cobaltstrike | 5d5634c011a66cc6aae0ef269e70af0b34911fa5418dc1b39987f7b5431f3968

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 14:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

29457dd91642d33468f3fec87d8a3acc
SHA1

2eec921a42e75442c6a5521bea81dce577fbcd86
SHA256

5d5634c011a66cc6aae0ef269e70af0b34911fa5418dc1b39987f7b5431f3968
SHA512

e26869d2d0de6a1d69dd72c46b0e9eb42084f0a2b6d21f3da0e1e4cc31fe66f46e693a258ad25a690824917efa0b431d12020231160d67693e77a3c2cb674cc1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUL:T+q56utgpPF8u/7L

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x000b000000012259-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015dc3-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f1b-39.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019241-92.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925c-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019228-74.dat	cobalt_reflective_dll
behavioral1/files/0x0031000000015d5c-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001920f-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019346-128.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-172.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-152.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933e-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192f0-116.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903d-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019030-57.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000160d5-53.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f2a-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e47-31.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d7f-19.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d75-14.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2728-0-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012259-6.dat	xmrig
behavioral1/memory/2852-9-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2860-15-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/files/0x0008000000015dc3-21.dat	xmrig
behavioral1/memory/2576-35-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2684-36-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/1948-32-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f1b-39.dat	xmrig
behavioral1/memory/2728-50-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/344-81-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019241-92.dat	xmrig
behavioral1/memory/2672-88-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x000500000001925c-95.dat	xmrig
behavioral1/memory/1804-100-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2728-104-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/memory/2728-103-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2908-102-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/1708-101-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019234-85.dat	xmrig
behavioral1/memory/1492-77-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2172-79-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019228-74.dat	xmrig
behavioral1/files/0x0031000000015d5c-107.dat	xmrig
behavioral1/files/0x0005000000019273-110.dat	xmrig
behavioral1/files/0x000500000001920f-70.dat	xmrig
behavioral1/files/0x0005000000019346-128.dat	xmrig
behavioral1/memory/2860-218-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/files/0x00050000000194d4-172.dat	xmrig
behavioral1/files/0x00050000000194b4-168.dat	xmrig
behavioral1/files/0x00050000000194a7-164.dat	xmrig
behavioral1/files/0x0005000000019494-160.dat	xmrig
behavioral1/files/0x0005000000019408-156.dat	xmrig
behavioral1/files/0x00050000000193fa-152.dat	xmrig
behavioral1/files/0x00050000000193f8-149.dat	xmrig
behavioral1/files/0x00050000000193c9-144.dat	xmrig
behavioral1/files/0x00050000000193af-140.dat	xmrig
behavioral1/files/0x00050000000193a2-136.dat	xmrig
behavioral1/files/0x0005000000019384-132.dat	xmrig
behavioral1/files/0x000500000001933e-124.dat	xmrig
behavioral1/files/0x000500000001932a-120.dat	xmrig
behavioral1/files/0x00050000000192f0-116.dat	xmrig
behavioral1/memory/2728-66-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/files/0x000600000001903d-65.dat	xmrig
behavioral1/memory/2728-60-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019030-57.dat	xmrig
behavioral1/files/0x00080000000160d5-53.dat	xmrig
behavioral1/memory/3016-49-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/3028-48-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f2a-45.dat	xmrig
behavioral1/files/0x0007000000015e47-31.dat	xmrig
behavioral1/files/0x0008000000015d7f-19.dat	xmrig
behavioral1/files/0x0008000000015d75-14.dat	xmrig
behavioral1/memory/2860-4006-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2576-4009-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/3016-4010-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/3028-4011-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/344-4012-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/1492-4013-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2672-4014-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2172-4015-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/1804-4016-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/1708-4017-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2908-4018-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

GWYIfRo.exeaMFfswQ.exenriZNMq.exepFcqavr.exemqBWXUC.exeKIvzpJI.exeExezzxY.exeGLaGhGt.exeEJyikDF.exeTFmKJfp.exejdsPzFg.exeiyigGec.exeYPSSXyS.exeGqQzfZV.execSwbYpg.exeXLGJeNf.exeCrGqxKp.exegoRPOVG.exeKnAqOba.exeuXjKWyQ.exeBFUsizC.execyUVxKN.exeQNjFfzL.exeVgPhfqL.exeJeeQWuK.exeKAjRoan.exeqBfgDNl.exedMuRxxC.exeRszHNZE.exeEKKFTLf.exeTWxivKU.exeKIIAjek.exetLWQCtG.exemTuPqFU.exeDFNJZks.exeAdEenvo.exeDelXBxO.exenPciQNV.exeQRaYzPK.exesrZnVAX.exeGnAwFxs.exedBTiugg.exeYNEgIQh.exeLHDkTMy.exedghgqDT.exePPVpTwa.exeVgLMtXZ.exeXRDrtHl.exenfppuCE.exeWLnlknX.exeKCdYDEB.exebwyzikP.exelKYkMKm.exejADrHif.exeqfBouYe.exeOIKHcbO.exewkYNYMl.exelYTCEzc.exeoZvPbMp.exeqYQUMvg.exeZBnLwWB.exePdVUPMC.exenshPmHi.exesLdVBJl.exe

pid	Process
2852	GWYIfRo.exe
2860	aMFfswQ.exe
1948	nriZNMq.exe
2684	pFcqavr.exe
2576	mqBWXUC.exe
3016	KIvzpJI.exe
3028	ExezzxY.exe
344	GLaGhGt.exe
1492	EJyikDF.exe
2672	TFmKJfp.exe
2172	jdsPzFg.exe
1804	iyigGec.exe
1708	YPSSXyS.exe
2908	GqQzfZV.exe
2100	cSwbYpg.exe
2924	XLGJeNf.exe
2192	CrGqxKp.exe
1776	goRPOVG.exe
108	KnAqOba.exe
1424	uXjKWyQ.exe
1148	BFUsizC.exe
2032	cyUVxKN.exe
1844	QNjFfzL.exe
2336	VgPhfqL.exe
3060	JeeQWuK.exe
2312	KAjRoan.exe
1788	qBfgDNl.exe
840	dMuRxxC.exe
2316	RszHNZE.exe
1868	EKKFTLf.exe
400	TWxivKU.exe
2496	KIIAjek.exe
2376	tLWQCtG.exe
2012	mTuPqFU.exe
1528	DFNJZks.exe
1364	AdEenvo.exe
1616	DelXBxO.exe
2080	nPciQNV.exe
1960	QRaYzPK.exe
1864	srZnVAX.exe
2808	GnAwFxs.exe
1556	dBTiugg.exe
1664	YNEgIQh.exe
1760	LHDkTMy.exe
1692	dghgqDT.exe
624	PPVpTwa.exe
1636	VgLMtXZ.exe
2352	XRDrtHl.exe
2516	nfppuCE.exe
2096	WLnlknX.exe
1764	KCdYDEB.exe
1496	bwyzikP.exe
2956	lKYkMKm.exe
2360	jADrHif.exe
2228	qfBouYe.exe
1816	OIKHcbO.exe
1612	wkYNYMl.exe
2716	lYTCEzc.exe
1292	oZvPbMp.exe
1524	qYQUMvg.exe
336	ZBnLwWB.exe
1008	PdVUPMC.exe
2292	nshPmHi.exe
1604	sLdVBJl.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 60 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2728-0-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x000b000000012259-6.dat	upx
behavioral1/memory/2852-9-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2860-15-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/files/0x0008000000015dc3-21.dat	upx
behavioral1/memory/2576-35-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2684-36-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/1948-32-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x0007000000015f1b-39.dat	upx
behavioral1/memory/344-81-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x0005000000019241-92.dat	upx
behavioral1/memory/2672-88-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x000500000001925c-95.dat	upx
behavioral1/memory/1804-100-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2908-102-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/1708-101-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x0005000000019234-85.dat	upx
behavioral1/memory/1492-77-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2172-79-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/files/0x0005000000019228-74.dat	upx
behavioral1/files/0x0031000000015d5c-107.dat	upx
behavioral1/files/0x0005000000019273-110.dat	upx
behavioral1/files/0x000500000001920f-70.dat	upx
behavioral1/files/0x0005000000019346-128.dat	upx
behavioral1/memory/2860-218-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/files/0x00050000000194d4-172.dat	upx
behavioral1/files/0x00050000000194b4-168.dat	upx
behavioral1/files/0x00050000000194a7-164.dat	upx
behavioral1/files/0x0005000000019494-160.dat	upx
behavioral1/files/0x0005000000019408-156.dat	upx
behavioral1/files/0x00050000000193fa-152.dat	upx
behavioral1/files/0x00050000000193f8-149.dat	upx
behavioral1/files/0x00050000000193c9-144.dat	upx
behavioral1/files/0x00050000000193af-140.dat	upx
behavioral1/files/0x00050000000193a2-136.dat	upx
behavioral1/files/0x0005000000019384-132.dat	upx
behavioral1/files/0x000500000001933e-124.dat	upx
behavioral1/files/0x000500000001932a-120.dat	upx
behavioral1/files/0x00050000000192f0-116.dat	upx
behavioral1/files/0x000600000001903d-65.dat	upx
behavioral1/memory/2728-60-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x0006000000019030-57.dat	upx
behavioral1/files/0x00080000000160d5-53.dat	upx
behavioral1/memory/3016-49-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/3028-48-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x0007000000015f2a-45.dat	upx
behavioral1/files/0x0007000000015e47-31.dat	upx
behavioral1/files/0x0008000000015d7f-19.dat	upx
behavioral1/files/0x0008000000015d75-14.dat	upx
behavioral1/memory/2860-4006-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2576-4009-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/3016-4010-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/3028-4011-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/344-4012-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/1492-4013-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2672-4014-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2172-4015-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/1804-4016-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/1708-4017-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2908-4018-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\mbyJVMO.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TDnROQF.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fqJoGHE.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ArcNSsx.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hoIXhaD.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdAlMiW.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tgCIjwu.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rBcCBYQ.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZFBzFEd.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qwTjCry.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bJsrmFa.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lmDIgdn.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IVFMqFd.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vSlyryN.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKyhmPz.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mdnCOVr.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JqfLhah.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLTPPjw.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PdVUPMC.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wkYNYMl.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\udBfTqr.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HbYTPBp.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tptmzUv.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KAxMlAi.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uRVtDuG.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VgLMtXZ.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wsRjcVA.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdYrOXP.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNmNcuZ.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWsNgkH.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkSSgvZ.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oAhttzE.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JqkduAO.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\llwroJu.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PvJoNQp.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GcJdxID.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lxOKOfH.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VCmekgS.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tuVpmRC.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fnuODGt.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IOWAzrM.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QonHYgK.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mxDBosP.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFmKJfp.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JBffNxL.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LvVyVZB.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wcqiEdB.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WiPCujl.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sviExbj.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bzJvEEG.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iwwUtqX.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQlzxAg.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pDxZDCl.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QaACDhN.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqeqZul.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lETlytR.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jBShXaG.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RqbqUNX.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AosfCXx.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RIAPQWq.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\COMSZtj.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHYhXmu.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LMqfiQl.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Bewcyeu.exe	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 2728 wrote to memory of 2852	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2728 wrote to memory of 2852	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2728 wrote to memory of 2852	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2728 wrote to memory of 2860	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2728 wrote to memory of 2860	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2728 wrote to memory of 2860	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2728 wrote to memory of 1948	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2728 wrote to memory of 1948	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2728 wrote to memory of 1948	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2728 wrote to memory of 2684	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2728 wrote to memory of 2684	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2728 wrote to memory of 2684	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2728 wrote to memory of 2576	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2728 wrote to memory of 2576	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2728 wrote to memory of 2576	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2728 wrote to memory of 3016	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2728 wrote to memory of 3016	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2728 wrote to memory of 3016	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2728 wrote to memory of 3028	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2728 wrote to memory of 3028	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2728 wrote to memory of 3028	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2728 wrote to memory of 344	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2728 wrote to memory of 344	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2728 wrote to memory of 344	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2728 wrote to memory of 1492	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2728 wrote to memory of 1492	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2728 wrote to memory of 1492	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2728 wrote to memory of 2672	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2728 wrote to memory of 2672	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2728 wrote to memory of 2672	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2728 wrote to memory of 2172	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2728 wrote to memory of 2172	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2728 wrote to memory of 2172	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2728 wrote to memory of 1804	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2728 wrote to memory of 1804	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2728 wrote to memory of 1804	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2728 wrote to memory of 1708	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2728 wrote to memory of 1708	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2728 wrote to memory of 1708	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2728 wrote to memory of 2908	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2728 wrote to memory of 2908	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2728 wrote to memory of 2908	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2728 wrote to memory of 2100	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2728 wrote to memory of 2100	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2728 wrote to memory of 2100	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2728 wrote to memory of 2924	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2728 wrote to memory of 2924	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2728 wrote to memory of 2924	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2728 wrote to memory of 2192	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2728 wrote to memory of 2192	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2728 wrote to memory of 2192	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2728 wrote to memory of 1776	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2728 wrote to memory of 1776	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2728 wrote to memory of 1776	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2728 wrote to memory of 108	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2728 wrote to memory of 108	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2728 wrote to memory of 108	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2728 wrote to memory of 1424	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2728 wrote to memory of 1424	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2728 wrote to memory of 1424	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2728 wrote to memory of 1148	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2728 wrote to memory of 1148	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2728 wrote to memory of 1148	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2728 wrote to memory of 2032	2728	2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-22_29457dd91642d33468f3fec87d8a3acc_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Windows\System\GWYIfRo.exe
  C:\Windows\System\GWYIfRo.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\aMFfswQ.exe
  C:\Windows\System\aMFfswQ.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\nriZNMq.exe
  C:\Windows\System\nriZNMq.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\pFcqavr.exe
  C:\Windows\System\pFcqavr.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\mqBWXUC.exe
  C:\Windows\System\mqBWXUC.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\KIvzpJI.exe
  C:\Windows\System\KIvzpJI.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\ExezzxY.exe
  C:\Windows\System\ExezzxY.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\GLaGhGt.exe
  C:\Windows\System\GLaGhGt.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\EJyikDF.exe
  C:\Windows\System\EJyikDF.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\TFmKJfp.exe
  C:\Windows\System\TFmKJfp.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\jdsPzFg.exe
  C:\Windows\System\jdsPzFg.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\iyigGec.exe
  C:\Windows\System\iyigGec.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\YPSSXyS.exe
  C:\Windows\System\YPSSXyS.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\GqQzfZV.exe
  C:\Windows\System\GqQzfZV.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\cSwbYpg.exe
  C:\Windows\System\cSwbYpg.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\XLGJeNf.exe
  C:\Windows\System\XLGJeNf.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\CrGqxKp.exe
  C:\Windows\System\CrGqxKp.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\goRPOVG.exe
  C:\Windows\System\goRPOVG.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\KnAqOba.exe
  C:\Windows\System\KnAqOba.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\uXjKWyQ.exe
  C:\Windows\System\uXjKWyQ.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\BFUsizC.exe
  C:\Windows\System\BFUsizC.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\cyUVxKN.exe
  C:\Windows\System\cyUVxKN.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\QNjFfzL.exe
  C:\Windows\System\QNjFfzL.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\VgPhfqL.exe
  C:\Windows\System\VgPhfqL.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\JeeQWuK.exe
  C:\Windows\System\JeeQWuK.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\KAjRoan.exe
  C:\Windows\System\KAjRoan.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\qBfgDNl.exe
  C:\Windows\System\qBfgDNl.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\dMuRxxC.exe
  C:\Windows\System\dMuRxxC.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\RszHNZE.exe
  C:\Windows\System\RszHNZE.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\EKKFTLf.exe
  C:\Windows\System\EKKFTLf.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\TWxivKU.exe
  C:\Windows\System\TWxivKU.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\KIIAjek.exe
  C:\Windows\System\KIIAjek.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\tLWQCtG.exe
  C:\Windows\System\tLWQCtG.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\mTuPqFU.exe
  C:\Windows\System\mTuPqFU.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\DFNJZks.exe
  C:\Windows\System\DFNJZks.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\AdEenvo.exe
  C:\Windows\System\AdEenvo.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\DelXBxO.exe
  C:\Windows\System\DelXBxO.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\nPciQNV.exe
  C:\Windows\System\nPciQNV.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\QRaYzPK.exe
  C:\Windows\System\QRaYzPK.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\srZnVAX.exe
  C:\Windows\System\srZnVAX.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\GnAwFxs.exe
  C:\Windows\System\GnAwFxs.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\dBTiugg.exe
  C:\Windows\System\dBTiugg.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\YNEgIQh.exe
  C:\Windows\System\YNEgIQh.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\LHDkTMy.exe
  C:\Windows\System\LHDkTMy.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\dghgqDT.exe
  C:\Windows\System\dghgqDT.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\PPVpTwa.exe
  C:\Windows\System\PPVpTwa.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\VgLMtXZ.exe
  C:\Windows\System\VgLMtXZ.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\XRDrtHl.exe
  C:\Windows\System\XRDrtHl.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\nfppuCE.exe
  C:\Windows\System\nfppuCE.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\WLnlknX.exe
  C:\Windows\System\WLnlknX.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\KCdYDEB.exe
  C:\Windows\System\KCdYDEB.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\bwyzikP.exe
  C:\Windows\System\bwyzikP.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\lKYkMKm.exe
  C:\Windows\System\lKYkMKm.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\jADrHif.exe
  C:\Windows\System\jADrHif.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\qfBouYe.exe
  C:\Windows\System\qfBouYe.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\OIKHcbO.exe
  C:\Windows\System\OIKHcbO.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\wkYNYMl.exe
  C:\Windows\System\wkYNYMl.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\lYTCEzc.exe
  C:\Windows\System\lYTCEzc.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\oZvPbMp.exe
  C:\Windows\System\oZvPbMp.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\qYQUMvg.exe
  C:\Windows\System\qYQUMvg.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\ZBnLwWB.exe
  C:\Windows\System\ZBnLwWB.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\PdVUPMC.exe
  C:\Windows\System\PdVUPMC.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\nshPmHi.exe
  C:\Windows\System\nshPmHi.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\sLdVBJl.exe
  C:\Windows\System\sLdVBJl.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\cEPLLCI.exe
  C:\Windows\System\cEPLLCI.exe
  2⤵
  PID:2936
- C:\Windows\System\HztDFUi.exe
  C:\Windows\System\HztDFUi.exe
  2⤵
  PID:2736
- C:\Windows\System\uEfZVls.exe
  C:\Windows\System\uEfZVls.exe
  2⤵
  PID:2588
- C:\Windows\System\eVQCWVY.exe
  C:\Windows\System\eVQCWVY.exe
  2⤵
  PID:2592
- C:\Windows\System\yKGXwKT.exe
  C:\Windows\System\yKGXwKT.exe
  2⤵
  PID:264
- C:\Windows\System\RWBUJyh.exe
  C:\Windows\System\RWBUJyh.exe
  2⤵
  PID:800
- C:\Windows\System\rfycplm.exe
  C:\Windows\System\rfycplm.exe
  2⤵
  PID:2748
- C:\Windows\System\fKRFoYR.exe
  C:\Windows\System\fKRFoYR.exe
  2⤵
  PID:2264
- C:\Windows\System\GGLeeYy.exe
  C:\Windows\System\GGLeeYy.exe
  2⤵
  PID:2052
- C:\Windows\System\qbwyiDk.exe
  C:\Windows\System\qbwyiDk.exe
  2⤵
  PID:2552
- C:\Windows\System\XwyvCbu.exe
  C:\Windows\System\XwyvCbu.exe
  2⤵
  PID:2560
- C:\Windows\System\SKUSDdW.exe
  C:\Windows\System\SKUSDdW.exe
  2⤵
  PID:1304
- C:\Windows\System\JPfemRN.exe
  C:\Windows\System\JPfemRN.exe
  2⤵
  PID:2844
- C:\Windows\System\RpgUDsK.exe
  C:\Windows\System\RpgUDsK.exe
  2⤵
  PID:2668
- C:\Windows\System\lpUCSLK.exe
  C:\Windows\System\lpUCSLK.exe
  2⤵
  PID:1144
- C:\Windows\System\LVfaSDp.exe
  C:\Windows\System\LVfaSDp.exe
  2⤵
  PID:3068
- C:\Windows\System\hpaBhdJ.exe
  C:\Windows\System\hpaBhdJ.exe
  2⤵
  PID:1688
- C:\Windows\System\BkWZyIa.exe
  C:\Windows\System\BkWZyIa.exe
  2⤵
  PID:1996
- C:\Windows\System\bgutbcj.exe
  C:\Windows\System\bgutbcj.exe
  2⤵
  PID:1684
- C:\Windows\System\dyvcnIW.exe
  C:\Windows\System\dyvcnIW.exe
  2⤵
  PID:888
- C:\Windows\System\RxkJQDA.exe
  C:\Windows\System\RxkJQDA.exe
  2⤵
  PID:1076
- C:\Windows\System\hZhaJIa.exe
  C:\Windows\System\hZhaJIa.exe
  2⤵
  PID:2528
- C:\Windows\System\dphjBey.exe
  C:\Windows\System\dphjBey.exe
  2⤵
  PID:824
- C:\Windows\System\hkhMNaZ.exe
  C:\Windows\System\hkhMNaZ.exe
  2⤵
  PID:1036
- C:\Windows\System\BRpooOF.exe
  C:\Windows\System\BRpooOF.exe
  2⤵
  PID:1780
- C:\Windows\System\JgqqkxJ.exe
  C:\Windows\System\JgqqkxJ.exe
  2⤵
  PID:1552
- C:\Windows\System\GOeOVCO.exe
  C:\Windows\System\GOeOVCO.exe
  2⤵
  PID:2356
- C:\Windows\System\YaLYnuZ.exe
  C:\Windows\System\YaLYnuZ.exe
  2⤵
  PID:880
- C:\Windows\System\hBoUSOm.exe
  C:\Windows\System\hBoUSOm.exe
  2⤵
  PID:1244
- C:\Windows\System\lwknMIK.exe
  C:\Windows\System\lwknMIK.exe
  2⤵
  PID:2420
- C:\Windows\System\SyhKkdO.exe
  C:\Windows\System\SyhKkdO.exe
  2⤵
  PID:2444
- C:\Windows\System\gWsNgkH.exe
  C:\Windows\System\gWsNgkH.exe
  2⤵
  PID:988
- C:\Windows\System\PFNhjYI.exe
  C:\Windows\System\PFNhjYI.exe
  2⤵
  PID:672
- C:\Windows\System\UqgXioZ.exe
  C:\Windows\System\UqgXioZ.exe
  2⤵
  PID:1260
- C:\Windows\System\LHDhXjE.exe
  C:\Windows\System\LHDhXjE.exe
  2⤵
  PID:2704
- C:\Windows\System\MUhwMCW.exe
  C:\Windows\System\MUhwMCW.exe
  2⤵
  PID:2640
- C:\Windows\System\zNdufPv.exe
  C:\Windows\System\zNdufPv.exe
  2⤵
  PID:1280
- C:\Windows\System\cFjdJHo.exe
  C:\Windows\System\cFjdJHo.exe
  2⤵
  PID:1356
- C:\Windows\System\doQKgjM.exe
  C:\Windows\System\doQKgjM.exe
  2⤵
  PID:1936
- C:\Windows\System\qrVZLkZ.exe
  C:\Windows\System\qrVZLkZ.exe
  2⤵
  PID:2132
- C:\Windows\System\GWXcCcl.exe
  C:\Windows\System\GWXcCcl.exe
  2⤵
  PID:2412
- C:\Windows\System\DyNTvED.exe
  C:\Windows\System\DyNTvED.exe
  2⤵
  PID:1700
- C:\Windows\System\DeuqXiL.exe
  C:\Windows\System\DeuqXiL.exe
  2⤵
  PID:3004
- C:\Windows\System\dpgDHtg.exe
  C:\Windows\System\dpgDHtg.exe
  2⤵
  PID:2064
- C:\Windows\System\bZTozAl.exe
  C:\Windows\System\bZTozAl.exe
  2⤵
  PID:2452
- C:\Windows\System\gxsOzeT.exe
  C:\Windows\System\gxsOzeT.exe
  2⤵
  PID:1784
- C:\Windows\System\CLPejqk.exe
  C:\Windows\System\CLPejqk.exe
  2⤵
  PID:2448
- C:\Windows\System\COMSZtj.exe
  C:\Windows\System\COMSZtj.exe
  2⤵
  PID:2188
- C:\Windows\System\luhynWa.exe
  C:\Windows\System\luhynWa.exe
  2⤵
  PID:2608
- C:\Windows\System\wcVquXF.exe
  C:\Windows\System\wcVquXF.exe
  2⤵
  PID:1976
- C:\Windows\System\UkJymHp.exe
  C:\Windows\System\UkJymHp.exe
  2⤵
  PID:324
- C:\Windows\System\eWGDoKj.exe
  C:\Windows\System\eWGDoKj.exe
  2⤵
  PID:2600
- C:\Windows\System\IinWuFs.exe
  C:\Windows\System\IinWuFs.exe
  2⤵
  PID:872
- C:\Windows\System\MrQbclJ.exe
  C:\Windows\System\MrQbclJ.exe
  2⤵
  PID:1792
- C:\Windows\System\lQBbQqJ.exe
  C:\Windows\System\lQBbQqJ.exe
  2⤵
  PID:660
- C:\Windows\System\jBShXaG.exe
  C:\Windows\System\jBShXaG.exe
  2⤵
  PID:2348
- C:\Windows\System\lxOKOfH.exe
  C:\Windows\System\lxOKOfH.exe
  2⤵
  PID:2296
- C:\Windows\System\jfWNLqD.exe
  C:\Windows\System\jfWNLqD.exe
  2⤵
  PID:1808
- C:\Windows\System\wEtztZK.exe
  C:\Windows\System\wEtztZK.exe
  2⤵
  PID:3092
- C:\Windows\System\SUvAJHi.exe
  C:\Windows\System\SUvAJHi.exe
  2⤵
  PID:3108
- C:\Windows\System\yrZbfpG.exe
  C:\Windows\System\yrZbfpG.exe
  2⤵
  PID:3124
- C:\Windows\System\DNCzrcw.exe
  C:\Windows\System\DNCzrcw.exe
  2⤵
  PID:3196
- C:\Windows\System\JsyZtEd.exe
  C:\Windows\System\JsyZtEd.exe
  2⤵
  PID:3220
- C:\Windows\System\KppDKod.exe
  C:\Windows\System\KppDKod.exe
  2⤵
  PID:3240
- C:\Windows\System\pKbaCCn.exe
  C:\Windows\System\pKbaCCn.exe
  2⤵
  PID:3260
- C:\Windows\System\XrZrfsB.exe
  C:\Windows\System\XrZrfsB.exe
  2⤵
  PID:3280
- C:\Windows\System\XHnMuWm.exe
  C:\Windows\System\XHnMuWm.exe
  2⤵
  PID:3300
- C:\Windows\System\PwqaUsA.exe
  C:\Windows\System\PwqaUsA.exe
  2⤵
  PID:3316
- C:\Windows\System\tQlzxAg.exe
  C:\Windows\System\tQlzxAg.exe
  2⤵
  PID:3332
- C:\Windows\System\yvhaYUt.exe
  C:\Windows\System\yvhaYUt.exe
  2⤵
  PID:3348
- C:\Windows\System\yAihxkP.exe
  C:\Windows\System\yAihxkP.exe
  2⤵
  PID:3364
- C:\Windows\System\SuWacDZ.exe
  C:\Windows\System\SuWacDZ.exe
  2⤵
  PID:3380
- C:\Windows\System\DndydGH.exe
  C:\Windows\System\DndydGH.exe
  2⤵
  PID:3396
- C:\Windows\System\fqJoGHE.exe
  C:\Windows\System\fqJoGHE.exe
  2⤵
  PID:3412
- C:\Windows\System\hbHfdlg.exe
  C:\Windows\System\hbHfdlg.exe
  2⤵
  PID:3428
- C:\Windows\System\DaMJKqk.exe
  C:\Windows\System\DaMJKqk.exe
  2⤵
  PID:3452
- C:\Windows\System\YkbORgq.exe
  C:\Windows\System\YkbORgq.exe
  2⤵
  PID:3468
- C:\Windows\System\QhhVmxD.exe
  C:\Windows\System\QhhVmxD.exe
  2⤵
  PID:3488
- C:\Windows\System\CvdbJDb.exe
  C:\Windows\System\CvdbJDb.exe
  2⤵
  PID:3512
- C:\Windows\System\dVAKiQs.exe
  C:\Windows\System\dVAKiQs.exe
  2⤵
  PID:3564
- C:\Windows\System\kEnUXpY.exe
  C:\Windows\System\kEnUXpY.exe
  2⤵
  PID:3580
- C:\Windows\System\IadpRyU.exe
  C:\Windows\System\IadpRyU.exe
  2⤵
  PID:3596
- C:\Windows\System\JaICrVa.exe
  C:\Windows\System\JaICrVa.exe
  2⤵
  PID:3612
- C:\Windows\System\dYMPOHx.exe
  C:\Windows\System\dYMPOHx.exe
  2⤵
  PID:3628
- C:\Windows\System\aTakSiP.exe
  C:\Windows\System\aTakSiP.exe
  2⤵
  PID:3644
- C:\Windows\System\yDekzou.exe
  C:\Windows\System\yDekzou.exe
  2⤵
  PID:3660
- C:\Windows\System\qwTWCrE.exe
  C:\Windows\System\qwTWCrE.exe
  2⤵
  PID:3676
- C:\Windows\System\keOGPaM.exe
  C:\Windows\System\keOGPaM.exe
  2⤵
  PID:3692
- C:\Windows\System\JclWtfW.exe
  C:\Windows\System\JclWtfW.exe
  2⤵
  PID:3708
- C:\Windows\System\qeDePcs.exe
  C:\Windows\System\qeDePcs.exe
  2⤵
  PID:3724
- C:\Windows\System\tMUPXzh.exe
  C:\Windows\System\tMUPXzh.exe
  2⤵
  PID:3740
- C:\Windows\System\SQBIaGj.exe
  C:\Windows\System\SQBIaGj.exe
  2⤵
  PID:3756
- C:\Windows\System\UEbYTut.exe
  C:\Windows\System\UEbYTut.exe
  2⤵
  PID:3772
- C:\Windows\System\fZYxTwj.exe
  C:\Windows\System\fZYxTwj.exe
  2⤵
  PID:3788
- C:\Windows\System\whjPfqz.exe
  C:\Windows\System\whjPfqz.exe
  2⤵
  PID:3804
- C:\Windows\System\NOjwRnz.exe
  C:\Windows\System\NOjwRnz.exe
  2⤵
  PID:3820
- C:\Windows\System\YLFvLsA.exe
  C:\Windows\System\YLFvLsA.exe
  2⤵
  PID:3836
- C:\Windows\System\AbdOiKu.exe
  C:\Windows\System\AbdOiKu.exe
  2⤵
  PID:3860
- C:\Windows\System\OXJrqGN.exe
  C:\Windows\System\OXJrqGN.exe
  2⤵
  PID:3900
- C:\Windows\System\tIHPjnE.exe
  C:\Windows\System\tIHPjnE.exe
  2⤵
  PID:3924
- C:\Windows\System\dyYXotN.exe
  C:\Windows\System\dyYXotN.exe
  2⤵
  PID:3940
- C:\Windows\System\waYKRWS.exe
  C:\Windows\System\waYKRWS.exe
  2⤵
  PID:3960
- C:\Windows\System\ajHPvct.exe
  C:\Windows\System\ajHPvct.exe
  2⤵
  PID:3976
- C:\Windows\System\KcgNtQx.exe
  C:\Windows\System\KcgNtQx.exe
  2⤵
  PID:3992
- C:\Windows\System\ulkodGB.exe
  C:\Windows\System\ulkodGB.exe
  2⤵
  PID:4008
- C:\Windows\System\qkJWXUb.exe
  C:\Windows\System\qkJWXUb.exe
  2⤵
  PID:4024
- C:\Windows\System\cAaSiwS.exe
  C:\Windows\System\cAaSiwS.exe
  2⤵
  PID:4040
- C:\Windows\System\cHCOlBN.exe
  C:\Windows\System\cHCOlBN.exe
  2⤵
  PID:4056
- C:\Windows\System\bABPQYt.exe
  C:\Windows\System\bABPQYt.exe
  2⤵
  PID:4072
- C:\Windows\System\NCMElNP.exe
  C:\Windows\System\NCMElNP.exe
  2⤵
  PID:4088
- C:\Windows\System\IZkBgir.exe
  C:\Windows\System\IZkBgir.exe
  2⤵
  PID:2404
- C:\Windows\System\zdQDBKH.exe
  C:\Windows\System\zdQDBKH.exe
  2⤵
  PID:1828
- C:\Windows\System\gsXACTi.exe
  C:\Windows\System\gsXACTi.exe
  2⤵
  PID:796
- C:\Windows\System\oyyNMrJ.exe
  C:\Windows\System\oyyNMrJ.exe
  2⤵
  PID:1648
- C:\Windows\System\rjQDAei.exe
  C:\Windows\System\rjQDAei.exe
  2⤵
  PID:3080
- C:\Windows\System\iwwUtqX.exe
  C:\Windows\System\iwwUtqX.exe
  2⤵
  PID:1152
- C:\Windows\System\oaNjVsz.exe
  C:\Windows\System\oaNjVsz.exe
  2⤵
  PID:2220
- C:\Windows\System\qZKDrST.exe
  C:\Windows\System\qZKDrST.exe
  2⤵
  PID:3164
- C:\Windows\System\UBbJfOb.exe
  C:\Windows\System\UBbJfOb.exe
  2⤵
  PID:3204
- C:\Windows\System\zMJnTUs.exe
  C:\Windows\System\zMJnTUs.exe
  2⤵
  PID:3212
- C:\Windows\System\PtAspmI.exe
  C:\Windows\System\PtAspmI.exe
  2⤵
  PID:3256
- C:\Windows\System\XcnSHJm.exe
  C:\Windows\System\XcnSHJm.exe
  2⤵
  PID:3288
- C:\Windows\System\SpOpOCR.exe
  C:\Windows\System\SpOpOCR.exe
  2⤵
  PID:3296
- C:\Windows\System\HgQonJM.exe
  C:\Windows\System\HgQonJM.exe
  2⤵
  PID:3508
- C:\Windows\System\WjSPCrM.exe
  C:\Windows\System\WjSPCrM.exe
  2⤵
  PID:3448
- C:\Windows\System\mwkCVON.exe
  C:\Windows\System\mwkCVON.exe
  2⤵
  PID:3520
- C:\Windows\System\XTdolqg.exe
  C:\Windows\System\XTdolqg.exe
  2⤵
  PID:3376
- C:\Windows\System\RXzcnaK.exe
  C:\Windows\System\RXzcnaK.exe
  2⤵
  PID:3532
- C:\Windows\System\jnIqCSF.exe
  C:\Windows\System\jnIqCSF.exe
  2⤵
  PID:3552
- C:\Windows\System\EULFhIV.exe
  C:\Windows\System\EULFhIV.exe
  2⤵
  PID:2828
- C:\Windows\System\rzqtfOK.exe
  C:\Windows\System\rzqtfOK.exe
  2⤵
  PID:3668
- C:\Windows\System\MbdjsKn.exe
  C:\Windows\System\MbdjsKn.exe
  2⤵
  PID:3736
- C:\Windows\System\eLglLGv.exe
  C:\Windows\System\eLglLGv.exe
  2⤵
  PID:3892
- C:\Windows\System\ageoMgF.exe
  C:\Windows\System\ageoMgF.exe
  2⤵
  PID:3880
- C:\Windows\System\FtjkPQo.exe
  C:\Windows\System\FtjkPQo.exe
  2⤵
  PID:3932
- C:\Windows\System\zNXqUVX.exe
  C:\Windows\System\zNXqUVX.exe
  2⤵
  PID:4004
- C:\Windows\System\eEcvwjX.exe
  C:\Windows\System\eEcvwjX.exe
  2⤵
  PID:4068
- C:\Windows\System\pDxZDCl.exe
  C:\Windows\System\pDxZDCl.exe
  2⤵
  PID:2732
- C:\Windows\System\hVfgQbM.exe
  C:\Windows\System\hVfgQbM.exe
  2⤵
  PID:3720
- C:\Windows\System\kKwJbMY.exe
  C:\Windows\System\kKwJbMY.exe
  2⤵
  PID:3908
- C:\Windows\System\pzikrWp.exe
  C:\Windows\System\pzikrWp.exe
  2⤵
  PID:3952
- C:\Windows\System\oUUDLXD.exe
  C:\Windows\System\oUUDLXD.exe
  2⤵
  PID:4016
- C:\Windows\System\MlOEDkX.exe
  C:\Windows\System\MlOEDkX.exe
  2⤵
  PID:3784
- C:\Windows\System\higwCyY.exe
  C:\Windows\System\higwCyY.exe
  2⤵
  PID:3748
- C:\Windows\System\maBAbLu.exe
  C:\Windows\System\maBAbLu.exe
  2⤵
  PID:3656
- C:\Windows\System\MBTbJXW.exe
  C:\Windows\System\MBTbJXW.exe
  2⤵
  PID:772
- C:\Windows\System\SmRSIVm.exe
  C:\Windows\System\SmRSIVm.exe
  2⤵
  PID:3076
- C:\Windows\System\VCmekgS.exe
  C:\Windows\System\VCmekgS.exe
  2⤵
  PID:3088
- C:\Windows\System\GzcutBf.exe
  C:\Windows\System\GzcutBf.exe
  2⤵
  PID:3144
- C:\Windows\System\XUwTXOt.exe
  C:\Windows\System\XUwTXOt.exe
  2⤵
  PID:3152
- C:\Windows\System\TbbFcml.exe
  C:\Windows\System\TbbFcml.exe
  2⤵
  PID:3188
- C:\Windows\System\UmmvBGk.exe
  C:\Windows\System\UmmvBGk.exe
  2⤵
  PID:3268
- C:\Windows\System\lmDIgdn.exe
  C:\Windows\System\lmDIgdn.exe
  2⤵
  PID:3232
- C:\Windows\System\SxQtDuV.exe
  C:\Windows\System\SxQtDuV.exe
  2⤵
  PID:3356
- C:\Windows\System\OEBrZrQ.exe
  C:\Windows\System\OEBrZrQ.exe
  2⤵
  PID:3460
- C:\Windows\System\hREpwuZ.exe
  C:\Windows\System\hREpwuZ.exe
  2⤵
  PID:3424
- C:\Windows\System\wNKrkKW.exe
  C:\Windows\System\wNKrkKW.exe
  2⤵
  PID:3372
- C:\Windows\System\wqYdddA.exe
  C:\Windows\System\wqYdddA.exe
  2⤵
  PID:3540
- C:\Windows\System\CIHgtNf.exe
  C:\Windows\System\CIHgtNf.exe
  2⤵
  PID:3528
- C:\Windows\System\XQKCWlN.exe
  C:\Windows\System\XQKCWlN.exe
  2⤵
  PID:3768
- C:\Windows\System\SYiBQps.exe
  C:\Windows\System\SYiBQps.exe
  2⤵
  PID:3560
- C:\Windows\System\mKNLCrd.exe
  C:\Windows\System\mKNLCrd.exe
  2⤵
  PID:3876
- C:\Windows\System\OsprBUz.exe
  C:\Windows\System\OsprBUz.exe
  2⤵
  PID:3872
- C:\Windows\System\SmXfgpx.exe
  C:\Windows\System\SmXfgpx.exe
  2⤵
  PID:4036
- C:\Windows\System\NMWiSbB.exe
  C:\Windows\System\NMWiSbB.exe
  2⤵
  PID:3968
- C:\Windows\System\ciJKCTW.exe
  C:\Windows\System\ciJKCTW.exe
  2⤵
  PID:1184
- C:\Windows\System\gqTKhDt.exe
  C:\Windows\System\gqTKhDt.exe
  2⤵
  PID:3984
- C:\Windows\System\cfSQasF.exe
  C:\Windows\System\cfSQasF.exe
  2⤵
  PID:3920
- C:\Windows\System\efSpaBR.exe
  C:\Windows\System\efSpaBR.exe
  2⤵
  PID:960
- C:\Windows\System\kYdkwHB.exe
  C:\Windows\System\kYdkwHB.exe
  2⤵
  PID:3752
- C:\Windows\System\EZGNltz.exe
  C:\Windows\System\EZGNltz.exe
  2⤵
  PID:3140
- C:\Windows\System\mQCqdqt.exe
  C:\Windows\System\mQCqdqt.exe
  2⤵
  PID:3160
- C:\Windows\System\NklMksx.exe
  C:\Windows\System\NklMksx.exe
  2⤵
  PID:3180
- C:\Windows\System\XfhLpbi.exe
  C:\Windows\System\XfhLpbi.exe
  2⤵
  PID:2524
- C:\Windows\System\JXnMPAw.exe
  C:\Windows\System\JXnMPAw.exe
  2⤵
  PID:2332
- C:\Windows\System\iFjKVHw.exe
  C:\Windows\System\iFjKVHw.exe
  2⤵
  PID:3484
- C:\Windows\System\XqZyoCu.exe
  C:\Windows\System\XqZyoCu.exe
  2⤵
  PID:3732
- C:\Windows\System\SelfSzy.exe
  C:\Windows\System\SelfSzy.exe
  2⤵
  PID:3856
- C:\Windows\System\BrKabQt.exe
  C:\Windows\System\BrKabQt.exe
  2⤵
  PID:3444
- C:\Windows\System\uymeQwt.exe
  C:\Windows\System\uymeQwt.exe
  2⤵
  PID:3588
- C:\Windows\System\HVCOPDY.exe
  C:\Windows\System\HVCOPDY.exe
  2⤵
  PID:4048
- C:\Windows\System\viFkQck.exe
  C:\Windows\System\viFkQck.exe
  2⤵
  PID:3844
- C:\Windows\System\TSlJJjM.exe
  C:\Windows\System\TSlJJjM.exe
  2⤵
  PID:3684
- C:\Windows\System\MQDTvhm.exe
  C:\Windows\System\MQDTvhm.exe
  2⤵
  PID:2996
- C:\Windows\System\NuJqHcI.exe
  C:\Windows\System\NuJqHcI.exe
  2⤵
  PID:2424
- C:\Windows\System\aSsOnDD.exe
  C:\Windows\System\aSsOnDD.exe
  2⤵
  PID:3148
- C:\Windows\System\aMDOdKF.exe
  C:\Windows\System\aMDOdKF.exe
  2⤵
  PID:3500
- C:\Windows\System\EjBBgpR.exe
  C:\Windows\System\EjBBgpR.exe
  2⤵
  PID:3324
- C:\Windows\System\HJmURVP.exe
  C:\Windows\System\HJmURVP.exe
  2⤵
  PID:3408
- C:\Windows\System\yPgeeah.exe
  C:\Windows\System\yPgeeah.exe
  2⤵
  PID:3548
- C:\Windows\System\OyFDTdF.exe
  C:\Windows\System\OyFDTdF.exe
  2⤵
  PID:2112
- C:\Windows\System\bMFkVQE.exe
  C:\Windows\System\bMFkVQE.exe
  2⤵
  PID:3620
- C:\Windows\System\lQuvhJO.exe
  C:\Windows\System\lQuvhJO.exe
  2⤵
  PID:3576
- C:\Windows\System\bUhVTEa.exe
  C:\Windows\System\bUhVTEa.exe
  2⤵
  PID:3572
- C:\Windows\System\kdAlMiW.exe
  C:\Windows\System\kdAlMiW.exe
  2⤵
  PID:3388
- C:\Windows\System\tuVpmRC.exe
  C:\Windows\System\tuVpmRC.exe
  2⤵
  PID:3640
- C:\Windows\System\WYKSdYn.exe
  C:\Windows\System\WYKSdYn.exe
  2⤵
  PID:2624
- C:\Windows\System\udBfTqr.exe
  C:\Windows\System\udBfTqr.exe
  2⤵
  PID:2740
- C:\Windows\System\VKqyMdM.exe
  C:\Windows\System\VKqyMdM.exe
  2⤵
  PID:3340
- C:\Windows\System\WpWBAqu.exe
  C:\Windows\System\WpWBAqu.exe
  2⤵
  PID:1972
- C:\Windows\System\AYAYgNC.exe
  C:\Windows\System\AYAYgNC.exe
  2⤵
  PID:4104
- C:\Windows\System\qyVRIhP.exe
  C:\Windows\System\qyVRIhP.exe
  2⤵
  PID:4128
- C:\Windows\System\sErZbMd.exe
  C:\Windows\System\sErZbMd.exe
  2⤵
  PID:4148
- C:\Windows\System\cFWJWoo.exe
  C:\Windows\System\cFWJWoo.exe
  2⤵
  PID:4172
- C:\Windows\System\EIEcaYQ.exe
  C:\Windows\System\EIEcaYQ.exe
  2⤵
  PID:4192
- C:\Windows\System\nKHWefm.exe
  C:\Windows\System\nKHWefm.exe
  2⤵
  PID:4208
- C:\Windows\System\xDdxHLW.exe
  C:\Windows\System\xDdxHLW.exe
  2⤵
  PID:4224
- C:\Windows\System\rFiZKKa.exe
  C:\Windows\System\rFiZKKa.exe
  2⤵
  PID:4240
- C:\Windows\System\xQYdljb.exe
  C:\Windows\System\xQYdljb.exe
  2⤵
  PID:4288
- C:\Windows\System\zttsRBS.exe
  C:\Windows\System\zttsRBS.exe
  2⤵
  PID:4312
- C:\Windows\System\RblEJxr.exe
  C:\Windows\System\RblEJxr.exe
  2⤵
  PID:4328
- C:\Windows\System\tzpCIKe.exe
  C:\Windows\System\tzpCIKe.exe
  2⤵
  PID:4344
- C:\Windows\System\AAkPYzc.exe
  C:\Windows\System\AAkPYzc.exe
  2⤵
  PID:4360
- C:\Windows\System\FCUGldD.exe
  C:\Windows\System\FCUGldD.exe
  2⤵
  PID:4376
- C:\Windows\System\hWcBlqS.exe
  C:\Windows\System\hWcBlqS.exe
  2⤵
  PID:4396
- C:\Windows\System\fnuODGt.exe
  C:\Windows\System\fnuODGt.exe
  2⤵
  PID:4412
- C:\Windows\System\BsSasGz.exe
  C:\Windows\System\BsSasGz.exe
  2⤵
  PID:4428
- C:\Windows\System\rGYeDEO.exe
  C:\Windows\System\rGYeDEO.exe
  2⤵
  PID:4452
- C:\Windows\System\Jmldznw.exe
  C:\Windows\System\Jmldznw.exe
  2⤵
  PID:4468
- C:\Windows\System\QaACDhN.exe
  C:\Windows\System\QaACDhN.exe
  2⤵
  PID:4484
- C:\Windows\System\rvAsdur.exe
  C:\Windows\System\rvAsdur.exe
  2⤵
  PID:4504
- C:\Windows\System\uSSBNPM.exe
  C:\Windows\System\uSSBNPM.exe
  2⤵
  PID:4524
- C:\Windows\System\tvHaMuq.exe
  C:\Windows\System\tvHaMuq.exe
  2⤵
  PID:4540
- C:\Windows\System\Irbjjmz.exe
  C:\Windows\System\Irbjjmz.exe
  2⤵
  PID:4588
- C:\Windows\System\wspEoIr.exe
  C:\Windows\System\wspEoIr.exe
  2⤵
  PID:4608
- C:\Windows\System\nCUPKph.exe
  C:\Windows\System\nCUPKph.exe
  2⤵
  PID:4632
- C:\Windows\System\NTJmjSO.exe
  C:\Windows\System\NTJmjSO.exe
  2⤵
  PID:4648
- C:\Windows\System\vJDfjhx.exe
  C:\Windows\System\vJDfjhx.exe
  2⤵
  PID:4672
- C:\Windows\System\EfchDxJ.exe
  C:\Windows\System\EfchDxJ.exe
  2⤵
  PID:4688
- C:\Windows\System\UXIbuBi.exe
  C:\Windows\System\UXIbuBi.exe
  2⤵
  PID:4708
- C:\Windows\System\dFsxQjQ.exe
  C:\Windows\System\dFsxQjQ.exe
  2⤵
  PID:4728
- C:\Windows\System\AYHWBPK.exe
  C:\Windows\System\AYHWBPK.exe
  2⤵
  PID:4748
- C:\Windows\System\GBkLtuf.exe
  C:\Windows\System\GBkLtuf.exe
  2⤵
  PID:4764
- C:\Windows\System\QuQdlmE.exe
  C:\Windows\System\QuQdlmE.exe
  2⤵
  PID:4780
- C:\Windows\System\dapHsqw.exe
  C:\Windows\System\dapHsqw.exe
  2⤵
  PID:4800
- C:\Windows\System\dteWUZg.exe
  C:\Windows\System\dteWUZg.exe
  2⤵
  PID:4816
- C:\Windows\System\Gxtwxkj.exe
  C:\Windows\System\Gxtwxkj.exe
  2⤵
  PID:4836
- C:\Windows\System\FjnSDut.exe
  C:\Windows\System\FjnSDut.exe
  2⤵
  PID:4864
- C:\Windows\System\XxuIcQd.exe
  C:\Windows\System\XxuIcQd.exe
  2⤵
  PID:4884
- C:\Windows\System\DGxVxQy.exe
  C:\Windows\System\DGxVxQy.exe
  2⤵
  PID:4908
- C:\Windows\System\ywpljjA.exe
  C:\Windows\System\ywpljjA.exe
  2⤵
  PID:4932
- C:\Windows\System\ibUfkuo.exe
  C:\Windows\System\ibUfkuo.exe
  2⤵
  PID:4948
- C:\Windows\System\FaAkuBY.exe
  C:\Windows\System\FaAkuBY.exe
  2⤵
  PID:4976
- C:\Windows\System\CXiMYzH.exe
  C:\Windows\System\CXiMYzH.exe
  2⤵
  PID:4992
- C:\Windows\System\MBOEWhC.exe
  C:\Windows\System\MBOEWhC.exe
  2⤵
  PID:5008
- C:\Windows\System\IfRVPYj.exe
  C:\Windows\System\IfRVPYj.exe
  2⤵
  PID:5032
- C:\Windows\System\DCYNpmw.exe
  C:\Windows\System\DCYNpmw.exe
  2⤵
  PID:5048
- C:\Windows\System\ErYNLbS.exe
  C:\Windows\System\ErYNLbS.exe
  2⤵
  PID:5068
- C:\Windows\System\cNCVXzL.exe
  C:\Windows\System\cNCVXzL.exe
  2⤵
  PID:5092
- C:\Windows\System\WKTNHxB.exe
  C:\Windows\System\WKTNHxB.exe
  2⤵
  PID:5112
- C:\Windows\System\QYLNfCq.exe
  C:\Windows\System\QYLNfCq.exe
  2⤵
  PID:3704
- C:\Windows\System\lSojjGB.exe
  C:\Windows\System\lSojjGB.exe
  2⤵
  PID:3496
- C:\Windows\System\noatAib.exe
  C:\Windows\System\noatAib.exe
  2⤵
  PID:4116
- C:\Windows\System\BlQadAY.exe
  C:\Windows\System\BlQadAY.exe
  2⤵
  PID:3504
- C:\Windows\System\UslLzXq.exe
  C:\Windows\System\UslLzXq.exe
  2⤵
  PID:4168
- C:\Windows\System\zCjOiBn.exe
  C:\Windows\System\zCjOiBn.exe
  2⤵
  PID:4140
- C:\Windows\System\ToVAqJL.exe
  C:\Windows\System\ToVAqJL.exe
  2⤵
  PID:4216
- C:\Windows\System\NoiclXN.exe
  C:\Windows\System\NoiclXN.exe
  2⤵
  PID:4264
- C:\Windows\System\EdNnYKU.exe
  C:\Windows\System\EdNnYKU.exe
  2⤵
  PID:4280
- C:\Windows\System\SgCDLxA.exe
  C:\Windows\System\SgCDLxA.exe
  2⤵
  PID:4296
- C:\Windows\System\TuDiipU.exe
  C:\Windows\System\TuDiipU.exe
  2⤵
  PID:4320
- C:\Windows\System\LVUHTxE.exe
  C:\Windows\System\LVUHTxE.exe
  2⤵
  PID:4464
- C:\Windows\System\EiymSFC.exe
  C:\Windows\System\EiymSFC.exe
  2⤵
  PID:4532
- C:\Windows\System\XatiUXW.exe
  C:\Windows\System\XatiUXW.exe
  2⤵
  PID:4440
- C:\Windows\System\qrKiWUI.exe
  C:\Windows\System\qrKiWUI.exe
  2⤵
  PID:4480
- C:\Windows\System\JXLHoIC.exe
  C:\Windows\System\JXLHoIC.exe
  2⤵
  PID:4512
- C:\Windows\System\MNpImMo.exe
  C:\Windows\System\MNpImMo.exe
  2⤵
  PID:4568
- C:\Windows\System\dIZuvVf.exe
  C:\Windows\System\dIZuvVf.exe
  2⤵
  PID:4584
- C:\Windows\System\SPJvpVs.exe
  C:\Windows\System\SPJvpVs.exe
  2⤵
  PID:4644
- C:\Windows\System\vlsBoFw.exe
  C:\Windows\System\vlsBoFw.exe
  2⤵
  PID:4724
- C:\Windows\System\rpKXNkF.exe
  C:\Windows\System\rpKXNkF.exe
  2⤵
  PID:4792
- C:\Windows\System\rFstjnQ.exe
  C:\Windows\System\rFstjnQ.exe
  2⤵
  PID:4828
- C:\Windows\System\MNMmJxf.exe
  C:\Windows\System\MNMmJxf.exe
  2⤵
  PID:4880
- C:\Windows\System\kwNoSOm.exe
  C:\Windows\System\kwNoSOm.exe
  2⤵
  PID:4660
- C:\Windows\System\euYOuJJ.exe
  C:\Windows\System\euYOuJJ.exe
  2⤵
  PID:4704
- C:\Windows\System\JsSXBat.exe
  C:\Windows\System\JsSXBat.exe
  2⤵
  PID:4956
- C:\Windows\System\kjkGnli.exe
  C:\Windows\System\kjkGnli.exe
  2⤵
  PID:4972
- C:\Windows\System\WvEZpmU.exe
  C:\Windows\System\WvEZpmU.exe
  2⤵
  PID:4744
- C:\Windows\System\CQaioDJ.exe
  C:\Windows\System\CQaioDJ.exe
  2⤵
  PID:4808
- C:\Windows\System\smogdlU.exe
  C:\Windows\System\smogdlU.exe
  2⤵
  PID:4848
- C:\Windows\System\BmpRnTa.exe
  C:\Windows\System\BmpRnTa.exe
  2⤵
  PID:5016
- C:\Windows\System\XlAibWs.exe
  C:\Windows\System\XlAibWs.exe
  2⤵
  PID:5024
- C:\Windows\System\WdUuRDh.exe
  C:\Windows\System\WdUuRDh.exe
  2⤵
  PID:5060
- C:\Windows\System\vPtMhNl.exe
  C:\Windows\System\vPtMhNl.exe
  2⤵
  PID:4180
- C:\Windows\System\YDcgadu.exe
  C:\Windows\System\YDcgadu.exe
  2⤵
  PID:4308
- C:\Windows\System\gPtlGnf.exe
  C:\Windows\System\gPtlGnf.exe
  2⤵
  PID:2920
- C:\Windows\System\EykYVsY.exe
  C:\Windows\System\EykYVsY.exe
  2⤵
  PID:4260
- C:\Windows\System\fwwPVov.exe
  C:\Windows\System\fwwPVov.exe
  2⤵
  PID:5108
- C:\Windows\System\ywdXqRp.exe
  C:\Windows\System\ywdXqRp.exe
  2⤵
  PID:4388
- C:\Windows\System\xfOZORq.exe
  C:\Windows\System\xfOZORq.exe
  2⤵
  PID:4372
- C:\Windows\System\ZLYgvvb.exe
  C:\Windows\System\ZLYgvvb.exe
  2⤵
  PID:4356
- C:\Windows\System\AHdHViR.exe
  C:\Windows\System\AHdHViR.exe
  2⤵
  PID:4604
- C:\Windows\System\sNgylWH.exe
  C:\Windows\System\sNgylWH.exe
  2⤵
  PID:4556
- C:\Windows\System\taIloaN.exe
  C:\Windows\System\taIloaN.exe
  2⤵
  PID:4760
- C:\Windows\System\WrepZVC.exe
  C:\Windows\System\WrepZVC.exe
  2⤵
  PID:4668
- C:\Windows\System\zTgfDeN.exe
  C:\Windows\System\zTgfDeN.exe
  2⤵
  PID:4964
- C:\Windows\System\TfNxTIN.exe
  C:\Windows\System\TfNxTIN.exe
  2⤵
  PID:4916
- C:\Windows\System\mJmViov.exe
  C:\Windows\System\mJmViov.exe
  2⤵
  PID:4580
- C:\Windows\System\VWHrwbn.exe
  C:\Windows\System\VWHrwbn.exe
  2⤵
  PID:4896
- C:\Windows\System\oeELQhL.exe
  C:\Windows\System\oeELQhL.exe
  2⤵
  PID:4984
- C:\Windows\System\gwXSjrm.exe
  C:\Windows\System\gwXSjrm.exe
  2⤵
  PID:5028
- C:\Windows\System\arWJLWL.exe
  C:\Windows\System\arWJLWL.exe
  2⤵
  PID:4904
- C:\Windows\System\RifIvGt.exe
  C:\Windows\System\RifIvGt.exe
  2⤵
  PID:5056
- C:\Windows\System\PCbSOYR.exe
  C:\Windows\System\PCbSOYR.exe
  2⤵
  PID:5020
- C:\Windows\System\dVKNgtK.exe
  C:\Windows\System\dVKNgtK.exe
  2⤵
  PID:4248
- C:\Windows\System\ImvaSRI.exe
  C:\Windows\System\ImvaSRI.exe
  2⤵
  PID:4136
- C:\Windows\System\ISVVJTZ.exe
  C:\Windows\System\ISVVJTZ.exe
  2⤵
  PID:5104
- C:\Windows\System\WsXXPIw.exe
  C:\Windows\System\WsXXPIw.exe
  2⤵
  PID:4460
- C:\Windows\System\HnKdJrA.exe
  C:\Windows\System\HnKdJrA.exe
  2⤵
  PID:4500
- C:\Windows\System\KUCrsyy.exe
  C:\Windows\System\KUCrsyy.exe
  2⤵
  PID:2480
- C:\Windows\System\umFSnGr.exe
  C:\Windows\System\umFSnGr.exe
  2⤵
  PID:4436
- C:\Windows\System\yKwynoz.exe
  C:\Windows\System\yKwynoz.exe
  2⤵
  PID:4628
- C:\Windows\System\GBMkhse.exe
  C:\Windows\System\GBMkhse.exe
  2⤵
  PID:4696
- C:\Windows\System\BQWuris.exe
  C:\Windows\System\BQWuris.exe
  2⤵
  PID:5044
- C:\Windows\System\IqNHZuY.exe
  C:\Windows\System\IqNHZuY.exe
  2⤵
  PID:4944
- C:\Windows\System\yhUFTtA.exe
  C:\Windows\System\yhUFTtA.exe
  2⤵
  PID:4304
- C:\Windows\System\dkMcHDU.exe
  C:\Windows\System\dkMcHDU.exe
  2⤵
  PID:4256
- C:\Windows\System\ZfGzZrf.exe
  C:\Windows\System\ZfGzZrf.exe
  2⤵
  PID:4756
- C:\Windows\System\HPvIWJa.exe
  C:\Windows\System\HPvIWJa.exe
  2⤵
  PID:5088
- C:\Windows\System\ZyfOnST.exe
  C:\Windows\System\ZyfOnST.exe
  2⤵
  PID:4924
- C:\Windows\System\lIpqpOy.exe
  C:\Windows\System\lIpqpOy.exe
  2⤵
  PID:4156
- C:\Windows\System\AzmWvlo.exe
  C:\Windows\System\AzmWvlo.exe
  2⤵
  PID:4164
- C:\Windows\System\dmOtixv.exe
  C:\Windows\System\dmOtixv.exe
  2⤵
  PID:4616
- C:\Windows\System\rBcCBYQ.exe
  C:\Windows\System\rBcCBYQ.exe
  2⤵
  PID:4740
- C:\Windows\System\OaPgwqC.exe
  C:\Windows\System\OaPgwqC.exe
  2⤵
  PID:4160
- C:\Windows\System\XswXmCJ.exe
  C:\Windows\System\XswXmCJ.exe
  2⤵
  PID:3040
- C:\Windows\System\EqTibto.exe
  C:\Windows\System\EqTibto.exe
  2⤵
  PID:4640
- C:\Windows\System\bljZMUf.exe
  C:\Windows\System\bljZMUf.exe
  2⤵
  PID:5124
- C:\Windows\System\MbYZLlZ.exe
  C:\Windows\System\MbYZLlZ.exe
  2⤵
  PID:5140
- C:\Windows\System\LRRANPf.exe
  C:\Windows\System\LRRANPf.exe
  2⤵
  PID:5180
- C:\Windows\System\PzvixJn.exe
  C:\Windows\System\PzvixJn.exe
  2⤵
  PID:5204
- C:\Windows\System\WGdDfVp.exe
  C:\Windows\System\WGdDfVp.exe
  2⤵
  PID:5220
- C:\Windows\System\tXlNZOG.exe
  C:\Windows\System\tXlNZOG.exe
  2⤵
  PID:5236
- C:\Windows\System\DLWRLBp.exe
  C:\Windows\System\DLWRLBp.exe
  2⤵
  PID:5252
- C:\Windows\System\BeLSJSq.exe
  C:\Windows\System\BeLSJSq.exe
  2⤵
  PID:5272
- C:\Windows\System\CkFvbfw.exe
  C:\Windows\System\CkFvbfw.exe
  2⤵
  PID:5288
- C:\Windows\System\wKKsAYe.exe
  C:\Windows\System\wKKsAYe.exe
  2⤵
  PID:5304
- C:\Windows\System\AIJGiGo.exe
  C:\Windows\System\AIJGiGo.exe
  2⤵
  PID:5320
- C:\Windows\System\SfydfIc.exe
  C:\Windows\System\SfydfIc.exe
  2⤵
  PID:5336
- C:\Windows\System\qtPQREI.exe
  C:\Windows\System\qtPQREI.exe
  2⤵
  PID:5360
- C:\Windows\System\WIrABjN.exe
  C:\Windows\System\WIrABjN.exe
  2⤵
  PID:5376
- C:\Windows\System\kLiyYkV.exe
  C:\Windows\System\kLiyYkV.exe
  2⤵
  PID:5392
- C:\Windows\System\MepzhnQ.exe
  C:\Windows\System\MepzhnQ.exe
  2⤵
  PID:5408
- C:\Windows\System\rvycrzD.exe
  C:\Windows\System\rvycrzD.exe
  2⤵
  PID:5424
- C:\Windows\System\yTypIDM.exe
  C:\Windows\System\yTypIDM.exe
  2⤵
  PID:5444
- C:\Windows\System\IOWAzrM.exe
  C:\Windows\System\IOWAzrM.exe
  2⤵
  PID:5460
- C:\Windows\System\pZShDOs.exe
  C:\Windows\System\pZShDOs.exe
  2⤵
  PID:5492
- C:\Windows\System\WkjaFCo.exe
  C:\Windows\System\WkjaFCo.exe
  2⤵
  PID:5508
- C:\Windows\System\LsoOXkO.exe
  C:\Windows\System\LsoOXkO.exe
  2⤵
  PID:5552
- C:\Windows\System\SKNGWlx.exe
  C:\Windows\System\SKNGWlx.exe
  2⤵
  PID:5568
- C:\Windows\System\XknjxAe.exe
  C:\Windows\System\XknjxAe.exe
  2⤵
  PID:5608
- C:\Windows\System\krUtulw.exe
  C:\Windows\System\krUtulw.exe
  2⤵
  PID:5632
- C:\Windows\System\YgpHSwm.exe
  C:\Windows\System\YgpHSwm.exe
  2⤵
  PID:5652
- C:\Windows\System\WjMiWeA.exe
  C:\Windows\System\WjMiWeA.exe
  2⤵
  PID:5668
- C:\Windows\System\guaNuoY.exe
  C:\Windows\System\guaNuoY.exe
  2⤵
  PID:5684
- C:\Windows\System\OMPxEFz.exe
  C:\Windows\System\OMPxEFz.exe
  2⤵
  PID:5700
- C:\Windows\System\eYYRXeB.exe
  C:\Windows\System\eYYRXeB.exe
  2⤵
  PID:5716
- C:\Windows\System\ueVUXLf.exe
  C:\Windows\System\ueVUXLf.exe
  2⤵
  PID:5732
- C:\Windows\System\soSRhNg.exe
  C:\Windows\System\soSRhNg.exe
  2⤵
  PID:5752
- C:\Windows\System\zrXSRhR.exe
  C:\Windows\System\zrXSRhR.exe
  2⤵
  PID:5768
- C:\Windows\System\nYOEqEy.exe
  C:\Windows\System\nYOEqEy.exe
  2⤵
  PID:5804
- C:\Windows\System\DaLPDLc.exe
  C:\Windows\System\DaLPDLc.exe
  2⤵
  PID:5820
- C:\Windows\System\rfQbvjL.exe
  C:\Windows\System\rfQbvjL.exe
  2⤵
  PID:5848
- C:\Windows\System\PWuBvXg.exe
  C:\Windows\System\PWuBvXg.exe
  2⤵
  PID:5864
- C:\Windows\System\tpVPgma.exe
  C:\Windows\System\tpVPgma.exe
  2⤵
  PID:5880
- C:\Windows\System\EPzGClA.exe
  C:\Windows\System\EPzGClA.exe
  2⤵
  PID:5896
- C:\Windows\System\XHVlslI.exe
  C:\Windows\System\XHVlslI.exe
  2⤵
  PID:5912
- C:\Windows\System\ArcNSsx.exe
  C:\Windows\System\ArcNSsx.exe
  2⤵
  PID:5928
- C:\Windows\System\kusBUpH.exe
  C:\Windows\System\kusBUpH.exe
  2⤵
  PID:5944
- C:\Windows\System\YLkMlHk.exe
  C:\Windows\System\YLkMlHk.exe
  2⤵
  PID:5960
- C:\Windows\System\MjRkEkf.exe
  C:\Windows\System\MjRkEkf.exe
  2⤵
  PID:5988
- C:\Windows\System\TkBuIqc.exe
  C:\Windows\System\TkBuIqc.exe
  2⤵
  PID:6008
- C:\Windows\System\MeoAEps.exe
  C:\Windows\System\MeoAEps.exe
  2⤵
  PID:6024
- C:\Windows\System\cVAGwts.exe
  C:\Windows\System\cVAGwts.exe
  2⤵
  PID:6040
- C:\Windows\System\WmToXMZ.exe
  C:\Windows\System\WmToXMZ.exe
  2⤵
  PID:6080
- C:\Windows\System\SEXKcUl.exe
  C:\Windows\System\SEXKcUl.exe
  2⤵
  PID:6104
- C:\Windows\System\NUoEteH.exe
  C:\Windows\System\NUoEteH.exe
  2⤵
  PID:6124
- C:\Windows\System\qDQGTUI.exe
  C:\Windows\System\qDQGTUI.exe
  2⤵
  PID:6140
- C:\Windows\System\WSzgEhH.exe
  C:\Windows\System\WSzgEhH.exe
  2⤵
  PID:1796
- C:\Windows\System\LLxsixT.exe
  C:\Windows\System\LLxsixT.exe
  2⤵
  PID:2636
- C:\Windows\System\lTqSqkO.exe
  C:\Windows\System\lTqSqkO.exe
  2⤵
  PID:3688
- C:\Windows\System\NBQYUPk.exe
  C:\Windows\System\NBQYUPk.exe
  2⤵
  PID:5156
- C:\Windows\System\CQGdfCA.exe
  C:\Windows\System\CQGdfCA.exe
  2⤵
  PID:5172
- C:\Windows\System\pbGWxfI.exe
  C:\Windows\System\pbGWxfI.exe
  2⤵
  PID:5192
- C:\Windows\System\wAmYOGR.exe
  C:\Windows\System\wAmYOGR.exe
  2⤵
  PID:5248
- C:\Windows\System\SzdGKYF.exe
  C:\Windows\System\SzdGKYF.exe
  2⤵
  PID:5268
- C:\Windows\System\xhlALUb.exe
  C:\Windows\System\xhlALUb.exe
  2⤵
  PID:5280
- C:\Windows\System\IjfCKoI.exe
  C:\Windows\System\IjfCKoI.exe
  2⤵
  PID:5216
- C:\Windows\System\AMKxCKZ.exe
  C:\Windows\System\AMKxCKZ.exe
  2⤵
  PID:5352
- C:\Windows\System\AYCcfhl.exe
  C:\Windows\System\AYCcfhl.exe
  2⤵
  PID:5432
- C:\Windows\System\bulyFod.exe
  C:\Windows\System\bulyFod.exe
  2⤵
  PID:5468
- C:\Windows\System\ECAcNld.exe
  C:\Windows\System\ECAcNld.exe
  2⤵
  PID:5476
- C:\Windows\System\PuwMVkW.exe
  C:\Windows\System\PuwMVkW.exe
  2⤵
  PID:5520
- C:\Windows\System\KwlHvZE.exe
  C:\Windows\System\KwlHvZE.exe
  2⤵
  PID:5532
- C:\Windows\System\wznyJxr.exe
  C:\Windows\System\wznyJxr.exe
  2⤵
  PID:5504
- C:\Windows\System\vcyJYhu.exe
  C:\Windows\System\vcyJYhu.exe
  2⤵
  PID:5588
- C:\Windows\System\HIoVAjc.exe
  C:\Windows\System\HIoVAjc.exe
  2⤵
  PID:5640
- C:\Windows\System\fkdCYey.exe
  C:\Windows\System\fkdCYey.exe
  2⤵
  PID:5624
- C:\Windows\System\vztibiz.exe
  C:\Windows\System\vztibiz.exe
  2⤵
  PID:5708
- C:\Windows\System\ibGUICw.exe
  C:\Windows\System\ibGUICw.exe
  2⤵
  PID:5776
- C:\Windows\System\frAjgwl.exe
  C:\Windows\System\frAjgwl.exe
  2⤵
  PID:5796
- C:\Windows\System\ZNwvuKP.exe
  C:\Windows\System\ZNwvuKP.exe
  2⤵
  PID:5832
- C:\Windows\System\zasAxmU.exe
  C:\Windows\System\zasAxmU.exe
  2⤵
  PID:5692
- C:\Windows\System\yJWCHHK.exe
  C:\Windows\System\yJWCHHK.exe
  2⤵
  PID:5812
- C:\Windows\System\eOhgFEe.exe
  C:\Windows\System\eOhgFEe.exe
  2⤵
  PID:5876
- C:\Windows\System\BMJXIEo.exe
  C:\Windows\System\BMJXIEo.exe
  2⤵
  PID:5968
- C:\Windows\System\VnNZZbe.exe
  C:\Windows\System\VnNZZbe.exe
  2⤵
  PID:5952
- C:\Windows\System\oNTvtyU.exe
  C:\Windows\System\oNTvtyU.exe
  2⤵
  PID:1852
- C:\Windows\System\GUgSDUx.exe
  C:\Windows\System\GUgSDUx.exe
  2⤵
  PID:6072
- C:\Windows\System\owryfIl.exe
  C:\Windows\System\owryfIl.exe
  2⤵
  PID:6032
- C:\Windows\System\DosvuBI.exe
  C:\Windows\System\DosvuBI.exe
  2⤵
  PID:6092
- C:\Windows\System\hoLyrdp.exe
  C:\Windows\System\hoLyrdp.exe
  2⤵
  PID:3176
- C:\Windows\System\AvATQju.exe
  C:\Windows\System\AvATQju.exe
  2⤵
  PID:4424
- C:\Windows\System\cqKQYpm.exe
  C:\Windows\System\cqKQYpm.exe
  2⤵
  PID:5168
- C:\Windows\System\eBuCfRC.exe
  C:\Windows\System\eBuCfRC.exe
  2⤵
  PID:5148
- C:\Windows\System\vTrhQNO.exe
  C:\Windows\System\vTrhQNO.exe
  2⤵
  PID:5212
- C:\Windows\System\fMXIQEL.exe
  C:\Windows\System\fMXIQEL.exe
  2⤵
  PID:5368
- C:\Windows\System\doZqfCj.exe
  C:\Windows\System\doZqfCj.exe
  2⤵
  PID:5400
- C:\Windows\System\dxLchlH.exe
  C:\Windows\System\dxLchlH.exe
  2⤵
  PID:5348
- C:\Windows\System\rpbXyWk.exe
  C:\Windows\System\rpbXyWk.exe
  2⤵
  PID:5604
- C:\Windows\System\zIXzlaZ.exe
  C:\Windows\System\zIXzlaZ.exe
  2⤵
  PID:2836
- C:\Windows\System\WBPvSPl.exe
  C:\Windows\System\WBPvSPl.exe
  2⤵
  PID:5188
- C:\Windows\System\iOmyDSg.exe
  C:\Windows\System\iOmyDSg.exe
  2⤵
  PID:532
- C:\Windows\System\ecGPTzx.exe
  C:\Windows\System\ecGPTzx.exe
  2⤵
  PID:5388
- C:\Windows\System\IcogQdq.exe
  C:\Windows\System\IcogQdq.exe
  2⤵
  PID:5788
- C:\Windows\System\ForgUYq.exe
  C:\Windows\System\ForgUYq.exe
  2⤵
  PID:5696
- C:\Windows\System\zSksPvY.exe
  C:\Windows\System\zSksPvY.exe
  2⤵
  PID:5576
- C:\Windows\System\WGmbPPV.exe
  C:\Windows\System\WGmbPPV.exe
  2⤵
  PID:5740
- C:\Windows\System\nYejFIr.exe
  C:\Windows\System\nYejFIr.exe
  2⤵
  PID:5744
- C:\Windows\System\CGQzGYH.exe
  C:\Windows\System\CGQzGYH.exe
  2⤵
  PID:5924
- C:\Windows\System\xwsLbqD.exe
  C:\Windows\System\xwsLbqD.exe
  2⤵
  PID:5760
- C:\Windows\System\QpTwTze.exe
  C:\Windows\System\QpTwTze.exe
  2⤵
  PID:6064
- C:\Windows\System\oqHqKqj.exe
  C:\Windows\System\oqHqKqj.exe
  2⤵
  PID:6004
- C:\Windows\System\imYMfpt.exe
  C:\Windows\System\imYMfpt.exe
  2⤵
  PID:6100
- C:\Windows\System\CWbBQYm.exe
  C:\Windows\System\CWbBQYm.exe
  2⤵
  PID:1120
- C:\Windows\System\rUAObWc.exe
  C:\Windows\System\rUAObWc.exe
  2⤵
  PID:5244
- C:\Windows\System\vzayTKO.exe
  C:\Windows\System\vzayTKO.exe
  2⤵
  PID:5516
- C:\Windows\System\xVQlZmV.exe
  C:\Windows\System\xVQlZmV.exe
  2⤵
  PID:5472
- C:\Windows\System\KhBehge.exe
  C:\Windows\System\KhBehge.exe
  2⤵
  PID:5264
- C:\Windows\System\sLOUkEU.exe
  C:\Windows\System\sLOUkEU.exe
  2⤵
  PID:2884
- C:\Windows\System\PyoVfmc.exe
  C:\Windows\System\PyoVfmc.exe
  2⤵
  PID:5536
- C:\Windows\System\gktUToy.exe
  C:\Windows\System\gktUToy.exe
  2⤵
  PID:5676
- C:\Windows\System\fvkvSrH.exe
  C:\Windows\System\fvkvSrH.exe
  2⤵
  PID:5980
- C:\Windows\System\glzvcTI.exe
  C:\Windows\System\glzvcTI.exe
  2⤵
  PID:5844
- C:\Windows\System\LXiepYK.exe
  C:\Windows\System\LXiepYK.exe
  2⤵
  PID:5628
- C:\Windows\System\hKkiRRV.exe
  C:\Windows\System\hKkiRRV.exe
  2⤵
  PID:5920
- C:\Windows\System\RunnxYC.exe
  C:\Windows\System\RunnxYC.exe
  2⤵
  PID:5996
- C:\Windows\System\relfPbz.exe
  C:\Windows\System\relfPbz.exe
  2⤵
  PID:6116
- C:\Windows\System\KMJXBKn.exe
  C:\Windows\System\KMJXBKn.exe
  2⤵
  PID:6112
- C:\Windows\System\iBLNcqy.exe
  C:\Windows\System\iBLNcqy.exe
  2⤵
  PID:2648
- C:\Windows\System\PeMnUWA.exe
  C:\Windows\System\PeMnUWA.exe
  2⤵
  PID:5500
- C:\Windows\System\aYAaAlD.exe
  C:\Windows\System\aYAaAlD.exe
  2⤵
  PID:5316
- C:\Windows\System\MAtUoOp.exe
  C:\Windows\System\MAtUoOp.exe
  2⤵
  PID:5580
- C:\Windows\System\pnFJadg.exe
  C:\Windows\System\pnFJadg.exe
  2⤵
  PID:5764
- C:\Windows\System\HVILugJ.exe
  C:\Windows\System\HVILugJ.exe
  2⤵
  PID:6132
- C:\Windows\System\gdQJhFt.exe
  C:\Windows\System\gdQJhFt.exe
  2⤵
  PID:6052
- C:\Windows\System\SIhAekR.exe
  C:\Windows\System\SIhAekR.exe
  2⤵
  PID:5584
- C:\Windows\System\vFVhgef.exe
  C:\Windows\System\vFVhgef.exe
  2⤵
  PID:1652
- C:\Windows\System\vsbxIlJ.exe
  C:\Windows\System\vsbxIlJ.exe
  2⤵
  PID:528
- C:\Windows\System\lyBYAIm.exe
  C:\Windows\System\lyBYAIm.exe
  2⤵
  PID:5784
- C:\Windows\System\yQzgjTk.exe
  C:\Windows\System\yQzgjTk.exe
  2⤵
  PID:2948
- C:\Windows\System\HRxPgcZ.exe
  C:\Windows\System\HRxPgcZ.exe
  2⤵
  PID:6160
- C:\Windows\System\VTJGrUf.exe
  C:\Windows\System\VTJGrUf.exe
  2⤵
  PID:6180
- C:\Windows\System\FVRYYBK.exe
  C:\Windows\System\FVRYYBK.exe
  2⤵
  PID:6200
- C:\Windows\System\OfcGbXO.exe
  C:\Windows\System\OfcGbXO.exe
  2⤵
  PID:6224
- C:\Windows\System\cMmjzGn.exe
  C:\Windows\System\cMmjzGn.exe
  2⤵
  PID:6240
- C:\Windows\System\KCUFylO.exe
  C:\Windows\System\KCUFylO.exe
  2⤵
  PID:6260
- C:\Windows\System\apZoIse.exe
  C:\Windows\System\apZoIse.exe
  2⤵
  PID:6276
- C:\Windows\System\MyOUoBf.exe
  C:\Windows\System\MyOUoBf.exe
  2⤵
  PID:6308
- C:\Windows\System\zjdEnij.exe
  C:\Windows\System\zjdEnij.exe
  2⤵
  PID:6324
- C:\Windows\System\bELryaz.exe
  C:\Windows\System\bELryaz.exe
  2⤵
  PID:6344
- C:\Windows\System\vpbFkwB.exe
  C:\Windows\System\vpbFkwB.exe
  2⤵
  PID:6360
- C:\Windows\System\DUHDtjd.exe
  C:\Windows\System\DUHDtjd.exe
  2⤵
  PID:6376
- C:\Windows\System\CvAVjJz.exe
  C:\Windows\System\CvAVjJz.exe
  2⤵
  PID:6392
- C:\Windows\System\OAxEFUJ.exe
  C:\Windows\System\OAxEFUJ.exe
  2⤵
  PID:6428
- C:\Windows\System\cHYhXmu.exe
  C:\Windows\System\cHYhXmu.exe
  2⤵
  PID:6444
- C:\Windows\System\vQGPulI.exe
  C:\Windows\System\vQGPulI.exe
  2⤵
  PID:6468
- C:\Windows\System\SVdXEWW.exe
  C:\Windows\System\SVdXEWW.exe
  2⤵
  PID:6484
- C:\Windows\System\tmbnTMq.exe
  C:\Windows\System\tmbnTMq.exe
  2⤵
  PID:6500
- C:\Windows\System\IVFMqFd.exe
  C:\Windows\System\IVFMqFd.exe
  2⤵
  PID:6516
- C:\Windows\System\JHmOASC.exe
  C:\Windows\System\JHmOASC.exe
  2⤵
  PID:6548
- C:\Windows\System\SSoQjqj.exe
  C:\Windows\System\SSoQjqj.exe
  2⤵
  PID:6564
- C:\Windows\System\APTpQFL.exe
  C:\Windows\System\APTpQFL.exe
  2⤵
  PID:6580
- C:\Windows\System\ZaQFBQx.exe
  C:\Windows\System\ZaQFBQx.exe
  2⤵
  PID:6596
- C:\Windows\System\mWQkkei.exe
  C:\Windows\System\mWQkkei.exe
  2⤵
  PID:6612
- C:\Windows\System\LMqfiQl.exe
  C:\Windows\System\LMqfiQl.exe
  2⤵
  PID:6628
- C:\Windows\System\wXIrzNk.exe
  C:\Windows\System\wXIrzNk.exe
  2⤵
  PID:6644
- C:\Windows\System\jzbomJD.exe
  C:\Windows\System\jzbomJD.exe
  2⤵
  PID:6660
- C:\Windows\System\spnMAwJ.exe
  C:\Windows\System\spnMAwJ.exe
  2⤵
  PID:6676
- C:\Windows\System\tsvPuKi.exe
  C:\Windows\System\tsvPuKi.exe
  2⤵
  PID:6720
- C:\Windows\System\Bewcyeu.exe
  C:\Windows\System\Bewcyeu.exe
  2⤵
  PID:6744
- C:\Windows\System\OVbKeEx.exe
  C:\Windows\System\OVbKeEx.exe
  2⤵
  PID:6760
- C:\Windows\System\cAmJXua.exe
  C:\Windows\System\cAmJXua.exe
  2⤵
  PID:6788
- C:\Windows\System\VVTUByf.exe
  C:\Windows\System\VVTUByf.exe
  2⤵
  PID:6804
- C:\Windows\System\jcgpYoo.exe
  C:\Windows\System\jcgpYoo.exe
  2⤵
  PID:6824
- C:\Windows\System\OWmRgmk.exe
  C:\Windows\System\OWmRgmk.exe
  2⤵
  PID:6844
- C:\Windows\System\nODshtK.exe
  C:\Windows\System\nODshtK.exe
  2⤵
  PID:6864
- C:\Windows\System\PiQPSrE.exe
  C:\Windows\System\PiQPSrE.exe
  2⤵
  PID:6880
- C:\Windows\System\fDVCPoK.exe
  C:\Windows\System\fDVCPoK.exe
  2⤵
  PID:6896
- C:\Windows\System\IEQnpYW.exe
  C:\Windows\System\IEQnpYW.exe
  2⤵
  PID:6912
- C:\Windows\System\wuaSOqs.exe
  C:\Windows\System\wuaSOqs.exe
  2⤵
  PID:6928
- C:\Windows\System\LQgBFMB.exe
  C:\Windows\System\LQgBFMB.exe
  2⤵
  PID:6944
- C:\Windows\System\aYZgiZn.exe
  C:\Windows\System\aYZgiZn.exe
  2⤵
  PID:6976
- C:\Windows\System\YAbdxYE.exe
  C:\Windows\System\YAbdxYE.exe
  2⤵
  PID:6996
- C:\Windows\System\KpGjkjk.exe
  C:\Windows\System\KpGjkjk.exe
  2⤵
  PID:7028
- C:\Windows\System\RWJRHlg.exe
  C:\Windows\System\RWJRHlg.exe
  2⤵
  PID:7044
- C:\Windows\System\hWFFxeg.exe
  C:\Windows\System\hWFFxeg.exe
  2⤵
  PID:7060
- C:\Windows\System\lmuvXHY.exe
  C:\Windows\System\lmuvXHY.exe
  2⤵
  PID:7080
- C:\Windows\System\EMKxBcS.exe
  C:\Windows\System\EMKxBcS.exe
  2⤵
  PID:7104
- C:\Windows\System\SDRBpxZ.exe
  C:\Windows\System\SDRBpxZ.exe
  2⤵
  PID:7120
- C:\Windows\System\InQWKEg.exe
  C:\Windows\System\InQWKEg.exe
  2⤵
  PID:7136
- C:\Windows\System\LfWQBDv.exe
  C:\Windows\System\LfWQBDv.exe
  2⤵
  PID:7152
- C:\Windows\System\UXQLexA.exe
  C:\Windows\System\UXQLexA.exe
  2⤵
  PID:5164
- C:\Windows\System\MgQPXzB.exe
  C:\Windows\System\MgQPXzB.exe
  2⤵
  PID:5084
- C:\Windows\System\HwGgWwa.exe
  C:\Windows\System\HwGgWwa.exe
  2⤵
  PID:6048
- C:\Windows\System\LdFDJAd.exe
  C:\Windows\System\LdFDJAd.exe
  2⤵
  PID:6168
- C:\Windows\System\aJqWraf.exe
  C:\Windows\System\aJqWraf.exe
  2⤵
  PID:6156
- C:\Windows\System\yxUTMLe.exe
  C:\Windows\System\yxUTMLe.exe
  2⤵
  PID:6220
- C:\Windows\System\jfIJtGF.exe
  C:\Windows\System\jfIJtGF.exe
  2⤵
  PID:6232
- C:\Windows\System\ypngyUR.exe
  C:\Windows\System\ypngyUR.exe
  2⤵
  PID:2104
- C:\Windows\System\oijsBiI.exe
  C:\Windows\System\oijsBiI.exe
  2⤵
  PID:6300
- C:\Windows\System\vkAWZnD.exe
  C:\Windows\System\vkAWZnD.exe
  2⤵
  PID:6340
- C:\Windows\System\wPeHAMr.exe
  C:\Windows\System\wPeHAMr.exe
  2⤵
  PID:6416
- C:\Windows\System\OkIXmgl.exe
  C:\Windows\System\OkIXmgl.exe
  2⤵
  PID:6352
- C:\Windows\System\MJESzvd.exe
  C:\Windows\System\MJESzvd.exe
  2⤵
  PID:6436
- C:\Windows\System\jyKZqJg.exe
  C:\Windows\System\jyKZqJg.exe
  2⤵
  PID:6464
- C:\Windows\System\rzxOSPy.exe
  C:\Windows\System\rzxOSPy.exe
  2⤵
  PID:6480
- C:\Windows\System\GEXGlYJ.exe
  C:\Windows\System\GEXGlYJ.exe
  2⤵
  PID:6532
- C:\Windows\System\OrReAfn.exe
  C:\Windows\System\OrReAfn.exe
  2⤵
  PID:6576
- C:\Windows\System\uJbpIKo.exe
  C:\Windows\System\uJbpIKo.exe
  2⤵
  PID:6652
- C:\Windows\System\QvscDnE.exe
  C:\Windows\System\QvscDnE.exe
  2⤵
  PID:6672
- C:\Windows\System\jxqzOKG.exe
  C:\Windows\System\jxqzOKG.exe
  2⤵
  PID:6696
- C:\Windows\System\QzqBLKO.exe
  C:\Windows\System\QzqBLKO.exe
  2⤵
  PID:6716
- C:\Windows\System\xTyrYtl.exe
  C:\Windows\System\xTyrYtl.exe
  2⤵
  PID:6736
- C:\Windows\System\thxCtCz.exe
  C:\Windows\System\thxCtCz.exe
  2⤵
  PID:6776
- C:\Windows\System\oGmtHJA.exe
  C:\Windows\System\oGmtHJA.exe
  2⤵
  PID:6812
- C:\Windows\System\goQIcfd.exe
  C:\Windows\System\goQIcfd.exe
  2⤵
  PID:6820
- C:\Windows\System\SVgcIlG.exe
  C:\Windows\System\SVgcIlG.exe
  2⤵
  PID:6892
- C:\Windows\System\INoTPiH.exe
  C:\Windows\System\INoTPiH.exe
  2⤵
  PID:6832
- C:\Windows\System\fqlOCBq.exe
  C:\Windows\System\fqlOCBq.exe
  2⤵
  PID:6964
- C:\Windows\System\tWzRDrk.exe
  C:\Windows\System\tWzRDrk.exe
  2⤵
  PID:6936
- C:\Windows\System\AsoOjwq.exe
  C:\Windows\System\AsoOjwq.exe
  2⤵
  PID:6872
- C:\Windows\System\UnhcoUE.exe
  C:\Windows\System\UnhcoUE.exe
  2⤵
  PID:6908
- C:\Windows\System\wcqiEdB.exe
  C:\Windows\System\wcqiEdB.exe
  2⤵
  PID:7008
- C:\Windows\System\MemcTRh.exe
  C:\Windows\System\MemcTRh.exe
  2⤵
  PID:7088
- C:\Windows\System\FbflMNx.exe
  C:\Windows\System\FbflMNx.exe
  2⤵
  PID:7132
- C:\Windows\System\RqbqUNX.exe
  C:\Windows\System\RqbqUNX.exe
  2⤵
  PID:7072
- C:\Windows\System\uXmILsZ.exe
  C:\Windows\System\uXmILsZ.exe
  2⤵
  PID:6148
- C:\Windows\System\LyBPaiA.exe
  C:\Windows\System\LyBPaiA.exe
  2⤵
  PID:7144
- C:\Windows\System\IWPjAWV.exe
  C:\Windows\System\IWPjAWV.exe
  2⤵
  PID:3024
- C:\Windows\System\dfPCJin.exe
  C:\Windows\System\dfPCJin.exe
  2⤵
  PID:6192
- C:\Windows\System\hoIXhaD.exe
  C:\Windows\System\hoIXhaD.exe
  2⤵
  PID:6292
- C:\Windows\System\FJEVStz.exe
  C:\Windows\System\FJEVStz.exe
  2⤵
  PID:6212
- C:\Windows\System\kqFFvba.exe
  C:\Windows\System\kqFFvba.exe
  2⤵
  PID:6332
- C:\Windows\System\lYOPCRl.exe
  C:\Windows\System\lYOPCRl.exe
  2⤵
  PID:4384
- C:\Windows\System\hxZifzn.exe
  C:\Windows\System\hxZifzn.exe
  2⤵
  PID:5836
- C:\Windows\System\zqNCwgJ.exe
  C:\Windows\System\zqNCwgJ.exe
  2⤵
  PID:6496
- C:\Windows\System\HoaDqhJ.exe
  C:\Windows\System\HoaDqhJ.exe
  2⤵
  PID:6460
- C:\Windows\System\VwJUgQc.exe
  C:\Windows\System\VwJUgQc.exe
  2⤵
  PID:6404
- C:\Windows\System\yDkkpVU.exe
  C:\Windows\System\yDkkpVU.exe
  2⤵
  PID:6700
- C:\Windows\System\vSlyryN.exe
  C:\Windows\System\vSlyryN.exe
  2⤵
  PID:6544
- C:\Windows\System\KnqlVkc.exe
  C:\Windows\System\KnqlVkc.exe
  2⤵
  PID:6708
- C:\Windows\System\CCbRbwz.exe
  C:\Windows\System\CCbRbwz.exe
  2⤵
  PID:6816
- C:\Windows\System\koGMwPo.exe
  C:\Windows\System\koGMwPo.exe
  2⤵
  PID:7004
- C:\Windows\System\kKyhmPz.exe
  C:\Windows\System\kKyhmPz.exe
  2⤵
  PID:7056
- C:\Windows\System\loqajwV.exe
  C:\Windows\System\loqajwV.exe
  2⤵
  PID:7116
- C:\Windows\System\iSWkQoP.exe
  C:\Windows\System\iSWkQoP.exe
  2⤵
  PID:6268
- C:\Windows\System\TOsNFHi.exe
  C:\Windows\System\TOsNFHi.exe
  2⤵
  PID:6320
- C:\Windows\System\RTxRemv.exe
  C:\Windows\System\RTxRemv.exe
  2⤵
  PID:6656
- C:\Windows\System\tuAFodE.exe
  C:\Windows\System\tuAFodE.exe
  2⤵
  PID:6624
- C:\Windows\System\aOwNQMb.exe
  C:\Windows\System\aOwNQMb.exe
  2⤵
  PID:6888
- C:\Windows\System\bjOYUIw.exe
  C:\Windows\System\bjOYUIw.exe
  2⤵
  PID:6316
- C:\Windows\System\GTtjEgQ.exe
  C:\Windows\System\GTtjEgQ.exe
  2⤵
  PID:6336
- C:\Windows\System\WLDwmns.exe
  C:\Windows\System\WLDwmns.exe
  2⤵
  PID:6988
- C:\Windows\System\TsidlRQ.exe
  C:\Windows\System\TsidlRQ.exe
  2⤵
  PID:6296
- C:\Windows\System\GtfLnnX.exe
  C:\Windows\System\GtfLnnX.exe
  2⤵
  PID:6668
- C:\Windows\System\HBFPmpU.exe
  C:\Windows\System\HBFPmpU.exe
  2⤵
  PID:6768
- C:\Windows\System\UdVjSIx.exe
  C:\Windows\System\UdVjSIx.exe
  2⤵
  PID:6904
- C:\Windows\System\psfzzym.exe
  C:\Windows\System\psfzzym.exe
  2⤵
  PID:7040
- C:\Windows\System\JxsxINT.exe
  C:\Windows\System\JxsxINT.exe
  2⤵
  PID:6972
- C:\Windows\System\SPPfhFi.exe
  C:\Windows\System\SPPfhFi.exe
  2⤵
  PID:6452
- C:\Windows\System\TPVevGX.exe
  C:\Windows\System\TPVevGX.exe
  2⤵
  PID:6592
- C:\Windows\System\fOhMeFr.exe
  C:\Windows\System\fOhMeFr.exe
  2⤵
  PID:6476
- C:\Windows\System\eeiDPED.exe
  C:\Windows\System\eeiDPED.exe
  2⤵
  PID:7100
- C:\Windows\System\rEiayCF.exe
  C:\Windows\System\rEiayCF.exe
  2⤵
  PID:6216
- C:\Windows\System\dVONLUg.exe
  C:\Windows\System\dVONLUg.exe
  2⤵
  PID:2912
- C:\Windows\System\rYkDEbX.exe
  C:\Windows\System\rYkDEbX.exe
  2⤵
  PID:2388
- C:\Windows\System\rBxzyiw.exe
  C:\Windows\System\rBxzyiw.exe
  2⤵
  PID:6800
- C:\Windows\System\obVmvaT.exe
  C:\Windows\System\obVmvaT.exe
  2⤵
  PID:6400
- C:\Windows\System\gWYguDJ.exe
  C:\Windows\System\gWYguDJ.exe
  2⤵
  PID:6272
- C:\Windows\System\dKroikk.exe
  C:\Windows\System\dKroikk.exe
  2⤵
  PID:5488
- C:\Windows\System\xoZHavd.exe
  C:\Windows\System\xoZHavd.exe
  2⤵
  PID:5888
- C:\Windows\System\VCfnTMv.exe
  C:\Windows\System\VCfnTMv.exe
  2⤵
  PID:6924
- C:\Windows\System\aEXGUtu.exe
  C:\Windows\System\aEXGUtu.exe
  2⤵
  PID:6984
- C:\Windows\System\oWWXNYg.exe
  C:\Windows\System\oWWXNYg.exe
  2⤵
  PID:6684
- C:\Windows\System\AosfCXx.exe
  C:\Windows\System\AosfCXx.exe
  2⤵
  PID:744
- C:\Windows\System\vmWOemm.exe
  C:\Windows\System\vmWOemm.exe
  2⤵
  PID:6732
- C:\Windows\System\LCEifuZ.exe
  C:\Windows\System\LCEifuZ.exe
  2⤵
  PID:7172
- C:\Windows\System\PZdibMa.exe
  C:\Windows\System\PZdibMa.exe
  2⤵
  PID:7192
- C:\Windows\System\ACMUlqs.exe
  C:\Windows\System\ACMUlqs.exe
  2⤵
  PID:7220
- C:\Windows\System\lwlbJVT.exe
  C:\Windows\System\lwlbJVT.exe
  2⤵
  PID:7236
- C:\Windows\System\MzvpEwe.exe
  C:\Windows\System\MzvpEwe.exe
  2⤵
  PID:7252
- C:\Windows\System\kkTdWgG.exe
  C:\Windows\System\kkTdWgG.exe
  2⤵
  PID:7268
- C:\Windows\System\bJsrmFa.exe
  C:\Windows\System\bJsrmFa.exe
  2⤵
  PID:7284
- C:\Windows\System\gyUKRIk.exe
  C:\Windows\System\gyUKRIk.exe
  2⤵
  PID:7324
- C:\Windows\System\PyZhbpU.exe
  C:\Windows\System\PyZhbpU.exe
  2⤵
  PID:7340
- C:\Windows\System\vkEFpLu.exe
  C:\Windows\System\vkEFpLu.exe
  2⤵
  PID:7356
- C:\Windows\System\ZdSXGEy.exe
  C:\Windows\System\ZdSXGEy.exe
  2⤵
  PID:7372
- C:\Windows\System\OsMCbaK.exe
  C:\Windows\System\OsMCbaK.exe
  2⤵
  PID:7392
- C:\Windows\System\GcJdxID.exe
  C:\Windows\System\GcJdxID.exe
  2⤵
  PID:7416
- C:\Windows\System\sDttocB.exe
  C:\Windows\System\sDttocB.exe
  2⤵
  PID:7436
- C:\Windows\System\knekTiX.exe
  C:\Windows\System\knekTiX.exe
  2⤵
  PID:7456
- C:\Windows\System\qgKBAlD.exe
  C:\Windows\System\qgKBAlD.exe
  2⤵
  PID:7476
- C:\Windows\System\WsQAMHb.exe
  C:\Windows\System\WsQAMHb.exe
  2⤵
  PID:7492
- C:\Windows\System\YXzUpEJ.exe
  C:\Windows\System\YXzUpEJ.exe
  2⤵
  PID:7516
- C:\Windows\System\WjwEzYT.exe
  C:\Windows\System\WjwEzYT.exe
  2⤵
  PID:7540
- C:\Windows\System\SEmCKYY.exe
  C:\Windows\System\SEmCKYY.exe
  2⤵
  PID:7572
- C:\Windows\System\RtbyBwT.exe
  C:\Windows\System\RtbyBwT.exe
  2⤵
  PID:7588
- C:\Windows\System\HgAZKEy.exe
  C:\Windows\System\HgAZKEy.exe
  2⤵
  PID:7612
- C:\Windows\System\JDcGOkx.exe
  C:\Windows\System\JDcGOkx.exe
  2⤵
  PID:7628
- C:\Windows\System\slouWJS.exe
  C:\Windows\System\slouWJS.exe
  2⤵
  PID:7656
- C:\Windows\System\RyfdpWe.exe
  C:\Windows\System\RyfdpWe.exe
  2⤵
  PID:7672
- C:\Windows\System\PPPIpqc.exe
  C:\Windows\System\PPPIpqc.exe
  2⤵
  PID:7688
- C:\Windows\System\IzxqevQ.exe
  C:\Windows\System\IzxqevQ.exe
  2⤵
  PID:7704
- C:\Windows\System\KJflLpC.exe
  C:\Windows\System\KJflLpC.exe
  2⤵
  PID:7720
- C:\Windows\System\SOsNbRU.exe
  C:\Windows\System\SOsNbRU.exe
  2⤵
  PID:7736
- C:\Windows\System\WiPCujl.exe
  C:\Windows\System\WiPCujl.exe
  2⤵
  PID:7752
- C:\Windows\System\pjkaBsw.exe
  C:\Windows\System\pjkaBsw.exe
  2⤵
  PID:7772
- C:\Windows\System\hYdbhHz.exe
  C:\Windows\System\hYdbhHz.exe
  2⤵
  PID:7788
- C:\Windows\System\sSsTLub.exe
  C:\Windows\System\sSsTLub.exe
  2⤵
  PID:7804
- C:\Windows\System\mJJgNlN.exe
  C:\Windows\System\mJJgNlN.exe
  2⤵
  PID:7836
- C:\Windows\System\buvLmSc.exe
  C:\Windows\System\buvLmSc.exe
  2⤵
  PID:7864
- C:\Windows\System\QQZXbnp.exe
  C:\Windows\System\QQZXbnp.exe
  2⤵
  PID:7880
- C:\Windows\System\igLzhAQ.exe
  C:\Windows\System\igLzhAQ.exe
  2⤵
  PID:7896
- C:\Windows\System\VMiZrVv.exe
  C:\Windows\System\VMiZrVv.exe
  2⤵
  PID:7912
- C:\Windows\System\wgTpkvf.exe
  C:\Windows\System\wgTpkvf.exe
  2⤵
  PID:7928
- C:\Windows\System\vgfLYHH.exe
  C:\Windows\System\vgfLYHH.exe
  2⤵
  PID:7944
- C:\Windows\System\SfWkVmS.exe
  C:\Windows\System\SfWkVmS.exe
  2⤵
  PID:7980
- C:\Windows\System\TQGUysT.exe
  C:\Windows\System\TQGUysT.exe
  2⤵
  PID:8016
- C:\Windows\System\GhzNNWN.exe
  C:\Windows\System\GhzNNWN.exe
  2⤵
  PID:8032
- C:\Windows\System\GDPETfL.exe
  C:\Windows\System\GDPETfL.exe
  2⤵
  PID:8052
- C:\Windows\System\vksuRNy.exe
  C:\Windows\System\vksuRNy.exe
  2⤵
  PID:8068
- C:\Windows\System\GNvWNvW.exe
  C:\Windows\System\GNvWNvW.exe
  2⤵
  PID:8100
- C:\Windows\System\fdsrBvb.exe
  C:\Windows\System\fdsrBvb.exe
  2⤵
  PID:8116
- C:\Windows\System\sjiGgIF.exe
  C:\Windows\System\sjiGgIF.exe
  2⤵
  PID:8132
- C:\Windows\System\olvCMcD.exe
  C:\Windows\System\olvCMcD.exe
  2⤵
  PID:8148
- C:\Windows\System\fgcrpix.exe
  C:\Windows\System\fgcrpix.exe
  2⤵
  PID:8164
- C:\Windows\System\IqTsrmC.exe
  C:\Windows\System\IqTsrmC.exe
  2⤵
  PID:8180
- C:\Windows\System\mRSnlby.exe
  C:\Windows\System\mRSnlby.exe
  2⤵
  PID:6756
- C:\Windows\System\svnvhpi.exe
  C:\Windows\System\svnvhpi.exe
  2⤵
  PID:7188
- C:\Windows\System\xnKOEJI.exe
  C:\Windows\System\xnKOEJI.exe
  2⤵
  PID:7260
- C:\Windows\System\dBqLEtl.exe
  C:\Windows\System\dBqLEtl.exe
  2⤵
  PID:7292
- C:\Windows\System\OQtBOhy.exe
  C:\Windows\System\OQtBOhy.exe
  2⤵
  PID:7312
- C:\Windows\System\sWQXEqS.exe
  C:\Windows\System\sWQXEqS.exe
  2⤵
  PID:7216
- C:\Windows\System\sqeqZul.exe
  C:\Windows\System\sqeqZul.exe
  2⤵
  PID:7348
- C:\Windows\System\CDqOXRi.exe
  C:\Windows\System\CDqOXRi.exe
  2⤵
  PID:7248
- C:\Windows\System\lCmwgfe.exe
  C:\Windows\System\lCmwgfe.exe
  2⤵
  PID:7384
- C:\Windows\System\rcKWlsK.exe
  C:\Windows\System\rcKWlsK.exe
  2⤵
  PID:7432
- C:\Windows\System\SrAQjyN.exe
  C:\Windows\System\SrAQjyN.exe
  2⤵
  PID:7472
- C:\Windows\System\VfvbpAc.exe
  C:\Windows\System\VfvbpAc.exe
  2⤵
  PID:7512
- C:\Windows\System\nvshmyP.exe
  C:\Windows\System\nvshmyP.exe
  2⤵
  PID:7412
- C:\Windows\System\iBbBQQl.exe
  C:\Windows\System\iBbBQQl.exe
  2⤵
  PID:7484
- C:\Windows\System\dlOinro.exe
  C:\Windows\System\dlOinro.exe
  2⤵
  PID:7564
- C:\Windows\System\huZCIDV.exe
  C:\Windows\System\huZCIDV.exe
  2⤵
  PID:7532
- C:\Windows\System\azQyRth.exe
  C:\Windows\System\azQyRth.exe
  2⤵
  PID:7644
- C:\Windows\System\BsZIJcL.exe
  C:\Windows\System\BsZIJcL.exe
  2⤵
  PID:7680
- C:\Windows\System\CVZlBVW.exe
  C:\Windows\System\CVZlBVW.exe
  2⤵
  PID:7744
- C:\Windows\System\nkAYRDU.exe
  C:\Windows\System\nkAYRDU.exe
  2⤵
  PID:7812
- C:\Windows\System\iMrGPRZ.exe
  C:\Windows\System\iMrGPRZ.exe
  2⤵
  PID:7832
- C:\Windows\System\ZIvSyjm.exe
  C:\Windows\System\ZIvSyjm.exe
  2⤵
  PID:7876
- C:\Windows\System\HsYDbDD.exe
  C:\Windows\System\HsYDbDD.exe
  2⤵
  PID:7800
- C:\Windows\System\BkSSgvZ.exe
  C:\Windows\System\BkSSgvZ.exe
  2⤵
  PID:7796
- C:\Windows\System\JiGqOUz.exe
  C:\Windows\System\JiGqOUz.exe
  2⤵
  PID:7960
- C:\Windows\System\iUWvOfD.exe
  C:\Windows\System\iUWvOfD.exe
  2⤵
  PID:7996
- C:\Windows\System\CZLyjHg.exe
  C:\Windows\System\CZLyjHg.exe
  2⤵
  PID:7972
- C:\Windows\System\yXmlNlR.exe
  C:\Windows\System\yXmlNlR.exe
  2⤵
  PID:8008
- C:\Windows\System\njlyLUY.exe
  C:\Windows\System\njlyLUY.exe
  2⤵
  PID:8044
- C:\Windows\System\rWriXlh.exe
  C:\Windows\System\rWriXlh.exe
  2⤵
  PID:8076
- C:\Windows\System\yHssbwy.exe
  C:\Windows\System\yHssbwy.exe
  2⤵
  PID:2140
- C:\Windows\System\yLjJKwM.exe
  C:\Windows\System\yLjJKwM.exe
  2⤵
  PID:8088
- C:\Windows\System\bQwNIsE.exe
  C:\Windows\System\bQwNIsE.exe
  2⤵
  PID:8108
- C:\Windows\System\IqfRaMK.exe
  C:\Windows\System\IqfRaMK.exe
  2⤵
  PID:8112
- C:\Windows\System\klRhWGX.exe
  C:\Windows\System\klRhWGX.exe
  2⤵
  PID:7112
- C:\Windows\System\kugjHyv.exe
  C:\Windows\System\kugjHyv.exe
  2⤵
  PID:8188
- C:\Windows\System\fuhAEWT.exe
  C:\Windows\System\fuhAEWT.exe
  2⤵
  PID:8160
- C:\Windows\System\QoxJqwG.exe
  C:\Windows\System\QoxJqwG.exe
  2⤵
  PID:6528
- C:\Windows\System\KmDstZn.exe
  C:\Windows\System\KmDstZn.exe
  2⤵
  PID:2180
- C:\Windows\System\oAGzjJW.exe
  C:\Windows\System\oAGzjJW.exe
  2⤵
  PID:7304
- C:\Windows\System\OYHceFz.exe
  C:\Windows\System\OYHceFz.exe
  2⤵
  PID:1484
- C:\Windows\System\dbhgOBS.exe
  C:\Windows\System\dbhgOBS.exe
  2⤵
  PID:7380
- C:\Windows\System\dLWTGvI.exe
  C:\Windows\System\dLWTGvI.exe
  2⤵
  PID:7444
- C:\Windows\System\iNcpFPQ.exe
  C:\Windows\System\iNcpFPQ.exe
  2⤵
  PID:7336
- C:\Windows\System\drXvFmx.exe
  C:\Windows\System\drXvFmx.exe
  2⤵
  PID:7452
- C:\Windows\System\KdkxlRt.exe
  C:\Windows\System\KdkxlRt.exe
  2⤵
  PID:7528
- C:\Windows\System\iuIkMvL.exe
  C:\Windows\System\iuIkMvL.exe
  2⤵
  PID:7716
- C:\Windows\System\qfigbRQ.exe
  C:\Windows\System\qfigbRQ.exe
  2⤵
  PID:7652
- C:\Windows\System\LxmGxGa.exe
  C:\Windows\System\LxmGxGa.exe
  2⤵
  PID:7664
- C:\Windows\System\NXIAdzu.exe
  C:\Windows\System\NXIAdzu.exe
  2⤵
  PID:7860
- C:\Windows\System\msAaKLX.exe
  C:\Windows\System\msAaKLX.exe
  2⤵
  PID:7920
- C:\Windows\System\yAGPtEp.exe
  C:\Windows\System\yAGPtEp.exe
  2⤵
  PID:7964
- C:\Windows\System\FbkeguT.exe
  C:\Windows\System\FbkeguT.exe
  2⤵
  PID:7952
- C:\Windows\System\rrCVfDb.exe
  C:\Windows\System\rrCVfDb.exe
  2⤵
  PID:2464
- C:\Windows\System\OEPFqZm.exe
  C:\Windows\System\OEPFqZm.exe
  2⤵
  PID:2224
- C:\Windows\System\NOeJPxA.exe
  C:\Windows\System\NOeJPxA.exe
  2⤵
  PID:8128
- C:\Windows\System\pJieHei.exe
  C:\Windows\System\pJieHei.exe
  2⤵
  PID:7280
- C:\Windows\System\zIXDoxt.exe
  C:\Windows\System\zIXDoxt.exe
  2⤵
  PID:7556
- C:\Windows\System\IJCijcE.exe
  C:\Windows\System\IJCijcE.exe
  2⤵
  PID:316
- C:\Windows\System\RstmETX.exe
  C:\Windows\System\RstmETX.exe
  2⤵
  PID:2488
- C:\Windows\System\MpdIKTu.exe
  C:\Windows\System\MpdIKTu.exe
  2⤵
  PID:6176
- C:\Windows\System\iPGZAaS.exe
  C:\Windows\System\iPGZAaS.exe
  2⤵
  PID:864
- C:\Windows\System\fNjLyZN.exe
  C:\Windows\System\fNjLyZN.exe
  2⤵
  PID:7428
- C:\Windows\System\cTcLchu.exe
  C:\Windows\System\cTcLchu.exe
  2⤵
  PID:7768
- C:\Windows\System\NTMyuCa.exe
  C:\Windows\System\NTMyuCa.exe
  2⤵
  PID:7872
- C:\Windows\System\OPjACtF.exe
  C:\Windows\System\OPjACtF.exe
  2⤵
  PID:7580
- C:\Windows\System\kPerQnu.exe
  C:\Windows\System\kPerQnu.exe
  2⤵
  PID:472
- C:\Windows\System\jhJwEiK.exe
  C:\Windows\System\jhJwEiK.exe
  2⤵
  PID:7524
- C:\Windows\System\HBsrOIW.exe
  C:\Windows\System\HBsrOIW.exe
  2⤵
  PID:7824
- C:\Windows\System\VSgHkvW.exe
  C:\Windows\System\VSgHkvW.exe
  2⤵
  PID:7908
- C:\Windows\System\qsmcSCd.exe
  C:\Windows\System\qsmcSCd.exe
  2⤵
  PID:7300
- C:\Windows\System\RvVwZDc.exe
  C:\Windows\System\RvVwZDc.exe
  2⤵
  PID:2788
- C:\Windows\System\dUyenYE.exe
  C:\Windows\System\dUyenYE.exe
  2⤵
  PID:8028
- C:\Windows\System\bdVUemy.exe
  C:\Windows\System\bdVUemy.exe
  2⤵
  PID:7368
- C:\Windows\System\eWdDxyL.exe
  C:\Windows\System\eWdDxyL.exe
  2⤵
  PID:7712
- C:\Windows\System\WRHYKwJ.exe
  C:\Windows\System\WRHYKwJ.exe
  2⤵
  PID:7700
- C:\Windows\System\KhquKhp.exe
  C:\Windows\System\KhquKhp.exe
  2⤵
  PID:6604
- C:\Windows\System\YnEhrsp.exe
  C:\Windows\System\YnEhrsp.exe
  2⤵
  PID:7764
- C:\Windows\System\QonHYgK.exe
  C:\Windows\System\QonHYgK.exe
  2⤵
  PID:7232
- C:\Windows\System\hVOmroo.exe
  C:\Windows\System\hVOmroo.exe
  2⤵
  PID:8048
- C:\Windows\System\XGTxDaJ.exe
  C:\Windows\System\XGTxDaJ.exe
  2⤵
  PID:8084
- C:\Windows\System\HWaiyjO.exe
  C:\Windows\System\HWaiyjO.exe
  2⤵
  PID:7180
- C:\Windows\System\yEeYoin.exe
  C:\Windows\System\yEeYoin.exe
  2⤵
  PID:1128
- C:\Windows\System\aidHqaN.exe
  C:\Windows\System\aidHqaN.exe
  2⤵
  PID:7308
- C:\Windows\System\dbqkFOA.exe
  C:\Windows\System\dbqkFOA.exe
  2⤵
  PID:7696
- C:\Windows\System\AxdnCuG.exe
  C:\Windows\System\AxdnCuG.exe
  2⤵
  PID:7852
- C:\Windows\System\GsdybAT.exe
  C:\Windows\System\GsdybAT.exe
  2⤵
  PID:7228
- C:\Windows\System\yYsUyOU.exe
  C:\Windows\System\yYsUyOU.exe
  2⤵
  PID:7640
- C:\Windows\System\sEuqHxL.exe
  C:\Windows\System\sEuqHxL.exe
  2⤵
  PID:2284
- C:\Windows\System\DBqAbtA.exe
  C:\Windows\System\DBqAbtA.exe
  2⤵
  PID:8196
- C:\Windows\System\pRUezyR.exe
  C:\Windows\System\pRUezyR.exe
  2⤵
  PID:8212
- C:\Windows\System\QWbSWGP.exe
  C:\Windows\System\QWbSWGP.exe
  2⤵
  PID:8256
- C:\Windows\System\GnfpieV.exe
  C:\Windows\System\GnfpieV.exe
  2⤵
  PID:8272
- C:\Windows\System\QvTQkIW.exe
  C:\Windows\System\QvTQkIW.exe
  2⤵
  PID:8292
- C:\Windows\System\sLawHdO.exe
  C:\Windows\System\sLawHdO.exe
  2⤵
  PID:8308
- C:\Windows\System\zNKLtJz.exe
  C:\Windows\System\zNKLtJz.exe
  2⤵
  PID:8332
- C:\Windows\System\YyUbYtw.exe
  C:\Windows\System\YyUbYtw.exe
  2⤵
  PID:8360
- C:\Windows\System\dtLrsoe.exe
  C:\Windows\System\dtLrsoe.exe
  2⤵
  PID:8376
- C:\Windows\System\KcNsCcG.exe
  C:\Windows\System\KcNsCcG.exe
  2⤵
  PID:8396
- C:\Windows\System\kAZYqNT.exe
  C:\Windows\System\kAZYqNT.exe
  2⤵
  PID:8412
- C:\Windows\System\kNuZeXm.exe
  C:\Windows\System\kNuZeXm.exe
  2⤵
  PID:8440
- C:\Windows\System\DZIRNYe.exe
  C:\Windows\System\DZIRNYe.exe
  2⤵
  PID:8456
- C:\Windows\System\AtjBvex.exe
  C:\Windows\System\AtjBvex.exe
  2⤵
  PID:8476
- C:\Windows\System\GHlWoeV.exe
  C:\Windows\System\GHlWoeV.exe
  2⤵
  PID:8492
- C:\Windows\System\qrEUmaq.exe
  C:\Windows\System\qrEUmaq.exe
  2⤵
  PID:8516
- C:\Windows\System\uepVRlh.exe
  C:\Windows\System\uepVRlh.exe
  2⤵
  PID:8532
- C:\Windows\System\GXhlmZJ.exe
  C:\Windows\System\GXhlmZJ.exe
  2⤵
  PID:8548
- C:\Windows\System\PjZEDHr.exe
  C:\Windows\System\PjZEDHr.exe
  2⤵
  PID:8564
- C:\Windows\System\DQAOVGs.exe
  C:\Windows\System\DQAOVGs.exe
  2⤵
  PID:8588
- C:\Windows\System\QjFzpSR.exe
  C:\Windows\System\QjFzpSR.exe
  2⤵
  PID:8608
- C:\Windows\System\OMAZhPs.exe
  C:\Windows\System\OMAZhPs.exe
  2⤵
  PID:8624
- C:\Windows\System\nCQrsLV.exe
  C:\Windows\System\nCQrsLV.exe
  2⤵
  PID:8640
- C:\Windows\System\SaEuyOT.exe
  C:\Windows\System\SaEuyOT.exe
  2⤵
  PID:8664
- C:\Windows\System\LoJPOSl.exe
  C:\Windows\System\LoJPOSl.exe
  2⤵
  PID:8684
- C:\Windows\System\ZFBzFEd.exe
  C:\Windows\System\ZFBzFEd.exe
  2⤵
  PID:8700
- C:\Windows\System\UkyGFuO.exe
  C:\Windows\System\UkyGFuO.exe
  2⤵
  PID:8744
- C:\Windows\System\GnpjsMY.exe
  C:\Windows\System\GnpjsMY.exe
  2⤵
  PID:8760
- C:\Windows\System\MCUCHVs.exe
  C:\Windows\System\MCUCHVs.exe
  2⤵
  PID:8776
- C:\Windows\System\OHVWfjL.exe
  C:\Windows\System\OHVWfjL.exe
  2⤵
  PID:8796
- C:\Windows\System\qZAcJLA.exe
  C:\Windows\System\qZAcJLA.exe
  2⤵
  PID:8812
- C:\Windows\System\sviExbj.exe
  C:\Windows\System\sviExbj.exe
  2⤵
  PID:8828
- C:\Windows\System\SStMTCQ.exe
  C:\Windows\System\SStMTCQ.exe
  2⤵
  PID:8844
- C:\Windows\System\lRsGBND.exe
  C:\Windows\System\lRsGBND.exe
  2⤵
  PID:8860
- C:\Windows\System\rbbxFlB.exe
  C:\Windows\System\rbbxFlB.exe
  2⤵
  PID:8876
- C:\Windows\System\eVTdJBk.exe
  C:\Windows\System\eVTdJBk.exe
  2⤵
  PID:8892
- C:\Windows\System\bonuiHx.exe
  C:\Windows\System\bonuiHx.exe
  2⤵
  PID:8912
- C:\Windows\System\EzwbSZN.exe
  C:\Windows\System\EzwbSZN.exe
  2⤵
  PID:8960
- C:\Windows\System\WBEhSzH.exe
  C:\Windows\System\WBEhSzH.exe
  2⤵
  PID:8980
- C:\Windows\System\hbuBhKR.exe
  C:\Windows\System\hbuBhKR.exe
  2⤵
  PID:8996
- C:\Windows\System\OUbjUhF.exe
  C:\Windows\System\OUbjUhF.exe
  2⤵
  PID:9012
- C:\Windows\System\KApHMdt.exe
  C:\Windows\System\KApHMdt.exe
  2⤵
  PID:9032
- C:\Windows\System\JtlCCEO.exe
  C:\Windows\System\JtlCCEO.exe
  2⤵
  PID:9056
- C:\Windows\System\tNWXWPQ.exe
  C:\Windows\System\tNWXWPQ.exe
  2⤵
  PID:9072
- C:\Windows\System\ptWPmiR.exe
  C:\Windows\System\ptWPmiR.exe
  2⤵
  PID:9088
- C:\Windows\System\ZHjTlQx.exe
  C:\Windows\System\ZHjTlQx.exe
  2⤵
  PID:9116
- C:\Windows\System\PoMhmcU.exe
  C:\Windows\System\PoMhmcU.exe
  2⤵
  PID:9132
- C:\Windows\System\FTMYZbV.exe
  C:\Windows\System\FTMYZbV.exe
  2⤵
  PID:9148
- C:\Windows\System\pZqhwwE.exe
  C:\Windows\System\pZqhwwE.exe
  2⤵
  PID:9172
- C:\Windows\System\IqlxrPO.exe
  C:\Windows\System\IqlxrPO.exe
  2⤵
  PID:9192
- C:\Windows\System\bvlWNdd.exe
  C:\Windows\System\bvlWNdd.exe
  2⤵
  PID:9208
- C:\Windows\System\HNDCpIl.exe
  C:\Windows\System\HNDCpIl.exe
  2⤵
  PID:1572
- C:\Windows\System\Hdxyoqr.exe
  C:\Windows\System\Hdxyoqr.exe
  2⤵
  PID:908
- C:\Windows\System\CYCgIbm.exe
  C:\Windows\System\CYCgIbm.exe
  2⤵
  PID:5936
- C:\Windows\System\XVehGgn.exe
  C:\Windows\System\XVehGgn.exe
  2⤵
  PID:8220
- C:\Windows\System\MNUWftZ.exe
  C:\Windows\System\MNUWftZ.exe
  2⤵
  PID:2468
- C:\Windows\System\EOCPLeJ.exe
  C:\Windows\System\EOCPLeJ.exe
  2⤵
  PID:8268
- C:\Windows\System\sgbekvS.exe
  C:\Windows\System\sgbekvS.exe
  2⤵
  PID:8300
- C:\Windows\System\GYbuwHe.exe
  C:\Windows\System\GYbuwHe.exe
  2⤵
  PID:8324
- C:\Windows\System\rgsxDaM.exe
  C:\Windows\System\rgsxDaM.exe
  2⤵
  PID:8368
- C:\Windows\System\fuJYdPu.exe
  C:\Windows\System\fuJYdPu.exe
  2⤵
  PID:8404
- C:\Windows\System\argxCzW.exe
  C:\Windows\System\argxCzW.exe
  2⤵
  PID:8408
- C:\Windows\System\KuSEksZ.exe
  C:\Windows\System\KuSEksZ.exe
  2⤵
  PID:1028
- C:\Windows\System\Xtyamey.exe
  C:\Windows\System\Xtyamey.exe
  2⤵
  PID:8484
- C:\Windows\System\vMCvwTa.exe
  C:\Windows\System\vMCvwTa.exe
  2⤵
  PID:8512
- C:\Windows\System\TuoVbBW.exe
  C:\Windows\System\TuoVbBW.exe
  2⤵
  PID:8576
- C:\Windows\System\qRmwQgP.exe
  C:\Windows\System\qRmwQgP.exe
  2⤵
  PID:8652
- C:\Windows\System\AGpTAUE.exe
  C:\Windows\System\AGpTAUE.exe
  2⤵
  PID:8524
- C:\Windows\System\SMnfaZC.exe
  C:\Windows\System\SMnfaZC.exe
  2⤵
  PID:8672
- C:\Windows\System\HSJUyEe.exe
  C:\Windows\System\HSJUyEe.exe
  2⤵
  PID:8696
- C:\Windows\System\ygzhFBi.exe
  C:\Windows\System\ygzhFBi.exe
  2⤵
  PID:8676
- C:\Windows\System\GpZvWoP.exe
  C:\Windows\System\GpZvWoP.exe
  2⤵
  PID:8732
- C:\Windows\System\UZefyDS.exe
  C:\Windows\System\UZefyDS.exe
  2⤵
  PID:8792
- C:\Windows\System\jggJiCV.exe
  C:\Windows\System\jggJiCV.exe
  2⤵
  PID:8884
- C:\Windows\System\cygasPe.exe
  C:\Windows\System\cygasPe.exe
  2⤵
  PID:8808
- C:\Windows\System\oVlNYji.exe
  C:\Windows\System\oVlNYji.exe
  2⤵
  PID:8836
- C:\Windows\System\hmByeaB.exe
  C:\Windows\System\hmByeaB.exe
  2⤵
  PID:8948
- C:\Windows\System\TnJHvsu.exe
  C:\Windows\System\TnJHvsu.exe
  2⤵
  PID:8956
- C:\Windows\System\yHDFGIl.exe
  C:\Windows\System\yHDFGIl.exe
  2⤵
  PID:8992
- C:\Windows\System\WBaBoVp.exe
  C:\Windows\System\WBaBoVp.exe
  2⤵
  PID:8968
- C:\Windows\System\VeYSVNm.exe
  C:\Windows\System\VeYSVNm.exe
  2⤵
  PID:9040
- C:\Windows\System\qwTjCry.exe
  C:\Windows\System\qwTjCry.exe
  2⤵
  PID:9084
- C:\Windows\System\RJjUHpd.exe
  C:\Windows\System\RJjUHpd.exe
  2⤵
  PID:9104
- C:\Windows\System\nbFYQto.exe
  C:\Windows\System\nbFYQto.exe
  2⤵
  PID:9184
- C:\Windows\System\ntYavtR.exe
  C:\Windows\System\ntYavtR.exe
  2⤵
  PID:9160
- C:\Windows\System\PlGXsYQ.exe
  C:\Windows\System\PlGXsYQ.exe
  2⤵
  PID:9164
- C:\Windows\System\KfRFiJK.exe
  C:\Windows\System\KfRFiJK.exe
  2⤵
  PID:8172
- C:\Windows\System\iCfDVLS.exe
  C:\Windows\System\iCfDVLS.exe
  2⤵
  PID:8236
- C:\Windows\System\SflejVF.exe
  C:\Windows\System\SflejVF.exe
  2⤵
  PID:8096
- C:\Windows\System\qUQasoI.exe
  C:\Windows\System\qUQasoI.exe
  2⤵
  PID:904
- C:\Windows\System\egaVfyC.exe
  C:\Windows\System\egaVfyC.exe
  2⤵
  PID:8316
- C:\Windows\System\RIAPQWq.exe
  C:\Windows\System\RIAPQWq.exe
  2⤵
  PID:8348
- C:\Windows\System\AlacVpv.exe
  C:\Windows\System\AlacVpv.exe
  2⤵
  PID:1584
- C:\Windows\System\WrbMzHI.exe
  C:\Windows\System\WrbMzHI.exe
  2⤵
  PID:8468
- C:\Windows\System\ZOyeUta.exe
  C:\Windows\System\ZOyeUta.exe
  2⤵
  PID:8504
- C:\Windows\System\PgvDxOQ.exe
  C:\Windows\System\PgvDxOQ.exe
  2⤵
  PID:8632
- C:\Windows\System\imiSWBk.exe
  C:\Windows\System\imiSWBk.exe
  2⤵
  PID:8636
- C:\Windows\System\YQOkjRv.exe
  C:\Windows\System\YQOkjRv.exe
  2⤵
  PID:8680
- C:\Windows\System\FqGFNMb.exe
  C:\Windows\System\FqGFNMb.exe
  2⤵
  PID:8752
- C:\Windows\System\ruUcsPP.exe
  C:\Windows\System\ruUcsPP.exe
  2⤵
  PID:8936
- C:\Windows\System\pogTuRS.exe
  C:\Windows\System\pogTuRS.exe
  2⤵
  PID:8868
- C:\Windows\System\sMesHvk.exe
  C:\Windows\System\sMesHvk.exe
  2⤵
  PID:8900
- C:\Windows\System\bJPijxV.exe
  C:\Windows\System\bJPijxV.exe
  2⤵
  PID:8944
- C:\Windows\System\QUatXkM.exe
  C:\Windows\System\QUatXkM.exe
  2⤵
  PID:9200
- C:\Windows\System\NzNdOka.exe
  C:\Windows\System\NzNdOka.exe
  2⤵
  PID:7856
- C:\Windows\System\pEIyhHq.exe
  C:\Windows\System\pEIyhHq.exe
  2⤵
  PID:7968
- C:\Windows\System\rNOwrhs.exe
  C:\Windows\System\rNOwrhs.exe
  2⤵
  PID:8252
- C:\Windows\System\lWrGWxK.exe
  C:\Windows\System\lWrGWxK.exe
  2⤵
  PID:2148
- C:\Windows\System\ywtYWbQ.exe
  C:\Windows\System\ywtYWbQ.exe
  2⤵
  PID:8384
- C:\Windows\System\gVVPejH.exe
  C:\Windows\System\gVVPejH.exe
  2⤵
  PID:8572
- C:\Windows\System\SPOkcBM.exe
  C:\Windows\System\SPOkcBM.exe
  2⤵
  PID:8508
- C:\Windows\System\VRWzwPe.exe
  C:\Windows\System\VRWzwPe.exe
  2⤵
  PID:8740
- C:\Windows\System\KqjUpln.exe
  C:\Windows\System\KqjUpln.exe
  2⤵
  PID:8500
- C:\Windows\System\wIFmlDy.exe
  C:\Windows\System\wIFmlDy.exe
  2⤵
  PID:9028
- C:\Windows\System\wRPcCTB.exe
  C:\Windows\System\wRPcCTB.exe
  2⤵
  PID:8976
- C:\Windows\System\mjyppvN.exe
  C:\Windows\System\mjyppvN.exe
  2⤵
  PID:8540
- C:\Windows\System\hfkDPCI.exe
  C:\Windows\System\hfkDPCI.exe
  2⤵
  PID:8000
- C:\Windows\System\JKnKqru.exe
  C:\Windows\System\JKnKqru.exe
  2⤵
  PID:8388
- C:\Windows\System\baQWObz.exe
  C:\Windows\System\baQWObz.exe
  2⤵
  PID:8448
- C:\Windows\System\KziWVdU.exe
  C:\Windows\System\KziWVdU.exe
  2⤵
  PID:8556
- C:\Windows\System\bzJvEEG.exe
  C:\Windows\System\bzJvEEG.exe
  2⤵
  PID:8600
- C:\Windows\System\oVSSTvR.exe
  C:\Windows\System\oVSSTvR.exe
  2⤵
  PID:8768
- C:\Windows\System\StHFFSS.exe
  C:\Windows\System\StHFFSS.exe
  2⤵
  PID:8872
- C:\Windows\System\XLFwJeE.exe
  C:\Windows\System\XLFwJeE.exe
  2⤵
  PID:9044
- C:\Windows\System\lLvmiWp.exe
  C:\Windows\System\lLvmiWp.exe
  2⤵
  PID:9204
- C:\Windows\System\WyHVCMp.exe
  C:\Windows\System\WyHVCMp.exe
  2⤵
  PID:8264
- C:\Windows\System\kGfbLif.exe
  C:\Windows\System\kGfbLif.exe
  2⤵
  PID:8920
- C:\Windows\System\OeArXuk.exe
  C:\Windows\System\OeArXuk.exe
  2⤵
  PID:7568
- C:\Windows\System\Yksddol.exe
  C:\Windows\System\Yksddol.exe
  2⤵
  PID:8908
- C:\Windows\System\XVHXvng.exe
  C:\Windows\System\XVHXvng.exe
  2⤵
  PID:8248
- C:\Windows\System\hziiIUC.exe
  C:\Windows\System\hziiIUC.exe
  2⤵
  PID:2484
- C:\Windows\System\HqqQbiT.exe
  C:\Windows\System\HqqQbiT.exe
  2⤵
  PID:8772
- C:\Windows\System\fsBLfUF.exe
  C:\Windows\System\fsBLfUF.exe
  2⤵
  PID:8988
- C:\Windows\System\ZEOqidg.exe
  C:\Windows\System\ZEOqidg.exe
  2⤵
  PID:9236
- C:\Windows\System\kFrVQIH.exe
  C:\Windows\System\kFrVQIH.exe
  2⤵
  PID:9256
- C:\Windows\System\HbYTPBp.exe
  C:\Windows\System\HbYTPBp.exe
  2⤵
  PID:9280
- C:\Windows\System\xmQOEHE.exe
  C:\Windows\System\xmQOEHE.exe
  2⤵
  PID:9296
- C:\Windows\System\CzKdbTK.exe
  C:\Windows\System\CzKdbTK.exe
  2⤵
  PID:9316
- C:\Windows\System\kHYVTGt.exe
  C:\Windows\System\kHYVTGt.exe
  2⤵
  PID:9336
- C:\Windows\System\hvAXerr.exe
  C:\Windows\System\hvAXerr.exe
  2⤵
  PID:9360
- C:\Windows\System\kTuTiBr.exe
  C:\Windows\System\kTuTiBr.exe
  2⤵
  PID:9380
- C:\Windows\System\ylcBlUG.exe
  C:\Windows\System\ylcBlUG.exe
  2⤵
  PID:9400
- C:\Windows\System\hpdNvAm.exe
  C:\Windows\System\hpdNvAm.exe
  2⤵
  PID:9416
- C:\Windows\System\bXZyxCj.exe
  C:\Windows\System\bXZyxCj.exe
  2⤵
  PID:9432
- C:\Windows\System\rImMUVX.exe
  C:\Windows\System\rImMUVX.exe
  2⤵
  PID:9456
- C:\Windows\System\vmfLSdt.exe
  C:\Windows\System\vmfLSdt.exe
  2⤵
  PID:9480
- C:\Windows\System\mbyJVMO.exe
  C:\Windows\System\mbyJVMO.exe
  2⤵
  PID:9496
- C:\Windows\System\hjgsIPN.exe
  C:\Windows\System\hjgsIPN.exe
  2⤵
  PID:9512
- C:\Windows\System\yWnOopE.exe
  C:\Windows\System\yWnOopE.exe
  2⤵
  PID:9528
- C:\Windows\System\YlISRvE.exe
  C:\Windows\System\YlISRvE.exe
  2⤵
  PID:9548
- C:\Windows\System\biyWPrd.exe
  C:\Windows\System\biyWPrd.exe
  2⤵
  PID:9568
- C:\Windows\System\FusgSTZ.exe
  C:\Windows\System\FusgSTZ.exe
  2⤵
  PID:9592
- C:\Windows\System\YjIiUre.exe
  C:\Windows\System\YjIiUre.exe
  2⤵
  PID:9612
- C:\Windows\System\ZkfcUgU.exe
  C:\Windows\System\ZkfcUgU.exe
  2⤵
  PID:9632
- C:\Windows\System\ITUpbHd.exe
  C:\Windows\System\ITUpbHd.exe
  2⤵
  PID:9660
- C:\Windows\System\qMreBgm.exe
  C:\Windows\System\qMreBgm.exe
  2⤵
  PID:9676
- C:\Windows\System\BIyXRni.exe
  C:\Windows\System\BIyXRni.exe
  2⤵
  PID:9692
- C:\Windows\System\aNkGEtc.exe
  C:\Windows\System\aNkGEtc.exe
  2⤵
  PID:9708
- C:\Windows\System\OVmCCXg.exe
  C:\Windows\System\OVmCCXg.exe
  2⤵
  PID:9744
- C:\Windows\System\SwVnvaT.exe
  C:\Windows\System\SwVnvaT.exe
  2⤵
  PID:9760
- C:\Windows\System\NDWQWUq.exe
  C:\Windows\System\NDWQWUq.exe
  2⤵
  PID:9784
- C:\Windows\System\EseBJBg.exe
  C:\Windows\System\EseBJBg.exe
  2⤵
  PID:9800
- C:\Windows\System\QZyOGhc.exe
  C:\Windows\System\QZyOGhc.exe
  2⤵
  PID:9824
- C:\Windows\System\tptmzUv.exe
  C:\Windows\System\tptmzUv.exe
  2⤵
  PID:9840
- C:\Windows\System\mxDBosP.exe
  C:\Windows\System\mxDBosP.exe
  2⤵
  PID:9860
- C:\Windows\System\JgdCjqi.exe
  C:\Windows\System\JgdCjqi.exe
  2⤵
  PID:9876
- C:\Windows\System\BTxZYSw.exe
  C:\Windows\System\BTxZYSw.exe
  2⤵
  PID:9900
- C:\Windows\System\ETTBGwR.exe
  C:\Windows\System\ETTBGwR.exe
  2⤵
  PID:9920
- C:\Windows\System\dfHhcvF.exe
  C:\Windows\System\dfHhcvF.exe
  2⤵
  PID:9944
- C:\Windows\System\LxSbBYT.exe
  C:\Windows\System\LxSbBYT.exe
  2⤵
  PID:9960
- C:\Windows\System\RcwXJGX.exe
  C:\Windows\System\RcwXJGX.exe
  2⤵
  PID:9996
- C:\Windows\System\wtcvjiq.exe
  C:\Windows\System\wtcvjiq.exe
  2⤵
  PID:10012
- C:\Windows\System\LvVyVZB.exe
  C:\Windows\System\LvVyVZB.exe
  2⤵
  PID:10028
- C:\Windows\System\yzUoZAZ.exe
  C:\Windows\System\yzUoZAZ.exe
  2⤵
  PID:10052
- C:\Windows\System\skzOReq.exe
  C:\Windows\System\skzOReq.exe
  2⤵
  PID:10076
- C:\Windows\System\KWSjCcx.exe
  C:\Windows\System\KWSjCcx.exe
  2⤵
  PID:10092
- C:\Windows\System\csTGCLe.exe
  C:\Windows\System\csTGCLe.exe
  2⤵
  PID:10112
- C:\Windows\System\SLbKPLr.exe
  C:\Windows\System\SLbKPLr.exe
  2⤵
  PID:10132
- C:\Windows\System\qynXdkM.exe
  C:\Windows\System\qynXdkM.exe
  2⤵
  PID:10156
- C:\Windows\System\XGtDttm.exe
  C:\Windows\System\XGtDttm.exe
  2⤵
  PID:10172
- C:\Windows\System\csIdpDl.exe
  C:\Windows\System\csIdpDl.exe
  2⤵
  PID:10192
- C:\Windows\System\HhYVTJN.exe
  C:\Windows\System\HhYVTJN.exe
  2⤵
  PID:10208
- C:\Windows\System\hRCCBzJ.exe
  C:\Windows\System\hRCCBzJ.exe
  2⤵
  PID:10232
- C:\Windows\System\zZJkBgn.exe
  C:\Windows\System\zZJkBgn.exe
  2⤵
  PID:9244
- C:\Windows\System\bioBFGQ.exe
  C:\Windows\System\bioBFGQ.exe
  2⤵
  PID:9268
- C:\Windows\System\mFkNfDm.exe
  C:\Windows\System\mFkNfDm.exe
  2⤵
  PID:9292
- C:\Windows\System\bKDhwms.exe
  C:\Windows\System\bKDhwms.exe
  2⤵
  PID:9328
- C:\Windows\System\tbhWfhG.exe
  C:\Windows\System\tbhWfhG.exe
  2⤵
  PID:9368
- C:\Windows\System\oAhttzE.exe
  C:\Windows\System\oAhttzE.exe
  2⤵
  PID:9396
- C:\Windows\System\yNISlKq.exe
  C:\Windows\System\yNISlKq.exe
  2⤵
  PID:9428
- C:\Windows\System\ADflWYK.exe
  C:\Windows\System\ADflWYK.exe
  2⤵
  PID:9464
- C:\Windows\System\SfzBevZ.exe
  C:\Windows\System\SfzBevZ.exe
  2⤵
  PID:9504
- C:\Windows\System\MmuePJB.exe
  C:\Windows\System\MmuePJB.exe
  2⤵
  PID:9536
- C:\Windows\System\BeRboAI.exe
  C:\Windows\System\BeRboAI.exe
  2⤵
  PID:9564
- C:\Windows\System\TqXZHil.exe
  C:\Windows\System\TqXZHil.exe
  2⤵
  PID:9588
- C:\Windows\System\RHNnmTg.exe
  C:\Windows\System\RHNnmTg.exe
  2⤵
  PID:9620
- C:\Windows\System\ZNofetM.exe
  C:\Windows\System\ZNofetM.exe
  2⤵
  PID:9648
- C:\Windows\System\krvIJnG.exe
  C:\Windows\System\krvIJnG.exe
  2⤵
  PID:9688
- C:\Windows\System\HQHkzTJ.exe
  C:\Windows\System\HQHkzTJ.exe
  2⤵
  PID:9720
- C:\Windows\System\JhTrKgl.exe
  C:\Windows\System\JhTrKgl.exe
  2⤵
  PID:9752
- C:\Windows\System\AaOknRT.exe
  C:\Windows\System\AaOknRT.exe
  2⤵
  PID:9776
- C:\Windows\System\vyfEzEc.exe
  C:\Windows\System\vyfEzEc.exe
  2⤵
  PID:9836
- C:\Windows\System\xIgMhCG.exe
  C:\Windows\System\xIgMhCG.exe
  2⤵
  PID:9868
- C:\Windows\System\ZPiXQOZ.exe
  C:\Windows\System\ZPiXQOZ.exe
  2⤵
  PID:9896
- C:\Windows\System\TjZRrKj.exe
  C:\Windows\System\TjZRrKj.exe
  2⤵
  PID:9940
- C:\Windows\System\tKccdyJ.exe
  C:\Windows\System\tKccdyJ.exe
  2⤵
  PID:996
- C:\Windows\System\OQKgVho.exe
  C:\Windows\System\OQKgVho.exe
  2⤵
  PID:9980
- C:\Windows\System\TYZMHlE.exe
  C:\Windows\System\TYZMHlE.exe
  2⤵
  PID:10024
- C:\Windows\System\WHkyokB.exe
  C:\Windows\System\WHkyokB.exe
  2⤵
  PID:10048
- C:\Windows\System\CCvCfvJ.exe
  C:\Windows\System\CCvCfvJ.exe
  2⤵
  PID:10084
- C:\Windows\System\HsmSpRu.exe
  C:\Windows\System\HsmSpRu.exe
  2⤵
  PID:10104
- C:\Windows\System\JBffNxL.exe
  C:\Windows\System\JBffNxL.exe
  2⤵
  PID:10180
- C:\Windows\System\MLrqefm.exe
  C:\Windows\System\MLrqefm.exe
  2⤵
  PID:10220
- C:\Windows\System\wpIZwEC.exe
  C:\Windows\System\wpIZwEC.exe
  2⤵
  PID:10224
- C:\Windows\System\ySJhsEm.exe
  C:\Windows\System\ySJhsEm.exe
  2⤵
  PID:9224
- C:\Windows\System\RWliZYO.exe
  C:\Windows\System\RWliZYO.exe
  2⤵
  PID:9288
- C:\Windows\System\slGyipV.exe
  C:\Windows\System\slGyipV.exe
  2⤵
  PID:9348
- C:\Windows\System\fzFMXMa.exe
  C:\Windows\System\fzFMXMa.exe
  2⤵
  PID:9388
- C:\Windows\System\iqnRRqz.exe
  C:\Windows\System\iqnRRqz.exe
  2⤵
  PID:9476
- C:\Windows\System\hAhopyW.exe
  C:\Windows\System\hAhopyW.exe
  2⤵
  PID:9452
- C:\Windows\System\jKPaDyf.exe
  C:\Windows\System\jKPaDyf.exe
  2⤵
  PID:9544
- C:\Windows\System\aIBZIkX.exe
  C:\Windows\System\aIBZIkX.exe
  2⤵
  PID:9608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BFUsizC.exe

Filesize
6.0MB

MD5
52962b904c6b5b0d9f7438561eaba160

SHA1
e92f9522878759caa7388b3e7a3b53a5052e654f

SHA256
ef52dbe137f1ec923140fd86164970e29722517a77a5c67f37dab783667391c7

SHA512
367d8e0a2da0768af129682d5a689789487fbd2571003d5dec50fea5c457523918096829dc4b53cc08ea54649052c781a111209566ce79a270a611c93441f6bc

Download Submit
C:\Windows\system\EJyikDF.exe

Filesize
6.0MB

MD5
09f92be135867c3c944a964b8e0e2b27

SHA1
1ec5957e61105a160de7cb8a2bd0acc6cce2b522

SHA256
c9b69c2a01dcdcf24d0e8048fb4505309e495cf5a13d3b002a39e9969f8e59f2

SHA512
db7f8162c69b106515118e93056b80bb59561310dabc4eb6fa68ba1d4875bf756f32205dbfef1a1ac1112c03f95532b92760204d4b4266b64f5b3a159fcb81f3

Download Submit
C:\Windows\system\EKKFTLf.exe

Filesize
6.0MB

MD5
4d26ff1ef34cebb6fa7e80646617a6c1

SHA1
66cf444d843c84478a56b7fdb474dacb5601e9ee

SHA256
2334b16cad74c36fef1ec04c78c84b6a0d4e914b21b3966b27a8efb88d2b1717

SHA512
717c163878f4981164a53c04fd3b933aeee585c6f734dcc2529d476ca111027b3e425976b386f6823d6f7159751f03fab72b6a48d8f20788636ff657987b3fe0

Download Submit
C:\Windows\system\ExezzxY.exe

Filesize
6.0MB

MD5
f6a11a30dbe810d91eebc27dbfbcb689

SHA1
26d9008c652bfdcf2cecdbe4e21f36194515ebe4

SHA256
158cdefa635a5e748c40373c526ad592bd3dbd76e0251c30c7225afe1465aa02

SHA512
a4e59634a5bed9352cc448b5829ec13f5d88927ccfd5d340af7ad82b1dac75b0a5ca88b7a255eeaa2639051e69feab396af2155007250d939a879fc2433021ab

Download Submit
C:\Windows\system\GLaGhGt.exe

Filesize
6.0MB

MD5
2a3bc65e904af1353f65d2f38126e082

SHA1
0e2f3686c4657144784acfded458d893a3d8086f

SHA256
74bb0bac1861299a6290fcdeaf96d0b778e2394e5ab1c942a2273207593c6fe2

SHA512
e729b0721e7350205d15b353396d93a49c66f8d915c0d44b1311f4b729a2d1b559e0c4858cd5e2ec7f3be9e060ce81782d81be80721b6fca6cd699c9dc97cdfe

Download Submit
C:\Windows\system\GWYIfRo.exe

Filesize
6.0MB

MD5
c012d279e343acd20fe4f24b5c5f14b3

SHA1
79a54e6330f945d3cefaa8ccc1efaee3b0207366

SHA256
e384ac92071a0e003845cd2076b7884cf8b93fa9d432613ffa64e469edf4ba7b

SHA512
6c2e92fa41db5bda0e4fc84503f2601a946d7bb649ac628f547364687f190f80f1670ae3fb87822135655dabbf3ce94847283e2387e0aeae70fd3c67aada5fdb

Download Submit
C:\Windows\system\GqQzfZV.exe

Filesize
6.0MB

MD5
2962f2f7e86051e0945c0981347739e6

SHA1
113b3ea96dccf886051a7f5ebdf2b6d27aeff587

SHA256
2d1b45442b0eab850ef765a334ba3a9a5b68d97f36610319e6c6928e99015cdb

SHA512
2e7ee1b79c85e42068db3c954e8f530add9b1cdc901b66d29f4bc70a45bddfc84c90e3f72537f05f4de25e61d37890b23f5ba3ca3c54473b7a52ab149d518399

Download Submit
C:\Windows\system\JeeQWuK.exe

Filesize
6.0MB

MD5
b9fc3a2b9a587d083ba09386dcc13ec6

SHA1
5a5142e2ddec495f7f39d0de16cdf11712d506fe

SHA256
4d3961e5760d1770039460686f98b4028c121b6d843016f09ab3ae6da1a61f49

SHA512
501539057ba171b4c94fbc0456c50f9657b24efa57d8e7fc79eac2010f6e874e1e6365621303465f22b71513b2e467b5083dd0771dcc678dae246a2bd1ca2344

Download Submit
C:\Windows\system\KAjRoan.exe

Filesize
6.0MB

MD5
40b540c196b12403f7b5684710691954

SHA1
62c2bfd42c6331d11ca3ff3e9e9d3ba5edbca404

SHA256
c1f15deb5e73858b21ad31ed312aa92a799889ad1221c100ef46c0f71db25ba7

SHA512
76f63d102dc90acdd347ff435fb14c467557b0dcac02507f168e50606f539071c55fa3040bf7b91cfc57b68fea645c041a08ced08eb383dd3a104137675d0ef5

Download Submit
C:\Windows\system\KIIAjek.exe

Filesize
6.0MB

MD5
c003c1ec8e6175ca9cf6a69962388bc0

SHA1
a3d9f32af4f6f79088dea270f61067980d0c44d0

SHA256
5ab54001a4c650266e408b81e557e1f3680cd6688d30dd933ee101cd8681af7c

SHA512
0a048deedc74fadeda0014759eeffb8c0e0d27d74a9b33c982d213b03ee2af32f6fcea6e79ae2f54b5b6afa4ca301ea0918861e8955da1849f3cd7800a15f622

Download Submit
C:\Windows\system\KIvzpJI.exe

Filesize
6.0MB

MD5
1940e3f0fa580de07b99f12afcfeeaf2

SHA1
50396153acd2ffc07220bcfa98fb7e5f31a95067

SHA256
78fa7bbbaedc111db6f981c2f6facfdc22c0912f83f93e8e525bdedfce5fe5f4

SHA512
a368c16525bfa13286657e1d42713993c5f5d93784c894992c9ff3f27472004fffac3a8ba1473ad32d430f569108e102f50297ad1fb39d5f95d17cc3d6218889

Download Submit
C:\Windows\system\KnAqOba.exe

Filesize
6.0MB

MD5
4ad8b62f02d72f18a8f07c855d6c537d

SHA1
d3faf1686dfcfc4c8a31c4a7278c75f7cd8975a6

SHA256
327c748ce680468a741ab6567032ae82b147de4b579df332b0039dde6d407bf9

SHA512
6b9a3a69776b110827754a5beb77cedcec2c070e3d6863d823bda156615933319a95211e288a3ecc749d677891dff13dc4e7ceffb76be13c742ce369dd30438e

Download Submit
C:\Windows\system\QNjFfzL.exe

Filesize
6.0MB

MD5
7f8cce9bafe6a4cf1325a2bcfe3b02b0

SHA1
0d9969d397036ccea6bd4a66d67baeb230b93d89

SHA256
362c078b4f8e414a31e4ef58caf9e06d9041de6442248e1b3dde4a00fb5e8db0

SHA512
443b0a338db0d595e522f6fe1175410a3b4b35fe746b58577a6139c781e24898dc0e34f308a8fc383231897c14e2f1e604ed02d0e87af35023e91026ee88a8c6

Download Submit
C:\Windows\system\RszHNZE.exe

Filesize
6.0MB

MD5
31377632e0a7a51c4d4021e984c69158

SHA1
74c47cfa26ada925e75a4109609628922ade96dd

SHA256
3c6e947d4385cf3fe5f841fe6d21eabc5a22131f85e2079a77dbeabbadf05792

SHA512
6d82c98cb3bb9f0b8e9cf83f9b7675b459c47e467befc7e7ebb7ffb212bc76832fabc1fa6fe819452516da7d25b37ffa7e456c9fb19f5006eb07c6137df70a5b

Download Submit
C:\Windows\system\TFmKJfp.exe

Filesize
6.0MB

MD5
ea061dc09203830391be390c6ecdb144

SHA1
888c85917daa7495042fe73c6f08fad23cb96912

SHA256
02b146a645c0968ecfbb9b751a31a7e5baf85aa1d9360ed9015b0f0497c293a7

SHA512
09a6801b3253cc6d08526744b08fa2263f4a4a96d284216edc4ea5bf2323de312ce88636efd2f5dfea7cf54cd1622ec23d0fa60f6c75ce91a9a28662049b08bb

Download Submit
C:\Windows\system\TWxivKU.exe

Filesize
6.0MB

MD5
7b55bbc4582669d69e02ede7a663638e

SHA1
993f79e78fc724162054ac9348559aa5e8c9cf4e

SHA256
f01eb19beb4f1e73f4b6a811d2ece3ad605c47e3ffec95c8784be777e7a5360f

SHA512
8872a16153799e80f252a7607e63f7e4b1fa7de97c7dff8435e134010f68d80a02a41b8d7e0b13d3795994028037886c979cc64b4e484b9fe0db6e3aa25df46a

Download Submit
C:\Windows\system\VgPhfqL.exe

Filesize
6.0MB

MD5
7cd3669aacd2ec4dc6df70ddffa2a1b9

SHA1
d4ba71f556d21c0fbe34c88bace66945548a7571

SHA256
734a06112471e25061daa9bf89fbd13fad0e66d670dea87d72f523b9bab916c2

SHA512
bf7b0b7313d4eb92c898f7dbf94fd996bbf0c737183f951e36a593a812ec101646f44114a4083d7217262fa8b322869a98667320220e7cc508f1dfcb28bf9112

Download Submit
C:\Windows\system\XLGJeNf.exe

Filesize
6.0MB

MD5
b2bd1f88d8ecd370358b4a8065c155fb

SHA1
6c8743f2063bc44626ea918d033b4f34053655e6

SHA256
6c1c4c3b2a6895e09ac4bd01a348158989535176b8554498c9982358b45075e1

SHA512
472d5e5331233bcde5f1562f44c097611debdff152371cbd56de3c9ff3340274154cdbf1ad20f9cd73f3ad2d824bbe43e404eb67a19ea5cd10fb4a46527df95e

Download Submit
C:\Windows\system\YPSSXyS.exe

Filesize
6.0MB

MD5
37b86f5796e8a187a29f1c2b6a45445e

SHA1
73c5f12ebb9accb35a12cfc2eb3629d92a236f6f

SHA256
3514f205646b7b7cac444b211135cc8c8eb9bb22bf6c475460b19490f58ca917

SHA512
2dd26a5b87fb4a8755d773093c44c97934378ce3768ff9d624b000ec4f55c21915c25f4cfa162ce4acf2efc45eeee8d80a1cfe718479e3849471d87f7899e648

Download Submit
C:\Windows\system\aMFfswQ.exe

Filesize
6.0MB

MD5
9a52f4ba2fd2b8683a94e4a6c677ca12

SHA1
0d1b8d4ccf2152a51154024298dee6eee64a99aa

SHA256
5159cc59d24f76ae0ecd5fff2f06ee0028dded8899ba84ffa954722f37558d36

SHA512
63d8c8836f874a9aab8b982ac6da71bc7752c0bc5acb9e6ec63604e25924e6a6b0629915034812dda5d6d6ddc26d6d25b33215b24d8b955c048f0c1f0c8953a6

Download Submit
C:\Windows\system\cyUVxKN.exe

Filesize
6.0MB

MD5
ead2bb13fab8bd37ba4292f5b29298f8

SHA1
c3f344509645968188a8a579c55f9004ad4abf9a

SHA256
5cc73e40c4119378e96e0b572937bdd2437cf25d81db96ff34a814ca2a2fd8d7

SHA512
6bfe4c2328a535b90f98e7edc7f9559ac84d2bc88f86faece17814fd664c843637d2fc7e4b90aa040ecff37e7c01f7fd0d7cdc4330e67224359a81879c848a7d

Download Submit
C:\Windows\system\dMuRxxC.exe

Filesize
6.0MB

MD5
fa3760a2000e3cba2a4ff760705a7481

SHA1
3416887c5397c7ef8ca8cee278d996d795d16207

SHA256
f850b32aec4a85f0c536a194d9f86411a3b05daf1af24a0bff3d5c839caca7ea

SHA512
8e3ed95151fac48922d9938433de1f6eee404263c4e499865b9649b2db7261cd1e28740d9dd5a2300efd11fe2f3f1e85122427d08500f9f3f6ac6a9031d05774

Download Submit
C:\Windows\system\goRPOVG.exe

Filesize
6.0MB

MD5
5c7c69ff4b65690637e37b9462f634ef

SHA1
62cc8c08bc2a3914c8b00c3e7ec2a55a0300f56e

SHA256
686c7a2b425ecd3bab3367657b8232c0d4d08f1a2cb6da38323ddd1a8b021238

SHA512
64378eac815238880d0472b1a6083deb530618a64b1794804fe77daa999b7ccf28587315b8709cf4b62663bd42ed11d8d22a9e2d3151086a5d1c422a54f93bf9

Download Submit
C:\Windows\system\jdsPzFg.exe

Filesize
6.0MB

MD5
86436707fda6740e0499de5f77812fab

SHA1
1eaa312f85ddeebc9315d4c98c3cb1c334715566

SHA256
e09b6a3a6484b37d0e214517769cbbce9622f432544a15570f2b56649c2699dd

SHA512
2773179787bfa859f9750694e059b18f48fd7537aae1a7d9e2e61a37d90009f5d5a53ff73ecbe94d7cd82de5b92faa288480897245c5b4df9c3d5f0b58a57b83

Download Submit
C:\Windows\system\mqBWXUC.exe

Filesize
6.0MB

MD5
b35cac1ec4cbf8c6f1ba493565b3d601

SHA1
5bd7271a4ee3f2d091b3edcfa6044c721e192fd2

SHA256
1326ce78d3c2a166b701623a8836c8e3a40f1e5c636932dc9e8f5050b160ca77

SHA512
d8bfe64319596fefa98ae9cbcc1821863227a81be4e9c15b3528db159d8ebbf38e7a0503a1e5a81b7f99683c0b9dec8a15c1e93bdebc26355f50f1a735a937ae

Download Submit
C:\Windows\system\nriZNMq.exe

Filesize
6.0MB

MD5
7898b33aa3b854e98c12b5e338cc5290

SHA1
17964ccb9f3366f1e06e0664d9b87ab687bc263c

SHA256
4cd190b4d74199de2f0d4e55c658901acf9a79c5100acb1191ae764c3263808b

SHA512
b00cdf53985beda8d957ad387cbbf18402c6a1e3936b730a5e981218027f92557b7435cbc69d3926a621121d86bccff8d19a058182b3a1d3c4b03f33efb977b2

Download Submit
C:\Windows\system\qBfgDNl.exe

Filesize
6.0MB

MD5
cd9f88adbde684472d54f68ab1e71ee0

SHA1
0829ed2aa096ee19861860c19b7992eb2126102a

SHA256
b6c0921d0538d7c76c358ede31c6f97f096bf7898c700e78f31ce65105fe31a8

SHA512
8fb8804136fc2b6ba8e680e14517b3f266611b4618b962a3b92809845c0620e346e0d8eb27c4f30c6bc5b8120d92c19da4ca70941c54b0c6007e7ea2a319a1d7

Download Submit
C:\Windows\system\uXjKWyQ.exe

Filesize
6.0MB

MD5
060d94eca0bfdd80fc12443cacd30add

SHA1
c16e1b67238c4dec4f78dfc90dfdf97f360a9a1b

SHA256
68b0b3d9860e4d67845244dc6c4490f96d4363a07a8c29e99733c1c2438ece85

SHA512
b92bdb621a83b2a8f93ebf5c683b6f5a2a891ef291b5247ffe0e4276c55eac9ce64d4d7628891ab5524a456c541b0b589fe1e588a7a1bf524b209f432d763940

Download Submit
\Windows\system\CrGqxKp.exe

Filesize
6.0MB

MD5
0e53b67e24436281c60ad2f02907839c

SHA1
b0c5e0bb81bf25a915d39888d19c16482f8028f9

SHA256
10ba64702f47fdd0ee25f6055715662697079356fdbc2c471f2e7dd9830b64ca

SHA512
fe83deee6a2868a0f0d9090c59cbc40c620a224fea826449b57039e4e743c80f4146cbde7196593f45b346fd92517414de22bb69c2f6842f00afb87dd84a9a8d

Download Submit
\Windows\system\cSwbYpg.exe

Filesize
6.0MB

MD5
86deea597e9907835c6cbae6bea6c4c2

SHA1
8f16c0a05be4a0b8ad19759b31d303c618fc616a

SHA256
e73ee0f120c78f8edf1461ac7c025e72f58a0542c63d260043122d3360607632

SHA512
b973e0304d7bcccb2379fe1e4d7ed7c5224ce4d484622990f356379825148079b5c631462fd26128c5f6574a9d373de24313cc38e20336390a74bf205be02953

Download Submit
\Windows\system\iyigGec.exe

Filesize
6.0MB

MD5
45983c7ff4cac38a8c5cebfb72450dfa

SHA1
7bce866575a6860f144b5e4e39299958361f5853

SHA256
ca0f9a4f3fd376a69afe8d5829e3c3af2caec6510af871c75160a2d4b2988d45

SHA512
f8ab2e37bacd266c537e7c6449bdc64c89f425e5bb802db0656fcaa6683db024c8c7d268de6c521d55bdf21cfe8559facd3bb1d090ede58ce50ae54e3d01fa3a

Download Submit
\Windows\system\pFcqavr.exe

Filesize
6.0MB

MD5
d734fdea76767b6d696ce68d6e235ce6

SHA1
3a3ef2f5495f72ec5fed555b57f8f973c0ead5d5

SHA256
3980df81bc3952fae67fa93c38978b5b0b16f6997c62bf6ae8b13981d852fcab

SHA512
61169f3571c4462e1d59e3fc4b1058d8c66536d3db99fc7466ea325fe7035af0737165a6eb9e357685c4f02cac7b06bcb4a2ea934e3276b3ebf7eaefe06ec3d3

Download Submit
memory/344-81-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/344-4012-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1492-77-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/1492-4013-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/1708-4017-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-101-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-4016-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1804-100-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1948-32-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2172-79-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-4015-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-35-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-4009-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-88-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2672-4014-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2684-36-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2728-104-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-50-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-1060-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-1064-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2728-1262-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-1500-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2728-1503-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-1340-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-66-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-650-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-60-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-72-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2728-86-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2728-8-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-34-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-103-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2728-27-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2728-0-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-93-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2728-13-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2728-46-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-9-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2860-218-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2860-4006-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2860-15-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2908-102-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2908-4018-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/3016-4010-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/3016-49-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/3028-4011-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-48-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download