cobaltstrike | f6a59db0ad5379d0ef7c8bb0e1ddf752d36affeb16ed740e61ce8563677e9d4c

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23/11/2024, 12:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

88da92025c1587c5c2e273eec8362f89
SHA1

57f7323c1e7d6ea0967572d3bef0aca9e89d1072
SHA256

f6a59db0ad5379d0ef7c8bb0e1ddf752d36affeb16ed740e61ce8563677e9d4c
SHA512

a8d3b0e45f3853cd868bc8d62e174973d072851423c89c4528467f0185644ae55dd39ff100cdd7342b91c7ebea4eae82e2c138825f9ee1cfd58542090da0c26a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUQ:T+q56utgpPF8u/7Q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0003000000012000-6.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174cc-8.dat	cobalt_reflective_dll
behavioral1/files/0x000e000000018676-16.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186e4-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018683-25.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186ea-36.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-73.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950c-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019582-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-87.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001873d-67.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186fd-62.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186ee-52.dat	cobalt_reflective_dll
behavioral1/files/0x00390000000173a9-44.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2276-0-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x0003000000012000-6.dat	xmrig
behavioral1/files/0x00080000000174cc-8.dat	xmrig
behavioral1/files/0x000e000000018676-16.dat	xmrig
behavioral1/memory/2712-15-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2988-21-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x00060000000186e4-27.dat	xmrig
behavioral1/files/0x0007000000018683-25.dat	xmrig
behavioral1/memory/2688-26-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/1708-13-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2444-35-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x00060000000186ea-36.dat	xmrig
behavioral1/memory/2276-33-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x0005000000019441-73.dat	xmrig
behavioral1/files/0x000500000001944f-81.dat	xmrig
behavioral1/memory/3056-93-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x000500000001950c-96.dat	xmrig
behavioral1/files/0x0005000000019609-112.dat	xmrig
behavioral1/files/0x0005000000019619-144.dat	xmrig
behavioral1/memory/2276-1173-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/memory/2452-239-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/files/0x0005000000019625-171.dat	xmrig
behavioral1/files/0x0005000000019623-167.dat	xmrig
behavioral1/files/0x0005000000019622-164.dat	xmrig
behavioral1/files/0x0005000000019621-160.dat	xmrig
behavioral1/files/0x000500000001961f-155.dat	xmrig
behavioral1/files/0x000500000001961d-152.dat	xmrig
behavioral1/files/0x000500000001961b-148.dat	xmrig
behavioral1/files/0x0005000000019617-139.dat	xmrig
behavioral1/files/0x0005000000019613-132.dat	xmrig
behavioral1/files/0x0005000000019615-136.dat	xmrig
behavioral1/files/0x000500000001960f-123.dat	xmrig
behavioral1/files/0x0005000000019611-128.dat	xmrig
behavioral1/files/0x000500000001960d-120.dat	xmrig
behavioral1/files/0x000500000001960b-115.dat	xmrig
behavioral1/files/0x00050000000195c5-107.dat	xmrig
behavioral1/files/0x0005000000019582-102.dat	xmrig
behavioral1/memory/1712-98-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2916-91-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2592-84-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2316-83-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2276-90-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2580-89-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019461-87.dat	xmrig
behavioral1/memory/2444-78-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2452-70-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2688-69-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x000700000001873d-67.dat	xmrig
behavioral1/memory/2080-66-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2276-65-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2276-63-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x00060000000186fd-62.dat	xmrig
behavioral1/memory/2308-77-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/3056-61-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x00060000000186ee-52.dat	xmrig
behavioral1/memory/2580-46-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/files/0x00390000000173a9-44.dat	xmrig
behavioral1/memory/2592-40-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2444-4005-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2988-4004-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/1708-4003-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2580-4002-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2308-4001-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2080-4000-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1708	IVBSaSd.exe
2712	AXiAeHo.exe
2988	ADoNORI.exe
2688	ZhVWzNc.exe
2444	KEiSajc.exe
2592	wZvrkaR.exe
2580	IbBlOQK.exe
3056	gKJGJRG.exe
2080	qVKKhfq.exe
2452	IUhjFtn.exe
2308	PRvPoNS.exe
2316	GFSwzmd.exe
2916	mWiPAUn.exe
1712	WiaBYQt.exe
2800	wOVDBeN.exe
1168	TuBbexJ.exe
2072	HhbcmRf.exe
108	hperZLJ.exe
2944	XLzyrDI.exe
1652	LwUJUlD.exe
700	AYJMhxx.exe
1160	oBzdDFN.exe
1036	wpGOXaq.exe
2440	cDqIcKF.exe
1948	UzEGawb.exe
1636	msRsTBQ.exe
2064	PAmYZCk.exe
2336	wWIIcRj.exe
2172	FJGHgvQ.exe
1100	NDDdyAm.exe
3048	tGrMdXe.exe
3044	bbSUGNC.exe
848	EeGNhae.exe
1656	CZJIZev.exe
940	EZzQAbD.exe
1204	pwAqvuj.exe
912	wcfWNqN.exe
1000	WRWSTKm.exe
1516	furoRKh.exe
2448	MveKHev.exe
1796	ZTWWaQF.exe
1544	ccqxfEZ.exe
1780	YBxePze.exe
780	YOMOTMW.exe
820	vcsTzPA.exe
1852	vtECZgf.exe
1856	MNcNYox.exe
1292	ZBGDvfv.exe
2544	UjGUPuf.exe
2464	iQmOfDL.exe
2312	nLExdMD.exe
1432	NRCGPDj.exe
2264	IzqUUyu.exe
2304	onGphkG.exe
640	jhsNUvW.exe
372	ThMeChG.exe
1488	vIjXTHU.exe
1284	zWNhLFI.exe
892	oenzGGC.exe
1512	UoNGznl.exe
2324	KyyiaSi.exe
2196	bibzNGA.exe
2184	OXgvCiz.exe
392	pwGfhRv.exe

Loads dropped DLL 64 IoCs

pid	Process
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2276-0-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x0003000000012000-6.dat	upx
behavioral1/files/0x00080000000174cc-8.dat	upx
behavioral1/files/0x000e000000018676-16.dat	upx
behavioral1/memory/2712-15-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2988-21-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x00060000000186e4-27.dat	upx
behavioral1/files/0x0007000000018683-25.dat	upx
behavioral1/memory/2688-26-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/1708-13-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2444-35-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x00060000000186ea-36.dat	upx
behavioral1/memory/2276-33-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x0005000000019441-73.dat	upx
behavioral1/files/0x000500000001944f-81.dat	upx
behavioral1/memory/3056-93-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x000500000001950c-96.dat	upx
behavioral1/files/0x0005000000019609-112.dat	upx
behavioral1/files/0x0005000000019619-144.dat	upx
behavioral1/memory/2452-239-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/files/0x0005000000019625-171.dat	upx
behavioral1/files/0x0005000000019623-167.dat	upx
behavioral1/files/0x0005000000019622-164.dat	upx
behavioral1/files/0x0005000000019621-160.dat	upx
behavioral1/files/0x000500000001961f-155.dat	upx
behavioral1/files/0x000500000001961d-152.dat	upx
behavioral1/files/0x000500000001961b-148.dat	upx
behavioral1/files/0x0005000000019617-139.dat	upx
behavioral1/files/0x0005000000019613-132.dat	upx
behavioral1/files/0x0005000000019615-136.dat	upx
behavioral1/files/0x000500000001960f-123.dat	upx
behavioral1/files/0x0005000000019611-128.dat	upx
behavioral1/files/0x000500000001960d-120.dat	upx
behavioral1/files/0x000500000001960b-115.dat	upx
behavioral1/files/0x00050000000195c5-107.dat	upx
behavioral1/files/0x0005000000019582-102.dat	upx
behavioral1/memory/1712-98-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2916-91-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2592-84-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2316-83-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2580-89-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/files/0x0005000000019461-87.dat	upx
behavioral1/memory/2444-78-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2452-70-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2688-69-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x000700000001873d-67.dat	upx
behavioral1/memory/2080-66-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x00060000000186fd-62.dat	upx
behavioral1/memory/2308-77-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/3056-61-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x00060000000186ee-52.dat	upx
behavioral1/memory/2580-46-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/files/0x00390000000173a9-44.dat	upx
behavioral1/memory/2592-40-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2444-4005-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2988-4004-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/1708-4003-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2580-4002-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2308-4001-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2080-4000-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2592-3999-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/3056-3998-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2688-4007-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2712-4006-0x000000013F220000-0x000000013F574000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jhsNUvW.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TqkPPXx.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UWGcpJv.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OOJnpvq.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zjICZgO.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gGJZNaf.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PKitjDS.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pIgtRTf.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zyIkifL.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hBsDigs.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqFGMbN.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GuZhQgU.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWjTOPQ.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VnntbBT.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DJhKuQw.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kkLBVCZ.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DGRSizd.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wPTxRBZ.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\czAiBrI.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\affsyPG.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wkmqiWG.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UlCwqMn.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LTHlSHf.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gtHEklr.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXmbpWh.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MRjrxGI.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yIRpuaf.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wcuQBiK.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hxdDzge.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GSgBaIQ.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UBBPJZu.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dobNpQX.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dDJSouc.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nGeQMGa.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\faipoIc.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQHJrlC.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uWIKHIG.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xwvBjyz.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezDFvxc.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SBhuePd.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YWzZaCE.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpcKSwt.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pJfMOpb.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QrSlAjt.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFuhRWg.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VwmJEXh.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\clYoVcM.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HFmMLGk.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KsxnIVA.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nHJTXAl.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YrzDxEY.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zOghEEK.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zJVaiJO.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GAwTsEN.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fljEBnJ.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uzZYdyz.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QneGvpz.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IqVIxuU.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vPPRZFw.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ygbHpMS.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lYuVDlX.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cpbMYXw.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ANhbpCR.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMdzPSr.exe	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 1708	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2276 wrote to memory of 1708	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2276 wrote to memory of 1708	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2276 wrote to memory of 2712	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2276 wrote to memory of 2712	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2276 wrote to memory of 2712	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2276 wrote to memory of 2988	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2276 wrote to memory of 2988	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2276 wrote to memory of 2988	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2276 wrote to memory of 2688	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2276 wrote to memory of 2688	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2276 wrote to memory of 2688	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2276 wrote to memory of 2444	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2276 wrote to memory of 2444	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2276 wrote to memory of 2444	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2276 wrote to memory of 2592	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2276 wrote to memory of 2592	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2276 wrote to memory of 2592	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2276 wrote to memory of 2580	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2276 wrote to memory of 2580	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2276 wrote to memory of 2580	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2276 wrote to memory of 3056	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2276 wrote to memory of 3056	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2276 wrote to memory of 3056	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2276 wrote to memory of 2080	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2276 wrote to memory of 2080	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2276 wrote to memory of 2080	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2276 wrote to memory of 2452	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2276 wrote to memory of 2452	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2276 wrote to memory of 2452	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2276 wrote to memory of 2308	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2276 wrote to memory of 2308	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2276 wrote to memory of 2308	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2276 wrote to memory of 2316	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2276 wrote to memory of 2316	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2276 wrote to memory of 2316	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2276 wrote to memory of 2916	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2276 wrote to memory of 2916	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2276 wrote to memory of 2916	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2276 wrote to memory of 1712	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2276 wrote to memory of 1712	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2276 wrote to memory of 1712	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2276 wrote to memory of 2800	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2276 wrote to memory of 2800	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2276 wrote to memory of 2800	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2276 wrote to memory of 1168	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2276 wrote to memory of 1168	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2276 wrote to memory of 1168	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2276 wrote to memory of 2072	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2276 wrote to memory of 2072	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2276 wrote to memory of 2072	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2276 wrote to memory of 108	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2276 wrote to memory of 108	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2276 wrote to memory of 108	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2276 wrote to memory of 2944	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2276 wrote to memory of 2944	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2276 wrote to memory of 2944	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2276 wrote to memory of 1652	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2276 wrote to memory of 1652	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2276 wrote to memory of 1652	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2276 wrote to memory of 700	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2276 wrote to memory of 700	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2276 wrote to memory of 700	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2276 wrote to memory of 1160	2276	2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-23_88da92025c1587c5c2e273eec8362f89_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Windows\System\IVBSaSd.exe
  C:\Windows\System\IVBSaSd.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\AXiAeHo.exe
  C:\Windows\System\AXiAeHo.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\ADoNORI.exe
  C:\Windows\System\ADoNORI.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\ZhVWzNc.exe
  C:\Windows\System\ZhVWzNc.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\KEiSajc.exe
  C:\Windows\System\KEiSajc.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\wZvrkaR.exe
  C:\Windows\System\wZvrkaR.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\IbBlOQK.exe
  C:\Windows\System\IbBlOQK.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\gKJGJRG.exe
  C:\Windows\System\gKJGJRG.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\qVKKhfq.exe
  C:\Windows\System\qVKKhfq.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\IUhjFtn.exe
  C:\Windows\System\IUhjFtn.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\PRvPoNS.exe
  C:\Windows\System\PRvPoNS.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\GFSwzmd.exe
  C:\Windows\System\GFSwzmd.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\mWiPAUn.exe
  C:\Windows\System\mWiPAUn.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\WiaBYQt.exe
  C:\Windows\System\WiaBYQt.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\wOVDBeN.exe
  C:\Windows\System\wOVDBeN.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\TuBbexJ.exe
  C:\Windows\System\TuBbexJ.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\HhbcmRf.exe
  C:\Windows\System\HhbcmRf.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\hperZLJ.exe
  C:\Windows\System\hperZLJ.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\XLzyrDI.exe
  C:\Windows\System\XLzyrDI.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\LwUJUlD.exe
  C:\Windows\System\LwUJUlD.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\AYJMhxx.exe
  C:\Windows\System\AYJMhxx.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\oBzdDFN.exe
  C:\Windows\System\oBzdDFN.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\wpGOXaq.exe
  C:\Windows\System\wpGOXaq.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\cDqIcKF.exe
  C:\Windows\System\cDqIcKF.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\UzEGawb.exe
  C:\Windows\System\UzEGawb.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\msRsTBQ.exe
  C:\Windows\System\msRsTBQ.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\PAmYZCk.exe
  C:\Windows\System\PAmYZCk.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\wWIIcRj.exe
  C:\Windows\System\wWIIcRj.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\FJGHgvQ.exe
  C:\Windows\System\FJGHgvQ.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\NDDdyAm.exe
  C:\Windows\System\NDDdyAm.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\tGrMdXe.exe
  C:\Windows\System\tGrMdXe.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\bbSUGNC.exe
  C:\Windows\System\bbSUGNC.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\EeGNhae.exe
  C:\Windows\System\EeGNhae.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\CZJIZev.exe
  C:\Windows\System\CZJIZev.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\EZzQAbD.exe
  C:\Windows\System\EZzQAbD.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\pwAqvuj.exe
  C:\Windows\System\pwAqvuj.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\wcfWNqN.exe
  C:\Windows\System\wcfWNqN.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\WRWSTKm.exe
  C:\Windows\System\WRWSTKm.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\furoRKh.exe
  C:\Windows\System\furoRKh.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\MveKHev.exe
  C:\Windows\System\MveKHev.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\ZTWWaQF.exe
  C:\Windows\System\ZTWWaQF.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\ccqxfEZ.exe
  C:\Windows\System\ccqxfEZ.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\YBxePze.exe
  C:\Windows\System\YBxePze.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\YOMOTMW.exe
  C:\Windows\System\YOMOTMW.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\vcsTzPA.exe
  C:\Windows\System\vcsTzPA.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\vtECZgf.exe
  C:\Windows\System\vtECZgf.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\MNcNYox.exe
  C:\Windows\System\MNcNYox.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\ZBGDvfv.exe
  C:\Windows\System\ZBGDvfv.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\UjGUPuf.exe
  C:\Windows\System\UjGUPuf.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\iQmOfDL.exe
  C:\Windows\System\iQmOfDL.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\nLExdMD.exe
  C:\Windows\System\nLExdMD.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\NRCGPDj.exe
  C:\Windows\System\NRCGPDj.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\IzqUUyu.exe
  C:\Windows\System\IzqUUyu.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\jhsNUvW.exe
  C:\Windows\System\jhsNUvW.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\onGphkG.exe
  C:\Windows\System\onGphkG.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\ThMeChG.exe
  C:\Windows\System\ThMeChG.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\vIjXTHU.exe
  C:\Windows\System\vIjXTHU.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\zWNhLFI.exe
  C:\Windows\System\zWNhLFI.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\oenzGGC.exe
  C:\Windows\System\oenzGGC.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\pwGfhRv.exe
  C:\Windows\System\pwGfhRv.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\UoNGznl.exe
  C:\Windows\System\UoNGznl.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\XZnNtkt.exe
  C:\Windows\System\XZnNtkt.exe
  2⤵
  PID:1052
- C:\Windows\System\KyyiaSi.exe
  C:\Windows\System\KyyiaSi.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\HNnpZSA.exe
  C:\Windows\System\HNnpZSA.exe
  2⤵
  PID:1596
- C:\Windows\System\bibzNGA.exe
  C:\Windows\System\bibzNGA.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\CLbTooJ.exe
  C:\Windows\System\CLbTooJ.exe
  2⤵
  PID:2216
- C:\Windows\System\OXgvCiz.exe
  C:\Windows\System\OXgvCiz.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\saKbkaz.exe
  C:\Windows\System\saKbkaz.exe
  2⤵
  PID:2820
- C:\Windows\System\qWNXknX.exe
  C:\Windows\System\qWNXknX.exe
  2⤵
  PID:2708
- C:\Windows\System\fLijnyt.exe
  C:\Windows\System\fLijnyt.exe
  2⤵
  PID:1684
- C:\Windows\System\ozjkpPl.exe
  C:\Windows\System\ozjkpPl.exe
  2⤵
  PID:2628
- C:\Windows\System\ttUrvNe.exe
  C:\Windows\System\ttUrvNe.exe
  2⤵
  PID:2164
- C:\Windows\System\diKOeTO.exe
  C:\Windows\System\diKOeTO.exe
  2⤵
  PID:2616
- C:\Windows\System\HdXqmgw.exe
  C:\Windows\System\HdXqmgw.exe
  2⤵
  PID:2552
- C:\Windows\System\azvfRsg.exe
  C:\Windows\System\azvfRsg.exe
  2⤵
  PID:1624
- C:\Windows\System\oExxQxY.exe
  C:\Windows\System\oExxQxY.exe
  2⤵
  PID:1152
- C:\Windows\System\CZxhbJZ.exe
  C:\Windows\System\CZxhbJZ.exe
  2⤵
  PID:2804
- C:\Windows\System\YYSeXox.exe
  C:\Windows\System\YYSeXox.exe
  2⤵
  PID:584
- C:\Windows\System\hEETiMg.exe
  C:\Windows\System\hEETiMg.exe
  2⤵
  PID:2652
- C:\Windows\System\qRuvoZz.exe
  C:\Windows\System\qRuvoZz.exe
  2⤵
  PID:1688
- C:\Windows\System\GuZhQgU.exe
  C:\Windows\System\GuZhQgU.exe
  2⤵
  PID:604
- C:\Windows\System\qdixEhj.exe
  C:\Windows\System\qdixEhj.exe
  2⤵
  PID:2208
- C:\Windows\System\ONwdpSx.exe
  C:\Windows\System\ONwdpSx.exe
  2⤵
  PID:2160
- C:\Windows\System\EvILhbm.exe
  C:\Windows\System\EvILhbm.exe
  2⤵
  PID:2436
- C:\Windows\System\qiyPMcF.exe
  C:\Windows\System\qiyPMcF.exe
  2⤵
  PID:2964
- C:\Windows\System\PqSUUWn.exe
  C:\Windows\System\PqSUUWn.exe
  2⤵
  PID:972
- C:\Windows\System\xROGJih.exe
  C:\Windows\System\xROGJih.exe
  2⤵
  PID:968
- C:\Windows\System\fOkInTv.exe
  C:\Windows\System\fOkInTv.exe
  2⤵
  PID:268
- C:\Windows\System\MOdKCtP.exe
  C:\Windows\System\MOdKCtP.exe
  2⤵
  PID:1928
- C:\Windows\System\ZmrgOhX.exe
  C:\Windows\System\ZmrgOhX.exe
  2⤵
  PID:1704
- C:\Windows\System\VwmJEXh.exe
  C:\Windows\System\VwmJEXh.exe
  2⤵
  PID:1312
- C:\Windows\System\buQxoFO.exe
  C:\Windows\System\buQxoFO.exe
  2⤵
  PID:1076
- C:\Windows\System\rMTtZho.exe
  C:\Windows\System\rMTtZho.exe
  2⤵
  PID:344
- C:\Windows\System\jhhypil.exe
  C:\Windows\System\jhhypil.exe
  2⤵
  PID:2032
- C:\Windows\System\CcdHpNs.exe
  C:\Windows\System\CcdHpNs.exe
  2⤵
  PID:1736
- C:\Windows\System\YCxvklZ.exe
  C:\Windows\System\YCxvklZ.exe
  2⤵
  PID:1008
- C:\Windows\System\JpeHgQk.exe
  C:\Windows\System\JpeHgQk.exe
  2⤵
  PID:884
- C:\Windows\System\bgaUUfg.exe
  C:\Windows\System\bgaUUfg.exe
  2⤵
  PID:2408
- C:\Windows\System\KIfPrAG.exe
  C:\Windows\System\KIfPrAG.exe
  2⤵
  PID:2268
- C:\Windows\System\uWwDyhF.exe
  C:\Windows\System\uWwDyhF.exe
  2⤵
  PID:2680
- C:\Windows\System\VCISKXL.exe
  C:\Windows\System\VCISKXL.exe
  2⤵
  PID:2888
- C:\Windows\System\fAwmtJB.exe
  C:\Windows\System\fAwmtJB.exe
  2⤵
  PID:3064
- C:\Windows\System\XlKpVau.exe
  C:\Windows\System\XlKpVau.exe
  2⤵
  PID:2416
- C:\Windows\System\ktZodKg.exe
  C:\Windows\System\ktZodKg.exe
  2⤵
  PID:2860
- C:\Windows\System\sdCxsZG.exe
  C:\Windows\System\sdCxsZG.exe
  2⤵
  PID:2648
- C:\Windows\System\hliMHcJ.exe
  C:\Windows\System\hliMHcJ.exe
  2⤵
  PID:2668
- C:\Windows\System\EEbKOcm.exe
  C:\Windows\System\EEbKOcm.exe
  2⤵
  PID:1620
- C:\Windows\System\ysMBNAC.exe
  C:\Windows\System\ysMBNAC.exe
  2⤵
  PID:2568
- C:\Windows\System\aabKPXf.exe
  C:\Windows\System\aabKPXf.exe
  2⤵
  PID:1316
- C:\Windows\System\ICVKxNd.exe
  C:\Windows\System\ICVKxNd.exe
  2⤵
  PID:2924
- C:\Windows\System\rRRJMtD.exe
  C:\Windows\System\rRRJMtD.exe
  2⤵
  PID:2912
- C:\Windows\System\etlDmxs.exe
  C:\Windows\System\etlDmxs.exe
  2⤵
  PID:2956
- C:\Windows\System\pxmNBMp.exe
  C:\Windows\System\pxmNBMp.exe
  2⤵
  PID:2204
- C:\Windows\System\yzaiHtN.exe
  C:\Windows\System\yzaiHtN.exe
  2⤵
  PID:1720
- C:\Windows\System\lAYabjW.exe
  C:\Windows\System\lAYabjW.exe
  2⤵
  PID:1776
- C:\Windows\System\sCoRLll.exe
  C:\Windows\System\sCoRLll.exe
  2⤵
  PID:3080
- C:\Windows\System\iJZiFrQ.exe
  C:\Windows\System\iJZiFrQ.exe
  2⤵
  PID:3096
- C:\Windows\System\AgmAMSA.exe
  C:\Windows\System\AgmAMSA.exe
  2⤵
  PID:3116
- C:\Windows\System\pLCCIxX.exe
  C:\Windows\System\pLCCIxX.exe
  2⤵
  PID:3132
- C:\Windows\System\BbBglpw.exe
  C:\Windows\System\BbBglpw.exe
  2⤵
  PID:3148
- C:\Windows\System\vCxpRyS.exe
  C:\Windows\System\vCxpRyS.exe
  2⤵
  PID:3164
- C:\Windows\System\jVdIkLe.exe
  C:\Windows\System\jVdIkLe.exe
  2⤵
  PID:3180
- C:\Windows\System\IXJbjlp.exe
  C:\Windows\System\IXJbjlp.exe
  2⤵
  PID:3196
- C:\Windows\System\ZMzPuiw.exe
  C:\Windows\System\ZMzPuiw.exe
  2⤵
  PID:3212
- C:\Windows\System\dOKswBJ.exe
  C:\Windows\System\dOKswBJ.exe
  2⤵
  PID:3228
- C:\Windows\System\FzdRdma.exe
  C:\Windows\System\FzdRdma.exe
  2⤵
  PID:3244
- C:\Windows\System\eefxpbz.exe
  C:\Windows\System\eefxpbz.exe
  2⤵
  PID:3260
- C:\Windows\System\BVQzBcR.exe
  C:\Windows\System\BVQzBcR.exe
  2⤵
  PID:3276
- C:\Windows\System\bCFJvjq.exe
  C:\Windows\System\bCFJvjq.exe
  2⤵
  PID:3292
- C:\Windows\System\iAvIbhn.exe
  C:\Windows\System\iAvIbhn.exe
  2⤵
  PID:3308
- C:\Windows\System\KIgHNiu.exe
  C:\Windows\System\KIgHNiu.exe
  2⤵
  PID:3324
- C:\Windows\System\Luhlmsc.exe
  C:\Windows\System\Luhlmsc.exe
  2⤵
  PID:3340
- C:\Windows\System\kJwqLxX.exe
  C:\Windows\System\kJwqLxX.exe
  2⤵
  PID:3356
- C:\Windows\System\BMWAdQX.exe
  C:\Windows\System\BMWAdQX.exe
  2⤵
  PID:3372
- C:\Windows\System\wSDYlXT.exe
  C:\Windows\System\wSDYlXT.exe
  2⤵
  PID:3388
- C:\Windows\System\kxCSNEc.exe
  C:\Windows\System\kxCSNEc.exe
  2⤵
  PID:3404
- C:\Windows\System\AgqypZZ.exe
  C:\Windows\System\AgqypZZ.exe
  2⤵
  PID:3420
- C:\Windows\System\UTUcodu.exe
  C:\Windows\System\UTUcodu.exe
  2⤵
  PID:3436
- C:\Windows\System\HzneGfU.exe
  C:\Windows\System\HzneGfU.exe
  2⤵
  PID:3452
- C:\Windows\System\aHpjjNS.exe
  C:\Windows\System\aHpjjNS.exe
  2⤵
  PID:3468
- C:\Windows\System\YWzZaCE.exe
  C:\Windows\System\YWzZaCE.exe
  2⤵
  PID:3484
- C:\Windows\System\VIHYFKP.exe
  C:\Windows\System\VIHYFKP.exe
  2⤵
  PID:3500
- C:\Windows\System\fuTzGEB.exe
  C:\Windows\System\fuTzGEB.exe
  2⤵
  PID:3516
- C:\Windows\System\USnrylf.exe
  C:\Windows\System\USnrylf.exe
  2⤵
  PID:3532
- C:\Windows\System\eSEqUOR.exe
  C:\Windows\System\eSEqUOR.exe
  2⤵
  PID:3548
- C:\Windows\System\FqxPAWG.exe
  C:\Windows\System\FqxPAWG.exe
  2⤵
  PID:3564
- C:\Windows\System\PZcTIuc.exe
  C:\Windows\System\PZcTIuc.exe
  2⤵
  PID:3580
- C:\Windows\System\pJRGsEE.exe
  C:\Windows\System\pJRGsEE.exe
  2⤵
  PID:3596
- C:\Windows\System\KECZurh.exe
  C:\Windows\System\KECZurh.exe
  2⤵
  PID:3612
- C:\Windows\System\azXssAV.exe
  C:\Windows\System\azXssAV.exe
  2⤵
  PID:3628
- C:\Windows\System\BFWeGYz.exe
  C:\Windows\System\BFWeGYz.exe
  2⤵
  PID:3644
- C:\Windows\System\pzxviTi.exe
  C:\Windows\System\pzxviTi.exe
  2⤵
  PID:3660
- C:\Windows\System\AUXyQZd.exe
  C:\Windows\System\AUXyQZd.exe
  2⤵
  PID:3676
- C:\Windows\System\tCzapNH.exe
  C:\Windows\System\tCzapNH.exe
  2⤵
  PID:3692
- C:\Windows\System\tOyQngS.exe
  C:\Windows\System\tOyQngS.exe
  2⤵
  PID:3708
- C:\Windows\System\yGGXPHU.exe
  C:\Windows\System\yGGXPHU.exe
  2⤵
  PID:3724
- C:\Windows\System\zVkZFmc.exe
  C:\Windows\System\zVkZFmc.exe
  2⤵
  PID:3740
- C:\Windows\System\CffMqoI.exe
  C:\Windows\System\CffMqoI.exe
  2⤵
  PID:3756
- C:\Windows\System\EytqfZY.exe
  C:\Windows\System\EytqfZY.exe
  2⤵
  PID:3772
- C:\Windows\System\LiAZaJF.exe
  C:\Windows\System\LiAZaJF.exe
  2⤵
  PID:3788
- C:\Windows\System\fbECtUO.exe
  C:\Windows\System\fbECtUO.exe
  2⤵
  PID:3804
- C:\Windows\System\aodfTLO.exe
  C:\Windows\System\aodfTLO.exe
  2⤵
  PID:3820
- C:\Windows\System\dAapTAP.exe
  C:\Windows\System\dAapTAP.exe
  2⤵
  PID:3836
- C:\Windows\System\zxhhsye.exe
  C:\Windows\System\zxhhsye.exe
  2⤵
  PID:3852
- C:\Windows\System\wzEUDfm.exe
  C:\Windows\System\wzEUDfm.exe
  2⤵
  PID:3868
- C:\Windows\System\DzvXyCr.exe
  C:\Windows\System\DzvXyCr.exe
  2⤵
  PID:3888
- C:\Windows\System\fwGcKPV.exe
  C:\Windows\System\fwGcKPV.exe
  2⤵
  PID:3904
- C:\Windows\System\SQHJrlC.exe
  C:\Windows\System\SQHJrlC.exe
  2⤵
  PID:3920
- C:\Windows\System\YSfDgAH.exe
  C:\Windows\System\YSfDgAH.exe
  2⤵
  PID:3936
- C:\Windows\System\XosJCUd.exe
  C:\Windows\System\XosJCUd.exe
  2⤵
  PID:3952
- C:\Windows\System\OtJTtJI.exe
  C:\Windows\System\OtJTtJI.exe
  2⤵
  PID:3968
- C:\Windows\System\IrAxRRe.exe
  C:\Windows\System\IrAxRRe.exe
  2⤵
  PID:3984
- C:\Windows\System\DhdneAm.exe
  C:\Windows\System\DhdneAm.exe
  2⤵
  PID:4000
- C:\Windows\System\irOCLTR.exe
  C:\Windows\System\irOCLTR.exe
  2⤵
  PID:4016
- C:\Windows\System\TIbWDLY.exe
  C:\Windows\System\TIbWDLY.exe
  2⤵
  PID:4032
- C:\Windows\System\BrnCebK.exe
  C:\Windows\System\BrnCebK.exe
  2⤵
  PID:4048
- C:\Windows\System\zEIzsAR.exe
  C:\Windows\System\zEIzsAR.exe
  2⤵
  PID:4064
- C:\Windows\System\LjYcfuF.exe
  C:\Windows\System\LjYcfuF.exe
  2⤵
  PID:4080
- C:\Windows\System\kjMhSyF.exe
  C:\Windows\System\kjMhSyF.exe
  2⤵
  PID:2104
- C:\Windows\System\XacQJkD.exe
  C:\Windows\System\XacQJkD.exe
  2⤵
  PID:1748
- C:\Windows\System\XgTgtnj.exe
  C:\Windows\System\XgTgtnj.exe
  2⤵
  PID:2852
- C:\Windows\System\prdhzjF.exe
  C:\Windows\System\prdhzjF.exe
  2⤵
  PID:1648
- C:\Windows\System\WLjlREr.exe
  C:\Windows\System\WLjlREr.exe
  2⤵
  PID:2748
- C:\Windows\System\GTuMYtE.exe
  C:\Windows\System\GTuMYtE.exe
  2⤵
  PID:2020
- C:\Windows\System\fYLsIua.exe
  C:\Windows\System\fYLsIua.exe
  2⤵
  PID:316
- C:\Windows\System\xlDaGNp.exe
  C:\Windows\System\xlDaGNp.exe
  2⤵
  PID:2028
- C:\Windows\System\JhaZUgd.exe
  C:\Windows\System\JhaZUgd.exe
  2⤵
  PID:2600
- C:\Windows\System\sTRjOIH.exe
  C:\Windows\System\sTRjOIH.exe
  2⤵
  PID:1976
- C:\Windows\System\NeCegSq.exe
  C:\Windows\System\NeCegSq.exe
  2⤵
  PID:1332
- C:\Windows\System\wMcpTmy.exe
  C:\Windows\System\wMcpTmy.exe
  2⤵
  PID:1956
- C:\Windows\System\JpudPqb.exe
  C:\Windows\System\JpudPqb.exe
  2⤵
  PID:3092
- C:\Windows\System\lKEkRyU.exe
  C:\Windows\System\lKEkRyU.exe
  2⤵
  PID:3140
- C:\Windows\System\qXpsDBj.exe
  C:\Windows\System\qXpsDBj.exe
  2⤵
  PID:3172
- C:\Windows\System\sbuIutS.exe
  C:\Windows\System\sbuIutS.exe
  2⤵
  PID:3160
- C:\Windows\System\tYymxyL.exe
  C:\Windows\System\tYymxyL.exe
  2⤵
  PID:3236
- C:\Windows\System\TqkPPXx.exe
  C:\Windows\System\TqkPPXx.exe
  2⤵
  PID:3224
- C:\Windows\System\ZeJklkg.exe
  C:\Windows\System\ZeJklkg.exe
  2⤵
  PID:3300
- C:\Windows\System\sdHtcDJ.exe
  C:\Windows\System\sdHtcDJ.exe
  2⤵
  PID:3332
- C:\Windows\System\cwcpAaN.exe
  C:\Windows\System\cwcpAaN.exe
  2⤵
  PID:3348
- C:\Windows\System\tIrIPvT.exe
  C:\Windows\System\tIrIPvT.exe
  2⤵
  PID:3352
- C:\Windows\System\vAMQGUr.exe
  C:\Windows\System\vAMQGUr.exe
  2⤵
  PID:3380
- C:\Windows\System\YnYlpfe.exe
  C:\Windows\System\YnYlpfe.exe
  2⤵
  PID:3460
- C:\Windows\System\eBbPsqA.exe
  C:\Windows\System\eBbPsqA.exe
  2⤵
  PID:3492
- C:\Windows\System\ZBWZUPD.exe
  C:\Windows\System\ZBWZUPD.exe
  2⤵
  PID:3524
- C:\Windows\System\sQQkCmw.exe
  C:\Windows\System\sQQkCmw.exe
  2⤵
  PID:3512
- C:\Windows\System\vRefMhJ.exe
  C:\Windows\System\vRefMhJ.exe
  2⤵
  PID:3560
- C:\Windows\System\wPXcclm.exe
  C:\Windows\System\wPXcclm.exe
  2⤵
  PID:3620
- C:\Windows\System\MhDocNH.exe
  C:\Windows\System\MhDocNH.exe
  2⤵
  PID:3576
- C:\Windows\System\JOMczdR.exe
  C:\Windows\System\JOMczdR.exe
  2⤵
  PID:3640
- C:\Windows\System\FlfmpXe.exe
  C:\Windows\System\FlfmpXe.exe
  2⤵
  PID:3672
- C:\Windows\System\GLEEGAM.exe
  C:\Windows\System\GLEEGAM.exe
  2⤵
  PID:3704
- C:\Windows\System\uPLaZei.exe
  C:\Windows\System\uPLaZei.exe
  2⤵
  PID:3752
- C:\Windows\System\UxWyBpv.exe
  C:\Windows\System\UxWyBpv.exe
  2⤵
  PID:3764
- C:\Windows\System\dIgRGbO.exe
  C:\Windows\System\dIgRGbO.exe
  2⤵
  PID:3800
- C:\Windows\System\GAwTsEN.exe
  C:\Windows\System\GAwTsEN.exe
  2⤵
  PID:3832
- C:\Windows\System\ACNoBTy.exe
  C:\Windows\System\ACNoBTy.exe
  2⤵
  PID:3864
- C:\Windows\System\UWGcpJv.exe
  C:\Windows\System\UWGcpJv.exe
  2⤵
  PID:3928
- C:\Windows\System\APTUhIl.exe
  C:\Windows\System\APTUhIl.exe
  2⤵
  PID:3976
- C:\Windows\System\fZJeHRF.exe
  C:\Windows\System\fZJeHRF.exe
  2⤵
  PID:3932
- C:\Windows\System\yJYhQuZ.exe
  C:\Windows\System\yJYhQuZ.exe
  2⤵
  PID:4012
- C:\Windows\System\ygIPFjd.exe
  C:\Windows\System\ygIPFjd.exe
  2⤵
  PID:4028
- C:\Windows\System\sMnjZVB.exe
  C:\Windows\System\sMnjZVB.exe
  2⤵
  PID:4060
- C:\Windows\System\OXCKjDT.exe
  C:\Windows\System\OXCKjDT.exe
  2⤵
  PID:4092
- C:\Windows\System\cUpJEde.exe
  C:\Windows\System\cUpJEde.exe
  2⤵
  PID:696
- C:\Windows\System\wNWJkdS.exe
  C:\Windows\System\wNWJkdS.exe
  2⤵
  PID:2320
- C:\Windows\System\QBAwKDa.exe
  C:\Windows\System\QBAwKDa.exe
  2⤵
  PID:2672
- C:\Windows\System\GSgBaIQ.exe
  C:\Windows\System\GSgBaIQ.exe
  2⤵
  PID:2784
- C:\Windows\System\hurcXAm.exe
  C:\Windows\System\hurcXAm.exe
  2⤵
  PID:920
- C:\Windows\System\WIflPLS.exe
  C:\Windows\System\WIflPLS.exe
  2⤵
  PID:3204
- C:\Windows\System\UdHFQUx.exe
  C:\Windows\System\UdHFQUx.exe
  2⤵
  PID:3240
- C:\Windows\System\jWjTOPQ.exe
  C:\Windows\System\jWjTOPQ.exe
  2⤵
  PID:3304
- C:\Windows\System\vtcQdMy.exe
  C:\Windows\System\vtcQdMy.exe
  2⤵
  PID:3396
- C:\Windows\System\HLJTWwT.exe
  C:\Windows\System\HLJTWwT.exe
  2⤵
  PID:3416
- C:\Windows\System\DxSJdbP.exe
  C:\Windows\System\DxSJdbP.exe
  2⤵
  PID:3320
- C:\Windows\System\SLlsNWM.exe
  C:\Windows\System\SLlsNWM.exe
  2⤵
  PID:3652
- C:\Windows\System\DxCSMol.exe
  C:\Windows\System\DxCSMol.exe
  2⤵
  PID:3732
- C:\Windows\System\ujxkqsj.exe
  C:\Windows\System\ujxkqsj.exe
  2⤵
  PID:3880
- C:\Windows\System\AbRPUTp.exe
  C:\Windows\System\AbRPUTp.exe
  2⤵
  PID:2832
- C:\Windows\System\DjirosQ.exe
  C:\Windows\System\DjirosQ.exe
  2⤵
  PID:3992
- C:\Windows\System\pnhvOsd.exe
  C:\Windows\System\pnhvOsd.exe
  2⤵
  PID:2096
- C:\Windows\System\EeGZKaU.exe
  C:\Windows\System\EeGZKaU.exe
  2⤵
  PID:3528
- C:\Windows\System\LFFZYPN.exe
  C:\Windows\System\LFFZYPN.exe
  2⤵
  PID:3636
- C:\Windows\System\aoXXthm.exe
  C:\Windows\System\aoXXthm.exe
  2⤵
  PID:4104
- C:\Windows\System\CRocdFs.exe
  C:\Windows\System\CRocdFs.exe
  2⤵
  PID:4120
- C:\Windows\System\uiADCcT.exe
  C:\Windows\System\uiADCcT.exe
  2⤵
  PID:4136
- C:\Windows\System\WKBJAZC.exe
  C:\Windows\System\WKBJAZC.exe
  2⤵
  PID:4152
- C:\Windows\System\XWKEtxV.exe
  C:\Windows\System\XWKEtxV.exe
  2⤵
  PID:4168
- C:\Windows\System\ZMxfnZU.exe
  C:\Windows\System\ZMxfnZU.exe
  2⤵
  PID:4184
- C:\Windows\System\fKDMqrd.exe
  C:\Windows\System\fKDMqrd.exe
  2⤵
  PID:4200
- C:\Windows\System\YbVbzep.exe
  C:\Windows\System\YbVbzep.exe
  2⤵
  PID:4216
- C:\Windows\System\cVHWSSz.exe
  C:\Windows\System\cVHWSSz.exe
  2⤵
  PID:4232
- C:\Windows\System\POUfgVu.exe
  C:\Windows\System\POUfgVu.exe
  2⤵
  PID:4248
- C:\Windows\System\usSKVLM.exe
  C:\Windows\System\usSKVLM.exe
  2⤵
  PID:4264
- C:\Windows\System\HicyLbt.exe
  C:\Windows\System\HicyLbt.exe
  2⤵
  PID:4280
- C:\Windows\System\FkVpKLG.exe
  C:\Windows\System\FkVpKLG.exe
  2⤵
  PID:4296
- C:\Windows\System\cgvkdPn.exe
  C:\Windows\System\cgvkdPn.exe
  2⤵
  PID:4312
- C:\Windows\System\iTqcVdv.exe
  C:\Windows\System\iTqcVdv.exe
  2⤵
  PID:4328
- C:\Windows\System\ELwPeVS.exe
  C:\Windows\System\ELwPeVS.exe
  2⤵
  PID:4344
- C:\Windows\System\hBAYMxJ.exe
  C:\Windows\System\hBAYMxJ.exe
  2⤵
  PID:4360
- C:\Windows\System\ihNWyBN.exe
  C:\Windows\System\ihNWyBN.exe
  2⤵
  PID:4376
- C:\Windows\System\EZqwgGy.exe
  C:\Windows\System\EZqwgGy.exe
  2⤵
  PID:4392
- C:\Windows\System\vhmnyoe.exe
  C:\Windows\System\vhmnyoe.exe
  2⤵
  PID:4408
- C:\Windows\System\QWVqhyt.exe
  C:\Windows\System\QWVqhyt.exe
  2⤵
  PID:4424
- C:\Windows\System\AzcgpqL.exe
  C:\Windows\System\AzcgpqL.exe
  2⤵
  PID:4440
- C:\Windows\System\TtXdZpV.exe
  C:\Windows\System\TtXdZpV.exe
  2⤵
  PID:4456
- C:\Windows\System\hwLsDQG.exe
  C:\Windows\System\hwLsDQG.exe
  2⤵
  PID:4472
- C:\Windows\System\rkROFUu.exe
  C:\Windows\System\rkROFUu.exe
  2⤵
  PID:4488
- C:\Windows\System\DCUwjDX.exe
  C:\Windows\System\DCUwjDX.exe
  2⤵
  PID:4504
- C:\Windows\System\mEMSBhi.exe
  C:\Windows\System\mEMSBhi.exe
  2⤵
  PID:4520
- C:\Windows\System\NRROeiC.exe
  C:\Windows\System\NRROeiC.exe
  2⤵
  PID:4536
- C:\Windows\System\aEJOfUq.exe
  C:\Windows\System\aEJOfUq.exe
  2⤵
  PID:4552
- C:\Windows\System\pVelOst.exe
  C:\Windows\System\pVelOst.exe
  2⤵
  PID:4568
- C:\Windows\System\lqCLsJQ.exe
  C:\Windows\System\lqCLsJQ.exe
  2⤵
  PID:4584
- C:\Windows\System\EmgxNQD.exe
  C:\Windows\System\EmgxNQD.exe
  2⤵
  PID:4600
- C:\Windows\System\rSOLhvF.exe
  C:\Windows\System\rSOLhvF.exe
  2⤵
  PID:4616
- C:\Windows\System\jgGOYpa.exe
  C:\Windows\System\jgGOYpa.exe
  2⤵
  PID:4632
- C:\Windows\System\wjsNAXB.exe
  C:\Windows\System\wjsNAXB.exe
  2⤵
  PID:4648
- C:\Windows\System\QUDGqUJ.exe
  C:\Windows\System\QUDGqUJ.exe
  2⤵
  PID:4664
- C:\Windows\System\jrHEUZl.exe
  C:\Windows\System\jrHEUZl.exe
  2⤵
  PID:4680
- C:\Windows\System\CGEEJev.exe
  C:\Windows\System\CGEEJev.exe
  2⤵
  PID:4696
- C:\Windows\System\trCGAMs.exe
  C:\Windows\System\trCGAMs.exe
  2⤵
  PID:4712
- C:\Windows\System\xabkQzc.exe
  C:\Windows\System\xabkQzc.exe
  2⤵
  PID:4728
- C:\Windows\System\UqLqyRB.exe
  C:\Windows\System\UqLqyRB.exe
  2⤵
  PID:4744
- C:\Windows\System\xbcQqTt.exe
  C:\Windows\System\xbcQqTt.exe
  2⤵
  PID:4760
- C:\Windows\System\fNvJyMU.exe
  C:\Windows\System\fNvJyMU.exe
  2⤵
  PID:4776
- C:\Windows\System\fJHvuLO.exe
  C:\Windows\System\fJHvuLO.exe
  2⤵
  PID:4792
- C:\Windows\System\QMsrOCO.exe
  C:\Windows\System\QMsrOCO.exe
  2⤵
  PID:4808
- C:\Windows\System\ETeRKos.exe
  C:\Windows\System\ETeRKos.exe
  2⤵
  PID:4824
- C:\Windows\System\OXmFBou.exe
  C:\Windows\System\OXmFBou.exe
  2⤵
  PID:4840
- C:\Windows\System\bNqohLO.exe
  C:\Windows\System\bNqohLO.exe
  2⤵
  PID:4856
- C:\Windows\System\eepAqna.exe
  C:\Windows\System\eepAqna.exe
  2⤵
  PID:4872
- C:\Windows\System\aYbTNAt.exe
  C:\Windows\System\aYbTNAt.exe
  2⤵
  PID:4888
- C:\Windows\System\aItZUTb.exe
  C:\Windows\System\aItZUTb.exe
  2⤵
  PID:4904
- C:\Windows\System\uwYLJjF.exe
  C:\Windows\System\uwYLJjF.exe
  2⤵
  PID:4920
- C:\Windows\System\LQqeMrP.exe
  C:\Windows\System\LQqeMrP.exe
  2⤵
  PID:4936
- C:\Windows\System\JPDhrOC.exe
  C:\Windows\System\JPDhrOC.exe
  2⤵
  PID:4952
- C:\Windows\System\qjdDSmd.exe
  C:\Windows\System\qjdDSmd.exe
  2⤵
  PID:4968
- C:\Windows\System\lDPMFOS.exe
  C:\Windows\System\lDPMFOS.exe
  2⤵
  PID:4984
- C:\Windows\System\UMxTkec.exe
  C:\Windows\System\UMxTkec.exe
  2⤵
  PID:5000
- C:\Windows\System\NuxzowX.exe
  C:\Windows\System\NuxzowX.exe
  2⤵
  PID:5016
- C:\Windows\System\nSRTtjF.exe
  C:\Windows\System\nSRTtjF.exe
  2⤵
  PID:5032
- C:\Windows\System\CXpdeZL.exe
  C:\Windows\System\CXpdeZL.exe
  2⤵
  PID:5052
- C:\Windows\System\bKaZnVT.exe
  C:\Windows\System\bKaZnVT.exe
  2⤵
  PID:5068
- C:\Windows\System\MQxfGVa.exe
  C:\Windows\System\MQxfGVa.exe
  2⤵
  PID:5084
- C:\Windows\System\CTmAJxb.exe
  C:\Windows\System\CTmAJxb.exe
  2⤵
  PID:5100
- C:\Windows\System\JFaRwHr.exe
  C:\Windows\System\JFaRwHr.exe
  2⤵
  PID:5116
- C:\Windows\System\KKVEjfP.exe
  C:\Windows\System\KKVEjfP.exe
  2⤵
  PID:3088
- C:\Windows\System\GkqcrjU.exe
  C:\Windows\System\GkqcrjU.exe
  2⤵
  PID:3316
- C:\Windows\System\wskevTN.exe
  C:\Windows\System\wskevTN.exe
  2⤵
  PID:3736
- C:\Windows\System\DIPLnxt.exe
  C:\Windows\System\DIPLnxt.exe
  2⤵
  PID:3916
- C:\Windows\System\kBtECbL.exe
  C:\Windows\System\kBtECbL.exe
  2⤵
  PID:3432
- C:\Windows\System\hnIoCsy.exe
  C:\Windows\System\hnIoCsy.exe
  2⤵
  PID:996
- C:\Windows\System\MDgcWrE.exe
  C:\Windows\System\MDgcWrE.exe
  2⤵
  PID:3592
- C:\Windows\System\CPlSRLa.exe
  C:\Windows\System\CPlSRLa.exe
  2⤵
  PID:2428
- C:\Windows\System\OHqCPsR.exe
  C:\Windows\System\OHqCPsR.exe
  2⤵
  PID:3816
- C:\Windows\System\TxsgMrP.exe
  C:\Windows\System\TxsgMrP.exe
  2⤵
  PID:3540
- C:\Windows\System\yTsQdrT.exe
  C:\Windows\System\yTsQdrT.exe
  2⤵
  PID:3288
- C:\Windows\System\medUFyA.exe
  C:\Windows\System\medUFyA.exe
  2⤵
  PID:3948
- C:\Windows\System\hLFmPds.exe
  C:\Windows\System\hLFmPds.exe
  2⤵
  PID:4208
- C:\Windows\System\UBWzdsk.exe
  C:\Windows\System\UBWzdsk.exe
  2⤵
  PID:4244
- C:\Windows\System\VucEOvS.exe
  C:\Windows\System\VucEOvS.exe
  2⤵
  PID:4272
- C:\Windows\System\PZtAlgj.exe
  C:\Windows\System\PZtAlgj.exe
  2⤵
  PID:1604
- C:\Windows\System\EfcgYxA.exe
  C:\Windows\System\EfcgYxA.exe
  2⤵
  PID:4160
- C:\Windows\System\dBPCeQz.exe
  C:\Windows\System\dBPCeQz.exe
  2⤵
  PID:3700
- C:\Windows\System\wJKUzkO.exe
  C:\Windows\System\wJKUzkO.exe
  2⤵
  PID:4308
- C:\Windows\System\fZRelqq.exe
  C:\Windows\System\fZRelqq.exe
  2⤵
  PID:4340
- C:\Windows\System\gsAQQLx.exe
  C:\Windows\System\gsAQQLx.exe
  2⤵
  PID:4372
- C:\Windows\System\tprzkgA.exe
  C:\Windows\System\tprzkgA.exe
  2⤵
  PID:4404
- C:\Windows\System\qdHcWYx.exe
  C:\Windows\System\qdHcWYx.exe
  2⤵
  PID:4436
- C:\Windows\System\UbWioEM.exe
  C:\Windows\System\UbWioEM.exe
  2⤵
  PID:4448
- C:\Windows\System\uVuZSKB.exe
  C:\Windows\System\uVuZSKB.exe
  2⤵
  PID:4484
- C:\Windows\System\WgErtED.exe
  C:\Windows\System\WgErtED.exe
  2⤵
  PID:4516
- C:\Windows\System\aWAmFBQ.exe
  C:\Windows\System\aWAmFBQ.exe
  2⤵
  PID:4544
- C:\Windows\System\zUBeJQD.exe
  C:\Windows\System\zUBeJQD.exe
  2⤵
  PID:4624
- C:\Windows\System\clYoVcM.exe
  C:\Windows\System\clYoVcM.exe
  2⤵
  PID:3272
- C:\Windows\System\hzIwUDo.exe
  C:\Windows\System\hzIwUDo.exe
  2⤵
  PID:4660
- C:\Windows\System\UpUKaLS.exe
  C:\Windows\System\UpUKaLS.exe
  2⤵
  PID:4692
- C:\Windows\System\VtEalUW.exe
  C:\Windows\System\VtEalUW.exe
  2⤵
  PID:4676
- C:\Windows\System\qvQJcZv.exe
  C:\Windows\System\qvQJcZv.exe
  2⤵
  PID:4756
- C:\Windows\System\NxTyiTK.exe
  C:\Windows\System\NxTyiTK.exe
  2⤵
  PID:4740
- C:\Windows\System\emuPDMJ.exe
  C:\Windows\System\emuPDMJ.exe
  2⤵
  PID:4820
- C:\Windows\System\HAvYMrQ.exe
  C:\Windows\System\HAvYMrQ.exe
  2⤵
  PID:4832
- C:\Windows\System\NqgWHVk.exe
  C:\Windows\System\NqgWHVk.exe
  2⤵
  PID:4912
- C:\Windows\System\aUqHUxF.exe
  C:\Windows\System\aUqHUxF.exe
  2⤵
  PID:4976
- C:\Windows\System\FYHAUcp.exe
  C:\Windows\System\FYHAUcp.exe
  2⤵
  PID:4868
- C:\Windows\System\cuBOAdk.exe
  C:\Windows\System\cuBOAdk.exe
  2⤵
  PID:4932
- C:\Windows\System\PUodixO.exe
  C:\Windows\System\PUodixO.exe
  2⤵
  PID:5012
- C:\Windows\System\JSoUfyM.exe
  C:\Windows\System\JSoUfyM.exe
  2⤵
  PID:5080
- C:\Windows\System\NjdRrQg.exe
  C:\Windows\System\NjdRrQg.exe
  2⤵
  PID:4992
- C:\Windows\System\OOJnpvq.exe
  C:\Windows\System\OOJnpvq.exe
  2⤵
  PID:4996
- C:\Windows\System\GEbIqvr.exe
  C:\Windows\System\GEbIqvr.exe
  2⤵
  PID:3844
- C:\Windows\System\FNaeoDn.exe
  C:\Windows\System\FNaeoDn.exe
  2⤵
  PID:4112
- C:\Windows\System\wgaFcZp.exe
  C:\Windows\System\wgaFcZp.exe
  2⤵
  PID:5096
- C:\Windows\System\MRjrxGI.exe
  C:\Windows\System\MRjrxGI.exe
  2⤵
  PID:568
- C:\Windows\System\wkmqiWG.exe
  C:\Windows\System\wkmqiWG.exe
  2⤵
  PID:4144
- C:\Windows\System\kBTTZWQ.exe
  C:\Windows\System\kBTTZWQ.exe
  2⤵
  PID:4256
- C:\Windows\System\fljEBnJ.exe
  C:\Windows\System\fljEBnJ.exe
  2⤵
  PID:4320
- C:\Windows\System\jJWWHxN.exe
  C:\Windows\System\jJWWHxN.exe
  2⤵
  PID:3192
- C:\Windows\System\PCJecSQ.exe
  C:\Windows\System\PCJecSQ.exe
  2⤵
  PID:4056
- C:\Windows\System\dHCCOco.exe
  C:\Windows\System\dHCCOco.exe
  2⤵
  PID:4224
- C:\Windows\System\uzZYdyz.exe
  C:\Windows\System\uzZYdyz.exe
  2⤵
  PID:4400
- C:\Windows\System\GDDVBUq.exe
  C:\Windows\System\GDDVBUq.exe
  2⤵
  PID:4192
- C:\Windows\System\wuQIQBV.exe
  C:\Windows\System\wuQIQBV.exe
  2⤵
  PID:4548
- C:\Windows\System\QDBEeGA.exe
  C:\Windows\System\QDBEeGA.exe
  2⤵
  PID:4480
- C:\Windows\System\HOcIVCo.exe
  C:\Windows\System\HOcIVCo.exe
  2⤵
  PID:4352
- C:\Windows\System\AmCLToN.exe
  C:\Windows\System\AmCLToN.exe
  2⤵
  PID:4612
- C:\Windows\System\fJjvohW.exe
  C:\Windows\System\fJjvohW.exe
  2⤵
  PID:4580
- C:\Windows\System\BqFFrSX.exe
  C:\Windows\System\BqFFrSX.exe
  2⤵
  PID:4800
- C:\Windows\System\sEnMvyk.exe
  C:\Windows\System\sEnMvyk.exe
  2⤵
  PID:4804
- C:\Windows\System\xCmXEQq.exe
  C:\Windows\System\xCmXEQq.exe
  2⤵
  PID:4900
- C:\Windows\System\ZuOzWNK.exe
  C:\Windows\System\ZuOzWNK.exe
  2⤵
  PID:4928
- C:\Windows\System\RbhdUHI.exe
  C:\Windows\System\RbhdUHI.exe
  2⤵
  PID:5076
- C:\Windows\System\fJbfYHT.exe
  C:\Windows\System\fJbfYHT.exe
  2⤵
  PID:4964
- C:\Windows\System\kJhpFbj.exe
  C:\Windows\System\kJhpFbj.exe
  2⤵
  PID:5092
- C:\Windows\System\ljKkKbk.exe
  C:\Windows\System\ljKkKbk.exe
  2⤵
  PID:3480
- C:\Windows\System\QgKcSDR.exe
  C:\Windows\System\QgKcSDR.exe
  2⤵
  PID:2856
- C:\Windows\System\MoNlokO.exe
  C:\Windows\System\MoNlokO.exe
  2⤵
  PID:4008
- C:\Windows\System\OcNsObk.exe
  C:\Windows\System\OcNsObk.exe
  2⤵
  PID:3784
- C:\Windows\System\qetApat.exe
  C:\Windows\System\qetApat.exe
  2⤵
  PID:4164
- C:\Windows\System\HLpCaec.exe
  C:\Windows\System\HLpCaec.exe
  2⤵
  PID:5128
- C:\Windows\System\EEiyOPL.exe
  C:\Windows\System\EEiyOPL.exe
  2⤵
  PID:5144
- C:\Windows\System\VHLDefV.exe
  C:\Windows\System\VHLDefV.exe
  2⤵
  PID:5160
- C:\Windows\System\ZVTMnVZ.exe
  C:\Windows\System\ZVTMnVZ.exe
  2⤵
  PID:5176
- C:\Windows\System\fXHEKEa.exe
  C:\Windows\System\fXHEKEa.exe
  2⤵
  PID:5192
- C:\Windows\System\lJUhACd.exe
  C:\Windows\System\lJUhACd.exe
  2⤵
  PID:5208
- C:\Windows\System\khiEpgJ.exe
  C:\Windows\System\khiEpgJ.exe
  2⤵
  PID:5224
- C:\Windows\System\ZnsjsXk.exe
  C:\Windows\System\ZnsjsXk.exe
  2⤵
  PID:5240
- C:\Windows\System\ZLCShgN.exe
  C:\Windows\System\ZLCShgN.exe
  2⤵
  PID:5256
- C:\Windows\System\jzgpuBL.exe
  C:\Windows\System\jzgpuBL.exe
  2⤵
  PID:5272
- C:\Windows\System\aNiRHWJ.exe
  C:\Windows\System\aNiRHWJ.exe
  2⤵
  PID:5288
- C:\Windows\System\UCwGpjo.exe
  C:\Windows\System\UCwGpjo.exe
  2⤵
  PID:5304
- C:\Windows\System\FsKteKe.exe
  C:\Windows\System\FsKteKe.exe
  2⤵
  PID:5320
- C:\Windows\System\CtkfWIV.exe
  C:\Windows\System\CtkfWIV.exe
  2⤵
  PID:5336
- C:\Windows\System\ifLTONi.exe
  C:\Windows\System\ifLTONi.exe
  2⤵
  PID:5352
- C:\Windows\System\TYHqszd.exe
  C:\Windows\System\TYHqszd.exe
  2⤵
  PID:5368
- C:\Windows\System\hpcjszV.exe
  C:\Windows\System\hpcjszV.exe
  2⤵
  PID:5384
- C:\Windows\System\cZelJAM.exe
  C:\Windows\System\cZelJAM.exe
  2⤵
  PID:5400
- C:\Windows\System\JgHbLsy.exe
  C:\Windows\System\JgHbLsy.exe
  2⤵
  PID:5416
- C:\Windows\System\aZwHeyC.exe
  C:\Windows\System\aZwHeyC.exe
  2⤵
  PID:5432
- C:\Windows\System\DitWSWo.exe
  C:\Windows\System\DitWSWo.exe
  2⤵
  PID:5448
- C:\Windows\System\kQwSXHv.exe
  C:\Windows\System\kQwSXHv.exe
  2⤵
  PID:5464
- C:\Windows\System\wNXBaAN.exe
  C:\Windows\System\wNXBaAN.exe
  2⤵
  PID:5480
- C:\Windows\System\fiAarvr.exe
  C:\Windows\System\fiAarvr.exe
  2⤵
  PID:5496
- C:\Windows\System\eqEAFap.exe
  C:\Windows\System\eqEAFap.exe
  2⤵
  PID:5512
- C:\Windows\System\PkOTyGC.exe
  C:\Windows\System\PkOTyGC.exe
  2⤵
  PID:5532
- C:\Windows\System\KgoiFMG.exe
  C:\Windows\System\KgoiFMG.exe
  2⤵
  PID:5548
- C:\Windows\System\KVBtrpz.exe
  C:\Windows\System\KVBtrpz.exe
  2⤵
  PID:5572
- C:\Windows\System\sXfskQY.exe
  C:\Windows\System\sXfskQY.exe
  2⤵
  PID:5588
- C:\Windows\System\yNCDDOM.exe
  C:\Windows\System\yNCDDOM.exe
  2⤵
  PID:5604
- C:\Windows\System\ZYuAIUJ.exe
  C:\Windows\System\ZYuAIUJ.exe
  2⤵
  PID:5620
- C:\Windows\System\QRhLtwh.exe
  C:\Windows\System\QRhLtwh.exe
  2⤵
  PID:5636
- C:\Windows\System\FcaciPD.exe
  C:\Windows\System\FcaciPD.exe
  2⤵
  PID:5652
- C:\Windows\System\CLPbsoY.exe
  C:\Windows\System\CLPbsoY.exe
  2⤵
  PID:5668
- C:\Windows\System\Fikkatt.exe
  C:\Windows\System\Fikkatt.exe
  2⤵
  PID:5684
- C:\Windows\System\AwfmlOE.exe
  C:\Windows\System\AwfmlOE.exe
  2⤵
  PID:5700
- C:\Windows\System\FDZDeVv.exe
  C:\Windows\System\FDZDeVv.exe
  2⤵
  PID:5716
- C:\Windows\System\idASKTb.exe
  C:\Windows\System\idASKTb.exe
  2⤵
  PID:5736
- C:\Windows\System\AATgolD.exe
  C:\Windows\System\AATgolD.exe
  2⤵
  PID:5752
- C:\Windows\System\PnRqSta.exe
  C:\Windows\System\PnRqSta.exe
  2⤵
  PID:5768
- C:\Windows\System\lZpXzVB.exe
  C:\Windows\System\lZpXzVB.exe
  2⤵
  PID:5784
- C:\Windows\System\LYrpiSg.exe
  C:\Windows\System\LYrpiSg.exe
  2⤵
  PID:5800
- C:\Windows\System\ADZyMgM.exe
  C:\Windows\System\ADZyMgM.exe
  2⤵
  PID:5816
- C:\Windows\System\cjqTeCk.exe
  C:\Windows\System\cjqTeCk.exe
  2⤵
  PID:5832
- C:\Windows\System\gxxdYRa.exe
  C:\Windows\System\gxxdYRa.exe
  2⤵
  PID:5848
- C:\Windows\System\xfXlFbE.exe
  C:\Windows\System\xfXlFbE.exe
  2⤵
  PID:5864
- C:\Windows\System\dgeFgmY.exe
  C:\Windows\System\dgeFgmY.exe
  2⤵
  PID:5880
- C:\Windows\System\bxSJQxE.exe
  C:\Windows\System\bxSJQxE.exe
  2⤵
  PID:5896
- C:\Windows\System\jEGDDmE.exe
  C:\Windows\System\jEGDDmE.exe
  2⤵
  PID:5912
- C:\Windows\System\AkCURFc.exe
  C:\Windows\System\AkCURFc.exe
  2⤵
  PID:5928
- C:\Windows\System\iVEeqZq.exe
  C:\Windows\System\iVEeqZq.exe
  2⤵
  PID:5944
- C:\Windows\System\TDGuHKj.exe
  C:\Windows\System\TDGuHKj.exe
  2⤵
  PID:5960
- C:\Windows\System\AmwyDuq.exe
  C:\Windows\System\AmwyDuq.exe
  2⤵
  PID:5976
- C:\Windows\System\GNpATtZ.exe
  C:\Windows\System\GNpATtZ.exe
  2⤵
  PID:5992
- C:\Windows\System\bhxcxbD.exe
  C:\Windows\System\bhxcxbD.exe
  2⤵
  PID:6008
- C:\Windows\System\JPGhZuS.exe
  C:\Windows\System\JPGhZuS.exe
  2⤵
  PID:6024
- C:\Windows\System\JmdfiJy.exe
  C:\Windows\System\JmdfiJy.exe
  2⤵
  PID:6040
- C:\Windows\System\BrZHtqf.exe
  C:\Windows\System\BrZHtqf.exe
  2⤵
  PID:6056
- C:\Windows\System\eDtIUKJ.exe
  C:\Windows\System\eDtIUKJ.exe
  2⤵
  PID:6072
- C:\Windows\System\PGctjoN.exe
  C:\Windows\System\PGctjoN.exe
  2⤵
  PID:6088
- C:\Windows\System\marnyNx.exe
  C:\Windows\System\marnyNx.exe
  2⤵
  PID:6104
- C:\Windows\System\REkHMCT.exe
  C:\Windows\System\REkHMCT.exe
  2⤵
  PID:6120
- C:\Windows\System\VvotYTU.exe
  C:\Windows\System\VvotYTU.exe
  2⤵
  PID:6136
- C:\Windows\System\wPbVzna.exe
  C:\Windows\System\wPbVzna.exe
  2⤵
  PID:4656
- C:\Windows\System\PsXZmnY.exe
  C:\Windows\System\PsXZmnY.exe
  2⤵
  PID:4816
- C:\Windows\System\UTDZrXc.exe
  C:\Windows\System\UTDZrXc.exe
  2⤵
  PID:4024
- C:\Windows\System\MLnKMpq.exe
  C:\Windows\System\MLnKMpq.exe
  2⤵
  PID:4304
- C:\Windows\System\lvuKxWV.exe
  C:\Windows\System\lvuKxWV.exe
  2⤵
  PID:2828
- C:\Windows\System\HqcnGNE.exe
  C:\Windows\System\HqcnGNE.exe
  2⤵
  PID:5184
- C:\Windows\System\NocGpjK.exe
  C:\Windows\System\NocGpjK.exe
  2⤵
  PID:5248
- C:\Windows\System\ymBjkel.exe
  C:\Windows\System\ymBjkel.exe
  2⤵
  PID:5280
- C:\Windows\System\YFboYSx.exe
  C:\Windows\System\YFboYSx.exe
  2⤵
  PID:4416
- C:\Windows\System\dqLfjiH.exe
  C:\Windows\System\dqLfjiH.exe
  2⤵
  PID:4880
- C:\Windows\System\gGSiNaU.exe
  C:\Windows\System\gGSiNaU.exe
  2⤵
  PID:5348
- C:\Windows\System\pgIhvcY.exe
  C:\Windows\System\pgIhvcY.exe
  2⤵
  PID:3368
- C:\Windows\System\hbddcDi.exe
  C:\Windows\System\hbddcDi.exe
  2⤵
  PID:4128
- C:\Windows\System\jEzpxHJ.exe
  C:\Windows\System\jEzpxHJ.exe
  2⤵
  PID:5380
- C:\Windows\System\BEqzzOb.exe
  C:\Windows\System\BEqzzOb.exe
  2⤵
  PID:5172
- C:\Windows\System\ySIKUJm.exe
  C:\Windows\System\ySIKUJm.exe
  2⤵
  PID:5440
- C:\Windows\System\TEaRyZW.exe
  C:\Windows\System\TEaRyZW.exe
  2⤵
  PID:5444
- C:\Windows\System\UlCwqMn.exe
  C:\Windows\System\UlCwqMn.exe
  2⤵
  PID:5328
- C:\Windows\System\FWwTlCY.exe
  C:\Windows\System\FWwTlCY.exe
  2⤵
  PID:5264
- C:\Windows\System\zDucTKI.exe
  C:\Windows\System\zDucTKI.exe
  2⤵
  PID:5504
- C:\Windows\System\VdFSgOc.exe
  C:\Windows\System\VdFSgOc.exe
  2⤵
  PID:5492
- C:\Windows\System\XTyyxEl.exe
  C:\Windows\System\XTyyxEl.exe
  2⤵
  PID:5424
- C:\Windows\System\kjUiSof.exe
  C:\Windows\System\kjUiSof.exe
  2⤵
  PID:2868
- C:\Windows\System\qWekacS.exe
  C:\Windows\System\qWekacS.exe
  2⤵
  PID:5584
- C:\Windows\System\TOANqET.exe
  C:\Windows\System\TOANqET.exe
  2⤵
  PID:5596
- C:\Windows\System\YvOqDeD.exe
  C:\Windows\System\YvOqDeD.exe
  2⤵
  PID:5648
- C:\Windows\System\FvOSpWg.exe
  C:\Windows\System\FvOSpWg.exe
  2⤵
  PID:5632
- C:\Windows\System\iTehPaL.exe
  C:\Windows\System\iTehPaL.exe
  2⤵
  PID:5664
- C:\Windows\System\sLjYiDh.exe
  C:\Windows\System\sLjYiDh.exe
  2⤵
  PID:560
- C:\Windows\System\cUcAEiJ.exe
  C:\Windows\System\cUcAEiJ.exe
  2⤵
  PID:1756
- C:\Windows\System\yxJDYNG.exe
  C:\Windows\System\yxJDYNG.exe
  2⤵
  PID:5760
- C:\Windows\System\VArccpz.exe
  C:\Windows\System\VArccpz.exe
  2⤵
  PID:5792
- C:\Windows\System\OeEHpPk.exe
  C:\Windows\System\OeEHpPk.exe
  2⤵
  PID:5840
- C:\Windows\System\ptdRXRs.exe
  C:\Windows\System\ptdRXRs.exe
  2⤵
  PID:5876
- C:\Windows\System\ZQbgBYW.exe
  C:\Windows\System\ZQbgBYW.exe
  2⤵
  PID:5888
- C:\Windows\System\lSkdeoY.exe
  C:\Windows\System\lSkdeoY.exe
  2⤵
  PID:5940
- C:\Windows\System\yUoliuw.exe
  C:\Windows\System\yUoliuw.exe
  2⤵
  PID:5952
- C:\Windows\System\KMTCFzt.exe
  C:\Windows\System\KMTCFzt.exe
  2⤵
  PID:5984
- C:\Windows\System\flHohjk.exe
  C:\Windows\System\flHohjk.exe
  2⤵
  PID:6032
- C:\Windows\System\aAKUQrz.exe
  C:\Windows\System\aAKUQrz.exe
  2⤵
  PID:6068
- C:\Windows\System\hnoNajk.exe
  C:\Windows\System\hnoNajk.exe
  2⤵
  PID:1288
- C:\Windows\System\LBQgrCu.exe
  C:\Windows\System\LBQgrCu.exe
  2⤵
  PID:6112
- C:\Windows\System\iYzxsRw.exe
  C:\Windows\System\iYzxsRw.exe
  2⤵
  PID:6116
- C:\Windows\System\qcyGjku.exe
  C:\Windows\System\qcyGjku.exe
  2⤵
  PID:2684
- C:\Windows\System\gkzJfrM.exe
  C:\Windows\System\gkzJfrM.exe
  2⤵
  PID:5044
- C:\Windows\System\llCavPO.exe
  C:\Windows\System\llCavPO.exe
  2⤵
  PID:4528
- C:\Windows\System\VaufcKh.exe
  C:\Windows\System\VaufcKh.exe
  2⤵
  PID:4752
- C:\Windows\System\KLJjMwG.exe
  C:\Windows\System\KLJjMwG.exe
  2⤵
  PID:4708
- C:\Windows\System\PyPzTUf.exe
  C:\Windows\System\PyPzTUf.exe
  2⤵
  PID:4388
- C:\Windows\System\mpcmqsv.exe
  C:\Windows\System\mpcmqsv.exe
  2⤵
  PID:2128
- C:\Windows\System\kADvxQd.exe
  C:\Windows\System\kADvxQd.exe
  2⤵
  PID:5136
- C:\Windows\System\AYEBLLO.exe
  C:\Windows\System\AYEBLLO.exe
  2⤵
  PID:3960
- C:\Windows\System\XkhiMYA.exe
  C:\Windows\System\XkhiMYA.exe
  2⤵
  PID:5472
- C:\Windows\System\tIqqUGl.exe
  C:\Windows\System\tIqqUGl.exe
  2⤵
  PID:5392
- C:\Windows\System\cOZpRJV.exe
  C:\Windows\System\cOZpRJV.exe
  2⤵
  PID:5428
- C:\Windows\System\MhjkabY.exe
  C:\Windows\System\MhjkabY.exe
  2⤵
  PID:5568
- C:\Windows\System\YaeCUEn.exe
  C:\Windows\System\YaeCUEn.exe
  2⤵
  PID:5676
- C:\Windows\System\tIGxXFr.exe
  C:\Windows\System\tIGxXFr.exe
  2⤵
  PID:5612
- C:\Windows\System\ojadjkb.exe
  C:\Windows\System\ojadjkb.exe
  2⤵
  PID:5696
- C:\Windows\System\zgRvWzh.exe
  C:\Windows\System\zgRvWzh.exe
  2⤵
  PID:5872
- C:\Windows\System\kkzOXro.exe
  C:\Windows\System\kkzOXro.exe
  2⤵
  PID:5828
- C:\Windows\System\NeXoVXa.exe
  C:\Windows\System\NeXoVXa.exe
  2⤵
  PID:5936
- C:\Windows\System\yIRpuaf.exe
  C:\Windows\System\yIRpuaf.exe
  2⤵
  PID:6000
- C:\Windows\System\FXOEyjp.exe
  C:\Windows\System\FXOEyjp.exe
  2⤵
  PID:5968
- C:\Windows\System\AWsossU.exe
  C:\Windows\System\AWsossU.exe
  2⤵
  PID:6084
- C:\Windows\System\PSnssOv.exe
  C:\Windows\System\PSnssOv.exe
  2⤵
  PID:4564
- C:\Windows\System\unHUEOD.exe
  C:\Windows\System\unHUEOD.exe
  2⤵
  PID:6132
- C:\Windows\System\TuLZkxK.exe
  C:\Windows\System\TuLZkxK.exe
  2⤵
  PID:5216
- C:\Windows\System\yIqRotZ.exe
  C:\Windows\System\yIqRotZ.exe
  2⤵
  PID:5220
- C:\Windows\System\asrCndg.exe
  C:\Windows\System\asrCndg.exe
  2⤵
  PID:5344
- C:\Windows\System\JehIjer.exe
  C:\Windows\System\JehIjer.exe
  2⤵
  PID:5332
- C:\Windows\System\zxsEcBl.exe
  C:\Windows\System\zxsEcBl.exe
  2⤵
  PID:5456
- C:\Windows\System\hlVEskj.exe
  C:\Windows\System\hlVEskj.exe
  2⤵
  PID:6156
- C:\Windows\System\kUQoqST.exe
  C:\Windows\System\kUQoqST.exe
  2⤵
  PID:6172
- C:\Windows\System\vkkpJaD.exe
  C:\Windows\System\vkkpJaD.exe
  2⤵
  PID:6188
- C:\Windows\System\lXnJxEt.exe
  C:\Windows\System\lXnJxEt.exe
  2⤵
  PID:6204
- C:\Windows\System\CkQJxyr.exe
  C:\Windows\System\CkQJxyr.exe
  2⤵
  PID:6220
- C:\Windows\System\KmkIMwB.exe
  C:\Windows\System\KmkIMwB.exe
  2⤵
  PID:6236
- C:\Windows\System\lfurPKx.exe
  C:\Windows\System\lfurPKx.exe
  2⤵
  PID:6252
- C:\Windows\System\cyYUCsH.exe
  C:\Windows\System\cyYUCsH.exe
  2⤵
  PID:6268
- C:\Windows\System\wWlbkFM.exe
  C:\Windows\System\wWlbkFM.exe
  2⤵
  PID:6284
- C:\Windows\System\fGZxKSg.exe
  C:\Windows\System\fGZxKSg.exe
  2⤵
  PID:6300
- C:\Windows\System\UBBPJZu.exe
  C:\Windows\System\UBBPJZu.exe
  2⤵
  PID:6316
- C:\Windows\System\VRiatxK.exe
  C:\Windows\System\VRiatxK.exe
  2⤵
  PID:6332
- C:\Windows\System\fEjSEog.exe
  C:\Windows\System\fEjSEog.exe
  2⤵
  PID:6348
- C:\Windows\System\aKRRfaL.exe
  C:\Windows\System\aKRRfaL.exe
  2⤵
  PID:6364
- C:\Windows\System\UByvELn.exe
  C:\Windows\System\UByvELn.exe
  2⤵
  PID:6380
- C:\Windows\System\pmrxPzE.exe
  C:\Windows\System\pmrxPzE.exe
  2⤵
  PID:6396
- C:\Windows\System\kUfTNdR.exe
  C:\Windows\System\kUfTNdR.exe
  2⤵
  PID:6416
- C:\Windows\System\uyakXgE.exe
  C:\Windows\System\uyakXgE.exe
  2⤵
  PID:6432
- C:\Windows\System\iDRIZXH.exe
  C:\Windows\System\iDRIZXH.exe
  2⤵
  PID:6448
- C:\Windows\System\ddmNIeH.exe
  C:\Windows\System\ddmNIeH.exe
  2⤵
  PID:6464
- C:\Windows\System\tkLkzvK.exe
  C:\Windows\System\tkLkzvK.exe
  2⤵
  PID:6480
- C:\Windows\System\fXwnbIz.exe
  C:\Windows\System\fXwnbIz.exe
  2⤵
  PID:6500
- C:\Windows\System\HFmMLGk.exe
  C:\Windows\System\HFmMLGk.exe
  2⤵
  PID:6516
- C:\Windows\System\CRPeUPu.exe
  C:\Windows\System\CRPeUPu.exe
  2⤵
  PID:6532
- C:\Windows\System\kyjWdqZ.exe
  C:\Windows\System\kyjWdqZ.exe
  2⤵
  PID:6548
- C:\Windows\System\FaFCjgR.exe
  C:\Windows\System\FaFCjgR.exe
  2⤵
  PID:6564
- C:\Windows\System\TnrASbW.exe
  C:\Windows\System\TnrASbW.exe
  2⤵
  PID:6580
- C:\Windows\System\MRxTwsV.exe
  C:\Windows\System\MRxTwsV.exe
  2⤵
  PID:6596
- C:\Windows\System\EEjYpoz.exe
  C:\Windows\System\EEjYpoz.exe
  2⤵
  PID:6612
- C:\Windows\System\eWwjDFv.exe
  C:\Windows\System\eWwjDFv.exe
  2⤵
  PID:6628
- C:\Windows\System\eqzeDso.exe
  C:\Windows\System\eqzeDso.exe
  2⤵
  PID:6644
- C:\Windows\System\uWcTkeg.exe
  C:\Windows\System\uWcTkeg.exe
  2⤵
  PID:6660
- C:\Windows\System\tatKmVT.exe
  C:\Windows\System\tatKmVT.exe
  2⤵
  PID:6676
- C:\Windows\System\lJQmeNu.exe
  C:\Windows\System\lJQmeNu.exe
  2⤵
  PID:6692
- C:\Windows\System\COpvlXy.exe
  C:\Windows\System\COpvlXy.exe
  2⤵
  PID:6708
- C:\Windows\System\vQEzMub.exe
  C:\Windows\System\vQEzMub.exe
  2⤵
  PID:6728
- C:\Windows\System\hNSblzG.exe
  C:\Windows\System\hNSblzG.exe
  2⤵
  PID:6744
- C:\Windows\System\DCqDuIf.exe
  C:\Windows\System\DCqDuIf.exe
  2⤵
  PID:6760
- C:\Windows\System\dpGKwiE.exe
  C:\Windows\System\dpGKwiE.exe
  2⤵
  PID:6776
- C:\Windows\System\EUSwohR.exe
  C:\Windows\System\EUSwohR.exe
  2⤵
  PID:6792
- C:\Windows\System\udYVTKA.exe
  C:\Windows\System\udYVTKA.exe
  2⤵
  PID:6808
- C:\Windows\System\pdzVmXm.exe
  C:\Windows\System\pdzVmXm.exe
  2⤵
  PID:6824
- C:\Windows\System\RRExdeL.exe
  C:\Windows\System\RRExdeL.exe
  2⤵
  PID:6840
- C:\Windows\System\OewVWvR.exe
  C:\Windows\System\OewVWvR.exe
  2⤵
  PID:6856
- C:\Windows\System\AVyystE.exe
  C:\Windows\System\AVyystE.exe
  2⤵
  PID:6872
- C:\Windows\System\RYXwQmW.exe
  C:\Windows\System\RYXwQmW.exe
  2⤵
  PID:6888
- C:\Windows\System\WWxSZjs.exe
  C:\Windows\System\WWxSZjs.exe
  2⤵
  PID:6904
- C:\Windows\System\qEsOLmi.exe
  C:\Windows\System\qEsOLmi.exe
  2⤵
  PID:6920
- C:\Windows\System\MjoBAox.exe
  C:\Windows\System\MjoBAox.exe
  2⤵
  PID:6936
- C:\Windows\System\tSQUuCY.exe
  C:\Windows\System\tSQUuCY.exe
  2⤵
  PID:6952
- C:\Windows\System\akHiAnB.exe
  C:\Windows\System\akHiAnB.exe
  2⤵
  PID:6968
- C:\Windows\System\NQXPtmF.exe
  C:\Windows\System\NQXPtmF.exe
  2⤵
  PID:6984
- C:\Windows\System\KxbdREG.exe
  C:\Windows\System\KxbdREG.exe
  2⤵
  PID:7000
- C:\Windows\System\GPiUBNQ.exe
  C:\Windows\System\GPiUBNQ.exe
  2⤵
  PID:7016
- C:\Windows\System\rkKsqYu.exe
  C:\Windows\System\rkKsqYu.exe
  2⤵
  PID:7032
- C:\Windows\System\ERYuYWa.exe
  C:\Windows\System\ERYuYWa.exe
  2⤵
  PID:7048
- C:\Windows\System\eaIDDoD.exe
  C:\Windows\System\eaIDDoD.exe
  2⤵
  PID:7064
- C:\Windows\System\TLfjsHN.exe
  C:\Windows\System\TLfjsHN.exe
  2⤵
  PID:7080
- C:\Windows\System\mNCplVS.exe
  C:\Windows\System\mNCplVS.exe
  2⤵
  PID:7096
- C:\Windows\System\rihuLOt.exe
  C:\Windows\System\rihuLOt.exe
  2⤵
  PID:7112
- C:\Windows\System\uGXNeGr.exe
  C:\Windows\System\uGXNeGr.exe
  2⤵
  PID:7128
- C:\Windows\System\jbKXnkl.exe
  C:\Windows\System\jbKXnkl.exe
  2⤵
  PID:7144
- C:\Windows\System\dMEOcuj.exe
  C:\Windows\System\dMEOcuj.exe
  2⤵
  PID:7160
- C:\Windows\System\KKSgAyr.exe
  C:\Windows\System\KKSgAyr.exe
  2⤵
  PID:5540
- C:\Windows\System\cKDXYZb.exe
  C:\Windows\System\cKDXYZb.exe
  2⤵
  PID:5680
- C:\Windows\System\weOSXPm.exe
  C:\Windows\System\weOSXPm.exe
  2⤵
  PID:5732
- C:\Windows\System\lSMzwuj.exe
  C:\Windows\System\lSMzwuj.exe
  2⤵
  PID:5824
- C:\Windows\System\RNTelFi.exe
  C:\Windows\System\RNTelFi.exe
  2⤵
  PID:5924
- C:\Windows\System\KMzVVqT.exe
  C:\Windows\System\KMzVVqT.exe
  2⤵
  PID:4688
- C:\Windows\System\kiMWvFn.exe
  C:\Windows\System\kiMWvFn.exe
  2⤵
  PID:4736
- C:\Windows\System\payQlLy.exe
  C:\Windows\System\payQlLy.exe
  2⤵
  PID:2412
- C:\Windows\System\szPtATx.exe
  C:\Windows\System\szPtATx.exe
  2⤵
  PID:5412
- C:\Windows\System\oWzICyA.exe
  C:\Windows\System\oWzICyA.exe
  2⤵
  PID:6148
- C:\Windows\System\qKwrAOw.exe
  C:\Windows\System\qKwrAOw.exe
  2⤵
  PID:6180
- C:\Windows\System\ARRJtjN.exe
  C:\Windows\System\ARRJtjN.exe
  2⤵
  PID:6212
- C:\Windows\System\MTPAtCn.exe
  C:\Windows\System\MTPAtCn.exe
  2⤵
  PID:6244
- C:\Windows\System\dLazXfj.exe
  C:\Windows\System\dLazXfj.exe
  2⤵
  PID:6276
- C:\Windows\System\uawTyXz.exe
  C:\Windows\System\uawTyXz.exe
  2⤵
  PID:6308
- C:\Windows\System\kPVBHwx.exe
  C:\Windows\System\kPVBHwx.exe
  2⤵
  PID:6340
- C:\Windows\System\bDkgUOj.exe
  C:\Windows\System\bDkgUOj.exe
  2⤵
  PID:6372
- C:\Windows\System\UTpDUyk.exe
  C:\Windows\System\UTpDUyk.exe
  2⤵
  PID:6404
- C:\Windows\System\QmnfZog.exe
  C:\Windows\System\QmnfZog.exe
  2⤵
  PID:6440
- C:\Windows\System\cpbMYXw.exe
  C:\Windows\System\cpbMYXw.exe
  2⤵
  PID:6472
- C:\Windows\System\dUCNiLP.exe
  C:\Windows\System\dUCNiLP.exe
  2⤵
  PID:6492
- C:\Windows\System\rSbImdi.exe
  C:\Windows\System\rSbImdi.exe
  2⤵
  PID:6528
- C:\Windows\System\HPKYnml.exe
  C:\Windows\System\HPKYnml.exe
  2⤵
  PID:6560
- C:\Windows\System\ENIhhhl.exe
  C:\Windows\System\ENIhhhl.exe
  2⤵
  PID:6576
- C:\Windows\System\SwdTUES.exe
  C:\Windows\System\SwdTUES.exe
  2⤵
  PID:6608
- C:\Windows\System\HyYPNsK.exe
  C:\Windows\System\HyYPNsK.exe
  2⤵
  PID:6656
- C:\Windows\System\FriAgpR.exe
  C:\Windows\System\FriAgpR.exe
  2⤵
  PID:6688
- C:\Windows\System\uopfjee.exe
  C:\Windows\System\uopfjee.exe
  2⤵
  PID:6720
- C:\Windows\System\DALZjLh.exe
  C:\Windows\System\DALZjLh.exe
  2⤵
  PID:6752
- C:\Windows\System\rXmkOTp.exe
  C:\Windows\System\rXmkOTp.exe
  2⤵
  PID:6772
- C:\Windows\System\EqdEayP.exe
  C:\Windows\System\EqdEayP.exe
  2⤵
  PID:6816
- C:\Windows\System\wlIRHvD.exe
  C:\Windows\System\wlIRHvD.exe
  2⤵
  PID:6852
- C:\Windows\System\oBigsPu.exe
  C:\Windows\System\oBigsPu.exe
  2⤵
  PID:6884
- C:\Windows\System\cZWWXKn.exe
  C:\Windows\System\cZWWXKn.exe
  2⤵
  PID:6916
- C:\Windows\System\bttdyBk.exe
  C:\Windows\System\bttdyBk.exe
  2⤵
  PID:6948
- C:\Windows\System\clXYaxY.exe
  C:\Windows\System\clXYaxY.exe
  2⤵
  PID:6980
- C:\Windows\System\BxucwCv.exe
  C:\Windows\System\BxucwCv.exe
  2⤵
  PID:7012
- C:\Windows\System\SFGZhMg.exe
  C:\Windows\System\SFGZhMg.exe
  2⤵
  PID:7056
- C:\Windows\System\YcqNtYJ.exe
  C:\Windows\System\YcqNtYJ.exe
  2⤵
  PID:7088
- C:\Windows\System\ZvPtjID.exe
  C:\Windows\System\ZvPtjID.exe
  2⤵
  PID:6496
- C:\Windows\System\aWTwYKe.exe
  C:\Windows\System\aWTwYKe.exe
  2⤵
  PID:7140
- C:\Windows\System\uxjBvIG.exe
  C:\Windows\System\uxjBvIG.exe
  2⤵
  PID:5644
- C:\Windows\System\pIgtRTf.exe
  C:\Windows\System\pIgtRTf.exe
  2⤵
  PID:5808
- C:\Windows\System\pszxZPz.exe
  C:\Windows\System\pszxZPz.exe
  2⤵
  PID:5956
- C:\Windows\System\dYOyjJP.exe
  C:\Windows\System\dYOyjJP.exe
  2⤵
  PID:5556
- C:\Windows\System\MCMvVWi.exe
  C:\Windows\System\MCMvVWi.exe
  2⤵
  PID:5376
- C:\Windows\System\eJvlNdo.exe
  C:\Windows\System\eJvlNdo.exe
  2⤵
  PID:6152
- C:\Windows\System\YlqEgbC.exe
  C:\Windows\System\YlqEgbC.exe
  2⤵
  PID:6232
- C:\Windows\System\bLoDrkK.exe
  C:\Windows\System\bLoDrkK.exe
  2⤵
  PID:6280
- C:\Windows\System\XVqunFk.exe
  C:\Windows\System\XVqunFk.exe
  2⤵
  PID:6360
- C:\Windows\System\xDjrnck.exe
  C:\Windows\System\xDjrnck.exe
  2⤵
  PID:6428
- C:\Windows\System\iTOWFAU.exe
  C:\Windows\System\iTOWFAU.exe
  2⤵
  PID:6476
- C:\Windows\System\fsKffOg.exe
  C:\Windows\System\fsKffOg.exe
  2⤵
  PID:6524
- C:\Windows\System\sOQLRmQ.exe
  C:\Windows\System\sOQLRmQ.exe
  2⤵
  PID:2864
- C:\Windows\System\GmseBnX.exe
  C:\Windows\System\GmseBnX.exe
  2⤵
  PID:6652
- C:\Windows\System\MXknQAI.exe
  C:\Windows\System\MXknQAI.exe
  2⤵
  PID:3108
- C:\Windows\System\wpEySxt.exe
  C:\Windows\System\wpEySxt.exe
  2⤵
  PID:6800
- C:\Windows\System\iUHXhoX.exe
  C:\Windows\System\iUHXhoX.exe
  2⤵
  PID:6868
- C:\Windows\System\PjpcrBb.exe
  C:\Windows\System\PjpcrBb.exe
  2⤵
  PID:6912
- C:\Windows\System\hQcFngr.exe
  C:\Windows\System\hQcFngr.exe
  2⤵
  PID:6996
- C:\Windows\System\aUsCsCX.exe
  C:\Windows\System\aUsCsCX.exe
  2⤵
  PID:7072
- C:\Windows\System\futRmUp.exe
  C:\Windows\System\futRmUp.exe
  2⤵
  PID:7124
- C:\Windows\System\KHkCErE.exe
  C:\Windows\System\KHkCErE.exe
  2⤵
  PID:5488
- C:\Windows\System\uWIKHIG.exe
  C:\Windows\System\uWIKHIG.exe
  2⤵
  PID:6064
- C:\Windows\System\TIPHwwe.exe
  C:\Windows\System\TIPHwwe.exe
  2⤵
  PID:6168
- C:\Windows\System\dIDARTr.exe
  C:\Windows\System\dIDARTr.exe
  2⤵
  PID:2608
- C:\Windows\System\sfShnCB.exe
  C:\Windows\System\sfShnCB.exe
  2⤵
  PID:6328
- C:\Windows\System\APzzYyh.exe
  C:\Windows\System\APzzYyh.exe
  2⤵
  PID:2076
- C:\Windows\System\YfkMvLx.exe
  C:\Windows\System\YfkMvLx.exe
  2⤵
  PID:2640
- C:\Windows\System\fwvKDkG.exe
  C:\Windows\System\fwvKDkG.exe
  2⤵
  PID:6636
- C:\Windows\System\IUfeqtB.exe
  C:\Windows\System\IUfeqtB.exe
  2⤵
  PID:6768
- C:\Windows\System\lwQBMaC.exe
  C:\Windows\System\lwQBMaC.exe
  2⤵
  PID:7180
- C:\Windows\System\CaRUqWY.exe
  C:\Windows\System\CaRUqWY.exe
  2⤵
  PID:7196
- C:\Windows\System\Jnocgiw.exe
  C:\Windows\System\Jnocgiw.exe
  2⤵
  PID:7212
- C:\Windows\System\pNllkHn.exe
  C:\Windows\System\pNllkHn.exe
  2⤵
  PID:7228
- C:\Windows\System\LvkfyAV.exe
  C:\Windows\System\LvkfyAV.exe
  2⤵
  PID:7244
- C:\Windows\System\KpxHUpP.exe
  C:\Windows\System\KpxHUpP.exe
  2⤵
  PID:7260
- C:\Windows\System\YaLsTvG.exe
  C:\Windows\System\YaLsTvG.exe
  2⤵
  PID:7276
- C:\Windows\System\lYRHtIz.exe
  C:\Windows\System\lYRHtIz.exe
  2⤵
  PID:7292
- C:\Windows\System\hNdLUKL.exe
  C:\Windows\System\hNdLUKL.exe
  2⤵
  PID:7308
- C:\Windows\System\idQCxNn.exe
  C:\Windows\System\idQCxNn.exe
  2⤵
  PID:7324
- C:\Windows\System\ilSGgqP.exe
  C:\Windows\System\ilSGgqP.exe
  2⤵
  PID:7340
- C:\Windows\System\OBVnZqH.exe
  C:\Windows\System\OBVnZqH.exe
  2⤵
  PID:7356
- C:\Windows\System\xVAfUnV.exe
  C:\Windows\System\xVAfUnV.exe
  2⤵
  PID:7372
- C:\Windows\System\xicSXKh.exe
  C:\Windows\System\xicSXKh.exe
  2⤵
  PID:7388
- C:\Windows\System\BGJJLMJ.exe
  C:\Windows\System\BGJJLMJ.exe
  2⤵
  PID:7404
- C:\Windows\System\KNMoXXB.exe
  C:\Windows\System\KNMoXXB.exe
  2⤵
  PID:7420
- C:\Windows\System\xAPyAJM.exe
  C:\Windows\System\xAPyAJM.exe
  2⤵
  PID:7440
- C:\Windows\System\HZLfcAE.exe
  C:\Windows\System\HZLfcAE.exe
  2⤵
  PID:7456
- C:\Windows\System\ANhbpCR.exe
  C:\Windows\System\ANhbpCR.exe
  2⤵
  PID:7472
- C:\Windows\System\SPUXcQM.exe
  C:\Windows\System\SPUXcQM.exe
  2⤵
  PID:7488
- C:\Windows\System\buTMcAj.exe
  C:\Windows\System\buTMcAj.exe
  2⤵
  PID:7504
- C:\Windows\System\zvvFdnh.exe
  C:\Windows\System\zvvFdnh.exe
  2⤵
  PID:7520
- C:\Windows\System\KpDYRsu.exe
  C:\Windows\System\KpDYRsu.exe
  2⤵
  PID:7536
- C:\Windows\System\czAiBrI.exe
  C:\Windows\System\czAiBrI.exe
  2⤵
  PID:7552
- C:\Windows\System\WFfkBEe.exe
  C:\Windows\System\WFfkBEe.exe
  2⤵
  PID:7568
- C:\Windows\System\EuiEshy.exe
  C:\Windows\System\EuiEshy.exe
  2⤵
  PID:7584
- C:\Windows\System\QbKtzPI.exe
  C:\Windows\System\QbKtzPI.exe
  2⤵
  PID:7600
- C:\Windows\System\tUDcVnu.exe
  C:\Windows\System\tUDcVnu.exe
  2⤵
  PID:7616
- C:\Windows\System\AzQgwKs.exe
  C:\Windows\System\AzQgwKs.exe
  2⤵
  PID:7632
- C:\Windows\System\vhWeFsq.exe
  C:\Windows\System\vhWeFsq.exe
  2⤵
  PID:7652
- C:\Windows\System\XxjggCl.exe
  C:\Windows\System\XxjggCl.exe
  2⤵
  PID:7668
- C:\Windows\System\Ighvcwo.exe
  C:\Windows\System\Ighvcwo.exe
  2⤵
  PID:7684
- C:\Windows\System\JJVhMIc.exe
  C:\Windows\System\JJVhMIc.exe
  2⤵
  PID:7700
- C:\Windows\System\xebflrQ.exe
  C:\Windows\System\xebflrQ.exe
  2⤵
  PID:7716
- C:\Windows\System\tnKIoGl.exe
  C:\Windows\System\tnKIoGl.exe
  2⤵
  PID:7732
- C:\Windows\System\kohuKeY.exe
  C:\Windows\System\kohuKeY.exe
  2⤵
  PID:7748
- C:\Windows\System\fJyECBo.exe
  C:\Windows\System\fJyECBo.exe
  2⤵
  PID:7764
- C:\Windows\System\rigLHYR.exe
  C:\Windows\System\rigLHYR.exe
  2⤵
  PID:7780
- C:\Windows\System\xPLZhWM.exe
  C:\Windows\System\xPLZhWM.exe
  2⤵
  PID:7796
- C:\Windows\System\CgnUGMj.exe
  C:\Windows\System\CgnUGMj.exe
  2⤵
  PID:7812
- C:\Windows\System\idNDwcD.exe
  C:\Windows\System\idNDwcD.exe
  2⤵
  PID:7828
- C:\Windows\System\lZHGxnW.exe
  C:\Windows\System\lZHGxnW.exe
  2⤵
  PID:7844
- C:\Windows\System\YlmDGth.exe
  C:\Windows\System\YlmDGth.exe
  2⤵
  PID:7860
- C:\Windows\System\FQwrucC.exe
  C:\Windows\System\FQwrucC.exe
  2⤵
  PID:7876
- C:\Windows\System\sYJkjKs.exe
  C:\Windows\System\sYJkjKs.exe
  2⤵
  PID:7892
- C:\Windows\System\YcupLAO.exe
  C:\Windows\System\YcupLAO.exe
  2⤵
  PID:7908
- C:\Windows\System\yXrfDCx.exe
  C:\Windows\System\yXrfDCx.exe
  2⤵
  PID:7924
- C:\Windows\System\XruvWsE.exe
  C:\Windows\System\XruvWsE.exe
  2⤵
  PID:7940
- C:\Windows\System\VuofplK.exe
  C:\Windows\System\VuofplK.exe
  2⤵
  PID:7956
- C:\Windows\System\HiPNxvF.exe
  C:\Windows\System\HiPNxvF.exe
  2⤵
  PID:7972
- C:\Windows\System\UPufzkA.exe
  C:\Windows\System\UPufzkA.exe
  2⤵
  PID:7988
- C:\Windows\System\sDwdHkf.exe
  C:\Windows\System\sDwdHkf.exe
  2⤵
  PID:8004
- C:\Windows\System\ddSDcOx.exe
  C:\Windows\System\ddSDcOx.exe
  2⤵
  PID:8020
- C:\Windows\System\KPgYvyI.exe
  C:\Windows\System\KPgYvyI.exe
  2⤵
  PID:8036
- C:\Windows\System\zjICZgO.exe
  C:\Windows\System\zjICZgO.exe
  2⤵
  PID:8052
- C:\Windows\System\LRJANWX.exe
  C:\Windows\System\LRJANWX.exe
  2⤵
  PID:8068
- C:\Windows\System\mDpBQgE.exe
  C:\Windows\System\mDpBQgE.exe
  2⤵
  PID:8084
- C:\Windows\System\WgbYgZu.exe
  C:\Windows\System\WgbYgZu.exe
  2⤵
  PID:8100
- C:\Windows\System\AFfQZAt.exe
  C:\Windows\System\AFfQZAt.exe
  2⤵
  PID:8116
- C:\Windows\System\ZsfAQzq.exe
  C:\Windows\System\ZsfAQzq.exe
  2⤵
  PID:8132
- C:\Windows\System\hxmivaf.exe
  C:\Windows\System\hxmivaf.exe
  2⤵
  PID:8148
- C:\Windows\System\stfWovo.exe
  C:\Windows\System\stfWovo.exe
  2⤵
  PID:8164
- C:\Windows\System\gQtAmDx.exe
  C:\Windows\System\gQtAmDx.exe
  2⤵
  PID:8180
- C:\Windows\System\ejuBFNB.exe
  C:\Windows\System\ejuBFNB.exe
  2⤵
  PID:6880
- C:\Windows\System\JezDaGR.exe
  C:\Windows\System\JezDaGR.exe
  2⤵
  PID:6964
- C:\Windows\System\uDjtQwt.exe
  C:\Windows\System\uDjtQwt.exe
  2⤵
  PID:7136
- C:\Windows\System\ZSwGiNi.exe
  C:\Windows\System\ZSwGiNi.exe
  2⤵
  PID:4836
- C:\Windows\System\pAogiyB.exe
  C:\Windows\System\pAogiyB.exe
  2⤵
  PID:6200
- C:\Windows\System\YeOzeRi.exe
  C:\Windows\System\YeOzeRi.exe
  2⤵
  PID:6460
- C:\Windows\System\tDUbgxN.exe
  C:\Windows\System\tDUbgxN.exe
  2⤵
  PID:6588
- C:\Windows\System\jwcaeuD.exe
  C:\Windows\System\jwcaeuD.exe
  2⤵
  PID:7176
- C:\Windows\System\RTaWoJx.exe
  C:\Windows\System\RTaWoJx.exe
  2⤵
  PID:7208
- C:\Windows\System\hmmSoyk.exe
  C:\Windows\System\hmmSoyk.exe
  2⤵
  PID:7240
- C:\Windows\System\oBvnGbA.exe
  C:\Windows\System\oBvnGbA.exe
  2⤵
  PID:7272
- C:\Windows\System\JPmIvWE.exe
  C:\Windows\System\JPmIvWE.exe
  2⤵
  PID:7304
- C:\Windows\System\MgIsbRN.exe
  C:\Windows\System\MgIsbRN.exe
  2⤵
  PID:7348
- C:\Windows\System\gGlJkGo.exe
  C:\Windows\System\gGlJkGo.exe
  2⤵
  PID:7380
- C:\Windows\System\pLqzWzj.exe
  C:\Windows\System\pLqzWzj.exe
  2⤵
  PID:7400
- C:\Windows\System\fTkTGRT.exe
  C:\Windows\System\fTkTGRT.exe
  2⤵
  PID:7432
- C:\Windows\System\eYpGAsW.exe
  C:\Windows\System\eYpGAsW.exe
  2⤵
  PID:7468
- C:\Windows\System\LTHlSHf.exe
  C:\Windows\System\LTHlSHf.exe
  2⤵
  PID:7512
- C:\Windows\System\zHIBARW.exe
  C:\Windows\System\zHIBARW.exe
  2⤵
  PID:7544
- C:\Windows\System\bRJCCfB.exe
  C:\Windows\System\bRJCCfB.exe
  2⤵
  PID:1172
- C:\Windows\System\WTUWlVW.exe
  C:\Windows\System\WTUWlVW.exe
  2⤵
  PID:7592
- C:\Windows\System\LyIXaum.exe
  C:\Windows\System\LyIXaum.exe
  2⤵
  PID:7624
- C:\Windows\System\XtjEhcw.exe
  C:\Windows\System\XtjEhcw.exe
  2⤵
  PID:7660
- C:\Windows\System\MXBhevX.exe
  C:\Windows\System\MXBhevX.exe
  2⤵
  PID:7692
- C:\Windows\System\imbYYEW.exe
  C:\Windows\System\imbYYEW.exe
  2⤵
  PID:7724
- C:\Windows\System\RYmRpyX.exe
  C:\Windows\System\RYmRpyX.exe
  2⤵
  PID:7756
- C:\Windows\System\KtOaMOq.exe
  C:\Windows\System\KtOaMOq.exe
  2⤵
  PID:7788
- C:\Windows\System\aidOksW.exe
  C:\Windows\System\aidOksW.exe
  2⤵
  PID:7820
- C:\Windows\System\DfqLZiA.exe
  C:\Windows\System\DfqLZiA.exe
  2⤵
  PID:7852
- C:\Windows\System\HpcKSwt.exe
  C:\Windows\System\HpcKSwt.exe
  2⤵
  PID:7884
- C:\Windows\System\twjxsrE.exe
  C:\Windows\System\twjxsrE.exe
  2⤵
  PID:7916
- C:\Windows\System\YMtUFSl.exe
  C:\Windows\System\YMtUFSl.exe
  2⤵
  PID:7948
- C:\Windows\System\tiizLcc.exe
  C:\Windows\System\tiizLcc.exe
  2⤵
  PID:7968
- C:\Windows\System\VrZhHpt.exe
  C:\Windows\System\VrZhHpt.exe
  2⤵
  PID:8000
- C:\Windows\System\OsZUZrn.exe
  C:\Windows\System\OsZUZrn.exe
  2⤵
  PID:8032
- C:\Windows\System\SngxsUV.exe
  C:\Windows\System\SngxsUV.exe
  2⤵
  PID:8064
- C:\Windows\System\YnEAaZE.exe
  C:\Windows\System\YnEAaZE.exe
  2⤵
  PID:8108
- C:\Windows\System\nbwVued.exe
  C:\Windows\System\nbwVued.exe
  2⤵
  PID:2368
- C:\Windows\System\ijsFwNZ.exe
  C:\Windows\System\ijsFwNZ.exe
  2⤵
  PID:2780
- C:\Windows\System\OrznPfS.exe
  C:\Windows\System\OrznPfS.exe
  2⤵
  PID:8176
- C:\Windows\System\vMdzPSr.exe
  C:\Windows\System\vMdzPSr.exe
  2⤵
  PID:7076
- C:\Windows\System\NUxWvaI.exe
  C:\Windows\System\NUxWvaI.exe
  2⤵
  PID:5268
- C:\Windows\System\WQCMupk.exe
  C:\Windows\System\WQCMupk.exe
  2⤵
  PID:6620
- C:\Windows\System\HDWSaAG.exe
  C:\Windows\System\HDWSaAG.exe
  2⤵
  PID:7172
- C:\Windows\System\NxFEvuo.exe
  C:\Windows\System\NxFEvuo.exe
  2⤵
  PID:7256
- C:\Windows\System\ESPxFHt.exe
  C:\Windows\System\ESPxFHt.exe
  2⤵
  PID:7288
- C:\Windows\System\LoPylnX.exe
  C:\Windows\System\LoPylnX.exe
  2⤵
  PID:2380
- C:\Windows\System\ErGnAEo.exe
  C:\Windows\System\ErGnAEo.exe
  2⤵
  PID:7396
- C:\Windows\System\ndzHOcF.exe
  C:\Windows\System\ndzHOcF.exe
  2⤵
  PID:7448
- C:\Windows\System\SlIYLHW.exe
  C:\Windows\System\SlIYLHW.exe
  2⤵
  PID:7500
- C:\Windows\System\wlqzrhP.exe
  C:\Windows\System\wlqzrhP.exe
  2⤵
  PID:7560
- C:\Windows\System\dobNpQX.exe
  C:\Windows\System\dobNpQX.exe
  2⤵
  PID:2904
- C:\Windows\System\QTYCWKL.exe
  C:\Windows\System\QTYCWKL.exe
  2⤵
  PID:7676
- C:\Windows\System\wUuIqgg.exe
  C:\Windows\System\wUuIqgg.exe
  2⤵
  PID:7728
- C:\Windows\System\WFdqMBM.exe
  C:\Windows\System\WFdqMBM.exe
  2⤵
  PID:7792
- C:\Windows\System\onAXFli.exe
  C:\Windows\System\onAXFli.exe
  2⤵
  PID:7836
- C:\Windows\System\OJWtKUD.exe
  C:\Windows\System\OJWtKUD.exe
  2⤵
  PID:7900
- C:\Windows\System\HwPOTNh.exe
  C:\Windows\System\HwPOTNh.exe
  2⤵
  PID:7936
- C:\Windows\System\EpmYAqL.exe
  C:\Windows\System\EpmYAqL.exe
  2⤵
  PID:7996
- C:\Windows\System\uXtDCsU.exe
  C:\Windows\System\uXtDCsU.exe
  2⤵
  PID:376
- C:\Windows\System\FQpcQVP.exe
  C:\Windows\System\FQpcQVP.exe
  2⤵
  PID:8060
- C:\Windows\System\RwHDvVi.exe
  C:\Windows\System\RwHDvVi.exe
  2⤵
  PID:8092
- C:\Windows\System\UGaNehC.exe
  C:\Windows\System\UGaNehC.exe
  2⤵
  PID:8112
- C:\Windows\System\ZPgWkcW.exe
  C:\Windows\System\ZPgWkcW.exe
  2⤵
  PID:2120
- C:\Windows\System\TPnKoVi.exe
  C:\Windows\System\TPnKoVi.exe
  2⤵
  PID:8188
- C:\Windows\System\Kcnyjkz.exe
  C:\Windows\System\Kcnyjkz.exe
  2⤵
  PID:7008
- C:\Windows\System\gFnyTWu.exe
  C:\Windows\System\gFnyTWu.exe
  2⤵
  PID:6424
- C:\Windows\System\PesCFZQ.exe
  C:\Windows\System\PesCFZQ.exe
  2⤵
  PID:6740
- C:\Windows\System\wjbASjb.exe
  C:\Windows\System\wjbASjb.exe
  2⤵
  PID:7336
- C:\Windows\System\bbnaXid.exe
  C:\Windows\System\bbnaXid.exe
  2⤵
  PID:7480
- C:\Windows\System\oQNDDjE.exe
  C:\Windows\System\oQNDDjE.exe
  2⤵
  PID:7608
- C:\Windows\System\GundjKs.exe
  C:\Windows\System\GundjKs.exe
  2⤵
  PID:7760
- C:\Windows\System\slWDjZj.exe
  C:\Windows\System\slWDjZj.exe
  2⤵
  PID:7868
- C:\Windows\System\WGxOxIL.exe
  C:\Windows\System\WGxOxIL.exe
  2⤵
  PID:7932
- C:\Windows\System\APVfzEi.exe
  C:\Windows\System\APVfzEi.exe
  2⤵
  PID:8016
- C:\Windows\System\sYqoXJT.exe
  C:\Windows\System\sYqoXJT.exe
  2⤵
  PID:8080
- C:\Windows\System\PjMlvJP.exe
  C:\Windows\System\PjMlvJP.exe
  2⤵
  PID:1564
- C:\Windows\System\WRYdjZP.exe
  C:\Windows\System\WRYdjZP.exe
  2⤵
  PID:5764
- C:\Windows\System\BxqePBs.exe
  C:\Windows\System\BxqePBs.exe
  2⤵
  PID:1660
- C:\Windows\System\xvMeMXQ.exe
  C:\Windows\System\xvMeMXQ.exe
  2⤵
  PID:2388
- C:\Windows\System\BtNnooM.exe
  C:\Windows\System\BtNnooM.exe
  2⤵
  PID:264
- C:\Windows\System\UdkIxqd.exe
  C:\Windows\System\UdkIxqd.exe
  2⤵
  PID:6640
- C:\Windows\System\JGlKtlm.exe
  C:\Windows\System\JGlKtlm.exe
  2⤵
  PID:1360
- C:\Windows\System\BTsXqli.exe
  C:\Windows\System\BTsXqli.exe
  2⤵
  PID:5728
- C:\Windows\System\DfYixHz.exe
  C:\Windows\System\DfYixHz.exe
  2⤵
  PID:1960
- C:\Windows\System\UPwKwEB.exe
  C:\Windows\System\UPwKwEB.exe
  2⤵
  PID:7712
- C:\Windows\System\jrVRLUC.exe
  C:\Windows\System\jrVRLUC.exe
  2⤵
  PID:7412
- C:\Windows\System\nNYjBbu.exe
  C:\Windows\System\nNYjBbu.exe
  2⤵
  PID:2776
- C:\Windows\System\HWNArIF.exe
  C:\Windows\System\HWNArIF.exe
  2⤵
  PID:1676
- C:\Windows\System\DSDhXek.exe
  C:\Windows\System\DSDhXek.exe
  2⤵
  PID:1668
- C:\Windows\System\jJtsAKU.exe
  C:\Windows\System\jJtsAKU.exe
  2⤵
  PID:1632
- C:\Windows\System\nbvykgi.exe
  C:\Windows\System\nbvykgi.exe
  2⤵
  PID:3052
- C:\Windows\System\mNvzIYM.exe
  C:\Windows\System\mNvzIYM.exe
  2⤵
  PID:1804
- C:\Windows\System\gGLrIUn.exe
  C:\Windows\System\gGLrIUn.exe
  2⤵
  PID:3036
- C:\Windows\System\XvxEKTG.exe
  C:\Windows\System\XvxEKTG.exe
  2⤵
  PID:1576
- C:\Windows\System\BjtJoYE.exe
  C:\Windows\System\BjtJoYE.exe
  2⤵
  PID:8208
- C:\Windows\System\Eanufvi.exe
  C:\Windows\System\Eanufvi.exe
  2⤵
  PID:8224
- C:\Windows\System\KYJaUIB.exe
  C:\Windows\System\KYJaUIB.exe
  2⤵
  PID:8240
- C:\Windows\System\FPbDOHr.exe
  C:\Windows\System\FPbDOHr.exe
  2⤵
  PID:8256
- C:\Windows\System\REotBhf.exe
  C:\Windows\System\REotBhf.exe
  2⤵
  PID:8272
- C:\Windows\System\nBsuzrT.exe
  C:\Windows\System\nBsuzrT.exe
  2⤵
  PID:8288
- C:\Windows\System\ZzcBDeY.exe
  C:\Windows\System\ZzcBDeY.exe
  2⤵
  PID:8304
- C:\Windows\System\pgFIIkt.exe
  C:\Windows\System\pgFIIkt.exe
  2⤵
  PID:8320
- C:\Windows\System\fToezuK.exe
  C:\Windows\System\fToezuK.exe
  2⤵
  PID:8336
- C:\Windows\System\HqnXcAt.exe
  C:\Windows\System\HqnXcAt.exe
  2⤵
  PID:8352
- C:\Windows\System\ESKaoDv.exe
  C:\Windows\System\ESKaoDv.exe
  2⤵
  PID:8368
- C:\Windows\System\xwvBjyz.exe
  C:\Windows\System\xwvBjyz.exe
  2⤵
  PID:8384
- C:\Windows\System\YyVHGwV.exe
  C:\Windows\System\YyVHGwV.exe
  2⤵
  PID:8400
- C:\Windows\System\FdwuDWV.exe
  C:\Windows\System\FdwuDWV.exe
  2⤵
  PID:8416
- C:\Windows\System\qeApXIT.exe
  C:\Windows\System\qeApXIT.exe
  2⤵
  PID:8432
- C:\Windows\System\RbSpxgQ.exe
  C:\Windows\System\RbSpxgQ.exe
  2⤵
  PID:8448
- C:\Windows\System\WLXIivD.exe
  C:\Windows\System\WLXIivD.exe
  2⤵
  PID:8464
- C:\Windows\System\hxGlytU.exe
  C:\Windows\System\hxGlytU.exe
  2⤵
  PID:8480
- C:\Windows\System\IryRcka.exe
  C:\Windows\System\IryRcka.exe
  2⤵
  PID:8496
- C:\Windows\System\jikTybV.exe
  C:\Windows\System\jikTybV.exe
  2⤵
  PID:8516
- C:\Windows\System\UvMSMHi.exe
  C:\Windows\System\UvMSMHi.exe
  2⤵
  PID:8532
- C:\Windows\System\ZrBNTZW.exe
  C:\Windows\System\ZrBNTZW.exe
  2⤵
  PID:8548
- C:\Windows\System\NACgXxQ.exe
  C:\Windows\System\NACgXxQ.exe
  2⤵
  PID:8564
- C:\Windows\System\ezDFvxc.exe
  C:\Windows\System\ezDFvxc.exe
  2⤵
  PID:8580
- C:\Windows\System\JHOtHhh.exe
  C:\Windows\System\JHOtHhh.exe
  2⤵
  PID:8596
- C:\Windows\System\oKNtrqN.exe
  C:\Windows\System\oKNtrqN.exe
  2⤵
  PID:8612
- C:\Windows\System\jkOjADd.exe
  C:\Windows\System\jkOjADd.exe
  2⤵
  PID:8628
- C:\Windows\System\zYVqsaN.exe
  C:\Windows\System\zYVqsaN.exe
  2⤵
  PID:8644
- C:\Windows\System\OKzoTQw.exe
  C:\Windows\System\OKzoTQw.exe
  2⤵
  PID:8660
- C:\Windows\System\NJsNKZv.exe
  C:\Windows\System\NJsNKZv.exe
  2⤵
  PID:8676
- C:\Windows\System\vaUsXvj.exe
  C:\Windows\System\vaUsXvj.exe
  2⤵
  PID:8692
- C:\Windows\System\VnntbBT.exe
  C:\Windows\System\VnntbBT.exe
  2⤵
  PID:8708
- C:\Windows\System\aakZMfL.exe
  C:\Windows\System\aakZMfL.exe
  2⤵
  PID:8724
- C:\Windows\System\ZCsecMU.exe
  C:\Windows\System\ZCsecMU.exe
  2⤵
  PID:8740
- C:\Windows\System\yNMOJMt.exe
  C:\Windows\System\yNMOJMt.exe
  2⤵
  PID:8756
- C:\Windows\System\pBeFmUR.exe
  C:\Windows\System\pBeFmUR.exe
  2⤵
  PID:8772
- C:\Windows\System\AEyivUQ.exe
  C:\Windows\System\AEyivUQ.exe
  2⤵
  PID:8788
- C:\Windows\System\gtHEklr.exe
  C:\Windows\System\gtHEklr.exe
  2⤵
  PID:8804
- C:\Windows\System\lSzTjmU.exe
  C:\Windows\System\lSzTjmU.exe
  2⤵
  PID:8820
- C:\Windows\System\LAKojGx.exe
  C:\Windows\System\LAKojGx.exe
  2⤵
  PID:8836
- C:\Windows\System\xwLMirw.exe
  C:\Windows\System\xwLMirw.exe
  2⤵
  PID:8852
- C:\Windows\System\RbJfWNf.exe
  C:\Windows\System\RbJfWNf.exe
  2⤵
  PID:8868
- C:\Windows\System\PTsmdfj.exe
  C:\Windows\System\PTsmdfj.exe
  2⤵
  PID:8884
- C:\Windows\System\izyNhyK.exe
  C:\Windows\System\izyNhyK.exe
  2⤵
  PID:8900
- C:\Windows\System\wGoXrwq.exe
  C:\Windows\System\wGoXrwq.exe
  2⤵
  PID:8916
- C:\Windows\System\tlliWoc.exe
  C:\Windows\System\tlliWoc.exe
  2⤵
  PID:8932
- C:\Windows\System\ZmvoTbs.exe
  C:\Windows\System\ZmvoTbs.exe
  2⤵
  PID:8948
- C:\Windows\System\pJfMOpb.exe
  C:\Windows\System\pJfMOpb.exe
  2⤵
  PID:8964
- C:\Windows\System\bfVxHjd.exe
  C:\Windows\System\bfVxHjd.exe
  2⤵
  PID:8980
- C:\Windows\System\KsxnIVA.exe
  C:\Windows\System\KsxnIVA.exe
  2⤵
  PID:8996
- C:\Windows\System\xjaDLDf.exe
  C:\Windows\System\xjaDLDf.exe
  2⤵
  PID:9012
- C:\Windows\System\Zokmuor.exe
  C:\Windows\System\Zokmuor.exe
  2⤵
  PID:9028
- C:\Windows\System\ReWTPds.exe
  C:\Windows\System\ReWTPds.exe
  2⤵
  PID:9044
- C:\Windows\System\beeGTrH.exe
  C:\Windows\System\beeGTrH.exe
  2⤵
  PID:9060
- C:\Windows\System\cqbvBtW.exe
  C:\Windows\System\cqbvBtW.exe
  2⤵
  PID:9076
- C:\Windows\System\nJkmHsz.exe
  C:\Windows\System\nJkmHsz.exe
  2⤵
  PID:9092
- C:\Windows\System\eTUNTdB.exe
  C:\Windows\System\eTUNTdB.exe
  2⤵
  PID:9108
- C:\Windows\System\RZWvGDx.exe
  C:\Windows\System\RZWvGDx.exe
  2⤵
  PID:9124
- C:\Windows\System\mFsnvYs.exe
  C:\Windows\System\mFsnvYs.exe
  2⤵
  PID:9140
- C:\Windows\System\ZjfTRry.exe
  C:\Windows\System\ZjfTRry.exe
  2⤵
  PID:9156
- C:\Windows\System\qBddpYW.exe
  C:\Windows\System\qBddpYW.exe
  2⤵
  PID:9172
- C:\Windows\System\AHEktGr.exe
  C:\Windows\System\AHEktGr.exe
  2⤵
  PID:9188
- C:\Windows\System\HISyOVy.exe
  C:\Windows\System\HISyOVy.exe
  2⤵
  PID:9204
- C:\Windows\System\diQkqma.exe
  C:\Windows\System\diQkqma.exe
  2⤵
  PID:2236
- C:\Windows\System\OONWBku.exe
  C:\Windows\System\OONWBku.exe
  2⤵
  PID:6412
- C:\Windows\System\lnPLSio.exe
  C:\Windows\System\lnPLSio.exe
  2⤵
  PID:8028
- C:\Windows\System\yVbIMIs.exe
  C:\Windows\System\yVbIMIs.exe
  2⤵
  PID:1716
- C:\Windows\System\vgEyims.exe
  C:\Windows\System\vgEyims.exe
  2⤵
  PID:2756
- C:\Windows\System\yjMopth.exe
  C:\Windows\System\yjMopth.exe
  2⤵
  PID:8248
- C:\Windows\System\DvhcCiZ.exe
  C:\Windows\System\DvhcCiZ.exe
  2⤵
  PID:8312
- C:\Windows\System\alYfUis.exe
  C:\Windows\System\alYfUis.exe
  2⤵
  PID:8264
- C:\Windows\System\skrjewQ.exe
  C:\Windows\System\skrjewQ.exe
  2⤵
  PID:8328
- C:\Windows\System\sGOmVuh.exe
  C:\Windows\System\sGOmVuh.exe
  2⤵
  PID:8348
- C:\Windows\System\hdffpCH.exe
  C:\Windows\System\hdffpCH.exe
  2⤵
  PID:8412
- C:\Windows\System\CscnalO.exe
  C:\Windows\System\CscnalO.exe
  2⤵
  PID:8408
- C:\Windows\System\mTgFoLj.exe
  C:\Windows\System\mTgFoLj.exe
  2⤵
  PID:8424
- C:\Windows\System\Lvnzybh.exe
  C:\Windows\System\Lvnzybh.exe
  2⤵
  PID:8488
- C:\Windows\System\OhQcwDC.exe
  C:\Windows\System\OhQcwDC.exe
  2⤵
  PID:8508
- C:\Windows\System\mzQfpAK.exe
  C:\Windows\System\mzQfpAK.exe
  2⤵
  PID:8540
- C:\Windows\System\PBVwjrr.exe
  C:\Windows\System\PBVwjrr.exe
  2⤵
  PID:8604
- C:\Windows\System\ITQVXAR.exe
  C:\Windows\System\ITQVXAR.exe
  2⤵
  PID:8588
- C:\Windows\System\lGxCvMc.exe
  C:\Windows\System\lGxCvMc.exe
  2⤵
  PID:8652
- C:\Windows\System\ZtZDfpk.exe
  C:\Windows\System\ZtZDfpk.exe
  2⤵
  PID:8668
- C:\Windows\System\EwFKdcI.exe
  C:\Windows\System\EwFKdcI.exe
  2⤵
  PID:8732
- C:\Windows\System\MDwBmhP.exe
  C:\Windows\System\MDwBmhP.exe
  2⤵
  PID:8716
- C:\Windows\System\KmfvOJH.exe
  C:\Windows\System\KmfvOJH.exe
  2⤵
  PID:8780
- C:\Windows\System\DOpSJeq.exe
  C:\Windows\System\DOpSJeq.exe
  2⤵
  PID:8812
- C:\Windows\System\WobcMSa.exe
  C:\Windows\System\WobcMSa.exe
  2⤵
  PID:8860
- C:\Windows\System\OiVEAxv.exe
  C:\Windows\System\OiVEAxv.exe
  2⤵
  PID:8892
- C:\Windows\System\LNrPxUU.exe
  C:\Windows\System\LNrPxUU.exe
  2⤵
  PID:8908
- C:\Windows\System\EomhcAo.exe
  C:\Windows\System\EomhcAo.exe
  2⤵
  PID:8972
- C:\Windows\System\hlyDBPE.exe
  C:\Windows\System\hlyDBPE.exe
  2⤵
  PID:8924
- C:\Windows\System\LkMcgkl.exe
  C:\Windows\System\LkMcgkl.exe
  2⤵
  PID:8988
- C:\Windows\System\GIEGiPi.exe
  C:\Windows\System\GIEGiPi.exe
  2⤵
  PID:9036
- C:\Windows\System\XQAyjKU.exe
  C:\Windows\System\XQAyjKU.exe
  2⤵
  PID:9100
- C:\Windows\System\dcdBquX.exe
  C:\Windows\System\dcdBquX.exe
  2⤵
  PID:9088
- C:\Windows\System\csxgaTj.exe
  C:\Windows\System\csxgaTj.exe
  2⤵
  PID:9168
- C:\Windows\System\SejNDbr.exe
  C:\Windows\System\SejNDbr.exe
  2⤵
  PID:876
- C:\Windows\System\rWSOdVp.exe
  C:\Windows\System\rWSOdVp.exe
  2⤵
  PID:9116
- C:\Windows\System\UPNeIBA.exe
  C:\Windows\System\UPNeIBA.exe
  2⤵
  PID:9148
- C:\Windows\System\GEXgGiN.exe
  C:\Windows\System\GEXgGiN.exe
  2⤵
  PID:8204
- C:\Windows\System\sfFxtxX.exe
  C:\Windows\System\sfFxtxX.exe
  2⤵
  PID:8284
- C:\Windows\System\YHLbkSN.exe
  C:\Windows\System\YHLbkSN.exe
  2⤵
  PID:8236
- C:\Windows\System\SBhuePd.exe
  C:\Windows\System\SBhuePd.exe
  2⤵
  PID:8296
- C:\Windows\System\cdLbDSr.exe
  C:\Windows\System\cdLbDSr.exe
  2⤵
  PID:8396
- C:\Windows\System\UUQqmUM.exe
  C:\Windows\System\UUQqmUM.exe
  2⤵
  PID:8576
- C:\Windows\System\nHJTXAl.exe
  C:\Windows\System\nHJTXAl.exe
  2⤵
  PID:8460
- C:\Windows\System\iYqNeju.exe
  C:\Windows\System\iYqNeju.exe
  2⤵
  PID:8560
- C:\Windows\System\KpOZHni.exe
  C:\Windows\System\KpOZHni.exe
  2⤵
  PID:8688
- C:\Windows\System\gqAhmjH.exe
  C:\Windows\System\gqAhmjH.exe
  2⤵
  PID:8800
- C:\Windows\System\yYcJDym.exe
  C:\Windows\System\yYcJDym.exe
  2⤵
  PID:8700
- C:\Windows\System\aatMAGy.exe
  C:\Windows\System\aatMAGy.exe
  2⤵
  PID:8944
- C:\Windows\System\qGsQVhg.exe
  C:\Windows\System\qGsQVhg.exe
  2⤵
  PID:9072
- C:\Windows\System\hoLVFQU.exe
  C:\Windows\System\hoLVFQU.exe
  2⤵
  PID:9180
- C:\Windows\System\HVGrXOr.exe
  C:\Windows\System\HVGrXOr.exe
  2⤵
  PID:8232
- C:\Windows\System\zzukeTN.exe
  C:\Windows\System\zzukeTN.exe
  2⤵
  PID:8456
- C:\Windows\System\SIoOTCv.exe
  C:\Windows\System\SIoOTCv.exe
  2⤵
  PID:2224
- C:\Windows\System\EpVQfAq.exe
  C:\Windows\System\EpVQfAq.exe
  2⤵
  PID:9020
- C:\Windows\System\yXCqLmE.exe
  C:\Windows\System\yXCqLmE.exe
  2⤵
  PID:9200
- C:\Windows\System\zyIkifL.exe
  C:\Windows\System\zyIkifL.exe
  2⤵
  PID:8280
- C:\Windows\System\VYdsDdv.exe
  C:\Windows\System\VYdsDdv.exe
  2⤵
  PID:8572
- C:\Windows\System\iImAuDi.exe
  C:\Windows\System\iImAuDi.exe
  2⤵
  PID:8768
- C:\Windows\System\JrXJuTn.exe
  C:\Windows\System\JrXJuTn.exe
  2⤵
  PID:8624
- C:\Windows\System\OyYmpGe.exe
  C:\Windows\System\OyYmpGe.exe
  2⤵
  PID:8220
- C:\Windows\System\DJhKuQw.exe
  C:\Windows\System\DJhKuQw.exe
  2⤵
  PID:9136
- C:\Windows\System\bpzycfC.exe
  C:\Windows\System\bpzycfC.exe
  2⤵
  PID:2256
- C:\Windows\System\vvTQodO.exe
  C:\Windows\System\vvTQodO.exe
  2⤵
  PID:9008
- C:\Windows\System\kEtogFW.exe
  C:\Windows\System\kEtogFW.exe
  2⤵
  PID:8620
- C:\Windows\System\XUHwYRc.exe
  C:\Windows\System\XUHwYRc.exe
  2⤵
  PID:9232
- C:\Windows\System\xuPHSJU.exe
  C:\Windows\System\xuPHSJU.exe
  2⤵
  PID:9248
- C:\Windows\System\PudqhqK.exe
  C:\Windows\System\PudqhqK.exe
  2⤵
  PID:9264
- C:\Windows\System\DeBSnVS.exe
  C:\Windows\System\DeBSnVS.exe
  2⤵
  PID:9280
- C:\Windows\System\KTPZqiB.exe
  C:\Windows\System\KTPZqiB.exe
  2⤵
  PID:9296
- C:\Windows\System\DxboQnS.exe
  C:\Windows\System\DxboQnS.exe
  2⤵
  PID:9312
- C:\Windows\System\kkLBVCZ.exe
  C:\Windows\System\kkLBVCZ.exe
  2⤵
  PID:9328
- C:\Windows\System\DBrLJyh.exe
  C:\Windows\System\DBrLJyh.exe
  2⤵
  PID:9344
- C:\Windows\System\RhqmhUQ.exe
  C:\Windows\System\RhqmhUQ.exe
  2⤵
  PID:9360
- C:\Windows\System\RLTtrrH.exe
  C:\Windows\System\RLTtrrH.exe
  2⤵
  PID:9376
- C:\Windows\System\BijMDsj.exe
  C:\Windows\System\BijMDsj.exe
  2⤵
  PID:9392
- C:\Windows\System\BSMvyMU.exe
  C:\Windows\System\BSMvyMU.exe
  2⤵
  PID:9408
- C:\Windows\System\QxYyCti.exe
  C:\Windows\System\QxYyCti.exe
  2⤵
  PID:9424
- C:\Windows\System\zlROgxl.exe
  C:\Windows\System\zlROgxl.exe
  2⤵
  PID:9440
- C:\Windows\System\tCHYTYf.exe
  C:\Windows\System\tCHYTYf.exe
  2⤵
  PID:9456
- C:\Windows\System\lsaAMfx.exe
  C:\Windows\System\lsaAMfx.exe
  2⤵
  PID:9472
- C:\Windows\System\PuvbZOW.exe
  C:\Windows\System\PuvbZOW.exe
  2⤵
  PID:9488
- C:\Windows\System\PCPKzYV.exe
  C:\Windows\System\PCPKzYV.exe
  2⤵
  PID:9504
- C:\Windows\System\PjZFAZS.exe
  C:\Windows\System\PjZFAZS.exe
  2⤵
  PID:9520
- C:\Windows\System\fEBMHxZ.exe
  C:\Windows\System\fEBMHxZ.exe
  2⤵
  PID:9536
- C:\Windows\System\ztKvNbB.exe
  C:\Windows\System\ztKvNbB.exe
  2⤵
  PID:9552
- C:\Windows\System\LVTvDDQ.exe
  C:\Windows\System\LVTvDDQ.exe
  2⤵
  PID:9568
- C:\Windows\System\YpbznHo.exe
  C:\Windows\System\YpbznHo.exe
  2⤵
  PID:9584
- C:\Windows\System\qpLQEmY.exe
  C:\Windows\System\qpLQEmY.exe
  2⤵
  PID:9600
- C:\Windows\System\nBAvzIE.exe
  C:\Windows\System\nBAvzIE.exe
  2⤵
  PID:9616
- C:\Windows\System\tSBzGxQ.exe
  C:\Windows\System\tSBzGxQ.exe
  2⤵
  PID:9632
- C:\Windows\System\hYAjtaf.exe
  C:\Windows\System\hYAjtaf.exe
  2⤵
  PID:9648
- C:\Windows\System\ZjrXteZ.exe
  C:\Windows\System\ZjrXteZ.exe
  2⤵
  PID:9664
- C:\Windows\System\zesvxwj.exe
  C:\Windows\System\zesvxwj.exe
  2⤵
  PID:9680
- C:\Windows\System\vENoIec.exe
  C:\Windows\System\vENoIec.exe
  2⤵
  PID:9696
- C:\Windows\System\hNHsfvL.exe
  C:\Windows\System\hNHsfvL.exe
  2⤵
  PID:9712
- C:\Windows\System\pcYmvdz.exe
  C:\Windows\System\pcYmvdz.exe
  2⤵
  PID:9728
- C:\Windows\System\ZyTsmBK.exe
  C:\Windows\System\ZyTsmBK.exe
  2⤵
  PID:9744
- C:\Windows\System\QneGvpz.exe
  C:\Windows\System\QneGvpz.exe
  2⤵
  PID:9760
- C:\Windows\System\bONWQkh.exe
  C:\Windows\System\bONWQkh.exe
  2⤵
  PID:9776
- C:\Windows\System\ciLevqR.exe
  C:\Windows\System\ciLevqR.exe
  2⤵
  PID:9792
- C:\Windows\System\ilcoREf.exe
  C:\Windows\System\ilcoREf.exe
  2⤵
  PID:9808
- C:\Windows\System\UxLPofi.exe
  C:\Windows\System\UxLPofi.exe
  2⤵
  PID:9824
- C:\Windows\System\yEWxRCO.exe
  C:\Windows\System\yEWxRCO.exe
  2⤵
  PID:9840
- C:\Windows\System\VgtorSV.exe
  C:\Windows\System\VgtorSV.exe
  2⤵
  PID:9856
- C:\Windows\System\zuqkaHh.exe
  C:\Windows\System\zuqkaHh.exe
  2⤵
  PID:9872
- C:\Windows\System\FGVbNza.exe
  C:\Windows\System\FGVbNza.exe
  2⤵
  PID:9888
- C:\Windows\System\kGmVfyC.exe
  C:\Windows\System\kGmVfyC.exe
  2⤵
  PID:9904
- C:\Windows\System\MTJlsbs.exe
  C:\Windows\System\MTJlsbs.exe
  2⤵
  PID:9920
- C:\Windows\System\CezJvZE.exe
  C:\Windows\System\CezJvZE.exe
  2⤵
  PID:9936
- C:\Windows\System\iQjchpy.exe
  C:\Windows\System\iQjchpy.exe
  2⤵
  PID:9952
- C:\Windows\System\eItWYLJ.exe
  C:\Windows\System\eItWYLJ.exe
  2⤵
  PID:9968
- C:\Windows\System\KWYkXSI.exe
  C:\Windows\System\KWYkXSI.exe
  2⤵
  PID:9988
- C:\Windows\System\sBDkVMj.exe
  C:\Windows\System\sBDkVMj.exe
  2⤵
  PID:10004
- C:\Windows\System\WiFWigq.exe
  C:\Windows\System\WiFWigq.exe
  2⤵
  PID:10020
- C:\Windows\System\FmKAlue.exe
  C:\Windows\System\FmKAlue.exe
  2⤵
  PID:10036
- C:\Windows\System\nQwtriQ.exe
  C:\Windows\System\nQwtriQ.exe
  2⤵
  PID:10052
- C:\Windows\System\CqoXsCU.exe
  C:\Windows\System\CqoXsCU.exe
  2⤵
  PID:10068
- C:\Windows\System\lodxZvx.exe
  C:\Windows\System\lodxZvx.exe
  2⤵
  PID:10084
- C:\Windows\System\qlzINWT.exe
  C:\Windows\System\qlzINWT.exe
  2⤵
  PID:10100
- C:\Windows\System\DzJqCva.exe
  C:\Windows\System\DzJqCva.exe
  2⤵
  PID:10116
- C:\Windows\System\tNnUcmT.exe
  C:\Windows\System\tNnUcmT.exe
  2⤵
  PID:10132
- C:\Windows\System\IqVIxuU.exe
  C:\Windows\System\IqVIxuU.exe
  2⤵
  PID:10148
- C:\Windows\System\YYjXyQx.exe
  C:\Windows\System\YYjXyQx.exe
  2⤵
  PID:10164
- C:\Windows\System\pnkKaCP.exe
  C:\Windows\System\pnkKaCP.exe
  2⤵
  PID:10180
- C:\Windows\System\RLVKrbD.exe
  C:\Windows\System\RLVKrbD.exe
  2⤵
  PID:10196
- C:\Windows\System\qWnUtAg.exe
  C:\Windows\System\qWnUtAg.exe
  2⤵
  PID:10212
- C:\Windows\System\bVIpmVz.exe
  C:\Windows\System\bVIpmVz.exe
  2⤵
  PID:10228
- C:\Windows\System\ayGuoXF.exe
  C:\Windows\System\ayGuoXF.exe
  2⤵
  PID:8528
- C:\Windows\System\ZudyxLc.exe
  C:\Windows\System\ZudyxLc.exe
  2⤵
  PID:9132
- C:\Windows\System\DGRSizd.exe
  C:\Windows\System\DGRSizd.exe
  2⤵
  PID:8440
- C:\Windows\System\gGJZNaf.exe
  C:\Windows\System\gGJZNaf.exe
  2⤵
  PID:9256
- C:\Windows\System\pmsWwsO.exe
  C:\Windows\System\pmsWwsO.exe
  2⤵
  PID:9272
- C:\Windows\System\LhWBbiV.exe
  C:\Windows\System\LhWBbiV.exe
  2⤵
  PID:9244
- C:\Windows\System\vDOIIpy.exe
  C:\Windows\System\vDOIIpy.exe
  2⤵
  PID:9308
- C:\Windows\System\hVOkiFv.exe
  C:\Windows\System\hVOkiFv.exe
  2⤵
  PID:9372
- C:\Windows\System\rYfwLqK.exe
  C:\Windows\System\rYfwLqK.exe
  2⤵
  PID:9468
- C:\Windows\System\WsqSPci.exe
  C:\Windows\System\WsqSPci.exe
  2⤵
  PID:9324
- C:\Windows\System\smCNEID.exe
  C:\Windows\System\smCNEID.exe
  2⤵
  PID:9388
- C:\Windows\System\gwPaWhw.exe
  C:\Windows\System\gwPaWhw.exe
  2⤵
  PID:9420
- C:\Windows\System\DwbfIoG.exe
  C:\Windows\System\DwbfIoG.exe
  2⤵
  PID:9512
- C:\Windows\System\sVNYyXs.exe
  C:\Windows\System\sVNYyXs.exe
  2⤵
  PID:9560
- C:\Windows\System\jsnJVyT.exe
  C:\Windows\System\jsnJVyT.exe
  2⤵
  PID:9548
- C:\Windows\System\tTarxUx.exe
  C:\Windows\System\tTarxUx.exe
  2⤵
  PID:9596
- C:\Windows\System\sJocGBX.exe
  C:\Windows\System\sJocGBX.exe
  2⤵
  PID:9640
- C:\Windows\System\tVjNiSr.exe
  C:\Windows\System\tVjNiSr.exe
  2⤵
  PID:9704
- C:\Windows\System\ruoYIfH.exe
  C:\Windows\System\ruoYIfH.exe
  2⤵
  PID:9628
- C:\Windows\System\FYOMXqX.exe
  C:\Windows\System\FYOMXqX.exe
  2⤵
  PID:9692
- C:\Windows\System\cNUMCOq.exe
  C:\Windows\System\cNUMCOq.exe
  2⤵
  PID:9752
- C:\Windows\System\ocEHApE.exe
  C:\Windows\System\ocEHApE.exe
  2⤵
  PID:9784
- C:\Windows\System\wvXLKTk.exe
  C:\Windows\System\wvXLKTk.exe
  2⤵
  PID:9836
- C:\Windows\System\kvUuNkH.exe
  C:\Windows\System\kvUuNkH.exe
  2⤵
  PID:9900
- C:\Windows\System\GuJRxTZ.exe
  C:\Windows\System\GuJRxTZ.exe
  2⤵
  PID:9788
- C:\Windows\System\RvJHEcx.exe
  C:\Windows\System\RvJHEcx.exe
  2⤵
  PID:9852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AYJMhxx.exe

Filesize
6.0MB

MD5
dae676195cd80daf6c775c7af94a5cba

SHA1
c1693f16c02cc17815d632fd45e657859ce4fc90

SHA256
6f929e7e196c671203fe6f3a6f0d0ac9cb19c531aee3bbd84d9993aaa0b9b69a

SHA512
2fe5451db28c2c67a92cc5943f1351fa2a74b6be22495ab6e70a5894783e8d6d3c820c29ae5032779c8034a998f3d1eab9109c900696ba1029f5484ee0c01107

Download Submit
C:\Windows\system\FJGHgvQ.exe

Filesize
6.0MB

MD5
69c3841353d9269d70c208e6f1758e6e

SHA1
4c528b37e00e60123ef2938000b262a3aae14650

SHA256
1558acd0414ec9c12a7aeb32a0f8fd0682ebabf4dd925c15c32bd219a43fd048

SHA512
d206c772a9b4e5654f0f278565e873a93fcad0c088db806eb3be6fcd25bf112862fbad0e0814341d1ba972147e50626bd4d38a83c59efbde7080b963fe8b382f

Download Submit
C:\Windows\system\GFSwzmd.exe

Filesize
6.0MB

MD5
d31acc4261f568064061d48d6b215e0f

SHA1
ae1985269eec4ec6db7e98ac33fa150ae8aaec25

SHA256
f65564397f01ca0e7d33480c3505783c3ef7798fd7387146eddec69c3ee780b0

SHA512
b76893ab5c0a68e01de99b18ed763ba27fd39b356a381dc18e5da98260f6bc533a3e1e93f0e4cf3e763714d944fcc6cac7489a2314326cbd3cbe3b051727d479

Download Submit
C:\Windows\system\HhbcmRf.exe

Filesize
6.0MB

MD5
0abd228e71624890d61469fa0ca60d02

SHA1
e6fe9a3ff134daf7425068ce8012eff475662fee

SHA256
edf31f2c4361f567e84c4a0c12e8c9da0d0b6cdf38f264b58596317c99e47bd7

SHA512
e7d49d03dfa00c681a26b0e7c0ec4eb45582766dc8c99ddaf88da185b156230a8a6a83853abc15c33d812de5a73e98ca0f1adf82f2f3cc7b0cdbae0b12f368da

Download Submit
C:\Windows\system\IUhjFtn.exe

Filesize
6.0MB

MD5
02179bd1e675f22737b3001605c7693f

SHA1
e6ddc826a3b59734cfa77105c044b18a9d56c6fd

SHA256
08c985be68e63d73438b596b4ece15c0fbbd9d459af3de53a45b0b609a68cb8e

SHA512
bb9e2887ef818e5f75471c5bd2af13e8c73d0b023c29878e54c40c3dad2d26d600de32629892fe77d6ef0953952df8f1ce92c22c700908ef80a2d00611a829d7

Download Submit
C:\Windows\system\IVBSaSd.exe

Filesize
6.0MB

MD5
983537fbc0de9d369b6ab5bc2d18fe2a

SHA1
a8934eb69bf6ff6df961ff2b0e7b5c85f441fbe7

SHA256
243fc20abb1d5a6ba87e427cfed131b2e9cc8995352570c268457050e8b3ccdb

SHA512
6ddbaa2c8315ad8c9783bdd70c64954d67526eb8835887c954578c97e08756a015ef8a6e7b93cec2c043d637e02e69e86cb8938f71d5d7790b993550174ce489

Download Submit
C:\Windows\system\IbBlOQK.exe

Filesize
6.0MB

MD5
58303e1fd62d40ae2c8c523628a7e5f1

SHA1
7e8e2e7eb09706afe832e64e26aa4b7d6fca6fe9

SHA256
895a2e65be2a3fa699475f9ab9209b9ee97ee87ab11e82415c56dd68f85d14cb

SHA512
f4828f73c6aedfe44855979bf6e899e4c66c57b323864885810196750fb348affb592ecaad4f2720fa1ce585279601c76dc58e50caf1a3520954e5aeb31b4dec

Download Submit
C:\Windows\system\LwUJUlD.exe

Filesize
6.0MB

MD5
f34181f6d62a5292474fa08a83f9cfe0

SHA1
b9a17ac460b86e1e8d79f12f74c2a552f863e5b2

SHA256
b7fdd905925c130a1888239425c4687eb3ebfd876fe7f54647c314d989ca9706

SHA512
1b86683afd99f5cba1cb67bfecfcf59e75017e4b431721e5b09bde79a50ae24571d3f78006fcbed4e35b9f29bdcf32f31a2888ca6aa142ab8b11ea7af7e9ad11

Download Submit
C:\Windows\system\NDDdyAm.exe

Filesize
6.0MB

MD5
c161f6dfa9a38dd44b51ae85e0191608

SHA1
b33f2a97a3a717f415d1ca09904b474056c36ec3

SHA256
ba73996421f21fdc091a0ec72cd14b65316f2027e163bcc0b3696905bdbb4989

SHA512
7c4bbe20992da0be6fe3a17b2fde84a9295ac2a8f69d4f8dc52641e66bc3610989af242595fc5693326a6b08acfdc09273902a8c75fb44ee580339a5f99b4de6

Download Submit
C:\Windows\system\PAmYZCk.exe

Filesize
6.0MB

MD5
06d44820dd84b43a9202dedcaa896ce3

SHA1
f5e09e7de735278074de23a2e5fd9b59294134e1

SHA256
3b51b39ab7b119120da887b4a2e9a8ac0898dd11fd1e29f4d35f2e58de3b2193

SHA512
a44d0331a37d159eff4535b3f5c6e85dcbd0c0755753db549d8669b3219631bf053c552158039a5f07b60c740f93382b918cf8474b86e876ec58518f874b7b33

Download Submit
C:\Windows\system\PRvPoNS.exe

Filesize
6.0MB

MD5
3e824e5cc0d9d90585b7e66f2d7cef2a

SHA1
9f320881f2dc1499cbebd3b6bcbd20a34f965f72

SHA256
18ecd5cf3c31bfcfa700e97420d73e84743339ec210a26802f4f94dd70c94e20

SHA512
e7675445a85e6e13dfbca053e9028d18b913e43c8ca0002527a3f225dc9e3b935e62aa69f2096bc441c6ac63df3c9aa5c869845bfa671d2171b7cab58cfc44a4

Download Submit
C:\Windows\system\TuBbexJ.exe

Filesize
6.0MB

MD5
4c5c02a308eb9dbfe1c122d706c96950

SHA1
586f47cfb8e37a48fa5eb3b22e553bb0ec11da57

SHA256
e26328fbf643b1c3e13c69bc87fbe5a9541c2a6bca6064581a4ab909b6942766

SHA512
a65453f4002131e0ee01179e9cc149fd1ca94038b19c6b96c267707a35765627667f203438bd3e5945274d0e0dda49c53b96c3b145714ded05fd16635fb5d20a

Download Submit
C:\Windows\system\UzEGawb.exe

Filesize
6.0MB

MD5
8d1a19704894f3d06ceeffb1920b0e48

SHA1
7e625c4802c1f613713298274045a3939d6f9702

SHA256
219e77fdd15e7874b314b20bcade1c30744aea9966e4107c61d86a5655bdeb58

SHA512
8f7280547ac706e88432660b5b93b06dec817da3c99e0d8c35fe164dc7f0ca7165730f55d7a3e5ca3f058f130e4687223669fb7494bbf522497090e101ada60f

Download Submit
C:\Windows\system\WiaBYQt.exe

Filesize
6.0MB

MD5
c6471c6275278f33e80fb54c85c673c6

SHA1
3540682bcd6b3b7dd49f9982cf01c3bc846235a2

SHA256
74be7768ae4b26be7766e4ee3d8f77f29db94d2dcedc34e36b53815a42a56c12

SHA512
16dc16756fee1b7c930d66df72da4750c9630a5ed81be08d90e4c089e0a54008efd04a31ead2806bb0827fafc608854b32be935bc2c19df36231faf93441ed10

Download Submit
C:\Windows\system\XLzyrDI.exe

Filesize
6.0MB

MD5
fc70b9b9ff042d0d9ffa9eaae39cb6b9

SHA1
7ac79f3f4deb9fd4af0a7f443ad8082432272840

SHA256
9eb5b7c0567983929510014bd4033bd49051eb4607fd09800c050c5999fd8dc2

SHA512
f41813c3853ee116a55c481a9b41559c9e423f378c6c85cee0180833c9e9306b8239d6094901dec5e8dac21b0855aa3ff75873738a2c4adf9121ca75797aee1e

Download Submit
C:\Windows\system\ZhVWzNc.exe

Filesize
6.0MB

MD5
1ba5cc653be4770b40e53822af4af877

SHA1
0cf506b965e5251d4e5bc738b1ce645c8824ae63

SHA256
90bd743a13fec1c75c59bd57303504e4086d522075f552494e176abec5f2d346

SHA512
d91bf6b89ab54b0d9514e2d7d3a7c14017191a9b18a50c553d06657f8c0e5bd6c532671cac285c12b0d69a7dce21674e197e9cdad1212615bc8b0a0768080950

Download Submit
C:\Windows\system\bbSUGNC.exe

Filesize
6.0MB

MD5
68b9cc9898e69fb0f58bcde218685160

SHA1
2ad811278d4839889b082e62cc4f436b2469f485

SHA256
9d9f2fcb9aa1114bae950135457902534c800cb500923b9ca9c1cf45c14a6022

SHA512
bda7d1a28dd66d78c8b4465477bdea71068a15146a2af3d72eedb4853d2017f5a06733ac53942b7da487b4ca91b4403a083a8462b31af72fd00cc61d174493a9

Download Submit
C:\Windows\system\cDqIcKF.exe

Filesize
6.0MB

MD5
516977a00f2ddd10cb7003c1cd65860a

SHA1
557fa5876cd3ac3e6af25780d3d968fa483b0fa6

SHA256
4d684dcd8c0deca3695f4ea6d32c4e849a5419e46aee4179493a1473e8038546

SHA512
52f6d55ecd4bef1e24637416f72e805a7dce223946495ac9afcceb6f55885a36f1aa4a9bcf299e10ce1d8ac439b10b12f8920d3eaac024a2b15e3477e3ec2494

Download Submit
C:\Windows\system\gKJGJRG.exe

Filesize
6.0MB

MD5
42af595da92178d85c8408a7703e3cee

SHA1
5d5002745fb808a1421d6c2bef9abc4440823ed6

SHA256
2c308e790df16ea280b85a08d28a1fb9c5c1527b6eeb745353bef85c1d21f82a

SHA512
153fd2ff70a0a98780be3f97e6dc1a8a5fa7115c5929e06608b97d13664bb0afaaf817815ad648e8db767653f866a926989e0da051ab54004cbf82db66faf305

Download Submit
C:\Windows\system\hperZLJ.exe

Filesize
6.0MB

MD5
91b4f28e8b0e57a836d1c8ae3edefe31

SHA1
fddd7210ee6c1b05093a0331557a31162cdbffdb

SHA256
ca471faec482de2deac4b5adaf95bf49333b56cda32fd8a62cc56aff4e9c156c

SHA512
e1c89dde4a170e3d80d56d56c7cf9226d01de9c039c39355e1eeaf7bd82ca2734e7bf87c425e7815163bf578bc988daab3f1a5fb58b7fe81bd84e476208c1b80

Download Submit
C:\Windows\system\mWiPAUn.exe

Filesize
6.0MB

MD5
d2dad8e6ce8316eb9c8765f9c5b87686

SHA1
d2cc87961512b38e0d696b7f636ec3773563229b

SHA256
7eab2c824a62e2d9506ac705962e25cd65ea3dde16f0a52685fc53323423bdf5

SHA512
ccafead1d86376491b96e52438b593dbf6b2c98acd71416a072e87ca8d54b30b3a13223f76dffccdd781beb471b19f5075e24b2dd1024c6aae85b3c6edbd9b8b

Download Submit
C:\Windows\system\msRsTBQ.exe

Filesize
6.0MB

MD5
e49df369fd32a786aa40b515c6633368

SHA1
879b4619cfb7a39c41025183756471bb6706cd44

SHA256
13ffb379b51410122138c62c00519d7747f1b6a2448b79385f3a139f9d86fa38

SHA512
8680bb7dd1f8d11f26fc33b60816e8f8d2cfdba13b24ff19e12ec660a9306e4452f261effe8d5f5d0104257f0ca408be4c80756b4e35da886fd9d6edb1ca1ccd

Download Submit
C:\Windows\system\oBzdDFN.exe

Filesize
6.0MB

MD5
73c2cb44c83c3dd885cb5118e0176c06

SHA1
b84a492150bd0bef21a0b2026faf9e92b3dff0fa

SHA256
6e883d183740feed4f59b3346dca20a84133eb0fcc1662e9d380e872b5aedfca

SHA512
7572ddb0a3e0ac6422f4a860790f12fa2e4235d9e4ea05fefdff1cbfcf375e024582208a382389d180d8672920b14f939bfa3dc60f4ebb56af4daccda10e0a4d

Download Submit
C:\Windows\system\qVKKhfq.exe

Filesize
6.0MB

MD5
5d2199c5bb71bd95dfe9791ac49bc344

SHA1
31bcc847679ea1c9a0e8261d57856aaa746c461a

SHA256
67c2ea99f13544876b1963c150c126198434019ed839f717782d14e59232ede3

SHA512
6eb5b8103b98362fb821370903e2c3877ad609c25366bb17f6975101d22267dec91b43289dd5c45b221c10e8e94cb91e73216dbdfe786f44c6b87e5708f450ff

Download Submit
C:\Windows\system\tGrMdXe.exe

Filesize
6.0MB

MD5
96aab4fd31705846531b3498d9af4267

SHA1
2cc067c9745562df1b97162556a875e38e311ac5

SHA256
fc5265ad45fb28b0ac89eb0bfcd178ffba61b502d4dc312333bc3423cfaf6374

SHA512
481f555586cac5aa0682df5fbf8b97a73ece897d35517b9c38f8245545887ef540ccffdabaa110605f9d814a3c034102773e6445dfb1fb7ad0f9a52f022a5510

Download Submit
C:\Windows\system\wOVDBeN.exe

Filesize
6.0MB

MD5
1ba389aa1cecb4263c3e880d69e1f19a

SHA1
2f62e12fe0268b9df47f8d2b8ac488ea7c0a534b

SHA256
9e90b063147d150f74fb606fc326138eb88ab7f353894541d56c5640f745c33f

SHA512
74c8658656d0e21fccaa71e48d3a9dc921c91493d43219e3914d4f79a8446b11b5feca5730dbd3e478e76e4c0b64373477ffee801bb5ff5d4ab8faa81271ee23

Download Submit
C:\Windows\system\wWIIcRj.exe

Filesize
6.0MB

MD5
bc67a4320e457954265dbfdc2a10f970

SHA1
9319f64fdbb059c8b357a967511edafcdea89ce0

SHA256
7064c812eef4de257f05169a41b8eae79345e5d1db7a40b98a8c94a71e4b8bf2

SHA512
934e5c5b1270b170600f30e3ceac7efb656f8bd8c8ced8f0b0c3924824c78042e23f7e08efb6d7934925b6a39ec8a1ebd7bd52091d285a5810303c1f6a67556a

Download Submit
C:\Windows\system\wpGOXaq.exe

Filesize
6.0MB

MD5
0d4af224900c01e1b69aa6452af4be97

SHA1
d403bd574e1e53f92979e0425ccd2848b9c27ac0

SHA256
d58a1cf9a116d680519ffbe14cc44745a171250bfc355217ea42e3feb0303182

SHA512
0923d5b4cab5959ff731b037fa8e6530d804776ef53ec2744433f1ac7bf7fe03e1ead2c10aa29c123d32c3359925490fcfa2a9e756b7cd381c0909d00e70490a

Download Submit
\Windows\system\ADoNORI.exe

Filesize
6.0MB

MD5
b75c2432662d73cdd6ccc737a89b3388

SHA1
b371b7da85936c1902a3244eb2ad739094014744

SHA256
0cb275bfff8ddb010ed6433ee77def0f3b1879ba04c21a9bfe9be419afcc60ec

SHA512
6c2147c2f0901bfbaee90303296b2c1664580922f092dfdf237dd1e39ec0cd6af08246387d9b3fe03a3389b9993cb0cd1dbd6ec843356418f1bbb894173606c9

Download Submit
\Windows\system\AXiAeHo.exe

Filesize
6.0MB

MD5
7802740367528b28feaa581441515b35

SHA1
06ce9116ac28f5469824cb4b149b3b982dff471c

SHA256
332f0df099d663fdb8fcce92d55a10cb7eaab1b82e6e8aa14cc3d352638429be

SHA512
559afe15666f32fbb5e5e3819a1a1ba58ada0ba7250e7709aadbaf28eba45dc9582490e795cc38c3c77544657f462e73cba33d2e1f5130e83bf8890d8d17c482

Download Submit
\Windows\system\KEiSajc.exe

Filesize
6.0MB

MD5
0d70eda63b97834014031630c0145715

SHA1
55cb588f1983b989d247e8ae9a9878815b0f0731

SHA256
ac6531d8eb628e6d7fd482752e81ebeec531fd1a6311bc8fbcd779a3d7bec1a4

SHA512
d04fd052d7a670f3b943540bf8bc89b1ea3d934accbb01a20f736bd5a6074e487cd546614149e9164c9eefb6a83c6c70cd483a7fbb741cd6453e176d3fa5ffea

Download Submit
\Windows\system\wZvrkaR.exe

Filesize
6.0MB

MD5
f5b498029301e860bf2bea2fe7a87c4a

SHA1
3ac57485bc42a96ad3d0b0c0e1b4dbf2f2cb3679

SHA256
c09a734ccb8603501359955616a0788e7ad47619e1fe28d8e82b54cc40d79d98

SHA512
0d6bd2b2b02a1d98625e663bacdd0ef1ca9953a73b6a640f77ae3954f5bda0dfdaca80d29a970ef51d63d58ec41338881b743bf59c1fac5454acdb48c31a7fbe

Download Submit
memory/1708-13-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/1708-4003-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/1712-4615-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-98-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-4000-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-66-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-104-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2276-65-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2276-537-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2276-943-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2276-1173-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2276-343-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2276-0-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2276-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2276-99-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-57-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2276-92-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2276-29-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2276-45-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2276-76-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2276-90-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-14-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2276-47-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2276-63-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-33-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2308-77-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2308-4001-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2316-4614-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2316-83-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2444-4005-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2444-78-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2444-35-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2452-4613-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2452-239-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2452-70-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2580-89-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2580-4002-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2580-46-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2592-84-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-40-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-3999-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-26-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2688-4007-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2688-69-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2712-15-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2712-4006-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2916-4612-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-91-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-21-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-4004-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/3056-61-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/3056-3998-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/3056-93-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download