cobaltstrike | aef54426857dd7a49481842151793fb5a9cdeb1854de2008b16db34bdddbd8fb

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23-09-2024 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

af2b348299e75ddfb35f914c9223fbea
SHA1

87bd8aba68c7985692a33a0ee2dfd5c8b65adf28
SHA256

aef54426857dd7a49481842151793fb5a9cdeb1854de2008b16db34bdddbd8fb
SHA512

46e0823e620acc42b9460a50023eb636a5deb9e8f5602835e38572b9fc6ab64e7f91b8722798e7c81a34b700abcdd4e2d2a2f7d8307603fe95496d7aae85f6b8
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUf:T+q56utgpPF8u/7f

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00090000000120f9-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d49-13.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d5a-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d71-27.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019219-80.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000191f8-73.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000191d1-67.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001739f-66.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017349-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017342-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016f45-36.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-167.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001948d-163.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001945c-160.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193f0-156.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193e6-152.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193d1-148.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001938e-140.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193a8-144.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019382-136.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001937b-132.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019369-103.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019329-97.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001921d-89.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019214-76.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000191df-68.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000191cf-58.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017355-48.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019371-113.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019345-112.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019232-111.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/2308-0-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2664-9-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x00090000000120f9-6.dat	xmrig
behavioral1/files/0x0008000000016d49-13.dat	xmrig
behavioral1/memory/2820-16-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d5a-12.dat	xmrig
behavioral1/files/0x0008000000016d71-27.dat	xmrig
behavioral1/memory/1876-81-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019219-80.dat	xmrig
behavioral1/files/0x00060000000191f8-73.dat	xmrig
behavioral1/files/0x00060000000191d1-67.dat	xmrig
behavioral1/files/0x000800000001739f-66.dat	xmrig
behavioral1/memory/2556-56-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2308-40-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x0007000000017349-46.dat	xmrig
behavioral1/files/0x0007000000017342-39.dat	xmrig
behavioral1/memory/2900-38-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016f45-36.dat	xmrig
behavioral1/memory/2308-35-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/2764-34-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2752-23-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2308-1195-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/1800-956-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2556-821-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2760-820-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2900-690-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2764-337-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2752-181-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x000500000001958b-171.dat	xmrig
behavioral1/files/0x00050000000194e2-167.dat	xmrig
behavioral1/files/0x000600000001948d-163.dat	xmrig
behavioral1/files/0x000600000001945c-160.dat	xmrig
behavioral1/files/0x00060000000193f0-156.dat	xmrig
behavioral1/files/0x00060000000193e6-152.dat	xmrig
behavioral1/files/0x00060000000193d1-148.dat	xmrig
behavioral1/files/0x000600000001938e-140.dat	xmrig
behavioral1/files/0x00060000000193a8-144.dat	xmrig
behavioral1/files/0x0006000000019382-136.dat	xmrig
behavioral1/files/0x000600000001937b-132.dat	xmrig
behavioral1/files/0x0006000000019369-103.dat	xmrig
behavioral1/files/0x0006000000019329-97.dat	xmrig
behavioral1/memory/1800-92-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/files/0x000600000001921d-89.dat	xmrig
behavioral1/files/0x0006000000019214-76.dat	xmrig
behavioral1/files/0x00060000000191df-68.dat	xmrig
behavioral1/files/0x00060000000191cf-58.dat	xmrig
behavioral1/files/0x0009000000017355-48.dat	xmrig
behavioral1/memory/2308-119-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/2760-41-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2912-118-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2532-116-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/files/0x0006000000019371-113.dat	xmrig
behavioral1/files/0x0006000000019345-112.dat	xmrig
behavioral1/files/0x0006000000019232-111.dat	xmrig
behavioral1/memory/2820-110-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2820-3971-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2752-4007-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2900-4006-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2764-4005-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2760-4004-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/1800-4065-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2532-4008-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2912-4095-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2664	sdhBzzi.exe
2820	MfkAxnS.exe
2752	dipQxFS.exe
2764	IqAtqfe.exe
2900	hDqBvOA.exe
2760	LDgCHWF.exe
2556	KYmhRKZ.exe
2532	wiJlCat.exe
1876	wzvukKU.exe
2912	edhnQel.exe
1800	OnEDBqg.exe
1508	ILpeGRI.exe
1664	HnlWmxZ.exe
1636	qmKVfah.exe
2604	iFaANyM.exe
2364	hzqMKjY.exe
2888	oyYJtho.exe
3028	GXLuUrC.exe
2656	XbSkfKE.exe
1764	xnRwvUQ.exe
860	xvmwuLc.exe
1568	BIPHrNG.exe
372	aAEnZKo.exe
1152	tXfYYXp.exe
2972	qGRiRgn.exe
2252	qvvqzii.exe
2284	HRECYEP.exe
1792	mMbTadw.exe
1004	PeyFxQl.exe
404	QwbiPrf.exe
1988	oKtgdfZ.exe
1860	YqteUBA.exe
960	jXHlHKN.exe
1892	kyUCvbG.exe
2516	eXVcoHH.exe
2120	plWIycA.exe
1496	ZqXdyxg.exe
544	tekFpGl.exe
956	lFVpVJL.exe
2412	CTOqIAt.exe
1548	YLIXKAO.exe
1532	KtpJqza.exe
1040	hsDTaWQ.exe
1984	pKxclGN.exe
1292	TXixtWZ.exe
1992	BlGZLhN.exe
996	LBGmzmF.exe
1632	JFgnJDr.exe
376	kVngOTI.exe
2028	UFVJfpi.exe
1264	WsVFBXF.exe
2960	RTGdlQa.exe
2332	yIIqGrs.exe
2328	ELBOXQJ.exe
1880	JZusBUj.exe
2044	KMWwZST.exe
2456	AKOPUDU.exe
2220	ifwbgNd.exe
904	ZXZiajS.exe
2144	peyqRoF.exe
2940	SPXmRum.exe
2644	bEPsEOe.exe
2800	vZUIQTI.exe
2720	rSltVDE.exe

Loads dropped DLL 64 IoCs

pid	Process
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 60 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2308-0-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2664-9-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x00090000000120f9-6.dat	upx
behavioral1/files/0x0008000000016d49-13.dat	upx
behavioral1/memory/2820-16-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/files/0x0009000000016d5a-12.dat	upx
behavioral1/files/0x0008000000016d71-27.dat	upx
behavioral1/memory/1876-81-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x0006000000019219-80.dat	upx
behavioral1/files/0x00060000000191f8-73.dat	upx
behavioral1/files/0x00060000000191d1-67.dat	upx
behavioral1/files/0x000800000001739f-66.dat	upx
behavioral1/memory/2556-56-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2308-40-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x0007000000017349-46.dat	upx
behavioral1/files/0x0007000000017342-39.dat	upx
behavioral1/memory/2900-38-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/files/0x0007000000016f45-36.dat	upx
behavioral1/memory/2764-34-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2752-23-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/1800-956-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2556-821-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2760-820-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2900-690-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2764-337-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2752-181-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x000500000001958b-171.dat	upx
behavioral1/files/0x00050000000194e2-167.dat	upx
behavioral1/files/0x000600000001948d-163.dat	upx
behavioral1/files/0x000600000001945c-160.dat	upx
behavioral1/files/0x00060000000193f0-156.dat	upx
behavioral1/files/0x00060000000193e6-152.dat	upx
behavioral1/files/0x00060000000193d1-148.dat	upx
behavioral1/files/0x000600000001938e-140.dat	upx
behavioral1/files/0x00060000000193a8-144.dat	upx
behavioral1/files/0x0006000000019382-136.dat	upx
behavioral1/files/0x000600000001937b-132.dat	upx
behavioral1/files/0x0006000000019369-103.dat	upx
behavioral1/files/0x0006000000019329-97.dat	upx
behavioral1/memory/1800-92-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/files/0x000600000001921d-89.dat	upx
behavioral1/files/0x0006000000019214-76.dat	upx
behavioral1/files/0x00060000000191df-68.dat	upx
behavioral1/files/0x00060000000191cf-58.dat	upx
behavioral1/files/0x0009000000017355-48.dat	upx
behavioral1/memory/2760-41-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2912-118-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2532-116-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/files/0x0006000000019371-113.dat	upx
behavioral1/files/0x0006000000019345-112.dat	upx
behavioral1/files/0x0006000000019232-111.dat	upx
behavioral1/memory/2820-110-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2820-3971-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2752-4007-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2900-4006-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2764-4005-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2760-4004-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/1800-4065-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2532-4008-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2912-4095-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XifPEZK.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxAoAZC.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rcfgunR.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdDOwoV.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RTzLPkI.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NgWfsgF.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YlWEarw.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZzaFmuT.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UnQLfdu.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wpadNFn.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kFKrFMv.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRgEPFR.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ebFTZRe.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xgUNHWp.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JpbgvPW.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sIIZtFO.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QwbiPrf.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cBAYWUn.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bucxUZi.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qmUsbfV.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GDVsGEf.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLIXKAO.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\guZahvY.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uJGBXfj.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bGTVtkR.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bycaLHn.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RUruuzc.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\frcCdSl.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjxcChX.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\anvFQpo.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OmvbWnG.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lFVpVJL.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gGJHvzI.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRLaCjG.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kSdeweY.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eyhLNyR.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tcNqaLk.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPfZHyd.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDOHBAX.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWWrOQu.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPiHJVn.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SlSbqjJ.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bEnsbdx.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ephdpVv.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\docCWNB.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vAUfgZf.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NSaFlCY.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HuxXSRE.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MfkAxnS.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAtiPAT.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMjPNVT.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NWyFwXd.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uOlCpfK.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kuwiAsF.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YxIARYs.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LhsweWq.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQUBUvM.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ejiWire.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uABNWzb.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzRCaVv.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqZQPrw.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PeYfyqG.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WfuBOKe.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wgOYdkY.exe	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 2664	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2308 wrote to memory of 2664	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2308 wrote to memory of 2664	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2308 wrote to memory of 2820	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2308 wrote to memory of 2820	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2308 wrote to memory of 2820	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2308 wrote to memory of 2752	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2308 wrote to memory of 2752	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2308 wrote to memory of 2752	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2308 wrote to memory of 2764	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2308 wrote to memory of 2764	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2308 wrote to memory of 2764	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2308 wrote to memory of 2900	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2308 wrote to memory of 2900	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2308 wrote to memory of 2900	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2308 wrote to memory of 2760	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2308 wrote to memory of 2760	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2308 wrote to memory of 2760	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2308 wrote to memory of 2556	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2308 wrote to memory of 2556	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2308 wrote to memory of 2556	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2308 wrote to memory of 2604	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2308 wrote to memory of 2604	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2308 wrote to memory of 2604	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2308 wrote to memory of 2532	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2308 wrote to memory of 2532	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2308 wrote to memory of 2532	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2308 wrote to memory of 2364	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2308 wrote to memory of 2364	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2308 wrote to memory of 2364	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2308 wrote to memory of 1876	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2308 wrote to memory of 1876	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2308 wrote to memory of 1876	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2308 wrote to memory of 2888	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2308 wrote to memory of 2888	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2308 wrote to memory of 2888	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2308 wrote to memory of 2912	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2308 wrote to memory of 2912	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2308 wrote to memory of 2912	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2308 wrote to memory of 3028	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2308 wrote to memory of 3028	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2308 wrote to memory of 3028	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2308 wrote to memory of 1800	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2308 wrote to memory of 1800	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2308 wrote to memory of 1800	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2308 wrote to memory of 2656	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2308 wrote to memory of 2656	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2308 wrote to memory of 2656	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2308 wrote to memory of 1508	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2308 wrote to memory of 1508	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2308 wrote to memory of 1508	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2308 wrote to memory of 1764	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2308 wrote to memory of 1764	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2308 wrote to memory of 1764	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2308 wrote to memory of 1664	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2308 wrote to memory of 1664	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2308 wrote to memory of 1664	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2308 wrote to memory of 860	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2308 wrote to memory of 860	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2308 wrote to memory of 860	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2308 wrote to memory of 1636	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2308 wrote to memory of 1636	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2308 wrote to memory of 1636	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2308 wrote to memory of 1568	2308	2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-23_af2b348299e75ddfb35f914c9223fbea_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Windows\System\sdhBzzi.exe
  C:\Windows\System\sdhBzzi.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\MfkAxnS.exe
  C:\Windows\System\MfkAxnS.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\dipQxFS.exe
  C:\Windows\System\dipQxFS.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\IqAtqfe.exe
  C:\Windows\System\IqAtqfe.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\hDqBvOA.exe
  C:\Windows\System\hDqBvOA.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\LDgCHWF.exe
  C:\Windows\System\LDgCHWF.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\KYmhRKZ.exe
  C:\Windows\System\KYmhRKZ.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\iFaANyM.exe
  C:\Windows\System\iFaANyM.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\wiJlCat.exe
  C:\Windows\System\wiJlCat.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\hzqMKjY.exe
  C:\Windows\System\hzqMKjY.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\wzvukKU.exe
  C:\Windows\System\wzvukKU.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\oyYJtho.exe
  C:\Windows\System\oyYJtho.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\edhnQel.exe
  C:\Windows\System\edhnQel.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\GXLuUrC.exe
  C:\Windows\System\GXLuUrC.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\OnEDBqg.exe
  C:\Windows\System\OnEDBqg.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\XbSkfKE.exe
  C:\Windows\System\XbSkfKE.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\ILpeGRI.exe
  C:\Windows\System\ILpeGRI.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\xnRwvUQ.exe
  C:\Windows\System\xnRwvUQ.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\HnlWmxZ.exe
  C:\Windows\System\HnlWmxZ.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\xvmwuLc.exe
  C:\Windows\System\xvmwuLc.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\qmKVfah.exe
  C:\Windows\System\qmKVfah.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\BIPHrNG.exe
  C:\Windows\System\BIPHrNG.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\aAEnZKo.exe
  C:\Windows\System\aAEnZKo.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\tXfYYXp.exe
  C:\Windows\System\tXfYYXp.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\qGRiRgn.exe
  C:\Windows\System\qGRiRgn.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\qvvqzii.exe
  C:\Windows\System\qvvqzii.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\HRECYEP.exe
  C:\Windows\System\HRECYEP.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\mMbTadw.exe
  C:\Windows\System\mMbTadw.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\PeyFxQl.exe
  C:\Windows\System\PeyFxQl.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\QwbiPrf.exe
  C:\Windows\System\QwbiPrf.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\oKtgdfZ.exe
  C:\Windows\System\oKtgdfZ.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\YqteUBA.exe
  C:\Windows\System\YqteUBA.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\jXHlHKN.exe
  C:\Windows\System\jXHlHKN.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\kyUCvbG.exe
  C:\Windows\System\kyUCvbG.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\eXVcoHH.exe
  C:\Windows\System\eXVcoHH.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\plWIycA.exe
  C:\Windows\System\plWIycA.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\ZqXdyxg.exe
  C:\Windows\System\ZqXdyxg.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\tekFpGl.exe
  C:\Windows\System\tekFpGl.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\lFVpVJL.exe
  C:\Windows\System\lFVpVJL.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\CTOqIAt.exe
  C:\Windows\System\CTOqIAt.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\YLIXKAO.exe
  C:\Windows\System\YLIXKAO.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\KtpJqza.exe
  C:\Windows\System\KtpJqza.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\hsDTaWQ.exe
  C:\Windows\System\hsDTaWQ.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\pKxclGN.exe
  C:\Windows\System\pKxclGN.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\TXixtWZ.exe
  C:\Windows\System\TXixtWZ.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\BlGZLhN.exe
  C:\Windows\System\BlGZLhN.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\LBGmzmF.exe
  C:\Windows\System\LBGmzmF.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\kVngOTI.exe
  C:\Windows\System\kVngOTI.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\JFgnJDr.exe
  C:\Windows\System\JFgnJDr.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\UFVJfpi.exe
  C:\Windows\System\UFVJfpi.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\WsVFBXF.exe
  C:\Windows\System\WsVFBXF.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\RTGdlQa.exe
  C:\Windows\System\RTGdlQa.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\yIIqGrs.exe
  C:\Windows\System\yIIqGrs.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\ELBOXQJ.exe
  C:\Windows\System\ELBOXQJ.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\JZusBUj.exe
  C:\Windows\System\JZusBUj.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\KMWwZST.exe
  C:\Windows\System\KMWwZST.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\AKOPUDU.exe
  C:\Windows\System\AKOPUDU.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\ZXZiajS.exe
  C:\Windows\System\ZXZiajS.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\ifwbgNd.exe
  C:\Windows\System\ifwbgNd.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\peyqRoF.exe
  C:\Windows\System\peyqRoF.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\SPXmRum.exe
  C:\Windows\System\SPXmRum.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\XfOCblQ.exe
  C:\Windows\System\XfOCblQ.exe
  2⤵
  PID:1588
- C:\Windows\System\bEPsEOe.exe
  C:\Windows\System\bEPsEOe.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\fzOryav.exe
  C:\Windows\System\fzOryav.exe
  2⤵
  PID:2792
- C:\Windows\System\vZUIQTI.exe
  C:\Windows\System\vZUIQTI.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\dspJCLr.exe
  C:\Windows\System\dspJCLr.exe
  2⤵
  PID:2744
- C:\Windows\System\rSltVDE.exe
  C:\Windows\System\rSltVDE.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\WdDOwoV.exe
  C:\Windows\System\WdDOwoV.exe
  2⤵
  PID:2372
- C:\Windows\System\xrOgExf.exe
  C:\Windows\System\xrOgExf.exe
  2⤵
  PID:2936
- C:\Windows\System\jaIBfRw.exe
  C:\Windows\System\jaIBfRw.exe
  2⤵
  PID:2632
- C:\Windows\System\TdayolL.exe
  C:\Windows\System\TdayolL.exe
  2⤵
  PID:684
- C:\Windows\System\PJXoWtT.exe
  C:\Windows\System\PJXoWtT.exe
  2⤵
  PID:1772
- C:\Windows\System\cOPcxuU.exe
  C:\Windows\System\cOPcxuU.exe
  2⤵
  PID:304
- C:\Windows\System\sUIrhiU.exe
  C:\Windows\System\sUIrhiU.exe
  2⤵
  PID:2140
- C:\Windows\System\dmZXoPz.exe
  C:\Windows\System\dmZXoPz.exe
  2⤵
  PID:1288
- C:\Windows\System\RRQRupd.exe
  C:\Windows\System\RRQRupd.exe
  2⤵
  PID:1916
- C:\Windows\System\MsnlUXx.exe
  C:\Windows\System\MsnlUXx.exe
  2⤵
  PID:912
- C:\Windows\System\ORpYxEw.exe
  C:\Windows\System\ORpYxEw.exe
  2⤵
  PID:2020
- C:\Windows\System\qaVOQTZ.exe
  C:\Windows\System\qaVOQTZ.exe
  2⤵
  PID:1720
- C:\Windows\System\docCWNB.exe
  C:\Windows\System\docCWNB.exe
  2⤵
  PID:2424
- C:\Windows\System\MMEoJZH.exe
  C:\Windows\System\MMEoJZH.exe
  2⤵
  PID:600
- C:\Windows\System\ocaIyuX.exe
  C:\Windows\System\ocaIyuX.exe
  2⤵
  PID:2688
- C:\Windows\System\gVvHHYq.exe
  C:\Windows\System\gVvHHYq.exe
  2⤵
  PID:1156
- C:\Windows\System\DiDDjlx.exe
  C:\Windows\System\DiDDjlx.exe
  2⤵
  PID:3080
- C:\Windows\System\uiuBKHV.exe
  C:\Windows\System\uiuBKHV.exe
  2⤵
  PID:3180
- C:\Windows\System\KZPxVHG.exe
  C:\Windows\System\KZPxVHG.exe
  2⤵
  PID:3208
- C:\Windows\System\pHtYqmn.exe
  C:\Windows\System\pHtYqmn.exe
  2⤵
  PID:3224
- C:\Windows\System\ELROvnl.exe
  C:\Windows\System\ELROvnl.exe
  2⤵
  PID:3244
- C:\Windows\System\sdNNiEQ.exe
  C:\Windows\System\sdNNiEQ.exe
  2⤵
  PID:3264
- C:\Windows\System\UpyPpQs.exe
  C:\Windows\System\UpyPpQs.exe
  2⤵
  PID:3280
- C:\Windows\System\qEgOeUT.exe
  C:\Windows\System\qEgOeUT.exe
  2⤵
  PID:3296
- C:\Windows\System\eGkodWX.exe
  C:\Windows\System\eGkodWX.exe
  2⤵
  PID:3320
- C:\Windows\System\zhBxzIh.exe
  C:\Windows\System\zhBxzIh.exe
  2⤵
  PID:3340
- C:\Windows\System\OhCQmxf.exe
  C:\Windows\System\OhCQmxf.exe
  2⤵
  PID:3356
- C:\Windows\System\ZalqFjq.exe
  C:\Windows\System\ZalqFjq.exe
  2⤵
  PID:3372
- C:\Windows\System\euydoxV.exe
  C:\Windows\System\euydoxV.exe
  2⤵
  PID:3396
- C:\Windows\System\ifltacK.exe
  C:\Windows\System\ifltacK.exe
  2⤵
  PID:3420
- C:\Windows\System\nFAteJs.exe
  C:\Windows\System\nFAteJs.exe
  2⤵
  PID:3436
- C:\Windows\System\QUxunRh.exe
  C:\Windows\System\QUxunRh.exe
  2⤵
  PID:3452
- C:\Windows\System\MlcPdbp.exe
  C:\Windows\System\MlcPdbp.exe
  2⤵
  PID:3468
- C:\Windows\System\oqtcvmG.exe
  C:\Windows\System\oqtcvmG.exe
  2⤵
  PID:3492
- C:\Windows\System\NubByCv.exe
  C:\Windows\System\NubByCv.exe
  2⤵
  PID:3512
- C:\Windows\System\QVZNHAV.exe
  C:\Windows\System\QVZNHAV.exe
  2⤵
  PID:3548
- C:\Windows\System\zwysoNP.exe
  C:\Windows\System\zwysoNP.exe
  2⤵
  PID:3568
- C:\Windows\System\KeyMgTH.exe
  C:\Windows\System\KeyMgTH.exe
  2⤵
  PID:3588
- C:\Windows\System\oCUrhzc.exe
  C:\Windows\System\oCUrhzc.exe
  2⤵
  PID:3608
- C:\Windows\System\sKXoOQB.exe
  C:\Windows\System\sKXoOQB.exe
  2⤵
  PID:3624
- C:\Windows\System\cMpzNaz.exe
  C:\Windows\System\cMpzNaz.exe
  2⤵
  PID:3644
- C:\Windows\System\qnwGnKd.exe
  C:\Windows\System\qnwGnKd.exe
  2⤵
  PID:3664
- C:\Windows\System\AvUWjOt.exe
  C:\Windows\System\AvUWjOt.exe
  2⤵
  PID:3688
- C:\Windows\System\fhxSvwZ.exe
  C:\Windows\System\fhxSvwZ.exe
  2⤵
  PID:3704
- C:\Windows\System\dSCqkGz.exe
  C:\Windows\System\dSCqkGz.exe
  2⤵
  PID:3728
- C:\Windows\System\seBmIEN.exe
  C:\Windows\System\seBmIEN.exe
  2⤵
  PID:3744
- C:\Windows\System\UEGmEaN.exe
  C:\Windows\System\UEGmEaN.exe
  2⤵
  PID:3764
- C:\Windows\System\IWbzvVS.exe
  C:\Windows\System\IWbzvVS.exe
  2⤵
  PID:3784
- C:\Windows\System\WzmtYkK.exe
  C:\Windows\System\WzmtYkK.exe
  2⤵
  PID:3800
- C:\Windows\System\BDNCYtm.exe
  C:\Windows\System\BDNCYtm.exe
  2⤵
  PID:3820
- C:\Windows\System\RUruuzc.exe
  C:\Windows\System\RUruuzc.exe
  2⤵
  PID:3844
- C:\Windows\System\mbnhRoA.exe
  C:\Windows\System\mbnhRoA.exe
  2⤵
  PID:3868
- C:\Windows\System\ChTITeH.exe
  C:\Windows\System\ChTITeH.exe
  2⤵
  PID:3884
- C:\Windows\System\gPZtAvD.exe
  C:\Windows\System\gPZtAvD.exe
  2⤵
  PID:3908
- C:\Windows\System\ScqLgWi.exe
  C:\Windows\System\ScqLgWi.exe
  2⤵
  PID:3928
- C:\Windows\System\MShDXiT.exe
  C:\Windows\System\MShDXiT.exe
  2⤵
  PID:3944
- C:\Windows\System\bCXurAx.exe
  C:\Windows\System\bCXurAx.exe
  2⤵
  PID:3960
- C:\Windows\System\CrpocwH.exe
  C:\Windows\System\CrpocwH.exe
  2⤵
  PID:3984
- C:\Windows\System\LSFzNGV.exe
  C:\Windows\System\LSFzNGV.exe
  2⤵
  PID:4000
- C:\Windows\System\IlLjtMu.exe
  C:\Windows\System\IlLjtMu.exe
  2⤵
  PID:4016
- C:\Windows\System\MepbiXX.exe
  C:\Windows\System\MepbiXX.exe
  2⤵
  PID:4032
- C:\Windows\System\BuAtTPE.exe
  C:\Windows\System\BuAtTPE.exe
  2⤵
  PID:4056
- C:\Windows\System\tZQDrdF.exe
  C:\Windows\System\tZQDrdF.exe
  2⤵
  PID:4072
- C:\Windows\System\OIEVJYm.exe
  C:\Windows\System\OIEVJYm.exe
  2⤵
  PID:2996
- C:\Windows\System\xJbycUW.exe
  C:\Windows\System\xJbycUW.exe
  2⤵
  PID:1000
- C:\Windows\System\KvlHCSD.exe
  C:\Windows\System\KvlHCSD.exe
  2⤵
  PID:1020
- C:\Windows\System\jeZeVKd.exe
  C:\Windows\System\jeZeVKd.exe
  2⤵
  PID:1500
- C:\Windows\System\gzfNpXn.exe
  C:\Windows\System\gzfNpXn.exe
  2⤵
  PID:1864
- C:\Windows\System\SEXEQkS.exe
  C:\Windows\System\SEXEQkS.exe
  2⤵
  PID:2444
- C:\Windows\System\YHtAJtO.exe
  C:\Windows\System\YHtAJtO.exe
  2⤵
  PID:1712
- C:\Windows\System\xgUNHWp.exe
  C:\Windows\System\xgUNHWp.exe
  2⤵
  PID:2512
- C:\Windows\System\zQWsTqK.exe
  C:\Windows\System\zQWsTqK.exe
  2⤵
  PID:2704
- C:\Windows\System\KtwDYAB.exe
  C:\Windows\System\KtwDYAB.exe
  2⤵
  PID:2060
- C:\Windows\System\IaMjfOp.exe
  C:\Windows\System\IaMjfOp.exe
  2⤵
  PID:1756
- C:\Windows\System\edLDbkO.exe
  C:\Windows\System\edLDbkO.exe
  2⤵
  PID:2596
- C:\Windows\System\yjmjcbg.exe
  C:\Windows\System\yjmjcbg.exe
  2⤵
  PID:2376
- C:\Windows\System\JsAkBBH.exe
  C:\Windows\System\JsAkBBH.exe
  2⤵
  PID:2536
- C:\Windows\System\vzARKIc.exe
  C:\Windows\System\vzARKIc.exe
  2⤵
  PID:2380
- C:\Windows\System\pVuIBGZ.exe
  C:\Windows\System\pVuIBGZ.exe
  2⤵
  PID:2420
- C:\Windows\System\zVgDHJE.exe
  C:\Windows\System\zVgDHJE.exe
  2⤵
  PID:1852
- C:\Windows\System\Aiesevh.exe
  C:\Windows\System\Aiesevh.exe
  2⤵
  PID:2616
- C:\Windows\System\oQdaclZ.exe
  C:\Windows\System\oQdaclZ.exe
  2⤵
  PID:588
- C:\Windows\System\eOgGNEb.exe
  C:\Windows\System\eOgGNEb.exe
  2⤵
  PID:3088
- C:\Windows\System\kIashVN.exe
  C:\Windows\System\kIashVN.exe
  2⤵
  PID:3140
- C:\Windows\System\oCRcDhF.exe
  C:\Windows\System\oCRcDhF.exe
  2⤵
  PID:3164
- C:\Windows\System\OAwXxEk.exe
  C:\Windows\System\OAwXxEk.exe
  2⤵
  PID:3196
- C:\Windows\System\UycAKMk.exe
  C:\Windows\System\UycAKMk.exe
  2⤵
  PID:3236
- C:\Windows\System\jbnCheB.exe
  C:\Windows\System\jbnCheB.exe
  2⤵
  PID:3312
- C:\Windows\System\AciLXOE.exe
  C:\Windows\System\AciLXOE.exe
  2⤵
  PID:3252
- C:\Windows\System\UuuGoou.exe
  C:\Windows\System\UuuGoou.exe
  2⤵
  PID:3384
- C:\Windows\System\sGyQjVO.exe
  C:\Windows\System\sGyQjVO.exe
  2⤵
  PID:3288
- C:\Windows\System\uULPOLi.exe
  C:\Windows\System\uULPOLi.exe
  2⤵
  PID:3332
- C:\Windows\System\uNyQYWn.exe
  C:\Windows\System\uNyQYWn.exe
  2⤵
  PID:3408
- C:\Windows\System\wFnLOVa.exe
  C:\Windows\System\wFnLOVa.exe
  2⤵
  PID:3448
- C:\Windows\System\ncrplBG.exe
  C:\Windows\System\ncrplBG.exe
  2⤵
  PID:3368
- C:\Windows\System\cArBVgM.exe
  C:\Windows\System\cArBVgM.exe
  2⤵
  PID:3532
- C:\Windows\System\eWWrOQu.exe
  C:\Windows\System\eWWrOQu.exe
  2⤵
  PID:3604
- C:\Windows\System\UqVvYXI.exe
  C:\Windows\System\UqVvYXI.exe
  2⤵
  PID:3536
- C:\Windows\System\RPiHJVn.exe
  C:\Windows\System\RPiHJVn.exe
  2⤵
  PID:3676
- C:\Windows\System\yhyzCNH.exe
  C:\Windows\System\yhyzCNH.exe
  2⤵
  PID:3752
- C:\Windows\System\rVtSTvH.exe
  C:\Windows\System\rVtSTvH.exe
  2⤵
  PID:3828
- C:\Windows\System\jiVcAqO.exe
  C:\Windows\System\jiVcAqO.exe
  2⤵
  PID:3576
- C:\Windows\System\wGJBroA.exe
  C:\Windows\System\wGJBroA.exe
  2⤵
  PID:3880
- C:\Windows\System\hjRxRLK.exe
  C:\Windows\System\hjRxRLK.exe
  2⤵
  PID:3996
- C:\Windows\System\XWJprFR.exe
  C:\Windows\System\XWJprFR.exe
  2⤵
  PID:4068
- C:\Windows\System\WDMOMPZ.exe
  C:\Windows\System\WDMOMPZ.exe
  2⤵
  PID:940
- C:\Windows\System\NdjYIZX.exe
  C:\Windows\System\NdjYIZX.exe
  2⤵
  PID:3616
- C:\Windows\System\HekEwug.exe
  C:\Windows\System\HekEwug.exe
  2⤵
  PID:3652
- C:\Windows\System\PifwfCk.exe
  C:\Windows\System\PifwfCk.exe
  2⤵
  PID:3776
- C:\Windows\System\MtsAxBl.exe
  C:\Windows\System\MtsAxBl.exe
  2⤵
  PID:3808
- C:\Windows\System\qapYRUQ.exe
  C:\Windows\System\qapYRUQ.exe
  2⤵
  PID:3856
- C:\Windows\System\wscKhso.exe
  C:\Windows\System\wscKhso.exe
  2⤵
  PID:3900
- C:\Windows\System\EzerYDS.exe
  C:\Windows\System\EzerYDS.exe
  2⤵
  PID:3968
- C:\Windows\System\SlSbqjJ.exe
  C:\Windows\System\SlSbqjJ.exe
  2⤵
  PID:1120
- C:\Windows\System\SqmLyCl.exe
  C:\Windows\System\SqmLyCl.exe
  2⤵
  PID:2172
- C:\Windows\System\XuxLTmT.exe
  C:\Windows\System\XuxLTmT.exe
  2⤵
  PID:1584
- C:\Windows\System\DizQASH.exe
  C:\Windows\System\DizQASH.exe
  2⤵
  PID:2188
- C:\Windows\System\DFBNSuz.exe
  C:\Windows\System\DFBNSuz.exe
  2⤵
  PID:2356
- C:\Windows\System\AlNxpqg.exe
  C:\Windows\System\AlNxpqg.exe
  2⤵
  PID:760
- C:\Windows\System\HwGPxEb.exe
  C:\Windows\System\HwGPxEb.exe
  2⤵
  PID:4040
- C:\Windows\System\rfBIPME.exe
  C:\Windows\System\rfBIPME.exe
  2⤵
  PID:2464
- C:\Windows\System\gGJHvzI.exe
  C:\Windows\System\gGJHvzI.exe
  2⤵
  PID:1320
- C:\Windows\System\HClDYSl.exe
  C:\Windows\System\HClDYSl.exe
  2⤵
  PID:3056
- C:\Windows\System\prWQYpR.exe
  C:\Windows\System\prWQYpR.exe
  2⤵
  PID:2788
- C:\Windows\System\LRKKVJH.exe
  C:\Windows\System\LRKKVJH.exe
  2⤵
  PID:2812
- C:\Windows\System\rkNkERw.exe
  C:\Windows\System\rkNkERw.exe
  2⤵
  PID:3156
- C:\Windows\System\uJGBXfj.exe
  C:\Windows\System\uJGBXfj.exe
  2⤵
  PID:3308
- C:\Windows\System\XulGtlJ.exe
  C:\Windows\System\XulGtlJ.exe
  2⤵
  PID:3464
- C:\Windows\System\jPUjljW.exe
  C:\Windows\System\jPUjljW.exe
  2⤵
  PID:3276
- C:\Windows\System\taTfPsU.exe
  C:\Windows\System\taTfPsU.exe
  2⤵
  PID:3484
- C:\Windows\System\WAWaFfl.exe
  C:\Windows\System\WAWaFfl.exe
  2⤵
  PID:3336
- C:\Windows\System\UnQLfdu.exe
  C:\Windows\System\UnQLfdu.exe
  2⤵
  PID:3416
- C:\Windows\System\iztwRpS.exe
  C:\Windows\System\iztwRpS.exe
  2⤵
  PID:3524
- C:\Windows\System\HaBPTTi.exe
  C:\Windows\System\HaBPTTi.exe
  2⤵
  PID:3680
- C:\Windows\System\IsDAxjz.exe
  C:\Windows\System\IsDAxjz.exe
  2⤵
  PID:3792
- C:\Windows\System\vkKxudp.exe
  C:\Windows\System\vkKxudp.exe
  2⤵
  PID:3720
- C:\Windows\System\jPVfVTb.exe
  C:\Windows\System\jPVfVTb.exe
  2⤵
  PID:3924
- C:\Windows\System\lrnmWdV.exe
  C:\Windows\System\lrnmWdV.exe
  2⤵
  PID:3952
- C:\Windows\System\uWuBnDl.exe
  C:\Windows\System\uWuBnDl.exe
  2⤵
  PID:1844
- C:\Windows\System\iwICCVS.exe
  C:\Windows\System\iwICCVS.exe
  2⤵
  PID:3736
- C:\Windows\System\GgvDDeB.exe
  C:\Windows\System\GgvDDeB.exe
  2⤵
  PID:3696
- C:\Windows\System\KWMEYaA.exe
  C:\Windows\System\KWMEYaA.exe
  2⤵
  PID:3772
- C:\Windows\System\QIVLPWp.exe
  C:\Windows\System\QIVLPWp.exe
  2⤵
  PID:3976
- C:\Windows\System\LhsweWq.exe
  C:\Windows\System\LhsweWq.exe
  2⤵
  PID:2076
- C:\Windows\System\NmVPjEA.exe
  C:\Windows\System\NmVPjEA.exe
  2⤵
  PID:1776
- C:\Windows\System\QuvCewC.exe
  C:\Windows\System\QuvCewC.exe
  2⤵
  PID:4084
- C:\Windows\System\HNStqdc.exe
  C:\Windows\System\HNStqdc.exe
  2⤵
  PID:1432
- C:\Windows\System\yJAaCvG.exe
  C:\Windows\System\yJAaCvG.exe
  2⤵
  PID:3048
- C:\Windows\System\CcseFkS.exe
  C:\Windows\System\CcseFkS.exe
  2⤵
  PID:3240
- C:\Windows\System\nNZCKLK.exe
  C:\Windows\System\nNZCKLK.exe
  2⤵
  PID:4088
- C:\Windows\System\BCtizMr.exe
  C:\Windows\System\BCtizMr.exe
  2⤵
  PID:3172
- C:\Windows\System\VdtnDxC.exe
  C:\Windows\System\VdtnDxC.exe
  2⤵
  PID:3388
- C:\Windows\System\fMgYpVQ.exe
  C:\Windows\System\fMgYpVQ.exe
  2⤵
  PID:3480
- C:\Windows\System\GHyOFCQ.exe
  C:\Windows\System\GHyOFCQ.exe
  2⤵
  PID:3508
- C:\Windows\System\lBjuNRs.exe
  C:\Windows\System\lBjuNRs.exe
  2⤵
  PID:3596
- C:\Windows\System\rvZpCFN.exe
  C:\Windows\System\rvZpCFN.exe
  2⤵
  PID:3796
- C:\Windows\System\IHRAbQq.exe
  C:\Windows\System\IHRAbQq.exe
  2⤵
  PID:2000
- C:\Windows\System\OHicDJt.exe
  C:\Windows\System\OHicDJt.exe
  2⤵
  PID:3816
- C:\Windows\System\JRAdLCg.exe
  C:\Windows\System\JRAdLCg.exe
  2⤵
  PID:4112
- C:\Windows\System\ifjASLX.exe
  C:\Windows\System\ifjASLX.exe
  2⤵
  PID:4136
- C:\Windows\System\gQtFsxV.exe
  C:\Windows\System\gQtFsxV.exe
  2⤵
  PID:4160
- C:\Windows\System\iEAWliz.exe
  C:\Windows\System\iEAWliz.exe
  2⤵
  PID:4184
- C:\Windows\System\YhKnlzO.exe
  C:\Windows\System\YhKnlzO.exe
  2⤵
  PID:4200
- C:\Windows\System\VvPAEOT.exe
  C:\Windows\System\VvPAEOT.exe
  2⤵
  PID:4220
- C:\Windows\System\wFrIeiT.exe
  C:\Windows\System\wFrIeiT.exe
  2⤵
  PID:4244
- C:\Windows\System\xPwWAbX.exe
  C:\Windows\System\xPwWAbX.exe
  2⤵
  PID:4260
- C:\Windows\System\hlKEBdc.exe
  C:\Windows\System\hlKEBdc.exe
  2⤵
  PID:4276
- C:\Windows\System\QEKenTM.exe
  C:\Windows\System\QEKenTM.exe
  2⤵
  PID:4292
- C:\Windows\System\CePgijw.exe
  C:\Windows\System\CePgijw.exe
  2⤵
  PID:4316
- C:\Windows\System\kqurFZO.exe
  C:\Windows\System\kqurFZO.exe
  2⤵
  PID:4344
- C:\Windows\System\nMSdPsU.exe
  C:\Windows\System\nMSdPsU.exe
  2⤵
  PID:4360
- C:\Windows\System\PclMWql.exe
  C:\Windows\System\PclMWql.exe
  2⤵
  PID:4376
- C:\Windows\System\ftYPlkg.exe
  C:\Windows\System\ftYPlkg.exe
  2⤵
  PID:4400
- C:\Windows\System\bRfwcFg.exe
  C:\Windows\System\bRfwcFg.exe
  2⤵
  PID:4416
- C:\Windows\System\JDrCJYA.exe
  C:\Windows\System\JDrCJYA.exe
  2⤵
  PID:4444
- C:\Windows\System\FqThrMu.exe
  C:\Windows\System\FqThrMu.exe
  2⤵
  PID:4464
- C:\Windows\System\YokXpic.exe
  C:\Windows\System\YokXpic.exe
  2⤵
  PID:4492
- C:\Windows\System\wbYLAPM.exe
  C:\Windows\System\wbYLAPM.exe
  2⤵
  PID:4508
- C:\Windows\System\uSmvUYp.exe
  C:\Windows\System\uSmvUYp.exe
  2⤵
  PID:4524
- C:\Windows\System\zaokXYR.exe
  C:\Windows\System\zaokXYR.exe
  2⤵
  PID:4544
- C:\Windows\System\dqVtgzg.exe
  C:\Windows\System\dqVtgzg.exe
  2⤵
  PID:4568
- C:\Windows\System\mIiEtpj.exe
  C:\Windows\System\mIiEtpj.exe
  2⤵
  PID:4588
- C:\Windows\System\IRLaCjG.exe
  C:\Windows\System\IRLaCjG.exe
  2⤵
  PID:4604
- C:\Windows\System\cBAYWUn.exe
  C:\Windows\System\cBAYWUn.exe
  2⤵
  PID:4624
- C:\Windows\System\sCzAJud.exe
  C:\Windows\System\sCzAJud.exe
  2⤵
  PID:4640
- C:\Windows\System\fFZJacS.exe
  C:\Windows\System\fFZJacS.exe
  2⤵
  PID:4656
- C:\Windows\System\ywqUiaI.exe
  C:\Windows\System\ywqUiaI.exe
  2⤵
  PID:4680
- C:\Windows\System\BzzUAFf.exe
  C:\Windows\System\BzzUAFf.exe
  2⤵
  PID:4696
- C:\Windows\System\wjaOEIU.exe
  C:\Windows\System\wjaOEIU.exe
  2⤵
  PID:4716
- C:\Windows\System\lrKGKjV.exe
  C:\Windows\System\lrKGKjV.exe
  2⤵
  PID:4736
- C:\Windows\System\hcOmrjO.exe
  C:\Windows\System\hcOmrjO.exe
  2⤵
  PID:4752
- C:\Windows\System\FTpHsHV.exe
  C:\Windows\System\FTpHsHV.exe
  2⤵
  PID:4768
- C:\Windows\System\kSdeweY.exe
  C:\Windows\System\kSdeweY.exe
  2⤵
  PID:4784
- C:\Windows\System\uIsGrfV.exe
  C:\Windows\System\uIsGrfV.exe
  2⤵
  PID:4800
- C:\Windows\System\JaQDSKz.exe
  C:\Windows\System\JaQDSKz.exe
  2⤵
  PID:4820
- C:\Windows\System\YzVezxP.exe
  C:\Windows\System\YzVezxP.exe
  2⤵
  PID:4844
- C:\Windows\System\koaslqu.exe
  C:\Windows\System\koaslqu.exe
  2⤵
  PID:4868
- C:\Windows\System\WFUoHgh.exe
  C:\Windows\System\WFUoHgh.exe
  2⤵
  PID:4884
- C:\Windows\System\YeRSTiB.exe
  C:\Windows\System\YeRSTiB.exe
  2⤵
  PID:4928
- C:\Windows\System\MRpPpie.exe
  C:\Windows\System\MRpPpie.exe
  2⤵
  PID:4952
- C:\Windows\System\zxHiXgY.exe
  C:\Windows\System\zxHiXgY.exe
  2⤵
  PID:4972
- C:\Windows\System\gnNERJq.exe
  C:\Windows\System\gnNERJq.exe
  2⤵
  PID:4988
- C:\Windows\System\BUiBdBU.exe
  C:\Windows\System\BUiBdBU.exe
  2⤵
  PID:5008
- C:\Windows\System\ZPqLZva.exe
  C:\Windows\System\ZPqLZva.exe
  2⤵
  PID:5028
- C:\Windows\System\xyphtMt.exe
  C:\Windows\System\xyphtMt.exe
  2⤵
  PID:5044
- C:\Windows\System\haKZzAO.exe
  C:\Windows\System\haKZzAO.exe
  2⤵
  PID:5064
- C:\Windows\System\wvCPRYJ.exe
  C:\Windows\System\wvCPRYJ.exe
  2⤵
  PID:5092
- C:\Windows\System\NPfJeJU.exe
  C:\Windows\System\NPfJeJU.exe
  2⤵
  PID:5112
- C:\Windows\System\Fokouwh.exe
  C:\Windows\System\Fokouwh.exe
  2⤵
  PID:3716
- C:\Windows\System\xfzmLkP.exe
  C:\Windows\System\xfzmLkP.exe
  2⤵
  PID:2832
- C:\Windows\System\XNAycgj.exe
  C:\Windows\System\XNAycgj.exe
  2⤵
  PID:2896
- C:\Windows\System\wczOJAl.exe
  C:\Windows\System\wczOJAl.exe
  2⤵
  PID:1728
- C:\Windows\System\FmaUYoT.exe
  C:\Windows\System\FmaUYoT.exe
  2⤵
  PID:1564
- C:\Windows\System\cDWHQpG.exe
  C:\Windows\System\cDWHQpG.exe
  2⤵
  PID:2580
- C:\Windows\System\ziYjUCA.exe
  C:\Windows\System\ziYjUCA.exe
  2⤵
  PID:4080
- C:\Windows\System\hJZfclJ.exe
  C:\Windows\System\hJZfclJ.exe
  2⤵
  PID:3152
- C:\Windows\System\NtzDKzb.exe
  C:\Windows\System\NtzDKzb.exe
  2⤵
  PID:3352
- C:\Windows\System\yDJzSpr.exe
  C:\Windows\System\yDJzSpr.exe
  2⤵
  PID:3832
- C:\Windows\System\eqcjpEQ.exe
  C:\Windows\System\eqcjpEQ.exe
  2⤵
  PID:4152
- C:\Windows\System\vnExWfC.exe
  C:\Windows\System\vnExWfC.exe
  2⤵
  PID:3488
- C:\Windows\System\ndSDmTd.exe
  C:\Windows\System\ndSDmTd.exe
  2⤵
  PID:4120
- C:\Windows\System\QbRqCUG.exe
  C:\Windows\System\QbRqCUG.exe
  2⤵
  PID:1868
- C:\Windows\System\xFQhJon.exe
  C:\Windows\System\xFQhJon.exe
  2⤵
  PID:4232
- C:\Windows\System\ZmeTfwP.exe
  C:\Windows\System\ZmeTfwP.exe
  2⤵
  PID:4300
- C:\Windows\System\JsZaQVL.exe
  C:\Windows\System\JsZaQVL.exe
  2⤵
  PID:4176
- C:\Windows\System\quGKVpn.exe
  C:\Windows\System\quGKVpn.exe
  2⤵
  PID:4356
- C:\Windows\System\fAGuDUU.exe
  C:\Windows\System\fAGuDUU.exe
  2⤵
  PID:4436
- C:\Windows\System\zCBGeGa.exe
  C:\Windows\System\zCBGeGa.exe
  2⤵
  PID:4476
- C:\Windows\System\jsbrQmD.exe
  C:\Windows\System\jsbrQmD.exe
  2⤵
  PID:4288
- C:\Windows\System\JJROnQw.exe
  C:\Windows\System\JJROnQw.exe
  2⤵
  PID:4332
- C:\Windows\System\kzpuLQs.exe
  C:\Windows\System\kzpuLQs.exe
  2⤵
  PID:4412
- C:\Windows\System\ELebylz.exe
  C:\Windows\System\ELebylz.exe
  2⤵
  PID:4564
- C:\Windows\System\cAtiPAT.exe
  C:\Windows\System\cAtiPAT.exe
  2⤵
  PID:4632
- C:\Windows\System\UjgjGAH.exe
  C:\Windows\System\UjgjGAH.exe
  2⤵
  PID:4668
- C:\Windows\System\MwCIkKs.exe
  C:\Windows\System\MwCIkKs.exe
  2⤵
  PID:4452
- C:\Windows\System\ykZiLqh.exe
  C:\Windows\System\ykZiLqh.exe
  2⤵
  PID:4504
- C:\Windows\System\JHrCObW.exe
  C:\Windows\System\JHrCObW.exe
  2⤵
  PID:4580
- C:\Windows\System\lSGiZrO.exe
  C:\Windows\System\lSGiZrO.exe
  2⤵
  PID:4808
- C:\Windows\System\yUXIQEQ.exe
  C:\Windows\System\yUXIQEQ.exe
  2⤵
  PID:4864
- C:\Windows\System\AapBsFp.exe
  C:\Windows\System\AapBsFp.exe
  2⤵
  PID:4760
- C:\Windows\System\VjhthEQ.exe
  C:\Windows\System\VjhthEQ.exe
  2⤵
  PID:4832
- C:\Windows\System\UnmPRUo.exe
  C:\Windows\System\UnmPRUo.exe
  2⤵
  PID:4900
- C:\Windows\System\VObVLFH.exe
  C:\Windows\System\VObVLFH.exe
  2⤵
  PID:4916
- C:\Windows\System\fDHjIMZ.exe
  C:\Windows\System\fDHjIMZ.exe
  2⤵
  PID:4692
- C:\Windows\System\CVexpWC.exe
  C:\Windows\System\CVexpWC.exe
  2⤵
  PID:4924
- C:\Windows\System\dZzkmus.exe
  C:\Windows\System\dZzkmus.exe
  2⤵
  PID:4964
- C:\Windows\System\yQokeNh.exe
  C:\Windows\System\yQokeNh.exe
  2⤵
  PID:5000
- C:\Windows\System\jVmUsYc.exe
  C:\Windows\System\jVmUsYc.exe
  2⤵
  PID:5036
- C:\Windows\System\spyOgQp.exe
  C:\Windows\System\spyOgQp.exe
  2⤵
  PID:5056
- C:\Windows\System\kCTgdlR.exe
  C:\Windows\System\kCTgdlR.exe
  2⤵
  PID:5084
- C:\Windows\System\hHbLpVy.exe
  C:\Windows\System\hHbLpVy.exe
  2⤵
  PID:5104
- C:\Windows\System\drIuKgQ.exe
  C:\Windows\System\drIuKgQ.exe
  2⤵
  PID:2240
- C:\Windows\System\eQdFzYi.exe
  C:\Windows\System\eQdFzYi.exe
  2⤵
  PID:3864
- C:\Windows\System\vTbhefi.exe
  C:\Windows\System\vTbhefi.exe
  2⤵
  PID:1724
- C:\Windows\System\OCSMzTF.exe
  C:\Windows\System\OCSMzTF.exe
  2⤵
  PID:4048
- C:\Windows\System\qHzwPrF.exe
  C:\Windows\System\qHzwPrF.exe
  2⤵
  PID:852
- C:\Windows\System\qiHQlrF.exe
  C:\Windows\System\qiHQlrF.exe
  2⤵
  PID:4148
- C:\Windows\System\BZPdzTD.exe
  C:\Windows\System\BZPdzTD.exe
  2⤵
  PID:3740
- C:\Windows\System\ImzrFJx.exe
  C:\Windows\System\ImzrFJx.exe
  2⤵
  PID:4312
- C:\Windows\System\IYEARlv.exe
  C:\Windows\System\IYEARlv.exe
  2⤵
  PID:4388
- C:\Windows\System\wpadNFn.exe
  C:\Windows\System\wpadNFn.exe
  2⤵
  PID:4484
- C:\Windows\System\NetXIUn.exe
  C:\Windows\System\NetXIUn.exe
  2⤵
  PID:4596
- C:\Windows\System\GYdVYhE.exe
  C:\Windows\System\GYdVYhE.exe
  2⤵
  PID:4216
- C:\Windows\System\AguQzcz.exe
  C:\Windows\System\AguQzcz.exe
  2⤵
  PID:4284
- C:\Windows\System\LVprydk.exe
  C:\Windows\System\LVprydk.exe
  2⤵
  PID:4472
- C:\Windows\System\kGCrTDw.exe
  C:\Windows\System\kGCrTDw.exe
  2⤵
  PID:2784
- C:\Windows\System\kbfXcfp.exe
  C:\Windows\System\kbfXcfp.exe
  2⤵
  PID:2128
- C:\Windows\System\wLamuhN.exe
  C:\Windows\System\wLamuhN.exe
  2⤵
  PID:4676
- C:\Windows\System\iglUWXA.exe
  C:\Windows\System\iglUWXA.exe
  2⤵
  PID:4460
- C:\Windows\System\PwQUBwg.exe
  C:\Windows\System\PwQUBwg.exe
  2⤵
  PID:4828
- C:\Windows\System\qNOXvLi.exe
  C:\Windows\System\qNOXvLi.exe
  2⤵
  PID:4652
- C:\Windows\System\phkXFlo.exe
  C:\Windows\System\phkXFlo.exe
  2⤵
  PID:2828
- C:\Windows\System\yYEzKYB.exe
  C:\Windows\System\yYEzKYB.exe
  2⤵
  PID:4836
- C:\Windows\System\QHFTAmS.exe
  C:\Windows\System\QHFTAmS.exe
  2⤵
  PID:5020
- C:\Windows\System\GmbFhLx.exe
  C:\Windows\System\GmbFhLx.exe
  2⤵
  PID:5024
- C:\Windows\System\CHPEpIf.exe
  C:\Windows\System\CHPEpIf.exe
  2⤵
  PID:2768
- C:\Windows\System\yCOXqRZ.exe
  C:\Windows\System\yCOXqRZ.exe
  2⤵
  PID:4936
- C:\Windows\System\FCLfMGV.exe
  C:\Windows\System\FCLfMGV.exe
  2⤵
  PID:4104
- C:\Windows\System\EIONANd.exe
  C:\Windows\System\EIONANd.exe
  2⤵
  PID:4196
- C:\Windows\System\nFHndqE.exe
  C:\Windows\System\nFHndqE.exe
  2⤵
  PID:4980
- C:\Windows\System\HbeYoZM.exe
  C:\Windows\System\HbeYoZM.exe
  2⤵
  PID:2668
- C:\Windows\System\seaoCkm.exe
  C:\Windows\System\seaoCkm.exe
  2⤵
  PID:1244
- C:\Windows\System\HjZZPLX.exe
  C:\Windows\System\HjZZPLX.exe
  2⤵
  PID:4272
- C:\Windows\System\jwjYNUy.exe
  C:\Windows\System\jwjYNUy.exe
  2⤵
  PID:3780
- C:\Windows\System\cdqjoIN.exe
  C:\Windows\System\cdqjoIN.exe
  2⤵
  PID:4556
- C:\Windows\System\dIprLye.exe
  C:\Windows\System\dIprLye.exe
  2⤵
  PID:4132
- C:\Windows\System\KtnVSAD.exe
  C:\Windows\System\KtnVSAD.exe
  2⤵
  PID:4212
- C:\Windows\System\WfQjomP.exe
  C:\Windows\System\WfQjomP.exe
  2⤵
  PID:4672
- C:\Windows\System\SIhJucT.exe
  C:\Windows\System\SIhJucT.exe
  2⤵
  PID:4540
- C:\Windows\System\nSWxVOH.exe
  C:\Windows\System\nSWxVOH.exe
  2⤵
  PID:5124
- C:\Windows\System\hQjmTZN.exe
  C:\Windows\System\hQjmTZN.exe
  2⤵
  PID:5148
- C:\Windows\System\EeYXDBb.exe
  C:\Windows\System\EeYXDBb.exe
  2⤵
  PID:5168
- C:\Windows\System\wyWJOsB.exe
  C:\Windows\System\wyWJOsB.exe
  2⤵
  PID:5188
- C:\Windows\System\aAhsTED.exe
  C:\Windows\System\aAhsTED.exe
  2⤵
  PID:5208
- C:\Windows\System\RJyVkRJ.exe
  C:\Windows\System\RJyVkRJ.exe
  2⤵
  PID:5228
- C:\Windows\System\eigVsLy.exe
  C:\Windows\System\eigVsLy.exe
  2⤵
  PID:5248
- C:\Windows\System\lGbNtkw.exe
  C:\Windows\System\lGbNtkw.exe
  2⤵
  PID:5272
- C:\Windows\System\lkQoKgJ.exe
  C:\Windows\System\lkQoKgJ.exe
  2⤵
  PID:5296
- C:\Windows\System\IiPFyrD.exe
  C:\Windows\System\IiPFyrD.exe
  2⤵
  PID:5316
- C:\Windows\System\ggTGtkY.exe
  C:\Windows\System\ggTGtkY.exe
  2⤵
  PID:5336
- C:\Windows\System\QVYYsuM.exe
  C:\Windows\System\QVYYsuM.exe
  2⤵
  PID:5356
- C:\Windows\System\bIuGzRz.exe
  C:\Windows\System\bIuGzRz.exe
  2⤵
  PID:5372
- C:\Windows\System\NvCOQBN.exe
  C:\Windows\System\NvCOQBN.exe
  2⤵
  PID:5396
- C:\Windows\System\AFdIQbk.exe
  C:\Windows\System\AFdIQbk.exe
  2⤵
  PID:5412
- C:\Windows\System\sDMxyEb.exe
  C:\Windows\System\sDMxyEb.exe
  2⤵
  PID:5436
- C:\Windows\System\iyyQOqY.exe
  C:\Windows\System\iyyQOqY.exe
  2⤵
  PID:5456
- C:\Windows\System\dDwNsVk.exe
  C:\Windows\System\dDwNsVk.exe
  2⤵
  PID:5472
- C:\Windows\System\ylbtrIN.exe
  C:\Windows\System\ylbtrIN.exe
  2⤵
  PID:5492
- C:\Windows\System\bKWehqd.exe
  C:\Windows\System\bKWehqd.exe
  2⤵
  PID:5516
- C:\Windows\System\TeVXlbZ.exe
  C:\Windows\System\TeVXlbZ.exe
  2⤵
  PID:5532
- C:\Windows\System\hOHqyBY.exe
  C:\Windows\System\hOHqyBY.exe
  2⤵
  PID:5552
- C:\Windows\System\MVaxtOR.exe
  C:\Windows\System\MVaxtOR.exe
  2⤵
  PID:5568
- C:\Windows\System\HCCutZI.exe
  C:\Windows\System\HCCutZI.exe
  2⤵
  PID:5584
- C:\Windows\System\bDXrDzU.exe
  C:\Windows\System\bDXrDzU.exe
  2⤵
  PID:5600
- C:\Windows\System\YqpRBem.exe
  C:\Windows\System\YqpRBem.exe
  2⤵
  PID:5620
- C:\Windows\System\VdpJBzH.exe
  C:\Windows\System\VdpJBzH.exe
  2⤵
  PID:5640
- C:\Windows\System\aUGplFE.exe
  C:\Windows\System\aUGplFE.exe
  2⤵
  PID:5668
- C:\Windows\System\spyPQXR.exe
  C:\Windows\System\spyPQXR.exe
  2⤵
  PID:5684
- C:\Windows\System\gDTyiFd.exe
  C:\Windows\System\gDTyiFd.exe
  2⤵
  PID:5704
- C:\Windows\System\zyAeOzh.exe
  C:\Windows\System\zyAeOzh.exe
  2⤵
  PID:5724
- C:\Windows\System\iLacPMR.exe
  C:\Windows\System\iLacPMR.exe
  2⤵
  PID:5744
- C:\Windows\System\xJwhbJi.exe
  C:\Windows\System\xJwhbJi.exe
  2⤵
  PID:5764
- C:\Windows\System\yuWkmPc.exe
  C:\Windows\System\yuWkmPc.exe
  2⤵
  PID:5784
- C:\Windows\System\vPvzMTy.exe
  C:\Windows\System\vPvzMTy.exe
  2⤵
  PID:5804
- C:\Windows\System\dYUdpBV.exe
  C:\Windows\System\dYUdpBV.exe
  2⤵
  PID:5820
- C:\Windows\System\LUmcLfT.exe
  C:\Windows\System\LUmcLfT.exe
  2⤵
  PID:5840
- C:\Windows\System\yhgcdaw.exe
  C:\Windows\System\yhgcdaw.exe
  2⤵
  PID:5876
- C:\Windows\System\guZahvY.exe
  C:\Windows\System\guZahvY.exe
  2⤵
  PID:5896
- C:\Windows\System\bucxUZi.exe
  C:\Windows\System\bucxUZi.exe
  2⤵
  PID:5916
- C:\Windows\System\WtxupSD.exe
  C:\Windows\System\WtxupSD.exe
  2⤵
  PID:5932
- C:\Windows\System\WLUfJLd.exe
  C:\Windows\System\WLUfJLd.exe
  2⤵
  PID:5952
- C:\Windows\System\XQBTpZH.exe
  C:\Windows\System\XQBTpZH.exe
  2⤵
  PID:5972
- C:\Windows\System\kBkjjMN.exe
  C:\Windows\System\kBkjjMN.exe
  2⤵
  PID:5992
- C:\Windows\System\RnmNIYj.exe
  C:\Windows\System\RnmNIYj.exe
  2⤵
  PID:6008
- C:\Windows\System\OCUDUDD.exe
  C:\Windows\System\OCUDUDD.exe
  2⤵
  PID:6036
- C:\Windows\System\WKcovdH.exe
  C:\Windows\System\WKcovdH.exe
  2⤵
  PID:6056
- C:\Windows\System\NoxAACv.exe
  C:\Windows\System\NoxAACv.exe
  2⤵
  PID:6072
- C:\Windows\System\ZOzbhgI.exe
  C:\Windows\System\ZOzbhgI.exe
  2⤵
  PID:6092
- C:\Windows\System\ZoOiLQV.exe
  C:\Windows\System\ZoOiLQV.exe
  2⤵
  PID:6108
- C:\Windows\System\fEDlCQr.exe
  C:\Windows\System\fEDlCQr.exe
  2⤵
  PID:6132
- C:\Windows\System\hSdNQDU.exe
  C:\Windows\System\hSdNQDU.exe
  2⤵
  PID:4780
- C:\Windows\System\FiuBZqf.exe
  C:\Windows\System\FiuBZqf.exe
  2⤵
  PID:2908
- C:\Windows\System\OaTfERC.exe
  C:\Windows\System\OaTfERC.exe
  2⤵
  PID:3660
- C:\Windows\System\KEFMCMs.exe
  C:\Windows\System\KEFMCMs.exe
  2⤵
  PID:4228
- C:\Windows\System\peuDzdI.exe
  C:\Windows\System\peuDzdI.exe
  2⤵
  PID:2980
- C:\Windows\System\XoqtKZl.exe
  C:\Windows\System\XoqtKZl.exe
  2⤵
  PID:3936
- C:\Windows\System\EBvuvsE.exe
  C:\Windows\System\EBvuvsE.exe
  2⤵
  PID:2948
- C:\Windows\System\OejNFYA.exe
  C:\Windows\System\OejNFYA.exe
  2⤵
  PID:4168
- C:\Windows\System\LtprSya.exe
  C:\Windows\System\LtprSya.exe
  2⤵
  PID:4456
- C:\Windows\System\OSKNJPA.exe
  C:\Windows\System\OSKNJPA.exe
  2⤵
  PID:4408
- C:\Windows\System\BsYVrIY.exe
  C:\Windows\System\BsYVrIY.exe
  2⤵
  PID:4172
- C:\Windows\System\BkQSNRA.exe
  C:\Windows\System\BkQSNRA.exe
  2⤵
  PID:4240
- C:\Windows\System\vWuRhmq.exe
  C:\Windows\System\vWuRhmq.exe
  2⤵
  PID:4328
- C:\Windows\System\SetZdkE.exe
  C:\Windows\System\SetZdkE.exe
  2⤵
  PID:2628
- C:\Windows\System\jpNxogQ.exe
  C:\Windows\System\jpNxogQ.exe
  2⤵
  PID:5136
- C:\Windows\System\FrrGlbb.exe
  C:\Windows\System\FrrGlbb.exe
  2⤵
  PID:5180
- C:\Windows\System\ybIQImD.exe
  C:\Windows\System\ybIQImD.exe
  2⤵
  PID:5224
- C:\Windows\System\uRfcBfs.exe
  C:\Windows\System\uRfcBfs.exe
  2⤵
  PID:5236
- C:\Windows\System\zZyIJyL.exe
  C:\Windows\System\zZyIJyL.exe
  2⤵
  PID:2772
- C:\Windows\System\WAtHqfW.exe
  C:\Windows\System\WAtHqfW.exe
  2⤵
  PID:5284
- C:\Windows\System\PFrXdTn.exe
  C:\Windows\System\PFrXdTn.exe
  2⤵
  PID:5384
- C:\Windows\System\MMWBSNE.exe
  C:\Windows\System\MMWBSNE.exe
  2⤵
  PID:5424
- C:\Windows\System\RJNhmbA.exe
  C:\Windows\System\RJNhmbA.exe
  2⤵
  PID:5508
- C:\Windows\System\XVVUIid.exe
  C:\Windows\System\XVVUIid.exe
  2⤵
  PID:5544
- C:\Windows\System\pxEXUzn.exe
  C:\Windows\System\pxEXUzn.exe
  2⤵
  PID:5612
- C:\Windows\System\trjQDji.exe
  C:\Windows\System\trjQDji.exe
  2⤵
  PID:5664
- C:\Windows\System\JKsIzQL.exe
  C:\Windows\System\JKsIzQL.exe
  2⤵
  PID:5404
- C:\Windows\System\yYQTJbl.exe
  C:\Windows\System\yYQTJbl.exe
  2⤵
  PID:5480
- C:\Windows\System\cnjjsYR.exe
  C:\Windows\System\cnjjsYR.exe
  2⤵
  PID:5732
- C:\Windows\System\xJcFmpN.exe
  C:\Windows\System\xJcFmpN.exe
  2⤵
  PID:5560
- C:\Windows\System\YqCcLYs.exe
  C:\Windows\System\YqCcLYs.exe
  2⤵
  PID:5812
- C:\Windows\System\JpbgvPW.exe
  C:\Windows\System\JpbgvPW.exe
  2⤵
  PID:5628
- C:\Windows\System\PkwWQCU.exe
  C:\Windows\System\PkwWQCU.exe
  2⤵
  PID:5720
- C:\Windows\System\BtYMtrM.exe
  C:\Windows\System\BtYMtrM.exe
  2⤵
  PID:5864
- C:\Windows\System\afVUypE.exe
  C:\Windows\System\afVUypE.exe
  2⤵
  PID:5872
- C:\Windows\System\NUcdNRf.exe
  C:\Windows\System\NUcdNRf.exe
  2⤵
  PID:5712
- C:\Windows\System\bEnsbdx.exe
  C:\Windows\System\bEnsbdx.exe
  2⤵
  PID:5904
- C:\Windows\System\jzKCIvg.exe
  C:\Windows\System\jzKCIvg.exe
  2⤵
  PID:5892
- C:\Windows\System\unwVLjV.exe
  C:\Windows\System\unwVLjV.exe
  2⤵
  PID:5980
- C:\Windows\System\cgLTmUd.exe
  C:\Windows\System\cgLTmUd.exe
  2⤵
  PID:6020
- C:\Windows\System\bPiNbrv.exe
  C:\Windows\System\bPiNbrv.exe
  2⤵
  PID:6100
- C:\Windows\System\MjFXPSH.exe
  C:\Windows\System\MjFXPSH.exe
  2⤵
  PID:4920
- C:\Windows\System\rkgddoC.exe
  C:\Windows\System\rkgddoC.exe
  2⤵
  PID:5928
- C:\Windows\System\vAUfgZf.exe
  C:\Windows\System\vAUfgZf.exe
  2⤵
  PID:6080
- C:\Windows\System\jRhmzUH.exe
  C:\Windows\System\jRhmzUH.exe
  2⤵
  PID:4024
- C:\Windows\System\iVkJafB.exe
  C:\Windows\System\iVkJafB.exe
  2⤵
  PID:3540
- C:\Windows\System\ksCAIQT.exe
  C:\Windows\System\ksCAIQT.exe
  2⤵
  PID:6116
- C:\Windows\System\eyWhRpL.exe
  C:\Windows\System\eyWhRpL.exe
  2⤵
  PID:5004
- C:\Windows\System\srxGJWb.exe
  C:\Windows\System\srxGJWb.exe
  2⤵
  PID:2728
- C:\Windows\System\JHwgMmi.exe
  C:\Windows\System\JHwgMmi.exe
  2⤵
  PID:4860
- C:\Windows\System\DhlPWoc.exe
  C:\Windows\System\DhlPWoc.exe
  2⤵
  PID:5216
- C:\Windows\System\bbALiPa.exe
  C:\Windows\System\bbALiPa.exe
  2⤵
  PID:5264
- C:\Windows\System\WgzaHHr.exe
  C:\Windows\System\WgzaHHr.exe
  2⤵
  PID:5088
- C:\Windows\System\mivlfRC.exe
  C:\Windows\System\mivlfRC.exe
  2⤵
  PID:2860
- C:\Windows\System\YYyRorE.exe
  C:\Windows\System\YYyRorE.exe
  2⤵
  PID:5176
- C:\Windows\System\RqCGusI.exe
  C:\Windows\System\RqCGusI.exe
  2⤵
  PID:4536
- C:\Windows\System\IdlOkBu.exe
  C:\Windows\System\IdlOkBu.exe
  2⤵
  PID:5292
- C:\Windows\System\PmlIUea.exe
  C:\Windows\System\PmlIUea.exe
  2⤵
  PID:5576
- C:\Windows\System\PqFIUwx.exe
  C:\Windows\System\PqFIUwx.exe
  2⤵
  PID:5368
- C:\Windows\System\dyyldzY.exe
  C:\Windows\System\dyyldzY.exe
  2⤵
  PID:5700
- C:\Windows\System\hxKbLbs.exe
  C:\Windows\System\hxKbLbs.exe
  2⤵
  PID:2796
- C:\Windows\System\zkqINog.exe
  C:\Windows\System\zkqINog.exe
  2⤵
  PID:5676
- C:\Windows\System\sPuNOxw.exe
  C:\Windows\System\sPuNOxw.exe
  2⤵
  PID:5332
- C:\Windows\System\oCAHGGi.exe
  C:\Windows\System\oCAHGGi.exe
  2⤵
  PID:5800
- C:\Windows\System\lozAlzz.exe
  C:\Windows\System\lozAlzz.exe
  2⤵
  PID:5652
- C:\Windows\System\obZEYdE.exe
  C:\Windows\System\obZEYdE.exe
  2⤵
  PID:5524
- C:\Windows\System\lOipnil.exe
  C:\Windows\System\lOipnil.exe
  2⤵
  PID:5596
- C:\Windows\System\TfNhWAA.exe
  C:\Windows\System\TfNhWAA.exe
  2⤵
  PID:5968
- C:\Windows\System\GODJxdf.exe
  C:\Windows\System\GODJxdf.exe
  2⤵
  PID:5852
- C:\Windows\System\hOkixLR.exe
  C:\Windows\System\hOkixLR.exe
  2⤵
  PID:3712
- C:\Windows\System\gBWZYgA.exe
  C:\Windows\System\gBWZYgA.exe
  2⤵
  PID:5884
- C:\Windows\System\dhfwXzN.exe
  C:\Windows\System\dhfwXzN.exe
  2⤵
  PID:5924
- C:\Windows\System\jEGbnQX.exe
  C:\Windows\System\jEGbnQX.exe
  2⤵
  PID:2696
- C:\Windows\System\vlreVQZ.exe
  C:\Windows\System\vlreVQZ.exe
  2⤵
  PID:6052
- C:\Windows\System\qaghghJ.exe
  C:\Windows\System\qaghghJ.exe
  2⤵
  PID:2288
- C:\Windows\System\BkDlRSy.exe
  C:\Windows\System\BkDlRSy.exe
  2⤵
  PID:2544
- C:\Windows\System\rgUsmkw.exe
  C:\Windows\System\rgUsmkw.exe
  2⤵
  PID:2608
- C:\Windows\System\mFLVsHS.exe
  C:\Windows\System\mFLVsHS.exe
  2⤵
  PID:4708
- C:\Windows\System\RQfaHzV.exe
  C:\Windows\System\RQfaHzV.exe
  2⤵
  PID:2684
- C:\Windows\System\ylHGtwa.exe
  C:\Windows\System\ylHGtwa.exe
  2⤵
  PID:2264
- C:\Windows\System\VAEnxql.exe
  C:\Windows\System\VAEnxql.exe
  2⤵
  PID:5348
- C:\Windows\System\tSBbZJY.exe
  C:\Windows\System\tSBbZJY.exe
  2⤵
  PID:2856
- C:\Windows\System\vpJPxAl.exe
  C:\Windows\System\vpJPxAl.exe
  2⤵
  PID:4552
- C:\Windows\System\vVBoHnm.exe
  C:\Windows\System\vVBoHnm.exe
  2⤵
  PID:1424
- C:\Windows\System\YyOzHRq.exe
  C:\Windows\System\YyOzHRq.exe
  2⤵
  PID:5948
- C:\Windows\System\MXjuFbj.exe
  C:\Windows\System\MXjuFbj.exe
  2⤵
  PID:5828
- C:\Windows\System\lNHKHCY.exe
  C:\Windows\System\lNHKHCY.exe
  2⤵
  PID:4792
- C:\Windows\System\lQoRlzs.exe
  C:\Windows\System\lQoRlzs.exe
  2⤵
  PID:5312
- C:\Windows\System\kdTyFdm.exe
  C:\Windows\System\kdTyFdm.exe
  2⤵
  PID:5680
- C:\Windows\System\KQUBUvM.exe
  C:\Windows\System\KQUBUvM.exe
  2⤵
  PID:5380
- C:\Windows\System\rPZmxYB.exe
  C:\Windows\System\rPZmxYB.exe
  2⤵
  PID:964
- C:\Windows\System\qxSPdDV.exe
  C:\Windows\System\qxSPdDV.exe
  2⤵
  PID:6156
- C:\Windows\System\DJjIgjJ.exe
  C:\Windows\System\DJjIgjJ.exe
  2⤵
  PID:6172
- C:\Windows\System\qfVJWBX.exe
  C:\Windows\System\qfVJWBX.exe
  2⤵
  PID:6188
- C:\Windows\System\WmkUMTu.exe
  C:\Windows\System\WmkUMTu.exe
  2⤵
  PID:6208
- C:\Windows\System\ItAlOZW.exe
  C:\Windows\System\ItAlOZW.exe
  2⤵
  PID:6224
- C:\Windows\System\IQZbnsH.exe
  C:\Windows\System\IQZbnsH.exe
  2⤵
  PID:6244
- C:\Windows\System\HdHLvyq.exe
  C:\Windows\System\HdHLvyq.exe
  2⤵
  PID:6268
- C:\Windows\System\QUKaFHo.exe
  C:\Windows\System\QUKaFHo.exe
  2⤵
  PID:6288
- C:\Windows\System\JVySdBi.exe
  C:\Windows\System\JVySdBi.exe
  2⤵
  PID:6308
- C:\Windows\System\BugZnEZ.exe
  C:\Windows\System\BugZnEZ.exe
  2⤵
  PID:6324
- C:\Windows\System\NeQRKnN.exe
  C:\Windows\System\NeQRKnN.exe
  2⤵
  PID:6340
- C:\Windows\System\UuTHLzG.exe
  C:\Windows\System\UuTHLzG.exe
  2⤵
  PID:6364
- C:\Windows\System\bLiPIdh.exe
  C:\Windows\System\bLiPIdh.exe
  2⤵
  PID:6400
- C:\Windows\System\eulNgaC.exe
  C:\Windows\System\eulNgaC.exe
  2⤵
  PID:6420
- C:\Windows\System\JbMocsT.exe
  C:\Windows\System\JbMocsT.exe
  2⤵
  PID:6440
- C:\Windows\System\RTzLPkI.exe
  C:\Windows\System\RTzLPkI.exe
  2⤵
  PID:6464
- C:\Windows\System\kiaVGsZ.exe
  C:\Windows\System\kiaVGsZ.exe
  2⤵
  PID:6480
- C:\Windows\System\fsVWomQ.exe
  C:\Windows\System\fsVWomQ.exe
  2⤵
  PID:6496
- C:\Windows\System\CrfVJbN.exe
  C:\Windows\System\CrfVJbN.exe
  2⤵
  PID:6512
- C:\Windows\System\pPzePYM.exe
  C:\Windows\System\pPzePYM.exe
  2⤵
  PID:6528
- C:\Windows\System\hTWdUyf.exe
  C:\Windows\System\hTWdUyf.exe
  2⤵
  PID:6552
- C:\Windows\System\pRhXkcC.exe
  C:\Windows\System\pRhXkcC.exe
  2⤵
  PID:6568
- C:\Windows\System\TzSVeUv.exe
  C:\Windows\System\TzSVeUv.exe
  2⤵
  PID:6592
- C:\Windows\System\qUOymnE.exe
  C:\Windows\System\qUOymnE.exe
  2⤵
  PID:6612
- C:\Windows\System\XYMdnAF.exe
  C:\Windows\System\XYMdnAF.exe
  2⤵
  PID:6632
- C:\Windows\System\BjwlDlX.exe
  C:\Windows\System\BjwlDlX.exe
  2⤵
  PID:6664
- C:\Windows\System\bjbMoKF.exe
  C:\Windows\System\bjbMoKF.exe
  2⤵
  PID:6680
- C:\Windows\System\aykuoih.exe
  C:\Windows\System\aykuoih.exe
  2⤵
  PID:6700
- C:\Windows\System\vFvckHL.exe
  C:\Windows\System\vFvckHL.exe
  2⤵
  PID:6720
- C:\Windows\System\FsexIMg.exe
  C:\Windows\System\FsexIMg.exe
  2⤵
  PID:6744
- C:\Windows\System\UHRezIL.exe
  C:\Windows\System\UHRezIL.exe
  2⤵
  PID:6760
- C:\Windows\System\uJlkJrj.exe
  C:\Windows\System\uJlkJrj.exe
  2⤵
  PID:6780
- C:\Windows\System\pdDzjOZ.exe
  C:\Windows\System\pdDzjOZ.exe
  2⤵
  PID:6796
- C:\Windows\System\QcIBAQc.exe
  C:\Windows\System\QcIBAQc.exe
  2⤵
  PID:6820
- C:\Windows\System\atFVZpg.exe
  C:\Windows\System\atFVZpg.exe
  2⤵
  PID:6836
- C:\Windows\System\LzfvjNW.exe
  C:\Windows\System\LzfvjNW.exe
  2⤵
  PID:6852
- C:\Windows\System\ctxXzYA.exe
  C:\Windows\System\ctxXzYA.exe
  2⤵
  PID:6876
- C:\Windows\System\zmjDyfn.exe
  C:\Windows\System\zmjDyfn.exe
  2⤵
  PID:6896
- C:\Windows\System\gpMyFkz.exe
  C:\Windows\System\gpMyFkz.exe
  2⤵
  PID:6916
- C:\Windows\System\GCwjrIf.exe
  C:\Windows\System\GCwjrIf.exe
  2⤵
  PID:6936
- C:\Windows\System\FIzJacZ.exe
  C:\Windows\System\FIzJacZ.exe
  2⤵
  PID:6956
- C:\Windows\System\WUYccAI.exe
  C:\Windows\System\WUYccAI.exe
  2⤵
  PID:6972
- C:\Windows\System\jOiDVnm.exe
  C:\Windows\System\jOiDVnm.exe
  2⤵
  PID:6988
- C:\Windows\System\raOOaIf.exe
  C:\Windows\System\raOOaIf.exe
  2⤵
  PID:7004
- C:\Windows\System\wKMZuCN.exe
  C:\Windows\System\wKMZuCN.exe
  2⤵
  PID:7020
- C:\Windows\System\VlCfhUZ.exe
  C:\Windows\System\VlCfhUZ.exe
  2⤵
  PID:7036
- C:\Windows\System\PthZfnV.exe
  C:\Windows\System\PthZfnV.exe
  2⤵
  PID:7052
- C:\Windows\System\YHCewkP.exe
  C:\Windows\System\YHCewkP.exe
  2⤵
  PID:7068
- C:\Windows\System\HzJtdTM.exe
  C:\Windows\System\HzJtdTM.exe
  2⤵
  PID:7084
- C:\Windows\System\bgeRUwc.exe
  C:\Windows\System\bgeRUwc.exe
  2⤵
  PID:7100
- C:\Windows\System\NzzBLXg.exe
  C:\Windows\System\NzzBLXg.exe
  2⤵
  PID:7116
- C:\Windows\System\SHWxQQC.exe
  C:\Windows\System\SHWxQQC.exe
  2⤵
  PID:7140
- C:\Windows\System\usQeGdv.exe
  C:\Windows\System\usQeGdv.exe
  2⤵
  PID:7164
- C:\Windows\System\DHzeGiY.exe
  C:\Windows\System\DHzeGiY.exe
  2⤵
  PID:2552
- C:\Windows\System\dREramj.exe
  C:\Windows\System\dREramj.exe
  2⤵
  PID:6016
- C:\Windows\System\VnHiNMM.exe
  C:\Windows\System\VnHiNMM.exe
  2⤵
  PID:4912
- C:\Windows\System\iVXCEBr.exe
  C:\Windows\System\iVXCEBr.exe
  2⤵
  PID:708
- C:\Windows\System\QADlbnW.exe
  C:\Windows\System\QADlbnW.exe
  2⤵
  PID:5448
- C:\Windows\System\mFPPwDn.exe
  C:\Windows\System\mFPPwDn.exe
  2⤵
  PID:6168
- C:\Windows\System\gOppaNG.exe
  C:\Windows\System\gOppaNG.exe
  2⤵
  PID:6200
- C:\Windows\System\esTrkff.exe
  C:\Windows\System\esTrkff.exe
  2⤵
  PID:4268
- C:\Windows\System\Uvpttpi.exe
  C:\Windows\System\Uvpttpi.exe
  2⤵
  PID:6048
- C:\Windows\System\DZefTac.exe
  C:\Windows\System\DZefTac.exe
  2⤵
  PID:2864
- C:\Windows\System\DkINLVw.exe
  C:\Windows\System\DkINLVw.exe
  2⤵
  PID:6316
- C:\Windows\System\TuGqcNf.exe
  C:\Windows\System\TuGqcNf.exe
  2⤵
  PID:1276
- C:\Windows\System\uUDqWCA.exe
  C:\Windows\System\uUDqWCA.exe
  2⤵
  PID:5960
- C:\Windows\System\UElyufd.exe
  C:\Windows\System\UElyufd.exe
  2⤵
  PID:5196
- C:\Windows\System\hzjaiov.exe
  C:\Windows\System\hzjaiov.exe
  2⤵
  PID:5540
- C:\Windows\System\yDmtBmN.exe
  C:\Windows\System\yDmtBmN.exe
  2⤵
  PID:6148
- C:\Windows\System\zvBMKrA.exe
  C:\Windows\System\zvBMKrA.exe
  2⤵
  PID:6416
- C:\Windows\System\IKvQLoS.exe
  C:\Windows\System\IKvQLoS.exe
  2⤵
  PID:6452
- C:\Windows\System\ELVIASW.exe
  C:\Windows\System\ELVIASW.exe
  2⤵
  PID:6520
- C:\Windows\System\eyhLNyR.exe
  C:\Windows\System\eyhLNyR.exe
  2⤵
  PID:6300
- C:\Windows\System\cSxXxvc.exe
  C:\Windows\System\cSxXxvc.exe
  2⤵
  PID:6372
- C:\Windows\System\YcVwSxG.exe
  C:\Windows\System\YcVwSxG.exe
  2⤵
  PID:6296
- C:\Windows\System\FlPPdmq.exe
  C:\Windows\System\FlPPdmq.exe
  2⤵
  PID:6216
- C:\Windows\System\tQGpVRs.exe
  C:\Windows\System\tQGpVRs.exe
  2⤵
  PID:6660
- C:\Windows\System\fTittvT.exe
  C:\Windows\System\fTittvT.exe
  2⤵
  PID:6696
- C:\Windows\System\dooUOFi.exe
  C:\Windows\System\dooUOFi.exe
  2⤵
  PID:6540
- C:\Windows\System\waFhOlG.exe
  C:\Windows\System\waFhOlG.exe
  2⤵
  PID:6740
- C:\Windows\System\WynWoQL.exe
  C:\Windows\System\WynWoQL.exe
  2⤵
  PID:1316
- C:\Windows\System\Xgmgwog.exe
  C:\Windows\System\Xgmgwog.exe
  2⤵
  PID:6576
- C:\Windows\System\HJZtkTy.exe
  C:\Windows\System\HJZtkTy.exe
  2⤵
  PID:6624
- C:\Windows\System\vrASpnD.exe
  C:\Windows\System\vrASpnD.exe
  2⤵
  PID:6508
- C:\Windows\System\nhzXsqe.exe
  C:\Windows\System\nhzXsqe.exe
  2⤵
  PID:6772
- C:\Windows\System\bSrgHEV.exe
  C:\Windows\System\bSrgHEV.exe
  2⤵
  PID:1296
- C:\Windows\System\MMdpqtL.exe
  C:\Windows\System\MMdpqtL.exe
  2⤵
  PID:6844
- C:\Windows\System\yKYlOfu.exe
  C:\Windows\System\yKYlOfu.exe
  2⤵
  PID:6672
- C:\Windows\System\QkgTsSV.exe
  C:\Windows\System\QkgTsSV.exe
  2⤵
  PID:6888
- C:\Windows\System\frcCdSl.exe
  C:\Windows\System\frcCdSl.exe
  2⤵
  PID:4064
- C:\Windows\System\ifanpwu.exe
  C:\Windows\System\ifanpwu.exe
  2⤵
  PID:6928
- C:\Windows\System\PiTIKUQ.exe
  C:\Windows\System\PiTIKUQ.exe
  2⤵
  PID:6964
- C:\Windows\System\sJwbPgQ.exe
  C:\Windows\System\sJwbPgQ.exe
  2⤵
  PID:7000
- C:\Windows\System\FqsYoYK.exe
  C:\Windows\System\FqsYoYK.exe
  2⤵
  PID:7060
- C:\Windows\System\FdNdyBf.exe
  C:\Windows\System\FdNdyBf.exe
  2⤵
  PID:7124
- C:\Windows\System\mAoglWq.exe
  C:\Windows\System\mAoglWq.exe
  2⤵
  PID:2876
- C:\Windows\System\THLtoHz.exe
  C:\Windows\System\THLtoHz.exe
  2⤵
  PID:580
- C:\Windows\System\KnbBugy.exe
  C:\Windows\System\KnbBugy.exe
  2⤵
  PID:6872
- C:\Windows\System\UCimNfY.exe
  C:\Windows\System\UCimNfY.exe
  2⤵
  PID:5408
- C:\Windows\System\tscOOQW.exe
  C:\Windows\System\tscOOQW.exe
  2⤵
  PID:6284
- C:\Windows\System\wlXepRE.exe
  C:\Windows\System\wlXepRE.exe
  2⤵
  PID:5504
- C:\Windows\System\zTCGHpU.exe
  C:\Windows\System\zTCGHpU.exe
  2⤵
  PID:5696
- C:\Windows\System\vhcSDBh.exe
  C:\Windows\System\vhcSDBh.exe
  2⤵
  PID:5636
- C:\Windows\System\hBoFdQj.exe
  C:\Windows\System\hBoFdQj.exe
  2⤵
  PID:6832
- C:\Windows\System\ZsoyWib.exe
  C:\Windows\System\ZsoyWib.exe
  2⤵
  PID:6412
- C:\Windows\System\fGKagew.exe
  C:\Windows\System\fGKagew.exe
  2⤵
  PID:6332
- C:\Windows\System\EqZQPrw.exe
  C:\Windows\System\EqZQPrw.exe
  2⤵
  PID:6220
- C:\Windows\System\GLWpmjQ.exe
  C:\Windows\System\GLWpmjQ.exe
  2⤵
  PID:7112
- C:\Windows\System\CfGsfTf.exe
  C:\Windows\System\CfGsfTf.exe
  2⤵
  PID:7160
- C:\Windows\System\oPgXBFT.exe
  C:\Windows\System\oPgXBFT.exe
  2⤵
  PID:6456
- C:\Windows\System\irrGqWn.exe
  C:\Windows\System\irrGqWn.exe
  2⤵
  PID:6184
- C:\Windows\System\cHXiYgl.exe
  C:\Windows\System\cHXiYgl.exe
  2⤵
  PID:6384
- C:\Windows\System\iJhBoiD.exe
  C:\Windows\System\iJhBoiD.exe
  2⤵
  PID:6084
- C:\Windows\System\mNEpkUr.exe
  C:\Windows\System\mNEpkUr.exe
  2⤵
  PID:7044
- C:\Windows\System\oZmplkq.exe
  C:\Windows\System\oZmplkq.exe
  2⤵
  PID:6984
- C:\Windows\System\DgBuGFd.exe
  C:\Windows\System\DgBuGFd.exe
  2⤵
  PID:2676
- C:\Windows\System\axRDxIX.exe
  C:\Windows\System\axRDxIX.exe
  2⤵
  PID:2528
- C:\Windows\System\eyZluUg.exe
  C:\Windows\System\eyZluUg.exe
  2⤵
  PID:2108
- C:\Windows\System\whbyoHN.exe
  C:\Windows\System\whbyoHN.exe
  2⤵
  PID:528
- C:\Windows\System\UZfKNsU.exe
  C:\Windows\System\UZfKNsU.exe
  2⤵
  PID:2592
- C:\Windows\System\awcoowx.exe
  C:\Windows\System\awcoowx.exe
  2⤵
  PID:1640
- C:\Windows\System\VugVbwC.exe
  C:\Windows\System\VugVbwC.exe
  2⤵
  PID:2968
- C:\Windows\System\iLmNnHY.exe
  C:\Windows\System\iLmNnHY.exe
  2⤵
  PID:1732
- C:\Windows\System\TEJjrin.exe
  C:\Windows\System\TEJjrin.exe
  2⤵
  PID:6536
- C:\Windows\System\ERDkVmE.exe
  C:\Windows\System\ERDkVmE.exe
  2⤵
  PID:2672
- C:\Windows\System\ephdpVv.exe
  C:\Windows\System\ephdpVv.exe
  2⤵
  PID:568
- C:\Windows\System\cIxAAdP.exe
  C:\Windows\System\cIxAAdP.exe
  2⤵
  PID:6996
- C:\Windows\System\goRrFHP.exe
  C:\Windows\System\goRrFHP.exe
  2⤵
  PID:7092
- C:\Windows\System\eWxSAUB.exe
  C:\Windows\System\eWxSAUB.exe
  2⤵
  PID:4880
- C:\Windows\System\UxYHRru.exe
  C:\Windows\System\UxYHRru.exe
  2⤵
  PID:1908
- C:\Windows\System\BUIjFBs.exe
  C:\Windows\System\BUIjFBs.exe
  2⤵
  PID:6944
- C:\Windows\System\uMjPNVT.exe
  C:\Windows\System\uMjPNVT.exe
  2⤵
  PID:6164
- C:\Windows\System\cBEfDTT.exe
  C:\Windows\System\cBEfDTT.exe
  2⤵
  PID:6864
- C:\Windows\System\bGTVtkR.exe
  C:\Windows\System\bGTVtkR.exe
  2⤵
  PID:6732
- C:\Windows\System\hcbLcFi.exe
  C:\Windows\System\hcbLcFi.exe
  2⤵
  PID:6548
- C:\Windows\System\Wqajuer.exe
  C:\Windows\System\Wqajuer.exe
  2⤵
  PID:6924
- C:\Windows\System\JmcklIp.exe
  C:\Windows\System\JmcklIp.exe
  2⤵
  PID:7128
- C:\Windows\System\WfLMlsZ.exe
  C:\Windows\System\WfLMlsZ.exe
  2⤵
  PID:6712
- C:\Windows\System\ZhMffYM.exe
  C:\Windows\System\ZhMffYM.exe
  2⤵
  PID:1832
- C:\Windows\System\CxzlwJZ.exe
  C:\Windows\System\CxzlwJZ.exe
  2⤵
  PID:5692
- C:\Windows\System\PfyhzIG.exe
  C:\Windows\System\PfyhzIG.exe
  2⤵
  PID:5144
- C:\Windows\System\xghVWMj.exe
  C:\Windows\System\xghVWMj.exe
  2⤵
  PID:2928
- C:\Windows\System\wOpzOiE.exe
  C:\Windows\System\wOpzOiE.exe
  2⤵
  PID:6560
- C:\Windows\System\kftcvok.exe
  C:\Windows\System\kftcvok.exe
  2⤵
  PID:1608
- C:\Windows\System\zOTslBD.exe
  C:\Windows\System\zOTslBD.exe
  2⤵
  PID:5832
- C:\Windows\System\eKbksRm.exe
  C:\Windows\System\eKbksRm.exe
  2⤵
  PID:7108
- C:\Windows\System\dqxhCVr.exe
  C:\Windows\System\dqxhCVr.exe
  2⤵
  PID:6388
- C:\Windows\System\XxOocuu.exe
  C:\Windows\System\XxOocuu.exe
  2⤵
  PID:6436
- C:\Windows\System\pMkcuND.exe
  C:\Windows\System\pMkcuND.exe
  2⤵
  PID:2660
- C:\Windows\System\bTolloZ.exe
  C:\Windows\System\bTolloZ.exe
  2⤵
  PID:6600
- C:\Windows\System\xuNuUgi.exe
  C:\Windows\System\xuNuUgi.exe
  2⤵
  PID:1680
- C:\Windows\System\wgOYdkY.exe
  C:\Windows\System\wgOYdkY.exe
  2⤵
  PID:3008
- C:\Windows\System\XmCpQON.exe
  C:\Windows\System\XmCpQON.exe
  2⤵
  PID:6828
- C:\Windows\System\tBWWNLa.exe
  C:\Windows\System\tBWWNLa.exe
  2⤵
  PID:7012
- C:\Windows\System\qmMflEL.exe
  C:\Windows\System\qmMflEL.exe
  2⤵
  PID:6868
- C:\Windows\System\EPvlBlX.exe
  C:\Windows\System\EPvlBlX.exe
  2⤵
  PID:6980
- C:\Windows\System\RSbVxhV.exe
  C:\Windows\System\RSbVxhV.exe
  2⤵
  PID:616
- C:\Windows\System\NgWfsgF.exe
  C:\Windows\System\NgWfsgF.exe
  2⤵
  PID:6648
- C:\Windows\System\pparElB.exe
  C:\Windows\System\pparElB.exe
  2⤵
  PID:5776
- C:\Windows\System\kFFlNbe.exe
  C:\Windows\System\kFFlNbe.exe
  2⤵
  PID:6232
- C:\Windows\System\HdpytoN.exe
  C:\Windows\System\HdpytoN.exe
  2⤵
  PID:6912
- C:\Windows\System\pkKyrbf.exe
  C:\Windows\System\pkKyrbf.exe
  2⤵
  PID:7080
- C:\Windows\System\LhmPwSu.exe
  C:\Windows\System\LhmPwSu.exe
  2⤵
  PID:6476
- C:\Windows\System\avysXCd.exe
  C:\Windows\System\avysXCd.exe
  2⤵
  PID:6588
- C:\Windows\System\gbBbOYD.exe
  C:\Windows\System\gbBbOYD.exe
  2⤵
  PID:2732
- C:\Windows\System\EvHlvgx.exe
  C:\Windows\System\EvHlvgx.exe
  2⤵
  PID:6908
- C:\Windows\System\eBVNDGx.exe
  C:\Windows\System\eBVNDGx.exe
  2⤵
  PID:1848
- C:\Windows\System\akzcYor.exe
  C:\Windows\System\akzcYor.exe
  2⤵
  PID:6264
- C:\Windows\System\TIcApdB.exe
  C:\Windows\System\TIcApdB.exe
  2⤵
  PID:1616
- C:\Windows\System\byFiurG.exe
  C:\Windows\System\byFiurG.exe
  2⤵
  PID:6788
- C:\Windows\System\tostKBG.exe
  C:\Windows\System\tostKBG.exe
  2⤵
  PID:2708
- C:\Windows\System\dOPyklU.exe
  C:\Windows\System\dOPyklU.exe
  2⤵
  PID:6128
- C:\Windows\System\ImtpurA.exe
  C:\Windows\System\ImtpurA.exe
  2⤵
  PID:5268
- C:\Windows\System\KztwKPO.exe
  C:\Windows\System\KztwKPO.exe
  2⤵
  PID:7136
- C:\Windows\System\qlGdjoU.exe
  C:\Windows\System\qlGdjoU.exe
  2⤵
  PID:6812
- C:\Windows\System\RGbzANw.exe
  C:\Windows\System\RGbzANw.exe
  2⤵
  PID:3520
- C:\Windows\System\HGglLNS.exe
  C:\Windows\System\HGglLNS.exe
  2⤵
  PID:6804
- C:\Windows\System\SDAixWV.exe
  C:\Windows\System\SDAixWV.exe
  2⤵
  PID:6904
- C:\Windows\System\WRntXuu.exe
  C:\Windows\System\WRntXuu.exe
  2⤵
  PID:2492
- C:\Windows\System\oqphGBG.exe
  C:\Windows\System\oqphGBG.exe
  2⤵
  PID:6676
- C:\Windows\System\ejiWire.exe
  C:\Windows\System\ejiWire.exe
  2⤵
  PID:6492
- C:\Windows\System\iENESPc.exe
  C:\Windows\System\iENESPc.exe
  2⤵
  PID:7156
- C:\Windows\System\ytXSlyd.exe
  C:\Windows\System\ytXSlyd.exe
  2⤵
  PID:6604
- C:\Windows\System\lGppsGM.exe
  C:\Windows\System\lGppsGM.exe
  2⤵
  PID:7188
- C:\Windows\System\wGjOQcz.exe
  C:\Windows\System\wGjOQcz.exe
  2⤵
  PID:7204
- C:\Windows\System\cKmgWrw.exe
  C:\Windows\System\cKmgWrw.exe
  2⤵
  PID:7220
- C:\Windows\System\vLzaJNR.exe
  C:\Windows\System\vLzaJNR.exe
  2⤵
  PID:7236
- C:\Windows\System\ibNnxXn.exe
  C:\Windows\System\ibNnxXn.exe
  2⤵
  PID:7252
- C:\Windows\System\sDXnHFj.exe
  C:\Windows\System\sDXnHFj.exe
  2⤵
  PID:7280
- C:\Windows\System\eWPsEGc.exe
  C:\Windows\System\eWPsEGc.exe
  2⤵
  PID:7296
- C:\Windows\System\MowPWap.exe
  C:\Windows\System\MowPWap.exe
  2⤵
  PID:7312
- C:\Windows\System\LDpiXSb.exe
  C:\Windows\System\LDpiXSb.exe
  2⤵
  PID:7332
- C:\Windows\System\ihamaYI.exe
  C:\Windows\System\ihamaYI.exe
  2⤵
  PID:7348
- C:\Windows\System\buRGGDi.exe
  C:\Windows\System\buRGGDi.exe
  2⤵
  PID:7364
- C:\Windows\System\eTZdshY.exe
  C:\Windows\System\eTZdshY.exe
  2⤵
  PID:7380
- C:\Windows\System\EIHCitt.exe
  C:\Windows\System\EIHCitt.exe
  2⤵
  PID:7396
- C:\Windows\System\ZhbjCyn.exe
  C:\Windows\System\ZhbjCyn.exe
  2⤵
  PID:7412
- C:\Windows\System\dXUynlC.exe
  C:\Windows\System\dXUynlC.exe
  2⤵
  PID:7428
- C:\Windows\System\ZjxcChX.exe
  C:\Windows\System\ZjxcChX.exe
  2⤵
  PID:7444
- C:\Windows\System\tLzhxLK.exe
  C:\Windows\System\tLzhxLK.exe
  2⤵
  PID:7460
- C:\Windows\System\ypFxMzm.exe
  C:\Windows\System\ypFxMzm.exe
  2⤵
  PID:7476
- C:\Windows\System\QKaDaJt.exe
  C:\Windows\System\QKaDaJt.exe
  2⤵
  PID:7492
- C:\Windows\System\QxJHvcC.exe
  C:\Windows\System\QxJHvcC.exe
  2⤵
  PID:7508
- C:\Windows\System\LnAVcGm.exe
  C:\Windows\System\LnAVcGm.exe
  2⤵
  PID:7524
- C:\Windows\System\tSnAaaW.exe
  C:\Windows\System\tSnAaaW.exe
  2⤵
  PID:7540
- C:\Windows\System\RDkSmzZ.exe
  C:\Windows\System\RDkSmzZ.exe
  2⤵
  PID:7556
- C:\Windows\System\zRWHAtI.exe
  C:\Windows\System\zRWHAtI.exe
  2⤵
  PID:7572
- C:\Windows\System\isoDJXb.exe
  C:\Windows\System\isoDJXb.exe
  2⤵
  PID:7588
- C:\Windows\System\FxFmiju.exe
  C:\Windows\System\FxFmiju.exe
  2⤵
  PID:7604
- C:\Windows\System\xMsafuD.exe
  C:\Windows\System\xMsafuD.exe
  2⤵
  PID:7620
- C:\Windows\System\tWQNAwM.exe
  C:\Windows\System\tWQNAwM.exe
  2⤵
  PID:7636
- C:\Windows\System\ojMltfO.exe
  C:\Windows\System\ojMltfO.exe
  2⤵
  PID:7652
- C:\Windows\System\eMbexbD.exe
  C:\Windows\System\eMbexbD.exe
  2⤵
  PID:7668
- C:\Windows\System\kWnSjSK.exe
  C:\Windows\System\kWnSjSK.exe
  2⤵
  PID:7684
- C:\Windows\System\lqtOHjo.exe
  C:\Windows\System\lqtOHjo.exe
  2⤵
  PID:7700
- C:\Windows\System\IkmYMiy.exe
  C:\Windows\System\IkmYMiy.exe
  2⤵
  PID:7716
- C:\Windows\System\osDXYqh.exe
  C:\Windows\System\osDXYqh.exe
  2⤵
  PID:7732
- C:\Windows\System\LjkryOF.exe
  C:\Windows\System\LjkryOF.exe
  2⤵
  PID:7748
- C:\Windows\System\QABKZwQ.exe
  C:\Windows\System\QABKZwQ.exe
  2⤵
  PID:7764
- C:\Windows\System\hwnMONg.exe
  C:\Windows\System\hwnMONg.exe
  2⤵
  PID:7784
- C:\Windows\System\KFptrxs.exe
  C:\Windows\System\KFptrxs.exe
  2⤵
  PID:7800
- C:\Windows\System\wIKbHCA.exe
  C:\Windows\System\wIKbHCA.exe
  2⤵
  PID:7816
- C:\Windows\System\BNcXHge.exe
  C:\Windows\System\BNcXHge.exe
  2⤵
  PID:7832
- C:\Windows\System\AyEagUL.exe
  C:\Windows\System\AyEagUL.exe
  2⤵
  PID:7848
- C:\Windows\System\YlWEarw.exe
  C:\Windows\System\YlWEarw.exe
  2⤵
  PID:7864
- C:\Windows\System\eWyyFNS.exe
  C:\Windows\System\eWyyFNS.exe
  2⤵
  PID:7880
- C:\Windows\System\DoMcDGw.exe
  C:\Windows\System\DoMcDGw.exe
  2⤵
  PID:7896
- C:\Windows\System\rLdEtAL.exe
  C:\Windows\System\rLdEtAL.exe
  2⤵
  PID:7912
- C:\Windows\System\QJxavrI.exe
  C:\Windows\System\QJxavrI.exe
  2⤵
  PID:7928
- C:\Windows\System\XCzEfoD.exe
  C:\Windows\System\XCzEfoD.exe
  2⤵
  PID:7944
- C:\Windows\System\czGdlis.exe
  C:\Windows\System\czGdlis.exe
  2⤵
  PID:7960
- C:\Windows\System\ktduKiA.exe
  C:\Windows\System\ktduKiA.exe
  2⤵
  PID:7980
- C:\Windows\System\anvFQpo.exe
  C:\Windows\System\anvFQpo.exe
  2⤵
  PID:7996
- C:\Windows\System\qrIsOHn.exe
  C:\Windows\System\qrIsOHn.exe
  2⤵
  PID:8012
- C:\Windows\System\ZKhjEfE.exe
  C:\Windows\System\ZKhjEfE.exe
  2⤵
  PID:8028
- C:\Windows\System\oucyoWr.exe
  C:\Windows\System\oucyoWr.exe
  2⤵
  PID:8044
- C:\Windows\System\iukZWHg.exe
  C:\Windows\System\iukZWHg.exe
  2⤵
  PID:8060
- C:\Windows\System\oyJUqLu.exe
  C:\Windows\System\oyJUqLu.exe
  2⤵
  PID:8076
- C:\Windows\System\dlSzmdM.exe
  C:\Windows\System\dlSzmdM.exe
  2⤵
  PID:8092
- C:\Windows\System\MNhMTbj.exe
  C:\Windows\System\MNhMTbj.exe
  2⤵
  PID:8108
- C:\Windows\System\mCONdqD.exe
  C:\Windows\System\mCONdqD.exe
  2⤵
  PID:8124
- C:\Windows\System\QWAZtIB.exe
  C:\Windows\System\QWAZtIB.exe
  2⤵
  PID:8140
- C:\Windows\System\loLVVSi.exe
  C:\Windows\System\loLVVSi.exe
  2⤵
  PID:8156
- C:\Windows\System\wpmWjYy.exe
  C:\Windows\System\wpmWjYy.exe
  2⤵
  PID:8172
- C:\Windows\System\BBBnMVj.exe
  C:\Windows\System\BBBnMVj.exe
  2⤵
  PID:8188
- C:\Windows\System\IREfCYJ.exe
  C:\Windows\System\IREfCYJ.exe
  2⤵
  PID:6620
- C:\Windows\System\gHLBvFf.exe
  C:\Windows\System\gHLBvFf.exe
  2⤵
  PID:7228
- C:\Windows\System\QabtvZV.exe
  C:\Windows\System\QabtvZV.exe
  2⤵
  PID:1960
- C:\Windows\System\YshZUJW.exe
  C:\Windows\System\YshZUJW.exe
  2⤵
  PID:3052
- C:\Windows\System\MngoGKF.exe
  C:\Windows\System\MngoGKF.exe
  2⤵
  PID:7244
- C:\Windows\System\CzGvDMf.exe
  C:\Windows\System\CzGvDMf.exe
  2⤵
  PID:7212
- C:\Windows\System\YLZltLV.exe
  C:\Windows\System\YLZltLV.exe
  2⤵
  PID:7304
- C:\Windows\System\pqFcmaW.exe
  C:\Windows\System\pqFcmaW.exe
  2⤵
  PID:7320
- C:\Windows\System\relsfNK.exe
  C:\Windows\System\relsfNK.exe
  2⤵
  PID:7324
- C:\Windows\System\swsvejp.exe
  C:\Windows\System\swsvejp.exe
  2⤵
  PID:7344
- C:\Windows\System\HtABMGU.exe
  C:\Windows\System\HtABMGU.exe
  2⤵
  PID:7472
- C:\Windows\System\MXPGhdP.exe
  C:\Windows\System\MXPGhdP.exe
  2⤵
  PID:7408
- C:\Windows\System\sAEbZnZ.exe
  C:\Windows\System\sAEbZnZ.exe
  2⤵
  PID:7536
- C:\Windows\System\CRJinGU.exe
  C:\Windows\System\CRJinGU.exe
  2⤵
  PID:7360
- C:\Windows\System\tgYnJoW.exe
  C:\Windows\System\tgYnJoW.exe
  2⤵
  PID:7420
- C:\Windows\System\XuWMaFu.exe
  C:\Windows\System\XuWMaFu.exe
  2⤵
  PID:7488
- C:\Windows\System\BUrfAzI.exe
  C:\Windows\System\BUrfAzI.exe
  2⤵
  PID:7660
- C:\Windows\System\RTqjHoQ.exe
  C:\Windows\System\RTqjHoQ.exe
  2⤵
  PID:7696
- C:\Windows\System\KEGsSJB.exe
  C:\Windows\System\KEGsSJB.exe
  2⤵
  PID:7724
- C:\Windows\System\IgNyeMz.exe
  C:\Windows\System\IgNyeMz.exe
  2⤵
  PID:7580
- C:\Windows\System\hZuEkNT.exe
  C:\Windows\System\hZuEkNT.exe
  2⤵
  PID:7644
- C:\Windows\System\cwiGHtR.exe
  C:\Windows\System\cwiGHtR.exe
  2⤵
  PID:7680
- C:\Windows\System\XtyAzvG.exe
  C:\Windows\System\XtyAzvG.exe
  2⤵
  PID:7772
- C:\Windows\System\qmUsbfV.exe
  C:\Windows\System\qmUsbfV.exe
  2⤵
  PID:7780
- C:\Windows\System\vetOubT.exe
  C:\Windows\System\vetOubT.exe
  2⤵
  PID:7856
- C:\Windows\System\CxcNjQP.exe
  C:\Windows\System\CxcNjQP.exe
  2⤵
  PID:7840
- C:\Windows\System\OMVGKQL.exe
  C:\Windows\System\OMVGKQL.exe
  2⤵
  PID:7936
- C:\Windows\System\gLKIuKb.exe
  C:\Windows\System\gLKIuKb.exe
  2⤵
  PID:7812
- C:\Windows\System\kInzbND.exe
  C:\Windows\System\kInzbND.exe
  2⤵
  PID:7988
- C:\Windows\System\vxVRRIr.exe
  C:\Windows\System\vxVRRIr.exe
  2⤵
  PID:8052
- C:\Windows\System\AmfTLcy.exe
  C:\Windows\System\AmfTLcy.exe
  2⤵
  PID:8056
- C:\Windows\System\TCNWuYJ.exe
  C:\Windows\System\TCNWuYJ.exe
  2⤵
  PID:8180
- C:\Windows\System\XkZfANX.exe
  C:\Windows\System\XkZfANX.exe
  2⤵
  PID:7196
- C:\Windows\System\ZquEYKb.exe
  C:\Windows\System\ZquEYKb.exe
  2⤵
  PID:8004
- C:\Windows\System\dwgLLip.exe
  C:\Windows\System\dwgLLip.exe
  2⤵
  PID:8164
- C:\Windows\System\PBeGAAH.exe
  C:\Windows\System\PBeGAAH.exe
  2⤵
  PID:7184
- C:\Windows\System\onrSNNr.exe
  C:\Windows\System\onrSNNr.exe
  2⤵
  PID:8104
- C:\Windows\System\wVAmFVy.exe
  C:\Windows\System\wVAmFVy.exe
  2⤵
  PID:6608
- C:\Windows\System\tXAZZoz.exe
  C:\Windows\System\tXAZZoz.exe
  2⤵
  PID:7288
- C:\Windows\System\yZlrwoV.exe
  C:\Windows\System\yZlrwoV.exe
  2⤵
  PID:7440
- C:\Windows\System\kIEiViA.exe
  C:\Windows\System\kIEiViA.exe
  2⤵
  PID:1744
- C:\Windows\System\NWyFwXd.exe
  C:\Windows\System\NWyFwXd.exe
  2⤵
  PID:7264
- C:\Windows\System\huObXvY.exe
  C:\Windows\System\huObXvY.exe
  2⤵
  PID:7456
- C:\Windows\System\vxJeSyQ.exe
  C:\Windows\System\vxJeSyQ.exe
  2⤵
  PID:7756
- C:\Windows\System\ctKQUmR.exe
  C:\Windows\System\ctKQUmR.exe
  2⤵
  PID:7676
- C:\Windows\System\uOlCpfK.exe
  C:\Windows\System\uOlCpfK.exe
  2⤵
  PID:7532
- C:\Windows\System\kbUKoQj.exe
  C:\Windows\System\kbUKoQj.exe
  2⤵
  PID:7712
- C:\Windows\System\TFknfiU.exe
  C:\Windows\System\TFknfiU.exe
  2⤵
  PID:7520
- C:\Windows\System\TcWYaBW.exe
  C:\Windows\System\TcWYaBW.exe
  2⤵
  PID:7824
- C:\Windows\System\yCQXQJK.exe
  C:\Windows\System\yCQXQJK.exe
  2⤵
  PID:7952
- C:\Windows\System\HpFFTMZ.exe
  C:\Windows\System\HpFFTMZ.exe
  2⤵
  PID:7872
- C:\Windows\System\fAYCXaL.exe
  C:\Windows\System\fAYCXaL.exe
  2⤵
  PID:8020
- C:\Windows\System\RtAcoCj.exe
  C:\Windows\System\RtAcoCj.exe
  2⤵
  PID:6196
- C:\Windows\System\mrMZFHs.exe
  C:\Windows\System\mrMZFHs.exe
  2⤵
  PID:8040
- C:\Windows\System\avyXByA.exe
  C:\Windows\System\avyXByA.exe
  2⤵
  PID:7340
- C:\Windows\System\nbvyceq.exe
  C:\Windows\System\nbvyceq.exe
  2⤵
  PID:6064
- C:\Windows\System\lQnFCDH.exe
  C:\Windows\System\lQnFCDH.exe
  2⤵
  PID:7792
- C:\Windows\System\PhqOaxK.exe
  C:\Windows\System\PhqOaxK.exe
  2⤵
  PID:8072
- C:\Windows\System\NSaFlCY.exe
  C:\Windows\System\NSaFlCY.exe
  2⤵
  PID:7908
- C:\Windows\System\TCOposD.exe
  C:\Windows\System\TCOposD.exe
  2⤵
  PID:7276
- C:\Windows\System\HuxXSRE.exe
  C:\Windows\System\HuxXSRE.exe
  2⤵
  PID:7972
- C:\Windows\System\ZzaFmuT.exe
  C:\Windows\System\ZzaFmuT.exe
  2⤵
  PID:8204
- C:\Windows\System\cdvSLXF.exe
  C:\Windows\System\cdvSLXF.exe
  2⤵
  PID:8220
- C:\Windows\System\ApsHsWD.exe
  C:\Windows\System\ApsHsWD.exe
  2⤵
  PID:8236
- C:\Windows\System\sJluOdj.exe
  C:\Windows\System\sJluOdj.exe
  2⤵
  PID:8252
- C:\Windows\System\KKUeKaU.exe
  C:\Windows\System\KKUeKaU.exe
  2⤵
  PID:8268
- C:\Windows\System\clbEJpb.exe
  C:\Windows\System\clbEJpb.exe
  2⤵
  PID:8284
- C:\Windows\System\VsiPwzC.exe
  C:\Windows\System\VsiPwzC.exe
  2⤵
  PID:8300
- C:\Windows\System\vGrPgAQ.exe
  C:\Windows\System\vGrPgAQ.exe
  2⤵
  PID:8316
- C:\Windows\System\DiwhEce.exe
  C:\Windows\System\DiwhEce.exe
  2⤵
  PID:8332
- C:\Windows\System\ipWNPuO.exe
  C:\Windows\System\ipWNPuO.exe
  2⤵
  PID:8348
- C:\Windows\System\dqebMPS.exe
  C:\Windows\System\dqebMPS.exe
  2⤵
  PID:8364
- C:\Windows\System\OJJDqRU.exe
  C:\Windows\System\OJJDqRU.exe
  2⤵
  PID:8380
- C:\Windows\System\oqpyMbU.exe
  C:\Windows\System\oqpyMbU.exe
  2⤵
  PID:8396
- C:\Windows\System\pLOAtoF.exe
  C:\Windows\System\pLOAtoF.exe
  2⤵
  PID:8412
- C:\Windows\System\kkhyHXf.exe
  C:\Windows\System\kkhyHXf.exe
  2⤵
  PID:8428
- C:\Windows\System\yMumNuS.exe
  C:\Windows\System\yMumNuS.exe
  2⤵
  PID:8444
- C:\Windows\System\DynvBgl.exe
  C:\Windows\System\DynvBgl.exe
  2⤵
  PID:8460
- C:\Windows\System\yBxaGKp.exe
  C:\Windows\System\yBxaGKp.exe
  2⤵
  PID:8476
- C:\Windows\System\rcrlRqH.exe
  C:\Windows\System\rcrlRqH.exe
  2⤵
  PID:8492
- C:\Windows\System\uABNWzb.exe
  C:\Windows\System\uABNWzb.exe
  2⤵
  PID:8508
- C:\Windows\System\tcBNlLm.exe
  C:\Windows\System\tcBNlLm.exe
  2⤵
  PID:8524
- C:\Windows\System\gUTqsQl.exe
  C:\Windows\System\gUTqsQl.exe
  2⤵
  PID:8540
- C:\Windows\System\ntzkFJN.exe
  C:\Windows\System\ntzkFJN.exe
  2⤵
  PID:8556
- C:\Windows\System\qJCLMPg.exe
  C:\Windows\System\qJCLMPg.exe
  2⤵
  PID:8572
- C:\Windows\System\GjFSuUh.exe
  C:\Windows\System\GjFSuUh.exe
  2⤵
  PID:8592
- C:\Windows\System\PFogHiN.exe
  C:\Windows\System\PFogHiN.exe
  2⤵
  PID:8608
- C:\Windows\System\Lkezaju.exe
  C:\Windows\System\Lkezaju.exe
  2⤵
  PID:8624
- C:\Windows\System\OYELFsl.exe
  C:\Windows\System\OYELFsl.exe
  2⤵
  PID:8640
- C:\Windows\System\cqvqURx.exe
  C:\Windows\System\cqvqURx.exe
  2⤵
  PID:8656
- C:\Windows\System\MryhClw.exe
  C:\Windows\System\MryhClw.exe
  2⤵
  PID:8672
- C:\Windows\System\tcNqaLk.exe
  C:\Windows\System\tcNqaLk.exe
  2⤵
  PID:8692
- C:\Windows\System\aJCxdHB.exe
  C:\Windows\System\aJCxdHB.exe
  2⤵
  PID:8708
- C:\Windows\System\bvJGexe.exe
  C:\Windows\System\bvJGexe.exe
  2⤵
  PID:8724
- C:\Windows\System\PrrTvoE.exe
  C:\Windows\System\PrrTvoE.exe
  2⤵
  PID:8740
- C:\Windows\System\sIIZtFO.exe
  C:\Windows\System\sIIZtFO.exe
  2⤵
  PID:8756
- C:\Windows\System\gGCpmsx.exe
  C:\Windows\System\gGCpmsx.exe
  2⤵
  PID:8772
- C:\Windows\System\MoLcGrG.exe
  C:\Windows\System\MoLcGrG.exe
  2⤵
  PID:8788
- C:\Windows\System\gymfpCZ.exe
  C:\Windows\System\gymfpCZ.exe
  2⤵
  PID:8804
- C:\Windows\System\nNcQfTV.exe
  C:\Windows\System\nNcQfTV.exe
  2⤵
  PID:8820
- C:\Windows\System\dMWUuyo.exe
  C:\Windows\System\dMWUuyo.exe
  2⤵
  PID:8836
- C:\Windows\System\eJVuMkJ.exe
  C:\Windows\System\eJVuMkJ.exe
  2⤵
  PID:8852
- C:\Windows\System\drZQaLt.exe
  C:\Windows\System\drZQaLt.exe
  2⤵
  PID:8868
- C:\Windows\System\KtNfyaR.exe
  C:\Windows\System\KtNfyaR.exe
  2⤵
  PID:8884
- C:\Windows\System\pbqSMGd.exe
  C:\Windows\System\pbqSMGd.exe
  2⤵
  PID:8900
- C:\Windows\System\QZBVmEs.exe
  C:\Windows\System\QZBVmEs.exe
  2⤵
  PID:8920
- C:\Windows\System\Mdvwdrd.exe
  C:\Windows\System\Mdvwdrd.exe
  2⤵
  PID:8936
- C:\Windows\System\UwzJSfU.exe
  C:\Windows\System\UwzJSfU.exe
  2⤵
  PID:8952
- C:\Windows\System\NpYopmJ.exe
  C:\Windows\System\NpYopmJ.exe
  2⤵
  PID:8968
- C:\Windows\System\pLtvfeV.exe
  C:\Windows\System\pLtvfeV.exe
  2⤵
  PID:8984
- C:\Windows\System\hdAOeAK.exe
  C:\Windows\System\hdAOeAK.exe
  2⤵
  PID:9000
- C:\Windows\System\RFxyUnj.exe
  C:\Windows\System\RFxyUnj.exe
  2⤵
  PID:9016
- C:\Windows\System\hWMnODd.exe
  C:\Windows\System\hWMnODd.exe
  2⤵
  PID:9032
- C:\Windows\System\DCLsNvi.exe
  C:\Windows\System\DCLsNvi.exe
  2⤵
  PID:9048
- C:\Windows\System\lFgAMkD.exe
  C:\Windows\System\lFgAMkD.exe
  2⤵
  PID:9064
- C:\Windows\System\xFTglcH.exe
  C:\Windows\System\xFTglcH.exe
  2⤵
  PID:9080
- C:\Windows\System\AkUWLQi.exe
  C:\Windows\System\AkUWLQi.exe
  2⤵
  PID:9096
- C:\Windows\System\pLDWuog.exe
  C:\Windows\System\pLDWuog.exe
  2⤵
  PID:9116
- C:\Windows\System\kSVLcFg.exe
  C:\Windows\System\kSVLcFg.exe
  2⤵
  PID:9132
- C:\Windows\System\MlgCwof.exe
  C:\Windows\System\MlgCwof.exe
  2⤵
  PID:9148
- C:\Windows\System\vugFRpP.exe
  C:\Windows\System\vugFRpP.exe
  2⤵
  PID:9164
- C:\Windows\System\xDfIPET.exe
  C:\Windows\System\xDfIPET.exe
  2⤵
  PID:9180
- C:\Windows\System\fDBuoik.exe
  C:\Windows\System\fDBuoik.exe
  2⤵
  PID:9196
- C:\Windows\System\RoRNJXt.exe
  C:\Windows\System\RoRNJXt.exe
  2⤵
  PID:9212
- C:\Windows\System\FcymAlN.exe
  C:\Windows\System\FcymAlN.exe
  2⤵
  PID:7500
- C:\Windows\System\MBLGvso.exe
  C:\Windows\System\MBLGvso.exe
  2⤵
  PID:7568
- C:\Windows\System\nqRkvMP.exe
  C:\Windows\System\nqRkvMP.exe
  2⤵
  PID:8296
- C:\Windows\System\zmTNRah.exe
  C:\Windows\System\zmTNRah.exe
  2⤵
  PID:7616
- C:\Windows\System\aslOJrl.exe
  C:\Windows\System\aslOJrl.exe
  2⤵
  PID:7632
- C:\Windows\System\kbedPDM.exe
  C:\Windows\System\kbedPDM.exe
  2⤵
  PID:8324
- C:\Windows\System\BEVgLGB.exe
  C:\Windows\System\BEVgLGB.exe
  2⤵
  PID:8168
- C:\Windows\System\soZNPnW.exe
  C:\Windows\System\soZNPnW.exe
  2⤵
  PID:8212
- C:\Windows\System\yRLzHqq.exe
  C:\Windows\System\yRLzHqq.exe
  2⤵
  PID:8312
- C:\Windows\System\FwdbVlp.exe
  C:\Windows\System\FwdbVlp.exe
  2⤵
  PID:8388
- C:\Windows\System\gncHekB.exe
  C:\Windows\System\gncHekB.exe
  2⤵
  PID:8452
- C:\Windows\System\VntsPKK.exe
  C:\Windows\System\VntsPKK.exe
  2⤵
  PID:8516
- C:\Windows\System\GULXApb.exe
  C:\Windows\System\GULXApb.exe
  2⤵
  PID:8580
- C:\Windows\System\XuGYLKp.exe
  C:\Windows\System\XuGYLKp.exe
  2⤵
  PID:8648
- C:\Windows\System\hHmrRyX.exe
  C:\Windows\System\hHmrRyX.exe
  2⤵
  PID:8340
- C:\Windows\System\CFfKFqU.exe
  C:\Windows\System\CFfKFqU.exe
  2⤵
  PID:8376
- C:\Windows\System\uRqLnHS.exe
  C:\Windows\System\uRqLnHS.exe
  2⤵
  PID:8752
- C:\Windows\System\ZPYxbTu.exe
  C:\Windows\System\ZPYxbTu.exe
  2⤵
  PID:8816
- C:\Windows\System\mobvobb.exe
  C:\Windows\System\mobvobb.exe
  2⤵
  PID:8880
- C:\Windows\System\skvHVXz.exe
  C:\Windows\System\skvHVXz.exe
  2⤵
  PID:8468
- C:\Windows\System\tPqqnYv.exe
  C:\Windows\System\tPqqnYv.exe
  2⤵
  PID:8732
- C:\Windows\System\AbkYEBw.exe
  C:\Windows\System\AbkYEBw.exe
  2⤵
  PID:8892
- C:\Windows\System\QbgNZQp.exe
  C:\Windows\System\QbgNZQp.exe
  2⤵
  PID:8532
- C:\Windows\System\BFwBTEn.exe
  C:\Windows\System\BFwBTEn.exe
  2⤵
  PID:8604
- C:\Windows\System\fbHYWVM.exe
  C:\Windows\System\fbHYWVM.exe
  2⤵
  PID:8668
- C:\Windows\System\OZSyhft.exe
  C:\Windows\System\OZSyhft.exe
  2⤵
  PID:8828
- C:\Windows\System\XifPEZK.exe
  C:\Windows\System\XifPEZK.exe
  2⤵
  PID:6428
- C:\Windows\System\IOwrKva.exe
  C:\Windows\System\IOwrKva.exe
  2⤵
  PID:8976
- C:\Windows\System\LNvYEup.exe
  C:\Windows\System\LNvYEup.exe
  2⤵
  PID:9076
- C:\Windows\System\egWIHCd.exe
  C:\Windows\System\egWIHCd.exe
  2⤵
  PID:9144
- C:\Windows\System\zecAWIN.exe
  C:\Windows\System\zecAWIN.exe
  2⤵
  PID:8960
- C:\Windows\System\MYDlqUC.exe
  C:\Windows\System\MYDlqUC.exe
  2⤵
  PID:9088
- C:\Windows\System\AjRCUdm.exe
  C:\Windows\System\AjRCUdm.exe
  2⤵
  PID:9156
- C:\Windows\System\QoECHMt.exe
  C:\Windows\System\QoECHMt.exe
  2⤵
  PID:9040
- C:\Windows\System\bFXmEHJ.exe
  C:\Windows\System\bFXmEHJ.exe
  2⤵
  PID:8980
- C:\Windows\System\MnoSdAq.exe
  C:\Windows\System\MnoSdAq.exe
  2⤵
  PID:9204
- C:\Windows\System\ubJanRw.exe
  C:\Windows\System\ubJanRw.exe
  2⤵
  PID:7648
- C:\Windows\System\UvVaGXP.exe
  C:\Windows\System\UvVaGXP.exe
  2⤵
  PID:7808
- C:\Windows\System\owSLLEe.exe
  C:\Windows\System\owSLLEe.exe
  2⤵
  PID:8484
- C:\Windows\System\lZlPijj.exe
  C:\Windows\System\lZlPijj.exe
  2⤵
  PID:7376
- C:\Windows\System\pleAAzz.exe
  C:\Windows\System\pleAAzz.exe
  2⤵
  PID:8200
- C:\Windows\System\plJpbcZ.exe
  C:\Windows\System\plJpbcZ.exe
  2⤵
  PID:8720
- C:\Windows\System\AUHdkEG.exe
  C:\Windows\System\AUHdkEG.exe
  2⤵
  PID:2036
- C:\Windows\System\VzuJeHw.exe
  C:\Windows\System\VzuJeHw.exe
  2⤵
  PID:8548
- C:\Windows\System\goeeOTb.exe
  C:\Windows\System\goeeOTb.exe
  2⤵
  PID:8748
- C:\Windows\System\XkEfGxI.exe
  C:\Windows\System\XkEfGxI.exe
  2⤵
  PID:8768
- C:\Windows\System\onLRXoA.exe
  C:\Windows\System\onLRXoA.exe
  2⤵
  PID:8800
- C:\Windows\System\euIzaZZ.exe
  C:\Windows\System\euIzaZZ.exe
  2⤵
  PID:9140
- C:\Windows\System\WylLotp.exe
  C:\Windows\System\WylLotp.exe
  2⤵
  PID:8864
- C:\Windows\System\jHXlFmx.exe
  C:\Windows\System\jHXlFmx.exe
  2⤵
  PID:8664
- C:\Windows\System\tsAoJqf.exe
  C:\Windows\System\tsAoJqf.exe
  2⤵
  PID:8896
- C:\Windows\System\XTCHzHk.exe
  C:\Windows\System\XTCHzHk.exe
  2⤵
  PID:9024
- C:\Windows\System\hqjDUSF.exe
  C:\Windows\System\hqjDUSF.exe
  2⤵
  PID:8620
- C:\Windows\System\oTKHfUd.exe
  C:\Windows\System\oTKHfUd.exe
  2⤵
  PID:8360
- C:\Windows\System\AnOHFxu.exe
  C:\Windows\System\AnOHFxu.exe
  2⤵
  PID:9192
- C:\Windows\System\xRGBGHs.exe
  C:\Windows\System\xRGBGHs.exe
  2⤵
  PID:8232
- C:\Windows\System\ngdaTSO.exe
  C:\Windows\System\ngdaTSO.exe
  2⤵
  PID:8408
- C:\Windows\System\xjjATWQ.exe
  C:\Windows\System\xjjATWQ.exe
  2⤵
  PID:8876
- C:\Windows\System\ZpQkcnO.exe
  C:\Windows\System\ZpQkcnO.exe
  2⤵
  PID:8504
- C:\Windows\System\AsZAFpC.exe
  C:\Windows\System\AsZAFpC.exe
  2⤵
  PID:8636
- C:\Windows\System\Gfgigfx.exe
  C:\Windows\System\Gfgigfx.exe
  2⤵
  PID:9188
- C:\Windows\System\TyRcXHm.exe
  C:\Windows\System\TyRcXHm.exe
  2⤵
  PID:8440
- C:\Windows\System\zrfDanW.exe
  C:\Windows\System\zrfDanW.exe
  2⤵
  PID:9008
- C:\Windows\System\EyGtfTD.exe
  C:\Windows\System\EyGtfTD.exe
  2⤵
  PID:8280
- C:\Windows\System\CmAcUEd.exe
  C:\Windows\System\CmAcUEd.exe
  2⤵
  PID:8764
- C:\Windows\System\jCTzrfu.exe
  C:\Windows\System\jCTzrfu.exe
  2⤵
  PID:8688
- C:\Windows\System\GIozmob.exe
  C:\Windows\System\GIozmob.exe
  2⤵
  PID:9128
- C:\Windows\System\NEEocNe.exe
  C:\Windows\System\NEEocNe.exe
  2⤵
  PID:8568
- C:\Windows\System\ZqgZbbM.exe
  C:\Windows\System\ZqgZbbM.exe
  2⤵
  PID:7692
- C:\Windows\System\BkpWqfL.exe
  C:\Windows\System\BkpWqfL.exe
  2⤵
  PID:8784
- C:\Windows\System\RdiEhwM.exe
  C:\Windows\System\RdiEhwM.exe
  2⤵
  PID:9220
- C:\Windows\System\FHnMFLn.exe
  C:\Windows\System\FHnMFLn.exe
  2⤵
  PID:9236
- C:\Windows\System\QpLOpyH.exe
  C:\Windows\System\QpLOpyH.exe
  2⤵
  PID:9252
- C:\Windows\System\hhFdaDZ.exe
  C:\Windows\System\hhFdaDZ.exe
  2⤵
  PID:9268
- C:\Windows\System\tTvbPRE.exe
  C:\Windows\System\tTvbPRE.exe
  2⤵
  PID:9284
- C:\Windows\System\AScDXRk.exe
  C:\Windows\System\AScDXRk.exe
  2⤵
  PID:9300
- C:\Windows\System\EVpDOXv.exe
  C:\Windows\System\EVpDOXv.exe
  2⤵
  PID:9316
- C:\Windows\System\BGTPwkB.exe
  C:\Windows\System\BGTPwkB.exe
  2⤵
  PID:9332
- C:\Windows\System\eXlSlqu.exe
  C:\Windows\System\eXlSlqu.exe
  2⤵
  PID:9348
- C:\Windows\System\REbDqTR.exe
  C:\Windows\System\REbDqTR.exe
  2⤵
  PID:9364
- C:\Windows\System\PuyLXMV.exe
  C:\Windows\System\PuyLXMV.exe
  2⤵
  PID:9380
- C:\Windows\System\irgjELx.exe
  C:\Windows\System\irgjELx.exe
  2⤵
  PID:9400
- C:\Windows\System\WzayAnE.exe
  C:\Windows\System\WzayAnE.exe
  2⤵
  PID:9416
- C:\Windows\System\EcdbOzi.exe
  C:\Windows\System\EcdbOzi.exe
  2⤵
  PID:9432
- C:\Windows\System\NZxMjVf.exe
  C:\Windows\System\NZxMjVf.exe
  2⤵
  PID:9448
- C:\Windows\System\bufSqdY.exe
  C:\Windows\System\bufSqdY.exe
  2⤵
  PID:9464
- C:\Windows\System\SxiIqOi.exe
  C:\Windows\System\SxiIqOi.exe
  2⤵
  PID:9480
- C:\Windows\System\QpMjEsu.exe
  C:\Windows\System\QpMjEsu.exe
  2⤵
  PID:9500
- C:\Windows\System\PeYfyqG.exe
  C:\Windows\System\PeYfyqG.exe
  2⤵
  PID:9516
- C:\Windows\System\rxaOwAq.exe
  C:\Windows\System\rxaOwAq.exe
  2⤵
  PID:9532
- C:\Windows\System\WMjnvnW.exe
  C:\Windows\System\WMjnvnW.exe
  2⤵
  PID:9548
- C:\Windows\System\UCcWUNh.exe
  C:\Windows\System\UCcWUNh.exe
  2⤵
  PID:9568
- C:\Windows\System\xyzljpd.exe
  C:\Windows\System\xyzljpd.exe
  2⤵
  PID:9592
- C:\Windows\System\EwSJvSn.exe
  C:\Windows\System\EwSJvSn.exe
  2⤵
  PID:9648
- C:\Windows\System\wzavGoT.exe
  C:\Windows\System\wzavGoT.exe
  2⤵
  PID:9672
- C:\Windows\System\JLEHVzs.exe
  C:\Windows\System\JLEHVzs.exe
  2⤵
  PID:9696
- C:\Windows\System\pWNhlmd.exe
  C:\Windows\System\pWNhlmd.exe
  2⤵
  PID:9768
- C:\Windows\System\KNpvYja.exe
  C:\Windows\System\KNpvYja.exe
  2⤵
  PID:9792
- C:\Windows\System\RQQbnZM.exe
  C:\Windows\System\RQQbnZM.exe
  2⤵
  PID:9844
- C:\Windows\System\oYtJrzA.exe
  C:\Windows\System\oYtJrzA.exe
  2⤵
  PID:9924
- C:\Windows\System\CjfwjnP.exe
  C:\Windows\System\CjfwjnP.exe
  2⤵
  PID:9944
- C:\Windows\System\rvAusvH.exe
  C:\Windows\System\rvAusvH.exe
  2⤵
  PID:10032
- C:\Windows\System\TdEbJfP.exe
  C:\Windows\System\TdEbJfP.exe
  2⤵
  PID:10204
- C:\Windows\System\gzcRsEa.exe
  C:\Windows\System\gzcRsEa.exe
  2⤵
  PID:10224
- C:\Windows\System\GMqOAbR.exe
  C:\Windows\System\GMqOAbR.exe
  2⤵
  PID:8424
- C:\Windows\System\NnIJeoh.exe
  C:\Windows\System\NnIJeoh.exe
  2⤵
  PID:8616
- C:\Windows\System\jDisfNC.exe
  C:\Windows\System\jDisfNC.exe
  2⤵
  PID:9324
- C:\Windows\System\tyXabAV.exe
  C:\Windows\System\tyXabAV.exe
  2⤵
  PID:9244
- C:\Windows\System\JFQKsyF.exe
  C:\Windows\System\JFQKsyF.exe
  2⤵
  PID:9392
- C:\Windows\System\WFQPAwg.exe
  C:\Windows\System\WFQPAwg.exe
  2⤵
  PID:9408
- C:\Windows\System\WwFiZWb.exe
  C:\Windows\System\WwFiZWb.exe
  2⤵
  PID:9456
- C:\Windows\System\yPfZVYP.exe
  C:\Windows\System\yPfZVYP.exe
  2⤵
  PID:9512
- C:\Windows\System\GlobIwf.exe
  C:\Windows\System\GlobIwf.exe
  2⤵
  PID:9556
- C:\Windows\System\yyQGaSN.exe
  C:\Windows\System\yyQGaSN.exe
  2⤵
  PID:9396
- C:\Windows\System\hkpEpsz.exe
  C:\Windows\System\hkpEpsz.exe
  2⤵
  PID:9608
- C:\Windows\System\xagDPHE.exe
  C:\Windows\System\xagDPHE.exe
  2⤵
  PID:9632
- C:\Windows\System\eWqGHyl.exe
  C:\Windows\System\eWqGHyl.exe
  2⤵
  PID:9684
- C:\Windows\System\NdyDjUi.exe
  C:\Windows\System\NdyDjUi.exe
  2⤵
  PID:9780
- C:\Windows\System\cJmGSfV.exe
  C:\Windows\System\cJmGSfV.exe
  2⤵
  PID:9664
- C:\Windows\System\DprrEDh.exe
  C:\Windows\System\DprrEDh.exe
  2⤵
  PID:9720
- C:\Windows\System\NZDQuvG.exe
  C:\Windows\System\NZDQuvG.exe
  2⤵
  PID:9724
- C:\Windows\System\HtrSoNG.exe
  C:\Windows\System\HtrSoNG.exe
  2⤵
  PID:9744
- C:\Windows\System\auMgahA.exe
  C:\Windows\System\auMgahA.exe
  2⤵
  PID:9800
- C:\Windows\System\AYmMgtA.exe
  C:\Windows\System\AYmMgtA.exe
  2⤵
  PID:9816
- C:\Windows\System\EyibGzH.exe
  C:\Windows\System\EyibGzH.exe
  2⤵
  PID:9836
- C:\Windows\System\NWzpsMI.exe
  C:\Windows\System\NWzpsMI.exe
  2⤵
  PID:9872
- C:\Windows\System\RKIcIqw.exe
  C:\Windows\System\RKIcIqw.exe
  2⤵
  PID:9912
- C:\Windows\System\hTKCEIy.exe
  C:\Windows\System\hTKCEIy.exe
  2⤵
  PID:9896
- C:\Windows\System\wOiomug.exe
  C:\Windows\System\wOiomug.exe
  2⤵
  PID:9880
- C:\Windows\System\hiiLoXM.exe
  C:\Windows\System\hiiLoXM.exe
  2⤵
  PID:9980
- C:\Windows\System\hMnRuIN.exe
  C:\Windows\System\hMnRuIN.exe
  2⤵
  PID:10012
- C:\Windows\System\zTkKBfi.exe
  C:\Windows\System\zTkKBfi.exe
  2⤵
  PID:10008
- C:\Windows\System\JQllmTc.exe
  C:\Windows\System\JQllmTc.exe
  2⤵
  PID:10024
- C:\Windows\System\xDUWvac.exe
  C:\Windows\System\xDUWvac.exe
  2⤵
  PID:10072
- C:\Windows\System\WWmMjUX.exe
  C:\Windows\System\WWmMjUX.exe
  2⤵
  PID:10076
- C:\Windows\System\DJMTwVZ.exe
  C:\Windows\System\DJMTwVZ.exe
  2⤵
  PID:10056
- C:\Windows\System\OfYzrBq.exe
  C:\Windows\System\OfYzrBq.exe
  2⤵
  PID:10112
- C:\Windows\System\mJfXebN.exe
  C:\Windows\System\mJfXebN.exe
  2⤵
  PID:10128
- C:\Windows\System\iwyFhxw.exe
  C:\Windows\System\iwyFhxw.exe
  2⤵
  PID:10148
- C:\Windows\System\PJUxVTV.exe
  C:\Windows\System\PJUxVTV.exe
  2⤵
  PID:10168
- C:\Windows\System\QqYzrmT.exe
  C:\Windows\System\QqYzrmT.exe
  2⤵
  PID:10188
- C:\Windows\System\gTuQyBM.exe
  C:\Windows\System\gTuQyBM.exe
  2⤵
  PID:10216
- C:\Windows\System\pFCVkmR.exe
  C:\Windows\System\pFCVkmR.exe
  2⤵
  PID:8932
- C:\Windows\System\lHFDTUf.exe
  C:\Windows\System\lHFDTUf.exe
  2⤵
  PID:8564
- C:\Windows\System\rNHscUS.exe
  C:\Windows\System\rNHscUS.exe
  2⤵
  PID:9276
- C:\Windows\System\IVCcJML.exe
  C:\Windows\System\IVCcJML.exe
  2⤵
  PID:9340
- C:\Windows\System\WsaDpKz.exe
  C:\Windows\System\WsaDpKz.exe
  2⤵
  PID:9440
- C:\Windows\System\UxbeBCz.exe
  C:\Windows\System\UxbeBCz.exe
  2⤵
  PID:9492
- C:\Windows\System\zWvWfgX.exe
  C:\Windows\System\zWvWfgX.exe
  2⤵
  PID:9508
- C:\Windows\System\Ozbqppz.exe
  C:\Windows\System\Ozbqppz.exe
  2⤵
  PID:9528
- C:\Windows\System\ujszWJb.exe
  C:\Windows\System\ujszWJb.exe
  2⤵
  PID:9600
- C:\Windows\System\cwuBBpC.exe
  C:\Windows\System\cwuBBpC.exe
  2⤵
  PID:9644
- C:\Windows\System\nmyJvzr.exe
  C:\Windows\System\nmyJvzr.exe
  2⤵
  PID:9788
- C:\Windows\System\qxReqxH.exe
  C:\Windows\System\qxReqxH.exe
  2⤵
  PID:9668
- C:\Windows\System\RzjiMAs.exe
  C:\Windows\System\RzjiMAs.exe
  2⤵
  PID:9736
- C:\Windows\System\czArcLX.exe
  C:\Windows\System\czArcLX.exe
  2⤵
  PID:9852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BIPHrNG.exe

Filesize
6.0MB

MD5
8abd6fff1dd34064ec3b3a3fe5a3da1e

SHA1
f51d7e35bd4b339315c86a050dc50915e1c97499

SHA256
4ed6e3b6f145bdd1a1e2f710dce4e999f7ba327ce49b59e3bc0fcb5deb5443b7

SHA512
33cac4ea330d1b151933149a21efb0ccb843e50ea686923c7abc734a8963b25e95452601469eb8dab968503e0ba0aa13e658e9b87ec765f4e9af9899066ada81

Download Submit
C:\Windows\system\HRECYEP.exe

Filesize
6.0MB

MD5
305b2f53ed4019513d5ccdc57b6a3ec5

SHA1
6b547e2645befe7d9b7a415c95e4a5e3158d9ead

SHA256
b0dd3d5275b8f750c8103b6326709c393d554f41af59935a3d87997eee1c48e8

SHA512
ff359a21959dfd98cc3fb5b36f5b59c11c7ff02c8b56049b5c2eaed94ddb253a4e9f9f0b9702c700b93e0a5b0d229f127723d03d93c031d7efdfca8c2dffe88a

Download Submit
C:\Windows\system\HnlWmxZ.exe

Filesize
6.0MB

MD5
11f1abb2ca5a2aa6de4bf44129fbe752

SHA1
658bf24ab192d901a01bc49c62160ea24b4405db

SHA256
df6c92c3229b2c53e872caeed59df4d8fb839684331186406a9a5064397d612f

SHA512
3824b31de0200ab4d79cfff0283a4e2b57a2ad6f4267376e717468d3f7bc2b5538840c331867d1250de63a7f097715725c7eed37018464a7cf9214a80d41fea6

Download Submit
C:\Windows\system\ILpeGRI.exe

Filesize
6.0MB

MD5
9d096fdb8b9fad5955c8cec28ef381c4

SHA1
36b703245d1c011090fca7a3cfcd09d592d43392

SHA256
88e84ee8fffea772a0ead71d888f90ef0124181c3b7ac8691a7f6e14efe70840

SHA512
4bf4375330e3f3ff1e8997d4b39ac916d601190f0a6a2ba317c904dfdce2ced5120775ebf6f1b6e2ba08e91accd2c04b67eb704e5e38155b186977b044ccbb42

Download Submit
C:\Windows\system\IqAtqfe.exe

Filesize
6.0MB

MD5
49689a47bb825122f40f11dd677a52bc

SHA1
b35ad413cb579657bb9884c92b3fa859a36a2263

SHA256
8beca20dde290d8b58b4eedac40fbfac8582e68c387216e1cc468865e980c5c8

SHA512
9bcb0fc43e031dc2564ec6d29598b209d07a476dc7d5ad89f1fce1f91b588a4585a338cbc2913899ed97a75f956d946b79917cbee14d678d317fb5b1aa48aa23

Download Submit
C:\Windows\system\KYmhRKZ.exe

Filesize
6.0MB

MD5
57bf0f2aedfe43a5b6debaa8f695da9f

SHA1
828d45cd2dca1fda427ed6174a4eba9f324bbf43

SHA256
443a7ec0a487376a4cdb8abdd175d6c5ed674acd0c35f7a93798a3804ae78ad9

SHA512
28926b0b1d39c6bc25b039ddbf999e4312c42a12d7865180ff4664a3b8e5b6afb46da6585a5a19ca329c2edd9d5d6e6a76ef1314950bbb04d241dcd0117b58f4

Download Submit
C:\Windows\system\LDgCHWF.exe

Filesize
6.0MB

MD5
14dc7cc1bd10c272d1f0fbf98b8402c5

SHA1
c7c880aa7de2cf435f65f60fe11f0ced4a010352

SHA256
17e6364fa961ebcdf2bb43c28ada0ba6b26e2ceb5194045030e2c8fda27184e1

SHA512
688e6902ee340031a038d686f3157f6484d5a647c4e74a2c1cfff7a1eb72b542a021aaa30618e5d859c6b27ac9cd2cab491b8cedbe2f185d5e916f8046a67929

Download Submit
C:\Windows\system\MfkAxnS.exe

Filesize
6.0MB

MD5
b71c432f7de5e35f1c59b4cc63d5c6eb

SHA1
3f1505cd4e2c20b086114f4279b0af1de857d4e8

SHA256
71f56eaa5f00ffafc7191064b01122537b740f076b4ac375ad865e200c9a67c0

SHA512
ff3fbc4315317e2ab9f76f29868615fd01347696a4804594ebbb082b0251fb8b79737892cf078179592c81d0c1a56ddff2755c60220c536cd8b04b0446870cf9

Download Submit
C:\Windows\system\PeyFxQl.exe

Filesize
6.0MB

MD5
a478c1007a388184b8db9831709cbb85

SHA1
13439d9e2b8e2ba6c53345f1a30b387f1b6e25ab

SHA256
750d8f0ae2e8570265cbb78a4a5e67c53866d21ca45269eb840ed7ed320a412c

SHA512
b9e59a9568edc91f4d360ec8f2fca7f6a1c5d194833fdaa5b3ebec504c3f29c8b0c76b7ab0f676f7a2b961894305cd815387d03033e01fb6abf0a397aed95d1c

Download Submit
C:\Windows\system\QwbiPrf.exe

Filesize
6.0MB

MD5
eb71880860598167d1eeb1f3d6c24cfe

SHA1
caff793e5cda35fa1f59946198abb1e7721a0515

SHA256
f0a6d64e49c12aba8787f3b21f90287e80fedf368a8516dc3b5b01bf94dec012

SHA512
aa6d9ff9f0c4502f527060df136742726ff55df18192d1a008071072908dd29711f7ae75d0a9acaceb766165656fdd536607a9e8b65c1237dca8dfbfddb7af4d

Download Submit
C:\Windows\system\YqteUBA.exe

Filesize
6.0MB

MD5
473c0fdea75cca6781eb2b9e4c6b41d3

SHA1
b3e9760fe23c150bd092ce6a01e13c589f051c08

SHA256
9d541a499bc036738cc85812b917d4da8b8693d22b7c570fcf9b99b1f46e3b63

SHA512
015e0da8a237b8ff757d9d0b0cbea8d47cf53fc63d3200c243148a37106dbd1804a1d871a30b73a6291f9f6ea3de3da6d55cf5290dc63e53d296f6595996ff87

Download Submit
C:\Windows\system\aAEnZKo.exe

Filesize
6.0MB

MD5
4100921adda75d1b77c7908a8a609628

SHA1
b4a7de24889c7f42d927538c0b93a6eebe7ea133

SHA256
6f1c50b053062c2dca5398acefafb2cd6fa5dddfd91b75c7ba139a24c910707f

SHA512
dbc670133e0f76c69bb409a03c4a2cb3d06d04ac7c8a4faa875811501e6bc0cd9ed68df236426d2164a0b25c16bdd5bc6267bb4cbf2e34a02cf47e456f8aabdb

Download Submit
C:\Windows\system\dipQxFS.exe

Filesize
6.0MB

MD5
4bdafd0b808f0a6b0bea4eb707cb94e2

SHA1
64f9c398fb8256859b4248e24a11ddbb06cbe6a2

SHA256
aca6e7030fe09ad551d11df8e423630a10bf91f176bdccc256eabace3ad11de5

SHA512
ada5a12df4ee76fbc71a8660684567b2bcb1de1546c81082af1a2b9cc3ae1139c29cbdc15e559333594d352040aecd8bcf5042b8477e56cb630f0d19601d6548

Download Submit
C:\Windows\system\hDqBvOA.exe

Filesize
6.0MB

MD5
98099e8890a0aadbdd950c4d3ed94197

SHA1
d36ccbaf52f298a388a90e585617af9336da2af1

SHA256
007ca5cea1be78e99058cb5efe9c203095b97c23c1da072330c5b9f73b688d96

SHA512
5accbdd41f9466c17f8b2ac1656d2f2ae23e4e4957858164981496d9e33c871b7efc69806deca8604d57d1d9341fea2976259bcc6be6bf723c58080fe1ca8f49

Download Submit
C:\Windows\system\mMbTadw.exe

Filesize
6.0MB

MD5
731e650bc852d7f2dd2b347f8fb108aa

SHA1
a58593b9331eea17f9e333a570dc2564e168ab40

SHA256
2459a855a8c7d8fa71085b53525ca71e9950fa213ed9538cd212b80cf7abaa20

SHA512
cf33e131d46847da2b4e28a40ebd84acfdf2f94dba75144187a4ac92717804aa69ad58a653e8d5d2d63c57ef8b66bd6eb7e196042942c795f1be4dc9fc28ca27

Download Submit
C:\Windows\system\oKtgdfZ.exe

Filesize
6.0MB

MD5
28e2889ed5f2d546b6b1564e26838547

SHA1
ca284fdc9d2a815517660f3bc23c9c6f2d9d012d

SHA256
664008456bfe1a863087f258ed1c34cc11de8e8a0a8b75b6bf59757ebb040989

SHA512
79962977c6593ea919f03e06d7de8f3fdc1bccaec2e73cbb23b66c3ce9ce3c4267b6cb52615e424131f5f57f42764d29179f2fa15ceb90767e8a1c33b783b098

Download Submit
C:\Windows\system\qGRiRgn.exe

Filesize
6.0MB

MD5
62428c131fa212e0b4888518df0d3b15

SHA1
c2827880cb1420bfd24aa3c782014764859093fb

SHA256
6ae701bb18b09aee931ef557188bd452c57e8dba9bf713bbb313aeba53dae8b9

SHA512
a3ff500adc7ff5b9fb2f79c4d36c220ca622725ce2cc9634f39a00cced9c0c9d1251775b392deaee267be27ace9f07474e58b09a20daa7669b049919e037cd23

Download Submit
C:\Windows\system\qmKVfah.exe

Filesize
6.0MB

MD5
148238c178d556975783b9decbc38adf

SHA1
a06cb7d59e4001c5acf952de33a822641f7fe805

SHA256
ff91a5b3d0d1c4415bae76465469c04f501e247ca56dd9a2299346714b5d9a49

SHA512
b25a44e5b2a552ac2ecacf9806b231333b75869ab20aa576af24529f3c36d07eae7bf21e51e981c82a29a7b8a024e21bbd3663ceea11109bbf5ca068451ae593

Download Submit
C:\Windows\system\qvvqzii.exe

Filesize
6.0MB

MD5
9191a310ea9bbd22023e5846ad485197

SHA1
85cda8929bf8e23cd3e76d0de50ec31aea5a2d1c

SHA256
e9313fd94b2493fbbb47c73aff7ea30b22e03308e83fef3848e1463a86db1195

SHA512
c6634a208eeccd878ae01466eb4378a1b6edf52cb62cc45e2625ef7417c41ea38c5734d761a287fbae1f4e0e05bb87cc91eeb28c44456d7f3d688015e15faf8b

Download Submit
C:\Windows\system\sdhBzzi.exe

Filesize
6.0MB

MD5
e8de89d79033f01de5609cec934fb160

SHA1
357d974db6da226cd5e39ed9838f8e8458ae0c8f

SHA256
c3142cd018b6996b9935cc67d415bf89cd6ed6228e845631a59d357a79fbfedb

SHA512
6482f67f96f90e7e744c36d6db1e8ea91b958c0b7146bbfc8842b6dc88bbbc9de3b59aa6639a9723722ea501db9068394e8c6b67568e2ca97b4825dac2562e5d

Download Submit
C:\Windows\system\tXfYYXp.exe

Filesize
6.0MB

MD5
940146ca47c1091e44987d71edb7419d

SHA1
79be8b7e854a1170cd4abbca4da6341c198ca7a5

SHA256
6561fc337899d6333bcbf1f59240e35ff5162eb341b57a87330d4984d5975591

SHA512
9203de1b4fdb6c6aaebcfb456e8d4d9549bf31d679d2af2cc3696b9b579c0e49153b56c8b7e80ad7218538db283fc361dc601cd150c12e8e3fab186fbe8acaae

Download Submit
C:\Windows\system\wiJlCat.exe

Filesize
6.0MB

MD5
73bc7abb1640bb364fc74dbce6cb595c

SHA1
2912ec530cc40e91f23e845273497c91403727f3

SHA256
9559e638655bbbabea9aa4589ff60af7d4dfbecb88dfa3f3483ba00f1d94d4a2

SHA512
e1836c7aa5ba2a29ff7a8337a8f7a337734a1e0aff2af590e1eab16682391ad244e6a1a3967b03d3b6a962a57bba8090b872cb24a9a10788b7ee093d81e9d609

Download Submit
C:\Windows\system\wzvukKU.exe

Filesize
6.0MB

MD5
69d343675974fbd4345194d68924a985

SHA1
456ba69d807c7392488fc66e52817f0cff3ecb06

SHA256
38c261cf4991cbb2ba47c162587d514f5a6e6cc44e2c776063d6f8787334e23c

SHA512
c29823ec11a18e283a54a22f8c41838a71aa185a98737450882cb9a1e3c50671675a0e8d7aea391446d5927e117c4cf8ad315cd6b1772a5231d3ee9fa0a44d60

Download Submit
\Windows\system\GXLuUrC.exe

Filesize
6.0MB

MD5
9e026678cde0082b0b0ed2fb43043f03

SHA1
3806b36d23f6819a84d61f1528a591a3faca009e

SHA256
642a244d4d7a66fbadbcb4c57ed0c2a120d29461611d57eb48f97d8dffb2a237

SHA512
c4c214d1d57c3a30800ec29a53694e71ce67a527e02aaa60d37113540f1e7a4de2fa8486af95c770c5c5ab4c2d3a2433a4baf58ed1043277001811a198859f85

Download Submit
\Windows\system\OnEDBqg.exe

Filesize
6.0MB

MD5
27b2e0a84220d62cadab22f7ad47346f

SHA1
3a8a82fdefffdddb6357276bf4faeb0a7e1affc1

SHA256
a3ccdb9b6d1c5a5efc6e056743ecd51f8a84b8069e79e581f566d48fc97b7bb9

SHA512
cb30f079d9d8e47658d75f48131fb6b94d8adb659f6a0e4f685c809fb9a816a87f4cd62d78d76bd5a008756e26e21895d7da43189c92114c2a5ebdd62bb09e5e

Download Submit
\Windows\system\XbSkfKE.exe

Filesize
6.0MB

MD5
d693ef000691cb805a03cdb7d3142ee0

SHA1
944400612bcd066b69217e61e5a1284b8db70a61

SHA256
f6d0b0d6f5aeb84cb78cb89e5637fdb8c924929b83918c2a0a7707f085946b87

SHA512
631d586f8640bbe24811de30a40c2b8c407c741a96d9f44c39c908b57cdbe1133e9b55c8fd024df50c3222dc7ae3e55ccf34ea5fb744a5001b40c4eed96b4abd

Download Submit
\Windows\system\edhnQel.exe

Filesize
6.0MB

MD5
d2c0bd1dbc9c3346cd2bcdda5dba05b5

SHA1
c850ed63dfa7430a3bfac2cc0aa03865cd2e2fe8

SHA256
3dcf449507e2361fdd86d80e41dbe7ab70968fb5e7467e5dd39f3130d1a367dd

SHA512
be558d170e3302c8ef6f1b131e6ccdb6e80a4338a1046b58fd56ca683a5708690852984517afe991e114b4c139d16966ea27e0076f970cc5fe58e13dc690c3f0

Download Submit
\Windows\system\hzqMKjY.exe

Filesize
6.0MB

MD5
f726d7f84087339220d292e1a3c566be

SHA1
a50ccc7930c4ee1247c5b1a89020739583a1b3bd

SHA256
0df75363e6ceb580d0f8e43ae75660fd67c7845741d890c345b6a9c6beab5ec5

SHA512
3f6be2e2c0b1e7b97b2681a6f4daf247d24baafd8bbc87ea9b1e7315f34af9bb3bb85846f5fac340934cf1028c6aa0e5dc1d6407625added0ac3c450790d94c7

Download Submit
\Windows\system\iFaANyM.exe

Filesize
6.0MB

MD5
0fc4f8b5f01e1268f667d0cbdde68a68

SHA1
88cefdb5e781298075aba06369416c0d960d6527

SHA256
00ef3a5ef36761f3ab7e8edf9a4453362dc473c93dde433d382b2675efdc95c4

SHA512
570e76c1221ea25596d33e89d1a119a35733ccd358bc717a315cecc31fcc0bc2b704fc0e9c01a4df2196f8f1f133a0efab149b8b1d296f8cc61994a742a34ecb

Download Submit
\Windows\system\oyYJtho.exe

Filesize
6.0MB

MD5
057eed81de4af55f047f78147f4f13c0

SHA1
e8135ea4bbd892ec49fa53c337d481609b29091f

SHA256
73a03414755a74e18c0dbb65bb3f9b9b4b4e3c4bb2a7e6e250d2610064832993

SHA512
ff7122a68065455b575b66fea453d538c23d7ab8058755e8e68a3b24ab0e2c548e69d885079cb512ade1e414cf9924a9f35516f74ed716938568a2e641a7ad80

Download Submit
\Windows\system\xnRwvUQ.exe

Filesize
6.0MB

MD5
748cd835de02863ddba6f09440705e01

SHA1
4a9181288889af9c9305bcc6029d9f18e87cb99e

SHA256
d69e9a16990150c66c9b804caf64467c2dc086ab14d879fe91e443fcc403d209

SHA512
0786ecb161bab424831e4ac9e7065aa039f1bb1226da61fe50dfea9fd6bcfebe81282a557ab23fad4e4c38ef21ae4cc8216bd14d96d60c5b57fa544ae922bf89

Download Submit
\Windows\system\xvmwuLc.exe

Filesize
6.0MB

MD5
06ab0c66bdaf90d6e4b7b80b9cfbebeb

SHA1
c0e1f33326a7a1bad1756193d3db6468733bcee0

SHA256
5f4b032f559dc0d74d40409e70231da6eeab9fccc33fc6d5fcebb527d7b54d75

SHA512
e6dde4e945cadc83d709750a15f85282d8554093fd057d985971b3aa48ca5e1101ff575bade984ab7272a4717e62b134c373ecb9cf7603dca4e5f9f7701e5cdb

Download Submit
memory/1800-92-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-956-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-4065-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-81-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-37-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-62-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2308-490-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2308-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2308-96-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-8-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2308-114-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2308-955-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2308-1195-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2308-1196-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2308-1323-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2308-86-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2308-87-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-21-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2308-115-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-117-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2308-35-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2308-0-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-119-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2308-40-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-47-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2308-72-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2308-120-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2308-121-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2308-31-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2308-14-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-4008-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2532-116-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2556-821-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-56-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-9-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2752-4007-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2752-181-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2752-23-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2760-820-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2760-4004-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2760-41-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2764-34-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4005-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2764-337-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2820-110-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3971-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-16-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-690-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-4006-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-38-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-118-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2912-4095-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download