cobaltstrike | 3bc03d585cc4a45168a7184972c8489eba7cbb3ea3fe59597c9e80ba2eb99f4c

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17/11/2024, 15:49 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

d33879634ce200f7874e4b28923820ea
SHA1

fcf1862a153a323b8c650f12aefccc0a153ef2ac
SHA256

3bc03d585cc4a45168a7184972c8489eba7cbb3ea3fe59597c9e80ba2eb99f4c
SHA512

a9119cc354b7894c0d420d13fc92ca0afbbb8e673e8b0bf6e099f50208e4a796f87dc4ae64fd098753a8bde7f358227dedb9b9dca1575057cb2f6a39e0e3bbb1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUn:T+q56utgpPF8u/7n

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d0000000122e4-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016db5-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dd0-19.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016de8-38.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018697-53.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016eb8-49.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016de4-35.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d58-18.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d36-64.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-74.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-68.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-193.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-183.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-99.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-87.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-86.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-79.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-96.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3000-0-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x000d0000000122e4-3.dat	xmrig
behavioral1/memory/3000-6-0x0000000002580000-0x00000000028D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016db5-10.dat	xmrig
behavioral1/files/0x0007000000016dd0-19.dat	xmrig
behavioral1/memory/2524-22-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2376-25-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2844-29-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x0009000000016de8-38.dat	xmrig
behavioral1/memory/2820-42-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018697-53.dat	xmrig
behavioral1/memory/2696-51-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2852-59-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/3000-50-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016eb8-49.dat	xmrig
behavioral1/memory/2424-36-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/files/0x0007000000016de4-35.dat	xmrig
behavioral1/memory/3000-31-0x0000000002580000-0x00000000028D4000-memory.dmp	xmrig
behavioral1/memory/1976-24-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d58-18.dat	xmrig
behavioral1/memory/3000-13-0x0000000002580000-0x00000000028D4000-memory.dmp	xmrig
behavioral1/memory/2844-61-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2424-62-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2820-63-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d36-64.dat	xmrig
behavioral1/files/0x0006000000018c34-74.dat	xmrig
behavioral1/files/0x00050000000187a2-68.dat	xmrig
behavioral1/files/0x00050000000191f6-106.dat	xmrig
behavioral1/memory/3040-108-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/3000-109-0x0000000002580000-0x00000000028D4000-memory.dmp	xmrig
behavioral1/memory/1724-107-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/1140-105-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019240-128.dat	xmrig
behavioral1/files/0x0005000000019259-131.dat	xmrig
behavioral1/files/0x0005000000019275-148.dat	xmrig
behavioral1/files/0x0005000000019319-163.dat	xmrig
behavioral1/files/0x0005000000019365-168.dat	xmrig
behavioral1/memory/2852-212-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c1-193.dat	xmrig
behavioral1/files/0x00050000000193a4-183.dat	xmrig
behavioral1/files/0x00050000000193b3-188.dat	xmrig
behavioral1/files/0x0005000000019377-173.dat	xmrig
behavioral1/files/0x0005000000019387-178.dat	xmrig
behavioral1/files/0x0005000000019278-153.dat	xmrig
behavioral1/files/0x000500000001929a-158.dat	xmrig
behavioral1/files/0x000500000001926c-143.dat	xmrig
behavioral1/files/0x0005000000019268-138.dat	xmrig
behavioral1/files/0x0005000000019217-123.dat	xmrig
behavioral1/files/0x00050000000191d2-99.dat	xmrig
behavioral1/memory/2696-89-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2624-88-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/files/0x0006000000018f65-87.dat	xmrig
behavioral1/files/0x000600000001904c-86.dat	xmrig
behavioral1/files/0x0006000000018c44-79.dat	xmrig
behavioral1/memory/3044-78-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/3000-97-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x00060000000190e1-96.dat	xmrig
behavioral1/memory/2524-2906-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/1976-2907-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2844-2915-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2376-2912-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2424-2917-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2820-2921-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2696-2924-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1976	sdBqynP.exe
2376	bWgSUVB.exe
2524	dcAzxmP.exe
2844	wjblBYZ.exe
2424	SJucZuu.exe
2820	zyvaffr.exe
2696	ISleJKE.exe
2852	GxslNuR.exe
2624	sMEpgfV.exe
3044	WhruBgR.exe
3040	cFkBZtG.exe
1140	leOCnqu.exe
1724	ALNoPEh.exe
1400	ZclwFZi.exe
620	FhRPuah.exe
1352	ZGExgja.exe
1620	bKIlPPc.exe
300	PlqkeoT.exe
1908	gcjnJuD.exe
2420	NRPTUux.exe
2876	cFFJbYK.exe
2188	CpQflSZ.exe
2220	PvdwwMm.exe
1772	ZlkKNyA.exe
2144	EfNpxlf.exe
3012	shXJNAf.exe
1456	wwIILhj.exe
2772	wRwAxYM.exe
2980	diYbXfz.exe
1196	LoyBTjC.exe
1532	areuXpY.exe
2556	rTRPBXv.exe
1300	dPUpTFO.exe
1916	qjJtyku.exe
1616	hfNjAcD.exe
1788	fZQtjvg.exe
896	KSCsszX.exe
844	QLWkQAG.exe
2432	lFqIDxv.exe
336	WepzGWs.exe
2288	iujrxhQ.exe
1912	NbuLutn.exe
1680	fmdVgZK.exe
1200	wCAdVEb.exe
868	CoWEUmg.exe
1288	XFWHkVN.exe
1420	RvFPsBT.exe
940	IcXahaj.exe
2248	LbdnBZA.exe
2176	aBwxSwm.exe
1520	FsqkuTO.exe
1728	adnMpeu.exe
2540	altVlTP.exe
2428	svUOFcg.exe
3020	SNDdmjC.exe
2796	oANbRvP.exe
2216	CvIrTxp.exe
2452	hyoyouS.exe
2700	eHxicIN.exe
2872	LgjGesj.exe
2788	gtbnoUl.exe
2296	jtfyvJp.exe
2464	QVrBOAK.exe
2804	RIsslcx.exe

Loads dropped DLL 64 IoCs

pid	Process
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3000-0-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x000d0000000122e4-3.dat	upx
behavioral1/memory/3000-6-0x0000000002580000-0x00000000028D4000-memory.dmp	upx
behavioral1/files/0x0007000000016db5-10.dat	upx
behavioral1/files/0x0007000000016dd0-19.dat	upx
behavioral1/memory/2524-22-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2376-25-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2844-29-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x0009000000016de8-38.dat	upx
behavioral1/memory/2820-42-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/files/0x0006000000018697-53.dat	upx
behavioral1/memory/2696-51-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2852-59-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/3000-50-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x0009000000016eb8-49.dat	upx
behavioral1/memory/2424-36-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/files/0x0007000000016de4-35.dat	upx
behavioral1/memory/1976-24-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x0008000000016d58-18.dat	upx
behavioral1/memory/2844-61-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2424-62-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2820-63-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/files/0x0009000000016d36-64.dat	upx
behavioral1/files/0x0006000000018c34-74.dat	upx
behavioral1/files/0x00050000000187a2-68.dat	upx
behavioral1/files/0x00050000000191f6-106.dat	upx
behavioral1/memory/3040-108-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/3000-109-0x0000000002580000-0x00000000028D4000-memory.dmp	upx
behavioral1/memory/1724-107-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/1140-105-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x0005000000019240-128.dat	upx
behavioral1/files/0x0005000000019259-131.dat	upx
behavioral1/files/0x0005000000019275-148.dat	upx
behavioral1/files/0x0005000000019319-163.dat	upx
behavioral1/files/0x0005000000019365-168.dat	upx
behavioral1/memory/2852-212-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x00050000000193c1-193.dat	upx
behavioral1/files/0x00050000000193a4-183.dat	upx
behavioral1/files/0x00050000000193b3-188.dat	upx
behavioral1/files/0x0005000000019377-173.dat	upx
behavioral1/files/0x0005000000019387-178.dat	upx
behavioral1/files/0x0005000000019278-153.dat	upx
behavioral1/files/0x000500000001929a-158.dat	upx
behavioral1/files/0x000500000001926c-143.dat	upx
behavioral1/files/0x0005000000019268-138.dat	upx
behavioral1/files/0x0005000000019217-123.dat	upx
behavioral1/files/0x00050000000191d2-99.dat	upx
behavioral1/memory/2696-89-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2624-88-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/files/0x0006000000018f65-87.dat	upx
behavioral1/files/0x000600000001904c-86.dat	upx
behavioral1/files/0x0006000000018c44-79.dat	upx
behavioral1/memory/3044-78-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x00060000000190e1-96.dat	upx
behavioral1/memory/2524-2906-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/1976-2907-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2844-2915-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2376-2912-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2424-2917-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2820-2921-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2696-2924-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2852-2925-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/3044-3500-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2624-3499-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\SIodpBd.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jmiOcbX.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JaKtYng.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ensjRqt.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aKduRky.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FcShtDB.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DzPnqtX.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OsXWhUV.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WwZhTlA.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iruQIxi.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SHyuqEC.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JKUeAyY.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UipPdpc.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vOZhuJS.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kNjoRFc.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NbQqfRi.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvTJaKY.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqbakOv.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dOWXwOD.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\znXRQvR.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\giKyOXB.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eoPzeyK.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjUbXil.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uJEwPfK.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vuqjVEm.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SVrNNBK.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWGseMr.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LKsmrzB.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLjoSDU.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dfVigPc.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CoWEUmg.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oUiJUbd.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hpfsJYF.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LBBLTty.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHGAhyT.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hITKNxp.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbZFOQz.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PXxbAYa.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hFszHqb.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGVFDZT.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DzGTDDB.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oaFCpjp.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVOLQlX.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vvTgKqz.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\irvlYED.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rUzTvdK.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HZhyUkG.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hDmRuGk.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jkOwiev.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngTpDyF.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TMRVYcv.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRAyTUd.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mbMXboY.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZkzmTOz.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sZXKcLP.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Szrmtyf.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uttKJUP.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AuEjajd.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YcpWBSg.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uzgmPAn.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OMSLlJn.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxoaoaG.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqaSlOF.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TWFGbGx.exe	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 1976	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3000 wrote to memory of 1976	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3000 wrote to memory of 1976	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3000 wrote to memory of 2524	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3000 wrote to memory of 2524	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3000 wrote to memory of 2524	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3000 wrote to memory of 2376	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3000 wrote to memory of 2376	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3000 wrote to memory of 2376	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3000 wrote to memory of 2844	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3000 wrote to memory of 2844	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3000 wrote to memory of 2844	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3000 wrote to memory of 2424	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3000 wrote to memory of 2424	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3000 wrote to memory of 2424	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3000 wrote to memory of 2820	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3000 wrote to memory of 2820	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3000 wrote to memory of 2820	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3000 wrote to memory of 2696	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3000 wrote to memory of 2696	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3000 wrote to memory of 2696	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3000 wrote to memory of 2852	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3000 wrote to memory of 2852	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3000 wrote to memory of 2852	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3000 wrote to memory of 2624	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3000 wrote to memory of 2624	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3000 wrote to memory of 2624	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3000 wrote to memory of 3040	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3000 wrote to memory of 3040	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3000 wrote to memory of 3040	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3000 wrote to memory of 3044	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3000 wrote to memory of 3044	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3000 wrote to memory of 3044	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3000 wrote to memory of 1400	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3000 wrote to memory of 1400	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3000 wrote to memory of 1400	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3000 wrote to memory of 1140	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3000 wrote to memory of 1140	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3000 wrote to memory of 1140	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3000 wrote to memory of 1352	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3000 wrote to memory of 1352	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3000 wrote to memory of 1352	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3000 wrote to memory of 1724	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3000 wrote to memory of 1724	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3000 wrote to memory of 1724	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3000 wrote to memory of 1620	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3000 wrote to memory of 1620	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3000 wrote to memory of 1620	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3000 wrote to memory of 620	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3000 wrote to memory of 620	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3000 wrote to memory of 620	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3000 wrote to memory of 300	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3000 wrote to memory of 300	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3000 wrote to memory of 300	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3000 wrote to memory of 1908	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3000 wrote to memory of 1908	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3000 wrote to memory of 1908	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3000 wrote to memory of 2420	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3000 wrote to memory of 2420	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3000 wrote to memory of 2420	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3000 wrote to memory of 2876	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 3000 wrote to memory of 2876	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 3000 wrote to memory of 2876	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 3000 wrote to memory of 2188	3000	2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-17_d33879634ce200f7874e4b28923820ea_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\System\sdBqynP.exe
  C:\Windows\System\sdBqynP.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\dcAzxmP.exe
  C:\Windows\System\dcAzxmP.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\bWgSUVB.exe
  C:\Windows\System\bWgSUVB.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\wjblBYZ.exe
  C:\Windows\System\wjblBYZ.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\SJucZuu.exe
  C:\Windows\System\SJucZuu.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\zyvaffr.exe
  C:\Windows\System\zyvaffr.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\ISleJKE.exe
  C:\Windows\System\ISleJKE.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\GxslNuR.exe
  C:\Windows\System\GxslNuR.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\sMEpgfV.exe
  C:\Windows\System\sMEpgfV.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\cFkBZtG.exe
  C:\Windows\System\cFkBZtG.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\WhruBgR.exe
  C:\Windows\System\WhruBgR.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\ZclwFZi.exe
  C:\Windows\System\ZclwFZi.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\leOCnqu.exe
  C:\Windows\System\leOCnqu.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\ZGExgja.exe
  C:\Windows\System\ZGExgja.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\ALNoPEh.exe
  C:\Windows\System\ALNoPEh.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\bKIlPPc.exe
  C:\Windows\System\bKIlPPc.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\FhRPuah.exe
  C:\Windows\System\FhRPuah.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\PlqkeoT.exe
  C:\Windows\System\PlqkeoT.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\gcjnJuD.exe
  C:\Windows\System\gcjnJuD.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\NRPTUux.exe
  C:\Windows\System\NRPTUux.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\cFFJbYK.exe
  C:\Windows\System\cFFJbYK.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\CpQflSZ.exe
  C:\Windows\System\CpQflSZ.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\PvdwwMm.exe
  C:\Windows\System\PvdwwMm.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\ZlkKNyA.exe
  C:\Windows\System\ZlkKNyA.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\EfNpxlf.exe
  C:\Windows\System\EfNpxlf.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\shXJNAf.exe
  C:\Windows\System\shXJNAf.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\wwIILhj.exe
  C:\Windows\System\wwIILhj.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\wRwAxYM.exe
  C:\Windows\System\wRwAxYM.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\diYbXfz.exe
  C:\Windows\System\diYbXfz.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\LoyBTjC.exe
  C:\Windows\System\LoyBTjC.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\areuXpY.exe
  C:\Windows\System\areuXpY.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\rTRPBXv.exe
  C:\Windows\System\rTRPBXv.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\dPUpTFO.exe
  C:\Windows\System\dPUpTFO.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\qjJtyku.exe
  C:\Windows\System\qjJtyku.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\hfNjAcD.exe
  C:\Windows\System\hfNjAcD.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\fZQtjvg.exe
  C:\Windows\System\fZQtjvg.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\KSCsszX.exe
  C:\Windows\System\KSCsszX.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\QLWkQAG.exe
  C:\Windows\System\QLWkQAG.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\lFqIDxv.exe
  C:\Windows\System\lFqIDxv.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\WepzGWs.exe
  C:\Windows\System\WepzGWs.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\iujrxhQ.exe
  C:\Windows\System\iujrxhQ.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\NbuLutn.exe
  C:\Windows\System\NbuLutn.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\fmdVgZK.exe
  C:\Windows\System\fmdVgZK.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\wCAdVEb.exe
  C:\Windows\System\wCAdVEb.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\CoWEUmg.exe
  C:\Windows\System\CoWEUmg.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\XFWHkVN.exe
  C:\Windows\System\XFWHkVN.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\RvFPsBT.exe
  C:\Windows\System\RvFPsBT.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\IcXahaj.exe
  C:\Windows\System\IcXahaj.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\LbdnBZA.exe
  C:\Windows\System\LbdnBZA.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\aBwxSwm.exe
  C:\Windows\System\aBwxSwm.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\FsqkuTO.exe
  C:\Windows\System\FsqkuTO.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\adnMpeu.exe
  C:\Windows\System\adnMpeu.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\altVlTP.exe
  C:\Windows\System\altVlTP.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\svUOFcg.exe
  C:\Windows\System\svUOFcg.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\SNDdmjC.exe
  C:\Windows\System\SNDdmjC.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\oANbRvP.exe
  C:\Windows\System\oANbRvP.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\CvIrTxp.exe
  C:\Windows\System\CvIrTxp.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\hyoyouS.exe
  C:\Windows\System\hyoyouS.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\eHxicIN.exe
  C:\Windows\System\eHxicIN.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\LgjGesj.exe
  C:\Windows\System\LgjGesj.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\gtbnoUl.exe
  C:\Windows\System\gtbnoUl.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\jtfyvJp.exe
  C:\Windows\System\jtfyvJp.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\QVrBOAK.exe
  C:\Windows\System\QVrBOAK.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\RIsslcx.exe
  C:\Windows\System\RIsslcx.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\WEyKaOL.exe
  C:\Windows\System\WEyKaOL.exe
  2⤵
  PID:2124
- C:\Windows\System\gJEmreu.exe
  C:\Windows\System\gJEmreu.exe
  2⤵
  PID:1720
- C:\Windows\System\hkQDMGW.exe
  C:\Windows\System\hkQDMGW.exe
  2⤵
  PID:704
- C:\Windows\System\QWtnmFm.exe
  C:\Windows\System\QWtnmFm.exe
  2⤵
  PID:2644
- C:\Windows\System\GiKVaXc.exe
  C:\Windows\System\GiKVaXc.exe
  2⤵
  PID:1992
- C:\Windows\System\MOkhjVe.exe
  C:\Windows\System\MOkhjVe.exe
  2⤵
  PID:1212
- C:\Windows\System\FWWDqvn.exe
  C:\Windows\System\FWWDqvn.exe
  2⤵
  PID:1504
- C:\Windows\System\StiNEoy.exe
  C:\Windows\System\StiNEoy.exe
  2⤵
  PID:1464
- C:\Windows\System\NEvQZTq.exe
  C:\Windows\System\NEvQZTq.exe
  2⤵
  PID:2528
- C:\Windows\System\oaixNqF.exe
  C:\Windows\System\oaixNqF.exe
  2⤵
  PID:2200
- C:\Windows\System\cKoejsB.exe
  C:\Windows\System\cKoejsB.exe
  2⤵
  PID:2156
- C:\Windows\System\JeJaiVU.exe
  C:\Windows\System\JeJaiVU.exe
  2⤵
  PID:404
- C:\Windows\System\ppbZxJT.exe
  C:\Windows\System\ppbZxJT.exe
  2⤵
  PID:2476
- C:\Windows\System\Rzexkci.exe
  C:\Windows\System\Rzexkci.exe
  2⤵
  PID:924
- C:\Windows\System\SVWdkoQ.exe
  C:\Windows\System\SVWdkoQ.exe
  2⤵
  PID:1292
- C:\Windows\System\eeINXqP.exe
  C:\Windows\System\eeINXqP.exe
  2⤵
  PID:1548
- C:\Windows\System\iLeOQdI.exe
  C:\Windows\System\iLeOQdI.exe
  2⤵
  PID:1748
- C:\Windows\System\MOCzFRD.exe
  C:\Windows\System\MOCzFRD.exe
  2⤵
  PID:1776
- C:\Windows\System\SxwuMaX.exe
  C:\Windows\System\SxwuMaX.exe
  2⤵
  PID:2472
- C:\Windows\System\IeQyxtz.exe
  C:\Windows\System\IeQyxtz.exe
  2⤵
  PID:2208
- C:\Windows\System\euDxAYB.exe
  C:\Windows\System\euDxAYB.exe
  2⤵
  PID:2448
- C:\Windows\System\IKhtgvr.exe
  C:\Windows\System\IKhtgvr.exe
  2⤵
  PID:2228
- C:\Windows\System\JkSNCHd.exe
  C:\Windows\System\JkSNCHd.exe
  2⤵
  PID:676
- C:\Windows\System\cFxGNNu.exe
  C:\Windows\System\cFxGNNu.exe
  2⤵
  PID:1840
- C:\Windows\System\SkFLWeo.exe
  C:\Windows\System\SkFLWeo.exe
  2⤵
  PID:1944
- C:\Windows\System\fQJtLPl.exe
  C:\Windows\System\fQJtLPl.exe
  2⤵
  PID:1632
- C:\Windows\System\ujAQDnp.exe
  C:\Windows\System\ujAQDnp.exe
  2⤵
  PID:2180
- C:\Windows\System\VkFXlEx.exe
  C:\Windows\System\VkFXlEx.exe
  2⤵
  PID:2748
- C:\Windows\System\ThCBmyp.exe
  C:\Windows\System\ThCBmyp.exe
  2⤵
  PID:2536
- C:\Windows\System\tlFBPaR.exe
  C:\Windows\System\tlFBPaR.exe
  2⤵
  PID:1932
- C:\Windows\System\ZdDfKGm.exe
  C:\Windows\System\ZdDfKGm.exe
  2⤵
  PID:2760
- C:\Windows\System\wvTukZH.exe
  C:\Windows\System\wvTukZH.exe
  2⤵
  PID:2308
- C:\Windows\System\hLjaiTO.exe
  C:\Windows\System\hLjaiTO.exe
  2⤵
  PID:2360
- C:\Windows\System\YHBGIMq.exe
  C:\Windows\System\YHBGIMq.exe
  2⤵
  PID:2828
- C:\Windows\System\KdNSJRN.exe
  C:\Windows\System\KdNSJRN.exe
  2⤵
  PID:2460
- C:\Windows\System\pWVQubp.exe
  C:\Windows\System\pWVQubp.exe
  2⤵
  PID:2300
- C:\Windows\System\nYPgnBo.exe
  C:\Windows\System\nYPgnBo.exe
  2⤵
  PID:2004
- C:\Windows\System\YFtjPQd.exe
  C:\Windows\System\YFtjPQd.exe
  2⤵
  PID:1584
- C:\Windows\System\ClPbGkQ.exe
  C:\Windows\System\ClPbGkQ.exe
  2⤵
  PID:2912
- C:\Windows\System\GArUlIS.exe
  C:\Windows\System\GArUlIS.exe
  2⤵
  PID:2892
- C:\Windows\System\rFaUbKT.exe
  C:\Windows\System\rFaUbKT.exe
  2⤵
  PID:600
- C:\Windows\System\OGBmMMp.exe
  C:\Windows\System\OGBmMMp.exe
  2⤵
  PID:2016
- C:\Windows\System\WgMswbV.exe
  C:\Windows\System\WgMswbV.exe
  2⤵
  PID:1936
- C:\Windows\System\ArItnMC.exe
  C:\Windows\System\ArItnMC.exe
  2⤵
  PID:684
- C:\Windows\System\dZxIFwC.exe
  C:\Windows\System\dZxIFwC.exe
  2⤵
  PID:2080
- C:\Windows\System\YBtWqfO.exe
  C:\Windows\System\YBtWqfO.exe
  2⤵
  PID:1672
- C:\Windows\System\ZMkYXBJ.exe
  C:\Windows\System\ZMkYXBJ.exe
  2⤵
  PID:2292
- C:\Windows\System\YdlJKeZ.exe
  C:\Windows\System\YdlJKeZ.exe
  2⤵
  PID:2948
- C:\Windows\System\aYpifvX.exe
  C:\Windows\System\aYpifvX.exe
  2⤵
  PID:1496
- C:\Windows\System\SVrNNBK.exe
  C:\Windows\System\SVrNNBK.exe
  2⤵
  PID:2784
- C:\Windows\System\CUzJBfC.exe
  C:\Windows\System\CUzJBfC.exe
  2⤵
  PID:884
- C:\Windows\System\DAaopIY.exe
  C:\Windows\System\DAaopIY.exe
  2⤵
  PID:1636
- C:\Windows\System\NPJIYGc.exe
  C:\Windows\System\NPJIYGc.exe
  2⤵
  PID:1868
- C:\Windows\System\ElwYzgq.exe
  C:\Windows\System\ElwYzgq.exe
  2⤵
  PID:2740
- C:\Windows\System\wyOogfr.exe
  C:\Windows\System\wyOogfr.exe
  2⤵
  PID:2412
- C:\Windows\System\KOqECWm.exe
  C:\Windows\System\KOqECWm.exe
  2⤵
  PID:2836
- C:\Windows\System\kXgEtLo.exe
  C:\Windows\System\kXgEtLo.exe
  2⤵
  PID:828
- C:\Windows\System\uCzmxfu.exe
  C:\Windows\System\uCzmxfu.exe
  2⤵
  PID:1784
- C:\Windows\System\EXzejob.exe
  C:\Windows\System\EXzejob.exe
  2⤵
  PID:2648
- C:\Windows\System\UmcjPla.exe
  C:\Windows\System\UmcjPla.exe
  2⤵
  PID:444
- C:\Windows\System\ivljerj.exe
  C:\Windows\System\ivljerj.exe
  2⤵
  PID:1164
- C:\Windows\System\dPmADhq.exe
  C:\Windows\System\dPmADhq.exe
  2⤵
  PID:2012
- C:\Windows\System\RVemIID.exe
  C:\Windows\System\RVemIID.exe
  2⤵
  PID:2940
- C:\Windows\System\fMXiHlr.exe
  C:\Windows\System\fMXiHlr.exe
  2⤵
  PID:1544
- C:\Windows\System\zykjIXS.exe
  C:\Windows\System\zykjIXS.exe
  2⤵
  PID:2744
- C:\Windows\System\Vwwkhem.exe
  C:\Windows\System\Vwwkhem.exe
  2⤵
  PID:2848
- C:\Windows\System\oZILJLM.exe
  C:\Windows\System\oZILJLM.exe
  2⤵
  PID:2944
- C:\Windows\System\ZJJiMoK.exe
  C:\Windows\System\ZJJiMoK.exe
  2⤵
  PID:2260
- C:\Windows\System\NBCZbjz.exe
  C:\Windows\System\NBCZbjz.exe
  2⤵
  PID:772
- C:\Windows\System\ezigpoB.exe
  C:\Windows\System\ezigpoB.exe
  2⤵
  PID:2440
- C:\Windows\System\liXsyXC.exe
  C:\Windows\System\liXsyXC.exe
  2⤵
  PID:1560
- C:\Windows\System\RdnowyE.exe
  C:\Windows\System\RdnowyE.exe
  2⤵
  PID:2348
- C:\Windows\System\eCGHYYG.exe
  C:\Windows\System\eCGHYYG.exe
  2⤵
  PID:2752
- C:\Windows\System\WevjlDV.exe
  C:\Windows\System\WevjlDV.exe
  2⤵
  PID:2780
- C:\Windows\System\YlAcxEf.exe
  C:\Windows\System\YlAcxEf.exe
  2⤵
  PID:3084
- C:\Windows\System\NfqZRud.exe
  C:\Windows\System\NfqZRud.exe
  2⤵
  PID:3104
- C:\Windows\System\fBuWWnF.exe
  C:\Windows\System\fBuWWnF.exe
  2⤵
  PID:3124
- C:\Windows\System\evBZifh.exe
  C:\Windows\System\evBZifh.exe
  2⤵
  PID:3144
- C:\Windows\System\lALPTSh.exe
  C:\Windows\System\lALPTSh.exe
  2⤵
  PID:3160
- C:\Windows\System\YPgIvcw.exe
  C:\Windows\System\YPgIvcw.exe
  2⤵
  PID:3184
- C:\Windows\System\IxtCdKh.exe
  C:\Windows\System\IxtCdKh.exe
  2⤵
  PID:3204
- C:\Windows\System\cpdccuw.exe
  C:\Windows\System\cpdccuw.exe
  2⤵
  PID:3224
- C:\Windows\System\eItgcyM.exe
  C:\Windows\System\eItgcyM.exe
  2⤵
  PID:3244
- C:\Windows\System\vDJXAqw.exe
  C:\Windows\System\vDJXAqw.exe
  2⤵
  PID:3264
- C:\Windows\System\eQBXVpA.exe
  C:\Windows\System\eQBXVpA.exe
  2⤵
  PID:3284
- C:\Windows\System\NGcrFTJ.exe
  C:\Windows\System\NGcrFTJ.exe
  2⤵
  PID:3304
- C:\Windows\System\DgJzBXn.exe
  C:\Windows\System\DgJzBXn.exe
  2⤵
  PID:3324
- C:\Windows\System\hiEIOne.exe
  C:\Windows\System\hiEIOne.exe
  2⤵
  PID:3344
- C:\Windows\System\ZbCnYdc.exe
  C:\Windows\System\ZbCnYdc.exe
  2⤵
  PID:3360
- C:\Windows\System\BliINyj.exe
  C:\Windows\System\BliINyj.exe
  2⤵
  PID:3384
- C:\Windows\System\dzgPjtR.exe
  C:\Windows\System\dzgPjtR.exe
  2⤵
  PID:3400
- C:\Windows\System\LNweHOu.exe
  C:\Windows\System\LNweHOu.exe
  2⤵
  PID:3424
- C:\Windows\System\YeUJIdo.exe
  C:\Windows\System\YeUJIdo.exe
  2⤵
  PID:3444
- C:\Windows\System\uuOZgCw.exe
  C:\Windows\System\uuOZgCw.exe
  2⤵
  PID:3460
- C:\Windows\System\ooVkAFO.exe
  C:\Windows\System\ooVkAFO.exe
  2⤵
  PID:3480
- C:\Windows\System\LbgroXv.exe
  C:\Windows\System\LbgroXv.exe
  2⤵
  PID:3508
- C:\Windows\System\UjUbXil.exe
  C:\Windows\System\UjUbXil.exe
  2⤵
  PID:3532
- C:\Windows\System\gQNBGEe.exe
  C:\Windows\System\gQNBGEe.exe
  2⤵
  PID:3552
- C:\Windows\System\cokXplz.exe
  C:\Windows\System\cokXplz.exe
  2⤵
  PID:3568
- C:\Windows\System\EvDfTIV.exe
  C:\Windows\System\EvDfTIV.exe
  2⤵
  PID:3592
- C:\Windows\System\TIJrBry.exe
  C:\Windows\System\TIJrBry.exe
  2⤵
  PID:3608
- C:\Windows\System\IMmvguT.exe
  C:\Windows\System\IMmvguT.exe
  2⤵
  PID:3632
- C:\Windows\System\LwRPKkk.exe
  C:\Windows\System\LwRPKkk.exe
  2⤵
  PID:3652
- C:\Windows\System\UYrEhax.exe
  C:\Windows\System\UYrEhax.exe
  2⤵
  PID:3672
- C:\Windows\System\JIvRbkV.exe
  C:\Windows\System\JIvRbkV.exe
  2⤵
  PID:3692
- C:\Windows\System\tacoGjv.exe
  C:\Windows\System\tacoGjv.exe
  2⤵
  PID:3712
- C:\Windows\System\DwmJdMd.exe
  C:\Windows\System\DwmJdMd.exe
  2⤵
  PID:3732
- C:\Windows\System\UYSGTyF.exe
  C:\Windows\System\UYSGTyF.exe
  2⤵
  PID:3752
- C:\Windows\System\OFAiPiI.exe
  C:\Windows\System\OFAiPiI.exe
  2⤵
  PID:3768
- C:\Windows\System\MNggBbm.exe
  C:\Windows\System\MNggBbm.exe
  2⤵
  PID:3792
- C:\Windows\System\msYepOG.exe
  C:\Windows\System\msYepOG.exe
  2⤵
  PID:3808
- C:\Windows\System\CnajAfs.exe
  C:\Windows\System\CnajAfs.exe
  2⤵
  PID:3832
- C:\Windows\System\mouLWCo.exe
  C:\Windows\System\mouLWCo.exe
  2⤵
  PID:3852
- C:\Windows\System\xDuwMVU.exe
  C:\Windows\System\xDuwMVU.exe
  2⤵
  PID:3872
- C:\Windows\System\pqyAtTg.exe
  C:\Windows\System\pqyAtTg.exe
  2⤵
  PID:3892
- C:\Windows\System\YqCRTsU.exe
  C:\Windows\System\YqCRTsU.exe
  2⤵
  PID:3912
- C:\Windows\System\eKQCvwW.exe
  C:\Windows\System\eKQCvwW.exe
  2⤵
  PID:3932
- C:\Windows\System\YgtfGDX.exe
  C:\Windows\System\YgtfGDX.exe
  2⤵
  PID:3952
- C:\Windows\System\OWtYMAL.exe
  C:\Windows\System\OWtYMAL.exe
  2⤵
  PID:3968
- C:\Windows\System\KSRvTUX.exe
  C:\Windows\System\KSRvTUX.exe
  2⤵
  PID:3992
- C:\Windows\System\bCSKoit.exe
  C:\Windows\System\bCSKoit.exe
  2⤵
  PID:4008
- C:\Windows\System\MrJUJUT.exe
  C:\Windows\System\MrJUJUT.exe
  2⤵
  PID:4032
- C:\Windows\System\pggUpzd.exe
  C:\Windows\System\pggUpzd.exe
  2⤵
  PID:4052
- C:\Windows\System\JcvgygN.exe
  C:\Windows\System\JcvgygN.exe
  2⤵
  PID:4072
- C:\Windows\System\pOXJRCg.exe
  C:\Windows\System\pOXJRCg.exe
  2⤵
  PID:4092
- C:\Windows\System\aAHXCym.exe
  C:\Windows\System\aAHXCym.exe
  2⤵
  PID:3024
- C:\Windows\System\WxijhpX.exe
  C:\Windows\System\WxijhpX.exe
  2⤵
  PID:3016
- C:\Windows\System\XxOOMBj.exe
  C:\Windows\System\XxOOMBj.exe
  2⤵
  PID:1460
- C:\Windows\System\FwPcMpU.exe
  C:\Windows\System\FwPcMpU.exe
  2⤵
  PID:2952
- C:\Windows\System\gszJPVS.exe
  C:\Windows\System\gszJPVS.exe
  2⤵
  PID:3076
- C:\Windows\System\SHyuqEC.exe
  C:\Windows\System\SHyuqEC.exe
  2⤵
  PID:3140
- C:\Windows\System\KTRusMu.exe
  C:\Windows\System\KTRusMu.exe
  2⤵
  PID:3172
- C:\Windows\System\CKYEfbc.exe
  C:\Windows\System\CKYEfbc.exe
  2⤵
  PID:3212
- C:\Windows\System\AnNDRwv.exe
  C:\Windows\System\AnNDRwv.exe
  2⤵
  PID:3200
- C:\Windows\System\fZGSIog.exe
  C:\Windows\System\fZGSIog.exe
  2⤵
  PID:3232
- C:\Windows\System\OMXJozc.exe
  C:\Windows\System\OMXJozc.exe
  2⤵
  PID:3296
- C:\Windows\System\zRXHFoO.exe
  C:\Windows\System\zRXHFoO.exe
  2⤵
  PID:3340
- C:\Windows\System\OXHgBcL.exe
  C:\Windows\System\OXHgBcL.exe
  2⤵
  PID:3380
- C:\Windows\System\uJEwPfK.exe
  C:\Windows\System\uJEwPfK.exe
  2⤵
  PID:3312
- C:\Windows\System\RHYdCAR.exe
  C:\Windows\System\RHYdCAR.exe
  2⤵
  PID:3412
- C:\Windows\System\TnQVstI.exe
  C:\Windows\System\TnQVstI.exe
  2⤵
  PID:3436
- C:\Windows\System\ajpSafj.exe
  C:\Windows\System\ajpSafj.exe
  2⤵
  PID:3492
- C:\Windows\System\sSymTKC.exe
  C:\Windows\System\sSymTKC.exe
  2⤵
  PID:3544
- C:\Windows\System\LSjlKmJ.exe
  C:\Windows\System\LSjlKmJ.exe
  2⤵
  PID:3528
- C:\Windows\System\hXgLrUe.exe
  C:\Windows\System\hXgLrUe.exe
  2⤵
  PID:2652
- C:\Windows\System\KiutzSO.exe
  C:\Windows\System\KiutzSO.exe
  2⤵
  PID:3620
- C:\Windows\System\swQEoxm.exe
  C:\Windows\System\swQEoxm.exe
  2⤵
  PID:3700
- C:\Windows\System\uDAHRAg.exe
  C:\Windows\System\uDAHRAg.exe
  2⤵
  PID:3680
- C:\Windows\System\gEZViZJ.exe
  C:\Windows\System\gEZViZJ.exe
  2⤵
  PID:3740
- C:\Windows\System\bufWMwl.exe
  C:\Windows\System\bufWMwl.exe
  2⤵
  PID:976
- C:\Windows\System\ZUdVGah.exe
  C:\Windows\System\ZUdVGah.exe
  2⤵
  PID:3764
- C:\Windows\System\RNPJUVj.exe
  C:\Windows\System\RNPJUVj.exe
  2⤵
  PID:3800
- C:\Windows\System\rfcrFSH.exe
  C:\Windows\System\rfcrFSH.exe
  2⤵
  PID:3860
- C:\Windows\System\UoGmHdD.exe
  C:\Windows\System\UoGmHdD.exe
  2⤵
  PID:3900
- C:\Windows\System\ThDUACy.exe
  C:\Windows\System\ThDUACy.exe
  2⤵
  PID:3888
- C:\Windows\System\YvfZoqa.exe
  C:\Windows\System\YvfZoqa.exe
  2⤵
  PID:3944
- C:\Windows\System\uMFtnkN.exe
  C:\Windows\System\uMFtnkN.exe
  2⤵
  PID:3980
- C:\Windows\System\oPfqoky.exe
  C:\Windows\System\oPfqoky.exe
  2⤵
  PID:4020
- C:\Windows\System\HFkVzpp.exe
  C:\Windows\System\HFkVzpp.exe
  2⤵
  PID:1304
- C:\Windows\System\wOlTgNB.exe
  C:\Windows\System\wOlTgNB.exe
  2⤵
  PID:2340
- C:\Windows\System\kPVYWLC.exe
  C:\Windows\System\kPVYWLC.exe
  2⤵
  PID:4084
- C:\Windows\System\GjHzkLT.exe
  C:\Windows\System\GjHzkLT.exe
  2⤵
  PID:2992
- C:\Windows\System\NROzmOa.exe
  C:\Windows\System\NROzmOa.exe
  2⤵
  PID:1348
- C:\Windows\System\AHXjrPU.exe
  C:\Windows\System\AHXjrPU.exe
  2⤵
  PID:3120
- C:\Windows\System\JpVhMtx.exe
  C:\Windows\System\JpVhMtx.exe
  2⤵
  PID:3136
- C:\Windows\System\zdYrkCc.exe
  C:\Windows\System\zdYrkCc.exe
  2⤵
  PID:3152
- C:\Windows\System\YQZXROf.exe
  C:\Windows\System\YQZXROf.exe
  2⤵
  PID:3256
- C:\Windows\System\kBXPmjl.exe
  C:\Windows\System\kBXPmjl.exe
  2⤵
  PID:3368
- C:\Windows\System\CuIgpoJ.exe
  C:\Windows\System\CuIgpoJ.exe
  2⤵
  PID:3280
- C:\Windows\System\SAtcRiH.exe
  C:\Windows\System\SAtcRiH.exe
  2⤵
  PID:3488
- C:\Windows\System\eFLFFpi.exe
  C:\Windows\System\eFLFFpi.exe
  2⤵
  PID:3520
- C:\Windows\System\VsQUpxy.exe
  C:\Windows\System\VsQUpxy.exe
  2⤵
  PID:3432
- C:\Windows\System\JVyvtMo.exe
  C:\Windows\System\JVyvtMo.exe
  2⤵
  PID:3584
- C:\Windows\System\hgBAqoC.exe
  C:\Windows\System\hgBAqoC.exe
  2⤵
  PID:3644
- C:\Windows\System\vIJFhUi.exe
  C:\Windows\System\vIJFhUi.exe
  2⤵
  PID:3724
- C:\Windows\System\jOGHqGI.exe
  C:\Windows\System\jOGHqGI.exe
  2⤵
  PID:3688
- C:\Windows\System\WjHjIQl.exe
  C:\Windows\System\WjHjIQl.exe
  2⤵
  PID:3864
- C:\Windows\System\munKfqC.exe
  C:\Windows\System\munKfqC.exe
  2⤵
  PID:3504
- C:\Windows\System\eFJVAGK.exe
  C:\Windows\System\eFJVAGK.exe
  2⤵
  PID:3948
- C:\Windows\System\JoYOjZE.exe
  C:\Windows\System\JoYOjZE.exe
  2⤵
  PID:3988
- C:\Windows\System\NXSfuGV.exe
  C:\Windows\System\NXSfuGV.exe
  2⤵
  PID:4064
- C:\Windows\System\QtXyIqT.exe
  C:\Windows\System\QtXyIqT.exe
  2⤵
  PID:4080
- C:\Windows\System\oOiFfkR.exe
  C:\Windows\System\oOiFfkR.exe
  2⤵
  PID:3100
- C:\Windows\System\xYPZMKs.exe
  C:\Windows\System\xYPZMKs.exe
  2⤵
  PID:3156
- C:\Windows\System\FtkImgS.exe
  C:\Windows\System\FtkImgS.exe
  2⤵
  PID:3096
- C:\Windows\System\NPrhVlt.exe
  C:\Windows\System\NPrhVlt.exe
  2⤵
  PID:3320
- C:\Windows\System\jClcXGh.exe
  C:\Windows\System\jClcXGh.exe
  2⤵
  PID:1844
- C:\Windows\System\zdvqYpq.exe
  C:\Windows\System\zdvqYpq.exe
  2⤵
  PID:3408
- C:\Windows\System\LAotbIJ.exe
  C:\Windows\System\LAotbIJ.exe
  2⤵
  PID:3276
- C:\Windows\System\IwRXPld.exe
  C:\Windows\System\IwRXPld.exe
  2⤵
  PID:3548
- C:\Windows\System\zNQZjMy.exe
  C:\Windows\System\zNQZjMy.exe
  2⤵
  PID:3476
- C:\Windows\System\hwQFqhL.exe
  C:\Windows\System\hwQFqhL.exe
  2⤵
  PID:3728
- C:\Windows\System\CBrLiVu.exe
  C:\Windows\System\CBrLiVu.exe
  2⤵
  PID:3780
- C:\Windows\System\VyxYBVc.exe
  C:\Windows\System\VyxYBVc.exe
  2⤵
  PID:3904
- C:\Windows\System\RGcXecm.exe
  C:\Windows\System\RGcXecm.exe
  2⤵
  PID:3928
- C:\Windows\System\gJTSHZo.exe
  C:\Windows\System\gJTSHZo.exe
  2⤵
  PID:1516
- C:\Windows\System\oUiJUbd.exe
  C:\Windows\System\oUiJUbd.exe
  2⤵
  PID:1404
- C:\Windows\System\CnGkkiY.exe
  C:\Windows\System\CnGkkiY.exe
  2⤵
  PID:2580
- C:\Windows\System\AcuJAKI.exe
  C:\Windows\System\AcuJAKI.exe
  2⤵
  PID:3352
- C:\Windows\System\dAGZdUF.exe
  C:\Windows\System\dAGZdUF.exe
  2⤵
  PID:3920
- C:\Windows\System\NfFHkQs.exe
  C:\Windows\System\NfFHkQs.exe
  2⤵
  PID:3828
- C:\Windows\System\ZKPkxcJ.exe
  C:\Windows\System\ZKPkxcJ.exe
  2⤵
  PID:3788
- C:\Windows\System\GreIayS.exe
  C:\Windows\System\GreIayS.exe
  2⤵
  PID:4016
- C:\Windows\System\WrHthUI.exe
  C:\Windows\System\WrHthUI.exe
  2⤵
  PID:3884
- C:\Windows\System\RnhoiOV.exe
  C:\Windows\System\RnhoiOV.exe
  2⤵
  PID:1020
- C:\Windows\System\HSOUBqQ.exe
  C:\Windows\System\HSOUBqQ.exe
  2⤵
  PID:2712
- C:\Windows\System\DLWtmsa.exe
  C:\Windows\System\DLWtmsa.exe
  2⤵
  PID:3420
- C:\Windows\System\JfJBuoo.exe
  C:\Windows\System\JfJBuoo.exe
  2⤵
  PID:4108
- C:\Windows\System\XUQwgUe.exe
  C:\Windows\System\XUQwgUe.exe
  2⤵
  PID:4128
- C:\Windows\System\FAfDiDp.exe
  C:\Windows\System\FAfDiDp.exe
  2⤵
  PID:4148
- C:\Windows\System\MqqXXVp.exe
  C:\Windows\System\MqqXXVp.exe
  2⤵
  PID:4164
- C:\Windows\System\SfcZgcE.exe
  C:\Windows\System\SfcZgcE.exe
  2⤵
  PID:4188
- C:\Windows\System\RChAbMv.exe
  C:\Windows\System\RChAbMv.exe
  2⤵
  PID:4208
- C:\Windows\System\JacaZSd.exe
  C:\Windows\System\JacaZSd.exe
  2⤵
  PID:4228
- C:\Windows\System\McCYqCZ.exe
  C:\Windows\System\McCYqCZ.exe
  2⤵
  PID:4244
- C:\Windows\System\bahwZfR.exe
  C:\Windows\System\bahwZfR.exe
  2⤵
  PID:4268
- C:\Windows\System\VuLTckR.exe
  C:\Windows\System\VuLTckR.exe
  2⤵
  PID:4288
- C:\Windows\System\iAROGTL.exe
  C:\Windows\System\iAROGTL.exe
  2⤵
  PID:4308
- C:\Windows\System\Soxwcjg.exe
  C:\Windows\System\Soxwcjg.exe
  2⤵
  PID:4328
- C:\Windows\System\OkDyLQt.exe
  C:\Windows\System\OkDyLQt.exe
  2⤵
  PID:4348
- C:\Windows\System\vMefSSP.exe
  C:\Windows\System\vMefSSP.exe
  2⤵
  PID:4364
- C:\Windows\System\iXmQiAG.exe
  C:\Windows\System\iXmQiAG.exe
  2⤵
  PID:4388
- C:\Windows\System\uHIwlnQ.exe
  C:\Windows\System\uHIwlnQ.exe
  2⤵
  PID:4404
- C:\Windows\System\HKZWonk.exe
  C:\Windows\System\HKZWonk.exe
  2⤵
  PID:4428
- C:\Windows\System\QOsnnaf.exe
  C:\Windows\System\QOsnnaf.exe
  2⤵
  PID:4448
- C:\Windows\System\OodDSeu.exe
  C:\Windows\System\OodDSeu.exe
  2⤵
  PID:4468
- C:\Windows\System\PnIybOf.exe
  C:\Windows\System\PnIybOf.exe
  2⤵
  PID:4488
- C:\Windows\System\znzYJXq.exe
  C:\Windows\System\znzYJXq.exe
  2⤵
  PID:4508
- C:\Windows\System\YhUWbnd.exe
  C:\Windows\System\YhUWbnd.exe
  2⤵
  PID:4528
- C:\Windows\System\HjzLxXN.exe
  C:\Windows\System\HjzLxXN.exe
  2⤵
  PID:4548
- C:\Windows\System\pKNEuFK.exe
  C:\Windows\System\pKNEuFK.exe
  2⤵
  PID:4568
- C:\Windows\System\CUSMuzz.exe
  C:\Windows\System\CUSMuzz.exe
  2⤵
  PID:4588
- C:\Windows\System\ocnOqNB.exe
  C:\Windows\System\ocnOqNB.exe
  2⤵
  PID:4604
- C:\Windows\System\qIezXkc.exe
  C:\Windows\System\qIezXkc.exe
  2⤵
  PID:4628
- C:\Windows\System\bsCYiyo.exe
  C:\Windows\System\bsCYiyo.exe
  2⤵
  PID:4644
- C:\Windows\System\VYInJez.exe
  C:\Windows\System\VYInJez.exe
  2⤵
  PID:4672
- C:\Windows\System\XIHjqdx.exe
  C:\Windows\System\XIHjqdx.exe
  2⤵
  PID:4688
- C:\Windows\System\SAjcufk.exe
  C:\Windows\System\SAjcufk.exe
  2⤵
  PID:4712
- C:\Windows\System\wDXVjdK.exe
  C:\Windows\System\wDXVjdK.exe
  2⤵
  PID:4728
- C:\Windows\System\yQKaESN.exe
  C:\Windows\System\yQKaESN.exe
  2⤵
  PID:4752
- C:\Windows\System\JaKtYng.exe
  C:\Windows\System\JaKtYng.exe
  2⤵
  PID:4768
- C:\Windows\System\gfDGihq.exe
  C:\Windows\System\gfDGihq.exe
  2⤵
  PID:4792
- C:\Windows\System\yJrRUhO.exe
  C:\Windows\System\yJrRUhO.exe
  2⤵
  PID:4808
- C:\Windows\System\PiaIhAz.exe
  C:\Windows\System\PiaIhAz.exe
  2⤵
  PID:4832
- C:\Windows\System\uBreNna.exe
  C:\Windows\System\uBreNna.exe
  2⤵
  PID:4852
- C:\Windows\System\gruqMYK.exe
  C:\Windows\System\gruqMYK.exe
  2⤵
  PID:4872
- C:\Windows\System\fqDSvEA.exe
  C:\Windows\System\fqDSvEA.exe
  2⤵
  PID:4892
- C:\Windows\System\mHNSdUL.exe
  C:\Windows\System\mHNSdUL.exe
  2⤵
  PID:4912
- C:\Windows\System\IgoHOnx.exe
  C:\Windows\System\IgoHOnx.exe
  2⤵
  PID:4932
- C:\Windows\System\osIBudQ.exe
  C:\Windows\System\osIBudQ.exe
  2⤵
  PID:4952
- C:\Windows\System\cDhMCMZ.exe
  C:\Windows\System\cDhMCMZ.exe
  2⤵
  PID:4972
- C:\Windows\System\MWMlsnz.exe
  C:\Windows\System\MWMlsnz.exe
  2⤵
  PID:4992
- C:\Windows\System\vvTgKqz.exe
  C:\Windows\System\vvTgKqz.exe
  2⤵
  PID:5012
- C:\Windows\System\uAAfCxQ.exe
  C:\Windows\System\uAAfCxQ.exe
  2⤵
  PID:5032
- C:\Windows\System\wAnscpk.exe
  C:\Windows\System\wAnscpk.exe
  2⤵
  PID:5052
- C:\Windows\System\WpGfQgQ.exe
  C:\Windows\System\WpGfQgQ.exe
  2⤵
  PID:5072
- C:\Windows\System\EmMdeGu.exe
  C:\Windows\System\EmMdeGu.exe
  2⤵
  PID:5092
- C:\Windows\System\pBblbnX.exe
  C:\Windows\System\pBblbnX.exe
  2⤵
  PID:5112
- C:\Windows\System\DbJrncr.exe
  C:\Windows\System\DbJrncr.exe
  2⤵
  PID:3332
- C:\Windows\System\hbmHEEe.exe
  C:\Windows\System\hbmHEEe.exe
  2⤵
  PID:1668
- C:\Windows\System\RQTdhqk.exe
  C:\Windows\System\RQTdhqk.exe
  2⤵
  PID:3848
- C:\Windows\System\QKfFsCL.exe
  C:\Windows\System\QKfFsCL.exe
  2⤵
  PID:3260
- C:\Windows\System\pyjlSPI.exe
  C:\Windows\System\pyjlSPI.exe
  2⤵
  PID:3468
- C:\Windows\System\XapLpRH.exe
  C:\Windows\System\XapLpRH.exe
  2⤵
  PID:4140
- C:\Windows\System\uhQYavS.exe
  C:\Windows\System\uhQYavS.exe
  2⤵
  PID:4120
- C:\Windows\System\lihGOAc.exe
  C:\Windows\System\lihGOAc.exe
  2⤵
  PID:4184
- C:\Windows\System\wbkCxor.exe
  C:\Windows\System\wbkCxor.exe
  2⤵
  PID:4204
- C:\Windows\System\yrzueCD.exe
  C:\Windows\System\yrzueCD.exe
  2⤵
  PID:4264
- C:\Windows\System\OEiQHDe.exe
  C:\Windows\System\OEiQHDe.exe
  2⤵
  PID:4304
- C:\Windows\System\MVIuhZU.exe
  C:\Windows\System\MVIuhZU.exe
  2⤵
  PID:4336
- C:\Windows\System\CkjpHTB.exe
  C:\Windows\System\CkjpHTB.exe
  2⤵
  PID:4372
- C:\Windows\System\xpOQSZI.exe
  C:\Windows\System\xpOQSZI.exe
  2⤵
  PID:4376
- C:\Windows\System\JRWWzay.exe
  C:\Windows\System\JRWWzay.exe
  2⤵
  PID:4356
- C:\Windows\System\DMzRNmd.exe
  C:\Windows\System\DMzRNmd.exe
  2⤵
  PID:4400
- C:\Windows\System\vGAcnbi.exe
  C:\Windows\System\vGAcnbi.exe
  2⤵
  PID:4460
- C:\Windows\System\ZWVPBaq.exe
  C:\Windows\System\ZWVPBaq.exe
  2⤵
  PID:4480
- C:\Windows\System\PZrXoLC.exe
  C:\Windows\System\PZrXoLC.exe
  2⤵
  PID:4520
- C:\Windows\System\rNuGUnD.exe
  C:\Windows\System\rNuGUnD.exe
  2⤵
  PID:4580
- C:\Windows\System\ePhYDTV.exe
  C:\Windows\System\ePhYDTV.exe
  2⤵
  PID:4556
- C:\Windows\System\eszCSBQ.exe
  C:\Windows\System\eszCSBQ.exe
  2⤵
  PID:4668
- C:\Windows\System\IhwEZMS.exe
  C:\Windows\System\IhwEZMS.exe
  2⤵
  PID:4700
- C:\Windows\System\uSnJsZJ.exe
  C:\Windows\System\uSnJsZJ.exe
  2⤵
  PID:4744
- C:\Windows\System\clXvBbQ.exe
  C:\Windows\System\clXvBbQ.exe
  2⤵
  PID:1540
- C:\Windows\System\HwFjjff.exe
  C:\Windows\System\HwFjjff.exe
  2⤵
  PID:4724
- C:\Windows\System\WyVHpQB.exe
  C:\Windows\System\WyVHpQB.exe
  2⤵
  PID:4780
- C:\Windows\System\vLdTWtS.exe
  C:\Windows\System\vLdTWtS.exe
  2⤵
  PID:4764
- C:\Windows\System\VMRPEDy.exe
  C:\Windows\System\VMRPEDy.exe
  2⤵
  PID:4860
- C:\Windows\System\xTTHgoM.exe
  C:\Windows\System\xTTHgoM.exe
  2⤵
  PID:1688
- C:\Windows\System\wJYeHaj.exe
  C:\Windows\System\wJYeHaj.exe
  2⤵
  PID:4844
- C:\Windows\System\dCGSkll.exe
  C:\Windows\System\dCGSkll.exe
  2⤵
  PID:4948
- C:\Windows\System\YzobYxM.exe
  C:\Windows\System\YzobYxM.exe
  2⤵
  PID:4920
- C:\Windows\System\WmAZxlH.exe
  C:\Windows\System\WmAZxlH.exe
  2⤵
  PID:4928
- C:\Windows\System\OpnxOce.exe
  C:\Windows\System\OpnxOce.exe
  2⤵
  PID:5020
- C:\Windows\System\AErFtxE.exe
  C:\Windows\System\AErFtxE.exe
  2⤵
  PID:5004
- C:\Windows\System\nBzmqKD.exe
  C:\Windows\System\nBzmqKD.exe
  2⤵
  PID:5040
- C:\Windows\System\fxIDiop.exe
  C:\Windows\System\fxIDiop.exe
  2⤵
  PID:2576
- C:\Windows\System\VmiecUV.exe
  C:\Windows\System\VmiecUV.exe
  2⤵
  PID:5084
- C:\Windows\System\PVmRmOC.exe
  C:\Windows\System\PVmRmOC.exe
  2⤵
  PID:1068
- C:\Windows\System\mYCZXmc.exe
  C:\Windows\System\mYCZXmc.exe
  2⤵
  PID:3600
- C:\Windows\System\OIZmvQH.exe
  C:\Windows\System\OIZmvQH.exe
  2⤵
  PID:664
- C:\Windows\System\CgflYlP.exe
  C:\Windows\System\CgflYlP.exe
  2⤵
  PID:4144
- C:\Windows\System\ynaQXIu.exe
  C:\Windows\System\ynaQXIu.exe
  2⤵
  PID:4172
- C:\Windows\System\xqbpPDo.exe
  C:\Windows\System\xqbpPDo.exe
  2⤵
  PID:4160
- C:\Windows\System\DfsUGhT.exe
  C:\Windows\System\DfsUGhT.exe
  2⤵
  PID:584
- C:\Windows\System\NNKryTn.exe
  C:\Windows\System\NNKryTn.exe
  2⤵
  PID:4252
- C:\Windows\System\liXxaRb.exe
  C:\Windows\System\liXxaRb.exe
  2⤵
  PID:4284
- C:\Windows\System\DMNscUj.exe
  C:\Windows\System\DMNscUj.exe
  2⤵
  PID:4384
- C:\Windows\System\EzqGFBt.exe
  C:\Windows\System\EzqGFBt.exe
  2⤵
  PID:4476
- C:\Windows\System\yNTsUor.exe
  C:\Windows\System\yNTsUor.exe
  2⤵
  PID:4440
- C:\Windows\System\wISeeHU.exe
  C:\Windows\System\wISeeHU.exe
  2⤵
  PID:4524
- C:\Windows\System\BRaAaLN.exe
  C:\Windows\System\BRaAaLN.exe
  2⤵
  PID:4544
- C:\Windows\System\dUStrpq.exe
  C:\Windows\System\dUStrpq.exe
  2⤵
  PID:4736
- C:\Windows\System\qTxfcHo.exe
  C:\Windows\System\qTxfcHo.exe
  2⤵
  PID:4704
- C:\Windows\System\NeDDeVd.exe
  C:\Windows\System\NeDDeVd.exe
  2⤵
  PID:4640
- C:\Windows\System\HkIOdTz.exe
  C:\Windows\System\HkIOdTz.exe
  2⤵
  PID:2500
- C:\Windows\System\SPuEqrC.exe
  C:\Windows\System\SPuEqrC.exe
  2⤵
  PID:4828
- C:\Windows\System\lXaGJge.exe
  C:\Windows\System\lXaGJge.exe
  2⤵
  PID:4804
- C:\Windows\System\DkBojDt.exe
  C:\Windows\System\DkBojDt.exe
  2⤵
  PID:4904
- C:\Windows\System\dfyvifJ.exe
  C:\Windows\System\dfyvifJ.exe
  2⤵
  PID:4908
- C:\Windows\System\kLSomvn.exe
  C:\Windows\System\kLSomvn.exe
  2⤵
  PID:4924
- C:\Windows\System\Cfzppxy.exe
  C:\Windows\System\Cfzppxy.exe
  2⤵
  PID:4880
- C:\Windows\System\qCHGZiD.exe
  C:\Windows\System\qCHGZiD.exe
  2⤵
  PID:2284
- C:\Windows\System\zilqUvy.exe
  C:\Windows\System\zilqUvy.exe
  2⤵
  PID:5024
- C:\Windows\System\OIWNvhz.exe
  C:\Windows\System\OIWNvhz.exe
  2⤵
  PID:5068
- C:\Windows\System\AxfzzNs.exe
  C:\Windows\System\AxfzzNs.exe
  2⤵
  PID:5064
- C:\Windows\System\Ghyarcv.exe
  C:\Windows\System\Ghyarcv.exe
  2⤵
  PID:5088
- C:\Windows\System\TNdxmAL.exe
  C:\Windows\System\TNdxmAL.exe
  2⤵
  PID:1964
- C:\Windows\System\ahSgddO.exe
  C:\Windows\System\ahSgddO.exe
  2⤵
  PID:3196
- C:\Windows\System\kmRmZDu.exe
  C:\Windows\System\kmRmZDu.exe
  2⤵
  PID:952
- C:\Windows\System\ggujiwZ.exe
  C:\Windows\System\ggujiwZ.exe
  2⤵
  PID:956
- C:\Windows\System\NAwqzzF.exe
  C:\Windows\System\NAwqzzF.exe
  2⤵
  PID:2256
- C:\Windows\System\jKVTdRI.exe
  C:\Windows\System\jKVTdRI.exe
  2⤵
  PID:3668
- C:\Windows\System\EHugZgV.exe
  C:\Windows\System\EHugZgV.exe
  2⤵
  PID:4176
- C:\Windows\System\dgodUPL.exe
  C:\Windows\System\dgodUPL.exe
  2⤵
  PID:4280
- C:\Windows\System\ttxlTIT.exe
  C:\Windows\System\ttxlTIT.exe
  2⤵
  PID:4220
- C:\Windows\System\jlSdHCk.exe
  C:\Windows\System\jlSdHCk.exe
  2⤵
  PID:4420
- C:\Windows\System\zWMxous.exe
  C:\Windows\System\zWMxous.exe
  2⤵
  PID:4564
- C:\Windows\System\XRShoOD.exe
  C:\Windows\System\XRShoOD.exe
  2⤵
  PID:4696
- C:\Windows\System\rLtVHGn.exe
  C:\Windows\System\rLtVHGn.exe
  2⤵
  PID:4784
- C:\Windows\System\MJUmxlk.exe
  C:\Windows\System\MJUmxlk.exe
  2⤵
  PID:2888
- C:\Windows\System\rCxsBWi.exe
  C:\Windows\System\rCxsBWi.exe
  2⤵
  PID:4988
- C:\Windows\System\hIwaJVd.exe
  C:\Windows\System\hIwaJVd.exe
  2⤵
  PID:4196
- C:\Windows\System\EvgIrrn.exe
  C:\Windows\System\EvgIrrn.exe
  2⤵
  PID:4200
- C:\Windows\System\QkvLQqJ.exe
  C:\Windows\System\QkvLQqJ.exe
  2⤵
  PID:4884
- C:\Windows\System\nXxSkZz.exe
  C:\Windows\System\nXxSkZz.exe
  2⤵
  PID:3496
- C:\Windows\System\YJgrTTw.exe
  C:\Windows\System\YJgrTTw.exe
  2⤵
  PID:1588
- C:\Windows\System\oQnQezA.exe
  C:\Windows\System\oQnQezA.exe
  2⤵
  PID:4600
- C:\Windows\System\JZYgigA.exe
  C:\Windows\System\JZYgigA.exe
  2⤵
  PID:4296
- C:\Windows\System\LpraoaV.exe
  C:\Windows\System\LpraoaV.exe
  2⤵
  PID:2008
- C:\Windows\System\ZHSyEcV.exe
  C:\Windows\System\ZHSyEcV.exe
  2⤵
  PID:4424
- C:\Windows\System\gpbSOEb.exe
  C:\Windows\System\gpbSOEb.exe
  2⤵
  PID:1184
- C:\Windows\System\EKFKcZl.exe
  C:\Windows\System\EKFKcZl.exe
  2⤵
  PID:1244
- C:\Windows\System\AIBNkQe.exe
  C:\Windows\System\AIBNkQe.exe
  2⤵
  PID:2372
- C:\Windows\System\tmWoPTS.exe
  C:\Windows\System\tmWoPTS.exe
  2⤵
  PID:1624
- C:\Windows\System\LVUTJpr.exe
  C:\Windows\System\LVUTJpr.exe
  2⤵
  PID:1864
- C:\Windows\System\aRLnelQ.exe
  C:\Windows\System\aRLnelQ.exe
  2⤵
  PID:4888
- C:\Windows\System\WYUTCpk.exe
  C:\Windows\System\WYUTCpk.exe
  2⤵
  PID:2484
- C:\Windows\System\QJkabOP.exe
  C:\Windows\System\QJkabOP.exe
  2⤵
  PID:1764
- C:\Windows\System\MyxJnNs.exe
  C:\Windows\System\MyxJnNs.exe
  2⤵
  PID:4436
- C:\Windows\System\RHVKzYl.exe
  C:\Windows\System\RHVKzYl.exe
  2⤵
  PID:2456
- C:\Windows\System\zXDiJpf.exe
  C:\Windows\System\zXDiJpf.exe
  2⤵
  PID:4540
- C:\Windows\System\bkhBknp.exe
  C:\Windows\System\bkhBknp.exe
  2⤵
  PID:2936
- C:\Windows\System\UKYlXmx.exe
  C:\Windows\System\UKYlXmx.exe
  2⤵
  PID:4340
- C:\Windows\System\DrDhkYO.exe
  C:\Windows\System\DrDhkYO.exe
  2⤵
  PID:4024
- C:\Windows\System\ceSuGmf.exe
  C:\Windows\System\ceSuGmf.exe
  2⤵
  PID:4652
- C:\Windows\System\blKCrKL.exe
  C:\Windows\System\blKCrKL.exe
  2⤵
  PID:4760
- C:\Windows\System\ylUSGCW.exe
  C:\Windows\System\ylUSGCW.exe
  2⤵
  PID:1296
- C:\Windows\System\VTmhwMT.exe
  C:\Windows\System\VTmhwMT.exe
  2⤵
  PID:5208
- C:\Windows\System\FHYGKBR.exe
  C:\Windows\System\FHYGKBR.exe
  2⤵
  PID:5224
- C:\Windows\System\dWWWJQF.exe
  C:\Windows\System\dWWWJQF.exe
  2⤵
  PID:5248
- C:\Windows\System\SsFesyp.exe
  C:\Windows\System\SsFesyp.exe
  2⤵
  PID:5264
- C:\Windows\System\KsrZsDK.exe
  C:\Windows\System\KsrZsDK.exe
  2⤵
  PID:5280
- C:\Windows\System\EDiMrly.exe
  C:\Windows\System\EDiMrly.exe
  2⤵
  PID:5300
- C:\Windows\System\cJQDHMS.exe
  C:\Windows\System\cJQDHMS.exe
  2⤵
  PID:5320
- C:\Windows\System\IAazjbh.exe
  C:\Windows\System\IAazjbh.exe
  2⤵
  PID:5344
- C:\Windows\System\GKqLgun.exe
  C:\Windows\System\GKqLgun.exe
  2⤵
  PID:5364
- C:\Windows\System\RFHfwNW.exe
  C:\Windows\System\RFHfwNW.exe
  2⤵
  PID:5384
- C:\Windows\System\IKusbwO.exe
  C:\Windows\System\IKusbwO.exe
  2⤵
  PID:5400
- C:\Windows\System\AAOigdS.exe
  C:\Windows\System\AAOigdS.exe
  2⤵
  PID:5416
- C:\Windows\System\YTNsOtZ.exe
  C:\Windows\System\YTNsOtZ.exe
  2⤵
  PID:5436
- C:\Windows\System\RNkrsxP.exe
  C:\Windows\System\RNkrsxP.exe
  2⤵
  PID:5460
- C:\Windows\System\JXONKjS.exe
  C:\Windows\System\JXONKjS.exe
  2⤵
  PID:5476
- C:\Windows\System\ONPTTjW.exe
  C:\Windows\System\ONPTTjW.exe
  2⤵
  PID:5492
- C:\Windows\System\FnOjduD.exe
  C:\Windows\System\FnOjduD.exe
  2⤵
  PID:5520
- C:\Windows\System\QrylhaA.exe
  C:\Windows\System\QrylhaA.exe
  2⤵
  PID:5540
- C:\Windows\System\eZiJcAJ.exe
  C:\Windows\System\eZiJcAJ.exe
  2⤵
  PID:5556
- C:\Windows\System\RPMzhGV.exe
  C:\Windows\System\RPMzhGV.exe
  2⤵
  PID:5576
- C:\Windows\System\sFfTYQb.exe
  C:\Windows\System\sFfTYQb.exe
  2⤵
  PID:5592
- C:\Windows\System\ZwGIAvJ.exe
  C:\Windows\System\ZwGIAvJ.exe
  2⤵
  PID:5608
- C:\Windows\System\AgSdknp.exe
  C:\Windows\System\AgSdknp.exe
  2⤵
  PID:5624
- C:\Windows\System\IKUGEEV.exe
  C:\Windows\System\IKUGEEV.exe
  2⤵
  PID:5640
- C:\Windows\System\Aqzsqte.exe
  C:\Windows\System\Aqzsqte.exe
  2⤵
  PID:5660
- C:\Windows\System\CfusXQy.exe
  C:\Windows\System\CfusXQy.exe
  2⤵
  PID:5704
- C:\Windows\System\ogHHbvH.exe
  C:\Windows\System\ogHHbvH.exe
  2⤵
  PID:5724
- C:\Windows\System\nPEJiss.exe
  C:\Windows\System\nPEJiss.exe
  2⤵
  PID:5744
- C:\Windows\System\sBDVDuJ.exe
  C:\Windows\System\sBDVDuJ.exe
  2⤵
  PID:5760
- C:\Windows\System\VwgyjgZ.exe
  C:\Windows\System\VwgyjgZ.exe
  2⤵
  PID:5780
- C:\Windows\System\iWdVRqV.exe
  C:\Windows\System\iWdVRqV.exe
  2⤵
  PID:5796
- C:\Windows\System\JKUeAyY.exe
  C:\Windows\System\JKUeAyY.exe
  2⤵
  PID:5816
- C:\Windows\System\zuVYzum.exe
  C:\Windows\System\zuVYzum.exe
  2⤵
  PID:5832
- C:\Windows\System\RGgQLnV.exe
  C:\Windows\System\RGgQLnV.exe
  2⤵
  PID:5848
- C:\Windows\System\xwFskdO.exe
  C:\Windows\System\xwFskdO.exe
  2⤵
  PID:5864
- C:\Windows\System\qOhbkcO.exe
  C:\Windows\System\qOhbkcO.exe
  2⤵
  PID:5880
- C:\Windows\System\ckvdimF.exe
  C:\Windows\System\ckvdimF.exe
  2⤵
  PID:5904
- C:\Windows\System\egKIWxX.exe
  C:\Windows\System\egKIWxX.exe
  2⤵
  PID:5920
- C:\Windows\System\kuAQQEK.exe
  C:\Windows\System\kuAQQEK.exe
  2⤵
  PID:5964
- C:\Windows\System\jdpVJMp.exe
  C:\Windows\System\jdpVJMp.exe
  2⤵
  PID:5980
- C:\Windows\System\gFGiNWa.exe
  C:\Windows\System\gFGiNWa.exe
  2⤵
  PID:6004
- C:\Windows\System\yRQZtcj.exe
  C:\Windows\System\yRQZtcj.exe
  2⤵
  PID:6020
- C:\Windows\System\UitPqYc.exe
  C:\Windows\System\UitPqYc.exe
  2⤵
  PID:6048
- C:\Windows\System\ykbsrTZ.exe
  C:\Windows\System\ykbsrTZ.exe
  2⤵
  PID:6064
- C:\Windows\System\vNfyLGV.exe
  C:\Windows\System\vNfyLGV.exe
  2⤵
  PID:6088
- C:\Windows\System\umJErfq.exe
  C:\Windows\System\umJErfq.exe
  2⤵
  PID:6104
- C:\Windows\System\UmoCNoT.exe
  C:\Windows\System\UmoCNoT.exe
  2⤵
  PID:6124
- C:\Windows\System\rJnCOfL.exe
  C:\Windows\System\rJnCOfL.exe
  2⤵
  PID:4536
- C:\Windows\System\KjqVYhI.exe
  C:\Windows\System\KjqVYhI.exe
  2⤵
  PID:5128
- C:\Windows\System\wurqUzQ.exe
  C:\Windows\System\wurqUzQ.exe
  2⤵
  PID:5148
- C:\Windows\System\YjBMJhg.exe
  C:\Windows\System\YjBMJhg.exe
  2⤵
  PID:5172
- C:\Windows\System\EYeBmkH.exe
  C:\Windows\System\EYeBmkH.exe
  2⤵
  PID:5188
- C:\Windows\System\NHuNbOP.exe
  C:\Windows\System\NHuNbOP.exe
  2⤵
  PID:4660
- C:\Windows\System\xDpLRJU.exe
  C:\Windows\System\xDpLRJU.exe
  2⤵
  PID:5236
- C:\Windows\System\kZfBywM.exe
  C:\Windows\System\kZfBywM.exe
  2⤵
  PID:5276
- C:\Windows\System\eAxoepv.exe
  C:\Windows\System\eAxoepv.exe
  2⤵
  PID:5260
- C:\Windows\System\yfVznPh.exe
  C:\Windows\System\yfVznPh.exe
  2⤵
  PID:5296
- C:\Windows\System\VExaLPo.exe
  C:\Windows\System\VExaLPo.exe
  2⤵
  PID:5396
- C:\Windows\System\QQIATQJ.exe
  C:\Windows\System\QQIATQJ.exe
  2⤵
  PID:5452
- C:\Windows\System\LSlbkSa.exe
  C:\Windows\System\LSlbkSa.exe
  2⤵
  PID:5380
- C:\Windows\System\fGaiWOU.exe
  C:\Windows\System\fGaiWOU.exe
  2⤵
  PID:5528
- C:\Windows\System\nxQlhOz.exe
  C:\Windows\System\nxQlhOz.exe
  2⤵
  PID:5604
- C:\Windows\System\tHPXBCW.exe
  C:\Windows\System\tHPXBCW.exe
  2⤵
  PID:5468
- C:\Windows\System\ErdDOMH.exe
  C:\Windows\System\ErdDOMH.exe
  2⤵
  PID:5508
- C:\Windows\System\LCLoryj.exe
  C:\Windows\System\LCLoryj.exe
  2⤵
  PID:5584
- C:\Windows\System\ZxqdYhy.exe
  C:\Windows\System\ZxqdYhy.exe
  2⤵
  PID:5648
- C:\Windows\System\ycMaVbQ.exe
  C:\Windows\System\ycMaVbQ.exe
  2⤵
  PID:5668
- C:\Windows\System\YeYOhTU.exe
  C:\Windows\System\YeYOhTU.exe
  2⤵
  PID:5684
- C:\Windows\System\fBBJUan.exe
  C:\Windows\System\fBBJUan.exe
  2⤵
  PID:5788
- C:\Windows\System\LiBbzlu.exe
  C:\Windows\System\LiBbzlu.exe
  2⤵
  PID:5860
- C:\Windows\System\wNCVBWe.exe
  C:\Windows\System\wNCVBWe.exe
  2⤵
  PID:5940
- C:\Windows\System\eyvmSBs.exe
  C:\Windows\System\eyvmSBs.exe
  2⤵
  PID:5948
- C:\Windows\System\dbpcWzB.exe
  C:\Windows\System\dbpcWzB.exe
  2⤵
  PID:5700
- C:\Windows\System\sjPMWpb.exe
  C:\Windows\System\sjPMWpb.exe
  2⤵
  PID:5772
- C:\Windows\System\lgAgYfN.exe
  C:\Windows\System\lgAgYfN.exe
  2⤵
  PID:5844
- C:\Windows\System\rlLFjSK.exe
  C:\Windows\System\rlLFjSK.exe
  2⤵
  PID:5992
- C:\Windows\System\iuKkoEn.exe
  C:\Windows\System\iuKkoEn.exe
  2⤵
  PID:5976
- C:\Windows\System\flVSnSI.exe
  C:\Windows\System\flVSnSI.exe
  2⤵
  PID:6044
- C:\Windows\System\EuMnYsF.exe
  C:\Windows\System\EuMnYsF.exe
  2⤵
  PID:6076
- C:\Windows\System\IEJUmBd.exe
  C:\Windows\System\IEJUmBd.exe
  2⤵
  PID:6116
- C:\Windows\System\TVUEfkk.exe
  C:\Windows\System\TVUEfkk.exe
  2⤵
  PID:6140
- C:\Windows\System\OnjpEMy.exe
  C:\Windows\System\OnjpEMy.exe
  2⤵
  PID:5136
- C:\Windows\System\PBxDHqD.exe
  C:\Windows\System\PBxDHqD.exe
  2⤵
  PID:5204
- C:\Windows\System\JNCObtd.exe
  C:\Windows\System\JNCObtd.exe
  2⤵
  PID:5244
- C:\Windows\System\KdxyjgW.exe
  C:\Windows\System\KdxyjgW.exe
  2⤵
  PID:5176
- C:\Windows\System\ZtYQlVf.exe
  C:\Windows\System\ZtYQlVf.exe
  2⤵
  PID:5184
- C:\Windows\System\vKDIDQa.exe
  C:\Windows\System\vKDIDQa.exe
  2⤵
  PID:5448
- C:\Windows\System\SQJDNtG.exe
  C:\Windows\System\SQJDNtG.exe
  2⤵
  PID:5484
- C:\Windows\System\btXWnYT.exe
  C:\Windows\System\btXWnYT.exe
  2⤵
  PID:5652
- C:\Windows\System\EQFTTzd.exe
  C:\Windows\System\EQFTTzd.exe
  2⤵
  PID:5676
- C:\Windows\System\fNrFYaV.exe
  C:\Windows\System\fNrFYaV.exe
  2⤵
  PID:5616
- C:\Windows\System\AjfDNKs.exe
  C:\Windows\System\AjfDNKs.exe
  2⤵
  PID:5504
- C:\Windows\System\lYbkPtF.exe
  C:\Windows\System\lYbkPtF.exe
  2⤵
  PID:5752
- C:\Windows\System\AeWjmcC.exe
  C:\Windows\System\AeWjmcC.exe
  2⤵
  PID:5900
- C:\Windows\System\DIeZwTL.exe
  C:\Windows\System\DIeZwTL.exe
  2⤵
  PID:5696
- C:\Windows\System\QWsggml.exe
  C:\Windows\System\QWsggml.exe
  2⤵
  PID:5804
- C:\Windows\System\llkHzGa.exe
  C:\Windows\System\llkHzGa.exe
  2⤵
  PID:5916
- C:\Windows\System\nSdTttS.exe
  C:\Windows\System\nSdTttS.exe
  2⤵
  PID:5960
- C:\Windows\System\etihvzF.exe
  C:\Windows\System\etihvzF.exe
  2⤵
  PID:6040
- C:\Windows\System\mbcZYpd.exe
  C:\Windows\System\mbcZYpd.exe
  2⤵
  PID:4680
- C:\Windows\System\AKIlGYV.exe
  C:\Windows\System\AKIlGYV.exe
  2⤵
  PID:5140
- C:\Windows\System\boGGYrJ.exe
  C:\Windows\System\boGGYrJ.exe
  2⤵
  PID:6096
- C:\Windows\System\uIKCiFe.exe
  C:\Windows\System\uIKCiFe.exe
  2⤵
  PID:5220
- C:\Windows\System\ivKqpuy.exe
  C:\Windows\System\ivKqpuy.exe
  2⤵
  PID:5216
- C:\Windows\System\HMNsTjk.exe
  C:\Windows\System\HMNsTjk.exe
  2⤵
  PID:5308
- C:\Windows\System\RqcEgBB.exe
  C:\Windows\System\RqcEgBB.exe
  2⤵
  PID:5568
- C:\Windows\System\qJEqFxZ.exe
  C:\Windows\System\qJEqFxZ.exe
  2⤵
  PID:5892
- C:\Windows\System\mOBKsCM.exe
  C:\Windows\System\mOBKsCM.exe
  2⤵
  PID:5932
- C:\Windows\System\hAIZbyM.exe
  C:\Windows\System\hAIZbyM.exe
  2⤵
  PID:5828
- C:\Windows\System\MFKwKIR.exe
  C:\Windows\System\MFKwKIR.exe
  2⤵
  PID:5740
- C:\Windows\System\OFzmjSE.exe
  C:\Windows\System\OFzmjSE.exe
  2⤵
  PID:6012
- C:\Windows\System\nJLnAbO.exe
  C:\Windows\System\nJLnAbO.exe
  2⤵
  PID:6016
- C:\Windows\System\BynSRJX.exe
  C:\Windows\System\BynSRJX.exe
  2⤵
  PID:6072
- C:\Windows\System\IwizaEm.exe
  C:\Windows\System\IwizaEm.exe
  2⤵
  PID:5424
- C:\Windows\System\JGHbcGX.exe
  C:\Windows\System\JGHbcGX.exe
  2⤵
  PID:5160
- C:\Windows\System\PVkKTaY.exe
  C:\Windows\System\PVkKTaY.exe
  2⤵
  PID:5432
- C:\Windows\System\tafYBZu.exe
  C:\Windows\System\tafYBZu.exe
  2⤵
  PID:5716
- C:\Windows\System\JtteVBt.exe
  C:\Windows\System\JtteVBt.exe
  2⤵
  PID:5680
- C:\Windows\System\VxqUMPp.exe
  C:\Windows\System\VxqUMPp.exe
  2⤵
  PID:6156
- C:\Windows\System\gBKzwTq.exe
  C:\Windows\System\gBKzwTq.exe
  2⤵
  PID:6172
- C:\Windows\System\IwMeErP.exe
  C:\Windows\System\IwMeErP.exe
  2⤵
  PID:6188
- C:\Windows\System\TMsvsHx.exe
  C:\Windows\System\TMsvsHx.exe
  2⤵
  PID:6212
- C:\Windows\System\IKRuKtP.exe
  C:\Windows\System\IKRuKtP.exe
  2⤵
  PID:6260
- C:\Windows\System\RjCBhJd.exe
  C:\Windows\System\RjCBhJd.exe
  2⤵
  PID:6280
- C:\Windows\System\ksGbzSK.exe
  C:\Windows\System\ksGbzSK.exe
  2⤵
  PID:6308
- C:\Windows\System\FOKrzyM.exe
  C:\Windows\System\FOKrzyM.exe
  2⤵
  PID:6324
- C:\Windows\System\eVqGVAp.exe
  C:\Windows\System\eVqGVAp.exe
  2⤵
  PID:6340
- C:\Windows\System\dZsltfa.exe
  C:\Windows\System\dZsltfa.exe
  2⤵
  PID:6360
- C:\Windows\System\eNnVhAB.exe
  C:\Windows\System\eNnVhAB.exe
  2⤵
  PID:6384
- C:\Windows\System\ujOhtbC.exe
  C:\Windows\System\ujOhtbC.exe
  2⤵
  PID:6400
- C:\Windows\System\NoAoAFt.exe
  C:\Windows\System\NoAoAFt.exe
  2⤵
  PID:6428
- C:\Windows\System\otzMJFJ.exe
  C:\Windows\System\otzMJFJ.exe
  2⤵
  PID:6444
- C:\Windows\System\FRcNTAa.exe
  C:\Windows\System\FRcNTAa.exe
  2⤵
  PID:6460
- C:\Windows\System\dfalKxy.exe
  C:\Windows\System\dfalKxy.exe
  2⤵
  PID:6480
- C:\Windows\System\RVyTqqq.exe
  C:\Windows\System\RVyTqqq.exe
  2⤵
  PID:6500
- C:\Windows\System\ZwuSXcL.exe
  C:\Windows\System\ZwuSXcL.exe
  2⤵
  PID:6516
- C:\Windows\System\GMDvkfU.exe
  C:\Windows\System\GMDvkfU.exe
  2⤵
  PID:6540
- C:\Windows\System\XQzZryk.exe
  C:\Windows\System\XQzZryk.exe
  2⤵
  PID:6556
- C:\Windows\System\YcpWBSg.exe
  C:\Windows\System\YcpWBSg.exe
  2⤵
  PID:6584
- C:\Windows\System\gcnHGbz.exe
  C:\Windows\System\gcnHGbz.exe
  2⤵
  PID:6604
- C:\Windows\System\gefRoFs.exe
  C:\Windows\System\gefRoFs.exe
  2⤵
  PID:6620
- C:\Windows\System\nuawPrL.exe
  C:\Windows\System\nuawPrL.exe
  2⤵
  PID:6644
- C:\Windows\System\yBQWbTA.exe
  C:\Windows\System\yBQWbTA.exe
  2⤵
  PID:6660
- C:\Windows\System\ZNctbYM.exe
  C:\Windows\System\ZNctbYM.exe
  2⤵
  PID:6688
- C:\Windows\System\AoaBuKu.exe
  C:\Windows\System\AoaBuKu.exe
  2⤵
  PID:6704
- C:\Windows\System\BjUGRAv.exe
  C:\Windows\System\BjUGRAv.exe
  2⤵
  PID:6720
- C:\Windows\System\HzPHZjf.exe
  C:\Windows\System\HzPHZjf.exe
  2⤵
  PID:6740
- C:\Windows\System\bYIBgPL.exe
  C:\Windows\System\bYIBgPL.exe
  2⤵
  PID:6756
- C:\Windows\System\XhRxEiM.exe
  C:\Windows\System\XhRxEiM.exe
  2⤵
  PID:6772
- C:\Windows\System\izyCXXG.exe
  C:\Windows\System\izyCXXG.exe
  2⤵
  PID:6800
- C:\Windows\System\xgdPgaG.exe
  C:\Windows\System\xgdPgaG.exe
  2⤵
  PID:6820
- C:\Windows\System\IxKlDoD.exe
  C:\Windows\System\IxKlDoD.exe
  2⤵
  PID:6840
- C:\Windows\System\dhGnsLd.exe
  C:\Windows\System\dhGnsLd.exe
  2⤵
  PID:6856
- C:\Windows\System\SQczkcb.exe
  C:\Windows\System\SQczkcb.exe
  2⤵
  PID:6876
- C:\Windows\System\QEqCZJx.exe
  C:\Windows\System\QEqCZJx.exe
  2⤵
  PID:6892
- C:\Windows\System\PmBclHu.exe
  C:\Windows\System\PmBclHu.exe
  2⤵
  PID:6908
- C:\Windows\System\eCHLcZQ.exe
  C:\Windows\System\eCHLcZQ.exe
  2⤵
  PID:6948
- C:\Windows\System\RmXqYrc.exe
  C:\Windows\System\RmXqYrc.exe
  2⤵
  PID:6964
- C:\Windows\System\FyNGJFr.exe
  C:\Windows\System\FyNGJFr.exe
  2⤵
  PID:6980
- C:\Windows\System\sBFONUo.exe
  C:\Windows\System\sBFONUo.exe
  2⤵
  PID:7004
- C:\Windows\System\tStsMGy.exe
  C:\Windows\System\tStsMGy.exe
  2⤵
  PID:7024
- C:\Windows\System\lBLgQGq.exe
  C:\Windows\System\lBLgQGq.exe
  2⤵
  PID:7044
- C:\Windows\System\wnblTBa.exe
  C:\Windows\System\wnblTBa.exe
  2⤵
  PID:7060
- C:\Windows\System\BhWxIyG.exe
  C:\Windows\System\BhWxIyG.exe
  2⤵
  PID:7080
- C:\Windows\System\kQVVINs.exe
  C:\Windows\System\kQVVINs.exe
  2⤵
  PID:7096
- C:\Windows\System\iSZXNQN.exe
  C:\Windows\System\iSZXNQN.exe
  2⤵
  PID:7128
- C:\Windows\System\ViUsNwF.exe
  C:\Windows\System\ViUsNwF.exe
  2⤵
  PID:7144
- C:\Windows\System\BJNwDiW.exe
  C:\Windows\System\BJNwDiW.exe
  2⤵
  PID:7164
- C:\Windows\System\fMapxDw.exe
  C:\Windows\System\fMapxDw.exe
  2⤵
  PID:5572
- C:\Windows\System\QUhfCvj.exe
  C:\Windows\System\QUhfCvj.exe
  2⤵
  PID:5376
- C:\Windows\System\TtjQIVv.exe
  C:\Windows\System\TtjQIVv.exe
  2⤵
  PID:6180
- C:\Windows\System\ZajMltw.exe
  C:\Windows\System\ZajMltw.exe
  2⤵
  PID:6236
- C:\Windows\System\DfOFIcT.exe
  C:\Windows\System\DfOFIcT.exe
  2⤵
  PID:6256
- C:\Windows\System\TZtTVQI.exe
  C:\Windows\System\TZtTVQI.exe
  2⤵
  PID:5712
- C:\Windows\System\EnPbwCd.exe
  C:\Windows\System\EnPbwCd.exe
  2⤵
  PID:5412
- C:\Windows\System\PtlNohc.exe
  C:\Windows\System\PtlNohc.exe
  2⤵
  PID:5720
- C:\Windows\System\vqKVKhX.exe
  C:\Windows\System\vqKVKhX.exe
  2⤵
  PID:6208
- C:\Windows\System\YdiAqXa.exe
  C:\Windows\System\YdiAqXa.exe
  2⤵
  PID:6292
- C:\Windows\System\AnMFbDP.exe
  C:\Windows\System\AnMFbDP.exe
  2⤵
  PID:6368
- C:\Windows\System\JTNOpIS.exe
  C:\Windows\System\JTNOpIS.exe
  2⤵
  PID:6356
- C:\Windows\System\FYRgJGE.exe
  C:\Windows\System\FYRgJGE.exe
  2⤵
  PID:6408
- C:\Windows\System\rEYYIxe.exe
  C:\Windows\System\rEYYIxe.exe
  2⤵
  PID:6424
- C:\Windows\System\hpfsJYF.exe
  C:\Windows\System\hpfsJYF.exe
  2⤵
  PID:6488
- C:\Windows\System\OGUMDTk.exe
  C:\Windows\System\OGUMDTk.exe
  2⤵
  PID:6472
- C:\Windows\System\hjLsdty.exe
  C:\Windows\System\hjLsdty.exe
  2⤵
  PID:6528
- C:\Windows\System\ZEphHNw.exe
  C:\Windows\System\ZEphHNw.exe
  2⤵
  PID:6552
- C:\Windows\System\iCpqhVF.exe
  C:\Windows\System\iCpqhVF.exe
  2⤵
  PID:6576
- C:\Windows\System\pSdEbgd.exe
  C:\Windows\System\pSdEbgd.exe
  2⤵
  PID:6600
- C:\Windows\System\mOLYyHC.exe
  C:\Windows\System\mOLYyHC.exe
  2⤵
  PID:6656
- C:\Windows\System\FNnMtVD.exe
  C:\Windows\System\FNnMtVD.exe
  2⤵
  PID:6668
- C:\Windows\System\HmhhPLA.exe
  C:\Windows\System\HmhhPLA.exe
  2⤵
  PID:6672
- C:\Windows\System\XPkQxra.exe
  C:\Windows\System\XPkQxra.exe
  2⤵
  PID:6716
- C:\Windows\System\TjuWMhA.exe
  C:\Windows\System\TjuWMhA.exe
  2⤵
  PID:6796
- C:\Windows\System\ekaijSB.exe
  C:\Windows\System\ekaijSB.exe
  2⤵
  PID:6888
- C:\Windows\System\DdxmgrO.exe
  C:\Windows\System\DdxmgrO.exe
  2⤵
  PID:6836
- C:\Windows\System\qWRGOiq.exe
  C:\Windows\System\qWRGOiq.exe
  2⤵
  PID:6904
- C:\Windows\System\LtsWALh.exe
  C:\Windows\System\LtsWALh.exe
  2⤵
  PID:6936
- C:\Windows\System\NuXpWIw.exe
  C:\Windows\System\NuXpWIw.exe
  2⤵
  PID:6972
- C:\Windows\System\isXaMnZ.exe
  C:\Windows\System\isXaMnZ.exe
  2⤵
  PID:6988
- C:\Windows\System\EmZqyxR.exe
  C:\Windows\System\EmZqyxR.exe
  2⤵
  PID:6996
- C:\Windows\System\poYxWrc.exe
  C:\Windows\System\poYxWrc.exe
  2⤵
  PID:7040
- C:\Windows\System\qJALFWD.exe
  C:\Windows\System\qJALFWD.exe
  2⤵
  PID:7104
- C:\Windows\System\GdNDmgx.exe
  C:\Windows\System\GdNDmgx.exe
  2⤵
  PID:7108
- C:\Windows\System\sUSYJYi.exe
  C:\Windows\System\sUSYJYi.exe
  2⤵
  PID:7156
- C:\Windows\System\eVKDavx.exe
  C:\Windows\System\eVKDavx.exe
  2⤵
  PID:6148
- C:\Windows\System\KFxgijj.exe
  C:\Windows\System\KFxgijj.exe
  2⤵
  PID:6228
- C:\Windows\System\YHJZBjK.exe
  C:\Windows\System\YHJZBjK.exe
  2⤵
  PID:6232
- C:\Windows\System\zXxrudS.exe
  C:\Windows\System\zXxrudS.exe
  2⤵
  PID:6296
- C:\Windows\System\XhHAEPp.exe
  C:\Windows\System\XhHAEPp.exe
  2⤵
  PID:5972
- C:\Windows\System\vSXoklX.exe
  C:\Windows\System\vSXoklX.exe
  2⤵
  PID:6380
- C:\Windows\System\FfQyIIz.exe
  C:\Windows\System\FfQyIIz.exe
  2⤵
  PID:6348
- C:\Windows\System\cSoimpq.exe
  C:\Windows\System\cSoimpq.exe
  2⤵
  PID:6412
- C:\Windows\System\JJNVPdB.exe
  C:\Windows\System\JJNVPdB.exe
  2⤵
  PID:6568
- C:\Windows\System\dzGLRtC.exe
  C:\Windows\System\dzGLRtC.exe
  2⤵
  PID:6680
- C:\Windows\System\Apwvnau.exe
  C:\Windows\System\Apwvnau.exe
  2⤵
  PID:6524
- C:\Windows\System\aFNfIIa.exe
  C:\Windows\System\aFNfIIa.exe
  2⤵
  PID:6632
- C:\Windows\System\BDgzsqR.exe
  C:\Windows\System\BDgzsqR.exe
  2⤵
  PID:6732
- C:\Windows\System\cItzIDs.exe
  C:\Windows\System\cItzIDs.exe
  2⤵
  PID:6848
- C:\Windows\System\LEYNqXf.exe
  C:\Windows\System\LEYNqXf.exe
  2⤵
  PID:6792
- C:\Windows\System\MtOrwHg.exe
  C:\Windows\System\MtOrwHg.exe
  2⤵
  PID:6852
- C:\Windows\System\TkJHoza.exe
  C:\Windows\System\TkJHoza.exe
  2⤵
  PID:6868
- C:\Windows\System\cPfgeWL.exe
  C:\Windows\System\cPfgeWL.exe
  2⤵
  PID:7000
- C:\Windows\System\mHxDgtH.exe
  C:\Windows\System\mHxDgtH.exe
  2⤵
  PID:7032
- C:\Windows\System\DJEZVTj.exe
  C:\Windows\System\DJEZVTj.exe
  2⤵
  PID:6956
- C:\Windows\System\YMmXRWD.exe
  C:\Windows\System\YMmXRWD.exe
  2⤵
  PID:6132
- C:\Windows\System\gQyFWHI.exe
  C:\Windows\System\gQyFWHI.exe
  2⤵
  PID:5896
- C:\Windows\System\pPuXvLQ.exe
  C:\Windows\System\pPuXvLQ.exe
  2⤵
  PID:5292
- C:\Windows\System\SkzzxTE.exe
  C:\Windows\System\SkzzxTE.exe
  2⤵
  PID:5356
- C:\Windows\System\Yusjkmi.exe
  C:\Windows\System\Yusjkmi.exe
  2⤵
  PID:6376
- C:\Windows\System\HSAjreF.exe
  C:\Windows\System\HSAjreF.exe
  2⤵
  PID:6512
- C:\Windows\System\nofsDcA.exe
  C:\Windows\System\nofsDcA.exe
  2⤵
  PID:6640
- C:\Windows\System\crFLvwy.exe
  C:\Windows\System\crFLvwy.exe
  2⤵
  PID:6352
- C:\Windows\System\RXDkHyN.exe
  C:\Windows\System\RXDkHyN.exe
  2⤵
  PID:6764
- C:\Windows\System\zQHodzo.exe
  C:\Windows\System\zQHodzo.exe
  2⤵
  PID:6788
- C:\Windows\System\NjtkbVm.exe
  C:\Windows\System\NjtkbVm.exe
  2⤵
  PID:7092
- C:\Windows\System\lzUzOwp.exe
  C:\Windows\System\lzUzOwp.exe
  2⤵
  PID:6248
- C:\Windows\System\BGFRPPF.exe
  C:\Windows\System\BGFRPPF.exe
  2⤵
  PID:6252
- C:\Windows\System\oHIhVsw.exe
  C:\Windows\System\oHIhVsw.exe
  2⤵
  PID:7140
- C:\Windows\System\zhZELPw.exe
  C:\Windows\System\zhZELPw.exe
  2⤵
  PID:6224
- C:\Windows\System\mAEnWVJ.exe
  C:\Windows\System\mAEnWVJ.exe
  2⤵
  PID:6196
- C:\Windows\System\HzoAisZ.exe
  C:\Windows\System\HzoAisZ.exe
  2⤵
  PID:6204
- C:\Windows\System\JyAysTi.exe
  C:\Windows\System\JyAysTi.exe
  2⤵
  PID:6468
- C:\Windows\System\NJJNuIA.exe
  C:\Windows\System\NJJNuIA.exe
  2⤵
  PID:6816
- C:\Windows\System\kYJgGSl.exe
  C:\Windows\System\kYJgGSl.exe
  2⤵
  PID:6828
- C:\Windows\System\ZFQwHAt.exe
  C:\Windows\System\ZFQwHAt.exe
  2⤵
  PID:6920
- C:\Windows\System\YVakssZ.exe
  C:\Windows\System\YVakssZ.exe
  2⤵
  PID:7072
- C:\Windows\System\eosATrg.exe
  C:\Windows\System\eosATrg.exe
  2⤵
  PID:6532
- C:\Windows\System\AebQdsl.exe
  C:\Windows\System\AebQdsl.exe
  2⤵
  PID:6276
- C:\Windows\System\ocwBiYK.exe
  C:\Windows\System\ocwBiYK.exe
  2⤵
  PID:6684
- C:\Windows\System\PIyEEYf.exe
  C:\Windows\System\PIyEEYf.exe
  2⤵
  PID:6456
- C:\Windows\System\CnNMolJ.exe
  C:\Windows\System\CnNMolJ.exe
  2⤵
  PID:6168
- C:\Windows\System\XrArMau.exe
  C:\Windows\System\XrArMau.exe
  2⤵
  PID:6652
- C:\Windows\System\XAGmnBa.exe
  C:\Windows\System\XAGmnBa.exe
  2⤵
  PID:6288
- C:\Windows\System\zBSXkkL.exe
  C:\Windows\System\zBSXkkL.exe
  2⤵
  PID:6736
- C:\Windows\System\FvONrbt.exe
  C:\Windows\System\FvONrbt.exe
  2⤵
  PID:988
- C:\Windows\System\xMRHUZI.exe
  C:\Windows\System\xMRHUZI.exe
  2⤵
  PID:7176
- C:\Windows\System\PegZPrA.exe
  C:\Windows\System\PegZPrA.exe
  2⤵
  PID:7192
- C:\Windows\System\vhUzkbb.exe
  C:\Windows\System\vhUzkbb.exe
  2⤵
  PID:7208
- C:\Windows\System\WbwqklA.exe
  C:\Windows\System\WbwqklA.exe
  2⤵
  PID:7228
- C:\Windows\System\OECCObx.exe
  C:\Windows\System\OECCObx.exe
  2⤵
  PID:7244
- C:\Windows\System\NchbfrW.exe
  C:\Windows\System\NchbfrW.exe
  2⤵
  PID:7260
- C:\Windows\System\HqnkeQk.exe
  C:\Windows\System\HqnkeQk.exe
  2⤵
  PID:7280
- C:\Windows\System\CIBexTT.exe
  C:\Windows\System\CIBexTT.exe
  2⤵
  PID:7300
- C:\Windows\System\XLRDPDx.exe
  C:\Windows\System\XLRDPDx.exe
  2⤵
  PID:7316
- C:\Windows\System\bxoaoaG.exe
  C:\Windows\System\bxoaoaG.exe
  2⤵
  PID:7332
- C:\Windows\System\eWzuuqG.exe
  C:\Windows\System\eWzuuqG.exe
  2⤵
  PID:7348
- C:\Windows\System\pwVWHKP.exe
  C:\Windows\System\pwVWHKP.exe
  2⤵
  PID:7372
- C:\Windows\System\VSVPtoV.exe
  C:\Windows\System\VSVPtoV.exe
  2⤵
  PID:7388
- C:\Windows\System\wPtRHvs.exe
  C:\Windows\System\wPtRHvs.exe
  2⤵
  PID:7408
- C:\Windows\System\PaInqjM.exe
  C:\Windows\System\PaInqjM.exe
  2⤵
  PID:7424
- C:\Windows\System\fFrxZOX.exe
  C:\Windows\System\fFrxZOX.exe
  2⤵
  PID:7440
- C:\Windows\System\lcuRUsX.exe
  C:\Windows\System\lcuRUsX.exe
  2⤵
  PID:7456
- C:\Windows\System\sEfZLoh.exe
  C:\Windows\System\sEfZLoh.exe
  2⤵
  PID:7480
- C:\Windows\System\WlzPVsC.exe
  C:\Windows\System\WlzPVsC.exe
  2⤵
  PID:7496
- C:\Windows\System\FIEvjAd.exe
  C:\Windows\System\FIEvjAd.exe
  2⤵
  PID:7512
- C:\Windows\System\iRMJLbl.exe
  C:\Windows\System\iRMJLbl.exe
  2⤵
  PID:7528
- C:\Windows\System\MkXmBCm.exe
  C:\Windows\System\MkXmBCm.exe
  2⤵
  PID:7544
- C:\Windows\System\XdGTSSL.exe
  C:\Windows\System\XdGTSSL.exe
  2⤵
  PID:7560
- C:\Windows\System\HikAEQh.exe
  C:\Windows\System\HikAEQh.exe
  2⤵
  PID:7576
- C:\Windows\System\USdbHOF.exe
  C:\Windows\System\USdbHOF.exe
  2⤵
  PID:7592
- C:\Windows\System\veZNWsN.exe
  C:\Windows\System\veZNWsN.exe
  2⤵
  PID:7608
- C:\Windows\System\uUjkDPE.exe
  C:\Windows\System\uUjkDPE.exe
  2⤵
  PID:7624
- C:\Windows\System\IbxLbZt.exe
  C:\Windows\System\IbxLbZt.exe
  2⤵
  PID:7640
- C:\Windows\System\fDqcXEA.exe
  C:\Windows\System\fDqcXEA.exe
  2⤵
  PID:7656
- C:\Windows\System\xecLyKv.exe
  C:\Windows\System\xecLyKv.exe
  2⤵
  PID:7672
- C:\Windows\System\FqDpZdD.exe
  C:\Windows\System\FqDpZdD.exe
  2⤵
  PID:7688
- C:\Windows\System\cUGBdyW.exe
  C:\Windows\System\cUGBdyW.exe
  2⤵
  PID:7704
- C:\Windows\System\HQIdvQA.exe
  C:\Windows\System\HQIdvQA.exe
  2⤵
  PID:7720
- C:\Windows\System\AIptCRa.exe
  C:\Windows\System\AIptCRa.exe
  2⤵
  PID:7736
- C:\Windows\System\WXbmJnO.exe
  C:\Windows\System\WXbmJnO.exe
  2⤵
  PID:7752
- C:\Windows\System\LhtMLln.exe
  C:\Windows\System\LhtMLln.exe
  2⤵
  PID:7768
- C:\Windows\System\tOAByYH.exe
  C:\Windows\System\tOAByYH.exe
  2⤵
  PID:7784
- C:\Windows\System\UPQQOmf.exe
  C:\Windows\System\UPQQOmf.exe
  2⤵
  PID:7800
- C:\Windows\System\iLxdJnz.exe
  C:\Windows\System\iLxdJnz.exe
  2⤵
  PID:7816
- C:\Windows\System\uscInOF.exe
  C:\Windows\System\uscInOF.exe
  2⤵
  PID:7832
- C:\Windows\System\zgmuSro.exe
  C:\Windows\System\zgmuSro.exe
  2⤵
  PID:7848
- C:\Windows\System\qLPKxWz.exe
  C:\Windows\System\qLPKxWz.exe
  2⤵
  PID:7864
- C:\Windows\System\iRWxPQY.exe
  C:\Windows\System\iRWxPQY.exe
  2⤵
  PID:7880
- C:\Windows\System\mXyeKVn.exe
  C:\Windows\System\mXyeKVn.exe
  2⤵
  PID:7896
- C:\Windows\System\guQucCH.exe
  C:\Windows\System\guQucCH.exe
  2⤵
  PID:7912
- C:\Windows\System\DYylNcy.exe
  C:\Windows\System\DYylNcy.exe
  2⤵
  PID:7928
- C:\Windows\System\gfmFUUm.exe
  C:\Windows\System\gfmFUUm.exe
  2⤵
  PID:7944
- C:\Windows\System\xbfvzeP.exe
  C:\Windows\System\xbfvzeP.exe
  2⤵
  PID:7960
- C:\Windows\System\yTAlLWy.exe
  C:\Windows\System\yTAlLWy.exe
  2⤵
  PID:7976
- C:\Windows\System\tLiVTrU.exe
  C:\Windows\System\tLiVTrU.exe
  2⤵
  PID:7992
- C:\Windows\System\JDqtUZM.exe
  C:\Windows\System\JDqtUZM.exe
  2⤵
  PID:8008
- C:\Windows\System\sNAgdpr.exe
  C:\Windows\System\sNAgdpr.exe
  2⤵
  PID:8024
- C:\Windows\System\ihgRAbm.exe
  C:\Windows\System\ihgRAbm.exe
  2⤵
  PID:8040
- C:\Windows\System\xeEFkcV.exe
  C:\Windows\System\xeEFkcV.exe
  2⤵
  PID:8056
- C:\Windows\System\HzbLUHl.exe
  C:\Windows\System\HzbLUHl.exe
  2⤵
  PID:8072
- C:\Windows\System\DrPxXXX.exe
  C:\Windows\System\DrPxXXX.exe
  2⤵
  PID:8088
- C:\Windows\System\iKgaZvp.exe
  C:\Windows\System\iKgaZvp.exe
  2⤵
  PID:8104
- C:\Windows\System\padNzaz.exe
  C:\Windows\System\padNzaz.exe
  2⤵
  PID:8120
- C:\Windows\System\WTEDfZh.exe
  C:\Windows\System\WTEDfZh.exe
  2⤵
  PID:8136
- C:\Windows\System\ceMSQZu.exe
  C:\Windows\System\ceMSQZu.exe
  2⤵
  PID:8152
- C:\Windows\System\fFWAiMZ.exe
  C:\Windows\System\fFWAiMZ.exe
  2⤵
  PID:8168
- C:\Windows\System\wthhqpE.exe
  C:\Windows\System\wthhqpE.exe
  2⤵
  PID:8184
- C:\Windows\System\sLZNOSE.exe
  C:\Windows\System\sLZNOSE.exe
  2⤵
  PID:7184
- C:\Windows\System\aILFeyt.exe
  C:\Windows\System\aILFeyt.exe
  2⤵
  PID:7224
- C:\Windows\System\bpPvBFZ.exe
  C:\Windows\System\bpPvBFZ.exe
  2⤵
  PID:7324
- C:\Windows\System\IDJKSDt.exe
  C:\Windows\System\IDJKSDt.exe
  2⤵
  PID:7356
- C:\Windows\System\zyXlmJJ.exe
  C:\Windows\System\zyXlmJJ.exe
  2⤵
  PID:7396
- C:\Windows\System\okeYgKE.exe
  C:\Windows\System\okeYgKE.exe
  2⤵
  PID:7272
- C:\Windows\System\YVWInDk.exe
  C:\Windows\System\YVWInDk.exe
  2⤵
  PID:7344
- C:\Windows\System\fTEuMKf.exe
  C:\Windows\System\fTEuMKf.exe
  2⤵
  PID:7240
- C:\Windows\System\DIOllmE.exe
  C:\Windows\System\DIOllmE.exe
  2⤵
  PID:6884
- C:\Windows\System\DaQyQrM.exe
  C:\Windows\System\DaQyQrM.exe
  2⤵
  PID:7436
- C:\Windows\System\egHhbIZ.exe
  C:\Windows\System\egHhbIZ.exe
  2⤵
  PID:7472
- C:\Windows\System\yocNeFY.exe
  C:\Windows\System\yocNeFY.exe
  2⤵
  PID:7488
- C:\Windows\System\dyLVtkr.exe
  C:\Windows\System\dyLVtkr.exe
  2⤵
  PID:7552
- C:\Windows\System\HwPIULq.exe
  C:\Windows\System\HwPIULq.exe
  2⤵
  PID:7568
- C:\Windows\System\dKqAYkW.exe
  C:\Windows\System\dKqAYkW.exe
  2⤵
  PID:7600
- C:\Windows\System\PNeMBtO.exe
  C:\Windows\System\PNeMBtO.exe
  2⤵
  PID:7620
- C:\Windows\System\NcNtxui.exe
  C:\Windows\System\NcNtxui.exe
  2⤵
  PID:7664
- C:\Windows\System\mDWuXVT.exe
  C:\Windows\System\mDWuXVT.exe
  2⤵
  PID:7684
- C:\Windows\System\HJconsT.exe
  C:\Windows\System\HJconsT.exe
  2⤵
  PID:7732
- C:\Windows\System\ToOxaJO.exe
  C:\Windows\System\ToOxaJO.exe
  2⤵
  PID:7748
- C:\Windows\System\EntqYVQ.exe
  C:\Windows\System\EntqYVQ.exe
  2⤵
  PID:7780
- C:\Windows\System\wnzTiZQ.exe
  C:\Windows\System\wnzTiZQ.exe
  2⤵
  PID:7824
- C:\Windows\System\jxrwpUK.exe
  C:\Windows\System\jxrwpUK.exe
  2⤵
  PID:7892
- C:\Windows\System\yPxDNBW.exe
  C:\Windows\System\yPxDNBW.exe
  2⤵
  PID:7924
- C:\Windows\System\bIBNMyy.exe
  C:\Windows\System\bIBNMyy.exe
  2⤵
  PID:8016
- C:\Windows\System\ardBgva.exe
  C:\Windows\System\ardBgva.exe
  2⤵
  PID:8032
- C:\Windows\System\SJhiMue.exe
  C:\Windows\System\SJhiMue.exe
  2⤵
  PID:7844
- C:\Windows\System\jntZrGD.exe
  C:\Windows\System\jntZrGD.exe
  2⤵
  PID:7908
- C:\Windows\System\FPOJnUw.exe
  C:\Windows\System\FPOJnUw.exe
  2⤵
  PID:7972
- C:\Windows\System\LSloRaE.exe
  C:\Windows\System\LSloRaE.exe
  2⤵
  PID:8080
- C:\Windows\System\oeaZzMp.exe
  C:\Windows\System\oeaZzMp.exe
  2⤵
  PID:8100
- C:\Windows\System\CjYcCrv.exe
  C:\Windows\System\CjYcCrv.exe
  2⤵
  PID:8176
- C:\Windows\System\sjVAsMs.exe
  C:\Windows\System\sjVAsMs.exe
  2⤵
  PID:7292
- C:\Windows\System\FsFoRyI.exe
  C:\Windows\System\FsFoRyI.exe
  2⤵
  PID:7288
- C:\Windows\System\HWkVzbd.exe
  C:\Windows\System\HWkVzbd.exe
  2⤵
  PID:7256
- C:\Windows\System\LKsmrzB.exe
  C:\Windows\System\LKsmrzB.exe
  2⤵
  PID:7368
- C:\Windows\System\VSUVzwT.exe
  C:\Windows\System\VSUVzwT.exe
  2⤵
  PID:7364
- C:\Windows\System\EAfQnWn.exe
  C:\Windows\System\EAfQnWn.exe
  2⤵
  PID:7420
- C:\Windows\System\upDFyMw.exe
  C:\Windows\System\upDFyMw.exe
  2⤵
  PID:7468
- C:\Windows\System\AYpHajn.exe
  C:\Windows\System\AYpHajn.exe
  2⤵
  PID:7504
- C:\Windows\System\vBeqzPK.exe
  C:\Windows\System\vBeqzPK.exe
  2⤵
  PID:7588
- C:\Windows\System\xBqUtqu.exe
  C:\Windows\System\xBqUtqu.exe
  2⤵
  PID:7776
- C:\Windows\System\ulwGuYW.exe
  C:\Windows\System\ulwGuYW.exe
  2⤵
  PID:7632
- C:\Windows\System\JguWLsu.exe
  C:\Windows\System\JguWLsu.exe
  2⤵
  PID:7796
- C:\Windows\System\OtuOLfv.exe
  C:\Windows\System\OtuOLfv.exe
  2⤵
  PID:8048
- C:\Windows\System\ZwqgRoE.exe
  C:\Windows\System\ZwqgRoE.exe
  2⤵
  PID:8064
- C:\Windows\System\YyzPpsO.exe
  C:\Windows\System\YyzPpsO.exe
  2⤵
  PID:7716
- C:\Windows\System\uajmkaq.exe
  C:\Windows\System\uajmkaq.exe
  2⤵
  PID:7968
- C:\Windows\System\CUwwIPt.exe
  C:\Windows\System\CUwwIPt.exe
  2⤵
  PID:8148
- C:\Windows\System\oYbaOLl.exe
  C:\Windows\System\oYbaOLl.exe
  2⤵
  PID:7268
- C:\Windows\System\KdpFdta.exe
  C:\Windows\System\KdpFdta.exe
  2⤵
  PID:7200
- C:\Windows\System\VIXYoKQ.exe
  C:\Windows\System\VIXYoKQ.exe
  2⤵
  PID:7404
- C:\Windows\System\KvGsyBy.exe
  C:\Windows\System\KvGsyBy.exe
  2⤵
  PID:7680
- C:\Windows\System\tXbRwRK.exe
  C:\Windows\System\tXbRwRK.exe
  2⤵
  PID:7700
- C:\Windows\System\NdXZCUT.exe
  C:\Windows\System\NdXZCUT.exe
  2⤵
  PID:7876
- C:\Windows\System\lXuPjZc.exe
  C:\Windows\System\lXuPjZc.exe
  2⤵
  PID:7860
- C:\Windows\System\LXzYURC.exe
  C:\Windows\System\LXzYURC.exe
  2⤵
  PID:8144
- C:\Windows\System\ImnjGxo.exe
  C:\Windows\System\ImnjGxo.exe
  2⤵
  PID:6220
- C:\Windows\System\YWlYzfs.exe
  C:\Windows\System\YWlYzfs.exe
  2⤵
  PID:7508
- C:\Windows\System\wClrsgl.exe
  C:\Windows\System\wClrsgl.exe
  2⤵
  PID:7448
- C:\Windows\System\gmUfNEW.exe
  C:\Windows\System\gmUfNEW.exe
  2⤵
  PID:7572
- C:\Windows\System\ZXJOnQM.exe
  C:\Windows\System\ZXJOnQM.exe
  2⤵
  PID:7712
- C:\Windows\System\dZPLfaQ.exe
  C:\Windows\System\dZPLfaQ.exe
  2⤵
  PID:8160
- C:\Windows\System\SWqBTne.exe
  C:\Windows\System\SWqBTne.exe
  2⤵
  PID:7464
- C:\Windows\System\mnTyBVG.exe
  C:\Windows\System\mnTyBVG.exe
  2⤵
  PID:8112
- C:\Windows\System\swCOyKh.exe
  C:\Windows\System\swCOyKh.exe
  2⤵
  PID:8208
- C:\Windows\System\RpPvYmR.exe
  C:\Windows\System\RpPvYmR.exe
  2⤵
  PID:8236
- C:\Windows\System\UROuFgH.exe
  C:\Windows\System\UROuFgH.exe
  2⤵
  PID:8264
- C:\Windows\System\cuvsnZO.exe
  C:\Windows\System\cuvsnZO.exe
  2⤵
  PID:8280
- C:\Windows\System\oiEdgzJ.exe
  C:\Windows\System\oiEdgzJ.exe
  2⤵
  PID:8296
- C:\Windows\System\QChacXp.exe
  C:\Windows\System\QChacXp.exe
  2⤵
  PID:8316
- C:\Windows\System\eejwnVH.exe
  C:\Windows\System\eejwnVH.exe
  2⤵
  PID:8332
- C:\Windows\System\ezodaZd.exe
  C:\Windows\System\ezodaZd.exe
  2⤵
  PID:8348
- C:\Windows\System\oJYzdig.exe
  C:\Windows\System\oJYzdig.exe
  2⤵
  PID:8376
- C:\Windows\System\uZeHYto.exe
  C:\Windows\System\uZeHYto.exe
  2⤵
  PID:8396
- C:\Windows\System\MAuisow.exe
  C:\Windows\System\MAuisow.exe
  2⤵
  PID:8416
- C:\Windows\System\NeAlRkM.exe
  C:\Windows\System\NeAlRkM.exe
  2⤵
  PID:8432
- C:\Windows\System\DyNtiQa.exe
  C:\Windows\System\DyNtiQa.exe
  2⤵
  PID:8452
- C:\Windows\System\irvlYED.exe
  C:\Windows\System\irvlYED.exe
  2⤵
  PID:8468
- C:\Windows\System\BPUIuwE.exe
  C:\Windows\System\BPUIuwE.exe
  2⤵
  PID:8484
- C:\Windows\System\mQKJltS.exe
  C:\Windows\System\mQKJltS.exe
  2⤵
  PID:8500
- C:\Windows\System\gUmrLfj.exe
  C:\Windows\System\gUmrLfj.exe
  2⤵
  PID:8520
- C:\Windows\System\xpcwZqq.exe
  C:\Windows\System\xpcwZqq.exe
  2⤵
  PID:8536
- C:\Windows\System\AeQoZBh.exe
  C:\Windows\System\AeQoZBh.exe
  2⤵
  PID:8552
- C:\Windows\System\nlDhqXm.exe
  C:\Windows\System\nlDhqXm.exe
  2⤵
  PID:8568
- C:\Windows\System\wvtWNkg.exe
  C:\Windows\System\wvtWNkg.exe
  2⤵
  PID:8588
- C:\Windows\System\yThtXVU.exe
  C:\Windows\System\yThtXVU.exe
  2⤵
  PID:8604
- C:\Windows\System\MyJVKFc.exe
  C:\Windows\System\MyJVKFc.exe
  2⤵
  PID:8620
- C:\Windows\System\BNrmiLi.exe
  C:\Windows\System\BNrmiLi.exe
  2⤵
  PID:8636
- C:\Windows\System\FDkjlQz.exe
  C:\Windows\System\FDkjlQz.exe
  2⤵
  PID:8656
- C:\Windows\System\QBLbzDb.exe
  C:\Windows\System\QBLbzDb.exe
  2⤵
  PID:8672
- C:\Windows\System\RGsRcjS.exe
  C:\Windows\System\RGsRcjS.exe
  2⤵
  PID:8688
- C:\Windows\System\vuqjVEm.exe
  C:\Windows\System\vuqjVEm.exe
  2⤵
  PID:8704
- C:\Windows\System\JclLKLk.exe
  C:\Windows\System\JclLKLk.exe
  2⤵
  PID:8728
- C:\Windows\System\XSMUqHz.exe
  C:\Windows\System\XSMUqHz.exe
  2⤵
  PID:8744
- C:\Windows\System\cfeaVqe.exe
  C:\Windows\System\cfeaVqe.exe
  2⤵
  PID:8760
- C:\Windows\System\xRjSnGX.exe
  C:\Windows\System\xRjSnGX.exe
  2⤵
  PID:8776
- C:\Windows\System\XEgrOiF.exe
  C:\Windows\System\XEgrOiF.exe
  2⤵
  PID:8792
- C:\Windows\System\zkKmNPd.exe
  C:\Windows\System\zkKmNPd.exe
  2⤵
  PID:8808
- C:\Windows\System\gBGuARC.exe
  C:\Windows\System\gBGuARC.exe
  2⤵
  PID:8824
- C:\Windows\System\cYznHTs.exe
  C:\Windows\System\cYznHTs.exe
  2⤵
  PID:8844
- C:\Windows\System\DlonAbJ.exe
  C:\Windows\System\DlonAbJ.exe
  2⤵
  PID:8860
- C:\Windows\System\ZxezTIl.exe
  C:\Windows\System\ZxezTIl.exe
  2⤵
  PID:8876
- C:\Windows\System\MMrmwVn.exe
  C:\Windows\System\MMrmwVn.exe
  2⤵
  PID:8892
- C:\Windows\System\fuJNFXi.exe
  C:\Windows\System\fuJNFXi.exe
  2⤵
  PID:8908
- C:\Windows\System\gZAlBza.exe
  C:\Windows\System\gZAlBza.exe
  2⤵
  PID:8924
- C:\Windows\System\htgHZTe.exe
  C:\Windows\System\htgHZTe.exe
  2⤵
  PID:8940
- C:\Windows\System\lbophvi.exe
  C:\Windows\System\lbophvi.exe
  2⤵
  PID:8956
- C:\Windows\System\xdgwVUG.exe
  C:\Windows\System\xdgwVUG.exe
  2⤵
  PID:8972
- C:\Windows\System\iihMVjH.exe
  C:\Windows\System\iihMVjH.exe
  2⤵
  PID:8988
- C:\Windows\System\LwaGHBy.exe
  C:\Windows\System\LwaGHBy.exe
  2⤵
  PID:9016
- C:\Windows\System\dgGkyGJ.exe
  C:\Windows\System\dgGkyGJ.exe
  2⤵
  PID:9040
- C:\Windows\System\mqUyYWF.exe
  C:\Windows\System\mqUyYWF.exe
  2⤵
  PID:9060
- C:\Windows\System\DxvtQJV.exe
  C:\Windows\System\DxvtQJV.exe
  2⤵
  PID:9100
- C:\Windows\System\uvTJaKY.exe
  C:\Windows\System\uvTJaKY.exe
  2⤵
  PID:9116
- C:\Windows\System\gqqWRsh.exe
  C:\Windows\System\gqqWRsh.exe
  2⤵
  PID:9136
- C:\Windows\System\jTfVvCL.exe
  C:\Windows\System\jTfVvCL.exe
  2⤵
  PID:9156
- C:\Windows\System\BqlNzsH.exe
  C:\Windows\System\BqlNzsH.exe
  2⤵
  PID:9172
- C:\Windows\System\vuUzgxW.exe
  C:\Windows\System\vuUzgxW.exe
  2⤵
  PID:7792
- C:\Windows\System\OfEpksq.exe
  C:\Windows\System\OfEpksq.exe
  2⤵
  PID:6944
- C:\Windows\System\adfYYnQ.exe
  C:\Windows\System\adfYYnQ.exe
  2⤵
  PID:8288
- C:\Windows\System\RgsVGNR.exe
  C:\Windows\System\RgsVGNR.exe
  2⤵
  PID:8360
- C:\Windows\System\vVoPDlf.exe
  C:\Windows\System\vVoPDlf.exe
  2⤵
  PID:8404
- C:\Windows\System\WvwsWRN.exe
  C:\Windows\System\WvwsWRN.exe
  2⤵
  PID:8440
- C:\Windows\System\bxFHoUa.exe
  C:\Windows\System\bxFHoUa.exe
  2⤵
  PID:8444
- C:\Windows\System\bNOtXXD.exe
  C:\Windows\System\bNOtXXD.exe
  2⤵
  PID:8512
- C:\Windows\System\OSXGlLN.exe
  C:\Windows\System\OSXGlLN.exe
  2⤵
  PID:8532
- C:\Windows\System\DPQpXnb.exe
  C:\Windows\System\DPQpXnb.exe
  2⤵
  PID:8584
- C:\Windows\System\msIFsGN.exe
  C:\Windows\System\msIFsGN.exe
  2⤵
  PID:8596
- C:\Windows\System\qImwRvT.exe
  C:\Windows\System\qImwRvT.exe
  2⤵
  PID:8644
- C:\Windows\System\nNvcJpJ.exe
  C:\Windows\System\nNvcJpJ.exe
  2⤵
  PID:8680
- C:\Windows\System\iNxFgwS.exe
  C:\Windows\System\iNxFgwS.exe
  2⤵
  PID:8696
- C:\Windows\System\tiATyiN.exe
  C:\Windows\System\tiATyiN.exe
  2⤵
  PID:8724
- C:\Windows\System\mFYVlUn.exe
  C:\Windows\System\mFYVlUn.exe
  2⤵
  PID:8852
- C:\Windows\System\myDBFez.exe
  C:\Windows\System\myDBFez.exe
  2⤵
  PID:8800
- C:\Windows\System\EEQEMLW.exe
  C:\Windows\System\EEQEMLW.exe
  2⤵
  PID:8832
- C:\Windows\System\CkxYabk.exe
  C:\Windows\System\CkxYabk.exe
  2⤵
  PID:8900
- C:\Windows\System\ZDmsAuL.exe
  C:\Windows\System\ZDmsAuL.exe
  2⤵
  PID:8772
- C:\Windows\System\dByOsZr.exe
  C:\Windows\System\dByOsZr.exe
  2⤵
  PID:8952
- C:\Windows\System\EOcvHms.exe
  C:\Windows\System\EOcvHms.exe
  2⤵
  PID:8984
- C:\Windows\System\sFSpkiI.exe
  C:\Windows\System\sFSpkiI.exe
  2⤵
  PID:9004
- C:\Windows\System\xtOkzBH.exe
  C:\Windows\System\xtOkzBH.exe
  2⤵
  PID:9012
- C:\Windows\System\CWLIDPW.exe
  C:\Windows\System\CWLIDPW.exe
  2⤵
  PID:9048
- C:\Windows\System\gZDopRp.exe
  C:\Windows\System\gZDopRp.exe
  2⤵
  PID:9088
- C:\Windows\System\xSysBQu.exe
  C:\Windows\System\xSysBQu.exe
  2⤵
  PID:9128
- C:\Windows\System\Xwzkxqt.exe
  C:\Windows\System\Xwzkxqt.exe
  2⤵
  PID:9204
- C:\Windows\System\jlZIopk.exe
  C:\Windows\System\jlZIopk.exe
  2⤵
  PID:8920
- C:\Windows\System\wxpuUhM.exe
  C:\Windows\System\wxpuUhM.exe
  2⤵
  PID:8684
- C:\Windows\System\qTWWVfO.exe
  C:\Windows\System\qTWWVfO.exe
  2⤵
  PID:8720
- C:\Windows\System\rtmzlwp.exe
  C:\Windows\System\rtmzlwp.exe
  2⤵
  PID:7888
- C:\Windows\System\CbeshJI.exe
  C:\Windows\System\CbeshJI.exe
  2⤵
  PID:8948
- C:\Windows\System\iUSTKrC.exe
  C:\Windows\System\iUSTKrC.exe
  2⤵
  PID:8804
- C:\Windows\System\lMQZRfW.exe
  C:\Windows\System\lMQZRfW.exe
  2⤵
  PID:8968
- C:\Windows\System\IjcGJCz.exe
  C:\Windows\System\IjcGJCz.exe
  2⤵
  PID:9080
- C:\Windows\System\XEnQUeP.exe
  C:\Windows\System\XEnQUeP.exe
  2⤵
  PID:9096
- C:\Windows\System\uafnVNi.exe
  C:\Windows\System\uafnVNi.exe
  2⤵
  PID:9164
- C:\Windows\System\mUXmyFE.exe
  C:\Windows\System\mUXmyFE.exe
  2⤵
  PID:9212
- C:\Windows\System\UnrNgky.exe
  C:\Windows\System\UnrNgky.exe
  2⤵
  PID:9208
- C:\Windows\System\hNqVeqi.exe
  C:\Windows\System\hNqVeqi.exe
  2⤵
  PID:8244
- C:\Windows\System\lIgEpeB.exe
  C:\Windows\System\lIgEpeB.exe
  2⤵
  PID:8304
- C:\Windows\System\Fxzrerf.exe
  C:\Windows\System\Fxzrerf.exe
  2⤵
  PID:8252
- C:\Windows\System\FopbKhp.exe
  C:\Windows\System\FopbKhp.exe
  2⤵
  PID:8388
- C:\Windows\System\UipPdpc.exe
  C:\Windows\System\UipPdpc.exe
  2⤵
  PID:8508
- C:\Windows\System\eanctfI.exe
  C:\Windows\System\eanctfI.exe
  2⤵
  PID:8576
- C:\Windows\System\PBaPdzv.exe
  C:\Windows\System\PBaPdzv.exe
  2⤵
  PID:8716
- C:\Windows\System\obQoQnr.exe
  C:\Windows\System\obQoQnr.exe
  2⤵
  PID:8788
- C:\Windows\System\nwwoUfD.exe
  C:\Windows\System\nwwoUfD.exe
  2⤵
  PID:8916
- C:\Windows\System\RIGakCJ.exe
  C:\Windows\System\RIGakCJ.exe
  2⤵
  PID:8932
- C:\Windows\System\EfsbvXL.exe
  C:\Windows\System\EfsbvXL.exe
  2⤵
  PID:9072
- C:\Windows\System\sJUPTaQ.exe
  C:\Windows\System\sJUPTaQ.exe
  2⤵
  PID:9084
- C:\Windows\System\txAgOnm.exe
  C:\Windows\System\txAgOnm.exe
  2⤵
  PID:8612
- C:\Windows\System\AwpDwpv.exe
  C:\Windows\System\AwpDwpv.exe
  2⤵
  PID:8228
- C:\Windows\System\REqrNOf.exe
  C:\Windows\System\REqrNOf.exe
  2⤵
  PID:8276
- C:\Windows\System\tPvmZKb.exe
  C:\Windows\System\tPvmZKb.exe
  2⤵
  PID:8340
- C:\Windows\System\oMPYZCH.exe
  C:\Windows\System\oMPYZCH.exe
  2⤵
  PID:9188
- C:\Windows\System\fdpjWUf.exe
  C:\Windows\System\fdpjWUf.exe
  2⤵
  PID:8548
- C:\Windows\System\sTHOEgW.exe
  C:\Windows\System\sTHOEgW.exe
  2⤵
  PID:8980
- C:\Windows\System\amNNrhl.exe
  C:\Windows\System\amNNrhl.exe
  2⤵
  PID:9112
- C:\Windows\System\DtSdVUO.exe
  C:\Windows\System\DtSdVUO.exe
  2⤵
  PID:9152
- C:\Windows\System\QqFvLCT.exe
  C:\Windows\System\QqFvLCT.exe
  2⤵
  PID:8424
- C:\Windows\System\YGxVVlv.exe
  C:\Windows\System\YGxVVlv.exe
  2⤵
  PID:8328
- C:\Windows\System\GricXfs.exe
  C:\Windows\System\GricXfs.exe
  2⤵
  PID:9144
- C:\Windows\System\PMxgOdS.exe
  C:\Windows\System\PMxgOdS.exe
  2⤵
  PID:8204
- C:\Windows\System\qbgcyBw.exe
  C:\Windows\System\qbgcyBw.exe
  2⤵
  PID:9180
- C:\Windows\System\LURzMlI.exe
  C:\Windows\System\LURzMlI.exe
  2⤵
  PID:8312
- C:\Windows\System\WVCsNyM.exe
  C:\Windows\System\WVCsNyM.exe
  2⤵
  PID:9068
- C:\Windows\System\xYISaBk.exe
  C:\Windows\System\xYISaBk.exe
  2⤵
  PID:9240
- C:\Windows\System\tKinrSZ.exe
  C:\Windows\System\tKinrSZ.exe
  2⤵
  PID:9256
- C:\Windows\System\uLygeqx.exe
  C:\Windows\System\uLygeqx.exe
  2⤵
  PID:9300
- C:\Windows\System\oRmyqRf.exe
  C:\Windows\System\oRmyqRf.exe
  2⤵
  PID:9324
- C:\Windows\System\oBGrnEC.exe
  C:\Windows\System\oBGrnEC.exe
  2⤵
  PID:9352
- C:\Windows\System\xfzlMcb.exe
  C:\Windows\System\xfzlMcb.exe
  2⤵
  PID:9376
- C:\Windows\System\RCwnHsx.exe
  C:\Windows\System\RCwnHsx.exe
  2⤵
  PID:9392
- C:\Windows\System\gPniKjh.exe
  C:\Windows\System\gPniKjh.exe
  2⤵
  PID:9408
- C:\Windows\System\VBZicag.exe
  C:\Windows\System\VBZicag.exe
  2⤵
  PID:9428
- C:\Windows\System\uzgmPAn.exe
  C:\Windows\System\uzgmPAn.exe
  2⤵
  PID:9448
- C:\Windows\System\SNOnHKA.exe
  C:\Windows\System\SNOnHKA.exe
  2⤵
  PID:9468
- C:\Windows\System\yLcrJgO.exe
  C:\Windows\System\yLcrJgO.exe
  2⤵
  PID:9496
- C:\Windows\System\zzYYuRW.exe
  C:\Windows\System\zzYYuRW.exe
  2⤵
  PID:9512
- C:\Windows\System\HuScMKY.exe
  C:\Windows\System\HuScMKY.exe
  2⤵
  PID:9532
- C:\Windows\System\BHOuKgf.exe
  C:\Windows\System\BHOuKgf.exe
  2⤵
  PID:9548
- C:\Windows\System\nFIWZsJ.exe
  C:\Windows\System\nFIWZsJ.exe
  2⤵
  PID:9572
- C:\Windows\System\hZnKmKw.exe
  C:\Windows\System\hZnKmKw.exe
  2⤵
  PID:9588
- C:\Windows\System\mFZaFMO.exe
  C:\Windows\System\mFZaFMO.exe
  2⤵
  PID:9608
- C:\Windows\System\coVCGNX.exe
  C:\Windows\System\coVCGNX.exe
  2⤵
  PID:9628
- C:\Windows\System\ZndGRFa.exe
  C:\Windows\System\ZndGRFa.exe
  2⤵
  PID:9644
- C:\Windows\System\kCydTCi.exe
  C:\Windows\System\kCydTCi.exe
  2⤵
  PID:9660
- C:\Windows\System\HGEFGQg.exe
  C:\Windows\System\HGEFGQg.exe
  2⤵
  PID:9680
- C:\Windows\System\aJBBRib.exe
  C:\Windows\System\aJBBRib.exe
  2⤵
  PID:9712
- C:\Windows\System\mNlvtuz.exe
  C:\Windows\System\mNlvtuz.exe
  2⤵
  PID:9728
- C:\Windows\System\hUnxuCq.exe
  C:\Windows\System\hUnxuCq.exe
  2⤵
  PID:9748
- C:\Windows\System\ZaWWYJd.exe
  C:\Windows\System\ZaWWYJd.exe
  2⤵
  PID:9764
- C:\Windows\System\FtbTfBG.exe
  C:\Windows\System\FtbTfBG.exe
  2⤵
  PID:9788
- C:\Windows\System\vtbHUPI.exe
  C:\Windows\System\vtbHUPI.exe
  2⤵
  PID:9816
- C:\Windows\System\FlieHVc.exe
  C:\Windows\System\FlieHVc.exe
  2⤵
  PID:9840
- C:\Windows\System\FqMTAeT.exe
  C:\Windows\System\FqMTAeT.exe
  2⤵
  PID:9856
- C:\Windows\System\rQQPfaU.exe
  C:\Windows\System\rQQPfaU.exe
  2⤵
  PID:9872
- C:\Windows\System\HPAtHif.exe
  C:\Windows\System\HPAtHif.exe
  2⤵
  PID:9896
- C:\Windows\System\VXrCQCC.exe
  C:\Windows\System\VXrCQCC.exe
  2⤵
  PID:9912
- C:\Windows\System\QUsIfZz.exe
  C:\Windows\System\QUsIfZz.exe
  2⤵
  PID:9928
- C:\Windows\System\JWShUft.exe
  C:\Windows\System\JWShUft.exe
  2⤵
  PID:9948
- C:\Windows\System\unNeKYh.exe
  C:\Windows\System\unNeKYh.exe
  2⤵
  PID:9972
- C:\Windows\System\wlvJKhe.exe
  C:\Windows\System\wlvJKhe.exe
  2⤵
  PID:10000
- C:\Windows\System\HAUHfsG.exe
  C:\Windows\System\HAUHfsG.exe
  2⤵
  PID:10020
- C:\Windows\System\GfLONIr.exe
  C:\Windows\System\GfLONIr.exe
  2⤵
  PID:10044
- C:\Windows\System\rHWEMNg.exe
  C:\Windows\System\rHWEMNg.exe
  2⤵
  PID:10060
- C:\Windows\System\IINZHsb.exe
  C:\Windows\System\IINZHsb.exe
  2⤵
  PID:10088
- C:\Windows\System\LwARmZf.exe
  C:\Windows\System\LwARmZf.exe
  2⤵
  PID:10108
- C:\Windows\System\iOvfFFh.exe
  C:\Windows\System\iOvfFFh.exe
  2⤵
  PID:10124
- C:\Windows\System\jfjrorL.exe
  C:\Windows\System\jfjrorL.exe
  2⤵
  PID:10148
- C:\Windows\System\SwFwBKv.exe
  C:\Windows\System\SwFwBKv.exe
  2⤵
  PID:10168
- C:\Windows\System\tIDyvIj.exe
  C:\Windows\System\tIDyvIj.exe
  2⤵
  PID:10188
- C:\Windows\System\oDWoyzh.exe
  C:\Windows\System\oDWoyzh.exe
  2⤵
  PID:10204
- C:\Windows\System\DBJFXve.exe
  C:\Windows\System\DBJFXve.exe
  2⤵
  PID:10224
- C:\Windows\System\UNyawlZ.exe
  C:\Windows\System\UNyawlZ.exe
  2⤵
  PID:8544
- C:\Windows\System\ROWTWDS.exe
  C:\Windows\System\ROWTWDS.exe
  2⤵
  PID:8256
- C:\Windows\System\FDeDjWM.exe
  C:\Windows\System\FDeDjWM.exe
  2⤵
  PID:9248
- C:\Windows\System\uBhQoQU.exe
  C:\Windows\System\uBhQoQU.exe
  2⤵
  PID:9276
- C:\Windows\System\zVwxTzq.exe
  C:\Windows\System\zVwxTzq.exe
  2⤵
  PID:9332
- C:\Windows\System\qaWmMHh.exe
  C:\Windows\System\qaWmMHh.exe
  2⤵
  PID:9320
- C:\Windows\System\oNmRQSo.exe
  C:\Windows\System\oNmRQSo.exe
  2⤵
  PID:9340
- C:\Windows\System\ROAikeZ.exe
  C:\Windows\System\ROAikeZ.exe
  2⤵
  PID:9364
- C:\Windows\System\feXHlgD.exe
  C:\Windows\System\feXHlgD.exe
  2⤵
  PID:9416
- C:\Windows\System\Dwbucfe.exe
  C:\Windows\System\Dwbucfe.exe
  2⤵
  PID:9420
- C:\Windows\System\lisWilG.exe
  C:\Windows\System\lisWilG.exe
  2⤵
  PID:9480
- C:\Windows\System\SWWtKSP.exe
  C:\Windows\System\SWWtKSP.exe
  2⤵
  PID:9504
- C:\Windows\System\ltEzINH.exe
  C:\Windows\System\ltEzINH.exe
  2⤵
  PID:9544
- C:\Windows\System\bfUfYLM.exe
  C:\Windows\System\bfUfYLM.exe
  2⤵
  PID:9568
- C:\Windows\System\zpXpJyw.exe
  C:\Windows\System\zpXpJyw.exe
  2⤵
  PID:9616
- C:\Windows\System\sHWgKlr.exe
  C:\Windows\System\sHWgKlr.exe
  2⤵
  PID:9688
- C:\Windows\System\sfsGCyZ.exe
  C:\Windows\System\sfsGCyZ.exe
  2⤵
  PID:9700
- C:\Windows\System\TfPtNjz.exe
  C:\Windows\System\TfPtNjz.exe
  2⤵
  PID:9744
- C:\Windows\System\cdNNGdH.exe
  C:\Windows\System\cdNNGdH.exe
  2⤵
  PID:9676
- C:\Windows\System\quaOyEI.exe
  C:\Windows\System\quaOyEI.exe
  2⤵
  PID:9760
- C:\Windows\System\FeoqhVR.exe
  C:\Windows\System\FeoqhVR.exe
  2⤵
  PID:9800
- C:\Windows\System\nDLbYfa.exe
  C:\Windows\System\nDLbYfa.exe
  2⤵
  PID:9836
- C:\Windows\System\WjcvipG.exe
  C:\Windows\System\WjcvipG.exe
  2⤵
  PID:9904
- C:\Windows\System\uqlRIrG.exe
  C:\Windows\System\uqlRIrG.exe
  2⤵
  PID:9936
- C:\Windows\System\ggLQyYB.exe
  C:\Windows\System\ggLQyYB.exe
  2⤵
  PID:9968
- C:\Windows\System\YyKyuns.exe
  C:\Windows\System\YyKyuns.exe
  2⤵
  PID:9988
- C:\Windows\System\zURDaCi.exe
  C:\Windows\System\zURDaCi.exe
  2⤵
  PID:10016
- C:\Windows\System\caPcasG.exe
  C:\Windows\System\caPcasG.exe
  2⤵
  PID:10036
- C:\Windows\System\JmtRHgy.exe
  C:\Windows\System\JmtRHgy.exe
  2⤵
  PID:10072
- C:\Windows\System\hrRIZTS.exe
  C:\Windows\System\hrRIZTS.exe
  2⤵
  PID:9456
- C:\Windows\System\ufFiCes.exe
  C:\Windows\System\ufFiCes.exe
  2⤵
  PID:10132
- C:\Windows\System\gCgFFPP.exe
  C:\Windows\System\gCgFFPP.exe
  2⤵
  PID:10160
- C:\Windows\System\oplGGxI.exe
  C:\Windows\System\oplGGxI.exe
  2⤵
  PID:10220
- C:\Windows\System\ivhLAxx.exe
  C:\Windows\System\ivhLAxx.exe
  2⤵
  PID:8616
- C:\Windows\System\kbBMhGZ.exe
  C:\Windows\System\kbBMhGZ.exe
  2⤵
  PID:8448
- C:\Windows\System\jGgPbhF.exe
  C:\Windows\System\jGgPbhF.exe
  2⤵
  PID:9280
- C:\Windows\System\UdYdLMn.exe
  C:\Windows\System\UdYdLMn.exe
  2⤵
  PID:9284
- C:\Windows\System\eDtmpkH.exe
  C:\Windows\System\eDtmpkH.exe
  2⤵
  PID:9400
- C:\Windows\System\ByLhFMe.exe
  C:\Windows\System\ByLhFMe.exe
  2⤵
  PID:9436
- C:\Windows\System\FlZCwtX.exe
  C:\Windows\System\FlZCwtX.exe
  2⤵
  PID:9488
- C:\Windows\System\srmSOJK.exe
  C:\Windows\System\srmSOJK.exe
  2⤵
  PID:9528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ALNoPEh.exe

Filesize
6.0MB

MD5
3091c95c1d7860df12634bcd584a93a9

SHA1
36c1b0cbc1073608b32fd04178b9df4e111017a2

SHA256
e22d6b65586eb5d4c9804c4b9fd5cbae767eeb1be24406d3b08c938b342f67f4

SHA512
65a3fdf9a7c08ddf93f8bb7c7c308b0c8c15523ab6fa5e4c1db419e6c6bcac2b8a48997c561a8dac1bb74c8cb103f344bf18f744e5912b32d0d7ecd6389d70ab

Download Submit
C:\Windows\system\CpQflSZ.exe

Filesize
6.0MB

MD5
5b1059360a7b082998ce2630cdee60e1

SHA1
2473d138e6b5889cc81343e5d987c80142a6b94f

SHA256
14abaa397d199613b1bab4221004fb2cb44eca7464732036de7a2470dec655f1

SHA512
3ea2cdbbbb83a53640e665144dd9bf8358e0dca8993cd448c7c16ada1e5553904073986262a2633b6ae7ffa4a8a9532eb3dc3374b8598ba596a09107ffd5ca5e

Download Submit
C:\Windows\system\EfNpxlf.exe

Filesize
6.0MB

MD5
ee0ed18dff1616ca7aa2ef760ebe95bd

SHA1
23637e5f996a954c42f323d3041058675e60a3ad

SHA256
a38cf4129d5209f812c572068cfa003d1e1bddd23db8a6cbbba3f5395f7e67c9

SHA512
2a8c99658c910303ddd89028cf376c11a7a2707e5b265ea24f3b626565745a0f6525ca07adddcda76f1070e20be340f13611d573ab281721a4cfbacb5d67d4d8

Download Submit
C:\Windows\system\ISleJKE.exe

Filesize
6.0MB

MD5
c308762e7865ccf016a7aefb2f5ce8c9

SHA1
b03793096c75086e38d1eabcfdd9337a2cbc5ce2

SHA256
1185e58f3d4c71791b7f85ea5c31f92d5a0c1721050aca8acb1486cc18ebd170

SHA512
d9e9f74cbb8e6d0a69eb4e6a2adb9575264d1a8f85810f90d5c7c5b4418b972ac918b7318002e0d5d523ce215d84cc89cfe97d544f548d47a83252481f37a512

Download Submit
C:\Windows\system\LoyBTjC.exe

Filesize
6.0MB

MD5
137010afb832d23c6f714aed3d4cd6bc

SHA1
af10715767a573293d0dbf05d118982069a30eb6

SHA256
293bb1688e6833e201b58dd793d0c2b3198aa1308e8c771e2fd9798248b77b9f

SHA512
a5d3bdf7de929346271cf4494971877629c081f6de35f1f1374b356821b3b6eea51779f64c62f0ba29706396ae2bce14800759d8790132dfefaa12dfd765c98f

Download Submit
C:\Windows\system\PlqkeoT.exe

Filesize
6.0MB

MD5
344393ea7610c969c730917334d8e261

SHA1
e9c331e635ff89c48b7bf33d0409d5b2251d1c83

SHA256
01e3ef71412e30badef540cf1cd0ac845018ce573aefb26ceec1ae946e86e53e

SHA512
b779a96eff059004bb08e2863e057783c9fdb9b08be7d683b37360ec6e0bf080224dfe0800baaf6de7e685824bcdc35870f72877c65aa8c9e7b6ac469a83a904

Download Submit
C:\Windows\system\PvdwwMm.exe

Filesize
6.0MB

MD5
1eeea3fa24adb2237df257f27997c504

SHA1
1b8cbc2d6a2503d2143518e4aaac4890a98c701c

SHA256
7e7d61ae8b78e6980934392398b2cb14774302cc630e3040cf96e47218b75c76

SHA512
6dde2306dfc98d97d456937055822c87e340908242bbf97230247d2e215bc1626a5d279810f8cd2299e763258e773c48ffa3157f51ec9a8a44ca2da3ef69d69b

Download Submit
C:\Windows\system\SJucZuu.exe

Filesize
6.0MB

MD5
a30ab12201285b1c7a5a04904544d5ed

SHA1
394d4ff1c2a78bd7c830c556c9a50c4be860836b

SHA256
e9704f8388258d422d26077b8b7b291c37585e39a32d0a0eec17fd8b90d9c79e

SHA512
4396fb01d9c504e60a13239ab2ca570b34db5efc688f851313dfdc4e395427de6c728856457f4db205facafd680f11e8222b038eca1f37813ceb2775d5b7a3de

Download Submit
C:\Windows\system\WhruBgR.exe

Filesize
6.0MB

MD5
60f676032007626e5356bd0e9f1331e5

SHA1
eeb3f5eb604d60707f53646447f9bc88eb4854ff

SHA256
84264af5cd5aeb97931a2a40cc7b3dee560ab1aa8d91974abc03e82e5c1bb365

SHA512
941995aafbbf7c09f58650f76cd714eeb5cbdccc07fe043f46bc0493ebb666eb31fb53c59e32973925bed7c5040bd869286d7b165af7f40ca612ea0ec7f7b9a8

Download Submit
C:\Windows\system\ZlkKNyA.exe

Filesize
6.0MB

MD5
9b91d3bfb4a2456d88dcfe9955a68276

SHA1
3b95dd580414488888a87759610a959b857f06f2

SHA256
d2cc23270e2d613374347952d11bce3f1617834d65474f2b2d7ef839b1689466

SHA512
6ec8fa8226e45a14162841b7384b2ddcd5bd90b61d89f86c3109e509945f3df26791275877ccf2ba95ecb587e52549afff289384dd7994050c1cb1a997ded056

Download Submit
C:\Windows\system\areuXpY.exe

Filesize
6.0MB

MD5
d08b25a789a26d2885ec767452a9b549

SHA1
0b8a930db4d78d4cc9227dbddeb20235f1b5abc8

SHA256
1868725d5e4b6085cc742628a46f8226c7e16a51459d26383384da71bb6f0040

SHA512
9f3ca2e72722f60a0e3b55d2de8cb2e09da793ab0ad2b1ccd9344be9d36fa4553a91e374523fd05c97ddb8b14630b541e17afd21ac48f4e6d6292203ca17c6c7

Download Submit
C:\Windows\system\bWgSUVB.exe

Filesize
6.0MB

MD5
e77408d71b88b17719fa8ac5b0a6b6bf

SHA1
92e7a51ede2448949c9dbc19abf7b755f3acb545

SHA256
8fdd43abb260d1a756400d0529f6f7420a867bafe67850c2963b1ead27b3ac7c

SHA512
6bd0a48c24ebb0f202f78a19305d5c5f91df31849cbfa00879cdb29fde26b1e1ccae1a98a9dfde336905e1a2d9b26aefae24b30f1fce3a87b8ee8d27a5a560eb

Download Submit
C:\Windows\system\cFFJbYK.exe

Filesize
6.0MB

MD5
031f078f40a0729e14e6d8d41ff4943f

SHA1
facd4b0fffda4f01cf6627ec71af2d355917950c

SHA256
cca8607a82051811f86493dcda1fc09b86b5a1697b8be4880f6715879d49d4c6

SHA512
f0faa675c8cfa18f67a1e43f481e4772c38c087d259762ead80633b0b1ddd3fa162665b2ba26d30858d20fdd18195790d6a106353de9fbe7122945224efaf3e2

Download Submit
C:\Windows\system\dcAzxmP.exe

Filesize
6.0MB

MD5
1aa18852b94cfbb995caaf2ccfc8e4d1

SHA1
e006e1691233d4045648713e71b11c98f34a0cac

SHA256
0d043e7af7611415332604819cf86de07ba65ed2c313d644c2012461894df660

SHA512
38a8175fb3c947fbaf4523ac2ab2a1b82496be4ba9a05b40b6e65769929aaa5205d77a0dae256a0dda486193fd5fc73d014392b05396c853af66bc0d114bf4b7

Download Submit
C:\Windows\system\diYbXfz.exe

Filesize
6.0MB

MD5
c79f3f885590e8ecc3191d0daf320fda

SHA1
e47489eb80cea38fe018ea81f9849e8fc65275e2

SHA256
a730399cc13ea8e5447e360653c548b4628b899323cd389e6dd08782d1369555

SHA512
3678aa756e080a92637928d7ee470059c90c493bb7f0d4cd160a02d8e398896ebf702be41f2b2740dc7a314ba92898bce4f4f30215a57cc826f3852cc2dd8970

Download Submit
C:\Windows\system\gcjnJuD.exe

Filesize
6.0MB

MD5
4674a56595a065580b373d33c84431bb

SHA1
68635e2d5a085e433040e2c3dde1feb0ce870d47

SHA256
fd45bb866c8efd6eae9687888b21e2f2f8284f50c058c7aabf432d3b74057138

SHA512
a4ff6f270a495272b6a061e49af5972082811357b7ad7116ccd2fe395b9adb5c2eaac1b33691577fc305a43ad7bad8172a3aa5d9d0752c6ee54bb5905e448d47

Download Submit
C:\Windows\system\leOCnqu.exe

Filesize
6.0MB

MD5
b14ddaeabecf9192470435dbc883f5b1

SHA1
e8e8275a89763b1eade367ef394a7a83328bdb3f

SHA256
ef8349f2c46613ba575169dad101fe90bb30485ff0e8af3bb480467d4a0920c5

SHA512
05f9713d8e47dbec4f4bc6a7fe55cd7a7181419e6c1fd1f555fe773805d9865b83433bd085d3a39f4e78dc7b9e7274f816ace994cdaf8ac1f56a2f660e3ac5f6

Download Submit
C:\Windows\system\rTRPBXv.exe

Filesize
6.0MB

MD5
7f55aba431c5e116edd8a1471bfb6bb6

SHA1
e826d291f5fcf3bfd1217b258a469c4174b297fb

SHA256
a75712e2ded39bc5adf246bbfe9f01aa71f16f4d1f65d58754918f47f8db99e7

SHA512
f1130d1a96f07e73dab09c7bdb525afb5c7ff44aaedd6ee8f2bfe8a75d5fe09597be619dbdd3f3db00482fdc7523a4e196a226e6fe63a5720a916290b1df3a01

Download Submit
C:\Windows\system\shXJNAf.exe

Filesize
6.0MB

MD5
48680d5e36e82fb69effba5b7e2b5203

SHA1
5c992335e34614aaef5406efcdda7d3823331af1

SHA256
9278ff1cb74d58df8911aa14e7f0cb84b0e9ce95b7f5e44d1a4874ffdb3ccfea

SHA512
7147c85b098d8e5ee68e0c215cac853a3a20b94b0d2283a7d3b5a07960cb5084b02569b3d2d043793e308ac7a8f7e9088d45e3360e0b62ed84f6ad3fab2e520f

Download Submit
C:\Windows\system\wRwAxYM.exe

Filesize
6.0MB

MD5
6e8cab0ada5f8bdefad01b911910c050

SHA1
b85e637c71b4b6f1b7771d3a6f161d0c8b924f91

SHA256
d4e83b630cc7cf4170a39a43e0696e86727d5aee38f1c39f32cf0700fc1f4e12

SHA512
a2aec2a73c2914e977ad3487bd082e0d9c9308808706714070216aa8e1f916a8fbb6c460b7bfc851115054095fb0958b47c46f935e06cf32da4c3b4a9ce755ca

Download Submit
C:\Windows\system\wwIILhj.exe

Filesize
6.0MB

MD5
68efdb478a61da9ae68872e03031768a

SHA1
68ad006f1fb0288bf5f662c31e757ea2ff3da952

SHA256
ae9d7ca0542d1faa7c10c77f1d795506af87ea71b556aeb7443e2f2368d7cdb3

SHA512
c14cb76de0678940d4267227d7f93df8681fdb2066d91dd976789da5c766d8ff7d1ae3cde60daf2356280b5a1b9984f45306c5a3d5e0b39a17672842934ebd00

Download Submit
\Windows\system\FhRPuah.exe

Filesize
6.0MB

MD5
0d5a989747d1ccd8870c5cb6298f3e10

SHA1
be8ee15a25634ce44f51c5e72d9a5dd69bbad97d

SHA256
004850c6e1062e5fc9ba0f13f41abfcc24fef16e323f4cc6f187557de8f3f8cc

SHA512
b57aba8d48bf4021da00d44285fcfca56de7ca6bbc6c434add3d8aa689c4327aac81f1262d0b2af06e730e202eddf88e959adfdfc32437c4e3818a8ccb2ebb54

Download Submit
\Windows\system\GxslNuR.exe

Filesize
6.0MB

MD5
976a7674e2332709b4a2e9c435b16426

SHA1
badab8747762f25add7acc4944ffb9489ef3c527

SHA256
78f5d335ff45f1cf2de1cca8571a5d03b7268dac7e07386dfdc29d93514e8f8a

SHA512
db1080806e54c3d644aa4b4066a387de659f336c80c28c266392aeb1372ace9f1ef518e1167fdf764129477e8cd70130f4699903f917546b8ff0f4f4fc3ccb39

Download Submit
\Windows\system\NRPTUux.exe

Filesize
6.0MB

MD5
281c73dbe5568c03235585e53f7d2756

SHA1
754df711b6c35472774a3a529dbefa07a104f816

SHA256
3896e6cfccf736ba1ac31c2231fccc135ac05f3863e7799c62f6878b8880c00a

SHA512
6a1ea24047997540a85cafd77292d591d7004ffd2fb7a5ec728e9cc04b86614af6c9c0bf5264f004af7c75025a32da86129d8f4aa006a4e61a19325b56faa7b0

Download Submit
\Windows\system\ZGExgja.exe

Filesize
6.0MB

MD5
8ca8b7ff48e7ba6c996dce8b09fe7388

SHA1
58d0ee890c011f8676183698633e385e0e34d4c7

SHA256
d82a3394e75488577a5912a0f2f93cb76ce64a652a9d1e9a6203baef0a5a2334

SHA512
1683ba79a8b8f1a10f4402b3525a1ddf6747551a885e561555d7f255e2aa0dd88f55de38bf4c7debe5445e360cd0b488fe8112e66b9f5aa4ababb45d86d64474

Download Submit
\Windows\system\ZclwFZi.exe

Filesize
6.0MB

MD5
13736b2ad591932c49dd03279f1fbd16

SHA1
f11c29fbf682b41d9e288f27e5f6604c49efd32d

SHA256
37527b13d518fe52e62678f1b95f223ff559553292db4256fd819f532106c236

SHA512
c27f3b984a68a4788ccfd263329ca8c6f5c1e0d3d7bc835b35225e06f69ea1216b42d03b767ba044d351ca74ae4ad1de5bd42e81ee0793cd7dc27de610fc2986

Download Submit
\Windows\system\bKIlPPc.exe

Filesize
6.0MB

MD5
4bcf0861ab082effd97997afd9c9b921

SHA1
39be44f810e4ad2b91d7cad52e8ef0ef97e5b79a

SHA256
fffb542d0c5fca012bf39c3dad426582a42179955195cba7834da1b0ddb7b8af

SHA512
5fda972fb85cdda26e19c9b3066242b189fd4981d82b5404d9c729d36913c1d09af49d609189a06e94f606f64a2590a6562438a3305e9089bd9db642b63cf9d1

Download Submit
\Windows\system\cFkBZtG.exe

Filesize
6.0MB

MD5
679fdb6e2bf15ec929015e345d84e717

SHA1
b31717caaddcbc738b126c3bb15eb937fb92548a

SHA256
4d5e1b696ddea8e6a3969636fd4a6791b5be5e30ca67e575d787f750e1910411

SHA512
bcf0baa16964cccf6e9cd21c751a51ab0602245ad841e2acd5688567c368d436d0c26abad3b10953e06d67db004380e5cb4c6f64006645322da67f8404b6f8ce

Download Submit
\Windows\system\sMEpgfV.exe

Filesize
6.0MB

MD5
ae7c65b9a54380173106b1650ad0c37c

SHA1
1eee618ba2d585556632756ca5515773af2f00cc

SHA256
c90d1422087e4ea77f3a4982688d32c665624bfe6785e5547e5b49ee1fbec00b

SHA512
425dd6d09da2d7b8d106bfb12fd3b94bd447f55c995ad686406da933dd03421c183254ecd18182a37aabc910371d6b4789b286835a6c9efbbe746ed96e8f6875

Download Submit
\Windows\system\sdBqynP.exe

Filesize
6.0MB

MD5
4825410a771645a2d11a1c43592e55fb

SHA1
db600fdd86378855a345af95995fa3c5efffb7c1

SHA256
89493f08f174ab1d57ffb0507401cb9723e2e8b6a63d2387470a0fea2cf9fc48

SHA512
a60aae7af2e811a1e154afd55c81162fe2c0910efcc059096b943449bec297b433b1b4849a01432712d7b9bdc20f6cc756a7a8fa1d8e0c0d0b59901dcb2e6824

Download Submit
\Windows\system\wjblBYZ.exe

Filesize
6.0MB

MD5
e7663541009d84935df47df98d05a40d

SHA1
22708131248daa7b1b19d8fc0479fa82f6b1514d

SHA256
c4186e885968e89c4cb5a2f19047d1d13d35a4a35fd6e787711c926a2e23e326

SHA512
71ea1366c221e06f90a94e8de450f3294e64fca40eb9832a8c8b3ce78f60985ded042ba24cdb197a349b552cc076b08b4bdf1b7f1b5369c3e99a9707ef62159c

Download Submit
\Windows\system\zyvaffr.exe

Filesize
6.0MB

MD5
5a34b16e6b89a675802176e90a754212

SHA1
8b94ead2d3264511c820f9dec461f3c75a187a10

SHA256
0dcd6c4c39dc8ddc504616e49c86946b081bf2025e90b55567e51148067b9644

SHA512
19c60e4730e1d46c6880f27dde2cd368f632e0fe07213ae5f42fa54e6763ef28f27c48521c87287e3466dbcbc50e029f24642a0eb5118b968ab130d78cb2851e

Download Submit
memory/1140-3504-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/1140-105-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-3506-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1724-107-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1976-24-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1976-2907-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2376-25-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-2912-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2424-36-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2424-2917-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2424-62-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2524-22-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2906-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2624-88-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3499-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2696-2924-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-51-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-89-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-63-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-2921-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-42-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-2915-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2844-29-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2844-61-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2852-212-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-2925-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-59-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-39-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/3000-55-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-50-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-104-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-0-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-731-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-732-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/3000-733-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-6-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-809-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-23-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/3000-97-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/3000-17-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-77-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-810-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-579-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/3000-46-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-54-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-31-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-13-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-109-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-110-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/3000-98-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-108-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-3507-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-3500-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/3044-78-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download