cobaltstrike | 78d94c9bd6dd057fce39978b9615232fb398465a090d58d827a2da2b8642bf46

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 12:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

4d041626ec36c452e0ea7977b3dcd92c
SHA1

913534ddea5916ff8086a76badebd5867cdc4fcf
SHA256

78d94c9bd6dd057fce39978b9615232fb398465a090d58d827a2da2b8642bf46
SHA512

dfb443162feda5dbaa4982283aeced4ae4b426ce59c24309e3b1f6c2907d1ff099df51ce8680f413253d8c5b2aa224fc4fe86e9578332e60484f775843b51722
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU1:T+q56utgpPF8u/71

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x0007000000012116-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017403-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017409-10.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001748f-28.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001752f-33.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e4-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019639-194.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019620-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019539-139.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d8-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947e-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942f-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-81.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193c4-72.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-91.dat	cobalt_reflective_dll
behavioral1/files/0x002d0000000173aa-78.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018690-55.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001879b-64.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000018678-47.dat	cobalt_reflective_dll
behavioral1/files/0x001600000001866d-39.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2376-0-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/files/0x0007000000012116-3.dat	xmrig
behavioral1/files/0x0008000000017403-11.dat	xmrig
behavioral1/memory/2764-19-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/files/0x0008000000017409-10.dat	xmrig
behavioral1/files/0x000800000001748f-28.dat	xmrig
behavioral1/files/0x000700000001752f-33.dat	xmrig
behavioral1/memory/2948-36-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2376-51-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2684-68-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/1680-94-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2768-84-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195e4-144.dat	xmrig
behavioral1/files/0x0005000000019639-194.dat	xmrig
behavioral1/files/0x0005000000019627-184.dat	xmrig
behavioral1/files/0x0005000000019629-188.dat	xmrig
behavioral1/files/0x0005000000019625-180.dat	xmrig
behavioral1/files/0x0005000000019623-174.dat	xmrig
behavioral1/files/0x0005000000019620-165.dat	xmrig
behavioral1/files/0x0005000000019621-170.dat	xmrig
behavioral1/files/0x000500000001961f-159.dat	xmrig
behavioral1/files/0x000500000001961d-155.dat	xmrig
behavioral1/files/0x000500000001961b-149.dat	xmrig
behavioral1/files/0x0005000000019539-139.dat	xmrig
behavioral1/files/0x00050000000194d8-134.dat	xmrig
behavioral1/files/0x000500000001947e-129.dat	xmrig
behavioral1/files/0x0005000000019441-124.dat	xmrig
behavioral1/files/0x000500000001942f-119.dat	xmrig
behavioral1/files/0x0005000000019403-114.dat	xmrig
behavioral1/files/0x00050000000193df-100.dat	xmrig
behavioral1/files/0x0005000000019401-109.dat	xmrig
behavioral1/memory/1416-108-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/files/0x00050000000193cc-81.dat	xmrig
behavioral1/memory/1056-97-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2928-75-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000193c4-72.dat	xmrig
behavioral1/files/0x00050000000193d9-91.dat	xmrig
behavioral1/memory/2376-90-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2068-89-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2376-88-0x00000000022F0000-0x0000000002644000-memory.dmp	xmrig
behavioral1/files/0x002d0000000173aa-78.dat	xmrig
behavioral1/memory/3064-67-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2764-60-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2672-59-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2376-66-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x0007000000018690-55.dat	xmrig
behavioral1/files/0x000700000001879b-64.dat	xmrig
behavioral1/memory/2556-50-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x000a000000018678-47.dat	xmrig
behavioral1/memory/2768-41-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x001600000001866d-39.dat	xmrig
behavioral1/memory/2684-29-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2696-25-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2748-24-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2748-3945-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2556-3948-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2696-3947-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/1680-3946-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2684-3956-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/1416-3957-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2928-3955-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2764-3954-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2672-3953-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2068-3952-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

gcyklXC.exemUhnJBz.exehrpHivy.exeGrfqpjI.exeHyXkzYv.exeVfZmKdc.exeHZyWqHl.exeNcPjzvJ.exeZzIZvyn.exeomWINAt.exeGLeNsHj.exetMzLaZD.exeZHrpBCo.exedAeuKzG.exepKyGkyG.exeEijWYlu.exexMdvFpZ.exewtjxJFf.exektLCUcT.exegWFCzXZ.exeAWYjJtt.exeKkZfXrk.exeIcjiAzi.exeugdydZP.exeRtvNyll.exeGvWjThD.exeHJRlaiP.exeDchxtGm.exeNLJaNul.exesJKByAy.exewHjVAGG.exefOmvrFA.exeXROIYcV.exeXCORqAX.exeqMKqlHf.exewbDCGQD.exenLTKEvj.exeCabkGRF.exeTDmYumN.exedoSUyVb.exeADPWjpD.exeClYCvJE.exenoLelwE.exeZiWYREo.exeFzXUKPa.exezOivzVr.exemBuZDDM.exemHhzrab.exeUIQOCNu.exemSgrIkn.exeWXtRFoo.exetJMiZmU.exevcJvExX.exeVqyFUdp.exeBzMWrjW.exelmYokIX.exeOHFPSjN.exeParlgKt.exemvRivfq.exeAexmOoD.exewbLqzIA.exeVqgXTxI.exekbDWrun.exeCJTIqXW.exe

pid	Process
2696	gcyklXC.exe
2764	mUhnJBz.exe
2748	hrpHivy.exe
2684	GrfqpjI.exe
2948	HyXkzYv.exe
2768	VfZmKdc.exe
2556	HZyWqHl.exe
2672	NcPjzvJ.exe
3064	ZzIZvyn.exe
2928	omWINAt.exe
2068	GLeNsHj.exe
1680	tMzLaZD.exe
1056	ZHrpBCo.exe
1416	dAeuKzG.exe
1940	pKyGkyG.exe
2252	EijWYlu.exe
2640	xMdvFpZ.exe
320	wtjxJFf.exe
1044	ktLCUcT.exe
3000	gWFCzXZ.exe
112	AWYjJtt.exe
908	KkZfXrk.exe
1996	IcjiAzi.exe
2360	ugdydZP.exe
2808	RtvNyll.exe
1912	GvWjThD.exe
1976	HJRlaiP.exe
344	DchxtGm.exe
316	NLJaNul.exe
1792	sJKByAy.exe
340	wHjVAGG.exe
1684	fOmvrFA.exe
2500	XROIYcV.exe
3012	XCORqAX.exe
1292	qMKqlHf.exe
1652	wbDCGQD.exe
1460	nLTKEvj.exe
1240	CabkGRF.exe
608	TDmYumN.exe
560	doSUyVb.exe
2476	ADPWjpD.exe
3040	ClYCvJE.exe
3028	noLelwE.exe
1596	ZiWYREo.exe
752	FzXUKPa.exe
996	zOivzVr.exe
1564	mBuZDDM.exe
2484	mHhzrab.exe
1936	UIQOCNu.exe
1944	mSgrIkn.exe
1928	WXtRFoo.exe
1520	tJMiZmU.exe
2756	vcJvExX.exe
2348	VqyFUdp.exe
2416	BzMWrjW.exe
2272	lmYokIX.exe
2676	OHFPSjN.exe
2572	ParlgKt.exe
2932	mvRivfq.exe
1316	AexmOoD.exe
792	wbLqzIA.exe
1536	VqgXTxI.exe
828	kbDWrun.exe
1224	CJTIqXW.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2376-0-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/files/0x0007000000012116-3.dat	upx
behavioral1/files/0x0008000000017403-11.dat	upx
behavioral1/memory/2764-19-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/files/0x0008000000017409-10.dat	upx
behavioral1/files/0x000800000001748f-28.dat	upx
behavioral1/files/0x000700000001752f-33.dat	upx
behavioral1/memory/2948-36-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2376-51-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2684-68-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/1680-94-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2768-84-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x00050000000195e4-144.dat	upx
behavioral1/files/0x0005000000019639-194.dat	upx
behavioral1/files/0x0005000000019627-184.dat	upx
behavioral1/files/0x0005000000019629-188.dat	upx
behavioral1/files/0x0005000000019625-180.dat	upx
behavioral1/files/0x0005000000019623-174.dat	upx
behavioral1/files/0x0005000000019620-165.dat	upx
behavioral1/files/0x0005000000019621-170.dat	upx
behavioral1/files/0x000500000001961f-159.dat	upx
behavioral1/files/0x000500000001961d-155.dat	upx
behavioral1/files/0x000500000001961b-149.dat	upx
behavioral1/files/0x0005000000019539-139.dat	upx
behavioral1/files/0x00050000000194d8-134.dat	upx
behavioral1/files/0x000500000001947e-129.dat	upx
behavioral1/files/0x0005000000019441-124.dat	upx
behavioral1/files/0x000500000001942f-119.dat	upx
behavioral1/files/0x0005000000019403-114.dat	upx
behavioral1/files/0x00050000000193df-100.dat	upx
behavioral1/files/0x0005000000019401-109.dat	upx
behavioral1/memory/1416-108-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/files/0x00050000000193cc-81.dat	upx
behavioral1/memory/1056-97-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2928-75-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x00060000000193c4-72.dat	upx
behavioral1/files/0x00050000000193d9-91.dat	upx
behavioral1/memory/2068-89-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/files/0x002d0000000173aa-78.dat	upx
behavioral1/memory/3064-67-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2764-60-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2672-59-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x0007000000018690-55.dat	upx
behavioral1/files/0x000700000001879b-64.dat	upx
behavioral1/memory/2556-50-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x000a000000018678-47.dat	upx
behavioral1/memory/2768-41-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x001600000001866d-39.dat	upx
behavioral1/memory/2684-29-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2696-25-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2748-24-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2748-3945-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2556-3948-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2696-3947-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/1680-3946-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2684-3956-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/1416-3957-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2928-3955-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2764-3954-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2672-3953-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2068-3952-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/3064-3951-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/1056-3950-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2768-3949-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\zEgyuNE.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FMcQJiu.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NthlRzY.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ODWkQru.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VPWnXUN.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xPGixJj.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YlRqaAN.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLqFnZt.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SzYHzmr.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RCaQUHH.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpYJRYS.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHrpBCo.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tjOmgCf.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPuZEaE.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bWfJTjf.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rTwTJXo.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RdfyGGM.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fomGBUU.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kSAcKNe.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MDmZfhI.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ACNFNTY.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bqjOnrM.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cKNozqU.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ztaIazQ.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lEDGRwc.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ssQocyS.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OnEJNdA.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XXJuSxy.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sLyiSkW.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IBRiQhE.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpbByxB.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wVAjBgE.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WReHWmG.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EDXjGFA.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMmnrNp.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ElGujJm.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nIlvlZE.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZrBBDyr.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HBcbDXY.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ytujltV.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ohaeQZI.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RYyIBOv.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Nrbxdzh.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vIZOXFx.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AgOZZZO.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iBtHTnI.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxeFiiQ.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NTzBEXG.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qjreunX.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JygjUTF.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WQKmZYi.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ParlgKt.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FTHVtWd.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QiKcXHk.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQEPJTj.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xnXZLYb.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jjArJQD.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zuOTRQy.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\omWINAt.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HJRlaiP.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wGNeGXu.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jcAcVAk.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GWCEPdX.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\StVYspT.exe	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 2376 wrote to memory of 2696	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2376 wrote to memory of 2696	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2376 wrote to memory of 2696	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2376 wrote to memory of 2764	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2376 wrote to memory of 2764	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2376 wrote to memory of 2764	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2376 wrote to memory of 2748	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2376 wrote to memory of 2748	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2376 wrote to memory of 2748	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2376 wrote to memory of 2684	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2376 wrote to memory of 2684	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2376 wrote to memory of 2684	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2376 wrote to memory of 2948	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2376 wrote to memory of 2948	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2376 wrote to memory of 2948	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2376 wrote to memory of 2768	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2376 wrote to memory of 2768	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2376 wrote to memory of 2768	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2376 wrote to memory of 2556	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2376 wrote to memory of 2556	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2376 wrote to memory of 2556	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2376 wrote to memory of 2672	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2376 wrote to memory of 2672	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2376 wrote to memory of 2672	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2376 wrote to memory of 3064	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2376 wrote to memory of 3064	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2376 wrote to memory of 3064	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2376 wrote to memory of 2928	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2376 wrote to memory of 2928	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2376 wrote to memory of 2928	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2376 wrote to memory of 2068	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2376 wrote to memory of 2068	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2376 wrote to memory of 2068	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2376 wrote to memory of 1056	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2376 wrote to memory of 1056	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2376 wrote to memory of 1056	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2376 wrote to memory of 1680	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2376 wrote to memory of 1680	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2376 wrote to memory of 1680	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2376 wrote to memory of 1416	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2376 wrote to memory of 1416	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2376 wrote to memory of 1416	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2376 wrote to memory of 1940	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2376 wrote to memory of 1940	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2376 wrote to memory of 1940	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2376 wrote to memory of 2252	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2376 wrote to memory of 2252	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2376 wrote to memory of 2252	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2376 wrote to memory of 2640	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2376 wrote to memory of 2640	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2376 wrote to memory of 2640	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2376 wrote to memory of 320	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2376 wrote to memory of 320	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2376 wrote to memory of 320	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2376 wrote to memory of 1044	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2376 wrote to memory of 1044	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2376 wrote to memory of 1044	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2376 wrote to memory of 3000	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2376 wrote to memory of 3000	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2376 wrote to memory of 3000	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2376 wrote to memory of 112	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2376 wrote to memory of 112	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2376 wrote to memory of 112	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2376 wrote to memory of 908	2376	2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-23_4d041626ec36c452e0ea7977b3dcd92c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Windows\System\gcyklXC.exe
  C:\Windows\System\gcyklXC.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\mUhnJBz.exe
  C:\Windows\System\mUhnJBz.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\hrpHivy.exe
  C:\Windows\System\hrpHivy.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\GrfqpjI.exe
  C:\Windows\System\GrfqpjI.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\HyXkzYv.exe
  C:\Windows\System\HyXkzYv.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\VfZmKdc.exe
  C:\Windows\System\VfZmKdc.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\HZyWqHl.exe
  C:\Windows\System\HZyWqHl.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\NcPjzvJ.exe
  C:\Windows\System\NcPjzvJ.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\ZzIZvyn.exe
  C:\Windows\System\ZzIZvyn.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\omWINAt.exe
  C:\Windows\System\omWINAt.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\GLeNsHj.exe
  C:\Windows\System\GLeNsHj.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\ZHrpBCo.exe
  C:\Windows\System\ZHrpBCo.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\tMzLaZD.exe
  C:\Windows\System\tMzLaZD.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\dAeuKzG.exe
  C:\Windows\System\dAeuKzG.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\pKyGkyG.exe
  C:\Windows\System\pKyGkyG.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\EijWYlu.exe
  C:\Windows\System\EijWYlu.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\xMdvFpZ.exe
  C:\Windows\System\xMdvFpZ.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\wtjxJFf.exe
  C:\Windows\System\wtjxJFf.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\ktLCUcT.exe
  C:\Windows\System\ktLCUcT.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\gWFCzXZ.exe
  C:\Windows\System\gWFCzXZ.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\AWYjJtt.exe
  C:\Windows\System\AWYjJtt.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\KkZfXrk.exe
  C:\Windows\System\KkZfXrk.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\IcjiAzi.exe
  C:\Windows\System\IcjiAzi.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\ugdydZP.exe
  C:\Windows\System\ugdydZP.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\RtvNyll.exe
  C:\Windows\System\RtvNyll.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\GvWjThD.exe
  C:\Windows\System\GvWjThD.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\HJRlaiP.exe
  C:\Windows\System\HJRlaiP.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\DchxtGm.exe
  C:\Windows\System\DchxtGm.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\NLJaNul.exe
  C:\Windows\System\NLJaNul.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\sJKByAy.exe
  C:\Windows\System\sJKByAy.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\wHjVAGG.exe
  C:\Windows\System\wHjVAGG.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\fOmvrFA.exe
  C:\Windows\System\fOmvrFA.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\XROIYcV.exe
  C:\Windows\System\XROIYcV.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\XCORqAX.exe
  C:\Windows\System\XCORqAX.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\qMKqlHf.exe
  C:\Windows\System\qMKqlHf.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\nLTKEvj.exe
  C:\Windows\System\nLTKEvj.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\wbDCGQD.exe
  C:\Windows\System\wbDCGQD.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\CabkGRF.exe
  C:\Windows\System\CabkGRF.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\TDmYumN.exe
  C:\Windows\System\TDmYumN.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\doSUyVb.exe
  C:\Windows\System\doSUyVb.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\ADPWjpD.exe
  C:\Windows\System\ADPWjpD.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\ClYCvJE.exe
  C:\Windows\System\ClYCvJE.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\noLelwE.exe
  C:\Windows\System\noLelwE.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\ZiWYREo.exe
  C:\Windows\System\ZiWYREo.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\FzXUKPa.exe
  C:\Windows\System\FzXUKPa.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\mHhzrab.exe
  C:\Windows\System\mHhzrab.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\zOivzVr.exe
  C:\Windows\System\zOivzVr.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\UIQOCNu.exe
  C:\Windows\System\UIQOCNu.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\mBuZDDM.exe
  C:\Windows\System\mBuZDDM.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\mSgrIkn.exe
  C:\Windows\System\mSgrIkn.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\WXtRFoo.exe
  C:\Windows\System\WXtRFoo.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\VqyFUdp.exe
  C:\Windows\System\VqyFUdp.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\tJMiZmU.exe
  C:\Windows\System\tJMiZmU.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\BzMWrjW.exe
  C:\Windows\System\BzMWrjW.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\vcJvExX.exe
  C:\Windows\System\vcJvExX.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\OHFPSjN.exe
  C:\Windows\System\OHFPSjN.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\lmYokIX.exe
  C:\Windows\System\lmYokIX.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\ParlgKt.exe
  C:\Windows\System\ParlgKt.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\mvRivfq.exe
  C:\Windows\System\mvRivfq.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\wbLqzIA.exe
  C:\Windows\System\wbLqzIA.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\AexmOoD.exe
  C:\Windows\System\AexmOoD.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\kbDWrun.exe
  C:\Windows\System\kbDWrun.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\VqgXTxI.exe
  C:\Windows\System\VqgXTxI.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\CJTIqXW.exe
  C:\Windows\System\CJTIqXW.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\oTtIbfK.exe
  C:\Windows\System\oTtIbfK.exe
  2⤵
  PID:772
- C:\Windows\System\twZwwIX.exe
  C:\Windows\System\twZwwIX.exe
  2⤵
  PID:2944
- C:\Windows\System\YJcpHnH.exe
  C:\Windows\System\YJcpHnH.exe
  2⤵
  PID:3004
- C:\Windows\System\akifFFT.exe
  C:\Windows\System\akifFFT.exe
  2⤵
  PID:2172
- C:\Windows\System\mckMQce.exe
  C:\Windows\System\mckMQce.exe
  2⤵
  PID:2152
- C:\Windows\System\FJTaEOc.exe
  C:\Windows\System\FJTaEOc.exe
  2⤵
  PID:2184
- C:\Windows\System\RIUAySt.exe
  C:\Windows\System\RIUAySt.exe
  2⤵
  PID:1960
- C:\Windows\System\viibCzT.exe
  C:\Windows\System\viibCzT.exe
  2⤵
  PID:2192
- C:\Windows\System\eCMDACR.exe
  C:\Windows\System\eCMDACR.exe
  2⤵
  PID:580
- C:\Windows\System\ChrZRwJ.exe
  C:\Windows\System\ChrZRwJ.exe
  2⤵
  PID:1580
- C:\Windows\System\zONfsJQ.exe
  C:\Windows\System\zONfsJQ.exe
  2⤵
  PID:848
- C:\Windows\System\HkXbsRv.exe
  C:\Windows\System\HkXbsRv.exe
  2⤵
  PID:2180
- C:\Windows\System\FTHVtWd.exe
  C:\Windows\System\FTHVtWd.exe
  2⤵
  PID:1500
- C:\Windows\System\VcolGjK.exe
  C:\Windows\System\VcolGjK.exe
  2⤵
  PID:2240
- C:\Windows\System\zzHJZSl.exe
  C:\Windows\System\zzHJZSl.exe
  2⤵
  PID:284
- C:\Windows\System\CcsLNMG.exe
  C:\Windows\System\CcsLNMG.exe
  2⤵
  PID:2328
- C:\Windows\System\YxLEZvz.exe
  C:\Windows\System\YxLEZvz.exe
  2⤵
  PID:1280
- C:\Windows\System\mSVmBLo.exe
  C:\Windows\System\mSVmBLo.exe
  2⤵
  PID:1432
- C:\Windows\System\TLKPfAP.exe
  C:\Windows\System\TLKPfAP.exe
  2⤵
  PID:2472
- C:\Windows\System\GRRWXJM.exe
  C:\Windows\System\GRRWXJM.exe
  2⤵
  PID:2816
- C:\Windows\System\QFGTVyU.exe
  C:\Windows\System\QFGTVyU.exe
  2⤵
  PID:1952
- C:\Windows\System\BcHEGuX.exe
  C:\Windows\System\BcHEGuX.exe
  2⤵
  PID:1924
- C:\Windows\System\mSixDYC.exe
  C:\Windows\System\mSixDYC.exe
  2⤵
  PID:1516
- C:\Windows\System\fEeIdrC.exe
  C:\Windows\System\fEeIdrC.exe
  2⤵
  PID:2552
- C:\Windows\System\fWIuiYB.exe
  C:\Windows\System\fWIuiYB.exe
  2⤵
  PID:2744
- C:\Windows\System\TtHSAsJ.exe
  C:\Windows\System\TtHSAsJ.exe
  2⤵
  PID:2852
- C:\Windows\System\HjjdAKZ.exe
  C:\Windows\System\HjjdAKZ.exe
  2⤵
  PID:1896
- C:\Windows\System\ZLZgykN.exe
  C:\Windows\System\ZLZgykN.exe
  2⤵
  PID:1140
- C:\Windows\System\OnEJNdA.exe
  C:\Windows\System\OnEJNdA.exe
  2⤵
  PID:1920
- C:\Windows\System\hgWWwDZ.exe
  C:\Windows\System\hgWWwDZ.exe
  2⤵
  PID:2196
- C:\Windows\System\dZMozIT.exe
  C:\Windows\System\dZMozIT.exe
  2⤵
  PID:1780
- C:\Windows\System\CBRoEpn.exe
  C:\Windows\System\CBRoEpn.exe
  2⤵
  PID:856
- C:\Windows\System\EdOvcCI.exe
  C:\Windows\System\EdOvcCI.exe
  2⤵
  PID:3092
- C:\Windows\System\UPtuJiP.exe
  C:\Windows\System\UPtuJiP.exe
  2⤵
  PID:3120
- C:\Windows\System\bPLhVND.exe
  C:\Windows\System\bPLhVND.exe
  2⤵
  PID:3140
- C:\Windows\System\QgAzarI.exe
  C:\Windows\System\QgAzarI.exe
  2⤵
  PID:3168
- C:\Windows\System\vZtAUBU.exe
  C:\Windows\System\vZtAUBU.exe
  2⤵
  PID:3188
- C:\Windows\System\fEmsSQs.exe
  C:\Windows\System\fEmsSQs.exe
  2⤵
  PID:3208
- C:\Windows\System\wNwLexi.exe
  C:\Windows\System\wNwLexi.exe
  2⤵
  PID:3224
- C:\Windows\System\pkkIcbY.exe
  C:\Windows\System\pkkIcbY.exe
  2⤵
  PID:3248
- C:\Windows\System\cdmSstF.exe
  C:\Windows\System\cdmSstF.exe
  2⤵
  PID:3264
- C:\Windows\System\ksqavlT.exe
  C:\Windows\System\ksqavlT.exe
  2⤵
  PID:3288
- C:\Windows\System\grrqKea.exe
  C:\Windows\System\grrqKea.exe
  2⤵
  PID:3308
- C:\Windows\System\Seawjmn.exe
  C:\Windows\System\Seawjmn.exe
  2⤵
  PID:3328
- C:\Windows\System\nMBuIHY.exe
  C:\Windows\System\nMBuIHY.exe
  2⤵
  PID:3348
- C:\Windows\System\JPTsaGH.exe
  C:\Windows\System\JPTsaGH.exe
  2⤵
  PID:3368
- C:\Windows\System\GUtFGDF.exe
  C:\Windows\System\GUtFGDF.exe
  2⤵
  PID:3388
- C:\Windows\System\zOftgJL.exe
  C:\Windows\System\zOftgJL.exe
  2⤵
  PID:3408
- C:\Windows\System\nvRwNSV.exe
  C:\Windows\System\nvRwNSV.exe
  2⤵
  PID:3424
- C:\Windows\System\tlKUTRj.exe
  C:\Windows\System\tlKUTRj.exe
  2⤵
  PID:3444
- C:\Windows\System\vXijfAD.exe
  C:\Windows\System\vXijfAD.exe
  2⤵
  PID:3460
- C:\Windows\System\UnhYCEC.exe
  C:\Windows\System\UnhYCEC.exe
  2⤵
  PID:3484
- C:\Windows\System\lYqRGFZ.exe
  C:\Windows\System\lYqRGFZ.exe
  2⤵
  PID:3500
- C:\Windows\System\iXvXZAj.exe
  C:\Windows\System\iXvXZAj.exe
  2⤵
  PID:3528
- C:\Windows\System\JpzgLer.exe
  C:\Windows\System\JpzgLer.exe
  2⤵
  PID:3544
- C:\Windows\System\YGNcZcf.exe
  C:\Windows\System\YGNcZcf.exe
  2⤵
  PID:3564
- C:\Windows\System\GWNekHM.exe
  C:\Windows\System\GWNekHM.exe
  2⤵
  PID:3580
- C:\Windows\System\AMcXWOF.exe
  C:\Windows\System\AMcXWOF.exe
  2⤵
  PID:3596
- C:\Windows\System\GpQUaIV.exe
  C:\Windows\System\GpQUaIV.exe
  2⤵
  PID:3628
- C:\Windows\System\NNXTYGH.exe
  C:\Windows\System\NNXTYGH.exe
  2⤵
  PID:3652
- C:\Windows\System\AwGdxqq.exe
  C:\Windows\System\AwGdxqq.exe
  2⤵
  PID:3668
- C:\Windows\System\AtCkWYv.exe
  C:\Windows\System\AtCkWYv.exe
  2⤵
  PID:3692
- C:\Windows\System\ABDdsdc.exe
  C:\Windows\System\ABDdsdc.exe
  2⤵
  PID:3708
- C:\Windows\System\eoznkIT.exe
  C:\Windows\System\eoznkIT.exe
  2⤵
  PID:3728
- C:\Windows\System\asWKyeM.exe
  C:\Windows\System\asWKyeM.exe
  2⤵
  PID:3744
- C:\Windows\System\QrDUtGC.exe
  C:\Windows\System\QrDUtGC.exe
  2⤵
  PID:3764
- C:\Windows\System\XLvZeRn.exe
  C:\Windows\System\XLvZeRn.exe
  2⤵
  PID:3780
- C:\Windows\System\lSAzVqz.exe
  C:\Windows\System\lSAzVqz.exe
  2⤵
  PID:3804
- C:\Windows\System\keSoKSN.exe
  C:\Windows\System\keSoKSN.exe
  2⤵
  PID:3824
- C:\Windows\System\jsolhSl.exe
  C:\Windows\System\jsolhSl.exe
  2⤵
  PID:3852
- C:\Windows\System\ZKtIqQj.exe
  C:\Windows\System\ZKtIqQj.exe
  2⤵
  PID:3876
- C:\Windows\System\mVWQcgz.exe
  C:\Windows\System\mVWQcgz.exe
  2⤵
  PID:3896
- C:\Windows\System\FuAwBJr.exe
  C:\Windows\System\FuAwBJr.exe
  2⤵
  PID:3912
- C:\Windows\System\csqPqtd.exe
  C:\Windows\System\csqPqtd.exe
  2⤵
  PID:3932
- C:\Windows\System\IsJtzwn.exe
  C:\Windows\System\IsJtzwn.exe
  2⤵
  PID:3948
- C:\Windows\System\ejSvWoE.exe
  C:\Windows\System\ejSvWoE.exe
  2⤵
  PID:3968
- C:\Windows\System\BRlbuNn.exe
  C:\Windows\System\BRlbuNn.exe
  2⤵
  PID:3984
- C:\Windows\System\cytzVDr.exe
  C:\Windows\System\cytzVDr.exe
  2⤵
  PID:4004
- C:\Windows\System\DCUCyel.exe
  C:\Windows\System\DCUCyel.exe
  2⤵
  PID:4020
- C:\Windows\System\Rublocs.exe
  C:\Windows\System\Rublocs.exe
  2⤵
  PID:4040
- C:\Windows\System\KzkmhZb.exe
  C:\Windows\System\KzkmhZb.exe
  2⤵
  PID:4064
- C:\Windows\System\bMxAbPc.exe
  C:\Windows\System\bMxAbPc.exe
  2⤵
  PID:4084
- C:\Windows\System\OZOSJGN.exe
  C:\Windows\System\OZOSJGN.exe
  2⤵
  PID:324
- C:\Windows\System\mGtQDCk.exe
  C:\Windows\System\mGtQDCk.exe
  2⤵
  PID:2308
- C:\Windows\System\AZhwLqm.exe
  C:\Windows\System\AZhwLqm.exe
  2⤵
  PID:288
- C:\Windows\System\ntnsqci.exe
  C:\Windows\System\ntnsqci.exe
  2⤵
  PID:2216
- C:\Windows\System\XifrumS.exe
  C:\Windows\System\XifrumS.exe
  2⤵
  PID:1244
- C:\Windows\System\rpptPCk.exe
  C:\Windows\System\rpptPCk.exe
  2⤵
  PID:2000
- C:\Windows\System\bhvouqD.exe
  C:\Windows\System\bhvouqD.exe
  2⤵
  PID:1612
- C:\Windows\System\YzlmrZH.exe
  C:\Windows\System\YzlmrZH.exe
  2⤵
  PID:1572
- C:\Windows\System\Donpkle.exe
  C:\Windows\System\Donpkle.exe
  2⤵
  PID:2452
- C:\Windows\System\dZZWIpc.exe
  C:\Windows\System\dZZWIpc.exe
  2⤵
  PID:2448
- C:\Windows\System\BAMQrKG.exe
  C:\Windows\System\BAMQrKG.exe
  2⤵
  PID:2840
- C:\Windows\System\UhkhfuF.exe
  C:\Windows\System\UhkhfuF.exe
  2⤵
  PID:2692
- C:\Windows\System\pmBOWWG.exe
  C:\Windows\System\pmBOWWG.exe
  2⤵
  PID:3100
- C:\Windows\System\urduXnp.exe
  C:\Windows\System\urduXnp.exe
  2⤵
  PID:484
- C:\Windows\System\THpEQjc.exe
  C:\Windows\System\THpEQjc.exe
  2⤵
  PID:1436
- C:\Windows\System\iABXhqy.exe
  C:\Windows\System\iABXhqy.exe
  2⤵
  PID:3160
- C:\Windows\System\czBEbyb.exe
  C:\Windows\System\czBEbyb.exe
  2⤵
  PID:3084
- C:\Windows\System\EfvaJWL.exe
  C:\Windows\System\EfvaJWL.exe
  2⤵
  PID:3232
- C:\Windows\System\ajzjkoA.exe
  C:\Windows\System\ajzjkoA.exe
  2⤵
  PID:3080
- C:\Windows\System\Wpwrayg.exe
  C:\Windows\System\Wpwrayg.exe
  2⤵
  PID:3216
- C:\Windows\System\YBIYGbg.exe
  C:\Windows\System\YBIYGbg.exe
  2⤵
  PID:3220
- C:\Windows\System\Gkzplfx.exe
  C:\Windows\System\Gkzplfx.exe
  2⤵
  PID:3316
- C:\Windows\System\KkNYtIc.exe
  C:\Windows\System\KkNYtIc.exe
  2⤵
  PID:3360
- C:\Windows\System\arJqesI.exe
  C:\Windows\System\arJqesI.exe
  2⤵
  PID:3440
- C:\Windows\System\tqMaOyz.exe
  C:\Windows\System\tqMaOyz.exe
  2⤵
  PID:3336
- C:\Windows\System\EIMFxBE.exe
  C:\Windows\System\EIMFxBE.exe
  2⤵
  PID:3384
- C:\Windows\System\dYJJIgJ.exe
  C:\Windows\System\dYJJIgJ.exe
  2⤵
  PID:3472
- C:\Windows\System\rcQWudN.exe
  C:\Windows\System\rcQWudN.exe
  2⤵
  PID:3416
- C:\Windows\System\zXzRpVQ.exe
  C:\Windows\System\zXzRpVQ.exe
  2⤵
  PID:3512
- C:\Windows\System\NgStkSX.exe
  C:\Windows\System\NgStkSX.exe
  2⤵
  PID:3588
- C:\Windows\System\hykWsGE.exe
  C:\Windows\System\hykWsGE.exe
  2⤵
  PID:3540
- C:\Windows\System\AlkKAcD.exe
  C:\Windows\System\AlkKAcD.exe
  2⤵
  PID:3676
- C:\Windows\System\EmZGEol.exe
  C:\Windows\System\EmZGEol.exe
  2⤵
  PID:3688
- C:\Windows\System\RdaGkjZ.exe
  C:\Windows\System\RdaGkjZ.exe
  2⤵
  PID:3704
- C:\Windows\System\VzGwZNN.exe
  C:\Windows\System\VzGwZNN.exe
  2⤵
  PID:3788
- C:\Windows\System\YlRqaAN.exe
  C:\Windows\System\YlRqaAN.exe
  2⤵
  PID:3740
- C:\Windows\System\lgAzqjA.exe
  C:\Windows\System\lgAzqjA.exe
  2⤵
  PID:3776
- C:\Windows\System\jsSjqGw.exe
  C:\Windows\System\jsSjqGw.exe
  2⤵
  PID:3848
- C:\Windows\System\FnMWIlG.exe
  C:\Windows\System\FnMWIlG.exe
  2⤵
  PID:3892
- C:\Windows\System\tqWJeUs.exe
  C:\Windows\System\tqWJeUs.exe
  2⤵
  PID:3872
- C:\Windows\System\myUrrYM.exe
  C:\Windows\System\myUrrYM.exe
  2⤵
  PID:4032
- C:\Windows\System\spbaSXX.exe
  C:\Windows\System\spbaSXX.exe
  2⤵
  PID:4080
- C:\Windows\System\kucxCuf.exe
  C:\Windows\System\kucxCuf.exe
  2⤵
  PID:4052
- C:\Windows\System\agnEUvI.exe
  C:\Windows\System\agnEUvI.exe
  2⤵
  PID:4012
- C:\Windows\System\wylfpth.exe
  C:\Windows\System\wylfpth.exe
  2⤵
  PID:2964
- C:\Windows\System\yWXHIib.exe
  C:\Windows\System\yWXHIib.exe
  2⤵
  PID:1472
- C:\Windows\System\eLjWQOK.exe
  C:\Windows\System\eLjWQOK.exe
  2⤵
  PID:2288
- C:\Windows\System\kOVuJxx.exe
  C:\Windows\System\kOVuJxx.exe
  2⤵
  PID:1828
- C:\Windows\System\CEYcvIq.exe
  C:\Windows\System\CEYcvIq.exe
  2⤵
  PID:2956
- C:\Windows\System\NthlRzY.exe
  C:\Windows\System\NthlRzY.exe
  2⤵
  PID:1968
- C:\Windows\System\DAplbmH.exe
  C:\Windows\System\DAplbmH.exe
  2⤵
  PID:2120
- C:\Windows\System\vOMXXfM.exe
  C:\Windows\System\vOMXXfM.exe
  2⤵
  PID:3148
- C:\Windows\System\IstffyZ.exe
  C:\Windows\System\IstffyZ.exe
  2⤵
  PID:3200
- C:\Windows\System\krLpzOX.exe
  C:\Windows\System\krLpzOX.exe
  2⤵
  PID:1496
- C:\Windows\System\foCcaof.exe
  C:\Windows\System\foCcaof.exe
  2⤵
  PID:564
- C:\Windows\System\aDeqywI.exe
  C:\Windows\System\aDeqywI.exe
  2⤵
  PID:1688
- C:\Windows\System\ynSbbgy.exe
  C:\Windows\System\ynSbbgy.exe
  2⤵
  PID:3260
- C:\Windows\System\UAEmByZ.exe
  C:\Windows\System\UAEmByZ.exe
  2⤵
  PID:3404
- C:\Windows\System\JbvGGpn.exe
  C:\Windows\System\JbvGGpn.exe
  2⤵
  PID:3380
- C:\Windows\System\NGmvkeh.exe
  C:\Windows\System\NGmvkeh.exe
  2⤵
  PID:3556
- C:\Windows\System\RGTWPWX.exe
  C:\Windows\System\RGTWPWX.exe
  2⤵
  PID:3476
- C:\Windows\System\krPPVmu.exe
  C:\Windows\System\krPPVmu.exe
  2⤵
  PID:3616
- C:\Windows\System\JzBstGE.exe
  C:\Windows\System\JzBstGE.exe
  2⤵
  PID:3624
- C:\Windows\System\tkuLPsg.exe
  C:\Windows\System\tkuLPsg.exe
  2⤵
  PID:3796
- C:\Windows\System\BqvldKv.exe
  C:\Windows\System\BqvldKv.exe
  2⤵
  PID:3356
- C:\Windows\System\ktYVETV.exe
  C:\Windows\System\ktYVETV.exe
  2⤵
  PID:3844
- C:\Windows\System\YLJtobY.exe
  C:\Windows\System\YLJtobY.exe
  2⤵
  PID:3904
- C:\Windows\System\ebHeWnX.exe
  C:\Windows\System\ebHeWnX.exe
  2⤵
  PID:4048
- C:\Windows\System\ejcwlfw.exe
  C:\Windows\System\ejcwlfw.exe
  2⤵
  PID:3020
- C:\Windows\System\wcZgAHI.exe
  C:\Windows\System\wcZgAHI.exe
  2⤵
  PID:2636
- C:\Windows\System\ZZKWXou.exe
  C:\Windows\System\ZZKWXou.exe
  2⤵
  PID:4120
- C:\Windows\System\SBcrsrn.exe
  C:\Windows\System\SBcrsrn.exe
  2⤵
  PID:4136
- C:\Windows\System\XqPyyJD.exe
  C:\Windows\System\XqPyyJD.exe
  2⤵
  PID:4152
- C:\Windows\System\zAcPBCF.exe
  C:\Windows\System\zAcPBCF.exe
  2⤵
  PID:4168
- C:\Windows\System\HEYsLxv.exe
  C:\Windows\System\HEYsLxv.exe
  2⤵
  PID:4188
- C:\Windows\System\hnVqVQL.exe
  C:\Windows\System\hnVqVQL.exe
  2⤵
  PID:4212
- C:\Windows\System\ijonlkG.exe
  C:\Windows\System\ijonlkG.exe
  2⤵
  PID:4228
- C:\Windows\System\FNyonqv.exe
  C:\Windows\System\FNyonqv.exe
  2⤵
  PID:4244
- C:\Windows\System\YPPkNxt.exe
  C:\Windows\System\YPPkNxt.exe
  2⤵
  PID:4260
- C:\Windows\System\vxzAkEI.exe
  C:\Windows\System\vxzAkEI.exe
  2⤵
  PID:4280
- C:\Windows\System\VChJHQh.exe
  C:\Windows\System\VChJHQh.exe
  2⤵
  PID:4296
- C:\Windows\System\WPeYrxm.exe
  C:\Windows\System\WPeYrxm.exe
  2⤵
  PID:4316
- C:\Windows\System\FxXLeMc.exe
  C:\Windows\System\FxXLeMc.exe
  2⤵
  PID:4400
- C:\Windows\System\fPCAFEZ.exe
  C:\Windows\System\fPCAFEZ.exe
  2⤵
  PID:4428
- C:\Windows\System\GDvYXhP.exe
  C:\Windows\System\GDvYXhP.exe
  2⤵
  PID:4444
- C:\Windows\System\CQnvYIo.exe
  C:\Windows\System\CQnvYIo.exe
  2⤵
  PID:4464
- C:\Windows\System\rZPBivQ.exe
  C:\Windows\System\rZPBivQ.exe
  2⤵
  PID:4480
- C:\Windows\System\YdZzCLM.exe
  C:\Windows\System\YdZzCLM.exe
  2⤵
  PID:4500
- C:\Windows\System\yYdLPnD.exe
  C:\Windows\System\yYdLPnD.exe
  2⤵
  PID:4520
- C:\Windows\System\tvCqweK.exe
  C:\Windows\System\tvCqweK.exe
  2⤵
  PID:4548
- C:\Windows\System\ncqgbjx.exe
  C:\Windows\System\ncqgbjx.exe
  2⤵
  PID:4564
- C:\Windows\System\uSQcFEc.exe
  C:\Windows\System\uSQcFEc.exe
  2⤵
  PID:4584
- C:\Windows\System\WAEYouw.exe
  C:\Windows\System\WAEYouw.exe
  2⤵
  PID:4608
- C:\Windows\System\ElGujJm.exe
  C:\Windows\System\ElGujJm.exe
  2⤵
  PID:4628
- C:\Windows\System\urCHytT.exe
  C:\Windows\System\urCHytT.exe
  2⤵
  PID:4644
- C:\Windows\System\wbUlzwO.exe
  C:\Windows\System\wbUlzwO.exe
  2⤵
  PID:4664
- C:\Windows\System\xxUlPrn.exe
  C:\Windows\System\xxUlPrn.exe
  2⤵
  PID:4680
- C:\Windows\System\cAqOSOB.exe
  C:\Windows\System\cAqOSOB.exe
  2⤵
  PID:4700
- C:\Windows\System\NpDfPTo.exe
  C:\Windows\System\NpDfPTo.exe
  2⤵
  PID:4720
- C:\Windows\System\NcSkgQs.exe
  C:\Windows\System\NcSkgQs.exe
  2⤵
  PID:4736
- C:\Windows\System\HcUJqIT.exe
  C:\Windows\System\HcUJqIT.exe
  2⤵
  PID:4756
- C:\Windows\System\JCUZZyE.exe
  C:\Windows\System\JCUZZyE.exe
  2⤵
  PID:4788
- C:\Windows\System\iTzxVPp.exe
  C:\Windows\System\iTzxVPp.exe
  2⤵
  PID:4804
- C:\Windows\System\ODWkQru.exe
  C:\Windows\System\ODWkQru.exe
  2⤵
  PID:4820
- C:\Windows\System\XXJuSxy.exe
  C:\Windows\System\XXJuSxy.exe
  2⤵
  PID:4840
- C:\Windows\System\lPRsfQR.exe
  C:\Windows\System\lPRsfQR.exe
  2⤵
  PID:4868
- C:\Windows\System\owQilTg.exe
  C:\Windows\System\owQilTg.exe
  2⤵
  PID:4888
- C:\Windows\System\CJgPToy.exe
  C:\Windows\System\CJgPToy.exe
  2⤵
  PID:4908
- C:\Windows\System\bVWGaoc.exe
  C:\Windows\System\bVWGaoc.exe
  2⤵
  PID:4924
- C:\Windows\System\FwhQJiC.exe
  C:\Windows\System\FwhQJiC.exe
  2⤵
  PID:4948
- C:\Windows\System\sLyiSkW.exe
  C:\Windows\System\sLyiSkW.exe
  2⤵
  PID:4968
- C:\Windows\System\gxNMWpj.exe
  C:\Windows\System\gxNMWpj.exe
  2⤵
  PID:4988
- C:\Windows\System\ZBiBbdU.exe
  C:\Windows\System\ZBiBbdU.exe
  2⤵
  PID:5004
- C:\Windows\System\wGNeGXu.exe
  C:\Windows\System\wGNeGXu.exe
  2⤵
  PID:5028
- C:\Windows\System\eKRPaTb.exe
  C:\Windows\System\eKRPaTb.exe
  2⤵
  PID:5048
- C:\Windows\System\WADUhPP.exe
  C:\Windows\System\WADUhPP.exe
  2⤵
  PID:5068
- C:\Windows\System\pdconLV.exe
  C:\Windows\System\pdconLV.exe
  2⤵
  PID:5084
- C:\Windows\System\vpyPRWv.exe
  C:\Windows\System\vpyPRWv.exe
  2⤵
  PID:5104
- C:\Windows\System\aIjHvfX.exe
  C:\Windows\System\aIjHvfX.exe
  2⤵
  PID:1020
- C:\Windows\System\FlGxjNZ.exe
  C:\Windows\System\FlGxjNZ.exe
  2⤵
  PID:3184
- C:\Windows\System\zNFKGOn.exe
  C:\Windows\System\zNFKGOn.exe
  2⤵
  PID:3524
- C:\Windows\System\QiKcXHk.exe
  C:\Windows\System\QiKcXHk.exe
  2⤵
  PID:3508
- C:\Windows\System\yFTOfab.exe
  C:\Windows\System\yFTOfab.exe
  2⤵
  PID:3840
- C:\Windows\System\rzRhkkx.exe
  C:\Windows\System\rzRhkkx.exe
  2⤵
  PID:3724
- C:\Windows\System\hAyQUJZ.exe
  C:\Windows\System\hAyQUJZ.exe
  2⤵
  PID:3756
- C:\Windows\System\jYsmBSX.exe
  C:\Windows\System\jYsmBSX.exe
  2⤵
  PID:3924
- C:\Windows\System\PNcQary.exe
  C:\Windows\System\PNcQary.exe
  2⤵
  PID:1412
- C:\Windows\System\CpUidTe.exe
  C:\Windows\System\CpUidTe.exe
  2⤵
  PID:4196
- C:\Windows\System\krRIifg.exe
  C:\Windows\System\krRIifg.exe
  2⤵
  PID:688
- C:\Windows\System\tCudgbY.exe
  C:\Windows\System\tCudgbY.exe
  2⤵
  PID:1212
- C:\Windows\System\wqzjndB.exe
  C:\Windows\System\wqzjndB.exe
  2⤵
  PID:4240
- C:\Windows\System\IEaoWVR.exe
  C:\Windows\System\IEaoWVR.exe
  2⤵
  PID:4308
- C:\Windows\System\kqILQLL.exe
  C:\Windows\System\kqILQLL.exe
  2⤵
  PID:3304
- C:\Windows\System\UcRnmKI.exe
  C:\Windows\System\UcRnmKI.exe
  2⤵
  PID:4176
- C:\Windows\System\RblmzxW.exe
  C:\Windows\System\RblmzxW.exe
  2⤵
  PID:4224
- C:\Windows\System\TqEJbTf.exe
  C:\Windows\System\TqEJbTf.exe
  2⤵
  PID:4408
- C:\Windows\System\oHhfiDm.exe
  C:\Windows\System\oHhfiDm.exe
  2⤵
  PID:4144
- C:\Windows\System\vkCirPD.exe
  C:\Windows\System\vkCirPD.exe
  2⤵
  PID:3908
- C:\Windows\System\xPGNhxz.exe
  C:\Windows\System\xPGNhxz.exe
  2⤵
  PID:3644
- C:\Windows\System\ISFbkdi.exe
  C:\Windows\System\ISFbkdi.exe
  2⤵
  PID:3340
- C:\Windows\System\CTWWEJX.exe
  C:\Windows\System\CTWWEJX.exe
  2⤵
  PID:2488
- C:\Windows\System\JPsvKPX.exe
  C:\Windows\System\JPsvKPX.exe
  2⤵
  PID:1888
- C:\Windows\System\nIlvlZE.exe
  C:\Windows\System\nIlvlZE.exe
  2⤵
  PID:4336
- C:\Windows\System\JGpXFIF.exe
  C:\Windows\System\JGpXFIF.exe
  2⤵
  PID:4356
- C:\Windows\System\WAdxpjT.exe
  C:\Windows\System\WAdxpjT.exe
  2⤵
  PID:4372
- C:\Windows\System\JlfsZbT.exe
  C:\Windows\System\JlfsZbT.exe
  2⤵
  PID:4388
- C:\Windows\System\EuQzGmi.exe
  C:\Windows\System\EuQzGmi.exe
  2⤵
  PID:4456
- C:\Windows\System\qGOkliT.exe
  C:\Windows\System\qGOkliT.exe
  2⤵
  PID:4496
- C:\Windows\System\FSyvbyH.exe
  C:\Windows\System\FSyvbyH.exe
  2⤵
  PID:4436
- C:\Windows\System\HMoZwvP.exe
  C:\Windows\System\HMoZwvP.exe
  2⤵
  PID:4476
- C:\Windows\System\hIrVLVZ.exe
  C:\Windows\System\hIrVLVZ.exe
  2⤵
  PID:4624
- C:\Windows\System\PLetxJo.exe
  C:\Windows\System\PLetxJo.exe
  2⤵
  PID:4600
- C:\Windows\System\sScJHGS.exe
  C:\Windows\System\sScJHGS.exe
  2⤵
  PID:4688
- C:\Windows\System\wgfkGkV.exe
  C:\Windows\System\wgfkGkV.exe
  2⤵
  PID:4764
- C:\Windows\System\lPxsczQ.exe
  C:\Windows\System\lPxsczQ.exe
  2⤵
  PID:4784
- C:\Windows\System\QObUtLU.exe
  C:\Windows\System\QObUtLU.exe
  2⤵
  PID:4812
- C:\Windows\System\IDEOfPd.exe
  C:\Windows\System\IDEOfPd.exe
  2⤵
  PID:4816
- C:\Windows\System\XlEHLRk.exe
  C:\Windows\System\XlEHLRk.exe
  2⤵
  PID:4860
- C:\Windows\System\sBbClDQ.exe
  C:\Windows\System\sBbClDQ.exe
  2⤵
  PID:4936
- C:\Windows\System\AxAxlZg.exe
  C:\Windows\System\AxAxlZg.exe
  2⤵
  PID:4836
- C:\Windows\System\azldPDj.exe
  C:\Windows\System\azldPDj.exe
  2⤵
  PID:4984
- C:\Windows\System\WWetRIC.exe
  C:\Windows\System\WWetRIC.exe
  2⤵
  PID:5020
- C:\Windows\System\VgBYbKC.exe
  C:\Windows\System\VgBYbKC.exe
  2⤵
  PID:5056
- C:\Windows\System\gNOJuAs.exe
  C:\Windows\System\gNOJuAs.exe
  2⤵
  PID:2268
- C:\Windows\System\vZQVhwe.exe
  C:\Windows\System\vZQVhwe.exe
  2⤵
  PID:3496
- C:\Windows\System\cHQdKnw.exe
  C:\Windows\System\cHQdKnw.exe
  2⤵
  PID:3884
- C:\Windows\System\FTQuZgW.exe
  C:\Windows\System\FTQuZgW.exe
  2⤵
  PID:4960
- C:\Windows\System\okygRsT.exe
  C:\Windows\System\okygRsT.exe
  2⤵
  PID:4956
- C:\Windows\System\jsjdzTD.exe
  C:\Windows\System\jsjdzTD.exe
  2⤵
  PID:4276
- C:\Windows\System\pmzZJcH.exe
  C:\Windows\System\pmzZJcH.exe
  2⤵
  PID:5116
- C:\Windows\System\NZcTOyM.exe
  C:\Windows\System\NZcTOyM.exe
  2⤵
  PID:4116
- C:\Windows\System\QDQFJeN.exe
  C:\Windows\System\QDQFJeN.exe
  2⤵
  PID:2940
- C:\Windows\System\QpidrDf.exe
  C:\Windows\System\QpidrDf.exe
  2⤵
  PID:3976
- C:\Windows\System\FKYhZoI.exe
  C:\Windows\System\FKYhZoI.exe
  2⤵
  PID:3376
- C:\Windows\System\wJJkFTj.exe
  C:\Windows\System\wJJkFTj.exe
  2⤵
  PID:3760
- C:\Windows\System\XrGOmvA.exe
  C:\Windows\System\XrGOmvA.exe
  2⤵
  PID:1656
- C:\Windows\System\slFyoXd.exe
  C:\Windows\System\slFyoXd.exe
  2⤵
  PID:4208
- C:\Windows\System\VhMqCXl.exe
  C:\Windows\System\VhMqCXl.exe
  2⤵
  PID:1956
- C:\Windows\System\xTSaMeT.exe
  C:\Windows\System\xTSaMeT.exe
  2⤵
  PID:4488
- C:\Windows\System\KlVPTeI.exe
  C:\Windows\System\KlVPTeI.exe
  2⤵
  PID:2780
- C:\Windows\System\jXqMrlO.exe
  C:\Windows\System\jXqMrlO.exe
  2⤵
  PID:3276
- C:\Windows\System\uyqZhIV.exe
  C:\Windows\System\uyqZhIV.exe
  2⤵
  PID:4396
- C:\Windows\System\MtwcZZN.exe
  C:\Windows\System\MtwcZZN.exe
  2⤵
  PID:4452
- C:\Windows\System\HLgRzDi.exe
  C:\Windows\System\HLgRzDi.exe
  2⤵
  PID:2796
- C:\Windows\System\RHQKzas.exe
  C:\Windows\System\RHQKzas.exe
  2⤵
  PID:4580
- C:\Windows\System\eJKkGNn.exe
  C:\Windows\System\eJKkGNn.exe
  2⤵
  PID:4620
- C:\Windows\System\mCAGXCt.exe
  C:\Windows\System\mCAGXCt.exe
  2⤵
  PID:4728
- C:\Windows\System\Mmkygvp.exe
  C:\Windows\System\Mmkygvp.exe
  2⤵
  PID:4772
- C:\Windows\System\DQYFBQZ.exe
  C:\Windows\System\DQYFBQZ.exe
  2⤵
  PID:4856
- C:\Windows\System\CkyRaTj.exe
  C:\Windows\System\CkyRaTj.exe
  2⤵
  PID:4752
- C:\Windows\System\WIziLrt.exe
  C:\Windows\System\WIziLrt.exe
  2⤵
  PID:4932
- C:\Windows\System\EdUSCwE.exe
  C:\Windows\System\EdUSCwE.exe
  2⤵
  PID:5016
- C:\Windows\System\kLFgeyg.exe
  C:\Windows\System\kLFgeyg.exe
  2⤵
  PID:5100
- C:\Windows\System\jQfDhnv.exe
  C:\Windows\System\jQfDhnv.exe
  2⤵
  PID:3820
- C:\Windows\System\gsCirto.exe
  C:\Windows\System\gsCirto.exe
  2⤵
  PID:3664
- C:\Windows\System\EKUviyQ.exe
  C:\Windows\System\EKUviyQ.exe
  2⤵
  PID:4132
- C:\Windows\System\jOLIkHH.exe
  C:\Windows\System\jOLIkHH.exe
  2⤵
  PID:5112
- C:\Windows\System\dTbbWGf.exe
  C:\Windows\System\dTbbWGf.exe
  2⤵
  PID:3396
- C:\Windows\System\XbyZzHP.exe
  C:\Windows\System\XbyZzHP.exe
  2⤵
  PID:4108
- C:\Windows\System\dzhnZNW.exe
  C:\Windows\System\dzhnZNW.exe
  2⤵
  PID:1916
- C:\Windows\System\hnIhpCR.exe
  C:\Windows\System\hnIhpCR.exe
  2⤵
  PID:4036
- C:\Windows\System\mKnElvm.exe
  C:\Windows\System\mKnElvm.exe
  2⤵
  PID:4352
- C:\Windows\System\smlCBOm.exe
  C:\Windows\System\smlCBOm.exe
  2⤵
  PID:4516
- C:\Windows\System\OAhdzKO.exe
  C:\Windows\System\OAhdzKO.exe
  2⤵
  PID:3204
- C:\Windows\System\YsUHrax.exe
  C:\Windows\System\YsUHrax.exe
  2⤵
  PID:4416
- C:\Windows\System\honWPRD.exe
  C:\Windows\System\honWPRD.exe
  2⤵
  PID:4572
- C:\Windows\System\MmRICeP.exe
  C:\Windows\System\MmRICeP.exe
  2⤵
  PID:4616
- C:\Windows\System\viRGDZe.exe
  C:\Windows\System\viRGDZe.exe
  2⤵
  PID:4744
- C:\Windows\System\EDfHCtH.exe
  C:\Windows\System\EDfHCtH.exe
  2⤵
  PID:4828
- C:\Windows\System\XxoHoRl.exe
  C:\Windows\System\XxoHoRl.exe
  2⤵
  PID:4672
- C:\Windows\System\THxMkeI.exe
  C:\Windows\System\THxMkeI.exe
  2⤵
  PID:4776
- C:\Windows\System\wASyhAi.exe
  C:\Windows\System\wASyhAi.exe
  2⤵
  PID:5132
- C:\Windows\System\TPMAgLV.exe
  C:\Windows\System\TPMAgLV.exe
  2⤵
  PID:5152
- C:\Windows\System\gfewHIR.exe
  C:\Windows\System\gfewHIR.exe
  2⤵
  PID:5168
- C:\Windows\System\KQEPJTj.exe
  C:\Windows\System\KQEPJTj.exe
  2⤵
  PID:5188
- C:\Windows\System\ddRHuUm.exe
  C:\Windows\System\ddRHuUm.exe
  2⤵
  PID:5204
- C:\Windows\System\mfxvFXR.exe
  C:\Windows\System\mfxvFXR.exe
  2⤵
  PID:5224
- C:\Windows\System\xePaBNC.exe
  C:\Windows\System\xePaBNC.exe
  2⤵
  PID:5240
- C:\Windows\System\kSAcKNe.exe
  C:\Windows\System\kSAcKNe.exe
  2⤵
  PID:5260
- C:\Windows\System\wQlexJN.exe
  C:\Windows\System\wQlexJN.exe
  2⤵
  PID:5276
- C:\Windows\System\frUOagg.exe
  C:\Windows\System\frUOagg.exe
  2⤵
  PID:5296
- C:\Windows\System\iqycWzS.exe
  C:\Windows\System\iqycWzS.exe
  2⤵
  PID:5340
- C:\Windows\System\tGwEMmu.exe
  C:\Windows\System\tGwEMmu.exe
  2⤵
  PID:5360
- C:\Windows\System\gDWBAtG.exe
  C:\Windows\System\gDWBAtG.exe
  2⤵
  PID:5376
- C:\Windows\System\kJzOSYH.exe
  C:\Windows\System\kJzOSYH.exe
  2⤵
  PID:5396
- C:\Windows\System\FJIPHtY.exe
  C:\Windows\System\FJIPHtY.exe
  2⤵
  PID:5416
- C:\Windows\System\BxYdlzj.exe
  C:\Windows\System\BxYdlzj.exe
  2⤵
  PID:5436
- C:\Windows\System\VQuEobW.exe
  C:\Windows\System\VQuEobW.exe
  2⤵
  PID:5452
- C:\Windows\System\WtSkQgj.exe
  C:\Windows\System\WtSkQgj.exe
  2⤵
  PID:5472
- C:\Windows\System\vEwZOyz.exe
  C:\Windows\System\vEwZOyz.exe
  2⤵
  PID:5488
- C:\Windows\System\GCpqWlj.exe
  C:\Windows\System\GCpqWlj.exe
  2⤵
  PID:5508
- C:\Windows\System\KdgAXms.exe
  C:\Windows\System\KdgAXms.exe
  2⤵
  PID:5532
- C:\Windows\System\ckyKHLb.exe
  C:\Windows\System\ckyKHLb.exe
  2⤵
  PID:5556
- C:\Windows\System\WvMofoz.exe
  C:\Windows\System\WvMofoz.exe
  2⤵
  PID:5580
- C:\Windows\System\hiuYmiP.exe
  C:\Windows\System\hiuYmiP.exe
  2⤵
  PID:5596
- C:\Windows\System\NTzBEXG.exe
  C:\Windows\System\NTzBEXG.exe
  2⤵
  PID:5612
- C:\Windows\System\qfdSkqc.exe
  C:\Windows\System\qfdSkqc.exe
  2⤵
  PID:5632
- C:\Windows\System\ufgvDXd.exe
  C:\Windows\System\ufgvDXd.exe
  2⤵
  PID:5652
- C:\Windows\System\KYjwINV.exe
  C:\Windows\System\KYjwINV.exe
  2⤵
  PID:5672
- C:\Windows\System\DtwVIzM.exe
  C:\Windows\System\DtwVIzM.exe
  2⤵
  PID:5688
- C:\Windows\System\INCwzrK.exe
  C:\Windows\System\INCwzrK.exe
  2⤵
  PID:5704
- C:\Windows\System\kRPETXV.exe
  C:\Windows\System\kRPETXV.exe
  2⤵
  PID:5720
- C:\Windows\System\ZrBBDyr.exe
  C:\Windows\System\ZrBBDyr.exe
  2⤵
  PID:5740
- C:\Windows\System\IjSlliS.exe
  C:\Windows\System\IjSlliS.exe
  2⤵
  PID:5760
- C:\Windows\System\EnDHwRU.exe
  C:\Windows\System\EnDHwRU.exe
  2⤵
  PID:5780
- C:\Windows\System\szygrji.exe
  C:\Windows\System\szygrji.exe
  2⤵
  PID:5800
- C:\Windows\System\EYvPazs.exe
  C:\Windows\System\EYvPazs.exe
  2⤵
  PID:5820
- C:\Windows\System\eBrmtDr.exe
  C:\Windows\System\eBrmtDr.exe
  2⤵
  PID:5844
- C:\Windows\System\TUpjaQI.exe
  C:\Windows\System\TUpjaQI.exe
  2⤵
  PID:5864
- C:\Windows\System\qjaTtlE.exe
  C:\Windows\System\qjaTtlE.exe
  2⤵
  PID:5880
- C:\Windows\System\PHFbleX.exe
  C:\Windows\System\PHFbleX.exe
  2⤵
  PID:5896
- C:\Windows\System\jvuCERf.exe
  C:\Windows\System\jvuCERf.exe
  2⤵
  PID:5912
- C:\Windows\System\ERZhuzG.exe
  C:\Windows\System\ERZhuzG.exe
  2⤵
  PID:5972
- C:\Windows\System\dFBZeyy.exe
  C:\Windows\System\dFBZeyy.exe
  2⤵
  PID:5992
- C:\Windows\System\QhlvXvp.exe
  C:\Windows\System\QhlvXvp.exe
  2⤵
  PID:6008
- C:\Windows\System\CdgeciR.exe
  C:\Windows\System\CdgeciR.exe
  2⤵
  PID:6032
- C:\Windows\System\zfBBASL.exe
  C:\Windows\System\zfBBASL.exe
  2⤵
  PID:6048
- C:\Windows\System\IEDsNDs.exe
  C:\Windows\System\IEDsNDs.exe
  2⤵
  PID:6064
- C:\Windows\System\QVxJejv.exe
  C:\Windows\System\QVxJejv.exe
  2⤵
  PID:6084
- C:\Windows\System\WFpCSTU.exe
  C:\Windows\System\WFpCSTU.exe
  2⤵
  PID:6108
- C:\Windows\System\sBRZbvp.exe
  C:\Windows\System\sBRZbvp.exe
  2⤵
  PID:6128
- C:\Windows\System\iqWTBYt.exe
  C:\Windows\System\iqWTBYt.exe
  2⤵
  PID:1464
- C:\Windows\System\jYaisrd.exe
  C:\Windows\System\jYaisrd.exe
  2⤵
  PID:4288
- C:\Windows\System\mDfFEoM.exe
  C:\Windows\System\mDfFEoM.exe
  2⤵
  PID:444
- C:\Windows\System\pvEgFXP.exe
  C:\Windows\System\pvEgFXP.exe
  2⤵
  PID:2716
- C:\Windows\System\OCgEvTG.exe
  C:\Windows\System\OCgEvTG.exe
  2⤵
  PID:4160
- C:\Windows\System\SZlAfKp.exe
  C:\Windows\System\SZlAfKp.exe
  2⤵
  PID:3300
- C:\Windows\System\RnQLSHi.exe
  C:\Windows\System\RnQLSHi.exe
  2⤵
  PID:4544
- C:\Windows\System\sqZUiWI.exe
  C:\Windows\System\sqZUiWI.exe
  2⤵
  PID:3680
- C:\Windows\System\apkmuKO.exe
  C:\Windows\System\apkmuKO.exe
  2⤵
  PID:4028
- C:\Windows\System\rHgkPiA.exe
  C:\Windows\System\rHgkPiA.exe
  2⤵
  PID:3088
- C:\Windows\System\BdFlQXW.exe
  C:\Windows\System\BdFlQXW.exe
  2⤵
  PID:5160
- C:\Windows\System\FdCxQDj.exe
  C:\Windows\System\FdCxQDj.exe
  2⤵
  PID:5232
- C:\Windows\System\DWMFTGE.exe
  C:\Windows\System\DWMFTGE.exe
  2⤵
  PID:2624
- C:\Windows\System\uDBxFjE.exe
  C:\Windows\System\uDBxFjE.exe
  2⤵
  PID:2688
- C:\Windows\System\jzFrBFa.exe
  C:\Windows\System\jzFrBFa.exe
  2⤵
  PID:5304
- C:\Windows\System\vmFIowH.exe
  C:\Windows\System\vmFIowH.exe
  2⤵
  PID:5324
- C:\Windows\System\cCizpSu.exe
  C:\Windows\System\cCizpSu.exe
  2⤵
  PID:5404
- C:\Windows\System\VqzAStr.exe
  C:\Windows\System\VqzAStr.exe
  2⤵
  PID:5448
- C:\Windows\System\EOAaVIw.exe
  C:\Windows\System\EOAaVIw.exe
  2⤵
  PID:5524
- C:\Windows\System\IgKKptK.exe
  C:\Windows\System\IgKKptK.exe
  2⤵
  PID:5248
- C:\Windows\System\sSKSsyv.exe
  C:\Windows\System\sSKSsyv.exe
  2⤵
  PID:5288
- C:\Windows\System\eZkWTxs.exe
  C:\Windows\System\eZkWTxs.exe
  2⤵
  PID:4920
- C:\Windows\System\WPbLZLf.exe
  C:\Windows\System\WPbLZLf.exe
  2⤵
  PID:5576
- C:\Windows\System\VtyxWAX.exe
  C:\Windows\System\VtyxWAX.exe
  2⤵
  PID:5352
- C:\Windows\System\xlyXifG.exe
  C:\Windows\System\xlyXifG.exe
  2⤵
  PID:2972
- C:\Windows\System\ATTJWbw.exe
  C:\Windows\System\ATTJWbw.exe
  2⤵
  PID:5384
- C:\Windows\System\oRtxCeO.exe
  C:\Windows\System\oRtxCeO.exe
  2⤵
  PID:2804
- C:\Windows\System\VPWnXUN.exe
  C:\Windows\System\VPWnXUN.exe
  2⤵
  PID:5748
- C:\Windows\System\bJqjOjL.exe
  C:\Windows\System\bJqjOjL.exe
  2⤵
  PID:5796
- C:\Windows\System\yHhCMyM.exe
  C:\Windows\System\yHhCMyM.exe
  2⤵
  PID:5468
- C:\Windows\System\sIMKqaB.exe
  C:\Windows\System\sIMKqaB.exe
  2⤵
  PID:5540
- C:\Windows\System\uWYOgkx.exe
  C:\Windows\System\uWYOgkx.exe
  2⤵
  PID:5552
- C:\Windows\System\ipmNULE.exe
  C:\Windows\System\ipmNULE.exe
  2⤵
  PID:5840
- C:\Windows\System\CehVGGO.exe
  C:\Windows\System\CehVGGO.exe
  2⤵
  PID:5876
- C:\Windows\System\HdnBAWv.exe
  C:\Windows\System\HdnBAWv.exe
  2⤵
  PID:1344
- C:\Windows\System\xojvgxn.exe
  C:\Windows\System\xojvgxn.exe
  2⤵
  PID:5728
- C:\Windows\System\WOAmRgn.exe
  C:\Windows\System\WOAmRgn.exe
  2⤵
  PID:5776
- C:\Windows\System\izYvnpV.exe
  C:\Windows\System\izYvnpV.exe
  2⤵
  PID:5852
- C:\Windows\System\HZOcjjT.exe
  C:\Windows\System\HZOcjjT.exe
  2⤵
  PID:5920
- C:\Windows\System\UOTWeYZ.exe
  C:\Windows\System\UOTWeYZ.exe
  2⤵
  PID:5956
- C:\Windows\System\CAlNXwB.exe
  C:\Windows\System\CAlNXwB.exe
  2⤵
  PID:6016
- C:\Windows\System\HBcbDXY.exe
  C:\Windows\System\HBcbDXY.exe
  2⤵
  PID:2588
- C:\Windows\System\HKkBkFD.exe
  C:\Windows\System\HKkBkFD.exe
  2⤵
  PID:6096
- C:\Windows\System\LBjGRpp.exe
  C:\Windows\System\LBjGRpp.exe
  2⤵
  PID:4976
- C:\Windows\System\ZTgNDGP.exe
  C:\Windows\System\ZTgNDGP.exe
  2⤵
  PID:6080
- C:\Windows\System\AgMopoh.exe
  C:\Windows\System\AgMopoh.exe
  2⤵
  PID:4384
- C:\Windows\System\xLqFnZt.exe
  C:\Windows\System\xLqFnZt.exe
  2⤵
  PID:5092
- C:\Windows\System\vQkcpOD.exe
  C:\Windows\System\vQkcpOD.exe
  2⤵
  PID:4996
- C:\Windows\System\nPAsjAf.exe
  C:\Windows\System\nPAsjAf.exe
  2⤵
  PID:5024
- C:\Windows\System\GliCEso.exe
  C:\Windows\System\GliCEso.exe
  2⤵
  PID:5040
- C:\Windows\System\BKTfZIy.exe
  C:\Windows\System\BKTfZIy.exe
  2⤵
  PID:5128
- C:\Windows\System\ohTYTzr.exe
  C:\Windows\System\ohTYTzr.exe
  2⤵
  PID:4220
- C:\Windows\System\MGAAQOW.exe
  C:\Windows\System\MGAAQOW.exe
  2⤵
  PID:2828
- C:\Windows\System\zQoMBVw.exe
  C:\Windows\System\zQoMBVw.exe
  2⤵
  PID:2628
- C:\Windows\System\AJzJEyu.exe
  C:\Windows\System\AJzJEyu.exe
  2⤵
  PID:4676
- C:\Windows\System\iUxzUZw.exe
  C:\Windows\System\iUxzUZw.exe
  2⤵
  PID:5484
- C:\Windows\System\AgRVzCI.exe
  C:\Windows\System\AgRVzCI.exe
  2⤵
  PID:5292
- C:\Windows\System\UAqDgLf.exe
  C:\Windows\System\UAqDgLf.exe
  2⤵
  PID:5196
- C:\Windows\System\kUNvVil.exe
  C:\Windows\System\kUNvVil.exe
  2⤵
  PID:2428
- C:\Windows\System\nTXHwgV.exe
  C:\Windows\System\nTXHwgV.exe
  2⤵
  PID:5500
- C:\Windows\System\Whmkyeu.exe
  C:\Windows\System\Whmkyeu.exe
  2⤵
  PID:5408
- C:\Windows\System\FueJjbR.exe
  C:\Windows\System\FueJjbR.exe
  2⤵
  PID:5660
- C:\Windows\System\WKljioR.exe
  C:\Windows\System\WKljioR.exe
  2⤵
  PID:5908
- C:\Windows\System\EEmPPCr.exe
  C:\Windows\System\EEmPPCr.exe
  2⤵
  PID:5860
- C:\Windows\System\bMvkGDn.exe
  C:\Windows\System\bMvkGDn.exe
  2⤵
  PID:5464
- C:\Windows\System\yLuqBQc.exe
  C:\Windows\System\yLuqBQc.exe
  2⤵
  PID:5544
- C:\Windows\System\kLmxeZt.exe
  C:\Windows\System\kLmxeZt.exe
  2⤵
  PID:5700
- C:\Windows\System\yPdXchw.exe
  C:\Windows\System\yPdXchw.exe
  2⤵
  PID:928
- C:\Windows\System\hPDkdiT.exe
  C:\Windows\System\hPDkdiT.exe
  2⤵
  PID:5928
- C:\Windows\System\REDvsDb.exe
  C:\Windows\System\REDvsDb.exe
  2⤵
  PID:5940
- C:\Windows\System\fjBPxgZ.exe
  C:\Windows\System\fjBPxgZ.exe
  2⤵
  PID:6092
- C:\Windows\System\SikHqec.exe
  C:\Windows\System\SikHqec.exe
  2⤵
  PID:6044
- C:\Windows\System\Wymfjww.exe
  C:\Windows\System\Wymfjww.exe
  2⤵
  PID:1908
- C:\Windows\System\NNfXotR.exe
  C:\Windows\System\NNfXotR.exe
  2⤵
  PID:6028
- C:\Windows\System\XsLZTDA.exe
  C:\Windows\System\XsLZTDA.exe
  2⤵
  PID:6056
- C:\Windows\System\LiWXFgK.exe
  C:\Windows\System\LiWXFgK.exe
  2⤵
  PID:2616
- C:\Windows\System\iJfplrw.exe
  C:\Windows\System\iJfplrw.exe
  2⤵
  PID:5628
- C:\Windows\System\WwBHbWo.exe
  C:\Windows\System\WwBHbWo.exe
  2⤵
  PID:4104
- C:\Windows\System\VPzLGxo.exe
  C:\Windows\System\VPzLGxo.exe
  2⤵
  PID:5220
- C:\Windows\System\VmVPBgT.exe
  C:\Windows\System\VmVPBgT.exe
  2⤵
  PID:4204
- C:\Windows\System\CQKjcWS.exe
  C:\Windows\System\CQKjcWS.exe
  2⤵
  PID:5368
- C:\Windows\System\aRVkwSL.exe
  C:\Windows\System\aRVkwSL.exe
  2⤵
  PID:2336
- C:\Windows\System\nHFRmmp.exe
  C:\Windows\System\nHFRmmp.exe
  2⤵
  PID:5756
- C:\Windows\System\xdkVHZL.exe
  C:\Windows\System\xdkVHZL.exe
  2⤵
  PID:5140
- C:\Windows\System\ZkcJDKB.exe
  C:\Windows\System\ZkcJDKB.exe
  2⤵
  PID:5608
- C:\Windows\System\ZvSDuqw.exe
  C:\Windows\System\ZvSDuqw.exe
  2⤵
  PID:5528
- C:\Windows\System\OYPXZMD.exe
  C:\Windows\System\OYPXZMD.exe
  2⤵
  PID:5832
- C:\Windows\System\wVAjBgE.exe
  C:\Windows\System\wVAjBgE.exe
  2⤵
  PID:5828
- C:\Windows\System\RdjhtwO.exe
  C:\Windows\System\RdjhtwO.exe
  2⤵
  PID:2712
- C:\Windows\System\NrJslxA.exe
  C:\Windows\System\NrJslxA.exe
  2⤵
  PID:6120
- C:\Windows\System\oiNXNFe.exe
  C:\Windows\System\oiNXNFe.exe
  2⤵
  PID:5980
- C:\Windows\System\DRjhfhX.exe
  C:\Windows\System\DRjhfhX.exe
  2⤵
  PID:3048
- C:\Windows\System\jgDSpsE.exe
  C:\Windows\System\jgDSpsE.exe
  2⤵
  PID:4424
- C:\Windows\System\uEiQrGP.exe
  C:\Windows\System\uEiQrGP.exe
  2⤵
  PID:900
- C:\Windows\System\lqmClVU.exe
  C:\Windows\System\lqmClVU.exe
  2⤵
  PID:2700
- C:\Windows\System\hMQiQXY.exe
  C:\Windows\System\hMQiQXY.exe
  2⤵
  PID:3800
- C:\Windows\System\JpVPDVJ.exe
  C:\Windows\System\JpVPDVJ.exe
  2⤵
  PID:5788
- C:\Windows\System\DAUaPee.exe
  C:\Windows\System\DAUaPee.exe
  2⤵
  PID:5316
- C:\Windows\System\FdjXeEC.exe
  C:\Windows\System\FdjXeEC.exe
  2⤵
  PID:5640
- C:\Windows\System\WAxkQUh.exe
  C:\Windows\System\WAxkQUh.exe
  2⤵
  PID:5212
- C:\Windows\System\AqfSDfd.exe
  C:\Windows\System\AqfSDfd.exe
  2⤵
  PID:5716
- C:\Windows\System\bHgaLEm.exe
  C:\Windows\System\bHgaLEm.exe
  2⤵
  PID:5564
- C:\Windows\System\kRnJqAm.exe
  C:\Windows\System\kRnJqAm.exe
  2⤵
  PID:5872
- C:\Windows\System\HHZEXao.exe
  C:\Windows\System\HHZEXao.exe
  2⤵
  PID:2976
- C:\Windows\System\KcXwKXd.exe
  C:\Windows\System\KcXwKXd.exe
  2⤵
  PID:5968
- C:\Windows\System\FIBNOkQ.exe
  C:\Windows\System\FIBNOkQ.exe
  2⤵
  PID:6160
- C:\Windows\System\PfMaSYl.exe
  C:\Windows\System\PfMaSYl.exe
  2⤵
  PID:6176
- C:\Windows\System\rwCZdkI.exe
  C:\Windows\System\rwCZdkI.exe
  2⤵
  PID:6196
- C:\Windows\System\hPZpMtq.exe
  C:\Windows\System\hPZpMtq.exe
  2⤵
  PID:6212
- C:\Windows\System\MntNQUa.exe
  C:\Windows\System\MntNQUa.exe
  2⤵
  PID:6232
- C:\Windows\System\kYakBDR.exe
  C:\Windows\System\kYakBDR.exe
  2⤵
  PID:6252
- C:\Windows\System\hDroFGT.exe
  C:\Windows\System\hDroFGT.exe
  2⤵
  PID:6272
- C:\Windows\System\rHzJiHm.exe
  C:\Windows\System\rHzJiHm.exe
  2⤵
  PID:6312
- C:\Windows\System\KPcKCOd.exe
  C:\Windows\System\KPcKCOd.exe
  2⤵
  PID:6328
- C:\Windows\System\znNVvvs.exe
  C:\Windows\System\znNVvvs.exe
  2⤵
  PID:6348
- C:\Windows\System\uNWumEe.exe
  C:\Windows\System\uNWumEe.exe
  2⤵
  PID:6364
- C:\Windows\System\sKOMPid.exe
  C:\Windows\System\sKOMPid.exe
  2⤵
  PID:6388
- C:\Windows\System\gwdDPho.exe
  C:\Windows\System\gwdDPho.exe
  2⤵
  PID:6408
- C:\Windows\System\oxLCssq.exe
  C:\Windows\System\oxLCssq.exe
  2⤵
  PID:6424
- C:\Windows\System\DwcsNbv.exe
  C:\Windows\System\DwcsNbv.exe
  2⤵
  PID:6444
- C:\Windows\System\rQHPrMJ.exe
  C:\Windows\System\rQHPrMJ.exe
  2⤵
  PID:6464
- C:\Windows\System\Sgaudyh.exe
  C:\Windows\System\Sgaudyh.exe
  2⤵
  PID:6480
- C:\Windows\System\uvkRbnM.exe
  C:\Windows\System\uvkRbnM.exe
  2⤵
  PID:6500
- C:\Windows\System\XiGNjAH.exe
  C:\Windows\System\XiGNjAH.exe
  2⤵
  PID:6516
- C:\Windows\System\vIZOXFx.exe
  C:\Windows\System\vIZOXFx.exe
  2⤵
  PID:6556
- C:\Windows\System\VzcpKkK.exe
  C:\Windows\System\VzcpKkK.exe
  2⤵
  PID:6576
- C:\Windows\System\MNEbmoL.exe
  C:\Windows\System\MNEbmoL.exe
  2⤵
  PID:6592
- C:\Windows\System\GGGBfxP.exe
  C:\Windows\System\GGGBfxP.exe
  2⤵
  PID:6612
- C:\Windows\System\cbIBYEX.exe
  C:\Windows\System\cbIBYEX.exe
  2⤵
  PID:6636
- C:\Windows\System\jcAcVAk.exe
  C:\Windows\System\jcAcVAk.exe
  2⤵
  PID:6652
- C:\Windows\System\KzTRxrN.exe
  C:\Windows\System\KzTRxrN.exe
  2⤵
  PID:6672
- C:\Windows\System\jrHvBpY.exe
  C:\Windows\System\jrHvBpY.exe
  2⤵
  PID:6688
- C:\Windows\System\qWmJPRB.exe
  C:\Windows\System\qWmJPRB.exe
  2⤵
  PID:6716
- C:\Windows\System\kaBWjtn.exe
  C:\Windows\System\kaBWjtn.exe
  2⤵
  PID:6736
- C:\Windows\System\TleeYkw.exe
  C:\Windows\System\TleeYkw.exe
  2⤵
  PID:6756
- C:\Windows\System\iQbltWu.exe
  C:\Windows\System\iQbltWu.exe
  2⤵
  PID:6772
- C:\Windows\System\qqsQDDV.exe
  C:\Windows\System\qqsQDDV.exe
  2⤵
  PID:6792
- C:\Windows\System\NodcxZY.exe
  C:\Windows\System\NodcxZY.exe
  2⤵
  PID:6812
- C:\Windows\System\JviqBly.exe
  C:\Windows\System\JviqBly.exe
  2⤵
  PID:6836
- C:\Windows\System\hPrmYuJ.exe
  C:\Windows\System\hPrmYuJ.exe
  2⤵
  PID:6856
- C:\Windows\System\mVdwMIV.exe
  C:\Windows\System\mVdwMIV.exe
  2⤵
  PID:6876
- C:\Windows\System\tjOmgCf.exe
  C:\Windows\System\tjOmgCf.exe
  2⤵
  PID:6896
- C:\Windows\System\hJoxqOL.exe
  C:\Windows\System\hJoxqOL.exe
  2⤵
  PID:6916
- C:\Windows\System\psQguUo.exe
  C:\Windows\System\psQguUo.exe
  2⤵
  PID:6932
- C:\Windows\System\HqccFnl.exe
  C:\Windows\System\HqccFnl.exe
  2⤵
  PID:6956
- C:\Windows\System\FSCWerZ.exe
  C:\Windows\System\FSCWerZ.exe
  2⤵
  PID:6976
- C:\Windows\System\GUHtJyJ.exe
  C:\Windows\System\GUHtJyJ.exe
  2⤵
  PID:7000
- C:\Windows\System\nRsJczj.exe
  C:\Windows\System\nRsJczj.exe
  2⤵
  PID:7020
- C:\Windows\System\JEWfemN.exe
  C:\Windows\System\JEWfemN.exe
  2⤵
  PID:7040
- C:\Windows\System\IBRiQhE.exe
  C:\Windows\System\IBRiQhE.exe
  2⤵
  PID:7060
- C:\Windows\System\wbnSdRP.exe
  C:\Windows\System\wbnSdRP.exe
  2⤵
  PID:7080
- C:\Windows\System\GaNXtQZ.exe
  C:\Windows\System\GaNXtQZ.exe
  2⤵
  PID:7100
- C:\Windows\System\QspxyTN.exe
  C:\Windows\System\QspxyTN.exe
  2⤵
  PID:7116
- C:\Windows\System\ksTqBOh.exe
  C:\Windows\System\ksTqBOh.exe
  2⤵
  PID:7140
- C:\Windows\System\MDmZfhI.exe
  C:\Windows\System\MDmZfhI.exe
  2⤵
  PID:7160
- C:\Windows\System\RCMTUTg.exe
  C:\Windows\System\RCMTUTg.exe
  2⤵
  PID:4328
- C:\Windows\System\YPjgsFh.exe
  C:\Windows\System\YPjgsFh.exe
  2⤵
  PID:2860
- C:\Windows\System\jUhPTYO.exe
  C:\Windows\System\jUhPTYO.exe
  2⤵
  PID:5432
- C:\Windows\System\kWTFfLp.exe
  C:\Windows\System\kWTFfLp.exe
  2⤵
  PID:1328
- C:\Windows\System\aFYZMaI.exe
  C:\Windows\System\aFYZMaI.exe
  2⤵
  PID:1400
- C:\Windows\System\IxUgBxN.exe
  C:\Windows\System\IxUgBxN.exe
  2⤵
  PID:6172
- C:\Windows\System\bzGCUOH.exe
  C:\Windows\System\bzGCUOH.exe
  2⤵
  PID:2924
- C:\Windows\System\PQcVXHn.exe
  C:\Windows\System\PQcVXHn.exe
  2⤵
  PID:4540
- C:\Windows\System\zrHOyJT.exe
  C:\Windows\System\zrHOyJT.exe
  2⤵
  PID:6284
- C:\Windows\System\gYhNxqs.exe
  C:\Windows\System\gYhNxqs.exe
  2⤵
  PID:6300
- C:\Windows\System\YPtpgqf.exe
  C:\Windows\System\YPtpgqf.exe
  2⤵
  PID:6004
- C:\Windows\System\jqzpJcy.exe
  C:\Windows\System\jqzpJcy.exe
  2⤵
  PID:6184
- C:\Windows\System\ACNFNTY.exe
  C:\Windows\System\ACNFNTY.exe
  2⤵
  PID:6420
- C:\Windows\System\zsyIiHQ.exe
  C:\Windows\System\zsyIiHQ.exe
  2⤵
  PID:6228
- C:\Windows\System\qlIuRtx.exe
  C:\Windows\System\qlIuRtx.exe
  2⤵
  PID:6148
- C:\Windows\System\IoRDmAT.exe
  C:\Windows\System\IoRDmAT.exe
  2⤵
  PID:6456
- C:\Windows\System\XLpwvRd.exe
  C:\Windows\System\XLpwvRd.exe
  2⤵
  PID:2564
- C:\Windows\System\CQFPVYF.exe
  C:\Windows\System\CQFPVYF.exe
  2⤵
  PID:6436
- C:\Windows\System\jDjOWZD.exe
  C:\Windows\System\jDjOWZD.exe
  2⤵
  PID:6508
- C:\Windows\System\ZXUqUxS.exe
  C:\Windows\System\ZXUqUxS.exe
  2⤵
  PID:6524
- C:\Windows\System\YUyfGCV.exe
  C:\Windows\System\YUyfGCV.exe
  2⤵
  PID:6548
- C:\Windows\System\qvPaaTl.exe
  C:\Windows\System\qvPaaTl.exe
  2⤵
  PID:6564
- C:\Windows\System\MDdCImf.exe
  C:\Windows\System\MDdCImf.exe
  2⤵
  PID:6568
- C:\Windows\System\CnbPDoG.exe
  C:\Windows\System\CnbPDoG.exe
  2⤵
  PID:6608
- C:\Windows\System\JtuYUCP.exe
  C:\Windows\System\JtuYUCP.exe
  2⤵
  PID:6700
- C:\Windows\System\nInXGiV.exe
  C:\Windows\System\nInXGiV.exe
  2⤵
  PID:6712
- C:\Windows\System\praZzPT.exe
  C:\Windows\System\praZzPT.exe
  2⤵
  PID:6724
- C:\Windows\System\tmmyIwj.exe
  C:\Windows\System\tmmyIwj.exe
  2⤵
  PID:6780
- C:\Windows\System\uiqsTEj.exe
  C:\Windows\System\uiqsTEj.exe
  2⤵
  PID:6764
- C:\Windows\System\rLdpBUm.exe
  C:\Windows\System\rLdpBUm.exe
  2⤵
  PID:6828
- C:\Windows\System\TmlHjVZ.exe
  C:\Windows\System\TmlHjVZ.exe
  2⤵
  PID:6868
- C:\Windows\System\JNkbkmu.exe
  C:\Windows\System\JNkbkmu.exe
  2⤵
  PID:6912
- C:\Windows\System\GliszCH.exe
  C:\Windows\System\GliszCH.exe
  2⤵
  PID:6944
- C:\Windows\System\CtePQLZ.exe
  C:\Windows\System\CtePQLZ.exe
  2⤵
  PID:6924
- C:\Windows\System\KILeUTH.exe
  C:\Windows\System\KILeUTH.exe
  2⤵
  PID:6968
- C:\Windows\System\dhqpjMP.exe
  C:\Windows\System\dhqpjMP.exe
  2⤵
  PID:7036
- C:\Windows\System\dtSprkP.exe
  C:\Windows\System\dtSprkP.exe
  2⤵
  PID:7076
- C:\Windows\System\xYmcdHH.exe
  C:\Windows\System\xYmcdHH.exe
  2⤵
  PID:7088
- C:\Windows\System\lmOKSni.exe
  C:\Windows\System\lmOKSni.exe
  2⤵
  PID:7156
- C:\Windows\System\gSBhTvV.exe
  C:\Windows\System\gSBhTvV.exe
  2⤵
  PID:7132
- C:\Windows\System\ECKvczz.exe
  C:\Windows\System\ECKvczz.exe
  2⤵
  PID:1624
- C:\Windows\System\NfDaxAx.exe
  C:\Windows\System\NfDaxAx.exe
  2⤵
  PID:6040
- C:\Windows\System\rLdiTyn.exe
  C:\Windows\System\rLdiTyn.exe
  2⤵
  PID:3960
- C:\Windows\System\Jxinzrc.exe
  C:\Windows\System\Jxinzrc.exe
  2⤵
  PID:2708
- C:\Windows\System\ssCRdFw.exe
  C:\Windows\System\ssCRdFw.exe
  2⤵
  PID:5392
- C:\Windows\System\LCsOMwd.exe
  C:\Windows\System\LCsOMwd.exe
  2⤵
  PID:6304
- C:\Windows\System\aFajyvM.exe
  C:\Windows\System\aFajyvM.exe
  2⤵
  PID:6336
- C:\Windows\System\vuGfcFX.exe
  C:\Windows\System\vuGfcFX.exe
  2⤵
  PID:6192
- C:\Windows\System\jYleZee.exe
  C:\Windows\System\jYleZee.exe
  2⤵
  PID:6380
- C:\Windows\System\xnXZLYb.exe
  C:\Windows\System\xnXZLYb.exe
  2⤵
  PID:5272
- C:\Windows\System\ljsJGBd.exe
  C:\Windows\System\ljsJGBd.exe
  2⤵
  PID:6404
- C:\Windows\System\XdcaHuu.exe
  C:\Windows\System\XdcaHuu.exe
  2⤵
  PID:6396
- C:\Windows\System\MHWYffG.exe
  C:\Windows\System\MHWYffG.exe
  2⤵
  PID:6476
- C:\Windows\System\QLeRtCv.exe
  C:\Windows\System\QLeRtCv.exe
  2⤵
  PID:6540
- C:\Windows\System\PJfXYUo.exe
  C:\Windows\System\PJfXYUo.exe
  2⤵
  PID:6604
- C:\Windows\System\JgBimEI.exe
  C:\Windows\System\JgBimEI.exe
  2⤵
  PID:6632
- C:\Windows\System\upoOqOG.exe
  C:\Windows\System\upoOqOG.exe
  2⤵
  PID:388
- C:\Windows\System\WReHWmG.exe
  C:\Windows\System\WReHWmG.exe
  2⤵
  PID:6820
- C:\Windows\System\LzodPyq.exe
  C:\Windows\System\LzodPyq.exe
  2⤵
  PID:6684
- C:\Windows\System\pjCfZGd.exe
  C:\Windows\System\pjCfZGd.exe
  2⤵
  PID:6848
- C:\Windows\System\ONRicDQ.exe
  C:\Windows\System\ONRicDQ.exe
  2⤵
  PID:6872
- C:\Windows\System\AHwplPP.exe
  C:\Windows\System\AHwplPP.exe
  2⤵
  PID:6928
- C:\Windows\System\uuoKcvU.exe
  C:\Windows\System\uuoKcvU.exe
  2⤵
  PID:2312
- C:\Windows\System\MPdPXjW.exe
  C:\Windows\System\MPdPXjW.exe
  2⤵
  PID:7052
- C:\Windows\System\bqjOnrM.exe
  C:\Windows\System\bqjOnrM.exe
  2⤵
  PID:7012
- C:\Windows\System\QtukLpc.exe
  C:\Windows\System\QtukLpc.exe
  2⤵
  PID:7128
- C:\Windows\System\jhUWNwQ.exe
  C:\Windows\System\jhUWNwQ.exe
  2⤵
  PID:1704
- C:\Windows\System\SrPfiNn.exe
  C:\Windows\System\SrPfiNn.exe
  2⤵
  PID:5064
- C:\Windows\System\VOLmocl.exe
  C:\Windows\System\VOLmocl.exe
  2⤵
  PID:6168
- C:\Windows\System\jchPZqg.exe
  C:\Windows\System\jchPZqg.exe
  2⤵
  PID:6156
- C:\Windows\System\RZoYxlB.exe
  C:\Windows\System\RZoYxlB.exe
  2⤵
  PID:6248
- C:\Windows\System\FUeMygI.exe
  C:\Windows\System\FUeMygI.exe
  2⤵
  PID:6264
- C:\Windows\System\ESvZCsY.exe
  C:\Windows\System\ESvZCsY.exe
  2⤵
  PID:6356
- C:\Windows\System\CzeTTsc.exe
  C:\Windows\System\CzeTTsc.exe
  2⤵
  PID:6492
- C:\Windows\System\tCrmkRa.exe
  C:\Windows\System\tCrmkRa.exe
  2⤵
  PID:2620
- C:\Windows\System\kkjoVrT.exe
  C:\Windows\System\kkjoVrT.exe
  2⤵
  PID:6628
- C:\Windows\System\DOtQvUh.exe
  C:\Windows\System\DOtQvUh.exe
  2⤵
  PID:6752
- C:\Windows\System\jsiEFtp.exe
  C:\Windows\System\jsiEFtp.exe
  2⤵
  PID:6784
- C:\Windows\System\hPuZEaE.exe
  C:\Windows\System\hPuZEaE.exe
  2⤵
  PID:6732
- C:\Windows\System\EAQghrr.exe
  C:\Windows\System\EAQghrr.exe
  2⤵
  PID:6852
- C:\Windows\System\nKScvEe.exe
  C:\Windows\System\nKScvEe.exe
  2⤵
  PID:7016
- C:\Windows\System\CXEzaeu.exe
  C:\Windows\System\CXEzaeu.exe
  2⤵
  PID:7048
- C:\Windows\System\LCSveUi.exe
  C:\Windows\System\LCSveUi.exe
  2⤵
  PID:7124
- C:\Windows\System\LIiaOrI.exe
  C:\Windows\System\LIiaOrI.exe
  2⤵
  PID:6204
- C:\Windows\System\hackfBz.exe
  C:\Windows\System\hackfBz.exe
  2⤵
  PID:5816
- C:\Windows\System\RXVfNxv.exe
  C:\Windows\System\RXVfNxv.exe
  2⤵
  PID:6376
- C:\Windows\System\FgFwOLH.exe
  C:\Windows\System\FgFwOLH.exe
  2⤵
  PID:1408
- C:\Windows\System\avimiGf.exe
  C:\Windows\System\avimiGf.exe
  2⤵
  PID:6472
- C:\Windows\System\TdfDDqX.exe
  C:\Windows\System\TdfDDqX.exe
  2⤵
  PID:6528
- C:\Windows\System\nIbJRpW.exe
  C:\Windows\System\nIbJRpW.exe
  2⤵
  PID:6696
- C:\Windows\System\GLAxmyl.exe
  C:\Windows\System\GLAxmyl.exe
  2⤵
  PID:6904
- C:\Windows\System\gxdYQxd.exe
  C:\Windows\System\gxdYQxd.exe
  2⤵
  PID:2720
- C:\Windows\System\HmwSVBt.exe
  C:\Windows\System\HmwSVBt.exe
  2⤵
  PID:6908
- C:\Windows\System\zxdHRBd.exe
  C:\Windows\System\zxdHRBd.exe
  2⤵
  PID:5944
- C:\Windows\System\hhbboUa.exe
  C:\Windows\System\hhbboUa.exe
  2⤵
  PID:7148
- C:\Windows\System\zsVmfHv.exe
  C:\Windows\System\zsVmfHv.exe
  2⤵
  PID:3636
- C:\Windows\System\CjLTygP.exe
  C:\Windows\System\CjLTygP.exe
  2⤵
  PID:6512
- C:\Windows\System\nTvCxpG.exe
  C:\Windows\System\nTvCxpG.exe
  2⤵
  PID:6344
- C:\Windows\System\nkwgXPy.exe
  C:\Windows\System\nkwgXPy.exe
  2⤵
  PID:1584
- C:\Windows\System\XzQCTgT.exe
  C:\Windows\System\XzQCTgT.exe
  2⤵
  PID:2092
- C:\Windows\System\PxskDax.exe
  C:\Windows\System\PxskDax.exe
  2⤵
  PID:2892
- C:\Windows\System\zeeSdzB.exe
  C:\Windows\System\zeeSdzB.exe
  2⤵
  PID:7008
- C:\Windows\System\SSfxXzN.exe
  C:\Windows\System\SSfxXzN.exe
  2⤵
  PID:5768
- C:\Windows\System\idfyfBH.exe
  C:\Windows\System\idfyfBH.exe
  2⤵
  PID:756
- C:\Windows\System\iUDExDZ.exe
  C:\Windows\System\iUDExDZ.exe
  2⤵
  PID:2576
- C:\Windows\System\ilMdIGp.exe
  C:\Windows\System\ilMdIGp.exe
  2⤵
  PID:2728
- C:\Windows\System\ytZDmDa.exe
  C:\Windows\System\ytZDmDa.exe
  2⤵
  PID:1576
- C:\Windows\System\FzxHyzS.exe
  C:\Windows\System\FzxHyzS.exe
  2⤵
  PID:6680
- C:\Windows\System\xJPYNEM.exe
  C:\Windows\System\xJPYNEM.exe
  2⤵
  PID:2536
- C:\Windows\System\zqVdYjQ.exe
  C:\Windows\System\zqVdYjQ.exe
  2⤵
  PID:7172
- C:\Windows\System\KsGaHiZ.exe
  C:\Windows\System\KsGaHiZ.exe
  2⤵
  PID:7188
- C:\Windows\System\GsrxROz.exe
  C:\Windows\System\GsrxROz.exe
  2⤵
  PID:7204
- C:\Windows\System\hognIni.exe
  C:\Windows\System\hognIni.exe
  2⤵
  PID:7220
- C:\Windows\System\ZTLZWlP.exe
  C:\Windows\System\ZTLZWlP.exe
  2⤵
  PID:7256
- C:\Windows\System\VawRbQO.exe
  C:\Windows\System\VawRbQO.exe
  2⤵
  PID:7280
- C:\Windows\System\PLrWfJv.exe
  C:\Windows\System\PLrWfJv.exe
  2⤵
  PID:7300
- C:\Windows\System\UcbSILJ.exe
  C:\Windows\System\UcbSILJ.exe
  2⤵
  PID:7316
- C:\Windows\System\ZVSbKPp.exe
  C:\Windows\System\ZVSbKPp.exe
  2⤵
  PID:7332
- C:\Windows\System\aRPOqgc.exe
  C:\Windows\System\aRPOqgc.exe
  2⤵
  PID:7348
- C:\Windows\System\MEyXanK.exe
  C:\Windows\System\MEyXanK.exe
  2⤵
  PID:7364
- C:\Windows\System\slaXzDo.exe
  C:\Windows\System\slaXzDo.exe
  2⤵
  PID:7380
- C:\Windows\System\eTyZRlQ.exe
  C:\Windows\System\eTyZRlQ.exe
  2⤵
  PID:7400
- C:\Windows\System\OwhtEgo.exe
  C:\Windows\System\OwhtEgo.exe
  2⤵
  PID:7420
- C:\Windows\System\vJYGpSz.exe
  C:\Windows\System\vJYGpSz.exe
  2⤵
  PID:7452
- C:\Windows\System\MWvIMOw.exe
  C:\Windows\System\MWvIMOw.exe
  2⤵
  PID:7472
- C:\Windows\System\vtgCmuU.exe
  C:\Windows\System\vtgCmuU.exe
  2⤵
  PID:7512
- C:\Windows\System\dOTZvvP.exe
  C:\Windows\System\dOTZvvP.exe
  2⤵
  PID:7528
- C:\Windows\System\JTgeJqP.exe
  C:\Windows\System\JTgeJqP.exe
  2⤵
  PID:7544
- C:\Windows\System\xPGixJj.exe
  C:\Windows\System\xPGixJj.exe
  2⤵
  PID:7560
- C:\Windows\System\zEgyuNE.exe
  C:\Windows\System\zEgyuNE.exe
  2⤵
  PID:7576
- C:\Windows\System\YZlOVFp.exe
  C:\Windows\System\YZlOVFp.exe
  2⤵
  PID:7592
- C:\Windows\System\NCGzEiG.exe
  C:\Windows\System\NCGzEiG.exe
  2⤵
  PID:7608
- C:\Windows\System\yetWcCz.exe
  C:\Windows\System\yetWcCz.exe
  2⤵
  PID:7624
- C:\Windows\System\rEgqrBO.exe
  C:\Windows\System\rEgqrBO.exe
  2⤵
  PID:7640
- C:\Windows\System\JvcBWIo.exe
  C:\Windows\System\JvcBWIo.exe
  2⤵
  PID:7656
- C:\Windows\System\cKNozqU.exe
  C:\Windows\System\cKNozqU.exe
  2⤵
  PID:7672
- C:\Windows\System\JVUBEkj.exe
  C:\Windows\System\JVUBEkj.exe
  2⤵
  PID:7688
- C:\Windows\System\mEWDCWF.exe
  C:\Windows\System\mEWDCWF.exe
  2⤵
  PID:7704
- C:\Windows\System\iKfWaZx.exe
  C:\Windows\System\iKfWaZx.exe
  2⤵
  PID:7720
- C:\Windows\System\fgapYmR.exe
  C:\Windows\System\fgapYmR.exe
  2⤵
  PID:7736
- C:\Windows\System\JUvTEdr.exe
  C:\Windows\System\JUvTEdr.exe
  2⤵
  PID:7752
- C:\Windows\System\YfcNldS.exe
  C:\Windows\System\YfcNldS.exe
  2⤵
  PID:7768
- C:\Windows\System\WiADwSc.exe
  C:\Windows\System\WiADwSc.exe
  2⤵
  PID:7784
- C:\Windows\System\RIAHNTT.exe
  C:\Windows\System\RIAHNTT.exe
  2⤵
  PID:7800
- C:\Windows\System\zEsxNUG.exe
  C:\Windows\System\zEsxNUG.exe
  2⤵
  PID:7836
- C:\Windows\System\vbiXowI.exe
  C:\Windows\System\vbiXowI.exe
  2⤵
  PID:7856
- C:\Windows\System\vlSZcdp.exe
  C:\Windows\System\vlSZcdp.exe
  2⤵
  PID:7888
- C:\Windows\System\xOLhJMH.exe
  C:\Windows\System\xOLhJMH.exe
  2⤵
  PID:7904
- C:\Windows\System\RKxAUMz.exe
  C:\Windows\System\RKxAUMz.exe
  2⤵
  PID:7920
- C:\Windows\System\BCjSZog.exe
  C:\Windows\System\BCjSZog.exe
  2⤵
  PID:7936
- C:\Windows\System\LPcdAzL.exe
  C:\Windows\System\LPcdAzL.exe
  2⤵
  PID:7952
- C:\Windows\System\ZjHWiWa.exe
  C:\Windows\System\ZjHWiWa.exe
  2⤵
  PID:7968
- C:\Windows\System\BpNDBsv.exe
  C:\Windows\System\BpNDBsv.exe
  2⤵
  PID:7984
- C:\Windows\System\aKSxNYN.exe
  C:\Windows\System\aKSxNYN.exe
  2⤵
  PID:8000
- C:\Windows\System\LSclqnv.exe
  C:\Windows\System\LSclqnv.exe
  2⤵
  PID:8016
- C:\Windows\System\eSWdVNc.exe
  C:\Windows\System\eSWdVNc.exe
  2⤵
  PID:8032
- C:\Windows\System\SzYHzmr.exe
  C:\Windows\System\SzYHzmr.exe
  2⤵
  PID:8048
- C:\Windows\System\mDyqLQw.exe
  C:\Windows\System\mDyqLQw.exe
  2⤵
  PID:8064
- C:\Windows\System\SKcdZmw.exe
  C:\Windows\System\SKcdZmw.exe
  2⤵
  PID:8080
- C:\Windows\System\qiLZEdY.exe
  C:\Windows\System\qiLZEdY.exe
  2⤵
  PID:8096
- C:\Windows\System\vJlrGRy.exe
  C:\Windows\System\vJlrGRy.exe
  2⤵
  PID:8112
- C:\Windows\System\urPIavA.exe
  C:\Windows\System\urPIavA.exe
  2⤵
  PID:8128
- C:\Windows\System\UjJKItB.exe
  C:\Windows\System\UjJKItB.exe
  2⤵
  PID:8144
- C:\Windows\System\MDVCknZ.exe
  C:\Windows\System\MDVCknZ.exe
  2⤵
  PID:8160
- C:\Windows\System\TsGVXQQ.exe
  C:\Windows\System\TsGVXQQ.exe
  2⤵
  PID:8176
- C:\Windows\System\smLmmRz.exe
  C:\Windows\System\smLmmRz.exe
  2⤵
  PID:572
- C:\Windows\System\BgnEtOw.exe
  C:\Windows\System\BgnEtOw.exe
  2⤵
  PID:2144
- C:\Windows\System\JHfUlwl.exe
  C:\Windows\System\JHfUlwl.exe
  2⤵
  PID:6748
- C:\Windows\System\PXUukoq.exe
  C:\Windows\System\PXUukoq.exe
  2⤵
  PID:6544
- C:\Windows\System\ZVkDOor.exe
  C:\Windows\System\ZVkDOor.exe
  2⤵
  PID:7236
- C:\Windows\System\thXYvPh.exe
  C:\Windows\System\thXYvPh.exe
  2⤵
  PID:7252
- C:\Windows\System\vWoWOmg.exe
  C:\Windows\System\vWoWOmg.exe
  2⤵
  PID:6668
- C:\Windows\System\DMHJdLh.exe
  C:\Windows\System\DMHJdLh.exe
  2⤵
  PID:7184
- C:\Windows\System\MVHgxDL.exe
  C:\Windows\System\MVHgxDL.exe
  2⤵
  PID:7344
- C:\Windows\System\kRFvRov.exe
  C:\Windows\System\kRFvRov.exe
  2⤵
  PID:7268
- C:\Windows\System\MSygZpa.exe
  C:\Windows\System\MSygZpa.exe
  2⤵
  PID:7360
- C:\Windows\System\XEpIJOK.exe
  C:\Windows\System\XEpIJOK.exe
  2⤵
  PID:7428
- C:\Windows\System\cgXsKcT.exe
  C:\Windows\System\cgXsKcT.exe
  2⤵
  PID:7444
- C:\Windows\System\FENNOuv.exe
  C:\Windows\System\FENNOuv.exe
  2⤵
  PID:7488
- C:\Windows\System\tuZIAkF.exe
  C:\Windows\System\tuZIAkF.exe
  2⤵
  PID:7508
- C:\Windows\System\bzIHNNB.exe
  C:\Windows\System\bzIHNNB.exe
  2⤵
  PID:7568
- C:\Windows\System\HqfSKxN.exe
  C:\Windows\System\HqfSKxN.exe
  2⤵
  PID:7312
- C:\Windows\System\kfZEYkZ.exe
  C:\Windows\System\kfZEYkZ.exe
  2⤵
  PID:7408
- C:\Windows\System\ofnRTfP.exe
  C:\Windows\System\ofnRTfP.exe
  2⤵
  PID:7464
- C:\Windows\System\mgxBZhx.exe
  C:\Windows\System\mgxBZhx.exe
  2⤵
  PID:7620
- C:\Windows\System\jjArJQD.exe
  C:\Windows\System\jjArJQD.exe
  2⤵
  PID:2228
- C:\Windows\System\ppDdEgZ.exe
  C:\Windows\System\ppDdEgZ.exe
  2⤵
  PID:7728
- C:\Windows\System\gEpZmaL.exe
  C:\Windows\System\gEpZmaL.exe
  2⤵
  PID:7792
- C:\Windows\System\EwekQYN.exe
  C:\Windows\System\EwekQYN.exe
  2⤵
  PID:7820
- C:\Windows\System\HbmnpVg.exe
  C:\Windows\System\HbmnpVg.exe
  2⤵
  PID:7864
- C:\Windows\System\PUmvTfn.exe
  C:\Windows\System\PUmvTfn.exe
  2⤵
  PID:7932
- C:\Windows\System\CfNWxUv.exe
  C:\Windows\System\CfNWxUv.exe
  2⤵
  PID:7944
- C:\Windows\System\brDihYu.exe
  C:\Windows\System\brDihYu.exe
  2⤵
  PID:8008
- C:\Windows\System\rZSIRYk.exe
  C:\Windows\System\rZSIRYk.exe
  2⤵
  PID:8060
- C:\Windows\System\NEPvocN.exe
  C:\Windows\System\NEPvocN.exe
  2⤵
  PID:8124
- C:\Windows\System\nWoKrHT.exe
  C:\Windows\System\nWoKrHT.exe
  2⤵
  PID:6888
- C:\Windows\System\BPTFUcP.exe
  C:\Windows\System\BPTFUcP.exe
  2⤵
  PID:7440
- C:\Windows\System\juLOIKM.exe
  C:\Windows\System\juLOIKM.exe
  2⤵
  PID:7540
- C:\Windows\System\zsEdvfB.exe
  C:\Windows\System\zsEdvfB.exe
  2⤵
  PID:408
- C:\Windows\System\mJeAiGY.exe
  C:\Windows\System\mJeAiGY.exe
  2⤵
  PID:2164
- C:\Windows\System\bnOFYya.exe
  C:\Windows\System\bnOFYya.exe
  2⤵
  PID:7556
- C:\Windows\System\YPauAoj.exe
  C:\Windows\System\YPauAoj.exe
  2⤵
  PID:7652
- C:\Windows\System\nMPQmoy.exe
  C:\Windows\System\nMPQmoy.exe
  2⤵
  PID:7680
- C:\Windows\System\YSDFEhE.exe
  C:\Windows\System\YSDFEhE.exe
  2⤵
  PID:7712
- C:\Windows\System\lMJvLuL.exe
  C:\Windows\System\lMJvLuL.exe
  2⤵
  PID:7716
- C:\Windows\System\ZGjfgqK.exe
  C:\Windows\System\ZGjfgqK.exe
  2⤵
  PID:7780
- C:\Windows\System\hUNPrWA.exe
  C:\Windows\System\hUNPrWA.exe
  2⤵
  PID:7816
- C:\Windows\System\BMJaIse.exe
  C:\Windows\System\BMJaIse.exe
  2⤵
  PID:7928
- C:\Windows\System\PuHfdaZ.exe
  C:\Windows\System\PuHfdaZ.exe
  2⤵
  PID:8056
- C:\Windows\System\bqPRxxn.exe
  C:\Windows\System\bqPRxxn.exe
  2⤵
  PID:8120
- C:\Windows\System\zDvIQDj.exe
  C:\Windows\System\zDvIQDj.exe
  2⤵
  PID:8140
- C:\Windows\System\sSrzYdQ.exe
  C:\Windows\System\sSrzYdQ.exe
  2⤵
  PID:2516
- C:\Windows\System\bTVmCbr.exe
  C:\Windows\System\bTVmCbr.exe
  2⤵
  PID:2204
- C:\Windows\System\QQfxMew.exe
  C:\Windows\System\QQfxMew.exe
  2⤵
  PID:2404
- C:\Windows\System\AgHUeup.exe
  C:\Windows\System\AgHUeup.exe
  2⤵
  PID:832
- C:\Windows\System\ECtaFfR.exe
  C:\Windows\System\ECtaFfR.exe
  2⤵
  PID:7296
- C:\Windows\System\cYZHEne.exe
  C:\Windows\System\cYZHEne.exe
  2⤵
  PID:7328
- C:\Windows\System\rBcbxzI.exe
  C:\Windows\System\rBcbxzI.exe
  2⤵
  PID:7276
- C:\Windows\System\cQgxNCD.exe
  C:\Windows\System\cQgxNCD.exe
  2⤵
  PID:7308
- C:\Windows\System\iIPZhlR.exe
  C:\Windows\System\iIPZhlR.exe
  2⤵
  PID:6952
- C:\Windows\System\HGcHNmr.exe
  C:\Windows\System\HGcHNmr.exe
  2⤵
  PID:7392
- C:\Windows\System\yNcaQBe.exe
  C:\Windows\System\yNcaQBe.exe
  2⤵
  PID:7376
- C:\Windows\System\URVOrUr.exe
  C:\Windows\System\URVOrUr.exe
  2⤵
  PID:7636
- C:\Windows\System\svKJHNj.exe
  C:\Windows\System\svKJHNj.exe
  2⤵
  PID:7700
- C:\Windows\System\rTwTJXo.exe
  C:\Windows\System\rTwTJXo.exe
  2⤵
  PID:7812
- C:\Windows\System\kpWVMRY.exe
  C:\Windows\System\kpWVMRY.exe
  2⤵
  PID:2396
- C:\Windows\System\VLkJYZG.exe
  C:\Windows\System\VLkJYZG.exe
  2⤵
  PID:7776
- C:\Windows\System\ugEQBSM.exe
  C:\Windows\System\ugEQBSM.exe
  2⤵
  PID:7960
- C:\Windows\System\Wsbuzlg.exe
  C:\Windows\System\Wsbuzlg.exe
  2⤵
  PID:7552
- C:\Windows\System\KDEGNkE.exe
  C:\Windows\System\KDEGNkE.exe
  2⤵
  PID:8092
- C:\Windows\System\qradugN.exe
  C:\Windows\System\qradugN.exe
  2⤵
  PID:1660
- C:\Windows\System\nCcrxhN.exe
  C:\Windows\System\nCcrxhN.exe
  2⤵
  PID:7232
- C:\Windows\System\VZnpVyn.exe
  C:\Windows\System\VZnpVyn.exe
  2⤵
  PID:8156
- C:\Windows\System\GqHjxKW.exe
  C:\Windows\System\GqHjxKW.exe
  2⤵
  PID:7480
- C:\Windows\System\YyyWuAq.exe
  C:\Windows\System\YyyWuAq.exe
  2⤵
  PID:7632
- C:\Windows\System\HednFUs.exe
  C:\Windows\System\HednFUs.exe
  2⤵
  PID:8200
- C:\Windows\System\AgOZZZO.exe
  C:\Windows\System\AgOZZZO.exe
  2⤵
  PID:8220
- C:\Windows\System\twWkZZI.exe
  C:\Windows\System\twWkZZI.exe
  2⤵
  PID:8240
- C:\Windows\System\QDPzrSD.exe
  C:\Windows\System\QDPzrSD.exe
  2⤵
  PID:8260
- C:\Windows\System\jfJbzVB.exe
  C:\Windows\System\jfJbzVB.exe
  2⤵
  PID:8276
- C:\Windows\System\BcqyQns.exe
  C:\Windows\System\BcqyQns.exe
  2⤵
  PID:8296
- C:\Windows\System\JPphNjZ.exe
  C:\Windows\System\JPphNjZ.exe
  2⤵
  PID:8312
- C:\Windows\System\NGymchm.exe
  C:\Windows\System\NGymchm.exe
  2⤵
  PID:8328
- C:\Windows\System\NCrxhrg.exe
  C:\Windows\System\NCrxhrg.exe
  2⤵
  PID:8344
- C:\Windows\System\gLrnOcK.exe
  C:\Windows\System\gLrnOcK.exe
  2⤵
  PID:8360
- C:\Windows\System\dKBBopd.exe
  C:\Windows\System\dKBBopd.exe
  2⤵
  PID:8376
- C:\Windows\System\bWfJTjf.exe
  C:\Windows\System\bWfJTjf.exe
  2⤵
  PID:8392
- C:\Windows\System\rWZEvSk.exe
  C:\Windows\System\rWZEvSk.exe
  2⤵
  PID:8408
- C:\Windows\System\lHtYWdZ.exe
  C:\Windows\System\lHtYWdZ.exe
  2⤵
  PID:8424
- C:\Windows\System\DFSXUGv.exe
  C:\Windows\System\DFSXUGv.exe
  2⤵
  PID:8440
- C:\Windows\System\FRjSZlV.exe
  C:\Windows\System\FRjSZlV.exe
  2⤵
  PID:8456
- C:\Windows\System\XRNyvBk.exe
  C:\Windows\System\XRNyvBk.exe
  2⤵
  PID:8472
- C:\Windows\System\GLPztTP.exe
  C:\Windows\System\GLPztTP.exe
  2⤵
  PID:8488
- C:\Windows\System\nJwdLjc.exe
  C:\Windows\System\nJwdLjc.exe
  2⤵
  PID:8504
- C:\Windows\System\SAcbubd.exe
  C:\Windows\System\SAcbubd.exe
  2⤵
  PID:8520
- C:\Windows\System\iayTLGq.exe
  C:\Windows\System\iayTLGq.exe
  2⤵
  PID:8536
- C:\Windows\System\ZWVHrdX.exe
  C:\Windows\System\ZWVHrdX.exe
  2⤵
  PID:8552
- C:\Windows\System\JPycdsO.exe
  C:\Windows\System\JPycdsO.exe
  2⤵
  PID:8568
- C:\Windows\System\Ovmgxww.exe
  C:\Windows\System\Ovmgxww.exe
  2⤵
  PID:8584
- C:\Windows\System\DsZTmcE.exe
  C:\Windows\System\DsZTmcE.exe
  2⤵
  PID:8600
- C:\Windows\System\qmLvBBT.exe
  C:\Windows\System\qmLvBBT.exe
  2⤵
  PID:8616
- C:\Windows\System\yxXyawA.exe
  C:\Windows\System\yxXyawA.exe
  2⤵
  PID:8636
- C:\Windows\System\XZyvllq.exe
  C:\Windows\System\XZyvllq.exe
  2⤵
  PID:8652
- C:\Windows\System\JPLwfIO.exe
  C:\Windows\System\JPLwfIO.exe
  2⤵
  PID:8668
- C:\Windows\System\QUSOLxY.exe
  C:\Windows\System\QUSOLxY.exe
  2⤵
  PID:8696
- C:\Windows\System\oDhIPZn.exe
  C:\Windows\System\oDhIPZn.exe
  2⤵
  PID:8716
- C:\Windows\System\ofAeAfn.exe
  C:\Windows\System\ofAeAfn.exe
  2⤵
  PID:8732
- C:\Windows\System\gCIwrwo.exe
  C:\Windows\System\gCIwrwo.exe
  2⤵
  PID:8752
- C:\Windows\System\eZmXBSv.exe
  C:\Windows\System\eZmXBSv.exe
  2⤵
  PID:8784
- C:\Windows\System\uFCdVJJ.exe
  C:\Windows\System\uFCdVJJ.exe
  2⤵
  PID:8800
- C:\Windows\System\GqxiPGC.exe
  C:\Windows\System\GqxiPGC.exe
  2⤵
  PID:8916
- C:\Windows\System\SffRZHI.exe
  C:\Windows\System\SffRZHI.exe
  2⤵
  PID:8968
- C:\Windows\System\sjXxzVj.exe
  C:\Windows\System\sjXxzVj.exe
  2⤵
  PID:8992
- C:\Windows\System\RdfyGGM.exe
  C:\Windows\System\RdfyGGM.exe
  2⤵
  PID:9008
- C:\Windows\System\ztaIazQ.exe
  C:\Windows\System\ztaIazQ.exe
  2⤵
  PID:9024
- C:\Windows\System\JDKbDuG.exe
  C:\Windows\System\JDKbDuG.exe
  2⤵
  PID:9044
- C:\Windows\System\yqEbHdR.exe
  C:\Windows\System\yqEbHdR.exe
  2⤵
  PID:9060
- C:\Windows\System\kDvAZYk.exe
  C:\Windows\System\kDvAZYk.exe
  2⤵
  PID:9080
- C:\Windows\System\CaEmZmv.exe
  C:\Windows\System\CaEmZmv.exe
  2⤵
  PID:9096
- C:\Windows\System\MBoburD.exe
  C:\Windows\System\MBoburD.exe
  2⤵
  PID:9112
- C:\Windows\System\KOlUWcE.exe
  C:\Windows\System\KOlUWcE.exe
  2⤵
  PID:9128
- C:\Windows\System\JduMUZR.exe
  C:\Windows\System\JduMUZR.exe
  2⤵
  PID:9144
- C:\Windows\System\GLOvaSr.exe
  C:\Windows\System\GLOvaSr.exe
  2⤵
  PID:9160
- C:\Windows\System\QQbvuMe.exe
  C:\Windows\System\QQbvuMe.exe
  2⤵
  PID:9176
- C:\Windows\System\ijDpvWP.exe
  C:\Windows\System\ijDpvWP.exe
  2⤵
  PID:9192
- C:\Windows\System\qjreunX.exe
  C:\Windows\System\qjreunX.exe
  2⤵
  PID:9208
- C:\Windows\System\hhlOFZH.exe
  C:\Windows\System\hhlOFZH.exe
  2⤵
  PID:7832
- C:\Windows\System\LQimcbq.exe
  C:\Windows\System\LQimcbq.exe
  2⤵
  PID:7976
- C:\Windows\System\HktBWbl.exe
  C:\Windows\System\HktBWbl.exe
  2⤵
  PID:7248
- C:\Windows\System\bskIFtY.exe
  C:\Windows\System\bskIFtY.exe
  2⤵
  PID:2984
- C:\Windows\System\yObZGqH.exe
  C:\Windows\System\yObZGqH.exe
  2⤵
  PID:8248
- C:\Windows\System\bzHJyNU.exe
  C:\Windows\System\bzHJyNU.exe
  2⤵
  PID:8288
- C:\Windows\System\WxPggrt.exe
  C:\Windows\System\WxPggrt.exe
  2⤵
  PID:8352
- C:\Windows\System\EDXjGFA.exe
  C:\Windows\System\EDXjGFA.exe
  2⤵
  PID:8416
- C:\Windows\System\msZdLOT.exe
  C:\Windows\System\msZdLOT.exe
  2⤵
  PID:8480
- C:\Windows\System\KDiuAoh.exe
  C:\Windows\System\KDiuAoh.exe
  2⤵
  PID:8168
- C:\Windows\System\SWPMhzv.exe
  C:\Windows\System\SWPMhzv.exe
  2⤵
  PID:2508
- C:\Windows\System\mRmuLTq.exe
  C:\Windows\System\mRmuLTq.exe
  2⤵
  PID:7600
- C:\Windows\System\ciaUIvq.exe
  C:\Windows\System\ciaUIvq.exe
  2⤵
  PID:8088
- C:\Windows\System\BFWLpXF.exe
  C:\Windows\System\BFWLpXF.exe
  2⤵
  PID:8592
- C:\Windows\System\bqRIVvZ.exe
  C:\Windows\System\bqRIVvZ.exe
  2⤵
  PID:8236
- C:\Windows\System\yWfJzBN.exe
  C:\Windows\System\yWfJzBN.exe
  2⤵
  PID:8532
- C:\Windows\System\zaFNkTX.exe
  C:\Windows\System\zaFNkTX.exe
  2⤵
  PID:8368
- C:\Windows\System\qstzyTK.exe
  C:\Windows\System\qstzyTK.exe
  2⤵
  PID:8432
- C:\Windows\System\LjVoSdS.exe
  C:\Windows\System\LjVoSdS.exe
  2⤵
  PID:8464
- C:\Windows\System\MUzFRmQ.exe
  C:\Windows\System\MUzFRmQ.exe
  2⤵
  PID:8660
- C:\Windows\System\tIVYnVg.exe
  C:\Windows\System\tIVYnVg.exe
  2⤵
  PID:8516
- C:\Windows\System\MQQxCaw.exe
  C:\Windows\System\MQQxCaw.exe
  2⤵
  PID:8576
- C:\Windows\System\rBeSUaB.exe
  C:\Windows\System\rBeSUaB.exe
  2⤵
  PID:8644
- C:\Windows\System\KqFtQDY.exe
  C:\Windows\System\KqFtQDY.exe
  2⤵
  PID:8712
- C:\Windows\System\FMcQJiu.exe
  C:\Windows\System\FMcQJiu.exe
  2⤵
  PID:8792
- C:\Windows\System\rNQfxWA.exe
  C:\Windows\System\rNQfxWA.exe
  2⤵
  PID:8764
- C:\Windows\System\oZyDtHh.exe
  C:\Windows\System\oZyDtHh.exe
  2⤵
  PID:8680
- C:\Windows\System\RtPNcUo.exe
  C:\Windows\System\RtPNcUo.exe
  2⤵
  PID:8776
- C:\Windows\System\QNHPFlw.exe
  C:\Windows\System\QNHPFlw.exe
  2⤵
  PID:8816
- C:\Windows\System\gkUNHUi.exe
  C:\Windows\System\gkUNHUi.exe
  2⤵
  PID:8832
- C:\Windows\System\LFroBAL.exe
  C:\Windows\System\LFroBAL.exe
  2⤵
  PID:8848
- C:\Windows\System\buoIOeC.exe
  C:\Windows\System\buoIOeC.exe
  2⤵
  PID:8864
- C:\Windows\System\INCuWew.exe
  C:\Windows\System\INCuWew.exe
  2⤵
  PID:8880
- C:\Windows\System\zdtInfE.exe
  C:\Windows\System\zdtInfE.exe
  2⤵
  PID:9136
- C:\Windows\System\kZEwHME.exe
  C:\Windows\System\kZEwHME.exe
  2⤵
  PID:8212
- C:\Windows\System\GziWcqG.exe
  C:\Windows\System\GziWcqG.exe
  2⤵
  PID:7684
- C:\Windows\System\guWOsOb.exe
  C:\Windows\System\guWOsOb.exe
  2⤵
  PID:7764
- C:\Windows\System\NcOIJcT.exe
  C:\Windows\System\NcOIJcT.exe
  2⤵
  PID:9204
- C:\Windows\System\FujDBCJ.exe
  C:\Windows\System\FujDBCJ.exe
  2⤵
  PID:8188
- C:\Windows\System\qLpXzwo.exe
  C:\Windows\System\qLpXzwo.exe
  2⤵
  PID:8500
- C:\Windows\System\BZAMevp.exe
  C:\Windows\System\BZAMevp.exe
  2⤵
  PID:8528
- C:\Windows\System\voiynkP.exe
  C:\Windows\System\voiynkP.exe
  2⤵
  PID:8228
- C:\Windows\System\eimfnOq.exe
  C:\Windows\System\eimfnOq.exe
  2⤵
  PID:8268
- C:\Windows\System\fdqISeX.exe
  C:\Windows\System\fdqISeX.exe
  2⤵
  PID:8340
- C:\Windows\System\aVfdlxT.exe
  C:\Windows\System\aVfdlxT.exe
  2⤵
  PID:8624
- C:\Windows\System\RzlJLqW.exe
  C:\Windows\System\RzlJLqW.exe
  2⤵
  PID:8740
- C:\Windows\System\qbHBbpl.exe
  C:\Windows\System\qbHBbpl.exe
  2⤵
  PID:8768
- C:\Windows\System\LHHAARU.exe
  C:\Windows\System\LHHAARU.exe
  2⤵
  PID:8512
- C:\Windows\System\SPkDXZt.exe
  C:\Windows\System\SPkDXZt.exe
  2⤵
  PID:8808
- C:\Windows\System\vGyxcQZ.exe
  C:\Windows\System\vGyxcQZ.exe
  2⤵
  PID:8688
- C:\Windows\System\kIMXwCZ.exe
  C:\Windows\System\kIMXwCZ.exe
  2⤵
  PID:8856
- C:\Windows\System\trCxYjx.exe
  C:\Windows\System\trCxYjx.exe
  2⤵
  PID:8876
- C:\Windows\System\TvBwyIg.exe
  C:\Windows\System\TvBwyIg.exe
  2⤵
  PID:8892
- C:\Windows\System\pisWOWs.exe
  C:\Windows\System\pisWOWs.exe
  2⤵
  PID:8928
- C:\Windows\System\YzqnBDc.exe
  C:\Windows\System\YzqnBDc.exe
  2⤵
  PID:8944
- C:\Windows\System\QgpswpG.exe
  C:\Windows\System\QgpswpG.exe
  2⤵
  PID:8960
- C:\Windows\System\POZbnwD.exe
  C:\Windows\System\POZbnwD.exe
  2⤵
  PID:8980
- C:\Windows\System\gHsQpzN.exe
  C:\Windows\System\gHsQpzN.exe
  2⤵
  PID:9016
- C:\Windows\System\BZTJKyV.exe
  C:\Windows\System\BZTJKyV.exe
  2⤵
  PID:9072
- C:\Windows\System\rcSIcLv.exe
  C:\Windows\System\rcSIcLv.exe
  2⤵
  PID:9088
- C:\Windows\System\LltQMAK.exe
  C:\Windows\System\LltQMAK.exe
  2⤵
  PID:9124
- C:\Windows\System\MWpozTx.exe
  C:\Windows\System\MWpozTx.exe
  2⤵
  PID:9152
- C:\Windows\System\YBttlCF.exe
  C:\Windows\System\YBttlCF.exe
  2⤵
  PID:7852
- C:\Windows\System\ywXTHDj.exe
  C:\Windows\System\ywXTHDj.exe
  2⤵
  PID:8320
- C:\Windows\System\sznYiCw.exe
  C:\Windows\System\sznYiCw.exe
  2⤵
  PID:9032
- C:\Windows\System\mxPTMeY.exe
  C:\Windows\System\mxPTMeY.exe
  2⤵
  PID:8284
- C:\Windows\System\odCOhVR.exe
  C:\Windows\System\odCOhVR.exe
  2⤵
  PID:8448
- C:\Windows\System\JQpODGK.exe
  C:\Windows\System\JQpODGK.exe
  2⤵
  PID:7356
- C:\Windows\System\vkkdeZf.exe
  C:\Windows\System\vkkdeZf.exe
  2⤵
  PID:8824
- C:\Windows\System\egRIzzR.exe
  C:\Windows\System\egRIzzR.exe
  2⤵
  PID:8548
- C:\Windows\System\oQWNoDL.exe
  C:\Windows\System\oQWNoDL.exe
  2⤵
  PID:8692
- C:\Windows\System\ynXoCIL.exe
  C:\Windows\System\ynXoCIL.exe
  2⤵
  PID:8760
- C:\Windows\System\zuOTRQy.exe
  C:\Windows\System\zuOTRQy.exe
  2⤵
  PID:8812
- C:\Windows\System\dVOJIIM.exe
  C:\Windows\System\dVOJIIM.exe
  2⤵
  PID:8904
- C:\Windows\System\IfQDWZh.exe
  C:\Windows\System\IfQDWZh.exe
  2⤵
  PID:8984
- C:\Windows\System\UeHzGQv.exe
  C:\Windows\System\UeHzGQv.exe
  2⤵
  PID:8988
- C:\Windows\System\bCfTLXu.exe
  C:\Windows\System\bCfTLXu.exe
  2⤵
  PID:7524
- C:\Windows\System\axdqZsD.exe
  C:\Windows\System\axdqZsD.exe
  2⤵
  PID:9184
- C:\Windows\System\QNvBGAa.exe
  C:\Windows\System\QNvBGAa.exe
  2⤵
  PID:8560
- C:\Windows\System\PYAaLyF.exe
  C:\Windows\System\PYAaLyF.exe
  2⤵
  PID:9004
- C:\Windows\System\jIdmOUR.exe
  C:\Windows\System\jIdmOUR.exe
  2⤵
  PID:8648
- C:\Windows\System\RlToEPH.exe
  C:\Windows\System\RlToEPH.exe
  2⤵
  PID:8900
- C:\Windows\System\mypnRRP.exe
  C:\Windows\System\mypnRRP.exe
  2⤵
  PID:8976
- C:\Windows\System\peEMAJM.exe
  C:\Windows\System\peEMAJM.exe
  2⤵
  PID:9168
- C:\Windows\System\qSVyoom.exe
  C:\Windows\System\qSVyoom.exe
  2⤵
  PID:8308
- C:\Windows\System\QAADPwq.exe
  C:\Windows\System\QAADPwq.exe
  2⤵
  PID:8748
- C:\Windows\System\MtASWDQ.exe
  C:\Windows\System\MtASWDQ.exe
  2⤵
  PID:8872
- C:\Windows\System\EKRmGOC.exe
  C:\Windows\System\EKRmGOC.exe
  2⤵
  PID:9056
- C:\Windows\System\FKVekZD.exe
  C:\Windows\System\FKVekZD.exe
  2⤵
  PID:956
- C:\Windows\System\WzVLZLK.exe
  C:\Windows\System\WzVLZLK.exe
  2⤵
  PID:7916
- C:\Windows\System\aAozaWH.exe
  C:\Windows\System\aAozaWH.exe
  2⤵
  PID:9304
- C:\Windows\System\heHawSm.exe
  C:\Windows\System\heHawSm.exe
  2⤵
  PID:9344
- C:\Windows\System\YNwmzpv.exe
  C:\Windows\System\YNwmzpv.exe
  2⤵
  PID:9372
- C:\Windows\System\XxDTcXi.exe
  C:\Windows\System\XxDTcXi.exe
  2⤵
  PID:9436
- C:\Windows\System\lcrYRiX.exe
  C:\Windows\System\lcrYRiX.exe
  2⤵
  PID:9504
- C:\Windows\System\LbYDIqk.exe
  C:\Windows\System\LbYDIqk.exe
  2⤵
  PID:9544
- C:\Windows\System\skuPGdX.exe
  C:\Windows\System\skuPGdX.exe
  2⤵
  PID:9564
- C:\Windows\System\grFBiVl.exe
  C:\Windows\System\grFBiVl.exe
  2⤵
  PID:9584
- C:\Windows\System\rkMvJAj.exe
  C:\Windows\System\rkMvJAj.exe
  2⤵
  PID:9608
- C:\Windows\System\gUJwsdu.exe
  C:\Windows\System\gUJwsdu.exe
  2⤵
  PID:9628
- C:\Windows\System\BEUFoCg.exe
  C:\Windows\System\BEUFoCg.exe
  2⤵
  PID:9648
- C:\Windows\System\ZtxSMce.exe
  C:\Windows\System\ZtxSMce.exe
  2⤵
  PID:9664
- C:\Windows\System\noBNePE.exe
  C:\Windows\System\noBNePE.exe
  2⤵
  PID:9684
- C:\Windows\System\SkDFBef.exe
  C:\Windows\System\SkDFBef.exe
  2⤵
  PID:9700
- C:\Windows\System\ySRYUZs.exe
  C:\Windows\System\ySRYUZs.exe
  2⤵
  PID:9716
- C:\Windows\System\ahKwQBk.exe
  C:\Windows\System\ahKwQBk.exe
  2⤵
  PID:9732
- C:\Windows\System\YvQRmFq.exe
  C:\Windows\System\YvQRmFq.exe
  2⤵
  PID:9748
- C:\Windows\System\YRfjtHh.exe
  C:\Windows\System\YRfjtHh.exe
  2⤵
  PID:9764
- C:\Windows\System\kyrofYi.exe
  C:\Windows\System\kyrofYi.exe
  2⤵
  PID:9780
- C:\Windows\System\dacNvbo.exe
  C:\Windows\System\dacNvbo.exe
  2⤵
  PID:9796
- C:\Windows\System\EoSyNhs.exe
  C:\Windows\System\EoSyNhs.exe
  2⤵
  PID:9812
- C:\Windows\System\YJprJPR.exe
  C:\Windows\System\YJprJPR.exe
  2⤵
  PID:9828
- C:\Windows\System\bpqgfsl.exe
  C:\Windows\System\bpqgfsl.exe
  2⤵
  PID:9844
- C:\Windows\System\oASGFvR.exe
  C:\Windows\System\oASGFvR.exe
  2⤵
  PID:9908
- C:\Windows\System\pxjPmVZ.exe
  C:\Windows\System\pxjPmVZ.exe
  2⤵
  PID:9932
- C:\Windows\System\HaFTCbY.exe
  C:\Windows\System\HaFTCbY.exe
  2⤵
  PID:9948
- C:\Windows\System\ccqYlYf.exe
  C:\Windows\System\ccqYlYf.exe
  2⤵
  PID:9964
- C:\Windows\System\SbOTpGo.exe
  C:\Windows\System\SbOTpGo.exe
  2⤵
  PID:9980
- C:\Windows\System\cSbVuUI.exe
  C:\Windows\System\cSbVuUI.exe
  2⤵
  PID:9996
- C:\Windows\System\QuIddHo.exe
  C:\Windows\System\QuIddHo.exe
  2⤵
  PID:10012
- C:\Windows\System\KoMOeTA.exe
  C:\Windows\System\KoMOeTA.exe
  2⤵
  PID:10040
- C:\Windows\System\TdpPaiJ.exe
  C:\Windows\System\TdpPaiJ.exe
  2⤵
  PID:10056
- C:\Windows\System\MWiXQXh.exe
  C:\Windows\System\MWiXQXh.exe
  2⤵
  PID:10072
- C:\Windows\System\CIWzMpu.exe
  C:\Windows\System\CIWzMpu.exe
  2⤵
  PID:10088
- C:\Windows\System\lyNDRQP.exe
  C:\Windows\System\lyNDRQP.exe
  2⤵
  PID:10104
- C:\Windows\System\iFHnsJt.exe
  C:\Windows\System\iFHnsJt.exe
  2⤵
  PID:10120
- C:\Windows\System\XdGVAhA.exe
  C:\Windows\System\XdGVAhA.exe
  2⤵
  PID:10140
- C:\Windows\System\HpYJRYS.exe
  C:\Windows\System\HpYJRYS.exe
  2⤵
  PID:10156
- C:\Windows\System\VftxIzi.exe
  C:\Windows\System\VftxIzi.exe
  2⤵
  PID:10172
- C:\Windows\System\lJCtVPZ.exe
  C:\Windows\System\lJCtVPZ.exe
  2⤵
  PID:10192
- C:\Windows\System\wmFJeYU.exe
  C:\Windows\System\wmFJeYU.exe
  2⤵
  PID:10212
- C:\Windows\System\JfxfgaR.exe
  C:\Windows\System\JfxfgaR.exe
  2⤵
  PID:10236
- C:\Windows\System\NyqWQxS.exe
  C:\Windows\System\NyqWQxS.exe
  2⤵
  PID:9220
- C:\Windows\System\DiuGYxf.exe
  C:\Windows\System\DiuGYxf.exe
  2⤵
  PID:9236
- C:\Windows\System\pxwBRoX.exe
  C:\Windows\System\pxwBRoX.exe
  2⤵
  PID:9252
- C:\Windows\System\oWZKshO.exe
  C:\Windows\System\oWZKshO.exe
  2⤵
  PID:9268
- C:\Windows\System\GWCEPdX.exe
  C:\Windows\System\GWCEPdX.exe
  2⤵
  PID:9292
- C:\Windows\System\TeSSnyS.exe
  C:\Windows\System\TeSSnyS.exe
  2⤵
  PID:9320
- C:\Windows\System\OgugygT.exe
  C:\Windows\System\OgugygT.exe
  2⤵
  PID:9404
- C:\Windows\System\DkDTtgx.exe
  C:\Windows\System\DkDTtgx.exe
  2⤵
  PID:9420
- C:\Windows\System\vdFvNxQ.exe
  C:\Windows\System\vdFvNxQ.exe
  2⤵
  PID:9432
- C:\Windows\System\FWkfdqO.exe
  C:\Windows\System\FWkfdqO.exe
  2⤵
  PID:9460
- C:\Windows\System\fPEluST.exe
  C:\Windows\System\fPEluST.exe
  2⤵
  PID:9476
- C:\Windows\System\hKTUiJw.exe
  C:\Windows\System\hKTUiJw.exe
  2⤵
  PID:9492
- C:\Windows\System\SjVlYZv.exe
  C:\Windows\System\SjVlYZv.exe
  2⤵
  PID:9512
- C:\Windows\System\kdiJFEy.exe
  C:\Windows\System\kdiJFEy.exe
  2⤵
  PID:9528
- C:\Windows\System\tJeDzGz.exe
  C:\Windows\System\tJeDzGz.exe
  2⤵
  PID:9556
- C:\Windows\System\cyoBsTZ.exe
  C:\Windows\System\cyoBsTZ.exe
  2⤵
  PID:9576
- C:\Windows\System\CHPtYAX.exe
  C:\Windows\System\CHPtYAX.exe
  2⤵
  PID:9616
- C:\Windows\System\vGWQctY.exe
  C:\Windows\System\vGWQctY.exe
  2⤵
  PID:9636
- C:\Windows\System\PKdafVJ.exe
  C:\Windows\System\PKdafVJ.exe
  2⤵
  PID:9804
- C:\Windows\System\SJCbOPf.exe
  C:\Windows\System\SJCbOPf.exe
  2⤵
  PID:9712
- C:\Windows\System\jjoTWjQ.exe
  C:\Windows\System\jjoTWjQ.exe
  2⤵
  PID:9692
- C:\Windows\System\yBjjXns.exe
  C:\Windows\System\yBjjXns.exe
  2⤵
  PID:9756
- C:\Windows\System\BlnLJXd.exe
  C:\Windows\System\BlnLJXd.exe
  2⤵
  PID:9820
- C:\Windows\System\QFDuoPu.exe
  C:\Windows\System\QFDuoPu.exe
  2⤵
  PID:9852
- C:\Windows\System\bgnYDkU.exe
  C:\Windows\System\bgnYDkU.exe
  2⤵
  PID:9868
- C:\Windows\System\ojccJRa.exe
  C:\Windows\System\ojccJRa.exe
  2⤵
  PID:9888
- C:\Windows\System\GIhLuTp.exe
  C:\Windows\System\GIhLuTp.exe
  2⤵
  PID:9904
- C:\Windows\System\gMmnrNp.exe
  C:\Windows\System\gMmnrNp.exe
  2⤵
  PID:9976
- C:\Windows\System\KUBMOso.exe
  C:\Windows\System\KUBMOso.exe
  2⤵
  PID:9956
- C:\Windows\System\FSiYWwm.exe
  C:\Windows\System\FSiYWwm.exe
  2⤵
  PID:9988
- C:\Windows\System\hHFlBau.exe
  C:\Windows\System\hHFlBau.exe
  2⤵
  PID:10028
- C:\Windows\System\poaMoXX.exe
  C:\Windows\System\poaMoXX.exe
  2⤵
  PID:10096
- C:\Windows\System\WSGcEHh.exe
  C:\Windows\System\WSGcEHh.exe
  2⤵
  PID:8840
- C:\Windows\System\PEAoEEf.exe
  C:\Windows\System\PEAoEEf.exe
  2⤵
  PID:10204
- C:\Windows\System\HLnWLrE.exe
  C:\Windows\System\HLnWLrE.exe
  2⤵
  PID:9324
- C:\Windows\System\auvDetR.exe
  C:\Windows\System\auvDetR.exe
  2⤵
  PID:9288
- C:\Windows\System\khVqCGZ.exe
  C:\Windows\System\khVqCGZ.exe
  2⤵
  PID:9332
- C:\Windows\System\RiTKADT.exe
  C:\Windows\System\RiTKADT.exe
  2⤵
  PID:9340
- C:\Windows\System\OnqUKBJ.exe
  C:\Windows\System\OnqUKBJ.exe
  2⤵
  PID:9368
- C:\Windows\System\ayroILX.exe
  C:\Windows\System\ayroILX.exe
  2⤵
  PID:9384
- C:\Windows\System\RTUYQdM.exe
  C:\Windows\System\RTUYQdM.exe
  2⤵
  PID:9472
- C:\Windows\System\KeSYjJo.exe
  C:\Windows\System\KeSYjJo.exe
  2⤵
  PID:9412
- C:\Windows\System\YOsZAbj.exe
  C:\Windows\System\YOsZAbj.exe
  2⤵
  PID:9488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AWYjJtt.exe

Filesize
6.0MB

MD5
42efaf5b134cd0f7ad3dc278450f27fc

SHA1
ae9652b4004bcc65b1703260506dff72c40180f4

SHA256
329423f895cefe5c2e79189be5ab3e3c2e5798c401a6c185b955587affdcede5

SHA512
39374d11eb3a77e3e42d8fa2d26e3206e32747629a6555001a61ac1e88d58c4e87b39af160278f24d753419fb9600270e57e179cbbb80e82cb50b671b1a8aef3

Download Submit
C:\Windows\system\DchxtGm.exe

Filesize
6.0MB

MD5
37a5007330d278c9b38e2330e818e587

SHA1
28fc13341f239884d838fa3a2730313af2471681

SHA256
617720899f93be238fd0c792b03e4972c9856d6e1143eaec1f89ff91853d024e

SHA512
f67298c25fd615ea50d4b2e4686bd1a822319ad5278a641dde38e381d3b8005e9946debdc8bf36710f03958b765f69980ae4f5fed5322c20d9f48182c490277b

Download Submit
C:\Windows\system\EijWYlu.exe

Filesize
6.0MB

MD5
5ee8aec60165726b9dea8cff2e1a2227

SHA1
c3dda697c1ee5f40645a4d10c967cc948059c299

SHA256
6517a5fb836e091773b6180dcff0b0b77f94e183d65e83e5339c0d95e244e59c

SHA512
f7d5df8850237a5daa5f5c79cc8f6b5f79e946d7d14f771862f98072d70de6dab8ca40d22abd189f2e715b1a182f8293d1be836e0cc66f1d16b09f02f7134bb1

Download Submit
C:\Windows\system\GLeNsHj.exe

Filesize
6.0MB

MD5
031fca2bb3ade76eba5991543785bb4b

SHA1
df9996a7a562a573f48356ecfe37ff508f96c422

SHA256
eb03271017ba8dcd7c5d957927df95a92f2fdb0f40e970d11d2765aa7495adcb

SHA512
4156ca1cd0b45528e9c3cb9a76d4f9d20d90b1694c469fabb2cae08a0572c500a4f6212129f105734e4fb2d298b23fdd5338158bca8ca1e4f90da80d0a5cb166

Download Submit
C:\Windows\system\GrfqpjI.exe

Filesize
6.0MB

MD5
827dc36565148bdd14202338683f49af

SHA1
cfacfe83b893e0a5351b9c1a7901ff29f5a4abef

SHA256
b6a4101efd15b29ca6618ffd69339cd6cf7da066764ddab0e9699f700d5e0356

SHA512
847963ae606a794a935d9634b24878ed192e16790664227693bc06d272e8e902c143441eece177e292976a7f71fb11d893266f59dfa848ca2a04cee6def4355c

Download Submit
C:\Windows\system\GvWjThD.exe

Filesize
6.0MB

MD5
fa5a29c7ae50cd3341e41226e6c990f0

SHA1
3809a6918d5adf872422ee78dc3575a765f547e5

SHA256
104f971fdab96db53decbbd221acbcf2fa0d38c7166a38ec3f92f03b89ef6146

SHA512
7b198badaa137001cdd5253826cdc95636b422e8e49053f722573c409cc2718d4f7aae90561f034e936a6058e291ebe5a20b198a0262b206d7d56b36fa97822e

Download Submit
C:\Windows\system\HJRlaiP.exe

Filesize
6.0MB

MD5
847efd2c79fd8d45a52eda3593ab5c93

SHA1
6f85b19f0cee7e1aba88d0b21756178ee6de6c1d

SHA256
cdf3df1021a51d03a26ccf0f2342a4738869c075042fe17338b745312a6f81f0

SHA512
b47a51323de442bb203a3a10c1fcf2fa5a86225080149f7d98949f2fa5ac943d2ed1d4c048dcc21de868054b23a95b3c30c52ae016abda92089754986ffffdc0

Download Submit
C:\Windows\system\HZyWqHl.exe

Filesize
6.0MB

MD5
f528364cccf404c0178215ce0d71c5dd

SHA1
e73e16edd86b1a460de036390d58d3732d1ccc70

SHA256
71ab6c9b79177bdea6b2fac57d534e50138ceb5fc38b7ee41d50066c4c993277

SHA512
0a50671827c725c4f8ab9edcb7e4ee198b2b8f438434cebfba1ddd157e05e3a66a2bb810030e41194d4f1f8aaec2386e34b959e9cd096294e13990df62922f29

Download Submit
C:\Windows\system\HyXkzYv.exe

Filesize
6.0MB

MD5
88fa33f7309b9c7a1db5dd34bd1d4724

SHA1
fb4fff66742732a09205b215049424bd183b743e

SHA256
723ac931c0f8bd141edb903db5419a4e2b7b2963a6934bc1b9a3556370512e52

SHA512
bd41e6422cb2a5410c71ce3463334eacf380f043ec8ebb8ac83676cd848588760553ddfb5dc95f3920ad7a5f5f9b7407e26686a9bf87c38829e6ed38419b1a9c

Download Submit
C:\Windows\system\IcjiAzi.exe

Filesize
6.0MB

MD5
9db86f686c09d88de587afd4bb2631c5

SHA1
04a7d0a25403dee2d22b299863e1162ad2b6d5d8

SHA256
890eeb20ffc4c9a546eccf045218dc8fa94cd7d3bdc8a49d4c5486527987710c

SHA512
ac4ffe934526b423c8ff00c12d8534997b55381f945ea3274bc0edcb028b1a7c3249477972b63e1ae3cccdace811e3324c3b7d16256b1a48644dd24a545ef7f9

Download Submit
C:\Windows\system\KkZfXrk.exe

Filesize
6.0MB

MD5
70f3e88a1642e3ff17a302f1f6667d40

SHA1
c792ea5a3e5a5dd206096db80cf26dbc935f7fc2

SHA256
ea3e9fd718bc07c51453f0da0a6e8e2e76e4bb2b91dfd2af8e37616f69fe0659

SHA512
32445876de967b452db1c7a128028c199a813216b7498b2e7eac38399367d689da398fb049146de60da2d40845b6dd67e2ef0a11b6400dad435aa001ffa2622f

Download Submit
C:\Windows\system\NLJaNul.exe

Filesize
6.0MB

MD5
564b97ab820ba8df8113afa0d9781a48

SHA1
2625cf5697f0aa3d700cfe0c648dc3d05a52eccc

SHA256
947fa9ed8af25fc6d7e92ba9f1251d1a2c107cb70a51822d37f7b5b4ffd77c0a

SHA512
2b93f369c34d09ce2cd18003c0d213a4807a1e49e376b15419aebb7bec6aec38a79e0fdc4d8a12b71616d921a8883e970efaaa5fff1554a9abb7b5d211b0f968

Download Submit
C:\Windows\system\NcPjzvJ.exe

Filesize
6.0MB

MD5
3742656c9e6346f1c4f549fee6c30395

SHA1
db20ba6f9d2ceb50810d9436710e5d9cecac0614

SHA256
3f5b24f12d3322496f1fffc1e0f0a53960bd4c703e7282e418a2294ac3317239

SHA512
748961b518abf39611bb6296160101e44569aa727f3ed6e0b7dfed1f3ef99fc1f19cca0393183c252d4f319971b90dbcfc998dad4a0fbe0a5236d4538467f754

Download Submit
C:\Windows\system\RtvNyll.exe

Filesize
6.0MB

MD5
f15702d5a2b4572cb44c464a183d1305

SHA1
3fff906e9cdd897cdf2c09a7fb2f059ed24778bd

SHA256
50306ac38e50e560c84df4588ae164fd55b6ae4814c503f11da7126e7624af62

SHA512
eb4ea03b558da437a8c0f7a9a1c82410174b901539638f80c7fab174ad7ce05bea26286a6ba4284e4d1f8e59666c4da915a3459914b364c37038e683c2d198ad

Download Submit
C:\Windows\system\VfZmKdc.exe

Filesize
6.0MB

MD5
05c58802e8bd56f80bd9249fd5ddd58a

SHA1
5618bb0ba620d02d175e966d770299c449c95a5d

SHA256
04846cb79ce86a04453b0a5a3051c55df69240251173662633731d2f4b9bd601

SHA512
acd504d90891262731d4c0eda22c4e884c84afc7c4d0d2bf2e0bae224bd14442b7001ba6cc8c0288511b3f77b3e9b9f690635eb2bbdd1b551c825dd99173a333

Download Submit
C:\Windows\system\ZzIZvyn.exe

Filesize
6.0MB

MD5
ec577e35acbd8349e4c8759c19299d8a

SHA1
c02f0b60f1f4461f94923d619a4f9c807b8c721a

SHA256
fee715afd5f005c927de9e2446ef3ca6242f8d553ab6293fada457a838ad68fd

SHA512
d5642c2a3454547fded3508ce0aaec40ef4a8ea9d4065caa97e9c321837ad1ed8202b244af72b365b509b21731344c67fa9a975dd6d55c42b9bf85236533c408

Download Submit
C:\Windows\system\dAeuKzG.exe

Filesize
6.0MB

MD5
551c094df5b2fbbf4983d4cbd17e95c6

SHA1
8322d204b514e83253244be8966ce5ce7abb7f99

SHA256
6136e4a0e67aca22848555173d0229d8bef46ce310b6b24ced319cd53321b4dd

SHA512
148c7b1b43b5bf7aeb195013f43dfbbaad3f501b6c694eb6711ee16bb41b79bb702942d96f861821def9e061bca929565da9610f0c027602741467bba678a734

Download Submit
C:\Windows\system\fOmvrFA.exe

Filesize
6.0MB

MD5
54e605c68837ba1df0a51c43dc49f93c

SHA1
9b8ba686620bb5fb5a86549a893ccd0ee51da915

SHA256
f1a87ec37085bed7780700a8a36bd7d25352041058fb4d35f980894530709d18

SHA512
6dc021854e36a42aa12522e7bcbf14004a933d5c7c9eb2720a559c3ee6cca5e1beecfbde9a6eadee32d0f408e6337a51fcc7d2b6f6a70fe5df0cc62c2403bebc

Download Submit
C:\Windows\system\gWFCzXZ.exe

Filesize
6.0MB

MD5
87fb3e8d270989bcf16f12bb57ab2638

SHA1
af2b860720f711ca7fb4a3d7205e03f80adf7d89

SHA256
1047dea44336bb85845f9430033b6f2a688b0297a31e9252ac3766861d713718

SHA512
5a17328915d1872d6a35b9ea9815ef6c61ef3ec010b5fbbb827192af318169e0b874ff2a6c2dced9ecb4093937e51a0d16ab7df85cc2143cc79635c87b7558ba

Download Submit
C:\Windows\system\hrpHivy.exe

Filesize
6.0MB

MD5
679a2eeff692d8a87c22d97145f299a5

SHA1
9fc457a131315330ba09ae1dfaed9fd378c7ddf6

SHA256
d6770487ea559a064b1e905c2c3eab243e363b93d14c420d811cae3b934f69a2

SHA512
9ba01f02498bef8d464c197068369c82ddfbf43b6763254eeafc4b150e48a67d9a5674a5fefd5a9fb8838a3b44c103abedb1c78b9ea2462ad970b116dff9de03

Download Submit
C:\Windows\system\ktLCUcT.exe

Filesize
6.0MB

MD5
6605997c0b924bdaaf38a24a99331bb6

SHA1
d1e40a75fcf4a1b978da3b0256faba45c995a875

SHA256
a25c36270c44742b0ee567974df243567bf41926705bde75388d56f8447845fc

SHA512
3de83aa4d8bf398d69ed0b252a57c952d391f4a4f7031acd2ee813c2a8437395f512f796fb93069931c31e545dd2fcf4c4df6c5f87938a01a186ecc901861523

Download Submit
C:\Windows\system\mUhnJBz.exe

Filesize
6.0MB

MD5
3c2d39d9434c760e44d37fc35ca67f5a

SHA1
72398a2d6ab7a88f7c6575b482bec4c6eafa6965

SHA256
859981f77e63d2d52d6475f18d732f93b158fd97c736dd91f30431dfd03cff3c

SHA512
b3ed62e1a73fade3532e5b3890cdfb8e1064facd7cfc9ed9bb69dad8422293c25e7b65a847d880153772bfeea82d87f050d559a09b7d197b76ea800cab47555f

Download Submit
C:\Windows\system\omWINAt.exe

Filesize
6.0MB

MD5
4876972d491cd7b2edf0302ea069445c

SHA1
4f624d95f2e5874925b691df499f37781b905da6

SHA256
69d54245d6f7770423fc16110eaa2f8ae8eb94eb7e6b79679a68faf3e71d42d0

SHA512
8fce117955d23c61da276544e92e64257043388821c9dc288206e5f12786efbfba6982305b1f54095ace3c76d3d7bbce20dd2f0ec93b1b036b179158ad53ef90

Download Submit
C:\Windows\system\pKyGkyG.exe

Filesize
6.0MB

MD5
dabd202949494953f3020fa33a19d13e

SHA1
fd898136351343f16bc67f60fd647c00f8424bb8

SHA256
c3d4c6427482e55791a6164aa964edb7e5e64c13a90bf3ed9f9781d2af32a72f

SHA512
33ef8f7b49966ddc777396e39706dcbf6345c02d5f845a641028e1d32d0dd7f62d5fa831b05fad23f4017a0a2b49ec3a72217cd3846f7ec09553d0a9192ac603

Download Submit
C:\Windows\system\sJKByAy.exe

Filesize
6.0MB

MD5
9e7aca030cc13d6c1d37f86f6d2b7702

SHA1
9fa511682b01e097490e6e78757dc0a9edca458c

SHA256
5ee5950e3b99ef6ae68f2d422f20b3a2e723853481d9ec0e4e36513855dfad07

SHA512
e8207dd21a81f8e47f75296b9f6346674ae352e7f22287ea5f66cce90f27f9e9b09c9d839de26518d0d5909ec798cdaacfeaf4d5819a84450af64585cd9d2ee1

Download Submit
C:\Windows\system\tMzLaZD.exe

Filesize
6.0MB

MD5
d7db293447dc74f640546874dc89408f

SHA1
588d5421b67dad1e38d5f96eaf8d184b0af696dc

SHA256
704d9c5cd07f43c58180f1ca5da16047802d328907f9862ece7dda0d9cb13a4b

SHA512
db41e01caadf1a0c9586fe70e9e0969b7289ab0c4c1690415e48d8b8c302fffb66c59a3f8503fa6ee112cac5cd2606f1ac71b8611e2a65324e0fe3a15bb336db

Download Submit
C:\Windows\system\ugdydZP.exe

Filesize
6.0MB

MD5
f3425f7c39039e5bae3b85c965ef0644

SHA1
100d3b8abfcf40895fbdb186e8c5f31fc2344795

SHA256
7e441c13f5f8aab523e990ed05f6afaf8ee35d1d516190c65c0f96f4e84f38b4

SHA512
bf08f6a47d939840a32bff67fdbc4c9129365eb8a50df59ca6406a4e25c299e048fd0d13ac40b2e542fddcab2eed622bdfff94c48743d2861ce62cc4603c1044

Download Submit
C:\Windows\system\wHjVAGG.exe

Filesize
6.0MB

MD5
271938b4a7d641d443674afe7b81b8f1

SHA1
6b7971e4b13ed2793166b27cab5f34f4b5e80a57

SHA256
19db5f7916a6ab6e1ce63c8eb70e1c0de144a951b046be0d44d479b660468d77

SHA512
f03c8b3d376fcae0b2ddaa160db15c0096acf04baf025e129603d075ecbe2bf5239f089e7a1f1f4018ea08a98c46ffb069e994d2ba1fd7e2ab868ff21ad33310

Download Submit
C:\Windows\system\wtjxJFf.exe

Filesize
6.0MB

MD5
6b318e196560de8eb13f09731f035802

SHA1
557112698d436a3c780ae1db42f3f8d0b8dcb679

SHA256
0584db0e48aa5b8aec7fde888a98c22daebea307624bd4930b9b9b4f63352cbc

SHA512
69940dd41fe98afcbdf24efcd1b930bf6a31957f73bd1498aff53f3cc8dbb573fd47aa24f6b8d4ddce67b115b78d2a8453c5159d37bc8a0acd0c18f88b1d9d39

Download Submit
C:\Windows\system\xMdvFpZ.exe

Filesize
6.0MB

MD5
6b9cb3722f43342ab11d7a1e17d851f9

SHA1
fab2a7ec68b54bce093f29609b9e4eb067606fa8

SHA256
2f2070e474f2a442d1497305c25c5d6b3e08783dd394c5a18210c590e83ea5b9

SHA512
e67128f6c39bb9d0c2b5a645b5dc71afb5c08466ae299ffcf5a759e45f15980b24f7587756592475ae1886f4905111be5ca03206933829591bdd85389d5fef53

Download Submit
\Windows\system\ZHrpBCo.exe

Filesize
6.0MB

MD5
1f91354d7d118d08546dfaefd5018a20

SHA1
cb07687e36a6be1fd90f4eacc62896688233078b

SHA256
15e20a6d9a486ed1820fc3d58d2fdc9bbc2887765e5f10dd3b551d87fb240692

SHA512
7b8967a0f3adb5b08aac34410f748bbed1360339818cd0f99477772b40e999b6c96e6c35b340b9f357da0a0711d22bbf9375e74038b73e0b7cc49b1cfb9669a5

Download Submit
\Windows\system\gcyklXC.exe

Filesize
6.0MB

MD5
9db0af3a6356e85fe0edd598f21ffea6

SHA1
f5d0dafaad3670d31b148f6a8772fff3be6ea1ac

SHA256
d809c69ead39f61b720823776559727a7f777935adc5b2d10058c940d5451dcd

SHA512
1ca3a4cbbb25042264c7a9887d26f08b70de603ef1a0c99d5fa9bc06d9ebb6bf47f1802ec01a7c4be3229b92f00186943fa0bc0fd4f6ac085d1ddbbfce8e41d3

Download Submit
memory/1056-97-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1056-3950-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1416-108-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1416-3957-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1680-3946-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-94-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-89-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2068-3952-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2376-93-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-88-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2376-111-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-0-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2376-103-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2376-74-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2376-58-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2376-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2376-51-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2376-90-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2376-467-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2376-107-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2376-49-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2376-1108-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2376-17-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-23-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2376-57-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-66-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2376-40-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-26-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2376-556-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2376-27-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2376-35-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2556-50-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2556-3948-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3953-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2672-59-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2684-29-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2684-68-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3956-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2696-25-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3947-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-24-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3945-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3954-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2764-60-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2764-19-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2768-41-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-84-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3949-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-3955-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-75-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-36-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2948-4051-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/3064-67-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/3064-3951-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download