cobaltstrike | 10d8b1d7872e632468fc50c1057e902fd3e7700c9bee93379543e0fc7f1811f0

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 08:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

492cc5dc2a6812ccffb959f547d49241
SHA1

ef302fd3f6213b0f79aa9a22ca1a454e04cbd681
SHA256

10d8b1d7872e632468fc50c1057e902fd3e7700c9bee93379543e0fc7f1811f0
SHA512

6b57dbbab5e79e78d76415df214ce91aad9db6570a646387f5b0e434b6d8ccbc88483f81c23f3ccae48d9a1424a547a37b8d90ade311fb8e8cbfd6540b1f714d
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUe:eOl56utgpPF8u/7e

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\rKJmHjU.exe	cobalt_reflective_dll
C:\Windows\system\XkYyFlC.exe	cobalt_reflective_dll
\Windows\system\yWqcxFT.exe	cobalt_reflective_dll
C:\Windows\system\wySfUse.exe	cobalt_reflective_dll
C:\Windows\system\EBMTcfo.exe	cobalt_reflective_dll
C:\Windows\system\EoLtXrn.exe	cobalt_reflective_dll
C:\Windows\system\SjgDNtv.exe	cobalt_reflective_dll
\Windows\system\KSZHzeI.exe	cobalt_reflective_dll
C:\Windows\system\ecNPKLY.exe	cobalt_reflective_dll
C:\Windows\system\vtvPYYS.exe	cobalt_reflective_dll
C:\Windows\system\QOiSztA.exe	cobalt_reflective_dll
C:\Windows\system\QWOvjFm.exe	cobalt_reflective_dll
C:\Windows\system\jNYdveu.exe	cobalt_reflective_dll
\Windows\system\EJkIeKp.exe	cobalt_reflective_dll
C:\Windows\system\FKpryuv.exe	cobalt_reflective_dll
\Windows\system\tbfGCmA.exe	cobalt_reflective_dll
\Windows\system\qvEqZil.exe	cobalt_reflective_dll
C:\Windows\system\KdaMjaa.exe	cobalt_reflective_dll
C:\Windows\system\rKggmqo.exe	cobalt_reflective_dll
C:\Windows\system\dYGsdPx.exe	cobalt_reflective_dll
C:\Windows\system\AyGHXMr.exe	cobalt_reflective_dll
C:\Windows\system\FBrpjGs.exe	cobalt_reflective_dll
C:\Windows\system\htLlXjL.exe	cobalt_reflective_dll
C:\Windows\system\LjWKJKW.exe	cobalt_reflective_dll
C:\Windows\system\lfXLtAw.exe	cobalt_reflective_dll
C:\Windows\system\CVXUnrm.exe	cobalt_reflective_dll
C:\Windows\system\baNTsDH.exe	cobalt_reflective_dll
C:\Windows\system\BBThyFS.exe	cobalt_reflective_dll
C:\Windows\system\SJhpfzW.exe	cobalt_reflective_dll
C:\Windows\system\ukEyhED.exe	cobalt_reflective_dll
C:\Windows\system\YtMwfIO.exe	cobalt_reflective_dll
C:\Windows\system\vnJgmkK.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2084-0-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
\Windows\system\rKJmHjU.exe	xmrig
C:\Windows\system\XkYyFlC.exe	xmrig
behavioral1/memory/2084-21-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2272-23-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2372-22-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
\Windows\system\yWqcxFT.exe	xmrig
behavioral1/memory/2332-20-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
C:\Windows\system\wySfUse.exe	xmrig
behavioral1/memory/2796-30-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
C:\Windows\system\EBMTcfo.exe	xmrig
behavioral1/memory/3028-36-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
C:\Windows\system\EoLtXrn.exe	xmrig
behavioral1/memory/2496-42-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2888-70-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2616-80-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
C:\Windows\system\SjgDNtv.exe	xmrig
behavioral1/memory/1452-96-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2084-101-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
\Windows\system\KSZHzeI.exe	xmrig
C:\Windows\system\ecNPKLY.exe	xmrig
behavioral1/memory/2084-384-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2084-1542-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2800-1192-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2084-1191-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2084-592-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
C:\Windows\system\vtvPYYS.exe	xmrig
C:\Windows\system\QOiSztA.exe	xmrig
C:\Windows\system\QWOvjFm.exe	xmrig
C:\Windows\system\jNYdveu.exe	xmrig
\Windows\system\EJkIeKp.exe	xmrig
C:\Windows\system\FKpryuv.exe	xmrig
\Windows\system\tbfGCmA.exe	xmrig
\Windows\system\qvEqZil.exe	xmrig
C:\Windows\system\KdaMjaa.exe	xmrig
C:\Windows\system\rKggmqo.exe	xmrig
C:\Windows\system\dYGsdPx.exe	xmrig
behavioral1/memory/2084-119-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
C:\Windows\system\AyGHXMr.exe	xmrig
C:\Windows\system\FBrpjGs.exe	xmrig
behavioral1/memory/2800-102-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
C:\Windows\system\htLlXjL.exe	xmrig
C:\Windows\system\LjWKJKW.exe	xmrig
C:\Windows\system\lfXLtAw.exe	xmrig
C:\Windows\system\CVXUnrm.exe	xmrig
behavioral1/memory/2768-88-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2496-86-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2732-94-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
C:\Windows\system\baNTsDH.exe	xmrig
behavioral1/memory/3028-78-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2796-72-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2624-71-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
C:\Windows\system\BBThyFS.exe	xmrig
C:\Windows\system\SJhpfzW.exe	xmrig
C:\Windows\system\ukEyhED.exe	xmrig
behavioral1/memory/2788-66-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2084-65-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2084-62-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
C:\Windows\system\YtMwfIO.exe	xmrig
behavioral1/memory/2084-54-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2732-50-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
C:\Windows\system\vnJgmkK.exe	xmrig
behavioral1/memory/2272-3806-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2332-3805-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

rKJmHjU.exewySfUse.exeXkYyFlC.exeyWqcxFT.exeEBMTcfo.exeEoLtXrn.exevnJgmkK.exeYtMwfIO.exeukEyhED.exeBBThyFS.exeSJhpfzW.exeSjgDNtv.exebaNTsDH.exeLjWKJKW.exeCVXUnrm.exedYGsdPx.exeKdaMjaa.exelfXLtAw.exeKSZHzeI.exehtLlXjL.exeFBrpjGs.exeFKpryuv.exeAyGHXMr.exejNYdveu.exeecNPKLY.exerKggmqo.exeqvEqZil.exetbfGCmA.exeEJkIeKp.exeQOiSztA.exeQWOvjFm.exevtvPYYS.exepnGaLmd.exemaCUGfj.exeMARBYyI.exesEwMIVL.exeRejSAur.exeNTtEvar.exeBTalUxY.exeGAzvRNL.exeuXsnGOm.exeGlNqnvG.exenfqMViq.exesVnCYqy.exeSHhbHSi.exeyIBZNod.exePziLYLD.exeWmhwhGY.exezKHSfCV.exeZXESdfu.exeKnykWQD.exeJoTpWct.exesbzGakG.exeDekPoTf.exeSibCEQN.exenLkfrqY.exeIXNInex.exeHTSgOzt.exeRcCAvgv.exeXOCXylQ.exeAldEbpi.exeCoFYMYU.exeYRbzYJB.exePlQqNAC.exe

pid	process
2372	rKJmHjU.exe
2332	wySfUse.exe
2272	XkYyFlC.exe
2796	yWqcxFT.exe
3028	EBMTcfo.exe
2496	EoLtXrn.exe
2732	vnJgmkK.exe
2788	YtMwfIO.exe
2888	ukEyhED.exe
2624	BBThyFS.exe
2616	SJhpfzW.exe
2768	SjgDNtv.exe
1452	baNTsDH.exe
2800	LjWKJKW.exe
812	CVXUnrm.exe
2812	dYGsdPx.exe
2804	KdaMjaa.exe
576	lfXLtAw.exe
468	KSZHzeI.exe
1868	htLlXjL.exe
2972	FBrpjGs.exe
2128	FKpryuv.exe
1456	AyGHXMr.exe
1816	jNYdveu.exe
2840	ecNPKLY.exe
2152	rKggmqo.exe
2948	qvEqZil.exe
2808	tbfGCmA.exe
2060	EJkIeKp.exe
2188	QOiSztA.exe
2180	QWOvjFm.exe
1188	vtvPYYS.exe
1232	pnGaLmd.exe
1240	maCUGfj.exe
2976	MARBYyI.exe
1524	sEwMIVL.exe
1432	RejSAur.exe
3056	NTtEvar.exe
300	BTalUxY.exe
1796	GAzvRNL.exe
996	uXsnGOm.exe
2120	GlNqnvG.exe
744	nfqMViq.exe
2208	sVnCYqy.exe
2536	SHhbHSi.exe
1628	yIBZNod.exe
2340	PziLYLD.exe
1644	WmhwhGY.exe
2528	zKHSfCV.exe
3052	ZXESdfu.exe
992	KnykWQD.exe
2040	JoTpWct.exe
1888	sbzGakG.exe
1688	DekPoTf.exe
1592	SibCEQN.exe
1916	nLkfrqY.exe
2488	IXNInex.exe
2856	HTSgOzt.exe
1932	RcCAvgv.exe
2844	XOCXylQ.exe
2688	AldEbpi.exe
884	CoFYMYU.exe
2600	YRbzYJB.exe
1356	PlQqNAC.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2084-0-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
\Windows\system\rKJmHjU.exe	upx
C:\Windows\system\XkYyFlC.exe	upx
behavioral1/memory/2272-23-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2372-22-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
\Windows\system\yWqcxFT.exe	upx
behavioral1/memory/2332-20-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
C:\Windows\system\wySfUse.exe	upx
behavioral1/memory/2796-30-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
C:\Windows\system\EBMTcfo.exe	upx
behavioral1/memory/3028-36-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
C:\Windows\system\EoLtXrn.exe	upx
behavioral1/memory/2496-42-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2888-70-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2616-80-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
C:\Windows\system\SjgDNtv.exe	upx
behavioral1/memory/1452-96-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
\Windows\system\KSZHzeI.exe	upx
C:\Windows\system\ecNPKLY.exe	upx
behavioral1/memory/2800-1192-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
C:\Windows\system\vtvPYYS.exe	upx
C:\Windows\system\QOiSztA.exe	upx
C:\Windows\system\QWOvjFm.exe	upx
C:\Windows\system\jNYdveu.exe	upx
\Windows\system\EJkIeKp.exe	upx
C:\Windows\system\FKpryuv.exe	upx
\Windows\system\tbfGCmA.exe	upx
\Windows\system\qvEqZil.exe	upx
C:\Windows\system\KdaMjaa.exe	upx
C:\Windows\system\rKggmqo.exe	upx
C:\Windows\system\dYGsdPx.exe	upx
C:\Windows\system\AyGHXMr.exe	upx
C:\Windows\system\FBrpjGs.exe	upx
behavioral1/memory/2800-102-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
C:\Windows\system\htLlXjL.exe	upx
C:\Windows\system\LjWKJKW.exe	upx
C:\Windows\system\lfXLtAw.exe	upx
C:\Windows\system\CVXUnrm.exe	upx
behavioral1/memory/2768-88-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2496-86-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2732-94-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
C:\Windows\system\baNTsDH.exe	upx
behavioral1/memory/3028-78-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2796-72-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2624-71-0x000000013F400000-0x000000013F754000-memory.dmp	upx
C:\Windows\system\BBThyFS.exe	upx
C:\Windows\system\SJhpfzW.exe	upx
C:\Windows\system\ukEyhED.exe	upx
behavioral1/memory/2788-66-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
C:\Windows\system\YtMwfIO.exe	upx
behavioral1/memory/2084-54-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2732-50-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
C:\Windows\system\vnJgmkK.exe	upx
behavioral1/memory/2272-3806-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2332-3805-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2372-3804-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2796-3881-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2496-3912-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/3028-3950-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2732-3960-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2788-3959-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2768-3940-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2624-3949-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2800-3989-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\UeYFrSf.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KCVZDam.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OnzyBOe.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WFgpGpr.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQhqPsk.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TybOcTU.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VHAzIPy.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IXNInex.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uaOnOpQ.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNtkamf.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vPGmWvj.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CFXpRIq.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NslxOUV.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WcWldeD.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhkmCRK.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Lpbtxiv.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGvaZxe.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXDyvkd.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKnPOUH.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TVrByHp.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FzHBcnC.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KCytzPR.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCiBLBL.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RSvcUlb.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kOpxpzY.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AOSMtBH.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WoPjpfL.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UkJFjVp.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ABdNaKC.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nlAJHgU.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEuleYc.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SOgBpuO.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YWbsKfn.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kmgdDyI.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FUPgYoL.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uqkrmFw.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jMNmkrx.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AUjqNQU.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YpbDqWN.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kANACsh.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zASHaUr.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xRGflSV.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XOCXylQ.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SpERAnU.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HWhEVMx.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vZcXaoH.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RwGYZYm.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ChMgJVE.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CjoOYrO.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QLIbfkt.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VxKhURe.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lqZuPxo.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lwwmvUP.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AodqSHd.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GlNqnvG.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CtMwKtJ.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lEMskSv.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jpruvnR.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vuDMbXM.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PWKkwZI.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dZSSXqU.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pdgmHvH.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pqHsakU.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWeCFYA.exe	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2084 wrote to memory of 2372	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	rKJmHjU.exe
PID 2084 wrote to memory of 2372	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	rKJmHjU.exe
PID 2084 wrote to memory of 2372	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	rKJmHjU.exe
PID 2084 wrote to memory of 2332	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	wySfUse.exe
PID 2084 wrote to memory of 2332	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	wySfUse.exe
PID 2084 wrote to memory of 2332	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	wySfUse.exe
PID 2084 wrote to memory of 2272	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	XkYyFlC.exe
PID 2084 wrote to memory of 2272	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	XkYyFlC.exe
PID 2084 wrote to memory of 2272	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	XkYyFlC.exe
PID 2084 wrote to memory of 2796	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	yWqcxFT.exe
PID 2084 wrote to memory of 2796	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	yWqcxFT.exe
PID 2084 wrote to memory of 2796	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	yWqcxFT.exe
PID 2084 wrote to memory of 3028	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	EBMTcfo.exe
PID 2084 wrote to memory of 3028	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	EBMTcfo.exe
PID 2084 wrote to memory of 3028	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	EBMTcfo.exe
PID 2084 wrote to memory of 2496	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	EoLtXrn.exe
PID 2084 wrote to memory of 2496	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	EoLtXrn.exe
PID 2084 wrote to memory of 2496	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	EoLtXrn.exe
PID 2084 wrote to memory of 2732	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	vnJgmkK.exe
PID 2084 wrote to memory of 2732	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	vnJgmkK.exe
PID 2084 wrote to memory of 2732	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	vnJgmkK.exe
PID 2084 wrote to memory of 2888	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	ukEyhED.exe
PID 2084 wrote to memory of 2888	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	ukEyhED.exe
PID 2084 wrote to memory of 2888	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	ukEyhED.exe
PID 2084 wrote to memory of 2788	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	YtMwfIO.exe
PID 2084 wrote to memory of 2788	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	YtMwfIO.exe
PID 2084 wrote to memory of 2788	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	YtMwfIO.exe
PID 2084 wrote to memory of 2624	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	BBThyFS.exe
PID 2084 wrote to memory of 2624	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	BBThyFS.exe
PID 2084 wrote to memory of 2624	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	BBThyFS.exe
PID 2084 wrote to memory of 2616	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	SJhpfzW.exe
PID 2084 wrote to memory of 2616	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	SJhpfzW.exe
PID 2084 wrote to memory of 2616	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	SJhpfzW.exe
PID 2084 wrote to memory of 2768	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	SjgDNtv.exe
PID 2084 wrote to memory of 2768	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	SjgDNtv.exe
PID 2084 wrote to memory of 2768	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	SjgDNtv.exe
PID 2084 wrote to memory of 1452	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	baNTsDH.exe
PID 2084 wrote to memory of 1452	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	baNTsDH.exe
PID 2084 wrote to memory of 1452	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	baNTsDH.exe
PID 2084 wrote to memory of 2800	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	LjWKJKW.exe
PID 2084 wrote to memory of 2800	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	LjWKJKW.exe
PID 2084 wrote to memory of 2800	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	LjWKJKW.exe
PID 2084 wrote to memory of 812	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	CVXUnrm.exe
PID 2084 wrote to memory of 812	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	CVXUnrm.exe
PID 2084 wrote to memory of 812	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	CVXUnrm.exe
PID 2084 wrote to memory of 468	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	KSZHzeI.exe
PID 2084 wrote to memory of 468	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	KSZHzeI.exe
PID 2084 wrote to memory of 468	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	KSZHzeI.exe
PID 2084 wrote to memory of 2812	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	dYGsdPx.exe
PID 2084 wrote to memory of 2812	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	dYGsdPx.exe
PID 2084 wrote to memory of 2812	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	dYGsdPx.exe
PID 2084 wrote to memory of 2128	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	FKpryuv.exe
PID 2084 wrote to memory of 2128	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	FKpryuv.exe
PID 2084 wrote to memory of 2128	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	FKpryuv.exe
PID 2084 wrote to memory of 2804	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	KdaMjaa.exe
PID 2084 wrote to memory of 2804	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	KdaMjaa.exe
PID 2084 wrote to memory of 2804	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	KdaMjaa.exe
PID 2084 wrote to memory of 1816	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	jNYdveu.exe
PID 2084 wrote to memory of 1816	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	jNYdveu.exe
PID 2084 wrote to memory of 1816	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	jNYdveu.exe
PID 2084 wrote to memory of 576	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	lfXLtAw.exe
PID 2084 wrote to memory of 576	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	lfXLtAw.exe
PID 2084 wrote to memory of 576	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	lfXLtAw.exe
PID 2084 wrote to memory of 2840	2084	2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe	ecNPKLY.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_492cc5dc2a6812ccffb959f547d49241_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\System\rKJmHjU.exe
  C:\Windows\System\rKJmHjU.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\wySfUse.exe
  C:\Windows\System\wySfUse.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\XkYyFlC.exe
  C:\Windows\System\XkYyFlC.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\yWqcxFT.exe
  C:\Windows\System\yWqcxFT.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\EBMTcfo.exe
  C:\Windows\System\EBMTcfo.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\EoLtXrn.exe
  C:\Windows\System\EoLtXrn.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\vnJgmkK.exe
  C:\Windows\System\vnJgmkK.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\ukEyhED.exe
  C:\Windows\System\ukEyhED.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\YtMwfIO.exe
  C:\Windows\System\YtMwfIO.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\BBThyFS.exe
  C:\Windows\System\BBThyFS.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\SJhpfzW.exe
  C:\Windows\System\SJhpfzW.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\SjgDNtv.exe
  C:\Windows\System\SjgDNtv.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\baNTsDH.exe
  C:\Windows\System\baNTsDH.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\LjWKJKW.exe
  C:\Windows\System\LjWKJKW.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\CVXUnrm.exe
  C:\Windows\System\CVXUnrm.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\KSZHzeI.exe
  C:\Windows\System\KSZHzeI.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\dYGsdPx.exe
  C:\Windows\System\dYGsdPx.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\FKpryuv.exe
  C:\Windows\System\FKpryuv.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\KdaMjaa.exe
  C:\Windows\System\KdaMjaa.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\jNYdveu.exe
  C:\Windows\System\jNYdveu.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\lfXLtAw.exe
  C:\Windows\System\lfXLtAw.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\ecNPKLY.exe
  C:\Windows\System\ecNPKLY.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\htLlXjL.exe
  C:\Windows\System\htLlXjL.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\qvEqZil.exe
  C:\Windows\System\qvEqZil.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\FBrpjGs.exe
  C:\Windows\System\FBrpjGs.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\tbfGCmA.exe
  C:\Windows\System\tbfGCmA.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\AyGHXMr.exe
  C:\Windows\System\AyGHXMr.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\EJkIeKp.exe
  C:\Windows\System\EJkIeKp.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\rKggmqo.exe
  C:\Windows\System\rKggmqo.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\QOiSztA.exe
  C:\Windows\System\QOiSztA.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\QWOvjFm.exe
  C:\Windows\System\QWOvjFm.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\vtvPYYS.exe
  C:\Windows\System\vtvPYYS.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\pnGaLmd.exe
  C:\Windows\System\pnGaLmd.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\maCUGfj.exe
  C:\Windows\System\maCUGfj.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\MARBYyI.exe
  C:\Windows\System\MARBYyI.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\sEwMIVL.exe
  C:\Windows\System\sEwMIVL.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\RejSAur.exe
  C:\Windows\System\RejSAur.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\NTtEvar.exe
  C:\Windows\System\NTtEvar.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\BTalUxY.exe
  C:\Windows\System\BTalUxY.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\GAzvRNL.exe
  C:\Windows\System\GAzvRNL.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\uXsnGOm.exe
  C:\Windows\System\uXsnGOm.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\nfqMViq.exe
  C:\Windows\System\nfqMViq.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\GlNqnvG.exe
  C:\Windows\System\GlNqnvG.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\sVnCYqy.exe
  C:\Windows\System\sVnCYqy.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\SHhbHSi.exe
  C:\Windows\System\SHhbHSi.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\zKHSfCV.exe
  C:\Windows\System\zKHSfCV.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\yIBZNod.exe
  C:\Windows\System\yIBZNod.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\ZXESdfu.exe
  C:\Windows\System\ZXESdfu.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\PziLYLD.exe
  C:\Windows\System\PziLYLD.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\KnykWQD.exe
  C:\Windows\System\KnykWQD.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\WmhwhGY.exe
  C:\Windows\System\WmhwhGY.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\JoTpWct.exe
  C:\Windows\System\JoTpWct.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\sbzGakG.exe
  C:\Windows\System\sbzGakG.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\SibCEQN.exe
  C:\Windows\System\SibCEQN.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\DekPoTf.exe
  C:\Windows\System\DekPoTf.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\nLkfrqY.exe
  C:\Windows\System\nLkfrqY.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\IXNInex.exe
  C:\Windows\System\IXNInex.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\HTSgOzt.exe
  C:\Windows\System\HTSgOzt.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\RcCAvgv.exe
  C:\Windows\System\RcCAvgv.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\XOCXylQ.exe
  C:\Windows\System\XOCXylQ.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\AldEbpi.exe
  C:\Windows\System\AldEbpi.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\YRbzYJB.exe
  C:\Windows\System\YRbzYJB.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\CoFYMYU.exe
  C:\Windows\System\CoFYMYU.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\FwHPESi.exe
  C:\Windows\System\FwHPESi.exe
  2⤵
  PID:1132
- C:\Windows\System\PlQqNAC.exe
  C:\Windows\System\PlQqNAC.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\SYOttOP.exe
  C:\Windows\System\SYOttOP.exe
  2⤵
  PID:2588
- C:\Windows\System\WKGVnGV.exe
  C:\Windows\System\WKGVnGV.exe
  2⤵
  PID:2932
- C:\Windows\System\ZhkEwcI.exe
  C:\Windows\System\ZhkEwcI.exe
  2⤵
  PID:2828
- C:\Windows\System\XRCQTkM.exe
  C:\Windows\System\XRCQTkM.exe
  2⤵
  PID:2068
- C:\Windows\System\FNgvoxf.exe
  C:\Windows\System\FNgvoxf.exe
  2⤵
  PID:1168
- C:\Windows\System\lwnfugB.exe
  C:\Windows\System\lwnfugB.exe
  2⤵
  PID:1080
- C:\Windows\System\cAYmYeo.exe
  C:\Windows\System\cAYmYeo.exe
  2⤵
  PID:1280
- C:\Windows\System\wJZmYYU.exe
  C:\Windows\System\wJZmYYU.exe
  2⤵
  PID:1420
- C:\Windows\System\virLBgB.exe
  C:\Windows\System\virLBgB.exe
  2⤵
  PID:1472
- C:\Windows\System\EHPimGu.exe
  C:\Windows\System\EHPimGu.exe
  2⤵
  PID:2700
- C:\Windows\System\JIcjLQo.exe
  C:\Windows\System\JIcjLQo.exe
  2⤵
  PID:2824
- C:\Windows\System\vUavcRz.exe
  C:\Windows\System\vUavcRz.exe
  2⤵
  PID:760
- C:\Windows\System\LEZGUuh.exe
  C:\Windows\System\LEZGUuh.exe
  2⤵
  PID:2320
- C:\Windows\System\agHTwjf.exe
  C:\Windows\System\agHTwjf.exe
  2⤵
  PID:1536
- C:\Windows\System\AUjqNQU.exe
  C:\Windows\System\AUjqNQU.exe
  2⤵
  PID:2524
- C:\Windows\System\ZPiAugs.exe
  C:\Windows\System\ZPiAugs.exe
  2⤵
  PID:1728
- C:\Windows\System\ThlXMIT.exe
  C:\Windows\System\ThlXMIT.exe
  2⤵
  PID:1968
- C:\Windows\System\SEDehMz.exe
  C:\Windows\System\SEDehMz.exe
  2⤵
  PID:1764
- C:\Windows\System\kiivbru.exe
  C:\Windows\System\kiivbru.exe
  2⤵
  PID:2028
- C:\Windows\System\ZutfMEw.exe
  C:\Windows\System\ZutfMEw.exe
  2⤵
  PID:1724
- C:\Windows\System\McMyWiZ.exe
  C:\Windows\System\McMyWiZ.exe
  2⤵
  PID:1656
- C:\Windows\System\xmpxXPI.exe
  C:\Windows\System\xmpxXPI.exe
  2⤵
  PID:2408
- C:\Windows\System\qqtIBNB.exe
  C:\Windows\System\qqtIBNB.exe
  2⤵
  PID:2728
- C:\Windows\System\SpERAnU.exe
  C:\Windows\System\SpERAnU.exe
  2⤵
  PID:1604
- C:\Windows\System\ulpFYjf.exe
  C:\Windows\System\ulpFYjf.exe
  2⤵
  PID:2344
- C:\Windows\System\pNiZhkD.exe
  C:\Windows\System\pNiZhkD.exe
  2⤵
  PID:2708
- C:\Windows\System\omcGwvY.exe
  C:\Windows\System\omcGwvY.exe
  2⤵
  PID:2652
- C:\Windows\System\ilJFfRE.exe
  C:\Windows\System\ilJFfRE.exe
  2⤵
  PID:2832
- C:\Windows\System\WmJHqGN.exe
  C:\Windows\System\WmJHqGN.exe
  2⤵
  PID:1284
- C:\Windows\System\scMUuFh.exe
  C:\Windows\System\scMUuFh.exe
  2⤵
  PID:284
- C:\Windows\System\chySvOk.exe
  C:\Windows\System\chySvOk.exe
  2⤵
  PID:684
- C:\Windows\System\vOTFscW.exe
  C:\Windows\System\vOTFscW.exe
  2⤵
  PID:3000
- C:\Windows\System\oyqiIAB.exe
  C:\Windows\System\oyqiIAB.exe
  2⤵
  PID:1768
- C:\Windows\System\KbHduJZ.exe
  C:\Windows\System\KbHduJZ.exe
  2⤵
  PID:956
- C:\Windows\System\KoFjvOs.exe
  C:\Windows\System\KoFjvOs.exe
  2⤵
  PID:448
- C:\Windows\System\FFnwKsr.exe
  C:\Windows\System\FFnwKsr.exe
  2⤵
  PID:2144
- C:\Windows\System\xQZlzmj.exe
  C:\Windows\System\xQZlzmj.exe
  2⤵
  PID:2460
- C:\Windows\System\HWhEVMx.exe
  C:\Windows\System\HWhEVMx.exe
  2⤵
  PID:3084
- C:\Windows\System\jBoHQtB.exe
  C:\Windows\System\jBoHQtB.exe
  2⤵
  PID:3100
- C:\Windows\System\mhKGoNG.exe
  C:\Windows\System\mhKGoNG.exe
  2⤵
  PID:3120
- C:\Windows\System\KYwjXuL.exe
  C:\Windows\System\KYwjXuL.exe
  2⤵
  PID:3144
- C:\Windows\System\qjpoZqF.exe
  C:\Windows\System\qjpoZqF.exe
  2⤵
  PID:3160
- C:\Windows\System\MUtPrVY.exe
  C:\Windows\System\MUtPrVY.exe
  2⤵
  PID:3176
- C:\Windows\System\OvSvsnU.exe
  C:\Windows\System\OvSvsnU.exe
  2⤵
  PID:3192
- C:\Windows\System\wIvzIhC.exe
  C:\Windows\System\wIvzIhC.exe
  2⤵
  PID:3212
- C:\Windows\System\wrknKNH.exe
  C:\Windows\System\wrknKNH.exe
  2⤵
  PID:3232
- C:\Windows\System\OMkjGGp.exe
  C:\Windows\System\OMkjGGp.exe
  2⤵
  PID:3252
- C:\Windows\System\lmWCsJe.exe
  C:\Windows\System\lmWCsJe.exe
  2⤵
  PID:3268
- C:\Windows\System\rPjHtZM.exe
  C:\Windows\System\rPjHtZM.exe
  2⤵
  PID:3284
- C:\Windows\System\BPTyDrW.exe
  C:\Windows\System\BPTyDrW.exe
  2⤵
  PID:3308
- C:\Windows\System\JsgiNrZ.exe
  C:\Windows\System\JsgiNrZ.exe
  2⤵
  PID:3332
- C:\Windows\System\JsoZocx.exe
  C:\Windows\System\JsoZocx.exe
  2⤵
  PID:3420
- C:\Windows\System\bGqTHAy.exe
  C:\Windows\System\bGqTHAy.exe
  2⤵
  PID:3440
- C:\Windows\System\jRjYxuS.exe
  C:\Windows\System\jRjYxuS.exe
  2⤵
  PID:3460
- C:\Windows\System\wkCcvLd.exe
  C:\Windows\System\wkCcvLd.exe
  2⤵
  PID:3480
- C:\Windows\System\KJTdqlX.exe
  C:\Windows\System\KJTdqlX.exe
  2⤵
  PID:3500
- C:\Windows\System\moWticz.exe
  C:\Windows\System\moWticz.exe
  2⤵
  PID:3520
- C:\Windows\System\UqoMsgj.exe
  C:\Windows\System\UqoMsgj.exe
  2⤵
  PID:3536
- C:\Windows\System\MNDRxEp.exe
  C:\Windows\System\MNDRxEp.exe
  2⤵
  PID:3560
- C:\Windows\System\Lpbtxiv.exe
  C:\Windows\System\Lpbtxiv.exe
  2⤵
  PID:3580
- C:\Windows\System\SArycZc.exe
  C:\Windows\System\SArycZc.exe
  2⤵
  PID:3600
- C:\Windows\System\RSGbDQq.exe
  C:\Windows\System\RSGbDQq.exe
  2⤵
  PID:3620
- C:\Windows\System\jovYhkY.exe
  C:\Windows\System\jovYhkY.exe
  2⤵
  PID:3636
- C:\Windows\System\vZcXaoH.exe
  C:\Windows\System\vZcXaoH.exe
  2⤵
  PID:3660
- C:\Windows\System\cqibzdC.exe
  C:\Windows\System\cqibzdC.exe
  2⤵
  PID:3680
- C:\Windows\System\MHxQeXm.exe
  C:\Windows\System\MHxQeXm.exe
  2⤵
  PID:3700
- C:\Windows\System\KNoGHyY.exe
  C:\Windows\System\KNoGHyY.exe
  2⤵
  PID:3720
- C:\Windows\System\ofYAUav.exe
  C:\Windows\System\ofYAUav.exe
  2⤵
  PID:3736
- C:\Windows\System\cqkfEOb.exe
  C:\Windows\System\cqkfEOb.exe
  2⤵
  PID:3760
- C:\Windows\System\IlMANpk.exe
  C:\Windows\System\IlMANpk.exe
  2⤵
  PID:3776
- C:\Windows\System\hWtCTVz.exe
  C:\Windows\System\hWtCTVz.exe
  2⤵
  PID:3792
- C:\Windows\System\VBhWseu.exe
  C:\Windows\System\VBhWseu.exe
  2⤵
  PID:3816
- C:\Windows\System\XZbgakV.exe
  C:\Windows\System\XZbgakV.exe
  2⤵
  PID:3836
- C:\Windows\System\sQCVPNJ.exe
  C:\Windows\System\sQCVPNJ.exe
  2⤵
  PID:3852
- C:\Windows\System\FWuWQvo.exe
  C:\Windows\System\FWuWQvo.exe
  2⤵
  PID:3880
- C:\Windows\System\WtTPlAq.exe
  C:\Windows\System\WtTPlAq.exe
  2⤵
  PID:3896
- C:\Windows\System\RMXEyUx.exe
  C:\Windows\System\RMXEyUx.exe
  2⤵
  PID:3920
- C:\Windows\System\XrAlgVE.exe
  C:\Windows\System\XrAlgVE.exe
  2⤵
  PID:3936
- C:\Windows\System\SUFRpXm.exe
  C:\Windows\System\SUFRpXm.exe
  2⤵
  PID:3952
- C:\Windows\System\SmJiODq.exe
  C:\Windows\System\SmJiODq.exe
  2⤵
  PID:3976
- C:\Windows\System\LNClgXq.exe
  C:\Windows\System\LNClgXq.exe
  2⤵
  PID:3992
- C:\Windows\System\JrgcHUS.exe
  C:\Windows\System\JrgcHUS.exe
  2⤵
  PID:4012
- C:\Windows\System\Dfyvjja.exe
  C:\Windows\System\Dfyvjja.exe
  2⤵
  PID:4040
- C:\Windows\System\sOzPwhJ.exe
  C:\Windows\System\sOzPwhJ.exe
  2⤵
  PID:4056
- C:\Windows\System\LEuStqK.exe
  C:\Windows\System\LEuStqK.exe
  2⤵
  PID:4076
- C:\Windows\System\NTBbSBd.exe
  C:\Windows\System\NTBbSBd.exe
  2⤵
  PID:308
- C:\Windows\System\mEuleYc.exe
  C:\Windows\System\mEuleYc.exe
  2⤵
  PID:904
- C:\Windows\System\gOrrYBk.exe
  C:\Windows\System\gOrrYBk.exe
  2⤵
  PID:1912
- C:\Windows\System\rRPsHXM.exe
  C:\Windows\System\rRPsHXM.exe
  2⤵
  PID:3008
- C:\Windows\System\uSCrwkO.exe
  C:\Windows\System\uSCrwkO.exe
  2⤵
  PID:2380
- C:\Windows\System\ZcCBFOW.exe
  C:\Windows\System\ZcCBFOW.exe
  2⤵
  PID:2016
- C:\Windows\System\TmjONkL.exe
  C:\Windows\System\TmjONkL.exe
  2⤵
  PID:2276
- C:\Windows\System\trVLslK.exe
  C:\Windows\System\trVLslK.exe
  2⤵
  PID:1760
- C:\Windows\System\NqlVhnX.exe
  C:\Windows\System\NqlVhnX.exe
  2⤵
  PID:2960
- C:\Windows\System\noktSsh.exe
  C:\Windows\System\noktSsh.exe
  2⤵
  PID:1492
- C:\Windows\System\rzLNlJc.exe
  C:\Windows\System\rzLNlJc.exe
  2⤵
  PID:1136
- C:\Windows\System\ZMqEfJB.exe
  C:\Windows\System\ZMqEfJB.exe
  2⤵
  PID:2740
- C:\Windows\System\XpOUiMv.exe
  C:\Windows\System\XpOUiMv.exe
  2⤵
  PID:544
- C:\Windows\System\BgksNqJ.exe
  C:\Windows\System\BgksNqJ.exe
  2⤵
  PID:772
- C:\Windows\System\AHUmNSt.exe
  C:\Windows\System\AHUmNSt.exe
  2⤵
  PID:3168
- C:\Windows\System\mCwwLZX.exe
  C:\Windows\System\mCwwLZX.exe
  2⤵
  PID:3240
- C:\Windows\System\XGvaZxe.exe
  C:\Windows\System\XGvaZxe.exe
  2⤵
  PID:3316
- C:\Windows\System\ccMLAqh.exe
  C:\Windows\System\ccMLAqh.exe
  2⤵
  PID:688
- C:\Windows\System\Iwerqye.exe
  C:\Windows\System\Iwerqye.exe
  2⤵
  PID:3220
- C:\Windows\System\YbfdmCH.exe
  C:\Windows\System\YbfdmCH.exe
  2⤵
  PID:3292
- C:\Windows\System\sbFqhiS.exe
  C:\Windows\System\sbFqhiS.exe
  2⤵
  PID:3348
- C:\Windows\System\YUsGaCD.exe
  C:\Windows\System\YUsGaCD.exe
  2⤵
  PID:3076
- C:\Windows\System\NWXHSlk.exe
  C:\Windows\System\NWXHSlk.exe
  2⤵
  PID:3360
- C:\Windows\System\uTNSEbQ.exe
  C:\Windows\System\uTNSEbQ.exe
  2⤵
  PID:3400
- C:\Windows\System\XrYcZRg.exe
  C:\Windows\System\XrYcZRg.exe
  2⤵
  PID:3428
- C:\Windows\System\ZooYAlO.exe
  C:\Windows\System\ZooYAlO.exe
  2⤵
  PID:3476
- C:\Windows\System\FaUqThh.exe
  C:\Windows\System\FaUqThh.exe
  2⤵
  PID:3452
- C:\Windows\System\bhARFyI.exe
  C:\Windows\System\bhARFyI.exe
  2⤵
  PID:3552
- C:\Windows\System\QXYkelS.exe
  C:\Windows\System\QXYkelS.exe
  2⤵
  PID:3496
- C:\Windows\System\WqslMgV.exe
  C:\Windows\System\WqslMgV.exe
  2⤵
  PID:3568
- C:\Windows\System\eAkOnWR.exe
  C:\Windows\System\eAkOnWR.exe
  2⤵
  PID:3608
- C:\Windows\System\gbqGKSI.exe
  C:\Windows\System\gbqGKSI.exe
  2⤵
  PID:3672
- C:\Windows\System\IlVbdgR.exe
  C:\Windows\System\IlVbdgR.exe
  2⤵
  PID:3652
- C:\Windows\System\TfXxxEF.exe
  C:\Windows\System\TfXxxEF.exe
  2⤵
  PID:3656
- C:\Windows\System\YAHrfPZ.exe
  C:\Windows\System\YAHrfPZ.exe
  2⤵
  PID:3832
- C:\Windows\System\AkryHJf.exe
  C:\Windows\System\AkryHJf.exe
  2⤵
  PID:3692
- C:\Windows\System\iTmLuhN.exe
  C:\Windows\System\iTmLuhN.exe
  2⤵
  PID:3804
- C:\Windows\System\ilWqbnx.exe
  C:\Windows\System\ilWqbnx.exe
  2⤵
  PID:3860
- C:\Windows\System\obplYLb.exe
  C:\Windows\System\obplYLb.exe
  2⤵
  PID:3904
- C:\Windows\System\SfJaATY.exe
  C:\Windows\System\SfJaATY.exe
  2⤵
  PID:3944
- C:\Windows\System\gpxDdkk.exe
  C:\Windows\System\gpxDdkk.exe
  2⤵
  PID:3988
- C:\Windows\System\UeYFrSf.exe
  C:\Windows\System\UeYFrSf.exe
  2⤵
  PID:4028
- C:\Windows\System\VSjWOWR.exe
  C:\Windows\System\VSjWOWR.exe
  2⤵
  PID:3964
- C:\Windows\System\MZWInYr.exe
  C:\Windows\System\MZWInYr.exe
  2⤵
  PID:4008
- C:\Windows\System\VivLKoO.exe
  C:\Windows\System\VivLKoO.exe
  2⤵
  PID:4052
- C:\Windows\System\LpatcHR.exe
  C:\Windows\System\LpatcHR.exe
  2⤵
  PID:2196
- C:\Windows\System\lgikNgw.exe
  C:\Windows\System\lgikNgw.exe
  2⤵
  PID:4088
- C:\Windows\System\wkJIUqj.exe
  C:\Windows\System\wkJIUqj.exe
  2⤵
  PID:2576
- C:\Windows\System\IrvyHar.exe
  C:\Windows\System\IrvyHar.exe
  2⤵
  PID:2088
- C:\Windows\System\WvdWsBo.exe
  C:\Windows\System\WvdWsBo.exe
  2⤵
  PID:2508
- C:\Windows\System\vuDMbXM.exe
  C:\Windows\System\vuDMbXM.exe
  2⤵
  PID:2940
- C:\Windows\System\TkvoAgo.exe
  C:\Windows\System\TkvoAgo.exe
  2⤵
  PID:592
- C:\Windows\System\wPQROth.exe
  C:\Windows\System\wPQROth.exe
  2⤵
  PID:3096
- C:\Windows\System\GMXddIR.exe
  C:\Windows\System\GMXddIR.exe
  2⤵
  PID:3128
- C:\Windows\System\VZcyjIL.exe
  C:\Windows\System\VZcyjIL.exe
  2⤵
  PID:3204
- C:\Windows\System\jGuIUaI.exe
  C:\Windows\System\jGuIUaI.exe
  2⤵
  PID:2668
- C:\Windows\System\xHoYHOu.exe
  C:\Windows\System\xHoYHOu.exe
  2⤵
  PID:3184
- C:\Windows\System\nTwnpjC.exe
  C:\Windows\System\nTwnpjC.exe
  2⤵
  PID:3112
- C:\Windows\System\FSKdpBN.exe
  C:\Windows\System\FSKdpBN.exe
  2⤵
  PID:1756
- C:\Windows\System\GhrXkKn.exe
  C:\Windows\System\GhrXkKn.exe
  2⤵
  PID:3408
- C:\Windows\System\bAemjYW.exe
  C:\Windows\System\bAemjYW.exe
  2⤵
  PID:3372
- C:\Windows\System\bwtJtlW.exe
  C:\Windows\System\bwtJtlW.exe
  2⤵
  PID:3544
- C:\Windows\System\fiFziDV.exe
  C:\Windows\System\fiFziDV.exe
  2⤵
  PID:3488
- C:\Windows\System\rmaIjWT.exe
  C:\Windows\System\rmaIjWT.exe
  2⤵
  PID:3628
- C:\Windows\System\mpnLEOm.exe
  C:\Windows\System\mpnLEOm.exe
  2⤵
  PID:3644
- C:\Windows\System\RVkxcvN.exe
  C:\Windows\System\RVkxcvN.exe
  2⤵
  PID:3784
- C:\Windows\System\bPkSHjc.exe
  C:\Windows\System\bPkSHjc.exe
  2⤵
  PID:3688
- C:\Windows\System\SZJznlz.exe
  C:\Windows\System\SZJznlz.exe
  2⤵
  PID:3800
- C:\Windows\System\RSvcUlb.exe
  C:\Windows\System\RSvcUlb.exe
  2⤵
  PID:3872
- C:\Windows\System\jeOfdfF.exe
  C:\Windows\System\jeOfdfF.exe
  2⤵
  PID:4024
- C:\Windows\System\IlhGNYk.exe
  C:\Windows\System\IlhGNYk.exe
  2⤵
  PID:4032
- C:\Windows\System\BEYvJfw.exe
  C:\Windows\System\BEYvJfw.exe
  2⤵
  PID:4048
- C:\Windows\System\bSfVTrV.exe
  C:\Windows\System\bSfVTrV.exe
  2⤵
  PID:3012
- C:\Windows\System\WSefTbb.exe
  C:\Windows\System\WSefTbb.exe
  2⤵
  PID:4116
- C:\Windows\System\LAgOUJy.exe
  C:\Windows\System\LAgOUJy.exe
  2⤵
  PID:4136
- C:\Windows\System\ZFutDnU.exe
  C:\Windows\System\ZFutDnU.exe
  2⤵
  PID:4156
- C:\Windows\System\omoOrEr.exe
  C:\Windows\System\omoOrEr.exe
  2⤵
  PID:4176
- C:\Windows\System\RBdqycq.exe
  C:\Windows\System\RBdqycq.exe
  2⤵
  PID:4196
- C:\Windows\System\mrgMhRd.exe
  C:\Windows\System\mrgMhRd.exe
  2⤵
  PID:4216
- C:\Windows\System\ZIYAyCD.exe
  C:\Windows\System\ZIYAyCD.exe
  2⤵
  PID:4236
- C:\Windows\System\EenZplr.exe
  C:\Windows\System\EenZplr.exe
  2⤵
  PID:4256
- C:\Windows\System\Tjdaucv.exe
  C:\Windows\System\Tjdaucv.exe
  2⤵
  PID:4276
- C:\Windows\System\WHteHjW.exe
  C:\Windows\System\WHteHjW.exe
  2⤵
  PID:4300
- C:\Windows\System\JNdEeit.exe
  C:\Windows\System\JNdEeit.exe
  2⤵
  PID:4320
- C:\Windows\System\FCiHmjB.exe
  C:\Windows\System\FCiHmjB.exe
  2⤵
  PID:4340
- C:\Windows\System\axizIXa.exe
  C:\Windows\System\axizIXa.exe
  2⤵
  PID:4360
- C:\Windows\System\CjoOYrO.exe
  C:\Windows\System\CjoOYrO.exe
  2⤵
  PID:4380
- C:\Windows\System\VLmSOkd.exe
  C:\Windows\System\VLmSOkd.exe
  2⤵
  PID:4400
- C:\Windows\System\oIfOkUh.exe
  C:\Windows\System\oIfOkUh.exe
  2⤵
  PID:4420
- C:\Windows\System\vOdsDNJ.exe
  C:\Windows\System\vOdsDNJ.exe
  2⤵
  PID:4440
- C:\Windows\System\SaoQKVE.exe
  C:\Windows\System\SaoQKVE.exe
  2⤵
  PID:4460
- C:\Windows\System\pOVTSoS.exe
  C:\Windows\System\pOVTSoS.exe
  2⤵
  PID:4480
- C:\Windows\System\hBORGzM.exe
  C:\Windows\System\hBORGzM.exe
  2⤵
  PID:4500
- C:\Windows\System\douyqwp.exe
  C:\Windows\System\douyqwp.exe
  2⤵
  PID:4520
- C:\Windows\System\KTsIHYI.exe
  C:\Windows\System\KTsIHYI.exe
  2⤵
  PID:4540
- C:\Windows\System\HZdXgSJ.exe
  C:\Windows\System\HZdXgSJ.exe
  2⤵
  PID:4560
- C:\Windows\System\WJgXVsM.exe
  C:\Windows\System\WJgXVsM.exe
  2⤵
  PID:4580
- C:\Windows\System\RNRlruz.exe
  C:\Windows\System\RNRlruz.exe
  2⤵
  PID:4600
- C:\Windows\System\UPaLMQD.exe
  C:\Windows\System\UPaLMQD.exe
  2⤵
  PID:4620
- C:\Windows\System\VDnmWrl.exe
  C:\Windows\System\VDnmWrl.exe
  2⤵
  PID:4640
- C:\Windows\System\jOcCNmx.exe
  C:\Windows\System\jOcCNmx.exe
  2⤵
  PID:4660
- C:\Windows\System\NOQYJze.exe
  C:\Windows\System\NOQYJze.exe
  2⤵
  PID:4680
- C:\Windows\System\BsXxQmx.exe
  C:\Windows\System\BsXxQmx.exe
  2⤵
  PID:4700
- C:\Windows\System\SzwHDBT.exe
  C:\Windows\System\SzwHDBT.exe
  2⤵
  PID:4720
- C:\Windows\System\ZlCWnqP.exe
  C:\Windows\System\ZlCWnqP.exe
  2⤵
  PID:4740
- C:\Windows\System\IXAZTOJ.exe
  C:\Windows\System\IXAZTOJ.exe
  2⤵
  PID:4760
- C:\Windows\System\sfnmlnz.exe
  C:\Windows\System\sfnmlnz.exe
  2⤵
  PID:4780
- C:\Windows\System\oEypvor.exe
  C:\Windows\System\oEypvor.exe
  2⤵
  PID:4800
- C:\Windows\System\VYKtQnr.exe
  C:\Windows\System\VYKtQnr.exe
  2⤵
  PID:4820
- C:\Windows\System\CyyOlza.exe
  C:\Windows\System\CyyOlza.exe
  2⤵
  PID:4840
- C:\Windows\System\gLpTvwQ.exe
  C:\Windows\System\gLpTvwQ.exe
  2⤵
  PID:4860
- C:\Windows\System\VfdrGIP.exe
  C:\Windows\System\VfdrGIP.exe
  2⤵
  PID:4884
- C:\Windows\System\pGICYdO.exe
  C:\Windows\System\pGICYdO.exe
  2⤵
  PID:4904
- C:\Windows\System\lPmVWxn.exe
  C:\Windows\System\lPmVWxn.exe
  2⤵
  PID:4924
- C:\Windows\System\yISYVey.exe
  C:\Windows\System\yISYVey.exe
  2⤵
  PID:4944
- C:\Windows\System\CtMwKtJ.exe
  C:\Windows\System\CtMwKtJ.exe
  2⤵
  PID:4964
- C:\Windows\System\fdWAlyk.exe
  C:\Windows\System\fdWAlyk.exe
  2⤵
  PID:4984
- C:\Windows\System\wLmLELd.exe
  C:\Windows\System\wLmLELd.exe
  2⤵
  PID:5004
- C:\Windows\System\mAlBqNr.exe
  C:\Windows\System\mAlBqNr.exe
  2⤵
  PID:5024
- C:\Windows\System\TkQdUeU.exe
  C:\Windows\System\TkQdUeU.exe
  2⤵
  PID:5044
- C:\Windows\System\kEKlFej.exe
  C:\Windows\System\kEKlFej.exe
  2⤵
  PID:5064
- C:\Windows\System\TVWtvYA.exe
  C:\Windows\System\TVWtvYA.exe
  2⤵
  PID:5084
- C:\Windows\System\giSKDZI.exe
  C:\Windows\System\giSKDZI.exe
  2⤵
  PID:5104
- C:\Windows\System\ZXhdaPu.exe
  C:\Windows\System\ZXhdaPu.exe
  2⤵
  PID:4084
- C:\Windows\System\QLIbfkt.exe
  C:\Windows\System\QLIbfkt.exe
  2⤵
  PID:2904
- C:\Windows\System\sresqLW.exe
  C:\Windows\System\sresqLW.exe
  2⤵
  PID:556
- C:\Windows\System\EccalNX.exe
  C:\Windows\System\EccalNX.exe
  2⤵
  PID:1596
- C:\Windows\System\kQYPQMR.exe
  C:\Windows\System\kQYPQMR.exe
  2⤵
  PID:2756
- C:\Windows\System\lEMskSv.exe
  C:\Windows\System\lEMskSv.exe
  2⤵
  PID:3140
- C:\Windows\System\XUGFrgj.exe
  C:\Windows\System\XUGFrgj.exe
  2⤵
  PID:3228
- C:\Windows\System\jsfmVrw.exe
  C:\Windows\System\jsfmVrw.exe
  2⤵
  PID:3080
- C:\Windows\System\dCsJcXV.exe
  C:\Windows\System\dCsJcXV.exe
  2⤵
  PID:3412
- C:\Windows\System\YRXNyXi.exe
  C:\Windows\System\YRXNyXi.exe
  2⤵
  PID:3448
- C:\Windows\System\XVctoLw.exe
  C:\Windows\System\XVctoLw.exe
  2⤵
  PID:3632
- C:\Windows\System\ZLHOKVu.exe
  C:\Windows\System\ZLHOKVu.exe
  2⤵
  PID:3716
- C:\Windows\System\mOJGRgu.exe
  C:\Windows\System\mOJGRgu.exe
  2⤵
  PID:3772
- C:\Windows\System\TybOcTU.exe
  C:\Windows\System\TybOcTU.exe
  2⤵
  PID:3848
- C:\Windows\System\kOpxpzY.exe
  C:\Windows\System\kOpxpzY.exe
  2⤵
  PID:3984
- C:\Windows\System\JZMtjrU.exe
  C:\Windows\System\JZMtjrU.exe
  2⤵
  PID:3932
- C:\Windows\System\gdGKwZk.exe
  C:\Windows\System\gdGKwZk.exe
  2⤵
  PID:3064
- C:\Windows\System\oFTAtZG.exe
  C:\Windows\System\oFTAtZG.exe
  2⤵
  PID:4128
- C:\Windows\System\OGIuSFH.exe
  C:\Windows\System\OGIuSFH.exe
  2⤵
  PID:4184
- C:\Windows\System\DtUJOcf.exe
  C:\Windows\System\DtUJOcf.exe
  2⤵
  PID:4212
- C:\Windows\System\gvPqgFL.exe
  C:\Windows\System\gvPqgFL.exe
  2⤵
  PID:4244
- C:\Windows\System\SPJJcDU.exe
  C:\Windows\System\SPJJcDU.exe
  2⤵
  PID:4248
- C:\Windows\System\aQmlcPc.exe
  C:\Windows\System\aQmlcPc.exe
  2⤵
  PID:4296
- C:\Windows\System\RfWOjBW.exe
  C:\Windows\System\RfWOjBW.exe
  2⤵
  PID:4332
- C:\Windows\System\CFgiUrl.exe
  C:\Windows\System\CFgiUrl.exe
  2⤵
  PID:4388
- C:\Windows\System\xTCAzET.exe
  C:\Windows\System\xTCAzET.exe
  2⤵
  PID:4428
- C:\Windows\System\pCOJFdA.exe
  C:\Windows\System\pCOJFdA.exe
  2⤵
  PID:4448
- C:\Windows\System\LDuVkWS.exe
  C:\Windows\System\LDuVkWS.exe
  2⤵
  PID:4472
- C:\Windows\System\KzUElbn.exe
  C:\Windows\System\KzUElbn.exe
  2⤵
  PID:4516
- C:\Windows\System\WBshaYL.exe
  C:\Windows\System\WBshaYL.exe
  2⤵
  PID:4536
- C:\Windows\System\NzdAMeu.exe
  C:\Windows\System\NzdAMeu.exe
  2⤵
  PID:4596
- C:\Windows\System\wDfUrab.exe
  C:\Windows\System\wDfUrab.exe
  2⤵
  PID:4628
- C:\Windows\System\DpaxMui.exe
  C:\Windows\System\DpaxMui.exe
  2⤵
  PID:4648
- C:\Windows\System\qmUnzCc.exe
  C:\Windows\System\qmUnzCc.exe
  2⤵
  PID:4672
- C:\Windows\System\JChknKt.exe
  C:\Windows\System\JChknKt.exe
  2⤵
  PID:4716
- C:\Windows\System\xIZBsCp.exe
  C:\Windows\System\xIZBsCp.exe
  2⤵
  PID:4752
- C:\Windows\System\rjWZEGy.exe
  C:\Windows\System\rjWZEGy.exe
  2⤵
  PID:4776
- C:\Windows\System\ROKlHnz.exe
  C:\Windows\System\ROKlHnz.exe
  2⤵
  PID:4816
- C:\Windows\System\ztjFDRq.exe
  C:\Windows\System\ztjFDRq.exe
  2⤵
  PID:4848
- C:\Windows\System\hPywLwd.exe
  C:\Windows\System\hPywLwd.exe
  2⤵
  PID:4852
- C:\Windows\System\ZgweOtG.exe
  C:\Windows\System\ZgweOtG.exe
  2⤵
  PID:4920
- C:\Windows\System\jgDlNAr.exe
  C:\Windows\System\jgDlNAr.exe
  2⤵
  PID:4940
- C:\Windows\System\tPPzSfT.exe
  C:\Windows\System\tPPzSfT.exe
  2⤵
  PID:4980
- C:\Windows\System\QDmZJZg.exe
  C:\Windows\System\QDmZJZg.exe
  2⤵
  PID:5032
- C:\Windows\System\IbLXxxX.exe
  C:\Windows\System\IbLXxxX.exe
  2⤵
  PID:5052
- C:\Windows\System\LJOeAOp.exe
  C:\Windows\System\LJOeAOp.exe
  2⤵
  PID:5076
- C:\Windows\System\IbhwjeV.exe
  C:\Windows\System\IbhwjeV.exe
  2⤵
  PID:5096
- C:\Windows\System\RtGoLql.exe
  C:\Windows\System\RtGoLql.exe
  2⤵
  PID:2712
- C:\Windows\System\bFOmNhQ.exe
  C:\Windows\System\bFOmNhQ.exe
  2⤵
  PID:2564
- C:\Windows\System\UUtHyyP.exe
  C:\Windows\System\UUtHyyP.exe
  2⤵
  PID:3136
- C:\Windows\System\SgsZJBj.exe
  C:\Windows\System\SgsZJBj.exe
  2⤵
  PID:3188
- C:\Windows\System\jpruvnR.exe
  C:\Windows\System\jpruvnR.exe
  2⤵
  PID:2580
- C:\Windows\System\PWKkwZI.exe
  C:\Windows\System\PWKkwZI.exe
  2⤵
  PID:3528
- C:\Windows\System\opfvQDu.exe
  C:\Windows\System\opfvQDu.exe
  2⤵
  PID:3676
- C:\Windows\System\XpTkVNd.exe
  C:\Windows\System\XpTkVNd.exe
  2⤵
  PID:3892
- C:\Windows\System\GKEpPsc.exe
  C:\Windows\System\GKEpPsc.exe
  2⤵
  PID:4112
- C:\Windows\System\wJUMiOY.exe
  C:\Windows\System\wJUMiOY.exe
  2⤵
  PID:4148
- C:\Windows\System\tWhLVbY.exe
  C:\Windows\System\tWhLVbY.exe
  2⤵
  PID:4168
- C:\Windows\System\DnKGeVO.exe
  C:\Windows\System\DnKGeVO.exe
  2⤵
  PID:4232
- C:\Windows\System\WVWkzGE.exe
  C:\Windows\System\WVWkzGE.exe
  2⤵
  PID:4312
- C:\Windows\System\IebDMMU.exe
  C:\Windows\System\IebDMMU.exe
  2⤵
  PID:4376
- C:\Windows\System\FOubXUF.exe
  C:\Windows\System\FOubXUF.exe
  2⤵
  PID:4408
- C:\Windows\System\WVxbSxI.exe
  C:\Windows\System\WVxbSxI.exe
  2⤵
  PID:4456
- C:\Windows\System\NHrccon.exe
  C:\Windows\System\NHrccon.exe
  2⤵
  PID:4496
- C:\Windows\System\KwejVrT.exe
  C:\Windows\System\KwejVrT.exe
  2⤵
  PID:4568
- C:\Windows\System\AOSMtBH.exe
  C:\Windows\System\AOSMtBH.exe
  2⤵
  PID:4608
- C:\Windows\System\KCVZDam.exe
  C:\Windows\System\KCVZDam.exe
  2⤵
  PID:4676
- C:\Windows\System\pcqBZMa.exe
  C:\Windows\System\pcqBZMa.exe
  2⤵
  PID:4748
- C:\Windows\System\nuIAkoW.exe
  C:\Windows\System\nuIAkoW.exe
  2⤵
  PID:4796
- C:\Windows\System\pnunMQt.exe
  C:\Windows\System\pnunMQt.exe
  2⤵
  PID:4792
- C:\Windows\System\dKUlrNk.exe
  C:\Windows\System\dKUlrNk.exe
  2⤵
  PID:4876
- C:\Windows\System\dvBtayJ.exe
  C:\Windows\System\dvBtayJ.exe
  2⤵
  PID:4952
- C:\Windows\System\uaOnOpQ.exe
  C:\Windows\System\uaOnOpQ.exe
  2⤵
  PID:5000
- C:\Windows\System\xuUKZKr.exe
  C:\Windows\System\xuUKZKr.exe
  2⤵
  PID:4996
- C:\Windows\System\vZMiKKr.exe
  C:\Windows\System\vZMiKKr.exe
  2⤵
  PID:936
- C:\Windows\System\QIGazqL.exe
  C:\Windows\System\QIGazqL.exe
  2⤵
  PID:3156
- C:\Windows\System\IxECBjv.exe
  C:\Windows\System\IxECBjv.exe
  2⤵
  PID:3208
- C:\Windows\System\TfmNUNL.exe
  C:\Windows\System\TfmNUNL.exe
  2⤵
  PID:5144
- C:\Windows\System\EFYWszT.exe
  C:\Windows\System\EFYWszT.exe
  2⤵
  PID:5160
- C:\Windows\System\obmWBIm.exe
  C:\Windows\System\obmWBIm.exe
  2⤵
  PID:5184
- C:\Windows\System\HUOqukX.exe
  C:\Windows\System\HUOqukX.exe
  2⤵
  PID:5204
- C:\Windows\System\zjKCYCK.exe
  C:\Windows\System\zjKCYCK.exe
  2⤵
  PID:5224
- C:\Windows\System\lomLBoI.exe
  C:\Windows\System\lomLBoI.exe
  2⤵
  PID:5244
- C:\Windows\System\sbpOQAQ.exe
  C:\Windows\System\sbpOQAQ.exe
  2⤵
  PID:5264
- C:\Windows\System\RfXaJcY.exe
  C:\Windows\System\RfXaJcY.exe
  2⤵
  PID:5280
- C:\Windows\System\RgBzpIS.exe
  C:\Windows\System\RgBzpIS.exe
  2⤵
  PID:5300
- C:\Windows\System\gHDskqK.exe
  C:\Windows\System\gHDskqK.exe
  2⤵
  PID:5320
- C:\Windows\System\SEhkmDf.exe
  C:\Windows\System\SEhkmDf.exe
  2⤵
  PID:5340
- C:\Windows\System\lEeISRn.exe
  C:\Windows\System\lEeISRn.exe
  2⤵
  PID:5356
- C:\Windows\System\tHjQWZH.exe
  C:\Windows\System\tHjQWZH.exe
  2⤵
  PID:5380
- C:\Windows\System\wAgFBLD.exe
  C:\Windows\System\wAgFBLD.exe
  2⤵
  PID:5396
- C:\Windows\System\DhXnlBR.exe
  C:\Windows\System\DhXnlBR.exe
  2⤵
  PID:5420
- C:\Windows\System\bodXedB.exe
  C:\Windows\System\bodXedB.exe
  2⤵
  PID:5440
- C:\Windows\System\dXDyvkd.exe
  C:\Windows\System\dXDyvkd.exe
  2⤵
  PID:5460
- C:\Windows\System\FvmrJIG.exe
  C:\Windows\System\FvmrJIG.exe
  2⤵
  PID:5480
- C:\Windows\System\fQftkTa.exe
  C:\Windows\System\fQftkTa.exe
  2⤵
  PID:5500
- C:\Windows\System\xTczERk.exe
  C:\Windows\System\xTczERk.exe
  2⤵
  PID:5516
- C:\Windows\System\pWublpK.exe
  C:\Windows\System\pWublpK.exe
  2⤵
  PID:5544
- C:\Windows\System\ldTsTnJ.exe
  C:\Windows\System\ldTsTnJ.exe
  2⤵
  PID:5568
- C:\Windows\System\rcJenFw.exe
  C:\Windows\System\rcJenFw.exe
  2⤵
  PID:5588
- C:\Windows\System\wdCNQgs.exe
  C:\Windows\System\wdCNQgs.exe
  2⤵
  PID:5608
- C:\Windows\System\dARBZZT.exe
  C:\Windows\System\dARBZZT.exe
  2⤵
  PID:5632
- C:\Windows\System\UddhMYM.exe
  C:\Windows\System\UddhMYM.exe
  2⤵
  PID:5652
- C:\Windows\System\XsIAaur.exe
  C:\Windows\System\XsIAaur.exe
  2⤵
  PID:5672
- C:\Windows\System\QzYCHMl.exe
  C:\Windows\System\QzYCHMl.exe
  2⤵
  PID:5692
- C:\Windows\System\qtasOTz.exe
  C:\Windows\System\qtasOTz.exe
  2⤵
  PID:5712
- C:\Windows\System\utwpRhM.exe
  C:\Windows\System\utwpRhM.exe
  2⤵
  PID:5728
- C:\Windows\System\blcFsgu.exe
  C:\Windows\System\blcFsgu.exe
  2⤵
  PID:5748
- C:\Windows\System\HwzfyHb.exe
  C:\Windows\System\HwzfyHb.exe
  2⤵
  PID:5764
- C:\Windows\System\XaITvKU.exe
  C:\Windows\System\XaITvKU.exe
  2⤵
  PID:5792
- C:\Windows\System\qZdUZOL.exe
  C:\Windows\System\qZdUZOL.exe
  2⤵
  PID:5816
- C:\Windows\System\uMjgRYX.exe
  C:\Windows\System\uMjgRYX.exe
  2⤵
  PID:5836
- C:\Windows\System\dZSSXqU.exe
  C:\Windows\System\dZSSXqU.exe
  2⤵
  PID:5852
- C:\Windows\System\vAARiBN.exe
  C:\Windows\System\vAARiBN.exe
  2⤵
  PID:5872
- C:\Windows\System\HKFBYyZ.exe
  C:\Windows\System\HKFBYyZ.exe
  2⤵
  PID:5896
- C:\Windows\System\xGaBcws.exe
  C:\Windows\System\xGaBcws.exe
  2⤵
  PID:5916
- C:\Windows\System\auaaAFM.exe
  C:\Windows\System\auaaAFM.exe
  2⤵
  PID:5932
- C:\Windows\System\MlcGoTF.exe
  C:\Windows\System\MlcGoTF.exe
  2⤵
  PID:5952
- C:\Windows\System\hKYelnE.exe
  C:\Windows\System\hKYelnE.exe
  2⤵
  PID:5972
- C:\Windows\System\fJUXflK.exe
  C:\Windows\System\fJUXflK.exe
  2⤵
  PID:5992
- C:\Windows\System\BfNoAAp.exe
  C:\Windows\System\BfNoAAp.exe
  2⤵
  PID:6016
- C:\Windows\System\GJIFbVX.exe
  C:\Windows\System\GJIFbVX.exe
  2⤵
  PID:6036
- C:\Windows\System\EDFOEaP.exe
  C:\Windows\System\EDFOEaP.exe
  2⤵
  PID:6056
- C:\Windows\System\OUEiEzA.exe
  C:\Windows\System\OUEiEzA.exe
  2⤵
  PID:6072
- C:\Windows\System\eiRfPmj.exe
  C:\Windows\System\eiRfPmj.exe
  2⤵
  PID:6096
- C:\Windows\System\mwUrbdH.exe
  C:\Windows\System\mwUrbdH.exe
  2⤵
  PID:6116
- C:\Windows\System\oMIkGyD.exe
  C:\Windows\System\oMIkGyD.exe
  2⤵
  PID:6136
- C:\Windows\System\mNHksaC.exe
  C:\Windows\System\mNHksaC.exe
  2⤵
  PID:3392
- C:\Windows\System\XPrcBVi.exe
  C:\Windows\System\XPrcBVi.exe
  2⤵
  PID:2328
- C:\Windows\System\fmQUEbO.exe
  C:\Windows\System\fmQUEbO.exe
  2⤵
  PID:3616
- C:\Windows\System\KRGArhi.exe
  C:\Windows\System\KRGArhi.exe
  2⤵
  PID:4104
- C:\Windows\System\EkxHyjI.exe
  C:\Windows\System\EkxHyjI.exe
  2⤵
  PID:4188
- C:\Windows\System\ShfDwEg.exe
  C:\Windows\System\ShfDwEg.exe
  2⤵
  PID:4336
- C:\Windows\System\KfDvUBm.exe
  C:\Windows\System\KfDvUBm.exe
  2⤵
  PID:4308
- C:\Windows\System\RaCgsWr.exe
  C:\Windows\System\RaCgsWr.exe
  2⤵
  PID:4548
- C:\Windows\System\XSkpbrx.exe
  C:\Windows\System\XSkpbrx.exe
  2⤵
  PID:4756
- C:\Windows\System\LhhEqhm.exe
  C:\Windows\System\LhhEqhm.exe
  2⤵
  PID:4372
- C:\Windows\System\CqViIpS.exe
  C:\Windows\System\CqViIpS.exe
  2⤵
  PID:4872
- C:\Windows\System\BVDozwG.exe
  C:\Windows\System\BVDozwG.exe
  2⤵
  PID:4732
- C:\Windows\System\GzgJyMK.exe
  C:\Windows\System\GzgJyMK.exe
  2⤵
  PID:5016
- C:\Windows\System\oNWDLJV.exe
  C:\Windows\System\oNWDLJV.exe
  2⤵
  PID:1156
- C:\Windows\System\RofFIBi.exe
  C:\Windows\System\RofFIBi.exe
  2⤵
  PID:5156
- C:\Windows\System\wbeUNIY.exe
  C:\Windows\System\wbeUNIY.exe
  2⤵
  PID:5232
- C:\Windows\System\wCeVuLs.exe
  C:\Windows\System\wCeVuLs.exe
  2⤵
  PID:1144
- C:\Windows\System\YdneFcz.exe
  C:\Windows\System\YdneFcz.exe
  2⤵
  PID:1108
- C:\Windows\System\hvNIAwd.exe
  C:\Windows\System\hvNIAwd.exe
  2⤵
  PID:5180
- C:\Windows\System\ZftuYqx.exe
  C:\Windows\System\ZftuYqx.exe
  2⤵
  PID:5220
- C:\Windows\System\TneubxK.exe
  C:\Windows\System\TneubxK.exe
  2⤵
  PID:5312
- C:\Windows\System\yHCDxdl.exe
  C:\Windows\System\yHCDxdl.exe
  2⤵
  PID:5352
- C:\Windows\System\FKnPOUH.exe
  C:\Windows\System\FKnPOUH.exe
  2⤵
  PID:5432
- C:\Windows\System\dtEaENP.exe
  C:\Windows\System\dtEaENP.exe
  2⤵
  PID:5468
- C:\Windows\System\YhebETb.exe
  C:\Windows\System\YhebETb.exe
  2⤵
  PID:5472
- C:\Windows\System\UJBBqUL.exe
  C:\Windows\System\UJBBqUL.exe
  2⤵
  PID:5456
- C:\Windows\System\jJoRCzJ.exe
  C:\Windows\System\jJoRCzJ.exe
  2⤵
  PID:5560
- C:\Windows\System\VfUSgzC.exe
  C:\Windows\System\VfUSgzC.exe
  2⤵
  PID:5452
- C:\Windows\System\qWchkdd.exe
  C:\Windows\System\qWchkdd.exe
  2⤵
  PID:5600
- C:\Windows\System\SuwEeuD.exe
  C:\Windows\System\SuwEeuD.exe
  2⤵
  PID:5536
- C:\Windows\System\RRpprqv.exe
  C:\Windows\System\RRpprqv.exe
  2⤵
  PID:5616
- C:\Windows\System\tBzebWL.exe
  C:\Windows\System\tBzebWL.exe
  2⤵
  PID:5628
- C:\Windows\System\bKicIyZ.exe
  C:\Windows\System\bKicIyZ.exe
  2⤵
  PID:5660
- C:\Windows\System\NItcwxo.exe
  C:\Windows\System\NItcwxo.exe
  2⤵
  PID:5704
- C:\Windows\System\QYQkVBW.exe
  C:\Windows\System\QYQkVBW.exe
  2⤵
  PID:5736
- C:\Windows\System\TVrByHp.exe
  C:\Windows\System\TVrByHp.exe
  2⤵
  PID:5804
- C:\Windows\System\YbuSWph.exe
  C:\Windows\System\YbuSWph.exe
  2⤵
  PID:5824
- C:\Windows\System\qVbeLYa.exe
  C:\Windows\System\qVbeLYa.exe
  2⤵
  PID:5880
- C:\Windows\System\emrildD.exe
  C:\Windows\System\emrildD.exe
  2⤵
  PID:5924
- C:\Windows\System\UWbgREc.exe
  C:\Windows\System\UWbgREc.exe
  2⤵
  PID:5912
- C:\Windows\System\SNhVIOq.exe
  C:\Windows\System\SNhVIOq.exe
  2⤵
  PID:6000
- C:\Windows\System\bhdBdkB.exe
  C:\Windows\System\bhdBdkB.exe
  2⤵
  PID:2248
- C:\Windows\System\FwZGknN.exe
  C:\Windows\System\FwZGknN.exe
  2⤵
  PID:5988
- C:\Windows\System\kIcQQiV.exe
  C:\Windows\System\kIcQQiV.exe
  2⤵
  PID:6080
- C:\Windows\System\tuiYrMv.exe
  C:\Windows\System\tuiYrMv.exe
  2⤵
  PID:6124
- C:\Windows\System\zOxCWsT.exe
  C:\Windows\System\zOxCWsT.exe
  2⤵
  PID:6104
- C:\Windows\System\DoPjyrf.exe
  C:\Windows\System\DoPjyrf.exe
  2⤵
  PID:3436
- C:\Windows\System\IOeCEHT.exe
  C:\Windows\System\IOeCEHT.exe
  2⤵
  PID:4124
- C:\Windows\System\YnWVNVp.exe
  C:\Windows\System\YnWVNVp.exe
  2⤵
  PID:4352
- C:\Windows\System\CnzqDQV.exe
  C:\Windows\System\CnzqDQV.exe
  2⤵
  PID:3696
- C:\Windows\System\kpHySNY.exe
  C:\Windows\System\kpHySNY.exe
  2⤵
  PID:2924
- C:\Windows\System\FRbjiFe.exe
  C:\Windows\System\FRbjiFe.exe
  2⤵
  PID:4612
- C:\Windows\System\WJhjCNe.exe
  C:\Windows\System\WJhjCNe.exe
  2⤵
  PID:5112
- C:\Windows\System\GXYSojN.exe
  C:\Windows\System\GXYSojN.exe
  2⤵
  PID:4476
- C:\Windows\System\YpbDqWN.exe
  C:\Windows\System\YpbDqWN.exe
  2⤵
  PID:4956
- C:\Windows\System\ehlkqxS.exe
  C:\Windows\System\ehlkqxS.exe
  2⤵
  PID:5132
- C:\Windows\System\pEawrYx.exe
  C:\Windows\System\pEawrYx.exe
  2⤵
  PID:5272
- C:\Windows\System\lQijKnh.exe
  C:\Windows\System\lQijKnh.exe
  2⤵
  PID:5040
- C:\Windows\System\qrjXNYM.exe
  C:\Windows\System\qrjXNYM.exe
  2⤵
  PID:5256
- C:\Windows\System\RYeNFOd.exe
  C:\Windows\System\RYeNFOd.exe
  2⤵
  PID:5168
- C:\Windows\System\NnJEzaB.exe
  C:\Windows\System\NnJEzaB.exe
  2⤵
  PID:5368
- C:\Windows\System\iJZxkZr.exe
  C:\Windows\System\iJZxkZr.exe
  2⤵
  PID:5392
- C:\Windows\System\pjoVDIZ.exe
  C:\Windows\System\pjoVDIZ.exe
  2⤵
  PID:5528
- C:\Windows\System\RGTdfJn.exe
  C:\Windows\System\RGTdfJn.exe
  2⤵
  PID:5564
- C:\Windows\System\FvIGHnq.exe
  C:\Windows\System\FvIGHnq.exe
  2⤵
  PID:5584
- C:\Windows\System\vpBRizr.exe
  C:\Windows\System\vpBRizr.exe
  2⤵
  PID:5688
- C:\Windows\System\ByyloFj.exe
  C:\Windows\System\ByyloFj.exe
  2⤵
  PID:5724
- C:\Windows\System\yNtkamf.exe
  C:\Windows\System\yNtkamf.exe
  2⤵
  PID:5760
- C:\Windows\System\PSgxMLZ.exe
  C:\Windows\System\PSgxMLZ.exe
  2⤵
  PID:5788
- C:\Windows\System\btfTiiZ.exe
  C:\Windows\System\btfTiiZ.exe
  2⤵
  PID:5928
- C:\Windows\System\IQqJeNM.exe
  C:\Windows\System\IQqJeNM.exe
  2⤵
  PID:5884
- C:\Windows\System\EFIHXYY.exe
  C:\Windows\System\EFIHXYY.exe
  2⤵
  PID:6032
- C:\Windows\System\jVijSjW.exe
  C:\Windows\System\jVijSjW.exe
  2⤵
  PID:6064
- C:\Windows\System\fncZqpW.exe
  C:\Windows\System\fncZqpW.exe
  2⤵
  PID:3768
- C:\Windows\System\ClyeFoI.exe
  C:\Windows\System\ClyeFoI.exe
  2⤵
  PID:2748
- C:\Windows\System\gOLYYwl.exe
  C:\Windows\System\gOLYYwl.exe
  2⤵
  PID:4328
- C:\Windows\System\IVXAKWf.exe
  C:\Windows\System\IVXAKWf.exe
  2⤵
  PID:4632
- C:\Windows\System\gdBPldr.exe
  C:\Windows\System\gdBPldr.exe
  2⤵
  PID:5236
- C:\Windows\System\QqVfyYB.exe
  C:\Windows\System\QqVfyYB.exe
  2⤵
  PID:4636
- C:\Windows\System\AHtwuJD.exe
  C:\Windows\System\AHtwuJD.exe
  2⤵
  PID:4452
- C:\Windows\System\VuIhWxS.exe
  C:\Windows\System\VuIhWxS.exe
  2⤵
  PID:5296
- C:\Windows\System\hMbOmQe.exe
  C:\Windows\System\hMbOmQe.exe
  2⤵
  PID:5276
- C:\Windows\System\SOgBpuO.exe
  C:\Windows\System\SOgBpuO.exe
  2⤵
  PID:5428
- C:\Windows\System\NqbThXb.exe
  C:\Windows\System\NqbThXb.exe
  2⤵
  PID:5372
- C:\Windows\System\KlKSnWX.exe
  C:\Windows\System\KlKSnWX.exe
  2⤵
  PID:5336
- C:\Windows\System\hsnJcAx.exe
  C:\Windows\System\hsnJcAx.exe
  2⤵
  PID:5700
- C:\Windows\System\KFsZrWp.exe
  C:\Windows\System\KFsZrWp.exe
  2⤵
  PID:5744
- C:\Windows\System\eGhQOKJ.exe
  C:\Windows\System\eGhQOKJ.exe
  2⤵
  PID:6044
- C:\Windows\System\PrpsJlo.exe
  C:\Windows\System\PrpsJlo.exe
  2⤵
  PID:6092
- C:\Windows\System\amMqXfq.exe
  C:\Windows\System\amMqXfq.exe
  2⤵
  PID:5892
- C:\Windows\System\xjZQwKI.exe
  C:\Windows\System\xjZQwKI.exe
  2⤵
  PID:6164
- C:\Windows\System\UCKFeeG.exe
  C:\Windows\System\UCKFeeG.exe
  2⤵
  PID:6184
- C:\Windows\System\hOWDzSI.exe
  C:\Windows\System\hOWDzSI.exe
  2⤵
  PID:6208
- C:\Windows\System\OMtvCJp.exe
  C:\Windows\System\OMtvCJp.exe
  2⤵
  PID:6236
- C:\Windows\System\qUoymDF.exe
  C:\Windows\System\qUoymDF.exe
  2⤵
  PID:6256
- C:\Windows\System\sOEZjwP.exe
  C:\Windows\System\sOEZjwP.exe
  2⤵
  PID:6276
- C:\Windows\System\QpKdfYs.exe
  C:\Windows\System\QpKdfYs.exe
  2⤵
  PID:6296
- C:\Windows\System\UHTcmGX.exe
  C:\Windows\System\UHTcmGX.exe
  2⤵
  PID:6316
- C:\Windows\System\GVaUiqh.exe
  C:\Windows\System\GVaUiqh.exe
  2⤵
  PID:6336
- C:\Windows\System\WGNMtdO.exe
  C:\Windows\System\WGNMtdO.exe
  2⤵
  PID:6356
- C:\Windows\System\dALiPiQ.exe
  C:\Windows\System\dALiPiQ.exe
  2⤵
  PID:6376
- C:\Windows\System\pRGJFUj.exe
  C:\Windows\System\pRGJFUj.exe
  2⤵
  PID:6396
- C:\Windows\System\BJrJZQO.exe
  C:\Windows\System\BJrJZQO.exe
  2⤵
  PID:6416
- C:\Windows\System\nvZbAkS.exe
  C:\Windows\System\nvZbAkS.exe
  2⤵
  PID:6436
- C:\Windows\System\GrcvFSY.exe
  C:\Windows\System\GrcvFSY.exe
  2⤵
  PID:6456
- C:\Windows\System\wKOMwIg.exe
  C:\Windows\System\wKOMwIg.exe
  2⤵
  PID:6480
- C:\Windows\System\eyIzsfi.exe
  C:\Windows\System\eyIzsfi.exe
  2⤵
  PID:6500
- C:\Windows\System\cPpcWZa.exe
  C:\Windows\System\cPpcWZa.exe
  2⤵
  PID:6524
- C:\Windows\System\CBtWgFp.exe
  C:\Windows\System\CBtWgFp.exe
  2⤵
  PID:6544
- C:\Windows\System\soCipgH.exe
  C:\Windows\System\soCipgH.exe
  2⤵
  PID:6564
- C:\Windows\System\YytHMAa.exe
  C:\Windows\System\YytHMAa.exe
  2⤵
  PID:6584
- C:\Windows\System\QSXZUhh.exe
  C:\Windows\System\QSXZUhh.exe
  2⤵
  PID:6604
- C:\Windows\System\sXPcVEU.exe
  C:\Windows\System\sXPcVEU.exe
  2⤵
  PID:6624
- C:\Windows\System\icESUHx.exe
  C:\Windows\System\icESUHx.exe
  2⤵
  PID:6644
- C:\Windows\System\FCGDIyK.exe
  C:\Windows\System\FCGDIyK.exe
  2⤵
  PID:6664
- C:\Windows\System\pdgmHvH.exe
  C:\Windows\System\pdgmHvH.exe
  2⤵
  PID:6684
- C:\Windows\System\ubnptWK.exe
  C:\Windows\System\ubnptWK.exe
  2⤵
  PID:6704
- C:\Windows\System\cgMALcy.exe
  C:\Windows\System\cgMALcy.exe
  2⤵
  PID:6724
- C:\Windows\System\OuRFggB.exe
  C:\Windows\System\OuRFggB.exe
  2⤵
  PID:6744
- C:\Windows\System\xTjOQLF.exe
  C:\Windows\System\xTjOQLF.exe
  2⤵
  PID:6764
- C:\Windows\System\pkeBWKA.exe
  C:\Windows\System\pkeBWKA.exe
  2⤵
  PID:6784
- C:\Windows\System\hHDmpSm.exe
  C:\Windows\System\hHDmpSm.exe
  2⤵
  PID:6804
- C:\Windows\System\xUSFVLv.exe
  C:\Windows\System\xUSFVLv.exe
  2⤵
  PID:6824
- C:\Windows\System\wFuxAcW.exe
  C:\Windows\System\wFuxAcW.exe
  2⤵
  PID:6844
- C:\Windows\System\bwjOXhB.exe
  C:\Windows\System\bwjOXhB.exe
  2⤵
  PID:6864
- C:\Windows\System\KubdZgY.exe
  C:\Windows\System\KubdZgY.exe
  2⤵
  PID:6884
- C:\Windows\System\YWbsKfn.exe
  C:\Windows\System\YWbsKfn.exe
  2⤵
  PID:6904
- C:\Windows\System\yyytRsi.exe
  C:\Windows\System\yyytRsi.exe
  2⤵
  PID:6924
- C:\Windows\System\xiMxmut.exe
  C:\Windows\System\xiMxmut.exe
  2⤵
  PID:6944
- C:\Windows\System\iKLpcGz.exe
  C:\Windows\System\iKLpcGz.exe
  2⤵
  PID:6964
- C:\Windows\System\vcwcBUD.exe
  C:\Windows\System\vcwcBUD.exe
  2⤵
  PID:6984
- C:\Windows\System\UiOyPdb.exe
  C:\Windows\System\UiOyPdb.exe
  2⤵
  PID:7004
- C:\Windows\System\JeLjPYz.exe
  C:\Windows\System\JeLjPYz.exe
  2⤵
  PID:7024
- C:\Windows\System\wdNVoaf.exe
  C:\Windows\System\wdNVoaf.exe
  2⤵
  PID:7044
- C:\Windows\System\zJDFfrG.exe
  C:\Windows\System\zJDFfrG.exe
  2⤵
  PID:7064
- C:\Windows\System\vPGmWvj.exe
  C:\Windows\System\vPGmWvj.exe
  2⤵
  PID:7088
- C:\Windows\System\LGaKpKy.exe
  C:\Windows\System\LGaKpKy.exe
  2⤵
  PID:7108
- C:\Windows\System\iXvuwxQ.exe
  C:\Windows\System\iXvuwxQ.exe
  2⤵
  PID:7128
- C:\Windows\System\xurGPlX.exe
  C:\Windows\System\xurGPlX.exe
  2⤵
  PID:7148
- C:\Windows\System\IYOZQTI.exe
  C:\Windows\System\IYOZQTI.exe
  2⤵
  PID:5944
- C:\Windows\System\saBybJj.exe
  C:\Windows\System\saBybJj.exe
  2⤵
  PID:4432
- C:\Windows\System\ytvwGMJ.exe
  C:\Windows\System\ytvwGMJ.exe
  2⤵
  PID:4224
- C:\Windows\System\scCLsiQ.exe
  C:\Windows\System\scCLsiQ.exe
  2⤵
  PID:4912
- C:\Windows\System\eyQtIzM.exe
  C:\Windows\System\eyQtIzM.exe
  2⤵
  PID:5200
- C:\Windows\System\zmoTGCZ.exe
  C:\Windows\System\zmoTGCZ.exe
  2⤵
  PID:5492
- C:\Windows\System\JOYVHJT.exe
  C:\Windows\System\JOYVHJT.exe
  2⤵
  PID:5680
- C:\Windows\System\yEMVApl.exe
  C:\Windows\System\yEMVApl.exe
  2⤵
  PID:6128
- C:\Windows\System\fabpmSg.exe
  C:\Windows\System\fabpmSg.exe
  2⤵
  PID:2352
- C:\Windows\System\gaPGhQO.exe
  C:\Windows\System\gaPGhQO.exe
  2⤵
  PID:5812
- C:\Windows\System\BKOeDqm.exe
  C:\Windows\System\BKOeDqm.exe
  2⤵
  PID:6152
- C:\Windows\System\ggiwuTb.exe
  C:\Windows\System\ggiwuTb.exe
  2⤵
  PID:6204
- C:\Windows\System\htOiNiO.exe
  C:\Windows\System\htOiNiO.exe
  2⤵
  PID:6252
- C:\Windows\System\bRePCDh.exe
  C:\Windows\System\bRePCDh.exe
  2⤵
  PID:6264
- C:\Windows\System\GEjqRea.exe
  C:\Windows\System\GEjqRea.exe
  2⤵
  PID:6288
- C:\Windows\System\GWycSme.exe
  C:\Windows\System\GWycSme.exe
  2⤵
  PID:6308
- C:\Windows\System\HleuHLJ.exe
  C:\Windows\System\HleuHLJ.exe
  2⤵
  PID:6352
- C:\Windows\System\eoghfDs.exe
  C:\Windows\System\eoghfDs.exe
  2⤵
  PID:6392
- C:\Windows\System\ybcDMnb.exe
  C:\Windows\System\ybcDMnb.exe
  2⤵
  PID:6424
- C:\Windows\System\wEBARPr.exe
  C:\Windows\System\wEBARPr.exe
  2⤵
  PID:6448
- C:\Windows\System\WFxjEfV.exe
  C:\Windows\System\WFxjEfV.exe
  2⤵
  PID:6476
- C:\Windows\System\rghnFYg.exe
  C:\Windows\System\rghnFYg.exe
  2⤵
  PID:1920
- C:\Windows\System\zZYohbn.exe
  C:\Windows\System\zZYohbn.exe
  2⤵
  PID:6572
- C:\Windows\System\TQgPrnF.exe
  C:\Windows\System\TQgPrnF.exe
  2⤵
  PID:6592
- C:\Windows\System\mjylumK.exe
  C:\Windows\System\mjylumK.exe
  2⤵
  PID:6616
- C:\Windows\System\cgQFZvt.exe
  C:\Windows\System\cgQFZvt.exe
  2⤵
  PID:6636
- C:\Windows\System\tdomSFB.exe
  C:\Windows\System\tdomSFB.exe
  2⤵
  PID:6696
- C:\Windows\System\xUdVcii.exe
  C:\Windows\System\xUdVcii.exe
  2⤵
  PID:6716
- C:\Windows\System\RSspxtr.exe
  C:\Windows\System\RSspxtr.exe
  2⤵
  PID:6772
- C:\Windows\System\HiEHxvH.exe
  C:\Windows\System\HiEHxvH.exe
  2⤵
  PID:6792
- C:\Windows\System\xqbGcNp.exe
  C:\Windows\System\xqbGcNp.exe
  2⤵
  PID:6816
- C:\Windows\System\vmfBkTY.exe
  C:\Windows\System\vmfBkTY.exe
  2⤵
  PID:6860
- C:\Windows\System\gnlCTPX.exe
  C:\Windows\System\gnlCTPX.exe
  2⤵
  PID:6876
- C:\Windows\System\qzoJVKV.exe
  C:\Windows\System\qzoJVKV.exe
  2⤵
  PID:6912
- C:\Windows\System\SbkcXbj.exe
  C:\Windows\System\SbkcXbj.exe
  2⤵
  PID:6952
- C:\Windows\System\btdKFjd.exe
  C:\Windows\System\btdKFjd.exe
  2⤵
  PID:6992
- C:\Windows\System\IcEjdoZ.exe
  C:\Windows\System\IcEjdoZ.exe
  2⤵
  PID:7020
- C:\Windows\System\ZPjNkOS.exe
  C:\Windows\System\ZPjNkOS.exe
  2⤵
  PID:7032
- C:\Windows\System\REsxeeH.exe
  C:\Windows\System\REsxeeH.exe
  2⤵
  PID:7072
- C:\Windows\System\ZNVzjYy.exe
  C:\Windows\System\ZNVzjYy.exe
  2⤵
  PID:7116
- C:\Windows\System\txnDjQN.exe
  C:\Windows\System\txnDjQN.exe
  2⤵
  PID:7124
- C:\Windows\System\KDGSxET.exe
  C:\Windows\System\KDGSxET.exe
  2⤵
  PID:7160
- C:\Windows\System\mVenhwb.exe
  C:\Windows\System\mVenhwb.exe
  2⤵
  PID:6108
- C:\Windows\System\lQURpMJ.exe
  C:\Windows\System\lQURpMJ.exe
  2⤵
  PID:4708
- C:\Windows\System\EYIbEDL.exe
  C:\Windows\System\EYIbEDL.exe
  2⤵
  PID:5664
- C:\Windows\System\hxNBcXC.exe
  C:\Windows\System\hxNBcXC.exe
  2⤵
  PID:6012
- C:\Windows\System\vpEgWSS.exe
  C:\Windows\System\vpEgWSS.exe
  2⤵
  PID:5844
- C:\Windows\System\wjhiWLA.exe
  C:\Windows\System\wjhiWLA.exe
  2⤵
  PID:5984
- C:\Windows\System\EfjSTAb.exe
  C:\Windows\System\EfjSTAb.exe
  2⤵
  PID:6196
- C:\Windows\System\nPpPsoz.exe
  C:\Windows\System\nPpPsoz.exe
  2⤵
  PID:6332
- C:\Windows\System\Hnjmexc.exe
  C:\Windows\System\Hnjmexc.exe
  2⤵
  PID:6384
- C:\Windows\System\JSfhLnN.exe
  C:\Windows\System\JSfhLnN.exe
  2⤵
  PID:6444
- C:\Windows\System\FxpdUrr.exe
  C:\Windows\System\FxpdUrr.exe
  2⤵
  PID:6492
- C:\Windows\System\yuyOfnA.exe
  C:\Windows\System\yuyOfnA.exe
  2⤵
  PID:6560
- C:\Windows\System\sVwpgBo.exe
  C:\Windows\System\sVwpgBo.exe
  2⤵
  PID:6552
- C:\Windows\System\LRuQQIs.exe
  C:\Windows\System\LRuQQIs.exe
  2⤵
  PID:6640
- C:\Windows\System\mLJBtEU.exe
  C:\Windows\System\mLJBtEU.exe
  2⤵
  PID:6720
- C:\Windows\System\uNOJvyP.exe
  C:\Windows\System\uNOJvyP.exe
  2⤵
  PID:6756
- C:\Windows\System\bCKFtdt.exe
  C:\Windows\System\bCKFtdt.exe
  2⤵
  PID:6812
- C:\Windows\System\bXqikUk.exe
  C:\Windows\System\bXqikUk.exe
  2⤵
  PID:6836
- C:\Windows\System\FntYLiB.exe
  C:\Windows\System\FntYLiB.exe
  2⤵
  PID:6892
- C:\Windows\System\FPEfXLn.exe
  C:\Windows\System\FPEfXLn.exe
  2⤵
  PID:6956
- C:\Windows\System\VmGOHig.exe
  C:\Windows\System\VmGOHig.exe
  2⤵
  PID:7000
- C:\Windows\System\AqotHOp.exe
  C:\Windows\System\AqotHOp.exe
  2⤵
  PID:7096
- C:\Windows\System\pqHsakU.exe
  C:\Windows\System\pqHsakU.exe
  2⤵
  PID:7104
- C:\Windows\System\QtIVmlI.exe
  C:\Windows\System\QtIVmlI.exe
  2⤵
  PID:7164
- C:\Windows\System\ZPyeyaA.exe
  C:\Windows\System\ZPyeyaA.exe
  2⤵
  PID:4960
- C:\Windows\System\xzeUNLP.exe
  C:\Windows\System\xzeUNLP.exe
  2⤵
  PID:5576
- C:\Windows\System\PbYdsSQ.exe
  C:\Windows\System\PbYdsSQ.exe
  2⤵
  PID:5556
- C:\Windows\System\GubKoJj.exe
  C:\Windows\System\GubKoJj.exe
  2⤵
  PID:2316
- C:\Windows\System\jjRYqqS.exe
  C:\Windows\System\jjRYqqS.exe
  2⤵
  PID:6220
- C:\Windows\System\ugXCrxe.exe
  C:\Windows\System\ugXCrxe.exe
  2⤵
  PID:6364
- C:\Windows\System\uTEdmsq.exe
  C:\Windows\System\uTEdmsq.exe
  2⤵
  PID:6344
- C:\Windows\System\leIpcHL.exe
  C:\Windows\System\leIpcHL.exe
  2⤵
  PID:6388
- C:\Windows\System\WITgAbH.exe
  C:\Windows\System\WITgAbH.exe
  2⤵
  PID:6600
- C:\Windows\System\scXVMKx.exe
  C:\Windows\System\scXVMKx.exe
  2⤵
  PID:3020
- C:\Windows\System\brcDlsh.exe
  C:\Windows\System\brcDlsh.exe
  2⤵
  PID:6712
- C:\Windows\System\IgSrFLp.exe
  C:\Windows\System\IgSrFLp.exe
  2⤵
  PID:7180
- C:\Windows\System\KGWyEHh.exe
  C:\Windows\System\KGWyEHh.exe
  2⤵
  PID:7200
- C:\Windows\System\SRrzauL.exe
  C:\Windows\System\SRrzauL.exe
  2⤵
  PID:7220
- C:\Windows\System\jishsTM.exe
  C:\Windows\System\jishsTM.exe
  2⤵
  PID:7240
- C:\Windows\System\bdlVhhf.exe
  C:\Windows\System\bdlVhhf.exe
  2⤵
  PID:7260
- C:\Windows\System\AaFJOPx.exe
  C:\Windows\System\AaFJOPx.exe
  2⤵
  PID:7276
- C:\Windows\System\MMNPytt.exe
  C:\Windows\System\MMNPytt.exe
  2⤵
  PID:7300
- C:\Windows\System\XLuJynp.exe
  C:\Windows\System\XLuJynp.exe
  2⤵
  PID:7324
- C:\Windows\System\KkWneDz.exe
  C:\Windows\System\KkWneDz.exe
  2⤵
  PID:7344
- C:\Windows\System\IlakJcu.exe
  C:\Windows\System\IlakJcu.exe
  2⤵
  PID:7364
- C:\Windows\System\vWHeSJA.exe
  C:\Windows\System\vWHeSJA.exe
  2⤵
  PID:7384
- C:\Windows\System\IUADDOj.exe
  C:\Windows\System\IUADDOj.exe
  2⤵
  PID:7404
- C:\Windows\System\rKxhckV.exe
  C:\Windows\System\rKxhckV.exe
  2⤵
  PID:7424
- C:\Windows\System\jrgpbuL.exe
  C:\Windows\System\jrgpbuL.exe
  2⤵
  PID:7444
- C:\Windows\System\dEFnOmC.exe
  C:\Windows\System\dEFnOmC.exe
  2⤵
  PID:7464
- C:\Windows\System\mwSzeDx.exe
  C:\Windows\System\mwSzeDx.exe
  2⤵
  PID:7484
- C:\Windows\System\CFXpRIq.exe
  C:\Windows\System\CFXpRIq.exe
  2⤵
  PID:7504
- C:\Windows\System\tgAwFOA.exe
  C:\Windows\System\tgAwFOA.exe
  2⤵
  PID:7524
- C:\Windows\System\vFuKKkh.exe
  C:\Windows\System\vFuKKkh.exe
  2⤵
  PID:7544
- C:\Windows\System\uoTWAAd.exe
  C:\Windows\System\uoTWAAd.exe
  2⤵
  PID:7564
- C:\Windows\System\uAzOcof.exe
  C:\Windows\System\uAzOcof.exe
  2⤵
  PID:7584
- C:\Windows\System\FXZfhED.exe
  C:\Windows\System\FXZfhED.exe
  2⤵
  PID:7604
- C:\Windows\System\DQraGZR.exe
  C:\Windows\System\DQraGZR.exe
  2⤵
  PID:7620
- C:\Windows\System\bwqxjfc.exe
  C:\Windows\System\bwqxjfc.exe
  2⤵
  PID:7640
- C:\Windows\System\zoQjSvR.exe
  C:\Windows\System\zoQjSvR.exe
  2⤵
  PID:7664
- C:\Windows\System\sqJUCKQ.exe
  C:\Windows\System\sqJUCKQ.exe
  2⤵
  PID:7684
- C:\Windows\System\ELZgDWp.exe
  C:\Windows\System\ELZgDWp.exe
  2⤵
  PID:7704
- C:\Windows\System\fiUeTjT.exe
  C:\Windows\System\fiUeTjT.exe
  2⤵
  PID:7724
- C:\Windows\System\ozWTGjT.exe
  C:\Windows\System\ozWTGjT.exe
  2⤵
  PID:7744
- C:\Windows\System\KUGMSyg.exe
  C:\Windows\System\KUGMSyg.exe
  2⤵
  PID:7764
- C:\Windows\System\ReOqMbB.exe
  C:\Windows\System\ReOqMbB.exe
  2⤵
  PID:7784
- C:\Windows\System\SvNYkfr.exe
  C:\Windows\System\SvNYkfr.exe
  2⤵
  PID:7804
- C:\Windows\System\zbZqJut.exe
  C:\Windows\System\zbZqJut.exe
  2⤵
  PID:7820
- C:\Windows\System\FyFyTHz.exe
  C:\Windows\System\FyFyTHz.exe
  2⤵
  PID:7840
- C:\Windows\System\hVQbcrb.exe
  C:\Windows\System\hVQbcrb.exe
  2⤵
  PID:7864
- C:\Windows\System\tKCRVAx.exe
  C:\Windows\System\tKCRVAx.exe
  2⤵
  PID:7884
- C:\Windows\System\QFWEicf.exe
  C:\Windows\System\QFWEicf.exe
  2⤵
  PID:7904
- C:\Windows\System\GBdFBVQ.exe
  C:\Windows\System\GBdFBVQ.exe
  2⤵
  PID:7924
- C:\Windows\System\PTyDMvj.exe
  C:\Windows\System\PTyDMvj.exe
  2⤵
  PID:7944
- C:\Windows\System\YWURRvu.exe
  C:\Windows\System\YWURRvu.exe
  2⤵
  PID:7964
- C:\Windows\System\YuStgcQ.exe
  C:\Windows\System\YuStgcQ.exe
  2⤵
  PID:7984
- C:\Windows\System\ZTupIFU.exe
  C:\Windows\System\ZTupIFU.exe
  2⤵
  PID:8004
- C:\Windows\System\TgdDXsU.exe
  C:\Windows\System\TgdDXsU.exe
  2⤵
  PID:8020
- C:\Windows\System\etDCVpt.exe
  C:\Windows\System\etDCVpt.exe
  2⤵
  PID:8040
- C:\Windows\System\LLJehoa.exe
  C:\Windows\System\LLJehoa.exe
  2⤵
  PID:8064
- C:\Windows\System\vkFeVrE.exe
  C:\Windows\System\vkFeVrE.exe
  2⤵
  PID:8084
- C:\Windows\System\cNnFUIi.exe
  C:\Windows\System\cNnFUIi.exe
  2⤵
  PID:8104
- C:\Windows\System\eWHmJCM.exe
  C:\Windows\System\eWHmJCM.exe
  2⤵
  PID:8124
- C:\Windows\System\AkkZvDc.exe
  C:\Windows\System\AkkZvDc.exe
  2⤵
  PID:8144
- C:\Windows\System\unBWHYC.exe
  C:\Windows\System\unBWHYC.exe
  2⤵
  PID:8168
- C:\Windows\System\hgZjjrJ.exe
  C:\Windows\System\hgZjjrJ.exe
  2⤵
  PID:8188
- C:\Windows\System\LRuwokv.exe
  C:\Windows\System\LRuwokv.exe
  2⤵
  PID:6840
- C:\Windows\System\rLzKRVj.exe
  C:\Windows\System\rLzKRVj.exe
  2⤵
  PID:484
- C:\Windows\System\IocShHu.exe
  C:\Windows\System\IocShHu.exe
  2⤵
  PID:2172
- C:\Windows\System\nLXnMCe.exe
  C:\Windows\System\nLXnMCe.exe
  2⤵
  PID:6976
- C:\Windows\System\AfjUBxd.exe
  C:\Windows\System\AfjUBxd.exe
  2⤵
  PID:7144
- C:\Windows\System\WILXOrC.exe
  C:\Windows\System\WILXOrC.exe
  2⤵
  PID:1976
- C:\Windows\System\JrujuEH.exe
  C:\Windows\System\JrujuEH.exe
  2⤵
  PID:4268
- C:\Windows\System\cfWKwKC.exe
  C:\Windows\System\cfWKwKC.exe
  2⤵
  PID:5772
- C:\Windows\System\ikoGZNk.exe
  C:\Windows\System\ikoGZNk.exe
  2⤵
  PID:1072
- C:\Windows\System\ZxOovqq.exe
  C:\Windows\System\ZxOovqq.exe
  2⤵
  PID:2368
- C:\Windows\System\JKSrNvZ.exe
  C:\Windows\System\JKSrNvZ.exe
  2⤵
  PID:6532
- C:\Windows\System\RBRPqMD.exe
  C:\Windows\System\RBRPqMD.exe
  2⤵
  PID:6620
- C:\Windows\System\xwpcSWS.exe
  C:\Windows\System\xwpcSWS.exe
  2⤵
  PID:7176
- C:\Windows\System\KAbtEJG.exe
  C:\Windows\System\KAbtEJG.exe
  2⤵
  PID:7192
- C:\Windows\System\mateUUN.exe
  C:\Windows\System\mateUUN.exe
  2⤵
  PID:7236
- C:\Windows\System\JCQdOHx.exe
  C:\Windows\System\JCQdOHx.exe
  2⤵
  PID:7268
- C:\Windows\System\BrVgoCE.exe
  C:\Windows\System\BrVgoCE.exe
  2⤵
  PID:7296
- C:\Windows\System\KIjqwbI.exe
  C:\Windows\System\KIjqwbI.exe
  2⤵
  PID:7320
- C:\Windows\System\kmgdDyI.exe
  C:\Windows\System\kmgdDyI.exe
  2⤵
  PID:7336
- C:\Windows\System\UtLNrZj.exe
  C:\Windows\System\UtLNrZj.exe
  2⤵
  PID:7356
- C:\Windows\System\rsbuJEL.exe
  C:\Windows\System\rsbuJEL.exe
  2⤵
  PID:7416
- C:\Windows\System\XApQyZr.exe
  C:\Windows\System\XApQyZr.exe
  2⤵
  PID:7452
- C:\Windows\System\JdkUOWj.exe
  C:\Windows\System\JdkUOWj.exe
  2⤵
  PID:7472
- C:\Windows\System\bjFRisN.exe
  C:\Windows\System\bjFRisN.exe
  2⤵
  PID:7540
- C:\Windows\System\inNfTQI.exe
  C:\Windows\System\inNfTQI.exe
  2⤵
  PID:7572
- C:\Windows\System\lzGPYnq.exe
  C:\Windows\System\lzGPYnq.exe
  2⤵
  PID:7556
- C:\Windows\System\dJKdWta.exe
  C:\Windows\System\dJKdWta.exe
  2⤵
  PID:7616
- C:\Windows\System\DlXvcZG.exe
  C:\Windows\System\DlXvcZG.exe
  2⤵
  PID:7656
- C:\Windows\System\DQxZINm.exe
  C:\Windows\System\DQxZINm.exe
  2⤵
  PID:7696
- C:\Windows\System\ltcwrjZ.exe
  C:\Windows\System\ltcwrjZ.exe
  2⤵
  PID:7736
- C:\Windows\System\shVOAsC.exe
  C:\Windows\System\shVOAsC.exe
  2⤵
  PID:7752
- C:\Windows\System\yblCxuE.exe
  C:\Windows\System\yblCxuE.exe
  2⤵
  PID:7776
- C:\Windows\System\NNnjzTu.exe
  C:\Windows\System\NNnjzTu.exe
  2⤵
  PID:7816
- C:\Windows\System\cTasEvE.exe
  C:\Windows\System\cTasEvE.exe
  2⤵
  PID:7836
- C:\Windows\System\aPgYJno.exe
  C:\Windows\System\aPgYJno.exe
  2⤵
  PID:7900
- C:\Windows\System\joIIlNQ.exe
  C:\Windows\System\joIIlNQ.exe
  2⤵
  PID:7940
- C:\Windows\System\xADCWew.exe
  C:\Windows\System\xADCWew.exe
  2⤵
  PID:7916
- C:\Windows\System\qigjzaH.exe
  C:\Windows\System\qigjzaH.exe
  2⤵
  PID:8016
- C:\Windows\System\djCaaqS.exe
  C:\Windows\System\djCaaqS.exe
  2⤵
  PID:8012
- C:\Windows\System\CHcrlBx.exe
  C:\Windows\System\CHcrlBx.exe
  2⤵
  PID:8028
- C:\Windows\System\RAXexdN.exe
  C:\Windows\System\RAXexdN.exe
  2⤵
  PID:8132
- C:\Windows\System\KodAIXe.exe
  C:\Windows\System\KodAIXe.exe
  2⤵
  PID:8076
- C:\Windows\System\TLAmemJ.exe
  C:\Windows\System\TLAmemJ.exe
  2⤵
  PID:8116
- C:\Windows\System\GBuSLYV.exe
  C:\Windows\System\GBuSLYV.exe
  2⤵
  PID:8180
- C:\Windows\System\oNbpCLx.exe
  C:\Windows\System\oNbpCLx.exe
  2⤵
  PID:6776
- C:\Windows\System\mwEFRcQ.exe
  C:\Windows\System\mwEFRcQ.exe
  2⤵
  PID:2872
- C:\Windows\System\pCaPKEz.exe
  C:\Windows\System\pCaPKEz.exe
  2⤵
  PID:7056
- C:\Windows\System\GNXzrYg.exe
  C:\Windows\System\GNXzrYg.exe
  2⤵
  PID:5292
- C:\Windows\System\vFUaKyG.exe
  C:\Windows\System\vFUaKyG.exe
  2⤵
  PID:6176
- C:\Windows\System\TaMINVd.exe
  C:\Windows\System\TaMINVd.exe
  2⤵
  PID:6652
- C:\Windows\System\qjKhvjt.exe
  C:\Windows\System\qjKhvjt.exe
  2⤵
  PID:6368
- C:\Windows\System\yITfRZG.exe
  C:\Windows\System\yITfRZG.exe
  2⤵
  PID:7188
- C:\Windows\System\KKAsecv.exe
  C:\Windows\System\KKAsecv.exe
  2⤵
  PID:7232
- C:\Windows\System\Hzstwqc.exe
  C:\Windows\System\Hzstwqc.exe
  2⤵
  PID:7308
- C:\Windows\System\hTMImly.exe
  C:\Windows\System\hTMImly.exe
  2⤵
  PID:7372
- C:\Windows\System\qWvJjhe.exe
  C:\Windows\System\qWvJjhe.exe
  2⤵
  PID:7340
- C:\Windows\System\vMOBcMt.exe
  C:\Windows\System\vMOBcMt.exe
  2⤵
  PID:7412
- C:\Windows\System\iTsSEKS.exe
  C:\Windows\System\iTsSEKS.exe
  2⤵
  PID:7456
- C:\Windows\System\QqKJYom.exe
  C:\Windows\System\QqKJYom.exe
  2⤵
  PID:7560
- C:\Windows\System\HsiqaWw.exe
  C:\Windows\System\HsiqaWw.exe
  2⤵
  PID:7600
- C:\Windows\System\JwuMcvO.exe
  C:\Windows\System\JwuMcvO.exe
  2⤵
  PID:7680
- C:\Windows\System\oyuejhJ.exe
  C:\Windows\System\oyuejhJ.exe
  2⤵
  PID:7692
- C:\Windows\System\ubhJsen.exe
  C:\Windows\System\ubhJsen.exe
  2⤵
  PID:7760
- C:\Windows\System\tZiKESu.exe
  C:\Windows\System\tZiKESu.exe
  2⤵
  PID:7796
- C:\Windows\System\WoPjpfL.exe
  C:\Windows\System\WoPjpfL.exe
  2⤵
  PID:7932
- C:\Windows\System\tDygyeJ.exe
  C:\Windows\System\tDygyeJ.exe
  2⤵
  PID:7976
- C:\Windows\System\ZrgkPWB.exe
  C:\Windows\System\ZrgkPWB.exe
  2⤵
  PID:7936
- C:\Windows\System\DTqILfu.exe
  C:\Windows\System\DTqILfu.exe
  2⤵
  PID:8056
- C:\Windows\System\HaSTPJZ.exe
  C:\Windows\System\HaSTPJZ.exe
  2⤵
  PID:1112
- C:\Windows\System\EWqKWgt.exe
  C:\Windows\System\EWqKWgt.exe
  2⤵
  PID:8184
- C:\Windows\System\LlTJDrz.exe
  C:\Windows\System\LlTJDrz.exe
  2⤵
  PID:2648
- C:\Windows\System\yRCFWLj.exe
  C:\Windows\System\yRCFWLj.exe
  2⤵
  PID:2284
- C:\Windows\System\rqTpjYq.exe
  C:\Windows\System\rqTpjYq.exe
  2⤵
  PID:7036
- C:\Windows\System\sqffAqH.exe
  C:\Windows\System\sqffAqH.exe
  2⤵
  PID:6284
- C:\Windows\System\IughhRO.exe
  C:\Windows\System\IughhRO.exe
  2⤵
  PID:6496
- C:\Windows\System\OaKDORF.exe
  C:\Windows\System\OaKDORF.exe
  2⤵
  PID:7288
- C:\Windows\System\aPHUcRB.exe
  C:\Windows\System\aPHUcRB.exe
  2⤵
  PID:7212
- C:\Windows\System\CkDBGyr.exe
  C:\Windows\System\CkDBGyr.exe
  2⤵
  PID:7292
- C:\Windows\System\UZVephQ.exe
  C:\Windows\System\UZVephQ.exe
  2⤵
  PID:7532
- C:\Windows\System\UGiAQYJ.exe
  C:\Windows\System\UGiAQYJ.exe
  2⤵
  PID:7492
- C:\Windows\System\jIEWyHM.exe
  C:\Windows\System\jIEWyHM.exe
  2⤵
  PID:7700
- C:\Windows\System\JrWaDmI.exe
  C:\Windows\System\JrWaDmI.exe
  2⤵
  PID:7660
- C:\Windows\System\YruKXAm.exe
  C:\Windows\System\YruKXAm.exe
  2⤵
  PID:7792
- C:\Windows\System\CTLEKFy.exe
  C:\Windows\System\CTLEKFy.exe
  2⤵
  PID:8060
- C:\Windows\System\fnJfFpP.exe
  C:\Windows\System\fnJfFpP.exe
  2⤵
  PID:8000
- C:\Windows\System\NRmzCVv.exe
  C:\Windows\System\NRmzCVv.exe
  2⤵
  PID:8160
- C:\Windows\System\FiPbMVB.exe
  C:\Windows\System\FiPbMVB.exe
  2⤵
  PID:8032
- C:\Windows\System\hGoknng.exe
  C:\Windows\System\hGoknng.exe
  2⤵
  PID:8100
- C:\Windows\System\qGndJFt.exe
  C:\Windows\System\qGndJFt.exe
  2⤵
  PID:8140
- C:\Windows\System\OnzyBOe.exe
  C:\Windows\System\OnzyBOe.exe
  2⤵
  PID:8208
- C:\Windows\System\pHVWVXQ.exe
  C:\Windows\System\pHVWVXQ.exe
  2⤵
  PID:8232
- C:\Windows\System\OqIxIeL.exe
  C:\Windows\System\OqIxIeL.exe
  2⤵
  PID:8252
- C:\Windows\System\mfLOsAI.exe
  C:\Windows\System\mfLOsAI.exe
  2⤵
  PID:8272
- C:\Windows\System\ypDRpNc.exe
  C:\Windows\System\ypDRpNc.exe
  2⤵
  PID:8292
- C:\Windows\System\OsTvrzN.exe
  C:\Windows\System\OsTvrzN.exe
  2⤵
  PID:8308
- C:\Windows\System\crFOFxZ.exe
  C:\Windows\System\crFOFxZ.exe
  2⤵
  PID:8332
- C:\Windows\System\ZTpaCxI.exe
  C:\Windows\System\ZTpaCxI.exe
  2⤵
  PID:8356
- C:\Windows\System\SNpFtWT.exe
  C:\Windows\System\SNpFtWT.exe
  2⤵
  PID:8376
- C:\Windows\System\LsdnNyY.exe
  C:\Windows\System\LsdnNyY.exe
  2⤵
  PID:8396
- C:\Windows\System\JhKTLQj.exe
  C:\Windows\System\JhKTLQj.exe
  2⤵
  PID:8412
- C:\Windows\System\GmJLemz.exe
  C:\Windows\System\GmJLemz.exe
  2⤵
  PID:8436
- C:\Windows\System\GYtQToy.exe
  C:\Windows\System\GYtQToy.exe
  2⤵
  PID:8452
- C:\Windows\System\uywEHHS.exe
  C:\Windows\System\uywEHHS.exe
  2⤵
  PID:8476
- C:\Windows\System\LqsTLww.exe
  C:\Windows\System\LqsTLww.exe
  2⤵
  PID:8500
- C:\Windows\System\BOUEvFv.exe
  C:\Windows\System\BOUEvFv.exe
  2⤵
  PID:8524
- C:\Windows\System\vdoIEXK.exe
  C:\Windows\System\vdoIEXK.exe
  2⤵
  PID:8544
- C:\Windows\System\JzJemGj.exe
  C:\Windows\System\JzJemGj.exe
  2⤵
  PID:8564
- C:\Windows\System\VsrqWQN.exe
  C:\Windows\System\VsrqWQN.exe
  2⤵
  PID:8584
- C:\Windows\System\cmBdFUN.exe
  C:\Windows\System\cmBdFUN.exe
  2⤵
  PID:8604
- C:\Windows\System\aTMVtsk.exe
  C:\Windows\System\aTMVtsk.exe
  2⤵
  PID:8624
- C:\Windows\System\RcAxqWR.exe
  C:\Windows\System\RcAxqWR.exe
  2⤵
  PID:8644
- C:\Windows\System\uYDXguo.exe
  C:\Windows\System\uYDXguo.exe
  2⤵
  PID:8660
- C:\Windows\System\yRYQjqI.exe
  C:\Windows\System\yRYQjqI.exe
  2⤵
  PID:8676
- C:\Windows\System\xiHsiXV.exe
  C:\Windows\System\xiHsiXV.exe
  2⤵
  PID:8692
- C:\Windows\System\migbVkJ.exe
  C:\Windows\System\migbVkJ.exe
  2⤵
  PID:8708
- C:\Windows\System\riiNAlk.exe
  C:\Windows\System\riiNAlk.exe
  2⤵
  PID:8728
- C:\Windows\System\rlzXdea.exe
  C:\Windows\System\rlzXdea.exe
  2⤵
  PID:8768
- C:\Windows\System\rEIjnMg.exe
  C:\Windows\System\rEIjnMg.exe
  2⤵
  PID:8784
- C:\Windows\System\hKnbNzW.exe
  C:\Windows\System\hKnbNzW.exe
  2⤵
  PID:8804
- C:\Windows\System\kWeYhHy.exe
  C:\Windows\System\kWeYhHy.exe
  2⤵
  PID:8820
- C:\Windows\System\FbIuvmq.exe
  C:\Windows\System\FbIuvmq.exe
  2⤵
  PID:8836
- C:\Windows\System\AvkOfFR.exe
  C:\Windows\System\AvkOfFR.exe
  2⤵
  PID:8864
- C:\Windows\System\XhNJeLM.exe
  C:\Windows\System\XhNJeLM.exe
  2⤵
  PID:8880
- C:\Windows\System\awkIMmG.exe
  C:\Windows\System\awkIMmG.exe
  2⤵
  PID:8900
- C:\Windows\System\lwdFkAB.exe
  C:\Windows\System\lwdFkAB.exe
  2⤵
  PID:8920
- C:\Windows\System\GZqvDue.exe
  C:\Windows\System\GZqvDue.exe
  2⤵
  PID:8940
- C:\Windows\System\euMAWFJ.exe
  C:\Windows\System\euMAWFJ.exe
  2⤵
  PID:8960
- C:\Windows\System\FFgovIm.exe
  C:\Windows\System\FFgovIm.exe
  2⤵
  PID:8976
- C:\Windows\System\HoeCpwT.exe
  C:\Windows\System\HoeCpwT.exe
  2⤵
  PID:8992
- C:\Windows\System\mmNBzMx.exe
  C:\Windows\System\mmNBzMx.exe
  2⤵
  PID:9008
- C:\Windows\System\MOGMUzv.exe
  C:\Windows\System\MOGMUzv.exe
  2⤵
  PID:9024
- C:\Windows\System\vdwClUd.exe
  C:\Windows\System\vdwClUd.exe
  2⤵
  PID:9040
- C:\Windows\System\WfmqWSC.exe
  C:\Windows\System\WfmqWSC.exe
  2⤵
  PID:9056
- C:\Windows\System\TMOayPE.exe
  C:\Windows\System\TMOayPE.exe
  2⤵
  PID:9072
- C:\Windows\System\jWYDpOw.exe
  C:\Windows\System\jWYDpOw.exe
  2⤵
  PID:9088
- C:\Windows\System\iRKMlAP.exe
  C:\Windows\System\iRKMlAP.exe
  2⤵
  PID:9124
- C:\Windows\System\aYDyAmQ.exe
  C:\Windows\System\aYDyAmQ.exe
  2⤵
  PID:9144
- C:\Windows\System\ipANySW.exe
  C:\Windows\System\ipANySW.exe
  2⤵
  PID:9168
- C:\Windows\System\haDnMGf.exe
  C:\Windows\System\haDnMGf.exe
  2⤵
  PID:9184
- C:\Windows\System\FsxYShI.exe
  C:\Windows\System\FsxYShI.exe
  2⤵
  PID:8136
- C:\Windows\System\eZhUrIm.exe
  C:\Windows\System\eZhUrIm.exe
  2⤵
  PID:7872
- C:\Windows\System\appWvax.exe
  C:\Windows\System\appWvax.exe
  2⤵
  PID:7852
- C:\Windows\System\FeQZYDR.exe
  C:\Windows\System\FeQZYDR.exe
  2⤵
  PID:7256
- C:\Windows\System\NobJnCo.exe
  C:\Windows\System\NobJnCo.exe
  2⤵
  PID:6312
- C:\Windows\System\jfEFUDP.exe
  C:\Windows\System\jfEFUDP.exe
  2⤵
  PID:7440
- C:\Windows\System\LrUioKB.exe
  C:\Windows\System\LrUioKB.exe
  2⤵
  PID:7520
- C:\Windows\System\NslxOUV.exe
  C:\Windows\System\NslxOUV.exe
  2⤵
  PID:6940
- C:\Windows\System\hBxsBLg.exe
  C:\Windows\System\hBxsBLg.exe
  2⤵
  PID:8280
- C:\Windows\System\RZGsGLh.exe
  C:\Windows\System\RZGsGLh.exe
  2⤵
  PID:7228
- C:\Windows\System\QnJscIv.exe
  C:\Windows\System\QnJscIv.exe
  2⤵
  PID:8228
- C:\Windows\System\EXxtoNm.exe
  C:\Windows\System\EXxtoNm.exe
  2⤵
  PID:8324
- C:\Windows\System\yUzmlLp.exe
  C:\Windows\System\yUzmlLp.exe
  2⤵
  PID:8364
- C:\Windows\System\GlEkTka.exe
  C:\Windows\System\GlEkTka.exe
  2⤵
  PID:8340
- C:\Windows\System\aSVoTdQ.exe
  C:\Windows\System\aSVoTdQ.exe
  2⤵
  PID:8404
- C:\Windows\System\KaYRCfS.exe
  C:\Windows\System\KaYRCfS.exe
  2⤵
  PID:8384
- C:\Windows\System\rsOEvif.exe
  C:\Windows\System\rsOEvif.exe
  2⤵
  PID:8484
- C:\Windows\System\JMijsEh.exe
  C:\Windows\System\JMijsEh.exe
  2⤵
  PID:8420
- C:\Windows\System\wapkRNP.exe
  C:\Windows\System\wapkRNP.exe
  2⤵
  PID:8496
- C:\Windows\System\vqQAYyL.exe
  C:\Windows\System\vqQAYyL.exe
  2⤵
  PID:8464
- C:\Windows\System\xCQyusk.exe
  C:\Windows\System\xCQyusk.exe
  2⤵
  PID:8532
- C:\Windows\System\KxCjTOG.exe
  C:\Windows\System\KxCjTOG.exe
  2⤵
  PID:8552
- C:\Windows\System\WBsurKA.exe
  C:\Windows\System\WBsurKA.exe
  2⤵
  PID:8580
- C:\Windows\System\yVAngGd.exe
  C:\Windows\System\yVAngGd.exe
  2⤵
  PID:8616
- C:\Windows\System\wanEVKX.exe
  C:\Windows\System\wanEVKX.exe
  2⤵
  PID:8632
- C:\Windows\System\OSWkkXs.exe
  C:\Windows\System\OSWkkXs.exe
  2⤵
  PID:8656
- C:\Windows\System\DXJvOJh.exe
  C:\Windows\System\DXJvOJh.exe
  2⤵
  PID:8688
- C:\Windows\System\OQdKSdB.exe
  C:\Windows\System\OQdKSdB.exe
  2⤵
  PID:8704
- C:\Windows\System\brMynkM.exe
  C:\Windows\System\brMynkM.exe
  2⤵
  PID:8740
- C:\Windows\System\mszAAgp.exe
  C:\Windows\System\mszAAgp.exe
  2⤵
  PID:8756
- C:\Windows\System\qgsEAII.exe
  C:\Windows\System\qgsEAII.exe
  2⤵
  PID:2632
- C:\Windows\System\QbUogsg.exe
  C:\Windows\System\QbUogsg.exe
  2⤵
  PID:2876
- C:\Windows\System\gFrlrnB.exe
  C:\Windows\System\gFrlrnB.exe
  2⤵
  PID:8812
- C:\Windows\System\LRrNdeg.exe
  C:\Windows\System\LRrNdeg.exe
  2⤵
  PID:8848
- C:\Windows\System\fOfTfDT.exe
  C:\Windows\System\fOfTfDT.exe
  2⤵
  PID:8888
- C:\Windows\System\UkJFjVp.exe
  C:\Windows\System\UkJFjVp.exe
  2⤵
  PID:1908
- C:\Windows\System\lmiDVYJ.exe
  C:\Windows\System\lmiDVYJ.exe
  2⤵
  PID:2696
- C:\Windows\System\qBigCOu.exe
  C:\Windows\System\qBigCOu.exe
  2⤵
  PID:8972
- C:\Windows\System\zQdADlb.exe
  C:\Windows\System\zQdADlb.exe
  2⤵
  PID:8948
- C:\Windows\System\oqxfZcq.exe
  C:\Windows\System\oqxfZcq.exe
  2⤵
  PID:9032
- C:\Windows\System\gMLJWhP.exe
  C:\Windows\System\gMLJWhP.exe
  2⤵
  PID:952
- C:\Windows\System\LSXelMH.exe
  C:\Windows\System\LSXelMH.exe
  2⤵
  PID:9068
- C:\Windows\System\xWeCFYA.exe
  C:\Windows\System\xWeCFYA.exe
  2⤵
  PID:9108
- C:\Windows\System\fABqJYA.exe
  C:\Windows\System\fABqJYA.exe
  2⤵
  PID:9120
- C:\Windows\System\dSZqIBo.exe
  C:\Windows\System\dSZqIBo.exe
  2⤵
  PID:9048
- C:\Windows\System\cXwUovQ.exe
  C:\Windows\System\cXwUovQ.exe
  2⤵
  PID:1608
- C:\Windows\System\igPmclK.exe
  C:\Windows\System\igPmclK.exe
  2⤵
  PID:9160
- C:\Windows\System\WAOfnYD.exe
  C:\Windows\System\WAOfnYD.exe
  2⤵
  PID:9152
- C:\Windows\System\TUjMRqx.exe
  C:\Windows\System\TUjMRqx.exe
  2⤵
  PID:9176
- C:\Windows\System\jjgqNGH.exe
  C:\Windows\System\jjgqNGH.exe
  2⤵
  PID:1076
- C:\Windows\System\MocXJSI.exe
  C:\Windows\System\MocXJSI.exe
  2⤵
  PID:7360
- C:\Windows\System\ZTwXdNy.exe
  C:\Windows\System\ZTwXdNy.exe
  2⤵
  PID:7596
- C:\Windows\System\MPhlTEh.exe
  C:\Windows\System\MPhlTEh.exe
  2⤵
  PID:8176
- C:\Windows\System\ttooYcr.exe
  C:\Windows\System\ttooYcr.exe
  2⤵
  PID:7156
- C:\Windows\System\mMtNmWX.exe
  C:\Windows\System\mMtNmWX.exe
  2⤵
  PID:8200
- C:\Windows\System\XWiNVjS.exe
  C:\Windows\System\XWiNVjS.exe
  2⤵
  PID:2184
- C:\Windows\System\lGTOvbF.exe
  C:\Windows\System\lGTOvbF.exe
  2⤵
  PID:8316
- C:\Windows\System\IHBRmvO.exe
  C:\Windows\System\IHBRmvO.exe
  2⤵
  PID:8268
- C:\Windows\System\OPxMddT.exe
  C:\Windows\System\OPxMddT.exe
  2⤵
  PID:1964
- C:\Windows\System\mZSYUOA.exe
  C:\Windows\System\mZSYUOA.exe
  2⤵
  PID:8492
- C:\Windows\System\WYqTdzM.exe
  C:\Windows\System\WYqTdzM.exe
  2⤵
  PID:8572
- C:\Windows\System\lDhdleW.exe
  C:\Windows\System\lDhdleW.exe
  2⤵
  PID:8352
- C:\Windows\System\cEqDlrg.exe
  C:\Windows\System\cEqDlrg.exe
  2⤵
  PID:8520
- C:\Windows\System\GOJgaRp.exe
  C:\Windows\System\GOJgaRp.exe
  2⤵
  PID:8392
- C:\Windows\System\hiSQZbC.exe
  C:\Windows\System\hiSQZbC.exe
  2⤵
  PID:8448
- C:\Windows\System\hmbYIgy.exe
  C:\Windows\System\hmbYIgy.exe
  2⤵
  PID:8748
- C:\Windows\System\sHoZHkC.exe
  C:\Windows\System\sHoZHkC.exe
  2⤵
  PID:8736
- C:\Windows\System\umELrqQ.exe
  C:\Windows\System\umELrqQ.exe
  2⤵
  PID:1568
- C:\Windows\System\JdNjzBB.exe
  C:\Windows\System\JdNjzBB.exe
  2⤵
  PID:536
- C:\Windows\System\MZPyxCj.exe
  C:\Windows\System\MZPyxCj.exe
  2⤵
  PID:8780
- C:\Windows\System\cDCuaiE.exe
  C:\Windows\System\cDCuaiE.exe
  2⤵
  PID:8796
- C:\Windows\System\IWbFADc.exe
  C:\Windows\System\IWbFADc.exe
  2⤵
  PID:1708
- C:\Windows\System\FYRaLPH.exe
  C:\Windows\System\FYRaLPH.exe
  2⤵
  PID:1272
- C:\Windows\System\fmMQQRB.exe
  C:\Windows\System\fmMQQRB.exe
  2⤵
  PID:636
- C:\Windows\System\IhzaiBX.exe
  C:\Windows\System\IhzaiBX.exe
  2⤵
  PID:2096
- C:\Windows\System\iGzYoBK.exe
  C:\Windows\System\iGzYoBK.exe
  2⤵
  PID:8896
- C:\Windows\System\nEerZTo.exe
  C:\Windows\System\nEerZTo.exe
  2⤵
  PID:8916
- C:\Windows\System\ANzZJHP.exe
  C:\Windows\System\ANzZJHP.exe
  2⤵
  PID:2224
- C:\Windows\System\RGbCzhg.exe
  C:\Windows\System\RGbCzhg.exe
  2⤵
  PID:9064
- C:\Windows\System\vSQSPOJ.exe
  C:\Windows\System\vSQSPOJ.exe
  2⤵
  PID:2212
- C:\Windows\System\ovzUWVj.exe
  C:\Windows\System\ovzUWVj.exe
  2⤵
  PID:1376
- C:\Windows\System\DVlQCYA.exe
  C:\Windows\System\DVlQCYA.exe
  2⤵
  PID:7516
- C:\Windows\System\ToUchUr.exe
  C:\Windows\System\ToUchUr.exe
  2⤵
  PID:2020
- C:\Windows\System\nbSZGqu.exe
  C:\Windows\System\nbSZGqu.exe
  2⤵
  PID:7652
- C:\Windows\System\VkIhooJ.exe
  C:\Windows\System\VkIhooJ.exe
  2⤵
  PID:9100
- C:\Windows\System\sgMRMhY.exe
  C:\Windows\System\sgMRMhY.exe
  2⤵
  PID:9140
- C:\Windows\System\CIjCjrC.exe
  C:\Windows\System\CIjCjrC.exe
  2⤵
  PID:7636
- C:\Windows\System\SwRNCKS.exe
  C:\Windows\System\SwRNCKS.exe
  2⤵
  PID:2420
- C:\Windows\System\RQVTquz.exe
  C:\Windows\System\RQVTquz.exe
  2⤵
  PID:9104
- C:\Windows\System\yikgDRS.exe
  C:\Windows\System\yikgDRS.exe
  2⤵
  PID:8244
- C:\Windows\System\purgBAB.exe
  C:\Windows\System\purgBAB.exe
  2⤵
  PID:8220
- C:\Windows\System\klSfCfJ.exe
  C:\Windows\System\klSfCfJ.exe
  2⤵
  PID:8260
- C:\Windows\System\XIAAjBz.exe
  C:\Windows\System\XIAAjBz.exe
  2⤵
  PID:8620
- C:\Windows\System\UAxFbCn.exe
  C:\Windows\System\UAxFbCn.exe
  2⤵
  PID:8776
- C:\Windows\System\NhrIqFV.exe
  C:\Windows\System\NhrIqFV.exe
  2⤵
  PID:2716
- C:\Windows\System\YYgHyYW.exe
  C:\Windows\System\YYgHyYW.exe
  2⤵
  PID:8716
- C:\Windows\System\tpGpvcm.exe
  C:\Windows\System\tpGpvcm.exe
  2⤵
  PID:8472
- C:\Windows\System\CvdVWsU.exe
  C:\Windows\System\CvdVWsU.exe
  2⤵
  PID:8912
- C:\Windows\System\huUPpxi.exe
  C:\Windows\System\huUPpxi.exe
  2⤵
  PID:8860
- C:\Windows\System\mXbyBof.exe
  C:\Windows\System\mXbyBof.exe
  2⤵
  PID:8720
- C:\Windows\System\DyueQrF.exe
  C:\Windows\System\DyueQrF.exe
  2⤵
  PID:8792
- C:\Windows\System\ojOapbM.exe
  C:\Windows\System\ojOapbM.exe
  2⤵
  PID:9004
- C:\Windows\System\PMzjSbQ.exe
  C:\Windows\System\PMzjSbQ.exe
  2⤵
  PID:8636
- C:\Windows\System\rerspij.exe
  C:\Windows\System\rerspij.exe
  2⤵
  PID:1872
- C:\Windows\System\WbiCoHy.exe
  C:\Windows\System\WbiCoHy.exe
  2⤵
  PID:668
- C:\Windows\System\eSeIGqX.exe
  C:\Windows\System\eSeIGqX.exe
  2⤵
  PID:7828
- C:\Windows\System\AdTPKDQ.exe
  C:\Windows\System\AdTPKDQ.exe
  2⤵
  PID:8752
- C:\Windows\System\hEfQCXE.exe
  C:\Windows\System\hEfQCXE.exe
  2⤵
  PID:8556
- C:\Windows\System\BssjoXY.exe
  C:\Windows\System\BssjoXY.exe
  2⤵
  PID:2772
- C:\Windows\System\xAWDxTd.exe
  C:\Windows\System\xAWDxTd.exe
  2⤵
  PID:988
- C:\Windows\System\nYXOGSN.exe
  C:\Windows\System\nYXOGSN.exe
  2⤵
  PID:8856
- C:\Windows\System\WsRPzFR.exe
  C:\Windows\System\WsRPzFR.exe
  2⤵
  PID:9080
- C:\Windows\System\txVpmsP.exe
  C:\Windows\System\txVpmsP.exe
  2⤵
  PID:8956
- C:\Windows\System\chjOgxD.exe
  C:\Windows\System\chjOgxD.exe
  2⤵
  PID:8248
- C:\Windows\System\kANACsh.exe
  C:\Windows\System\kANACsh.exe
  2⤵
  PID:8760
- C:\Windows\System\DrvpSxY.exe
  C:\Windows\System\DrvpSxY.exe
  2⤵
  PID:5412
- C:\Windows\System\GEzHnAN.exe
  C:\Windows\System\GEzHnAN.exe
  2⤵
  PID:8424
- C:\Windows\System\zeDnnub.exe
  C:\Windows\System\zeDnnub.exe
  2⤵
  PID:2980
- C:\Windows\System\WFgpGpr.exe
  C:\Windows\System\WFgpGpr.exe
  2⤵
  PID:9220
- C:\Windows\System\rqELsGh.exe
  C:\Windows\System\rqELsGh.exe
  2⤵
  PID:9236
- C:\Windows\System\AARjDYZ.exe
  C:\Windows\System\AARjDYZ.exe
  2⤵
  PID:9252
- C:\Windows\System\NWBrzxQ.exe
  C:\Windows\System\NWBrzxQ.exe
  2⤵
  PID:9268
- C:\Windows\System\jvSLPFa.exe
  C:\Windows\System\jvSLPFa.exe
  2⤵
  PID:9284
- C:\Windows\System\FzHBcnC.exe
  C:\Windows\System\FzHBcnC.exe
  2⤵
  PID:9300
- C:\Windows\System\VGGiGiw.exe
  C:\Windows\System\VGGiGiw.exe
  2⤵
  PID:9316
- C:\Windows\System\OzCtQBA.exe
  C:\Windows\System\OzCtQBA.exe
  2⤵
  PID:9332
- C:\Windows\System\AtUgGNX.exe
  C:\Windows\System\AtUgGNX.exe
  2⤵
  PID:9348
- C:\Windows\System\hUpqzHq.exe
  C:\Windows\System\hUpqzHq.exe
  2⤵
  PID:9364
- C:\Windows\System\KCytzPR.exe
  C:\Windows\System\KCytzPR.exe
  2⤵
  PID:9380
- C:\Windows\System\fRVHCxz.exe
  C:\Windows\System\fRVHCxz.exe
  2⤵
  PID:9396
- C:\Windows\System\XtmxKFz.exe
  C:\Windows\System\XtmxKFz.exe
  2⤵
  PID:9412
- C:\Windows\System\lJXJAle.exe
  C:\Windows\System\lJXJAle.exe
  2⤵
  PID:9428
- C:\Windows\System\FUPgYoL.exe
  C:\Windows\System\FUPgYoL.exe
  2⤵
  PID:9444
- C:\Windows\System\uVQBNDb.exe
  C:\Windows\System\uVQBNDb.exe
  2⤵
  PID:9460
- C:\Windows\System\QlBxhra.exe
  C:\Windows\System\QlBxhra.exe
  2⤵
  PID:9480
- C:\Windows\System\zJDDVsf.exe
  C:\Windows\System\zJDDVsf.exe
  2⤵
  PID:9496
- C:\Windows\System\qrrqguS.exe
  C:\Windows\System\qrrqguS.exe
  2⤵
  PID:9512
- C:\Windows\System\kxiAMMY.exe
  C:\Windows\System\kxiAMMY.exe
  2⤵
  PID:9532
- C:\Windows\System\JkCqHpv.exe
  C:\Windows\System\JkCqHpv.exe
  2⤵
  PID:9548
- C:\Windows\System\oouWmaL.exe
  C:\Windows\System\oouWmaL.exe
  2⤵
  PID:9580
- C:\Windows\System\PzJFtwV.exe
  C:\Windows\System\PzJFtwV.exe
  2⤵
  PID:9612
- C:\Windows\System\rKkPpLx.exe
  C:\Windows\System\rKkPpLx.exe
  2⤵
  PID:9628
- C:\Windows\System\Pusbbmi.exe
  C:\Windows\System\Pusbbmi.exe
  2⤵
  PID:9644
- C:\Windows\System\fWeVrIU.exe
  C:\Windows\System\fWeVrIU.exe
  2⤵
  PID:9660
- C:\Windows\System\SOFqoqU.exe
  C:\Windows\System\SOFqoqU.exe
  2⤵
  PID:9676
- C:\Windows\System\frAMRlp.exe
  C:\Windows\System\frAMRlp.exe
  2⤵
  PID:9692
- C:\Windows\System\PqKSkai.exe
  C:\Windows\System\PqKSkai.exe
  2⤵
  PID:9708
- C:\Windows\System\TSsJlLw.exe
  C:\Windows\System\TSsJlLw.exe
  2⤵
  PID:9724
- C:\Windows\System\tYsMMMM.exe
  C:\Windows\System\tYsMMMM.exe
  2⤵
  PID:9740
- C:\Windows\System\DIpRATi.exe
  C:\Windows\System\DIpRATi.exe
  2⤵
  PID:9756
- C:\Windows\System\tiHSzgw.exe
  C:\Windows\System\tiHSzgw.exe
  2⤵
  PID:9772
- C:\Windows\System\zCAEDQr.exe
  C:\Windows\System\zCAEDQr.exe
  2⤵
  PID:9788
- C:\Windows\System\aTmzqpn.exe
  C:\Windows\System\aTmzqpn.exe
  2⤵
  PID:9804
- C:\Windows\System\wYyAKTT.exe
  C:\Windows\System\wYyAKTT.exe
  2⤵
  PID:9820
- C:\Windows\System\tyXSvRg.exe
  C:\Windows\System\tyXSvRg.exe
  2⤵
  PID:9836
- C:\Windows\System\XQsUjKI.exe
  C:\Windows\System\XQsUjKI.exe
  2⤵
  PID:9852
- C:\Windows\System\FuYzFGA.exe
  C:\Windows\System\FuYzFGA.exe
  2⤵
  PID:9868
- C:\Windows\System\fcIEifN.exe
  C:\Windows\System\fcIEifN.exe
  2⤵
  PID:9884
- C:\Windows\System\HmTTZbr.exe
  C:\Windows\System\HmTTZbr.exe
  2⤵
  PID:9900
- C:\Windows\System\hJPkqYL.exe
  C:\Windows\System\hJPkqYL.exe
  2⤵
  PID:9916
- C:\Windows\System\ajGLXMH.exe
  C:\Windows\System\ajGLXMH.exe
  2⤵
  PID:9932
- C:\Windows\System\MbXUgXP.exe
  C:\Windows\System\MbXUgXP.exe
  2⤵
  PID:9948
- C:\Windows\System\oHnkOZi.exe
  C:\Windows\System\oHnkOZi.exe
  2⤵
  PID:9964
- C:\Windows\System\zBxWUPI.exe
  C:\Windows\System\zBxWUPI.exe
  2⤵
  PID:9980
- C:\Windows\System\gdKBnvL.exe
  C:\Windows\System\gdKBnvL.exe
  2⤵
  PID:9996
- C:\Windows\System\OQUFaEu.exe
  C:\Windows\System\OQUFaEu.exe
  2⤵
  PID:10012
- C:\Windows\System\jImqFXi.exe
  C:\Windows\System\jImqFXi.exe
  2⤵
  PID:10028
- C:\Windows\System\MjsjMfE.exe
  C:\Windows\System\MjsjMfE.exe
  2⤵
  PID:10056
- C:\Windows\System\qfPkwDJ.exe
  C:\Windows\System\qfPkwDJ.exe
  2⤵
  PID:10072
- C:\Windows\System\gACWoaU.exe
  C:\Windows\System\gACWoaU.exe
  2⤵
  PID:10088
- C:\Windows\System\bQhqPsk.exe
  C:\Windows\System\bQhqPsk.exe
  2⤵
  PID:10104
- C:\Windows\System\aXKqMSi.exe
  C:\Windows\System\aXKqMSi.exe
  2⤵
  PID:10120
- C:\Windows\System\cQLIxXL.exe
  C:\Windows\System\cQLIxXL.exe
  2⤵
  PID:10136
- C:\Windows\System\ChuQVZu.exe
  C:\Windows\System\ChuQVZu.exe
  2⤵
  PID:10152
- C:\Windows\System\jDDtBHi.exe
  C:\Windows\System\jDDtBHi.exe
  2⤵
  PID:10172
- C:\Windows\System\MtTEvLI.exe
  C:\Windows\System\MtTEvLI.exe
  2⤵
  PID:10192
- C:\Windows\System\gDREpcG.exe
  C:\Windows\System\gDREpcG.exe
  2⤵
  PID:10208
- C:\Windows\System\thmmDcF.exe
  C:\Windows\System\thmmDcF.exe
  2⤵
  PID:10228
- C:\Windows\System\cZjqbdH.exe
  C:\Windows\System\cZjqbdH.exe
  2⤵
  PID:9156
- C:\Windows\System\ganHLqN.exe
  C:\Windows\System\ganHLqN.exe
  2⤵
  PID:8984
- C:\Windows\System\PklXplP.exe
  C:\Windows\System\PklXplP.exe
  2⤵
  PID:9716
- C:\Windows\System\vwJHAfP.exe
  C:\Windows\System\vwJHAfP.exe
  2⤵
  PID:9752
- C:\Windows\System\UEUNPQN.exe
  C:\Windows\System\UEUNPQN.exe
  2⤵
  PID:9848
- C:\Windows\System\NfpPzcY.exe
  C:\Windows\System\NfpPzcY.exe
  2⤵
  PID:9940
- C:\Windows\System\LnByGwF.exe
  C:\Windows\System\LnByGwF.exe
  2⤵
  PID:10008
- C:\Windows\System\JzpttDc.exe
  C:\Windows\System\JzpttDc.exe
  2⤵
  PID:9764
- C:\Windows\System\lUxEcwJ.exe
  C:\Windows\System\lUxEcwJ.exe
  2⤵
  PID:9828
- C:\Windows\System\aIxOCwp.exe
  C:\Windows\System\aIxOCwp.exe
  2⤵
  PID:9988
- C:\Windows\System\HyqsEVi.exe
  C:\Windows\System\HyqsEVi.exe
  2⤵
  PID:10112
- C:\Windows\System\gTcGvjP.exe
  C:\Windows\System\gTcGvjP.exe
  2⤵
  PID:10184
- C:\Windows\System\UEeJDnt.exe
  C:\Windows\System\UEeJDnt.exe
  2⤵
  PID:9896
- C:\Windows\System\RljWTfo.exe
  C:\Windows\System\RljWTfo.exe
  2⤵
  PID:10020
- C:\Windows\System\NVzfMuv.exe
  C:\Windows\System\NVzfMuv.exe
  2⤵
  PID:10132
- C:\Windows\System\wrDWwWf.exe
  C:\Windows\System\wrDWwWf.exe
  2⤵
  PID:10236
- C:\Windows\System\TYHHYdV.exe
  C:\Windows\System\TYHHYdV.exe
  2⤵
  PID:9180
- C:\Windows\System\Uibrmil.exe
  C:\Windows\System\Uibrmil.exe
  2⤵
  PID:9260
- C:\Windows\System\YbcViYg.exe
  C:\Windows\System\YbcViYg.exe
  2⤵
  PID:9232
- C:\Windows\System\BpzJoXM.exe
  C:\Windows\System\BpzJoXM.exe
  2⤵
  PID:8284
- C:\Windows\System\wdPMaNV.exe
  C:\Windows\System\wdPMaNV.exe
  2⤵
  PID:9344
- C:\Windows\System\oUhbWUW.exe
  C:\Windows\System\oUhbWUW.exe
  2⤵
  PID:8536
- C:\Windows\System\gvHcwQR.exe
  C:\Windows\System\gvHcwQR.exe
  2⤵
  PID:9404
- C:\Windows\System\IHEkJcV.exe
  C:\Windows\System\IHEkJcV.exe
  2⤵
  PID:9360
- C:\Windows\System\nEozHAg.exe
  C:\Windows\System\nEozHAg.exe
  2⤵
  PID:9424
- C:\Windows\System\coMPYPa.exe
  C:\Windows\System\coMPYPa.exe
  2⤵
  PID:9488
- C:\Windows\System\mNkmPuh.exe
  C:\Windows\System\mNkmPuh.exe
  2⤵
  PID:9556
- C:\Windows\System\bsrDofu.exe
  C:\Windows\System\bsrDofu.exe
  2⤵
  PID:9544
- C:\Windows\System\RwGYZYm.exe
  C:\Windows\System\RwGYZYm.exe
  2⤵
  PID:9540
- C:\Windows\System\HbLNSsi.exe
  C:\Windows\System\HbLNSsi.exe
  2⤵
  PID:9588
- C:\Windows\System\GmmOxeB.exe
  C:\Windows\System\GmmOxeB.exe
  2⤵
  PID:9640
- C:\Windows\System\bhLsVeM.exe
  C:\Windows\System\bhLsVeM.exe
  2⤵
  PID:9700
- C:\Windows\System\ABdNaKC.exe
  C:\Windows\System\ABdNaKC.exe
  2⤵
  PID:9624
- C:\Windows\System\hcidVIo.exe
  C:\Windows\System\hcidVIo.exe
  2⤵
  PID:8328
- C:\Windows\System\PDoHYxG.exe
  C:\Windows\System\PDoHYxG.exe
  2⤵
  PID:9816
- C:\Windows\System\rozWnbE.exe
  C:\Windows\System\rozWnbE.exe
  2⤵
  PID:9912
- C:\Windows\System\zKvWJOj.exe
  C:\Windows\System\zKvWJOj.exe
  2⤵
  PID:10040
- C:\Windows\System\FWKVDVU.exe
  C:\Windows\System\FWKVDVU.exe
  2⤵
  PID:9860
- C:\Windows\System\gepddeD.exe
  C:\Windows\System\gepddeD.exe
  2⤵
  PID:9960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AyGHXMr.exe

Filesize
6.0MB

MD5
e7bac29ce75fd3d32a18b94f0c36ecea

SHA1
c55d11901b7ec6b48cd71419ffbc7f2477d48467

SHA256
139fe0065e54eb0b95374bdbd2f88412be85e990f227d02020ca9a49b8910ffb

SHA512
b838046b53e092cc3ab7978b9be6929efeaff7d2d146f1674b5109dc44ea3949d9616e397d1696bd70112042a08a83cbf8cacec32abc1f7fb3b9d14379d6ce72

Download Submit
C:\Windows\system\BBThyFS.exe

Filesize
6.0MB

MD5
75a6b9266e5e97d7cbe77f4e8ac9b74c

SHA1
3dcf7f04fe85156abd557038514398fa0c7e2a07

SHA256
386c9c5597496d7dbc6e61468d1362a65883128972562f3fdf944e5c72afa581

SHA512
71d65a888945cff10e6e64ea26d1703cf4a0ae505de922e8798d964fbc1bace9b58924bfcecddfb7e6465b02971f8b55c15a15ae53e8b712c82491989a25a032

Download Submit
C:\Windows\system\CVXUnrm.exe

Filesize
6.0MB

MD5
7603491f743b2086f4c12aed432238fc

SHA1
1f0fd703189c8d810ace66411afdb2cfe7bfe7d6

SHA256
f254c2d8247f3b150766fe2d1d25b55be283561229daf23403a0935a81301363

SHA512
35f3a0393f9fe34d8114de993a8bccdcbccd7c41dc3628bf48a6c0b6066ba8c32ab091193d5764eaa17e302555d558548d188428af7c5ddf2f9ae70dc756ebde

Download Submit
C:\Windows\system\EBMTcfo.exe

Filesize
6.0MB

MD5
22f4b5e3997c5ac0896aa500afb57a56

SHA1
b0dcaecc9def84b6c2098223516aca6e91d7091c

SHA256
086ff66ef05371c9dd19654d4e993a62b14235e9c238c4653d9b44c4bcdf65cf

SHA512
4477b20ad8a866f138097ac38cd26f5d5338f90b2ab3c09543d7be7a8fce50043e77837502ac0e3da78e9e25f9b9d6a7dba4c538f164ac4aaed077c4b3b67b9b

Download Submit
C:\Windows\system\EoLtXrn.exe

Filesize
6.0MB

MD5
d0850dced98cf81d79340e1bee0aa76c

SHA1
7e260f7160688624352ad8589fbd6a6966e4489a

SHA256
c6073ebb1b5b03357d88b6f7e1101fde08410a3cbdaf9e25b9176bf1128fbb5b

SHA512
6878be2e74870198cef9cb43531432d41e4bf17783edb78e6047f99568a6d1bfe25467c1ae8b900daa04b17b1481e030d7c3e1ff3d6552e6efd95d63cfb75d7b

Download Submit
C:\Windows\system\FBrpjGs.exe

Filesize
6.0MB

MD5
be5f3ed85380eb20a1f564128b99fc58

SHA1
4cb66f6735e10a4eabdc9cbd8dec910acc6edf03

SHA256
ed7d85d0582a8ad054cf4fcc4d5380ca4cfa1c96e0686404f6b34f8fc65aec65

SHA512
a54906a9cf4951b367c13347f699cffd6da8931a3aaf24dc2e0273e5f3f704904fe2a9459462c1bfe0d06159fb7b3720705fe0aaab175ab2cf867301b0dbf6cc

Download Submit
C:\Windows\system\FKpryuv.exe

Filesize
6.0MB

MD5
839557fe9977eee7394b337ae81de02e

SHA1
8c03f079f453be953a49073db3bd5311b457000e

SHA256
8a1ed74552bd41fd4aa670ac6df2c31ea4d71276637a0f3da47efc62d4532840

SHA512
8d6dfe60d6243a529b54acf6c6cca068f15b352bf1280b2f0a04aeb57cc07a74ec933ac34c75f574d6a6486bf86bf9f079c463f4cbee7bec0a1c6dad19ad249f

Download Submit
C:\Windows\system\KdaMjaa.exe

Filesize
6.0MB

MD5
bbb3a6f4b6d81f5b7d84ea6fcb111e5c

SHA1
728e5329cddb9d75ccfc70937fc8d16f607b1141

SHA256
c2b4d23c342a66e070440a21600a63ed33870aa32b6e74a5eafd4b05a0a426c2

SHA512
4f3db4b484a02e5541ffb900c950e430951e5c0a2916dc6f401fc3b336d900637f25d5f4c0ac1114c1cb816e53ea567e95a0be656a7ce7a0c3399d3371ae1cf5

Download Submit
C:\Windows\system\LjWKJKW.exe

Filesize
6.0MB

MD5
7d170fa3046de4e9a902ad221e5842ee

SHA1
3dd1f1495b1d7d252b1a0a0bae19df6610f2fddf

SHA256
4bbba2766dcd1280b5d002fb2caae35ef4254b12d51c6dbeeab4e38316c8a8c4

SHA512
3af47233a879d655c707f7d2c56c32ac9c08d9e347cbc384e3922ff470a1d88c0dce5f882c343f50821a9df25a7f77ae61543e7dd0f0aed31f280148677530cc

Download Submit
C:\Windows\system\QOiSztA.exe

Filesize
6.0MB

MD5
6efa104da43eb4907efa70cdb59c912c

SHA1
9bc2b19f43c8f6cb782088ba4b84c90000473614

SHA256
9830636d29673aaea46658b383d9e33635c9508b907eed7b82df34fa237e1849

SHA512
90d576b015af313200ffce7919c2d01d00e13492e8b380911fea6e0a16ac5f9f25fe80279a39cdc74785a1daec3e7584a74b16ce5681d01d06b4a6e76698341a

Download Submit
C:\Windows\system\QWOvjFm.exe

Filesize
6.0MB

MD5
5d3b629f204e57cb9cf26055eb21ec3c

SHA1
283464525a8342f967ddb4d5b2cebe93c333f45c

SHA256
6b2ab1cdc49d0c830d5580d5e79c6ce74ccbee467ffb018ae1adf296838f3e6c

SHA512
8dd08d697364f2f2abf2826b396187e0a7a38506a4807ad8ac67b2e59413fb0c55fa1c4ba518f05ece469bb8cf056319f834b190b0c8b5d7ee4d8c4dd3a70863

Download Submit
C:\Windows\system\SJhpfzW.exe

Filesize
6.0MB

MD5
f915b017380e82c499a672e4a997a4dd

SHA1
76bff2415dd3d2380c8620a9fef9f5d1fa61e852

SHA256
9937a6e27ebebab58158df07255a162d65f67b34a3bc9be32d2c6e313c32211b

SHA512
e7b73f97faf5794d49b550a44f65ebcc6d444da0ffeec016afb63b677dd596db0b9302aa3592b2823b125d3edc50ad6c2871e356bef7fe3a40727665a7345a93

Download Submit
C:\Windows\system\SjgDNtv.exe

Filesize
6.0MB

MD5
650c66434c51f5a1eb95d0f6654a6ba8

SHA1
9bcabc391799d4febdc9de965136c7e22f176158

SHA256
7a69d4c7003bb5bf547d01f0a47475a87a226a511a66b4b677799a849dd8c2ac

SHA512
90fde5caea585fa70f2a74926410e24b91518a73836c4e36db34c6b37e380bc0ab89fe86c94e7d278a4862d62e064e5ac188958ea26b9e3c1de7fd7fe2102a1c

Download Submit
C:\Windows\system\XkYyFlC.exe

Filesize
6.0MB

MD5
ca2022f656e8b58da0e90b9db73ffdb8

SHA1
bacf71d6d9b260635d8edc8e54df413d08e8114f

SHA256
3d26b3e1c58e6e00cc832ac5879e12d5cd78ecd80a4da7d5a0b0c17bb2a738e4

SHA512
01f67d77027aed308d2268a56e545b9db361055f663382ccd9c0480b7f36738df48a975769a10b58e20dab637507af4849c593276f9ee312c525a84a274a0f98

Download Submit
C:\Windows\system\YtMwfIO.exe

Filesize
6.0MB

MD5
8bc71279821e2a2d89106adf2b4e99ad

SHA1
c6f5b05c3cd475d27a36c8d84fd0394368b6fe7c

SHA256
9bc00fa74003dfabd7138b4b7013124e06f8dd1d9d139e89e3c7b66170f42d5d

SHA512
fbff58dfc3f3a98f02e02ee99f304975a21a773602efae864aee08eb4034711ed4f0618ff71b096ad7360dbb84242962983e16f02065c6fd42df850c0cf56379

Download Submit
C:\Windows\system\baNTsDH.exe

Filesize
6.0MB

MD5
3f14fbb063f0180bfbeafe7b15da1aeb

SHA1
207e066d5a959a11bc097df2d31c84a31b65e6b7

SHA256
4151b9bf797830279b8813cf1664942ac87874844c5e56fe4796825b74337fdd

SHA512
29774f7126a01ece489d82c87b346712c5c169acaa2b274fa5f23b0144517c41a73cf2bffa26f4a46eaafe6332d74c1ace42ad5c912617cbff67543be8eee73c

Download Submit
C:\Windows\system\dYGsdPx.exe

Filesize
6.0MB

MD5
b3e2d956902033d20582052f28724867

SHA1
c2fc8ec49f17a1c1fb663a8cb79043b79b42994a

SHA256
12253a537316da519be5980a6c175d200aaf973dc59c8b144280d32512db86ad

SHA512
c78f5e5d583c5751d5e71e229314201fdfc528cb28d6fece59c5807d7e0d1a610dfa2ae1a6a5ead71cdf8cc8bb01b4d9bcb9259ba296869c7e33a09f8f02852c

Download Submit
C:\Windows\system\ecNPKLY.exe

Filesize
6.0MB

MD5
a3bc6d5897311b05f972fa81baa0d44c

SHA1
6e6d3b4cc48851b49804c0fb4c58d3959eb8cb56

SHA256
26239a583583248b6fc27c9ed2fd1325e8e57099187cf7f0e216142f1a811abb

SHA512
05c5bb7982eae6fc291c46d6cddec32e016f30a031547afd05d81fd5461a3b925111213d20e0b79b77a8f3c32f308d88cb2e2e3b07c978b8e9a6556eb2c19823

Download Submit
C:\Windows\system\htLlXjL.exe

Filesize
6.0MB

MD5
1f6b179a740dfbeef7983f560039c6d0

SHA1
077e8de330ff2a52d08f35d53d56ed2629271148

SHA256
a6403ea19c10c744519a7270ccd03441cb952e4b44214567a93a65b89a9a751f

SHA512
22cad399cefe1ef591ea938b37099db4024053997b31d8b646d70b0b1e9c98e6ac9884ffd9062b5c70b680c6b6a20c1351fa1aee90ef61d134c8afb3060f88ed

Download Submit
C:\Windows\system\jNYdveu.exe

Filesize
6.0MB

MD5
577367952df886f82613acbe0421c8e3

SHA1
e20b214f436f5480a9959c5a4bc944e0aa793d77

SHA256
779186a36efd2e413948da19dc0091b910a1b5027540d243a088aee5d93c467e

SHA512
5fdaeb46b0876ecbbca6bc27caeef3a1999440c9c54889e49532734ea5d95252bf4acaf1ea788da458cc3eec85d2f763a4e5963580eaa788d6485f47da37661d

Download Submit
C:\Windows\system\lfXLtAw.exe

Filesize
6.0MB

MD5
04b5d756dcd3152217a3989d1b154e54

SHA1
d51833aa44f774e5321463e86ad034f6c00c02f7

SHA256
e2cd3bcbe0a7dbfc807366b3d823d4abd4495122bae439aad77cb6ef34e69751

SHA512
d6749802c68864702471d9f79cf482b87a40c5983d79f08d34bd4f59b0a4128b80e0fd3533fad8e5a64467757400cf9dbf52c8e2afc8d8c15a5df6bc24de0702

Download Submit
C:\Windows\system\rKggmqo.exe

Filesize
6.0MB

MD5
460fc49d01ed7aff9919a875f8b70dc2

SHA1
0d680f17a2dcaaba6a4f45a546ee47d3862c4f49

SHA256
9477ed7e682f23a43b05dfa37fed6d951eca8dc88c0b2e9ebda8dcd83b1d7af0

SHA512
a69503f3e143f5d9084130942f81cd470714343d08adf2d67a8b1f4d0f8b6c0d81242b3f3c10be012e960c7cf8741a998bacf66519f0f20fac4329dea22c5992

Download Submit
C:\Windows\system\ukEyhED.exe

Filesize
6.0MB

MD5
914da72596b2866a5b9db128b5add97f

SHA1
04749bf78df28322a7f284082cd3f0f2a3a9fbf2

SHA256
d3d6e9737f5ba018da0186de645c6356895342d940b2f38b6ca2771f5a9e46ab

SHA512
3326334724534aa483e2cc737e3a498b54e115ff172ed22c042e262bff89be8df01111ebdc3bd00d3993c7627fd40b59c2c01df300f53414839eda2d68403548

Download Submit
C:\Windows\system\vnJgmkK.exe

Filesize
6.0MB

MD5
2e239e365d47a31e5e07853b47c5ace1

SHA1
4829b8186eaa5636fac0c62fbd8683cc1ed744af

SHA256
ccf0c3ab8402947638e1ad2314eabe481021ffefa2c5feeb0bf3c18d24c6d2f0

SHA512
3322d702626d9b6f71edf4348c72e6985015649356f51379c0a69ba5c6611253d5347543a514bf66e04ace87f923f5c4825185d491d447300026329a51d116f7

Download Submit
C:\Windows\system\vtvPYYS.exe

Filesize
6.0MB

MD5
c587766353034297f095b4dffd4fcad3

SHA1
dc38772bdbae72a0a2aee9c9fd42275ced500afe

SHA256
287f5dda9f6dcb82b2b13e786f991423f05788cf1abd5b328ce659adb72be223

SHA512
d806a7064f3dcdee82c927ca05fe350d40b81bca27d349b85c16a8ad126e75f2a06340491bbc7d4f6e51b8908cf7eb390a855148d6ade765f9ab7004dc4bff6b

Download Submit
C:\Windows\system\wySfUse.exe

Filesize
6.0MB

MD5
99aeb8a8df4d728bc25b9dfe5d0a22bf

SHA1
35754985a171a692b1836b92567233d019423755

SHA256
6b2d24893dc0d743835be4ede345b6b3863f85985393ede16c8af5dea4819a1f

SHA512
e9aac6ed9e44566c12f0fa6ba701a67820a7fd320140f0da95b5336e9fd3b4d960d31e680389342b97a09c9176ebf8aaaea67136a28a528cb7baedf4eac9bdb9

Download Submit
\Windows\system\EJkIeKp.exe

Filesize
6.0MB

MD5
7c8299bb808952f61dfe0c4d15909771

SHA1
34f093de26a03844148bbb7ff4af78d4a23400ad

SHA256
027bd752b7f3e3c81c82b7e666b5fbaff5fe70e3a40a67cbd94c6866b72a968f

SHA512
a27ff34c93aa53a86e5a7e5913f7bdf47b9aebff1aa99aae781a91aee50400bacb690291f31129ec092fbe3c462cddf1510bad8d51824e5606a8e22ac3de491e

Download Submit
\Windows\system\KSZHzeI.exe

Filesize
6.0MB

MD5
9d4625e0f76d99af19dcd71ce085767b

SHA1
1c0b0b696d4f5dcdc09ce74843350b0e9b42a1f9

SHA256
fad434f6460fc0b77d615fde4c14109f5c3cf9149407ef47e2da735276279c0f

SHA512
9f2b4b5b8383984f09abe7966c425222a7ad25cf6c35d994ddd377ba1e5c518f5ccca8b384eedec4d34f5730b0806b3143f8c611c91d33dc3da86be233720c03

Download Submit
\Windows\system\qvEqZil.exe

Filesize
6.0MB

MD5
3f76a372c98a6088a62112337f4533bf

SHA1
c7eb34f789fb6eac9982424c424a630223f11bf1

SHA256
1c97ba6925afda5ebbcaf0ec17e7fb3719a52920cac3d2e4de621e43a90df525

SHA512
82f9154ff1a6862ae84e9a56ff5181d7e33c0ab23174e0b4ead1c91d7d2b43d077a383906b0d80a428fe4474cc6edd173cdbeb7c4e25246884b1104a31fec3fd

Download Submit
\Windows\system\rKJmHjU.exe

Filesize
6.0MB

MD5
e499ef7f4f0aba7d1577a732f10d920d

SHA1
8d3372fcab7daec84e853e634faeafbed873793e

SHA256
9a3e2d2d475bb1bacafe3e23a4954d973f523203ceb96f6e52836b2fd1a15de0

SHA512
393adff3dacc244933a0882198a946d452523b55dba4efb7301f085b00a54c02cd8170b563a4932391526ec9d62e272fcfb529fb011ff055f414a0ddfc9b0c6f

Download Submit
\Windows\system\tbfGCmA.exe

Filesize
6.0MB

MD5
c8cb460740ccb7a7199d9a2c70578c38

SHA1
ded0853b89d64cd83b4d8f69b86220c2a66b3efb

SHA256
28f67c6c1e474dcfbbf5dd0adfa866fb9e912b4fd17156301eb8144f59e5e68f

SHA512
d0c733f5c6546618d44b6052da241c985b7593fe46d3ff956a39b1cbfb5a110f264a9e1dc999230da64d586612f28b03e92b53905b0dadbac73f4e09b84f1cae

Download Submit
\Windows\system\yWqcxFT.exe

Filesize
6.0MB

MD5
0c08081c16c2fca34bfbf756a40158e7

SHA1
eee8ec2b59e057a245fa20acc08452fb80fa4e80

SHA256
6c421364e3e84f8a8e48171583c2cdcc5ea2643e8ba0934b674736894000fbc6

SHA512
7cd351d87e7ecb7e48ac26be63e6df5944c3241164d16feb42e9f92be5bad3baa6f8ab38f4197f5151813fa6f5038e6a1d4f2beddc9a229bfc011cf06825bc6b

Download Submit
memory/1452-96-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/1452-3994-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2084-100-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2084-384-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2084-48-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2084-1542-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2084-21-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2084-101-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2084-0-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2084-65-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2084-119-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2084-592-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2084-64-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2084-25-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2084-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2084-15-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-884-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2084-1191-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-35-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2084-54-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2084-87-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2084-17-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-95-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2084-62-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-79-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2272-3806-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2272-23-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2332-3805-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-20-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-22-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-3804-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-42-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-86-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3912-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-80-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3996-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3949-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2624-71-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2732-94-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2732-50-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3960-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3940-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2768-88-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3959-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2788-66-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2796-72-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3881-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2796-30-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2800-102-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3989-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1192-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-70-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-4209-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-3950-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/3028-78-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/3028-36-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download