cobaltstrike | e990da534f132ff013f6d056e3dba229af1031e83e84a162a43df00a11243288

Analysis

max time kernel
149s
max time network
25s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 04:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

699847903b67fdd3e6c0161e71588bdb
SHA1

12fde47c419f64c33666709489fabea8988f8138
SHA256

e990da534f132ff013f6d056e3dba229af1031e83e84a162a43df00a11243288
SHA512

209f470dafee4cfce502d79b6f2564745cf67b5475ab67eea75d74e4c901023527924aea324ef64ea2e06b24d32e476fabd3828856ab4b84d10dce99526b288b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU2:T+q56utgpPF8u/72

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x000c000000012262-6.dat	cobalt_reflective_dll
behavioral1/files/0x0027000000016d2c-8.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d69-16.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016fc9-27.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001756b-31.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000186b7-64.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-92.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-194.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-112.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-101.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-77.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001932a-70.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-58.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001756e-50.dat	cobalt_reflective_dll
behavioral1/files/0x0012000000016d3f-40.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/576-0-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/files/0x000c000000012262-6.dat	xmrig
behavioral1/files/0x0027000000016d2c-8.dat	xmrig
behavioral1/files/0x0009000000016d69-16.dat	xmrig
behavioral1/memory/2252-22-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2460-23-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016fc9-27.dat	xmrig
behavioral1/memory/2160-30-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x000700000001756b-31.dat	xmrig
behavioral1/memory/2956-21-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2776-37-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/files/0x00080000000186b7-64.dat	xmrig
behavioral1/memory/1168-72-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c3-92.dat	xmrig
behavioral1/files/0x00050000000195c6-107.dat	xmrig
behavioral1/files/0x0005000000019643-122.dat	xmrig
behavioral1/files/0x0005000000019761-132.dat	xmrig
behavioral1/memory/1168-140-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x000500000001998d-148.dat	xmrig
behavioral1/files/0x0005000000019bf6-158.dat	xmrig
behavioral1/files/0x0005000000019d6d-183.dat	xmrig
behavioral1/files/0x0005000000019fd4-194.dat	xmrig
behavioral1/files/0x0005000000019e92-188.dat	xmrig
behavioral1/files/0x0005000000019d62-178.dat	xmrig
behavioral1/files/0x0005000000019d61-174.dat	xmrig
behavioral1/files/0x0005000000019c3c-168.dat	xmrig
behavioral1/files/0x0005000000019bf9-163.dat	xmrig
behavioral1/files/0x0005000000019bf5-154.dat	xmrig
behavioral1/files/0x0005000000019820-143.dat	xmrig
behavioral1/files/0x00050000000197fd-137.dat	xmrig
behavioral1/files/0x000500000001975a-127.dat	xmrig
behavioral1/files/0x000500000001960c-117.dat	xmrig
behavioral1/files/0x00050000000195c7-112.dat	xmrig
behavioral1/memory/1312-103-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c5-101.dat	xmrig
behavioral1/memory/1756-99-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c1-86.dat	xmrig
behavioral1/memory/2372-89-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2780-82-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/1600-81-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195bd-77.dat	xmrig
behavioral1/files/0x000600000001932a-70.dat	xmrig
behavioral1/memory/2224-67-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2792-60-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-58.dat	xmrig
behavioral1/memory/576-55-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2740-54-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/576-43-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2780-42-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x000700000001756e-50.dat	xmrig
behavioral1/files/0x0012000000016d3f-40.dat	xmrig
behavioral1/memory/2956-826-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2252-808-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2460-807-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2160-815-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2740-870-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2780-869-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2776-865-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2792-871-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2224-872-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/1600-888-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/1168-894-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/1756-904-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/1312-908-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

JrWnzUg.exelQSzOyS.exeGaxaiCt.execeNtouc.exerQzLApy.exevdrfATx.exerJFSRdB.exeOcqZfxW.exeUsWmGUB.exeiqadaMd.exeBCXLrzB.exeFQebGMm.exeQyyelbq.exebuSElDc.exeFIXGhum.exePSqfduo.exeGdrmnfk.exemrBCFPT.exeeLqREFV.exeoWqFBXD.exeppNjoPa.exevKhGJHI.exeBeDkldG.exevTLzKdP.exeggrFTaU.exeoJwLuWh.exegEKFvmZ.exeomRFSeb.execRoBpqt.exeneSkwus.exeXvIuJEm.exeUmlQlvp.exehyWhclN.exesdRNzkA.exeDJWcdaX.exeOtThOyL.exeCrEBlfa.exelOPlLpE.exeqNpagwj.exeZSRAXCP.exelFShQko.exeWuPVrgx.exeUjyFIUt.exepMZVfOH.exeKGRiJtw.exeqVomUTI.exepsFOWIy.exeCIFKFRF.exePMcuEPV.exevSkdfwG.exefzkidZL.exeSeNzhJM.exeelsJGcu.exeUmucyRo.exetMilfKB.exexEBhghA.exeGFeSZEj.exetzrDvMd.exeuwGjEPu.exeNZguiAF.exeQVkmeps.exedqTATYi.exeZDxfWRF.exeyKJYGch.exe

pid	Process
2252	JrWnzUg.exe
2460	lQSzOyS.exe
2956	GaxaiCt.exe
2160	ceNtouc.exe
2776	rQzLApy.exe
2780	vdrfATx.exe
2740	rJFSRdB.exe
2792	OcqZfxW.exe
2224	UsWmGUB.exe
1168	iqadaMd.exe
1600	BCXLrzB.exe
2372	FQebGMm.exe
1756	Qyyelbq.exe
1312	buSElDc.exe
2112	FIXGhum.exe
2148	PSqfduo.exe
1744	Gdrmnfk.exe
1208	mrBCFPT.exe
1968	eLqREFV.exe
2600	oWqFBXD.exe
2092	ppNjoPa.exe
2020	vKhGJHI.exe
1752	BeDkldG.exe
2196	vTLzKdP.exe
2084	ggrFTaU.exe
2200	oJwLuWh.exe
1404	gEKFvmZ.exe
1992	omRFSeb.exe
2192	cRoBpqt.exe
1064	neSkwus.exe
872	XvIuJEm.exe
2320	UmlQlvp.exe
1480	hyWhclN.exe
1224	sdRNzkA.exe
1464	DJWcdaX.exe
1520	OtThOyL.exe
2668	CrEBlfa.exe
392	lOPlLpE.exe
1436	qNpagwj.exe
236	ZSRAXCP.exe
2232	lFShQko.exe
1620	WuPVrgx.exe
944	UjyFIUt.exe
1676	pMZVfOH.exe
2824	KGRiJtw.exe
2324	qVomUTI.exe
1748	psFOWIy.exe
1664	CIFKFRF.exe
2624	PMcuEPV.exe
2332	vSkdfwG.exe
580	fzkidZL.exe
2932	SeNzhJM.exe
892	elsJGcu.exe
2664	UmucyRo.exe
1588	tMilfKB.exe
2240	xEBhghA.exe
2756	GFeSZEj.exe
2880	tzrDvMd.exe
2828	uwGjEPu.exe
2596	NZguiAF.exe
2180	QVkmeps.exe
2952	dqTATYi.exe
1940	ZDxfWRF.exe
3012	yKJYGch.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/576-0-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/files/0x000c000000012262-6.dat	upx
behavioral1/files/0x0027000000016d2c-8.dat	upx
behavioral1/files/0x0009000000016d69-16.dat	upx
behavioral1/memory/2252-22-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2460-23-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x0008000000016fc9-27.dat	upx
behavioral1/memory/2160-30-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x000700000001756b-31.dat	upx
behavioral1/memory/2956-21-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2776-37-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/files/0x00080000000186b7-64.dat	upx
behavioral1/memory/1168-72-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x00050000000195c3-92.dat	upx
behavioral1/files/0x00050000000195c6-107.dat	upx
behavioral1/files/0x0005000000019643-122.dat	upx
behavioral1/files/0x0005000000019761-132.dat	upx
behavioral1/memory/1168-140-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x000500000001998d-148.dat	upx
behavioral1/files/0x0005000000019bf6-158.dat	upx
behavioral1/files/0x0005000000019d6d-183.dat	upx
behavioral1/files/0x0005000000019fd4-194.dat	upx
behavioral1/files/0x0005000000019e92-188.dat	upx
behavioral1/files/0x0005000000019d62-178.dat	upx
behavioral1/files/0x0005000000019d61-174.dat	upx
behavioral1/files/0x0005000000019c3c-168.dat	upx
behavioral1/files/0x0005000000019bf9-163.dat	upx
behavioral1/files/0x0005000000019bf5-154.dat	upx
behavioral1/files/0x0005000000019820-143.dat	upx
behavioral1/files/0x00050000000197fd-137.dat	upx
behavioral1/files/0x000500000001975a-127.dat	upx
behavioral1/files/0x000500000001960c-117.dat	upx
behavioral1/files/0x00050000000195c7-112.dat	upx
behavioral1/memory/1312-103-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x00050000000195c5-101.dat	upx
behavioral1/memory/1756-99-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x00050000000195c1-86.dat	upx
behavioral1/memory/2372-89-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2780-82-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/1600-81-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x00050000000195bd-77.dat	upx
behavioral1/files/0x000600000001932a-70.dat	upx
behavioral1/memory/2224-67-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2792-60-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x0002000000018334-58.dat	upx
behavioral1/memory/2740-54-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/576-43-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2780-42-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x000700000001756e-50.dat	upx
behavioral1/files/0x0012000000016d3f-40.dat	upx
behavioral1/memory/2956-826-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2252-808-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2460-807-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2160-815-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2740-870-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2780-869-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2776-865-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2792-871-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2224-872-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/1600-888-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/1168-894-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/1756-904-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/1312-908-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2372-903-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\psFOWIy.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vrtwOhu.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQvYuJQ.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NgYgnZD.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qaZMIAK.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UlmJwaI.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ePpYIPE.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lcVkhvS.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Qyyelbq.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dewttaG.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PkbZcZY.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iQLBvjI.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aDSXGQo.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGqAIsI.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CHmyODi.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbEuRYN.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xGoRNIu.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xMSpwmn.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KGRiJtw.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aeciGMu.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QiUwKUR.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SUdhHNx.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mymExCZ.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ScKSqqj.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YnxwqRS.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DpCxqYb.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VqOYSas.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ovPQNOU.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ikYtcfl.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tvFgXTg.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QMButPv.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HrAdMhZ.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LjyntwP.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SNaeczj.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PUfcMFv.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NAifXfp.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GYIzapZ.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WujVPfm.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rigUChb.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UDEaORE.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYNnGSY.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NAMGeQp.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mtpPmGV.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KPGQBHD.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QxPYuZc.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xVfrRbz.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oGeYkia.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\niOSatD.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dHWiQIi.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SpADKIa.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bcaxgFD.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XmyxWYI.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TqALDgX.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sOmuDQd.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vYLkJox.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lSAwVLx.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mUoOpzm.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OacTeNg.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uYwuiHy.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eFkaJCA.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GUziVer.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BZWaLts.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oJwLuWh.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGFTnfS.exe	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 576 wrote to memory of 2252	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 576 wrote to memory of 2252	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 576 wrote to memory of 2252	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 576 wrote to memory of 2460	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 576 wrote to memory of 2460	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 576 wrote to memory of 2460	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 576 wrote to memory of 2956	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 576 wrote to memory of 2956	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 576 wrote to memory of 2956	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 576 wrote to memory of 2160	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 576 wrote to memory of 2160	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 576 wrote to memory of 2160	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 576 wrote to memory of 2776	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 576 wrote to memory of 2776	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 576 wrote to memory of 2776	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 576 wrote to memory of 2780	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 576 wrote to memory of 2780	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 576 wrote to memory of 2780	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 576 wrote to memory of 2740	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 576 wrote to memory of 2740	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 576 wrote to memory of 2740	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 576 wrote to memory of 2792	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 576 wrote to memory of 2792	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 576 wrote to memory of 2792	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 576 wrote to memory of 2224	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 576 wrote to memory of 2224	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 576 wrote to memory of 2224	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 576 wrote to memory of 1168	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 576 wrote to memory of 1168	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 576 wrote to memory of 1168	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 576 wrote to memory of 1600	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 576 wrote to memory of 1600	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 576 wrote to memory of 1600	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 576 wrote to memory of 2372	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 576 wrote to memory of 2372	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 576 wrote to memory of 2372	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 576 wrote to memory of 1756	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 576 wrote to memory of 1756	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 576 wrote to memory of 1756	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 576 wrote to memory of 1312	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 576 wrote to memory of 1312	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 576 wrote to memory of 1312	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 576 wrote to memory of 2112	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 576 wrote to memory of 2112	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 576 wrote to memory of 2112	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 576 wrote to memory of 2148	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 576 wrote to memory of 2148	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 576 wrote to memory of 2148	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 576 wrote to memory of 1744	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 576 wrote to memory of 1744	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 576 wrote to memory of 1744	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 576 wrote to memory of 1208	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 576 wrote to memory of 1208	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 576 wrote to memory of 1208	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 576 wrote to memory of 1968	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 576 wrote to memory of 1968	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 576 wrote to memory of 1968	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 576 wrote to memory of 2600	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 576 wrote to memory of 2600	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 576 wrote to memory of 2600	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 576 wrote to memory of 2092	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 576 wrote to memory of 2092	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 576 wrote to memory of 2092	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 576 wrote to memory of 2020	576	2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-23_699847903b67fdd3e6c0161e71588bdb_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:576
- C:\Windows\System\JrWnzUg.exe
  C:\Windows\System\JrWnzUg.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\lQSzOyS.exe
  C:\Windows\System\lQSzOyS.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\GaxaiCt.exe
  C:\Windows\System\GaxaiCt.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\ceNtouc.exe
  C:\Windows\System\ceNtouc.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\rQzLApy.exe
  C:\Windows\System\rQzLApy.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\vdrfATx.exe
  C:\Windows\System\vdrfATx.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\rJFSRdB.exe
  C:\Windows\System\rJFSRdB.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\OcqZfxW.exe
  C:\Windows\System\OcqZfxW.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\UsWmGUB.exe
  C:\Windows\System\UsWmGUB.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\iqadaMd.exe
  C:\Windows\System\iqadaMd.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\BCXLrzB.exe
  C:\Windows\System\BCXLrzB.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\FQebGMm.exe
  C:\Windows\System\FQebGMm.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\Qyyelbq.exe
  C:\Windows\System\Qyyelbq.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\buSElDc.exe
  C:\Windows\System\buSElDc.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\FIXGhum.exe
  C:\Windows\System\FIXGhum.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\PSqfduo.exe
  C:\Windows\System\PSqfduo.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\Gdrmnfk.exe
  C:\Windows\System\Gdrmnfk.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\mrBCFPT.exe
  C:\Windows\System\mrBCFPT.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\eLqREFV.exe
  C:\Windows\System\eLqREFV.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\oWqFBXD.exe
  C:\Windows\System\oWqFBXD.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\ppNjoPa.exe
  C:\Windows\System\ppNjoPa.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\vKhGJHI.exe
  C:\Windows\System\vKhGJHI.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\BeDkldG.exe
  C:\Windows\System\BeDkldG.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\vTLzKdP.exe
  C:\Windows\System\vTLzKdP.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\ggrFTaU.exe
  C:\Windows\System\ggrFTaU.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\oJwLuWh.exe
  C:\Windows\System\oJwLuWh.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\gEKFvmZ.exe
  C:\Windows\System\gEKFvmZ.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\omRFSeb.exe
  C:\Windows\System\omRFSeb.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\cRoBpqt.exe
  C:\Windows\System\cRoBpqt.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\neSkwus.exe
  C:\Windows\System\neSkwus.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\XvIuJEm.exe
  C:\Windows\System\XvIuJEm.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\UmlQlvp.exe
  C:\Windows\System\UmlQlvp.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\hyWhclN.exe
  C:\Windows\System\hyWhclN.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\sdRNzkA.exe
  C:\Windows\System\sdRNzkA.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\DJWcdaX.exe
  C:\Windows\System\DJWcdaX.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\OtThOyL.exe
  C:\Windows\System\OtThOyL.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\CrEBlfa.exe
  C:\Windows\System\CrEBlfa.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\lOPlLpE.exe
  C:\Windows\System\lOPlLpE.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\qNpagwj.exe
  C:\Windows\System\qNpagwj.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\ZSRAXCP.exe
  C:\Windows\System\ZSRAXCP.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\lFShQko.exe
  C:\Windows\System\lFShQko.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\WuPVrgx.exe
  C:\Windows\System\WuPVrgx.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\UjyFIUt.exe
  C:\Windows\System\UjyFIUt.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\pMZVfOH.exe
  C:\Windows\System\pMZVfOH.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\KGRiJtw.exe
  C:\Windows\System\KGRiJtw.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\vSkdfwG.exe
  C:\Windows\System\vSkdfwG.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\qVomUTI.exe
  C:\Windows\System\qVomUTI.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\fzkidZL.exe
  C:\Windows\System\fzkidZL.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\psFOWIy.exe
  C:\Windows\System\psFOWIy.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\elsJGcu.exe
  C:\Windows\System\elsJGcu.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\CIFKFRF.exe
  C:\Windows\System\CIFKFRF.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\UmucyRo.exe
  C:\Windows\System\UmucyRo.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\PMcuEPV.exe
  C:\Windows\System\PMcuEPV.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\tMilfKB.exe
  C:\Windows\System\tMilfKB.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\SeNzhJM.exe
  C:\Windows\System\SeNzhJM.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\tzrDvMd.exe
  C:\Windows\System\tzrDvMd.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\xEBhghA.exe
  C:\Windows\System\xEBhghA.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\uwGjEPu.exe
  C:\Windows\System\uwGjEPu.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\GFeSZEj.exe
  C:\Windows\System\GFeSZEj.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\NZguiAF.exe
  C:\Windows\System\NZguiAF.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\QVkmeps.exe
  C:\Windows\System\QVkmeps.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\dqTATYi.exe
  C:\Windows\System\dqTATYi.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\ZDxfWRF.exe
  C:\Windows\System\ZDxfWRF.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\nolrjfz.exe
  C:\Windows\System\nolrjfz.exe
  2⤵
  PID:2648
- C:\Windows\System\yKJYGch.exe
  C:\Windows\System\yKJYGch.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\QIWTxQF.exe
  C:\Windows\System\QIWTxQF.exe
  2⤵
  PID:2028
- C:\Windows\System\BnrmmIR.exe
  C:\Windows\System\BnrmmIR.exe
  2⤵
  PID:2152
- C:\Windows\System\eMBFOhB.exe
  C:\Windows\System\eMBFOhB.exe
  2⤵
  PID:1332
- C:\Windows\System\hAHZgxM.exe
  C:\Windows\System\hAHZgxM.exe
  2⤵
  PID:1248
- C:\Windows\System\ksFmoKG.exe
  C:\Windows\System\ksFmoKG.exe
  2⤵
  PID:560
- C:\Windows\System\lwVbgto.exe
  C:\Windows\System\lwVbgto.exe
  2⤵
  PID:2060
- C:\Windows\System\xehcwCR.exe
  C:\Windows\System\xehcwCR.exe
  2⤵
  PID:2216
- C:\Windows\System\rAqCtTT.exe
  C:\Windows\System\rAqCtTT.exe
  2⤵
  PID:2072
- C:\Windows\System\UznKQfh.exe
  C:\Windows\System\UznKQfh.exe
  2⤵
  PID:3020
- C:\Windows\System\MnngeCn.exe
  C:\Windows\System\MnngeCn.exe
  2⤵
  PID:2468
- C:\Windows\System\mMQVZGl.exe
  C:\Windows\System\mMQVZGl.exe
  2⤵
  PID:1632
- C:\Windows\System\WQjNXLZ.exe
  C:\Windows\System\WQjNXLZ.exe
  2⤵
  PID:1916
- C:\Windows\System\aDJAosF.exe
  C:\Windows\System\aDJAosF.exe
  2⤵
  PID:932
- C:\Windows\System\mQpsuwI.exe
  C:\Windows\System\mQpsuwI.exe
  2⤵
  PID:612
- C:\Windows\System\FJZNEKf.exe
  C:\Windows\System\FJZNEKf.exe
  2⤵
  PID:1780
- C:\Windows\System\QJzJwTV.exe
  C:\Windows\System\QJzJwTV.exe
  2⤵
  PID:1896
- C:\Windows\System\PoRqjsv.exe
  C:\Windows\System\PoRqjsv.exe
  2⤵
  PID:948
- C:\Windows\System\deRPZsf.exe
  C:\Windows\System\deRPZsf.exe
  2⤵
  PID:2716
- C:\Windows\System\qInpLka.exe
  C:\Windows\System\qInpLka.exe
  2⤵
  PID:2388
- C:\Windows\System\swHYWdL.exe
  C:\Windows\System\swHYWdL.exe
  2⤵
  PID:2572
- C:\Windows\System\uzjDIyG.exe
  C:\Windows\System\uzjDIyG.exe
  2⤵
  PID:2272
- C:\Windows\System\WoLIQFq.exe
  C:\Windows\System\WoLIQFq.exe
  2⤵
  PID:2924
- C:\Windows\System\JdqLOVi.exe
  C:\Windows\System\JdqLOVi.exe
  2⤵
  PID:2892
- C:\Windows\System\GXMYymX.exe
  C:\Windows\System\GXMYymX.exe
  2⤵
  PID:1736
- C:\Windows\System\WCBKcZT.exe
  C:\Windows\System\WCBKcZT.exe
  2⤵
  PID:688
- C:\Windows\System\sSyLipN.exe
  C:\Windows\System\sSyLipN.exe
  2⤵
  PID:2404
- C:\Windows\System\txDuZNr.exe
  C:\Windows\System\txDuZNr.exe
  2⤵
  PID:2364
- C:\Windows\System\gOJwHAY.exe
  C:\Windows\System\gOJwHAY.exe
  2⤵
  PID:2936
- C:\Windows\System\oJxAXwC.exe
  C:\Windows\System\oJxAXwC.exe
  2⤵
  PID:640
- C:\Windows\System\fBNyINo.exe
  C:\Windows\System\fBNyINo.exe
  2⤵
  PID:2500
- C:\Windows\System\UwPdynP.exe
  C:\Windows\System\UwPdynP.exe
  2⤵
  PID:2580
- C:\Windows\System\MWfwymw.exe
  C:\Windows\System\MWfwymw.exe
  2⤵
  PID:3044
- C:\Windows\System\JvuHChq.exe
  C:\Windows\System\JvuHChq.exe
  2⤵
  PID:2064
- C:\Windows\System\AVeiVnC.exe
  C:\Windows\System\AVeiVnC.exe
  2⤵
  PID:1324
- C:\Windows\System\ToAXDXB.exe
  C:\Windows\System\ToAXDXB.exe
  2⤵
  PID:788
- C:\Windows\System\VHXDIgY.exe
  C:\Windows\System\VHXDIgY.exe
  2⤵
  PID:952
- C:\Windows\System\QzuFHNn.exe
  C:\Windows\System\QzuFHNn.exe
  2⤵
  PID:2672
- C:\Windows\System\sPjXpQS.exe
  C:\Windows\System\sPjXpQS.exe
  2⤵
  PID:2348
- C:\Windows\System\sGpFpaQ.exe
  C:\Windows\System\sGpFpaQ.exe
  2⤵
  PID:692
- C:\Windows\System\QhFsJfe.exe
  C:\Windows\System\QhFsJfe.exe
  2⤵
  PID:1532
- C:\Windows\System\JTjPDMe.exe
  C:\Windows\System\JTjPDMe.exe
  2⤵
  PID:2396
- C:\Windows\System\VgeqCQk.exe
  C:\Windows\System\VgeqCQk.exe
  2⤵
  PID:1672
- C:\Windows\System\jzFKfsN.exe
  C:\Windows\System\jzFKfsN.exe
  2⤵
  PID:3036
- C:\Windows\System\MKbLozK.exe
  C:\Windows\System\MKbLozK.exe
  2⤵
  PID:2524
- C:\Windows\System\aalJYxv.exe
  C:\Windows\System\aalJYxv.exe
  2⤵
  PID:2260
- C:\Windows\System\umnBMGc.exe
  C:\Windows\System\umnBMGc.exe
  2⤵
  PID:2104
- C:\Windows\System\LTzladz.exe
  C:\Windows\System\LTzladz.exe
  2⤵
  PID:1648
- C:\Windows\System\LxVGPac.exe
  C:\Windows\System\LxVGPac.exe
  2⤵
  PID:2644
- C:\Windows\System\HkaQtTB.exe
  C:\Windows\System\HkaQtTB.exe
  2⤵
  PID:2808
- C:\Windows\System\wGaSiSX.exe
  C:\Windows\System\wGaSiSX.exe
  2⤵
  PID:764
- C:\Windows\System\QsRdDYY.exe
  C:\Windows\System\QsRdDYY.exe
  2⤵
  PID:2656
- C:\Windows\System\szSAYOr.exe
  C:\Windows\System\szSAYOr.exe
  2⤵
  PID:836
- C:\Windows\System\jSlENrk.exe
  C:\Windows\System\jSlENrk.exe
  2⤵
  PID:2980
- C:\Windows\System\nvoOhCc.exe
  C:\Windows\System\nvoOhCc.exe
  2⤵
  PID:2772
- C:\Windows\System\qPPlzzH.exe
  C:\Windows\System\qPPlzzH.exe
  2⤵
  PID:2944
- C:\Windows\System\bikvcRb.exe
  C:\Windows\System\bikvcRb.exe
  2⤵
  PID:1144
- C:\Windows\System\aKnPMfF.exe
  C:\Windows\System\aKnPMfF.exe
  2⤵
  PID:1728
- C:\Windows\System\frDpfjv.exe
  C:\Windows\System\frDpfjv.exe
  2⤵
  PID:2428
- C:\Windows\System\eaJravh.exe
  C:\Windows\System\eaJravh.exe
  2⤵
  PID:2888
- C:\Windows\System\wlmIEfe.exe
  C:\Windows\System\wlmIEfe.exe
  2⤵
  PID:2796
- C:\Windows\System\nNobLuY.exe
  C:\Windows\System\nNobLuY.exe
  2⤵
  PID:2868
- C:\Windows\System\yioFFBt.exe
  C:\Windows\System\yioFFBt.exe
  2⤵
  PID:1124
- C:\Windows\System\tzDFKVy.exe
  C:\Windows\System\tzDFKVy.exe
  2⤵
  PID:3016
- C:\Windows\System\LuPIIXt.exe
  C:\Windows\System\LuPIIXt.exe
  2⤵
  PID:2760
- C:\Windows\System\hdObtcO.exe
  C:\Windows\System\hdObtcO.exe
  2⤵
  PID:2708
- C:\Windows\System\FtIiOUj.exe
  C:\Windows\System\FtIiOUj.exe
  2⤵
  PID:1640
- C:\Windows\System\UYiNSsN.exe
  C:\Windows\System\UYiNSsN.exe
  2⤵
  PID:2724
- C:\Windows\System\lASIhUr.exe
  C:\Windows\System\lASIhUr.exe
  2⤵
  PID:1068
- C:\Windows\System\iaWdbEj.exe
  C:\Windows\System\iaWdbEj.exe
  2⤵
  PID:2424
- C:\Windows\System\rGjfytj.exe
  C:\Windows\System\rGjfytj.exe
  2⤵
  PID:1120
- C:\Windows\System\nUjkNBJ.exe
  C:\Windows\System\nUjkNBJ.exe
  2⤵
  PID:2288
- C:\Windows\System\WnMEvao.exe
  C:\Windows\System\WnMEvao.exe
  2⤵
  PID:2300
- C:\Windows\System\ZDntmMn.exe
  C:\Windows\System\ZDntmMn.exe
  2⤵
  PID:3028
- C:\Windows\System\TwyLerM.exe
  C:\Windows\System\TwyLerM.exe
  2⤵
  PID:900
- C:\Windows\System\QekneEz.exe
  C:\Windows\System\QekneEz.exe
  2⤵
  PID:3032
- C:\Windows\System\bmnUjRW.exe
  C:\Windows\System\bmnUjRW.exe
  2⤵
  PID:1708
- C:\Windows\System\UrAQOmq.exe
  C:\Windows\System\UrAQOmq.exe
  2⤵
  PID:2476
- C:\Windows\System\cqdVeKx.exe
  C:\Windows\System\cqdVeKx.exe
  2⤵
  PID:1696
- C:\Windows\System\fxARvvM.exe
  C:\Windows\System\fxARvvM.exe
  2⤵
  PID:1932
- C:\Windows\System\cvbfVud.exe
  C:\Windows\System\cvbfVud.exe
  2⤵
  PID:1936
- C:\Windows\System\WgYriiR.exe
  C:\Windows\System\WgYriiR.exe
  2⤵
  PID:2692
- C:\Windows\System\aWYOOFD.exe
  C:\Windows\System\aWYOOFD.exe
  2⤵
  PID:2156
- C:\Windows\System\VHiwINQ.exe
  C:\Windows\System\VHiwINQ.exe
  2⤵
  PID:2984
- C:\Windows\System\Wnpzhle.exe
  C:\Windows\System\Wnpzhle.exe
  2⤵
  PID:2308
- C:\Windows\System\aTLzNhj.exe
  C:\Windows\System\aTLzNhj.exe
  2⤵
  PID:776
- C:\Windows\System\DklrhKy.exe
  C:\Windows\System\DklrhKy.exe
  2⤵
  PID:2452
- C:\Windows\System\ZkkXDqv.exe
  C:\Windows\System\ZkkXDqv.exe
  2⤵
  PID:2528
- C:\Windows\System\AtCSrKl.exe
  C:\Windows\System\AtCSrKl.exe
  2⤵
  PID:1868
- C:\Windows\System\azPumhm.exe
  C:\Windows\System\azPumhm.exe
  2⤵
  PID:2256
- C:\Windows\System\SwPzmhq.exe
  C:\Windows\System\SwPzmhq.exe
  2⤵
  PID:940
- C:\Windows\System\KlXOKFz.exe
  C:\Windows\System\KlXOKFz.exe
  2⤵
  PID:1644
- C:\Windows\System\UJNwqpV.exe
  C:\Windows\System\UJNwqpV.exe
  2⤵
  PID:1172
- C:\Windows\System\mHxasbs.exe
  C:\Windows\System\mHxasbs.exe
  2⤵
  PID:2484
- C:\Windows\System\LItUbnt.exe
  C:\Windows\System\LItUbnt.exe
  2⤵
  PID:976
- C:\Windows\System\TzxYsnQ.exe
  C:\Windows\System\TzxYsnQ.exe
  2⤵
  PID:2608
- C:\Windows\System\wzFezTC.exe
  C:\Windows\System\wzFezTC.exe
  2⤵
  PID:2856
- C:\Windows\System\aeciGMu.exe
  C:\Windows\System\aeciGMu.exe
  2⤵
  PID:2912
- C:\Windows\System\QMButPv.exe
  C:\Windows\System\QMButPv.exe
  2⤵
  PID:620
- C:\Windows\System\nxyXecv.exe
  C:\Windows\System\nxyXecv.exe
  2⤵
  PID:2800
- C:\Windows\System\WzWzzIE.exe
  C:\Windows\System\WzWzzIE.exe
  2⤵
  PID:2840
- C:\Windows\System\dewttaG.exe
  C:\Windows\System\dewttaG.exe
  2⤵
  PID:2628
- C:\Windows\System\XYDfAYp.exe
  C:\Windows\System\XYDfAYp.exe
  2⤵
  PID:2436
- C:\Windows\System\tzmkGQw.exe
  C:\Windows\System\tzmkGQw.exe
  2⤵
  PID:1400
- C:\Windows\System\rrmPouT.exe
  C:\Windows\System\rrmPouT.exe
  2⤵
  PID:2080
- C:\Windows\System\sPjqPnZ.exe
  C:\Windows\System\sPjqPnZ.exe
  2⤵
  PID:2836
- C:\Windows\System\RdFZgiR.exe
  C:\Windows\System\RdFZgiR.exe
  2⤵
  PID:288
- C:\Windows\System\BwrryXI.exe
  C:\Windows\System\BwrryXI.exe
  2⤵
  PID:1088
- C:\Windows\System\QmdZsMl.exe
  C:\Windows\System\QmdZsMl.exe
  2⤵
  PID:2712
- C:\Windows\System\dloVDjM.exe
  C:\Windows\System\dloVDjM.exe
  2⤵
  PID:756
- C:\Windows\System\uRjITGE.exe
  C:\Windows\System\uRjITGE.exe
  2⤵
  PID:2540
- C:\Windows\System\ZHJJTQF.exe
  C:\Windows\System\ZHJJTQF.exe
  2⤵
  PID:1892
- C:\Windows\System\IfCqWvv.exe
  C:\Windows\System\IfCqWvv.exe
  2⤵
  PID:2588
- C:\Windows\System\umLLQJd.exe
  C:\Windows\System\umLLQJd.exe
  2⤵
  PID:1828
- C:\Windows\System\RIXUDmC.exe
  C:\Windows\System\RIXUDmC.exe
  2⤵
  PID:2456
- C:\Windows\System\xJgSLDI.exe
  C:\Windows\System\xJgSLDI.exe
  2⤵
  PID:1784
- C:\Windows\System\vaYPBzm.exe
  C:\Windows\System\vaYPBzm.exe
  2⤵
  PID:3084
- C:\Windows\System\tyVBqUH.exe
  C:\Windows\System\tyVBqUH.exe
  2⤵
  PID:3100
- C:\Windows\System\JfVNYjQ.exe
  C:\Windows\System\JfVNYjQ.exe
  2⤵
  PID:3120
- C:\Windows\System\avIUoXL.exe
  C:\Windows\System\avIUoXL.exe
  2⤵
  PID:3136
- C:\Windows\System\eTFwjeh.exe
  C:\Windows\System\eTFwjeh.exe
  2⤵
  PID:3156
- C:\Windows\System\YTojhYK.exe
  C:\Windows\System\YTojhYK.exe
  2⤵
  PID:3176
- C:\Windows\System\XlHNZNC.exe
  C:\Windows\System\XlHNZNC.exe
  2⤵
  PID:3192
- C:\Windows\System\HSoGlqc.exe
  C:\Windows\System\HSoGlqc.exe
  2⤵
  PID:3208
- C:\Windows\System\vxoSDCK.exe
  C:\Windows\System\vxoSDCK.exe
  2⤵
  PID:3228
- C:\Windows\System\BNkZSFO.exe
  C:\Windows\System\BNkZSFO.exe
  2⤵
  PID:3244
- C:\Windows\System\tvsteEQ.exe
  C:\Windows\System\tvsteEQ.exe
  2⤵
  PID:3260
- C:\Windows\System\dxVJGRs.exe
  C:\Windows\System\dxVJGRs.exe
  2⤵
  PID:3280
- C:\Windows\System\NNWoUGa.exe
  C:\Windows\System\NNWoUGa.exe
  2⤵
  PID:3300
- C:\Windows\System\oyxtmaN.exe
  C:\Windows\System\oyxtmaN.exe
  2⤵
  PID:3320
- C:\Windows\System\JPFoebi.exe
  C:\Windows\System\JPFoebi.exe
  2⤵
  PID:3344
- C:\Windows\System\YGZLFrF.exe
  C:\Windows\System\YGZLFrF.exe
  2⤵
  PID:3392
- C:\Windows\System\gAMESIg.exe
  C:\Windows\System\gAMESIg.exe
  2⤵
  PID:3408
- C:\Windows\System\IOcmEbw.exe
  C:\Windows\System\IOcmEbw.exe
  2⤵
  PID:3424
- C:\Windows\System\yaOLCZC.exe
  C:\Windows\System\yaOLCZC.exe
  2⤵
  PID:3440
- C:\Windows\System\zDNdjaL.exe
  C:\Windows\System\zDNdjaL.exe
  2⤵
  PID:3456
- C:\Windows\System\KUfbHOl.exe
  C:\Windows\System\KUfbHOl.exe
  2⤵
  PID:3476
- C:\Windows\System\NTPYAHb.exe
  C:\Windows\System\NTPYAHb.exe
  2⤵
  PID:3496
- C:\Windows\System\EppWHmp.exe
  C:\Windows\System\EppWHmp.exe
  2⤵
  PID:3512
- C:\Windows\System\WGFTnfS.exe
  C:\Windows\System\WGFTnfS.exe
  2⤵
  PID:3532
- C:\Windows\System\KNLxDdU.exe
  C:\Windows\System\KNLxDdU.exe
  2⤵
  PID:3576
- C:\Windows\System\cwqTPYK.exe
  C:\Windows\System\cwqTPYK.exe
  2⤵
  PID:3592
- C:\Windows\System\ffiRgzf.exe
  C:\Windows\System\ffiRgzf.exe
  2⤵
  PID:3608
- C:\Windows\System\eIyFTLL.exe
  C:\Windows\System\eIyFTLL.exe
  2⤵
  PID:3628
- C:\Windows\System\kTeEAtV.exe
  C:\Windows\System\kTeEAtV.exe
  2⤵
  PID:3652
- C:\Windows\System\hFzRmjg.exe
  C:\Windows\System\hFzRmjg.exe
  2⤵
  PID:3668
- C:\Windows\System\nafrYXN.exe
  C:\Windows\System\nafrYXN.exe
  2⤵
  PID:3692
- C:\Windows\System\shPSzaS.exe
  C:\Windows\System\shPSzaS.exe
  2⤵
  PID:3708
- C:\Windows\System\imvrtzf.exe
  C:\Windows\System\imvrtzf.exe
  2⤵
  PID:3732
- C:\Windows\System\HEwyGYn.exe
  C:\Windows\System\HEwyGYn.exe
  2⤵
  PID:3748
- C:\Windows\System\lDYBpXS.exe
  C:\Windows\System\lDYBpXS.exe
  2⤵
  PID:3764
- C:\Windows\System\keygsWe.exe
  C:\Windows\System\keygsWe.exe
  2⤵
  PID:3784
- C:\Windows\System\HISWnXP.exe
  C:\Windows\System\HISWnXP.exe
  2⤵
  PID:3800
- C:\Windows\System\CtkSNkP.exe
  C:\Windows\System\CtkSNkP.exe
  2⤵
  PID:3816
- C:\Windows\System\SuDHLva.exe
  C:\Windows\System\SuDHLva.exe
  2⤵
  PID:3836
- C:\Windows\System\DkoZSgS.exe
  C:\Windows\System\DkoZSgS.exe
  2⤵
  PID:3856
- C:\Windows\System\mHpFlzg.exe
  C:\Windows\System\mHpFlzg.exe
  2⤵
  PID:3872
- C:\Windows\System\FHjsZdl.exe
  C:\Windows\System\FHjsZdl.exe
  2⤵
  PID:3892
- C:\Windows\System\YmyaIdW.exe
  C:\Windows\System\YmyaIdW.exe
  2⤵
  PID:3932
- C:\Windows\System\gyCMSgi.exe
  C:\Windows\System\gyCMSgi.exe
  2⤵
  PID:3964
- C:\Windows\System\QzRHHxk.exe
  C:\Windows\System\QzRHHxk.exe
  2⤵
  PID:3980
- C:\Windows\System\FdpHfxI.exe
  C:\Windows\System\FdpHfxI.exe
  2⤵
  PID:4016
- C:\Windows\System\LsEeOYh.exe
  C:\Windows\System\LsEeOYh.exe
  2⤵
  PID:4032
- C:\Windows\System\VgGbIRZ.exe
  C:\Windows\System\VgGbIRZ.exe
  2⤵
  PID:4052
- C:\Windows\System\vrtwOhu.exe
  C:\Windows\System\vrtwOhu.exe
  2⤵
  PID:4068
- C:\Windows\System\hLfEeXJ.exe
  C:\Windows\System\hLfEeXJ.exe
  2⤵
  PID:4084
- C:\Windows\System\yXJmhsg.exe
  C:\Windows\System\yXJmhsg.exe
  2⤵
  PID:2904
- C:\Windows\System\hPeLNQB.exe
  C:\Windows\System\hPeLNQB.exe
  2⤵
  PID:3080
- C:\Windows\System\DXQERVY.exe
  C:\Windows\System\DXQERVY.exe
  2⤵
  PID:2236
- C:\Windows\System\BYDWtTl.exe
  C:\Windows\System\BYDWtTl.exe
  2⤵
  PID:3216
- C:\Windows\System\MDgdrSw.exe
  C:\Windows\System\MDgdrSw.exe
  2⤵
  PID:3128
- C:\Windows\System\UXrrYtN.exe
  C:\Windows\System\UXrrYtN.exe
  2⤵
  PID:3240
- C:\Windows\System\rmDhRLj.exe
  C:\Windows\System\rmDhRLj.exe
  2⤵
  PID:3312
- C:\Windows\System\tRwHtNs.exe
  C:\Windows\System\tRwHtNs.exe
  2⤵
  PID:3360
- C:\Windows\System\HzuVtmL.exe
  C:\Windows\System\HzuVtmL.exe
  2⤵
  PID:3380
- C:\Windows\System\OCzyOdc.exe
  C:\Windows\System\OCzyOdc.exe
  2⤵
  PID:3432
- C:\Windows\System\fJOtVVB.exe
  C:\Windows\System\fJOtVVB.exe
  2⤵
  PID:3472
- C:\Windows\System\nZsnIJv.exe
  C:\Windows\System\nZsnIJv.exe
  2⤵
  PID:3548
- C:\Windows\System\QWMztEW.exe
  C:\Windows\System\QWMztEW.exe
  2⤵
  PID:3488
- C:\Windows\System\fINhijg.exe
  C:\Windows\System\fINhijg.exe
  2⤵
  PID:3528
- C:\Windows\System\BZyTbaf.exe
  C:\Windows\System\BZyTbaf.exe
  2⤵
  PID:3564
- C:\Windows\System\wcEKBph.exe
  C:\Windows\System\wcEKBph.exe
  2⤵
  PID:3604
- C:\Windows\System\bMvTlsr.exe
  C:\Windows\System\bMvTlsr.exe
  2⤵
  PID:3640
- C:\Windows\System\skfAeSU.exe
  C:\Windows\System\skfAeSU.exe
  2⤵
  PID:3688
- C:\Windows\System\JhUcwmO.exe
  C:\Windows\System\JhUcwmO.exe
  2⤵
  PID:3616
- C:\Windows\System\ghdgiMs.exe
  C:\Windows\System\ghdgiMs.exe
  2⤵
  PID:3716
- C:\Windows\System\dHWiQIi.exe
  C:\Windows\System\dHWiQIi.exe
  2⤵
  PID:3724
- C:\Windows\System\RvYtuqP.exe
  C:\Windows\System\RvYtuqP.exe
  2⤵
  PID:3824
- C:\Windows\System\gduqjwA.exe
  C:\Windows\System\gduqjwA.exe
  2⤵
  PID:3776
- C:\Windows\System\sQkjYcX.exe
  C:\Windows\System\sQkjYcX.exe
  2⤵
  PID:2860
- C:\Windows\System\cKGQXor.exe
  C:\Windows\System\cKGQXor.exe
  2⤵
  PID:3956
- C:\Windows\System\QMadazW.exe
  C:\Windows\System\QMadazW.exe
  2⤵
  PID:4064
- C:\Windows\System\ANimzat.exe
  C:\Windows\System\ANimzat.exe
  2⤵
  PID:4076
- C:\Windows\System\zzsIXqq.exe
  C:\Windows\System\zzsIXqq.exe
  2⤵
  PID:3108
- C:\Windows\System\LNpDknH.exe
  C:\Windows\System\LNpDknH.exe
  2⤵
  PID:3148
- C:\Windows\System\rzaECWM.exe
  C:\Windows\System\rzaECWM.exe
  2⤵
  PID:1112
- C:\Windows\System\qkDCYvz.exe
  C:\Windows\System\qkDCYvz.exe
  2⤵
  PID:3572
- C:\Windows\System\YsECxaI.exe
  C:\Windows\System\YsECxaI.exe
  2⤵
  PID:3252
- C:\Windows\System\Ocqdpdc.exe
  C:\Windows\System\Ocqdpdc.exe
  2⤵
  PID:3756
- C:\Windows\System\SZPXaVH.exe
  C:\Windows\System\SZPXaVH.exe
  2⤵
  PID:3568
- C:\Windows\System\PHgYGla.exe
  C:\Windows\System\PHgYGla.exe
  2⤵
  PID:3704
- C:\Windows\System\PkbZcZY.exe
  C:\Windows\System\PkbZcZY.exe
  2⤵
  PID:3092
- C:\Windows\System\YKAOEnN.exe
  C:\Windows\System\YKAOEnN.exe
  2⤵
  PID:3524
- C:\Windows\System\tsPjuuD.exe
  C:\Windows\System\tsPjuuD.exe
  2⤵
  PID:3812
- C:\Windows\System\YTGfMfg.exe
  C:\Windows\System\YTGfMfg.exe
  2⤵
  PID:3880
- C:\Windows\System\IzhFyRq.exe
  C:\Windows\System\IzhFyRq.exe
  2⤵
  PID:3904
- C:\Windows\System\fxBANZs.exe
  C:\Windows\System\fxBANZs.exe
  2⤵
  PID:3960
- C:\Windows\System\hsQHgVD.exe
  C:\Windows\System\hsQHgVD.exe
  2⤵
  PID:3112
- C:\Windows\System\JlewZxN.exe
  C:\Windows\System\JlewZxN.exe
  2⤵
  PID:4048
- C:\Windows\System\lCSMmqN.exe
  C:\Windows\System\lCSMmqN.exe
  2⤵
  PID:3188
- C:\Windows\System\dKRkPBF.exe
  C:\Windows\System\dKRkPBF.exe
  2⤵
  PID:3636
- C:\Windows\System\ghhvRgr.exe
  C:\Windows\System\ghhvRgr.exe
  2⤵
  PID:3624
- C:\Windows\System\Shobhfd.exe
  C:\Windows\System\Shobhfd.exe
  2⤵
  PID:3760
- C:\Windows\System\YXDcwPs.exe
  C:\Windows\System\YXDcwPs.exe
  2⤵
  PID:3660
- C:\Windows\System\oLZSgQJ.exe
  C:\Windows\System\oLZSgQJ.exe
  2⤵
  PID:3792
- C:\Windows\System\SpADKIa.exe
  C:\Windows\System\SpADKIa.exe
  2⤵
  PID:3900
- C:\Windows\System\zODOqDQ.exe
  C:\Windows\System\zODOqDQ.exe
  2⤵
  PID:4040
- C:\Windows\System\srYMMtC.exe
  C:\Windows\System\srYMMtC.exe
  2⤵
  PID:3200
- C:\Windows\System\qYORQUS.exe
  C:\Windows\System\qYORQUS.exe
  2⤵
  PID:3224
- C:\Windows\System\dNfnlYM.exe
  C:\Windows\System\dNfnlYM.exe
  2⤵
  PID:3508
- C:\Windows\System\LhAftsR.exe
  C:\Windows\System\LhAftsR.exe
  2⤵
  PID:3848
- C:\Windows\System\YNfFMAy.exe
  C:\Windows\System\YNfFMAy.exe
  2⤵
  PID:3484
- C:\Windows\System\WaEvbaT.exe
  C:\Windows\System\WaEvbaT.exe
  2⤵
  PID:3272
- C:\Windows\System\RJfBgrZ.exe
  C:\Windows\System\RJfBgrZ.exe
  2⤵
  PID:4008
- C:\Windows\System\ZQCrhyu.exe
  C:\Windows\System\ZQCrhyu.exe
  2⤵
  PID:3852
- C:\Windows\System\yUaMcVv.exe
  C:\Windows\System\yUaMcVv.exe
  2⤵
  PID:3772
- C:\Windows\System\NMqUgsR.exe
  C:\Windows\System\NMqUgsR.exe
  2⤵
  PID:3684
- C:\Windows\System\jyAaVaC.exe
  C:\Windows\System\jyAaVaC.exe
  2⤵
  PID:3924
- C:\Windows\System\lXDGbtK.exe
  C:\Windows\System\lXDGbtK.exe
  2⤵
  PID:3644
- C:\Windows\System\fGfORIL.exe
  C:\Windows\System\fGfORIL.exe
  2⤵
  PID:4104
- C:\Windows\System\mIpMdsC.exe
  C:\Windows\System\mIpMdsC.exe
  2⤵
  PID:4120
- C:\Windows\System\PANEYST.exe
  C:\Windows\System\PANEYST.exe
  2⤵
  PID:4136
- C:\Windows\System\sJoNmNU.exe
  C:\Windows\System\sJoNmNU.exe
  2⤵
  PID:4152
- C:\Windows\System\IQvYuJQ.exe
  C:\Windows\System\IQvYuJQ.exe
  2⤵
  PID:4172
- C:\Windows\System\hEWWmQU.exe
  C:\Windows\System\hEWWmQU.exe
  2⤵
  PID:4196
- C:\Windows\System\flZKAwf.exe
  C:\Windows\System\flZKAwf.exe
  2⤵
  PID:4212
- C:\Windows\System\knwtyVR.exe
  C:\Windows\System\knwtyVR.exe
  2⤵
  PID:4228
- C:\Windows\System\FYqNNyw.exe
  C:\Windows\System\FYqNNyw.exe
  2⤵
  PID:4252
- C:\Windows\System\BqtmVGu.exe
  C:\Windows\System\BqtmVGu.exe
  2⤵
  PID:4268
- C:\Windows\System\iCVoxnl.exe
  C:\Windows\System\iCVoxnl.exe
  2⤵
  PID:4288
- C:\Windows\System\SAujmKq.exe
  C:\Windows\System\SAujmKq.exe
  2⤵
  PID:4304
- C:\Windows\System\rsZhUfL.exe
  C:\Windows\System\rsZhUfL.exe
  2⤵
  PID:4328
- C:\Windows\System\OMYqwoE.exe
  C:\Windows\System\OMYqwoE.exe
  2⤵
  PID:4348
- C:\Windows\System\JRwEUKb.exe
  C:\Windows\System\JRwEUKb.exe
  2⤵
  PID:4368
- C:\Windows\System\FILcenm.exe
  C:\Windows\System\FILcenm.exe
  2⤵
  PID:4388
- C:\Windows\System\UFXCviH.exe
  C:\Windows\System\UFXCviH.exe
  2⤵
  PID:4404
- C:\Windows\System\GkXsZly.exe
  C:\Windows\System\GkXsZly.exe
  2⤵
  PID:4424
- C:\Windows\System\BBvpgTX.exe
  C:\Windows\System\BBvpgTX.exe
  2⤵
  PID:4468
- C:\Windows\System\BKwQcag.exe
  C:\Windows\System\BKwQcag.exe
  2⤵
  PID:4488
- C:\Windows\System\IOBfUCr.exe
  C:\Windows\System\IOBfUCr.exe
  2⤵
  PID:4504
- C:\Windows\System\CZCkomn.exe
  C:\Windows\System\CZCkomn.exe
  2⤵
  PID:4520
- C:\Windows\System\YTeHSuJ.exe
  C:\Windows\System\YTeHSuJ.exe
  2⤵
  PID:4536
- C:\Windows\System\lefCDUP.exe
  C:\Windows\System\lefCDUP.exe
  2⤵
  PID:4556
- C:\Windows\System\gFrPsrU.exe
  C:\Windows\System\gFrPsrU.exe
  2⤵
  PID:4576
- C:\Windows\System\gjBHNUS.exe
  C:\Windows\System\gjBHNUS.exe
  2⤵
  PID:4596
- C:\Windows\System\STWfIjT.exe
  C:\Windows\System\STWfIjT.exe
  2⤵
  PID:4612
- C:\Windows\System\bMZUlyF.exe
  C:\Windows\System\bMZUlyF.exe
  2⤵
  PID:4628
- C:\Windows\System\PAmAEVA.exe
  C:\Windows\System\PAmAEVA.exe
  2⤵
  PID:4644
- C:\Windows\System\cPNgCOu.exe
  C:\Windows\System\cPNgCOu.exe
  2⤵
  PID:4660
- C:\Windows\System\ElgZmqQ.exe
  C:\Windows\System\ElgZmqQ.exe
  2⤵
  PID:4676
- C:\Windows\System\mYJdSET.exe
  C:\Windows\System\mYJdSET.exe
  2⤵
  PID:4692
- C:\Windows\System\nQJGnWU.exe
  C:\Windows\System\nQJGnWU.exe
  2⤵
  PID:4708
- C:\Windows\System\KwcDeZS.exe
  C:\Windows\System\KwcDeZS.exe
  2⤵
  PID:4724
- C:\Windows\System\wwkjeDU.exe
  C:\Windows\System\wwkjeDU.exe
  2⤵
  PID:4740
- C:\Windows\System\QZjoIQK.exe
  C:\Windows\System\QZjoIQK.exe
  2⤵
  PID:4760
- C:\Windows\System\oxCXUcD.exe
  C:\Windows\System\oxCXUcD.exe
  2⤵
  PID:4776
- C:\Windows\System\CIqIemG.exe
  C:\Windows\System\CIqIemG.exe
  2⤵
  PID:4792
- C:\Windows\System\VUQZbMl.exe
  C:\Windows\System\VUQZbMl.exe
  2⤵
  PID:4808
- C:\Windows\System\BpdGRrq.exe
  C:\Windows\System\BpdGRrq.exe
  2⤵
  PID:4824
- C:\Windows\System\Mdyionm.exe
  C:\Windows\System\Mdyionm.exe
  2⤵
  PID:4840
- C:\Windows\System\euGXofI.exe
  C:\Windows\System\euGXofI.exe
  2⤵
  PID:4856
- C:\Windows\System\iUGOtRx.exe
  C:\Windows\System\iUGOtRx.exe
  2⤵
  PID:4872
- C:\Windows\System\yVUYaZo.exe
  C:\Windows\System\yVUYaZo.exe
  2⤵
  PID:4888
- C:\Windows\System\lfpUDXL.exe
  C:\Windows\System\lfpUDXL.exe
  2⤵
  PID:4904
- C:\Windows\System\PCnCesm.exe
  C:\Windows\System\PCnCesm.exe
  2⤵
  PID:4920
- C:\Windows\System\FDEIGhU.exe
  C:\Windows\System\FDEIGhU.exe
  2⤵
  PID:4936
- C:\Windows\System\DoBVuhM.exe
  C:\Windows\System\DoBVuhM.exe
  2⤵
  PID:4952
- C:\Windows\System\WlQmSSj.exe
  C:\Windows\System\WlQmSSj.exe
  2⤵
  PID:4968
- C:\Windows\System\jaUvtiM.exe
  C:\Windows\System\jaUvtiM.exe
  2⤵
  PID:4984
- C:\Windows\System\arRiYgz.exe
  C:\Windows\System\arRiYgz.exe
  2⤵
  PID:5000
- C:\Windows\System\HCbVjfp.exe
  C:\Windows\System\HCbVjfp.exe
  2⤵
  PID:5016
- C:\Windows\System\oggUkkL.exe
  C:\Windows\System\oggUkkL.exe
  2⤵
  PID:5032
- C:\Windows\System\ITdwqXt.exe
  C:\Windows\System\ITdwqXt.exe
  2⤵
  PID:5048
- C:\Windows\System\gsABCri.exe
  C:\Windows\System\gsABCri.exe
  2⤵
  PID:5064
- C:\Windows\System\ScDvxvT.exe
  C:\Windows\System\ScDvxvT.exe
  2⤵
  PID:4244
- C:\Windows\System\sVsRVTf.exe
  C:\Windows\System\sVsRVTf.exe
  2⤵
  PID:4260
- C:\Windows\System\MYMbVco.exe
  C:\Windows\System\MYMbVco.exe
  2⤵
  PID:4248
- C:\Windows\System\LcDfosW.exe
  C:\Windows\System\LcDfosW.exe
  2⤵
  PID:4312
- C:\Windows\System\aAVKiYP.exe
  C:\Windows\System\aAVKiYP.exe
  2⤵
  PID:4356
- C:\Windows\System\ybmvCig.exe
  C:\Windows\System\ybmvCig.exe
  2⤵
  PID:4400
- C:\Windows\System\JZUPCFO.exe
  C:\Windows\System\JZUPCFO.exe
  2⤵
  PID:4444
- C:\Windows\System\OBLEcQr.exe
  C:\Windows\System\OBLEcQr.exe
  2⤵
  PID:4460
- C:\Windows\System\PHgVTfH.exe
  C:\Windows\System\PHgVTfH.exe
  2⤵
  PID:4336
- C:\Windows\System\hbJnHKV.exe
  C:\Windows\System\hbJnHKV.exe
  2⤵
  PID:4384
- C:\Windows\System\GLqxAkr.exe
  C:\Windows\System\GLqxAkr.exe
  2⤵
  PID:4420
- C:\Windows\System\cJAWzrD.exe
  C:\Windows\System\cJAWzrD.exe
  2⤵
  PID:4568
- C:\Windows\System\dxyxxoU.exe
  C:\Windows\System\dxyxxoU.exe
  2⤵
  PID:4300
- C:\Windows\System\WVqqdKr.exe
  C:\Windows\System\WVqqdKr.exe
  2⤵
  PID:4512
- C:\Windows\System\wFQQOwu.exe
  C:\Windows\System\wFQQOwu.exe
  2⤵
  PID:4548
- C:\Windows\System\PwcIPHU.exe
  C:\Windows\System\PwcIPHU.exe
  2⤵
  PID:4416
- C:\Windows\System\oXdLPMa.exe
  C:\Windows\System\oXdLPMa.exe
  2⤵
  PID:4672
- C:\Windows\System\ecBWNog.exe
  C:\Windows\System\ecBWNog.exe
  2⤵
  PID:4584
- C:\Windows\System\jMLCoOE.exe
  C:\Windows\System\jMLCoOE.exe
  2⤵
  PID:4732
- C:\Windows\System\FOnTMYE.exe
  C:\Windows\System\FOnTMYE.exe
  2⤵
  PID:4620
- C:\Windows\System\WNZodsf.exe
  C:\Windows\System\WNZodsf.exe
  2⤵
  PID:4768
- C:\Windows\System\ubZYxrc.exe
  C:\Windows\System\ubZYxrc.exe
  2⤵
  PID:4788
- C:\Windows\System\HKssgLU.exe
  C:\Windows\System\HKssgLU.exe
  2⤵
  PID:4000
- C:\Windows\System\wkleUCW.exe
  C:\Windows\System\wkleUCW.exe
  2⤵
  PID:4884
- C:\Windows\System\QMnPVGL.exe
  C:\Windows\System\QMnPVGL.exe
  2⤵
  PID:4868
- C:\Windows\System\csdgMjF.exe
  C:\Windows\System\csdgMjF.exe
  2⤵
  PID:4932
- C:\Windows\System\mBZgLaN.exe
  C:\Windows\System\mBZgLaN.exe
  2⤵
  PID:4852
- C:\Windows\System\VFCTzCL.exe
  C:\Windows\System\VFCTzCL.exe
  2⤵
  PID:4916
- C:\Windows\System\xRqfTzt.exe
  C:\Windows\System\xRqfTzt.exe
  2⤵
  PID:4992
- C:\Windows\System\dMVzuqc.exe
  C:\Windows\System\dMVzuqc.exe
  2⤵
  PID:5056
- C:\Windows\System\RoNosWj.exe
  C:\Windows\System\RoNosWj.exe
  2⤵
  PID:5072
- C:\Windows\System\rJhsgxn.exe
  C:\Windows\System\rJhsgxn.exe
  2⤵
  PID:5088
- C:\Windows\System\rGEMIJI.exe
  C:\Windows\System\rGEMIJI.exe
  2⤵
  PID:5112
- C:\Windows\System\YRLvLaA.exe
  C:\Windows\System\YRLvLaA.exe
  2⤵
  PID:3540
- C:\Windows\System\YSShXgY.exe
  C:\Windows\System\YSShXgY.exe
  2⤵
  PID:3992
- C:\Windows\System\eKvxluV.exe
  C:\Windows\System\eKvxluV.exe
  2⤵
  PID:3600
- C:\Windows\System\TdJJhVQ.exe
  C:\Windows\System\TdJJhVQ.exe
  2⤵
  PID:4164
- C:\Windows\System\LVBxnRX.exe
  C:\Windows\System\LVBxnRX.exe
  2⤵
  PID:3796
- C:\Windows\System\HFpRQvW.exe
  C:\Windows\System\HFpRQvW.exe
  2⤵
  PID:4116
- C:\Windows\System\JyQspZO.exe
  C:\Windows\System\JyQspZO.exe
  2⤵
  PID:4236
- C:\Windows\System\oAOUKXN.exe
  C:\Windows\System\oAOUKXN.exe
  2⤵
  PID:5076
- C:\Windows\System\kWQJJto.exe
  C:\Windows\System\kWQJJto.exe
  2⤵
  PID:4296
- C:\Windows\System\fmocmJz.exe
  C:\Windows\System\fmocmJz.exe
  2⤵
  PID:4432
- C:\Windows\System\AHBDySz.exe
  C:\Windows\System\AHBDySz.exe
  2⤵
  PID:4436
- C:\Windows\System\JQTPMIu.exe
  C:\Windows\System\JQTPMIu.exe
  2⤵
  PID:4376
- C:\Windows\System\AadGgeM.exe
  C:\Windows\System\AadGgeM.exe
  2⤵
  PID:4564
- C:\Windows\System\vVArIXc.exe
  C:\Windows\System\vVArIXc.exe
  2⤵
  PID:4484
- C:\Windows\System\tzqLDfC.exe
  C:\Windows\System\tzqLDfC.exe
  2⤵
  PID:4656
- C:\Windows\System\YMwuvih.exe
  C:\Windows\System\YMwuvih.exe
  2⤵
  PID:4412
- C:\Windows\System\utkncxB.exe
  C:\Windows\System\utkncxB.exe
  2⤵
  PID:4340
- C:\Windows\System\zRsoPxk.exe
  C:\Windows\System\zRsoPxk.exe
  2⤵
  PID:4704
- C:\Windows\System\iQLBvjI.exe
  C:\Windows\System\iQLBvjI.exe
  2⤵
  PID:4640
- C:\Windows\System\wITGVxD.exe
  C:\Windows\System\wITGVxD.exe
  2⤵
  PID:4816
- C:\Windows\System\PcXpEej.exe
  C:\Windows\System\PcXpEej.exe
  2⤵
  PID:4980
- C:\Windows\System\fnBOlxg.exe
  C:\Windows\System\fnBOlxg.exe
  2⤵
  PID:5040
- C:\Windows\System\aXmvlnB.exe
  C:\Windows\System\aXmvlnB.exe
  2⤵
  PID:5104
- C:\Windows\System\knOkvKC.exe
  C:\Windows\System\knOkvKC.exe
  2⤵
  PID:5084
- C:\Windows\System\lNeaOxf.exe
  C:\Windows\System\lNeaOxf.exe
  2⤵
  PID:4100
- C:\Windows\System\HuQCwTG.exe
  C:\Windows\System\HuQCwTG.exe
  2⤵
  PID:4132
- C:\Windows\System\JqGPHGj.exe
  C:\Windows\System\JqGPHGj.exe
  2⤵
  PID:4184
- C:\Windows\System\kbDMLEq.exe
  C:\Windows\System\kbDMLEq.exe
  2⤵
  PID:4396
- C:\Windows\System\TKEIpRp.exe
  C:\Windows\System\TKEIpRp.exe
  2⤵
  PID:4208
- C:\Windows\System\JloAhfF.exe
  C:\Windows\System\JloAhfF.exe
  2⤵
  PID:4324
- C:\Windows\System\MdORmDA.exe
  C:\Windows\System\MdORmDA.exe
  2⤵
  PID:4608
- C:\Windows\System\oyizfcn.exe
  C:\Windows\System\oyizfcn.exe
  2⤵
  PID:4864
- C:\Windows\System\sXXUpKv.exe
  C:\Windows\System\sXXUpKv.exe
  2⤵
  PID:4496
- C:\Windows\System\aRqvqzU.exe
  C:\Windows\System\aRqvqzU.exe
  2⤵
  PID:5096
- C:\Windows\System\FLEyUAl.exe
  C:\Windows\System\FLEyUAl.exe
  2⤵
  PID:3972
- C:\Windows\System\VqOYSas.exe
  C:\Windows\System\VqOYSas.exe
  2⤵
  PID:4880
- C:\Windows\System\xmSetyO.exe
  C:\Windows\System\xmSetyO.exe
  2⤵
  PID:4944
- C:\Windows\System\MJVaVtV.exe
  C:\Windows\System\MJVaVtV.exe
  2⤵
  PID:4160
- C:\Windows\System\BrEhqGo.exe
  C:\Windows\System\BrEhqGo.exe
  2⤵
  PID:4480
- C:\Windows\System\HTiCFzZ.exe
  C:\Windows\System\HTiCFzZ.exe
  2⤵
  PID:4948
- C:\Windows\System\gedbELe.exe
  C:\Windows\System\gedbELe.exe
  2⤵
  PID:4456
- C:\Windows\System\zIsmhth.exe
  C:\Windows\System\zIsmhth.exe
  2⤵
  PID:3952
- C:\Windows\System\fObJoFN.exe
  C:\Windows\System\fObJoFN.exe
  2⤵
  PID:5132
- C:\Windows\System\bINkmYE.exe
  C:\Windows\System\bINkmYE.exe
  2⤵
  PID:5148
- C:\Windows\System\zOcOrNJ.exe
  C:\Windows\System\zOcOrNJ.exe
  2⤵
  PID:5168
- C:\Windows\System\vfObLmt.exe
  C:\Windows\System\vfObLmt.exe
  2⤵
  PID:5184
- C:\Windows\System\oqRGByF.exe
  C:\Windows\System\oqRGByF.exe
  2⤵
  PID:5200
- C:\Windows\System\vEalmBc.exe
  C:\Windows\System\vEalmBc.exe
  2⤵
  PID:5216
- C:\Windows\System\zXbyKfD.exe
  C:\Windows\System\zXbyKfD.exe
  2⤵
  PID:5232
- C:\Windows\System\KIelheW.exe
  C:\Windows\System\KIelheW.exe
  2⤵
  PID:5248
- C:\Windows\System\WaMQkrM.exe
  C:\Windows\System\WaMQkrM.exe
  2⤵
  PID:5264
- C:\Windows\System\qtNMLWE.exe
  C:\Windows\System\qtNMLWE.exe
  2⤵
  PID:5280
- C:\Windows\System\kCpkbJn.exe
  C:\Windows\System\kCpkbJn.exe
  2⤵
  PID:5296
- C:\Windows\System\HkHuQLi.exe
  C:\Windows\System\HkHuQLi.exe
  2⤵
  PID:5312
- C:\Windows\System\jZLPGpx.exe
  C:\Windows\System\jZLPGpx.exe
  2⤵
  PID:5328
- C:\Windows\System\CvwOMUN.exe
  C:\Windows\System\CvwOMUN.exe
  2⤵
  PID:5344
- C:\Windows\System\RMkjbFy.exe
  C:\Windows\System\RMkjbFy.exe
  2⤵
  PID:5360
- C:\Windows\System\CBAbkIj.exe
  C:\Windows\System\CBAbkIj.exe
  2⤵
  PID:5376
- C:\Windows\System\DaRzinG.exe
  C:\Windows\System\DaRzinG.exe
  2⤵
  PID:5392
- C:\Windows\System\HOCYUrx.exe
  C:\Windows\System\HOCYUrx.exe
  2⤵
  PID:5408
- C:\Windows\System\eeJHFhX.exe
  C:\Windows\System\eeJHFhX.exe
  2⤵
  PID:5424
- C:\Windows\System\vOIwNAM.exe
  C:\Windows\System\vOIwNAM.exe
  2⤵
  PID:5440
- C:\Windows\System\TJmEqVF.exe
  C:\Windows\System\TJmEqVF.exe
  2⤵
  PID:5456
- C:\Windows\System\sLRflRq.exe
  C:\Windows\System\sLRflRq.exe
  2⤵
  PID:5472
- C:\Windows\System\gGIJsZk.exe
  C:\Windows\System\gGIJsZk.exe
  2⤵
  PID:5488
- C:\Windows\System\WPkVPUO.exe
  C:\Windows\System\WPkVPUO.exe
  2⤵
  PID:5504
- C:\Windows\System\JhfpXno.exe
  C:\Windows\System\JhfpXno.exe
  2⤵
  PID:5520
- C:\Windows\System\bcaxgFD.exe
  C:\Windows\System\bcaxgFD.exe
  2⤵
  PID:5536
- C:\Windows\System\pCyDKYN.exe
  C:\Windows\System\pCyDKYN.exe
  2⤵
  PID:5552
- C:\Windows\System\JsgLTNU.exe
  C:\Windows\System\JsgLTNU.exe
  2⤵
  PID:5568
- C:\Windows\System\yoejiZt.exe
  C:\Windows\System\yoejiZt.exe
  2⤵
  PID:5584
- C:\Windows\System\uNrZNQk.exe
  C:\Windows\System\uNrZNQk.exe
  2⤵
  PID:5600
- C:\Windows\System\hCYnNsz.exe
  C:\Windows\System\hCYnNsz.exe
  2⤵
  PID:5616
- C:\Windows\System\wWWYpaI.exe
  C:\Windows\System\wWWYpaI.exe
  2⤵
  PID:5632
- C:\Windows\System\XmyxWYI.exe
  C:\Windows\System\XmyxWYI.exe
  2⤵
  PID:5648
- C:\Windows\System\IhJCHEl.exe
  C:\Windows\System\IhJCHEl.exe
  2⤵
  PID:5664
- C:\Windows\System\yTjGKae.exe
  C:\Windows\System\yTjGKae.exe
  2⤵
  PID:5680
- C:\Windows\System\zviOrqp.exe
  C:\Windows\System\zviOrqp.exe
  2⤵
  PID:5696
- C:\Windows\System\GEVEiya.exe
  C:\Windows\System\GEVEiya.exe
  2⤵
  PID:5712
- C:\Windows\System\GvLMKGm.exe
  C:\Windows\System\GvLMKGm.exe
  2⤵
  PID:5728
- C:\Windows\System\nbQOvEg.exe
  C:\Windows\System\nbQOvEg.exe
  2⤵
  PID:5744
- C:\Windows\System\MtchnbE.exe
  C:\Windows\System\MtchnbE.exe
  2⤵
  PID:5760
- C:\Windows\System\QBQylfh.exe
  C:\Windows\System\QBQylfh.exe
  2⤵
  PID:5776
- C:\Windows\System\jUIwmEW.exe
  C:\Windows\System\jUIwmEW.exe
  2⤵
  PID:5792
- C:\Windows\System\QiUwKUR.exe
  C:\Windows\System\QiUwKUR.exe
  2⤵
  PID:5808
- C:\Windows\System\aDSXGQo.exe
  C:\Windows\System\aDSXGQo.exe
  2⤵
  PID:5824
- C:\Windows\System\cdVdjlx.exe
  C:\Windows\System\cdVdjlx.exe
  2⤵
  PID:5840
- C:\Windows\System\ffKVdAQ.exe
  C:\Windows\System\ffKVdAQ.exe
  2⤵
  PID:5856
- C:\Windows\System\wvOylFC.exe
  C:\Windows\System\wvOylFC.exe
  2⤵
  PID:5872
- C:\Windows\System\ApGxnEY.exe
  C:\Windows\System\ApGxnEY.exe
  2⤵
  PID:5892
- C:\Windows\System\CxqdDOQ.exe
  C:\Windows\System\CxqdDOQ.exe
  2⤵
  PID:5908
- C:\Windows\System\tQixeBq.exe
  C:\Windows\System\tQixeBq.exe
  2⤵
  PID:5924
- C:\Windows\System\JEbRTMc.exe
  C:\Windows\System\JEbRTMc.exe
  2⤵
  PID:5940
- C:\Windows\System\YQLRUKn.exe
  C:\Windows\System\YQLRUKn.exe
  2⤵
  PID:5956
- C:\Windows\System\EcORILm.exe
  C:\Windows\System\EcORILm.exe
  2⤵
  PID:5972
- C:\Windows\System\hpcRMzo.exe
  C:\Windows\System\hpcRMzo.exe
  2⤵
  PID:5988
- C:\Windows\System\BgTWMGn.exe
  C:\Windows\System\BgTWMGn.exe
  2⤵
  PID:6004
- C:\Windows\System\yrBdSZs.exe
  C:\Windows\System\yrBdSZs.exe
  2⤵
  PID:6020
- C:\Windows\System\hirmQeW.exe
  C:\Windows\System\hirmQeW.exe
  2⤵
  PID:6036
- C:\Windows\System\HWNmgos.exe
  C:\Windows\System\HWNmgos.exe
  2⤵
  PID:6052
- C:\Windows\System\WNOzgYS.exe
  C:\Windows\System\WNOzgYS.exe
  2⤵
  PID:6068
- C:\Windows\System\JBvHUnm.exe
  C:\Windows\System\JBvHUnm.exe
  2⤵
  PID:6084
- C:\Windows\System\VGGmLjs.exe
  C:\Windows\System\VGGmLjs.exe
  2⤵
  PID:6100
- C:\Windows\System\tQbjPZS.exe
  C:\Windows\System\tQbjPZS.exe
  2⤵
  PID:6116
- C:\Windows\System\Hzqjjlf.exe
  C:\Windows\System\Hzqjjlf.exe
  2⤵
  PID:6132
- C:\Windows\System\VMVJNBu.exe
  C:\Windows\System\VMVJNBu.exe
  2⤵
  PID:4804
- C:\Windows\System\pLqZFmY.exe
  C:\Windows\System\pLqZFmY.exe
  2⤵
  PID:3332
- C:\Windows\System\SMWavsH.exe
  C:\Windows\System\SMWavsH.exe
  2⤵
  PID:5128
- C:\Windows\System\jDHyXpo.exe
  C:\Windows\System\jDHyXpo.exe
  2⤵
  PID:5156
- C:\Windows\System\oxEwILD.exe
  C:\Windows\System\oxEwILD.exe
  2⤵
  PID:5180
- C:\Windows\System\VNTWZht.exe
  C:\Windows\System\VNTWZht.exe
  2⤵
  PID:5144
- C:\Windows\System\sJCxtpk.exe
  C:\Windows\System\sJCxtpk.exe
  2⤵
  PID:5256
- C:\Windows\System\SUdhHNx.exe
  C:\Windows\System\SUdhHNx.exe
  2⤵
  PID:5244
- C:\Windows\System\WeLvRaw.exe
  C:\Windows\System\WeLvRaw.exe
  2⤵
  PID:5304
- C:\Windows\System\ufgBFNy.exe
  C:\Windows\System\ufgBFNy.exe
  2⤵
  PID:5308
- C:\Windows\System\XqLzYIh.exe
  C:\Windows\System\XqLzYIh.exe
  2⤵
  PID:5368
- C:\Windows\System\AuglKpw.exe
  C:\Windows\System\AuglKpw.exe
  2⤵
  PID:5340
- C:\Windows\System\tHmxMNF.exe
  C:\Windows\System\tHmxMNF.exe
  2⤵
  PID:5404
- C:\Windows\System\zAPjblv.exe
  C:\Windows\System\zAPjblv.exe
  2⤵
  PID:5452
- C:\Windows\System\aPIPlHt.exe
  C:\Windows\System\aPIPlHt.exe
  2⤵
  PID:5512
- C:\Windows\System\uXtsFav.exe
  C:\Windows\System\uXtsFav.exe
  2⤵
  PID:5464
- C:\Windows\System\HrAdMhZ.exe
  C:\Windows\System\HrAdMhZ.exe
  2⤵
  PID:5560
- C:\Windows\System\IHLfKud.exe
  C:\Windows\System\IHLfKud.exe
  2⤵
  PID:5532
- C:\Windows\System\IJPZEcB.exe
  C:\Windows\System\IJPZEcB.exe
  2⤵
  PID:5640
- C:\Windows\System\VIMFxRw.exe
  C:\Windows\System\VIMFxRw.exe
  2⤵
  PID:5644
- C:\Windows\System\bhmCasW.exe
  C:\Windows\System\bhmCasW.exe
  2⤵
  PID:5676
- C:\Windows\System\rkZPlBT.exe
  C:\Windows\System\rkZPlBT.exe
  2⤵
  PID:5740
- C:\Windows\System\EUFznAr.exe
  C:\Windows\System\EUFznAr.exe
  2⤵
  PID:5756
- C:\Windows\System\GxbnsEw.exe
  C:\Windows\System\GxbnsEw.exe
  2⤵
  PID:5768
- C:\Windows\System\bzFNKZU.exe
  C:\Windows\System\bzFNKZU.exe
  2⤵
  PID:5836
- C:\Windows\System\qNyCGlK.exe
  C:\Windows\System\qNyCGlK.exe
  2⤵
  PID:5848
- C:\Windows\System\RNdIKZV.exe
  C:\Windows\System\RNdIKZV.exe
  2⤵
  PID:5900
- C:\Windows\System\SLsqtZM.exe
  C:\Windows\System\SLsqtZM.exe
  2⤵
  PID:5932
- C:\Windows\System\CWDjDHH.exe
  C:\Windows\System\CWDjDHH.exe
  2⤵
  PID:5968
- C:\Windows\System\UhRVOtr.exe
  C:\Windows\System\UhRVOtr.exe
  2⤵
  PID:5980
- C:\Windows\System\SVIfSrp.exe
  C:\Windows\System\SVIfSrp.exe
  2⤵
  PID:6028
- C:\Windows\System\fdrrPou.exe
  C:\Windows\System\fdrrPou.exe
  2⤵
  PID:6032
- C:\Windows\System\mtpPmGV.exe
  C:\Windows\System\mtpPmGV.exe
  2⤵
  PID:6048
- C:\Windows\System\IRqzjcG.exe
  C:\Windows\System\IRqzjcG.exe
  2⤵
  PID:6092
- C:\Windows\System\LVBcxrE.exe
  C:\Windows\System\LVBcxrE.exe
  2⤵
  PID:4364
- C:\Windows\System\isqHsQm.exe
  C:\Windows\System\isqHsQm.exe
  2⤵
  PID:5224
- C:\Windows\System\ZdDLrMz.exe
  C:\Windows\System\ZdDLrMz.exe
  2⤵
  PID:5356
- C:\Windows\System\QCmQoxj.exe
  C:\Windows\System\QCmQoxj.exe
  2⤵
  PID:5384
- C:\Windows\System\jBlSBZl.exe
  C:\Windows\System\jBlSBZl.exe
  2⤵
  PID:5372
- C:\Windows\System\qDylNyf.exe
  C:\Windows\System\qDylNyf.exe
  2⤵
  PID:5388
- C:\Windows\System\uUSNPWA.exe
  C:\Windows\System\uUSNPWA.exe
  2⤵
  PID:5484
- C:\Windows\System\VdIRARY.exe
  C:\Windows\System\VdIRARY.exe
  2⤵
  PID:5612
- C:\Windows\System\OTelaVA.exe
  C:\Windows\System\OTelaVA.exe
  2⤵
  PID:5548
- C:\Windows\System\HPaTZXI.exe
  C:\Windows\System\HPaTZXI.exe
  2⤵
  PID:5708
- C:\Windows\System\rPftjOi.exe
  C:\Windows\System\rPftjOi.exe
  2⤵
  PID:5772
- C:\Windows\System\ixpLHSF.exe
  C:\Windows\System\ixpLHSF.exe
  2⤵
  PID:5692
- C:\Windows\System\MeJmwlp.exe
  C:\Windows\System\MeJmwlp.exe
  2⤵
  PID:5868
- C:\Windows\System\QbQkeAR.exe
  C:\Windows\System\QbQkeAR.exe
  2⤵
  PID:5752
- C:\Windows\System\hqGXUiu.exe
  C:\Windows\System\hqGXUiu.exe
  2⤵
  PID:5996
- C:\Windows\System\CgDIQwO.exe
  C:\Windows\System\CgDIQwO.exe
  2⤵
  PID:5964
- C:\Windows\System\rymhjOi.exe
  C:\Windows\System\rymhjOi.exe
  2⤵
  PID:5888
- C:\Windows\System\mymExCZ.exe
  C:\Windows\System\mymExCZ.exe
  2⤵
  PID:4756
- C:\Windows\System\KfNXcLe.exe
  C:\Windows\System\KfNXcLe.exe
  2⤵
  PID:4700
- C:\Windows\System\ZtooZXr.exe
  C:\Windows\System\ZtooZXr.exe
  2⤵
  PID:5324
- C:\Windows\System\IcSXfIT.exe
  C:\Windows\System\IcSXfIT.exe
  2⤵
  PID:5400
- C:\Windows\System\jihgJFy.exe
  C:\Windows\System\jihgJFy.exe
  2⤵
  PID:5420
- C:\Windows\System\SzWqkfn.exe
  C:\Windows\System\SzWqkfn.exe
  2⤵
  PID:5660
- C:\Windows\System\UBvQqec.exe
  C:\Windows\System\UBvQqec.exe
  2⤵
  PID:5724
- C:\Windows\System\TYFuVSA.exe
  C:\Windows\System\TYFuVSA.exe
  2⤵
  PID:5596
- C:\Windows\System\yJtRMAU.exe
  C:\Windows\System\yJtRMAU.exe
  2⤵
  PID:6012
- C:\Windows\System\puPukrA.exe
  C:\Windows\System\puPukrA.exe
  2⤵
  PID:2960
- C:\Windows\System\JgGVmdw.exe
  C:\Windows\System\JgGVmdw.exe
  2⤵
  PID:6064
- C:\Windows\System\TxEGqNU.exe
  C:\Windows\System\TxEGqNU.exe
  2⤵
  PID:5140
- C:\Windows\System\LbBxdyI.exe
  C:\Windows\System\LbBxdyI.exe
  2⤵
  PID:5176
- C:\Windows\System\LBvwUeK.exe
  C:\Windows\System\LBvwUeK.exe
  2⤵
  PID:5436
- C:\Windows\System\GYIzapZ.exe
  C:\Windows\System\GYIzapZ.exe
  2⤵
  PID:5832
- C:\Windows\System\pXgvZLq.exe
  C:\Windows\System\pXgvZLq.exe
  2⤵
  PID:6044
- C:\Windows\System\hwgQTwR.exe
  C:\Windows\System\hwgQTwR.exe
  2⤵
  PID:4964
- C:\Windows\System\HLNlehJ.exe
  C:\Windows\System\HLNlehJ.exe
  2⤵
  PID:6156
- C:\Windows\System\fzfKIYG.exe
  C:\Windows\System\fzfKIYG.exe
  2⤵
  PID:6172
- C:\Windows\System\opSqkrF.exe
  C:\Windows\System\opSqkrF.exe
  2⤵
  PID:6188
- C:\Windows\System\BrSTiHQ.exe
  C:\Windows\System\BrSTiHQ.exe
  2⤵
  PID:6204
- C:\Windows\System\OSZZUul.exe
  C:\Windows\System\OSZZUul.exe
  2⤵
  PID:6224
- C:\Windows\System\EHogecy.exe
  C:\Windows\System\EHogecy.exe
  2⤵
  PID:6244
- C:\Windows\System\VuKNcyl.exe
  C:\Windows\System\VuKNcyl.exe
  2⤵
  PID:6260
- C:\Windows\System\GRYnBge.exe
  C:\Windows\System\GRYnBge.exe
  2⤵
  PID:6276
- C:\Windows\System\xRxpiqd.exe
  C:\Windows\System\xRxpiqd.exe
  2⤵
  PID:6292
- C:\Windows\System\gtIKzFl.exe
  C:\Windows\System\gtIKzFl.exe
  2⤵
  PID:6308
- C:\Windows\System\lWLVKRm.exe
  C:\Windows\System\lWLVKRm.exe
  2⤵
  PID:6324
- C:\Windows\System\JcDQiwE.exe
  C:\Windows\System\JcDQiwE.exe
  2⤵
  PID:6340
- C:\Windows\System\FbTvWjK.exe
  C:\Windows\System\FbTvWjK.exe
  2⤵
  PID:6356
- C:\Windows\System\TFxRjUv.exe
  C:\Windows\System\TFxRjUv.exe
  2⤵
  PID:6372
- C:\Windows\System\HGidThp.exe
  C:\Windows\System\HGidThp.exe
  2⤵
  PID:6388
- C:\Windows\System\nrDABny.exe
  C:\Windows\System\nrDABny.exe
  2⤵
  PID:6404
- C:\Windows\System\TEohQKq.exe
  C:\Windows\System\TEohQKq.exe
  2⤵
  PID:6420
- C:\Windows\System\EUWWkKc.exe
  C:\Windows\System\EUWWkKc.exe
  2⤵
  PID:6436
- C:\Windows\System\rRZZSII.exe
  C:\Windows\System\rRZZSII.exe
  2⤵
  PID:6452
- C:\Windows\System\kDAobIn.exe
  C:\Windows\System\kDAobIn.exe
  2⤵
  PID:6468
- C:\Windows\System\qcykzVF.exe
  C:\Windows\System\qcykzVF.exe
  2⤵
  PID:6484
- C:\Windows\System\WEpAeiQ.exe
  C:\Windows\System\WEpAeiQ.exe
  2⤵
  PID:6500
- C:\Windows\System\ScKSqqj.exe
  C:\Windows\System\ScKSqqj.exe
  2⤵
  PID:6516
- C:\Windows\System\ZlhDdAg.exe
  C:\Windows\System\ZlhDdAg.exe
  2⤵
  PID:6532
- C:\Windows\System\lhKXouk.exe
  C:\Windows\System\lhKXouk.exe
  2⤵
  PID:6548
- C:\Windows\System\LoaSAZY.exe
  C:\Windows\System\LoaSAZY.exe
  2⤵
  PID:6564
- C:\Windows\System\kmZSbAM.exe
  C:\Windows\System\kmZSbAM.exe
  2⤵
  PID:6580
- C:\Windows\System\FdKgNTI.exe
  C:\Windows\System\FdKgNTI.exe
  2⤵
  PID:6596
- C:\Windows\System\tFKxazF.exe
  C:\Windows\System\tFKxazF.exe
  2⤵
  PID:6612
- C:\Windows\System\wcKDFuO.exe
  C:\Windows\System\wcKDFuO.exe
  2⤵
  PID:6628
- C:\Windows\System\KPGQBHD.exe
  C:\Windows\System\KPGQBHD.exe
  2⤵
  PID:6644
- C:\Windows\System\yFTNCsr.exe
  C:\Windows\System\yFTNCsr.exe
  2⤵
  PID:6664
- C:\Windows\System\uSQNzEC.exe
  C:\Windows\System\uSQNzEC.exe
  2⤵
  PID:6680
- C:\Windows\System\CvRHIMe.exe
  C:\Windows\System\CvRHIMe.exe
  2⤵
  PID:6696
- C:\Windows\System\ukueVqp.exe
  C:\Windows\System\ukueVqp.exe
  2⤵
  PID:6712
- C:\Windows\System\NJFXtcV.exe
  C:\Windows\System\NJFXtcV.exe
  2⤵
  PID:6728
- C:\Windows\System\FFdrdcn.exe
  C:\Windows\System\FFdrdcn.exe
  2⤵
  PID:6744
- C:\Windows\System\dBUYUWI.exe
  C:\Windows\System\dBUYUWI.exe
  2⤵
  PID:6764
- C:\Windows\System\qbDhBhm.exe
  C:\Windows\System\qbDhBhm.exe
  2⤵
  PID:6780
- C:\Windows\System\RYbkskV.exe
  C:\Windows\System\RYbkskV.exe
  2⤵
  PID:6800
- C:\Windows\System\PkUvgCq.exe
  C:\Windows\System\PkUvgCq.exe
  2⤵
  PID:6816
- C:\Windows\System\JgAMnQR.exe
  C:\Windows\System\JgAMnQR.exe
  2⤵
  PID:6832
- C:\Windows\System\pWVMPED.exe
  C:\Windows\System\pWVMPED.exe
  2⤵
  PID:6848
- C:\Windows\System\YJXOuYP.exe
  C:\Windows\System\YJXOuYP.exe
  2⤵
  PID:6864
- C:\Windows\System\vNjQHIb.exe
  C:\Windows\System\vNjQHIb.exe
  2⤵
  PID:6880
- C:\Windows\System\hQKUpVP.exe
  C:\Windows\System\hQKUpVP.exe
  2⤵
  PID:6896
- C:\Windows\System\WujVPfm.exe
  C:\Windows\System\WujVPfm.exe
  2⤵
  PID:6912
- C:\Windows\System\NJFfTpw.exe
  C:\Windows\System\NJFfTpw.exe
  2⤵
  PID:6928
- C:\Windows\System\qxbfUnf.exe
  C:\Windows\System\qxbfUnf.exe
  2⤵
  PID:6944
- C:\Windows\System\SNjFBUs.exe
  C:\Windows\System\SNjFBUs.exe
  2⤵
  PID:6960
- C:\Windows\System\OvQbezv.exe
  C:\Windows\System\OvQbezv.exe
  2⤵
  PID:6980
- C:\Windows\System\RnxIRsN.exe
  C:\Windows\System\RnxIRsN.exe
  2⤵
  PID:7000
- C:\Windows\System\KqNzYae.exe
  C:\Windows\System\KqNzYae.exe
  2⤵
  PID:7016
- C:\Windows\System\hRqWnzD.exe
  C:\Windows\System\hRqWnzD.exe
  2⤵
  PID:7032
- C:\Windows\System\jJCuEgM.exe
  C:\Windows\System\jJCuEgM.exe
  2⤵
  PID:7048
- C:\Windows\System\xgoEtSj.exe
  C:\Windows\System\xgoEtSj.exe
  2⤵
  PID:7068
- C:\Windows\System\jfIdBaw.exe
  C:\Windows\System\jfIdBaw.exe
  2⤵
  PID:7084
- C:\Windows\System\fwcEADw.exe
  C:\Windows\System\fwcEADw.exe
  2⤵
  PID:7112
- C:\Windows\System\rNIlJHH.exe
  C:\Windows\System\rNIlJHH.exe
  2⤵
  PID:7128
- C:\Windows\System\IpiLWUg.exe
  C:\Windows\System\IpiLWUg.exe
  2⤵
  PID:7144
- C:\Windows\System\uVaCpru.exe
  C:\Windows\System\uVaCpru.exe
  2⤵
  PID:7160
- C:\Windows\System\aRZRwKE.exe
  C:\Windows\System\aRZRwKE.exe
  2⤵
  PID:6152
- C:\Windows\System\NwUHLbs.exe
  C:\Windows\System\NwUHLbs.exe
  2⤵
  PID:6220
- C:\Windows\System\OqeDAtz.exe
  C:\Windows\System\OqeDAtz.exe
  2⤵
  PID:6316
- C:\Windows\System\xkFUpqS.exe
  C:\Windows\System\xkFUpqS.exe
  2⤵
  PID:6352
- C:\Windows\System\tXQQFjN.exe
  C:\Windows\System\tXQQFjN.exe
  2⤵
  PID:6196
- C:\Windows\System\aKRkgiw.exe
  C:\Windows\System\aKRkgiw.exe
  2⤵
  PID:5260
- C:\Windows\System\soAsnSa.exe
  C:\Windows\System\soAsnSa.exe
  2⤵
  PID:6304
- C:\Windows\System\PEhRpXi.exe
  C:\Windows\System\PEhRpXi.exe
  2⤵
  PID:6368
- C:\Windows\System\BsUMkqf.exe
  C:\Windows\System\BsUMkqf.exe
  2⤵
  PID:6432
- C:\Windows\System\DgPjywI.exe
  C:\Windows\System\DgPjywI.exe
  2⤵
  PID:6412
- C:\Windows\System\cRaqEtK.exe
  C:\Windows\System\cRaqEtK.exe
  2⤵
  PID:6540
- C:\Windows\System\QgznHFA.exe
  C:\Windows\System\QgznHFA.exe
  2⤵
  PID:6492
- C:\Windows\System\BFXkKtW.exe
  C:\Windows\System\BFXkKtW.exe
  2⤵
  PID:6576
- C:\Windows\System\jWaMLFh.exe
  C:\Windows\System\jWaMLFh.exe
  2⤵
  PID:6556
- C:\Windows\System\jgHrBdg.exe
  C:\Windows\System\jgHrBdg.exe
  2⤵
  PID:6620
- C:\Windows\System\bBvnrJL.exe
  C:\Windows\System\bBvnrJL.exe
  2⤵
  PID:6636
- C:\Windows\System\xOfHUfC.exe
  C:\Windows\System\xOfHUfC.exe
  2⤵
  PID:2576
- C:\Windows\System\WxWYYeI.exe
  C:\Windows\System\WxWYYeI.exe
  2⤵
  PID:2548
- C:\Windows\System\btVhyEp.exe
  C:\Windows\System\btVhyEp.exe
  2⤵
  PID:6652
- C:\Windows\System\cjxhnSM.exe
  C:\Windows\System\cjxhnSM.exe
  2⤵
  PID:320
- C:\Windows\System\yXwfJKU.exe
  C:\Windows\System\yXwfJKU.exe
  2⤵
  PID:2448
- C:\Windows\System\YmsneiQ.exe
  C:\Windows\System\YmsneiQ.exe
  2⤵
  PID:6776
- C:\Windows\System\KKPggvi.exe
  C:\Windows\System\KKPggvi.exe
  2⤵
  PID:6840
- C:\Windows\System\QEaPfWu.exe
  C:\Windows\System\QEaPfWu.exe
  2⤵
  PID:6788
- C:\Windows\System\REsPKVh.exe
  C:\Windows\System\REsPKVh.exe
  2⤵
  PID:6824
- C:\Windows\System\dZpbwCs.exe
  C:\Windows\System\dZpbwCs.exe
  2⤵
  PID:6876
- C:\Windows\System\bXNsehq.exe
  C:\Windows\System\bXNsehq.exe
  2⤵
  PID:6904
- C:\Windows\System\nsktBLP.exe
  C:\Windows\System\nsktBLP.exe
  2⤵
  PID:6940
- C:\Windows\System\jtoSlNa.exe
  C:\Windows\System\jtoSlNa.exe
  2⤵
  PID:7008
- C:\Windows\System\SrBLZzJ.exe
  C:\Windows\System\SrBLZzJ.exe
  2⤵
  PID:7044
- C:\Windows\System\kUQzNHD.exe
  C:\Windows\System\kUQzNHD.exe
  2⤵
  PID:6956
- C:\Windows\System\sEoqVEZ.exe
  C:\Windows\System\sEoqVEZ.exe
  2⤵
  PID:7028
- C:\Windows\System\XbKcYao.exe
  C:\Windows\System\XbKcYao.exe
  2⤵
  PID:7080
- C:\Windows\System\mvZoMnp.exe
  C:\Windows\System\mvZoMnp.exe
  2⤵
  PID:7108
- C:\Windows\System\UbJxlmj.exe
  C:\Windows\System\UbJxlmj.exe
  2⤵
  PID:7136
- C:\Windows\System\xIMlMhj.exe
  C:\Windows\System\xIMlMhj.exe
  2⤵
  PID:3168
- C:\Windows\System\VmFJvYu.exe
  C:\Windows\System\VmFJvYu.exe
  2⤵
  PID:6212
- C:\Windows\System\EAsaOdL.exe
  C:\Windows\System\EAsaOdL.exe
  2⤵
  PID:6300
- C:\Windows\System\BBuzsXr.exe
  C:\Windows\System\BBuzsXr.exe
  2⤵
  PID:6364
- C:\Windows\System\ExSVBvC.exe
  C:\Windows\System\ExSVBvC.exe
  2⤵
  PID:6112
- C:\Windows\System\HiwQIcm.exe
  C:\Windows\System\HiwQIcm.exe
  2⤵
  PID:596
- C:\Windows\System\rigUChb.exe
  C:\Windows\System\rigUChb.exe
  2⤵
  PID:6272
- C:\Windows\System\GKPqUUw.exe
  C:\Windows\System\GKPqUUw.exe
  2⤵
  PID:2844
- C:\Windows\System\OpcAvbT.exe
  C:\Windows\System\OpcAvbT.exe
  2⤵
  PID:6572
- C:\Windows\System\BMIcEGI.exe
  C:\Windows\System\BMIcEGI.exe
  2⤵
  PID:6464
- C:\Windows\System\gWQkjNf.exe
  C:\Windows\System\gWQkjNf.exe
  2⤵
  PID:6688
- C:\Windows\System\SRYbEQx.exe
  C:\Windows\System\SRYbEQx.exe
  2⤵
  PID:6608
- C:\Windows\System\lLqYNSk.exe
  C:\Windows\System\lLqYNSk.exe
  2⤵
  PID:6676
- C:\Windows\System\TLqiajh.exe
  C:\Windows\System\TLqiajh.exe
  2⤵
  PID:6792
- C:\Windows\System\WUnApAh.exe
  C:\Windows\System\WUnApAh.exe
  2⤵
  PID:6512
- C:\Windows\System\qzDsDDV.exe
  C:\Windows\System\qzDsDDV.exe
  2⤵
  PID:6952
- C:\Windows\System\RNoTdsF.exe
  C:\Windows\System\RNoTdsF.exe
  2⤵
  PID:7060
- C:\Windows\System\gWczbAU.exe
  C:\Windows\System\gWczbAU.exe
  2⤵
  PID:7064
- C:\Windows\System\GWNoiVi.exe
  C:\Windows\System\GWNoiVi.exe
  2⤵
  PID:7100
- C:\Windows\System\AGqAIsI.exe
  C:\Windows\System\AGqAIsI.exe
  2⤵
  PID:6796
- C:\Windows\System\cDNHoIp.exe
  C:\Windows\System\cDNHoIp.exe
  2⤵
  PID:6016
- C:\Windows\System\tUAKCkZ.exe
  C:\Windows\System\tUAKCkZ.exe
  2⤵
  PID:6400
- C:\Windows\System\YHhZiLI.exe
  C:\Windows\System\YHhZiLI.exe
  2⤵
  PID:2896
- C:\Windows\System\moSwyWQ.exe
  C:\Windows\System\moSwyWQ.exe
  2⤵
  PID:6640
- C:\Windows\System\RwwxXex.exe
  C:\Windows\System\RwwxXex.exe
  2⤵
  PID:2420
- C:\Windows\System\AWvhwNr.exe
  C:\Windows\System\AWvhwNr.exe
  2⤵
  PID:6888
- C:\Windows\System\JGkytQE.exe
  C:\Windows\System\JGkytQE.exe
  2⤵
  PID:6844
- C:\Windows\System\ZgwQduk.exe
  C:\Windows\System\ZgwQduk.exe
  2⤵
  PID:6348
- C:\Windows\System\OfcSVDy.exe
  C:\Windows\System\OfcSVDy.exe
  2⤵
  PID:6920
- C:\Windows\System\kPDJjJY.exe
  C:\Windows\System\kPDJjJY.exe
  2⤵
  PID:6184
- C:\Windows\System\WnanLwy.exe
  C:\Windows\System\WnanLwy.exe
  2⤵
  PID:6236
- C:\Windows\System\dffTtBz.exe
  C:\Windows\System\dffTtBz.exe
  2⤵
  PID:2120
- C:\Windows\System\iPRwEFI.exe
  C:\Windows\System\iPRwEFI.exe
  2⤵
  PID:6808
- C:\Windows\System\sJculyh.exe
  C:\Windows\System\sJculyh.exe
  2⤵
  PID:6996
- C:\Windows\System\zAVDVYp.exe
  C:\Windows\System\zAVDVYp.exe
  2⤵
  PID:6200
- C:\Windows\System\wXAYwkb.exe
  C:\Windows\System\wXAYwkb.exe
  2⤵
  PID:6660
- C:\Windows\System\MUPMhgW.exe
  C:\Windows\System\MUPMhgW.exe
  2⤵
  PID:6988
- C:\Windows\System\NcENTdR.exe
  C:\Windows\System\NcENTdR.exe
  2⤵
  PID:6480
- C:\Windows\System\WYqrnTU.exe
  C:\Windows\System\WYqrnTU.exe
  2⤵
  PID:7176
- C:\Windows\System\MUpvtnP.exe
  C:\Windows\System\MUpvtnP.exe
  2⤵
  PID:7192
- C:\Windows\System\GfBaGaM.exe
  C:\Windows\System\GfBaGaM.exe
  2⤵
  PID:7292
- C:\Windows\System\XOISrBD.exe
  C:\Windows\System\XOISrBD.exe
  2⤵
  PID:7316
- C:\Windows\System\PudkFDR.exe
  C:\Windows\System\PudkFDR.exe
  2⤵
  PID:7332
- C:\Windows\System\TZhKnDL.exe
  C:\Windows\System\TZhKnDL.exe
  2⤵
  PID:7352
- C:\Windows\System\qaInTPY.exe
  C:\Windows\System\qaInTPY.exe
  2⤵
  PID:7368
- C:\Windows\System\CPIjCJL.exe
  C:\Windows\System\CPIjCJL.exe
  2⤵
  PID:7400
- C:\Windows\System\mPJPwXP.exe
  C:\Windows\System\mPJPwXP.exe
  2⤵
  PID:7420
- C:\Windows\System\qDzmMDP.exe
  C:\Windows\System\qDzmMDP.exe
  2⤵
  PID:7436
- C:\Windows\System\NeCSSYv.exe
  C:\Windows\System\NeCSSYv.exe
  2⤵
  PID:7452
- C:\Windows\System\ovPQNOU.exe
  C:\Windows\System\ovPQNOU.exe
  2⤵
  PID:7468
- C:\Windows\System\ErDXGTB.exe
  C:\Windows\System\ErDXGTB.exe
  2⤵
  PID:7492
- C:\Windows\System\GcvjAbE.exe
  C:\Windows\System\GcvjAbE.exe
  2⤵
  PID:7508
- C:\Windows\System\gSbICOK.exe
  C:\Windows\System\gSbICOK.exe
  2⤵
  PID:7524
- C:\Windows\System\Kzinnin.exe
  C:\Windows\System\Kzinnin.exe
  2⤵
  PID:7540
- C:\Windows\System\YpFTqGm.exe
  C:\Windows\System\YpFTqGm.exe
  2⤵
  PID:7556
- C:\Windows\System\YoezDgm.exe
  C:\Windows\System\YoezDgm.exe
  2⤵
  PID:7576
- C:\Windows\System\UuiYKyn.exe
  C:\Windows\System\UuiYKyn.exe
  2⤵
  PID:7592
- C:\Windows\System\nIkVVtj.exe
  C:\Windows\System\nIkVVtj.exe
  2⤵
  PID:7608
- C:\Windows\System\NgYgnZD.exe
  C:\Windows\System\NgYgnZD.exe
  2⤵
  PID:7624
- C:\Windows\System\XFrtDHM.exe
  C:\Windows\System\XFrtDHM.exe
  2⤵
  PID:7644
- C:\Windows\System\chsnuNh.exe
  C:\Windows\System\chsnuNh.exe
  2⤵
  PID:7660
- C:\Windows\System\EntWfMv.exe
  C:\Windows\System\EntWfMv.exe
  2⤵
  PID:7680
- C:\Windows\System\fpqHtoz.exe
  C:\Windows\System\fpqHtoz.exe
  2⤵
  PID:7696
- C:\Windows\System\hAiJtWf.exe
  C:\Windows\System\hAiJtWf.exe
  2⤵
  PID:7712
- C:\Windows\System\HXgNyVq.exe
  C:\Windows\System\HXgNyVq.exe
  2⤵
  PID:7732
- C:\Windows\System\gMbjcrF.exe
  C:\Windows\System\gMbjcrF.exe
  2⤵
  PID:7752
- C:\Windows\System\ErwQLqG.exe
  C:\Windows\System\ErwQLqG.exe
  2⤵
  PID:7768
- C:\Windows\System\BvJjSSQ.exe
  C:\Windows\System\BvJjSSQ.exe
  2⤵
  PID:7788
- C:\Windows\System\bWkqdmc.exe
  C:\Windows\System\bWkqdmc.exe
  2⤵
  PID:7804
- C:\Windows\System\MvfGtZR.exe
  C:\Windows\System\MvfGtZR.exe
  2⤵
  PID:7828
- C:\Windows\System\gvAiqCx.exe
  C:\Windows\System\gvAiqCx.exe
  2⤵
  PID:7844
- C:\Windows\System\loHRdSw.exe
  C:\Windows\System\loHRdSw.exe
  2⤵
  PID:7860
- C:\Windows\System\POUFNXW.exe
  C:\Windows\System\POUFNXW.exe
  2⤵
  PID:7880
- C:\Windows\System\lbxLdFj.exe
  C:\Windows\System\lbxLdFj.exe
  2⤵
  PID:7896
- C:\Windows\System\RqipPsQ.exe
  C:\Windows\System\RqipPsQ.exe
  2⤵
  PID:7916
- C:\Windows\System\LjyntwP.exe
  C:\Windows\System\LjyntwP.exe
  2⤵
  PID:7936
- C:\Windows\System\gmuHmEc.exe
  C:\Windows\System\gmuHmEc.exe
  2⤵
  PID:7952
- C:\Windows\System\frdMdYg.exe
  C:\Windows\System\frdMdYg.exe
  2⤵
  PID:7968
- C:\Windows\System\mlURSFU.exe
  C:\Windows\System\mlURSFU.exe
  2⤵
  PID:7984
- C:\Windows\System\bitGbrL.exe
  C:\Windows\System\bitGbrL.exe
  2⤵
  PID:8004
- C:\Windows\System\vIBhvDa.exe
  C:\Windows\System\vIBhvDa.exe
  2⤵
  PID:8024
- C:\Windows\System\qyuTMoo.exe
  C:\Windows\System\qyuTMoo.exe
  2⤵
  PID:8040
- C:\Windows\System\FJuaaIm.exe
  C:\Windows\System\FJuaaIm.exe
  2⤵
  PID:8056
- C:\Windows\System\oypjdcC.exe
  C:\Windows\System\oypjdcC.exe
  2⤵
  PID:8072
- C:\Windows\System\mKbaCrT.exe
  C:\Windows\System\mKbaCrT.exe
  2⤵
  PID:8092
- C:\Windows\System\AMHvJSA.exe
  C:\Windows\System\AMHvJSA.exe
  2⤵
  PID:8108
- C:\Windows\System\NHCHPhX.exe
  C:\Windows\System\NHCHPhX.exe
  2⤵
  PID:8128
- C:\Windows\System\OEoVrYf.exe
  C:\Windows\System\OEoVrYf.exe
  2⤵
  PID:8144
- C:\Windows\System\BojDZUY.exe
  C:\Windows\System\BojDZUY.exe
  2⤵
  PID:8160
- C:\Windows\System\PeQCoYh.exe
  C:\Windows\System\PeQCoYh.exe
  2⤵
  PID:8176
- C:\Windows\System\eLPUKWr.exe
  C:\Windows\System\eLPUKWr.exe
  2⤵
  PID:6724
- C:\Windows\System\TqALDgX.exe
  C:\Windows\System\TqALDgX.exe
  2⤵
  PID:7184
- C:\Windows\System\qTqmrMe.exe
  C:\Windows\System\qTqmrMe.exe
  2⤵
  PID:7220
- C:\Windows\System\cYEtnKu.exe
  C:\Windows\System\cYEtnKu.exe
  2⤵
  PID:7244
- C:\Windows\System\zoVxqIs.exe
  C:\Windows\System\zoVxqIs.exe
  2⤵
  PID:7312
- C:\Windows\System\nJUwMSQ.exe
  C:\Windows\System\nJUwMSQ.exe
  2⤵
  PID:7268
- C:\Windows\System\tdFVoKT.exe
  C:\Windows\System\tdFVoKT.exe
  2⤵
  PID:7284
- C:\Windows\System\kZtjkWn.exe
  C:\Windows\System\kZtjkWn.exe
  2⤵
  PID:7248
- C:\Windows\System\bFnQDhn.exe
  C:\Windows\System\bFnQDhn.exe
  2⤵
  PID:7340
- C:\Windows\System\phtkjvR.exe
  C:\Windows\System\phtkjvR.exe
  2⤵
  PID:7380
- C:\Windows\System\SyqnEcu.exe
  C:\Windows\System\SyqnEcu.exe
  2⤵
  PID:7324
- C:\Windows\System\LNXLmvS.exe
  C:\Windows\System\LNXLmvS.exe
  2⤵
  PID:7428
- C:\Windows\System\RGmbCRq.exe
  C:\Windows\System\RGmbCRq.exe
  2⤵
  PID:7480
- C:\Windows\System\iELEVYC.exe
  C:\Windows\System\iELEVYC.exe
  2⤵
  PID:7520
- C:\Windows\System\rKzNtll.exe
  C:\Windows\System\rKzNtll.exe
  2⤵
  PID:7548
- C:\Windows\System\WqiyjRI.exe
  C:\Windows\System\WqiyjRI.exe
  2⤵
  PID:7588
- C:\Windows\System\CWLxsbw.exe
  C:\Windows\System\CWLxsbw.exe
  2⤵
  PID:7572
- C:\Windows\System\XsEoUtv.exe
  C:\Windows\System\XsEoUtv.exe
  2⤵
  PID:7536
- C:\Windows\System\xQkuNlA.exe
  C:\Windows\System\xQkuNlA.exe
  2⤵
  PID:7640
- C:\Windows\System\hppolAV.exe
  C:\Windows\System\hppolAV.exe
  2⤵
  PID:7688
- C:\Windows\System\KyMYeVK.exe
  C:\Windows\System\KyMYeVK.exe
  2⤵
  PID:7672
- C:\Windows\System\salQywK.exe
  C:\Windows\System\salQywK.exe
  2⤵
  PID:7748
- C:\Windows\System\QxPYuZc.exe
  C:\Windows\System\QxPYuZc.exe
  2⤵
  PID:7776
- C:\Windows\System\HqkrHXk.exe
  C:\Windows\System\HqkrHXk.exe
  2⤵
  PID:7816
- C:\Windows\System\qAGDixU.exe
  C:\Windows\System\qAGDixU.exe
  2⤵
  PID:7836
- C:\Windows\System\GgNaXPj.exe
  C:\Windows\System\GgNaXPj.exe
  2⤵
  PID:7872
- C:\Windows\System\gSCgnru.exe
  C:\Windows\System\gSCgnru.exe
  2⤵
  PID:7888
- C:\Windows\System\OnwIUOv.exe
  C:\Windows\System\OnwIUOv.exe
  2⤵
  PID:7912
- C:\Windows\System\vDOHiDv.exe
  C:\Windows\System\vDOHiDv.exe
  2⤵
  PID:7928
- C:\Windows\System\fWRPaSn.exe
  C:\Windows\System\fWRPaSn.exe
  2⤵
  PID:7852
- C:\Windows\System\zhoAdgJ.exe
  C:\Windows\System\zhoAdgJ.exe
  2⤵
  PID:8036
- C:\Windows\System\QJuckhf.exe
  C:\Windows\System\QJuckhf.exe
  2⤵
  PID:8084
- C:\Windows\System\gdsfyYa.exe
  C:\Windows\System\gdsfyYa.exe
  2⤵
  PID:7232
- C:\Windows\System\EoYrMnq.exe
  C:\Windows\System\EoYrMnq.exe
  2⤵
  PID:7208
- C:\Windows\System\ssOuiWY.exe
  C:\Windows\System\ssOuiWY.exe
  2⤵
  PID:7392
- C:\Windows\System\QCDSvof.exe
  C:\Windows\System\QCDSvof.exe
  2⤵
  PID:7328
- C:\Windows\System\BFshNwt.exe
  C:\Windows\System\BFshNwt.exe
  2⤵
  PID:7448
- C:\Windows\System\weWDxQW.exe
  C:\Windows\System\weWDxQW.exe
  2⤵
  PID:7616
- C:\Windows\System\EpAqMzz.exe
  C:\Windows\System\EpAqMzz.exe
  2⤵
  PID:7656
- C:\Windows\System\kPPvErg.exe
  C:\Windows\System\kPPvErg.exe
  2⤵
  PID:8100
- C:\Windows\System\zqBnhBb.exe
  C:\Windows\System\zqBnhBb.exe
  2⤵
  PID:7704
- C:\Windows\System\eMxSGpJ.exe
  C:\Windows\System\eMxSGpJ.exe
  2⤵
  PID:7444
- C:\Windows\System\kVJrXwy.exe
  C:\Windows\System\kVJrXwy.exe
  2⤵
  PID:7824
- C:\Windows\System\YkGIfnf.exe
  C:\Windows\System\YkGIfnf.exe
  2⤵
  PID:7820
- C:\Windows\System\SLtjdSh.exe
  C:\Windows\System\SLtjdSh.exe
  2⤵
  PID:7840
- C:\Windows\System\LOXxOeq.exe
  C:\Windows\System\LOXxOeq.exe
  2⤵
  PID:7908
- C:\Windows\System\XPfTRpW.exe
  C:\Windows\System\XPfTRpW.exe
  2⤵
  PID:8188
- C:\Windows\System\ikYtcfl.exe
  C:\Windows\System\ikYtcfl.exe
  2⤵
  PID:8000
- C:\Windows\System\NelGotv.exe
  C:\Windows\System\NelGotv.exe
  2⤵
  PID:8052
- C:\Windows\System\uQeHVMs.exe
  C:\Windows\System\uQeHVMs.exe
  2⤵
  PID:8136
- C:\Windows\System\crQKamx.exe
  C:\Windows\System\crQKamx.exe
  2⤵
  PID:8124
- C:\Windows\System\hmDEznB.exe
  C:\Windows\System\hmDEznB.exe
  2⤵
  PID:6448
- C:\Windows\System\mAOmiWS.exe
  C:\Windows\System\mAOmiWS.exe
  2⤵
  PID:7212
- C:\Windows\System\OEbprNv.exe
  C:\Windows\System\OEbprNv.exe
  2⤵
  PID:7348
- C:\Windows\System\MHZvdNL.exe
  C:\Windows\System\MHZvdNL.exe
  2⤵
  PID:7260
- C:\Windows\System\qQCmUNU.exe
  C:\Windows\System\qQCmUNU.exe
  2⤵
  PID:7500
- C:\Windows\System\XliRLeX.exe
  C:\Windows\System\XliRLeX.exe
  2⤵
  PID:7632
- C:\Windows\System\oRGRJQY.exe
  C:\Windows\System\oRGRJQY.exe
  2⤵
  PID:7892
- C:\Windows\System\wnrgSOR.exe
  C:\Windows\System\wnrgSOR.exe
  2⤵
  PID:7408
- C:\Windows\System\NMEZxiU.exe
  C:\Windows\System\NMEZxiU.exe
  2⤵
  PID:7692
- C:\Windows\System\DiNQewR.exe
  C:\Windows\System\DiNQewR.exe
  2⤵
  PID:7224
- C:\Windows\System\pYOAiBP.exe
  C:\Windows\System\pYOAiBP.exe
  2⤵
  PID:7280
- C:\Windows\System\DWvtDVp.exe
  C:\Windows\System\DWvtDVp.exe
  2⤵
  PID:7464
- C:\Windows\System\uZCCReQ.exe
  C:\Windows\System\uZCCReQ.exe
  2⤵
  PID:7568
- C:\Windows\System\OESrLTI.exe
  C:\Windows\System\OESrLTI.exe
  2⤵
  PID:7728
- C:\Windows\System\BOimTOP.exe
  C:\Windows\System\BOimTOP.exe
  2⤵
  PID:7812
- C:\Windows\System\flbStOl.exe
  C:\Windows\System\flbStOl.exe
  2⤵
  PID:7604
- C:\Windows\System\gmknDRi.exe
  C:\Windows\System\gmknDRi.exe
  2⤵
  PID:8068
- C:\Windows\System\lvarfEx.exe
  C:\Windows\System\lvarfEx.exe
  2⤵
  PID:6148
- C:\Windows\System\UDEaORE.exe
  C:\Windows\System\UDEaORE.exe
  2⤵
  PID:8244
- C:\Windows\System\onRncxI.exe
  C:\Windows\System\onRncxI.exe
  2⤵
  PID:8264
- C:\Windows\System\hgDzBeW.exe
  C:\Windows\System\hgDzBeW.exe
  2⤵
  PID:8288
- C:\Windows\System\FWmVFjT.exe
  C:\Windows\System\FWmVFjT.exe
  2⤵
  PID:8312
- C:\Windows\System\KQgzYmV.exe
  C:\Windows\System\KQgzYmV.exe
  2⤵
  PID:8336
- C:\Windows\System\FnbNtxW.exe
  C:\Windows\System\FnbNtxW.exe
  2⤵
  PID:8404
- C:\Windows\System\UaWCavc.exe
  C:\Windows\System\UaWCavc.exe
  2⤵
  PID:8440
- C:\Windows\System\leIKgsh.exe
  C:\Windows\System\leIKgsh.exe
  2⤵
  PID:8512
- C:\Windows\System\bUojLPz.exe
  C:\Windows\System\bUojLPz.exe
  2⤵
  PID:8528
- C:\Windows\System\eFkaJCA.exe
  C:\Windows\System\eFkaJCA.exe
  2⤵
  PID:8544
- C:\Windows\System\hQeGJiY.exe
  C:\Windows\System\hQeGJiY.exe
  2⤵
  PID:8560
- C:\Windows\System\fqGokZv.exe
  C:\Windows\System\fqGokZv.exe
  2⤵
  PID:8576
- C:\Windows\System\TSBczwK.exe
  C:\Windows\System\TSBczwK.exe
  2⤵
  PID:8592
- C:\Windows\System\BVljxbo.exe
  C:\Windows\System\BVljxbo.exe
  2⤵
  PID:8608
- C:\Windows\System\jbhmkeJ.exe
  C:\Windows\System\jbhmkeJ.exe
  2⤵
  PID:8624
- C:\Windows\System\HQygDSg.exe
  C:\Windows\System\HQygDSg.exe
  2⤵
  PID:8640
- C:\Windows\System\UlGQRvK.exe
  C:\Windows\System\UlGQRvK.exe
  2⤵
  PID:8656
- C:\Windows\System\eFAvXHv.exe
  C:\Windows\System\eFAvXHv.exe
  2⤵
  PID:8672
- C:\Windows\System\HLTKcXM.exe
  C:\Windows\System\HLTKcXM.exe
  2⤵
  PID:8688
- C:\Windows\System\DagxIio.exe
  C:\Windows\System\DagxIio.exe
  2⤵
  PID:8704
- C:\Windows\System\SScLYGU.exe
  C:\Windows\System\SScLYGU.exe
  2⤵
  PID:8728
- C:\Windows\System\dgegPQG.exe
  C:\Windows\System\dgegPQG.exe
  2⤵
  PID:8744
- C:\Windows\System\srGnanY.exe
  C:\Windows\System\srGnanY.exe
  2⤵
  PID:8764
- C:\Windows\System\EiCiIYT.exe
  C:\Windows\System\EiCiIYT.exe
  2⤵
  PID:8780
- C:\Windows\System\xsxssha.exe
  C:\Windows\System\xsxssha.exe
  2⤵
  PID:8796
- C:\Windows\System\htRxAvx.exe
  C:\Windows\System\htRxAvx.exe
  2⤵
  PID:8852
- C:\Windows\System\plZNROr.exe
  C:\Windows\System\plZNROr.exe
  2⤵
  PID:8920
- C:\Windows\System\RWnmWSv.exe
  C:\Windows\System\RWnmWSv.exe
  2⤵
  PID:8936
- C:\Windows\System\AlObczj.exe
  C:\Windows\System\AlObczj.exe
  2⤵
  PID:8952
- C:\Windows\System\ZptVQDD.exe
  C:\Windows\System\ZptVQDD.exe
  2⤵
  PID:8968
- C:\Windows\System\PeyOXii.exe
  C:\Windows\System\PeyOXii.exe
  2⤵
  PID:8984
- C:\Windows\System\bLMLYIm.exe
  C:\Windows\System\bLMLYIm.exe
  2⤵
  PID:9000
- C:\Windows\System\qLaKGpS.exe
  C:\Windows\System\qLaKGpS.exe
  2⤵
  PID:9016
- C:\Windows\System\onPlqfh.exe
  C:\Windows\System\onPlqfh.exe
  2⤵
  PID:9032
- C:\Windows\System\ZYgrjam.exe
  C:\Windows\System\ZYgrjam.exe
  2⤵
  PID:9048
- C:\Windows\System\FlFLLiC.exe
  C:\Windows\System\FlFLLiC.exe
  2⤵
  PID:9064
- C:\Windows\System\EeuNRve.exe
  C:\Windows\System\EeuNRve.exe
  2⤵
  PID:9080
- C:\Windows\System\xTmSnrr.exe
  C:\Windows\System\xTmSnrr.exe
  2⤵
  PID:9096
- C:\Windows\System\aZpAZAt.exe
  C:\Windows\System\aZpAZAt.exe
  2⤵
  PID:9112
- C:\Windows\System\oEIzWDO.exe
  C:\Windows\System\oEIzWDO.exe
  2⤵
  PID:9128
- C:\Windows\System\LoiuAkR.exe
  C:\Windows\System\LoiuAkR.exe
  2⤵
  PID:9144
- C:\Windows\System\FgSnluA.exe
  C:\Windows\System\FgSnluA.exe
  2⤵
  PID:9160
- C:\Windows\System\zfRWKaP.exe
  C:\Windows\System\zfRWKaP.exe
  2⤵
  PID:9176
- C:\Windows\System\oyyhyYw.exe
  C:\Windows\System\oyyhyYw.exe
  2⤵
  PID:9192
- C:\Windows\System\RyglMMR.exe
  C:\Windows\System\RyglMMR.exe
  2⤵
  PID:9208
- C:\Windows\System\kLgfEEc.exe
  C:\Windows\System\kLgfEEc.exe
  2⤵
  PID:7796
- C:\Windows\System\KWyIrnE.exe
  C:\Windows\System\KWyIrnE.exe
  2⤵
  PID:8208
- C:\Windows\System\rIiyYQI.exe
  C:\Windows\System\rIiyYQI.exe
  2⤵
  PID:8228
- C:\Windows\System\rPUFMxQ.exe
  C:\Windows\System\rPUFMxQ.exe
  2⤵
  PID:8284
- C:\Windows\System\HymrcdT.exe
  C:\Windows\System\HymrcdT.exe
  2⤵
  PID:8168
- C:\Windows\System\msIwOmP.exe
  C:\Windows\System\msIwOmP.exe
  2⤵
  PID:7992
- C:\Windows\System\XEaWcOW.exe
  C:\Windows\System\XEaWcOW.exe
  2⤵
  PID:7760
- C:\Windows\System\YnAOgMS.exe
  C:\Windows\System\YnAOgMS.exe
  2⤵
  PID:8296
- C:\Windows\System\DGoZlZy.exe
  C:\Windows\System\DGoZlZy.exe
  2⤵
  PID:8260
- C:\Windows\System\ZMOEZkj.exe
  C:\Windows\System\ZMOEZkj.exe
  2⤵
  PID:8300
- C:\Windows\System\RPRgQWY.exe
  C:\Windows\System\RPRgQWY.exe
  2⤵
  PID:8448
- C:\Windows\System\CYrjFTV.exe
  C:\Windows\System\CYrjFTV.exe
  2⤵
  PID:8328
- C:\Windows\System\gbKJOcI.exe
  C:\Windows\System\gbKJOcI.exe
  2⤵
  PID:8416
- C:\Windows\System\WNHNaZO.exe
  C:\Windows\System\WNHNaZO.exe
  2⤵
  PID:8436
- C:\Windows\System\RFVjJSm.exe
  C:\Windows\System\RFVjJSm.exe
  2⤵
  PID:8464
- C:\Windows\System\hktpOox.exe
  C:\Windows\System\hktpOox.exe
  2⤵
  PID:8388
- C:\Windows\System\wBJwoHL.exe
  C:\Windows\System\wBJwoHL.exe
  2⤵
  PID:8460
- C:\Windows\System\KLMuDvv.exe
  C:\Windows\System\KLMuDvv.exe
  2⤵
  PID:8504
- C:\Windows\System\TsBIrRe.exe
  C:\Windows\System\TsBIrRe.exe
  2⤵
  PID:8904
- C:\Windows\System\jkwWWnw.exe
  C:\Windows\System\jkwWWnw.exe
  2⤵
  PID:8916
- C:\Windows\System\gyIqeif.exe
  C:\Windows\System\gyIqeif.exe
  2⤵
  PID:8992
- C:\Windows\System\uUrmRBw.exe
  C:\Windows\System\uUrmRBw.exe
  2⤵
  PID:8976
- C:\Windows\System\iQQYQHR.exe
  C:\Windows\System\iQQYQHR.exe
  2⤵
  PID:9044
- C:\Windows\System\kCwMUZC.exe
  C:\Windows\System\kCwMUZC.exe
  2⤵
  PID:9092
- C:\Windows\System\cKSKlWe.exe
  C:\Windows\System\cKSKlWe.exe
  2⤵
  PID:9120
- C:\Windows\System\rrkXnZP.exe
  C:\Windows\System\rrkXnZP.exe
  2⤵
  PID:9156
- C:\Windows\System\aEcsUrT.exe
  C:\Windows\System\aEcsUrT.exe
  2⤵
  PID:9172
- C:\Windows\System\roOjlcp.exe
  C:\Windows\System\roOjlcp.exe
  2⤵
  PID:7976
- C:\Windows\System\UkxwZxd.exe
  C:\Windows\System\UkxwZxd.exe
  2⤵
  PID:8200
- C:\Windows\System\dsUpeOY.exe
  C:\Windows\System\dsUpeOY.exe
  2⤵
  PID:8224
- C:\Windows\System\TSzzUyh.exe
  C:\Windows\System\TSzzUyh.exe
  2⤵
  PID:8120
- C:\Windows\System\dVsMMWZ.exe
  C:\Windows\System\dVsMMWZ.exe
  2⤵
  PID:8252
- C:\Windows\System\BDnhdBk.exe
  C:\Windows\System\BDnhdBk.exe
  2⤵
  PID:8420
- C:\Windows\System\wgxxAqO.exe
  C:\Windows\System\wgxxAqO.exe
  2⤵
  PID:8432
- C:\Windows\System\osRMrQK.exe
  C:\Windows\System\osRMrQK.exe
  2⤵
  PID:8456
- C:\Windows\System\vcbghsx.exe
  C:\Windows\System\vcbghsx.exe
  2⤵
  PID:8484
- C:\Windows\System\mMcAoIb.exe
  C:\Windows\System\mMcAoIb.exe
  2⤵
  PID:8572
- C:\Windows\System\zqwUfYf.exe
  C:\Windows\System\zqwUfYf.exe
  2⤵
  PID:8588
- C:\Windows\System\LDaYdBS.exe
  C:\Windows\System\LDaYdBS.exe
  2⤵
  PID:8648
- C:\Windows\System\LCJgkre.exe
  C:\Windows\System\LCJgkre.exe
  2⤵
  PID:8632
- C:\Windows\System\CwsKNhl.exe
  C:\Windows\System\CwsKNhl.exe
  2⤵
  PID:8680
- C:\Windows\System\prbHJKH.exe
  C:\Windows\System\prbHJKH.exe
  2⤵
  PID:8724
- C:\Windows\System\UEyrqsT.exe
  C:\Windows\System\UEyrqsT.exe
  2⤵
  PID:8756
- C:\Windows\System\BKsmrrD.exe
  C:\Windows\System\BKsmrrD.exe
  2⤵
  PID:8812
- C:\Windows\System\lIBAfxy.exe
  C:\Windows\System\lIBAfxy.exe
  2⤵
  PID:8836
- C:\Windows\System\HGuWUun.exe
  C:\Windows\System\HGuWUun.exe
  2⤵
  PID:8840
- C:\Windows\System\BTpXaiq.exe
  C:\Windows\System\BTpXaiq.exe
  2⤵
  PID:8820
- C:\Windows\System\yIqHKcL.exe
  C:\Windows\System\yIqHKcL.exe
  2⤵
  PID:8876
- C:\Windows\System\DYSbNtC.exe
  C:\Windows\System\DYSbNtC.exe
  2⤵
  PID:9024
- C:\Windows\System\UCscMfu.exe
  C:\Windows\System\UCscMfu.exe
  2⤵
  PID:9028
- C:\Windows\System\GHRvtZH.exe
  C:\Windows\System\GHRvtZH.exe
  2⤵
  PID:9168
- C:\Windows\System\SNaeczj.exe
  C:\Windows\System\SNaeczj.exe
  2⤵
  PID:7652
- C:\Windows\System\iWmhqys.exe
  C:\Windows\System\iWmhqys.exe
  2⤵
  PID:8400
- C:\Windows\System\mUzeEug.exe
  C:\Windows\System\mUzeEug.exe
  2⤵
  PID:8324
- C:\Windows\System\dtpIGCm.exe
  C:\Windows\System\dtpIGCm.exe
  2⤵
  PID:8908
- C:\Windows\System\CHmyODi.exe
  C:\Windows\System\CHmyODi.exe
  2⤵
  PID:7668
- C:\Windows\System\SfiYyqV.exe
  C:\Windows\System\SfiYyqV.exe
  2⤵
  PID:8256
- C:\Windows\System\XuLRUPO.exe
  C:\Windows\System\XuLRUPO.exe
  2⤵
  PID:8468
- C:\Windows\System\HzAzOcy.exe
  C:\Windows\System\HzAzOcy.exe
  2⤵
  PID:8540
- C:\Windows\System\yyuhCQu.exe
  C:\Windows\System\yyuhCQu.exe
  2⤵
  PID:8696
- C:\Windows\System\CtljugA.exe
  C:\Windows\System\CtljugA.exe
  2⤵
  PID:8556
- C:\Windows\System\KkDLiIB.exe
  C:\Windows\System\KkDLiIB.exe
  2⤵
  PID:8752
- C:\Windows\System\pbQxMia.exe
  C:\Windows\System\pbQxMia.exe
  2⤵
  PID:8824
- C:\Windows\System\AbEuRYN.exe
  C:\Windows\System\AbEuRYN.exe
  2⤵
  PID:8864
- C:\Windows\System\VplAVGc.exe
  C:\Windows\System\VplAVGc.exe
  2⤵
  PID:8944
- C:\Windows\System\qKIWfSY.exe
  C:\Windows\System\qKIWfSY.exe
  2⤵
  PID:8844
- C:\Windows\System\RvARlFO.exe
  C:\Windows\System\RvARlFO.exe
  2⤵
  PID:9104
- C:\Windows\System\zyAKiHT.exe
  C:\Windows\System\zyAKiHT.exe
  2⤵
  PID:8508
- C:\Windows\System\IuSUUuE.exe
  C:\Windows\System\IuSUUuE.exe
  2⤵
  PID:9060
- C:\Windows\System\SuXynXa.exe
  C:\Windows\System\SuXynXa.exe
  2⤵
  PID:8496
- C:\Windows\System\aEKLLUn.exe
  C:\Windows\System\aEKLLUn.exe
  2⤵
  PID:8376
- C:\Windows\System\mOkGBYv.exe
  C:\Windows\System\mOkGBYv.exe
  2⤵
  PID:8500
- C:\Windows\System\zXydvkr.exe
  C:\Windows\System\zXydvkr.exe
  2⤵
  PID:8480
- C:\Windows\System\LgTQSJi.exe
  C:\Windows\System\LgTQSJi.exe
  2⤵
  PID:8740
- C:\Windows\System\lCDvBBh.exe
  C:\Windows\System\lCDvBBh.exe
  2⤵
  PID:8600
- C:\Windows\System\qoUAYsl.exe
  C:\Windows\System\qoUAYsl.exe
  2⤵
  PID:8776
- C:\Windows\System\cEcWKIU.exe
  C:\Windows\System\cEcWKIU.exe
  2⤵
  PID:8792
- C:\Windows\System\ikYPlnT.exe
  C:\Windows\System\ikYPlnT.exe
  2⤵
  PID:9152
- C:\Windows\System\urnhwDF.exe
  C:\Windows\System\urnhwDF.exe
  2⤵
  PID:8428
- C:\Windows\System\oRNugWk.exe
  C:\Windows\System\oRNugWk.exe
  2⤵
  PID:8932
- C:\Windows\System\uDhdLMa.exe
  C:\Windows\System\uDhdLMa.exe
  2⤵
  PID:8860
- C:\Windows\System\mZAehSO.exe
  C:\Windows\System\mZAehSO.exe
  2⤵
  PID:9012
- C:\Windows\System\uwVsuVH.exe
  C:\Windows\System\uwVsuVH.exe
  2⤵
  PID:9108
- C:\Windows\System\dmMaNbr.exe
  C:\Windows\System\dmMaNbr.exe
  2⤵
  PID:8552
- C:\Windows\System\gATOTOM.exe
  C:\Windows\System\gATOTOM.exe
  2⤵
  PID:8772
- C:\Windows\System\zvdxTRq.exe
  C:\Windows\System\zvdxTRq.exe
  2⤵
  PID:8476
- C:\Windows\System\qJVgHOw.exe
  C:\Windows\System\qJVgHOw.exe
  2⤵
  PID:7744
- C:\Windows\System\neTtfAy.exe
  C:\Windows\System\neTtfAy.exe
  2⤵
  PID:9232
- C:\Windows\System\sOmuDQd.exe
  C:\Windows\System\sOmuDQd.exe
  2⤵
  PID:9248
- C:\Windows\System\pgqsoVJ.exe
  C:\Windows\System\pgqsoVJ.exe
  2⤵
  PID:9264
- C:\Windows\System\npBFwyZ.exe
  C:\Windows\System\npBFwyZ.exe
  2⤵
  PID:9300
- C:\Windows\System\NJuQMfd.exe
  C:\Windows\System\NJuQMfd.exe
  2⤵
  PID:9316
- C:\Windows\System\UYNnGSY.exe
  C:\Windows\System\UYNnGSY.exe
  2⤵
  PID:9332
- C:\Windows\System\huPLeDr.exe
  C:\Windows\System\huPLeDr.exe
  2⤵
  PID:9352
- C:\Windows\System\qThMowE.exe
  C:\Windows\System\qThMowE.exe
  2⤵
  PID:9368
- C:\Windows\System\zXYXpUP.exe
  C:\Windows\System\zXYXpUP.exe
  2⤵
  PID:9388
- C:\Windows\System\nsfRDEL.exe
  C:\Windows\System\nsfRDEL.exe
  2⤵
  PID:9420
- C:\Windows\System\LOhukkK.exe
  C:\Windows\System\LOhukkK.exe
  2⤵
  PID:9436
- C:\Windows\System\CmdXFlo.exe
  C:\Windows\System\CmdXFlo.exe
  2⤵
  PID:9452
- C:\Windows\System\QHQGlDo.exe
  C:\Windows\System\QHQGlDo.exe
  2⤵
  PID:9472
- C:\Windows\System\RYDdyLJ.exe
  C:\Windows\System\RYDdyLJ.exe
  2⤵
  PID:9504
- C:\Windows\System\kLaVixp.exe
  C:\Windows\System\kLaVixp.exe
  2⤵
  PID:9520
- C:\Windows\System\NpHoYWF.exe
  C:\Windows\System\NpHoYWF.exe
  2⤵
  PID:9536
- C:\Windows\System\lNwXKTD.exe
  C:\Windows\System\lNwXKTD.exe
  2⤵
  PID:9556
- C:\Windows\System\JOTECqU.exe
  C:\Windows\System\JOTECqU.exe
  2⤵
  PID:9572
- C:\Windows\System\RDwbUIM.exe
  C:\Windows\System\RDwbUIM.exe
  2⤵
  PID:9592
- C:\Windows\System\qclEllT.exe
  C:\Windows\System\qclEllT.exe
  2⤵
  PID:9608
- C:\Windows\System\sdXxXbd.exe
  C:\Windows\System\sdXxXbd.exe
  2⤵
  PID:9624
- C:\Windows\System\snKDIVh.exe
  C:\Windows\System\snKDIVh.exe
  2⤵
  PID:9644
- C:\Windows\System\euJFmfj.exe
  C:\Windows\System\euJFmfj.exe
  2⤵
  PID:9660
- C:\Windows\System\btcJPgD.exe
  C:\Windows\System\btcJPgD.exe
  2⤵
  PID:9676
- C:\Windows\System\MSHOrYD.exe
  C:\Windows\System\MSHOrYD.exe
  2⤵
  PID:9696
- C:\Windows\System\ONNQxuA.exe
  C:\Windows\System\ONNQxuA.exe
  2⤵
  PID:9716
- C:\Windows\System\UOhyiyz.exe
  C:\Windows\System\UOhyiyz.exe
  2⤵
  PID:9764
- C:\Windows\System\NyULByn.exe
  C:\Windows\System\NyULByn.exe
  2⤵
  PID:9792
- C:\Windows\System\qfynuEb.exe
  C:\Windows\System\qfynuEb.exe
  2⤵
  PID:9808
- C:\Windows\System\eEZqiuO.exe
  C:\Windows\System\eEZqiuO.exe
  2⤵
  PID:9824
- C:\Windows\System\MNUoMCa.exe
  C:\Windows\System\MNUoMCa.exe
  2⤵
  PID:9840
- C:\Windows\System\QtsOaXs.exe
  C:\Windows\System\QtsOaXs.exe
  2⤵
  PID:9856
- C:\Windows\System\dOrajOe.exe
  C:\Windows\System\dOrajOe.exe
  2⤵
  PID:9872
- C:\Windows\System\BhnCkqt.exe
  C:\Windows\System\BhnCkqt.exe
  2⤵
  PID:9888
- C:\Windows\System\CLRTTVo.exe
  C:\Windows\System\CLRTTVo.exe
  2⤵
  PID:9904
- C:\Windows\System\zhymJxx.exe
  C:\Windows\System\zhymJxx.exe
  2⤵
  PID:9920
- C:\Windows\System\osEAlqF.exe
  C:\Windows\System\osEAlqF.exe
  2⤵
  PID:9940
- C:\Windows\System\KnrRzoJ.exe
  C:\Windows\System\KnrRzoJ.exe
  2⤵
  PID:9956
- C:\Windows\System\IzDqlPT.exe
  C:\Windows\System\IzDqlPT.exe
  2⤵
  PID:9972
- C:\Windows\System\ZPByTNO.exe
  C:\Windows\System\ZPByTNO.exe
  2⤵
  PID:9988
- C:\Windows\System\gSUTwtl.exe
  C:\Windows\System\gSUTwtl.exe
  2⤵
  PID:10004
- C:\Windows\System\LtszkNz.exe
  C:\Windows\System\LtszkNz.exe
  2⤵
  PID:10020
- C:\Windows\System\xKJdMYK.exe
  C:\Windows\System\xKJdMYK.exe
  2⤵
  PID:10036
- C:\Windows\System\kAQAhzv.exe
  C:\Windows\System\kAQAhzv.exe
  2⤵
  PID:10052
- C:\Windows\System\CtRpAvE.exe
  C:\Windows\System\CtRpAvE.exe
  2⤵
  PID:10068
- C:\Windows\System\AGByEKH.exe
  C:\Windows\System\AGByEKH.exe
  2⤵
  PID:10084
- C:\Windows\System\XSsbnkt.exe
  C:\Windows\System\XSsbnkt.exe
  2⤵
  PID:10100
- C:\Windows\System\sXNOdUx.exe
  C:\Windows\System\sXNOdUx.exe
  2⤵
  PID:10116
- C:\Windows\System\ALFxAsE.exe
  C:\Windows\System\ALFxAsE.exe
  2⤵
  PID:10132
- C:\Windows\System\Puvgnjg.exe
  C:\Windows\System\Puvgnjg.exe
  2⤵
  PID:10148
- C:\Windows\System\cYUBgQs.exe
  C:\Windows\System\cYUBgQs.exe
  2⤵
  PID:10164
- C:\Windows\System\UbOaMoH.exe
  C:\Windows\System\UbOaMoH.exe
  2⤵
  PID:10180
- C:\Windows\System\kMZdBLe.exe
  C:\Windows\System\kMZdBLe.exe
  2⤵
  PID:10196
- C:\Windows\System\qduQXzl.exe
  C:\Windows\System\qduQXzl.exe
  2⤵
  PID:10212
- C:\Windows\System\PokZCOt.exe
  C:\Windows\System\PokZCOt.exe
  2⤵
  PID:10228
- C:\Windows\System\ZQVnPeX.exe
  C:\Windows\System\ZQVnPeX.exe
  2⤵
  PID:8868
- C:\Windows\System\hvceQFy.exe
  C:\Windows\System\hvceQFy.exe
  2⤵
  PID:9276
- C:\Windows\System\ZzOaAaU.exe
  C:\Windows\System\ZzOaAaU.exe
  2⤵
  PID:8664
- C:\Windows\System\ZLUXzAy.exe
  C:\Windows\System\ZLUXzAy.exe
  2⤵
  PID:8900
- C:\Windows\System\yhKrvaT.exe
  C:\Windows\System\yhKrvaT.exe
  2⤵
  PID:9224
- C:\Windows\System\NwfkmIH.exe
  C:\Windows\System\NwfkmIH.exe
  2⤵
  PID:9260
- C:\Windows\System\lvpfqri.exe
  C:\Windows\System\lvpfqri.exe
  2⤵
  PID:9364
- C:\Windows\System\OskKMpH.exe
  C:\Windows\System\OskKMpH.exe
  2⤵
  PID:9308
- C:\Windows\System\cTyQHOQ.exe
  C:\Windows\System\cTyQHOQ.exe
  2⤵
  PID:9344
- C:\Windows\System\WDWVBDO.exe
  C:\Windows\System\WDWVBDO.exe
  2⤵
  PID:9416
- C:\Windows\System\oFIFgNX.exe
  C:\Windows\System\oFIFgNX.exe
  2⤵
  PID:9480
- C:\Windows\System\OGEreXz.exe
  C:\Windows\System\OGEreXz.exe
  2⤵
  PID:9484
- C:\Windows\System\RPjhBBW.exe
  C:\Windows\System\RPjhBBW.exe
  2⤵
  PID:9528
- C:\Windows\System\bZfKvlG.exe
  C:\Windows\System\bZfKvlG.exe
  2⤵
  PID:9600
- C:\Windows\System\XbNocaI.exe
  C:\Windows\System\XbNocaI.exe
  2⤵
  PID:9640
- C:\Windows\System\qKMosAb.exe
  C:\Windows\System\qKMosAb.exe
  2⤵
  PID:9704
- C:\Windows\System\DztJeNJ.exe
  C:\Windows\System\DztJeNJ.exe
  2⤵
  PID:9468
- C:\Windows\System\djOOAbB.exe
  C:\Windows\System\djOOAbB.exe
  2⤵
  PID:9512
- C:\Windows\System\lrZccCy.exe
  C:\Windows\System\lrZccCy.exe
  2⤵
  PID:9692
- C:\Windows\System\xocfetW.exe
  C:\Windows\System\xocfetW.exe
  2⤵
  PID:9548
- C:\Windows\System\pKzlOXV.exe
  C:\Windows\System\pKzlOXV.exe
  2⤵
  PID:9588
- C:\Windows\System\xGoRNIu.exe
  C:\Windows\System\xGoRNIu.exe
  2⤵
  PID:9736
- C:\Windows\System\vYLkJox.exe
  C:\Windows\System\vYLkJox.exe
  2⤵
  PID:9752
- C:\Windows\System\VyaqWWM.exe
  C:\Windows\System\VyaqWWM.exe
  2⤵
  PID:8320
- C:\Windows\System\KXEhDhy.exe
  C:\Windows\System\KXEhDhy.exe
  2⤵
  PID:9816
- C:\Windows\System\DBsqPHr.exe
  C:\Windows\System\DBsqPHr.exe
  2⤵
  PID:9884
- C:\Windows\System\TTVNaEz.exe
  C:\Windows\System\TTVNaEz.exe
  2⤵
  PID:9788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BCXLrzB.exe

Filesize
6.0MB

MD5
d17e5ff87191192e44caac57e38ab21d

SHA1
c2eb9c722573927182504e79ec2e0237608db5e7

SHA256
8768a64a5c5e3eb5186b5f272a988cb6aa25d89f2cf99f6dc57c2b1ed3972016

SHA512
6dae8c663b50d7f78999111fc2e6489b447902672782c56c2474d9f8639aa56289ca0b2db95d8a3af26cfb54c5ee76d93769f1b706f4095c86c7f8ca0f24d87a

Download Submit
C:\Windows\system\BeDkldG.exe

Filesize
6.0MB

MD5
20b13dddd8e2678465565bcd1f9bdb54

SHA1
29428e906873822b74856e61dd7a8b3e7ce8a1ca

SHA256
e08ff171106023955a38051c5607f3981c2b821175d675a64e6d89ca63128d49

SHA512
da90763cf61beda8283f48d8d9b97fa14545622c05a736fdedfc816e79efc583f9615925e8da6cb2d0a72241ef64a2caf8b07a19d7a36ad8e1b8953c515f2215

Download Submit
C:\Windows\system\FIXGhum.exe

Filesize
6.0MB

MD5
50ae3ad609ae47f3167bf6920ca64ce5

SHA1
c26e6ff3bf5da631fc445d9740a303bd59552b2c

SHA256
8f03403c031e82eced99163a3bc89d82f7085f01307e74def444014cf66bf318

SHA512
d0b813a381b62f1cdd8d84d3522ecb0e0b42ebf9cf1a9c46ffe0621d2877b00837e6212e1782aa85c995aeec851c4f88bb0839b165bc48e9352529e074195839

Download Submit
C:\Windows\system\FQebGMm.exe

Filesize
6.0MB

MD5
5e80de8fa88c68fd62ab28eb5b9a8095

SHA1
15b25a21b98eef80f6dd4fc273f3836f1237a918

SHA256
2a28de4733cb2fd0a5bed323cfb4b75d4d1613dafcaa246c8f1e1e308d9b8ea3

SHA512
e32fe4a2db0c81cd27254ad67c041d99f6c3c464290d92f8db166f208e758bbd019bc31eac33a9025e5bdd283590c4e73428c9e763bd3d9104eca76321f611ac

Download Submit
C:\Windows\system\GaxaiCt.exe

Filesize
6.0MB

MD5
2846cef0bc777ca2d1e070b0286d56eb

SHA1
33261745f4fbd60b4d066c00fa5a1afd84a06aa5

SHA256
69d866017c146017a55f590cde73c474f4be61557d00db54d6592dc62ee3e024

SHA512
53da8b547ca9145fb38e1a5e7b93f71f3c578f7800bf5e37c6a8f0401f9b0ee8b10a2cc37a790c40072c58f84a9f0088b32011c4dc31f896ae280498490f5ca0

Download Submit
C:\Windows\system\Gdrmnfk.exe

Filesize
6.0MB

MD5
36c63dadf10ea8218f9d52c85b48158a

SHA1
7fba1e17ef66de47037647d3493470e1760d01d4

SHA256
9c12c3f50d5b68155bb55a48ad8fdbce6583ed5e1e1f2e1f460680960cddb5be

SHA512
1c28a673459bde39e5bfc66874f32b78a3a21e3572f9b5144bebb41c166b32177fb303a05932a67fa487ed0831e56b54853f1f754b34c900db8d436c07672942

Download Submit
C:\Windows\system\JrWnzUg.exe

Filesize
6.0MB

MD5
49d310f97b389b8727d953b84c5c502b

SHA1
b70853f7f0ebef1e772513da4a18c68d6b2f1df6

SHA256
a75dbf57bfa25319b94fd865e34f799669a62df37c28fdcbfe2750c278e6a75c

SHA512
8f223594b6805cfdf72a18722ad8efae530d47e14b34726cb0dfee4395dcff8a57e375c2cace0ad73199dce4d3e8b8c0f3355897790062cb7303314d29cf8384

Download Submit
C:\Windows\system\OcqZfxW.exe

Filesize
6.0MB

MD5
ecee41181f55936fa8e60a528aad5006

SHA1
413f20a41a0724fec1d48ef4736681cc26ca4f17

SHA256
03a224ec10541d28b8b0c5b433505ca2d767a9448f7d2cff4c2bcd4208f3910a

SHA512
9b22124cc69e65a403e0567441da91dcca857d8547c2694a3b85f6e30447817ad9f76fde5142d5880fee088a5aecb54d2371056ed3c785d2f5cd0d2de132dae1

Download Submit
C:\Windows\system\PSqfduo.exe

Filesize
6.0MB

MD5
89fe7f0d990a4949ecb8c30911abc2bf

SHA1
349728f44d0fc23ce2366362011d7a43ab9433eb

SHA256
d7e8a5cb37fd62b848a49b2e86db3a491ac2fe91fc9126149040956f9ce901f7

SHA512
f59561920116dc35bd11aed67eba0f64af417143e4d94e01061ca59a405922a15d850eab160ce7a2f042683c67b4dd3001da1e84a03cd2902bdf6e7412d7b8c9

Download Submit
C:\Windows\system\Qyyelbq.exe

Filesize
6.0MB

MD5
a669fbda59134979216d38e893cbe437

SHA1
0d9282e59d529bee9e5040ba95d43f6a5816235e

SHA256
b4635af43c6aa47eb9faa3d906dd817de6a55c263cd68942f3a73e60cfa27278

SHA512
f61ebcd19e5996cabe3b8adb0dcdabdf602c10c0ecd877a3400d686d040ae8ab5ad66d5586a572e46c364bc7a7cd3d020b557e86fd50138cbd610313f037a983

Download Submit
C:\Windows\system\UmlQlvp.exe

Filesize
6.0MB

MD5
df513710d67016ac9a9fcdef33e3bd7d

SHA1
cfb2c4f75dccaf5235c49a40fa1a4699e6839397

SHA256
8765dd2462ece5e98adfc8a8a9448ff3d93cf0f69354f03899f35ed2a70d3b90

SHA512
fbc7553ef02963df9115a3e4c1280c333889c3c52fc2789e6cec3c775d188e7fa71b88bd2fb197f60b4dcf1abbcc244ec24be939ad0970c8197e8a8dacaba9bc

Download Submit
C:\Windows\system\UsWmGUB.exe

Filesize
6.0MB

MD5
299bf041ffba54ccb29b24929e0f5b35

SHA1
c2b923a60fe5842856a8eb62d498e67cea161e9d

SHA256
bc4f10947c149364b2458a7f92bd9c7aee79598174b00089a56ab670344fac40

SHA512
7f2bbd6f9717bac348ca102ae06ff2fb9537a08763a6aa9e52879e08bae2221a51416b4ee2aeb138da97e5a08e87082184e7351defe90e086232ffc6e6915493

Download Submit
C:\Windows\system\XvIuJEm.exe

Filesize
6.0MB

MD5
361e35054c0a9590bbdf130d1328313c

SHA1
02af51cbd44ccd57e242b9ade13bc00b72601ae1

SHA256
6f7c6f08c8ce0022cef74f0e83a85385c37c24232620e23b6f151f39aaa4d615

SHA512
78afa5048775ad1e82d9357e52e285faf2444823070ae5604c3d16f8a7791955c19c43c904864ea71d382ff44406ed198c0062eb8ae8c6902a1ef7f4cebadb70

Download Submit
C:\Windows\system\buSElDc.exe

Filesize
6.0MB

MD5
f94e7b3aa03410e75762e686553a1f27

SHA1
44f726efbf41aec404b2b396e00dcd7bb155aae9

SHA256
152084e3090273f13d74b6aaab3fcaea068e093c1ddf8e835d4f03953e57845d

SHA512
6606777c65fbc70039cacd9dfda96b697e1ec5a7297814181a96b8d1625b1e1a6a76f9a601b9af12d194cd9ca90e376f437b05df20704197f0a714aa99c57259

Download Submit
C:\Windows\system\cRoBpqt.exe

Filesize
6.0MB

MD5
4b8aa48565bfd45062ede8d7a94ceed0

SHA1
2eddd7f0074afcda39bc8dde0b94b91dfd9e0173

SHA256
9adcba2e957c2c199676b6a530c340fd8984e9f5d872534a3b7421ee98f89f23

SHA512
b9782ab24f03ed9df754dae14e51ea3bc33ed8a3930a417542800e72f9e183082f09198b86425e2c4243f2ed22ac6fd3aa61297d3954fb04a06a338ff993bef2

Download Submit
C:\Windows\system\ceNtouc.exe

Filesize
6.0MB

MD5
362ffa307aac96e65131d9fb2ab6cf8d

SHA1
e643ed6ae14bb704f69333a5d49aa60fec3eaf83

SHA256
a46aa77600cd00e05de891d634fc6902375f9763dee5ab52ad4226c25951d39a

SHA512
9d924b520367886e02bda4238f769397b5fb8ab4a5653dd4c42e29109137535d68a1280b157b0e0070e97c899c5c801a998bb63ec29906ecc265d767903d758c

Download Submit
C:\Windows\system\eLqREFV.exe

Filesize
6.0MB

MD5
8ffc36f6d71b34abbbbf98c74fdf45ac

SHA1
f30e4718e2f8184459fd639b20ff99212cfe99b6

SHA256
b4bff75ec9de85551239a82c215948a6a00a0052121199e44dc926175bf472bc

SHA512
6d2ea6409e05dcbaf0c9aee41be9671158039b96163a961f756bb498ea4cb5b98155815d97d4b021335a9d78b3316d64cda22ebd8de0b1f05900715f4deab0d8

Download Submit
C:\Windows\system\gEKFvmZ.exe

Filesize
6.0MB

MD5
7019c273da482d1a44165412f56f73e4

SHA1
cd29edc0c97204152b5aa38885a080909fb1d011

SHA256
d326f52d4e941ebcb1c6bd31affe610ee1c457fac3d3cb273f944a9481714e5c

SHA512
7aceef959cfc06f399055531f7452f27c50e8dc01dc87e452cf76f65a4b77a5e062b8eb3732d9bde628278ebcdb22bde05cac6570917434ca2c9165a63aebea6

Download Submit
C:\Windows\system\ggrFTaU.exe

Filesize
6.0MB

MD5
a0f9436ec2eaaf1299f6f35de0ba0a0b

SHA1
55b49a6a21077f1f717dc0647e6b8f6b9b0d3fab

SHA256
05bd5dd6ff97b6998a9ef0962285b5e676d24e8e96ed6b8df544c1f32f81db94

SHA512
15fdf02ddefa235f72b56b1aa67b0e15267d4bb1d04ab6725384ece33e21ec481933321de9362e5f5a2c8fbc91accb96c0f30d997653a6c814edb9435fc267df

Download Submit
C:\Windows\system\iqadaMd.exe

Filesize
6.0MB

MD5
ed8b205d8738d434ec349e3b0126e54c

SHA1
8ab280e42913a2d756bb0dee68d8e4210b328e01

SHA256
60c6fac963786de7ef1259f7d36bf40e6130ec7a76b545c9b2380abc5c3ad035

SHA512
a946583bdf6e88ef0bd4e381285bc88b3365d9a7e368c1f3b61548ecdbd5e9f8560972c9b798302f83dc46bd2697479c74e26fb94508e6fd5462f8454fe763c2

Download Submit
C:\Windows\system\mrBCFPT.exe

Filesize
6.0MB

MD5
2d53e12dc174d38a92af5f20f1278dae

SHA1
c14aae8ca95044cdec95a42531f54503407152f2

SHA256
793b5796b519a3c91d6426ac7e1e842ebf161fb44aa5b1628df1dca048fd1181

SHA512
60d75430bfb3aa2063019f2e93901e1a40e53a2bdadc590b20ebf9ad753cb315ce71ecd5bcdcf462ade3afcba89b3eefc75c438b835d436bda586c812cb2f2d0

Download Submit
C:\Windows\system\neSkwus.exe

Filesize
6.0MB

MD5
60c5b605ebab0b7cb51b1529ba0a3f56

SHA1
18b94f71efec4d9d412e897ecd91685816b10b16

SHA256
7b1b801a9af4555fb53b596b7725801f616f875007c48b14b666a63c8efb3b79

SHA512
8e28c452f71377ae2cd32de377d71070b49f8b59215a90fa34adfb5c18247a18d4a9079978fa2db5cbea3ed3dc5409d29666cbedab3c3f1ad831457d0e17c226

Download Submit
C:\Windows\system\oJwLuWh.exe

Filesize
6.0MB

MD5
a11a1e7d13f74a8acfc814988ff970a8

SHA1
ed7d9f24d7a98afa5d3bbf8ff776e709ee735c0e

SHA256
2b9854c75eac71e6408d51e92e5d4910f21b57d6bff0b32400af898b01ad26ee

SHA512
bda71e84e617cd6d64d6833c3a5d4b3ccc9cea15a7fd1e3885deef09a8d2d7f76505672471c4dddb6a2de98a94b841174773c75fa62d6411ec406191ee869f20

Download Submit
C:\Windows\system\oWqFBXD.exe

Filesize
6.0MB

MD5
015c0299d55a7123e88162e27add2290

SHA1
2d7e38419c662dbab0a5be66dff8574585882f36

SHA256
1127de1877776edbf17aed4004be04e645bda317478958de0b0ddaf263be321c

SHA512
936170bb84bf3602d515f58618cace0f63e3fd02616a5e13b2985ce3760403138e2de5dc0f83ec0a158c10f131c4fd37999aa2428cf776ee30127b0361512da0

Download Submit
C:\Windows\system\omRFSeb.exe

Filesize
6.0MB

MD5
4aa729430998bcaa2f967138cd714817

SHA1
f2e9fe5afb78964a378efffc3546fafea8bef2f6

SHA256
0d548756b1907bb83ef47cd4205f887e86464b4355fe5864c2196421839ab9c2

SHA512
c472b9eec1131867c2568ec459ef6e2781445990408da498de7b939b6d2cc46628ed75ebb4d8ca8c517045a36a284e2a380516dba73957a06c34bb7df76bb6ad

Download Submit
C:\Windows\system\ppNjoPa.exe

Filesize
6.0MB

MD5
9759f13757ad4d1bb2509b3daf33f22c

SHA1
9ea533960cdaef40d7cead680a635aabdb62a251

SHA256
68753ffb620a8a8b20d45e6b769e0de9ca342d10d21d2d38597b6677fcc0113f

SHA512
54fd9215e49ea51422e4b8305293e1dc3d7ccda5fc74db25ba0ec186c974efaf752be600fd60e6648d2a9bba540c973ef3aa9956b4709abea9f3a1174984f83b

Download Submit
C:\Windows\system\rJFSRdB.exe

Filesize
6.0MB

MD5
7dc8e2e380c59072d1a67b4432519b4f

SHA1
34d9555c73c5dcbf3434ba69a0a3075f57aa5a82

SHA256
95fd9c5119430dd1cd1fdfd563825f127ded167c2618d2377692380390a6963b

SHA512
f32a6ab7d3bef7208bf2fbaa40fe6a4c05263e85fed219cb5134f6c2f982677b2d99290ea6fefa50e5e87057e1e9edc56a54f6aba806c2c92f571295676bbd57

Download Submit
C:\Windows\system\vKhGJHI.exe

Filesize
6.0MB

MD5
6e036b5c349d4b38500c318960aa5fe1

SHA1
2068fa8103e04a9b6eb0d5c66200dc0a830a7b61

SHA256
4fceb8ec6070add35f601fffde0485ce9a81c65e1461085a50908243c87e7f84

SHA512
95596d6a2db832a7bc802c02d7673fcddd8f9cff077d034e87af68ab60faafea6b8026cb10f8853dc70b1db5dbf0bc0b0932d9c6d0ae15bc6f25a53906055855

Download Submit
C:\Windows\system\vTLzKdP.exe

Filesize
6.0MB

MD5
ab53a9f7f71355294495d12262aa3f48

SHA1
36495a953f9e15baa1067330c87208df05f0d3b6

SHA256
aea2dd5b97dfe544915d1ea07b0f5980f5f199d22880c08d9366d0dbe122b429

SHA512
9d72486c340595e2daa1293132669d5f4956f061ef80d11be7b789e3f5fb2708a74a1a36dc41285646f32ba47d6b38675a261f7b4568f05e60819f456d85d62a

Download Submit
C:\Windows\system\vdrfATx.exe

Filesize
6.0MB

MD5
b63e5730be5f5dd4953d0bec0db5a69e

SHA1
5738ba673c61578e8cd9dc7556f6bc82cdc89321

SHA256
64bf9b81ed2b4aa0bbffc34f3f58b1d5c119600ecc8ac3e4928cdee7252cea94

SHA512
69bab8ee269c8f9e2c1eee054ae653b9058f9eb19d5e4973ae29f6cae366f5c7a9c08ec0936e6344975ec778182e8c78a4af92a5b9bdd15c0d72c312a2d4e9dd

Download Submit
\Windows\system\lQSzOyS.exe

Filesize
6.0MB

MD5
18b45d4ccd5378ea207c31148f11cca7

SHA1
cef79027c017cd9c9327e6d6818dc5ec42966591

SHA256
8c36c47a3c7eb53932151bf11f4261f55cc5d0f590e54c75710ec3d1a266a2de

SHA512
af773a5dae7d7446bff8bdf47343409598deaa00a9f460bc97dd89c516345a91cc9dfce2999ecf7bc43f8cd070377ee43b4c2f26f90493d55fc0701e25abc7e2

Download Submit
\Windows\system\rQzLApy.exe

Filesize
6.0MB

MD5
523ee67685672ba8aeceeef36970335f

SHA1
dd38849574b6ffbc9970f5b740ca1745781e692c

SHA256
a90fefe0e43fd9209654c62afa90e43b11309dba8898993151916103b5a3e15a

SHA512
5381730c23c21dd11e0083eb064ab45d8f8af39b6066a07817f29f99478bd0422e9b17a6cb52131e118760f2c3653ddecad657b557bdbf1e42e588ce2fb56ace

Download Submit
memory/576-80-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/576-109-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/576-410-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/576-196-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/576-66-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/576-0-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/576-55-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/576-44-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/576-52-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/576-43-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/576-18-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/576-19-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/576-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/576-71-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/576-226-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/576-32-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/576-100-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/576-10-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/576-98-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/576-29-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/576-90-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/576-41-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1168-894-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1168-72-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1168-140-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1312-103-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1312-908-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1600-888-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/1600-81-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-99-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1756-904-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2160-815-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2160-30-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2224-872-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-67-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2252-22-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2252-808-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-89-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2372-903-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2460-23-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-807-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-54-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-870-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-865-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-37-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-869-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2780-42-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2780-82-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2792-871-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2792-60-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2956-826-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-21-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download