cobaltstrike | 62cd2b105984fca68ad74f5f8514e4e07536146bde2ebe54e29435909118a251

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-09-2024 15:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

25d97f26b74ffc087523bcbe0916c968
SHA1

9ad9d958fd4402f209c9deca0745ff407cfc9a82
SHA256

62cd2b105984fca68ad74f5f8514e4e07536146bde2ebe54e29435909118a251
SHA512

588ca61955f270f709a59aca86a2cb39b533504e2f6af4eb6e60214ba746dda23109307ee75f63f1bf8f196be65b64313e1c4cf4ea17efe5a7beb48c279f9a06
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUf:T+q56utgpPF8u/7f

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000012102-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017481-7.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001749c-12.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174bf-18.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173f6-31.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001867d-32.dat	cobalt_reflective_dll
behavioral1/files/0x0016000000018657-25.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c38-53.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878d-46.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c8-41.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d20-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48e-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a431-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a345-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a1-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a067-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9f-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019da4-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46a-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3a-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48c-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a434-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42f-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42b-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07b-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb9-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db8-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d44-136.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000190c9-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c53-73.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 57 IoCs

miner

resource	yara_rule
behavioral1/memory/1788-0-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000012102-3.dat	xmrig
behavioral1/files/0x0008000000017481-7.dat	xmrig
behavioral1/files/0x000800000001749c-12.dat	xmrig
behavioral1/files/0x00080000000174bf-18.dat	xmrig
behavioral1/files/0x00080000000173f6-31.dat	xmrig
behavioral1/files/0x000600000001867d-32.dat	xmrig
behavioral1/files/0x0016000000018657-25.dat	xmrig
behavioral1/files/0x0005000000019c38-53.dat	xmrig
behavioral1/files/0x000600000001878d-46.dat	xmrig
behavioral1/files/0x00060000000186c8-41.dat	xmrig
behavioral1/memory/2484-38-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d20-165.dat	xmrig
behavioral1/files/0x000500000001a48e-129.dat	xmrig
behavioral1/files/0x000500000001a431-181.dat	xmrig
behavioral1/files/0x000500000001a42d-180.dat	xmrig
behavioral1/files/0x000500000001a345-179.dat	xmrig
behavioral1/files/0x000500000001a0a1-178.dat	xmrig
behavioral1/files/0x000500000001a067-177.dat	xmrig
behavioral1/files/0x0005000000019f9f-176.dat	xmrig
behavioral1/files/0x0005000000019da4-175.dat	xmrig
behavioral1/memory/2720-174-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2884-170-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/1788-169-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/852-168-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2368-167-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46a-123.dat	xmrig
behavioral1/memory/2428-68-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2600-162-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a49a-159.dat	xmrig
behavioral1/files/0x0005000000019c3a-156.dat	xmrig
behavioral1/files/0x000500000001a48c-155.dat	xmrig
behavioral1/files/0x000500000001a434-153.dat	xmrig
behavioral1/files/0x000500000001a42f-152.dat	xmrig
behavioral1/files/0x000500000001a42b-150.dat	xmrig
behavioral1/memory/2700-148-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/files/0x000500000001a301-140.dat	xmrig
behavioral1/files/0x000500000001a07b-139.dat	xmrig
behavioral1/files/0x0005000000019fb9-138.dat	xmrig
behavioral1/files/0x0005000000019db8-137.dat	xmrig
behavioral1/files/0x0005000000019d44-136.dat	xmrig
behavioral1/files/0x00080000000190c9-135.dat	xmrig
behavioral1/memory/2784-97-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c53-73.dat	xmrig
behavioral1/memory/2836-60-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2832-52-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/1788-182-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2368-3727-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/852-3732-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2832-3744-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2600-3751-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2720-3761-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2784-3760-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2700-3759-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2836-3758-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2884-3800-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2428-3798-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2368	bHLztFi.exe
852	ViPBwqZ.exe
2484	ufGfbuj.exe
2832	DMEdGFF.exe
2836	zUeJpNj.exe
2428	MzztaYI.exe
2884	yZKEqtN.exe
2784	krpitJJ.exe
2700	EchfDUz.exe
2720	tZmhHep.exe
2600	MpHVLqA.exe
2928	lRndZYj.exe
3040	LQIULSm.exe
2008	BBkxvPW.exe
1596	DuaFKCS.exe
1388	TsNJnoc.exe
1856	ftXuQOH.exe
1468	NJiTmzE.exe
1148	JCveEgr.exe
2024	MtTrfJq.exe
2788	KnWUqxF.exe
2696	xTBJQaF.exe
380	yPxrZsZ.exe
2660	aAwGeDQ.exe
1844	hPrccWb.exe
2324	iTCxQch.exe
1696	aPClyme.exe
1984	eqABBgb.exe
844	qijqZWq.exe
1940	NCWxrDW.exe
2644	tOudEvJ.exe
2804	BJKUaDW.exe
2816	OvyenCZ.exe
1084	swNxnqh.exe
1796	vcJMWXA.exe
796	XaegcxF.exe
1536	yJeIMbQ.exe
1672	MHQacVg.exe
1352	kcthhET.exe
2464	FPcyUDh.exe
3064	RwPMGut.exe
3060	whPIfMp.exe
2404	BBPaEhX.exe
1748	kSBFcVP.exe
616	vzdXpaZ.exe
2120	zHVsUYW.exe
1036	pxGStFz.exe
584	ZjbRaBJ.exe
1256	rssKNXZ.exe
2308	eykyEhP.exe
812	DBsDrmv.exe
2064	QyJDlKA.exe
2336	pKnqSOc.exe
2692	ZtQPtYw.exe
2448	NPYZGbZ.exe
2864	wZNEJzi.exe
2932	PAOcrQT.exe
2588	RLkFDbf.exe
688	OAGctms.exe
1424	ZRXQqJj.exe
2496	ELfIYsq.exe
2812	bqUjHmm.exe
2648	oCDNDEr.exe
1480	eiDjYJk.exe

Loads dropped DLL 64 IoCs

pid	Process
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 56 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1788-0-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/files/0x0008000000012102-3.dat	upx
behavioral1/files/0x0008000000017481-7.dat	upx
behavioral1/files/0x000800000001749c-12.dat	upx
behavioral1/files/0x00080000000174bf-18.dat	upx
behavioral1/files/0x00080000000173f6-31.dat	upx
behavioral1/files/0x000600000001867d-32.dat	upx
behavioral1/files/0x0016000000018657-25.dat	upx
behavioral1/files/0x0005000000019c38-53.dat	upx
behavioral1/files/0x000600000001878d-46.dat	upx
behavioral1/files/0x00060000000186c8-41.dat	upx
behavioral1/memory/2484-38-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/files/0x0005000000019d20-165.dat	upx
behavioral1/files/0x000500000001a48e-129.dat	upx
behavioral1/files/0x000500000001a431-181.dat	upx
behavioral1/files/0x000500000001a42d-180.dat	upx
behavioral1/files/0x000500000001a345-179.dat	upx
behavioral1/files/0x000500000001a0a1-178.dat	upx
behavioral1/files/0x000500000001a067-177.dat	upx
behavioral1/files/0x0005000000019f9f-176.dat	upx
behavioral1/files/0x0005000000019da4-175.dat	upx
behavioral1/memory/2720-174-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2884-170-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/852-168-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2368-167-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x000500000001a46a-123.dat	upx
behavioral1/memory/2428-68-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2600-162-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x000500000001a49a-159.dat	upx
behavioral1/files/0x0005000000019c3a-156.dat	upx
behavioral1/files/0x000500000001a48c-155.dat	upx
behavioral1/files/0x000500000001a434-153.dat	upx
behavioral1/files/0x000500000001a42f-152.dat	upx
behavioral1/files/0x000500000001a42b-150.dat	upx
behavioral1/memory/2700-148-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/files/0x000500000001a301-140.dat	upx
behavioral1/files/0x000500000001a07b-139.dat	upx
behavioral1/files/0x0005000000019fb9-138.dat	upx
behavioral1/files/0x0005000000019db8-137.dat	upx
behavioral1/files/0x0005000000019d44-136.dat	upx
behavioral1/files/0x00080000000190c9-135.dat	upx
behavioral1/memory/2784-97-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x0005000000019c53-73.dat	upx
behavioral1/memory/2836-60-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2832-52-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/1788-182-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2368-3727-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/852-3732-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2832-3744-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2600-3751-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2720-3761-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2784-3760-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2700-3759-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2836-3758-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2884-3800-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2428-3798-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZevGTsE.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uYFsRGM.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtTrfJq.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESJAGrK.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WOsobrX.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lqspGPV.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lLSChNY.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wnKCePk.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aTmAqss.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ulYktqc.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FusyJJK.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HFLhqRp.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XwxBejJ.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mWBWFxk.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZtdeeVL.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\voarbcJ.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nbyjxqM.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uezAUQk.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGnqVZt.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cWMOlNn.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TsNJnoc.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TEJgWsR.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BLCoXKf.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XZCkKCb.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dHKmxXF.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XgOUdzO.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UCZkPda.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ACLMAkZ.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LsiUmUK.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Fedobvd.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zcvIfOP.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ueIhZxs.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aRgDLZt.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TwiJBjz.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XDbLxov.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IBURFri.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jndphvH.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XydhGuC.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KWrhFcR.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MiOTSNh.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lJjZfOR.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZjYWvZ.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XTyHeJc.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jPwTZfL.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftXuQOH.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pqvMKIv.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zNFXsfD.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CijZnvg.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RHJkpQm.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pseOxeR.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lbBjPNP.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ymUByZm.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWWLKhO.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hZzkgZP.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XcYOKBH.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VnUnCuq.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OplqXSe.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rKLdAJX.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqYRhYD.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NciZkZq.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RfBoTUE.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xbTXXqu.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QDMiEKa.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCPgkRN.exe	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 2368	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1788 wrote to memory of 2368	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1788 wrote to memory of 2368	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1788 wrote to memory of 852	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1788 wrote to memory of 852	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1788 wrote to memory of 852	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1788 wrote to memory of 2484	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1788 wrote to memory of 2484	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1788 wrote to memory of 2484	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1788 wrote to memory of 2428	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1788 wrote to memory of 2428	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1788 wrote to memory of 2428	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1788 wrote to memory of 2832	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1788 wrote to memory of 2832	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1788 wrote to memory of 2832	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1788 wrote to memory of 2884	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1788 wrote to memory of 2884	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1788 wrote to memory of 2884	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1788 wrote to memory of 2836	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1788 wrote to memory of 2836	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1788 wrote to memory of 2836	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1788 wrote to memory of 2700	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1788 wrote to memory of 2700	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1788 wrote to memory of 2700	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1788 wrote to memory of 2784	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1788 wrote to memory of 2784	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1788 wrote to memory of 2784	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1788 wrote to memory of 2928	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1788 wrote to memory of 2928	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1788 wrote to memory of 2928	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1788 wrote to memory of 2720	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1788 wrote to memory of 2720	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1788 wrote to memory of 2720	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1788 wrote to memory of 2696	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1788 wrote to memory of 2696	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1788 wrote to memory of 2696	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1788 wrote to memory of 2600	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1788 wrote to memory of 2600	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1788 wrote to memory of 2600	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1788 wrote to memory of 2660	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1788 wrote to memory of 2660	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1788 wrote to memory of 2660	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1788 wrote to memory of 3040	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1788 wrote to memory of 3040	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1788 wrote to memory of 3040	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1788 wrote to memory of 1844	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1788 wrote to memory of 1844	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1788 wrote to memory of 1844	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1788 wrote to memory of 2008	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1788 wrote to memory of 2008	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1788 wrote to memory of 2008	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1788 wrote to memory of 2324	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1788 wrote to memory of 2324	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1788 wrote to memory of 2324	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1788 wrote to memory of 1596	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1788 wrote to memory of 1596	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1788 wrote to memory of 1596	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1788 wrote to memory of 1696	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1788 wrote to memory of 1696	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1788 wrote to memory of 1696	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1788 wrote to memory of 1388	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1788 wrote to memory of 1388	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1788 wrote to memory of 1388	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1788 wrote to memory of 1984	1788	2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-23_25d97f26b74ffc087523bcbe0916c968_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Windows\System\bHLztFi.exe
  C:\Windows\System\bHLztFi.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\ViPBwqZ.exe
  C:\Windows\System\ViPBwqZ.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\ufGfbuj.exe
  C:\Windows\System\ufGfbuj.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\MzztaYI.exe
  C:\Windows\System\MzztaYI.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\DMEdGFF.exe
  C:\Windows\System\DMEdGFF.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\yZKEqtN.exe
  C:\Windows\System\yZKEqtN.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\zUeJpNj.exe
  C:\Windows\System\zUeJpNj.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\EchfDUz.exe
  C:\Windows\System\EchfDUz.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\krpitJJ.exe
  C:\Windows\System\krpitJJ.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\lRndZYj.exe
  C:\Windows\System\lRndZYj.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\tZmhHep.exe
  C:\Windows\System\tZmhHep.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\xTBJQaF.exe
  C:\Windows\System\xTBJQaF.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\MpHVLqA.exe
  C:\Windows\System\MpHVLqA.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\aAwGeDQ.exe
  C:\Windows\System\aAwGeDQ.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\LQIULSm.exe
  C:\Windows\System\LQIULSm.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\hPrccWb.exe
  C:\Windows\System\hPrccWb.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\BBkxvPW.exe
  C:\Windows\System\BBkxvPW.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\iTCxQch.exe
  C:\Windows\System\iTCxQch.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\DuaFKCS.exe
  C:\Windows\System\DuaFKCS.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\aPClyme.exe
  C:\Windows\System\aPClyme.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\TsNJnoc.exe
  C:\Windows\System\TsNJnoc.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\eqABBgb.exe
  C:\Windows\System\eqABBgb.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\ftXuQOH.exe
  C:\Windows\System\ftXuQOH.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\qijqZWq.exe
  C:\Windows\System\qijqZWq.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\NJiTmzE.exe
  C:\Windows\System\NJiTmzE.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\NCWxrDW.exe
  C:\Windows\System\NCWxrDW.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\JCveEgr.exe
  C:\Windows\System\JCveEgr.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\tOudEvJ.exe
  C:\Windows\System\tOudEvJ.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\MtTrfJq.exe
  C:\Windows\System\MtTrfJq.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\BJKUaDW.exe
  C:\Windows\System\BJKUaDW.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\KnWUqxF.exe
  C:\Windows\System\KnWUqxF.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\OvyenCZ.exe
  C:\Windows\System\OvyenCZ.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\yPxrZsZ.exe
  C:\Windows\System\yPxrZsZ.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\swNxnqh.exe
  C:\Windows\System\swNxnqh.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\MHQacVg.exe
  C:\Windows\System\MHQacVg.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\vcJMWXA.exe
  C:\Windows\System\vcJMWXA.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\kcthhET.exe
  C:\Windows\System\kcthhET.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\XaegcxF.exe
  C:\Windows\System\XaegcxF.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\FPcyUDh.exe
  C:\Windows\System\FPcyUDh.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\yJeIMbQ.exe
  C:\Windows\System\yJeIMbQ.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\RwPMGut.exe
  C:\Windows\System\RwPMGut.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\pxGStFz.exe
  C:\Windows\System\pxGStFz.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\whPIfMp.exe
  C:\Windows\System\whPIfMp.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\ZjbRaBJ.exe
  C:\Windows\System\ZjbRaBJ.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\BBPaEhX.exe
  C:\Windows\System\BBPaEhX.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\rssKNXZ.exe
  C:\Windows\System\rssKNXZ.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\kSBFcVP.exe
  C:\Windows\System\kSBFcVP.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\eykyEhP.exe
  C:\Windows\System\eykyEhP.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\vzdXpaZ.exe
  C:\Windows\System\vzdXpaZ.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\DBsDrmv.exe
  C:\Windows\System\DBsDrmv.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\zHVsUYW.exe
  C:\Windows\System\zHVsUYW.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\QyJDlKA.exe
  C:\Windows\System\QyJDlKA.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\pKnqSOc.exe
  C:\Windows\System\pKnqSOc.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\ZtQPtYw.exe
  C:\Windows\System\ZtQPtYw.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\wZNEJzi.exe
  C:\Windows\System\wZNEJzi.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\NPYZGbZ.exe
  C:\Windows\System\NPYZGbZ.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\PAOcrQT.exe
  C:\Windows\System\PAOcrQT.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\RLkFDbf.exe
  C:\Windows\System\RLkFDbf.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\oCDNDEr.exe
  C:\Windows\System\oCDNDEr.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\OAGctms.exe
  C:\Windows\System\OAGctms.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\eiDjYJk.exe
  C:\Windows\System\eiDjYJk.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\ZRXQqJj.exe
  C:\Windows\System\ZRXQqJj.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\VvKkwci.exe
  C:\Windows\System\VvKkwci.exe
  2⤵
  PID:1756
- C:\Windows\System\ELfIYsq.exe
  C:\Windows\System\ELfIYsq.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\XgOUdzO.exe
  C:\Windows\System\XgOUdzO.exe
  2⤵
  PID:1816
- C:\Windows\System\bqUjHmm.exe
  C:\Windows\System\bqUjHmm.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\RjjjLgG.exe
  C:\Windows\System\RjjjLgG.exe
  2⤵
  PID:2580
- C:\Windows\System\eSUzevG.exe
  C:\Windows\System\eSUzevG.exe
  2⤵
  PID:2396
- C:\Windows\System\QUgLtCJ.exe
  C:\Windows\System\QUgLtCJ.exe
  2⤵
  PID:1304
- C:\Windows\System\BkGeKWK.exe
  C:\Windows\System\BkGeKWK.exe
  2⤵
  PID:2572
- C:\Windows\System\QyYkhJE.exe
  C:\Windows\System\QyYkhJE.exe
  2⤵
  PID:2780
- C:\Windows\System\WiWBRBb.exe
  C:\Windows\System\WiWBRBb.exe
  2⤵
  PID:2620
- C:\Windows\System\QPmVocc.exe
  C:\Windows\System\QPmVocc.exe
  2⤵
  PID:1996
- C:\Windows\System\dLQZhQJ.exe
  C:\Windows\System\dLQZhQJ.exe
  2⤵
  PID:640
- C:\Windows\System\qcmJUWs.exe
  C:\Windows\System\qcmJUWs.exe
  2⤵
  PID:2020
- C:\Windows\System\SGAaike.exe
  C:\Windows\System\SGAaike.exe
  2⤵
  PID:2564
- C:\Windows\System\qHRqeIX.exe
  C:\Windows\System\qHRqeIX.exe
  2⤵
  PID:2468
- C:\Windows\System\eJpAMkc.exe
  C:\Windows\System\eJpAMkc.exe
  2⤵
  PID:2860
- C:\Windows\System\cXrXbaQ.exe
  C:\Windows\System\cXrXbaQ.exe
  2⤵
  PID:2592
- C:\Windows\System\LqwLofp.exe
  C:\Windows\System\LqwLofp.exe
  2⤵
  PID:2616
- C:\Windows\System\kznNIzk.exe
  C:\Windows\System\kznNIzk.exe
  2⤵
  PID:2416
- C:\Windows\System\hSWmiXf.exe
  C:\Windows\System\hSWmiXf.exe
  2⤵
  PID:1496
- C:\Windows\System\ZevGTsE.exe
  C:\Windows\System\ZevGTsE.exe
  2⤵
  PID:2760
- C:\Windows\System\tYFcSZq.exe
  C:\Windows\System\tYFcSZq.exe
  2⤵
  PID:1520
- C:\Windows\System\sJjVQCh.exe
  C:\Windows\System\sJjVQCh.exe
  2⤵
  PID:1708
- C:\Windows\System\amJEODo.exe
  C:\Windows\System\amJEODo.exe
  2⤵
  PID:1524
- C:\Windows\System\mOjliVU.exe
  C:\Windows\System\mOjliVU.exe
  2⤵
  PID:1752
- C:\Windows\System\pFTPSdU.exe
  C:\Windows\System\pFTPSdU.exe
  2⤵
  PID:1516
- C:\Windows\System\kzpqWxX.exe
  C:\Windows\System\kzpqWxX.exe
  2⤵
  PID:2132
- C:\Windows\System\TzPFAjb.exe
  C:\Windows\System\TzPFAjb.exe
  2⤵
  PID:2128
- C:\Windows\System\ssuetOA.exe
  C:\Windows\System\ssuetOA.exe
  2⤵
  PID:920
- C:\Windows\System\NDWKMMy.exe
  C:\Windows\System\NDWKMMy.exe
  2⤵
  PID:1772
- C:\Windows\System\SRgvRpg.exe
  C:\Windows\System\SRgvRpg.exe
  2⤵
  PID:2980
- C:\Windows\System\psxxFmW.exe
  C:\Windows\System\psxxFmW.exe
  2⤵
  PID:1728
- C:\Windows\System\CjNJSjN.exe
  C:\Windows\System\CjNJSjN.exe
  2⤵
  PID:340
- C:\Windows\System\YvWDiXr.exe
  C:\Windows\System\YvWDiXr.exe
  2⤵
  PID:2152
- C:\Windows\System\SgPnNPJ.exe
  C:\Windows\System\SgPnNPJ.exe
  2⤵
  PID:996
- C:\Windows\System\RieWaJr.exe
  C:\Windows\System\RieWaJr.exe
  2⤵
  PID:2208
- C:\Windows\System\rcBKBdM.exe
  C:\Windows\System\rcBKBdM.exe
  2⤵
  PID:3004
- C:\Windows\System\AbFdePC.exe
  C:\Windows\System\AbFdePC.exe
  2⤵
  PID:1552
- C:\Windows\System\mUcdGdH.exe
  C:\Windows\System\mUcdGdH.exe
  2⤵
  PID:1592
- C:\Windows\System\UpqQMPS.exe
  C:\Windows\System\UpqQMPS.exe
  2⤵
  PID:2528
- C:\Windows\System\yEfaxuz.exe
  C:\Windows\System\yEfaxuz.exe
  2⤵
  PID:2500
- C:\Windows\System\EJbmqrN.exe
  C:\Windows\System\EJbmqrN.exe
  2⤵
  PID:2708
- C:\Windows\System\ZGBgqom.exe
  C:\Windows\System\ZGBgqom.exe
  2⤵
  PID:2912
- C:\Windows\System\ynZPUqI.exe
  C:\Windows\System\ynZPUqI.exe
  2⤵
  PID:2400
- C:\Windows\System\fnlyKrn.exe
  C:\Windows\System\fnlyKrn.exe
  2⤵
  PID:1056
- C:\Windows\System\DsDoqfg.exe
  C:\Windows\System\DsDoqfg.exe
  2⤵
  PID:484
- C:\Windows\System\edhbLtk.exe
  C:\Windows\System\edhbLtk.exe
  2⤵
  PID:2148
- C:\Windows\System\MnaJYHn.exe
  C:\Windows\System\MnaJYHn.exe
  2⤵
  PID:2332
- C:\Windows\System\gKSbQeg.exe
  C:\Windows\System\gKSbQeg.exe
  2⤵
  PID:2628
- C:\Windows\System\BYUbHyI.exe
  C:\Windows\System\BYUbHyI.exe
  2⤵
  PID:1900
- C:\Windows\System\xxrOpWI.exe
  C:\Windows\System\xxrOpWI.exe
  2⤵
  PID:2488
- C:\Windows\System\JNwklbD.exe
  C:\Windows\System\JNwklbD.exe
  2⤵
  PID:2944
- C:\Windows\System\dUekTwG.exe
  C:\Windows\System\dUekTwG.exe
  2⤵
  PID:2712
- C:\Windows\System\VIPkEGg.exe
  C:\Windows\System\VIPkEGg.exe
  2⤵
  PID:2680
- C:\Windows\System\XmXTCoA.exe
  C:\Windows\System\XmXTCoA.exe
  2⤵
  PID:1936
- C:\Windows\System\clndBoU.exe
  C:\Windows\System\clndBoU.exe
  2⤵
  PID:2204
- C:\Windows\System\AnGHfRg.exe
  C:\Windows\System\AnGHfRg.exe
  2⤵
  PID:2984
- C:\Windows\System\cokWMFD.exe
  C:\Windows\System\cokWMFD.exe
  2⤵
  PID:2752
- C:\Windows\System\OweoEVE.exe
  C:\Windows\System\OweoEVE.exe
  2⤵
  PID:960
- C:\Windows\System\MXDOyfi.exe
  C:\Windows\System\MXDOyfi.exe
  2⤵
  PID:1364
- C:\Windows\System\hrJSrnD.exe
  C:\Windows\System\hrJSrnD.exe
  2⤵
  PID:1668
- C:\Windows\System\mbPebDf.exe
  C:\Windows\System\mbPebDf.exe
  2⤵
  PID:2664
- C:\Windows\System\sHQibrG.exe
  C:\Windows\System\sHQibrG.exe
  2⤵
  PID:1992
- C:\Windows\System\tiGnzgF.exe
  C:\Windows\System\tiGnzgF.exe
  2⤵
  PID:780
- C:\Windows\System\rsskweD.exe
  C:\Windows\System\rsskweD.exe
  2⤵
  PID:3048
- C:\Windows\System\vqJLROY.exe
  C:\Windows\System\vqJLROY.exe
  2⤵
  PID:2652
- C:\Windows\System\ZpITJzW.exe
  C:\Windows\System\ZpITJzW.exe
  2⤵
  PID:344
- C:\Windows\System\LSawvUd.exe
  C:\Windows\System\LSawvUd.exe
  2⤵
  PID:2212
- C:\Windows\System\IionAnf.exe
  C:\Windows\System\IionAnf.exe
  2⤵
  PID:2412
- C:\Windows\System\eQTDioV.exe
  C:\Windows\System\eQTDioV.exe
  2⤵
  PID:348
- C:\Windows\System\YzAchww.exe
  C:\Windows\System\YzAchww.exe
  2⤵
  PID:924
- C:\Windows\System\IrQcRhg.exe
  C:\Windows\System\IrQcRhg.exe
  2⤵
  PID:2216
- C:\Windows\System\xdJYbwQ.exe
  C:\Windows\System\xdJYbwQ.exe
  2⤵
  PID:1420
- C:\Windows\System\QzwzojN.exe
  C:\Windows\System\QzwzojN.exe
  2⤵
  PID:896
- C:\Windows\System\cDVqFOz.exe
  C:\Windows\System\cDVqFOz.exe
  2⤵
  PID:1588
- C:\Windows\System\cMZQCRh.exe
  C:\Windows\System\cMZQCRh.exe
  2⤵
  PID:1276
- C:\Windows\System\SKNoilV.exe
  C:\Windows\System\SKNoilV.exe
  2⤵
  PID:1700
- C:\Windows\System\EetCMxv.exe
  C:\Windows\System\EetCMxv.exe
  2⤵
  PID:2988
- C:\Windows\System\GsPmiuh.exe
  C:\Windows\System\GsPmiuh.exe
  2⤵
  PID:2936
- C:\Windows\System\nGsckoQ.exe
  C:\Windows\System\nGsckoQ.exe
  2⤵
  PID:764
- C:\Windows\System\uDLrSAt.exe
  C:\Windows\System\uDLrSAt.exe
  2⤵
  PID:3068
- C:\Windows\System\oUyzBUp.exe
  C:\Windows\System\oUyzBUp.exe
  2⤵
  PID:2560
- C:\Windows\System\cFpKIAD.exe
  C:\Windows\System\cFpKIAD.exe
  2⤵
  PID:3044
- C:\Windows\System\qvHSNCY.exe
  C:\Windows\System\qvHSNCY.exe
  2⤵
  PID:2508
- C:\Windows\System\zsVHGzt.exe
  C:\Windows\System\zsVHGzt.exe
  2⤵
  PID:1500
- C:\Windows\System\ZabocKF.exe
  C:\Windows\System\ZabocKF.exe
  2⤵
  PID:2640
- C:\Windows\System\DgiAvZd.exe
  C:\Windows\System\DgiAvZd.exe
  2⤵
  PID:2880
- C:\Windows\System\kCUKKsI.exe
  C:\Windows\System\kCUKKsI.exe
  2⤵
  PID:3024
- C:\Windows\System\ziiVamw.exe
  C:\Windows\System\ziiVamw.exe
  2⤵
  PID:2516
- C:\Windows\System\LEnPkRY.exe
  C:\Windows\System\LEnPkRY.exe
  2⤵
  PID:1280
- C:\Windows\System\QhGOBxe.exe
  C:\Windows\System\QhGOBxe.exe
  2⤵
  PID:560
- C:\Windows\System\vbwwqPV.exe
  C:\Windows\System\vbwwqPV.exe
  2⤵
  PID:2524
- C:\Windows\System\iIWJwZg.exe
  C:\Windows\System\iIWJwZg.exe
  2⤵
  PID:1688
- C:\Windows\System\GdQJLDU.exe
  C:\Windows\System\GdQJLDU.exe
  2⤵
  PID:2896
- C:\Windows\System\oMFaBdP.exe
  C:\Windows\System\oMFaBdP.exe
  2⤵
  PID:1840
- C:\Windows\System\dDyYrxq.exe
  C:\Windows\System\dDyYrxq.exe
  2⤵
  PID:3080
- C:\Windows\System\qQWoizm.exe
  C:\Windows\System\qQWoizm.exe
  2⤵
  PID:3096
- C:\Windows\System\VVmAuZM.exe
  C:\Windows\System\VVmAuZM.exe
  2⤵
  PID:3124
- C:\Windows\System\aKPRIMR.exe
  C:\Windows\System\aKPRIMR.exe
  2⤵
  PID:3140
- C:\Windows\System\JWQfboQ.exe
  C:\Windows\System\JWQfboQ.exe
  2⤵
  PID:3160
- C:\Windows\System\xQyuTWT.exe
  C:\Windows\System\xQyuTWT.exe
  2⤵
  PID:3184
- C:\Windows\System\qqIrqeF.exe
  C:\Windows\System\qqIrqeF.exe
  2⤵
  PID:3200
- C:\Windows\System\wKqEpvZ.exe
  C:\Windows\System\wKqEpvZ.exe
  2⤵
  PID:3220
- C:\Windows\System\SsfuPck.exe
  C:\Windows\System\SsfuPck.exe
  2⤵
  PID:3236
- C:\Windows\System\wRRfNMa.exe
  C:\Windows\System\wRRfNMa.exe
  2⤵
  PID:3252
- C:\Windows\System\FDgHhrE.exe
  C:\Windows\System\FDgHhrE.exe
  2⤵
  PID:3272
- C:\Windows\System\SVpiVNf.exe
  C:\Windows\System\SVpiVNf.exe
  2⤵
  PID:3296
- C:\Windows\System\LzsMkXv.exe
  C:\Windows\System\LzsMkXv.exe
  2⤵
  PID:3320
- C:\Windows\System\xEDPTTX.exe
  C:\Windows\System\xEDPTTX.exe
  2⤵
  PID:3336
- C:\Windows\System\FKlwFfk.exe
  C:\Windows\System\FKlwFfk.exe
  2⤵
  PID:3356
- C:\Windows\System\qLAfkJa.exe
  C:\Windows\System\qLAfkJa.exe
  2⤵
  PID:3376
- C:\Windows\System\ZbSVmPQ.exe
  C:\Windows\System\ZbSVmPQ.exe
  2⤵
  PID:3392
- C:\Windows\System\IWWLKhO.exe
  C:\Windows\System\IWWLKhO.exe
  2⤵
  PID:3468
- C:\Windows\System\MNgNLXj.exe
  C:\Windows\System\MNgNLXj.exe
  2⤵
  PID:3484
- C:\Windows\System\zAEiBJD.exe
  C:\Windows\System\zAEiBJD.exe
  2⤵
  PID:3500
- C:\Windows\System\ufpYdRY.exe
  C:\Windows\System\ufpYdRY.exe
  2⤵
  PID:3516
- C:\Windows\System\ybclGZX.exe
  C:\Windows\System\ybclGZX.exe
  2⤵
  PID:3540
- C:\Windows\System\UqIriJX.exe
  C:\Windows\System\UqIriJX.exe
  2⤵
  PID:3556
- C:\Windows\System\gIDsTIf.exe
  C:\Windows\System\gIDsTIf.exe
  2⤵
  PID:3592
- C:\Windows\System\wGVhRSZ.exe
  C:\Windows\System\wGVhRSZ.exe
  2⤵
  PID:3608
- C:\Windows\System\JPhMtFP.exe
  C:\Windows\System\JPhMtFP.exe
  2⤵
  PID:3624
- C:\Windows\System\iEICGnI.exe
  C:\Windows\System\iEICGnI.exe
  2⤵
  PID:3640
- C:\Windows\System\HdYtVtJ.exe
  C:\Windows\System\HdYtVtJ.exe
  2⤵
  PID:3656
- C:\Windows\System\uWJDGov.exe
  C:\Windows\System\uWJDGov.exe
  2⤵
  PID:3672
- C:\Windows\System\gXHLgKm.exe
  C:\Windows\System\gXHLgKm.exe
  2⤵
  PID:3692
- C:\Windows\System\wfitYJP.exe
  C:\Windows\System\wfitYJP.exe
  2⤵
  PID:3708
- C:\Windows\System\ZfOtjGW.exe
  C:\Windows\System\ZfOtjGW.exe
  2⤵
  PID:3728
- C:\Windows\System\GUgnyWn.exe
  C:\Windows\System\GUgnyWn.exe
  2⤵
  PID:3748
- C:\Windows\System\iJIijAM.exe
  C:\Windows\System\iJIijAM.exe
  2⤵
  PID:3768
- C:\Windows\System\aUrOrxA.exe
  C:\Windows\System\aUrOrxA.exe
  2⤵
  PID:3784
- C:\Windows\System\AvTATWi.exe
  C:\Windows\System\AvTATWi.exe
  2⤵
  PID:3800
- C:\Windows\System\HYDJFun.exe
  C:\Windows\System\HYDJFun.exe
  2⤵
  PID:3816
- C:\Windows\System\erZSDiP.exe
  C:\Windows\System\erZSDiP.exe
  2⤵
  PID:3832
- C:\Windows\System\boIBVZn.exe
  C:\Windows\System\boIBVZn.exe
  2⤵
  PID:3848
- C:\Windows\System\XwxBejJ.exe
  C:\Windows\System\XwxBejJ.exe
  2⤵
  PID:3864
- C:\Windows\System\NGlRsTK.exe
  C:\Windows\System\NGlRsTK.exe
  2⤵
  PID:3880
- C:\Windows\System\HQcDNZd.exe
  C:\Windows\System\HQcDNZd.exe
  2⤵
  PID:3896
- C:\Windows\System\UCZkPda.exe
  C:\Windows\System\UCZkPda.exe
  2⤵
  PID:3912
- C:\Windows\System\aUiJuuG.exe
  C:\Windows\System\aUiJuuG.exe
  2⤵
  PID:3928
- C:\Windows\System\eXuLlPG.exe
  C:\Windows\System\eXuLlPG.exe
  2⤵
  PID:3944
- C:\Windows\System\qWRrBCd.exe
  C:\Windows\System\qWRrBCd.exe
  2⤵
  PID:3960
- C:\Windows\System\DWLLxQZ.exe
  C:\Windows\System\DWLLxQZ.exe
  2⤵
  PID:4056
- C:\Windows\System\CbSNstx.exe
  C:\Windows\System\CbSNstx.exe
  2⤵
  PID:4080
- C:\Windows\System\SAxFQzo.exe
  C:\Windows\System\SAxFQzo.exe
  2⤵
  PID:1784
- C:\Windows\System\ewKlcpn.exe
  C:\Windows\System\ewKlcpn.exe
  2⤵
  PID:2568
- C:\Windows\System\NkdacRr.exe
  C:\Windows\System\NkdacRr.exe
  2⤵
  PID:2280
- C:\Windows\System\RQdZIpy.exe
  C:\Windows\System\RQdZIpy.exe
  2⤵
  PID:3148
- C:\Windows\System\jGHBBir.exe
  C:\Windows\System\jGHBBir.exe
  2⤵
  PID:3192
- C:\Windows\System\npsHeGY.exe
  C:\Windows\System\npsHeGY.exe
  2⤵
  PID:3260
- C:\Windows\System\ikjWGyp.exe
  C:\Windows\System\ikjWGyp.exe
  2⤵
  PID:3308
- C:\Windows\System\GiQfiZy.exe
  C:\Windows\System\GiQfiZy.exe
  2⤵
  PID:2260
- C:\Windows\System\LzgYuzJ.exe
  C:\Windows\System\LzgYuzJ.exe
  2⤵
  PID:3388
- C:\Windows\System\pseOxeR.exe
  C:\Windows\System\pseOxeR.exe
  2⤵
  PID:2184
- C:\Windows\System\RlwfrWN.exe
  C:\Windows\System\RlwfrWN.exe
  2⤵
  PID:3424
- C:\Windows\System\phUUAge.exe
  C:\Windows\System\phUUAge.exe
  2⤵
  PID:2740
- C:\Windows\System\jJknIkZ.exe
  C:\Windows\System\jJknIkZ.exe
  2⤵
  PID:3088
- C:\Windows\System\PPWUTpK.exe
  C:\Windows\System\PPWUTpK.exe
  2⤵
  PID:2228
- C:\Windows\System\YjYheNp.exe
  C:\Windows\System\YjYheNp.exe
  2⤵
  PID:3328
- C:\Windows\System\spiMlOQ.exe
  C:\Windows\System\spiMlOQ.exe
  2⤵
  PID:3480
- C:\Windows\System\nopxJyW.exe
  C:\Windows\System\nopxJyW.exe
  2⤵
  PID:3420
- C:\Windows\System\gmSRVpn.exe
  C:\Windows\System\gmSRVpn.exe
  2⤵
  PID:3168
- C:\Windows\System\BaqNCgb.exe
  C:\Windows\System\BaqNCgb.exe
  2⤵
  PID:3216
- C:\Windows\System\AkKgGod.exe
  C:\Windows\System\AkKgGod.exe
  2⤵
  PID:3292
- C:\Windows\System\BmxQdFO.exe
  C:\Windows\System\BmxQdFO.exe
  2⤵
  PID:3404
- C:\Windows\System\SaPdqDX.exe
  C:\Windows\System\SaPdqDX.exe
  2⤵
  PID:3444
- C:\Windows\System\RWMklQc.exe
  C:\Windows\System\RWMklQc.exe
  2⤵
  PID:3464
- C:\Windows\System\dWIvNKN.exe
  C:\Windows\System\dWIvNKN.exe
  2⤵
  PID:3528
- C:\Windows\System\hQqtNXW.exe
  C:\Windows\System\hQqtNXW.exe
  2⤵
  PID:3604
- C:\Windows\System\fidqMZl.exe
  C:\Windows\System\fidqMZl.exe
  2⤵
  PID:3668
- C:\Windows\System\dAGIuXS.exe
  C:\Windows\System\dAGIuXS.exe
  2⤵
  PID:3700
- C:\Windows\System\QVvlERg.exe
  C:\Windows\System\QVvlERg.exe
  2⤵
  PID:3744
- C:\Windows\System\uCjBJuk.exe
  C:\Windows\System\uCjBJuk.exe
  2⤵
  PID:3840
- C:\Windows\System\eXhEdgC.exe
  C:\Windows\System\eXhEdgC.exe
  2⤵
  PID:3796
- C:\Windows\System\RpVuzVr.exe
  C:\Windows\System\RpVuzVr.exe
  2⤵
  PID:3860
- C:\Windows\System\mMiaKOT.exe
  C:\Windows\System\mMiaKOT.exe
  2⤵
  PID:3924
- C:\Windows\System\BPJHDMD.exe
  C:\Windows\System\BPJHDMD.exe
  2⤵
  PID:3976
- C:\Windows\System\yLwErzY.exe
  C:\Windows\System\yLwErzY.exe
  2⤵
  PID:3844
- C:\Windows\System\SBEtkFd.exe
  C:\Windows\System\SBEtkFd.exe
  2⤵
  PID:4008
- C:\Windows\System\zbfkIDG.exe
  C:\Windows\System\zbfkIDG.exe
  2⤵
  PID:4024
- C:\Windows\System\uoWLuro.exe
  C:\Windows\System\uoWLuro.exe
  2⤵
  PID:4044
- C:\Windows\System\OtbBmyv.exe
  C:\Windows\System\OtbBmyv.exe
  2⤵
  PID:4068
- C:\Windows\System\jVTIMqH.exe
  C:\Windows\System\jVTIMqH.exe
  2⤵
  PID:4092
- C:\Windows\System\FKUxhMr.exe
  C:\Windows\System\FKUxhMr.exe
  2⤵
  PID:3304
- C:\Windows\System\dzxDYbe.exe
  C:\Windows\System\dzxDYbe.exe
  2⤵
  PID:1712
- C:\Windows\System\HWjbitu.exe
  C:\Windows\System\HWjbitu.exe
  2⤵
  PID:3364
- C:\Windows\System\XOFeamf.exe
  C:\Windows\System\XOFeamf.exe
  2⤵
  PID:3452
- C:\Windows\System\YnkwVzH.exe
  C:\Windows\System\YnkwVzH.exe
  2⤵
  PID:3600
- C:\Windows\System\jsgIItz.exe
  C:\Windows\System\jsgIItz.exe
  2⤵
  PID:3780
- C:\Windows\System\btAMyeH.exe
  C:\Windows\System\btAMyeH.exe
  2⤵
  PID:2952
- C:\Windows\System\XEvDwzq.exe
  C:\Windows\System\XEvDwzq.exe
  2⤵
  PID:3232
- C:\Windows\System\Ztfwkal.exe
  C:\Windows\System\Ztfwkal.exe
  2⤵
  PID:3492
- C:\Windows\System\ceMslGJ.exe
  C:\Windows\System\ceMslGJ.exe
  2⤵
  PID:2028
- C:\Windows\System\HLDxGPB.exe
  C:\Windows\System\HLDxGPB.exe
  2⤵
  PID:3648
- C:\Windows\System\YsGVvgG.exe
  C:\Windows\System\YsGVvgG.exe
  2⤵
  PID:3132
- C:\Windows\System\UFcKRXm.exe
  C:\Windows\System\UFcKRXm.exe
  2⤵
  PID:3288
- C:\Windows\System\mMNlLlq.exe
  C:\Windows\System\mMNlLlq.exe
  2⤵
  PID:3664
- C:\Windows\System\vTuRDVo.exe
  C:\Windows\System\vTuRDVo.exe
  2⤵
  PID:3940
- C:\Windows\System\FUYAULC.exe
  C:\Windows\System\FUYAULC.exe
  2⤵
  PID:3620
- C:\Windows\System\NENWNGg.exe
  C:\Windows\System\NENWNGg.exe
  2⤵
  PID:3720
- C:\Windows\System\Tnrbhss.exe
  C:\Windows\System\Tnrbhss.exe
  2⤵
  PID:3872
- C:\Windows\System\fQBHehR.exe
  C:\Windows\System\fQBHehR.exe
  2⤵
  PID:3416
- C:\Windows\System\AwzVQIM.exe
  C:\Windows\System\AwzVQIM.exe
  2⤵
  PID:3280
- C:\Windows\System\pGxpGeh.exe
  C:\Windows\System\pGxpGeh.exe
  2⤵
  PID:3992
- C:\Windows\System\zqPGdOC.exe
  C:\Windows\System\zqPGdOC.exe
  2⤵
  PID:3568
- C:\Windows\System\UFNGSvi.exe
  C:\Windows\System\UFNGSvi.exe
  2⤵
  PID:2920
- C:\Windows\System\vzYtACy.exe
  C:\Windows\System\vzYtACy.exe
  2⤵
  PID:4052
- C:\Windows\System\JBwJSFf.exe
  C:\Windows\System\JBwJSFf.exe
  2⤵
  PID:1632
- C:\Windows\System\RfBoTUE.exe
  C:\Windows\System\RfBoTUE.exe
  2⤵
  PID:3524
- C:\Windows\System\SVPxxBh.exe
  C:\Windows\System\SVPxxBh.exe
  2⤵
  PID:3724
- C:\Windows\System\QrXosww.exe
  C:\Windows\System\QrXosww.exe
  2⤵
  PID:3856
- C:\Windows\System\IInCmsp.exe
  C:\Windows\System\IInCmsp.exe
  2⤵
  PID:2824
- C:\Windows\System\XFMhrrg.exe
  C:\Windows\System\XFMhrrg.exe
  2⤵
  PID:3740
- C:\Windows\System\DwqTHyF.exe
  C:\Windows\System\DwqTHyF.exe
  2⤵
  PID:3552
- C:\Windows\System\AkltXJV.exe
  C:\Windows\System\AkltXJV.exe
  2⤵
  PID:3352
- C:\Windows\System\YbDGjxp.exe
  C:\Windows\System\YbDGjxp.exe
  2⤵
  PID:2924
- C:\Windows\System\HBPdMOa.exe
  C:\Windows\System\HBPdMOa.exe
  2⤵
  PID:3400
- C:\Windows\System\wqoKslK.exe
  C:\Windows\System\wqoKslK.exe
  2⤵
  PID:3496
- C:\Windows\System\FsEPrft.exe
  C:\Windows\System\FsEPrft.exe
  2⤵
  PID:4000
- C:\Windows\System\sstAyWF.exe
  C:\Windows\System\sstAyWF.exe
  2⤵
  PID:3208
- C:\Windows\System\yStycqQ.exe
  C:\Windows\System\yStycqQ.exe
  2⤵
  PID:3908
- C:\Windows\System\IVizoly.exe
  C:\Windows\System\IVizoly.exe
  2⤵
  PID:4108
- C:\Windows\System\cyLHjib.exe
  C:\Windows\System\cyLHjib.exe
  2⤵
  PID:4124
- C:\Windows\System\MEAXXwU.exe
  C:\Windows\System\MEAXXwU.exe
  2⤵
  PID:4144
- C:\Windows\System\WYKvReK.exe
  C:\Windows\System\WYKvReK.exe
  2⤵
  PID:4160
- C:\Windows\System\zYXjeqE.exe
  C:\Windows\System\zYXjeqE.exe
  2⤵
  PID:4180
- C:\Windows\System\ZiyykMM.exe
  C:\Windows\System\ZiyykMM.exe
  2⤵
  PID:4200
- C:\Windows\System\COixnvh.exe
  C:\Windows\System\COixnvh.exe
  2⤵
  PID:4220
- C:\Windows\System\zcvIfOP.exe
  C:\Windows\System\zcvIfOP.exe
  2⤵
  PID:4236
- C:\Windows\System\bbYcKdW.exe
  C:\Windows\System\bbYcKdW.exe
  2⤵
  PID:4256
- C:\Windows\System\tiXpmEb.exe
  C:\Windows\System\tiXpmEb.exe
  2⤵
  PID:4272
- C:\Windows\System\AibKaSH.exe
  C:\Windows\System\AibKaSH.exe
  2⤵
  PID:4288
- C:\Windows\System\RdASWNU.exe
  C:\Windows\System\RdASWNU.exe
  2⤵
  PID:4304
- C:\Windows\System\fYHrGor.exe
  C:\Windows\System\fYHrGor.exe
  2⤵
  PID:4320
- C:\Windows\System\lTbpvlF.exe
  C:\Windows\System\lTbpvlF.exe
  2⤵
  PID:4336
- C:\Windows\System\MJQeZIC.exe
  C:\Windows\System\MJQeZIC.exe
  2⤵
  PID:4352
- C:\Windows\System\Frayfoz.exe
  C:\Windows\System\Frayfoz.exe
  2⤵
  PID:4368
- C:\Windows\System\amDholW.exe
  C:\Windows\System\amDholW.exe
  2⤵
  PID:4384
- C:\Windows\System\WIHNVXf.exe
  C:\Windows\System\WIHNVXf.exe
  2⤵
  PID:4400
- C:\Windows\System\kvwZkcG.exe
  C:\Windows\System\kvwZkcG.exe
  2⤵
  PID:4416
- C:\Windows\System\BwKnLJp.exe
  C:\Windows\System\BwKnLJp.exe
  2⤵
  PID:4432
- C:\Windows\System\xpwCoMi.exe
  C:\Windows\System\xpwCoMi.exe
  2⤵
  PID:4452
- C:\Windows\System\HTRimYE.exe
  C:\Windows\System\HTRimYE.exe
  2⤵
  PID:4472
- C:\Windows\System\svQfCAB.exe
  C:\Windows\System\svQfCAB.exe
  2⤵
  PID:4504
- C:\Windows\System\dEKGYmC.exe
  C:\Windows\System\dEKGYmC.exe
  2⤵
  PID:4520
- C:\Windows\System\OetBMoR.exe
  C:\Windows\System\OetBMoR.exe
  2⤵
  PID:4544
- C:\Windows\System\wkouEaz.exe
  C:\Windows\System\wkouEaz.exe
  2⤵
  PID:4564
- C:\Windows\System\UKtxcBa.exe
  C:\Windows\System\UKtxcBa.exe
  2⤵
  PID:4580
- C:\Windows\System\sBzCeTr.exe
  C:\Windows\System\sBzCeTr.exe
  2⤵
  PID:4596
- C:\Windows\System\eTerrDc.exe
  C:\Windows\System\eTerrDc.exe
  2⤵
  PID:4616
- C:\Windows\System\TjWqqZs.exe
  C:\Windows\System\TjWqqZs.exe
  2⤵
  PID:4636
- C:\Windows\System\vhOMdAQ.exe
  C:\Windows\System\vhOMdAQ.exe
  2⤵
  PID:4652
- C:\Windows\System\cwDIKnQ.exe
  C:\Windows\System\cwDIKnQ.exe
  2⤵
  PID:4672
- C:\Windows\System\BevlNiK.exe
  C:\Windows\System\BevlNiK.exe
  2⤵
  PID:4792
- C:\Windows\System\ndjlPnm.exe
  C:\Windows\System\ndjlPnm.exe
  2⤵
  PID:4808
- C:\Windows\System\gqQWiaB.exe
  C:\Windows\System\gqQWiaB.exe
  2⤵
  PID:4824
- C:\Windows\System\omKvQBH.exe
  C:\Windows\System\omKvQBH.exe
  2⤵
  PID:4848
- C:\Windows\System\wKrKXiy.exe
  C:\Windows\System\wKrKXiy.exe
  2⤵
  PID:4864
- C:\Windows\System\ITczTgS.exe
  C:\Windows\System\ITczTgS.exe
  2⤵
  PID:4880
- C:\Windows\System\JcoyeIK.exe
  C:\Windows\System\JcoyeIK.exe
  2⤵
  PID:4904
- C:\Windows\System\koXheAI.exe
  C:\Windows\System\koXheAI.exe
  2⤵
  PID:4920
- C:\Windows\System\XVkwnGI.exe
  C:\Windows\System\XVkwnGI.exe
  2⤵
  PID:4936
- C:\Windows\System\YwRVxll.exe
  C:\Windows\System\YwRVxll.exe
  2⤵
  PID:4956
- C:\Windows\System\qzaOoqF.exe
  C:\Windows\System\qzaOoqF.exe
  2⤵
  PID:4976
- C:\Windows\System\NgMGGvu.exe
  C:\Windows\System\NgMGGvu.exe
  2⤵
  PID:5000
- C:\Windows\System\PUwMKDO.exe
  C:\Windows\System\PUwMKDO.exe
  2⤵
  PID:5016
- C:\Windows\System\TRYxuYp.exe
  C:\Windows\System\TRYxuYp.exe
  2⤵
  PID:5056
- C:\Windows\System\BUHDhDJ.exe
  C:\Windows\System\BUHDhDJ.exe
  2⤵
  PID:5072
- C:\Windows\System\XSUAllV.exe
  C:\Windows\System\XSUAllV.exe
  2⤵
  PID:5088
- C:\Windows\System\uuxIYse.exe
  C:\Windows\System\uuxIYse.exe
  2⤵
  PID:5108
- C:\Windows\System\wkEFvzQ.exe
  C:\Windows\System\wkEFvzQ.exe
  2⤵
  PID:4116
- C:\Windows\System\DmDAdRL.exe
  C:\Windows\System\DmDAdRL.exe
  2⤵
  PID:3384
- C:\Windows\System\iCDghUI.exe
  C:\Windows\System\iCDghUI.exe
  2⤵
  PID:4192
- C:\Windows\System\gzyjtnn.exe
  C:\Windows\System\gzyjtnn.exe
  2⤵
  PID:4296
- C:\Windows\System\XNNWlPC.exe
  C:\Windows\System\XNNWlPC.exe
  2⤵
  PID:4360
- C:\Windows\System\XQjQcCl.exe
  C:\Windows\System\XQjQcCl.exe
  2⤵
  PID:4268
- C:\Windows\System\RuhEaxv.exe
  C:\Windows\System\RuhEaxv.exe
  2⤵
  PID:4428
- C:\Windows\System\uCECluQ.exe
  C:\Windows\System\uCECluQ.exe
  2⤵
  PID:4552
- C:\Windows\System\zTdKDyN.exe
  C:\Windows\System\zTdKDyN.exe
  2⤵
  PID:4628
- C:\Windows\System\BymExSX.exe
  C:\Windows\System\BymExSX.exe
  2⤵
  PID:4100
- C:\Windows\System\ADlPqCb.exe
  C:\Windows\System\ADlPqCb.exe
  2⤵
  PID:4132
- C:\Windows\System\YAlOCGy.exe
  C:\Windows\System\YAlOCGy.exe
  2⤵
  PID:4284
- C:\Windows\System\hXtXUZU.exe
  C:\Windows\System\hXtXUZU.exe
  2⤵
  PID:3316
- C:\Windows\System\HdsZCeE.exe
  C:\Windows\System\HdsZCeE.exe
  2⤵
  PID:4764
- C:\Windows\System\QVvUxMk.exe
  C:\Windows\System\QVvUxMk.exe
  2⤵
  PID:3984
- C:\Windows\System\bxqpuiM.exe
  C:\Windows\System\bxqpuiM.exe
  2⤵
  PID:4604
- C:\Windows\System\tiYeoVY.exe
  C:\Windows\System\tiYeoVY.exe
  2⤵
  PID:3716
- C:\Windows\System\GzFZFmx.exe
  C:\Windows\System\GzFZFmx.exe
  2⤵
  PID:3476
- C:\Windows\System\eGJDdom.exe
  C:\Windows\System\eGJDdom.exe
  2⤵
  PID:4172
- C:\Windows\System\WXDrjqV.exe
  C:\Windows\System\WXDrjqV.exe
  2⤵
  PID:4248
- C:\Windows\System\DcreIMX.exe
  C:\Windows\System\DcreIMX.exe
  2⤵
  PID:4348
- C:\Windows\System\uWZQsJl.exe
  C:\Windows\System\uWZQsJl.exe
  2⤵
  PID:4804
- C:\Windows\System\ZspsnPJ.exe
  C:\Windows\System\ZspsnPJ.exe
  2⤵
  PID:4480
- C:\Windows\System\rXNajsC.exe
  C:\Windows\System\rXNajsC.exe
  2⤵
  PID:4496
- C:\Windows\System\rrDdTHy.exe
  C:\Windows\System\rrDdTHy.exe
  2⤵
  PID:4540
- C:\Windows\System\nMSMsar.exe
  C:\Windows\System\nMSMsar.exe
  2⤵
  PID:4836
- C:\Windows\System\jCUkWVS.exe
  C:\Windows\System\jCUkWVS.exe
  2⤵
  PID:4948
- C:\Windows\System\YTbRgSa.exe
  C:\Windows\System\YTbRgSa.exe
  2⤵
  PID:4992
- C:\Windows\System\DNNllfP.exe
  C:\Windows\System\DNNllfP.exe
  2⤵
  PID:4688
- C:\Windows\System\pxzxhgj.exe
  C:\Windows\System\pxzxhgj.exe
  2⤵
  PID:4704
- C:\Windows\System\XzdGzsA.exe
  C:\Windows\System\XzdGzsA.exe
  2⤵
  PID:4720
- C:\Windows\System\NONdEPV.exe
  C:\Windows\System\NONdEPV.exe
  2⤵
  PID:4736
- C:\Windows\System\nsbeFbO.exe
  C:\Windows\System\nsbeFbO.exe
  2⤵
  PID:4760
- C:\Windows\System\eVrMgfn.exe
  C:\Windows\System\eVrMgfn.exe
  2⤵
  PID:4988
- C:\Windows\System\idYsHIH.exe
  C:\Windows\System\idYsHIH.exe
  2⤵
  PID:4788
- C:\Windows\System\ZjmCMgV.exe
  C:\Windows\System\ZjmCMgV.exe
  2⤵
  PID:5036
- C:\Windows\System\vglWWzy.exe
  C:\Windows\System\vglWWzy.exe
  2⤵
  PID:4816
- C:\Windows\System\KHLETnU.exe
  C:\Windows\System\KHLETnU.exe
  2⤵
  PID:4900
- C:\Windows\System\cSflXWi.exe
  C:\Windows\System\cSflXWi.exe
  2⤵
  PID:5028
- C:\Windows\System\ohvsGXF.exe
  C:\Windows\System\ohvsGXF.exe
  2⤵
  PID:3988
- C:\Windows\System\WxbicZX.exe
  C:\Windows\System\WxbicZX.exe
  2⤵
  PID:4328
- C:\Windows\System\zgGadGG.exe
  C:\Windows\System\zgGadGG.exe
  2⤵
  PID:4560
- C:\Windows\System\grAbfBU.exe
  C:\Windows\System\grAbfBU.exe
  2⤵
  PID:5064
- C:\Windows\System\rYAZaLP.exe
  C:\Windows\System\rYAZaLP.exe
  2⤵
  PID:4088
- C:\Windows\System\rHmdQRn.exe
  C:\Windows\System\rHmdQRn.exe
  2⤵
  PID:3588
- C:\Windows\System\DUiyHse.exe
  C:\Windows\System\DUiyHse.exe
  2⤵
  PID:4312
- C:\Windows\System\nDjYqyI.exe
  C:\Windows\System\nDjYqyI.exe
  2⤵
  PID:4840
- C:\Windows\System\alRtyXz.exe
  C:\Windows\System\alRtyXz.exe
  2⤵
  PID:4876
- C:\Windows\System\QrRWiha.exe
  C:\Windows\System\QrRWiha.exe
  2⤵
  PID:4680
- C:\Windows\System\vuqvJKY.exe
  C:\Windows\System\vuqvJKY.exe
  2⤵
  PID:4748
- C:\Windows\System\llfIVTy.exe
  C:\Windows\System\llfIVTy.exe
  2⤵
  PID:5044
- C:\Windows\System\CFSRLHT.exe
  C:\Windows\System\CFSRLHT.exe
  2⤵
  PID:5052
- C:\Windows\System\gRilRQo.exe
  C:\Windows\System\gRilRQo.exe
  2⤵
  PID:5012
- C:\Windows\System\IjRrqeT.exe
  C:\Windows\System\IjRrqeT.exe
  2⤵
  PID:4844
- C:\Windows\System\yxlxTYv.exe
  C:\Windows\System\yxlxTYv.exe
  2⤵
  PID:5136
- C:\Windows\System\GyByxjZ.exe
  C:\Windows\System\GyByxjZ.exe
  2⤵
  PID:5152
- C:\Windows\System\QmRPRVY.exe
  C:\Windows\System\QmRPRVY.exe
  2⤵
  PID:5284
- C:\Windows\System\rcLyNaI.exe
  C:\Windows\System\rcLyNaI.exe
  2⤵
  PID:5304
- C:\Windows\System\RVbHGJI.exe
  C:\Windows\System\RVbHGJI.exe
  2⤵
  PID:5320
- C:\Windows\System\thhvpdj.exe
  C:\Windows\System\thhvpdj.exe
  2⤵
  PID:5336
- C:\Windows\System\hUahdkH.exe
  C:\Windows\System\hUahdkH.exe
  2⤵
  PID:5356
- C:\Windows\System\qrTWzzp.exe
  C:\Windows\System\qrTWzzp.exe
  2⤵
  PID:5372
- C:\Windows\System\LetaTdR.exe
  C:\Windows\System\LetaTdR.exe
  2⤵
  PID:5392
- C:\Windows\System\XapOyrn.exe
  C:\Windows\System\XapOyrn.exe
  2⤵
  PID:5408
- C:\Windows\System\fiFLNOS.exe
  C:\Windows\System\fiFLNOS.exe
  2⤵
  PID:5424
- C:\Windows\System\QNBWGCJ.exe
  C:\Windows\System\QNBWGCJ.exe
  2⤵
  PID:5440
- C:\Windows\System\MyCfSeZ.exe
  C:\Windows\System\MyCfSeZ.exe
  2⤵
  PID:5456
- C:\Windows\System\mJbWMrW.exe
  C:\Windows\System\mJbWMrW.exe
  2⤵
  PID:5472
- C:\Windows\System\sxAwbqv.exe
  C:\Windows\System\sxAwbqv.exe
  2⤵
  PID:5488
- C:\Windows\System\AFBQYio.exe
  C:\Windows\System\AFBQYio.exe
  2⤵
  PID:5504
- C:\Windows\System\rVeCarc.exe
  C:\Windows\System\rVeCarc.exe
  2⤵
  PID:5520
- C:\Windows\System\MLfFYXx.exe
  C:\Windows\System\MLfFYXx.exe
  2⤵
  PID:5536
- C:\Windows\System\gQTlLSd.exe
  C:\Windows\System\gQTlLSd.exe
  2⤵
  PID:5552
- C:\Windows\System\pYUCEMr.exe
  C:\Windows\System\pYUCEMr.exe
  2⤵
  PID:5596
- C:\Windows\System\yNAyOyk.exe
  C:\Windows\System\yNAyOyk.exe
  2⤵
  PID:5612
- C:\Windows\System\pAXVzmn.exe
  C:\Windows\System\pAXVzmn.exe
  2⤵
  PID:5628
- C:\Windows\System\wnKCePk.exe
  C:\Windows\System\wnKCePk.exe
  2⤵
  PID:5680
- C:\Windows\System\DWWIeZw.exe
  C:\Windows\System\DWWIeZw.exe
  2⤵
  PID:5700
- C:\Windows\System\ZfoGIXH.exe
  C:\Windows\System\ZfoGIXH.exe
  2⤵
  PID:5716
- C:\Windows\System\eveXBjI.exe
  C:\Windows\System\eveXBjI.exe
  2⤵
  PID:5732
- C:\Windows\System\yKSQwfi.exe
  C:\Windows\System\yKSQwfi.exe
  2⤵
  PID:5748
- C:\Windows\System\cALeVZd.exe
  C:\Windows\System\cALeVZd.exe
  2⤵
  PID:5764
- C:\Windows\System\LoehkJv.exe
  C:\Windows\System\LoehkJv.exe
  2⤵
  PID:5780
- C:\Windows\System\XvcYXZP.exe
  C:\Windows\System\XvcYXZP.exe
  2⤵
  PID:5796
- C:\Windows\System\plrCghk.exe
  C:\Windows\System\plrCghk.exe
  2⤵
  PID:5816
- C:\Windows\System\XmSgrRe.exe
  C:\Windows\System\XmSgrRe.exe
  2⤵
  PID:5848
- C:\Windows\System\yTnjoCO.exe
  C:\Windows\System\yTnjoCO.exe
  2⤵
  PID:5864
- C:\Windows\System\ZCvYCrJ.exe
  C:\Windows\System\ZCvYCrJ.exe
  2⤵
  PID:5880
- C:\Windows\System\CASOfkJ.exe
  C:\Windows\System\CASOfkJ.exe
  2⤵
  PID:5900
- C:\Windows\System\tgxpHLl.exe
  C:\Windows\System\tgxpHLl.exe
  2⤵
  PID:5928
- C:\Windows\System\tAFAKBo.exe
  C:\Windows\System\tAFAKBo.exe
  2⤵
  PID:5944
- C:\Windows\System\XfJNdLV.exe
  C:\Windows\System\XfJNdLV.exe
  2⤵
  PID:5960
- C:\Windows\System\NhbVNtq.exe
  C:\Windows\System\NhbVNtq.exe
  2⤵
  PID:5976
- C:\Windows\System\KWrhFcR.exe
  C:\Windows\System\KWrhFcR.exe
  2⤵
  PID:5992
- C:\Windows\System\XOAxrgH.exe
  C:\Windows\System\XOAxrgH.exe
  2⤵
  PID:6008
- C:\Windows\System\nGfsGKZ.exe
  C:\Windows\System\nGfsGKZ.exe
  2⤵
  PID:6028
- C:\Windows\System\eINFlFy.exe
  C:\Windows\System\eINFlFy.exe
  2⤵
  PID:6044
- C:\Windows\System\OGanieP.exe
  C:\Windows\System\OGanieP.exe
  2⤵
  PID:6060
- C:\Windows\System\wYhjJKO.exe
  C:\Windows\System\wYhjJKO.exe
  2⤵
  PID:6076
- C:\Windows\System\fqCsKmL.exe
  C:\Windows\System\fqCsKmL.exe
  2⤵
  PID:5100
- C:\Windows\System\WQqturC.exe
  C:\Windows\System\WQqturC.exe
  2⤵
  PID:4228
- C:\Windows\System\RAUrbAE.exe
  C:\Windows\System\RAUrbAE.exe
  2⤵
  PID:4424
- C:\Windows\System\FPUrUPZ.exe
  C:\Windows\System\FPUrUPZ.exe
  2⤵
  PID:4648
- C:\Windows\System\KDinSLU.exe
  C:\Windows\System\KDinSLU.exe
  2⤵
  PID:4264
- C:\Windows\System\BhBQvOT.exe
  C:\Windows\System\BhBQvOT.exe
  2⤵
  PID:5164
- C:\Windows\System\VJWReIR.exe
  C:\Windows\System\VJWReIR.exe
  2⤵
  PID:5192
- C:\Windows\System\JqidXVZ.exe
  C:\Windows\System\JqidXVZ.exe
  2⤵
  PID:5188
- C:\Windows\System\hNwsIaT.exe
  C:\Windows\System\hNwsIaT.exe
  2⤵
  PID:5208
- C:\Windows\System\FlzkHSB.exe
  C:\Windows\System\FlzkHSB.exe
  2⤵
  PID:4700
- C:\Windows\System\MvkSsaP.exe
  C:\Windows\System\MvkSsaP.exe
  2⤵
  PID:5228
- C:\Windows\System\mQKkfJK.exe
  C:\Windows\System\mQKkfJK.exe
  2⤵
  PID:5236
- C:\Windows\System\mPfcLNv.exe
  C:\Windows\System\mPfcLNv.exe
  2⤵
  PID:4512
- C:\Windows\System\POJwDua.exe
  C:\Windows\System\POJwDua.exe
  2⤵
  PID:5256
- C:\Windows\System\oUgxSnh.exe
  C:\Windows\System\oUgxSnh.exe
  2⤵
  PID:4968
- C:\Windows\System\eeVGtXI.exe
  C:\Windows\System\eeVGtXI.exe
  2⤵
  PID:4668
- C:\Windows\System\iBiFXfc.exe
  C:\Windows\System\iBiFXfc.exe
  2⤵
  PID:4608
- C:\Windows\System\optfIho.exe
  C:\Windows\System\optfIho.exe
  2⤵
  PID:3680
- C:\Windows\System\bgRfdYf.exe
  C:\Windows\System\bgRfdYf.exe
  2⤵
  PID:4280
- C:\Windows\System\yevUwEd.exe
  C:\Windows\System\yevUwEd.exe
  2⤵
  PID:4016
- C:\Windows\System\ACLMAkZ.exe
  C:\Windows\System\ACLMAkZ.exe
  2⤵
  PID:4576
- C:\Windows\System\BQLrpgX.exe
  C:\Windows\System\BQLrpgX.exe
  2⤵
  PID:4728
- C:\Windows\System\mEgibbB.exe
  C:\Windows\System\mEgibbB.exe
  2⤵
  PID:5148
- C:\Windows\System\fncuhZe.exe
  C:\Windows\System\fncuhZe.exe
  2⤵
  PID:3760
- C:\Windows\System\gXMUbYM.exe
  C:\Windows\System\gXMUbYM.exe
  2⤵
  PID:5296
- C:\Windows\System\ueIhZxs.exe
  C:\Windows\System\ueIhZxs.exe
  2⤵
  PID:5496
- C:\Windows\System\RLALAeE.exe
  C:\Windows\System\RLALAeE.exe
  2⤵
  PID:5364
- C:\Windows\System\dUeIexP.exe
  C:\Windows\System\dUeIexP.exe
  2⤵
  PID:5432
- C:\Windows\System\XZCkKCb.exe
  C:\Windows\System\XZCkKCb.exe
  2⤵
  PID:5500
- C:\Windows\System\CFcDrEc.exe
  C:\Windows\System\CFcDrEc.exe
  2⤵
  PID:5588
- C:\Windows\System\IXcpcnx.exe
  C:\Windows\System\IXcpcnx.exe
  2⤵
  PID:5624
- C:\Windows\System\nDweCTB.exe
  C:\Windows\System\nDweCTB.exe
  2⤵
  PID:5448
- C:\Windows\System\usKCqvY.exe
  C:\Windows\System\usKCqvY.exe
  2⤵
  PID:5604
- C:\Windows\System\BIPquGK.exe
  C:\Windows\System\BIPquGK.exe
  2⤵
  PID:5352
- C:\Windows\System\NOxqcRI.exe
  C:\Windows\System\NOxqcRI.exe
  2⤵
  PID:5484
- C:\Windows\System\hHvAGWU.exe
  C:\Windows\System\hHvAGWU.exe
  2⤵
  PID:5644
- C:\Windows\System\tSBwwdZ.exe
  C:\Windows\System\tSBwwdZ.exe
  2⤵
  PID:5660
- C:\Windows\System\BBghxER.exe
  C:\Windows\System\BBghxER.exe
  2⤵
  PID:5676
- C:\Windows\System\dUfPoat.exe
  C:\Windows\System\dUfPoat.exe
  2⤵
  PID:5756
- C:\Windows\System\SVdfGcC.exe
  C:\Windows\System\SVdfGcC.exe
  2⤵
  PID:5724
- C:\Windows\System\DMoVXMx.exe
  C:\Windows\System\DMoVXMx.exe
  2⤵
  PID:5832
- C:\Windows\System\Wrjwiem.exe
  C:\Windows\System\Wrjwiem.exe
  2⤵
  PID:5708
- C:\Windows\System\tQlIdzM.exe
  C:\Windows\System\tQlIdzM.exe
  2⤵
  PID:5856
- C:\Windows\System\pANrvDU.exe
  C:\Windows\System\pANrvDU.exe
  2⤵
  PID:5776
- C:\Windows\System\kJzItBT.exe
  C:\Windows\System\kJzItBT.exe
  2⤵
  PID:5968
- C:\Windows\System\pfTyLrs.exe
  C:\Windows\System\pfTyLrs.exe
  2⤵
  PID:6052
- C:\Windows\System\tDlfGRL.exe
  C:\Windows\System\tDlfGRL.exe
  2⤵
  PID:4196
- C:\Windows\System\GDCAuRD.exe
  C:\Windows\System\GDCAuRD.exe
  2⤵
  PID:5876
- C:\Windows\System\JXkHGyQ.exe
  C:\Windows\System\JXkHGyQ.exe
  2⤵
  PID:5912
- C:\Windows\System\pZAlNOw.exe
  C:\Windows\System\pZAlNOw.exe
  2⤵
  PID:5132
- C:\Windows\System\xOcaKzu.exe
  C:\Windows\System\xOcaKzu.exe
  2⤵
  PID:5200
- C:\Windows\System\extDrRB.exe
  C:\Windows\System\extDrRB.exe
  2⤵
  PID:4660
- C:\Windows\System\rLFytPi.exe
  C:\Windows\System\rLFytPi.exe
  2⤵
  PID:5032
- C:\Windows\System\BfPNmgY.exe
  C:\Windows\System\BfPNmgY.exe
  2⤵
  PID:6020
- C:\Windows\System\SrgXUMJ.exe
  C:\Windows\System\SrgXUMJ.exe
  2⤵
  PID:5252
- C:\Windows\System\NXBmwKi.exe
  C:\Windows\System\NXBmwKi.exe
  2⤵
  PID:4944
- C:\Windows\System\izZzVWp.exe
  C:\Windows\System\izZzVWp.exe
  2⤵
  PID:6096
- C:\Windows\System\qdVZiIQ.exe
  C:\Windows\System\qdVZiIQ.exe
  2⤵
  PID:5204
- C:\Windows\System\loeXMej.exe
  C:\Windows\System\loeXMej.exe
  2⤵
  PID:5240
- C:\Windows\System\UPHVNZF.exe
  C:\Windows\System\UPHVNZF.exe
  2⤵
  PID:5268
- C:\Windows\System\tIFIstc.exe
  C:\Windows\System\tIFIstc.exe
  2⤵
  PID:3460
- C:\Windows\System\HVyVbqi.exe
  C:\Windows\System\HVyVbqi.exe
  2⤵
  PID:4776
- C:\Windows\System\ihgRklU.exe
  C:\Windows\System\ihgRklU.exe
  2⤵
  PID:3564
- C:\Windows\System\ofMsDus.exe
  C:\Windows\System\ofMsDus.exe
  2⤵
  PID:4344
- C:\Windows\System\xlEoIaN.exe
  C:\Windows\System\xlEoIaN.exe
  2⤵
  PID:5280
- C:\Windows\System\NSjpgck.exe
  C:\Windows\System\NSjpgck.exe
  2⤵
  PID:5404
- C:\Windows\System\BqMnvpD.exe
  C:\Windows\System\BqMnvpD.exe
  2⤵
  PID:5580
- C:\Windows\System\auKlBkp.exe
  C:\Windows\System\auKlBkp.exe
  2⤵
  PID:5344
- C:\Windows\System\WUANLPo.exe
  C:\Windows\System\WUANLPo.exe
  2⤵
  PID:5896
- C:\Windows\System\BjkLBdD.exe
  C:\Windows\System\BjkLBdD.exe
  2⤵
  PID:5696
- C:\Windows\System\hVAspiC.exe
  C:\Windows\System\hVAspiC.exe
  2⤵
  PID:5744
- C:\Windows\System\yWCNbNm.exe
  C:\Windows\System\yWCNbNm.exe
  2⤵
  PID:6040
- C:\Windows\System\vzBxuIS.exe
  C:\Windows\System\vzBxuIS.exe
  2⤵
  PID:5940
- C:\Windows\System\XmYaTfg.exe
  C:\Windows\System\XmYaTfg.exe
  2⤵
  PID:4588
- C:\Windows\System\ufcHJrR.exe
  C:\Windows\System\ufcHJrR.exe
  2⤵
  PID:5212
- C:\Windows\System\kwNDthy.exe
  C:\Windows\System\kwNDthy.exe
  2⤵
  PID:5584
- C:\Windows\System\mAtjGDE.exe
  C:\Windows\System\mAtjGDE.exe
  2⤵
  PID:5384
- C:\Windows\System\yNfrYeC.exe
  C:\Windows\System\yNfrYeC.exe
  2⤵
  PID:5792
- C:\Windows\System\gtyKHRI.exe
  C:\Windows\System\gtyKHRI.exe
  2⤵
  PID:4188
- C:\Windows\System\VDRuJCb.exe
  C:\Windows\System\VDRuJCb.exe
  2⤵
  PID:4928
- C:\Windows\System\ipVrmNm.exe
  C:\Windows\System\ipVrmNm.exe
  2⤵
  PID:6116
- C:\Windows\System\mEEMgLX.exe
  C:\Windows\System\mEEMgLX.exe
  2⤵
  PID:4888
- C:\Windows\System\wlXTvYw.exe
  C:\Windows\System\wlXTvYw.exe
  2⤵
  PID:4964
- C:\Windows\System\dNBzLmt.exe
  C:\Windows\System\dNBzLmt.exe
  2⤵
  PID:6016
- C:\Windows\System\GIANIyf.exe
  C:\Windows\System\GIANIyf.exe
  2⤵
  PID:4244
- C:\Windows\System\XCLkMNv.exe
  C:\Windows\System\XCLkMNv.exe
  2⤵
  PID:4488
- C:\Windows\System\NyxhaVF.exe
  C:\Windows\System\NyxhaVF.exe
  2⤵
  PID:5568
- C:\Windows\System\BSjvPIw.exe
  C:\Windows\System\BSjvPIw.exe
  2⤵
  PID:5272
- C:\Windows\System\EdBeBHe.exe
  C:\Windows\System\EdBeBHe.exe
  2⤵
  PID:4076
- C:\Windows\System\zSSRLDn.exe
  C:\Windows\System\zSSRLDn.exe
  2⤵
  PID:5576
- C:\Windows\System\AvMGwkA.exe
  C:\Windows\System\AvMGwkA.exe
  2⤵
  PID:5468
- C:\Windows\System\bFYdzSU.exe
  C:\Windows\System\bFYdzSU.exe
  2⤵
  PID:5652
- C:\Windows\System\yuydzlN.exe
  C:\Windows\System\yuydzlN.exe
  2⤵
  PID:6024
- C:\Windows\System\XkSsngO.exe
  C:\Windows\System\XkSsngO.exe
  2⤵
  PID:5656
- C:\Windows\System\vAfjGtY.exe
  C:\Windows\System\vAfjGtY.exe
  2⤵
  PID:5640
- C:\Windows\System\noIMdvK.exe
  C:\Windows\System\noIMdvK.exe
  2⤵
  PID:6120
- C:\Windows\System\DUwpQhX.exe
  C:\Windows\System\DUwpQhX.exe
  2⤵
  PID:5920
- C:\Windows\System\tSNfujf.exe
  C:\Windows\System\tSNfujf.exe
  2⤵
  PID:4856
- C:\Windows\System\cYktTHf.exe
  C:\Windows\System\cYktTHf.exe
  2⤵
  PID:6084
- C:\Windows\System\hAwaMFB.exe
  C:\Windows\System\hAwaMFB.exe
  2⤵
  PID:6136
- C:\Windows\System\VEMrJXK.exe
  C:\Windows\System\VEMrJXK.exe
  2⤵
  PID:4744
- C:\Windows\System\MiOTSNh.exe
  C:\Windows\System\MiOTSNh.exe
  2⤵
  PID:5808
- C:\Windows\System\zbPQhpR.exe
  C:\Windows\System\zbPQhpR.exe
  2⤵
  PID:5400
- C:\Windows\System\CRBehhv.exe
  C:\Windows\System\CRBehhv.exe
  2⤵
  PID:5480
- C:\Windows\System\GEzjaNa.exe
  C:\Windows\System\GEzjaNa.exe
  2⤵
  PID:4396
- C:\Windows\System\rdovSaz.exe
  C:\Windows\System\rdovSaz.exe
  2⤵
  PID:5160
- C:\Windows\System\wiaurTM.exe
  C:\Windows\System\wiaurTM.exe
  2⤵
  PID:6160
- C:\Windows\System\NjXYvTL.exe
  C:\Windows\System\NjXYvTL.exe
  2⤵
  PID:6176
- C:\Windows\System\glvVSgL.exe
  C:\Windows\System\glvVSgL.exe
  2⤵
  PID:6196
- C:\Windows\System\VwSjNzm.exe
  C:\Windows\System\VwSjNzm.exe
  2⤵
  PID:6216
- C:\Windows\System\hZzkgZP.exe
  C:\Windows\System\hZzkgZP.exe
  2⤵
  PID:6232
- C:\Windows\System\BSzNfrc.exe
  C:\Windows\System\BSzNfrc.exe
  2⤵
  PID:6252
- C:\Windows\System\tIaMNpa.exe
  C:\Windows\System\tIaMNpa.exe
  2⤵
  PID:6276
- C:\Windows\System\hrpQIMR.exe
  C:\Windows\System\hrpQIMR.exe
  2⤵
  PID:6292
- C:\Windows\System\AvhyUVP.exe
  C:\Windows\System\AvhyUVP.exe
  2⤵
  PID:6312
- C:\Windows\System\ByLFOsa.exe
  C:\Windows\System\ByLFOsa.exe
  2⤵
  PID:6328
- C:\Windows\System\kWirmjh.exe
  C:\Windows\System\kWirmjh.exe
  2⤵
  PID:6348
- C:\Windows\System\SGilhnr.exe
  C:\Windows\System\SGilhnr.exe
  2⤵
  PID:6364
- C:\Windows\System\GFbUFuY.exe
  C:\Windows\System\GFbUFuY.exe
  2⤵
  PID:6388
- C:\Windows\System\GWEFSvF.exe
  C:\Windows\System\GWEFSvF.exe
  2⤵
  PID:6404
- C:\Windows\System\fvkmvjc.exe
  C:\Windows\System\fvkmvjc.exe
  2⤵
  PID:6424
- C:\Windows\System\uezAUQk.exe
  C:\Windows\System\uezAUQk.exe
  2⤵
  PID:6440
- C:\Windows\System\lXrTeXR.exe
  C:\Windows\System\lXrTeXR.exe
  2⤵
  PID:6460
- C:\Windows\System\jbfYMqA.exe
  C:\Windows\System\jbfYMqA.exe
  2⤵
  PID:6480
- C:\Windows\System\dFozkBt.exe
  C:\Windows\System\dFozkBt.exe
  2⤵
  PID:6500
- C:\Windows\System\QbkLteO.exe
  C:\Windows\System\QbkLteO.exe
  2⤵
  PID:6516
- C:\Windows\System\JzLufGY.exe
  C:\Windows\System\JzLufGY.exe
  2⤵
  PID:6532
- C:\Windows\System\xKRqEFz.exe
  C:\Windows\System\xKRqEFz.exe
  2⤵
  PID:6552
- C:\Windows\System\YBZVVys.exe
  C:\Windows\System\YBZVVys.exe
  2⤵
  PID:6576
- C:\Windows\System\yvTgnto.exe
  C:\Windows\System\yvTgnto.exe
  2⤵
  PID:6592
- C:\Windows\System\PwRBtwD.exe
  C:\Windows\System\PwRBtwD.exe
  2⤵
  PID:6612
- C:\Windows\System\iUjTslE.exe
  C:\Windows\System\iUjTslE.exe
  2⤵
  PID:6628
- C:\Windows\System\aPnYFfL.exe
  C:\Windows\System\aPnYFfL.exe
  2⤵
  PID:6648
- C:\Windows\System\GZiICkE.exe
  C:\Windows\System\GZiICkE.exe
  2⤵
  PID:6664
- C:\Windows\System\ygxnNtB.exe
  C:\Windows\System\ygxnNtB.exe
  2⤵
  PID:6684
- C:\Windows\System\qeZvhPA.exe
  C:\Windows\System\qeZvhPA.exe
  2⤵
  PID:6700
- C:\Windows\System\TSxHvIF.exe
  C:\Windows\System\TSxHvIF.exe
  2⤵
  PID:6720
- C:\Windows\System\rJxhIxy.exe
  C:\Windows\System\rJxhIxy.exe
  2⤵
  PID:6736
- C:\Windows\System\tkvKgHP.exe
  C:\Windows\System\tkvKgHP.exe
  2⤵
  PID:6760
- C:\Windows\System\xbVeQdE.exe
  C:\Windows\System\xbVeQdE.exe
  2⤵
  PID:6776
- C:\Windows\System\sjoGemk.exe
  C:\Windows\System\sjoGemk.exe
  2⤵
  PID:6796
- C:\Windows\System\LxXdnNK.exe
  C:\Windows\System\LxXdnNK.exe
  2⤵
  PID:6816
- C:\Windows\System\wMMOqkx.exe
  C:\Windows\System\wMMOqkx.exe
  2⤵
  PID:6836
- C:\Windows\System\BkQknYa.exe
  C:\Windows\System\BkQknYa.exe
  2⤵
  PID:6856
- C:\Windows\System\AvGHcaj.exe
  C:\Windows\System\AvGHcaj.exe
  2⤵
  PID:6872
- C:\Windows\System\HmTdFNj.exe
  C:\Windows\System\HmTdFNj.exe
  2⤵
  PID:6896
- C:\Windows\System\dinuUKU.exe
  C:\Windows\System\dinuUKU.exe
  2⤵
  PID:6916
- C:\Windows\System\sPbCvvD.exe
  C:\Windows\System\sPbCvvD.exe
  2⤵
  PID:6932
- C:\Windows\System\qBqatpr.exe
  C:\Windows\System\qBqatpr.exe
  2⤵
  PID:6952
- C:\Windows\System\jphAdly.exe
  C:\Windows\System\jphAdly.exe
  2⤵
  PID:6976
- C:\Windows\System\bPGsmDe.exe
  C:\Windows\System\bPGsmDe.exe
  2⤵
  PID:6996
- C:\Windows\System\MSstten.exe
  C:\Windows\System\MSstten.exe
  2⤵
  PID:7016
- C:\Windows\System\hUVmBoH.exe
  C:\Windows\System\hUVmBoH.exe
  2⤵
  PID:7032
- C:\Windows\System\adIgldU.exe
  C:\Windows\System\adIgldU.exe
  2⤵
  PID:7048
- C:\Windows\System\tYGmQIk.exe
  C:\Windows\System\tYGmQIk.exe
  2⤵
  PID:7068
- C:\Windows\System\zIFFMEG.exe
  C:\Windows\System\zIFFMEG.exe
  2⤵
  PID:7092
- C:\Windows\System\IGnqVZt.exe
  C:\Windows\System\IGnqVZt.exe
  2⤵
  PID:7108
- C:\Windows\System\xgZKSrA.exe
  C:\Windows\System\xgZKSrA.exe
  2⤵
  PID:7124
- C:\Windows\System\aTmAqss.exe
  C:\Windows\System\aTmAqss.exe
  2⤵
  PID:7148
- C:\Windows\System\chfHMNf.exe
  C:\Windows\System\chfHMNf.exe
  2⤵
  PID:7164
- C:\Windows\System\JYHRVZh.exe
  C:\Windows\System\JYHRVZh.exe
  2⤵
  PID:6208
- C:\Windows\System\caozrlK.exe
  C:\Windows\System\caozrlK.exe
  2⤵
  PID:6248
- C:\Windows\System\ADwBFfr.exe
  C:\Windows\System\ADwBFfr.exe
  2⤵
  PID:6324
- C:\Windows\System\gPyAgxx.exe
  C:\Windows\System\gPyAgxx.exe
  2⤵
  PID:6036
- C:\Windows\System\cBTtUSa.exe
  C:\Windows\System\cBTtUSa.exe
  2⤵
  PID:6472
- C:\Windows\System\EtbLDFK.exe
  C:\Windows\System\EtbLDFK.exe
  2⤵
  PID:6512
- C:\Windows\System\dhqlvor.exe
  C:\Windows\System\dhqlvor.exe
  2⤵
  PID:5548
- C:\Windows\System\shjDDgx.exe
  C:\Windows\System\shjDDgx.exe
  2⤵
  PID:6656
- C:\Windows\System\vlQukJH.exe
  C:\Windows\System\vlQukJH.exe
  2⤵
  PID:6756
- C:\Windows\System\fmpkECt.exe
  C:\Windows\System\fmpkECt.exe
  2⤵
  PID:6808
- C:\Windows\System\PNayMOM.exe
  C:\Windows\System\PNayMOM.exe
  2⤵
  PID:6844
- C:\Windows\System\XNAVlUQ.exe
  C:\Windows\System\XNAVlUQ.exe
  2⤵
  PID:6884
- C:\Windows\System\MvAWxLy.exe
  C:\Windows\System\MvAWxLy.exe
  2⤵
  PID:6928
- C:\Windows\System\COntyco.exe
  C:\Windows\System\COntyco.exe
  2⤵
  PID:6964
- C:\Windows\System\xiNQcCR.exe
  C:\Windows\System\xiNQcCR.exe
  2⤵
  PID:4892
- C:\Windows\System\RSrffwh.exe
  C:\Windows\System\RSrffwh.exe
  2⤵
  PID:7008
- C:\Windows\System\lZqXiHb.exe
  C:\Windows\System\lZqXiHb.exe
  2⤵
  PID:7080
- C:\Windows\System\QIurHjt.exe
  C:\Windows\System\QIurHjt.exe
  2⤵
  PID:7120
- C:\Windows\System\UZoDNwQ.exe
  C:\Windows\System\UZoDNwQ.exe
  2⤵
  PID:7160
- C:\Windows\System\DFqwCIF.exe
  C:\Windows\System\DFqwCIF.exe
  2⤵
  PID:6300
- C:\Windows\System\QYMIAYe.exe
  C:\Windows\System\QYMIAYe.exe
  2⤵
  PID:6608
- C:\Windows\System\EtPHykf.exe
  C:\Windows\System\EtPHykf.exe
  2⤵
  PID:6644
- C:\Windows\System\CtioQlo.exe
  C:\Windows\System\CtioQlo.exe
  2⤵
  PID:6792
- C:\Windows\System\Eqkefyb.exe
  C:\Windows\System\Eqkefyb.exe
  2⤵
  PID:5332
- C:\Windows\System\cFwXBgL.exe
  C:\Windows\System\cFwXBgL.exe
  2⤵
  PID:5264
- C:\Windows\System\lbBjPNP.exe
  C:\Windows\System\lbBjPNP.exe
  2⤵
  PID:5564
- C:\Windows\System\OSyETPr.exe
  C:\Windows\System\OSyETPr.exe
  2⤵
  PID:6992
- C:\Windows\System\ROXmXka.exe
  C:\Windows\System\ROXmXka.exe
  2⤵
  PID:5116
- C:\Windows\System\ZkLpURo.exe
  C:\Windows\System\ZkLpURo.exe
  2⤵
  PID:6548
- C:\Windows\System\CtFuCxi.exe
  C:\Windows\System\CtFuCxi.exe
  2⤵
  PID:6732
- C:\Windows\System\bracAnJ.exe
  C:\Windows\System\bracAnJ.exe
  2⤵
  PID:6376
- C:\Windows\System\qicSUWq.exe
  C:\Windows\System\qicSUWq.exe
  2⤵
  PID:6396
- C:\Windows\System\pqvMKIv.exe
  C:\Windows\System\pqvMKIv.exe
  2⤵
  PID:6564
- C:\Windows\System\zzsefHS.exe
  C:\Windows\System\zzsefHS.exe
  2⤵
  PID:6752
- C:\Windows\System\VvVJbRD.exe
  C:\Windows\System\VvVJbRD.exe
  2⤵
  PID:6224
- C:\Windows\System\lRUMcYU.exe
  C:\Windows\System\lRUMcYU.exe
  2⤵
  PID:6268
- C:\Windows\System\xZmtUNf.exe
  C:\Windows\System\xZmtUNf.exe
  2⤵
  PID:6584
- C:\Windows\System\QbdyiFk.exe
  C:\Windows\System\QbdyiFk.exe
  2⤵
  PID:6372
- C:\Windows\System\ZxWCqFu.exe
  C:\Windows\System\ZxWCqFu.exe
  2⤵
  PID:6456
- C:\Windows\System\Sfqervx.exe
  C:\Windows\System\Sfqervx.exe
  2⤵
  PID:6568
- C:\Windows\System\cirACPJ.exe
  C:\Windows\System\cirACPJ.exe
  2⤵
  PID:6868
- C:\Windows\System\LPXGGEV.exe
  C:\Windows\System\LPXGGEV.exe
  2⤵
  PID:7144
- C:\Windows\System\aRgDLZt.exe
  C:\Windows\System\aRgDLZt.exe
  2⤵
  PID:6972
- C:\Windows\System\JABQsCs.exe
  C:\Windows\System\JABQsCs.exe
  2⤵
  PID:6336
- C:\Windows\System\lJjZfOR.exe
  C:\Windows\System\lJjZfOR.exe
  2⤵
  PID:1548
- C:\Windows\System\AhxgOuq.exe
  C:\Windows\System\AhxgOuq.exe
  2⤵
  PID:5244
- C:\Windows\System\nrazufA.exe
  C:\Windows\System\nrazufA.exe
  2⤵
  PID:5668
- C:\Windows\System\KPpXBAp.exe
  C:\Windows\System\KPpXBAp.exe
  2⤵
  PID:6412
- C:\Windows\System\TQRIFOd.exe
  C:\Windows\System\TQRIFOd.exe
  2⤵
  PID:4216
- C:\Windows\System\riyZvIO.exe
  C:\Windows\System\riyZvIO.exe
  2⤵
  PID:6604
- C:\Windows\System\gYpKxHB.exe
  C:\Windows\System\gYpKxHB.exe
  2⤵
  PID:5328
- C:\Windows\System\OXKMACj.exe
  C:\Windows\System\OXKMACj.exe
  2⤵
  PID:6272
- C:\Windows\System\CAsbIxN.exe
  C:\Windows\System\CAsbIxN.exe
  2⤵
  PID:7156
- C:\Windows\System\DBtBmsd.exe
  C:\Windows\System\DBtBmsd.exe
  2⤵
  PID:5984
- C:\Windows\System\obUSrie.exe
  C:\Windows\System\obUSrie.exe
  2⤵
  PID:6172
- C:\Windows\System\BWLgdKe.exe
  C:\Windows\System\BWLgdKe.exe
  2⤵
  PID:6744
- C:\Windows\System\QUnoxbp.exe
  C:\Windows\System\QUnoxbp.exe
  2⤵
  PID:6340
- C:\Windows\System\ZPSKFUH.exe
  C:\Windows\System\ZPSKFUH.exe
  2⤵
  PID:6888
- C:\Windows\System\uJbcCPo.exe
  C:\Windows\System\uJbcCPo.exe
  2⤵
  PID:6448
- C:\Windows\System\vmnymGv.exe
  C:\Windows\System\vmnymGv.exe
  2⤵
  PID:4536
- C:\Windows\System\lNHOoOb.exe
  C:\Windows\System\lNHOoOb.exe
  2⤵
  PID:6524
- C:\Windows\System\EBXHxVq.exe
  C:\Windows\System\EBXHxVq.exe
  2⤵
  PID:6308
- C:\Windows\System\vtZBvTv.exe
  C:\Windows\System\vtZBvTv.exe
  2⤵
  PID:6452
- C:\Windows\System\vsPfpWE.exe
  C:\Windows\System\vsPfpWE.exe
  2⤵
  PID:7028
- C:\Windows\System\IBxeUdE.exe
  C:\Windows\System\IBxeUdE.exe
  2⤵
  PID:6852
- C:\Windows\System\rRjgiHj.exe
  C:\Windows\System\rRjgiHj.exe
  2⤵
  PID:6636
- C:\Windows\System\xCDseWf.exe
  C:\Windows\System\xCDseWf.exe
  2⤵
  PID:6716
- C:\Windows\System\XRLdcui.exe
  C:\Windows\System\XRLdcui.exe
  2⤵
  PID:7024
- C:\Windows\System\jYKacun.exe
  C:\Windows\System\jYKacun.exe
  2⤵
  PID:6304
- C:\Windows\System\MUKsHfm.exe
  C:\Windows\System\MUKsHfm.exe
  2⤵
  PID:7104
- C:\Windows\System\xyxKDcr.exe
  C:\Windows\System\xyxKDcr.exe
  2⤵
  PID:6560
- C:\Windows\System\fnmNYKG.exe
  C:\Windows\System\fnmNYKG.exe
  2⤵
  PID:7184
- C:\Windows\System\QDzXCPF.exe
  C:\Windows\System\QDzXCPF.exe
  2⤵
  PID:7200
- C:\Windows\System\PJKmHHK.exe
  C:\Windows\System\PJKmHHK.exe
  2⤵
  PID:7216
- C:\Windows\System\oJYbZXY.exe
  C:\Windows\System\oJYbZXY.exe
  2⤵
  PID:7232
- C:\Windows\System\JiiFgVT.exe
  C:\Windows\System\JiiFgVT.exe
  2⤵
  PID:7248
- C:\Windows\System\ThoKQfW.exe
  C:\Windows\System\ThoKQfW.exe
  2⤵
  PID:7268
- C:\Windows\System\RJzFzlj.exe
  C:\Windows\System\RJzFzlj.exe
  2⤵
  PID:7284
- C:\Windows\System\PqXVoHt.exe
  C:\Windows\System\PqXVoHt.exe
  2⤵
  PID:7304
- C:\Windows\System\fWxjWoe.exe
  C:\Windows\System\fWxjWoe.exe
  2⤵
  PID:7324
- C:\Windows\System\OMMjzot.exe
  C:\Windows\System\OMMjzot.exe
  2⤵
  PID:7340
- C:\Windows\System\KLHdsOH.exe
  C:\Windows\System\KLHdsOH.exe
  2⤵
  PID:7360
- C:\Windows\System\dHKmxXF.exe
  C:\Windows\System\dHKmxXF.exe
  2⤵
  PID:7376
- C:\Windows\System\keQSQpa.exe
  C:\Windows\System\keQSQpa.exe
  2⤵
  PID:7400
- C:\Windows\System\rhGgOGt.exe
  C:\Windows\System\rhGgOGt.exe
  2⤵
  PID:7420
- C:\Windows\System\fRyzncW.exe
  C:\Windows\System\fRyzncW.exe
  2⤵
  PID:7440
- C:\Windows\System\cYuxEwv.exe
  C:\Windows\System\cYuxEwv.exe
  2⤵
  PID:7456
- C:\Windows\System\TKmgzHy.exe
  C:\Windows\System\TKmgzHy.exe
  2⤵
  PID:7476
- C:\Windows\System\vPDlXnj.exe
  C:\Windows\System\vPDlXnj.exe
  2⤵
  PID:7496
- C:\Windows\System\fmIBbeT.exe
  C:\Windows\System\fmIBbeT.exe
  2⤵
  PID:7516
- C:\Windows\System\BegbrlR.exe
  C:\Windows\System\BegbrlR.exe
  2⤵
  PID:7532
- C:\Windows\System\ebKEsCZ.exe
  C:\Windows\System\ebKEsCZ.exe
  2⤵
  PID:7548
- C:\Windows\System\ESJAGrK.exe
  C:\Windows\System\ESJAGrK.exe
  2⤵
  PID:7564
- C:\Windows\System\OAwDLeP.exe
  C:\Windows\System\OAwDLeP.exe
  2⤵
  PID:7580
- C:\Windows\System\AqahFQp.exe
  C:\Windows\System\AqahFQp.exe
  2⤵
  PID:7600
- C:\Windows\System\NLmnLzJ.exe
  C:\Windows\System\NLmnLzJ.exe
  2⤵
  PID:7660
- C:\Windows\System\HjoMtoZ.exe
  C:\Windows\System\HjoMtoZ.exe
  2⤵
  PID:7676
- C:\Windows\System\nRBMkli.exe
  C:\Windows\System\nRBMkli.exe
  2⤵
  PID:7692
- C:\Windows\System\NXeWwpH.exe
  C:\Windows\System\NXeWwpH.exe
  2⤵
  PID:7708
- C:\Windows\System\TwiJBjz.exe
  C:\Windows\System\TwiJBjz.exe
  2⤵
  PID:7724
- C:\Windows\System\bKZHMyq.exe
  C:\Windows\System\bKZHMyq.exe
  2⤵
  PID:7740
- C:\Windows\System\AubKVkt.exe
  C:\Windows\System\AubKVkt.exe
  2⤵
  PID:7756
- C:\Windows\System\zwAAEax.exe
  C:\Windows\System\zwAAEax.exe
  2⤵
  PID:7772
- C:\Windows\System\zNFXsfD.exe
  C:\Windows\System\zNFXsfD.exe
  2⤵
  PID:7788
- C:\Windows\System\emUmRVI.exe
  C:\Windows\System\emUmRVI.exe
  2⤵
  PID:7804
- C:\Windows\System\ekUcOnj.exe
  C:\Windows\System\ekUcOnj.exe
  2⤵
  PID:7820
- C:\Windows\System\XjuhRqs.exe
  C:\Windows\System\XjuhRqs.exe
  2⤵
  PID:7836
- C:\Windows\System\YIUGhIa.exe
  C:\Windows\System\YIUGhIa.exe
  2⤵
  PID:7852
- C:\Windows\System\qmxHVCx.exe
  C:\Windows\System\qmxHVCx.exe
  2⤵
  PID:7868
- C:\Windows\System\LypQwFG.exe
  C:\Windows\System\LypQwFG.exe
  2⤵
  PID:7884
- C:\Windows\System\VHkKHvx.exe
  C:\Windows\System\VHkKHvx.exe
  2⤵
  PID:7900
- C:\Windows\System\UBQwKjQ.exe
  C:\Windows\System\UBQwKjQ.exe
  2⤵
  PID:7916
- C:\Windows\System\XDbLxov.exe
  C:\Windows\System\XDbLxov.exe
  2⤵
  PID:7932
- C:\Windows\System\HYRBOMz.exe
  C:\Windows\System\HYRBOMz.exe
  2⤵
  PID:7948
- C:\Windows\System\svKPgje.exe
  C:\Windows\System\svKPgje.exe
  2⤵
  PID:7968
- C:\Windows\System\ymUByZm.exe
  C:\Windows\System\ymUByZm.exe
  2⤵
  PID:7984
- C:\Windows\System\xjOPDNy.exe
  C:\Windows\System\xjOPDNy.exe
  2⤵
  PID:8000
- C:\Windows\System\lBvnTRl.exe
  C:\Windows\System\lBvnTRl.exe
  2⤵
  PID:8016
- C:\Windows\System\QJRcRKs.exe
  C:\Windows\System\QJRcRKs.exe
  2⤵
  PID:8032
- C:\Windows\System\mWBWFxk.exe
  C:\Windows\System\mWBWFxk.exe
  2⤵
  PID:8048
- C:\Windows\System\DYKPfaW.exe
  C:\Windows\System\DYKPfaW.exe
  2⤵
  PID:8064
- C:\Windows\System\KjVMZjV.exe
  C:\Windows\System\KjVMZjV.exe
  2⤵
  PID:8080
- C:\Windows\System\FDREcAN.exe
  C:\Windows\System\FDREcAN.exe
  2⤵
  PID:8096
- C:\Windows\System\yGNKWRC.exe
  C:\Windows\System\yGNKWRC.exe
  2⤵
  PID:8112
- C:\Windows\System\eSMupbE.exe
  C:\Windows\System\eSMupbE.exe
  2⤵
  PID:8128
- C:\Windows\System\kGvtLSB.exe
  C:\Windows\System\kGvtLSB.exe
  2⤵
  PID:8144
- C:\Windows\System\wJcWCro.exe
  C:\Windows\System\wJcWCro.exe
  2⤵
  PID:8160
- C:\Windows\System\WfBGKRR.exe
  C:\Windows\System\WfBGKRR.exe
  2⤵
  PID:8176
- C:\Windows\System\lflxDXP.exe
  C:\Windows\System\lflxDXP.exe
  2⤵
  PID:5788
- C:\Windows\System\cGzEZWH.exe
  C:\Windows\System\cGzEZWH.exe
  2⤵
  PID:6436
- C:\Windows\System\MGYoHnP.exe
  C:\Windows\System\MGYoHnP.exe
  2⤵
  PID:7208
- C:\Windows\System\QepRtrW.exe
  C:\Windows\System\QepRtrW.exe
  2⤵
  PID:7280
- C:\Windows\System\EChbUij.exe
  C:\Windows\System\EChbUij.exe
  2⤵
  PID:7352
- C:\Windows\System\GPOTugr.exe
  C:\Windows\System\GPOTugr.exe
  2⤵
  PID:7384
- C:\Windows\System\JtRxHtp.exe
  C:\Windows\System\JtRxHtp.exe
  2⤵
  PID:7396
- C:\Windows\System\zNIlteA.exe
  C:\Windows\System\zNIlteA.exe
  2⤵
  PID:7464
- C:\Windows\System\fGtWikT.exe
  C:\Windows\System\fGtWikT.exe
  2⤵
  PID:7508
- C:\Windows\System\BPsLflx.exe
  C:\Windows\System\BPsLflx.exe
  2⤵
  PID:6320
- C:\Windows\System\XxoGMXg.exe
  C:\Windows\System\XxoGMXg.exe
  2⤵
  PID:6728
- C:\Windows\System\yRcxDPl.exe
  C:\Windows\System\yRcxDPl.exe
  2⤵
  PID:6772
- C:\Windows\System\iFpqlcF.exe
  C:\Windows\System\iFpqlcF.exe
  2⤵
  PID:7560
- C:\Windows\System\sZQmeUV.exe
  C:\Windows\System\sZQmeUV.exe
  2⤵
  PID:3956
- C:\Windows\System\QEZQpJH.exe
  C:\Windows\System\QEZQpJH.exe
  2⤵
  PID:6264
- C:\Windows\System\GQhdheH.exe
  C:\Windows\System\GQhdheH.exe
  2⤵
  PID:6672
- C:\Windows\System\dSUIiAH.exe
  C:\Windows\System\dSUIiAH.exe
  2⤵
  PID:7076
- C:\Windows\System\HtcXGWn.exe
  C:\Windows\System\HtcXGWn.exe
  2⤵
  PID:7140
- C:\Windows\System\IjliYUu.exe
  C:\Windows\System\IjliYUu.exe
  2⤵
  PID:7116
- C:\Windows\System\xbTXXqu.exe
  C:\Windows\System\xbTXXqu.exe
  2⤵
  PID:7224
- C:\Windows\System\eVsAWgn.exe
  C:\Windows\System\eVsAWgn.exe
  2⤵
  PID:7264
- C:\Windows\System\AGwgaLS.exe
  C:\Windows\System\AGwgaLS.exe
  2⤵
  PID:7336
- C:\Windows\System\SOBhEko.exe
  C:\Windows\System\SOBhEko.exe
  2⤵
  PID:7412
- C:\Windows\System\LPXkWrh.exe
  C:\Windows\System\LPXkWrh.exe
  2⤵
  PID:7492
- C:\Windows\System\DJIZzcT.exe
  C:\Windows\System\DJIZzcT.exe
  2⤵
  PID:7540
- C:\Windows\System\IgGboPV.exe
  C:\Windows\System\IgGboPV.exe
  2⤵
  PID:4916
- C:\Windows\System\IijHuiL.exe
  C:\Windows\System\IijHuiL.exe
  2⤵
  PID:7620
- C:\Windows\System\DfeyuyL.exe
  C:\Windows\System\DfeyuyL.exe
  2⤵
  PID:7636
- C:\Windows\System\CqwdFsh.exe
  C:\Windows\System\CqwdFsh.exe
  2⤵
  PID:7652
- C:\Windows\System\fvRmChz.exe
  C:\Windows\System\fvRmChz.exe
  2⤵
  PID:7716
- C:\Windows\System\sEFJkWj.exe
  C:\Windows\System\sEFJkWj.exe
  2⤵
  PID:7784
- C:\Windows\System\dwFLZZA.exe
  C:\Windows\System\dwFLZZA.exe
  2⤵
  PID:7812
- C:\Windows\System\SdjWPPQ.exe
  C:\Windows\System\SdjWPPQ.exe
  2⤵
  PID:7704
- C:\Windows\System\SdbWasx.exe
  C:\Windows\System\SdbWasx.exe
  2⤵
  PID:7700
- C:\Windows\System\GzGFksP.exe
  C:\Windows\System\GzGFksP.exe
  2⤵
  PID:7912
- C:\Windows\System\MWnqnOk.exe
  C:\Windows\System\MWnqnOk.exe
  2⤵
  PID:7940
- C:\Windows\System\UpQghdj.exe
  C:\Windows\System\UpQghdj.exe
  2⤵
  PID:7860
- C:\Windows\System\sOToIDl.exe
  C:\Windows\System\sOToIDl.exe
  2⤵
  PID:7980
- C:\Windows\System\ADhmnzj.exe
  C:\Windows\System\ADhmnzj.exe
  2⤵
  PID:7896
- C:\Windows\System\ubGGPlp.exe
  C:\Windows\System\ubGGPlp.exe
  2⤵
  PID:7996
- C:\Windows\System\OeSdMFM.exe
  C:\Windows\System\OeSdMFM.exe
  2⤵
  PID:8044
- C:\Windows\System\MLhdmXj.exe
  C:\Windows\System\MLhdmXj.exe
  2⤵
  PID:8104
- C:\Windows\System\eafpihO.exe
  C:\Windows\System\eafpihO.exe
  2⤵
  PID:8140
- C:\Windows\System\WOsobrX.exe
  C:\Windows\System\WOsobrX.exe
  2⤵
  PID:6940
- C:\Windows\System\alYlEnL.exe
  C:\Windows\System\alYlEnL.exe
  2⤵
  PID:8124
- C:\Windows\System\LAgSBcb.exe
  C:\Windows\System\LAgSBcb.exe
  2⤵
  PID:8184
- C:\Windows\System\qfeSNzw.exe
  C:\Windows\System\qfeSNzw.exe
  2⤵
  PID:8188
- C:\Windows\System\QVFDGwb.exe
  C:\Windows\System\QVFDGwb.exe
  2⤵
  PID:7244
- C:\Windows\System\UqiHohh.exe
  C:\Windows\System\UqiHohh.exe
  2⤵
  PID:3268
- C:\Windows\System\euMtLQW.exe
  C:\Windows\System\euMtLQW.exe
  2⤵
  PID:7004
- C:\Windows\System\deQTLuf.exe
  C:\Windows\System\deQTLuf.exe
  2⤵
  PID:5824
- C:\Windows\System\CYjTNhK.exe
  C:\Windows\System\CYjTNhK.exe
  2⤵
  PID:7300
- C:\Windows\System\DLMLUJY.exe
  C:\Windows\System\DLMLUJY.exe
  2⤵
  PID:7472
- C:\Windows\System\kCkHmpB.exe
  C:\Windows\System\kCkHmpB.exe
  2⤵
  PID:7452
- C:\Windows\System\nanedWQ.exe
  C:\Windows\System\nanedWQ.exe
  2⤵
  PID:7632
- C:\Windows\System\xYYhXzP.exe
  C:\Windows\System\xYYhXzP.exe
  2⤵
  PID:7528
- C:\Windows\System\sxoEtTU.exe
  C:\Windows\System\sxoEtTU.exe
  2⤵
  PID:7736
- C:\Windows\System\DuDCTzU.exe
  C:\Windows\System\DuDCTzU.exe
  2⤵
  PID:7256
- C:\Windows\System\BKxVlMl.exe
  C:\Windows\System\BKxVlMl.exe
  2⤵
  PID:7260
- C:\Windows\System\cBXpGkH.exe
  C:\Windows\System\cBXpGkH.exe
  2⤵
  PID:7608
- C:\Windows\System\JCduiBG.exe
  C:\Windows\System\JCduiBG.exe
  2⤵
  PID:7648
- C:\Windows\System\ZkRIQFT.exe
  C:\Windows\System\ZkRIQFT.exe
  2⤵
  PID:7832
- C:\Windows\System\UwASRjX.exe
  C:\Windows\System\UwASRjX.exe
  2⤵
  PID:7892
- C:\Windows\System\jvayyrq.exe
  C:\Windows\System\jvayyrq.exe
  2⤵
  PID:7928
- C:\Windows\System\SxfSBvu.exe
  C:\Windows\System\SxfSBvu.exe
  2⤵
  PID:8072
- C:\Windows\System\QSCPqNQ.exe
  C:\Windows\System\QSCPqNQ.exe
  2⤵
  PID:8172
- C:\Windows\System\juvGOLL.exe
  C:\Windows\System\juvGOLL.exe
  2⤵
  PID:8120
- C:\Windows\System\ltSOkVM.exe
  C:\Windows\System\ltSOkVM.exe
  2⤵
  PID:7348
- C:\Windows\System\pmMgmfV.exe
  C:\Windows\System\pmMgmfV.exe
  2⤵
  PID:6188
- C:\Windows\System\dfBMEww.exe
  C:\Windows\System\dfBMEww.exe
  2⤵
  PID:7296
- C:\Windows\System\gasJJWC.exe
  C:\Windows\System\gasJJWC.exe
  2⤵
  PID:7576
- C:\Windows\System\QDMiEKa.exe
  C:\Windows\System\QDMiEKa.exe
  2⤵
  PID:6492
- C:\Windows\System\fZwKSkM.exe
  C:\Windows\System\fZwKSkM.exe
  2⤵
  PID:6912
- C:\Windows\System\vcBYQfO.exe
  C:\Windows\System\vcBYQfO.exe
  2⤵
  PID:7372
- C:\Windows\System\uWujfqp.exe
  C:\Windows\System\uWujfqp.exe
  2⤵
  PID:7780
- C:\Windows\System\KvWMAmo.exe
  C:\Windows\System\KvWMAmo.exe
  2⤵
  PID:7644
- C:\Windows\System\LrKyfJG.exe
  C:\Windows\System\LrKyfJG.exe
  2⤵
  PID:7964
- C:\Windows\System\VZsVVBU.exe
  C:\Windows\System\VZsVVBU.exe
  2⤵
  PID:7320
- C:\Windows\System\NQHfUUE.exe
  C:\Windows\System\NQHfUUE.exe
  2⤵
  PID:8088
- C:\Windows\System\ulXkKLQ.exe
  C:\Windows\System\ulXkKLQ.exe
  2⤵
  PID:6960
- C:\Windows\System\Jajzhel.exe
  C:\Windows\System\Jajzhel.exe
  2⤵
  PID:7556
- C:\Windows\System\vyRcNeR.exe
  C:\Windows\System\vyRcNeR.exe
  2⤵
  PID:7688
- C:\Windows\System\QyHcaMr.exe
  C:\Windows\System\QyHcaMr.exe
  2⤵
  PID:7844
- C:\Windows\System\UFeYjYb.exe
  C:\Windows\System\UFeYjYb.exe
  2⤵
  PID:8012
- C:\Windows\System\nnikkHu.exe
  C:\Windows\System\nnikkHu.exe
  2⤵
  PID:7180
- C:\Windows\System\BXfjZUm.exe
  C:\Windows\System\BXfjZUm.exe
  2⤵
  PID:7800
- C:\Windows\System\nChoWsP.exe
  C:\Windows\System\nChoWsP.exe
  2⤵
  PID:8196
- C:\Windows\System\gdVGIaQ.exe
  C:\Windows\System\gdVGIaQ.exe
  2⤵
  PID:8212
- C:\Windows\System\sMjLqVW.exe
  C:\Windows\System\sMjLqVW.exe
  2⤵
  PID:8228
- C:\Windows\System\cgNhLqW.exe
  C:\Windows\System\cgNhLqW.exe
  2⤵
  PID:8244
- C:\Windows\System\AnQZYZS.exe
  C:\Windows\System\AnQZYZS.exe
  2⤵
  PID:8260
- C:\Windows\System\nSuoOBT.exe
  C:\Windows\System\nSuoOBT.exe
  2⤵
  PID:8280
- C:\Windows\System\XlPfNzr.exe
  C:\Windows\System\XlPfNzr.exe
  2⤵
  PID:8296
- C:\Windows\System\YDEWcoo.exe
  C:\Windows\System\YDEWcoo.exe
  2⤵
  PID:8312
- C:\Windows\System\MYsSctf.exe
  C:\Windows\System\MYsSctf.exe
  2⤵
  PID:8328
- C:\Windows\System\vmPzvnD.exe
  C:\Windows\System\vmPzvnD.exe
  2⤵
  PID:8344
- C:\Windows\System\Ofoyhdw.exe
  C:\Windows\System\Ofoyhdw.exe
  2⤵
  PID:8360
- C:\Windows\System\wVwQFkN.exe
  C:\Windows\System\wVwQFkN.exe
  2⤵
  PID:8376
- C:\Windows\System\TIAmvKH.exe
  C:\Windows\System\TIAmvKH.exe
  2⤵
  PID:8392
- C:\Windows\System\wnhSWmT.exe
  C:\Windows\System\wnhSWmT.exe
  2⤵
  PID:8408
- C:\Windows\System\cSkZcQa.exe
  C:\Windows\System\cSkZcQa.exe
  2⤵
  PID:8424
- C:\Windows\System\WDVrFkK.exe
  C:\Windows\System\WDVrFkK.exe
  2⤵
  PID:8440
- C:\Windows\System\ZfvPPIC.exe
  C:\Windows\System\ZfvPPIC.exe
  2⤵
  PID:8456
- C:\Windows\System\ZtdeeVL.exe
  C:\Windows\System\ZtdeeVL.exe
  2⤵
  PID:8472
- C:\Windows\System\SoSehoo.exe
  C:\Windows\System\SoSehoo.exe
  2⤵
  PID:8488
- C:\Windows\System\tVTZMch.exe
  C:\Windows\System\tVTZMch.exe
  2⤵
  PID:8504
- C:\Windows\System\eBiSWro.exe
  C:\Windows\System\eBiSWro.exe
  2⤵
  PID:8520
- C:\Windows\System\ozAFnqJ.exe
  C:\Windows\System\ozAFnqJ.exe
  2⤵
  PID:8536
- C:\Windows\System\tjbWppr.exe
  C:\Windows\System\tjbWppr.exe
  2⤵
  PID:8552
- C:\Windows\System\cWMOlNn.exe
  C:\Windows\System\cWMOlNn.exe
  2⤵
  PID:8568
- C:\Windows\System\yRxdcIy.exe
  C:\Windows\System\yRxdcIy.exe
  2⤵
  PID:8584
- C:\Windows\System\IZgPFAW.exe
  C:\Windows\System\IZgPFAW.exe
  2⤵
  PID:8600
- C:\Windows\System\zmHFKwv.exe
  C:\Windows\System\zmHFKwv.exe
  2⤵
  PID:8616
- C:\Windows\System\QyQQohD.exe
  C:\Windows\System\QyQQohD.exe
  2⤵
  PID:8632
- C:\Windows\System\vmZAZvd.exe
  C:\Windows\System\vmZAZvd.exe
  2⤵
  PID:8648
- C:\Windows\System\GYukeVJ.exe
  C:\Windows\System\GYukeVJ.exe
  2⤵
  PID:8664
- C:\Windows\System\YfbPyfx.exe
  C:\Windows\System\YfbPyfx.exe
  2⤵
  PID:8680
- C:\Windows\System\oYCpYIJ.exe
  C:\Windows\System\oYCpYIJ.exe
  2⤵
  PID:8696
- C:\Windows\System\NqMfdze.exe
  C:\Windows\System\NqMfdze.exe
  2⤵
  PID:8712
- C:\Windows\System\xaehFvm.exe
  C:\Windows\System\xaehFvm.exe
  2⤵
  PID:8728
- C:\Windows\System\VnUnCuq.exe
  C:\Windows\System\VnUnCuq.exe
  2⤵
  PID:8744
- C:\Windows\System\LsiUmUK.exe
  C:\Windows\System\LsiUmUK.exe
  2⤵
  PID:8764
- C:\Windows\System\KhQsJjd.exe
  C:\Windows\System\KhQsJjd.exe
  2⤵
  PID:8780
- C:\Windows\System\WfpdMxi.exe
  C:\Windows\System\WfpdMxi.exe
  2⤵
  PID:8796
- C:\Windows\System\MNqJBoX.exe
  C:\Windows\System\MNqJBoX.exe
  2⤵
  PID:8812
- C:\Windows\System\sepBwGm.exe
  C:\Windows\System\sepBwGm.exe
  2⤵
  PID:8828
- C:\Windows\System\vWDONEM.exe
  C:\Windows\System\vWDONEM.exe
  2⤵
  PID:8844
- C:\Windows\System\RjEroMr.exe
  C:\Windows\System\RjEroMr.exe
  2⤵
  PID:8860
- C:\Windows\System\VYPlyGB.exe
  C:\Windows\System\VYPlyGB.exe
  2⤵
  PID:8876
- C:\Windows\System\cVlzQVY.exe
  C:\Windows\System\cVlzQVY.exe
  2⤵
  PID:8892
- C:\Windows\System\zQwNlmn.exe
  C:\Windows\System\zQwNlmn.exe
  2⤵
  PID:8908
- C:\Windows\System\pTEKYLU.exe
  C:\Windows\System\pTEKYLU.exe
  2⤵
  PID:8924
- C:\Windows\System\JdblFIV.exe
  C:\Windows\System\JdblFIV.exe
  2⤵
  PID:8940
- C:\Windows\System\isfeBOV.exe
  C:\Windows\System\isfeBOV.exe
  2⤵
  PID:8956
- C:\Windows\System\OCsAMgc.exe
  C:\Windows\System\OCsAMgc.exe
  2⤵
  PID:8972
- C:\Windows\System\CijZnvg.exe
  C:\Windows\System\CijZnvg.exe
  2⤵
  PID:8988
- C:\Windows\System\YIxUsKS.exe
  C:\Windows\System\YIxUsKS.exe
  2⤵
  PID:9004
- C:\Windows\System\wvPoauR.exe
  C:\Windows\System\wvPoauR.exe
  2⤵
  PID:9020
- C:\Windows\System\evCJNrh.exe
  C:\Windows\System\evCJNrh.exe
  2⤵
  PID:9036
- C:\Windows\System\RcEviVi.exe
  C:\Windows\System\RcEviVi.exe
  2⤵
  PID:9052
- C:\Windows\System\voPVqzt.exe
  C:\Windows\System\voPVqzt.exe
  2⤵
  PID:9068
- C:\Windows\System\OplqXSe.exe
  C:\Windows\System\OplqXSe.exe
  2⤵
  PID:9084
- C:\Windows\System\loKWcDm.exe
  C:\Windows\System\loKWcDm.exe
  2⤵
  PID:9100
- C:\Windows\System\HMnlXep.exe
  C:\Windows\System\HMnlXep.exe
  2⤵
  PID:9116
- C:\Windows\System\maPonvb.exe
  C:\Windows\System\maPonvb.exe
  2⤵
  PID:9132
- C:\Windows\System\LFTVpXJ.exe
  C:\Windows\System\LFTVpXJ.exe
  2⤵
  PID:9152
- C:\Windows\System\QmWIvCA.exe
  C:\Windows\System\QmWIvCA.exe
  2⤵
  PID:9168
- C:\Windows\System\bHIRzrj.exe
  C:\Windows\System\bHIRzrj.exe
  2⤵
  PID:9184
- C:\Windows\System\kjVYirY.exe
  C:\Windows\System\kjVYirY.exe
  2⤵
  PID:9200
- C:\Windows\System\gBVgLMW.exe
  C:\Windows\System\gBVgLMW.exe
  2⤵
  PID:8204
- C:\Windows\System\HpNvSao.exe
  C:\Windows\System\HpNvSao.exe
  2⤵
  PID:8152
- C:\Windows\System\vLaCecr.exe
  C:\Windows\System\vLaCecr.exe
  2⤵
  PID:6880
- C:\Windows\System\XsQadPe.exe
  C:\Windows\System\XsQadPe.exe
  2⤵
  PID:8220
- C:\Windows\System\MfzOmdU.exe
  C:\Windows\System\MfzOmdU.exe
  2⤵
  PID:8268
- C:\Windows\System\SJohSno.exe
  C:\Windows\System\SJohSno.exe
  2⤵
  PID:8308
- C:\Windows\System\JXexCCx.exe
  C:\Windows\System\JXexCCx.exe
  2⤵
  PID:8400
- C:\Windows\System\nzOECWW.exe
  C:\Windows\System\nzOECWW.exe
  2⤵
  PID:8404
- C:\Windows\System\TEJgWsR.exe
  C:\Windows\System\TEJgWsR.exe
  2⤵
  PID:8528
- C:\Windows\System\KvktFtp.exe
  C:\Windows\System\KvktFtp.exe
  2⤵
  PID:8592
- C:\Windows\System\ZdPyXDu.exe
  C:\Windows\System\ZdPyXDu.exe
  2⤵
  PID:8656
- C:\Windows\System\LOHjKmL.exe
  C:\Windows\System\LOHjKmL.exe
  2⤵
  PID:8720
- C:\Windows\System\NDmpiwM.exe
  C:\Windows\System\NDmpiwM.exe
  2⤵
  PID:8352
- C:\Windows\System\ulYktqc.exe
  C:\Windows\System\ulYktqc.exe
  2⤵
  PID:8608
- C:\Windows\System\IGbFWbo.exe
  C:\Windows\System\IGbFWbo.exe
  2⤵
  PID:8704
- C:\Windows\System\grjxbsL.exe
  C:\Windows\System\grjxbsL.exe
  2⤵
  PID:8384
- C:\Windows\System\hsRwinr.exe
  C:\Windows\System\hsRwinr.exe
  2⤵
  PID:8292
- C:\Windows\System\oHJMwLU.exe
  C:\Windows\System\oHJMwLU.exe
  2⤵
  PID:8448
- C:\Windows\System\eJqIdgl.exe
  C:\Windows\System\eJqIdgl.exe
  2⤵
  PID:8548
- C:\Windows\System\LOplZKc.exe
  C:\Windows\System\LOplZKc.exe
  2⤵
  PID:8676
- C:\Windows\System\GuFhLFZ.exe
  C:\Windows\System\GuFhLFZ.exe
  2⤵
  PID:8792
- C:\Windows\System\zRfxuAP.exe
  C:\Windows\System\zRfxuAP.exe
  2⤵
  PID:8884
- C:\Windows\System\sPVWXdC.exe
  C:\Windows\System\sPVWXdC.exe
  2⤵
  PID:8920
- C:\Windows\System\vTmPCTh.exe
  C:\Windows\System\vTmPCTh.exe
  2⤵
  PID:8984
- C:\Windows\System\mprTRoM.exe
  C:\Windows\System\mprTRoM.exe
  2⤵
  PID:8932
- C:\Windows\System\JJTsUmu.exe
  C:\Windows\System\JJTsUmu.exe
  2⤵
  PID:8872
- C:\Windows\System\GWlwfLF.exe
  C:\Windows\System\GWlwfLF.exe
  2⤵
  PID:9028
- C:\Windows\System\yunhcqd.exe
  C:\Windows\System\yunhcqd.exe
  2⤵
  PID:8904
- C:\Windows\System\lRrPbiC.exe
  C:\Windows\System\lRrPbiC.exe
  2⤵
  PID:9012
- C:\Windows\System\TDnGCny.exe
  C:\Windows\System\TDnGCny.exe
  2⤵
  PID:9076
- C:\Windows\System\YfZpruV.exe
  C:\Windows\System\YfZpruV.exe
  2⤵
  PID:9148
- C:\Windows\System\QBJGQZb.exe
  C:\Windows\System\QBJGQZb.exe
  2⤵
  PID:9208
- C:\Windows\System\lGfklRh.exe
  C:\Windows\System\lGfklRh.exe
  2⤵
  PID:8272
- C:\Windows\System\XMGETkO.exe
  C:\Windows\System\XMGETkO.exe
  2⤵
  PID:9124
- C:\Windows\System\mIJLath.exe
  C:\Windows\System\mIJLath.exe
  2⤵
  PID:8500
- C:\Windows\System\YdiXSgg.exe
  C:\Windows\System\YdiXSgg.exe
  2⤵
  PID:8320
- C:\Windows\System\CQRRmJe.exe
  C:\Windows\System\CQRRmJe.exe
  2⤵
  PID:1928
- C:\Windows\System\YpZEsIO.exe
  C:\Windows\System\YpZEsIO.exe
  2⤵
  PID:8516
- C:\Windows\System\mcvXblH.exe
  C:\Windows\System\mcvXblH.exe
  2⤵
  PID:8916
- C:\Windows\System\yWPslTV.exe
  C:\Windows\System\yWPslTV.exe
  2⤵
  PID:9092
- C:\Windows\System\PpnAfiB.exe
  C:\Windows\System\PpnAfiB.exe
  2⤵
  PID:8356
- C:\Windows\System\lSrqTOr.exe
  C:\Windows\System\lSrqTOr.exe
  2⤵
  PID:7592
- C:\Windows\System\UYdCyTF.exe
  C:\Windows\System\UYdCyTF.exe
  2⤵
  PID:9196
- C:\Windows\System\QPBpPsM.exe
  C:\Windows\System\QPBpPsM.exe
  2⤵
  PID:9032
- C:\Windows\System\jCFhnRR.exe
  C:\Windows\System\jCFhnRR.exe
  2⤵
  PID:8236
- C:\Windows\System\tVrqOUw.exe
  C:\Windows\System\tVrqOUw.exe
  2⤵
  PID:7668
- C:\Windows\System\EwWtseb.exe
  C:\Windows\System\EwWtseb.exe
  2⤵
  PID:8560
- C:\Windows\System\sjrRtbw.exe
  C:\Windows\System\sjrRtbw.exe
  2⤵
  PID:8388
- C:\Windows\System\nqmSlvW.exe
  C:\Windows\System\nqmSlvW.exe
  2⤵
  PID:8672
- C:\Windows\System\DdEbsDR.exe
  C:\Windows\System\DdEbsDR.exe
  2⤵
  PID:8840
- C:\Windows\System\VyLygsC.exe
  C:\Windows\System\VyLygsC.exe
  2⤵
  PID:8952
- C:\Windows\System\aZNMuvg.exe
  C:\Windows\System\aZNMuvg.exe
  2⤵
  PID:8288
- C:\Windows\System\sFhwmhq.exe
  C:\Windows\System\sFhwmhq.exe
  2⤵
  PID:9180
- C:\Windows\System\IBURFri.exe
  C:\Windows\System\IBURFri.exe
  2⤵
  PID:9164
- C:\Windows\System\TbCymJV.exe
  C:\Windows\System\TbCymJV.exe
  2⤵
  PID:8452
- C:\Windows\System\bIBkeVX.exe
  C:\Windows\System\bIBkeVX.exe
  2⤵
  PID:6828
- C:\Windows\System\xitYrtp.exe
  C:\Windows\System\xitYrtp.exe
  2⤵
  PID:8464
- C:\Windows\System\gmxFtfD.exe
  C:\Windows\System\gmxFtfD.exe
  2⤵
  PID:8688
- C:\Windows\System\pfBEHMb.exe
  C:\Windows\System\pfBEHMb.exe
  2⤵
  PID:9060
- C:\Windows\System\QymPUmt.exe
  C:\Windows\System\QymPUmt.exe
  2⤵
  PID:9176
- C:\Windows\System\pXsCuNn.exe
  C:\Windows\System\pXsCuNn.exe
  2⤵
  PID:8304
- C:\Windows\System\KbMSwLG.exe
  C:\Windows\System\KbMSwLG.exe
  2⤵
  PID:9128
- C:\Windows\System\BjjWWyM.exe
  C:\Windows\System\BjjWWyM.exe
  2⤵
  PID:7768
- C:\Windows\System\sTTThDv.exe
  C:\Windows\System\sTTThDv.exe
  2⤵
  PID:9044
- C:\Windows\System\TsZyoua.exe
  C:\Windows\System\TsZyoua.exe
  2⤵
  PID:8888
- C:\Windows\System\iLVueLr.exe
  C:\Windows\System\iLVueLr.exe
  2⤵
  PID:8368
- C:\Windows\System\SmFXiMu.exe
  C:\Windows\System\SmFXiMu.exe
  2⤵
  PID:8852
- C:\Windows\System\WJXbPRW.exe
  C:\Windows\System\WJXbPRW.exe
  2⤵
  PID:9000
- C:\Windows\System\voarbcJ.exe
  C:\Windows\System\voarbcJ.exe
  2⤵
  PID:9224
- C:\Windows\System\ZbeKHfL.exe
  C:\Windows\System\ZbeKHfL.exe
  2⤵
  PID:9284
- C:\Windows\System\zmnVrfW.exe
  C:\Windows\System\zmnVrfW.exe
  2⤵
  PID:9304
- C:\Windows\System\rEKpsNM.exe
  C:\Windows\System\rEKpsNM.exe
  2⤵
  PID:9320
- C:\Windows\System\nCwoCAR.exe
  C:\Windows\System\nCwoCAR.exe
  2⤵
  PID:9340
- C:\Windows\System\odrlPpB.exe
  C:\Windows\System\odrlPpB.exe
  2⤵
  PID:9356
- C:\Windows\System\UsYyXSu.exe
  C:\Windows\System\UsYyXSu.exe
  2⤵
  PID:9372
- C:\Windows\System\FusyJJK.exe
  C:\Windows\System\FusyJJK.exe
  2⤵
  PID:9388
- C:\Windows\System\RzLhDpp.exe
  C:\Windows\System\RzLhDpp.exe
  2⤵
  PID:9404
- C:\Windows\System\LTDPaQw.exe
  C:\Windows\System\LTDPaQw.exe
  2⤵
  PID:9424
- C:\Windows\System\qAFRDUc.exe
  C:\Windows\System\qAFRDUc.exe
  2⤵
  PID:9440
- C:\Windows\System\KOaJgQu.exe
  C:\Windows\System\KOaJgQu.exe
  2⤵
  PID:9456
- C:\Windows\System\tqQzulc.exe
  C:\Windows\System\tqQzulc.exe
  2⤵
  PID:9616
- C:\Windows\System\TVzNzac.exe
  C:\Windows\System\TVzNzac.exe
  2⤵
  PID:9688
- C:\Windows\System\MdZjCKH.exe
  C:\Windows\System\MdZjCKH.exe
  2⤵
  PID:9716
- C:\Windows\System\WAudpGA.exe
  C:\Windows\System\WAudpGA.exe
  2⤵
  PID:9736
- C:\Windows\System\BhjNfeA.exe
  C:\Windows\System\BhjNfeA.exe
  2⤵
  PID:9752
- C:\Windows\System\BdLKEPy.exe
  C:\Windows\System\BdLKEPy.exe
  2⤵
  PID:9768
- C:\Windows\System\QiFHhlh.exe
  C:\Windows\System\QiFHhlh.exe
  2⤵
  PID:9788
- C:\Windows\System\YuCUpdd.exe
  C:\Windows\System\YuCUpdd.exe
  2⤵
  PID:9804
- C:\Windows\System\CdEzryd.exe
  C:\Windows\System\CdEzryd.exe
  2⤵
  PID:9820
- C:\Windows\System\YdSyFEj.exe
  C:\Windows\System\YdSyFEj.exe
  2⤵
  PID:9836
- C:\Windows\System\gzYodpB.exe
  C:\Windows\System\gzYodpB.exe
  2⤵
  PID:9852
- C:\Windows\System\CzheALc.exe
  C:\Windows\System\CzheALc.exe
  2⤵
  PID:9872
- C:\Windows\System\hqPubMs.exe
  C:\Windows\System\hqPubMs.exe
  2⤵
  PID:9888
- C:\Windows\System\XcYOKBH.exe
  C:\Windows\System\XcYOKBH.exe
  2⤵
  PID:9912
- C:\Windows\System\RsEhSzg.exe
  C:\Windows\System\RsEhSzg.exe
  2⤵
  PID:9928
- C:\Windows\System\fFYlEbA.exe
  C:\Windows\System\fFYlEbA.exe
  2⤵
  PID:9944
- C:\Windows\System\HtCxith.exe
  C:\Windows\System\HtCxith.exe
  2⤵
  PID:9960
- C:\Windows\System\jlsNCik.exe
  C:\Windows\System\jlsNCik.exe
  2⤵
  PID:9976
- C:\Windows\System\UYLXKLR.exe
  C:\Windows\System\UYLXKLR.exe
  2⤵
  PID:9992
- C:\Windows\System\UIfgeJW.exe
  C:\Windows\System\UIfgeJW.exe
  2⤵
  PID:10008
- C:\Windows\System\dPcmLDX.exe
  C:\Windows\System\dPcmLDX.exe
  2⤵
  PID:10036
- C:\Windows\System\wqnaKsv.exe
  C:\Windows\System\wqnaKsv.exe
  2⤵
  PID:10052
- C:\Windows\System\lTByXPy.exe
  C:\Windows\System\lTByXPy.exe
  2⤵
  PID:10072
- C:\Windows\System\qJZLGje.exe
  C:\Windows\System\qJZLGje.exe
  2⤵
  PID:10092
- C:\Windows\System\oRzBBNf.exe
  C:\Windows\System\oRzBBNf.exe
  2⤵
  PID:10108
- C:\Windows\System\GpKZOJE.exe
  C:\Windows\System\GpKZOJE.exe
  2⤵
  PID:10124
- C:\Windows\System\PJwPsVK.exe
  C:\Windows\System\PJwPsVK.exe
  2⤵
  PID:10140
- C:\Windows\System\JrxLWoQ.exe
  C:\Windows\System\JrxLWoQ.exe
  2⤵
  PID:10160
- C:\Windows\System\Fedobvd.exe
  C:\Windows\System\Fedobvd.exe
  2⤵
  PID:10180
- C:\Windows\System\soIMDIg.exe
  C:\Windows\System\soIMDIg.exe
  2⤵
  PID:10196
- C:\Windows\System\CDAAWyb.exe
  C:\Windows\System\CDAAWyb.exe
  2⤵
  PID:10216
- C:\Windows\System\qvWFjxs.exe
  C:\Windows\System\qvWFjxs.exe
  2⤵
  PID:9248
- C:\Windows\System\qwHPgav.exe
  C:\Windows\System\qwHPgav.exe
  2⤵
  PID:9464
- C:\Windows\System\sTUqpuc.exe
  C:\Windows\System\sTUqpuc.exe
  2⤵
  PID:9416
- C:\Windows\System\piZQxnt.exe
  C:\Windows\System\piZQxnt.exe
  2⤵
  PID:9488
- C:\Windows\System\hprJzeu.exe
  C:\Windows\System\hprJzeu.exe
  2⤵
  PID:9504
- C:\Windows\System\bmnAedu.exe
  C:\Windows\System\bmnAedu.exe
  2⤵
  PID:9524
- C:\Windows\System\mcsTVmT.exe
  C:\Windows\System\mcsTVmT.exe
  2⤵
  PID:9664
- C:\Windows\System\csBJKGD.exe
  C:\Windows\System\csBJKGD.exe
  2⤵
  PID:9648
- C:\Windows\System\aCWWjIi.exe
  C:\Windows\System\aCWWjIi.exe
  2⤵
  PID:9540
- C:\Windows\System\VQrAfeI.exe
  C:\Windows\System\VQrAfeI.exe
  2⤵
  PID:9596
- C:\Windows\System\GKzbTcy.exe
  C:\Windows\System\GKzbTcy.exe
  2⤵
  PID:9512
- C:\Windows\System\UnOEixY.exe
  C:\Windows\System\UnOEixY.exe
  2⤵
  PID:9864
- C:\Windows\System\nzbPIgg.exe
  C:\Windows\System\nzbPIgg.exe
  2⤵
  PID:10120
- C:\Windows\System\DkCnhov.exe
  C:\Windows\System\DkCnhov.exe
  2⤵
  PID:9264
- C:\Windows\System\xhowLfn.exe
  C:\Windows\System\xhowLfn.exe
  2⤵
  PID:9412
- C:\Windows\System\FSrCtSE.exe
  C:\Windows\System\FSrCtSE.exe
  2⤵
  PID:9644
- C:\Windows\System\ORKdCAR.exe
  C:\Windows\System\ORKdCAR.exe
  2⤵
  PID:9580
- C:\Windows\System\oDnqUQq.exe
  C:\Windows\System\oDnqUQq.exe
  2⤵
  PID:9560
- C:\Windows\System\UDJsTux.exe
  C:\Windows\System\UDJsTux.exe
  2⤵
  PID:9608
- C:\Windows\System\LBqJmTF.exe
  C:\Windows\System\LBqJmTF.exe
  2⤵
  PID:9884
- C:\Windows\System\uekeDZX.exe
  C:\Windows\System\uekeDZX.exe
  2⤵
  PID:9848
- C:\Windows\System\AwxAYYg.exe
  C:\Windows\System\AwxAYYg.exe
  2⤵
  PID:9780
- C:\Windows\System\tuatWbe.exe
  C:\Windows\System\tuatWbe.exe
  2⤵
  PID:9704
- C:\Windows\System\QhfSStc.exe
  C:\Windows\System\QhfSStc.exe
  2⤵
  PID:9828
- C:\Windows\System\lPpVotA.exe
  C:\Windows\System\lPpVotA.exe
  2⤵
  PID:10020
- C:\Windows\System\YgBNGCS.exe
  C:\Windows\System\YgBNGCS.exe
  2⤵
  PID:10000
- C:\Windows\System\UFvMqqw.exe
  C:\Windows\System\UFvMqqw.exe
  2⤵
  PID:9940
- C:\Windows\System\RkgzpPZ.exe
  C:\Windows\System\RkgzpPZ.exe
  2⤵
  PID:9904
- C:\Windows\System\AfwjkCe.exe
  C:\Windows\System\AfwjkCe.exe
  2⤵
  PID:9764
- C:\Windows\System\pLlOKnc.exe
  C:\Windows\System\pLlOKnc.exe
  2⤵
  PID:10064
- C:\Windows\System\kqjdqal.exe
  C:\Windows\System\kqjdqal.exe
  2⤵
  PID:10060
- C:\Windows\System\UILASKt.exe
  C:\Windows\System\UILASKt.exe
  2⤵
  PID:10136
- C:\Windows\System\sXCoutw.exe
  C:\Windows\System\sXCoutw.exe
  2⤵
  PID:10104
- C:\Windows\System\KAsHBSm.exe
  C:\Windows\System\KAsHBSm.exe
  2⤵
  PID:10148
- C:\Windows\System\RmVFbZR.exe
  C:\Windows\System\RmVFbZR.exe
  2⤵
  PID:10188
- C:\Windows\System\PenISKa.exe
  C:\Windows\System\PenISKa.exe
  2⤵
  PID:10236
- C:\Windows\System\GsxDDBc.exe
  C:\Windows\System\GsxDDBc.exe
  2⤵
  PID:9220
- C:\Windows\System\wbhVklE.exe
  C:\Windows\System\wbhVklE.exe
  2⤵
  PID:9256
- C:\Windows\System\EmsgONl.exe
  C:\Windows\System\EmsgONl.exe
  2⤵
  PID:9368
- C:\Windows\System\HvVbced.exe
  C:\Windows\System\HvVbced.exe
  2⤵
  PID:9436
- C:\Windows\System\gQhkYpU.exe
  C:\Windows\System\gQhkYpU.exe
  2⤵
  PID:8256
- C:\Windows\System\iRrHFHq.exe
  C:\Windows\System\iRrHFHq.exe
  2⤵
  PID:9316
- C:\Windows\System\NfJkgrn.exe
  C:\Windows\System\NfJkgrn.exe
  2⤵
  PID:10212
- C:\Windows\System\IJahZkI.exe
  C:\Windows\System\IJahZkI.exe
  2⤵
  PID:1008
- C:\Windows\System\YMBZkGG.exe
  C:\Windows\System\YMBZkGG.exe
  2⤵
  PID:9312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BBkxvPW.exe

Filesize
6.0MB

MD5
d122ee505b373e5621aca2d3c84929e2

SHA1
def5c389c2010a33471e7d6b4cb442f1a0dcc5a7

SHA256
a9976a9197ff2e65c7e1747252a21bc42686824b8cab02e43cf4e4f98a23e53c

SHA512
92272fb961004706129bc420abe75ef74830efa25be21d373d215714c7ee47d97dbd7a98572a6d8ddbb0d2ad7c8458940cd09896f5f4e501216ace4de1274155

Download Submit
C:\Windows\system\DMEdGFF.exe

Filesize
6.0MB

MD5
b1a523b1ff0318ff124d5d49af7dcb54

SHA1
34bc07668cbc75fea46e7bb868b1e9aaa5e597b0

SHA256
d2d45014f4731596273ce356aee7658216b547117a3c68cd199a384a56dc48b6

SHA512
742b488a96c0cbc67532e1e0cee3cdcc0fa7540cc1e330b4ac6cd2e3b0724dbb1e8403e2b0f724f4ae93998382acafe226add37a89ef9377df6ae9978a6874a2

Download Submit
C:\Windows\system\DuaFKCS.exe

Filesize
6.0MB

MD5
2311668c485ce1b4606ce53ec7ae3bf4

SHA1
4600d1af17a1d5ee09f42933870b6021ccc3105a

SHA256
8f6b6ad4aa0e155ae338ef40d8356f1b9f3c2bbacf9fc75a3ed4a492b49d9ce3

SHA512
f260a61bcf8a3f701b19e30a99a53a9ef0c608f548079cdbd637c19d7318787640ddd5c7d786bda1650a665659bb566dec89bef4f22f0acc18f21e2b3a9b10ae

Download Submit
C:\Windows\system\JCveEgr.exe

Filesize
6.0MB

MD5
ffc645667a4d0f4a895d2a44af750bd0

SHA1
3bf3935c97b0cc53331d682e66614a9294fc89ef

SHA256
c9ea7ae02a1d6aefa227a4c30bdce8c45b5ea81452ae242e247ce196b8d1ade0

SHA512
08458374c01438397bdb8a2078030bfc53e0970e389ff0fab74218d1e3ac8ca39cfcaedcb503a47a4e3b6ba3d2161aef6abd5e0ef1d90bd4b6202e011c3ddcdc

Download Submit
C:\Windows\system\KnWUqxF.exe

Filesize
6.0MB

MD5
c25b66ddb8e9f754f4208f86f35bf52d

SHA1
a0a22efedef46595ae84af3448dbbb98849aed18

SHA256
2e05632a53a689e810a8e17019f6cf28cfb6abaaf4ed8f586b71e35acc99ec6d

SHA512
a4ef77ca059809ac46ba23814e233abea1ce8b148f3bcbe1bd8a77dbf00fa2ad75277553d7dbc05d3ab46f31e8d8aa18e46d483b1cff117fc6f3eeeb20cccdfc

Download Submit
C:\Windows\system\LQIULSm.exe

Filesize
6.0MB

MD5
844181b9d16f106a8b79216b347541df

SHA1
f627a2a47f03738229fc32771c806132910f2a5e

SHA256
6beaa681451878fa21eba2eaf19608bbd3ff647784b3b96db715d3d3ec0d36e4

SHA512
0f45d8b167bcfa161261a326ba77d17cbe83e86e62a98d25cb6268d7923c8b4ae574e124ac255f0003eddd86e059017ce8f6d96727359e05d227ee0cd1e59cda

Download Submit
C:\Windows\system\MpHVLqA.exe

Filesize
6.0MB

MD5
aef3480c0001ea30afc0d3ad8367d4f1

SHA1
23f02e25b11d93d390f998d24e7ee0e6a29a5d78

SHA256
704a1031301818fe6669a3b7ff3b64b3438969d1d7e68c5155feeb69c2c61c05

SHA512
02bddd5488629505352673d23651fb22b28b8a87ab93870cbf38d94a2353acd9f2e011868b4cf9ce713b39889a15940b1e139bdb51640d4a105609f4148b36b3

Download Submit
C:\Windows\system\MtTrfJq.exe

Filesize
6.0MB

MD5
874af5b6fc70c2b1951a91a2335ab454

SHA1
61e5c23a01b704ed5944fb17f892a83843af4101

SHA256
3e1d308117b4538d4e4f293f7471b7a377a0482398b2d81c4fcc749a52d8e7e1

SHA512
f7fde4d0e7b149ea1f7a708d07e05d1dc49084707fcd1eb46743f7465964cc2ab4b5b4f0dbeadc5a75960ab18e18333796b0aff5730d06339cdc5be09971b3a4

Download Submit
C:\Windows\system\NCWxrDW.exe

Filesize
6.0MB

MD5
970f63c8c77ce39fa8a9b96f589e8013

SHA1
f076ad905c12ec5b8017e2615a9d403dfa88f386

SHA256
f63d82a56bd147c41a4afed5ef0bf3041b890d38e8d9bcf8e27ad92f06794160

SHA512
828540e5e6328c8692cf44774b593ae93c1ef33f4491e1ff791887ae8773dbd361def587e6f1e787f0c40fa99d255db3d5c7e1daa869cf8b3ce1d9f38631581f

Download Submit
C:\Windows\system\NJiTmzE.exe

Filesize
6.0MB

MD5
836bdd0e3d0896325989fa9986c4ab8d

SHA1
8394e8b23207967e0e2ec6076f0e0841c50565bc

SHA256
ea66563f7b9569945d96c694255dc8c679c10637c9e8bc1cc57d1b778e4b05b4

SHA512
ab5cec5c49d11e9570b5b9e853b5ccf01b7d2b0c78d338bc7f4a6adca125aca777fc44f599909f2cdec2209d542c24f122eb916cd104430023041db802eda101

Download Submit
C:\Windows\system\TsNJnoc.exe

Filesize
6.0MB

MD5
c4e5c9873c5b27349d36feb2f28e26b4

SHA1
81eb0bbf3c0f65f5c84c544e04a2b50b3d6223ac

SHA256
8889f1faa1d15060d4bfe459d853c3abbca0b06545bea9371ebfc8eb354b4592

SHA512
00f5cb0d294b77fbaebda328dd774f5c01fb0c05e0e8b75e07dd0f367eddeeee896472579d49863ebf067fe81ba7597724bca19be04e3613ee1af27580d18e48

Download Submit
C:\Windows\system\aAwGeDQ.exe

Filesize
6.0MB

MD5
20607e6f38bbf4fed865fd9fce182a47

SHA1
0877aa33f68bc6ce2c2cc2069474cf7e02364ed0

SHA256
4413afb86f956b7c01a8f40ef12fab619563af014952006f7d457948ae4f05b5

SHA512
d1cb5880ec2d3e87a5c09acfd3a6295c5296aa3633fbfbe38907c1e54df439212e6f7977e337c370b895eba1e7dfda747912bedeb108bca4c81396db3c92cd85

Download Submit
C:\Windows\system\aPClyme.exe

Filesize
6.0MB

MD5
5dd025f0f08e56bd5235904c5edeaee0

SHA1
de3c5f12a32972b1e338a4e9ee90bb7cd1998ad5

SHA256
fbb9465b5d92a2bae208edc43fcec7f7e49efa0a124908b0abf4f86a6485eff5

SHA512
493b3ad3079e2f0938fc428c8e17edf9294eecbcd35348600123270e7f01cc096e76733c94d991e26250d6a39022a15c95f50cc596f4d6117840ed8f85a7fd76

Download Submit
C:\Windows\system\eqABBgb.exe

Filesize
6.0MB

MD5
e0afa32a8927f8a00f44312d7ccb76d7

SHA1
f412959c9309da9261058b369002dbda3be55213

SHA256
a9227990b7f69b49ed5df6be15a8516770033140344d8eb9916668b46aa63100

SHA512
00060c11060453bf370f5b3ca47c895d7ef3e88121b7194d998ebecb712e8c043bb65cccc4e25dbe7df136c16c17920ad6fe5e93e2ba8fedfd685da82e8bb327

Download Submit
C:\Windows\system\ftXuQOH.exe

Filesize
6.0MB

MD5
4f390f992508412f121f05320bf74d0b

SHA1
58ea13f29c9aa1a149854e2103f037398fe13ccf

SHA256
9b7b84e691b171e8106d74a7fa0e52c765335222f5b3d4a558aae762487529df

SHA512
c95d0dc655c9761fe0e415095421c202188b6dcdbd4e7617d78aa936b497c647b568fb78c2c3e93d0693ae645bccc2e610ee214965d44651126ab7a4bfaf532c

Download Submit
C:\Windows\system\hPrccWb.exe

Filesize
6.0MB

MD5
b0e7afb05117dfa50e30cab97d76f2e3

SHA1
ed3d35d04de04f5a25db561ea4c5714a5277c599

SHA256
955280041aad8b64bf69ad969812472eaf1563851a7c68c4aac620b946f2f870

SHA512
b37ba92868c969eca75e4db40cc0b3f5b6a260a4ff8bf713991a3cfb1f23a089ad091d2d4bd2cd505fcac0e8199182d91e9576ee9bde0b3b41fc5bae644039c1

Download Submit
C:\Windows\system\iTCxQch.exe

Filesize
6.0MB

MD5
feb85b70aa82e587c15a09fd299d5d6e

SHA1
1c23e157a4e9063dabc2717cbbd7da0bbce6b8d5

SHA256
dfe373b333dc912f8933d67c6d72c91caaa50f2414cb697457e37903e0ec4734

SHA512
bbdbef517a80ed088d304e37d1bb2ed381eda51dcbf94cd415465905a6962ee5443cb5eda27c2031d1b3a932d9f6d10c52ce35dc9f08911192772d637028c257

Download Submit
C:\Windows\system\lRndZYj.exe

Filesize
6.0MB

MD5
1615e12d8da161d4e9a44e435fae98ae

SHA1
5dff00918ed30468f871060baf9458559239674d

SHA256
27f32cdb3ad45179d89212ce98c18cabda9bd3d986c42a160ec38da8c35d6e85

SHA512
7951565002e7f25e669f6ecd9476c9f3bec4211ec17814827bc43ae61643eefc46d6480f593abcc7ff5e2a1cff64015573643b6d5e6e451950bdf94a8d95cc38

Download Submit
C:\Windows\system\qijqZWq.exe

Filesize
6.0MB

MD5
ab6f6d593af8e69c92519a44c62f0921

SHA1
ee5dca2f4aa5f646d28d18c88db32bad8e47e2a8

SHA256
d05bdd1aeed60d1fbc3d9a675dd26107f96c4a11666f6518843ae40c47c13b8f

SHA512
361c7ecd1cb553f5a1b6cf8cc8801a28e00466622f84a65dcd8340387aded265d3efc8c127166eebf6faa29ee0270353807ad3dfe43e5aba8ce90f1a395671bb

Download Submit
C:\Windows\system\tOudEvJ.exe

Filesize
6.0MB

MD5
a2420b87506fe392d997dd37dd99fa0b

SHA1
a977148a604bb505bd7868df3e12401b7612b773

SHA256
5a61feee8fa77ad671a6f96918387d1ceeb87b3929863f05d81c76dbbf662a55

SHA512
e4747ba1d01579cc5ee950fc4dfda3e2ed8d9fb1f2f5d1c0ff7c32062172da336d2f1d7277dca22c61ce1d38a771675beb26702f77ec3a4eaecd7268459a7eb4

Download Submit
C:\Windows\system\xTBJQaF.exe

Filesize
6.0MB

MD5
5c9a3c44ac21f2213793196ba22b0829

SHA1
1965206b3f095b1f4e48c207d5cde86d0c1092b7

SHA256
4c1f16dcde0ea268607edb90e0a7c6228aead1d596a1bf9e59f6f09a2ccb8ff7

SHA512
cfd615c397c751c0bddf6290f22074b9ef798d5460db2c0f8ccc1731f8fdc4bbb354120f07f7d68622a049ef9895833b7eb5b0f35d93aa5a0da7db1ee4d3c5ad

Download Submit
C:\Windows\system\yPxrZsZ.exe

Filesize
6.0MB

MD5
e422441d3b2f75b9640dbd4fda66786e

SHA1
e4e2c4145ad6e660581802f4719cddb0b94f03ab

SHA256
9cf2c2392b824db3179393fc6a65a72a98603c4d09b43b2e4eeb80352ea07745

SHA512
c117a800cfb36a4bd3797820a18ca611afc9705baecb4ac42e6d87425fe34aacf7bc951481fa023338cebae4f4f387eb55e7524968484242fe56e76fa2dfa9fd

Download Submit
C:\Windows\system\zUeJpNj.exe

Filesize
6.0MB

MD5
9ae8c99a20c2a28e3d3d97a93fd340ca

SHA1
e9cfaa8371eba55c224196fb8d6537080c96bfdf

SHA256
69ec99de86fdbc63cfb7188050a475d0ffc49c9239b49fb65d4cfbde5a77cd54

SHA512
3a9e4b6950e406a25d6ecb93d1aab9d941484cd1fc8a5168a91efc74d29e28744c0768d57dd26137c0ec9f3595e086e4f49462ece35624c971a79a0b66155030

Download Submit
\Windows\system\BJKUaDW.exe

Filesize
6.0MB

MD5
d5d7f0b7d6a51ed125ac4941c8d4c386

SHA1
2ec8ae323433a08a0c74ba537822c888ee1bd6de

SHA256
056ed2e0d429c7b777de048b0a3d23a747e91b7686ede3bf04540d8d3bab9b18

SHA512
50e284c75aff6997191589c255318bcbd379bb9c4a3e5503d2b24991000fb308885a220b72263e0e1e2c82234029864929c01302de745c66eae1e01bd1502c11

Download Submit
\Windows\system\EchfDUz.exe

Filesize
6.0MB

MD5
9ffbf4f15dce3ba089b3883850555ba4

SHA1
01b4df1c9801e67948ec169e96ec3072cb9815c5

SHA256
633d9b5aa5b5c04da2887b91ccdb8d7740d9a95a88d4f3053718d6420681b9f3

SHA512
30efedccce3f5be9f3684cbda8f94bf7bb0e37249849926d62da94f2d2c175e4824faf52e238c233df4cbdc3d0b0ae96908696dcb0a3ae24ffee69ec17391ea9

Download Submit
\Windows\system\MzztaYI.exe

Filesize
6.0MB

MD5
db8682bbfe3a33975c7542de8154d2c6

SHA1
bd2abc9e8d8c0b0c9e2c0f89d63eebb597b9edc5

SHA256
530e79dd77c7d054602cac3e9f2ad2db64e64903fdf940c44f6e5a628b148c34

SHA512
60c56686701cef2eb92093df60bc10a66bfd4b8286ebe0b2ef0a6e59cdc233617dacd723da251fc44581c215a839dc4a8fa44b34886fa62ee2646a4ccae60da8

Download Submit
\Windows\system\OvyenCZ.exe

Filesize
6.0MB

MD5
b28e5a1dd28e550eb2493132daba3d8f

SHA1
09e77e736add9e16e19da62478ea3fc90a9836d7

SHA256
b81ffdf4d3583d62a2118c38ea947acc9721d204b1a92b126e39d0f1e170eda9

SHA512
97eda1be77be9d34df6d8853464b92334f0b3cd8846a3a39660fb8707fae4acdff668f634b35e00a29dbf0b182f27728d2acc03bbc8a97d9fc82a0232d7f9c7f

Download Submit
\Windows\system\ViPBwqZ.exe

Filesize
6.0MB

MD5
d5ead3277b144e8b0184afbe5377ec9a

SHA1
3a2711018f1f385e419bb25f67b66048e034dd1b

SHA256
70cfc4fc05e9fff2a606bf7f521e75ecb692c13cd3cf4ce08c101be91fbbd9cb

SHA512
b7b6c68c2c0ba044884f3015265187a0b005f89847830553acbebf18c1b112d180361bbf602a502155e00668ab93da9417af97b95408fda3f8bd8345631bdd74

Download Submit
\Windows\system\bHLztFi.exe

Filesize
6.0MB

MD5
6a96c381b20d3d4414f4b4766bb64d4c

SHA1
3a9fd6f5a746857d88ed2ec21771c67101a4434d

SHA256
b175826d8c64eb91473dc730048b754f39b1b3cef45b9c14baeff4120a6b7220

SHA512
9a8bfdf8ebdf2d393f48eaa6902187510a3936bf0927513a4d6f11ecdfed817de77cc4410f0f72d5ee8f5b1bbe33a1559430ee4e0244c05e755d67a26e33fc21

Download Submit
\Windows\system\krpitJJ.exe

Filesize
6.0MB

MD5
a9ce111cf383c219a1d895620a58af78

SHA1
7433fe1e1f93b4c65ad5ed4368246b1e2017a86f

SHA256
62234452c877d3af797c4d79fd34a75650464f09eb4765d0eafe7bf4e00296fc

SHA512
c5e9632bcc00a51705dea9fd2f5e94e41825b6972f931479d5ee7c8a39d1c92f04df1e83e1ad32396c96a4505e062b7589526f8dd9b258ecbe493a19df84b98d

Download Submit
\Windows\system\tZmhHep.exe

Filesize
6.0MB

MD5
146a4a6fe3bd6a841bd1b9f82105f6ec

SHA1
d008bc522c8887e4239ce1afcfca2a975e776045

SHA256
4847de0acc20fa061c381df1f1d48776dad704922e6369668e0dc7d331e92300

SHA512
f7ff4fd1eb13abd54985d39fea4f6dd150f1dc9bd6a8cecab6ed51231b80e06c2d6f90cdd51b8e8f797022ee58e525ffa07df46d33a2b92542a3a387949a30f2

Download Submit
\Windows\system\ufGfbuj.exe

Filesize
6.0MB

MD5
8f68d06759c229f1ef71a65ca9cc7a82

SHA1
e96ff0761c10bf066fb0579a59bb147af541d3a7

SHA256
f7111b8b26d6bab79b44dbea6b085b1c86cdf47f10edb36cbd0f23475bc9642e

SHA512
813bd9473eda0299ed4d869c6cbf65b2fb0e887a480d7e94baed5cde9f655dd4ccf22e9c1bf6f1f6f27a9e4d02bab254d0b8fba786c68c8d4933668118e0ef1a

Download Submit
\Windows\system\yZKEqtN.exe

Filesize
6.0MB

MD5
687846e35e94318dd46c3e58b4a068cb

SHA1
73aaf2ec723e1ad11ae2fcd9d89dddcfc7082466

SHA256
0f3aaedc4224ad5aebcadbd059457e3f510f202774536ebd16372e61d129bd68

SHA512
5c4bdd42724c4f7665c3b25e033ec70a2c598068d36738b356f7f0f6cdef6e572a4825e4794428408ca9174b9b7e7a3ddf8d5f0eff82fe8c6fec867afa2437f6

Download Submit
memory/852-168-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/852-3732-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1788-45-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/1788-701-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1788-106-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1788-164-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1788-163-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1788-454-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1788-166-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1788-182-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/1788-42-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1788-169-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/1788-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1788-0-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/1788-149-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/1788-82-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1788-141-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/1788-171-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1788-172-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1788-173-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1788-40-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/1788-21-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2368-167-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-3727-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-3798-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2428-68-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2484-38-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3751-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-162-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-148-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2700-3759-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2720-174-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3761-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3760-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2784-97-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3744-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2832-52-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2836-60-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3758-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2884-170-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3800-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download