cobaltstrike | 2ccce46d6bdb1ae316dfbe0d02edfbda04fcc184df218d926f6d6472978ca3d6

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 04:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a8343f8e483a1ab42ecb408a6e5c6f0f
SHA1

7ae40183a95571a18e2dd30ad5b4c89827ef19d5
SHA256

2ccce46d6bdb1ae316dfbe0d02edfbda04fcc184df218d926f6d6472978ca3d6
SHA512

4ccf9fce72426fc3c4adb58c7f3a1ca5d2c5b1fa03e87dac54f3b26cee3167f5d39ad8e7697ed92aef8d07c57cf920a3de95a660dba1f821c6298503ecb7eb2c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUv:T+q56utgpPF8u/7v

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\System\qMxjLfU.exe	cobalt_reflective_dll
C:\Windows\System\ljsgSMF.exe	cobalt_reflective_dll
C:\Windows\System\dSLYhoi.exe	cobalt_reflective_dll
C:\Windows\System\LjmOjUP.exe	cobalt_reflective_dll
C:\Windows\System\LeTHrhR.exe	cobalt_reflective_dll
C:\Windows\System\IeAFznE.exe	cobalt_reflective_dll
C:\Windows\System\ofgZDSV.exe	cobalt_reflective_dll
C:\Windows\System\zmMkhOz.exe	cobalt_reflective_dll
C:\Windows\System\DMrkhdx.exe	cobalt_reflective_dll
C:\Windows\System\BWxsbYx.exe	cobalt_reflective_dll
C:\Windows\System\ffNdTMN.exe	cobalt_reflective_dll
C:\Windows\System\HOFboiC.exe	cobalt_reflective_dll
C:\Windows\System\QJvfxzo.exe	cobalt_reflective_dll
C:\Windows\System\NoZHVAV.exe	cobalt_reflective_dll
C:\Windows\System\CgaHsSq.exe	cobalt_reflective_dll
C:\Windows\System\cbYOsWa.exe	cobalt_reflective_dll
C:\Windows\System\SNuWldK.exe	cobalt_reflective_dll
C:\Windows\System\digSIue.exe	cobalt_reflective_dll
C:\Windows\System\UoETTSC.exe	cobalt_reflective_dll
C:\Windows\System\KUIXKbz.exe	cobalt_reflective_dll
C:\Windows\System\YqbIWGK.exe	cobalt_reflective_dll
C:\Windows\System\TEsWAiO.exe	cobalt_reflective_dll
C:\Windows\System\hgRbNRC.exe	cobalt_reflective_dll
C:\Windows\System\CAEtnQm.exe	cobalt_reflective_dll
C:\Windows\System\XgZLEyS.exe	cobalt_reflective_dll
C:\Windows\System\ztbRQoA.exe	cobalt_reflective_dll
C:\Windows\System\wKcUrth.exe	cobalt_reflective_dll
C:\Windows\System\PHKvUOU.exe	cobalt_reflective_dll
C:\Windows\System\DOTHeMP.exe	cobalt_reflective_dll
C:\Windows\System\ErXXWLu.exe	cobalt_reflective_dll
C:\Windows\System\GNNUOPo.exe	cobalt_reflective_dll
C:\Windows\System\CYabNcu.exe	cobalt_reflective_dll
C:\Windows\System\sAomiwT.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/4688-0-0x00007FF79A820000-0x00007FF79AB74000-memory.dmp	xmrig
C:\Windows\System\qMxjLfU.exe	xmrig
behavioral2/memory/2356-6-0x00007FF6CCF90000-0x00007FF6CD2E4000-memory.dmp	xmrig
C:\Windows\System\ljsgSMF.exe	xmrig
C:\Windows\System\dSLYhoi.exe	xmrig
behavioral2/memory/432-12-0x00007FF6D1360000-0x00007FF6D16B4000-memory.dmp	xmrig
C:\Windows\System\LjmOjUP.exe	xmrig
C:\Windows\System\LeTHrhR.exe	xmrig
C:\Windows\System\IeAFznE.exe	xmrig
C:\Windows\System\ofgZDSV.exe	xmrig
C:\Windows\System\zmMkhOz.exe	xmrig
C:\Windows\System\DMrkhdx.exe	xmrig
C:\Windows\System\BWxsbYx.exe	xmrig
C:\Windows\System\ffNdTMN.exe	xmrig
C:\Windows\System\HOFboiC.exe	xmrig
C:\Windows\System\QJvfxzo.exe	xmrig
behavioral2/memory/1560-308-0x00007FF7AD1C0000-0x00007FF7AD514000-memory.dmp	xmrig
behavioral2/memory/3852-318-0x00007FF659DD0000-0x00007FF65A124000-memory.dmp	xmrig
behavioral2/memory/4776-332-0x00007FF6317E0000-0x00007FF631B34000-memory.dmp	xmrig
behavioral2/memory/1448-344-0x00007FF643D60000-0x00007FF6440B4000-memory.dmp	xmrig
behavioral2/memory/2056-351-0x00007FF65FC70000-0x00007FF65FFC4000-memory.dmp	xmrig
behavioral2/memory/3452-365-0x00007FF6E6380000-0x00007FF6E66D4000-memory.dmp	xmrig
behavioral2/memory/3948-364-0x00007FF63EA60000-0x00007FF63EDB4000-memory.dmp	xmrig
behavioral2/memory/4980-363-0x00007FF7B6F30000-0x00007FF7B7284000-memory.dmp	xmrig
behavioral2/memory/4780-362-0x00007FF7426B0000-0x00007FF742A04000-memory.dmp	xmrig
behavioral2/memory/4944-361-0x00007FF6EDFE0000-0x00007FF6EE334000-memory.dmp	xmrig
behavioral2/memory/1876-360-0x00007FF6E1480000-0x00007FF6E17D4000-memory.dmp	xmrig
behavioral2/memory/1400-359-0x00007FF737D60000-0x00007FF7380B4000-memory.dmp	xmrig
behavioral2/memory/3456-358-0x00007FF73C3F0000-0x00007FF73C744000-memory.dmp	xmrig
behavioral2/memory/1252-357-0x00007FF6EF760000-0x00007FF6EFAB4000-memory.dmp	xmrig
behavioral2/memory/3828-356-0x00007FF7E0230000-0x00007FF7E0584000-memory.dmp	xmrig
behavioral2/memory/3936-355-0x00007FF647100000-0x00007FF647454000-memory.dmp	xmrig
behavioral2/memory/2692-354-0x00007FF66C630000-0x00007FF66C984000-memory.dmp	xmrig
behavioral2/memory/1236-348-0x00007FF759C00000-0x00007FF759F54000-memory.dmp	xmrig
behavioral2/memory/5060-341-0x00007FF6C9240000-0x00007FF6C9594000-memory.dmp	xmrig
behavioral2/memory/4708-336-0x00007FF7A1C70000-0x00007FF7A1FC4000-memory.dmp	xmrig
behavioral2/memory/4768-330-0x00007FF6B07E0000-0x00007FF6B0B34000-memory.dmp	xmrig
behavioral2/memory/4084-324-0x00007FF7AD5F0000-0x00007FF7AD944000-memory.dmp	xmrig
behavioral2/memory/3608-314-0x00007FF6FBEF0000-0x00007FF6FC244000-memory.dmp	xmrig
C:\Windows\System\NoZHVAV.exe	xmrig
C:\Windows\System\CgaHsSq.exe	xmrig
C:\Windows\System\cbYOsWa.exe	xmrig
C:\Windows\System\SNuWldK.exe	xmrig
C:\Windows\System\digSIue.exe	xmrig
C:\Windows\System\UoETTSC.exe	xmrig
C:\Windows\System\KUIXKbz.exe	xmrig
C:\Windows\System\YqbIWGK.exe	xmrig
C:\Windows\System\TEsWAiO.exe	xmrig
C:\Windows\System\hgRbNRC.exe	xmrig
C:\Windows\System\CAEtnQm.exe	xmrig
C:\Windows\System\XgZLEyS.exe	xmrig
C:\Windows\System\ztbRQoA.exe	xmrig
C:\Windows\System\wKcUrth.exe	xmrig
C:\Windows\System\PHKvUOU.exe	xmrig
C:\Windows\System\DOTHeMP.exe	xmrig
C:\Windows\System\ErXXWLu.exe	xmrig
C:\Windows\System\GNNUOPo.exe	xmrig
behavioral2/memory/2676-54-0x00007FF67A2B0000-0x00007FF67A604000-memory.dmp	xmrig
C:\Windows\System\CYabNcu.exe	xmrig
behavioral2/memory/3972-45-0x00007FF7CE8F0000-0x00007FF7CEC44000-memory.dmp	xmrig
C:\Windows\System\sAomiwT.exe	xmrig
behavioral2/memory/1636-26-0x00007FF62B330000-0x00007FF62B684000-memory.dmp	xmrig
behavioral2/memory/2032-20-0x00007FF652D70000-0x00007FF6530C4000-memory.dmp	xmrig
behavioral2/memory/4688-945-0x00007FF79A820000-0x00007FF79AB74000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

qMxjLfU.exedSLYhoi.exeljsgSMF.exeLjmOjUP.exesAomiwT.exeLeTHrhR.exeCYabNcu.exeGNNUOPo.exeIeAFznE.exeofgZDSV.exeErXXWLu.exezmMkhOz.exeDMrkhdx.exeDOTHeMP.exePHKvUOU.exewKcUrth.exeztbRQoA.exeBWxsbYx.exeXgZLEyS.exeCAEtnQm.exeffNdTMN.exehgRbNRC.exeTEsWAiO.exeHOFboiC.exeYqbIWGK.exeKUIXKbz.exeUoETTSC.exedigSIue.exeSNuWldK.exeCgaHsSq.exeNoZHVAV.execbYOsWa.exeQJvfxzo.exezPbqtHY.exebnyDAqY.exeuvPkeFB.exeeZTGXSW.exeTRALdOU.exeWsiNNwQ.exetZPiLFI.exeGHbZMpK.exeVaWusnU.exeSeuCqLE.exeWdiCMbp.exekGuyFGi.exehrdpfMz.exeJxufVGX.exelrFViXl.exedqmiFOO.exelaiMJgO.exehgCGeCJ.exexSDlSZH.exefZuBhmL.exeEFbQWBH.exewvOkjtH.exeFJKznSt.exeUwaCsDo.exeEPWhAyb.exegnYQYNW.exenTJiQjJ.exeFmuCstP.exeNladAsg.exejwOpWoa.exebpufuzp.exe

pid	process
2356	qMxjLfU.exe
432	dSLYhoi.exe
2032	ljsgSMF.exe
1636	LjmOjUP.exe
3972	sAomiwT.exe
2676	LeTHrhR.exe
3948	CYabNcu.exe
1560	GNNUOPo.exe
3608	IeAFznE.exe
3452	ofgZDSV.exe
3852	ErXXWLu.exe
4084	zmMkhOz.exe
4768	DMrkhdx.exe
4776	DOTHeMP.exe
4708	PHKvUOU.exe
5060	wKcUrth.exe
1448	ztbRQoA.exe
1236	BWxsbYx.exe
2056	XgZLEyS.exe
2692	CAEtnQm.exe
3936	ffNdTMN.exe
3828	hgRbNRC.exe
1252	TEsWAiO.exe
3456	HOFboiC.exe
1400	YqbIWGK.exe
1876	KUIXKbz.exe
4944	UoETTSC.exe
4780	digSIue.exe
4980	SNuWldK.exe
2380	CgaHsSq.exe
1664	NoZHVAV.exe
5020	cbYOsWa.exe
912	QJvfxzo.exe
4716	zPbqtHY.exe
3808	bnyDAqY.exe
2844	uvPkeFB.exe
2040	eZTGXSW.exe
4500	TRALdOU.exe
1744	WsiNNwQ.exe
1500	tZPiLFI.exe
4288	GHbZMpK.exe
2996	VaWusnU.exe
3968	SeuCqLE.exe
608	WdiCMbp.exe
3644	kGuyFGi.exe
3528	hrdpfMz.exe
4580	JxufVGX.exe
4532	lrFViXl.exe
1712	dqmiFOO.exe
3952	laiMJgO.exe
3960	hgCGeCJ.exe
544	xSDlSZH.exe
2804	fZuBhmL.exe
3140	EFbQWBH.exe
4428	wvOkjtH.exe
4412	FJKznSt.exe
3988	UwaCsDo.exe
3236	EPWhAyb.exe
4660	gnYQYNW.exe
1632	nTJiQjJ.exe
3332	FmuCstP.exe
3768	NladAsg.exe
3104	jwOpWoa.exe
4520	bpufuzp.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4688-0-0x00007FF79A820000-0x00007FF79AB74000-memory.dmp	upx
C:\Windows\System\qMxjLfU.exe	upx
behavioral2/memory/2356-6-0x00007FF6CCF90000-0x00007FF6CD2E4000-memory.dmp	upx
C:\Windows\System\ljsgSMF.exe	upx
C:\Windows\System\dSLYhoi.exe	upx
behavioral2/memory/432-12-0x00007FF6D1360000-0x00007FF6D16B4000-memory.dmp	upx
C:\Windows\System\LjmOjUP.exe	upx
C:\Windows\System\LeTHrhR.exe	upx
C:\Windows\System\IeAFznE.exe	upx
C:\Windows\System\ofgZDSV.exe	upx
C:\Windows\System\zmMkhOz.exe	upx
C:\Windows\System\DMrkhdx.exe	upx
C:\Windows\System\BWxsbYx.exe	upx
C:\Windows\System\ffNdTMN.exe	upx
C:\Windows\System\HOFboiC.exe	upx
C:\Windows\System\QJvfxzo.exe	upx
behavioral2/memory/1560-308-0x00007FF7AD1C0000-0x00007FF7AD514000-memory.dmp	upx
behavioral2/memory/3852-318-0x00007FF659DD0000-0x00007FF65A124000-memory.dmp	upx
behavioral2/memory/4776-332-0x00007FF6317E0000-0x00007FF631B34000-memory.dmp	upx
behavioral2/memory/1448-344-0x00007FF643D60000-0x00007FF6440B4000-memory.dmp	upx
behavioral2/memory/2056-351-0x00007FF65FC70000-0x00007FF65FFC4000-memory.dmp	upx
behavioral2/memory/3452-365-0x00007FF6E6380000-0x00007FF6E66D4000-memory.dmp	upx
behavioral2/memory/3948-364-0x00007FF63EA60000-0x00007FF63EDB4000-memory.dmp	upx
behavioral2/memory/4980-363-0x00007FF7B6F30000-0x00007FF7B7284000-memory.dmp	upx
behavioral2/memory/4780-362-0x00007FF7426B0000-0x00007FF742A04000-memory.dmp	upx
behavioral2/memory/4944-361-0x00007FF6EDFE0000-0x00007FF6EE334000-memory.dmp	upx
behavioral2/memory/1876-360-0x00007FF6E1480000-0x00007FF6E17D4000-memory.dmp	upx
behavioral2/memory/1400-359-0x00007FF737D60000-0x00007FF7380B4000-memory.dmp	upx
behavioral2/memory/3456-358-0x00007FF73C3F0000-0x00007FF73C744000-memory.dmp	upx
behavioral2/memory/1252-357-0x00007FF6EF760000-0x00007FF6EFAB4000-memory.dmp	upx
behavioral2/memory/3828-356-0x00007FF7E0230000-0x00007FF7E0584000-memory.dmp	upx
behavioral2/memory/3936-355-0x00007FF647100000-0x00007FF647454000-memory.dmp	upx
behavioral2/memory/2692-354-0x00007FF66C630000-0x00007FF66C984000-memory.dmp	upx
behavioral2/memory/1236-348-0x00007FF759C00000-0x00007FF759F54000-memory.dmp	upx
behavioral2/memory/5060-341-0x00007FF6C9240000-0x00007FF6C9594000-memory.dmp	upx
behavioral2/memory/4708-336-0x00007FF7A1C70000-0x00007FF7A1FC4000-memory.dmp	upx
behavioral2/memory/4768-330-0x00007FF6B07E0000-0x00007FF6B0B34000-memory.dmp	upx
behavioral2/memory/4084-324-0x00007FF7AD5F0000-0x00007FF7AD944000-memory.dmp	upx
behavioral2/memory/3608-314-0x00007FF6FBEF0000-0x00007FF6FC244000-memory.dmp	upx
C:\Windows\System\NoZHVAV.exe	upx
C:\Windows\System\CgaHsSq.exe	upx
C:\Windows\System\cbYOsWa.exe	upx
C:\Windows\System\SNuWldK.exe	upx
C:\Windows\System\digSIue.exe	upx
C:\Windows\System\UoETTSC.exe	upx
C:\Windows\System\KUIXKbz.exe	upx
C:\Windows\System\YqbIWGK.exe	upx
C:\Windows\System\TEsWAiO.exe	upx
C:\Windows\System\hgRbNRC.exe	upx
C:\Windows\System\CAEtnQm.exe	upx
C:\Windows\System\XgZLEyS.exe	upx
C:\Windows\System\ztbRQoA.exe	upx
C:\Windows\System\wKcUrth.exe	upx
C:\Windows\System\PHKvUOU.exe	upx
C:\Windows\System\DOTHeMP.exe	upx
C:\Windows\System\ErXXWLu.exe	upx
C:\Windows\System\GNNUOPo.exe	upx
behavioral2/memory/2676-54-0x00007FF67A2B0000-0x00007FF67A604000-memory.dmp	upx
C:\Windows\System\CYabNcu.exe	upx
behavioral2/memory/3972-45-0x00007FF7CE8F0000-0x00007FF7CEC44000-memory.dmp	upx
C:\Windows\System\sAomiwT.exe	upx
behavioral2/memory/1636-26-0x00007FF62B330000-0x00007FF62B684000-memory.dmp	upx
behavioral2/memory/2032-20-0x00007FF652D70000-0x00007FF6530C4000-memory.dmp	upx
behavioral2/memory/4688-945-0x00007FF79A820000-0x00007FF79AB74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\SDKrjmj.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RYfSgbV.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MgfTVHu.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\laiMJgO.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KJelkQh.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DgmsfqE.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UoraRnk.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hnCogTg.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tFgdZwy.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IKrScWa.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yXEGFsg.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NfxbjEB.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CgaHsSq.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ilNSbOE.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VCWVeaR.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hGyLjtV.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kRTdpmt.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xJvwXwh.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IMpPOEy.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\adAOLZv.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RDwmiWP.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KTOCWYQ.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPSBblB.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZlQYRGo.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cNFkqAo.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UXuahKO.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPLlOjs.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FcgFzJv.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eVqNmbO.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rSRqYhC.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JqBzTll.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FmoQjhV.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NRvqeTT.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DFAiQzJ.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QYqBTwH.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\puAzBgF.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hZpoIWP.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WlbWxnd.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CFCIrTt.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XhRJzBQ.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UgxCwJP.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HeqDQsu.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nUEIDpG.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VUZuHPJ.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eUPdkQi.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JWEuGNX.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VxWQWiL.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HkzbkSc.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vAJPiaP.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DlSCffD.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qeQNmJN.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xZKVbyF.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nkHGnVi.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FdvNaIA.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LoIRVGa.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TEsWAiO.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ocFwNak.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SLmXFov.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RzKSmcq.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TdtwgHC.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JIdlsBe.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IXzozcg.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ErEFgsI.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hTLAXvA.exe	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 4688 wrote to memory of 2356	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	qMxjLfU.exe
PID 4688 wrote to memory of 2356	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	qMxjLfU.exe
PID 4688 wrote to memory of 432	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	dSLYhoi.exe
PID 4688 wrote to memory of 432	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	dSLYhoi.exe
PID 4688 wrote to memory of 2032	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	ljsgSMF.exe
PID 4688 wrote to memory of 2032	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	ljsgSMF.exe
PID 4688 wrote to memory of 1636	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	LjmOjUP.exe
PID 4688 wrote to memory of 1636	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	LjmOjUP.exe
PID 4688 wrote to memory of 3972	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	sAomiwT.exe
PID 4688 wrote to memory of 3972	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	sAomiwT.exe
PID 4688 wrote to memory of 2676	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	LeTHrhR.exe
PID 4688 wrote to memory of 2676	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	LeTHrhR.exe
PID 4688 wrote to memory of 3948	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	CYabNcu.exe
PID 4688 wrote to memory of 3948	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	CYabNcu.exe
PID 4688 wrote to memory of 1560	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	GNNUOPo.exe
PID 4688 wrote to memory of 1560	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	GNNUOPo.exe
PID 4688 wrote to memory of 3608	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	IeAFznE.exe
PID 4688 wrote to memory of 3608	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	IeAFznE.exe
PID 4688 wrote to memory of 3452	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	ofgZDSV.exe
PID 4688 wrote to memory of 3452	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	ofgZDSV.exe
PID 4688 wrote to memory of 3852	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	ErXXWLu.exe
PID 4688 wrote to memory of 3852	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	ErXXWLu.exe
PID 4688 wrote to memory of 4084	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	zmMkhOz.exe
PID 4688 wrote to memory of 4084	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	zmMkhOz.exe
PID 4688 wrote to memory of 4768	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	DMrkhdx.exe
PID 4688 wrote to memory of 4768	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	DMrkhdx.exe
PID 4688 wrote to memory of 4776	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	DOTHeMP.exe
PID 4688 wrote to memory of 4776	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	DOTHeMP.exe
PID 4688 wrote to memory of 4708	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	PHKvUOU.exe
PID 4688 wrote to memory of 4708	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	PHKvUOU.exe
PID 4688 wrote to memory of 5060	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	wKcUrth.exe
PID 4688 wrote to memory of 5060	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	wKcUrth.exe
PID 4688 wrote to memory of 1448	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	ztbRQoA.exe
PID 4688 wrote to memory of 1448	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	ztbRQoA.exe
PID 4688 wrote to memory of 1236	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	BWxsbYx.exe
PID 4688 wrote to memory of 1236	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	BWxsbYx.exe
PID 4688 wrote to memory of 2056	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	XgZLEyS.exe
PID 4688 wrote to memory of 2056	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	XgZLEyS.exe
PID 4688 wrote to memory of 2692	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	CAEtnQm.exe
PID 4688 wrote to memory of 2692	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	CAEtnQm.exe
PID 4688 wrote to memory of 3936	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	ffNdTMN.exe
PID 4688 wrote to memory of 3936	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	ffNdTMN.exe
PID 4688 wrote to memory of 3828	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	hgRbNRC.exe
PID 4688 wrote to memory of 3828	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	hgRbNRC.exe
PID 4688 wrote to memory of 1252	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	TEsWAiO.exe
PID 4688 wrote to memory of 1252	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	TEsWAiO.exe
PID 4688 wrote to memory of 3456	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	HOFboiC.exe
PID 4688 wrote to memory of 3456	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	HOFboiC.exe
PID 4688 wrote to memory of 1400	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	YqbIWGK.exe
PID 4688 wrote to memory of 1400	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	YqbIWGK.exe
PID 4688 wrote to memory of 1876	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	KUIXKbz.exe
PID 4688 wrote to memory of 1876	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	KUIXKbz.exe
PID 4688 wrote to memory of 4944	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	UoETTSC.exe
PID 4688 wrote to memory of 4944	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	UoETTSC.exe
PID 4688 wrote to memory of 4780	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	digSIue.exe
PID 4688 wrote to memory of 4780	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	digSIue.exe
PID 4688 wrote to memory of 4980	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	SNuWldK.exe
PID 4688 wrote to memory of 4980	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	SNuWldK.exe
PID 4688 wrote to memory of 2380	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	CgaHsSq.exe
PID 4688 wrote to memory of 2380	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	CgaHsSq.exe
PID 4688 wrote to memory of 1664	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	NoZHVAV.exe
PID 4688 wrote to memory of 1664	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	NoZHVAV.exe
PID 4688 wrote to memory of 5020	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	cbYOsWa.exe
PID 4688 wrote to memory of 5020	4688	2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe	cbYOsWa.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_a8343f8e483a1ab42ecb408a6e5c6f0f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Windows\System\qMxjLfU.exe
  C:\Windows\System\qMxjLfU.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\dSLYhoi.exe
  C:\Windows\System\dSLYhoi.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\ljsgSMF.exe
  C:\Windows\System\ljsgSMF.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\LjmOjUP.exe
  C:\Windows\System\LjmOjUP.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\sAomiwT.exe
  C:\Windows\System\sAomiwT.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\LeTHrhR.exe
  C:\Windows\System\LeTHrhR.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\CYabNcu.exe
  C:\Windows\System\CYabNcu.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\GNNUOPo.exe
  C:\Windows\System\GNNUOPo.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\IeAFznE.exe
  C:\Windows\System\IeAFznE.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\ofgZDSV.exe
  C:\Windows\System\ofgZDSV.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\ErXXWLu.exe
  C:\Windows\System\ErXXWLu.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\zmMkhOz.exe
  C:\Windows\System\zmMkhOz.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\DMrkhdx.exe
  C:\Windows\System\DMrkhdx.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\DOTHeMP.exe
  C:\Windows\System\DOTHeMP.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\PHKvUOU.exe
  C:\Windows\System\PHKvUOU.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\wKcUrth.exe
  C:\Windows\System\wKcUrth.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\ztbRQoA.exe
  C:\Windows\System\ztbRQoA.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\BWxsbYx.exe
  C:\Windows\System\BWxsbYx.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\XgZLEyS.exe
  C:\Windows\System\XgZLEyS.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\CAEtnQm.exe
  C:\Windows\System\CAEtnQm.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\ffNdTMN.exe
  C:\Windows\System\ffNdTMN.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\hgRbNRC.exe
  C:\Windows\System\hgRbNRC.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\TEsWAiO.exe
  C:\Windows\System\TEsWAiO.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\HOFboiC.exe
  C:\Windows\System\HOFboiC.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\YqbIWGK.exe
  C:\Windows\System\YqbIWGK.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\KUIXKbz.exe
  C:\Windows\System\KUIXKbz.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\UoETTSC.exe
  C:\Windows\System\UoETTSC.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\digSIue.exe
  C:\Windows\System\digSIue.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\SNuWldK.exe
  C:\Windows\System\SNuWldK.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\CgaHsSq.exe
  C:\Windows\System\CgaHsSq.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\NoZHVAV.exe
  C:\Windows\System\NoZHVAV.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\cbYOsWa.exe
  C:\Windows\System\cbYOsWa.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\QJvfxzo.exe
  C:\Windows\System\QJvfxzo.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\zPbqtHY.exe
  C:\Windows\System\zPbqtHY.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\bnyDAqY.exe
  C:\Windows\System\bnyDAqY.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System\uvPkeFB.exe
  C:\Windows\System\uvPkeFB.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\eZTGXSW.exe
  C:\Windows\System\eZTGXSW.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\TRALdOU.exe
  C:\Windows\System\TRALdOU.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\WsiNNwQ.exe
  C:\Windows\System\WsiNNwQ.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\tZPiLFI.exe
  C:\Windows\System\tZPiLFI.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\GHbZMpK.exe
  C:\Windows\System\GHbZMpK.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\VaWusnU.exe
  C:\Windows\System\VaWusnU.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\SeuCqLE.exe
  C:\Windows\System\SeuCqLE.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\WdiCMbp.exe
  C:\Windows\System\WdiCMbp.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\kGuyFGi.exe
  C:\Windows\System\kGuyFGi.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\hrdpfMz.exe
  C:\Windows\System\hrdpfMz.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\JxufVGX.exe
  C:\Windows\System\JxufVGX.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\lrFViXl.exe
  C:\Windows\System\lrFViXl.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\dqmiFOO.exe
  C:\Windows\System\dqmiFOO.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\laiMJgO.exe
  C:\Windows\System\laiMJgO.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\hgCGeCJ.exe
  C:\Windows\System\hgCGeCJ.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\xSDlSZH.exe
  C:\Windows\System\xSDlSZH.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\fZuBhmL.exe
  C:\Windows\System\fZuBhmL.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\EFbQWBH.exe
  C:\Windows\System\EFbQWBH.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\wvOkjtH.exe
  C:\Windows\System\wvOkjtH.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\FJKznSt.exe
  C:\Windows\System\FJKznSt.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\UwaCsDo.exe
  C:\Windows\System\UwaCsDo.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\EPWhAyb.exe
  C:\Windows\System\EPWhAyb.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\gnYQYNW.exe
  C:\Windows\System\gnYQYNW.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\nTJiQjJ.exe
  C:\Windows\System\nTJiQjJ.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\FmuCstP.exe
  C:\Windows\System\FmuCstP.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\NladAsg.exe
  C:\Windows\System\NladAsg.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\jwOpWoa.exe
  C:\Windows\System\jwOpWoa.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\bpufuzp.exe
  C:\Windows\System\bpufuzp.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\TYjbJeS.exe
  C:\Windows\System\TYjbJeS.exe
  2⤵
  PID:4144
- C:\Windows\System\gYMhaGm.exe
  C:\Windows\System\gYMhaGm.exe
  2⤵
  PID:4664
- C:\Windows\System\kKmYcUu.exe
  C:\Windows\System\kKmYcUu.exe
  2⤵
  PID:760
- C:\Windows\System\xGICTCv.exe
  C:\Windows\System\xGICTCv.exe
  2⤵
  PID:2116
- C:\Windows\System\SpuubMs.exe
  C:\Windows\System\SpuubMs.exe
  2⤵
  PID:2280
- C:\Windows\System\vAJPiaP.exe
  C:\Windows\System\vAJPiaP.exe
  2⤵
  PID:1516
- C:\Windows\System\umEHrnP.exe
  C:\Windows\System\umEHrnP.exe
  2⤵
  PID:1660
- C:\Windows\System\JqBzTll.exe
  C:\Windows\System\JqBzTll.exe
  2⤵
  PID:3468
- C:\Windows\System\hMtiQfK.exe
  C:\Windows\System\hMtiQfK.exe
  2⤵
  PID:4672
- C:\Windows\System\KOhIjAy.exe
  C:\Windows\System\KOhIjAy.exe
  2⤵
  PID:2360
- C:\Windows\System\yUdTKTY.exe
  C:\Windows\System\yUdTKTY.exe
  2⤵
  PID:1488
- C:\Windows\System\NRpvMHo.exe
  C:\Windows\System\NRpvMHo.exe
  2⤵
  PID:2012
- C:\Windows\System\jXJyTgX.exe
  C:\Windows\System\jXJyTgX.exe
  2⤵
  PID:2256
- C:\Windows\System\yxvwsZV.exe
  C:\Windows\System\yxvwsZV.exe
  2⤵
  PID:2112
- C:\Windows\System\JlmiQxU.exe
  C:\Windows\System\JlmiQxU.exe
  2⤵
  PID:4596
- C:\Windows\System\EQbIUGV.exe
  C:\Windows\System\EQbIUGV.exe
  2⤵
  PID:4684
- C:\Windows\System\RQZiGvE.exe
  C:\Windows\System\RQZiGvE.exe
  2⤵
  PID:4900
- C:\Windows\System\TdzLKEU.exe
  C:\Windows\System\TdzLKEU.exe
  2⤵
  PID:868
- C:\Windows\System\XpnQHla.exe
  C:\Windows\System\XpnQHla.exe
  2⤵
  PID:3900
- C:\Windows\System\XZTopVW.exe
  C:\Windows\System\XZTopVW.exe
  2⤵
  PID:3744
- C:\Windows\System\fnNCZIR.exe
  C:\Windows\System\fnNCZIR.exe
  2⤵
  PID:4104
- C:\Windows\System\myyIAiH.exe
  C:\Windows\System\myyIAiH.exe
  2⤵
  PID:1908
- C:\Windows\System\afDsnoC.exe
  C:\Windows\System\afDsnoC.exe
  2⤵
  PID:2824
- C:\Windows\System\mPwYIGI.exe
  C:\Windows\System\mPwYIGI.exe
  2⤵
  PID:1932
- C:\Windows\System\YZeDAfb.exe
  C:\Windows\System\YZeDAfb.exe
  2⤵
  PID:412
- C:\Windows\System\IRMEVMm.exe
  C:\Windows\System\IRMEVMm.exe
  2⤵
  PID:5056
- C:\Windows\System\TXqazFa.exe
  C:\Windows\System\TXqazFa.exe
  2⤵
  PID:3428
- C:\Windows\System\NHeDXce.exe
  C:\Windows\System\NHeDXce.exe
  2⤵
  PID:2300
- C:\Windows\System\JUpqmup.exe
  C:\Windows\System\JUpqmup.exe
  2⤵
  PID:5156
- C:\Windows\System\fZDyeQf.exe
  C:\Windows\System\fZDyeQf.exe
  2⤵
  PID:5248
- C:\Windows\System\tXNTFUz.exe
  C:\Windows\System\tXNTFUz.exe
  2⤵
  PID:5288
- C:\Windows\System\ThYcvTS.exe
  C:\Windows\System\ThYcvTS.exe
  2⤵
  PID:5308
- C:\Windows\System\WOOMsco.exe
  C:\Windows\System\WOOMsco.exe
  2⤵
  PID:5344
- C:\Windows\System\ztNpMyK.exe
  C:\Windows\System\ztNpMyK.exe
  2⤵
  PID:5360
- C:\Windows\System\bkWWduc.exe
  C:\Windows\System\bkWWduc.exe
  2⤵
  PID:5408
- C:\Windows\System\sNmRvbz.exe
  C:\Windows\System\sNmRvbz.exe
  2⤵
  PID:5428
- C:\Windows\System\nThGIEd.exe
  C:\Windows\System\nThGIEd.exe
  2⤵
  PID:5448
- C:\Windows\System\bRjEmlE.exe
  C:\Windows\System\bRjEmlE.exe
  2⤵
  PID:5464
- C:\Windows\System\FmoQjhV.exe
  C:\Windows\System\FmoQjhV.exe
  2⤵
  PID:5500
- C:\Windows\System\FtqAXLs.exe
  C:\Windows\System\FtqAXLs.exe
  2⤵
  PID:5516
- C:\Windows\System\OJcQoZc.exe
  C:\Windows\System\OJcQoZc.exe
  2⤵
  PID:5564
- C:\Windows\System\zHXIIXq.exe
  C:\Windows\System\zHXIIXq.exe
  2⤵
  PID:5596
- C:\Windows\System\rkJtbar.exe
  C:\Windows\System\rkJtbar.exe
  2⤵
  PID:5612
- C:\Windows\System\PxCbupe.exe
  C:\Windows\System\PxCbupe.exe
  2⤵
  PID:5652
- C:\Windows\System\KbFGqGP.exe
  C:\Windows\System\KbFGqGP.exe
  2⤵
  PID:5688
- C:\Windows\System\XvxUhud.exe
  C:\Windows\System\XvxUhud.exe
  2⤵
  PID:5704
- C:\Windows\System\YDXHLxw.exe
  C:\Windows\System\YDXHLxw.exe
  2⤵
  PID:5732
- C:\Windows\System\EesagiO.exe
  C:\Windows\System\EesagiO.exe
  2⤵
  PID:5772
- C:\Windows\System\PUJUDpY.exe
  C:\Windows\System\PUJUDpY.exe
  2⤵
  PID:5800
- C:\Windows\System\hJLFjtM.exe
  C:\Windows\System\hJLFjtM.exe
  2⤵
  PID:5816
- C:\Windows\System\DgmsfqE.exe
  C:\Windows\System\DgmsfqE.exe
  2⤵
  PID:5852
- C:\Windows\System\nKQxZCR.exe
  C:\Windows\System\nKQxZCR.exe
  2⤵
  PID:5884
- C:\Windows\System\LiRlXox.exe
  C:\Windows\System\LiRlXox.exe
  2⤵
  PID:5904
- C:\Windows\System\aBaDyNG.exe
  C:\Windows\System\aBaDyNG.exe
  2⤵
  PID:5940
- C:\Windows\System\pXEFmvn.exe
  C:\Windows\System\pXEFmvn.exe
  2⤵
  PID:5972
- C:\Windows\System\xOCStqK.exe
  C:\Windows\System\xOCStqK.exe
  2⤵
  PID:6008
- C:\Windows\System\DYPEOBu.exe
  C:\Windows\System\DYPEOBu.exe
  2⤵
  PID:6028
- C:\Windows\System\KCqvvcH.exe
  C:\Windows\System\KCqvvcH.exe
  2⤵
  PID:6056
- C:\Windows\System\uTZehuD.exe
  C:\Windows\System\uTZehuD.exe
  2⤵
  PID:6072
- C:\Windows\System\tEKaXXt.exe
  C:\Windows\System\tEKaXXt.exe
  2⤵
  PID:6116
- C:\Windows\System\KYcADyU.exe
  C:\Windows\System\KYcADyU.exe
  2⤵
  PID:6140
- C:\Windows\System\dGanSzi.exe
  C:\Windows\System\dGanSzi.exe
  2⤵
  PID:3404
- C:\Windows\System\ItSCTXK.exe
  C:\Windows\System\ItSCTXK.exe
  2⤵
  PID:3180
- C:\Windows\System\djWRhrK.exe
  C:\Windows\System\djWRhrK.exe
  2⤵
  PID:5152
- C:\Windows\System\hkcQNzo.exe
  C:\Windows\System\hkcQNzo.exe
  2⤵
  PID:5236
- C:\Windows\System\FmkhYmj.exe
  C:\Windows\System\FmkhYmj.exe
  2⤵
  PID:5300
- C:\Windows\System\VycFLwF.exe
  C:\Windows\System\VycFLwF.exe
  2⤵
  PID:5368
- C:\Windows\System\EyTUWnc.exe
  C:\Windows\System\EyTUWnc.exe
  2⤵
  PID:5396
- C:\Windows\System\DoQlRUo.exe
  C:\Windows\System\DoQlRUo.exe
  2⤵
  PID:5508
- C:\Windows\System\smpVgVC.exe
  C:\Windows\System\smpVgVC.exe
  2⤵
  PID:5572
- C:\Windows\System\fJVAUKE.exe
  C:\Windows\System\fJVAUKE.exe
  2⤵
  PID:5680
- C:\Windows\System\XxmPFIg.exe
  C:\Windows\System\XxmPFIg.exe
  2⤵
  PID:5740
- C:\Windows\System\AnpxgtV.exe
  C:\Windows\System\AnpxgtV.exe
  2⤵
  PID:5808
- C:\Windows\System\zwySErm.exe
  C:\Windows\System\zwySErm.exe
  2⤵
  PID:5872
- C:\Windows\System\fzUngJd.exe
  C:\Windows\System\fzUngJd.exe
  2⤵
  PID:5932
- C:\Windows\System\wWkTqKZ.exe
  C:\Windows\System\wWkTqKZ.exe
  2⤵
  PID:5984
- C:\Windows\System\DYfQmVj.exe
  C:\Windows\System\DYfQmVj.exe
  2⤵
  PID:6064
- C:\Windows\System\OqyKFIz.exe
  C:\Windows\System\OqyKFIz.exe
  2⤵
  PID:6096
- C:\Windows\System\tNsSfSA.exe
  C:\Windows\System\tNsSfSA.exe
  2⤵
  PID:2372
- C:\Windows\System\QYqBTwH.exe
  C:\Windows\System\QYqBTwH.exe
  2⤵
  PID:5392
- C:\Windows\System\cNFkqAo.exe
  C:\Windows\System\cNFkqAo.exe
  2⤵
  PID:5480
- C:\Windows\System\QeJlXwG.exe
  C:\Windows\System\QeJlXwG.exe
  2⤵
  PID:5636
- C:\Windows\System\rZxYqAX.exe
  C:\Windows\System\rZxYqAX.exe
  2⤵
  PID:5760
- C:\Windows\System\OnNBSob.exe
  C:\Windows\System\OnNBSob.exe
  2⤵
  PID:6172
- C:\Windows\System\HCYyIJc.exe
  C:\Windows\System\HCYyIJc.exe
  2⤵
  PID:6192
- C:\Windows\System\wpuQqWz.exe
  C:\Windows\System\wpuQqWz.exe
  2⤵
  PID:6208
- C:\Windows\System\JDIrdAe.exe
  C:\Windows\System\JDIrdAe.exe
  2⤵
  PID:6252
- C:\Windows\System\wUmZEeP.exe
  C:\Windows\System\wUmZEeP.exe
  2⤵
  PID:6276
- C:\Windows\System\FBSINiF.exe
  C:\Windows\System\FBSINiF.exe
  2⤵
  PID:6304
- C:\Windows\System\mlghRFv.exe
  C:\Windows\System\mlghRFv.exe
  2⤵
  PID:6332
- C:\Windows\System\JMHhwsM.exe
  C:\Windows\System\JMHhwsM.exe
  2⤵
  PID:6360
- C:\Windows\System\PUdWmue.exe
  C:\Windows\System\PUdWmue.exe
  2⤵
  PID:6388
- C:\Windows\System\IOphLTN.exe
  C:\Windows\System\IOphLTN.exe
  2⤵
  PID:6416
- C:\Windows\System\CGOLQBw.exe
  C:\Windows\System\CGOLQBw.exe
  2⤵
  PID:6444
- C:\Windows\System\OeyRHGF.exe
  C:\Windows\System\OeyRHGF.exe
  2⤵
  PID:6472
- C:\Windows\System\BgVhTBs.exe
  C:\Windows\System\BgVhTBs.exe
  2⤵
  PID:6512
- C:\Windows\System\hlguOso.exe
  C:\Windows\System\hlguOso.exe
  2⤵
  PID:6540
- C:\Windows\System\euMvNar.exe
  C:\Windows\System\euMvNar.exe
  2⤵
  PID:6556
- C:\Windows\System\PIuUfre.exe
  C:\Windows\System\PIuUfre.exe
  2⤵
  PID:6596
- C:\Windows\System\cHfnXjO.exe
  C:\Windows\System\cHfnXjO.exe
  2⤵
  PID:6612
- C:\Windows\System\MQTJfLt.exe
  C:\Windows\System\MQTJfLt.exe
  2⤵
  PID:6648
- C:\Windows\System\puAzBgF.exe
  C:\Windows\System\puAzBgF.exe
  2⤵
  PID:6668
- C:\Windows\System\dJLrgla.exe
  C:\Windows\System\dJLrgla.exe
  2⤵
  PID:6684
- C:\Windows\System\xghwTay.exe
  C:\Windows\System\xghwTay.exe
  2⤵
  PID:6724
- C:\Windows\System\rxXKgNn.exe
  C:\Windows\System\rxXKgNn.exe
  2⤵
  PID:6740
- C:\Windows\System\kfsyhEK.exe
  C:\Windows\System\kfsyhEK.exe
  2⤵
  PID:6784
- C:\Windows\System\kRTdpmt.exe
  C:\Windows\System\kRTdpmt.exe
  2⤵
  PID:6804
- C:\Windows\System\RJILzyn.exe
  C:\Windows\System\RJILzyn.exe
  2⤵
  PID:6824
- C:\Windows\System\WkFKone.exe
  C:\Windows\System\WkFKone.exe
  2⤵
  PID:6840
- C:\Windows\System\aAOlVDH.exe
  C:\Windows\System\aAOlVDH.exe
  2⤵
  PID:6876
- C:\Windows\System\gQqUrdW.exe
  C:\Windows\System\gQqUrdW.exe
  2⤵
  PID:6904
- C:\Windows\System\bzzioee.exe
  C:\Windows\System\bzzioee.exe
  2⤵
  PID:6952
- C:\Windows\System\DnuLBOS.exe
  C:\Windows\System\DnuLBOS.exe
  2⤵
  PID:6976
- C:\Windows\System\wmzdmWJ.exe
  C:\Windows\System\wmzdmWJ.exe
  2⤵
  PID:7004
- C:\Windows\System\ozvTJNg.exe
  C:\Windows\System\ozvTJNg.exe
  2⤵
  PID:7032
- C:\Windows\System\mKmXLJA.exe
  C:\Windows\System\mKmXLJA.exe
  2⤵
  PID:7060
- C:\Windows\System\fbxhjrx.exe
  C:\Windows\System\fbxhjrx.exe
  2⤵
  PID:7076
- C:\Windows\System\JmiTeAc.exe
  C:\Windows\System\JmiTeAc.exe
  2⤵
  PID:7104
- C:\Windows\System\zrEPvNf.exe
  C:\Windows\System\zrEPvNf.exe
  2⤵
  PID:7120
- C:\Windows\System\lNzJQaY.exe
  C:\Windows\System\lNzJQaY.exe
  2⤵
  PID:7148
- C:\Windows\System\eMfYyuA.exe
  C:\Windows\System\eMfYyuA.exe
  2⤵
  PID:5920
- C:\Windows\System\wTqDEIt.exe
  C:\Windows\System\wTqDEIt.exe
  2⤵
  PID:1396
- C:\Windows\System\vlfNCoi.exe
  C:\Windows\System\vlfNCoi.exe
  2⤵
  PID:5296
- C:\Windows\System\RRAnBhI.exe
  C:\Windows\System\RRAnBhI.exe
  2⤵
  PID:5624
- C:\Windows\System\TdhKDLY.exe
  C:\Windows\System\TdhKDLY.exe
  2⤵
  PID:6204
- C:\Windows\System\GMgKbxf.exe
  C:\Windows\System\GMgKbxf.exe
  2⤵
  PID:6236
- C:\Windows\System\pvNxHUG.exe
  C:\Windows\System\pvNxHUG.exe
  2⤵
  PID:6288
- C:\Windows\System\fwvyiDd.exe
  C:\Windows\System\fwvyiDd.exe
  2⤵
  PID:6320
- C:\Windows\System\phOnJCS.exe
  C:\Windows\System\phOnJCS.exe
  2⤵
  PID:6372
- C:\Windows\System\CBolHCq.exe
  C:\Windows\System\CBolHCq.exe
  2⤵
  PID:6404
- C:\Windows\System\nqutEqG.exe
  C:\Windows\System\nqutEqG.exe
  2⤵
  PID:6492
- C:\Windows\System\sfeXsLN.exe
  C:\Windows\System\sfeXsLN.exe
  2⤵
  PID:6520
- C:\Windows\System\rXfschN.exe
  C:\Windows\System\rXfschN.exe
  2⤵
  PID:6564
- C:\Windows\System\GlDFROk.exe
  C:\Windows\System\GlDFROk.exe
  2⤵
  PID:6620
- C:\Windows\System\qADPRbF.exe
  C:\Windows\System\qADPRbF.exe
  2⤵
  PID:6748
- C:\Windows\System\IAPxJrx.exe
  C:\Windows\System\IAPxJrx.exe
  2⤵
  PID:6896
- C:\Windows\System\nWHpEpL.exe
  C:\Windows\System\nWHpEpL.exe
  2⤵
  PID:6940
- C:\Windows\System\cRzcCaP.exe
  C:\Windows\System\cRzcCaP.exe
  2⤵
  PID:6992
- C:\Windows\System\DlSCffD.exe
  C:\Windows\System\DlSCffD.exe
  2⤵
  PID:7024
- C:\Windows\System\wGxFLhh.exe
  C:\Windows\System\wGxFLhh.exe
  2⤵
  PID:7092
- C:\Windows\System\NvMxDFp.exe
  C:\Windows\System\NvMxDFp.exe
  2⤵
  PID:5844
- C:\Windows\System\UXuahKO.exe
  C:\Windows\System\UXuahKO.exe
  2⤵
  PID:5676
- C:\Windows\System\aBMwlKg.exe
  C:\Windows\System\aBMwlKg.exe
  2⤵
  PID:5276
- C:\Windows\System\Sfldnqo.exe
  C:\Windows\System\Sfldnqo.exe
  2⤵
  PID:5724
- C:\Windows\System\VNHtpoo.exe
  C:\Windows\System\VNHtpoo.exe
  2⤵
  PID:6228
- C:\Windows\System\gDoTsNu.exe
  C:\Windows\System\gDoTsNu.exe
  2⤵
  PID:3024
- C:\Windows\System\SnzoPpH.exe
  C:\Windows\System\SnzoPpH.exe
  2⤵
  PID:2096
- C:\Windows\System\teowpDc.exe
  C:\Windows\System\teowpDc.exe
  2⤵
  PID:6456
- C:\Windows\System\OMUKpaJ.exe
  C:\Windows\System\OMUKpaJ.exe
  2⤵
  PID:6640
- C:\Windows\System\bULgDsI.exe
  C:\Windows\System\bULgDsI.exe
  2⤵
  PID:7172
- C:\Windows\System\iTbFiPa.exe
  C:\Windows\System\iTbFiPa.exe
  2⤵
  PID:7192
- C:\Windows\System\cqpeeSp.exe
  C:\Windows\System\cqpeeSp.exe
  2⤵
  PID:7208
- C:\Windows\System\bmxbttb.exe
  C:\Windows\System\bmxbttb.exe
  2⤵
  PID:7264
- C:\Windows\System\nsMyTuu.exe
  C:\Windows\System\nsMyTuu.exe
  2⤵
  PID:7280
- C:\Windows\System\anMPecw.exe
  C:\Windows\System\anMPecw.exe
  2⤵
  PID:7296
- C:\Windows\System\VmXSUmR.exe
  C:\Windows\System\VmXSUmR.exe
  2⤵
  PID:7316
- C:\Windows\System\OahZahY.exe
  C:\Windows\System\OahZahY.exe
  2⤵
  PID:7364
- C:\Windows\System\eUPdkQi.exe
  C:\Windows\System\eUPdkQi.exe
  2⤵
  PID:7384
- C:\Windows\System\ovSBNTb.exe
  C:\Windows\System\ovSBNTb.exe
  2⤵
  PID:7404
- C:\Windows\System\iDhOAwc.exe
  C:\Windows\System\iDhOAwc.exe
  2⤵
  PID:7424
- C:\Windows\System\NQLGHTU.exe
  C:\Windows\System\NQLGHTU.exe
  2⤵
  PID:7440
- C:\Windows\System\olyJGKh.exe
  C:\Windows\System\olyJGKh.exe
  2⤵
  PID:7456
- C:\Windows\System\RzKSmcq.exe
  C:\Windows\System\RzKSmcq.exe
  2⤵
  PID:7516
- C:\Windows\System\JyWjzKM.exe
  C:\Windows\System\JyWjzKM.exe
  2⤵
  PID:7596
- C:\Windows\System\cQeQCWU.exe
  C:\Windows\System\cQeQCWU.exe
  2⤵
  PID:7616
- C:\Windows\System\jsbPABt.exe
  C:\Windows\System\jsbPABt.exe
  2⤵
  PID:7632
- C:\Windows\System\OtNloTY.exe
  C:\Windows\System\OtNloTY.exe
  2⤵
  PID:7648
- C:\Windows\System\UZkBxCu.exe
  C:\Windows\System\UZkBxCu.exe
  2⤵
  PID:7664
- C:\Windows\System\loglnnm.exe
  C:\Windows\System\loglnnm.exe
  2⤵
  PID:7744
- C:\Windows\System\vxBIwyt.exe
  C:\Windows\System\vxBIwyt.exe
  2⤵
  PID:7764
- C:\Windows\System\ocFwNak.exe
  C:\Windows\System\ocFwNak.exe
  2⤵
  PID:7828
- C:\Windows\System\DSgccCU.exe
  C:\Windows\System\DSgccCU.exe
  2⤵
  PID:7848
- C:\Windows\System\qyltzYP.exe
  C:\Windows\System\qyltzYP.exe
  2⤵
  PID:7864
- C:\Windows\System\OdmoUSq.exe
  C:\Windows\System\OdmoUSq.exe
  2⤵
  PID:7880
- C:\Windows\System\WPjTPRo.exe
  C:\Windows\System\WPjTPRo.exe
  2⤵
  PID:7900
- C:\Windows\System\RredsbD.exe
  C:\Windows\System\RredsbD.exe
  2⤵
  PID:7924
- C:\Windows\System\pSBMGZE.exe
  C:\Windows\System\pSBMGZE.exe
  2⤵
  PID:8152
- C:\Windows\System\ShQpWTI.exe
  C:\Windows\System\ShQpWTI.exe
  2⤵
  PID:8168
- C:\Windows\System\csrYcWn.exe
  C:\Windows\System\csrYcWn.exe
  2⤵
  PID:8188
- C:\Windows\System\zXHDUKG.exe
  C:\Windows\System\zXHDUKG.exe
  2⤵
  PID:6864
- C:\Windows\System\JSodUmr.exe
  C:\Windows\System\JSodUmr.exe
  2⤵
  PID:7136
- C:\Windows\System\AgdskFn.exe
  C:\Windows\System\AgdskFn.exe
  2⤵
  PID:6272
- C:\Windows\System\iQePYZz.exe
  C:\Windows\System\iQePYZz.exe
  2⤵
  PID:6584
- C:\Windows\System\rLUvJnx.exe
  C:\Windows\System\rLUvJnx.exe
  2⤵
  PID:7184
- C:\Windows\System\DpEuKuG.exe
  C:\Windows\System\DpEuKuG.exe
  2⤵
  PID:7276
- C:\Windows\System\QfiUqHx.exe
  C:\Windows\System\QfiUqHx.exe
  2⤵
  PID:7572
- C:\Windows\System\smEbRWr.exe
  C:\Windows\System\smEbRWr.exe
  2⤵
  PID:7432
- C:\Windows\System\iTpHvWx.exe
  C:\Windows\System\iTpHvWx.exe
  2⤵
  PID:7608
- C:\Windows\System\nFzfkqd.exe
  C:\Windows\System\nFzfkqd.exe
  2⤵
  PID:7680
- C:\Windows\System\MToPbOs.exe
  C:\Windows\System\MToPbOs.exe
  2⤵
  PID:7836
- C:\Windows\System\UppNrdy.exe
  C:\Windows\System\UppNrdy.exe
  2⤵
  PID:4184
- C:\Windows\System\PgXWHsy.exe
  C:\Windows\System\PgXWHsy.exe
  2⤵
  PID:7944
- C:\Windows\System\ZOHsIgs.exe
  C:\Windows\System\ZOHsIgs.exe
  2⤵
  PID:548
- C:\Windows\System\lcNtLzI.exe
  C:\Windows\System\lcNtLzI.exe
  2⤵
  PID:4908
- C:\Windows\System\nwIMKnC.exe
  C:\Windows\System\nwIMKnC.exe
  2⤵
  PID:4332
- C:\Windows\System\qUSghdN.exe
  C:\Windows\System\qUSghdN.exe
  2⤵
  PID:1724
- C:\Windows\System\mPZDFfZ.exe
  C:\Windows\System\mPZDFfZ.exe
  2⤵
  PID:3592
- C:\Windows\System\NRvqeTT.exe
  C:\Windows\System\NRvqeTT.exe
  2⤵
  PID:1136
- C:\Windows\System\JwEzZrS.exe
  C:\Windows\System\JwEzZrS.exe
  2⤵
  PID:5196
- C:\Windows\System\YwIkBTI.exe
  C:\Windows\System\YwIkBTI.exe
  2⤵
  PID:1456
- C:\Windows\System\wfLfyla.exe
  C:\Windows\System\wfLfyla.exe
  2⤵
  PID:5208
- C:\Windows\System\zNNxlef.exe
  C:\Windows\System\zNNxlef.exe
  2⤵
  PID:4408
- C:\Windows\System\SiVRHRo.exe
  C:\Windows\System\SiVRHRo.exe
  2⤵
  PID:4188
- C:\Windows\System\mwhZXBn.exe
  C:\Windows\System\mwhZXBn.exe
  2⤵
  PID:2092
- C:\Windows\System\WhOOVbp.exe
  C:\Windows\System\WhOOVbp.exe
  2⤵
  PID:916
- C:\Windows\System\ygZrUmc.exe
  C:\Windows\System\ygZrUmc.exe
  2⤵
  PID:3372
- C:\Windows\System\YiyYKpM.exe
  C:\Windows\System\YiyYKpM.exe
  2⤵
  PID:2376
- C:\Windows\System\vYlsXtD.exe
  C:\Windows\System\vYlsXtD.exe
  2⤵
  PID:1444
- C:\Windows\System\LzXLYvM.exe
  C:\Windows\System\LzXLYvM.exe
  2⤵
  PID:1012
- C:\Windows\System\QSfxjzY.exe
  C:\Windows\System\QSfxjzY.exe
  2⤵
  PID:228
- C:\Windows\System\gjFEtuR.exe
  C:\Windows\System\gjFEtuR.exe
  2⤵
  PID:8164
- C:\Windows\System\CRGQEgg.exe
  C:\Windows\System\CRGQEgg.exe
  2⤵
  PID:4072
- C:\Windows\System\sQjmuYR.exe
  C:\Windows\System\sQjmuYR.exe
  2⤵
  PID:7072
- C:\Windows\System\wUrbnVB.exe
  C:\Windows\System\wUrbnVB.exe
  2⤵
  PID:6696
- C:\Windows\System\IMpPOEy.exe
  C:\Windows\System\IMpPOEy.exe
  2⤵
  PID:1460
- C:\Windows\System\cIYKFfF.exe
  C:\Windows\System\cIYKFfF.exe
  2⤵
  PID:7640
- C:\Windows\System\WLJAUVt.exe
  C:\Windows\System\WLJAUVt.exe
  2⤵
  PID:7856
- C:\Windows\System\XBRaxUz.exe
  C:\Windows\System\XBRaxUz.exe
  2⤵
  PID:7984
- C:\Windows\System\mieNOZv.exe
  C:\Windows\System\mieNOZv.exe
  2⤵
  PID:4932
- C:\Windows\System\pZjJpMO.exe
  C:\Windows\System\pZjJpMO.exe
  2⤵
  PID:4456
- C:\Windows\System\IxpnqsV.exe
  C:\Windows\System\IxpnqsV.exe
  2⤵
  PID:3584
- C:\Windows\System\CTqxMeT.exe
  C:\Windows\System\CTqxMeT.exe
  2⤵
  PID:5128
- C:\Windows\System\jUwWmad.exe
  C:\Windows\System\jUwWmad.exe
  2⤵
  PID:728
- C:\Windows\System\KsVniHL.exe
  C:\Windows\System\KsVniHL.exe
  2⤵
  PID:4420
- C:\Windows\System\yjtPXRc.exe
  C:\Windows\System\yjtPXRc.exe
  2⤵
  PID:3016
- C:\Windows\System\NmJmZbG.exe
  C:\Windows\System\NmJmZbG.exe
  2⤵
  PID:3640
- C:\Windows\System\HIzbiqM.exe
  C:\Windows\System\HIzbiqM.exe
  2⤵
  PID:6968
- C:\Windows\System\HlUteoD.exe
  C:\Windows\System\HlUteoD.exe
  2⤵
  PID:7180
- C:\Windows\System\ilNSbOE.exe
  C:\Windows\System\ilNSbOE.exe
  2⤵
  PID:4760
- C:\Windows\System\feRdywW.exe
  C:\Windows\System\feRdywW.exe
  2⤵
  PID:7672
- C:\Windows\System\UNpEzwR.exe
  C:\Windows\System\UNpEzwR.exe
  2⤵
  PID:8012
- C:\Windows\System\dxXNQjI.exe
  C:\Windows\System\dxXNQjI.exe
  2⤵
  PID:1868
- C:\Windows\System\UdzmBHB.exe
  C:\Windows\System\UdzmBHB.exe
  2⤵
  PID:4676
- C:\Windows\System\uhyJcAZ.exe
  C:\Windows\System\uhyJcAZ.exe
  2⤵
  PID:4572
- C:\Windows\System\GWYedfi.exe
  C:\Windows\System\GWYedfi.exe
  2⤵
  PID:7068
- C:\Windows\System\DAiqMEB.exe
  C:\Windows\System\DAiqMEB.exe
  2⤵
  PID:7604
- C:\Windows\System\FIVsnCi.exe
  C:\Windows\System\FIVsnCi.exe
  2⤵
  PID:2292
- C:\Windows\System\kPjMTrk.exe
  C:\Windows\System\kPjMTrk.exe
  2⤵
  PID:4588
- C:\Windows\System\wWavmzv.exe
  C:\Windows\System\wWavmzv.exe
  2⤵
  PID:7308
- C:\Windows\System\mWJlFIj.exe
  C:\Windows\System\mWJlFIj.exe
  2⤵
  PID:2064
- C:\Windows\System\XFyDqTe.exe
  C:\Windows\System\XFyDqTe.exe
  2⤵
  PID:8204
- C:\Windows\System\nUEIDpG.exe
  C:\Windows\System\nUEIDpG.exe
  2⤵
  PID:8244
- C:\Windows\System\UoraRnk.exe
  C:\Windows\System\UoraRnk.exe
  2⤵
  PID:8268
- C:\Windows\System\wQuIBPZ.exe
  C:\Windows\System\wQuIBPZ.exe
  2⤵
  PID:8300
- C:\Windows\System\bjodueL.exe
  C:\Windows\System\bjodueL.exe
  2⤵
  PID:8324
- C:\Windows\System\GymkmKe.exe
  C:\Windows\System\GymkmKe.exe
  2⤵
  PID:8356
- C:\Windows\System\fBzRoAY.exe
  C:\Windows\System\fBzRoAY.exe
  2⤵
  PID:8392
- C:\Windows\System\VYStmwI.exe
  C:\Windows\System\VYStmwI.exe
  2⤵
  PID:8444
- C:\Windows\System\ErEFgsI.exe
  C:\Windows\System\ErEFgsI.exe
  2⤵
  PID:8472
- C:\Windows\System\oBfklUX.exe
  C:\Windows\System\oBfklUX.exe
  2⤵
  PID:8508
- C:\Windows\System\jueMZlH.exe
  C:\Windows\System\jueMZlH.exe
  2⤵
  PID:8556
- C:\Windows\System\dKYczqV.exe
  C:\Windows\System\dKYczqV.exe
  2⤵
  PID:8596
- C:\Windows\System\lrBjndh.exe
  C:\Windows\System\lrBjndh.exe
  2⤵
  PID:8624
- C:\Windows\System\IuGOzdC.exe
  C:\Windows\System\IuGOzdC.exe
  2⤵
  PID:8656
- C:\Windows\System\TxwDxXa.exe
  C:\Windows\System\TxwDxXa.exe
  2⤵
  PID:8696
- C:\Windows\System\rSTHOti.exe
  C:\Windows\System\rSTHOti.exe
  2⤵
  PID:8724
- C:\Windows\System\ncmCety.exe
  C:\Windows\System\ncmCety.exe
  2⤵
  PID:8744
- C:\Windows\System\wkCIxco.exe
  C:\Windows\System\wkCIxco.exe
  2⤵
  PID:8796
- C:\Windows\System\mxmIsmz.exe
  C:\Windows\System\mxmIsmz.exe
  2⤵
  PID:8816
- C:\Windows\System\QpkaZWi.exe
  C:\Windows\System\QpkaZWi.exe
  2⤵
  PID:8844
- C:\Windows\System\JWEuGNX.exe
  C:\Windows\System\JWEuGNX.exe
  2⤵
  PID:8872
- C:\Windows\System\xJNkVWi.exe
  C:\Windows\System\xJNkVWi.exe
  2⤵
  PID:8900
- C:\Windows\System\GIjNjZg.exe
  C:\Windows\System\GIjNjZg.exe
  2⤵
  PID:8928
- C:\Windows\System\HsNqLYe.exe
  C:\Windows\System\HsNqLYe.exe
  2⤵
  PID:8972
- C:\Windows\System\KfyHAeZ.exe
  C:\Windows\System\KfyHAeZ.exe
  2⤵
  PID:8988
- C:\Windows\System\RfemZvJ.exe
  C:\Windows\System\RfemZvJ.exe
  2⤵
  PID:9016
- C:\Windows\System\Qdvwoov.exe
  C:\Windows\System\Qdvwoov.exe
  2⤵
  PID:9044
- C:\Windows\System\gOOHLJs.exe
  C:\Windows\System\gOOHLJs.exe
  2⤵
  PID:9072
- C:\Windows\System\LukmvZb.exe
  C:\Windows\System\LukmvZb.exe
  2⤵
  PID:9100
- C:\Windows\System\mbuuWFP.exe
  C:\Windows\System\mbuuWFP.exe
  2⤵
  PID:9128
- C:\Windows\System\rPLlOjs.exe
  C:\Windows\System\rPLlOjs.exe
  2⤵
  PID:9156
- C:\Windows\System\wwwHhko.exe
  C:\Windows\System\wwwHhko.exe
  2⤵
  PID:9192
- C:\Windows\System\Nhhmulk.exe
  C:\Windows\System\Nhhmulk.exe
  2⤵
  PID:5188
- C:\Windows\System\LrxyOBV.exe
  C:\Windows\System\LrxyOBV.exe
  2⤵
  PID:5176
- C:\Windows\System\JvIXgfl.exe
  C:\Windows\System\JvIXgfl.exe
  2⤵
  PID:8312
- C:\Windows\System\UdCGqrR.exe
  C:\Windows\System\UdCGqrR.exe
  2⤵
  PID:8352
- C:\Windows\System\FbbBVCy.exe
  C:\Windows\System\FbbBVCy.exe
  2⤵
  PID:8456
- C:\Windows\System\ahRDKQC.exe
  C:\Windows\System\ahRDKQC.exe
  2⤵
  PID:8536
- C:\Windows\System\bOUsysv.exe
  C:\Windows\System\bOUsysv.exe
  2⤵
  PID:8616
- C:\Windows\System\gYsGZVL.exe
  C:\Windows\System\gYsGZVL.exe
  2⤵
  PID:5840
- C:\Windows\System\adAOLZv.exe
  C:\Windows\System\adAOLZv.exe
  2⤵
  PID:7116
- C:\Windows\System\XcVahvi.exe
  C:\Windows\System\XcVahvi.exe
  2⤵
  PID:8740
- C:\Windows\System\RDwmiWP.exe
  C:\Windows\System\RDwmiWP.exe
  2⤵
  PID:8808
- C:\Windows\System\CUgMJlG.exe
  C:\Windows\System\CUgMJlG.exe
  2⤵
  PID:8852
- C:\Windows\System\QityfDD.exe
  C:\Windows\System\QityfDD.exe
  2⤵
  PID:8924
- C:\Windows\System\Zmgmbbl.exe
  C:\Windows\System\Zmgmbbl.exe
  2⤵
  PID:8984
- C:\Windows\System\MNXVLkE.exe
  C:\Windows\System\MNXVLkE.exe
  2⤵
  PID:9064
- C:\Windows\System\ZPqLiyT.exe
  C:\Windows\System\ZPqLiyT.exe
  2⤵
  PID:9124
- C:\Windows\System\YPVubhN.exe
  C:\Windows\System\YPVubhN.exe
  2⤵
  PID:9180
- C:\Windows\System\qSIQBxR.exe
  C:\Windows\System\qSIQBxR.exe
  2⤵
  PID:8296
- C:\Windows\System\sUrJQVd.exe
  C:\Windows\System\sUrJQVd.exe
  2⤵
  PID:8492
- C:\Windows\System\qlzEzoS.exe
  C:\Windows\System\qlzEzoS.exe
  2⤵
  PID:8652
- C:\Windows\System\sKLxJbz.exe
  C:\Windows\System\sKLxJbz.exe
  2⤵
  PID:8920
- C:\Windows\System\sgUsvGz.exe
  C:\Windows\System\sgUsvGz.exe
  2⤵
  PID:9184
- C:\Windows\System\zebplQL.exe
  C:\Windows\System\zebplQL.exe
  2⤵
  PID:5536
- C:\Windows\System\CAiNFUt.exe
  C:\Windows\System\CAiNFUt.exe
  2⤵
  PID:8860
- C:\Windows\System\pOExWCE.exe
  C:\Windows\System\pOExWCE.exe
  2⤵
  PID:8432
- C:\Windows\System\wRcuBbI.exe
  C:\Windows\System\wRcuBbI.exe
  2⤵
  PID:9232
- C:\Windows\System\wvzNzZS.exe
  C:\Windows\System\wvzNzZS.exe
  2⤵
  PID:9264
- C:\Windows\System\kGPOfte.exe
  C:\Windows\System\kGPOfte.exe
  2⤵
  PID:9280
- C:\Windows\System\LEtWpIQ.exe
  C:\Windows\System\LEtWpIQ.exe
  2⤵
  PID:9300
- C:\Windows\System\qSDatrb.exe
  C:\Windows\System\qSDatrb.exe
  2⤵
  PID:9324
- C:\Windows\System\AGgmMcl.exe
  C:\Windows\System\AGgmMcl.exe
  2⤵
  PID:9376
- C:\Windows\System\uXtUAul.exe
  C:\Windows\System\uXtUAul.exe
  2⤵
  PID:9396
- C:\Windows\System\aeVkOYN.exe
  C:\Windows\System\aeVkOYN.exe
  2⤵
  PID:9432
- C:\Windows\System\DFdrRYd.exe
  C:\Windows\System\DFdrRYd.exe
  2⤵
  PID:9456
- C:\Windows\System\ifIrSNP.exe
  C:\Windows\System\ifIrSNP.exe
  2⤵
  PID:9472
- C:\Windows\System\irXawZo.exe
  C:\Windows\System\irXawZo.exe
  2⤵
  PID:9508
- C:\Windows\System\oosYWzd.exe
  C:\Windows\System\oosYWzd.exe
  2⤵
  PID:9564
- C:\Windows\System\QtZBDxV.exe
  C:\Windows\System\QtZBDxV.exe
  2⤵
  PID:9596
- C:\Windows\System\kvJojNw.exe
  C:\Windows\System\kvJojNw.exe
  2⤵
  PID:9624
- C:\Windows\System\lkvPoHJ.exe
  C:\Windows\System\lkvPoHJ.exe
  2⤵
  PID:9652
- C:\Windows\System\PhyWSpy.exe
  C:\Windows\System\PhyWSpy.exe
  2⤵
  PID:9672
- C:\Windows\System\HiPwBFU.exe
  C:\Windows\System\HiPwBFU.exe
  2⤵
  PID:9708
- C:\Windows\System\iIYJStE.exe
  C:\Windows\System\iIYJStE.exe
  2⤵
  PID:9736
- C:\Windows\System\EaJyTtd.exe
  C:\Windows\System\EaJyTtd.exe
  2⤵
  PID:9760
- C:\Windows\System\zYDDnUP.exe
  C:\Windows\System\zYDDnUP.exe
  2⤵
  PID:9800
- C:\Windows\System\EpTmpDA.exe
  C:\Windows\System\EpTmpDA.exe
  2⤵
  PID:9820
- C:\Windows\System\ANFjLtK.exe
  C:\Windows\System\ANFjLtK.exe
  2⤵
  PID:9852
- C:\Windows\System\uHkXyDb.exe
  C:\Windows\System\uHkXyDb.exe
  2⤵
  PID:9884
- C:\Windows\System\NCHyjEs.exe
  C:\Windows\System\NCHyjEs.exe
  2⤵
  PID:9916
- C:\Windows\System\ekbHvad.exe
  C:\Windows\System\ekbHvad.exe
  2⤵
  PID:9948
- C:\Windows\System\UgxCwJP.exe
  C:\Windows\System\UgxCwJP.exe
  2⤵
  PID:9972
- C:\Windows\System\gIFGMVT.exe
  C:\Windows\System\gIFGMVT.exe
  2⤵
  PID:9992
- C:\Windows\System\mYzrdIz.exe
  C:\Windows\System\mYzrdIz.exe
  2⤵
  PID:10020
- C:\Windows\System\Tjpwcjt.exe
  C:\Windows\System\Tjpwcjt.exe
  2⤵
  PID:10048
- C:\Windows\System\wOoolOJ.exe
  C:\Windows\System\wOoolOJ.exe
  2⤵
  PID:10092
- C:\Windows\System\SCvvmhB.exe
  C:\Windows\System\SCvvmhB.exe
  2⤵
  PID:10132
- C:\Windows\System\FVaUATQ.exe
  C:\Windows\System\FVaUATQ.exe
  2⤵
  PID:10220
- C:\Windows\System\brQHPcs.exe
  C:\Windows\System\brQHPcs.exe
  2⤵
  PID:5828
- C:\Windows\System\KTOCWYQ.exe
  C:\Windows\System\KTOCWYQ.exe
  2⤵
  PID:9336
- C:\Windows\System\EdZStPV.exe
  C:\Windows\System\EdZStPV.exe
  2⤵
  PID:9544
- C:\Windows\System\feaTLcc.exe
  C:\Windows\System\feaTLcc.exe
  2⤵
  PID:9556
- C:\Windows\System\XthDHzW.exe
  C:\Windows\System\XthDHzW.exe
  2⤵
  PID:9620
- C:\Windows\System\XdFQyHl.exe
  C:\Windows\System\XdFQyHl.exe
  2⤵
  PID:9720
- C:\Windows\System\vLcOhJD.exe
  C:\Windows\System\vLcOhJD.exe
  2⤵
  PID:9792
- C:\Windows\System\dgyPfpI.exe
  C:\Windows\System\dgyPfpI.exe
  2⤵
  PID:9828
- C:\Windows\System\EfADzIL.exe
  C:\Windows\System\EfADzIL.exe
  2⤵
  PID:9896
- C:\Windows\System\FBGdINH.exe
  C:\Windows\System\FBGdINH.exe
  2⤵
  PID:9968
- C:\Windows\System\rVkhntq.exe
  C:\Windows\System\rVkhntq.exe
  2⤵
  PID:10000
- C:\Windows\System\WpPslZl.exe
  C:\Windows\System\WpPslZl.exe
  2⤵
  PID:10112
- C:\Windows\System\wWJZBOD.exe
  C:\Windows\System\wWJZBOD.exe
  2⤵
  PID:9912
- C:\Windows\System\vteyAXU.exe
  C:\Windows\System\vteyAXU.exe
  2⤵
  PID:5892
- C:\Windows\System\KDbduUf.exe
  C:\Windows\System\KDbduUf.exe
  2⤵
  PID:6124
- C:\Windows\System\PHFNUDN.exe
  C:\Windows\System\PHFNUDN.exe
  2⤵
  PID:5284
- C:\Windows\System\tHKWyus.exe
  C:\Windows\System\tHKWyus.exe
  2⤵
  PID:6156
- C:\Windows\System\HeqDQsu.exe
  C:\Windows\System\HeqDQsu.exe
  2⤵
  PID:6284
- C:\Windows\System\YAwyQFG.exe
  C:\Windows\System\YAwyQFG.exe
  2⤵
  PID:6368
- C:\Windows\System\LPJApTs.exe
  C:\Windows\System\LPJApTs.exe
  2⤵
  PID:10116
- C:\Windows\System\YiPlpuD.exe
  C:\Windows\System\YiPlpuD.exe
  2⤵
  PID:748
- C:\Windows\System\pTGReti.exe
  C:\Windows\System\pTGReti.exe
  2⤵
  PID:1320
- C:\Windows\System\YyCmizi.exe
  C:\Windows\System\YyCmizi.exe
  2⤵
  PID:3788
- C:\Windows\System\fUXLZQd.exe
  C:\Windows\System\fUXLZQd.exe
  2⤵
  PID:4924
- C:\Windows\System\thTsGXS.exe
  C:\Windows\System\thTsGXS.exe
  2⤵
  PID:9288
- C:\Windows\System\ATIBWgc.exe
  C:\Windows\System\ATIBWgc.exe
  2⤵
  PID:8076
- C:\Windows\System\GWxtkTV.exe
  C:\Windows\System\GWxtkTV.exe
  2⤵
  PID:9392
- C:\Windows\System\ylCGUAw.exe
  C:\Windows\System\ylCGUAw.exe
  2⤵
  PID:10236
- C:\Windows\System\WMVVwfQ.exe
  C:\Windows\System\WMVVwfQ.exe
  2⤵
  PID:7724
- C:\Windows\System\QzHrXaw.exe
  C:\Windows\System\QzHrXaw.exe
  2⤵
  PID:6708
- C:\Windows\System\GlaYyxD.exe
  C:\Windows\System\GlaYyxD.exe
  2⤵
  PID:6756
- C:\Windows\System\KcEpiMP.exe
  C:\Windows\System\KcEpiMP.exe
  2⤵
  PID:2772
- C:\Windows\System\KnSebyZ.exe
  C:\Windows\System\KnSebyZ.exe
  2⤵
  PID:6920
- C:\Windows\System\BWaLyfM.exe
  C:\Windows\System\BWaLyfM.exe
  2⤵
  PID:7156
- C:\Windows\System\LJtsJEg.exe
  C:\Windows\System\LJtsJEg.exe
  2⤵
  PID:6188
- C:\Windows\System\hPFELfz.exe
  C:\Windows\System\hPFELfz.exe
  2⤵
  PID:6760
- C:\Windows\System\RFBGeya.exe
  C:\Windows\System\RFBGeya.exe
  2⤵
  PID:6932
- C:\Windows\System\IKDZdXf.exe
  C:\Windows\System\IKDZdXf.exe
  2⤵
  PID:6316
- C:\Windows\System\tblqXAp.exe
  C:\Windows\System\tblqXAp.exe
  2⤵
  PID:7292
- C:\Windows\System\zPfKYPH.exe
  C:\Windows\System\zPfKYPH.exe
  2⤵
  PID:232
- C:\Windows\System\SwmeZza.exe
  C:\Windows\System\SwmeZza.exe
  2⤵
  PID:3076
- C:\Windows\System\QAknJEM.exe
  C:\Windows\System\QAknJEM.exe
  2⤵
  PID:6948
- C:\Windows\System\ixCGTfn.exe
  C:\Windows\System\ixCGTfn.exe
  2⤵
  PID:5896
- C:\Windows\System\QCgOyoC.exe
  C:\Windows\System\QCgOyoC.exe
  2⤵
  PID:6868
- C:\Windows\System\XQyrbqk.exe
  C:\Windows\System\XQyrbqk.exe
  2⤵
  PID:3384
- C:\Windows\System\LGiBhJJ.exe
  C:\Windows\System\LGiBhJJ.exe
  2⤵
  PID:860
- C:\Windows\System\liscQhw.exe
  C:\Windows\System\liscQhw.exe
  2⤵
  PID:764
- C:\Windows\System\HsmUnAA.exe
  C:\Windows\System\HsmUnAA.exe
  2⤵
  PID:2412
- C:\Windows\System\diEXirW.exe
  C:\Windows\System\diEXirW.exe
  2⤵
  PID:404
- C:\Windows\System\UtqKUNU.exe
  C:\Windows\System\UtqKUNU.exe
  2⤵
  PID:3408
- C:\Windows\System\gmcXOSJ.exe
  C:\Windows\System\gmcXOSJ.exe
  2⤵
  PID:6084
- C:\Windows\System\oLVzXwP.exe
  C:\Windows\System\oLVzXwP.exe
  2⤵
  PID:9608
- C:\Windows\System\eCdEDwW.exe
  C:\Windows\System\eCdEDwW.exe
  2⤵
  PID:9684
- C:\Windows\System\ypIIoJn.exe
  C:\Windows\System\ypIIoJn.exe
  2⤵
  PID:9768
- C:\Windows\System\YLlqDmj.exe
  C:\Windows\System\YLlqDmj.exe
  2⤵
  PID:2936
- C:\Windows\System\dRizTSL.exe
  C:\Windows\System\dRizTSL.exe
  2⤵
  PID:10072
- C:\Windows\System\jikmzcN.exe
  C:\Windows\System\jikmzcN.exe
  2⤵
  PID:10124
- C:\Windows\System\yWoVhcU.exe
  C:\Windows\System\yWoVhcU.exe
  2⤵
  PID:10004
- C:\Windows\System\hTLAXvA.exe
  C:\Windows\System\hTLAXvA.exe
  2⤵
  PID:1696
- C:\Windows\System\zxyFwnp.exe
  C:\Windows\System\zxyFwnp.exe
  2⤵
  PID:7548
- C:\Windows\System\OowaqPM.exe
  C:\Windows\System\OowaqPM.exe
  2⤵
  PID:10184
- C:\Windows\System\vzLNSeD.exe
  C:\Windows\System\vzLNSeD.exe
  2⤵
  PID:10176
- C:\Windows\System\UjUwxTr.exe
  C:\Windows\System\UjUwxTr.exe
  2⤵
  PID:10212
- C:\Windows\System\tzpncyY.exe
  C:\Windows\System\tzpncyY.exe
  2⤵
  PID:7736
- C:\Windows\System\IPKrVCa.exe
  C:\Windows\System\IPKrVCa.exe
  2⤵
  PID:8092
- C:\Windows\System\HchLFpz.exe
  C:\Windows\System\HchLFpz.exe
  2⤵
  PID:4292
- C:\Windows\System\FIzizMS.exe
  C:\Windows\System\FIzizMS.exe
  2⤵
  PID:5488
- C:\Windows\System\BkMCIXi.exe
  C:\Windows\System\BkMCIXi.exe
  2⤵
  PID:6820
- C:\Windows\System\dVSmUrl.exe
  C:\Windows\System\dVSmUrl.exe
  2⤵
  PID:5168
- C:\Windows\System\gIWtkNV.exe
  C:\Windows\System\gIWtkNV.exe
  2⤵
  PID:8024
- C:\Windows\System\KMbVVRc.exe
  C:\Windows\System\KMbVVRc.exe
  2⤵
  PID:5324
- C:\Windows\System\OnAqKvt.exe
  C:\Windows\System\OnAqKvt.exe
  2⤵
  PID:6656
- C:\Windows\System\VmrgZAD.exe
  C:\Windows\System\VmrgZAD.exe
  2⤵
  PID:5304
- C:\Windows\System\IhZEhUn.exe
  C:\Windows\System\IhZEhUn.exe
  2⤵
  PID:5784
- C:\Windows\System\jTkCcus.exe
  C:\Windows\System\jTkCcus.exe
  2⤵
  PID:5380
- C:\Windows\System\lFrXeNn.exe
  C:\Windows\System\lFrXeNn.exe
  2⤵
  PID:7100
- C:\Windows\System\cYvkObQ.exe
  C:\Windows\System\cYvkObQ.exe
  2⤵
  PID:7088
- C:\Windows\System\ofltmgU.exe
  C:\Windows\System\ofltmgU.exe
  2⤵
  PID:1940
- C:\Windows\System\jYmEAbp.exe
  C:\Windows\System\jYmEAbp.exe
  2⤵
  PID:4696
- C:\Windows\System\CzEPREb.exe
  C:\Windows\System\CzEPREb.exe
  2⤵
  PID:4384
- C:\Windows\System\rwGRTin.exe
  C:\Windows\System\rwGRTin.exe
  2⤵
  PID:6736
- C:\Windows\System\VwYPSDm.exe
  C:\Windows\System\VwYPSDm.exe
  2⤵
  PID:10188
- C:\Windows\System\DcbRPnX.exe
  C:\Windows\System\DcbRPnX.exe
  2⤵
  PID:4656
- C:\Windows\System\ehtWVoX.exe
  C:\Windows\System\ehtWVoX.exe
  2⤵
  PID:9872
- C:\Windows\System\gzViPUh.exe
  C:\Windows\System\gzViPUh.exe
  2⤵
  PID:10076
- C:\Windows\System\wqGDMAE.exe
  C:\Windows\System\wqGDMAE.exe
  2⤵
  PID:5768
- C:\Windows\System\hvvezMG.exe
  C:\Windows\System\hvvezMG.exe
  2⤵
  PID:5260
- C:\Windows\System\nSjJTRB.exe
  C:\Windows\System\nSjJTRB.exe
  2⤵
  PID:10100
- C:\Windows\System\AbChNaJ.exe
  C:\Windows\System\AbChNaJ.exe
  2⤵
  PID:3300
- C:\Windows\System\TYISdwo.exe
  C:\Windows\System\TYISdwo.exe
  2⤵
  PID:7756
- C:\Windows\System\IvYXYAl.exe
  C:\Windows\System\IvYXYAl.exe
  2⤵
  PID:9500
- C:\Windows\System\uHVARGP.exe
  C:\Windows\System\uHVARGP.exe
  2⤵
  PID:6888
- C:\Windows\System\dgZsvzl.exe
  C:\Windows\System\dgZsvzl.exe
  2⤵
  PID:5980
- C:\Windows\System\teFfTfu.exe
  C:\Windows\System\teFfTfu.exe
  2⤵
  PID:5996
- C:\Windows\System\ClVHcsk.exe
  C:\Windows\System\ClVHcsk.exe
  2⤵
  PID:9252
- C:\Windows\System\FOZeOoG.exe
  C:\Windows\System\FOZeOoG.exe
  2⤵
  PID:4300
- C:\Windows\System\eLXqKaI.exe
  C:\Windows\System\eLXqKaI.exe
  2⤵
  PID:6136
- C:\Windows\System\iwJIZGB.exe
  C:\Windows\System\iwJIZGB.exe
  2⤵
  PID:1140
- C:\Windows\System\ihGsaWd.exe
  C:\Windows\System\ihGsaWd.exe
  2⤵
  PID:264
- C:\Windows\System\VUZuHPJ.exe
  C:\Windows\System\VUZuHPJ.exe
  2⤵
  PID:2508
- C:\Windows\System\GlFXSch.exe
  C:\Windows\System\GlFXSch.exe
  2⤵
  PID:9812
- C:\Windows\System\CDFvVdy.exe
  C:\Windows\System\CDFvVdy.exe
  2⤵
  PID:5340
- C:\Windows\System\beQFgkD.exe
  C:\Windows\System\beQFgkD.exe
  2⤵
  PID:7028
- C:\Windows\System\sUuReZS.exe
  C:\Windows\System\sUuReZS.exe
  2⤵
  PID:2364
- C:\Windows\System\RuPMxzO.exe
  C:\Windows\System\RuPMxzO.exe
  2⤵
  PID:5456
- C:\Windows\System\RMJLVvP.exe
  C:\Windows\System\RMJLVvP.exe
  2⤵
  PID:5952
- C:\Windows\System\TZzkJXb.exe
  C:\Windows\System\TZzkJXb.exe
  2⤵
  PID:5700
- C:\Windows\System\zMcJYSo.exe
  C:\Windows\System\zMcJYSo.exe
  2⤵
  PID:5632
- C:\Windows\System\sMdPGCX.exe
  C:\Windows\System\sMdPGCX.exe
  2⤵
  PID:5756
- C:\Windows\System\HNgHzLe.exe
  C:\Windows\System\HNgHzLe.exe
  2⤵
  PID:3296
- C:\Windows\System\EGyJFJZ.exe
  C:\Windows\System\EGyJFJZ.exe
  2⤵
  PID:2512
- C:\Windows\System\wTYEoei.exe
  C:\Windows\System\wTYEoei.exe
  2⤵
  PID:10156
- C:\Windows\System\acFSFZL.exe
  C:\Windows\System\acFSFZL.exe
  2⤵
  PID:5436
- C:\Windows\System\lIgvTOi.exe
  C:\Windows\System\lIgvTOi.exe
  2⤵
  PID:5988
- C:\Windows\System\GrNsQpy.exe
  C:\Windows\System\GrNsQpy.exe
  2⤵
  PID:6132
- C:\Windows\System\plMHxtN.exe
  C:\Windows\System\plMHxtN.exe
  2⤵
  PID:6624
- C:\Windows\System\hnCogTg.exe
  C:\Windows\System\hnCogTg.exe
  2⤵
  PID:664
- C:\Windows\System\xCKjUbD.exe
  C:\Windows\System\xCKjUbD.exe
  2⤵
  PID:1092
- C:\Windows\System\pRFNZts.exe
  C:\Windows\System\pRFNZts.exe
  2⤵
  PID:5472
- C:\Windows\System\KpDbevB.exe
  C:\Windows\System\KpDbevB.exe
  2⤵
  PID:10260
- C:\Windows\System\QfVYcHU.exe
  C:\Windows\System\QfVYcHU.exe
  2⤵
  PID:10288
- C:\Windows\System\CqObXIU.exe
  C:\Windows\System\CqObXIU.exe
  2⤵
  PID:10320
- C:\Windows\System\PSULggi.exe
  C:\Windows\System\PSULggi.exe
  2⤵
  PID:10344
- C:\Windows\System\vEZOtbd.exe
  C:\Windows\System\vEZOtbd.exe
  2⤵
  PID:10372
- C:\Windows\System\duNejSk.exe
  C:\Windows\System\duNejSk.exe
  2⤵
  PID:10400
- C:\Windows\System\zmkcicJ.exe
  C:\Windows\System\zmkcicJ.exe
  2⤵
  PID:10428
- C:\Windows\System\MqtFeyq.exe
  C:\Windows\System\MqtFeyq.exe
  2⤵
  PID:10456
- C:\Windows\System\KRJzPwn.exe
  C:\Windows\System\KRJzPwn.exe
  2⤵
  PID:10484
- C:\Windows\System\MUPvVYD.exe
  C:\Windows\System\MUPvVYD.exe
  2⤵
  PID:10532
- C:\Windows\System\GzYdiqN.exe
  C:\Windows\System\GzYdiqN.exe
  2⤵
  PID:10556
- C:\Windows\System\qEvsDzU.exe
  C:\Windows\System\qEvsDzU.exe
  2⤵
  PID:10584
- C:\Windows\System\LofuTbP.exe
  C:\Windows\System\LofuTbP.exe
  2⤵
  PID:10612
- C:\Windows\System\QlhFXuY.exe
  C:\Windows\System\QlhFXuY.exe
  2⤵
  PID:10636
- C:\Windows\System\jbpzqKa.exe
  C:\Windows\System\jbpzqKa.exe
  2⤵
  PID:10668
- C:\Windows\System\IkXzGrb.exe
  C:\Windows\System\IkXzGrb.exe
  2⤵
  PID:10692
- C:\Windows\System\Vblfqph.exe
  C:\Windows\System\Vblfqph.exe
  2⤵
  PID:10724
- C:\Windows\System\dIawsAe.exe
  C:\Windows\System\dIawsAe.exe
  2⤵
  PID:10760
- C:\Windows\System\DFAiQzJ.exe
  C:\Windows\System\DFAiQzJ.exe
  2⤵
  PID:10784
- C:\Windows\System\cAnNXhV.exe
  C:\Windows\System\cAnNXhV.exe
  2⤵
  PID:10816
- C:\Windows\System\UIjJwZv.exe
  C:\Windows\System\UIjJwZv.exe
  2⤵
  PID:10844
- C:\Windows\System\pCnZTnd.exe
  C:\Windows\System\pCnZTnd.exe
  2⤵
  PID:10872
- C:\Windows\System\SXjivoZ.exe
  C:\Windows\System\SXjivoZ.exe
  2⤵
  PID:10900
- C:\Windows\System\cEqjjLx.exe
  C:\Windows\System\cEqjjLx.exe
  2⤵
  PID:10928
- C:\Windows\System\FCRuwPJ.exe
  C:\Windows\System\FCRuwPJ.exe
  2⤵
  PID:10948
- C:\Windows\System\LfrEuTx.exe
  C:\Windows\System\LfrEuTx.exe
  2⤵
  PID:10980
- C:\Windows\System\BVKYGul.exe
  C:\Windows\System\BVKYGul.exe
  2⤵
  PID:11004
- C:\Windows\System\rJjJsMX.exe
  C:\Windows\System\rJjJsMX.exe
  2⤵
  PID:11040
- C:\Windows\System\MzNvRpV.exe
  C:\Windows\System\MzNvRpV.exe
  2⤵
  PID:11068
- C:\Windows\System\ZsBhHYv.exe
  C:\Windows\System\ZsBhHYv.exe
  2⤵
  PID:11088
- C:\Windows\System\fxcrCev.exe
  C:\Windows\System\fxcrCev.exe
  2⤵
  PID:11116
- C:\Windows\System\qeQNmJN.exe
  C:\Windows\System\qeQNmJN.exe
  2⤵
  PID:11144
- C:\Windows\System\JIdlsBe.exe
  C:\Windows\System\JIdlsBe.exe
  2⤵
  PID:11180
- C:\Windows\System\GDNZkpa.exe
  C:\Windows\System\GDNZkpa.exe
  2⤵
  PID:11208
- C:\Windows\System\NEBeWhj.exe
  C:\Windows\System\NEBeWhj.exe
  2⤵
  PID:11236
- C:\Windows\System\qlOPnYw.exe
  C:\Windows\System\qlOPnYw.exe
  2⤵
  PID:10244
- C:\Windows\System\RwsNCwx.exe
  C:\Windows\System\RwsNCwx.exe
  2⤵
  PID:10308
- C:\Windows\System\KcDUVZX.exe
  C:\Windows\System\KcDUVZX.exe
  2⤵
  PID:10368
- C:\Windows\System\AQBpvzA.exe
  C:\Windows\System\AQBpvzA.exe
  2⤵
  PID:10424
- C:\Windows\System\YsVyEeb.exe
  C:\Windows\System\YsVyEeb.exe
  2⤵
  PID:1668
- C:\Windows\System\hdZmgja.exe
  C:\Windows\System\hdZmgja.exe
  2⤵
  PID:10572
- C:\Windows\System\lmpmWPd.exe
  C:\Windows\System\lmpmWPd.exe
  2⤵
  PID:10596
- C:\Windows\System\FcgFzJv.exe
  C:\Windows\System\FcgFzJv.exe
  2⤵
  PID:10644
- C:\Windows\System\qlphiTr.exe
  C:\Windows\System\qlphiTr.exe
  2⤵
  PID:6592
- C:\Windows\System\UkuvkvR.exe
  C:\Windows\System\UkuvkvR.exe
  2⤵
  PID:10756
- C:\Windows\System\gNEehAw.exe
  C:\Windows\System\gNEehAw.exe
  2⤵
  PID:1080
- C:\Windows\System\FclCYKd.exe
  C:\Windows\System\FclCYKd.exe
  2⤵
  PID:10860
- C:\Windows\System\hrovWrs.exe
  C:\Windows\System\hrovWrs.exe
  2⤵
  PID:10912
- C:\Windows\System\rTUXGKY.exe
  C:\Windows\System\rTUXGKY.exe
  2⤵
  PID:11000
- C:\Windows\System\SrsmXwQ.exe
  C:\Windows\System\SrsmXwQ.exe
  2⤵
  PID:11056
- C:\Windows\System\drmLCeF.exe
  C:\Windows\System\drmLCeF.exe
  2⤵
  PID:11108
- C:\Windows\System\EZSAmmq.exe
  C:\Windows\System\EZSAmmq.exe
  2⤵
  PID:11156
- C:\Windows\System\lcMDmRp.exe
  C:\Windows\System\lcMDmRp.exe
  2⤵
  PID:11220
- C:\Windows\System\VRuFoFu.exe
  C:\Windows\System\VRuFoFu.exe
  2⤵
  PID:10272
- C:\Windows\System\QJRDDtj.exe
  C:\Windows\System\QJRDDtj.exe
  2⤵
  PID:10396
- C:\Windows\System\upzSqhY.exe
  C:\Windows\System\upzSqhY.exe
  2⤵
  PID:10564
- C:\Windows\System\qvAiPnd.exe
  C:\Windows\System\qvAiPnd.exe
  2⤵
  PID:10628
- C:\Windows\System\KJelkQh.exe
  C:\Windows\System\KJelkQh.exe
  2⤵
  PID:1800
- C:\Windows\System\JCujTrZ.exe
  C:\Windows\System\JCujTrZ.exe
  2⤵
  PID:10908
- C:\Windows\System\ZsokNES.exe
  C:\Windows\System\ZsokNES.exe
  2⤵
  PID:11080
- C:\Windows\System\gGiKkWJ.exe
  C:\Windows\System\gGiKkWJ.exe
  2⤵
  PID:11188
- C:\Windows\System\tUhlQVC.exe
  C:\Windows\System\tUhlQVC.exe
  2⤵
  PID:10336
- C:\Windows\System\WEprjJw.exe
  C:\Windows\System\WEprjJw.exe
  2⤵
  PID:10684
- C:\Windows\System\liWsodU.exe
  C:\Windows\System\liWsodU.exe
  2⤵
  PID:10832
- C:\Windows\System\MmSbFWU.exe
  C:\Windows\System\MmSbFWU.exe
  2⤵
  PID:11216
- C:\Windows\System\TKOiJrU.exe
  C:\Windows\System\TKOiJrU.exe
  2⤵
  PID:10524
- C:\Windows\System\SGVlaRi.exe
  C:\Windows\System\SGVlaRi.exe
  2⤵
  PID:10468
- C:\Windows\System\SyjgJUH.exe
  C:\Windows\System\SyjgJUH.exe
  2⤵
  PID:11288
- C:\Windows\System\tSszLkj.exe
  C:\Windows\System\tSszLkj.exe
  2⤵
  PID:11312
- C:\Windows\System\alLbfjL.exe
  C:\Windows\System\alLbfjL.exe
  2⤵
  PID:11340
- C:\Windows\System\UxAlRVH.exe
  C:\Windows\System\UxAlRVH.exe
  2⤵
  PID:11368
- C:\Windows\System\wEjOcZc.exe
  C:\Windows\System\wEjOcZc.exe
  2⤵
  PID:11396
- C:\Windows\System\tFgdZwy.exe
  C:\Windows\System\tFgdZwy.exe
  2⤵
  PID:11428
- C:\Windows\System\rJJnKnN.exe
  C:\Windows\System\rJJnKnN.exe
  2⤵
  PID:11452
- C:\Windows\System\VlTmrfI.exe
  C:\Windows\System\VlTmrfI.exe
  2⤵
  PID:11480
- C:\Windows\System\FQhUvle.exe
  C:\Windows\System\FQhUvle.exe
  2⤵
  PID:11508
- C:\Windows\System\YYFVSHi.exe
  C:\Windows\System\YYFVSHi.exe
  2⤵
  PID:11536
- C:\Windows\System\UKuXyXD.exe
  C:\Windows\System\UKuXyXD.exe
  2⤵
  PID:11564
- C:\Windows\System\SDKrjmj.exe
  C:\Windows\System\SDKrjmj.exe
  2⤵
  PID:11592
- C:\Windows\System\xXPwJps.exe
  C:\Windows\System\xXPwJps.exe
  2⤵
  PID:11620
- C:\Windows\System\gcURIxO.exe
  C:\Windows\System\gcURIxO.exe
  2⤵
  PID:11652
- C:\Windows\System\EouLAhL.exe
  C:\Windows\System\EouLAhL.exe
  2⤵
  PID:11676
- C:\Windows\System\AqvgDnS.exe
  C:\Windows\System\AqvgDnS.exe
  2⤵
  PID:11720
- C:\Windows\System\XnzBxLG.exe
  C:\Windows\System\XnzBxLG.exe
  2⤵
  PID:11744
- C:\Windows\System\elvDTWY.exe
  C:\Windows\System\elvDTWY.exe
  2⤵
  PID:11764
- C:\Windows\System\nFBnzdj.exe
  C:\Windows\System\nFBnzdj.exe
  2⤵
  PID:11796
- C:\Windows\System\ebfFvSO.exe
  C:\Windows\System\ebfFvSO.exe
  2⤵
  PID:11824
- C:\Windows\System\rTaZPTn.exe
  C:\Windows\System\rTaZPTn.exe
  2⤵
  PID:11852
- C:\Windows\System\ezBOrNE.exe
  C:\Windows\System\ezBOrNE.exe
  2⤵
  PID:11880
- C:\Windows\System\LtUumsc.exe
  C:\Windows\System\LtUumsc.exe
  2⤵
  PID:11908
- C:\Windows\System\lsIgjiS.exe
  C:\Windows\System\lsIgjiS.exe
  2⤵
  PID:11936
- C:\Windows\System\oLJghcs.exe
  C:\Windows\System\oLJghcs.exe
  2⤵
  PID:11964
- C:\Windows\System\VLuYzSo.exe
  C:\Windows\System\VLuYzSo.exe
  2⤵
  PID:11992
- C:\Windows\System\YaexKjd.exe
  C:\Windows\System\YaexKjd.exe
  2⤵
  PID:12020
- C:\Windows\System\gdcAGfS.exe
  C:\Windows\System\gdcAGfS.exe
  2⤵
  PID:12052
- C:\Windows\System\Cktnujq.exe
  C:\Windows\System\Cktnujq.exe
  2⤵
  PID:12076
- C:\Windows\System\TzKywXf.exe
  C:\Windows\System\TzKywXf.exe
  2⤵
  PID:12104
- C:\Windows\System\rukYcJF.exe
  C:\Windows\System\rukYcJF.exe
  2⤵
  PID:12132
- C:\Windows\System\KPuZIug.exe
  C:\Windows\System\KPuZIug.exe
  2⤵
  PID:12160
- C:\Windows\System\uTydWrT.exe
  C:\Windows\System\uTydWrT.exe
  2⤵
  PID:12188
- C:\Windows\System\EbYtcfM.exe
  C:\Windows\System\EbYtcfM.exe
  2⤵
  PID:12216
- C:\Windows\System\jWriXlU.exe
  C:\Windows\System\jWriXlU.exe
  2⤵
  PID:12244
- C:\Windows\System\rAAgmde.exe
  C:\Windows\System\rAAgmde.exe
  2⤵
  PID:12272
- C:\Windows\System\hZpoIWP.exe
  C:\Windows\System\hZpoIWP.exe
  2⤵
  PID:11280
- C:\Windows\System\yUzPOhV.exe
  C:\Windows\System\yUzPOhV.exe
  2⤵
  PID:11352
- C:\Windows\System\goLWjJB.exe
  C:\Windows\System\goLWjJB.exe
  2⤵
  PID:11416
- C:\Windows\System\bonOtpL.exe
  C:\Windows\System\bonOtpL.exe
  2⤵
  PID:6380
- C:\Windows\System\wimXuKd.exe
  C:\Windows\System\wimXuKd.exe
  2⤵
  PID:11528
- C:\Windows\System\TfiIqcW.exe
  C:\Windows\System\TfiIqcW.exe
  2⤵
  PID:11588
- C:\Windows\System\WeceLDf.exe
  C:\Windows\System\WeceLDf.exe
  2⤵
  PID:11644
- C:\Windows\System\lXfPDlM.exe
  C:\Windows\System\lXfPDlM.exe
  2⤵
  PID:6464
- C:\Windows\System\lrkclUy.exe
  C:\Windows\System\lrkclUy.exe
  2⤵
  PID:11756
- C:\Windows\System\vqQeyZn.exe
  C:\Windows\System\vqQeyZn.exe
  2⤵
  PID:7244
- C:\Windows\System\TOKYRFr.exe
  C:\Windows\System\TOKYRFr.exe
  2⤵
  PID:11848
- C:\Windows\System\gsjjgbA.exe
  C:\Windows\System\gsjjgbA.exe
  2⤵
  PID:7324
- C:\Windows\System\HCsRynW.exe
  C:\Windows\System\HCsRynW.exe
  2⤵
  PID:11948
- C:\Windows\System\iXksOcE.exe
  C:\Windows\System\iXksOcE.exe
  2⤵
  PID:11988
- C:\Windows\System\MTNoOmq.exe
  C:\Windows\System\MTNoOmq.exe
  2⤵
  PID:7420
- C:\Windows\System\aKMlHUg.exe
  C:\Windows\System\aKMlHUg.exe
  2⤵
  PID:7564
- C:\Windows\System\TnNqxhi.exe
  C:\Windows\System\TnNqxhi.exe
  2⤵
  PID:12096
- C:\Windows\System\xszGFuf.exe
  C:\Windows\System\xszGFuf.exe
  2⤵
  PID:7592
- C:\Windows\System\eMPrlLq.exe
  C:\Windows\System\eMPrlLq.exe
  2⤵
  PID:12172
- C:\Windows\System\ULUqxCr.exe
  C:\Windows\System\ULUqxCr.exe
  2⤵
  PID:12236
- C:\Windows\System\haaptRv.exe
  C:\Windows\System\haaptRv.exe
  2⤵
  PID:7676
- C:\Windows\System\yZVZpUk.exe
  C:\Windows\System\yZVZpUk.exe
  2⤵
  PID:12268
- C:\Windows\System\uieMnhE.exe
  C:\Windows\System\uieMnhE.exe
  2⤵
  PID:11308
- C:\Windows\System\zuyiREt.exe
  C:\Windows\System\zuyiREt.exe
  2⤵
  PID:7824
- C:\Windows\System\ImbaUxK.exe
  C:\Windows\System\ImbaUxK.exe
  2⤵
  PID:11556
- C:\Windows\System\DXICioP.exe
  C:\Windows\System\DXICioP.exe
  2⤵
  PID:7216
- C:\Windows\System\tILkMnu.exe
  C:\Windows\System\tILkMnu.exe
  2⤵
  PID:7228
- C:\Windows\System\VXcqvvC.exe
  C:\Windows\System\VXcqvvC.exe
  2⤵
  PID:7956
- C:\Windows\System\mDcDBal.exe
  C:\Windows\System\mDcDBal.exe
  2⤵
  PID:11820
- C:\Windows\System\nuTYyRj.exe
  C:\Windows\System\nuTYyRj.exe
  2⤵
  PID:11932
- C:\Windows\System\wRoKqTa.exe
  C:\Windows\System\wRoKqTa.exe
  2⤵
  PID:8048
- C:\Windows\System\atNPcIp.exe
  C:\Windows\System\atNPcIp.exe
  2⤵
  PID:12040
- C:\Windows\System\HghWkBs.exe
  C:\Windows\System\HghWkBs.exe
  2⤵
  PID:12088
- C:\Windows\System\EkZBSHK.exe
  C:\Windows\System\EkZBSHK.exe
  2⤵
  PID:12200
- C:\Windows\System\lwTyMrR.exe
  C:\Windows\System\lwTyMrR.exe
  2⤵
  PID:7708
- C:\Windows\System\fRnKGGi.exe
  C:\Windows\System\fRnKGGi.exe
  2⤵
  PID:11444
- C:\Windows\System\qqJiChX.exe
  C:\Windows\System\qqJiChX.exe
  2⤵
  PID:11672
- C:\Windows\System\BCIYOVz.exe
  C:\Windows\System\BCIYOVz.exe
  2⤵
  PID:11836
- C:\Windows\System\aHBqsPG.exe
  C:\Windows\System\aHBqsPG.exe
  2⤵
  PID:8052
- C:\Windows\System\LvtdTdb.exe
  C:\Windows\System\LvtdTdb.exe
  2⤵
  PID:12072
- C:\Windows\System\hwXasQk.exe
  C:\Windows\System\hwXasQk.exe
  2⤵
  PID:11784
- C:\Windows\System\glxVlTX.exe
  C:\Windows\System\glxVlTX.exe
  2⤵
  PID:7988
- C:\Windows\System\zvhTaLa.exe
  C:\Windows\System\zvhTaLa.exe
  2⤵
  PID:7492
- C:\Windows\System\hjmREMo.exe
  C:\Windows\System\hjmREMo.exe
  2⤵
  PID:11976
- C:\Windows\System\qGNDLIA.exe
  C:\Windows\System\qGNDLIA.exe
  2⤵
  PID:11760
- C:\Windows\System\yxwcrkA.exe
  C:\Windows\System\yxwcrkA.exe
  2⤵
  PID:12304
- C:\Windows\System\jFWIWZI.exe
  C:\Windows\System\jFWIWZI.exe
  2⤵
  PID:12332
- C:\Windows\System\WEFOOfL.exe
  C:\Windows\System\WEFOOfL.exe
  2⤵
  PID:12360
- C:\Windows\System\esOPdAg.exe
  C:\Windows\System\esOPdAg.exe
  2⤵
  PID:12388
- C:\Windows\System\kkioFqG.exe
  C:\Windows\System\kkioFqG.exe
  2⤵
  PID:12416
- C:\Windows\System\KOJIkGu.exe
  C:\Windows\System\KOJIkGu.exe
  2⤵
  PID:12444
- C:\Windows\System\IrGPpKN.exe
  C:\Windows\System\IrGPpKN.exe
  2⤵
  PID:12472
- C:\Windows\System\mVCMNGl.exe
  C:\Windows\System\mVCMNGl.exe
  2⤵
  PID:12500
- C:\Windows\System\FRCdOpx.exe
  C:\Windows\System\FRCdOpx.exe
  2⤵
  PID:12536
- C:\Windows\System\kpGCNJz.exe
  C:\Windows\System\kpGCNJz.exe
  2⤵
  PID:12564
- C:\Windows\System\mCrjqKt.exe
  C:\Windows\System\mCrjqKt.exe
  2⤵
  PID:12588
- C:\Windows\System\xZKVbyF.exe
  C:\Windows\System\xZKVbyF.exe
  2⤵
  PID:12616
- C:\Windows\System\XWsRrdU.exe
  C:\Windows\System\XWsRrdU.exe
  2⤵
  PID:12656
- C:\Windows\System\rfjQmiW.exe
  C:\Windows\System\rfjQmiW.exe
  2⤵
  PID:12672
- C:\Windows\System\HYbUDkf.exe
  C:\Windows\System\HYbUDkf.exe
  2⤵
  PID:12700
- C:\Windows\System\zKUIDon.exe
  C:\Windows\System\zKUIDon.exe
  2⤵
  PID:12728
- C:\Windows\System\RYfSgbV.exe
  C:\Windows\System\RYfSgbV.exe
  2⤵
  PID:12756
- C:\Windows\System\STtyApC.exe
  C:\Windows\System\STtyApC.exe
  2⤵
  PID:12784
- C:\Windows\System\IYEhAms.exe
  C:\Windows\System\IYEhAms.exe
  2⤵
  PID:12820
- C:\Windows\System\OVMmuqi.exe
  C:\Windows\System\OVMmuqi.exe
  2⤵
  PID:12840
- C:\Windows\System\EhzVGFx.exe
  C:\Windows\System\EhzVGFx.exe
  2⤵
  PID:12868
- C:\Windows\System\qBetGzq.exe
  C:\Windows\System\qBetGzq.exe
  2⤵
  PID:12896
- C:\Windows\System\BtyaIqG.exe
  C:\Windows\System\BtyaIqG.exe
  2⤵
  PID:12924
- C:\Windows\System\WXVQMAq.exe
  C:\Windows\System\WXVQMAq.exe
  2⤵
  PID:12952
- C:\Windows\System\RIDYIFG.exe
  C:\Windows\System\RIDYIFG.exe
  2⤵
  PID:12980
- C:\Windows\System\iYvUYIH.exe
  C:\Windows\System\iYvUYIH.exe
  2⤵
  PID:13008
- C:\Windows\System\zNbtoXS.exe
  C:\Windows\System\zNbtoXS.exe
  2⤵
  PID:13036
- C:\Windows\System\NlUJxRf.exe
  C:\Windows\System\NlUJxRf.exe
  2⤵
  PID:13064
- C:\Windows\System\YNGqpfK.exe
  C:\Windows\System\YNGqpfK.exe
  2⤵
  PID:13092
- C:\Windows\System\TMTtFjF.exe
  C:\Windows\System\TMTtFjF.exe
  2⤵
  PID:13120
- C:\Windows\System\GUoODcG.exe
  C:\Windows\System\GUoODcG.exe
  2⤵
  PID:13156
- C:\Windows\System\bPTMVPh.exe
  C:\Windows\System\bPTMVPh.exe
  2⤵
  PID:13180
- C:\Windows\System\GEVOnsJ.exe
  C:\Windows\System\GEVOnsJ.exe
  2⤵
  PID:13208
- C:\Windows\System\kdvJyOK.exe
  C:\Windows\System\kdvJyOK.exe
  2⤵
  PID:13236
- C:\Windows\System\RrtsBHd.exe
  C:\Windows\System\RrtsBHd.exe
  2⤵
  PID:13264
- C:\Windows\System\QgTKtDZ.exe
  C:\Windows\System\QgTKtDZ.exe
  2⤵
  PID:13292
- C:\Windows\System\SZTbzAG.exe
  C:\Windows\System\SZTbzAG.exe
  2⤵
  PID:12300
- C:\Windows\System\gGMNXAN.exe
  C:\Windows\System\gGMNXAN.exe
  2⤵
  PID:12372
- C:\Windows\System\bLCeDgc.exe
  C:\Windows\System\bLCeDgc.exe
  2⤵
  PID:12408
- C:\Windows\System\RRtEYAo.exe
  C:\Windows\System\RRtEYAo.exe
  2⤵
  PID:6424
- C:\Windows\System\InXvKXg.exe
  C:\Windows\System\InXvKXg.exe
  2⤵
  PID:12468
- C:\Windows\System\EBJwdob.exe
  C:\Windows\System\EBJwdob.exe
  2⤵
  PID:7272
- C:\Windows\System\eVqNmbO.exe
  C:\Windows\System\eVqNmbO.exe
  2⤵
  PID:7392
- C:\Windows\System\zAwEuSW.exe
  C:\Windows\System\zAwEuSW.exe
  2⤵
  PID:7508
- C:\Windows\System\nkHGnVi.exe
  C:\Windows\System\nkHGnVi.exe
  2⤵
  PID:12628
- C:\Windows\System\TBhlpQq.exe
  C:\Windows\System\TBhlpQq.exe
  2⤵
  PID:12640
- C:\Windows\System\jAkzUBc.exe
  C:\Windows\System\jAkzUBc.exe
  2⤵
  PID:7976
- C:\Windows\System\oFnXcuC.exe
  C:\Windows\System\oFnXcuC.exe
  2⤵
  PID:12740
- C:\Windows\System\hpLUafa.exe
  C:\Windows\System\hpLUafa.exe
  2⤵
  PID:12780
- C:\Windows\System\zVHOkqa.exe
  C:\Windows\System\zVHOkqa.exe
  2⤵
  PID:12812
- C:\Windows\System\ZpJiduT.exe
  C:\Windows\System\ZpJiduT.exe
  2⤵
  PID:1628
- C:\Windows\System\BknKgdy.exe
  C:\Windows\System\BknKgdy.exe
  2⤵
  PID:12908
- C:\Windows\System\plwzORC.exe
  C:\Windows\System\plwzORC.exe
  2⤵
  PID:5192
- C:\Windows\System\uaSFLfA.exe
  C:\Windows\System\uaSFLfA.exe
  2⤵
  PID:12976
- C:\Windows\System\VkyKKNV.exe
  C:\Windows\System\VkyKKNV.exe
  2⤵
  PID:13020
- C:\Windows\System\fPftwdR.exe
  C:\Windows\System\fPftwdR.exe
  2⤵
  PID:13060
- C:\Windows\System\IKrScWa.exe
  C:\Windows\System\IKrScWa.exe
  2⤵
  PID:4872
- C:\Windows\System\wxjrZmN.exe
  C:\Windows\System\wxjrZmN.exe
  2⤵
  PID:13144
- C:\Windows\System\pRWYCew.exe
  C:\Windows\System\pRWYCew.exe
  2⤵
  PID:4100
- C:\Windows\System\MgfTVHu.exe
  C:\Windows\System\MgfTVHu.exe
  2⤵
  PID:13260
- C:\Windows\System\yXEGFsg.exe
  C:\Windows\System\yXEGFsg.exe
  2⤵
  PID:13284
- C:\Windows\System\MYUOslz.exe
  C:\Windows\System\MYUOslz.exe
  2⤵
  PID:7248
- C:\Windows\System\xyhqmpJ.exe
  C:\Windows\System\xyhqmpJ.exe
  2⤵
  PID:7400
- C:\Windows\System\bpOnMHK.exe
  C:\Windows\System\bpOnMHK.exe
  2⤵
  PID:7896
- C:\Windows\System\OcwFJeS.exe
  C:\Windows\System\OcwFJeS.exe
  2⤵
  PID:7256
- C:\Windows\System\DhQFABi.exe
  C:\Windows\System\DhQFABi.exe
  2⤵
  PID:12524
- C:\Windows\System\oixosjl.exe
  C:\Windows\System\oixosjl.exe
  2⤵
  PID:4668
- C:\Windows\System\kMWJbiL.exe
  C:\Windows\System\kMWJbiL.exe
  2⤵
  PID:12684
- C:\Windows\System\DdyMCFl.exe
  C:\Windows\System\DdyMCFl.exe
  2⤵
  PID:12748
- C:\Windows\System\wJDqutm.exe
  C:\Windows\System\wJDqutm.exe
  2⤵
  PID:5004
- C:\Windows\System\GHROgUm.exe
  C:\Windows\System\GHROgUm.exe
  2⤵
  PID:12864
- C:\Windows\System\ystlIfm.exe
  C:\Windows\System\ystlIfm.exe
  2⤵
  PID:3680
- C:\Windows\System\MfHFVgB.exe
  C:\Windows\System\MfHFVgB.exe
  2⤵
  PID:13000
- C:\Windows\System\YokWLCa.exe
  C:\Windows\System\YokWLCa.exe
  2⤵
  PID:7396
- C:\Windows\System\BjQEJwY.exe
  C:\Windows\System\BjQEJwY.exe
  2⤵
  PID:13172
- C:\Windows\System\XNfzZae.exe
  C:\Windows\System\XNfzZae.exe
  2⤵
  PID:4772
- C:\Windows\System\QehmVIR.exe
  C:\Windows\System\QehmVIR.exe
  2⤵
  PID:3516
- C:\Windows\System\SrjfNfC.exe
  C:\Windows\System\SrjfNfC.exe
  2⤵
  PID:864
- C:\Windows\System\acBDTux.exe
  C:\Windows\System\acBDTux.exe
  2⤵
  PID:12464
- C:\Windows\System\VikJUIv.exe
  C:\Windows\System\VikJUIv.exe
  2⤵
  PID:8212
- C:\Windows\System\WlbWxnd.exe
  C:\Windows\System\WlbWxnd.exe
  2⤵
  PID:3552
- C:\Windows\System\BqpLszg.exe
  C:\Windows\System\BqpLszg.exe
  2⤵
  PID:3820
- C:\Windows\System\CInnZpL.exe
  C:\Windows\System\CInnZpL.exe
  2⤵
  PID:8136
- C:\Windows\System\poYgFnw.exe
  C:\Windows\System\poYgFnw.exe
  2⤵
  PID:12992
- C:\Windows\System\zdFpesZ.exe
  C:\Windows\System\zdFpesZ.exe
  2⤵
  PID:8412
- C:\Windows\System\egYzOdC.exe
  C:\Windows\System\egYzOdC.exe
  2⤵
  PID:13220
- C:\Windows\System\SuyucvT.exe
  C:\Windows\System\SuyucvT.exe
  2⤵
  PID:8532
- C:\Windows\System\GNKCaIg.exe
  C:\Windows\System\GNKCaIg.exe
  2⤵
  PID:6268
- C:\Windows\System\WUQQdYF.exe
  C:\Windows\System\WUQQdYF.exe
  2⤵
  PID:8672
- C:\Windows\System\jWbEhkS.exe
  C:\Windows\System\jWbEhkS.exe
  2⤵
  PID:12720
- C:\Windows\System\BxxddPm.exe
  C:\Windows\System\BxxddPm.exe
  2⤵
  PID:8364
- C:\Windows\System\oiZurud.exe
  C:\Windows\System\oiZurud.exe
  2⤵
  PID:8788
- C:\Windows\System\CFCIrTt.exe
  C:\Windows\System\CFCIrTt.exe
  2⤵
  PID:8544
- C:\Windows\System\CpFamxp.exe
  C:\Windows\System\CpFamxp.exe
  2⤵
  PID:8868
- C:\Windows\System\YaNhblu.exe
  C:\Windows\System\YaNhblu.exe
  2⤵
  PID:8712
- C:\Windows\System\FxhojFd.exe
  C:\Windows\System\FxhojFd.exe
  2⤵
  PID:8908
- C:\Windows\System\qkJGZcw.exe
  C:\Windows\System\qkJGZcw.exe
  2⤵
  PID:388
- C:\Windows\System\xjmUeZl.exe
  C:\Windows\System\xjmUeZl.exe
  2⤵
  PID:8880
- C:\Windows\System\BNYFnwm.exe
  C:\Windows\System\BNYFnwm.exe
  2⤵
  PID:8936
- C:\Windows\System\vLRlvxP.exe
  C:\Windows\System\vLRlvxP.exe
  2⤵
  PID:3036
- C:\Windows\System\rPSBblB.exe
  C:\Windows\System\rPSBblB.exe
  2⤵
  PID:8772
- C:\Windows\System\CDNjeMy.exe
  C:\Windows\System\CDNjeMy.exe
  2⤵
  PID:9136
- C:\Windows\System\wtFxfcy.exe
  C:\Windows\System\wtFxfcy.exe
  2⤵
  PID:224
- C:\Windows\System\wwrYTSR.exe
  C:\Windows\System\wwrYTSR.exe
  2⤵
  PID:13328
- C:\Windows\System\UESNAGH.exe
  C:\Windows\System\UESNAGH.exe
  2⤵
  PID:13356
- C:\Windows\System\steqqmp.exe
  C:\Windows\System\steqqmp.exe
  2⤵
  PID:13384
- C:\Windows\System\lRMjDsf.exe
  C:\Windows\System\lRMjDsf.exe
  2⤵
  PID:13412
- C:\Windows\System\YEmOMkc.exe
  C:\Windows\System\YEmOMkc.exe
  2⤵
  PID:13440
- C:\Windows\System\NfxbjEB.exe
  C:\Windows\System\NfxbjEB.exe
  2⤵
  PID:13468
- C:\Windows\System\oYuqCKd.exe
  C:\Windows\System\oYuqCKd.exe
  2⤵
  PID:13496
- C:\Windows\System\IXzozcg.exe
  C:\Windows\System\IXzozcg.exe
  2⤵
  PID:13524
- C:\Windows\System\CbQFaho.exe
  C:\Windows\System\CbQFaho.exe
  2⤵
  PID:13552
- C:\Windows\System\JjTgAKb.exe
  C:\Windows\System\JjTgAKb.exe
  2⤵
  PID:13580
- C:\Windows\System\AWQsGnS.exe
  C:\Windows\System\AWQsGnS.exe
  2⤵
  PID:13608
- C:\Windows\System\iSbguPi.exe
  C:\Windows\System\iSbguPi.exe
  2⤵
  PID:13636
- C:\Windows\System\aJdJlrf.exe
  C:\Windows\System\aJdJlrf.exe
  2⤵
  PID:13664
- C:\Windows\System\viZKKNW.exe
  C:\Windows\System\viZKKNW.exe
  2⤵
  PID:13692
- C:\Windows\System\mmcXTkM.exe
  C:\Windows\System\mmcXTkM.exe
  2⤵
  PID:13720
- C:\Windows\System\RGCSPgP.exe
  C:\Windows\System\RGCSPgP.exe
  2⤵
  PID:13752
- C:\Windows\System\BSnSpOv.exe
  C:\Windows\System\BSnSpOv.exe
  2⤵
  PID:13776
- C:\Windows\System\iuZkPFH.exe
  C:\Windows\System\iuZkPFH.exe
  2⤵
  PID:13804
- C:\Windows\System\QgbWdLl.exe
  C:\Windows\System\QgbWdLl.exe
  2⤵
  PID:13832
- C:\Windows\System\EOBEcCW.exe
  C:\Windows\System\EOBEcCW.exe
  2⤵
  PID:13864
- C:\Windows\System\busTbXx.exe
  C:\Windows\System\busTbXx.exe
  2⤵
  PID:13892
- C:\Windows\System\BdlRpAZ.exe
  C:\Windows\System\BdlRpAZ.exe
  2⤵
  PID:13920
- C:\Windows\System\EowpcQa.exe
  C:\Windows\System\EowpcQa.exe
  2⤵
  PID:13948
- C:\Windows\System\QUhGEjU.exe
  C:\Windows\System\QUhGEjU.exe
  2⤵
  PID:13976
- C:\Windows\System\VOdAshL.exe
  C:\Windows\System\VOdAshL.exe
  2⤵
  PID:14004
- C:\Windows\System\ldlyXgD.exe
  C:\Windows\System\ldlyXgD.exe
  2⤵
  PID:14032
- C:\Windows\System\FmBpxSY.exe
  C:\Windows\System\FmBpxSY.exe
  2⤵
  PID:14060
- C:\Windows\System\LIjDyZy.exe
  C:\Windows\System\LIjDyZy.exe
  2⤵
  PID:14088
- C:\Windows\System\BiGifMn.exe
  C:\Windows\System\BiGifMn.exe
  2⤵
  PID:14116
- C:\Windows\System\nQIuWXI.exe
  C:\Windows\System\nQIuWXI.exe
  2⤵
  PID:14144
- C:\Windows\System\tzADdgI.exe
  C:\Windows\System\tzADdgI.exe
  2⤵
  PID:14172
- C:\Windows\System\fLPFclK.exe
  C:\Windows\System\fLPFclK.exe
  2⤵
  PID:14200
- C:\Windows\System\XwRYaKb.exe
  C:\Windows\System\XwRYaKb.exe
  2⤵
  PID:14240
- C:\Windows\System\aCsRmvn.exe
  C:\Windows\System\aCsRmvn.exe
  2⤵
  PID:14256
- C:\Windows\System\WQxSYdE.exe
  C:\Windows\System\WQxSYdE.exe
  2⤵
  PID:14284
- C:\Windows\System\JtWqXwT.exe
  C:\Windows\System\JtWqXwT.exe
  2⤵
  PID:14312
- C:\Windows\System\kHcdUGV.exe
  C:\Windows\System\kHcdUGV.exe
  2⤵
  PID:13320
- C:\Windows\System\mbTInHe.exe
  C:\Windows\System\mbTInHe.exe
  2⤵
  PID:13352
- C:\Windows\System\sCHtodI.exe
  C:\Windows\System\sCHtodI.exe
  2⤵
  PID:13424
- C:\Windows\System\tOeKARc.exe
  C:\Windows\System\tOeKARc.exe
  2⤵
  PID:13464
- C:\Windows\System\orPIbOL.exe
  C:\Windows\System\orPIbOL.exe
  2⤵
  PID:8428
- C:\Windows\System\mkqRHgv.exe
  C:\Windows\System\mkqRHgv.exe
  2⤵
  PID:13520
- C:\Windows\System\ilXODTR.exe
  C:\Windows\System\ilXODTR.exe
  2⤵
  PID:13572
- C:\Windows\System\RZUDxrZ.exe
  C:\Windows\System\RZUDxrZ.exe
  2⤵
  PID:13604
- C:\Windows\System\whRZtIT.exe
  C:\Windows\System\whRZtIT.exe
  2⤵
  PID:13676
- C:\Windows\System\MPJTVGF.exe
  C:\Windows\System\MPJTVGF.exe
  2⤵
  PID:8884
- C:\Windows\System\WFSZmZn.exe
  C:\Windows\System\WFSZmZn.exe
  2⤵
  PID:13760
- C:\Windows\System\KplyixK.exe
  C:\Windows\System\KplyixK.exe
  2⤵
  PID:13800
- C:\Windows\System\PkdtPbn.exe
  C:\Windows\System\PkdtPbn.exe
  2⤵
  PID:13876
- C:\Windows\System\aPQgaqJ.exe
  C:\Windows\System\aPQgaqJ.exe
  2⤵
  PID:8228
- C:\Windows\System\SNeFtri.exe
  C:\Windows\System\SNeFtri.exe
  2⤵
  PID:8340
- C:\Windows\System\kddehOR.exe
  C:\Windows\System\kddehOR.exe
  2⤵
  PID:13996
- C:\Windows\System\WmFmhIO.exe
  C:\Windows\System\WmFmhIO.exe
  2⤵
  PID:14056
- C:\Windows\System\JKUQYag.exe
  C:\Windows\System\JKUQYag.exe
  2⤵
  PID:14128
- C:\Windows\System\AgKaphU.exe
  C:\Windows\System\AgKaphU.exe
  2⤵
  PID:14192
- C:\Windows\System\srTPdXI.exe
  C:\Windows\System\srTPdXI.exe
  2⤵
  PID:14224
- C:\Windows\System\znFOtvl.exe
  C:\Windows\System\znFOtvl.exe
  2⤵
  PID:8348
- C:\Windows\System\JDCfsGl.exe
  C:\Windows\System\JDCfsGl.exe
  2⤵
  PID:9096
- C:\Windows\System\riMwNut.exe
  C:\Windows\System\riMwNut.exe
  2⤵
  PID:13348
- C:\Windows\System\OzinoEo.exe
  C:\Windows\System\OzinoEo.exe
  2⤵
  PID:13460
- C:\Windows\System\axXEFvj.exe
  C:\Windows\System\axXEFvj.exe
  2⤵
  PID:13548
- C:\Windows\System\yCXxDQI.exe
  C:\Windows\System\yCXxDQI.exe
  2⤵
  PID:6848
- C:\Windows\System\mejQamN.exe
  C:\Windows\System\mejQamN.exe
  2⤵
  PID:13732
- C:\Windows\System\ddEzoEm.exe
  C:\Windows\System\ddEzoEm.exe
  2⤵
  PID:13852
- C:\Windows\System\HojaAXW.exe
  C:\Windows\System\HojaAXW.exe
  2⤵
  PID:1292
- C:\Windows\System\ArhvguE.exe
  C:\Windows\System\ArhvguE.exe
  2⤵
  PID:13960
- C:\Windows\System\AZtSDeY.exe
  C:\Windows\System\AZtSDeY.exe
  2⤵
  PID:14112
- C:\Windows\System\GdMmmIs.exe
  C:\Windows\System\GdMmmIs.exe
  2⤵
  PID:14252
- C:\Windows\System\RUXTknV.exe
  C:\Windows\System\RUXTknV.exe
  2⤵
  PID:9604
- C:\Windows\System\HygquCA.exe
  C:\Windows\System\HygquCA.exe
  2⤵
  PID:13436
- C:\Windows\System\MeQysoq.exe
  C:\Windows\System\MeQysoq.exe
  2⤵
  PID:8688
- C:\Windows\System\VxCIKHT.exe
  C:\Windows\System\VxCIKHT.exe
  2⤵
  PID:13828
- C:\Windows\System\mmskzHW.exe
  C:\Windows\System\mmskzHW.exe
  2⤵
  PID:8376
- C:\Windows\System\ArqfSBh.exe
  C:\Windows\System\ArqfSBh.exe
  2⤵
  PID:9848
- C:\Windows\System\lDAQKfu.exe
  C:\Windows\System\lDAQKfu.exe
  2⤵
  PID:4628
- C:\Windows\System\grCLuyQ.exe
  C:\Windows\System\grCLuyQ.exe
  2⤵
  PID:996
- C:\Windows\System\fGfoQUp.exe
  C:\Windows\System\fGfoQUp.exe
  2⤵
  PID:9780
- C:\Windows\System\ucBCAQi.exe
  C:\Windows\System\ucBCAQi.exe
  2⤵
  PID:13600
- C:\Windows\System\CJnxAWb.exe
  C:\Windows\System\CJnxAWb.exe
  2⤵
  PID:5556
- C:\Windows\System\AOFmlsn.exe
  C:\Windows\System\AOFmlsn.exe
  2⤵
  PID:14344
- C:\Windows\System\RZNoOTa.exe
  C:\Windows\System\RZNoOTa.exe
  2⤵
  PID:14372
- C:\Windows\System\UTEdOIi.exe
  C:\Windows\System\UTEdOIi.exe
  2⤵
  PID:14400
- C:\Windows\System\lLZKMnl.exe
  C:\Windows\System\lLZKMnl.exe
  2⤵
  PID:14428
- C:\Windows\System\Mdmnacn.exe
  C:\Windows\System\Mdmnacn.exe
  2⤵
  PID:14456
- C:\Windows\System\IjcHOnv.exe
  C:\Windows\System\IjcHOnv.exe
  2⤵
  PID:14484
- C:\Windows\System\AMMWwLC.exe
  C:\Windows\System\AMMWwLC.exe
  2⤵
  PID:14512
- C:\Windows\System\AGIjkrT.exe
  C:\Windows\System\AGIjkrT.exe
  2⤵
  PID:14540
- C:\Windows\System\aogPQOJ.exe
  C:\Windows\System\aogPQOJ.exe
  2⤵
  PID:14568
- C:\Windows\System\POybvqV.exe
  C:\Windows\System\POybvqV.exe
  2⤵
  PID:14596
- C:\Windows\System\IRRaLQh.exe
  C:\Windows\System\IRRaLQh.exe
  2⤵
  PID:14624
- C:\Windows\System\TAkiJry.exe
  C:\Windows\System\TAkiJry.exe
  2⤵
  PID:14652
- C:\Windows\System\LGshaCA.exe
  C:\Windows\System\LGshaCA.exe
  2⤵
  PID:14684
- C:\Windows\System\RXSPkvi.exe
  C:\Windows\System\RXSPkvi.exe
  2⤵
  PID:14712
- C:\Windows\System\EnvBWDr.exe
  C:\Windows\System\EnvBWDr.exe
  2⤵
  PID:14740
- C:\Windows\System\dgikqDt.exe
  C:\Windows\System\dgikqDt.exe
  2⤵
  PID:14768
- C:\Windows\System\PcmDSwj.exe
  C:\Windows\System\PcmDSwj.exe
  2⤵
  PID:14796
- C:\Windows\System\MgwxfYg.exe
  C:\Windows\System\MgwxfYg.exe
  2⤵
  PID:14824
- C:\Windows\System\TdtwgHC.exe
  C:\Windows\System\TdtwgHC.exe
  2⤵
  PID:14852
- C:\Windows\System\pIrlbKP.exe
  C:\Windows\System\pIrlbKP.exe
  2⤵
  PID:14880
- C:\Windows\System\LgnyIXK.exe
  C:\Windows\System\LgnyIXK.exe
  2⤵
  PID:14908
- C:\Windows\System\YTCigSn.exe
  C:\Windows\System\YTCigSn.exe
  2⤵
  PID:14936
- C:\Windows\System\hUAQDoD.exe
  C:\Windows\System\hUAQDoD.exe
  2⤵
  PID:14964
- C:\Windows\System\SLmXFov.exe
  C:\Windows\System\SLmXFov.exe
  2⤵
  PID:14992
- C:\Windows\System\PXLcqdB.exe
  C:\Windows\System\PXLcqdB.exe
  2⤵
  PID:15020
- C:\Windows\System\EgfwKob.exe
  C:\Windows\System\EgfwKob.exe
  2⤵
  PID:15048
- C:\Windows\System\VxWQWiL.exe
  C:\Windows\System\VxWQWiL.exe
  2⤵
  PID:15076
- C:\Windows\System\Qlvetab.exe
  C:\Windows\System\Qlvetab.exe
  2⤵
  PID:15104
- C:\Windows\System\dvLZgQj.exe
  C:\Windows\System\dvLZgQj.exe
  2⤵
  PID:15132
- C:\Windows\System\yNReCyQ.exe
  C:\Windows\System\yNReCyQ.exe
  2⤵
  PID:15160
- C:\Windows\System\RdjfTGB.exe
  C:\Windows\System\RdjfTGB.exe
  2⤵
  PID:15200
- C:\Windows\System\dChrsFj.exe
  C:\Windows\System\dChrsFj.exe
  2⤵
  PID:15216
- C:\Windows\System\VWtRhHH.exe
  C:\Windows\System\VWtRhHH.exe
  2⤵
  PID:15244
- C:\Windows\System\VcfyjxB.exe
  C:\Windows\System\VcfyjxB.exe
  2⤵
  PID:15276
- C:\Windows\System\dYSYYGb.exe
  C:\Windows\System\dYSYYGb.exe
  2⤵
  PID:15304
- C:\Windows\System\xJvwXwh.exe
  C:\Windows\System\xJvwXwh.exe
  2⤵
  PID:15332
- C:\Windows\System\xmYWzQs.exe
  C:\Windows\System\xmYWzQs.exe
  2⤵
  PID:9788
- C:\Windows\System\XcNWxzV.exe
  C:\Windows\System\XcNWxzV.exe
  2⤵
  PID:14384
- C:\Windows\System\qHxJooL.exe
  C:\Windows\System\qHxJooL.exe
  2⤵
  PID:14448
- C:\Windows\System\liIqkkI.exe
  C:\Windows\System\liIqkkI.exe
  2⤵
  PID:14508
- C:\Windows\System\oPMVDis.exe
  C:\Windows\System\oPMVDis.exe
  2⤵
  PID:14564
- C:\Windows\System\eTPedLt.exe
  C:\Windows\System\eTPedLt.exe
  2⤵
  PID:14636
- C:\Windows\System\eAjPAvx.exe
  C:\Windows\System\eAjPAvx.exe
  2⤵
  PID:14704
- C:\Windows\System\OqgCPOF.exe
  C:\Windows\System\OqgCPOF.exe
  2⤵
  PID:14764
- C:\Windows\System\NeFYQyh.exe
  C:\Windows\System\NeFYQyh.exe
  2⤵
  PID:14836
- C:\Windows\System\zNdPgyZ.exe
  C:\Windows\System\zNdPgyZ.exe
  2⤵
  PID:14900
- C:\Windows\System\WFqLuSH.exe
  C:\Windows\System\WFqLuSH.exe
  2⤵
  PID:14960
- C:\Windows\System\uYMtTov.exe
  C:\Windows\System\uYMtTov.exe
  2⤵
  PID:15032
- C:\Windows\System\lcOdKtJ.exe
  C:\Windows\System\lcOdKtJ.exe
  2⤵
  PID:6716
- C:\Windows\System\HwtmVyI.exe
  C:\Windows\System\HwtmVyI.exe
  2⤵
  PID:15124
- C:\Windows\System\vxkswLH.exe
  C:\Windows\System\vxkswLH.exe
  2⤵
  PID:15172
- C:\Windows\System\KyqbOxW.exe
  C:\Windows\System\KyqbOxW.exe
  2⤵
  PID:15236
- C:\Windows\System\ESBOliW.exe
  C:\Windows\System\ESBOliW.exe
  2⤵
  PID:15316
- C:\Windows\System\lyBINaP.exe
  C:\Windows\System\lyBINaP.exe
  2⤵
  PID:15356
- C:\Windows\System\bZiTcqP.exe
  C:\Windows\System\bZiTcqP.exe
  2⤵
  PID:9356
- C:\Windows\System\HnCywXl.exe
  C:\Windows\System\HnCywXl.exe
  2⤵
  PID:14532
- C:\Windows\System\AlycrLz.exe
  C:\Windows\System\AlycrLz.exe
  2⤵
  PID:14664
- C:\Windows\System\yxJZYMY.exe
  C:\Windows\System\yxJZYMY.exe
  2⤵
  PID:14760
- C:\Windows\System\raGyeVi.exe
  C:\Windows\System\raGyeVi.exe
  2⤵
  PID:14928
- C:\Windows\System\jRxtWhu.exe
  C:\Windows\System\jRxtWhu.exe
  2⤵
  PID:15068
- C:\Windows\System\emATEgD.exe
  C:\Windows\System\emATEgD.exe
  2⤵
  PID:3476
- C:\Windows\System\KJdawvp.exe
  C:\Windows\System\KJdawvp.exe
  2⤵
  PID:15288
- C:\Windows\System\SampSBi.exe
  C:\Windows\System\SampSBi.exe
  2⤵
  PID:3472
- C:\Windows\System\xbhvGcg.exe
  C:\Windows\System\xbhvGcg.exe
  2⤵
  PID:14616
- C:\Windows\System\XBpRYVN.exe
  C:\Windows\System\XBpRYVN.exe
  2⤵
  PID:14892
- C:\Windows\System\BIGUpWs.exe
  C:\Windows\System\BIGUpWs.exe
  2⤵
  PID:15184
- C:\Windows\System\UMULjUs.exe
  C:\Windows\System\UMULjUs.exe
  2⤵
  PID:14552
- C:\Windows\System\SPQfyaU.exe
  C:\Windows\System\SPQfyaU.exe
  2⤵
  PID:15060
- C:\Windows\System\RsirqRM.exe
  C:\Windows\System\RsirqRM.exe
  2⤵
  PID:14820
- C:\Windows\System\hPhPKkz.exe
  C:\Windows\System\hPhPKkz.exe
  2⤵
  PID:2964
- C:\Windows\System\JoOsiAk.exe
  C:\Windows\System\JoOsiAk.exe
  2⤵
  PID:15380
- C:\Windows\System\HcgReza.exe
  C:\Windows\System\HcgReza.exe
  2⤵
  PID:15408
- C:\Windows\System\jjkCyRQ.exe
  C:\Windows\System\jjkCyRQ.exe
  2⤵
  PID:15436
- C:\Windows\System\voFHNBr.exe
  C:\Windows\System\voFHNBr.exe
  2⤵
  PID:15464
- C:\Windows\System\JkOWEMR.exe
  C:\Windows\System\JkOWEMR.exe
  2⤵
  PID:15492
- C:\Windows\System\bydtdSE.exe
  C:\Windows\System\bydtdSE.exe
  2⤵
  PID:15520
- C:\Windows\System\QCmgWGx.exe
  C:\Windows\System\QCmgWGx.exe
  2⤵
  PID:15548
- C:\Windows\System\ArGcCSr.exe
  C:\Windows\System\ArGcCSr.exe
  2⤵
  PID:15576
- C:\Windows\System\qiBpQvu.exe
  C:\Windows\System\qiBpQvu.exe
  2⤵
  PID:15604
- C:\Windows\System\xHDhoYT.exe
  C:\Windows\System\xHDhoYT.exe
  2⤵
  PID:15632
- C:\Windows\System\yNFdQDD.exe
  C:\Windows\System\yNFdQDD.exe
  2⤵
  PID:15664
- C:\Windows\System\fFlQXFJ.exe
  C:\Windows\System\fFlQXFJ.exe
  2⤵
  PID:15692
- C:\Windows\System\cyGfEAc.exe
  C:\Windows\System\cyGfEAc.exe
  2⤵
  PID:15720
- C:\Windows\System\xdfpfGW.exe
  C:\Windows\System\xdfpfGW.exe
  2⤵
  PID:15748
- C:\Windows\System\VzazQZy.exe
  C:\Windows\System\VzazQZy.exe
  2⤵
  PID:15776
- C:\Windows\System\gfDGykW.exe
  C:\Windows\System\gfDGykW.exe
  2⤵
  PID:15804
- C:\Windows\System\huDWnkp.exe
  C:\Windows\System\huDWnkp.exe
  2⤵
  PID:15832
- C:\Windows\System\ujmdUnZ.exe
  C:\Windows\System\ujmdUnZ.exe
  2⤵
  PID:15860
- C:\Windows\System\cjxZaFN.exe
  C:\Windows\System\cjxZaFN.exe
  2⤵
  PID:15888
- C:\Windows\System\htWGwrn.exe
  C:\Windows\System\htWGwrn.exe
  2⤵
  PID:15916
- C:\Windows\System\LtGbWMN.exe
  C:\Windows\System\LtGbWMN.exe
  2⤵
  PID:15944
- C:\Windows\System\DxOQyYB.exe
  C:\Windows\System\DxOQyYB.exe
  2⤵
  PID:15972
- C:\Windows\System\LicpSrm.exe
  C:\Windows\System\LicpSrm.exe
  2⤵
  PID:16000
- C:\Windows\System\PfteNtw.exe
  C:\Windows\System\PfteNtw.exe
  2⤵
  PID:16028
- C:\Windows\System\AMIIdBl.exe
  C:\Windows\System\AMIIdBl.exe
  2⤵
  PID:16056
- C:\Windows\System\oNjlzpZ.exe
  C:\Windows\System\oNjlzpZ.exe
  2⤵
  PID:16084
- C:\Windows\System\XiRcIKu.exe
  C:\Windows\System\XiRcIKu.exe
  2⤵
  PID:16112
- C:\Windows\System\oPWZiBv.exe
  C:\Windows\System\oPWZiBv.exe
  2⤵
  PID:16140
- C:\Windows\System\HkzbkSc.exe
  C:\Windows\System\HkzbkSc.exe
  2⤵
  PID:16168
- C:\Windows\System\FRuQtkJ.exe
  C:\Windows\System\FRuQtkJ.exe
  2⤵
  PID:16196
- C:\Windows\System\TTEqaEv.exe
  C:\Windows\System\TTEqaEv.exe
  2⤵
  PID:16224
- C:\Windows\System\jNOiVvS.exe
  C:\Windows\System\jNOiVvS.exe
  2⤵
  PID:16252
- C:\Windows\System\HVrxIxL.exe
  C:\Windows\System\HVrxIxL.exe
  2⤵
  PID:16280
- C:\Windows\System\lPWeglC.exe
  C:\Windows\System\lPWeglC.exe
  2⤵
  PID:16308
- C:\Windows\System\nZCTbeu.exe
  C:\Windows\System\nZCTbeu.exe
  2⤵
  PID:16340
- C:\Windows\System\nOTndJd.exe
  C:\Windows\System\nOTndJd.exe
  2⤵
  PID:16368
- C:\Windows\System\DMwPuCG.exe
  C:\Windows\System\DMwPuCG.exe
  2⤵
  PID:15392
- C:\Windows\System\KDGZoIx.exe
  C:\Windows\System\KDGZoIx.exe
  2⤵
  PID:15456
- C:\Windows\System\EWDRPnv.exe
  C:\Windows\System\EWDRPnv.exe
  2⤵
  PID:15504
- C:\Windows\System\kYkpNSt.exe
  C:\Windows\System\kYkpNSt.exe
  2⤵
  PID:15572
- C:\Windows\System\nJjfIuq.exe
  C:\Windows\System\nJjfIuq.exe
  2⤵
  PID:15616
- C:\Windows\System\RpuFZbq.exe
  C:\Windows\System\RpuFZbq.exe
  2⤵
  PID:15688
- C:\Windows\System\wCBHVKR.exe
  C:\Windows\System\wCBHVKR.exe
  2⤵
  PID:15740
- C:\Windows\System\FylnVER.exe
  C:\Windows\System\FylnVER.exe
  2⤵
  PID:3176
- C:\Windows\System\FdvNaIA.exe
  C:\Windows\System\FdvNaIA.exe
  2⤵
  PID:4556
- C:\Windows\System\kPWChuJ.exe
  C:\Windows\System\kPWChuJ.exe
  2⤵
  PID:8196
- C:\Windows\System\vHesvHv.exe
  C:\Windows\System\vHesvHv.exe
  2⤵
  PID:15928
- C:\Windows\System\IyadrJw.exe
  C:\Windows\System\IyadrJw.exe
  2⤵
  PID:15992
- C:\Windows\System\cZOGhFv.exe
  C:\Windows\System\cZOGhFv.exe
  2⤵
  PID:8316
- C:\Windows\System\tuAZJHu.exe
  C:\Windows\System\tuAZJHu.exe
  2⤵
  PID:16096
- C:\Windows\System\OgxYBYC.exe
  C:\Windows\System\OgxYBYC.exe
  2⤵
  PID:16152
- C:\Windows\System\EBpobLG.exe
  C:\Windows\System\EBpobLG.exe
  2⤵
  PID:8584
- C:\Windows\System\xPGoOSR.exe
  C:\Windows\System\xPGoOSR.exe
  2⤵
  PID:16248
- C:\Windows\System\HwhYtHG.exe
  C:\Windows\System\HwhYtHG.exe
  2⤵
  PID:16320
- C:\Windows\System\qsplKVS.exe
  C:\Windows\System\qsplKVS.exe
  2⤵
  PID:15372
- C:\Windows\System\BzkVNuc.exe
  C:\Windows\System\BzkVNuc.exe
  2⤵
  PID:15448
- C:\Windows\System\vZJkzlG.exe
  C:\Windows\System\vZJkzlG.exe
  2⤵
  PID:9744
- C:\Windows\System\yHgEqDn.exe
  C:\Windows\System\yHgEqDn.exe
  2⤵
  PID:15596
- C:\Windows\System\QKREhXB.exe
  C:\Windows\System\QKREhXB.exe
  2⤵
  PID:9904
- C:\Windows\System\LdRiswW.exe
  C:\Windows\System\LdRiswW.exe
  2⤵
  PID:15816
- C:\Windows\System\MrHPxYP.exe
  C:\Windows\System\MrHPxYP.exe
  2⤵
  PID:15856
- C:\Windows\System\NnmzkPY.exe
  C:\Windows\System\NnmzkPY.exe
  2⤵
  PID:10028
- C:\Windows\System\PDfAuVO.exe
  C:\Windows\System\PDfAuVO.exe
  2⤵
  PID:15984
- C:\Windows\System\hVRCvmd.exe
  C:\Windows\System\hVRCvmd.exe
  2⤵
  PID:1272
- C:\Windows\System\fMtozTV.exe
  C:\Windows\System\fMtozTV.exe
  2⤵
  PID:16136
- C:\Windows\System\dPIKNYk.exe
  C:\Windows\System\dPIKNYk.exe
  2⤵
  PID:16216
- C:\Windows\System\TpDyUxB.exe
  C:\Windows\System\TpDyUxB.exe
  2⤵
  PID:16300
- C:\Windows\System\hGGROTS.exe
  C:\Windows\System\hGGROTS.exe
  2⤵
  PID:4268
- C:\Windows\System\hlXBmxM.exe
  C:\Windows\System\hlXBmxM.exe
  2⤵
  PID:15488
- C:\Windows\System\oNMNLoG.exe
  C:\Windows\System\oNMNLoG.exe
  2⤵
  PID:9868
- C:\Windows\System\mOTgNEf.exe
  C:\Windows\System\mOTgNEf.exe
  2⤵
  PID:1916
- C:\Windows\System\bVHkFiK.exe
  C:\Windows\System\bVHkFiK.exe
  2⤵
  PID:8116
- C:\Windows\System\OaBYOwW.exe
  C:\Windows\System\OaBYOwW.exe
  2⤵
  PID:6020
- C:\Windows\System\XhRJzBQ.exe
  C:\Windows\System\XhRJzBQ.exe
  2⤵
  PID:4348
- C:\Windows\System\FckfAqh.exe
  C:\Windows\System\FckfAqh.exe
  2⤵
  PID:16188
- C:\Windows\System\vqIwucn.exe
  C:\Windows\System\vqIwucn.exe
  2⤵
  PID:9144
- C:\Windows\System\PCIqAmB.exe
  C:\Windows\System\PCIqAmB.exe
  2⤵
  PID:6108
- C:\Windows\System\vHKHNpx.exe
  C:\Windows\System\vHKHNpx.exe
  2⤵
  PID:6484
- C:\Windows\System\VbHaUpB.exe
  C:\Windows\System\VbHaUpB.exe
  2⤵
  PID:1788
- C:\Windows\System\uppHYOQ.exe
  C:\Windows\System\uppHYOQ.exe
  2⤵
  PID:9056
- C:\Windows\System\LoIRVGa.exe
  C:\Windows\System\LoIRVGa.exe
  2⤵
  PID:380
- C:\Windows\System\WdGLXXh.exe
  C:\Windows\System\WdGLXXh.exe
  2⤵
  PID:6860
- C:\Windows\System\AVTbqav.exe
  C:\Windows\System\AVTbqav.exe
  2⤵
  PID:8756
- C:\Windows\System\YgmmVmf.exe
  C:\Windows\System\YgmmVmf.exe
  2⤵
  PID:6768
- C:\Windows\System\AgaGDbx.exe
  C:\Windows\System\AgaGDbx.exe
  2⤵
  PID:6644
- C:\Windows\System\DCCQipg.exe
  C:\Windows\System\DCCQipg.exe
  2⤵
  PID:3664
- C:\Windows\System\tdLeIdN.exe
  C:\Windows\System\tdLeIdN.exe
  2⤵
  PID:2432
- C:\Windows\System\vMCysUm.exe
  C:\Windows\System\vMCysUm.exe
  2⤵
  PID:15660
- C:\Windows\System\gznPFqV.exe
  C:\Windows\System\gznPFqV.exe
  2⤵
  PID:9584
- C:\Windows\System\ZqaWTqx.exe
  C:\Windows\System\ZqaWTqx.exe
  2⤵
  PID:3144
- C:\Windows\System\YlBDBCn.exe
  C:\Windows\System\YlBDBCn.exe
  2⤵
  PID:9840
- C:\Windows\System\NcsSAcG.exe
  C:\Windows\System\NcsSAcG.exe
  2⤵
  PID:2700
- C:\Windows\System\washQKm.exe
  C:\Windows\System\washQKm.exe
  2⤵
  PID:9036
- C:\Windows\System\fGrPSKx.exe
  C:\Windows\System\fGrPSKx.exe
  2⤵
  PID:2520
- C:\Windows\System\ahHVfDr.exe
  C:\Windows\System\ahHVfDr.exe
  2⤵
  PID:7540
- C:\Windows\System\CxzBfzZ.exe
  C:\Windows\System\CxzBfzZ.exe
  2⤵
  PID:5356
- C:\Windows\System\GMkdKwC.exe
  C:\Windows\System\GMkdKwC.exe
  2⤵
  PID:6440
- C:\Windows\System\FOMdOSP.exe
  C:\Windows\System\FOMdOSP.exe
  2⤵
  PID:4376
- C:\Windows\System\QeUIgyq.exe
  C:\Windows\System\QeUIgyq.exe
  2⤵
  PID:7916
- C:\Windows\System\tvdOQWd.exe
  C:\Windows\System\tvdOQWd.exe
  2⤵
  PID:9316
- C:\Windows\System\rSRqYhC.exe
  C:\Windows\System\rSRqYhC.exe
  2⤵
  PID:5112
- C:\Windows\System\AUKbolS.exe
  C:\Windows\System\AUKbolS.exe
  2⤵
  PID:9416
- C:\Windows\System\VCWVeaR.exe
  C:\Windows\System\VCWVeaR.exe
  2⤵
  PID:9452
- C:\Windows\System\MqaLjrr.exe
  C:\Windows\System\MqaLjrr.exe
  2⤵
  PID:9484
- C:\Windows\System\JFCwBxZ.exe
  C:\Windows\System\JFCwBxZ.exe
  2⤵
  PID:16392
- C:\Windows\System\HQQdoWc.exe
  C:\Windows\System\HQQdoWc.exe
  2⤵
  PID:16420
- C:\Windows\System\GHEdxMg.exe
  C:\Windows\System\GHEdxMg.exe
  2⤵
  PID:16448
- C:\Windows\System\HbTmsNf.exe
  C:\Windows\System\HbTmsNf.exe
  2⤵
  PID:16476
- C:\Windows\System\SULWZqL.exe
  C:\Windows\System\SULWZqL.exe
  2⤵
  PID:16516
- C:\Windows\System\oNMvvXU.exe
  C:\Windows\System\oNMvvXU.exe
  2⤵
  PID:16532
- C:\Windows\System\jRAkIbZ.exe
  C:\Windows\System\jRAkIbZ.exe
  2⤵
  PID:16560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BWxsbYx.exe

Filesize
6.0MB

MD5
669d9d42b0e9febbd3dd06090b9aa92b

SHA1
b9a96014b97fb7c607dd58c810789bfa9eaa6216

SHA256
3bc245eaa41f501e3e2d4ca2809bc1c6d3a700c79c37f1d8fd0ccc2840b04f24

SHA512
aefe667c5385ce0d71fbbaaa2c8f87a6027220525e392fcd8df93426dd9e3d9a3859c6714b4afeced99c3e316caf4e562fb84ae3e6096fc54d9d1958e0e3b613

Download Submit
C:\Windows\System\CAEtnQm.exe

Filesize
6.0MB

MD5
faca4ad66e97172757dac491ff40ae8e

SHA1
f821cda0364a2aad5497a371868e906993aa373c

SHA256
4cf626451d980d814289f6c1747c0f45e69d4ea49f0151cfdb42041b9b7a3614

SHA512
03f864d9807e108f1c07a22a7350bab009943d1a5d095ea1a05aa52f72c23b4315126bcc9fd8ff168c502602d1feba1b1b6796850c91e4b7b307e12daf54cc4c

Download Submit
C:\Windows\System\CYabNcu.exe

Filesize
6.0MB

MD5
48b1394ffc63b68577f91375d9d6e129

SHA1
4b490339f2f18b8b1f2574d74a89fd38a011eff7

SHA256
366d417300c6ce5bf6ba123c7a137c6145b79243e3896fa1ee354a1158c0369e

SHA512
738d9cb9530e93ad61f11aad283a7ab34a0628762b7c43c386d047c56fa23786f790e764ab04617e69142633f9c31bf174330a690102aaa87bc42e203acc9bea

Download Submit
C:\Windows\System\CgaHsSq.exe

Filesize
6.0MB

MD5
d9c7b37d9acc6600f9956e0fe40893c6

SHA1
1188cdd35ac9a2db26199da69332b08d43b76a9f

SHA256
bc8b51ea8ab41a283f339ebd29defb8c449140e9f0b64bcd1f672aea75e9704d

SHA512
3dbf05fa512e9e909c8eda7348d01c0f9d9704d56b3d0e474fb2678d615e32675b4a450eab06fbecd38555a246cec2e9edb2e79b7ee5ff2bf788ec3365743628

Download Submit
C:\Windows\System\DMrkhdx.exe

Filesize
6.0MB

MD5
a36d63fab8261673c531b61b8a596ea2

SHA1
85f7dd0d8a0fdcfb450bb6b7e374338d61cac287

SHA256
fffe2276b30152f1ce2feda67f7a4a2c5de8d9c09922f679455706590776621e

SHA512
0d2a1d806fbb60816010c496843a1b6ad03292fd6cc64b40f7e8f42f184477f8a80e622bacd4638723783eb522f813885faf70fe396bd11389d8befc40363914

Download Submit
C:\Windows\System\DOTHeMP.exe

Filesize
6.0MB

MD5
f01dc63f201eb8b49b9b461d4d4b9106

SHA1
af8e04b4b8f128d949780f61db89d310d061e644

SHA256
d7f8fe6f3f7c1e981b6c5da15249b5955eac2d8ede97429371b5a1cce7292ccf

SHA512
fafb1514adbce6b110f7ad308ff9fe680a4dd97c7f2d654553389cef769943105a87ed94bd42f9c3d9b22f2052872623a52052fb5fc011e4a0724add49ed0bb7

Download Submit
C:\Windows\System\ErXXWLu.exe

Filesize
6.0MB

MD5
3401e1939d4eb977832bb7db2813cc26

SHA1
4b1058bb6cfb0168a62bba75102b221b2d0e2743

SHA256
5512ea13b899d98f300d0821b78722b76887a7542002a5863e67cb88d92d28d7

SHA512
725e33c78484eb6ba1f3bacaa3e83937094629be63fc3e9c7b3ec12a9670c09504dade764163a5c3f836c70506ee29b0fc3b786261fee4dbefc6a17b15f9b478

Download Submit
C:\Windows\System\GNNUOPo.exe

Filesize
6.0MB

MD5
c7db95fe1c7c95c4d248790ae120be89

SHA1
b1ec562c934281aa013de8455daeab5ee6706747

SHA256
6f5d0e4e07467110910d15f318a40a60d0ce0a5ed131a1f1238cd5ae08821ad1

SHA512
6a5caa2c4c3eb75b5a500b619349c08af7af4286072ea15c6c968ea2ce640173037f23c5db3f3862ff8a46473602a46f294a49102811d19c66f4f964f9b08057

Download Submit
C:\Windows\System\HOFboiC.exe

Filesize
6.0MB

MD5
a80899c86b626dec0909a8ff89eedb75

SHA1
3c9c1a93d9e98f0e263547fd88279e791de1e852

SHA256
2c7640034130ff3b8d80bb9634ad5759e43deb5fd672eb4b88103580cb3fe2fb

SHA512
c57f078d83b454b998d4b0fabfae16aa6a0cf4ceaca2d5a67028aa235c7bff6b8ca223656053831874d95af8f0059f4ec32fcd6fc42a2bb5f5c81b484714781e

Download Submit
C:\Windows\System\IeAFznE.exe

Filesize
6.0MB

MD5
292d473425495de950c90cd9507e5217

SHA1
269e62f1bb7c2b14a3c690c8fd3a8730ae88585f

SHA256
aac2461ca8080187251487f09b050aace978d4b1e4a7ad93a9218bd9c9cf0168

SHA512
6cafe992b471a72c1b6c6d43579daa55e97e9f7c257c50fdb254e1361aa9b33a282cd2bff3022821cbd243176959aa88a493aba1f9ac5ca81beef4cf40452c51

Download Submit
C:\Windows\System\KUIXKbz.exe

Filesize
6.0MB

MD5
5fe35ce9a450b26eb57dc3937361f074

SHA1
a4c8953736885222dde34a49496d277bcc89c20f

SHA256
0fef9d904488037b7465dc79a668913a4518c3d96d5ff89bfdae7acc98f11a46

SHA512
fc4983273d3d4c652c196f14ceb4a339bc829e90b8d387019f29d0044bc90633a7576c727d433cecce54a717bec3504a6417f17902fb3a1734e606ed1b9e406d

Download Submit
C:\Windows\System\LeTHrhR.exe

Filesize
6.0MB

MD5
391116d730523d9fccaef1d1bfbc3bc9

SHA1
60b4ba6fca6cb6fd3353dc84c5f74af2074f92d2

SHA256
648e0df277c5c41fff93be1e2d1e4c417ce8f4a799aebe078cdc621be3a011fe

SHA512
4dfdbf60fd9d912ecd935cf9195f4355d0cc36348ecb1aab6835378f163a5ac1ab9f7a9e981acc6e54801a33e6eca7258418d5a79eb7e79edfb7a1c8a8683159

Download Submit
C:\Windows\System\LjmOjUP.exe

Filesize
6.0MB

MD5
9140cdcbc83a40fb91de506903fa8d83

SHA1
eb2b95397c5105150377671f3dfe384d4c355d39

SHA256
f8861236ce00ed95fbf4c84c116e46fe3c923ca35680d665ca2ad923530e9c8f

SHA512
645ea84dba77875f1c9bf18ae8cd65fcbd81fbb5e58c3556cf15592516e86dde39dfb989782a56105463b91ac341ea417754cabfe88548db88f20809383e3ce1

Download Submit
C:\Windows\System\NoZHVAV.exe

Filesize
6.0MB

MD5
b5fad1d2314c3cbc79bb087829259c34

SHA1
f6b4ba3b22b71c72515e310c5a8249f57b6172ec

SHA256
278c9278b14ceb22350cb994e9449d1d720d755c1aa0a6b75d0aa17c38f46589

SHA512
8d9c29224dcfd2901449172da6ab0dd0e7dc73c25c614aa1594eb5c6f4a0d985f93fc4b640b66fee8e59312523c3f30e6bcdf7d3291b6a466c0e1cee8c88e014

Download Submit
C:\Windows\System\PHKvUOU.exe

Filesize
6.0MB

MD5
e78ed2d1fbd6403d0359e303b81de867

SHA1
3c73a98d49c92e2b0b226a165bd96367d2435cd4

SHA256
863977b8568e16b824cf3fa6d7f055a75334c22582fcfd015c0b703bec3fa00b

SHA512
c7a992eed0a6df053951b29839d34f554d6aca924199de0a6c579e5fae34cb0aadb971a91e02b97284ca520e5ae002acc4c90b965283dfc6983b091b48eb1e07

Download Submit
C:\Windows\System\QJvfxzo.exe

Filesize
6.0MB

MD5
c45b804834d4e91d8fd5cb4d8ef71042

SHA1
df24fef900ac4b89899735a60678b8bed84ae04c

SHA256
bc639f7f631798ae0bda2ba5d4f655126cde9bfc3e697811ec0591961f3ed7a3

SHA512
4e82928671c68114db1d76098197f0b72287473dc4ceeb8d52650bd2724cd416c9ada7b1ff7e57852af03c2e4e9641c7bf73c81b0457ecaa9d123f98f12e6821

Download Submit
C:\Windows\System\SNuWldK.exe

Filesize
6.0MB

MD5
ec81b2532b39784da7f7bb2244abb111

SHA1
0dbc7f51765df211e836e50a91bf415fff83a34e

SHA256
3fee3be586f437cf4ddd13883b714d1bf8dbf2246a0272de67f30618d732fd06

SHA512
bb7a6a784062e39f543d4f36a8062389b997de14f75e0531c69bf934baced8be192a7ed6727da6bb6583be0cf90da532657bcce8aa50219d45980e25cdc3d763

Download Submit
C:\Windows\System\TEsWAiO.exe

Filesize
6.0MB

MD5
b9e4db3a38fc6cd75088808d38365970

SHA1
79a8e949a70d7567b11134927e6354ce05a15cb4

SHA256
4fd913339fd22ec9974b6fbca27882a0128b52538800d8325e7ca2cf8c90acda

SHA512
1f5fe32fd2f46c5a71423c0f5741f95c89da86be319ac5a4927b7766f831f7542b65e1f9569369da6e81c67f66fcc778b3f14fbd7a865287f392cc175b36babe

Download Submit
C:\Windows\System\UoETTSC.exe

Filesize
6.0MB

MD5
634a1c1526337a68a362413a3d9137e2

SHA1
743a4cf25e6953357ed11164652c29053adc4dfe

SHA256
660ab362696ba75ba8aa2c197aa34c05affcdd5f99488d0463cb665e08834264

SHA512
a39d35b8bfc2a37bb45b73fbbd4d1089f64be0fe5b154208b76ec5b60eeb5c0e776238c9451af500cf02ead75c6d78bac765b3bba556fb038ef76d466d855b5b

Download Submit
C:\Windows\System\XgZLEyS.exe

Filesize
6.0MB

MD5
774ecc4082cb0fe3c47a8a812c655921

SHA1
9d87c8c5c259b0763c6b5f8f93068c08f7fc8c72

SHA256
66d1a3f727b48a8721f0c58b2d8d3698d70ad7a8194907e4ee94c74da457ca67

SHA512
ced6a8e8e08211d15d9f08225a5a26b3acf03c1af43c329b73de0a077bef4e2ff4c124b48e4309422323c48061b2d177970bcc37a9a14e577a8c151959f46ca7

Download Submit
C:\Windows\System\YqbIWGK.exe

Filesize
6.0MB

MD5
7df258fa6e9ed706c5ed5deab9c5ec6d

SHA1
df83f5c6ad966cf813e36cbd6b96f9ea02693de0

SHA256
1b529a06204f58b6c3bade151a6920a729ce0cbd78555be2d590677096a3d289

SHA512
9e9363c3a0364ba1951d9e72dcc75cbaf6900fad50fa0219f5d1de5d53e1979e7ef369555dbf4b5deabb3092de61e19f971a49632f622b0dd31636318986e02d

Download Submit
C:\Windows\System\cbYOsWa.exe

Filesize
6.0MB

MD5
3601ad77b59cd565ae4a3749ef93ed67

SHA1
3c331efb5dbb817a454d9ea60cd2cb1d98742144

SHA256
3bf805af0e479cde228670b35e1139ce0e94f4691686da0b3dd138ea3a2a4d25

SHA512
01fc4ce4266b8b6705d08143db75e3f4fbb20215c30a8493e4eeb1809e5d55c9966bfffdea89e177f63095f0230d110c742fc0e14faa8cbc181cb5d596d27261

Download Submit
C:\Windows\System\dSLYhoi.exe

Filesize
6.0MB

MD5
763a868433aa2a61b9d3176b68139ad6

SHA1
867156e7591c8c9f1c81be7b390f4c34bd18d1a8

SHA256
97cf741bf5b8c7f3099ca4464b59472e1cf2d0fe0ed0bd2bbc45a776c30362c9

SHA512
67ece5085a7ae482a19c8db013a9a0e4796a897bf4c743feabe2c4ac8db104abe4db085eafcbd9ba8d62f82048c59ef5724c8355cebf560a043d96684e0c0cbc

Download Submit
C:\Windows\System\digSIue.exe

Filesize
6.0MB

MD5
4610f21d1a377b094a63081389b33a3f

SHA1
ec980bd518f8b0dae99f058bdc432111e9d72258

SHA256
4237b000d98e207da5e04375623f86bc86fe4a2ba94b8e5fd07d48c7fee8f677

SHA512
fb001ec5452865623d689760262d1933716236d9c6b52047684cc538566964423ab560cd77af0b1a25c1882ec846d04a55618f9c2ab33775b669d319530b9b24

Download Submit
C:\Windows\System\ffNdTMN.exe

Filesize
6.0MB

MD5
ccdd179a7e35dc23facf56f47bc13c59

SHA1
2c85401cb68c68dbb259af80d931acfb7d816664

SHA256
3823a9e9eedbf4b9f4d9e96987bcc3cd71a78c962b29c63b301262d0ac116a00

SHA512
42fe453cb18a7d28d65257cb5aafa526d88d4301e36a90c8f6d88642fc4bf25bbff3aa428adbef83dcf43d661593009ca57578fec8b88fb1a2064762b85871b8

Download Submit
C:\Windows\System\hgRbNRC.exe

Filesize
6.0MB

MD5
8ba421a984b5b7bae0e5f583a071aaea

SHA1
b7fe64104facdaea1b5c7e67f0e34d9562e68cad

SHA256
c84ccd976497ca9c9f25af467498f5d9a2ff677b33ebaa64346e3edc9e2df3e6

SHA512
165f429c4ceb9c6182041a0565ef16e34e92da68adeda80c74d30be073cba35989e155df7e3037d1a07649359600b411f546bbde1863dd26027242cebbf30b1d

Download Submit
C:\Windows\System\ljsgSMF.exe

Filesize
6.0MB

MD5
726b692d4e91cba8524661ad7529e610

SHA1
c6692adc452e8b63bd6a043cc1c9818687f8c9cb

SHA256
c87d806a4bd126d6e16b0f2f5059add3061117c3b2389b5591b3a15121ec44b3

SHA512
41f129d93ae68fe3b544119c92b4cf999a125fd6be962c522eee3db5186141cc80debc68bfe2b988ad333afcfb05cfbe3a847fb2fe850ec80819af86b435a95c

Download Submit
C:\Windows\System\ofgZDSV.exe

Filesize
6.0MB

MD5
f3b986fc4bb68f9f9de8f8ebe1468d86

SHA1
26c7ad717e38052c778b123f3768f7820d343d02

SHA256
574cfbcb9055eebb71f8c820f757b85156b42a57726cd3003f8aea383a88cd83

SHA512
16f7f55c937fbc90453fc065cf472049b788ecff60dd018f595387a03a2c05f2e0062390684764993dee313343decfcc1c6dd766a68ddbe274c349153ebb2d47

Download Submit
C:\Windows\System\qMxjLfU.exe

Filesize
6.0MB

MD5
23ec973de873bed6d28e2ab9e8ede9bc

SHA1
d13df52231d1b2420e718a576f3873e3ff8e05e3

SHA256
315704f63cfcf6f4fc829eb106ff7a4b5a8de1741e44d3e83909f547658c060b

SHA512
2374e75353a36ed5467ca62d0b8fe4b24ad64412f7626eac908a20f0eb4667b339ce0b89023839a1c450854d3daa88b56c1d08ad83219cbb96e34bbc88742137

Download Submit
C:\Windows\System\sAomiwT.exe

Filesize
6.0MB

MD5
ba9fa909c6acce1c49e8bb1bc0ba031e

SHA1
f6d0e6d2d0449a929a57c05f2b598d47715ed4b7

SHA256
0467a5ad376a6ecf2a736466b6537af2267df9e589e46228d717b26370b7b5ca

SHA512
b05c2133ab6664099f43298e20ce857e42fff4c424ede5f9224983ca979f39be65bb3b7968e269aa3d1cc0cc1cafc0cc475bafabb620a55ba99cd6600dc8461b

Download Submit
C:\Windows\System\wKcUrth.exe

Filesize
6.0MB

MD5
6d94b965d9f96abe8dc912a86495e4a2

SHA1
f03e7e9deee2a718c5aac160469db53813e921ea

SHA256
5b363d284b5f5ee1133bae045b408dc872209fa0355af80f2fc2e24b2067a4ab

SHA512
546ad5f16d974b713dd26cb5092e75731af847f8e256777ff7e44d0a58d197e840847585958e3975acbbbb0f5ea3e4d5ea4061a9987b0d917b536e47879ab9a7

Download Submit
C:\Windows\System\zmMkhOz.exe

Filesize
6.0MB

MD5
72c1f3c1b6d2e7cdb26cdb51885348d0

SHA1
b9c745d386c278d25be2617fa04cdd429b4ae73e

SHA256
b5f808ded8231a7742a9e358a0b8ad591bfcf58b838f140dac59c7988a1b8d38

SHA512
ec07d69b8e61f103ebb74146cdd0583b29e6da0851b559a7e72d241fe8c3eedab94a98ac9d1c19f99094a22c2f3bd7fa5c6974c2626f32e0564edf29f75dc32e

Download Submit
C:\Windows\System\ztbRQoA.exe

Filesize
6.0MB

MD5
9c3eb045bcdb6dee852f9afac1a721c0

SHA1
a30c0e02c255c57e82502611f4b1a3b7fbac0484

SHA256
f2bb8232bfe69b96a8c2f0272adb98544de883f0258a6d94952f68b57ab01f73

SHA512
3e87abae5a8195a57db62f6cdd124828b59d64845a1aa934d87410c3b6d4050a16836b2e95f6f9d092d440efa6ec2aa2c30685aa49b787c911b56557c66dc414

Download Submit
memory/432-1203-0x00007FF6D1360000-0x00007FF6D16B4000-memory.dmp

Filesize
3.3MB

Download
memory/432-1054-0x00007FF6D1360000-0x00007FF6D16B4000-memory.dmp

Filesize
3.3MB

Download
memory/432-12-0x00007FF6D1360000-0x00007FF6D16B4000-memory.dmp

Filesize
3.3MB

Download
memory/1236-348-0x00007FF759C00000-0x00007FF759F54000-memory.dmp

Filesize
3.3MB

Download
memory/1236-1298-0x00007FF759C00000-0x00007FF759F54000-memory.dmp

Filesize
3.3MB

Download
memory/1252-357-0x00007FF6EF760000-0x00007FF6EFAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1252-1301-0x00007FF6EF760000-0x00007FF6EFAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1400-359-0x00007FF737D60000-0x00007FF7380B4000-memory.dmp

Filesize
3.3MB

Download
memory/1400-1302-0x00007FF737D60000-0x00007FF7380B4000-memory.dmp

Filesize
3.3MB

Download
memory/1448-1299-0x00007FF643D60000-0x00007FF6440B4000-memory.dmp

Filesize
3.3MB

Download
memory/1448-344-0x00007FF643D60000-0x00007FF6440B4000-memory.dmp

Filesize
3.3MB

Download
memory/1560-308-0x00007FF7AD1C0000-0x00007FF7AD514000-memory.dmp

Filesize
3.3MB

Download
memory/1560-1276-0x00007FF7AD1C0000-0x00007FF7AD514000-memory.dmp

Filesize
3.3MB

Download
memory/1636-1147-0x00007FF62B330000-0x00007FF62B684000-memory.dmp

Filesize
3.3MB

Download
memory/1636-26-0x00007FF62B330000-0x00007FF62B684000-memory.dmp

Filesize
3.3MB

Download
memory/1636-1242-0x00007FF62B330000-0x00007FF62B684000-memory.dmp

Filesize
3.3MB

Download
memory/1876-1306-0x00007FF6E1480000-0x00007FF6E17D4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-360-0x00007FF6E1480000-0x00007FF6E17D4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-1229-0x00007FF652D70000-0x00007FF6530C4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-1101-0x00007FF652D70000-0x00007FF6530C4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-20-0x00007FF652D70000-0x00007FF6530C4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-1291-0x00007FF65FC70000-0x00007FF65FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-351-0x00007FF65FC70000-0x00007FF65FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-1202-0x00007FF6CCF90000-0x00007FF6CD2E4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-996-0x00007FF6CCF90000-0x00007FF6CD2E4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-6-0x00007FF6CCF90000-0x00007FF6CD2E4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1151-0x00007FF67A2B0000-0x00007FF67A604000-memory.dmp

Filesize
3.3MB

Download
memory/2676-54-0x00007FF67A2B0000-0x00007FF67A604000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1275-0x00007FF67A2B0000-0x00007FF67A604000-memory.dmp

Filesize
3.3MB

Download
memory/2692-354-0x00007FF66C630000-0x00007FF66C984000-memory.dmp

Filesize
3.3MB

Download
memory/2692-1289-0x00007FF66C630000-0x00007FF66C984000-memory.dmp

Filesize
3.3MB

Download
memory/3452-365-0x00007FF6E6380000-0x00007FF6E66D4000-memory.dmp

Filesize
3.3MB

Download
memory/3452-1271-0x00007FF6E6380000-0x00007FF6E66D4000-memory.dmp

Filesize
3.3MB

Download
memory/3456-358-0x00007FF73C3F0000-0x00007FF73C744000-memory.dmp

Filesize
3.3MB

Download
memory/3456-1296-0x00007FF73C3F0000-0x00007FF73C744000-memory.dmp

Filesize
3.3MB

Download
memory/3608-1272-0x00007FF6FBEF0000-0x00007FF6FC244000-memory.dmp

Filesize
3.3MB

Download
memory/3608-314-0x00007FF6FBEF0000-0x00007FF6FC244000-memory.dmp

Filesize
3.3MB

Download
memory/3828-1294-0x00007FF7E0230000-0x00007FF7E0584000-memory.dmp

Filesize
3.3MB

Download
memory/3828-356-0x00007FF7E0230000-0x00007FF7E0584000-memory.dmp

Filesize
3.3MB

Download
memory/3852-318-0x00007FF659DD0000-0x00007FF65A124000-memory.dmp

Filesize
3.3MB

Download
memory/3852-1281-0x00007FF659DD0000-0x00007FF65A124000-memory.dmp

Filesize
3.3MB

Download
memory/3936-1295-0x00007FF647100000-0x00007FF647454000-memory.dmp

Filesize
3.3MB

Download
memory/3936-355-0x00007FF647100000-0x00007FF647454000-memory.dmp

Filesize
3.3MB

Download
memory/3948-1268-0x00007FF63EA60000-0x00007FF63EDB4000-memory.dmp

Filesize
3.3MB

Download
memory/3948-364-0x00007FF63EA60000-0x00007FF63EDB4000-memory.dmp

Filesize
3.3MB

Download
memory/3972-1258-0x00007FF7CE8F0000-0x00007FF7CEC44000-memory.dmp

Filesize
3.3MB

Download
memory/3972-1150-0x00007FF7CE8F0000-0x00007FF7CEC44000-memory.dmp

Filesize
3.3MB

Download
memory/3972-45-0x00007FF7CE8F0000-0x00007FF7CEC44000-memory.dmp

Filesize
3.3MB

Download
memory/4084-1283-0x00007FF7AD5F0000-0x00007FF7AD944000-memory.dmp

Filesize
3.3MB

Download
memory/4084-324-0x00007FF7AD5F0000-0x00007FF7AD944000-memory.dmp

Filesize
3.3MB

Download
memory/4688-0-0x00007FF79A820000-0x00007FF79AB74000-memory.dmp

Filesize
3.3MB

Download
memory/4688-1-0x0000025411640000-0x0000025411650000-memory.dmp

Filesize
64KB

Download
memory/4688-945-0x00007FF79A820000-0x00007FF79AB74000-memory.dmp

Filesize
3.3MB

Download
memory/4708-1292-0x00007FF7A1C70000-0x00007FF7A1FC4000-memory.dmp

Filesize
3.3MB

Download
memory/4708-336-0x00007FF7A1C70000-0x00007FF7A1FC4000-memory.dmp

Filesize
3.3MB

Download
memory/4768-1286-0x00007FF6B07E0000-0x00007FF6B0B34000-memory.dmp

Filesize
3.3MB

Download
memory/4768-330-0x00007FF6B07E0000-0x00007FF6B0B34000-memory.dmp

Filesize
3.3MB

Download
memory/4776-332-0x00007FF6317E0000-0x00007FF631B34000-memory.dmp

Filesize
3.3MB

Download
memory/4776-1293-0x00007FF6317E0000-0x00007FF631B34000-memory.dmp

Filesize
3.3MB

Download
memory/4780-362-0x00007FF7426B0000-0x00007FF742A04000-memory.dmp

Filesize
3.3MB

Download
memory/4780-1304-0x00007FF7426B0000-0x00007FF742A04000-memory.dmp

Filesize
3.3MB

Download
memory/4944-1305-0x00007FF6EDFE0000-0x00007FF6EE334000-memory.dmp

Filesize
3.3MB

Download
memory/4944-361-0x00007FF6EDFE0000-0x00007FF6EE334000-memory.dmp

Filesize
3.3MB

Download
memory/4980-1303-0x00007FF7B6F30000-0x00007FF7B7284000-memory.dmp

Filesize
3.3MB

Download
memory/4980-363-0x00007FF7B6F30000-0x00007FF7B7284000-memory.dmp

Filesize
3.3MB

Download
memory/5060-1300-0x00007FF6C9240000-0x00007FF6C9594000-memory.dmp

Filesize
3.3MB

Download
memory/5060-341-0x00007FF6C9240000-0x00007FF6C9594000-memory.dmp

Filesize
3.3MB

Download