cobaltstrike | 67e07f2e4376a5934e46bd3d8e29af42aa535436eb5affa25e3823569c1d7bc1

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26/09/2024, 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

04245eca5b96599f33f2220040920bed
SHA1

8b0db046daf7c8ee812f911f5ab10dfc5d4c2bb7
SHA256

67e07f2e4376a5934e46bd3d8e29af42aa535436eb5affa25e3823569c1d7bc1
SHA512

4aee8bef9fd55c00b6fa1e8e0cec3b751f41cd92b763038fee4dce00a4f444f563b25ce2755ad424925539dc29f8bd943c5a2474766748536ac9ed5184cda754
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUq:eOl56utgpPF8u/7q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0005000000010300-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c03-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c7c-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cb2-17.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cbc-26.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cd7-33.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019371-45.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e6-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948d-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-128.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-105.dat	cobalt_reflective_dll
behavioral1/files/0x003000000001678f-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f0-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d1-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a8-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-55.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019369-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cc4-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2220-0-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x0005000000010300-3.dat	xmrig
behavioral1/memory/2220-6-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c03-9.dat	xmrig
behavioral1/files/0x0008000000016c7c-11.dat	xmrig
behavioral1/files/0x0007000000016cb2-17.dat	xmrig
behavioral1/files/0x0007000000016cbc-26.dat	xmrig
behavioral1/files/0x0008000000016cd7-33.dat	xmrig
behavioral1/files/0x0005000000019371-45.dat	xmrig
behavioral1/files/0x00050000000193e6-75.dat	xmrig
behavioral1/files/0x000500000001948d-90.dat	xmrig
behavioral1/files/0x00050000000194e2-96.dat	xmrig
behavioral1/files/0x00050000000195c2-110.dat	xmrig
behavioral1/files/0x00050000000195c8-128.dat	xmrig
behavioral1/files/0x00050000000195ce-143.dat	xmrig
behavioral1/files/0x0005000000019624-155.dat	xmrig
behavioral1/memory/2832-1327-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2220-1211-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2528-511-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2200-509-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/1304-507-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2588-505-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2668-503-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2564-501-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2796-499-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2712-497-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2568-495-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2884-493-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2964-491-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2652-489-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2972-471-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2832-452-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x00050000000195e0-151.dat	xmrig
behavioral1/files/0x00050000000195d0-147.dat	xmrig
behavioral1/files/0x00050000000195cc-140.dat	xmrig
behavioral1/files/0x00050000000195ca-137.dat	xmrig
behavioral1/files/0x00050000000195c6-121.dat	xmrig
behavioral1/files/0x00050000000195c7-125.dat	xmrig
behavioral1/files/0x00050000000195c4-116.dat	xmrig
behavioral1/files/0x000500000001958b-105.dat	xmrig
behavioral1/files/0x003000000001678f-100.dat	xmrig
behavioral1/files/0x000500000001945c-85.dat	xmrig
behavioral1/files/0x00050000000193f0-80.dat	xmrig
behavioral1/files/0x00050000000193d1-70.dat	xmrig
behavioral1/files/0x00050000000193a8-65.dat	xmrig
behavioral1/files/0x000500000001938e-60.dat	xmrig
behavioral1/files/0x0005000000019382-55.dat	xmrig
behavioral1/files/0x000500000001937b-50.dat	xmrig
behavioral1/files/0x0005000000019369-40.dat	xmrig
behavioral1/files/0x0007000000016cc4-30.dat	xmrig
behavioral1/memory/2832-3967-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2568-3980-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2652-3981-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2712-3995-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2200-4007-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2588-3994-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2796-3993-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2564-3992-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2668-3991-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2972-3990-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2884-3989-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2528-4016-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/1304-4029-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2964-4037-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2832	KCYPwKF.exe
2972	CsdEIZH.exe
2652	apjjADW.exe
2964	ftlWeIF.exe
2884	zoIHNxR.exe
2568	dTbqZgx.exe
2712	HKbYSzz.exe
2796	pbvkKVn.exe
2564	UzMyNBV.exe
2668	zjNReQM.exe
2588	wkbKtLp.exe
1304	EoHZbgH.exe
2200	jnFszHh.exe
2528	BQZZsMY.exe
2800	lQpeftg.exe
2196	OUuVKfI.exe
2040	bPAMKKD.exe
2500	IKZKUhE.exe
2636	lWOvLqg.exe
2864	mlrzMLu.exe
2892	wFrHFuo.exe
580	rZrooQd.exe
1244	KlXQsAv.exe
600	sTHpSfI.exe
2336	GyEOlqq.exe
2316	kEGvyzt.exe
2236	zboZWzK.exe
1924	lFTwrHt.exe
2304	StJYlUb.exe
2164	zKmOYhg.exe
1720	EQtSKzo.exe
1424	fvBDMSs.exe
1388	iSMiHee.exe
2440	ogDuFqT.exe
796	JPGqjhZ.exe
1684	lqjvryI.exe
964	FPFpNvp.exe
1020	RVreJYm.exe
2436	cKrmVJg.exe
1140	bTqpZlD.exe
2204	cLmcBww.exe
1392	unELBYU.exe
1384	nBEOgGw.exe
2604	gaPkCvs.exe
888	HFoWwqJ.exe
2904	UDKFlKK.exe
572	wJEbOcc.exe
624	ZNoMvFa.exe
1268	rvQvPyT.exe
1008	bOKyATT.exe
784	CeSRBVa.exe
1556	VbeZgTX.exe
2072	GjktbSK.exe
3024	gPfLFcN.exe
1652	bbPYkds.exe
2044	HjlEhbb.exe
992	QaYweey.exe
352	mDhBeIG.exe
908	zWlZCbN.exe
1056	WyrhwtN.exe
1264	wxnxPpk.exe
1724	LDjbLsK.exe
2404	mZNvGHv.exe
2976	rqulECr.exe

Loads dropped DLL 64 IoCs

pid	Process
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2220-0-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x0005000000010300-3.dat	upx
behavioral1/files/0x0008000000016c03-9.dat	upx
behavioral1/files/0x0008000000016c7c-11.dat	upx
behavioral1/files/0x0007000000016cb2-17.dat	upx
behavioral1/files/0x0007000000016cbc-26.dat	upx
behavioral1/files/0x0008000000016cd7-33.dat	upx
behavioral1/files/0x0005000000019371-45.dat	upx
behavioral1/files/0x00050000000193e6-75.dat	upx
behavioral1/files/0x000500000001948d-90.dat	upx
behavioral1/files/0x00050000000194e2-96.dat	upx
behavioral1/files/0x00050000000195c2-110.dat	upx
behavioral1/files/0x00050000000195c8-128.dat	upx
behavioral1/files/0x00050000000195ce-143.dat	upx
behavioral1/files/0x0005000000019624-155.dat	upx
behavioral1/memory/2832-1327-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2220-1211-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2528-511-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2200-509-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/1304-507-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2588-505-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2668-503-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2564-501-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2796-499-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2712-497-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2568-495-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2884-493-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2964-491-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2652-489-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2972-471-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2832-452-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x00050000000195e0-151.dat	upx
behavioral1/files/0x00050000000195d0-147.dat	upx
behavioral1/files/0x00050000000195cc-140.dat	upx
behavioral1/files/0x00050000000195ca-137.dat	upx
behavioral1/files/0x00050000000195c6-121.dat	upx
behavioral1/files/0x00050000000195c7-125.dat	upx
behavioral1/files/0x00050000000195c4-116.dat	upx
behavioral1/files/0x000500000001958b-105.dat	upx
behavioral1/files/0x003000000001678f-100.dat	upx
behavioral1/files/0x000500000001945c-85.dat	upx
behavioral1/files/0x00050000000193f0-80.dat	upx
behavioral1/files/0x00050000000193d1-70.dat	upx
behavioral1/files/0x00050000000193a8-65.dat	upx
behavioral1/files/0x000500000001938e-60.dat	upx
behavioral1/files/0x0005000000019382-55.dat	upx
behavioral1/files/0x000500000001937b-50.dat	upx
behavioral1/files/0x0005000000019369-40.dat	upx
behavioral1/files/0x0007000000016cc4-30.dat	upx
behavioral1/memory/2832-3967-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2568-3980-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2652-3981-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2712-3995-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2200-4007-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2588-3994-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2796-3993-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2564-3992-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2668-3991-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2972-3990-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2884-3989-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2528-4016-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/1304-4029-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2964-4037-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bYvMjFw.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IxGjtoc.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ymlNMOx.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UJssZQj.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTSMrds.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QpYHZck.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EBgWymj.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cuMIOsQ.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQxUexb.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kphAcdb.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RRMsFes.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XlkLFUQ.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NuHwoUz.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aBjDVQX.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ssMacGy.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MJAhonW.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zICbEXk.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wejYMxm.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SROeaof.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RGaptGo.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmtWQlq.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YISbYRq.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BRnJaPm.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yCfKZVI.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DEGBzIO.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIqecSm.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IruoTok.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ANfNhjS.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GUGPcXD.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kXLGJjw.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wdWxWlQ.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfxLwfu.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lciVvjz.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iPHhiwg.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pJNqlgD.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\juxKGmQ.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kCyikxb.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CJptlLa.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqjKiSL.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TngoaBW.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rYOxDNV.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZaDfKAe.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NtFeSNe.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yLQASQU.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cKrmVJg.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\epomjmn.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PlEvsZr.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jGetrmt.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wopgOQo.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cwBeVGv.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYiANsh.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jRbsLxu.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TMctUGf.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYvLIyl.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWivxkq.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPGqjhZ.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hUOklFD.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EKheFYL.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXvJjCT.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iPCLOnb.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YgUhRzr.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XilgMFO.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mdFgmZV.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qOwlJYY.exe	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2832	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2220 wrote to memory of 2832	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2220 wrote to memory of 2832	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2220 wrote to memory of 2972	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2220 wrote to memory of 2972	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2220 wrote to memory of 2972	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2220 wrote to memory of 2652	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2220 wrote to memory of 2652	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2220 wrote to memory of 2652	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2220 wrote to memory of 2964	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2220 wrote to memory of 2964	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2220 wrote to memory of 2964	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2220 wrote to memory of 2884	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2220 wrote to memory of 2884	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2220 wrote to memory of 2884	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2220 wrote to memory of 2568	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2220 wrote to memory of 2568	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2220 wrote to memory of 2568	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2220 wrote to memory of 2712	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2220 wrote to memory of 2712	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2220 wrote to memory of 2712	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2220 wrote to memory of 2796	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2220 wrote to memory of 2796	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2220 wrote to memory of 2796	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2220 wrote to memory of 2564	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2220 wrote to memory of 2564	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2220 wrote to memory of 2564	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2220 wrote to memory of 2668	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2220 wrote to memory of 2668	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2220 wrote to memory of 2668	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2220 wrote to memory of 2588	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2220 wrote to memory of 2588	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2220 wrote to memory of 2588	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2220 wrote to memory of 1304	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2220 wrote to memory of 1304	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2220 wrote to memory of 1304	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2220 wrote to memory of 2200	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2220 wrote to memory of 2200	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2220 wrote to memory of 2200	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2220 wrote to memory of 2528	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2220 wrote to memory of 2528	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2220 wrote to memory of 2528	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2220 wrote to memory of 2800	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2220 wrote to memory of 2800	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2220 wrote to memory of 2800	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2220 wrote to memory of 2196	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2220 wrote to memory of 2196	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2220 wrote to memory of 2196	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2220 wrote to memory of 2040	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2220 wrote to memory of 2040	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2220 wrote to memory of 2040	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2220 wrote to memory of 2500	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2220 wrote to memory of 2500	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2220 wrote to memory of 2500	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2220 wrote to memory of 2636	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2220 wrote to memory of 2636	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2220 wrote to memory of 2636	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2220 wrote to memory of 2864	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2220 wrote to memory of 2864	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2220 wrote to memory of 2864	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2220 wrote to memory of 2892	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2220 wrote to memory of 2892	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2220 wrote to memory of 2892	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2220 wrote to memory of 580	2220	2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-26_04245eca5b96599f33f2220040920bed_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\System\KCYPwKF.exe
  C:\Windows\System\KCYPwKF.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\CsdEIZH.exe
  C:\Windows\System\CsdEIZH.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\apjjADW.exe
  C:\Windows\System\apjjADW.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\ftlWeIF.exe
  C:\Windows\System\ftlWeIF.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\zoIHNxR.exe
  C:\Windows\System\zoIHNxR.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\dTbqZgx.exe
  C:\Windows\System\dTbqZgx.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\HKbYSzz.exe
  C:\Windows\System\HKbYSzz.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\pbvkKVn.exe
  C:\Windows\System\pbvkKVn.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\UzMyNBV.exe
  C:\Windows\System\UzMyNBV.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\zjNReQM.exe
  C:\Windows\System\zjNReQM.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\wkbKtLp.exe
  C:\Windows\System\wkbKtLp.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\EoHZbgH.exe
  C:\Windows\System\EoHZbgH.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\jnFszHh.exe
  C:\Windows\System\jnFszHh.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\BQZZsMY.exe
  C:\Windows\System\BQZZsMY.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\lQpeftg.exe
  C:\Windows\System\lQpeftg.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\OUuVKfI.exe
  C:\Windows\System\OUuVKfI.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\bPAMKKD.exe
  C:\Windows\System\bPAMKKD.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\IKZKUhE.exe
  C:\Windows\System\IKZKUhE.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\lWOvLqg.exe
  C:\Windows\System\lWOvLqg.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\mlrzMLu.exe
  C:\Windows\System\mlrzMLu.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\wFrHFuo.exe
  C:\Windows\System\wFrHFuo.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\rZrooQd.exe
  C:\Windows\System\rZrooQd.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\KlXQsAv.exe
  C:\Windows\System\KlXQsAv.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\sTHpSfI.exe
  C:\Windows\System\sTHpSfI.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\GyEOlqq.exe
  C:\Windows\System\GyEOlqq.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\zboZWzK.exe
  C:\Windows\System\zboZWzK.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\kEGvyzt.exe
  C:\Windows\System\kEGvyzt.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\lFTwrHt.exe
  C:\Windows\System\lFTwrHt.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\StJYlUb.exe
  C:\Windows\System\StJYlUb.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\zKmOYhg.exe
  C:\Windows\System\zKmOYhg.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\EQtSKzo.exe
  C:\Windows\System\EQtSKzo.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\fvBDMSs.exe
  C:\Windows\System\fvBDMSs.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\iSMiHee.exe
  C:\Windows\System\iSMiHee.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\ogDuFqT.exe
  C:\Windows\System\ogDuFqT.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\JPGqjhZ.exe
  C:\Windows\System\JPGqjhZ.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\lqjvryI.exe
  C:\Windows\System\lqjvryI.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\FPFpNvp.exe
  C:\Windows\System\FPFpNvp.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\RVreJYm.exe
  C:\Windows\System\RVreJYm.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\cKrmVJg.exe
  C:\Windows\System\cKrmVJg.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\bTqpZlD.exe
  C:\Windows\System\bTqpZlD.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\cLmcBww.exe
  C:\Windows\System\cLmcBww.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\unELBYU.exe
  C:\Windows\System\unELBYU.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\nBEOgGw.exe
  C:\Windows\System\nBEOgGw.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\HFoWwqJ.exe
  C:\Windows\System\HFoWwqJ.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\gaPkCvs.exe
  C:\Windows\System\gaPkCvs.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\UDKFlKK.exe
  C:\Windows\System\UDKFlKK.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\wJEbOcc.exe
  C:\Windows\System\wJEbOcc.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\ZNoMvFa.exe
  C:\Windows\System\ZNoMvFa.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\rvQvPyT.exe
  C:\Windows\System\rvQvPyT.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\bOKyATT.exe
  C:\Windows\System\bOKyATT.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\CeSRBVa.exe
  C:\Windows\System\CeSRBVa.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\VbeZgTX.exe
  C:\Windows\System\VbeZgTX.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\GjktbSK.exe
  C:\Windows\System\GjktbSK.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\gPfLFcN.exe
  C:\Windows\System\gPfLFcN.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\bbPYkds.exe
  C:\Windows\System\bbPYkds.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\HjlEhbb.exe
  C:\Windows\System\HjlEhbb.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\QaYweey.exe
  C:\Windows\System\QaYweey.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\mDhBeIG.exe
  C:\Windows\System\mDhBeIG.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\zWlZCbN.exe
  C:\Windows\System\zWlZCbN.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\WyrhwtN.exe
  C:\Windows\System\WyrhwtN.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\wxnxPpk.exe
  C:\Windows\System\wxnxPpk.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\LDjbLsK.exe
  C:\Windows\System\LDjbLsK.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\mZNvGHv.exe
  C:\Windows\System\mZNvGHv.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\rqulECr.exe
  C:\Windows\System\rqulECr.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\HftaenL.exe
  C:\Windows\System\HftaenL.exe
  2⤵
  PID:1616
- C:\Windows\System\pycxsKC.exe
  C:\Windows\System\pycxsKC.exe
  2⤵
  PID:1704
- C:\Windows\System\wLdqDMm.exe
  C:\Windows\System\wLdqDMm.exe
  2⤵
  PID:2844
- C:\Windows\System\MpXFMKY.exe
  C:\Windows\System\MpXFMKY.exe
  2⤵
  PID:2184
- C:\Windows\System\tDGjxrC.exe
  C:\Windows\System\tDGjxrC.exe
  2⤵
  PID:2820
- C:\Windows\System\jUEGkGG.exe
  C:\Windows\System\jUEGkGG.exe
  2⤵
  PID:2572
- C:\Windows\System\phvrnjg.exe
  C:\Windows\System\phvrnjg.exe
  2⤵
  PID:2600
- C:\Windows\System\njPcddY.exe
  C:\Windows\System\njPcddY.exe
  2⤵
  PID:2560
- C:\Windows\System\BoGHfqH.exe
  C:\Windows\System\BoGHfqH.exe
  2⤵
  PID:2620
- C:\Windows\System\epomjmn.exe
  C:\Windows\System\epomjmn.exe
  2⤵
  PID:3056
- C:\Windows\System\tLxqkVg.exe
  C:\Windows\System\tLxqkVg.exe
  2⤵
  PID:268
- C:\Windows\System\yuOvlom.exe
  C:\Windows\System\yuOvlom.exe
  2⤵
  PID:2856
- C:\Windows\System\wuVtvKQ.exe
  C:\Windows\System\wuVtvKQ.exe
  2⤵
  PID:2996
- C:\Windows\System\SMZWTtg.exe
  C:\Windows\System\SMZWTtg.exe
  2⤵
  PID:1932
- C:\Windows\System\RoYvSrq.exe
  C:\Windows\System\RoYvSrq.exe
  2⤵
  PID:2096
- C:\Windows\System\VIGccKK.exe
  C:\Windows\System\VIGccKK.exe
  2⤵
  PID:2784
- C:\Windows\System\XOMZgNl.exe
  C:\Windows\System\XOMZgNl.exe
  2⤵
  PID:2772
- C:\Windows\System\HKxETVD.exe
  C:\Windows\System\HKxETVD.exe
  2⤵
  PID:2448
- C:\Windows\System\JcjaHDZ.exe
  C:\Windows\System\JcjaHDZ.exe
  2⤵
  PID:444
- C:\Windows\System\ilJtxKR.exe
  C:\Windows\System\ilJtxKR.exe
  2⤵
  PID:1764
- C:\Windows\System\pupQbGT.exe
  C:\Windows\System\pupQbGT.exe
  2⤵
  PID:1256
- C:\Windows\System\TkGlYgf.exe
  C:\Windows\System\TkGlYgf.exe
  2⤵
  PID:1696
- C:\Windows\System\bPCFmfB.exe
  C:\Windows\System\bPCFmfB.exe
  2⤵
  PID:2144
- C:\Windows\System\OhbDNhQ.exe
  C:\Windows\System\OhbDNhQ.exe
  2⤵
  PID:1240
- C:\Windows\System\CJptlLa.exe
  C:\Windows\System\CJptlLa.exe
  2⤵
  PID:1980
- C:\Windows\System\noNwsVw.exe
  C:\Windows\System\noNwsVw.exe
  2⤵
  PID:700
- C:\Windows\System\DnyORJA.exe
  C:\Windows\System\DnyORJA.exe
  2⤵
  PID:1672
- C:\Windows\System\yOtAWOa.exe
  C:\Windows\System\yOtAWOa.exe
  2⤵
  PID:272
- C:\Windows\System\LIqecSm.exe
  C:\Windows\System\LIqecSm.exe
  2⤵
  PID:1968
- C:\Windows\System\nlVQtlr.exe
  C:\Windows\System\nlVQtlr.exe
  2⤵
  PID:2268
- C:\Windows\System\RKeZhAX.exe
  C:\Windows\System\RKeZhAX.exe
  2⤵
  PID:2100
- C:\Windows\System\GMKaMXs.exe
  C:\Windows\System\GMKaMXs.exe
  2⤵
  PID:1940
- C:\Windows\System\idQWEuz.exe
  C:\Windows\System\idQWEuz.exe
  2⤵
  PID:652
- C:\Windows\System\OplZpwf.exe
  C:\Windows\System\OplZpwf.exe
  2⤵
  PID:2472
- C:\Windows\System\KEYvtpG.exe
  C:\Windows\System\KEYvtpG.exe
  2⤵
  PID:1752
- C:\Windows\System\QpYHZck.exe
  C:\Windows\System\QpYHZck.exe
  2⤵
  PID:3028
- C:\Windows\System\AEhNLIl.exe
  C:\Windows\System\AEhNLIl.exe
  2⤵
  PID:1756
- C:\Windows\System\CbyGwRz.exe
  C:\Windows\System\CbyGwRz.exe
  2⤵
  PID:1368
- C:\Windows\System\rpXXTey.exe
  C:\Windows\System\rpXXTey.exe
  2⤵
  PID:2960
- C:\Windows\System\gmdaBcR.exe
  C:\Windows\System\gmdaBcR.exe
  2⤵
  PID:1048
- C:\Windows\System\kkFToKz.exe
  C:\Windows\System\kkFToKz.exe
  2⤵
  PID:3004
- C:\Windows\System\WtwvIDR.exe
  C:\Windows\System\WtwvIDR.exe
  2⤵
  PID:592
- C:\Windows\System\taEmNhN.exe
  C:\Windows\System\taEmNhN.exe
  2⤵
  PID:2824
- C:\Windows\System\iPDqzju.exe
  C:\Windows\System\iPDqzju.exe
  2⤵
  PID:2648
- C:\Windows\System\EBgWymj.exe
  C:\Windows\System\EBgWymj.exe
  2⤵
  PID:2684
- C:\Windows\System\tjzTtPA.exe
  C:\Windows\System\tjzTtPA.exe
  2⤵
  PID:2076
- C:\Windows\System\FnqeMxG.exe
  C:\Windows\System\FnqeMxG.exe
  2⤵
  PID:564
- C:\Windows\System\SdWGXGy.exe
  C:\Windows\System\SdWGXGy.exe
  2⤵
  PID:2980
- C:\Windows\System\dwGAkId.exe
  C:\Windows\System\dwGAkId.exe
  2⤵
  PID:1376
- C:\Windows\System\tNpqXXm.exe
  C:\Windows\System\tNpqXXm.exe
  2⤵
  PID:2816
- C:\Windows\System\VbHKAWM.exe
  C:\Windows\System\VbHKAWM.exe
  2⤵
  PID:2420
- C:\Windows\System\bxHLbNk.exe
  C:\Windows\System\bxHLbNk.exe
  2⤵
  PID:2940
- C:\Windows\System\tMDxjUU.exe
  C:\Windows\System\tMDxjUU.exe
  2⤵
  PID:1052
- C:\Windows\System\uPRlhgH.exe
  C:\Windows\System\uPRlhgH.exe
  2⤵
  PID:328
- C:\Windows\System\pJXrcJH.exe
  C:\Windows\System\pJXrcJH.exe
  2⤵
  PID:2284
- C:\Windows\System\FdljLNg.exe
  C:\Windows\System\FdljLNg.exe
  2⤵
  PID:288
- C:\Windows\System\AJSByLH.exe
  C:\Windows\System\AJSByLH.exe
  2⤵
  PID:1552
- C:\Windows\System\ntLMabc.exe
  C:\Windows\System\ntLMabc.exe
  2⤵
  PID:1944
- C:\Windows\System\DqrczGj.exe
  C:\Windows\System\DqrczGj.exe
  2⤵
  PID:1472
- C:\Windows\System\sbdksdP.exe
  C:\Windows\System\sbdksdP.exe
  2⤵
  PID:1732
- C:\Windows\System\QyslqrY.exe
  C:\Windows\System\QyslqrY.exe
  2⤵
  PID:1608
- C:\Windows\System\DyssZei.exe
  C:\Windows\System\DyssZei.exe
  2⤵
  PID:1172
- C:\Windows\System\tFdmguy.exe
  C:\Windows\System\tFdmguy.exe
  2⤵
  PID:2852
- C:\Windows\System\TngoaBW.exe
  C:\Windows\System\TngoaBW.exe
  2⤵
  PID:2172
- C:\Windows\System\BEUCOGz.exe
  C:\Windows\System\BEUCOGz.exe
  2⤵
  PID:2004
- C:\Windows\System\yliZEzu.exe
  C:\Windows\System\yliZEzu.exe
  2⤵
  PID:584
- C:\Windows\System\nnjoZfj.exe
  C:\Windows\System\nnjoZfj.exe
  2⤵
  PID:3076
- C:\Windows\System\EBmZRTT.exe
  C:\Windows\System\EBmZRTT.exe
  2⤵
  PID:3092
- C:\Windows\System\SUrehdx.exe
  C:\Windows\System\SUrehdx.exe
  2⤵
  PID:3108
- C:\Windows\System\yodOilz.exe
  C:\Windows\System\yodOilz.exe
  2⤵
  PID:3124
- C:\Windows\System\MEMOOVX.exe
  C:\Windows\System\MEMOOVX.exe
  2⤵
  PID:3140
- C:\Windows\System\GhhLBMy.exe
  C:\Windows\System\GhhLBMy.exe
  2⤵
  PID:3156
- C:\Windows\System\utVxTxU.exe
  C:\Windows\System\utVxTxU.exe
  2⤵
  PID:3172
- C:\Windows\System\HEmlNHu.exe
  C:\Windows\System\HEmlNHu.exe
  2⤵
  PID:3188
- C:\Windows\System\oEGxLio.exe
  C:\Windows\System\oEGxLio.exe
  2⤵
  PID:3204
- C:\Windows\System\VjlBlWZ.exe
  C:\Windows\System\VjlBlWZ.exe
  2⤵
  PID:3220
- C:\Windows\System\XMRzbgV.exe
  C:\Windows\System\XMRzbgV.exe
  2⤵
  PID:3236
- C:\Windows\System\uXTKfos.exe
  C:\Windows\System\uXTKfos.exe
  2⤵
  PID:3252
- C:\Windows\System\EgkCzvE.exe
  C:\Windows\System\EgkCzvE.exe
  2⤵
  PID:3268
- C:\Windows\System\PlumytC.exe
  C:\Windows\System\PlumytC.exe
  2⤵
  PID:3284
- C:\Windows\System\PgsytCb.exe
  C:\Windows\System\PgsytCb.exe
  2⤵
  PID:3300
- C:\Windows\System\MzHWede.exe
  C:\Windows\System\MzHWede.exe
  2⤵
  PID:3316
- C:\Windows\System\vVwISkX.exe
  C:\Windows\System\vVwISkX.exe
  2⤵
  PID:3332
- C:\Windows\System\nJMYITu.exe
  C:\Windows\System\nJMYITu.exe
  2⤵
  PID:3348
- C:\Windows\System\BFKARmE.exe
  C:\Windows\System\BFKARmE.exe
  2⤵
  PID:3364
- C:\Windows\System\AmiHvOR.exe
  C:\Windows\System\AmiHvOR.exe
  2⤵
  PID:3380
- C:\Windows\System\dVzGWxC.exe
  C:\Windows\System\dVzGWxC.exe
  2⤵
  PID:3396
- C:\Windows\System\POGXnPW.exe
  C:\Windows\System\POGXnPW.exe
  2⤵
  PID:3412
- C:\Windows\System\GJDhuIA.exe
  C:\Windows\System\GJDhuIA.exe
  2⤵
  PID:3428
- C:\Windows\System\WasTNKQ.exe
  C:\Windows\System\WasTNKQ.exe
  2⤵
  PID:3444
- C:\Windows\System\IDNIQjx.exe
  C:\Windows\System\IDNIQjx.exe
  2⤵
  PID:3460
- C:\Windows\System\oOEwzLS.exe
  C:\Windows\System\oOEwzLS.exe
  2⤵
  PID:3476
- C:\Windows\System\PzPefnK.exe
  C:\Windows\System\PzPefnK.exe
  2⤵
  PID:3492
- C:\Windows\System\nLWjrnc.exe
  C:\Windows\System\nLWjrnc.exe
  2⤵
  PID:3508
- C:\Windows\System\HJEgDmR.exe
  C:\Windows\System\HJEgDmR.exe
  2⤵
  PID:3524
- C:\Windows\System\jXiRtYu.exe
  C:\Windows\System\jXiRtYu.exe
  2⤵
  PID:3540
- C:\Windows\System\eUlDTPj.exe
  C:\Windows\System\eUlDTPj.exe
  2⤵
  PID:3560
- C:\Windows\System\CHqmdNj.exe
  C:\Windows\System\CHqmdNj.exe
  2⤵
  PID:3576
- C:\Windows\System\IqhOzMD.exe
  C:\Windows\System\IqhOzMD.exe
  2⤵
  PID:3592
- C:\Windows\System\emKDozW.exe
  C:\Windows\System\emKDozW.exe
  2⤵
  PID:3608
- C:\Windows\System\iGErhfm.exe
  C:\Windows\System\iGErhfm.exe
  2⤵
  PID:3624
- C:\Windows\System\bqunNPP.exe
  C:\Windows\System\bqunNPP.exe
  2⤵
  PID:3640
- C:\Windows\System\BbFMvMD.exe
  C:\Windows\System\BbFMvMD.exe
  2⤵
  PID:3656
- C:\Windows\System\zbTyIbg.exe
  C:\Windows\System\zbTyIbg.exe
  2⤵
  PID:3672
- C:\Windows\System\pQMrZFR.exe
  C:\Windows\System\pQMrZFR.exe
  2⤵
  PID:3688
- C:\Windows\System\gNYWUmn.exe
  C:\Windows\System\gNYWUmn.exe
  2⤵
  PID:3704
- C:\Windows\System\hQHUesA.exe
  C:\Windows\System\hQHUesA.exe
  2⤵
  PID:3720
- C:\Windows\System\NgMnkWC.exe
  C:\Windows\System\NgMnkWC.exe
  2⤵
  PID:3736
- C:\Windows\System\KNXCudc.exe
  C:\Windows\System\KNXCudc.exe
  2⤵
  PID:3752
- C:\Windows\System\mSNnzjh.exe
  C:\Windows\System\mSNnzjh.exe
  2⤵
  PID:3768
- C:\Windows\System\OhwxUgX.exe
  C:\Windows\System\OhwxUgX.exe
  2⤵
  PID:3784
- C:\Windows\System\AbXTAyQ.exe
  C:\Windows\System\AbXTAyQ.exe
  2⤵
  PID:3800
- C:\Windows\System\zIlqUMe.exe
  C:\Windows\System\zIlqUMe.exe
  2⤵
  PID:3816
- C:\Windows\System\BRnJaPm.exe
  C:\Windows\System\BRnJaPm.exe
  2⤵
  PID:3832
- C:\Windows\System\DOztcuv.exe
  C:\Windows\System\DOztcuv.exe
  2⤵
  PID:3852
- C:\Windows\System\KfpPlgN.exe
  C:\Windows\System\KfpPlgN.exe
  2⤵
  PID:3992
- C:\Windows\System\qMmcPiw.exe
  C:\Windows\System\qMmcPiw.exe
  2⤵
  PID:4012
- C:\Windows\System\SkHTeUg.exe
  C:\Windows\System\SkHTeUg.exe
  2⤵
  PID:1064
- C:\Windows\System\neETJHG.exe
  C:\Windows\System\neETJHG.exe
  2⤵
  PID:1612
- C:\Windows\System\MAYcCTG.exe
  C:\Windows\System\MAYcCTG.exe
  2⤵
  PID:2548
- C:\Windows\System\cIpTBqg.exe
  C:\Windows\System\cIpTBqg.exe
  2⤵
  PID:2192
- C:\Windows\System\fYkRxCi.exe
  C:\Windows\System\fYkRxCi.exe
  2⤵
  PID:2928
- C:\Windows\System\RnLZYaC.exe
  C:\Windows\System\RnLZYaC.exe
  2⤵
  PID:3120
- C:\Windows\System\aDhaTPV.exe
  C:\Windows\System\aDhaTPV.exe
  2⤵
  PID:3132
- C:\Windows\System\XlkLFUQ.exe
  C:\Windows\System\XlkLFUQ.exe
  2⤵
  PID:3180
- C:\Windows\System\jklxwwZ.exe
  C:\Windows\System\jklxwwZ.exe
  2⤵
  PID:3244
- C:\Windows\System\JZBWlDY.exe
  C:\Windows\System\JZBWlDY.exe
  2⤵
  PID:3280
- C:\Windows\System\lLKmwAW.exe
  C:\Windows\System\lLKmwAW.exe
  2⤵
  PID:3228
- C:\Windows\System\jkXrQST.exe
  C:\Windows\System\jkXrQST.exe
  2⤵
  PID:3264
- C:\Windows\System\NuHwoUz.exe
  C:\Windows\System\NuHwoUz.exe
  2⤵
  PID:3372
- C:\Windows\System\FwXRfvq.exe
  C:\Windows\System\FwXRfvq.exe
  2⤵
  PID:3292
- C:\Windows\System\VJjdHNc.exe
  C:\Windows\System\VJjdHNc.exe
  2⤵
  PID:3356
- C:\Windows\System\ZHLTubA.exe
  C:\Windows\System\ZHLTubA.exe
  2⤵
  PID:3468
- C:\Windows\System\lUsXSir.exe
  C:\Windows\System\lUsXSir.exe
  2⤵
  PID:3388
- C:\Windows\System\zuCCPUG.exe
  C:\Windows\System\zuCCPUG.exe
  2⤵
  PID:3532
- C:\Windows\System\gkSIcDZ.exe
  C:\Windows\System\gkSIcDZ.exe
  2⤵
  PID:3484
- C:\Windows\System\CBFfJtE.exe
  C:\Windows\System\CBFfJtE.exe
  2⤵
  PID:3600
- C:\Windows\System\qRbvqkP.exe
  C:\Windows\System\qRbvqkP.exe
  2⤵
  PID:3664
- C:\Windows\System\djWviAN.exe
  C:\Windows\System\djWviAN.exe
  2⤵
  PID:3728
- C:\Windows\System\MoCkbuq.exe
  C:\Windows\System\MoCkbuq.exe
  2⤵
  PID:3516
- C:\Windows\System\IHsZPHO.exe
  C:\Windows\System\IHsZPHO.exe
  2⤵
  PID:3548
- C:\Windows\System\jypoHEj.exe
  C:\Windows\System\jypoHEj.exe
  2⤵
  PID:3792
- C:\Windows\System\IgNpiAN.exe
  C:\Windows\System\IgNpiAN.exe
  2⤵
  PID:3860
- C:\Windows\System\ugdKkjC.exe
  C:\Windows\System\ugdKkjC.exe
  2⤵
  PID:3880
- C:\Windows\System\HLeYYNz.exe
  C:\Windows\System\HLeYYNz.exe
  2⤵
  PID:3896
- C:\Windows\System\wiRGGJT.exe
  C:\Windows\System\wiRGGJT.exe
  2⤵
  PID:3912
- C:\Windows\System\ruXcNsn.exe
  C:\Windows\System\ruXcNsn.exe
  2⤵
  PID:3928
- C:\Windows\System\jVdvRJL.exe
  C:\Windows\System\jVdvRJL.exe
  2⤵
  PID:3952
- C:\Windows\System\QNWqEFu.exe
  C:\Windows\System\QNWqEFu.exe
  2⤵
  PID:3968
- C:\Windows\System\CwLJfSJ.exe
  C:\Windows\System\CwLJfSJ.exe
  2⤵
  PID:3980
- C:\Windows\System\HiAcRLj.exe
  C:\Windows\System\HiAcRLj.exe
  2⤵
  PID:4028
- C:\Windows\System\VHRiyNw.exe
  C:\Windows\System\VHRiyNw.exe
  2⤵
  PID:3712
- C:\Windows\System\aIbBism.exe
  C:\Windows\System\aIbBism.exe
  2⤵
  PID:3648
- C:\Windows\System\SefrTTJ.exe
  C:\Windows\System\SefrTTJ.exe
  2⤵
  PID:3840
- C:\Windows\System\qJvADEu.exe
  C:\Windows\System\qJvADEu.exe
  2⤵
  PID:4004
- C:\Windows\System\CKoqzeR.exe
  C:\Windows\System\CKoqzeR.exe
  2⤵
  PID:1952
- C:\Windows\System\AxzReBS.exe
  C:\Windows\System\AxzReBS.exe
  2⤵
  PID:2596
- C:\Windows\System\OpULwKF.exe
  C:\Windows\System\OpULwKF.exe
  2⤵
  PID:3084
- C:\Windows\System\wmQpOOP.exe
  C:\Windows\System\wmQpOOP.exe
  2⤵
  PID:3116
- C:\Windows\System\mzwGRQs.exe
  C:\Windows\System\mzwGRQs.exe
  2⤵
  PID:3168
- C:\Windows\System\OymwsOb.exe
  C:\Windows\System\OymwsOb.exe
  2⤵
  PID:3248
- C:\Windows\System\DyXSmJB.exe
  C:\Windows\System\DyXSmJB.exe
  2⤵
  PID:3324
- C:\Windows\System\pvNgFHS.exe
  C:\Windows\System\pvNgFHS.exe
  2⤵
  PID:3328
- C:\Windows\System\FwNjeML.exe
  C:\Windows\System\FwNjeML.exe
  2⤵
  PID:3440
- C:\Windows\System\yZeoXnQ.exe
  C:\Windows\System\yZeoXnQ.exe
  2⤵
  PID:3636
- C:\Windows\System\BUDskTC.exe
  C:\Windows\System\BUDskTC.exe
  2⤵
  PID:3616
- C:\Windows\System\klUqhwX.exe
  C:\Windows\System\klUqhwX.exe
  2⤵
  PID:3700
- C:\Windows\System\cNctoWc.exe
  C:\Windows\System\cNctoWc.exe
  2⤵
  PID:3764
- C:\Windows\System\GkZwVWL.exe
  C:\Windows\System\GkZwVWL.exe
  2⤵
  PID:3828
- C:\Windows\System\QXjrLBi.exe
  C:\Windows\System\QXjrLBi.exe
  2⤵
  PID:3892
- C:\Windows\System\wfUOPXk.exe
  C:\Windows\System\wfUOPXk.exe
  2⤵
  PID:3972
- C:\Windows\System\HNJRbWx.exe
  C:\Windows\System\HNJRbWx.exe
  2⤵
  PID:3960
- C:\Windows\System\abyliLi.exe
  C:\Windows\System\abyliLi.exe
  2⤵
  PID:4024
- C:\Windows\System\bsomngG.exe
  C:\Windows\System\bsomngG.exe
  2⤵
  PID:4112
- C:\Windows\System\cuMIOsQ.exe
  C:\Windows\System\cuMIOsQ.exe
  2⤵
  PID:4128
- C:\Windows\System\RjQXMjD.exe
  C:\Windows\System\RjQXMjD.exe
  2⤵
  PID:4144
- C:\Windows\System\FUpsVxm.exe
  C:\Windows\System\FUpsVxm.exe
  2⤵
  PID:4160
- C:\Windows\System\gzBKJHc.exe
  C:\Windows\System\gzBKJHc.exe
  2⤵
  PID:4176
- C:\Windows\System\COZbTOj.exe
  C:\Windows\System\COZbTOj.exe
  2⤵
  PID:4192
- C:\Windows\System\MJEOSZx.exe
  C:\Windows\System\MJEOSZx.exe
  2⤵
  PID:4208
- C:\Windows\System\RBIFroU.exe
  C:\Windows\System\RBIFroU.exe
  2⤵
  PID:4224
- C:\Windows\System\twrtivU.exe
  C:\Windows\System\twrtivU.exe
  2⤵
  PID:4240
- C:\Windows\System\FHurpyY.exe
  C:\Windows\System\FHurpyY.exe
  2⤵
  PID:4256
- C:\Windows\System\KkxBQtl.exe
  C:\Windows\System\KkxBQtl.exe
  2⤵
  PID:4272
- C:\Windows\System\vbZCdGD.exe
  C:\Windows\System\vbZCdGD.exe
  2⤵
  PID:4288
- C:\Windows\System\Aldlpxm.exe
  C:\Windows\System\Aldlpxm.exe
  2⤵
  PID:4304
- C:\Windows\System\RCfphQe.exe
  C:\Windows\System\RCfphQe.exe
  2⤵
  PID:4320
- C:\Windows\System\sSBGUza.exe
  C:\Windows\System\sSBGUza.exe
  2⤵
  PID:4336
- C:\Windows\System\jpPDUll.exe
  C:\Windows\System\jpPDUll.exe
  2⤵
  PID:4352
- C:\Windows\System\CyQjWVr.exe
  C:\Windows\System\CyQjWVr.exe
  2⤵
  PID:4368
- C:\Windows\System\VQTzXFR.exe
  C:\Windows\System\VQTzXFR.exe
  2⤵
  PID:4384
- C:\Windows\System\ZguWLWD.exe
  C:\Windows\System\ZguWLWD.exe
  2⤵
  PID:4400
- C:\Windows\System\Wwvtwwy.exe
  C:\Windows\System\Wwvtwwy.exe
  2⤵
  PID:4416
- C:\Windows\System\iQTJJwa.exe
  C:\Windows\System\iQTJJwa.exe
  2⤵
  PID:4432
- C:\Windows\System\FjngCOt.exe
  C:\Windows\System\FjngCOt.exe
  2⤵
  PID:4448
- C:\Windows\System\ukYioYx.exe
  C:\Windows\System\ukYioYx.exe
  2⤵
  PID:4464
- C:\Windows\System\RTHzSMR.exe
  C:\Windows\System\RTHzSMR.exe
  2⤵
  PID:4480
- C:\Windows\System\FEkVhJN.exe
  C:\Windows\System\FEkVhJN.exe
  2⤵
  PID:4496
- C:\Windows\System\qgReKNH.exe
  C:\Windows\System\qgReKNH.exe
  2⤵
  PID:4512
- C:\Windows\System\hVTsIRC.exe
  C:\Windows\System\hVTsIRC.exe
  2⤵
  PID:4528
- C:\Windows\System\TVXiNXr.exe
  C:\Windows\System\TVXiNXr.exe
  2⤵
  PID:4544
- C:\Windows\System\bDbMwBh.exe
  C:\Windows\System\bDbMwBh.exe
  2⤵
  PID:4560
- C:\Windows\System\RXRklYP.exe
  C:\Windows\System\RXRklYP.exe
  2⤵
  PID:4576
- C:\Windows\System\DJcknPv.exe
  C:\Windows\System\DJcknPv.exe
  2⤵
  PID:4592
- C:\Windows\System\rYOxDNV.exe
  C:\Windows\System\rYOxDNV.exe
  2⤵
  PID:4608
- C:\Windows\System\wpxyUid.exe
  C:\Windows\System\wpxyUid.exe
  2⤵
  PID:4624
- C:\Windows\System\TAvNvjg.exe
  C:\Windows\System\TAvNvjg.exe
  2⤵
  PID:4640
- C:\Windows\System\MBsNTlv.exe
  C:\Windows\System\MBsNTlv.exe
  2⤵
  PID:4656
- C:\Windows\System\PlEvsZr.exe
  C:\Windows\System\PlEvsZr.exe
  2⤵
  PID:4672
- C:\Windows\System\pLyFZgB.exe
  C:\Windows\System\pLyFZgB.exe
  2⤵
  PID:4688
- C:\Windows\System\aCmvVoA.exe
  C:\Windows\System\aCmvVoA.exe
  2⤵
  PID:4704
- C:\Windows\System\EkzXkJS.exe
  C:\Windows\System\EkzXkJS.exe
  2⤵
  PID:4720
- C:\Windows\System\cjSKOpd.exe
  C:\Windows\System\cjSKOpd.exe
  2⤵
  PID:4736
- C:\Windows\System\fWeoiDF.exe
  C:\Windows\System\fWeoiDF.exe
  2⤵
  PID:4752
- C:\Windows\System\ZaDfKAe.exe
  C:\Windows\System\ZaDfKAe.exe
  2⤵
  PID:4768
- C:\Windows\System\aLeYNqw.exe
  C:\Windows\System\aLeYNqw.exe
  2⤵
  PID:4784
- C:\Windows\System\lefSApn.exe
  C:\Windows\System\lefSApn.exe
  2⤵
  PID:4800
- C:\Windows\System\dAFeozX.exe
  C:\Windows\System\dAFeozX.exe
  2⤵
  PID:4816
- C:\Windows\System\bJcfeIh.exe
  C:\Windows\System\bJcfeIh.exe
  2⤵
  PID:4832
- C:\Windows\System\whlQxCn.exe
  C:\Windows\System\whlQxCn.exe
  2⤵
  PID:4848
- C:\Windows\System\IImbuKU.exe
  C:\Windows\System\IImbuKU.exe
  2⤵
  PID:4864
- C:\Windows\System\nKbDPkV.exe
  C:\Windows\System\nKbDPkV.exe
  2⤵
  PID:4880
- C:\Windows\System\yQMtEHn.exe
  C:\Windows\System\yQMtEHn.exe
  2⤵
  PID:4896
- C:\Windows\System\DRCWOkY.exe
  C:\Windows\System\DRCWOkY.exe
  2⤵
  PID:4912
- C:\Windows\System\ikFlzzB.exe
  C:\Windows\System\ikFlzzB.exe
  2⤵
  PID:4932
- C:\Windows\System\cTbgmZM.exe
  C:\Windows\System\cTbgmZM.exe
  2⤵
  PID:4948
- C:\Windows\System\oYdZMGa.exe
  C:\Windows\System\oYdZMGa.exe
  2⤵
  PID:4964
- C:\Windows\System\IlBZRGf.exe
  C:\Windows\System\IlBZRGf.exe
  2⤵
  PID:4980
- C:\Windows\System\bCbjiSz.exe
  C:\Windows\System\bCbjiSz.exe
  2⤵
  PID:4996
- C:\Windows\System\yGqmhlN.exe
  C:\Windows\System\yGqmhlN.exe
  2⤵
  PID:5012
- C:\Windows\System\HicNxeS.exe
  C:\Windows\System\HicNxeS.exe
  2⤵
  PID:5028
- C:\Windows\System\nVAqssh.exe
  C:\Windows\System\nVAqssh.exe
  2⤵
  PID:5044
- C:\Windows\System\TrfdChw.exe
  C:\Windows\System\TrfdChw.exe
  2⤵
  PID:5060
- C:\Windows\System\KOkXrDv.exe
  C:\Windows\System\KOkXrDv.exe
  2⤵
  PID:5076
- C:\Windows\System\IANhEWl.exe
  C:\Windows\System\IANhEWl.exe
  2⤵
  PID:5092
- C:\Windows\System\aBjDVQX.exe
  C:\Windows\System\aBjDVQX.exe
  2⤵
  PID:5108
- C:\Windows\System\kCnqecC.exe
  C:\Windows\System\kCnqecC.exe
  2⤵
  PID:3680
- C:\Windows\System\IfpTljl.exe
  C:\Windows\System\IfpTljl.exe
  2⤵
  PID:3776
- C:\Windows\System\KQxUexb.exe
  C:\Windows\System\KQxUexb.exe
  2⤵
  PID:3104
- C:\Windows\System\YgUhRzr.exe
  C:\Windows\System\YgUhRzr.exe
  2⤵
  PID:3136
- C:\Windows\System\UonDRwq.exe
  C:\Windows\System\UonDRwq.exe
  2⤵
  PID:3504
- C:\Windows\System\VPVeVOq.exe
  C:\Windows\System\VPVeVOq.exe
  2⤵
  PID:3260
- C:\Windows\System\vEknzOo.exe
  C:\Windows\System\vEknzOo.exe
  2⤵
  PID:3568
- C:\Windows\System\DWlPAMZ.exe
  C:\Windows\System\DWlPAMZ.exe
  2⤵
  PID:3760
- C:\Windows\System\jLsZgZu.exe
  C:\Windows\System\jLsZgZu.exe
  2⤵
  PID:3824
- C:\Windows\System\MHYVIHX.exe
  C:\Windows\System\MHYVIHX.exe
  2⤵
  PID:3956
- C:\Windows\System\XDJYvvR.exe
  C:\Windows\System\XDJYvvR.exe
  2⤵
  PID:4108
- C:\Windows\System\WXqXHSB.exe
  C:\Windows\System\WXqXHSB.exe
  2⤵
  PID:4140
- C:\Windows\System\fOqBMoG.exe
  C:\Windows\System\fOqBMoG.exe
  2⤵
  PID:4172
- C:\Windows\System\wcBYhzi.exe
  C:\Windows\System\wcBYhzi.exe
  2⤵
  PID:4232
- C:\Windows\System\GLJvHDX.exe
  C:\Windows\System\GLJvHDX.exe
  2⤵
  PID:4184
- C:\Windows\System\OeHeuEm.exe
  C:\Windows\System\OeHeuEm.exe
  2⤵
  PID:4248
- C:\Windows\System\CPyWTio.exe
  C:\Windows\System\CPyWTio.exe
  2⤵
  PID:4280
- C:\Windows\System\nDDqCfx.exe
  C:\Windows\System\nDDqCfx.exe
  2⤵
  PID:4312
- C:\Windows\System\ksGcgSN.exe
  C:\Windows\System\ksGcgSN.exe
  2⤵
  PID:4364
- C:\Windows\System\HulVRwi.exe
  C:\Windows\System\HulVRwi.exe
  2⤵
  PID:4348
- C:\Windows\System\gwFjGbE.exe
  C:\Windows\System\gwFjGbE.exe
  2⤵
  PID:4408
- C:\Windows\System\xYiANsh.exe
  C:\Windows\System\xYiANsh.exe
  2⤵
  PID:4460
- C:\Windows\System\fjyWcNK.exe
  C:\Windows\System\fjyWcNK.exe
  2⤵
  PID:4492
- C:\Windows\System\WzTLblJ.exe
  C:\Windows\System\WzTLblJ.exe
  2⤵
  PID:4476
- C:\Windows\System\MNtWHtn.exe
  C:\Windows\System\MNtWHtn.exe
  2⤵
  PID:4536
- C:\Windows\System\gkdkVCj.exe
  C:\Windows\System\gkdkVCj.exe
  2⤵
  PID:4568
- C:\Windows\System\JZWzPDM.exe
  C:\Windows\System\JZWzPDM.exe
  2⤵
  PID:4620
- C:\Windows\System\zICbEXk.exe
  C:\Windows\System\zICbEXk.exe
  2⤵
  PID:4652
- C:\Windows\System\gkxxDmN.exe
  C:\Windows\System\gkxxDmN.exe
  2⤵
  PID:4684
- C:\Windows\System\aDCPmpI.exe
  C:\Windows\System\aDCPmpI.exe
  2⤵
  PID:4716
- C:\Windows\System\epAPlhz.exe
  C:\Windows\System\epAPlhz.exe
  2⤵
  PID:4700
- C:\Windows\System\WVfgxte.exe
  C:\Windows\System\WVfgxte.exe
  2⤵
  PID:4780
- C:\Windows\System\pSscrGZ.exe
  C:\Windows\System\pSscrGZ.exe
  2⤵
  PID:4812
- C:\Windows\System\VfONTRq.exe
  C:\Windows\System\VfONTRq.exe
  2⤵
  PID:4824
- C:\Windows\System\rjShzzr.exe
  C:\Windows\System\rjShzzr.exe
  2⤵
  PID:4876
- C:\Windows\System\ILRftzu.exe
  C:\Windows\System\ILRftzu.exe
  2⤵
  PID:4904
- C:\Windows\System\jugGXvW.exe
  C:\Windows\System\jugGXvW.exe
  2⤵
  PID:4944
- C:\Windows\System\FOWGVrr.exe
  C:\Windows\System\FOWGVrr.exe
  2⤵
  PID:4920
- C:\Windows\System\WnPpgIZ.exe
  C:\Windows\System\WnPpgIZ.exe
  2⤵
  PID:4988
- C:\Windows\System\ZfKItnp.exe
  C:\Windows\System\ZfKItnp.exe
  2⤵
  PID:5040
- C:\Windows\System\WScmBLh.exe
  C:\Windows\System\WScmBLh.exe
  2⤵
  PID:5024
- C:\Windows\System\gjFDTKQ.exe
  C:\Windows\System\gjFDTKQ.exe
  2⤵
  PID:3652
- C:\Windows\System\LySqZiN.exe
  C:\Windows\System\LySqZiN.exe
  2⤵
  PID:5084
- C:\Windows\System\pYyIkft.exe
  C:\Windows\System\pYyIkft.exe
  2⤵
  PID:5088
- C:\Windows\System\aRhrAMz.exe
  C:\Windows\System\aRhrAMz.exe
  2⤵
  PID:3808
- C:\Windows\System\RPjsOwv.exe
  C:\Windows\System\RPjsOwv.exe
  2⤵
  PID:3888
- C:\Windows\System\eKAFqEQ.exe
  C:\Windows\System\eKAFqEQ.exe
  2⤵
  PID:3976
- C:\Windows\System\CIrGskN.exe
  C:\Windows\System\CIrGskN.exe
  2⤵
  PID:3696
- C:\Windows\System\ShwwBWn.exe
  C:\Windows\System\ShwwBWn.exe
  2⤵
  PID:4220
- C:\Windows\System\bTcoETU.exe
  C:\Windows\System\bTcoETU.exe
  2⤵
  PID:4156
- C:\Windows\System\IVmDgWT.exe
  C:\Windows\System\IVmDgWT.exe
  2⤵
  PID:4168
- C:\Windows\System\qcnQeIZ.exe
  C:\Windows\System\qcnQeIZ.exe
  2⤵
  PID:4268
- C:\Windows\System\WBNgJFf.exe
  C:\Windows\System\WBNgJFf.exe
  2⤵
  PID:4472
- C:\Windows\System\CSKpbNZ.exe
  C:\Windows\System\CSKpbNZ.exe
  2⤵
  PID:4648
- C:\Windows\System\lgXwLBf.exe
  C:\Windows\System\lgXwLBf.exe
  2⤵
  PID:4424
- C:\Windows\System\yGGSnSf.exe
  C:\Windows\System\yGGSnSf.exe
  2⤵
  PID:4552
- C:\Windows\System\PZvVkpU.exe
  C:\Windows\System\PZvVkpU.exe
  2⤵
  PID:4792
- C:\Windows\System\rTRZAIS.exe
  C:\Windows\System\rTRZAIS.exe
  2⤵
  PID:4508
- C:\Windows\System\abpEMph.exe
  C:\Windows\System\abpEMph.exe
  2⤵
  PID:5132
- C:\Windows\System\EmnGgKT.exe
  C:\Windows\System\EmnGgKT.exe
  2⤵
  PID:5148
- C:\Windows\System\cjWqZtD.exe
  C:\Windows\System\cjWqZtD.exe
  2⤵
  PID:5164
- C:\Windows\System\mrZJLpE.exe
  C:\Windows\System\mrZJLpE.exe
  2⤵
  PID:5180
- C:\Windows\System\PbRMWIT.exe
  C:\Windows\System\PbRMWIT.exe
  2⤵
  PID:5196
- C:\Windows\System\GBbFQLc.exe
  C:\Windows\System\GBbFQLc.exe
  2⤵
  PID:5212
- C:\Windows\System\RMsySCW.exe
  C:\Windows\System\RMsySCW.exe
  2⤵
  PID:5228
- C:\Windows\System\NtGAajE.exe
  C:\Windows\System\NtGAajE.exe
  2⤵
  PID:5244
- C:\Windows\System\Exndhxa.exe
  C:\Windows\System\Exndhxa.exe
  2⤵
  PID:5260
- C:\Windows\System\FbjKpak.exe
  C:\Windows\System\FbjKpak.exe
  2⤵
  PID:5276
- C:\Windows\System\KjFXDJE.exe
  C:\Windows\System\KjFXDJE.exe
  2⤵
  PID:5296
- C:\Windows\System\fkhJwYZ.exe
  C:\Windows\System\fkhJwYZ.exe
  2⤵
  PID:5312
- C:\Windows\System\bkhuuJH.exe
  C:\Windows\System\bkhuuJH.exe
  2⤵
  PID:5328
- C:\Windows\System\aSaskpL.exe
  C:\Windows\System\aSaskpL.exe
  2⤵
  PID:5344
- C:\Windows\System\uHAwwRc.exe
  C:\Windows\System\uHAwwRc.exe
  2⤵
  PID:5360
- C:\Windows\System\XilgMFO.exe
  C:\Windows\System\XilgMFO.exe
  2⤵
  PID:5376
- C:\Windows\System\NXWtXCR.exe
  C:\Windows\System\NXWtXCR.exe
  2⤵
  PID:5392
- C:\Windows\System\bqCNuev.exe
  C:\Windows\System\bqCNuev.exe
  2⤵
  PID:5408
- C:\Windows\System\AEAhNQH.exe
  C:\Windows\System\AEAhNQH.exe
  2⤵
  PID:5424
- C:\Windows\System\lYXpdFo.exe
  C:\Windows\System\lYXpdFo.exe
  2⤵
  PID:5440
- C:\Windows\System\flXIcFh.exe
  C:\Windows\System\flXIcFh.exe
  2⤵
  PID:5456
- C:\Windows\System\oxyjbnt.exe
  C:\Windows\System\oxyjbnt.exe
  2⤵
  PID:5472
- C:\Windows\System\vnLIPuf.exe
  C:\Windows\System\vnLIPuf.exe
  2⤵
  PID:5488
- C:\Windows\System\bUoZUbt.exe
  C:\Windows\System\bUoZUbt.exe
  2⤵
  PID:5504
- C:\Windows\System\oWnivfF.exe
  C:\Windows\System\oWnivfF.exe
  2⤵
  PID:5520
- C:\Windows\System\sPkOkFN.exe
  C:\Windows\System\sPkOkFN.exe
  2⤵
  PID:5536
- C:\Windows\System\WvrBrkC.exe
  C:\Windows\System\WvrBrkC.exe
  2⤵
  PID:5552
- C:\Windows\System\umlnusa.exe
  C:\Windows\System\umlnusa.exe
  2⤵
  PID:5568
- C:\Windows\System\TFcfbbP.exe
  C:\Windows\System\TFcfbbP.exe
  2⤵
  PID:5584
- C:\Windows\System\nOWazUt.exe
  C:\Windows\System\nOWazUt.exe
  2⤵
  PID:5600
- C:\Windows\System\FhHbfla.exe
  C:\Windows\System\FhHbfla.exe
  2⤵
  PID:5628
- C:\Windows\System\DvjvzQR.exe
  C:\Windows\System\DvjvzQR.exe
  2⤵
  PID:5644
- C:\Windows\System\geoVHQE.exe
  C:\Windows\System\geoVHQE.exe
  2⤵
  PID:5660
- C:\Windows\System\ngtwQgy.exe
  C:\Windows\System\ngtwQgy.exe
  2⤵
  PID:5676
- C:\Windows\System\pjlpkLz.exe
  C:\Windows\System\pjlpkLz.exe
  2⤵
  PID:5692
- C:\Windows\System\HVxVrRI.exe
  C:\Windows\System\HVxVrRI.exe
  2⤵
  PID:5708
- C:\Windows\System\SticwFP.exe
  C:\Windows\System\SticwFP.exe
  2⤵
  PID:5724
- C:\Windows\System\hFvlldB.exe
  C:\Windows\System\hFvlldB.exe
  2⤵
  PID:5740
- C:\Windows\System\oesZQja.exe
  C:\Windows\System\oesZQja.exe
  2⤵
  PID:5756
- C:\Windows\System\PVUQpzS.exe
  C:\Windows\System\PVUQpzS.exe
  2⤵
  PID:5772
- C:\Windows\System\jFHCsth.exe
  C:\Windows\System\jFHCsth.exe
  2⤵
  PID:5788
- C:\Windows\System\aGtXsYh.exe
  C:\Windows\System\aGtXsYh.exe
  2⤵
  PID:5804
- C:\Windows\System\YEtGESI.exe
  C:\Windows\System\YEtGESI.exe
  2⤵
  PID:5820
- C:\Windows\System\DSFiACb.exe
  C:\Windows\System\DSFiACb.exe
  2⤵
  PID:5836
- C:\Windows\System\pdwVcDY.exe
  C:\Windows\System\pdwVcDY.exe
  2⤵
  PID:5852
- C:\Windows\System\SlWexCz.exe
  C:\Windows\System\SlWexCz.exe
  2⤵
  PID:5868
- C:\Windows\System\nbCIjmn.exe
  C:\Windows\System\nbCIjmn.exe
  2⤵
  PID:5884
- C:\Windows\System\CkpcejJ.exe
  C:\Windows\System\CkpcejJ.exe
  2⤵
  PID:5900
- C:\Windows\System\RKvOlFP.exe
  C:\Windows\System\RKvOlFP.exe
  2⤵
  PID:5916
- C:\Windows\System\yWifbcb.exe
  C:\Windows\System\yWifbcb.exe
  2⤵
  PID:5932
- C:\Windows\System\mnwtSRi.exe
  C:\Windows\System\mnwtSRi.exe
  2⤵
  PID:5948
- C:\Windows\System\IZHdgnT.exe
  C:\Windows\System\IZHdgnT.exe
  2⤵
  PID:5964
- C:\Windows\System\TKTFpYh.exe
  C:\Windows\System\TKTFpYh.exe
  2⤵
  PID:5980
- C:\Windows\System\wzXdOIF.exe
  C:\Windows\System\wzXdOIF.exe
  2⤵
  PID:5996
- C:\Windows\System\CYNzMez.exe
  C:\Windows\System\CYNzMez.exe
  2⤵
  PID:6012
- C:\Windows\System\vExhTTe.exe
  C:\Windows\System\vExhTTe.exe
  2⤵
  PID:6028
- C:\Windows\System\yxNpuuK.exe
  C:\Windows\System\yxNpuuK.exe
  2⤵
  PID:6044
- C:\Windows\System\IBEVnrX.exe
  C:\Windows\System\IBEVnrX.exe
  2⤵
  PID:6060
- C:\Windows\System\TOeTIdY.exe
  C:\Windows\System\TOeTIdY.exe
  2⤵
  PID:6076
- C:\Windows\System\yjslPpy.exe
  C:\Windows\System\yjslPpy.exe
  2⤵
  PID:6092
- C:\Windows\System\MBNKpXp.exe
  C:\Windows\System\MBNKpXp.exe
  2⤵
  PID:6108
- C:\Windows\System\dywVHjO.exe
  C:\Windows\System\dywVHjO.exe
  2⤵
  PID:6124
- C:\Windows\System\dNSJfXV.exe
  C:\Windows\System\dNSJfXV.exe
  2⤵
  PID:6140
- C:\Windows\System\Bsmoidr.exe
  C:\Windows\System\Bsmoidr.exe
  2⤵
  PID:5036
- C:\Windows\System\uQHgwSm.exe
  C:\Windows\System\uQHgwSm.exe
  2⤵
  PID:5056
- C:\Windows\System\sJlBgrq.exe
  C:\Windows\System\sJlBgrq.exe
  2⤵
  PID:4200
- C:\Windows\System\txeFHvG.exe
  C:\Windows\System\txeFHvG.exe
  2⤵
  PID:4264
- C:\Windows\System\txhLXLT.exe
  C:\Windows\System\txhLXLT.exe
  2⤵
  PID:4636
- C:\Windows\System\DogBvia.exe
  C:\Windows\System\DogBvia.exe
  2⤵
  PID:4444
- C:\Windows\System\FsAxSMN.exe
  C:\Windows\System\FsAxSMN.exe
  2⤵
  PID:5140
- C:\Windows\System\vvsJrXj.exe
  C:\Windows\System\vvsJrXj.exe
  2⤵
  PID:4808
- C:\Windows\System\ampSUZe.exe
  C:\Windows\System\ampSUZe.exe
  2⤵
  PID:5236
- C:\Windows\System\GNiydqj.exe
  C:\Windows\System\GNiydqj.exe
  2⤵
  PID:5304
- C:\Windows\System\ooVKKhG.exe
  C:\Windows\System\ooVKKhG.exe
  2⤵
  PID:5368
- C:\Windows\System\ACEHPfm.exe
  C:\Windows\System\ACEHPfm.exe
  2⤵
  PID:4940
- C:\Windows\System\EzQKIDe.exe
  C:\Windows\System\EzQKIDe.exe
  2⤵
  PID:5052
- C:\Windows\System\ZapvSMu.exe
  C:\Windows\System\ZapvSMu.exe
  2⤵
  PID:5404
- C:\Windows\System\ZjdZvPl.exe
  C:\Windows\System\ZjdZvPl.exe
  2⤵
  PID:3344
- C:\Windows\System\MljJxtI.exe
  C:\Windows\System\MljJxtI.exe
  2⤵
  PID:5468
- C:\Windows\System\nRYdWYf.exe
  C:\Windows\System\nRYdWYf.exe
  2⤵
  PID:3940
- C:\Windows\System\LTbItnx.exe
  C:\Windows\System\LTbItnx.exe
  2⤵
  PID:4668
- C:\Windows\System\jwxVBbh.exe
  C:\Windows\System\jwxVBbh.exe
  2⤵
  PID:5532
- C:\Windows\System\cBHJEho.exe
  C:\Windows\System\cBHJEho.exe
  2⤵
  PID:5128
- C:\Windows\System\dOBRhmf.exe
  C:\Windows\System\dOBRhmf.exe
  2⤵
  PID:5192
- C:\Windows\System\JxUIWfU.exe
  C:\Windows\System\JxUIWfU.exe
  2⤵
  PID:5256
- C:\Windows\System\XjuFqvv.exe
  C:\Windows\System\XjuFqvv.exe
  2⤵
  PID:5564
- C:\Windows\System\iIcASuA.exe
  C:\Windows\System\iIcASuA.exe
  2⤵
  PID:5640
- C:\Windows\System\LoaJgQh.exe
  C:\Windows\System\LoaJgQh.exe
  2⤵
  PID:5512
- C:\Windows\System\UBkQAnz.exe
  C:\Windows\System\UBkQAnz.exe
  2⤵
  PID:5576
- C:\Windows\System\mJSLHim.exe
  C:\Windows\System\mJSLHim.exe
  2⤵
  PID:5324
- C:\Windows\System\xqjdtnO.exe
  C:\Windows\System\xqjdtnO.exe
  2⤵
  PID:5388
- C:\Windows\System\mNuQjTo.exe
  C:\Windows\System\mNuQjTo.exe
  2⤵
  PID:5624
- C:\Windows\System\BZReaZW.exe
  C:\Windows\System\BZReaZW.exe
  2⤵
  PID:5736
- C:\Windows\System\ZkPcKgP.exe
  C:\Windows\System\ZkPcKgP.exe
  2⤵
  PID:5768
- C:\Windows\System\MOEDsdq.exe
  C:\Windows\System\MOEDsdq.exe
  2⤵
  PID:5800
- C:\Windows\System\XyeeUYB.exe
  C:\Windows\System\XyeeUYB.exe
  2⤵
  PID:5832
- C:\Windows\System\vrWvEVf.exe
  C:\Windows\System\vrWvEVf.exe
  2⤵
  PID:4928
- C:\Windows\System\SGDUwei.exe
  C:\Windows\System\SGDUwei.exe
  2⤵
  PID:5956
- C:\Windows\System\DapqGuP.exe
  C:\Windows\System\DapqGuP.exe
  2⤵
  PID:5912
- C:\Windows\System\fcfKBAx.exe
  C:\Windows\System\fcfKBAx.exe
  2⤵
  PID:5844
- C:\Windows\System\vuKRIcp.exe
  C:\Windows\System\vuKRIcp.exe
  2⤵
  PID:5780
- C:\Windows\System\FkJbIDf.exe
  C:\Windows\System\FkJbIDf.exe
  2⤵
  PID:5988
- C:\Windows\System\qwMdQcs.exe
  C:\Windows\System\qwMdQcs.exe
  2⤵
  PID:5944
- C:\Windows\System\wejYMxm.exe
  C:\Windows\System\wejYMxm.exe
  2⤵
  PID:6052
- C:\Windows\System\vEsUUVX.exe
  C:\Windows\System\vEsUUVX.exe
  2⤵
  PID:6040
- C:\Windows\System\ykxOvZi.exe
  C:\Windows\System\ykxOvZi.exe
  2⤵
  PID:6088
- C:\Windows\System\EgnuHXF.exe
  C:\Windows\System\EgnuHXF.exe
  2⤵
  PID:6120
- C:\Windows\System\jMgYEkt.exe
  C:\Windows\System\jMgYEkt.exe
  2⤵
  PID:5004
- C:\Windows\System\CxEkwKA.exe
  C:\Windows\System\CxEkwKA.exe
  2⤵
  PID:3572
- C:\Windows\System\vbLkmTM.exe
  C:\Windows\System\vbLkmTM.exe
  2⤵
  PID:4428
- C:\Windows\System\VqGoKEN.exe
  C:\Windows\System\VqGoKEN.exe
  2⤵
  PID:4860
- C:\Windows\System\jRbsLxu.exe
  C:\Windows\System\jRbsLxu.exe
  2⤵
  PID:5208
- C:\Windows\System\DKlatOf.exe
  C:\Windows\System\DKlatOf.exe
  2⤵
  PID:4872
- C:\Windows\System\xntkKQu.exe
  C:\Windows\System\xntkKQu.exe
  2⤵
  PID:5268
- C:\Windows\System\WQYAGnM.exe
  C:\Windows\System\WQYAGnM.exe
  2⤵
  PID:5116
- C:\Windows\System\FPWgiDx.exe
  C:\Windows\System\FPWgiDx.exe
  2⤵
  PID:4204
- C:\Windows\System\HyWgpQL.exe
  C:\Windows\System\HyWgpQL.exe
  2⤵
  PID:5160
- C:\Windows\System\TlHdvVh.exe
  C:\Windows\System\TlHdvVh.exe
  2⤵
  PID:5464
- C:\Windows\System\UUhwoOd.exe
  C:\Windows\System\UUhwoOd.exe
  2⤵
  PID:5480
- C:\Windows\System\noToElH.exe
  C:\Windows\System\noToElH.exe
  2⤵
  PID:5420
- C:\Windows\System\wJdwiZg.exe
  C:\Windows\System\wJdwiZg.exe
  2⤵
  PID:5704
- C:\Windows\System\TgncUaa.exe
  C:\Windows\System\TgncUaa.exe
  2⤵
  PID:5124
- C:\Windows\System\sjFemas.exe
  C:\Windows\System\sjFemas.exe
  2⤵
  PID:5544
- C:\Windows\System\NBNnwAo.exe
  C:\Windows\System\NBNnwAo.exe
  2⤵
  PID:5684
- C:\Windows\System\Onpbggx.exe
  C:\Windows\System\Onpbggx.exe
  2⤵
  PID:5672
- C:\Windows\System\JSwYlPI.exe
  C:\Windows\System\JSwYlPI.exe
  2⤵
  PID:5960
- C:\Windows\System\yHBxaZU.exe
  C:\Windows\System\yHBxaZU.exe
  2⤵
  PID:6084
- C:\Windows\System\OEssGQn.exe
  C:\Windows\System\OEssGQn.exe
  2⤵
  PID:4396
- C:\Windows\System\JBmdfdz.exe
  C:\Windows\System\JBmdfdz.exe
  2⤵
  PID:5652
- C:\Windows\System\ROXeUwz.exe
  C:\Windows\System\ROXeUwz.exe
  2⤵
  PID:5896
- C:\Windows\System\KkvUXjM.exe
  C:\Windows\System\KkvUXjM.exe
  2⤵
  PID:5272
- C:\Windows\System\RFByPEf.exe
  C:\Windows\System\RFByPEf.exe
  2⤵
  PID:4456
- C:\Windows\System\SObUZjS.exe
  C:\Windows\System\SObUZjS.exe
  2⤵
  PID:6160
- C:\Windows\System\wMuBBXw.exe
  C:\Windows\System\wMuBBXw.exe
  2⤵
  PID:6176
- C:\Windows\System\cLzycsW.exe
  C:\Windows\System\cLzycsW.exe
  2⤵
  PID:6192
- C:\Windows\System\AUwQpQW.exe
  C:\Windows\System\AUwQpQW.exe
  2⤵
  PID:6208
- C:\Windows\System\ElqUgMc.exe
  C:\Windows\System\ElqUgMc.exe
  2⤵
  PID:6224
- C:\Windows\System\RWWYDwC.exe
  C:\Windows\System\RWWYDwC.exe
  2⤵
  PID:6240
- C:\Windows\System\LRxgJPu.exe
  C:\Windows\System\LRxgJPu.exe
  2⤵
  PID:6256
- C:\Windows\System\jQlSoRD.exe
  C:\Windows\System\jQlSoRD.exe
  2⤵
  PID:6272
- C:\Windows\System\ERYsanX.exe
  C:\Windows\System\ERYsanX.exe
  2⤵
  PID:6288
- C:\Windows\System\UHNczOJ.exe
  C:\Windows\System\UHNczOJ.exe
  2⤵
  PID:6304
- C:\Windows\System\PguFaNt.exe
  C:\Windows\System\PguFaNt.exe
  2⤵
  PID:6320
- C:\Windows\System\vIBGShc.exe
  C:\Windows\System\vIBGShc.exe
  2⤵
  PID:6336
- C:\Windows\System\OemOlhb.exe
  C:\Windows\System\OemOlhb.exe
  2⤵
  PID:6352
- C:\Windows\System\uXwgozh.exe
  C:\Windows\System\uXwgozh.exe
  2⤵
  PID:6368
- C:\Windows\System\QHImqUw.exe
  C:\Windows\System\QHImqUw.exe
  2⤵
  PID:6384
- C:\Windows\System\PBWHlcD.exe
  C:\Windows\System\PBWHlcD.exe
  2⤵
  PID:6400
- C:\Windows\System\RKMePwJ.exe
  C:\Windows\System\RKMePwJ.exe
  2⤵
  PID:6416
- C:\Windows\System\VhHbLSI.exe
  C:\Windows\System\VhHbLSI.exe
  2⤵
  PID:6432
- C:\Windows\System\bjIPqWG.exe
  C:\Windows\System\bjIPqWG.exe
  2⤵
  PID:6448
- C:\Windows\System\kghVyzL.exe
  C:\Windows\System\kghVyzL.exe
  2⤵
  PID:6464
- C:\Windows\System\IruoTok.exe
  C:\Windows\System\IruoTok.exe
  2⤵
  PID:6480
- C:\Windows\System\rcjtuPr.exe
  C:\Windows\System\rcjtuPr.exe
  2⤵
  PID:6496
- C:\Windows\System\PpQICjp.exe
  C:\Windows\System\PpQICjp.exe
  2⤵
  PID:6512
- C:\Windows\System\rWbzMyP.exe
  C:\Windows\System\rWbzMyP.exe
  2⤵
  PID:6528
- C:\Windows\System\yztEhqe.exe
  C:\Windows\System\yztEhqe.exe
  2⤵
  PID:6548
- C:\Windows\System\iOtcwmo.exe
  C:\Windows\System\iOtcwmo.exe
  2⤵
  PID:6564
- C:\Windows\System\FxMahZP.exe
  C:\Windows\System\FxMahZP.exe
  2⤵
  PID:6580
- C:\Windows\System\XUPmTFU.exe
  C:\Windows\System\XUPmTFU.exe
  2⤵
  PID:6596
- C:\Windows\System\rPqCoBN.exe
  C:\Windows\System\rPqCoBN.exe
  2⤵
  PID:6612
- C:\Windows\System\rVgWQeX.exe
  C:\Windows\System\rVgWQeX.exe
  2⤵
  PID:6628
- C:\Windows\System\EIXDXqL.exe
  C:\Windows\System\EIXDXqL.exe
  2⤵
  PID:6644
- C:\Windows\System\sdPpcPf.exe
  C:\Windows\System\sdPpcPf.exe
  2⤵
  PID:6660
- C:\Windows\System\vlizfHU.exe
  C:\Windows\System\vlizfHU.exe
  2⤵
  PID:6676
- C:\Windows\System\wXPBVDI.exe
  C:\Windows\System\wXPBVDI.exe
  2⤵
  PID:6692
- C:\Windows\System\ZvGEVFb.exe
  C:\Windows\System\ZvGEVFb.exe
  2⤵
  PID:6708
- C:\Windows\System\FjsxCqQ.exe
  C:\Windows\System\FjsxCqQ.exe
  2⤵
  PID:6724
- C:\Windows\System\nCjWhDD.exe
  C:\Windows\System\nCjWhDD.exe
  2⤵
  PID:6740
- C:\Windows\System\ofvoKyo.exe
  C:\Windows\System\ofvoKyo.exe
  2⤵
  PID:6756
- C:\Windows\System\dpabJiR.exe
  C:\Windows\System\dpabJiR.exe
  2⤵
  PID:6772
- C:\Windows\System\FzZeMuP.exe
  C:\Windows\System\FzZeMuP.exe
  2⤵
  PID:6792
- C:\Windows\System\FfPesAG.exe
  C:\Windows\System\FfPesAG.exe
  2⤵
  PID:6808
- C:\Windows\System\QdpGahA.exe
  C:\Windows\System\QdpGahA.exe
  2⤵
  PID:6824
- C:\Windows\System\SKSfhhZ.exe
  C:\Windows\System\SKSfhhZ.exe
  2⤵
  PID:6840
- C:\Windows\System\Fduaupn.exe
  C:\Windows\System\Fduaupn.exe
  2⤵
  PID:6856
- C:\Windows\System\SpNPaNn.exe
  C:\Windows\System\SpNPaNn.exe
  2⤵
  PID:6872
- C:\Windows\System\qJGopPn.exe
  C:\Windows\System\qJGopPn.exe
  2⤵
  PID:6888
- C:\Windows\System\LRFckui.exe
  C:\Windows\System\LRFckui.exe
  2⤵
  PID:6904
- C:\Windows\System\cwJawOb.exe
  C:\Windows\System\cwJawOb.exe
  2⤵
  PID:6920
- C:\Windows\System\kIAqhvS.exe
  C:\Windows\System\kIAqhvS.exe
  2⤵
  PID:6936
- C:\Windows\System\NDNupkA.exe
  C:\Windows\System\NDNupkA.exe
  2⤵
  PID:6952
- C:\Windows\System\kphAcdb.exe
  C:\Windows\System\kphAcdb.exe
  2⤵
  PID:6968
- C:\Windows\System\QwXGvVD.exe
  C:\Windows\System\QwXGvVD.exe
  2⤵
  PID:6984
- C:\Windows\System\ytuDUEh.exe
  C:\Windows\System\ytuDUEh.exe
  2⤵
  PID:7000
- C:\Windows\System\JJRipou.exe
  C:\Windows\System\JJRipou.exe
  2⤵
  PID:7016
- C:\Windows\System\YHIrSir.exe
  C:\Windows\System\YHIrSir.exe
  2⤵
  PID:7032
- C:\Windows\System\JJlIFuE.exe
  C:\Windows\System\JJlIFuE.exe
  2⤵
  PID:7048
- C:\Windows\System\RMlavCx.exe
  C:\Windows\System\RMlavCx.exe
  2⤵
  PID:7064
- C:\Windows\System\YeAEhsZ.exe
  C:\Windows\System\YeAEhsZ.exe
  2⤵
  PID:7080
- C:\Windows\System\gLKTFCM.exe
  C:\Windows\System\gLKTFCM.exe
  2⤵
  PID:7096
- C:\Windows\System\EIrNPMp.exe
  C:\Windows\System\EIrNPMp.exe
  2⤵
  PID:7112
- C:\Windows\System\NZKuolX.exe
  C:\Windows\System\NZKuolX.exe
  2⤵
  PID:7128
- C:\Windows\System\VkbFAhE.exe
  C:\Windows\System\VkbFAhE.exe
  2⤵
  PID:7144
- C:\Windows\System\gOVjosm.exe
  C:\Windows\System\gOVjosm.exe
  2⤵
  PID:7160
- C:\Windows\System\sHzhHFb.exe
  C:\Windows\System\sHzhHFb.exe
  2⤵
  PID:5688
- C:\Windows\System\jRECjUb.exe
  C:\Windows\System\jRECjUb.exe
  2⤵
  PID:6072
- C:\Windows\System\ITBlzrf.exe
  C:\Windows\System\ITBlzrf.exe
  2⤵
  PID:6004
- C:\Windows\System\XZBGAwC.exe
  C:\Windows\System\XZBGAwC.exe
  2⤵
  PID:4696
- C:\Windows\System\Jdhfgdb.exe
  C:\Windows\System\Jdhfgdb.exe
  2⤵
  PID:6104
- C:\Windows\System\iFPTtEs.exe
  C:\Windows\System\iFPTtEs.exe
  2⤵
  PID:4764
- C:\Windows\System\ASatoiW.exe
  C:\Windows\System\ASatoiW.exe
  2⤵
  PID:5500
- C:\Windows\System\qDfpOpm.exe
  C:\Windows\System\qDfpOpm.exe
  2⤵
  PID:5436
- C:\Windows\System\kWOkEOm.exe
  C:\Windows\System\kWOkEOm.exe
  2⤵
  PID:6172
- C:\Windows\System\eFDiihl.exe
  C:\Windows\System\eFDiihl.exe
  2⤵
  PID:5812
- C:\Windows\System\IChfWrt.exe
  C:\Windows\System\IChfWrt.exe
  2⤵
  PID:6156
- C:\Windows\System\BObEfpH.exe
  C:\Windows\System\BObEfpH.exe
  2⤵
  PID:5448
- C:\Windows\System\CyGgQYf.exe
  C:\Windows\System\CyGgQYf.exe
  2⤵
  PID:5356
- C:\Windows\System\sJuaDYo.exe
  C:\Windows\System\sJuaDYo.exe
  2⤵
  PID:6232
- C:\Windows\System\eEVNoqu.exe
  C:\Windows\System\eEVNoqu.exe
  2⤵
  PID:6220
- C:\Windows\System\hUOklFD.exe
  C:\Windows\System\hUOklFD.exe
  2⤵
  PID:6252
- C:\Windows\System\jSCchoY.exe
  C:\Windows\System\jSCchoY.exe
  2⤵
  PID:6328
- C:\Windows\System\AVgfBxz.exe
  C:\Windows\System\AVgfBxz.exe
  2⤵
  PID:6396
- C:\Windows\System\QTNOPtg.exe
  C:\Windows\System\QTNOPtg.exe
  2⤵
  PID:6348
- C:\Windows\System\fDDdWVV.exe
  C:\Windows\System\fDDdWVV.exe
  2⤵
  PID:6428
- C:\Windows\System\cQBqKTx.exe
  C:\Windows\System\cQBqKTx.exe
  2⤵
  PID:6380
- C:\Windows\System\ZguzQKB.exe
  C:\Windows\System\ZguzQKB.exe
  2⤵
  PID:6488
- C:\Windows\System\ylvDJzW.exe
  C:\Windows\System\ylvDJzW.exe
  2⤵
  PID:6472
- C:\Windows\System\GDWdlBg.exe
  C:\Windows\System\GDWdlBg.exe
  2⤵
  PID:6588
- C:\Windows\System\jFfpxEr.exe
  C:\Windows\System\jFfpxEr.exe
  2⤵
  PID:6504
- C:\Windows\System\sqpMUXn.exe
  C:\Windows\System\sqpMUXn.exe
  2⤵
  PID:6656
- C:\Windows\System\vvoQbqZ.exe
  C:\Windows\System\vvoQbqZ.exe
  2⤵
  PID:6572
- C:\Windows\System\tKPjuJi.exe
  C:\Windows\System\tKPjuJi.exe
  2⤵
  PID:6604
- C:\Windows\System\rOwnssn.exe
  C:\Windows\System\rOwnssn.exe
  2⤵
  PID:4020
- C:\Windows\System\mXvmuOP.exe
  C:\Windows\System\mXvmuOP.exe
  2⤵
  PID:6668
- C:\Windows\System\NWwzcHh.exe
  C:\Windows\System\NWwzcHh.exe
  2⤵
  PID:4036
- C:\Windows\System\KeWxKwt.exe
  C:\Windows\System\KeWxKwt.exe
  2⤵
  PID:6732
- C:\Windows\System\kYLKKyv.exe
  C:\Windows\System\kYLKKyv.exe
  2⤵
  PID:4040
- C:\Windows\System\dGdNzGU.exe
  C:\Windows\System\dGdNzGU.exe
  2⤵
  PID:6848
- C:\Windows\System\EWyckYU.exe
  C:\Windows\System\EWyckYU.exe
  2⤵
  PID:6296
- C:\Windows\System\jEQVyJX.exe
  C:\Windows\System\jEQVyJX.exe
  2⤵
  PID:2088
- C:\Windows\System\HEdCmoW.exe
  C:\Windows\System\HEdCmoW.exe
  2⤵
  PID:6700
- C:\Windows\System\cXjxFmi.exe
  C:\Windows\System\cXjxFmi.exe
  2⤵
  PID:1296
- C:\Windows\System\QrxYRGH.exe
  C:\Windows\System\QrxYRGH.exe
  2⤵
  PID:6764
- C:\Windows\System\KdKpEix.exe
  C:\Windows\System\KdKpEix.exe
  2⤵
  PID:6912
- C:\Windows\System\pEWNAvi.exe
  C:\Windows\System\pEWNAvi.exe
  2⤵
  PID:6916
- C:\Windows\System\CjxykKY.exe
  C:\Windows\System\CjxykKY.exe
  2⤵
  PID:4076
- C:\Windows\System\SeFRohP.exe
  C:\Windows\System\SeFRohP.exe
  2⤵
  PID:7136
- C:\Windows\System\RUBNYHZ.exe
  C:\Windows\System\RUBNYHZ.exe
  2⤵
  PID:7104
- C:\Windows\System\vxhAQaa.exe
  C:\Windows\System\vxhAQaa.exe
  2⤵
  PID:1972
- C:\Windows\System\AkNlBiW.exe
  C:\Windows\System\AkNlBiW.exe
  2⤵
  PID:2876
- C:\Windows\System\pYTrwjg.exe
  C:\Windows\System\pYTrwjg.exe
  2⤵
  PID:6932
- C:\Windows\System\fmzwkwS.exe
  C:\Windows\System\fmzwkwS.exe
  2⤵
  PID:6560
- C:\Windows\System\Jxvyvoz.exe
  C:\Windows\System\Jxvyvoz.exe
  2⤵
  PID:6608
- C:\Windows\System\EYYahyu.exe
  C:\Windows\System\EYYahyu.exe
  2⤵
  PID:6816
- C:\Windows\System\MVwDhhC.exe
  C:\Windows\System\MVwDhhC.exe
  2⤵
  PID:6116
- C:\Windows\System\ztzjfkL.exe
  C:\Windows\System\ztzjfkL.exe
  2⤵
  PID:5748
- C:\Windows\System\ssMacGy.exe
  C:\Windows\System\ssMacGy.exe
  2⤵
  PID:6992
- C:\Windows\System\cNgPEKF.exe
  C:\Windows\System\cNgPEKF.exe
  2⤵
  PID:7024
- C:\Windows\System\VfPjOKD.exe
  C:\Windows\System\VfPjOKD.exe
  2⤵
  PID:7056
- C:\Windows\System\JrRgwCJ.exe
  C:\Windows\System\JrRgwCJ.exe
  2⤵
  PID:7088
- C:\Windows\System\gSwPeMM.exe
  C:\Windows\System\gSwPeMM.exe
  2⤵
  PID:4892
- C:\Windows\System\PBoMbvP.exe
  C:\Windows\System\PBoMbvP.exe
  2⤵
  PID:7156
- C:\Windows\System\LZassOR.exe
  C:\Windows\System\LZassOR.exe
  2⤵
  PID:5928
- C:\Windows\System\kInHUEx.exe
  C:\Windows\System\kInHUEx.exe
  2⤵
  PID:2700
- C:\Windows\System\igHeLeT.exe
  C:\Windows\System\igHeLeT.exe
  2⤵
  PID:5072
- C:\Windows\System\gMYADPh.exe
  C:\Windows\System\gMYADPh.exe
  2⤵
  PID:4604
- C:\Windows\System\DobIdtr.exe
  C:\Windows\System\DobIdtr.exe
  2⤵
  PID:6024
- C:\Windows\System\xQpnYqe.exe
  C:\Windows\System\xQpnYqe.exe
  2⤵
  PID:2916
- C:\Windows\System\EaBKIuq.exe
  C:\Windows\System\EaBKIuq.exe
  2⤵
  PID:1788
- C:\Windows\System\aLZTJFC.exe
  C:\Windows\System\aLZTJFC.exe
  2⤵
  PID:6460
- C:\Windows\System\cBBWnxQ.exe
  C:\Windows\System\cBBWnxQ.exe
  2⤵
  PID:6520
- C:\Windows\System\cxDFhMz.exe
  C:\Windows\System\cxDFhMz.exe
  2⤵
  PID:6720
- C:\Windows\System\LNjyBoO.exe
  C:\Windows\System\LNjyBoO.exe
  2⤵
  PID:6804
- C:\Windows\System\EMCqPuz.exe
  C:\Windows\System\EMCqPuz.exe
  2⤵
  PID:6980
- C:\Windows\System\JjZIVsM.exe
  C:\Windows\System\JjZIVsM.exe
  2⤵
  PID:6640
- C:\Windows\System\lRFvsoF.exe
  C:\Windows\System\lRFvsoF.exe
  2⤵
  PID:2616
- C:\Windows\System\LCLhcTK.exe
  C:\Windows\System\LCLhcTK.exe
  2⤵
  PID:2464
- C:\Windows\System\SbBEWnH.exe
  C:\Windows\System\SbBEWnH.exe
  2⤵
  PID:1476
- C:\Windows\System\zFrWXGA.exe
  C:\Windows\System\zFrWXGA.exe
  2⤵
  PID:6652
- C:\Windows\System\JgPBoMi.exe
  C:\Windows\System\JgPBoMi.exe
  2⤵
  PID:5224
- C:\Windows\System\WQsatAy.exe
  C:\Windows\System\WQsatAy.exe
  2⤵
  PID:916
- C:\Windows\System\rgyaUSd.exe
  C:\Windows\System\rgyaUSd.exe
  2⤵
  PID:6440
- C:\Windows\System\QOZpPRo.exe
  C:\Windows\System\QOZpPRo.exe
  2⤵
  PID:2780
- C:\Windows\System\NcweWPh.exe
  C:\Windows\System\NcweWPh.exe
  2⤵
  PID:2744
- C:\Windows\System\aRCYBxb.exe
  C:\Windows\System\aRCYBxb.exe
  2⤵
  PID:7108
- C:\Windows\System\cuiLDmJ.exe
  C:\Windows\System\cuiLDmJ.exe
  2⤵
  PID:2104
- C:\Windows\System\qMRFsDQ.exe
  C:\Windows\System\qMRFsDQ.exe
  2⤵
  PID:6536
- C:\Windows\System\wFRBFkV.exe
  C:\Windows\System\wFRBFkV.exe
  2⤵
  PID:848
- C:\Windows\System\NMGYJKm.exe
  C:\Windows\System\NMGYJKm.exe
  2⤵
  PID:6264
- C:\Windows\System\dKLoMnh.exe
  C:\Windows\System\dKLoMnh.exe
  2⤵
  PID:5340
- C:\Windows\System\HgmDULG.exe
  C:\Windows\System\HgmDULG.exe
  2⤵
  PID:2160
- C:\Windows\System\NtFeSNe.exe
  C:\Windows\System\NtFeSNe.exe
  2⤵
  PID:2540
- C:\Windows\System\EJRKayk.exe
  C:\Windows\System\EJRKayk.exe
  2⤵
  PID:2544
- C:\Windows\System\lqLYboB.exe
  C:\Windows\System\lqLYboB.exe
  2⤵
  PID:6444
- C:\Windows\System\RMZhgXM.exe
  C:\Windows\System\RMZhgXM.exe
  2⤵
  PID:2168
- C:\Windows\System\iUZbTYB.exe
  C:\Windows\System\iUZbTYB.exe
  2⤵
  PID:2324
- C:\Windows\System\LAPZatI.exe
  C:\Windows\System\LAPZatI.exe
  2⤵
  PID:1460
- C:\Windows\System\CCVSqJL.exe
  C:\Windows\System\CCVSqJL.exe
  2⤵
  PID:6896
- C:\Windows\System\WVcbtzZ.exe
  C:\Windows\System\WVcbtzZ.exe
  2⤵
  PID:6540
- C:\Windows\System\XDaHPvX.exe
  C:\Windows\System\XDaHPvX.exe
  2⤵
  PID:7008
- C:\Windows\System\KImfkQj.exe
  C:\Windows\System\KImfkQj.exe
  2⤵
  PID:2188
- C:\Windows\System\ForRPpZ.exe
  C:\Windows\System\ForRPpZ.exe
  2⤵
  PID:2660
- C:\Windows\System\cwzksPL.exe
  C:\Windows\System\cwzksPL.exe
  2⤵
  PID:2412
- C:\Windows\System\TnZZLgQ.exe
  C:\Windows\System\TnZZLgQ.exe
  2⤵
  PID:6996
- C:\Windows\System\lAIcEDK.exe
  C:\Windows\System\lAIcEDK.exe
  2⤵
  PID:6960
- C:\Windows\System\cQUVfmd.exe
  C:\Windows\System\cQUVfmd.exe
  2⤵
  PID:6836
- C:\Windows\System\zdGjIRH.exe
  C:\Windows\System\zdGjIRH.exe
  2⤵
  PID:6868
- C:\Windows\System\bxYTdcj.exe
  C:\Windows\System\bxYTdcj.exe
  2⤵
  PID:2752
- C:\Windows\System\zfdsEcv.exe
  C:\Windows\System\zfdsEcv.exe
  2⤵
  PID:5880
- C:\Windows\System\lcCgZwz.exe
  C:\Windows\System\lcCgZwz.exe
  2⤵
  PID:2804
- C:\Windows\System\PLRVQTG.exe
  C:\Windows\System\PLRVQTG.exe
  2⤵
  PID:2320
- C:\Windows\System\qjTinMX.exe
  C:\Windows\System\qjTinMX.exe
  2⤵
  PID:1936
- C:\Windows\System\VRSbrdE.exe
  C:\Windows\System\VRSbrdE.exe
  2⤵
  PID:6780
- C:\Windows\System\neGMrEh.exe
  C:\Windows\System\neGMrEh.exe
  2⤵
  PID:7152
- C:\Windows\System\bRHowCG.exe
  C:\Windows\System\bRHowCG.exe
  2⤵
  PID:5608
- C:\Windows\System\wnaEbrq.exe
  C:\Windows\System\wnaEbrq.exe
  2⤵
  PID:1500
- C:\Windows\System\RFzZBmk.exe
  C:\Windows\System\RFzZBmk.exe
  2⤵
  PID:5320
- C:\Windows\System\BCodNYg.exe
  C:\Windows\System\BCodNYg.exe
  2⤵
  PID:6976
- C:\Windows\System\LSIoDbf.exe
  C:\Windows\System\LSIoDbf.exe
  2⤵
  PID:6036
- C:\Windows\System\LepRfDb.exe
  C:\Windows\System\LepRfDb.exe
  2⤵
  PID:4068
- C:\Windows\System\ljxmolF.exe
  C:\Windows\System\ljxmolF.exe
  2⤵
  PID:2240
- C:\Windows\System\bYvMjFw.exe
  C:\Windows\System\bYvMjFw.exe
  2⤵
  PID:7184
- C:\Windows\System\DSAXrQi.exe
  C:\Windows\System\DSAXrQi.exe
  2⤵
  PID:7200
- C:\Windows\System\ePqxIBi.exe
  C:\Windows\System\ePqxIBi.exe
  2⤵
  PID:7216
- C:\Windows\System\JJrFruS.exe
  C:\Windows\System\JJrFruS.exe
  2⤵
  PID:7232
- C:\Windows\System\GdiQGDq.exe
  C:\Windows\System\GdiQGDq.exe
  2⤵
  PID:7248
- C:\Windows\System\HYJdYuY.exe
  C:\Windows\System\HYJdYuY.exe
  2⤵
  PID:7264
- C:\Windows\System\bbruvQz.exe
  C:\Windows\System\bbruvQz.exe
  2⤵
  PID:7280
- C:\Windows\System\MEcUdlF.exe
  C:\Windows\System\MEcUdlF.exe
  2⤵
  PID:7296
- C:\Windows\System\MAvnIHP.exe
  C:\Windows\System\MAvnIHP.exe
  2⤵
  PID:7312
- C:\Windows\System\PyupFdH.exe
  C:\Windows\System\PyupFdH.exe
  2⤵
  PID:7328
- C:\Windows\System\bxlUebZ.exe
  C:\Windows\System\bxlUebZ.exe
  2⤵
  PID:7344
- C:\Windows\System\bPNhQix.exe
  C:\Windows\System\bPNhQix.exe
  2⤵
  PID:7364
- C:\Windows\System\XKEfzZN.exe
  C:\Windows\System\XKEfzZN.exe
  2⤵
  PID:7380
- C:\Windows\System\zDmAplZ.exe
  C:\Windows\System\zDmAplZ.exe
  2⤵
  PID:7396
- C:\Windows\System\DiLGiLQ.exe
  C:\Windows\System\DiLGiLQ.exe
  2⤵
  PID:7412
- C:\Windows\System\RpuaktQ.exe
  C:\Windows\System\RpuaktQ.exe
  2⤵
  PID:7428
- C:\Windows\System\zflGYCZ.exe
  C:\Windows\System\zflGYCZ.exe
  2⤵
  PID:7444
- C:\Windows\System\xusiLWO.exe
  C:\Windows\System\xusiLWO.exe
  2⤵
  PID:7460
- C:\Windows\System\oPNaltj.exe
  C:\Windows\System\oPNaltj.exe
  2⤵
  PID:7476
- C:\Windows\System\JfiFosH.exe
  C:\Windows\System\JfiFosH.exe
  2⤵
  PID:7492
- C:\Windows\System\FTawDII.exe
  C:\Windows\System\FTawDII.exe
  2⤵
  PID:7508
- C:\Windows\System\LUneCrK.exe
  C:\Windows\System\LUneCrK.exe
  2⤵
  PID:7524
- C:\Windows\System\vhrwuyv.exe
  C:\Windows\System\vhrwuyv.exe
  2⤵
  PID:7548
- C:\Windows\System\ylghvqY.exe
  C:\Windows\System\ylghvqY.exe
  2⤵
  PID:7564
- C:\Windows\System\OaQCiVJ.exe
  C:\Windows\System\OaQCiVJ.exe
  2⤵
  PID:7580
- C:\Windows\System\xiRoHIH.exe
  C:\Windows\System\xiRoHIH.exe
  2⤵
  PID:7596
- C:\Windows\System\KVEVGHO.exe
  C:\Windows\System\KVEVGHO.exe
  2⤵
  PID:7612
- C:\Windows\System\OxcCalW.exe
  C:\Windows\System\OxcCalW.exe
  2⤵
  PID:7628
- C:\Windows\System\jMnFJqV.exe
  C:\Windows\System\jMnFJqV.exe
  2⤵
  PID:7644
- C:\Windows\System\dFFhQaC.exe
  C:\Windows\System\dFFhQaC.exe
  2⤵
  PID:7660
- C:\Windows\System\QJiIpim.exe
  C:\Windows\System\QJiIpim.exe
  2⤵
  PID:7676
- C:\Windows\System\KXNalFi.exe
  C:\Windows\System\KXNalFi.exe
  2⤵
  PID:7692
- C:\Windows\System\CHBptgE.exe
  C:\Windows\System\CHBptgE.exe
  2⤵
  PID:7708
- C:\Windows\System\mJEegCz.exe
  C:\Windows\System\mJEegCz.exe
  2⤵
  PID:7724
- C:\Windows\System\ICBUJiL.exe
  C:\Windows\System\ICBUJiL.exe
  2⤵
  PID:7744
- C:\Windows\System\QbcBfoW.exe
  C:\Windows\System\QbcBfoW.exe
  2⤵
  PID:7760
- C:\Windows\System\jxddzVs.exe
  C:\Windows\System\jxddzVs.exe
  2⤵
  PID:7776
- C:\Windows\System\uFOGgiL.exe
  C:\Windows\System\uFOGgiL.exe
  2⤵
  PID:7792
- C:\Windows\System\arbZcai.exe
  C:\Windows\System\arbZcai.exe
  2⤵
  PID:7808
- C:\Windows\System\zRPHgft.exe
  C:\Windows\System\zRPHgft.exe
  2⤵
  PID:7824
- C:\Windows\System\KdMbIBL.exe
  C:\Windows\System\KdMbIBL.exe
  2⤵
  PID:7840
- C:\Windows\System\NKadCjN.exe
  C:\Windows\System\NKadCjN.exe
  2⤵
  PID:7856
- C:\Windows\System\BYHyGRY.exe
  C:\Windows\System\BYHyGRY.exe
  2⤵
  PID:7872
- C:\Windows\System\uaRqjyh.exe
  C:\Windows\System\uaRqjyh.exe
  2⤵
  PID:7888
- C:\Windows\System\UYoQrvn.exe
  C:\Windows\System\UYoQrvn.exe
  2⤵
  PID:7904
- C:\Windows\System\DiVcrLS.exe
  C:\Windows\System\DiVcrLS.exe
  2⤵
  PID:7920
- C:\Windows\System\dLFfcEv.exe
  C:\Windows\System\dLFfcEv.exe
  2⤵
  PID:7936
- C:\Windows\System\ncbecom.exe
  C:\Windows\System\ncbecom.exe
  2⤵
  PID:7952
- C:\Windows\System\lxKNLdb.exe
  C:\Windows\System\lxKNLdb.exe
  2⤵
  PID:7968
- C:\Windows\System\rdmkspx.exe
  C:\Windows\System\rdmkspx.exe
  2⤵
  PID:7984
- C:\Windows\System\sAKyFgJ.exe
  C:\Windows\System\sAKyFgJ.exe
  2⤵
  PID:8000
- C:\Windows\System\wTUJQpg.exe
  C:\Windows\System\wTUJQpg.exe
  2⤵
  PID:8016
- C:\Windows\System\yCfKZVI.exe
  C:\Windows\System\yCfKZVI.exe
  2⤵
  PID:8032
- C:\Windows\System\ZAzCiKP.exe
  C:\Windows\System\ZAzCiKP.exe
  2⤵
  PID:8048
- C:\Windows\System\VcURjcG.exe
  C:\Windows\System\VcURjcG.exe
  2⤵
  PID:8064
- C:\Windows\System\rwMOFyC.exe
  C:\Windows\System\rwMOFyC.exe
  2⤵
  PID:8080
- C:\Windows\System\KkVvSIG.exe
  C:\Windows\System\KkVvSIG.exe
  2⤵
  PID:8096
- C:\Windows\System\mguUTQi.exe
  C:\Windows\System\mguUTQi.exe
  2⤵
  PID:8112
- C:\Windows\System\VLSGQzR.exe
  C:\Windows\System\VLSGQzR.exe
  2⤵
  PID:8128
- C:\Windows\System\WinTUMW.exe
  C:\Windows\System\WinTUMW.exe
  2⤵
  PID:8144
- C:\Windows\System\JNnqVyG.exe
  C:\Windows\System\JNnqVyG.exe
  2⤵
  PID:8160
- C:\Windows\System\SDFLoXT.exe
  C:\Windows\System\SDFLoXT.exe
  2⤵
  PID:8176
- C:\Windows\System\OUqZIFZ.exe
  C:\Windows\System\OUqZIFZ.exe
  2⤵
  PID:7180
- C:\Windows\System\qmgWdei.exe
  C:\Windows\System\qmgWdei.exe
  2⤵
  PID:7240
- C:\Windows\System\GenpwVn.exe
  C:\Windows\System\GenpwVn.exe
  2⤵
  PID:7224
- C:\Windows\System\THfJZFp.exe
  C:\Windows\System\THfJZFp.exe
  2⤵
  PID:7012
- C:\Windows\System\PetXyVL.exe
  C:\Windows\System\PetXyVL.exe
  2⤵
  PID:6576
- C:\Windows\System\oekiFQl.exe
  C:\Windows\System\oekiFQl.exe
  2⤵
  PID:6344
- C:\Windows\System\oOXLRom.exe
  C:\Windows\System\oOXLRom.exe
  2⤵
  PID:780
- C:\Windows\System\brBHzcy.exe
  C:\Windows\System\brBHzcy.exe
  2⤵
  PID:2140
- C:\Windows\System\fwqoDhS.exe
  C:\Windows\System\fwqoDhS.exe
  2⤵
  PID:5864
- C:\Windows\System\GnHyNmN.exe
  C:\Windows\System\GnHyNmN.exe
  2⤵
  PID:7304
- C:\Windows\System\EPCufMN.exe
  C:\Windows\System\EPCufMN.exe
  2⤵
  PID:7228
- C:\Windows\System\hRcIWUc.exe
  C:\Windows\System\hRcIWUc.exe
  2⤵
  PID:1568
- C:\Windows\System\BmvOzpQ.exe
  C:\Windows\System\BmvOzpQ.exe
  2⤵
  PID:7440
- C:\Windows\System\YyxsFtJ.exe
  C:\Windows\System\YyxsFtJ.exe
  2⤵
  PID:7324
- C:\Windows\System\XKzFtBq.exe
  C:\Windows\System\XKzFtBq.exe
  2⤵
  PID:7288
- C:\Windows\System\HBAnROZ.exe
  C:\Windows\System\HBAnROZ.exe
  2⤵
  PID:7360
- C:\Windows\System\YRXVPaU.exe
  C:\Windows\System\YRXVPaU.exe
  2⤵
  PID:7420
- C:\Windows\System\zRzzlnN.exe
  C:\Windows\System\zRzzlnN.exe
  2⤵
  PID:7488
- C:\Windows\System\SKuWIvi.exe
  C:\Windows\System\SKuWIvi.exe
  2⤵
  PID:7544
- C:\Windows\System\SfxLwfu.exe
  C:\Windows\System\SfxLwfu.exe
  2⤵
  PID:7560
- C:\Windows\System\vEatzLA.exe
  C:\Windows\System\vEatzLA.exe
  2⤵
  PID:7608
- C:\Windows\System\EiIzRJp.exe
  C:\Windows\System\EiIzRJp.exe
  2⤵
  PID:7672
- C:\Windows\System\FBJWnGx.exe
  C:\Windows\System\FBJWnGx.exe
  2⤵
  PID:7736
- C:\Windows\System\KLHXXJb.exe
  C:\Windows\System\KLHXXJb.exe
  2⤵
  PID:7716
- C:\Windows\System\zeqTHVM.exe
  C:\Windows\System\zeqTHVM.exe
  2⤵
  PID:7720
- C:\Windows\System\reEhghJ.exe
  C:\Windows\System\reEhghJ.exe
  2⤵
  PID:7772
- C:\Windows\System\gArkjNU.exe
  C:\Windows\System\gArkjNU.exe
  2⤵
  PID:7864
- C:\Windows\System\HIklWSn.exe
  C:\Windows\System\HIklWSn.exe
  2⤵
  PID:7928
- C:\Windows\System\LgtpEoy.exe
  C:\Windows\System\LgtpEoy.exe
  2⤵
  PID:7996
- C:\Windows\System\dzifOkb.exe
  C:\Windows\System\dzifOkb.exe
  2⤵
  PID:8024
- C:\Windows\System\cIspYyi.exe
  C:\Windows\System\cIspYyi.exe
  2⤵
  PID:7848
- C:\Windows\System\wyjWhaM.exe
  C:\Windows\System\wyjWhaM.exe
  2⤵
  PID:8060
- C:\Windows\System\iPHhiwg.exe
  C:\Windows\System\iPHhiwg.exe
  2⤵
  PID:8152
- C:\Windows\System\XtgRQbd.exe
  C:\Windows\System\XtgRQbd.exe
  2⤵
  PID:7120
- C:\Windows\System\WDwqlMa.exe
  C:\Windows\System\WDwqlMa.exe
  2⤵
  PID:8008
- C:\Windows\System\XfZjXVp.exe
  C:\Windows\System\XfZjXVp.exe
  2⤵
  PID:7976
- C:\Windows\System\TfrWahT.exe
  C:\Windows\System\TfrWahT.exe
  2⤵
  PID:7912
- C:\Windows\System\GuJHkWy.exe
  C:\Windows\System\GuJHkWy.exe
  2⤵
  PID:8044
- C:\Windows\System\sldGmlF.exe
  C:\Windows\System\sldGmlF.exe
  2⤵
  PID:8104
- C:\Windows\System\klZIRHF.exe
  C:\Windows\System\klZIRHF.exe
  2⤵
  PID:2732
- C:\Windows\System\MtPWuEb.exe
  C:\Windows\System\MtPWuEb.exe
  2⤵
  PID:7272
- C:\Windows\System\LSQGnvB.exe
  C:\Windows\System\LSQGnvB.exe
  2⤵
  PID:6168
- C:\Windows\System\uYJgEjN.exe
  C:\Windows\System\uYJgEjN.exe
  2⤵
  PID:7336
- C:\Windows\System\LEMKyeD.exe
  C:\Windows\System\LEMKyeD.exe
  2⤵
  PID:7500
- C:\Windows\System\rJxuHDw.exe
  C:\Windows\System\rJxuHDw.exe
  2⤵
  PID:1040
- C:\Windows\System\IxGjtoc.exe
  C:\Windows\System\IxGjtoc.exe
  2⤵
  PID:7540
- C:\Windows\System\cdFdERa.exe
  C:\Windows\System\cdFdERa.exe
  2⤵
  PID:7196
- C:\Windows\System\LkIhJJj.exe
  C:\Windows\System\LkIhJJj.exe
  2⤵
  PID:7652
- C:\Windows\System\iVsQtPv.exe
  C:\Windows\System\iVsQtPv.exe
  2⤵
  PID:7832
- C:\Windows\System\Vgopyrx.exe
  C:\Windows\System\Vgopyrx.exe
  2⤵
  PID:7960
- C:\Windows\System\pJNqlgD.exe
  C:\Windows\System\pJNqlgD.exe
  2⤵
  PID:8092
- C:\Windows\System\qnVgDoX.exe
  C:\Windows\System\qnVgDoX.exe
  2⤵
  PID:7944
- C:\Windows\System\VDumLtC.exe
  C:\Windows\System\VDumLtC.exe
  2⤵
  PID:8140
- C:\Windows\System\GZyFJNb.exe
  C:\Windows\System\GZyFJNb.exe
  2⤵
  PID:7452
- C:\Windows\System\FHyqKqa.exe
  C:\Windows\System\FHyqKqa.exe
  2⤵
  PID:1308
- C:\Windows\System\vIyDGnc.exe
  C:\Windows\System\vIyDGnc.exe
  2⤵
  PID:7688
- C:\Windows\System\GLASysS.exe
  C:\Windows\System\GLASysS.exe
  2⤵
  PID:7768
- C:\Windows\System\NHgGxsS.exe
  C:\Windows\System\NHgGxsS.exe
  2⤵
  PID:7592
- C:\Windows\System\peMuYJa.exe
  C:\Windows\System\peMuYJa.exe
  2⤵
  PID:7788
- C:\Windows\System\EYBbPfb.exe
  C:\Windows\System\EYBbPfb.exe
  2⤵
  PID:980
- C:\Windows\System\SiEsOlD.exe
  C:\Windows\System\SiEsOlD.exe
  2⤵
  PID:8120
- C:\Windows\System\OJavKOZ.exe
  C:\Windows\System\OJavKOZ.exe
  2⤵
  PID:6788
- C:\Windows\System\DWxiZYy.exe
  C:\Windows\System\DWxiZYy.exe
  2⤵
  PID:6716
- C:\Windows\System\VfXyDYK.exe
  C:\Windows\System\VfXyDYK.exe
  2⤵
  PID:5892
- C:\Windows\System\jcpQszk.exe
  C:\Windows\System\jcpQszk.exe
  2⤵
  PID:7704
- C:\Windows\System\LdNAZEb.exe
  C:\Windows\System\LdNAZEb.exe
  2⤵
  PID:8136
- C:\Windows\System\YhxHaQF.exe
  C:\Windows\System\YhxHaQF.exe
  2⤵
  PID:7404
- C:\Windows\System\tKSpCKG.exe
  C:\Windows\System\tKSpCKG.exe
  2⤵
  PID:7356
- C:\Windows\System\QldmCWG.exe
  C:\Windows\System\QldmCWG.exe
  2⤵
  PID:7392
- C:\Windows\System\xsFdutt.exe
  C:\Windows\System\xsFdutt.exe
  2⤵
  PID:7436
- C:\Windows\System\ANfNhjS.exe
  C:\Windows\System\ANfNhjS.exe
  2⤵
  PID:7868
- C:\Windows\System\mdSxEHQ.exe
  C:\Windows\System\mdSxEHQ.exe
  2⤵
  PID:7884
- C:\Windows\System\GasYadK.exe
  C:\Windows\System\GasYadK.exe
  2⤵
  PID:2708
- C:\Windows\System\IVuVodw.exe
  C:\Windows\System\IVuVodw.exe
  2⤵
  PID:8204
- C:\Windows\System\sJLdAXN.exe
  C:\Windows\System\sJLdAXN.exe
  2⤵
  PID:8220
- C:\Windows\System\ZyhXHwS.exe
  C:\Windows\System\ZyhXHwS.exe
  2⤵
  PID:8236
- C:\Windows\System\vemodIu.exe
  C:\Windows\System\vemodIu.exe
  2⤵
  PID:8252
- C:\Windows\System\HWIRdhq.exe
  C:\Windows\System\HWIRdhq.exe
  2⤵
  PID:8268
- C:\Windows\System\sEZanxA.exe
  C:\Windows\System\sEZanxA.exe
  2⤵
  PID:8284
- C:\Windows\System\nScWLRM.exe
  C:\Windows\System\nScWLRM.exe
  2⤵
  PID:8300
- C:\Windows\System\bytQRJw.exe
  C:\Windows\System\bytQRJw.exe
  2⤵
  PID:8316
- C:\Windows\System\ZUUJUaq.exe
  C:\Windows\System\ZUUJUaq.exe
  2⤵
  PID:8332
- C:\Windows\System\csIXhlb.exe
  C:\Windows\System\csIXhlb.exe
  2⤵
  PID:8348
- C:\Windows\System\SROeaof.exe
  C:\Windows\System\SROeaof.exe
  2⤵
  PID:8364
- C:\Windows\System\apZBgTp.exe
  C:\Windows\System\apZBgTp.exe
  2⤵
  PID:8380
- C:\Windows\System\ybGMlVZ.exe
  C:\Windows\System\ybGMlVZ.exe
  2⤵
  PID:8396
- C:\Windows\System\rwtIcar.exe
  C:\Windows\System\rwtIcar.exe
  2⤵
  PID:8412
- C:\Windows\System\ydoJKRX.exe
  C:\Windows\System\ydoJKRX.exe
  2⤵
  PID:8428
- C:\Windows\System\WCUEETr.exe
  C:\Windows\System\WCUEETr.exe
  2⤵
  PID:8444
- C:\Windows\System\jGetrmt.exe
  C:\Windows\System\jGetrmt.exe
  2⤵
  PID:8460
- C:\Windows\System\vlgCSLO.exe
  C:\Windows\System\vlgCSLO.exe
  2⤵
  PID:8476
- C:\Windows\System\gHWFSRR.exe
  C:\Windows\System\gHWFSRR.exe
  2⤵
  PID:8492
- C:\Windows\System\kYDZPXu.exe
  C:\Windows\System\kYDZPXu.exe
  2⤵
  PID:8508
- C:\Windows\System\ZfyPvQh.exe
  C:\Windows\System\ZfyPvQh.exe
  2⤵
  PID:8524
- C:\Windows\System\XWotedg.exe
  C:\Windows\System\XWotedg.exe
  2⤵
  PID:8540
- C:\Windows\System\TmpHZQl.exe
  C:\Windows\System\TmpHZQl.exe
  2⤵
  PID:8556
- C:\Windows\System\NWydeqU.exe
  C:\Windows\System\NWydeqU.exe
  2⤵
  PID:8576
- C:\Windows\System\gYZZdqI.exe
  C:\Windows\System\gYZZdqI.exe
  2⤵
  PID:8592
- C:\Windows\System\zPcxPhb.exe
  C:\Windows\System\zPcxPhb.exe
  2⤵
  PID:8608
- C:\Windows\System\aCebzAQ.exe
  C:\Windows\System\aCebzAQ.exe
  2⤵
  PID:8624
- C:\Windows\System\KItxVxW.exe
  C:\Windows\System\KItxVxW.exe
  2⤵
  PID:8640
- C:\Windows\System\DbhUWnu.exe
  C:\Windows\System\DbhUWnu.exe
  2⤵
  PID:8656
- C:\Windows\System\PudJSAy.exe
  C:\Windows\System\PudJSAy.exe
  2⤵
  PID:8672
- C:\Windows\System\OlMfJRe.exe
  C:\Windows\System\OlMfJRe.exe
  2⤵
  PID:8688
- C:\Windows\System\bMLmrGe.exe
  C:\Windows\System\bMLmrGe.exe
  2⤵
  PID:8704
- C:\Windows\System\TaKZEoQ.exe
  C:\Windows\System\TaKZEoQ.exe
  2⤵
  PID:8720
- C:\Windows\System\iuOaqjH.exe
  C:\Windows\System\iuOaqjH.exe
  2⤵
  PID:8736
- C:\Windows\System\mLIuHBd.exe
  C:\Windows\System\mLIuHBd.exe
  2⤵
  PID:8752
- C:\Windows\System\lRNjfAM.exe
  C:\Windows\System\lRNjfAM.exe
  2⤵
  PID:8768
- C:\Windows\System\gKqgURU.exe
  C:\Windows\System\gKqgURU.exe
  2⤵
  PID:8784
- C:\Windows\System\TMctUGf.exe
  C:\Windows\System\TMctUGf.exe
  2⤵
  PID:8800
- C:\Windows\System\fRAiQZQ.exe
  C:\Windows\System\fRAiQZQ.exe
  2⤵
  PID:8816
- C:\Windows\System\YUmsGZP.exe
  C:\Windows\System\YUmsGZP.exe
  2⤵
  PID:8832
- C:\Windows\System\jHGByIb.exe
  C:\Windows\System\jHGByIb.exe
  2⤵
  PID:8848
- C:\Windows\System\yuCTyiX.exe
  C:\Windows\System\yuCTyiX.exe
  2⤵
  PID:8868
- C:\Windows\System\risbzvr.exe
  C:\Windows\System\risbzvr.exe
  2⤵
  PID:8884
- C:\Windows\System\CFHOvMm.exe
  C:\Windows\System\CFHOvMm.exe
  2⤵
  PID:8900
- C:\Windows\System\vgDXlZz.exe
  C:\Windows\System\vgDXlZz.exe
  2⤵
  PID:8916
- C:\Windows\System\vpREqLE.exe
  C:\Windows\System\vpREqLE.exe
  2⤵
  PID:8932
- C:\Windows\System\BAuhMSk.exe
  C:\Windows\System\BAuhMSk.exe
  2⤵
  PID:8948
- C:\Windows\System\eDEjiEn.exe
  C:\Windows\System\eDEjiEn.exe
  2⤵
  PID:8964
- C:\Windows\System\AJoGuEC.exe
  C:\Windows\System\AJoGuEC.exe
  2⤵
  PID:8980
- C:\Windows\System\wXhGUQS.exe
  C:\Windows\System\wXhGUQS.exe
  2⤵
  PID:8996
- C:\Windows\System\IaqUzkp.exe
  C:\Windows\System\IaqUzkp.exe
  2⤵
  PID:9012
- C:\Windows\System\rKDGXJA.exe
  C:\Windows\System\rKDGXJA.exe
  2⤵
  PID:9028
- C:\Windows\System\DhJGRnV.exe
  C:\Windows\System\DhJGRnV.exe
  2⤵
  PID:9044
- C:\Windows\System\DYPZClS.exe
  C:\Windows\System\DYPZClS.exe
  2⤵
  PID:9060
- C:\Windows\System\EDmxIXR.exe
  C:\Windows\System\EDmxIXR.exe
  2⤵
  PID:9076
- C:\Windows\System\GywxIYs.exe
  C:\Windows\System\GywxIYs.exe
  2⤵
  PID:9092
- C:\Windows\System\gPWlXgj.exe
  C:\Windows\System\gPWlXgj.exe
  2⤵
  PID:8248
- C:\Windows\System\nTcKzwh.exe
  C:\Windows\System\nTcKzwh.exe
  2⤵
  PID:8536
- C:\Windows\System\GrwJULQ.exe
  C:\Windows\System\GrwJULQ.exe
  2⤵
  PID:8452
- C:\Windows\System\WkyJcWt.exe
  C:\Windows\System\WkyJcWt.exe
  2⤵
  PID:8776
- C:\Windows\System\EodvMuK.exe
  C:\Windows\System\EodvMuK.exe
  2⤵
  PID:8840
- C:\Windows\System\KRPBNPB.exe
  C:\Windows\System\KRPBNPB.exe
  2⤵
  PID:8864
- C:\Windows\System\yLQASQU.exe
  C:\Windows\System\yLQASQU.exe
  2⤵
  PID:8960
- C:\Windows\System\XiBnKVM.exe
  C:\Windows\System\XiBnKVM.exe
  2⤵
  PID:8664
- C:\Windows\System\PkTBgNT.exe
  C:\Windows\System\PkTBgNT.exe
  2⤵
  PID:9112
- C:\Windows\System\QvlybXE.exe
  C:\Windows\System\QvlybXE.exe
  2⤵
  PID:9152
- C:\Windows\System\kcFTIWF.exe
  C:\Windows\System\kcFTIWF.exe
  2⤵
  PID:7732
- C:\Windows\System\NbOCJWf.exe
  C:\Windows\System\NbOCJWf.exe
  2⤵
  PID:7880
- C:\Windows\System\hkmoGEB.exe
  C:\Windows\System\hkmoGEB.exe
  2⤵
  PID:7556
- C:\Windows\System\UgOBmcD.exe
  C:\Windows\System\UgOBmcD.exe
  2⤵
  PID:8340
- C:\Windows\System\ITQqrFq.exe
  C:\Windows\System\ITQqrFq.exe
  2⤵
  PID:8356
- C:\Windows\System\kIzRiYx.exe
  C:\Windows\System\kIzRiYx.exe
  2⤵
  PID:8376
- C:\Windows\System\vHebVoi.exe
  C:\Windows\System\vHebVoi.exe
  2⤵
  PID:7992
- C:\Windows\System\TWztgWO.exe
  C:\Windows\System\TWztgWO.exe
  2⤵
  PID:8344
- C:\Windows\System\khuUjoB.exe
  C:\Windows\System\khuUjoB.exe
  2⤵
  PID:8296
- C:\Windows\System\RloBzFM.exe
  C:\Windows\System\RloBzFM.exe
  2⤵
  PID:8292
- C:\Windows\System\yVqQqdZ.exe
  C:\Windows\System\yVqQqdZ.exe
  2⤵
  PID:8388
- C:\Windows\System\MRrQdfi.exe
  C:\Windows\System\MRrQdfi.exe
  2⤵
  PID:8392
- C:\Windows\System\OKzTMWm.exe
  C:\Windows\System\OKzTMWm.exe
  2⤵
  PID:8468
- C:\Windows\System\SbpbyYn.exe
  C:\Windows\System\SbpbyYn.exe
  2⤵
  PID:8912
- C:\Windows\System\XfliYtx.exe
  C:\Windows\System\XfliYtx.exe
  2⤵
  PID:8588
- C:\Windows\System\biRQaPL.exe
  C:\Windows\System\biRQaPL.exe
  2⤵
  PID:8652
- C:\Windows\System\fgPoCCX.exe
  C:\Windows\System\fgPoCCX.exe
  2⤵
  PID:8648
- C:\Windows\System\NbimxoI.exe
  C:\Windows\System\NbimxoI.exe
  2⤵
  PID:9104
- C:\Windows\System\UMaNMjz.exe
  C:\Windows\System\UMaNMjz.exe
  2⤵
  PID:9140
- C:\Windows\System\YdSjEMo.exe
  C:\Windows\System\YdSjEMo.exe
  2⤵
  PID:9100
- C:\Windows\System\qCFxjsd.exe
  C:\Windows\System\qCFxjsd.exe
  2⤵
  PID:9008
- C:\Windows\System\DCxsebx.exe
  C:\Windows\System\DCxsebx.exe
  2⤵
  PID:8780
- C:\Windows\System\FyjBkLt.exe
  C:\Windows\System\FyjBkLt.exe
  2⤵
  PID:8680
- C:\Windows\System\gHFvbEn.exe
  C:\Windows\System\gHFvbEn.exe
  2⤵
  PID:9056
- C:\Windows\System\QkmGqyB.exe
  C:\Windows\System\QkmGqyB.exe
  2⤵
  PID:8668
- C:\Windows\System\uYxRnwg.exe
  C:\Windows\System\uYxRnwg.exe
  2⤵
  PID:9144
- C:\Windows\System\FCkXAbw.exe
  C:\Windows\System\FCkXAbw.exe
  2⤵
  PID:9208
- C:\Windows\System\MBMOFUN.exe
  C:\Windows\System\MBMOFUN.exe
  2⤵
  PID:7260
- C:\Windows\System\UNdGHlC.exe
  C:\Windows\System\UNdGHlC.exe
  2⤵
  PID:8280
- C:\Windows\System\FIusVIi.exe
  C:\Windows\System\FIusVIi.exe
  2⤵
  PID:8424
- C:\Windows\System\QmFRAES.exe
  C:\Windows\System\QmFRAES.exe
  2⤵
  PID:8504
- C:\Windows\System\qAdlPAw.exe
  C:\Windows\System\qAdlPAw.exe
  2⤵
  PID:8956
- C:\Windows\System\XkAYIIt.exe
  C:\Windows\System\XkAYIIt.exe
  2⤵
  PID:9084
- C:\Windows\System\XFJsgqm.exe
  C:\Windows\System\XFJsgqm.exe
  2⤵
  PID:9004
- C:\Windows\System\eVCHfCt.exe
  C:\Windows\System\eVCHfCt.exe
  2⤵
  PID:9120
- C:\Windows\System\XtfIJbM.exe
  C:\Windows\System\XtfIJbM.exe
  2⤵
  PID:8440
- C:\Windows\System\oVVwxyI.exe
  C:\Windows\System\oVVwxyI.exe
  2⤵
  PID:8568
- C:\Windows\System\cJQaEEp.exe
  C:\Windows\System\cJQaEEp.exe
  2⤵
  PID:9212
- C:\Windows\System\RmdVZSR.exe
  C:\Windows\System\RmdVZSR.exe
  2⤵
  PID:8972
- C:\Windows\System\fBPhQFy.exe
  C:\Windows\System\fBPhQFy.exe
  2⤵
  PID:8808
- C:\Windows\System\ayxErNj.exe
  C:\Windows\System\ayxErNj.exe
  2⤵
  PID:8896
- C:\Windows\System\AMNjdhd.exe
  C:\Windows\System\AMNjdhd.exe
  2⤵
  PID:8828
- C:\Windows\System\eVzomEY.exe
  C:\Windows\System\eVzomEY.exe
  2⤵
  PID:8728
- C:\Windows\System\XgyKfPc.exe
  C:\Windows\System\XgyKfPc.exe
  2⤵
  PID:9132
- C:\Windows\System\vbLLtSz.exe
  C:\Windows\System\vbLLtSz.exe
  2⤵
  PID:8584
- C:\Windows\System\XxSyJoB.exe
  C:\Windows\System\XxSyJoB.exe
  2⤵
  PID:9204
- C:\Windows\System\mHRseat.exe
  C:\Windows\System\mHRseat.exe
  2⤵
  PID:8548
- C:\Windows\System\rEjPutJ.exe
  C:\Windows\System\rEjPutJ.exe
  2⤵
  PID:9036
- C:\Windows\System\GiToPSY.exe
  C:\Windows\System\GiToPSY.exe
  2⤵
  PID:9160
- C:\Windows\System\kwKNmnI.exe
  C:\Windows\System\kwKNmnI.exe
  2⤵
  PID:8420
- C:\Windows\System\bYiAoLr.exe
  C:\Windows\System\bYiAoLr.exe
  2⤵
  PID:8844
- C:\Windows\System\ZUvqSmo.exe
  C:\Windows\System\ZUvqSmo.exe
  2⤵
  PID:8940
- C:\Windows\System\HXrVLUO.exe
  C:\Windows\System\HXrVLUO.exe
  2⤵
  PID:2120
- C:\Windows\System\zqHRNqV.exe
  C:\Windows\System\zqHRNqV.exe
  2⤵
  PID:8264
- C:\Windows\System\lgMInWu.exe
  C:\Windows\System\lgMInWu.exe
  2⤵
  PID:8636
- C:\Windows\System\KgvhqFV.exe
  C:\Windows\System\KgvhqFV.exe
  2⤵
  PID:8856
- C:\Windows\System\IJeyCTr.exe
  C:\Windows\System\IJeyCTr.exe
  2⤵
  PID:8216
- C:\Windows\System\XWkBBbn.exe
  C:\Windows\System\XWkBBbn.exe
  2⤵
  PID:9196
- C:\Windows\System\RRMsFes.exe
  C:\Windows\System\RRMsFes.exe
  2⤵
  PID:8976
- C:\Windows\System\unVckeg.exe
  C:\Windows\System\unVckeg.exe
  2⤵
  PID:9108
- C:\Windows\System\eEfYLvU.exe
  C:\Windows\System\eEfYLvU.exe
  2⤵
  PID:8328
- C:\Windows\System\OfJxZgW.exe
  C:\Windows\System\OfJxZgW.exe
  2⤵
  PID:8232
- C:\Windows\System\xCIlvXM.exe
  C:\Windows\System\xCIlvXM.exe
  2⤵
  PID:9232
- C:\Windows\System\EdRvlFz.exe
  C:\Windows\System\EdRvlFz.exe
  2⤵
  PID:9248
- C:\Windows\System\QUFfhdx.exe
  C:\Windows\System\QUFfhdx.exe
  2⤵
  PID:9268
- C:\Windows\System\TKDmIkq.exe
  C:\Windows\System\TKDmIkq.exe
  2⤵
  PID:9284
- C:\Windows\System\wcTmPyt.exe
  C:\Windows\System\wcTmPyt.exe
  2⤵
  PID:9304
- C:\Windows\System\JiWXYfD.exe
  C:\Windows\System\JiWXYfD.exe
  2⤵
  PID:9344
- C:\Windows\System\ogmOufs.exe
  C:\Windows\System\ogmOufs.exe
  2⤵
  PID:9368
- C:\Windows\System\gcgdLKE.exe
  C:\Windows\System\gcgdLKE.exe
  2⤵
  PID:9388
- C:\Windows\System\RGaptGo.exe
  C:\Windows\System\RGaptGo.exe
  2⤵
  PID:9408
- C:\Windows\System\qXPnKEt.exe
  C:\Windows\System\qXPnKEt.exe
  2⤵
  PID:9432
- C:\Windows\System\QKxZFEw.exe
  C:\Windows\System\QKxZFEw.exe
  2⤵
  PID:9452
- C:\Windows\System\ZtUzAkn.exe
  C:\Windows\System\ZtUzAkn.exe
  2⤵
  PID:9480
- C:\Windows\System\kJGqCcn.exe
  C:\Windows\System\kJGqCcn.exe
  2⤵
  PID:9496
- C:\Windows\System\bLgyVjb.exe
  C:\Windows\System\bLgyVjb.exe
  2⤵
  PID:9512
- C:\Windows\System\GEKhDVd.exe
  C:\Windows\System\GEKhDVd.exe
  2⤵
  PID:9528
- C:\Windows\System\xuROsCz.exe
  C:\Windows\System\xuROsCz.exe
  2⤵
  PID:9544
- C:\Windows\System\YCNLzpT.exe
  C:\Windows\System\YCNLzpT.exe
  2⤵
  PID:9568
- C:\Windows\System\ujjreoD.exe
  C:\Windows\System\ujjreoD.exe
  2⤵
  PID:9588
- C:\Windows\System\QejVSbb.exe
  C:\Windows\System\QejVSbb.exe
  2⤵
  PID:9604
- C:\Windows\System\OazwWuS.exe
  C:\Windows\System\OazwWuS.exe
  2⤵
  PID:9624
- C:\Windows\System\JPhKdBL.exe
  C:\Windows\System\JPhKdBL.exe
  2⤵
  PID:9640
- C:\Windows\System\bmMXPDk.exe
  C:\Windows\System\bmMXPDk.exe
  2⤵
  PID:9660
- C:\Windows\System\WeKHjWY.exe
  C:\Windows\System\WeKHjWY.exe
  2⤵
  PID:9680
- C:\Windows\System\DEGBzIO.exe
  C:\Windows\System\DEGBzIO.exe
  2⤵
  PID:9696
- C:\Windows\System\OHCaxhS.exe
  C:\Windows\System\OHCaxhS.exe
  2⤵
  PID:9720
- C:\Windows\System\teXjtIn.exe
  C:\Windows\System\teXjtIn.exe
  2⤵
  PID:9744
- C:\Windows\System\DqUbWYa.exe
  C:\Windows\System\DqUbWYa.exe
  2⤵
  PID:9760
- C:\Windows\System\dEpFXLZ.exe
  C:\Windows\System\dEpFXLZ.exe
  2⤵
  PID:9776
- C:\Windows\System\VijtpXz.exe
  C:\Windows\System\VijtpXz.exe
  2⤵
  PID:9796
- C:\Windows\System\sOaaxip.exe
  C:\Windows\System\sOaaxip.exe
  2⤵
  PID:9812
- C:\Windows\System\eUHSrat.exe
  C:\Windows\System\eUHSrat.exe
  2⤵
  PID:9832
- C:\Windows\System\RKbxvlb.exe
  C:\Windows\System\RKbxvlb.exe
  2⤵
  PID:9848
- C:\Windows\System\EKheFYL.exe
  C:\Windows\System\EKheFYL.exe
  2⤵
  PID:9864
- C:\Windows\System\iqlohvA.exe
  C:\Windows\System\iqlohvA.exe
  2⤵
  PID:9880
- C:\Windows\System\bfvJRuS.exe
  C:\Windows\System\bfvJRuS.exe
  2⤵
  PID:9896
- C:\Windows\System\OtLxQVI.exe
  C:\Windows\System\OtLxQVI.exe
  2⤵
  PID:9912
- C:\Windows\System\yFxwaSn.exe
  C:\Windows\System\yFxwaSn.exe
  2⤵
  PID:9928
- C:\Windows\System\SXFBNIv.exe
  C:\Windows\System\SXFBNIv.exe
  2⤵
  PID:9944
- C:\Windows\System\kCrvNVr.exe
  C:\Windows\System\kCrvNVr.exe
  2⤵
  PID:9960
- C:\Windows\System\zQUrhJU.exe
  C:\Windows\System\zQUrhJU.exe
  2⤵
  PID:9976
- C:\Windows\System\HINqBCh.exe
  C:\Windows\System\HINqBCh.exe
  2⤵
  PID:9996
- C:\Windows\System\YsOEVap.exe
  C:\Windows\System\YsOEVap.exe
  2⤵
  PID:10012
- C:\Windows\System\ntyIWLd.exe
  C:\Windows\System\ntyIWLd.exe
  2⤵
  PID:10032
- C:\Windows\System\pBMIBfj.exe
  C:\Windows\System\pBMIBfj.exe
  2⤵
  PID:10048
- C:\Windows\System\DMHXDPy.exe
  C:\Windows\System\DMHXDPy.exe
  2⤵
  PID:10064
- C:\Windows\System\MCrGMrl.exe
  C:\Windows\System\MCrGMrl.exe
  2⤵
  PID:10144
- C:\Windows\System\JrNCLkp.exe
  C:\Windows\System\JrNCLkp.exe
  2⤵
  PID:10176
- C:\Windows\System\vlMfVvR.exe
  C:\Windows\System\vlMfVvR.exe
  2⤵
  PID:10200
- C:\Windows\System\NxcBIpf.exe
  C:\Windows\System\NxcBIpf.exe
  2⤵
  PID:10216
- C:\Windows\System\bsOJqbz.exe
  C:\Windows\System\bsOJqbz.exe
  2⤵
  PID:8732
- C:\Windows\System\OPaaTHY.exe
  C:\Windows\System\OPaaTHY.exe
  2⤵
  PID:9276
- C:\Windows\System\dXvJjCT.exe
  C:\Windows\System\dXvJjCT.exe
  2⤵
  PID:9224
- C:\Windows\System\pPyMzIJ.exe
  C:\Windows\System\pPyMzIJ.exe
  2⤵
  PID:9260
- C:\Windows\System\ZybmfOL.exe
  C:\Windows\System\ZybmfOL.exe
  2⤵
  PID:9300
- C:\Windows\System\qOECQmz.exe
  C:\Windows\System\qOECQmz.exe
  2⤵
  PID:9332
- C:\Windows\System\anMUNaE.exe
  C:\Windows\System\anMUNaE.exe
  2⤵
  PID:9376
- C:\Windows\System\PqoHNNo.exe
  C:\Windows\System\PqoHNNo.exe
  2⤵
  PID:9416
- C:\Windows\System\VdwFHks.exe
  C:\Windows\System\VdwFHks.exe
  2⤵
  PID:9428
- C:\Windows\System\xJizcLD.exe
  C:\Windows\System\xJizcLD.exe
  2⤵
  PID:9460
- C:\Windows\System\lUcWwpw.exe
  C:\Windows\System\lUcWwpw.exe
  2⤵
  PID:9540
- C:\Windows\System\BRyHXGs.exe
  C:\Windows\System\BRyHXGs.exe
  2⤵
  PID:9580
- C:\Windows\System\MvvpsdE.exe
  C:\Windows\System\MvvpsdE.exe
  2⤵
  PID:9648
- C:\Windows\System\WhMoyzn.exe
  C:\Windows\System\WhMoyzn.exe
  2⤵
  PID:9728
- C:\Windows\System\zCEtRXu.exe
  C:\Windows\System\zCEtRXu.exe
  2⤵
  PID:9768
- C:\Windows\System\QDnSDnd.exe
  C:\Windows\System\QDnSDnd.exe
  2⤵
  PID:9872
- C:\Windows\System\cCVkQZg.exe
  C:\Windows\System\cCVkQZg.exe
  2⤵
  PID:9936
- C:\Windows\System\XivNuTH.exe
  C:\Windows\System\XivNuTH.exe
  2⤵
  PID:9520
- C:\Windows\System\CmtWQlq.exe
  C:\Windows\System\CmtWQlq.exe
  2⤵
  PID:9708
- C:\Windows\System\BprPMRp.exe
  C:\Windows\System\BprPMRp.exe
  2⤵
  PID:9828
- C:\Windows\System\tZOUHVA.exe
  C:\Windows\System\tZOUHVA.exe
  2⤵
  PID:9668
- C:\Windows\System\YkJjyzE.exe
  C:\Windows\System\YkJjyzE.exe
  2⤵
  PID:9784
- C:\Windows\System\ORMnhbH.exe
  C:\Windows\System\ORMnhbH.exe
  2⤵
  PID:9920
- C:\Windows\System\nsrtTTi.exe
  C:\Windows\System\nsrtTTi.exe
  2⤵
  PID:9856
- C:\Windows\System\VpgOhfq.exe
  C:\Windows\System\VpgOhfq.exe
  2⤵
  PID:10028
- C:\Windows\System\SpLEvAp.exe
  C:\Windows\System\SpLEvAp.exe
  2⤵
  PID:10056
- C:\Windows\System\VhqMDlN.exe
  C:\Windows\System\VhqMDlN.exe
  2⤵
  PID:10072
- C:\Windows\System\TCFTLTB.exe
  C:\Windows\System\TCFTLTB.exe
  2⤵
  PID:10092
- C:\Windows\System\bjITuqs.exe
  C:\Windows\System\bjITuqs.exe
  2⤵
  PID:10108
- C:\Windows\System\OtnFRua.exe
  C:\Windows\System\OtnFRua.exe
  2⤵
  PID:10124
- C:\Windows\System\BewTiWZ.exe
  C:\Windows\System\BewTiWZ.exe
  2⤵
  PID:10156
- C:\Windows\System\VOmlEzJ.exe
  C:\Windows\System\VOmlEzJ.exe
  2⤵
  PID:10184
- C:\Windows\System\RDHjzbH.exe
  C:\Windows\System\RDHjzbH.exe
  2⤵
  PID:10208
- C:\Windows\System\zaKhGcI.exe
  C:\Windows\System\zaKhGcI.exe
  2⤵
  PID:10232
- C:\Windows\System\wEACsKf.exe
  C:\Windows\System\wEACsKf.exe
  2⤵
  PID:9468
- C:\Windows\System\EcHxiTQ.exe
  C:\Windows\System\EcHxiTQ.exe
  2⤵
  PID:9316
- C:\Windows\System\YQBXGRi.exe
  C:\Windows\System\YQBXGRi.exe
  2⤵
  PID:9296
- C:\Windows\System\NlMqBdS.exe
  C:\Windows\System\NlMqBdS.exe
  2⤵
  PID:9380
- C:\Windows\System\mwzZvlJ.exe
  C:\Windows\System\mwzZvlJ.exe
  2⤵
  PID:9400
- C:\Windows\System\YISbYRq.exe
  C:\Windows\System\YISbYRq.exe
  2⤵
  PID:9420
- C:\Windows\System\OpXTtyB.exe
  C:\Windows\System\OpXTtyB.exe
  2⤵
  PID:9476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BQZZsMY.exe

Filesize
6.1MB

MD5
91d11b102e892dd3997c4e2b8503b6da

SHA1
1fde798a565c9310859fd276565cd002b5d66fd1

SHA256
398acf1a76bcc223b2eb09d6292e67879ce495bb91027708b348d38c4af07323

SHA512
f36900282093083066f29e6a28dcdb52a727d128724857bea071ad6a1eee8217fb9353f4ddcb788b89fb1ce32f1744b1ce6b85811b6080af1581e85b21eac809

Download Submit
C:\Windows\system\EQtSKzo.exe

Filesize
6.1MB

MD5
08524d5307b23de081afba0e38dafe53

SHA1
28d9b12f18e022bbec532574aa052dec440af699

SHA256
3a27ab97b47bdc84f521feefd19fdaece707d043e75e7860214c996d457c1364

SHA512
be34bcf7e317799bb1fa50944c3a3b1f3a98a74f60bc3500357ddee28e46f69d13f5b5da23fdcc4e35389386e162250972796295edc40854d60e20fce5390c1e

Download Submit
C:\Windows\system\EoHZbgH.exe

Filesize
6.1MB

MD5
0a95bd145f63b580f57c7f3e2040a4c3

SHA1
18c7c25ababad7e3f5a2b39c3f2225b622339f8c

SHA256
7238bcf20293614e0120109de5734361d22034a9f9737b9244b742d90be9e974

SHA512
7dfe41af8c31882df2ee0b8e2e1231e7ad78ad742ece663cd8c4b302fceaf98e54e7cfa835acfed5cd9177d27b656a929c3313d339335a0790dc992042119445

Download Submit
C:\Windows\system\GyEOlqq.exe

Filesize
6.1MB

MD5
964665e9df0ef20c75c2a6074811dfc3

SHA1
3b0a5b1fa1f153f8ac6a63fa0a44959a4137eadd

SHA256
a56b054f660a270f92de0b13574be6149dc6bdd5355fd1e2cbcdddc5aa276517

SHA512
3bd62dbabd359a7fb999d5c6f5d1b36ed5d66f377285c1f2253ed72a42f9a710ffc02cda8f4c28f8ccc459f1b3c279a7cffbd836e091e3b61b5008a6371baa96

Download Submit
C:\Windows\system\IKZKUhE.exe

Filesize
6.1MB

MD5
d32d390be1b6f173ac4fb746c661e15d

SHA1
f6d5cc14f73be50a9d2e82891da4b8213ee62ed9

SHA256
eeef6737e0e76820b0ef1e24ed9c141cd9763c67a64ba0b9662f0a90f72f0035

SHA512
27c5c125a707999f7f4ff33102aa68dd871973c7626c75131c1fce62b414ff5488366c61e8f31c288e8e4924f294ad93410478d0d8d4f254916b3593f10a353d

Download Submit
C:\Windows\system\KlXQsAv.exe

Filesize
6.1MB

MD5
b94b85f89cc3f65c5baebdad239916c6

SHA1
0b5c8760e574f9bac75c5ee595da9e0395539947

SHA256
11c61d7883fb9d8a53556bde0de84e1773790e8a65253c6df71f13683d9ef2ef

SHA512
87dd60d46e8d359e245904f21350fa640fa9758b3b7980fa3c37c73fc1c70447c8029daf5049c533262249431d7d9100ac534ea0caa1083e0f1577255713c0b0

Download Submit
C:\Windows\system\OUuVKfI.exe

Filesize
6.1MB

MD5
bfd3e0ad984376bb7602a8f727ccf7d8

SHA1
21f76c7f9a50ebde187a4312cdc3c1722f825647

SHA256
bcd368bec74ba6f3f5d6502cbc36241c783e3da218416b74f6e99b02aac37231

SHA512
38dfcdb6d4b2482b3d3c762c5e76c3d5166a13a59e7a2556d85fef13c84faadfe84ceaa80babc9c0fb78fe8c85ebb8e4c1182dfb800a52b6e5502a21343f06c8

Download Submit
C:\Windows\system\StJYlUb.exe

Filesize
6.1MB

MD5
5423bdc6b65a759425ab110a8b72ae8d

SHA1
e1d36068d23fb0153f8d1d000a43aad3be75e3a2

SHA256
8190c2e8e5a99615ff71c4cd0d96c7d9a9721fe181cc1fb1aa880354b23d1618

SHA512
d89762ef75b59de7169e41a26bea764b371e5565dae94da8582aa310552f41574dcc45ee040fb2ee36d9eda3591a0114a43450f2f71ee3188dee14acc69a2d76

Download Submit
C:\Windows\system\UzMyNBV.exe

Filesize
6.1MB

MD5
b61649f8ccf3a0f013406b6296a6506f

SHA1
30896d30ce4cb63b97f1c54521794697d66843c3

SHA256
53f3cd3776c6046de8043e9ba131c462d3789f7bcceab3640f2a65a7a7b0995d

SHA512
da3b50c6bf39795caf9ccc82a72d0889c4ccd06655954cd3d342c80cf9565373e90ddf1cc1cf47acf3f3e193bc26fd4965c4ac10fa135a3c42d6e742200115e6

Download Submit
C:\Windows\system\apjjADW.exe

Filesize
6.1MB

MD5
c8ad37201facf84f03c3c9fb9482f204

SHA1
c1a775aa3b9406dcf72d8ecedb052e94c9da551a

SHA256
67d8e1afffd5e3ccda6aa25d8d3879d01377386d73ec9868382c2df39cd2b514

SHA512
c26884559aa98e7ada308a5ffef24b3abecaed3720434a90726022d16da0ce524d8364b431bb9f3133a9f7442a6ca2eaa28490732823801b0da5cad8d367f821

Download Submit
C:\Windows\system\bPAMKKD.exe

Filesize
6.1MB

MD5
441bb411175bae2261001ca9923306a9

SHA1
d62618a6c5d92c54ff11cb46f7becd4e9e841c73

SHA256
17fdc94dd7a21104cf034111fa065997e3a3239e053c47a34a924ade0c4b26dc

SHA512
83148fe1d00de68f33861d4d3631e504db633086f99ea20ed5191bfa67e1e2b923493bfd2eb665000d16bb3f27271088077aee9fcd2280fa0fd2d4d7dfacd553

Download Submit
C:\Windows\system\dTbqZgx.exe

Filesize
6.1MB

MD5
989ff53237717af46edbf5adafe0a38b

SHA1
be5edeeb8d7a8b29cd0eb2751c9358754c016529

SHA256
2729accd84c1fffe2c36e2c2725ddef0dc9e5926353368f01c4e358abee533b1

SHA512
deacdceb69a11bf393e04515cd353252ea503c4da3d54cc9127938ddd59b6a3c008f9022e524de7ee11521198ab41b1330c0776fcd8797a868409b20c3cccf46

Download Submit
C:\Windows\system\fvBDMSs.exe

Filesize
6.1MB

MD5
19d3890bc68fd2bb651dfef92b2132d1

SHA1
e4e4aae41d5d6920b063e156eab8917dfda08201

SHA256
f021e6870853f48856b95d1d1cd48946086cb0d8193629bc78f05e0fd75078df

SHA512
72223f5406fc5f5d4aeba999fc6d7e66b6baab5aa9f7cafaa91c2ade3f7347984c38bd8257525bc98a6443bf1711a7f0b41bda4f1f797f82625dbd432a7d76fb

Download Submit
C:\Windows\system\jnFszHh.exe

Filesize
6.1MB

MD5
3fed675c6852a2ea1af4ea9df4e0ee81

SHA1
5f24721a1ca7c719960ba3d86b6ba23bce822647

SHA256
47a4cfb3b2d9bfc73923483e268505e978f729b97aa4d5a295c0bf38ac9dc88c

SHA512
51e62846d177cdc1d492faa968e0847af7beaa87f5633def69e2eb12138557f5588cb92fad7b49cebe21740bec9550ee2d426c52bea0c65cd8bd3f38aab9b444

Download Submit
C:\Windows\system\kEGvyzt.exe

Filesize
6.1MB

MD5
800f1f358283853f5441823137c452f5

SHA1
d9f8010452fd509613b74dd2c08b7c1e15c51957

SHA256
3cbb075df76c4cd84b9f75e9fcc2be8a320dd63485a5e3caa8e4d413eb06fb58

SHA512
1b3a47d577b4e7e21d82e567dd94175fcaf4ffd2d27b36c5823fd116a60825f83e0a344456e1a7b6a513cab778cd0ca51a46922f8dfd874444759b9fea570984

Download Submit
C:\Windows\system\lFTwrHt.exe

Filesize
6.1MB

MD5
f765a3c607200754fe84983222dc3fe6

SHA1
6b497e31bba4fd6c6555b1cbdd61bb6b08ac4aa4

SHA256
101dcde69cb397e5a5ed256250916a0bae7fd9ee7a6785e1b4750d954c080a46

SHA512
799bc837651d33fadb1a97fa34e7589eb0ea925eb3ed5e99796a213334aadc2a894706067f0c47b87beabd91584ee6807504cf590fe71dfb1933de8cdc7913b6

Download Submit
C:\Windows\system\lQpeftg.exe

Filesize
6.1MB

MD5
37f4323f5d95a33a69d3e5339840683f

SHA1
ea9314f421f142582ecf1e9e590a2059617da437

SHA256
14304b8c2f3ff3430d04dbb4471a5d05460966750cde4620d77797eb8f7d0298

SHA512
f418587ce3088aa6b5806cff99b9516e7dedd2975888a5f7cb4b55ca57cd0accdc6c02d60ba4004397a4debfb8c789de1158129aa6a4f4980f369b42f7df2275

Download Submit
C:\Windows\system\lWOvLqg.exe

Filesize
6.1MB

MD5
f9541ad18d312529509e903aadeb5fcd

SHA1
0df9b89b8c65920f74c15e00d47b754e9f6ded0a

SHA256
3314b355ef8264ca574e1d3e1704991826f5af2eb0069a0343eb37372496690d

SHA512
335c1e08d5ed354ba2e0843cda9aef5b8d7b995d8aa05953a01d36b9617468ad2c8074335367bb283a1fd0136af0fdac643843a35a96db4839f37df38697e266

Download Submit
C:\Windows\system\mlrzMLu.exe

Filesize
6.1MB

MD5
ceb6e6381305a8d3f79368947990a680

SHA1
797228df4f092e5312af795d5c19c4a79d3ef082

SHA256
328537bb4ab350fa98fb57a8257f06feafb2f66fdc2d212ceac02788b8aa0011

SHA512
d86faf902edf63e796cce76999580c14c38a4d48c32e1ee8ffa213930bd9b7d508689d8789fa71e876e954822a0182d286024594f225f6351367cf7268fc0aa9

Download Submit
C:\Windows\system\pbvkKVn.exe

Filesize
6.1MB

MD5
83bbf58333ca4d48f1c7f03ff9dbcc72

SHA1
e348677f97a554179e6788aad48f5a5a06c86011

SHA256
963668fbf2f4012aa32d0ef5c53a60e67125b7486c1c02840f410cc5fd1a42d7

SHA512
14983d31bdfed62f884f9ec8a4b901618c6bc65296905551d12a7f33ae70716d2662f8eb26681530ea9a09334c8c208dd9a64dc54483794d55923586be18b8a7

Download Submit
C:\Windows\system\rZrooQd.exe

Filesize
6.1MB

MD5
4ae438018ff8a23f6dac88f6acea095a

SHA1
1f814016af6cecbc89be13ca250c860fadc7967e

SHA256
f7409087fed0213e553f5b01efc1a79a665291a13832525ccc974192abf9202d

SHA512
287a8cdac9ba459c79e0b073a93d3391092c9aeb5f10fc2e1a0af11e142a485dce7ff115c2d75eb27ed9579f0283270e16a027b76fa6d353cd18c21fe0f7a5af

Download Submit
C:\Windows\system\sTHpSfI.exe

Filesize
6.1MB

MD5
69f88f33a53983f346d096fb8ff0a7e5

SHA1
4d9adb9961b6c858d90f49a4938dba4410039504

SHA256
4d44226dc0d44342a9afded01782ccabcc27574a9c7167ef56b473c20cb455ae

SHA512
5465ce3c38870e431f0228a79de2d0b33f550419195eefd008f5990c0548bddac26c3380df797f8adc97f81372996fab9ffeb5cf4174eb07efe0696b226f755c

Download Submit
C:\Windows\system\wFrHFuo.exe

Filesize
6.1MB

MD5
d8ff48f1570fe7f472af03985a947ae3

SHA1
fdd6f0dd94d073f696eb9727ebc8936b3b402b44

SHA256
246e0290fa02ef74e1f0e3dbb3e26928da9f4d205abb07e880a0ac13fb9bd584

SHA512
ab5ea651c6191d235d188fb9e023f099fe002dbe91cff31aaeb8e81463dd8eab9288abc838bc3e62d2345bc3577958a1cf407f9e0b351a094b643c687be4006e

Download Submit
C:\Windows\system\wkbKtLp.exe

Filesize
6.1MB

MD5
2b9b52db519d15a67081a417d90fffa0

SHA1
c424d1bd30203d7d9a957bdf4c4db7ee9bd0627b

SHA256
59e341ba958db5ab7bbf33807ae8b5a66127ac76f3f579270ce2ac9e34baa4c6

SHA512
8de9b24a39a68f1856a837109b93509b9d34c09593117771a66b32b7e61387496346f5c0fb7447488ffe2d61dfb37c707fec2df1d8b01bc27ec419dee5f5c986

Download Submit
C:\Windows\system\zKmOYhg.exe

Filesize
6.1MB

MD5
ea79100a97d295096e0f2a1279bb36f6

SHA1
420dd37bb548e24386a6750c8c01c88e4464cb46

SHA256
9520296220d9ea30eb814f33e63a7c1a396c55678404fc66b5cc3ffb5d732016

SHA512
9a964e8f697dd9a1af1ab70814aee46d19bb60bcb0dcc35caffc85d7f70cd259afd326a18c980def4cf26ccfb0b8981dd604c469a25401c2d40f670ffb25f5a3

Download Submit
C:\Windows\system\zjNReQM.exe

Filesize
6.1MB

MD5
b9863ad7f677600fe4d2626095da7f88

SHA1
7da8b0f0b001ba21525bfa5f9fe1e7ac6dc5f616

SHA256
f08fdc16cbc094da304a8dbb7da7d012d0d6b5f4a4f4efb34520d9ebdf2f0652

SHA512
094a4f6852681ff045536cf8794c2315f7407eed0b1ddb4b1c6a3bfa9e5b61ea14d9b68fb28f0e8af0635b675886d9475e1c674b112284f30b50e2d9f525458e

Download Submit
C:\Windows\system\zoIHNxR.exe

Filesize
6.1MB

MD5
80dd31d2c2c8bca42abc6676b7e8cf60

SHA1
c613ceeb3fe340724bec08cede22e53710b535fa

SHA256
1457c7ff4884b42efab2fb421525f67f1f6970db7de37feac94feb45f52f6000

SHA512
d94adb11d9c52af17b65fdfe192098f41ce70f6f3d9466f74718113d2fc7199014fb530cc80517c045b2449841a9bdcfb01e6f6e2b7e95cc64bf396dac523f04

Download Submit
\Windows\system\CsdEIZH.exe

Filesize
6.1MB

MD5
e9e7adfedee855a8c5573c0aa3538b19

SHA1
f4c4db36ee11a450bf1151f1e6d35de5f9f189b5

SHA256
05bca543c64e7d26f4a1678a5f126f53fb3611593a46d89b378b589e38c854e0

SHA512
b239210e58ec12833ae16b087604e74c3479b5d31531826cec8f48dcbc46ca11c3b19e1d8b4842924d0425c4c455066877bec202bcd88c36c722e25e5e0e3493

Download Submit
\Windows\system\HKbYSzz.exe

Filesize
6.1MB

MD5
46ca80ca7a5817b03fe3fc28802f8332

SHA1
f1dd8b2b3afd5f93dd895d4b7a3f818103249d0d

SHA256
b12f51e696350c3ac64d04323b278bf038cb79b133fed5582461220ebe57d4f4

SHA512
4005eee7e356925a4b9f7679c68397e60bb2dc23223fd76493ad91454a8a669a0823702f11477677f9425768d30bfa8c47bde5d40670cc39804b23c929333060

Download Submit
\Windows\system\KCYPwKF.exe

Filesize
6.1MB

MD5
195c0cd9fc90738f01fc8a194ffd8e92

SHA1
9d9314ff80e041647e8347c1e324c3359825036d

SHA256
f7d9a6d1cb3af456adc4922b70f1c9c4228a093538738c555b5352c306f5a628

SHA512
834d60c00a0620c9cc8c6caa9d224e0e2f0e0031ac8ad5859c9dab465576099fbe772767d9b4fe72dbfa8eef3204625b465cf3c7950763315813516118d390d7

Download Submit
\Windows\system\ftlWeIF.exe

Filesize
6.1MB

MD5
cb988963cf5297371ec3581f2bcf45c4

SHA1
b23f065a97037778f1299bbc1b06835c6485569b

SHA256
4671c3db72d91c84bf058cf48eb8d06e6b415c9682ee00f9822292ca8ba3f566

SHA512
df1be7555d6d67536e944f7995f868b0f30b56628bb4e6a0febaffe322599f5e198fcdb7f866e9d803be4760707df36a5d1d7f33bd4111d0142d9f8c62a079e8

Download Submit
\Windows\system\zboZWzK.exe

Filesize
6.1MB

MD5
e18943d50c157cd9786ba04b626517a7

SHA1
750343f6865b5c8958eced743031925d341d6019

SHA256
e4f2c25c6f8df5b98136e062f18dccdd3f2b277f8113a09e66865331fbbdca0f

SHA512
ec8e04eae2982167d9965c6c8bbe5488f17d17015d4c333f2585663de642d2dcc0310ae92cc8350fb1efe3bd4ea33da67970ee30ec5de0bec24c3d44e22089f3

Download Submit
memory/1304-4029-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/1304-507-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-4007-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2200-509-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1557-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1550-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-508-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-512-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-506-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2220-504-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-6-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2220-502-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1559-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2220-500-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2220-510-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-498-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-513-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2220-496-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1316-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2220-494-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1545-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-492-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1549-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-490-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-0-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2220-486-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1558-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1556-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1211-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1546-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1547-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1548-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1555-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1551-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1553-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1554-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-511-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-4016-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3992-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2564-501-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2568-495-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3980-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2588-505-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-3994-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-489-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3981-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2668-503-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3991-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3995-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-497-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3993-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2796-499-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2832-1327-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3967-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2832-452-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2884-493-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3989-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-491-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-4037-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-471-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2972-3990-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download