cobaltstrike | bfa71f3d2487296087b10b9a7645ba7838bdb3c8eabc56d345c5f43cfc4bfa8b

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-09-2024 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

05b12c76cd681739e0d93be2253d7d54
SHA1

ca9181b564b9f13190bd94d35732ca78b2497d16
SHA256

bfa71f3d2487296087b10b9a7645ba7838bdb3c8eabc56d345c5f43cfc4bfa8b
SHA512

b3e77c06453f96c33d1d43ceaf0ddd73a5ac7dcc557faed1a324743a0933011c0486ac42c340b3260f3c761391780a2f75b3dfeff89dd54efa0273424d3e8f67
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUp:T+q56utgpPF8u/7p

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c58-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cd3-22.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ca2-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d13-37.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d1b-45.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d2e-53.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017403-73.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017409-78.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001748f-103.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001747b-98.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-197.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-200.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-180.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-161.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-146.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-135.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018678-130.dat	cobalt_reflective_dll
behavioral1/files/0x001500000001866d-126.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174ac-112.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001752f-120.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016a47-89.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fb-65.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0b-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2156-0-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x0008000000016c58-8.dat	xmrig
behavioral1/files/0x0008000000016cd3-22.dat	xmrig
behavioral1/memory/2448-26-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/files/0x0008000000016ca2-27.dat	xmrig
behavioral1/memory/3044-28-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/1168-17-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d13-37.dat	xmrig
behavioral1/memory/2408-40-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2764-41-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d1b-45.dat	xmrig
behavioral1/files/0x0008000000016d2e-53.dat	xmrig
behavioral1/memory/2644-57-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2056-52-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x0006000000017403-73.dat	xmrig
behavioral1/memory/2744-67-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2612-75-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/3044-66-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x0006000000017409-78.dat	xmrig
behavioral1/memory/2056-90-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x000600000001748f-103.dat	xmrig
behavioral1/memory/2328-109-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/files/0x000600000001747b-98.dat	xmrig
behavioral1/files/0x000500000001879b-139.dat	xmrig
behavioral1/files/0x0005000000019229-171.dat	xmrig
behavioral1/memory/2156-899-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2936-846-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2328-901-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2520-639-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2728-471-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2612-240-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019273-197.dat	xmrig
behavioral1/files/0x0005000000019277-200.dat	xmrig
behavioral1/files/0x000500000001926b-187.dat	xmrig
behavioral1/files/0x0005000000019271-192.dat	xmrig
behavioral1/files/0x0005000000019234-177.dat	xmrig
behavioral1/files/0x0005000000019218-166.dat	xmrig
behavioral1/files/0x000500000001924c-180.dat	xmrig
behavioral1/files/0x00050000000191f3-156.dat	xmrig
behavioral1/files/0x00050000000191f7-161.dat	xmrig
behavioral1/files/0x00060000000190cd-146.dat	xmrig
behavioral1/files/0x00060000000190d6-151.dat	xmrig
behavioral1/files/0x0005000000018690-135.dat	xmrig
behavioral1/files/0x0009000000018678-130.dat	xmrig
behavioral1/files/0x001500000001866d-126.dat	xmrig
behavioral1/files/0x00060000000174ac-112.dat	xmrig
behavioral1/memory/2936-100-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2644-99-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/files/0x000600000001752f-120.dat	xmrig
behavioral1/memory/2744-108-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2156-105-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2156-104-0x0000000002400000-0x0000000002754000-memory.dmp	xmrig
behavioral1/memory/2520-91-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x0009000000016a47-89.dat	xmrig
behavioral1/memory/2728-84-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2156-83-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2764-82-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x00060000000173fb-65.dat	xmrig
behavioral1/memory/2812-74-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2448-62-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/1168-49-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2812-36-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2156-35-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2408	oVGtesQ.exe
1168	ReoEjRH.exe
2448	uxywqLG.exe
3044	pOMZdqO.exe
2812	BdhAbFn.exe
2764	JAXQSeC.exe
2056	DWKxLtK.exe
2644	ZpMoJRB.exe
2744	EQjwzoa.exe
2612	mYDqdQV.exe
2728	UnqWqHY.exe
2520	VPRKfyS.exe
2936	DHOrYas.exe
2328	SNrMjqn.exe
2696	ecaZAxX.exe
3032	nTKtRaZ.exe
2364	OXdRCvC.exe
1844	cZlWCWM.exe
1864	jZiqsPi.exe
1696	MGckEyn.exe
1372	vmNOuqy.exe
600	ysUenyi.exe
1180	zgjIOHA.exe
1736	fTrphii.exe
1492	sJWzIIv.exe
2040	DXHmREw.exe
108	ZKBvApr.exe
2260	ayvAMVZ.exe
2840	KOFtlpY.exe
1760	FcBLMki.exe
1784	SFRWIty.exe
1772	TCvOIQs.exe
1392	BMohiGE.exe
1552	LjOJmeO.exe
1948	dyEEehu.exe
2256	gtDWxTg.exe
916	NMPgtPl.exe
1116	BEmdUdG.exe
1544	lxOgzKo.exe
1428	EmDBxcA.exe
2516	vzxKqaD.exe
1788	cRaVpDj.exe
2456	PLkurBG.exe
2380	KQOohCX.exe
1516	KZXObpM.exe
2032	GpnidBR.exe
1220	NhThJMw.exe
2216	emcsrHd.exe
2544	kPhPJla.exe
1364	lqLucSJ.exe
1716	ganWZOW.exe
2420	aAzoSSb.exe
2568	oBRkMGB.exe
2192	UMOpIKm.exe
2888	XcfizpJ.exe
2636	draBFTG.exe
2928	unyaDIN.exe
2656	IDDTUtq.exe
2872	neRJZQH.exe
1096	yiPKkXS.exe
1212	gAWUvfE.exe
2956	JhOArwm.exe
2028	bzsbQLD.exe
1944	HQbvzEs.exe

Loads dropped DLL 64 IoCs

pid	Process
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2156-0-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/files/0x0008000000016c58-8.dat	upx
behavioral1/files/0x0008000000016cd3-22.dat	upx
behavioral1/memory/2448-26-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/files/0x0008000000016ca2-27.dat	upx
behavioral1/memory/3044-28-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/1168-17-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x0007000000016d13-37.dat	upx
behavioral1/memory/2408-40-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2764-41-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x0007000000016d1b-45.dat	upx
behavioral1/files/0x0008000000016d2e-53.dat	upx
behavioral1/memory/2644-57-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2056-52-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x0006000000017403-73.dat	upx
behavioral1/memory/2744-67-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2612-75-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/3044-66-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x0006000000017409-78.dat	upx
behavioral1/memory/2056-90-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x000600000001748f-103.dat	upx
behavioral1/memory/2328-109-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/files/0x000600000001747b-98.dat	upx
behavioral1/files/0x000500000001879b-139.dat	upx
behavioral1/files/0x0005000000019229-171.dat	upx
behavioral1/memory/2936-846-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2328-901-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2520-639-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2728-471-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2612-240-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x0005000000019273-197.dat	upx
behavioral1/files/0x0005000000019277-200.dat	upx
behavioral1/files/0x000500000001926b-187.dat	upx
behavioral1/files/0x0005000000019271-192.dat	upx
behavioral1/files/0x0005000000019234-177.dat	upx
behavioral1/files/0x0005000000019218-166.dat	upx
behavioral1/files/0x000500000001924c-180.dat	upx
behavioral1/files/0x00050000000191f3-156.dat	upx
behavioral1/files/0x00050000000191f7-161.dat	upx
behavioral1/files/0x00060000000190cd-146.dat	upx
behavioral1/files/0x00060000000190d6-151.dat	upx
behavioral1/files/0x0005000000018690-135.dat	upx
behavioral1/files/0x0009000000018678-130.dat	upx
behavioral1/files/0x001500000001866d-126.dat	upx
behavioral1/files/0x00060000000174ac-112.dat	upx
behavioral1/memory/2936-100-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2644-99-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x000600000001752f-120.dat	upx
behavioral1/memory/2744-108-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2520-91-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x0009000000016a47-89.dat	upx
behavioral1/memory/2728-84-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2764-82-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x00060000000173fb-65.dat	upx
behavioral1/memory/2812-74-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2448-62-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/1168-49-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2812-36-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2156-35-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x0007000000016d0b-34.dat	upx
behavioral1/memory/2408-7-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2448-3927-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/1168-3933-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\yVHcSnR.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\enlUNqd.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NhThJMw.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UNDwEDB.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvbZXVk.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxxChIB.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\laOiuku.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OXdRCvC.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kRDSUfz.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WNvmEVR.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qaVEbco.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZvXSIfJ.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gdsgPsW.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UJsnbsY.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BminzcL.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kmTkIee.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QtxVRXg.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kHiUqiq.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AclFmpk.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cngatBN.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LlCwOzt.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPSpKJu.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yzttybG.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxTSkjN.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYguYzp.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UKokbJf.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kySzVFz.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bckPheU.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yVleaRe.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HdgpaYl.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rWzEjxB.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KulkBMt.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JvdYJDD.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HCtwEsI.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YVlfmJT.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rfGhbGp.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jodbeog.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\duDNCbp.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gwQrYff.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jUBDMHh.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pZlAzDp.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBHqhSw.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vtlUAfm.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\plNZAGl.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kotKZUs.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KHentNw.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VyyMBWv.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZyKuWK.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hQLwFFU.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dyTLhPp.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ArcMyMx.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuFhZwO.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SUDYwKY.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\usgRjEt.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yfUtNqR.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KUnPlTR.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FsdBelx.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHsqaVb.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GrPEppU.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ganWZOW.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CMjEXsY.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lSYkohv.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TSWmsSf.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cUdpbxy.exe	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2408	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2156 wrote to memory of 2408	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2156 wrote to memory of 2408	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2156 wrote to memory of 1168	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2156 wrote to memory of 1168	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2156 wrote to memory of 1168	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2156 wrote to memory of 3044	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2156 wrote to memory of 3044	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2156 wrote to memory of 3044	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2156 wrote to memory of 2448	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2156 wrote to memory of 2448	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2156 wrote to memory of 2448	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2156 wrote to memory of 2812	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2156 wrote to memory of 2812	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2156 wrote to memory of 2812	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2156 wrote to memory of 2764	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2156 wrote to memory of 2764	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2156 wrote to memory of 2764	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2156 wrote to memory of 2056	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2156 wrote to memory of 2056	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2156 wrote to memory of 2056	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2156 wrote to memory of 2644	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2156 wrote to memory of 2644	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2156 wrote to memory of 2644	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2156 wrote to memory of 2744	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2156 wrote to memory of 2744	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2156 wrote to memory of 2744	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2156 wrote to memory of 2612	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2156 wrote to memory of 2612	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2156 wrote to memory of 2612	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2156 wrote to memory of 2728	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2156 wrote to memory of 2728	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2156 wrote to memory of 2728	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2156 wrote to memory of 2520	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2156 wrote to memory of 2520	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2156 wrote to memory of 2520	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2156 wrote to memory of 2936	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2156 wrote to memory of 2936	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2156 wrote to memory of 2936	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2156 wrote to memory of 2328	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2156 wrote to memory of 2328	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2156 wrote to memory of 2328	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2156 wrote to memory of 2696	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2156 wrote to memory of 2696	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2156 wrote to memory of 2696	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2156 wrote to memory of 3032	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2156 wrote to memory of 3032	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2156 wrote to memory of 3032	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2156 wrote to memory of 2364	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2156 wrote to memory of 2364	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2156 wrote to memory of 2364	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2156 wrote to memory of 1844	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2156 wrote to memory of 1844	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2156 wrote to memory of 1844	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2156 wrote to memory of 1864	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2156 wrote to memory of 1864	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2156 wrote to memory of 1864	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2156 wrote to memory of 1696	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2156 wrote to memory of 1696	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2156 wrote to memory of 1696	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2156 wrote to memory of 1372	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2156 wrote to memory of 1372	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2156 wrote to memory of 1372	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2156 wrote to memory of 600	2156	2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-23_05b12c76cd681739e0d93be2253d7d54_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Windows\System\oVGtesQ.exe
  C:\Windows\System\oVGtesQ.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\ReoEjRH.exe
  C:\Windows\System\ReoEjRH.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\pOMZdqO.exe
  C:\Windows\System\pOMZdqO.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\uxywqLG.exe
  C:\Windows\System\uxywqLG.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\BdhAbFn.exe
  C:\Windows\System\BdhAbFn.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\JAXQSeC.exe
  C:\Windows\System\JAXQSeC.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\DWKxLtK.exe
  C:\Windows\System\DWKxLtK.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\ZpMoJRB.exe
  C:\Windows\System\ZpMoJRB.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\EQjwzoa.exe
  C:\Windows\System\EQjwzoa.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\mYDqdQV.exe
  C:\Windows\System\mYDqdQV.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\UnqWqHY.exe
  C:\Windows\System\UnqWqHY.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\VPRKfyS.exe
  C:\Windows\System\VPRKfyS.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\DHOrYas.exe
  C:\Windows\System\DHOrYas.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\SNrMjqn.exe
  C:\Windows\System\SNrMjqn.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\ecaZAxX.exe
  C:\Windows\System\ecaZAxX.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\nTKtRaZ.exe
  C:\Windows\System\nTKtRaZ.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\OXdRCvC.exe
  C:\Windows\System\OXdRCvC.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\cZlWCWM.exe
  C:\Windows\System\cZlWCWM.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\jZiqsPi.exe
  C:\Windows\System\jZiqsPi.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\MGckEyn.exe
  C:\Windows\System\MGckEyn.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\vmNOuqy.exe
  C:\Windows\System\vmNOuqy.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\ysUenyi.exe
  C:\Windows\System\ysUenyi.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\zgjIOHA.exe
  C:\Windows\System\zgjIOHA.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\fTrphii.exe
  C:\Windows\System\fTrphii.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\sJWzIIv.exe
  C:\Windows\System\sJWzIIv.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\DXHmREw.exe
  C:\Windows\System\DXHmREw.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\ZKBvApr.exe
  C:\Windows\System\ZKBvApr.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\ayvAMVZ.exe
  C:\Windows\System\ayvAMVZ.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\KOFtlpY.exe
  C:\Windows\System\KOFtlpY.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\FcBLMki.exe
  C:\Windows\System\FcBLMki.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\SFRWIty.exe
  C:\Windows\System\SFRWIty.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\TCvOIQs.exe
  C:\Windows\System\TCvOIQs.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\BMohiGE.exe
  C:\Windows\System\BMohiGE.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\LjOJmeO.exe
  C:\Windows\System\LjOJmeO.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\dyEEehu.exe
  C:\Windows\System\dyEEehu.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\gtDWxTg.exe
  C:\Windows\System\gtDWxTg.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\NMPgtPl.exe
  C:\Windows\System\NMPgtPl.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\BEmdUdG.exe
  C:\Windows\System\BEmdUdG.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\lxOgzKo.exe
  C:\Windows\System\lxOgzKo.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\EmDBxcA.exe
  C:\Windows\System\EmDBxcA.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\vzxKqaD.exe
  C:\Windows\System\vzxKqaD.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\cRaVpDj.exe
  C:\Windows\System\cRaVpDj.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\PLkurBG.exe
  C:\Windows\System\PLkurBG.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\KQOohCX.exe
  C:\Windows\System\KQOohCX.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\KZXObpM.exe
  C:\Windows\System\KZXObpM.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\GpnidBR.exe
  C:\Windows\System\GpnidBR.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\NhThJMw.exe
  C:\Windows\System\NhThJMw.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\emcsrHd.exe
  C:\Windows\System\emcsrHd.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\kPhPJla.exe
  C:\Windows\System\kPhPJla.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\lqLucSJ.exe
  C:\Windows\System\lqLucSJ.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\ganWZOW.exe
  C:\Windows\System\ganWZOW.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\aAzoSSb.exe
  C:\Windows\System\aAzoSSb.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\oBRkMGB.exe
  C:\Windows\System\oBRkMGB.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\UMOpIKm.exe
  C:\Windows\System\UMOpIKm.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\XcfizpJ.exe
  C:\Windows\System\XcfizpJ.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\draBFTG.exe
  C:\Windows\System\draBFTG.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\unyaDIN.exe
  C:\Windows\System\unyaDIN.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\IDDTUtq.exe
  C:\Windows\System\IDDTUtq.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\neRJZQH.exe
  C:\Windows\System\neRJZQH.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\yiPKkXS.exe
  C:\Windows\System\yiPKkXS.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\gAWUvfE.exe
  C:\Windows\System\gAWUvfE.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\JhOArwm.exe
  C:\Windows\System\JhOArwm.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\bzsbQLD.exe
  C:\Windows\System\bzsbQLD.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\HQbvzEs.exe
  C:\Windows\System\HQbvzEs.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\XBkZRVX.exe
  C:\Windows\System\XBkZRVX.exe
  2⤵
  PID:588
- C:\Windows\System\sdyVPKk.exe
  C:\Windows\System\sdyVPKk.exe
  2⤵
  PID:536
- C:\Windows\System\ozOrCIJ.exe
  C:\Windows\System\ozOrCIJ.exe
  2⤵
  PID:1000
- C:\Windows\System\RoYkCjY.exe
  C:\Windows\System\RoYkCjY.exe
  2⤵
  PID:2592
- C:\Windows\System\PLiytbF.exe
  C:\Windows\System\PLiytbF.exe
  2⤵
  PID:2312
- C:\Windows\System\iinboGj.exe
  C:\Windows\System\iinboGj.exe
  2⤵
  PID:1612
- C:\Windows\System\clSPFSj.exe
  C:\Windows\System\clSPFSj.exe
  2⤵
  PID:1188
- C:\Windows\System\YhJufLq.exe
  C:\Windows\System\YhJufLq.exe
  2⤵
  PID:1884
- C:\Windows\System\dyIGVqH.exe
  C:\Windows\System\dyIGVqH.exe
  2⤵
  PID:1540
- C:\Windows\System\BMLcEmJ.exe
  C:\Windows\System\BMLcEmJ.exe
  2⤵
  PID:2316
- C:\Windows\System\rUwVnAd.exe
  C:\Windows\System\rUwVnAd.exe
  2⤵
  PID:2324
- C:\Windows\System\IDHpjSY.exe
  C:\Windows\System\IDHpjSY.exe
  2⤵
  PID:2412
- C:\Windows\System\MMdphSv.exe
  C:\Windows\System\MMdphSv.exe
  2⤵
  PID:2272
- C:\Windows\System\wLyyfOp.exe
  C:\Windows\System\wLyyfOp.exe
  2⤵
  PID:2424
- C:\Windows\System\ESQDPpU.exe
  C:\Windows\System\ESQDPpU.exe
  2⤵
  PID:1504
- C:\Windows\System\BdJaBlp.exe
  C:\Windows\System\BdJaBlp.exe
  2⤵
  PID:2508
- C:\Windows\System\zzIMtmj.exe
  C:\Windows\System\zzIMtmj.exe
  2⤵
  PID:2172
- C:\Windows\System\jeaOmgH.exe
  C:\Windows\System\jeaOmgH.exe
  2⤵
  PID:1600
- C:\Windows\System\AWVKzil.exe
  C:\Windows\System\AWVKzil.exe
  2⤵
  PID:1432
- C:\Windows\System\QmOrFpW.exe
  C:\Windows\System\QmOrFpW.exe
  2⤵
  PID:2824
- C:\Windows\System\MZkSPzf.exe
  C:\Windows\System\MZkSPzf.exe
  2⤵
  PID:2708
- C:\Windows\System\SNnORYF.exe
  C:\Windows\System\SNnORYF.exe
  2⤵
  PID:1952
- C:\Windows\System\NgemMUo.exe
  C:\Windows\System\NgemMUo.exe
  2⤵
  PID:2680
- C:\Windows\System\eFLPLEN.exe
  C:\Windows\System\eFLPLEN.exe
  2⤵
  PID:784
- C:\Windows\System\tjmrjMo.exe
  C:\Windows\System\tjmrjMo.exe
  2⤵
  PID:1664
- C:\Windows\System\SSfpNLd.exe
  C:\Windows\System\SSfpNLd.exe
  2⤵
  PID:2140
- C:\Windows\System\JTfbWDf.exe
  C:\Windows\System\JTfbWDf.exe
  2⤵
  PID:860
- C:\Windows\System\pZZNsoC.exe
  C:\Windows\System\pZZNsoC.exe
  2⤵
  PID:1820
- C:\Windows\System\OYjbutT.exe
  C:\Windows\System\OYjbutT.exe
  2⤵
  PID:2168
- C:\Windows\System\bPHwkbb.exe
  C:\Windows\System\bPHwkbb.exe
  2⤵
  PID:1108
- C:\Windows\System\yzttybG.exe
  C:\Windows\System\yzttybG.exe
  2⤵
  PID:1656
- C:\Windows\System\bhQnPaq.exe
  C:\Windows\System\bhQnPaq.exe
  2⤵
  PID:1692
- C:\Windows\System\XtQTvNO.exe
  C:\Windows\System\XtQTvNO.exe
  2⤵
  PID:2784
- C:\Windows\System\EssvsGf.exe
  C:\Windows\System\EssvsGf.exe
  2⤵
  PID:928
- C:\Windows\System\OpNMNdJ.exe
  C:\Windows\System\OpNMNdJ.exe
  2⤵
  PID:2044
- C:\Windows\System\LgyWpsB.exe
  C:\Windows\System\LgyWpsB.exe
  2⤵
  PID:2128
- C:\Windows\System\KluRPNa.exe
  C:\Windows\System\KluRPNa.exe
  2⤵
  PID:3052
- C:\Windows\System\ZKFhrLp.exe
  C:\Windows\System\ZKFhrLp.exe
  2⤵
  PID:2752
- C:\Windows\System\xLLWwjO.exe
  C:\Windows\System\xLLWwjO.exe
  2⤵
  PID:2616
- C:\Windows\System\ZngBBoc.exe
  C:\Windows\System\ZngBBoc.exe
  2⤵
  PID:2000
- C:\Windows\System\GAKDjQR.exe
  C:\Windows\System\GAKDjQR.exe
  2⤵
  PID:2076
- C:\Windows\System\BxozQBm.exe
  C:\Windows\System\BxozQBm.exe
  2⤵
  PID:2344
- C:\Windows\System\xJnVQSt.exe
  C:\Windows\System\xJnVQSt.exe
  2⤵
  PID:2436
- C:\Windows\System\uWhKLZm.exe
  C:\Windows\System\uWhKLZm.exe
  2⤵
  PID:1676
- C:\Windows\System\kUhySjA.exe
  C:\Windows\System\kUhySjA.exe
  2⤵
  PID:1700
- C:\Windows\System\dJnXMhX.exe
  C:\Windows\System\dJnXMhX.exe
  2⤵
  PID:2352
- C:\Windows\System\HAcTVqU.exe
  C:\Windows\System\HAcTVqU.exe
  2⤵
  PID:3080
- C:\Windows\System\nXBtnLw.exe
  C:\Windows\System\nXBtnLw.exe
  2⤵
  PID:3096
- C:\Windows\System\OHSzlaj.exe
  C:\Windows\System\OHSzlaj.exe
  2⤵
  PID:3120
- C:\Windows\System\xBkgqbB.exe
  C:\Windows\System\xBkgqbB.exe
  2⤵
  PID:3140
- C:\Windows\System\WBqIOMN.exe
  C:\Windows\System\WBqIOMN.exe
  2⤵
  PID:3160
- C:\Windows\System\GlDUErh.exe
  C:\Windows\System\GlDUErh.exe
  2⤵
  PID:3176
- C:\Windows\System\XftdWkE.exe
  C:\Windows\System\XftdWkE.exe
  2⤵
  PID:3200
- C:\Windows\System\fCXGOyA.exe
  C:\Windows\System\fCXGOyA.exe
  2⤵
  PID:3220
- C:\Windows\System\urMGZdH.exe
  C:\Windows\System\urMGZdH.exe
  2⤵
  PID:3240
- C:\Windows\System\VDSZgEC.exe
  C:\Windows\System\VDSZgEC.exe
  2⤵
  PID:3260
- C:\Windows\System\BAbJYkX.exe
  C:\Windows\System\BAbJYkX.exe
  2⤵
  PID:3280
- C:\Windows\System\NFgacIh.exe
  C:\Windows\System\NFgacIh.exe
  2⤵
  PID:3300
- C:\Windows\System\eVveXzG.exe
  C:\Windows\System\eVveXzG.exe
  2⤵
  PID:3328
- C:\Windows\System\qslbnWB.exe
  C:\Windows\System\qslbnWB.exe
  2⤵
  PID:3348
- C:\Windows\System\lQckqxO.exe
  C:\Windows\System\lQckqxO.exe
  2⤵
  PID:3368
- C:\Windows\System\BOdriqZ.exe
  C:\Windows\System\BOdriqZ.exe
  2⤵
  PID:3384
- C:\Windows\System\oqDXHze.exe
  C:\Windows\System\oqDXHze.exe
  2⤵
  PID:3408
- C:\Windows\System\GKpcqnR.exe
  C:\Windows\System\GKpcqnR.exe
  2⤵
  PID:3428
- C:\Windows\System\tLldPqo.exe
  C:\Windows\System\tLldPqo.exe
  2⤵
  PID:3448
- C:\Windows\System\KcnNvVw.exe
  C:\Windows\System\KcnNvVw.exe
  2⤵
  PID:3464
- C:\Windows\System\icDVnOE.exe
  C:\Windows\System\icDVnOE.exe
  2⤵
  PID:3488
- C:\Windows\System\rfGhbGp.exe
  C:\Windows\System\rfGhbGp.exe
  2⤵
  PID:3508
- C:\Windows\System\vUyzXhk.exe
  C:\Windows\System\vUyzXhk.exe
  2⤵
  PID:3528
- C:\Windows\System\mhUPoqu.exe
  C:\Windows\System\mhUPoqu.exe
  2⤵
  PID:3544
- C:\Windows\System\KtoMBwS.exe
  C:\Windows\System\KtoMBwS.exe
  2⤵
  PID:3568
- C:\Windows\System\GclFUaH.exe
  C:\Windows\System\GclFUaH.exe
  2⤵
  PID:3584
- C:\Windows\System\SJKRZXC.exe
  C:\Windows\System\SJKRZXC.exe
  2⤵
  PID:3608
- C:\Windows\System\xYruvBe.exe
  C:\Windows\System\xYruvBe.exe
  2⤵
  PID:3624
- C:\Windows\System\VBEogKC.exe
  C:\Windows\System\VBEogKC.exe
  2⤵
  PID:3644
- C:\Windows\System\KzPCNVM.exe
  C:\Windows\System\KzPCNVM.exe
  2⤵
  PID:3664
- C:\Windows\System\rgPCGbb.exe
  C:\Windows\System\rgPCGbb.exe
  2⤵
  PID:3684
- C:\Windows\System\uTqSMNp.exe
  C:\Windows\System\uTqSMNp.exe
  2⤵
  PID:3704
- C:\Windows\System\dmLeLZw.exe
  C:\Windows\System\dmLeLZw.exe
  2⤵
  PID:3724
- C:\Windows\System\YzzMcda.exe
  C:\Windows\System\YzzMcda.exe
  2⤵
  PID:3744
- C:\Windows\System\okwsOlr.exe
  C:\Windows\System\okwsOlr.exe
  2⤵
  PID:3768
- C:\Windows\System\QzxHvzf.exe
  C:\Windows\System\QzxHvzf.exe
  2⤵
  PID:3784
- C:\Windows\System\HSKmlzy.exe
  C:\Windows\System\HSKmlzy.exe
  2⤵
  PID:3808
- C:\Windows\System\cEAwogT.exe
  C:\Windows\System\cEAwogT.exe
  2⤵
  PID:3824
- C:\Windows\System\aeFzUtI.exe
  C:\Windows\System\aeFzUtI.exe
  2⤵
  PID:3848
- C:\Windows\System\FTqscGr.exe
  C:\Windows\System\FTqscGr.exe
  2⤵
  PID:3864
- C:\Windows\System\ypzZUAg.exe
  C:\Windows\System\ypzZUAg.exe
  2⤵
  PID:3888
- C:\Windows\System\rxCaQrF.exe
  C:\Windows\System\rxCaQrF.exe
  2⤵
  PID:3904
- C:\Windows\System\qyPZjQm.exe
  C:\Windows\System\qyPZjQm.exe
  2⤵
  PID:3928
- C:\Windows\System\GUGtJXa.exe
  C:\Windows\System\GUGtJXa.exe
  2⤵
  PID:3944
- C:\Windows\System\PuDAcfM.exe
  C:\Windows\System\PuDAcfM.exe
  2⤵
  PID:3968
- C:\Windows\System\vmDlCSe.exe
  C:\Windows\System\vmDlCSe.exe
  2⤵
  PID:3988
- C:\Windows\System\NuYBnLa.exe
  C:\Windows\System\NuYBnLa.exe
  2⤵
  PID:4008
- C:\Windows\System\MGmealT.exe
  C:\Windows\System\MGmealT.exe
  2⤵
  PID:4032
- C:\Windows\System\bGTmesE.exe
  C:\Windows\System\bGTmesE.exe
  2⤵
  PID:4052
- C:\Windows\System\VXjgmCF.exe
  C:\Windows\System\VXjgmCF.exe
  2⤵
  PID:4072
- C:\Windows\System\xfInJzf.exe
  C:\Windows\System\xfInJzf.exe
  2⤵
  PID:4092
- C:\Windows\System\uVQeekQ.exe
  C:\Windows\System\uVQeekQ.exe
  2⤵
  PID:892
- C:\Windows\System\ALqwbOc.exe
  C:\Windows\System\ALqwbOc.exe
  2⤵
  PID:2740
- C:\Windows\System\RljkExp.exe
  C:\Windows\System\RljkExp.exe
  2⤵
  PID:656
- C:\Windows\System\FmrfNUM.exe
  C:\Windows\System\FmrfNUM.exe
  2⤵
  PID:1512
- C:\Windows\System\xWMmcsg.exe
  C:\Windows\System\xWMmcsg.exe
  2⤵
  PID:1976
- C:\Windows\System\oCcKfoT.exe
  C:\Windows\System\oCcKfoT.exe
  2⤵
  PID:1712
- C:\Windows\System\nsbOAta.exe
  C:\Windows\System\nsbOAta.exe
  2⤵
  PID:3028
- C:\Windows\System\kFwByYa.exe
  C:\Windows\System\kFwByYa.exe
  2⤵
  PID:1400
- C:\Windows\System\QUIVaxy.exe
  C:\Windows\System\QUIVaxy.exe
  2⤵
  PID:3184
- C:\Windows\System\lJdRpYI.exe
  C:\Windows\System\lJdRpYI.exe
  2⤵
  PID:3088
- C:\Windows\System\eddSkUP.exe
  C:\Windows\System\eddSkUP.exe
  2⤵
  PID:3128
- C:\Windows\System\QBHqhSw.exe
  C:\Windows\System\QBHqhSw.exe
  2⤵
  PID:3232
- C:\Windows\System\ZvXSIfJ.exe
  C:\Windows\System\ZvXSIfJ.exe
  2⤵
  PID:3216
- C:\Windows\System\wYlwKfn.exe
  C:\Windows\System\wYlwKfn.exe
  2⤵
  PID:3288
- C:\Windows\System\BcgbyvX.exe
  C:\Windows\System\BcgbyvX.exe
  2⤵
  PID:3320
- C:\Windows\System\fVlgLqe.exe
  C:\Windows\System\fVlgLqe.exe
  2⤵
  PID:3336
- C:\Windows\System\PXLrEwy.exe
  C:\Windows\System\PXLrEwy.exe
  2⤵
  PID:3396
- C:\Windows\System\ZHKuuHS.exe
  C:\Windows\System\ZHKuuHS.exe
  2⤵
  PID:3444
- C:\Windows\System\FaMOcEN.exe
  C:\Windows\System\FaMOcEN.exe
  2⤵
  PID:3472
- C:\Windows\System\koENeOL.exe
  C:\Windows\System\koENeOL.exe
  2⤵
  PID:3456
- C:\Windows\System\usgRjEt.exe
  C:\Windows\System\usgRjEt.exe
  2⤵
  PID:3552
- C:\Windows\System\VeoNMMX.exe
  C:\Windows\System\VeoNMMX.exe
  2⤵
  PID:3600
- C:\Windows\System\fFACnKD.exe
  C:\Windows\System\fFACnKD.exe
  2⤵
  PID:3540
- C:\Windows\System\TusmTMb.exe
  C:\Windows\System\TusmTMb.exe
  2⤵
  PID:3680
- C:\Windows\System\QPQBzFg.exe
  C:\Windows\System\QPQBzFg.exe
  2⤵
  PID:3676
- C:\Windows\System\HgJyFbN.exe
  C:\Windows\System\HgJyFbN.exe
  2⤵
  PID:3660
- C:\Windows\System\OMstkfO.exe
  C:\Windows\System\OMstkfO.exe
  2⤵
  PID:3732
- C:\Windows\System\EPIHdJS.exe
  C:\Windows\System\EPIHdJS.exe
  2⤵
  PID:3760
- C:\Windows\System\coEBnLK.exe
  C:\Windows\System\coEBnLK.exe
  2⤵
  PID:3792
- C:\Windows\System\IZXZvuA.exe
  C:\Windows\System\IZXZvuA.exe
  2⤵
  PID:3836
- C:\Windows\System\mjGxwnT.exe
  C:\Windows\System\mjGxwnT.exe
  2⤵
  PID:3872
- C:\Windows\System\HyseOlX.exe
  C:\Windows\System\HyseOlX.exe
  2⤵
  PID:3856
- C:\Windows\System\lOTSfdG.exe
  C:\Windows\System\lOTSfdG.exe
  2⤵
  PID:3920
- C:\Windows\System\YXWfDOP.exe
  C:\Windows\System\YXWfDOP.exe
  2⤵
  PID:3960
- C:\Windows\System\ZsNMWMQ.exe
  C:\Windows\System\ZsNMWMQ.exe
  2⤵
  PID:3996
- C:\Windows\System\xoIVNhU.exe
  C:\Windows\System\xoIVNhU.exe
  2⤵
  PID:3976
- C:\Windows\System\OtueKEv.exe
  C:\Windows\System\OtueKEv.exe
  2⤵
  PID:4024
- C:\Windows\System\bvdDiIc.exe
  C:\Windows\System\bvdDiIc.exe
  2⤵
  PID:2756
- C:\Windows\System\BqgApqB.exe
  C:\Windows\System\BqgApqB.exe
  2⤵
  PID:2640
- C:\Windows\System\WJwnyLg.exe
  C:\Windows\System\WJwnyLg.exe
  2⤵
  PID:1764
- C:\Windows\System\emgdWRI.exe
  C:\Windows\System\emgdWRI.exe
  2⤵
  PID:2284
- C:\Windows\System\MJbbEFf.exe
  C:\Windows\System\MJbbEFf.exe
  2⤵
  PID:552
- C:\Windows\System\kRDSUfz.exe
  C:\Windows\System\kRDSUfz.exe
  2⤵
  PID:3112
- C:\Windows\System\fPYEfdY.exe
  C:\Windows\System\fPYEfdY.exe
  2⤵
  PID:2160
- C:\Windows\System\PzeYnzv.exe
  C:\Windows\System\PzeYnzv.exe
  2⤵
  PID:2748
- C:\Windows\System\KfvkRoW.exe
  C:\Windows\System\KfvkRoW.exe
  2⤵
  PID:3168
- C:\Windows\System\BbUuICr.exe
  C:\Windows\System\BbUuICr.exe
  2⤵
  PID:3256
- C:\Windows\System\dCFjwih.exe
  C:\Windows\System\dCFjwih.exe
  2⤵
  PID:3360
- C:\Windows\System\LeEXSrg.exe
  C:\Windows\System\LeEXSrg.exe
  2⤵
  PID:3380
- C:\Windows\System\PmKGPVe.exe
  C:\Windows\System\PmKGPVe.exe
  2⤵
  PID:3964
- C:\Windows\System\fmnHdaf.exe
  C:\Windows\System\fmnHdaf.exe
  2⤵
  PID:3424
- C:\Windows\System\SzVEVLK.exe
  C:\Windows\System\SzVEVLK.exe
  2⤵
  PID:3640
- C:\Windows\System\YqtMZOj.exe
  C:\Windows\System\YqtMZOj.exe
  2⤵
  PID:3524
- C:\Windows\System\LGkqyHJ.exe
  C:\Windows\System\LGkqyHJ.exe
  2⤵
  PID:3656
- C:\Windows\System\ttEpJre.exe
  C:\Windows\System\ttEpJre.exe
  2⤵
  PID:3616
- C:\Windows\System\SXMKRHg.exe
  C:\Windows\System\SXMKRHg.exe
  2⤵
  PID:3796
- C:\Windows\System\YyrAUFc.exe
  C:\Windows\System\YyrAUFc.exe
  2⤵
  PID:2432
- C:\Windows\System\iNCQFna.exe
  C:\Windows\System\iNCQFna.exe
  2⤵
  PID:3820
- C:\Windows\System\VFrnhrE.exe
  C:\Windows\System\VFrnhrE.exe
  2⤵
  PID:3952
- C:\Windows\System\YPIrotm.exe
  C:\Windows\System\YPIrotm.exe
  2⤵
  PID:2804
- C:\Windows\System\RTSLRCt.exe
  C:\Windows\System\RTSLRCt.exe
  2⤵
  PID:4080
- C:\Windows\System\bjsdfVB.exe
  C:\Windows\System\bjsdfVB.exe
  2⤵
  PID:4040
- C:\Windows\System\ZoFJQyp.exe
  C:\Windows\System\ZoFJQyp.exe
  2⤵
  PID:828
- C:\Windows\System\TuFhZwO.exe
  C:\Windows\System\TuFhZwO.exe
  2⤵
  PID:4068
- C:\Windows\System\CEHMAqq.exe
  C:\Windows\System\CEHMAqq.exe
  2⤵
  PID:1580
- C:\Windows\System\EQoothI.exe
  C:\Windows\System\EQoothI.exe
  2⤵
  PID:2732
- C:\Windows\System\TCoFgUE.exe
  C:\Windows\System\TCoFgUE.exe
  2⤵
  PID:3152
- C:\Windows\System\lRGJqIK.exe
  C:\Windows\System\lRGJqIK.exe
  2⤵
  PID:3252
- C:\Windows\System\NOoaWJM.exe
  C:\Windows\System\NOoaWJM.exe
  2⤵
  PID:3308
- C:\Windows\System\iiPQznm.exe
  C:\Windows\System\iiPQznm.exe
  2⤵
  PID:3324
- C:\Windows\System\XwZrPIw.exe
  C:\Windows\System\XwZrPIw.exe
  2⤵
  PID:3400
- C:\Windows\System\iILGCcF.exe
  C:\Windows\System\iILGCcF.exe
  2⤵
  PID:3536
- C:\Windows\System\oOfUJhy.exe
  C:\Windows\System\oOfUJhy.exe
  2⤵
  PID:3752
- C:\Windows\System\LcCoJQf.exe
  C:\Windows\System\LcCoJQf.exe
  2⤵
  PID:3816
- C:\Windows\System\GKVNuSo.exe
  C:\Windows\System\GKVNuSo.exe
  2⤵
  PID:3764
- C:\Windows\System\lmbiUPJ.exe
  C:\Windows\System\lmbiUPJ.exe
  2⤵
  PID:2908
- C:\Windows\System\kisMiZR.exe
  C:\Windows\System\kisMiZR.exe
  2⤵
  PID:3980
- C:\Windows\System\FqHuRvV.exe
  C:\Windows\System\FqHuRvV.exe
  2⤵
  PID:2632
- C:\Windows\System\ZQGdhtf.exe
  C:\Windows\System\ZQGdhtf.exe
  2⤵
  PID:3196
- C:\Windows\System\czMwuNo.exe
  C:\Windows\System\czMwuNo.exe
  2⤵
  PID:1888
- C:\Windows\System\DIARSry.exe
  C:\Windows\System\DIARSry.exe
  2⤵
  PID:1424
- C:\Windows\System\mgCcmgL.exe
  C:\Windows\System\mgCcmgL.exe
  2⤵
  PID:3248
- C:\Windows\System\oBRqdnR.exe
  C:\Windows\System\oBRqdnR.exe
  2⤵
  PID:3228
- C:\Windows\System\PsdivFg.exe
  C:\Windows\System\PsdivFg.exe
  2⤵
  PID:3596
- C:\Windows\System\RYiSYmY.exe
  C:\Windows\System\RYiSYmY.exe
  2⤵
  PID:3496
- C:\Windows\System\YCySYHi.exe
  C:\Windows\System\YCySYHi.exe
  2⤵
  PID:4000
- C:\Windows\System\CblvSIw.exe
  C:\Windows\System\CblvSIw.exe
  2⤵
  PID:2820
- C:\Windows\System\ZlBBEam.exe
  C:\Windows\System\ZlBBEam.exe
  2⤵
  PID:2460
- C:\Windows\System\lgXZfHB.exe
  C:\Windows\System\lgXZfHB.exe
  2⤵
  PID:4028
- C:\Windows\System\lPtieXF.exe
  C:\Windows\System\lPtieXF.exe
  2⤵
  PID:3984
- C:\Windows\System\mFDjGse.exe
  C:\Windows\System\mFDjGse.exe
  2⤵
  PID:3344
- C:\Windows\System\hufDgKy.exe
  C:\Windows\System\hufDgKy.exe
  2⤵
  PID:2384
- C:\Windows\System\vbcJhUh.exe
  C:\Windows\System\vbcJhUh.exe
  2⤵
  PID:3860
- C:\Windows\System\kaHlJIY.exe
  C:\Windows\System\kaHlJIY.exe
  2⤵
  PID:3692
- C:\Windows\System\FYViCQF.exe
  C:\Windows\System\FYViCQF.exe
  2⤵
  PID:3056
- C:\Windows\System\tBzxiIW.exe
  C:\Windows\System\tBzxiIW.exe
  2⤵
  PID:3940
- C:\Windows\System\KDJiTyE.exe
  C:\Windows\System\KDJiTyE.exe
  2⤵
  PID:1328
- C:\Windows\System\xCkNfLc.exe
  C:\Windows\System\xCkNfLc.exe
  2⤵
  PID:3636
- C:\Windows\System\fWoSHty.exe
  C:\Windows\System\fWoSHty.exe
  2⤵
  PID:3880
- C:\Windows\System\QzVmeWw.exe
  C:\Windows\System\QzVmeWw.exe
  2⤵
  PID:3516
- C:\Windows\System\pmwTten.exe
  C:\Windows\System\pmwTten.exe
  2⤵
  PID:3376
- C:\Windows\System\nOMEBzp.exe
  C:\Windows\System\nOMEBzp.exe
  2⤵
  PID:2768
- C:\Windows\System\GsajKrb.exe
  C:\Windows\System\GsajKrb.exe
  2⤵
  PID:2916
- C:\Windows\System\pSrjJbl.exe
  C:\Windows\System\pSrjJbl.exe
  2⤵
  PID:2924
- C:\Windows\System\WwFToCX.exe
  C:\Windows\System\WwFToCX.exe
  2⤵
  PID:796
- C:\Windows\System\UoJPghF.exe
  C:\Windows\System\UoJPghF.exe
  2⤵
  PID:3900
- C:\Windows\System\RQnPlcZ.exe
  C:\Windows\System\RQnPlcZ.exe
  2⤵
  PID:2976
- C:\Windows\System\ZKQeoIl.exe
  C:\Windows\System\ZKQeoIl.exe
  2⤵
  PID:2796
- C:\Windows\System\jUDEYtV.exe
  C:\Windows\System\jUDEYtV.exe
  2⤵
  PID:2716
- C:\Windows\System\HBrjRCD.exe
  C:\Windows\System\HBrjRCD.exe
  2⤵
  PID:2620
- C:\Windows\System\ECjdbde.exe
  C:\Windows\System\ECjdbde.exe
  2⤵
  PID:1140
- C:\Windows\System\qNCYQeC.exe
  C:\Windows\System\qNCYQeC.exe
  2⤵
  PID:2932
- C:\Windows\System\LJhQugR.exe
  C:\Windows\System\LJhQugR.exe
  2⤵
  PID:2960
- C:\Windows\System\RsVLtQI.exe
  C:\Windows\System\RsVLtQI.exe
  2⤵
  PID:2984
- C:\Windows\System\eRqEXfW.exe
  C:\Windows\System\eRqEXfW.exe
  2⤵
  PID:2336
- C:\Windows\System\MrMUdvh.exe
  C:\Windows\System\MrMUdvh.exe
  2⤵
  PID:3208
- C:\Windows\System\SaKugyG.exe
  C:\Windows\System\SaKugyG.exe
  2⤵
  PID:3040
- C:\Windows\System\MdtquFG.exe
  C:\Windows\System\MdtquFG.exe
  2⤵
  PID:3700
- C:\Windows\System\BkYkOpI.exe
  C:\Windows\System\BkYkOpI.exe
  2⤵
  PID:2848
- C:\Windows\System\NATcMxo.exe
  C:\Windows\System\NATcMxo.exe
  2⤵
  PID:4112
- C:\Windows\System\MaDvPzz.exe
  C:\Windows\System\MaDvPzz.exe
  2⤵
  PID:4132
- C:\Windows\System\DOXJawI.exe
  C:\Windows\System\DOXJawI.exe
  2⤵
  PID:4156
- C:\Windows\System\SgSrKTe.exe
  C:\Windows\System\SgSrKTe.exe
  2⤵
  PID:4172
- C:\Windows\System\WTyVUQe.exe
  C:\Windows\System\WTyVUQe.exe
  2⤵
  PID:4192
- C:\Windows\System\KZyKuWK.exe
  C:\Windows\System\KZyKuWK.exe
  2⤵
  PID:4216
- C:\Windows\System\HcvaiFt.exe
  C:\Windows\System\HcvaiFt.exe
  2⤵
  PID:4232
- C:\Windows\System\ikCCGAZ.exe
  C:\Windows\System\ikCCGAZ.exe
  2⤵
  PID:4248
- C:\Windows\System\FDKBetQ.exe
  C:\Windows\System\FDKBetQ.exe
  2⤵
  PID:4264
- C:\Windows\System\cnhztOg.exe
  C:\Windows\System\cnhztOg.exe
  2⤵
  PID:4280
- C:\Windows\System\lVWBnIl.exe
  C:\Windows\System\lVWBnIl.exe
  2⤵
  PID:4296
- C:\Windows\System\VtRcZrB.exe
  C:\Windows\System\VtRcZrB.exe
  2⤵
  PID:4332
- C:\Windows\System\fkxGTNE.exe
  C:\Windows\System\fkxGTNE.exe
  2⤵
  PID:4356
- C:\Windows\System\gAxYysk.exe
  C:\Windows\System\gAxYysk.exe
  2⤵
  PID:4372
- C:\Windows\System\hnRspCg.exe
  C:\Windows\System\hnRspCg.exe
  2⤵
  PID:4412
- C:\Windows\System\ljWYeTu.exe
  C:\Windows\System\ljWYeTu.exe
  2⤵
  PID:4428
- C:\Windows\System\MnmVAnP.exe
  C:\Windows\System\MnmVAnP.exe
  2⤵
  PID:4456
- C:\Windows\System\KcdSrLL.exe
  C:\Windows\System\KcdSrLL.exe
  2⤵
  PID:4472
- C:\Windows\System\jjdjRRQ.exe
  C:\Windows\System\jjdjRRQ.exe
  2⤵
  PID:4492
- C:\Windows\System\lzCiBie.exe
  C:\Windows\System\lzCiBie.exe
  2⤵
  PID:4508
- C:\Windows\System\UCqaWBf.exe
  C:\Windows\System\UCqaWBf.exe
  2⤵
  PID:4536
- C:\Windows\System\aqtPlOT.exe
  C:\Windows\System\aqtPlOT.exe
  2⤵
  PID:4552
- C:\Windows\System\qVyzFLx.exe
  C:\Windows\System\qVyzFLx.exe
  2⤵
  PID:4568
- C:\Windows\System\qPKQkgP.exe
  C:\Windows\System\qPKQkgP.exe
  2⤵
  PID:4584
- C:\Windows\System\IjXavfU.exe
  C:\Windows\System\IjXavfU.exe
  2⤵
  PID:4600
- C:\Windows\System\QRZYrzw.exe
  C:\Windows\System\QRZYrzw.exe
  2⤵
  PID:4620
- C:\Windows\System\dsMKeFF.exe
  C:\Windows\System\dsMKeFF.exe
  2⤵
  PID:4640
- C:\Windows\System\HdPskWi.exe
  C:\Windows\System\HdPskWi.exe
  2⤵
  PID:4660
- C:\Windows\System\HMRfHap.exe
  C:\Windows\System\HMRfHap.exe
  2⤵
  PID:4676
- C:\Windows\System\jFBBEID.exe
  C:\Windows\System\jFBBEID.exe
  2⤵
  PID:4692
- C:\Windows\System\CMjEXsY.exe
  C:\Windows\System\CMjEXsY.exe
  2⤵
  PID:4708
- C:\Windows\System\jnUQlMy.exe
  C:\Windows\System\jnUQlMy.exe
  2⤵
  PID:4724
- C:\Windows\System\jhwqOgf.exe
  C:\Windows\System\jhwqOgf.exe
  2⤵
  PID:4744
- C:\Windows\System\oQAkNha.exe
  C:\Windows\System\oQAkNha.exe
  2⤵
  PID:4760
- C:\Windows\System\UIorzda.exe
  C:\Windows\System\UIorzda.exe
  2⤵
  PID:4776
- C:\Windows\System\pOTqKzE.exe
  C:\Windows\System\pOTqKzE.exe
  2⤵
  PID:4828
- C:\Windows\System\nMsDukD.exe
  C:\Windows\System\nMsDukD.exe
  2⤵
  PID:4856
- C:\Windows\System\FTUetUA.exe
  C:\Windows\System\FTUetUA.exe
  2⤵
  PID:4872
- C:\Windows\System\vocHZaj.exe
  C:\Windows\System\vocHZaj.exe
  2⤵
  PID:4888
- C:\Windows\System\MAzwAmf.exe
  C:\Windows\System\MAzwAmf.exe
  2⤵
  PID:4904
- C:\Windows\System\uWjuViP.exe
  C:\Windows\System\uWjuViP.exe
  2⤵
  PID:4920
- C:\Windows\System\IgWTyJv.exe
  C:\Windows\System\IgWTyJv.exe
  2⤵
  PID:4936
- C:\Windows\System\jodbeog.exe
  C:\Windows\System\jodbeog.exe
  2⤵
  PID:4980
- C:\Windows\System\dWwyWWf.exe
  C:\Windows\System\dWwyWWf.exe
  2⤵
  PID:4996
- C:\Windows\System\kdFALzp.exe
  C:\Windows\System\kdFALzp.exe
  2⤵
  PID:5012
- C:\Windows\System\kEfKSLC.exe
  C:\Windows\System\kEfKSLC.exe
  2⤵
  PID:5032
- C:\Windows\System\jmHkShU.exe
  C:\Windows\System\jmHkShU.exe
  2⤵
  PID:5048
- C:\Windows\System\wgumXJO.exe
  C:\Windows\System\wgumXJO.exe
  2⤵
  PID:5064
- C:\Windows\System\FYzhqlY.exe
  C:\Windows\System\FYzhqlY.exe
  2⤵
  PID:5080
- C:\Windows\System\uxAiKwy.exe
  C:\Windows\System\uxAiKwy.exe
  2⤵
  PID:5096
- C:\Windows\System\WGVqYqM.exe
  C:\Windows\System\WGVqYqM.exe
  2⤵
  PID:5116
- C:\Windows\System\usZHvdR.exe
  C:\Windows\System\usZHvdR.exe
  2⤵
  PID:4104
- C:\Windows\System\JHecMMr.exe
  C:\Windows\System\JHecMMr.exe
  2⤵
  PID:4140
- C:\Windows\System\kjRDSBM.exe
  C:\Windows\System\kjRDSBM.exe
  2⤵
  PID:4124
- C:\Windows\System\AUsxezu.exe
  C:\Windows\System\AUsxezu.exe
  2⤵
  PID:4188
- C:\Windows\System\QpMvaws.exe
  C:\Windows\System\QpMvaws.exe
  2⤵
  PID:4256
- C:\Windows\System\Kpwbmuy.exe
  C:\Windows\System\Kpwbmuy.exe
  2⤵
  PID:3068
- C:\Windows\System\FfYdBfP.exe
  C:\Windows\System\FfYdBfP.exe
  2⤵
  PID:4212
- C:\Windows\System\JqjPbwu.exe
  C:\Windows\System\JqjPbwu.exe
  2⤵
  PID:4304
- C:\Windows\System\MKGXTrX.exe
  C:\Windows\System\MKGXTrX.exe
  2⤵
  PID:4380
- C:\Windows\System\TeNBtVY.exe
  C:\Windows\System\TeNBtVY.exe
  2⤵
  PID:4396
- C:\Windows\System\kAnrsIz.exe
  C:\Windows\System\kAnrsIz.exe
  2⤵
  PID:1648
- C:\Windows\System\Euoojyx.exe
  C:\Windows\System\Euoojyx.exe
  2⤵
  PID:4364
- C:\Windows\System\fTvPvfq.exe
  C:\Windows\System\fTvPvfq.exe
  2⤵
  PID:4444
- C:\Windows\System\JvdYJDD.exe
  C:\Windows\System\JvdYJDD.exe
  2⤵
  PID:4452
- C:\Windows\System\BKqXKiW.exe
  C:\Windows\System\BKqXKiW.exe
  2⤵
  PID:4484
- C:\Windows\System\BDfZjPz.exe
  C:\Windows\System\BDfZjPz.exe
  2⤵
  PID:4524
- C:\Windows\System\nMnmRqh.exe
  C:\Windows\System\nMnmRqh.exe
  2⤵
  PID:1704
- C:\Windows\System\dXjDshr.exe
  C:\Windows\System\dXjDshr.exe
  2⤵
  PID:4564
- C:\Windows\System\eTjXVlu.exe
  C:\Windows\System\eTjXVlu.exe
  2⤵
  PID:4628
- C:\Windows\System\erWdLLz.exe
  C:\Windows\System\erWdLLz.exe
  2⤵
  PID:4668
- C:\Windows\System\JcZTEvK.exe
  C:\Windows\System\JcZTEvK.exe
  2⤵
  PID:4772
- C:\Windows\System\mwIIFcs.exe
  C:\Windows\System\mwIIFcs.exe
  2⤵
  PID:4656
- C:\Windows\System\HhhSOLz.exe
  C:\Windows\System\HhhSOLz.exe
  2⤵
  PID:4684
- C:\Windows\System\MIStIYC.exe
  C:\Windows\System\MIStIYC.exe
  2⤵
  PID:4752
- C:\Windows\System\CxgAIVd.exe
  C:\Windows\System\CxgAIVd.exe
  2⤵
  PID:4788
- C:\Windows\System\HCtwEsI.exe
  C:\Windows\System\HCtwEsI.exe
  2⤵
  PID:4812
- C:\Windows\System\fXCswKa.exe
  C:\Windows\System\fXCswKa.exe
  2⤵
  PID:4880
- C:\Windows\System\jJBjVkd.exe
  C:\Windows\System\jJBjVkd.exe
  2⤵
  PID:4896
- C:\Windows\System\Adyxckd.exe
  C:\Windows\System\Adyxckd.exe
  2⤵
  PID:4964
- C:\Windows\System\BYiuHRT.exe
  C:\Windows\System\BYiuHRT.exe
  2⤵
  PID:4932
- C:\Windows\System\ispREVA.exe
  C:\Windows\System\ispREVA.exe
  2⤵
  PID:5008
- C:\Windows\System\bomzJKl.exe
  C:\Windows\System\bomzJKl.exe
  2⤵
  PID:5076
- C:\Windows\System\IGPkmbQ.exe
  C:\Windows\System\IGPkmbQ.exe
  2⤵
  PID:2700
- C:\Windows\System\oxTSkjN.exe
  C:\Windows\System\oxTSkjN.exe
  2⤵
  PID:4292
- C:\Windows\System\wjLQaqs.exe
  C:\Windows\System\wjLQaqs.exe
  2⤵
  PID:5060
- C:\Windows\System\SwpWPVD.exe
  C:\Windows\System\SwpWPVD.exe
  2⤵
  PID:4108
- C:\Windows\System\lhNmbYg.exe
  C:\Windows\System\lhNmbYg.exe
  2⤵
  PID:4120
- C:\Windows\System\wEzmNYX.exe
  C:\Windows\System\wEzmNYX.exe
  2⤵
  PID:4392
- C:\Windows\System\agTzUca.exe
  C:\Windows\System\agTzUca.exe
  2⤵
  PID:4152
- C:\Windows\System\NvldxAT.exe
  C:\Windows\System\NvldxAT.exe
  2⤵
  PID:5088
- C:\Windows\System\NWBpBPH.exe
  C:\Windows\System\NWBpBPH.exe
  2⤵
  PID:4440
- C:\Windows\System\JDDgKLa.exe
  C:\Windows\System\JDDgKLa.exe
  2⤵
  PID:4516
- C:\Windows\System\BrMDJcX.exe
  C:\Windows\System\BrMDJcX.exe
  2⤵
  PID:4340
- C:\Windows\System\IGiVvRw.exe
  C:\Windows\System\IGiVvRw.exe
  2⤵
  PID:4652
- C:\Windows\System\SvbZXVk.exe
  C:\Windows\System\SvbZXVk.exe
  2⤵
  PID:4404
- C:\Windows\System\MarqCtH.exe
  C:\Windows\System\MarqCtH.exe
  2⤵
  PID:4808
- C:\Windows\System\UzIccdP.exe
  C:\Windows\System\UzIccdP.exe
  2⤵
  PID:4740
- C:\Windows\System\awBEXtH.exe
  C:\Windows\System\awBEXtH.exe
  2⤵
  PID:4840
- C:\Windows\System\gporImt.exe
  C:\Windows\System\gporImt.exe
  2⤵
  PID:4868
- C:\Windows\System\HEBQYzM.exe
  C:\Windows\System\HEBQYzM.exe
  2⤵
  PID:4836
- C:\Windows\System\HZKarDl.exe
  C:\Windows\System\HZKarDl.exe
  2⤵
  PID:5044
- C:\Windows\System\TbxQveQ.exe
  C:\Windows\System\TbxQveQ.exe
  2⤵
  PID:4988
- C:\Windows\System\erEFGOa.exe
  C:\Windows\System\erEFGOa.exe
  2⤵
  PID:5004
- C:\Windows\System\nInSYnv.exe
  C:\Windows\System\nInSYnv.exe
  2⤵
  PID:5020
- C:\Windows\System\prKkxEi.exe
  C:\Windows\System\prKkxEi.exe
  2⤵
  PID:5092
- C:\Windows\System\TdAKRbW.exe
  C:\Windows\System\TdAKRbW.exe
  2⤵
  PID:4548
- C:\Windows\System\mWMgmxK.exe
  C:\Windows\System\mWMgmxK.exe
  2⤵
  PID:4348
- C:\Windows\System\rzzmLGr.exe
  C:\Windows\System\rzzmLGr.exe
  2⤵
  PID:2704
- C:\Windows\System\LgOjIrg.exe
  C:\Windows\System\LgOjIrg.exe
  2⤵
  PID:4804
- C:\Windows\System\bivpQjW.exe
  C:\Windows\System\bivpQjW.exe
  2⤵
  PID:4820
- C:\Windows\System\sMJxjwF.exe
  C:\Windows\System\sMJxjwF.exe
  2⤵
  PID:4616
- C:\Windows\System\ogHFYvR.exe
  C:\Windows\System\ogHFYvR.exe
  2⤵
  PID:3048
- C:\Windows\System\RVhALXp.exe
  C:\Windows\System\RVhALXp.exe
  2⤵
  PID:4916
- C:\Windows\System\evsanBj.exe
  C:\Windows\System\evsanBj.exe
  2⤵
  PID:4944
- C:\Windows\System\rtOJjoU.exe
  C:\Windows\System\rtOJjoU.exe
  2⤵
  PID:4992
- C:\Windows\System\KgXjoaV.exe
  C:\Windows\System\KgXjoaV.exe
  2⤵
  PID:4312
- C:\Windows\System\kvrvGpT.exe
  C:\Windows\System\kvrvGpT.exe
  2⤵
  PID:4144
- C:\Windows\System\QtxVRXg.exe
  C:\Windows\System\QtxVRXg.exe
  2⤵
  PID:4504
- C:\Windows\System\uzBBcpw.exe
  C:\Windows\System\uzBBcpw.exe
  2⤵
  PID:2940
- C:\Windows\System\yPKQlFE.exe
  C:\Windows\System\yPKQlFE.exe
  2⤵
  PID:4716
- C:\Windows\System\UEmuvTK.exe
  C:\Windows\System\UEmuvTK.exe
  2⤵
  PID:4704
- C:\Windows\System\aTrzMFI.exe
  C:\Windows\System\aTrzMFI.exe
  2⤵
  PID:4700
- C:\Windows\System\WfndECD.exe
  C:\Windows\System\WfndECD.exe
  2⤵
  PID:4272
- C:\Windows\System\HxdOQDT.exe
  C:\Windows\System\HxdOQDT.exe
  2⤵
  PID:4424
- C:\Windows\System\ObZpaaX.exe
  C:\Windows\System\ObZpaaX.exe
  2⤵
  PID:4848
- C:\Windows\System\kHiUqiq.exe
  C:\Windows\System\kHiUqiq.exe
  2⤵
  PID:4976
- C:\Windows\System\LUQijjh.exe
  C:\Windows\System\LUQijjh.exe
  2⤵
  PID:4276
- C:\Windows\System\YuxHkTo.exe
  C:\Windows\System\YuxHkTo.exe
  2⤵
  PID:4796
- C:\Windows\System\MNvDQPC.exe
  C:\Windows\System\MNvDQPC.exe
  2⤵
  PID:5112
- C:\Windows\System\CLpmjre.exe
  C:\Windows\System\CLpmjre.exe
  2⤵
  PID:4824
- C:\Windows\System\ouEmKkc.exe
  C:\Windows\System\ouEmKkc.exe
  2⤵
  PID:5124
- C:\Windows\System\atqFEih.exe
  C:\Windows\System\atqFEih.exe
  2⤵
  PID:5144
- C:\Windows\System\WfYOdgw.exe
  C:\Windows\System\WfYOdgw.exe
  2⤵
  PID:5164
- C:\Windows\System\luGrVJX.exe
  C:\Windows\System\luGrVJX.exe
  2⤵
  PID:5192
- C:\Windows\System\BurZlLI.exe
  C:\Windows\System\BurZlLI.exe
  2⤵
  PID:5212
- C:\Windows\System\GjHBuOb.exe
  C:\Windows\System\GjHBuOb.exe
  2⤵
  PID:5248
- C:\Windows\System\saYRSZr.exe
  C:\Windows\System\saYRSZr.exe
  2⤵
  PID:5264
- C:\Windows\System\VjZRlms.exe
  C:\Windows\System\VjZRlms.exe
  2⤵
  PID:5280
- C:\Windows\System\jtezhew.exe
  C:\Windows\System\jtezhew.exe
  2⤵
  PID:5308
- C:\Windows\System\YntKwzk.exe
  C:\Windows\System\YntKwzk.exe
  2⤵
  PID:5324
- C:\Windows\System\NLQOvAj.exe
  C:\Windows\System\NLQOvAj.exe
  2⤵
  PID:5340
- C:\Windows\System\pVxPKlA.exe
  C:\Windows\System\pVxPKlA.exe
  2⤵
  PID:5360
- C:\Windows\System\NyoeymZ.exe
  C:\Windows\System\NyoeymZ.exe
  2⤵
  PID:5380
- C:\Windows\System\SWWRsaG.exe
  C:\Windows\System\SWWRsaG.exe
  2⤵
  PID:5396
- C:\Windows\System\nQQkCxa.exe
  C:\Windows\System\nQQkCxa.exe
  2⤵
  PID:5412
- C:\Windows\System\uJqLwJP.exe
  C:\Windows\System\uJqLwJP.exe
  2⤵
  PID:5428
- C:\Windows\System\XeqtlKQ.exe
  C:\Windows\System\XeqtlKQ.exe
  2⤵
  PID:5448
- C:\Windows\System\qjzeybg.exe
  C:\Windows\System\qjzeybg.exe
  2⤵
  PID:5468
- C:\Windows\System\ieqYdlU.exe
  C:\Windows\System\ieqYdlU.exe
  2⤵
  PID:5484
- C:\Windows\System\WVprnfx.exe
  C:\Windows\System\WVprnfx.exe
  2⤵
  PID:5504
- C:\Windows\System\qenZZqe.exe
  C:\Windows\System\qenZZqe.exe
  2⤵
  PID:5520
- C:\Windows\System\jaAwJIl.exe
  C:\Windows\System\jaAwJIl.exe
  2⤵
  PID:5568
- C:\Windows\System\PrFqwCN.exe
  C:\Windows\System\PrFqwCN.exe
  2⤵
  PID:5584
- C:\Windows\System\nVMPsUy.exe
  C:\Windows\System\nVMPsUy.exe
  2⤵
  PID:5600
- C:\Windows\System\vEoPTou.exe
  C:\Windows\System\vEoPTou.exe
  2⤵
  PID:5616
- C:\Windows\System\NMMVaOM.exe
  C:\Windows\System\NMMVaOM.exe
  2⤵
  PID:5636
- C:\Windows\System\qyoCIff.exe
  C:\Windows\System\qyoCIff.exe
  2⤵
  PID:5652
- C:\Windows\System\aKJooxv.exe
  C:\Windows\System\aKJooxv.exe
  2⤵
  PID:5668
- C:\Windows\System\COfaZnv.exe
  C:\Windows\System\COfaZnv.exe
  2⤵
  PID:5684
- C:\Windows\System\UIuQsBq.exe
  C:\Windows\System\UIuQsBq.exe
  2⤵
  PID:5704
- C:\Windows\System\mqXYCLZ.exe
  C:\Windows\System\mqXYCLZ.exe
  2⤵
  PID:5724
- C:\Windows\System\hkFgXBV.exe
  C:\Windows\System\hkFgXBV.exe
  2⤵
  PID:5744
- C:\Windows\System\OhmCDot.exe
  C:\Windows\System\OhmCDot.exe
  2⤵
  PID:5768
- C:\Windows\System\xYrElfS.exe
  C:\Windows\System\xYrElfS.exe
  2⤵
  PID:5784
- C:\Windows\System\lXTQulY.exe
  C:\Windows\System\lXTQulY.exe
  2⤵
  PID:5800
- C:\Windows\System\lfHOGCw.exe
  C:\Windows\System\lfHOGCw.exe
  2⤵
  PID:5820
- C:\Windows\System\FVvWGmy.exe
  C:\Windows\System\FVvWGmy.exe
  2⤵
  PID:5856
- C:\Windows\System\vMUsezh.exe
  C:\Windows\System\vMUsezh.exe
  2⤵
  PID:5872
- C:\Windows\System\OtUVDJe.exe
  C:\Windows\System\OtUVDJe.exe
  2⤵
  PID:5888
- C:\Windows\System\QheIoUQ.exe
  C:\Windows\System\QheIoUQ.exe
  2⤵
  PID:5904
- C:\Windows\System\eLeQXAw.exe
  C:\Windows\System\eLeQXAw.exe
  2⤵
  PID:5920
- C:\Windows\System\rfEgAKF.exe
  C:\Windows\System\rfEgAKF.exe
  2⤵
  PID:5936
- C:\Windows\System\lMuOsqE.exe
  C:\Windows\System\lMuOsqE.exe
  2⤵
  PID:5960
- C:\Windows\System\DQfdIDD.exe
  C:\Windows\System\DQfdIDD.exe
  2⤵
  PID:5976
- C:\Windows\System\CKiYiVO.exe
  C:\Windows\System\CKiYiVO.exe
  2⤵
  PID:5992
- C:\Windows\System\icQHozW.exe
  C:\Windows\System\icQHozW.exe
  2⤵
  PID:6016
- C:\Windows\System\BQRjwIK.exe
  C:\Windows\System\BQRjwIK.exe
  2⤵
  PID:6040
- C:\Windows\System\LLOCWIj.exe
  C:\Windows\System\LLOCWIj.exe
  2⤵
  PID:6056
- C:\Windows\System\AQthJLR.exe
  C:\Windows\System\AQthJLR.exe
  2⤵
  PID:6072
- C:\Windows\System\tPOpPkg.exe
  C:\Windows\System\tPOpPkg.exe
  2⤵
  PID:6100
- C:\Windows\System\zwaWowg.exe
  C:\Windows\System\zwaWowg.exe
  2⤵
  PID:6116
- C:\Windows\System\TWcTpuJ.exe
  C:\Windows\System\TWcTpuJ.exe
  2⤵
  PID:6136
- C:\Windows\System\OUYsePs.exe
  C:\Windows\System\OUYsePs.exe
  2⤵
  PID:4912
- C:\Windows\System\dBhrufF.exe
  C:\Windows\System\dBhrufF.exe
  2⤵
  PID:5160
- C:\Windows\System\ddPPOTd.exe
  C:\Windows\System\ddPPOTd.exe
  2⤵
  PID:5176
- C:\Windows\System\FrVUoso.exe
  C:\Windows\System\FrVUoso.exe
  2⤵
  PID:5220
- C:\Windows\System\UmUwfkR.exe
  C:\Windows\System\UmUwfkR.exe
  2⤵
  PID:5208
- C:\Windows\System\WSXfjag.exe
  C:\Windows\System\WSXfjag.exe
  2⤵
  PID:5256
- C:\Windows\System\raTmunu.exe
  C:\Windows\System\raTmunu.exe
  2⤵
  PID:5272
- C:\Windows\System\jRKmSCP.exe
  C:\Windows\System\jRKmSCP.exe
  2⤵
  PID:5348
- C:\Windows\System\EdIlyfM.exe
  C:\Windows\System\EdIlyfM.exe
  2⤵
  PID:5392
- C:\Windows\System\avQgATM.exe
  C:\Windows\System\avQgATM.exe
  2⤵
  PID:5420
- C:\Windows\System\hXLDaBy.exe
  C:\Windows\System\hXLDaBy.exe
  2⤵
  PID:5464
- C:\Windows\System\XmTXzfH.exe
  C:\Windows\System\XmTXzfH.exe
  2⤵
  PID:5528
- C:\Windows\System\IYJQIeZ.exe
  C:\Windows\System\IYJQIeZ.exe
  2⤵
  PID:5408
- C:\Windows\System\ozEkLJb.exe
  C:\Windows\System\ozEkLJb.exe
  2⤵
  PID:5532
- C:\Windows\System\hlHLHlN.exe
  C:\Windows\System\hlHLHlN.exe
  2⤵
  PID:5592
- C:\Windows\System\onGKVST.exe
  C:\Windows\System\onGKVST.exe
  2⤵
  PID:5660
- C:\Windows\System\DgcSCUG.exe
  C:\Windows\System\DgcSCUG.exe
  2⤵
  PID:5700
- C:\Windows\System\qPOrIcF.exe
  C:\Windows\System\qPOrIcF.exe
  2⤵
  PID:5716
- C:\Windows\System\HKxUKsL.exe
  C:\Windows\System\HKxUKsL.exe
  2⤵
  PID:5648
- C:\Windows\System\LVGOqYi.exe
  C:\Windows\System\LVGOqYi.exe
  2⤵
  PID:5608
- C:\Windows\System\kXOQIaZ.exe
  C:\Windows\System\kXOQIaZ.exe
  2⤵
  PID:5812
- C:\Windows\System\LvXdkAc.exe
  C:\Windows\System\LvXdkAc.exe
  2⤵
  PID:5896
- C:\Windows\System\rguewBW.exe
  C:\Windows\System\rguewBW.exe
  2⤵
  PID:5764
- C:\Windows\System\aRhqlNq.exe
  C:\Windows\System\aRhqlNq.exe
  2⤵
  PID:6000
- C:\Windows\System\rCErYRu.exe
  C:\Windows\System\rCErYRu.exe
  2⤵
  PID:6048
- C:\Windows\System\ORjOLDg.exe
  C:\Windows\System\ORjOLDg.exe
  2⤵
  PID:5988
- C:\Windows\System\OaeTGKt.exe
  C:\Windows\System\OaeTGKt.exe
  2⤵
  PID:6036
- C:\Windows\System\ClNLTtR.exe
  C:\Windows\System\ClNLTtR.exe
  2⤵
  PID:5840
- C:\Windows\System\xvIshkn.exe
  C:\Windows\System\xvIshkn.exe
  2⤵
  PID:6108
- C:\Windows\System\uEyvfkb.exe
  C:\Windows\System\uEyvfkb.exe
  2⤵
  PID:6128
- C:\Windows\System\bVtyuEv.exe
  C:\Windows\System\bVtyuEv.exe
  2⤵
  PID:4972
- C:\Windows\System\BXVCwQp.exe
  C:\Windows\System\BXVCwQp.exe
  2⤵
  PID:5152
- C:\Windows\System\cHjDWos.exe
  C:\Windows\System\cHjDWos.exe
  2⤵
  PID:5228
- C:\Windows\System\aNlJHIN.exe
  C:\Windows\System\aNlJHIN.exe
  2⤵
  PID:4520
- C:\Windows\System\plNZAGl.exe
  C:\Windows\System\plNZAGl.exe
  2⤵
  PID:5200
- C:\Windows\System\bvGeyVG.exe
  C:\Windows\System\bvGeyVG.exe
  2⤵
  PID:5316
- C:\Windows\System\wUUIvoc.exe
  C:\Windows\System\wUUIvoc.exe
  2⤵
  PID:5492
- C:\Windows\System\aFQSsWj.exe
  C:\Windows\System\aFQSsWj.exe
  2⤵
  PID:5552
- C:\Windows\System\rjtYMiB.exe
  C:\Windows\System\rjtYMiB.exe
  2⤵
  PID:5376
- C:\Windows\System\DTFtrkJ.exe
  C:\Windows\System\DTFtrkJ.exe
  2⤵
  PID:5512
- C:\Windows\System\oonzKPL.exe
  C:\Windows\System\oonzKPL.exe
  2⤵
  PID:5456
- C:\Windows\System\FQTrjcD.exe
  C:\Windows\System\FQTrjcD.exe
  2⤵
  PID:5356
- C:\Windows\System\dPscQNI.exe
  C:\Windows\System\dPscQNI.exe
  2⤵
  PID:5644
- C:\Windows\System\pLzlzyb.exe
  C:\Windows\System\pLzlzyb.exe
  2⤵
  PID:5680
- C:\Windows\System\lSYkohv.exe
  C:\Windows\System\lSYkohv.exe
  2⤵
  PID:5864
- C:\Windows\System\QrRNqsY.exe
  C:\Windows\System\QrRNqsY.exe
  2⤵
  PID:5944
- C:\Windows\System\qDKtOim.exe
  C:\Windows\System\qDKtOim.exe
  2⤵
  PID:6032
- C:\Windows\System\EtGLmQL.exe
  C:\Windows\System\EtGLmQL.exe
  2⤵
  PID:5844
- C:\Windows\System\yqpczML.exe
  C:\Windows\System\yqpczML.exe
  2⤵
  PID:5912
- C:\Windows\System\bYCbZei.exe
  C:\Windows\System\bYCbZei.exe
  2⤵
  PID:5792
- C:\Windows\System\ynpClyX.exe
  C:\Windows\System\ynpClyX.exe
  2⤵
  PID:6124
- C:\Windows\System\otzjvZz.exe
  C:\Windows\System\otzjvZz.exe
  2⤵
  PID:4204
- C:\Windows\System\jWTyrZk.exe
  C:\Windows\System\jWTyrZk.exe
  2⤵
  PID:5300
- C:\Windows\System\YXLnTAE.exe
  C:\Windows\System\YXLnTAE.exe
  2⤵
  PID:5336
- C:\Windows\System\zerLiYi.exe
  C:\Windows\System\zerLiYi.exe
  2⤵
  PID:5480
- C:\Windows\System\mAUiGHK.exe
  C:\Windows\System\mAUiGHK.exe
  2⤵
  PID:5188
- C:\Windows\System\xYSnKya.exe
  C:\Windows\System\xYSnKya.exe
  2⤵
  PID:5580
- C:\Windows\System\tCJvODx.exe
  C:\Windows\System\tCJvODx.exe
  2⤵
  PID:5628
- C:\Windows\System\jmcCBxL.exe
  C:\Windows\System\jmcCBxL.exe
  2⤵
  PID:5712
- C:\Windows\System\qTeOhdo.exe
  C:\Windows\System\qTeOhdo.exe
  2⤵
  PID:5968
- C:\Windows\System\YfMTktB.exe
  C:\Windows\System\YfMTktB.exe
  2⤵
  PID:5836
- C:\Windows\System\aasAaMQ.exe
  C:\Windows\System\aasAaMQ.exe
  2⤵
  PID:6008
- C:\Windows\System\aeSXjig.exe
  C:\Windows\System\aeSXjig.exe
  2⤵
  PID:5292
- C:\Windows\System\nlmTLNM.exe
  C:\Windows\System\nlmTLNM.exe
  2⤵
  PID:6096
- C:\Windows\System\TUFebmo.exe
  C:\Windows\System\TUFebmo.exe
  2⤵
  PID:5296
- C:\Windows\System\ARRUlgR.exe
  C:\Windows\System\ARRUlgR.exe
  2⤵
  PID:5172
- C:\Windows\System\sszsntp.exe
  C:\Windows\System\sszsntp.exe
  2⤵
  PID:5692
- C:\Windows\System\aeGJdDw.exe
  C:\Windows\System\aeGJdDw.exe
  2⤵
  PID:5756
- C:\Windows\System\lWmeAiO.exe
  C:\Windows\System\lWmeAiO.exe
  2⤵
  PID:5760
- C:\Windows\System\SSMhejJ.exe
  C:\Windows\System\SSMhejJ.exe
  2⤵
  PID:6004
- C:\Windows\System\kHuRPPP.exe
  C:\Windows\System\kHuRPPP.exe
  2⤵
  PID:5808
- C:\Windows\System\yZaGEoa.exe
  C:\Windows\System\yZaGEoa.exe
  2⤵
  PID:5320
- C:\Windows\System\mEzNRho.exe
  C:\Windows\System\mEzNRho.exe
  2⤵
  PID:5372
- C:\Windows\System\YVlfmJT.exe
  C:\Windows\System\YVlfmJT.exe
  2⤵
  PID:1932
- C:\Windows\System\HENjkLD.exe
  C:\Windows\System\HENjkLD.exe
  2⤵
  PID:5184
- C:\Windows\System\nleIjVD.exe
  C:\Windows\System\nleIjVD.exe
  2⤵
  PID:6160
- C:\Windows\System\cYURPqJ.exe
  C:\Windows\System\cYURPqJ.exe
  2⤵
  PID:6176
- C:\Windows\System\wzxiGBW.exe
  C:\Windows\System\wzxiGBW.exe
  2⤵
  PID:6192
- C:\Windows\System\czRKjis.exe
  C:\Windows\System\czRKjis.exe
  2⤵
  PID:6220
- C:\Windows\System\yVHcSnR.exe
  C:\Windows\System\yVHcSnR.exe
  2⤵
  PID:6240
- C:\Windows\System\mYnsCqF.exe
  C:\Windows\System\mYnsCqF.exe
  2⤵
  PID:6260
- C:\Windows\System\ePSAcRF.exe
  C:\Windows\System\ePSAcRF.exe
  2⤵
  PID:6280
- C:\Windows\System\jFhHSwE.exe
  C:\Windows\System\jFhHSwE.exe
  2⤵
  PID:6296
- C:\Windows\System\HKKfuYm.exe
  C:\Windows\System\HKKfuYm.exe
  2⤵
  PID:6312
- C:\Windows\System\cHGPYBV.exe
  C:\Windows\System\cHGPYBV.exe
  2⤵
  PID:6348
- C:\Windows\System\zuAHYip.exe
  C:\Windows\System\zuAHYip.exe
  2⤵
  PID:6388
- C:\Windows\System\VudsPpQ.exe
  C:\Windows\System\VudsPpQ.exe
  2⤵
  PID:6416
- C:\Windows\System\bDDSlpz.exe
  C:\Windows\System\bDDSlpz.exe
  2⤵
  PID:6432
- C:\Windows\System\HJkJNxv.exe
  C:\Windows\System\HJkJNxv.exe
  2⤵
  PID:6452
- C:\Windows\System\umhasCU.exe
  C:\Windows\System\umhasCU.exe
  2⤵
  PID:6468
- C:\Windows\System\bgmCXwE.exe
  C:\Windows\System\bgmCXwE.exe
  2⤵
  PID:6488
- C:\Windows\System\oYrHtHQ.exe
  C:\Windows\System\oYrHtHQ.exe
  2⤵
  PID:6512
- C:\Windows\System\XpoxAlw.exe
  C:\Windows\System\XpoxAlw.exe
  2⤵
  PID:6532
- C:\Windows\System\jFjrIyL.exe
  C:\Windows\System\jFjrIyL.exe
  2⤵
  PID:6548
- C:\Windows\System\MNttkFc.exe
  C:\Windows\System\MNttkFc.exe
  2⤵
  PID:6572
- C:\Windows\System\siLXbkn.exe
  C:\Windows\System\siLXbkn.exe
  2⤵
  PID:6588
- C:\Windows\System\ACeiAQD.exe
  C:\Windows\System\ACeiAQD.exe
  2⤵
  PID:6604
- C:\Windows\System\JxTPyWY.exe
  C:\Windows\System\JxTPyWY.exe
  2⤵
  PID:6628
- C:\Windows\System\oiokcKN.exe
  C:\Windows\System\oiokcKN.exe
  2⤵
  PID:6648
- C:\Windows\System\QnHRADe.exe
  C:\Windows\System\QnHRADe.exe
  2⤵
  PID:6664
- C:\Windows\System\tYsKFbI.exe
  C:\Windows\System\tYsKFbI.exe
  2⤵
  PID:6684
- C:\Windows\System\FFrjHbe.exe
  C:\Windows\System\FFrjHbe.exe
  2⤵
  PID:6712
- C:\Windows\System\cUasiri.exe
  C:\Windows\System\cUasiri.exe
  2⤵
  PID:6728
- C:\Windows\System\MlNwsWN.exe
  C:\Windows\System\MlNwsWN.exe
  2⤵
  PID:6744
- C:\Windows\System\fNVBPnH.exe
  C:\Windows\System\fNVBPnH.exe
  2⤵
  PID:6768
- C:\Windows\System\JgIlfeH.exe
  C:\Windows\System\JgIlfeH.exe
  2⤵
  PID:6784
- C:\Windows\System\eEoshYb.exe
  C:\Windows\System\eEoshYb.exe
  2⤵
  PID:6804
- C:\Windows\System\YYIKalC.exe
  C:\Windows\System\YYIKalC.exe
  2⤵
  PID:6824
- C:\Windows\System\KZuEydl.exe
  C:\Windows\System\KZuEydl.exe
  2⤵
  PID:6844
- C:\Windows\System\ZCthvrM.exe
  C:\Windows\System\ZCthvrM.exe
  2⤵
  PID:6872
- C:\Windows\System\jkpzxyn.exe
  C:\Windows\System\jkpzxyn.exe
  2⤵
  PID:6888
- C:\Windows\System\qvpyIaw.exe
  C:\Windows\System\qvpyIaw.exe
  2⤵
  PID:6904
- C:\Windows\System\wKWiDPA.exe
  C:\Windows\System\wKWiDPA.exe
  2⤵
  PID:6920
- C:\Windows\System\HdgpaYl.exe
  C:\Windows\System\HdgpaYl.exe
  2⤵
  PID:6940
- C:\Windows\System\mUAoCdQ.exe
  C:\Windows\System\mUAoCdQ.exe
  2⤵
  PID:6960
- C:\Windows\System\snWmhLi.exe
  C:\Windows\System\snWmhLi.exe
  2⤵
  PID:6976
- C:\Windows\System\TSWmsSf.exe
  C:\Windows\System\TSWmsSf.exe
  2⤵
  PID:6992
- C:\Windows\System\seBhbmg.exe
  C:\Windows\System\seBhbmg.exe
  2⤵
  PID:7008
- C:\Windows\System\NsUuaWs.exe
  C:\Windows\System\NsUuaWs.exe
  2⤵
  PID:7024
- C:\Windows\System\RsauVic.exe
  C:\Windows\System\RsauVic.exe
  2⤵
  PID:7040
- C:\Windows\System\SdZPhRA.exe
  C:\Windows\System\SdZPhRA.exe
  2⤵
  PID:7056
- C:\Windows\System\jdTaBme.exe
  C:\Windows\System\jdTaBme.exe
  2⤵
  PID:7072
- C:\Windows\System\uYqxpIo.exe
  C:\Windows\System\uYqxpIo.exe
  2⤵
  PID:7096
- C:\Windows\System\vZNiHfB.exe
  C:\Windows\System\vZNiHfB.exe
  2⤵
  PID:7112
- C:\Windows\System\bckPheU.exe
  C:\Windows\System\bckPheU.exe
  2⤵
  PID:7128
- C:\Windows\System\QYhyVUE.exe
  C:\Windows\System\QYhyVUE.exe
  2⤵
  PID:7164
- C:\Windows\System\tRGqcDC.exe
  C:\Windows\System\tRGqcDC.exe
  2⤵
  PID:6184
- C:\Windows\System\OwahbeG.exe
  C:\Windows\System\OwahbeG.exe
  2⤵
  PID:6236
- C:\Windows\System\WXCtwiW.exe
  C:\Windows\System\WXCtwiW.exe
  2⤵
  PID:6208
- C:\Windows\System\iZhstUL.exe
  C:\Windows\System\iZhstUL.exe
  2⤵
  PID:6256
- C:\Windows\System\ciZKpEF.exe
  C:\Windows\System\ciZKpEF.exe
  2⤵
  PID:5736
- C:\Windows\System\sUKuZEE.exe
  C:\Windows\System\sUKuZEE.exe
  2⤵
  PID:5916
- C:\Windows\System\WzNtCDK.exe
  C:\Windows\System\WzNtCDK.exe
  2⤵
  PID:6368
- C:\Windows\System\jGsScsv.exe
  C:\Windows\System\jGsScsv.exe
  2⤵
  PID:6340
- C:\Windows\System\YZlyuiD.exe
  C:\Windows\System\YZlyuiD.exe
  2⤵
  PID:6396
- C:\Windows\System\ltLcQaL.exe
  C:\Windows\System\ltLcQaL.exe
  2⤵
  PID:6400
- C:\Windows\System\KXIAoEg.exe
  C:\Windows\System\KXIAoEg.exe
  2⤵
  PID:6464
- C:\Windows\System\SAmsuPk.exe
  C:\Windows\System\SAmsuPk.exe
  2⤵
  PID:6448
- C:\Windows\System\KUnPlTR.exe
  C:\Windows\System\KUnPlTR.exe
  2⤵
  PID:6504
- C:\Windows\System\kmRtmwV.exe
  C:\Windows\System\kmRtmwV.exe
  2⤵
  PID:6580
- C:\Windows\System\gZrcgyv.exe
  C:\Windows\System\gZrcgyv.exe
  2⤵
  PID:6616
- C:\Windows\System\yfUtNqR.exe
  C:\Windows\System\yfUtNqR.exe
  2⤵
  PID:6564
- C:\Windows\System\DmlcwSa.exe
  C:\Windows\System\DmlcwSa.exe
  2⤵
  PID:6708
- C:\Windows\System\kYAEFad.exe
  C:\Windows\System\kYAEFad.exe
  2⤵
  PID:6736
- C:\Windows\System\AstqSaY.exe
  C:\Windows\System\AstqSaY.exe
  2⤵
  PID:6780
- C:\Windows\System\WdXXuFE.exe
  C:\Windows\System\WdXXuFE.exe
  2⤵
  PID:6756
- C:\Windows\System\pPcbCVK.exe
  C:\Windows\System\pPcbCVK.exe
  2⤵
  PID:6832
- C:\Windows\System\AOkwKBV.exe
  C:\Windows\System\AOkwKBV.exe
  2⤵
  PID:6760
- C:\Windows\System\vLLJWIr.exe
  C:\Windows\System\vLLJWIr.exe
  2⤵
  PID:6860
- C:\Windows\System\tRzNfhL.exe
  C:\Windows\System\tRzNfhL.exe
  2⤵
  PID:6900
- C:\Windows\System\nNBBPAV.exe
  C:\Windows\System\nNBBPAV.exe
  2⤵
  PID:6972
- C:\Windows\System\byVhfTu.exe
  C:\Windows\System\byVhfTu.exe
  2⤵
  PID:6912
- C:\Windows\System\JMOelyN.exe
  C:\Windows\System\JMOelyN.exe
  2⤵
  PID:7080
- C:\Windows\System\SHrDOwP.exe
  C:\Windows\System\SHrDOwP.exe
  2⤵
  PID:7064
- C:\Windows\System\Nlgtzzs.exe
  C:\Windows\System\Nlgtzzs.exe
  2⤵
  PID:7124
- C:\Windows\System\EurfXJT.exe
  C:\Windows\System\EurfXJT.exe
  2⤵
  PID:6956
- C:\Windows\System\UgIVnOY.exe
  C:\Windows\System\UgIVnOY.exe
  2⤵
  PID:7140
- C:\Windows\System\SUDYwKY.exe
  C:\Windows\System\SUDYwKY.exe
  2⤵
  PID:6092
- C:\Windows\System\BrJDjSc.exe
  C:\Windows\System\BrJDjSc.exe
  2⤵
  PID:5476
- C:\Windows\System\fXoqjDp.exe
  C:\Windows\System\fXoqjDp.exe
  2⤵
  PID:6152
- C:\Windows\System\mJwFhUr.exe
  C:\Windows\System\mJwFhUr.exe
  2⤵
  PID:6304
- C:\Windows\System\cOqbLIK.exe
  C:\Windows\System\cOqbLIK.exe
  2⤵
  PID:6324
- C:\Windows\System\hCxonkx.exe
  C:\Windows\System\hCxonkx.exe
  2⤵
  PID:6360
- C:\Windows\System\rXWYKOz.exe
  C:\Windows\System\rXWYKOz.exe
  2⤵
  PID:6172
- C:\Windows\System\KCxvkpI.exe
  C:\Windows\System\KCxvkpI.exe
  2⤵
  PID:6336
- C:\Windows\System\FwcZxte.exe
  C:\Windows\System\FwcZxte.exe
  2⤵
  PID:6440
- C:\Windows\System\ELwOiMl.exe
  C:\Windows\System\ELwOiMl.exe
  2⤵
  PID:6692
- C:\Windows\System\cwCOHvY.exe
  C:\Windows\System\cwCOHvY.exe
  2⤵
  PID:6700
- C:\Windows\System\YZVDElo.exe
  C:\Windows\System\YZVDElo.exe
  2⤵
  PID:6540
- C:\Windows\System\YSFtWfm.exe
  C:\Windows\System\YSFtWfm.exe
  2⤵
  PID:6704
- C:\Windows\System\dPmEOZD.exe
  C:\Windows\System\dPmEOZD.exe
  2⤵
  PID:6764
- C:\Windows\System\YtITdEm.exe
  C:\Windows\System\YtITdEm.exe
  2⤵
  PID:6800
- C:\Windows\System\AclFmpk.exe
  C:\Windows\System\AclFmpk.exe
  2⤵
  PID:7020
- C:\Windows\System\LDDOfSf.exe
  C:\Windows\System\LDDOfSf.exe
  2⤵
  PID:7104
- C:\Windows\System\AKxoplq.exe
  C:\Windows\System\AKxoplq.exe
  2⤵
  PID:6868
- C:\Windows\System\jLdPAHw.exe
  C:\Windows\System\jLdPAHw.exe
  2⤵
  PID:5388
- C:\Windows\System\EatULjS.exe
  C:\Windows\System\EatULjS.exe
  2⤵
  PID:7088
- C:\Windows\System\SwThQCg.exe
  C:\Windows\System\SwThQCg.exe
  2⤵
  PID:7036
- C:\Windows\System\JTydYVa.exe
  C:\Windows\System\JTydYVa.exe
  2⤵
  PID:6584
- C:\Windows\System\rVQBSjW.exe
  C:\Windows\System\rVQBSjW.exe
  2⤵
  PID:6984
- C:\Windows\System\GWhMSaB.exe
  C:\Windows\System\GWhMSaB.exe
  2⤵
  PID:6988
- C:\Windows\System\IsyMKlE.exe
  C:\Windows\System\IsyMKlE.exe
  2⤵
  PID:6724
- C:\Windows\System\GgqIems.exe
  C:\Windows\System\GgqIems.exe
  2⤵
  PID:6288
- C:\Windows\System\HZYsqsl.exe
  C:\Windows\System\HZYsqsl.exe
  2⤵
  PID:2760
- C:\Windows\System\YFanrVq.exe
  C:\Windows\System\YFanrVq.exe
  2⤵
  PID:7136
- C:\Windows\System\EdKeiob.exe
  C:\Windows\System\EdKeiob.exe
  2⤵
  PID:5576
- C:\Windows\System\vYeUxna.exe
  C:\Windows\System\vYeUxna.exe
  2⤵
  PID:6544
- C:\Windows\System\hbWGZaT.exe
  C:\Windows\System\hbWGZaT.exe
  2⤵
  PID:7052
- C:\Windows\System\LVIOfCJ.exe
  C:\Windows\System\LVIOfCJ.exe
  2⤵
  PID:7016
- C:\Windows\System\URAxreV.exe
  C:\Windows\System\URAxreV.exe
  2⤵
  PID:6880
- C:\Windows\System\LFjHmXL.exe
  C:\Windows\System\LFjHmXL.exe
  2⤵
  PID:6656
- C:\Windows\System\QRqSQPb.exe
  C:\Windows\System\QRqSQPb.exe
  2⤵
  PID:7152
- C:\Windows\System\qZlYpTT.exe
  C:\Windows\System\qZlYpTT.exe
  2⤵
  PID:6816
- C:\Windows\System\tTmKGzA.exe
  C:\Windows\System\tTmKGzA.exe
  2⤵
  PID:6252
- C:\Windows\System\eYRrCBe.exe
  C:\Windows\System\eYRrCBe.exe
  2⤵
  PID:6640
- C:\Windows\System\blBzguJ.exe
  C:\Windows\System\blBzguJ.exe
  2⤵
  PID:5368
- C:\Windows\System\CpkbmeV.exe
  C:\Windows\System\CpkbmeV.exe
  2⤵
  PID:6480
- C:\Windows\System\LlCwOzt.exe
  C:\Windows\System\LlCwOzt.exe
  2⤵
  PID:6376
- C:\Windows\System\JYRNaBu.exe
  C:\Windows\System\JYRNaBu.exe
  2⤵
  PID:6276
- C:\Windows\System\bPsFZjf.exe
  C:\Windows\System\bPsFZjf.exe
  2⤵
  PID:7004
- C:\Windows\System\gdsgPsW.exe
  C:\Windows\System\gdsgPsW.exe
  2⤵
  PID:6272
- C:\Windows\System\UJsnbsY.exe
  C:\Windows\System\UJsnbsY.exe
  2⤵
  PID:7184
- C:\Windows\System\oPunCwf.exe
  C:\Windows\System\oPunCwf.exe
  2⤵
  PID:7200
- C:\Windows\System\XGWuFcP.exe
  C:\Windows\System\XGWuFcP.exe
  2⤵
  PID:7216
- C:\Windows\System\njWJzxA.exe
  C:\Windows\System\njWJzxA.exe
  2⤵
  PID:7232
- C:\Windows\System\JmGAboO.exe
  C:\Windows\System\JmGAboO.exe
  2⤵
  PID:7248
- C:\Windows\System\JvZDrZv.exe
  C:\Windows\System\JvZDrZv.exe
  2⤵
  PID:7268
- C:\Windows\System\dIHmaMF.exe
  C:\Windows\System\dIHmaMF.exe
  2⤵
  PID:7284
- C:\Windows\System\uLaEKiA.exe
  C:\Windows\System\uLaEKiA.exe
  2⤵
  PID:7300
- C:\Windows\System\lZEklcR.exe
  C:\Windows\System\lZEklcR.exe
  2⤵
  PID:7316
- C:\Windows\System\kotKZUs.exe
  C:\Windows\System\kotKZUs.exe
  2⤵
  PID:7332
- C:\Windows\System\HNxpujy.exe
  C:\Windows\System\HNxpujy.exe
  2⤵
  PID:7352
- C:\Windows\System\TAoUllc.exe
  C:\Windows\System\TAoUllc.exe
  2⤵
  PID:7372
- C:\Windows\System\lWdEqBi.exe
  C:\Windows\System\lWdEqBi.exe
  2⤵
  PID:7388
- C:\Windows\System\YlBvhqE.exe
  C:\Windows\System\YlBvhqE.exe
  2⤵
  PID:7404
- C:\Windows\System\gCzuzNc.exe
  C:\Windows\System\gCzuzNc.exe
  2⤵
  PID:7420
- C:\Windows\System\cFKEmtH.exe
  C:\Windows\System\cFKEmtH.exe
  2⤵
  PID:7436
- C:\Windows\System\tyGXlSh.exe
  C:\Windows\System\tyGXlSh.exe
  2⤵
  PID:7452
- C:\Windows\System\RlOAbwI.exe
  C:\Windows\System\RlOAbwI.exe
  2⤵
  PID:7468
- C:\Windows\System\VrebZoL.exe
  C:\Windows\System\VrebZoL.exe
  2⤵
  PID:7484
- C:\Windows\System\CoJiotX.exe
  C:\Windows\System\CoJiotX.exe
  2⤵
  PID:7500
- C:\Windows\System\bXOJEyx.exe
  C:\Windows\System\bXOJEyx.exe
  2⤵
  PID:7516
- C:\Windows\System\NGqTEyW.exe
  C:\Windows\System\NGqTEyW.exe
  2⤵
  PID:7532
- C:\Windows\System\hILIFBt.exe
  C:\Windows\System\hILIFBt.exe
  2⤵
  PID:7556
- C:\Windows\System\NHIodqb.exe
  C:\Windows\System\NHIodqb.exe
  2⤵
  PID:7572
- C:\Windows\System\yVleaRe.exe
  C:\Windows\System\yVleaRe.exe
  2⤵
  PID:7588
- C:\Windows\System\ARdHyrv.exe
  C:\Windows\System\ARdHyrv.exe
  2⤵
  PID:7604
- C:\Windows\System\syQTLbE.exe
  C:\Windows\System\syQTLbE.exe
  2⤵
  PID:7620
- C:\Windows\System\CoHaUKJ.exe
  C:\Windows\System\CoHaUKJ.exe
  2⤵
  PID:7640
- C:\Windows\System\PbvGLtT.exe
  C:\Windows\System\PbvGLtT.exe
  2⤵
  PID:7656
- C:\Windows\System\waqmrwj.exe
  C:\Windows\System\waqmrwj.exe
  2⤵
  PID:7672
- C:\Windows\System\UJYtHwJ.exe
  C:\Windows\System\UJYtHwJ.exe
  2⤵
  PID:7688
- C:\Windows\System\vtlUAfm.exe
  C:\Windows\System\vtlUAfm.exe
  2⤵
  PID:7704
- C:\Windows\System\gJLgqQL.exe
  C:\Windows\System\gJLgqQL.exe
  2⤵
  PID:7720
- C:\Windows\System\tiHEDGc.exe
  C:\Windows\System\tiHEDGc.exe
  2⤵
  PID:7740
- C:\Windows\System\FtzlQJi.exe
  C:\Windows\System\FtzlQJi.exe
  2⤵
  PID:7756
- C:\Windows\System\JxNpEba.exe
  C:\Windows\System\JxNpEba.exe
  2⤵
  PID:7772
- C:\Windows\System\TfwjzjA.exe
  C:\Windows\System\TfwjzjA.exe
  2⤵
  PID:7788
- C:\Windows\System\ANhafos.exe
  C:\Windows\System\ANhafos.exe
  2⤵
  PID:7804
- C:\Windows\System\FHJyKDj.exe
  C:\Windows\System\FHJyKDj.exe
  2⤵
  PID:7824
- C:\Windows\System\acfKfww.exe
  C:\Windows\System\acfKfww.exe
  2⤵
  PID:7840
- C:\Windows\System\ZUGIsCU.exe
  C:\Windows\System\ZUGIsCU.exe
  2⤵
  PID:7856
- C:\Windows\System\RWrTwSg.exe
  C:\Windows\System\RWrTwSg.exe
  2⤵
  PID:7876
- C:\Windows\System\TptYAPb.exe
  C:\Windows\System\TptYAPb.exe
  2⤵
  PID:7892
- C:\Windows\System\FsdBelx.exe
  C:\Windows\System\FsdBelx.exe
  2⤵
  PID:7908
- C:\Windows\System\HBlmIuF.exe
  C:\Windows\System\HBlmIuF.exe
  2⤵
  PID:7924
- C:\Windows\System\LBFHtai.exe
  C:\Windows\System\LBFHtai.exe
  2⤵
  PID:7940
- C:\Windows\System\hQLwFFU.exe
  C:\Windows\System\hQLwFFU.exe
  2⤵
  PID:7956
- C:\Windows\System\sAmWpCB.exe
  C:\Windows\System\sAmWpCB.exe
  2⤵
  PID:7972
- C:\Windows\System\RSJxsiK.exe
  C:\Windows\System\RSJxsiK.exe
  2⤵
  PID:7988
- C:\Windows\System\uIVQYkR.exe
  C:\Windows\System\uIVQYkR.exe
  2⤵
  PID:8004
- C:\Windows\System\VEmmPeB.exe
  C:\Windows\System\VEmmPeB.exe
  2⤵
  PID:8020
- C:\Windows\System\lclmvph.exe
  C:\Windows\System\lclmvph.exe
  2⤵
  PID:8036
- C:\Windows\System\VJuAthr.exe
  C:\Windows\System\VJuAthr.exe
  2⤵
  PID:8056
- C:\Windows\System\CiYuSqb.exe
  C:\Windows\System\CiYuSqb.exe
  2⤵
  PID:8072
- C:\Windows\System\WfOYTaW.exe
  C:\Windows\System\WfOYTaW.exe
  2⤵
  PID:8088
- C:\Windows\System\sqyzNFW.exe
  C:\Windows\System\sqyzNFW.exe
  2⤵
  PID:8104
- C:\Windows\System\vqghyBv.exe
  C:\Windows\System\vqghyBv.exe
  2⤵
  PID:8120
- C:\Windows\System\qlxRPaY.exe
  C:\Windows\System\qlxRPaY.exe
  2⤵
  PID:8136
- C:\Windows\System\dyioYVj.exe
  C:\Windows\System\dyioYVj.exe
  2⤵
  PID:8156
- C:\Windows\System\SksfnxF.exe
  C:\Windows\System\SksfnxF.exe
  2⤵
  PID:8180
- C:\Windows\System\QHrRnvc.exe
  C:\Windows\System\QHrRnvc.exe
  2⤵
  PID:7192
- C:\Windows\System\MoySQib.exe
  C:\Windows\System\MoySQib.exe
  2⤵
  PID:7260
- C:\Windows\System\lyCTEbG.exe
  C:\Windows\System\lyCTEbG.exe
  2⤵
  PID:6508
- C:\Windows\System\gmLMxGY.exe
  C:\Windows\System\gmLMxGY.exe
  2⤵
  PID:7328
- C:\Windows\System\BCeEWcH.exe
  C:\Windows\System\BCeEWcH.exe
  2⤵
  PID:7368
- C:\Windows\System\jFFDaHO.exe
  C:\Windows\System\jFFDaHO.exe
  2⤵
  PID:7240
- C:\Windows\System\vOezXKl.exe
  C:\Windows\System\vOezXKl.exe
  2⤵
  PID:7308
- C:\Windows\System\NiekIrb.exe
  C:\Windows\System\NiekIrb.exe
  2⤵
  PID:7428
- C:\Windows\System\aUevJTG.exe
  C:\Windows\System\aUevJTG.exe
  2⤵
  PID:7492
- C:\Windows\System\bkFlAfa.exe
  C:\Windows\System\bkFlAfa.exe
  2⤵
  PID:7564
- C:\Windows\System\idRSMuG.exe
  C:\Windows\System\idRSMuG.exe
  2⤵
  PID:7416
- C:\Windows\System\HxxChIB.exe
  C:\Windows\System\HxxChIB.exe
  2⤵
  PID:7476
- C:\Windows\System\kVNLaaB.exe
  C:\Windows\System\kVNLaaB.exe
  2⤵
  PID:7548
- C:\Windows\System\dFJCPPz.exe
  C:\Windows\System\dFJCPPz.exe
  2⤵
  PID:7636
- C:\Windows\System\EzNeBiH.exe
  C:\Windows\System\EzNeBiH.exe
  2⤵
  PID:7616
- C:\Windows\System\SjSmqWY.exe
  C:\Windows\System\SjSmqWY.exe
  2⤵
  PID:7580
- C:\Windows\System\KbqPMCR.exe
  C:\Windows\System\KbqPMCR.exe
  2⤵
  PID:7728
- C:\Windows\System\YPOwIjq.exe
  C:\Windows\System\YPOwIjq.exe
  2⤵
  PID:7768
- C:\Windows\System\HfKFoFA.exe
  C:\Windows\System\HfKFoFA.exe
  2⤵
  PID:7780
- C:\Windows\System\laOiuku.exe
  C:\Windows\System\laOiuku.exe
  2⤵
  PID:7796
- C:\Windows\System\kVqtivt.exe
  C:\Windows\System\kVqtivt.exe
  2⤵
  PID:7812
- C:\Windows\System\KgSbmhN.exe
  C:\Windows\System\KgSbmhN.exe
  2⤵
  PID:7852
- C:\Windows\System\fsbQipA.exe
  C:\Windows\System\fsbQipA.exe
  2⤵
  PID:7900
- C:\Windows\System\OiOabwc.exe
  C:\Windows\System\OiOabwc.exe
  2⤵
  PID:7936
- C:\Windows\System\ppHuksT.exe
  C:\Windows\System\ppHuksT.exe
  2⤵
  PID:7884
- C:\Windows\System\ROseHUP.exe
  C:\Windows\System\ROseHUP.exe
  2⤵
  PID:7916
- C:\Windows\System\TrqzZrP.exe
  C:\Windows\System\TrqzZrP.exe
  2⤵
  PID:8032
- C:\Windows\System\uQbTCNU.exe
  C:\Windows\System\uQbTCNU.exe
  2⤵
  PID:8016
- C:\Windows\System\LIBvipF.exe
  C:\Windows\System\LIBvipF.exe
  2⤵
  PID:8100
- C:\Windows\System\MLoncmB.exe
  C:\Windows\System\MLoncmB.exe
  2⤵
  PID:8128
- C:\Windows\System\CcgeBgS.exe
  C:\Windows\System\CcgeBgS.exe
  2⤵
  PID:8176
- C:\Windows\System\yUxfHjd.exe
  C:\Windows\System\yUxfHjd.exe
  2⤵
  PID:8188
- C:\Windows\System\ToiMIxQ.exe
  C:\Windows\System\ToiMIxQ.exe
  2⤵
  PID:6212
- C:\Windows\System\wHFUOff.exe
  C:\Windows\System\wHFUOff.exe
  2⤵
  PID:8148
- C:\Windows\System\keezIjl.exe
  C:\Windows\System\keezIjl.exe
  2⤵
  PID:7180
- C:\Windows\System\fPCqszc.exe
  C:\Windows\System\fPCqszc.exe
  2⤵
  PID:7348
- C:\Windows\System\vAiUYjL.exe
  C:\Windows\System\vAiUYjL.exe
  2⤵
  PID:6600
- C:\Windows\System\zELILRd.exe
  C:\Windows\System\zELILRd.exe
  2⤵
  PID:7292
- C:\Windows\System\gwQOGzf.exe
  C:\Windows\System\gwQOGzf.exe
  2⤵
  PID:7280
- C:\Windows\System\BminzcL.exe
  C:\Windows\System\BminzcL.exe
  2⤵
  PID:7600
- C:\Windows\System\pjQUfJJ.exe
  C:\Windows\System\pjQUfJJ.exe
  2⤵
  PID:7628
- C:\Windows\System\nZqDyyB.exe
  C:\Windows\System\nZqDyyB.exe
  2⤵
  PID:7508
- C:\Windows\System\aNuTBOc.exe
  C:\Windows\System\aNuTBOc.exe
  2⤵
  PID:7732
- C:\Windows\System\JOPkqKj.exe
  C:\Windows\System\JOPkqKj.exe
  2⤵
  PID:7648
- C:\Windows\System\wsuImOE.exe
  C:\Windows\System\wsuImOE.exe
  2⤵
  PID:7848
- C:\Windows\System\fwCwVYP.exe
  C:\Windows\System\fwCwVYP.exe
  2⤵
  PID:7832
- C:\Windows\System\UxAbhRs.exe
  C:\Windows\System\UxAbhRs.exe
  2⤵
  PID:7996
- C:\Windows\System\UXBjsXU.exe
  C:\Windows\System\UXBjsXU.exe
  2⤵
  PID:8096
- C:\Windows\System\DxLxzca.exe
  C:\Windows\System\DxLxzca.exe
  2⤵
  PID:8080
- C:\Windows\System\QLYhxVM.exe
  C:\Windows\System\QLYhxVM.exe
  2⤵
  PID:7196
- C:\Windows\System\rcWiRNB.exe
  C:\Windows\System\rcWiRNB.exe
  2⤵
  PID:7952
- C:\Windows\System\avVKrsg.exe
  C:\Windows\System\avVKrsg.exe
  2⤵
  PID:7360
- C:\Windows\System\CwdGsiL.exe
  C:\Windows\System\CwdGsiL.exe
  2⤵
  PID:7212
- C:\Windows\System\uOyPwWd.exe
  C:\Windows\System\uOyPwWd.exe
  2⤵
  PID:7524
- C:\Windows\System\vIBvEbg.exe
  C:\Windows\System\vIBvEbg.exe
  2⤵
  PID:7412
- C:\Windows\System\kMfNxLX.exe
  C:\Windows\System\kMfNxLX.exe
  2⤵
  PID:7716
- C:\Windows\System\ctmDGpd.exe
  C:\Windows\System\ctmDGpd.exe
  2⤵
  PID:7584
- C:\Windows\System\XtCXopx.exe
  C:\Windows\System\XtCXopx.exe
  2⤵
  PID:6204
- C:\Windows\System\kCgxXVM.exe
  C:\Windows\System\kCgxXVM.exe
  2⤵
  PID:8144
- C:\Windows\System\cTCuGBx.exe
  C:\Windows\System\cTCuGBx.exe
  2⤵
  PID:8012
- C:\Windows\System\IyKbLXh.exe
  C:\Windows\System\IyKbLXh.exe
  2⤵
  PID:7340
- C:\Windows\System\PxjGTgS.exe
  C:\Windows\System\PxjGTgS.exe
  2⤵
  PID:8204
- C:\Windows\System\IRCRKFC.exe
  C:\Windows\System\IRCRKFC.exe
  2⤵
  PID:8220
- C:\Windows\System\SEUpnjd.exe
  C:\Windows\System\SEUpnjd.exe
  2⤵
  PID:8236
- C:\Windows\System\iQffRMv.exe
  C:\Windows\System\iQffRMv.exe
  2⤵
  PID:8252
- C:\Windows\System\cWwhkaj.exe
  C:\Windows\System\cWwhkaj.exe
  2⤵
  PID:8268
- C:\Windows\System\WWJMEWf.exe
  C:\Windows\System\WWJMEWf.exe
  2⤵
  PID:8284
- C:\Windows\System\VmQgaYG.exe
  C:\Windows\System\VmQgaYG.exe
  2⤵
  PID:8300
- C:\Windows\System\NwRnmbk.exe
  C:\Windows\System\NwRnmbk.exe
  2⤵
  PID:8316
- C:\Windows\System\sTWAGmC.exe
  C:\Windows\System\sTWAGmC.exe
  2⤵
  PID:8332
- C:\Windows\System\ppgVVkV.exe
  C:\Windows\System\ppgVVkV.exe
  2⤵
  PID:8348
- C:\Windows\System\YOjRece.exe
  C:\Windows\System\YOjRece.exe
  2⤵
  PID:8364
- C:\Windows\System\stOiusE.exe
  C:\Windows\System\stOiusE.exe
  2⤵
  PID:8384
- C:\Windows\System\xrqFCIs.exe
  C:\Windows\System\xrqFCIs.exe
  2⤵
  PID:8400
- C:\Windows\System\nbVokHL.exe
  C:\Windows\System\nbVokHL.exe
  2⤵
  PID:8416
- C:\Windows\System\dLnEUvC.exe
  C:\Windows\System\dLnEUvC.exe
  2⤵
  PID:8432
- C:\Windows\System\SeANcrM.exe
  C:\Windows\System\SeANcrM.exe
  2⤵
  PID:8448
- C:\Windows\System\gBcCCIe.exe
  C:\Windows\System\gBcCCIe.exe
  2⤵
  PID:8464
- C:\Windows\System\qsQfPHA.exe
  C:\Windows\System\qsQfPHA.exe
  2⤵
  PID:8480
- C:\Windows\System\sKxRAiG.exe
  C:\Windows\System\sKxRAiG.exe
  2⤵
  PID:8496
- C:\Windows\System\pjptTIJ.exe
  C:\Windows\System\pjptTIJ.exe
  2⤵
  PID:8512
- C:\Windows\System\xewrlbP.exe
  C:\Windows\System\xewrlbP.exe
  2⤵
  PID:8528
- C:\Windows\System\LFuWfpP.exe
  C:\Windows\System\LFuWfpP.exe
  2⤵
  PID:8544
- C:\Windows\System\vKXAZZa.exe
  C:\Windows\System\vKXAZZa.exe
  2⤵
  PID:8560
- C:\Windows\System\HeaRFvM.exe
  C:\Windows\System\HeaRFvM.exe
  2⤵
  PID:8576
- C:\Windows\System\dqdLVIr.exe
  C:\Windows\System\dqdLVIr.exe
  2⤵
  PID:8592
- C:\Windows\System\ALjgDDO.exe
  C:\Windows\System\ALjgDDO.exe
  2⤵
  PID:8608
- C:\Windows\System\nIwDYyQ.exe
  C:\Windows\System\nIwDYyQ.exe
  2⤵
  PID:8624
- C:\Windows\System\VmfjzWR.exe
  C:\Windows\System\VmfjzWR.exe
  2⤵
  PID:8640
- C:\Windows\System\QDPGoWS.exe
  C:\Windows\System\QDPGoWS.exe
  2⤵
  PID:8656
- C:\Windows\System\BmhxCrE.exe
  C:\Windows\System\BmhxCrE.exe
  2⤵
  PID:8672
- C:\Windows\System\NIEOBJd.exe
  C:\Windows\System\NIEOBJd.exe
  2⤵
  PID:8696
- C:\Windows\System\RNSKUMq.exe
  C:\Windows\System\RNSKUMq.exe
  2⤵
  PID:8720
- C:\Windows\System\iFBrbHL.exe
  C:\Windows\System\iFBrbHL.exe
  2⤵
  PID:8736
- C:\Windows\System\mxjdprF.exe
  C:\Windows\System\mxjdprF.exe
  2⤵
  PID:8756
- C:\Windows\System\uVvOjSo.exe
  C:\Windows\System\uVvOjSo.exe
  2⤵
  PID:8784
- C:\Windows\System\QZieZLm.exe
  C:\Windows\System\QZieZLm.exe
  2⤵
  PID:8800
- C:\Windows\System\DFJJWFr.exe
  C:\Windows\System\DFJJWFr.exe
  2⤵
  PID:8820
- C:\Windows\System\rxxLEuI.exe
  C:\Windows\System\rxxLEuI.exe
  2⤵
  PID:8836
- C:\Windows\System\tlPQkAW.exe
  C:\Windows\System\tlPQkAW.exe
  2⤵
  PID:8852
- C:\Windows\System\JyZSzuB.exe
  C:\Windows\System\JyZSzuB.exe
  2⤵
  PID:8868
- C:\Windows\System\qltVflf.exe
  C:\Windows\System\qltVflf.exe
  2⤵
  PID:8884
- C:\Windows\System\JPjIIqZ.exe
  C:\Windows\System\JPjIIqZ.exe
  2⤵
  PID:8900
- C:\Windows\System\xBrkMxT.exe
  C:\Windows\System\xBrkMxT.exe
  2⤵
  PID:8928
- C:\Windows\System\oKrxGor.exe
  C:\Windows\System\oKrxGor.exe
  2⤵
  PID:8948
- C:\Windows\System\birajmM.exe
  C:\Windows\System\birajmM.exe
  2⤵
  PID:8968
- C:\Windows\System\qUICOcs.exe
  C:\Windows\System\qUICOcs.exe
  2⤵
  PID:8984
- C:\Windows\System\OvaShtf.exe
  C:\Windows\System\OvaShtf.exe
  2⤵
  PID:9000
- C:\Windows\System\uuHWZZS.exe
  C:\Windows\System\uuHWZZS.exe
  2⤵
  PID:9020
- C:\Windows\System\eSoqdbj.exe
  C:\Windows\System\eSoqdbj.exe
  2⤵
  PID:9036
- C:\Windows\System\XgpmBQS.exe
  C:\Windows\System\XgpmBQS.exe
  2⤵
  PID:9052
- C:\Windows\System\ncKgHJO.exe
  C:\Windows\System\ncKgHJO.exe
  2⤵
  PID:9068
- C:\Windows\System\FEogIWs.exe
  C:\Windows\System\FEogIWs.exe
  2⤵
  PID:9084
- C:\Windows\System\cygNneT.exe
  C:\Windows\System\cygNneT.exe
  2⤵
  PID:9100
- C:\Windows\System\sAeCqZm.exe
  C:\Windows\System\sAeCqZm.exe
  2⤵
  PID:9116
- C:\Windows\System\dcOWBDQ.exe
  C:\Windows\System\dcOWBDQ.exe
  2⤵
  PID:9132
- C:\Windows\System\KfJlONr.exe
  C:\Windows\System\KfJlONr.exe
  2⤵
  PID:9148
- C:\Windows\System\oAqvyyh.exe
  C:\Windows\System\oAqvyyh.exe
  2⤵
  PID:9176
- C:\Windows\System\KHentNw.exe
  C:\Windows\System\KHentNw.exe
  2⤵
  PID:9192
- C:\Windows\System\GJFNoth.exe
  C:\Windows\System\GJFNoth.exe
  2⤵
  PID:9212
- C:\Windows\System\xHFCPvE.exe
  C:\Windows\System\xHFCPvE.exe
  2⤵
  PID:7400
- C:\Windows\System\ZUlCnWm.exe
  C:\Windows\System\ZUlCnWm.exe
  2⤵
  PID:8196
- C:\Windows\System\iyOUmno.exe
  C:\Windows\System\iyOUmno.exe
  2⤵
  PID:8292
- C:\Windows\System\xiNSNBB.exe
  C:\Windows\System\xiNSNBB.exe
  2⤵
  PID:7712
- C:\Windows\System\NLNfpzK.exe
  C:\Windows\System\NLNfpzK.exe
  2⤵
  PID:8324
- C:\Windows\System\mEfUncR.exe
  C:\Windows\System\mEfUncR.exe
  2⤵
  PID:7984
- C:\Windows\System\IAMClGV.exe
  C:\Windows\System\IAMClGV.exe
  2⤵
  PID:8408
- C:\Windows\System\tiCerIX.exe
  C:\Windows\System\tiCerIX.exe
  2⤵
  PID:8520
- C:\Windows\System\WwxNtiE.exe
  C:\Windows\System\WwxNtiE.exe
  2⤵
  PID:8880
- C:\Windows\System\vcOnZiq.exe
  C:\Windows\System\vcOnZiq.exe
  2⤵
  PID:8796
- C:\Windows\System\bjMDqMc.exe
  C:\Windows\System\bjMDqMc.exe
  2⤵
  PID:8956
- C:\Windows\System\EdogcnR.exe
  C:\Windows\System\EdogcnR.exe
  2⤵
  PID:3592
- C:\Windows\System\acFNlRU.exe
  C:\Windows\System\acFNlRU.exe
  2⤵
  PID:7612
- C:\Windows\System\qHFQWCG.exe
  C:\Windows\System\qHFQWCG.exe
  2⤵
  PID:8632
- C:\Windows\System\czxbjgs.exe
  C:\Windows\System\czxbjgs.exe
  2⤵
  PID:8776
- C:\Windows\System\WktEyAz.exe
  C:\Windows\System\WktEyAz.exe
  2⤵
  PID:8732
- C:\Windows\System\wlbpbRO.exe
  C:\Windows\System\wlbpbRO.exe
  2⤵
  PID:8808
- C:\Windows\System\WPYDdgx.exe
  C:\Windows\System\WPYDdgx.exe
  2⤵
  PID:8716
- C:\Windows\System\fDJgWSO.exe
  C:\Windows\System\fDJgWSO.exe
  2⤵
  PID:8812
- C:\Windows\System\hnjWvWA.exe
  C:\Windows\System\hnjWvWA.exe
  2⤵
  PID:8860
- C:\Windows\System\UNDwEDB.exe
  C:\Windows\System\UNDwEDB.exe
  2⤵
  PID:8940
- C:\Windows\System\cHRprKy.exe
  C:\Windows\System\cHRprKy.exe
  2⤵
  PID:8980
- C:\Windows\System\epNJaoS.exe
  C:\Windows\System\epNJaoS.exe
  2⤵
  PID:9124
- C:\Windows\System\PPAztoL.exe
  C:\Windows\System\PPAztoL.exe
  2⤵
  PID:9060
- C:\Windows\System\ymTUUnB.exe
  C:\Windows\System\ymTUUnB.exe
  2⤵
  PID:9044
- C:\Windows\System\ZRSosXi.exe
  C:\Windows\System\ZRSosXi.exe
  2⤵
  PID:9112
- C:\Windows\System\upGqDEt.exe
  C:\Windows\System\upGqDEt.exe
  2⤵
  PID:9108
- C:\Windows\System\klQqpHK.exe
  C:\Windows\System\klQqpHK.exe
  2⤵
  PID:7868
- C:\Windows\System\dcPnGSx.exe
  C:\Windows\System\dcPnGSx.exe
  2⤵
  PID:8164
- C:\Windows\System\eMOmwIO.exe
  C:\Windows\System\eMOmwIO.exe
  2⤵
  PID:6968
- C:\Windows\System\qyuhcus.exe
  C:\Windows\System\qyuhcus.exe
  2⤵
  PID:8312
- C:\Windows\System\rUTzqLK.exe
  C:\Windows\System\rUTzqLK.exe
  2⤵
  PID:8440
- C:\Windows\System\LaFQKqB.exe
  C:\Windows\System\LaFQKqB.exe
  2⤵
  PID:8492
- C:\Windows\System\IlmcCId.exe
  C:\Windows\System\IlmcCId.exe
  2⤵
  PID:8524
- C:\Windows\System\ijlZZvc.exe
  C:\Windows\System\ijlZZvc.exe
  2⤵
  PID:8244
- C:\Windows\System\FDsttyD.exe
  C:\Windows\System\FDsttyD.exe
  2⤵
  PID:8396
- C:\Windows\System\pKnvXCq.exe
  C:\Windows\System\pKnvXCq.exe
  2⤵
  PID:8540
- C:\Windows\System\SlJTwVO.exe
  C:\Windows\System\SlJTwVO.exe
  2⤵
  PID:8556
- C:\Windows\System\PKBgZmY.exe
  C:\Windows\System\PKBgZmY.exe
  2⤵
  PID:8620
- C:\Windows\System\pvvUcte.exe
  C:\Windows\System\pvvUcte.exe
  2⤵
  PID:3116
- C:\Windows\System\PcmEuhg.exe
  C:\Windows\System\PcmEuhg.exe
  2⤵
  PID:8572
- C:\Windows\System\SspbEuE.exe
  C:\Windows\System\SspbEuE.exe
  2⤵
  PID:8692
- C:\Windows\System\mQRdJbJ.exe
  C:\Windows\System\mQRdJbJ.exe
  2⤵
  PID:8780
- C:\Windows\System\ReiCbuK.exe
  C:\Windows\System\ReiCbuK.exe
  2⤵
  PID:8964
- C:\Windows\System\LMZzUIm.exe
  C:\Windows\System\LMZzUIm.exe
  2⤵
  PID:8944
- C:\Windows\System\rVSWiGq.exe
  C:\Windows\System\rVSWiGq.exe
  2⤵
  PID:8892
- C:\Windows\System\rsZBBOv.exe
  C:\Windows\System\rsZBBOv.exe
  2⤵
  PID:9140
- C:\Windows\System\RltKPRh.exe
  C:\Windows\System\RltKPRh.exe
  2⤵
  PID:9080
- C:\Windows\System\FPwWlAx.exe
  C:\Windows\System\FPwWlAx.exe
  2⤵
  PID:9188
- C:\Windows\System\CBJXtuu.exe
  C:\Windows\System\CBJXtuu.exe
  2⤵
  PID:3008
- C:\Windows\System\SkvXEhq.exe
  C:\Windows\System\SkvXEhq.exe
  2⤵
  PID:7668
- C:\Windows\System\FLcIXOT.exe
  C:\Windows\System\FLcIXOT.exe
  2⤵
  PID:8048
- C:\Windows\System\cNYbazi.exe
  C:\Windows\System\cNYbazi.exe
  2⤵
  PID:8476
- C:\Windows\System\TiAkRUE.exe
  C:\Windows\System\TiAkRUE.exe
  2⤵
  PID:8276
- C:\Windows\System\IWuaxUZ.exe
  C:\Windows\System\IWuaxUZ.exe
  2⤵
  PID:8508
- C:\Windows\System\RZbHcRa.exe
  C:\Windows\System\RZbHcRa.exe
  2⤵
  PID:8680
- C:\Windows\System\YjbTmGv.exe
  C:\Windows\System\YjbTmGv.exe
  2⤵
  PID:8704
- C:\Windows\System\bbJjXbm.exe
  C:\Windows\System\bbJjXbm.exe
  2⤵
  PID:8848
- C:\Windows\System\duDNCbp.exe
  C:\Windows\System\duDNCbp.exe
  2⤵
  PID:8792
- C:\Windows\System\iFaGePA.exe
  C:\Windows\System\iFaGePA.exe
  2⤵
  PID:9092
- C:\Windows\System\KMLGxYm.exe
  C:\Windows\System\KMLGxYm.exe
  2⤵
  PID:9128
- C:\Windows\System\gthilSt.exe
  C:\Windows\System\gthilSt.exe
  2⤵
  PID:9016
- C:\Windows\System\zZOQJcU.exe
  C:\Windows\System\zZOQJcU.exe
  2⤵
  PID:1344
- C:\Windows\System\UbMsVpg.exe
  C:\Windows\System\UbMsVpg.exe
  2⤵
  PID:628
- C:\Windows\System\jdLlwdv.exe
  C:\Windows\System\jdLlwdv.exe
  2⤵
  PID:8376
- C:\Windows\System\xdksMzm.exe
  C:\Windows\System\xdksMzm.exe
  2⤵
  PID:8356
- C:\Windows\System\DQghpZH.exe
  C:\Windows\System\DQghpZH.exe
  2⤵
  PID:8460
- C:\Windows\System\spupwHV.exe
  C:\Windows\System\spupwHV.exe
  2⤵
  PID:8616
- C:\Windows\System\aGIlarR.exe
  C:\Windows\System\aGIlarR.exe
  2⤵
  PID:8912
- C:\Windows\System\XWqKrMk.exe
  C:\Windows\System\XWqKrMk.exe
  2⤵
  PID:8752
- C:\Windows\System\DqBYvkM.exe
  C:\Windows\System\DqBYvkM.exe
  2⤵
  PID:9156
- C:\Windows\System\cQvYuww.exe
  C:\Windows\System\cQvYuww.exe
  2⤵
  PID:9028
- C:\Windows\System\EnKziZo.exe
  C:\Windows\System\EnKziZo.exe
  2⤵
  PID:1320
- C:\Windows\System\JEkyMhX.exe
  C:\Windows\System\JEkyMhX.exe
  2⤵
  PID:1732
- C:\Windows\System\IBggyFO.exe
  C:\Windows\System\IBggyFO.exe
  2⤵
  PID:2564
- C:\Windows\System\obeUlgV.exe
  C:\Windows\System\obeUlgV.exe
  2⤵
  PID:8652
- C:\Windows\System\SJBgEiy.exe
  C:\Windows\System\SJBgEiy.exe
  2⤵
  PID:9208
- C:\Windows\System\SnoVVov.exe
  C:\Windows\System\SnoVVov.exe
  2⤵
  PID:9064
- C:\Windows\System\uLxIckp.exe
  C:\Windows\System\uLxIckp.exe
  2⤵
  PID:9160
- C:\Windows\System\ouXtbkW.exe
  C:\Windows\System\ouXtbkW.exe
  2⤵
  PID:1380
- C:\Windows\System\eUQcUYg.exe
  C:\Windows\System\eUQcUYg.exe
  2⤵
  PID:2072
- C:\Windows\System\zMHjnEI.exe
  C:\Windows\System\zMHjnEI.exe
  2⤵
  PID:8768
- C:\Windows\System\bnOLpBA.exe
  C:\Windows\System\bnOLpBA.exe
  2⤵
  PID:8504
- C:\Windows\System\qmCZRTL.exe
  C:\Windows\System\qmCZRTL.exe
  2⤵
  PID:8344
- C:\Windows\System\mQKSSnx.exe
  C:\Windows\System\mQKSSnx.exe
  2⤵
  PID:8996
- C:\Windows\System\GtRdhBX.exe
  C:\Windows\System\GtRdhBX.exe
  2⤵
  PID:9204
- C:\Windows\System\MYguYzp.exe
  C:\Windows\System\MYguYzp.exe
  2⤵
  PID:2964
- C:\Windows\System\dxQTGKu.exe
  C:\Windows\System\dxQTGKu.exe
  2⤵
  PID:8488
- C:\Windows\System\EgDjGIW.exe
  C:\Windows\System\EgDjGIW.exe
  2⤵
  PID:9228
- C:\Windows\System\EGtPENs.exe
  C:\Windows\System\EGtPENs.exe
  2⤵
  PID:9248
- C:\Windows\System\wBfzZWV.exe
  C:\Windows\System\wBfzZWV.exe
  2⤵
  PID:9264
- C:\Windows\System\tTXoIZf.exe
  C:\Windows\System\tTXoIZf.exe
  2⤵
  PID:9284
- C:\Windows\System\TDcrgcl.exe
  C:\Windows\System\TDcrgcl.exe
  2⤵
  PID:9304
- C:\Windows\System\oACymcp.exe
  C:\Windows\System\oACymcp.exe
  2⤵
  PID:9348
- C:\Windows\System\ZozqUlO.exe
  C:\Windows\System\ZozqUlO.exe
  2⤵
  PID:9364
- C:\Windows\System\eEGFynr.exe
  C:\Windows\System\eEGFynr.exe
  2⤵
  PID:9384
- C:\Windows\System\uFSVhPo.exe
  C:\Windows\System\uFSVhPo.exe
  2⤵
  PID:9400
- C:\Windows\System\eQBxmMq.exe
  C:\Windows\System\eQBxmMq.exe
  2⤵
  PID:9420
- C:\Windows\System\LdiHuRu.exe
  C:\Windows\System\LdiHuRu.exe
  2⤵
  PID:9448
- C:\Windows\System\qtjxsEy.exe
  C:\Windows\System\qtjxsEy.exe
  2⤵
  PID:9468
- C:\Windows\System\Wlxysvx.exe
  C:\Windows\System\Wlxysvx.exe
  2⤵
  PID:9484
- C:\Windows\System\HxTDSla.exe
  C:\Windows\System\HxTDSla.exe
  2⤵
  PID:9504
- C:\Windows\System\uhZkBLo.exe
  C:\Windows\System\uhZkBLo.exe
  2⤵
  PID:9520
- C:\Windows\System\cObzYLa.exe
  C:\Windows\System\cObzYLa.exe
  2⤵
  PID:9540
- C:\Windows\System\EHUKyJM.exe
  C:\Windows\System\EHUKyJM.exe
  2⤵
  PID:9564
- C:\Windows\System\QYKQUnd.exe
  C:\Windows\System\QYKQUnd.exe
  2⤵
  PID:9592
- C:\Windows\System\JVNcHEt.exe
  C:\Windows\System\JVNcHEt.exe
  2⤵
  PID:9608
- C:\Windows\System\uywBChi.exe
  C:\Windows\System\uywBChi.exe
  2⤵
  PID:9628
- C:\Windows\System\hPSpKJu.exe
  C:\Windows\System\hPSpKJu.exe
  2⤵
  PID:9648
- C:\Windows\System\yFOCGwh.exe
  C:\Windows\System\yFOCGwh.exe
  2⤵
  PID:9672
- C:\Windows\System\fxGLuHC.exe
  C:\Windows\System\fxGLuHC.exe
  2⤵
  PID:9688
- C:\Windows\System\JuPiHQK.exe
  C:\Windows\System\JuPiHQK.exe
  2⤵
  PID:9712
- C:\Windows\System\rgsDrBA.exe
  C:\Windows\System\rgsDrBA.exe
  2⤵
  PID:9732
- C:\Windows\System\UEMmuZn.exe
  C:\Windows\System\UEMmuZn.exe
  2⤵
  PID:9756
- C:\Windows\System\uFOXoyf.exe
  C:\Windows\System\uFOXoyf.exe
  2⤵
  PID:9776
- C:\Windows\System\lWdXxzE.exe
  C:\Windows\System\lWdXxzE.exe
  2⤵
  PID:9796
- C:\Windows\System\VCGuEUy.exe
  C:\Windows\System\VCGuEUy.exe
  2⤵
  PID:9816
- C:\Windows\System\WNvmEVR.exe
  C:\Windows\System\WNvmEVR.exe
  2⤵
  PID:9832
- C:\Windows\System\nvJxdVA.exe
  C:\Windows\System\nvJxdVA.exe
  2⤵
  PID:9856
- C:\Windows\System\SPOQjFJ.exe
  C:\Windows\System\SPOQjFJ.exe
  2⤵
  PID:9872
- C:\Windows\System\NANqXci.exe
  C:\Windows\System\NANqXci.exe
  2⤵
  PID:9896
- C:\Windows\System\PEyPgAz.exe
  C:\Windows\System\PEyPgAz.exe
  2⤵
  PID:9916
- C:\Windows\System\pxIZPRG.exe
  C:\Windows\System\pxIZPRG.exe
  2⤵
  PID:9940
- C:\Windows\System\JYgTupt.exe
  C:\Windows\System\JYgTupt.exe
  2⤵
  PID:9960
- C:\Windows\System\ahUROWn.exe
  C:\Windows\System\ahUROWn.exe
  2⤵
  PID:9980
- C:\Windows\System\FpSmzTX.exe
  C:\Windows\System\FpSmzTX.exe
  2⤵
  PID:10000
- C:\Windows\System\BahRlFh.exe
  C:\Windows\System\BahRlFh.exe
  2⤵
  PID:10020
- C:\Windows\System\FzgRkxL.exe
  C:\Windows\System\FzgRkxL.exe
  2⤵
  PID:10036
- C:\Windows\System\jujdQQf.exe
  C:\Windows\System\jujdQQf.exe
  2⤵
  PID:10056
- C:\Windows\System\mzAkHPk.exe
  C:\Windows\System\mzAkHPk.exe
  2⤵
  PID:10080
- C:\Windows\System\rWzEjxB.exe
  C:\Windows\System\rWzEjxB.exe
  2⤵
  PID:10096
- C:\Windows\System\wHuFHqq.exe
  C:\Windows\System\wHuFHqq.exe
  2⤵
  PID:10112
- C:\Windows\System\WJwhAer.exe
  C:\Windows\System\WJwhAer.exe
  2⤵
  PID:10140
- C:\Windows\System\xbMomyM.exe
  C:\Windows\System\xbMomyM.exe
  2⤵
  PID:10156
- C:\Windows\System\qrtlhQN.exe
  C:\Windows\System\qrtlhQN.exe
  2⤵
  PID:10172
- C:\Windows\System\jYawSwQ.exe
  C:\Windows\System\jYawSwQ.exe
  2⤵
  PID:10200
- C:\Windows\System\TBlJCNm.exe
  C:\Windows\System\TBlJCNm.exe
  2⤵
  PID:10220
- C:\Windows\System\EpYAIPv.exe
  C:\Windows\System\EpYAIPv.exe
  2⤵
  PID:7632
- C:\Windows\System\twAvTpH.exe
  C:\Windows\System\twAvTpH.exe
  2⤵
  PID:316
- C:\Windows\System\SZzoZOt.exe
  C:\Windows\System\SZzoZOt.exe
  2⤵
  PID:9236
- C:\Windows\System\pTCmSDz.exe
  C:\Windows\System\pTCmSDz.exe
  2⤵
  PID:9300
- C:\Windows\System\buQqIiY.exe
  C:\Windows\System\buQqIiY.exe
  2⤵
  PID:9328
- C:\Windows\System\EgraNGe.exe
  C:\Windows\System\EgraNGe.exe
  2⤵
  PID:1652
- C:\Windows\System\xOBlmSc.exe
  C:\Windows\System\xOBlmSc.exe
  2⤵
  PID:9412
- C:\Windows\System\xHDIUTg.exe
  C:\Windows\System\xHDIUTg.exe
  2⤵
  PID:9392
- C:\Windows\System\XWidCeS.exe
  C:\Windows\System\XWidCeS.exe
  2⤵
  PID:6840
- C:\Windows\System\rVvDmPs.exe
  C:\Windows\System\rVvDmPs.exe
  2⤵
  PID:9456
- C:\Windows\System\RxkPfOS.exe
  C:\Windows\System\RxkPfOS.exe
  2⤵
  PID:9496
- C:\Windows\System\jlzSJOI.exe
  C:\Windows\System\jlzSJOI.exe
  2⤵
  PID:9528
- C:\Windows\System\JOoOmZk.exe
  C:\Windows\System\JOoOmZk.exe
  2⤵
  PID:9548
- C:\Windows\System\rnHQRCp.exe
  C:\Windows\System\rnHQRCp.exe
  2⤵
  PID:9556
- C:\Windows\System\acExWAx.exe
  C:\Windows\System\acExWAx.exe
  2⤵
  PID:9624
- C:\Windows\System\MBqGjNH.exe
  C:\Windows\System\MBqGjNH.exe
  2⤵
  PID:9636
- C:\Windows\System\LQMQarA.exe
  C:\Windows\System\LQMQarA.exe
  2⤵
  PID:9684
- C:\Windows\System\HTNbBTU.exe
  C:\Windows\System\HTNbBTU.exe
  2⤵
  PID:9700
- C:\Windows\System\hURGGRc.exe
  C:\Windows\System\hURGGRc.exe
  2⤵
  PID:9744
- C:\Windows\System\kvGRQRs.exe
  C:\Windows\System\kvGRQRs.exe
  2⤵
  PID:9784
- C:\Windows\System\QswKwaI.exe
  C:\Windows\System\QswKwaI.exe
  2⤵
  PID:9824
- C:\Windows\System\yMzmQzi.exe
  C:\Windows\System\yMzmQzi.exe
  2⤵
  PID:9852
- C:\Windows\System\ZCmtviz.exe
  C:\Windows\System\ZCmtviz.exe
  2⤵
  PID:9868
- C:\Windows\System\vXWfPxd.exe
  C:\Windows\System\vXWfPxd.exe
  2⤵
  PID:9912
- C:\Windows\System\dJSwfbl.exe
  C:\Windows\System\dJSwfbl.exe
  2⤵
  PID:9952
- C:\Windows\System\gwQrYff.exe
  C:\Windows\System\gwQrYff.exe
  2⤵
  PID:9988
- C:\Windows\System\yyYsvYu.exe
  C:\Windows\System\yyYsvYu.exe
  2⤵
  PID:10016
- C:\Windows\System\atvrXvK.exe
  C:\Windows\System\atvrXvK.exe
  2⤵
  PID:10048
- C:\Windows\System\OIYbrBj.exe
  C:\Windows\System\OIYbrBj.exe
  2⤵
  PID:10068
- C:\Windows\System\fLgAtpB.exe
  C:\Windows\System\fLgAtpB.exe
  2⤵
  PID:10108
- C:\Windows\System\ueMwdsx.exe
  C:\Windows\System\ueMwdsx.exe
  2⤵
  PID:10148
- C:\Windows\System\WJtMaiH.exe
  C:\Windows\System\WJtMaiH.exe
  2⤵
  PID:10180
- C:\Windows\System\rBkuxec.exe
  C:\Windows\System\rBkuxec.exe
  2⤵
  PID:10216
- C:\Windows\System\vnKjjQw.exe
  C:\Windows\System\vnKjjQw.exe
  2⤵
  PID:10232
- C:\Windows\System\xtELsJL.exe
  C:\Windows\System\xtELsJL.exe
  2⤵
  PID:9272
- C:\Windows\System\yLvGSht.exe
  C:\Windows\System\yLvGSht.exe
  2⤵
  PID:9276
- C:\Windows\System\mTczUnx.exe
  C:\Windows\System\mTczUnx.exe
  2⤵
  PID:1008
- C:\Windows\System\NwqtLVZ.exe
  C:\Windows\System\NwqtLVZ.exe
  2⤵
  PID:9416
- C:\Windows\System\gsyVlSh.exe
  C:\Windows\System\gsyVlSh.exe
  2⤵
  PID:9436
- C:\Windows\System\TAypdLP.exe
  C:\Windows\System\TAypdLP.exe
  2⤵
  PID:9464
- C:\Windows\System\DdYfzLS.exe
  C:\Windows\System\DdYfzLS.exe
  2⤵
  PID:9512
- C:\Windows\System\dbJMaSz.exe
  C:\Windows\System\dbJMaSz.exe
  2⤵
  PID:9516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BdhAbFn.exe

Filesize
6.0MB

MD5
deb36bc23e791c8f2d8b87cb029c6c7c

SHA1
ac2baf0156ce13244b8d15b3806621f49a8624c2

SHA256
50484c8546c8b0f5a88f8058433c2839a6b9dec3026045fe888fda6000110598

SHA512
5f611311325b004aecf337d5eae656eba9fc198c93948cf1853c9a4af836c17276c3d36d3395c074fe4c588b049f535be6fa7b1910052f78e2a85e61540ef64f

Download Submit
C:\Windows\system\DHOrYas.exe

Filesize
6.0MB

MD5
f4a14bd534f9cb49d1d2f2246d34e805

SHA1
77013e9ab9a7399d05e4ab6ae3f1935423e46eb0

SHA256
ca39cef41853e77fd969056d59f7a7e1ebb816ed4b20209058e30776e812cf2b

SHA512
80304e08fa94e92906d9dc75804088e18efb3a2e530f6877aaa663c35028e91f6a8f8ee8a72b504420da0faf18c47e5f607ad3b1bea0e7af31a59c00cdd734d0

Download Submit
C:\Windows\system\DXHmREw.exe

Filesize
6.0MB

MD5
d7ee2a9fb32125622a31fd800f99f315

SHA1
cd4fb09422de2ec0499f3ddb7cde79923b0160bf

SHA256
ae7223f1cd87389660dbf3849c4f069af82b143b69382d36b2ae6e237f8b90ca

SHA512
3eb5e00433ef50dfa82578902225b8d0a7a1db894b50dc055e8df623ac95fe3c9b111e759b85b9d85253a46a4c6a48ca3415ef0799a3d6c83b0d9a34c69c5edb

Download Submit
C:\Windows\system\EQjwzoa.exe

Filesize
6.0MB

MD5
16d202e1f22fc67836ac15ddb758e272

SHA1
23ee2450c6c1b102f6133191b75a7256fb0d1d6c

SHA256
0bb70e4539b5fa66a3805c39407851cf2ec3f47f3f3e50395d06b86809ac40f3

SHA512
6c407632886061bbcb9c0befaff383b13065e97e9bf2c04900640e0313c60f14386d63b0e77935fdac1234d0107a5e178f8d0708e8227337472fdefef78bacaf

Download Submit
C:\Windows\system\FcBLMki.exe

Filesize
6.0MB

MD5
8f3c63852c70cc49017d720bf1a4a2f3

SHA1
ad8d1bb609bc1e8524f3f2cc7b073d1c66f29a3f

SHA256
1fd43b8409e98b4956adc9a94ee7615b8cc9350a55d07cd34ad46eef57249fb0

SHA512
397179246b388e7129c548e663f9c9b9e03f2571dea2dad25ad7d51aa9a1bbd75bd598ea5bb1aa86cbaf46641b8a9299537d277cc01664ec715c21ccbe02997a

Download Submit
C:\Windows\system\KOFtlpY.exe

Filesize
6.0MB

MD5
09d2ec618673181398503329ffb5e685

SHA1
1aa0fff086caa0b124eda3b9dd136987e49b9d9c

SHA256
5b9cc60bd464de92a3837613e457ab0df8d0c3a0a3b304ef7dbe874c813cb551

SHA512
595aa2ad45e09c95aaf6e4d45ab8acd22742b23ae1801f58d0a3fa4cef8039f6f54b8607afe4a9f8a1548cf9c74f438ed6775411b9aa7a2e506d724344fb8556

Download Submit
C:\Windows\system\MGckEyn.exe

Filesize
6.0MB

MD5
ffe44b3a6b042b2092f376f5c763afc2

SHA1
f6d7ea8079c5b4d7cf8242110945111a450380ae

SHA256
6be53f5c9ae45f162c96266f7d8cd0c609c75dc060b18317e1aa37ee91a4d545

SHA512
ca339c3e7623f92e523b098b52d21a7cd3816fa269de6c19fb9f405b4a4c8482cfaf7b738e88e28fe10a714f76317945060e2be5f1c22bf737e1a2aae6c6fbf3

Download Submit
C:\Windows\system\OXdRCvC.exe

Filesize
6.0MB

MD5
d272612e4a64d1569e08aec516664600

SHA1
3a72a97e2b351cd28455a7d74d5f3ee15f9a2fb2

SHA256
0f4a546e8e9af2055653c7881d0ad2531e4dd08c3e27ab70e1d17925e99fb75f

SHA512
86a57278877c90468271ca8f464ed43bd517a9f0dab73f31640695f380618e13ee7ef85a002e0d0e667d3a9a47295cf74ab33f8ad7d61de7429fc4d44bce77e5

Download Submit
C:\Windows\system\SFRWIty.exe

Filesize
6.0MB

MD5
d994b20a5719c8eaf304314ecf729f02

SHA1
08f0bfacbc3f1f490490a16a7ee27ff43679915d

SHA256
4b6f4bfc8e1fd3ddd296800684d53816c73ba13fc4ea58ff5a2f45ece8c38c75

SHA512
ed90bcf82f620ad22a54d71d10da6cc56f63b3450f0a76865836d02e87dc5a985114ef4bd036a770f1a08044c040a62c602df9fcc13109db1249dfdab68a7926

Download Submit
C:\Windows\system\TCvOIQs.exe

Filesize
6.0MB

MD5
dc420978b1f844135fdbf0eaa558266d

SHA1
a2cbf86604e6f8165c6f9e405c856d9ae4c1b61c

SHA256
3e8f223bc4c4a34033590556dab633e4a69695f0dfbff11de5a5a7a1c455ebb8

SHA512
29b0699d07ace9c59e4200ffc373c27c132a32affa6205230188c4c5da96d6eb285c76a00599577a326e0b30be6c6cc9eff255d9395ea4623a0a4dca0fb9ece3

Download Submit
C:\Windows\system\VPRKfyS.exe

Filesize
6.0MB

MD5
331fa5126b65da70ba0bc34751bf2b8c

SHA1
31c7907d2dd128b938532acf387fce457dae1424

SHA256
31d8a9592fac1f5af7df52c66a2f951191bda1ede8d53fe1c6ed8d3734fc6272

SHA512
22d8cd65c9d9b05645c1b963270bdeb124690f0816aae43784245c4c9ec877f72b016659f04b7241d8b4314e08105da912747c60f254f7297739e181008646ca

Download Submit
C:\Windows\system\ZKBvApr.exe

Filesize
6.0MB

MD5
8a76cf38251f07da3fc7849d4ed31f11

SHA1
8c4b0aef78567ffd08a926dc6a6923f07275c856

SHA256
091f0c46e9b42b6931d2f758d332e4fd9019e8e331c8dbc43546f063b665727f

SHA512
252e866ccfa997cad42694a14bb52d4c6af0c728c9249c6c258d2bb75a1b62a5283f84dc989b2c7f1af9b29e6c1079c0afbd0ec2fd22b9b4e92df95d9f16c3c9

Download Submit
C:\Windows\system\ayvAMVZ.exe

Filesize
6.0MB

MD5
70791a9e58f98c88c60a7ee32fb4b113

SHA1
b9aecf07a58ff0521232a5a4b08dbb9f4d94565c

SHA256
dcc91c0f941100659f26da6309156d6b2c6b37c4aa5ece72b6dfecdca02a5207

SHA512
4e45418df20f1a2bc178640cb35274ef28ae2b14be7ad697680c842f2c6cbe3b191bc2821e936696f5b2260d114638e95113c525787edb1549582db1105172fd

Download Submit
C:\Windows\system\cZlWCWM.exe

Filesize
6.0MB

MD5
f6612b31c43387f13e0bbaeba0003589

SHA1
deb50084365c81e6f6bd51b76484d46eac150633

SHA256
90bec6470645c3ccfb1d8fa7ffa319907c7426ca8b401c5e398b331c45ec40d1

SHA512
dc25d4184f5514f0474c4d3f242852573ff33c6baac3bd1a3c4df4c3c23099a6e4b5e716454cf4254030115c26c1e5c2860fa044da1422ac07cd929dcb7bf33e

Download Submit
C:\Windows\system\fTrphii.exe

Filesize
6.0MB

MD5
99df7093147d2afb70ac25c32e02fbc9

SHA1
4dc7b39a05be5a976f48af5f3bef9d7508d3d14f

SHA256
928fc147dc1407b274a3cad575a9686b2f18687838497676990110e3e3269ec9

SHA512
548810d8c2d7e64cc1c51a08406dade4d0839261ef09e9563084a9d5522654a13e40ee34e4ca6fa222347421068907f3d842bf6a702a44be6c3d99f71cb79f83

Download Submit
C:\Windows\system\jZiqsPi.exe

Filesize
6.0MB

MD5
12466fb0c8b7b411307e4336075af255

SHA1
c3516db803fbba6682a59df3b25daa01c5eef1ed

SHA256
32be1fbb95844876094b1e7626774f8cbb256987cd6e793b664ff10db1ced30d

SHA512
e71fe569dc7ab33f3584e0e753a6cb711edfcc699e7c33c89a101e2059f74dd08ecd5899f8614f5f092e19d3e5823e756f79b6b7d13d04e048fcc949df6a8498

Download Submit
C:\Windows\system\mYDqdQV.exe

Filesize
6.0MB

MD5
2c8218ac2c23be3006d52686f2d0699b

SHA1
77f0c724523b80724593f48e0112cee49a28430d

SHA256
e996c38d7650f7553ffdd85b7190bdc08ba97ec542547afedec30fcbc9b4abe1

SHA512
14f31cca1a1968c699e8749b50f1f71b75c89a37b29b0e73166f3d34f0b395536773c14520126aa85dbeeb9471063b88c232729a580971fb59fc1d5a2a3b6679

Download Submit
C:\Windows\system\nTKtRaZ.exe

Filesize
6.0MB

MD5
b8bd1c3b9b5804d1a45eae3dbb817de4

SHA1
434c7c26c2cf632ed540fd5d4df71ce8eec75799

SHA256
df06ab1ded03128d600b60f1c72aaa75aa4889dd4d41c76c880c44700f400391

SHA512
335ab858b05093049ca99e58e8f47fe84309f5358d11010a1dadc3daf3d3c769b396eb2c5b71c9e28ebd9eabebc8aa133ee8cc35409917a637339ad556eccebd

Download Submit
C:\Windows\system\pOMZdqO.exe

Filesize
6.0MB

MD5
906112334ab3107a551df45e2f7dc1b1

SHA1
fc73480a3926dec1d05717c1881943325ac7db2e

SHA256
aa861f5a50aa77c155551be7a4a4769054139790142c6e71049d4deef4fb0e96

SHA512
ab07198613ae0f2b4f83fd8ea801c9559ef1c086bc5f96034ae48f75c9a30b9b28b793b72b537b7833a1163d806efb505008e1242d188bc1b2c3a7f847e08294

Download Submit
C:\Windows\system\sJWzIIv.exe

Filesize
6.0MB

MD5
149801bb7a693e371aca4f431a73f571

SHA1
9b492d878cd486203f79d80d0801bf4e78d03944

SHA256
4a88d6bd7bb069e10d95b31a7dea8c691061bbef2b76335b0bb840d872561ecc

SHA512
56f39cea76e4af7abbc92c90a83e119c0765da96b06bb06e66f05a51d3aaa2ba5b4765fcd46d6b5b83ea3bd88db55c5a11f08b0c4576f5cb2c4378bf5bbe059d

Download Submit
C:\Windows\system\uxywqLG.exe

Filesize
6.0MB

MD5
b8e4fcfca1e84257d878f1b3064825bc

SHA1
6c955aa35260638e87f974fdd3b6971e81ed84aa

SHA256
2e5e490e22644ba4a658328902c3414d8bacf5d655ac1dd7b429a2b1e85d47e0

SHA512
8636548236db4145db38c29eb3e9b76fd0394605a72fc636b93075f2c2856aec6195cb3245457a7d7d5222c0a61e18546e560ffd4e04e4e721f3e116869c4c4c

Download Submit
C:\Windows\system\vmNOuqy.exe

Filesize
6.0MB

MD5
1cffcff9b07fe3b376f944fda79e4816

SHA1
616f50091390e37306cdadc5ac6952323c96d7b0

SHA256
49a8e1d5ec7f5e16ff0cd974ccbf48bc49c0f03528aa1619742140e2be69fca5

SHA512
4e81e27344c43acfd2f311c560fca6d3651b11d12f53981757f902a93ba9a9d3084a30af76fef264802302cfa15ca9afbafd74ccb521b93408ea6945f44ba4e9

Download Submit
C:\Windows\system\ysUenyi.exe

Filesize
6.0MB

MD5
d0ac0534c8e606245dccda3f8689286d

SHA1
027cf3d9e39f0669a1ccc075d8d96611b5ef3f4e

SHA256
a3554a6cafc55ed9d3eeeac62725eaf88879a2ae4b95bc656f8fa625a95d947a

SHA512
e3a572ca0fb606093944b2649b06b61efdfe78166d77e501279f749e409f648958769af1816f1e20369c13ce8e8b7bd5eb3c7e19e44db8ad436b6650e580c5a8

Download Submit
C:\Windows\system\zgjIOHA.exe

Filesize
6.0MB

MD5
5d5a4e9d87c8948693cab63b1abd97b0

SHA1
9e2e7cceac890d2d62443d5f7668a2a52ef6e73f

SHA256
fd6c410b2e964c9c2580fc00d2389d3f953ac53d7f3a35acb950f96ac46c25e6

SHA512
b98ff6eb373253def111f3a9fbb8f8fb2d03ad4cbd3953d78569b802bf200a55c350793bc6a62909e74a5cedc671ad21fa5bce5eb639297c78c8160f73726926

Download Submit
\Windows\system\DWKxLtK.exe

Filesize
6.0MB

MD5
9a37fb02ab0adbc6a6c2e18924d13a28

SHA1
8760cdda4c5c0b2e51d64c8c0e12e8399ac44138

SHA256
70bfdde24036df5d1fed6fccf70ed68ecbbcf7515292968d48021d28c2c484a7

SHA512
80d93f70d653e8e3e56e367b850202feed5cb030f1f97389f5b52fa549abe2e13c403056ac91436386e5282d739d832eb334833eedf8a6f7bbf06c21fe4e715c

Download Submit
\Windows\system\JAXQSeC.exe

Filesize
6.0MB

MD5
13f5fe86e5d2631131d155449dab6376

SHA1
27329a86f296034e492ad27ed54b8084c0da5f76

SHA256
c2103e671193fb17979e988590fbe1982c100b65ec123795a5fcf86e6559bf8e

SHA512
5045285f5e1083a18980271ac8fe8aea83665040351d7e9ef288f708ac686b4ad3cd48dec2a5bcee71acf20b7b213b4490f660f15898e594bf9432f7022e7793

Download Submit
\Windows\system\ReoEjRH.exe

Filesize
6.0MB

MD5
3d9d58aaa8e3e2190006333faa1320c6

SHA1
4c8db2d07a4940a2b2108b053a7d5b745051db10

SHA256
68bada2888b5b3c9e954feedd9e883417dd0de812d9316658f3093d0fa3168e2

SHA512
5290ba4e1fc9c2b45503433a6447799c6e8b4dcc61e2d2a4fbcd44b51773fda60e220a050dc526eba8adbdf2ee2b9f737b50b944977eae8bb3d73b237208b587

Download Submit
\Windows\system\SNrMjqn.exe

Filesize
6.0MB

MD5
81ebf4942def769ee8eb7ed3ed199b72

SHA1
7853811708a00273c4fb7d8be4da13164263baf9

SHA256
95c80c6723a598dd3139f6b1517b85e5886afa3487a8342b7208f070a70b43d1

SHA512
da07f87adc20dfaf3bc00aee41f2b0e9ff27c244fef3a90e12bf0e1a2988d0a40c9ac9ec292ce3fc89ec4722e1099f7e684b940a221fe9600a0d7680578cad07

Download Submit
\Windows\system\UnqWqHY.exe

Filesize
6.0MB

MD5
5d4dcf0017ea65d215b5143fc4a73860

SHA1
d2dbc26d52d44685a630e59c552983c13416b930

SHA256
180c778cf92c829a2695afa44534668433ee2c65cbb8dc8b707a8d84d9d0add4

SHA512
9dc8f6b0597e30335f5948de05591db2a307eed0354eb94b62e79fb8c19f636d6487afe97d7a873063364d79a9b6f1d8ee5dd4326f86f0cfa99971f9ab9300b2

Download Submit
\Windows\system\ZpMoJRB.exe

Filesize
6.0MB

MD5
4c01d2f3393decfbcd52d4e2eb9c56ea

SHA1
3dd2599e024148825718236bebaf1da583c39a85

SHA256
4180715faf29329b07609f3fd571349efad8552dc8d6428b181509f5302ccd1a

SHA512
f4cfd75f9d2493fc594048e47183508f605f05b1e97da6af5392fcdf23e0e5cf9960aea8ae6d448c3cb69f997600b859c3ca8efc89083de727fce23ac3ba42b6

Download Submit
\Windows\system\ecaZAxX.exe

Filesize
6.0MB

MD5
602f9b177912f5bfd667f57948d57f89

SHA1
0aa06cc56ff7fa905cbcbf7d78a135940671bf1b

SHA256
6cea9df474c4b93a80fa1700122af2d0a5d643f0580de084a74e82c77471b591

SHA512
616324fd397d26eedca2646835e6678ad8b9ad91dc2e6f3bbcedaf0b12ba5dbfd2c2246431c696faeb913a19a63bee8bfefb93551851801e04f69b528d1d572e

Download Submit
\Windows\system\oVGtesQ.exe

Filesize
6.0MB

MD5
56dfc9fb3c83ea1eaf74cb4ac86a18c2

SHA1
c09393da555a34604e33deb22f7570f20b28c74a

SHA256
ba06ac7f4b67e5825b6e1682e5517c2b1e66ce0d922832ba7163bcb855f6fc58

SHA512
1f74b396a83556fb3b9ca7d2188eebcb38ae50c3f62a696b038ed57ca0cf513f1cbaf8dab3d746311285e5512e4bcb2f8d29f30d0a2d241c32be0f625c4b1cea

Download Submit
memory/1168-17-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1168-49-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1168-3933-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2056-90-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2056-52-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2056-3963-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2156-12-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2156-51-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2156-23-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2156-87-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2156-899-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2156-745-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2156-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2156-95-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2156-104-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2156-0-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-966-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-21-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2156-30-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2156-83-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2156-35-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-113-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-54-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2156-48-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2156-71-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-63-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2156-96-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2156-114-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-105-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2328-109-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2328-3977-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2328-901-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2408-7-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2408-40-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2408-3950-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2448-3927-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2448-62-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2448-26-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2520-91-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3974-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2520-639-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2612-240-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-3960-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-75-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3956-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2644-57-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2644-99-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2728-84-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3968-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2728-471-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2744-67-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2744-108-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3964-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2764-82-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3943-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-41-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3952-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-36-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-74-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-846-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2936-100-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3982-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/3044-3955-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/3044-66-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/3044-28-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download