cobaltstrike | a47badbfab2fde2b05829292674d3021e0ae75d767f29b5deb4058d0debe73da

Analysis

max time kernel
148s
max time network
128s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

5b998083427a0075153a4caa387c4ea3
SHA1

6192ec5807a1a021df5ab3228b3cafc7fb232c7f
SHA256

a47badbfab2fde2b05829292674d3021e0ae75d767f29b5deb4058d0debe73da
SHA512

f2ca7a1afa0de8e796e9a9902e32ebdd870937823b745c65037653b27f107073977dc4f9c6536f946f2a8dac333022397740a94798a126433104808fdcb95bd3
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUa:eOl56utgpPF8u/7a

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x000a000000012262-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c23-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cab-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd8-26.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ce0-29.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ce9-33.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-37.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-42.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-189.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-181.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-159.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-174.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-163.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-131.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-79.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-58.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-55.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ace-49.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-70.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ccc-21.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/524-0-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x000a000000012262-6.dat	xmrig
behavioral1/files/0x0009000000016c23-8.dat	xmrig
behavioral1/files/0x0007000000016cab-12.dat	xmrig
behavioral1/files/0x0007000000016cd8-26.dat	xmrig
behavioral1/files/0x0008000000016ce0-29.dat	xmrig
behavioral1/files/0x0008000000016ce9-33.dat	xmrig
behavioral1/files/0x00050000000194a3-37.dat	xmrig
behavioral1/files/0x00050000000194eb-42.dat	xmrig
behavioral1/files/0x000500000001957c-90.dat	xmrig
behavioral1/memory/2692-105-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ab-118.dat	xmrig
behavioral1/files/0x00050000000195b5-143.dat	xmrig
behavioral1/files/0x00050000000195c6-182.dat	xmrig
behavioral1/files/0x000500000001960c-185.dat	xmrig
behavioral1/files/0x0005000000019643-189.dat	xmrig
behavioral1/files/0x00050000000195c7-181.dat	xmrig
behavioral1/files/0x00050000000195c3-168.dat	xmrig
behavioral1/memory/524-250-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195bd-159.dat	xmrig
behavioral1/files/0x00050000000195c5-174.dat	xmrig
behavioral1/files/0x00050000000195b7-149.dat	xmrig
behavioral1/files/0x00050000000195b3-146.dat	xmrig
behavioral1/files/0x00050000000195c1-163.dat	xmrig
behavioral1/files/0x00050000000195bb-153.dat	xmrig
behavioral1/files/0x00050000000195af-136.dat	xmrig
behavioral1/files/0x00050000000195ad-126.dat	xmrig
behavioral1/files/0x00050000000195b1-131.dat	xmrig
behavioral1/files/0x00050000000195a9-114.dat	xmrig
behavioral1/files/0x00050000000195a7-109.dat	xmrig
behavioral1/memory/524-88-0x0000000002220000-0x0000000002574000-memory.dmp	xmrig
behavioral1/memory/2556-87-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2324-86-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2636-85-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2780-83-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/524-82-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x0005000000019547-79.dat	xmrig
behavioral1/memory/2728-65-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/524-64-0x0000000002220000-0x0000000002574000-memory.dmp	xmrig
behavioral1/memory/2388-63-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/1620-61-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ef-58.dat	xmrig
behavioral1/files/0x000500000001950f-55.dat	xmrig
behavioral1/files/0x0009000000016ace-49.dat	xmrig
behavioral1/memory/2804-104-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2932-103-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/1192-78-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2764-76-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2936-74-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/524-73-0x0000000002220000-0x0000000002574000-memory.dmp	xmrig
behavioral1/memory/2872-71-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019515-70.dat	xmrig
behavioral1/files/0x0007000000016ccc-21.dat	xmrig
behavioral1/memory/2556-1856-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2692-1868-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2764-1867-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2932-1866-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2780-1865-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/1192-1864-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2636-1863-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2936-1862-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2324-1861-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2728-1860-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2804-1859-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

pwCoxQq.exewRQSrDr.exeYBUmTdB.exelNychgt.exeMZIlCMk.exenbsIVAn.exeGVdLstb.exenDflGGJ.exeTgokLHD.exeXUSOxIy.exeaRnWlWQ.exeugoOQEb.exeemjwoBK.exejQZaFXX.exelqJjGON.exeDKxPLGv.exeCuKImlb.exeICPGPAA.exeMTaMLzt.exejUPnMQz.exeoTWvVVa.exeJhcJpyi.exeAdsspTT.exetcjmPyg.exebRqFWRg.exegZMSSNT.exedMmCIxv.exeXNOyHLM.exePZXIzwh.exeGZtTGgF.execGQRDAH.exelWYjpyU.exeFXAHewP.exeGaNksxn.exevaubott.exeoWvCHxN.exeffmQNkl.exeJgkiSMH.exeIhsVrao.exeShMjvdk.exeuhCfIAg.exeLcCAHii.exeeUPahHu.exeEgbyTrb.exezCQlwju.exeqcZSciR.exeYTgXLkA.exesQfHSmc.exeqixmLKZ.exeEtrwGec.exemKlPfwZ.exekcMAauP.exevLlNGwG.exenZQJQuk.exePSPLfVv.exeRpEsTcm.exeJVYXrdU.exeiJQYHLc.exeYQJHOPC.exeKVFjJvO.exerXHkpmn.exeeJBxYuT.exexLORTdD.exeEAXzSWM.exe

pid	Process
2556	pwCoxQq.exe
1620	wRQSrDr.exe
2388	YBUmTdB.exe
2728	lNychgt.exe
2872	MZIlCMk.exe
2936	nbsIVAn.exe
2764	GVdLstb.exe
1192	nDflGGJ.exe
2780	TgokLHD.exe
2636	XUSOxIy.exe
2324	aRnWlWQ.exe
2932	ugoOQEb.exe
2804	emjwoBK.exe
2692	jQZaFXX.exe
2844	lqJjGON.exe
1980	DKxPLGv.exe
2516	CuKImlb.exe
2980	ICPGPAA.exe
1884	MTaMLzt.exe
1888	jUPnMQz.exe
924	oTWvVVa.exe
2988	JhcJpyi.exe
2660	AdsspTT.exe
2168	tcjmPyg.exe
1332	bRqFWRg.exe
2096	gZMSSNT.exe
1180	dMmCIxv.exe
1520	XNOyHLM.exe
3060	PZXIzwh.exe
620	GZtTGgF.exe
276	cGQRDAH.exe
2424	lWYjpyU.exe
1748	FXAHewP.exe
1612	GaNksxn.exe
1772	vaubott.exe
2592	oWvCHxN.exe
1788	ffmQNkl.exe
1472	JgkiSMH.exe
572	IhsVrao.exe
1212	ShMjvdk.exe
1412	uhCfIAg.exe
1232	LcCAHii.exe
2960	eUPahHu.exe
1976	EgbyTrb.exe
2180	zCQlwju.exe
2428	qcZSciR.exe
1012	YTgXLkA.exe
2704	sQfHSmc.exe
872	qixmLKZ.exe
2188	EtrwGec.exe
2112	mKlPfwZ.exe
1604	kcMAauP.exe
2536	vLlNGwG.exe
868	nZQJQuk.exe
2892	PSPLfVv.exe
3044	RpEsTcm.exe
3024	JVYXrdU.exe
2668	iJQYHLc.exe
2080	YQJHOPC.exe
2632	KVFjJvO.exe
2916	rXHkpmn.exe
2836	eJBxYuT.exe
800	xLORTdD.exe
2100	EAXzSWM.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/524-0-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x000a000000012262-6.dat	upx
behavioral1/files/0x0009000000016c23-8.dat	upx
behavioral1/files/0x0007000000016cab-12.dat	upx
behavioral1/files/0x0007000000016cd8-26.dat	upx
behavioral1/files/0x0008000000016ce0-29.dat	upx
behavioral1/files/0x0008000000016ce9-33.dat	upx
behavioral1/files/0x00050000000194a3-37.dat	upx
behavioral1/files/0x00050000000194eb-42.dat	upx
behavioral1/files/0x000500000001957c-90.dat	upx
behavioral1/memory/2692-105-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x00050000000195ab-118.dat	upx
behavioral1/files/0x00050000000195b5-143.dat	upx
behavioral1/files/0x00050000000195c6-182.dat	upx
behavioral1/files/0x000500000001960c-185.dat	upx
behavioral1/files/0x0005000000019643-189.dat	upx
behavioral1/files/0x00050000000195c7-181.dat	upx
behavioral1/files/0x00050000000195c3-168.dat	upx
behavioral1/memory/524-250-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x00050000000195bd-159.dat	upx
behavioral1/files/0x00050000000195c5-174.dat	upx
behavioral1/files/0x00050000000195b7-149.dat	upx
behavioral1/files/0x00050000000195b3-146.dat	upx
behavioral1/files/0x00050000000195c1-163.dat	upx
behavioral1/files/0x00050000000195bb-153.dat	upx
behavioral1/files/0x00050000000195af-136.dat	upx
behavioral1/files/0x00050000000195ad-126.dat	upx
behavioral1/files/0x00050000000195b1-131.dat	upx
behavioral1/files/0x00050000000195a9-114.dat	upx
behavioral1/files/0x00050000000195a7-109.dat	upx
behavioral1/memory/2556-87-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2324-86-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2636-85-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2780-83-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x0005000000019547-79.dat	upx
behavioral1/memory/2728-65-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2388-63-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/1620-61-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x00050000000194ef-58.dat	upx
behavioral1/files/0x000500000001950f-55.dat	upx
behavioral1/files/0x0009000000016ace-49.dat	upx
behavioral1/memory/2804-104-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2932-103-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/1192-78-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2764-76-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2936-74-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2872-71-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x0005000000019515-70.dat	upx
behavioral1/files/0x0007000000016ccc-21.dat	upx
behavioral1/memory/2556-1856-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2692-1868-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2764-1867-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2932-1866-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2780-1865-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/1192-1864-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2636-1863-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2936-1862-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2324-1861-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2728-1860-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2804-1859-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/1620-1858-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2872-1871-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2388-1857-0x000000013F210000-0x000000013F564000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\JQlEDVD.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ItJqotP.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PeRQkkK.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dQxSydM.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LOnMEZe.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rnCEErJ.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DRzugCM.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ltHAjrZ.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fyDHQmD.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sQfHSmc.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TUwxPGS.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IveOygI.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cErhHpX.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pmuNVXf.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CJIXgzE.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\txLGkPh.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDWKmUy.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ilPbEak.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cGQRDAH.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EbpwhBQ.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HMMTBuv.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bGbocCd.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hALvgZY.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\geoQNEN.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lOPFueX.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPjekWY.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SIBwSTz.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ceuxFQN.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaeTWUP.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RvDZQBr.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nGxAOHa.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMWKVIo.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KeDyfEM.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RWtrWow.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxrOEBT.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rYIGTKv.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YwtYfAg.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cyXanhG.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rNKVOAQ.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHZIOfK.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nhrzkDi.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTgXLkA.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zZNnDDR.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ncdgVQK.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tWsHpYg.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZkNkiX.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AyQemXq.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lPyDDgO.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HeMIoQk.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qaHzMaP.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tFLmSdn.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QpxhlrX.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DFOMNPt.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vRKiFYj.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YRFkfKd.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vGvYVkI.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xAcDapH.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CjelESN.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KuLKggt.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pLuFAmz.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bYsAYuY.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bdoTdbM.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OiARRog.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XJMvmWB.exe	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 524 wrote to memory of 2556	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 524 wrote to memory of 2556	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 524 wrote to memory of 2556	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 524 wrote to memory of 1620	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 524 wrote to memory of 1620	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 524 wrote to memory of 1620	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 524 wrote to memory of 2388	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 524 wrote to memory of 2388	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 524 wrote to memory of 2388	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 524 wrote to memory of 2728	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 524 wrote to memory of 2728	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 524 wrote to memory of 2728	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 524 wrote to memory of 2872	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 524 wrote to memory of 2872	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 524 wrote to memory of 2872	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 524 wrote to memory of 2936	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 524 wrote to memory of 2936	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 524 wrote to memory of 2936	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 524 wrote to memory of 2764	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 524 wrote to memory of 2764	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 524 wrote to memory of 2764	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 524 wrote to memory of 1192	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 524 wrote to memory of 1192	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 524 wrote to memory of 1192	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 524 wrote to memory of 2780	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 524 wrote to memory of 2780	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 524 wrote to memory of 2780	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 524 wrote to memory of 2932	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 524 wrote to memory of 2932	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 524 wrote to memory of 2932	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 524 wrote to memory of 2636	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 524 wrote to memory of 2636	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 524 wrote to memory of 2636	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 524 wrote to memory of 2692	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 524 wrote to memory of 2692	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 524 wrote to memory of 2692	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 524 wrote to memory of 2324	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 524 wrote to memory of 2324	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 524 wrote to memory of 2324	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 524 wrote to memory of 2844	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 524 wrote to memory of 2844	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 524 wrote to memory of 2844	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 524 wrote to memory of 2804	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 524 wrote to memory of 2804	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 524 wrote to memory of 2804	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 524 wrote to memory of 1980	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 524 wrote to memory of 1980	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 524 wrote to memory of 1980	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 524 wrote to memory of 2516	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 524 wrote to memory of 2516	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 524 wrote to memory of 2516	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 524 wrote to memory of 2980	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 524 wrote to memory of 2980	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 524 wrote to memory of 2980	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 524 wrote to memory of 1884	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 524 wrote to memory of 1884	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 524 wrote to memory of 1884	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 524 wrote to memory of 924	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 524 wrote to memory of 924	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 524 wrote to memory of 924	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 524 wrote to memory of 1888	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 524 wrote to memory of 1888	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 524 wrote to memory of 1888	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 524 wrote to memory of 2660	524	2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-25_5b998083427a0075153a4caa387c4ea3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:524
- C:\Windows\System\pwCoxQq.exe
  C:\Windows\System\pwCoxQq.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\wRQSrDr.exe
  C:\Windows\System\wRQSrDr.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\YBUmTdB.exe
  C:\Windows\System\YBUmTdB.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\lNychgt.exe
  C:\Windows\System\lNychgt.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\MZIlCMk.exe
  C:\Windows\System\MZIlCMk.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\nbsIVAn.exe
  C:\Windows\System\nbsIVAn.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\GVdLstb.exe
  C:\Windows\System\GVdLstb.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\nDflGGJ.exe
  C:\Windows\System\nDflGGJ.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\TgokLHD.exe
  C:\Windows\System\TgokLHD.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\ugoOQEb.exe
  C:\Windows\System\ugoOQEb.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\XUSOxIy.exe
  C:\Windows\System\XUSOxIy.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\jQZaFXX.exe
  C:\Windows\System\jQZaFXX.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\aRnWlWQ.exe
  C:\Windows\System\aRnWlWQ.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\lqJjGON.exe
  C:\Windows\System\lqJjGON.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\emjwoBK.exe
  C:\Windows\System\emjwoBK.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\DKxPLGv.exe
  C:\Windows\System\DKxPLGv.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\CuKImlb.exe
  C:\Windows\System\CuKImlb.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\ICPGPAA.exe
  C:\Windows\System\ICPGPAA.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\MTaMLzt.exe
  C:\Windows\System\MTaMLzt.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\oTWvVVa.exe
  C:\Windows\System\oTWvVVa.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\jUPnMQz.exe
  C:\Windows\System\jUPnMQz.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\AdsspTT.exe
  C:\Windows\System\AdsspTT.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\JhcJpyi.exe
  C:\Windows\System\JhcJpyi.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\tcjmPyg.exe
  C:\Windows\System\tcjmPyg.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\bRqFWRg.exe
  C:\Windows\System\bRqFWRg.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\gZMSSNT.exe
  C:\Windows\System\gZMSSNT.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\dMmCIxv.exe
  C:\Windows\System\dMmCIxv.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\XNOyHLM.exe
  C:\Windows\System\XNOyHLM.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\PZXIzwh.exe
  C:\Windows\System\PZXIzwh.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\cGQRDAH.exe
  C:\Windows\System\cGQRDAH.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\GZtTGgF.exe
  C:\Windows\System\GZtTGgF.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\GaNksxn.exe
  C:\Windows\System\GaNksxn.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\lWYjpyU.exe
  C:\Windows\System\lWYjpyU.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\vaubott.exe
  C:\Windows\System\vaubott.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\FXAHewP.exe
  C:\Windows\System\FXAHewP.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\oWvCHxN.exe
  C:\Windows\System\oWvCHxN.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\ffmQNkl.exe
  C:\Windows\System\ffmQNkl.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\JgkiSMH.exe
  C:\Windows\System\JgkiSMH.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\IhsVrao.exe
  C:\Windows\System\IhsVrao.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\ShMjvdk.exe
  C:\Windows\System\ShMjvdk.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\uhCfIAg.exe
  C:\Windows\System\uhCfIAg.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\LcCAHii.exe
  C:\Windows\System\LcCAHii.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\eUPahHu.exe
  C:\Windows\System\eUPahHu.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\EgbyTrb.exe
  C:\Windows\System\EgbyTrb.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\zCQlwju.exe
  C:\Windows\System\zCQlwju.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\qcZSciR.exe
  C:\Windows\System\qcZSciR.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\YTgXLkA.exe
  C:\Windows\System\YTgXLkA.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\sQfHSmc.exe
  C:\Windows\System\sQfHSmc.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\qixmLKZ.exe
  C:\Windows\System\qixmLKZ.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\mKlPfwZ.exe
  C:\Windows\System\mKlPfwZ.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\EtrwGec.exe
  C:\Windows\System\EtrwGec.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\kcMAauP.exe
  C:\Windows\System\kcMAauP.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\vLlNGwG.exe
  C:\Windows\System\vLlNGwG.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\nZQJQuk.exe
  C:\Windows\System\nZQJQuk.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\PSPLfVv.exe
  C:\Windows\System\PSPLfVv.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\RpEsTcm.exe
  C:\Windows\System\RpEsTcm.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\JVYXrdU.exe
  C:\Windows\System\JVYXrdU.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\iJQYHLc.exe
  C:\Windows\System\iJQYHLc.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\YQJHOPC.exe
  C:\Windows\System\YQJHOPC.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\rXHkpmn.exe
  C:\Windows\System\rXHkpmn.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\KVFjJvO.exe
  C:\Windows\System\KVFjJvO.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\eJBxYuT.exe
  C:\Windows\System\eJBxYuT.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\xLORTdD.exe
  C:\Windows\System\xLORTdD.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\EAXzSWM.exe
  C:\Windows\System\EAXzSWM.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\zOlwhWe.exe
  C:\Windows\System\zOlwhWe.exe
  2⤵
  PID:1044
- C:\Windows\System\EathANm.exe
  C:\Windows\System\EathANm.exe
  2⤵
  PID:2056
- C:\Windows\System\kQgXIlp.exe
  C:\Windows\System\kQgXIlp.exe
  2⤵
  PID:1068
- C:\Windows\System\JhemVdK.exe
  C:\Windows\System\JhemVdK.exe
  2⤵
  PID:2344
- C:\Windows\System\ljhxzGZ.exe
  C:\Windows\System\ljhxzGZ.exe
  2⤵
  PID:2392
- C:\Windows\System\iITVcbA.exe
  C:\Windows\System\iITVcbA.exe
  2⤵
  PID:1632
- C:\Windows\System\quUXOGg.exe
  C:\Windows\System\quUXOGg.exe
  2⤵
  PID:688
- C:\Windows\System\rbUklVM.exe
  C:\Windows\System\rbUklVM.exe
  2⤵
  PID:1744
- C:\Windows\System\YwtYfAg.exe
  C:\Windows\System\YwtYfAg.exe
  2⤵
  PID:648
- C:\Windows\System\ejRkXke.exe
  C:\Windows\System\ejRkXke.exe
  2⤵
  PID:2420
- C:\Windows\System\bGrXLMl.exe
  C:\Windows\System\bGrXLMl.exe
  2⤵
  PID:1488
- C:\Windows\System\uMWKVIo.exe
  C:\Windows\System\uMWKVIo.exe
  2⤵
  PID:2580
- C:\Windows\System\lOPFueX.exe
  C:\Windows\System\lOPFueX.exe
  2⤵
  PID:2948
- C:\Windows\System\ylskZTS.exe
  C:\Windows\System\ylskZTS.exe
  2⤵
  PID:2452
- C:\Windows\System\qTBZQfl.exe
  C:\Windows\System\qTBZQfl.exe
  2⤵
  PID:788
- C:\Windows\System\ZpQbizj.exe
  C:\Windows\System\ZpQbizj.exe
  2⤵
  PID:2320
- C:\Windows\System\zzdDnbN.exe
  C:\Windows\System\zzdDnbN.exe
  2⤵
  PID:2368
- C:\Windows\System\eehMYBf.exe
  C:\Windows\System\eehMYBf.exe
  2⤵
  PID:880
- C:\Windows\System\LfPWGVr.exe
  C:\Windows\System\LfPWGVr.exe
  2⤵
  PID:2372
- C:\Windows\System\tETtNfS.exe
  C:\Windows\System\tETtNfS.exe
  2⤵
  PID:2212
- C:\Windows\System\EwUxTdm.exe
  C:\Windows\System\EwUxTdm.exe
  2⤵
  PID:2448
- C:\Windows\System\huqwetT.exe
  C:\Windows\System\huqwetT.exe
  2⤵
  PID:2876
- C:\Windows\System\oyOsuQi.exe
  C:\Windows\System\oyOsuQi.exe
  2⤵
  PID:2608
- C:\Windows\System\WYevrBH.exe
  C:\Windows\System\WYevrBH.exe
  2⤵
  PID:2992
- C:\Windows\System\gxIdNHc.exe
  C:\Windows\System\gxIdNHc.exe
  2⤵
  PID:1932
- C:\Windows\System\EVMPieP.exe
  C:\Windows\System\EVMPieP.exe
  2⤵
  PID:2248
- C:\Windows\System\obZTcGl.exe
  C:\Windows\System\obZTcGl.exe
  2⤵
  PID:2432
- C:\Windows\System\uortJwQ.exe
  C:\Windows\System\uortJwQ.exe
  2⤵
  PID:2672
- C:\Windows\System\IRlWMoY.exe
  C:\Windows\System\IRlWMoY.exe
  2⤵
  PID:560
- C:\Windows\System\ZJkUlRP.exe
  C:\Windows\System\ZJkUlRP.exe
  2⤵
  PID:2564
- C:\Windows\System\yQdvsJb.exe
  C:\Windows\System\yQdvsJb.exe
  2⤵
  PID:928
- C:\Windows\System\VftayJL.exe
  C:\Windows\System\VftayJL.exe
  2⤵
  PID:2032
- C:\Windows\System\mHIWuRN.exe
  C:\Windows\System\mHIWuRN.exe
  2⤵
  PID:676
- C:\Windows\System\lgAtPYa.exe
  C:\Windows\System\lgAtPYa.exe
  2⤵
  PID:2408
- C:\Windows\System\uHyYBGi.exe
  C:\Windows\System\uHyYBGi.exe
  2⤵
  PID:2724
- C:\Windows\System\YqTLkTE.exe
  C:\Windows\System\YqTLkTE.exe
  2⤵
  PID:1824
- C:\Windows\System\CLTaqdu.exe
  C:\Windows\System\CLTaqdu.exe
  2⤵
  PID:1540
- C:\Windows\System\cyXanhG.exe
  C:\Windows\System\cyXanhG.exe
  2⤵
  PID:1552
- C:\Windows\System\NMJpkLE.exe
  C:\Windows\System\NMJpkLE.exe
  2⤵
  PID:852
- C:\Windows\System\XGHZdGd.exe
  C:\Windows\System\XGHZdGd.exe
  2⤵
  PID:672
- C:\Windows\System\xmeDEcd.exe
  C:\Windows\System\xmeDEcd.exe
  2⤵
  PID:3084
- C:\Windows\System\zKLTOid.exe
  C:\Windows\System\zKLTOid.exe
  2⤵
  PID:3100
- C:\Windows\System\hCPwLfL.exe
  C:\Windows\System\hCPwLfL.exe
  2⤵
  PID:3116
- C:\Windows\System\StSWifQ.exe
  C:\Windows\System\StSWifQ.exe
  2⤵
  PID:3132
- C:\Windows\System\sPGDqRL.exe
  C:\Windows\System\sPGDqRL.exe
  2⤵
  PID:3148
- C:\Windows\System\ZVbzieB.exe
  C:\Windows\System\ZVbzieB.exe
  2⤵
  PID:3200
- C:\Windows\System\xTmSoaB.exe
  C:\Windows\System\xTmSoaB.exe
  2⤵
  PID:3216
- C:\Windows\System\puGlZDh.exe
  C:\Windows\System\puGlZDh.exe
  2⤵
  PID:3236
- C:\Windows\System\brxjqFI.exe
  C:\Windows\System\brxjqFI.exe
  2⤵
  PID:3256
- C:\Windows\System\BLBMKDf.exe
  C:\Windows\System\BLBMKDf.exe
  2⤵
  PID:3272
- C:\Windows\System\FpJlnRp.exe
  C:\Windows\System\FpJlnRp.exe
  2⤵
  PID:3296
- C:\Windows\System\ytmVnRx.exe
  C:\Windows\System\ytmVnRx.exe
  2⤵
  PID:3324
- C:\Windows\System\vJWcZJn.exe
  C:\Windows\System\vJWcZJn.exe
  2⤵
  PID:3340
- C:\Windows\System\cyLCeNA.exe
  C:\Windows\System\cyLCeNA.exe
  2⤵
  PID:3364
- C:\Windows\System\tYcaGSK.exe
  C:\Windows\System\tYcaGSK.exe
  2⤵
  PID:3384
- C:\Windows\System\YeoMBMc.exe
  C:\Windows\System\YeoMBMc.exe
  2⤵
  PID:3404
- C:\Windows\System\QiEapGz.exe
  C:\Windows\System\QiEapGz.exe
  2⤵
  PID:3420
- C:\Windows\System\xfbyPYN.exe
  C:\Windows\System\xfbyPYN.exe
  2⤵
  PID:3444
- C:\Windows\System\pxERVMb.exe
  C:\Windows\System\pxERVMb.exe
  2⤵
  PID:3460
- C:\Windows\System\UgWDfGK.exe
  C:\Windows\System\UgWDfGK.exe
  2⤵
  PID:3476
- C:\Windows\System\EVckkyz.exe
  C:\Windows\System\EVckkyz.exe
  2⤵
  PID:3500
- C:\Windows\System\lKjcNyj.exe
  C:\Windows\System\lKjcNyj.exe
  2⤵
  PID:3520
- C:\Windows\System\lbjDyru.exe
  C:\Windows\System\lbjDyru.exe
  2⤵
  PID:3540
- C:\Windows\System\SUbCQqA.exe
  C:\Windows\System\SUbCQqA.exe
  2⤵
  PID:3560
- C:\Windows\System\UjedXLK.exe
  C:\Windows\System\UjedXLK.exe
  2⤵
  PID:3580
- C:\Windows\System\iFMjySC.exe
  C:\Windows\System\iFMjySC.exe
  2⤵
  PID:3600
- C:\Windows\System\uMkDFBP.exe
  C:\Windows\System\uMkDFBP.exe
  2⤵
  PID:3616
- C:\Windows\System\elqNEbS.exe
  C:\Windows\System\elqNEbS.exe
  2⤵
  PID:3632
- C:\Windows\System\vhAPXje.exe
  C:\Windows\System\vhAPXje.exe
  2⤵
  PID:3648
- C:\Windows\System\EtrHGUd.exe
  C:\Windows\System\EtrHGUd.exe
  2⤵
  PID:3664
- C:\Windows\System\ViDfKdI.exe
  C:\Windows\System\ViDfKdI.exe
  2⤵
  PID:3708
- C:\Windows\System\OaIhFEs.exe
  C:\Windows\System\OaIhFEs.exe
  2⤵
  PID:3724
- C:\Windows\System\hYmdanM.exe
  C:\Windows\System\hYmdanM.exe
  2⤵
  PID:3744
- C:\Windows\System\VgqQeQJ.exe
  C:\Windows\System\VgqQeQJ.exe
  2⤵
  PID:3760
- C:\Windows\System\BHjSRse.exe
  C:\Windows\System\BHjSRse.exe
  2⤵
  PID:3780
- C:\Windows\System\KHbufaQ.exe
  C:\Windows\System\KHbufaQ.exe
  2⤵
  PID:3796
- C:\Windows\System\LbyiOzP.exe
  C:\Windows\System\LbyiOzP.exe
  2⤵
  PID:3820
- C:\Windows\System\LwokidO.exe
  C:\Windows\System\LwokidO.exe
  2⤵
  PID:3840
- C:\Windows\System\TUfLOas.exe
  C:\Windows\System\TUfLOas.exe
  2⤵
  PID:3860
- C:\Windows\System\OqCStDg.exe
  C:\Windows\System\OqCStDg.exe
  2⤵
  PID:3880
- C:\Windows\System\nbhCPnC.exe
  C:\Windows\System\nbhCPnC.exe
  2⤵
  PID:3900
- C:\Windows\System\OQvEaaT.exe
  C:\Windows\System\OQvEaaT.exe
  2⤵
  PID:3924
- C:\Windows\System\FRGDJPv.exe
  C:\Windows\System\FRGDJPv.exe
  2⤵
  PID:3944
- C:\Windows\System\XJlwzPW.exe
  C:\Windows\System\XJlwzPW.exe
  2⤵
  PID:3960
- C:\Windows\System\LpJtnsv.exe
  C:\Windows\System\LpJtnsv.exe
  2⤵
  PID:3976
- C:\Windows\System\LyRgBuV.exe
  C:\Windows\System\LyRgBuV.exe
  2⤵
  PID:3992
- C:\Windows\System\IaOnQvY.exe
  C:\Windows\System\IaOnQvY.exe
  2⤵
  PID:4008
- C:\Windows\System\uOYjGLD.exe
  C:\Windows\System\uOYjGLD.exe
  2⤵
  PID:4024
- C:\Windows\System\phWoyur.exe
  C:\Windows\System\phWoyur.exe
  2⤵
  PID:4040
- C:\Windows\System\pPnGeLo.exe
  C:\Windows\System\pPnGeLo.exe
  2⤵
  PID:4056
- C:\Windows\System\gfwSPLX.exe
  C:\Windows\System\gfwSPLX.exe
  2⤵
  PID:4072
- C:\Windows\System\CLJMmPv.exe
  C:\Windows\System\CLJMmPv.exe
  2⤵
  PID:4088
- C:\Windows\System\DeGGJQc.exe
  C:\Windows\System\DeGGJQc.exe
  2⤵
  PID:1716
- C:\Windows\System\KbIoUIK.exe
  C:\Windows\System\KbIoUIK.exe
  2⤵
  PID:836
- C:\Windows\System\tcATAAP.exe
  C:\Windows\System\tcATAAP.exe
  2⤵
  PID:536
- C:\Windows\System\ieErwkn.exe
  C:\Windows\System\ieErwkn.exe
  2⤵
  PID:2732
- C:\Windows\System\UdWRZTe.exe
  C:\Windows\System\UdWRZTe.exe
  2⤵
  PID:2044
- C:\Windows\System\MohXzXV.exe
  C:\Windows\System\MohXzXV.exe
  2⤵
  PID:544
- C:\Windows\System\FoLfEHC.exe
  C:\Windows\System\FoLfEHC.exe
  2⤵
  PID:2832
- C:\Windows\System\FCgQwyR.exe
  C:\Windows\System\FCgQwyR.exe
  2⤵
  PID:1828
- C:\Windows\System\UxmuKGs.exe
  C:\Windows\System\UxmuKGs.exe
  2⤵
  PID:2476
- C:\Windows\System\PvMOJKw.exe
  C:\Windows\System\PvMOJKw.exe
  2⤵
  PID:1896
- C:\Windows\System\KeDyfEM.exe
  C:\Windows\System\KeDyfEM.exe
  2⤵
  PID:2548
- C:\Windows\System\jCICfWg.exe
  C:\Windows\System\jCICfWg.exe
  2⤵
  PID:1688
- C:\Windows\System\QIOYFeZ.exe
  C:\Windows\System\QIOYFeZ.exe
  2⤵
  PID:3040
- C:\Windows\System\xeTopuG.exe
  C:\Windows\System\xeTopuG.exe
  2⤵
  PID:3168
- C:\Windows\System\KpmxZao.exe
  C:\Windows\System\KpmxZao.exe
  2⤵
  PID:2788
- C:\Windows\System\zySHocn.exe
  C:\Windows\System\zySHocn.exe
  2⤵
  PID:3080
- C:\Windows\System\aObzpbV.exe
  C:\Windows\System\aObzpbV.exe
  2⤵
  PID:3188
- C:\Windows\System\QZFoDHl.exe
  C:\Windows\System\QZFoDHl.exe
  2⤵
  PID:2676
- C:\Windows\System\xAhbvnR.exe
  C:\Windows\System\xAhbvnR.exe
  2⤵
  PID:3268
- C:\Windows\System\QpIRwEn.exe
  C:\Windows\System\QpIRwEn.exe
  2⤵
  PID:3316
- C:\Windows\System\UXJQGpH.exe
  C:\Windows\System\UXJQGpH.exe
  2⤵
  PID:3392
- C:\Windows\System\pCgYGCx.exe
  C:\Windows\System\pCgYGCx.exe
  2⤵
  PID:3468
- C:\Windows\System\HsKFchr.exe
  C:\Windows\System\HsKFchr.exe
  2⤵
  PID:3380
- C:\Windows\System\cxkrKCG.exe
  C:\Windows\System\cxkrKCG.exe
  2⤵
  PID:3516
- C:\Windows\System\BFuNNow.exe
  C:\Windows\System\BFuNNow.exe
  2⤵
  PID:3452
- C:\Windows\System\OmjBanQ.exe
  C:\Windows\System\OmjBanQ.exe
  2⤵
  PID:3656
- C:\Windows\System\KuLKggt.exe
  C:\Windows\System\KuLKggt.exe
  2⤵
  PID:3640
- C:\Windows\System\NJQgjhG.exe
  C:\Windows\System\NJQgjhG.exe
  2⤵
  PID:3788
- C:\Windows\System\HQhmmIy.exe
  C:\Windows\System\HQhmmIy.exe
  2⤵
  PID:3832
- C:\Windows\System\BPWfYQS.exe
  C:\Windows\System\BPWfYQS.exe
  2⤵
  PID:3912
- C:\Windows\System\ZVyFcFe.exe
  C:\Windows\System\ZVyFcFe.exe
  2⤵
  PID:3988
- C:\Windows\System\aRznfXJ.exe
  C:\Windows\System\aRznfXJ.exe
  2⤵
  PID:4020
- C:\Windows\System\MbOXDAm.exe
  C:\Windows\System\MbOXDAm.exe
  2⤵
  PID:4084
- C:\Windows\System\kuSwffB.exe
  C:\Windows\System\kuSwffB.exe
  2⤵
  PID:1528
- C:\Windows\System\oOepjrs.exe
  C:\Windows\System\oOepjrs.exe
  2⤵
  PID:2008
- C:\Windows\System\KudsaFl.exe
  C:\Windows\System\KudsaFl.exe
  2⤵
  PID:2400
- C:\Windows\System\ScoODxI.exe
  C:\Windows\System\ScoODxI.exe
  2⤵
  PID:3672
- C:\Windows\System\LhTAvXb.exe
  C:\Windows\System\LhTAvXb.exe
  2⤵
  PID:3696
- C:\Windows\System\mmrlmAJ.exe
  C:\Windows\System\mmrlmAJ.exe
  2⤵
  PID:3740
- C:\Windows\System\aUEVUUJ.exe
  C:\Windows\System\aUEVUUJ.exe
  2⤵
  PID:3772
- C:\Windows\System\QKAVovR.exe
  C:\Windows\System\QKAVovR.exe
  2⤵
  PID:3292
- C:\Windows\System\LaPmBXU.exe
  C:\Windows\System\LaPmBXU.exe
  2⤵
  PID:3812
- C:\Windows\System\hywkUBv.exe
  C:\Windows\System\hywkUBv.exe
  2⤵
  PID:3848
- C:\Windows\System\eeTRRSh.exe
  C:\Windows\System\eeTRRSh.exe
  2⤵
  PID:3936
- C:\Windows\System\ObayfQX.exe
  C:\Windows\System\ObayfQX.exe
  2⤵
  PID:3968
- C:\Windows\System\ujqvdAS.exe
  C:\Windows\System\ujqvdAS.exe
  2⤵
  PID:4004
- C:\Windows\System\ulWUQTw.exe
  C:\Windows\System\ulWUQTw.exe
  2⤵
  PID:2260
- C:\Windows\System\BaKfEfT.exe
  C:\Windows\System\BaKfEfT.exe
  2⤵
  PID:3244
- C:\Windows\System\HXwqbGw.exe
  C:\Windows\System\HXwqbGw.exe
  2⤵
  PID:3356
- C:\Windows\System\UaOeBtO.exe
  C:\Windows\System\UaOeBtO.exe
  2⤵
  PID:4064
- C:\Windows\System\EoLivXi.exe
  C:\Windows\System\EoLivXi.exe
  2⤵
  PID:3348
- C:\Windows\System\MATjMoC.exe
  C:\Windows\System\MATjMoC.exe
  2⤵
  PID:2792
- C:\Windows\System\YfSZgon.exe
  C:\Windows\System\YfSZgon.exe
  2⤵
  PID:896
- C:\Windows\System\sAgIHPF.exe
  C:\Windows\System\sAgIHPF.exe
  2⤵
  PID:2480
- C:\Windows\System\IgIOEIE.exe
  C:\Windows\System\IgIOEIE.exe
  2⤵
  PID:940
- C:\Windows\System\hhwwfpJ.exe
  C:\Windows\System\hhwwfpJ.exe
  2⤵
  PID:3592
- C:\Windows\System\EItoygN.exe
  C:\Windows\System\EItoygN.exe
  2⤵
  PID:3492
- C:\Windows\System\ZBtdCIu.exe
  C:\Windows\System\ZBtdCIu.exe
  2⤵
  PID:1312
- C:\Windows\System\LarXpAG.exe
  C:\Windows\System\LarXpAG.exe
  2⤵
  PID:3572
- C:\Windows\System\spNGmVY.exe
  C:\Windows\System\spNGmVY.exe
  2⤵
  PID:3752
- C:\Windows\System\eotNNPV.exe
  C:\Windows\System\eotNNPV.exe
  2⤵
  PID:3952
- C:\Windows\System\ouJJLfW.exe
  C:\Windows\System\ouJJLfW.exe
  2⤵
  PID:1616
- C:\Windows\System\nChvOPa.exe
  C:\Windows\System\nChvOPa.exe
  2⤵
  PID:2928
- C:\Windows\System\ZysNRXB.exe
  C:\Windows\System\ZysNRXB.exe
  2⤵
  PID:2268
- C:\Windows\System\MxWMeAV.exe
  C:\Windows\System\MxWMeAV.exe
  2⤵
  PID:3680
- C:\Windows\System\rNKVOAQ.exe
  C:\Windows\System\rNKVOAQ.exe
  2⤵
  PID:3156
- C:\Windows\System\hrnkaIW.exe
  C:\Windows\System\hrnkaIW.exe
  2⤵
  PID:3192
- C:\Windows\System\FDKKKIJ.exe
  C:\Windows\System\FDKKKIJ.exe
  2⤵
  PID:3804
- C:\Windows\System\eRAQOJH.exe
  C:\Windows\System\eRAQOJH.exe
  2⤵
  PID:3932
- C:\Windows\System\CtGbeao.exe
  C:\Windows\System\CtGbeao.exe
  2⤵
  PID:4000
- C:\Windows\System\fbHZTAH.exe
  C:\Windows\System\fbHZTAH.exe
  2⤵
  PID:3436
- C:\Windows\System\ypvyNXq.exe
  C:\Windows\System\ypvyNXq.exe
  2⤵
  PID:3512
- C:\Windows\System\EkNgbvL.exe
  C:\Windows\System\EkNgbvL.exe
  2⤵
  PID:3440
- C:\Windows\System\SsxXqWV.exe
  C:\Windows\System\SsxXqWV.exe
  2⤵
  PID:3112
- C:\Windows\System\EAuLUrz.exe
  C:\Windows\System\EAuLUrz.exe
  2⤵
  PID:3124
- C:\Windows\System\YDFlECr.exe
  C:\Windows\System\YDFlECr.exe
  2⤵
  PID:3456
- C:\Windows\System\otQKlpX.exe
  C:\Windows\System\otQKlpX.exe
  2⤵
  PID:4116
- C:\Windows\System\BbmAVxH.exe
  C:\Windows\System\BbmAVxH.exe
  2⤵
  PID:4136
- C:\Windows\System\FWpYEij.exe
  C:\Windows\System\FWpYEij.exe
  2⤵
  PID:4156
- C:\Windows\System\JnjYzTq.exe
  C:\Windows\System\JnjYzTq.exe
  2⤵
  PID:4176
- C:\Windows\System\PqyGsxF.exe
  C:\Windows\System\PqyGsxF.exe
  2⤵
  PID:4196
- C:\Windows\System\nppulag.exe
  C:\Windows\System\nppulag.exe
  2⤵
  PID:4216
- C:\Windows\System\GMGsFsx.exe
  C:\Windows\System\GMGsFsx.exe
  2⤵
  PID:4240
- C:\Windows\System\GyYgHEq.exe
  C:\Windows\System\GyYgHEq.exe
  2⤵
  PID:4260
- C:\Windows\System\FuPKBLR.exe
  C:\Windows\System\FuPKBLR.exe
  2⤵
  PID:4280
- C:\Windows\System\RyGLZBF.exe
  C:\Windows\System\RyGLZBF.exe
  2⤵
  PID:4300
- C:\Windows\System\koKHNIv.exe
  C:\Windows\System\koKHNIv.exe
  2⤵
  PID:4320
- C:\Windows\System\SVEVvAr.exe
  C:\Windows\System\SVEVvAr.exe
  2⤵
  PID:4336
- C:\Windows\System\FXuKEEC.exe
  C:\Windows\System\FXuKEEC.exe
  2⤵
  PID:4356
- C:\Windows\System\AJfoAST.exe
  C:\Windows\System\AJfoAST.exe
  2⤵
  PID:4380
- C:\Windows\System\ooyGTnu.exe
  C:\Windows\System\ooyGTnu.exe
  2⤵
  PID:4404
- C:\Windows\System\EpCSlVa.exe
  C:\Windows\System\EpCSlVa.exe
  2⤵
  PID:4420
- C:\Windows\System\CUHjgQD.exe
  C:\Windows\System\CUHjgQD.exe
  2⤵
  PID:4444
- C:\Windows\System\sZkLAoJ.exe
  C:\Windows\System\sZkLAoJ.exe
  2⤵
  PID:4464
- C:\Windows\System\LOnMEZe.exe
  C:\Windows\System\LOnMEZe.exe
  2⤵
  PID:4484
- C:\Windows\System\XyEIZTi.exe
  C:\Windows\System\XyEIZTi.exe
  2⤵
  PID:4504
- C:\Windows\System\abkVKJW.exe
  C:\Windows\System\abkVKJW.exe
  2⤵
  PID:4524
- C:\Windows\System\bGfpILL.exe
  C:\Windows\System\bGfpILL.exe
  2⤵
  PID:4544
- C:\Windows\System\kheIGwB.exe
  C:\Windows\System\kheIGwB.exe
  2⤵
  PID:4560
- C:\Windows\System\kNPhgkf.exe
  C:\Windows\System\kNPhgkf.exe
  2⤵
  PID:4584
- C:\Windows\System\wRuImki.exe
  C:\Windows\System\wRuImki.exe
  2⤵
  PID:4604
- C:\Windows\System\VvVrBbR.exe
  C:\Windows\System\VvVrBbR.exe
  2⤵
  PID:4624
- C:\Windows\System\UioWnHp.exe
  C:\Windows\System\UioWnHp.exe
  2⤵
  PID:4644
- C:\Windows\System\LrXxfxT.exe
  C:\Windows\System\LrXxfxT.exe
  2⤵
  PID:4668
- C:\Windows\System\DMKUhQY.exe
  C:\Windows\System\DMKUhQY.exe
  2⤵
  PID:4688
- C:\Windows\System\WfCBHTX.exe
  C:\Windows\System\WfCBHTX.exe
  2⤵
  PID:4708
- C:\Windows\System\MCxBALa.exe
  C:\Windows\System\MCxBALa.exe
  2⤵
  PID:4728
- C:\Windows\System\pUGMRYH.exe
  C:\Windows\System\pUGMRYH.exe
  2⤵
  PID:4748
- C:\Windows\System\MZaIhiZ.exe
  C:\Windows\System\MZaIhiZ.exe
  2⤵
  PID:4768
- C:\Windows\System\RrsENDg.exe
  C:\Windows\System\RrsENDg.exe
  2⤵
  PID:4788
- C:\Windows\System\sgzZmWT.exe
  C:\Windows\System\sgzZmWT.exe
  2⤵
  PID:4808
- C:\Windows\System\xtiFWId.exe
  C:\Windows\System\xtiFWId.exe
  2⤵
  PID:4828
- C:\Windows\System\AcxMICK.exe
  C:\Windows\System\AcxMICK.exe
  2⤵
  PID:4848
- C:\Windows\System\xzoYCXs.exe
  C:\Windows\System\xzoYCXs.exe
  2⤵
  PID:4868
- C:\Windows\System\ZPEluqC.exe
  C:\Windows\System\ZPEluqC.exe
  2⤵
  PID:4888
- C:\Windows\System\hvIbXYu.exe
  C:\Windows\System\hvIbXYu.exe
  2⤵
  PID:4908
- C:\Windows\System\xaQqsbK.exe
  C:\Windows\System\xaQqsbK.exe
  2⤵
  PID:4932
- C:\Windows\System\shwuZzf.exe
  C:\Windows\System\shwuZzf.exe
  2⤵
  PID:4952
- C:\Windows\System\KhuwjBC.exe
  C:\Windows\System\KhuwjBC.exe
  2⤵
  PID:4972
- C:\Windows\System\bloZdEL.exe
  C:\Windows\System\bloZdEL.exe
  2⤵
  PID:4992
- C:\Windows\System\LxAqGvY.exe
  C:\Windows\System\LxAqGvY.exe
  2⤵
  PID:5012
- C:\Windows\System\vRKiFYj.exe
  C:\Windows\System\vRKiFYj.exe
  2⤵
  PID:5032
- C:\Windows\System\PRdMDyL.exe
  C:\Windows\System\PRdMDyL.exe
  2⤵
  PID:5052
- C:\Windows\System\UvxLmfv.exe
  C:\Windows\System\UvxLmfv.exe
  2⤵
  PID:5076
- C:\Windows\System\IWuOONC.exe
  C:\Windows\System\IWuOONC.exe
  2⤵
  PID:5096
- C:\Windows\System\mCzWvHy.exe
  C:\Windows\System\mCzWvHy.exe
  2⤵
  PID:5112
- C:\Windows\System\MeScavG.exe
  C:\Windows\System\MeScavG.exe
  2⤵
  PID:2300
- C:\Windows\System\Fxopyha.exe
  C:\Windows\System\Fxopyha.exe
  2⤵
  PID:3720
- C:\Windows\System\rlBlfPE.exe
  C:\Windows\System\rlBlfPE.exe
  2⤵
  PID:3612
- C:\Windows\System\oXNuuvJ.exe
  C:\Windows\System\oXNuuvJ.exe
  2⤵
  PID:4016
- C:\Windows\System\duXBOyN.exe
  C:\Windows\System\duXBOyN.exe
  2⤵
  PID:3984
- C:\Windows\System\qpQwEHf.exe
  C:\Windows\System\qpQwEHf.exe
  2⤵
  PID:1708
- C:\Windows\System\smnpOWa.exe
  C:\Windows\System\smnpOWa.exe
  2⤵
  PID:2840
- C:\Windows\System\xvWdKgd.exe
  C:\Windows\System\xvWdKgd.exe
  2⤵
  PID:3808
- C:\Windows\System\SXuRHZi.exe
  C:\Windows\System\SXuRHZi.exe
  2⤵
  PID:3284
- C:\Windows\System\DHOxZCF.exe
  C:\Windows\System\DHOxZCF.exe
  2⤵
  PID:3856
- C:\Windows\System\WtvVkHU.exe
  C:\Windows\System\WtvVkHU.exe
  2⤵
  PID:2196
- C:\Windows\System\lYQUZLG.exe
  C:\Windows\System\lYQUZLG.exe
  2⤵
  PID:3416
- C:\Windows\System\iRSYbAF.exe
  C:\Windows\System\iRSYbAF.exe
  2⤵
  PID:4032
- C:\Windows\System\gZZvaaQ.exe
  C:\Windows\System\gZZvaaQ.exe
  2⤵
  PID:4128
- C:\Windows\System\zFjoryJ.exe
  C:\Windows\System\zFjoryJ.exe
  2⤵
  PID:4108
- C:\Windows\System\HSgbUUe.exe
  C:\Windows\System\HSgbUUe.exe
  2⤵
  PID:4212
- C:\Windows\System\iYGmWJa.exe
  C:\Windows\System\iYGmWJa.exe
  2⤵
  PID:4224
- C:\Windows\System\afiyNPY.exe
  C:\Windows\System\afiyNPY.exe
  2⤵
  PID:4228
- C:\Windows\System\OUlYrmi.exe
  C:\Windows\System\OUlYrmi.exe
  2⤵
  PID:4276
- C:\Windows\System\ypGMtje.exe
  C:\Windows\System\ypGMtje.exe
  2⤵
  PID:4332
- C:\Windows\System\PjbhJYX.exe
  C:\Windows\System\PjbhJYX.exe
  2⤵
  PID:4372
- C:\Windows\System\lURNXsS.exe
  C:\Windows\System\lURNXsS.exe
  2⤵
  PID:4412
- C:\Windows\System\yWBsqjK.exe
  C:\Windows\System\yWBsqjK.exe
  2⤵
  PID:4460
- C:\Windows\System\GMIAZLi.exe
  C:\Windows\System\GMIAZLi.exe
  2⤵
  PID:4456
- C:\Windows\System\jqBEyir.exe
  C:\Windows\System\jqBEyir.exe
  2⤵
  PID:4496
- C:\Windows\System\YwJwuwO.exe
  C:\Windows\System\YwJwuwO.exe
  2⤵
  PID:4568
- C:\Windows\System\zGQIsjO.exe
  C:\Windows\System\zGQIsjO.exe
  2⤵
  PID:4580
- C:\Windows\System\GEFExOp.exe
  C:\Windows\System\GEFExOp.exe
  2⤵
  PID:4400
- C:\Windows\System\tFbLFdL.exe
  C:\Windows\System\tFbLFdL.exe
  2⤵
  PID:4600
- C:\Windows\System\xTgaTsD.exe
  C:\Windows\System\xTgaTsD.exe
  2⤵
  PID:4664
- C:\Windows\System\WtutMFE.exe
  C:\Windows\System\WtutMFE.exe
  2⤵
  PID:4676
- C:\Windows\System\oZtNpgF.exe
  C:\Windows\System\oZtNpgF.exe
  2⤵
  PID:4716
- C:\Windows\System\HRvKnJf.exe
  C:\Windows\System\HRvKnJf.exe
  2⤵
  PID:4784
- C:\Windows\System\ZOnFtIT.exe
  C:\Windows\System\ZOnFtIT.exe
  2⤵
  PID:4780
- C:\Windows\System\fohVNef.exe
  C:\Windows\System\fohVNef.exe
  2⤵
  PID:4800
- C:\Windows\System\ORwnLQw.exe
  C:\Windows\System\ORwnLQw.exe
  2⤵
  PID:4864
- C:\Windows\System\EIXMfrG.exe
  C:\Windows\System\EIXMfrG.exe
  2⤵
  PID:4904
- C:\Windows\System\weIMvfO.exe
  C:\Windows\System\weIMvfO.exe
  2⤵
  PID:4948
- C:\Windows\System\OtqnqWv.exe
  C:\Windows\System\OtqnqWv.exe
  2⤵
  PID:4968
- C:\Windows\System\eODVvTA.exe
  C:\Windows\System\eODVvTA.exe
  2⤵
  PID:5020
- C:\Windows\System\RfdKZiW.exe
  C:\Windows\System\RfdKZiW.exe
  2⤵
  PID:5008
- C:\Windows\System\clkOPtI.exe
  C:\Windows\System\clkOPtI.exe
  2⤵
  PID:5044
- C:\Windows\System\gYPbtIB.exe
  C:\Windows\System\gYPbtIB.exe
  2⤵
  PID:5092
- C:\Windows\System\hTlxztp.exe
  C:\Windows\System\hTlxztp.exe
  2⤵
  PID:1592
- C:\Windows\System\cpcYerH.exe
  C:\Windows\System\cpcYerH.exe
  2⤵
  PID:3716
- C:\Windows\System\OfbBlVG.exe
  C:\Windows\System\OfbBlVG.exe
  2⤵
  PID:3532
- C:\Windows\System\tYjuuZn.exe
  C:\Windows\System\tYjuuZn.exe
  2⤵
  PID:432
- C:\Windows\System\uJSYoWn.exe
  C:\Windows\System\uJSYoWn.exe
  2⤵
  PID:3684
- C:\Windows\System\QtdsdNE.exe
  C:\Windows\System\QtdsdNE.exe
  2⤵
  PID:3144
- C:\Windows\System\FHrzDwD.exe
  C:\Windows\System\FHrzDwD.exe
  2⤵
  PID:3212
- C:\Windows\System\MnuORRR.exe
  C:\Windows\System\MnuORRR.exe
  2⤵
  PID:3360
- C:\Windows\System\XJMvmWB.exe
  C:\Windows\System\XJMvmWB.exe
  2⤵
  PID:3108
- C:\Windows\System\mrfhCGC.exe
  C:\Windows\System\mrfhCGC.exe
  2⤵
  PID:4112
- C:\Windows\System\IVPemYO.exe
  C:\Windows\System\IVPemYO.exe
  2⤵
  PID:4248
- C:\Windows\System\GNPOykx.exe
  C:\Windows\System\GNPOykx.exe
  2⤵
  PID:4328
- C:\Windows\System\GkHOvHX.exe
  C:\Windows\System\GkHOvHX.exe
  2⤵
  PID:4348
- C:\Windows\System\yHTAOpl.exe
  C:\Windows\System\yHTAOpl.exe
  2⤵
  PID:4368
- C:\Windows\System\pkeStFA.exe
  C:\Windows\System\pkeStFA.exe
  2⤵
  PID:4432
- C:\Windows\System\ZDiyqmI.exe
  C:\Windows\System\ZDiyqmI.exe
  2⤵
  PID:4536
- C:\Windows\System\JQlEDVD.exe
  C:\Windows\System\JQlEDVD.exe
  2⤵
  PID:4556
- C:\Windows\System\vwERgmU.exe
  C:\Windows\System\vwERgmU.exe
  2⤵
  PID:4576
- C:\Windows\System\jJQraMW.exe
  C:\Windows\System\jJQraMW.exe
  2⤵
  PID:4684
- C:\Windows\System\tpLvOWa.exe
  C:\Windows\System\tpLvOWa.exe
  2⤵
  PID:4696
- C:\Windows\System\OVHBsHm.exe
  C:\Windows\System\OVHBsHm.exe
  2⤵
  PID:4764
- C:\Windows\System\nDGjVbg.exe
  C:\Windows\System\nDGjVbg.exe
  2⤵
  PID:4824
- C:\Windows\System\RftbuhK.exe
  C:\Windows\System\RftbuhK.exe
  2⤵
  PID:2456
- C:\Windows\System\hLjRAOn.exe
  C:\Windows\System\hLjRAOn.exe
  2⤵
  PID:4944
- C:\Windows\System\WQMAACS.exe
  C:\Windows\System\WQMAACS.exe
  2⤵
  PID:5072
- C:\Windows\System\tcBkktr.exe
  C:\Windows\System\tcBkktr.exe
  2⤵
  PID:5068
- C:\Windows\System\dQcILtT.exe
  C:\Windows\System\dQcILtT.exe
  2⤵
  PID:3588
- C:\Windows\System\iaIGzAY.exe
  C:\Windows\System\iaIGzAY.exe
  2⤵
  PID:3756
- C:\Windows\System\froeiSL.exe
  C:\Windows\System\froeiSL.exe
  2⤵
  PID:3872
- C:\Windows\System\QtRoWVB.exe
  C:\Windows\System\QtRoWVB.exe
  2⤵
  PID:3768
- C:\Windows\System\kNTEPCk.exe
  C:\Windows\System\kNTEPCk.exe
  2⤵
  PID:2464
- C:\Windows\System\OsnRJqp.exe
  C:\Windows\System\OsnRJqp.exe
  2⤵
  PID:4132
- C:\Windows\System\EIIXOCR.exe
  C:\Windows\System\EIIXOCR.exe
  2⤵
  PID:2616
- C:\Windows\System\vmXnRXF.exe
  C:\Windows\System\vmXnRXF.exe
  2⤵
  PID:4168
- C:\Windows\System\eZovopt.exe
  C:\Windows\System\eZovopt.exe
  2⤵
  PID:2952
- C:\Windows\System\OhjLPUe.exe
  C:\Windows\System\OhjLPUe.exe
  2⤵
  PID:4316
- C:\Windows\System\rnCEErJ.exe
  C:\Windows\System\rnCEErJ.exe
  2⤵
  PID:4252
- C:\Windows\System\Kwjjpbj.exe
  C:\Windows\System\Kwjjpbj.exe
  2⤵
  PID:4436
- C:\Windows\System\IPGpFxJ.exe
  C:\Windows\System\IPGpFxJ.exe
  2⤵
  PID:4532
- C:\Windows\System\XHLdujT.exe
  C:\Windows\System\XHLdujT.exe
  2⤵
  PID:4652
- C:\Windows\System\SQMbPhD.exe
  C:\Windows\System\SQMbPhD.exe
  2⤵
  PID:2104
- C:\Windows\System\ALWjTJp.exe
  C:\Windows\System\ALWjTJp.exe
  2⤵
  PID:4704
- C:\Windows\System\jgshGnj.exe
  C:\Windows\System\jgshGnj.exe
  2⤵
  PID:4860
- C:\Windows\System\DhBoJRS.exe
  C:\Windows\System\DhBoJRS.exe
  2⤵
  PID:4964
- C:\Windows\System\JswolRo.exe
  C:\Windows\System\JswolRo.exe
  2⤵
  PID:4924
- C:\Windows\System\IdfcTdZ.exe
  C:\Windows\System\IdfcTdZ.exe
  2⤵
  PID:5000
- C:\Windows\System\SfXHbet.exe
  C:\Windows\System\SfXHbet.exe
  2⤵
  PID:3160
- C:\Windows\System\ETqucZa.exe
  C:\Windows\System\ETqucZa.exe
  2⤵
  PID:3608
- C:\Windows\System\wTcQzcH.exe
  C:\Windows\System\wTcQzcH.exe
  2⤵
  PID:1104
- C:\Windows\System\fusJlEu.exe
  C:\Windows\System\fusJlEu.exe
  2⤵
  PID:2708
- C:\Windows\System\MmxVlnx.exe
  C:\Windows\System\MmxVlnx.exe
  2⤵
  PID:4376
- C:\Windows\System\JVmXXoE.exe
  C:\Windows\System\JVmXXoE.exe
  2⤵
  PID:4296
- C:\Windows\System\bSVepkK.exe
  C:\Windows\System\bSVepkK.exe
  2⤵
  PID:5140
- C:\Windows\System\JBXWDIR.exe
  C:\Windows\System\JBXWDIR.exe
  2⤵
  PID:5160
- C:\Windows\System\fyznYKP.exe
  C:\Windows\System\fyznYKP.exe
  2⤵
  PID:5180
- C:\Windows\System\dzAtcHt.exe
  C:\Windows\System\dzAtcHt.exe
  2⤵
  PID:5200
- C:\Windows\System\uMqRQWk.exe
  C:\Windows\System\uMqRQWk.exe
  2⤵
  PID:5220
- C:\Windows\System\MaVQifx.exe
  C:\Windows\System\MaVQifx.exe
  2⤵
  PID:5240
- C:\Windows\System\iUkRdFT.exe
  C:\Windows\System\iUkRdFT.exe
  2⤵
  PID:5260
- C:\Windows\System\AdrmFVv.exe
  C:\Windows\System\AdrmFVv.exe
  2⤵
  PID:5280
- C:\Windows\System\JDLpAjg.exe
  C:\Windows\System\JDLpAjg.exe
  2⤵
  PID:5300
- C:\Windows\System\PGdsisQ.exe
  C:\Windows\System\PGdsisQ.exe
  2⤵
  PID:5320
- C:\Windows\System\mHlgmOF.exe
  C:\Windows\System\mHlgmOF.exe
  2⤵
  PID:5336
- C:\Windows\System\jdgkKzf.exe
  C:\Windows\System\jdgkKzf.exe
  2⤵
  PID:5360
- C:\Windows\System\JbZBRZa.exe
  C:\Windows\System\JbZBRZa.exe
  2⤵
  PID:5380
- C:\Windows\System\UYYGmEk.exe
  C:\Windows\System\UYYGmEk.exe
  2⤵
  PID:5400
- C:\Windows\System\cgcxFaq.exe
  C:\Windows\System\cgcxFaq.exe
  2⤵
  PID:5416
- C:\Windows\System\vuyVxnX.exe
  C:\Windows\System\vuyVxnX.exe
  2⤵
  PID:5440
- C:\Windows\System\KUfbEEM.exe
  C:\Windows\System\KUfbEEM.exe
  2⤵
  PID:5464
- C:\Windows\System\zMFWzrV.exe
  C:\Windows\System\zMFWzrV.exe
  2⤵
  PID:5484
- C:\Windows\System\txhaONP.exe
  C:\Windows\System\txhaONP.exe
  2⤵
  PID:5504
- C:\Windows\System\SLRJnYl.exe
  C:\Windows\System\SLRJnYl.exe
  2⤵
  PID:5528
- C:\Windows\System\wGsCfbW.exe
  C:\Windows\System\wGsCfbW.exe
  2⤵
  PID:5548
- C:\Windows\System\HamtJoi.exe
  C:\Windows\System\HamtJoi.exe
  2⤵
  PID:5564
- C:\Windows\System\sQanKDA.exe
  C:\Windows\System\sQanKDA.exe
  2⤵
  PID:5588
- C:\Windows\System\UgnEmOa.exe
  C:\Windows\System\UgnEmOa.exe
  2⤵
  PID:5608
- C:\Windows\System\qARRdTT.exe
  C:\Windows\System\qARRdTT.exe
  2⤵
  PID:5628
- C:\Windows\System\IATTahO.exe
  C:\Windows\System\IATTahO.exe
  2⤵
  PID:5648
- C:\Windows\System\LfYfcfA.exe
  C:\Windows\System\LfYfcfA.exe
  2⤵
  PID:5668
- C:\Windows\System\FDTJqMt.exe
  C:\Windows\System\FDTJqMt.exe
  2⤵
  PID:5688
- C:\Windows\System\MKMvGgJ.exe
  C:\Windows\System\MKMvGgJ.exe
  2⤵
  PID:5708
- C:\Windows\System\PLEvHMr.exe
  C:\Windows\System\PLEvHMr.exe
  2⤵
  PID:5724
- C:\Windows\System\POCdGFP.exe
  C:\Windows\System\POCdGFP.exe
  2⤵
  PID:5748
- C:\Windows\System\niqWTPd.exe
  C:\Windows\System\niqWTPd.exe
  2⤵
  PID:5768
- C:\Windows\System\QZLsRiM.exe
  C:\Windows\System\QZLsRiM.exe
  2⤵
  PID:5788
- C:\Windows\System\sqtwFar.exe
  C:\Windows\System\sqtwFar.exe
  2⤵
  PID:5808
- C:\Windows\System\dgUxvfp.exe
  C:\Windows\System\dgUxvfp.exe
  2⤵
  PID:5828
- C:\Windows\System\EbpwhBQ.exe
  C:\Windows\System\EbpwhBQ.exe
  2⤵
  PID:5848
- C:\Windows\System\nhlmEsZ.exe
  C:\Windows\System\nhlmEsZ.exe
  2⤵
  PID:5868
- C:\Windows\System\RKHiRLw.exe
  C:\Windows\System\RKHiRLw.exe
  2⤵
  PID:5892
- C:\Windows\System\HCrrVnI.exe
  C:\Windows\System\HCrrVnI.exe
  2⤵
  PID:5916
- C:\Windows\System\FhJYHYa.exe
  C:\Windows\System\FhJYHYa.exe
  2⤵
  PID:5932
- C:\Windows\System\XZymibG.exe
  C:\Windows\System\XZymibG.exe
  2⤵
  PID:5952
- C:\Windows\System\TtKmNVW.exe
  C:\Windows\System\TtKmNVW.exe
  2⤵
  PID:5972
- C:\Windows\System\dzNgege.exe
  C:\Windows\System\dzNgege.exe
  2⤵
  PID:5996
- C:\Windows\System\owbAmOT.exe
  C:\Windows\System\owbAmOT.exe
  2⤵
  PID:6016
- C:\Windows\System\THphxas.exe
  C:\Windows\System\THphxas.exe
  2⤵
  PID:6036
- C:\Windows\System\NDSyQLu.exe
  C:\Windows\System\NDSyQLu.exe
  2⤵
  PID:6056
- C:\Windows\System\qPimLUQ.exe
  C:\Windows\System\qPimLUQ.exe
  2⤵
  PID:6076
- C:\Windows\System\CZsGtoC.exe
  C:\Windows\System\CZsGtoC.exe
  2⤵
  PID:6096
- C:\Windows\System\Oluschy.exe
  C:\Windows\System\Oluschy.exe
  2⤵
  PID:6116
- C:\Windows\System\vKDKcdt.exe
  C:\Windows\System\vKDKcdt.exe
  2⤵
  PID:6136
- C:\Windows\System\WjuMXRF.exe
  C:\Windows\System\WjuMXRF.exe
  2⤵
  PID:4352
- C:\Windows\System\eZMIOba.exe
  C:\Windows\System\eZMIOba.exe
  2⤵
  PID:4620
- C:\Windows\System\RCgbsFL.exe
  C:\Windows\System\RCgbsFL.exe
  2⤵
  PID:4760
- C:\Windows\System\lpyiPrt.exe
  C:\Windows\System\lpyiPrt.exe
  2⤵
  PID:4756
- C:\Windows\System\vGeURSB.exe
  C:\Windows\System\vGeURSB.exe
  2⤵
  PID:4988
- C:\Windows\System\ULubGEV.exe
  C:\Windows\System\ULubGEV.exe
  2⤵
  PID:5060
- C:\Windows\System\qBsWVWs.exe
  C:\Windows\System\qBsWVWs.exe
  2⤵
  PID:3908
- C:\Windows\System\jqNWJOg.exe
  C:\Windows\System\jqNWJOg.exe
  2⤵
  PID:2912
- C:\Windows\System\wSuXaFr.exe
  C:\Windows\System\wSuXaFr.exe
  2⤵
  PID:5136
- C:\Windows\System\DuzyMDo.exe
  C:\Windows\System\DuzyMDo.exe
  2⤵
  PID:5148
- C:\Windows\System\PappoUL.exe
  C:\Windows\System\PappoUL.exe
  2⤵
  PID:5172
- C:\Windows\System\tzXPbUB.exe
  C:\Windows\System\tzXPbUB.exe
  2⤵
  PID:5196
- C:\Windows\System\CgRfzmM.exe
  C:\Windows\System\CgRfzmM.exe
  2⤵
  PID:5256
- C:\Windows\System\ldbBTgD.exe
  C:\Windows\System\ldbBTgD.exe
  2⤵
  PID:5268
- C:\Windows\System\oFZCSfY.exe
  C:\Windows\System\oFZCSfY.exe
  2⤵
  PID:5328
- C:\Windows\System\NzVVDbg.exe
  C:\Windows\System\NzVVDbg.exe
  2⤵
  PID:5344
- C:\Windows\System\VlglcGi.exe
  C:\Windows\System\VlglcGi.exe
  2⤵
  PID:5372
- C:\Windows\System\yQrKTUg.exe
  C:\Windows\System\yQrKTUg.exe
  2⤵
  PID:5388
- C:\Windows\System\RrekTyj.exe
  C:\Windows\System\RrekTyj.exe
  2⤵
  PID:5460
- C:\Windows\System\dEQRMhA.exe
  C:\Windows\System\dEQRMhA.exe
  2⤵
  PID:5496
- C:\Windows\System\jUTCkzQ.exe
  C:\Windows\System\jUTCkzQ.exe
  2⤵
  PID:5520
- C:\Windows\System\HIyOFtm.exe
  C:\Windows\System\HIyOFtm.exe
  2⤵
  PID:5572
- C:\Windows\System\yaKxnCa.exe
  C:\Windows\System\yaKxnCa.exe
  2⤵
  PID:5560
- C:\Windows\System\UaUxEqT.exe
  C:\Windows\System\UaUxEqT.exe
  2⤵
  PID:5600
- C:\Windows\System\XlHWDAM.exe
  C:\Windows\System\XlHWDAM.exe
  2⤵
  PID:5644
- C:\Windows\System\UATEACC.exe
  C:\Windows\System\UATEACC.exe
  2⤵
  PID:5704
- C:\Windows\System\UqrKRem.exe
  C:\Windows\System\UqrKRem.exe
  2⤵
  PID:5744
- C:\Windows\System\kjVWxbz.exe
  C:\Windows\System\kjVWxbz.exe
  2⤵
  PID:5756
- C:\Windows\System\tnzXxDU.exe
  C:\Windows\System\tnzXxDU.exe
  2⤵
  PID:756
- C:\Windows\System\EQNVvlb.exe
  C:\Windows\System\EQNVvlb.exe
  2⤵
  PID:5804
- C:\Windows\System\XNfcMqN.exe
  C:\Windows\System\XNfcMqN.exe
  2⤵
  PID:5836
- C:\Windows\System\QMczudg.exe
  C:\Windows\System\QMczudg.exe
  2⤵
  PID:5900
- C:\Windows\System\ViBazfH.exe
  C:\Windows\System\ViBazfH.exe
  2⤵
  PID:5904
- C:\Windows\System\fxkcwiH.exe
  C:\Windows\System\fxkcwiH.exe
  2⤵
  PID:5980
- C:\Windows\System\mWSyHeS.exe
  C:\Windows\System\mWSyHeS.exe
  2⤵
  PID:5968
- C:\Windows\System\EJiqerA.exe
  C:\Windows\System\EJiqerA.exe
  2⤵
  PID:6008
- C:\Windows\System\HMMTBuv.exe
  C:\Windows\System\HMMTBuv.exe
  2⤵
  PID:6044
- C:\Windows\System\RSRGtmP.exe
  C:\Windows\System\RSRGtmP.exe
  2⤵
  PID:6104
- C:\Windows\System\VmGDXed.exe
  C:\Windows\System\VmGDXed.exe
  2⤵
  PID:2664
- C:\Windows\System\ZiBdlBb.exe
  C:\Windows\System\ZiBdlBb.exe
  2⤵
  PID:6128
- C:\Windows\System\RpgqMXE.exe
  C:\Windows\System\RpgqMXE.exe
  2⤵
  PID:2192
- C:\Windows\System\moYueCo.exe
  C:\Windows\System\moYueCo.exe
  2⤵
  PID:4856
- C:\Windows\System\iRpqgEP.exe
  C:\Windows\System\iRpqgEP.exe
  2⤵
  PID:2276
- C:\Windows\System\fqxlcMV.exe
  C:\Windows\System\fqxlcMV.exe
  2⤵
  PID:3172
- C:\Windows\System\dMgKTWF.exe
  C:\Windows\System\dMgKTWF.exe
  2⤵
  PID:4308
- C:\Windows\System\kAWZTXk.exe
  C:\Windows\System\kAWZTXk.exe
  2⤵
  PID:5212
- C:\Windows\System\omydhle.exe
  C:\Windows\System\omydhle.exe
  2⤵
  PID:5208
- C:\Windows\System\zLzRhJG.exe
  C:\Windows\System\zLzRhJG.exe
  2⤵
  PID:5308
- C:\Windows\System\NGonGus.exe
  C:\Windows\System\NGonGus.exe
  2⤵
  PID:5232
- C:\Windows\System\CcRtqbZ.exe
  C:\Windows\System\CcRtqbZ.exe
  2⤵
  PID:5392
- C:\Windows\System\pBMuSbM.exe
  C:\Windows\System\pBMuSbM.exe
  2⤵
  PID:5424
- C:\Windows\System\WMbGfxE.exe
  C:\Windows\System\WMbGfxE.exe
  2⤵
  PID:5428
- C:\Windows\System\OVulAZe.exe
  C:\Windows\System\OVulAZe.exe
  2⤵
  PID:5492
- C:\Windows\System\nVUGoBm.exe
  C:\Windows\System\nVUGoBm.exe
  2⤵
  PID:5616
- C:\Windows\System\tZHtica.exe
  C:\Windows\System\tZHtica.exe
  2⤵
  PID:2552
- C:\Windows\System\pyPiptb.exe
  C:\Windows\System\pyPiptb.exe
  2⤵
  PID:5676
- C:\Windows\System\jVMJozD.exe
  C:\Windows\System\jVMJozD.exe
  2⤵
  PID:5776
- C:\Windows\System\wWzNrFX.exe
  C:\Windows\System\wWzNrFX.exe
  2⤵
  PID:5864
- C:\Windows\System\nSrBKol.exe
  C:\Windows\System\nSrBKol.exe
  2⤵
  PID:5884
- C:\Windows\System\XzFhWtV.exe
  C:\Windows\System\XzFhWtV.exe
  2⤵
  PID:5924
- C:\Windows\System\QzHQVug.exe
  C:\Windows\System\QzHQVug.exe
  2⤵
  PID:5984
- C:\Windows\System\NJCyVCK.exe
  C:\Windows\System\NJCyVCK.exe
  2⤵
  PID:6072
- C:\Windows\System\eZGOszA.exe
  C:\Windows\System\eZGOszA.exe
  2⤵
  PID:4552
- C:\Windows\System\vVxEjfE.exe
  C:\Windows\System\vVxEjfE.exe
  2⤵
  PID:6132
- C:\Windows\System\AWkUrbE.exe
  C:\Windows\System\AWkUrbE.exe
  2⤵
  PID:4492
- C:\Windows\System\bXxFxku.exe
  C:\Windows\System\bXxFxku.exe
  2⤵
  PID:4500
- C:\Windows\System\FtsfTuG.exe
  C:\Windows\System\FtsfTuG.exe
  2⤵
  PID:5104
- C:\Windows\System\fQnipnd.exe
  C:\Windows\System\fQnipnd.exe
  2⤵
  PID:5248
- C:\Windows\System\haDZNZd.exe
  C:\Windows\System\haDZNZd.exe
  2⤵
  PID:5176
- C:\Windows\System\CVwwtkc.exe
  C:\Windows\System\CVwwtkc.exe
  2⤵
  PID:5452
- C:\Windows\System\qgDwxLo.exe
  C:\Windows\System\qgDwxLo.exe
  2⤵
  PID:2680
- C:\Windows\System\cBFDjos.exe
  C:\Windows\System\cBFDjos.exe
  2⤵
  PID:656
- C:\Windows\System\atisoST.exe
  C:\Windows\System\atisoST.exe
  2⤵
  PID:3032
- C:\Windows\System\ziGlgFz.exe
  C:\Windows\System\ziGlgFz.exe
  2⤵
  PID:5720
- C:\Windows\System\FUODmBu.exe
  C:\Windows\System\FUODmBu.exe
  2⤵
  PID:5736
- C:\Windows\System\bDTOTGX.exe
  C:\Windows\System\bDTOTGX.exe
  2⤵
  PID:5216
- C:\Windows\System\tWsHpYg.exe
  C:\Windows\System\tWsHpYg.exe
  2⤵
  PID:5960
- C:\Windows\System\ZEGUeix.exe
  C:\Windows\System\ZEGUeix.exe
  2⤵
  PID:5908
- C:\Windows\System\HhXQjen.exe
  C:\Windows\System\HhXQjen.exe
  2⤵
  PID:4656
- C:\Windows\System\nDXHPiN.exe
  C:\Windows\System\nDXHPiN.exe
  2⤵
  PID:3488
- C:\Windows\System\vRKoTMQ.exe
  C:\Windows\System\vRKoTMQ.exe
  2⤵
  PID:3308
- C:\Windows\System\BClXfYA.exe
  C:\Windows\System\BClXfYA.exe
  2⤵
  PID:5252
- C:\Windows\System\BhHLcsZ.exe
  C:\Windows\System\BhHLcsZ.exe
  2⤵
  PID:5332
- C:\Windows\System\xFAPfJl.exe
  C:\Windows\System\xFAPfJl.exe
  2⤵
  PID:1600
- C:\Windows\System\NKNZSJn.exe
  C:\Windows\System\NKNZSJn.exe
  2⤵
  PID:5512
- C:\Windows\System\NjlzQvo.exe
  C:\Windows\System\NjlzQvo.exe
  2⤵
  PID:5716
- C:\Windows\System\ZmteZlJ.exe
  C:\Windows\System\ZmteZlJ.exe
  2⤵
  PID:2828
- C:\Windows\System\XQTJFTv.exe
  C:\Windows\System\XQTJFTv.exe
  2⤵
  PID:5856
- C:\Windows\System\YGfdKtr.exe
  C:\Windows\System\YGfdKtr.exe
  2⤵
  PID:6108
- C:\Windows\System\XFmKhJi.exe
  C:\Windows\System\XFmKhJi.exe
  2⤵
  PID:6148
- C:\Windows\System\cZZcrUh.exe
  C:\Windows\System\cZZcrUh.exe
  2⤵
  PID:6172
- C:\Windows\System\wJTSmMS.exe
  C:\Windows\System\wJTSmMS.exe
  2⤵
  PID:6192
- C:\Windows\System\YHacmHC.exe
  C:\Windows\System\YHacmHC.exe
  2⤵
  PID:6212
- C:\Windows\System\GxKumGu.exe
  C:\Windows\System\GxKumGu.exe
  2⤵
  PID:6232
- C:\Windows\System\LIecYIM.exe
  C:\Windows\System\LIecYIM.exe
  2⤵
  PID:6252
- C:\Windows\System\OaSyxHT.exe
  C:\Windows\System\OaSyxHT.exe
  2⤵
  PID:6272
- C:\Windows\System\ZjdqKPe.exe
  C:\Windows\System\ZjdqKPe.exe
  2⤵
  PID:6292
- C:\Windows\System\JUexeYx.exe
  C:\Windows\System\JUexeYx.exe
  2⤵
  PID:6316
- C:\Windows\System\kudboOR.exe
  C:\Windows\System\kudboOR.exe
  2⤵
  PID:6336
- C:\Windows\System\BrAQxcJ.exe
  C:\Windows\System\BrAQxcJ.exe
  2⤵
  PID:6356
- C:\Windows\System\xGByJAP.exe
  C:\Windows\System\xGByJAP.exe
  2⤵
  PID:6376
- C:\Windows\System\SYzZxbb.exe
  C:\Windows\System\SYzZxbb.exe
  2⤵
  PID:6396
- C:\Windows\System\hWyQRNc.exe
  C:\Windows\System\hWyQRNc.exe
  2⤵
  PID:6416
- C:\Windows\System\DpwxBwO.exe
  C:\Windows\System\DpwxBwO.exe
  2⤵
  PID:6436
- C:\Windows\System\goRxHBa.exe
  C:\Windows\System\goRxHBa.exe
  2⤵
  PID:6456
- C:\Windows\System\abfOPEL.exe
  C:\Windows\System\abfOPEL.exe
  2⤵
  PID:6472
- C:\Windows\System\JPjekWY.exe
  C:\Windows\System\JPjekWY.exe
  2⤵
  PID:6496
- C:\Windows\System\rgswPZj.exe
  C:\Windows\System\rgswPZj.exe
  2⤵
  PID:6516
- C:\Windows\System\avcGHmL.exe
  C:\Windows\System\avcGHmL.exe
  2⤵
  PID:6532
- C:\Windows\System\uVrEFAC.exe
  C:\Windows\System\uVrEFAC.exe
  2⤵
  PID:6556
- C:\Windows\System\adMAKUu.exe
  C:\Windows\System\adMAKUu.exe
  2⤵
  PID:6572
- C:\Windows\System\heQzlfr.exe
  C:\Windows\System\heQzlfr.exe
  2⤵
  PID:6596
- C:\Windows\System\ZboHwWd.exe
  C:\Windows\System\ZboHwWd.exe
  2⤵
  PID:6612
- C:\Windows\System\GPVgUxI.exe
  C:\Windows\System\GPVgUxI.exe
  2⤵
  PID:6636
- C:\Windows\System\fVDFCHJ.exe
  C:\Windows\System\fVDFCHJ.exe
  2⤵
  PID:6656
- C:\Windows\System\atYVkeP.exe
  C:\Windows\System\atYVkeP.exe
  2⤵
  PID:6676
- C:\Windows\System\YdYFrbm.exe
  C:\Windows\System\YdYFrbm.exe
  2⤵
  PID:6696
- C:\Windows\System\ejwtoQi.exe
  C:\Windows\System\ejwtoQi.exe
  2⤵
  PID:6716
- C:\Windows\System\NSTiWxj.exe
  C:\Windows\System\NSTiWxj.exe
  2⤵
  PID:6736
- C:\Windows\System\dxXJZUy.exe
  C:\Windows\System\dxXJZUy.exe
  2⤵
  PID:6756
- C:\Windows\System\UOEChgI.exe
  C:\Windows\System\UOEChgI.exe
  2⤵
  PID:6780
- C:\Windows\System\GNxJoTo.exe
  C:\Windows\System\GNxJoTo.exe
  2⤵
  PID:6796
- C:\Windows\System\uBKpNHC.exe
  C:\Windows\System\uBKpNHC.exe
  2⤵
  PID:6820
- C:\Windows\System\aTqWpQf.exe
  C:\Windows\System\aTqWpQf.exe
  2⤵
  PID:6840
- C:\Windows\System\UMYMblx.exe
  C:\Windows\System\UMYMblx.exe
  2⤵
  PID:6860
- C:\Windows\System\RIFHMhE.exe
  C:\Windows\System\RIFHMhE.exe
  2⤵
  PID:6880
- C:\Windows\System\VLVUkxL.exe
  C:\Windows\System\VLVUkxL.exe
  2⤵
  PID:6900
- C:\Windows\System\BaPhKJo.exe
  C:\Windows\System\BaPhKJo.exe
  2⤵
  PID:6916
- C:\Windows\System\TJLQdeH.exe
  C:\Windows\System\TJLQdeH.exe
  2⤵
  PID:6940
- C:\Windows\System\nwEOBrg.exe
  C:\Windows\System\nwEOBrg.exe
  2⤵
  PID:6960
- C:\Windows\System\RXaMQlB.exe
  C:\Windows\System\RXaMQlB.exe
  2⤵
  PID:6980
- C:\Windows\System\AeNmNFk.exe
  C:\Windows\System\AeNmNFk.exe
  2⤵
  PID:7000
- C:\Windows\System\xrUJdXZ.exe
  C:\Windows\System\xrUJdXZ.exe
  2⤵
  PID:7020
- C:\Windows\System\jrHRXvt.exe
  C:\Windows\System\jrHRXvt.exe
  2⤵
  PID:7040
- C:\Windows\System\EEVHKIl.exe
  C:\Windows\System\EEVHKIl.exe
  2⤵
  PID:7060
- C:\Windows\System\oxFvYRd.exe
  C:\Windows\System\oxFvYRd.exe
  2⤵
  PID:7080
- C:\Windows\System\djoJsMX.exe
  C:\Windows\System\djoJsMX.exe
  2⤵
  PID:7100
- C:\Windows\System\GItiFfT.exe
  C:\Windows\System\GItiFfT.exe
  2⤵
  PID:7120
- C:\Windows\System\ARYxXsp.exe
  C:\Windows\System\ARYxXsp.exe
  2⤵
  PID:7140
- C:\Windows\System\OrcFRuY.exe
  C:\Windows\System\OrcFRuY.exe
  2⤵
  PID:7160
- C:\Windows\System\jzCawiK.exe
  C:\Windows\System\jzCawiK.exe
  2⤵
  PID:6088
- C:\Windows\System\sHloTym.exe
  C:\Windows\System\sHloTym.exe
  2⤵
  PID:5168
- C:\Windows\System\UbFxcwz.exe
  C:\Windows\System\UbFxcwz.exe
  2⤵
  PID:5296
- C:\Windows\System\cIjfXIS.exe
  C:\Windows\System\cIjfXIS.exe
  2⤵
  PID:5876
- C:\Windows\System\mfWIDEZ.exe
  C:\Windows\System\mfWIDEZ.exe
  2⤵
  PID:5540
- C:\Windows\System\iyvyKTO.exe
  C:\Windows\System\iyvyKTO.exe
  2⤵
  PID:6084
- C:\Windows\System\tTsLUQu.exe
  C:\Windows\System\tTsLUQu.exe
  2⤵
  PID:6168
- C:\Windows\System\lyGpZyS.exe
  C:\Windows\System\lyGpZyS.exe
  2⤵
  PID:6188
- C:\Windows\System\SOaiRCT.exe
  C:\Windows\System\SOaiRCT.exe
  2⤵
  PID:6220
- C:\Windows\System\waFghrN.exe
  C:\Windows\System\waFghrN.exe
  2⤵
  PID:2868
- C:\Windows\System\OcPbLQs.exe
  C:\Windows\System\OcPbLQs.exe
  2⤵
  PID:6280
- C:\Windows\System\QUAnXQJ.exe
  C:\Windows\System\QUAnXQJ.exe
  2⤵
  PID:6324
- C:\Windows\System\aXcwzPh.exe
  C:\Windows\System\aXcwzPh.exe
  2⤵
  PID:6308
- C:\Windows\System\dDwrabA.exe
  C:\Windows\System\dDwrabA.exe
  2⤵
  PID:6348
- C:\Windows\System\vXtjYBk.exe
  C:\Windows\System\vXtjYBk.exe
  2⤵
  PID:6392
- C:\Windows\System\wWqyAWk.exe
  C:\Windows\System\wWqyAWk.exe
  2⤵
  PID:6388
- C:\Windows\System\WtoQeHi.exe
  C:\Windows\System\WtoQeHi.exe
  2⤵
  PID:6452
- C:\Windows\System\QOMzjAQ.exe
  C:\Windows\System\QOMzjAQ.exe
  2⤵
  PID:6512
- C:\Windows\System\ItJqotP.exe
  C:\Windows\System\ItJqotP.exe
  2⤵
  PID:6564
- C:\Windows\System\HeMIoQk.exe
  C:\Windows\System\HeMIoQk.exe
  2⤵
  PID:1172
- C:\Windows\System\xYfvzVQ.exe
  C:\Windows\System\xYfvzVQ.exe
  2⤵
  PID:6724
- C:\Windows\System\JhLknmp.exe
  C:\Windows\System\JhLknmp.exe
  2⤵
  PID:6704
- C:\Windows\System\BGFowIX.exe
  C:\Windows\System\BGFowIX.exe
  2⤵
  PID:6772
- C:\Windows\System\PtrXDjO.exe
  C:\Windows\System\PtrXDjO.exe
  2⤵
  PID:6816
- C:\Windows\System\ICJnVOs.exe
  C:\Windows\System\ICJnVOs.exe
  2⤵
  PID:6788
- C:\Windows\System\gCDkbKO.exe
  C:\Windows\System\gCDkbKO.exe
  2⤵
  PID:6848
- C:\Windows\System\EDynzIM.exe
  C:\Windows\System\EDynzIM.exe
  2⤵
  PID:6828
- C:\Windows\System\TmpMVjx.exe
  C:\Windows\System\TmpMVjx.exe
  2⤵
  PID:6888
- C:\Windows\System\OiPQPwI.exe
  C:\Windows\System\OiPQPwI.exe
  2⤵
  PID:6908
- C:\Windows\System\ogqNTVM.exe
  C:\Windows\System\ogqNTVM.exe
  2⤵
  PID:6948
- C:\Windows\System\Hcineic.exe
  C:\Windows\System\Hcineic.exe
  2⤵
  PID:6972
- C:\Windows\System\vxDIVfL.exe
  C:\Windows\System\vxDIVfL.exe
  2⤵
  PID:6996
- C:\Windows\System\NtAkMCr.exe
  C:\Windows\System\NtAkMCr.exe
  2⤵
  PID:7048
- C:\Windows\System\gmZsZGC.exe
  C:\Windows\System\gmZsZGC.exe
  2⤵
  PID:7088
- C:\Windows\System\SyleTSv.exe
  C:\Windows\System\SyleTSv.exe
  2⤵
  PID:7072
- C:\Windows\System\kqBFJyF.exe
  C:\Windows\System\kqBFJyF.exe
  2⤵
  PID:7136
- C:\Windows\System\VbmTEci.exe
  C:\Windows\System\VbmTEci.exe
  2⤵
  PID:7148
- C:\Windows\System\sgPaKXo.exe
  C:\Windows\System\sgPaKXo.exe
  2⤵
  PID:5276
- C:\Windows\System\hFbCRhO.exe
  C:\Windows\System\hFbCRhO.exe
  2⤵
  PID:2720
- C:\Windows\System\jSeurgt.exe
  C:\Windows\System\jSeurgt.exe
  2⤵
  PID:2740
- C:\Windows\System\IPxwdYu.exe
  C:\Windows\System\IPxwdYu.exe
  2⤵
  PID:6164
- C:\Windows\System\UaJguYF.exe
  C:\Windows\System\UaJguYF.exe
  2⤵
  PID:2508
- C:\Windows\System\PdfpviR.exe
  C:\Windows\System\PdfpviR.exe
  2⤵
  PID:1284
- C:\Windows\System\rhefVDK.exe
  C:\Windows\System\rhefVDK.exe
  2⤵
  PID:6284
- C:\Windows\System\eHxHDrj.exe
  C:\Windows\System\eHxHDrj.exe
  2⤵
  PID:3008
- C:\Windows\System\LiWbmRK.exe
  C:\Windows\System\LiWbmRK.exe
  2⤵
  PID:6384
- C:\Windows\System\Coeavhi.exe
  C:\Windows\System\Coeavhi.exe
  2⤵
  PID:6368
- C:\Windows\System\EXsjHhE.exe
  C:\Windows\System\EXsjHhE.exe
  2⤵
  PID:1484
- C:\Windows\System\KufjmKs.exe
  C:\Windows\System\KufjmKs.exe
  2⤵
  PID:2716
- C:\Windows\System\xCFIsOa.exe
  C:\Windows\System\xCFIsOa.exe
  2⤵
  PID:6492
- C:\Windows\System\qaHzMaP.exe
  C:\Windows\System\qaHzMaP.exe
  2⤵
  PID:1728
- C:\Windows\System\NItglOm.exe
  C:\Windows\System\NItglOm.exe
  2⤵
  PID:2176
- C:\Windows\System\dDrVBSw.exe
  C:\Windows\System\dDrVBSw.exe
  2⤵
  PID:6540
- C:\Windows\System\wCLVBHS.exe
  C:\Windows\System\wCLVBHS.exe
  2⤵
  PID:6692
- C:\Windows\System\hAwizif.exe
  C:\Windows\System\hAwizif.exe
  2⤵
  PID:2772
- C:\Windows\System\uIAjXdm.exe
  C:\Windows\System\uIAjXdm.exe
  2⤵
  PID:1268
- C:\Windows\System\gZUUNJb.exe
  C:\Windows\System\gZUUNJb.exe
  2⤵
  PID:6876
- C:\Windows\System\FZrWmLe.exe
  C:\Windows\System\FZrWmLe.exe
  2⤵
  PID:6808
- C:\Windows\System\HXGWGoU.exe
  C:\Windows\System\HXGWGoU.exe
  2⤵
  PID:6872
- C:\Windows\System\NPkdiuz.exe
  C:\Windows\System\NPkdiuz.exe
  2⤵
  PID:6936
- C:\Windows\System\LMKDRFz.exe
  C:\Windows\System\LMKDRFz.exe
  2⤵
  PID:6968
- C:\Windows\System\jzEmdIs.exe
  C:\Windows\System\jzEmdIs.exe
  2⤵
  PID:7052
- C:\Windows\System\rrYkqhr.exe
  C:\Windows\System\rrYkqhr.exe
  2⤵
  PID:7032
- C:\Windows\System\kiqJCIc.exe
  C:\Windows\System\kiqJCIc.exe
  2⤵
  PID:4152
- C:\Windows\System\bJzcHQY.exe
  C:\Windows\System\bJzcHQY.exe
  2⤵
  PID:2016
- C:\Windows\System\sGKtqYm.exe
  C:\Windows\System\sGKtqYm.exe
  2⤵
  PID:5684
- C:\Windows\System\fblgxKh.exe
  C:\Windows\System\fblgxKh.exe
  2⤵
  PID:7116
- C:\Windows\System\ebTyjmp.exe
  C:\Windows\System\ebTyjmp.exe
  2⤵
  PID:2624
- C:\Windows\System\MWikmdN.exe
  C:\Windows\System\MWikmdN.exe
  2⤵
  PID:2076
- C:\Windows\System\xXPjCDU.exe
  C:\Windows\System\xXPjCDU.exe
  2⤵
  PID:6184
- C:\Windows\System\tUfQNxO.exe
  C:\Windows\System\tUfQNxO.exe
  2⤵
  PID:6244
- C:\Windows\System\efMkpxO.exe
  C:\Windows\System\efMkpxO.exe
  2⤵
  PID:6268
- C:\Windows\System\pbLScXE.exe
  C:\Windows\System\pbLScXE.exe
  2⤵
  PID:1560
- C:\Windows\System\XUTmUIG.exe
  C:\Windows\System\XUTmUIG.exe
  2⤵
  PID:1368
- C:\Windows\System\ZEnaFmB.exe
  C:\Windows\System\ZEnaFmB.exe
  2⤵
  PID:6404
- C:\Windows\System\HxNMVRT.exe
  C:\Windows\System\HxNMVRT.exe
  2⤵
  PID:5660
- C:\Windows\System\zYNoTqm.exe
  C:\Windows\System\zYNoTqm.exe
  2⤵
  PID:6812
- C:\Windows\System\MPhXslC.exe
  C:\Windows\System\MPhXslC.exe
  2⤵
  PID:6932
- C:\Windows\System\DaSqqjp.exe
  C:\Windows\System\DaSqqjp.exe
  2⤵
  PID:6224
- C:\Windows\System\xwLPFux.exe
  C:\Windows\System\xwLPFux.exe
  2⤵
  PID:5760
- C:\Windows\System\hANabvP.exe
  C:\Windows\System\hANabvP.exe
  2⤵
  PID:6604
- C:\Windows\System\SOzgXAV.exe
  C:\Windows\System\SOzgXAV.exe
  2⤵
  PID:6688
- C:\Windows\System\gfaLQSQ.exe
  C:\Windows\System\gfaLQSQ.exe
  2⤵
  PID:7184
- C:\Windows\System\yXdkzxS.exe
  C:\Windows\System\yXdkzxS.exe
  2⤵
  PID:7200
- C:\Windows\System\mktcCtR.exe
  C:\Windows\System\mktcCtR.exe
  2⤵
  PID:7220
- C:\Windows\System\MwXbBne.exe
  C:\Windows\System\MwXbBne.exe
  2⤵
  PID:7236
- C:\Windows\System\DOnOKXs.exe
  C:\Windows\System\DOnOKXs.exe
  2⤵
  PID:7256
- C:\Windows\System\VGbKaHh.exe
  C:\Windows\System\VGbKaHh.exe
  2⤵
  PID:7300
- C:\Windows\System\lcoDZUu.exe
  C:\Windows\System\lcoDZUu.exe
  2⤵
  PID:7328
- C:\Windows\System\KjkYwzo.exe
  C:\Windows\System\KjkYwzo.exe
  2⤵
  PID:7344
- C:\Windows\System\FuAoGWp.exe
  C:\Windows\System\FuAoGWp.exe
  2⤵
  PID:7360
- C:\Windows\System\adxZBqe.exe
  C:\Windows\System\adxZBqe.exe
  2⤵
  PID:7380
- C:\Windows\System\pzKlmRA.exe
  C:\Windows\System\pzKlmRA.exe
  2⤵
  PID:7404
- C:\Windows\System\IOHmkCl.exe
  C:\Windows\System\IOHmkCl.exe
  2⤵
  PID:7424
- C:\Windows\System\CNGgmgU.exe
  C:\Windows\System\CNGgmgU.exe
  2⤵
  PID:7440
- C:\Windows\System\gOcwovr.exe
  C:\Windows\System\gOcwovr.exe
  2⤵
  PID:7456
- C:\Windows\System\icTFEZA.exe
  C:\Windows\System\icTFEZA.exe
  2⤵
  PID:7472
- C:\Windows\System\uCkVnCu.exe
  C:\Windows\System\uCkVnCu.exe
  2⤵
  PID:7492
- C:\Windows\System\gIJjlEx.exe
  C:\Windows\System\gIJjlEx.exe
  2⤵
  PID:7528
- C:\Windows\System\eDcZhzJ.exe
  C:\Windows\System\eDcZhzJ.exe
  2⤵
  PID:7544
- C:\Windows\System\qTVbygu.exe
  C:\Windows\System\qTVbygu.exe
  2⤵
  PID:7560
- C:\Windows\System\cyZnDEt.exe
  C:\Windows\System\cyZnDEt.exe
  2⤵
  PID:7576
- C:\Windows\System\vcdLBFC.exe
  C:\Windows\System\vcdLBFC.exe
  2⤵
  PID:7592
- C:\Windows\System\LepfgwP.exe
  C:\Windows\System\LepfgwP.exe
  2⤵
  PID:7608
- C:\Windows\System\SHpVwEH.exe
  C:\Windows\System\SHpVwEH.exe
  2⤵
  PID:7624
- C:\Windows\System\HUrESeT.exe
  C:\Windows\System\HUrESeT.exe
  2⤵
  PID:7640
- C:\Windows\System\YRFkfKd.exe
  C:\Windows\System\YRFkfKd.exe
  2⤵
  PID:7656
- C:\Windows\System\nTgDhCf.exe
  C:\Windows\System\nTgDhCf.exe
  2⤵
  PID:7672
- C:\Windows\System\PTIeTri.exe
  C:\Windows\System\PTIeTri.exe
  2⤵
  PID:7688
- C:\Windows\System\ltHAjrZ.exe
  C:\Windows\System\ltHAjrZ.exe
  2⤵
  PID:7704
- C:\Windows\System\SicnyTt.exe
  C:\Windows\System\SicnyTt.exe
  2⤵
  PID:7720
- C:\Windows\System\qeLsjoF.exe
  C:\Windows\System\qeLsjoF.exe
  2⤵
  PID:7736
- C:\Windows\System\OfStJUn.exe
  C:\Windows\System\OfStJUn.exe
  2⤵
  PID:7752
- C:\Windows\System\BFnufJm.exe
  C:\Windows\System\BFnufJm.exe
  2⤵
  PID:7768
- C:\Windows\System\QLEOgeF.exe
  C:\Windows\System\QLEOgeF.exe
  2⤵
  PID:7784
- C:\Windows\System\vQRRIOA.exe
  C:\Windows\System\vQRRIOA.exe
  2⤵
  PID:7804
- C:\Windows\System\vhxzTNR.exe
  C:\Windows\System\vhxzTNR.exe
  2⤵
  PID:7820
- C:\Windows\System\wNMqAut.exe
  C:\Windows\System\wNMqAut.exe
  2⤵
  PID:7836
- C:\Windows\System\JOIIwMH.exe
  C:\Windows\System\JOIIwMH.exe
  2⤵
  PID:7852
- C:\Windows\System\EdNkUyP.exe
  C:\Windows\System\EdNkUyP.exe
  2⤵
  PID:7868
- C:\Windows\System\UJaNlXe.exe
  C:\Windows\System\UJaNlXe.exe
  2⤵
  PID:7884
- C:\Windows\System\jetVgEi.exe
  C:\Windows\System\jetVgEi.exe
  2⤵
  PID:7900
- C:\Windows\System\BySLSck.exe
  C:\Windows\System\BySLSck.exe
  2⤵
  PID:7916
- C:\Windows\System\xzJCgWm.exe
  C:\Windows\System\xzJCgWm.exe
  2⤵
  PID:7932
- C:\Windows\System\yCSNhed.exe
  C:\Windows\System\yCSNhed.exe
  2⤵
  PID:7948
- C:\Windows\System\eUBNGVj.exe
  C:\Windows\System\eUBNGVj.exe
  2⤵
  PID:7964
- C:\Windows\System\xkhzPfw.exe
  C:\Windows\System\xkhzPfw.exe
  2⤵
  PID:7980
- C:\Windows\System\OxJaITg.exe
  C:\Windows\System\OxJaITg.exe
  2⤵
  PID:7996
- C:\Windows\System\JlEQBBo.exe
  C:\Windows\System\JlEQBBo.exe
  2⤵
  PID:8012
- C:\Windows\System\cEgavry.exe
  C:\Windows\System\cEgavry.exe
  2⤵
  PID:8028
- C:\Windows\System\RAtWmEc.exe
  C:\Windows\System\RAtWmEc.exe
  2⤵
  PID:8044
- C:\Windows\System\bfGvfcZ.exe
  C:\Windows\System\bfGvfcZ.exe
  2⤵
  PID:8060
- C:\Windows\System\mcQVTzB.exe
  C:\Windows\System\mcQVTzB.exe
  2⤵
  PID:8076
- C:\Windows\System\aCiXaOI.exe
  C:\Windows\System\aCiXaOI.exe
  2⤵
  PID:8092
- C:\Windows\System\lGDhRzS.exe
  C:\Windows\System\lGDhRzS.exe
  2⤵
  PID:8108
- C:\Windows\System\XvgYzlJ.exe
  C:\Windows\System\XvgYzlJ.exe
  2⤵
  PID:8124
- C:\Windows\System\CRuJXTG.exe
  C:\Windows\System\CRuJXTG.exe
  2⤵
  PID:8140
- C:\Windows\System\CiSshHN.exe
  C:\Windows\System\CiSshHN.exe
  2⤵
  PID:8156
- C:\Windows\System\fxPjwIL.exe
  C:\Windows\System\fxPjwIL.exe
  2⤵
  PID:8172
- C:\Windows\System\ssMbPJj.exe
  C:\Windows\System\ssMbPJj.exe
  2⤵
  PID:8188
- C:\Windows\System\JsoJsre.exe
  C:\Windows\System\JsoJsre.exe
  2⤵
  PID:6552
- C:\Windows\System\CYhlVrC.exe
  C:\Windows\System\CYhlVrC.exe
  2⤵
  PID:6748
- C:\Windows\System\TUwxPGS.exe
  C:\Windows\System\TUwxPGS.exe
  2⤵
  PID:7016
- C:\Windows\System\Vxoxkjh.exe
  C:\Windows\System\Vxoxkjh.exe
  2⤵
  PID:952
- C:\Windows\System\uxJzkOZ.exe
  C:\Windows\System\uxJzkOZ.exe
  2⤵
  PID:2924
- C:\Windows\System\Mufmphh.exe
  C:\Windows\System\Mufmphh.exe
  2⤵
  PID:7128
- C:\Windows\System\KSzXcnK.exe
  C:\Windows\System\KSzXcnK.exe
  2⤵
  PID:6264
- C:\Windows\System\gSpLzax.exe
  C:\Windows\System\gSpLzax.exe
  2⤵
  PID:1800
- C:\Windows\System\KgdisqB.exe
  C:\Windows\System\KgdisqB.exe
  2⤵
  PID:7180
- C:\Windows\System\VxiHPAY.exe
  C:\Windows\System\VxiHPAY.exe
  2⤵
  PID:6852
- C:\Windows\System\yxVgKUk.exe
  C:\Windows\System\yxVgKUk.exe
  2⤵
  PID:7308
- C:\Windows\System\yknJAdY.exe
  C:\Windows\System\yknJAdY.exe
  2⤵
  PID:7228
- C:\Windows\System\FvyuBZh.exe
  C:\Windows\System\FvyuBZh.exe
  2⤵
  PID:7068
- C:\Windows\System\MkeVLui.exe
  C:\Windows\System\MkeVLui.exe
  2⤵
  PID:6412
- C:\Windows\System\AnOpEcE.exe
  C:\Windows\System\AnOpEcE.exe
  2⤵
  PID:7352
- C:\Windows\System\jdFyZYE.exe
  C:\Windows\System\jdFyZYE.exe
  2⤵
  PID:7400
- C:\Windows\System\wMmtLgY.exe
  C:\Windows\System\wMmtLgY.exe
  2⤵
  PID:7432
- C:\Windows\System\uewecrk.exe
  C:\Windows\System\uewecrk.exe
  2⤵
  PID:7284
- C:\Windows\System\tmfmgXe.exe
  C:\Windows\System\tmfmgXe.exe
  2⤵
  PID:7268
- C:\Windows\System\ovalKlO.exe
  C:\Windows\System\ovalKlO.exe
  2⤵
  PID:7340
- C:\Windows\System\VchZBsf.exe
  C:\Windows\System\VchZBsf.exe
  2⤵
  PID:7468
- C:\Windows\System\sywHjUN.exe
  C:\Windows\System\sywHjUN.exe
  2⤵
  PID:7452
- C:\Windows\System\xsxqiFE.exe
  C:\Windows\System\xsxqiFE.exe
  2⤵
  PID:7500
- C:\Windows\System\xPzkedp.exe
  C:\Windows\System\xPzkedp.exe
  2⤵
  PID:6684
- C:\Windows\System\irhcCCZ.exe
  C:\Windows\System\irhcCCZ.exe
  2⤵
  PID:6628
- C:\Windows\System\eqyHdEg.exe
  C:\Windows\System\eqyHdEg.exe
  2⤵
  PID:6644
- C:\Windows\System\ZvTgMzZ.exe
  C:\Windows\System\ZvTgMzZ.exe
  2⤵
  PID:7512
- C:\Windows\System\kaRVbJn.exe
  C:\Windows\System\kaRVbJn.exe
  2⤵
  PID:7536
- C:\Windows\System\aRUWfxS.exe
  C:\Windows\System\aRUWfxS.exe
  2⤵
  PID:7572
- C:\Windows\System\aOGFxeA.exe
  C:\Windows\System\aOGFxeA.exe
  2⤵
  PID:7668
- C:\Windows\System\SjPtUBx.exe
  C:\Windows\System\SjPtUBx.exe
  2⤵
  PID:7584
- C:\Windows\System\dTNuJMV.exe
  C:\Windows\System\dTNuJMV.exe
  2⤵
  PID:7648
- C:\Windows\System\NfjRqdX.exe
  C:\Windows\System\NfjRqdX.exe
  2⤵
  PID:7712
- C:\Windows\System\mBKQpJB.exe
  C:\Windows\System\mBKQpJB.exe
  2⤵
  PID:7780
- C:\Windows\System\qzKNAEr.exe
  C:\Windows\System\qzKNAEr.exe
  2⤵
  PID:7732
- C:\Windows\System\JJDKdgh.exe
  C:\Windows\System\JJDKdgh.exe
  2⤵
  PID:7812
- C:\Windows\System\hokVkVg.exe
  C:\Windows\System\hokVkVg.exe
  2⤵
  PID:7844
- C:\Windows\System\NTGhcpW.exe
  C:\Windows\System\NTGhcpW.exe
  2⤵
  PID:7908
- C:\Windows\System\ZFUnovL.exe
  C:\Windows\System\ZFUnovL.exe
  2⤵
  PID:7896
- C:\Windows\System\ESMyLvQ.exe
  C:\Windows\System\ESMyLvQ.exe
  2⤵
  PID:7928
- C:\Windows\System\SzvtkRd.exe
  C:\Windows\System\SzvtkRd.exe
  2⤵
  PID:7988
- C:\Windows\System\eLVCEsm.exe
  C:\Windows\System\eLVCEsm.exe
  2⤵
  PID:7940
- C:\Windows\System\pGZaDkj.exe
  C:\Windows\System\pGZaDkj.exe
  2⤵
  PID:7972
- C:\Windows\System\VCGqeBY.exe
  C:\Windows\System\VCGqeBY.exe
  2⤵
  PID:8040
- C:\Windows\System\nTQBhwJ.exe
  C:\Windows\System\nTQBhwJ.exe
  2⤵
  PID:8104
- C:\Windows\System\BCLkcrx.exe
  C:\Windows\System\BCLkcrx.exe
  2⤵
  PID:8116
- C:\Windows\System\lEVGzcx.exe
  C:\Windows\System\lEVGzcx.exe
  2⤵
  PID:8120
- C:\Windows\System\jUaZLWT.exe
  C:\Windows\System\jUaZLWT.exe
  2⤵
  PID:8168
- C:\Windows\System\RODBDyy.exe
  C:\Windows\System\RODBDyy.exe
  2⤵
  PID:1892
- C:\Windows\System\gvVurBO.exe
  C:\Windows\System\gvVurBO.exe
  2⤵
  PID:6804
- C:\Windows\System\sUifXTw.exe
  C:\Windows\System\sUifXTw.exe
  2⤵
  PID:5604
- C:\Windows\System\doqzFjm.exe
  C:\Windows\System\doqzFjm.exe
  2⤵
  PID:7156
- C:\Windows\System\VOnPgeh.exe
  C:\Windows\System\VOnPgeh.exe
  2⤵
  PID:7316
- C:\Windows\System\xKLQfXU.exe
  C:\Windows\System\xKLQfXU.exe
  2⤵
  PID:7248
- C:\Windows\System\UXYnEpf.exe
  C:\Windows\System\UXYnEpf.exe
  2⤵
  PID:3056
- C:\Windows\System\OxNPQpl.exe
  C:\Windows\System\OxNPQpl.exe
  2⤵
  PID:6328
- C:\Windows\System\pFeeWwT.exe
  C:\Windows\System\pFeeWwT.exe
  2⤵
  PID:7448
- C:\Windows\System\NXhyWcd.exe
  C:\Windows\System\NXhyWcd.exe
  2⤵
  PID:7264
- C:\Windows\System\RWtrWow.exe
  C:\Windows\System\RWtrWow.exe
  2⤵
  PID:6588
- C:\Windows\System\grhYvLb.exe
  C:\Windows\System\grhYvLb.exe
  2⤵
  PID:7376
- C:\Windows\System\Nmhzaox.exe
  C:\Windows\System\Nmhzaox.exe
  2⤵
  PID:6672
- C:\Windows\System\AsxrFwg.exe
  C:\Windows\System\AsxrFwg.exe
  2⤵
  PID:7632
- C:\Windows\System\KcGUXhy.exe
  C:\Windows\System\KcGUXhy.exe
  2⤵
  PID:7508
- C:\Windows\System\TtrBtFn.exe
  C:\Windows\System\TtrBtFn.exe
  2⤵
  PID:7552
- C:\Windows\System\TIMWwax.exe
  C:\Windows\System\TIMWwax.exe
  2⤵
  PID:7684
- C:\Windows\System\CfgWHMG.exe
  C:\Windows\System\CfgWHMG.exe
  2⤵
  PID:7792
- C:\Windows\System\HdDBOIu.exe
  C:\Windows\System\HdDBOIu.exe
  2⤵
  PID:7816
- C:\Windows\System\ShvgBWg.exe
  C:\Windows\System\ShvgBWg.exe
  2⤵
  PID:7924
- C:\Windows\System\ystXgts.exe
  C:\Windows\System\ystXgts.exe
  2⤵
  PID:7992
- C:\Windows\System\KuMtERh.exe
  C:\Windows\System\KuMtERh.exe
  2⤵
  PID:8136
- C:\Windows\System\qbKRdXl.exe
  C:\Windows\System\qbKRdXl.exe
  2⤵
  PID:8004
- C:\Windows\System\nXElySt.exe
  C:\Windows\System\nXElySt.exe
  2⤵
  PID:8084
- C:\Windows\System\zzixvpw.exe
  C:\Windows\System\zzixvpw.exe
  2⤵
  PID:7192
- C:\Windows\System\PbdDhsb.exe
  C:\Windows\System\PbdDhsb.exe
  2⤵
  PID:6584
- C:\Windows\System\wzgTRLY.exe
  C:\Windows\System\wzgTRLY.exe
  2⤵
  PID:5312
- C:\Windows\System\YEmGnlm.exe
  C:\Windows\System\YEmGnlm.exe
  2⤵
  PID:7368
- C:\Windows\System\CHkHZaG.exe
  C:\Windows\System\CHkHZaG.exe
  2⤵
  PID:7524
- C:\Windows\System\aQdybuq.exe
  C:\Windows\System\aQdybuq.exe
  2⤵
  PID:7388
- C:\Windows\System\xVXQLZz.exe
  C:\Windows\System\xVXQLZz.exe
  2⤵
  PID:6624
- C:\Windows\System\VrHclCv.exe
  C:\Windows\System\VrHclCv.exe
  2⤵
  PID:7412
- C:\Windows\System\rtgbecD.exe
  C:\Windows\System\rtgbecD.exe
  2⤵
  PID:7832
- C:\Windows\System\fbgJZLo.exe
  C:\Windows\System\fbgJZLo.exe
  2⤵
  PID:8052
- C:\Windows\System\kyyEQbo.exe
  C:\Windows\System\kyyEQbo.exe
  2⤵
  PID:8100
- C:\Windows\System\hARvhRU.exe
  C:\Windows\System\hARvhRU.exe
  2⤵
  PID:7336
- C:\Windows\System\SyeDiLi.exe
  C:\Windows\System\SyeDiLi.exe
  2⤵
  PID:6444
- C:\Windows\System\CSCVSQP.exe
  C:\Windows\System\CSCVSQP.exe
  2⤵
  PID:7028
- C:\Windows\System\bGbocCd.exe
  C:\Windows\System\bGbocCd.exe
  2⤵
  PID:7744
- C:\Windows\System\HAMlSOq.exe
  C:\Windows\System\HAMlSOq.exe
  2⤵
  PID:8036
- C:\Windows\System\fmvOUhL.exe
  C:\Windows\System\fmvOUhL.exe
  2⤵
  PID:7484
- C:\Windows\System\rkSFDBb.exe
  C:\Windows\System\rkSFDBb.exe
  2⤵
  PID:7296
- C:\Windows\System\zSbiNCf.exe
  C:\Windows\System\zSbiNCf.exe
  2⤵
  PID:7504
- C:\Windows\System\RuLTgET.exe
  C:\Windows\System\RuLTgET.exe
  2⤵
  PID:7212
- C:\Windows\System\QAuYzkW.exe
  C:\Windows\System\QAuYzkW.exe
  2⤵
  PID:8008
- C:\Windows\System\FPPilYs.exe
  C:\Windows\System\FPPilYs.exe
  2⤵
  PID:7232
- C:\Windows\System\vzDkdlT.exe
  C:\Windows\System\vzDkdlT.exe
  2⤵
  PID:7600
- C:\Windows\System\aFCndhx.exe
  C:\Windows\System\aFCndhx.exe
  2⤵
  PID:8204
- C:\Windows\System\LzsEKBg.exe
  C:\Windows\System\LzsEKBg.exe
  2⤵
  PID:8220
- C:\Windows\System\pflCnie.exe
  C:\Windows\System\pflCnie.exe
  2⤵
  PID:8236
- C:\Windows\System\iVKPoWp.exe
  C:\Windows\System\iVKPoWp.exe
  2⤵
  PID:8252
- C:\Windows\System\sPIdpic.exe
  C:\Windows\System\sPIdpic.exe
  2⤵
  PID:8268
- C:\Windows\System\qkNYytl.exe
  C:\Windows\System\qkNYytl.exe
  2⤵
  PID:8296
- C:\Windows\System\OAVsrzt.exe
  C:\Windows\System\OAVsrzt.exe
  2⤵
  PID:8316
- C:\Windows\System\hlXHpDj.exe
  C:\Windows\System\hlXHpDj.exe
  2⤵
  PID:8332
- C:\Windows\System\alnZHLR.exe
  C:\Windows\System\alnZHLR.exe
  2⤵
  PID:8348
- C:\Windows\System\BMjIzmI.exe
  C:\Windows\System\BMjIzmI.exe
  2⤵
  PID:8392
- C:\Windows\System\WVBJIPL.exe
  C:\Windows\System\WVBJIPL.exe
  2⤵
  PID:8408
- C:\Windows\System\WjbukxG.exe
  C:\Windows\System\WjbukxG.exe
  2⤵
  PID:8424
- C:\Windows\System\rrFVrxv.exe
  C:\Windows\System\rrFVrxv.exe
  2⤵
  PID:8448
- C:\Windows\System\XTFnNRG.exe
  C:\Windows\System\XTFnNRG.exe
  2⤵
  PID:8464
- C:\Windows\System\TnfvSkz.exe
  C:\Windows\System\TnfvSkz.exe
  2⤵
  PID:8480
- C:\Windows\System\rvMREnz.exe
  C:\Windows\System\rvMREnz.exe
  2⤵
  PID:8500
- C:\Windows\System\rHfnNeM.exe
  C:\Windows\System\rHfnNeM.exe
  2⤵
  PID:8592
- C:\Windows\System\gvlIsrj.exe
  C:\Windows\System\gvlIsrj.exe
  2⤵
  PID:8608
- C:\Windows\System\TTVuXNf.exe
  C:\Windows\System\TTVuXNf.exe
  2⤵
  PID:8624
- C:\Windows\System\sodMgcr.exe
  C:\Windows\System\sodMgcr.exe
  2⤵
  PID:8640
- C:\Windows\System\YTfRXOo.exe
  C:\Windows\System\YTfRXOo.exe
  2⤵
  PID:8656
- C:\Windows\System\jBmhTLb.exe
  C:\Windows\System\jBmhTLb.exe
  2⤵
  PID:8672
- C:\Windows\System\pHLucGm.exe
  C:\Windows\System\pHLucGm.exe
  2⤵
  PID:8688
- C:\Windows\System\GDiaBCg.exe
  C:\Windows\System\GDiaBCg.exe
  2⤵
  PID:8704
- C:\Windows\System\DdGSkaL.exe
  C:\Windows\System\DdGSkaL.exe
  2⤵
  PID:8720
- C:\Windows\System\EreAved.exe
  C:\Windows\System\EreAved.exe
  2⤵
  PID:8736
- C:\Windows\System\jNzAKuD.exe
  C:\Windows\System\jNzAKuD.exe
  2⤵
  PID:8752
- C:\Windows\System\CnnWqua.exe
  C:\Windows\System\CnnWqua.exe
  2⤵
  PID:8768
- C:\Windows\System\FHXspfg.exe
  C:\Windows\System\FHXspfg.exe
  2⤵
  PID:8784
- C:\Windows\System\GcrzBLx.exe
  C:\Windows\System\GcrzBLx.exe
  2⤵
  PID:8800
- C:\Windows\System\YtmXaai.exe
  C:\Windows\System\YtmXaai.exe
  2⤵
  PID:8868
- C:\Windows\System\kYlDZnn.exe
  C:\Windows\System\kYlDZnn.exe
  2⤵
  PID:8884
- C:\Windows\System\NjpKkdt.exe
  C:\Windows\System\NjpKkdt.exe
  2⤵
  PID:8900
- C:\Windows\System\hziMFqP.exe
  C:\Windows\System\hziMFqP.exe
  2⤵
  PID:8916
- C:\Windows\System\gIKSxRE.exe
  C:\Windows\System\gIKSxRE.exe
  2⤵
  PID:8932
- C:\Windows\System\LibCDbk.exe
  C:\Windows\System\LibCDbk.exe
  2⤵
  PID:8948
- C:\Windows\System\yCXndfL.exe
  C:\Windows\System\yCXndfL.exe
  2⤵
  PID:8964
- C:\Windows\System\QATJaPE.exe
  C:\Windows\System\QATJaPE.exe
  2⤵
  PID:8980
- C:\Windows\System\MVCtOhT.exe
  C:\Windows\System\MVCtOhT.exe
  2⤵
  PID:8996
- C:\Windows\System\sqZWdHd.exe
  C:\Windows\System\sqZWdHd.exe
  2⤵
  PID:9012
- C:\Windows\System\sRSBGpS.exe
  C:\Windows\System\sRSBGpS.exe
  2⤵
  PID:9028
- C:\Windows\System\QqYMldP.exe
  C:\Windows\System\QqYMldP.exe
  2⤵
  PID:9044
- C:\Windows\System\MWCxzMf.exe
  C:\Windows\System\MWCxzMf.exe
  2⤵
  PID:9060
- C:\Windows\System\WmdjpzS.exe
  C:\Windows\System\WmdjpzS.exe
  2⤵
  PID:9076
- C:\Windows\System\eVtXNuL.exe
  C:\Windows\System\eVtXNuL.exe
  2⤵
  PID:9092
- C:\Windows\System\uKoeBDT.exe
  C:\Windows\System\uKoeBDT.exe
  2⤵
  PID:9108
- C:\Windows\System\kRREqDm.exe
  C:\Windows\System\kRREqDm.exe
  2⤵
  PID:9124
- C:\Windows\System\kdXVGeH.exe
  C:\Windows\System\kdXVGeH.exe
  2⤵
  PID:9140
- C:\Windows\System\CDdKGLL.exe
  C:\Windows\System\CDdKGLL.exe
  2⤵
  PID:9156
- C:\Windows\System\GNCJYWZ.exe
  C:\Windows\System\GNCJYWZ.exe
  2⤵
  PID:9176
- C:\Windows\System\tyTOazZ.exe
  C:\Windows\System\tyTOazZ.exe
  2⤵
  PID:9192
- C:\Windows\System\fiZvmuA.exe
  C:\Windows\System\fiZvmuA.exe
  2⤵
  PID:9208
- C:\Windows\System\qcJpLmd.exe
  C:\Windows\System\qcJpLmd.exe
  2⤵
  PID:2700
- C:\Windows\System\BCKIzxm.exe
  C:\Windows\System\BCKIzxm.exe
  2⤵
  PID:8072
- C:\Windows\System\hlZTuBl.exe
  C:\Windows\System\hlZTuBl.exe
  2⤵
  PID:1652
- C:\Windows\System\gRBpNHK.exe
  C:\Windows\System\gRBpNHK.exe
  2⤵
  PID:8244
- C:\Windows\System\PyhhTix.exe
  C:\Windows\System\PyhhTix.exe
  2⤵
  PID:8232
- C:\Windows\System\AaBdQeI.exe
  C:\Windows\System\AaBdQeI.exe
  2⤵
  PID:8284
- C:\Windows\System\hrCCylQ.exe
  C:\Windows\System\hrCCylQ.exe
  2⤵
  PID:8304
- C:\Windows\System\WAIRLnB.exe
  C:\Windows\System\WAIRLnB.exe
  2⤵
  PID:8328
- C:\Windows\System\eRNvHtG.exe
  C:\Windows\System\eRNvHtG.exe
  2⤵
  PID:8400
- C:\Windows\System\EZLiOUv.exe
  C:\Windows\System\EZLiOUv.exe
  2⤵
  PID:8368
- C:\Windows\System\YAckzfg.exe
  C:\Windows\System\YAckzfg.exe
  2⤵
  PID:8388
- C:\Windows\System\RovzVLK.exe
  C:\Windows\System\RovzVLK.exe
  2⤵
  PID:8456
- C:\Windows\System\wYdrmDt.exe
  C:\Windows\System\wYdrmDt.exe
  2⤵
  PID:8496
- C:\Windows\System\leSZZus.exe
  C:\Windows\System\leSZZus.exe
  2⤵
  PID:8436
- C:\Windows\System\qvbLNLF.exe
  C:\Windows\System\qvbLNLF.exe
  2⤵
  PID:8512
- C:\Windows\System\KKWHOyp.exe
  C:\Windows\System\KKWHOyp.exe
  2⤵
  PID:8432
- C:\Windows\System\etXIQRG.exe
  C:\Windows\System\etXIQRG.exe
  2⤵
  PID:8532
- C:\Windows\System\QtVVuCs.exe
  C:\Windows\System\QtVVuCs.exe
  2⤵
  PID:8560
- C:\Windows\System\OmeoUHT.exe
  C:\Windows\System\OmeoUHT.exe
  2⤵
  PID:8576
- C:\Windows\System\KLBxCeQ.exe
  C:\Windows\System\KLBxCeQ.exe
  2⤵
  PID:8616
- C:\Windows\System\KyQuTuq.exe
  C:\Windows\System\KyQuTuq.exe
  2⤵
  PID:8684
- C:\Windows\System\UFHoztK.exe
  C:\Windows\System\UFHoztK.exe
  2⤵
  PID:8748
- C:\Windows\System\AOQrJBu.exe
  C:\Windows\System\AOQrJBu.exe
  2⤵
  PID:8632
- C:\Windows\System\KHaucEs.exe
  C:\Windows\System\KHaucEs.exe
  2⤵
  PID:8600
- C:\Windows\System\ZHZIOfK.exe
  C:\Windows\System\ZHZIOfK.exe
  2⤵
  PID:8700
- C:\Windows\System\qEVgFpZ.exe
  C:\Windows\System\qEVgFpZ.exe
  2⤵
  PID:8792
- C:\Windows\System\tKcfCXQ.exe
  C:\Windows\System\tKcfCXQ.exe
  2⤵
  PID:8816
- C:\Windows\System\QjdpZOm.exe
  C:\Windows\System\QjdpZOm.exe
  2⤵
  PID:8824
- C:\Windows\System\BPOkbZz.exe
  C:\Windows\System\BPOkbZz.exe
  2⤵
  PID:8860
- C:\Windows\System\LDcVqtq.exe
  C:\Windows\System\LDcVqtq.exe
  2⤵
  PID:8864
- C:\Windows\System\hFMdYFg.exe
  C:\Windows\System\hFMdYFg.exe
  2⤵
  PID:8928
- C:\Windows\System\zkFZHvh.exe
  C:\Windows\System\zkFZHvh.exe
  2⤵
  PID:8960
- C:\Windows\System\PYiQEFl.exe
  C:\Windows\System\PYiQEFl.exe
  2⤵
  PID:8944
- C:\Windows\System\flsVWnK.exe
  C:\Windows\System\flsVWnK.exe
  2⤵
  PID:9024
- C:\Windows\System\hscRUxj.exe
  C:\Windows\System\hscRUxj.exe
  2⤵
  PID:9040
- C:\Windows\System\ytPoTeO.exe
  C:\Windows\System\ytPoTeO.exe
  2⤵
  PID:9068
- C:\Windows\System\ebavxnS.exe
  C:\Windows\System\ebavxnS.exe
  2⤵
  PID:9104
- C:\Windows\System\zvDvHVC.exe
  C:\Windows\System\zvDvHVC.exe
  2⤵
  PID:9120
- C:\Windows\System\CFrkuAS.exe
  C:\Windows\System\CFrkuAS.exe
  2⤵
  PID:9148
- C:\Windows\System\azqJwxj.exe
  C:\Windows\System\azqJwxj.exe
  2⤵
  PID:9188
- C:\Windows\System\qGKCGQk.exe
  C:\Windows\System\qGKCGQk.exe
  2⤵
  PID:9200
- C:\Windows\System\pTwhZHz.exe
  C:\Windows\System\pTwhZHz.exe
  2⤵
  PID:8216
- C:\Windows\System\DCYPeqH.exe
  C:\Windows\System\DCYPeqH.exe
  2⤵
  PID:2132
- C:\Windows\System\YGKkYTU.exe
  C:\Windows\System\YGKkYTU.exe
  2⤵
  PID:8416
- C:\Windows\System\IveOygI.exe
  C:\Windows\System\IveOygI.exe
  2⤵
  PID:8276
- C:\Windows\System\HasbdIp.exe
  C:\Windows\System\HasbdIp.exe
  2⤵
  PID:8380
- C:\Windows\System\cSoAPWf.exe
  C:\Windows\System\cSoAPWf.exe
  2⤵
  PID:8488
- C:\Windows\System\rjMoabG.exe
  C:\Windows\System\rjMoabG.exe
  2⤵
  PID:8556
- C:\Windows\System\LOkuGps.exe
  C:\Windows\System\LOkuGps.exe
  2⤵
  PID:8548
- C:\Windows\System\cCdqbFR.exe
  C:\Windows\System\cCdqbFR.exe
  2⤵
  PID:8716
- C:\Windows\System\HcCtOYR.exe
  C:\Windows\System\HcCtOYR.exe
  2⤵
  PID:8680
- C:\Windows\System\BHTGWKy.exe
  C:\Windows\System\BHTGWKy.exe
  2⤵
  PID:8652
- C:\Windows\System\kBjYlFB.exe
  C:\Windows\System\kBjYlFB.exe
  2⤵
  PID:8808
- C:\Windows\System\RRsshfQ.exe
  C:\Windows\System\RRsshfQ.exe
  2⤵
  PID:8892
- C:\Windows\System\rIbuxQY.exe
  C:\Windows\System\rIbuxQY.exe
  2⤵
  PID:8836
- C:\Windows\System\hALvgZY.exe
  C:\Windows\System\hALvgZY.exe
  2⤵
  PID:8876
- C:\Windows\System\wlxcRNH.exe
  C:\Windows\System\wlxcRNH.exe
  2⤵
  PID:8848
- C:\Windows\System\oOAFxrG.exe
  C:\Windows\System\oOAFxrG.exe
  2⤵
  PID:9084
- C:\Windows\System\esXODvJ.exe
  C:\Windows\System\esXODvJ.exe
  2⤵
  PID:9152
- C:\Windows\System\iqWJVSF.exe
  C:\Windows\System\iqWJVSF.exe
  2⤵
  PID:9088
- C:\Windows\System\mAuiKMM.exe
  C:\Windows\System\mAuiKMM.exe
  2⤵
  PID:1636
- C:\Windows\System\pZWQLhy.exe
  C:\Windows\System\pZWQLhy.exe
  2⤵
  PID:6608
- C:\Windows\System\STaCHSY.exe
  C:\Windows\System\STaCHSY.exe
  2⤵
  PID:8492
- C:\Windows\System\eqyLvlA.exe
  C:\Windows\System\eqyLvlA.exe
  2⤵
  PID:8308
- C:\Windows\System\WUCYjpW.exe
  C:\Windows\System\WUCYjpW.exe
  2⤵
  PID:8356
- C:\Windows\System\inyvAvY.exe
  C:\Windows\System\inyvAvY.exe
  2⤵
  PID:8732
- C:\Windows\System\jkgDlft.exe
  C:\Windows\System\jkgDlft.exe
  2⤵
  PID:8764
- C:\Windows\System\LOmwTLB.exe
  C:\Windows\System\LOmwTLB.exe
  2⤵
  PID:8844
- C:\Windows\System\RedIPDw.exe
  C:\Windows\System\RedIPDw.exe
  2⤵
  PID:9036
- C:\Windows\System\ZkskWwh.exe
  C:\Windows\System\ZkskWwh.exe
  2⤵
  PID:9116
- C:\Windows\System\WLQlYoJ.exe
  C:\Windows\System\WLQlYoJ.exe
  2⤵
  PID:1924
- C:\Windows\System\QeWdEVh.exe
  C:\Windows\System\QeWdEVh.exe
  2⤵
  PID:1608
- C:\Windows\System\PQFuxvs.exe
  C:\Windows\System\PQFuxvs.exe
  2⤵
  PID:8852
- C:\Windows\System\KLMOdfd.exe
  C:\Windows\System\KLMOdfd.exe
  2⤵
  PID:9172
- C:\Windows\System\nhrzkDi.exe
  C:\Windows\System\nhrzkDi.exe
  2⤵
  PID:8812
- C:\Windows\System\iHKDKym.exe
  C:\Windows\System\iHKDKym.exe
  2⤵
  PID:9056
- C:\Windows\System\JYAqGAP.exe
  C:\Windows\System\JYAqGAP.exe
  2⤵
  PID:1960
- C:\Windows\System\vZsOCxD.exe
  C:\Windows\System\vZsOCxD.exe
  2⤵
  PID:8564
- C:\Windows\System\tIcSrLA.exe
  C:\Windows\System\tIcSrLA.exe
  2⤵
  PID:8536
- C:\Windows\System\WiICKTd.exe
  C:\Windows\System\WiICKTd.exe
  2⤵
  PID:8476
- C:\Windows\System\tzWcsPX.exe
  C:\Windows\System\tzWcsPX.exe
  2⤵
  PID:9232
- C:\Windows\System\dIgJpFk.exe
  C:\Windows\System\dIgJpFk.exe
  2⤵
  PID:9248
- C:\Windows\System\vmUwnkw.exe
  C:\Windows\System\vmUwnkw.exe
  2⤵
  PID:9264
- C:\Windows\System\NGXeaht.exe
  C:\Windows\System\NGXeaht.exe
  2⤵
  PID:9280
- C:\Windows\System\tFJTCdp.exe
  C:\Windows\System\tFJTCdp.exe
  2⤵
  PID:9296
- C:\Windows\System\HqVMOqD.exe
  C:\Windows\System\HqVMOqD.exe
  2⤵
  PID:9312
- C:\Windows\System\cwWTdee.exe
  C:\Windows\System\cwWTdee.exe
  2⤵
  PID:9328
- C:\Windows\System\zPjDptN.exe
  C:\Windows\System\zPjDptN.exe
  2⤵
  PID:9344
- C:\Windows\System\EvasXnf.exe
  C:\Windows\System\EvasXnf.exe
  2⤵
  PID:9360
- C:\Windows\System\rnFIyFk.exe
  C:\Windows\System\rnFIyFk.exe
  2⤵
  PID:9376
- C:\Windows\System\faWAIbY.exe
  C:\Windows\System\faWAIbY.exe
  2⤵
  PID:9392
- C:\Windows\System\ieWlKEq.exe
  C:\Windows\System\ieWlKEq.exe
  2⤵
  PID:9408
- C:\Windows\System\lRMHqMX.exe
  C:\Windows\System\lRMHqMX.exe
  2⤵
  PID:9424
- C:\Windows\System\OXwKCSB.exe
  C:\Windows\System\OXwKCSB.exe
  2⤵
  PID:9440
- C:\Windows\System\kttehIX.exe
  C:\Windows\System\kttehIX.exe
  2⤵
  PID:9456
- C:\Windows\System\KkDftoW.exe
  C:\Windows\System\KkDftoW.exe
  2⤵
  PID:9472
- C:\Windows\System\tKaPjDk.exe
  C:\Windows\System\tKaPjDk.exe
  2⤵
  PID:9488
- C:\Windows\System\iIRMpDy.exe
  C:\Windows\System\iIRMpDy.exe
  2⤵
  PID:9504
- C:\Windows\System\GpyRpbv.exe
  C:\Windows\System\GpyRpbv.exe
  2⤵
  PID:9520
- C:\Windows\System\AxQZpqx.exe
  C:\Windows\System\AxQZpqx.exe
  2⤵
  PID:9536
- C:\Windows\System\rhuvmTf.exe
  C:\Windows\System\rhuvmTf.exe
  2⤵
  PID:9552
- C:\Windows\System\KcxyYye.exe
  C:\Windows\System\KcxyYye.exe
  2⤵
  PID:9568
- C:\Windows\System\sujmnqe.exe
  C:\Windows\System\sujmnqe.exe
  2⤵
  PID:9584
- C:\Windows\System\jmnJYyr.exe
  C:\Windows\System\jmnJYyr.exe
  2⤵
  PID:9600
- C:\Windows\System\Tdassjk.exe
  C:\Windows\System\Tdassjk.exe
  2⤵
  PID:9616
- C:\Windows\System\jIYHsCN.exe
  C:\Windows\System\jIYHsCN.exe
  2⤵
  PID:9632
- C:\Windows\System\euUgnXT.exe
  C:\Windows\System\euUgnXT.exe
  2⤵
  PID:9648
- C:\Windows\System\aiqIbEO.exe
  C:\Windows\System\aiqIbEO.exe
  2⤵
  PID:9664
- C:\Windows\System\WoKkBPg.exe
  C:\Windows\System\WoKkBPg.exe
  2⤵
  PID:9680
- C:\Windows\System\ZxTKTst.exe
  C:\Windows\System\ZxTKTst.exe
  2⤵
  PID:9696
- C:\Windows\System\CyYZpyP.exe
  C:\Windows\System\CyYZpyP.exe
  2⤵
  PID:9724
- C:\Windows\System\ovferpw.exe
  C:\Windows\System\ovferpw.exe
  2⤵
  PID:9740
- C:\Windows\System\wBGDqRp.exe
  C:\Windows\System\wBGDqRp.exe
  2⤵
  PID:9756
- C:\Windows\System\quRdUjs.exe
  C:\Windows\System\quRdUjs.exe
  2⤵
  PID:9772
- C:\Windows\System\uDmadHJ.exe
  C:\Windows\System\uDmadHJ.exe
  2⤵
  PID:9788
- C:\Windows\System\XJYgzBd.exe
  C:\Windows\System\XJYgzBd.exe
  2⤵
  PID:9804
- C:\Windows\System\aGvWNUc.exe
  C:\Windows\System\aGvWNUc.exe
  2⤵
  PID:9820
- C:\Windows\System\OYQMTPF.exe
  C:\Windows\System\OYQMTPF.exe
  2⤵
  PID:9844
- C:\Windows\System\VveRQvj.exe
  C:\Windows\System\VveRQvj.exe
  2⤵
  PID:9864
- C:\Windows\System\DRSEwZp.exe
  C:\Windows\System\DRSEwZp.exe
  2⤵
  PID:9880
- C:\Windows\System\PxbeTVn.exe
  C:\Windows\System\PxbeTVn.exe
  2⤵
  PID:9896
- C:\Windows\System\IXnuWbW.exe
  C:\Windows\System\IXnuWbW.exe
  2⤵
  PID:9912
- C:\Windows\System\VYVNnLO.exe
  C:\Windows\System\VYVNnLO.exe
  2⤵
  PID:9928
- C:\Windows\System\BdMUQzE.exe
  C:\Windows\System\BdMUQzE.exe
  2⤵
  PID:9944
- C:\Windows\System\TbSkPhX.exe
  C:\Windows\System\TbSkPhX.exe
  2⤵
  PID:9960
- C:\Windows\System\IdqLIWf.exe
  C:\Windows\System\IdqLIWf.exe
  2⤵
  PID:9976
- C:\Windows\System\QqjAoBv.exe
  C:\Windows\System\QqjAoBv.exe
  2⤵
  PID:9992
- C:\Windows\System\uxQXiXf.exe
  C:\Windows\System\uxQXiXf.exe
  2⤵
  PID:10008
- C:\Windows\System\wTtwJRN.exe
  C:\Windows\System\wTtwJRN.exe
  2⤵
  PID:10024
- C:\Windows\System\iGcluNL.exe
  C:\Windows\System\iGcluNL.exe
  2⤵
  PID:10040
- C:\Windows\System\SPhTZEg.exe
  C:\Windows\System\SPhTZEg.exe
  2⤵
  PID:10056
- C:\Windows\System\YJaiNbY.exe
  C:\Windows\System\YJaiNbY.exe
  2⤵
  PID:10072
- C:\Windows\System\iQwZorx.exe
  C:\Windows\System\iQwZorx.exe
  2⤵
  PID:10088
- C:\Windows\System\OSVfvsc.exe
  C:\Windows\System\OSVfvsc.exe
  2⤵
  PID:10104
- C:\Windows\System\cKdniss.exe
  C:\Windows\System\cKdniss.exe
  2⤵
  PID:10120
- C:\Windows\System\PENJgJB.exe
  C:\Windows\System\PENJgJB.exe
  2⤵
  PID:10136
- C:\Windows\System\dPZfAXR.exe
  C:\Windows\System\dPZfAXR.exe
  2⤵
  PID:10152
- C:\Windows\System\bfskFOo.exe
  C:\Windows\System\bfskFOo.exe
  2⤵
  PID:10168
- C:\Windows\System\LZDuzuM.exe
  C:\Windows\System\LZDuzuM.exe
  2⤵
  PID:10184
- C:\Windows\System\tXIfIoP.exe
  C:\Windows\System\tXIfIoP.exe
  2⤵
  PID:10200
- C:\Windows\System\bDmDzEp.exe
  C:\Windows\System\bDmDzEp.exe
  2⤵
  PID:10216
- C:\Windows\System\abETpih.exe
  C:\Windows\System\abETpih.exe
  2⤵
  PID:10232
- C:\Windows\System\muYMJLF.exe
  C:\Windows\System\muYMJLF.exe
  2⤵
  PID:8292
- C:\Windows\System\fyDHQmD.exe
  C:\Windows\System\fyDHQmD.exe
  2⤵
  PID:9240
- C:\Windows\System\cErhHpX.exe
  C:\Windows\System\cErhHpX.exe
  2⤵
  PID:9228
- C:\Windows\System\gsGwEpJ.exe
  C:\Windows\System\gsGwEpJ.exe
  2⤵
  PID:9276
- C:\Windows\System\DLnlsrU.exe
  C:\Windows\System\DLnlsrU.exe
  2⤵
  PID:9304
- C:\Windows\System\vPMNbgs.exe
  C:\Windows\System\vPMNbgs.exe
  2⤵
  PID:9384
- C:\Windows\System\qRFFOox.exe
  C:\Windows\System\qRFFOox.exe
  2⤵
  PID:9368
- C:\Windows\System\uawFfsj.exe
  C:\Windows\System\uawFfsj.exe
  2⤵
  PID:9420
- C:\Windows\System\OcHRFfb.exe
  C:\Windows\System\OcHRFfb.exe
  2⤵
  PID:9432
- C:\Windows\System\rmIIhEK.exe
  C:\Windows\System\rmIIhEK.exe
  2⤵
  PID:9468
- C:\Windows\System\iukQeww.exe
  C:\Windows\System\iukQeww.exe
  2⤵
  PID:9516
- C:\Windows\System\qLLeKtA.exe
  C:\Windows\System\qLLeKtA.exe
  2⤵
  PID:9500
- C:\Windows\System\eZpOkQs.exe
  C:\Windows\System\eZpOkQs.exe
  2⤵
  PID:9560
- C:\Windows\System\XKKnjiD.exe
  C:\Windows\System\XKKnjiD.exe
  2⤵
  PID:9612
- C:\Windows\System\rBGZQPI.exe
  C:\Windows\System\rBGZQPI.exe
  2⤵
  PID:9656
- C:\Windows\System\eqxPVzH.exe
  C:\Windows\System\eqxPVzH.exe
  2⤵
  PID:9676
- C:\Windows\System\uWORXDv.exe
  C:\Windows\System\uWORXDv.exe
  2⤵
  PID:2292
- C:\Windows\System\afZuBWP.exe
  C:\Windows\System\afZuBWP.exe
  2⤵
  PID:2484
- C:\Windows\System\JHrDkyr.exe
  C:\Windows\System\JHrDkyr.exe
  2⤵
  PID:2540
- C:\Windows\System\irRVROf.exe
  C:\Windows\System\irRVROf.exe
  2⤵
  PID:9712
- C:\Windows\System\nhNdxei.exe
  C:\Windows\System\nhNdxei.exe
  2⤵
  PID:9748
- C:\Windows\System\oGPMzaO.exe
  C:\Windows\System\oGPMzaO.exe
  2⤵
  PID:9812
- C:\Windows\System\Gugtjyg.exe
  C:\Windows\System\Gugtjyg.exe
  2⤵
  PID:9796
- C:\Windows\System\ZcImUhZ.exe
  C:\Windows\System\ZcImUhZ.exe
  2⤵
  PID:2312
- C:\Windows\System\MJaUjDH.exe
  C:\Windows\System\MJaUjDH.exe
  2⤵
  PID:2824
- C:\Windows\System\QyVlHNa.exe
  C:\Windows\System\QyVlHNa.exe
  2⤵
  PID:2644
- C:\Windows\System\oXfKNkf.exe
  C:\Windows\System\oXfKNkf.exe
  2⤵
  PID:9720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AdsspTT.exe

Filesize
6.0MB

MD5
5a42a28c5891850fa23a44a29151a0ef

SHA1
778d9ee8fb84b2e3a4a57eee9ef989b8b594e93d

SHA256
b43eda6594e9e7b4c4f06906312e73de8a6a1e9d33d02d0fb8156ccbe620665f

SHA512
160b41ea5f365f871db0098063f126aedddc792fca38df70e2936bb7f5a00af20d0753377626443aad37a67dfb1b323ab93c406f259ffbe8aa230131819bc5eb

Download Submit
C:\Windows\system\CuKImlb.exe

Filesize
6.0MB

MD5
ac128b5f64e70651ed6354147ece8740

SHA1
ba05bafdc35d949290de925d6b77f3dd45386437

SHA256
3d2a4a9551a5ceee265ff9a33e6b53ecb72b904e6532f620b62c4b1573b36805

SHA512
746a3c62f413e6800e317f5b0069eee2d768047aea30616d3d7732d9b335a84624c15f97e9f4caa713b61a090e30830d08b8fa4cc3a3b583297e4d8fc5876dfb

Download Submit
C:\Windows\system\DKxPLGv.exe

Filesize
6.0MB

MD5
56be291306024ea5f73e720eb9d20502

SHA1
fc567d4e3f1cc2d9dffe871deeb59236f1d33cd7

SHA256
35708b3240810a370b5fa723406b93899e8780ea4b45f8576476358059e8c8dc

SHA512
338673df2ebdc036bb86e2660b3f560fc31524503ad302c4144fab8fc039777a6a0970262ac5cd83abf2f1cf6be225e40f94c36786a4eb642daa2c9edccacd3d

Download Submit
C:\Windows\system\GVdLstb.exe

Filesize
6.0MB

MD5
cc0b74502b937e3c48f2f5a225cfb4ec

SHA1
243c9d633732f5f530e007f8c4ed98ef52faa46b

SHA256
44560922baa6790fc841893444bbbdce980dc48558a9fd4945756c516033790a

SHA512
ced6e4057997c665d4e80032f81776c41a439ae8eef72c34c834058a142e68e132bdc3d71001ff4a9b2375ea58d0cedf0f98ec7f2b341623fdc7bdd3faae3787

Download Submit
C:\Windows\system\GZtTGgF.exe

Filesize
6.0MB

MD5
7c42d228731d878cd86b65b9b615c779

SHA1
db5d04390c8a2bc8ea5937766e97c5bbc95cbbb2

SHA256
0ee2d621ba0c73c69469bc920b374dc40435385020b947e26ebcdb050cd7be71

SHA512
574b9319f4889701d78a0808342f868d10a44a00c03d953035cce98d029872cb04df37e329833c4a97fe2047371d79bcf2d580eb86b18888db89e2318fda28f2

Download Submit
C:\Windows\system\ICPGPAA.exe

Filesize
6.0MB

MD5
6a299a6aece57ae0dd8af69af348a223

SHA1
c88d0a71c2566a37f87e86cd12074527ba677c38

SHA256
1e860e0c03f1e4890d0bb9e6563fd6e29b345d4d53975a81fdc5f41fff30115f

SHA512
de8b3fb1f9b37c570280ce6d7264d26a17a17c1017d41aed4db1f4e01c4a87933afd022c84e277219b335e7d1cfaa9d69c465ea19868fe252ef28015761c90b8

Download Submit
C:\Windows\system\JhcJpyi.exe

Filesize
6.0MB

MD5
fe8a70a1a28ada9980531fb592d01321

SHA1
8e168376c26ae5f1f0a35bbbff854fdf999e19a5

SHA256
23235db77cd4e72892372b63f7e0b885b5ca3ce75fbc08b99716ac2851c51ced

SHA512
7efa4dcad5a6e0f1015db4dcd296fde245ff5d9c8163bd26c8292b7ad2912c45d4f9c3cca5d7106699dfe2be2284f92f812a2c1d8c2b40d1b3ec1d77ef72e8b0

Download Submit
C:\Windows\system\MTaMLzt.exe

Filesize
6.0MB

MD5
66f079f25c719397b9f89b144321f6bd

SHA1
a9e79e29985bc142fe028405009a656d0ef1df87

SHA256
409cb4d957e6a526e6371c352950bafdee4d70bd3cee8e3a58a2399b16351235

SHA512
c493e2c8a45aa106201a63a255689ea3aa4b378e0945720371f862c92a3021628016f4c9859006a68615966f05fe502c78887ecf297fabedc109af35dd648a17

Download Submit
C:\Windows\system\MZIlCMk.exe

Filesize
6.0MB

MD5
bab79f7e0923c59cd87eaa12d3407c53

SHA1
8da6d3ce56eaffa2eb9310df68ba372f294f0be8

SHA256
fa3578f00d2ba6c636bbf5ee301d10c608a4f18c3263cb2e0bede2e43077c3ca

SHA512
a50d58a86ea2eb322b3a33b156270b792473dd44a68bdf362a4a9c14b340c3ebf31b47aecb7cf662910abea4060565b93d6a9f7a9514653378bd4f2dcfe760c4

Download Submit
C:\Windows\system\PZXIzwh.exe

Filesize
6.0MB

MD5
439acdfa2ddfc2f8d3b91e3cc899f8ea

SHA1
87f72ac0b42a5c0cc1e48dd1e9c3f3e0f0f08d25

SHA256
2fd1664be00842cad0228ebffcb4a4227f785bbc8d58a8d3045ce02d9d8f0293

SHA512
ffbf0c95c3631d60f520527fc4f1b1757f0a9d49d0e2f828aecc8a5613cb05b87f732486bc19c6b3f3131e2b736b210743b1cc8bcc13bb3c4089aa891b7df9e0

Download Submit
C:\Windows\system\TgokLHD.exe

Filesize
6.0MB

MD5
1383727f65fdb10c48106f7ba2d182e3

SHA1
f5fc82fb86327684da234f3c79904f5504cdee49

SHA256
86abcd81d43199c46807d4c491bab6ccc4c3e5208f7a4446793a954d4dc9bf24

SHA512
4ce6c3f1718ac664391bf7da035b5d01b4ca82999c50652f8fb0959a5523274b6cea184dcacd72ab26fde0a5151ea52351cfb91bc18855814563dac3f6f950ed

Download Submit
C:\Windows\system\XNOyHLM.exe

Filesize
6.0MB

MD5
358c3c391b210ad4a5633a54285a87bd

SHA1
8162dc92e1f9f08b70984d5d299d1c635e532165

SHA256
44d966af148f5e8e6a280c46c456c887d2a32f12526f82f05312cdacd7d5edec

SHA512
57b17ec537d01f0674c90a500d4612876aed39f055256b60162a002a65b31c6800772b9af7bb031523cca1722967cad412566a6830d468762a0c42a05fb27373

Download Submit
C:\Windows\system\XUSOxIy.exe

Filesize
6.0MB

MD5
f463bef1992dee8cb4c263ba87ddd74c

SHA1
226a027dbaca5127b85ad95cd1df8a8f3c19cd10

SHA256
fdcca22202d2445a76745024fb202e68db22684bebb73ae246a2a0ab86127d70

SHA512
d73dd1c090a293bbcc179cc56ca4068718cd898d155477cb67b198fe72cb72e3a189a0ad5ba697f20e352f8d510001fedc48c44e60ef0c0b59dd0e9df326b0b8

Download Submit
C:\Windows\system\aRnWlWQ.exe

Filesize
6.0MB

MD5
ad05399b4018259c6533a00eea71c9a9

SHA1
8a72d0c74d707109058842507d64992ca3e76b0a

SHA256
517df1ef14c87ace6e99471246b839533fc352d7c129d94528611bf3f48494ac

SHA512
e675519e814d956c6443814dabc9a3abe853fdf013a6e6080eb51f9cbe5cf13c01186518fc63db845264c17975cdc58044d1c53e10f176d262057a57cfeab259

Download Submit
C:\Windows\system\bRqFWRg.exe

Filesize
6.0MB

MD5
c8a7a94c1db9c3f78141f2da65078ca3

SHA1
cd4493f14c1b50d4bbbcddde7335e25f7be05ae9

SHA256
2559ad0c8185d2fed3fa7a16a543f1a043faaa778fdfde672ecce0c4a01f0d9e

SHA512
65e3395f9f7e3e4d2682c6e9c3ecf27c35fe7d4e2ff6ba1335a19ce9e9463fc8cd3e7a5f595814dca7659889cde9cc32ffe48111df56a2b8371761db76cbf6fe

Download Submit
C:\Windows\system\cGQRDAH.exe

Filesize
6.0MB

MD5
baf173b4a75bc706b5f73903a6f2091a

SHA1
0e1024a8b1835e5274838bad76a285c724cbcd06

SHA256
0218810efdbb580016b205e8e1abeb7898b87a1c70e82d7c8859b81abf7dcec1

SHA512
2379e95f61a1dfba5bbe286413b3ca7b72780092b0ff3f98c6eb2386ad49a713ccad5a6af17d2f32d5e7b47ccf70d9f94199a1013cca5d205434fba5f4f380ec

Download Submit
C:\Windows\system\dMmCIxv.exe

Filesize
6.0MB

MD5
fe351af9a8777979e52e6210923aba6e

SHA1
5a6fa48d025f57491a883a77bc19e7900b53dbd3

SHA256
762fac937e0716a723a86c28231e7fb2f7e2515852cb6a983591197b83778852

SHA512
e2029cc0241a2e5884b689085aa2a0cab1a1b720383b55de054600c92b8581fdd7bf0abbea12be7aaf02a81056ceea49baec7c1fe0964ddabd0864ca6cb5533a

Download Submit
C:\Windows\system\gZMSSNT.exe

Filesize
6.0MB

MD5
4fb83f9cb2700db18b9193e283024c44

SHA1
a483586f14dadd638586571464e25260e04dd371

SHA256
d8b4ddfcac68b47df9fa35efbc747b057e7e0876795578c73edd868eb3fb33f4

SHA512
9e07b1fa9df6242e6d54a5edf2f56d51d933ac4017591c8842cf8f444b4da17c7398ac1b5bc0304bb3c9c8984b172bd42fbacb5fa5b64f41144583f1e97b7949

Download Submit
C:\Windows\system\jUPnMQz.exe

Filesize
6.0MB

MD5
89805e3ea8115a3d7becd01329344785

SHA1
3e722c79b3cc65c5795590e8600b2ff7966b0e72

SHA256
b787af9f8e4e2fd6646e13193aec2b90d6355e7c9a00c726f73901519711c9c5

SHA512
ffd9e012bf15f12fbb138dc5139b2cea414b43148ab76b22ff956de8179e49f1a5ea43220f4497cb48dc3de61ff55d91d834f45f10af2bc444095d4602313b95

Download Submit
C:\Windows\system\lNychgt.exe

Filesize
6.0MB

MD5
6476bcc15a7351bd262064664c1da196

SHA1
d4f6312896edbdd35ca3d51a6ef718fc97c17ccc

SHA256
44877512ef5bd54b1c870ea75794065ed11a01ae067dcd2dee64344447664850

SHA512
cc10f544ee3867d9b7e8281afe3e49d7337a37b489071338119f0cc1ee54dbe35139b5d83a700aba466a8ee2251e452834637607f0a997f25621bc096319ab42

Download Submit
C:\Windows\system\nDflGGJ.exe

Filesize
6.0MB

MD5
d95b2e9f06cefde997aba624a31b810d

SHA1
eb732e74e46ca5a6d2497e5830ddd38108d3fbb0

SHA256
78e77f9486de553c9977a536669e50f532ceea745c98f0c4e6b8ba781a185c5d

SHA512
fb34ecdf5d875a4d7b63295409561010e2320a65c377c35d7e325fe996626536a4f3f89a05c386c668f016814596a8e616fea9f6acff0c71ca2793d5d02f6e2e

Download Submit
C:\Windows\system\nbsIVAn.exe

Filesize
6.0MB

MD5
34061a8f752596464b3bf6a6ee66b5e7

SHA1
c76df9150191b3fba08326fe4baa6fd819977b03

SHA256
9cbbe03bfec583a5663f3b90199b575d667004e1150814f04b86dce9a9e4f856

SHA512
ca19c886ac959538a7a16d0e2bbdfb31064e27dfb921f05cb6d9bc5056b89e330d05750ad796266e930b8766cfbe7e3ec4d0b0a2ef3cccd20275347da28e572c

Download Submit
C:\Windows\system\oTWvVVa.exe

Filesize
6.0MB

MD5
ceaeeb5c25746ff85ac8c924aeb2d80c

SHA1
0624aad639d7603761bb252b923d1247a15384bd

SHA256
4e4ddd1e05b2cae72037ff004f9a894957d33aa19e9f670646a8615d301be570

SHA512
33fedc97aeb1eae4294ff7e3750415dce896896dd7ef44ca87cafe44852747fc50197dc1307c65fbf63696367c04d6266f3bf0579973b56843cd7a75fffd7b45

Download Submit
C:\Windows\system\pwCoxQq.exe

Filesize
6.0MB

MD5
ebcb9177e92ca946618ce8d958bfa4dc

SHA1
1fb081f2496f5a398a35e1a5f0ae9c96dcf8c931

SHA256
3f28823bbe2da0b35e21e26b2fe14cfa0cdccf5c69d527b228064ef6ad0ebc42

SHA512
fd5eac5362498f8d66bc92da827d0bd07d0e8c57e6eea9ff6859cb1e7a882636203d3a824fde2eec49a086d82bc7821435c819b866e9b88c9bea090e06bfe2f4

Download Submit
C:\Windows\system\tcjmPyg.exe

Filesize
6.0MB

MD5
7b7b4aa8529b4aedf2fd6d1414df3d11

SHA1
58c78925bd7972e0e52ae31804dd56ca1b84c012

SHA256
7fac8213ac77bd35a0aacbaff08c8f90123d4ec278be003c46c9c8edc5f5067f

SHA512
66383695fae2a59db65f1648a64ab24272bde3af7e1aaca4fea8f1e3f0ea4c1fc1a3a9c7644e86d8d50d286bbc1cd81dae1f906885ac439c6ce25351b25414e2

Download Submit
\Windows\system\GaNksxn.exe

Filesize
6.0MB

MD5
afeeaea47824c6e706e1ffb0ffeedfa3

SHA1
ffe8a39783afd294bc11f4dac97147d614d611f1

SHA256
7de7c97f7c93532b9d819e10d31f745bdb40f8b62e1b01694275d0ef88ef3f3e

SHA512
22b315a73f2221040136d9d3a14f08f4cd9536284e99729aac73577d5131a5139dff5ed64308606de22e2d3d1ded37f54987a6bff4bc68cf2dd8e1e7af864d7e

Download Submit
\Windows\system\YBUmTdB.exe

Filesize
6.0MB

MD5
ebecd60fa2d774a76ac70523b78b067d

SHA1
7d3bc5d30a2e15668b90c52831fbea91ea13e412

SHA256
90419d205882cba1af8b0bb82f0a1bd4442d86f60fa557f612455717b0b3a2b5

SHA512
4e1c476b6eec138c7da23e44ed6e4b355facad704daf7ee1c56816eca55e61313e1baec815ce372e8d9dd453eca9786251912f179a73c05dc18ccd056260c866

Download Submit
\Windows\system\emjwoBK.exe

Filesize
6.0MB

MD5
749f799786baf5855bde4e8e37d6bdbe

SHA1
b266f33aa5d50f4bd2a39d46acaf935cd300bc02

SHA256
5de921f4a3fde38991ef13f3da956b7c2cf0260b237fdea249a9a804e0aee77d

SHA512
53b87920d6d5bef2737ce0131fcf75590f670ec0da874e491b644b8715f5e6bd369a8282ad2f0cff19364b6af35cfd287c0f0518ebaec21c2b6b19ac38a42419

Download Submit
\Windows\system\jQZaFXX.exe

Filesize
6.0MB

MD5
cb11848d458a5a77b6ffedb9c65f8082

SHA1
1119766083eb15d9278cb946715f4563217bbefa

SHA256
77c30ced3f5d4ab03f013e0fcda92aa5393de21a9d5a17ccd3cd561fec42c208

SHA512
eca1dac86e8d169af20615b3d917e628fda3bc1724e7d0e36d7425a686198527a95982cabcfb8989aef264a712e1761984262ed80cd0e36ea0de36aa4bf9619e

Download Submit
\Windows\system\lWYjpyU.exe

Filesize
6.0MB

MD5
3d961d20ced85d08963a89a4045b4eea

SHA1
77c0c21d11d0106719c864c52d17af7b8e31d5e3

SHA256
73bd3b7fe369b24150ff8a98b913e89f6776047182da34fd49ab58fa334ee504

SHA512
8ad1237cb399691018c8eab3c3d5dc39312fceab479f89d32de0f6881258d941706d6b50710f94457c812d7ebd7aba0988a09afc545ae0759b25768f9ef915c4

Download Submit
\Windows\system\lqJjGON.exe

Filesize
6.0MB

MD5
be8031cfb26162b287577d23b1ac9cf0

SHA1
b431e3a88a5b451265c25aa3d5625a751f57cf61

SHA256
ade3bad8cfbe1d7bc5e8fe84bd640f2d0080af7c8fde1359fd25021c49ca8c77

SHA512
7c8cb05a980f4ea891777aeb1c5ef2ade4d1b082817cc4ad45feeb9eecd0df96b38f70d0224d1ee4232ccfae0c185b82422ab6ecbeb725fd1d96fb606f3f6a89

Download Submit
\Windows\system\ugoOQEb.exe

Filesize
6.0MB

MD5
7b3701f68ce764df3667efdb6a9fc771

SHA1
1fa67651f70fc1f455490c265b25ae7fbddeb54d

SHA256
463fb3e6901691da41308e3cba12ac1650f807aa0b8100de43aee50dc06934a7

SHA512
6c3d9ff72700636e50ca7f99c65b40058b1d05de0326b914b11184fae33ffc51875bca5626a4a4f2eb22cb44956f84b77b0fc4fddea62b41420df97bfc5165f3

Download Submit
\Windows\system\wRQSrDr.exe

Filesize
6.0MB

MD5
3557fa200e70afa85682d62d7963eae2

SHA1
c18ae6424ac5dfcf9b863af763dd66c6d99c42b7

SHA256
a76740bc73e88ff24e0400981699a74c006f419728efa4b86f3b8bee3e33601a

SHA512
5cc603d2d953e40c6e4dbdd6c30ec7ecff9f656fdd5f81afee5da5112c6ac1be246d1f489b71c557ea9ad3c90eb47e0981819cb7ac3151f3c0f981781fc8b45a

Download Submit
memory/524-82-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/524-62-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/524-77-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/524-89-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/524-91-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/524-84-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/524-92-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/524-0-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/524-250-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/524-66-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/524-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/524-64-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/524-88-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/524-75-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/524-73-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/524-60-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/524-251-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/524-375-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/524-252-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/524-48-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/1192-1864-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/1192-78-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-61-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/1620-1858-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2324-1861-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2324-86-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2388-63-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2388-1857-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2556-1856-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-87-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-85-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-1863-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-105-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2692-1868-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2728-65-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2728-1860-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2764-76-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2764-1867-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2780-1865-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2780-83-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2804-104-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2804-1859-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2872-71-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1871-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1866-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-103-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-1862-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2936-74-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download