cobaltstrike | 186b042d926ee59fbdc068935c46374fdd282bcdab0a4f12415b939142750933

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

72549174537d4422bc50bb61e69b4915
SHA1

e0ce58d82ba8384d3d2811d8f3cb2536d6ce9ac8
SHA256

186b042d926ee59fbdc068935c46374fdd282bcdab0a4f12415b939142750933
SHA512

6687346d854fab1f4c417a0f066a29763f6e288765f9fae72ff9994e1256d45123031aa12283c4cfcb26b7d157bb63957213ad3c79944af6cf067809b4609365
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUB:T+q56utgpPF8u/7B

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120f9-6.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001868b-13.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186f2-19.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018781-33.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878c-39.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001925e-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019496-59.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-67.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-71.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019506-79.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952f-96.dat	cobalt_reflective_dll
behavioral1/files/0x0035000000018669-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962b-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967f-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001963b-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e6-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194fc-75.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-63.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019467-55.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001945c-51.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018bf3-44.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018731-24.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3068-0-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x00080000000120f9-6.dat	xmrig
behavioral1/files/0x000700000001868b-13.dat	xmrig
behavioral1/memory/2752-15-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2716-12-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x00070000000186f2-19.dat	xmrig
behavioral1/memory/2880-28-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018781-33.dat	xmrig
behavioral1/memory/2840-36-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x000600000001878c-39.dat	xmrig
behavioral1/files/0x000700000001925e-45.dat	xmrig
behavioral1/files/0x0005000000019496-59.dat	xmrig
behavioral1/files/0x00050000000194d0-67.dat	xmrig
behavioral1/files/0x00050000000194ef-71.dat	xmrig
behavioral1/files/0x0005000000019506-79.dat	xmrig
behavioral1/files/0x000500000001952f-96.dat	xmrig
behavioral1/files/0x0035000000018669-100.dat	xmrig
behavioral1/files/0x0005000000019627-150.dat	xmrig
behavioral1/files/0x000500000001962b-159.dat	xmrig
behavioral1/memory/2088-365-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2168-377-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2568-380-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/3068-379-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/3008-375-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/1764-373-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2992-371-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2644-363-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2752-599-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2716-4040-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2752-4041-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2652-4042-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2880-4043-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2840-4044-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2524-4050-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2168-4051-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2088-4052-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/3008-4053-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2992-4048-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2564-4049-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/1764-4047-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2644-4046-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2568-4045-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/3068-1541-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2880-976-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2564-361-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2524-352-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001967f-170.dat	xmrig
behavioral1/files/0x000500000001963b-165.dat	xmrig
behavioral1/files/0x0005000000019629-156.dat	xmrig
behavioral1/files/0x0005000000019625-146.dat	xmrig
behavioral1/files/0x0005000000019622-136.dat	xmrig
behavioral1/files/0x0005000000019623-140.dat	xmrig
behavioral1/files/0x0005000000019621-131.dat	xmrig
behavioral1/files/0x000500000001961f-125.dat	xmrig
behavioral1/files/0x00050000000195e6-115.dat	xmrig
behavioral1/files/0x000500000001961d-121.dat	xmrig
behavioral1/files/0x000500000001957e-105.dat	xmrig
behavioral1/files/0x00050000000195a7-110.dat	xmrig
behavioral1/files/0x00050000000194fc-75.dat	xmrig
behavioral1/files/0x00050000000194ad-63.dat	xmrig
behavioral1/files/0x0005000000019467-55.dat	xmrig
behavioral1/files/0x000600000001945c-51.dat	xmrig
behavioral1/files/0x0007000000018bf3-44.dat	xmrig
behavioral1/memory/3068-29-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2716	qIASdrZ.exe
2752	gsfAOdx.exe
2652	DxkaAnd.exe
2880	KRodUdC.exe
2840	HLjXpek.exe
2568	dwNAatu.exe
2524	DofVsWW.exe
2564	ZNLxdge.exe
2644	EhIEbbX.exe
2088	BfzzyrF.exe
2992	jcpkiwI.exe
1764	wvvPcwy.exe
3008	DNCHtPe.exe
2168	xpdVzRg.exe
2012	Ztlihno.exe
2200	zcEsupc.exe
636	CEMhuBz.exe
2708	LhKCeRn.exe
2956	qFVfEeg.exe
2004	BzdoebY.exe
1816	uowjYCm.exe
1036	lJGBLLG.exe
2368	wZqIeMB.exe
1484	SvpbMsb.exe
2092	dCqBvmq.exe
2108	xMPDTSk.exe
2288	vfhvTpR.exe
2944	SquffOj.exe
1096	YfeQQye.exe
2172	kZmxfBG.exe
2032	lbWWOAx.exe
1776	NcEYuHb.exe
616	BjHbDnM.exe
108	DBsZCyG.exe
1532	ADnYXPH.exe
2352	FyLabgE.exe
1376	IrDiiyx.exe
856	WohNnnI.exe
1252	BpnMqsT.exe
872	AXapNGG.exe
1668	EKKpSgi.exe
1236	ONkHubK.exe
1940	UKeWgMn.exe
2432	KRBimTI.exe
2360	GFRHGke.exe
2388	OUcvlZC.exe
2112	CJlDKKQ.exe
2888	nGZyKYP.exe
2056	SURFZuI.exe
2428	MUsMYWR.exe
2604	EtjuJBk.exe
900	wpuAWlE.exe
1804	LqgkWUa.exe
1644	iCJlgua.exe
1564	vqsYRhh.exe
1640	alxseUc.exe
1444	xvMMgEI.exe
2736	PkJNqrZ.exe
2772	KtYMJLx.exe
2548	TCKyZzq.exe
2600	owjRUIS.exe
1044	CEjgScm.exe
2408	CYkBgVC.exe
1992	SZWUcVJ.exe

Loads dropped DLL 64 IoCs

pid	Process
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3068-0-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x00080000000120f9-6.dat	upx
behavioral1/files/0x000700000001868b-13.dat	upx
behavioral1/memory/2752-15-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2716-12-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x00070000000186f2-19.dat	upx
behavioral1/memory/2880-28-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x0006000000018781-33.dat	upx
behavioral1/memory/2840-36-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x000600000001878c-39.dat	upx
behavioral1/files/0x000700000001925e-45.dat	upx
behavioral1/files/0x0005000000019496-59.dat	upx
behavioral1/files/0x00050000000194d0-67.dat	upx
behavioral1/files/0x00050000000194ef-71.dat	upx
behavioral1/files/0x0005000000019506-79.dat	upx
behavioral1/files/0x000500000001952f-96.dat	upx
behavioral1/files/0x0035000000018669-100.dat	upx
behavioral1/files/0x0005000000019627-150.dat	upx
behavioral1/files/0x000500000001962b-159.dat	upx
behavioral1/memory/2088-365-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2168-377-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2568-380-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/3068-379-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/3008-375-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/1764-373-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2992-371-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2644-363-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2752-599-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2716-4040-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2752-4041-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2652-4042-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2880-4043-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2840-4044-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2524-4050-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2168-4051-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2088-4052-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/3008-4053-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2992-4048-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2564-4049-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/1764-4047-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2644-4046-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2568-4045-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/3068-1541-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2880-976-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2564-361-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2524-352-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x000500000001967f-170.dat	upx
behavioral1/files/0x000500000001963b-165.dat	upx
behavioral1/files/0x0005000000019629-156.dat	upx
behavioral1/files/0x0005000000019625-146.dat	upx
behavioral1/files/0x0005000000019622-136.dat	upx
behavioral1/files/0x0005000000019623-140.dat	upx
behavioral1/files/0x0005000000019621-131.dat	upx
behavioral1/files/0x000500000001961f-125.dat	upx
behavioral1/files/0x00050000000195e6-115.dat	upx
behavioral1/files/0x000500000001961d-121.dat	upx
behavioral1/files/0x000500000001957e-105.dat	upx
behavioral1/files/0x00050000000195a7-110.dat	upx
behavioral1/files/0x00050000000194fc-75.dat	upx
behavioral1/files/0x00050000000194ad-63.dat	upx
behavioral1/files/0x0005000000019467-55.dat	upx
behavioral1/files/0x000600000001945c-51.dat	upx
behavioral1/files/0x0007000000018bf3-44.dat	upx
behavioral1/memory/2652-25-0x000000013FF30000-0x0000000140284000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\xErpGjv.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CagkXdG.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CngOZde.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EoESHWX.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cnQvXGC.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UCvcqIp.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\drxMdUG.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dLZPCer.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mFpMWvL.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQLVPuo.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vJydoeH.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PSPQeIK.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGrgCsE.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OqChluO.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xofWrGq.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fEMgAOK.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLWBJVD.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RtWOEWu.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvQjZLi.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NGhrvAF.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AQHJVLk.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vQsKWEp.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sgZjYEQ.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nfRPQNv.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PovhvJo.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SYxvdyS.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TCQAKEh.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tYlybLx.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YaNOgrQ.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SURFZuI.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owjRUIS.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dGwLwDI.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ayOAmSv.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OMsabAT.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BZLtNCX.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GxfiXsb.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LdbFjhN.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tKztHKz.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xMPDTSk.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FmMCQOS.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YKuPYZs.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HmQqNMT.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EptRbOW.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VkAWXxt.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BfzzyrF.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbRWtKX.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WwTApYL.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EuCLvAb.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aZWbUsb.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AcgxdiC.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FOQEutz.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CQGOTIz.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwWFJxu.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hnRhmIL.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mGEDZYD.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KuayONY.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yJatRFA.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WBHLRlO.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tVbDzzo.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lBZKvFR.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kwwynJT.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WsCHlEo.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BUHVbmo.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mtPXXou.exe	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2716	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3068 wrote to memory of 2716	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3068 wrote to memory of 2716	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3068 wrote to memory of 2752	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3068 wrote to memory of 2752	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3068 wrote to memory of 2752	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3068 wrote to memory of 2652	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3068 wrote to memory of 2652	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3068 wrote to memory of 2652	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3068 wrote to memory of 2880	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3068 wrote to memory of 2880	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3068 wrote to memory of 2880	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3068 wrote to memory of 2840	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3068 wrote to memory of 2840	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3068 wrote to memory of 2840	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3068 wrote to memory of 2568	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3068 wrote to memory of 2568	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3068 wrote to memory of 2568	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3068 wrote to memory of 2524	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3068 wrote to memory of 2524	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3068 wrote to memory of 2524	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3068 wrote to memory of 2564	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3068 wrote to memory of 2564	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3068 wrote to memory of 2564	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3068 wrote to memory of 2644	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3068 wrote to memory of 2644	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3068 wrote to memory of 2644	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3068 wrote to memory of 2088	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3068 wrote to memory of 2088	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3068 wrote to memory of 2088	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3068 wrote to memory of 2992	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3068 wrote to memory of 2992	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3068 wrote to memory of 2992	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3068 wrote to memory of 1764	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3068 wrote to memory of 1764	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3068 wrote to memory of 1764	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3068 wrote to memory of 3008	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3068 wrote to memory of 3008	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3068 wrote to memory of 3008	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3068 wrote to memory of 2168	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3068 wrote to memory of 2168	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3068 wrote to memory of 2168	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3068 wrote to memory of 2012	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3068 wrote to memory of 2012	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3068 wrote to memory of 2012	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3068 wrote to memory of 2200	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3068 wrote to memory of 2200	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3068 wrote to memory of 2200	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3068 wrote to memory of 636	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3068 wrote to memory of 636	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3068 wrote to memory of 636	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3068 wrote to memory of 2708	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3068 wrote to memory of 2708	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3068 wrote to memory of 2708	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3068 wrote to memory of 2956	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3068 wrote to memory of 2956	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3068 wrote to memory of 2956	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3068 wrote to memory of 2004	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3068 wrote to memory of 2004	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3068 wrote to memory of 2004	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3068 wrote to memory of 1816	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3068 wrote to memory of 1816	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3068 wrote to memory of 1816	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3068 wrote to memory of 1036	3068	2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-23_72549174537d4422bc50bb61e69b4915_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\System\qIASdrZ.exe
  C:\Windows\System\qIASdrZ.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\gsfAOdx.exe
  C:\Windows\System\gsfAOdx.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\DxkaAnd.exe
  C:\Windows\System\DxkaAnd.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\KRodUdC.exe
  C:\Windows\System\KRodUdC.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\HLjXpek.exe
  C:\Windows\System\HLjXpek.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\dwNAatu.exe
  C:\Windows\System\dwNAatu.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\DofVsWW.exe
  C:\Windows\System\DofVsWW.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\ZNLxdge.exe
  C:\Windows\System\ZNLxdge.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\EhIEbbX.exe
  C:\Windows\System\EhIEbbX.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\BfzzyrF.exe
  C:\Windows\System\BfzzyrF.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\jcpkiwI.exe
  C:\Windows\System\jcpkiwI.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\wvvPcwy.exe
  C:\Windows\System\wvvPcwy.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\DNCHtPe.exe
  C:\Windows\System\DNCHtPe.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\xpdVzRg.exe
  C:\Windows\System\xpdVzRg.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\Ztlihno.exe
  C:\Windows\System\Ztlihno.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\zcEsupc.exe
  C:\Windows\System\zcEsupc.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\CEMhuBz.exe
  C:\Windows\System\CEMhuBz.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\LhKCeRn.exe
  C:\Windows\System\LhKCeRn.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\qFVfEeg.exe
  C:\Windows\System\qFVfEeg.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\BzdoebY.exe
  C:\Windows\System\BzdoebY.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\uowjYCm.exe
  C:\Windows\System\uowjYCm.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\lJGBLLG.exe
  C:\Windows\System\lJGBLLG.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\wZqIeMB.exe
  C:\Windows\System\wZqIeMB.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\SvpbMsb.exe
  C:\Windows\System\SvpbMsb.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\dCqBvmq.exe
  C:\Windows\System\dCqBvmq.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\xMPDTSk.exe
  C:\Windows\System\xMPDTSk.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\vfhvTpR.exe
  C:\Windows\System\vfhvTpR.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\SquffOj.exe
  C:\Windows\System\SquffOj.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\YfeQQye.exe
  C:\Windows\System\YfeQQye.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\kZmxfBG.exe
  C:\Windows\System\kZmxfBG.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\lbWWOAx.exe
  C:\Windows\System\lbWWOAx.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\NcEYuHb.exe
  C:\Windows\System\NcEYuHb.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\BjHbDnM.exe
  C:\Windows\System\BjHbDnM.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\DBsZCyG.exe
  C:\Windows\System\DBsZCyG.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\ADnYXPH.exe
  C:\Windows\System\ADnYXPH.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\FyLabgE.exe
  C:\Windows\System\FyLabgE.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\IrDiiyx.exe
  C:\Windows\System\IrDiiyx.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\WohNnnI.exe
  C:\Windows\System\WohNnnI.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\BpnMqsT.exe
  C:\Windows\System\BpnMqsT.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\AXapNGG.exe
  C:\Windows\System\AXapNGG.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\EKKpSgi.exe
  C:\Windows\System\EKKpSgi.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\ONkHubK.exe
  C:\Windows\System\ONkHubK.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\UKeWgMn.exe
  C:\Windows\System\UKeWgMn.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\KRBimTI.exe
  C:\Windows\System\KRBimTI.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\GFRHGke.exe
  C:\Windows\System\GFRHGke.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\OUcvlZC.exe
  C:\Windows\System\OUcvlZC.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\CJlDKKQ.exe
  C:\Windows\System\CJlDKKQ.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\nGZyKYP.exe
  C:\Windows\System\nGZyKYP.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\SURFZuI.exe
  C:\Windows\System\SURFZuI.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\MUsMYWR.exe
  C:\Windows\System\MUsMYWR.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\EtjuJBk.exe
  C:\Windows\System\EtjuJBk.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\wpuAWlE.exe
  C:\Windows\System\wpuAWlE.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\LqgkWUa.exe
  C:\Windows\System\LqgkWUa.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\iCJlgua.exe
  C:\Windows\System\iCJlgua.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\vqsYRhh.exe
  C:\Windows\System\vqsYRhh.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\alxseUc.exe
  C:\Windows\System\alxseUc.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\PkJNqrZ.exe
  C:\Windows\System\PkJNqrZ.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\xvMMgEI.exe
  C:\Windows\System\xvMMgEI.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\TCKyZzq.exe
  C:\Windows\System\TCKyZzq.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\KtYMJLx.exe
  C:\Windows\System\KtYMJLx.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\owjRUIS.exe
  C:\Windows\System\owjRUIS.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\CEjgScm.exe
  C:\Windows\System\CEjgScm.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\CYkBgVC.exe
  C:\Windows\System\CYkBgVC.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\SZWUcVJ.exe
  C:\Windows\System\SZWUcVJ.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\VtPXvmD.exe
  C:\Windows\System\VtPXvmD.exe
  2⤵
  PID:2420
- C:\Windows\System\yGXQUdk.exe
  C:\Windows\System\yGXQUdk.exe
  2⤵
  PID:2844
- C:\Windows\System\rQaojiK.exe
  C:\Windows\System\rQaojiK.exe
  2⤵
  PID:568
- C:\Windows\System\DhmRIvg.exe
  C:\Windows\System\DhmRIvg.exe
  2⤵
  PID:1636
- C:\Windows\System\GBiWzdq.exe
  C:\Windows\System\GBiWzdq.exe
  2⤵
  PID:1308
- C:\Windows\System\APjgSJe.exe
  C:\Windows\System\APjgSJe.exe
  2⤵
  PID:1824
- C:\Windows\System\njmAOrv.exe
  C:\Windows\System\njmAOrv.exe
  2⤵
  PID:2220
- C:\Windows\System\FJKSRGT.exe
  C:\Windows\System\FJKSRGT.exe
  2⤵
  PID:3064
- C:\Windows\System\OamFdEq.exe
  C:\Windows\System\OamFdEq.exe
  2⤵
  PID:2208
- C:\Windows\System\zeeyJYS.exe
  C:\Windows\System\zeeyJYS.exe
  2⤵
  PID:2340
- C:\Windows\System\maVSpCb.exe
  C:\Windows\System\maVSpCb.exe
  2⤵
  PID:1868
- C:\Windows\System\PovhvJo.exe
  C:\Windows\System\PovhvJo.exe
  2⤵
  PID:2492
- C:\Windows\System\McUyNLX.exe
  C:\Windows\System\McUyNLX.exe
  2⤵
  PID:944
- C:\Windows\System\GXFwugR.exe
  C:\Windows\System\GXFwugR.exe
  2⤵
  PID:1620
- C:\Windows\System\xjwslvt.exe
  C:\Windows\System\xjwslvt.exe
  2⤵
  PID:1544
- C:\Windows\System\LsirBIU.exe
  C:\Windows\System\LsirBIU.exe
  2⤵
  PID:3028
- C:\Windows\System\zgNkQRh.exe
  C:\Windows\System\zgNkQRh.exe
  2⤵
  PID:2188
- C:\Windows\System\GnzteVe.exe
  C:\Windows\System\GnzteVe.exe
  2⤵
  PID:1744
- C:\Windows\System\oGaKWNr.exe
  C:\Windows\System\oGaKWNr.exe
  2⤵
  PID:2496
- C:\Windows\System\OnmAQHk.exe
  C:\Windows\System\OnmAQHk.exe
  2⤵
  PID:2440
- C:\Windows\System\gxFtrMF.exe
  C:\Windows\System\gxFtrMF.exe
  2⤵
  PID:2140
- C:\Windows\System\OoqkDzC.exe
  C:\Windows\System\OoqkDzC.exe
  2⤵
  PID:2392
- C:\Windows\System\KFrLpWg.exe
  C:\Windows\System\KFrLpWg.exe
  2⤵
  PID:2348
- C:\Windows\System\BnkPOnz.exe
  C:\Windows\System\BnkPOnz.exe
  2⤵
  PID:1028
- C:\Windows\System\RrzqTvD.exe
  C:\Windows\System\RrzqTvD.exe
  2⤵
  PID:2672
- C:\Windows\System\cYvqORt.exe
  C:\Windows\System\cYvqORt.exe
  2⤵
  PID:2468
- C:\Windows\System\vGbJttX.exe
  C:\Windows\System\vGbJttX.exe
  2⤵
  PID:2712
- C:\Windows\System\fTVUrfX.exe
  C:\Windows\System\fTVUrfX.exe
  2⤵
  PID:2536
- C:\Windows\System\BGNKUDp.exe
  C:\Windows\System\BGNKUDp.exe
  2⤵
  PID:2336
- C:\Windows\System\zAEnXNF.exe
  C:\Windows\System\zAEnXNF.exe
  2⤵
  PID:2052
- C:\Windows\System\TgLyhgf.exe
  C:\Windows\System\TgLyhgf.exe
  2⤵
  PID:3012
- C:\Windows\System\NfOGaVs.exe
  C:\Windows\System\NfOGaVs.exe
  2⤵
  PID:2824
- C:\Windows\System\BEYwDoM.exe
  C:\Windows\System\BEYwDoM.exe
  2⤵
  PID:2864
- C:\Windows\System\QCmCPIt.exe
  C:\Windows\System\QCmCPIt.exe
  2⤵
  PID:2740
- C:\Windows\System\KgRGAJc.exe
  C:\Windows\System\KgRGAJc.exe
  2⤵
  PID:916
- C:\Windows\System\CWaJJob.exe
  C:\Windows\System\CWaJJob.exe
  2⤵
  PID:1712
- C:\Windows\System\ahWQUOY.exe
  C:\Windows\System\ahWQUOY.exe
  2⤵
  PID:3056
- C:\Windows\System\XANQlNa.exe
  C:\Windows\System\XANQlNa.exe
  2⤵
  PID:1604
- C:\Windows\System\cnZFEct.exe
  C:\Windows\System\cnZFEct.exe
  2⤵
  PID:2800
- C:\Windows\System\CVzjYPH.exe
  C:\Windows\System\CVzjYPH.exe
  2⤵
  PID:2436
- C:\Windows\System\VCcvwwv.exe
  C:\Windows\System\VCcvwwv.exe
  2⤵
  PID:2324
- C:\Windows\System\UYnMCdh.exe
  C:\Windows\System\UYnMCdh.exe
  2⤵
  PID:1288
- C:\Windows\System\Xvvizfb.exe
  C:\Windows\System\Xvvizfb.exe
  2⤵
  PID:2896
- C:\Windows\System\zltZxQv.exe
  C:\Windows\System\zltZxQv.exe
  2⤵
  PID:2764
- C:\Windows\System\JSPGWeT.exe
  C:\Windows\System\JSPGWeT.exe
  2⤵
  PID:1596
- C:\Windows\System\WqTPkUc.exe
  C:\Windows\System\WqTPkUc.exe
  2⤵
  PID:2768
- C:\Windows\System\rMOwkQU.exe
  C:\Windows\System\rMOwkQU.exe
  2⤵
  PID:1632
- C:\Windows\System\XSPHusU.exe
  C:\Windows\System\XSPHusU.exe
  2⤵
  PID:1216
- C:\Windows\System\oVobRwM.exe
  C:\Windows\System\oVobRwM.exe
  2⤵
  PID:1040
- C:\Windows\System\RQHkIdn.exe
  C:\Windows\System\RQHkIdn.exe
  2⤵
  PID:2116
- C:\Windows\System\UUumzmt.exe
  C:\Windows\System\UUumzmt.exe
  2⤵
  PID:1404
- C:\Windows\System\hylYKfS.exe
  C:\Windows\System\hylYKfS.exe
  2⤵
  PID:2076
- C:\Windows\System\Bnqwqfb.exe
  C:\Windows\System\Bnqwqfb.exe
  2⤵
  PID:1628
- C:\Windows\System\xpWiTEI.exe
  C:\Windows\System\xpWiTEI.exe
  2⤵
  PID:2376
- C:\Windows\System\YYgRsOY.exe
  C:\Windows\System\YYgRsOY.exe
  2⤵
  PID:696
- C:\Windows\System\DTOFYhv.exe
  C:\Windows\System\DTOFYhv.exe
  2⤵
  PID:2720
- C:\Windows\System\zgtnxUn.exe
  C:\Windows\System\zgtnxUn.exe
  2⤵
  PID:1836
- C:\Windows\System\FjUasLS.exe
  C:\Windows\System\FjUasLS.exe
  2⤵
  PID:1796
- C:\Windows\System\QNwvkzG.exe
  C:\Windows\System\QNwvkzG.exe
  2⤵
  PID:1984
- C:\Windows\System\iBXDBsN.exe
  C:\Windows\System\iBXDBsN.exe
  2⤵
  PID:2660
- C:\Windows\System\vBIbjPJ.exe
  C:\Windows\System\vBIbjPJ.exe
  2⤵
  PID:2248
- C:\Windows\System\NGhrvAF.exe
  C:\Windows\System\NGhrvAF.exe
  2⤵
  PID:1800
- C:\Windows\System\YOOtGCr.exe
  C:\Windows\System\YOOtGCr.exe
  2⤵
  PID:2224
- C:\Windows\System\dkcYNvk.exe
  C:\Windows\System\dkcYNvk.exe
  2⤵
  PID:1700
- C:\Windows\System\enJCaRZ.exe
  C:\Windows\System\enJCaRZ.exe
  2⤵
  PID:3088
- C:\Windows\System\dsJJUjD.exe
  C:\Windows\System\dsJJUjD.exe
  2⤵
  PID:3104
- C:\Windows\System\nvKOTwr.exe
  C:\Windows\System\nvKOTwr.exe
  2⤵
  PID:3124
- C:\Windows\System\ymHvgcS.exe
  C:\Windows\System\ymHvgcS.exe
  2⤵
  PID:3144
- C:\Windows\System\FbJTGte.exe
  C:\Windows\System\FbJTGte.exe
  2⤵
  PID:3160
- C:\Windows\System\OMsabAT.exe
  C:\Windows\System\OMsabAT.exe
  2⤵
  PID:3176
- C:\Windows\System\cozicAe.exe
  C:\Windows\System\cozicAe.exe
  2⤵
  PID:3192
- C:\Windows\System\gFKwviL.exe
  C:\Windows\System\gFKwviL.exe
  2⤵
  PID:3240
- C:\Windows\System\WxbgPoL.exe
  C:\Windows\System\WxbgPoL.exe
  2⤵
  PID:3256
- C:\Windows\System\dFVRCOG.exe
  C:\Windows\System\dFVRCOG.exe
  2⤵
  PID:3272
- C:\Windows\System\xrCoumg.exe
  C:\Windows\System\xrCoumg.exe
  2⤵
  PID:3288
- C:\Windows\System\gLetSQA.exe
  C:\Windows\System\gLetSQA.exe
  2⤵
  PID:3304
- C:\Windows\System\RzoZUJY.exe
  C:\Windows\System\RzoZUJY.exe
  2⤵
  PID:3328
- C:\Windows\System\xErpGjv.exe
  C:\Windows\System\xErpGjv.exe
  2⤵
  PID:3344
- C:\Windows\System\gaOwEig.exe
  C:\Windows\System\gaOwEig.exe
  2⤵
  PID:3360
- C:\Windows\System\osNrhkn.exe
  C:\Windows\System\osNrhkn.exe
  2⤵
  PID:3380
- C:\Windows\System\ylxuzQQ.exe
  C:\Windows\System\ylxuzQQ.exe
  2⤵
  PID:3400
- C:\Windows\System\QlIitjX.exe
  C:\Windows\System\QlIitjX.exe
  2⤵
  PID:3416
- C:\Windows\System\inICTgg.exe
  C:\Windows\System\inICTgg.exe
  2⤵
  PID:3432
- C:\Windows\System\cxzQmLp.exe
  C:\Windows\System\cxzQmLp.exe
  2⤵
  PID:3448
- C:\Windows\System\yJgDsnA.exe
  C:\Windows\System\yJgDsnA.exe
  2⤵
  PID:3464
- C:\Windows\System\xEJdMic.exe
  C:\Windows\System\xEJdMic.exe
  2⤵
  PID:3488
- C:\Windows\System\PDnJgnA.exe
  C:\Windows\System\PDnJgnA.exe
  2⤵
  PID:3540
- C:\Windows\System\gvQMTrK.exe
  C:\Windows\System\gvQMTrK.exe
  2⤵
  PID:3556
- C:\Windows\System\ASrtaoN.exe
  C:\Windows\System\ASrtaoN.exe
  2⤵
  PID:3580
- C:\Windows\System\bsHiOgx.exe
  C:\Windows\System\bsHiOgx.exe
  2⤵
  PID:3596
- C:\Windows\System\IcJspKU.exe
  C:\Windows\System\IcJspKU.exe
  2⤵
  PID:3612
- C:\Windows\System\LznQHIg.exe
  C:\Windows\System\LznQHIg.exe
  2⤵
  PID:3628
- C:\Windows\System\aBFghIc.exe
  C:\Windows\System\aBFghIc.exe
  2⤵
  PID:3648
- C:\Windows\System\lZuUUZo.exe
  C:\Windows\System\lZuUUZo.exe
  2⤵
  PID:3676
- C:\Windows\System\bznNdrK.exe
  C:\Windows\System\bznNdrK.exe
  2⤵
  PID:3692
- C:\Windows\System\EWczoEd.exe
  C:\Windows\System\EWczoEd.exe
  2⤵
  PID:3708
- C:\Windows\System\MPQGshm.exe
  C:\Windows\System\MPQGshm.exe
  2⤵
  PID:3724
- C:\Windows\System\UWSbKFH.exe
  C:\Windows\System\UWSbKFH.exe
  2⤵
  PID:3740
- C:\Windows\System\wRnlUZM.exe
  C:\Windows\System\wRnlUZM.exe
  2⤵
  PID:3756
- C:\Windows\System\mElbHwZ.exe
  C:\Windows\System\mElbHwZ.exe
  2⤵
  PID:3780
- C:\Windows\System\tbOfZmC.exe
  C:\Windows\System\tbOfZmC.exe
  2⤵
  PID:3808
- C:\Windows\System\FmMCQOS.exe
  C:\Windows\System\FmMCQOS.exe
  2⤵
  PID:3824
- C:\Windows\System\NXuZChh.exe
  C:\Windows\System\NXuZChh.exe
  2⤵
  PID:3844
- C:\Windows\System\rDeJReu.exe
  C:\Windows\System\rDeJReu.exe
  2⤵
  PID:3860
- C:\Windows\System\gnwoeDI.exe
  C:\Windows\System\gnwoeDI.exe
  2⤵
  PID:3884
- C:\Windows\System\bGLmQoy.exe
  C:\Windows\System\bGLmQoy.exe
  2⤵
  PID:3916
- C:\Windows\System\iMgLhsd.exe
  C:\Windows\System\iMgLhsd.exe
  2⤵
  PID:3932
- C:\Windows\System\HSDuIrE.exe
  C:\Windows\System\HSDuIrE.exe
  2⤵
  PID:3948
- C:\Windows\System\IDNSwaa.exe
  C:\Windows\System\IDNSwaa.exe
  2⤵
  PID:3980
- C:\Windows\System\IlNCLHG.exe
  C:\Windows\System\IlNCLHG.exe
  2⤵
  PID:3996
- C:\Windows\System\rYtsmNp.exe
  C:\Windows\System\rYtsmNp.exe
  2⤵
  PID:4012
- C:\Windows\System\QajFLxc.exe
  C:\Windows\System\QajFLxc.exe
  2⤵
  PID:4028
- C:\Windows\System\szGBNdS.exe
  C:\Windows\System\szGBNdS.exe
  2⤵
  PID:4044
- C:\Windows\System\lwvIpCE.exe
  C:\Windows\System\lwvIpCE.exe
  2⤵
  PID:4060
- C:\Windows\System\kyTKLMa.exe
  C:\Windows\System\kyTKLMa.exe
  2⤵
  PID:4092
- C:\Windows\System\JlMLGEt.exe
  C:\Windows\System\JlMLGEt.exe
  2⤵
  PID:2700
- C:\Windows\System\PIWRQzn.exe
  C:\Windows\System\PIWRQzn.exe
  2⤵
  PID:1616
- C:\Windows\System\JOmPOtM.exe
  C:\Windows\System\JOmPOtM.exe
  2⤵
  PID:712
- C:\Windows\System\zsQgDUZ.exe
  C:\Windows\System\zsQgDUZ.exe
  2⤵
  PID:1016
- C:\Windows\System\JltGnsy.exe
  C:\Windows\System\JltGnsy.exe
  2⤵
  PID:3096
- C:\Windows\System\wyQvEpx.exe
  C:\Windows\System\wyQvEpx.exe
  2⤵
  PID:3280
- C:\Windows\System\YexHZkA.exe
  C:\Windows\System\YexHZkA.exe
  2⤵
  PID:3232
- C:\Windows\System\gSPEhVU.exe
  C:\Windows\System\gSPEhVU.exe
  2⤵
  PID:3268
- C:\Windows\System\BHIYFAr.exe
  C:\Windows\System\BHIYFAr.exe
  2⤵
  PID:3352
- C:\Windows\System\uSHyzrI.exe
  C:\Windows\System\uSHyzrI.exe
  2⤵
  PID:3424
- C:\Windows\System\tRuyLkN.exe
  C:\Windows\System\tRuyLkN.exe
  2⤵
  PID:3460
- C:\Windows\System\dGwLwDI.exe
  C:\Windows\System\dGwLwDI.exe
  2⤵
  PID:3476
- C:\Windows\System\hvHAkkm.exe
  C:\Windows\System\hvHAkkm.exe
  2⤵
  PID:3524
- C:\Windows\System\auzcsYB.exe
  C:\Windows\System\auzcsYB.exe
  2⤵
  PID:3340
- C:\Windows\System\DSrLqqZ.exe
  C:\Windows\System\DSrLqqZ.exe
  2⤵
  PID:3396
- C:\Windows\System\DlrOaLO.exe
  C:\Windows\System\DlrOaLO.exe
  2⤵
  PID:3444
- C:\Windows\System\LUTQAGu.exe
  C:\Windows\System\LUTQAGu.exe
  2⤵
  PID:3552
- C:\Windows\System\YAhwMeO.exe
  C:\Windows\System\YAhwMeO.exe
  2⤵
  PID:3608
- C:\Windows\System\CKQvITB.exe
  C:\Windows\System\CKQvITB.exe
  2⤵
  PID:3720
- C:\Windows\System\sPorWkO.exe
  C:\Windows\System\sPorWkO.exe
  2⤵
  PID:3792
- C:\Windows\System\vNnaTLm.exe
  C:\Windows\System\vNnaTLm.exe
  2⤵
  PID:3804
- C:\Windows\System\cpLWlXJ.exe
  C:\Windows\System\cpLWlXJ.exe
  2⤵
  PID:3668
- C:\Windows\System\gnptxON.exe
  C:\Windows\System\gnptxON.exe
  2⤵
  PID:3868
- C:\Windows\System\RANnFAk.exe
  C:\Windows\System\RANnFAk.exe
  2⤵
  PID:3768
- C:\Windows\System\fvMohoF.exe
  C:\Windows\System\fvMohoF.exe
  2⤵
  PID:3816
- C:\Windows\System\fOpxaoT.exe
  C:\Windows\System\fOpxaoT.exe
  2⤵
  PID:3704
- C:\Windows\System\mqNhheG.exe
  C:\Windows\System\mqNhheG.exe
  2⤵
  PID:3892
- C:\Windows\System\kDHzUVg.exe
  C:\Windows\System\kDHzUVg.exe
  2⤵
  PID:3960
- C:\Windows\System\wQxfUqU.exe
  C:\Windows\System\wQxfUqU.exe
  2⤵
  PID:4008
- C:\Windows\System\nBZfxPZ.exe
  C:\Windows\System\nBZfxPZ.exe
  2⤵
  PID:4072
- C:\Windows\System\DfTXdTE.exe
  C:\Windows\System\DfTXdTE.exe
  2⤵
  PID:4088
- C:\Windows\System\IHUyOiA.exe
  C:\Windows\System\IHUyOiA.exe
  2⤵
  PID:2332
- C:\Windows\System\UpnxAKz.exe
  C:\Windows\System\UpnxAKz.exe
  2⤵
  PID:4024
- C:\Windows\System\UKgGHAh.exe
  C:\Windows\System\UKgGHAh.exe
  2⤵
  PID:3940
- C:\Windows\System\DajwtNS.exe
  C:\Windows\System\DajwtNS.exe
  2⤵
  PID:3200
- C:\Windows\System\hmrmnoV.exe
  C:\Windows\System\hmrmnoV.exe
  2⤵
  PID:3252
- C:\Windows\System\gCZytNY.exe
  C:\Windows\System\gCZytNY.exe
  2⤵
  PID:3388
- C:\Windows\System\crWLVgc.exe
  C:\Windows\System\crWLVgc.exe
  2⤵
  PID:3224
- C:\Windows\System\XbRWtKX.exe
  C:\Windows\System\XbRWtKX.exe
  2⤵
  PID:3228
- C:\Windows\System\IFRnEVk.exe
  C:\Windows\System\IFRnEVk.exe
  2⤵
  PID:3484
- C:\Windows\System\MjEGcYO.exe
  C:\Windows\System\MjEGcYO.exe
  2⤵
  PID:3320
- C:\Windows\System\oXWvREX.exe
  C:\Windows\System\oXWvREX.exe
  2⤵
  PID:3528
- C:\Windows\System\lvyUAdI.exe
  C:\Windows\System\lvyUAdI.exe
  2⤵
  PID:3376
- C:\Windows\System\BLGzxai.exe
  C:\Windows\System\BLGzxai.exe
  2⤵
  PID:3604
- C:\Windows\System\QBoCEac.exe
  C:\Windows\System\QBoCEac.exe
  2⤵
  PID:3572
- C:\Windows\System\RUfLcqg.exe
  C:\Windows\System\RUfLcqg.exe
  2⤵
  PID:3684
- C:\Windows\System\FFcdPTx.exe
  C:\Windows\System\FFcdPTx.exe
  2⤵
  PID:3664
- C:\Windows\System\axftFHn.exe
  C:\Windows\System\axftFHn.exe
  2⤵
  PID:3840
- C:\Windows\System\AjGHpzT.exe
  C:\Windows\System\AjGHpzT.exe
  2⤵
  PID:2728
- C:\Windows\System\NsfGchH.exe
  C:\Windows\System\NsfGchH.exe
  2⤵
  PID:3900
- C:\Windows\System\GJBOXjH.exe
  C:\Windows\System\GJBOXjH.exe
  2⤵
  PID:3976
- C:\Windows\System\AUavohJ.exe
  C:\Windows\System\AUavohJ.exe
  2⤵
  PID:3084
- C:\Windows\System\EIJkACB.exe
  C:\Windows\System\EIJkACB.exe
  2⤵
  PID:3140
- C:\Windows\System\ByEfVfu.exe
  C:\Windows\System\ByEfVfu.exe
  2⤵
  PID:3248
- C:\Windows\System\hUMwBpT.exe
  C:\Windows\System\hUMwBpT.exe
  2⤵
  PID:3504
- C:\Windows\System\tBbxpen.exe
  C:\Windows\System\tBbxpen.exe
  2⤵
  PID:3548
- C:\Windows\System\JuxOkLl.exe
  C:\Windows\System\JuxOkLl.exe
  2⤵
  PID:3516
- C:\Windows\System\gLwegIV.exe
  C:\Windows\System\gLwegIV.exe
  2⤵
  PID:3928
- C:\Windows\System\tmjHHuq.exe
  C:\Windows\System\tmjHHuq.exe
  2⤵
  PID:3660
- C:\Windows\System\UKQCkGH.exe
  C:\Windows\System\UKQCkGH.exe
  2⤵
  PID:3368
- C:\Windows\System\deAcHvn.exe
  C:\Windows\System\deAcHvn.exe
  2⤵
  PID:2848
- C:\Windows\System\WPWRyBh.exe
  C:\Windows\System\WPWRyBh.exe
  2⤵
  PID:3748
- C:\Windows\System\OfBllgA.exe
  C:\Windows\System\OfBllgA.exe
  2⤵
  PID:4020
- C:\Windows\System\gNtflkW.exe
  C:\Windows\System\gNtflkW.exe
  2⤵
  PID:3972
- C:\Windows\System\fyZUjNG.exe
  C:\Windows\System\fyZUjNG.exe
  2⤵
  PID:3112
- C:\Windows\System\dgmjcxO.exe
  C:\Windows\System\dgmjcxO.exe
  2⤵
  PID:3296
- C:\Windows\System\LhyJFOy.exe
  C:\Windows\System\LhyJFOy.exe
  2⤵
  PID:3588
- C:\Windows\System\dmzGCly.exe
  C:\Windows\System\dmzGCly.exe
  2⤵
  PID:3904
- C:\Windows\System\GWxExNX.exe
  C:\Windows\System\GWxExNX.exe
  2⤵
  PID:3896
- C:\Windows\System\QpfTkRR.exe
  C:\Windows\System\QpfTkRR.exe
  2⤵
  PID:1348
- C:\Windows\System\fJLqVWU.exe
  C:\Windows\System\fJLqVWU.exe
  2⤵
  PID:3856
- C:\Windows\System\sgbpZhi.exe
  C:\Windows\System\sgbpZhi.exe
  2⤵
  PID:3924
- C:\Windows\System\hfZEyMa.exe
  C:\Windows\System\hfZEyMa.exe
  2⤵
  PID:3508
- C:\Windows\System\eqfZaqh.exe
  C:\Windows\System\eqfZaqh.exe
  2⤵
  PID:3500
- C:\Windows\System\UOmvoUm.exe
  C:\Windows\System\UOmvoUm.exe
  2⤵
  PID:3800
- C:\Windows\System\crQMeYG.exe
  C:\Windows\System\crQMeYG.exe
  2⤵
  PID:3876
- C:\Windows\System\BZLtNCX.exe
  C:\Windows\System\BZLtNCX.exe
  2⤵
  PID:4104
- C:\Windows\System\UEcxHvX.exe
  C:\Windows\System\UEcxHvX.exe
  2⤵
  PID:4120
- C:\Windows\System\irDKaPy.exe
  C:\Windows\System\irDKaPy.exe
  2⤵
  PID:4140
- C:\Windows\System\XICCCrR.exe
  C:\Windows\System\XICCCrR.exe
  2⤵
  PID:4160
- C:\Windows\System\CEyMZPb.exe
  C:\Windows\System\CEyMZPb.exe
  2⤵
  PID:4184
- C:\Windows\System\PpThoqB.exe
  C:\Windows\System\PpThoqB.exe
  2⤵
  PID:4216
- C:\Windows\System\rCDrZGI.exe
  C:\Windows\System\rCDrZGI.exe
  2⤵
  PID:4232
- C:\Windows\System\WvXXkMe.exe
  C:\Windows\System\WvXXkMe.exe
  2⤵
  PID:4256
- C:\Windows\System\TcZtFqs.exe
  C:\Windows\System\TcZtFqs.exe
  2⤵
  PID:4272
- C:\Windows\System\UmafoyE.exe
  C:\Windows\System\UmafoyE.exe
  2⤵
  PID:4288
- C:\Windows\System\GxfiXsb.exe
  C:\Windows\System\GxfiXsb.exe
  2⤵
  PID:4304
- C:\Windows\System\swInmvj.exe
  C:\Windows\System\swInmvj.exe
  2⤵
  PID:4332
- C:\Windows\System\MVClhHv.exe
  C:\Windows\System\MVClhHv.exe
  2⤵
  PID:4352
- C:\Windows\System\MkjRhgB.exe
  C:\Windows\System\MkjRhgB.exe
  2⤵
  PID:4368
- C:\Windows\System\ZNOAhxi.exe
  C:\Windows\System\ZNOAhxi.exe
  2⤵
  PID:4384
- C:\Windows\System\HWcIEwQ.exe
  C:\Windows\System\HWcIEwQ.exe
  2⤵
  PID:4404
- C:\Windows\System\tDfospd.exe
  C:\Windows\System\tDfospd.exe
  2⤵
  PID:4420
- C:\Windows\System\fZjGMFu.exe
  C:\Windows\System\fZjGMFu.exe
  2⤵
  PID:4436
- C:\Windows\System\WETQYgs.exe
  C:\Windows\System\WETQYgs.exe
  2⤵
  PID:4452
- C:\Windows\System\qTUXUlE.exe
  C:\Windows\System\qTUXUlE.exe
  2⤵
  PID:4468
- C:\Windows\System\HnKSmpu.exe
  C:\Windows\System\HnKSmpu.exe
  2⤵
  PID:4500
- C:\Windows\System\mJtOoHa.exe
  C:\Windows\System\mJtOoHa.exe
  2⤵
  PID:4516
- C:\Windows\System\GFUWCMC.exe
  C:\Windows\System\GFUWCMC.exe
  2⤵
  PID:4536
- C:\Windows\System\Gmptqlb.exe
  C:\Windows\System\Gmptqlb.exe
  2⤵
  PID:4552
- C:\Windows\System\rBkEuJl.exe
  C:\Windows\System\rBkEuJl.exe
  2⤵
  PID:4588
- C:\Windows\System\PNsfVYU.exe
  C:\Windows\System\PNsfVYU.exe
  2⤵
  PID:4612
- C:\Windows\System\yqwzidK.exe
  C:\Windows\System\yqwzidK.exe
  2⤵
  PID:4636
- C:\Windows\System\gOWPFZz.exe
  C:\Windows\System\gOWPFZz.exe
  2⤵
  PID:4652
- C:\Windows\System\sSofMoK.exe
  C:\Windows\System\sSofMoK.exe
  2⤵
  PID:4668
- C:\Windows\System\hawXbVI.exe
  C:\Windows\System\hawXbVI.exe
  2⤵
  PID:4688
- C:\Windows\System\PHyaJYC.exe
  C:\Windows\System\PHyaJYC.exe
  2⤵
  PID:4704
- C:\Windows\System\FSEnpJb.exe
  C:\Windows\System\FSEnpJb.exe
  2⤵
  PID:4724
- C:\Windows\System\zHNVSlj.exe
  C:\Windows\System\zHNVSlj.exe
  2⤵
  PID:4744
- C:\Windows\System\DadzhyI.exe
  C:\Windows\System\DadzhyI.exe
  2⤵
  PID:4760
- C:\Windows\System\GgSoDay.exe
  C:\Windows\System\GgSoDay.exe
  2⤵
  PID:4776
- C:\Windows\System\sBMJJql.exe
  C:\Windows\System\sBMJJql.exe
  2⤵
  PID:4792
- C:\Windows\System\hwTHnli.exe
  C:\Windows\System\hwTHnli.exe
  2⤵
  PID:4808
- C:\Windows\System\wJJuUZf.exe
  C:\Windows\System\wJJuUZf.exe
  2⤵
  PID:4832
- C:\Windows\System\dGuhyQF.exe
  C:\Windows\System\dGuhyQF.exe
  2⤵
  PID:4852
- C:\Windows\System\hHJHOEu.exe
  C:\Windows\System\hHJHOEu.exe
  2⤵
  PID:4868
- C:\Windows\System\aNSjxET.exe
  C:\Windows\System\aNSjxET.exe
  2⤵
  PID:4884
- C:\Windows\System\JyjRjue.exe
  C:\Windows\System\JyjRjue.exe
  2⤵
  PID:4908
- C:\Windows\System\EuCLvAb.exe
  C:\Windows\System\EuCLvAb.exe
  2⤵
  PID:4924
- C:\Windows\System\ltgDkSo.exe
  C:\Windows\System\ltgDkSo.exe
  2⤵
  PID:4940
- C:\Windows\System\CGaJvVo.exe
  C:\Windows\System\CGaJvVo.exe
  2⤵
  PID:4960
- C:\Windows\System\fPxrjML.exe
  C:\Windows\System\fPxrjML.exe
  2⤵
  PID:4976
- C:\Windows\System\rArbzYT.exe
  C:\Windows\System\rArbzYT.exe
  2⤵
  PID:4992
- C:\Windows\System\IuqHqyL.exe
  C:\Windows\System\IuqHqyL.exe
  2⤵
  PID:5008
- C:\Windows\System\NZOjEwy.exe
  C:\Windows\System\NZOjEwy.exe
  2⤵
  PID:5024
- C:\Windows\System\GAijvpt.exe
  C:\Windows\System\GAijvpt.exe
  2⤵
  PID:5040
- C:\Windows\System\nqTXbIY.exe
  C:\Windows\System\nqTXbIY.exe
  2⤵
  PID:5064
- C:\Windows\System\oOMwlSd.exe
  C:\Windows\System\oOMwlSd.exe
  2⤵
  PID:5080
- C:\Windows\System\mACAnWH.exe
  C:\Windows\System\mACAnWH.exe
  2⤵
  PID:5096
- C:\Windows\System\XDQRPxY.exe
  C:\Windows\System\XDQRPxY.exe
  2⤵
  PID:5112
- C:\Windows\System\XtNfces.exe
  C:\Windows\System\XtNfces.exe
  2⤵
  PID:4112
- C:\Windows\System\YCJiOdB.exe
  C:\Windows\System\YCJiOdB.exe
  2⤵
  PID:4132
- C:\Windows\System\oTSGALg.exe
  C:\Windows\System\oTSGALg.exe
  2⤵
  PID:3836
- C:\Windows\System\CagkXdG.exe
  C:\Windows\System\CagkXdG.exe
  2⤵
  PID:4056
- C:\Windows\System\bQLVPuo.exe
  C:\Windows\System\bQLVPuo.exe
  2⤵
  PID:4200
- C:\Windows\System\Ztxsbyz.exe
  C:\Windows\System\Ztxsbyz.exe
  2⤵
  PID:4240
- C:\Windows\System\AAFGCAG.exe
  C:\Windows\System\AAFGCAG.exe
  2⤵
  PID:4136
- C:\Windows\System\haXhTCS.exe
  C:\Windows\System\haXhTCS.exe
  2⤵
  PID:4320
- C:\Windows\System\BppqNrU.exe
  C:\Windows\System\BppqNrU.exe
  2⤵
  PID:4364
- C:\Windows\System\aSEzsgy.exe
  C:\Windows\System\aSEzsgy.exe
  2⤵
  PID:4400
- C:\Windows\System\czlisCD.exe
  C:\Windows\System\czlisCD.exe
  2⤵
  PID:4464
- C:\Windows\System\EPjkuFp.exe
  C:\Windows\System\EPjkuFp.exe
  2⤵
  PID:4228
- C:\Windows\System\NQclFBf.exe
  C:\Windows\System\NQclFBf.exe
  2⤵
  PID:4548
- C:\Windows\System\nRZSJBP.exe
  C:\Windows\System\nRZSJBP.exe
  2⤵
  PID:4268
- C:\Windows\System\gCBHpXd.exe
  C:\Windows\System\gCBHpXd.exe
  2⤵
  PID:4444
- C:\Windows\System\ayOAmSv.exe
  C:\Windows\System\ayOAmSv.exe
  2⤵
  PID:4480
- C:\Windows\System\PgWhOgt.exe
  C:\Windows\System\PgWhOgt.exe
  2⤵
  PID:4532
- C:\Windows\System\ftKpCDg.exe
  C:\Windows\System\ftKpCDg.exe
  2⤵
  PID:4596
- C:\Windows\System\irQJRDt.exe
  C:\Windows\System\irQJRDt.exe
  2⤵
  PID:4572
- C:\Windows\System\rWxayxQ.exe
  C:\Windows\System\rWxayxQ.exe
  2⤵
  PID:4648
- C:\Windows\System\tzeIakV.exe
  C:\Windows\System\tzeIakV.exe
  2⤵
  PID:4624
- C:\Windows\System\YopDOXm.exe
  C:\Windows\System\YopDOXm.exe
  2⤵
  PID:4660
- C:\Windows\System\vJydoeH.exe
  C:\Windows\System\vJydoeH.exe
  2⤵
  PID:4804
- C:\Windows\System\auOaurD.exe
  C:\Windows\System\auOaurD.exe
  2⤵
  PID:4848
- C:\Windows\System\XeyBtjU.exe
  C:\Windows\System\XeyBtjU.exe
  2⤵
  PID:4784
- C:\Windows\System\TqLEseq.exe
  C:\Windows\System\TqLEseq.exe
  2⤵
  PID:4820
- C:\Windows\System\eSiCbPt.exe
  C:\Windows\System\eSiCbPt.exe
  2⤵
  PID:4732
- C:\Windows\System\gkdYDzl.exe
  C:\Windows\System\gkdYDzl.exe
  2⤵
  PID:4880
- C:\Windows\System\VFUbZjT.exe
  C:\Windows\System\VFUbZjT.exe
  2⤵
  PID:4696
- C:\Windows\System\grqZbVe.exe
  C:\Windows\System\grqZbVe.exe
  2⤵
  PID:4084
- C:\Windows\System\QyglhDW.exe
  C:\Windows\System\QyglhDW.exe
  2⤵
  PID:4968
- C:\Windows\System\IhbjEHh.exe
  C:\Windows\System\IhbjEHh.exe
  2⤵
  PID:4988
- C:\Windows\System\LakvTeX.exe
  C:\Windows\System\LakvTeX.exe
  2⤵
  PID:5020
- C:\Windows\System\hJbOVOT.exe
  C:\Windows\System\hJbOVOT.exe
  2⤵
  PID:5060
- C:\Windows\System\HsPrpSp.exe
  C:\Windows\System\HsPrpSp.exe
  2⤵
  PID:4152
- C:\Windows\System\ohByMcG.exe
  C:\Windows\System\ohByMcG.exe
  2⤵
  PID:4148
- C:\Windows\System\eUQttaP.exe
  C:\Windows\System\eUQttaP.exe
  2⤵
  PID:4204
- C:\Windows\System\BPozjLx.exe
  C:\Windows\System\BPozjLx.exe
  2⤵
  PID:4172
- C:\Windows\System\iaTPpUW.exe
  C:\Windows\System\iaTPpUW.exe
  2⤵
  PID:3216
- C:\Windows\System\bLwXHUA.exe
  C:\Windows\System\bLwXHUA.exe
  2⤵
  PID:4316
- C:\Windows\System\nkZPefB.exe
  C:\Windows\System\nkZPefB.exe
  2⤵
  PID:4460
- C:\Windows\System\ThZGpTR.exe
  C:\Windows\System\ThZGpTR.exe
  2⤵
  PID:4412
- C:\Windows\System\LdbFjhN.exe
  C:\Windows\System\LdbFjhN.exe
  2⤵
  PID:4584
- C:\Windows\System\saqyGCp.exe
  C:\Windows\System\saqyGCp.exe
  2⤵
  PID:4492
- C:\Windows\System\PXVnwrF.exe
  C:\Windows\System\PXVnwrF.exe
  2⤵
  PID:4644
- C:\Windows\System\CQGOTIz.exe
  C:\Windows\System\CQGOTIz.exe
  2⤵
  PID:4892
- C:\Windows\System\PSPQeIK.exe
  C:\Windows\System\PSPQeIK.exe
  2⤵
  PID:4876
- C:\Windows\System\npNGLyX.exe
  C:\Windows\System\npNGLyX.exe
  2⤵
  PID:5056
- C:\Windows\System\mYaaVUI.exe
  C:\Windows\System\mYaaVUI.exe
  2⤵
  PID:4224
- C:\Windows\System\wwvXEMF.exe
  C:\Windows\System\wwvXEMF.exe
  2⤵
  PID:4340
- C:\Windows\System\PJIPsjk.exe
  C:\Windows\System\PJIPsjk.exe
  2⤵
  PID:4604
- C:\Windows\System\uJFiqcL.exe
  C:\Windows\System\uJFiqcL.exe
  2⤵
  PID:4680
- C:\Windows\System\efmPbsS.exe
  C:\Windows\System\efmPbsS.exe
  2⤵
  PID:4816
- C:\Windows\System\wRlFYfU.exe
  C:\Windows\System\wRlFYfU.exe
  2⤵
  PID:4844
- C:\Windows\System\EhmWjYI.exe
  C:\Windows\System\EhmWjYI.exe
  2⤵
  PID:4860
- C:\Windows\System\LDHYDJQ.exe
  C:\Windows\System\LDHYDJQ.exe
  2⤵
  PID:4936
- C:\Windows\System\EkzlbOt.exe
  C:\Windows\System\EkzlbOt.exe
  2⤵
  PID:4916
- C:\Windows\System\yLvCMmL.exe
  C:\Windows\System\yLvCMmL.exe
  2⤵
  PID:5052
- C:\Windows\System\iktzcur.exe
  C:\Windows\System\iktzcur.exe
  2⤵
  PID:4952
- C:\Windows\System\xTlgglK.exe
  C:\Windows\System\xTlgglK.exe
  2⤵
  PID:5004
- C:\Windows\System\wxHefGm.exe
  C:\Windows\System\wxHefGm.exe
  2⤵
  PID:4432
- C:\Windows\System\dksKUeT.exe
  C:\Windows\System\dksKUeT.exe
  2⤵
  PID:4344
- C:\Windows\System\kchqjOe.exe
  C:\Windows\System\kchqjOe.exe
  2⤵
  PID:4736
- C:\Windows\System\CnOjHGN.exe
  C:\Windows\System\CnOjHGN.exe
  2⤵
  PID:5048
- C:\Windows\System\abSjHiv.exe
  C:\Windows\System\abSjHiv.exe
  2⤵
  PID:3264
- C:\Windows\System\WbOBlOd.exe
  C:\Windows\System\WbOBlOd.exe
  2⤵
  PID:3988
- C:\Windows\System\FzIiGfw.exe
  C:\Windows\System\FzIiGfw.exe
  2⤵
  PID:4568
- C:\Windows\System\GVhQjVc.exe
  C:\Windows\System\GVhQjVc.exe
  2⤵
  PID:4376
- C:\Windows\System\bKrNXsK.exe
  C:\Windows\System\bKrNXsK.exe
  2⤵
  PID:3716
- C:\Windows\System\ZdbTzhP.exe
  C:\Windows\System\ZdbTzhP.exe
  2⤵
  PID:4280
- C:\Windows\System\ZzbPfYj.exe
  C:\Windows\System\ZzbPfYj.exe
  2⤵
  PID:4632
- C:\Windows\System\ZZdtOrS.exe
  C:\Windows\System\ZZdtOrS.exe
  2⤵
  PID:5076
- C:\Windows\System\UlIpByD.exe
  C:\Windows\System\UlIpByD.exe
  2⤵
  PID:4128
- C:\Windows\System\lnrRCor.exe
  C:\Windows\System\lnrRCor.exe
  2⤵
  PID:2696
- C:\Windows\System\UdfANvn.exe
  C:\Windows\System\UdfANvn.exe
  2⤵
  PID:4380
- C:\Windows\System\iveGpus.exe
  C:\Windows\System\iveGpus.exe
  2⤵
  PID:4920
- C:\Windows\System\ocSwRVG.exe
  C:\Windows\System\ocSwRVG.exe
  2⤵
  PID:4196
- C:\Windows\System\QDNbipI.exe
  C:\Windows\System\QDNbipI.exe
  2⤵
  PID:5144
- C:\Windows\System\zheohDI.exe
  C:\Windows\System\zheohDI.exe
  2⤵
  PID:5160
- C:\Windows\System\KuayONY.exe
  C:\Windows\System\KuayONY.exe
  2⤵
  PID:5188
- C:\Windows\System\VfrCzei.exe
  C:\Windows\System\VfrCzei.exe
  2⤵
  PID:5208
- C:\Windows\System\lVQhtaY.exe
  C:\Windows\System\lVQhtaY.exe
  2⤵
  PID:5224
- C:\Windows\System\CpdWzJu.exe
  C:\Windows\System\CpdWzJu.exe
  2⤵
  PID:5252
- C:\Windows\System\XPCIFrh.exe
  C:\Windows\System\XPCIFrh.exe
  2⤵
  PID:5268
- C:\Windows\System\gEiGfVd.exe
  C:\Windows\System\gEiGfVd.exe
  2⤵
  PID:5288
- C:\Windows\System\DXTQvWD.exe
  C:\Windows\System\DXTQvWD.exe
  2⤵
  PID:5304
- C:\Windows\System\QKKgoQn.exe
  C:\Windows\System\QKKgoQn.exe
  2⤵
  PID:5320
- C:\Windows\System\XvjUuDP.exe
  C:\Windows\System\XvjUuDP.exe
  2⤵
  PID:5348
- C:\Windows\System\KFKxxMO.exe
  C:\Windows\System\KFKxxMO.exe
  2⤵
  PID:5368
- C:\Windows\System\yYaXoAh.exe
  C:\Windows\System\yYaXoAh.exe
  2⤵
  PID:5388
- C:\Windows\System\DpFwsJc.exe
  C:\Windows\System\DpFwsJc.exe
  2⤵
  PID:5408
- C:\Windows\System\oEpkqcM.exe
  C:\Windows\System\oEpkqcM.exe
  2⤵
  PID:5424
- C:\Windows\System\ARjpkbZ.exe
  C:\Windows\System\ARjpkbZ.exe
  2⤵
  PID:5440
- C:\Windows\System\DWgnIrk.exe
  C:\Windows\System\DWgnIrk.exe
  2⤵
  PID:5456
- C:\Windows\System\DjBvHhD.exe
  C:\Windows\System\DjBvHhD.exe
  2⤵
  PID:5472
- C:\Windows\System\bkuQZxM.exe
  C:\Windows\System\bkuQZxM.exe
  2⤵
  PID:5496
- C:\Windows\System\zhYHIIV.exe
  C:\Windows\System\zhYHIIV.exe
  2⤵
  PID:5512
- C:\Windows\System\ZhzrhSL.exe
  C:\Windows\System\ZhzrhSL.exe
  2⤵
  PID:5532
- C:\Windows\System\jGoWRsQ.exe
  C:\Windows\System\jGoWRsQ.exe
  2⤵
  PID:5568
- C:\Windows\System\PeBAoXk.exe
  C:\Windows\System\PeBAoXk.exe
  2⤵
  PID:5584
- C:\Windows\System\WfFfCUP.exe
  C:\Windows\System\WfFfCUP.exe
  2⤵
  PID:5608
- C:\Windows\System\qYDFIrH.exe
  C:\Windows\System\qYDFIrH.exe
  2⤵
  PID:5624
- C:\Windows\System\iEWBNzY.exe
  C:\Windows\System\iEWBNzY.exe
  2⤵
  PID:5644
- C:\Windows\System\wRgMxcT.exe
  C:\Windows\System\wRgMxcT.exe
  2⤵
  PID:5664
- C:\Windows\System\ZYDLzqo.exe
  C:\Windows\System\ZYDLzqo.exe
  2⤵
  PID:5684
- C:\Windows\System\jPtblIE.exe
  C:\Windows\System\jPtblIE.exe
  2⤵
  PID:5704
- C:\Windows\System\vTuBpsy.exe
  C:\Windows\System\vTuBpsy.exe
  2⤵
  PID:5736
- C:\Windows\System\rPPzHaX.exe
  C:\Windows\System\rPPzHaX.exe
  2⤵
  PID:5752
- C:\Windows\System\gxersWs.exe
  C:\Windows\System\gxersWs.exe
  2⤵
  PID:5776
- C:\Windows\System\ZoxXHqL.exe
  C:\Windows\System\ZoxXHqL.exe
  2⤵
  PID:5792
- C:\Windows\System\HOCVEaY.exe
  C:\Windows\System\HOCVEaY.exe
  2⤵
  PID:5812
- C:\Windows\System\fJdXAeR.exe
  C:\Windows\System\fJdXAeR.exe
  2⤵
  PID:5836
- C:\Windows\System\ZtVSsgY.exe
  C:\Windows\System\ZtVSsgY.exe
  2⤵
  PID:5852
- C:\Windows\System\BqRdPHN.exe
  C:\Windows\System\BqRdPHN.exe
  2⤵
  PID:5868
- C:\Windows\System\lGrgCsE.exe
  C:\Windows\System\lGrgCsE.exe
  2⤵
  PID:5896
- C:\Windows\System\WgmdYWx.exe
  C:\Windows\System\WgmdYWx.exe
  2⤵
  PID:5912
- C:\Windows\System\NsWjOOY.exe
  C:\Windows\System\NsWjOOY.exe
  2⤵
  PID:5928
- C:\Windows\System\wcfRGef.exe
  C:\Windows\System\wcfRGef.exe
  2⤵
  PID:5952
- C:\Windows\System\wtiaLWJ.exe
  C:\Windows\System\wtiaLWJ.exe
  2⤵
  PID:5968
- C:\Windows\System\TuiGSgc.exe
  C:\Windows\System\TuiGSgc.exe
  2⤵
  PID:5984
- C:\Windows\System\yFyjnzk.exe
  C:\Windows\System\yFyjnzk.exe
  2⤵
  PID:6004
- C:\Windows\System\RifEqSB.exe
  C:\Windows\System\RifEqSB.exe
  2⤵
  PID:6020
- C:\Windows\System\bCqQilQ.exe
  C:\Windows\System\bCqQilQ.exe
  2⤵
  PID:6036
- C:\Windows\System\BkUAFJg.exe
  C:\Windows\System\BkUAFJg.exe
  2⤵
  PID:6056
- C:\Windows\System\RjQVZtc.exe
  C:\Windows\System\RjQVZtc.exe
  2⤵
  PID:6076
- C:\Windows\System\hNaVQfV.exe
  C:\Windows\System\hNaVQfV.exe
  2⤵
  PID:6096
- C:\Windows\System\kScvUKu.exe
  C:\Windows\System\kScvUKu.exe
  2⤵
  PID:6112
- C:\Windows\System\MJmLGUC.exe
  C:\Windows\System\MJmLGUC.exe
  2⤵
  PID:6128
- C:\Windows\System\bXDiaiQ.exe
  C:\Windows\System\bXDiaiQ.exe
  2⤵
  PID:4264
- C:\Windows\System\aimnZxG.exe
  C:\Windows\System\aimnZxG.exe
  2⤵
  PID:5172
- C:\Windows\System\rvvNGte.exe
  C:\Windows\System\rvvNGte.exe
  2⤵
  PID:5216
- C:\Windows\System\IBFnXIb.exe
  C:\Windows\System\IBFnXIb.exe
  2⤵
  PID:5196
- C:\Windows\System\LUlypXs.exe
  C:\Windows\System\LUlypXs.exe
  2⤵
  PID:5260
- C:\Windows\System\yebiFJW.exe
  C:\Windows\System\yebiFJW.exe
  2⤵
  PID:5300
- C:\Windows\System\MgtOwHl.exe
  C:\Windows\System\MgtOwHl.exe
  2⤵
  PID:5332
- C:\Windows\System\hxdSDGR.exe
  C:\Windows\System\hxdSDGR.exe
  2⤵
  PID:5356
- C:\Windows\System\xPBZPwU.exe
  C:\Windows\System\xPBZPwU.exe
  2⤵
  PID:5384
- C:\Windows\System\uNRKcYl.exe
  C:\Windows\System\uNRKcYl.exe
  2⤵
  PID:5452
- C:\Windows\System\UibnViN.exe
  C:\Windows\System\UibnViN.exe
  2⤵
  PID:5396
- C:\Windows\System\atYWEUF.exe
  C:\Windows\System\atYWEUF.exe
  2⤵
  PID:5504
- C:\Windows\System\XlNZAbd.exe
  C:\Windows\System\XlNZAbd.exe
  2⤵
  PID:5528
- C:\Windows\System\AQHJVLk.exe
  C:\Windows\System\AQHJVLk.exe
  2⤵
  PID:5548
- C:\Windows\System\AunLyXI.exe
  C:\Windows\System\AunLyXI.exe
  2⤵
  PID:5592
- C:\Windows\System\xOryExo.exe
  C:\Windows\System\xOryExo.exe
  2⤵
  PID:5600
- C:\Windows\System\uAkxsMd.exe
  C:\Windows\System\uAkxsMd.exe
  2⤵
  PID:5636
- C:\Windows\System\Bedtndo.exe
  C:\Windows\System\Bedtndo.exe
  2⤵
  PID:5700
- C:\Windows\System\mvyTsNe.exe
  C:\Windows\System\mvyTsNe.exe
  2⤵
  PID:5176
- C:\Windows\System\qdnVURY.exe
  C:\Windows\System\qdnVURY.exe
  2⤵
  PID:5728
- C:\Windows\System\vNbcjzN.exe
  C:\Windows\System\vNbcjzN.exe
  2⤵
  PID:5760
- C:\Windows\System\vqSaKhw.exe
  C:\Windows\System\vqSaKhw.exe
  2⤵
  PID:2856
- C:\Windows\System\ctVJEGR.exe
  C:\Windows\System\ctVJEGR.exe
  2⤵
  PID:5804
- C:\Windows\System\tIsebsv.exe
  C:\Windows\System\tIsebsv.exe
  2⤵
  PID:5824
- C:\Windows\System\ghovdOG.exe
  C:\Windows\System\ghovdOG.exe
  2⤵
  PID:5888
- C:\Windows\System\rQvlBxh.exe
  C:\Windows\System\rQvlBxh.exe
  2⤵
  PID:5936
- C:\Windows\System\QbGnHef.exe
  C:\Windows\System\QbGnHef.exe
  2⤵
  PID:5980
- C:\Windows\System\RxFgVqZ.exe
  C:\Windows\System\RxFgVqZ.exe
  2⤵
  PID:6044
- C:\Windows\System\jNapFFv.exe
  C:\Windows\System\jNapFFv.exe
  2⤵
  PID:6120
- C:\Windows\System\BlUWoXp.exe
  C:\Windows\System\BlUWoXp.exe
  2⤵
  PID:5920
- C:\Windows\System\YZWTaLV.exe
  C:\Windows\System\YZWTaLV.exe
  2⤵
  PID:5996
- C:\Windows\System\ZPqVZQK.exe
  C:\Windows\System\ZPqVZQK.exe
  2⤵
  PID:5152
- C:\Windows\System\xxqhRFk.exe
  C:\Windows\System\xxqhRFk.exe
  2⤵
  PID:5200
- C:\Windows\System\seTeARt.exe
  C:\Windows\System\seTeARt.exe
  2⤵
  PID:6068
- C:\Windows\System\roSLYNH.exe
  C:\Windows\System\roSLYNH.exe
  2⤵
  PID:6108
- C:\Windows\System\EtZEgSI.exe
  C:\Windows\System\EtZEgSI.exe
  2⤵
  PID:5124
- C:\Windows\System\eonWBcO.exe
  C:\Windows\System\eonWBcO.exe
  2⤵
  PID:5136
- C:\Windows\System\ukLqjEP.exe
  C:\Windows\System\ukLqjEP.exe
  2⤵
  PID:5464
- C:\Windows\System\ITPiCiv.exe
  C:\Windows\System\ITPiCiv.exe
  2⤵
  PID:5544
- C:\Windows\System\OqChluO.exe
  C:\Windows\System\OqChluO.exe
  2⤵
  PID:5616
- C:\Windows\System\VoEJcQl.exe
  C:\Windows\System\VoEJcQl.exe
  2⤵
  PID:5244
- C:\Windows\System\eGlDmGF.exe
  C:\Windows\System\eGlDmGF.exe
  2⤵
  PID:5692
- C:\Windows\System\rEWaaPy.exe
  C:\Windows\System\rEWaaPy.exe
  2⤵
  PID:5328
- C:\Windows\System\NaWLUJm.exe
  C:\Windows\System\NaWLUJm.exe
  2⤵
  PID:2692
- C:\Windows\System\tXDIBXm.exe
  C:\Windows\System\tXDIBXm.exe
  2⤵
  PID:5484
- C:\Windows\System\PyxJtGv.exe
  C:\Windows\System\PyxJtGv.exe
  2⤵
  PID:5560
- C:\Windows\System\eAYsjTz.exe
  C:\Windows\System\eAYsjTz.exe
  2⤵
  PID:5632
- C:\Windows\System\OVLBYnH.exe
  C:\Windows\System\OVLBYnH.exe
  2⤵
  PID:1740
- C:\Windows\System\uKMdQLu.exe
  C:\Windows\System\uKMdQLu.exe
  2⤵
  PID:2748
- C:\Windows\System\puRNKJF.exe
  C:\Windows\System\puRNKJF.exe
  2⤵
  PID:5832
- C:\Windows\System\HRrdJLH.exe
  C:\Windows\System\HRrdJLH.exe
  2⤵
  PID:5844
- C:\Windows\System\naijnwn.exe
  C:\Windows\System\naijnwn.exe
  2⤵
  PID:5908
- C:\Windows\System\oRTgHlV.exe
  C:\Windows\System\oRTgHlV.exe
  2⤵
  PID:6016
- C:\Windows\System\EDfhXPO.exe
  C:\Windows\System\EDfhXPO.exe
  2⤵
  PID:6052
- C:\Windows\System\rzoILgn.exe
  C:\Windows\System\rzoILgn.exe
  2⤵
  PID:2608
- C:\Windows\System\zJmwLgs.exe
  C:\Windows\System\zJmwLgs.exe
  2⤵
  PID:3020
- C:\Windows\System\PFEebAc.exe
  C:\Windows\System\PFEebAc.exe
  2⤵
  PID:6072
- C:\Windows\System\omKJhFX.exe
  C:\Windows\System\omKJhFX.exe
  2⤵
  PID:5340
- C:\Windows\System\ooztmzw.exe
  C:\Windows\System\ooztmzw.exe
  2⤵
  PID:1660
- C:\Windows\System\wixPeof.exe
  C:\Windows\System\wixPeof.exe
  2⤵
  PID:5276
- C:\Windows\System\SNiJlux.exe
  C:\Windows\System\SNiJlux.exe
  2⤵
  PID:5656
- C:\Windows\System\CyIMzpt.exe
  C:\Windows\System\CyIMzpt.exe
  2⤵
  PID:5280
- C:\Windows\System\itibchT.exe
  C:\Windows\System\itibchT.exe
  2⤵
  PID:5960
- C:\Windows\System\jUzvqBN.exe
  C:\Windows\System\jUzvqBN.exe
  2⤵
  PID:5316
- C:\Windows\System\BAnTiFp.exe
  C:\Windows\System\BAnTiFp.exe
  2⤵
  PID:5712
- C:\Windows\System\YKuPYZs.exe
  C:\Windows\System\YKuPYZs.exe
  2⤵
  PID:5948
- C:\Windows\System\hTTykgQ.exe
  C:\Windows\System\hTTykgQ.exe
  2⤵
  PID:5104
- C:\Windows\System\Afwtviz.exe
  C:\Windows\System\Afwtviz.exe
  2⤵
  PID:5380
- C:\Windows\System\zisjFQN.exe
  C:\Windows\System\zisjFQN.exe
  2⤵
  PID:6104
- C:\Windows\System\zKcmlzo.exe
  C:\Windows\System\zKcmlzo.exe
  2⤵
  PID:5520
- C:\Windows\System\JGbdFpg.exe
  C:\Windows\System\JGbdFpg.exe
  2⤵
  PID:6088
- C:\Windows\System\RrpgOrn.exe
  C:\Windows\System\RrpgOrn.exe
  2⤵
  PID:5184
- C:\Windows\System\wTOlIKN.exe
  C:\Windows\System\wTOlIKN.exe
  2⤵
  PID:5992
- C:\Windows\System\yZWNPXU.exe
  C:\Windows\System\yZWNPXU.exe
  2⤵
  PID:5680
- C:\Windows\System\NDHqvzX.exe
  C:\Windows\System\NDHqvzX.exe
  2⤵
  PID:5904
- C:\Windows\System\kJJBftG.exe
  C:\Windows\System\kJJBftG.exe
  2⤵
  PID:2952
- C:\Windows\System\OMNSweW.exe
  C:\Windows\System\OMNSweW.exe
  2⤵
  PID:5864
- C:\Windows\System\pcyIqyU.exe
  C:\Windows\System\pcyIqyU.exe
  2⤵
  PID:272
- C:\Windows\System\YhHtHjV.exe
  C:\Windows\System\YhHtHjV.exe
  2⤵
  PID:5128
- C:\Windows\System\dNNmsLD.exe
  C:\Windows\System\dNNmsLD.exe
  2⤵
  PID:4156
- C:\Windows\System\IvMDypl.exe
  C:\Windows\System\IvMDypl.exe
  2⤵
  PID:5604
- C:\Windows\System\sYBDmTd.exe
  C:\Windows\System\sYBDmTd.exe
  2⤵
  PID:5800
- C:\Windows\System\qplgrPs.exe
  C:\Windows\System\qplgrPs.exe
  2⤵
  PID:5540
- C:\Windows\System\vaXAPbT.exe
  C:\Windows\System\vaXAPbT.exe
  2⤵
  PID:1012
- C:\Windows\System\OVNDpfg.exe
  C:\Windows\System\OVNDpfg.exe
  2⤵
  PID:6156
- C:\Windows\System\HhuokfQ.exe
  C:\Windows\System\HhuokfQ.exe
  2⤵
  PID:6172
- C:\Windows\System\OGXRoYL.exe
  C:\Windows\System\OGXRoYL.exe
  2⤵
  PID:6188
- C:\Windows\System\TROhPbe.exe
  C:\Windows\System\TROhPbe.exe
  2⤵
  PID:6204
- C:\Windows\System\UDJsFvr.exe
  C:\Windows\System\UDJsFvr.exe
  2⤵
  PID:6220
- C:\Windows\System\eFsNlCr.exe
  C:\Windows\System\eFsNlCr.exe
  2⤵
  PID:6236
- C:\Windows\System\lhEiMYw.exe
  C:\Windows\System\lhEiMYw.exe
  2⤵
  PID:6252
- C:\Windows\System\xksBcHf.exe
  C:\Windows\System\xksBcHf.exe
  2⤵
  PID:6268
- C:\Windows\System\aNuVsFD.exe
  C:\Windows\System\aNuVsFD.exe
  2⤵
  PID:6284
- C:\Windows\System\ozlCNBZ.exe
  C:\Windows\System\ozlCNBZ.exe
  2⤵
  PID:6300
- C:\Windows\System\bVZWQJZ.exe
  C:\Windows\System\bVZWQJZ.exe
  2⤵
  PID:6400
- C:\Windows\System\gZofLpL.exe
  C:\Windows\System\gZofLpL.exe
  2⤵
  PID:6424
- C:\Windows\System\ZDMlHqE.exe
  C:\Windows\System\ZDMlHqE.exe
  2⤵
  PID:6440
- C:\Windows\System\aZWbUsb.exe
  C:\Windows\System\aZWbUsb.exe
  2⤵
  PID:6460
- C:\Windows\System\OJtzqLc.exe
  C:\Windows\System\OJtzqLc.exe
  2⤵
  PID:6476
- C:\Windows\System\PKHjQZJ.exe
  C:\Windows\System\PKHjQZJ.exe
  2⤵
  PID:6540
- C:\Windows\System\WyrtySN.exe
  C:\Windows\System\WyrtySN.exe
  2⤵
  PID:6556
- C:\Windows\System\zrdFZvX.exe
  C:\Windows\System\zrdFZvX.exe
  2⤵
  PID:6572
- C:\Windows\System\kwwynJT.exe
  C:\Windows\System\kwwynJT.exe
  2⤵
  PID:6612
- C:\Windows\System\wyFnDew.exe
  C:\Windows\System\wyFnDew.exe
  2⤵
  PID:6636
- C:\Windows\System\bvUppiz.exe
  C:\Windows\System\bvUppiz.exe
  2⤵
  PID:6660
- C:\Windows\System\iqfuizO.exe
  C:\Windows\System\iqfuizO.exe
  2⤵
  PID:6680
- C:\Windows\System\oAfUEBp.exe
  C:\Windows\System\oAfUEBp.exe
  2⤵
  PID:6700
- C:\Windows\System\EzlFBYy.exe
  C:\Windows\System\EzlFBYy.exe
  2⤵
  PID:6716
- C:\Windows\System\yJatRFA.exe
  C:\Windows\System\yJatRFA.exe
  2⤵
  PID:6736
- C:\Windows\System\qBCYFYa.exe
  C:\Windows\System\qBCYFYa.exe
  2⤵
  PID:6752
- C:\Windows\System\DwWFJxu.exe
  C:\Windows\System\DwWFJxu.exe
  2⤵
  PID:6780
- C:\Windows\System\KUZUVdw.exe
  C:\Windows\System\KUZUVdw.exe
  2⤵
  PID:6796
- C:\Windows\System\WaNHXWs.exe
  C:\Windows\System\WaNHXWs.exe
  2⤵
  PID:6820
- C:\Windows\System\PwRBQrn.exe
  C:\Windows\System\PwRBQrn.exe
  2⤵
  PID:6840
- C:\Windows\System\ZFkPrkx.exe
  C:\Windows\System\ZFkPrkx.exe
  2⤵
  PID:6856
- C:\Windows\System\bRFQSyM.exe
  C:\Windows\System\bRFQSyM.exe
  2⤵
  PID:6876
- C:\Windows\System\rZyaViV.exe
  C:\Windows\System\rZyaViV.exe
  2⤵
  PID:6892
- C:\Windows\System\UmTVaxH.exe
  C:\Windows\System\UmTVaxH.exe
  2⤵
  PID:6908
- C:\Windows\System\oaFRXJK.exe
  C:\Windows\System\oaFRXJK.exe
  2⤵
  PID:6924
- C:\Windows\System\bErQReu.exe
  C:\Windows\System\bErQReu.exe
  2⤵
  PID:6940
- C:\Windows\System\uShFPld.exe
  C:\Windows\System\uShFPld.exe
  2⤵
  PID:6956
- C:\Windows\System\UYhAPwr.exe
  C:\Windows\System\UYhAPwr.exe
  2⤵
  PID:6972
- C:\Windows\System\mSOXoZz.exe
  C:\Windows\System\mSOXoZz.exe
  2⤵
  PID:6988
- C:\Windows\System\xqCwvic.exe
  C:\Windows\System\xqCwvic.exe
  2⤵
  PID:7004
- C:\Windows\System\PixBDNN.exe
  C:\Windows\System\PixBDNN.exe
  2⤵
  PID:7048
- C:\Windows\System\DuUMwiV.exe
  C:\Windows\System\DuUMwiV.exe
  2⤵
  PID:7084
- C:\Windows\System\qyXZxRZ.exe
  C:\Windows\System\qyXZxRZ.exe
  2⤵
  PID:7100
- C:\Windows\System\hqprNbA.exe
  C:\Windows\System\hqprNbA.exe
  2⤵
  PID:7116
- C:\Windows\System\qvPvFkg.exe
  C:\Windows\System\qvPvFkg.exe
  2⤵
  PID:7132
- C:\Windows\System\sYoCcAn.exe
  C:\Windows\System\sYoCcAn.exe
  2⤵
  PID:7148
- C:\Windows\System\vvFXlpZ.exe
  C:\Windows\System\vvFXlpZ.exe
  2⤵
  PID:7164
- C:\Windows\System\yeeNHtt.exe
  C:\Windows\System\yeeNHtt.exe
  2⤵
  PID:5404
- C:\Windows\System\vjQkEOZ.exe
  C:\Windows\System\vjQkEOZ.exe
  2⤵
  PID:6148
- C:\Windows\System\EpmfjXN.exe
  C:\Windows\System\EpmfjXN.exe
  2⤵
  PID:6168
- C:\Windows\System\Ihjlyox.exe
  C:\Windows\System\Ihjlyox.exe
  2⤵
  PID:6184
- C:\Windows\System\piuXYiQ.exe
  C:\Windows\System\piuXYiQ.exe
  2⤵
  PID:6228
- C:\Windows\System\WsCHlEo.exe
  C:\Windows\System\WsCHlEo.exe
  2⤵
  PID:6260
- C:\Windows\System\cSiztGo.exe
  C:\Windows\System\cSiztGo.exe
  2⤵
  PID:6276
- C:\Windows\System\ZsFiSZw.exe
  C:\Windows\System\ZsFiSZw.exe
  2⤵
  PID:6412
- C:\Windows\System\QSGXyZV.exe
  C:\Windows\System\QSGXyZV.exe
  2⤵
  PID:6328
- C:\Windows\System\OkWjjLb.exe
  C:\Windows\System\OkWjjLb.exe
  2⤵
  PID:6344
- C:\Windows\System\SYxvdyS.exe
  C:\Windows\System\SYxvdyS.exe
  2⤵
  PID:6312
- C:\Windows\System\uxquXiv.exe
  C:\Windows\System\uxquXiv.exe
  2⤵
  PID:6372
- C:\Windows\System\RIEfOGF.exe
  C:\Windows\System\RIEfOGF.exe
  2⤵
  PID:6388
- C:\Windows\System\kHPAfaC.exe
  C:\Windows\System\kHPAfaC.exe
  2⤵
  PID:6496
- C:\Windows\System\ltNvJhQ.exe
  C:\Windows\System\ltNvJhQ.exe
  2⤵
  PID:6504
- C:\Windows\System\SiVuTOW.exe
  C:\Windows\System\SiVuTOW.exe
  2⤵
  PID:6528
- C:\Windows\System\VUKuCcI.exe
  C:\Windows\System\VUKuCcI.exe
  2⤵
  PID:6468
- C:\Windows\System\tVojRpi.exe
  C:\Windows\System\tVojRpi.exe
  2⤵
  PID:6580
- C:\Windows\System\XQTzkiD.exe
  C:\Windows\System\XQTzkiD.exe
  2⤵
  PID:6632
- C:\Windows\System\NwkPIlr.exe
  C:\Windows\System\NwkPIlr.exe
  2⤵
  PID:6600
- C:\Windows\System\tdyxpsA.exe
  C:\Windows\System\tdyxpsA.exe
  2⤵
  PID:6668
- C:\Windows\System\yTCQJfh.exe
  C:\Windows\System\yTCQJfh.exe
  2⤵
  PID:1168
- C:\Windows\System\oYITyvx.exe
  C:\Windows\System\oYITyvx.exe
  2⤵
  PID:6692
- C:\Windows\System\GSPmXbl.exe
  C:\Windows\System\GSPmXbl.exe
  2⤵
  PID:6724
- C:\Windows\System\XVeaTzO.exe
  C:\Windows\System\XVeaTzO.exe
  2⤵
  PID:6816
- C:\Windows\System\WooGyGO.exe
  C:\Windows\System\WooGyGO.exe
  2⤵
  PID:6832
- C:\Windows\System\jinGBsU.exe
  C:\Windows\System\jinGBsU.exe
  2⤵
  PID:6848
- C:\Windows\System\AHEzbxu.exe
  C:\Windows\System\AHEzbxu.exe
  2⤵
  PID:448
- C:\Windows\System\frGuiED.exe
  C:\Windows\System\frGuiED.exe
  2⤵
  PID:6984
- C:\Windows\System\DPghUzh.exe
  C:\Windows\System\DPghUzh.exe
  2⤵
  PID:6900
- C:\Windows\System\RqMQozP.exe
  C:\Windows\System\RqMQozP.exe
  2⤵
  PID:6996
- C:\Windows\System\XDdBxKx.exe
  C:\Windows\System\XDdBxKx.exe
  2⤵
  PID:6952
- C:\Windows\System\dgJEIfn.exe
  C:\Windows\System\dgJEIfn.exe
  2⤵
  PID:7072
- C:\Windows\System\SDDthpD.exe
  C:\Windows\System\SDDthpD.exe
  2⤵
  PID:892
- C:\Windows\System\YjfsgoG.exe
  C:\Windows\System\YjfsgoG.exe
  2⤵
  PID:7112
- C:\Windows\System\eiUkgLI.exe
  C:\Windows\System\eiUkgLI.exe
  2⤵
  PID:6152
- C:\Windows\System\iehCQjJ.exe
  C:\Windows\System\iehCQjJ.exe
  2⤵
  PID:2136
- C:\Windows\System\kLXtbvu.exe
  C:\Windows\System\kLXtbvu.exe
  2⤵
  PID:6244
- C:\Windows\System\NFhDXrt.exe
  C:\Windows\System\NFhDXrt.exe
  2⤵
  PID:6352
- C:\Windows\System\IRuuZoH.exe
  C:\Windows\System\IRuuZoH.exe
  2⤵
  PID:6384
- C:\Windows\System\VxfuHaX.exe
  C:\Windows\System\VxfuHaX.exe
  2⤵
  PID:6564
- C:\Windows\System\QqurfpE.exe
  C:\Windows\System\QqurfpE.exe
  2⤵
  PID:6628
- C:\Windows\System\ZnwQrsM.exe
  C:\Windows\System\ZnwQrsM.exe
  2⤵
  PID:7156
- C:\Windows\System\ahWdcmf.exe
  C:\Windows\System\ahWdcmf.exe
  2⤵
  PID:2240
- C:\Windows\System\mHZHENk.exe
  C:\Windows\System\mHZHENk.exe
  2⤵
  PID:6336
- C:\Windows\System\DbeyLJQ.exe
  C:\Windows\System\DbeyLJQ.exe
  2⤵
  PID:6396
- C:\Windows\System\izsfvRu.exe
  C:\Windows\System\izsfvRu.exe
  2⤵
  PID:6520
- C:\Windows\System\bQOCjab.exe
  C:\Windows\System\bQOCjab.exe
  2⤵
  PID:6552
- C:\Windows\System\NSAztbR.exe
  C:\Windows\System\NSAztbR.exe
  2⤵
  PID:6596
- C:\Windows\System\mNCMuVx.exe
  C:\Windows\System\mNCMuVx.exe
  2⤵
  PID:6776
- C:\Windows\System\QgtOTVk.exe
  C:\Windows\System\QgtOTVk.exe
  2⤵
  PID:6788
- C:\Windows\System\HLulXDi.exe
  C:\Windows\System\HLulXDi.exe
  2⤵
  PID:2504
- C:\Windows\System\fetQyKY.exe
  C:\Windows\System\fetQyKY.exe
  2⤵
  PID:7060
- C:\Windows\System\PclGsJM.exe
  C:\Windows\System\PclGsJM.exe
  2⤵
  PID:7016
- C:\Windows\System\mUqaSzE.exe
  C:\Windows\System\mUqaSzE.exe
  2⤵
  PID:2588
- C:\Windows\System\HvFJhet.exe
  C:\Windows\System\HvFJhet.exe
  2⤵
  PID:6920
- C:\Windows\System\IQxzJxe.exe
  C:\Windows\System\IQxzJxe.exe
  2⤵
  PID:7044
- C:\Windows\System\ZLtmkxY.exe
  C:\Windows\System\ZLtmkxY.exe
  2⤵
  PID:1032
- C:\Windows\System\feEpSkc.exe
  C:\Windows\System\feEpSkc.exe
  2⤵
  PID:7020
- C:\Windows\System\hcryGvM.exe
  C:\Windows\System\hcryGvM.exe
  2⤵
  PID:6420
- C:\Windows\System\wEsweue.exe
  C:\Windows\System\wEsweue.exe
  2⤵
  PID:6164
- C:\Windows\System\RThipHs.exe
  C:\Windows\System\RThipHs.exe
  2⤵
  PID:6248
- C:\Windows\System\TYiAMLn.exe
  C:\Windows\System\TYiAMLn.exe
  2⤵
  PID:6456
- C:\Windows\System\BRUJbna.exe
  C:\Windows\System\BRUJbna.exe
  2⤵
  PID:2080
- C:\Windows\System\XrbUrLf.exe
  C:\Windows\System\XrbUrLf.exe
  2⤵
  PID:6620
- C:\Windows\System\PwlDUqB.exe
  C:\Windows\System\PwlDUqB.exe
  2⤵
  PID:6408
- C:\Windows\System\NcJMfJB.exe
  C:\Windows\System\NcJMfJB.exe
  2⤵
  PID:6588
- C:\Windows\System\GvGBPem.exe
  C:\Windows\System\GvGBPem.exe
  2⤵
  PID:6368
- C:\Windows\System\pYxGHWJ.exe
  C:\Windows\System\pYxGHWJ.exe
  2⤵
  PID:5848
- C:\Windows\System\lzpEmdf.exe
  C:\Windows\System\lzpEmdf.exe
  2⤵
  PID:6608
- C:\Windows\System\HJRosEF.exe
  C:\Windows\System\HJRosEF.exe
  2⤵
  PID:6728
- C:\Windows\System\pcgPoFT.exe
  C:\Windows\System\pcgPoFT.exe
  2⤵
  PID:1820
- C:\Windows\System\zSRHmaF.exe
  C:\Windows\System\zSRHmaF.exe
  2⤵
  PID:7028
- C:\Windows\System\BbdJsir.exe
  C:\Windows\System\BbdJsir.exe
  2⤵
  PID:7032
- C:\Windows\System\Tcuzzpb.exe
  C:\Windows\System\Tcuzzpb.exe
  2⤵
  PID:2500
- C:\Windows\System\uXwGYcL.exe
  C:\Windows\System\uXwGYcL.exe
  2⤵
  PID:7068
- C:\Windows\System\tntovbH.exe
  C:\Windows\System\tntovbH.exe
  2⤵
  PID:2584
- C:\Windows\System\vhBHZOQ.exe
  C:\Windows\System\vhBHZOQ.exe
  2⤵
  PID:6064
- C:\Windows\System\zTvekLf.exe
  C:\Windows\System\zTvekLf.exe
  2⤵
  PID:6296
- C:\Windows\System\yDdNGrn.exe
  C:\Windows\System\yDdNGrn.exe
  2⤵
  PID:6416
- C:\Windows\System\CngOZde.exe
  C:\Windows\System\CngOZde.exe
  2⤵
  PID:6516
- C:\Windows\System\AtoUPtf.exe
  C:\Windows\System\AtoUPtf.exe
  2⤵
  PID:6792
- C:\Windows\System\nGNriPx.exe
  C:\Windows\System\nGNriPx.exe
  2⤵
  PID:6324
- C:\Windows\System\fscoIqc.exe
  C:\Windows\System\fscoIqc.exe
  2⤵
  PID:6852
- C:\Windows\System\bRDxJfl.exe
  C:\Windows\System\bRDxJfl.exe
  2⤵
  PID:7036
- C:\Windows\System\iwWKiTM.exe
  C:\Windows\System\iwWKiTM.exe
  2⤵
  PID:1200
- C:\Windows\System\fAHQDbp.exe
  C:\Windows\System\fAHQDbp.exe
  2⤵
  PID:6872
- C:\Windows\System\wTADRVc.exe
  C:\Windows\System\wTADRVc.exe
  2⤵
  PID:2320
- C:\Windows\System\HETRPrS.exe
  C:\Windows\System\HETRPrS.exe
  2⤵
  PID:1860
- C:\Windows\System\NnnDplx.exe
  C:\Windows\System\NnnDplx.exe
  2⤵
  PID:3100
- C:\Windows\System\ljKvvVf.exe
  C:\Windows\System\ljKvvVf.exe
  2⤵
  PID:7064
- C:\Windows\System\wGeoGWP.exe
  C:\Windows\System\wGeoGWP.exe
  2⤵
  PID:7144
- C:\Windows\System\aZuaBZP.exe
  C:\Windows\System\aZuaBZP.exe
  2⤵
  PID:6548
- C:\Windows\System\boMriHU.exe
  C:\Windows\System\boMriHU.exe
  2⤵
  PID:6980
- C:\Windows\System\KUJeMSY.exe
  C:\Windows\System\KUJeMSY.exe
  2⤵
  PID:2476
- C:\Windows\System\jTGXacg.exe
  C:\Windows\System\jTGXacg.exe
  2⤵
  PID:6688
- C:\Windows\System\AoSUktG.exe
  C:\Windows\System\AoSUktG.exe
  2⤵
  PID:2084
- C:\Windows\System\iTFSzyv.exe
  C:\Windows\System\iTFSzyv.exe
  2⤵
  PID:6764
- C:\Windows\System\iufApmM.exe
  C:\Windows\System\iufApmM.exe
  2⤵
  PID:644
- C:\Windows\System\LvmFGBO.exe
  C:\Windows\System\LvmFGBO.exe
  2⤵
  PID:5772
- C:\Windows\System\deWhmqg.exe
  C:\Windows\System\deWhmqg.exe
  2⤵
  PID:2304
- C:\Windows\System\qouLQJb.exe
  C:\Windows\System\qouLQJb.exe
  2⤵
  PID:2552
- C:\Windows\System\eguXcYN.exe
  C:\Windows\System\eguXcYN.exe
  2⤵
  PID:1608
- C:\Windows\System\RpNhchN.exe
  C:\Windows\System\RpNhchN.exe
  2⤵
  PID:6232
- C:\Windows\System\xtUqsga.exe
  C:\Windows\System\xtUqsga.exe
  2⤵
  PID:5248
- C:\Windows\System\VXfKXer.exe
  C:\Windows\System\VXfKXer.exe
  2⤵
  PID:1060
- C:\Windows\System\cFAcMZJ.exe
  C:\Windows\System\cFAcMZJ.exe
  2⤵
  PID:7180
- C:\Windows\System\eXKIfKp.exe
  C:\Windows\System\eXKIfKp.exe
  2⤵
  PID:7196
- C:\Windows\System\WZKmKrL.exe
  C:\Windows\System\WZKmKrL.exe
  2⤵
  PID:7212
- C:\Windows\System\DFlFCTY.exe
  C:\Windows\System\DFlFCTY.exe
  2⤵
  PID:7228
- C:\Windows\System\EUCzOHj.exe
  C:\Windows\System\EUCzOHj.exe
  2⤵
  PID:7244
- C:\Windows\System\KrqtNZD.exe
  C:\Windows\System\KrqtNZD.exe
  2⤵
  PID:7264
- C:\Windows\System\tkFwtsP.exe
  C:\Windows\System\tkFwtsP.exe
  2⤵
  PID:7284
- C:\Windows\System\GxfnpVH.exe
  C:\Windows\System\GxfnpVH.exe
  2⤵
  PID:7304
- C:\Windows\System\YecACPY.exe
  C:\Windows\System\YecACPY.exe
  2⤵
  PID:7324
- C:\Windows\System\gWiAjHQ.exe
  C:\Windows\System\gWiAjHQ.exe
  2⤵
  PID:7348
- C:\Windows\System\rfkEZfx.exe
  C:\Windows\System\rfkEZfx.exe
  2⤵
  PID:7388
- C:\Windows\System\OckyURg.exe
  C:\Windows\System\OckyURg.exe
  2⤵
  PID:7404
- C:\Windows\System\WBHLRlO.exe
  C:\Windows\System\WBHLRlO.exe
  2⤵
  PID:7420
- C:\Windows\System\RUKIPsu.exe
  C:\Windows\System\RUKIPsu.exe
  2⤵
  PID:7440
- C:\Windows\System\dPkCCrM.exe
  C:\Windows\System\dPkCCrM.exe
  2⤵
  PID:7456
- C:\Windows\System\ioqYyLi.exe
  C:\Windows\System\ioqYyLi.exe
  2⤵
  PID:7472
- C:\Windows\System\gaGeXDx.exe
  C:\Windows\System\gaGeXDx.exe
  2⤵
  PID:7504
- C:\Windows\System\BUHVbmo.exe
  C:\Windows\System\BUHVbmo.exe
  2⤵
  PID:7520
- C:\Windows\System\jNwCZfu.exe
  C:\Windows\System\jNwCZfu.exe
  2⤵
  PID:7536
- C:\Windows\System\yROblZh.exe
  C:\Windows\System\yROblZh.exe
  2⤵
  PID:7552
- C:\Windows\System\HhDUIhx.exe
  C:\Windows\System\HhDUIhx.exe
  2⤵
  PID:7588
- C:\Windows\System\UsffjTN.exe
  C:\Windows\System\UsffjTN.exe
  2⤵
  PID:7604
- C:\Windows\System\lmEZvcz.exe
  C:\Windows\System\lmEZvcz.exe
  2⤵
  PID:7620
- C:\Windows\System\zYTmTIT.exe
  C:\Windows\System\zYTmTIT.exe
  2⤵
  PID:7636
- C:\Windows\System\qjFKWAh.exe
  C:\Windows\System\qjFKWAh.exe
  2⤵
  PID:7672
- C:\Windows\System\lypjozV.exe
  C:\Windows\System\lypjozV.exe
  2⤵
  PID:7692
- C:\Windows\System\dZEBNPk.exe
  C:\Windows\System\dZEBNPk.exe
  2⤵
  PID:7708
- C:\Windows\System\brfvEyo.exe
  C:\Windows\System\brfvEyo.exe
  2⤵
  PID:7724
- C:\Windows\System\JuEDPOL.exe
  C:\Windows\System\JuEDPOL.exe
  2⤵
  PID:7740
- C:\Windows\System\WIsowvy.exe
  C:\Windows\System\WIsowvy.exe
  2⤵
  PID:7756
- C:\Windows\System\vWMWRJK.exe
  C:\Windows\System\vWMWRJK.exe
  2⤵
  PID:7772
- C:\Windows\System\RNwsnCC.exe
  C:\Windows\System\RNwsnCC.exe
  2⤵
  PID:7800
- C:\Windows\System\AAobStc.exe
  C:\Windows\System\AAobStc.exe
  2⤵
  PID:7820
- C:\Windows\System\sqVgRnb.exe
  C:\Windows\System\sqVgRnb.exe
  2⤵
  PID:7840
- C:\Windows\System\RdKKFyQ.exe
  C:\Windows\System\RdKKFyQ.exe
  2⤵
  PID:7864
- C:\Windows\System\AgKpbuv.exe
  C:\Windows\System\AgKpbuv.exe
  2⤵
  PID:7884
- C:\Windows\System\seZYfgs.exe
  C:\Windows\System\seZYfgs.exe
  2⤵
  PID:7900
- C:\Windows\System\ebjRTdD.exe
  C:\Windows\System\ebjRTdD.exe
  2⤵
  PID:7916
- C:\Windows\System\CspBsax.exe
  C:\Windows\System\CspBsax.exe
  2⤵
  PID:7932
- C:\Windows\System\fQqJHuv.exe
  C:\Windows\System\fQqJHuv.exe
  2⤵
  PID:7948
- C:\Windows\System\rftPqlf.exe
  C:\Windows\System\rftPqlf.exe
  2⤵
  PID:7964
- C:\Windows\System\DpbgoCG.exe
  C:\Windows\System\DpbgoCG.exe
  2⤵
  PID:7980
- C:\Windows\System\ydxhvHW.exe
  C:\Windows\System\ydxhvHW.exe
  2⤵
  PID:7996
- C:\Windows\System\sPBDuDo.exe
  C:\Windows\System\sPBDuDo.exe
  2⤵
  PID:8044
- C:\Windows\System\kSeEPbl.exe
  C:\Windows\System\kSeEPbl.exe
  2⤵
  PID:8068
- C:\Windows\System\actQsAH.exe
  C:\Windows\System\actQsAH.exe
  2⤵
  PID:8084
- C:\Windows\System\tUfOWnU.exe
  C:\Windows\System\tUfOWnU.exe
  2⤵
  PID:8104
- C:\Windows\System\tKztHKz.exe
  C:\Windows\System\tKztHKz.exe
  2⤵
  PID:8120
- C:\Windows\System\URjFvbQ.exe
  C:\Windows\System\URjFvbQ.exe
  2⤵
  PID:8140
- C:\Windows\System\dzbytOC.exe
  C:\Windows\System\dzbytOC.exe
  2⤵
  PID:8160
- C:\Windows\System\lePSpPR.exe
  C:\Windows\System\lePSpPR.exe
  2⤵
  PID:8180
- C:\Windows\System\NrnDsbz.exe
  C:\Windows\System\NrnDsbz.exe
  2⤵
  PID:7204
- C:\Windows\System\SlOsEcC.exe
  C:\Windows\System\SlOsEcC.exe
  2⤵
  PID:7272
- C:\Windows\System\LYIdqOj.exe
  C:\Windows\System\LYIdqOj.exe
  2⤵
  PID:7108
- C:\Windows\System\OhZrwqG.exe
  C:\Windows\System\OhZrwqG.exe
  2⤵
  PID:7260
- C:\Windows\System\rMXTTdz.exe
  C:\Windows\System\rMXTTdz.exe
  2⤵
  PID:7332
- C:\Windows\System\zwzAJap.exe
  C:\Windows\System\zwzAJap.exe
  2⤵
  PID:7344
- C:\Windows\System\dgpkHat.exe
  C:\Windows\System\dgpkHat.exe
  2⤵
  PID:7356
- C:\Windows\System\biAZjqQ.exe
  C:\Windows\System\biAZjqQ.exe
  2⤵
  PID:7380
- C:\Windows\System\LcwnuRg.exe
  C:\Windows\System\LcwnuRg.exe
  2⤵
  PID:7412
- C:\Windows\System\liShhfO.exe
  C:\Windows\System\liShhfO.exe
  2⤵
  PID:7400
- C:\Windows\System\tQaYtzx.exe
  C:\Windows\System\tQaYtzx.exe
  2⤵
  PID:7492
- C:\Windows\System\WmwUGuF.exe
  C:\Windows\System\WmwUGuF.exe
  2⤵
  PID:7528
- C:\Windows\System\XvdZZBa.exe
  C:\Windows\System\XvdZZBa.exe
  2⤵
  PID:7464
- C:\Windows\System\TCQAKEh.exe
  C:\Windows\System\TCQAKEh.exe
  2⤵
  PID:7572
- C:\Windows\System\ewEKiyB.exe
  C:\Windows\System\ewEKiyB.exe
  2⤵
  PID:7616
- C:\Windows\System\SnEXqHB.exe
  C:\Windows\System\SnEXqHB.exe
  2⤵
  PID:7680
- C:\Windows\System\BWMOixu.exe
  C:\Windows\System\BWMOixu.exe
  2⤵
  PID:7684
- C:\Windows\System\QuTqVsE.exe
  C:\Windows\System\QuTqVsE.exe
  2⤵
  PID:7752
- C:\Windows\System\MpOxhjH.exe
  C:\Windows\System\MpOxhjH.exe
  2⤵
  PID:7700
- C:\Windows\System\XUKJoIr.exe
  C:\Windows\System\XUKJoIr.exe
  2⤵
  PID:7808
- C:\Windows\System\tYlybLx.exe
  C:\Windows\System\tYlybLx.exe
  2⤵
  PID:7856
- C:\Windows\System\wbMTbWa.exe
  C:\Windows\System\wbMTbWa.exe
  2⤵
  PID:7788
- C:\Windows\System\HaYRcIW.exe
  C:\Windows\System\HaYRcIW.exe
  2⤵
  PID:7836
- C:\Windows\System\TFFRzeo.exe
  C:\Windows\System\TFFRzeo.exe
  2⤵
  PID:7908
- C:\Windows\System\HWzkJNo.exe
  C:\Windows\System\HWzkJNo.exe
  2⤵
  PID:8012
- C:\Windows\System\xofWrGq.exe
  C:\Windows\System\xofWrGq.exe
  2⤵
  PID:7944
- C:\Windows\System\mAsYQEq.exe
  C:\Windows\System\mAsYQEq.exe
  2⤵
  PID:7988
- C:\Windows\System\MAmnIAM.exe
  C:\Windows\System\MAmnIAM.exe
  2⤵
  PID:8056
- C:\Windows\System\EoESHWX.exe
  C:\Windows\System\EoESHWX.exe
  2⤵
  PID:8096
- C:\Windows\System\qZZcLsq.exe
  C:\Windows\System\qZZcLsq.exe
  2⤵
  PID:8136
- C:\Windows\System\IKhvcoy.exe
  C:\Windows\System\IKhvcoy.exe
  2⤵
  PID:8148
- C:\Windows\System\vCVlrGi.exe
  C:\Windows\System\vCVlrGi.exe
  2⤵
  PID:8172
- C:\Windows\System\iJHvcXr.exe
  C:\Windows\System\iJHvcXr.exe
  2⤵
  PID:7240
- C:\Windows\System\akzLozT.exe
  C:\Windows\System\akzLozT.exe
  2⤵
  PID:7280
- C:\Windows\System\CCoOWxP.exe
  C:\Windows\System\CCoOWxP.exe
  2⤵
  PID:6280
- C:\Windows\System\CeLxoGz.exe
  C:\Windows\System\CeLxoGz.exe
  2⤵
  PID:7256
- C:\Windows\System\opSdXwo.exe
  C:\Windows\System\opSdXwo.exe
  2⤵
  PID:7252
- C:\Windows\System\UtKBLoz.exe
  C:\Windows\System\UtKBLoz.exe
  2⤵
  PID:7500
- C:\Windows\System\POekKZl.exe
  C:\Windows\System\POekKZl.exe
  2⤵
  PID:7628
- C:\Windows\System\mPVVJvv.exe
  C:\Windows\System\mPVVJvv.exe
  2⤵
  PID:2180
- C:\Windows\System\faUpGqe.exe
  C:\Windows\System\faUpGqe.exe
  2⤵
  PID:7544
- C:\Windows\System\FYhFiQH.exe
  C:\Windows\System\FYhFiQH.exe
  2⤵
  PID:7468
- C:\Windows\System\fzKCiWF.exe
  C:\Windows\System\fzKCiWF.exe
  2⤵
  PID:1560
- C:\Windows\System\yQlMJtA.exe
  C:\Windows\System\yQlMJtA.exe
  2⤵
  PID:7816
- C:\Windows\System\cohUZQw.exe
  C:\Windows\System\cohUZQw.exe
  2⤵
  PID:7832
- C:\Windows\System\BHAMoeU.exe
  C:\Windows\System\BHAMoeU.exe
  2⤵
  PID:7972
- C:\Windows\System\wPFtrBd.exe
  C:\Windows\System\wPFtrBd.exe
  2⤵
  PID:7876
- C:\Windows\System\tzBQyCj.exe
  C:\Windows\System\tzBQyCj.exe
  2⤵
  PID:7880
- C:\Windows\System\GJWJJOs.exe
  C:\Windows\System\GJWJJOs.exe
  2⤵
  PID:7976
- C:\Windows\System\PIVtWVW.exe
  C:\Windows\System\PIVtWVW.exe
  2⤵
  PID:7172
- C:\Windows\System\rbPFety.exe
  C:\Windows\System\rbPFety.exe
  2⤵
  PID:8040
- C:\Windows\System\DHJzkyd.exe
  C:\Windows\System\DHJzkyd.exe
  2⤵
  PID:8092
- C:\Windows\System\vDgvRte.exe
  C:\Windows\System\vDgvRte.exe
  2⤵
  PID:7320
- C:\Windows\System\oxlwExb.exe
  C:\Windows\System\oxlwExb.exe
  2⤵
  PID:7396
- C:\Windows\System\mEtWhHp.exe
  C:\Windows\System\mEtWhHp.exe
  2⤵
  PID:8116
- C:\Windows\System\YgEPrQB.exe
  C:\Windows\System\YgEPrQB.exe
  2⤵
  PID:7296
- C:\Windows\System\YsTLjil.exe
  C:\Windows\System\YsTLjil.exe
  2⤵
  PID:7560
- C:\Windows\System\oaTXgnf.exe
  C:\Windows\System\oaTXgnf.exe
  2⤵
  PID:7436
- C:\Windows\System\vQsKWEp.exe
  C:\Windows\System\vQsKWEp.exe
  2⤵
  PID:8080
- C:\Windows\System\hdDHuym.exe
  C:\Windows\System\hdDHuym.exe
  2⤵
  PID:7768
- C:\Windows\System\lIMTrok.exe
  C:\Windows\System\lIMTrok.exe
  2⤵
  PID:8128
- C:\Windows\System\QWoXZrt.exe
  C:\Windows\System\QWoXZrt.exe
  2⤵
  PID:7584
- C:\Windows\System\hxHEwyq.exe
  C:\Windows\System\hxHEwyq.exe
  2⤵
  PID:7736
- C:\Windows\System\QnRPreX.exe
  C:\Windows\System\QnRPreX.exe
  2⤵
  PID:8032
- C:\Windows\System\tXRKOTw.exe
  C:\Windows\System\tXRKOTw.exe
  2⤵
  PID:8036
- C:\Windows\System\TOZgQCp.exe
  C:\Windows\System\TOZgQCp.exe
  2⤵
  PID:7596
- C:\Windows\System\AUbRArx.exe
  C:\Windows\System\AUbRArx.exe
  2⤵
  PID:7632
- C:\Windows\System\uQFEpTj.exe
  C:\Windows\System\uQFEpTj.exe
  2⤵
  PID:7784
- C:\Windows\System\PXLdgZG.exe
  C:\Windows\System\PXLdgZG.exe
  2⤵
  PID:7368
- C:\Windows\System\UTZZDHh.exe
  C:\Windows\System\UTZZDHh.exe
  2⤵
  PID:1736
- C:\Windows\System\eoyqsTx.exe
  C:\Windows\System\eoyqsTx.exe
  2⤵
  PID:7652
- C:\Windows\System\RhjaGMi.exe
  C:\Windows\System\RhjaGMi.exe
  2⤵
  PID:7892
- C:\Windows\System\WVwDzKD.exe
  C:\Windows\System\WVwDzKD.exe
  2⤵
  PID:7452
- C:\Windows\System\idJbynU.exe
  C:\Windows\System\idJbynU.exe
  2⤵
  PID:7896
- C:\Windows\System\ioIoQbt.exe
  C:\Windows\System\ioIoQbt.exe
  2⤵
  PID:7748
- C:\Windows\System\OFLxYDO.exe
  C:\Windows\System\OFLxYDO.exe
  2⤵
  PID:7236
- C:\Windows\System\BjgMGWc.exe
  C:\Windows\System\BjgMGWc.exe
  2⤵
  PID:7488
- C:\Windows\System\iveWjcI.exe
  C:\Windows\System\iveWjcI.exe
  2⤵
  PID:7656
- C:\Windows\System\zpKaWOR.exe
  C:\Windows\System\zpKaWOR.exe
  2⤵
  PID:7828
- C:\Windows\System\mtPXXou.exe
  C:\Windows\System\mtPXXou.exe
  2⤵
  PID:5828
- C:\Windows\System\xfWKyaV.exe
  C:\Windows\System\xfWKyaV.exe
  2⤵
  PID:7224
- C:\Windows\System\GqXoNwu.exe
  C:\Windows\System\GqXoNwu.exe
  2⤵
  PID:1924
- C:\Windows\System\yTQxLRi.exe
  C:\Windows\System\yTQxLRi.exe
  2⤵
  PID:2452
- C:\Windows\System\YRuskgH.exe
  C:\Windows\System\YRuskgH.exe
  2⤵
  PID:8204
- C:\Windows\System\ljcqmXO.exe
  C:\Windows\System\ljcqmXO.exe
  2⤵
  PID:8224
- C:\Windows\System\NkJiWPY.exe
  C:\Windows\System\NkJiWPY.exe
  2⤵
  PID:8240
- C:\Windows\System\MceYQnm.exe
  C:\Windows\System\MceYQnm.exe
  2⤵
  PID:8260
- C:\Windows\System\cmmramT.exe
  C:\Windows\System\cmmramT.exe
  2⤵
  PID:8284
- C:\Windows\System\PtsBhkW.exe
  C:\Windows\System\PtsBhkW.exe
  2⤵
  PID:8308
- C:\Windows\System\qtSkeUa.exe
  C:\Windows\System\qtSkeUa.exe
  2⤵
  PID:8328
- C:\Windows\System\MYXwLxq.exe
  C:\Windows\System\MYXwLxq.exe
  2⤵
  PID:8352
- C:\Windows\System\lTfWuRh.exe
  C:\Windows\System\lTfWuRh.exe
  2⤵
  PID:8368
- C:\Windows\System\OYAlCjk.exe
  C:\Windows\System\OYAlCjk.exe
  2⤵
  PID:8400
- C:\Windows\System\rcxCcLX.exe
  C:\Windows\System\rcxCcLX.exe
  2⤵
  PID:8416
- C:\Windows\System\xRzUSlY.exe
  C:\Windows\System\xRzUSlY.exe
  2⤵
  PID:8436
- C:\Windows\System\uHwkOjy.exe
  C:\Windows\System\uHwkOjy.exe
  2⤵
  PID:8452
- C:\Windows\System\ziPxMoS.exe
  C:\Windows\System\ziPxMoS.exe
  2⤵
  PID:8468
- C:\Windows\System\igCMRZL.exe
  C:\Windows\System\igCMRZL.exe
  2⤵
  PID:8484
- C:\Windows\System\wAyGjgx.exe
  C:\Windows\System\wAyGjgx.exe
  2⤵
  PID:8500
- C:\Windows\System\NkOgAbN.exe
  C:\Windows\System\NkOgAbN.exe
  2⤵
  PID:8528
- C:\Windows\System\cwnGeJt.exe
  C:\Windows\System\cwnGeJt.exe
  2⤵
  PID:8548
- C:\Windows\System\JMJcZKN.exe
  C:\Windows\System\JMJcZKN.exe
  2⤵
  PID:8568
- C:\Windows\System\TdjDftm.exe
  C:\Windows\System\TdjDftm.exe
  2⤵
  PID:8584
- C:\Windows\System\uznOiXt.exe
  C:\Windows\System\uznOiXt.exe
  2⤵
  PID:8616
- C:\Windows\System\dVIxfHx.exe
  C:\Windows\System\dVIxfHx.exe
  2⤵
  PID:8632
- C:\Windows\System\wMWmhhY.exe
  C:\Windows\System\wMWmhhY.exe
  2⤵
  PID:8652
- C:\Windows\System\TiYoziC.exe
  C:\Windows\System\TiYoziC.exe
  2⤵
  PID:8680
- C:\Windows\System\bwmodoL.exe
  C:\Windows\System\bwmodoL.exe
  2⤵
  PID:8696
- C:\Windows\System\MOnIcPx.exe
  C:\Windows\System\MOnIcPx.exe
  2⤵
  PID:8712
- C:\Windows\System\SuYZYxf.exe
  C:\Windows\System\SuYZYxf.exe
  2⤵
  PID:8732
- C:\Windows\System\SagkEyU.exe
  C:\Windows\System\SagkEyU.exe
  2⤵
  PID:8752
- C:\Windows\System\RtocdMW.exe
  C:\Windows\System\RtocdMW.exe
  2⤵
  PID:8784
- C:\Windows\System\zMWRHBx.exe
  C:\Windows\System\zMWRHBx.exe
  2⤵
  PID:8800
- C:\Windows\System\lLhkpGJ.exe
  C:\Windows\System\lLhkpGJ.exe
  2⤵
  PID:8816
- C:\Windows\System\zjbigXN.exe
  C:\Windows\System\zjbigXN.exe
  2⤵
  PID:8832
- C:\Windows\System\CHdnvyC.exe
  C:\Windows\System\CHdnvyC.exe
  2⤵
  PID:8848
- C:\Windows\System\PiMFxlI.exe
  C:\Windows\System\PiMFxlI.exe
  2⤵
  PID:8864
- C:\Windows\System\cCfpYvG.exe
  C:\Windows\System\cCfpYvG.exe
  2⤵
  PID:8884
- C:\Windows\System\mNTzdyZ.exe
  C:\Windows\System\mNTzdyZ.exe
  2⤵
  PID:8900
- C:\Windows\System\vuUZyQM.exe
  C:\Windows\System\vuUZyQM.exe
  2⤵
  PID:8920
- C:\Windows\System\jyEBsur.exe
  C:\Windows\System\jyEBsur.exe
  2⤵
  PID:8936
- C:\Windows\System\SDDUySO.exe
  C:\Windows\System\SDDUySO.exe
  2⤵
  PID:8952
- C:\Windows\System\NYnhmiC.exe
  C:\Windows\System\NYnhmiC.exe
  2⤵
  PID:8968
- C:\Windows\System\shhWiZq.exe
  C:\Windows\System\shhWiZq.exe
  2⤵
  PID:8984
- C:\Windows\System\camflgo.exe
  C:\Windows\System\camflgo.exe
  2⤵
  PID:9000
- C:\Windows\System\TevRelg.exe
  C:\Windows\System\TevRelg.exe
  2⤵
  PID:9016
- C:\Windows\System\XFiUYiX.exe
  C:\Windows\System\XFiUYiX.exe
  2⤵
  PID:9032
- C:\Windows\System\UDwAjYv.exe
  C:\Windows\System\UDwAjYv.exe
  2⤵
  PID:9048
- C:\Windows\System\URPQgmq.exe
  C:\Windows\System\URPQgmq.exe
  2⤵
  PID:9064
- C:\Windows\System\fNgvJHZ.exe
  C:\Windows\System\fNgvJHZ.exe
  2⤵
  PID:9080
- C:\Windows\System\wDUZDtb.exe
  C:\Windows\System\wDUZDtb.exe
  2⤵
  PID:9096
- C:\Windows\System\IlrAWsS.exe
  C:\Windows\System\IlrAWsS.exe
  2⤵
  PID:9116
- C:\Windows\System\YbsjoHd.exe
  C:\Windows\System\YbsjoHd.exe
  2⤵
  PID:9132
- C:\Windows\System\yIYmCCc.exe
  C:\Windows\System\yIYmCCc.exe
  2⤵
  PID:9152
- C:\Windows\System\xpCXuIL.exe
  C:\Windows\System\xpCXuIL.exe
  2⤵
  PID:9168
- C:\Windows\System\QbIbvUv.exe
  C:\Windows\System\QbIbvUv.exe
  2⤵
  PID:9184
- C:\Windows\System\rzglNhi.exe
  C:\Windows\System\rzglNhi.exe
  2⤵
  PID:9200
- C:\Windows\System\NWjSzaL.exe
  C:\Windows\System\NWjSzaL.exe
  2⤵
  PID:8196
- C:\Windows\System\zjbJlUk.exe
  C:\Windows\System\zjbJlUk.exe
  2⤵
  PID:8236
- C:\Windows\System\EWVphIk.exe
  C:\Windows\System\EWVphIk.exe
  2⤵
  PID:8212
- C:\Windows\System\nHZJcIE.exe
  C:\Windows\System\nHZJcIE.exe
  2⤵
  PID:8156
- C:\Windows\System\dLZPCer.exe
  C:\Windows\System\dLZPCer.exe
  2⤵
  PID:8444
- C:\Windows\System\OdnsJRG.exe
  C:\Windows\System\OdnsJRG.exe
  2⤵
  PID:8512
- C:\Windows\System\TvAxniv.exe
  C:\Windows\System\TvAxniv.exe
  2⤵
  PID:8560
- C:\Windows\System\LbfJujh.exe
  C:\Windows\System\LbfJujh.exe
  2⤵
  PID:8428
- C:\Windows\System\LQjIcdS.exe
  C:\Windows\System\LQjIcdS.exe
  2⤵
  PID:8464
- C:\Windows\System\BQfiwWA.exe
  C:\Windows\System\BQfiwWA.exe
  2⤵
  PID:8580
- C:\Windows\System\yJZdngR.exe
  C:\Windows\System\yJZdngR.exe
  2⤵
  PID:8544
- C:\Windows\System\AREXnIy.exe
  C:\Windows\System\AREXnIy.exe
  2⤵
  PID:8644
- C:\Windows\System\GtjSbFB.exe
  C:\Windows\System\GtjSbFB.exe
  2⤵
  PID:8668
- C:\Windows\System\bzDTpXD.exe
  C:\Windows\System\bzDTpXD.exe
  2⤵
  PID:8720
- C:\Windows\System\JCVBHhe.exe
  C:\Windows\System\JCVBHhe.exe
  2⤵
  PID:8704
- C:\Windows\System\oqhkSPd.exe
  C:\Windows\System\oqhkSPd.exe
  2⤵
  PID:8764
- C:\Windows\System\obAIOZr.exe
  C:\Windows\System\obAIOZr.exe
  2⤵
  PID:8808
- C:\Windows\System\yYzVbsg.exe
  C:\Windows\System\yYzVbsg.exe
  2⤵
  PID:8828
- C:\Windows\System\xDXUbez.exe
  C:\Windows\System\xDXUbez.exe
  2⤵
  PID:8912
- C:\Windows\System\MIhNrSw.exe
  C:\Windows\System\MIhNrSw.exe
  2⤵
  PID:8944
- C:\Windows\System\IKqlToK.exe
  C:\Windows\System\IKqlToK.exe
  2⤵
  PID:8992
- C:\Windows\System\DOsrzLI.exe
  C:\Windows\System\DOsrzLI.exe
  2⤵
  PID:8932
- C:\Windows\System\RrkHLhI.exe
  C:\Windows\System\RrkHLhI.exe
  2⤵
  PID:9040
- C:\Windows\System\blVKFly.exe
  C:\Windows\System\blVKFly.exe
  2⤵
  PID:9060
- C:\Windows\System\VGsAlaY.exe
  C:\Windows\System\VGsAlaY.exe
  2⤵
  PID:9112
- C:\Windows\System\zGJWqhe.exe
  C:\Windows\System\zGJWqhe.exe
  2⤵
  PID:9176
- C:\Windows\System\OIDpBfo.exe
  C:\Windows\System\OIDpBfo.exe
  2⤵
  PID:9212
- C:\Windows\System\tgUCHnJ.exe
  C:\Windows\System\tgUCHnJ.exe
  2⤵
  PID:2908
- C:\Windows\System\PNwkWGO.exe
  C:\Windows\System\PNwkWGO.exe
  2⤵
  PID:8316
- C:\Windows\System\FJzdZGM.exe
  C:\Windows\System\FJzdZGM.exe
  2⤵
  PID:8280
- C:\Windows\System\jEugyCN.exe
  C:\Windows\System\jEugyCN.exe
  2⤵
  PID:8300
- C:\Windows\System\NboNtWi.exe
  C:\Windows\System\NboNtWi.exe
  2⤵
  PID:8360
- C:\Windows\System\sSOtoep.exe
  C:\Windows\System\sSOtoep.exe
  2⤵
  PID:8348
- C:\Windows\System\sFfbtxe.exe
  C:\Windows\System\sFfbtxe.exe
  2⤵
  PID:492
- C:\Windows\System\GmCnVrc.exe
  C:\Windows\System\GmCnVrc.exe
  2⤵
  PID:8596
- C:\Windows\System\cnOkaEi.exe
  C:\Windows\System\cnOkaEi.exe
  2⤵
  PID:8536
- C:\Windows\System\TMRsxSh.exe
  C:\Windows\System\TMRsxSh.exe
  2⤵
  PID:8424
- C:\Windows\System\HWratrE.exe
  C:\Windows\System\HWratrE.exe
  2⤵
  PID:8564
- C:\Windows\System\CiNvGnI.exe
  C:\Windows\System\CiNvGnI.exe
  2⤵
  PID:8780
- C:\Windows\System\iUUOxYI.exe
  C:\Windows\System\iUUOxYI.exe
  2⤵
  PID:8628
- C:\Windows\System\UDkpJiV.exe
  C:\Windows\System\UDkpJiV.exe
  2⤵
  PID:8692
- C:\Windows\System\cnQvXGC.exe
  C:\Windows\System\cnQvXGC.exe
  2⤵
  PID:8844
- C:\Windows\System\UVvGvdE.exe
  C:\Windows\System\UVvGvdE.exe
  2⤵
  PID:8880
- C:\Windows\System\uERQUPG.exe
  C:\Windows\System\uERQUPG.exe
  2⤵
  PID:8980
- C:\Windows\System\BCifrel.exe
  C:\Windows\System\BCifrel.exe
  2⤵
  PID:8896
- C:\Windows\System\ITMTCKj.exe
  C:\Windows\System\ITMTCKj.exe
  2⤵
  PID:9108
- C:\Windows\System\ddtcONh.exe
  C:\Windows\System\ddtcONh.exe
  2⤵
  PID:9180
- C:\Windows\System\HmQqNMT.exe
  C:\Windows\System\HmQqNMT.exe
  2⤵
  PID:9208
- C:\Windows\System\mmLUPBK.exe
  C:\Windows\System\mmLUPBK.exe
  2⤵
  PID:8324
- C:\Windows\System\fEMgAOK.exe
  C:\Windows\System\fEMgAOK.exe
  2⤵
  PID:8256
- C:\Windows\System\YePjasy.exe
  C:\Windows\System\YePjasy.exe
  2⤵
  PID:8388
- C:\Windows\System\QjJiNpz.exe
  C:\Windows\System\QjJiNpz.exe
  2⤵
  PID:8520
- C:\Windows\System\OjPdMQH.exe
  C:\Windows\System\OjPdMQH.exe
  2⤵
  PID:8772
- C:\Windows\System\DfIjPlK.exe
  C:\Windows\System\DfIjPlK.exe
  2⤵
  PID:332
- C:\Windows\System\bDYOumr.exe
  C:\Windows\System\bDYOumr.exe
  2⤵
  PID:8728
- C:\Windows\System\YRTpilA.exe
  C:\Windows\System\YRTpilA.exe
  2⤵
  PID:8612
- C:\Windows\System\NKeEFIj.exe
  C:\Windows\System\NKeEFIj.exe
  2⤵
  PID:8840
- C:\Windows\System\xLWBJVD.exe
  C:\Windows\System\xLWBJVD.exe
  2⤵
  PID:8776
- C:\Windows\System\gssLeoB.exe
  C:\Windows\System\gssLeoB.exe
  2⤵
  PID:9144
- C:\Windows\System\tyKDWOu.exe
  C:\Windows\System\tyKDWOu.exe
  2⤵
  PID:8276
- C:\Windows\System\cuUVczH.exe
  C:\Windows\System\cuUVczH.exe
  2⤵
  PID:9128
- C:\Windows\System\mkRiMgi.exe
  C:\Windows\System\mkRiMgi.exe
  2⤵
  PID:8252
- C:\Windows\System\LGNFulc.exe
  C:\Windows\System\LGNFulc.exe
  2⤵
  PID:8664
- C:\Windows\System\mvXFTBf.exe
  C:\Windows\System\mvXFTBf.exe
  2⤵
  PID:8064
- C:\Windows\System\XYxlcJr.exe
  C:\Windows\System\XYxlcJr.exe
  2⤵
  PID:8392
- C:\Windows\System\cRHiNEt.exe
  C:\Windows\System\cRHiNEt.exe
  2⤵
  PID:8508
- C:\Windows\System\EsvjTkL.exe
  C:\Windows\System\EsvjTkL.exe
  2⤵
  PID:9072
- C:\Windows\System\BuuSFcc.exe
  C:\Windows\System\BuuSFcc.exe
  2⤵
  PID:9024
- C:\Windows\System\lfxuXaw.exe
  C:\Windows\System\lfxuXaw.exe
  2⤵
  PID:8660
- C:\Windows\System\AmzCBQZ.exe
  C:\Windows\System\AmzCBQZ.exe
  2⤵
  PID:8272
- C:\Windows\System\Hctnpvj.exe
  C:\Windows\System\Hctnpvj.exe
  2⤵
  PID:8248
- C:\Windows\System\fcrmroK.exe
  C:\Windows\System\fcrmroK.exe
  2⤵
  PID:8556
- C:\Windows\System\FsNbIJr.exe
  C:\Windows\System\FsNbIJr.exe
  2⤵
  PID:8876
- C:\Windows\System\UCvcqIp.exe
  C:\Windows\System\UCvcqIp.exe
  2⤵
  PID:8640
- C:\Windows\System\zlfeDTY.exe
  C:\Windows\System\zlfeDTY.exe
  2⤵
  PID:9192
- C:\Windows\System\MzWoTrV.exe
  C:\Windows\System\MzWoTrV.exe
  2⤵
  PID:9224
- C:\Windows\System\qVvmDSW.exe
  C:\Windows\System\qVvmDSW.exe
  2⤵
  PID:9248
- C:\Windows\System\dMkUNSF.exe
  C:\Windows\System\dMkUNSF.exe
  2⤵
  PID:9268
- C:\Windows\System\VSJwTof.exe
  C:\Windows\System\VSJwTof.exe
  2⤵
  PID:9284
- C:\Windows\System\oRFOjhZ.exe
  C:\Windows\System\oRFOjhZ.exe
  2⤵
  PID:9300
- C:\Windows\System\ZbhnRxW.exe
  C:\Windows\System\ZbhnRxW.exe
  2⤵
  PID:9320
- C:\Windows\System\oQliSxy.exe
  C:\Windows\System\oQliSxy.exe
  2⤵
  PID:9340
- C:\Windows\System\GpqtiDa.exe
  C:\Windows\System\GpqtiDa.exe
  2⤵
  PID:9364
- C:\Windows\System\Gvuxyme.exe
  C:\Windows\System\Gvuxyme.exe
  2⤵
  PID:9408
- C:\Windows\System\WIwpNic.exe
  C:\Windows\System\WIwpNic.exe
  2⤵
  PID:9424
- C:\Windows\System\YJTFRcN.exe
  C:\Windows\System\YJTFRcN.exe
  2⤵
  PID:9440
- C:\Windows\System\NnkYLBt.exe
  C:\Windows\System\NnkYLBt.exe
  2⤵
  PID:9460
- C:\Windows\System\QqTapKw.exe
  C:\Windows\System\QqTapKw.exe
  2⤵
  PID:9480
- C:\Windows\System\CCZPVPu.exe
  C:\Windows\System\CCZPVPu.exe
  2⤵
  PID:9496
- C:\Windows\System\yDBvfES.exe
  C:\Windows\System\yDBvfES.exe
  2⤵
  PID:9512
- C:\Windows\System\xtYxqnc.exe
  C:\Windows\System\xtYxqnc.exe
  2⤵
  PID:9552
- C:\Windows\System\GuzgqvM.exe
  C:\Windows\System\GuzgqvM.exe
  2⤵
  PID:9568
- C:\Windows\System\sehtJgy.exe
  C:\Windows\System\sehtJgy.exe
  2⤵
  PID:9584
- C:\Windows\System\tWixLib.exe
  C:\Windows\System\tWixLib.exe
  2⤵
  PID:9612
- C:\Windows\System\cQaSViB.exe
  C:\Windows\System\cQaSViB.exe
  2⤵
  PID:9628
- C:\Windows\System\fOaWHOT.exe
  C:\Windows\System\fOaWHOT.exe
  2⤵
  PID:9648
- C:\Windows\System\ahBaTec.exe
  C:\Windows\System\ahBaTec.exe
  2⤵
  PID:9668
- C:\Windows\System\pzQvJBm.exe
  C:\Windows\System\pzQvJBm.exe
  2⤵
  PID:9692
- C:\Windows\System\rdVJltp.exe
  C:\Windows\System\rdVJltp.exe
  2⤵
  PID:9708
- C:\Windows\System\osuOZLF.exe
  C:\Windows\System\osuOZLF.exe
  2⤵
  PID:9728
- C:\Windows\System\hGIqNZi.exe
  C:\Windows\System\hGIqNZi.exe
  2⤵
  PID:9748
- C:\Windows\System\JYsXnAt.exe
  C:\Windows\System\JYsXnAt.exe
  2⤵
  PID:9772
- C:\Windows\System\SHPENsu.exe
  C:\Windows\System\SHPENsu.exe
  2⤵
  PID:9788
- C:\Windows\System\gWqnnDE.exe
  C:\Windows\System\gWqnnDE.exe
  2⤵
  PID:9812
- C:\Windows\System\RtWOEWu.exe
  C:\Windows\System\RtWOEWu.exe
  2⤵
  PID:9832
- C:\Windows\System\pGzlMbX.exe
  C:\Windows\System\pGzlMbX.exe
  2⤵
  PID:9848
- C:\Windows\System\bVtQPks.exe
  C:\Windows\System\bVtQPks.exe
  2⤵
  PID:9868
- C:\Windows\System\uWTwZDf.exe
  C:\Windows\System\uWTwZDf.exe
  2⤵
  PID:9892
- C:\Windows\System\aWeWfXP.exe
  C:\Windows\System\aWeWfXP.exe
  2⤵
  PID:9912
- C:\Windows\System\lvLFPZF.exe
  C:\Windows\System\lvLFPZF.exe
  2⤵
  PID:9928
- C:\Windows\System\AvQjZLi.exe
  C:\Windows\System\AvQjZLi.exe
  2⤵
  PID:9948
- C:\Windows\System\yDXRaOs.exe
  C:\Windows\System\yDXRaOs.exe
  2⤵
  PID:9972
- C:\Windows\System\LbOyAfH.exe
  C:\Windows\System\LbOyAfH.exe
  2⤵
  PID:9992
- C:\Windows\System\lrasgUJ.exe
  C:\Windows\System\lrasgUJ.exe
  2⤵
  PID:10008
- C:\Windows\System\fYYLyGI.exe
  C:\Windows\System\fYYLyGI.exe
  2⤵
  PID:10028
- C:\Windows\System\lMxHvIx.exe
  C:\Windows\System\lMxHvIx.exe
  2⤵
  PID:10044
- C:\Windows\System\mODtRJV.exe
  C:\Windows\System\mODtRJV.exe
  2⤵
  PID:10068
- C:\Windows\System\hXdInLt.exe
  C:\Windows\System\hXdInLt.exe
  2⤵
  PID:10084
- C:\Windows\System\rXtNjXu.exe
  C:\Windows\System\rXtNjXu.exe
  2⤵
  PID:10104
- C:\Windows\System\fyiUJEx.exe
  C:\Windows\System\fyiUJEx.exe
  2⤵
  PID:10132
- C:\Windows\System\VZeAGFB.exe
  C:\Windows\System\VZeAGFB.exe
  2⤵
  PID:10152
- C:\Windows\System\qiQSBuC.exe
  C:\Windows\System\qiQSBuC.exe
  2⤵
  PID:10172
- C:\Windows\System\WwkYjEi.exe
  C:\Windows\System\WwkYjEi.exe
  2⤵
  PID:10196
- C:\Windows\System\RpaGTzy.exe
  C:\Windows\System\RpaGTzy.exe
  2⤵
  PID:10212
- C:\Windows\System\pDGHEJw.exe
  C:\Windows\System\pDGHEJw.exe
  2⤵
  PID:10236
- C:\Windows\System\JcQUawZ.exe
  C:\Windows\System\JcQUawZ.exe
  2⤵
  PID:9276
- C:\Windows\System\KYMznQf.exe
  C:\Windows\System\KYMznQf.exe
  2⤵
  PID:8872
- C:\Windows\System\zplUlop.exe
  C:\Windows\System\zplUlop.exe
  2⤵
  PID:9308
- C:\Windows\System\aYJetnZ.exe
  C:\Windows\System\aYJetnZ.exe
  2⤵
  PID:9292
- C:\Windows\System\RbAoWYi.exe
  C:\Windows\System\RbAoWYi.exe
  2⤵
  PID:9348
- C:\Windows\System\WwTApYL.exe
  C:\Windows\System\WwTApYL.exe
  2⤵
  PID:9380
- C:\Windows\System\LJJPvhT.exe
  C:\Windows\System\LJJPvhT.exe
  2⤵
  PID:8688
- C:\Windows\System\AzGVezR.exe
  C:\Windows\System\AzGVezR.exe
  2⤵
  PID:9452
- C:\Windows\System\XVaOUnB.exe
  C:\Windows\System\XVaOUnB.exe
  2⤵
  PID:9436
- C:\Windows\System\kYMqaJF.exe
  C:\Windows\System\kYMqaJF.exe
  2⤵
  PID:9524
- C:\Windows\System\NbKBHNB.exe
  C:\Windows\System\NbKBHNB.exe
  2⤵
  PID:9536
- C:\Windows\System\VEbBPYI.exe
  C:\Windows\System\VEbBPYI.exe
  2⤵
  PID:9564
- C:\Windows\System\bmYWbEN.exe
  C:\Windows\System\bmYWbEN.exe
  2⤵
  PID:9608
- C:\Windows\System\dUEwfKg.exe
  C:\Windows\System\dUEwfKg.exe
  2⤵
  PID:9636
- C:\Windows\System\kNIqRTb.exe
  C:\Windows\System\kNIqRTb.exe
  2⤵
  PID:9640
- C:\Windows\System\zZDzcDN.exe
  C:\Windows\System\zZDzcDN.exe
  2⤵
  PID:9680
- C:\Windows\System\gjTDSBU.exe
  C:\Windows\System\gjTDSBU.exe
  2⤵
  PID:9724
- C:\Windows\System\yOiIxSX.exe
  C:\Windows\System\yOiIxSX.exe
  2⤵
  PID:9764
- C:\Windows\System\OZXbMDO.exe
  C:\Windows\System\OZXbMDO.exe
  2⤵
  PID:9796
- C:\Windows\System\QwRhEqC.exe
  C:\Windows\System\QwRhEqC.exe
  2⤵
  PID:9828
- C:\Windows\System\aDXsDzX.exe
  C:\Windows\System\aDXsDzX.exe
  2⤵
  PID:9888
- C:\Windows\System\mIEpEXz.exe
  C:\Windows\System\mIEpEXz.exe
  2⤵
  PID:9920
- C:\Windows\System\kmpRTUA.exe
  C:\Windows\System\kmpRTUA.exe
  2⤵
  PID:9940
- C:\Windows\System\TqMlkJy.exe
  C:\Windows\System\TqMlkJy.exe
  2⤵
  PID:9980
- C:\Windows\System\UVWaWwX.exe
  C:\Windows\System\UVWaWwX.exe
  2⤵
  PID:10004
- C:\Windows\System\QrCtRqa.exe
  C:\Windows\System\QrCtRqa.exe
  2⤵
  PID:10040
- C:\Windows\System\AcgxdiC.exe
  C:\Windows\System\AcgxdiC.exe
  2⤵
  PID:10100
- C:\Windows\System\pfaYGnx.exe
  C:\Windows\System\pfaYGnx.exe
  2⤵
  PID:10096
- C:\Windows\System\ZzTgyoR.exe
  C:\Windows\System\ZzTgyoR.exe
  2⤵
  PID:10148
- C:\Windows\System\msAInne.exe
  C:\Windows\System\msAInne.exe
  2⤵
  PID:10180
- C:\Windows\System\fZXanJa.exe
  C:\Windows\System\fZXanJa.exe
  2⤵
  PID:10220
- C:\Windows\System\unHGaTx.exe
  C:\Windows\System\unHGaTx.exe
  2⤵
  PID:10224
- C:\Windows\System\bRAhZKc.exe
  C:\Windows\System\bRAhZKc.exe
  2⤵
  PID:9240
- C:\Windows\System\hoDFBQl.exe
  C:\Windows\System\hoDFBQl.exe
  2⤵
  PID:9336
- C:\Windows\System\LyQTSBy.exe
  C:\Windows\System\LyQTSBy.exe
  2⤵
  PID:9360
- C:\Windows\System\DGHPXjU.exe
  C:\Windows\System\DGHPXjU.exe
  2⤵
  PID:9392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BfzzyrF.exe

Filesize
6.0MB

MD5
118ec93c896d1efc27d9d180857492a4

SHA1
8fd3d2aebd2806a9850d07b8d8c8aa4d59a314e1

SHA256
f758dfe5557ab77509d43f7416fd71aca82a105503f761da3a559c9234dc6b0b

SHA512
a9daabdd64acf1b3cacba304aab08ccf9bd617db6f0215286d0225c2e554b4ba7d49d178ba754a8543ec6a1f87fadfd91cd57c6a239f0afa100d47447b3212bf

Download Submit
C:\Windows\system\BzdoebY.exe

Filesize
6.0MB

MD5
cd16f34736624b0977627670ea1c656c

SHA1
c6bdf05e3d8eb7a0915c217a4e2f68194f05ae77

SHA256
a15c2a85f57f466023ef3903ec839c4ccf6fcea6d15d7e3008d77118146c681c

SHA512
71b72da1ab444cfe56095b510b2d994a34ca02e545cc983d3995a8159f4e4193ea9957d91f65410e63be291760a0bc85390324ed5762d579c89a58363db80476

Download Submit
C:\Windows\system\CEMhuBz.exe

Filesize
6.0MB

MD5
258c894e63bba5290eabc2bb9c3f3e11

SHA1
3c3fea987ad7d61142f57069317f065a53d52f21

SHA256
be9065096b18cfecef9c29eb79f50d7dde9000ff13e9842e45b417a93d2715e4

SHA512
cfde3a54919763f381a38b733acb8d2f94e61fbad9ba4ced13513ba30d51127224d7eb12b5570c9687a62355893f34ea4be6a635e6b932f28d4d75fc9ecd9c94

Download Submit
C:\Windows\system\DNCHtPe.exe

Filesize
6.0MB

MD5
ab0e68755bd611d9bece871899b0faf7

SHA1
c18d9d5781941d4a28344dd32bdf977bc8ce767e

SHA256
413270af48e1f05d8d2600745faa35a8abae80439d45c80df670d73ea5ef6827

SHA512
5524a0d4235be8c74c37898e167bad617eefd317488d89f811a27e3b1bf9503c38770823f4e142baabb0cce0479e36e62e95f3c39dad8d6d07e60fa7905c3828

Download Submit
C:\Windows\system\DofVsWW.exe

Filesize
6.0MB

MD5
6323904c07a6d3eaa5ee79c9aae46c47

SHA1
af577357952eba3af038e8ae4f3cc324ac09f0cf

SHA256
bc3e0e789735e0ab2f3f80f11476f54aca093fbd5916881073b07e84c3857cb9

SHA512
8db1102b4e7c95d1e38c701361b002e6c20d59db3d1d74a2f895a07d9e87016a550f7d2c76ccb9714d7d3a6b1285907883a035a995b999177aed332b194a31fc

Download Submit
C:\Windows\system\DxkaAnd.exe

Filesize
6.0MB

MD5
987502cc7082ce11b7b0f99ccf938399

SHA1
350df5d893910b9d1074b5c95f0dd3877a6bb5de

SHA256
6b02e410b89c2a303a7c2310ca28a77801b22aad912e286c8b7ad32892495d88

SHA512
d8e4c305f715d25f1d6b33f5d991056854a1e3cc7e974ae587a8565a9dcba55c5ccbf150781120f9eccdc8b5758aff75f6e9b117b9bb6c750fda2777613f4797

Download Submit
C:\Windows\system\EhIEbbX.exe

Filesize
6.0MB

MD5
35391dc60e946e71d2181d90a63be3b1

SHA1
0eccac2f6831705888e964c0d5f33059285bfa5a

SHA256
af17bdce77fc86687009608be1f83634d5605158ac9e394a3ecc06b9873e36e6

SHA512
410421150a5efcf15c96ec9cbe4154e96d1ef0a3c4a92deeeb61ce4c49ba668e192f2108551c05a77c5371d24f4da9c4562e3bde3d53cc69b26d909737157f0d

Download Submit
C:\Windows\system\HLjXpek.exe

Filesize
6.0MB

MD5
ace75e091fb9b5c46586e46cda399814

SHA1
fdcca90295df378034ef8dc99796ac528a73dbf2

SHA256
261f9f1f6a1a8dc2b35db08429d819944354f0da0ae7e84df3b36c1803b3a257

SHA512
298b4da48b21f8e242cdbbe3779b74044018d6a94ba38fb97c0c1c6f7d6e7e06defe1eb5a0e5fcecdb5b8d6e9cfd78cd509e39c8c162f844b097a59377543b7d

Download Submit
C:\Windows\system\KRodUdC.exe

Filesize
6.0MB

MD5
517ba71250f377a087f6a9d4baa4caa4

SHA1
22706d4eeddbdbace08d1dd330b14d1d381f4d22

SHA256
bfbd99c0a53f30a688f5ab9eab67d44c298a364561be7f8390cd9e4bfd6a8584

SHA512
de6f5f4be486ba9fdcc5ec613eb42a639a4e8d1cfa63b19b5d5b3c715898526d4f454d290e49bb56637ef3bbb2800a079a1fb195bde3c3d33600fc46f262a936

Download Submit
C:\Windows\system\LhKCeRn.exe

Filesize
6.0MB

MD5
2de88b78b1dd6e24618d9630e63bb0a5

SHA1
d6c5eabaf94a313b0b0be8df6d66032b8da1ce7a

SHA256
3c4ee83697b8ae01c57fa503c2108b4d527504610e5488281826c4ee60389d13

SHA512
0293c005bb60ad49e9c032c6dfe759f0adc4969370019b668e1c1557a743b6840624a4b532ad9686b87a107693ff09cd6197422c84d940f4b48ba9ce287b5d1f

Download Submit
C:\Windows\system\NcEYuHb.exe

Filesize
6.0MB

MD5
951151ca02a8a189e4e51881b449fcff

SHA1
5657f9e163b9c40ac43137e42c713e8090a916e9

SHA256
4132a1653a31a7eabc3caf094012642dc4c668112437c117e91003f7b5b0393d

SHA512
acd2c81fb80add74e65cac68f8a93b9e8559d025488c31710861c53dd04588ef5e32552ad8a413b9767f296cba0c3bbd541300128b2ccd1201eb89580c9bd654

Download Submit
C:\Windows\system\SquffOj.exe

Filesize
6.0MB

MD5
e73f74ccb6a81bff65b2a90b13ca5ca8

SHA1
e3c2c9fb17d7cf6045d2adc495500810dfe744c2

SHA256
270dd0abd7b5bb5faa9cb4708e193f968879ed9d66cfebb55eb1ebb367a5fbd4

SHA512
0478c72bfe877f1480bd3cdb8df0574a09559991b5597023e41963ab010082bbd0e848e6d2c72ab2f7b1af2ecc9c3b84b5b9ecee344b916c9993195d110862bc

Download Submit
C:\Windows\system\SvpbMsb.exe

Filesize
6.0MB

MD5
8725ca9abeef954b1e00da3247b51816

SHA1
ab1ab67a231a57aa5680018279887037f9b6ad07

SHA256
c995a4692ccb9d6724b25e87e94b14f9aebcbb13c0d5d48e2c15edd6c7b632b0

SHA512
724445c361cdea1eaa065b2b29d48ba7f4b563d5d5bfac667930dab047aec8c532968f99918f07a65ef14fc5cf927aaa2b9870fde19d44e8bbad09207a8dccf2

Download Submit
C:\Windows\system\YfeQQye.exe

Filesize
6.0MB

MD5
4cd46e5f6092c97e6e19d13adf233f01

SHA1
41feddd1cd235b3ee65dfd187e6615f3546c9544

SHA256
f9a43e45d9e211717e3492cadba8f2bbd250f820af05b16152c68041d3959674

SHA512
ffc1b9ad34412c01ee22aaedd432a33d26b489b0e5c7dea7fec641af9436d90976e943ff2f56465d43f7eb4fbed25f802536549edf6cbbcc7e73efb0f0d39af7

Download Submit
C:\Windows\system\Ztlihno.exe

Filesize
6.0MB

MD5
7ec9a5a4b71253ba7fc3191f620e2539

SHA1
9b0abd4a41b5f004ba924b86834db6bd94a6e33d

SHA256
46a8f1798f855e867845cc2fdc59387fe51e80717045701a79e333f6a62060ad

SHA512
6dccd7b840cdea7f1d3b67ce52f429285f57c2feaaa15694bfa6e42c59d2777612eddc74a304f58127a5ec2fc40eb20dffb746bdf3b9fbcfd99897d46eb721e9

Download Submit
C:\Windows\system\dCqBvmq.exe

Filesize
6.0MB

MD5
785842f271127df3ab587e276ebdf965

SHA1
d541789476e73adacb7b6945c1330b7bf82337bf

SHA256
9a8e871029ae637e3812f35aefb4c695adced624f560e7ec7fd60d6b0f0a969e

SHA512
3332c367274bc693acc55e113afd4d82b59cf9521eef5c93eecc5256e8fd1e90513046c921d2d9de1977c1b33cce9616a213c7bc74f55b1b6f7176851a790e12

Download Submit
C:\Windows\system\dwNAatu.exe

Filesize
6.0MB

MD5
58c7a9fefbd00f7fa11530773a38e144

SHA1
18b0411a878951c0d517ca31849d2716c240ec03

SHA256
35b28ff3c087d015ae8c7b1fbf30348f47e64eef5974730bef28b0100e920250

SHA512
916563eae91ae92adc59a0be5c8da8de1acc94651126fbf733bca448eab03207e053f1a406cb86dbcd43603b51ac0351bbd699843b1453576a7c2b6a6c9231c8

Download Submit
C:\Windows\system\gsfAOdx.exe

Filesize
6.0MB

MD5
4b7d0239c131ea5adab266cd398080f7

SHA1
b305025860c946222ee874242b508d5e993d362f

SHA256
3cb4ed982f440cd62d58697573594f719ff4d0eacb14e885bd8ae70fe1025fb4

SHA512
0f35d3630980da88aada0783a860d71ce733a6ce7daa1fe79e7c3ab5b4411c4d457ea264530abe2f6b509a9810f7768537642b81ace7f4c4ce85c5c416f4cfd5

Download Submit
C:\Windows\system\jcpkiwI.exe

Filesize
6.0MB

MD5
ada0af72f779a13c7fbfccbc897a92ab

SHA1
612179ef8aeb4b34c6e77f5af7130c1888f8284d

SHA256
74c960f44731ab9503b167d37f0a81947d5df1e6b45cd4183932cf187e348c69

SHA512
266f5fb8b8ac482c1a38051c80223b54ea2d35c09332c8375a1ca3090acf502e04092ac07d02822bc391297e1ecd9b3734beb9037e8e7e03dc30209449bc4f43

Download Submit
C:\Windows\system\kZmxfBG.exe

Filesize
6.0MB

MD5
4258ce2803a823f09d675f9900ce1d91

SHA1
d3ed24242a0b709f79acad2ecd2a82ae7984d719

SHA256
d49aa64f6950bc11a8f34291be32ba92515c7dab870b79e6d5696f456f91fd0c

SHA512
203c37c26e10e28eadb762a03a0ac3955857c3c9188213024270ab980211ba2b10f1832cd9ef24c90e86ce7659390bca8ac0ec12fa3e7b40fde6c803da2567dd

Download Submit
C:\Windows\system\lJGBLLG.exe

Filesize
6.0MB

MD5
53b438d8b5fd6d11459c2a3fbe66923f

SHA1
77df48e9e803bc757c61c52337cb481a0375d519

SHA256
a7af40eab3089b91ed239a3b27e133407430dcf0c5fb4fbf358cb5be0873ccdd

SHA512
24fad6bc94c1c2ce239b4814be0c3bdaaf6819912d7448d37a596d0f81803953c1c28a07d27e10a75e37a8e536a84187a906a710f5749f61895639b5eaea5eb2

Download Submit
C:\Windows\system\lbWWOAx.exe

Filesize
6.0MB

MD5
4c50b2f286ecd57e93e9a37ee707a448

SHA1
1a017141f04593219215a3008e97f013180f92a7

SHA256
32042410676e2679f664418c49160d8c200ff5887a4afc875d781f838f0e596e

SHA512
7d7a809eccffe2cc707b37d6841e207b1ed7e6de3d0dc0dc8e44715f45d710cbea08ec9835da8ca3cf6d32a05a81ae69728838be9244516698d6dc737d4e6888

Download Submit
C:\Windows\system\qFVfEeg.exe

Filesize
6.0MB

MD5
ff5f0286be3892ff7108130bffdc6ae9

SHA1
897bc917a844b29949934f33a89605a462397900

SHA256
23ad19253703d6ff000ccb0a09e8cd319731a4fa69150a0c16d6273e24180eaf

SHA512
bdbaa7d89a83985af53a111f5fa3849acdaae07a46ad4566c63c0f5b8fee1fc40927784df7191c9fd97a2b01c2403c6304bb9d959c8108367940a02663793e14

Download Submit
C:\Windows\system\qIASdrZ.exe

Filesize
6.0MB

MD5
f067362fae3c310a0be4f58d91278c45

SHA1
743a8dce1478ad13b30643ed3968dbc18552ab67

SHA256
5ff57af4b201660a6cd6a2ca1c7fbeb49c130317876bf067694386682a109392

SHA512
e2c47b2950dea81f4f352dd1d66cda3c03aac64a5495c8ba839c9e7e7fca991ce834e07870d8b64cba17e6c415824238b0b80f94c14347648a3176f222cfd14a

Download Submit
C:\Windows\system\uowjYCm.exe

Filesize
6.0MB

MD5
5532541f95377525210aa4a7911022da

SHA1
0f9f26acbde564b4d748866123bc1d5e8424221c

SHA256
5a1c08ce7d99dca81748f2ca68e7b0e6ee670cc2779ff4e1ba0094c0adff0399

SHA512
bc394aa68d24a5d386a26410da8308c6cf5fb1480e54a8a1e917eb2ef01be73eaf8c0142511a63b249dd382eacae4e5c7f253b3a484038273f94d21897b5d39a

Download Submit
C:\Windows\system\vfhvTpR.exe

Filesize
6.0MB

MD5
a1af00dc52694b8e4acd3b46782bbe3d

SHA1
96881660c143fcb5f4c72dd523c218181ed92e69

SHA256
ca18705fa62b26475973683e4d7e68321164cd84016d24435f1cacbaa8571246

SHA512
996a6a802d2215a2989355edcc445846e7f8a4e6a37269e3cc0fc3ac292107c81563f9e32975aaa2163236b1fd912a1fa656e7b356fc1bc9b82540d152d3a02c

Download Submit
C:\Windows\system\wZqIeMB.exe

Filesize
6.0MB

MD5
52ffeba6bbad7686848b41cbfbe5d781

SHA1
8905c14fc55ec77ccad5f484fe19f171eadec8fc

SHA256
3ab1720f1e2c7394a61047d416c1941a5ec12dba452eb75405e31ce2bd0cdccc

SHA512
f751bf546431a8816c6f83e76a64f8c975d81549d4d8cd6a6a0ae1eae77582c6d8fb0d517bede22407a5e84c15088f52284fe2245cbdfbe8af567a8dcdb9d595

Download Submit
C:\Windows\system\wvvPcwy.exe

Filesize
6.0MB

MD5
8d8243318bdfa77444eb24a4cb0438d0

SHA1
8ab85093f09123784ce1291b84868b2f5b25a4fa

SHA256
22438d5848339d3a8fd708ab94dc591588577666210f146cea7e6d4e8af49de1

SHA512
3e0f82236d98b7b1dbaee909adbe06cdd9e14b31bc1d16d9e428c94e50950a5dcf683b6357aecc13e40ef32374f24b95e8ff5fcb52a799c19493e89888a58500

Download Submit
C:\Windows\system\xMPDTSk.exe

Filesize
6.0MB

MD5
1c2cc5b5a7a537f08a3ac877a07e90f4

SHA1
399f28daee8f6f75e52a0bb00972562af64d1b83

SHA256
02b419405e3d4c856accafdcd32249e853c5fe39b926f213bd664d7ab7b265bb

SHA512
4b83c6afb60d41e40042a1b91434d09bd594fbe9ac9b6f711eb1a49e5c8cc945fbd3f347f46278cf55014af98ced7d231ae8581b979a115a75eb39240f88383b

Download Submit
C:\Windows\system\xpdVzRg.exe

Filesize
6.0MB

MD5
1dd783074e0613c9bf95fca1e6e5e821

SHA1
2666829e8ad2f7f18160a14529867d79caf84a9a

SHA256
cc863cf39db7cf755280087543f826ff36f1d963c610f55e4b8f79958075ceec

SHA512
089d5910c496eb1e94e65b2f5e320c2646f7edc3a6e77764c605dc84e3c13239d2ba57f247aab7a27c0838391be0ee072c09e3061134989b7c3cb0d6029cde6c

Download Submit
C:\Windows\system\zcEsupc.exe

Filesize
6.0MB

MD5
f51fd08577ef1f97c3552d3723d2066f

SHA1
ffa97fc42d0923a5720533b689679d6636aa0155

SHA256
f6b36ec41dd8dfca02f1cd5b924ad5ed5051dd4ffc8825e83d9cb65445e1a87f

SHA512
b07d13b5fabdef13cc550def9bbdec08768833f81f8c590046a3a0a9354e36d84d6922cf1d26532e58688b1dc07e61f62b5e35871a8e09e7ba4f432458c6f234

Download Submit
\Windows\system\ZNLxdge.exe

Filesize
6.0MB

MD5
53dbada93347be4f96a01ea5ba5d26fa

SHA1
e7fcaf64b6f1c1b6e8e164b91ecb15fd0b40fb0d

SHA256
6edef1a7865694ea0eae58a6bb1de65f85707d8081836ec1582a56f02a026340

SHA512
8f797a3604c6a37153154c147745b6bd60fb5dd93ac6043135d2de99f855256301a02fc6fba4d7c69002c7c867ef08809e2fcc929abf143c1ce2a863f006dab6

Download Submit
memory/1764-4047-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/1764-373-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2088-365-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-4052-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-4051-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2168-377-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2524-4050-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-352-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-4049-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-361-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-4045-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2568-380-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2644-4046-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-363-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-25-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2652-4042-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4040-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2716-12-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2752-599-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2752-4041-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2752-15-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2840-4044-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-36-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-4043-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-976-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-28-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-4048-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2992-371-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/3008-375-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/3008-4053-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/3068-370-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/3068-376-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1538-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1541-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-773-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/3068-359-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1547-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1550-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/3068-362-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1556-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/3068-372-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/3068-374-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1560-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1539-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-378-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/3068-379-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/3068-381-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/3068-364-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-92-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1566-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1570-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/3068-20-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/3068-9-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/3068-35-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-29-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1668-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/3068-0-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download