cobaltstrike | 622006761d3d3d16bf5ffbdb7960f75aa26ea5bc114cb9f75d616fec649e05d8

Analysis

max time kernel
114s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2024 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

f3f0fc6eb1ea4727f6b58ec1f2b2ab17
SHA1

078e42dee8766481488eedee108b7ce6b4abbdd5
SHA256

622006761d3d3d16bf5ffbdb7960f75aa26ea5bc114cb9f75d616fec649e05d8
SHA512

9aa9700e21aa056dd46efbe2fad2057396f42006697394135785cc56a48f22c9669256535cbff3f7719914c249da58464485e6e58e8e3ba75a12658fd745ada4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUq:T+q56utgpPF8u/7q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\System\IpikkNT.exe	cobalt_reflective_dll
C:\Windows\System\BYcjkep.exe	cobalt_reflective_dll
C:\Windows\System\MGtpoqi.exe	cobalt_reflective_dll
C:\Windows\System\DIxiUTf.exe	cobalt_reflective_dll
C:\Windows\System\QWlcept.exe	cobalt_reflective_dll
C:\Windows\System\bRjKGyI.exe	cobalt_reflective_dll
C:\Windows\System\SUNJOKz.exe	cobalt_reflective_dll
C:\Windows\System\pOZEEjh.exe	cobalt_reflective_dll
C:\Windows\System\XpOcvZv.exe	cobalt_reflective_dll
C:\Windows\System\qvlWOAf.exe	cobalt_reflective_dll
C:\Windows\System\TdJuhmI.exe	cobalt_reflective_dll
C:\Windows\System\GqllWiG.exe	cobalt_reflective_dll
C:\Windows\System\CkcqeDy.exe	cobalt_reflective_dll
C:\Windows\System\zWizJCu.exe	cobalt_reflective_dll
C:\Windows\System\zpWsGed.exe	cobalt_reflective_dll
C:\Windows\System\XUAZxZl.exe	cobalt_reflective_dll
C:\Windows\System\eLgftIv.exe	cobalt_reflective_dll
C:\Windows\System\cOKNvhI.exe	cobalt_reflective_dll
C:\Windows\System\PhwjhpE.exe	cobalt_reflective_dll
C:\Windows\System\AqlHtlk.exe	cobalt_reflective_dll
C:\Windows\System\uwFiNxb.exe	cobalt_reflective_dll
C:\Windows\System\mfvsAYS.exe	cobalt_reflective_dll
C:\Windows\System\wtypnTS.exe	cobalt_reflective_dll
C:\Windows\System\WygHxqu.exe	cobalt_reflective_dll
C:\Windows\System\hbPRLqt.exe	cobalt_reflective_dll
C:\Windows\System\QhAtfLu.exe	cobalt_reflective_dll
C:\Windows\System\hMPynNi.exe	cobalt_reflective_dll
C:\Windows\System\XXaCmdZ.exe	cobalt_reflective_dll
C:\Windows\System\FzWygUa.exe	cobalt_reflective_dll
C:\Windows\System\uATBOWC.exe	cobalt_reflective_dll
C:\Windows\System\oBDrfFA.exe	cobalt_reflective_dll
C:\Windows\System\XJRmdIp.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/948-0-0x00007FF687A40000-0x00007FF687D94000-memory.dmp	xmrig
C:\Windows\System\IpikkNT.exe	xmrig
C:\Windows\System\BYcjkep.exe	xmrig
C:\Windows\System\MGtpoqi.exe	xmrig
behavioral2/memory/2288-18-0x00007FF6A3C30000-0x00007FF6A3F84000-memory.dmp	xmrig
C:\Windows\System\DIxiUTf.exe	xmrig
C:\Windows\System\QWlcept.exe	xmrig
C:\Windows\System\bRjKGyI.exe	xmrig
C:\Windows\System\SUNJOKz.exe	xmrig
C:\Windows\System\pOZEEjh.exe	xmrig
C:\Windows\System\XpOcvZv.exe	xmrig
C:\Windows\System\qvlWOAf.exe	xmrig
C:\Windows\System\TdJuhmI.exe	xmrig
behavioral2/memory/4880-1068-0x00007FF7086F0000-0x00007FF708A44000-memory.dmp	xmrig
behavioral2/memory/4192-1072-0x00007FF6FB030000-0x00007FF6FB384000-memory.dmp	xmrig
C:\Windows\System\GqllWiG.exe	xmrig
C:\Windows\System\CkcqeDy.exe	xmrig
C:\Windows\System\zWizJCu.exe	xmrig
C:\Windows\System\zpWsGed.exe	xmrig
C:\Windows\System\XUAZxZl.exe	xmrig
C:\Windows\System\eLgftIv.exe	xmrig
C:\Windows\System\cOKNvhI.exe	xmrig
C:\Windows\System\PhwjhpE.exe	xmrig
C:\Windows\System\AqlHtlk.exe	xmrig
C:\Windows\System\uwFiNxb.exe	xmrig
C:\Windows\System\mfvsAYS.exe	xmrig
C:\Windows\System\wtypnTS.exe	xmrig
C:\Windows\System\WygHxqu.exe	xmrig
C:\Windows\System\hbPRLqt.exe	xmrig
C:\Windows\System\QhAtfLu.exe	xmrig
C:\Windows\System\hMPynNi.exe	xmrig
C:\Windows\System\XXaCmdZ.exe	xmrig
C:\Windows\System\FzWygUa.exe	xmrig
C:\Windows\System\uATBOWC.exe	xmrig
C:\Windows\System\oBDrfFA.exe	xmrig
C:\Windows\System\XJRmdIp.exe	xmrig
behavioral2/memory/2480-24-0x00007FF7A9590000-0x00007FF7A98E4000-memory.dmp	xmrig
behavioral2/memory/1312-12-0x00007FF70B400000-0x00007FF70B754000-memory.dmp	xmrig
behavioral2/memory/4960-6-0x00007FF72D8A0000-0x00007FF72DBF4000-memory.dmp	xmrig
behavioral2/memory/716-1074-0x00007FF7C7E70000-0x00007FF7C81C4000-memory.dmp	xmrig
behavioral2/memory/3636-1075-0x00007FF741D00000-0x00007FF742054000-memory.dmp	xmrig
behavioral2/memory/992-1076-0x00007FF733540000-0x00007FF733894000-memory.dmp	xmrig
behavioral2/memory/1496-1078-0x00007FF6E6AF0000-0x00007FF6E6E44000-memory.dmp	xmrig
behavioral2/memory/2028-1077-0x00007FF6BBA70000-0x00007FF6BBDC4000-memory.dmp	xmrig
behavioral2/memory/2840-1079-0x00007FF6076B0000-0x00007FF607A04000-memory.dmp	xmrig
behavioral2/memory/2624-1087-0x00007FF7E2A20000-0x00007FF7E2D74000-memory.dmp	xmrig
behavioral2/memory/2608-1089-0x00007FF6A9B70000-0x00007FF6A9EC4000-memory.dmp	xmrig
behavioral2/memory/1536-1093-0x00007FF6858C0000-0x00007FF685C14000-memory.dmp	xmrig
behavioral2/memory/2036-1091-0x00007FF7FDEF0000-0x00007FF7FE244000-memory.dmp	xmrig
behavioral2/memory/1816-1088-0x00007FF7E71C0000-0x00007FF7E7514000-memory.dmp	xmrig
behavioral2/memory/3404-1084-0x00007FF6D8C70000-0x00007FF6D8FC4000-memory.dmp	xmrig
behavioral2/memory/1472-1083-0x00007FF6DD2A0000-0x00007FF6DD5F4000-memory.dmp	xmrig
behavioral2/memory/1780-1082-0x00007FF65E760000-0x00007FF65EAB4000-memory.dmp	xmrig
behavioral2/memory/664-1115-0x00007FF7C0980000-0x00007FF7C0CD4000-memory.dmp	xmrig
behavioral2/memory/2120-1116-0x00007FF79FFB0000-0x00007FF7A0304000-memory.dmp	xmrig
behavioral2/memory/3448-1114-0x00007FF6B81B0000-0x00007FF6B8504000-memory.dmp	xmrig
behavioral2/memory/4208-1159-0x00007FF68ADD0000-0x00007FF68B124000-memory.dmp	xmrig
behavioral2/memory/3680-1162-0x00007FF707770000-0x00007FF707AC4000-memory.dmp	xmrig
behavioral2/memory/3684-1165-0x00007FF75D5C0000-0x00007FF75D914000-memory.dmp	xmrig
behavioral2/memory/1728-1163-0x00007FF6072D0000-0x00007FF607624000-memory.dmp	xmrig
behavioral2/memory/2032-1160-0x00007FF641620000-0x00007FF641974000-memory.dmp	xmrig
behavioral2/memory/2912-1158-0x00007FF7357E0000-0x00007FF735B34000-memory.dmp	xmrig
behavioral2/memory/948-1291-0x00007FF687A40000-0x00007FF687D94000-memory.dmp	xmrig
behavioral2/memory/4960-1346-0x00007FF72D8A0000-0x00007FF72DBF4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

IpikkNT.exeMGtpoqi.exeBYcjkep.exeDIxiUTf.exeQWlcept.exeXJRmdIp.exeoBDrfFA.exebRjKGyI.exeuATBOWC.exeFzWygUa.exeXXaCmdZ.exehMPynNi.exeQhAtfLu.exehbPRLqt.exeWygHxqu.exeSUNJOKz.exewtypnTS.exemfvsAYS.exeuwFiNxb.exeAqlHtlk.exepOZEEjh.exePhwjhpE.execOKNvhI.exeeLgftIv.exeXUAZxZl.exeXpOcvZv.exezpWsGed.exezWizJCu.exeCkcqeDy.exeqvlWOAf.exeGqllWiG.exeTdJuhmI.exeWoqXNAa.exeLybhLdm.exelYqYYWu.exeSPgMCQh.exezHHBuno.exegvTrxgP.exeoEJkWtT.exeOyNOgTR.exepOzhRwi.exeZWypfxj.exeDaNlUlk.exeLUWKgNc.exeTiRsqUz.exeIQVCWuD.exepRYzHjt.exeuoxlzAz.exeCcneLfq.exeHIuVfWn.exeGepQHUC.exepaVlVVr.exeIPKOyDz.exefvWSbjb.exeTVLQzOq.exeANKIgjO.exevEBeTeX.exeCTrqkPS.exeRjMceXt.exeKhuvpZm.exejzRRWrd.exeHsDRGpl.exeNmtSnwa.exeiNAygWK.exe

pid	process
4960	IpikkNT.exe
1312	MGtpoqi.exe
2288	BYcjkep.exe
2480	DIxiUTf.exe
4880	QWlcept.exe
3684	XJRmdIp.exe
4192	oBDrfFA.exe
716	bRjKGyI.exe
3636	uATBOWC.exe
992	FzWygUa.exe
2028	XXaCmdZ.exe
1496	hMPynNi.exe
2840	QhAtfLu.exe
1780	hbPRLqt.exe
1472	WygHxqu.exe
3404	SUNJOKz.exe
2624	wtypnTS.exe
1816	mfvsAYS.exe
2608	uwFiNxb.exe
2036	AqlHtlk.exe
1536	pOZEEjh.exe
3448	PhwjhpE.exe
664	cOKNvhI.exe
2120	eLgftIv.exe
2912	XUAZxZl.exe
4208	XpOcvZv.exe
2032	zpWsGed.exe
3680	zWizJCu.exe
1728	CkcqeDy.exe
3780	qvlWOAf.exe
3980	GqllWiG.exe
3924	TdJuhmI.exe
1184	WoqXNAa.exe
3716	LybhLdm.exe
2568	lYqYYWu.exe
4008	SPgMCQh.exe
4324	zHHBuno.exe
852	gvTrxgP.exe
1732	oEJkWtT.exe
3588	OyNOgTR.exe
2284	pOzhRwi.exe
1736	ZWypfxj.exe
4560	DaNlUlk.exe
4036	LUWKgNc.exe
3288	TiRsqUz.exe
1848	IQVCWuD.exe
4848	pRYzHjt.exe
2196	uoxlzAz.exe
2540	CcneLfq.exe
2472	HIuVfWn.exe
1424	GepQHUC.exe
3624	paVlVVr.exe
1244	IPKOyDz.exe
3740	fvWSbjb.exe
4404	TVLQzOq.exe
4592	ANKIgjO.exe
1772	vEBeTeX.exe
4488	CTrqkPS.exe
2696	RjMceXt.exe
4040	KhuvpZm.exe
1756	jzRRWrd.exe
224	HsDRGpl.exe
2524	NmtSnwa.exe
4108	iNAygWK.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/948-0-0x00007FF687A40000-0x00007FF687D94000-memory.dmp	upx
C:\Windows\System\IpikkNT.exe	upx
C:\Windows\System\BYcjkep.exe	upx
C:\Windows\System\MGtpoqi.exe	upx
behavioral2/memory/2288-18-0x00007FF6A3C30000-0x00007FF6A3F84000-memory.dmp	upx
C:\Windows\System\DIxiUTf.exe	upx
C:\Windows\System\QWlcept.exe	upx
C:\Windows\System\bRjKGyI.exe	upx
C:\Windows\System\SUNJOKz.exe	upx
C:\Windows\System\pOZEEjh.exe	upx
C:\Windows\System\XpOcvZv.exe	upx
C:\Windows\System\qvlWOAf.exe	upx
C:\Windows\System\TdJuhmI.exe	upx
behavioral2/memory/4880-1068-0x00007FF7086F0000-0x00007FF708A44000-memory.dmp	upx
behavioral2/memory/4192-1072-0x00007FF6FB030000-0x00007FF6FB384000-memory.dmp	upx
C:\Windows\System\GqllWiG.exe	upx
C:\Windows\System\CkcqeDy.exe	upx
C:\Windows\System\zWizJCu.exe	upx
C:\Windows\System\zpWsGed.exe	upx
C:\Windows\System\XUAZxZl.exe	upx
C:\Windows\System\eLgftIv.exe	upx
C:\Windows\System\cOKNvhI.exe	upx
C:\Windows\System\PhwjhpE.exe	upx
C:\Windows\System\AqlHtlk.exe	upx
C:\Windows\System\uwFiNxb.exe	upx
C:\Windows\System\mfvsAYS.exe	upx
C:\Windows\System\wtypnTS.exe	upx
C:\Windows\System\WygHxqu.exe	upx
C:\Windows\System\hbPRLqt.exe	upx
C:\Windows\System\QhAtfLu.exe	upx
C:\Windows\System\hMPynNi.exe	upx
C:\Windows\System\XXaCmdZ.exe	upx
C:\Windows\System\FzWygUa.exe	upx
C:\Windows\System\uATBOWC.exe	upx
C:\Windows\System\oBDrfFA.exe	upx
C:\Windows\System\XJRmdIp.exe	upx
behavioral2/memory/2480-24-0x00007FF7A9590000-0x00007FF7A98E4000-memory.dmp	upx
behavioral2/memory/1312-12-0x00007FF70B400000-0x00007FF70B754000-memory.dmp	upx
behavioral2/memory/4960-6-0x00007FF72D8A0000-0x00007FF72DBF4000-memory.dmp	upx
behavioral2/memory/716-1074-0x00007FF7C7E70000-0x00007FF7C81C4000-memory.dmp	upx
behavioral2/memory/3636-1075-0x00007FF741D00000-0x00007FF742054000-memory.dmp	upx
behavioral2/memory/992-1076-0x00007FF733540000-0x00007FF733894000-memory.dmp	upx
behavioral2/memory/1496-1078-0x00007FF6E6AF0000-0x00007FF6E6E44000-memory.dmp	upx
behavioral2/memory/2028-1077-0x00007FF6BBA70000-0x00007FF6BBDC4000-memory.dmp	upx
behavioral2/memory/2840-1079-0x00007FF6076B0000-0x00007FF607A04000-memory.dmp	upx
behavioral2/memory/2624-1087-0x00007FF7E2A20000-0x00007FF7E2D74000-memory.dmp	upx
behavioral2/memory/2608-1089-0x00007FF6A9B70000-0x00007FF6A9EC4000-memory.dmp	upx
behavioral2/memory/1536-1093-0x00007FF6858C0000-0x00007FF685C14000-memory.dmp	upx
behavioral2/memory/2036-1091-0x00007FF7FDEF0000-0x00007FF7FE244000-memory.dmp	upx
behavioral2/memory/1816-1088-0x00007FF7E71C0000-0x00007FF7E7514000-memory.dmp	upx
behavioral2/memory/3404-1084-0x00007FF6D8C70000-0x00007FF6D8FC4000-memory.dmp	upx
behavioral2/memory/1472-1083-0x00007FF6DD2A0000-0x00007FF6DD5F4000-memory.dmp	upx
behavioral2/memory/1780-1082-0x00007FF65E760000-0x00007FF65EAB4000-memory.dmp	upx
behavioral2/memory/664-1115-0x00007FF7C0980000-0x00007FF7C0CD4000-memory.dmp	upx
behavioral2/memory/2120-1116-0x00007FF79FFB0000-0x00007FF7A0304000-memory.dmp	upx
behavioral2/memory/3448-1114-0x00007FF6B81B0000-0x00007FF6B8504000-memory.dmp	upx
behavioral2/memory/4208-1159-0x00007FF68ADD0000-0x00007FF68B124000-memory.dmp	upx
behavioral2/memory/3680-1162-0x00007FF707770000-0x00007FF707AC4000-memory.dmp	upx
behavioral2/memory/3684-1165-0x00007FF75D5C0000-0x00007FF75D914000-memory.dmp	upx
behavioral2/memory/1728-1163-0x00007FF6072D0000-0x00007FF607624000-memory.dmp	upx
behavioral2/memory/2032-1160-0x00007FF641620000-0x00007FF641974000-memory.dmp	upx
behavioral2/memory/2912-1158-0x00007FF7357E0000-0x00007FF735B34000-memory.dmp	upx
behavioral2/memory/948-1291-0x00007FF687A40000-0x00007FF687D94000-memory.dmp	upx
behavioral2/memory/4960-1346-0x00007FF72D8A0000-0x00007FF72DBF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\iyegnYK.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KnUfNXy.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dgbINzL.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YllPsHJ.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FmhDKjZ.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BJHlYjt.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hMcEBHf.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnkEuox.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TbxzriC.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vkdxNgk.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WLzYXGS.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DBROtad.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wVnkyLH.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ceEHWIX.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QsORyjG.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZIwJfq.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JhEuvsp.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\elPLUNX.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HIuVfWn.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMBDcOs.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CHBMBdG.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ICVnaoX.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DPavhDY.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IoaLUeJ.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tCsNAsq.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OLnpdQS.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DvEyRPV.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVcTNFg.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PKAuQid.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdvOuJT.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aqdwgnf.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMypzDz.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DLdvIwM.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQDmIIO.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GSfOaZB.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TiRsqUz.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qhwdJZs.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pLkHXeQ.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMzyvqC.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DEsNuMl.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PnkPfCd.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pOzhRwi.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZEzyLOE.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IOUVauh.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PpoZXkr.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bFmkNKQ.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wtaYiQz.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jhYDEIv.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wtypnTS.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KSMzBEx.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qEPBBKn.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wVezSFn.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vEgTuQJ.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jRxyYQL.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\omxASix.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XqmkQBc.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hbPRLqt.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CWXSHFe.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KGYDoCI.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DqaclYf.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BBnpwPc.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HshyaZA.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WoqXNAa.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\temrvcw.exe	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 948 wrote to memory of 4960	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	IpikkNT.exe
PID 948 wrote to memory of 4960	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	IpikkNT.exe
PID 948 wrote to memory of 1312	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	MGtpoqi.exe
PID 948 wrote to memory of 1312	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	MGtpoqi.exe
PID 948 wrote to memory of 2288	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	BYcjkep.exe
PID 948 wrote to memory of 2288	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	BYcjkep.exe
PID 948 wrote to memory of 2480	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	DIxiUTf.exe
PID 948 wrote to memory of 2480	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	DIxiUTf.exe
PID 948 wrote to memory of 4880	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	QWlcept.exe
PID 948 wrote to memory of 4880	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	QWlcept.exe
PID 948 wrote to memory of 3684	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	XJRmdIp.exe
PID 948 wrote to memory of 3684	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	XJRmdIp.exe
PID 948 wrote to memory of 4192	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	oBDrfFA.exe
PID 948 wrote to memory of 4192	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	oBDrfFA.exe
PID 948 wrote to memory of 716	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	bRjKGyI.exe
PID 948 wrote to memory of 716	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	bRjKGyI.exe
PID 948 wrote to memory of 3636	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	uATBOWC.exe
PID 948 wrote to memory of 3636	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	uATBOWC.exe
PID 948 wrote to memory of 992	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	FzWygUa.exe
PID 948 wrote to memory of 992	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	FzWygUa.exe
PID 948 wrote to memory of 2028	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	XXaCmdZ.exe
PID 948 wrote to memory of 2028	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	XXaCmdZ.exe
PID 948 wrote to memory of 1496	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	hMPynNi.exe
PID 948 wrote to memory of 1496	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	hMPynNi.exe
PID 948 wrote to memory of 2840	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	QhAtfLu.exe
PID 948 wrote to memory of 2840	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	QhAtfLu.exe
PID 948 wrote to memory of 1780	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	hbPRLqt.exe
PID 948 wrote to memory of 1780	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	hbPRLqt.exe
PID 948 wrote to memory of 1472	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	WygHxqu.exe
PID 948 wrote to memory of 1472	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	WygHxqu.exe
PID 948 wrote to memory of 3404	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	SUNJOKz.exe
PID 948 wrote to memory of 3404	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	SUNJOKz.exe
PID 948 wrote to memory of 2624	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	wtypnTS.exe
PID 948 wrote to memory of 2624	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	wtypnTS.exe
PID 948 wrote to memory of 1816	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	mfvsAYS.exe
PID 948 wrote to memory of 1816	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	mfvsAYS.exe
PID 948 wrote to memory of 2608	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	uwFiNxb.exe
PID 948 wrote to memory of 2608	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	uwFiNxb.exe
PID 948 wrote to memory of 2036	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	AqlHtlk.exe
PID 948 wrote to memory of 2036	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	AqlHtlk.exe
PID 948 wrote to memory of 1536	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	pOZEEjh.exe
PID 948 wrote to memory of 1536	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	pOZEEjh.exe
PID 948 wrote to memory of 3448	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	PhwjhpE.exe
PID 948 wrote to memory of 3448	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	PhwjhpE.exe
PID 948 wrote to memory of 664	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	cOKNvhI.exe
PID 948 wrote to memory of 664	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	cOKNvhI.exe
PID 948 wrote to memory of 2120	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	eLgftIv.exe
PID 948 wrote to memory of 2120	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	eLgftIv.exe
PID 948 wrote to memory of 2912	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	XUAZxZl.exe
PID 948 wrote to memory of 2912	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	XUAZxZl.exe
PID 948 wrote to memory of 4208	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	XpOcvZv.exe
PID 948 wrote to memory of 4208	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	XpOcvZv.exe
PID 948 wrote to memory of 2032	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	zpWsGed.exe
PID 948 wrote to memory of 2032	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	zpWsGed.exe
PID 948 wrote to memory of 3680	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	zWizJCu.exe
PID 948 wrote to memory of 3680	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	zWizJCu.exe
PID 948 wrote to memory of 1728	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	CkcqeDy.exe
PID 948 wrote to memory of 1728	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	CkcqeDy.exe
PID 948 wrote to memory of 3780	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	qvlWOAf.exe
PID 948 wrote to memory of 3780	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	qvlWOAf.exe
PID 948 wrote to memory of 3980	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	GqllWiG.exe
PID 948 wrote to memory of 3980	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	GqllWiG.exe
PID 948 wrote to memory of 3924	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	TdJuhmI.exe
PID 948 wrote to memory of 3924	948	2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe	TdJuhmI.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-26_f3f0fc6eb1ea4727f6b58ec1f2b2ab17_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:948
- C:\Windows\System\IpikkNT.exe
  C:\Windows\System\IpikkNT.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\MGtpoqi.exe
  C:\Windows\System\MGtpoqi.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\BYcjkep.exe
  C:\Windows\System\BYcjkep.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\DIxiUTf.exe
  C:\Windows\System\DIxiUTf.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\QWlcept.exe
  C:\Windows\System\QWlcept.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\XJRmdIp.exe
  C:\Windows\System\XJRmdIp.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\oBDrfFA.exe
  C:\Windows\System\oBDrfFA.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\bRjKGyI.exe
  C:\Windows\System\bRjKGyI.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\uATBOWC.exe
  C:\Windows\System\uATBOWC.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\FzWygUa.exe
  C:\Windows\System\FzWygUa.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\XXaCmdZ.exe
  C:\Windows\System\XXaCmdZ.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\hMPynNi.exe
  C:\Windows\System\hMPynNi.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\QhAtfLu.exe
  C:\Windows\System\QhAtfLu.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\hbPRLqt.exe
  C:\Windows\System\hbPRLqt.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\WygHxqu.exe
  C:\Windows\System\WygHxqu.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\SUNJOKz.exe
  C:\Windows\System\SUNJOKz.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\wtypnTS.exe
  C:\Windows\System\wtypnTS.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\mfvsAYS.exe
  C:\Windows\System\mfvsAYS.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\uwFiNxb.exe
  C:\Windows\System\uwFiNxb.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\AqlHtlk.exe
  C:\Windows\System\AqlHtlk.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\pOZEEjh.exe
  C:\Windows\System\pOZEEjh.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\PhwjhpE.exe
  C:\Windows\System\PhwjhpE.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\cOKNvhI.exe
  C:\Windows\System\cOKNvhI.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\eLgftIv.exe
  C:\Windows\System\eLgftIv.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\XUAZxZl.exe
  C:\Windows\System\XUAZxZl.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\XpOcvZv.exe
  C:\Windows\System\XpOcvZv.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\zpWsGed.exe
  C:\Windows\System\zpWsGed.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\zWizJCu.exe
  C:\Windows\System\zWizJCu.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\CkcqeDy.exe
  C:\Windows\System\CkcqeDy.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\qvlWOAf.exe
  C:\Windows\System\qvlWOAf.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\GqllWiG.exe
  C:\Windows\System\GqllWiG.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\TdJuhmI.exe
  C:\Windows\System\TdJuhmI.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\WoqXNAa.exe
  C:\Windows\System\WoqXNAa.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\LybhLdm.exe
  C:\Windows\System\LybhLdm.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\lYqYYWu.exe
  C:\Windows\System\lYqYYWu.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\SPgMCQh.exe
  C:\Windows\System\SPgMCQh.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\zHHBuno.exe
  C:\Windows\System\zHHBuno.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\gvTrxgP.exe
  C:\Windows\System\gvTrxgP.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\oEJkWtT.exe
  C:\Windows\System\oEJkWtT.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\OyNOgTR.exe
  C:\Windows\System\OyNOgTR.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\pOzhRwi.exe
  C:\Windows\System\pOzhRwi.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\ZWypfxj.exe
  C:\Windows\System\ZWypfxj.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\DaNlUlk.exe
  C:\Windows\System\DaNlUlk.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\LUWKgNc.exe
  C:\Windows\System\LUWKgNc.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\TiRsqUz.exe
  C:\Windows\System\TiRsqUz.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\IQVCWuD.exe
  C:\Windows\System\IQVCWuD.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\pRYzHjt.exe
  C:\Windows\System\pRYzHjt.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\uoxlzAz.exe
  C:\Windows\System\uoxlzAz.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\CcneLfq.exe
  C:\Windows\System\CcneLfq.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\HIuVfWn.exe
  C:\Windows\System\HIuVfWn.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\GepQHUC.exe
  C:\Windows\System\GepQHUC.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\paVlVVr.exe
  C:\Windows\System\paVlVVr.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\IPKOyDz.exe
  C:\Windows\System\IPKOyDz.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\fvWSbjb.exe
  C:\Windows\System\fvWSbjb.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\TVLQzOq.exe
  C:\Windows\System\TVLQzOq.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\ANKIgjO.exe
  C:\Windows\System\ANKIgjO.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\vEBeTeX.exe
  C:\Windows\System\vEBeTeX.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\CTrqkPS.exe
  C:\Windows\System\CTrqkPS.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\RjMceXt.exe
  C:\Windows\System\RjMceXt.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\KhuvpZm.exe
  C:\Windows\System\KhuvpZm.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\jzRRWrd.exe
  C:\Windows\System\jzRRWrd.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\HsDRGpl.exe
  C:\Windows\System\HsDRGpl.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\NmtSnwa.exe
  C:\Windows\System\NmtSnwa.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\iNAygWK.exe
  C:\Windows\System\iNAygWK.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\OkdzEJT.exe
  C:\Windows\System\OkdzEJT.exe
  2⤵
  PID:4076
- C:\Windows\System\bdEMwiM.exe
  C:\Windows\System\bdEMwiM.exe
  2⤵
  PID:832
- C:\Windows\System\aEjXDDb.exe
  C:\Windows\System\aEjXDDb.exe
  2⤵
  PID:3220
- C:\Windows\System\zamcxNJ.exe
  C:\Windows\System\zamcxNJ.exe
  2⤵
  PID:2532
- C:\Windows\System\WGHkjNK.exe
  C:\Windows\System\WGHkjNK.exe
  2⤵
  PID:3832
- C:\Windows\System\xWzlaoN.exe
  C:\Windows\System\xWzlaoN.exe
  2⤵
  PID:1856
- C:\Windows\System\lrMkGrd.exe
  C:\Windows\System\lrMkGrd.exe
  2⤵
  PID:3108
- C:\Windows\System\BXrDmPw.exe
  C:\Windows\System\BXrDmPw.exe
  2⤵
  PID:2448
- C:\Windows\System\WRCjCdn.exe
  C:\Windows\System\WRCjCdn.exe
  2⤵
  PID:2844
- C:\Windows\System\ItmjiFx.exe
  C:\Windows\System\ItmjiFx.exe
  2⤵
  PID:4348
- C:\Windows\System\vCznkWR.exe
  C:\Windows\System\vCznkWR.exe
  2⤵
  PID:2220
- C:\Windows\System\VEaWdTV.exe
  C:\Windows\System\VEaWdTV.exe
  2⤵
  PID:4968
- C:\Windows\System\njYeXfY.exe
  C:\Windows\System\njYeXfY.exe
  2⤵
  PID:1936
- C:\Windows\System\wugtTBV.exe
  C:\Windows\System\wugtTBV.exe
  2⤵
  PID:5044
- C:\Windows\System\zMkdJaF.exe
  C:\Windows\System\zMkdJaF.exe
  2⤵
  PID:4972
- C:\Windows\System\obhBDFn.exe
  C:\Windows\System\obhBDFn.exe
  2⤵
  PID:4284
- C:\Windows\System\sRcqGrK.exe
  C:\Windows\System\sRcqGrK.exe
  2⤵
  PID:4068
- C:\Windows\System\QdCUDPR.exe
  C:\Windows\System\QdCUDPR.exe
  2⤵
  PID:1720
- C:\Windows\System\RKeUdGa.exe
  C:\Windows\System\RKeUdGa.exe
  2⤵
  PID:1560
- C:\Windows\System\ErLVWWj.exe
  C:\Windows\System\ErLVWWj.exe
  2⤵
  PID:3000
- C:\Windows\System\mlHIDRF.exe
  C:\Windows\System\mlHIDRF.exe
  2⤵
  PID:2980
- C:\Windows\System\DgRLFGY.exe
  C:\Windows\System\DgRLFGY.exe
  2⤵
  PID:3564
- C:\Windows\System\YuPVFQN.exe
  C:\Windows\System\YuPVFQN.exe
  2⤵
  PID:4928
- C:\Windows\System\LNTAggn.exe
  C:\Windows\System\LNTAggn.exe
  2⤵
  PID:4092
- C:\Windows\System\qYwShWn.exe
  C:\Windows\System\qYwShWn.exe
  2⤵
  PID:932
- C:\Windows\System\eIyaBZj.exe
  C:\Windows\System\eIyaBZj.exe
  2⤵
  PID:1752
- C:\Windows\System\WucHRKu.exe
  C:\Windows\System\WucHRKu.exe
  2⤵
  PID:2152
- C:\Windows\System\jFdWrFT.exe
  C:\Windows\System\jFdWrFT.exe
  2⤵
  PID:2388
- C:\Windows\System\QeLLuip.exe
  C:\Windows\System\QeLLuip.exe
  2⤵
  PID:724
- C:\Windows\System\MMfVeIM.exe
  C:\Windows\System\MMfVeIM.exe
  2⤵
  PID:5140
- C:\Windows\System\BCENZNJ.exe
  C:\Windows\System\BCENZNJ.exe
  2⤵
  PID:5168
- C:\Windows\System\qzQlgLr.exe
  C:\Windows\System\qzQlgLr.exe
  2⤵
  PID:5196
- C:\Windows\System\GIywFZo.exe
  C:\Windows\System\GIywFZo.exe
  2⤵
  PID:5224
- C:\Windows\System\RivKfgj.exe
  C:\Windows\System\RivKfgj.exe
  2⤵
  PID:5264
- C:\Windows\System\CWXSHFe.exe
  C:\Windows\System\CWXSHFe.exe
  2⤵
  PID:5292
- C:\Windows\System\hJywldI.exe
  C:\Windows\System\hJywldI.exe
  2⤵
  PID:5320
- C:\Windows\System\TbeaKEG.exe
  C:\Windows\System\TbeaKEG.exe
  2⤵
  PID:5348
- C:\Windows\System\saZwRzR.exe
  C:\Windows\System\saZwRzR.exe
  2⤵
  PID:5376
- C:\Windows\System\udhVOnc.exe
  C:\Windows\System\udhVOnc.exe
  2⤵
  PID:5392
- C:\Windows\System\QWWBcjw.exe
  C:\Windows\System\QWWBcjw.exe
  2⤵
  PID:5420
- C:\Windows\System\xuxLqXX.exe
  C:\Windows\System\xuxLqXX.exe
  2⤵
  PID:5448
- C:\Windows\System\CECuEHz.exe
  C:\Windows\System\CECuEHz.exe
  2⤵
  PID:5476
- C:\Windows\System\TdCXFXB.exe
  C:\Windows\System\TdCXFXB.exe
  2⤵
  PID:5504
- C:\Windows\System\rvjGzfY.exe
  C:\Windows\System\rvjGzfY.exe
  2⤵
  PID:5532
- C:\Windows\System\VvnvObx.exe
  C:\Windows\System\VvnvObx.exe
  2⤵
  PID:5560
- C:\Windows\System\TulGzpf.exe
  C:\Windows\System\TulGzpf.exe
  2⤵
  PID:5600
- C:\Windows\System\wxAXTdy.exe
  C:\Windows\System\wxAXTdy.exe
  2⤵
  PID:5628
- C:\Windows\System\lnlhbxr.exe
  C:\Windows\System\lnlhbxr.exe
  2⤵
  PID:5644
- C:\Windows\System\dhehdMj.exe
  C:\Windows\System\dhehdMj.exe
  2⤵
  PID:5672
- C:\Windows\System\Fsfozvs.exe
  C:\Windows\System\Fsfozvs.exe
  2⤵
  PID:5700
- C:\Windows\System\nKPFjIo.exe
  C:\Windows\System\nKPFjIo.exe
  2⤵
  PID:5740
- C:\Windows\System\oIcAOcI.exe
  C:\Windows\System\oIcAOcI.exe
  2⤵
  PID:5756
- C:\Windows\System\ymYuDuU.exe
  C:\Windows\System\ymYuDuU.exe
  2⤵
  PID:5784
- C:\Windows\System\OHocqKh.exe
  C:\Windows\System\OHocqKh.exe
  2⤵
  PID:5812
- C:\Windows\System\cATwqhE.exe
  C:\Windows\System\cATwqhE.exe
  2⤵
  PID:5840
- C:\Windows\System\DxbLfNZ.exe
  C:\Windows\System\DxbLfNZ.exe
  2⤵
  PID:5868
- C:\Windows\System\urIyUPt.exe
  C:\Windows\System\urIyUPt.exe
  2⤵
  PID:5896
- C:\Windows\System\qOHtAgL.exe
  C:\Windows\System\qOHtAgL.exe
  2⤵
  PID:5912
- C:\Windows\System\VgtDbwv.exe
  C:\Windows\System\VgtDbwv.exe
  2⤵
  PID:5952
- C:\Windows\System\ZOXWbIP.exe
  C:\Windows\System\ZOXWbIP.exe
  2⤵
  PID:5992
- C:\Windows\System\MvzBWkH.exe
  C:\Windows\System\MvzBWkH.exe
  2⤵
  PID:6020
- C:\Windows\System\xgMkXJN.exe
  C:\Windows\System\xgMkXJN.exe
  2⤵
  PID:6048
- C:\Windows\System\qzBUdmX.exe
  C:\Windows\System\qzBUdmX.exe
  2⤵
  PID:6064
- C:\Windows\System\zAmWCwf.exe
  C:\Windows\System\zAmWCwf.exe
  2⤵
  PID:6092
- C:\Windows\System\IUGSfMv.exe
  C:\Windows\System\IUGSfMv.exe
  2⤵
  PID:6120
- C:\Windows\System\ZvKcwIY.exe
  C:\Windows\System\ZvKcwIY.exe
  2⤵
  PID:3240
- C:\Windows\System\HgdAKNS.exe
  C:\Windows\System\HgdAKNS.exe
  2⤵
  PID:3616
- C:\Windows\System\tCsNAsq.exe
  C:\Windows\System\tCsNAsq.exe
  2⤵
  PID:2484
- C:\Windows\System\wCCyhgQ.exe
  C:\Windows\System\wCCyhgQ.exe
  2⤵
  PID:5156
- C:\Windows\System\QSajmNx.exe
  C:\Windows\System\QSajmNx.exe
  2⤵
  PID:5220
- C:\Windows\System\SDDtuRh.exe
  C:\Windows\System\SDDtuRh.exe
  2⤵
  PID:5304
- C:\Windows\System\SFGwWyh.exe
  C:\Windows\System\SFGwWyh.exe
  2⤵
  PID:5360
- C:\Windows\System\joDophb.exe
  C:\Windows\System\joDophb.exe
  2⤵
  PID:5444
- C:\Windows\System\OXxNVca.exe
  C:\Windows\System\OXxNVca.exe
  2⤵
  PID:5488
- C:\Windows\System\QtfSThv.exe
  C:\Windows\System\QtfSThv.exe
  2⤵
  PID:5576
- C:\Windows\System\uRmlChs.exe
  C:\Windows\System\uRmlChs.exe
  2⤵
  PID:5640
- C:\Windows\System\VhoYkps.exe
  C:\Windows\System\VhoYkps.exe
  2⤵
  PID:5696
- C:\Windows\System\gnKNeAY.exe
  C:\Windows\System\gnKNeAY.exe
  2⤵
  PID:5732
- C:\Windows\System\IMRzodc.exe
  C:\Windows\System\IMRzodc.exe
  2⤵
  PID:5800
- C:\Windows\System\EfcCpHE.exe
  C:\Windows\System\EfcCpHE.exe
  2⤵
  PID:5864
- C:\Windows\System\AvgmIym.exe
  C:\Windows\System\AvgmIym.exe
  2⤵
  PID:5928
- C:\Windows\System\JcEwnHB.exe
  C:\Windows\System\JcEwnHB.exe
  2⤵
  PID:6000
- C:\Windows\System\lYKrptU.exe
  C:\Windows\System\lYKrptU.exe
  2⤵
  PID:6056
- C:\Windows\System\OvCStqe.exe
  C:\Windows\System\OvCStqe.exe
  2⤵
  PID:3280
- C:\Windows\System\FMgkvFT.exe
  C:\Windows\System\FMgkvFT.exe
  2⤵
  PID:2096
- C:\Windows\System\YovHrqs.exe
  C:\Windows\System\YovHrqs.exe
  2⤵
  PID:5188
- C:\Windows\System\VYedOTK.exe
  C:\Windows\System\VYedOTK.exe
  2⤵
  PID:5280
- C:\Windows\System\ekqWIZp.exe
  C:\Windows\System\ekqWIZp.exe
  2⤵
  PID:5412
- C:\Windows\System\eytqMuh.exe
  C:\Windows\System\eytqMuh.exe
  2⤵
  PID:5636
- C:\Windows\System\ffmNBYy.exe
  C:\Windows\System\ffmNBYy.exe
  2⤵
  PID:5772
- C:\Windows\System\fSyDkVd.exe
  C:\Windows\System\fSyDkVd.exe
  2⤵
  PID:5908
- C:\Windows\System\WpBXLMX.exe
  C:\Windows\System\WpBXLMX.exe
  2⤵
  PID:6040
- C:\Windows\System\ZtDBGrK.exe
  C:\Windows\System\ZtDBGrK.exe
  2⤵
  PID:6164
- C:\Windows\System\DYqjUJE.exe
  C:\Windows\System\DYqjUJE.exe
  2⤵
  PID:6192
- C:\Windows\System\soEUbNo.exe
  C:\Windows\System\soEUbNo.exe
  2⤵
  PID:6232
- C:\Windows\System\wqSatmo.exe
  C:\Windows\System\wqSatmo.exe
  2⤵
  PID:6248
- C:\Windows\System\npQUHTa.exe
  C:\Windows\System\npQUHTa.exe
  2⤵
  PID:6276
- C:\Windows\System\CfMJAhZ.exe
  C:\Windows\System\CfMJAhZ.exe
  2⤵
  PID:6304
- C:\Windows\System\FsXKLnc.exe
  C:\Windows\System\FsXKLnc.exe
  2⤵
  PID:6332
- C:\Windows\System\ROVaUGT.exe
  C:\Windows\System\ROVaUGT.exe
  2⤵
  PID:6360
- C:\Windows\System\mnkEuox.exe
  C:\Windows\System\mnkEuox.exe
  2⤵
  PID:6388
- C:\Windows\System\NSNLMNH.exe
  C:\Windows\System\NSNLMNH.exe
  2⤵
  PID:6416
- C:\Windows\System\nweZshI.exe
  C:\Windows\System\nweZshI.exe
  2⤵
  PID:6444
- C:\Windows\System\HifpQcA.exe
  C:\Windows\System\HifpQcA.exe
  2⤵
  PID:6472
- C:\Windows\System\icJoHSv.exe
  C:\Windows\System\icJoHSv.exe
  2⤵
  PID:6500
- C:\Windows\System\laclZLB.exe
  C:\Windows\System\laclZLB.exe
  2⤵
  PID:6528
- C:\Windows\System\qAXWPrv.exe
  C:\Windows\System\qAXWPrv.exe
  2⤵
  PID:6556
- C:\Windows\System\IUmsNRH.exe
  C:\Windows\System\IUmsNRH.exe
  2⤵
  PID:6584
- C:\Windows\System\XzQvTkc.exe
  C:\Windows\System\XzQvTkc.exe
  2⤵
  PID:6612
- C:\Windows\System\DqrhXYW.exe
  C:\Windows\System\DqrhXYW.exe
  2⤵
  PID:6652
- C:\Windows\System\oiOtxPb.exe
  C:\Windows\System\oiOtxPb.exe
  2⤵
  PID:6680
- C:\Windows\System\CuUjDjW.exe
  C:\Windows\System\CuUjDjW.exe
  2⤵
  PID:6708
- C:\Windows\System\EAbrWWF.exe
  C:\Windows\System\EAbrWWF.exe
  2⤵
  PID:6724
- C:\Windows\System\YwjTzqn.exe
  C:\Windows\System\YwjTzqn.exe
  2⤵
  PID:6752
- C:\Windows\System\buaXEyk.exe
  C:\Windows\System\buaXEyk.exe
  2⤵
  PID:6780
- C:\Windows\System\nUdeoGh.exe
  C:\Windows\System\nUdeoGh.exe
  2⤵
  PID:6808
- C:\Windows\System\nBpbuDz.exe
  C:\Windows\System\nBpbuDz.exe
  2⤵
  PID:6840
- C:\Windows\System\dJrNjcH.exe
  C:\Windows\System\dJrNjcH.exe
  2⤵
  PID:6864
- C:\Windows\System\xGFnYUF.exe
  C:\Windows\System\xGFnYUF.exe
  2⤵
  PID:6892
- C:\Windows\System\KtoUPKh.exe
  C:\Windows\System\KtoUPKh.exe
  2⤵
  PID:6920
- C:\Windows\System\CwQugbK.exe
  C:\Windows\System\CwQugbK.exe
  2⤵
  PID:6948
- C:\Windows\System\FxHpGES.exe
  C:\Windows\System\FxHpGES.exe
  2⤵
  PID:6976
- C:\Windows\System\oMLLVgj.exe
  C:\Windows\System\oMLLVgj.exe
  2⤵
  PID:7004
- C:\Windows\System\RhPfdTH.exe
  C:\Windows\System\RhPfdTH.exe
  2⤵
  PID:7032
- C:\Windows\System\oDgamoi.exe
  C:\Windows\System\oDgamoi.exe
  2⤵
  PID:7060
- C:\Windows\System\cvZGnCN.exe
  C:\Windows\System\cvZGnCN.exe
  2⤵
  PID:7088
- C:\Windows\System\UGCEmws.exe
  C:\Windows\System\UGCEmws.exe
  2⤵
  PID:7116
- C:\Windows\System\CCwPUwE.exe
  C:\Windows\System\CCwPUwE.exe
  2⤵
  PID:7144
- C:\Windows\System\UXwftMD.exe
  C:\Windows\System\UXwftMD.exe
  2⤵
  PID:6132
- C:\Windows\System\NVUSGci.exe
  C:\Windows\System\NVUSGci.exe
  2⤵
  PID:5252
- C:\Windows\System\VwzuSSy.exe
  C:\Windows\System\VwzuSSy.exe
  2⤵
  PID:5556
- C:\Windows\System\accFdbe.exe
  C:\Windows\System\accFdbe.exe
  2⤵
  PID:5980
- C:\Windows\System\EqEUktt.exe
  C:\Windows\System\EqEUktt.exe
  2⤵
  PID:6208
- C:\Windows\System\XPnkAFw.exe
  C:\Windows\System\XPnkAFw.exe
  2⤵
  PID:6244
- C:\Windows\System\ltbZWPh.exe
  C:\Windows\System\ltbZWPh.exe
  2⤵
  PID:6316
- C:\Windows\System\tfFjTzY.exe
  C:\Windows\System\tfFjTzY.exe
  2⤵
  PID:6376
- C:\Windows\System\UJGVjkD.exe
  C:\Windows\System\UJGVjkD.exe
  2⤵
  PID:6464
- C:\Windows\System\qhwdJZs.exe
  C:\Windows\System\qhwdJZs.exe
  2⤵
  PID:6540
- C:\Windows\System\RNQZzaG.exe
  C:\Windows\System\RNQZzaG.exe
  2⤵
  PID:6576
- C:\Windows\System\XJQvlPr.exe
  C:\Windows\System\XJQvlPr.exe
  2⤵
  PID:6668
- C:\Windows\System\GQfbxdC.exe
  C:\Windows\System\GQfbxdC.exe
  2⤵
  PID:6700
- C:\Windows\System\oyDgPYT.exe
  C:\Windows\System\oyDgPYT.exe
  2⤵
  PID:6768
- C:\Windows\System\irUTFNv.exe
  C:\Windows\System\irUTFNv.exe
  2⤵
  PID:6828
- C:\Windows\System\LSjEAqQ.exe
  C:\Windows\System\LSjEAqQ.exe
  2⤵
  PID:6904
- C:\Windows\System\WvKWMmx.exe
  C:\Windows\System\WvKWMmx.exe
  2⤵
  PID:6964
- C:\Windows\System\cySyrlb.exe
  C:\Windows\System\cySyrlb.exe
  2⤵
  PID:7024
- C:\Windows\System\heWIvuT.exe
  C:\Windows\System\heWIvuT.exe
  2⤵
  PID:7100
- C:\Windows\System\wQUtPTJ.exe
  C:\Windows\System\wQUtPTJ.exe
  2⤵
  PID:7160
- C:\Windows\System\jjtOAYT.exe
  C:\Windows\System\jjtOAYT.exe
  2⤵
  PID:5472
- C:\Windows\System\RQIOcHL.exe
  C:\Windows\System\RQIOcHL.exe
  2⤵
  PID:6188
- C:\Windows\System\KxfDVyP.exe
  C:\Windows\System\KxfDVyP.exe
  2⤵
  PID:6348
- C:\Windows\System\oypRAgY.exe
  C:\Windows\System\oypRAgY.exe
  2⤵
  PID:6512
- C:\Windows\System\qpYhVaq.exe
  C:\Windows\System\qpYhVaq.exe
  2⤵
  PID:6644
- C:\Windows\System\faaOMcK.exe
  C:\Windows\System\faaOMcK.exe
  2⤵
  PID:6820
- C:\Windows\System\bKTgMtp.exe
  C:\Windows\System\bKTgMtp.exe
  2⤵
  PID:6940
- C:\Windows\System\jLAEeTG.exe
  C:\Windows\System\jLAEeTG.exe
  2⤵
  PID:7128
- C:\Windows\System\MnukOZY.exe
  C:\Windows\System\MnukOZY.exe
  2⤵
  PID:7184
- C:\Windows\System\CZmFpJA.exe
  C:\Windows\System\CZmFpJA.exe
  2⤵
  PID:7212
- C:\Windows\System\sYyKztC.exe
  C:\Windows\System\sYyKztC.exe
  2⤵
  PID:7240
- C:\Windows\System\EkobBPv.exe
  C:\Windows\System\EkobBPv.exe
  2⤵
  PID:7268
- C:\Windows\System\RpzzUIT.exe
  C:\Windows\System\RpzzUIT.exe
  2⤵
  PID:7296
- C:\Windows\System\OLnpdQS.exe
  C:\Windows\System\OLnpdQS.exe
  2⤵
  PID:7324
- C:\Windows\System\TjfODLs.exe
  C:\Windows\System\TjfODLs.exe
  2⤵
  PID:7352
- C:\Windows\System\VttokrN.exe
  C:\Windows\System\VttokrN.exe
  2⤵
  PID:7380
- C:\Windows\System\TbxzriC.exe
  C:\Windows\System\TbxzriC.exe
  2⤵
  PID:7408
- C:\Windows\System\rtzKKgE.exe
  C:\Windows\System\rtzKKgE.exe
  2⤵
  PID:7436
- C:\Windows\System\ehJoJvL.exe
  C:\Windows\System\ehJoJvL.exe
  2⤵
  PID:7464
- C:\Windows\System\qqIzRoi.exe
  C:\Windows\System\qqIzRoi.exe
  2⤵
  PID:7492
- C:\Windows\System\UwWjuuH.exe
  C:\Windows\System\UwWjuuH.exe
  2⤵
  PID:7520
- C:\Windows\System\SwvxnJw.exe
  C:\Windows\System\SwvxnJw.exe
  2⤵
  PID:7548
- C:\Windows\System\AYvKNdf.exe
  C:\Windows\System\AYvKNdf.exe
  2⤵
  PID:7576
- C:\Windows\System\izHSxTy.exe
  C:\Windows\System\izHSxTy.exe
  2⤵
  PID:7604
- C:\Windows\System\vkdxNgk.exe
  C:\Windows\System\vkdxNgk.exe
  2⤵
  PID:7644
- C:\Windows\System\fcegSQN.exe
  C:\Windows\System\fcegSQN.exe
  2⤵
  PID:7660
- C:\Windows\System\UKKzCtT.exe
  C:\Windows\System\UKKzCtT.exe
  2⤵
  PID:7688
- C:\Windows\System\amvawfK.exe
  C:\Windows\System\amvawfK.exe
  2⤵
  PID:7716
- C:\Windows\System\DRVgOTi.exe
  C:\Windows\System\DRVgOTi.exe
  2⤵
  PID:7744
- C:\Windows\System\GNaHvsw.exe
  C:\Windows\System\GNaHvsw.exe
  2⤵
  PID:7776
- C:\Windows\System\mmPWFaW.exe
  C:\Windows\System\mmPWFaW.exe
  2⤵
  PID:7812
- C:\Windows\System\AfzXOqh.exe
  C:\Windows\System\AfzXOqh.exe
  2⤵
  PID:7828
- C:\Windows\System\yptKdvr.exe
  C:\Windows\System\yptKdvr.exe
  2⤵
  PID:7868
- C:\Windows\System\BdAmAvA.exe
  C:\Windows\System\BdAmAvA.exe
  2⤵
  PID:7884
- C:\Windows\System\uyhJIUx.exe
  C:\Windows\System\uyhJIUx.exe
  2⤵
  PID:7924
- C:\Windows\System\bZVtnon.exe
  C:\Windows\System\bZVtnon.exe
  2⤵
  PID:7952
- C:\Windows\System\SuCwDQf.exe
  C:\Windows\System\SuCwDQf.exe
  2⤵
  PID:7968
- C:\Windows\System\qZWyQtL.exe
  C:\Windows\System\qZWyQtL.exe
  2⤵
  PID:7996
- C:\Windows\System\VBolPyQ.exe
  C:\Windows\System\VBolPyQ.exe
  2⤵
  PID:8024
- C:\Windows\System\KnUfNXy.exe
  C:\Windows\System\KnUfNXy.exe
  2⤵
  PID:8052
- C:\Windows\System\fUVQDmT.exe
  C:\Windows\System\fUVQDmT.exe
  2⤵
  PID:8072
- C:\Windows\System\QTFfFKB.exe
  C:\Windows\System\QTFfFKB.exe
  2⤵
  PID:8096
- C:\Windows\System\uHFwdaA.exe
  C:\Windows\System\uHFwdaA.exe
  2⤵
  PID:8124
- C:\Windows\System\DZGRsyo.exe
  C:\Windows\System\DZGRsyo.exe
  2⤵
  PID:8164
- C:\Windows\System\ngQIdAO.exe
  C:\Windows\System\ngQIdAO.exe
  2⤵
  PID:5128
- C:\Windows\System\IoOQXKh.exe
  C:\Windows\System\IoOQXKh.exe
  2⤵
  PID:6292
- C:\Windows\System\vspKmhQ.exe
  C:\Windows\System\vspKmhQ.exe
  2⤵
  PID:6736
- C:\Windows\System\NslgFuj.exe
  C:\Windows\System\NslgFuj.exe
  2⤵
  PID:7020
- C:\Windows\System\nKNkncW.exe
  C:\Windows\System\nKNkncW.exe
  2⤵
  PID:7200
- C:\Windows\System\DDxQJOn.exe
  C:\Windows\System\DDxQJOn.exe
  2⤵
  PID:7264
- C:\Windows\System\jRZTcZI.exe
  C:\Windows\System\jRZTcZI.exe
  2⤵
  PID:7320
- C:\Windows\System\KGYDoCI.exe
  C:\Windows\System\KGYDoCI.exe
  2⤵
  PID:7392
- C:\Windows\System\plyEHMf.exe
  C:\Windows\System\plyEHMf.exe
  2⤵
  PID:7480
- C:\Windows\System\ZgehdIQ.exe
  C:\Windows\System\ZgehdIQ.exe
  2⤵
  PID:7516
- C:\Windows\System\EEYGgpa.exe
  C:\Windows\System\EEYGgpa.exe
  2⤵
  PID:7588
- C:\Windows\System\pLLgWpe.exe
  C:\Windows\System\pLLgWpe.exe
  2⤵
  PID:7652
- C:\Windows\System\xWibnbJ.exe
  C:\Windows\System\xWibnbJ.exe
  2⤵
  PID:7712
- C:\Windows\System\tDANPfW.exe
  C:\Windows\System\tDANPfW.exe
  2⤵
  PID:7784
- C:\Windows\System\VUcKqZt.exe
  C:\Windows\System\VUcKqZt.exe
  2⤵
  PID:7840
- C:\Windows\System\omeIfvB.exe
  C:\Windows\System\omeIfvB.exe
  2⤵
  PID:7900
- C:\Windows\System\cqpMnaE.exe
  C:\Windows\System\cqpMnaE.exe
  2⤵
  PID:7988
- C:\Windows\System\hxcRoKb.exe
  C:\Windows\System\hxcRoKb.exe
  2⤵
  PID:8036
- C:\Windows\System\PsiRQKX.exe
  C:\Windows\System\PsiRQKX.exe
  2⤵
  PID:8092
- C:\Windows\System\vAqoURn.exe
  C:\Windows\System\vAqoURn.exe
  2⤵
  PID:8152
- C:\Windows\System\feyJxcQ.exe
  C:\Windows\System\feyJxcQ.exe
  2⤵
  PID:6268
- C:\Windows\System\nFZMTIO.exe
  C:\Windows\System\nFZMTIO.exe
  2⤵
  PID:7228
- C:\Windows\System\QgthfRT.exe
  C:\Windows\System\QgthfRT.exe
  2⤵
  PID:7308
- C:\Windows\System\csnZwmd.exe
  C:\Windows\System\csnZwmd.exe
  2⤵
  PID:7448
- C:\Windows\System\nHVPRzS.exe
  C:\Windows\System\nHVPRzS.exe
  2⤵
  PID:7632
- C:\Windows\System\aqdwgnf.exe
  C:\Windows\System\aqdwgnf.exe
  2⤵
  PID:7736
- C:\Windows\System\unsKFQD.exe
  C:\Windows\System\unsKFQD.exe
  2⤵
  PID:7860
- C:\Windows\System\McTgHmO.exe
  C:\Windows\System\McTgHmO.exe
  2⤵
  PID:8016
- C:\Windows\System\SiBtHGg.exe
  C:\Windows\System\SiBtHGg.exe
  2⤵
  PID:4832
- C:\Windows\System\SZhRFeE.exe
  C:\Windows\System\SZhRFeE.exe
  2⤵
  PID:8204
- C:\Windows\System\BySLytt.exe
  C:\Windows\System\BySLytt.exe
  2⤵
  PID:8232
- C:\Windows\System\vbimvGP.exe
  C:\Windows\System\vbimvGP.exe
  2⤵
  PID:8260
- C:\Windows\System\THHhfuo.exe
  C:\Windows\System\THHhfuo.exe
  2⤵
  PID:8288
- C:\Windows\System\UoXqgBI.exe
  C:\Windows\System\UoXqgBI.exe
  2⤵
  PID:8312
- C:\Windows\System\ANSAoMx.exe
  C:\Windows\System\ANSAoMx.exe
  2⤵
  PID:8344
- C:\Windows\System\uKsQEwn.exe
  C:\Windows\System\uKsQEwn.exe
  2⤵
  PID:8372
- C:\Windows\System\bTDckOJ.exe
  C:\Windows\System\bTDckOJ.exe
  2⤵
  PID:8400
- C:\Windows\System\xRWHCvN.exe
  C:\Windows\System\xRWHCvN.exe
  2⤵
  PID:8428
- C:\Windows\System\tsOmYan.exe
  C:\Windows\System\tsOmYan.exe
  2⤵
  PID:8456
- C:\Windows\System\bmEtzGB.exe
  C:\Windows\System\bmEtzGB.exe
  2⤵
  PID:8484
- C:\Windows\System\GHyujmD.exe
  C:\Windows\System\GHyujmD.exe
  2⤵
  PID:8512
- C:\Windows\System\DbdSVJp.exe
  C:\Windows\System\DbdSVJp.exe
  2⤵
  PID:8540
- C:\Windows\System\EjaEAiE.exe
  C:\Windows\System\EjaEAiE.exe
  2⤵
  PID:8568
- C:\Windows\System\EMBDcOs.exe
  C:\Windows\System\EMBDcOs.exe
  2⤵
  PID:8596
- C:\Windows\System\ZgRQfZi.exe
  C:\Windows\System\ZgRQfZi.exe
  2⤵
  PID:8636
- C:\Windows\System\EMypzDz.exe
  C:\Windows\System\EMypzDz.exe
  2⤵
  PID:8652
- C:\Windows\System\dgbINzL.exe
  C:\Windows\System\dgbINzL.exe
  2⤵
  PID:8680
- C:\Windows\System\VOJCqaw.exe
  C:\Windows\System\VOJCqaw.exe
  2⤵
  PID:8708
- C:\Windows\System\IhRYkpT.exe
  C:\Windows\System\IhRYkpT.exe
  2⤵
  PID:8736
- C:\Windows\System\DqaclYf.exe
  C:\Windows\System\DqaclYf.exe
  2⤵
  PID:8764
- C:\Windows\System\THlibxa.exe
  C:\Windows\System\THlibxa.exe
  2⤵
  PID:8792
- C:\Windows\System\RDWYiNV.exe
  C:\Windows\System\RDWYiNV.exe
  2⤵
  PID:8820
- C:\Windows\System\PgaxRUp.exe
  C:\Windows\System\PgaxRUp.exe
  2⤵
  PID:8848
- C:\Windows\System\FDrpjip.exe
  C:\Windows\System\FDrpjip.exe
  2⤵
  PID:8876
- C:\Windows\System\RXaCTbe.exe
  C:\Windows\System\RXaCTbe.exe
  2⤵
  PID:8904
- C:\Windows\System\zelYYFb.exe
  C:\Windows\System\zelYYFb.exe
  2⤵
  PID:8928
- C:\Windows\System\gLSmAsr.exe
  C:\Windows\System\gLSmAsr.exe
  2⤵
  PID:8960
- C:\Windows\System\mUlEmVp.exe
  C:\Windows\System\mUlEmVp.exe
  2⤵
  PID:8988
- C:\Windows\System\tVsfOZH.exe
  C:\Windows\System\tVsfOZH.exe
  2⤵
  PID:9012
- C:\Windows\System\XayfIGJ.exe
  C:\Windows\System\XayfIGJ.exe
  2⤵
  PID:9044
- C:\Windows\System\cNpfIOa.exe
  C:\Windows\System\cNpfIOa.exe
  2⤵
  PID:9072
- C:\Windows\System\cyWzuvB.exe
  C:\Windows\System\cyWzuvB.exe
  2⤵
  PID:9100
- C:\Windows\System\temrvcw.exe
  C:\Windows\System\temrvcw.exe
  2⤵
  PID:9128
- C:\Windows\System\UngFvuJ.exe
  C:\Windows\System\UngFvuJ.exe
  2⤵
  PID:9156
- C:\Windows\System\YPhUUQc.exe
  C:\Windows\System\YPhUUQc.exe
  2⤵
  PID:9184
- C:\Windows\System\mXLAOqe.exe
  C:\Windows\System\mXLAOqe.exe
  2⤵
  PID:9212
- C:\Windows\System\bJXCgCM.exe
  C:\Windows\System\bJXCgCM.exe
  2⤵
  PID:7344
- C:\Windows\System\EeMicZv.exe
  C:\Windows\System\EeMicZv.exe
  2⤵
  PID:7616
- C:\Windows\System\AbKRzZO.exe
  C:\Windows\System\AbKRzZO.exe
  2⤵
  PID:1844
- C:\Windows\System\wxpLtDa.exe
  C:\Windows\System\wxpLtDa.exe
  2⤵
  PID:8116
- C:\Windows\System\zTwJlcP.exe
  C:\Windows\System\zTwJlcP.exe
  2⤵
  PID:8224
- C:\Windows\System\TQKEWjz.exe
  C:\Windows\System\TQKEWjz.exe
  2⤵
  PID:8308
- C:\Windows\System\YmMXWfP.exe
  C:\Windows\System\YmMXWfP.exe
  2⤵
  PID:8384
- C:\Windows\System\TCoHVxe.exe
  C:\Windows\System\TCoHVxe.exe
  2⤵
  PID:8440
- C:\Windows\System\BYzcBvd.exe
  C:\Windows\System\BYzcBvd.exe
  2⤵
  PID:8500
- C:\Windows\System\DQURjwc.exe
  C:\Windows\System\DQURjwc.exe
  2⤵
  PID:8552
- C:\Windows\System\ThosaIu.exe
  C:\Windows\System\ThosaIu.exe
  2⤵
  PID:8608
- C:\Windows\System\iawyWvF.exe
  C:\Windows\System\iawyWvF.exe
  2⤵
  PID:8672
- C:\Windows\System\MjqdEOz.exe
  C:\Windows\System\MjqdEOz.exe
  2⤵
  PID:8944
- C:\Windows\System\gBkoDbP.exe
  C:\Windows\System\gBkoDbP.exe
  2⤵
  PID:8976
- C:\Windows\System\zWaedmD.exe
  C:\Windows\System\zWaedmD.exe
  2⤵
  PID:9064
- C:\Windows\System\NcxFKtY.exe
  C:\Windows\System\NcxFKtY.exe
  2⤵
  PID:9120
- C:\Windows\System\weJQzLm.exe
  C:\Windows\System\weJQzLm.exe
  2⤵
  PID:9172
- C:\Windows\System\CxHyIit.exe
  C:\Windows\System\CxHyIit.exe
  2⤵
  PID:7292
- C:\Windows\System\WiOxXTL.exe
  C:\Windows\System\WiOxXTL.exe
  2⤵
  PID:1724
- C:\Windows\System\eoVFtdV.exe
  C:\Windows\System\eoVFtdV.exe
  2⤵
  PID:320
- C:\Windows\System\HthNTNP.exe
  C:\Windows\System\HthNTNP.exe
  2⤵
  PID:2072
- C:\Windows\System\fraDGZY.exe
  C:\Windows\System\fraDGZY.exe
  2⤵
  PID:5032
- C:\Windows\System\EDwdgoL.exe
  C:\Windows\System\EDwdgoL.exe
  2⤵
  PID:3236
- C:\Windows\System\vRsPljK.exe
  C:\Windows\System\vRsPljK.exe
  2⤵
  PID:1328
- C:\Windows\System\rvNNGRX.exe
  C:\Windows\System\rvNNGRX.exe
  2⤵
  PID:8588
- C:\Windows\System\dXlMLyZ.exe
  C:\Windows\System\dXlMLyZ.exe
  2⤵
  PID:3260
- C:\Windows\System\WYLahBV.exe
  C:\Windows\System\WYLahBV.exe
  2⤵
  PID:4452
- C:\Windows\System\ezttTej.exe
  C:\Windows\System\ezttTej.exe
  2⤵
  PID:4788
- C:\Windows\System\WLzYXGS.exe
  C:\Windows\System\WLzYXGS.exe
  2⤵
  PID:8896
- C:\Windows\System\diLOhvp.exe
  C:\Windows\System\diLOhvp.exe
  2⤵
  PID:9028
- C:\Windows\System\aDmTmwA.exe
  C:\Windows\System\aDmTmwA.exe
  2⤵
  PID:208
- C:\Windows\System\tReFqFn.exe
  C:\Windows\System\tReFqFn.exe
  2⤵
  PID:7944
- C:\Windows\System\zHanOwD.exe
  C:\Windows\System\zHanOwD.exe
  2⤵
  PID:8280
- C:\Windows\System\jWAEiNR.exe
  C:\Windows\System\jWAEiNR.exe
  2⤵
  PID:1368
- C:\Windows\System\OkMhOYt.exe
  C:\Windows\System\OkMhOYt.exe
  2⤵
  PID:8664
- C:\Windows\System\ggnQBuu.exe
  C:\Windows\System\ggnQBuu.exe
  2⤵
  PID:8756
- C:\Windows\System\pyksmMe.exe
  C:\Windows\System\pyksmMe.exe
  2⤵
  PID:3696
- C:\Windows\System\KfcleLW.exe
  C:\Windows\System\KfcleLW.exe
  2⤵
  PID:4256
- C:\Windows\System\ojyYoRi.exe
  C:\Windows\System\ojyYoRi.exe
  2⤵
  PID:8920
- C:\Windows\System\SOnMNAI.exe
  C:\Windows\System\SOnMNAI.exe
  2⤵
  PID:9232
- C:\Windows\System\jTySLUH.exe
  C:\Windows\System\jTySLUH.exe
  2⤵
  PID:9248
- C:\Windows\System\zrVnKgG.exe
  C:\Windows\System\zrVnKgG.exe
  2⤵
  PID:9292
- C:\Windows\System\XdOEKBe.exe
  C:\Windows\System\XdOEKBe.exe
  2⤵
  PID:9320
- C:\Windows\System\mWVyvTK.exe
  C:\Windows\System\mWVyvTK.exe
  2⤵
  PID:9348
- C:\Windows\System\DcuknVH.exe
  C:\Windows\System\DcuknVH.exe
  2⤵
  PID:9380
- C:\Windows\System\GtfrYPr.exe
  C:\Windows\System\GtfrYPr.exe
  2⤵
  PID:9408
- C:\Windows\System\FGvrhvf.exe
  C:\Windows\System\FGvrhvf.exe
  2⤵
  PID:9440
- C:\Windows\System\PDdfjOf.exe
  C:\Windows\System\PDdfjOf.exe
  2⤵
  PID:9472
- C:\Windows\System\nvKzitD.exe
  C:\Windows\System\nvKzitD.exe
  2⤵
  PID:9500
- C:\Windows\System\KSMzBEx.exe
  C:\Windows\System\KSMzBEx.exe
  2⤵
  PID:9528
- C:\Windows\System\AkGapkd.exe
  C:\Windows\System\AkGapkd.exe
  2⤵
  PID:9564
- C:\Windows\System\CIjYMdB.exe
  C:\Windows\System\CIjYMdB.exe
  2⤵
  PID:9596
- C:\Windows\System\DvEyRPV.exe
  C:\Windows\System\DvEyRPV.exe
  2⤵
  PID:9628
- C:\Windows\System\BGhcFYc.exe
  C:\Windows\System\BGhcFYc.exe
  2⤵
  PID:9644
- C:\Windows\System\NPbnElc.exe
  C:\Windows\System\NPbnElc.exe
  2⤵
  PID:9676
- C:\Windows\System\hUQXWTV.exe
  C:\Windows\System\hUQXWTV.exe
  2⤵
  PID:9700
- C:\Windows\System\HSlDFHH.exe
  C:\Windows\System\HSlDFHH.exe
  2⤵
  PID:9740
- C:\Windows\System\JorWdOM.exe
  C:\Windows\System\JorWdOM.exe
  2⤵
  PID:9768
- C:\Windows\System\MdtDCgC.exe
  C:\Windows\System\MdtDCgC.exe
  2⤵
  PID:9796
- C:\Windows\System\hrdDdwM.exe
  C:\Windows\System\hrdDdwM.exe
  2⤵
  PID:9832
- C:\Windows\System\ZEgBEyQ.exe
  C:\Windows\System\ZEgBEyQ.exe
  2⤵
  PID:9848
- C:\Windows\System\GSBtUoA.exe
  C:\Windows\System\GSBtUoA.exe
  2⤵
  PID:9888
- C:\Windows\System\xwBrRkz.exe
  C:\Windows\System\xwBrRkz.exe
  2⤵
  PID:9916
- C:\Windows\System\GesBNAs.exe
  C:\Windows\System\GesBNAs.exe
  2⤵
  PID:9944
- C:\Windows\System\RZPQuZC.exe
  C:\Windows\System\RZPQuZC.exe
  2⤵
  PID:9972
- C:\Windows\System\MOhvNZS.exe
  C:\Windows\System\MOhvNZS.exe
  2⤵
  PID:10004
- C:\Windows\System\YTjHnwv.exe
  C:\Windows\System\YTjHnwv.exe
  2⤵
  PID:10044
- C:\Windows\System\NZTmPIw.exe
  C:\Windows\System\NZTmPIw.exe
  2⤵
  PID:10068
- C:\Windows\System\TAdiYGq.exe
  C:\Windows\System\TAdiYGq.exe
  2⤵
  PID:10108
- C:\Windows\System\mTvDhWW.exe
  C:\Windows\System\mTvDhWW.exe
  2⤵
  PID:10128
- C:\Windows\System\LOQcYjy.exe
  C:\Windows\System\LOQcYjy.exe
  2⤵
  PID:10180
- C:\Windows\System\rdGKvti.exe
  C:\Windows\System\rdGKvti.exe
  2⤵
  PID:10196
- C:\Windows\System\KwGnOKZ.exe
  C:\Windows\System\KwGnOKZ.exe
  2⤵
  PID:8924
- C:\Windows\System\meXguGe.exe
  C:\Windows\System\meXguGe.exe
  2⤵
  PID:8420
- C:\Windows\System\EcmOhfN.exe
  C:\Windows\System\EcmOhfN.exe
  2⤵
  PID:9244
- C:\Windows\System\YoJiHjL.exe
  C:\Windows\System\YoJiHjL.exe
  2⤵
  PID:9312
- C:\Windows\System\ormbyWY.exe
  C:\Windows\System\ormbyWY.exe
  2⤵
  PID:9452
- C:\Windows\System\itiqEdb.exe
  C:\Windows\System\itiqEdb.exe
  2⤵
  PID:9552
- C:\Windows\System\ydRjpqd.exe
  C:\Windows\System\ydRjpqd.exe
  2⤵
  PID:9608
- C:\Windows\System\QXauUiL.exe
  C:\Windows\System\QXauUiL.exe
  2⤵
  PID:9692
- C:\Windows\System\PtEsuXt.exe
  C:\Windows\System\PtEsuXt.exe
  2⤵
  PID:9764
- C:\Windows\System\yhBfmfe.exe
  C:\Windows\System\yhBfmfe.exe
  2⤵
  PID:9828
- C:\Windows\System\wpFfCvM.exe
  C:\Windows\System\wpFfCvM.exe
  2⤵
  PID:9908
- C:\Windows\System\NSCxCKP.exe
  C:\Windows\System\NSCxCKP.exe
  2⤵
  PID:9960
- C:\Windows\System\Oozdaln.exe
  C:\Windows\System\Oozdaln.exe
  2⤵
  PID:10016
- C:\Windows\System\BBnpwPc.exe
  C:\Windows\System\BBnpwPc.exe
  2⤵
  PID:10096
- C:\Windows\System\rNgdBxb.exe
  C:\Windows\System\rNgdBxb.exe
  2⤵
  PID:4696
- C:\Windows\System\fFSbPeD.exe
  C:\Windows\System\fFSbPeD.exe
  2⤵
  PID:10208
- C:\Windows\System\fgtxIEw.exe
  C:\Windows\System\fgtxIEw.exe
  2⤵
  PID:4932
- C:\Windows\System\rnsmiGE.exe
  C:\Windows\System\rnsmiGE.exe
  2⤵
  PID:9376
- C:\Windows\System\uPlVQrE.exe
  C:\Windows\System\uPlVQrE.exe
  2⤵
  PID:4872
- C:\Windows\System\gvaYQLe.exe
  C:\Windows\System\gvaYQLe.exe
  2⤵
  PID:9576
- C:\Windows\System\opKbTGU.exe
  C:\Windows\System\opKbTGU.exe
  2⤵
  PID:3896
- C:\Windows\System\lhQvgCN.exe
  C:\Windows\System\lhQvgCN.exe
  2⤵
  PID:9884
- C:\Windows\System\RFiXyGE.exe
  C:\Windows\System\RFiXyGE.exe
  2⤵
  PID:10036
- C:\Windows\System\omxASix.exe
  C:\Windows\System\omxASix.exe
  2⤵
  PID:1152
- C:\Windows\System\ZaAbgSw.exe
  C:\Windows\System\ZaAbgSw.exe
  2⤵
  PID:3760
- C:\Windows\System\lXlLvXi.exe
  C:\Windows\System\lXlLvXi.exe
  2⤵
  PID:9492
- C:\Windows\System\vtxQlYr.exe
  C:\Windows\System\vtxQlYr.exe
  2⤵
  PID:9620
- C:\Windows\System\fNFwrtm.exe
  C:\Windows\System\fNFwrtm.exe
  2⤵
  PID:2276
- C:\Windows\System\NlAJnbE.exe
  C:\Windows\System\NlAJnbE.exe
  2⤵
  PID:116
- C:\Windows\System\lEQaFRY.exe
  C:\Windows\System\lEQaFRY.exe
  2⤵
  PID:2200
- C:\Windows\System\fCpKjVZ.exe
  C:\Windows\System\fCpKjVZ.exe
  2⤵
  PID:216
- C:\Windows\System\zEYXgsw.exe
  C:\Windows\System\zEYXgsw.exe
  2⤵
  PID:4908
- C:\Windows\System\ZvZVndo.exe
  C:\Windows\System\ZvZVndo.exe
  2⤵
  PID:1176
- C:\Windows\System\CAbeyzH.exe
  C:\Windows\System\CAbeyzH.exe
  2⤵
  PID:10244
- C:\Windows\System\CiqFCWP.exe
  C:\Windows\System\CiqFCWP.exe
  2⤵
  PID:10280
- C:\Windows\System\AnlZqfY.exe
  C:\Windows\System\AnlZqfY.exe
  2⤵
  PID:10308
- C:\Windows\System\RimwkIi.exe
  C:\Windows\System\RimwkIi.exe
  2⤵
  PID:10336
- C:\Windows\System\epBhjCg.exe
  C:\Windows\System\epBhjCg.exe
  2⤵
  PID:10376
- C:\Windows\System\GqHtgGH.exe
  C:\Windows\System\GqHtgGH.exe
  2⤵
  PID:10404
- C:\Windows\System\ZwTTFSI.exe
  C:\Windows\System\ZwTTFSI.exe
  2⤵
  PID:10432
- C:\Windows\System\uwnapEh.exe
  C:\Windows\System\uwnapEh.exe
  2⤵
  PID:10460
- C:\Windows\System\EPnmurE.exe
  C:\Windows\System\EPnmurE.exe
  2⤵
  PID:10488
- C:\Windows\System\jfpYyhW.exe
  C:\Windows\System\jfpYyhW.exe
  2⤵
  PID:10516
- C:\Windows\System\sKZKgwN.exe
  C:\Windows\System\sKZKgwN.exe
  2⤵
  PID:10548
- C:\Windows\System\DBROtad.exe
  C:\Windows\System\DBROtad.exe
  2⤵
  PID:10596
- C:\Windows\System\qnUFEQX.exe
  C:\Windows\System\qnUFEQX.exe
  2⤵
  PID:10620
- C:\Windows\System\AUSHTyb.exe
  C:\Windows\System\AUSHTyb.exe
  2⤵
  PID:10644
- C:\Windows\System\GgeURLn.exe
  C:\Windows\System\GgeURLn.exe
  2⤵
  PID:10692
- C:\Windows\System\hDZMVMq.exe
  C:\Windows\System\hDZMVMq.exe
  2⤵
  PID:10728
- C:\Windows\System\MAFEhhH.exe
  C:\Windows\System\MAFEhhH.exe
  2⤵
  PID:10780
- C:\Windows\System\XOtcdIY.exe
  C:\Windows\System\XOtcdIY.exe
  2⤵
  PID:10820
- C:\Windows\System\eqddkFb.exe
  C:\Windows\System\eqddkFb.exe
  2⤵
  PID:10848
- C:\Windows\System\FDIuQxH.exe
  C:\Windows\System\FDIuQxH.exe
  2⤵
  PID:10880
- C:\Windows\System\MlFudBU.exe
  C:\Windows\System\MlFudBU.exe
  2⤵
  PID:10916
- C:\Windows\System\HndVBoR.exe
  C:\Windows\System\HndVBoR.exe
  2⤵
  PID:10936
- C:\Windows\System\BVcTNFg.exe
  C:\Windows\System\BVcTNFg.exe
  2⤵
  PID:10968
- C:\Windows\System\PKAuQid.exe
  C:\Windows\System\PKAuQid.exe
  2⤵
  PID:10996
- C:\Windows\System\oMrgZEh.exe
  C:\Windows\System\oMrgZEh.exe
  2⤵
  PID:11016
- C:\Windows\System\HwoGAVS.exe
  C:\Windows\System\HwoGAVS.exe
  2⤵
  PID:11044
- C:\Windows\System\jXuIwRy.exe
  C:\Windows\System\jXuIwRy.exe
  2⤵
  PID:11072
- C:\Windows\System\TmoDGJI.exe
  C:\Windows\System\TmoDGJI.exe
  2⤵
  PID:11120
- C:\Windows\System\DxNiErM.exe
  C:\Windows\System\DxNiErM.exe
  2⤵
  PID:11148
- C:\Windows\System\iEdJMbs.exe
  C:\Windows\System\iEdJMbs.exe
  2⤵
  PID:11188
- C:\Windows\System\qEPBBKn.exe
  C:\Windows\System\qEPBBKn.exe
  2⤵
  PID:11228
- C:\Windows\System\sYJbtkm.exe
  C:\Windows\System\sYJbtkm.exe
  2⤵
  PID:11248
- C:\Windows\System\meTjHBL.exe
  C:\Windows\System\meTjHBL.exe
  2⤵
  PID:10272
- C:\Windows\System\XPQuBXR.exe
  C:\Windows\System\XPQuBXR.exe
  2⤵
  PID:10116
- C:\Windows\System\vDYCPzo.exe
  C:\Windows\System\vDYCPzo.exe
  2⤵
  PID:10388
- C:\Windows\System\dXbDamd.exe
  C:\Windows\System\dXbDamd.exe
  2⤵
  PID:10456
- C:\Windows\System\kVcYdpd.exe
  C:\Windows\System\kVcYdpd.exe
  2⤵
  PID:10524
- C:\Windows\System\uWxnDmX.exe
  C:\Windows\System\uWxnDmX.exe
  2⤵
  PID:10572
- C:\Windows\System\OiScrxn.exe
  C:\Windows\System\OiScrxn.exe
  2⤵
  PID:10652
- C:\Windows\System\hMShhMb.exe
  C:\Windows\System\hMShhMb.exe
  2⤵
  PID:10704
- C:\Windows\System\OvlYCBD.exe
  C:\Windows\System\OvlYCBD.exe
  2⤵
  PID:10832
- C:\Windows\System\UlZZRui.exe
  C:\Windows\System\UlZZRui.exe
  2⤵
  PID:10904
- C:\Windows\System\pBdZGrR.exe
  C:\Windows\System\pBdZGrR.exe
  2⤵
  PID:10988
- C:\Windows\System\yZGYbMW.exe
  C:\Windows\System\yZGYbMW.exe
  2⤵
  PID:11036
- C:\Windows\System\lgMVOby.exe
  C:\Windows\System\lgMVOby.exe
  2⤵
  PID:1476
- C:\Windows\System\dSRgxii.exe
  C:\Windows\System\dSRgxii.exe
  2⤵
  PID:11176
- C:\Windows\System\KdkgNbt.exe
  C:\Windows\System\KdkgNbt.exe
  2⤵
  PID:11260
- C:\Windows\System\tdcqmFf.exe
  C:\Windows\System\tdcqmFf.exe
  2⤵
  PID:10368
- C:\Windows\System\WuNrTRm.exe
  C:\Windows\System\WuNrTRm.exe
  2⤵
  PID:10500
- C:\Windows\System\nuuxjat.exe
  C:\Windows\System\nuuxjat.exe
  2⤵
  PID:10636
- C:\Windows\System\BtZukYJ.exe
  C:\Windows\System\BtZukYJ.exe
  2⤵
  PID:10816
- C:\Windows\System\zmfCObh.exe
  C:\Windows\System\zmfCObh.exe
  2⤵
  PID:720
- C:\Windows\System\IcxJDYG.exe
  C:\Windows\System\IcxJDYG.exe
  2⤵
  PID:1600
- C:\Windows\System\xufDKdU.exe
  C:\Windows\System\xufDKdU.exe
  2⤵
  PID:11008
- C:\Windows\System\nzDYmpT.exe
  C:\Windows\System\nzDYmpT.exe
  2⤵
  PID:11136
- C:\Windows\System\ahjJeTl.exe
  C:\Windows\System\ahjJeTl.exe
  2⤵
  PID:10484
- C:\Windows\System\MyQZeIH.exe
  C:\Windows\System\MyQZeIH.exe
  2⤵
  PID:400
- C:\Windows\System\jxJPlbD.exe
  C:\Windows\System\jxJPlbD.exe
  2⤵
  PID:4260
- C:\Windows\System\nkhrTsd.exe
  C:\Windows\System\nkhrTsd.exe
  2⤵
  PID:11028
- C:\Windows\System\WPuMSWO.exe
  C:\Windows\System\WPuMSWO.exe
  2⤵
  PID:10348
- C:\Windows\System\WkPIoxM.exe
  C:\Windows\System\WkPIoxM.exe
  2⤵
  PID:11304
- C:\Windows\System\HnNiEFX.exe
  C:\Windows\System\HnNiEFX.exe
  2⤵
  PID:11348
- C:\Windows\System\MnpwBHi.exe
  C:\Windows\System\MnpwBHi.exe
  2⤵
  PID:11372
- C:\Windows\System\hXfuPMW.exe
  C:\Windows\System\hXfuPMW.exe
  2⤵
  PID:11392
- C:\Windows\System\GQisxiJ.exe
  C:\Windows\System\GQisxiJ.exe
  2⤵
  PID:11420
- C:\Windows\System\ZbBPGqW.exe
  C:\Windows\System\ZbBPGqW.exe
  2⤵
  PID:11460
- C:\Windows\System\HiGEDrJ.exe
  C:\Windows\System\HiGEDrJ.exe
  2⤵
  PID:11488
- C:\Windows\System\sKcunKt.exe
  C:\Windows\System\sKcunKt.exe
  2⤵
  PID:11516
- C:\Windows\System\wVnkyLH.exe
  C:\Windows\System\wVnkyLH.exe
  2⤵
  PID:11544
- C:\Windows\System\MgMfSQP.exe
  C:\Windows\System\MgMfSQP.exe
  2⤵
  PID:11572
- C:\Windows\System\KROXIoz.exe
  C:\Windows\System\KROXIoz.exe
  2⤵
  PID:11588
- C:\Windows\System\PwbhVwO.exe
  C:\Windows\System\PwbhVwO.exe
  2⤵
  PID:11628
- C:\Windows\System\DGvwGjn.exe
  C:\Windows\System\DGvwGjn.exe
  2⤵
  PID:11656
- C:\Windows\System\ITMTLFZ.exe
  C:\Windows\System\ITMTLFZ.exe
  2⤵
  PID:11676
- C:\Windows\System\mPZuvHV.exe
  C:\Windows\System\mPZuvHV.exe
  2⤵
  PID:11704
- C:\Windows\System\zmPAEOQ.exe
  C:\Windows\System\zmPAEOQ.exe
  2⤵
  PID:11740
- C:\Windows\System\VQjkrzg.exe
  C:\Windows\System\VQjkrzg.exe
  2⤵
  PID:11768
- C:\Windows\System\DfuKcrv.exe
  C:\Windows\System\DfuKcrv.exe
  2⤵
  PID:11796
- C:\Windows\System\azsGSNi.exe
  C:\Windows\System\azsGSNi.exe
  2⤵
  PID:11816
- C:\Windows\System\lUwtymJ.exe
  C:\Windows\System\lUwtymJ.exe
  2⤵
  PID:11852
- C:\Windows\System\nmsNPpN.exe
  C:\Windows\System\nmsNPpN.exe
  2⤵
  PID:11884
- C:\Windows\System\cHYygrD.exe
  C:\Windows\System\cHYygrD.exe
  2⤵
  PID:11912
- C:\Windows\System\QrTnMqB.exe
  C:\Windows\System\QrTnMqB.exe
  2⤵
  PID:11944
- C:\Windows\System\uptWujq.exe
  C:\Windows\System\uptWujq.exe
  2⤵
  PID:11972
- C:\Windows\System\QsORyjG.exe
  C:\Windows\System\QsORyjG.exe
  2⤵
  PID:12000
- C:\Windows\System\VxASUge.exe
  C:\Windows\System\VxASUge.exe
  2⤵
  PID:12028
- C:\Windows\System\qAJmFIy.exe
  C:\Windows\System\qAJmFIy.exe
  2⤵
  PID:12056
- C:\Windows\System\HjQOjNx.exe
  C:\Windows\System\HjQOjNx.exe
  2⤵
  PID:12084
- C:\Windows\System\FlHHcQo.exe
  C:\Windows\System\FlHHcQo.exe
  2⤵
  PID:12112
- C:\Windows\System\MRQruIu.exe
  C:\Windows\System\MRQruIu.exe
  2⤵
  PID:12140
- C:\Windows\System\FfXkzTk.exe
  C:\Windows\System\FfXkzTk.exe
  2⤵
  PID:12168
- C:\Windows\System\JTNCeYy.exe
  C:\Windows\System\JTNCeYy.exe
  2⤵
  PID:12196
- C:\Windows\System\UYeKMrb.exe
  C:\Windows\System\UYeKMrb.exe
  2⤵
  PID:12224
- C:\Windows\System\XXIxfrX.exe
  C:\Windows\System\XXIxfrX.exe
  2⤵
  PID:12252
- C:\Windows\System\UaYePet.exe
  C:\Windows\System\UaYePet.exe
  2⤵
  PID:12280
- C:\Windows\System\mEUgckx.exe
  C:\Windows\System\mEUgckx.exe
  2⤵
  PID:11300
- C:\Windows\System\OhNxAgw.exe
  C:\Windows\System\OhNxAgw.exe
  2⤵
  PID:11340
- C:\Windows\System\FStHKWz.exe
  C:\Windows\System\FStHKWz.exe
  2⤵
  PID:11412
- C:\Windows\System\iZIwJfq.exe
  C:\Windows\System\iZIwJfq.exe
  2⤵
  PID:11480
- C:\Windows\System\uMevsTS.exe
  C:\Windows\System\uMevsTS.exe
  2⤵
  PID:11540
- C:\Windows\System\bFdQHrV.exe
  C:\Windows\System\bFdQHrV.exe
  2⤵
  PID:11616
- C:\Windows\System\uRPuhnQ.exe
  C:\Windows\System\uRPuhnQ.exe
  2⤵
  PID:11668
- C:\Windows\System\uRWQayh.exe
  C:\Windows\System\uRWQayh.exe
  2⤵
  PID:11736
- C:\Windows\System\duELNsa.exe
  C:\Windows\System\duELNsa.exe
  2⤵
  PID:11792
- C:\Windows\System\TLibuaQ.exe
  C:\Windows\System\TLibuaQ.exe
  2⤵
  PID:11876
- C:\Windows\System\bJQRhPe.exe
  C:\Windows\System\bJQRhPe.exe
  2⤵
  PID:11924
- C:\Windows\System\KXxroxW.exe
  C:\Windows\System\KXxroxW.exe
  2⤵
  PID:11992
- C:\Windows\System\Csruggd.exe
  C:\Windows\System\Csruggd.exe
  2⤵
  PID:12068
- C:\Windows\System\UvZaZVt.exe
  C:\Windows\System\UvZaZVt.exe
  2⤵
  PID:5308
- C:\Windows\System\xARvDHd.exe
  C:\Windows\System\xARvDHd.exe
  2⤵
  PID:12160
- C:\Windows\System\zQmScjl.exe
  C:\Windows\System\zQmScjl.exe
  2⤵
  PID:12220
- C:\Windows\System\uWgpdZI.exe
  C:\Windows\System\uWgpdZI.exe
  2⤵
  PID:10760
- C:\Windows\System\erDMHdc.exe
  C:\Windows\System\erDMHdc.exe
  2⤵
  PID:11384
- C:\Windows\System\kBYmCLv.exe
  C:\Windows\System\kBYmCLv.exe
  2⤵
  PID:11524
- C:\Windows\System\wVezSFn.exe
  C:\Windows\System\wVezSFn.exe
  2⤵
  PID:5596
- C:\Windows\System\WwZDvfZ.exe
  C:\Windows\System\WwZDvfZ.exe
  2⤵
  PID:11732
- C:\Windows\System\RvlkHbB.exe
  C:\Windows\System\RvlkHbB.exe
  2⤵
  PID:10812
- C:\Windows\System\CMzKMvj.exe
  C:\Windows\System\CMzKMvj.exe
  2⤵
  PID:12024
- C:\Windows\System\DctaaXM.exe
  C:\Windows\System\DctaaXM.exe
  2⤵
  PID:12152
- C:\Windows\System\VXJvixJ.exe
  C:\Windows\System\VXJvixJ.exe
  2⤵
  PID:10928
- C:\Windows\System\TopCwuM.exe
  C:\Windows\System\TopCwuM.exe
  2⤵
  PID:11664
- C:\Windows\System\qSBQtrQ.exe
  C:\Windows\System\qSBQtrQ.exe
  2⤵
  PID:12124
- C:\Windows\System\sybCBgR.exe
  C:\Windows\System\sybCBgR.exe
  2⤵
  PID:5316
- C:\Windows\System\DLdvIwM.exe
  C:\Windows\System\DLdvIwM.exe
  2⤵
  PID:12332
- C:\Windows\System\dJCjxEG.exe
  C:\Windows\System\dJCjxEG.exe
  2⤵
  PID:12424
- C:\Windows\System\EyOhQxe.exe
  C:\Windows\System\EyOhQxe.exe
  2⤵
  PID:12440
- C:\Windows\System\yiWFRjh.exe
  C:\Windows\System\yiWFRjh.exe
  2⤵
  PID:12468
- C:\Windows\System\AfGMVEq.exe
  C:\Windows\System\AfGMVEq.exe
  2⤵
  PID:12512
- C:\Windows\System\rZGlrsR.exe
  C:\Windows\System\rZGlrsR.exe
  2⤵
  PID:12536
- C:\Windows\System\yAYKLMv.exe
  C:\Windows\System\yAYKLMv.exe
  2⤵
  PID:12564
- C:\Windows\System\XSJeLbi.exe
  C:\Windows\System\XSJeLbi.exe
  2⤵
  PID:12592
- C:\Windows\System\vgYkFRj.exe
  C:\Windows\System\vgYkFRj.exe
  2⤵
  PID:12620
- C:\Windows\System\txURfWr.exe
  C:\Windows\System\txURfWr.exe
  2⤵
  PID:12648
- C:\Windows\System\PMqrHuO.exe
  C:\Windows\System\PMqrHuO.exe
  2⤵
  PID:12676
- C:\Windows\System\xqgtIkk.exe
  C:\Windows\System\xqgtIkk.exe
  2⤵
  PID:12704
- C:\Windows\System\zlvmaHs.exe
  C:\Windows\System\zlvmaHs.exe
  2⤵
  PID:12732
- C:\Windows\System\LrtptzW.exe
  C:\Windows\System\LrtptzW.exe
  2⤵
  PID:12760
- C:\Windows\System\AHPbiXS.exe
  C:\Windows\System\AHPbiXS.exe
  2⤵
  PID:12788
- C:\Windows\System\VuejsXA.exe
  C:\Windows\System\VuejsXA.exe
  2⤵
  PID:12816
- C:\Windows\System\QQumiKz.exe
  C:\Windows\System\QQumiKz.exe
  2⤵
  PID:12844
- C:\Windows\System\oxazKZO.exe
  C:\Windows\System\oxazKZO.exe
  2⤵
  PID:12876
- C:\Windows\System\nFswQEO.exe
  C:\Windows\System\nFswQEO.exe
  2⤵
  PID:12904
- C:\Windows\System\VPCVHVr.exe
  C:\Windows\System\VPCVHVr.exe
  2⤵
  PID:12932
- C:\Windows\System\vJDgLGn.exe
  C:\Windows\System\vJDgLGn.exe
  2⤵
  PID:12960
- C:\Windows\System\beRhpBD.exe
  C:\Windows\System\beRhpBD.exe
  2⤵
  PID:12988
- C:\Windows\System\oxbaUjw.exe
  C:\Windows\System\oxbaUjw.exe
  2⤵
  PID:13020
- C:\Windows\System\rTvPQrP.exe
  C:\Windows\System\rTvPQrP.exe
  2⤵
  PID:13048
- C:\Windows\System\wZkxmGA.exe
  C:\Windows\System\wZkxmGA.exe
  2⤵
  PID:13076
- C:\Windows\System\bLCNlAy.exe
  C:\Windows\System\bLCNlAy.exe
  2⤵
  PID:13104
- C:\Windows\System\YMUXhlA.exe
  C:\Windows\System\YMUXhlA.exe
  2⤵
  PID:13132
- C:\Windows\System\CDEeKcd.exe
  C:\Windows\System\CDEeKcd.exe
  2⤵
  PID:13160
- C:\Windows\System\pLkHXeQ.exe
  C:\Windows\System\pLkHXeQ.exe
  2⤵
  PID:13200
- C:\Windows\System\bzxulDj.exe
  C:\Windows\System\bzxulDj.exe
  2⤵
  PID:13216
- C:\Windows\System\UezMMOI.exe
  C:\Windows\System\UezMMOI.exe
  2⤵
  PID:13244
- C:\Windows\System\sJigRwN.exe
  C:\Windows\System\sJigRwN.exe
  2⤵
  PID:13276
- C:\Windows\System\HCLYKrk.exe
  C:\Windows\System\HCLYKrk.exe
  2⤵
  PID:13304
- C:\Windows\System\SfWwtpL.exe
  C:\Windows\System\SfWwtpL.exe
  2⤵
  PID:12324
- C:\Windows\System\XlMYIUs.exe
  C:\Windows\System\XlMYIUs.exe
  2⤵
  PID:12020
- C:\Windows\System\IdAkfEx.exe
  C:\Windows\System\IdAkfEx.exe
  2⤵
  PID:12480
- C:\Windows\System\qkmeXye.exe
  C:\Windows\System\qkmeXye.exe
  2⤵
  PID:12548
- C:\Windows\System\DplOyLl.exe
  C:\Windows\System\DplOyLl.exe
  2⤵
  PID:12612
- C:\Windows\System\tlqwfjS.exe
  C:\Windows\System\tlqwfjS.exe
  2⤵
  PID:12672
- C:\Windows\System\aJaaKbz.exe
  C:\Windows\System\aJaaKbz.exe
  2⤵
  PID:12744
- C:\Windows\System\rjGiaQu.exe
  C:\Windows\System\rjGiaQu.exe
  2⤵
  PID:12784
- C:\Windows\System\eyeNhHq.exe
  C:\Windows\System\eyeNhHq.exe
  2⤵
  PID:12840
- C:\Windows\System\ziykdjZ.exe
  C:\Windows\System\ziykdjZ.exe
  2⤵
  PID:12900
- C:\Windows\System\RcWwWtl.exe
  C:\Windows\System\RcWwWtl.exe
  2⤵
  PID:12956
- C:\Windows\System\dRyuuWz.exe
  C:\Windows\System\dRyuuWz.exe
  2⤵
  PID:13032
- C:\Windows\System\hhtODoM.exe
  C:\Windows\System\hhtODoM.exe
  2⤵
  PID:13072
- C:\Windows\System\UNSBRaL.exe
  C:\Windows\System\UNSBRaL.exe
  2⤵
  PID:13156
- C:\Windows\System\HfLRomr.exe
  C:\Windows\System\HfLRomr.exe
  2⤵
  PID:4820
- C:\Windows\System\fxBcOIk.exe
  C:\Windows\System\fxBcOIk.exe
  2⤵
  PID:12300
- C:\Windows\System\VeygNtC.exe
  C:\Windows\System\VeygNtC.exe
  2⤵
  PID:12640
- C:\Windows\System\JlJVMMc.exe
  C:\Windows\System\JlJVMMc.exe
  2⤵
  PID:12780
- C:\Windows\System\PpoZXkr.exe
  C:\Windows\System\PpoZXkr.exe
  2⤵
  PID:12984
- C:\Windows\System\KbPktCK.exe
  C:\Windows\System\KbPktCK.exe
  2⤵
  PID:1180
- C:\Windows\System\qLjfZxx.exe
  C:\Windows\System\qLjfZxx.exe
  2⤵
  PID:10580
- C:\Windows\System\LJsAvrv.exe
  C:\Windows\System\LJsAvrv.exe
  2⤵
  PID:2864
- C:\Windows\System\vglPfvV.exe
  C:\Windows\System\vglPfvV.exe
  2⤵
  PID:6564
- C:\Windows\System\mJBAroh.exe
  C:\Windows\System\mJBAroh.exe
  2⤵
  PID:6620
- C:\Windows\System\hSUAUBR.exe
  C:\Windows\System\hSUAUBR.exe
  2⤵
  PID:12752
- C:\Windows\System\PRbcshr.exe
  C:\Windows\System\PRbcshr.exe
  2⤵
  PID:6300
- C:\Windows\System\LRnhUPK.exe
  C:\Windows\System\LRnhUPK.exe
  2⤵
  PID:3936
- C:\Windows\System\vuqLWdu.exe
  C:\Windows\System\vuqLWdu.exe
  2⤵
  PID:6900
- C:\Windows\System\rcTvRAw.exe
  C:\Windows\System\rcTvRAw.exe
  2⤵
  PID:10144
- C:\Windows\System\fjUypaD.exe
  C:\Windows\System\fjUypaD.exe
  2⤵
  PID:4156
- C:\Windows\System\WdOPfvI.exe
  C:\Windows\System\WdOPfvI.exe
  2⤵
  PID:1892
- C:\Windows\System\mcWJUfS.exe
  C:\Windows\System\mcWJUfS.exe
  2⤵
  PID:4536
- C:\Windows\System\ruMTCtG.exe
  C:\Windows\System\ruMTCtG.exe
  2⤵
  PID:13212
- C:\Windows\System\tDiYzqj.exe
  C:\Windows\System\tDiYzqj.exe
  2⤵
  PID:12700
- C:\Windows\System\shOsLiW.exe
  C:\Windows\System\shOsLiW.exe
  2⤵
  PID:6284
- C:\Windows\System\NHMbPjE.exe
  C:\Windows\System\NHMbPjE.exe
  2⤵
  PID:10588
- C:\Windows\System\wVBKXna.exe
  C:\Windows\System\wVBKXna.exe
  2⤵
  PID:7124
- C:\Windows\System\GdrOhgF.exe
  C:\Windows\System\GdrOhgF.exe
  2⤵
  PID:5852
- C:\Windows\System\rFqfJbz.exe
  C:\Windows\System\rFqfJbz.exe
  2⤵
  PID:6356
- C:\Windows\System\rNpkGsS.exe
  C:\Windows\System\rNpkGsS.exe
  2⤵
  PID:6520
- C:\Windows\System\RKkmHHR.exe
  C:\Windows\System\RKkmHHR.exe
  2⤵
  PID:6720
- C:\Windows\System\vWCfWBR.exe
  C:\Windows\System\vWCfWBR.exe
  2⤵
  PID:7016
- C:\Windows\System\zblAoGr.exe
  C:\Windows\System\zblAoGr.exe
  2⤵
  PID:3712
- C:\Windows\System\aiKAvkT.exe
  C:\Windows\System\aiKAvkT.exe
  2⤵
  PID:6240
- C:\Windows\System\jCRlCew.exe
  C:\Windows\System\jCRlCew.exe
  2⤵
  PID:6936
- C:\Windows\System\jnGYEbs.exe
  C:\Windows\System\jnGYEbs.exe
  2⤵
  PID:7192
- C:\Windows\System\gSdSUyr.exe
  C:\Windows\System\gSdSUyr.exe
  2⤵
  PID:7316
- C:\Windows\System\VgoziGJ.exe
  C:\Windows\System\VgoziGJ.exe
  2⤵
  PID:7432
- C:\Windows\System\kSBDmEe.exe
  C:\Windows\System\kSBDmEe.exe
  2⤵
  PID:7500
- C:\Windows\System\TgYKqyY.exe
  C:\Windows\System\TgYKqyY.exe
  2⤵
  PID:7620
- C:\Windows\System\qwzUFLp.exe
  C:\Windows\System\qwzUFLp.exe
  2⤵
  PID:7696
- C:\Windows\System\ICaZRhW.exe
  C:\Windows\System\ICaZRhW.exe
  2⤵
  PID:1948
- C:\Windows\System\HgUYglA.exe
  C:\Windows\System\HgUYglA.exe
  2⤵
  PID:7792
- C:\Windows\System\myinlif.exe
  C:\Windows\System\myinlif.exe
  2⤵
  PID:3508
- C:\Windows\System\vEgTuQJ.exe
  C:\Windows\System\vEgTuQJ.exe
  2⤵
  PID:2232
- C:\Windows\System\CHBMBdG.exe
  C:\Windows\System\CHBMBdG.exe
  2⤵
  PID:1684
- C:\Windows\System\wbdSMeP.exe
  C:\Windows\System\wbdSMeP.exe
  2⤵
  PID:4988
- C:\Windows\System\IquWZxY.exe
  C:\Windows\System\IquWZxY.exe
  2⤵
  PID:3216
- C:\Windows\System\FeITDHa.exe
  C:\Windows\System\FeITDHa.exe
  2⤵
  PID:2424
- C:\Windows\System\eAotDeE.exe
  C:\Windows\System\eAotDeE.exe
  2⤵
  PID:1708
- C:\Windows\System\BAQohLF.exe
  C:\Windows\System\BAQohLF.exe
  2⤵
  PID:692
- C:\Windows\System\ebPOzaE.exe
  C:\Windows\System\ebPOzaE.exe
  2⤵
  PID:4780
- C:\Windows\System\AeeXKOW.exe
  C:\Windows\System\AeeXKOW.exe
  2⤵
  PID:1648
- C:\Windows\System\dfCybSR.exe
  C:\Windows\System\dfCybSR.exe
  2⤵
  PID:1064
- C:\Windows\System\oWjrSoN.exe
  C:\Windows\System\oWjrSoN.exe
  2⤵
  PID:5048
- C:\Windows\System\VmnCckK.exe
  C:\Windows\System\VmnCckK.exe
  2⤵
  PID:4004
- C:\Windows\System\DNUEPDj.exe
  C:\Windows\System\DNUEPDj.exe
  2⤵
  PID:12920
- C:\Windows\System\ZEzyLOE.exe
  C:\Windows\System\ZEzyLOE.exe
  2⤵
  PID:1128
- C:\Windows\System\FEuiciN.exe
  C:\Windows\System\FEuiciN.exe
  2⤵
  PID:10148
- C:\Windows\System\AdXXNCD.exe
  C:\Windows\System\AdXXNCD.exe
  2⤵
  PID:6916
- C:\Windows\System\ijeSSYr.exe
  C:\Windows\System\ijeSSYr.exe
  2⤵
  PID:10120
- C:\Windows\System\uRUxFRy.exe
  C:\Windows\System\uRUxFRy.exe
  2⤵
  PID:12388
- C:\Windows\System\XqmkQBc.exe
  C:\Windows\System\XqmkQBc.exe
  2⤵
  PID:13180
- C:\Windows\System\xVbFkQi.exe
  C:\Windows\System\xVbFkQi.exe
  2⤵
  PID:6216
- C:\Windows\System\KLFeXHS.exe
  C:\Windows\System\KLFeXHS.exe
  2⤵
  PID:4120
- C:\Windows\System\asozUqZ.exe
  C:\Windows\System\asozUqZ.exe
  2⤵
  PID:5684
- C:\Windows\System\wqejQOI.exe
  C:\Windows\System\wqejQOI.exe
  2⤵
  PID:6160
- C:\Windows\System\JBRPLvO.exe
  C:\Windows\System\JBRPLvO.exe
  2⤵
  PID:6572
- C:\Windows\System\ZJnlAgY.exe
  C:\Windows\System\ZJnlAgY.exe
  2⤵
  PID:6960
- C:\Windows\System\ZFZMcUC.exe
  C:\Windows\System\ZFZMcUC.exe
  2⤵
  PID:13288
- C:\Windows\System\lhGvZIl.exe
  C:\Windows\System\lhGvZIl.exe
  2⤵
  PID:6996
- C:\Windows\System\xjMqwlP.exe
  C:\Windows\System\xjMqwlP.exe
  2⤵
  PID:7248
- C:\Windows\System\FJRefTq.exe
  C:\Windows\System\FJRefTq.exe
  2⤵
  PID:7444
- C:\Windows\System\dhlVByW.exe
  C:\Windows\System\dhlVByW.exe
  2⤵
  PID:7596
- C:\Windows\System\XkQCGpS.exe
  C:\Windows\System\XkQCGpS.exe
  2⤵
  PID:7668
- C:\Windows\System\lElvQAw.exe
  C:\Windows\System\lElvQAw.exe
  2⤵
  PID:4428
- C:\Windows\System\KwRHGMe.exe
  C:\Windows\System\KwRHGMe.exe
  2⤵
  PID:2244
- C:\Windows\System\HYLARxJ.exe
  C:\Windows\System\HYLARxJ.exe
  2⤵
  PID:5580
- C:\Windows\System\IFMVJtX.exe
  C:\Windows\System\IFMVJtX.exe
  2⤵
  PID:7848
- C:\Windows\System\BjWFkgR.exe
  C:\Windows\System\BjWFkgR.exe
  2⤵
  PID:4060
- C:\Windows\System\hXsplRO.exe
  C:\Windows\System\hXsplRO.exe
  2⤵
  PID:4976
- C:\Windows\System\jqAnSId.exe
  C:\Windows\System\jqAnSId.exe
  2⤵
  PID:5680
- C:\Windows\System\UVrSwiY.exe
  C:\Windows\System\UVrSwiY.exe
  2⤵
  PID:3604
- C:\Windows\System\vAzhLer.exe
  C:\Windows\System\vAzhLer.exe
  2⤵
  PID:6636
- C:\Windows\System\gznEXfz.exe
  C:\Windows\System\gznEXfz.exe
  2⤵
  PID:5780
- C:\Windows\System\JQcijTr.exe
  C:\Windows\System\JQcijTr.exe
  2⤵
  PID:7456
- C:\Windows\System\MLCEzPL.exe
  C:\Windows\System\MLCEzPL.exe
  2⤵
  PID:7912
- C:\Windows\System\HuLeIul.exe
  C:\Windows\System\HuLeIul.exe
  2⤵
  PID:5856
- C:\Windows\System\YsuMxrJ.exe
  C:\Windows\System\YsuMxrJ.exe
  2⤵
  PID:5892
- C:\Windows\System\xHdHJYf.exe
  C:\Windows\System\xHdHJYf.exe
  2⤵
  PID:3028
- C:\Windows\System\iDFFOHu.exe
  C:\Windows\System\iDFFOHu.exe
  2⤵
  PID:5212
- C:\Windows\System\wnVELel.exe
  C:\Windows\System\wnVELel.exe
  2⤵
  PID:5216
- C:\Windows\System\ICVnaoX.exe
  C:\Windows\System\ICVnaoX.exe
  2⤵
  PID:7108
- C:\Windows\System\QzUUpnP.exe
  C:\Windows\System\QzUUpnP.exe
  2⤵
  PID:6032
- C:\Windows\System\nSxpRas.exe
  C:\Windows\System\nSxpRas.exe
  2⤵
  PID:6088
- C:\Windows\System\rmYeILY.exe
  C:\Windows\System\rmYeILY.exe
  2⤵
  PID:5496
- C:\Windows\System\spaYBTr.exe
  C:\Windows\System\spaYBTr.exe
  2⤵
  PID:6128
- C:\Windows\System\DPavhDY.exe
  C:\Windows\System\DPavhDY.exe
  2⤵
  PID:6140
- C:\Windows\System\QXTQemS.exe
  C:\Windows\System\QXTQemS.exe
  2⤵
  PID:5652
- C:\Windows\System\RvQDEdk.exe
  C:\Windows\System\RvQDEdk.exe
  2⤵
  PID:5692
- C:\Windows\System\NOBgjWq.exe
  C:\Windows\System\NOBgjWq.exe
  2⤵
  PID:5720
- C:\Windows\System\fnaLJOf.exe
  C:\Windows\System\fnaLJOf.exe
  2⤵
  PID:4564
- C:\Windows\System\gjGhDZj.exe
  C:\Windows\System\gjGhDZj.exe
  2⤵
  PID:7540
- C:\Windows\System\cupyjfD.exe
  C:\Windows\System\cupyjfD.exe
  2⤵
  PID:5388
- C:\Windows\System\tkwhnUy.exe
  C:\Windows\System\tkwhnUy.exe
  2⤵
  PID:8068
- C:\Windows\System\sfoigZa.exe
  C:\Windows\System\sfoigZa.exe
  2⤵
  PID:5960
- C:\Windows\System\IJcWrBJ.exe
  C:\Windows\System\IJcWrBJ.exe
  2⤵
  PID:6744
- C:\Windows\System\HrYUibn.exe
  C:\Windows\System\HrYUibn.exe
  2⤵
  PID:7572
- C:\Windows\System\vMzyvqC.exe
  C:\Windows\System\vMzyvqC.exe
  2⤵
  PID:5512
- C:\Windows\System\JfnRTUM.exe
  C:\Windows\System\JfnRTUM.exe
  2⤵
  PID:2296
- C:\Windows\System\YmQcDbq.exe
  C:\Windows\System\YmQcDbq.exe
  2⤵
  PID:5152
- C:\Windows\System\EGhxwSB.exe
  C:\Windows\System\EGhxwSB.exe
  2⤵
  PID:4608
- C:\Windows\System\CCHaqwJ.exe
  C:\Windows\System\CCHaqwJ.exe
  2⤵
  PID:4420
- C:\Windows\System\yibEAst.exe
  C:\Windows\System\yibEAst.exe
  2⤵
  PID:7136
- C:\Windows\System\kXdtcTC.exe
  C:\Windows\System\kXdtcTC.exe
  2⤵
  PID:1564
- C:\Windows\System\LAqyXDR.exe
  C:\Windows\System\LAqyXDR.exe
  2⤵
  PID:5796
- C:\Windows\System\EwsZFja.exe
  C:\Windows\System\EwsZFja.exe
  2⤵
  PID:5708
- C:\Windows\System\MqczopK.exe
  C:\Windows\System\MqczopK.exe
  2⤵
  PID:7348
- C:\Windows\System\wZnHoWl.exe
  C:\Windows\System\wZnHoWl.exe
  2⤵
  PID:6184
- C:\Windows\System\zoOzzMD.exe
  C:\Windows\System\zoOzzMD.exe
  2⤵
  PID:8272
- C:\Windows\System\UsMYvNr.exe
  C:\Windows\System\UsMYvNr.exe
  2⤵
  PID:5288
- C:\Windows\System\WxRCAYY.exe
  C:\Windows\System\WxRCAYY.exe
  2⤵
  PID:4620
- C:\Windows\System\bNJxANJ.exe
  C:\Windows\System\bNJxANJ.exe
  2⤵
  PID:6352
- C:\Windows\System\WcvXrMm.exe
  C:\Windows\System\WcvXrMm.exe
  2⤵
  PID:6384
- C:\Windows\System\fLfekIn.exe
  C:\Windows\System\fLfekIn.exe
  2⤵
  PID:5520
- C:\Windows\System\pMIGYuS.exe
  C:\Windows\System\pMIGYuS.exe
  2⤵
  PID:5132
- C:\Windows\System\GiaTgiB.exe
  C:\Windows\System\GiaTgiB.exe
  2⤵
  PID:5300
- C:\Windows\System\kaCeJQf.exe
  C:\Windows\System\kaCeJQf.exe
  2⤵
  PID:8868
- C:\Windows\System\ansQcKx.exe
  C:\Windows\System\ansQcKx.exe
  2⤵
  PID:4708
- C:\Windows\System\XUtkewB.exe
  C:\Windows\System\XUtkewB.exe
  2⤵
  PID:13340
- C:\Windows\System\jYkgfcM.exe
  C:\Windows\System\jYkgfcM.exe
  2⤵
  PID:13368
- C:\Windows\System\jxmmcCf.exe
  C:\Windows\System\jxmmcCf.exe
  2⤵
  PID:13396
- C:\Windows\System\XhcNulM.exe
  C:\Windows\System\XhcNulM.exe
  2⤵
  PID:13424
- C:\Windows\System\fGbfYVc.exe
  C:\Windows\System\fGbfYVc.exe
  2⤵
  PID:13460
- C:\Windows\System\QguniAN.exe
  C:\Windows\System\QguniAN.exe
  2⤵
  PID:13488
- C:\Windows\System\HEkyDHl.exe
  C:\Windows\System\HEkyDHl.exe
  2⤵
  PID:13524
- C:\Windows\System\mpdzYhD.exe
  C:\Windows\System\mpdzYhD.exe
  2⤵
  PID:13544
- C:\Windows\System\KSrrOrH.exe
  C:\Windows\System\KSrrOrH.exe
  2⤵
  PID:13572
- C:\Windows\System\oDkMKGP.exe
  C:\Windows\System\oDkMKGP.exe
  2⤵
  PID:13600
- C:\Windows\System\hnpjJoX.exe
  C:\Windows\System\hnpjJoX.exe
  2⤵
  PID:13628
- C:\Windows\System\bLCFwhn.exe
  C:\Windows\System\bLCFwhn.exe
  2⤵
  PID:13656
- C:\Windows\System\wJuLjWZ.exe
  C:\Windows\System\wJuLjWZ.exe
  2⤵
  PID:13684
- C:\Windows\System\ZxnAjbL.exe
  C:\Windows\System\ZxnAjbL.exe
  2⤵
  PID:13712
- C:\Windows\System\kQCFyzz.exe
  C:\Windows\System\kQCFyzz.exe
  2⤵
  PID:13740
- C:\Windows\System\Rctyglb.exe
  C:\Windows\System\Rctyglb.exe
  2⤵
  PID:13768
- C:\Windows\System\ytJFgpR.exe
  C:\Windows\System\ytJFgpR.exe
  2⤵
  PID:13796
- C:\Windows\System\xFJFmwf.exe
  C:\Windows\System\xFJFmwf.exe
  2⤵
  PID:13824
- C:\Windows\System\ZpipAdR.exe
  C:\Windows\System\ZpipAdR.exe
  2⤵
  PID:13852
- C:\Windows\System\yiavdfh.exe
  C:\Windows\System\yiavdfh.exe
  2⤵
  PID:13880
- C:\Windows\System\oTAPNin.exe
  C:\Windows\System\oTAPNin.exe
  2⤵
  PID:13908
- C:\Windows\System\UFwHlEt.exe
  C:\Windows\System\UFwHlEt.exe
  2⤵
  PID:13936
- C:\Windows\System\xLJHMDq.exe
  C:\Windows\System\xLJHMDq.exe
  2⤵
  PID:13964
- C:\Windows\System\XouBAyp.exe
  C:\Windows\System\XouBAyp.exe
  2⤵
  PID:13992
- C:\Windows\System\gYKMQEc.exe
  C:\Windows\System\gYKMQEc.exe
  2⤵
  PID:14020
- C:\Windows\System\UzaYvyq.exe
  C:\Windows\System\UzaYvyq.exe
  2⤵
  PID:14048
- C:\Windows\System\hkjuJDX.exe
  C:\Windows\System\hkjuJDX.exe
  2⤵
  PID:14076
- C:\Windows\System\RtdWqAb.exe
  C:\Windows\System\RtdWqAb.exe
  2⤵
  PID:14104
- C:\Windows\System\poMfLqZ.exe
  C:\Windows\System\poMfLqZ.exe
  2⤵
  PID:14132
- C:\Windows\System\sDEdTkx.exe
  C:\Windows\System\sDEdTkx.exe
  2⤵
  PID:14160
- C:\Windows\System\IYkIlaa.exe
  C:\Windows\System\IYkIlaa.exe
  2⤵
  PID:14192
- C:\Windows\System\PCHeXpN.exe
  C:\Windows\System\PCHeXpN.exe
  2⤵
  PID:14220
- C:\Windows\System\LZgnTtz.exe
  C:\Windows\System\LZgnTtz.exe
  2⤵
  PID:14248
- C:\Windows\System\ljOrkyH.exe
  C:\Windows\System\ljOrkyH.exe
  2⤵
  PID:14276
- C:\Windows\System\RXxasqC.exe
  C:\Windows\System\RXxasqC.exe
  2⤵
  PID:14304
- C:\Windows\System\dnfpgCk.exe
  C:\Windows\System\dnfpgCk.exe
  2⤵
  PID:14332
- C:\Windows\System\GQneGXd.exe
  C:\Windows\System\GQneGXd.exe
  2⤵
  PID:13364
- C:\Windows\System\WIEYIdK.exe
  C:\Windows\System\WIEYIdK.exe
  2⤵
  PID:13436
- C:\Windows\System\ZisqzMg.exe
  C:\Windows\System\ZisqzMg.exe
  2⤵
  PID:13508
- C:\Windows\System\gYEMimr.exe
  C:\Windows\System\gYEMimr.exe
  2⤵
  PID:13556
- C:\Windows\System\eNagLMZ.exe
  C:\Windows\System\eNagLMZ.exe
  2⤵
  PID:13620
- C:\Windows\System\yzCYkKh.exe
  C:\Windows\System\yzCYkKh.exe
  2⤵
  PID:13668
- C:\Windows\System\TlSDkld.exe
  C:\Windows\System\TlSDkld.exe
  2⤵
  PID:13708
- C:\Windows\System\fNnICDP.exe
  C:\Windows\System\fNnICDP.exe
  2⤵
  PID:13760
- C:\Windows\System\kxjaYjl.exe
  C:\Windows\System\kxjaYjl.exe
  2⤵
  PID:13820
- C:\Windows\System\PevTXGj.exe
  C:\Windows\System\PevTXGj.exe
  2⤵
  PID:13900
- C:\Windows\System\BzemFrJ.exe
  C:\Windows\System\BzemFrJ.exe
  2⤵
  PID:13948
- C:\Windows\System\GKlJoLR.exe
  C:\Windows\System\GKlJoLR.exe
  2⤵
  PID:13988
- C:\Windows\System\NbeRWvl.exe
  C:\Windows\System\NbeRWvl.exe
  2⤵
  PID:14044
- C:\Windows\System\HUTxxDE.exe
  C:\Windows\System\HUTxxDE.exe
  2⤵
  PID:14096
- C:\Windows\System\LlovXXg.exe
  C:\Windows\System\LlovXXg.exe
  2⤵
  PID:14144
- C:\Windows\System\BVvuzJi.exe
  C:\Windows\System\BVvuzJi.exe
  2⤵
  PID:3880
- C:\Windows\System\AHuuTJP.exe
  C:\Windows\System\AHuuTJP.exe
  2⤵
  PID:14240
- C:\Windows\System\blWcfan.exe
  C:\Windows\System\blWcfan.exe
  2⤵
  PID:14300
- C:\Windows\System\aMsYQNo.exe
  C:\Windows\System\aMsYQNo.exe
  2⤵
  PID:13392
- C:\Windows\System\oHjBkGo.exe
  C:\Windows\System\oHjBkGo.exe
  2⤵
  PID:13500
- C:\Windows\System\upKIhwC.exe
  C:\Windows\System\upKIhwC.exe
  2⤵
  PID:6776
- C:\Windows\System\WIRrXNo.exe
  C:\Windows\System\WIRrXNo.exe
  2⤵
  PID:13752
- C:\Windows\System\Gcyoyve.exe
  C:\Windows\System\Gcyoyve.exe
  2⤵
  PID:13920
- C:\Windows\System\VxCVVhP.exe
  C:\Windows\System\VxCVVhP.exe
  2⤵
  PID:13984
- C:\Windows\System\UmJehrh.exe
  C:\Windows\System\UmJehrh.exe
  2⤵
  PID:7068
- C:\Windows\System\JDibcQu.exe
  C:\Windows\System\JDibcQu.exe
  2⤵
  PID:14204
- C:\Windows\System\npGtRRm.exe
  C:\Windows\System\npGtRRm.exe
  2⤵
  PID:14328
- C:\Windows\System\FPHMyQm.exe
  C:\Windows\System\FPHMyQm.exe
  2⤵
  PID:13612
- C:\Windows\System\qrdrJdj.exe
  C:\Windows\System\qrdrJdj.exe
  2⤵
  PID:13876
- C:\Windows\System\ioEElub.exe
  C:\Windows\System\ioEElub.exe
  2⤵
  PID:14180
- C:\Windows\System\JhEuvsp.exe
  C:\Windows\System\JhEuvsp.exe
  2⤵
  PID:13736
- C:\Windows\System\KPrQqvo.exe
  C:\Windows\System\KPrQqvo.exe
  2⤵
  PID:14088
- C:\Windows\System\SWmGnZN.exe
  C:\Windows\System\SWmGnZN.exe
  2⤵
  PID:14072
- C:\Windows\System\dMZAYDT.exe
  C:\Windows\System\dMZAYDT.exe
  2⤵
  PID:14360
- C:\Windows\System\sHSdbMG.exe
  C:\Windows\System\sHSdbMG.exe
  2⤵
  PID:14388
- C:\Windows\System\uhlSJcu.exe
  C:\Windows\System\uhlSJcu.exe
  2⤵
  PID:14416
- C:\Windows\System\BchOcXm.exe
  C:\Windows\System\BchOcXm.exe
  2⤵
  PID:14444
- C:\Windows\System\utwNAKM.exe
  C:\Windows\System\utwNAKM.exe
  2⤵
  PID:14472
- C:\Windows\System\AjZBjSQ.exe
  C:\Windows\System\AjZBjSQ.exe
  2⤵
  PID:14500
- C:\Windows\System\EjCHFfE.exe
  C:\Windows\System\EjCHFfE.exe
  2⤵
  PID:14528
- C:\Windows\System\JFvOyvg.exe
  C:\Windows\System\JFvOyvg.exe
  2⤵
  PID:14556
- C:\Windows\System\JYxwtDw.exe
  C:\Windows\System\JYxwtDw.exe
  2⤵
  PID:14584
- C:\Windows\System\TPIUKyF.exe
  C:\Windows\System\TPIUKyF.exe
  2⤵
  PID:14612
- C:\Windows\System\RiZIHDG.exe
  C:\Windows\System\RiZIHDG.exe
  2⤵
  PID:14644
- C:\Windows\System\AcNkaAf.exe
  C:\Windows\System\AcNkaAf.exe
  2⤵
  PID:14672
- C:\Windows\System\fXgqiqT.exe
  C:\Windows\System\fXgqiqT.exe
  2⤵
  PID:14708
- C:\Windows\System\GzdTjKN.exe
  C:\Windows\System\GzdTjKN.exe
  2⤵
  PID:14728
- C:\Windows\System\hACSKrf.exe
  C:\Windows\System\hACSKrf.exe
  2⤵
  PID:14756
- C:\Windows\System\sfmWxJE.exe
  C:\Windows\System\sfmWxJE.exe
  2⤵
  PID:14784
- C:\Windows\System\uepmMER.exe
  C:\Windows\System\uepmMER.exe
  2⤵
  PID:14812
- C:\Windows\System\cLBHnvy.exe
  C:\Windows\System\cLBHnvy.exe
  2⤵
  PID:14840
- C:\Windows\System\EPRnbfX.exe
  C:\Windows\System\EPRnbfX.exe
  2⤵
  PID:14876
- C:\Windows\System\hoPSoNz.exe
  C:\Windows\System\hoPSoNz.exe
  2⤵
  PID:14900
- C:\Windows\System\QJiaftF.exe
  C:\Windows\System\QJiaftF.exe
  2⤵
  PID:14924
- C:\Windows\System\RqlytZC.exe
  C:\Windows\System\RqlytZC.exe
  2⤵
  PID:14952
- C:\Windows\System\njTJQFb.exe
  C:\Windows\System\njTJQFb.exe
  2⤵
  PID:14980
- C:\Windows\System\bnDVDpS.exe
  C:\Windows\System\bnDVDpS.exe
  2⤵
  PID:15008
- C:\Windows\System\snIuRzQ.exe
  C:\Windows\System\snIuRzQ.exe
  2⤵
  PID:15036
- C:\Windows\System\dttBgxU.exe
  C:\Windows\System\dttBgxU.exe
  2⤵
  PID:15064
- C:\Windows\System\dUTclKw.exe
  C:\Windows\System\dUTclKw.exe
  2⤵
  PID:15092
- C:\Windows\System\ByjEyYM.exe
  C:\Windows\System\ByjEyYM.exe
  2⤵
  PID:15120
- C:\Windows\System\bFmkNKQ.exe
  C:\Windows\System\bFmkNKQ.exe
  2⤵
  PID:15148
- C:\Windows\System\foPjVQZ.exe
  C:\Windows\System\foPjVQZ.exe
  2⤵
  PID:15176
- C:\Windows\System\rqnyUyW.exe
  C:\Windows\System\rqnyUyW.exe
  2⤵
  PID:15204
- C:\Windows\System\xGpQWfC.exe
  C:\Windows\System\xGpQWfC.exe
  2⤵
  PID:15232
- C:\Windows\System\HSFomyT.exe
  C:\Windows\System\HSFomyT.exe
  2⤵
  PID:15260
- C:\Windows\System\gQBUxuS.exe
  C:\Windows\System\gQBUxuS.exe
  2⤵
  PID:15288
- C:\Windows\System\ttUHevD.exe
  C:\Windows\System\ttUHevD.exe
  2⤵
  PID:15320
- C:\Windows\System\PbwcHJY.exe
  C:\Windows\System\PbwcHJY.exe
  2⤵
  PID:15348
- C:\Windows\System\kUuokme.exe
  C:\Windows\System\kUuokme.exe
  2⤵
  PID:14372
- C:\Windows\System\BukrjuQ.exe
  C:\Windows\System\BukrjuQ.exe
  2⤵
  PID:14436
- C:\Windows\System\UBpBoVH.exe
  C:\Windows\System\UBpBoVH.exe
  2⤵
  PID:14492
- C:\Windows\System\MZVuvma.exe
  C:\Windows\System\MZVuvma.exe
  2⤵
  PID:14552
- C:\Windows\System\YllPsHJ.exe
  C:\Windows\System\YllPsHJ.exe
  2⤵
  PID:9220
- C:\Windows\System\LvQzFwt.exe
  C:\Windows\System\LvQzFwt.exe
  2⤵
  PID:14656
- C:\Windows\System\NxcWwML.exe
  C:\Windows\System\NxcWwML.exe
  2⤵
  PID:14720
- C:\Windows\System\esYOQZR.exe
  C:\Windows\System\esYOQZR.exe
  2⤵
  PID:14780
- C:\Windows\System\MTAgdfh.exe
  C:\Windows\System\MTAgdfh.exe
  2⤵
  PID:14852
- C:\Windows\System\lDfxEVE.exe
  C:\Windows\System\lDfxEVE.exe
  2⤵
  PID:14912
- C:\Windows\System\TEEfTPC.exe
  C:\Windows\System\TEEfTPC.exe
  2⤵
  PID:14976
- C:\Windows\System\wGvxtsP.exe
  C:\Windows\System\wGvxtsP.exe
  2⤵
  PID:15032
- C:\Windows\System\YApqawK.exe
  C:\Windows\System\YApqawK.exe
  2⤵
  PID:15088
- C:\Windows\System\dfzPEKc.exe
  C:\Windows\System\dfzPEKc.exe
  2⤵
  PID:15160
- C:\Windows\System\Tvagmoz.exe
  C:\Windows\System\Tvagmoz.exe
  2⤵
  PID:15168
- C:\Windows\System\VyGTHHZ.exe
  C:\Windows\System\VyGTHHZ.exe
  2⤵
  PID:15200
- C:\Windows\System\lVTswwX.exe
  C:\Windows\System\lVTswwX.exe
  2⤵
  PID:9448
- C:\Windows\System\ZDCvqRQ.exe
  C:\Windows\System\ZDCvqRQ.exe
  2⤵
  PID:15280
- C:\Windows\System\ceyjFla.exe
  C:\Windows\System\ceyjFla.exe
  2⤵
  PID:7892
- C:\Windows\System\ZiUKFcQ.exe
  C:\Windows\System\ZiUKFcQ.exe
  2⤵
  PID:7948
- C:\Windows\System\ScmRZtC.exe
  C:\Windows\System\ScmRZtC.exe
  2⤵
  PID:9572
- C:\Windows\System\qDoQLmq.exe
  C:\Windows\System\qDoQLmq.exe
  2⤵
  PID:7992
- C:\Windows\System\OqRRlsw.exe
  C:\Windows\System\OqRRlsw.exe
  2⤵
  PID:2544
- C:\Windows\System\oCeikLe.exe
  C:\Windows\System\oCeikLe.exe
  2⤵
  PID:9720
- C:\Windows\System\jjNXdEi.exe
  C:\Windows\System\jjNXdEi.exe
  2⤵
  PID:14716
- C:\Windows\System\FmhDKjZ.exe
  C:\Windows\System\FmhDKjZ.exe
  2⤵
  PID:8084
- C:\Windows\System\KrHuNVs.exe
  C:\Windows\System\KrHuNVs.exe
  2⤵
  PID:8104
- C:\Windows\System\KIXAYRy.exe
  C:\Windows\System\KIXAYRy.exe
  2⤵
  PID:8132
- C:\Windows\System\drguyvS.exe
  C:\Windows\System\drguyvS.exe
  2⤵
  PID:15028
- C:\Windows\System\LkZHLOc.exe
  C:\Windows\System\LkZHLOc.exe
  2⤵
  PID:9896
- C:\Windows\System\MapavqS.exe
  C:\Windows\System\MapavqS.exe
  2⤵
  PID:6288
- C:\Windows\System\kdvOuJT.exe
  C:\Windows\System\kdvOuJT.exe
  2⤵
  PID:15196
- C:\Windows\System\lFjtpWs.exe
  C:\Windows\System\lFjtpWs.exe
  2⤵
  PID:9456
- C:\Windows\System\CjgHKWm.exe
  C:\Windows\System\CjgHKWm.exe
  2⤵
  PID:15308
- C:\Windows\System\lyefwFA.exe
  C:\Windows\System\lyefwFA.exe
  2⤵
  PID:4964
- C:\Windows\System\oCxDRQb.exe
  C:\Windows\System\oCxDRQb.exe
  2⤵
  PID:14400
- C:\Windows\System\YQQEsZL.exe
  C:\Windows\System\YQQEsZL.exe
  2⤵
  PID:10080
- C:\Windows\System\XgDLVBD.exe
  C:\Windows\System\XgDLVBD.exe
  2⤵
  PID:9604
- C:\Windows\System\XExPTnj.exe
  C:\Windows\System\XExPTnj.exe
  2⤵
  PID:14608
- C:\Windows\System\BPVUkoj.exe
  C:\Windows\System\BPVUkoj.exe
  2⤵
  PID:10224
- C:\Windows\System\JsNbpMF.exe
  C:\Windows\System\JsNbpMF.exe
  2⤵
  PID:7600
- C:\Windows\System\icXhKNC.exe
  C:\Windows\System\icXhKNC.exe
  2⤵
  PID:7672
- C:\Windows\System\dwocaGk.exe
  C:\Windows\System\dwocaGk.exe
  2⤵
  PID:8140
- C:\Windows\System\hZRhItc.exe
  C:\Windows\System\hZRhItc.exe
  2⤵
  PID:4948
- C:\Windows\System\GoCLMhj.exe
  C:\Windows\System\GoCLMhj.exe
  2⤵
  PID:9900
- C:\Windows\System\wQDmIIO.exe
  C:\Windows\System\wQDmIIO.exe
  2⤵
  PID:9364
- C:\Windows\System\cbkGkPn.exe
  C:\Windows\System\cbkGkPn.exe
  2⤵
  PID:15224
- C:\Windows\System\NdveQlf.exe
  C:\Windows\System\NdveQlf.exe
  2⤵
  PID:15312
- C:\Windows\System\jBODedA.exe
  C:\Windows\System\jBODedA.exe
  2⤵
  PID:7284
- C:\Windows\System\zwmPFCP.exe
  C:\Windows\System\zwmPFCP.exe
  2⤵
  PID:13704
- C:\Windows\System\KuWiJOe.exe
  C:\Windows\System\KuWiJOe.exe
  2⤵
  PID:9652
- C:\Windows\System\pHSmOUK.exe
  C:\Windows\System\pHSmOUK.exe
  2⤵
  PID:10212
- C:\Windows\System\CMXMpFE.exe
  C:\Windows\System\CMXMpFE.exe
  2⤵
  PID:10236
- C:\Windows\System\DEsNuMl.exe
  C:\Windows\System\DEsNuMl.exe
  2⤵
  PID:9988
- C:\Windows\System\OanYMdF.exe
  C:\Windows\System\OanYMdF.exe
  2⤵
  PID:7756
- C:\Windows\System\mLJaaNe.exe
  C:\Windows\System\mLJaaNe.exe
  2⤵
  PID:7964
- C:\Windows\System\VABldrF.exe
  C:\Windows\System\VABldrF.exe
  2⤵
  PID:8136
- C:\Windows\System\RcHYWRx.exe
  C:\Windows\System\RcHYWRx.exe
  2⤵
  PID:7788
- C:\Windows\System\hjouOSH.exe
  C:\Windows\System\hjouOSH.exe
  2⤵
  PID:7700
- C:\Windows\System\BPpZdAf.exe
  C:\Windows\System\BPpZdAf.exe
  2⤵
  PID:5096
- C:\Windows\System\evKRNON.exe
  C:\Windows\System\evKRNON.exe
  2⤵
  PID:8240
- C:\Windows\System\uILqWQX.exe
  C:\Windows\System\uILqWQX.exe
  2⤵
  PID:9732
- C:\Windows\System\QhEDuiQ.exe
  C:\Windows\System\QhEDuiQ.exe
  2⤵
  PID:9716
- C:\Windows\System\nERpMoi.exe
  C:\Windows\System\nERpMoi.exe
  2⤵
  PID:7628
- C:\Windows\System\rjvQKva.exe
  C:\Windows\System\rjvQKva.exe
  2⤵
  PID:10192
- C:\Windows\System\yMRIqSO.exe
  C:\Windows\System\yMRIqSO.exe
  2⤵
  PID:2112
- C:\Windows\System\GDdGgbj.exe
  C:\Windows\System\GDdGgbj.exe
  2⤵
  PID:15144
- C:\Windows\System\RMsRFNS.exe
  C:\Windows\System\RMsRFNS.exe
  2⤵
  PID:4768
- C:\Windows\System\MVAsOvM.exe
  C:\Windows\System\MVAsOvM.exe
  2⤵
  PID:4312
- C:\Windows\System\BFkPzNE.exe
  C:\Windows\System\BFkPzNE.exe
  2⤵
  PID:9588
- C:\Windows\System\KJyEIEO.exe
  C:\Windows\System\KJyEIEO.exe
  2⤵
  PID:7404
- C:\Windows\System\xiidjtI.exe
  C:\Windows\System\xiidjtI.exe
  2⤵
  PID:7568
- C:\Windows\System\YttjjcJ.exe
  C:\Windows\System\YttjjcJ.exe
  2⤵
  PID:3920
- C:\Windows\System\OUEUxNT.exe
  C:\Windows\System\OUEUxNT.exe
  2⤵
  PID:9996
- C:\Windows\System\ddjqfZp.exe
  C:\Windows\System\ddjqfZp.exe
  2⤵
  PID:10288
- C:\Windows\System\NIJzlYC.exe
  C:\Windows\System\NIJzlYC.exe
  2⤵
  PID:1884
- C:\Windows\System\MYMZtti.exe
  C:\Windows\System\MYMZtti.exe
  2⤵
  PID:9684
- C:\Windows\System\xfzinqI.exe
  C:\Windows\System\xfzinqI.exe
  2⤵
  PID:8220
- C:\Windows\System\YqVIEQj.exe
  C:\Windows\System\YqVIEQj.exe
  2⤵
  PID:10176
- C:\Windows\System\CuWXaby.exe
  C:\Windows\System\CuWXaby.exe
  2⤵
  PID:8548
- C:\Windows\System\FdzVQEG.exe
  C:\Windows\System\FdzVQEG.exe
  2⤵
  PID:10252
- C:\Windows\System\fjJKCAw.exe
  C:\Windows\System\fjJKCAw.exe
  2⤵
  PID:10444
- C:\Windows\System\XYBMXSZ.exe
  C:\Windows\System\XYBMXSZ.exe
  2⤵
  PID:8816
- C:\Windows\System\tEFVvJi.exe
  C:\Windows\System\tEFVvJi.exe
  2⤵
  PID:10528
- C:\Windows\System\ppMrLQD.exe
  C:\Windows\System\ppMrLQD.exe
  2⤵
  PID:8676
- C:\Windows\System\DrECwrl.exe
  C:\Windows\System\DrECwrl.exe
  2⤵
  PID:6176
- C:\Windows\System\eyXHkhQ.exe
  C:\Windows\System\eyXHkhQ.exe
  2⤵
  PID:10592
- C:\Windows\System\IudfcXT.exe
  C:\Windows\System\IudfcXT.exe
  2⤵
  PID:8788
- C:\Windows\System\LkAVceg.exe
  C:\Windows\System\LkAVceg.exe
  2⤵
  PID:10660
- C:\Windows\System\PbaatRu.exe
  C:\Windows\System\PbaatRu.exe
  2⤵
  PID:8900
- C:\Windows\System\PudQzjf.exe
  C:\Windows\System\PudQzjf.exe
  2⤵
  PID:10556
- C:\Windows\System\igihACX.exe
  C:\Windows\System\igihACX.exe
  2⤵
  PID:9096
- C:\Windows\System\QjXypKz.exe
  C:\Windows\System\QjXypKz.exe
  2⤵
  PID:8984
- C:\Windows\System\qjaphkt.exe
  C:\Windows\System\qjaphkt.exe
  2⤵
  PID:9180
- C:\Windows\System\pXdrqeQ.exe
  C:\Windows\System\pXdrqeQ.exe
  2⤵
  PID:9208
- C:\Windows\System\ofQDpdx.exe
  C:\Windows\System\ofQDpdx.exe
  2⤵
  PID:10912
- C:\Windows\System\EOTRhHb.exe
  C:\Windows\System\EOTRhHb.exe
  2⤵
  PID:9116
- C:\Windows\System\aDLXiMC.exe
  C:\Windows\System\aDLXiMC.exe
  2⤵
  PID:10948
- C:\Windows\System\vDtDKLU.exe
  C:\Windows\System\vDtDKLU.exe
  2⤵
  PID:8080
- C:\Windows\System\fudHOyp.exe
  C:\Windows\System\fudHOyp.exe
  2⤵
  PID:8424
- C:\Windows\System\xodSENA.exe
  C:\Windows\System\xodSENA.exe
  2⤵
  PID:8244
- C:\Windows\System\fvYhvww.exe
  C:\Windows\System\fvYhvww.exe
  2⤵
  PID:11116
- C:\Windows\System\bONbDuB.exe
  C:\Windows\System\bONbDuB.exe
  2⤵
  PID:8828
- C:\Windows\System\oTVtbgQ.exe
  C:\Windows\System\oTVtbgQ.exe
  2⤵
  PID:4796
- C:\Windows\System\cywPTuo.exe
  C:\Windows\System\cywPTuo.exe
  2⤵
  PID:8252
- C:\Windows\System\IOUVauh.exe
  C:\Windows\System\IOUVauh.exe
  2⤵
  PID:4496
- C:\Windows\System\meghNvF.exe
  C:\Windows\System\meghNvF.exe
  2⤵
  PID:11204
- C:\Windows\System\GmmCOQv.exe
  C:\Windows\System\GmmCOQv.exe
  2⤵
  PID:11220
- C:\Windows\System\RNThQQn.exe
  C:\Windows\System\RNThQQn.exe
  2⤵
  PID:1528
- C:\Windows\System\EEbYgVC.exe
  C:\Windows\System\EEbYgVC.exe
  2⤵
  PID:15376
- C:\Windows\System\zOueQQc.exe
  C:\Windows\System\zOueQQc.exe
  2⤵
  PID:15404
- C:\Windows\System\UenSdGY.exe
  C:\Windows\System\UenSdGY.exe
  2⤵
  PID:15432
- C:\Windows\System\ILtTzYO.exe
  C:\Windows\System\ILtTzYO.exe
  2⤵
  PID:15460
- C:\Windows\System\IOXhNQF.exe
  C:\Windows\System\IOXhNQF.exe
  2⤵
  PID:15488
- C:\Windows\System\BMLToHl.exe
  C:\Windows\System\BMLToHl.exe
  2⤵
  PID:15516
- C:\Windows\System\VusGEsT.exe
  C:\Windows\System\VusGEsT.exe
  2⤵
  PID:15544
- C:\Windows\System\PpmPUBK.exe
  C:\Windows\System\PpmPUBK.exe
  2⤵
  PID:15572
- C:\Windows\System\qQUNGHu.exe
  C:\Windows\System\qQUNGHu.exe
  2⤵
  PID:15600
- C:\Windows\System\RwLQUmo.exe
  C:\Windows\System\RwLQUmo.exe
  2⤵
  PID:15628
- C:\Windows\System\OZnZaVR.exe
  C:\Windows\System\OZnZaVR.exe
  2⤵
  PID:15656
- C:\Windows\System\ZadQvXN.exe
  C:\Windows\System\ZadQvXN.exe
  2⤵
  PID:15684
- C:\Windows\System\BlcPAYs.exe
  C:\Windows\System\BlcPAYs.exe
  2⤵
  PID:15712
- C:\Windows\System\vzjEQGQ.exe
  C:\Windows\System\vzjEQGQ.exe
  2⤵
  PID:15744
- C:\Windows\System\BeCiWkv.exe
  C:\Windows\System\BeCiWkv.exe
  2⤵
  PID:15772
- C:\Windows\System\UpbDAkt.exe
  C:\Windows\System\UpbDAkt.exe
  2⤵
  PID:15800
- C:\Windows\System\imfnNKs.exe
  C:\Windows\System\imfnNKs.exe
  2⤵
  PID:15828
- C:\Windows\System\bKnFTDu.exe
  C:\Windows\System\bKnFTDu.exe
  2⤵
  PID:15856
- C:\Windows\System\deayBpt.exe
  C:\Windows\System\deayBpt.exe
  2⤵
  PID:15896
- C:\Windows\System\HsCzXLR.exe
  C:\Windows\System\HsCzXLR.exe
  2⤵
  PID:15916
- C:\Windows\System\demPebQ.exe
  C:\Windows\System\demPebQ.exe
  2⤵
  PID:15948
- C:\Windows\System\RrCNwJH.exe
  C:\Windows\System\RrCNwJH.exe
  2⤵
  PID:15968
- C:\Windows\System\GERfZRL.exe
  C:\Windows\System\GERfZRL.exe
  2⤵
  PID:15996
- C:\Windows\System\fRBLocy.exe
  C:\Windows\System\fRBLocy.exe
  2⤵
  PID:16024
- C:\Windows\System\PuyaJSr.exe
  C:\Windows\System\PuyaJSr.exe
  2⤵
  PID:16052
- C:\Windows\System\elPLUNX.exe
  C:\Windows\System\elPLUNX.exe
  2⤵
  PID:16080
- C:\Windows\System\cDjAabw.exe
  C:\Windows\System\cDjAabw.exe
  2⤵
  PID:16108
- C:\Windows\System\SElcosx.exe
  C:\Windows\System\SElcosx.exe
  2⤵
  PID:16136
- C:\Windows\System\iyegnYK.exe
  C:\Windows\System\iyegnYK.exe
  2⤵
  PID:16164
- C:\Windows\System\AcrNAng.exe
  C:\Windows\System\AcrNAng.exe
  2⤵
  PID:16192
- C:\Windows\System\vTRhIPO.exe
  C:\Windows\System\vTRhIPO.exe
  2⤵
  PID:16220
- C:\Windows\System\TcWJCvx.exe
  C:\Windows\System\TcWJCvx.exe
  2⤵
  PID:16248
- C:\Windows\System\JWKEEPw.exe
  C:\Windows\System\JWKEEPw.exe
  2⤵
  PID:16276
- C:\Windows\System\MmrprHB.exe
  C:\Windows\System\MmrprHB.exe
  2⤵
  PID:16304
- C:\Windows\System\mbikNCl.exe
  C:\Windows\System\mbikNCl.exe
  2⤵
  PID:16332
- C:\Windows\System\GmEBXjN.exe
  C:\Windows\System\GmEBXjN.exe
  2⤵
  PID:16360
- C:\Windows\System\PnkPfCd.exe
  C:\Windows\System\PnkPfCd.exe
  2⤵
  PID:8836
- C:\Windows\System\OFgAwrY.exe
  C:\Windows\System\OFgAwrY.exe
  2⤵
  PID:10472
- C:\Windows\System\ngvjMvA.exe
  C:\Windows\System\ngvjMvA.exe
  2⤵
  PID:15428
- C:\Windows\System\DCDLlRe.exe
  C:\Windows\System\DCDLlRe.exe
  2⤵
  PID:15480
- C:\Windows\System\wchKIkM.exe
  C:\Windows\System\wchKIkM.exe
  2⤵
  PID:15508
- C:\Windows\System\sykngBF.exe
  C:\Windows\System\sykngBF.exe
  2⤵
  PID:10844
- C:\Windows\System\Hhpdxel.exe
  C:\Windows\System\Hhpdxel.exe
  2⤵
  PID:15612
- C:\Windows\System\JXZSSti.exe
  C:\Windows\System\JXZSSti.exe
  2⤵
  PID:15652
- C:\Windows\System\BPuJpdd.exe
  C:\Windows\System\BPuJpdd.exe
  2⤵
  PID:15728
- C:\Windows\System\wCRIYdi.exe
  C:\Windows\System\wCRIYdi.exe
  2⤵
  PID:15792
- C:\Windows\System\nCilzvP.exe
  C:\Windows\System\nCilzvP.exe
  2⤵
  PID:15848
- C:\Windows\System\ZGVHpDu.exe
  C:\Windows\System\ZGVHpDu.exe
  2⤵
  PID:15880
- C:\Windows\System\SgZBWWt.exe
  C:\Windows\System\SgZBWWt.exe
  2⤵
  PID:15924
- C:\Windows\System\xjsFVAj.exe
  C:\Windows\System\xjsFVAj.exe
  2⤵
  PID:220
- C:\Windows\System\wNJGInh.exe
  C:\Windows\System\wNJGInh.exe
  2⤵
  PID:9196
- C:\Windows\System\sOtLDUv.exe
  C:\Windows\System\sOtLDUv.exe
  2⤵
  PID:16016
- C:\Windows\System\NTlcaBc.exe
  C:\Windows\System\NTlcaBc.exe
  2⤵
  PID:16064
- C:\Windows\System\KKlimtM.exe
  C:\Windows\System\KKlimtM.exe
  2⤵
  PID:8248
- C:\Windows\System\aLHDCrb.exe
  C:\Windows\System\aLHDCrb.exe
  2⤵
  PID:16120
- C:\Windows\System\ZIjRkkq.exe
  C:\Windows\System\ZIjRkkq.exe
  2⤵
  PID:16148
- C:\Windows\System\BJHlYjt.exe
  C:\Windows\System\BJHlYjt.exe
  2⤵
  PID:16184
- C:\Windows\System\GoktIOp.exe
  C:\Windows\System\GoktIOp.exe
  2⤵
  PID:3136
- C:\Windows\System\JHFfTxj.exe
  C:\Windows\System\JHFfTxj.exe
  2⤵
  PID:16296
- C:\Windows\System\QmYyLda.exe
  C:\Windows\System\QmYyLda.exe
  2⤵
  PID:16328
- C:\Windows\System\NAhZSWy.exe
  C:\Windows\System\NAhZSWy.exe
  2⤵
  PID:2316
- C:\Windows\System\vixVOva.exe
  C:\Windows\System\vixVOva.exe
  2⤵
  PID:4576
- C:\Windows\System\MkNzSEi.exe
  C:\Windows\System\MkNzSEi.exe
  2⤵
  PID:10536
- C:\Windows\System\HrfkwZU.exe
  C:\Windows\System\HrfkwZU.exe
  2⤵
  PID:10748
- C:\Windows\System\hyIRSCW.exe
  C:\Windows\System\hyIRSCW.exe
  2⤵
  PID:10956
- C:\Windows\System\ceEHWIX.exe
  C:\Windows\System\ceEHWIX.exe
  2⤵
  PID:7560
- C:\Windows\System\FvncXSA.exe
  C:\Windows\System\FvncXSA.exe
  2⤵
  PID:9144
- C:\Windows\System\pchqrsp.exe
  C:\Windows\System\pchqrsp.exe
  2⤵
  PID:11552
- C:\Windows\System\nMzsrRJ.exe
  C:\Windows\System\nMzsrRJ.exe
  2⤵
  PID:11600
- C:\Windows\System\NDRvzkn.exe
  C:\Windows\System\NDRvzkn.exe
  2⤵
  PID:15840
- C:\Windows\System\gQvWMvH.exe
  C:\Windows\System\gQvWMvH.exe
  2⤵
  PID:11064
- C:\Windows\System\HmcTpHO.exe
  C:\Windows\System\HmcTpHO.exe
  2⤵
  PID:15956
- C:\Windows\System\lHivFTX.exe
  C:\Windows\System\lHivFTX.exe
  2⤵
  PID:7172
- C:\Windows\System\TyyqUJc.exe
  C:\Windows\System\TyyqUJc.exe
  2⤵
  PID:9092
- C:\Windows\System\MPwWTvn.exe
  C:\Windows\System\MPwWTvn.exe
  2⤵
  PID:10688
- C:\Windows\System\IuKrMQh.exe
  C:\Windows\System\IuKrMQh.exe
  2⤵
  PID:11848
- C:\Windows\System\fiEnWoA.exe
  C:\Windows\System\fiEnWoA.exe
  2⤵
  PID:16380
- C:\Windows\System\rdnefKV.exe
  C:\Windows\System\rdnefKV.exe
  2⤵
  PID:16232
- C:\Windows\System\uzVFClj.exe
  C:\Windows\System\uzVFClj.exe
  2⤵
  PID:11952
- C:\Windows\System\sLzOsoS.exe
  C:\Windows\System\sLzOsoS.exe
  2⤵
  PID:11980
- C:\Windows\System\KusPMIs.exe
  C:\Windows\System\KusPMIs.exe
  2⤵
  PID:2600
- C:\Windows\System\AvKkwyK.exe
  C:\Windows\System\AvKkwyK.exe
  2⤵
  PID:12072
- C:\Windows\System\uYndLYW.exe
  C:\Windows\System\uYndLYW.exe
  2⤵
  PID:11456
- C:\Windows\System\jLnVWIc.exe
  C:\Windows\System\jLnVWIc.exe
  2⤵
  PID:15640
- C:\Windows\System\gEaCyOR.exe
  C:\Windows\System\gEaCyOR.exe
  2⤵
  PID:11528
- C:\Windows\System\kRNoBzH.exe
  C:\Windows\System\kRNoBzH.exe
  2⤵
  PID:15820
- C:\Windows\System\sjHYIca.exe
  C:\Windows\System\sjHYIca.exe
  2⤵
  PID:12260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AqlHtlk.exe

Filesize
6.0MB

MD5
532b0d081b302d7d7ca016843ae52af7

SHA1
b2238e99da9eee7cf8645fe369948d1f28095df8

SHA256
3a9953b1ff435dcfa883036322347ead11bb3ab2d5215ee1f72f82fb12a6d84b

SHA512
981437fc9d018da892f908c7a75f356fbc66b22dd1a53878df12c48b42adb973bb19aee012a01639ec8c6badc066af7cdcd82e1235694d0500b131bcdc65664f

Download Submit
C:\Windows\System\BYcjkep.exe

Filesize
6.0MB

MD5
d571f9850b0c2cda4f5884c3f2edbb59

SHA1
b63eab7eb867be0a1d52c455c799ad4d524a96f7

SHA256
bcbf664ba931701ff4d1c37c571640e014dfc57d8ceefcbced46680348270389

SHA512
85af209c47a436bb8560bc137c46671655311830596db6eea1bd2698e94298ce1d363b044ce89ff048a20d666d1c134055b0888495522011195350556602ea50

Download Submit
C:\Windows\System\CkcqeDy.exe

Filesize
6.0MB

MD5
9728669690010491bdb2c706bd73f5ba

SHA1
905b4a0561e2d02f71ffa0d72d199edbe479c622

SHA256
61520acfde5361607c3d84a1ba9f18a613ee51d087c845ccfeb683100c75eb3e

SHA512
1ae5647da503cd417ebc9e187fca0bec979afb04211248bf07a19ec08b35243db8947a3e3e699513fdde26f8247fe256f1f2a0513bea35f2e8642d8a72c4658b

Download Submit
C:\Windows\System\DIxiUTf.exe

Filesize
6.0MB

MD5
21dc06952f266165453c73e9b8f4a795

SHA1
43fc0da7d2738978a8659ba5846e2d9f58389568

SHA256
2df64f5ee0cc3f956f3e439294c2d71b4aacdd958247b6d8d44a5a1cf7b7fe6d

SHA512
a88629406d8668e7e11e050269dc0764b427d92f04fce421f12626bde9c40e3139199afec2c2c935551d7859eddcd4206485eaa513afdcb733dfb5db20501877

Download Submit
C:\Windows\System\FzWygUa.exe

Filesize
6.0MB

MD5
e53e7a43c8dd748f76c067fff2038679

SHA1
1b287db5b36be6695ce02892e984a451c189811e

SHA256
5b799a857566d88a10179a1b5b96571be402ad74a009dd8aaf0715caeec9a6b1

SHA512
cdb5ce3aa154f37867a980a752734116a9a043efc70826428e393bdfb856cccd43477ef4771ddbd564122db00450852bae591b2820a50e0aec2671e0191b7a99

Download Submit
C:\Windows\System\GqllWiG.exe

Filesize
6.0MB

MD5
eb2e9f0bcebb7570ce4328dd5cea3a32

SHA1
e2e8965183a6355344236c1f88ff524dc4816d73

SHA256
d123bdf8bb91cfe62bec401629d541abcbe2902005634195a4ff5b66ad0ea1c5

SHA512
83f41ef3d3b1a47231f4b3e0b682ca7b4275523b21a1d4e386882524f76f77bf56fcf51c67d96aedcb1328779ee8e8053a7a3ff93233cecb1d2998302b35de24

Download Submit
C:\Windows\System\IpikkNT.exe

Filesize
6.0MB

MD5
d7aac3675a24ac09b18585e1374f8183

SHA1
da63264fd2d9a0f8e795a7bb736e67e3c32850a1

SHA256
ae7993b36e81088a46e4e8be28b4fe01ffbf6e4ecaa8d3f9cd7b85f7349055a1

SHA512
073fdf7bed5e9b74fc89112c7d415139cd6c48e13421a1d74e2ed578c40d0109e1eb40d524304285c434252211164b5fbd8a534836e70e1ac0f256518cd286f2

Download Submit
C:\Windows\System\MGtpoqi.exe

Filesize
6.0MB

MD5
68db52d7143c7d9eede0c9ed58e2965b

SHA1
2337994ff5a2013b01dbd1ff1fa9dcf4ffdc1c7d

SHA256
61717489a0d62785cc167f64ee6ef8521c600ed9d6e8b7adee6b0cc199a72c10

SHA512
1b59be990243525d0ec4363415660fcd6b66d91aa17cd950fdd29bebda2a6d3cf7ff0042c3fecec18e4c4127785bdd66b599eefb18b5f35a3f05a8d636f3cc6c

Download Submit
C:\Windows\System\PhwjhpE.exe

Filesize
6.0MB

MD5
818d4231b2fd7d4da377ec6396c63023

SHA1
a5ffaa8379276925b11c7cbc7ff17e05b027c105

SHA256
8b562f2d61c58239da7b86166660e38b905188558f22844842993ca593d8f094

SHA512
9cfa5c3c5b0fce5fc1cbc160eaf3b04ab1721d4fa76d4d3e002955502f61782494caf301049cd4ef3ae45d90eb8afc8e8efca9f46137c66883de703e209cbb8e

Download Submit
C:\Windows\System\QWlcept.exe

Filesize
6.0MB

MD5
99a691392e1e48dafd785f416e73c65c

SHA1
ea6baabdab5f64e7b887c5fd222ecbccd5753768

SHA256
07391716e5076cc28102a3070dbd9c2d39eea3a06abd33283963175486559a1d

SHA512
287a730718818391b467121ac2a55ecb6ee6a638a98704ea161ba1553afef40eb03c83da3414eba0a172eaae00e942d860317dfc9d8d8296be73260a5502efce

Download Submit
C:\Windows\System\QhAtfLu.exe

Filesize
6.0MB

MD5
0497719cc740b84c9aa413a42f39ff00

SHA1
ee0914795fabda2989db154706f689d357a97f84

SHA256
c3ab18c47c12a2160788d79d42dfc8f6c97eeb8f521ef54773d32f444f3fbbd7

SHA512
2dea5f7b6c41d499fcb36435f6be2f965707af45c0b33852dac1e3d9a83feb6986de4b2d749bf55a35ee3c46ae3e274589b2715fe1d7fce5c6ca0210718be938

Download Submit
C:\Windows\System\SUNJOKz.exe

Filesize
6.0MB

MD5
c14f979e2f304ab21b6285a9607d7e46

SHA1
2758cb800cd17b166a88145c259e05c5bdddc8ea

SHA256
76454228d1730bfc70c2929876798dd471b8c371220220dfd5895307d9a6ff4f

SHA512
bc285121b17558829e684afb7cb4058a0cbc3a039be2e1156db07e2d6582b4f7d4172f0a3f93ad298b6bd3b1bae0c908aed4499eefa23ddc2affb67bd9ccffbf

Download Submit
C:\Windows\System\TdJuhmI.exe

Filesize
6.0MB

MD5
75d979a62a9016a69f1b39cb17d32046

SHA1
8761fdbe971d2c7c5391f522028b9e5fbad22832

SHA256
36c656347b94b0c7e7615435026405235cad4588a2f99e87a8fffd77c207b70e

SHA512
9b3cfd14eb95bb9805afc3d335cbec9af39ee32f374424b7f7ab5136f36863ebb9f31dcf876f7760cc6359d170d44183cf8868dfb0ef084b05ff7a1ae08c71eb

Download Submit
C:\Windows\System\WygHxqu.exe

Filesize
6.0MB

MD5
963dcc1c91ede0d05ed290b9cd246505

SHA1
4fe74eb962c3f18fcfa8d7089b109d949af363d7

SHA256
fed2eb460c3f7fde666b0590431096bc83879d69cfdf22e2255bc4c6baaec495

SHA512
d4105f528c8fe29ff7f80dd8c5bf6020ae9101feaacc90a154360b13e19d23de80eb5c4034a4b7ccfbe8e0e188f54ab6d9927e9deb330a525043ee6463aecaf7

Download Submit
C:\Windows\System\XJRmdIp.exe

Filesize
6.0MB

MD5
04bdcab52ab921776fc4aa04918e24aa

SHA1
d7bb800715c96a4bfdbd221b876d9e01ac43574b

SHA256
4bf9345d4e9343e45badafcb5a8d8db685d28d82ab6b4b6e8e28653ce34d98a8

SHA512
6af5c15bbce8644df657d726d6bc85e29b0b1be944fe4c26045e8cfb0445a7d485378002cdafc9bbab66fc4ec511278f9434785a7b43d5da455e87022f10c258

Download Submit
C:\Windows\System\XUAZxZl.exe

Filesize
6.0MB

MD5
bd826be85ea30c43767259a493efc8e2

SHA1
4678c79709c9b1e46353ac63dfac11fdc0035368

SHA256
bf94eb8bd7ec5f19799d7e03af7be96d344ec609f542123f057e5abc95f6243a

SHA512
6dbeb4dd99201ec3859f074e439e0943916b2d91fd0d41a0bf8948e826565c92afe673e70c4f51c505cd7f4a14c66c06159380731683cdb484579ab2f72b7553

Download Submit
C:\Windows\System\XXaCmdZ.exe

Filesize
6.0MB

MD5
2f4e1ae4bdd900fd5050fb3ffbd0623b

SHA1
fcec0383dc33ad163574845022511a9db3261b90

SHA256
624f4864f44862c9cd19fab1e1495e82a56d070efbd856bac0baaec76a13f142

SHA512
ccaa3f179457dede27be76d90da16ae9a7a583384a552e2df30441b280baff79670274b335812368e313ece0ec2e1794ae65e6a3127fb1da12145209afcf0d6a

Download Submit
C:\Windows\System\XpOcvZv.exe

Filesize
6.0MB

MD5
38e4644700c07a04c26700367146658b

SHA1
3d0e500ecff51360e4690cd361c050fb26d9c41f

SHA256
0b8ce30988a8e53986a9bab2e1ed768c235361b855d63496a170ba7d35d2eb1a

SHA512
ce70cf6473f70a131a1edb694f83ccaabc73ec8f9c93e2f7aef9a3062ccd160b9078a382ce04cfaed7ebae0e351d5115e5f847ba2985e39568a0ad0cec84d763

Download Submit
C:\Windows\System\bRjKGyI.exe

Filesize
6.0MB

MD5
a44d372c7cf78e986f600df242e5597b

SHA1
d679bb2d5ec83ff7b7192e8e524d7034e85a221b

SHA256
362bc6c06a68a4c49f01a22f9d0ec8cb915deeb7f5532f72c61ad2699add57de

SHA512
89c5e5537dafeb44d183d31c9a797abce2d6a361c3b6152163a05d93cf1ed654ae24e5dbf21954e7ea3adb0afeb85f3e09644d5c4c77fb6ae1304314f33da849

Download Submit
C:\Windows\System\cOKNvhI.exe

Filesize
6.0MB

MD5
35f1bd56777f3d0460d756ff2c348e43

SHA1
412505ed96c299c43e4dd5e4c46c143c64fac506

SHA256
b41433996d285f8e80d1f8eef5898512940861a55b203f3e8152719681febcd2

SHA512
9e47fcc0dcb6f1e7b0274fb3b7cddfe1dad4f63200d8cbe4d60a6a1049c127b44119dae630dcf309d255f26fef2907e1ae9f978f8c776900ce47a6ce50a5161d

Download Submit
C:\Windows\System\eLgftIv.exe

Filesize
6.0MB

MD5
e725a88a5b09a2dd37e96c386090119c

SHA1
471493127a616489b838e4c4e4ed19b0a5996d65

SHA256
4fa39fb6ff9785372a28bfac17e7938204edfa15b73af00bfcc7068bf84d949f

SHA512
e7911e09811dbf769c734b8bd1160280cd191deb6e024ddb3d592b69c8c2e1eab8113be52dddf3e5bd36da0e880ba29c84babc6aaa723fedceabc32e18d04d39

Download Submit
C:\Windows\System\hMPynNi.exe

Filesize
6.0MB

MD5
602cc1873cc24ab965c96a460ce7a910

SHA1
54c0103fa36c060cd6e85478c427e45869f3e31a

SHA256
0f27d1ac604f2ab2806ff85ba98d2b04fd0269ea32ba55a5263df55dbcfeb224

SHA512
bca415acf66a813d5fb54475739dff6e4dfb72fdc1730c1ee9e9448790f3481523960b94cff755be050e6e769a1ddefdaeefd2f8eefdc0098cf5b7237c1299bd

Download Submit
C:\Windows\System\hbPRLqt.exe

Filesize
6.0MB

MD5
a9b5f356ed4053eb1f1f214a72d6fb3a

SHA1
c1040edb96720938c755da002adc155deb1b6558

SHA256
198f06df4fbb42b7d1da0b15e1b991f75960156d034f854eeb77161b3b350bfb

SHA512
ebcc38241e0546277d081d5462c719a9a6d442a1ae65a6be6ba340e8584302a79994f65a5f3a2e420c254c6a74ab916bb28ea18fffbb60592c87fba33ded2d85

Download Submit
C:\Windows\System\mfvsAYS.exe

Filesize
6.0MB

MD5
a63495596b68d1937e0d4f3883af17ed

SHA1
51b924d740f8e372e895a843bb2027f01ad84bbd

SHA256
c1c50837f041707828751515172df56e07a7170f360ff9b4e8da3630c5751901

SHA512
04102a0b1ce84bcbd2456ce6dda76a41b8805651f07c611855c1898ba8515c5457c012c3ca27b389be9a17ef5a2501db34230d735bad3097e023a5dc12ecc315

Download Submit
C:\Windows\System\oBDrfFA.exe

Filesize
6.0MB

MD5
8d6bd3cf6c008357d0464461ed608e04

SHA1
406ff6b5acffb6499a5558b6e5718715dd2c96d3

SHA256
90456bd68ed98998b78281af55e29661932f37f441f7042aea46a6fa951e229c

SHA512
f57fb2d50fc5de56c99f59d1b31d7b4840f5485537c22404c060d167ee09ec98e39217a95c32a1ebcba6afa695ae418e181cf3b1c5928cc1e28016976b174339

Download Submit
C:\Windows\System\pOZEEjh.exe

Filesize
6.0MB

MD5
fbf6406bb36582fd8c229faa6600ac63

SHA1
5e0e56b934e21370752c35d5f3fe8c0878532647

SHA256
75699612f0b44d844013ed490622e7f0cea711866f2437e077506d5b74c7a014

SHA512
5001aa9841da24b1433bb05f1accda759e665c1117dd37036190a6dfe7c46cb2794ee027428291a4868abe953789c5b105aac6eeb67fa1754fd1f137d5a68de0

Download Submit
C:\Windows\System\qvlWOAf.exe

Filesize
6.0MB

MD5
d6644940b2a670dabf9afb9505b6b879

SHA1
85e9ee9ec9d0ac347ea6eef842c1661e706d9f50

SHA256
b5df0575f4a9e1d652ea4c4326016e96b787bdd7938912307b625887991c1846

SHA512
4c95eb12b28d9f98605ff260ee504678ead845828018bebfdc76c8a4652a1f2a65a7af0d909f147079ee7cc0e29bb11d981b7e335542d7f76cd518a362516a5b

Download Submit
C:\Windows\System\uATBOWC.exe

Filesize
6.0MB

MD5
a5fefa381de64060528a8a587d9346af

SHA1
fa5d27ee2311cc50332d918b63ae31b8b95429fa

SHA256
98bffcc8284c29c9de0bb952d9b42f5a10954d186085e9ed3b61858a63f798ef

SHA512
5742e3ab75284d12a18cfd56b6219f745302ef413eed0543daaad232c27fe5bf90a471b6665dd2a71616e58c5901050a9f2d8b58b33bf7475e51226b286e6d3c

Download Submit
C:\Windows\System\uwFiNxb.exe

Filesize
6.0MB

MD5
2a9ba4a3188570462ea2ad3207de032b

SHA1
9ca7e805f76130e53865dd822cb8d74ff0d3faf3

SHA256
592ee851886e0ca3a9f65ae5f8e100dcd505d895f31cb64e296f4bdc7a22af2c

SHA512
b07b5a8346706c1fa4071c2a886b9094c42eafe5383fc018a32cf6b9ebafbe826548d09409685fb99b32ae2464d68d76d8d837ad5f94b8354d1d39dbe2a42bdf

Download Submit
C:\Windows\System\wtypnTS.exe

Filesize
6.0MB

MD5
4978a774d71bab42ae6b18bef04d8b45

SHA1
f0dd8ae5f805c22c2c1f3bb7e38d01d95e6f5291

SHA256
f53fb5b5b1a219abe5e5615437499ab4641f5efd53b8e2d268317b2d3abb7c3f

SHA512
059f69dc6910b6174abb9326cab8cf4558c4d6568b57b072912ebbc777cfbed5eb99ab6fe27aa0144d4f5ddae1b366bf694ae1693e350ee533ca276e1dea6335

Download Submit
C:\Windows\System\zWizJCu.exe

Filesize
6.0MB

MD5
fec8cc589006bcb13d8e7935b597e0f2

SHA1
2a03d7267905139e0ed11eda1d1afd869c73177d

SHA256
e666a3bc6d10c0e357fc315e38885bbd155bd6b8bf5111b59e34e5d8017fd029

SHA512
d21c4f8bccdd3312cb197621ef777752971f4353711ba5c32e80c794c9035594983fae12692ed0f1df0764e546c9a3cdadbe5d9b93be6a2941b97c8fc63fbdce

Download Submit
C:\Windows\System\zpWsGed.exe

Filesize
6.0MB

MD5
fb42499bd213267531b8ff7f7a3f17c5

SHA1
4c1f65adede1e2ff1d4303cf90b83384b3afe155

SHA256
2ad85518e13f1396543c55177be23fe67c0a74d144e7f26127c639c952bc2c1e

SHA512
ab9849f460809268dfd80ce8401ce2a8b190f2ab79860aac49f430132f72bb640066023cb345ea6ad58d7c059f909d874d39ddceac8ca32f5f05ab4b0ee5eefd

Download Submit
memory/664-1938-0x00007FF7C0980000-0x00007FF7C0CD4000-memory.dmp

Filesize
3.3MB

Download
memory/664-1115-0x00007FF7C0980000-0x00007FF7C0CD4000-memory.dmp

Filesize
3.3MB

Download
memory/716-1901-0x00007FF7C7E70000-0x00007FF7C81C4000-memory.dmp

Filesize
3.3MB

Download
memory/716-1074-0x00007FF7C7E70000-0x00007FF7C81C4000-memory.dmp

Filesize
3.3MB

Download
memory/948-1-0x0000027B549F0000-0x0000027B54A00000-memory.dmp

Filesize
64KB

Download
memory/948-0-0x00007FF687A40000-0x00007FF687D94000-memory.dmp

Filesize
3.3MB

Download
memory/948-1291-0x00007FF687A40000-0x00007FF687D94000-memory.dmp

Filesize
3.3MB

Download
memory/992-1903-0x00007FF733540000-0x00007FF733894000-memory.dmp

Filesize
3.3MB

Download
memory/992-1076-0x00007FF733540000-0x00007FF733894000-memory.dmp

Filesize
3.3MB

Download
memory/1312-12-0x00007FF70B400000-0x00007FF70B754000-memory.dmp

Filesize
3.3MB

Download
memory/1312-1880-0x00007FF70B400000-0x00007FF70B754000-memory.dmp

Filesize
3.3MB

Download
memory/1312-1401-0x00007FF70B400000-0x00007FF70B754000-memory.dmp

Filesize
3.3MB

Download
memory/1472-1917-0x00007FF6DD2A0000-0x00007FF6DD5F4000-memory.dmp

Filesize
3.3MB

Download
memory/1472-1083-0x00007FF6DD2A0000-0x00007FF6DD5F4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-1909-0x00007FF6E6AF0000-0x00007FF6E6E44000-memory.dmp

Filesize
3.3MB

Download
memory/1496-1078-0x00007FF6E6AF0000-0x00007FF6E6E44000-memory.dmp

Filesize
3.3MB

Download
memory/1536-1093-0x00007FF6858C0000-0x00007FF685C14000-memory.dmp

Filesize
3.3MB

Download
memory/1536-1923-0x00007FF6858C0000-0x00007FF685C14000-memory.dmp

Filesize
3.3MB

Download
memory/1728-1936-0x00007FF6072D0000-0x00007FF607624000-memory.dmp

Filesize
3.3MB

Download
memory/1728-1163-0x00007FF6072D0000-0x00007FF607624000-memory.dmp

Filesize
3.3MB

Download
memory/1780-1082-0x00007FF65E760000-0x00007FF65EAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1780-1912-0x00007FF65E760000-0x00007FF65EAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1816-1088-0x00007FF7E71C0000-0x00007FF7E7514000-memory.dmp

Filesize
3.3MB

Download
memory/1816-1916-0x00007FF7E71C0000-0x00007FF7E7514000-memory.dmp

Filesize
3.3MB

Download
memory/2028-1905-0x00007FF6BBA70000-0x00007FF6BBDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-1077-0x00007FF6BBA70000-0x00007FF6BBDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-1931-0x00007FF641620000-0x00007FF641974000-memory.dmp

Filesize
3.3MB

Download
memory/2032-1160-0x00007FF641620000-0x00007FF641974000-memory.dmp

Filesize
3.3MB

Download
memory/2036-1091-0x00007FF7FDEF0000-0x00007FF7FE244000-memory.dmp

Filesize
3.3MB

Download
memory/2036-1920-0x00007FF7FDEF0000-0x00007FF7FE244000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1929-0x00007FF79FFB0000-0x00007FF7A0304000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1116-0x00007FF79FFB0000-0x00007FF7A0304000-memory.dmp

Filesize
3.3MB

Download
memory/2288-1888-0x00007FF6A3C30000-0x00007FF6A3F84000-memory.dmp

Filesize
3.3MB

Download
memory/2288-18-0x00007FF6A3C30000-0x00007FF6A3F84000-memory.dmp

Filesize
3.3MB

Download
memory/2288-1449-0x00007FF6A3C30000-0x00007FF6A3F84000-memory.dmp

Filesize
3.3MB

Download
memory/2480-24-0x00007FF7A9590000-0x00007FF7A98E4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1500-0x00007FF7A9590000-0x00007FF7A98E4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1895-0x00007FF7A9590000-0x00007FF7A98E4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-1089-0x00007FF6A9B70000-0x00007FF6A9EC4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-1921-0x00007FF6A9B70000-0x00007FF6A9EC4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-1915-0x00007FF7E2A20000-0x00007FF7E2D74000-memory.dmp

Filesize
3.3MB

Download
memory/2624-1087-0x00007FF7E2A20000-0x00007FF7E2D74000-memory.dmp

Filesize
3.3MB

Download
memory/2840-1910-0x00007FF6076B0000-0x00007FF607A04000-memory.dmp

Filesize
3.3MB

Download
memory/2840-1079-0x00007FF6076B0000-0x00007FF607A04000-memory.dmp

Filesize
3.3MB

Download
memory/2912-1928-0x00007FF7357E0000-0x00007FF735B34000-memory.dmp

Filesize
3.3MB

Download
memory/2912-1158-0x00007FF7357E0000-0x00007FF735B34000-memory.dmp

Filesize
3.3MB

Download
memory/3404-1911-0x00007FF6D8C70000-0x00007FF6D8FC4000-memory.dmp

Filesize
3.3MB

Download
memory/3404-1084-0x00007FF6D8C70000-0x00007FF6D8FC4000-memory.dmp

Filesize
3.3MB

Download
memory/3448-1114-0x00007FF6B81B0000-0x00007FF6B8504000-memory.dmp

Filesize
3.3MB

Download
memory/3448-1925-0x00007FF6B81B0000-0x00007FF6B8504000-memory.dmp

Filesize
3.3MB

Download
memory/3636-1902-0x00007FF741D00000-0x00007FF742054000-memory.dmp

Filesize
3.3MB

Download
memory/3636-1075-0x00007FF741D00000-0x00007FF742054000-memory.dmp

Filesize
3.3MB

Download
memory/3680-1930-0x00007FF707770000-0x00007FF707AC4000-memory.dmp

Filesize
3.3MB

Download
memory/3680-1162-0x00007FF707770000-0x00007FF707AC4000-memory.dmp

Filesize
3.3MB

Download
memory/3684-1165-0x00007FF75D5C0000-0x00007FF75D914000-memory.dmp

Filesize
3.3MB

Download
memory/3684-1892-0x00007FF75D5C0000-0x00007FF75D914000-memory.dmp

Filesize
3.3MB

Download
memory/4192-1896-0x00007FF6FB030000-0x00007FF6FB384000-memory.dmp

Filesize
3.3MB

Download
memory/4192-1072-0x00007FF6FB030000-0x00007FF6FB384000-memory.dmp

Filesize
3.3MB

Download
memory/4208-1159-0x00007FF68ADD0000-0x00007FF68B124000-memory.dmp

Filesize
3.3MB

Download
memory/4208-1932-0x00007FF68ADD0000-0x00007FF68B124000-memory.dmp

Filesize
3.3MB

Download
memory/4880-1503-0x00007FF7086F0000-0x00007FF708A44000-memory.dmp

Filesize
3.3MB

Download
memory/4880-1068-0x00007FF7086F0000-0x00007FF708A44000-memory.dmp

Filesize
3.3MB

Download
memory/4880-1891-0x00007FF7086F0000-0x00007FF708A44000-memory.dmp

Filesize
3.3MB

Download
memory/4960-1346-0x00007FF72D8A0000-0x00007FF72DBF4000-memory.dmp

Filesize
3.3MB

Download
memory/4960-6-0x00007FF72D8A0000-0x00007FF72DBF4000-memory.dmp

Filesize
3.3MB

Download
memory/4960-1878-0x00007FF72D8A0000-0x00007FF72DBF4000-memory.dmp

Filesize
3.3MB

Download