cobaltstrike | 2183d069a7eb7135324167703d1fcbc3fc6120b576e55f291381e74176e91a26

Analysis

max time kernel
117s
max time network
22s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
16-11-2024 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

c638e816968277e9e5841400e05a30c4
SHA1

94cc2be17ced0099ed64a067bdd32dca94bff907
SHA256

2183d069a7eb7135324167703d1fcbc3fc6120b576e55f291381e74176e91a26
SHA512

6eed8256b130a06cea19606e7e4e0be726fdc04a5fecd9a5d6af741852d8c7577dc17d9fab66c957fd8034759ddadaf4b09b453419d195fdfbb72785f80a621b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUt:T+q56utgpPF8u/7t

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0009000000017530-11.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c6-28.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186ca-30.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018710-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019608-92.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-81.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195d6-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019606-87.dat	cobalt_reflective_dll
behavioral1/files/0x0039000000016de6-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019604-70.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186cc-42.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186d9-47.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000175ae-10.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000120fd-6.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1856-0-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/1856-7-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/files/0x0009000000017530-11.dat	xmrig
behavioral1/memory/2264-14-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2288-16-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000186c6-28.dat	xmrig
behavioral1/files/0x00060000000186ca-30.dat	xmrig
behavioral1/memory/2788-43-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/1856-75-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/files/0x0008000000018710-56.dat	xmrig
behavioral1/files/0x0005000000019926-138.dat	xmrig
behavioral1/files/0x0005000000019c3e-153.dat	xmrig
behavioral1/memory/1988-703-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2376-540-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2680-538-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/3048-457-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/1856-453-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2720-291-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a075-193.dat	xmrig
behavioral1/files/0x0005000000019f94-188.dat	xmrig
behavioral1/files/0x0005000000019f8a-183.dat	xmrig
behavioral1/files/0x0005000000019dbf-178.dat	xmrig
behavioral1/files/0x0005000000019d8e-173.dat	xmrig
behavioral1/files/0x0005000000019cca-168.dat	xmrig
behavioral1/files/0x0005000000019cba-163.dat	xmrig
behavioral1/files/0x0005000000019c57-158.dat	xmrig
behavioral1/files/0x0005000000019c3c-149.dat	xmrig
behavioral1/files/0x0005000000019c34-143.dat	xmrig
behavioral1/files/0x00050000000196a1-134.dat	xmrig
behavioral1/files/0x000500000001961e-124.dat	xmrig
behavioral1/files/0x000500000001960c-114.dat	xmrig
behavioral1/files/0x0005000000019667-128.dat	xmrig
behavioral1/files/0x000500000001961c-118.dat	xmrig
behavioral1/memory/2788-110-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2860-109-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/files/0x0005000000019608-92.dat	xmrig
behavioral1/files/0x000500000001960a-102.dat	xmrig
behavioral1/memory/2376-84-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2680-83-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019605-81.dat	xmrig
behavioral1/files/0x00060000000195d6-80.dat	xmrig
behavioral1/memory/1988-91-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/1856-90-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2984-89-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019606-87.dat	xmrig
behavioral1/memory/2720-64-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x0039000000016de6-65.dat	xmrig
behavioral1/memory/3048-76-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/1856-74-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2844-73-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2624-71-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/files/0x0005000000019604-70.dat	xmrig
behavioral1/memory/1856-60-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/1856-52-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2140-51-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/files/0x00060000000186cc-42.dat	xmrig
behavioral1/files/0x00060000000186d9-47.dat	xmrig
behavioral1/memory/1856-41-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2804-40-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2984-29-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2844-26-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x00080000000175ae-10.dat	xmrig
behavioral1/files/0x00080000000120fd-6.dat	xmrig
behavioral1/memory/2288-3103-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2264	mFIpIBe.exe
2288	FdZiyPf.exe
2844	MYZmmls.exe
2984	BTVmQRr.exe
2804	IdhLWun.exe
2788	gRpZASm.exe
2140	konxCTd.exe
2720	ztPOlpj.exe
2624	uudygmU.exe
3048	YGYBaWw.exe
2680	pxWqUaI.exe
2376	RCDnfSm.exe
1988	tnmJNps.exe
2860	FxzUEZO.exe
2156	CvQKfOL.exe
2164	cYTxBoS.exe
2664	ACPcfKL.exe
2260	TENmFUc.exe
2428	osrPsXY.exe
2312	OBBwUzO.exe
1200	BUMMtyz.exe
592	teiHzWN.exe
1788	MqKStOE.exe
752	LAVpakM.exe
1924	OqwGMwd.exe
2440	NeUxUFA.exe
1956	RuWIKGu.exe
2200	wbNzbxV.exe
3008	NNLVZIA.exe
1896	bNNompG.exe
1356	fmbnwGm.exe
1436	rftmQdh.exe
932	jkEBUCg.exe
2120	jzfxrQC.exe
3024	VbTuyiR.exe
1224	nOfuYxM.exe
1756	MvADjdS.exe
1744	KMzqDOW.exe
2348	xPDacJn.exe
2468	khKgNCj.exe
3016	QCvBCdD.exe
1240	iaYHmCN.exe
2112	rsINDKk.exe
328	KSAtNVm.exe
748	XqANUJT.exe
288	ZKWmeHl.exe
2544	wPShDMj.exe
1724	bgltIkO.exe
1692	yMKiETF.exe
2792	fDnfmyG.exe
2756	vkSuHGg.exe
2840	FeflSBm.exe
2820	QeOSUhS.exe
2908	ETaIkzi.exe
3056	VvDPnCt.exe
1900	IxUanQX.exe
2084	pGtdruI.exe
584	rycSbrk.exe
1280	xXPFidF.exe
2324	rjdYOTa.exe
2384	MZqDJUC.exe
2192	muPJMYL.exe
1912	TeRyQCM.exe
2964	RTlghpW.exe

Loads dropped DLL 64 IoCs

pid	Process
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1856-0-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x0009000000017530-11.dat	upx
behavioral1/memory/2264-14-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2288-16-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x00060000000186c6-28.dat	upx
behavioral1/files/0x00060000000186ca-30.dat	upx
behavioral1/memory/2788-43-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x0008000000018710-56.dat	upx
behavioral1/files/0x0005000000019926-138.dat	upx
behavioral1/files/0x0005000000019c3e-153.dat	upx
behavioral1/memory/1988-703-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2376-540-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2680-538-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/3048-457-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2720-291-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x000500000001a075-193.dat	upx
behavioral1/files/0x0005000000019f94-188.dat	upx
behavioral1/files/0x0005000000019f8a-183.dat	upx
behavioral1/files/0x0005000000019dbf-178.dat	upx
behavioral1/files/0x0005000000019d8e-173.dat	upx
behavioral1/files/0x0005000000019cca-168.dat	upx
behavioral1/files/0x0005000000019cba-163.dat	upx
behavioral1/files/0x0005000000019c57-158.dat	upx
behavioral1/files/0x0005000000019c3c-149.dat	upx
behavioral1/files/0x0005000000019c34-143.dat	upx
behavioral1/files/0x00050000000196a1-134.dat	upx
behavioral1/files/0x000500000001961e-124.dat	upx
behavioral1/files/0x000500000001960c-114.dat	upx
behavioral1/files/0x0005000000019667-128.dat	upx
behavioral1/files/0x000500000001961c-118.dat	upx
behavioral1/memory/2788-110-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2860-109-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/files/0x0005000000019608-92.dat	upx
behavioral1/files/0x000500000001960a-102.dat	upx
behavioral1/memory/2376-84-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2680-83-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x0005000000019605-81.dat	upx
behavioral1/files/0x00060000000195d6-80.dat	upx
behavioral1/memory/1988-91-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2984-89-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x0005000000019606-87.dat	upx
behavioral1/memory/2720-64-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x0039000000016de6-65.dat	upx
behavioral1/memory/3048-76-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2844-73-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2624-71-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/files/0x0005000000019604-70.dat	upx
behavioral1/memory/1856-52-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2140-51-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/files/0x00060000000186cc-42.dat	upx
behavioral1/files/0x00060000000186d9-47.dat	upx
behavioral1/memory/2804-40-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2984-29-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2844-26-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/files/0x00080000000175ae-10.dat	upx
behavioral1/memory/1856-13-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-6.dat	upx
behavioral1/memory/2288-3103-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2264-3104-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2788-3107-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2624-3106-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2844-3105-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/3048-3110-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2376-3113-0x000000013F440000-0x000000013F794000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ichSUds.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SPssSLy.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NhzUtZe.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IwHWMDB.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DyqOHkA.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pBrfTeo.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GZBVacA.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FTIGDlo.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fRRMTyJ.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvzOKQx.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iDTUAjU.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SBsPVvR.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kmPHkrn.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AAAEZGk.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owxTwqn.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XXHrZPZ.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ocUSYVs.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZbfmPvN.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMESOvc.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KjAqlYV.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdpXTRq.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VgoOfIn.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xlSCxlU.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lwFRVkZ.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGfEFTd.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WFVtITp.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ocRMFnZ.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kotFdHY.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mmRvDzN.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ofmnhgX.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rHTPoNh.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BXvbhMt.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vGgIUJs.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jjGhFyh.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VJNficA.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wVYmRqY.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TIZsxuw.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KnojSUp.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WulMaia.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DUlesRi.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\konxCTd.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wBWwDrt.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rTXYVGa.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rMEThNR.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XgpfTeQ.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LKkcrdX.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DrESkaV.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TyImQIZ.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSQOKyg.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EJbSoUu.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbLqNTU.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nQTnnhZ.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gVYIKqu.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\viDcQwP.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SlImGAb.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JwAfrfT.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQqzxxd.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnqhiFa.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yZsuEpj.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jleqYRV.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYZgrmp.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DaXSLiP.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aRlGcZe.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HQdgfbb.exe	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 2264	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1856 wrote to memory of 2264	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1856 wrote to memory of 2264	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1856 wrote to memory of 2288	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1856 wrote to memory of 2288	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1856 wrote to memory of 2288	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1856 wrote to memory of 2844	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1856 wrote to memory of 2844	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1856 wrote to memory of 2844	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1856 wrote to memory of 2984	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1856 wrote to memory of 2984	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1856 wrote to memory of 2984	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1856 wrote to memory of 2804	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1856 wrote to memory of 2804	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1856 wrote to memory of 2804	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1856 wrote to memory of 2788	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1856 wrote to memory of 2788	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1856 wrote to memory of 2788	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1856 wrote to memory of 2140	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1856 wrote to memory of 2140	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1856 wrote to memory of 2140	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1856 wrote to memory of 2720	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1856 wrote to memory of 2720	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1856 wrote to memory of 2720	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1856 wrote to memory of 2624	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1856 wrote to memory of 2624	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1856 wrote to memory of 2624	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1856 wrote to memory of 2680	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1856 wrote to memory of 2680	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1856 wrote to memory of 2680	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1856 wrote to memory of 3048	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1856 wrote to memory of 3048	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1856 wrote to memory of 3048	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1856 wrote to memory of 2376	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1856 wrote to memory of 2376	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1856 wrote to memory of 2376	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1856 wrote to memory of 1988	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1856 wrote to memory of 1988	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1856 wrote to memory of 1988	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1856 wrote to memory of 2156	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1856 wrote to memory of 2156	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1856 wrote to memory of 2156	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1856 wrote to memory of 2860	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1856 wrote to memory of 2860	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1856 wrote to memory of 2860	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1856 wrote to memory of 2164	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1856 wrote to memory of 2164	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1856 wrote to memory of 2164	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1856 wrote to memory of 2664	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1856 wrote to memory of 2664	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1856 wrote to memory of 2664	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1856 wrote to memory of 2260	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1856 wrote to memory of 2260	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1856 wrote to memory of 2260	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1856 wrote to memory of 2428	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1856 wrote to memory of 2428	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1856 wrote to memory of 2428	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1856 wrote to memory of 2312	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1856 wrote to memory of 2312	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1856 wrote to memory of 2312	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1856 wrote to memory of 1200	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1856 wrote to memory of 1200	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1856 wrote to memory of 1200	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1856 wrote to memory of 592	1856	2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-16_c638e816968277e9e5841400e05a30c4_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Windows\System\mFIpIBe.exe
  C:\Windows\System\mFIpIBe.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\FdZiyPf.exe
  C:\Windows\System\FdZiyPf.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\MYZmmls.exe
  C:\Windows\System\MYZmmls.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\BTVmQRr.exe
  C:\Windows\System\BTVmQRr.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\IdhLWun.exe
  C:\Windows\System\IdhLWun.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\gRpZASm.exe
  C:\Windows\System\gRpZASm.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\konxCTd.exe
  C:\Windows\System\konxCTd.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\ztPOlpj.exe
  C:\Windows\System\ztPOlpj.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\uudygmU.exe
  C:\Windows\System\uudygmU.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\pxWqUaI.exe
  C:\Windows\System\pxWqUaI.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\YGYBaWw.exe
  C:\Windows\System\YGYBaWw.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\RCDnfSm.exe
  C:\Windows\System\RCDnfSm.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\tnmJNps.exe
  C:\Windows\System\tnmJNps.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\CvQKfOL.exe
  C:\Windows\System\CvQKfOL.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\FxzUEZO.exe
  C:\Windows\System\FxzUEZO.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\cYTxBoS.exe
  C:\Windows\System\cYTxBoS.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\ACPcfKL.exe
  C:\Windows\System\ACPcfKL.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\TENmFUc.exe
  C:\Windows\System\TENmFUc.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\osrPsXY.exe
  C:\Windows\System\osrPsXY.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\OBBwUzO.exe
  C:\Windows\System\OBBwUzO.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\BUMMtyz.exe
  C:\Windows\System\BUMMtyz.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\teiHzWN.exe
  C:\Windows\System\teiHzWN.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\MqKStOE.exe
  C:\Windows\System\MqKStOE.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\LAVpakM.exe
  C:\Windows\System\LAVpakM.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\OqwGMwd.exe
  C:\Windows\System\OqwGMwd.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\NeUxUFA.exe
  C:\Windows\System\NeUxUFA.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\RuWIKGu.exe
  C:\Windows\System\RuWIKGu.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\wbNzbxV.exe
  C:\Windows\System\wbNzbxV.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\NNLVZIA.exe
  C:\Windows\System\NNLVZIA.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\bNNompG.exe
  C:\Windows\System\bNNompG.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\fmbnwGm.exe
  C:\Windows\System\fmbnwGm.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\rftmQdh.exe
  C:\Windows\System\rftmQdh.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\jkEBUCg.exe
  C:\Windows\System\jkEBUCg.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\jzfxrQC.exe
  C:\Windows\System\jzfxrQC.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\VbTuyiR.exe
  C:\Windows\System\VbTuyiR.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\nOfuYxM.exe
  C:\Windows\System\nOfuYxM.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\MvADjdS.exe
  C:\Windows\System\MvADjdS.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\KMzqDOW.exe
  C:\Windows\System\KMzqDOW.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\xPDacJn.exe
  C:\Windows\System\xPDacJn.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\khKgNCj.exe
  C:\Windows\System\khKgNCj.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\QCvBCdD.exe
  C:\Windows\System\QCvBCdD.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\iaYHmCN.exe
  C:\Windows\System\iaYHmCN.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\rsINDKk.exe
  C:\Windows\System\rsINDKk.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\KSAtNVm.exe
  C:\Windows\System\KSAtNVm.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\XqANUJT.exe
  C:\Windows\System\XqANUJT.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\ZKWmeHl.exe
  C:\Windows\System\ZKWmeHl.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\wPShDMj.exe
  C:\Windows\System\wPShDMj.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\bgltIkO.exe
  C:\Windows\System\bgltIkO.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\yMKiETF.exe
  C:\Windows\System\yMKiETF.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\fDnfmyG.exe
  C:\Windows\System\fDnfmyG.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\vkSuHGg.exe
  C:\Windows\System\vkSuHGg.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\FeflSBm.exe
  C:\Windows\System\FeflSBm.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\QeOSUhS.exe
  C:\Windows\System\QeOSUhS.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\ETaIkzi.exe
  C:\Windows\System\ETaIkzi.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\VvDPnCt.exe
  C:\Windows\System\VvDPnCt.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\IxUanQX.exe
  C:\Windows\System\IxUanQX.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\pGtdruI.exe
  C:\Windows\System\pGtdruI.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\rycSbrk.exe
  C:\Windows\System\rycSbrk.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\xXPFidF.exe
  C:\Windows\System\xXPFidF.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\rjdYOTa.exe
  C:\Windows\System\rjdYOTa.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\MZqDJUC.exe
  C:\Windows\System\MZqDJUC.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\muPJMYL.exe
  C:\Windows\System\muPJMYL.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\TeRyQCM.exe
  C:\Windows\System\TeRyQCM.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\RTlghpW.exe
  C:\Windows\System\RTlghpW.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\flvBnGv.exe
  C:\Windows\System\flvBnGv.exe
  2⤵
  PID:1460
- C:\Windows\System\ZwjpyXE.exe
  C:\Windows\System\ZwjpyXE.exe
  2⤵
  PID:1424
- C:\Windows\System\VtCTZGs.exe
  C:\Windows\System\VtCTZGs.exe
  2⤵
  PID:1696
- C:\Windows\System\XFyprkQ.exe
  C:\Windows\System\XFyprkQ.exe
  2⤵
  PID:1592
- C:\Windows\System\FGxMeIb.exe
  C:\Windows\System\FGxMeIb.exe
  2⤵
  PID:1888
- C:\Windows\System\LDnpdQh.exe
  C:\Windows\System\LDnpdQh.exe
  2⤵
  PID:2088
- C:\Windows\System\HewQxyi.exe
  C:\Windows\System\HewQxyi.exe
  2⤵
  PID:1108
- C:\Windows\System\dSQOKyg.exe
  C:\Windows\System\dSQOKyg.exe
  2⤵
  PID:856
- C:\Windows\System\skMtHss.exe
  C:\Windows\System\skMtHss.exe
  2⤵
  PID:1040
- C:\Windows\System\SaGmdol.exe
  C:\Windows\System\SaGmdol.exe
  2⤵
  PID:1584
- C:\Windows\System\IEBGcDq.exe
  C:\Windows\System\IEBGcDq.exe
  2⤵
  PID:1580
- C:\Windows\System\ZaaEAyT.exe
  C:\Windows\System\ZaaEAyT.exe
  2⤵
  PID:1480
- C:\Windows\System\YoVqSDN.exe
  C:\Windows\System\YoVqSDN.exe
  2⤵
  PID:1916
- C:\Windows\System\QPCVxhT.exe
  C:\Windows\System\QPCVxhT.exe
  2⤵
  PID:2436
- C:\Windows\System\vsSwugc.exe
  C:\Windows\System\vsSwugc.exe
  2⤵
  PID:3108
- C:\Windows\System\pECwzXP.exe
  C:\Windows\System\pECwzXP.exe
  2⤵
  PID:3128
- C:\Windows\System\ZodoKKc.exe
  C:\Windows\System\ZodoKKc.exe
  2⤵
  PID:3148
- C:\Windows\System\nPJgBXF.exe
  C:\Windows\System\nPJgBXF.exe
  2⤵
  PID:3168
- C:\Windows\System\feJxrJN.exe
  C:\Windows\System\feJxrJN.exe
  2⤵
  PID:3188
- C:\Windows\System\NOYwVUJ.exe
  C:\Windows\System\NOYwVUJ.exe
  2⤵
  PID:3208
- C:\Windows\System\CYaTkKq.exe
  C:\Windows\System\CYaTkKq.exe
  2⤵
  PID:3228
- C:\Windows\System\kzTPtZL.exe
  C:\Windows\System\kzTPtZL.exe
  2⤵
  PID:3248
- C:\Windows\System\UWyxVXB.exe
  C:\Windows\System\UWyxVXB.exe
  2⤵
  PID:3268
- C:\Windows\System\wBWwDrt.exe
  C:\Windows\System\wBWwDrt.exe
  2⤵
  PID:3288
- C:\Windows\System\NTmyAXB.exe
  C:\Windows\System\NTmyAXB.exe
  2⤵
  PID:3308
- C:\Windows\System\PIUYaOm.exe
  C:\Windows\System\PIUYaOm.exe
  2⤵
  PID:3328
- C:\Windows\System\dFzFSzM.exe
  C:\Windows\System\dFzFSzM.exe
  2⤵
  PID:3348
- C:\Windows\System\VVYJNCq.exe
  C:\Windows\System\VVYJNCq.exe
  2⤵
  PID:3368
- C:\Windows\System\jPVUCUZ.exe
  C:\Windows\System\jPVUCUZ.exe
  2⤵
  PID:3388
- C:\Windows\System\SvmcQJx.exe
  C:\Windows\System\SvmcQJx.exe
  2⤵
  PID:3408
- C:\Windows\System\hikMCif.exe
  C:\Windows\System\hikMCif.exe
  2⤵
  PID:3428
- C:\Windows\System\YKWmZNc.exe
  C:\Windows\System\YKWmZNc.exe
  2⤵
  PID:3448
- C:\Windows\System\BOGrpVd.exe
  C:\Windows\System\BOGrpVd.exe
  2⤵
  PID:3468
- C:\Windows\System\xstXxXx.exe
  C:\Windows\System\xstXxXx.exe
  2⤵
  PID:3488
- C:\Windows\System\YyYeQbd.exe
  C:\Windows\System\YyYeQbd.exe
  2⤵
  PID:3508
- C:\Windows\System\SMkqtui.exe
  C:\Windows\System\SMkqtui.exe
  2⤵
  PID:3524
- C:\Windows\System\pwbxzhO.exe
  C:\Windows\System\pwbxzhO.exe
  2⤵
  PID:3548
- C:\Windows\System\qQtQDqB.exe
  C:\Windows\System\qQtQDqB.exe
  2⤵
  PID:3568
- C:\Windows\System\LtFMLRK.exe
  C:\Windows\System\LtFMLRK.exe
  2⤵
  PID:3684
- C:\Windows\System\LkfLthl.exe
  C:\Windows\System\LkfLthl.exe
  2⤵
  PID:3704
- C:\Windows\System\corpNIN.exe
  C:\Windows\System\corpNIN.exe
  2⤵
  PID:3724
- C:\Windows\System\HDeQgUm.exe
  C:\Windows\System\HDeQgUm.exe
  2⤵
  PID:3744
- C:\Windows\System\COwkLBl.exe
  C:\Windows\System\COwkLBl.exe
  2⤵
  PID:3764
- C:\Windows\System\BFZeCyx.exe
  C:\Windows\System\BFZeCyx.exe
  2⤵
  PID:3784
- C:\Windows\System\DFbhYeO.exe
  C:\Windows\System\DFbhYeO.exe
  2⤵
  PID:3804
- C:\Windows\System\nONNLrD.exe
  C:\Windows\System\nONNLrD.exe
  2⤵
  PID:3824
- C:\Windows\System\XLknflJ.exe
  C:\Windows\System\XLknflJ.exe
  2⤵
  PID:3844
- C:\Windows\System\gErhCRe.exe
  C:\Windows\System\gErhCRe.exe
  2⤵
  PID:3864
- C:\Windows\System\cXTEBCq.exe
  C:\Windows\System\cXTEBCq.exe
  2⤵
  PID:3884
- C:\Windows\System\BRgQhgc.exe
  C:\Windows\System\BRgQhgc.exe
  2⤵
  PID:3904
- C:\Windows\System\wedfkQv.exe
  C:\Windows\System\wedfkQv.exe
  2⤵
  PID:3924
- C:\Windows\System\dAEHBJQ.exe
  C:\Windows\System\dAEHBJQ.exe
  2⤵
  PID:3944
- C:\Windows\System\LqaWAex.exe
  C:\Windows\System\LqaWAex.exe
  2⤵
  PID:3964
- C:\Windows\System\DNbuHkE.exe
  C:\Windows\System\DNbuHkE.exe
  2⤵
  PID:3992
- C:\Windows\System\XHgDnfw.exe
  C:\Windows\System\XHgDnfw.exe
  2⤵
  PID:4008
- C:\Windows\System\LcJfHLl.exe
  C:\Windows\System\LcJfHLl.exe
  2⤵
  PID:4028
- C:\Windows\System\uLhiDqa.exe
  C:\Windows\System\uLhiDqa.exe
  2⤵
  PID:4048
- C:\Windows\System\VUSjSSW.exe
  C:\Windows\System\VUSjSSW.exe
  2⤵
  PID:4072
- C:\Windows\System\BbejTAz.exe
  C:\Windows\System\BbejTAz.exe
  2⤵
  PID:2232
- C:\Windows\System\qhlncFJ.exe
  C:\Windows\System\qhlncFJ.exe
  2⤵
  PID:1088
- C:\Windows\System\UaoxxIA.exe
  C:\Windows\System\UaoxxIA.exe
  2⤵
  PID:2116
- C:\Windows\System\jsKVuJx.exe
  C:\Windows\System\jsKVuJx.exe
  2⤵
  PID:980
- C:\Windows\System\lwmMPcc.exe
  C:\Windows\System\lwmMPcc.exe
  2⤵
  PID:2768
- C:\Windows\System\JfshjbF.exe
  C:\Windows\System\JfshjbF.exe
  2⤵
  PID:3124
- C:\Windows\System\iQAxRHd.exe
  C:\Windows\System\iQAxRHd.exe
  2⤵
  PID:3136
- C:\Windows\System\lYxnAeM.exe
  C:\Windows\System\lYxnAeM.exe
  2⤵
  PID:3160
- C:\Windows\System\ySYCnya.exe
  C:\Windows\System\ySYCnya.exe
  2⤵
  PID:3184
- C:\Windows\System\vdXDCUG.exe
  C:\Windows\System\vdXDCUG.exe
  2⤵
  PID:3224
- C:\Windows\System\OYhjLhW.exe
  C:\Windows\System\OYhjLhW.exe
  2⤵
  PID:3276
- C:\Windows\System\YpZdnYU.exe
  C:\Windows\System\YpZdnYU.exe
  2⤵
  PID:3316
- C:\Windows\System\wHnbIqn.exe
  C:\Windows\System\wHnbIqn.exe
  2⤵
  PID:3356
- C:\Windows\System\djCQdxf.exe
  C:\Windows\System\djCQdxf.exe
  2⤵
  PID:3360
- C:\Windows\System\kipBCkI.exe
  C:\Windows\System\kipBCkI.exe
  2⤵
  PID:3444
- C:\Windows\System\zseRDcm.exe
  C:\Windows\System\zseRDcm.exe
  2⤵
  PID:3476
- C:\Windows\System\vPryQkm.exe
  C:\Windows\System\vPryQkm.exe
  2⤵
  PID:3420
- C:\Windows\System\iwQatUN.exe
  C:\Windows\System\iwQatUN.exe
  2⤵
  PID:3516
- C:\Windows\System\eSghtwN.exe
  C:\Windows\System\eSghtwN.exe
  2⤵
  PID:3532
- C:\Windows\System\MKCsGiP.exe
  C:\Windows\System\MKCsGiP.exe
  2⤵
  PID:3536
- C:\Windows\System\LBrEMUG.exe
  C:\Windows\System\LBrEMUG.exe
  2⤵
  PID:3696
- C:\Windows\System\ysiJiNu.exe
  C:\Windows\System\ysiJiNu.exe
  2⤵
  PID:3772
- C:\Windows\System\bBlEgoJ.exe
  C:\Windows\System\bBlEgoJ.exe
  2⤵
  PID:3820
- C:\Windows\System\TTSEvFU.exe
  C:\Windows\System\TTSEvFU.exe
  2⤵
  PID:3756
- C:\Windows\System\iiIEjKJ.exe
  C:\Windows\System\iiIEjKJ.exe
  2⤵
  PID:3832
- C:\Windows\System\CWpoVTc.exe
  C:\Windows\System\CWpoVTc.exe
  2⤵
  PID:3872
- C:\Windows\System\JptccBb.exe
  C:\Windows\System\JptccBb.exe
  2⤵
  PID:3876
- C:\Windows\System\kqbzytF.exe
  C:\Windows\System\kqbzytF.exe
  2⤵
  PID:3920
- C:\Windows\System\CqBhJkf.exe
  C:\Windows\System\CqBhJkf.exe
  2⤵
  PID:4092
- C:\Windows\System\pSeYSlc.exe
  C:\Windows\System\pSeYSlc.exe
  2⤵
  PID:2808
- C:\Windows\System\Rnvjosl.exe
  C:\Windows\System\Rnvjosl.exe
  2⤵
  PID:3028
- C:\Windows\System\oPleBXn.exe
  C:\Windows\System\oPleBXn.exe
  2⤵
  PID:3196
- C:\Windows\System\RxtgzAV.exe
  C:\Windows\System\RxtgzAV.exe
  2⤵
  PID:4108
- C:\Windows\System\nSlIzVc.exe
  C:\Windows\System\nSlIzVc.exe
  2⤵
  PID:4128
- C:\Windows\System\RibuRkl.exe
  C:\Windows\System\RibuRkl.exe
  2⤵
  PID:4148
- C:\Windows\System\WFKAGzi.exe
  C:\Windows\System\WFKAGzi.exe
  2⤵
  PID:4168
- C:\Windows\System\QiMoHeA.exe
  C:\Windows\System\QiMoHeA.exe
  2⤵
  PID:4188
- C:\Windows\System\sSsVjFm.exe
  C:\Windows\System\sSsVjFm.exe
  2⤵
  PID:4208
- C:\Windows\System\BijyJFf.exe
  C:\Windows\System\BijyJFf.exe
  2⤵
  PID:4228
- C:\Windows\System\rTXYVGa.exe
  C:\Windows\System\rTXYVGa.exe
  2⤵
  PID:4248
- C:\Windows\System\zeWYFbh.exe
  C:\Windows\System\zeWYFbh.exe
  2⤵
  PID:4268
- C:\Windows\System\iiLjhtk.exe
  C:\Windows\System\iiLjhtk.exe
  2⤵
  PID:4288
- C:\Windows\System\dbBiVrI.exe
  C:\Windows\System\dbBiVrI.exe
  2⤵
  PID:4308
- C:\Windows\System\obqmWho.exe
  C:\Windows\System\obqmWho.exe
  2⤵
  PID:4328
- C:\Windows\System\DuSHKOy.exe
  C:\Windows\System\DuSHKOy.exe
  2⤵
  PID:4348
- C:\Windows\System\pTdtjwa.exe
  C:\Windows\System\pTdtjwa.exe
  2⤵
  PID:4364
- C:\Windows\System\jVuhMMT.exe
  C:\Windows\System\jVuhMMT.exe
  2⤵
  PID:4388
- C:\Windows\System\fRRMTyJ.exe
  C:\Windows\System\fRRMTyJ.exe
  2⤵
  PID:4408
- C:\Windows\System\legMrnV.exe
  C:\Windows\System\legMrnV.exe
  2⤵
  PID:4428
- C:\Windows\System\lngsOMF.exe
  C:\Windows\System\lngsOMF.exe
  2⤵
  PID:4444
- C:\Windows\System\PavCdrH.exe
  C:\Windows\System\PavCdrH.exe
  2⤵
  PID:4468
- C:\Windows\System\GUOvkMK.exe
  C:\Windows\System\GUOvkMK.exe
  2⤵
  PID:4488
- C:\Windows\System\zadCqAb.exe
  C:\Windows\System\zadCqAb.exe
  2⤵
  PID:4600
- C:\Windows\System\wdAPmoV.exe
  C:\Windows\System\wdAPmoV.exe
  2⤵
  PID:4624
- C:\Windows\System\TBuSVvw.exe
  C:\Windows\System\TBuSVvw.exe
  2⤵
  PID:4644
- C:\Windows\System\DfhvSqJ.exe
  C:\Windows\System\DfhvSqJ.exe
  2⤵
  PID:4660
- C:\Windows\System\psUlLQU.exe
  C:\Windows\System\psUlLQU.exe
  2⤵
  PID:4684
- C:\Windows\System\PSJGzKk.exe
  C:\Windows\System\PSJGzKk.exe
  2⤵
  PID:4704
- C:\Windows\System\XEXcxzm.exe
  C:\Windows\System\XEXcxzm.exe
  2⤵
  PID:4724
- C:\Windows\System\AyukGWW.exe
  C:\Windows\System\AyukGWW.exe
  2⤵
  PID:4744
- C:\Windows\System\YPxrzxo.exe
  C:\Windows\System\YPxrzxo.exe
  2⤵
  PID:4764
- C:\Windows\System\KQqzxxd.exe
  C:\Windows\System\KQqzxxd.exe
  2⤵
  PID:4784
- C:\Windows\System\BrzLXUt.exe
  C:\Windows\System\BrzLXUt.exe
  2⤵
  PID:4804
- C:\Windows\System\eoRiHQG.exe
  C:\Windows\System\eoRiHQG.exe
  2⤵
  PID:4824
- C:\Windows\System\FQmLBiL.exe
  C:\Windows\System\FQmLBiL.exe
  2⤵
  PID:4844
- C:\Windows\System\XqURVIK.exe
  C:\Windows\System\XqURVIK.exe
  2⤵
  PID:4864
- C:\Windows\System\brztfPF.exe
  C:\Windows\System\brztfPF.exe
  2⤵
  PID:4884
- C:\Windows\System\XCvBEbU.exe
  C:\Windows\System\XCvBEbU.exe
  2⤵
  PID:4900
- C:\Windows\System\BppjWva.exe
  C:\Windows\System\BppjWva.exe
  2⤵
  PID:4924
- C:\Windows\System\UvQdSkC.exe
  C:\Windows\System\UvQdSkC.exe
  2⤵
  PID:4940
- C:\Windows\System\zeUhPuk.exe
  C:\Windows\System\zeUhPuk.exe
  2⤵
  PID:4960
- C:\Windows\System\YhgmTUv.exe
  C:\Windows\System\YhgmTUv.exe
  2⤵
  PID:4984
- C:\Windows\System\jZPvSNz.exe
  C:\Windows\System\jZPvSNz.exe
  2⤵
  PID:5004
- C:\Windows\System\gwqVkZs.exe
  C:\Windows\System\gwqVkZs.exe
  2⤵
  PID:5020
- C:\Windows\System\TUGVpyI.exe
  C:\Windows\System\TUGVpyI.exe
  2⤵
  PID:5040
- C:\Windows\System\uNkhwYP.exe
  C:\Windows\System\uNkhwYP.exe
  2⤵
  PID:5056
- C:\Windows\System\brBNCcm.exe
  C:\Windows\System\brBNCcm.exe
  2⤵
  PID:3436
- C:\Windows\System\OVpNxbR.exe
  C:\Windows\System\OVpNxbR.exe
  2⤵
  PID:3480
- C:\Windows\System\xqlFBIl.exe
  C:\Windows\System\xqlFBIl.exe
  2⤵
  PID:3564
- C:\Windows\System\rrPJXnF.exe
  C:\Windows\System\rrPJXnF.exe
  2⤵
  PID:3732
- C:\Windows\System\afxsNQB.exe
  C:\Windows\System\afxsNQB.exe
  2⤵
  PID:3812
- C:\Windows\System\KOsUBKT.exe
  C:\Windows\System\KOsUBKT.exe
  2⤵
  PID:3720
- C:\Windows\System\nKIFZrI.exe
  C:\Windows\System\nKIFZrI.exe
  2⤵
  PID:3796
- C:\Windows\System\yohTeLA.exe
  C:\Windows\System\yohTeLA.exe
  2⤵
  PID:3896
- C:\Windows\System\QiHVZts.exe
  C:\Windows\System\QiHVZts.exe
  2⤵
  PID:3104
- C:\Windows\System\XiegLGw.exe
  C:\Windows\System\XiegLGw.exe
  2⤵
  PID:1628
- C:\Windows\System\QJbMeDb.exe
  C:\Windows\System\QJbMeDb.exe
  2⤵
  PID:3180
- C:\Windows\System\TgkGSmy.exe
  C:\Windows\System\TgkGSmy.exe
  2⤵
  PID:4156
- C:\Windows\System\VbsGYOz.exe
  C:\Windows\System\VbsGYOz.exe
  2⤵
  PID:4140
- C:\Windows\System\RdwNRmE.exe
  C:\Windows\System\RdwNRmE.exe
  2⤵
  PID:4196
- C:\Windows\System\NLUKKjU.exe
  C:\Windows\System\NLUKKjU.exe
  2⤵
  PID:4236
- C:\Windows\System\ZURfzts.exe
  C:\Windows\System\ZURfzts.exe
  2⤵
  PID:4276
- C:\Windows\System\BJTUIDV.exe
  C:\Windows\System\BJTUIDV.exe
  2⤵
  PID:4316
- C:\Windows\System\xRQfjqV.exe
  C:\Windows\System\xRQfjqV.exe
  2⤵
  PID:4300
- C:\Windows\System\GXXcMqG.exe
  C:\Windows\System\GXXcMqG.exe
  2⤵
  PID:4344
- C:\Windows\System\Vruyzqz.exe
  C:\Windows\System\Vruyzqz.exe
  2⤵
  PID:4380
- C:\Windows\System\ZXvNakB.exe
  C:\Windows\System\ZXvNakB.exe
  2⤵
  PID:4416
- C:\Windows\System\LbybscG.exe
  C:\Windows\System\LbybscG.exe
  2⤵
  PID:4476
- C:\Windows\System\vRGZKCD.exe
  C:\Windows\System\vRGZKCD.exe
  2⤵
  PID:4620
- C:\Windows\System\JaIgkKz.exe
  C:\Windows\System\JaIgkKz.exe
  2⤵
  PID:4592
- C:\Windows\System\UUnpcAG.exe
  C:\Windows\System\UUnpcAG.exe
  2⤵
  PID:4792
- C:\Windows\System\XLiVcYL.exe
  C:\Windows\System\XLiVcYL.exe
  2⤵
  PID:4860
- C:\Windows\System\PCDgUea.exe
  C:\Windows\System\PCDgUea.exe
  2⤵
  PID:4872
- C:\Windows\System\QuaCbsq.exe
  C:\Windows\System\QuaCbsq.exe
  2⤵
  PID:4912
- C:\Windows\System\ZbRUzSP.exe
  C:\Windows\System\ZbRUzSP.exe
  2⤵
  PID:4968
- C:\Windows\System\ofmnhgX.exe
  C:\Windows\System\ofmnhgX.exe
  2⤵
  PID:4952
- C:\Windows\System\qvVAkRl.exe
  C:\Windows\System\qvVAkRl.exe
  2⤵
  PID:5012
- C:\Windows\System\bBBwcUU.exe
  C:\Windows\System\bBBwcUU.exe
  2⤵
  PID:5032
- C:\Windows\System\ZJxeYsb.exe
  C:\Windows\System\ZJxeYsb.exe
  2⤵
  PID:3380
- C:\Windows\System\rMgoKGB.exe
  C:\Windows\System\rMgoKGB.exe
  2⤵
  PID:3416
- C:\Windows\System\zmbhSZW.exe
  C:\Windows\System\zmbhSZW.exe
  2⤵
  PID:3680
- C:\Windows\System\HAEtInM.exe
  C:\Windows\System\HAEtInM.exe
  2⤵
  PID:3700
- C:\Windows\System\QykXmtL.exe
  C:\Windows\System\QykXmtL.exe
  2⤵
  PID:3932
- C:\Windows\System\jMqOave.exe
  C:\Windows\System\jMqOave.exe
  2⤵
  PID:3952
- C:\Windows\System\yUfagaT.exe
  C:\Windows\System\yUfagaT.exe
  2⤵
  PID:3236
- C:\Windows\System\meuOUKl.exe
  C:\Windows\System\meuOUKl.exe
  2⤵
  PID:4160
- C:\Windows\System\RlogNky.exe
  C:\Windows\System\RlogNky.exe
  2⤵
  PID:4164
- C:\Windows\System\VvXnsTL.exe
  C:\Windows\System\VvXnsTL.exe
  2⤵
  PID:5136
- C:\Windows\System\QnMcAoO.exe
  C:\Windows\System\QnMcAoO.exe
  2⤵
  PID:5156
- C:\Windows\System\gjfcQWE.exe
  C:\Windows\System\gjfcQWE.exe
  2⤵
  PID:5176
- C:\Windows\System\VgoOfIn.exe
  C:\Windows\System\VgoOfIn.exe
  2⤵
  PID:5196
- C:\Windows\System\jXIchnc.exe
  C:\Windows\System\jXIchnc.exe
  2⤵
  PID:5216
- C:\Windows\System\GTNQgqZ.exe
  C:\Windows\System\GTNQgqZ.exe
  2⤵
  PID:5236
- C:\Windows\System\PmYnZqt.exe
  C:\Windows\System\PmYnZqt.exe
  2⤵
  PID:5256
- C:\Windows\System\ydcWKtp.exe
  C:\Windows\System\ydcWKtp.exe
  2⤵
  PID:5372
- C:\Windows\System\oxcVJeo.exe
  C:\Windows\System\oxcVJeo.exe
  2⤵
  PID:5392
- C:\Windows\System\VmMcTKo.exe
  C:\Windows\System\VmMcTKo.exe
  2⤵
  PID:5408
- C:\Windows\System\rMEThNR.exe
  C:\Windows\System\rMEThNR.exe
  2⤵
  PID:5432
- C:\Windows\System\tarhgAO.exe
  C:\Windows\System\tarhgAO.exe
  2⤵
  PID:5452
- C:\Windows\System\CaqEmtG.exe
  C:\Windows\System\CaqEmtG.exe
  2⤵
  PID:5472
- C:\Windows\System\zRyUKVp.exe
  C:\Windows\System\zRyUKVp.exe
  2⤵
  PID:5492
- C:\Windows\System\kODJpPv.exe
  C:\Windows\System\kODJpPv.exe
  2⤵
  PID:5512
- C:\Windows\System\qpHNtjY.exe
  C:\Windows\System\qpHNtjY.exe
  2⤵
  PID:5532
- C:\Windows\System\UpVKDxq.exe
  C:\Windows\System\UpVKDxq.exe
  2⤵
  PID:5556
- C:\Windows\System\VDXGpif.exe
  C:\Windows\System\VDXGpif.exe
  2⤵
  PID:5576
- C:\Windows\System\TXrIDeo.exe
  C:\Windows\System\TXrIDeo.exe
  2⤵
  PID:5596
- C:\Windows\System\TJuzLca.exe
  C:\Windows\System\TJuzLca.exe
  2⤵
  PID:5616
- C:\Windows\System\bDbIWvU.exe
  C:\Windows\System\bDbIWvU.exe
  2⤵
  PID:5636
- C:\Windows\System\bkAEOhw.exe
  C:\Windows\System\bkAEOhw.exe
  2⤵
  PID:5656
- C:\Windows\System\KRHqYyY.exe
  C:\Windows\System\KRHqYyY.exe
  2⤵
  PID:5680
- C:\Windows\System\YHmQcKh.exe
  C:\Windows\System\YHmQcKh.exe
  2⤵
  PID:5700
- C:\Windows\System\aponPlO.exe
  C:\Windows\System\aponPlO.exe
  2⤵
  PID:5720
- C:\Windows\System\cWYFPKn.exe
  C:\Windows\System\cWYFPKn.exe
  2⤵
  PID:5740
- C:\Windows\System\bbNsJCG.exe
  C:\Windows\System\bbNsJCG.exe
  2⤵
  PID:5760
- C:\Windows\System\YwgjEHH.exe
  C:\Windows\System\YwgjEHH.exe
  2⤵
  PID:5780
- C:\Windows\System\nPIClCS.exe
  C:\Windows\System\nPIClCS.exe
  2⤵
  PID:5800
- C:\Windows\System\dScsbCF.exe
  C:\Windows\System\dScsbCF.exe
  2⤵
  PID:5820
- C:\Windows\System\KKmCbyu.exe
  C:\Windows\System\KKmCbyu.exe
  2⤵
  PID:5840
- C:\Windows\System\vKmRRIw.exe
  C:\Windows\System\vKmRRIw.exe
  2⤵
  PID:5956
- C:\Windows\System\LhLhlKN.exe
  C:\Windows\System\LhLhlKN.exe
  2⤵
  PID:5976
- C:\Windows\System\Zolpgvt.exe
  C:\Windows\System\Zolpgvt.exe
  2⤵
  PID:5996
- C:\Windows\System\OvjeTOz.exe
  C:\Windows\System\OvjeTOz.exe
  2⤵
  PID:6016
- C:\Windows\System\DBkCTFA.exe
  C:\Windows\System\DBkCTFA.exe
  2⤵
  PID:6036
- C:\Windows\System\JffNRWg.exe
  C:\Windows\System\JffNRWg.exe
  2⤵
  PID:6056
- C:\Windows\System\gvcTScr.exe
  C:\Windows\System\gvcTScr.exe
  2⤵
  PID:6076
- C:\Windows\System\tKODvfb.exe
  C:\Windows\System\tKODvfb.exe
  2⤵
  PID:6096
- C:\Windows\System\eLfYjLQ.exe
  C:\Windows\System\eLfYjLQ.exe
  2⤵
  PID:6116
- C:\Windows\System\dtSsyrK.exe
  C:\Windows\System\dtSsyrK.exe
  2⤵
  PID:6136
- C:\Windows\System\CSKNLZM.exe
  C:\Windows\System\CSKNLZM.exe
  2⤵
  PID:4220
- C:\Windows\System\CgsEuUh.exe
  C:\Windows\System\CgsEuUh.exe
  2⤵
  PID:4320
- C:\Windows\System\EpOsDWr.exe
  C:\Windows\System\EpOsDWr.exe
  2⤵
  PID:4372
- C:\Windows\System\USlpNlO.exe
  C:\Windows\System\USlpNlO.exe
  2⤵
  PID:4336
- C:\Windows\System\AWOiMkg.exe
  C:\Windows\System\AWOiMkg.exe
  2⤵
  PID:4460
- C:\Windows\System\wyaoVix.exe
  C:\Windows\System\wyaoVix.exe
  2⤵
  PID:4456
- C:\Windows\System\iGAtNuM.exe
  C:\Windows\System\iGAtNuM.exe
  2⤵
  PID:4856
- C:\Windows\System\KtpQdSv.exe
  C:\Windows\System\KtpQdSv.exe
  2⤵
  PID:4836
- C:\Windows\System\aRlGcZe.exe
  C:\Windows\System\aRlGcZe.exe
  2⤵
  PID:4896
- C:\Windows\System\pvKvDtY.exe
  C:\Windows\System\pvKvDtY.exe
  2⤵
  PID:5048
- C:\Windows\System\HhVHyDQ.exe
  C:\Windows\System\HhVHyDQ.exe
  2⤵
  PID:4992
- C:\Windows\System\IznApxe.exe
  C:\Windows\System\IznApxe.exe
  2⤵
  PID:3320
- C:\Windows\System\OTJcqKl.exe
  C:\Windows\System\OTJcqKl.exe
  2⤵
  PID:5068
- C:\Windows\System\ceimbAR.exe
  C:\Windows\System\ceimbAR.exe
  2⤵
  PID:3540
- C:\Windows\System\QMPJCDU.exe
  C:\Windows\System\QMPJCDU.exe
  2⤵
  PID:5188
- C:\Windows\System\RezOXcj.exe
  C:\Windows\System\RezOXcj.exe
  2⤵
  PID:5232
- C:\Windows\System\RFURcDK.exe
  C:\Windows\System\RFURcDK.exe
  2⤵
  PID:5344
- C:\Windows\System\TtMdCsY.exe
  C:\Windows\System\TtMdCsY.exe
  2⤵
  PID:5404
- C:\Windows\System\mECYSSQ.exe
  C:\Windows\System\mECYSSQ.exe
  2⤵
  PID:5468
- C:\Windows\System\LJajibD.exe
  C:\Windows\System\LJajibD.exe
  2⤵
  PID:5480
- C:\Windows\System\qosEBhm.exe
  C:\Windows\System\qosEBhm.exe
  2⤵
  PID:5504
- C:\Windows\System\QfdOVuJ.exe
  C:\Windows\System\QfdOVuJ.exe
  2⤵
  PID:5544
- C:\Windows\System\VaGvnhu.exe
  C:\Windows\System\VaGvnhu.exe
  2⤵
  PID:5588
- C:\Windows\System\pvyNHxj.exe
  C:\Windows\System\pvyNHxj.exe
  2⤵
  PID:5608
- C:\Windows\System\XDBiArQ.exe
  C:\Windows\System\XDBiArQ.exe
  2⤵
  PID:5664
- C:\Windows\System\dIGLgGm.exe
  C:\Windows\System\dIGLgGm.exe
  2⤵
  PID:5708
- C:\Windows\System\hIBdNSW.exe
  C:\Windows\System\hIBdNSW.exe
  2⤵
  PID:5696
- C:\Windows\System\QjpzuyA.exe
  C:\Windows\System\QjpzuyA.exe
  2⤵
  PID:5736
- C:\Windows\System\VfPuNpU.exe
  C:\Windows\System\VfPuNpU.exe
  2⤵
  PID:5792
- C:\Windows\System\XdQVvuJ.exe
  C:\Windows\System\XdQVvuJ.exe
  2⤵
  PID:5812
- C:\Windows\System\JHlqYlH.exe
  C:\Windows\System\JHlqYlH.exe
  2⤵
  PID:5968
- C:\Windows\System\tnqhiFa.exe
  C:\Windows\System\tnqhiFa.exe
  2⤵
  PID:5984
- C:\Windows\System\bVkdKCw.exe
  C:\Windows\System\bVkdKCw.exe
  2⤵
  PID:6024
- C:\Windows\System\zuYKNFr.exe
  C:\Windows\System\zuYKNFr.exe
  2⤵
  PID:6028
- C:\Windows\System\QtEuqsn.exe
  C:\Windows\System\QtEuqsn.exe
  2⤵
  PID:6124
- C:\Windows\System\aliLnig.exe
  C:\Windows\System\aliLnig.exe
  2⤵
  PID:6104
- C:\Windows\System\KJaIPLQ.exe
  C:\Windows\System\KJaIPLQ.exe
  2⤵
  PID:4304
- C:\Windows\System\amZpSrr.exe
  C:\Windows\System\amZpSrr.exe
  2⤵
  PID:4260
- C:\Windows\System\xkPMYtX.exe
  C:\Windows\System\xkPMYtX.exe
  2⤵
  PID:6168
- C:\Windows\System\fwiyKEh.exe
  C:\Windows\System\fwiyKEh.exe
  2⤵
  PID:6192
- C:\Windows\System\iQIqyvT.exe
  C:\Windows\System\iQIqyvT.exe
  2⤵
  PID:6212
- C:\Windows\System\yyfsGub.exe
  C:\Windows\System\yyfsGub.exe
  2⤵
  PID:6232
- C:\Windows\System\TeuQtdg.exe
  C:\Windows\System\TeuQtdg.exe
  2⤵
  PID:6252
- C:\Windows\System\fZkzvOD.exe
  C:\Windows\System\fZkzvOD.exe
  2⤵
  PID:6272
- C:\Windows\System\KtfNsQT.exe
  C:\Windows\System\KtfNsQT.exe
  2⤵
  PID:6292
- C:\Windows\System\ocUSYVs.exe
  C:\Windows\System\ocUSYVs.exe
  2⤵
  PID:6312
- C:\Windows\System\uZBPOCI.exe
  C:\Windows\System\uZBPOCI.exe
  2⤵
  PID:6328
- C:\Windows\System\FJvkjqd.exe
  C:\Windows\System\FJvkjqd.exe
  2⤵
  PID:6352
- C:\Windows\System\xVyVJVF.exe
  C:\Windows\System\xVyVJVF.exe
  2⤵
  PID:6368
- C:\Windows\System\LsDdwMm.exe
  C:\Windows\System\LsDdwMm.exe
  2⤵
  PID:6392
- C:\Windows\System\efglFpD.exe
  C:\Windows\System\efglFpD.exe
  2⤵
  PID:6408
- C:\Windows\System\lfhjdCx.exe
  C:\Windows\System\lfhjdCx.exe
  2⤵
  PID:6428
- C:\Windows\System\FEBZmth.exe
  C:\Windows\System\FEBZmth.exe
  2⤵
  PID:6448
- C:\Windows\System\fSChKWo.exe
  C:\Windows\System\fSChKWo.exe
  2⤵
  PID:6464
- C:\Windows\System\jVjSans.exe
  C:\Windows\System\jVjSans.exe
  2⤵
  PID:6488
- C:\Windows\System\ftcIxWM.exe
  C:\Windows\System\ftcIxWM.exe
  2⤵
  PID:6512
- C:\Windows\System\lSNJZIc.exe
  C:\Windows\System\lSNJZIc.exe
  2⤵
  PID:6532
- C:\Windows\System\UOuEOmq.exe
  C:\Windows\System\UOuEOmq.exe
  2⤵
  PID:6552
- C:\Windows\System\NFRQYnA.exe
  C:\Windows\System\NFRQYnA.exe
  2⤵
  PID:6572
- C:\Windows\System\vBoOwIh.exe
  C:\Windows\System\vBoOwIh.exe
  2⤵
  PID:6592
- C:\Windows\System\ichSUds.exe
  C:\Windows\System\ichSUds.exe
  2⤵
  PID:6612
- C:\Windows\System\qGmcAzX.exe
  C:\Windows\System\qGmcAzX.exe
  2⤵
  PID:6632
- C:\Windows\System\EwmYOww.exe
  C:\Windows\System\EwmYOww.exe
  2⤵
  PID:6748
- C:\Windows\System\VytoWuZ.exe
  C:\Windows\System\VytoWuZ.exe
  2⤵
  PID:6768
- C:\Windows\System\fvDPKNW.exe
  C:\Windows\System\fvDPKNW.exe
  2⤵
  PID:6788
- C:\Windows\System\veqVnCa.exe
  C:\Windows\System\veqVnCa.exe
  2⤵
  PID:6808
- C:\Windows\System\jhquBUX.exe
  C:\Windows\System\jhquBUX.exe
  2⤵
  PID:6824
- C:\Windows\System\HlqQFfx.exe
  C:\Windows\System\HlqQFfx.exe
  2⤵
  PID:6848
- C:\Windows\System\VgmCoZM.exe
  C:\Windows\System\VgmCoZM.exe
  2⤵
  PID:6868
- C:\Windows\System\qiNUSrP.exe
  C:\Windows\System\qiNUSrP.exe
  2⤵
  PID:6888
- C:\Windows\System\mHQKFOE.exe
  C:\Windows\System\mHQKFOE.exe
  2⤵
  PID:6908
- C:\Windows\System\hIEYRHt.exe
  C:\Windows\System\hIEYRHt.exe
  2⤵
  PID:6928
- C:\Windows\System\DbdlLEu.exe
  C:\Windows\System\DbdlLEu.exe
  2⤵
  PID:6948
- C:\Windows\System\GdSSspF.exe
  C:\Windows\System\GdSSspF.exe
  2⤵
  PID:6968
- C:\Windows\System\tldfPRr.exe
  C:\Windows\System\tldfPRr.exe
  2⤵
  PID:6988
- C:\Windows\System\RHWMknH.exe
  C:\Windows\System\RHWMknH.exe
  2⤵
  PID:7008
- C:\Windows\System\xBFzMOX.exe
  C:\Windows\System\xBFzMOX.exe
  2⤵
  PID:7028
- C:\Windows\System\GOjFdxG.exe
  C:\Windows\System\GOjFdxG.exe
  2⤵
  PID:7048
- C:\Windows\System\diLEfjm.exe
  C:\Windows\System\diLEfjm.exe
  2⤵
  PID:7068
- C:\Windows\System\eiPOdMM.exe
  C:\Windows\System\eiPOdMM.exe
  2⤵
  PID:7084
- C:\Windows\System\YQiZiSX.exe
  C:\Windows\System\YQiZiSX.exe
  2⤵
  PID:7104
- C:\Windows\System\STlDujM.exe
  C:\Windows\System\STlDujM.exe
  2⤵
  PID:7128
- C:\Windows\System\AvPfHdr.exe
  C:\Windows\System\AvPfHdr.exe
  2⤵
  PID:7144
- C:\Windows\System\BIBluQd.exe
  C:\Windows\System\BIBluQd.exe
  2⤵
  PID:5064
- C:\Windows\System\EsdgniL.exe
  C:\Windows\System\EsdgniL.exe
  2⤵
  PID:4936
- C:\Windows\System\ULSJEmC.exe
  C:\Windows\System\ULSJEmC.exe
  2⤵
  PID:3836
- C:\Windows\System\avPqdLa.exe
  C:\Windows\System\avPqdLa.exe
  2⤵
  PID:5508
- C:\Windows\System\xLSlsal.exe
  C:\Windows\System\xLSlsal.exe
  2⤵
  PID:5644
- C:\Windows\System\jzQhXfk.exe
  C:\Windows\System\jzQhXfk.exe
  2⤵
  PID:5728
- C:\Windows\System\puatVdn.exe
  C:\Windows\System\puatVdn.exe
  2⤵
  PID:5808
- C:\Windows\System\NauuQAD.exe
  C:\Windows\System\NauuQAD.exe
  2⤵
  PID:5828
- C:\Windows\System\TKRSLCu.exe
  C:\Windows\System\TKRSLCu.exe
  2⤵
  PID:5924
- C:\Windows\System\vguyHfN.exe
  C:\Windows\System\vguyHfN.exe
  2⤵
  PID:6048
- C:\Windows\System\lPHoxwl.exe
  C:\Windows\System\lPHoxwl.exe
  2⤵
  PID:5992
- C:\Windows\System\bAlWfKd.exe
  C:\Windows\System\bAlWfKd.exe
  2⤵
  PID:6084
- C:\Windows\System\HHSHlJW.exe
  C:\Windows\System\HHSHlJW.exe
  2⤵
  PID:852
- C:\Windows\System\TWqGMqB.exe
  C:\Windows\System\TWqGMqB.exe
  2⤵
  PID:6188
- C:\Windows\System\MZhAmYj.exe
  C:\Windows\System\MZhAmYj.exe
  2⤵
  PID:6228
- C:\Windows\System\zBOYVPX.exe
  C:\Windows\System\zBOYVPX.exe
  2⤵
  PID:6204
- C:\Windows\System\gXxWvsK.exe
  C:\Windows\System\gXxWvsK.exe
  2⤵
  PID:6300
- C:\Windows\System\EtfXurt.exe
  C:\Windows\System\EtfXurt.exe
  2⤵
  PID:6308
- C:\Windows\System\HtapDlM.exe
  C:\Windows\System\HtapDlM.exe
  2⤵
  PID:6344
- C:\Windows\System\GffTSnS.exe
  C:\Windows\System\GffTSnS.exe
  2⤵
  PID:6380
- C:\Windows\System\ZYsLOfi.exe
  C:\Windows\System\ZYsLOfi.exe
  2⤵
  PID:6416
- C:\Windows\System\XTUXvFD.exe
  C:\Windows\System\XTUXvFD.exe
  2⤵
  PID:6456
- C:\Windows\System\BGDFBSl.exe
  C:\Windows\System\BGDFBSl.exe
  2⤵
  PID:6440
- C:\Windows\System\SkiAFqt.exe
  C:\Windows\System\SkiAFqt.exe
  2⤵
  PID:6480
- C:\Windows\System\GuLBUKE.exe
  C:\Windows\System\GuLBUKE.exe
  2⤵
  PID:6548
- C:\Windows\System\KYNZnJZ.exe
  C:\Windows\System\KYNZnJZ.exe
  2⤵
  PID:6584
- C:\Windows\System\rCzzsBe.exe
  C:\Windows\System\rCzzsBe.exe
  2⤵
  PID:6628
- C:\Windows\System\ZbfmPvN.exe
  C:\Windows\System\ZbfmPvN.exe
  2⤵
  PID:6860
- C:\Windows\System\lbTfgin.exe
  C:\Windows\System\lbTfgin.exe
  2⤵
  PID:6956
- C:\Windows\System\jseCTUw.exe
  C:\Windows\System\jseCTUw.exe
  2⤵
  PID:6940
- C:\Windows\System\SaOQlVx.exe
  C:\Windows\System\SaOQlVx.exe
  2⤵
  PID:6984
- C:\Windows\System\EWARAWh.exe
  C:\Windows\System\EWARAWh.exe
  2⤵
  PID:7024
- C:\Windows\System\daiKUUu.exe
  C:\Windows\System\daiKUUu.exe
  2⤵
  PID:7080
- C:\Windows\System\KzLQoSM.exe
  C:\Windows\System\KzLQoSM.exe
  2⤵
  PID:7124
- C:\Windows\System\JCJBqGn.exe
  C:\Windows\System\JCJBqGn.exe
  2⤵
  PID:7160
- C:\Windows\System\JsHrCco.exe
  C:\Windows\System\JsHrCco.exe
  2⤵
  PID:2824
- C:\Windows\System\CiWxPQi.exe
  C:\Windows\System\CiWxPQi.exe
  2⤵
  PID:3856
- C:\Windows\System\WHzaBiY.exe
  C:\Windows\System\WHzaBiY.exe
  2⤵
  PID:5380
- C:\Windows\System\rbqVugs.exe
  C:\Windows\System\rbqVugs.exe
  2⤵
  PID:5756
- C:\Windows\System\uRLkOBG.exe
  C:\Windows\System\uRLkOBG.exe
  2⤵
  PID:5688
- C:\Windows\System\bWvvLin.exe
  C:\Windows\System\bWvvLin.exe
  2⤵
  PID:5964
- C:\Windows\System\dxeAnMt.exe
  C:\Windows\System\dxeAnMt.exe
  2⤵
  PID:6032
- C:\Windows\System\oesVvzk.exe
  C:\Windows\System\oesVvzk.exe
  2⤵
  PID:1080
- C:\Windows\System\gFTkoyZ.exe
  C:\Windows\System\gFTkoyZ.exe
  2⤵
  PID:4244
- C:\Windows\System\ccUBfNu.exe
  C:\Windows\System\ccUBfNu.exe
  2⤵
  PID:6268
- C:\Windows\System\NQjsYqZ.exe
  C:\Windows\System\NQjsYqZ.exe
  2⤵
  PID:6336
- C:\Windows\System\jCBzZih.exe
  C:\Windows\System\jCBzZih.exe
  2⤵
  PID:6360
- C:\Windows\System\KOSpVlT.exe
  C:\Windows\System\KOSpVlT.exe
  2⤵
  PID:7184
- C:\Windows\System\AfeYlya.exe
  C:\Windows\System\AfeYlya.exe
  2⤵
  PID:7208
- C:\Windows\System\BsTnBBu.exe
  C:\Windows\System\BsTnBBu.exe
  2⤵
  PID:7228
- C:\Windows\System\JgYxehe.exe
  C:\Windows\System\JgYxehe.exe
  2⤵
  PID:7248
- C:\Windows\System\UfPzFfv.exe
  C:\Windows\System\UfPzFfv.exe
  2⤵
  PID:7360
- C:\Windows\System\XBVPqbF.exe
  C:\Windows\System\XBVPqbF.exe
  2⤵
  PID:7384
- C:\Windows\System\ewBTVVH.exe
  C:\Windows\System\ewBTVVH.exe
  2⤵
  PID:7404
- C:\Windows\System\KEHbbJt.exe
  C:\Windows\System\KEHbbJt.exe
  2⤵
  PID:7424
- C:\Windows\System\aStCGxR.exe
  C:\Windows\System\aStCGxR.exe
  2⤵
  PID:7440
- C:\Windows\System\spMFvSL.exe
  C:\Windows\System\spMFvSL.exe
  2⤵
  PID:7464
- C:\Windows\System\scbkdRY.exe
  C:\Windows\System\scbkdRY.exe
  2⤵
  PID:7484
- C:\Windows\System\mKCYPYU.exe
  C:\Windows\System\mKCYPYU.exe
  2⤵
  PID:7500
- C:\Windows\System\fbjjsho.exe
  C:\Windows\System\fbjjsho.exe
  2⤵
  PID:7524
- C:\Windows\System\EWEvRDr.exe
  C:\Windows\System\EWEvRDr.exe
  2⤵
  PID:7544
- C:\Windows\System\tVoaTDc.exe
  C:\Windows\System\tVoaTDc.exe
  2⤵
  PID:7564
- C:\Windows\System\NtePIFq.exe
  C:\Windows\System\NtePIFq.exe
  2⤵
  PID:7584
- C:\Windows\System\KHaYOIR.exe
  C:\Windows\System\KHaYOIR.exe
  2⤵
  PID:7600
- C:\Windows\System\gTPotKs.exe
  C:\Windows\System\gTPotKs.exe
  2⤵
  PID:7624
- C:\Windows\System\nRvCrPT.exe
  C:\Windows\System\nRvCrPT.exe
  2⤵
  PID:7644
- C:\Windows\System\qqekUjj.exe
  C:\Windows\System\qqekUjj.exe
  2⤵
  PID:7660
- C:\Windows\System\dTCZveL.exe
  C:\Windows\System\dTCZveL.exe
  2⤵
  PID:7680
- C:\Windows\System\UZKvaOr.exe
  C:\Windows\System\UZKvaOr.exe
  2⤵
  PID:7700
- C:\Windows\System\dGaIVwQ.exe
  C:\Windows\System\dGaIVwQ.exe
  2⤵
  PID:7720
- C:\Windows\System\lNKUhre.exe
  C:\Windows\System\lNKUhre.exe
  2⤵
  PID:7744
- C:\Windows\System\otkJSFe.exe
  C:\Windows\System\otkJSFe.exe
  2⤵
  PID:7764
- C:\Windows\System\TEQlQww.exe
  C:\Windows\System\TEQlQww.exe
  2⤵
  PID:7784
- C:\Windows\System\JDRkPYs.exe
  C:\Windows\System\JDRkPYs.exe
  2⤵
  PID:7804
- C:\Windows\System\IUdirve.exe
  C:\Windows\System\IUdirve.exe
  2⤵
  PID:7824
- C:\Windows\System\BEcyJRv.exe
  C:\Windows\System\BEcyJRv.exe
  2⤵
  PID:7936
- C:\Windows\System\ocRMFnZ.exe
  C:\Windows\System\ocRMFnZ.exe
  2⤵
  PID:7960
- C:\Windows\System\tHzsSsy.exe
  C:\Windows\System\tHzsSsy.exe
  2⤵
  PID:7980
- C:\Windows\System\vBfvaui.exe
  C:\Windows\System\vBfvaui.exe
  2⤵
  PID:8000
- C:\Windows\System\titFdya.exe
  C:\Windows\System\titFdya.exe
  2⤵
  PID:8016
- C:\Windows\System\jkGJLgN.exe
  C:\Windows\System\jkGJLgN.exe
  2⤵
  PID:8040
- C:\Windows\System\DHEYGjg.exe
  C:\Windows\System\DHEYGjg.exe
  2⤵
  PID:8060
- C:\Windows\System\gXaCvoN.exe
  C:\Windows\System\gXaCvoN.exe
  2⤵
  PID:8080
- C:\Windows\System\cIViDPK.exe
  C:\Windows\System\cIViDPK.exe
  2⤵
  PID:8096
- C:\Windows\System\rpPLwtm.exe
  C:\Windows\System\rpPLwtm.exe
  2⤵
  PID:8120
- C:\Windows\System\GanXTwM.exe
  C:\Windows\System\GanXTwM.exe
  2⤵
  PID:8140
- C:\Windows\System\XEolrpm.exe
  C:\Windows\System\XEolrpm.exe
  2⤵
  PID:8160
- C:\Windows\System\hPrVXZY.exe
  C:\Windows\System\hPrVXZY.exe
  2⤵
  PID:8180
- C:\Windows\System\OiEUBIJ.exe
  C:\Windows\System\OiEUBIJ.exe
  2⤵
  PID:6436
- C:\Windows\System\lDxHJeh.exe
  C:\Windows\System\lDxHJeh.exe
  2⤵
  PID:6384
- C:\Windows\System\gfGfcuI.exe
  C:\Windows\System\gfGfcuI.exe
  2⤵
  PID:6528
- C:\Windows\System\jgXtExV.exe
  C:\Windows\System\jgXtExV.exe
  2⤵
  PID:6476
- C:\Windows\System\LKkcrdX.exe
  C:\Windows\System\LKkcrdX.exe
  2⤵
  PID:6900
- C:\Windows\System\yZsuEpj.exe
  C:\Windows\System\yZsuEpj.exe
  2⤵
  PID:6624
- C:\Windows\System\YJJVoRL.exe
  C:\Windows\System\YJJVoRL.exe
  2⤵
  PID:7000
- C:\Windows\System\VTNjgPD.exe
  C:\Windows\System\VTNjgPD.exe
  2⤵
  PID:7040
- C:\Windows\System\HQdgfbb.exe
  C:\Windows\System\HQdgfbb.exe
  2⤵
  PID:7060
- C:\Windows\System\WXyaOSR.exe
  C:\Windows\System\WXyaOSR.exe
  2⤵
  PID:3496
- C:\Windows\System\CEqkJUS.exe
  C:\Windows\System\CEqkJUS.exe
  2⤵
  PID:7136
- C:\Windows\System\xBRsRyh.exe
  C:\Windows\System\xBRsRyh.exe
  2⤵
  PID:6208
- C:\Windows\System\hwxweqj.exe
  C:\Windows\System\hwxweqj.exe
  2⤵
  PID:7204
- C:\Windows\System\BMtDGyA.exe
  C:\Windows\System\BMtDGyA.exe
  2⤵
  PID:7244
- C:\Windows\System\dRefUug.exe
  C:\Windows\System\dRefUug.exe
  2⤵
  PID:7220
- C:\Windows\System\HehGmlj.exe
  C:\Windows\System\HehGmlj.exe
  2⤵
  PID:7412
- C:\Windows\System\wNZQSuJ.exe
  C:\Windows\System\wNZQSuJ.exe
  2⤵
  PID:7400
- C:\Windows\System\OcfzvDX.exe
  C:\Windows\System\OcfzvDX.exe
  2⤵
  PID:7452
- C:\Windows\System\xFddvQV.exe
  C:\Windows\System\xFddvQV.exe
  2⤵
  PID:7472
- C:\Windows\System\eIvdddO.exe
  C:\Windows\System\eIvdddO.exe
  2⤵
  PID:7516
- C:\Windows\System\SPssSLy.exe
  C:\Windows\System\SPssSLy.exe
  2⤵
  PID:7580
- C:\Windows\System\lsVxWcV.exe
  C:\Windows\System\lsVxWcV.exe
  2⤵
  PID:7560
- C:\Windows\System\OixMFuk.exe
  C:\Windows\System\OixMFuk.exe
  2⤵
  PID:7592
- C:\Windows\System\svfjGRt.exe
  C:\Windows\System\svfjGRt.exe
  2⤵
  PID:7688
- C:\Windows\System\espLpKr.exe
  C:\Windows\System\espLpKr.exe
  2⤵
  PID:7668
- C:\Windows\System\NYNHcQT.exe
  C:\Windows\System\NYNHcQT.exe
  2⤵
  PID:7740
- C:\Windows\System\piBFKAO.exe
  C:\Windows\System\piBFKAO.exe
  2⤵
  PID:1548
- C:\Windows\System\vWoApFI.exe
  C:\Windows\System\vWoApFI.exe
  2⤵
  PID:7780
- C:\Windows\System\hGiARXI.exe
  C:\Windows\System\hGiARXI.exe
  2⤵
  PID:7812
- C:\Windows\System\msvuMmk.exe
  C:\Windows\System\msvuMmk.exe
  2⤵
  PID:7956
- C:\Windows\System\uMEKvTb.exe
  C:\Windows\System\uMEKvTb.exe
  2⤵
  PID:7992
- C:\Windows\System\rvzOKQx.exe
  C:\Windows\System\rvzOKQx.exe
  2⤵
  PID:7972
- C:\Windows\System\BPhOpKp.exe
  C:\Windows\System\BPhOpKp.exe
  2⤵
  PID:8068
- C:\Windows\System\PBpDvwA.exe
  C:\Windows\System\PBpDvwA.exe
  2⤵
  PID:8072
- C:\Windows\System\EJbSoUu.exe
  C:\Windows\System\EJbSoUu.exe
  2⤵
  PID:8116
- C:\Windows\System\zMIuZHM.exe
  C:\Windows\System\zMIuZHM.exe
  2⤵
  PID:6920
- C:\Windows\System\Arljryt.exe
  C:\Windows\System\Arljryt.exe
  2⤵
  PID:6608
- C:\Windows\System\TucyYcR.exe
  C:\Windows\System\TucyYcR.exe
  2⤵
  PID:7036
- C:\Windows\System\ApgFjbT.exe
  C:\Windows\System\ApgFjbT.exe
  2⤵
  PID:6944
- C:\Windows\System\rMRXDGy.exe
  C:\Windows\System\rMRXDGy.exe
  2⤵
  PID:7192
- C:\Windows\System\IEUGbej.exe
  C:\Windows\System\IEUGbej.exe
  2⤵
  PID:7176
- C:\Windows\System\dImftjy.exe
  C:\Windows\System\dImftjy.exe
  2⤵
  PID:7224
- C:\Windows\System\xFBoLyN.exe
  C:\Windows\System\xFBoLyN.exe
  2⤵
  PID:8196
- C:\Windows\System\dyoYIaY.exe
  C:\Windows\System\dyoYIaY.exe
  2⤵
  PID:8220
- C:\Windows\System\PELYPVr.exe
  C:\Windows\System\PELYPVr.exe
  2⤵
  PID:8240
- C:\Windows\System\ZIXqvJk.exe
  C:\Windows\System\ZIXqvJk.exe
  2⤵
  PID:8256
- C:\Windows\System\xlSCxlU.exe
  C:\Windows\System\xlSCxlU.exe
  2⤵
  PID:8280
- C:\Windows\System\jleqYRV.exe
  C:\Windows\System\jleqYRV.exe
  2⤵
  PID:8300
- C:\Windows\System\NlecxiS.exe
  C:\Windows\System\NlecxiS.exe
  2⤵
  PID:8320
- C:\Windows\System\PetooMi.exe
  C:\Windows\System\PetooMi.exe
  2⤵
  PID:8340
- C:\Windows\System\Bwpxwzk.exe
  C:\Windows\System\Bwpxwzk.exe
  2⤵
  PID:8360
- C:\Windows\System\iPNbilH.exe
  C:\Windows\System\iPNbilH.exe
  2⤵
  PID:8380
- C:\Windows\System\YBWSLIy.exe
  C:\Windows\System\YBWSLIy.exe
  2⤵
  PID:8400
- C:\Windows\System\DSXdgfE.exe
  C:\Windows\System\DSXdgfE.exe
  2⤵
  PID:8420
- C:\Windows\System\bmJdqfL.exe
  C:\Windows\System\bmJdqfL.exe
  2⤵
  PID:8440
- C:\Windows\System\vBoMscD.exe
  C:\Windows\System\vBoMscD.exe
  2⤵
  PID:8460
- C:\Windows\System\otOQvxo.exe
  C:\Windows\System\otOQvxo.exe
  2⤵
  PID:8480
- C:\Windows\System\ZauWgmO.exe
  C:\Windows\System\ZauWgmO.exe
  2⤵
  PID:8500
- C:\Windows\System\wAYuffr.exe
  C:\Windows\System\wAYuffr.exe
  2⤵
  PID:8520
- C:\Windows\System\oNtpZLf.exe
  C:\Windows\System\oNtpZLf.exe
  2⤵
  PID:8636
- C:\Windows\System\JDaJQKF.exe
  C:\Windows\System\JDaJQKF.exe
  2⤵
  PID:8660
- C:\Windows\System\bvIMLsK.exe
  C:\Windows\System\bvIMLsK.exe
  2⤵
  PID:8680
- C:\Windows\System\kuWPeri.exe
  C:\Windows\System\kuWPeri.exe
  2⤵
  PID:8700
- C:\Windows\System\QzQdCsS.exe
  C:\Windows\System\QzQdCsS.exe
  2⤵
  PID:8720
- C:\Windows\System\LJsLFnH.exe
  C:\Windows\System\LJsLFnH.exe
  2⤵
  PID:8740
- C:\Windows\System\XgpfTeQ.exe
  C:\Windows\System\XgpfTeQ.exe
  2⤵
  PID:8760
- C:\Windows\System\uzzsHBb.exe
  C:\Windows\System\uzzsHBb.exe
  2⤵
  PID:8776
- C:\Windows\System\xXGREor.exe
  C:\Windows\System\xXGREor.exe
  2⤵
  PID:8796
- C:\Windows\System\miivgfz.exe
  C:\Windows\System\miivgfz.exe
  2⤵
  PID:8820
- C:\Windows\System\QpyrpwP.exe
  C:\Windows\System\QpyrpwP.exe
  2⤵
  PID:8836
- C:\Windows\System\LKRYwkb.exe
  C:\Windows\System\LKRYwkb.exe
  2⤵
  PID:8860
- C:\Windows\System\iAGoRGj.exe
  C:\Windows\System\iAGoRGj.exe
  2⤵
  PID:8880
- C:\Windows\System\jRXaiHA.exe
  C:\Windows\System\jRXaiHA.exe
  2⤵
  PID:8900
- C:\Windows\System\CohJrqR.exe
  C:\Windows\System\CohJrqR.exe
  2⤵
  PID:8916
- C:\Windows\System\rKWIQcS.exe
  C:\Windows\System\rKWIQcS.exe
  2⤵
  PID:8940
- C:\Windows\System\KxydZpX.exe
  C:\Windows\System\KxydZpX.exe
  2⤵
  PID:8956
- C:\Windows\System\wcdeHHi.exe
  C:\Windows\System\wcdeHHi.exe
  2⤵
  PID:8980
- C:\Windows\System\tbhDKWV.exe
  C:\Windows\System\tbhDKWV.exe
  2⤵
  PID:8996
- C:\Windows\System\iDTUAjU.exe
  C:\Windows\System\iDTUAjU.exe
  2⤵
  PID:9016
- C:\Windows\System\oNnGUFj.exe
  C:\Windows\System\oNnGUFj.exe
  2⤵
  PID:9036
- C:\Windows\System\DAeNQvQ.exe
  C:\Windows\System\DAeNQvQ.exe
  2⤵
  PID:9056
- C:\Windows\System\gIOQhMh.exe
  C:\Windows\System\gIOQhMh.exe
  2⤵
  PID:9076
- C:\Windows\System\GjtSKfT.exe
  C:\Windows\System\GjtSKfT.exe
  2⤵
  PID:9096
- C:\Windows\System\VbypbVb.exe
  C:\Windows\System\VbypbVb.exe
  2⤵
  PID:9208
- C:\Windows\System\ljVaPjp.exe
  C:\Windows\System\ljVaPjp.exe
  2⤵
  PID:7376
- C:\Windows\System\bkyzIAB.exe
  C:\Windows\System\bkyzIAB.exe
  2⤵
  PID:7448
- C:\Windows\System\FkhqKVM.exe
  C:\Windows\System\FkhqKVM.exe
  2⤵
  PID:7540
- C:\Windows\System\OiFvtBF.exe
  C:\Windows\System\OiFvtBF.exe
  2⤵
  PID:7616
- C:\Windows\System\CsKiNLs.exe
  C:\Windows\System\CsKiNLs.exe
  2⤵
  PID:7696
- C:\Windows\System\NxHJBjG.exe
  C:\Windows\System\NxHJBjG.exe
  2⤵
  PID:7656
- C:\Windows\System\gOIiqhu.exe
  C:\Windows\System\gOIiqhu.exe
  2⤵
  PID:7728
- C:\Windows\System\YcUVsko.exe
  C:\Windows\System\YcUVsko.exe
  2⤵
  PID:7756
- C:\Windows\System\jxzjpli.exe
  C:\Windows\System\jxzjpli.exe
  2⤵
  PID:7832
- C:\Windows\System\LIvFmpK.exe
  C:\Windows\System\LIvFmpK.exe
  2⤵
  PID:7896
- C:\Windows\System\hRmnZBE.exe
  C:\Windows\System\hRmnZBE.exe
  2⤵
  PID:8028
- C:\Windows\System\cyYJUCl.exe
  C:\Windows\System\cyYJUCl.exe
  2⤵
  PID:8052
- C:\Windows\System\jvJLAfn.exe
  C:\Windows\System\jvJLAfn.exe
  2⤵
  PID:8008
- C:\Windows\System\BGzzvpS.exe
  C:\Windows\System\BGzzvpS.exe
  2⤵
  PID:6588
- C:\Windows\System\XacBZdF.exe
  C:\Windows\System\XacBZdF.exe
  2⤵
  PID:6980
- C:\Windows\System\NXhdlDP.exe
  C:\Windows\System\NXhdlDP.exe
  2⤵
  PID:6244
- C:\Windows\System\hmzlWYd.exe
  C:\Windows\System\hmzlWYd.exe
  2⤵
  PID:6284
- C:\Windows\System\ESWrNLs.exe
  C:\Windows\System\ESWrNLs.exe
  2⤵
  PID:7256
- C:\Windows\System\eWeBocK.exe
  C:\Windows\System\eWeBocK.exe
  2⤵
  PID:8236
- C:\Windows\System\bjBpKHN.exe
  C:\Windows\System\bjBpKHN.exe
  2⤵
  PID:8204
- C:\Windows\System\yhzISKP.exe
  C:\Windows\System\yhzISKP.exe
  2⤵
  PID:8264
- C:\Windows\System\KspZgSP.exe
  C:\Windows\System\KspZgSP.exe
  2⤵
  PID:8252
- C:\Windows\System\BuirROz.exe
  C:\Windows\System\BuirROz.exe
  2⤵
  PID:8312
- C:\Windows\System\AgozFgi.exe
  C:\Windows\System\AgozFgi.exe
  2⤵
  PID:8328
- C:\Windows\System\VIhyQrp.exe
  C:\Windows\System\VIhyQrp.exe
  2⤵
  PID:8352
- C:\Windows\System\SNOJZxV.exe
  C:\Windows\System\SNOJZxV.exe
  2⤵
  PID:8396
- C:\Windows\System\cHIpIBY.exe
  C:\Windows\System\cHIpIBY.exe
  2⤵
  PID:8436
- C:\Windows\System\RClaZoN.exe
  C:\Windows\System\RClaZoN.exe
  2⤵
  PID:8376
- C:\Windows\System\RiODdtB.exe
  C:\Windows\System\RiODdtB.exe
  2⤵
  PID:8416
- C:\Windows\System\UTevTjT.exe
  C:\Windows\System\UTevTjT.exe
  2⤵
  PID:8516
- C:\Windows\System\MAgURoi.exe
  C:\Windows\System\MAgURoi.exe
  2⤵
  PID:8488
- C:\Windows\System\QBdrbqn.exe
  C:\Windows\System\QBdrbqn.exe
  2⤵
  PID:2280
- C:\Windows\System\MYXbXpm.exe
  C:\Windows\System\MYXbXpm.exe
  2⤵
  PID:8528
- C:\Windows\System\cdRXqTv.exe
  C:\Windows\System\cdRXqTv.exe
  2⤵
  PID:8692
- C:\Windows\System\qkvAxwz.exe
  C:\Windows\System\qkvAxwz.exe
  2⤵
  PID:8768
- C:\Windows\System\pUQRcdf.exe
  C:\Windows\System\pUQRcdf.exe
  2⤵
  PID:8812
- C:\Windows\System\rxJICbE.exe
  C:\Windows\System\rxJICbE.exe
  2⤵
  PID:8848
- C:\Windows\System\iSIHPvn.exe
  C:\Windows\System\iSIHPvn.exe
  2⤵
  PID:8676
- C:\Windows\System\pwpHHsq.exe
  C:\Windows\System\pwpHHsq.exe
  2⤵
  PID:8712
- C:\Windows\System\CJMMqNE.exe
  C:\Windows\System\CJMMqNE.exe
  2⤵
  PID:8788
- C:\Windows\System\vKeBpiK.exe
  C:\Windows\System\vKeBpiK.exe
  2⤵
  PID:8828
- C:\Windows\System\WMsxzVw.exe
  C:\Windows\System\WMsxzVw.exe
  2⤵
  PID:2612
- C:\Windows\System\eqlUPoA.exe
  C:\Windows\System\eqlUPoA.exe
  2⤵
  PID:8892
- C:\Windows\System\ShXnHKm.exe
  C:\Windows\System\ShXnHKm.exe
  2⤵
  PID:8936
- C:\Windows\System\KjPXdyR.exe
  C:\Windows\System\KjPXdyR.exe
  2⤵
  PID:8912
- C:\Windows\System\NeihIBx.exe
  C:\Windows\System\NeihIBx.exe
  2⤵
  PID:9008
- C:\Windows\System\uWeVWUC.exe
  C:\Windows\System\uWeVWUC.exe
  2⤵
  PID:9048
- C:\Windows\System\muQggAJ.exe
  C:\Windows\System\muQggAJ.exe
  2⤵
  PID:2784
- C:\Windows\System\orkwmEs.exe
  C:\Windows\System\orkwmEs.exe
  2⤵
  PID:8992
- C:\Windows\System\LVafhDA.exe
  C:\Windows\System\LVafhDA.exe
  2⤵
  PID:9064
- C:\Windows\System\hHeVVCB.exe
  C:\Windows\System\hHeVVCB.exe
  2⤵
  PID:2836
- C:\Windows\System\zLoitNJ.exe
  C:\Windows\System\zLoitNJ.exe
  2⤵
  PID:9156
- C:\Windows\System\odXpsEq.exe
  C:\Windows\System\odXpsEq.exe
  2⤵
  PID:7456
- C:\Windows\System\tvALVVI.exe
  C:\Windows\System\tvALVVI.exe
  2⤵
  PID:7708
- C:\Windows\System\rjFbuQX.exe
  C:\Windows\System\rjFbuQX.exe
  2⤵
  PID:7620
- C:\Windows\System\JFqiTpy.exe
  C:\Windows\System\JFqiTpy.exe
  2⤵
  PID:7712
- C:\Windows\System\WMESOvc.exe
  C:\Windows\System\WMESOvc.exe
  2⤵
  PID:7948
- C:\Windows\System\zGrElYi.exe
  C:\Windows\System\zGrElYi.exe
  2⤵
  PID:8036
- C:\Windows\System\rTQuBjB.exe
  C:\Windows\System\rTQuBjB.exe
  2⤵
  PID:6324
- C:\Windows\System\gxflboF.exe
  C:\Windows\System\gxflboF.exe
  2⤵
  PID:2884
- C:\Windows\System\gitOuRH.exe
  C:\Windows\System\gitOuRH.exe
  2⤵
  PID:7320
- C:\Windows\System\hedURFx.exe
  C:\Windows\System\hedURFx.exe
  2⤵
  PID:8216
- C:\Windows\System\KobXsXW.exe
  C:\Windows\System\KobXsXW.exe
  2⤵
  PID:8248
- C:\Windows\System\SlXtkSN.exe
  C:\Windows\System\SlXtkSN.exe
  2⤵
  PID:8296
- C:\Windows\System\nMeJCbi.exe
  C:\Windows\System\nMeJCbi.exe
  2⤵
  PID:8332
- C:\Windows\System\WyRZhUq.exe
  C:\Windows\System\WyRZhUq.exe
  2⤵
  PID:8468
- C:\Windows\System\EPmvZXo.exe
  C:\Windows\System\EPmvZXo.exe
  2⤵
  PID:8476
- C:\Windows\System\jaDJWnF.exe
  C:\Windows\System\jaDJWnF.exe
  2⤵
  PID:8508
- C:\Windows\System\DXSaciX.exe
  C:\Windows\System\DXSaciX.exe
  2⤵
  PID:8492
- C:\Windows\System\AsClngt.exe
  C:\Windows\System\AsClngt.exe
  2⤵
  PID:8688
- C:\Windows\System\USrSJSf.exe
  C:\Windows\System\USrSJSf.exe
  2⤵
  PID:8808
- C:\Windows\System\aqimiVC.exe
  C:\Windows\System\aqimiVC.exe
  2⤵
  PID:8708
- C:\Windows\System\YBFMHjD.exe
  C:\Windows\System\YBFMHjD.exe
  2⤵
  PID:8792
- C:\Windows\System\baygfdp.exe
  C:\Windows\System\baygfdp.exe
  2⤵
  PID:8876
- C:\Windows\System\BnhmQFb.exe
  C:\Windows\System\BnhmQFb.exe
  2⤵
  PID:8928
- C:\Windows\System\wizSQIe.exe
  C:\Windows\System\wizSQIe.exe
  2⤵
  PID:8972
- C:\Windows\System\LzTZRth.exe
  C:\Windows\System\LzTZRth.exe
  2⤵
  PID:9088
- C:\Windows\System\HQWfQST.exe
  C:\Windows\System\HQWfQST.exe
  2⤵
  PID:9032
- C:\Windows\System\UbqEJHx.exe
  C:\Windows\System\UbqEJHx.exe
  2⤵
  PID:2832
- C:\Windows\System\oZIlxTk.exe
  C:\Windows\System\oZIlxTk.exe
  2⤵
  PID:7796
- C:\Windows\System\oedKzYo.exe
  C:\Windows\System\oedKzYo.exe
  2⤵
  PID:7652
- C:\Windows\System\VVwcNzb.exe
  C:\Windows\System\VVwcNzb.exe
  2⤵
  PID:2660
- C:\Windows\System\ngFTjHA.exe
  C:\Windows\System\ngFTjHA.exe
  2⤵
  PID:7092
- C:\Windows\System\kiFgGrn.exe
  C:\Windows\System\kiFgGrn.exe
  2⤵
  PID:7236
- C:\Windows\System\OtwnAsL.exe
  C:\Windows\System\OtwnAsL.exe
  2⤵
  PID:1680
- C:\Windows\System\bJdahRv.exe
  C:\Windows\System\bJdahRv.exe
  2⤵
  PID:8428
- C:\Windows\System\QqOfbee.exe
  C:\Windows\System\QqOfbee.exe
  2⤵
  PID:9228
- C:\Windows\System\zJYSyPF.exe
  C:\Windows\System\zJYSyPF.exe
  2⤵
  PID:9244
- C:\Windows\System\jxnvcVS.exe
  C:\Windows\System\jxnvcVS.exe
  2⤵
  PID:9260
- C:\Windows\System\sFYkDdn.exe
  C:\Windows\System\sFYkDdn.exe
  2⤵
  PID:9276
- C:\Windows\System\HBNjwIr.exe
  C:\Windows\System\HBNjwIr.exe
  2⤵
  PID:9292
- C:\Windows\System\wUxLTfV.exe
  C:\Windows\System\wUxLTfV.exe
  2⤵
  PID:9308
- C:\Windows\System\ypRWISp.exe
  C:\Windows\System\ypRWISp.exe
  2⤵
  PID:9324
- C:\Windows\System\hhPXoSS.exe
  C:\Windows\System\hhPXoSS.exe
  2⤵
  PID:9340
- C:\Windows\System\cHpXNKl.exe
  C:\Windows\System\cHpXNKl.exe
  2⤵
  PID:9356
- C:\Windows\System\oyMowAD.exe
  C:\Windows\System\oyMowAD.exe
  2⤵
  PID:9372
- C:\Windows\System\UwwugEB.exe
  C:\Windows\System\UwwugEB.exe
  2⤵
  PID:9388
- C:\Windows\System\qXaJvIy.exe
  C:\Windows\System\qXaJvIy.exe
  2⤵
  PID:9404
- C:\Windows\System\pwaKlze.exe
  C:\Windows\System\pwaKlze.exe
  2⤵
  PID:9420
- C:\Windows\System\OpxQlhy.exe
  C:\Windows\System\OpxQlhy.exe
  2⤵
  PID:9440
- C:\Windows\System\zHiDRRF.exe
  C:\Windows\System\zHiDRRF.exe
  2⤵
  PID:9456
- C:\Windows\System\DvnjtMj.exe
  C:\Windows\System\DvnjtMj.exe
  2⤵
  PID:9472
- C:\Windows\System\kTRwuXh.exe
  C:\Windows\System\kTRwuXh.exe
  2⤵
  PID:9488
- C:\Windows\System\VkSXeEO.exe
  C:\Windows\System\VkSXeEO.exe
  2⤵
  PID:9504
- C:\Windows\System\QCqkPVu.exe
  C:\Windows\System\QCqkPVu.exe
  2⤵
  PID:9520
- C:\Windows\System\WUaaOgT.exe
  C:\Windows\System\WUaaOgT.exe
  2⤵
  PID:9536
- C:\Windows\System\KjAqlYV.exe
  C:\Windows\System\KjAqlYV.exe
  2⤵
  PID:9552
- C:\Windows\System\sHhXBDN.exe
  C:\Windows\System\sHhXBDN.exe
  2⤵
  PID:9568
- C:\Windows\System\fMkuRzI.exe
  C:\Windows\System\fMkuRzI.exe
  2⤵
  PID:9584
- C:\Windows\System\XdQZOrx.exe
  C:\Windows\System\XdQZOrx.exe
  2⤵
  PID:9600
- C:\Windows\System\ExASsoS.exe
  C:\Windows\System\ExASsoS.exe
  2⤵
  PID:9616
- C:\Windows\System\UUEYIJY.exe
  C:\Windows\System\UUEYIJY.exe
  2⤵
  PID:9632
- C:\Windows\System\SJbTxEJ.exe
  C:\Windows\System\SJbTxEJ.exe
  2⤵
  PID:9648
- C:\Windows\System\LnwgtLZ.exe
  C:\Windows\System\LnwgtLZ.exe
  2⤵
  PID:9664
- C:\Windows\System\uGIwpIX.exe
  C:\Windows\System\uGIwpIX.exe
  2⤵
  PID:9680
- C:\Windows\System\HLrHFvG.exe
  C:\Windows\System\HLrHFvG.exe
  2⤵
  PID:9696
- C:\Windows\System\eBWrVKl.exe
  C:\Windows\System\eBWrVKl.exe
  2⤵
  PID:9712
- C:\Windows\System\oGxeoex.exe
  C:\Windows\System\oGxeoex.exe
  2⤵
  PID:9728
- C:\Windows\System\wzGTgxo.exe
  C:\Windows\System\wzGTgxo.exe
  2⤵
  PID:9744
- C:\Windows\System\yMlTyit.exe
  C:\Windows\System\yMlTyit.exe
  2⤵
  PID:9760
- C:\Windows\System\YehjCKg.exe
  C:\Windows\System\YehjCKg.exe
  2⤵
  PID:9776
- C:\Windows\System\KYARNXU.exe
  C:\Windows\System\KYARNXU.exe
  2⤵
  PID:9792
- C:\Windows\System\kMHHMqq.exe
  C:\Windows\System\kMHHMqq.exe
  2⤵
  PID:9808
- C:\Windows\System\YiHtcCq.exe
  C:\Windows\System\YiHtcCq.exe
  2⤵
  PID:9824
- C:\Windows\System\qLErrgr.exe
  C:\Windows\System\qLErrgr.exe
  2⤵
  PID:9840
- C:\Windows\System\ugwdbdQ.exe
  C:\Windows\System\ugwdbdQ.exe
  2⤵
  PID:9856
- C:\Windows\System\HIEgrvJ.exe
  C:\Windows\System\HIEgrvJ.exe
  2⤵
  PID:9872
- C:\Windows\System\tlrKRtU.exe
  C:\Windows\System\tlrKRtU.exe
  2⤵
  PID:9896
- C:\Windows\System\FPgbaTX.exe
  C:\Windows\System\FPgbaTX.exe
  2⤵
  PID:9912
- C:\Windows\System\HLsbeaT.exe
  C:\Windows\System\HLsbeaT.exe
  2⤵
  PID:9932
- C:\Windows\System\HfcGOYe.exe
  C:\Windows\System\HfcGOYe.exe
  2⤵
  PID:9948
- C:\Windows\System\EAuxQxq.exe
  C:\Windows\System\EAuxQxq.exe
  2⤵
  PID:9964
- C:\Windows\System\GBxhaVO.exe
  C:\Windows\System\GBxhaVO.exe
  2⤵
  PID:9980
- C:\Windows\System\PAZfLRh.exe
  C:\Windows\System\PAZfLRh.exe
  2⤵
  PID:9996
- C:\Windows\System\dBDnwhQ.exe
  C:\Windows\System\dBDnwhQ.exe
  2⤵
  PID:10012
- C:\Windows\System\mmnEhug.exe
  C:\Windows\System\mmnEhug.exe
  2⤵
  PID:10028
- C:\Windows\System\NqMgCIm.exe
  C:\Windows\System\NqMgCIm.exe
  2⤵
  PID:10044
- C:\Windows\System\wocHcmk.exe
  C:\Windows\System\wocHcmk.exe
  2⤵
  PID:10060
- C:\Windows\System\XOQAmtt.exe
  C:\Windows\System\XOQAmtt.exe
  2⤵
  PID:10076
- C:\Windows\System\kzqlZtP.exe
  C:\Windows\System\kzqlZtP.exe
  2⤵
  PID:10092
- C:\Windows\System\NKwuDBI.exe
  C:\Windows\System\NKwuDBI.exe
  2⤵
  PID:10108
- C:\Windows\System\RsqETlG.exe
  C:\Windows\System\RsqETlG.exe
  2⤵
  PID:10124
- C:\Windows\System\mHgDJKF.exe
  C:\Windows\System\mHgDJKF.exe
  2⤵
  PID:10140
- C:\Windows\System\RrZFddB.exe
  C:\Windows\System\RrZFddB.exe
  2⤵
  PID:10156
- C:\Windows\System\oKswhES.exe
  C:\Windows\System\oKswhES.exe
  2⤵
  PID:10172
- C:\Windows\System\VTvtVMG.exe
  C:\Windows\System\VTvtVMG.exe
  2⤵
  PID:10188
- C:\Windows\System\xYZgrmp.exe
  C:\Windows\System\xYZgrmp.exe
  2⤵
  PID:10204
- C:\Windows\System\EWqqwbj.exe
  C:\Windows\System\EWqqwbj.exe
  2⤵
  PID:10220
- C:\Windows\System\kotFdHY.exe
  C:\Windows\System\kotFdHY.exe
  2⤵
  PID:10236
- C:\Windows\System\cbmUPal.exe
  C:\Windows\System\cbmUPal.exe
  2⤵
  PID:8448
- C:\Windows\System\kiVXFMG.exe
  C:\Windows\System\kiVXFMG.exe
  2⤵
  PID:8736
- C:\Windows\System\dZZOKCA.exe
  C:\Windows\System\dZZOKCA.exe
  2⤵
  PID:8584
- C:\Windows\System\RfmWBli.exe
  C:\Windows\System\RfmWBli.exe
  2⤵
  PID:8888
- C:\Windows\System\tdEPEyK.exe
  C:\Windows\System\tdEPEyK.exe
  2⤵
  PID:9044
- C:\Windows\System\SBsPVvR.exe
  C:\Windows\System\SBsPVvR.exe
  2⤵
  PID:9072
- C:\Windows\System\ZEVPvoP.exe
  C:\Windows\System\ZEVPvoP.exe
  2⤵
  PID:7692
- C:\Windows\System\VESWkUN.exe
  C:\Windows\System\VESWkUN.exe
  2⤵
  PID:2948
- C:\Windows\System\irlyirp.exe
  C:\Windows\System\irlyirp.exe
  2⤵
  PID:8292
- C:\Windows\System\eQpqRal.exe
  C:\Windows\System\eQpqRal.exe
  2⤵
  PID:9220
- C:\Windows\System\hPhURro.exe
  C:\Windows\System\hPhURro.exe
  2⤵
  PID:9240
- C:\Windows\System\kNSODHz.exe
  C:\Windows\System\kNSODHz.exe
  2⤵
  PID:9284
- C:\Windows\System\isunAGG.exe
  C:\Windows\System\isunAGG.exe
  2⤵
  PID:1976
- C:\Windows\System\ToSOKmz.exe
  C:\Windows\System\ToSOKmz.exe
  2⤵
  PID:2176
- C:\Windows\System\LXidMor.exe
  C:\Windows\System\LXidMor.exe
  2⤵
  PID:9336
- C:\Windows\System\pBeDQqe.exe
  C:\Windows\System\pBeDQqe.exe
  2⤵
  PID:9380
- C:\Windows\System\IVnojZt.exe
  C:\Windows\System\IVnojZt.exe
  2⤵
  PID:9400
- C:\Windows\System\cirpUKJ.exe
  C:\Windows\System\cirpUKJ.exe
  2⤵
  PID:9452
- C:\Windows\System\yuqzKIN.exe
  C:\Windows\System\yuqzKIN.exe
  2⤵
  PID:9484
- C:\Windows\System\kcDEsTc.exe
  C:\Windows\System\kcDEsTc.exe
  2⤵
  PID:9516
- C:\Windows\System\MzHLFAn.exe
  C:\Windows\System\MzHLFAn.exe
  2⤵
  PID:9548
- C:\Windows\System\bRbnNkw.exe
  C:\Windows\System\bRbnNkw.exe
  2⤵
  PID:9580
- C:\Windows\System\aPVlZsr.exe
  C:\Windows\System\aPVlZsr.exe
  2⤵
  PID:9596
- C:\Windows\System\lxgBExn.exe
  C:\Windows\System\lxgBExn.exe
  2⤵
  PID:1908
- C:\Windows\System\plSvWkw.exe
  C:\Windows\System\plSvWkw.exe
  2⤵
  PID:9656
- C:\Windows\System\TSFXmyT.exe
  C:\Windows\System\TSFXmyT.exe
  2⤵
  PID:9692
- C:\Windows\System\kmPHkrn.exe
  C:\Windows\System\kmPHkrn.exe
  2⤵
  PID:9736
- C:\Windows\System\vRuYrYE.exe
  C:\Windows\System\vRuYrYE.exe
  2⤵
  PID:9756
- C:\Windows\System\qBhZxVv.exe
  C:\Windows\System\qBhZxVv.exe
  2⤵
  PID:9788
- C:\Windows\System\LCmmisf.exe
  C:\Windows\System\LCmmisf.exe
  2⤵
  PID:9820
- C:\Windows\System\zYGdoHm.exe
  C:\Windows\System\zYGdoHm.exe
  2⤵
  PID:9852
- C:\Windows\System\TbAGPKo.exe
  C:\Windows\System\TbAGPKo.exe
  2⤵
  PID:9904
- C:\Windows\System\TuqsdDd.exe
  C:\Windows\System\TuqsdDd.exe
  2⤵
  PID:9928
- C:\Windows\System\LTmXmAm.exe
  C:\Windows\System\LTmXmAm.exe
  2⤵
  PID:9976
- C:\Windows\System\YdGtsEo.exe
  C:\Windows\System\YdGtsEo.exe
  2⤵
  PID:10008
- C:\Windows\System\StynkIX.exe
  C:\Windows\System\StynkIX.exe
  2⤵
  PID:10040
- C:\Windows\System\oZgLkPD.exe
  C:\Windows\System\oZgLkPD.exe
  2⤵
  PID:10072
- C:\Windows\System\pLZCgkR.exe
  C:\Windows\System\pLZCgkR.exe
  2⤵
  PID:10104
- C:\Windows\System\jnDUmPZ.exe
  C:\Windows\System\jnDUmPZ.exe
  2⤵
  PID:10136
- C:\Windows\System\lkQRtUA.exe
  C:\Windows\System\lkQRtUA.exe
  2⤵
  PID:10168
- C:\Windows\System\CvtVSgl.exe
  C:\Windows\System\CvtVSgl.exe
  2⤵
  PID:10184
- C:\Windows\System\KwXZAdA.exe
  C:\Windows\System\KwXZAdA.exe
  2⤵
  PID:10232
- C:\Windows\System\VtujZlo.exe
  C:\Windows\System\VtujZlo.exe
  2⤵
  PID:8648
- C:\Windows\System\aLrfUtR.exe
  C:\Windows\System\aLrfUtR.exe
  2⤵
  PID:8872
- C:\Windows\System\SQVpLdp.exe
  C:\Windows\System\SQVpLdp.exe
  2⤵
  PID:9108
- C:\Windows\System\BcaLFRq.exe
  C:\Windows\System\BcaLFRq.exe
  2⤵
  PID:2628
- C:\Windows\System\dKpTAJH.exe
  C:\Windows\System\dKpTAJH.exe
  2⤵
  PID:8368
- C:\Windows\System\jjGhFyh.exe
  C:\Windows\System\jjGhFyh.exe
  2⤵
  PID:2876
- C:\Windows\System\uoxkRIF.exe
  C:\Windows\System\uoxkRIF.exe
  2⤵
  PID:9300
- C:\Windows\System\ovbMTxS.exe
  C:\Windows\System\ovbMTxS.exe
  2⤵
  PID:9364
- C:\Windows\System\QqTNrpX.exe
  C:\Windows\System\QqTNrpX.exe
  2⤵
  PID:9428
- C:\Windows\System\lEbVUQo.exe
  C:\Windows\System\lEbVUQo.exe
  2⤵
  PID:9480
- C:\Windows\System\igAyJsA.exe
  C:\Windows\System\igAyJsA.exe
  2⤵
  PID:9560
- C:\Windows\System\CTkjxEy.exe
  C:\Windows\System\CTkjxEy.exe
  2⤵
  PID:9624
- C:\Windows\System\rKWKUNa.exe
  C:\Windows\System\rKWKUNa.exe
  2⤵
  PID:9672
- C:\Windows\System\wcPAwto.exe
  C:\Windows\System\wcPAwto.exe
  2⤵
  PID:9724
- C:\Windows\System\WZCvnAM.exe
  C:\Windows\System\WZCvnAM.exe
  2⤵
  PID:9816
- C:\Windows\System\KeUTpaS.exe
  C:\Windows\System\KeUTpaS.exe
  2⤵
  PID:9880
- C:\Windows\System\QcdsQci.exe
  C:\Windows\System\QcdsQci.exe
  2⤵
  PID:9956
- C:\Windows\System\vwwgtvK.exe
  C:\Windows\System\vwwgtvK.exe
  2⤵
  PID:9988
- C:\Windows\System\OVyqQmD.exe
  C:\Windows\System\OVyqQmD.exe
  2⤵
  PID:2572
- C:\Windows\System\ecRGBME.exe
  C:\Windows\System\ecRGBME.exe
  2⤵
  PID:10100
- C:\Windows\System\XAMVvlf.exe
  C:\Windows\System\XAMVvlf.exe
  2⤵
  PID:10196
- C:\Windows\System\LuLwaji.exe
  C:\Windows\System\LuLwaji.exe
  2⤵
  PID:8644
- C:\Windows\System\tCTpnuC.exe
  C:\Windows\System\tCTpnuC.exe
  2⤵
  PID:9028
- C:\Windows\System\VZajrIO.exe
  C:\Windows\System\VZajrIO.exe
  2⤵
  PID:9252
- C:\Windows\System\ctGhmvE.exe
  C:\Windows\System\ctGhmvE.exe
  2⤵
  PID:2644
- C:\Windows\System\CnqrzZg.exe
  C:\Windows\System\CnqrzZg.exe
  2⤵
  PID:9368
- C:\Windows\System\rHTPoNh.exe
  C:\Windows\System\rHTPoNh.exe
  2⤵
  PID:9512
- C:\Windows\System\gWXdJFx.exe
  C:\Windows\System\gWXdJFx.exe
  2⤵
  PID:9592
- C:\Windows\System\LcaogVk.exe
  C:\Windows\System\LcaogVk.exe
  2⤵
  PID:10256
- C:\Windows\System\qeKtmmK.exe
  C:\Windows\System\qeKtmmK.exe
  2⤵
  PID:10272
- C:\Windows\System\KnojSUp.exe
  C:\Windows\System\KnojSUp.exe
  2⤵
  PID:10288
- C:\Windows\System\ytUVhKt.exe
  C:\Windows\System\ytUVhKt.exe
  2⤵
  PID:10304
- C:\Windows\System\UedhVHm.exe
  C:\Windows\System\UedhVHm.exe
  2⤵
  PID:10320
- C:\Windows\System\TvBdcFf.exe
  C:\Windows\System\TvBdcFf.exe
  2⤵
  PID:10336
- C:\Windows\System\MYENsGi.exe
  C:\Windows\System\MYENsGi.exe
  2⤵
  PID:10352
- C:\Windows\System\NSrwFwT.exe
  C:\Windows\System\NSrwFwT.exe
  2⤵
  PID:10368
- C:\Windows\System\fynoBaL.exe
  C:\Windows\System\fynoBaL.exe
  2⤵
  PID:10384
- C:\Windows\System\QiVbunU.exe
  C:\Windows\System\QiVbunU.exe
  2⤵
  PID:10400
- C:\Windows\System\QhoDMIO.exe
  C:\Windows\System\QhoDMIO.exe
  2⤵
  PID:10416
- C:\Windows\System\ajASLil.exe
  C:\Windows\System\ajASLil.exe
  2⤵
  PID:10432
- C:\Windows\System\QHZmexY.exe
  C:\Windows\System\QHZmexY.exe
  2⤵
  PID:10448
- C:\Windows\System\tCVjONp.exe
  C:\Windows\System\tCVjONp.exe
  2⤵
  PID:10464
- C:\Windows\System\viDcQwP.exe
  C:\Windows\System\viDcQwP.exe
  2⤵
  PID:10480
- C:\Windows\System\vccRrKK.exe
  C:\Windows\System\vccRrKK.exe
  2⤵
  PID:10496
- C:\Windows\System\DEBFbbv.exe
  C:\Windows\System\DEBFbbv.exe
  2⤵
  PID:10512
- C:\Windows\System\xUXdScf.exe
  C:\Windows\System\xUXdScf.exe
  2⤵
  PID:10528
- C:\Windows\System\SiYbHNR.exe
  C:\Windows\System\SiYbHNR.exe
  2⤵
  PID:10544
- C:\Windows\System\EHYVTBc.exe
  C:\Windows\System\EHYVTBc.exe
  2⤵
  PID:10560
- C:\Windows\System\lqdjLzL.exe
  C:\Windows\System\lqdjLzL.exe
  2⤵
  PID:10576
- C:\Windows\System\EdekCrN.exe
  C:\Windows\System\EdekCrN.exe
  2⤵
  PID:10596
- C:\Windows\System\qaReIgd.exe
  C:\Windows\System\qaReIgd.exe
  2⤵
  PID:10612
- C:\Windows\System\gTUpckJ.exe
  C:\Windows\System\gTUpckJ.exe
  2⤵
  PID:10628
- C:\Windows\System\OGGGgHV.exe
  C:\Windows\System\OGGGgHV.exe
  2⤵
  PID:10644
- C:\Windows\System\AhEtgOs.exe
  C:\Windows\System\AhEtgOs.exe
  2⤵
  PID:10660
- C:\Windows\System\xEjkIzv.exe
  C:\Windows\System\xEjkIzv.exe
  2⤵
  PID:10676
- C:\Windows\System\nthDffR.exe
  C:\Windows\System\nthDffR.exe
  2⤵
  PID:10692
- C:\Windows\System\YaNHqTF.exe
  C:\Windows\System\YaNHqTF.exe
  2⤵
  PID:10708
- C:\Windows\System\HhElntF.exe
  C:\Windows\System\HhElntF.exe
  2⤵
  PID:10724
- C:\Windows\System\yhiYaEm.exe
  C:\Windows\System\yhiYaEm.exe
  2⤵
  PID:10740
- C:\Windows\System\VCVkGta.exe
  C:\Windows\System\VCVkGta.exe
  2⤵
  PID:10756
- C:\Windows\System\nLNJDHb.exe
  C:\Windows\System\nLNJDHb.exe
  2⤵
  PID:10772
- C:\Windows\System\DDLKJyd.exe
  C:\Windows\System\DDLKJyd.exe
  2⤵
  PID:10788
- C:\Windows\System\OsurPCt.exe
  C:\Windows\System\OsurPCt.exe
  2⤵
  PID:10804
- C:\Windows\System\KmdvKUd.exe
  C:\Windows\System\KmdvKUd.exe
  2⤵
  PID:10820
- C:\Windows\System\npfwNxA.exe
  C:\Windows\System\npfwNxA.exe
  2⤵
  PID:10836
- C:\Windows\System\TjCJTiq.exe
  C:\Windows\System\TjCJTiq.exe
  2⤵
  PID:10852
- C:\Windows\System\qEEXjJo.exe
  C:\Windows\System\qEEXjJo.exe
  2⤵
  PID:10868
- C:\Windows\System\TCxWFkq.exe
  C:\Windows\System\TCxWFkq.exe
  2⤵
  PID:10884
- C:\Windows\System\NWtbmhm.exe
  C:\Windows\System\NWtbmhm.exe
  2⤵
  PID:10900
- C:\Windows\System\VnSxvoR.exe
  C:\Windows\System\VnSxvoR.exe
  2⤵
  PID:10916
- C:\Windows\System\QCuaYzD.exe
  C:\Windows\System\QCuaYzD.exe
  2⤵
  PID:10932
- C:\Windows\System\JwxVFaZ.exe
  C:\Windows\System\JwxVFaZ.exe
  2⤵
  PID:10948
- C:\Windows\System\vZJXQsD.exe
  C:\Windows\System\vZJXQsD.exe
  2⤵
  PID:10964
- C:\Windows\System\ePHFWTY.exe
  C:\Windows\System\ePHFWTY.exe
  2⤵
  PID:10980
- C:\Windows\System\jYoKpYV.exe
  C:\Windows\System\jYoKpYV.exe
  2⤵
  PID:10996
- C:\Windows\System\DcJlpuZ.exe
  C:\Windows\System\DcJlpuZ.exe
  2⤵
  PID:11012
- C:\Windows\System\etiaVPw.exe
  C:\Windows\System\etiaVPw.exe
  2⤵
  PID:11032
- C:\Windows\System\ZBFREXp.exe
  C:\Windows\System\ZBFREXp.exe
  2⤵
  PID:11048
- C:\Windows\System\fyvsSal.exe
  C:\Windows\System\fyvsSal.exe
  2⤵
  PID:11064
- C:\Windows\System\IdveJnU.exe
  C:\Windows\System\IdveJnU.exe
  2⤵
  PID:11080
- C:\Windows\System\YkcsPMF.exe
  C:\Windows\System\YkcsPMF.exe
  2⤵
  PID:11096
- C:\Windows\System\GzYPnCx.exe
  C:\Windows\System\GzYPnCx.exe
  2⤵
  PID:11112
- C:\Windows\System\hZnHUNr.exe
  C:\Windows\System\hZnHUNr.exe
  2⤵
  PID:11128
- C:\Windows\System\TmarciW.exe
  C:\Windows\System\TmarciW.exe
  2⤵
  PID:11144
- C:\Windows\System\HLWDATc.exe
  C:\Windows\System\HLWDATc.exe
  2⤵
  PID:11160
- C:\Windows\System\kMFrjwU.exe
  C:\Windows\System\kMFrjwU.exe
  2⤵
  PID:11176
- C:\Windows\System\VyFQZOm.exe
  C:\Windows\System\VyFQZOm.exe
  2⤵
  PID:11192
- C:\Windows\System\FzGPkMb.exe
  C:\Windows\System\FzGPkMb.exe
  2⤵
  PID:11208
- C:\Windows\System\gLQNuRV.exe
  C:\Windows\System\gLQNuRV.exe
  2⤵
  PID:11224
- C:\Windows\System\AbWOfsK.exe
  C:\Windows\System\AbWOfsK.exe
  2⤵
  PID:11240
- C:\Windows\System\CFtmlYI.exe
  C:\Windows\System\CFtmlYI.exe
  2⤵
  PID:11256
- C:\Windows\System\WQfdSOE.exe
  C:\Windows\System\WQfdSOE.exe
  2⤵
  PID:9644
- C:\Windows\System\kKLYHpL.exe
  C:\Windows\System\kKLYHpL.exe
  2⤵
  PID:9832
- C:\Windows\System\InNdJOc.exe
  C:\Windows\System\InNdJOc.exe
  2⤵
  PID:9972
- C:\Windows\System\ydfaQXg.exe
  C:\Windows\System\ydfaQXg.exe
  2⤵
  PID:3036
- C:\Windows\System\zdWtYol.exe
  C:\Windows\System\zdWtYol.exe
  2⤵
  PID:10056
- C:\Windows\System\ZpESJMR.exe
  C:\Windows\System\ZpESJMR.exe
  2⤵
  PID:10200
- C:\Windows\System\qXJXqmF.exe
  C:\Windows\System\qXJXqmF.exe
  2⤵
  PID:1260
- C:\Windows\System\nrprgyL.exe
  C:\Windows\System\nrprgyL.exe
  2⤵
  PID:2676
- C:\Windows\System\CpAxKdC.exe
  C:\Windows\System\CpAxKdC.exe
  2⤵
  PID:9396
- C:\Windows\System\PaGxvXh.exe
  C:\Windows\System\PaGxvXh.exe
  2⤵
  PID:10252
- C:\Windows\System\lGezLNC.exe
  C:\Windows\System\lGezLNC.exe
  2⤵
  PID:10296
- C:\Windows\System\ExRtimh.exe
  C:\Windows\System\ExRtimh.exe
  2⤵
  PID:10328
- C:\Windows\System\uUfDdQa.exe
  C:\Windows\System\uUfDdQa.exe
  2⤵
  PID:3760
- C:\Windows\System\UPzCpTA.exe
  C:\Windows\System\UPzCpTA.exe
  2⤵
  PID:10376
- C:\Windows\System\sSHDJqh.exe
  C:\Windows\System\sSHDJqh.exe
  2⤵
  PID:10424
- C:\Windows\System\EjKaays.exe
  C:\Windows\System\EjKaays.exe
  2⤵
  PID:10440
- C:\Windows\System\zgxqacH.exe
  C:\Windows\System\zgxqacH.exe
  2⤵
  PID:10460
- C:\Windows\System\MdSIeWG.exe
  C:\Windows\System\MdSIeWG.exe
  2⤵
  PID:10492
- C:\Windows\System\rTkxxgQ.exe
  C:\Windows\System\rTkxxgQ.exe
  2⤵
  PID:10524
- C:\Windows\System\bxgOuAl.exe
  C:\Windows\System\bxgOuAl.exe
  2⤵
  PID:10556
- C:\Windows\System\jDimpFi.exe
  C:\Windows\System\jDimpFi.exe
  2⤵
  PID:10588
- C:\Windows\System\URVflEQ.exe
  C:\Windows\System\URVflEQ.exe
  2⤵
  PID:10624
- C:\Windows\System\xTHqmsy.exe
  C:\Windows\System\xTHqmsy.exe
  2⤵
  PID:10656
- C:\Windows\System\nucnfbF.exe
  C:\Windows\System\nucnfbF.exe
  2⤵
  PID:10688
- C:\Windows\System\dhbvxef.exe
  C:\Windows\System\dhbvxef.exe
  2⤵
  PID:10720
- C:\Windows\System\dWbhmnK.exe
  C:\Windows\System\dWbhmnK.exe
  2⤵
  PID:10736
- C:\Windows\System\cCDMosp.exe
  C:\Windows\System\cCDMosp.exe
  2⤵
  PID:10784
- C:\Windows\System\DXdixWY.exe
  C:\Windows\System\DXdixWY.exe
  2⤵
  PID:10816
- C:\Windows\System\BSenowo.exe
  C:\Windows\System\BSenowo.exe
  2⤵
  PID:10848
- C:\Windows\System\tCfMHAG.exe
  C:\Windows\System\tCfMHAG.exe
  2⤵
  PID:10860
- C:\Windows\System\EKCdcJu.exe
  C:\Windows\System\EKCdcJu.exe
  2⤵
  PID:10908
- C:\Windows\System\rMTREmy.exe
  C:\Windows\System\rMTREmy.exe
  2⤵
  PID:10940
- C:\Windows\System\EnFPyWr.exe
  C:\Windows\System\EnFPyWr.exe
  2⤵
  PID:10972
- C:\Windows\System\BzufQmo.exe
  C:\Windows\System\BzufQmo.exe
  2⤵
  PID:10988
- C:\Windows\System\SmtUeYD.exe
  C:\Windows\System\SmtUeYD.exe
  2⤵
  PID:1416
- C:\Windows\System\KmnLpbk.exe
  C:\Windows\System\KmnLpbk.exe
  2⤵
  PID:11028
- C:\Windows\System\MYCojUm.exe
  C:\Windows\System\MYCojUm.exe
  2⤵
  PID:11060
- C:\Windows\System\ujnRUzh.exe
  C:\Windows\System\ujnRUzh.exe
  2⤵
  PID:11104
- C:\Windows\System\bFKtorm.exe
  C:\Windows\System\bFKtorm.exe
  2⤵
  PID:11136
- C:\Windows\System\cmWRzOH.exe
  C:\Windows\System\cmWRzOH.exe
  2⤵
  PID:11168
- C:\Windows\System\gisXSnT.exe
  C:\Windows\System\gisXSnT.exe
  2⤵
  PID:11200
- C:\Windows\System\ZKmqhsI.exe
  C:\Windows\System\ZKmqhsI.exe
  2⤵
  PID:11220
- C:\Windows\System\FLVFwHO.exe
  C:\Windows\System\FLVFwHO.exe
  2⤵
  PID:2736
- C:\Windows\System\GljPRlg.exe
  C:\Windows\System\GljPRlg.exe
  2⤵
  PID:9768
- C:\Windows\System\MYizzcM.exe
  C:\Windows\System\MYizzcM.exe
  2⤵
  PID:10004
- C:\Windows\System\MqONKJD.exe
  C:\Windows\System\MqONKJD.exe
  2⤵
  PID:10132
- C:\Windows\System\dLAOjRj.exe
  C:\Windows\System\dLAOjRj.exe
  2⤵
  PID:9544
- C:\Windows\System\MjFFxgC.exe
  C:\Windows\System\MjFFxgC.exe
  2⤵
  PID:10280
- C:\Windows\System\ZviJLjz.exe
  C:\Windows\System\ZviJLjz.exe
  2⤵
  PID:10312
- C:\Windows\System\pBrfTeo.exe
  C:\Windows\System\pBrfTeo.exe
  2⤵
  PID:10380
- C:\Windows\System\rCNHwOO.exe
  C:\Windows\System\rCNHwOO.exe
  2⤵
  PID:10444
- C:\Windows\System\ghxkdrg.exe
  C:\Windows\System\ghxkdrg.exe
  2⤵
  PID:10472
- C:\Windows\System\rCgtYia.exe
  C:\Windows\System\rCgtYia.exe
  2⤵
  PID:5568
- C:\Windows\System\ePaINhc.exe
  C:\Windows\System\ePaINhc.exe
  2⤵
  PID:10604
- C:\Windows\System\ocBIjfz.exe
  C:\Windows\System\ocBIjfz.exe
  2⤵
  PID:10684
- C:\Windows\System\ZhXUqeR.exe
  C:\Windows\System\ZhXUqeR.exe
  2⤵
  PID:2636
- C:\Windows\System\PUYetST.exe
  C:\Windows\System\PUYetST.exe
  2⤵
  PID:10768
- C:\Windows\System\KHJPKnh.exe
  C:\Windows\System\KHJPKnh.exe
  2⤵
  PID:10812
- C:\Windows\System\eAJaYCn.exe
  C:\Windows\System\eAJaYCn.exe
  2⤵
  PID:10876
- C:\Windows\System\lPoNMRk.exe
  C:\Windows\System\lPoNMRk.exe
  2⤵
  PID:10924
- C:\Windows\System\ZsUjtJU.exe
  C:\Windows\System\ZsUjtJU.exe
  2⤵
  PID:3400
- C:\Windows\System\bRWpNEq.exe
  C:\Windows\System\bRWpNEq.exe
  2⤵
  PID:2752
- C:\Windows\System\YNmPtaR.exe
  C:\Windows\System\YNmPtaR.exe
  2⤵
  PID:11088
- C:\Windows\System\MxlatNp.exe
  C:\Windows\System\MxlatNp.exe
  2⤵
  PID:11152
- C:\Windows\System\gvrIsJW.exe
  C:\Windows\System\gvrIsJW.exe
  2⤵
  PID:11232
- C:\Windows\System\wpiKjDJ.exe
  C:\Windows\System\wpiKjDJ.exe
  2⤵
  PID:9884
- C:\Windows\System\UbyJbYG.exe
  C:\Windows\System\UbyJbYG.exe
  2⤵
  PID:10164
- C:\Windows\System\hjCrfqm.exe
  C:\Windows\System\hjCrfqm.exe
  2⤵
  PID:2172
- C:\Windows\System\GhqAfSD.exe
  C:\Windows\System\GhqAfSD.exe
  2⤵
  PID:3816
- C:\Windows\System\DzhDgvU.exe
  C:\Windows\System\DzhDgvU.exe
  2⤵
  PID:10412
- C:\Windows\System\sPlGeuO.exe
  C:\Windows\System\sPlGeuO.exe
  2⤵
  PID:10552
- C:\Windows\System\PZcNsMB.exe
  C:\Windows\System\PZcNsMB.exe
  2⤵
  PID:10640
- C:\Windows\System\IpxvBBj.exe
  C:\Windows\System\IpxvBBj.exe
  2⤵
  PID:2240
- C:\Windows\System\zHdtToi.exe
  C:\Windows\System\zHdtToi.exe
  2⤵
  PID:10912
- C:\Windows\System\kZKbtlt.exe
  C:\Windows\System\kZKbtlt.exe
  2⤵
  PID:10944
- C:\Windows\System\QbigKYz.exe
  C:\Windows\System\QbigKYz.exe
  2⤵
  PID:11076
- C:\Windows\System\rYtgSes.exe
  C:\Windows\System\rYtgSes.exe
  2⤵
  PID:11204
- C:\Windows\System\ibbmpik.exe
  C:\Windows\System\ibbmpik.exe
  2⤵
  PID:3984
- C:\Windows\System\cjWWTVX.exe
  C:\Windows\System\cjWWTVX.exe
  2⤵
  PID:11280
- C:\Windows\System\ncXbARt.exe
  C:\Windows\System\ncXbARt.exe
  2⤵
  PID:11296
- C:\Windows\System\WWqNnxu.exe
  C:\Windows\System\WWqNnxu.exe
  2⤵
  PID:11312
- C:\Windows\System\JdbIbfo.exe
  C:\Windows\System\JdbIbfo.exe
  2⤵
  PID:11328
- C:\Windows\System\ahAMrmG.exe
  C:\Windows\System\ahAMrmG.exe
  2⤵
  PID:11344
- C:\Windows\System\PQcPHHI.exe
  C:\Windows\System\PQcPHHI.exe
  2⤵
  PID:11360
- C:\Windows\System\XSHwFmA.exe
  C:\Windows\System\XSHwFmA.exe
  2⤵
  PID:11376
- C:\Windows\System\RAIjftB.exe
  C:\Windows\System\RAIjftB.exe
  2⤵
  PID:11392
- C:\Windows\System\BOwFURh.exe
  C:\Windows\System\BOwFURh.exe
  2⤵
  PID:11408
- C:\Windows\System\GZBVacA.exe
  C:\Windows\System\GZBVacA.exe
  2⤵
  PID:11424
- C:\Windows\System\tovjDkK.exe
  C:\Windows\System\tovjDkK.exe
  2⤵
  PID:11440
- C:\Windows\System\AGImllt.exe
  C:\Windows\System\AGImllt.exe
  2⤵
  PID:11456
- C:\Windows\System\ZOYHBWm.exe
  C:\Windows\System\ZOYHBWm.exe
  2⤵
  PID:11472
- C:\Windows\System\FTIGDlo.exe
  C:\Windows\System\FTIGDlo.exe
  2⤵
  PID:11488
- C:\Windows\System\xzdgBmw.exe
  C:\Windows\System\xzdgBmw.exe
  2⤵
  PID:11504
- C:\Windows\System\BaUqQuD.exe
  C:\Windows\System\BaUqQuD.exe
  2⤵
  PID:11520
- C:\Windows\System\kYqITtg.exe
  C:\Windows\System\kYqITtg.exe
  2⤵
  PID:11536
- C:\Windows\System\lWrHylX.exe
  C:\Windows\System\lWrHylX.exe
  2⤵
  PID:11552
- C:\Windows\System\sAyAvFu.exe
  C:\Windows\System\sAyAvFu.exe
  2⤵
  PID:11572
- C:\Windows\System\cYtVgxH.exe
  C:\Windows\System\cYtVgxH.exe
  2⤵
  PID:11588
- C:\Windows\System\STSCmEC.exe
  C:\Windows\System\STSCmEC.exe
  2⤵
  PID:11604
- C:\Windows\System\lwFRVkZ.exe
  C:\Windows\System\lwFRVkZ.exe
  2⤵
  PID:11620
- C:\Windows\System\kMxeMaA.exe
  C:\Windows\System\kMxeMaA.exe
  2⤵
  PID:11636
- C:\Windows\System\zwBGjiG.exe
  C:\Windows\System\zwBGjiG.exe
  2⤵
  PID:11652
- C:\Windows\System\rAuADyh.exe
  C:\Windows\System\rAuADyh.exe
  2⤵
  PID:11668
- C:\Windows\System\MsPXCQv.exe
  C:\Windows\System\MsPXCQv.exe
  2⤵
  PID:11684
- C:\Windows\System\VCUPCwM.exe
  C:\Windows\System\VCUPCwM.exe
  2⤵
  PID:11700
- C:\Windows\System\NoXeqeo.exe
  C:\Windows\System\NoXeqeo.exe
  2⤵
  PID:11716
- C:\Windows\System\TyqNNLz.exe
  C:\Windows\System\TyqNNLz.exe
  2⤵
  PID:11732
- C:\Windows\System\fKNVwSb.exe
  C:\Windows\System\fKNVwSb.exe
  2⤵
  PID:11748
- C:\Windows\System\wMVQQDc.exe
  C:\Windows\System\wMVQQDc.exe
  2⤵
  PID:11764
- C:\Windows\System\qLiGKPz.exe
  C:\Windows\System\qLiGKPz.exe
  2⤵
  PID:11780
- C:\Windows\System\BllWJWJ.exe
  C:\Windows\System\BllWJWJ.exe
  2⤵
  PID:11796
- C:\Windows\System\wRBpVmL.exe
  C:\Windows\System\wRBpVmL.exe
  2⤵
  PID:11812
- C:\Windows\System\OfoOvcA.exe
  C:\Windows\System\OfoOvcA.exe
  2⤵
  PID:11828
- C:\Windows\System\bLhrjrX.exe
  C:\Windows\System\bLhrjrX.exe
  2⤵
  PID:11908
- C:\Windows\System\HNZxElg.exe
  C:\Windows\System\HNZxElg.exe
  2⤵
  PID:11928
- C:\Windows\System\UNTWLAe.exe
  C:\Windows\System\UNTWLAe.exe
  2⤵
  PID:11944
- C:\Windows\System\YTARaZN.exe
  C:\Windows\System\YTARaZN.exe
  2⤵
  PID:11964
- C:\Windows\System\NBGMzQP.exe
  C:\Windows\System\NBGMzQP.exe
  2⤵
  PID:11984
- C:\Windows\System\XpjuAbj.exe
  C:\Windows\System\XpjuAbj.exe
  2⤵
  PID:12000
- C:\Windows\System\LjZJNHH.exe
  C:\Windows\System\LjZJNHH.exe
  2⤵
  PID:12020
- C:\Windows\System\XIubAdO.exe
  C:\Windows\System\XIubAdO.exe
  2⤵
  PID:12036
- C:\Windows\System\QEUxHfg.exe
  C:\Windows\System\QEUxHfg.exe
  2⤵
  PID:12052
- C:\Windows\System\KgQdQRH.exe
  C:\Windows\System\KgQdQRH.exe
  2⤵
  PID:12112
- C:\Windows\System\IGfEFTd.exe
  C:\Windows\System\IGfEFTd.exe
  2⤵
  PID:12128
- C:\Windows\System\McNIhsC.exe
  C:\Windows\System\McNIhsC.exe
  2⤵
  PID:12144
- C:\Windows\System\ntOZIMg.exe
  C:\Windows\System\ntOZIMg.exe
  2⤵
  PID:12160
- C:\Windows\System\cnIDlPf.exe
  C:\Windows\System\cnIDlPf.exe
  2⤵
  PID:12176
- C:\Windows\System\HxUBETJ.exe
  C:\Windows\System\HxUBETJ.exe
  2⤵
  PID:12196
- C:\Windows\System\xTUQsJa.exe
  C:\Windows\System\xTUQsJa.exe
  2⤵
  PID:12212
- C:\Windows\System\MZYqmJl.exe
  C:\Windows\System\MZYqmJl.exe
  2⤵
  PID:12228
- C:\Windows\System\FSasNOp.exe
  C:\Windows\System\FSasNOp.exe
  2⤵
  PID:12248
- C:\Windows\System\EyDOYoP.exe
  C:\Windows\System\EyDOYoP.exe
  2⤵
  PID:12268
- C:\Windows\System\aPwwRud.exe
  C:\Windows\System\aPwwRud.exe
  2⤵
  PID:12284
- C:\Windows\System\HrtcHCr.exe
  C:\Windows\System\HrtcHCr.exe
  2⤵
  PID:2852
- C:\Windows\System\qdpXTRq.exe
  C:\Windows\System\qdpXTRq.exe
  2⤵
  PID:10608
- C:\Windows\System\KbSLHWX.exe
  C:\Windows\System\KbSLHWX.exe
  2⤵
  PID:10880
- C:\Windows\System\segDtEH.exe
  C:\Windows\System\segDtEH.exe
  2⤵
  PID:11276
- C:\Windows\System\DxwyxHa.exe
  C:\Windows\System\DxwyxHa.exe
  2⤵
  PID:11308
- C:\Windows\System\IkojuRZ.exe
  C:\Windows\System\IkojuRZ.exe
  2⤵
  PID:11340
- C:\Windows\System\PWlqvoM.exe
  C:\Windows\System\PWlqvoM.exe
  2⤵
  PID:11372
- C:\Windows\System\SnOqsei.exe
  C:\Windows\System\SnOqsei.exe
  2⤵
  PID:11400
- C:\Windows\System\lVmmPzZ.exe
  C:\Windows\System\lVmmPzZ.exe
  2⤵
  PID:11432
- C:\Windows\System\XJRTucI.exe
  C:\Windows\System\XJRTucI.exe
  2⤵
  PID:3064
- C:\Windows\System\zLSJZNs.exe
  C:\Windows\System\zLSJZNs.exe
  2⤵
  PID:11468
- C:\Windows\System\VsoKqsM.exe
  C:\Windows\System\VsoKqsM.exe
  2⤵
  PID:11496
- C:\Windows\System\VJNficA.exe
  C:\Windows\System\VJNficA.exe
  2⤵
  PID:11516
- C:\Windows\System\zarwlUk.exe
  C:\Windows\System\zarwlUk.exe
  2⤵
  PID:2404
- C:\Windows\System\rBwJhJp.exe
  C:\Windows\System\rBwJhJp.exe
  2⤵
  PID:11564
- C:\Windows\System\dcGFCcD.exe
  C:\Windows\System\dcGFCcD.exe
  2⤵
  PID:11584
- C:\Windows\System\HOJvtYj.exe
  C:\Windows\System\HOJvtYj.exe
  2⤵
  PID:11628
- C:\Windows\System\JBOLwRq.exe
  C:\Windows\System\JBOLwRq.exe
  2⤵
  PID:11648
- C:\Windows\System\DrESkaV.exe
  C:\Windows\System\DrESkaV.exe
  2⤵
  PID:2444
- C:\Windows\System\BEghClN.exe
  C:\Windows\System\BEghClN.exe
  2⤵
  PID:324
- C:\Windows\System\OUmZqac.exe
  C:\Windows\System\OUmZqac.exe
  2⤵
  PID:2488
- C:\Windows\System\wVYmRqY.exe
  C:\Windows\System\wVYmRqY.exe
  2⤵
  PID:11712
- C:\Windows\System\uIDAqmK.exe
  C:\Windows\System\uIDAqmK.exe
  2⤵
  PID:11728
- C:\Windows\System\qLooVFU.exe
  C:\Windows\System\qLooVFU.exe
  2⤵
  PID:11756
- C:\Windows\System\ZYQkgUx.exe
  C:\Windows\System\ZYQkgUx.exe
  2⤵
  PID:2036
- C:\Windows\System\IXZQzYO.exe
  C:\Windows\System\IXZQzYO.exe
  2⤵
  PID:11760
- C:\Windows\System\FbdNPqg.exe
  C:\Windows\System\FbdNPqg.exe
  2⤵
  PID:11776
- C:\Windows\System\ffTsSgz.exe
  C:\Windows\System\ffTsSgz.exe
  2⤵
  PID:1652
- C:\Windows\System\SvEkRaJ.exe
  C:\Windows\System\SvEkRaJ.exe
  2⤵
  PID:1804
- C:\Windows\System\dchEJph.exe
  C:\Windows\System\dchEJph.exe
  2⤵
  PID:1432
- C:\Windows\System\MQgyTvp.exe
  C:\Windows\System\MQgyTvp.exe
  2⤵
  PID:1984
- C:\Windows\System\pAPXAYG.exe
  C:\Windows\System\pAPXAYG.exe
  2⤵
  PID:10704
- C:\Windows\System\SNnveXk.exe
  C:\Windows\System\SNnveXk.exe
  2⤵
  PID:11840
- C:\Windows\System\vJzAHty.exe
  C:\Windows\System\vJzAHty.exe
  2⤵
  PID:908
- C:\Windows\System\pZyCZvA.exe
  C:\Windows\System\pZyCZvA.exe
  2⤵
  PID:11996
- C:\Windows\System\esNUmhT.exe
  C:\Windows\System\esNUmhT.exe
  2⤵
  PID:12068
- C:\Windows\System\AfhJEzH.exe
  C:\Windows\System\AfhJEzH.exe
  2⤵
  PID:12084
- C:\Windows\System\moyRqIK.exe
  C:\Windows\System\moyRqIK.exe
  2⤵
  PID:12104
- C:\Windows\System\EToOsSp.exe
  C:\Windows\System\EToOsSp.exe
  2⤵
  PID:12140
- C:\Windows\System\NSDRxDh.exe
  C:\Windows\System\NSDRxDh.exe
  2⤵
  PID:12048
- C:\Windows\System\KcEEHSl.exe
  C:\Windows\System\KcEEHSl.exe
  2⤵
  PID:12016
- C:\Windows\System\QTPUZLl.exe
  C:\Windows\System\QTPUZLl.exe
  2⤵
  PID:12192
- C:\Windows\System\hqQFoku.exe
  C:\Windows\System\hqQFoku.exe
  2⤵
  PID:12260
- C:\Windows\System\vgfvYPv.exe
  C:\Windows\System\vgfvYPv.exe
  2⤵
  PID:12264
- C:\Windows\System\ZuvwsbI.exe
  C:\Windows\System\ZuvwsbI.exe
  2⤵
  PID:2724
- C:\Windows\System\pEWTAiS.exe
  C:\Windows\System\pEWTAiS.exe
  2⤵
  PID:12280
- C:\Windows\System\YjqiSXC.exe
  C:\Windows\System\YjqiSXC.exe
  2⤵
  PID:10976
- C:\Windows\System\POClImo.exe
  C:\Windows\System\POClImo.exe
  2⤵
  PID:2580
- C:\Windows\System\GaZpprH.exe
  C:\Windows\System\GaZpprH.exe
  2⤵
  PID:11292
- C:\Windows\System\MfdfKba.exe
  C:\Windows\System\MfdfKba.exe
  2⤵
  PID:9720
- C:\Windows\System\eZqnTWe.exe
  C:\Windows\System\eZqnTWe.exe
  2⤵
  PID:11404
- C:\Windows\System\qRpOUQE.exe
  C:\Windows\System\qRpOUQE.exe
  2⤵
  PID:11324
- C:\Windows\System\WmcuZyN.exe
  C:\Windows\System\WmcuZyN.exe
  2⤵
  PID:11512
- C:\Windows\System\DWZFLqr.exe
  C:\Windows\System\DWZFLqr.exe
  2⤵
  PID:11436
- C:\Windows\System\DFKinwB.exe
  C:\Windows\System\DFKinwB.exe
  2⤵
  PID:11544
- C:\Windows\System\grBIlTB.exe
  C:\Windows\System\grBIlTB.exe
  2⤵
  PID:2308
- C:\Windows\System\klRFeKb.exe
  C:\Windows\System\klRFeKb.exe
  2⤵
  PID:11596
- C:\Windows\System\ILeEmfg.exe
  C:\Windows\System\ILeEmfg.exe
  2⤵
  PID:11632
- C:\Windows\System\DAiRnOr.exe
  C:\Windows\System\DAiRnOr.exe
  2⤵
  PID:11676
- C:\Windows\System\hEiTynV.exe
  C:\Windows\System\hEiTynV.exe
  2⤵
  PID:2484
- C:\Windows\System\QqwhJuJ.exe
  C:\Windows\System\QqwhJuJ.exe
  2⤵
  PID:11772
- C:\Windows\System\QNEJKdt.exe
  C:\Windows\System\QNEJKdt.exe
  2⤵
  PID:11788
- C:\Windows\System\DDEgmFa.exe
  C:\Windows\System\DDEgmFa.exe
  2⤵
  PID:12012
- C:\Windows\System\IUVMsXj.exe
  C:\Windows\System\IUVMsXj.exe
  2⤵
  PID:1528
- C:\Windows\System\AbLqNTU.exe
  C:\Windows\System\AbLqNTU.exe
  2⤵
  PID:9676
- C:\Windows\System\PkHTaXF.exe
  C:\Windows\System\PkHTaXF.exe
  2⤵
  PID:12032
- C:\Windows\System\iQzSyGK.exe
  C:\Windows\System\iQzSyGK.exe
  2⤵
  PID:912
- C:\Windows\System\VIvyGnx.exe
  C:\Windows\System\VIvyGnx.exe
  2⤵
  PID:12088
- C:\Windows\System\aFpiESk.exe
  C:\Windows\System\aFpiESk.exe
  2⤵
  PID:12100
- C:\Windows\System\uJRDeDx.exe
  C:\Windows\System\uJRDeDx.exe
  2⤵
  PID:12124
- C:\Windows\System\qpzOSoX.exe
  C:\Windows\System\qpzOSoX.exe
  2⤵
  PID:12008
- C:\Windows\System\eVBLxbx.exe
  C:\Windows\System\eVBLxbx.exe
  2⤵
  PID:12044
- C:\Windows\System\mnTaptv.exe
  C:\Windows\System\mnTaptv.exe
  2⤵
  PID:10752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ACPcfKL.exe

Filesize
6.0MB

MD5
0f09fb9df66c070e61a87bd03351e546

SHA1
fbc44cf5cb00282931db6f9b601e293a482576ad

SHA256
387a2c4285b2bcaef083ba262ccc2319e7ef00ddf305a1b7af5de984e08b95b2

SHA512
c7c9e9c86388c21ec0b120fbaa1089ab7feabab2f2052b410001184a09ec5deaa5e4d21c2b2c95b18d4d1a975367a6c19c3ec805a50dff831a037cb1d25d5529

Download Submit
C:\Windows\system\BTVmQRr.exe

Filesize
6.0MB

MD5
d5d7057bb0b48d24e6076e4d1bb87263

SHA1
a86197b18d8b1119cfd3ddb653eaca327ae1abe8

SHA256
e23c49e01916a39043ad54180f2dd472c6463583bacd3d84d67c1c4b0d7e56c8

SHA512
63046c54ad89c3790627fc62ba9f063c1b0ce67a4d209e520b028620a2f07b6b88c5ce0ecdba386189411a3a6a6cd08ebc5898c5ee546acdc52eb357835aa8cc

Download Submit
C:\Windows\system\BUMMtyz.exe

Filesize
6.0MB

MD5
ecce99972f69cfec580e10c87dc69649

SHA1
db3f459abf69bf4b7971f5e91187df019083a994

SHA256
c26239669fce8050b91f74961ec54736af40b65321f1d6786a0d819beaa2b1bb

SHA512
e3d1b7ece9ab85841fde01508954b5aea7962a86b551f19491ab32fc02fb43ff7472dfe56ea60a6be0264a511279578ee5c5d42e8ab6fe97652e72c2265b40a3

Download Submit
C:\Windows\system\FdZiyPf.exe

Filesize
6.0MB

MD5
803bd899967f3ceb6b5ebe5cbead7246

SHA1
1509f55c954f9d5df505d6afdc497b3c9f0c8621

SHA256
455bd70f0ee11865d499e0414c854689a178b2179676f4e2602c5df8f03ff166

SHA512
fb3976e55e891c7df3ed420eb1a03ff2e93942d888f2f3caa9c2311734aa20e250ebe6a58a5d29cbfd087ef6fa20956a9ef44783769a592e8c171640ec98702e

Download Submit
C:\Windows\system\FxzUEZO.exe

Filesize
6.0MB

MD5
7884bcb9e1805b09c557c87259ff86b3

SHA1
d4ca8c0de664d39f2d58561fddf37372ff624543

SHA256
43b9daf416d7c824091917c290537ea8f40c671888a02d72b680b4c6861b25c3

SHA512
9edf48cc9900d524f013055dd42917f177bc05a4769730cc1b697691d862b4d3756a09dbdf4b5ab14f05ee494d7eed418072ccc3fc84135d2359350063e93e6a

Download Submit
C:\Windows\system\LAVpakM.exe

Filesize
6.0MB

MD5
745bb170ea1d985b4771427d83269a9f

SHA1
89bff3a423a4f48f84b680208b5bf673f8de4146

SHA256
1cd77fdd94cf72cff706f971d440afc80291339358879929b1b78dc96a9ebe23

SHA512
cf93bf4c0579f82f9d08cbd290d0e4567a948de58c70d58463460125c2c650ab73f6e32a1841de0496ee70d613701448223619bcc5d0a6de575f8867a7c488c8

Download Submit
C:\Windows\system\MYZmmls.exe

Filesize
6.0MB

MD5
f5b0f891dcf27ddfa104d61b1b197085

SHA1
1e38427783dc74e5ba1a04890ecbec05eb6c528f

SHA256
9fcbbb2fe485a1770380b68da343340814888fb23d4b4c4127a56c56b131aa7e

SHA512
38716ea2b98544531195ffac2d71aed9055628e42b8fc01e173921878daccf357f119771190c1520577feb4e710921ce1eec86c5feca8ed55c89c3d8dd97f4ef

Download Submit
C:\Windows\system\MqKStOE.exe

Filesize
6.0MB

MD5
47d30118153fbca92bac098dc1ebdb12

SHA1
dc9dd8aa893eb6e6348dbaa1c5790cd8ac1e5c87

SHA256
bc44b0785d01365d687491bb9eeb5eeb9e31c4457e0ec8cd17f8eab43b4aae6f

SHA512
b20c13de93352879c68bb098e74b5ea3b0cdf2441b1ed3598f3420e104b303d9bf27f5de9259ee5f6ec99fc5343dca6b4b24051fbf25cd5c4a07e81b9f809fb9

Download Submit
C:\Windows\system\NNLVZIA.exe

Filesize
6.0MB

MD5
564256d07c5303c9bb63b2169aadaa33

SHA1
c7120d051df21da1b418a0d0cef45ad134931d99

SHA256
3441d5e7501c1661c43e71dae60fb7c7867b89e2bf9ed545fb22231453185079

SHA512
00b70365aa7039b68b26bf872315995ce6d7ef6b43c18e6eba263ea6faa35e34805920a1067b37c0af30a51b380943106e67477740ef544a0472d346e916b2b8

Download Submit
C:\Windows\system\NeUxUFA.exe

Filesize
6.0MB

MD5
8299abfaf58ed44ef5b18257e1dbad64

SHA1
4a9561f75abeefb962b0b90c75c15b98e2779635

SHA256
d6363cba6812543c91a782a395245475315cd8de48c246debd3d4e73a5fa5159

SHA512
64e1872a20ad719153ff2cab5660cc89aea8a946df47bb1f0ba8a1cf1fe9236cbeab6917e457be89a6c6304c00de794a900ba880cd957b2ec574808799e7f4ed

Download Submit
C:\Windows\system\OBBwUzO.exe

Filesize
6.0MB

MD5
f5857db2bbed0d11801fdba674f79191

SHA1
b100be4124f02a677eebf2e8e1edd64f1ea27b36

SHA256
0736193baf183a89e2ccb8e8c66d0afdcbd8f2c03c92445d931f8ca2f2d30d93

SHA512
1f0000661fb625d26ee21de2465472a8391bdeba8d16d5c51837acf6e1cb46aa6645de28a1913822f7b5b3a6f1addc144f28fb6c20b2a60907aa35486bf71113

Download Submit
C:\Windows\system\OqwGMwd.exe

Filesize
6.0MB

MD5
76babf626b590f4f2d640b1883f29bfc

SHA1
ca2002250bf18fda2009571a564e6629239bffea

SHA256
a64b67374659d62db16965518bf03c03c9d2e12bb6d420f4720bc7ac8618de80

SHA512
7a35852c572f8d0cfd38a2febd15b43f68a3a74e0c6a3aadb54242ba6936b471c20ce24cb1749eaf9384bed57351abd1ed356df248420301057b81ea59b048c1

Download Submit
C:\Windows\system\RCDnfSm.exe

Filesize
6.0MB

MD5
db9931ab8121375bf8d4080c2a6ddaba

SHA1
a63203a5e8dcbd9ddedcf428df9eef4fde3f5939

SHA256
aee7dfdb75b0c13e5190e498db113c01d5175e61c9eaabb5e69ca8790b06810f

SHA512
8eea518eab11c554be06ec5f5715aa214912b4f2d6a0fd9021feacc40130c4d2e17487630417b88bb47638cf59a28c160fa46fa358546559e340b8331b942a98

Download Submit
C:\Windows\system\RuWIKGu.exe

Filesize
6.0MB

MD5
9800bb6c1e05bd73ee44bb782e3cf7e1

SHA1
dddfa3920bb4884e097355d3efb087686e93ae6c

SHA256
7339fff5e6233de2d4defe9b6fac158bc17e5f936fe58bf466a23ed2ae6a0894

SHA512
e938f0177ccc26fac48639f00d78fd656cd7dceaa1d8686ef5e63120f9c1d78b9fa061d7c4ff7de49248702fb936234316fbdf0ffe5c76f3fdcecaf50bd2288f

Download Submit
C:\Windows\system\TENmFUc.exe

Filesize
6.0MB

MD5
2a98e2348c9c13f262fe81d84c86c4b6

SHA1
ebad1ad73fe3b9cbe2aadc8a74e125a9062f16ed

SHA256
e01e3f900544a21a25d3c8265234cd40a8e80b28fa17b0c5d63355988e721137

SHA512
6e8988c96651e64b2dce85c60aa51805f7a47927ce6c38775c71619e3f3a480bd2582abf8d886df1aba3a37174d93d6b9ab84ad01ed8e82f737532da6b301a2a

Download Submit
C:\Windows\system\YGYBaWw.exe

Filesize
6.0MB

MD5
1f9f7659f6a7e847d31c3a92c7e078b9

SHA1
ddbe846bb9018cda99e8a6b48cdf4e5f3018693e

SHA256
af46bd1aef557e5eff7881ded37575efab8613f994f703884f56ba848287b85c

SHA512
350eade41f396a5949cb64797a78c81086330981f5834d578152598f72d76277176a8df7df9437aa57a40911682c8cbc303e9ed58bc79d6987adf3e9bde65b2a

Download Submit
C:\Windows\system\bNNompG.exe

Filesize
6.0MB

MD5
8175fbf9ef6cc5e4126c473492b128d2

SHA1
001d96729f90da4c88f35b73124ef9229fe1e8a0

SHA256
7d4097996943d5d9ed39f326a0350f69a363fcc7199dc334ab0c6ac409529d98

SHA512
ec98807bb9bdf1f6b90a744c79355e4035e759ac447712df8d4cc6095eedbc0fdd9764d4725c3c58860bdd4e198ab514ca95c286051579941e864dcc8e9dccdd

Download Submit
C:\Windows\system\cYTxBoS.exe

Filesize
6.0MB

MD5
d7ec80da18026676d11b2203601e3c02

SHA1
3d80e58869771858ff31e8be2d09032a98b46b1c

SHA256
51a294c3cd2c77c84447980895055d63d7974f156378fbcd0d9810f4d3cf3b83

SHA512
bff05907646c97d732b07c92019fa7051bf1b16eb9014be10a79be8665c4bb33078fdae34de60601c8eb13750cb56f9816f266620debcc927b7e2baae5e3dc3b

Download Submit
C:\Windows\system\fmbnwGm.exe

Filesize
6.0MB

MD5
c642f3ba69915451e4caa1db7754c5f1

SHA1
3b866b011cb9b437156254db0840c9cba28c786d

SHA256
96e18274bf6bda4a50e6ce18ebc5da4e07d8ccfcbeebb06392a07ea2d434927b

SHA512
afeb574aebfc295f348e3239d756198cec3703245e72952a82ea158d39b0d5cac30d0abbb47d41dfb90e861992e0a3f5db94b11d2dc7903d8713b300378b2769

Download Submit
C:\Windows\system\gRpZASm.exe

Filesize
6.0MB

MD5
b3d433e4cfa2b4378f5aff21908f3e4a

SHA1
15749d719a32af4bfeefa9d369657cfdfb5cf9dd

SHA256
2638bca4b2bcef67980e5e1de0a6f20291c81edce77d3bbfde1e36c67cff09da

SHA512
521cc752abde9d2bef7090c57db97856d5e4ba9da7c976d13d75c1935f8e1dabccd787fc8114f750107bd9703c2a81ca941b01fd06dc7c8fac41e355cc4fdc0c

Download Submit
C:\Windows\system\konxCTd.exe

Filesize
6.0MB

MD5
1e62d6fec291f12bf7486b1d3abbe79b

SHA1
51c1f9f1cf84b672ce01c377409cf02d50691d68

SHA256
f0cf3e0ad2152c640dd8e1256989c2a14445f969a036267e9dbe3235405586fd

SHA512
57afc9065a65fce1865cadc7ec396d7fe8ceb5e6d7f1619e8618f25e5386992feed02ce4daded79a4d515ee03b8346d1d2178e67c56ee8959d4fa1e77abe8c28

Download Submit
C:\Windows\system\mFIpIBe.exe

Filesize
6.0MB

MD5
75a23bdf48e1056aef74117fe472accf

SHA1
b1415bb8f8d48b4a3906f8be0d952ba02c713193

SHA256
692652c922adad6523108778d135f1821fcf7573e65fbdb60e048dce02e3ee3e

SHA512
25db9e1fa2c85f51d3f8bdddc72e6b569007a0c2b19a7dfb43a591f704f5feffbd1494a769b93b7e1fd20b18c1eabf1d00c8ec170e8e7a87270180e30ba8ba2d

Download Submit
C:\Windows\system\osrPsXY.exe

Filesize
6.0MB

MD5
34235e736ce8b0dc09454458f04ef4ef

SHA1
d4c6b0f1d38d22641bb07d14f24559e45ecb771b

SHA256
afa9312704dcbedc43eae4a94102ba92fc166646ae35065664dbdda6c858e4b3

SHA512
9701537fc44c0c88ce3d0dc21fc280d9af113e23ee9936e313a5c582425286e26d65d13f4894fa96fd9f90f396f1d6a9627be9daa82d60a739d2b20ba9fc006f

Download Submit
C:\Windows\system\pxWqUaI.exe

Filesize
6.0MB

MD5
a606099eb3549bc27d591e4ddf5701ec

SHA1
a0df811b755e540f43a8a6cb50fd58ed2e586ac3

SHA256
560d7a794ded1f75ff5afd7f0bb7a4835eb0784a8fc1175f53d074e9d4f3c2eb

SHA512
79b43d4e4163df6a2a35418d5b049f2e4bb03f9fa43c277fbf8f1c5275abc15c2a2ac93bc01740c44df7ec0afdca702cb795e761cdb7df8e7e7f8dc3dc03cb7c

Download Submit
C:\Windows\system\rftmQdh.exe

Filesize
6.0MB

MD5
5989d01dee07b51be1eb99002e9f234d

SHA1
97122c330691512db13180747ce177b376060ba7

SHA256
0ed1b065f2070323a0e4000e7b03226692aa53078f2102c0e258bf0b86ba948b

SHA512
b913da8694960fd4569879ee83eed18520c72a7fa486361fa96f673a7afe34c78de7c02d0a30201b356de6d4fcf4f9871800702da3658ccc49c734b284136826

Download Submit
C:\Windows\system\teiHzWN.exe

Filesize
6.0MB

MD5
b6d7e433715d30a610ccfce636539c13

SHA1
38e906c24be62317c94d5332e65df94c53917012

SHA256
7cf77d3c60ff3db98484c2ea57523cf5382065f7f5fa18bc5b3ae45f92323673

SHA512
d868f9802c4894813ceeb4661015fe7b175e0ddcbdf7321ce5af0e9cf199826793d8fb1f6ea1fef64f79e725f92949ccfc422d2be1d6c67366d49e842cc627c6

Download Submit
C:\Windows\system\tnmJNps.exe

Filesize
6.0MB

MD5
84612b199b6c37f1c00db3434958e287

SHA1
834d3e36d55b9080afff2dbf71c157f4d0aca0f9

SHA256
2a10f55b2e532654ad37c04ed089848a0efda2a90bd5916db153cc1d3d7866cf

SHA512
ea553d2567835b6aa17128509f3bb22bf6a7ce47fa8d0279c14fcf2360fa41ca6b7432484f4cae639e911babadfc087aaedbd770eb053de59d8b88d401d65a44

Download Submit
C:\Windows\system\uudygmU.exe

Filesize
6.0MB

MD5
21e2a1eecb930c6580b14a6f3b0a07a7

SHA1
249057b93b0265a65efedc62312dbb1bc15fc408

SHA256
66c288e398f1ff4140df989f82704da6e4b4a4d07d187d5bed95cd35b6b1816f

SHA512
f114fb2885f47cda120f12149065749167b8a2a70f1caeb76cd82da14c38008a3ea4d179f3d19cce5e17f8219b3f5f5e8bd8bfbd3671e8d4f22eee54d324b89b

Download Submit
C:\Windows\system\wbNzbxV.exe

Filesize
6.0MB

MD5
f6ac24928d891e5243f064ae4e1b5067

SHA1
71da6dc31c3094e997d3419a5154883cdd01a42a

SHA256
3f5faabebba500f73263a20c54b8f6b9e10df96ba3750480af52b4f064fd943a

SHA512
83537f3339c6dc0ca4d7f4136fe5b870fd9290aefd7877f447b39819cbd0c9c5004135278f1bce2d07375f2208deaf65ae60c268b5fca3dabe37c9deac337fc3

Download Submit
C:\Windows\system\ztPOlpj.exe

Filesize
6.0MB

MD5
dc0c73e65f6b43fe14257fc389663b31

SHA1
2967ba98e616c6ff3df23d8a169e8dce116dbfaa

SHA256
cba8d7f7882e2afdfa52ba60e9e68865f4620ee3be62bf6645e208fea295f544

SHA512
2924b1a0c330aa1f0167e947ea41a61af0f0269c757f5611e0825ede4c8659b867a8832faed32a5a448ad8197bba3d04e5b22a1ccf14f4faa88635b6066fab11

Download Submit
\Windows\system\CvQKfOL.exe

Filesize
6.0MB

MD5
fa2970f9ef1600b7d3f6c10b97ddfcc3

SHA1
1e410960c81ca22af1748260def4ef17e7c35cbc

SHA256
2d15d8616badfd3b4a5f39e84a9cf057dd78c4cec79069f11cda2575802b838e

SHA512
12fdf2e0c94e888b4f732c9e536295a0297c7ea8f3a47b08b3ad9a4a7938e84d628eed5fa11f954b3bdad7d8bfb99c0bf131acf1f58254b893c55f98efa2e481

Download Submit
\Windows\system\IdhLWun.exe

Filesize
6.0MB

MD5
bb5a9a7f11133ff54d25b5998b3a48f5

SHA1
843529a26641a5086fd1873ff592d4746860e03a

SHA256
f0a2b4df6de33fe38e70a8fb569ef863238430d4828243652be95edc88c8d7dd

SHA512
ccdbe1e35373d606f66a376f9124c039401a9693125c8806497541729921eab962f7ea6edd7cddefc5ea252d19faeb9f964be5b8e4d30ce65bc2f864204fc9af

Download Submit
memory/1856-453-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1856-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/1856-290-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-0-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1856-454-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1856-13-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-7-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-21-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-536-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1856-27-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-41-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1856-108-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1856-107-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-702-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1856-50-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1856-52-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1856-60-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-82-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1856-875-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-877-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1856-39-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1856-90-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1856-72-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1856-75-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1856-74-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1988-3111-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-91-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-703-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2140-51-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2140-3802-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2264-3104-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-14-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-3103-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-16-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-540-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2376-84-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2376-3113-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2624-71-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3106-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2680-83-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3114-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-538-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-291-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-64-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3112-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-110-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3107-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2788-43-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2804-40-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3803-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2844-73-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-3105-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-26-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-109-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3108-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2984-89-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-29-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-3109-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3110-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/3048-457-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/3048-76-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download