cobaltstrike | dc4c7c2d10b4081ef44e18c98f5692d2413ab7fb4c948f9cd1f25d7827d172ff

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-09-2024 22:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

86c63c4f68860a8ed80aae979c231722
SHA1

fc72847e2024bb4750edc098df7cd9dd1cb740df
SHA256

dc4c7c2d10b4081ef44e18c98f5692d2413ab7fb4c948f9cd1f25d7827d172ff
SHA512

2a7c43fe6ed99371b24ff1f2e6986236d3fcb947b759897f39bc4bf39f5dc0ee986e9864af244cd2beb7a0b79383b9971d8575f4bbf4d64a9a7afe66a002ad45
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUI:T+q56utgpPF8u/7I

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012119-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d41-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d59-15.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d81-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f71-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ff5-30.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016101-36.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3f-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd9-85.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017047-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017491-120.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d0e-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f8-188.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f2-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001868b-178.dat	cobalt_reflective_dll
behavioral1/files/0x0011000000018682-173.dat	cobalt_reflective_dll
behavioral1/files/0x001400000001866f-163.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018669-159.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175e7-125.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001747d-115.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001743a-110.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eb4-100.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de0-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d72-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6d-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d69-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d63-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4f-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d47-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d36-45.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016241-40.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2356-0-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x0007000000012119-6.dat	xmrig
behavioral1/files/0x0008000000015d41-8.dat	xmrig
behavioral1/files/0x0008000000015d59-15.dat	xmrig
behavioral1/files/0x0008000000015d81-21.dat	xmrig
behavioral1/files/0x0007000000015f71-26.dat	xmrig
behavioral1/files/0x0007000000015ff5-30.dat	xmrig
behavioral1/files/0x0009000000016101-36.dat	xmrig
behavioral1/files/0x0006000000016d3f-50.dat	xmrig
behavioral1/files/0x0006000000016dd9-85.dat	xmrig
behavioral1/files/0x0006000000017047-105.dat	xmrig
behavioral1/files/0x0006000000017491-120.dat	xmrig
behavioral1/memory/2876-141-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d0e-168.dat	xmrig
behavioral1/memory/2356-1092-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x00050000000186f8-188.dat	xmrig
behavioral1/files/0x00050000000186f2-183.dat	xmrig
behavioral1/files/0x000500000001868b-178.dat	xmrig
behavioral1/files/0x0011000000018682-173.dat	xmrig
behavioral1/files/0x001400000001866f-163.dat	xmrig
behavioral1/files/0x0006000000018669-159.dat	xmrig
behavioral1/memory/2668-156-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/1900-154-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2896-152-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2356-151-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2836-150-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2356-149-0x0000000002470000-0x00000000027C4000-memory.dmp	xmrig
behavioral1/memory/2620-148-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2776-146-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2356-140-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2332-139-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2356-138-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2128-137-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2808-135-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/1532-133-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/1696-131-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/1924-129-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2108-128-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/files/0x00060000000175e7-125.dat	xmrig
behavioral1/files/0x000600000001747d-115.dat	xmrig
behavioral1/files/0x000600000001743a-110.dat	xmrig
behavioral1/files/0x0006000000016eb4-100.dat	xmrig
behavioral1/files/0x0006000000016dea-95.dat	xmrig
behavioral1/files/0x0006000000016de0-90.dat	xmrig
behavioral1/files/0x0006000000016d72-80.dat	xmrig
behavioral1/files/0x0006000000016d6d-75.dat	xmrig
behavioral1/files/0x0006000000016d69-70.dat	xmrig
behavioral1/files/0x0006000000016d63-65.dat	xmrig
behavioral1/files/0x0006000000016d4f-60.dat	xmrig
behavioral1/files/0x0006000000016d47-55.dat	xmrig
behavioral1/files/0x0006000000016d36-45.dat	xmrig
behavioral1/files/0x0009000000016241-40.dat	xmrig
behavioral1/memory/2108-4102-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/1696-4103-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2808-4104-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/1924-4105-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2668-4115-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2620-4114-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2896-4113-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/1900-4112-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2876-4111-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2128-4110-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2836-4109-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2776-4108-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2108	fTabdcS.exe
1924	VGQgsYJ.exe
1696	tsRBqKV.exe
1532	GkZUAnc.exe
2808	GzjolrB.exe
2128	cJtAoCU.exe
2332	VXToAQu.exe
2876	bOkxwZB.exe
2776	YggErFQ.exe
2620	ZieCIAd.exe
2836	ZigQuVg.exe
2896	FwshqhB.exe
1900	vIaGqJj.exe
2668	xofeswm.exe
2628	AohwbWB.exe
2692	IYFQvIy.exe
3056	uIXgAlo.exe
2884	RikdpXZ.exe
1880	jOtZLlY.exe
2944	kpNHiHa.exe
3040	HiPFRLL.exe
1452	fwIiRQK.exe
2720	CSSkVnD.exe
2796	zaYGtAR.exe
2924	QMceBDR.exe
2560	EjlGrbR.exe
1972	CWgHWow.exe
1884	ifetHDg.exe
2952	dkLAekV.exe
772	CJIqoGi.exe
1604	nsFVfgD.exe
2428	TSWHYXJ.exe
1888	bSEAwVQ.exe
1912	CVGsXLg.exe
908	ASCzGgi.exe
1780	scKkUGo.exe
1376	iiXlsKa.exe
560	YJxNJIl.exe
2440	WXmSSPX.exe
2312	lqxveGN.exe
324	xIjIoDE.exe
336	pEyJwDK.exe
2248	PVulRtm.exe
2328	cUmdzQP.exe
888	LVyWCMb.exe
2304	hVsaXGL.exe
2672	tYlstqp.exe
2296	UgLPCDG.exe
896	nrNBQMl.exe
1600	whKQnUw.exe
2292	IgbTTLx.exe
528	LDqcQyi.exe
2408	qkUFJLZ.exe
1584	JlVgdBH.exe
2860	oJSJYpA.exe
1220	ZKJkXSR.exe
2524	ACrGboL.exe
2360	SZvMVFh.exe
2772	VrAyWAi.exe
2828	OOBSAtY.exe
2708	NSrsuTS.exe
3068	dPDvgSu.exe
2696	guhbzJG.exe
1324	QxWIzfG.exe

Loads dropped DLL 64 IoCs

pid	Process
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2356-0-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x0007000000012119-6.dat	upx
behavioral1/files/0x0008000000015d41-8.dat	upx
behavioral1/files/0x0008000000015d59-15.dat	upx
behavioral1/files/0x0008000000015d81-21.dat	upx
behavioral1/files/0x0007000000015f71-26.dat	upx
behavioral1/files/0x0007000000015ff5-30.dat	upx
behavioral1/files/0x0009000000016101-36.dat	upx
behavioral1/files/0x0006000000016d3f-50.dat	upx
behavioral1/files/0x0006000000016dd9-85.dat	upx
behavioral1/files/0x0006000000017047-105.dat	upx
behavioral1/files/0x0006000000017491-120.dat	upx
behavioral1/memory/2876-141-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x0008000000015d0e-168.dat	upx
behavioral1/memory/2356-1092-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x00050000000186f8-188.dat	upx
behavioral1/files/0x00050000000186f2-183.dat	upx
behavioral1/files/0x000500000001868b-178.dat	upx
behavioral1/files/0x0011000000018682-173.dat	upx
behavioral1/files/0x001400000001866f-163.dat	upx
behavioral1/files/0x0006000000018669-159.dat	upx
behavioral1/memory/2668-156-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/1900-154-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2896-152-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2836-150-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2620-148-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2776-146-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2332-139-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2128-137-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2808-135-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/1532-133-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/1696-131-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/1924-129-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2108-128-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/files/0x00060000000175e7-125.dat	upx
behavioral1/files/0x000600000001747d-115.dat	upx
behavioral1/files/0x000600000001743a-110.dat	upx
behavioral1/files/0x0006000000016eb4-100.dat	upx
behavioral1/files/0x0006000000016dea-95.dat	upx
behavioral1/files/0x0006000000016de0-90.dat	upx
behavioral1/files/0x0006000000016d72-80.dat	upx
behavioral1/files/0x0006000000016d6d-75.dat	upx
behavioral1/files/0x0006000000016d69-70.dat	upx
behavioral1/files/0x0006000000016d63-65.dat	upx
behavioral1/files/0x0006000000016d4f-60.dat	upx
behavioral1/files/0x0006000000016d47-55.dat	upx
behavioral1/files/0x0006000000016d36-45.dat	upx
behavioral1/files/0x0009000000016241-40.dat	upx
behavioral1/memory/2108-4102-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/1696-4103-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2808-4104-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/1924-4105-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2668-4115-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2620-4114-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2896-4113-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/1900-4112-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2876-4111-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2128-4110-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2836-4109-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2776-4108-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2332-4107-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/1532-4106-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bvDBWhn.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GrQJxUW.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Djpxzuy.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hDacxMR.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJjNQwT.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QCQTdxM.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NwaRfyp.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FpQlBuk.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\guxZmAm.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XLYimrm.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\baXuUko.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fjJAIfg.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jApnWhJ.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FcFpdbb.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gkmCrjP.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dkIRSQF.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tGVHUvR.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UPNBkkV.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MBdDaHD.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gxqTIRf.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BIMQhrG.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IvveHzO.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZzgDgW.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZXRHQLW.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EgaGRmU.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LokrcaG.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UQIdkSH.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kcZwCFu.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xjTGTte.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WvfzLIq.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PSvmXSm.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SrdzmTr.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FxUyywa.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oFnSVeP.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\heRTOJq.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOtdjVo.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLmjams.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HYyOJSU.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QMceBDR.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JcnSagQ.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Bwydtob.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ArUOWxR.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cyWcqqB.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cNJzNrw.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rRiYJuJ.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eHtIMvK.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\khFAohy.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPzADuc.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MVBBLLd.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\djaByop.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AOXoqeo.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuhKkGi.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RvmnyDp.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAbgyrG.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SOulifR.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EcEyjoQ.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bhVQJvf.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OSVwiys.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZmwRPcO.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fOKJqPX.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCNGaLV.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNOzZRH.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqXymJg.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ksXoXAA.exe	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2108	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2356 wrote to memory of 2108	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2356 wrote to memory of 2108	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2356 wrote to memory of 1924	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2356 wrote to memory of 1924	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2356 wrote to memory of 1924	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2356 wrote to memory of 1696	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2356 wrote to memory of 1696	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2356 wrote to memory of 1696	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2356 wrote to memory of 1532	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2356 wrote to memory of 1532	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2356 wrote to memory of 1532	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2356 wrote to memory of 2808	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2356 wrote to memory of 2808	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2356 wrote to memory of 2808	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2356 wrote to memory of 2128	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2356 wrote to memory of 2128	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2356 wrote to memory of 2128	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2356 wrote to memory of 2332	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2356 wrote to memory of 2332	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2356 wrote to memory of 2332	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2356 wrote to memory of 2876	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2356 wrote to memory of 2876	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2356 wrote to memory of 2876	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2356 wrote to memory of 2776	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2356 wrote to memory of 2776	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2356 wrote to memory of 2776	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2356 wrote to memory of 2620	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2356 wrote to memory of 2620	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2356 wrote to memory of 2620	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2356 wrote to memory of 2836	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2356 wrote to memory of 2836	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2356 wrote to memory of 2836	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2356 wrote to memory of 2896	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2356 wrote to memory of 2896	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2356 wrote to memory of 2896	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2356 wrote to memory of 1900	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2356 wrote to memory of 1900	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2356 wrote to memory of 1900	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2356 wrote to memory of 2668	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2356 wrote to memory of 2668	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2356 wrote to memory of 2668	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2356 wrote to memory of 2628	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2356 wrote to memory of 2628	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2356 wrote to memory of 2628	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2356 wrote to memory of 2692	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2356 wrote to memory of 2692	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2356 wrote to memory of 2692	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2356 wrote to memory of 3056	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2356 wrote to memory of 3056	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2356 wrote to memory of 3056	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2356 wrote to memory of 2884	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2356 wrote to memory of 2884	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2356 wrote to memory of 2884	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2356 wrote to memory of 1880	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2356 wrote to memory of 1880	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2356 wrote to memory of 1880	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2356 wrote to memory of 2944	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2356 wrote to memory of 2944	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2356 wrote to memory of 2944	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2356 wrote to memory of 3040	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2356 wrote to memory of 3040	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2356 wrote to memory of 3040	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2356 wrote to memory of 1452	2356	2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-22_86c63c4f68860a8ed80aae979c231722_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\System\fTabdcS.exe
  C:\Windows\System\fTabdcS.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\VGQgsYJ.exe
  C:\Windows\System\VGQgsYJ.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\tsRBqKV.exe
  C:\Windows\System\tsRBqKV.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\GkZUAnc.exe
  C:\Windows\System\GkZUAnc.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\GzjolrB.exe
  C:\Windows\System\GzjolrB.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\cJtAoCU.exe
  C:\Windows\System\cJtAoCU.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\VXToAQu.exe
  C:\Windows\System\VXToAQu.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\bOkxwZB.exe
  C:\Windows\System\bOkxwZB.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\YggErFQ.exe
  C:\Windows\System\YggErFQ.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\ZieCIAd.exe
  C:\Windows\System\ZieCIAd.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\ZigQuVg.exe
  C:\Windows\System\ZigQuVg.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\FwshqhB.exe
  C:\Windows\System\FwshqhB.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\vIaGqJj.exe
  C:\Windows\System\vIaGqJj.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\xofeswm.exe
  C:\Windows\System\xofeswm.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\AohwbWB.exe
  C:\Windows\System\AohwbWB.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\IYFQvIy.exe
  C:\Windows\System\IYFQvIy.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\uIXgAlo.exe
  C:\Windows\System\uIXgAlo.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\RikdpXZ.exe
  C:\Windows\System\RikdpXZ.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\jOtZLlY.exe
  C:\Windows\System\jOtZLlY.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\kpNHiHa.exe
  C:\Windows\System\kpNHiHa.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\HiPFRLL.exe
  C:\Windows\System\HiPFRLL.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\fwIiRQK.exe
  C:\Windows\System\fwIiRQK.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\CSSkVnD.exe
  C:\Windows\System\CSSkVnD.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\zaYGtAR.exe
  C:\Windows\System\zaYGtAR.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\QMceBDR.exe
  C:\Windows\System\QMceBDR.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\EjlGrbR.exe
  C:\Windows\System\EjlGrbR.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\CWgHWow.exe
  C:\Windows\System\CWgHWow.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\ifetHDg.exe
  C:\Windows\System\ifetHDg.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\dkLAekV.exe
  C:\Windows\System\dkLAekV.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\CJIqoGi.exe
  C:\Windows\System\CJIqoGi.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\nsFVfgD.exe
  C:\Windows\System\nsFVfgD.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\TSWHYXJ.exe
  C:\Windows\System\TSWHYXJ.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\bSEAwVQ.exe
  C:\Windows\System\bSEAwVQ.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\CVGsXLg.exe
  C:\Windows\System\CVGsXLg.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\ASCzGgi.exe
  C:\Windows\System\ASCzGgi.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\scKkUGo.exe
  C:\Windows\System\scKkUGo.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\iiXlsKa.exe
  C:\Windows\System\iiXlsKa.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\YJxNJIl.exe
  C:\Windows\System\YJxNJIl.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\WXmSSPX.exe
  C:\Windows\System\WXmSSPX.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\xIjIoDE.exe
  C:\Windows\System\xIjIoDE.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\lqxveGN.exe
  C:\Windows\System\lqxveGN.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\PVulRtm.exe
  C:\Windows\System\PVulRtm.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\pEyJwDK.exe
  C:\Windows\System\pEyJwDK.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\cUmdzQP.exe
  C:\Windows\System\cUmdzQP.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\LVyWCMb.exe
  C:\Windows\System\LVyWCMb.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\tYlstqp.exe
  C:\Windows\System\tYlstqp.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\hVsaXGL.exe
  C:\Windows\System\hVsaXGL.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\UgLPCDG.exe
  C:\Windows\System\UgLPCDG.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\nrNBQMl.exe
  C:\Windows\System\nrNBQMl.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\LDqcQyi.exe
  C:\Windows\System\LDqcQyi.exe
  2⤵
  - Executes dropped EXE
  PID:528
- C:\Windows\System\whKQnUw.exe
  C:\Windows\System\whKQnUw.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\JlVgdBH.exe
  C:\Windows\System\JlVgdBH.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\IgbTTLx.exe
  C:\Windows\System\IgbTTLx.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\ACrGboL.exe
  C:\Windows\System\ACrGboL.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\qkUFJLZ.exe
  C:\Windows\System\qkUFJLZ.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\SZvMVFh.exe
  C:\Windows\System\SZvMVFh.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\oJSJYpA.exe
  C:\Windows\System\oJSJYpA.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\VrAyWAi.exe
  C:\Windows\System\VrAyWAi.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\ZKJkXSR.exe
  C:\Windows\System\ZKJkXSR.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\OOBSAtY.exe
  C:\Windows\System\OOBSAtY.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\NSrsuTS.exe
  C:\Windows\System\NSrsuTS.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\guhbzJG.exe
  C:\Windows\System\guhbzJG.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\dPDvgSu.exe
  C:\Windows\System\dPDvgSu.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\QxWIzfG.exe
  C:\Windows\System\QxWIzfG.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\DxpCuuG.exe
  C:\Windows\System\DxpCuuG.exe
  2⤵
  PID:1224
- C:\Windows\System\ysNdHiH.exe
  C:\Windows\System\ysNdHiH.exe
  2⤵
  PID:2600
- C:\Windows\System\Zrrujvu.exe
  C:\Windows\System\Zrrujvu.exe
  2⤵
  PID:2132
- C:\Windows\System\CEykspW.exe
  C:\Windows\System\CEykspW.exe
  2⤵
  PID:768
- C:\Windows\System\fAINHMZ.exe
  C:\Windows\System\fAINHMZ.exe
  2⤵
  PID:2052
- C:\Windows\System\TIsdFae.exe
  C:\Windows\System\TIsdFae.exe
  2⤵
  PID:2228
- C:\Windows\System\vKyRieE.exe
  C:\Windows\System\vKyRieE.exe
  2⤵
  PID:676
- C:\Windows\System\UElirLV.exe
  C:\Windows\System\UElirLV.exe
  2⤵
  PID:1308
- C:\Windows\System\HYlQtXb.exe
  C:\Windows\System\HYlQtXb.exe
  2⤵
  PID:1768
- C:\Windows\System\cQNCknH.exe
  C:\Windows\System\cQNCknH.exe
  2⤵
  PID:608
- C:\Windows\System\qBkWfgS.exe
  C:\Windows\System\qBkWfgS.exe
  2⤵
  PID:568
- C:\Windows\System\iGilTXG.exe
  C:\Windows\System\iGilTXG.exe
  2⤵
  PID:1196
- C:\Windows\System\dNwvTIy.exe
  C:\Windows\System\dNwvTIy.exe
  2⤵
  PID:1916
- C:\Windows\System\SbWhyui.exe
  C:\Windows\System\SbWhyui.exe
  2⤵
  PID:1624
- C:\Windows\System\XicbsdA.exe
  C:\Windows\System\XicbsdA.exe
  2⤵
  PID:1736
- C:\Windows\System\UxKocPb.exe
  C:\Windows\System\UxKocPb.exe
  2⤵
  PID:884
- C:\Windows\System\bHvpdAm.exe
  C:\Windows\System\bHvpdAm.exe
  2⤵
  PID:2104
- C:\Windows\System\qJLjGOk.exe
  C:\Windows\System\qJLjGOk.exe
  2⤵
  PID:2908
- C:\Windows\System\Nnfqbpt.exe
  C:\Windows\System\Nnfqbpt.exe
  2⤵
  PID:1276
- C:\Windows\System\HqPvgQc.exe
  C:\Windows\System\HqPvgQc.exe
  2⤵
  PID:2744
- C:\Windows\System\wrYzQxv.exe
  C:\Windows\System\wrYzQxv.exe
  2⤵
  PID:2976
- C:\Windows\System\cneIKti.exe
  C:\Windows\System\cneIKti.exe
  2⤵
  PID:2404
- C:\Windows\System\fjJAIfg.exe
  C:\Windows\System\fjJAIfg.exe
  2⤵
  PID:1244
- C:\Windows\System\EZWYybl.exe
  C:\Windows\System\EZWYybl.exe
  2⤵
  PID:2624
- C:\Windows\System\ctCckKj.exe
  C:\Windows\System\ctCckKj.exe
  2⤵
  PID:2804
- C:\Windows\System\gKfBaIF.exe
  C:\Windows\System\gKfBaIF.exe
  2⤵
  PID:2760
- C:\Windows\System\oGroeuX.exe
  C:\Windows\System\oGroeuX.exe
  2⤵
  PID:848
- C:\Windows\System\OuEEdsP.exe
  C:\Windows\System\OuEEdsP.exe
  2⤵
  PID:1668
- C:\Windows\System\CaOvdUN.exe
  C:\Windows\System\CaOvdUN.exe
  2⤵
  PID:1304
- C:\Windows\System\tlkPweF.exe
  C:\Windows\System\tlkPweF.exe
  2⤵
  PID:2716
- C:\Windows\System\EaMdQbN.exe
  C:\Windows\System\EaMdQbN.exe
  2⤵
  PID:1704
- C:\Windows\System\STnEePC.exe
  C:\Windows\System\STnEePC.exe
  2⤵
  PID:1088
- C:\Windows\System\voZtzHm.exe
  C:\Windows\System\voZtzHm.exe
  2⤵
  PID:1388
- C:\Windows\System\djwSIpK.exe
  C:\Windows\System\djwSIpK.exe
  2⤵
  PID:2508
- C:\Windows\System\KbRSVxL.exe
  C:\Windows\System\KbRSVxL.exe
  2⤵
  PID:1776
- C:\Windows\System\ASQlKbB.exe
  C:\Windows\System\ASQlKbB.exe
  2⤵
  PID:2056
- C:\Windows\System\bdEuzif.exe
  C:\Windows\System\bdEuzif.exe
  2⤵
  PID:1640
- C:\Windows\System\EexWosZ.exe
  C:\Windows\System\EexWosZ.exe
  2⤵
  PID:2388
- C:\Windows\System\TKMWzjS.exe
  C:\Windows\System\TKMWzjS.exe
  2⤵
  PID:2268
- C:\Windows\System\cuRalmD.exe
  C:\Windows\System\cuRalmD.exe
  2⤵
  PID:2636
- C:\Windows\System\CWVBBVk.exe
  C:\Windows\System\CWVBBVk.exe
  2⤵
  PID:3060
- C:\Windows\System\NkKRlmB.exe
  C:\Windows\System\NkKRlmB.exe
  2⤵
  PID:2320
- C:\Windows\System\ZYujWxA.exe
  C:\Windows\System\ZYujWxA.exe
  2⤵
  PID:1172
- C:\Windows\System\cSDlIok.exe
  C:\Windows\System\cSDlIok.exe
  2⤵
  PID:636
- C:\Windows\System\GFKtagV.exe
  C:\Windows\System\GFKtagV.exe
  2⤵
  PID:3084
- C:\Windows\System\kjrmXqd.exe
  C:\Windows\System\kjrmXqd.exe
  2⤵
  PID:3100
- C:\Windows\System\UFEKeJx.exe
  C:\Windows\System\UFEKeJx.exe
  2⤵
  PID:3116
- C:\Windows\System\srLPYpJ.exe
  C:\Windows\System\srLPYpJ.exe
  2⤵
  PID:3132
- C:\Windows\System\FVRTPmi.exe
  C:\Windows\System\FVRTPmi.exe
  2⤵
  PID:3148
- C:\Windows\System\eFKsMhE.exe
  C:\Windows\System\eFKsMhE.exe
  2⤵
  PID:3164
- C:\Windows\System\fWqzvRr.exe
  C:\Windows\System\fWqzvRr.exe
  2⤵
  PID:3180
- C:\Windows\System\ktgwUYv.exe
  C:\Windows\System\ktgwUYv.exe
  2⤵
  PID:3196
- C:\Windows\System\UqAhnXa.exe
  C:\Windows\System\UqAhnXa.exe
  2⤵
  PID:3212
- C:\Windows\System\Kkugyoh.exe
  C:\Windows\System\Kkugyoh.exe
  2⤵
  PID:3228
- C:\Windows\System\pRXYKAu.exe
  C:\Windows\System\pRXYKAu.exe
  2⤵
  PID:3244
- C:\Windows\System\NQzJgKA.exe
  C:\Windows\System\NQzJgKA.exe
  2⤵
  PID:3260
- C:\Windows\System\PSvmXSm.exe
  C:\Windows\System\PSvmXSm.exe
  2⤵
  PID:3288
- C:\Windows\System\gfapmDT.exe
  C:\Windows\System\gfapmDT.exe
  2⤵
  PID:3312
- C:\Windows\System\brMSsnV.exe
  C:\Windows\System\brMSsnV.exe
  2⤵
  PID:3328
- C:\Windows\System\UaeYiHM.exe
  C:\Windows\System\UaeYiHM.exe
  2⤵
  PID:3344
- C:\Windows\System\UPNBkkV.exe
  C:\Windows\System\UPNBkkV.exe
  2⤵
  PID:3360
- C:\Windows\System\iGALmuh.exe
  C:\Windows\System\iGALmuh.exe
  2⤵
  PID:3376
- C:\Windows\System\SYyMjVB.exe
  C:\Windows\System\SYyMjVB.exe
  2⤵
  PID:3392
- C:\Windows\System\TnIoqJc.exe
  C:\Windows\System\TnIoqJc.exe
  2⤵
  PID:3408
- C:\Windows\System\UtLQSom.exe
  C:\Windows\System\UtLQSom.exe
  2⤵
  PID:3424
- C:\Windows\System\GVpxmMY.exe
  C:\Windows\System\GVpxmMY.exe
  2⤵
  PID:3440
- C:\Windows\System\pLdfUou.exe
  C:\Windows\System\pLdfUou.exe
  2⤵
  PID:3456
- C:\Windows\System\yYkGTVY.exe
  C:\Windows\System\yYkGTVY.exe
  2⤵
  PID:3472
- C:\Windows\System\coIyyqc.exe
  C:\Windows\System\coIyyqc.exe
  2⤵
  PID:3488
- C:\Windows\System\UIZfShN.exe
  C:\Windows\System\UIZfShN.exe
  2⤵
  PID:3504
- C:\Windows\System\DxDHjGX.exe
  C:\Windows\System\DxDHjGX.exe
  2⤵
  PID:3520
- C:\Windows\System\ElZmiey.exe
  C:\Windows\System\ElZmiey.exe
  2⤵
  PID:3536
- C:\Windows\System\GwIkvIK.exe
  C:\Windows\System\GwIkvIK.exe
  2⤵
  PID:3552
- C:\Windows\System\CEsmxyE.exe
  C:\Windows\System\CEsmxyE.exe
  2⤵
  PID:3568
- C:\Windows\System\zaccNpB.exe
  C:\Windows\System\zaccNpB.exe
  2⤵
  PID:3584
- C:\Windows\System\htFIDoO.exe
  C:\Windows\System\htFIDoO.exe
  2⤵
  PID:3600
- C:\Windows\System\GpJbRED.exe
  C:\Windows\System\GpJbRED.exe
  2⤵
  PID:3616
- C:\Windows\System\oOgNvPH.exe
  C:\Windows\System\oOgNvPH.exe
  2⤵
  PID:3632
- C:\Windows\System\fthnVqs.exe
  C:\Windows\System\fthnVqs.exe
  2⤵
  PID:3648
- C:\Windows\System\wdPPiwm.exe
  C:\Windows\System\wdPPiwm.exe
  2⤵
  PID:3664
- C:\Windows\System\FDIAeWw.exe
  C:\Windows\System\FDIAeWw.exe
  2⤵
  PID:3680
- C:\Windows\System\uDNRsSF.exe
  C:\Windows\System\uDNRsSF.exe
  2⤵
  PID:3696
- C:\Windows\System\SKlfJOv.exe
  C:\Windows\System\SKlfJOv.exe
  2⤵
  PID:3712
- C:\Windows\System\LZzDNPy.exe
  C:\Windows\System\LZzDNPy.exe
  2⤵
  PID:3728
- C:\Windows\System\rKCNord.exe
  C:\Windows\System\rKCNord.exe
  2⤵
  PID:3744
- C:\Windows\System\CeDnbwP.exe
  C:\Windows\System\CeDnbwP.exe
  2⤵
  PID:3808
- C:\Windows\System\ljTFRpq.exe
  C:\Windows\System\ljTFRpq.exe
  2⤵
  PID:3924
- C:\Windows\System\gahqoUr.exe
  C:\Windows\System\gahqoUr.exe
  2⤵
  PID:4068
- C:\Windows\System\aiFLXpF.exe
  C:\Windows\System\aiFLXpF.exe
  2⤵
  PID:4088
- C:\Windows\System\motsGiz.exe
  C:\Windows\System\motsGiz.exe
  2⤵
  PID:1596
- C:\Windows\System\Rtyxcxk.exe
  C:\Windows\System\Rtyxcxk.exe
  2⤵
  PID:1876
- C:\Windows\System\uhopKOT.exe
  C:\Windows\System\uhopKOT.exe
  2⤵
  PID:3096
- C:\Windows\System\nCSZahP.exe
  C:\Windows\System\nCSZahP.exe
  2⤵
  PID:1108
- C:\Windows\System\qxSKWpl.exe
  C:\Windows\System\qxSKWpl.exe
  2⤵
  PID:1072
- C:\Windows\System\tpkvoNL.exe
  C:\Windows\System\tpkvoNL.exe
  2⤵
  PID:3220
- C:\Windows\System\sqZYtXN.exe
  C:\Windows\System\sqZYtXN.exe
  2⤵
  PID:3296
- C:\Windows\System\BmcTJgU.exe
  C:\Windows\System\BmcTJgU.exe
  2⤵
  PID:1908
- C:\Windows\System\WzbgCAR.exe
  C:\Windows\System\WzbgCAR.exe
  2⤵
  PID:2192
- C:\Windows\System\mfdddrV.exe
  C:\Windows\System\mfdddrV.exe
  2⤵
  PID:2712
- C:\Windows\System\BdvDCPJ.exe
  C:\Windows\System\BdvDCPJ.exe
  2⤵
  PID:3076
- C:\Windows\System\nCBKiGj.exe
  C:\Windows\System\nCBKiGj.exe
  2⤵
  PID:3368
- C:\Windows\System\BULVPCm.exe
  C:\Windows\System\BULVPCm.exe
  2⤵
  PID:3432
- C:\Windows\System\NzIcoEJ.exe
  C:\Windows\System\NzIcoEJ.exe
  2⤵
  PID:3496
- C:\Windows\System\eaQkfpr.exe
  C:\Windows\System\eaQkfpr.exe
  2⤵
  PID:1632
- C:\Windows\System\gbDNGzr.exe
  C:\Windows\System\gbDNGzr.exe
  2⤵
  PID:3592
- C:\Windows\System\aphVekL.exe
  C:\Windows\System\aphVekL.exe
  2⤵
  PID:3628
- C:\Windows\System\dnSpcMY.exe
  C:\Windows\System\dnSpcMY.exe
  2⤵
  PID:3688
- C:\Windows\System\RNyucWI.exe
  C:\Windows\System\RNyucWI.exe
  2⤵
  PID:3780
- C:\Windows\System\dkiXuwB.exe
  C:\Windows\System\dkiXuwB.exe
  2⤵
  PID:3804
- C:\Windows\System\JyouMse.exe
  C:\Windows\System\JyouMse.exe
  2⤵
  PID:3672
- C:\Windows\System\NCymUGy.exe
  C:\Windows\System\NCymUGy.exe
  2⤵
  PID:3612
- C:\Windows\System\vYUyezd.exe
  C:\Windows\System\vYUyezd.exe
  2⤵
  PID:3544
- C:\Windows\System\rzLzFIm.exe
  C:\Windows\System\rzLzFIm.exe
  2⤵
  PID:3452
- C:\Windows\System\DeXkkdY.exe
  C:\Windows\System\DeXkkdY.exe
  2⤵
  PID:3352
- C:\Windows\System\WwyOHWl.exe
  C:\Windows\System\WwyOHWl.exe
  2⤵
  PID:3284
- C:\Windows\System\IGKWCfo.exe
  C:\Windows\System\IGKWCfo.exe
  2⤵
  PID:3204
- C:\Windows\System\zveOrMF.exe
  C:\Windows\System\zveOrMF.exe
  2⤵
  PID:3872
- C:\Windows\System\wqklcrk.exe
  C:\Windows\System\wqklcrk.exe
  2⤵
  PID:3820
- C:\Windows\System\KCXjjnM.exe
  C:\Windows\System\KCXjjnM.exe
  2⤵
  PID:3836
- C:\Windows\System\yhcAMeJ.exe
  C:\Windows\System\yhcAMeJ.exe
  2⤵
  PID:3852
- C:\Windows\System\IEOoBaw.exe
  C:\Windows\System\IEOoBaw.exe
  2⤵
  PID:3944
- C:\Windows\System\yOIPWji.exe
  C:\Windows\System\yOIPWji.exe
  2⤵
  PID:3964
- C:\Windows\System\nQbWyQX.exe
  C:\Windows\System\nQbWyQX.exe
  2⤵
  PID:3980
- C:\Windows\System\XGGweyT.exe
  C:\Windows\System\XGGweyT.exe
  2⤵
  PID:3988
- C:\Windows\System\PzLFbxu.exe
  C:\Windows\System\PzLFbxu.exe
  2⤵
  PID:4004
- C:\Windows\System\FThZoyd.exe
  C:\Windows\System\FThZoyd.exe
  2⤵
  PID:4024
- C:\Windows\System\YFQOFCl.exe
  C:\Windows\System\YFQOFCl.exe
  2⤵
  PID:4028
- C:\Windows\System\MkicpQc.exe
  C:\Windows\System\MkicpQc.exe
  2⤵
  PID:4060
- C:\Windows\System\aZPPOEy.exe
  C:\Windows\System\aZPPOEy.exe
  2⤵
  PID:2472
- C:\Windows\System\NNmkfbK.exe
  C:\Windows\System\NNmkfbK.exe
  2⤵
  PID:992
- C:\Windows\System\rPzADuc.exe
  C:\Windows\System\rPzADuc.exe
  2⤵
  PID:3308
- C:\Windows\System\clFFxoq.exe
  C:\Windows\System\clFFxoq.exe
  2⤵
  PID:2968
- C:\Windows\System\oDpOCdt.exe
  C:\Windows\System\oDpOCdt.exe
  2⤵
  PID:2980
- C:\Windows\System\asITGrw.exe
  C:\Windows\System\asITGrw.exe
  2⤵
  PID:3256
- C:\Windows\System\DSDYWRm.exe
  C:\Windows\System\DSDYWRm.exe
  2⤵
  PID:2900
- C:\Windows\System\QdGyPKS.exe
  C:\Windows\System\QdGyPKS.exe
  2⤵
  PID:3140
- C:\Windows\System\KJGrtvR.exe
  C:\Windows\System\KJGrtvR.exe
  2⤵
  PID:3108
- C:\Windows\System\rfENWvm.exe
  C:\Windows\System\rfENWvm.exe
  2⤵
  PID:2212
- C:\Windows\System\WqAOsKC.exe
  C:\Windows\System\WqAOsKC.exe
  2⤵
  PID:2580
- C:\Windows\System\IYHoOEX.exe
  C:\Windows\System\IYHoOEX.exe
  2⤵
  PID:3720
- C:\Windows\System\KHIAVEr.exe
  C:\Windows\System\KHIAVEr.exe
  2⤵
  PID:3800
- C:\Windows\System\zGcwczv.exe
  C:\Windows\System\zGcwczv.exe
  2⤵
  PID:3144
- C:\Windows\System\MEgowzo.exe
  C:\Windows\System\MEgowzo.exe
  2⤵
  PID:3484
- C:\Windows\System\ifImlMk.exe
  C:\Windows\System\ifImlMk.exe
  2⤵
  PID:3640
- C:\Windows\System\swnYRLG.exe
  C:\Windows\System\swnYRLG.exe
  2⤵
  PID:3828
- C:\Windows\System\Nrkmvmp.exe
  C:\Windows\System\Nrkmvmp.exe
  2⤵
  PID:3548
- C:\Windows\System\OkLcsDg.exe
  C:\Windows\System\OkLcsDg.exe
  2⤵
  PID:3932
- C:\Windows\System\LApOdRM.exe
  C:\Windows\System\LApOdRM.exe
  2⤵
  PID:3416
- C:\Windows\System\qBIKRtZ.exe
  C:\Windows\System\qBIKRtZ.exe
  2⤵
  PID:3240
- C:\Windows\System\VKtpTrY.exe
  C:\Windows\System\VKtpTrY.exe
  2⤵
  PID:4000
- C:\Windows\System\olfvSaU.exe
  C:\Windows\System\olfvSaU.exe
  2⤵
  PID:3816
- C:\Windows\System\XzobWVH.exe
  C:\Windows\System\XzobWVH.exe
  2⤵
  PID:784
- C:\Windows\System\pofENtz.exe
  C:\Windows\System\pofENtz.exe
  2⤵
  PID:3300
- C:\Windows\System\EcEyjoQ.exe
  C:\Windows\System\EcEyjoQ.exe
  2⤵
  PID:4128
- C:\Windows\System\pfeqGsf.exe
  C:\Windows\System\pfeqGsf.exe
  2⤵
  PID:4144
- C:\Windows\System\cCCUSLq.exe
  C:\Windows\System\cCCUSLq.exe
  2⤵
  PID:4160
- C:\Windows\System\LdScbza.exe
  C:\Windows\System\LdScbza.exe
  2⤵
  PID:4176
- C:\Windows\System\DiybHis.exe
  C:\Windows\System\DiybHis.exe
  2⤵
  PID:4192
- C:\Windows\System\fIiqAas.exe
  C:\Windows\System\fIiqAas.exe
  2⤵
  PID:4208
- C:\Windows\System\SQfUmkK.exe
  C:\Windows\System\SQfUmkK.exe
  2⤵
  PID:4228
- C:\Windows\System\votLmHS.exe
  C:\Windows\System\votLmHS.exe
  2⤵
  PID:4244
- C:\Windows\System\fOKJqPX.exe
  C:\Windows\System\fOKJqPX.exe
  2⤵
  PID:4268
- C:\Windows\System\GeNfyif.exe
  C:\Windows\System\GeNfyif.exe
  2⤵
  PID:4284
- C:\Windows\System\jApnWhJ.exe
  C:\Windows\System\jApnWhJ.exe
  2⤵
  PID:4308
- C:\Windows\System\nCNGaLV.exe
  C:\Windows\System\nCNGaLV.exe
  2⤵
  PID:4328
- C:\Windows\System\DqPSEHn.exe
  C:\Windows\System\DqPSEHn.exe
  2⤵
  PID:4344
- C:\Windows\System\dzLnTRc.exe
  C:\Windows\System\dzLnTRc.exe
  2⤵
  PID:4360
- C:\Windows\System\CJbaqWG.exe
  C:\Windows\System\CJbaqWG.exe
  2⤵
  PID:4376
- C:\Windows\System\XQcKTvC.exe
  C:\Windows\System\XQcKTvC.exe
  2⤵
  PID:4392
- C:\Windows\System\bhVQJvf.exe
  C:\Windows\System\bhVQJvf.exe
  2⤵
  PID:4440
- C:\Windows\System\wYbbkzr.exe
  C:\Windows\System\wYbbkzr.exe
  2⤵
  PID:4456
- C:\Windows\System\rZzRanB.exe
  C:\Windows\System\rZzRanB.exe
  2⤵
  PID:4500
- C:\Windows\System\DRShoBs.exe
  C:\Windows\System\DRShoBs.exe
  2⤵
  PID:4516
- C:\Windows\System\XfbvkBP.exe
  C:\Windows\System\XfbvkBP.exe
  2⤵
  PID:4532
- C:\Windows\System\OHCdRJI.exe
  C:\Windows\System\OHCdRJI.exe
  2⤵
  PID:4548
- C:\Windows\System\tbNUSCD.exe
  C:\Windows\System\tbNUSCD.exe
  2⤵
  PID:4564
- C:\Windows\System\bdAwywO.exe
  C:\Windows\System\bdAwywO.exe
  2⤵
  PID:4580
- C:\Windows\System\oagLepa.exe
  C:\Windows\System\oagLepa.exe
  2⤵
  PID:4596
- C:\Windows\System\baKIpfA.exe
  C:\Windows\System\baKIpfA.exe
  2⤵
  PID:4612
- C:\Windows\System\drhVoco.exe
  C:\Windows\System\drhVoco.exe
  2⤵
  PID:4628
- C:\Windows\System\xHIjlBK.exe
  C:\Windows\System\xHIjlBK.exe
  2⤵
  PID:4644
- C:\Windows\System\scwfmcb.exe
  C:\Windows\System\scwfmcb.exe
  2⤵
  PID:4660
- C:\Windows\System\fgulQRP.exe
  C:\Windows\System\fgulQRP.exe
  2⤵
  PID:4676
- C:\Windows\System\HgUgykl.exe
  C:\Windows\System\HgUgykl.exe
  2⤵
  PID:4692
- C:\Windows\System\lXvAbAS.exe
  C:\Windows\System\lXvAbAS.exe
  2⤵
  PID:4708
- C:\Windows\System\IQjVMEE.exe
  C:\Windows\System\IQjVMEE.exe
  2⤵
  PID:4724
- C:\Windows\System\vbmvxJP.exe
  C:\Windows\System\vbmvxJP.exe
  2⤵
  PID:4740
- C:\Windows\System\DarBWVf.exe
  C:\Windows\System\DarBWVf.exe
  2⤵
  PID:4756
- C:\Windows\System\MVBBLLd.exe
  C:\Windows\System\MVBBLLd.exe
  2⤵
  PID:4772
- C:\Windows\System\NkRQxto.exe
  C:\Windows\System\NkRQxto.exe
  2⤵
  PID:4788
- C:\Windows\System\TKDCVOh.exe
  C:\Windows\System\TKDCVOh.exe
  2⤵
  PID:4804
- C:\Windows\System\xbcoaTi.exe
  C:\Windows\System\xbcoaTi.exe
  2⤵
  PID:4820
- C:\Windows\System\BqBDxbL.exe
  C:\Windows\System\BqBDxbL.exe
  2⤵
  PID:4836
- C:\Windows\System\sbnrRzH.exe
  C:\Windows\System\sbnrRzH.exe
  2⤵
  PID:4852
- C:\Windows\System\ExNcjRo.exe
  C:\Windows\System\ExNcjRo.exe
  2⤵
  PID:4868
- C:\Windows\System\iiIJqKV.exe
  C:\Windows\System\iiIJqKV.exe
  2⤵
  PID:4884
- C:\Windows\System\fYquPAY.exe
  C:\Windows\System\fYquPAY.exe
  2⤵
  PID:4900
- C:\Windows\System\FcFpdbb.exe
  C:\Windows\System\FcFpdbb.exe
  2⤵
  PID:4916
- C:\Windows\System\hfohxDi.exe
  C:\Windows\System\hfohxDi.exe
  2⤵
  PID:4932
- C:\Windows\System\CrSdQfI.exe
  C:\Windows\System\CrSdQfI.exe
  2⤵
  PID:4948
- C:\Windows\System\kbRnhFA.exe
  C:\Windows\System\kbRnhFA.exe
  2⤵
  PID:4964
- C:\Windows\System\HgLUxMz.exe
  C:\Windows\System\HgLUxMz.exe
  2⤵
  PID:4980
- C:\Windows\System\dBFPoju.exe
  C:\Windows\System\dBFPoju.exe
  2⤵
  PID:4996
- C:\Windows\System\xcvewyA.exe
  C:\Windows\System\xcvewyA.exe
  2⤵
  PID:5012
- C:\Windows\System\qMqghVE.exe
  C:\Windows\System\qMqghVE.exe
  2⤵
  PID:5028
- C:\Windows\System\cnaEYVg.exe
  C:\Windows\System\cnaEYVg.exe
  2⤵
  PID:5044
- C:\Windows\System\nQlEHlU.exe
  C:\Windows\System\nQlEHlU.exe
  2⤵
  PID:5072
- C:\Windows\System\woFFFOP.exe
  C:\Windows\System\woFFFOP.exe
  2⤵
  PID:5088
- C:\Windows\System\tRRGrux.exe
  C:\Windows\System\tRRGrux.exe
  2⤵
  PID:5108
- C:\Windows\System\jWHjgDe.exe
  C:\Windows\System\jWHjgDe.exe
  2⤵
  PID:4324
- C:\Windows\System\VRlwhZG.exe
  C:\Windows\System\VRlwhZG.exe
  2⤵
  PID:2216
- C:\Windows\System\RfWSshT.exe
  C:\Windows\System\RfWSshT.exe
  2⤵
  PID:4036
- C:\Windows\System\cRKmrBI.exe
  C:\Windows\System\cRKmrBI.exe
  2⤵
  PID:3576
- C:\Windows\System\dHyTVXN.exe
  C:\Windows\System\dHyTVXN.exe
  2⤵
  PID:4104
- C:\Windows\System\YbxcdxT.exe
  C:\Windows\System\YbxcdxT.exe
  2⤵
  PID:4152
- C:\Windows\System\xpSJCjW.exe
  C:\Windows\System\xpSJCjW.exe
  2⤵
  PID:4224
- C:\Windows\System\tbPrmVZ.exe
  C:\Windows\System\tbPrmVZ.exe
  2⤵
  PID:4264
- C:\Windows\System\pbKsNjG.exe
  C:\Windows\System\pbKsNjG.exe
  2⤵
  PID:4304
- C:\Windows\System\hvZqSjU.exe
  C:\Windows\System\hvZqSjU.exe
  2⤵
  PID:4408
- C:\Windows\System\DHXQpHe.exe
  C:\Windows\System\DHXQpHe.exe
  2⤵
  PID:4428
- C:\Windows\System\CqXymJg.exe
  C:\Windows\System\CqXymJg.exe
  2⤵
  PID:3420
- C:\Windows\System\KMxVECI.exe
  C:\Windows\System\KMxVECI.exe
  2⤵
  PID:3324
- C:\Windows\System\LArSWui.exe
  C:\Windows\System\LArSWui.exe
  2⤵
  PID:3112
- C:\Windows\System\KBZTjBd.exe
  C:\Windows\System\KBZTjBd.exe
  2⤵
  PID:3236
- C:\Windows\System\vLAYeRJ.exe
  C:\Windows\System\vLAYeRJ.exe
  2⤵
  PID:4540
- C:\Windows\System\LoMSirf.exe
  C:\Windows\System\LoMSirf.exe
  2⤵
  PID:2112
- C:\Windows\System\hgGVlRy.exe
  C:\Windows\System\hgGVlRy.exe
  2⤵
  PID:4528
- C:\Windows\System\eshIRGy.exe
  C:\Windows\System\eshIRGy.exe
  2⤵
  PID:4704
- C:\Windows\System\CcaeoMx.exe
  C:\Windows\System\CcaeoMx.exe
  2⤵
  PID:4732
- C:\Windows\System\nNqUlSU.exe
  C:\Windows\System\nNqUlSU.exe
  2⤵
  PID:4796
- C:\Windows\System\JgPXpoj.exe
  C:\Windows\System\JgPXpoj.exe
  2⤵
  PID:4864
- C:\Windows\System\mnBPSGX.exe
  C:\Windows\System\mnBPSGX.exe
  2⤵
  PID:4928
- C:\Windows\System\fKKVrbp.exe
  C:\Windows\System\fKKVrbp.exe
  2⤵
  PID:4624
- C:\Windows\System\ycEiwyM.exe
  C:\Windows\System\ycEiwyM.exe
  2⤵
  PID:4560
- C:\Windows\System\nkboNrY.exe
  C:\Windows\System\nkboNrY.exe
  2⤵
  PID:4992
- C:\Windows\System\iteCsrK.exe
  C:\Windows\System\iteCsrK.exe
  2⤵
  PID:5020
- C:\Windows\System\nWynHyg.exe
  C:\Windows\System\nWynHyg.exe
  2⤵
  PID:5024
- C:\Windows\System\GjIGHRj.exe
  C:\Windows\System\GjIGHRj.exe
  2⤵
  PID:5052
- C:\Windows\System\tyMtBju.exe
  C:\Windows\System\tyMtBju.exe
  2⤵
  PID:5068
- C:\Windows\System\WdSrGSw.exe
  C:\Windows\System\WdSrGSw.exe
  2⤵
  PID:4912
- C:\Windows\System\wNabyzP.exe
  C:\Windows\System\wNabyzP.exe
  2⤵
  PID:5036
- C:\Windows\System\QQVKxqL.exe
  C:\Windows\System\QQVKxqL.exe
  2⤵
  PID:3848
- C:\Windows\System\AyKWkJu.exe
  C:\Windows\System\AyKWkJu.exe
  2⤵
  PID:4876
- C:\Windows\System\ElvmxwN.exe
  C:\Windows\System\ElvmxwN.exe
  2⤵
  PID:4812
- C:\Windows\System\rhSAUiG.exe
  C:\Windows\System\rhSAUiG.exe
  2⤵
  PID:3280
- C:\Windows\System\JHSKWQy.exe
  C:\Windows\System\JHSKWQy.exe
  2⤵
  PID:1032
- C:\Windows\System\yWYIXad.exe
  C:\Windows\System\yWYIXad.exe
  2⤵
  PID:1564
- C:\Windows\System\HypbEWG.exe
  C:\Windows\System\HypbEWG.exe
  2⤵
  PID:3404
- C:\Windows\System\jGmdDUc.exe
  C:\Windows\System\jGmdDUc.exe
  2⤵
  PID:3752
- C:\Windows\System\gcSyDiv.exe
  C:\Windows\System\gcSyDiv.exe
  2⤵
  PID:3512
- C:\Windows\System\KNWLBvd.exe
  C:\Windows\System\KNWLBvd.exe
  2⤵
  PID:3956
- C:\Windows\System\AcucpCv.exe
  C:\Windows\System\AcucpCv.exe
  2⤵
  PID:3856
- C:\Windows\System\tizBMxC.exe
  C:\Windows\System\tizBMxC.exe
  2⤵
  PID:3880
- C:\Windows\System\uyuVViw.exe
  C:\Windows\System\uyuVViw.exe
  2⤵
  PID:4136
- C:\Windows\System\HthzJJJ.exe
  C:\Windows\System\HthzJJJ.exe
  2⤵
  PID:3960
- C:\Windows\System\NxGvMPW.exe
  C:\Windows\System\NxGvMPW.exe
  2⤵
  PID:4012
- C:\Windows\System\VIZeCEn.exe
  C:\Windows\System\VIZeCEn.exe
  2⤵
  PID:4240
- C:\Windows\System\tUTyony.exe
  C:\Windows\System\tUTyony.exe
  2⤵
  PID:1708
- C:\Windows\System\peXoMJr.exe
  C:\Windows\System\peXoMJr.exe
  2⤵
  PID:4356
- C:\Windows\System\ipFICWw.exe
  C:\Windows\System\ipFICWw.exe
  2⤵
  PID:4452
- C:\Windows\System\ekrpNgB.exe
  C:\Windows\System\ekrpNgB.exe
  2⤵
  PID:4256
- C:\Windows\System\dKRMnqi.exe
  C:\Windows\System\dKRMnqi.exe
  2⤵
  PID:4260
- C:\Windows\System\gcwFrbd.exe
  C:\Windows\System\gcwFrbd.exe
  2⤵
  PID:4216
- C:\Windows\System\ksXoXAA.exe
  C:\Windows\System\ksXoXAA.exe
  2⤵
  PID:4424
- C:\Windows\System\Llrpktw.exe
  C:\Windows\System\Llrpktw.exe
  2⤵
  PID:4220
- C:\Windows\System\OQLXxJq.exe
  C:\Windows\System\OQLXxJq.exe
  2⤵
  PID:4404
- C:\Windows\System\OSVwiys.exe
  C:\Windows\System\OSVwiys.exe
  2⤵
  PID:880
- C:\Windows\System\qAhRyjk.exe
  C:\Windows\System\qAhRyjk.exe
  2⤵
  PID:5100
- C:\Windows\System\cnkPnrc.exe
  C:\Windows\System\cnkPnrc.exe
  2⤵
  PID:1336
- C:\Windows\System\NwaRfyp.exe
  C:\Windows\System\NwaRfyp.exe
  2⤵
  PID:1856
- C:\Windows\System\igkRkrk.exe
  C:\Windows\System\igkRkrk.exe
  2⤵
  PID:1208
- C:\Windows\System\gXuPqAh.exe
  C:\Windows\System\gXuPqAh.exe
  2⤵
  PID:3128
- C:\Windows\System\KKEqFgz.exe
  C:\Windows\System\KKEqFgz.exe
  2⤵
  PID:3796
- C:\Windows\System\hDacxMR.exe
  C:\Windows\System\hDacxMR.exe
  2⤵
  PID:2516
- C:\Windows\System\IRXkGIT.exe
  C:\Windows\System\IRXkGIT.exe
  2⤵
  PID:3984
- C:\Windows\System\cYksOEa.exe
  C:\Windows\System\cYksOEa.exe
  2⤵
  PID:5004
- C:\Windows\System\hBAHXJd.exe
  C:\Windows\System\hBAHXJd.exe
  2⤵
  PID:4388
- C:\Windows\System\eBFcjjq.exe
  C:\Windows\System\eBFcjjq.exe
  2⤵
  PID:4276
- C:\Windows\System\xytOAXl.exe
  C:\Windows\System\xytOAXl.exe
  2⤵
  PID:2504
- C:\Windows\System\rHhlPhO.exe
  C:\Windows\System\rHhlPhO.exe
  2⤵
  PID:1644
- C:\Windows\System\SrdzmTr.exe
  C:\Windows\System\SrdzmTr.exe
  2⤵
  PID:4464
- C:\Windows\System\NldVYbi.exe
  C:\Windows\System\NldVYbi.exe
  2⤵
  PID:3624
- C:\Windows\System\jWdyOEf.exe
  C:\Windows\System\jWdyOEf.exe
  2⤵
  PID:4080
- C:\Windows\System\zduWAiK.exe
  C:\Windows\System\zduWAiK.exe
  2⤵
  PID:4236
- C:\Windows\System\QanHGMB.exe
  C:\Windows\System\QanHGMB.exe
  2⤵
  PID:4124
- C:\Windows\System\tOtdjVo.exe
  C:\Windows\System\tOtdjVo.exe
  2⤵
  PID:4300
- C:\Windows\System\noGpHgo.exe
  C:\Windows\System\noGpHgo.exe
  2⤵
  PID:4524
- C:\Windows\System\dgjqpIe.exe
  C:\Windows\System\dgjqpIe.exe
  2⤵
  PID:2260
- C:\Windows\System\oblPpOD.exe
  C:\Windows\System\oblPpOD.exe
  2⤵
  PID:4960
- C:\Windows\System\GknDUXR.exe
  C:\Windows\System\GknDUXR.exe
  2⤵
  PID:2148
- C:\Windows\System\TsGrFpn.exe
  C:\Windows\System\TsGrFpn.exe
  2⤵
  PID:5064
- C:\Windows\System\Ccfgvey.exe
  C:\Windows\System\Ccfgvey.exe
  2⤵
  PID:4764
- C:\Windows\System\rGHxfWj.exe
  C:\Windows\System\rGHxfWj.exe
  2⤵
  PID:4656
- C:\Windows\System\nZekhxl.exe
  C:\Windows\System\nZekhxl.exe
  2⤵
  PID:4372
- C:\Windows\System\DaeCrmj.exe
  C:\Windows\System\DaeCrmj.exe
  2⤵
  PID:4112
- C:\Windows\System\KPYoPkK.exe
  C:\Windows\System\KPYoPkK.exe
  2⤵
  PID:1320
- C:\Windows\System\oJTOxwQ.exe
  C:\Windows\System\oJTOxwQ.exe
  2⤵
  PID:5084
- C:\Windows\System\FpQlBuk.exe
  C:\Windows\System\FpQlBuk.exe
  2⤵
  PID:1436
- C:\Windows\System\sbHVbjC.exe
  C:\Windows\System\sbHVbjC.exe
  2⤵
  PID:4168
- C:\Windows\System\WeXkhtz.exe
  C:\Windows\System\WeXkhtz.exe
  2⤵
  PID:4640
- C:\Windows\System\fkbtUUH.exe
  C:\Windows\System\fkbtUUH.exe
  2⤵
  PID:2284
- C:\Windows\System\GhHGybI.exe
  C:\Windows\System\GhHGybI.exe
  2⤵
  PID:4204
- C:\Windows\System\tMkfMcE.exe
  C:\Windows\System\tMkfMcE.exe
  2⤵
  PID:4604
- C:\Windows\System\uSENcCe.exe
  C:\Windows\System\uSENcCe.exe
  2⤵
  PID:2436
- C:\Windows\System\PpTQtML.exe
  C:\Windows\System\PpTQtML.exe
  2⤵
  PID:2456
- C:\Windows\System\qlqpNMl.exe
  C:\Windows\System\qlqpNMl.exe
  2⤵
  PID:4512
- C:\Windows\System\gZzgDgW.exe
  C:\Windows\System\gZzgDgW.exe
  2⤵
  PID:2856
- C:\Windows\System\jwqIYqp.exe
  C:\Windows\System\jwqIYqp.exe
  2⤵
  PID:4672
- C:\Windows\System\XeocwUA.exe
  C:\Windows\System\XeocwUA.exe
  2⤵
  PID:4320
- C:\Windows\System\GPWgmfx.exe
  C:\Windows\System\GPWgmfx.exe
  2⤵
  PID:3996
- C:\Windows\System\ShTpVpf.exe
  C:\Windows\System\ShTpVpf.exe
  2⤵
  PID:2664
- C:\Windows\System\OXyRsoy.exe
  C:\Windows\System\OXyRsoy.exe
  2⤵
  PID:536
- C:\Windows\System\XyvgrcH.exe
  C:\Windows\System\XyvgrcH.exe
  2⤵
  PID:4120
- C:\Windows\System\TjQYCoQ.exe
  C:\Windows\System\TjQYCoQ.exe
  2⤵
  PID:3952
- C:\Windows\System\wxJXyaC.exe
  C:\Windows\System\wxJXyaC.exe
  2⤵
  PID:4188
- C:\Windows\System\vqkFzyr.exe
  C:\Windows\System\vqkFzyr.exe
  2⤵
  PID:4576
- C:\Windows\System\QRWYrAp.exe
  C:\Windows\System\QRWYrAp.exe
  2⤵
  PID:4924
- C:\Windows\System\wNCoEac.exe
  C:\Windows\System\wNCoEac.exe
  2⤵
  PID:704
- C:\Windows\System\IYhjUfp.exe
  C:\Windows\System\IYhjUfp.exe
  2⤵
  PID:2780
- C:\Windows\System\kBsCLDo.exe
  C:\Windows\System\kBsCLDo.exe
  2⤵
  PID:4720
- C:\Windows\System\XOzZnoA.exe
  C:\Windows\System\XOzZnoA.exe
  2⤵
  PID:4752
- C:\Windows\System\ekwYgsb.exe
  C:\Windows\System\ekwYgsb.exe
  2⤵
  PID:3936
- C:\Windows\System\RxaziJD.exe
  C:\Windows\System\RxaziJD.exe
  2⤵
  PID:2084
- C:\Windows\System\HbYYmdy.exe
  C:\Windows\System\HbYYmdy.exe
  2⤵
  PID:4844
- C:\Windows\System\ryQgBkE.exe
  C:\Windows\System\ryQgBkE.exe
  2⤵
  PID:3188
- C:\Windows\System\uMqYFjB.exe
  C:\Windows\System\uMqYFjB.exe
  2⤵
  PID:1804
- C:\Windows\System\YfWecGE.exe
  C:\Windows\System\YfWecGE.exe
  2⤵
  PID:2384
- C:\Windows\System\UPkezCK.exe
  C:\Windows\System\UPkezCK.exe
  2⤵
  PID:5156
- C:\Windows\System\DsKEbkr.exe
  C:\Windows\System\DsKEbkr.exe
  2⤵
  PID:5176
- C:\Windows\System\Uyrtirr.exe
  C:\Windows\System\Uyrtirr.exe
  2⤵
  PID:5196
- C:\Windows\System\DmudosI.exe
  C:\Windows\System\DmudosI.exe
  2⤵
  PID:5212
- C:\Windows\System\BVtiPmp.exe
  C:\Windows\System\BVtiPmp.exe
  2⤵
  PID:5232
- C:\Windows\System\qdizSpN.exe
  C:\Windows\System\qdizSpN.exe
  2⤵
  PID:5248
- C:\Windows\System\ISosBFi.exe
  C:\Windows\System\ISosBFi.exe
  2⤵
  PID:5264
- C:\Windows\System\yRdrpzU.exe
  C:\Windows\System\yRdrpzU.exe
  2⤵
  PID:5284
- C:\Windows\System\YNjMgaI.exe
  C:\Windows\System\YNjMgaI.exe
  2⤵
  PID:5300
- C:\Windows\System\xgSnFdm.exe
  C:\Windows\System\xgSnFdm.exe
  2⤵
  PID:5316
- C:\Windows\System\pbBgAWr.exe
  C:\Windows\System\pbBgAWr.exe
  2⤵
  PID:5332
- C:\Windows\System\ZXRHQLW.exe
  C:\Windows\System\ZXRHQLW.exe
  2⤵
  PID:5348
- C:\Windows\System\lttLjxQ.exe
  C:\Windows\System\lttLjxQ.exe
  2⤵
  PID:5368
- C:\Windows\System\hfyncBz.exe
  C:\Windows\System\hfyncBz.exe
  2⤵
  PID:5384
- C:\Windows\System\JvOGhVr.exe
  C:\Windows\System\JvOGhVr.exe
  2⤵
  PID:5404
- C:\Windows\System\UxEBGwD.exe
  C:\Windows\System\UxEBGwD.exe
  2⤵
  PID:5420
- C:\Windows\System\rbkqqIl.exe
  C:\Windows\System\rbkqqIl.exe
  2⤵
  PID:5440
- C:\Windows\System\MnKIVgm.exe
  C:\Windows\System\MnKIVgm.exe
  2⤵
  PID:5456
- C:\Windows\System\EhoqRnh.exe
  C:\Windows\System\EhoqRnh.exe
  2⤵
  PID:5472
- C:\Windows\System\BgUVMpU.exe
  C:\Windows\System\BgUVMpU.exe
  2⤵
  PID:5488
- C:\Windows\System\kPmpxze.exe
  C:\Windows\System\kPmpxze.exe
  2⤵
  PID:5508
- C:\Windows\System\hBXgPjD.exe
  C:\Windows\System\hBXgPjD.exe
  2⤵
  PID:5528
- C:\Windows\System\WBErmew.exe
  C:\Windows\System\WBErmew.exe
  2⤵
  PID:5544
- C:\Windows\System\xuzlMtH.exe
  C:\Windows\System\xuzlMtH.exe
  2⤵
  PID:5564
- C:\Windows\System\UmNBhyZ.exe
  C:\Windows\System\UmNBhyZ.exe
  2⤵
  PID:5584
- C:\Windows\System\iXUkIhO.exe
  C:\Windows\System\iXUkIhO.exe
  2⤵
  PID:5600
- C:\Windows\System\UjGXzhx.exe
  C:\Windows\System\UjGXzhx.exe
  2⤵
  PID:5620
- C:\Windows\System\Fqeoppa.exe
  C:\Windows\System\Fqeoppa.exe
  2⤵
  PID:5636
- C:\Windows\System\sBUUAQP.exe
  C:\Windows\System\sBUUAQP.exe
  2⤵
  PID:5724
- C:\Windows\System\sZtgLdQ.exe
  C:\Windows\System\sZtgLdQ.exe
  2⤵
  PID:5740
- C:\Windows\System\VRRpAhK.exe
  C:\Windows\System\VRRpAhK.exe
  2⤵
  PID:5756
- C:\Windows\System\lRnOUeq.exe
  C:\Windows\System\lRnOUeq.exe
  2⤵
  PID:5772
- C:\Windows\System\AOXoqeo.exe
  C:\Windows\System\AOXoqeo.exe
  2⤵
  PID:5788
- C:\Windows\System\DcNwEhg.exe
  C:\Windows\System\DcNwEhg.exe
  2⤵
  PID:5804
- C:\Windows\System\btgniqS.exe
  C:\Windows\System\btgniqS.exe
  2⤵
  PID:5820
- C:\Windows\System\AAYJKRf.exe
  C:\Windows\System\AAYJKRf.exe
  2⤵
  PID:5836
- C:\Windows\System\nLmjams.exe
  C:\Windows\System\nLmjams.exe
  2⤵
  PID:5852
- C:\Windows\System\mSDSRyU.exe
  C:\Windows\System\mSDSRyU.exe
  2⤵
  PID:5868
- C:\Windows\System\jPYwTYh.exe
  C:\Windows\System\jPYwTYh.exe
  2⤵
  PID:5884
- C:\Windows\System\eEXabDf.exe
  C:\Windows\System\eEXabDf.exe
  2⤵
  PID:5900
- C:\Windows\System\aJhiHHz.exe
  C:\Windows\System\aJhiHHz.exe
  2⤵
  PID:5928
- C:\Windows\System\StWafUI.exe
  C:\Windows\System\StWafUI.exe
  2⤵
  PID:5960
- C:\Windows\System\kkfXSii.exe
  C:\Windows\System\kkfXSii.exe
  2⤵
  PID:5984
- C:\Windows\System\TmPJUMI.exe
  C:\Windows\System\TmPJUMI.exe
  2⤵
  PID:6000
- C:\Windows\System\EvkJzfe.exe
  C:\Windows\System\EvkJzfe.exe
  2⤵
  PID:6024
- C:\Windows\System\ntuEJzs.exe
  C:\Windows\System\ntuEJzs.exe
  2⤵
  PID:6044
- C:\Windows\System\VosfIZZ.exe
  C:\Windows\System\VosfIZZ.exe
  2⤵
  PID:6064
- C:\Windows\System\XZEvrjC.exe
  C:\Windows\System\XZEvrjC.exe
  2⤵
  PID:6080
- C:\Windows\System\ETzMVgY.exe
  C:\Windows\System\ETzMVgY.exe
  2⤵
  PID:6100
- C:\Windows\System\weScieJ.exe
  C:\Windows\System\weScieJ.exe
  2⤵
  PID:6116
- C:\Windows\System\GljNnKU.exe
  C:\Windows\System\GljNnKU.exe
  2⤵
  PID:6136
- C:\Windows\System\FEhWERE.exe
  C:\Windows\System\FEhWERE.exe
  2⤵
  PID:1164
- C:\Windows\System\DgErIVL.exe
  C:\Windows\System\DgErIVL.exe
  2⤵
  PID:1508
- C:\Windows\System\vfITWgW.exe
  C:\Windows\System\vfITWgW.exe
  2⤵
  PID:5164
- C:\Windows\System\wETxmIk.exe
  C:\Windows\System\wETxmIk.exe
  2⤵
  PID:5128
- C:\Windows\System\ODvTazR.exe
  C:\Windows\System\ODvTazR.exe
  2⤵
  PID:5144
- C:\Windows\System\ecvMnlM.exe
  C:\Windows\System\ecvMnlM.exe
  2⤵
  PID:2544
- C:\Windows\System\FEPbnSp.exe
  C:\Windows\System\FEPbnSp.exe
  2⤵
  PID:5220
- C:\Windows\System\uWmHCFG.exe
  C:\Windows\System\uWmHCFG.exe
  2⤵
  PID:5296
- C:\Windows\System\ArUOWxR.exe
  C:\Windows\System\ArUOWxR.exe
  2⤵
  PID:5188
- C:\Windows\System\VPSpZzN.exe
  C:\Windows\System\VPSpZzN.exe
  2⤵
  PID:5400
- C:\Windows\System\nnlzhpK.exe
  C:\Windows\System\nnlzhpK.exe
  2⤵
  PID:5468
- C:\Windows\System\ceaHFLB.exe
  C:\Windows\System\ceaHFLB.exe
  2⤵
  PID:5540
- C:\Windows\System\pVmZRwE.exe
  C:\Windows\System\pVmZRwE.exe
  2⤵
  PID:5612
- C:\Windows\System\wWBIgkC.exe
  C:\Windows\System\wWBIgkC.exe
  2⤵
  PID:5276
- C:\Windows\System\UQIdkSH.exe
  C:\Windows\System\UQIdkSH.exe
  2⤵
  PID:5628
- C:\Windows\System\eEnaZOy.exe
  C:\Windows\System\eEnaZOy.exe
  2⤵
  PID:5448
- C:\Windows\System\fNnRcwu.exe
  C:\Windows\System\fNnRcwu.exe
  2⤵
  PID:5484
- C:\Windows\System\FPcEiIe.exe
  C:\Windows\System\FPcEiIe.exe
  2⤵
  PID:5592
- C:\Windows\System\CGFSqkx.exe
  C:\Windows\System\CGFSqkx.exe
  2⤵
  PID:5656
- C:\Windows\System\jQwhenb.exe
  C:\Windows\System\jQwhenb.exe
  2⤵
  PID:5580
- C:\Windows\System\IvdQtKw.exe
  C:\Windows\System\IvdQtKw.exe
  2⤵
  PID:5676
- C:\Windows\System\TuhKkGi.exe
  C:\Windows\System\TuhKkGi.exe
  2⤵
  PID:5768
- C:\Windows\System\lXCCdgJ.exe
  C:\Windows\System\lXCCdgJ.exe
  2⤵
  PID:5832
- C:\Windows\System\NmMALNq.exe
  C:\Windows\System\NmMALNq.exe
  2⤵
  PID:5684
- C:\Windows\System\WXUuQzr.exe
  C:\Windows\System\WXUuQzr.exe
  2⤵
  PID:5708
- C:\Windows\System\qWEgwuz.exe
  C:\Windows\System\qWEgwuz.exe
  2⤵
  PID:5648
- C:\Windows\System\AAYmdHY.exe
  C:\Windows\System\AAYmdHY.exe
  2⤵
  PID:5784
- C:\Windows\System\AGCytSN.exe
  C:\Windows\System\AGCytSN.exe
  2⤵
  PID:5948
- C:\Windows\System\rtwyTLu.exe
  C:\Windows\System\rtwyTLu.exe
  2⤵
  PID:5812
- C:\Windows\System\zKnKVfK.exe
  C:\Windows\System\zKnKVfK.exe
  2⤵
  PID:5980
- C:\Windows\System\rrEMYXx.exe
  C:\Windows\System\rrEMYXx.exe
  2⤵
  PID:5920
- C:\Windows\System\WQvzCEu.exe
  C:\Windows\System\WQvzCEu.exe
  2⤵
  PID:6092
- C:\Windows\System\GEwtDXM.exe
  C:\Windows\System\GEwtDXM.exe
  2⤵
  PID:6040
- C:\Windows\System\mmhKGjG.exe
  C:\Windows\System\mmhKGjG.exe
  2⤵
  PID:6016
- C:\Windows\System\qyUlNfP.exe
  C:\Windows\System\qyUlNfP.exe
  2⤵
  PID:6076
- C:\Windows\System\YZoegmc.exe
  C:\Windows\System\YZoegmc.exe
  2⤵
  PID:4572
- C:\Windows\System\oAGCUAh.exe
  C:\Windows\System\oAGCUAh.exe
  2⤵
  PID:2644
- C:\Windows\System\iygXqqS.exe
  C:\Windows\System\iygXqqS.exe
  2⤵
  PID:2552
- C:\Windows\System\BNRWdzl.exe
  C:\Windows\System\BNRWdzl.exe
  2⤵
  PID:1940
- C:\Windows\System\KgCPqmn.exe
  C:\Windows\System\KgCPqmn.exe
  2⤵
  PID:844
- C:\Windows\System\xcXpLqk.exe
  C:\Windows\System\xcXpLqk.exe
  2⤵
  PID:5416
- C:\Windows\System\qbyvYNw.exe
  C:\Windows\System\qbyvYNw.exe
  2⤵
  PID:4420
- C:\Windows\System\UsmuQwK.exe
  C:\Windows\System\UsmuQwK.exe
  2⤵
  PID:5376
- C:\Windows\System\AqScCls.exe
  C:\Windows\System\AqScCls.exe
  2⤵
  PID:5504
- C:\Windows\System\JEuDcJq.exe
  C:\Windows\System\JEuDcJq.exe
  2⤵
  PID:5380
- C:\Windows\System\dTnoRBL.exe
  C:\Windows\System\dTnoRBL.exe
  2⤵
  PID:5556
- C:\Windows\System\iombhkD.exe
  C:\Windows\System\iombhkD.exe
  2⤵
  PID:5664
- C:\Windows\System\UnUsRnb.exe
  C:\Windows\System\UnUsRnb.exe
  2⤵
  PID:5680
- C:\Windows\System\swBpSum.exe
  C:\Windows\System\swBpSum.exe
  2⤵
  PID:5572
- C:\Windows\System\qlbRJVh.exe
  C:\Windows\System\qlbRJVh.exe
  2⤵
  PID:5452
- C:\Windows\System\puYmLGz.exe
  C:\Windows\System\puYmLGz.exe
  2⤵
  PID:2988
- C:\Windows\System\pebcEnH.exe
  C:\Windows\System\pebcEnH.exe
  2⤵
  PID:5972
- C:\Windows\System\QMTbUmF.exe
  C:\Windows\System\QMTbUmF.exe
  2⤵
  PID:5800
- C:\Windows\System\cnOzDde.exe
  C:\Windows\System\cnOzDde.exe
  2⤵
  PID:440
- C:\Windows\System\uDHVwOd.exe
  C:\Windows\System\uDHVwOd.exe
  2⤵
  PID:2464
- C:\Windows\System\eyEtYNF.exe
  C:\Windows\System\eyEtYNF.exe
  2⤵
  PID:5192
- C:\Windows\System\xWoSzAQ.exe
  C:\Windows\System\xWoSzAQ.exe
  2⤵
  PID:5356
- C:\Windows\System\OfEedGD.exe
  C:\Windows\System\OfEedGD.exe
  2⤵
  PID:5168
- C:\Windows\System\ePtbYXR.exe
  C:\Windows\System\ePtbYXR.exe
  2⤵
  PID:5228
- C:\Windows\System\SNsnuFk.exe
  C:\Windows\System\SNsnuFk.exe
  2⤵
  PID:5864
- C:\Windows\System\NyYzfUA.exe
  C:\Windows\System\NyYzfUA.exe
  2⤵
  PID:6088
- C:\Windows\System\NVEdrjr.exe
  C:\Windows\System\NVEdrjr.exe
  2⤵
  PID:5152
- C:\Windows\System\SfoHMOQ.exe
  C:\Windows\System\SfoHMOQ.exe
  2⤵
  PID:6156
- C:\Windows\System\QBapVJK.exe
  C:\Windows\System\QBapVJK.exe
  2⤵
  PID:6176
- C:\Windows\System\yFtxgxF.exe
  C:\Windows\System\yFtxgxF.exe
  2⤵
  PID:6196
- C:\Windows\System\DDyrgCH.exe
  C:\Windows\System\DDyrgCH.exe
  2⤵
  PID:6212
- C:\Windows\System\ZcLuzEq.exe
  C:\Windows\System\ZcLuzEq.exe
  2⤵
  PID:6232
- C:\Windows\System\cMDXopA.exe
  C:\Windows\System\cMDXopA.exe
  2⤵
  PID:6248
- C:\Windows\System\ivPaQBa.exe
  C:\Windows\System\ivPaQBa.exe
  2⤵
  PID:6268
- C:\Windows\System\XadSoyX.exe
  C:\Windows\System\XadSoyX.exe
  2⤵
  PID:6288
- C:\Windows\System\lAyWuwK.exe
  C:\Windows\System\lAyWuwK.exe
  2⤵
  PID:6308
- C:\Windows\System\xyzAgTE.exe
  C:\Windows\System\xyzAgTE.exe
  2⤵
  PID:6324
- C:\Windows\System\iArxKPy.exe
  C:\Windows\System\iArxKPy.exe
  2⤵
  PID:6344
- C:\Windows\System\YHNVCjE.exe
  C:\Windows\System\YHNVCjE.exe
  2⤵
  PID:6364
- C:\Windows\System\LDLNfjt.exe
  C:\Windows\System\LDLNfjt.exe
  2⤵
  PID:6384
- C:\Windows\System\QqsHFOo.exe
  C:\Windows\System\QqsHFOo.exe
  2⤵
  PID:6404
- C:\Windows\System\kpcNkAE.exe
  C:\Windows\System\kpcNkAE.exe
  2⤵
  PID:6420
- C:\Windows\System\PafySDl.exe
  C:\Windows\System\PafySDl.exe
  2⤵
  PID:6440
- C:\Windows\System\KwQzVCe.exe
  C:\Windows\System\KwQzVCe.exe
  2⤵
  PID:6456
- C:\Windows\System\WXrAUVY.exe
  C:\Windows\System\WXrAUVY.exe
  2⤵
  PID:6476
- C:\Windows\System\qajJlcu.exe
  C:\Windows\System\qajJlcu.exe
  2⤵
  PID:6492
- C:\Windows\System\WxQBVFQ.exe
  C:\Windows\System\WxQBVFQ.exe
  2⤵
  PID:6512
- C:\Windows\System\iBcMfYj.exe
  C:\Windows\System\iBcMfYj.exe
  2⤵
  PID:6528
- C:\Windows\System\wLqzGMU.exe
  C:\Windows\System\wLqzGMU.exe
  2⤵
  PID:6564
- C:\Windows\System\zRmNszp.exe
  C:\Windows\System\zRmNszp.exe
  2⤵
  PID:6580
- C:\Windows\System\dluHgpe.exe
  C:\Windows\System\dluHgpe.exe
  2⤵
  PID:6600
- C:\Windows\System\ObQTIuE.exe
  C:\Windows\System\ObQTIuE.exe
  2⤵
  PID:6616
- C:\Windows\System\PQPsgAU.exe
  C:\Windows\System\PQPsgAU.exe
  2⤵
  PID:6640
- C:\Windows\System\tHXwlXG.exe
  C:\Windows\System\tHXwlXG.exe
  2⤵
  PID:6656
- C:\Windows\System\EMxXjoe.exe
  C:\Windows\System\EMxXjoe.exe
  2⤵
  PID:6676
- C:\Windows\System\rjnGYEb.exe
  C:\Windows\System\rjnGYEb.exe
  2⤵
  PID:6692
- C:\Windows\System\llHPwpi.exe
  C:\Windows\System\llHPwpi.exe
  2⤵
  PID:6788
- C:\Windows\System\USvVzFt.exe
  C:\Windows\System\USvVzFt.exe
  2⤵
  PID:6804
- C:\Windows\System\VHnGVgt.exe
  C:\Windows\System\VHnGVgt.exe
  2⤵
  PID:6820
- C:\Windows\System\HNtBtxP.exe
  C:\Windows\System\HNtBtxP.exe
  2⤵
  PID:6840
- C:\Windows\System\rxKfdak.exe
  C:\Windows\System\rxKfdak.exe
  2⤵
  PID:6860
- C:\Windows\System\xrUPzJm.exe
  C:\Windows\System\xrUPzJm.exe
  2⤵
  PID:6876
- C:\Windows\System\SRqhZdy.exe
  C:\Windows\System\SRqhZdy.exe
  2⤵
  PID:6896
- C:\Windows\System\FallQIq.exe
  C:\Windows\System\FallQIq.exe
  2⤵
  PID:6912
- C:\Windows\System\vBDblEx.exe
  C:\Windows\System\vBDblEx.exe
  2⤵
  PID:6932
- C:\Windows\System\cafefuI.exe
  C:\Windows\System\cafefuI.exe
  2⤵
  PID:6948
- C:\Windows\System\zlqBrSG.exe
  C:\Windows\System\zlqBrSG.exe
  2⤵
  PID:6968
- C:\Windows\System\lepGaoY.exe
  C:\Windows\System\lepGaoY.exe
  2⤵
  PID:6984
- C:\Windows\System\SIZWbxj.exe
  C:\Windows\System\SIZWbxj.exe
  2⤵
  PID:7032
- C:\Windows\System\JcnSagQ.exe
  C:\Windows\System\JcnSagQ.exe
  2⤵
  PID:7052
- C:\Windows\System\OdfvjIh.exe
  C:\Windows\System\OdfvjIh.exe
  2⤵
  PID:7068
- C:\Windows\System\IBIwqMX.exe
  C:\Windows\System\IBIwqMX.exe
  2⤵
  PID:7084
- C:\Windows\System\gQNZjfd.exe
  C:\Windows\System\gQNZjfd.exe
  2⤵
  PID:7100
- C:\Windows\System\eIXSHnl.exe
  C:\Windows\System\eIXSHnl.exe
  2⤵
  PID:7116
- C:\Windows\System\CzibmMo.exe
  C:\Windows\System\CzibmMo.exe
  2⤵
  PID:7132
- C:\Windows\System\bEtZphD.exe
  C:\Windows\System\bEtZphD.exe
  2⤵
  PID:7156
- C:\Windows\System\oQoJRVh.exe
  C:\Windows\System\oQoJRVh.exe
  2⤵
  PID:5892
- C:\Windows\System\uDalvJM.exe
  C:\Windows\System\uDalvJM.exe
  2⤵
  PID:5464
- C:\Windows\System\tYHQAcy.exe
  C:\Windows\System\tYHQAcy.exe
  2⤵
  PID:6172
- C:\Windows\System\eEoTfVo.exe
  C:\Windows\System\eEoTfVo.exe
  2⤵
  PID:6316
- C:\Windows\System\IRxFcyQ.exe
  C:\Windows\System\IRxFcyQ.exe
  2⤵
  PID:5992
- C:\Windows\System\HYyOJSU.exe
  C:\Windows\System\HYyOJSU.exe
  2⤵
  PID:5912
- C:\Windows\System\ysEscvj.exe
  C:\Windows\System\ysEscvj.exe
  2⤵
  PID:5968
- C:\Windows\System\UouDRTa.exe
  C:\Windows\System\UouDRTa.exe
  2⤵
  PID:2676
- C:\Windows\System\WLxSLRd.exe
  C:\Windows\System\WLxSLRd.exe
  2⤵
  PID:2832
- C:\Windows\System\rNoempK.exe
  C:\Windows\System\rNoempK.exe
  2⤵
  PID:6400
- C:\Windows\System\hDGSaUw.exe
  C:\Windows\System\hDGSaUw.exe
  2⤵
  PID:6432
- C:\Windows\System\ckzmfHi.exe
  C:\Windows\System\ckzmfHi.exe
  2⤵
  PID:6468
- C:\Windows\System\DKvdLbM.exe
  C:\Windows\System\DKvdLbM.exe
  2⤵
  PID:6504
- C:\Windows\System\EGlRjLf.exe
  C:\Windows\System\EGlRjLf.exe
  2⤵
  PID:6548
- C:\Windows\System\JhuXyYt.exe
  C:\Windows\System\JhuXyYt.exe
  2⤵
  PID:1364
- C:\Windows\System\oFnSVeP.exe
  C:\Windows\System\oFnSVeP.exe
  2⤵
  PID:6628
- C:\Windows\System\NIhRZJO.exe
  C:\Windows\System\NIhRZJO.exe
  2⤵
  PID:6668
- C:\Windows\System\xCNApmD.exe
  C:\Windows\System\xCNApmD.exe
  2⤵
  PID:2840
- C:\Windows\System\pjSkDBH.exe
  C:\Windows\System\pjSkDBH.exe
  2⤵
  PID:6720
- C:\Windows\System\SLOwhlT.exe
  C:\Windows\System\SLOwhlT.exe
  2⤵
  PID:6732
- C:\Windows\System\yMhqItZ.exe
  C:\Windows\System\yMhqItZ.exe
  2⤵
  PID:6296
- C:\Windows\System\mYNmIDe.exe
  C:\Windows\System\mYNmIDe.exe
  2⤵
  PID:6020
- C:\Windows\System\gykUHJf.exe
  C:\Windows\System\gykUHJf.exe
  2⤵
  PID:1012
- C:\Windows\System\WAmLckD.exe
  C:\Windows\System\WAmLckD.exe
  2⤵
  PID:6096
- C:\Windows\System\zKgOYan.exe
  C:\Windows\System\zKgOYan.exe
  2⤵
  PID:6752
- C:\Windows\System\LvNfTZl.exe
  C:\Windows\System\LvNfTZl.exe
  2⤵
  PID:1952
- C:\Windows\System\YLjeLyz.exe
  C:\Windows\System\YLjeLyz.exe
  2⤵
  PID:2172
- C:\Windows\System\yFEzOpD.exe
  C:\Windows\System\yFEzOpD.exe
  2⤵
  PID:6888
- C:\Windows\System\wFkgMPY.exe
  C:\Windows\System\wFkgMPY.exe
  2⤵
  PID:6964
- C:\Windows\System\bNwrTPj.exe
  C:\Windows\System\bNwrTPj.exe
  2⤵
  PID:5244
- C:\Windows\System\FuAMVvJ.exe
  C:\Windows\System\FuAMVvJ.exe
  2⤵
  PID:5876
- C:\Windows\System\ZBmExJW.exe
  C:\Windows\System\ZBmExJW.exe
  2⤵
  PID:5292
- C:\Windows\System\GGvdUBH.exe
  C:\Windows\System\GGvdUBH.exe
  2⤵
  PID:5944
- C:\Windows\System\QWkNmFA.exe
  C:\Windows\System\QWkNmFA.exe
  2⤵
  PID:5880
- C:\Windows\System\EsjmPRx.exe
  C:\Windows\System\EsjmPRx.exe
  2⤵
  PID:6224
- C:\Windows\System\hbuqxUb.exe
  C:\Windows\System\hbuqxUb.exe
  2⤵
  PID:6304
- C:\Windows\System\yLzXpQS.exe
  C:\Windows\System\yLzXpQS.exe
  2⤵
  PID:7008
- C:\Windows\System\TMydGbR.exe
  C:\Windows\System\TMydGbR.exe
  2⤵
  PID:6332
- C:\Windows\System\ibgDqaU.exe
  C:\Windows\System\ibgDqaU.exe
  2⤵
  PID:6452
- C:\Windows\System\EPwdOnr.exe
  C:\Windows\System\EPwdOnr.exe
  2⤵
  PID:6572
- C:\Windows\System\pkSnWkM.exe
  C:\Windows\System\pkSnWkM.exe
  2⤵
  PID:6652
- C:\Windows\System\YoFvqYv.exe
  C:\Windows\System\YoFvqYv.exe
  2⤵
  PID:6976
- C:\Windows\System\cjQfSuF.exe
  C:\Windows\System\cjQfSuF.exe
  2⤵
  PID:6836
- C:\Windows\System\MttoEDA.exe
  C:\Windows\System\MttoEDA.exe
  2⤵
  PID:6980
- C:\Windows\System\ndnGvXY.exe
  C:\Windows\System\ndnGvXY.exe
  2⤵
  PID:7064
- C:\Windows\System\dnspTOE.exe
  C:\Windows\System\dnspTOE.exe
  2⤵
  PID:7060
- C:\Windows\System\zTWpDQW.exe
  C:\Windows\System\zTWpDQW.exe
  2⤵
  PID:5576
- C:\Windows\System\BzHrCBO.exe
  C:\Windows\System\BzHrCBO.exe
  2⤵
  PID:7044
- C:\Windows\System\EFhHlkJ.exe
  C:\Windows\System\EFhHlkJ.exe
  2⤵
  PID:7140
- C:\Windows\System\wJQGgYF.exe
  C:\Windows\System\wJQGgYF.exe
  2⤵
  PID:6244
- C:\Windows\System\mldZwqj.exe
  C:\Windows\System\mldZwqj.exe
  2⤵
  PID:6168
- C:\Windows\System\AtpmBti.exe
  C:\Windows\System\AtpmBti.exe
  2⤵
  PID:5688
- C:\Windows\System\QKwtBFR.exe
  C:\Windows\System\QKwtBFR.exe
  2⤵
  PID:956
- C:\Windows\System\BpumJPK.exe
  C:\Windows\System\BpumJPK.exe
  2⤵
  PID:6588
- C:\Windows\System\LChruab.exe
  C:\Windows\System\LChruab.exe
  2⤵
  PID:6672
- C:\Windows\System\DQfgWPr.exe
  C:\Windows\System\DQfgWPr.exe
  2⤵
  PID:6708
- C:\Windows\System\OnFaWYi.exe
  C:\Windows\System\OnFaWYi.exe
  2⤵
  PID:6056
- C:\Windows\System\zKMyqaV.exe
  C:\Windows\System\zKMyqaV.exe
  2⤵
  PID:6624
- C:\Windows\System\LYxdaXO.exe
  C:\Windows\System\LYxdaXO.exe
  2⤵
  PID:1332
- C:\Windows\System\OwJaVFd.exe
  C:\Windows\System\OwJaVFd.exe
  2⤵
  PID:6776
- C:\Windows\System\hOGAnLP.exe
  C:\Windows\System\hOGAnLP.exe
  2⤵
  PID:6544
- C:\Windows\System\ccyfRHB.exe
  C:\Windows\System\ccyfRHB.exe
  2⤵
  PID:6768
- C:\Windows\System\pWRXgcM.exe
  C:\Windows\System\pWRXgcM.exe
  2⤵
  PID:6152
- C:\Windows\System\VtTEkBr.exe
  C:\Windows\System\VtTEkBr.exe
  2⤵
  PID:6780
- C:\Windows\System\XkESunZ.exe
  C:\Windows\System\XkESunZ.exe
  2⤵
  PID:6856
- C:\Windows\System\cATQWAX.exe
  C:\Windows\System\cATQWAX.exe
  2⤵
  PID:6924
- C:\Windows\System\GzIsdsU.exe
  C:\Windows\System\GzIsdsU.exe
  2⤵
  PID:2024
- C:\Windows\System\eVVTEmL.exe
  C:\Windows\System\eVVTEmL.exe
  2⤵
  PID:7000
- C:\Windows\System\dJsQLKx.exe
  C:\Windows\System\dJsQLKx.exe
  2⤵
  PID:6376
- C:\Windows\System\QyCKIle.exe
  C:\Windows\System\QyCKIle.exe
  2⤵
  PID:6448
- C:\Windows\System\WDiheCm.exe
  C:\Windows\System\WDiheCm.exe
  2⤵
  PID:6940
- C:\Windows\System\PjrSUHr.exe
  C:\Windows\System\PjrSUHr.exe
  2⤵
  PID:7016
- C:\Windows\System\FqPfgtg.exe
  C:\Windows\System\FqPfgtg.exe
  2⤵
  PID:6612
- C:\Windows\System\PmBymmG.exe
  C:\Windows\System\PmBymmG.exe
  2⤵
  PID:7164
- C:\Windows\System\lIKDfBh.exe
  C:\Windows\System\lIKDfBh.exe
  2⤵
  PID:6688
- C:\Windows\System\ZXGVoAI.exe
  C:\Windows\System\ZXGVoAI.exe
  2⤵
  PID:7124
- C:\Windows\System\xtjpnhz.exe
  C:\Windows\System\xtjpnhz.exe
  2⤵
  PID:6904
- C:\Windows\System\kcZwCFu.exe
  C:\Windows\System\kcZwCFu.exe
  2⤵
  PID:7148
- C:\Windows\System\cVHseZq.exe
  C:\Windows\System\cVHseZq.exe
  2⤵
  PID:2188
- C:\Windows\System\tflolkN.exe
  C:\Windows\System\tflolkN.exe
  2⤵
  PID:6736
- C:\Windows\System\hRplROg.exe
  C:\Windows\System\hRplROg.exe
  2⤵
  PID:6208
- C:\Windows\System\MAZuevY.exe
  C:\Windows\System\MAZuevY.exe
  2⤵
  PID:7028
- C:\Windows\System\kQcnZcQ.exe
  C:\Windows\System\kQcnZcQ.exe
  2⤵
  PID:6464
- C:\Windows\System\mZIWQnz.exe
  C:\Windows\System\mZIWQnz.exe
  2⤵
  PID:1800
- C:\Windows\System\pNtPoEB.exe
  C:\Windows\System\pNtPoEB.exe
  2⤵
  PID:6728
- C:\Windows\System\YFFfYfv.exe
  C:\Windows\System\YFFfYfv.exe
  2⤵
  PID:6748
- C:\Windows\System\rBGhWPS.exe
  C:\Windows\System\rBGhWPS.exe
  2⤵
  PID:6760
- C:\Windows\System\EwBVGaA.exe
  C:\Windows\System\EwBVGaA.exe
  2⤵
  PID:6340
- C:\Windows\System\EgaGRmU.exe
  C:\Windows\System\EgaGRmU.exe
  2⤵
  PID:6260
- C:\Windows\System\XBQNOrS.exe
  C:\Windows\System\XBQNOrS.exe
  2⤵
  PID:6772
- C:\Windows\System\WlyQPHi.exe
  C:\Windows\System\WlyQPHi.exe
  2⤵
  PID:6884
- C:\Windows\System\IaKJpcy.exe
  C:\Windows\System\IaKJpcy.exe
  2⤵
  PID:7080
- C:\Windows\System\OeOTVHX.exe
  C:\Windows\System\OeOTVHX.exe
  2⤵
  PID:6868
- C:\Windows\System\QeSjolL.exe
  C:\Windows\System\QeSjolL.exe
  2⤵
  PID:6556
- C:\Windows\System\uQWJiTI.exe
  C:\Windows\System\uQWJiTI.exe
  2⤵
  PID:6784
- C:\Windows\System\FKmaACi.exe
  C:\Windows\System\FKmaACi.exe
  2⤵
  PID:6756
- C:\Windows\System\Jvvheet.exe
  C:\Windows\System\Jvvheet.exe
  2⤵
  PID:6872
- C:\Windows\System\qIOIuis.exe
  C:\Windows\System\qIOIuis.exe
  2⤵
  PID:6816
- C:\Windows\System\HwrOZnX.exe
  C:\Windows\System\HwrOZnX.exe
  2⤵
  PID:7180
- C:\Windows\System\vklksIW.exe
  C:\Windows\System\vklksIW.exe
  2⤵
  PID:7196
- C:\Windows\System\hbJtkyz.exe
  C:\Windows\System\hbJtkyz.exe
  2⤵
  PID:7212
- C:\Windows\System\IAwWUma.exe
  C:\Windows\System\IAwWUma.exe
  2⤵
  PID:7228
- C:\Windows\System\CQJgJHE.exe
  C:\Windows\System\CQJgJHE.exe
  2⤵
  PID:7244
- C:\Windows\System\fcWVPCu.exe
  C:\Windows\System\fcWVPCu.exe
  2⤵
  PID:7268
- C:\Windows\System\GaSuVQS.exe
  C:\Windows\System\GaSuVQS.exe
  2⤵
  PID:7288
- C:\Windows\System\CBIRtuj.exe
  C:\Windows\System\CBIRtuj.exe
  2⤵
  PID:7304
- C:\Windows\System\NfpFgCZ.exe
  C:\Windows\System\NfpFgCZ.exe
  2⤵
  PID:7324
- C:\Windows\System\RyojZWg.exe
  C:\Windows\System\RyojZWg.exe
  2⤵
  PID:7344
- C:\Windows\System\KeMbwQC.exe
  C:\Windows\System\KeMbwQC.exe
  2⤵
  PID:7360
- C:\Windows\System\MNOzZRH.exe
  C:\Windows\System\MNOzZRH.exe
  2⤵
  PID:7380
- C:\Windows\System\cyWcqqB.exe
  C:\Windows\System\cyWcqqB.exe
  2⤵
  PID:7396
- C:\Windows\System\PxMIaUF.exe
  C:\Windows\System\PxMIaUF.exe
  2⤵
  PID:7416
- C:\Windows\System\gAUXCTM.exe
  C:\Windows\System\gAUXCTM.exe
  2⤵
  PID:7432
- C:\Windows\System\bFsIrXv.exe
  C:\Windows\System\bFsIrXv.exe
  2⤵
  PID:7452
- C:\Windows\System\kqyTGKL.exe
  C:\Windows\System\kqyTGKL.exe
  2⤵
  PID:7472
- C:\Windows\System\iGapqzp.exe
  C:\Windows\System\iGapqzp.exe
  2⤵
  PID:7488
- C:\Windows\System\JLDBtVx.exe
  C:\Windows\System\JLDBtVx.exe
  2⤵
  PID:7504
- C:\Windows\System\HxrBCCV.exe
  C:\Windows\System\HxrBCCV.exe
  2⤵
  PID:7520
- C:\Windows\System\qXscKwb.exe
  C:\Windows\System\qXscKwb.exe
  2⤵
  PID:7540
- C:\Windows\System\tvqzhhC.exe
  C:\Windows\System\tvqzhhC.exe
  2⤵
  PID:7560
- C:\Windows\System\NsYstHa.exe
  C:\Windows\System\NsYstHa.exe
  2⤵
  PID:7576
- C:\Windows\System\NDdiLpN.exe
  C:\Windows\System\NDdiLpN.exe
  2⤵
  PID:7596
- C:\Windows\System\RUyUILQ.exe
  C:\Windows\System\RUyUILQ.exe
  2⤵
  PID:7612
- C:\Windows\System\PnnzmGa.exe
  C:\Windows\System\PnnzmGa.exe
  2⤵
  PID:7736
- C:\Windows\System\XRJgHft.exe
  C:\Windows\System\XRJgHft.exe
  2⤵
  PID:7756
- C:\Windows\System\PRAWOyV.exe
  C:\Windows\System\PRAWOyV.exe
  2⤵
  PID:7772
- C:\Windows\System\krNdLha.exe
  C:\Windows\System\krNdLha.exe
  2⤵
  PID:7792
- C:\Windows\System\LryZLAf.exe
  C:\Windows\System\LryZLAf.exe
  2⤵
  PID:7808
- C:\Windows\System\eeMLEKY.exe
  C:\Windows\System\eeMLEKY.exe
  2⤵
  PID:7824
- C:\Windows\System\xDwnVsw.exe
  C:\Windows\System\xDwnVsw.exe
  2⤵
  PID:7844
- C:\Windows\System\cXovCYB.exe
  C:\Windows\System\cXovCYB.exe
  2⤵
  PID:7860
- C:\Windows\System\SVOiZXk.exe
  C:\Windows\System\SVOiZXk.exe
  2⤵
  PID:7876
- C:\Windows\System\fiistuT.exe
  C:\Windows\System\fiistuT.exe
  2⤵
  PID:7924
- C:\Windows\System\hvtgPDd.exe
  C:\Windows\System\hvtgPDd.exe
  2⤵
  PID:7940
- C:\Windows\System\CFDJFRv.exe
  C:\Windows\System\CFDJFRv.exe
  2⤵
  PID:7956
- C:\Windows\System\CSSuHqg.exe
  C:\Windows\System\CSSuHqg.exe
  2⤵
  PID:7972
- C:\Windows\System\UAUYtuW.exe
  C:\Windows\System\UAUYtuW.exe
  2⤵
  PID:7988
- C:\Windows\System\CyaSkUB.exe
  C:\Windows\System\CyaSkUB.exe
  2⤵
  PID:8008
- C:\Windows\System\mmImyxX.exe
  C:\Windows\System\mmImyxX.exe
  2⤵
  PID:8028
- C:\Windows\System\dBVjZBU.exe
  C:\Windows\System\dBVjZBU.exe
  2⤵
  PID:8048
- C:\Windows\System\pseXeAT.exe
  C:\Windows\System\pseXeAT.exe
  2⤵
  PID:8064
- C:\Windows\System\SGvpkKB.exe
  C:\Windows\System\SGvpkKB.exe
  2⤵
  PID:8080
- C:\Windows\System\zjppTrM.exe
  C:\Windows\System\zjppTrM.exe
  2⤵
  PID:8096
- C:\Windows\System\ayNHcQt.exe
  C:\Windows\System\ayNHcQt.exe
  2⤵
  PID:8112
- C:\Windows\System\MxUIanc.exe
  C:\Windows\System\MxUIanc.exe
  2⤵
  PID:8132
- C:\Windows\System\BuBItVv.exe
  C:\Windows\System\BuBItVv.exe
  2⤵
  PID:8148
- C:\Windows\System\QxMMnpl.exe
  C:\Windows\System\QxMMnpl.exe
  2⤵
  PID:8168
- C:\Windows\System\qtHfkph.exe
  C:\Windows\System\qtHfkph.exe
  2⤵
  PID:8188
- C:\Windows\System\xjTGTte.exe
  C:\Windows\System\xjTGTte.exe
  2⤵
  PID:7236
- C:\Windows\System\LzUbShs.exe
  C:\Windows\System\LzUbShs.exe
  2⤵
  PID:7464
- C:\Windows\System\WblCbHP.exe
  C:\Windows\System\WblCbHP.exe
  2⤵
  PID:7536
- C:\Windows\System\bmWFqbt.exe
  C:\Windows\System\bmWFqbt.exe
  2⤵
  PID:6192
- C:\Windows\System\MIfXqlc.exe
  C:\Windows\System\MIfXqlc.exe
  2⤵
  PID:5412
- C:\Windows\System\CiLbCiV.exe
  C:\Windows\System\CiLbCiV.exe
  2⤵
  PID:7608
- C:\Windows\System\IDYkffi.exe
  C:\Windows\System\IDYkffi.exe
  2⤵
  PID:3160
- C:\Windows\System\NWcGyAk.exe
  C:\Windows\System\NWcGyAk.exe
  2⤵
  PID:5704
- C:\Windows\System\tzKUuGL.exe
  C:\Windows\System\tzKUuGL.exe
  2⤵
  PID:6800
- C:\Windows\System\CziUNVD.exe
  C:\Windows\System\CziUNVD.exe
  2⤵
  PID:7368
- C:\Windows\System\OkrZzkh.exe
  C:\Windows\System\OkrZzkh.exe
  2⤵
  PID:7584
- C:\Windows\System\XMVdmja.exe
  C:\Windows\System\XMVdmja.exe
  2⤵
  PID:7112
- C:\Windows\System\vTgKVzE.exe
  C:\Windows\System\vTgKVzE.exe
  2⤵
  PID:1416
- C:\Windows\System\iZzfaYL.exe
  C:\Windows\System\iZzfaYL.exe
  2⤵
  PID:7004
- C:\Windows\System\cMGjFnQ.exe
  C:\Windows\System\cMGjFnQ.exe
  2⤵
  PID:5124
- C:\Windows\System\YzgxcuW.exe
  C:\Windows\System\YzgxcuW.exe
  2⤵
  PID:5312
- C:\Windows\System\pAeEmaR.exe
  C:\Windows\System\pAeEmaR.exe
  2⤵
  PID:7192
- C:\Windows\System\uEcVYff.exe
  C:\Windows\System\uEcVYff.exe
  2⤵
  PID:7260
- C:\Windows\System\ufnUhdz.exe
  C:\Windows\System\ufnUhdz.exe
  2⤵
  PID:7340
- C:\Windows\System\ARfKnDh.exe
  C:\Windows\System\ARfKnDh.exe
  2⤵
  PID:7448
- C:\Windows\System\eoSkVtu.exe
  C:\Windows\System\eoSkVtu.exe
  2⤵
  PID:7548
- C:\Windows\System\rsrahcI.exe
  C:\Windows\System\rsrahcI.exe
  2⤵
  PID:7592
- C:\Windows\System\eHopdNU.exe
  C:\Windows\System\eHopdNU.exe
  2⤵
  PID:7644
- C:\Windows\System\xFbRMOd.exe
  C:\Windows\System\xFbRMOd.exe
  2⤵
  PID:7712
- C:\Windows\System\mXslRnA.exe
  C:\Windows\System\mXslRnA.exe
  2⤵
  PID:7728
- C:\Windows\System\swjrTTu.exe
  C:\Windows\System\swjrTTu.exe
  2⤵
  PID:7744
- C:\Windows\System\YTRaVAK.exe
  C:\Windows\System\YTRaVAK.exe
  2⤵
  PID:7784
- C:\Windows\System\jNvZhmU.exe
  C:\Windows\System\jNvZhmU.exe
  2⤵
  PID:7856
- C:\Windows\System\iloiYCW.exe
  C:\Windows\System\iloiYCW.exe
  2⤵
  PID:7904
- C:\Windows\System\AQIayHz.exe
  C:\Windows\System\AQIayHz.exe
  2⤵
  PID:7768
- C:\Windows\System\OruWvgc.exe
  C:\Windows\System\OruWvgc.exe
  2⤵
  PID:7840
- C:\Windows\System\LWEYhpy.exe
  C:\Windows\System\LWEYhpy.exe
  2⤵
  PID:1812
- C:\Windows\System\jRVvHHG.exe
  C:\Windows\System\jRVvHHG.exe
  2⤵
  PID:7948
- C:\Windows\System\fZrdGwE.exe
  C:\Windows\System\fZrdGwE.exe
  2⤵
  PID:8020
- C:\Windows\System\IeTIwOV.exe
  C:\Windows\System\IeTIwOV.exe
  2⤵
  PID:8088
- C:\Windows\System\lHIIXJN.exe
  C:\Windows\System\lHIIXJN.exe
  2⤵
  PID:8128
- C:\Windows\System\OgAzpEx.exe
  C:\Windows\System\OgAzpEx.exe
  2⤵
  PID:7176
- C:\Windows\System\qLKhSYL.exe
  C:\Windows\System\qLKhSYL.exe
  2⤵
  PID:8040
- C:\Windows\System\gMRJALN.exe
  C:\Windows\System\gMRJALN.exe
  2⤵
  PID:8000
- C:\Windows\System\wPhoHAB.exe
  C:\Windows\System\wPhoHAB.exe
  2⤵
  PID:8076
- C:\Windows\System\LoeVNgj.exe
  C:\Windows\System\LoeVNgj.exe
  2⤵
  PID:8144
- C:\Windows\System\DDjOCnF.exe
  C:\Windows\System\DDjOCnF.exe
  2⤵
  PID:7276
- C:\Windows\System\afFMzeS.exe
  C:\Windows\System\afFMzeS.exe
  2⤵
  PID:7352
- C:\Windows\System\YNDDRCP.exe
  C:\Windows\System\YNDDRCP.exe
  2⤵
  PID:7460
- C:\Windows\System\bUJboOx.exe
  C:\Windows\System\bUJboOx.exe
  2⤵
  PID:7528
- C:\Windows\System\VuVGScc.exe
  C:\Windows\System\VuVGScc.exe
  2⤵
  PID:5172
- C:\Windows\System\rQWzeJP.exe
  C:\Windows\System\rQWzeJP.exe
  2⤵
  PID:7480
- C:\Windows\System\RAPZAZU.exe
  C:\Windows\System\RAPZAZU.exe
  2⤵
  PID:6264
- C:\Windows\System\hLGOuHM.exe
  C:\Windows\System\hLGOuHM.exe
  2⤵
  PID:7152
- C:\Windows\System\ImCzpsE.exe
  C:\Windows\System\ImCzpsE.exe
  2⤵
  PID:7636
- C:\Windows\System\JCpYqVT.exe
  C:\Windows\System\JCpYqVT.exe
  2⤵
  PID:7568
- C:\Windows\System\zaXtBfe.exe
  C:\Windows\System\zaXtBfe.exe
  2⤵
  PID:7108
- C:\Windows\System\VROQoLl.exe
  C:\Windows\System\VROQoLl.exe
  2⤵
  PID:6524
- C:\Windows\System\lQbZWXx.exe
  C:\Windows\System\lQbZWXx.exe
  2⤵
  PID:6356
- C:\Windows\System\xFFOETg.exe
  C:\Windows\System\xFFOETg.exe
  2⤵
  PID:7256
- C:\Windows\System\AubRonm.exe
  C:\Windows\System\AubRonm.exe
  2⤵
  PID:7588
- C:\Windows\System\VDDiVTv.exe
  C:\Windows\System\VDDiVTv.exe
  2⤵
  PID:7668
- C:\Windows\System\UNLvpNU.exe
  C:\Windows\System\UNLvpNU.exe
  2⤵
  PID:7684
- C:\Windows\System\QTzlpFo.exe
  C:\Windows\System\QTzlpFo.exe
  2⤵
  PID:7708
- C:\Windows\System\IhfwHnM.exe
  C:\Windows\System\IhfwHnM.exe
  2⤵
  PID:7896
- C:\Windows\System\aELLZFi.exe
  C:\Windows\System\aELLZFi.exe
  2⤵
  PID:7832
- C:\Windows\System\GiKFVXY.exe
  C:\Windows\System\GiKFVXY.exe
  2⤵
  PID:8056
- C:\Windows\System\qCvCMcN.exe
  C:\Windows\System\qCvCMcN.exe
  2⤵
  PID:7964
- C:\Windows\System\gYvgVAt.exe
  C:\Windows\System\gYvgVAt.exe
  2⤵
  PID:7320
- C:\Windows\System\qicDdYy.exe
  C:\Windows\System\qicDdYy.exe
  2⤵
  PID:6560
- C:\Windows\System\bCAcsOJ.exe
  C:\Windows\System\bCAcsOJ.exe
  2⤵
  PID:6352
- C:\Windows\System\AzsrtXC.exe
  C:\Windows\System\AzsrtXC.exe
  2⤵
  PID:7224
- C:\Windows\System\XztPCLr.exe
  C:\Windows\System\XztPCLr.exe
  2⤵
  PID:7700
- C:\Windows\System\IUNzBea.exe
  C:\Windows\System\IUNzBea.exe
  2⤵
  PID:8160
- C:\Windows\System\VxaEvye.exe
  C:\Windows\System\VxaEvye.exe
  2⤵
  PID:8236
- C:\Windows\System\MRMSVOZ.exe
  C:\Windows\System\MRMSVOZ.exe
  2⤵
  PID:8252
- C:\Windows\System\hMqXpYA.exe
  C:\Windows\System\hMqXpYA.exe
  2⤵
  PID:8268
- C:\Windows\System\JlQzDfv.exe
  C:\Windows\System\JlQzDfv.exe
  2⤵
  PID:8288
- C:\Windows\System\YhFHJoA.exe
  C:\Windows\System\YhFHJoA.exe
  2⤵
  PID:8312
- C:\Windows\System\aEVSGiA.exe
  C:\Windows\System\aEVSGiA.exe
  2⤵
  PID:8332
- C:\Windows\System\Rjtmrhq.exe
  C:\Windows\System\Rjtmrhq.exe
  2⤵
  PID:8348
- C:\Windows\System\wRUalNm.exe
  C:\Windows\System\wRUalNm.exe
  2⤵
  PID:8380
- C:\Windows\System\KVEJfPI.exe
  C:\Windows\System\KVEJfPI.exe
  2⤵
  PID:8396
- C:\Windows\System\tZnCISi.exe
  C:\Windows\System\tZnCISi.exe
  2⤵
  PID:8412
- C:\Windows\System\MwkyeAB.exe
  C:\Windows\System\MwkyeAB.exe
  2⤵
  PID:8432
- C:\Windows\System\nWVRWpe.exe
  C:\Windows\System\nWVRWpe.exe
  2⤵
  PID:8452
- C:\Windows\System\tlyVzvY.exe
  C:\Windows\System\tlyVzvY.exe
  2⤵
  PID:8468
- C:\Windows\System\MBdDaHD.exe
  C:\Windows\System\MBdDaHD.exe
  2⤵
  PID:8484
- C:\Windows\System\dTxRXYF.exe
  C:\Windows\System\dTxRXYF.exe
  2⤵
  PID:8500
- C:\Windows\System\RvmnyDp.exe
  C:\Windows\System\RvmnyDp.exe
  2⤵
  PID:8516
- C:\Windows\System\YmirPjE.exe
  C:\Windows\System\YmirPjE.exe
  2⤵
  PID:8532
- C:\Windows\System\pvmOdyo.exe
  C:\Windows\System\pvmOdyo.exe
  2⤵
  PID:8548
- C:\Windows\System\sHmXveV.exe
  C:\Windows\System\sHmXveV.exe
  2⤵
  PID:8564
- C:\Windows\System\nhmpdpC.exe
  C:\Windows\System\nhmpdpC.exe
  2⤵
  PID:8580
- C:\Windows\System\tvSQfzV.exe
  C:\Windows\System\tvSQfzV.exe
  2⤵
  PID:8596
- C:\Windows\System\vPpZKva.exe
  C:\Windows\System\vPpZKva.exe
  2⤵
  PID:8612
- C:\Windows\System\UEcprTD.exe
  C:\Windows\System\UEcprTD.exe
  2⤵
  PID:8628
- C:\Windows\System\ghzBzyd.exe
  C:\Windows\System\ghzBzyd.exe
  2⤵
  PID:8644
- C:\Windows\System\YhJjrci.exe
  C:\Windows\System\YhJjrci.exe
  2⤵
  PID:8660
- C:\Windows\System\GhTDsZh.exe
  C:\Windows\System\GhTDsZh.exe
  2⤵
  PID:8676
- C:\Windows\System\jABvxJx.exe
  C:\Windows\System\jABvxJx.exe
  2⤵
  PID:8692
- C:\Windows\System\PYMWhwT.exe
  C:\Windows\System\PYMWhwT.exe
  2⤵
  PID:8708
- C:\Windows\System\DmYjxIX.exe
  C:\Windows\System\DmYjxIX.exe
  2⤵
  PID:8724
- C:\Windows\System\djaByop.exe
  C:\Windows\System\djaByop.exe
  2⤵
  PID:8740
- C:\Windows\System\ODcqAgF.exe
  C:\Windows\System\ODcqAgF.exe
  2⤵
  PID:8756
- C:\Windows\System\nLUFbZO.exe
  C:\Windows\System\nLUFbZO.exe
  2⤵
  PID:8784
- C:\Windows\System\WunERkY.exe
  C:\Windows\System\WunERkY.exe
  2⤵
  PID:8808
- C:\Windows\System\gxqTIRf.exe
  C:\Windows\System\gxqTIRf.exe
  2⤵
  PID:8828
- C:\Windows\System\bjXlqbu.exe
  C:\Windows\System\bjXlqbu.exe
  2⤵
  PID:8844
- C:\Windows\System\LEthvRZ.exe
  C:\Windows\System\LEthvRZ.exe
  2⤵
  PID:8860
- C:\Windows\System\lpJPeHm.exe
  C:\Windows\System\lpJPeHm.exe
  2⤵
  PID:8876
- C:\Windows\System\LKseAAE.exe
  C:\Windows\System\LKseAAE.exe
  2⤵
  PID:8892
- C:\Windows\System\lYPndKr.exe
  C:\Windows\System\lYPndKr.exe
  2⤵
  PID:8908
- C:\Windows\System\EvVSgKE.exe
  C:\Windows\System\EvVSgKE.exe
  2⤵
  PID:8924
- C:\Windows\System\sXvcUFC.exe
  C:\Windows\System\sXvcUFC.exe
  2⤵
  PID:8940
- C:\Windows\System\rRiYJuJ.exe
  C:\Windows\System\rRiYJuJ.exe
  2⤵
  PID:8956
- C:\Windows\System\WpNUAjp.exe
  C:\Windows\System\WpNUAjp.exe
  2⤵
  PID:8972
- C:\Windows\System\FxUyywa.exe
  C:\Windows\System\FxUyywa.exe
  2⤵
  PID:8988
- C:\Windows\System\IRVRKPf.exe
  C:\Windows\System\IRVRKPf.exe
  2⤵
  PID:9004
- C:\Windows\System\PRXAYOg.exe
  C:\Windows\System\PRXAYOg.exe
  2⤵
  PID:9020
- C:\Windows\System\FanQCaP.exe
  C:\Windows\System\FanQCaP.exe
  2⤵
  PID:9036
- C:\Windows\System\ukssYVG.exe
  C:\Windows\System\ukssYVG.exe
  2⤵
  PID:9052
- C:\Windows\System\vltMeWY.exe
  C:\Windows\System\vltMeWY.exe
  2⤵
  PID:9068
- C:\Windows\System\cAbgyrG.exe
  C:\Windows\System\cAbgyrG.exe
  2⤵
  PID:9084
- C:\Windows\System\XFCOcOX.exe
  C:\Windows\System\XFCOcOX.exe
  2⤵
  PID:9100
- C:\Windows\System\rbOmmAD.exe
  C:\Windows\System\rbOmmAD.exe
  2⤵
  PID:9116
- C:\Windows\System\cNJzNrw.exe
  C:\Windows\System\cNJzNrw.exe
  2⤵
  PID:9132
- C:\Windows\System\tHQdNAD.exe
  C:\Windows\System\tHQdNAD.exe
  2⤵
  PID:9148
- C:\Windows\System\IxnakJb.exe
  C:\Windows\System\IxnakJb.exe
  2⤵
  PID:9164
- C:\Windows\System\sZTqxfC.exe
  C:\Windows\System\sZTqxfC.exe
  2⤵
  PID:9212
- C:\Windows\System\ilCyiqj.exe
  C:\Windows\System\ilCyiqj.exe
  2⤵
  PID:8072
- C:\Windows\System\ctnKfju.exe
  C:\Windows\System\ctnKfju.exe
  2⤵
  PID:7752
- C:\Windows\System\KOaJIvb.exe
  C:\Windows\System\KOaJIvb.exe
  2⤵
  PID:7872
- C:\Windows\System\oFWRuKf.exe
  C:\Windows\System\oFWRuKf.exe
  2⤵
  PID:8120
- C:\Windows\System\cFPutaK.exe
  C:\Windows\System\cFPutaK.exe
  2⤵
  PID:8184
- C:\Windows\System\NKLLsEv.exe
  C:\Windows\System\NKLLsEv.exe
  2⤵
  PID:7516
- C:\Windows\System\dGiydhM.exe
  C:\Windows\System\dGiydhM.exe
  2⤵
  PID:7300
- C:\Windows\System\uKTfKju.exe
  C:\Windows\System\uKTfKju.exe
  2⤵
  PID:7680
- C:\Windows\System\GutNZvB.exe
  C:\Windows\System\GutNZvB.exe
  2⤵
  PID:8140
- C:\Windows\System\JoONuPN.exe
  C:\Windows\System\JoONuPN.exe
  2⤵
  PID:7332
- C:\Windows\System\wdsTIxi.exe
  C:\Windows\System\wdsTIxi.exe
  2⤵
  PID:7936
- C:\Windows\System\avtHKnD.exe
  C:\Windows\System\avtHKnD.exe
  2⤵
  PID:2068
- C:\Windows\System\cwOTgRY.exe
  C:\Windows\System\cwOTgRY.exe
  2⤵
  PID:7984
- C:\Windows\System\kprtqcx.exe
  C:\Windows\System\kprtqcx.exe
  2⤵
  PID:8200
- C:\Windows\System\JKoFATa.exe
  C:\Windows\System\JKoFATa.exe
  2⤵
  PID:8216
- C:\Windows\System\guxZmAm.exe
  C:\Windows\System\guxZmAm.exe
  2⤵
  PID:8328
- C:\Windows\System\dTGPJCS.exe
  C:\Windows\System\dTGPJCS.exe
  2⤵
  PID:8296
- C:\Windows\System\Mreuzcc.exe
  C:\Windows\System\Mreuzcc.exe
  2⤵
  PID:8304
- C:\Windows\System\fpbfsCp.exe
  C:\Windows\System\fpbfsCp.exe
  2⤵
  PID:8324
- C:\Windows\System\domQiPk.exe
  C:\Windows\System\domQiPk.exe
  2⤵
  PID:8376
- C:\Windows\System\BuurWJt.exe
  C:\Windows\System\BuurWJt.exe
  2⤵
  PID:8404
- C:\Windows\System\qtPuASC.exe
  C:\Windows\System\qtPuASC.exe
  2⤵
  PID:8424
- C:\Windows\System\QSaCVHg.exe
  C:\Windows\System\QSaCVHg.exe
  2⤵
  PID:8524
- C:\Windows\System\gyRQBdx.exe
  C:\Windows\System\gyRQBdx.exe
  2⤵
  PID:8592
- C:\Windows\System\vSiYRzy.exe
  C:\Windows\System\vSiYRzy.exe
  2⤵
  PID:8700
- C:\Windows\System\pllJcyj.exe
  C:\Windows\System\pllJcyj.exe
  2⤵
  PID:8544
- C:\Windows\System\eHtIMvK.exe
  C:\Windows\System\eHtIMvK.exe
  2⤵
  PID:8624
- C:\Windows\System\mrWysRU.exe
  C:\Windows\System\mrWysRU.exe
  2⤵
  PID:8716
- C:\Windows\System\cqczPyQ.exe
  C:\Windows\System\cqczPyQ.exe
  2⤵
  PID:8792
- C:\Windows\System\iGpSgKf.exe
  C:\Windows\System\iGpSgKf.exe
  2⤵
  PID:1556
- C:\Windows\System\OZDKsKH.exe
  C:\Windows\System\OZDKsKH.exe
  2⤵
  PID:8768
- C:\Windows\System\ZMHzXTy.exe
  C:\Windows\System\ZMHzXTy.exe
  2⤵
  PID:8820
- C:\Windows\System\AppYMKa.exe
  C:\Windows\System\AppYMKa.exe
  2⤵
  PID:8916
- C:\Windows\System\HUrSHhO.exe
  C:\Windows\System\HUrSHhO.exe
  2⤵
  PID:8984
- C:\Windows\System\uFWOSAS.exe
  C:\Windows\System\uFWOSAS.exe
  2⤵
  PID:8836
- C:\Windows\System\wzejtfw.exe
  C:\Windows\System\wzejtfw.exe
  2⤵
  PID:8868
- C:\Windows\System\tMgScMm.exe
  C:\Windows\System\tMgScMm.exe
  2⤵
  PID:8932
- C:\Windows\System\OTltBDz.exe
  C:\Windows\System\OTltBDz.exe
  2⤵
  PID:8996
- C:\Windows\System\MMKSIyU.exe
  C:\Windows\System\MMKSIyU.exe
  2⤵
  PID:9064
- C:\Windows\System\IoQaWmV.exe
  C:\Windows\System\IoQaWmV.exe
  2⤵
  PID:9000
- C:\Windows\System\dzJfORG.exe
  C:\Windows\System\dzJfORG.exe
  2⤵
  PID:9128
- C:\Windows\System\mLZcbZU.exe
  C:\Windows\System\mLZcbZU.exe
  2⤵
  PID:9172
- C:\Windows\System\iZFFOWB.exe
  C:\Windows\System\iZFFOWB.exe
  2⤵
  PID:9180
- C:\Windows\System\dxPCIsP.exe
  C:\Windows\System\dxPCIsP.exe
  2⤵
  PID:9160
- C:\Windows\System\LokrcaG.exe
  C:\Windows\System\LokrcaG.exe
  2⤵
  PID:7724
- C:\Windows\System\XncEXeQ.exe
  C:\Windows\System\XncEXeQ.exe
  2⤵
  PID:7916
- C:\Windows\System\PckUhck.exe
  C:\Windows\System\PckUhck.exe
  2⤵
  PID:7980
- C:\Windows\System\kNyamTJ.exe
  C:\Windows\System\kNyamTJ.exe
  2⤵
  PID:5732
- C:\Windows\System\LvMivCl.exe
  C:\Windows\System\LvMivCl.exe
  2⤵
  PID:8108
- C:\Windows\System\EnEXjtf.exe
  C:\Windows\System\EnEXjtf.exe
  2⤵
  PID:6416
- C:\Windows\System\rZCTquZ.exe
  C:\Windows\System\rZCTquZ.exe
  2⤵
  PID:6996
- C:\Windows\System\GzAXGDo.exe
  C:\Windows\System\GzAXGDo.exe
  2⤵
  PID:7500
- C:\Windows\System\lNTfbNq.exe
  C:\Windows\System\lNTfbNq.exe
  2⤵
  PID:7932
- C:\Windows\System\xrSbeXA.exe
  C:\Windows\System\xrSbeXA.exe
  2⤵
  PID:8372
- C:\Windows\System\NrNKCdJ.exe
  C:\Windows\System\NrNKCdJ.exe
  2⤵
  PID:8196
- C:\Windows\System\uCuHRQC.exe
  C:\Windows\System\uCuHRQC.exe
  2⤵
  PID:8388
- C:\Windows\System\QVmLXed.exe
  C:\Windows\System\QVmLXed.exe
  2⤵
  PID:8604
- C:\Windows\System\RjUoXaw.exe
  C:\Windows\System\RjUoXaw.exe
  2⤵
  PID:8668
- C:\Windows\System\Ynpnxlm.exe
  C:\Windows\System\Ynpnxlm.exe
  2⤵
  PID:8440
- C:\Windows\System\SAfVDYj.exe
  C:\Windows\System\SAfVDYj.exe
  2⤵
  PID:8656
- C:\Windows\System\NhxdJbv.exe
  C:\Windows\System\NhxdJbv.exe
  2⤵
  PID:8776
- C:\Windows\System\Bwydtob.exe
  C:\Windows\System\Bwydtob.exe
  2⤵
  PID:9060
- C:\Windows\System\MGpqRpW.exe
  C:\Windows\System\MGpqRpW.exe
  2⤵
  PID:9200
- C:\Windows\System\gNLYWeV.exe
  C:\Windows\System\gNLYWeV.exe
  2⤵
  PID:7208
- C:\Windows\System\tujnZGN.exe
  C:\Windows\System\tujnZGN.exe
  2⤵
  PID:8884
- C:\Windows\System\UQqTyzv.exe
  C:\Windows\System\UQqTyzv.exe
  2⤵
  PID:9184
- C:\Windows\System\XyRKDQr.exe
  C:\Windows\System\XyRKDQr.exe
  2⤵
  PID:8036
- C:\Windows\System\zsTVuHM.exe
  C:\Windows\System\zsTVuHM.exe
  2⤵
  PID:9032
- C:\Windows\System\eFoiRxf.exe
  C:\Windows\System\eFoiRxf.exe
  2⤵
  PID:9188
- C:\Windows\System\FXLTgOK.exe
  C:\Windows\System\FXLTgOK.exe
  2⤵
  PID:7900
- C:\Windows\System\vplvemW.exe
  C:\Windows\System\vplvemW.exe
  2⤵
  PID:8276
- C:\Windows\System\oiBefxQ.exe
  C:\Windows\System\oiBefxQ.exe
  2⤵
  PID:8260
- C:\Windows\System\TbhVwAS.exe
  C:\Windows\System\TbhVwAS.exe
  2⤵
  PID:8556
- C:\Windows\System\bEiqnbZ.exe
  C:\Windows\System\bEiqnbZ.exe
  2⤵
  PID:8448
- C:\Windows\System\SsmHQaG.exe
  C:\Windows\System\SsmHQaG.exe
  2⤵
  PID:8952
- C:\Windows\System\EaolIZH.exe
  C:\Windows\System\EaolIZH.exe
  2⤵
  PID:9048
- C:\Windows\System\ZbBxWJI.exe
  C:\Windows\System\ZbBxWJI.exe
  2⤵
  PID:8508
- C:\Windows\System\yapZXvs.exe
  C:\Windows\System\yapZXvs.exe
  2⤵
  PID:8752
- C:\Windows\System\SqxlfDP.exe
  C:\Windows\System\SqxlfDP.exe
  2⤵
  PID:8588
- C:\Windows\System\neOkEDo.exe
  C:\Windows\System\neOkEDo.exe
  2⤵
  PID:9076
- C:\Windows\System\yEDNJar.exe
  C:\Windows\System\yEDNJar.exe
  2⤵
  PID:8968
- C:\Windows\System\oVbwxpm.exe
  C:\Windows\System\oVbwxpm.exe
  2⤵
  PID:9224
- C:\Windows\System\KsujweU.exe
  C:\Windows\System\KsujweU.exe
  2⤵
  PID:9240
- C:\Windows\System\BLtwlEi.exe
  C:\Windows\System\BLtwlEi.exe
  2⤵
  PID:9256
- C:\Windows\System\zsMOQCW.exe
  C:\Windows\System\zsMOQCW.exe
  2⤵
  PID:9272
- C:\Windows\System\rkSBHim.exe
  C:\Windows\System\rkSBHim.exe
  2⤵
  PID:9288
- C:\Windows\System\MlognYo.exe
  C:\Windows\System\MlognYo.exe
  2⤵
  PID:9304
- C:\Windows\System\BniyUoo.exe
  C:\Windows\System\BniyUoo.exe
  2⤵
  PID:9324
- C:\Windows\System\etxYkby.exe
  C:\Windows\System\etxYkby.exe
  2⤵
  PID:9340
- C:\Windows\System\bvDBWhn.exe
  C:\Windows\System\bvDBWhn.exe
  2⤵
  PID:9356
- C:\Windows\System\necNJZC.exe
  C:\Windows\System\necNJZC.exe
  2⤵
  PID:9376
- C:\Windows\System\NCAueEq.exe
  C:\Windows\System\NCAueEq.exe
  2⤵
  PID:9392
- C:\Windows\System\LTzcigg.exe
  C:\Windows\System\LTzcigg.exe
  2⤵
  PID:9408
- C:\Windows\System\jXpkkqn.exe
  C:\Windows\System\jXpkkqn.exe
  2⤵
  PID:9424
- C:\Windows\System\NWsVEzi.exe
  C:\Windows\System\NWsVEzi.exe
  2⤵
  PID:9440
- C:\Windows\System\NdvJggO.exe
  C:\Windows\System\NdvJggO.exe
  2⤵
  PID:9456
- C:\Windows\System\mHuUvwo.exe
  C:\Windows\System\mHuUvwo.exe
  2⤵
  PID:9472
- C:\Windows\System\ZTIWJDr.exe
  C:\Windows\System\ZTIWJDr.exe
  2⤵
  PID:9488
- C:\Windows\System\UBbQsFa.exe
  C:\Windows\System\UBbQsFa.exe
  2⤵
  PID:9504
- C:\Windows\System\ivBOlax.exe
  C:\Windows\System\ivBOlax.exe
  2⤵
  PID:9520
- C:\Windows\System\gyaXJRF.exe
  C:\Windows\System\gyaXJRF.exe
  2⤵
  PID:9536
- C:\Windows\System\NSQourH.exe
  C:\Windows\System\NSQourH.exe
  2⤵
  PID:9552
- C:\Windows\System\rJvcviE.exe
  C:\Windows\System\rJvcviE.exe
  2⤵
  PID:9568
- C:\Windows\System\fAErtYG.exe
  C:\Windows\System\fAErtYG.exe
  2⤵
  PID:9584
- C:\Windows\System\vOGJLCy.exe
  C:\Windows\System\vOGJLCy.exe
  2⤵
  PID:9600
- C:\Windows\System\QtGtJpq.exe
  C:\Windows\System\QtGtJpq.exe
  2⤵
  PID:9616
- C:\Windows\System\EOflLNu.exe
  C:\Windows\System\EOflLNu.exe
  2⤵
  PID:9632
- C:\Windows\System\AGzUbKh.exe
  C:\Windows\System\AGzUbKh.exe
  2⤵
  PID:9648
- C:\Windows\System\Lgukqzr.exe
  C:\Windows\System\Lgukqzr.exe
  2⤵
  PID:9664
- C:\Windows\System\ercxCdS.exe
  C:\Windows\System\ercxCdS.exe
  2⤵
  PID:9680
- C:\Windows\System\ScgjEqE.exe
  C:\Windows\System\ScgjEqE.exe
  2⤵
  PID:9696
- C:\Windows\System\nqrtEks.exe
  C:\Windows\System\nqrtEks.exe
  2⤵
  PID:9716
- C:\Windows\System\IFeYrFz.exe
  C:\Windows\System\IFeYrFz.exe
  2⤵
  PID:9732
- C:\Windows\System\PxoYwvV.exe
  C:\Windows\System\PxoYwvV.exe
  2⤵
  PID:9764
- C:\Windows\System\fHzlIer.exe
  C:\Windows\System\fHzlIer.exe
  2⤵
  PID:9824
- C:\Windows\System\seKqwZe.exe
  C:\Windows\System\seKqwZe.exe
  2⤵
  PID:9896
- C:\Windows\System\npasCFx.exe
  C:\Windows\System\npasCFx.exe
  2⤵
  PID:9924
- C:\Windows\System\NvoNaVl.exe
  C:\Windows\System\NvoNaVl.exe
  2⤵
  PID:9964
- C:\Windows\System\VYdJBSi.exe
  C:\Windows\System\VYdJBSi.exe
  2⤵
  PID:10076
- C:\Windows\System\dOMnXHH.exe
  C:\Windows\System\dOMnXHH.exe
  2⤵
  PID:10132
- C:\Windows\System\kzbplHU.exe
  C:\Windows\System\kzbplHU.exe
  2⤵
  PID:10152
- C:\Windows\System\TjLxjkx.exe
  C:\Windows\System\TjLxjkx.exe
  2⤵
  PID:10216
- C:\Windows\System\Nrtofpj.exe
  C:\Windows\System\Nrtofpj.exe
  2⤵
  PID:9208
- C:\Windows\System\maahquI.exe
  C:\Windows\System\maahquI.exe
  2⤵
  PID:9028
- C:\Windows\System\HdEIDCC.exe
  C:\Windows\System\HdEIDCC.exe
  2⤵
  PID:8480
- C:\Windows\System\EBwUDsS.exe
  C:\Windows\System\EBwUDsS.exe
  2⤵
  PID:7428
- C:\Windows\System\OUVXFUO.exe
  C:\Windows\System\OUVXFUO.exe
  2⤵
  PID:8320
- C:\Windows\System\AAnaMuG.exe
  C:\Windows\System\AAnaMuG.exe
  2⤵
  PID:7804
- C:\Windows\System\zeDkwyY.exe
  C:\Windows\System\zeDkwyY.exe
  2⤵
  PID:8496
- C:\Windows\System\kLXbsrc.exe
  C:\Windows\System\kLXbsrc.exe
  2⤵
  PID:9248
- C:\Windows\System\ehJeUIZ.exe
  C:\Windows\System\ehJeUIZ.exe
  2⤵
  PID:9312
- C:\Windows\System\DdRSeHB.exe
  C:\Windows\System\DdRSeHB.exe
  2⤵
  PID:9352
- C:\Windows\System\WejYoeA.exe
  C:\Windows\System\WejYoeA.exe
  2⤵
  PID:9264
- C:\Windows\System\gPueNYD.exe
  C:\Windows\System\gPueNYD.exe
  2⤵
  PID:9300
- C:\Windows\System\LBvenSY.exe
  C:\Windows\System\LBvenSY.exe
  2⤵
  PID:9368
- C:\Windows\System\ZdfhxQA.exe
  C:\Windows\System\ZdfhxQA.exe
  2⤵
  PID:9400
- C:\Windows\System\TiMlgxS.exe
  C:\Windows\System\TiMlgxS.exe
  2⤵
  PID:9484
- C:\Windows\System\aUohGeg.exe
  C:\Windows\System\aUohGeg.exe
  2⤵
  PID:9548
- C:\Windows\System\wSQvCQJ.exe
  C:\Windows\System\wSQvCQJ.exe
  2⤵
  PID:9528
- C:\Windows\System\HqAcCyo.exe
  C:\Windows\System\HqAcCyo.exe
  2⤵
  PID:9672
- C:\Windows\System\Ijttgsl.exe
  C:\Windows\System\Ijttgsl.exe
  2⤵
  PID:9596
- C:\Windows\System\PRzoRix.exe
  C:\Windows\System\PRzoRix.exe
  2⤵
  PID:9688
- C:\Windows\System\oHznSdf.exe
  C:\Windows\System\oHznSdf.exe
  2⤵
  PID:9724
- C:\Windows\System\igqDvnk.exe
  C:\Windows\System\igqDvnk.exe
  2⤵
  PID:9756
- C:\Windows\System\DkFGKye.exe
  C:\Windows\System\DkFGKye.exe
  2⤵
  PID:9776
- C:\Windows\System\xHXoBAQ.exe
  C:\Windows\System\xHXoBAQ.exe
  2⤵
  PID:9796
- C:\Windows\System\MyOHVCF.exe
  C:\Windows\System\MyOHVCF.exe
  2⤵
  PID:9816
- C:\Windows\System\xeKWDfA.exe
  C:\Windows\System\xeKWDfA.exe
  2⤵
  PID:9840
- C:\Windows\System\NPZsBmr.exe
  C:\Windows\System\NPZsBmr.exe
  2⤵
  PID:9856
- C:\Windows\System\jWgvbOl.exe
  C:\Windows\System\jWgvbOl.exe
  2⤵
  PID:9860
- C:\Windows\System\BppoEJg.exe
  C:\Windows\System\BppoEJg.exe
  2⤵
  PID:9892
- C:\Windows\System\mzyjpMU.exe
  C:\Windows\System\mzyjpMU.exe
  2⤵
  PID:9944
- C:\Windows\System\LzRcdkc.exe
  C:\Windows\System\LzRcdkc.exe
  2⤵
  PID:9984
- C:\Windows\System\dJjvAST.exe
  C:\Windows\System\dJjvAST.exe
  2⤵
  PID:10008
- C:\Windows\System\fgLRQfs.exe
  C:\Windows\System\fgLRQfs.exe
  2⤵
  PID:10028
- C:\Windows\System\GiEWXiQ.exe
  C:\Windows\System\GiEWXiQ.exe
  2⤵
  PID:10048
- C:\Windows\System\nYISUkb.exe
  C:\Windows\System\nYISUkb.exe
  2⤵
  PID:10072
- C:\Windows\System\QPhJkuB.exe
  C:\Windows\System\QPhJkuB.exe
  2⤵
  PID:10116
- C:\Windows\System\ekEhHQa.exe
  C:\Windows\System\ekEhHQa.exe
  2⤵
  PID:10112
- C:\Windows\System\AFXnzSU.exe
  C:\Windows\System\AFXnzSU.exe
  2⤵
  PID:10144
- C:\Windows\System\ENzxfWd.exe
  C:\Windows\System\ENzxfWd.exe
  2⤵
  PID:10188
- C:\Windows\System\gbYALME.exe
  C:\Windows\System\gbYALME.exe
  2⤵
  PID:10184
- C:\Windows\System\RPFODGb.exe
  C:\Windows\System\RPFODGb.exe
  2⤵
  PID:10236
- C:\Windows\System\RobqYGe.exe
  C:\Windows\System\RobqYGe.exe
  2⤵
  PID:10212
- C:\Windows\System\MBKyKqE.exe
  C:\Windows\System\MBKyKqE.exe
  2⤵
  PID:9144
- C:\Windows\System\QzgIMnV.exe
  C:\Windows\System\QzgIMnV.exe
  2⤵
  PID:9124
- C:\Windows\System\PblTqZM.exe
  C:\Windows\System\PblTqZM.exe
  2⤵
  PID:8016
- C:\Windows\System\ZuoMCnF.exe
  C:\Windows\System\ZuoMCnF.exe
  2⤵
  PID:8280
- C:\Windows\System\dtIPKkF.exe
  C:\Windows\System\dtIPKkF.exe
  2⤵
  PID:8748
- C:\Windows\System\oLZduuo.exe
  C:\Windows\System\oLZduuo.exe
  2⤵
  PID:8688
- C:\Windows\System\ZddRteq.exe
  C:\Windows\System\ZddRteq.exe
  2⤵
  PID:6828
- C:\Windows\System\TsognSY.exe
  C:\Windows\System\TsognSY.exe
  2⤵
  PID:9432
- C:\Windows\System\gkmCrjP.exe
  C:\Windows\System\gkmCrjP.exe
  2⤵
  PID:9296
- C:\Windows\System\ERcerlS.exe
  C:\Windows\System\ERcerlS.exe
  2⤵
  PID:9364
- C:\Windows\System\DZyczqB.exe
  C:\Windows\System\DZyczqB.exe
  2⤵
  PID:9468
- C:\Windows\System\JqEnkWR.exe
  C:\Windows\System\JqEnkWR.exe
  2⤵
  PID:9608
- C:\Windows\System\NKMVIvT.exe
  C:\Windows\System\NKMVIvT.exe
  2⤵
  PID:9704
- C:\Windows\System\aMDSYDb.exe
  C:\Windows\System\aMDSYDb.exe
  2⤵
  PID:9640
- C:\Windows\System\fUdCDSK.exe
  C:\Windows\System\fUdCDSK.exe
  2⤵
  PID:9748
- C:\Windows\System\EeyHuWI.exe
  C:\Windows\System\EeyHuWI.exe
  2⤵
  PID:9792
- C:\Windows\System\GaImdMR.exe
  C:\Windows\System\GaImdMR.exe
  2⤵
  PID:9844
- C:\Windows\System\ZCCnfYh.exe
  C:\Windows\System\ZCCnfYh.exe
  2⤵
  PID:9812
- C:\Windows\System\OjKGbxA.exe
  C:\Windows\System\OjKGbxA.exe
  2⤵
  PID:9936
- C:\Windows\System\vJOVqPX.exe
  C:\Windows\System\vJOVqPX.exe
  2⤵
  PID:9888
- C:\Windows\System\rEFXAQd.exe
  C:\Windows\System\rEFXAQd.exe
  2⤵
  PID:9744
- C:\Windows\System\GcQwKRn.exe
  C:\Windows\System\GcQwKRn.exe
  2⤵
  PID:9772
- C:\Windows\System\dKoJTet.exe
  C:\Windows\System\dKoJTet.exe
  2⤵
  PID:9904
- C:\Windows\System\DYPyxTM.exe
  C:\Windows\System\DYPyxTM.exe
  2⤵
  PID:9976
- C:\Windows\System\GrQJxUW.exe
  C:\Windows\System\GrQJxUW.exe
  2⤵
  PID:10020
- C:\Windows\System\GAbvqVr.exe
  C:\Windows\System\GAbvqVr.exe
  2⤵
  PID:10040
- C:\Windows\System\VekGYyV.exe
  C:\Windows\System\VekGYyV.exe
  2⤵
  PID:10060
- C:\Windows\System\zRzXjio.exe
  C:\Windows\System\zRzXjio.exe
  2⤵
  PID:10128
- C:\Windows\System\BIMQhrG.exe
  C:\Windows\System\BIMQhrG.exe
  2⤵
  PID:10168
- C:\Windows\System\mfCnBxZ.exe
  C:\Windows\System\mfCnBxZ.exe
  2⤵
  PID:10232
- C:\Windows\System\dfENdae.exe
  C:\Windows\System\dfENdae.exe
  2⤵
  PID:8228
- C:\Windows\System\hJWRMNS.exe
  C:\Windows\System\hJWRMNS.exe
  2⤵
  PID:9268
- C:\Windows\System\OHYEClC.exe
  C:\Windows\System\OHYEClC.exe
  2⤵
  PID:9836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AohwbWB.exe

Filesize
6.0MB

MD5
2aa622ad0bef29e6952e44c3ecc18a69

SHA1
069718e2cbae9e7e0130a946bef7eb1f9caac133

SHA256
f2c254c1e55dbfaaa7db54e9623b1a0294b795b50d3a72d42a76f7aae92ecd30

SHA512
2b17b091414cd6e44748f90cab3256170ddbf67b4171613a0c134ed7c669f6645f8703a5bf3e3c0274209611506c22463e7a9bfc4e67a6cb44a9169ee1870902

Download Submit
C:\Windows\system\CJIqoGi.exe

Filesize
6.0MB

MD5
60baa6d1313f5ebb3da62efd608a04a9

SHA1
46d62a6f5d0c868089e21f57b837e0dc069ba2ab

SHA256
13f8ebe583b3a877c3a869bc91dc25da049c5acf5873c6c5a476b4cbc878cb9e

SHA512
ec8d180ab154234d4b0cc529e8145308319f62ed7ba2a272519929a83a4a9674567be6dc5d0f285b8a4835338e6777237445bf0fa2b4c9835db6c6eae6ab0a74

Download Submit
C:\Windows\system\CSSkVnD.exe

Filesize
6.0MB

MD5
b5e9788b6ad38aa63665c3a2de6a4844

SHA1
c64d9efed9ed4848f72444c428c2968f65290f1c

SHA256
09af955144b9a4f3a5d149a5956be1090fc471f2f707eb42e52bf2fa18a4c026

SHA512
bed795765fb12275f70c24f98ef1e27ef52d49d2d3f36f7afce7fd98da1f810348b1385a4cf5bebf18908b0a8a995e35fb9e0a8c846cc7f75932bbdb40fbf149

Download Submit
C:\Windows\system\CWgHWow.exe

Filesize
6.0MB

MD5
8ac84057cb6e021375f5baf5160f9a64

SHA1
d09c949d01ba805410076e2a90d8fd79f7a2409d

SHA256
bc2c234cb9913447433805ec858e544bbcebc0e6a90c74cf3520553c867edb66

SHA512
05032f091b861edef4c4adafc2cad7dfb3042be61521e45ad1987bdc6a015774cbcd2c41e705b537eef09a9c77f608d051f2039df3a8dc4c7d1a51df5bccf39e

Download Submit
C:\Windows\system\EjlGrbR.exe

Filesize
6.0MB

MD5
d82450d5a57c00668eb50dcc777f0a1c

SHA1
3346c2ce564539a49ece9b0af296681e7a9325fd

SHA256
94e7089696d8d78ed60524d9ab8be6c11de9b770c2ad3b98ebb41a220e0f9cb6

SHA512
5505443519ba6bbb999f8d6e5f85f1024818b695a722376e98bb6ccb7f325dc8ac301da436eac21b16cd88baf319a025eafa77b15b388c617c52fd6d911ee141

Download Submit
C:\Windows\system\FwshqhB.exe

Filesize
6.0MB

MD5
9ea3b0e1242ca983914f3d0e7af3612d

SHA1
f9877c83b1e886e4cfe7613dfce257cf6c6ae77c

SHA256
3c0e803381e23ccf8d4dc25e27919bf5335908066649c5375708bfdc26507e51

SHA512
9a68edb8c40b54d2470c62f73c89195bee1a78b515034bc38988cc4d9064e0d70e6a86a3d9f80eb0b12bd524de33d0f4c8445df197146c683d8342e91a5e4c9b

Download Submit
C:\Windows\system\GkZUAnc.exe

Filesize
6.0MB

MD5
03a1ee922e67fb4c99b30a39a3d59258

SHA1
5ac25d3cda954b6dcc63fca296eaf3179206b583

SHA256
bc391c09f6eeb411b25cb75c94895bca8dc68827ed136765bfc03bb2c9651ea8

SHA512
e765e171a76d358a6a455900514ee94f20ec0ac7ebb4516e4d84106fa55f3b7741908b1decc92c23e804046c0b5ec1aa15b745039e7f47caa997eab546dedc0f

Download Submit
C:\Windows\system\GzjolrB.exe

Filesize
6.0MB

MD5
2f5410859f4a97945b9af64a47679218

SHA1
ff86f361cc80afd563b451959b889e470efe5b7e

SHA256
3392a4e313f357e3398de600e2859c0826670cae9fb7cb8403c802830bf8814d

SHA512
4fc2dd4bcea65968e34e0d25a1e0b0030d23eb947bb4a81d7d1be6aea6f9bbebb420ec3827e2bc815f27159c5906d503834c79fc4709dd7aac7c67a1d014c94b

Download Submit
C:\Windows\system\HiPFRLL.exe

Filesize
6.0MB

MD5
dce423eacab9cb5be13e8543ecd69254

SHA1
68d96fa7be1f1758eae43c345f2d2891d5cfd078

SHA256
e56bf706fd8c9b03d081fa1ca5349ddf5db354d307764188d7a3bb4ccd140a32

SHA512
c3aab6b9630955af12aa683ab6f5f3f0ccec854142b29464aee1f4ecd585646569140e4b3cddcd19dab30bb792a639646d9b6aeb6c9caa35f6610c30a32ca753

Download Submit
C:\Windows\system\IYFQvIy.exe

Filesize
6.0MB

MD5
e1d85b076c30f6f4e159b287cac0db5b

SHA1
d377f63dbd20b9b7c2be839a2194de66587a31e3

SHA256
447a247197dcbaf9286ff706d8d18ddcb19f76fb530ee035709636154e5798a7

SHA512
2a6316a4266914125555df9b393d4935789c1bd0141010a4fb0b879b77f34b312c5491a02b39383536830a9135cc8c4689ad52670f5070940535b128b0ac2111

Download Submit
C:\Windows\system\QMceBDR.exe

Filesize
6.0MB

MD5
2a8de222f14fa78fb23b748eced3c901

SHA1
54f9fc9b8dfb84e1c07668307c2c3dfb7bf58e5c

SHA256
02df0e7cdd4706fdc2af77acfd9866a288c7f5763c6f5b6299139f2fab2fb4f2

SHA512
a48c6744c29e302ebd53c3ab30f512751a48b3c978222874942e33b314b8222042ea29d56eb2100503bc766d0b390e2405b7ac0a0a62963fd74119d332dea49a

Download Submit
C:\Windows\system\RikdpXZ.exe

Filesize
6.0MB

MD5
362e34361cccf4656f897f2dd5199dec

SHA1
dfbae2d2463267db729d8a36729bd3fe44ab7785

SHA256
8d428e128ba695702f5deffc1e843c60533ff85f8f1be650584423c46ea1b938

SHA512
f3ac1ee1b7d1e3b3cfb89078fd51854c5bccf94068f2c93e1618fbe75ca0d4df959819d1e0d03c4ec3ba4f0c4906f51b8151d5d542b81b00d7a60276cc99b0dc

Download Submit
C:\Windows\system\TSWHYXJ.exe

Filesize
6.0MB

MD5
3784ea825fb9ac10eb8c18ecaa199390

SHA1
c11044a426b1ef768f1026013b394e4434b6ff5b

SHA256
732dcc892f564041d94d27c313cf9e1550809a436b2ebd647d9af64891374dfe

SHA512
cf68be615bcb978ea3781fde3d030904ab0fea032b1f6ad615d285cfd474da499f4850678af3f3ffbd86f569b5f23c04514fb25f150daa53ba5dc5403afc7218

Download Submit
C:\Windows\system\VXToAQu.exe

Filesize
6.0MB

MD5
233bf5273475faaca8837fcd8dfaab92

SHA1
4d26675f27f3fd2cc8d1d8a05099ebec4274d7ac

SHA256
9379dd8bdf2c219402ef183a4ba769b4554d5fb714c7527030d1e3df0b94c897

SHA512
1e0804259a633cc497a48bd1b65fc2d65bfe8dadd76d1ba4f5b470c762fcb733f5f683aec493d799c118180531ac8a3fc128bb79496a46319f32954136751c85

Download Submit
C:\Windows\system\YggErFQ.exe

Filesize
6.0MB

MD5
05256b60911b2ea4bcb66dffbcd0ba3d

SHA1
a3bd688a21729802afa7b3f53bc646e83727baca

SHA256
b40ee6cd9819f07c7b9ea228aa71c92182985cc3d1ed5c719f78e6d811c6cef3

SHA512
b1113a008f509401746dc3910fcde7f34405e65f2ba8212af506724383d4c818a3d5295b71040231d4fcae091dc7edcdbc069b7e8d665b4363af2a58f3d16c52

Download Submit
C:\Windows\system\ZieCIAd.exe

Filesize
6.0MB

MD5
2b9ff0fc00100b77aaaa016dd7c0cbc6

SHA1
417f054f106f03e45ca2b97b02314b96b393a634

SHA256
61c86dd098ec3a178462983491c20f9cbcc5bf0d8c4de57fc8964291609e80f4

SHA512
c2faf183595c13560a6a4fa2c50d8975c2448a43da6eed6dfa45ed2407bf08f1d0659c20486f1018b69fe9afda6a60c7d4f7814a16e4c343562d878b065a2e7d

Download Submit
C:\Windows\system\ZigQuVg.exe

Filesize
6.0MB

MD5
4b93382d8952ec0bd6d3d7f50194776b

SHA1
7fbb7589e1c19434a156b497aeda6da113e735d0

SHA256
520ec8549e2589dd5d2142b496b105e62324642a79d39ac78e24bd2c54eaa54c

SHA512
d5d2d3f6abf012dd36e4be054c415ca5e5f35ed55852154c76b60a3d61ee57c9ff479b6f726ffb0dd3f7bc7c06fb0917124cedfa1d2c2feab7f6f72a7d7d311a

Download Submit
C:\Windows\system\bOkxwZB.exe

Filesize
6.0MB

MD5
17ccc4223244679c049242153a4ba230

SHA1
a95f876e093461e09ab087037eb0485ff254e3e7

SHA256
063214d6ee89adc24912b8c3596ef36f7856af58fc53334e0bbcba5d48877c1e

SHA512
dfb6a859276ace79825f6e0fb15e5718308fbf8a5bd6cefc84e1d16f449beeec85cb8f3a7ea165f08df88fd7a1158f627b407ca3d0684369f8f0dc80f811f0f1

Download Submit
C:\Windows\system\cJtAoCU.exe

Filesize
6.0MB

MD5
46c3402f73bd34602c3cb36422ff068c

SHA1
d2723d240c9b687dde233111bf2abb45f1109e78

SHA256
0c292763b1f7c6f3b98470045ae0f4a9465be3a6b53e5f53d43b7b09b4f938e4

SHA512
bd73545c10058128b17b8f98df1a6e9c1dbf9d05c583fe98932d9f94e56fa0278811bb0d10aa5eb5b8b30e3ff2142c21a5a4cad85477d5e0a8f09370a89e58c4

Download Submit
C:\Windows\system\dkLAekV.exe

Filesize
6.0MB

MD5
27ebfb96e56e7185f7c654e9553febec

SHA1
24e44784ed38414f55b3a2794a8fa7359ce6d615

SHA256
8bc7b083552daadaab105a6f664301cb3ee5470f68ed3f8d8c2375ddf8133117

SHA512
f2bb500d5fc93d68ef697c6a870fd8e849308ef950bcec3fa63d0ccd1b122cbf165fcd9d03bbd614505910a13adb83d68290216cdd9a68c6dea3ef4e55c34a5c

Download Submit
C:\Windows\system\fTabdcS.exe

Filesize
6.0MB

MD5
c6a39d740ff75a82f8f3dde96bba50ca

SHA1
67a62a40791b2fbac1ec8b2aae659537b180c281

SHA256
6da6040b4d7352c94346e4bd88868deec1b0db8c35afd25da24ccfbca23883d5

SHA512
eb974012c2446ac5f07b099a69c003e4f0ea04271f37fca4770803c2e32954988f2bc81d058534d3a0e0045685fb42418324fbf13ff5572ee9a011906a501aa9

Download Submit
C:\Windows\system\fwIiRQK.exe

Filesize
6.0MB

MD5
43ac71520c64802961ab99c099bcc2f1

SHA1
44ebdd5e39276e36dfa5e3640f6b0793c6f938fe

SHA256
6aeff574eaeb46086c260859208b11809e147365fa222908375db0718414ab42

SHA512
03ecd81cf06a720c94bb5df9623dbb6e319bd883e8b54518d8e83525ba2f2c24fba648b2023246fcea076cbd5a07255c92f60fd87c29233f33d8c2236eadb567

Download Submit
C:\Windows\system\ifetHDg.exe

Filesize
6.0MB

MD5
d87cb20b718f109afbba64e3599f1516

SHA1
cf8c44e79e01da3d7acc86db0623e8bee5a6c6d7

SHA256
9c4aa9626e540983bfbe6f821be97968fd9875978f4235781daec79fde9c7fbb

SHA512
c3f462d55d363c2a48890f4d0963cd56ecf44ebe74599bc64a7a81c141758e17f24ade643c973c3425e53ffc1aaa72e654db005f6fcbe6e937e6f134cbe4d830

Download Submit
C:\Windows\system\jOtZLlY.exe

Filesize
6.0MB

MD5
bdcef2d714e2d378fb87f6435f24bfd1

SHA1
95d80c29217f9a906541cbb722ca7988b84bf382

SHA256
aedd4826851efe6943248edae56b6f18dc3353225d7d3884033c978488ab327f

SHA512
8f7f7e0df8e3bcd37aab74ee4daee60b15203a175902e554d34684cfc29455a052d2770cfdc463f42ebec8537ef4d42fb3abb4e2bf0c4458220c582f218f1f0b

Download Submit
C:\Windows\system\kpNHiHa.exe

Filesize
6.0MB

MD5
a5441678302b6086f12d591fd89e8f83

SHA1
20b224b55531884334ad15eee6492a77f7b331e3

SHA256
d92f1ab30fb9fafb81f04ddd826407d3603dc46feab7874d941b15123b23de2e

SHA512
0f1cb90f406bbbec21cd8bfaae1bfff646612a8a3baaac23bb4b2a750b0599edc21e76b77621ecc8ef43bd12e743a237d07fe0c226902ad27dd002cb54fd8ca8

Download Submit
C:\Windows\system\nsFVfgD.exe

Filesize
6.0MB

MD5
6fe9bc6775382680ab47411c36fef20b

SHA1
fba81ab9404ddaa9898bf4cd89691b79ef324842

SHA256
37d254c2a8298c1020a002726eeceb785459540cd49a064d5ca1b4f7da24edd9

SHA512
bd2df5655aca80606ab31bfce070b89bfa52712e55c839d9ca763904e69ec9105cad9e70dac9262ab68ae325a10878d06e8b0e0f94dafb6c1037650e8a814fe7

Download Submit
C:\Windows\system\tsRBqKV.exe

Filesize
6.0MB

MD5
d55a11b7ac527ac6091bad68bd72fe5b

SHA1
3b655de9db02b6c871deb3da8711a850a15178ff

SHA256
567fee3e02aad203e8fd6cd72d80a3884b5bbb504bfda1c5709d8de77ecb5c56

SHA512
03c8cb9512bafc9fff9f6af9c5e3989e3999705b77f4629f05a20251817e18278fc08b8ae8af328be466b645c055f076f76979958f899a05c6ab8c3bf5e03eef

Download Submit
C:\Windows\system\uIXgAlo.exe

Filesize
6.0MB

MD5
4598b8bb64eb01cfb2251aff1a2876b9

SHA1
f8513f92c194de2af373b69a597b2cae8a30e62f

SHA256
70057154ff86aab2323dff97bcab44ab705604427a926e7b174f05ba99f1feff

SHA512
87e7f3979e2b7b46333e8e8dfcd65b39dcb050877fa0aae0768dc01cd06283b23c6c3d7b24c97f1df9b9dfff4d5b6af2161f2ac6bbaa8808897fcd66cf02e93e

Download Submit
C:\Windows\system\vIaGqJj.exe

Filesize
6.0MB

MD5
38edee31e8f3afe9ffb10a1d1cf55e73

SHA1
bbf0fda641d8fba5dacf9f604b69025adb7928c7

SHA256
75bfeaaf0566372172075bf3459940079de900d4a93ad31144a1e8a7f2178a3c

SHA512
e85b992c9ee86f6361df696a7c572ee9a573d0248632cf6c1ed25c827470503db62269db0c4cfaf0d894dd7a503660164ac345b7a8060dc9534845c0b789bee2

Download Submit
C:\Windows\system\xofeswm.exe

Filesize
6.0MB

MD5
0a39584975353a5eaf2f78c82209527e

SHA1
9bd9d342ea5d632f2485abcbddfea392d49f9ce4

SHA256
e12e83d5b74c725b1729a8c811a579c61072b508cba0f0f5b420a8630da482fc

SHA512
82a9d30762685fca108a24fde5256941b6daba94c3756c5b491b93bb24a80c990d0d0500bdd69275778e63b999a383514f4356848091b08f2d16a0b2b2fc6542

Download Submit
C:\Windows\system\zaYGtAR.exe

Filesize
6.0MB

MD5
3216299093ee467e2d76689e478f5af1

SHA1
ef3d166d4e292f4a5706150a3dcd6ede59fd17e3

SHA256
f98f878a87f1c4ce6569161984de7c94ee8ba11bec85d1014b02080d9b51a515

SHA512
7889f978acf3c45bf89634375a68f2d2f430e1adac99e266e1a672354cab7515fd1ec01823813f92bee9c5781a383aef06e1ce8fd724237b868c0bc260c0820e

Download Submit
\Windows\system\VGQgsYJ.exe

Filesize
6.0MB

MD5
abeb7ddb08dcf50e963f958b4ba8cbc5

SHA1
cdf22d5ec6b5fd32dfb4cc375fa2cb0d5e81e3c4

SHA256
89914178dd8cd770c9dd01e5b2eb3650c8d7445ec52bb08cbd29d595585356fc

SHA512
477ab29914b28bab87a7713a49976e24f638f99410c522f1f3a9d25daf24edf65ba261244df698fa05c635a0e8287663e5e131610b81d375694ee1d4599f5299

Download Submit
memory/1532-133-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/1532-4106-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/1696-131-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/1696-4103-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/1900-4112-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1900-154-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1924-4105-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1924-129-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2108-4102-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2108-128-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2128-137-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2128-4110-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2332-139-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2332-4107-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2356-153-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2356-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2356-130-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-134-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-1472-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-136-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-138-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2356-140-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2356-145-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-0-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2356-147-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2356-1449-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-149-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-158-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2356-151-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-157-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2356-1092-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2356-132-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2356-155-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-4114-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2620-148-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2668-156-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-4115-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-146-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2776-4108-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2808-4104-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-135-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-4109-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-150-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-141-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2876-4111-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2896-4113-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-152-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download