cobaltstrike | 74dd61d6d449ad43faab873620ccf18369db65d853523985a83287c75edff775

Analysis

max time kernel
148s
max time network
29s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-09-2024 23:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

f0624b6ecc0bec2828d52bcf85e7364d
SHA1

4b4c14982447e6ab2008e5f3fc98470f5171911e
SHA256

74dd61d6d449ad43faab873620ccf18369db65d853523985a83287c75edff775
SHA512

dfb934036239397ed917d48e25240220bcc8bfa9cc0b4bcc0d240fb5d393f000ee77264dfd08285fb37f559bee80b8e9e31ef259c2ebc119d44961ee7dff806d
SSDEEP

98304:IapSdlWdfE0pZPD56utgpPFotBER/mQ32lUr:32Y56utgpPF8u/7r

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012251-3.dat	cobalt_reflective_dll
behavioral1/files/0x0025000000017234-12.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000174d5-10.dat	cobalt_reflective_dll
behavioral1/files/0x0010000000017236-28.dat	cobalt_reflective_dll
behavioral1/files/0x00020000000178b0-38.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000177df-35.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000018600-56.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000185e6-48.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018e65-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018ed5-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018eba-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018eb2-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018ea1-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018e9f-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018e96-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018ab4-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018ef7-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f80-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f94-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f9a-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fba-212.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fb0-207.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fa2-197.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018faa-201.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f9e-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f8e-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f84-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f88-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f6e-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f40-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f2c-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f08-142.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2876-0-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x000d000000012251-3.dat	xmrig
behavioral1/files/0x0025000000017234-12.dat	xmrig
behavioral1/memory/2704-15-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2116-11-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x00090000000174d5-10.dat	xmrig
behavioral1/files/0x0010000000017236-28.dat	xmrig
behavioral1/memory/2884-29-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2760-22-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x00020000000178b0-38.dat	xmrig
behavioral1/memory/2868-36-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/files/0x00060000000177df-35.dat	xmrig
behavioral1/files/0x000b000000018600-56.dat	xmrig
behavioral1/memory/2956-62-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x00060000000185e6-48.dat	xmrig
behavioral1/files/0x0005000000018e65-72.dat	xmrig
behavioral1/memory/428-83-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2420-92-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x0005000000018ed5-122.dat	xmrig
behavioral1/files/0x0005000000018eba-117.dat	xmrig
behavioral1/memory/2844-123-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2848-110-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2984-109-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/428-125-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x0005000000018eb2-108.dat	xmrig
behavioral1/memory/2420-127-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2336-101-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2956-100-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x0005000000018ea1-99.dat	xmrig
behavioral1/memory/2336-129-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2572-91-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x0005000000018e9f-90.dat	xmrig
behavioral1/memory/2876-88-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2876-87-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2848-131-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2788-82-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x0005000000018e96-81.dat	xmrig
behavioral1/memory/2984-69-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2884-68-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018ab4-67.dat	xmrig
behavioral1/memory/2868-76-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2572-54-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2876-50-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2704-49-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2760-61-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2788-45-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2116-44-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2876-40-0x0000000002460000-0x00000000027B4000-memory.dmp	xmrig
behavioral1/memory/2876-39-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018ef7-137.dat	xmrig
behavioral1/files/0x0005000000018f80-162.dat	xmrig
behavioral1/files/0x0005000000018f94-182.dat	xmrig
behavioral1/files/0x0005000000018f9a-187.dat	xmrig
behavioral1/files/0x0005000000018fba-212.dat	xmrig
behavioral1/memory/2788-1010-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2848-1095-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2116-1152-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2760-1155-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2336-1080-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2420-1070-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/428-1063-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2844-1054-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2984-1043-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2956-1032-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2116	fiHnwAb.exe
2704	nVobzRz.exe
2760	NYctTxi.exe
2884	wiNAEvH.exe
2868	DuvuClX.exe
2788	NFrrxvc.exe
2572	IGwilcs.exe
2956	DrswuEW.exe
2984	HNErtpx.exe
2844	YwElJCr.exe
428	HQmvWwR.exe
2420	JRdvbwg.exe
2336	skWKQbP.exe
2848	irQXHQZ.exe
2308	zGtMPFm.exe
548	HvYjNHE.exe
2220	eGmZIjX.exe
1544	VPBUjNf.exe
1688	YjFBwSS.exe
2376	zZuLUlJ.exe
1384	uWNUaCZ.exe
1868	tsGuPPr.exe
832	WDBLmMT.exe
1096	AyElKud.exe
2052	leOiMBo.exe
1736	Yngcnsc.exe
2304	BKAHARm.exe
1780	hFMqCkQ.exe
1728	xHwSpBp.exe
1952	mVhCRyv.exe
2284	PGjJKvl.exe
1764	rYZlzSY.exe
600	aafyjYs.exe
1612	oHfmFLV.exe
2388	rcitJzq.exe
576	EYvZsQM.exe
1980	CGiUtCr.exe
2324	IDQTxgx.exe
2280	UYhiEGM.exe
324	lYJKcIi.exe
1784	TPvtVzO.exe
1988	pczORop.exe
2172	RbuxRbP.exe
1568	UnXxvBD.exe
1572	suDVtfB.exe
2648	yLGNljc.exe
1624	VKLpUPn.exe
2828	SwYIVhS.exe
2580	LobDWkA.exe
2168	XpMLDDv.exe
2676	RFIbgxx.exe
1396	pvqJSUP.exe
360	IfFjdrx.exe
2972	ScghJQw.exe
1656	bMjDRkt.exe
2216	csuvOHz.exe
1932	HdDdGLF.exe
2584	zfgkWlw.exe
2748	eYFRzrm.exe
1152	SAMHAdj.exe
2232	eeVhcvs.exe
904	TcPQwbc.exe
2540	PsvFJrL.exe
2340	qyzSPhl.exe

Loads dropped DLL 64 IoCs

pid	Process
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2876-0-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x000d000000012251-3.dat	upx
behavioral1/files/0x0025000000017234-12.dat	upx
behavioral1/memory/2704-15-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2116-11-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x00090000000174d5-10.dat	upx
behavioral1/files/0x0010000000017236-28.dat	upx
behavioral1/memory/2884-29-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2760-22-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x00020000000178b0-38.dat	upx
behavioral1/memory/2868-36-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/files/0x00060000000177df-35.dat	upx
behavioral1/files/0x000b000000018600-56.dat	upx
behavioral1/memory/2956-62-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x00060000000185e6-48.dat	upx
behavioral1/files/0x0005000000018e65-72.dat	upx
behavioral1/memory/428-83-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2420-92-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x0005000000018ed5-122.dat	upx
behavioral1/files/0x0005000000018eba-117.dat	upx
behavioral1/memory/2844-123-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2848-110-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2984-109-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/428-125-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x0005000000018eb2-108.dat	upx
behavioral1/memory/2420-127-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2336-101-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2956-100-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x0005000000018ea1-99.dat	upx
behavioral1/memory/2336-129-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2572-91-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x0005000000018e9f-90.dat	upx
behavioral1/memory/2848-131-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2788-82-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x0005000000018e96-81.dat	upx
behavioral1/memory/2984-69-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2884-68-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x0006000000018ab4-67.dat	upx
behavioral1/memory/2868-76-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2572-54-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2704-49-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2760-61-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2788-45-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2116-44-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2876-39-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x0005000000018ef7-137.dat	upx
behavioral1/files/0x0005000000018f80-162.dat	upx
behavioral1/files/0x0005000000018f94-182.dat	upx
behavioral1/files/0x0005000000018f9a-187.dat	upx
behavioral1/files/0x0005000000018fba-212.dat	upx
behavioral1/memory/2788-1010-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2848-1095-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2116-1152-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2760-1155-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2336-1080-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2420-1070-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/428-1063-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2844-1054-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2984-1043-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2956-1032-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2572-1026-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2868-997-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2884-988-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2704-957-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HtAcFrs.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HimamcL.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jNUnwgw.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ycTjDTb.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DMlQmSu.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JMVUeEc.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fneqfMs.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FvwrxPu.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNExjIv.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZJmeCih.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OJKvuhY.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CkfZUtz.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESdnhXN.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oCkLqLp.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vRvlTqa.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rOrMhNz.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gwcNTLW.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cQSLQaD.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IPSvVjm.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBwFZFE.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KuOEwUn.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZcVgISL.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GByQDev.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EnkWGdu.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QgEXlMP.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kIYQYiB.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oKXlsNA.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vtZbBpM.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CkRYtEi.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MMKYnML.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WVbzXWd.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WDBLmMT.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HYLPdEI.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDUXJdJ.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ojGmDwv.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VgDgCpk.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\grMUnXC.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVDcPIs.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oWVDAIX.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAZkLCB.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWltKBi.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FJEFQxC.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\emNgzGk.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TeBNxGO.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rjKdXYr.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RaKzzAA.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YwbQnZT.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpiXBui.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zJjnzQv.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XrBuhwz.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtGQNvD.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iBQeQvE.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPxLPkj.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxOGiOm.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XLBVwBX.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLuwcAw.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CDqIdSE.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBqSYAA.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TkuFDMq.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gOPFZBp.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YoFtHJb.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NfnNPpZ.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IMHHejS.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hfkaKEX.exe	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 2116	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2876 wrote to memory of 2116	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2876 wrote to memory of 2116	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2876 wrote to memory of 2704	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2876 wrote to memory of 2704	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2876 wrote to memory of 2704	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2876 wrote to memory of 2760	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2876 wrote to memory of 2760	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2876 wrote to memory of 2760	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2876 wrote to memory of 2884	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2876 wrote to memory of 2884	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2876 wrote to memory of 2884	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2876 wrote to memory of 2868	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2876 wrote to memory of 2868	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2876 wrote to memory of 2868	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2876 wrote to memory of 2788	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2876 wrote to memory of 2788	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2876 wrote to memory of 2788	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2876 wrote to memory of 2572	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2876 wrote to memory of 2572	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2876 wrote to memory of 2572	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2876 wrote to memory of 2956	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2876 wrote to memory of 2956	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2876 wrote to memory of 2956	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2876 wrote to memory of 2984	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2876 wrote to memory of 2984	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2876 wrote to memory of 2984	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2876 wrote to memory of 2844	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2876 wrote to memory of 2844	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2876 wrote to memory of 2844	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2876 wrote to memory of 428	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2876 wrote to memory of 428	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2876 wrote to memory of 428	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2876 wrote to memory of 2420	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2876 wrote to memory of 2420	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2876 wrote to memory of 2420	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2876 wrote to memory of 2336	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2876 wrote to memory of 2336	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2876 wrote to memory of 2336	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2876 wrote to memory of 2848	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2876 wrote to memory of 2848	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2876 wrote to memory of 2848	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2876 wrote to memory of 2308	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2876 wrote to memory of 2308	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2876 wrote to memory of 2308	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2876 wrote to memory of 548	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2876 wrote to memory of 548	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2876 wrote to memory of 548	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2876 wrote to memory of 2220	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2876 wrote to memory of 2220	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2876 wrote to memory of 2220	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2876 wrote to memory of 1544	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2876 wrote to memory of 1544	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2876 wrote to memory of 1544	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2876 wrote to memory of 1688	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2876 wrote to memory of 1688	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2876 wrote to memory of 1688	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2876 wrote to memory of 2376	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2876 wrote to memory of 2376	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2876 wrote to memory of 2376	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2876 wrote to memory of 1384	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2876 wrote to memory of 1384	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2876 wrote to memory of 1384	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2876 wrote to memory of 1868	2876	2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-18_f0624b6ecc0bec2828d52bcf85e7364d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Windows\System\fiHnwAb.exe
  C:\Windows\System\fiHnwAb.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\nVobzRz.exe
  C:\Windows\System\nVobzRz.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\NYctTxi.exe
  C:\Windows\System\NYctTxi.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\wiNAEvH.exe
  C:\Windows\System\wiNAEvH.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\DuvuClX.exe
  C:\Windows\System\DuvuClX.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\NFrrxvc.exe
  C:\Windows\System\NFrrxvc.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\IGwilcs.exe
  C:\Windows\System\IGwilcs.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\DrswuEW.exe
  C:\Windows\System\DrswuEW.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\HNErtpx.exe
  C:\Windows\System\HNErtpx.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\YwElJCr.exe
  C:\Windows\System\YwElJCr.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\HQmvWwR.exe
  C:\Windows\System\HQmvWwR.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\JRdvbwg.exe
  C:\Windows\System\JRdvbwg.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\skWKQbP.exe
  C:\Windows\System\skWKQbP.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\irQXHQZ.exe
  C:\Windows\System\irQXHQZ.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\zGtMPFm.exe
  C:\Windows\System\zGtMPFm.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\HvYjNHE.exe
  C:\Windows\System\HvYjNHE.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\eGmZIjX.exe
  C:\Windows\System\eGmZIjX.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\VPBUjNf.exe
  C:\Windows\System\VPBUjNf.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\YjFBwSS.exe
  C:\Windows\System\YjFBwSS.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\zZuLUlJ.exe
  C:\Windows\System\zZuLUlJ.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\uWNUaCZ.exe
  C:\Windows\System\uWNUaCZ.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\tsGuPPr.exe
  C:\Windows\System\tsGuPPr.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\WDBLmMT.exe
  C:\Windows\System\WDBLmMT.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\AyElKud.exe
  C:\Windows\System\AyElKud.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\leOiMBo.exe
  C:\Windows\System\leOiMBo.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\Yngcnsc.exe
  C:\Windows\System\Yngcnsc.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\BKAHARm.exe
  C:\Windows\System\BKAHARm.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\hFMqCkQ.exe
  C:\Windows\System\hFMqCkQ.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\xHwSpBp.exe
  C:\Windows\System\xHwSpBp.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\mVhCRyv.exe
  C:\Windows\System\mVhCRyv.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\PGjJKvl.exe
  C:\Windows\System\PGjJKvl.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\rYZlzSY.exe
  C:\Windows\System\rYZlzSY.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\aafyjYs.exe
  C:\Windows\System\aafyjYs.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\oHfmFLV.exe
  C:\Windows\System\oHfmFLV.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\rcitJzq.exe
  C:\Windows\System\rcitJzq.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\EYvZsQM.exe
  C:\Windows\System\EYvZsQM.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\CGiUtCr.exe
  C:\Windows\System\CGiUtCr.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\IDQTxgx.exe
  C:\Windows\System\IDQTxgx.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\UYhiEGM.exe
  C:\Windows\System\UYhiEGM.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\lYJKcIi.exe
  C:\Windows\System\lYJKcIi.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\TPvtVzO.exe
  C:\Windows\System\TPvtVzO.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\pczORop.exe
  C:\Windows\System\pczORop.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\RbuxRbP.exe
  C:\Windows\System\RbuxRbP.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\UnXxvBD.exe
  C:\Windows\System\UnXxvBD.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\suDVtfB.exe
  C:\Windows\System\suDVtfB.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\yLGNljc.exe
  C:\Windows\System\yLGNljc.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\VKLpUPn.exe
  C:\Windows\System\VKLpUPn.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\SwYIVhS.exe
  C:\Windows\System\SwYIVhS.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\LobDWkA.exe
  C:\Windows\System\LobDWkA.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\XpMLDDv.exe
  C:\Windows\System\XpMLDDv.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\RFIbgxx.exe
  C:\Windows\System\RFIbgxx.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\pvqJSUP.exe
  C:\Windows\System\pvqJSUP.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\IfFjdrx.exe
  C:\Windows\System\IfFjdrx.exe
  2⤵
  - Executes dropped EXE
  PID:360
- C:\Windows\System\ScghJQw.exe
  C:\Windows\System\ScghJQw.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\bMjDRkt.exe
  C:\Windows\System\bMjDRkt.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\csuvOHz.exe
  C:\Windows\System\csuvOHz.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\HdDdGLF.exe
  C:\Windows\System\HdDdGLF.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\zfgkWlw.exe
  C:\Windows\System\zfgkWlw.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\eYFRzrm.exe
  C:\Windows\System\eYFRzrm.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\SAMHAdj.exe
  C:\Windows\System\SAMHAdj.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\eeVhcvs.exe
  C:\Windows\System\eeVhcvs.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\TcPQwbc.exe
  C:\Windows\System\TcPQwbc.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\PsvFJrL.exe
  C:\Windows\System\PsvFJrL.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\qyzSPhl.exe
  C:\Windows\System\qyzSPhl.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\JgKxjXF.exe
  C:\Windows\System\JgKxjXF.exe
  2⤵
  PID:2944
- C:\Windows\System\lsbecSI.exe
  C:\Windows\System\lsbecSI.exe
  2⤵
  PID:2128
- C:\Windows\System\vntgorA.exe
  C:\Windows\System\vntgorA.exe
  2⤵
  PID:664
- C:\Windows\System\MclilJp.exe
  C:\Windows\System\MclilJp.exe
  2⤵
  PID:1236
- C:\Windows\System\VRkzAwL.exe
  C:\Windows\System\VRkzAwL.exe
  2⤵
  PID:1100
- C:\Windows\System\zKCHfcP.exe
  C:\Windows\System\zKCHfcP.exe
  2⤵
  PID:2140
- C:\Windows\System\fTmgXnm.exe
  C:\Windows\System\fTmgXnm.exe
  2⤵
  PID:2124
- C:\Windows\System\vHxrBBt.exe
  C:\Windows\System\vHxrBBt.exe
  2⤵
  PID:2192
- C:\Windows\System\cJrjfmp.exe
  C:\Windows\System\cJrjfmp.exe
  2⤵
  PID:3060
- C:\Windows\System\oMAfbNQ.exe
  C:\Windows\System\oMAfbNQ.exe
  2⤵
  PID:964
- C:\Windows\System\UtjlWHk.exe
  C:\Windows\System\UtjlWHk.exe
  2⤵
  PID:892
- C:\Windows\System\YGpGXwm.exe
  C:\Windows\System\YGpGXwm.exe
  2⤵
  PID:3008
- C:\Windows\System\hfRiQWk.exe
  C:\Windows\System\hfRiQWk.exe
  2⤵
  PID:2440
- C:\Windows\System\kKdcSul.exe
  C:\Windows\System\kKdcSul.exe
  2⤵
  PID:3044
- C:\Windows\System\qJIvRYT.exe
  C:\Windows\System\qJIvRYT.exe
  2⤵
  PID:1088
- C:\Windows\System\kzesFrK.exe
  C:\Windows\System\kzesFrK.exe
  2⤵
  PID:1332
- C:\Windows\System\TRHQeiH.exe
  C:\Windows\System\TRHQeiH.exe
  2⤵
  PID:3004
- C:\Windows\System\tySKnuq.exe
  C:\Windows\System\tySKnuq.exe
  2⤵
  PID:2404
- C:\Windows\System\iNClZhn.exe
  C:\Windows\System\iNClZhn.exe
  2⤵
  PID:2252
- C:\Windows\System\iTgXsOn.exe
  C:\Windows\System\iTgXsOn.exe
  2⤵
  PID:2860
- C:\Windows\System\RFrkOsm.exe
  C:\Windows\System\RFrkOsm.exe
  2⤵
  PID:1972
- C:\Windows\System\dYpKzkT.exe
  C:\Windows\System\dYpKzkT.exe
  2⤵
  PID:1852
- C:\Windows\System\xUdDLkY.exe
  C:\Windows\System\xUdDLkY.exe
  2⤵
  PID:1616
- C:\Windows\System\qLjQbfu.exe
  C:\Windows\System\qLjQbfu.exe
  2⤵
  PID:2152
- C:\Windows\System\wpTABgz.exe
  C:\Windows\System\wpTABgz.exe
  2⤵
  PID:2480
- C:\Windows\System\ftvOCvA.exe
  C:\Windows\System\ftvOCvA.exe
  2⤵
  PID:2784
- C:\Windows\System\ZcUZdcQ.exe
  C:\Windows\System\ZcUZdcQ.exe
  2⤵
  PID:2804
- C:\Windows\System\OhqHlCc.exe
  C:\Windows\System\OhqHlCc.exe
  2⤵
  PID:1744
- C:\Windows\System\rANMYgL.exe
  C:\Windows\System\rANMYgL.exe
  2⤵
  PID:2552
- C:\Windows\System\cvwsjeV.exe
  C:\Windows\System\cvwsjeV.exe
  2⤵
  PID:1832
- C:\Windows\System\MnXUyHJ.exe
  C:\Windows\System\MnXUyHJ.exe
  2⤵
  PID:2732
- C:\Windows\System\RXwfVsz.exe
  C:\Windows\System\RXwfVsz.exe
  2⤵
  PID:2900
- C:\Windows\System\ySCIRyL.exe
  C:\Windows\System\ySCIRyL.exe
  2⤵
  PID:2016
- C:\Windows\System\QIbFhxY.exe
  C:\Windows\System\QIbFhxY.exe
  2⤵
  PID:1452
- C:\Windows\System\IWltKBi.exe
  C:\Windows\System\IWltKBi.exe
  2⤵
  PID:1996
- C:\Windows\System\YhOaveH.exe
  C:\Windows\System\YhOaveH.exe
  2⤵
  PID:2764
- C:\Windows\System\JLaroYv.exe
  C:\Windows\System\JLaroYv.exe
  2⤵
  PID:1504
- C:\Windows\System\wLnmmMB.exe
  C:\Windows\System\wLnmmMB.exe
  2⤵
  PID:2736
- C:\Windows\System\TqxiySd.exe
  C:\Windows\System\TqxiySd.exe
  2⤵
  PID:2616
- C:\Windows\System\wMYtKqa.exe
  C:\Windows\System\wMYtKqa.exe
  2⤵
  PID:1672
- C:\Windows\System\DEgKDml.exe
  C:\Windows\System\DEgKDml.exe
  2⤵
  PID:2592
- C:\Windows\System\uOjfhhW.exe
  C:\Windows\System\uOjfhhW.exe
  2⤵
  PID:2684
- C:\Windows\System\TJPlEgm.exe
  C:\Windows\System\TJPlEgm.exe
  2⤵
  PID:1372
- C:\Windows\System\HoSFrWk.exe
  C:\Windows\System\HoSFrWk.exe
  2⤵
  PID:872
- C:\Windows\System\HtAcFrs.exe
  C:\Windows\System\HtAcFrs.exe
  2⤵
  PID:1512
- C:\Windows\System\tzNXNmz.exe
  C:\Windows\System\tzNXNmz.exe
  2⤵
  PID:2436
- C:\Windows\System\eHLTJCC.exe
  C:\Windows\System\eHLTJCC.exe
  2⤵
  PID:1344
- C:\Windows\System\oCimHbA.exe
  C:\Windows\System\oCimHbA.exe
  2⤵
  PID:1936
- C:\Windows\System\FCohanV.exe
  C:\Windows\System\FCohanV.exe
  2⤵
  PID:1124
- C:\Windows\System\iQiVigp.exe
  C:\Windows\System\iQiVigp.exe
  2⤵
  PID:2364
- C:\Windows\System\KCnLWwt.exe
  C:\Windows\System\KCnLWwt.exe
  2⤵
  PID:1380
- C:\Windows\System\ufFUahm.exe
  C:\Windows\System\ufFUahm.exe
  2⤵
  PID:1716
- C:\Windows\System\cwWkygW.exe
  C:\Windows\System\cwWkygW.exe
  2⤵
  PID:1596
- C:\Windows\System\gKcxxKW.exe
  C:\Windows\System\gKcxxKW.exe
  2⤵
  PID:2164
- C:\Windows\System\lxpcAml.exe
  C:\Windows\System\lxpcAml.exe
  2⤵
  PID:2132
- C:\Windows\System\Vtmyngy.exe
  C:\Windows\System\Vtmyngy.exe
  2⤵
  PID:2072
- C:\Windows\System\qByEMHD.exe
  C:\Windows\System\qByEMHD.exe
  2⤵
  PID:1836
- C:\Windows\System\PSmxjbg.exe
  C:\Windows\System\PSmxjbg.exe
  2⤵
  PID:1600
- C:\Windows\System\nQIxNdQ.exe
  C:\Windows\System\nQIxNdQ.exe
  2⤵
  PID:2624
- C:\Windows\System\bARIwwi.exe
  C:\Windows\System\bARIwwi.exe
  2⤵
  PID:2800
- C:\Windows\System\MmLozqt.exe
  C:\Windows\System\MmLozqt.exe
  2⤵
  PID:2236
- C:\Windows\System\gjALnwq.exe
  C:\Windows\System\gjALnwq.exe
  2⤵
  PID:2608
- C:\Windows\System\SnTQgmD.exe
  C:\Windows\System\SnTQgmD.exe
  2⤵
  PID:2356
- C:\Windows\System\NrhqTxM.exe
  C:\Windows\System\NrhqTxM.exe
  2⤵
  PID:2780
- C:\Windows\System\DyWGMRS.exe
  C:\Windows\System\DyWGMRS.exe
  2⤵
  PID:2056
- C:\Windows\System\FJEFQxC.exe
  C:\Windows\System\FJEFQxC.exe
  2⤵
  PID:3040
- C:\Windows\System\fpiXBui.exe
  C:\Windows\System\fpiXBui.exe
  2⤵
  PID:880
- C:\Windows\System\aXYFvva.exe
  C:\Windows\System\aXYFvva.exe
  2⤵
  PID:2712
- C:\Windows\System\ZTMZZps.exe
  C:\Windows\System\ZTMZZps.exe
  2⤵
  PID:1032
- C:\Windows\System\RtJRTYQ.exe
  C:\Windows\System\RtJRTYQ.exe
  2⤵
  PID:996
- C:\Windows\System\bykpCtn.exe
  C:\Windows\System\bykpCtn.exe
  2⤵
  PID:1696
- C:\Windows\System\kGNTWjL.exe
  C:\Windows\System\kGNTWjL.exe
  2⤵
  PID:1760
- C:\Windows\System\vaLKZeH.exe
  C:\Windows\System\vaLKZeH.exe
  2⤵
  PID:2940
- C:\Windows\System\JYLtuFe.exe
  C:\Windows\System\JYLtuFe.exe
  2⤵
  PID:2244
- C:\Windows\System\jIaPCyI.exe
  C:\Windows\System\jIaPCyI.exe
  2⤵
  PID:820
- C:\Windows\System\yLCXQHJ.exe
  C:\Windows\System\yLCXQHJ.exe
  2⤵
  PID:2912
- C:\Windows\System\iSvxgSt.exe
  C:\Windows\System\iSvxgSt.exe
  2⤵
  PID:2544
- C:\Windows\System\fuSDabP.exe
  C:\Windows\System\fuSDabP.exe
  2⤵
  PID:1132
- C:\Windows\System\tsMckKX.exe
  C:\Windows\System\tsMckKX.exe
  2⤵
  PID:2768
- C:\Windows\System\LCTMUIA.exe
  C:\Windows\System\LCTMUIA.exe
  2⤵
  PID:2344
- C:\Windows\System\LqQpFlK.exe
  C:\Windows\System\LqQpFlK.exe
  2⤵
  PID:1540
- C:\Windows\System\HotIaTK.exe
  C:\Windows\System\HotIaTK.exe
  2⤵
  PID:2852
- C:\Windows\System\iaiRjxG.exe
  C:\Windows\System\iaiRjxG.exe
  2⤵
  PID:2208
- C:\Windows\System\UHveHag.exe
  C:\Windows\System\UHveHag.exe
  2⤵
  PID:2840
- C:\Windows\System\iXfUpbU.exe
  C:\Windows\System\iXfUpbU.exe
  2⤵
  PID:2808
- C:\Windows\System\NISACtr.exe
  C:\Windows\System\NISACtr.exe
  2⤵
  PID:1376
- C:\Windows\System\HimamcL.exe
  C:\Windows\System\HimamcL.exe
  2⤵
  PID:2200
- C:\Windows\System\ynhXcYT.exe
  C:\Windows\System\ynhXcYT.exe
  2⤵
  PID:2640
- C:\Windows\System\XKsErOo.exe
  C:\Windows\System\XKsErOo.exe
  2⤵
  PID:924
- C:\Windows\System\weBYFUA.exe
  C:\Windows\System\weBYFUA.exe
  2⤵
  PID:2036
- C:\Windows\System\cRSPdoH.exe
  C:\Windows\System\cRSPdoH.exe
  2⤵
  PID:628
- C:\Windows\System\nyZGSbi.exe
  C:\Windows\System\nyZGSbi.exe
  2⤵
  PID:2484
- C:\Windows\System\sTsrDET.exe
  C:\Windows\System\sTsrDET.exe
  2⤵
  PID:2380
- C:\Windows\System\RiMVvdC.exe
  C:\Windows\System\RiMVvdC.exe
  2⤵
  PID:3088
- C:\Windows\System\RlgSAei.exe
  C:\Windows\System\RlgSAei.exe
  2⤵
  PID:3108
- C:\Windows\System\NyuSyEe.exe
  C:\Windows\System\NyuSyEe.exe
  2⤵
  PID:3124
- C:\Windows\System\OrjjZTq.exe
  C:\Windows\System\OrjjZTq.exe
  2⤵
  PID:3148
- C:\Windows\System\KdeUpYw.exe
  C:\Windows\System\KdeUpYw.exe
  2⤵
  PID:3168
- C:\Windows\System\OITMmhj.exe
  C:\Windows\System\OITMmhj.exe
  2⤵
  PID:3188
- C:\Windows\System\hjTpUXh.exe
  C:\Windows\System\hjTpUXh.exe
  2⤵
  PID:3208
- C:\Windows\System\telXTbc.exe
  C:\Windows\System\telXTbc.exe
  2⤵
  PID:3228
- C:\Windows\System\HYLPdEI.exe
  C:\Windows\System\HYLPdEI.exe
  2⤵
  PID:3248
- C:\Windows\System\GyiwrKR.exe
  C:\Windows\System\GyiwrKR.exe
  2⤵
  PID:3272
- C:\Windows\System\sXFZvpw.exe
  C:\Windows\System\sXFZvpw.exe
  2⤵
  PID:3292
- C:\Windows\System\SGuWSDT.exe
  C:\Windows\System\SGuWSDT.exe
  2⤵
  PID:3312
- C:\Windows\System\gvdDSov.exe
  C:\Windows\System\gvdDSov.exe
  2⤵
  PID:3332
- C:\Windows\System\HGlVmae.exe
  C:\Windows\System\HGlVmae.exe
  2⤵
  PID:3352
- C:\Windows\System\ELVUGPn.exe
  C:\Windows\System\ELVUGPn.exe
  2⤵
  PID:3372
- C:\Windows\System\EwfExgb.exe
  C:\Windows\System\EwfExgb.exe
  2⤵
  PID:3392
- C:\Windows\System\TzNbmNA.exe
  C:\Windows\System\TzNbmNA.exe
  2⤵
  PID:3412
- C:\Windows\System\zJjnzQv.exe
  C:\Windows\System\zJjnzQv.exe
  2⤵
  PID:3432
- C:\Windows\System\EOalsXi.exe
  C:\Windows\System\EOalsXi.exe
  2⤵
  PID:3452
- C:\Windows\System\PhCFwVZ.exe
  C:\Windows\System\PhCFwVZ.exe
  2⤵
  PID:3472
- C:\Windows\System\LeqndHz.exe
  C:\Windows\System\LeqndHz.exe
  2⤵
  PID:3492
- C:\Windows\System\VLgPjFa.exe
  C:\Windows\System\VLgPjFa.exe
  2⤵
  PID:3512
- C:\Windows\System\CmwpDtY.exe
  C:\Windows\System\CmwpDtY.exe
  2⤵
  PID:3532
- C:\Windows\System\ezySDtx.exe
  C:\Windows\System\ezySDtx.exe
  2⤵
  PID:3552
- C:\Windows\System\hBtSKGq.exe
  C:\Windows\System\hBtSKGq.exe
  2⤵
  PID:3572
- C:\Windows\System\zYUUPPD.exe
  C:\Windows\System\zYUUPPD.exe
  2⤵
  PID:3596
- C:\Windows\System\sUJNHGB.exe
  C:\Windows\System\sUJNHGB.exe
  2⤵
  PID:3616
- C:\Windows\System\weehTjE.exe
  C:\Windows\System\weehTjE.exe
  2⤵
  PID:3636
- C:\Windows\System\VFPlveV.exe
  C:\Windows\System\VFPlveV.exe
  2⤵
  PID:3656
- C:\Windows\System\PbiFjzf.exe
  C:\Windows\System\PbiFjzf.exe
  2⤵
  PID:3676
- C:\Windows\System\MqmYWbM.exe
  C:\Windows\System\MqmYWbM.exe
  2⤵
  PID:3692
- C:\Windows\System\ziUCyuz.exe
  C:\Windows\System\ziUCyuz.exe
  2⤵
  PID:3716
- C:\Windows\System\WKqlQdG.exe
  C:\Windows\System\WKqlQdG.exe
  2⤵
  PID:3736
- C:\Windows\System\RPdMVla.exe
  C:\Windows\System\RPdMVla.exe
  2⤵
  PID:3756
- C:\Windows\System\yMKLujM.exe
  C:\Windows\System\yMKLujM.exe
  2⤵
  PID:3776
- C:\Windows\System\dBrUfqC.exe
  C:\Windows\System\dBrUfqC.exe
  2⤵
  PID:3796
- C:\Windows\System\WxIBQdM.exe
  C:\Windows\System\WxIBQdM.exe
  2⤵
  PID:3816
- C:\Windows\System\cSlrtid.exe
  C:\Windows\System\cSlrtid.exe
  2⤵
  PID:3836
- C:\Windows\System\NLhzqYt.exe
  C:\Windows\System\NLhzqYt.exe
  2⤵
  PID:3856
- C:\Windows\System\aBeTOnN.exe
  C:\Windows\System\aBeTOnN.exe
  2⤵
  PID:3876
- C:\Windows\System\HAxRZDV.exe
  C:\Windows\System\HAxRZDV.exe
  2⤵
  PID:3892
- C:\Windows\System\uabxfKG.exe
  C:\Windows\System\uabxfKG.exe
  2⤵
  PID:3916
- C:\Windows\System\TtTnwaX.exe
  C:\Windows\System\TtTnwaX.exe
  2⤵
  PID:3936
- C:\Windows\System\zYCLyxR.exe
  C:\Windows\System\zYCLyxR.exe
  2⤵
  PID:3960
- C:\Windows\System\MiVEkeI.exe
  C:\Windows\System\MiVEkeI.exe
  2⤵
  PID:3980
- C:\Windows\System\YXgJifo.exe
  C:\Windows\System\YXgJifo.exe
  2⤵
  PID:4000
- C:\Windows\System\bqbnPCQ.exe
  C:\Windows\System\bqbnPCQ.exe
  2⤵
  PID:4020
- C:\Windows\System\ScDJIEv.exe
  C:\Windows\System\ScDJIEv.exe
  2⤵
  PID:4040
- C:\Windows\System\BbYQRjT.exe
  C:\Windows\System\BbYQRjT.exe
  2⤵
  PID:4060
- C:\Windows\System\UBMjNTe.exe
  C:\Windows\System\UBMjNTe.exe
  2⤵
  PID:4080
- C:\Windows\System\cMutvOX.exe
  C:\Windows\System\cMutvOX.exe
  2⤵
  PID:2000
- C:\Windows\System\unyQCKr.exe
  C:\Windows\System\unyQCKr.exe
  2⤵
  PID:2996
- C:\Windows\System\upHKZHu.exe
  C:\Windows\System\upHKZHu.exe
  2⤵
  PID:1724
- C:\Windows\System\YaJWAix.exe
  C:\Windows\System\YaJWAix.exe
  2⤵
  PID:2588
- C:\Windows\System\TDHSnab.exe
  C:\Windows\System\TDHSnab.exe
  2⤵
  PID:3100
- C:\Windows\System\cQCgQTX.exe
  C:\Windows\System\cQCgQTX.exe
  2⤵
  PID:3144
- C:\Windows\System\ESfFRBg.exe
  C:\Windows\System\ESfFRBg.exe
  2⤵
  PID:3184
- C:\Windows\System\xlzPrTR.exe
  C:\Windows\System\xlzPrTR.exe
  2⤵
  PID:3196
- C:\Windows\System\TaxCcDx.exe
  C:\Windows\System\TaxCcDx.exe
  2⤵
  PID:3220
- C:\Windows\System\NDqqnCw.exe
  C:\Windows\System\NDqqnCw.exe
  2⤵
  PID:3264
- C:\Windows\System\eHNjjhW.exe
  C:\Windows\System\eHNjjhW.exe
  2⤵
  PID:3288
- C:\Windows\System\kifeVly.exe
  C:\Windows\System\kifeVly.exe
  2⤵
  PID:3348
- C:\Windows\System\TYVbgLY.exe
  C:\Windows\System\TYVbgLY.exe
  2⤵
  PID:3368
- C:\Windows\System\hWmOBxH.exe
  C:\Windows\System\hWmOBxH.exe
  2⤵
  PID:3420
- C:\Windows\System\uLwjZrN.exe
  C:\Windows\System\uLwjZrN.exe
  2⤵
  PID:3424
- C:\Windows\System\WgiarYr.exe
  C:\Windows\System\WgiarYr.exe
  2⤵
  PID:3448
- C:\Windows\System\vQiVvsG.exe
  C:\Windows\System\vQiVvsG.exe
  2⤵
  PID:3488
- C:\Windows\System\thohiwX.exe
  C:\Windows\System\thohiwX.exe
  2⤵
  PID:3540
- C:\Windows\System\SFDnBcl.exe
  C:\Windows\System\SFDnBcl.exe
  2⤵
  PID:3588
- C:\Windows\System\qtTrCdo.exe
  C:\Windows\System\qtTrCdo.exe
  2⤵
  PID:3624
- C:\Windows\System\BNjSygW.exe
  C:\Windows\System\BNjSygW.exe
  2⤵
  PID:3632
- C:\Windows\System\TJKXine.exe
  C:\Windows\System\TJKXine.exe
  2⤵
  PID:3672
- C:\Windows\System\jVfSNWO.exe
  C:\Windows\System\jVfSNWO.exe
  2⤵
  PID:3684
- C:\Windows\System\FCDQloP.exe
  C:\Windows\System\FCDQloP.exe
  2⤵
  PID:3732
- C:\Windows\System\ixhpgUJ.exe
  C:\Windows\System\ixhpgUJ.exe
  2⤵
  PID:3748
- C:\Windows\System\JcMYQoc.exe
  C:\Windows\System\JcMYQoc.exe
  2⤵
  PID:3768
- C:\Windows\System\IPSvVjm.exe
  C:\Windows\System\IPSvVjm.exe
  2⤵
  PID:3808
- C:\Windows\System\sbfuEBy.exe
  C:\Windows\System\sbfuEBy.exe
  2⤵
  PID:3864
- C:\Windows\System\yyUwJDB.exe
  C:\Windows\System\yyUwJDB.exe
  2⤵
  PID:3908
- C:\Windows\System\GpUnoib.exe
  C:\Windows\System\GpUnoib.exe
  2⤵
  PID:3932
- C:\Windows\System\xxJVmjQ.exe
  C:\Windows\System\xxJVmjQ.exe
  2⤵
  PID:3996
- C:\Windows\System\PIIBPUX.exe
  C:\Windows\System\PIIBPUX.exe
  2⤵
  PID:4008
- C:\Windows\System\VaFQBYl.exe
  C:\Windows\System\VaFQBYl.exe
  2⤵
  PID:4012
- C:\Windows\System\JNIUcqI.exe
  C:\Windows\System\JNIUcqI.exe
  2⤵
  PID:4052
- C:\Windows\System\JCRdweh.exe
  C:\Windows\System\JCRdweh.exe
  2⤵
  PID:4088
- C:\Windows\System\xaIUEfv.exe
  C:\Windows\System\xaIUEfv.exe
  2⤵
  PID:2276
- C:\Windows\System\mdYNeEQ.exe
  C:\Windows\System\mdYNeEQ.exe
  2⤵
  PID:3076
- C:\Windows\System\xCksIbb.exe
  C:\Windows\System\xCksIbb.exe
  2⤵
  PID:3132
- C:\Windows\System\Otymxet.exe
  C:\Windows\System\Otymxet.exe
  2⤵
  PID:3160
- C:\Windows\System\tUkyNQQ.exe
  C:\Windows\System\tUkyNQQ.exe
  2⤵
  PID:3224
- C:\Windows\System\AzqwflF.exe
  C:\Windows\System\AzqwflF.exe
  2⤵
  PID:3308
- C:\Windows\System\ugupvlD.exe
  C:\Windows\System\ugupvlD.exe
  2⤵
  PID:3400
- C:\Windows\System\wHXSHGu.exe
  C:\Windows\System\wHXSHGu.exe
  2⤵
  PID:3408
- C:\Windows\System\rxWxJDv.exe
  C:\Windows\System\rxWxJDv.exe
  2⤵
  PID:3404
- C:\Windows\System\YUIWpUx.exe
  C:\Windows\System\YUIWpUx.exe
  2⤵
  PID:3508
- C:\Windows\System\XMDxVTN.exe
  C:\Windows\System\XMDxVTN.exe
  2⤵
  PID:3644
- C:\Windows\System\enlMngY.exe
  C:\Windows\System\enlMngY.exe
  2⤵
  PID:3652
- C:\Windows\System\DFPDHCg.exe
  C:\Windows\System\DFPDHCg.exe
  2⤵
  PID:3604
- C:\Windows\System\NrigRek.exe
  C:\Windows\System\NrigRek.exe
  2⤵
  PID:3764
- C:\Windows\System\nRklzaw.exe
  C:\Windows\System\nRklzaw.exe
  2⤵
  PID:3752
- C:\Windows\System\AxfMICb.exe
  C:\Windows\System\AxfMICb.exe
  2⤵
  PID:3904
- C:\Windows\System\eXeKtTI.exe
  C:\Windows\System\eXeKtTI.exe
  2⤵
  PID:3884
- C:\Windows\System\rNmjIfr.exe
  C:\Windows\System\rNmjIfr.exe
  2⤵
  PID:3968
- C:\Windows\System\ENbxDxv.exe
  C:\Windows\System\ENbxDxv.exe
  2⤵
  PID:4068
- C:\Windows\System\EkpnUlv.exe
  C:\Windows\System\EkpnUlv.exe
  2⤵
  PID:4092
- C:\Windows\System\ELzSaKY.exe
  C:\Windows\System\ELzSaKY.exe
  2⤵
  PID:264
- C:\Windows\System\YShENnT.exe
  C:\Windows\System\YShENnT.exe
  2⤵
  PID:3096
- C:\Windows\System\aXrNQPF.exe
  C:\Windows\System\aXrNQPF.exe
  2⤵
  PID:3116
- C:\Windows\System\FoNOiMW.exe
  C:\Windows\System\FoNOiMW.exe
  2⤵
  PID:3300
- C:\Windows\System\uxNbOtZ.exe
  C:\Windows\System\uxNbOtZ.exe
  2⤵
  PID:3428
- C:\Windows\System\cSxNQDJ.exe
  C:\Windows\System\cSxNQDJ.exe
  2⤵
  PID:3568
- C:\Windows\System\LGWEfjZ.exe
  C:\Windows\System\LGWEfjZ.exe
  2⤵
  PID:3584
- C:\Windows\System\jdPbhXa.exe
  C:\Windows\System\jdPbhXa.exe
  2⤵
  PID:3724
- C:\Windows\System\urFEULY.exe
  C:\Windows\System\urFEULY.exe
  2⤵
  PID:3792
- C:\Windows\System\OpxCala.exe
  C:\Windows\System\OpxCala.exe
  2⤵
  PID:3924
- C:\Windows\System\euwBFbb.exe
  C:\Windows\System\euwBFbb.exe
  2⤵
  PID:3976
- C:\Windows\System\vBrcHnL.exe
  C:\Windows\System\vBrcHnL.exe
  2⤵
  PID:3948
- C:\Windows\System\XtCixAJ.exe
  C:\Windows\System\XtCixAJ.exe
  2⤵
  PID:4056
- C:\Windows\System\ZtnhgIM.exe
  C:\Windows\System\ZtnhgIM.exe
  2⤵
  PID:3080
- C:\Windows\System\cRHcLEO.exe
  C:\Windows\System\cRHcLEO.exe
  2⤵
  PID:3324
- C:\Windows\System\TsIsbkl.exe
  C:\Windows\System\TsIsbkl.exe
  2⤵
  PID:3500
- C:\Windows\System\ytddBNV.exe
  C:\Windows\System\ytddBNV.exe
  2⤵
  PID:3712
- C:\Windows\System\eAkVsyL.exe
  C:\Windows\System\eAkVsyL.exe
  2⤵
  PID:3848
- C:\Windows\System\PmZKECq.exe
  C:\Windows\System\PmZKECq.exe
  2⤵
  PID:3900
- C:\Windows\System\yWgSggP.exe
  C:\Windows\System\yWgSggP.exe
  2⤵
  PID:4036
- C:\Windows\System\VWGEUPm.exe
  C:\Windows\System\VWGEUPm.exe
  2⤵
  PID:3180
- C:\Windows\System\rvRuQCf.exe
  C:\Windows\System\rvRuQCf.exe
  2⤵
  PID:4108
- C:\Windows\System\pEysojz.exe
  C:\Windows\System\pEysojz.exe
  2⤵
  PID:4128
- C:\Windows\System\jkRoVEn.exe
  C:\Windows\System\jkRoVEn.exe
  2⤵
  PID:4148
- C:\Windows\System\CcgQQJe.exe
  C:\Windows\System\CcgQQJe.exe
  2⤵
  PID:4168
- C:\Windows\System\TJdooOb.exe
  C:\Windows\System\TJdooOb.exe
  2⤵
  PID:4188
- C:\Windows\System\FohphHG.exe
  C:\Windows\System\FohphHG.exe
  2⤵
  PID:4208
- C:\Windows\System\YcDTMqe.exe
  C:\Windows\System\YcDTMqe.exe
  2⤵
  PID:4228
- C:\Windows\System\AcaLGaW.exe
  C:\Windows\System\AcaLGaW.exe
  2⤵
  PID:4252
- C:\Windows\System\FppFKLh.exe
  C:\Windows\System\FppFKLh.exe
  2⤵
  PID:4272
- C:\Windows\System\CkPvcRN.exe
  C:\Windows\System\CkPvcRN.exe
  2⤵
  PID:4300
- C:\Windows\System\KoELbES.exe
  C:\Windows\System\KoELbES.exe
  2⤵
  PID:4316
- C:\Windows\System\LEGesCQ.exe
  C:\Windows\System\LEGesCQ.exe
  2⤵
  PID:4340
- C:\Windows\System\qmzuFxA.exe
  C:\Windows\System\qmzuFxA.exe
  2⤵
  PID:4360
- C:\Windows\System\IsvszHH.exe
  C:\Windows\System\IsvszHH.exe
  2⤵
  PID:4384
- C:\Windows\System\FyOkxEB.exe
  C:\Windows\System\FyOkxEB.exe
  2⤵
  PID:4404
- C:\Windows\System\juPOZug.exe
  C:\Windows\System\juPOZug.exe
  2⤵
  PID:4424
- C:\Windows\System\jOFXvCd.exe
  C:\Windows\System\jOFXvCd.exe
  2⤵
  PID:4444
- C:\Windows\System\CCgjXCc.exe
  C:\Windows\System\CCgjXCc.exe
  2⤵
  PID:4464
- C:\Windows\System\TkuFDMq.exe
  C:\Windows\System\TkuFDMq.exe
  2⤵
  PID:4488
- C:\Windows\System\XtNpswq.exe
  C:\Windows\System\XtNpswq.exe
  2⤵
  PID:4508
- C:\Windows\System\MAmvWyx.exe
  C:\Windows\System\MAmvWyx.exe
  2⤵
  PID:4528
- C:\Windows\System\yqOIlWZ.exe
  C:\Windows\System\yqOIlWZ.exe
  2⤵
  PID:4548
- C:\Windows\System\lmrzaDp.exe
  C:\Windows\System\lmrzaDp.exe
  2⤵
  PID:4572
- C:\Windows\System\HxLcVGR.exe
  C:\Windows\System\HxLcVGR.exe
  2⤵
  PID:4596
- C:\Windows\System\yhtGiOf.exe
  C:\Windows\System\yhtGiOf.exe
  2⤵
  PID:4616
- C:\Windows\System\aMRWsfv.exe
  C:\Windows\System\aMRWsfv.exe
  2⤵
  PID:4636
- C:\Windows\System\rWsXlQP.exe
  C:\Windows\System\rWsXlQP.exe
  2⤵
  PID:4656
- C:\Windows\System\ucUCEPY.exe
  C:\Windows\System\ucUCEPY.exe
  2⤵
  PID:4684
- C:\Windows\System\aRanneK.exe
  C:\Windows\System\aRanneK.exe
  2⤵
  PID:4700
- C:\Windows\System\gLbqGTd.exe
  C:\Windows\System\gLbqGTd.exe
  2⤵
  PID:4728
- C:\Windows\System\VcBqmfF.exe
  C:\Windows\System\VcBqmfF.exe
  2⤵
  PID:4748
- C:\Windows\System\iPQWmjv.exe
  C:\Windows\System\iPQWmjv.exe
  2⤵
  PID:4772
- C:\Windows\System\YwWLmBQ.exe
  C:\Windows\System\YwWLmBQ.exe
  2⤵
  PID:4792
- C:\Windows\System\emNgzGk.exe
  C:\Windows\System\emNgzGk.exe
  2⤵
  PID:4812
- C:\Windows\System\bVIqLPp.exe
  C:\Windows\System\bVIqLPp.exe
  2⤵
  PID:4836
- C:\Windows\System\NcRoPbE.exe
  C:\Windows\System\NcRoPbE.exe
  2⤵
  PID:4856
- C:\Windows\System\JVANXnh.exe
  C:\Windows\System\JVANXnh.exe
  2⤵
  PID:4876
- C:\Windows\System\TvyotdN.exe
  C:\Windows\System\TvyotdN.exe
  2⤵
  PID:4896
- C:\Windows\System\NIoHbYi.exe
  C:\Windows\System\NIoHbYi.exe
  2⤵
  PID:4916
- C:\Windows\System\jeHGgZF.exe
  C:\Windows\System\jeHGgZF.exe
  2⤵
  PID:4936
- C:\Windows\System\AvgaGOo.exe
  C:\Windows\System\AvgaGOo.exe
  2⤵
  PID:4956
- C:\Windows\System\MhubbtG.exe
  C:\Windows\System\MhubbtG.exe
  2⤵
  PID:4980
- C:\Windows\System\cSGPIPA.exe
  C:\Windows\System\cSGPIPA.exe
  2⤵
  PID:5000
- C:\Windows\System\qhXtbpk.exe
  C:\Windows\System\qhXtbpk.exe
  2⤵
  PID:5024
- C:\Windows\System\iLAEpUc.exe
  C:\Windows\System\iLAEpUc.exe
  2⤵
  PID:5044
- C:\Windows\System\pMISkwL.exe
  C:\Windows\System\pMISkwL.exe
  2⤵
  PID:5064
- C:\Windows\System\PFAhnAZ.exe
  C:\Windows\System\PFAhnAZ.exe
  2⤵
  PID:5084
- C:\Windows\System\GqwaxkL.exe
  C:\Windows\System\GqwaxkL.exe
  2⤵
  PID:5104
- C:\Windows\System\hTQYyUt.exe
  C:\Windows\System\hTQYyUt.exe
  2⤵
  PID:3612
- C:\Windows\System\WSsIqXY.exe
  C:\Windows\System\WSsIqXY.exe
  2⤵
  PID:3384
- C:\Windows\System\UUXoHtc.exe
  C:\Windows\System\UUXoHtc.exe
  2⤵
  PID:3320
- C:\Windows\System\IKzwgnM.exe
  C:\Windows\System\IKzwgnM.exe
  2⤵
  PID:4076
- C:\Windows\System\dlRvIau.exe
  C:\Windows\System\dlRvIau.exe
  2⤵
  PID:4120
- C:\Windows\System\FGbBtfW.exe
  C:\Windows\System\FGbBtfW.exe
  2⤵
  PID:4156
- C:\Windows\System\WBSftMJ.exe
  C:\Windows\System\WBSftMJ.exe
  2⤵
  PID:4140
- C:\Windows\System\nHuTdPl.exe
  C:\Windows\System\nHuTdPl.exe
  2⤵
  PID:4176
- C:\Windows\System\ycEmEeJ.exe
  C:\Windows\System\ycEmEeJ.exe
  2⤵
  PID:4248
- C:\Windows\System\yQYIZya.exe
  C:\Windows\System\yQYIZya.exe
  2⤵
  PID:4280
- C:\Windows\System\ykuhauT.exe
  C:\Windows\System\ykuhauT.exe
  2⤵
  PID:4416
- C:\Windows\System\beguJuA.exe
  C:\Windows\System\beguJuA.exe
  2⤵
  PID:4436
- C:\Windows\System\XlRscfu.exe
  C:\Windows\System\XlRscfu.exe
  2⤵
  PID:4480
- C:\Windows\System\ZRktjmA.exe
  C:\Windows\System\ZRktjmA.exe
  2⤵
  PID:4520
- C:\Windows\System\wZigenu.exe
  C:\Windows\System\wZigenu.exe
  2⤵
  PID:4556
- C:\Windows\System\pgYenHj.exe
  C:\Windows\System\pgYenHj.exe
  2⤵
  PID:4604
- C:\Windows\System\DbpsKZq.exe
  C:\Windows\System\DbpsKZq.exe
  2⤵
  PID:4664
- C:\Windows\System\WBSvhqw.exe
  C:\Windows\System\WBSvhqw.exe
  2⤵
  PID:4648
- C:\Windows\System\fHSXGJb.exe
  C:\Windows\System\fHSXGJb.exe
  2⤵
  PID:4692
- C:\Windows\System\udrHTtT.exe
  C:\Windows\System\udrHTtT.exe
  2⤵
  PID:2136
- C:\Windows\System\kVqXkRw.exe
  C:\Windows\System\kVqXkRw.exe
  2⤵
  PID:4780
- C:\Windows\System\HoLLmyZ.exe
  C:\Windows\System\HoLLmyZ.exe
  2⤵
  PID:4784
- C:\Windows\System\fneqfMs.exe
  C:\Windows\System\fneqfMs.exe
  2⤵
  PID:3036
- C:\Windows\System\HHEHBdE.exe
  C:\Windows\System\HHEHBdE.exe
  2⤵
  PID:4668
- C:\Windows\System\Vjzekxn.exe
  C:\Windows\System\Vjzekxn.exe
  2⤵
  PID:756
- C:\Windows\System\XRhDqPY.exe
  C:\Windows\System\XRhDqPY.exe
  2⤵
  PID:4868
- C:\Windows\System\oENWDxQ.exe
  C:\Windows\System\oENWDxQ.exe
  2⤵
  PID:2408
- C:\Windows\System\hyoLRDI.exe
  C:\Windows\System\hyoLRDI.exe
  2⤵
  PID:4972
- C:\Windows\System\LKoiKYf.exe
  C:\Windows\System\LKoiKYf.exe
  2⤵
  PID:4988
- C:\Windows\System\ftnCrSV.exe
  C:\Windows\System\ftnCrSV.exe
  2⤵
  PID:4992
- C:\Windows\System\QBstYGw.exe
  C:\Windows\System\QBstYGw.exe
  2⤵
  PID:5060
- C:\Windows\System\kRtLmba.exe
  C:\Windows\System\kRtLmba.exe
  2⤵
  PID:5100
- C:\Windows\System\bwmwicg.exe
  C:\Windows\System\bwmwicg.exe
  2⤵
  PID:5072
- C:\Windows\System\DGfHyGp.exe
  C:\Windows\System\DGfHyGp.exe
  2⤵
  PID:3464
- C:\Windows\System\UkQIFQw.exe
  C:\Windows\System\UkQIFQw.exe
  2⤵
  PID:3268
- C:\Windows\System\buLEkrv.exe
  C:\Windows\System\buLEkrv.exe
  2⤵
  PID:3176
- C:\Windows\System\RiyGGtq.exe
  C:\Windows\System\RiyGGtq.exe
  2⤵
  PID:4236
- C:\Windows\System\aluXwOR.exe
  C:\Windows\System\aluXwOR.exe
  2⤵
  PID:4224
- C:\Windows\System\ednqQZl.exe
  C:\Windows\System\ednqQZl.exe
  2⤵
  PID:4220
- C:\Windows\System\rLQRZlk.exe
  C:\Windows\System\rLQRZlk.exe
  2⤵
  PID:1628
- C:\Windows\System\NGCGQIh.exe
  C:\Windows\System\NGCGQIh.exe
  2⤵
  PID:2396
- C:\Windows\System\chwsEAv.exe
  C:\Windows\System\chwsEAv.exe
  2⤵
  PID:4296
- C:\Windows\System\ABvfLWj.exe
  C:\Windows\System\ABvfLWj.exe
  2⤵
  PID:4932
- C:\Windows\System\PipwYiO.exe
  C:\Windows\System\PipwYiO.exe
  2⤵
  PID:4524
- C:\Windows\System\VaRvqPz.exe
  C:\Windows\System\VaRvqPz.exe
  2⤵
  PID:4372
- C:\Windows\System\VYdyWLG.exe
  C:\Windows\System\VYdyWLG.exe
  2⤵
  PID:3000
- C:\Windows\System\PMuvetX.exe
  C:\Windows\System\PMuvetX.exe
  2⤵
  PID:4456
- C:\Windows\System\yHuertY.exe
  C:\Windows\System\yHuertY.exe
  2⤵
  PID:4420
- C:\Windows\System\IFtVgRJ.exe
  C:\Windows\System\IFtVgRJ.exe
  2⤵
  PID:4568
- C:\Windows\System\WGZLEuk.exe
  C:\Windows\System\WGZLEuk.exe
  2⤵
  PID:4632
- C:\Windows\System\DlsqdFp.exe
  C:\Windows\System\DlsqdFp.exe
  2⤵
  PID:4628
- C:\Windows\System\PzMfBLT.exe
  C:\Windows\System\PzMfBLT.exe
  2⤵
  PID:1216
- C:\Windows\System\XrBuhwz.exe
  C:\Windows\System\XrBuhwz.exe
  2⤵
  PID:4740
- C:\Windows\System\oOlJUHB.exe
  C:\Windows\System\oOlJUHB.exe
  2⤵
  PID:2184
- C:\Windows\System\OGEfuPy.exe
  C:\Windows\System\OGEfuPy.exe
  2⤵
  PID:4828
- C:\Windows\System\hcmqTsp.exe
  C:\Windows\System\hcmqTsp.exe
  2⤵
  PID:4892
- C:\Windows\System\OXmiDUL.exe
  C:\Windows\System\OXmiDUL.exe
  2⤵
  PID:4908
- C:\Windows\System\qYMhrKx.exe
  C:\Windows\System\qYMhrKx.exe
  2⤵
  PID:4944
- C:\Windows\System\xEUBPDU.exe
  C:\Windows\System\xEUBPDU.exe
  2⤵
  PID:5056
- C:\Windows\System\QgEXlMP.exe
  C:\Windows\System\QgEXlMP.exe
  2⤵
  PID:3988
- C:\Windows\System\yzPcGrB.exe
  C:\Windows\System\yzPcGrB.exe
  2⤵
  PID:3744
- C:\Windows\System\jJqNBJM.exe
  C:\Windows\System\jJqNBJM.exe
  2⤵
  PID:1532
- C:\Windows\System\rRuIcQd.exe
  C:\Windows\System\rRuIcQd.exe
  2⤵
  PID:4164
- C:\Windows\System\zeeskUt.exe
  C:\Windows\System\zeeskUt.exe
  2⤵
  PID:4376
- C:\Windows\System\ytLSOHD.exe
  C:\Windows\System\ytLSOHD.exe
  2⤵
  PID:680
- C:\Windows\System\yJEQEIY.exe
  C:\Windows\System\yJEQEIY.exe
  2⤵
  PID:4592
- C:\Windows\System\VdzEurd.exe
  C:\Windows\System\VdzEurd.exe
  2⤵
  PID:3024
- C:\Windows\System\dCZtuOe.exe
  C:\Windows\System\dCZtuOe.exe
  2⤵
  PID:1816
- C:\Windows\System\zoZICbT.exe
  C:\Windows\System\zoZICbT.exe
  2⤵
  PID:4588
- C:\Windows\System\DbTyrqX.exe
  C:\Windows\System\DbTyrqX.exe
  2⤵
  PID:4716
- C:\Windows\System\ukUJrin.exe
  C:\Windows\System\ukUJrin.exe
  2⤵
  PID:4652
- C:\Windows\System\CkRYtEi.exe
  C:\Windows\System\CkRYtEi.exe
  2⤵
  PID:4848
- C:\Windows\System\bwCRFLY.exe
  C:\Windows\System\bwCRFLY.exe
  2⤵
  PID:4904
- C:\Windows\System\NXOYWVf.exe
  C:\Windows\System\NXOYWVf.exe
  2⤵
  PID:4872
- C:\Windows\System\cZNnfvd.exe
  C:\Windows\System\cZNnfvd.exe
  2⤵
  PID:5016
- C:\Windows\System\EFDBSGW.exe
  C:\Windows\System\EFDBSGW.exe
  2⤵
  PID:5092
- C:\Windows\System\NCtsjNJ.exe
  C:\Windows\System\NCtsjNJ.exe
  2⤵
  PID:3236
- C:\Windows\System\qeYhYAX.exe
  C:\Windows\System\qeYhYAX.exe
  2⤵
  PID:4144
- C:\Windows\System\TbSXmYN.exe
  C:\Windows\System\TbSXmYN.exe
  2⤵
  PID:4260
- C:\Windows\System\FqZZinE.exe
  C:\Windows\System\FqZZinE.exe
  2⤵
  PID:4324
- C:\Windows\System\aEvfpWT.exe
  C:\Windows\System\aEvfpWT.exe
  2⤵
  PID:4240
- C:\Windows\System\tBjOjaK.exe
  C:\Windows\System\tBjOjaK.exe
  2⤵
  PID:3048
- C:\Windows\System\rXRkAMH.exe
  C:\Windows\System\rXRkAMH.exe
  2⤵
  PID:1268
- C:\Windows\System\RbSxUlQ.exe
  C:\Windows\System\RbSxUlQ.exe
  2⤵
  PID:2012
- C:\Windows\System\fMCWIYS.exe
  C:\Windows\System\fMCWIYS.exe
  2⤵
  PID:4928
- C:\Windows\System\qZCDgYW.exe
  C:\Windows\System\qZCDgYW.exe
  2⤵
  PID:912
- C:\Windows\System\zgLKKgG.exe
  C:\Windows\System\zgLKKgG.exe
  2⤵
  PID:5116
- C:\Windows\System\gNkDYRE.exe
  C:\Windows\System\gNkDYRE.exe
  2⤵
  PID:5076
- C:\Windows\System\kxWlfrk.exe
  C:\Windows\System\kxWlfrk.exe
  2⤵
  PID:4348
- C:\Windows\System\uRLksrn.exe
  C:\Windows\System\uRLksrn.exe
  2⤵
  PID:5128
- C:\Windows\System\yZzgcdl.exe
  C:\Windows\System\yZzgcdl.exe
  2⤵
  PID:5172
- C:\Windows\System\jqkBoLS.exe
  C:\Windows\System\jqkBoLS.exe
  2⤵
  PID:5188
- C:\Windows\System\NRcmWDX.exe
  C:\Windows\System\NRcmWDX.exe
  2⤵
  PID:5208
- C:\Windows\System\VfDOBkt.exe
  C:\Windows\System\VfDOBkt.exe
  2⤵
  PID:5224
- C:\Windows\System\NmJWnNZ.exe
  C:\Windows\System\NmJWnNZ.exe
  2⤵
  PID:5240
- C:\Windows\System\ezXfnGI.exe
  C:\Windows\System\ezXfnGI.exe
  2⤵
  PID:5264
- C:\Windows\System\UirfDVC.exe
  C:\Windows\System\UirfDVC.exe
  2⤵
  PID:5288
- C:\Windows\System\mlJnwbv.exe
  C:\Windows\System\mlJnwbv.exe
  2⤵
  PID:5304
- C:\Windows\System\BtGQNvD.exe
  C:\Windows\System\BtGQNvD.exe
  2⤵
  PID:5320
- C:\Windows\System\WhSoEqP.exe
  C:\Windows\System\WhSoEqP.exe
  2⤵
  PID:5340
- C:\Windows\System\vXBBidj.exe
  C:\Windows\System\vXBBidj.exe
  2⤵
  PID:5360
- C:\Windows\System\rsmDRRb.exe
  C:\Windows\System\rsmDRRb.exe
  2⤵
  PID:5392
- C:\Windows\System\pIONicF.exe
  C:\Windows\System\pIONicF.exe
  2⤵
  PID:5408
- C:\Windows\System\AEkepnf.exe
  C:\Windows\System\AEkepnf.exe
  2⤵
  PID:5432
- C:\Windows\System\UVwYEch.exe
  C:\Windows\System\UVwYEch.exe
  2⤵
  PID:5448
- C:\Windows\System\BFyLcWI.exe
  C:\Windows\System\BFyLcWI.exe
  2⤵
  PID:5468
- C:\Windows\System\oUiBqXW.exe
  C:\Windows\System\oUiBqXW.exe
  2⤵
  PID:5488
- C:\Windows\System\fleIasn.exe
  C:\Windows\System\fleIasn.exe
  2⤵
  PID:5512
- C:\Windows\System\PKKaJmN.exe
  C:\Windows\System\PKKaJmN.exe
  2⤵
  PID:5528
- C:\Windows\System\GFLDjnJ.exe
  C:\Windows\System\GFLDjnJ.exe
  2⤵
  PID:5552
- C:\Windows\System\rMeccYr.exe
  C:\Windows\System\rMeccYr.exe
  2⤵
  PID:5568
- C:\Windows\System\rjizsAO.exe
  C:\Windows\System\rjizsAO.exe
  2⤵
  PID:5588
- C:\Windows\System\bnVJggK.exe
  C:\Windows\System\bnVJggK.exe
  2⤵
  PID:5604
- C:\Windows\System\rqMmtaY.exe
  C:\Windows\System\rqMmtaY.exe
  2⤵
  PID:5624
- C:\Windows\System\XZEAwyM.exe
  C:\Windows\System\XZEAwyM.exe
  2⤵
  PID:5644
- C:\Windows\System\kIYQYiB.exe
  C:\Windows\System\kIYQYiB.exe
  2⤵
  PID:5660
- C:\Windows\System\nUIPPCB.exe
  C:\Windows\System\nUIPPCB.exe
  2⤵
  PID:5692
- C:\Windows\System\QpIopFL.exe
  C:\Windows\System\QpIopFL.exe
  2⤵
  PID:5712
- C:\Windows\System\CuvvoTD.exe
  C:\Windows\System\CuvvoTD.exe
  2⤵
  PID:5728
- C:\Windows\System\oinWWsX.exe
  C:\Windows\System\oinWWsX.exe
  2⤵
  PID:5748
- C:\Windows\System\zEVQZeJ.exe
  C:\Windows\System\zEVQZeJ.exe
  2⤵
  PID:5764
- C:\Windows\System\yiBXOVB.exe
  C:\Windows\System\yiBXOVB.exe
  2⤵
  PID:5792
- C:\Windows\System\ZEaWDjv.exe
  C:\Windows\System\ZEaWDjv.exe
  2⤵
  PID:5808
- C:\Windows\System\pYWSsRt.exe
  C:\Windows\System\pYWSsRt.exe
  2⤵
  PID:5828
- C:\Windows\System\IVEFKnj.exe
  C:\Windows\System\IVEFKnj.exe
  2⤵
  PID:5848
- C:\Windows\System\FwgjEss.exe
  C:\Windows\System\FwgjEss.exe
  2⤵
  PID:5876
- C:\Windows\System\pEGvJeW.exe
  C:\Windows\System\pEGvJeW.exe
  2⤵
  PID:5892
- C:\Windows\System\aSHjyFv.exe
  C:\Windows\System\aSHjyFv.exe
  2⤵
  PID:5908
- C:\Windows\System\ukXOYag.exe
  C:\Windows\System\ukXOYag.exe
  2⤵
  PID:5928
- C:\Windows\System\oQDsKGw.exe
  C:\Windows\System\oQDsKGw.exe
  2⤵
  PID:5956
- C:\Windows\System\GDDxfQU.exe
  C:\Windows\System\GDDxfQU.exe
  2⤵
  PID:5972
- C:\Windows\System\enQtmTj.exe
  C:\Windows\System\enQtmTj.exe
  2⤵
  PID:5996
- C:\Windows\System\erPawyM.exe
  C:\Windows\System\erPawyM.exe
  2⤵
  PID:6012
- C:\Windows\System\NRrqiFj.exe
  C:\Windows\System\NRrqiFj.exe
  2⤵
  PID:6036
- C:\Windows\System\kJswMGi.exe
  C:\Windows\System\kJswMGi.exe
  2⤵
  PID:6056
- C:\Windows\System\OJSdFeg.exe
  C:\Windows\System\OJSdFeg.exe
  2⤵
  PID:6076
- C:\Windows\System\sNsWXrp.exe
  C:\Windows\System\sNsWXrp.exe
  2⤵
  PID:6092
- C:\Windows\System\SFEQcew.exe
  C:\Windows\System\SFEQcew.exe
  2⤵
  PID:6108
- C:\Windows\System\GHhMVkF.exe
  C:\Windows\System\GHhMVkF.exe
  2⤵
  PID:6128
- C:\Windows\System\ogDPpym.exe
  C:\Windows\System\ogDPpym.exe
  2⤵
  PID:3344
- C:\Windows\System\RNcTyAl.exe
  C:\Windows\System\RNcTyAl.exe
  2⤵
  PID:4216
- C:\Windows\System\bYdkDZa.exe
  C:\Windows\System\bYdkDZa.exe
  2⤵
  PID:4844
- C:\Windows\System\sgNKnyJ.exe
  C:\Windows\System\sgNKnyJ.exe
  2⤵
  PID:304
- C:\Windows\System\YvMYsdu.exe
  C:\Windows\System\YvMYsdu.exe
  2⤵
  PID:5148
- C:\Windows\System\tLpoaDm.exe
  C:\Windows\System\tLpoaDm.exe
  2⤵
  PID:5140
- C:\Windows\System\thcxIzE.exe
  C:\Windows\System\thcxIzE.exe
  2⤵
  PID:5180
- C:\Windows\System\qczvNLU.exe
  C:\Windows\System\qczvNLU.exe
  2⤵
  PID:5272
- C:\Windows\System\oPuCeXL.exe
  C:\Windows\System\oPuCeXL.exe
  2⤵
  PID:5220
- C:\Windows\System\DiNOvls.exe
  C:\Windows\System\DiNOvls.exe
  2⤵
  PID:5280
- C:\Windows\System\cHaNUdB.exe
  C:\Windows\System\cHaNUdB.exe
  2⤵
  PID:5296
- C:\Windows\System\OFHtcBl.exe
  C:\Windows\System\OFHtcBl.exe
  2⤵
  PID:5336
- C:\Windows\System\OvbDKqj.exe
  C:\Windows\System\OvbDKqj.exe
  2⤵
  PID:5384
- C:\Windows\System\WkBnQEj.exe
  C:\Windows\System\WkBnQEj.exe
  2⤵
  PID:5420
- C:\Windows\System\iZfURkz.exe
  C:\Windows\System\iZfURkz.exe
  2⤵
  PID:5444
- C:\Windows\System\sYuDDgR.exe
  C:\Windows\System\sYuDDgR.exe
  2⤵
  PID:5480
- C:\Windows\System\oHbqFaD.exe
  C:\Windows\System\oHbqFaD.exe
  2⤵
  PID:5520
- C:\Windows\System\qLanNPj.exe
  C:\Windows\System\qLanNPj.exe
  2⤵
  PID:5524
- C:\Windows\System\jnPApJV.exe
  C:\Windows\System\jnPApJV.exe
  2⤵
  PID:5584
- C:\Windows\System\XbJfZWh.exe
  C:\Windows\System\XbJfZWh.exe
  2⤵
  PID:5616
- C:\Windows\System\WjvcrKX.exe
  C:\Windows\System\WjvcrKX.exe
  2⤵
  PID:5688
- C:\Windows\System\IGdgFqy.exe
  C:\Windows\System\IGdgFqy.exe
  2⤵
  PID:5700
- C:\Windows\System\vrdrOSm.exe
  C:\Windows\System\vrdrOSm.exe
  2⤵
  PID:5720
- C:\Windows\System\tHxDvJi.exe
  C:\Windows\System\tHxDvJi.exe
  2⤵
  PID:5744
- C:\Windows\System\FptrDTu.exe
  C:\Windows\System\FptrDTu.exe
  2⤵
  PID:5756
- C:\Windows\System\rfKFtKg.exe
  C:\Windows\System\rfKFtKg.exe
  2⤵
  PID:5820
- C:\Windows\System\rJKuPeV.exe
  C:\Windows\System\rJKuPeV.exe
  2⤵
  PID:5844
- C:\Windows\System\yhkbTwq.exe
  C:\Windows\System\yhkbTwq.exe
  2⤵
  PID:5936
- C:\Windows\System\LknPcBz.exe
  C:\Windows\System\LknPcBz.exe
  2⤵
  PID:5920
- C:\Windows\System\TBmcdss.exe
  C:\Windows\System\TBmcdss.exe
  2⤵
  PID:5948
- C:\Windows\System\qNzFnRx.exe
  C:\Windows\System\qNzFnRx.exe
  2⤵
  PID:5988
- C:\Windows\System\jhSVLTj.exe
  C:\Windows\System\jhSVLTj.exe
  2⤵
  PID:6024
- C:\Windows\System\vREiWBL.exe
  C:\Windows\System\vREiWBL.exe
  2⤵
  PID:6064
- C:\Windows\System\hRimkZH.exe
  C:\Windows\System\hRimkZH.exe
  2⤵
  PID:6072
- C:\Windows\System\rwCTquD.exe
  C:\Windows\System\rwCTquD.exe
  2⤵
  PID:6136
- C:\Windows\System\JCgVbJv.exe
  C:\Windows\System\JCgVbJv.exe
  2⤵
  PID:6116
- C:\Windows\System\bdAQcAs.exe
  C:\Windows\System\bdAQcAs.exe
  2⤵
  PID:4544
- C:\Windows\System\GmxQmax.exe
  C:\Windows\System\GmxQmax.exe
  2⤵
  PID:4564
- C:\Windows\System\jpatqgA.exe
  C:\Windows\System\jpatqgA.exe
  2⤵
  PID:5160
- C:\Windows\System\uuGMlSZ.exe
  C:\Windows\System\uuGMlSZ.exe
  2⤵
  PID:5276
- C:\Windows\System\lSUfpkZ.exe
  C:\Windows\System\lSUfpkZ.exe
  2⤵
  PID:5248
- C:\Windows\System\UnONkGo.exe
  C:\Windows\System\UnONkGo.exe
  2⤵
  PID:5260
- C:\Windows\System\oKXlsNA.exe
  C:\Windows\System\oKXlsNA.exe
  2⤵
  PID:5376
- C:\Windows\System\bjIiKFo.exe
  C:\Windows\System\bjIiKFo.exe
  2⤵
  PID:5428
- C:\Windows\System\yXPGAqJ.exe
  C:\Windows\System\yXPGAqJ.exe
  2⤵
  PID:5508
- C:\Windows\System\TeBNxGO.exe
  C:\Windows\System\TeBNxGO.exe
  2⤵
  PID:5500
- C:\Windows\System\PTciFki.exe
  C:\Windows\System\PTciFki.exe
  2⤵
  PID:5656
- C:\Windows\System\UxphwCg.exe
  C:\Windows\System\UxphwCg.exe
  2⤵
  PID:5676
- C:\Windows\System\aqIYmGV.exe
  C:\Windows\System\aqIYmGV.exe
  2⤵
  PID:5684
- C:\Windows\System\jnDZZES.exe
  C:\Windows\System\jnDZZES.exe
  2⤵
  PID:5736
- C:\Windows\System\aMAiBPD.exe
  C:\Windows\System\aMAiBPD.exe
  2⤵
  PID:5816
- C:\Windows\System\AyZSVJH.exe
  C:\Windows\System\AyZSVJH.exe
  2⤵
  PID:5860
- C:\Windows\System\LcaaYgr.exe
  C:\Windows\System\LcaaYgr.exe
  2⤵
  PID:5944
- C:\Windows\System\JVDcPIs.exe
  C:\Windows\System\JVDcPIs.exe
  2⤵
  PID:5980
- C:\Windows\System\EaYxMxN.exe
  C:\Windows\System\EaYxMxN.exe
  2⤵
  PID:6104
- C:\Windows\System\mRpZJoy.exe
  C:\Windows\System\mRpZJoy.exe
  2⤵
  PID:4624
- C:\Windows\System\zZMTnsX.exe
  C:\Windows\System\zZMTnsX.exe
  2⤵
  PID:4540
- C:\Windows\System\SYgntWC.exe
  C:\Windows\System\SYgntWC.exe
  2⤵
  PID:4500
- C:\Windows\System\vQIMfCh.exe
  C:\Windows\System\vQIMfCh.exe
  2⤵
  PID:1748
- C:\Windows\System\rKrPxXu.exe
  C:\Windows\System\rKrPxXu.exe
  2⤵
  PID:5332
- C:\Windows\System\EMeSoEK.exe
  C:\Windows\System\EMeSoEK.exe
  2⤵
  PID:5316
- C:\Windows\System\kTDVDCx.exe
  C:\Windows\System\kTDVDCx.exe
  2⤵
  PID:5464
- C:\Windows\System\ZVwNlbN.exe
  C:\Windows\System\ZVwNlbN.exe
  2⤵
  PID:5540
- C:\Windows\System\veJINzo.exe
  C:\Windows\System\veJINzo.exe
  2⤵
  PID:5680
- C:\Windows\System\gtLSmYx.exe
  C:\Windows\System\gtLSmYx.exe
  2⤵
  PID:5708
- C:\Windows\System\vQFfUtS.exe
  C:\Windows\System\vQFfUtS.exe
  2⤵
  PID:5780
- C:\Windows\System\TjetHSn.exe
  C:\Windows\System\TjetHSn.exe
  2⤵
  PID:5940
- C:\Windows\System\GgmNbVl.exe
  C:\Windows\System\GgmNbVl.exe
  2⤵
  PID:5840
- C:\Windows\System\swOjSjN.exe
  C:\Windows\System\swOjSjN.exe
  2⤵
  PID:6004
- C:\Windows\System\UbfQhHt.exe
  C:\Windows\System\UbfQhHt.exe
  2⤵
  PID:5008
- C:\Windows\System\zPbplOw.exe
  C:\Windows\System\zPbplOw.exe
  2⤵
  PID:4268
- C:\Windows\System\mqvATkd.exe
  C:\Windows\System\mqvATkd.exe
  2⤵
  PID:5404
- C:\Windows\System\PXTElJs.exe
  C:\Windows\System\PXTElJs.exe
  2⤵
  PID:5496
- C:\Windows\System\dfPhKMv.exe
  C:\Windows\System\dfPhKMv.exe
  2⤵
  PID:5596
- C:\Windows\System\lHuhZBH.exe
  C:\Windows\System\lHuhZBH.exe
  2⤵
  PID:5904
- C:\Windows\System\ysSlezh.exe
  C:\Windows\System\ysSlezh.exe
  2⤵
  PID:5124
- C:\Windows\System\CPsrwMw.exe
  C:\Windows\System\CPsrwMw.exe
  2⤵
  PID:5204
- C:\Windows\System\RBJPnUN.exe
  C:\Windows\System\RBJPnUN.exe
  2⤵
  PID:5784
- C:\Windows\System\kHRxWlg.exe
  C:\Windows\System\kHRxWlg.exe
  2⤵
  PID:5372
- C:\Windows\System\hnRRHXU.exe
  C:\Windows\System\hnRRHXU.exe
  2⤵
  PID:2452
- C:\Windows\System\hZoRnFz.exe
  C:\Windows\System\hZoRnFz.exe
  2⤵
  PID:5968
- C:\Windows\System\cVHQBRU.exe
  C:\Windows\System\cVHQBRU.exe
  2⤵
  PID:6068
- C:\Windows\System\UHlIviW.exe
  C:\Windows\System\UHlIviW.exe
  2⤵
  PID:5368
- C:\Windows\System\DfvIzjP.exe
  C:\Windows\System\DfvIzjP.exe
  2⤵
  PID:5776
- C:\Windows\System\gbBtLjX.exe
  C:\Windows\System\gbBtLjX.exe
  2⤵
  PID:5196
- C:\Windows\System\fDUXJdJ.exe
  C:\Windows\System\fDUXJdJ.exe
  2⤵
  PID:5548
- C:\Windows\System\mkckEKZ.exe
  C:\Windows\System\mkckEKZ.exe
  2⤵
  PID:6148
- C:\Windows\System\xCRoynj.exe
  C:\Windows\System\xCRoynj.exe
  2⤵
  PID:6168
- C:\Windows\System\sJhMnjD.exe
  C:\Windows\System\sJhMnjD.exe
  2⤵
  PID:6196
- C:\Windows\System\oOaEEJz.exe
  C:\Windows\System\oOaEEJz.exe
  2⤵
  PID:6212
- C:\Windows\System\yfzHXfs.exe
  C:\Windows\System\yfzHXfs.exe
  2⤵
  PID:6236
- C:\Windows\System\gNsyfVc.exe
  C:\Windows\System\gNsyfVc.exe
  2⤵
  PID:6252
- C:\Windows\System\XnkMLgI.exe
  C:\Windows\System\XnkMLgI.exe
  2⤵
  PID:6268
- C:\Windows\System\tZhGMex.exe
  C:\Windows\System\tZhGMex.exe
  2⤵
  PID:6288
- C:\Windows\System\avKQCVr.exe
  C:\Windows\System\avKQCVr.exe
  2⤵
  PID:6316
- C:\Windows\System\GPSkSSr.exe
  C:\Windows\System\GPSkSSr.exe
  2⤵
  PID:6332
- C:\Windows\System\HXjmYFR.exe
  C:\Windows\System\HXjmYFR.exe
  2⤵
  PID:6348
- C:\Windows\System\qHVWSya.exe
  C:\Windows\System\qHVWSya.exe
  2⤵
  PID:6368
- C:\Windows\System\rjKdXYr.exe
  C:\Windows\System\rjKdXYr.exe
  2⤵
  PID:6396
- C:\Windows\System\UYcCxrj.exe
  C:\Windows\System\UYcCxrj.exe
  2⤵
  PID:6412
- C:\Windows\System\YfRBsJX.exe
  C:\Windows\System\YfRBsJX.exe
  2⤵
  PID:6440
- C:\Windows\System\UOKBSQa.exe
  C:\Windows\System\UOKBSQa.exe
  2⤵
  PID:6456
- C:\Windows\System\TjqYrXC.exe
  C:\Windows\System\TjqYrXC.exe
  2⤵
  PID:6472
- C:\Windows\System\hlTSghA.exe
  C:\Windows\System\hlTSghA.exe
  2⤵
  PID:6488
- C:\Windows\System\VSCsrhA.exe
  C:\Windows\System\VSCsrhA.exe
  2⤵
  PID:6508
- C:\Windows\System\jyXKtLP.exe
  C:\Windows\System\jyXKtLP.exe
  2⤵
  PID:6536
- C:\Windows\System\gUodcZf.exe
  C:\Windows\System\gUodcZf.exe
  2⤵
  PID:6552
- C:\Windows\System\aGEqUve.exe
  C:\Windows\System\aGEqUve.exe
  2⤵
  PID:6568
- C:\Windows\System\IreiGAI.exe
  C:\Windows\System\IreiGAI.exe
  2⤵
  PID:6584
- C:\Windows\System\nBpYmpF.exe
  C:\Windows\System\nBpYmpF.exe
  2⤵
  PID:6616
- C:\Windows\System\KLKgMML.exe
  C:\Windows\System\KLKgMML.exe
  2⤵
  PID:6632
- C:\Windows\System\XntdLcU.exe
  C:\Windows\System\XntdLcU.exe
  2⤵
  PID:6652
- C:\Windows\System\TcbAYuk.exe
  C:\Windows\System\TcbAYuk.exe
  2⤵
  PID:6668
- C:\Windows\System\EQiuoSF.exe
  C:\Windows\System\EQiuoSF.exe
  2⤵
  PID:6692
- C:\Windows\System\gtLPDBg.exe
  C:\Windows\System\gtLPDBg.exe
  2⤵
  PID:6708
- C:\Windows\System\McCRFUR.exe
  C:\Windows\System\McCRFUR.exe
  2⤵
  PID:6724
- C:\Windows\System\puQBqbD.exe
  C:\Windows\System\puQBqbD.exe
  2⤵
  PID:6760
- C:\Windows\System\BSoswxi.exe
  C:\Windows\System\BSoswxi.exe
  2⤵
  PID:6776
- C:\Windows\System\FOcteJa.exe
  C:\Windows\System\FOcteJa.exe
  2⤵
  PID:6800
- C:\Windows\System\alyrlzi.exe
  C:\Windows\System\alyrlzi.exe
  2⤵
  PID:6816
- C:\Windows\System\jxQnKEu.exe
  C:\Windows\System\jxQnKEu.exe
  2⤵
  PID:6840
- C:\Windows\System\RFHROnB.exe
  C:\Windows\System\RFHROnB.exe
  2⤵
  PID:6856
- C:\Windows\System\cEJcqWS.exe
  C:\Windows\System\cEJcqWS.exe
  2⤵
  PID:6872
- C:\Windows\System\VicSuIi.exe
  C:\Windows\System\VicSuIi.exe
  2⤵
  PID:6888
- C:\Windows\System\PPkTzgt.exe
  C:\Windows\System\PPkTzgt.exe
  2⤵
  PID:6908
- C:\Windows\System\VLqGZAk.exe
  C:\Windows\System\VLqGZAk.exe
  2⤵
  PID:6924
- C:\Windows\System\RhupZyM.exe
  C:\Windows\System\RhupZyM.exe
  2⤵
  PID:6952
- C:\Windows\System\oqGFPix.exe
  C:\Windows\System\oqGFPix.exe
  2⤵
  PID:6972
- C:\Windows\System\oHUHMOP.exe
  C:\Windows\System\oHUHMOP.exe
  2⤵
  PID:6992
- C:\Windows\System\CSdDOmY.exe
  C:\Windows\System\CSdDOmY.exe
  2⤵
  PID:7012
- C:\Windows\System\jvwAEJX.exe
  C:\Windows\System\jvwAEJX.exe
  2⤵
  PID:7040
- C:\Windows\System\eTKhLpS.exe
  C:\Windows\System\eTKhLpS.exe
  2⤵
  PID:7060
- C:\Windows\System\ujiOwPo.exe
  C:\Windows\System\ujiOwPo.exe
  2⤵
  PID:7080
- C:\Windows\System\aXPKRaG.exe
  C:\Windows\System\aXPKRaG.exe
  2⤵
  PID:7096
- C:\Windows\System\PFpYNFn.exe
  C:\Windows\System\PFpYNFn.exe
  2⤵
  PID:7132
- C:\Windows\System\kFzzuVI.exe
  C:\Windows\System\kFzzuVI.exe
  2⤵
  PID:7148
- C:\Windows\System\FhQIuOw.exe
  C:\Windows\System\FhQIuOw.exe
  2⤵
  PID:5740
- C:\Windows\System\tgfFNbT.exe
  C:\Windows\System\tgfFNbT.exe
  2⤵
  PID:6188
- C:\Windows\System\PjaAYgo.exe
  C:\Windows\System\PjaAYgo.exe
  2⤵
  PID:6156
- C:\Windows\System\vfrlsuB.exe
  C:\Windows\System\vfrlsuB.exe
  2⤵
  PID:6224
- C:\Windows\System\oCkLqLp.exe
  C:\Windows\System\oCkLqLp.exe
  2⤵
  PID:6248
- C:\Windows\System\PaOcLHV.exe
  C:\Windows\System\PaOcLHV.exe
  2⤵
  PID:6296
- C:\Windows\System\UZrxXUy.exe
  C:\Windows\System\UZrxXUy.exe
  2⤵
  PID:6340
- C:\Windows\System\yopRlYR.exe
  C:\Windows\System\yopRlYR.exe
  2⤵
  PID:6360
- C:\Windows\System\VQpOCex.exe
  C:\Windows\System\VQpOCex.exe
  2⤵
  PID:6384
- C:\Windows\System\LqXdoLS.exe
  C:\Windows\System\LqXdoLS.exe
  2⤵
  PID:4788
- C:\Windows\System\xQLnSxX.exe
  C:\Windows\System\xQLnSxX.exe
  2⤵
  PID:6484
- C:\Windows\System\gOPFZBp.exe
  C:\Windows\System\gOPFZBp.exe
  2⤵
  PID:6500
- C:\Windows\System\nrWWedj.exe
  C:\Windows\System\nrWWedj.exe
  2⤵
  PID:6560
- C:\Windows\System\WpnMDMH.exe
  C:\Windows\System\WpnMDMH.exe
  2⤵
  PID:6596
- C:\Windows\System\GRpYJrF.exe
  C:\Windows\System\GRpYJrF.exe
  2⤵
  PID:6548
- C:\Windows\System\VeVajbT.exe
  C:\Windows\System\VeVajbT.exe
  2⤵
  PID:6576
- C:\Windows\System\ePdLsbP.exe
  C:\Windows\System\ePdLsbP.exe
  2⤵
  PID:6648
- C:\Windows\System\LNtYvYV.exe
  C:\Windows\System\LNtYvYV.exe
  2⤵
  PID:6640
- C:\Windows\System\xmFqxTr.exe
  C:\Windows\System\xmFqxTr.exe
  2⤵
  PID:6704
- C:\Windows\System\MZDVoAa.exe
  C:\Windows\System\MZDVoAa.exe
  2⤵
  PID:6752
- C:\Windows\System\qRYSuJd.exe
  C:\Windows\System\qRYSuJd.exe
  2⤵
  PID:6784
- C:\Windows\System\rDZfhIy.exe
  C:\Windows\System\rDZfhIy.exe
  2⤵
  PID:6812
- C:\Windows\System\nUMyAiu.exe
  C:\Windows\System\nUMyAiu.exe
  2⤵
  PID:6852
- C:\Windows\System\ptPIXIm.exe
  C:\Windows\System\ptPIXIm.exe
  2⤵
  PID:6900
- C:\Windows\System\TdKFTYW.exe
  C:\Windows\System\TdKFTYW.exe
  2⤵
  PID:6940
- C:\Windows\System\UNCewYO.exe
  C:\Windows\System\UNCewYO.exe
  2⤵
  PID:6920
- C:\Windows\System\zsONmNe.exe
  C:\Windows\System\zsONmNe.exe
  2⤵
  PID:6964
- C:\Windows\System\Zwggaxk.exe
  C:\Windows\System\Zwggaxk.exe
  2⤵
  PID:7024
- C:\Windows\System\uEdeDoe.exe
  C:\Windows\System\uEdeDoe.exe
  2⤵
  PID:7032
- C:\Windows\System\yvkDnIX.exe
  C:\Windows\System\yvkDnIX.exe
  2⤵
  PID:7056
- C:\Windows\System\mQFEPYg.exe
  C:\Windows\System\mQFEPYg.exe
  2⤵
  PID:6428
- C:\Windows\System\YlqrRUL.exe
  C:\Windows\System\YlqrRUL.exe
  2⤵
  PID:2952
- C:\Windows\System\lmnAPGl.exe
  C:\Windows\System\lmnAPGl.exe
  2⤵
  PID:7116
- C:\Windows\System\rMOgmIL.exe
  C:\Windows\System\rMOgmIL.exe
  2⤵
  PID:7160
- C:\Windows\System\LodGWQx.exe
  C:\Windows\System\LodGWQx.exe
  2⤵
  PID:6208
- C:\Windows\System\iQXeRzR.exe
  C:\Windows\System\iQXeRzR.exe
  2⤵
  PID:6260
- C:\Windows\System\hOjyUkD.exe
  C:\Windows\System\hOjyUkD.exe
  2⤵
  PID:6328
- C:\Windows\System\jJWVtgv.exe
  C:\Windows\System\jJWVtgv.exe
  2⤵
  PID:6324
- C:\Windows\System\mCvviGR.exe
  C:\Windows\System\mCvviGR.exe
  2⤵
  PID:6380
- C:\Windows\System\eulAoJy.exe
  C:\Windows\System\eulAoJy.exe
  2⤵
  PID:6480
- C:\Windows\System\PMLWtdW.exe
  C:\Windows\System\PMLWtdW.exe
  2⤵
  PID:6452
- C:\Windows\System\uROvHRx.exe
  C:\Windows\System\uROvHRx.exe
  2⤵
  PID:6524
- C:\Windows\System\gHwLzuH.exe
  C:\Windows\System\gHwLzuH.exe
  2⤵
  PID:6612
- C:\Windows\System\LseUIyX.exe
  C:\Windows\System\LseUIyX.exe
  2⤵
  PID:6628
- C:\Windows\System\ZWIkLAv.exe
  C:\Windows\System\ZWIkLAv.exe
  2⤵
  PID:6720
- C:\Windows\System\wFeDueH.exe
  C:\Windows\System\wFeDueH.exe
  2⤵
  PID:6796
- C:\Windows\System\sGDhDXB.exe
  C:\Windows\System\sGDhDXB.exe
  2⤵
  PID:6864
- C:\Windows\System\SmdrXBx.exe
  C:\Windows\System\SmdrXBx.exe
  2⤵
  PID:6772
- C:\Windows\System\rBRNivv.exe
  C:\Windows\System\rBRNivv.exe
  2⤵
  PID:7008
- C:\Windows\System\FJhmGFY.exe
  C:\Windows\System\FJhmGFY.exe
  2⤵
  PID:7076
- C:\Windows\System\RODWGCG.exe
  C:\Windows\System\RODWGCG.exe
  2⤵
  PID:7000
- C:\Windows\System\LBohmLi.exe
  C:\Windows\System\LBohmLi.exe
  2⤵
  PID:7140
- C:\Windows\System\wFtwxVE.exe
  C:\Windows\System\wFtwxVE.exe
  2⤵
  PID:7112
- C:\Windows\System\YPOhECW.exe
  C:\Windows\System\YPOhECW.exe
  2⤵
  PID:6280
- C:\Windows\System\nYIaeqL.exe
  C:\Windows\System\nYIaeqL.exe
  2⤵
  PID:6204
- C:\Windows\System\hkPMaEe.exe
  C:\Windows\System\hkPMaEe.exe
  2⤵
  PID:6308
- C:\Windows\System\veuzwDX.exe
  C:\Windows\System\veuzwDX.exe
  2⤵
  PID:6520
- C:\Windows\System\nHQvUQi.exe
  C:\Windows\System\nHQvUQi.exe
  2⤵
  PID:6608
- C:\Windows\System\rVzRbAx.exe
  C:\Windows\System\rVzRbAx.exe
  2⤵
  PID:6716
- C:\Windows\System\khtouLr.exe
  C:\Windows\System\khtouLr.exe
  2⤵
  PID:6436
- C:\Windows\System\VFiJpgf.exe
  C:\Windows\System\VFiJpgf.exe
  2⤵
  PID:6624
- C:\Windows\System\ERearQB.exe
  C:\Windows\System\ERearQB.exe
  2⤵
  PID:6884
- C:\Windows\System\EalMZSU.exe
  C:\Windows\System\EalMZSU.exe
  2⤵
  PID:7048
- C:\Windows\System\fdYVLBF.exe
  C:\Windows\System\fdYVLBF.exe
  2⤵
  PID:2892
- C:\Windows\System\HwafddD.exe
  C:\Windows\System\HwafddD.exe
  2⤵
  PID:7176
- C:\Windows\System\uYhsUvY.exe
  C:\Windows\System\uYhsUvY.exe
  2⤵
  PID:7200
- C:\Windows\System\clIAlrD.exe
  C:\Windows\System\clIAlrD.exe
  2⤵
  PID:7224
- C:\Windows\System\bhXSZim.exe
  C:\Windows\System\bhXSZim.exe
  2⤵
  PID:7244
- C:\Windows\System\DJDLMvy.exe
  C:\Windows\System\DJDLMvy.exe
  2⤵
  PID:7272
- C:\Windows\System\oxPcFVg.exe
  C:\Windows\System\oxPcFVg.exe
  2⤵
  PID:7316
- C:\Windows\System\FmbmXNM.exe
  C:\Windows\System\FmbmXNM.exe
  2⤵
  PID:7340
- C:\Windows\System\vtZbBpM.exe
  C:\Windows\System\vtZbBpM.exe
  2⤵
  PID:7356
- C:\Windows\System\xEDtovC.exe
  C:\Windows\System\xEDtovC.exe
  2⤵
  PID:7376
- C:\Windows\System\ZFZqCHU.exe
  C:\Windows\System\ZFZqCHU.exe
  2⤵
  PID:7396
- C:\Windows\System\WbxbiYi.exe
  C:\Windows\System\WbxbiYi.exe
  2⤵
  PID:7420
- C:\Windows\System\rMrHGtA.exe
  C:\Windows\System\rMrHGtA.exe
  2⤵
  PID:7436
- C:\Windows\System\MdurtcM.exe
  C:\Windows\System\MdurtcM.exe
  2⤵
  PID:7460
- C:\Windows\System\BYDYuSb.exe
  C:\Windows\System\BYDYuSb.exe
  2⤵
  PID:7476
- C:\Windows\System\zglJOVV.exe
  C:\Windows\System\zglJOVV.exe
  2⤵
  PID:7492
- C:\Windows\System\wEefivd.exe
  C:\Windows\System\wEefivd.exe
  2⤵
  PID:7508
- C:\Windows\System\gnbkEix.exe
  C:\Windows\System\gnbkEix.exe
  2⤵
  PID:7528
- C:\Windows\System\oiuUVJJ.exe
  C:\Windows\System\oiuUVJJ.exe
  2⤵
  PID:7548
- C:\Windows\System\sCkbQys.exe
  C:\Windows\System\sCkbQys.exe
  2⤵
  PID:7564
- C:\Windows\System\CgkZITd.exe
  C:\Windows\System\CgkZITd.exe
  2⤵
  PID:7580
- C:\Windows\System\xeqjkar.exe
  C:\Windows\System\xeqjkar.exe
  2⤵
  PID:7596
- C:\Windows\System\UiBVbZY.exe
  C:\Windows\System\UiBVbZY.exe
  2⤵
  PID:7616
- C:\Windows\System\tFplehV.exe
  C:\Windows\System\tFplehV.exe
  2⤵
  PID:7636
- C:\Windows\System\gltaVmQ.exe
  C:\Windows\System\gltaVmQ.exe
  2⤵
  PID:7652
- C:\Windows\System\KxmhwSu.exe
  C:\Windows\System\KxmhwSu.exe
  2⤵
  PID:7672
- C:\Windows\System\ztmmKDu.exe
  C:\Windows\System\ztmmKDu.exe
  2⤵
  PID:7688
- C:\Windows\System\buvHexI.exe
  C:\Windows\System\buvHexI.exe
  2⤵
  PID:7740
- C:\Windows\System\MsulbZa.exe
  C:\Windows\System\MsulbZa.exe
  2⤵
  PID:7756
- C:\Windows\System\qkgDGHT.exe
  C:\Windows\System\qkgDGHT.exe
  2⤵
  PID:7776
- C:\Windows\System\UmukFwt.exe
  C:\Windows\System\UmukFwt.exe
  2⤵
  PID:7796
- C:\Windows\System\qRTLXtC.exe
  C:\Windows\System\qRTLXtC.exe
  2⤵
  PID:7816
- C:\Windows\System\eWNFvdw.exe
  C:\Windows\System\eWNFvdw.exe
  2⤵
  PID:7832
- C:\Windows\System\lLWJJBV.exe
  C:\Windows\System\lLWJJBV.exe
  2⤵
  PID:7852
- C:\Windows\System\ymgqSXc.exe
  C:\Windows\System\ymgqSXc.exe
  2⤵
  PID:7868
- C:\Windows\System\qECqNOm.exe
  C:\Windows\System\qECqNOm.exe
  2⤵
  PID:7900
- C:\Windows\System\QmAryks.exe
  C:\Windows\System\QmAryks.exe
  2⤵
  PID:7920
- C:\Windows\System\rQTfphn.exe
  C:\Windows\System\rQTfphn.exe
  2⤵
  PID:7936
- C:\Windows\System\iSMwemT.exe
  C:\Windows\System\iSMwemT.exe
  2⤵
  PID:7952
- C:\Windows\System\wZquERX.exe
  C:\Windows\System\wZquERX.exe
  2⤵
  PID:7968
- C:\Windows\System\lKyxnpD.exe
  C:\Windows\System\lKyxnpD.exe
  2⤵
  PID:8004
- C:\Windows\System\DlrevLu.exe
  C:\Windows\System\DlrevLu.exe
  2⤵
  PID:8020
- C:\Windows\System\GoqMNOC.exe
  C:\Windows\System\GoqMNOC.exe
  2⤵
  PID:8040
- C:\Windows\System\JasoEWC.exe
  C:\Windows\System\JasoEWC.exe
  2⤵
  PID:8056
- C:\Windows\System\TkdkHEG.exe
  C:\Windows\System\TkdkHEG.exe
  2⤵
  PID:8084
- C:\Windows\System\HisrAFV.exe
  C:\Windows\System\HisrAFV.exe
  2⤵
  PID:8104
- C:\Windows\System\qkYTida.exe
  C:\Windows\System\qkYTida.exe
  2⤵
  PID:8120
- C:\Windows\System\YVAWrVf.exe
  C:\Windows\System\YVAWrVf.exe
  2⤵
  PID:8140
- C:\Windows\System\BYwVrWT.exe
  C:\Windows\System\BYwVrWT.exe
  2⤵
  PID:8160
- C:\Windows\System\vjCZgST.exe
  C:\Windows\System\vjCZgST.exe
  2⤵
  PID:8180
- C:\Windows\System\mEdEPQM.exe
  C:\Windows\System\mEdEPQM.exe
  2⤵
  PID:6740
- C:\Windows\System\OYWuwBc.exe
  C:\Windows\System\OYWuwBc.exe
  2⤵
  PID:6180
- C:\Windows\System\wIHkGvA.exe
  C:\Windows\System\wIHkGvA.exe
  2⤵
  PID:6516
- C:\Windows\System\iiFaXvs.exe
  C:\Windows\System\iiFaXvs.exe
  2⤵
  PID:7172
- C:\Windows\System\jlTjhGi.exe
  C:\Windows\System\jlTjhGi.exe
  2⤵
  PID:7192
- C:\Windows\System\azDfFnW.exe
  C:\Windows\System\azDfFnW.exe
  2⤵
  PID:7124
- C:\Windows\System\Bapqntc.exe
  C:\Windows\System\Bapqntc.exe
  2⤵
  PID:6700
- C:\Windows\System\uWMsubC.exe
  C:\Windows\System\uWMsubC.exe
  2⤵
  PID:6968
- C:\Windows\System\BTxbpUM.exe
  C:\Windows\System\BTxbpUM.exe
  2⤵
  PID:7188
- C:\Windows\System\mjKAYqO.exe
  C:\Windows\System\mjKAYqO.exe
  2⤵
  PID:7220
- C:\Windows\System\juqXVFa.exe
  C:\Windows\System\juqXVFa.exe
  2⤵
  PID:7260
- C:\Windows\System\ubzomGo.exe
  C:\Windows\System\ubzomGo.exe
  2⤵
  PID:7240
- C:\Windows\System\iQvomlv.exe
  C:\Windows\System\iQvomlv.exe
  2⤵
  PID:7288
- C:\Windows\System\jNUnwgw.exe
  C:\Windows\System\jNUnwgw.exe
  2⤵
  PID:7336
- C:\Windows\System\NipImcq.exe
  C:\Windows\System\NipImcq.exe
  2⤵
  PID:7368
- C:\Windows\System\AIBUaMg.exe
  C:\Windows\System\AIBUaMg.exe
  2⤵
  PID:7392
- C:\Windows\System\RaqQmZx.exe
  C:\Windows\System\RaqQmZx.exe
  2⤵
  PID:7428
- C:\Windows\System\QQtzbEF.exe
  C:\Windows\System\QQtzbEF.exe
  2⤵
  PID:7520
- C:\Windows\System\XWtqJHf.exe
  C:\Windows\System\XWtqJHf.exe
  2⤵
  PID:7588
- C:\Windows\System\QLggZtR.exe
  C:\Windows\System\QLggZtR.exe
  2⤵
  PID:7624
- C:\Windows\System\pxdSYOa.exe
  C:\Windows\System\pxdSYOa.exe
  2⤵
  PID:7664
- C:\Windows\System\IuNXSmj.exe
  C:\Windows\System\IuNXSmj.exe
  2⤵
  PID:7724
- C:\Windows\System\DMXXyhP.exe
  C:\Windows\System\DMXXyhP.exe
  2⤵
  PID:7704
- C:\Windows\System\ptZmfeV.exe
  C:\Windows\System\ptZmfeV.exe
  2⤵
  PID:7576
- C:\Windows\System\cYKLMsL.exe
  C:\Windows\System\cYKLMsL.exe
  2⤵
  PID:7572
- C:\Windows\System\qPpaZBX.exe
  C:\Windows\System\qPpaZBX.exe
  2⤵
  PID:7680
- C:\Windows\System\wtNcHGH.exe
  C:\Windows\System\wtNcHGH.exe
  2⤵
  PID:7752
- C:\Windows\System\KiVkgkS.exe
  C:\Windows\System\KiVkgkS.exe
  2⤵
  PID:7788
- C:\Windows\System\kdkhDfm.exe
  C:\Windows\System\kdkhDfm.exe
  2⤵
  PID:7888
- C:\Windows\System\nPMhGsq.exe
  C:\Windows\System\nPMhGsq.exe
  2⤵
  PID:7880
- C:\Windows\System\brjCymC.exe
  C:\Windows\System\brjCymC.exe
  2⤵
  PID:7976
- C:\Windows\System\FvwrxPu.exe
  C:\Windows\System\FvwrxPu.exe
  2⤵
  PID:7996
- C:\Windows\System\qrePrHV.exe
  C:\Windows\System\qrePrHV.exe
  2⤵
  PID:7984
- C:\Windows\System\PrrOQFo.exe
  C:\Windows\System\PrrOQFo.exe
  2⤵
  PID:8016
- C:\Windows\System\RJhcbQZ.exe
  C:\Windows\System\RJhcbQZ.exe
  2⤵
  PID:8032
- C:\Windows\System\rbrMWth.exe
  C:\Windows\System\rbrMWth.exe
  2⤵
  PID:8080
- C:\Windows\System\NjKiLpO.exe
  C:\Windows\System\NjKiLpO.exe
  2⤵
  PID:8128
- C:\Windows\System\aZMksQF.exe
  C:\Windows\System\aZMksQF.exe
  2⤵
  PID:8156
- C:\Windows\System\yWDjQWc.exe
  C:\Windows\System\yWDjQWc.exe
  2⤵
  PID:6836
- C:\Windows\System\UBPIuws.exe
  C:\Windows\System\UBPIuws.exe
  2⤵
  PID:6164
- C:\Windows\System\JRsWTLv.exe
  C:\Windows\System\JRsWTLv.exe
  2⤵
  PID:5864
- C:\Windows\System\KxQbDlU.exe
  C:\Windows\System\KxQbDlU.exe
  2⤵
  PID:6312
- C:\Windows\System\IXfXMWR.exe
  C:\Windows\System\IXfXMWR.exe
  2⤵
  PID:6932
- C:\Windows\System\QblkBIj.exe
  C:\Windows\System\QblkBIj.exe
  2⤵
  PID:7216
- C:\Windows\System\NFNEqmj.exe
  C:\Windows\System\NFNEqmj.exe
  2⤵
  PID:7236
- C:\Windows\System\IMHHejS.exe
  C:\Windows\System\IMHHejS.exe
  2⤵
  PID:7296
- C:\Windows\System\YcYmmab.exe
  C:\Windows\System\YcYmmab.exe
  2⤵
  PID:4284
- C:\Windows\System\JSohkwM.exe
  C:\Windows\System\JSohkwM.exe
  2⤵
  PID:7332
- C:\Windows\System\BKkEGvR.exe
  C:\Windows\System\BKkEGvR.exe
  2⤵
  PID:7448
- C:\Windows\System\kVRYSfx.exe
  C:\Windows\System\kVRYSfx.exe
  2⤵
  PID:7308
- C:\Windows\System\ICTTzhs.exe
  C:\Windows\System\ICTTzhs.exe
  2⤵
  PID:7488
- C:\Windows\System\LBWLyrv.exe
  C:\Windows\System\LBWLyrv.exe
  2⤵
  PID:7556
- C:\Windows\System\lZaRYOS.exe
  C:\Windows\System\lZaRYOS.exe
  2⤵
  PID:7700
- C:\Windows\System\EuYhGgq.exe
  C:\Windows\System\EuYhGgq.exe
  2⤵
  PID:7500
- C:\Windows\System\PrHwzsH.exe
  C:\Windows\System\PrHwzsH.exe
  2⤵
  PID:7612
- C:\Windows\System\HqLADUZ.exe
  C:\Windows\System\HqLADUZ.exe
  2⤵
  PID:7684
- C:\Windows\System\EOoRrXH.exe
  C:\Windows\System\EOoRrXH.exe
  2⤵
  PID:7860
- C:\Windows\System\FGWAfBy.exe
  C:\Windows\System\FGWAfBy.exe
  2⤵
  PID:2500
- C:\Windows\System\EWejSTq.exe
  C:\Windows\System\EWejSTq.exe
  2⤵
  PID:7928
- C:\Windows\System\KlJaNgb.exe
  C:\Windows\System\KlJaNgb.exe
  2⤵
  PID:8000
- C:\Windows\System\JNbisHw.exe
  C:\Windows\System\JNbisHw.exe
  2⤵
  PID:8028
- C:\Windows\System\eQonbxb.exe
  C:\Windows\System\eQonbxb.exe
  2⤵
  PID:8076
- C:\Windows\System\HvsBoTD.exe
  C:\Windows\System\HvsBoTD.exe
  2⤵
  PID:8148
- C:\Windows\System\KyhHArV.exe
  C:\Windows\System\KyhHArV.exe
  2⤵
  PID:6980
- C:\Windows\System\JqJeiUU.exe
  C:\Windows\System\JqJeiUU.exe
  2⤵
  PID:6544
- C:\Windows\System\esSQkql.exe
  C:\Windows\System\esSQkql.exe
  2⤵
  PID:7028
- C:\Windows\System\SxNAVhK.exe
  C:\Windows\System\SxNAVhK.exe
  2⤵
  PID:7184
- C:\Windows\System\SafrlHh.exe
  C:\Windows\System\SafrlHh.exe
  2⤵
  PID:7384
- C:\Windows\System\qMAGsec.exe
  C:\Windows\System\qMAGsec.exe
  2⤵
  PID:7364
- C:\Windows\System\vcuQdFK.exe
  C:\Windows\System\vcuQdFK.exe
  2⤵
  PID:7896
- C:\Windows\System\tKQWBZK.exe
  C:\Windows\System\tKQWBZK.exe
  2⤵
  PID:7660
- C:\Windows\System\EfncVif.exe
  C:\Windows\System\EfncVif.exe
  2⤵
  PID:7504
- C:\Windows\System\JqwXCZY.exe
  C:\Windows\System\JqwXCZY.exe
  2⤵
  PID:7812
- C:\Windows\System\lzVpHnW.exe
  C:\Windows\System\lzVpHnW.exe
  2⤵
  PID:7708
- C:\Windows\System\cbyfMZg.exe
  C:\Windows\System\cbyfMZg.exe
  2⤵
  PID:7848
- C:\Windows\System\lggPyxN.exe
  C:\Windows\System\lggPyxN.exe
  2⤵
  PID:7960
- C:\Windows\System\bUMoLdE.exe
  C:\Windows\System\bUMoLdE.exe
  2⤵
  PID:8064
- C:\Windows\System\ccqHwXq.exe
  C:\Windows\System\ccqHwXq.exe
  2⤵
  PID:8100
- C:\Windows\System\LZLeTft.exe
  C:\Windows\System\LZLeTft.exe
  2⤵
  PID:8132
- C:\Windows\System\iBQeQvE.exe
  C:\Windows\System\iBQeQvE.exe
  2⤵
  PID:6264
- C:\Windows\System\KEKcnLi.exe
  C:\Windows\System\KEKcnLi.exe
  2⤵
  PID:7416
- C:\Windows\System\cUcYDdq.exe
  C:\Windows\System\cUcYDdq.exe
  2⤵
  PID:7232
- C:\Windows\System\qSiCyuR.exe
  C:\Windows\System\qSiCyuR.exe
  2⤵
  PID:7696
- C:\Windows\System\PowQhbT.exe
  C:\Windows\System\PowQhbT.exe
  2⤵
  PID:7592
- C:\Windows\System\WqrqhjO.exe
  C:\Windows\System\WqrqhjO.exe
  2⤵
  PID:7772
- C:\Windows\System\ctWMuEO.exe
  C:\Windows\System\ctWMuEO.exe
  2⤵
  PID:8052
- C:\Windows\System\vAkRBbc.exe
  C:\Windows\System\vAkRBbc.exe
  2⤵
  PID:7964
- C:\Windows\System\YoFtHJb.exe
  C:\Windows\System\YoFtHJb.exe
  2⤵
  PID:7540
- C:\Windows\System\weNgiCe.exe
  C:\Windows\System\weNgiCe.exe
  2⤵
  PID:2888
- C:\Windows\System\qkJzMCb.exe
  C:\Windows\System\qkJzMCb.exe
  2⤵
  PID:7916
- C:\Windows\System\fZlyUEX.exe
  C:\Windows\System\fZlyUEX.exe
  2⤵
  PID:7536
- C:\Windows\System\CDeOeSo.exe
  C:\Windows\System\CDeOeSo.exe
  2⤵
  PID:8176
- C:\Windows\System\mmZFhDD.exe
  C:\Windows\System\mmZFhDD.exe
  2⤵
  PID:6984
- C:\Windows\System\MwJWKkU.exe
  C:\Windows\System\MwJWKkU.exe
  2⤵
  PID:7352
- C:\Windows\System\uLygwAZ.exe
  C:\Windows\System\uLygwAZ.exe
  2⤵
  PID:7404
- C:\Windows\System\SITBrIS.exe
  C:\Windows\System\SITBrIS.exe
  2⤵
  PID:6420
- C:\Windows\System\eeRDIyG.exe
  C:\Windows\System\eeRDIyG.exe
  2⤵
  PID:6688
- C:\Windows\System\NlfcXqm.exe
  C:\Windows\System\NlfcXqm.exe
  2⤵
  PID:8200
- C:\Windows\System\KiTbDOp.exe
  C:\Windows\System\KiTbDOp.exe
  2⤵
  PID:8220
- C:\Windows\System\GKrCwBY.exe
  C:\Windows\System\GKrCwBY.exe
  2⤵
  PID:8236
- C:\Windows\System\isEgcAe.exe
  C:\Windows\System\isEgcAe.exe
  2⤵
  PID:8264
- C:\Windows\System\TQCDphC.exe
  C:\Windows\System\TQCDphC.exe
  2⤵
  PID:8280
- C:\Windows\System\oxOGiOm.exe
  C:\Windows\System\oxOGiOm.exe
  2⤵
  PID:8296
- C:\Windows\System\OHQJugF.exe
  C:\Windows\System\OHQJugF.exe
  2⤵
  PID:8312
- C:\Windows\System\YUZKXdl.exe
  C:\Windows\System\YUZKXdl.exe
  2⤵
  PID:8340
- C:\Windows\System\dRCyvLv.exe
  C:\Windows\System\dRCyvLv.exe
  2⤵
  PID:8360
- C:\Windows\System\BtSkpgc.exe
  C:\Windows\System\BtSkpgc.exe
  2⤵
  PID:8376
- C:\Windows\System\LtQZbyh.exe
  C:\Windows\System\LtQZbyh.exe
  2⤵
  PID:8392
- C:\Windows\System\SqkVfIf.exe
  C:\Windows\System\SqkVfIf.exe
  2⤵
  PID:8412
- C:\Windows\System\nTaDlzO.exe
  C:\Windows\System\nTaDlzO.exe
  2⤵
  PID:8432
- C:\Windows\System\lLRpvqe.exe
  C:\Windows\System\lLRpvqe.exe
  2⤵
  PID:8448
- C:\Windows\System\TNcXVRh.exe
  C:\Windows\System\TNcXVRh.exe
  2⤵
  PID:8468
- C:\Windows\System\nZIOJtb.exe
  C:\Windows\System\nZIOJtb.exe
  2⤵
  PID:8500
- C:\Windows\System\eUUkVbv.exe
  C:\Windows\System\eUUkVbv.exe
  2⤵
  PID:8516
- C:\Windows\System\RaKzzAA.exe
  C:\Windows\System\RaKzzAA.exe
  2⤵
  PID:8532
- C:\Windows\System\EKXIPyF.exe
  C:\Windows\System\EKXIPyF.exe
  2⤵
  PID:8548
- C:\Windows\System\IcQAkGA.exe
  C:\Windows\System\IcQAkGA.exe
  2⤵
  PID:8564
- C:\Windows\System\RnwUblq.exe
  C:\Windows\System\RnwUblq.exe
  2⤵
  PID:8604
- C:\Windows\System\oOdeAWd.exe
  C:\Windows\System\oOdeAWd.exe
  2⤵
  PID:8620
- C:\Windows\System\GSdBANa.exe
  C:\Windows\System\GSdBANa.exe
  2⤵
  PID:8640
- C:\Windows\System\jAhnRGs.exe
  C:\Windows\System\jAhnRGs.exe
  2⤵
  PID:8656
- C:\Windows\System\hQIygMq.exe
  C:\Windows\System\hQIygMq.exe
  2⤵
  PID:8684
- C:\Windows\System\bgGPZja.exe
  C:\Windows\System\bgGPZja.exe
  2⤵
  PID:8708
- C:\Windows\System\bbqypcN.exe
  C:\Windows\System\bbqypcN.exe
  2⤵
  PID:8724
- C:\Windows\System\azbrjdN.exe
  C:\Windows\System\azbrjdN.exe
  2⤵
  PID:8744
- C:\Windows\System\GByQDev.exe
  C:\Windows\System\GByQDev.exe
  2⤵
  PID:8760
- C:\Windows\System\iMkjmyO.exe
  C:\Windows\System\iMkjmyO.exe
  2⤵
  PID:8784
- C:\Windows\System\lmHPpPu.exe
  C:\Windows\System\lmHPpPu.exe
  2⤵
  PID:8800
- C:\Windows\System\WPqQKmO.exe
  C:\Windows\System\WPqQKmO.exe
  2⤵
  PID:8816
- C:\Windows\System\mtCVNXB.exe
  C:\Windows\System\mtCVNXB.exe
  2⤵
  PID:8836
- C:\Windows\System\qBlzwXA.exe
  C:\Windows\System\qBlzwXA.exe
  2⤵
  PID:8852
- C:\Windows\System\UNURvXG.exe
  C:\Windows\System\UNURvXG.exe
  2⤵
  PID:8880
- C:\Windows\System\FvuEMEO.exe
  C:\Windows\System\FvuEMEO.exe
  2⤵
  PID:8900
- C:\Windows\System\aEfdkcL.exe
  C:\Windows\System\aEfdkcL.exe
  2⤵
  PID:8916
- C:\Windows\System\NjXTBkm.exe
  C:\Windows\System\NjXTBkm.exe
  2⤵
  PID:8932
- C:\Windows\System\KpaqGEv.exe
  C:\Windows\System\KpaqGEv.exe
  2⤵
  PID:8968
- C:\Windows\System\PtrDHnE.exe
  C:\Windows\System\PtrDHnE.exe
  2⤵
  PID:8984
- C:\Windows\System\QEmdPTA.exe
  C:\Windows\System\QEmdPTA.exe
  2⤵
  PID:9004
- C:\Windows\System\TvNvCdc.exe
  C:\Windows\System\TvNvCdc.exe
  2⤵
  PID:9020
- C:\Windows\System\JgHDqZD.exe
  C:\Windows\System\JgHDqZD.exe
  2⤵
  PID:9036
- C:\Windows\System\kmeKaUX.exe
  C:\Windows\System\kmeKaUX.exe
  2⤵
  PID:9052
- C:\Windows\System\uGqnuPw.exe
  C:\Windows\System\uGqnuPw.exe
  2⤵
  PID:9084
- C:\Windows\System\QNlSZMa.exe
  C:\Windows\System\QNlSZMa.exe
  2⤵
  PID:9104
- C:\Windows\System\ajgjAYT.exe
  C:\Windows\System\ajgjAYT.exe
  2⤵
  PID:9128
- C:\Windows\System\YVFYsDA.exe
  C:\Windows\System\YVFYsDA.exe
  2⤵
  PID:9144
- C:\Windows\System\cNjnddl.exe
  C:\Windows\System\cNjnddl.exe
  2⤵
  PID:9160
- C:\Windows\System\OJKvuhY.exe
  C:\Windows\System\OJKvuhY.exe
  2⤵
  PID:9184
- C:\Windows\System\vAzlebj.exe
  C:\Windows\System\vAzlebj.exe
  2⤵
  PID:9208
- C:\Windows\System\PAStYiR.exe
  C:\Windows\System\PAStYiR.exe
  2⤵
  PID:7516
- C:\Windows\System\KbiNJQm.exe
  C:\Windows\System\KbiNJQm.exe
  2⤵
  PID:8212
- C:\Windows\System\CxzaNpb.exe
  C:\Windows\System\CxzaNpb.exe
  2⤵
  PID:8252
- C:\Windows\System\bnojxrU.exe
  C:\Windows\System\bnojxrU.exe
  2⤵
  PID:8336
- C:\Windows\System\aPLtgZS.exe
  C:\Windows\System\aPLtgZS.exe
  2⤵
  PID:8228
- C:\Windows\System\RqBiaWS.exe
  C:\Windows\System\RqBiaWS.exe
  2⤵
  PID:8304
- C:\Windows\System\fEtogXP.exe
  C:\Windows\System\fEtogXP.exe
  2⤵
  PID:8356
- C:\Windows\System\oWVDAIX.exe
  C:\Windows\System\oWVDAIX.exe
  2⤵
  PID:8420
- C:\Windows\System\TJnvxGb.exe
  C:\Windows\System\TJnvxGb.exe
  2⤵
  PID:8460
- C:\Windows\System\eNFbmmy.exe
  C:\Windows\System\eNFbmmy.exe
  2⤵
  PID:8372
- C:\Windows\System\UXELPJc.exe
  C:\Windows\System\UXELPJc.exe
  2⤵
  PID:8444
- C:\Windows\System\TTGIPMI.exe
  C:\Windows\System\TTGIPMI.exe
  2⤵
  PID:8524
- C:\Windows\System\wFekOSj.exe
  C:\Windows\System\wFekOSj.exe
  2⤵
  PID:8512
- C:\Windows\System\ycTjDTb.exe
  C:\Windows\System\ycTjDTb.exe
  2⤵
  PID:8576
- C:\Windows\System\ZaZXSoO.exe
  C:\Windows\System\ZaZXSoO.exe
  2⤵
  PID:8584
- C:\Windows\System\GxdUpyA.exe
  C:\Windows\System\GxdUpyA.exe
  2⤵
  PID:8636
- C:\Windows\System\nqaFgvo.exe
  C:\Windows\System\nqaFgvo.exe
  2⤵
  PID:8560
- C:\Windows\System\LuaqGfr.exe
  C:\Windows\System\LuaqGfr.exe
  2⤵
  PID:8612
- C:\Windows\System\FgarJMv.exe
  C:\Windows\System\FgarJMv.exe
  2⤵
  PID:8680
- C:\Windows\System\guiwMoo.exe
  C:\Windows\System\guiwMoo.exe
  2⤵
  PID:8700
- C:\Windows\System\sSZOQvn.exe
  C:\Windows\System\sSZOQvn.exe
  2⤵
  PID:8736
- C:\Windows\System\PuxWohI.exe
  C:\Windows\System\PuxWohI.exe
  2⤵
  PID:8776
- C:\Windows\System\FrEaNAM.exe
  C:\Windows\System\FrEaNAM.exe
  2⤵
  PID:8844
- C:\Windows\System\RnDPBQr.exe
  C:\Windows\System\RnDPBQr.exe
  2⤵
  PID:8792
- C:\Windows\System\DwocbJm.exe
  C:\Windows\System\DwocbJm.exe
  2⤵
  PID:8832
- C:\Windows\System\gwgLwYm.exe
  C:\Windows\System\gwgLwYm.exe
  2⤵
  PID:8872
- C:\Windows\System\GnNNSdG.exe
  C:\Windows\System\GnNNSdG.exe
  2⤵
  PID:8896
- C:\Windows\System\OOYfceZ.exe
  C:\Windows\System\OOYfceZ.exe
  2⤵
  PID:8940
- C:\Windows\System\uMNUUjy.exe
  C:\Windows\System\uMNUUjy.exe
  2⤵
  PID:8960
- C:\Windows\System\bnDSCOE.exe
  C:\Windows\System\bnDSCOE.exe
  2⤵
  PID:9032
- C:\Windows\System\wVnYaZl.exe
  C:\Windows\System\wVnYaZl.exe
  2⤵
  PID:9068
- C:\Windows\System\vRvlTqa.exe
  C:\Windows\System\vRvlTqa.exe
  2⤵
  PID:8980
- C:\Windows\System\CBwFZFE.exe
  C:\Windows\System\CBwFZFE.exe
  2⤵
  PID:9080
- C:\Windows\System\wHkvULW.exe
  C:\Windows\System\wHkvULW.exe
  2⤵
  PID:9100
- C:\Windows\System\iVoBcoi.exe
  C:\Windows\System\iVoBcoi.exe
  2⤵
  PID:9136
- C:\Windows\System\RCTvvou.exe
  C:\Windows\System\RCTvvou.exe
  2⤵
  PID:9176
- C:\Windows\System\sVkgSNv.exe
  C:\Windows\System\sVkgSNv.exe
  2⤵
  PID:9192
- C:\Windows\System\kmDaWFs.exe
  C:\Windows\System\kmDaWFs.exe
  2⤵
  PID:7828
- C:\Windows\System\ElJnTVT.exe
  C:\Windows\System\ElJnTVT.exe
  2⤵
  PID:8196
- C:\Windows\System\VAdJtNI.exe
  C:\Windows\System\VAdJtNI.exe
  2⤵
  PID:8248
- C:\Windows\System\oSzNUKd.exe
  C:\Windows\System\oSzNUKd.exe
  2⤵
  PID:8276
- C:\Windows\System\fNExjIv.exe
  C:\Windows\System\fNExjIv.exe
  2⤵
  PID:8368
- C:\Windows\System\sBZPTlr.exe
  C:\Windows\System\sBZPTlr.exe
  2⤵
  PID:8404
- C:\Windows\System\XHXmQrG.exe
  C:\Windows\System\XHXmQrG.exe
  2⤵
  PID:8632
- C:\Windows\System\QcbKxBH.exe
  C:\Windows\System\QcbKxBH.exe
  2⤵
  PID:8528
- C:\Windows\System\uTCTAUP.exe
  C:\Windows\System\uTCTAUP.exe
  2⤵
  PID:8676
- C:\Windows\System\jNrfDij.exe
  C:\Windows\System\jNrfDij.exe
  2⤵
  PID:8772
- C:\Windows\System\gLsjEgQ.exe
  C:\Windows\System\gLsjEgQ.exe
  2⤵
  PID:8756
- C:\Windows\System\DMlQmSu.exe
  C:\Windows\System\DMlQmSu.exe
  2⤵
  PID:6392
- C:\Windows\System\ikLXnMl.exe
  C:\Windows\System\ikLXnMl.exe
  2⤵
  PID:8892
- C:\Windows\System\oYnLzKI.exe
  C:\Windows\System\oYnLzKI.exe
  2⤵
  PID:9000
- C:\Windows\System\QJjaYlu.exe
  C:\Windows\System\QJjaYlu.exe
  2⤵
  PID:9048
- C:\Windows\System\OyMgLmc.exe
  C:\Windows\System\OyMgLmc.exe
  2⤵
  PID:2680
- C:\Windows\System\eJLuFaN.exe
  C:\Windows\System\eJLuFaN.exe
  2⤵
  PID:9204
- C:\Windows\System\rJWvYrE.exe
  C:\Windows\System\rJWvYrE.exe
  2⤵
  PID:9168
- C:\Windows\System\brIuKbd.exe
  C:\Windows\System\brIuKbd.exe
  2⤵
  PID:8352
- C:\Windows\System\sIcKaDx.exe
  C:\Windows\System\sIcKaDx.exe
  2⤵
  PID:8272
- C:\Windows\System\NcRTpUX.exe
  C:\Windows\System\NcRTpUX.exe
  2⤵
  PID:8488
- C:\Windows\System\xhdUsUC.exe
  C:\Windows\System\xhdUsUC.exe
  2⤵
  PID:8508
- C:\Windows\System\LKoqBQg.exe
  C:\Windows\System\LKoqBQg.exe
  2⤵
  PID:8596
- C:\Windows\System\opSANcf.exe
  C:\Windows\System\opSANcf.exe
  2⤵
  PID:8740
- C:\Windows\System\QzvoYDr.exe
  C:\Windows\System\QzvoYDr.exe
  2⤵
  PID:8864
- C:\Windows\System\YEATpmT.exe
  C:\Windows\System\YEATpmT.exe
  2⤵
  PID:9012
- C:\Windows\System\hfkaKEX.exe
  C:\Windows\System\hfkaKEX.exe
  2⤵
  PID:8992
- C:\Windows\System\DbKBslb.exe
  C:\Windows\System\DbKBslb.exe
  2⤵
  PID:8976
- C:\Windows\System\SZxTLgH.exe
  C:\Windows\System\SZxTLgH.exe
  2⤵
  PID:9120
- C:\Windows\System\aPKojmC.exe
  C:\Windows\System\aPKojmC.exe
  2⤵
  PID:8484
- C:\Windows\System\KkVmBIQ.exe
  C:\Windows\System\KkVmBIQ.exe
  2⤵
  PID:8476
- C:\Windows\System\ussrBWb.exe
  C:\Windows\System\ussrBWb.exe
  2⤵
  PID:8696
- C:\Windows\System\AdWjBlM.exe
  C:\Windows\System\AdWjBlM.exe
  2⤵
  PID:8824
- C:\Windows\System\YviJUzZ.exe
  C:\Windows\System\YviJUzZ.exe
  2⤵
  PID:8948
- C:\Windows\System\zJwxKMy.exe
  C:\Windows\System\zJwxKMy.exe
  2⤵
  PID:9096
- C:\Windows\System\McGbTkS.exe
  C:\Windows\System\McGbTkS.exe
  2⤵
  PID:8388
- C:\Windows\System\OVnIOQV.exe
  C:\Windows\System\OVnIOQV.exe
  2⤵
  PID:8648
- C:\Windows\System\WVsMUJc.exe
  C:\Windows\System\WVsMUJc.exe
  2⤵
  PID:9064
- C:\Windows\System\HqdeVAF.exe
  C:\Windows\System\HqdeVAF.exe
  2⤵
  PID:8456
- C:\Windows\System\PvaAunV.exe
  C:\Windows\System\PvaAunV.exe
  2⤵
  PID:8720
- C:\Windows\System\wZAJUqC.exe
  C:\Windows\System\wZAJUqC.exe
  2⤵
  PID:8320
- C:\Windows\System\xOAOEwA.exe
  C:\Windows\System\xOAOEwA.exe
  2⤵
  PID:9232
- C:\Windows\System\UnKSmwE.exe
  C:\Windows\System\UnKSmwE.exe
  2⤵
  PID:9248
- C:\Windows\System\TaZMkMK.exe
  C:\Windows\System\TaZMkMK.exe
  2⤵
  PID:9264
- C:\Windows\System\UzlieiJ.exe
  C:\Windows\System\UzlieiJ.exe
  2⤵
  PID:9280
- C:\Windows\System\WAimRqD.exe
  C:\Windows\System\WAimRqD.exe
  2⤵
  PID:9296
- C:\Windows\System\OigBTva.exe
  C:\Windows\System\OigBTva.exe
  2⤵
  PID:9316
- C:\Windows\System\ijjvULm.exe
  C:\Windows\System\ijjvULm.exe
  2⤵
  PID:9336
- C:\Windows\System\BZgBGKk.exe
  C:\Windows\System\BZgBGKk.exe
  2⤵
  PID:9352
- C:\Windows\System\ijUkgkY.exe
  C:\Windows\System\ijUkgkY.exe
  2⤵
  PID:9372
- C:\Windows\System\HDktWkB.exe
  C:\Windows\System\HDktWkB.exe
  2⤵
  PID:9388
- C:\Windows\System\XLBVwBX.exe
  C:\Windows\System\XLBVwBX.exe
  2⤵
  PID:9404
- C:\Windows\System\aFIbGtX.exe
  C:\Windows\System\aFIbGtX.exe
  2⤵
  PID:9420
- C:\Windows\System\zEjIzPm.exe
  C:\Windows\System\zEjIzPm.exe
  2⤵
  PID:9436
- C:\Windows\System\AYxxQGM.exe
  C:\Windows\System\AYxxQGM.exe
  2⤵
  PID:9456
- C:\Windows\System\KyGObSJ.exe
  C:\Windows\System\KyGObSJ.exe
  2⤵
  PID:9472
- C:\Windows\System\JAHCApr.exe
  C:\Windows\System\JAHCApr.exe
  2⤵
  PID:9488
- C:\Windows\System\FDKtuiT.exe
  C:\Windows\System\FDKtuiT.exe
  2⤵
  PID:9504
- C:\Windows\System\UkGyGkl.exe
  C:\Windows\System\UkGyGkl.exe
  2⤵
  PID:9520
- C:\Windows\System\AvAdwoj.exe
  C:\Windows\System\AvAdwoj.exe
  2⤵
  PID:9536
- C:\Windows\System\FJFPMbT.exe
  C:\Windows\System\FJFPMbT.exe
  2⤵
  PID:9556
- C:\Windows\System\LafrxNS.exe
  C:\Windows\System\LafrxNS.exe
  2⤵
  PID:9572
- C:\Windows\System\DHhwQnp.exe
  C:\Windows\System\DHhwQnp.exe
  2⤵
  PID:9588
- C:\Windows\System\HtKSrqq.exe
  C:\Windows\System\HtKSrqq.exe
  2⤵
  PID:9604
- C:\Windows\System\zemkemJ.exe
  C:\Windows\System\zemkemJ.exe
  2⤵
  PID:9640
- C:\Windows\System\flCnUIM.exe
  C:\Windows\System\flCnUIM.exe
  2⤵
  PID:9656
- C:\Windows\System\NBmBscM.exe
  C:\Windows\System\NBmBscM.exe
  2⤵
  PID:9672
- C:\Windows\System\dWouPpP.exe
  C:\Windows\System\dWouPpP.exe
  2⤵
  PID:9688
- C:\Windows\System\exPmSfh.exe
  C:\Windows\System\exPmSfh.exe
  2⤵
  PID:9708
- C:\Windows\System\tMnagzj.exe
  C:\Windows\System\tMnagzj.exe
  2⤵
  PID:9740
- C:\Windows\System\OZqXBOI.exe
  C:\Windows\System\OZqXBOI.exe
  2⤵
  PID:9756
- C:\Windows\System\QPWsnYG.exe
  C:\Windows\System\QPWsnYG.exe
  2⤵
  PID:9772
- C:\Windows\System\FakwkPk.exe
  C:\Windows\System\FakwkPk.exe
  2⤵
  PID:9792
- C:\Windows\System\WAwCpzr.exe
  C:\Windows\System\WAwCpzr.exe
  2⤵
  PID:9808
- C:\Windows\System\pxKlUbD.exe
  C:\Windows\System\pxKlUbD.exe
  2⤵
  PID:9824
- C:\Windows\System\tzoCKDQ.exe
  C:\Windows\System\tzoCKDQ.exe
  2⤵
  PID:9840
- C:\Windows\System\MrhcdWX.exe
  C:\Windows\System\MrhcdWX.exe
  2⤵
  PID:9856
- C:\Windows\System\TfbdfUN.exe
  C:\Windows\System\TfbdfUN.exe
  2⤵
  PID:9872
- C:\Windows\System\xtHsgpr.exe
  C:\Windows\System\xtHsgpr.exe
  2⤵
  PID:9896
- C:\Windows\System\zLnQnWN.exe
  C:\Windows\System\zLnQnWN.exe
  2⤵
  PID:9912
- C:\Windows\System\sMUCEcE.exe
  C:\Windows\System\sMUCEcE.exe
  2⤵
  PID:9932
- C:\Windows\System\BTqDemM.exe
  C:\Windows\System\BTqDemM.exe
  2⤵
  PID:9948
- C:\Windows\System\mNJuFJo.exe
  C:\Windows\System\mNJuFJo.exe
  2⤵
  PID:9968
- C:\Windows\System\gDvBcoW.exe
  C:\Windows\System\gDvBcoW.exe
  2⤵
  PID:9984
- C:\Windows\System\LUaDznu.exe
  C:\Windows\System\LUaDznu.exe
  2⤵
  PID:10000
- C:\Windows\System\JbcIGwd.exe
  C:\Windows\System\JbcIGwd.exe
  2⤵
  PID:10020
- C:\Windows\System\nLuwcAw.exe
  C:\Windows\System\nLuwcAw.exe
  2⤵
  PID:10036
- C:\Windows\System\Rtlpiev.exe
  C:\Windows\System\Rtlpiev.exe
  2⤵
  PID:10052
- C:\Windows\System\DfjbxxQ.exe
  C:\Windows\System\DfjbxxQ.exe
  2⤵
  PID:10068
- C:\Windows\System\ftJwocX.exe
  C:\Windows\System\ftJwocX.exe
  2⤵
  PID:10088
- C:\Windows\System\MJgrBOw.exe
  C:\Windows\System\MJgrBOw.exe
  2⤵
  PID:10104
- C:\Windows\System\WcaoWeH.exe
  C:\Windows\System\WcaoWeH.exe
  2⤵
  PID:10120
- C:\Windows\System\LNiUymw.exe
  C:\Windows\System\LNiUymw.exe
  2⤵
  PID:10144
- C:\Windows\System\kWldLHm.exe
  C:\Windows\System\kWldLHm.exe
  2⤵
  PID:9512
- C:\Windows\System\sSVMDwi.exe
  C:\Windows\System\sSVMDwi.exe
  2⤵
  PID:9568
- C:\Windows\System\TLPAOXc.exe
  C:\Windows\System\TLPAOXc.exe
  2⤵
  PID:9600
- C:\Windows\System\LlMWOrU.exe
  C:\Windows\System\LlMWOrU.exe
  2⤵
  PID:9668
- C:\Windows\System\cdPEXIu.exe
  C:\Windows\System\cdPEXIu.exe
  2⤵
  PID:9700
- C:\Windows\System\kDFDTBy.exe
  C:\Windows\System\kDFDTBy.exe
  2⤵
  PID:9732
- C:\Windows\System\hdhlHmX.exe
  C:\Windows\System\hdhlHmX.exe
  2⤵
  PID:9748
- C:\Windows\System\MogtgwZ.exe
  C:\Windows\System\MogtgwZ.exe
  2⤵
  PID:9852
- C:\Windows\System\TFgUTNs.exe
  C:\Windows\System\TFgUTNs.exe
  2⤵
  PID:9892
- C:\Windows\System\LzmxMSB.exe
  C:\Windows\System\LzmxMSB.exe
  2⤵
  PID:9944
- C:\Windows\System\AQgsjVY.exe
  C:\Windows\System\AQgsjVY.exe
  2⤵
  PID:9964
- C:\Windows\System\VaxFgxl.exe
  C:\Windows\System\VaxFgxl.exe
  2⤵
  PID:10008
- C:\Windows\System\OsLamCe.exe
  C:\Windows\System\OsLamCe.exe
  2⤵
  PID:10096
- C:\Windows\System\EsJsuzV.exe
  C:\Windows\System\EsJsuzV.exe
  2⤵
  PID:10116
- C:\Windows\System\eDhRjYp.exe
  C:\Windows\System\eDhRjYp.exe
  2⤵
  PID:10152
- C:\Windows\System\DPfVzaP.exe
  C:\Windows\System\DPfVzaP.exe
  2⤵
  PID:10168
- C:\Windows\System\jGfPfDe.exe
  C:\Windows\System\jGfPfDe.exe
  2⤵
  PID:10192
- C:\Windows\System\jrnYQNr.exe
  C:\Windows\System\jrnYQNr.exe
  2⤵
  PID:10216
- C:\Windows\System\yDAIXrC.exe
  C:\Windows\System\yDAIXrC.exe
  2⤵
  PID:10236
- C:\Windows\System\nMUmeen.exe
  C:\Windows\System\nMUmeen.exe
  2⤵
  PID:8572
- C:\Windows\System\xmvmUdB.exe
  C:\Windows\System\xmvmUdB.exe
  2⤵
  PID:9272
- C:\Windows\System\PfTqrFl.exe
  C:\Windows\System\PfTqrFl.exe
  2⤵
  PID:9344
- C:\Windows\System\PHmlDMP.exe
  C:\Windows\System\PHmlDMP.exe
  2⤵
  PID:9368
- C:\Windows\System\ThTfsgh.exe
  C:\Windows\System\ThTfsgh.exe
  2⤵
  PID:9384
- C:\Windows\System\PfBeVss.exe
  C:\Windows\System\PfBeVss.exe
  2⤵
  PID:9400
- C:\Windows\System\uDOdilN.exe
  C:\Windows\System\uDOdilN.exe
  2⤵
  PID:9496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AyElKud.exe

Filesize
6.1MB

MD5
847d33bc701af2cb2224e2591b96aab6

SHA1
83cc5b8a4d8c3181cb6a96c74ef162d8bc2b0e7b

SHA256
2d581269c248f5574651c511cb27cdc016407a21c5e6e05ef3262787082e7250

SHA512
32424e6ab0a7e08b80d165d9ea49be563d6d202001a35a73252072c870ff27c3a642faec4d1c3759ecfe4ee4d213195d15ffcb1bc7c483c01cc6720d4492e807

Download Submit
C:\Windows\system\BKAHARm.exe

Filesize
6.1MB

MD5
fff18a228c8d041ad9e8bddf27d353d6

SHA1
f21bdc819282ae5b3a0d3d29946293576409cc43

SHA256
6a3697d0ecb8de60ae1f518229e1290eb2310ff983b1134f70cca06cbc6d175e

SHA512
a7e218e9cf6d3849772dfdab51f14b8d0fa42f0a3fbcbb675fc1246f9a8a787fbdf2a127ad10e39d85fcb041973dc5b374ca84a04570cc32665c935d15265aba

Download Submit
C:\Windows\system\DuvuClX.exe

Filesize
6.1MB

MD5
c94bed324193474059c66247343ef51f

SHA1
5773aa58ca66858be480c459005b4d218cc13220

SHA256
3182dd05d8ea535998869d55b8d68fc090a30c3031814fa75dc6f3b22db2beaf

SHA512
f25f32e0fefaefdd03e778a9dc0ae3c3ef7d50086529a76c888462920271bf66c03e60c9b72c7a11bf70ca56edce8ab04798c372db506925e7cc44182e3ab18d

Download Submit
C:\Windows\system\HNErtpx.exe

Filesize
6.1MB

MD5
a3445d65b25911412a7e992b6970d0ce

SHA1
e82333eafb8242e2990d341a995653e03294b4cf

SHA256
214deee6c7f826ff65961dc95e4432de558eee0dabbb772f224429d5ab492ea0

SHA512
36fc14a1d2d154d896b37f1f299ebacd72fd42d6cc4e9a0e02c06ab66d605bc4b8511ec881ec6ecd0d80be06147ea9a7443a1ab80e62712d393e185c6e163bc5

Download Submit
C:\Windows\system\HQmvWwR.exe

Filesize
6.1MB

MD5
0644289c2a1de52215be20d3cc5c799a

SHA1
ee00d2b94b6a3b702ffefcebf7e09d5fe2a60223

SHA256
80d8990839c588df00005156196714fbe13486fa886add0e34fc7ba5db21e204

SHA512
d3ef0e90b7045df61df96a581cc7e58df345368d31a868df0aec07dd5cf98c7cfa7aa690fd71464d3728b7c51eb36ea71202b37261c20747e0e1590b521908d0

Download Submit
C:\Windows\system\HvYjNHE.exe

Filesize
6.1MB

MD5
224f565d982708f31bc7733804eb3409

SHA1
31c288b07d434fd9361f52da66f5f7966ff7dfc1

SHA256
4db2c80c2db30e244fc5748409f2c2eab0d032f4797986d2621f6d33e4775e46

SHA512
ff295f18557766033d929195fc0c09bdc9072920fbbfa6ac216c1f385e4f840f148acbc30e6acdc21ca7c1ed7bda8c0a0006b776df42a3917c5c8be772d29109

Download Submit
C:\Windows\system\JRdvbwg.exe

Filesize
6.1MB

MD5
848539faeff6de3aaa78b8da7bce475f

SHA1
b3d6bd20603063c16fc5e3f664e2334f27516554

SHA256
a5c886737d3f0f98f68545940975571368880870192166f5a477c8ffa16f7af7

SHA512
864ee6981b3407f0fafac88ce6239355b53bad8b379cb267410d0f9de3dd5bdacc2ce49adbcf18943b9e9b1f70841e7d7ebdbdd1cad4332b32d9b11cf316e4ba

Download Submit
C:\Windows\system\NYctTxi.exe

Filesize
6.1MB

MD5
0c17d1eacbe4f761dacdb8e25f37d27f

SHA1
e6773a1dd0156effb52e04fb4fd6fcc9a77f3c16

SHA256
d98b02d051607bcf728247acad956ece7d40a6c22c9c0f2fbf2ab389a8a0d7b1

SHA512
f7d056ddc71ad9b569f31dfed3a7f6e43bfd84c30b0ee1b09e2ddfe1c85f6636c7d2311a784fff5d0ee892fe30210511fd404ab38555df06094311b48bd0c767

Download Submit
C:\Windows\system\PGjJKvl.exe

Filesize
6.1MB

MD5
ba7296a812ae519f22bb761575431226

SHA1
68d5ba88eab184e0d9f93bfa3857a6a7bd995ab8

SHA256
98ebc4eec8b5d7efac106d11c0ef8ee1595b16235c11d62c45b302973b8c876c

SHA512
126d111578abc26c5c739b8c3e1e5f2c1ca42ead5fb0d6ac2e822fbb8e79db4bc20ebeed8b7eebcc041c58297f503f860d73b508c98332384c9fcb421d12bf58

Download Submit
C:\Windows\system\VPBUjNf.exe

Filesize
6.1MB

MD5
9b0f498376a9b57f378b942650b12ca1

SHA1
7aedc0c24958c61dc560f1ebcd906e1a464e6867

SHA256
ed4a774669d8547e98ef74b3ef8a43924ec58458c72d26548bbe1982d725f898

SHA512
11e0c61cf57449f1936309a3563a08df4e0d7aa0d56de027015c293658fbd1e6adb252c5cd3661e58399a339c2e7f9cdd5ed281356eba923a6b75ce78b592904

Download Submit
C:\Windows\system\WDBLmMT.exe

Filesize
6.1MB

MD5
b9b5f6f45c229b7fb92e61030f5f7d4d

SHA1
b3203cf701ecd4731f302ba3e37f4a226269fa77

SHA256
e4397374be3bcf8d075006e10cfa8fb4a29e8ed9c04ae2539f82481dcf644f16

SHA512
29703df77eba66ccdf696ea495188a1d44a01214377592a25e5dbaa4b8a5c43366ca7ed211ffcbef8be6082a6b62868d1e57de2e16663232b3b5fee9c3526e80

Download Submit
C:\Windows\system\YjFBwSS.exe

Filesize
6.1MB

MD5
5299688a589243f64a159e1f713b1653

SHA1
36ee42611c83a0795d68e43699b7fd2c4e90112e

SHA256
b51a1b0ee8c7ad2a58bb4401255b90207f7f44c0891607b1f2e75b7c46ff6a6d

SHA512
ee7ecb20b53fb5375c52a585ada5b7d4db7129103fcab5889777192d1e63adacb3213f542e669876745cce636403605e9770e3c6094ecc2dd9f12896b37a2ae2

Download Submit
C:\Windows\system\Yngcnsc.exe

Filesize
6.1MB

MD5
28f133835f38996be0f713d1ba7f2ae1

SHA1
8f9b927247fd6aa0a5953f33f97b8ec150afe510

SHA256
93d9384ea0a17788fddf27692b9dbacb8bc69a9bd02acd64d2ee3210fa0c169f

SHA512
d73e9ceeb7fe6b478189f7761a8563d843b709627577c38bb99afe7c3e205434d38abd3dbb2ba8f0a5412df9ae03919d4a4a0857f41a9d996e60c4e780754369

Download Submit
C:\Windows\system\eGmZIjX.exe

Filesize
6.1MB

MD5
0f99619452e05a81538fa86402337a53

SHA1
a94050a58570d4cce957c200c4e1e91f4c683c4f

SHA256
7cc7e7e9e2af4b70e39a04a61239b28be302bee20dfa44e8310b68586c6556bf

SHA512
bd6b2655efc62381cd3d839af257346b7c4bff2f89516a0771996c4a74d2b524438da61aa0532f286102e4e784a723bab2ac08232bd97695bf10fd9e60c4232d

Download Submit
C:\Windows\system\hFMqCkQ.exe

Filesize
6.1MB

MD5
7b22cf58e74ae40d8b0466b7259d9f48

SHA1
d3de944c729de6cb06a58b4f485165af424ef9e3

SHA256
47c2c15a1873ca28490da154a5ebfe5f9915484883083ef3c86a304fb44babe5

SHA512
10d0765f9344f1e8456c2861818a5b641eb83066b368b3e6753b94c178af23dfc7e6263e6f9e5b52014d4a42cf8e4bbb347bf58db72f143fb6a70e07c22caead

Download Submit
C:\Windows\system\irQXHQZ.exe

Filesize
6.1MB

MD5
2a5a2f3c68dc564b03becff46fa7a3c6

SHA1
ecac0b2b77d540945cf78f85c5e531ed39020921

SHA256
6eaec65ecc288a7f0e305b03b640b868643dc5044ad0c7976ea81a1940883758

SHA512
627f9bfcc33797628355b432be0c0d6d4b21d68122f74cb997d9536e08dc08499414bd314572e238f33793e85f97d4caf3d6eaaa83d5cc26d52e6541be456c34

Download Submit
C:\Windows\system\leOiMBo.exe

Filesize
6.1MB

MD5
ed4ce5a23e4922f92ce2f6cdec19433b

SHA1
c9822e762add71a97f6ac42551e2a4fb5de37209

SHA256
2138d6081a3d3149a43d5fd3931ffba32406e3839bcab9aa0142d86a476fcf1d

SHA512
e64b62877d51e484dbe2874652f73eb352c0906c2de47d5902b8c69fd6632e056c171f94e8098765b801891f925bb81513232bcdd8fce641fb5dfdbd133bb0e4

Download Submit
C:\Windows\system\mVhCRyv.exe

Filesize
6.1MB

MD5
8724c0d996bb9f0ac39ac7983365d0f8

SHA1
c816d2f7ebb9dbaf5601a042848c8f623f74bbc1

SHA256
cdab038b9fd5379cf801ecd251ffda00ea28a3f9a19273733084efc72dd91370

SHA512
8d2e83f4b5e90dcdba33eb3c7927aecdd444c5a014202645db81c1f61520b384961910318fa9dfbac801f78068f4907a70298ca0b9be32c156579a4113429b5f

Download Submit
C:\Windows\system\nVobzRz.exe

Filesize
6.1MB

MD5
dbb0663bd4a9cd243b99fa6bfdae802d

SHA1
cfd208671640748d8095326582cbc12fdac5e358

SHA256
13413650f638f37f2fb68a81371eb6a29cc6c161d6cfec3c9609cb34415bb335

SHA512
d1b795debb0e84f9afab2493b510214a8e7d2c7c108c596ebc854b33645ebb1ba719e2d0f0a3dfa8ce9a22910c5f061982779854a1ef329ebcd30a48e72651d6

Download Submit
C:\Windows\system\rYZlzSY.exe

Filesize
6.1MB

MD5
33abb3a239ccf0823581090d237a1366

SHA1
a017452036660a1f9395155148b8966b355b25fe

SHA256
aa931a09e72b86eb2806edbfa38be12f7227c0288d75f32ed97858ad700b3e3e

SHA512
5ae0957411a7e6dd6670b3171338a4782e9f1c53430aaa087d50cdd85fe9c62e3b7cfcdffd67408393982eb9af351b558c0cf5433c2eef7184fdeea1647fb8e8

Download Submit
C:\Windows\system\skWKQbP.exe

Filesize
6.1MB

MD5
a4009eec5131a12f1100b76d99f433cf

SHA1
a385452e98c1c8f9983f3bd51d4c6901afe841ed

SHA256
b54d41e4999018da384080571540d0e624450081d77b97dcab10dda028a95978

SHA512
0198ac4e82857d38a959895f5d606c3b9a99c7da549b43865bbb5bc6e82f81ee44e3388862fa5280bbd6264f7cdcb0c638bedfe2c59a0974eefd7a46eda6bff9

Download Submit
C:\Windows\system\tsGuPPr.exe

Filesize
6.1MB

MD5
6d793e8702deaa475c10ba7070073322

SHA1
c81e18716e28eef2540470f360d8eec64a368007

SHA256
52d16fdb036c67f728748693aabc4dcb89348a0fb0bfd8873319c637310e95cd

SHA512
9b95c36163b104bf290499ad98dfafed8d9c2bee3f6200dfa21f12b4b012004f9f8e901905459743309bd1dff15ad38df4526eae951ae217bc347bd6e40a74e3

Download Submit
C:\Windows\system\uWNUaCZ.exe

Filesize
6.1MB

MD5
5e387722fff20ab541fb9d219cb5f5f2

SHA1
c7b0f39f5c84ffef775c7bfc0cd806bccfad3966

SHA256
d7d015c3b1ce74c12b39d6b30d5d50aa8dac5bbc6590cafb6458ea393314a6e6

SHA512
2c18c1ffef6959197a68f27208da416c06783428a288c76cba3f8643cabfa9ccfe06246371f7d61918bd46b9c7db15b1f67c0fdbca81f70753b7216adbf92020

Download Submit
C:\Windows\system\wiNAEvH.exe

Filesize
6.1MB

MD5
9cf0194d22495a87954bac576e6d3a84

SHA1
7db250e23d8c607bd90746d114613784c5b03296

SHA256
b8ba15c9c0736037661554a9fcfb72f8503b91792acfdaa32a532b5dfb9269e1

SHA512
68512ac1bcd4198e7d2fb4a6e2b745c1b0014b3b7c5c466b6c21927d75700b47ffa9a13b6f97be5fefbe60af2d5f44a7d39d89c3dbce739f8745925c5ad683cb

Download Submit
C:\Windows\system\xHwSpBp.exe

Filesize
6.1MB

MD5
09c667932b35bbe6ed1c976c3e3c4a2c

SHA1
653487b9e03e55c1f77fef02d09b9ab8978437e1

SHA256
126f36f3e3a335e8cc45cb28eb36cfcb15925955b242ec6d3bde4b5cf4445278

SHA512
9c72126f174f96346291c51f95ced99c504c75c9cd5c287c9d457641b6516dec1d8c8b92d35a6d7bff323c5b9275b8af3fc5d4184017e60de2a2d3ddf54f5636

Download Submit
C:\Windows\system\zGtMPFm.exe

Filesize
6.1MB

MD5
3a15796ed43cb449fc22e898a4542ea6

SHA1
c2d1ec6d2284dde3a377d9eb3300c44fe61d2481

SHA256
555fc11651036e5bd63e294dcb3cc435934269032d99d921f6a14044194a6a70

SHA512
53c78e52681acbaf7468efe24cd36f6db92ea28e35563e9d8de314b1df6361b8c1fc068d4842c39ee0c257b5941bb80ecb8cd4d5ded91decbd44159fa0d7922b

Download Submit
C:\Windows\system\zZuLUlJ.exe

Filesize
6.1MB

MD5
1f30ee3164a59fc5837f9863954f1df6

SHA1
e82cfce796ce181850832d1237fed98fe09a9542

SHA256
f3dc6ddee29d925cd8a3909abdd2aad64b5405314556f3ed3fa1ad441b110c40

SHA512
b96542cce0384b84314aa318771496afcce232b32bbad142ed05b5078640b852107fa4631e1333f3de4f2b57d2a349dcc3d05ac5ea0b6fd1d3319a7a7fbed6be

Download Submit
\Windows\system\DrswuEW.exe

Filesize
6.1MB

MD5
b7a722d22c6e426e0677d74761763702

SHA1
24e8b132effa36556a503aa0aab8f6d57c996be0

SHA256
f83685418fe35cda791c61e2346be467b39da6d15fdd1dccb31df8edd3cb94e1

SHA512
a9731ff19de7aa2eeedbdf1a05c1793ff224763ef6902858946dfd50833289b5a22f2fea1e3f2aa372f1b07b87dc9373e364a5b8507b8c73d81e1d509e933e34

Download Submit
\Windows\system\IGwilcs.exe

Filesize
6.1MB

MD5
91666821b1f9ac216ea06c2a96c24278

SHA1
3bea55a5246237d293fa90f97c0a718edcd0938a

SHA256
1d23990e441283b1e3409f373b33003b10aa57f65a7bfdca9a737d51ac9782f2

SHA512
2da913c3e5345aec1e840a36637b3b96b62cba34a6310d4c06a96a3a31450d82712d32f1f9fb1f543afabf80ac03ac2d49a08535a5498385153e5fcebf46fae3

Download Submit
\Windows\system\NFrrxvc.exe

Filesize
6.1MB

MD5
d29b48dc053efce73c0a97d9ce94cf41

SHA1
8598c59d28f4dcee1769766eddcb605a073ec1e2

SHA256
c9782de6e7c7e65a3d34c720617135b066dcfa150aec2ed5e31776a096be622f

SHA512
74eb51432e743d8b4d4a37b3dc9c93b9467a0741b91921cef9fc24051edebdd8f25fe8ba618ab927231dae65f8f0777476f3d74484a972d7b53711c17a95d7d3

Download Submit
\Windows\system\YwElJCr.exe

Filesize
6.1MB

MD5
5bc6a8a2ca57356e62d8f4af5fac4d33

SHA1
07fde705851930f334614b12e1e2708f14c9e107

SHA256
bda227d1fecb0dd76b1b8671498e707aa8c3ffd4b185361b131138ef50724dcb

SHA512
dd7aa4d546ec88ef1c919898d4d9b6e662e7d6c2848bba5ebdec60d16a84d81160d7ec2c31a43126b986f1897438a6f681e01a41ea64fa63bd0fac68f103a723

Download Submit
\Windows\system\fiHnwAb.exe

Filesize
6.1MB

MD5
5a3afe8c4adee98eb644db91c052bf94

SHA1
b088f65f645200bb1f3e9e4f21f314cf8c0a4589

SHA256
d8af38250332631adccbafa530853e474fbdd9fb5a0fbb8f9aed021b7ec20c1b

SHA512
70465b8508e846e90f4c356b70d45fbcd8c18265999ab7cbc97d1cfff3a141059864d93d631695d6d36443954216bc795bd645fdcb20b6a1835ce486a4237932

Download Submit
memory/428-83-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/428-125-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/428-1063-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2116-44-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1152-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2116-11-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2336-1080-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-129-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-101-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-92-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2420-127-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2420-1070-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2572-1026-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2572-91-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2572-54-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2704-957-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2704-15-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2704-49-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2760-22-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2760-1155-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2760-61-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1010-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2788-45-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2788-82-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2844-123-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1054-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2848-131-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2848-110-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2848-1095-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2868-36-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-997-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-76-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-57-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2876-105-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-88-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2876-130-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2876-40-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-39-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-96-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2876-97-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-128-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2876-106-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2876-0-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-73-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2876-126-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2876-6-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2876-87-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2876-124-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2876-114-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2876-50-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2876-16-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-19-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2876-65-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-25-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-43-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2876-115-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2876-132-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2876-32-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-988-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-68-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-29-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-62-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2956-1032-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2956-100-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2984-69-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-1043-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-109-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download