\Windows\System\uxOyXMu.exe
  2⤵
  PID:5236
- C:\Windows\System\QmKNLFB.exe
  C:\Windows\System\QmKNLFB.exe
  2⤵
  PID:5260
- C:\Windows\System\OCkpMwb.exe
  C:\Windows\System\OCkpMwb.exe
  2⤵
  PID:5288
- C:\Windows\System\ijJgaTF.exe
  C:\Windows\System\ijJgaTF.exe
  2⤵
  PID:5316
- C:\Windows\System\CGniBYa.exe
  C:\Windows\System\CGniBYa.exe
  2⤵
  PID:5344
- C:\Windows\System\lNLrSGq.exe
  C:\Windows\System\lNLrSGq.exe
  2⤵
  PID:5372
- C:\Windows\System\EfJzeth.exe
  C:\Windows\System\EfJzeth.exe
  2⤵
  PID:5400
- C:\Windows\System\klprGkb.exe
  C:\Windows\System\klprGkb.exe
  2⤵
  PID:5440
- C:\Windows\System\XiaXzUj.exe
  C:\Windows\System\XiaXzUj.exe
  2⤵
  PID:5468
- C:\Windows\System\NNdgBEt.exe
  C:\Windows\System\NNdgBEt.exe
  2⤵
  PID:5484
- C:\Windows\System\XNlOmKJ.exe
  C:\Windows\System\XNlOmKJ.exe
  2⤵
  PID:5512
- C:\Windows\System\TYKtqFO.exe
  C:\Windows\System\TYKtqFO.exe
  2⤵
  PID:5540
- C:\Windows\System\wfSTnER.exe
  C:\Windows\System\wfSTnER.exe
  2⤵
  PID:5568
- C:\Windows\System\OcoFQUa.exe
  C:\Windows\System\OcoFQUa.exe
  2⤵
  PID:5608
- C:\Windows\System\sUAXnCd.exe
  C:\Windows\System\sUAXnCd.exe
  2⤵
  PID:5624
- C:\Windows\System\cJjOOJt.exe
  C:\Windows\System\cJjOOJt.exe
  2⤵
  PID:5664
- C:\Windows\System\VZWMirY.exe
  C:\Windows\System\VZWMirY.exe
  2⤵
  PID:5680
- C:\Windows\System\KBLbsGr.exe
  C:\Windows\System\KBLbsGr.exe
  2⤵
  PID:5712
- C:\Windows\System\XNqqyAW.exe
  C:\Windows\System\XNqqyAW.exe
  2⤵
  PID:5748
- C:\Windows\System\CIBRnbc.exe
  C:\Windows\System\CIBRnbc.exe
  2⤵
  PID:5776
- C:\Windows\System\ZPaTUgb.exe
  C:\Windows\System\ZPaTUgb.exe
  2⤵
  PID:5804
- C:\Windows\System\GsReZoI.exe
  C:\Windows\System\GsReZoI.exe
  2⤵
  PID:5820
- C:\Windows\System\QSuVyoD.exe
  C:\Windows\System\QSuVyoD.exe
  2⤵
  PID:5848
- C:\Windows\System\kGHncrR.exe
  C:\Windows\System\kGHncrR.exe
  2⤵
  PID:5876
- C:\Windows\System\EsQSZAU.exe
  C:\Windows\System\EsQSZAU.exe
  2⤵
  PID:5904
- C:\Windows\System\NJCuSVv.exe
  C:\Windows\System\NJCuSVv.exe
  2⤵
  PID:5932
- C:\Windows\System\LUWpkQX.exe
  C:\Windows\System\LUWpkQX.exe
  2⤵
  PID:5960
- C:\Windows\System\MPAqXPB.exe
  C:\Windows\System\MPAqXPB.exe
  2⤵
  PID:5988
- C:\Windows\System\sqUNvJF.exe
  C:\Windows\System\sqUNvJF.exe
  2⤵
  PID:6016
- C:\Windows\System\UodGyXY.exe
  C:\Windows\System\UodGyXY.exe
  2⤵
  PID:6044
- C:\Windows\System\LegJTOZ.exe
  C:\Windows\System\LegJTOZ.exe
  2⤵
  PID:6072
- C:\Windows\System\kSZNjAh.exe
  C:\Windows\System\kSZNjAh.exe
  2⤵
  PID:6100
- C:\Windows\System\QAKXuss.exe
  C:\Windows\System\QAKXuss.exe
  2⤵
  PID:6128
- C:\Windows\System\EcvuifJ.exe
  C:\Windows\System\EcvuifJ.exe
  2⤵
  PID:5064
- C:\Windows\System\aWtBCIH.exe
  C:\Windows\System\aWtBCIH.exe
  2⤵
  PID:632
- C:\Windows\System\ujQMOYT.exe
  C:\Windows\System\ujQMOYT.exe
  2⤵
  PID:4624
- C:\Windows\System\JFpXiLJ.exe
  C:\Windows\System\JFpXiLJ.exe
  2⤵
  PID:1708
- C:\Windows\System\TLuHaEl.exe
  C:\Windows\System\TLuHaEl.exe
  2⤵
  PID:5140
- C:\Windows\System\WLspgpo.exe
  C:\Windows\System\WLspgpo.exe
  2⤵
  PID:5200
- C:\Windows\System\CfZqZrI.exe
  C:\Windows\System\CfZqZrI.exe
  2⤵
  PID:5272
- C:\Windows\System\LppyYpJ.exe
  C:\Windows\System\LppyYpJ.exe
  2⤵
  PID:5332
- C:\Windows\System\hLbAAif.exe
  C:\Windows\System\hLbAAif.exe
  2⤵
  PID:5396
- C:\Windows\System\XueuWDI.exe
  C:\Windows\System\XueuWDI.exe
  2⤵
  PID:5464
- C:\Windows\System\FRLMLHG.exe
  C:\Windows\System\FRLMLHG.exe
  2⤵
  PID:5524
- C:\Windows\System\tTyUIsd.exe
  C:\Windows\System\tTyUIsd.exe
  2⤵
  PID:5592
- C:\Windows\System\zvIqkyk.exe
  C:\Windows\System\zvIqkyk.exe
  2⤵
  PID:5676
- C:\Windows\System\ZcPpLfc.exe
  C:\Windows\System\ZcPpLfc.exe
  2⤵
  PID:5720
- C:\Windows\System\UIzrJxa.exe
  C:\Windows\System\UIzrJxa.exe
  2⤵
  PID:5788
- C:\Windows\System\APggykg.exe
  C:\Windows\System\APggykg.exe
  2⤵
  PID:5840
- C:\Windows\System\nUmafKy.exe
  C:\Windows\System\nUmafKy.exe
  2⤵
  PID:5900
- C:\Windows\System\zyKCLAH.exe
  C:\Windows\System\zyKCLAH.exe
  2⤵
  PID:5972
- C:\Windows\System\VnBgJAT.exe
  C:\Windows\System\VnBgJAT.exe
  2⤵
  PID:6028
- C:\Windows\System\KiIUuCB.exe
  C:\Windows\System\KiIUuCB.exe
  2⤵
  PID:6092
- C:\Windows\System\fKNRGwt.exe
  C:\Windows\System\fKNRGwt.exe
  2⤵
  PID:1100
- C:\Windows\System\xUSmKJP.exe
  C:\Windows\System\xUSmKJP.exe
  2⤵
  PID:3664
- C:\Windows\System\RdhxaRb.exe
  C:\Windows\System\RdhxaRb.exe
  2⤵
  PID:5172
- C:\Windows\System\FcmWibV.exe
  C:\Windows\System\FcmWibV.exe
  2⤵
  PID:5312
- C:\Windows\System\VpqRUDQ.exe
  C:\Windows\System\VpqRUDQ.exe
  2⤵
  PID:5496
- C:\Windows\System\LDWqHJK.exe
  C:\Windows\System\LDWqHJK.exe
  2⤵
  PID:5648
- C:\Windows\System\cTYIWvx.exe
  C:\Windows\System\cTYIWvx.exe
  2⤵
  PID:5764
- C:\Windows\System\FUgfQkC.exe
  C:\Windows\System\FUgfQkC.exe
  2⤵
  PID:5896
- C:\Windows\System\BHIChUC.exe
  C:\Windows\System\BHIChUC.exe
  2⤵
  PID:6056
- C:\Windows\System\ofpxSII.exe
  C:\Windows\System\ofpxSII.exe
  2⤵
  PID:6172
- C:\Windows\System\kEcvdcf.exe
  C:\Windows\System\kEcvdcf.exe
  2⤵
  PID:6200
- C:\Windows\System\oeKGLHc.exe
  C:\Windows\System\oeKGLHc.exe
  2⤵
  PID:6228
- C:\Windows\System\kzDRgxn.exe
  C:\Windows\System\kzDRgxn.exe
  2⤵
  PID:6256
- C:\Windows\System\tGjnmJH.exe
  C:\Windows\System\tGjnmJH.exe
  2⤵
  PID:6284
- C:\Windows\System\tpgzbbs.exe
  C:\Windows\System\tpgzbbs.exe
  2⤵
  PID:6312
- C:\Windows\System\ptaVMlq.exe
  C:\Windows\System\ptaVMlq.exe
  2⤵
  PID:6340
- C:\Windows\System\CuCsAfU.exe
  C:\Windows\System\CuCsAfU.exe
  2⤵
  PID:6368
- C:\Windows\System\hLnpRSM.exe
  C:\Windows\System\hLnpRSM.exe
  2⤵
  PID:6396
- C:\Windows\System\svbgzEX.exe
  C:\Windows\System\svbgzEX.exe
  2⤵
  PID:6436
- C:\Windows\System\PKKhLAb.exe
  C:\Windows\System\PKKhLAb.exe
  2⤵
  PID:6452
- C:\Windows\System\BMsRNUn.exe
  C:\Windows\System\BMsRNUn.exe
  2⤵
  PID:6480
- C:\Windows\System\EybZCzm.exe
  C:\Windows\System\EybZCzm.exe
  2⤵
  PID:6508
- C:\Windows\System\YAriMFD.exe
  C:\Windows\System\YAriMFD.exe
  2⤵
  PID:6536
- C:\Windows\System\xzzjiUU.exe
  C:\Windows\System\xzzjiUU.exe
  2⤵
  PID:6564
- C:\Windows\System\uCkDxoW.exe
  C:\Windows\System\uCkDxoW.exe
  2⤵
  PID:6592
- C:\Windows\System\dWtmlfQ.exe
  C:\Windows\System\dWtmlfQ.exe
  2⤵
  PID:6620
- C:\Windows\System\qSXzgni.exe
  C:\Windows\System\qSXzgni.exe
  2⤵
  PID:6660
- C:\Windows\System\LUAcMVq.exe
  C:\Windows\System\LUAcMVq.exe
  2⤵
  PID:6676
- C:\Windows\System\jtLDXBm.exe
  C:\Windows\System\jtLDXBm.exe
  2⤵
  PID:6704
- C:\Windows\System\rEtAJNd.exe
  C:\Windows\System\rEtAJNd.exe
  2⤵
  PID:6744
- C:\Windows\System\WNoBbSM.exe
  C:\Windows\System\WNoBbSM.exe
  2⤵
  PID:6760
- C:\Windows\System\TmRnEhH.exe
  C:\Windows\System\TmRnEhH.exe
  2⤵
  PID:6788
- C:\Windows\System\akpEAZR.exe
  C:\Windows\System\akpEAZR.exe
  2⤵
  PID:6840
- C:\Windows\System\dsGDboL.exe
  C:\Windows\System\dsGDboL.exe
  2⤵
  PID:6856
- C:\Windows\System\trtsRKg.exe
  C:\Windows\System\trtsRKg.exe
  2⤵
  PID:6884
- C:\Windows\System\jnfwTUk.exe
  C:\Windows\System\jnfwTUk.exe
  2⤵
  PID:6912
- C:\Windows\System\MubCDXR.exe
  C:\Windows\System\MubCDXR.exe
  2⤵
  PID:6928
- C:\Windows\System\hTjMYri.exe
  C:\Windows\System\hTjMYri.exe
  2⤵
  PID:6956
- C:\Windows\System\KAQIVsA.exe
  C:\Windows\System\KAQIVsA.exe
  2⤵
  PID:6996
- C:\Windows\System\wfHrQWR.exe
  C:\Windows\System\wfHrQWR.exe
  2⤵
  PID:7024
- C:\Windows\System\iQVsLmG.exe
  C:\Windows\System\iQVsLmG.exe
  2⤵
  PID:7052
- C:\Windows\System\YmKjXGR.exe
  C:\Windows\System\YmKjXGR.exe
  2⤵
  PID:7068
- C:\Windows\System\QrWLyhx.exe
  C:\Windows\System\QrWLyhx.exe
  2⤵
  PID:7096
- C:\Windows\System\nMEoTvU.exe
  C:\Windows\System\nMEoTvU.exe
  2⤵
  PID:7124
- C:\Windows\System\TmPFGXw.exe
  C:\Windows\System\TmPFGXw.exe
  2⤵
  PID:7152
- C:\Windows\System\LeGNoub.exe
  C:\Windows\System\LeGNoub.exe
  2⤵
  PID:220
- C:\Windows\System\LhnKaQy.exe
  C:\Windows\System\LhnKaQy.exe
  2⤵
  PID:5300
- C:\Windows\System\sVfeqay.exe
  C:\Windows\System\sVfeqay.exe
  2⤵
  PID:5696
- C:\Windows\System\oFNYNfo.exe
  C:\Windows\System\oFNYNfo.exe
  2⤵
  PID:5836
- C:\Windows\System\lnsBDjW.exe
  C:\Windows\System\lnsBDjW.exe
  2⤵
  PID:6164
- C:\Windows\System\LVdRwbs.exe
  C:\Windows\System\LVdRwbs.exe
  2⤵
  PID:6240
- C:\Windows\System\BRkrjmZ.exe
  C:\Windows\System\BRkrjmZ.exe
  2⤵
  PID:6300
- C:\Windows\System\hkgBFJv.exe
  C:\Windows\System\hkgBFJv.exe
  2⤵
  PID:6364
- C:\Windows\System\gJQhuCC.exe
  C:\Windows\System\gJQhuCC.exe
  2⤵
  PID:6428
- C:\Windows\System\LbZVnee.exe
  C:\Windows\System\LbZVnee.exe
  2⤵
  PID:6500
- C:\Windows\System\raBeSov.exe
  C:\Windows\System\raBeSov.exe
  2⤵
  PID:6588
- C:\Windows\System\tcKeHTX.exe
  C:\Windows\System\tcKeHTX.exe
  2⤵
  PID:6652
- C:\Windows\System\yEVILbZ.exe
  C:\Windows\System\yEVILbZ.exe
  2⤵
  PID:6732
- C:\Windows\System\WfAXTIo.exe
  C:\Windows\System\WfAXTIo.exe
  2⤵
  PID:6784
- C:\Windows\System\rlXUoNJ.exe
  C:\Windows\System\rlXUoNJ.exe
  2⤵
  PID:6848
- C:\Windows\System\CUpJGLm.exe
  C:\Windows\System\CUpJGLm.exe
  2⤵
  PID:6880
- C:\Windows\System\RIjJJch.exe
  C:\Windows\System\RIjJJch.exe
  2⤵
  PID:6944
- C:\Windows\System\voSXNkn.exe
  C:\Windows\System\voSXNkn.exe
  2⤵
  PID:7044
- C:\Windows\System\ECgIvKl.exe
  C:\Windows\System\ECgIvKl.exe
  2⤵
  PID:7080
- C:\Windows\System\agpKGUo.exe
  C:\Windows\System\agpKGUo.exe
  2⤵
  PID:6064
- C:\Windows\System\UnljLif.exe
  C:\Windows\System\UnljLif.exe
  2⤵
  PID:2768
- C:\Windows\System\lpdsmwB.exe
  C:\Windows\System\lpdsmwB.exe
  2⤵
  PID:5984
- C:\Windows\System\fbEbgUi.exe
  C:\Windows\System\fbEbgUi.exe
  2⤵
  PID:6328
- C:\Windows\System\VYwGXxk.exe
  C:\Windows\System\VYwGXxk.exe
  2⤵
  PID:6420
- C:\Windows\System\IoTEbiK.exe
  C:\Windows\System\IoTEbiK.exe
  2⤵
  PID:6556
- C:\Windows\System\qVtbaiy.exe
  C:\Windows\System\qVtbaiy.exe
  2⤵
  PID:6700
- C:\Windows\System\HzdKcep.exe
  C:\Windows\System\HzdKcep.exe
  2⤵
  PID:6920
- C:\Windows\System\VLeeUbg.exe
  C:\Windows\System\VLeeUbg.exe
  2⤵
  PID:7064
- C:\Windows\System\ROYUMPF.exe
  C:\Windows\System\ROYUMPF.exe
  2⤵
  PID:7192
- C:\Windows\System\UWalBMQ.exe
  C:\Windows\System\UWalBMQ.exe
  2⤵
  PID:7208
- C:\Windows\System\cLlgFEj.exe
  C:\Windows\System\cLlgFEj.exe
  2⤵
  PID:7236
- C:\Windows\System\WpCCEbu.exe
  C:\Windows\System\WpCCEbu.exe
  2⤵
  PID:7264
- C:\Windows\System\bxiICHu.exe
  C:\Windows\System\bxiICHu.exe
  2⤵
  PID:7304
- C:\Windows\System\ZvulLVT.exe
  C:\Windows\System\ZvulLVT.exe
  2⤵
  PID:7332
- C:\Windows\System\QDUjwfQ.exe
  C:\Windows\System\QDUjwfQ.exe
  2⤵
  PID:7360
- C:\Windows\System\NJOBrYA.exe
  C:\Windows\System\NJOBrYA.exe
  2⤵
  PID:7388
- C:\Windows\System\SneEwBP.exe
  C:\Windows\System\SneEwBP.exe
  2⤵
  PID:7416
- C:\Windows\System\zEtxtFu.exe
  C:\Windows\System\zEtxtFu.exe
  2⤵
  PID:7432
- C:\Windows\System\DGsYtHe.exe
  C:\Windows\System\DGsYtHe.exe
  2⤵
  PID:7460
- C:\Windows\System\uPqPguN.exe
  C:\Windows\System\uPqPguN.exe
  2⤵
  PID:7476
- C:\Windows\System\VjFhfsB.exe
  C:\Windows\System\VjFhfsB.exe
  2⤵
  PID:7504
- C:\Windows\System\yNmQRPx.exe
  C:\Windows\System\yNmQRPx.exe
  2⤵
  PID:7532
- C:\Windows\System\lVTyrlO.exe
  C:\Windows\System\lVTyrlO.exe
  2⤵
  PID:7560
- C:\Windows\System\qqYmPtc.exe
  C:\Windows\System\qqYmPtc.exe
  2⤵
  PID:7588
- C:\Windows\System\UpoDHrs.exe
  C:\Windows\System\UpoDHrs.exe
  2⤵
  PID:7616
- C:\Windows\System\DisYvxJ.exe
  C:\Windows\System\DisYvxJ.exe
  2⤵
  PID:7656
- C:\Windows\System\roQJAZd.exe
  C:\Windows\System\roQJAZd.exe
  2⤵
  PID:7684
- C:\Windows\System\wKspOnF.exe
  C:\Windows\System\wKspOnF.exe
  2⤵
  PID:7712
- C:\Windows\System\zRIpFWS.exe
  C:\Windows\System\zRIpFWS.exe
  2⤵
  PID:7740
- C:\Windows\System\eSwrmfL.exe
  C:\Windows\System\eSwrmfL.exe
  2⤵
  PID:7768
- C:\Windows\System\ZvUHxvI.exe
  C:\Windows\System\ZvUHxvI.exe
  2⤵
  PID:7796
- C:\Windows\System\UeyloGN.exe
  C:\Windows\System\UeyloGN.exe
  2⤵
  PID:7824
- C:\Windows\System\TzAKkzX.exe
  C:\Windows\System\TzAKkzX.exe
  2⤵
  PID:7852
- C:\Windows\System\eqDxTGJ.exe
  C:\Windows\System\eqDxTGJ.exe
  2⤵
  PID:7880
- C:\Windows\System\QzwHwiR.exe
  C:\Windows\System\QzwHwiR.exe
  2⤵
  PID:7908
- C:\Windows\System\cwubkkr.exe
  C:\Windows\System\cwubkkr.exe
  2⤵
  PID:7936
- C:\Windows\System\HxwyFDm.exe
  C:\Windows\System\HxwyFDm.exe
  2⤵
  PID:7964
- C:\Windows\System\JwvIPHT.exe
  C:\Windows\System\JwvIPHT.exe
  2⤵
  PID:7992
- C:\Windows\System\kylFfgL.exe
  C:\Windows\System\kylFfgL.exe
  2⤵
  PID:8020
- C:\Windows\System\IjlKdWr.exe
  C:\Windows\System\IjlKdWr.exe
  2⤵
  PID:8060
- C:\Windows\System\dXHTXdk.exe
  C:\Windows\System\dXHTXdk.exe
  2⤵
  PID:8076
- C:\Windows\System\EDsgazw.exe
  C:\Windows\System\EDsgazw.exe
  2⤵
  PID:8104
- C:\Windows\System\YAbCEAF.exe
  C:\Windows\System\YAbCEAF.exe
  2⤵
  PID:8136
- C:\Windows\System\vgFxKza.exe
  C:\Windows\System\vgFxKza.exe
  2⤵
  PID:8160
- C:\Windows\System\XAiQGcs.exe
  C:\Windows\System\XAiQGcs.exe
  2⤵
  PID:8188
- C:\Windows\System\OYbvSHg.exe
  C:\Windows\System\OYbvSHg.exe
  2⤵
  PID:5556
- C:\Windows\System\isxsKCZ.exe
  C:\Windows\System\isxsKCZ.exe
  2⤵
  PID:6392
- C:\Windows\System\vJQcQfV.exe
  C:\Windows\System\vJQcQfV.exe
  2⤵
  PID:6776
- C:\Windows\System\pbrvEjB.exe
  C:\Windows\System\pbrvEjB.exe
  2⤵
  PID:7176
- C:\Windows\System\QRxAMAi.exe
  C:\Windows\System\QRxAMAi.exe
  2⤵
  PID:7228
- C:\Windows\System\IuZBRSQ.exe
  C:\Windows\System\IuZBRSQ.exe
  2⤵
  PID:7296
- C:\Windows\System\GuuQVbb.exe
  C:\Windows\System\GuuQVbb.exe
  2⤵
  PID:7344
- C:\Windows\System\zXWsMiq.exe
  C:\Windows\System\zXWsMiq.exe
  2⤵
  PID:7424
- C:\Windows\System\NKRcysJ.exe
  C:\Windows\System\NKRcysJ.exe
  2⤵
  PID:7488
- C:\Windows\System\ZIbgpFc.exe
  C:\Windows\System\ZIbgpFc.exe
  2⤵
  PID:7548
- C:\Windows\System\azQewso.exe
  C:\Windows\System\azQewso.exe
  2⤵
  PID:7608
- C:\Windows\System\pJNCSPv.exe
  C:\Windows\System\pJNCSPv.exe
  2⤵
  PID:7676
- C:\Windows\System\CskEewc.exe
  C:\Windows\System\CskEewc.exe
  2⤵
  PID:7752
- C:\Windows\System\vzsSipm.exe
  C:\Windows\System\vzsSipm.exe
  2⤵
  PID:7836
- C:\Windows\System\qSlxcSB.exe
  C:\Windows\System\qSlxcSB.exe
  2⤵
  PID:7868
- C:\Windows\System\npYgYNV.exe
  C:\Windows\System\npYgYNV.exe
  2⤵
  PID:7928
- C:\Windows\System\qFhsfny.exe
  C:\Windows\System\qFhsfny.exe
  2⤵
  PID:3052
- C:\Windows\System\hFzvRCU.exe
  C:\Windows\System\hFzvRCU.exe
  2⤵
  PID:8052
- C:\Windows\System\kkavrsE.exe
  C:\Windows\System\kkavrsE.exe
  2⤵
  PID:8124
- C:\Windows\System\xautsOq.exe
  C:\Windows\System\xautsOq.exe
  2⤵
  PID:8180
- C:\Windows\System\TExuKMh.exe
  C:\Windows\System\TExuKMh.exe
  2⤵
  PID:6532
- C:\Windows\System\yfXJlUO.exe
  C:\Windows\System\yfXJlUO.exe
  2⤵
  PID:1108
- C:\Windows\System\KpQIddM.exe
  C:\Windows\System\KpQIddM.exe
  2⤵
  PID:7340
- C:\Windows\System\prgCEIr.exe
  C:\Windows\System\prgCEIr.exe
  2⤵
  PID:7448
- C:\Windows\System\uwdEghf.exe
  C:\Windows\System\uwdEghf.exe
  2⤵
  PID:7580
- C:\Windows\System\pCteZUC.exe
  C:\Windows\System\pCteZUC.exe
  2⤵
  PID:7724
- C:\Windows\System\HVoKdzD.exe
  C:\Windows\System\HVoKdzD.exe
  2⤵
  PID:2396
- C:\Windows\System\rpecKxD.exe
  C:\Windows\System\rpecKxD.exe
  2⤵
  PID:7976
- C:\Windows\System\fLsumMg.exe
  C:\Windows\System\fLsumMg.exe
  2⤵
  PID:8096
- C:\Windows\System\dlyHnEm.exe
  C:\Windows\System\dlyHnEm.exe
  2⤵
  PID:8212
- C:\Windows\System\FnHFrcw.exe
  C:\Windows\System\FnHFrcw.exe
  2⤵
  PID:8228
- C:\Windows\System\RHMNbBi.exe
  C:\Windows\System\RHMNbBi.exe
  2⤵
  PID:8256
- C:\Windows\System\miCwzRy.exe
  C:\Windows\System\miCwzRy.exe
  2⤵
  PID:8288
- C:\Windows\System\yXehhZk.exe
  C:\Windows\System\yXehhZk.exe
  2⤵
  PID:8312
- C:\Windows\System\YLZFvmO.exe
  C:\Windows\System\YLZFvmO.exe
  2⤵
  PID:8340
- C:\Windows\System\JbIQhii.exe
  C:\Windows\System\JbIQhii.exe
  2⤵
  PID:8368
- C:\Windows\System\uHrFEmb.exe
  C:\Windows\System\uHrFEmb.exe
  2⤵
  PID:8396
- C:\Windows\System\MvENSsS.exe
  C:\Windows\System\MvENSsS.exe
  2⤵
  PID:8424
- C:\Windows\System\oMlmavn.exe
  C:\Windows\System\oMlmavn.exe
  2⤵
  PID:8452
- C:\Windows\System\cSzUqWS.exe
  C:\Windows\System\cSzUqWS.exe
  2⤵
  PID:8480
- C:\Windows\System\pejgiIm.exe
  C:\Windows\System\pejgiIm.exe
  2⤵
  PID:8508
- C:\Windows\System\AaQKUmO.exe
  C:\Windows\System\AaQKUmO.exe
  2⤵
  PID:8536
- C:\Windows\System\sQxTmTc.exe
  C:\Windows\System\sQxTmTc.exe
  2⤵
  PID:8564
- C:\Windows\System\XxhFYuv.exe
  C:\Windows\System\XxhFYuv.exe
  2⤵
  PID:8592
- C:\Windows\System\HthoGrh.exe
  C:\Windows\System\HthoGrh.exe
  2⤵
  PID:8620
- C:\Windows\System\PkHvkcU.exe
  C:\Windows\System\PkHvkcU.exe
  2⤵
  PID:8648
- C:\Windows\System\nPUpYLE.exe
  C:\Windows\System\nPUpYLE.exe
  2⤵
  PID:8676
- C:\Windows\System\XKDimzx.exe
  C:\Windows\System\XKDimzx.exe
  2⤵
  PID:8704
- C:\Windows\System\fpayQUE.exe
  C:\Windows\System\fpayQUE.exe
  2⤵
  PID:8732
- C:\Windows\System\FjUCjKE.exe
  C:\Windows\System\FjUCjKE.exe
  2⤵
  PID:8760
- C:\Windows\System\aAySCgv.exe
  C:\Windows\System\aAySCgv.exe
  2⤵
  PID:8788
- C:\Windows\System\qLsvYcy.exe
  C:\Windows\System\qLsvYcy.exe
  2⤵
  PID:8816
- C:\Windows\System\bRJRbyV.exe
  C:\Windows\System\bRJRbyV.exe
  2⤵
  PID:8844
- C:\Windows\System\OjqAMHS.exe
  C:\Windows\System\OjqAMHS.exe
  2⤵
  PID:8872
- C:\Windows\System\aqXqsEF.exe
  C:\Windows\System\aqXqsEF.exe
  2⤵
  PID:8900
- C:\Windows\System\DORgWnZ.exe
  C:\Windows\System\DORgWnZ.exe
  2⤵
  PID:8928
- C:\Windows\System\aaLtrBm.exe
  C:\Windows\System\aaLtrBm.exe
  2⤵
  PID:8956
- C:\Windows\System\yLcizef.exe
  C:\Windows\System\yLcizef.exe
  2⤵
  PID:8972
- C:\Windows\System\AwWwlTe.exe
  C:\Windows\System\AwWwlTe.exe
  2⤵
  PID:9012
- C:\Windows\System\YFRApKk.exe
  C:\Windows\System\YFRApKk.exe
  2⤵
  PID:9040
- C:\Windows\System\HtatjeY.exe
  C:\Windows\System\HtatjeY.exe
  2⤵
  PID:9068
- C:\Windows\System\ZsVCjXW.exe
  C:\Windows\System\ZsVCjXW.exe
  2⤵
  PID:9096
- C:\Windows\System\cOFrxNI.exe
  C:\Windows\System\cOFrxNI.exe
  2⤵
  PID:9124
- C:\Windows\System\mxPKKCM.exe
  C:\Windows\System\mxPKKCM.exe
  2⤵
  PID:9152
- C:\Windows\System\KzeFtpU.exe
  C:\Windows\System\KzeFtpU.exe
  2⤵
  PID:9180
- C:\Windows\System\TSQyMzS.exe
  C:\Windows\System\TSQyMzS.exe
  2⤵
  PID:9208
- C:\Windows\System\ZcsEBHQ.exe
  C:\Windows\System\ZcsEBHQ.exe
  2⤵
  PID:7224
- C:\Windows\System\rMcTtWE.exe
  C:\Windows\System\rMcTtWE.exe
  2⤵
  PID:7524
- C:\Windows\System\UcRyqyZ.exe
  C:\Windows\System\UcRyqyZ.exe
  2⤵
  PID:7792
- C:\Windows\System\YblkOVc.exe
  C:\Windows\System\YblkOVc.exe
  2⤵
  PID:8044
- C:\Windows\System\ZYTIFHf.exe
  C:\Windows\System\ZYTIFHf.exe
  2⤵
  PID:8204
- C:\Windows\System\GkMPrWJ.exe
  C:\Windows\System\GkMPrWJ.exe
  2⤵
  PID:8272
- C:\Windows\System\lCjxgYc.exe
  C:\Windows\System\lCjxgYc.exe
  2⤵
  PID:8328
- C:\Windows\System\FsqdxjL.exe
  C:\Windows\System\FsqdxjL.exe
  2⤵
  PID:8360
- C:\Windows\System\WBeGBqT.exe
  C:\Windows\System\WBeGBqT.exe
  2⤵
  PID:8412
- C:\Windows\System\FHjptcR.exe
  C:\Windows\System\FHjptcR.exe
  2⤵
  PID:8472
- C:\Windows\System\agxYjpu.exe
  C:\Windows\System\agxYjpu.exe
  2⤵
  PID:8576
- C:\Windows\System\PJItAbv.exe
  C:\Windows\System\PJItAbv.exe
  2⤵
  PID:8632
- C:\Windows\System\gQUMKYs.exe
  C:\Windows\System\gQUMKYs.exe
  2⤵
  PID:8688
- C:\Windows\System\boxaQXP.exe
  C:\Windows\System\boxaQXP.exe
  2⤵
  PID:8748
- C:\Windows\System\OgLaRBH.exe
  C:\Windows\System\OgLaRBH.exe
  2⤵
  PID:8804
- C:\Windows\System\NyzWsPd.exe
  C:\Windows\System\NyzWsPd.exe
  2⤵
  PID:8856
- C:\Windows\System\SKiMZIn.exe
  C:\Windows\System\SKiMZIn.exe
  2⤵
  PID:3236
- C:\Windows\System\XaZZDhe.exe
  C:\Windows\System\XaZZDhe.exe
  2⤵
  PID:8944
- C:\Windows\System\RdVtoZQ.exe
  C:\Windows\System\RdVtoZQ.exe
  2⤵
  PID:8996
- C:\Windows\System\CkJFYSv.exe
  C:\Windows\System\CkJFYSv.exe
  2⤵
  PID:9060
- C:\Windows\System\ANzAHsw.exe
  C:\Windows\System\ANzAHsw.exe
  2⤵
  PID:9108
- C:\Windows\System\BOlsHnf.exe
  C:\Windows\System\BOlsHnf.exe
  2⤵
  PID:2268
- C:\Windows\System\nICuSKw.exe
  C:\Windows\System\nICuSKw.exe
  2⤵
  PID:9172
- C:\Windows\System\lmmhrTp.exe
  C:\Windows\System\lmmhrTp.exe
  2⤵
  PID:7012
- C:\Windows\System\VdexHgB.exe
  C:\Windows\System\VdexHgB.exe
  2⤵
  PID:1084
- C:\Windows\System\SFVTWxN.exe
  C:\Windows\System\SFVTWxN.exe
  2⤵
  PID:8240
- C:\Windows\System\mjyDrtV.exe
  C:\Windows\System\mjyDrtV.exe
  2⤵
  PID:8352
- C:\Windows\System\UIBMMvp.exe
  C:\Windows\System\UIBMMvp.exe
  2⤵
  PID:8440
- C:\Windows\System\QWCKqPG.exe
  C:\Windows\System\QWCKqPG.exe
  2⤵
  PID:8528
- C:\Windows\System\dDTBqYZ.exe
  C:\Windows\System\dDTBqYZ.exe
  2⤵
  PID:8660
- C:\Windows\System\liIJRAR.exe
  C:\Windows\System\liIJRAR.exe
  2⤵
  PID:8800
- C:\Windows\System\PSNTPor.exe
  C:\Windows\System\PSNTPor.exe
  2⤵
  PID:8924
- C:\Windows\System\yvpRFxH.exe
  C:\Windows\System\yvpRFxH.exe
  2⤵
  PID:9024
- C:\Windows\System\JZbbxKN.exe
  C:\Windows\System\JZbbxKN.exe
  2⤵
  PID:9136
- C:\Windows\System\TCNNUcK.exe
  C:\Windows\System\TCNNUcK.exe
  2⤵
  PID:6872
- C:\Windows\System\vxnzbQa.exe
  C:\Windows\System\vxnzbQa.exe
  2⤵
  PID:8196
- C:\Windows\System\LEzLfKR.exe
  C:\Windows\System\LEzLfKR.exe
  2⤵
  PID:1648
- C:\Windows\System\zsdeRlN.exe
  C:\Windows\System\zsdeRlN.exe
  2⤵
  PID:8608
- C:\Windows\System\dIpmBED.exe
  C:\Windows\System\dIpmBED.exe
  2⤵
  PID:4268
- C:\Windows\System\qNhlfgH.exe
  C:\Windows\System\qNhlfgH.exe
  2⤵
  PID:9224
- C:\Windows\System\WGdpKRm.exe
  C:\Windows\System\WGdpKRm.exe
  2⤵
  PID:9252
- C:\Windows\System\bZsFQbT.exe
  C:\Windows\System\bZsFQbT.exe
  2⤵
  PID:9284
- C:\Windows\System\iSeDoeg.exe
  C:\Windows\System\iSeDoeg.exe
  2⤵
  PID:9308
- C:\Windows\System\ABHceNr.exe
  C:\Windows\System\ABHceNr.exe
  2⤵
  PID:9336
- C:\Windows\System\DeqOFyM.exe
  C:\Windows\System\DeqOFyM.exe
  2⤵
  PID:9364
- C:\Windows\System\Vgimlpz.exe
  C:\Windows\System\Vgimlpz.exe
  2⤵
  PID:9388
- C:\Windows\System\OXvnCis.exe
  C:\Windows\System\OXvnCis.exe
  2⤵
  PID:9420
- C:\Windows\System\VSroThi.exe
  C:\Windows\System\VSroThi.exe
  2⤵
  PID:9448
- C:\Windows\System\DUXPEfG.exe
  C:\Windows\System\DUXPEfG.exe
  2⤵
  PID:9476
- C:\Windows\System\GYnykEH.exe
  C:\Windows\System\GYnykEH.exe
  2⤵
  PID:9504
- C:\Windows\System\GpTVHbO.exe
  C:\Windows\System\GpTVHbO.exe
  2⤵
  PID:9532
- C:\Windows\System\ggvfACm.exe
  C:\Windows\System\ggvfACm.exe
  2⤵
  PID:9564
- C:\Windows\System\YhTTGOf.exe
  C:\Windows\System\YhTTGOf.exe
  2⤵
  PID:9592
- C:\Windows\System\GabGNge.exe
  C:\Windows\System\GabGNge.exe
  2⤵
  PID:9616
- C:\Windows\System\PUSxapa.exe
  C:\Windows\System\PUSxapa.exe
  2⤵
  PID:9644
- C:\Windows\System\AbzXXNp.exe
  C:\Windows\System\AbzXXNp.exe
  2⤵
  PID:9672
- C:\Windows\System\MkuBNcO.exe
  C:\Windows\System\MkuBNcO.exe
  2⤵
  PID:9700
- C:\Windows\System\TnSczik.exe
  C:\Windows\System\TnSczik.exe
  2⤵
  PID:9728
- C:\Windows\System\lSQGyZT.exe
  C:\Windows\System\lSQGyZT.exe
  2⤵
  PID:9756
- C:\Windows\System\AxpEhRr.exe
  C:\Windows\System\AxpEhRr.exe
  2⤵
  PID:9784
- C:\Windows\System\Gmnevyr.exe
  C:\Windows\System\Gmnevyr.exe
  2⤵
  PID:9812
- C:\Windows\System\kkppreS.exe
  C:\Windows\System\kkppreS.exe
  2⤵
  PID:9840
- C:\Windows\System\zDnUPez.exe
  C:\Windows\System\zDnUPez.exe
  2⤵
  PID:9868
- C:\Windows\System\cKqULoi.exe
  C:\Windows\System\cKqULoi.exe
  2⤵
  PID:9896
- C:\Windows\System\fGoHTka.exe
  C:\Windows\System\fGoHTka.exe
  2⤵
  PID:9924
- C:\Windows\System\hJiIBPv.exe
  C:\Windows\System\hJiIBPv.exe
  2⤵
  PID:9952
- C:\Windows\System\fVdkxYk.exe
  C:\Windows\System\fVdkxYk.exe
  2⤵
  PID:9980
- C:\Windows\System\xpyliOI.exe
  C:\Windows\System\xpyliOI.exe
  2⤵
  PID:10008
- C:\Windows\System\VkOuLWc.exe
  C:\Windows\System\VkOuLWc.exe
  2⤵
  PID:10036
- C:\Windows\System\RPCCQzF.exe
  C:\Windows\System\RPCCQzF.exe
  2⤵
  PID:10064
- C:\Windows\System\aSfYRDY.exe
  C:\Windows\System\aSfYRDY.exe
  2⤵
  PID:10096
- C:\Windows\System\VTReGRk.exe
  C:\Windows\System\VTReGRk.exe
  2⤵
  PID:10120
- C:\Windows\System\tuVJQQt.exe
  C:\Windows\System\tuVJQQt.exe
  2⤵
  PID:10160
- C:\Windows\System\aSvZPRv.exe
  C:\Windows\System\aSvZPRv.exe
  2⤵
  PID:10176
- C:\Windows\System\wXWbtbS.exe
  C:\Windows\System\wXWbtbS.exe
  2⤵
  PID:10204
- C:\Windows\System\mVtqsQA.exe
  C:\Windows\System\mVtqsQA.exe
  2⤵
  PID:10232
- C:\Windows\System\uatvPYI.exe
  C:\Windows\System\uatvPYI.exe
  2⤵
  PID:8172
- C:\Windows\System\nWShBZM.exe
  C:\Windows\System\nWShBZM.exe
  2⤵
  PID:2024
- C:\Windows\System\PHKiuBT.exe
  C:\Windows\System\PHKiuBT.exe
  2⤵
  PID:9236
- C:\Windows\System\UamVMIL.exe
  C:\Windows\System\UamVMIL.exe
  2⤵
  PID:4320
- C:\Windows\System\WYLRoBs.exe
  C:\Windows\System\WYLRoBs.exe
  2⤵
  PID:9352
- C:\Windows\System\uDuuWaf.exe
  C:\Windows\System\uDuuWaf.exe
  2⤵
  PID:9412
- C:\Windows\System\aROyfGg.exe
  C:\Windows\System\aROyfGg.exe
  2⤵
  PID:9468
- C:\Windows\System\ABhiXLM.exe
  C:\Windows\System\ABhiXLM.exe
  2⤵
  PID:9544
- C:\Windows\System\nvXBHNZ.exe
  C:\Windows\System\nvXBHNZ.exe
  2⤵
  PID:9608
- C:\Windows\System\EueZmCh.exe
  C:\Windows\System\EueZmCh.exe
  2⤵
  PID:9660
- C:\Windows\System\dMyqTea.exe
  C:\Windows\System\dMyqTea.exe
  2⤵
  PID:9716
- C:\Windows\System\sSDEbmr.exe
  C:\Windows\System\sSDEbmr.exe
  2⤵
  PID:9796
- C:\Windows\System\edpRSOV.exe
  C:\Windows\System\edpRSOV.exe
  2⤵
  PID:2212
- C:\Windows\System\TuLjZBa.exe
  C:\Windows\System\TuLjZBa.exe
  2⤵
  PID:9496
- C:\Windows\System\LdkXyzR.exe
  C:\Windows\System\LdkXyzR.exe
  2⤵
  PID:3912
- C:\Windows\System\PEyfwVE.exe
  C:\Windows\System\PEyfwVE.exe
  2⤵
  PID:4368
- C:\Windows\System\hGUcrlx.exe
  C:\Windows\System\hGUcrlx.exe
  2⤵
  PID:3040
- C:\Windows\System\BObpFIi.exe
  C:\Windows\System\BObpFIi.exe
  2⤵
  PID:2116
- C:\Windows\System\IOsTDSY.exe
  C:\Windows\System\IOsTDSY.exe
  2⤵
  PID:2428
- C:\Windows\System\fUQlusb.exe
  C:\Windows\System\fUQlusb.exe
  2⤵
  PID:4592
- C:\Windows\System\gKEsvgh.exe
  C:\Windows\System\gKEsvgh.exe
  2⤵
  PID:4524
- C:\Windows\System\PyZnBBo.exe
  C:\Windows\System\PyZnBBo.exe
  2⤵
  PID:2124
- C:\Windows\System\EmIJZGX.exe
  C:\Windows\System\EmIJZGX.exe
  2⤵
  PID:5080
- C:\Windows\System\zbLbyPW.exe
  C:\Windows\System\zbLbyPW.exe
  2⤵
  PID:1384
- C:\Windows\System\LiTGvwH.exe
  C:\Windows\System\LiTGvwH.exe
  2⤵
  PID:3936
- C:\Windows\System\sowdGUH.exe
  C:\Windows\System\sowdGUH.exe
  2⤵
  PID:9912
- C:\Windows\System\mXvJAOZ.exe
  C:\Windows\System\mXvJAOZ.exe
  2⤵
  PID:9972
- C:\Windows\System\LkCzKer.exe
  C:\Windows\System\LkCzKer.exe
  2⤵
  PID:10020
- C:\Windows\System\HKpyHzP.exe
  C:\Windows\System\HKpyHzP.exe
  2⤵
  PID:10076
- C:\Windows\System\hitiszz.exe
  C:\Windows\System\hitiszz.exe
  2⤵
  PID:10148
- C:\Windows\System\YaPbKmC.exe
  C:\Windows\System\YaPbKmC.exe
  2⤵
  PID:10216
- C:\Windows\System\TzWJApi.exe
  C:\Windows\System\TzWJApi.exe
  2⤵
  PID:2120
- C:\Windows\System\xtyJOIH.exe
  C:\Windows\System\xtyJOIH.exe
  2⤵
  PID:2036
- C:\Windows\System\WOJqcMW.exe
  C:\Windows\System\WOJqcMW.exe
  2⤵
  PID:1368
- C:\Windows\System\qmNCSYg.exe
  C:\Windows\System\qmNCSYg.exe
  2⤵
  PID:648
- C:\Windows\System\fnTXvVW.exe
  C:\Windows\System\fnTXvVW.exe
  2⤵
  PID:1920
- C:\Windows\System\TSrDwTU.exe
  C:\Windows\System\TSrDwTU.exe
  2⤵
  PID:2208
- C:\Windows\System\wFjiuir.exe
  C:\Windows\System\wFjiuir.exe
  2⤵
  PID:4764
- C:\Windows\System\gNFFFpS.exe
  C:\Windows\System\gNFFFpS.exe
  2⤵
  PID:4380
- C:\Windows\System\wGifCtL.exe
  C:\Windows\System\wGifCtL.exe
  2⤵
  PID:9860
- C:\Windows\System\shcRguZ.exe
  C:\Windows\System\shcRguZ.exe
  2⤵
  PID:9996
- C:\Windows\System\VkQPxJY.exe
  C:\Windows\System\VkQPxJY.exe
  2⤵
  PID:10196
- C:\Windows\System\WOOtpox.exe
  C:\Windows\System\WOOtpox.exe
  2⤵
  PID:3956
- C:\Windows\System\duKnltW.exe
  C:\Windows\System\duKnltW.exe
  2⤵
  PID:9636
- C:\Windows\System\mDqGLSt.exe
  C:\Windows\System\mDqGLSt.exe
  2⤵
  PID:4988
- C:\Windows\System\gWNZQRQ.exe
  C:\Windows\System\gWNZQRQ.exe
  2⤵
  PID:3624
- C:\Windows\System\SxeKdRT.exe
  C:\Windows\System\SxeKdRT.exe
  2⤵
  PID:4444
- C:\Windows\System\IbHvXGs.exe
  C:\Windows\System\IbHvXGs.exe
  2⤵
  PID:4416
- C:\Windows\System\GmIQgVZ.exe
  C:\Windows\System\GmIQgVZ.exe
  2⤵
  PID:4492
- C:\Windows\System\tyeToqG.exe
  C:\Windows\System\tyeToqG.exe
  2⤵
  PID:4604
- C:\Windows\System\hPqBsVW.exe
  C:\Windows\System\hPqBsVW.exe
  2⤵
  PID:10144
- C:\Windows\System\bllZOen.exe
  C:\Windows\System\bllZOen.exe
  2⤵
  PID:10264
- C:\Windows\System\kinHOml.exe
  C:\Windows\System\kinHOml.exe
  2⤵
  PID:10292
- C:\Windows\System\VUHPUzn.exe
  C:\Windows\System\VUHPUzn.exe
  2⤵
  PID:10308
- C:\Windows\System\JdZVtrA.exe
  C:\Windows\System\JdZVtrA.exe
  2⤵
  PID:10352
- C:\Windows\System\DgOwxGo.exe
  C:\Windows\System\DgOwxGo.exe
  2⤵
  PID:10380
- C:\Windows\System\uELGBzc.exe
  C:\Windows\System\uELGBzc.exe
  2⤵
  PID:10408
- C:\Windows\System\actwdZr.exe
  C:\Windows\System\actwdZr.exe
  2⤵
  PID:10436
- C:\Windows\System\vedIeNL.exe
  C:\Windows\System\vedIeNL.exe
  2⤵
  PID:10456
- C:\Windows\System\XwQOkQL.exe
  C:\Windows\System\XwQOkQL.exe
  2⤵
  PID:10496
- C:\Windows\System\Itfgcnc.exe
  C:\Windows\System\Itfgcnc.exe
  2⤵
  PID:10524
- C:\Windows\System\ItyHjYt.exe
  C:\Windows\System\ItyHjYt.exe
  2⤵
  PID:10540
- C:\Windows\System\WUjardA.exe
  C:\Windows\System\WUjardA.exe
  2⤵
  PID:10580
- C:\Windows\System\BNhNvLV.exe
  C:\Windows\System\BNhNvLV.exe
  2⤵
  PID:10612
- C:\Windows\System\itIxDTb.exe
  C:\Windows\System\itIxDTb.exe
  2⤵
  PID:10640
- C:\Windows\System\uXXuTge.exe
  C:\Windows\System\uXXuTge.exe
  2⤵
  PID:10668
- C:\Windows\System\lOofmbn.exe
  C:\Windows\System\lOofmbn.exe
  2⤵
  PID:10696
- C:\Windows\System\KsuXxvA.exe
  C:\Windows\System\KsuXxvA.exe
  2⤵
  PID:10724
- C:\Windows\System\KwoxcrL.exe
  C:\Windows\System\KwoxcrL.exe
  2⤵
  PID:10752
- C:\Windows\System\OYmugqP.exe
  C:\Windows\System\OYmugqP.exe
  2⤵
  PID:10784
- C:\Windows\System\lIagcsD.exe
  C:\Windows\System\lIagcsD.exe
  2⤵
  PID:10812
- C:\Windows\System\OuvGpLp.exe
  C:\Windows\System\OuvGpLp.exe
  2⤵
  PID:10840
- C:\Windows\System\PphQulZ.exe
  C:\Windows\System\PphQulZ.exe
  2⤵
  PID:10860
- C:\Windows\System\OSgmvCh.exe
  C:\Windows\System\OSgmvCh.exe
  2⤵
  PID:10900
- C:\Windows\System\QBzbvYD.exe
  C:\Windows\System\QBzbvYD.exe
  2⤵
  PID:10928
- C:\Windows\System\aoESrem.exe
  C:\Windows\System\aoESrem.exe
  2⤵
  PID:10956
- C:\Windows\System\PDPLGYP.exe
  C:\Windows\System\PDPLGYP.exe
  2⤵
  PID:10984
- C:\Windows\System\wHHRQnw.exe
  C:\Windows\System\wHHRQnw.exe
  2⤵
  PID:11012
- C:\Windows\System\YKWPihG.exe
  C:\Windows\System\YKWPihG.exe
  2⤵
  PID:11036
- C:\Windows\System\fExfrtv.exe
  C:\Windows\System\fExfrtv.exe
  2⤵
  PID:11056
- C:\Windows\System\PKXkgyL.exe
  C:\Windows\System\PKXkgyL.exe
  2⤵
  PID:11112
- C:\Windows\System\jvOttoZ.exe
  C:\Windows\System\jvOttoZ.exe
  2⤵
  PID:11160
- C:\Windows\System\BDKzTGw.exe
  C:\Windows\System\BDKzTGw.exe
  2⤵
  PID:11180
- C:\Windows\System\mAbWPoW.exe
  C:\Windows\System\mAbWPoW.exe
  2⤵
  PID:11212
- C:\Windows\System\IrUfXQq.exe
  C:\Windows\System\IrUfXQq.exe
  2⤵
  PID:11256
- C:\Windows\System\NdhoAGz.exe
  C:\Windows\System\NdhoAGz.exe
  2⤵
  PID:4564
- C:\Windows\System\TqmEAhi.exe
  C:\Windows\System\TqmEAhi.exe
  2⤵
  PID:10332
- C:\Windows\System\YWWkRoe.exe
  C:\Windows\System\YWWkRoe.exe
  2⤵
  PID:10316
- C:\Windows\System\xAZimlC.exe
  C:\Windows\System\xAZimlC.exe
  2⤵
  PID:10428
- C:\Windows\System\RfGTsEq.exe
  C:\Windows\System\RfGTsEq.exe
  2⤵
  PID:3068
- C:\Windows\System\pKiminf.exe
  C:\Windows\System\pKiminf.exe
  2⤵
  PID:10532
- C:\Windows\System\zorOjSt.exe
  C:\Windows\System\zorOjSt.exe
  2⤵
  PID:10592
- C:\Windows\System\HFuryXN.exe
  C:\Windows\System\HFuryXN.exe
  2⤵
  PID:10652
- C:\Windows\System\wHNhSZf.exe
  C:\Windows\System\wHNhSZf.exe
  2⤵
  PID:10716
- C:\Windows\System\CoMWlTN.exe
  C:\Windows\System\CoMWlTN.exe
  2⤵
  PID:10800
- C:\Windows\System\rVehBkt.exe
  C:\Windows\System\rVehBkt.exe
  2⤵
  PID:10892
- C:\Windows\System\LUoFZIP.exe
  C:\Windows\System\LUoFZIP.exe
  2⤵
  PID:10920
- C:\Windows\System\zeUWlvf.exe
  C:\Windows\System\zeUWlvf.exe
  2⤵
  PID:10968
- C:\Windows\System\rSKutcI.exe
  C:\Windows\System\rSKutcI.exe
  2⤵
  PID:11052
- C:\Windows\System\hXXJBxo.exe
  C:\Windows\System\hXXJBxo.exe
  2⤵
  PID:11148
- C:\Windows\System\evsrhjZ.exe
  C:\Windows\System\evsrhjZ.exe
  2⤵
  PID:11252
- C:\Windows\System\PqOMobv.exe
  C:\Windows\System\PqOMobv.exe
  2⤵
  PID:2140
- C:\Windows\System\KDMcIfA.exe
  C:\Windows\System\KDMcIfA.exe
  2⤵
  PID:10572
- C:\Windows\System\eggFkJk.exe
  C:\Windows\System\eggFkJk.exe
  2⤵
  PID:10776
- C:\Windows\System\QdgJJSg.exe
  C:\Windows\System\QdgJJSg.exe
  2⤵
  PID:2716
- C:\Windows\System\eoCsGwB.exe
  C:\Windows\System\eoCsGwB.exe
  2⤵
  PID:9772
- C:\Windows\System\tqxLGRB.exe
  C:\Windows\System\tqxLGRB.exe
  2⤵
  PID:10172
- C:\Windows\System\ZIZckJc.exe
  C:\Windows\System\ZIZckJc.exe
  2⤵
  PID:10392
- C:\Windows\System\AQbfNYn.exe
  C:\Windows\System\AQbfNYn.exe
  2⤵
  PID:3648
- C:\Windows\System\GxOTwWo.exe
  C:\Windows\System\GxOTwWo.exe
  2⤵
  PID:11044
- C:\Windows\System\qjEKaiq.exe
  C:\Windows\System\qjEKaiq.exe
  2⤵
  PID:11232
- C:\Windows\System\deXcIdW.exe
  C:\Windows\System\deXcIdW.exe
  2⤵
  PID:11268
- C:\Windows\System\OzaScfA.exe
  C:\Windows\System\OzaScfA.exe
  2⤵
  PID:11292
- C:\Windows\System\NPHAnig.exe
  C:\Windows\System\NPHAnig.exe
  2⤵
  PID:11324
- C:\Windows\System\kQgMYKC.exe
  C:\Windows\System\kQgMYKC.exe
  2⤵
  PID:11356
- C:\Windows\System\yawWbdL.exe
  C:\Windows\System\yawWbdL.exe
  2⤵
  PID:11388
- C:\Windows\System\QxTZSkX.exe
  C:\Windows\System\QxTZSkX.exe
  2⤵
  PID:11424
- C:\Windows\System\iCSrHKe.exe
  C:\Windows\System\iCSrHKe.exe
  2⤵
  PID:11472
- C:\Windows\System\GYaKeSu.exe
  C:\Windows\System\GYaKeSu.exe
  2⤵
  PID:11496
- C:\Windows\System\fDzALYk.exe
  C:\Windows\System\fDzALYk.exe
  2⤵
  PID:11524
- C:\Windows\System\McCbuno.exe
  C:\Windows\System\McCbuno.exe
  2⤵
  PID:11556
- C:\Windows\System\yhrhLfw.exe
  C:\Windows\System\yhrhLfw.exe
  2⤵
  PID:11584
- C:\Windows\System\XsZxZxf.exe
  C:\Windows\System\XsZxZxf.exe
  2⤵
  PID:11612
- C:\Windows\System\VQPSfXg.exe
  C:\Windows\System\VQPSfXg.exe
  2⤵
  PID:11640
- C:\Windows\System\NfiyBnq.exe
  C:\Windows\System\NfiyBnq.exe
  2⤵
  PID:11668
- C:\Windows\System\DcWfXCT.exe
  C:\Windows\System\DcWfXCT.exe
  2⤵
  PID:11696
- C:\Windows\System\zPEVjYo.exe
  C:\Windows\System\zPEVjYo.exe
  2⤵
  PID:11724
- C:\Windows\System\RxmtSxn.exe
  C:\Windows\System\RxmtSxn.exe
  2⤵
  PID:11752
- C:\Windows\System\PpVwSoz.exe
  C:\Windows\System\PpVwSoz.exe
  2⤵
  PID:11780
- C:\Windows\System\cmIkasO.exe
  C:\Windows\System\cmIkasO.exe
  2⤵
  PID:11808
- C:\Windows\System\FHYShBA.exe
  C:\Windows\System\FHYShBA.exe
  2⤵
  PID:11836
- C:\Windows\System\EOCEjVk.exe
  C:\Windows\System\EOCEjVk.exe
  2⤵
  PID:11888
- C:\Windows\System\MeJxdyc.exe
  C:\Windows\System\MeJxdyc.exe
  2⤵
  PID:11904
- C:\Windows\System\rqvmJcn.exe
  C:\Windows\System\rqvmJcn.exe
  2⤵
  PID:11932
- C:\Windows\System\ZlWxVDw.exe
  C:\Windows\System\ZlWxVDw.exe
  2⤵
  PID:11960
- C:\Windows\System\qtzaGFu.exe
  C:\Windows\System\qtzaGFu.exe
  2⤵
  PID:11992
- C:\Windows\System\onCNJMV.exe
  C:\Windows\System\onCNJMV.exe
  2⤵
  PID:12024
- C:\Windows\System\rEljkOv.exe
  C:\Windows\System\rEljkOv.exe
  2⤵
  PID:12064
- C:\Windows\System\lHPqSBZ.exe
  C:\Windows\System\lHPqSBZ.exe
  2⤵
  PID:12080
- C:\Windows\System\UhBsZjo.exe
  C:\Windows\System\UhBsZjo.exe
  2⤵
  PID:12108
- C:\Windows\System\qfaannb.exe
  C:\Windows\System\qfaannb.exe
  2⤵
  PID:12136
- C:\Windows\System\LBNUWfT.exe
  C:\Windows\System\LBNUWfT.exe
  2⤵
  PID:12164
- C:\Windows\System\XxknkQG.exe
  C:\Windows\System\XxknkQG.exe
  2⤵
  PID:12192
- C:\Windows\System\NlaYxAr.exe
  C:\Windows\System\NlaYxAr.exe
  2⤵
  PID:12220
- C:\Windows\System\XjxmoFS.exe
  C:\Windows\System\XjxmoFS.exe
  2⤵
  PID:12248
- C:\Windows\System\BHxYDhy.exe
  C:\Windows\System\BHxYDhy.exe
  2⤵
  PID:12276
- C:\Windows\System\usSkLlT.exe
  C:\Windows\System\usSkLlT.exe
  2⤵
  PID:11280
- C:\Windows\System\EDdKUhe.exe
  C:\Windows\System\EDdKUhe.exe
  2⤵
  PID:11336
- C:\Windows\System\TgUebNZ.exe
  C:\Windows\System\TgUebNZ.exe
  2⤵
  PID:11400
- C:\Windows\System\kMPYmaX.exe
  C:\Windows\System\kMPYmaX.exe
  2⤵
  PID:11480
- C:\Windows\System\uAkbXxT.exe
  C:\Windows\System\uAkbXxT.exe
  2⤵
  PID:11548
- C:\Windows\System\KySwjMy.exe
  C:\Windows\System\KySwjMy.exe
  2⤵
  PID:11608
- C:\Windows\System\HPlwsMw.exe
  C:\Windows\System\HPlwsMw.exe
  2⤵
  PID:11692
- C:\Windows\System\xJFwHxc.exe
  C:\Windows\System\xJFwHxc.exe
  2⤵
  PID:2388
- C:\Windows\System\AZjljrQ.exe
  C:\Windows\System\AZjljrQ.exe
  2⤵
  PID:11776
- C:\Windows\System\OMYsNNG.exe
  C:\Windows\System\OMYsNNG.exe
  2⤵
  PID:2464
- C:\Windows\System\GSTvtfu.exe
  C:\Windows\System\GSTvtfu.exe
  2⤵
  PID:3064
- C:\Windows\System\kpGWjCb.exe
  C:\Windows\System\kpGWjCb.exe
  2⤵
  PID:12008
- C:\Windows\System\eJltuoK.exe
  C:\Windows\System\eJltuoK.exe
  2⤵
  PID:12048
- C:\Windows\System\coZutGJ.exe
  C:\Windows\System\coZutGJ.exe
  2⤵
  PID:12128
- C:\Windows\System\CsAzoHD.exe
  C:\Windows\System\CsAzoHD.exe
  2⤵
  PID:12184
- C:\Windows\System\WNMhfjT.exe
  C:\Windows\System\WNMhfjT.exe
  2⤵
  PID:12244
- C:\Windows\System\xPtEoad.exe
  C:\Windows\System\xPtEoad.exe
  2⤵
  PID:11300
- C:\Windows\System\SVPeEzk.exe
  C:\Windows\System\SVPeEzk.exe
  2⤵
  PID:10300
- C:\Windows\System\oTtiicX.exe
  C:\Windows\System\oTtiicX.exe
  2⤵
  PID:11604
- C:\Windows\System\apaocjH.exe
  C:\Windows\System\apaocjH.exe
  2⤵
  PID:11748
- C:\Windows\System\SkuXzef.exe
  C:\Windows\System\SkuXzef.exe
  2⤵
  PID:2548
- C:\Windows\System\AGjJkJS.exe
  C:\Windows\System\AGjJkJS.exe
  2⤵
  PID:12060
- C:\Windows\System\SiteKMW.exe
  C:\Windows\System\SiteKMW.exe
  2⤵
  PID:12156
- C:\Windows\System\XfbwAyF.exe
  C:\Windows\System\XfbwAyF.exe
  2⤵
  PID:12160
- C:\Windows\System\adSXjWB.exe
  C:\Windows\System\adSXjWB.exe
  2⤵
  PID:12232
- C:\Windows\System\YIYntWt.exe
  C:\Windows\System\YIYntWt.exe
  2⤵
  PID:11436
- C:\Windows\System\BEYnBPC.exe
  C:\Windows\System\BEYnBPC.exe
  2⤵
  PID:11740
- C:\Windows\System\ROJrkOU.exe
  C:\Windows\System\ROJrkOU.exe
  2⤵
  PID:5588
- C:\Windows\System\pYiucrP.exe
  C:\Windows\System\pYiucrP.exe
  2⤵
  PID:2032
- C:\Windows\System\XBqfIjH.exe
  C:\Windows\System\XBqfIjH.exe
  2⤵
  PID:11864
- C:\Windows\System\sMHrzTz.exe
  C:\Windows\System\sMHrzTz.exe
  2⤵
  PID:4440
- C:\Windows\System\MzhhUXE.exe
  C:\Windows\System\MzhhUXE.exe
  2⤵
  PID:2724
- C:\Windows\System\kafYojZ.exe
  C:\Windows\System\kafYojZ.exe
  2⤵
  PID:5644
- C:\Windows\System\kPPelsJ.exe
  C:\Windows\System\kPPelsJ.exe
  2⤵
  PID:12304
- C:\Windows\System\jXLgfnT.exe
  C:\Windows\System\jXLgfnT.exe
  2⤵
  PID:12332
- C:\Windows\System\wGotEbR.exe
  C:\Windows\System\wGotEbR.exe
  2⤵
  PID:12360
- C:\Windows\System\LRGvAqS.exe
  C:\Windows\System\LRGvAqS.exe
  2⤵
  PID:12388
- C:\Windows\System\vvLilRg.exe
  C:\Windows\System\vvLilRg.exe
  2⤵
  PID:12420
- C:\Windows\System\bhHWyuF.exe
  C:\Windows\System\bhHWyuF.exe
  2⤵
  PID:12448
- C:\Windows\System\SvyjvGm.exe
  C:\Windows\System\SvyjvGm.exe
  2⤵
  PID:12476
- C:\Windows\System\LKkVUcP.exe
  C:\Windows\System\LKkVUcP.exe
  2⤵
  PID:12504
- C:\Windows\System\GHqmsrf.exe
  C:\Windows\System\GHqmsrf.exe
  2⤵
  PID:12532
- C:\Windows\System\GsJEnbu.exe
  C:\Windows\System\GsJEnbu.exe
  2⤵
  PID:12560
- C:\Windows\System\MVJpSqR.exe
  C:\Windows\System\MVJpSqR.exe
  2⤵
  PID:12588
- C:\Windows\System\TuCEoXf.exe
  C:\Windows\System\TuCEoXf.exe
  2⤵
  PID:12616
- C:\Windows\System\OjCfnyY.exe
  C:\Windows\System\OjCfnyY.exe
  2⤵
  PID:12644
- C:\Windows\System\dNkZYNf.exe
  C:\Windows\System\dNkZYNf.exe
  2⤵
  PID:12672
- C:\Windows\System\lwWtDIV.exe
  C:\Windows\System\lwWtDIV.exe
  2⤵
  PID:12700
- C:\Windows\System\NfVHfls.exe
  C:\Windows\System\NfVHfls.exe
  2⤵
  PID:12728
- C:\Windows\System\wteiCpZ.exe
  C:\Windows\System\wteiCpZ.exe
  2⤵
  PID:12756
- C:\Windows\System\efGgAZQ.exe
  C:\Windows\System\efGgAZQ.exe
  2⤵
  PID:12784
- C:\Windows\System\dRvlRNQ.exe
  C:\Windows\System\dRvlRNQ.exe
  2⤵
  PID:12812
- C:\Windows\System\XlfyfKb.exe
  C:\Windows\System\XlfyfKb.exe
  2⤵
  PID:12840
- C:\Windows\System\zomFSGr.exe
  C:\Windows\System\zomFSGr.exe
  2⤵
  PID:12868
- C:\Windows\System\TnJXDdi.exe
  C:\Windows\System\TnJXDdi.exe
  2⤵
  PID:12896
- C:\Windows\System\DEjrbMr.exe
  C:\Windows\System\DEjrbMr.exe
  2⤵
  PID:12924
- C:\Windows\System\ehFHpsD.exe
  C:\Windows\System\ehFHpsD.exe
  2⤵
  PID:12956
- C:\Windows\System\lsCCcoo.exe
  C:\Windows\System\lsCCcoo.exe
  2⤵
  PID:12984
- C:\Windows\System\kXNMqKy.exe
  C:\Windows\System\kXNMqKy.exe
  2⤵
  PID:13012
- C:\Windows\System\yXVBOyN.exe
  C:\Windows\System\yXVBOyN.exe
  2⤵
  PID:13040
- C:\Windows\System\OnmrGAw.exe
  C:\Windows\System\OnmrGAw.exe
  2⤵
  PID:13068
- C:\Windows\System\YOmQDxm.exe
  C:\Windows\System\YOmQDxm.exe
  2⤵
  PID:13096
- C:\Windows\System\TZhlCrp.exe
  C:\Windows\System\TZhlCrp.exe
  2⤵
  PID:13124
- C:\Windows\System\mClriCp.exe
  C:\Windows\System\mClriCp.exe
  2⤵
  PID:13164
- C:\Windows\System\VONYKjD.exe
  C:\Windows\System\VONYKjD.exe
  2⤵
  PID:13184
- C:\Windows\System\NtBjjTN.exe
  C:\Windows\System\NtBjjTN.exe
  2⤵
  PID:13204
- C:\Windows\System\yykkBqF.exe
  C:\Windows\System\yykkBqF.exe
  2⤵
  PID:13252
- C:\Windows\System\VQDYKhW.exe
  C:\Windows\System\VQDYKhW.exe
  2⤵
  PID:13300
- C:\Windows\System\cYXKAhj.exe
  C:\Windows\System\cYXKAhj.exe
  2⤵
  PID:12352
- C:\Windows\System\hmVAUay.exe
  C:\Windows\System\hmVAUay.exe
  2⤵
  PID:12436
- C:\Windows\System\fWIkiGP.exe
  C:\Windows\System\fWIkiGP.exe
  2⤵
  PID:12488
- C:\Windows\System\IFoxbqU.exe
  C:\Windows\System\IFoxbqU.exe
  2⤵
  PID:12600
- C:\Windows\System\dmbprxO.exe
  C:\Windows\System\dmbprxO.exe
  2⤵
  PID:12696
- C:\Windows\System\ZuJZAms.exe
  C:\Windows\System\ZuJZAms.exe
  2⤵
  PID:12824
- C:\Windows\System\sKwjKLl.exe
  C:\Windows\System\sKwjKLl.exe
  2⤵
  PID:12908
- C:\Windows\System\ZvWoAqQ.exe
  C:\Windows\System\ZvWoAqQ.exe
  2⤵
  PID:12968
- C:\Windows\System\WhDLTZa.exe
  C:\Windows\System\WhDLTZa.exe
  2⤵
  PID:13008
- C:\Windows\System\OoaFEqY.exe
  C:\Windows\System\OoaFEqY.exe
  2⤵
  PID:13060
- C:\Windows\System\fBCPVBb.exe
  C:\Windows\System\fBCPVBb.exe
  2⤵
  PID:2000
- C:\Windows\System\NaPoSwl.exe
  C:\Windows\System\NaPoSwl.exe
  2⤵
  PID:13196
- C:\Windows\System\gImQiwG.exe
  C:\Windows\System\gImQiwG.exe
  2⤵
  PID:12328
- C:\Windows\System\eCHjsYq.exe
  C:\Windows\System\eCHjsYq.exe
  2⤵
  PID:12472
- C:\Windows\System\mmCtSVz.exe
  C:\Windows\System\mmCtSVz.exe
  2⤵
  PID:12804
- C:\Windows\System\TYtVgxE.exe
  C:\Windows\System\TYtVgxE.exe
  2⤵
  PID:12948
- C:\Windows\System\iPxVMKF.exe
  C:\Windows\System\iPxVMKF.exe
  2⤵
  PID:13036
- C:\Windows\System\byImIXz.exe
  C:\Windows\System\byImIXz.exe
  2⤵
  PID:5636
- C:\Windows\System\dwVeVgV.exe
  C:\Windows\System\dwVeVgV.exe
  2⤵
  PID:12572
- C:\Windows\System\bdZIwmK.exe
  C:\Windows\System\bdZIwmK.exe
  2⤵
  PID:13004
- C:\Windows\System\sqFVftl.exe
  C:\Windows\System\sqFVftl.exe
  2⤵
  PID:13248
- C:\Windows\System\yWMDCEo.exe
  C:\Windows\System\yWMDCEo.exe
  2⤵
  PID:13280
- C:\Windows\System\lrlzGDf.exe
  C:\Windows\System\lrlzGDf.exe
  2⤵
  PID:13192
- C:\Windows\System\WyClmsV.exe
  C:\Windows\System\WyClmsV.exe
  2⤵
  PID:13180
- C:\Windows\System\nLFhjZG.exe
  C:\Windows\System\nLFhjZG.exe
  2⤵
  PID:13328
- C:\Windows\System\CsGnGEV.exe
  C:\Windows\System\CsGnGEV.exe
  2⤵
  PID:13356
- C:\Windows\System\DeWxuPC.exe
  C:\Windows\System\DeWxuPC.exe
  2⤵
  PID:13384
- C:\Windows\System\jBSqBty.exe
  C:\Windows\System\jBSqBty.exe
  2⤵
  PID:13416
- C:\Windows\System\ZEIOqaF.exe
  C:\Windows\System\ZEIOqaF.exe
  2⤵
  PID:13444
- C:\Windows\System\FJqbBAF.exe
  C:\Windows\System\FJqbBAF.exe
  2⤵
  PID:13480
- C:\Windows\System\VvXqNDl.exe
  C:\Windows\System\VvXqNDl.exe
  2⤵
  PID:13520
- C:\Windows\System\nOnNFXB.exe
  C:\Windows\System\nOnNFXB.exe
  2⤵
  PID:13536
- C:\Windows\System\yFfUrHt.exe
  C:\Windows\System\yFfUrHt.exe
  2⤵
  PID:13576
- C:\Windows\System\NTxOFpg.exe
  C:\Windows\System\NTxOFpg.exe
  2⤵
  PID:13596
- C:\Windows\System\rjPbdXm.exe
  C:\Windows\System\rjPbdXm.exe
  2⤵
  PID:13636
- C:\Windows\System\QJpgnST.exe
  C:\Windows\System\QJpgnST.exe
  2⤵
  PID:13652
- C:\Windows\System\MhwuVCn.exe
  C:\Windows\System\MhwuVCn.exe
  2⤵
  PID:13688
- C:\Windows\System\qIKZOko.exe
  C:\Windows\System\qIKZOko.exe
  2⤵
  PID:13716
- C:\Windows\System\RfEKacg.exe
  C:\Windows\System\RfEKacg.exe
  2⤵
  PID:13764
- C:\Windows\System\ZBaAQRf.exe
  C:\Windows\System\ZBaAQRf.exe
  2⤵
  PID:13788
- C:\Windows\System\OLfGnjT.exe
  C:\Windows\System\OLfGnjT.exe
  2⤵
  PID:13824
- C:\Windows\System\FQQbopy.exe
  C:\Windows\System\FQQbopy.exe
  2⤵
  PID:13852
- C:\Windows\System\QrKTlTP.exe
  C:\Windows\System\QrKTlTP.exe
  2⤵
  PID:13880
- C:\Windows\System\KdrNkZW.exe
  C:\Windows\System\KdrNkZW.exe
  2⤵
  PID:13908
- C:\Windows\System\fltWEzB.exe
  C:\Windows\System\fltWEzB.exe
  2⤵
  PID:13956
- C:\Windows\System\ogCLzho.exe
  C:\Windows\System\ogCLzho.exe
  2⤵
  PID:14028
- C:\Windows\System\fznjjgN.exe
  C:\Windows\System\fznjjgN.exe
  2⤵
  PID:14056
- C:\Windows\System\tcpJQdA.exe
  C:\Windows\System\tcpJQdA.exe
  2⤵
  PID:14108
- C:\Windows\System\EoAWHOI.exe
  C:\Windows\System\EoAWHOI.exe
  2⤵
  PID:14136
- C:\Windows\System\RcKpmdl.exe
  C:\Windows\System\RcKpmdl.exe
  2⤵
  PID:14180
- C:\Windows\System\yGGzoNH.exe
  C:\Windows\System\yGGzoNH.exe
  2⤵
  PID:14204
- C:\Windows\System\mzVnPRN.exe
  C:\Windows\System\mzVnPRN.exe
  2⤵
  PID:14260
- C:\Windows\System\ZglBWmB.exe
  C:\Windows\System\ZglBWmB.exe
  2⤵
  PID:14292
- C:\Windows\System\xmQzPqe.exe
  C:\Windows\System\xmQzPqe.exe
  2⤵
  PID:14316
- C:\Windows\System\mMUptKK.exe
  C:\Windows\System\mMUptKK.exe
  2⤵
  PID:13324
- C:\Windows\System\TaUvGUP.exe
  C:\Windows\System\TaUvGUP.exe
  2⤵
  PID:4868
- C:\Windows\System\oEhGVoU.exe
  C:\Windows\System\oEhGVoU.exe
  2⤵
  PID:13440
- C:\Windows\System\oAnJnxW.exe
  C:\Windows\System\oAnJnxW.exe
  2⤵
  PID:3816
- C:\Windows\System\snHuUfk.exe
  C:\Windows\System\snHuUfk.exe
  2⤵
  PID:13516
- C:\Windows\System\WLkadEq.exe
  C:\Windows\System\WLkadEq.exe
  2⤵
  PID:6560
- C:\Windows\System\tptsEPr.exe
  C:\Windows\System\tptsEPr.exe
  2⤵
  PID:13588
- C:\Windows\System\OFQKjlG.exe
  C:\Windows\System\OFQKjlG.exe
  2⤵
  PID:13644
- C:\Windows\System\AUFasoY.exe
  C:\Windows\System\AUFasoY.exe
  2⤵
  PID:13708
- C:\Windows\System\bkyPrWS.exe
  C:\Windows\System\bkyPrWS.exe
  2⤵
  PID:6724
- C:\Windows\System\xEKcKKg.exe
  C:\Windows\System\xEKcKKg.exe
  2⤵
  PID:6820
- C:\Windows\System\VfqDgnK.exe
  C:\Windows\System\VfqDgnK.exe
  2⤵
  PID:1236
- C:\Windows\System\sWMtbfy.exe
  C:\Windows\System\sWMtbfy.exe
  2⤵
  PID:13748
- C:\Windows\System\CQvyQgl.exe
  C:\Windows\System\CQvyQgl.exe
  2⤵
  PID:6976
- C:\Windows\System\XDQnKCE.exe
  C:\Windows\System\XDQnKCE.exe
  2⤵
  PID:4704
- C:\Windows\System\aPLSEbc.exe
  C:\Windows\System\aPLSEbc.exe
  2⤵
  PID:4848
- C:\Windows\System\aIlioEe.exe
  C:\Windows\System\aIlioEe.exe
  2⤵
  PID:13864
- C:\Windows\System\PHYkIME.exe
  C:\Windows\System\PHYkIME.exe
  2⤵
  PID:13936
- C:\Windows\System\gvUBWwv.exe
  C:\Windows\System\gvUBWwv.exe
  2⤵
  PID:11124
- C:\Windows\System\VsNNzEo.exe
  C:\Windows\System\VsNNzEo.exe
  2⤵
  PID:13832
- C:\Windows\System\xeXYKpz.exe
  C:\Windows\System\xeXYKpz.exe
  2⤵
  PID:11156
- C:\Windows\System\jqLyKlB.exe
  C:\Windows\System\jqLyKlB.exe
  2⤵
  PID:5580
- C:\Windows\System\YeZxTQm.exe
  C:\Windows\System\YeZxTQm.exe
  2⤵
  PID:6360
- C:\Windows\System\ymrwZPf.exe
  C:\Windows\System\ymrwZPf.exe
  2⤵
  PID:6520
- C:\Windows\System\ercEezq.exe
  C:\Windows\System\ercEezq.exe
  2⤵
  PID:6448
- C:\Windows\System\BfmkLGR.exe
  C:\Windows\System\BfmkLGR.exe
  2⤵
  PID:6688
- C:\Windows\System\JVEbXyt.exe
  C:\Windows\System\JVEbXyt.exe
  2⤵
  PID:2936
- C:\Windows\System\EiolXsk.exe
  C:\Windows\System\EiolXsk.exe
  2⤵
  PID:14104
- C:\Windows\System\duzGzkM.exe
  C:\Windows\System\duzGzkM.exe
  2⤵
  PID:3380
- C:\Windows\System\GWfggGJ.exe
  C:\Windows\System\GWfggGJ.exe
  2⤵
  PID:11372
- C:\Windows\System\Pneguqp.exe
  C:\Windows\System\Pneguqp.exe
  2⤵
  PID:14036
- C:\Windows\System\YcPyQml.exe
  C:\Windows\System\YcPyQml.exe
  2⤵
  PID:7112
- C:\Windows\System\AcSXorL.exe
  C:\Windows\System\AcSXorL.exe
  2⤵
  PID:6156
- C:\Windows\System\zQKkoFZ.exe
  C:\Windows\System\zQKkoFZ.exe
  2⤵
  PID:1672
- C:\Windows\System\xpvYbPP.exe
  C:\Windows\System\xpvYbPP.exe
  2⤵
  PID:7172
- C:\Windows\System\LVFJNXe.exe
  C:\Windows\System\LVFJNXe.exe
  2⤵
  PID:7272
- C:\Windows\System\LgfYnQt.exe
  C:\Windows\System\LgfYnQt.exe
  2⤵
  PID:7368
- C:\Windows\System\ZpQazHK.exe
  C:\Windows\System\ZpQazHK.exe
  2⤵
  PID:4312
- C:\Windows\System\IDouwHN.exe
  C:\Windows\System\IDouwHN.exe
  2⤵
  PID:844
- C:\Windows\System\xLxWplD.exe
  C:\Windows\System\xLxWplD.exe
  2⤵
  PID:2364
- C:\Windows\System\KiYIFnp.exe
  C:\Windows\System\KiYIFnp.exe
  2⤵
  PID:1064
- C:\Windows\System\bTYScSV.exe
  C:\Windows\System\bTYScSV.exe
  2⤵
  PID:3272
- C:\Windows\System\JMIUAIV.exe
  C:\Windows\System\JMIUAIV.exe
  2⤵
  PID:7440
- C:\Windows\System\wZdvVbB.exe
  C:\Windows\System\wZdvVbB.exe
  2⤵
  PID:14076
- C:\Windows\System\ktYpPPz.exe
  C:\Windows\System\ktYpPPz.exe
  2⤵
  PID:2100
- C:\Windows\System\qVAkVyu.exe
  C:\Windows\System\qVAkVyu.exe
  2⤵
  PID:13376
- C:\Windows\System\iIvQOer.exe
  C:\Windows\System\iIvQOer.exe
  2⤵
  PID:5028
- C:\Windows\System\xsBMoFE.exe
  C:\Windows\System\xsBMoFE.exe
  2⤵
  PID:13528
- C:\Windows\System\EJnsmdI.exe
  C:\Windows\System\EJnsmdI.exe
  2⤵
  PID:1644
- C:\Windows\System\cTxFGPy.exe
  C:\Windows\System\cTxFGPy.exe
  2⤵
  PID:13696
- C:\Windows\System\IXBYGIe.exe
  C:\Windows\System\IXBYGIe.exe
  2⤵
  PID:13740
- C:\Windows\System\lvscgnH.exe
  C:\Windows\System\lvscgnH.exe
  2⤵
  PID:6836
- C:\Windows\System\dQJfBNn.exe
  C:\Windows\System\dQJfBNn.exe
  2⤵
  PID:4980
- C:\Windows\System\hIlinXN.exe
  C:\Windows\System\hIlinXN.exe
  2⤵
  PID:13816
- C:\Windows\System\KzkSply.exe
  C:\Windows\System\KzkSply.exe
  2⤵
  PID:13892
- C:\Windows\System\XJOvttm.exe
  C:\Windows\System\XJOvttm.exe
  2⤵
  PID:13920
- C:\Windows\System\vNcNcRR.exe
  C:\Windows\System\vNcNcRR.exe
  2⤵
  PID:11204
- C:\Windows\System\xoFzbDt.exe
  C:\Windows\System\xoFzbDt.exe
  2⤵
  PID:11192
- C:\Windows\System\gtReoib.exe
  C:\Windows\System\gtReoib.exe
  2⤵
  PID:5212
- C:\Windows\System\AQdCoLe.exe
  C:\Windows\System\AQdCoLe.exe
  2⤵
  PID:6384
- C:\Windows\System\jbJgQMQ.exe
  C:\Windows\System\jbJgQMQ.exe
  2⤵
  PID:4412
- C:\Windows\System\tdTnUsm.exe
  C:\Windows\System\tdTnUsm.exe
  2⤵
  PID:5340
- C:\Windows\System\ovDVDDj.exe
  C:\Windows\System\ovDVDDj.exe
  2⤵
  PID:14096
- C:\Windows\System\oDVspEa.exe
  C:\Windows\System\oDVspEa.exe
  2⤵
  PID:5380
- C:\Windows\System\TxjHmjl.exe
  C:\Windows\System\TxjHmjl.exe
  2⤵
  PID:5420
- C:\Windows\System\lWkPVUy.exe
  C:\Windows\System\lWkPVUy.exe
  2⤵
  PID:5456
- C:\Windows\System\tXQcaUy.exe
  C:\Windows\System\tXQcaUy.exe
  2⤵
  PID:7188
- C:\Windows\System\JDXzfHW.exe
  C:\Windows\System\JDXzfHW.exe
  2⤵
  PID:7312
- C:\Windows\System\rGrkSOP.exe
  C:\Windows\System\rGrkSOP.exe
  2⤵
  PID:1896
- C:\Windows\System\Kzowire.exe
  C:\Windows\System\Kzowire.exe
  2⤵
  PID:4812
- C:\Windows\System\mgkfRmH.exe
  C:\Windows\System\mgkfRmH.exe
  2⤵
  PID:5584
- C:\Windows\System\hvDGYIB.exe
  C:\Windows\System\hvDGYIB.exe
  2⤵
  PID:13504
- C:\Windows\System\MAhfQLy.exe
  C:\Windows\System\MAhfQLy.exe
  2⤵
  PID:14328
- C:\Windows\System\aZWLOWJ.exe
  C:\Windows\System\aZWLOWJ.exe
  2⤵
  PID:13468
- C:\Windows\System\eVJCtQQ.exe
  C:\Windows\System\eVJCtQQ.exe
  2⤵
  PID:13472
- C:\Windows\System\mAWXUTz.exe
  C:\Windows\System\mAWXUTz.exe
  2⤵
  PID:6684
- C:\Windows\System\evbMOGB.exe
  C:\Windows\System\evbMOGB.exe
  2⤵
  PID:13776
- C:\Windows\System\oRyeebR.exe
  C:\Windows\System\oRyeebR.exe
  2⤵
  PID:6980
- C:\Windows\System\agYKthC.exe
  C:\Windows\System\agYKthC.exe
  2⤵
  PID:5856
- C:\Windows\System\biNDKIH.exe
  C:\Windows\System\biNDKIH.exe
  2⤵
  PID:2068
- C:\Windows\System\mJSKiiF.exe
  C:\Windows\System\mJSKiiF.exe
  2⤵
  PID:6160
- C:\Windows\System\iaseaVx.exe
  C:\Windows\System\iaseaVx.exe
  2⤵
  PID:14024
- C:\Windows\System\SImOubL.exe
  C:\Windows\System\SImOubL.exe
  2⤵
  PID:5296
- C:\Windows\System\ZNmLkVw.exe
  C:\Windows\System\ZNmLkVw.exe
  2⤵
  PID:6008
- C:\Windows\System\AAZjKEP.exe
  C:\Windows\System\AAZjKEP.exe
  2⤵
  PID:6040
- C:\Windows\System\UsXArnH.exe
  C:\Windows\System\UsXArnH.exe
  2⤵
  PID:6052
- C:\Windows\System\hoWgviX.exe
  C:\Windows\System\hoWgviX.exe
  2⤵
  PID:6088
- C:\Windows\System\glcBLqV.exe
  C:\Windows\System\glcBLqV.exe
  2⤵
  PID:5560
- C:\Windows\System\mLFHHOK.exe
  C:\Windows\System\mLFHHOK.exe
  2⤵
  PID:1244
- C:\Windows\System\wXdtNqN.exe
  C:\Windows\System\wXdtNqN.exe
  2⤵
  PID:536
- C:\Windows\System\Xpjlmrk.exe
  C:\Windows\System\Xpjlmrk.exe
  2⤵
  PID:13512
- C:\Windows\System\tSmtdjq.exe
  C:\Windows\System\tSmtdjq.exe
  2⤵
  PID:5768
- C:\Windows\System\DFvpJZz.exe
  C:\Windows\System\DFvpJZz.exe
  2⤵
  PID:7832
- C:\Windows\System\YZlbWPP.exe
  C:\Windows\System\YZlbWPP.exe
  2⤵
  PID:5828
- C:\Windows\System\cdVlMmB.exe
  C:\Windows\System\cdVlMmB.exe
  2⤵
  PID:5884
- C:\Windows\System\QsbMIBI.exe
  C:\Windows\System\QsbMIBI.exe
  2⤵
  PID:5228
- C:\Windows\System\ekDKLkg.exe
  C:\Windows\System\ekDKLkg.exe
  2⤵
  PID:13952
- C:\Windows\System\mGbVYpe.exe
  C:\Windows\System\mGbVYpe.exe
  2⤵
  PID:5432
- C:\Windows\System\iWWKozy.exe
  C:\Windows\System\iWWKozy.exe
  2⤵
  PID:14064
- C:\Windows\System\MSVsyVA.exe
  C:\Windows\System\MSVsyVA.exe
  2⤵
  PID:2520
- C:\Windows\System\IXyKIVM.exe
  C:\Windows\System\IXyKIVM.exe
  2⤵
  PID:4784
- C:\Windows\System\ZwSuTmN.exe
  C:\Windows\System\ZwSuTmN.exe
  2⤵
  PID:6936
- C:\Windows\System\wnKvlDx.exe
  C:\Windows\System\wnKvlDx.exe
  2⤵
  PID:5872
- C:\Windows\System\EvJuiqz.exe
  C:\Windows\System\EvJuiqz.exe
  2⤵
  PID:5924
- C:\Windows\System\ebQZxcn.exe
  C:\Windows\System\ebQZxcn.exe
  2⤵
  PID:10712
- C:\Windows\System\ZsANHXs.exe
  C:\Windows\System\ZsANHXs.exe
  2⤵
  PID:7300
- C:\Windows\System\LNtTtOk.exe
  C:\Windows\System\LNtTtOk.exe
  2⤵
  PID:452
- C:\Windows\System\MOXGEYh.exe
  C:\Windows\System\MOXGEYh.exe
  2⤵
  PID:8992
- C:\Windows\System\HkEgcBk.exe
  C:\Windows\System\HkEgcBk.exe
  2⤵
  PID:5304
- C:\Windows\System\LIPJkvD.exe
  C:\Windows\System\LIPJkvD.exe
  2⤵
  PID:5416
- C:\Windows\System\KETcyYb.exe
  C:\Windows\System\KETcyYb.exe
  2⤵
  PID:5504
- C:\Windows\System\UbFDkHO.exe
  C:\Windows\System\UbFDkHO.exe
  2⤵
  PID:13676
- C:\Windows\System\OluFgvG.exe
  C:\Windows\System\OluFgvG.exe
  2⤵
  PID:5452
- C:\Windows\System\wZyHSrg.exe
  C:\Windows\System\wZyHSrg.exe
  2⤵
  PID:3488
- C:\Windows\System\eNvJuxj.exe
  C:\Windows\System\eNvJuxj.exe
  2⤵
  PID:6192
- C:\Windows\System\NCafHLh.exe
  C:\Windows\System\NCafHLh.exe
  2⤵
  PID:6224
- C:\Windows\System\eanhpJr.exe
  C:\Windows\System\eanhpJr.exe
  2⤵
  PID:5616
- C:\Windows\System\TubqDdS.exe
  C:\Windows\System\TubqDdS.exe
  2⤵
  PID:6264
- C:\Windows\System\eKwHsAv.exe
  C:\Windows\System\eKwHsAv.exe
  2⤵
  PID:14352
- C:\Windows\System\dhvkDra.exe
  C:\Windows\System\dhvkDra.exe
  2⤵
  PID:14380
- C:\Windows\System\ieeomaC.exe
  C:\Windows\System\ieeomaC.exe
  2⤵
  PID:14408
- C:\Windows\System\vJvGcka.exe
  C:\Windows\System\vJvGcka.exe
  2⤵
  PID:14436
- C:\Windows\System\MdGZRzg.exe
  C:\Windows\System\MdGZRzg.exe
  2⤵
  PID:14464
- C:\Windows\System\YlyyaUI.exe
  C:\Windows\System\YlyyaUI.exe
  2⤵
  PID:14496
- C:\Windows\System\BgSrrdl.exe
  C:\Windows\System\BgSrrdl.exe
  2⤵
  PID:14524
- C:\Windows\System\DiBWOjg.exe
  C:\Windows\System\DiBWOjg.exe
  2⤵
  PID:14552
- C:\Windows\System\tTrvWTF.exe
  C:\Windows\System\tTrvWTF.exe
  2⤵
  PID:14580
- C:\Windows\System\eGXcLLQ.exe
  C:\Windows\System\eGXcLLQ.exe
  2⤵
  PID:14608
- C:\Windows\System\GYmQosl.exe
  C:\Windows\System\GYmQosl.exe
  2⤵
  PID:14636
- C:\Windows\System\sSzhwXQ.exe
  C:\Windows\System\sSzhwXQ.exe
  2⤵
  PID:14664
- C:\Windows\System\Oxqbcmb.exe
  C:\Windows\System\Oxqbcmb.exe
  2⤵
  PID:14692
- C:\Windows\System\zSkUOZx.exe
  C:\Windows\System\zSkUOZx.exe
  2⤵
  PID:14720
- C:\Windows\System\rNFMuIT.exe
  C:\Windows\System\rNFMuIT.exe
  2⤵
  PID:14748
- C:\Windows\System\QNwOUWn.exe
  C:\Windows\System\QNwOUWn.exe
  2⤵
  PID:14776
- C:\Windows\System\IIdDWDj.exe
  C:\Windows\System\IIdDWDj.exe
  2⤵
  PID:14804
- C:\Windows\System\slvZqXe.exe
  C:\Windows\System\slvZqXe.exe
  2⤵
  PID:14832
- C:\Windows\System\UHtUFCx.exe
  C:\Windows\System\UHtUFCx.exe
  2⤵
  PID:14860
- C:\Windows\System\ZDJpMtB.exe
  C:\Windows\System\ZDJpMtB.exe
  2⤵
  PID:14888
- C:\Windows\System\tyIoFuS.exe
  C:\Windows\System\tyIoFuS.exe
  2⤵
  PID:14928
- C:\Windows\System\JaDVWhc.exe
  C:\Windows\System\JaDVWhc.exe
  2⤵
  PID:14944
- C:\Windows\System\xUbVVgE.exe
  C:\Windows\System\xUbVVgE.exe
  2⤵
  PID:14972
- C:\Windows\System\EVdGiSP.exe
  C:\Windows\System\EVdGiSP.exe
  2⤵
  PID:15000
- C:\Windows\System\muqrWXp.exe
  C:\Windows\System\muqrWXp.exe
  2⤵
  PID:15028
- C:\Windows\System\vUePcHI.exe
  C:\Windows\System\vUePcHI.exe
  2⤵
  PID:15056
- C:\Windows\System\aZvQSMu.exe
  C:\Windows\System\aZvQSMu.exe
  2⤵
  PID:15084
- C:\Windows\System\OXOJwlB.exe
  C:\Windows\System\OXOJwlB.exe
  2⤵
  PID:15112
- C:\Windows\System\TongLql.exe
  C:\Windows\System\TongLql.exe
  2⤵
  PID:15140
- C:\Windows\System\KOZjAhs.exe
  C:\Windows\System\KOZjAhs.exe
  2⤵
  PID:15168
- C:\Windows\System\YTSLplT.exe
  C:\Windows\System\YTSLplT.exe
  2⤵
  PID:15196
- C:\Windows\System\gCOqRtf.exe
  C:\Windows\System\gCOqRtf.exe
  2⤵
  PID:15228
- C:\Windows\System\IPFYOPs.exe
  C:\Windows\System\IPFYOPs.exe
  2⤵
  PID:15256
- C:\Windows\System\eKANGli.exe
  C:\Windows\System\eKANGli.exe
  2⤵
  PID:15284
- C:\Windows\System\otyhRNF.exe
  C:\Windows\System\otyhRNF.exe
  2⤵
  PID:15316
- C:\Windows\System\Nsevqcu.exe
  C:\Windows\System\Nsevqcu.exe
  2⤵
  PID:15340
- C:\Windows\System\UYWiaUQ.exe
  C:\Windows\System\UYWiaUQ.exe
  2⤵
  PID:6304
- C:\Windows\System\QYZkShI.exe
  C:\Windows\System\QYZkShI.exe
  2⤵
  PID:6336
- C:\Windows\System\lgVwamq.exe
  C:\Windows\System\lgVwamq.exe
  2⤵
  PID:14448
- C:\Windows\System\BHnmxgu.exe
  C:\Windows\System\BHnmxgu.exe
  2⤵
  PID:14492
- C:\Windows\System\ZLqrhNx.exe
  C:\Windows\System\ZLqrhNx.exe
  2⤵
  PID:6412
- C:\Windows\System\YmLzVMt.exe
  C:\Windows\System\YmLzVMt.exe
  2⤵
  PID:14576
- C:\Windows\System\rqAonWU.exe
  C:\Windows\System\rqAonWU.exe
  2⤵
  PID:14632
- C:\Windows\System\xMLAMXa.exe
  C:\Windows\System\xMLAMXa.exe
  2⤵
  PID:14688
- C:\Windows\System\xBZheqI.exe
  C:\Windows\System\xBZheqI.exe
  2⤵
  PID:14740
- C:\Windows\System\PHkJKKa.exe
  C:\Windows\System\PHkJKKa.exe
  2⤵
  PID:14788
- C:\Windows\System\qLblwcn.exe
  C:\Windows\System\qLblwcn.exe
  2⤵
  PID:6580
- C:\Windows\System\RWQmXSd.exe
  C:\Windows\System\RWQmXSd.exe
  2⤵
  PID:14900
- C:\Windows\System\IvmCZKN.exe
  C:\Windows\System\IvmCZKN.exe
  2⤵
  PID:6640
- C:\Windows\System\SxsZFkd.exe
  C:\Windows\System\SxsZFkd.exe
  2⤵
  PID:14964
- C:\Windows\System\uzlCTNb.exe
  C:\Windows\System\uzlCTNb.exe
  2⤵
  PID:6720
- C:\Windows\System\jKByVns.exe
  C:\Windows\System\jKByVns.exe
  2⤵
  PID:15052
- C:\Windows\System\UFivoNd.exe
  C:\Windows\System\UFivoNd.exe
  2⤵
  PID:15124
- C:\Windows\System\ZpYruAm.exe
  C:\Windows\System\ZpYruAm.exe
  2⤵
  PID:8408
- C:\Windows\System\PwJmVKN.exe
  C:\Windows\System\PwJmVKN.exe
  2⤵
  PID:15248
- C:\Windows\System\rRuAEgy.exe
  C:\Windows\System\rRuAEgy.exe
  2⤵
  PID:15308
- C:\Windows\System\jQmGJqT.exe
  C:\Windows\System\jQmGJqT.exe
  2⤵
  PID:14364
- C:\Windows\System\RYxFleB.exe
  C:\Windows\System\RYxFleB.exe
  2⤵
  PID:14480
- C:\Windows\System\AMpRCKO.exe
  C:\Windows\System\AMpRCKO.exe
  2⤵
  PID:14592
- C:\Windows\System\RERnaWT.exe
  C:\Windows\System\RERnaWT.exe
  2⤵
  PID:7032
- C:\Windows\System\quIygbN.exe
  C:\Windows\System\quIygbN.exe
  2⤵
  PID:14768
- C:\Windows\System\nWTPBDz.exe
  C:\Windows\System\nWTPBDz.exe
  2⤵
  PID:14856
- C:\Windows\System\IdSgbMA.exe
  C:\Windows\System\IdSgbMA.exe
  2⤵
  PID:6656
- C:\Windows\System\pndpYEJ.exe
  C:\Windows\System\pndpYEJ.exe
  2⤵
  PID:15012
- C:\Windows\System\jpOfHjI.exe
  C:\Windows\System\jpOfHjI.exe
  2⤵
  PID:15152
- C:\Windows\System\eLbUvNr.exe
  C:\Windows\System\eLbUvNr.exe
  2⤵
  PID:15296
- C:\Windows\System\UCDCVvW.exe
  C:\Windows\System\UCDCVvW.exe
  2⤵
  PID:14472
- C:\Windows\System\GanTRzn.exe
  C:\Windows\System\GanTRzn.exe
  2⤵
  PID:6488
- C:\Windows\System\zvfRYVQ.exe
  C:\Windows\System\zvfRYVQ.exe
  2⤵
  PID:9540
- C:\Windows\System\RWRjbjV.exe
  C:\Windows\System\RWRjbjV.exe
  2⤵
  PID:7408
- C:\Windows\System\HOlMxlm.exe
  C:\Windows\System\HOlMxlm.exe
  2⤵
  PID:15276
- C:\Windows\System\sRjUBGJ.exe
  C:\Windows\System\sRjUBGJ.exe
  2⤵
  PID:6632
- C:\Windows\System\rgGKRpQ.exe
  C:\Windows\System\rgGKRpQ.exe
  2⤵
  PID:14956
- C:\Windows\System\roxouTM.exe
  C:\Windows\System\roxouTM.exe
  2⤵
  PID:15240
- C:\Windows\System\xCpoDSw.exe
  C:\Windows\System\xCpoDSw.exe
  2⤵
  PID:4172
- C:\Windows\System\oHfhFBj.exe
  C:\Windows\System\oHfhFBj.exe
  2⤵
  PID:7040
- C:\Windows\System\NuxsPYt.exe
  C:\Windows\System\NuxsPYt.exe
  2⤵
  PID:14432
- C:\Windows\System\qmIOfgh.exe
  C:\Windows\System\qmIOfgh.exe
  2⤵
  PID:14572
- C:\Windows\System\jZVqBYC.exe
  C:\Windows\System\jZVqBYC.exe
  2⤵
  PID:15388
- C:\Windows\System\tPkfIOf.exe
  C:\Windows\System\tPkfIOf.exe
  2⤵
  PID:15416
- C:\Windows\System\AUwkZUv.exe
  C:\Windows\System\AUwkZUv.exe
  2⤵
  PID:15444
- C:\Windows\System\SRaYVve.exe
  C:\Windows\System\SRaYVve.exe
  2⤵
  PID:15472
- C:\Windows\System\HoqJflW.exe
  C:\Windows\System\HoqJflW.exe
  2⤵
  PID:15500
- C:\Windows\System\bNKoiKt.exe
  C:\Windows\System\bNKoiKt.exe
  2⤵
  PID:15532
- C:\Windows\System\HVLFudq.exe
  C:\Windows\System\HVLFudq.exe
  2⤵
  PID:15560
- C:\Windows\System\cNqscao.exe
  C:\Windows\System\cNqscao.exe
  2⤵
  PID:15588
- C:\Windows\System\ViWbTUz.exe
  C:\Windows\System\ViWbTUz.exe
  2⤵
  PID:15616
- C:\Windows\System\AAkyWKE.exe
  C:\Windows\System\AAkyWKE.exe
  2⤵
  PID:15644
- C:\Windows\System\jNembYz.exe
  C:\Windows\System\jNembYz.exe
  2⤵
  PID:15672
- C:\Windows\System\mkUjQKG.exe
  C:\Windows\System\mkUjQKG.exe
  2⤵
  PID:15700
- C:\Windows\System\MjgDAQC.exe
  C:\Windows\System\MjgDAQC.exe
  2⤵
  PID:15728
- C:\Windows\System\UoayhjG.exe
  C:\Windows\System\UoayhjG.exe
  2⤵
  PID:15756
- C:\Windows\System\TKJoNSd.exe
  C:\Windows\System\TKJoNSd.exe
  2⤵
  PID:15784
- C:\Windows\System\JsPYQMs.exe
  C:\Windows\System\JsPYQMs.exe
  2⤵
  PID:15812
- C:\Windows\System\JOFNrBs.exe
  C:\Windows\System\JOFNrBs.exe
  2⤵
  PID:15840
- C:\Windows\System\LpvnVAZ.exe
  C:\Windows\System\LpvnVAZ.exe
  2⤵
  PID:15868
- C:\Windows\System\PHbuAPy.exe
  C:\Windows\System\PHbuAPy.exe
  2⤵
  PID:15896
- C:\Windows\System\WNlsKNJ.exe
  C:\Windows\System\WNlsKNJ.exe
  2⤵
  PID:15924
- C:\Windows\System\CCkOVRG.exe
  C:\Windows\System\CCkOVRG.exe
  2⤵
  PID:15952
- C:\Windows\System\iShqalf.exe
  C:\Windows\System\iShqalf.exe
  2⤵
  PID:15980
- C:\Windows\System\MGlTgKj.exe
  C:\Windows\System\MGlTgKj.exe
  2⤵
  PID:16008
- C:\Windows\System\kxnnvdx.exe
  C:\Windows\System\kxnnvdx.exe
  2⤵
  PID:16036
- C:\Windows\System\cAeORRd.exe
  C:\Windows\System\cAeORRd.exe
  2⤵
  PID:16064
- C:\Windows\System\WPeNtSM.exe
  C:\Windows\System\WPeNtSM.exe
  2⤵
  PID:16092
- C:\Windows\System\caqTSmm.exe
  C:\Windows\System\caqTSmm.exe
  2⤵
  PID:16120
- C:\Windows\System\DIihOcd.exe
  C:\Windows\System\DIihOcd.exe
  2⤵
  PID:16160
- C:\Windows\System\kDZPNEK.exe
  C:\Windows\System\kDZPNEK.exe
  2⤵
  PID:16176
- C:\Windows\System\SQBAXEv.exe
  C:\Windows\System\SQBAXEv.exe
  2⤵
  PID:16204
- C:\Windows\System\sfYaZHT.exe
  C:\Windows\System\sfYaZHT.exe
  2⤵
  PID:16232
- C:\Windows\System\fJFsKNY.exe
  C:\Windows\System\fJFsKNY.exe
  2⤵
  PID:16264
- C:\Windows\System\GkChrKP.exe
  C:\Windows\System\GkChrKP.exe
  2⤵
  PID:16292
- C:\Windows\System\czmFtaY.exe
  C:\Windows\System\czmFtaY.exe
  2⤵
  PID:16328
- C:\Windows\System\aQQqMMB.exe
  C:\Windows\System\aQQqMMB.exe
  2⤵
  PID:16348
- C:\Windows\System\LDUnZmp.exe
  C:\Windows\System\LDUnZmp.exe
  2⤵
  PID:15372
- C:\Windows\System\NCpKGXC.exe
  C:\Windows\System\NCpKGXC.exe
  2⤵
  PID:15436
- C:\Windows\System\DgpIOOw.exe
  C:\Windows\System\DgpIOOw.exe
  2⤵
  PID:9960
- C:\Windows\System\ELPKMMs.exe
  C:\Windows\System\ELPKMMs.exe
  2⤵
  PID:15556
- C:\Windows\System\LgexDuf.exe
  C:\Windows\System\LgexDuf.exe
  2⤵
  PID:15628
- C:\Windows\System\DkhZBWO.exe
  C:\Windows\System\DkhZBWO.exe
  2⤵
  PID:15692
- C:\Windows\System\uNCUxyM.exe
  C:\Windows\System\uNCUxyM.exe
  2⤵
  PID:15752
- C:\Windows\System\oFfiXyU.exe
  C:\Windows\System\oFfiXyU.exe
  2⤵
  PID:15808
- C:\Windows\System\WkxXDBT.exe
  C:\Windows\System\WkxXDBT.exe
  2⤵
  PID:15880
- C:\Windows\System\EOwBqVt.exe
  C:\Windows\System\EOwBqVt.exe
  2⤵
  PID:15944
- C:\Windows\System\rzahAIe.exe
  C:\Windows\System\rzahAIe.exe
  2⤵
  PID:16004
- C:\Windows\System\yhezqtS.exe
  C:\Windows\System\yhezqtS.exe
  2⤵
  PID:16076
- C:\Windows\System\iatGmYF.exe
  C:\Windows\System\iatGmYF.exe
  2⤵
  PID:16140
- C:\Windows\System\UpQNNVU.exe
  C:\Windows\System\UpQNNVU.exe
  2⤵
  PID:16172
- C:\Windows\System\KOrgSnu.exe
  C:\Windows\System\KOrgSnu.exe
  2⤵
  PID:16228
- C:\Windows\System\dJTrJYh.exe
  C:\Windows\System\dJTrJYh.exe
  2⤵
  PID:7528
- C:\Windows\System\CkEfUHr.exe
  C:\Windows\System\CkEfUHr.exe
  2⤵
  PID:16336
- C:\Windows\System\uYlPZtY.exe
  C:\Windows\System\uYlPZtY.exe
  2⤵
  PID:7584
- C:\Windows\System\JHNZppM.exe
  C:\Windows\System\JHNZppM.exe
  2⤵
  PID:6984
- C:\Windows\System\sxAvkXF.exe
  C:\Windows\System\sxAvkXF.exe
  2⤵
  PID:7632
- C:\Windows\System\AhFxXxr.exe
  C:\Windows\System\AhFxXxr.exe
  2⤵
  PID:15552
- C:\Windows\System\vsuyWnb.exe
  C:\Windows\System\vsuyWnb.exe
  2⤵
  PID:15668
- C:\Windows\System\jSqTymY.exe
  C:\Windows\System\jSqTymY.exe
  2⤵
  PID:15776
- C:\Windows\System\mVGbDZC.exe
  C:\Windows\System\mVGbDZC.exe
  2⤵
  PID:7776
- C:\Windows\System\jZXQyjj.exe
  C:\Windows\System\jZXQyjj.exe
  2⤵
  PID:7804
- C:\Windows\System\POlwDwB.exe
  C:\Windows\System\POlwDwB.exe
  2⤵
  PID:16104
- C:\Windows\System\SlmiFJG.exe
  C:\Windows\System\SlmiFJG.exe
  2⤵
  PID:7904
- C:\Windows\System\TFIWnCu.exe
  C:\Windows\System\TFIWnCu.exe
  2⤵
  PID:16224
- C:\Windows\System\CyixUTK.exe
  C:\Windows\System\CyixUTK.exe
  2⤵
  PID:7944
- C:\Windows\System\daPtcTt.exe
  C:\Windows\System\daPtcTt.exe
  2⤵
  PID:16260
- C:\Windows\System\uuwAcXR.exe
  C:\Windows\System\uuwAcXR.exe
  2⤵
  PID:8000
- C:\Windows\System\UStUsKL.exe
  C:\Windows\System\UStUsKL.exe
  2⤵
  PID:15544
- C:\Windows\System\brOyZAv.exe
  C:\Windows\System\brOyZAv.exe
  2⤵
  PID:15908
- C:\Windows\System\qgfCzCe.exe
  C:\Windows\System\qgfCzCe.exe
  2⤵
  PID:16032
- C:\Windows\System\VcAhCea.exe
  C:\Windows\System\VcAhCea.exe
  2⤵
  PID:7396
- C:\Windows\System\NzylkBA.exe
  C:\Windows\System\NzylkBA.exe
  2⤵
  PID:16288
- C:\Windows\System\JosdMxB.exe
  C:\Windows\System\JosdMxB.exe
  2⤵
  PID:7596
- C:\Windows\System\uxLLUDG.exe
  C:\Windows\System\uxLLUDG.exe
  2⤵
  PID:8028
- C:\Windows\System\HFrJoaW.exe
  C:\Windows\System\HFrJoaW.exe
  2⤵
  PID:9768
- C:\Windows\System\SqxIKYv.exe
  C:\Windows\System\SqxIKYv.exe
  2⤵
  PID:8148
- C:\Windows\System\GvztYfL.exe
  C:\Windows\System\GvztYfL.exe
  2⤵
  PID:7252
- C:\Windows\System\AHOrzdw.exe
  C:\Windows\System\AHOrzdw.exe
  2⤵
  PID:4184
- C:\Windows\System\XihZgcc.exe
  C:\Windows\System\XihZgcc.exe
  2⤵
  PID:16344
- C:\Windows\System\oXuixdv.exe
  C:\Windows\System\oXuixdv.exe
  2⤵
  PID:3008
- C:\Windows\System\JovViBr.exe
  C:\Windows\System\JovViBr.exe
  2⤵
  PID:7496
- C:\Windows\System\tBUtAjg.exe
  C:\Windows\System\tBUtAjg.exe
  2⤵
  PID:15748
- C:\Windows\System\xGojqYc.exe
  C:\Windows\System\xGojqYc.exe
  2⤵
  PID:5552
- C:\Windows\System\XSoNJmC.exe
  C:\Windows\System\XSoNJmC.exe
  2⤵
  PID:15936
- C:\Windows\System\EPyOdNe.exe
  C:\Windows\System\EPyOdNe.exe
  2⤵
  PID:7376
- C:\Windows\System\WSQEgbN.exe
  C:\Windows\System\WSQEgbN.exe
  2⤵
  PID:7184
- C:\Windows\System\JhodWcB.exe
  C:\Windows\System\JhodWcB.exe
  2⤵
  PID:1628
- C:\Windows\System\CLKfSiq.exe
  C:\Windows\System\CLKfSiq.exe
  2⤵
  PID:7640
- C:\Windows\System\kkboGvN.exe
  C:\Windows\System\kkboGvN.exe
  2⤵
  PID:4048
- C:\Windows\System\zYccFgp.exe
  C:\Windows\System\zYccFgp.exe
  2⤵
  PID:7820
- C:\Windows\System\pLVguFX.exe
  C:\Windows\System\pLVguFX.exe
  2⤵
  PID:7892
- C:\Windows\System\vqElftt.exe
  C:\Windows\System\vqElftt.exe
  2⤵
  PID:6648
- C:\Windows\System\irGICEF.exe
  C:\Windows\System\irGICEF.exe
  2⤵
  PID:8008
- C:\Windows\System\qwZrdfi.exe
  C:\Windows\System\qwZrdfi.exe
  2⤵
  PID:3884
- C:\Windows\System\AemWawj.exe
  C:\Windows\System\AemWawj.exe
  2⤵
  PID:8144
- C:\Windows\System\RANKuqB.exe
  C:\Windows\System\RANKuqB.exe
  2⤵
  PID:6140
- C:\Windows\System\WxbEWIo.exe
  C:\Windows\System\WxbEWIo.exe
  2⤵
  PID:10048
- C:\Windows\System\LaiuUOJ.exe
  C:\Windows\System\LaiuUOJ.exe
  2⤵
  PID:10228
- C:\Windows\System\rHRpShl.exe
  C:\Windows\System\rHRpShl.exe
  2⤵
  PID:7864
- C:\Windows\System\VTmarsx.exe
  C:\Windows\System\VTmarsx.exe
  2⤵
  PID:8012
- C:\Windows\System\irhRUVB.exe
  C:\Windows\System\irhRUVB.exe
  2⤵
  PID:7816
- C:\Windows\System\UjfQNYZ.exe
  C:\Windows\System\UjfQNYZ.exe
  2⤵
  PID:4752
- C:\Windows\System\xrDrMiw.exe
  C:\Windows\System\xrDrMiw.exe
  2⤵
  PID:3432
- C:\Windows\System\wfGuNUO.exe
  C:\Windows\System\wfGuNUO.exe
  2⤵
  PID:8264
- C:\Windows\System\EXQCRxp.exe
  C:\Windows\System\EXQCRxp.exe
  2⤵
  PID:10104
- C:\Windows\System\OhBBZEJ.exe
  C:\Windows\System\OhBBZEJ.exe
  2⤵
  PID:7924
- C:\Windows\System\PxSkqdf.exe
  C:\Windows\System\PxSkqdf.exe
  2⤵
  PID:10328
- C:\Windows\System\jqrOLXP.exe
  C:\Windows\System\jqrOLXP.exe
  2⤵
  PID:7324
- C:\Windows\System\AcpoSwW.exe
  C:\Windows\System\AcpoSwW.exe
  2⤵
  PID:9936
- C:\Windows\System\izByURU.exe
  C:\Windows\System\izByURU.exe
  2⤵
  PID:8476
- C:\Windows\System\jwzYMgq.exe
  C:\Windows\System\jwzYMgq.exe
  2⤵
  PID:10468
- C:\Windows\System\hUOglhO.exe
  C:\Windows\System\hUOglhO.exe
  2⤵
  PID:8504
- C:\Windows\System\ANHgPzq.exe
  C:\Windows\System\ANHgPzq.exe
  2⤵
  PID:8348
- C:\Windows\System\lJMkFls.exe
  C:\Windows\System\lJMkFls.exe
  2⤵
  PID:10548
- C:\Windows\System\ZxICypf.exe
  C:\Windows\System\ZxICypf.exe
  2⤵
  PID:3152
- C:\Windows\System\zYXzxYb.exe
  C:\Windows\System\zYXzxYb.exe
  2⤵
  PID:8252
- C:\Windows\System\OstsZkQ.exe
  C:\Windows\System\OstsZkQ.exe
  2⤵
  PID:8544
- C:\Windows\System\tOOVxdj.exe
  C:\Windows\System\tOOVxdj.exe
  2⤵
  PID:8532
- C:\Windows\System\hmAItxI.exe
  C:\Windows\System\hmAItxI.exe
  2⤵
  PID:10560
- C:\Windows\System\CaAuhVd.exe
  C:\Windows\System\CaAuhVd.exe
  2⤵
  PID:8656
- C:\Windows\System\XpXNrAw.exe
  C:\Windows\System\XpXNrAw.exe
  2⤵
  PID:10648
- C:\Windows\System\eQEvaqU.exe
  C:\Windows\System\eQEvaqU.exe
  2⤵
  PID:8580
- C:\Windows\System\FUOnDYd.exe
  C:\Windows\System\FUOnDYd.exe
  2⤵
  PID:10888
- C:\Windows\System\ASVkXlU.exe
  C:\Windows\System\ASVkXlU.exe
  2⤵
  PID:8936
- C:\Windows\System\XSVolsB.exe
  C:\Windows\System\XSVolsB.exe
  2⤵
  PID:10820
- C:\Windows\System\aYBXAur.exe
  C:\Windows\System\aYBXAur.exe
  2⤵
  PID:10868
- C:\Windows\System\YCOLfWk.exe
  C:\Windows\System\YCOLfWk.exe
  2⤵
  PID:11068
- C:\Windows\System\lsQZqxJ.exe
  C:\Windows\System\lsQZqxJ.exe
  2⤵
  PID:10908
- C:\Windows\System\ExHKOXb.exe
  C:\Windows\System\ExHKOXb.exe
  2⤵
  PID:8952
- C:\Windows\System\HKvbwom.exe
  C:\Windows\System\HKvbwom.exe
  2⤵
  PID:9092
- C:\Windows\System\cmTqgCe.exe
  C:\Windows\System\cmTqgCe.exe
  2⤵
  PID:8600
- C:\Windows\System\gCSVYmR.exe
  C:\Windows\System\gCSVYmR.exe
  2⤵
  PID:8988
- C:\Windows\System\eiIZMoG.exe
  C:\Windows\System\eiIZMoG.exe
  2⤵
  PID:10916
- C:\Windows\System\AvIXNSC.exe
  C:\Windows\System\AvIXNSC.exe
  2⤵
  PID:10480
- C:\Windows\System\kHOYIuU.exe
  C:\Windows\System\kHOYIuU.exe
  2⤵
  PID:11224
- C:\Windows\System\DcqfvzZ.exe
  C:\Windows\System\DcqfvzZ.exe
  2⤵
  PID:10288
- C:\Windows\System\HoAizuR.exe
  C:\Windows\System\HoAizuR.exe
  2⤵
  PID:8980
- C:\Windows\System\BFNGUGn.exe
  C:\Windows\System\BFNGUGn.exe
  2⤵
  PID:8712
- C:\Windows\System\Wgkdnnh.exe
  C:\Windows\System\Wgkdnnh.exe
  2⤵
  PID:10832
- C:\Windows\System\CLNZChp.exe
  C:\Windows\System\CLNZChp.exe
  2⤵
  PID:1584
- C:\Windows\System\BBOPyoc.exe
  C:\Windows\System\BBOPyoc.exe
  2⤵
  PID:10664
- C:\Windows\System\uKvecjU.exe
  C:\Windows\System\uKvecjU.exe
  2⤵
  PID:1048
- C:\Windows\System\fjTKxRz.exe
  C:\Windows\System\fjTKxRz.exe
  2⤵
  PID:10836
- C:\Windows\System\UEFdyxm.exe
  C:\Windows\System\UEFdyxm.exe
  2⤵
  PID:8496
- C:\Windows\System\dPrFjHD.exe
  C:\Windows\System\dPrFjHD.exe
  2⤵
  PID:8588
- C:\Windows\System\pTRbapn.exe
  C:\Windows\System\pTRbapn.exe
  2⤵
  PID:10260
- C:\Windows\System\eqEwIMn.exe
  C:\Windows\System\eqEwIMn.exe
  2⤵
  PID:8468
- C:\Windows\System\PHWqpns.exe
  C:\Windows\System\PHWqpns.exe
  2⤵
  PID:8700
- C:\Windows\System\MKBZlVy.exe
  C:\Windows\System\MKBZlVy.exe
  2⤵
  PID:8556
- C:\Windows\System\BoglddZ.exe
  C:\Windows\System\BoglddZ.exe
  2⤵
  PID:7900
- C:\Windows\System\KczlkQG.exe
  C:\Windows\System\KczlkQG.exe
  2⤵
  PID:8668
- C:\Windows\System\HvGFpMO.exe
  C:\Windows\System\HvGFpMO.exe
  2⤵
  PID:1924
- C:\Windows\System\EyArZCY.exe
  C:\Windows\System\EyArZCY.exe
  2⤵
  PID:9004
- C:\Windows\System\VlyPOaK.exe
  C:\Windows\System\VlyPOaK.exe
  2⤵
  PID:4892
- C:\Windows\System\WYHASgw.exe
  C:\Windows\System\WYHASgw.exe
  2⤵
  PID:8776
- C:\Windows\System\HLCXXon.exe
  C:\Windows\System\HLCXXon.exe
  2⤵
  PID:9196
- C:\Windows\System\imeSlPL.exe
  C:\Windows\System\imeSlPL.exe
  2⤵
  PID:9032
- C:\Windows\System\ZKgEnLo.exe
  C:\Windows\System\ZKgEnLo.exe
  2⤵
  PID:11440
- C:\Windows\System\abjJYRP.exe
  C:\Windows\System\abjJYRP.exe
  2⤵
  PID:11468
- C:\Windows\System\kwynRQR.exe
  C:\Windows\System\kwynRQR.exe
  2⤵
  PID:11504
- C:\Windows\System\cWaiwiA.exe
  C:\Windows\System\cWaiwiA.exe
  2⤵
  PID:11592
- C:\Windows\System\FeIrRyd.exe
  C:\Windows\System\FeIrRyd.exe
  2⤵
  PID:3652
- C:\Windows\System\IXWqWhK.exe
  C:\Windows\System\IXWqWhK.exe
  2⤵
  PID:10704
- C:\Windows\System\yLiXSlE.exe
  C:\Windows\System\yLiXSlE.exe
  2⤵
  PID:11572
- C:\Windows\System\INryHrj.exe
  C:\Windows\System\INryHrj.exe
  2⤵
  PID:396
- C:\Windows\System\nzILoRD.exe
  C:\Windows\System\nzILoRD.exe
  2⤵
  PID:8984
- C:\Windows\System\EnzyWYi.exe
  C:\Windows\System\EnzyWYi.exe
  2⤵
  PID:9088
- C:\Windows\System\TpucBbh.exe
  C:\Windows\System\TpucBbh.exe
  2⤵
  PID:4212
- C:\Windows\System\zEJPRWV.exe
  C:\Windows\System\zEJPRWV.exe
  2⤵
  PID:11860
- C:\Windows\System\jUwphWN.exe
  C:\Windows\System\jUwphWN.exe
  2⤵
  PID:11732
- C:\Windows\System\hIaYMdj.exe
  C:\Windows\System\hIaYMdj.exe
  2⤵
  PID:11788
- C:\Windows\System\kCKVRCn.exe
  C:\Windows\System\kCKVRCn.exe
  2⤵
  PID:1376
- C:\Windows\System\oThZlsw.exe
  C:\Windows\System\oThZlsw.exe
  2⤵
  PID:8968
- C:\Windows\System\FoxZzss.exe
  C:\Windows\System\FoxZzss.exe
  2⤵
  PID:1904
- C:\Windows\System\VCXSEmN.exe
  C:\Windows\System\VCXSEmN.exe
  2⤵
  PID:9332
- C:\Windows\System\yiSMsby.exe
  C:\Windows\System\yiSMsby.exe
  2⤵
  PID:8888
- C:\Windows\System\fSQcXdl.exe
  C:\Windows\System\fSQcXdl.exe
  2⤵
  PID:9304
- C:\Windows\System\HUyRECu.exe
  C:\Windows\System\HUyRECu.exe
  2⤵
  PID:9396
- C:\Windows\System\AbgDRqu.exe
  C:\Windows\System\AbgDRqu.exe
  2⤵
  PID:756
- C:\Windows\System\ifBOzkG.exe
  C:\Windows\System\ifBOzkG.exe
  2⤵
  PID:12056
- C:\Windows\System\uitXZgY.exe
  C:\Windows\System\uitXZgY.exe
  2⤵
  PID:12032
- C:\Windows\System\WSjMHbe.exe
  C:\Windows\System\WSjMHbe.exe
  2⤵
  PID:9116
- C:\Windows\System\SSeSvcX.exe
  C:\Windows\System\SSeSvcX.exe
  2⤵
  PID:12180
- C:\Windows\System\mHgJkQY.exe
  C:\Windows\System\mHgJkQY.exe
  2⤵
  PID:12116
- C:\Windows\System\zrceTZW.exe
  C:\Windows\System\zrceTZW.exe
  2⤵
  PID:11880
- C:\Windows\System\KzNdqPL.exe
  C:\Windows\System\KzNdqPL.exe
  2⤵
  PID:9512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AgCXCQz.exe

Filesize
6.0MB

MD5
c1192dddff018760c0d85eccaeb2514f

SHA1
13b66919944fce8c164b9c54f1c6dcaf83c5aa9b

SHA256
30ee98650aa41d822d36036419a1b65c678ba3ca8439df9f6fe0c0ddb55d4a5d

SHA512
12d214256c1ca408eb1a67c623d26cd23aa0f057aeb72e5dae8e39ef07e16b03839c42a3d0238a4d2b7f0a9da06857249d55a8e5768e8d92ef1b5a314c15f716

Download Submit
C:\Windows\System\BZIeERU.exe

Filesize
6.0MB

MD5
c53bcb416276c457f54ed053c0cecb9a

SHA1
e910e2092b9790edcd1fc18cc8c4215b770e72e4

SHA256
d31e8d7a5e42e4ee5c4f7df662f165720b94b2ef32952e5786f9ce18705b59a4

SHA512
14ae5114c73836972e533c5ecacbb8511d57ce6d55cfc684356a1e1a6bfd17230f926a2bfc054532b9c51463329458ec436497768dabbab10b2395da30d47020

Download Submit
C:\Windows\System\BmwBTzQ.exe

Filesize
6.0MB

MD5
6d640252f8df8f17af7b8d860929c702

SHA1
ad362cdb31152b7e848cfb53f20a2713a95bba08

SHA256
a01453155092fe29668231700c31f87f0c16f2e39a192431826ca6e1f9d83932

SHA512
c29d09baf8f40f5aca9901a4601de37c04d03cd312769eacde019e737e2d70529d6cccbf65255becdbe32293ebe0b4c8ab7070ee46523dcb1df0fbd6003b00ce

Download Submit
C:\Windows\System\CQIPsNx.exe

Filesize
6.0MB

MD5
5eb761a1d308f81f28802a27437df9f7

SHA1
f51891e30c14d06d38406434ab845a2e1f4b67b6

SHA256
a4ab40c539bbed38e4bd96ce78aa4e0139d50928ec5838b1d24a424197d568f1

SHA512
ed437bfd068fb4a74041aa009c33e45012f5ae33d34a6a6c743f5c54cb36fb93dc25c79fb8a5fc5685808ec074f1fce7882a46ae88e02e2323354c93a4076fd0

Download Submit
C:\Windows\System\DgouqKy.exe

Filesize
6.0MB

MD5
5c1e582b56ebeb74ef8946891427a22f

SHA1
ce2ffd52de78b0794c3920dc540a4af3c431b77c

SHA256
70ea2d5aeb44344176098f90dd2a451b930af0ff328fe952b4d6bac584a4b5d2

SHA512
de07376e7d2a7717ca760c90e042368e3bc0868798cff1a762a5587f6847652212a53483d0814437f0cfe304dce38b7967cfd252e3ce3f756fe831f4fd1165e4

Download Submit
C:\Windows\System\EXqaooV.exe

Filesize
6.0MB

MD5
067ad5f9b507eccd0800b629de085209

SHA1
4ed938a24ed700c997e255acb279732760629e17

SHA256
992c34c404209f5f9bcf208a5edfff4f50cda929799b16f7d19de5ae6be6b1fd

SHA512
c6fa996cec7e810f102c2b70e4a80daf368ee41a6dee6fc1dd1443d2cbf95f8c098657004eb0ec844e39e78b26f083e68164f52c5427e5eb7043db5e42302da7

Download Submit
C:\Windows\System\GHrrNTC.exe

Filesize
6.0MB

MD5
e5bbd5e4a3a122271b51a03651f1f990

SHA1
a0fcfdae3cdab8d56709f376948fe3bef6575ec4

SHA256
83730061bf2cb11f0bd2d9045cfd296131f7f0e2b2c8fbec10fc8281372ab224

SHA512
c2cc164c98fabf5ee4da6cffa6ac09aacc3c10cf4dd3a17974f39fd519d7a22d84d777330a5d6c20cbe1274b68d64cb0509df7caec6083a9cefd718b697a6dd2

Download Submit
C:\Windows\System\KaWFNBH.exe

Filesize
6.0MB

MD5
856bed02b83b4e3dfcd1e63833cc6290

SHA1
a8ba2b1759e0bdffc6a82ca7cd90346ed6433b60

SHA256
eed889219e840914dd7d4460ed764844f62ba0730f2431f5359c5b9b217d774f

SHA512
2bf7ecedc7cfb22f8aad87677d5e27aa368f96df4e5accd306c2acdee7e2ee9cdff1405ec0812a98c5d69790ab1d5f7656a5dca3680c341b821cda73a27930a9

Download Submit
C:\Windows\System\LBcBaJw.exe

Filesize
6.0MB

MD5
094547a00de0db5ac13f48c764897d1f

SHA1
547ee4cc1e1f3f88d84f3ac5c8ce5f50451939c6

SHA256
86e4e82104dd9eb7467d823fcb1bc4adbb855ae87b675a57364cb6d324ab1e9c

SHA512
98b138f34aea840f12bf4937e460db019ee56f2c3621872ebbb7857756a74bb315e6bf583e4bf7b0b948027fda4ac86792aace15bd629a7aba7ed4f0585b005a

Download Submit
C:\Windows\System\NJrzlsE.exe

Filesize
6.0MB

MD5
45432ca08e3e29c45f6c5102b70fab91

SHA1
f65fef39b8dafa96f6180d1e5a5f6b12fba2c007

SHA256
d963ed4a8fad029cf86b4e84371f8c042493de72ff641d5413959b8a77f8cdaf

SHA512
609e7af5a44cc9d29a53ad5a223a6bc21d7112518bf046bd7cd342d719edd2204eba1f36d6f0f29cf50e37dacd72958b3e6246ac744df33333295da96e784967

Download Submit
C:\Windows\System\NsFJYtI.exe

Filesize
6.0MB

MD5
db38a86fed8c8e92ce5c7b82a923ee07

SHA1
0a311ca1cdd526f5ca2698d51cc4c11a0cf9bd01

SHA256
51aa74ba4c2bae37244bf7fc621d2517cd63926877d4b3895a4049a15353df78

SHA512
eaaae09fade90dbfeff86bd12fac3556ed48feb6e4546ff1f9f49b57f33d473d21ebb1c1760a8460bae890deb76716342042291f0cb79b8d5232b6e0c54701a5

Download Submit
C:\Windows\System\PEgEZal.exe

Filesize
6.0MB

MD5
47fb3278cd676f5a94822f93ef7980ee

SHA1
f9a12a0fcea22b26df91a128c8ad37cb58c5d4ff

SHA256
e117b023c75fc35e55ab0350709d331baa16c94a0f55a1b0195e5e4c73748ded

SHA512
00b0c9bc95ea2194b3054455c26bb730731681f023ca12cd9deb5e211320d91f22464d13d257b018d608f06d6a7cc8d62b37a072813d3015cdb5468afa395690

Download Submit
C:\Windows\System\PUfunnW.exe

Filesize
6.0MB

MD5
e68f178125537c5bae87ea373147a8be

SHA1
02f1fe6336de3864437876f89239865b37d7bb77

SHA256
4e6b9e3fa09ca83f70f3e88283270822199854cefd0a961d8cdff3742e6d08c6

SHA512
73665989953dde65517ceda02d9de03343556255aa09401053a3638313280a8e7f849d9dd6e7a9c4afa0b41d4043fc384bc86d8a1e13e138784dcf03e481db76

Download Submit
C:\Windows\System\QbJmfzF.exe

Filesize
6.0MB

MD5
7eb9613d9649389c73ea195d28eac7ec

SHA1
1bd7813e461523606b5efa558ca0b41a63581bcc

SHA256
0bd2595343203dc4d1f17cc79e4f1186d531bb71380b4dca5f1820c20b6078b6

SHA512
c412121bb3b235973a8ee54a6b155685cae25b175dc1f549afc711c844dc2b1d2fe4e0193e5ba6089665fd927dd18878b70d2478bba99591d84401b7297f9e9d

Download Submit
C:\Windows\System\Vdzebxj.exe

Filesize
6.0MB

MD5
0230ca276cf08011d5b9ad88b5d9bde9

SHA1
2818e5bec00a98ea3befd3ddde735946221e5295

SHA256
e30b4a3c973cbf6cd84bb3922f9f637ee000bc62f074403ea222c99cc4cc1fbb

SHA512
b491ed88d8eccff51d4f6dcebf5ac6b98afbd94cbdf322dd94741769cdbcf4e44e5764250c85c7932cdade928050b3a56a7cb03f3101024aa99251bec0ac2985

Download Submit
C:\Windows\System\VzUwbzs.exe

Filesize
6.0MB

MD5
c0432b9dfdd70dca6dec178b398f7a18

SHA1
6e2c836c92cb13a5bee1ce647b2399d9b88fc212

SHA256
b7da1c69989c34d8d4ea52231ddb544e16d6a6d38ec49848f9fb9046fa60afd0

SHA512
c7ef13bd1eb4bebb13924140bcba8d8c29a8e3b755d6f0bb37acfb97d3507b7e19ff81710657f2e1244775e0a2d704da84e38b1130d45d4fee3cb0e5fb05daf3

Download Submit
C:\Windows\System\WCpDIzg.exe

Filesize
6.0MB

MD5
6180640435784e0d83b668648cd9111f

SHA1
4d769753a27c48dcd0647ff56dfb1c5be0685384

SHA256
6d17851ed6668bb2d3cced03778de6b4de5d47236789b5d403c46cc19b5ee746

SHA512
591edf4dc3e5760d88b99a5d04a8e85991a992c13feff01d8d0210fccb574e7c455eb744d27fb6947491bbf280746dc10f07e0020a64f5f1d34e00ab48cccf20

Download Submit
C:\Windows\System\WgiDesl.exe

Filesize
6.0MB

MD5
c3231825c04710651424940c729b137c

SHA1
3883d190a1d6256823cd2312f047e28b73f09099

SHA256
4bb7a982baa9018ba5303ef6a08af86afecf7d93bc3910ac52d996ed086683f7

SHA512
2c65947230657be280a97d570b7d52782a5de43fd2e0f1a627f10104ad2cfd974668b8e77a9e9cec733b1235855bfa1ab3c6b5be6a0c075022a6a123bd43c9bc

Download Submit
C:\Windows\System\YWPpovH.exe

Filesize
6.0MB

MD5
2d31c534664099396ff885e9b63bce54

SHA1
f1754f2ffb2b240b44496599be5d25b5f590a899

SHA256
d069dcd3e45d1d6444c1ca365baddbb73245a35372649f899a1b48849d5ac622

SHA512
4e8ec9ada55725a654c0c2a2d18cc0dbeeb2aa8eea64699e101eea4b3d9011b8e379505d3e272082cab6f9c97d9cecafb9b3ad2fb977e5f5045d12639ac55f36

Download Submit
C:\Windows\System\aGlYjDo.exe

Filesize
6.0MB

MD5
9dfe0141994322fb41a1b02e3ab30f6f

SHA1
2fc4fe2143cb704de8dc2d994b2164a4682a4269

SHA256
4784c9b9595a5e5b71308b44197a8e1dde0458e14ad9e82b61ef9398ca4fdffc

SHA512
87623894882902574e660cf403286c772f8e2ddfaf6146310a6948383a851095ad97c705d7a7916bf4d06a9e39d6d4b67848054fd5198f9e1d2b92b3dcec7a7f

Download Submit
C:\Windows\System\aNawzig.exe

Filesize
6.0MB

MD5
1a8fd7981ea263f4ae8f3ad59c842463

SHA1
0407d2f0aad0c117d73210be86990f815ea1cbbe

SHA256
a531ad857f97f60ca73b16e00860c32493a10d7d78dd6b068e43b095d7597aef

SHA512
d7114d56dba07f17669e4a209fc3f9f4edd29d6935d7bc0a01caef92bc118ee860bddb9717e510b924bb45fe884d67d40fba98adb7232410242ed31217bb7706

Download Submit
C:\Windows\System\cAFwHzs.exe

Filesize
6.0MB

MD5
96480edf968aa913dc600df59bcb4223

SHA1
d904427de2395b18eb44ae9d8c016fa2b0d0925c

SHA256
6fdf6a0ee17329f073e022bf37b897b7ff41ff1228c0ee56cd52e36c0ad6fe72

SHA512
ddde5f7835ac27a6cfe5a360a02b443d37bd08f5dc748d08822e01cb63eab72b6cf35515e693f4784a534a3e5534ef7ffd4b52eddbc32dd3f9de6a55a9788283

Download Submit
C:\Windows\System\dXdKCWr.exe

Filesize
6.0MB

MD5
9740a20ca787ffff501fba19cc86acdc

SHA1
5862717d21fb8571adefc69fbbc56e712a119b69

SHA256
58502de7d7e288bfb7df393ebed71c19cc41f0c9bc546a4a18967337d0a4ddd4

SHA512
4d0bfd802fd4e5edb59c3d41186486cb54afa301d503852e0ac12f0a387602a80ad5f231b92da96add9b80c322e1f1781a620b206d00a0361a7e63ec37146746

Download Submit
C:\Windows\System\iaQKJvP.exe

Filesize
6.0MB

MD5
ad7ed96f1d0903cb6b7216d0da07d19c

SHA1
7e575a413f1c8962d7730baa38b17b753f3994f6

SHA256
643d72402049038f5016a7ada3931565e1439c629a34125f64cd874249f4d36f

SHA512
3c0427fc8c24eb8ddcc452d4460bcc1fb9fec6c1c986a94ab31201a2838ed6e3d800daabbb96ad0506b869d4d3f4583cf75e9e9622608a7019b885c0d82cffe3

Download Submit
C:\Windows\System\ikUHEfL.exe

Filesize
6.0MB

MD5
35b20377755a30fa4215b08c16d79507

SHA1
f94cba105ef05e40e30a15db3a722456cd4b56ad

SHA256
7b3865ddf2c9ed96bee70e2bfca4e7a66579e340bc440ddfe474f23fd81a31b8

SHA512
55c38555b93d206c1c5bd12ca5d8a6c3b12e9e72ee6963066a0a68645542a4a2dbcbf20f739c7226ef1145100a44ad3584a7bdbc5867f09664545b10d370a2b5

Download Submit
C:\Windows\System\lNgtcZC.exe

Filesize
6.0MB

MD5
0a8ddabdff0099e81ea3d6e66166fb72

SHA1
2977ddb8b503f5cd8e9e22a8d5d56e2cbe767ca9

SHA256
06c41e02bcc662e8ac83e1607167d540a2dcab43520b06f72154f9c5e0f20737

SHA512
8bac140a55d92d04527daf8047d671ca6182c4be5b747c5473b7dd30461cc3870f381867ddbc58e33cd0f8a86beeff9474eb8b869168b8c15e22902ec6d6a2be

Download Submit
C:\Windows\System\nGmaRhL.exe

Filesize
6.0MB

MD5
4e76d0c0c8a4aa053642592b787c6673

SHA1
be189da353e9fc2444d76f15dfd1d9d4d2458867

SHA256
7ee0aaf9278787f40c3b060473562cb2048a2c6c65eedac62c4a1c2f811af37b

SHA512
abfb4e84471915fc77b52a341beec71e9f70f261ec78af555687b89446574ced9a2946d61f8c374e7a0facdbf123b833ebc1b6d5f68de6f07da5e0fcf8867e90

Download Submit
C:\Windows\System\oMAAbXn.exe

Filesize
6.0MB

MD5
250246b71bd29c03516adaee5781325a

SHA1
eefc186d601d58d7ebe2dd494606bdfcf3f78a2c

SHA256
82191c882e1d67dbdb88473703ce567edde6a188e460d77ba024e8f2fb153da6

SHA512
e76f78789cb33c2d7271e676eafa6924d636d98c10e115f32c2f9f5c0e4b51e864533ec5805b5a13951811760bf5f6e1d51ddbe702ea6418b4b0abdbecfa4385

Download Submit
C:\Windows\System\rkLQsdd.exe

Filesize
6.0MB

MD5
0d4f40cc39bc0ee98a06852c4c3fd42a

SHA1
470a590f9d49bd269165fc7b4d9cff0b8cf95d5a

SHA256
2a6dac27d2b3a1662fb39e21f6ee2bf0a2a1dfe0e47718d1154fecc209dc57f8

SHA512
fe4c779338af441e49a67a810b7bc9111cb148aeb515ab2d5968279e00b41c2ee4ce3f81bfa6beb5ccbc78cb35884d542ba8f2ac75f22599dc500c04c2c261b2

Download Submit
C:\Windows\System\tPKbGKD.exe

Filesize
6.0MB

MD5
da811e2270027fb2d2468a22782e0718

SHA1
7f9092e636e4b9eeff4953e336c6dfcfcda569a4

SHA256
b5404e339714b25764c6913ae535a6985d9c697d4d02a34116456afc4e30d4fc

SHA512
429909b590566201690dd1eecff0745a0c4391b9d81c9d45a76d6d8a42e8ca4e50dd95258d64af62e3a73b190058fe2a510798e264d258630875af5af99566e3

Download Submit
C:\Windows\System\vVUeDsa.exe

Filesize
6.0MB

MD5
24ffa69989f5c050701cefad5a68c993

SHA1
97f861681752286d0ed40d399bcb107b2bdb5cae

SHA256
5db0c9a8d9605caf891e078d2f29798dc87225645d51525a608a951e6bf3cf46

SHA512
b3cff46df65143fc5c45f8d6407738f8acc03815d6ebce9449bbdf89e54d1380a45787a434103e987dbe7c8b8743faf53bce76bd676308193cc9c56783d50073

Download Submit
C:\Windows\System\wYtKTvM.exe

Filesize
6.0MB

MD5
10e6edd278eaa1b1d20d561ec4d638fc

SHA1
4d1b3ef81b0ecc5fe923c412484f1513de1c7c4a

SHA256
8aaf2000ee937eb7c0a59e8124e0f6d2ff4305abc045867222db745c6fdcfd78

SHA512
2310d92c8880582ae63a7f9c903ebe13b2dc330cd4b55c22f2a449dd965d0f5123089600e4454a7c96bb5c162c40ae18e8c49b809682735aa187fa5baa1ce540

Download Submit
memory/744-48-0x00007FF7D2E60000-0x00007FF7D31B4000-memory.dmp

Filesize
3.3MB

Download
memory/744-116-0x00007FF7D2E60000-0x00007FF7D31B4000-memory.dmp

Filesize
3.3MB

Download
memory/744-2000-0x00007FF7D2E60000-0x00007FF7D31B4000-memory.dmp

Filesize
3.3MB

Download
memory/1104-152-0x00007FF7A05E0000-0x00007FF7A0934000-memory.dmp

Filesize
3.3MB

Download
memory/1104-1453-0x00007FF7A05E0000-0x00007FF7A0934000-memory.dmp

Filesize
3.3MB

Download
memory/1104-2045-0x00007FF7A05E0000-0x00007FF7A0934000-memory.dmp

Filesize
3.3MB

Download
memory/1180-36-0x00007FF73D4B0000-0x00007FF73D804000-memory.dmp

Filesize
3.3MB

Download
memory/1180-1982-0x00007FF73D4B0000-0x00007FF73D804000-memory.dmp

Filesize
3.3MB

Download
memory/1180-100-0x00007FF73D4B0000-0x00007FF73D804000-memory.dmp

Filesize
3.3MB

Download
memory/1240-81-0x00007FF6C9CF0000-0x00007FF6CA044000-memory.dmp

Filesize
3.3MB

Download
memory/1240-18-0x00007FF6C9CF0000-0x00007FF6CA044000-memory.dmp

Filesize
3.3MB

Download
memory/1240-1969-0x00007FF6C9CF0000-0x00007FF6CA044000-memory.dmp

Filesize
3.3MB

Download
memory/1464-99-0x00007FF731530000-0x00007FF731884000-memory.dmp

Filesize
3.3MB

Download
memory/1464-159-0x00007FF731530000-0x00007FF731884000-memory.dmp

Filesize
3.3MB

Download
memory/1464-2025-0x00007FF731530000-0x00007FF731884000-memory.dmp

Filesize
3.3MB

Download
memory/1492-189-0x00007FF6A0100000-0x00007FF6A0454000-memory.dmp

Filesize
3.3MB

Download
memory/1492-2061-0x00007FF6A0100000-0x00007FF6A0454000-memory.dmp

Filesize
3.3MB

Download
memory/1492-1731-0x00007FF6A0100000-0x00007FF6A0454000-memory.dmp

Filesize
3.3MB

Download
memory/1800-2043-0x00007FF6F8200000-0x00007FF6F8554000-memory.dmp

Filesize
3.3MB

Download
memory/1800-1272-0x00007FF6F8200000-0x00007FF6F8554000-memory.dmp

Filesize
3.3MB

Download
memory/1800-131-0x00007FF6F8200000-0x00007FF6F8554000-memory.dmp

Filesize
3.3MB

Download
memory/1848-1635-0x00007FF7D1BA0000-0x00007FF7D1EF4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-183-0x00007FF7D1BA0000-0x00007FF7D1EF4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-2058-0x00007FF7D1BA0000-0x00007FF7D1EF4000-memory.dmp

Filesize
3.3MB

Download
memory/1900-1397-0x00007FF76C9A0000-0x00007FF76CCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1900-145-0x00007FF76C9A0000-0x00007FF76CCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1900-2047-0x00007FF76C9A0000-0x00007FF76CCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-62-0x00007FF6CFD10000-0x00007FF6D0064000-memory.dmp

Filesize
3.3MB

Download
memory/1960-130-0x00007FF6CFD10000-0x00007FF6D0064000-memory.dmp

Filesize
3.3MB

Download
memory/1960-2010-0x00007FF6CFD10000-0x00007FF6D0064000-memory.dmp

Filesize
3.3MB

Download
memory/1980-199-0x00007FF6BF7D0000-0x00007FF6BFB24000-memory.dmp

Filesize
3.3MB

Download
memory/1980-2066-0x00007FF6BF7D0000-0x00007FF6BFB24000-memory.dmp

Filesize
3.3MB

Download
memory/1980-1795-0x00007FF6BF7D0000-0x00007FF6BFB24000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2050-0x00007FF7E4970000-0x00007FF7E4CC4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-166-0x00007FF7E4970000-0x00007FF7E4CC4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-1570-0x00007FF7E4970000-0x00007FF7E4CC4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-180-0x00007FF7DD220000-0x00007FF7DD574000-memory.dmp

Filesize
3.3MB

Download
memory/3012-110-0x00007FF7DD220000-0x00007FF7DD574000-memory.dmp

Filesize
3.3MB

Download
memory/3012-2032-0x00007FF7DD220000-0x00007FF7DD574000-memory.dmp

Filesize
3.3MB

Download
memory/3128-160-0x00007FF6283B0000-0x00007FF628704000-memory.dmp

Filesize
3.3MB

Download
memory/3128-1521-0x00007FF6283B0000-0x00007FF628704000-memory.dmp

Filesize
3.3MB

Download
memory/3128-2049-0x00007FF6283B0000-0x00007FF628704000-memory.dmp

Filesize
3.3MB

Download
memory/3164-124-0x00007FF6D8B20000-0x00007FF6D8E74000-memory.dmp

Filesize
3.3MB

Download
memory/3164-2042-0x00007FF6D8B20000-0x00007FF6D8E74000-memory.dmp

Filesize
3.3MB

Download
memory/3164-195-0x00007FF6D8B20000-0x00007FF6D8E74000-memory.dmp

Filesize
3.3MB

Download
memory/3336-29-0x00007FF7A8600000-0x00007FF7A8954000-memory.dmp

Filesize
3.3MB

Download
memory/3336-96-0x00007FF7A8600000-0x00007FF7A8954000-memory.dmp

Filesize
3.3MB

Download
memory/3336-1981-0x00007FF7A8600000-0x00007FF7A8954000-memory.dmp

Filesize
3.3MB

Download
memory/3472-158-0x00007FF657FB0000-0x00007FF658304000-memory.dmp

Filesize
3.3MB

Download
memory/3472-2022-0x00007FF657FB0000-0x00007FF658304000-memory.dmp

Filesize
3.3MB

Download
memory/3472-91-0x00007FF657FB0000-0x00007FF658304000-memory.dmp

Filesize
3.3MB

Download
memory/3776-56-0x00007FF658A60000-0x00007FF658DB4000-memory.dmp

Filesize
3.3MB

Download
memory/3776-123-0x00007FF658A60000-0x00007FF658DB4000-memory.dmp

Filesize
3.3MB

Download
memory/3776-2004-0x00007FF658A60000-0x00007FF658DB4000-memory.dmp

Filesize
3.3MB

Download
memory/3808-2055-0x00007FF7E62E0000-0x00007FF7E6634000-memory.dmp

Filesize
3.3MB

Download
memory/3808-1633-0x00007FF7E62E0000-0x00007FF7E6634000-memory.dmp

Filesize
3.3MB

Download
memory/3808-175-0x00007FF7E62E0000-0x00007FF7E6634000-memory.dmp

Filesize
3.3MB

Download
memory/3820-117-0x00007FF7750D0000-0x00007FF775424000-memory.dmp

Filesize
3.3MB

Download
memory/3820-184-0x00007FF7750D0000-0x00007FF775424000-memory.dmp

Filesize
3.3MB

Download
memory/3820-2038-0x00007FF7750D0000-0x00007FF775424000-memory.dmp

Filesize
3.3MB

Download
memory/4176-109-0x00007FF7BD9F0000-0x00007FF7BDD44000-memory.dmp

Filesize
3.3MB

Download
memory/4176-1994-0x00007FF7BD9F0000-0x00007FF7BDD44000-memory.dmp

Filesize
3.3MB

Download
memory/4176-42-0x00007FF7BD9F0000-0x00007FF7BDD44000-memory.dmp

Filesize
3.3MB

Download
memory/4432-82-0x00007FF702030000-0x00007FF702384000-memory.dmp

Filesize
3.3MB

Download
memory/4432-28-0x00007FF702030000-0x00007FF702384000-memory.dmp

Filesize
3.3MB

Download
memory/4432-1979-0x00007FF702030000-0x00007FF702384000-memory.dmp

Filesize
3.3MB

Download
memory/4468-85-0x00007FF6EF740000-0x00007FF6EFA94000-memory.dmp

Filesize
3.3MB

Download
memory/4468-151-0x00007FF6EF740000-0x00007FF6EFA94000-memory.dmp

Filesize
3.3MB

Download
memory/4468-2021-0x00007FF6EF740000-0x00007FF6EFA94000-memory.dmp

Filesize
3.3MB

Download
memory/4576-137-0x00007FF75AAE0000-0x00007FF75AE34000-memory.dmp

Filesize
3.3MB

Download
memory/4576-70-0x00007FF75AAE0000-0x00007FF75AE34000-memory.dmp

Filesize
3.3MB

Download
memory/4576-2012-0x00007FF75AAE0000-0x00007FF75AE34000-memory.dmp

Filesize
3.3MB

Download
memory/4676-1340-0x00007FF768770000-0x00007FF768AC4000-memory.dmp

Filesize
3.3MB

Download
memory/4676-138-0x00007FF768770000-0x00007FF768AC4000-memory.dmp

Filesize
3.3MB

Download
memory/4676-2048-0x00007FF768770000-0x00007FF768AC4000-memory.dmp

Filesize
3.3MB

Download
memory/4860-0-0x00007FF6C9180000-0x00007FF6C94D4000-memory.dmp

Filesize
3.3MB

Download
memory/4860-54-0x00007FF6C9180000-0x00007FF6C94D4000-memory.dmp

Filesize
3.3MB

Download
memory/4860-1-0x000001A4CE570000-0x000001A4CE580000-memory.dmp

Filesize
64KB

Download
memory/4872-2028-0x00007FF66E3A0000-0x00007FF66E6F4000-memory.dmp

Filesize
3.3MB

Download
memory/4872-172-0x00007FF66E3A0000-0x00007FF66E6F4000-memory.dmp

Filesize
3.3MB

Download
memory/4872-103-0x00007FF66E3A0000-0x00007FF66E6F4000-memory.dmp

Filesize
3.3MB

Download
memory/4960-75-0x00007FF621550000-0x00007FF6218A4000-memory.dmp

Filesize
3.3MB

Download
memory/4960-2014-0x00007FF621550000-0x00007FF6218A4000-memory.dmp

Filesize
3.3MB

Download
memory/4960-144-0x00007FF621550000-0x00007FF6218A4000-memory.dmp

Filesize
3.3MB

Download
memory/5032-68-0x00007FF7F2430000-0x00007FF7F2784000-memory.dmp

Filesize
3.3MB

Download
memory/5032-12-0x00007FF7F2430000-0x00007FF7F2784000-memory.dmp

Filesize
3.3MB

Download
memory/5032-1881-0x00007FF7F2430000-0x00007FF7F2784000-memory.dmp

Filesize
3.3MB

Download
memory/5068-55-0x00007FF63B650000-0x00007FF63B9A4000-memory.dmp

Filesize
3.3MB

Download
memory/5068-1876-0x00007FF63B650000-0x00007FF63B9A4000-memory.dmp

Filesize
3.3MB

Download
memory/5068-7-0x00007FF63B650000-0x00007FF63B9A4000-memory.dmp

Filesize
3.3MB

Download