cobaltstrike | a69bab305dec0d9257900c7cd11a8d0d0e4e725cd3b6326e7d19a54680b65fc1

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 04:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

7c94f410151c119c8e711d2cab4736ea
SHA1

9649b3d1d22c9acab6e83309e3ebe37e7b8230ca
SHA256

a69bab305dec0d9257900c7cd11a8d0d0e4e725cd3b6326e7d19a54680b65fc1
SHA512

0edb827658981320723a9bd444c5f61a6a4eac9cfeb811e56e2c4fa844f86d3a671a49525101a8b32b67a1da679579892195445b88995b967f8f0cdd56849ce4
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUb:eOl56utgpPF8u/7b

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x0033000000011c23-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000160ae-10.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000160d5-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016311-24.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000165b6-31.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016652-35.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016bfc-45.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192f0-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019346-63.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-75.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-98.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ea-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f2-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019503-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f6-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019501-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-131.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-80.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015e47-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933e-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-55.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016858-41.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2392-0-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/files/0x0033000000011c23-3.dat	xmrig
behavioral1/memory/1328-9-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x00080000000160ae-10.dat	xmrig
behavioral1/files/0x00080000000160d5-12.dat	xmrig
behavioral1/memory/2692-22-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/916-20-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/files/0x0008000000016311-24.dat	xmrig
behavioral1/files/0x00070000000165b6-31.dat	xmrig
behavioral1/files/0x0007000000016652-35.dat	xmrig
behavioral1/files/0x000a000000016bfc-45.dat	xmrig
behavioral1/files/0x00050000000192f0-50.dat	xmrig
behavioral1/files/0x0005000000019346-63.dat	xmrig
behavioral1/files/0x0005000000019384-75.dat	xmrig
behavioral1/files/0x00050000000193af-85.dat	xmrig
behavioral1/files/0x00050000000193c9-90.dat	xmrig
behavioral1/files/0x00050000000193fa-98.dat	xmrig
behavioral1/files/0x0005000000019408-105.dat	xmrig
behavioral1/files/0x00050000000194d4-125.dat	xmrig
behavioral1/files/0x00050000000194ea-140.dat	xmrig
behavioral1/files/0x00050000000194f2-143.dat	xmrig
behavioral1/files/0x0005000000019503-160.dat	xmrig
behavioral1/memory/1916-695-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2392-697-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2756-696-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2764-700-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2744-702-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2392-718-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2752-719-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2724-721-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2624-723-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2688-725-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2636-717-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2880-713-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2864-698-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/1328-1022-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2692-1696-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2392-2200-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2392-2195-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2756-2101-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2392-790-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/files/0x0005000000019515-165.dat	xmrig
behavioral1/files/0x00050000000194f6-150.dat	xmrig
behavioral1/files/0x0005000000019501-156.dat	xmrig
behavioral1/files/0x00050000000194da-131.dat	xmrig
behavioral1/files/0x00050000000194e2-135.dat	xmrig
behavioral1/files/0x00050000000194b4-120.dat	xmrig
behavioral1/files/0x00050000000194a7-115.dat	xmrig
behavioral1/files/0x0005000000019494-110.dat	xmrig
behavioral1/files/0x00050000000193f8-96.dat	xmrig
behavioral1/files/0x00050000000193a2-80.dat	xmrig
behavioral1/files/0x0008000000015e47-70.dat	xmrig
behavioral1/files/0x000500000001933e-60.dat	xmrig
behavioral1/files/0x000500000001932a-55.dat	xmrig
behavioral1/files/0x0007000000016858-41.dat	xmrig
behavioral1/memory/916-3857-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2864-3878-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/1916-3876-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/1328-3875-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2636-3884-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2744-3881-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2692-3897-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2724-3912-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2752-3908-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

qpgRjuy.exeJGUHZek.exeBFplGeW.exepfDWnop.exeBWUHyPa.exepIllJCQ.exeOXskdVV.exeicTVpOD.exeDTeyylI.exezHecoja.exeDzOYRwt.exeWMmpnhA.exearzfJgG.exeaTDokBF.exeyEcHTDr.exeTKYpzdr.exevDbAxgo.exeZlVLizX.exePrXPlWw.exeJgoRqrl.exeJFxREmm.exeMXCFYmd.exerbHjtLm.exebOluXgA.exejwjnycd.exeCmBwUID.exemSSsQmg.exevdPCARn.execLLXQhO.exezfKWgwm.exedrdMUtb.exeWeMcdhX.exemthrhpv.exekLKyNXv.exeiKHTMnV.exeKrbQkrM.exeCcONKku.exeBupMQrZ.exeYbZCqyz.exetHERcgx.exeKdxeTRh.exehUkynTD.exewthjpww.exeBsXeVlo.exemTwrpNc.exeJjTyRFi.exemLMAkwD.exewiazsXg.exeNvyCWWW.exeqBjjKkO.exeTFXQkMF.exeoorzLSl.exespbabtW.exeFZQTdzM.exezFbNxLh.exeldmjWaV.exeOqtTsnG.exekIywWkP.exeBhJRvCk.exeSGgCoeO.exenHRzEWI.exeopECASR.exevFeUoeI.exeFrHwWZo.exe

pid	Process
1328	qpgRjuy.exe
916	JGUHZek.exe
2692	BFplGeW.exe
1916	pfDWnop.exe
2756	BWUHyPa.exe
2864	pIllJCQ.exe
2764	OXskdVV.exe
2744	icTVpOD.exe
2880	DTeyylI.exe
2636	zHecoja.exe
2752	DzOYRwt.exe
2724	WMmpnhA.exe
2624	arzfJgG.exe
2688	aTDokBF.exe
784	yEcHTDr.exe
1360	TKYpzdr.exe
1052	vDbAxgo.exe
2184	ZlVLizX.exe
800	PrXPlWw.exe
1028	JgoRqrl.exe
1256	JFxREmm.exe
1732	MXCFYmd.exe
576	rbHjtLm.exe
1132	bOluXgA.exe
1756	jwjnycd.exe
1908	CmBwUID.exe
2452	mSSsQmg.exe
1296	vdPCARn.exe
2036	cLLXQhO.exe
1612	zfKWgwm.exe
1768	drdMUtb.exe
1316	WeMcdhX.exe
936	mthrhpv.exe
1348	kLKyNXv.exe
2488	iKHTMnV.exe
2084	KrbQkrM.exe
1272	CcONKku.exe
2092	BupMQrZ.exe
2420	YbZCqyz.exe
2792	tHERcgx.exe
2264	KdxeTRh.exe
264	hUkynTD.exe
2280	wthjpww.exe
2352	BsXeVlo.exe
2032	mTwrpNc.exe
1492	JjTyRFi.exe
1780	mLMAkwD.exe
1740	wiazsXg.exe
2196	NvyCWWW.exe
1640	qBjjKkO.exe
1512	TFXQkMF.exe
2552	oorzLSl.exe
2560	spbabtW.exe
1604	FZQTdzM.exe
1524	zFbNxLh.exe
2480	ldmjWaV.exe
1972	OqtTsnG.exe
2876	kIywWkP.exe
2836	BhJRvCk.exe
2644	SGgCoeO.exe
2568	nHRzEWI.exe
2664	opECASR.exe
2668	vFeUoeI.exe
1684	FrHwWZo.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2392-0-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/files/0x0033000000011c23-3.dat	upx
behavioral1/memory/1328-9-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x00080000000160ae-10.dat	upx
behavioral1/files/0x00080000000160d5-12.dat	upx
behavioral1/memory/2692-22-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/916-20-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/files/0x0008000000016311-24.dat	upx
behavioral1/files/0x00070000000165b6-31.dat	upx
behavioral1/files/0x0007000000016652-35.dat	upx
behavioral1/files/0x000a000000016bfc-45.dat	upx
behavioral1/files/0x00050000000192f0-50.dat	upx
behavioral1/files/0x0005000000019346-63.dat	upx
behavioral1/files/0x0005000000019384-75.dat	upx
behavioral1/files/0x00050000000193af-85.dat	upx
behavioral1/files/0x00050000000193c9-90.dat	upx
behavioral1/files/0x00050000000193fa-98.dat	upx
behavioral1/files/0x0005000000019408-105.dat	upx
behavioral1/files/0x00050000000194d4-125.dat	upx
behavioral1/files/0x00050000000194ea-140.dat	upx
behavioral1/files/0x00050000000194f2-143.dat	upx
behavioral1/files/0x0005000000019503-160.dat	upx
behavioral1/memory/1916-695-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2756-696-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2764-700-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2744-702-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2752-719-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2724-721-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2624-723-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2688-725-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2636-717-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2880-713-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2864-698-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/1328-1022-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2692-1696-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2756-2101-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2392-790-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/files/0x0005000000019515-165.dat	upx
behavioral1/files/0x00050000000194f6-150.dat	upx
behavioral1/files/0x0005000000019501-156.dat	upx
behavioral1/files/0x00050000000194da-131.dat	upx
behavioral1/files/0x00050000000194e2-135.dat	upx
behavioral1/files/0x00050000000194b4-120.dat	upx
behavioral1/files/0x00050000000194a7-115.dat	upx
behavioral1/files/0x0005000000019494-110.dat	upx
behavioral1/files/0x00050000000193f8-96.dat	upx
behavioral1/files/0x00050000000193a2-80.dat	upx
behavioral1/files/0x0008000000015e47-70.dat	upx
behavioral1/files/0x000500000001933e-60.dat	upx
behavioral1/files/0x000500000001932a-55.dat	upx
behavioral1/files/0x0007000000016858-41.dat	upx
behavioral1/memory/916-3857-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2864-3878-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/1916-3876-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/1328-3875-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2636-3884-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2744-3881-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2692-3897-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2724-3912-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2752-3908-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2688-3907-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2764-3937-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2880-3940-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2624-3944-0x000000013F810000-0x000000013FB64000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\KBHQcsj.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xrKkQGR.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\roAEymG.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFIhGDA.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kowbcvA.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\elZYspo.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DsoKTRZ.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VuHNhmG.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLXPnwB.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sgNIVGy.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NKJAeho.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbDRSZj.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRIJanl.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QealIUK.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gBDbGNL.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgRAgRK.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZbdBCaZ.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QEphIKl.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wDRxLGN.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NQzQNsU.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WzZxKoe.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRqasVH.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VgQZksT.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pQzAtaf.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nKxnAUm.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YUUlhAm.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EhFEWBp.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZhfAIs.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XpfXQgR.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpbKCLf.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sIckipV.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xZvnSJN.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Jwvpzvg.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VAmjGgp.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wVgefrK.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jSsQLrw.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IAuqPJi.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYpPkWC.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xOdgRqk.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzeTMcl.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cfiPyqb.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yEcHTDr.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BWvJuLx.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WHaSjNp.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pKCanIk.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bFujSnA.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQygykh.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgMAjuE.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AjaMXQh.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVIVHdl.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mVDtoif.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xitHtxu.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpMKniX.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bRAAWpH.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\biZXytI.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jcDXTOc.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WNAMDzb.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\akOkYDn.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHGwLct.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DXtWbDG.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NzITCPb.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ujgeqrv.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YItwtli.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xKqXRxK.exe	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 2392 wrote to memory of 1328	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2392 wrote to memory of 1328	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2392 wrote to memory of 1328	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2392 wrote to memory of 916	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2392 wrote to memory of 916	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2392 wrote to memory of 916	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2392 wrote to memory of 2692	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2392 wrote to memory of 2692	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2392 wrote to memory of 2692	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2392 wrote to memory of 1916	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2392 wrote to memory of 1916	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2392 wrote to memory of 1916	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2392 wrote to memory of 2756	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2392 wrote to memory of 2756	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2392 wrote to memory of 2756	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2392 wrote to memory of 2864	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2392 wrote to memory of 2864	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2392 wrote to memory of 2864	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2392 wrote to memory of 2764	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2392 wrote to memory of 2764	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2392 wrote to memory of 2764	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2392 wrote to memory of 2744	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2392 wrote to memory of 2744	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2392 wrote to memory of 2744	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2392 wrote to memory of 2880	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2392 wrote to memory of 2880	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2392 wrote to memory of 2880	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2392 wrote to memory of 2636	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2392 wrote to memory of 2636	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2392 wrote to memory of 2636	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2392 wrote to memory of 2752	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2392 wrote to memory of 2752	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2392 wrote to memory of 2752	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2392 wrote to memory of 2724	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2392 wrote to memory of 2724	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2392 wrote to memory of 2724	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2392 wrote to memory of 2624	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2392 wrote to memory of 2624	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2392 wrote to memory of 2624	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2392 wrote to memory of 2688	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2392 wrote to memory of 2688	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2392 wrote to memory of 2688	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2392 wrote to memory of 784	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2392 wrote to memory of 784	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2392 wrote to memory of 784	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2392 wrote to memory of 1360	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2392 wrote to memory of 1360	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2392 wrote to memory of 1360	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2392 wrote to memory of 1052	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2392 wrote to memory of 1052	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2392 wrote to memory of 1052	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2392 wrote to memory of 2184	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2392 wrote to memory of 2184	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2392 wrote to memory of 2184	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2392 wrote to memory of 800	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2392 wrote to memory of 800	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2392 wrote to memory of 800	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2392 wrote to memory of 1028	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2392 wrote to memory of 1028	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2392 wrote to memory of 1028	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2392 wrote to memory of 1256	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2392 wrote to memory of 1256	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2392 wrote to memory of 1256	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2392 wrote to memory of 1732	2392	2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-25_7c94f410151c119c8e711d2cab4736ea_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Windows\System\qpgRjuy.exe
  C:\Windows\System\qpgRjuy.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\JGUHZek.exe
  C:\Windows\System\JGUHZek.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\BFplGeW.exe
  C:\Windows\System\BFplGeW.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\pfDWnop.exe
  C:\Windows\System\pfDWnop.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\BWUHyPa.exe
  C:\Windows\System\BWUHyPa.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\pIllJCQ.exe
  C:\Windows\System\pIllJCQ.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\OXskdVV.exe
  C:\Windows\System\OXskdVV.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\icTVpOD.exe
  C:\Windows\System\icTVpOD.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\DTeyylI.exe
  C:\Windows\System\DTeyylI.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\zHecoja.exe
  C:\Windows\System\zHecoja.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\DzOYRwt.exe
  C:\Windows\System\DzOYRwt.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\WMmpnhA.exe
  C:\Windows\System\WMmpnhA.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\arzfJgG.exe
  C:\Windows\System\arzfJgG.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\aTDokBF.exe
  C:\Windows\System\aTDokBF.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\yEcHTDr.exe
  C:\Windows\System\yEcHTDr.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\TKYpzdr.exe
  C:\Windows\System\TKYpzdr.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\vDbAxgo.exe
  C:\Windows\System\vDbAxgo.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\ZlVLizX.exe
  C:\Windows\System\ZlVLizX.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\PrXPlWw.exe
  C:\Windows\System\PrXPlWw.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\JgoRqrl.exe
  C:\Windows\System\JgoRqrl.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\JFxREmm.exe
  C:\Windows\System\JFxREmm.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\MXCFYmd.exe
  C:\Windows\System\MXCFYmd.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\rbHjtLm.exe
  C:\Windows\System\rbHjtLm.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\bOluXgA.exe
  C:\Windows\System\bOluXgA.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\jwjnycd.exe
  C:\Windows\System\jwjnycd.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\CmBwUID.exe
  C:\Windows\System\CmBwUID.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\mSSsQmg.exe
  C:\Windows\System\mSSsQmg.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\vdPCARn.exe
  C:\Windows\System\vdPCARn.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\cLLXQhO.exe
  C:\Windows\System\cLLXQhO.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\zfKWgwm.exe
  C:\Windows\System\zfKWgwm.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\drdMUtb.exe
  C:\Windows\System\drdMUtb.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\WeMcdhX.exe
  C:\Windows\System\WeMcdhX.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\mthrhpv.exe
  C:\Windows\System\mthrhpv.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\kLKyNXv.exe
  C:\Windows\System\kLKyNXv.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\iKHTMnV.exe
  C:\Windows\System\iKHTMnV.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\KrbQkrM.exe
  C:\Windows\System\KrbQkrM.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\CcONKku.exe
  C:\Windows\System\CcONKku.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\BupMQrZ.exe
  C:\Windows\System\BupMQrZ.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\YbZCqyz.exe
  C:\Windows\System\YbZCqyz.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\tHERcgx.exe
  C:\Windows\System\tHERcgx.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\KdxeTRh.exe
  C:\Windows\System\KdxeTRh.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\hUkynTD.exe
  C:\Windows\System\hUkynTD.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\wthjpww.exe
  C:\Windows\System\wthjpww.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\BsXeVlo.exe
  C:\Windows\System\BsXeVlo.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\mTwrpNc.exe
  C:\Windows\System\mTwrpNc.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\JjTyRFi.exe
  C:\Windows\System\JjTyRFi.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\mLMAkwD.exe
  C:\Windows\System\mLMAkwD.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\wiazsXg.exe
  C:\Windows\System\wiazsXg.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\NvyCWWW.exe
  C:\Windows\System\NvyCWWW.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\qBjjKkO.exe
  C:\Windows\System\qBjjKkO.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\TFXQkMF.exe
  C:\Windows\System\TFXQkMF.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\oorzLSl.exe
  C:\Windows\System\oorzLSl.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\spbabtW.exe
  C:\Windows\System\spbabtW.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\FZQTdzM.exe
  C:\Windows\System\FZQTdzM.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\zFbNxLh.exe
  C:\Windows\System\zFbNxLh.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\ldmjWaV.exe
  C:\Windows\System\ldmjWaV.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\OqtTsnG.exe
  C:\Windows\System\OqtTsnG.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\kIywWkP.exe
  C:\Windows\System\kIywWkP.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\BhJRvCk.exe
  C:\Windows\System\BhJRvCk.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\SGgCoeO.exe
  C:\Windows\System\SGgCoeO.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\nHRzEWI.exe
  C:\Windows\System\nHRzEWI.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\opECASR.exe
  C:\Windows\System\opECASR.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\vFeUoeI.exe
  C:\Windows\System\vFeUoeI.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\FrHwWZo.exe
  C:\Windows\System\FrHwWZo.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\DivdiDX.exe
  C:\Windows\System\DivdiDX.exe
  2⤵
  PID:2012
- C:\Windows\System\xLSAqcP.exe
  C:\Windows\System\xLSAqcP.exe
  2⤵
  PID:1268
- C:\Windows\System\VsJhHZG.exe
  C:\Windows\System\VsJhHZG.exe
  2⤵
  PID:1800
- C:\Windows\System\TLnssip.exe
  C:\Windows\System\TLnssip.exe
  2⤵
  PID:1776
- C:\Windows\System\ZFKKuVz.exe
  C:\Windows\System\ZFKKuVz.exe
  2⤵
  PID:1040
- C:\Windows\System\cYpWJFS.exe
  C:\Windows\System\cYpWJFS.exe
  2⤵
  PID:444
- C:\Windows\System\VaKpMjm.exe
  C:\Windows\System\VaKpMjm.exe
  2⤵
  PID:2988
- C:\Windows\System\scZiKde.exe
  C:\Windows\System\scZiKde.exe
  2⤵
  PID:2468
- C:\Windows\System\jIkrbai.exe
  C:\Windows\System\jIkrbai.exe
  2⤵
  PID:692
- C:\Windows\System\ZDxYgiW.exe
  C:\Windows\System\ZDxYgiW.exe
  2⤵
  PID:2580
- C:\Windows\System\gjuMBMa.exe
  C:\Windows\System\gjuMBMa.exe
  2⤵
  PID:1088
- C:\Windows\System\YUUlhAm.exe
  C:\Windows\System\YUUlhAm.exe
  2⤵
  PID:396
- C:\Windows\System\ujgeqrv.exe
  C:\Windows\System\ujgeqrv.exe
  2⤵
  PID:1540
- C:\Windows\System\MNkFwTc.exe
  C:\Windows\System\MNkFwTc.exe
  2⤵
  PID:1336
- C:\Windows\System\EZqmdDk.exe
  C:\Windows\System\EZqmdDk.exe
  2⤵
  PID:2104
- C:\Windows\System\EMkJAjU.exe
  C:\Windows\System\EMkJAjU.exe
  2⤵
  PID:696
- C:\Windows\System\ElEcnLt.exe
  C:\Windows\System\ElEcnLt.exe
  2⤵
  PID:704
- C:\Windows\System\VLmYtMR.exe
  C:\Windows\System\VLmYtMR.exe
  2⤵
  PID:640
- C:\Windows\System\UBkyidp.exe
  C:\Windows\System\UBkyidp.exe
  2⤵
  PID:1156
- C:\Windows\System\OWbOVoz.exe
  C:\Windows\System\OWbOVoz.exe
  2⤵
  PID:2236
- C:\Windows\System\bqVEhis.exe
  C:\Windows\System\bqVEhis.exe
  2⤵
  PID:892
- C:\Windows\System\IkEuLyP.exe
  C:\Windows\System\IkEuLyP.exe
  2⤵
  PID:1656
- C:\Windows\System\ItsMYgA.exe
  C:\Windows\System\ItsMYgA.exe
  2⤵
  PID:2172
- C:\Windows\System\ZjOnuQl.exe
  C:\Windows\System\ZjOnuQl.exe
  2⤵
  PID:3064
- C:\Windows\System\xmrRXfc.exe
  C:\Windows\System\xmrRXfc.exe
  2⤵
  PID:2716
- C:\Windows\System\IFdSXNj.exe
  C:\Windows\System\IFdSXNj.exe
  2⤵
  PID:2736
- C:\Windows\System\LlgCbNn.exe
  C:\Windows\System\LlgCbNn.exe
  2⤵
  PID:2832
- C:\Windows\System\GsrHLTd.exe
  C:\Windows\System\GsrHLTd.exe
  2⤵
  PID:2612
- C:\Windows\System\DsoKTRZ.exe
  C:\Windows\System\DsoKTRZ.exe
  2⤵
  PID:3048
- C:\Windows\System\cXNMxsl.exe
  C:\Windows\System\cXNMxsl.exe
  2⤵
  PID:1252
- C:\Windows\System\MEcMODE.exe
  C:\Windows\System\MEcMODE.exe
  2⤵
  PID:1632
- C:\Windows\System\SIwbfsC.exe
  C:\Windows\System\SIwbfsC.exe
  2⤵
  PID:1736
- C:\Windows\System\zrNKWbF.exe
  C:\Windows\System\zrNKWbF.exe
  2⤵
  PID:2208
- C:\Windows\System\RgNKUTo.exe
  C:\Windows\System\RgNKUTo.exe
  2⤵
  PID:1308
- C:\Windows\System\LetiYQA.exe
  C:\Windows\System\LetiYQA.exe
  2⤵
  PID:1840
- C:\Windows\System\cDPwWGq.exe
  C:\Windows\System\cDPwWGq.exe
  2⤵
  PID:1100
- C:\Windows\System\VivZemM.exe
  C:\Windows\System\VivZemM.exe
  2⤵
  PID:1664
- C:\Windows\System\MSeEMPZ.exe
  C:\Windows\System\MSeEMPZ.exe
  2⤵
  PID:2920
- C:\Windows\System\mUWbvYM.exe
  C:\Windows\System\mUWbvYM.exe
  2⤵
  PID:1652
- C:\Windows\System\gXfxLkC.exe
  C:\Windows\System\gXfxLkC.exe
  2⤵
  PID:3032
- C:\Windows\System\VMZgWUb.exe
  C:\Windows\System\VMZgWUb.exe
  2⤵
  PID:2176
- C:\Windows\System\ZniPnKM.exe
  C:\Windows\System\ZniPnKM.exe
  2⤵
  PID:2120
- C:\Windows\System\IchgJUJ.exe
  C:\Windows\System\IchgJUJ.exe
  2⤵
  PID:888
- C:\Windows\System\trwvOnx.exe
  C:\Windows\System\trwvOnx.exe
  2⤵
  PID:1600
- C:\Windows\System\PrXkgyr.exe
  C:\Windows\System\PrXkgyr.exe
  2⤵
  PID:2728
- C:\Windows\System\pbDQIiN.exe
  C:\Windows\System\pbDQIiN.exe
  2⤵
  PID:2660
- C:\Windows\System\MQrVjER.exe
  C:\Windows\System\MQrVjER.exe
  2⤵
  PID:2060
- C:\Windows\System\wTiHKZi.exe
  C:\Windows\System\wTiHKZi.exe
  2⤵
  PID:992
- C:\Windows\System\aynVtqM.exe
  C:\Windows\System\aynVtqM.exe
  2⤵
  PID:1956
- C:\Windows\System\LoSTbmu.exe
  C:\Windows\System\LoSTbmu.exe
  2⤵
  PID:608
- C:\Windows\System\qAOJnQE.exe
  C:\Windows\System\qAOJnQE.exe
  2⤵
  PID:2564
- C:\Windows\System\lnKWzZt.exe
  C:\Windows\System\lnKWzZt.exe
  2⤵
  PID:2984
- C:\Windows\System\lwWKpkZ.exe
  C:\Windows\System\lwWKpkZ.exe
  2⤵
  PID:2924
- C:\Windows\System\ZRWzNQP.exe
  C:\Windows\System\ZRWzNQP.exe
  2⤵
  PID:2168
- C:\Windows\System\jBeTvKn.exe
  C:\Windows\System\jBeTvKn.exe
  2⤵
  PID:1576
- C:\Windows\System\rulUTYl.exe
  C:\Windows\System\rulUTYl.exe
  2⤵
  PID:2152
- C:\Windows\System\nWUyktU.exe
  C:\Windows\System\nWUyktU.exe
  2⤵
  PID:2212
- C:\Windows\System\uFKXwaT.exe
  C:\Windows\System\uFKXwaT.exe
  2⤵
  PID:2960
- C:\Windows\System\dKOEZFZ.exe
  C:\Windows\System\dKOEZFZ.exe
  2⤵
  PID:1844
- C:\Windows\System\oPfQSus.exe
  C:\Windows\System\oPfQSus.exe
  2⤵
  PID:272
- C:\Windows\System\YxLaNUm.exe
  C:\Windows\System\YxLaNUm.exe
  2⤵
  PID:960
- C:\Windows\System\HTaFbRA.exe
  C:\Windows\System\HTaFbRA.exe
  2⤵
  PID:1428
- C:\Windows\System\ijzWSke.exe
  C:\Windows\System\ijzWSke.exe
  2⤵
  PID:2100
- C:\Windows\System\ENSJYXb.exe
  C:\Windows\System\ENSJYXb.exe
  2⤵
  PID:2068
- C:\Windows\System\bIPuPKi.exe
  C:\Windows\System\bIPuPKi.exe
  2⤵
  PID:2608
- C:\Windows\System\QpjjnTL.exe
  C:\Windows\System\QpjjnTL.exe
  2⤵
  PID:3080
- C:\Windows\System\rwHjtoz.exe
  C:\Windows\System\rwHjtoz.exe
  2⤵
  PID:3100
- C:\Windows\System\VDcTvuV.exe
  C:\Windows\System\VDcTvuV.exe
  2⤵
  PID:3120
- C:\Windows\System\STyTWbi.exe
  C:\Windows\System\STyTWbi.exe
  2⤵
  PID:3140
- C:\Windows\System\ooLIXiz.exe
  C:\Windows\System\ooLIXiz.exe
  2⤵
  PID:3160
- C:\Windows\System\BpBiBzj.exe
  C:\Windows\System\BpBiBzj.exe
  2⤵
  PID:3180
- C:\Windows\System\AphCHvi.exe
  C:\Windows\System\AphCHvi.exe
  2⤵
  PID:3200
- C:\Windows\System\kMXdKsQ.exe
  C:\Windows\System\kMXdKsQ.exe
  2⤵
  PID:3220
- C:\Windows\System\JBnjocf.exe
  C:\Windows\System\JBnjocf.exe
  2⤵
  PID:3240
- C:\Windows\System\LQuzUPH.exe
  C:\Windows\System\LQuzUPH.exe
  2⤵
  PID:3260
- C:\Windows\System\WUfiRZG.exe
  C:\Windows\System\WUfiRZG.exe
  2⤵
  PID:3280
- C:\Windows\System\zAsLcJQ.exe
  C:\Windows\System\zAsLcJQ.exe
  2⤵
  PID:3300
- C:\Windows\System\HyTjeii.exe
  C:\Windows\System\HyTjeii.exe
  2⤵
  PID:3320
- C:\Windows\System\mFKCFMs.exe
  C:\Windows\System\mFKCFMs.exe
  2⤵
  PID:3340
- C:\Windows\System\zcIvRIC.exe
  C:\Windows\System\zcIvRIC.exe
  2⤵
  PID:3356
- C:\Windows\System\aIFOcbg.exe
  C:\Windows\System\aIFOcbg.exe
  2⤵
  PID:3380
- C:\Windows\System\vXvcMcb.exe
  C:\Windows\System\vXvcMcb.exe
  2⤵
  PID:3396
- C:\Windows\System\cpwzrDq.exe
  C:\Windows\System\cpwzrDq.exe
  2⤵
  PID:3420
- C:\Windows\System\bNTHBoo.exe
  C:\Windows\System\bNTHBoo.exe
  2⤵
  PID:3440
- C:\Windows\System\rzARGZI.exe
  C:\Windows\System\rzARGZI.exe
  2⤵
  PID:3460
- C:\Windows\System\RJyJMEQ.exe
  C:\Windows\System\RJyJMEQ.exe
  2⤵
  PID:3476
- C:\Windows\System\eKhbNGp.exe
  C:\Windows\System\eKhbNGp.exe
  2⤵
  PID:3500
- C:\Windows\System\wimTtNX.exe
  C:\Windows\System\wimTtNX.exe
  2⤵
  PID:3520
- C:\Windows\System\UFQgnvu.exe
  C:\Windows\System\UFQgnvu.exe
  2⤵
  PID:3540
- C:\Windows\System\RNQWCOb.exe
  C:\Windows\System\RNQWCOb.exe
  2⤵
  PID:3560
- C:\Windows\System\TZYLOnA.exe
  C:\Windows\System\TZYLOnA.exe
  2⤵
  PID:3580
- C:\Windows\System\CyomoSL.exe
  C:\Windows\System\CyomoSL.exe
  2⤵
  PID:3600
- C:\Windows\System\RjcMWZR.exe
  C:\Windows\System\RjcMWZR.exe
  2⤵
  PID:3620
- C:\Windows\System\BKKPnBc.exe
  C:\Windows\System\BKKPnBc.exe
  2⤵
  PID:3636
- C:\Windows\System\npxYKaz.exe
  C:\Windows\System\npxYKaz.exe
  2⤵
  PID:3660
- C:\Windows\System\fBedSbF.exe
  C:\Windows\System\fBedSbF.exe
  2⤵
  PID:3680
- C:\Windows\System\rwmiQKH.exe
  C:\Windows\System\rwmiQKH.exe
  2⤵
  PID:3700
- C:\Windows\System\RPLNTTD.exe
  C:\Windows\System\RPLNTTD.exe
  2⤵
  PID:3720
- C:\Windows\System\iXhgzkc.exe
  C:\Windows\System\iXhgzkc.exe
  2⤵
  PID:3740
- C:\Windows\System\KCFpOvP.exe
  C:\Windows\System\KCFpOvP.exe
  2⤵
  PID:3756
- C:\Windows\System\pPbMXwH.exe
  C:\Windows\System\pPbMXwH.exe
  2⤵
  PID:3780
- C:\Windows\System\TxgMPhs.exe
  C:\Windows\System\TxgMPhs.exe
  2⤵
  PID:3800
- C:\Windows\System\QlLAziD.exe
  C:\Windows\System\QlLAziD.exe
  2⤵
  PID:3820
- C:\Windows\System\BtBsuVx.exe
  C:\Windows\System\BtBsuVx.exe
  2⤵
  PID:3840
- C:\Windows\System\ImqOctk.exe
  C:\Windows\System\ImqOctk.exe
  2⤵
  PID:3860
- C:\Windows\System\wcArTwh.exe
  C:\Windows\System\wcArTwh.exe
  2⤵
  PID:3880
- C:\Windows\System\eshNwHv.exe
  C:\Windows\System\eshNwHv.exe
  2⤵
  PID:3900
- C:\Windows\System\phxcxrF.exe
  C:\Windows\System\phxcxrF.exe
  2⤵
  PID:3920
- C:\Windows\System\qqNZsCL.exe
  C:\Windows\System\qqNZsCL.exe
  2⤵
  PID:3940
- C:\Windows\System\eHoWhwG.exe
  C:\Windows\System\eHoWhwG.exe
  2⤵
  PID:3960
- C:\Windows\System\GsHMUnv.exe
  C:\Windows\System\GsHMUnv.exe
  2⤵
  PID:3980
- C:\Windows\System\GmOnLex.exe
  C:\Windows\System\GmOnLex.exe
  2⤵
  PID:4000
- C:\Windows\System\ogmEDLJ.exe
  C:\Windows\System\ogmEDLJ.exe
  2⤵
  PID:4020
- C:\Windows\System\WoIvMwv.exe
  C:\Windows\System\WoIvMwv.exe
  2⤵
  PID:4040
- C:\Windows\System\mBYWHto.exe
  C:\Windows\System\mBYWHto.exe
  2⤵
  PID:4060
- C:\Windows\System\KNDJFRM.exe
  C:\Windows\System\KNDJFRM.exe
  2⤵
  PID:4080
- C:\Windows\System\QARtmLt.exe
  C:\Windows\System\QARtmLt.exe
  2⤵
  PID:2504
- C:\Windows\System\KqhPjve.exe
  C:\Windows\System\KqhPjve.exe
  2⤵
  PID:2004
- C:\Windows\System\PbaqnQX.exe
  C:\Windows\System\PbaqnQX.exe
  2⤵
  PID:1680
- C:\Windows\System\EdLbIqi.exe
  C:\Windows\System\EdLbIqi.exe
  2⤵
  PID:2284
- C:\Windows\System\IWDlrdq.exe
  C:\Windows\System\IWDlrdq.exe
  2⤵
  PID:3076
- C:\Windows\System\lgMAjuE.exe
  C:\Windows\System\lgMAjuE.exe
  2⤵
  PID:3108
- C:\Windows\System\YNeqssi.exe
  C:\Windows\System\YNeqssi.exe
  2⤵
  PID:3148
- C:\Windows\System\inqDpMl.exe
  C:\Windows\System\inqDpMl.exe
  2⤵
  PID:3208
- C:\Windows\System\KcFLfGM.exe
  C:\Windows\System\KcFLfGM.exe
  2⤵
  PID:3212
- C:\Windows\System\VgKYhZK.exe
  C:\Windows\System\VgKYhZK.exe
  2⤵
  PID:3236
- C:\Windows\System\JYUpPkL.exe
  C:\Windows\System\JYUpPkL.exe
  2⤵
  PID:3276
- C:\Windows\System\ccwUDqT.exe
  C:\Windows\System\ccwUDqT.exe
  2⤵
  PID:3332
- C:\Windows\System\vZVsPzx.exe
  C:\Windows\System\vZVsPzx.exe
  2⤵
  PID:3376
- C:\Windows\System\AlWikpt.exe
  C:\Windows\System\AlWikpt.exe
  2⤵
  PID:3416
- C:\Windows\System\DPhUOiy.exe
  C:\Windows\System\DPhUOiy.exe
  2⤵
  PID:3392
- C:\Windows\System\jaCTAgj.exe
  C:\Windows\System\jaCTAgj.exe
  2⤵
  PID:3436
- C:\Windows\System\uSNvjZp.exe
  C:\Windows\System\uSNvjZp.exe
  2⤵
  PID:3468
- C:\Windows\System\TztPSEk.exe
  C:\Windows\System\TztPSEk.exe
  2⤵
  PID:3528
- C:\Windows\System\hUlYzlC.exe
  C:\Windows\System\hUlYzlC.exe
  2⤵
  PID:3576
- C:\Windows\System\PXNMcVP.exe
  C:\Windows\System\PXNMcVP.exe
  2⤵
  PID:3608
- C:\Windows\System\ZlfAGAl.exe
  C:\Windows\System\ZlfAGAl.exe
  2⤵
  PID:3592
- C:\Windows\System\TslwEpe.exe
  C:\Windows\System\TslwEpe.exe
  2⤵
  PID:3688
- C:\Windows\System\QYdxYLq.exe
  C:\Windows\System\QYdxYLq.exe
  2⤵
  PID:3728
- C:\Windows\System\fIDELEW.exe
  C:\Windows\System\fIDELEW.exe
  2⤵
  PID:3672
- C:\Windows\System\jLQWRbT.exe
  C:\Windows\System\jLQWRbT.exe
  2⤵
  PID:3772
- C:\Windows\System\yEWNfLf.exe
  C:\Windows\System\yEWNfLf.exe
  2⤵
  PID:3808
- C:\Windows\System\AluXcwT.exe
  C:\Windows\System\AluXcwT.exe
  2⤵
  PID:3796
- C:\Windows\System\sxvHDuW.exe
  C:\Windows\System\sxvHDuW.exe
  2⤵
  PID:3852
- C:\Windows\System\PGAIrpL.exe
  C:\Windows\System\PGAIrpL.exe
  2⤵
  PID:3936
- C:\Windows\System\fAWzngj.exe
  C:\Windows\System\fAWzngj.exe
  2⤵
  PID:3956
- C:\Windows\System\hDAeFRl.exe
  C:\Windows\System\hDAeFRl.exe
  2⤵
  PID:4016
- C:\Windows\System\kLpAsVc.exe
  C:\Windows\System\kLpAsVc.exe
  2⤵
  PID:4028
- C:\Windows\System\djiJcbN.exe
  C:\Windows\System\djiJcbN.exe
  2⤵
  PID:3088
- C:\Windows\System\dRabTMI.exe
  C:\Windows\System\dRabTMI.exe
  2⤵
  PID:3168
- C:\Windows\System\AOgqFqB.exe
  C:\Windows\System\AOgqFqB.exe
  2⤵
  PID:3192
- C:\Windows\System\yVeWEhS.exe
  C:\Windows\System\yVeWEhS.exe
  2⤵
  PID:3172
- C:\Windows\System\bXCoAOE.exe
  C:\Windows\System\bXCoAOE.exe
  2⤵
  PID:3288
- C:\Windows\System\TvmZdfI.exe
  C:\Windows\System\TvmZdfI.exe
  2⤵
  PID:3292
- C:\Windows\System\xmQewOq.exe
  C:\Windows\System\xmQewOq.exe
  2⤵
  PID:3388
- C:\Windows\System\OcGEfjf.exe
  C:\Windows\System\OcGEfjf.exe
  2⤵
  PID:3404
- C:\Windows\System\ErToylH.exe
  C:\Windows\System\ErToylH.exe
  2⤵
  PID:3472
- C:\Windows\System\VtUToZC.exe
  C:\Windows\System\VtUToZC.exe
  2⤵
  PID:3568
- C:\Windows\System\zeblQeO.exe
  C:\Windows\System\zeblQeO.exe
  2⤵
  PID:3588
- C:\Windows\System\jKsVIle.exe
  C:\Windows\System\jKsVIle.exe
  2⤵
  PID:3652
- C:\Windows\System\IlsKEML.exe
  C:\Windows\System\IlsKEML.exe
  2⤵
  PID:3628
- C:\Windows\System\mARSizX.exe
  C:\Windows\System\mARSizX.exe
  2⤵
  PID:3812
- C:\Windows\System\fGEUKMt.exe
  C:\Windows\System\fGEUKMt.exe
  2⤵
  PID:3676
- C:\Windows\System\UZTnJJr.exe
  C:\Windows\System\UZTnJJr.exe
  2⤵
  PID:3868
- C:\Windows\System\QsCFXeT.exe
  C:\Windows\System\QsCFXeT.exe
  2⤵
  PID:3972
- C:\Windows\System\zQyhsIO.exe
  C:\Windows\System\zQyhsIO.exe
  2⤵
  PID:3948
- C:\Windows\System\eSSydzK.exe
  C:\Windows\System\eSSydzK.exe
  2⤵
  PID:2016
- C:\Windows\System\ZouRiZt.exe
  C:\Windows\System\ZouRiZt.exe
  2⤵
  PID:2888
- C:\Windows\System\qIZZYUM.exe
  C:\Windows\System\qIZZYUM.exe
  2⤵
  PID:2312
- C:\Windows\System\CCtCnFM.exe
  C:\Windows\System\CCtCnFM.exe
  2⤵
  PID:1960
- C:\Windows\System\PaLoUiG.exe
  C:\Windows\System\PaLoUiG.exe
  2⤵
  PID:3128
- C:\Windows\System\pbYCPkB.exe
  C:\Windows\System\pbYCPkB.exe
  2⤵
  PID:3256
- C:\Windows\System\nNeInxN.exe
  C:\Windows\System\nNeInxN.exe
  2⤵
  PID:1496
- C:\Windows\System\jWiBgTX.exe
  C:\Windows\System\jWiBgTX.exe
  2⤵
  PID:3156
- C:\Windows\System\FEEbMPf.exe
  C:\Windows\System\FEEbMPf.exe
  2⤵
  PID:3492
- C:\Windows\System\GOwxQrN.exe
  C:\Windows\System\GOwxQrN.exe
  2⤵
  PID:3496
- C:\Windows\System\FNxMTWK.exe
  C:\Windows\System\FNxMTWK.exe
  2⤵
  PID:1032
- C:\Windows\System\DKZdleK.exe
  C:\Windows\System\DKZdleK.exe
  2⤵
  PID:3596
- C:\Windows\System\NnBtSkp.exe
  C:\Windows\System\NnBtSkp.exe
  2⤵
  PID:3552
- C:\Windows\System\IfVpUbu.exe
  C:\Windows\System\IfVpUbu.exe
  2⤵
  PID:1396
- C:\Windows\System\GDjuHNj.exe
  C:\Windows\System\GDjuHNj.exe
  2⤵
  PID:3692
- C:\Windows\System\ytlojrk.exe
  C:\Windows\System\ytlojrk.exe
  2⤵
  PID:812
- C:\Windows\System\vintyfH.exe
  C:\Windows\System\vintyfH.exe
  2⤵
  PID:1984
- C:\Windows\System\nukVSwE.exe
  C:\Windows\System\nukVSwE.exe
  2⤵
  PID:3712
- C:\Windows\System\BqQdbub.exe
  C:\Windows\System\BqQdbub.exe
  2⤵
  PID:464
- C:\Windows\System\XBSQSzq.exe
  C:\Windows\System\XBSQSzq.exe
  2⤵
  PID:3832
- C:\Windows\System\xtqfbaF.exe
  C:\Windows\System\xtqfbaF.exe
  2⤵
  PID:3888
- C:\Windows\System\IqvaLIZ.exe
  C:\Windows\System\IqvaLIZ.exe
  2⤵
  PID:3988
- C:\Windows\System\SZOqkcM.exe
  C:\Windows\System\SZOqkcM.exe
  2⤵
  PID:2244
- C:\Windows\System\gJWkNHM.exe
  C:\Windows\System\gJWkNHM.exe
  2⤵
  PID:2840
- C:\Windows\System\wxuYGdI.exe
  C:\Windows\System\wxuYGdI.exe
  2⤵
  PID:2228
- C:\Windows\System\zpmBxcJ.exe
  C:\Windows\System\zpmBxcJ.exe
  2⤵
  PID:1704
- C:\Windows\System\kxAOYpg.exe
  C:\Windows\System\kxAOYpg.exe
  2⤵
  PID:3932
- C:\Windows\System\HXVulrj.exe
  C:\Windows\System\HXVulrj.exe
  2⤵
  PID:3428
- C:\Windows\System\mvqkADZ.exe
  C:\Windows\System\mvqkADZ.exe
  2⤵
  PID:1700
- C:\Windows\System\KdJzgbt.exe
  C:\Windows\System\KdJzgbt.exe
  2⤵
  PID:3612
- C:\Windows\System\ISsOLaC.exe
  C:\Windows\System\ISsOLaC.exe
  2⤵
  PID:2784
- C:\Windows\System\rBsyIYv.exe
  C:\Windows\System\rBsyIYv.exe
  2⤵
  PID:2628
- C:\Windows\System\hmjnBMk.exe
  C:\Windows\System\hmjnBMk.exe
  2⤵
  PID:3708
- C:\Windows\System\bHwJijN.exe
  C:\Windows\System\bHwJijN.exe
  2⤵
  PID:2780
- C:\Windows\System\hQYfVag.exe
  C:\Windows\System\hQYfVag.exe
  2⤵
  PID:3788
- C:\Windows\System\LhJcsLF.exe
  C:\Windows\System\LhJcsLF.exe
  2⤵
  PID:3816
- C:\Windows\System\TwXhESu.exe
  C:\Windows\System\TwXhESu.exe
  2⤵
  PID:4032
- C:\Windows\System\xogeQgd.exe
  C:\Windows\System\xogeQgd.exe
  2⤵
  PID:2444
- C:\Windows\System\RUzJvIr.exe
  C:\Windows\System\RUzJvIr.exe
  2⤵
  PID:3132
- C:\Windows\System\tMzklpj.exe
  C:\Windows\System\tMzklpj.exe
  2⤵
  PID:3092
- C:\Windows\System\LUsUUUh.exe
  C:\Windows\System\LUsUUUh.exe
  2⤵
  PID:3892
- C:\Windows\System\YJxvQPW.exe
  C:\Windows\System\YJxvQPW.exe
  2⤵
  PID:836
- C:\Windows\System\lDkqEox.exe
  C:\Windows\System\lDkqEox.exe
  2⤵
  PID:2856
- C:\Windows\System\NnVcLnc.exe
  C:\Windows\System\NnVcLnc.exe
  2⤵
  PID:3536
- C:\Windows\System\NGflTjc.exe
  C:\Windows\System\NGflTjc.exe
  2⤵
  PID:3896
- C:\Windows\System\RVvOVjo.exe
  C:\Windows\System\RVvOVjo.exe
  2⤵
  PID:3916
- C:\Windows\System\asvbVlb.exe
  C:\Windows\System\asvbVlb.exe
  2⤵
  PID:2676
- C:\Windows\System\GYPTIdc.exe
  C:\Windows\System\GYPTIdc.exe
  2⤵
  PID:1636
- C:\Windows\System\CvfBmYc.exe
  C:\Windows\System\CvfBmYc.exe
  2⤵
  PID:3876
- C:\Windows\System\KTdkwJb.exe
  C:\Windows\System\KTdkwJb.exe
  2⤵
  PID:1996
- C:\Windows\System\OhZEkiE.exe
  C:\Windows\System\OhZEkiE.exe
  2⤵
  PID:920
- C:\Windows\System\wyASIjz.exe
  C:\Windows\System\wyASIjz.exe
  2⤵
  PID:2808
- C:\Windows\System\MRfgTbd.exe
  C:\Windows\System\MRfgTbd.exe
  2⤵
  PID:3976
- C:\Windows\System\ulVAcaL.exe
  C:\Windows\System\ulVAcaL.exe
  2⤵
  PID:1488
- C:\Windows\System\phmPWFx.exe
  C:\Windows\System\phmPWFx.exe
  2⤵
  PID:4112
- C:\Windows\System\OkDrjRL.exe
  C:\Windows\System\OkDrjRL.exe
  2⤵
  PID:4128
- C:\Windows\System\WnuKIck.exe
  C:\Windows\System\WnuKIck.exe
  2⤵
  PID:4156
- C:\Windows\System\dWhECrQ.exe
  C:\Windows\System\dWhECrQ.exe
  2⤵
  PID:4172
- C:\Windows\System\sVLyXjP.exe
  C:\Windows\System\sVLyXjP.exe
  2⤵
  PID:4188
- C:\Windows\System\qmdemTY.exe
  C:\Windows\System\qmdemTY.exe
  2⤵
  PID:4204
- C:\Windows\System\qzDPqkn.exe
  C:\Windows\System\qzDPqkn.exe
  2⤵
  PID:4220
- C:\Windows\System\fgDpZJm.exe
  C:\Windows\System\fgDpZJm.exe
  2⤵
  PID:4240
- C:\Windows\System\JAgxXnA.exe
  C:\Windows\System\JAgxXnA.exe
  2⤵
  PID:4276
- C:\Windows\System\GaCyLsP.exe
  C:\Windows\System\GaCyLsP.exe
  2⤵
  PID:4292
- C:\Windows\System\YGWFVhg.exe
  C:\Windows\System\YGWFVhg.exe
  2⤵
  PID:4308
- C:\Windows\System\OlPGVQx.exe
  C:\Windows\System\OlPGVQx.exe
  2⤵
  PID:4324
- C:\Windows\System\NaBxOho.exe
  C:\Windows\System\NaBxOho.exe
  2⤵
  PID:4340
- C:\Windows\System\ZqNbTKg.exe
  C:\Windows\System\ZqNbTKg.exe
  2⤵
  PID:4356
- C:\Windows\System\FyldslW.exe
  C:\Windows\System\FyldslW.exe
  2⤵
  PID:4372
- C:\Windows\System\BgLVezD.exe
  C:\Windows\System\BgLVezD.exe
  2⤵
  PID:4388
- C:\Windows\System\mruNvJL.exe
  C:\Windows\System\mruNvJL.exe
  2⤵
  PID:4448
- C:\Windows\System\MkJMaYr.exe
  C:\Windows\System\MkJMaYr.exe
  2⤵
  PID:4464
- C:\Windows\System\LnSyVoD.exe
  C:\Windows\System\LnSyVoD.exe
  2⤵
  PID:4480
- C:\Windows\System\lYCFKoW.exe
  C:\Windows\System\lYCFKoW.exe
  2⤵
  PID:4496
- C:\Windows\System\vzqZRmh.exe
  C:\Windows\System\vzqZRmh.exe
  2⤵
  PID:4516
- C:\Windows\System\DOqKjYp.exe
  C:\Windows\System\DOqKjYp.exe
  2⤵
  PID:4532
- C:\Windows\System\uDJqGgr.exe
  C:\Windows\System\uDJqGgr.exe
  2⤵
  PID:4548
- C:\Windows\System\twUpiWD.exe
  C:\Windows\System\twUpiWD.exe
  2⤵
  PID:4568
- C:\Windows\System\BDsVpbt.exe
  C:\Windows\System\BDsVpbt.exe
  2⤵
  PID:4588
- C:\Windows\System\bRmCCKV.exe
  C:\Windows\System\bRmCCKV.exe
  2⤵
  PID:4604
- C:\Windows\System\boNNLjS.exe
  C:\Windows\System\boNNLjS.exe
  2⤵
  PID:4628
- C:\Windows\System\EwsWXqH.exe
  C:\Windows\System\EwsWXqH.exe
  2⤵
  PID:4648
- C:\Windows\System\SWiSuhj.exe
  C:\Windows\System\SWiSuhj.exe
  2⤵
  PID:4672
- C:\Windows\System\fLPTxXh.exe
  C:\Windows\System\fLPTxXh.exe
  2⤵
  PID:4692
- C:\Windows\System\IjICSbQ.exe
  C:\Windows\System\IjICSbQ.exe
  2⤵
  PID:4708
- C:\Windows\System\uJhqvJh.exe
  C:\Windows\System\uJhqvJh.exe
  2⤵
  PID:4728
- C:\Windows\System\ZQStmdZ.exe
  C:\Windows\System\ZQStmdZ.exe
  2⤵
  PID:4744
- C:\Windows\System\jSsQLrw.exe
  C:\Windows\System\jSsQLrw.exe
  2⤵
  PID:4760
- C:\Windows\System\odOMbYT.exe
  C:\Windows\System\odOMbYT.exe
  2⤵
  PID:4780
- C:\Windows\System\EzaygGv.exe
  C:\Windows\System\EzaygGv.exe
  2⤵
  PID:4800
- C:\Windows\System\FNkZUNh.exe
  C:\Windows\System\FNkZUNh.exe
  2⤵
  PID:4820
- C:\Windows\System\UKfmjEj.exe
  C:\Windows\System\UKfmjEj.exe
  2⤵
  PID:4844
- C:\Windows\System\ecSqiVx.exe
  C:\Windows\System\ecSqiVx.exe
  2⤵
  PID:4860
- C:\Windows\System\kTNThcK.exe
  C:\Windows\System\kTNThcK.exe
  2⤵
  PID:4876
- C:\Windows\System\EhyzsvT.exe
  C:\Windows\System\EhyzsvT.exe
  2⤵
  PID:4892
- C:\Windows\System\ysBmAte.exe
  C:\Windows\System\ysBmAte.exe
  2⤵
  PID:4908
- C:\Windows\System\JwtSwpq.exe
  C:\Windows\System\JwtSwpq.exe
  2⤵
  PID:4928
- C:\Windows\System\WheQDdN.exe
  C:\Windows\System\WheQDdN.exe
  2⤵
  PID:4948
- C:\Windows\System\egiHvhz.exe
  C:\Windows\System\egiHvhz.exe
  2⤵
  PID:4968
- C:\Windows\System\aMZGAwi.exe
  C:\Windows\System\aMZGAwi.exe
  2⤵
  PID:4988
- C:\Windows\System\QzQIIAz.exe
  C:\Windows\System\QzQIIAz.exe
  2⤵
  PID:5004
- C:\Windows\System\oLyxaKn.exe
  C:\Windows\System\oLyxaKn.exe
  2⤵
  PID:5020
- C:\Windows\System\ZSZWNKU.exe
  C:\Windows\System\ZSZWNKU.exe
  2⤵
  PID:5036
- C:\Windows\System\MtBoity.exe
  C:\Windows\System\MtBoity.exe
  2⤵
  PID:5052
- C:\Windows\System\BwviPba.exe
  C:\Windows\System\BwviPba.exe
  2⤵
  PID:5072
- C:\Windows\System\NhaNurU.exe
  C:\Windows\System\NhaNurU.exe
  2⤵
  PID:5088
- C:\Windows\System\vUVRrSa.exe
  C:\Windows\System\vUVRrSa.exe
  2⤵
  PID:4012
- C:\Windows\System\pQzhSbi.exe
  C:\Windows\System\pQzhSbi.exe
  2⤵
  PID:3364
- C:\Windows\System\fvplUQp.exe
  C:\Windows\System\fvplUQp.exe
  2⤵
  PID:4152
- C:\Windows\System\DWfNAsz.exe
  C:\Windows\System\DWfNAsz.exe
  2⤵
  PID:4180
- C:\Windows\System\Erkcfze.exe
  C:\Windows\System\Erkcfze.exe
  2⤵
  PID:4072
- C:\Windows\System\XvcXEwG.exe
  C:\Windows\System\XvcXEwG.exe
  2⤵
  PID:4248
- C:\Windows\System\VqguyrL.exe
  C:\Windows\System\VqguyrL.exe
  2⤵
  PID:4272
- C:\Windows\System\UqiQnAg.exe
  C:\Windows\System\UqiQnAg.exe
  2⤵
  PID:4196
- C:\Windows\System\RuyZZzM.exe
  C:\Windows\System\RuyZZzM.exe
  2⤵
  PID:4284
- C:\Windows\System\frQDrXf.exe
  C:\Windows\System\frQDrXf.exe
  2⤵
  PID:4332
- C:\Windows\System\iulNWNh.exe
  C:\Windows\System\iulNWNh.exe
  2⤵
  PID:4396
- C:\Windows\System\SuacLqS.exe
  C:\Windows\System\SuacLqS.exe
  2⤵
  PID:4412
- C:\Windows\System\xJsgpAg.exe
  C:\Windows\System\xJsgpAg.exe
  2⤵
  PID:4424
- C:\Windows\System\TCMQwQT.exe
  C:\Windows\System\TCMQwQT.exe
  2⤵
  PID:4384
- C:\Windows\System\NXWUqQt.exe
  C:\Windows\System\NXWUqQt.exe
  2⤵
  PID:4508
- C:\Windows\System\NbdGxcT.exe
  C:\Windows\System\NbdGxcT.exe
  2⤵
  PID:4576
- C:\Windows\System\xZgIrzW.exe
  C:\Windows\System\xZgIrzW.exe
  2⤵
  PID:4612
- C:\Windows\System\UOhBRee.exe
  C:\Windows\System\UOhBRee.exe
  2⤵
  PID:4460
- C:\Windows\System\cREBiDa.exe
  C:\Windows\System\cREBiDa.exe
  2⤵
  PID:4700
- C:\Windows\System\tmYcsbB.exe
  C:\Windows\System\tmYcsbB.exe
  2⤵
  PID:4740
- C:\Windows\System\ZhtoskT.exe
  C:\Windows\System\ZhtoskT.exe
  2⤵
  PID:4808
- C:\Windows\System\GJctknM.exe
  C:\Windows\System\GJctknM.exe
  2⤵
  PID:4884
- C:\Windows\System\yebJsBF.exe
  C:\Windows\System\yebJsBF.exe
  2⤵
  PID:4636
- C:\Windows\System\KAeMwQX.exe
  C:\Windows\System\KAeMwQX.exe
  2⤵
  PID:4964
- C:\Windows\System\EPpZerm.exe
  C:\Windows\System\EPpZerm.exe
  2⤵
  PID:4960
- C:\Windows\System\yzNePXp.exe
  C:\Windows\System\yzNePXp.exe
  2⤵
  PID:5028
- C:\Windows\System\RnyloHg.exe
  C:\Windows\System\RnyloHg.exe
  2⤵
  PID:5068
- C:\Windows\System\BxsYUEl.exe
  C:\Windows\System\BxsYUEl.exe
  2⤵
  PID:5112
- C:\Windows\System\LeGWrYT.exe
  C:\Windows\System\LeGWrYT.exe
  2⤵
  PID:404
- C:\Windows\System\RPWQlba.exe
  C:\Windows\System\RPWQlba.exe
  2⤵
  PID:4556
- C:\Windows\System\paavNQa.exe
  C:\Windows\System\paavNQa.exe
  2⤵
  PID:4940
- C:\Windows\System\KoDZMxg.exe
  C:\Windows\System\KoDZMxg.exe
  2⤵
  PID:5016
- C:\Windows\System\xEvDBAQ.exe
  C:\Windows\System\xEvDBAQ.exe
  2⤵
  PID:4684
- C:\Windows\System\osVFwdB.exe
  C:\Windows\System\osVFwdB.exe
  2⤵
  PID:4052
- C:\Windows\System\ZNtGWPG.exe
  C:\Windows\System\ZNtGWPG.exe
  2⤵
  PID:5100
- C:\Windows\System\GaASfHr.exe
  C:\Windows\System\GaASfHr.exe
  2⤵
  PID:4120
- C:\Windows\System\LEkQGhV.exe
  C:\Windows\System\LEkQGhV.exe
  2⤵
  PID:2204
- C:\Windows\System\MIxUStx.exe
  C:\Windows\System\MIxUStx.exe
  2⤵
  PID:4144
- C:\Windows\System\buMOdBL.exe
  C:\Windows\System\buMOdBL.exe
  2⤵
  PID:4184
- C:\Windows\System\vpsZcXL.exe
  C:\Windows\System\vpsZcXL.exe
  2⤵
  PID:4216
- C:\Windows\System\TthvChW.exe
  C:\Windows\System\TthvChW.exe
  2⤵
  PID:4268
- C:\Windows\System\QbDRFnd.exe
  C:\Windows\System\QbDRFnd.exe
  2⤵
  PID:4348
- C:\Windows\System\NfqgpAx.exe
  C:\Windows\System\NfqgpAx.exe
  2⤵
  PID:4472
- C:\Windows\System\UwgOOYf.exe
  C:\Windows\System\UwgOOYf.exe
  2⤵
  PID:4408
- C:\Windows\System\qISqsmL.exe
  C:\Windows\System\qISqsmL.exe
  2⤵
  PID:4544
- C:\Windows\System\KWbeDkE.exe
  C:\Windows\System\KWbeDkE.exe
  2⤵
  PID:4624
- C:\Windows\System\vRDwrVl.exe
  C:\Windows\System\vRDwrVl.exe
  2⤵
  PID:4816
- C:\Windows\System\IPpNanG.exe
  C:\Windows\System\IPpNanG.exe
  2⤵
  PID:5032
- C:\Windows\System\mpoNeat.exe
  C:\Windows\System\mpoNeat.exe
  2⤵
  PID:4756
- C:\Windows\System\fPNskxL.exe
  C:\Windows\System\fPNskxL.exe
  2⤵
  PID:4772
- C:\Windows\System\QnRbnyn.exe
  C:\Windows\System\QnRbnyn.exe
  2⤵
  PID:4924
- C:\Windows\System\eBvQxqe.exe
  C:\Windows\System\eBvQxqe.exe
  2⤵
  PID:5064
- C:\Windows\System\uxnfsIO.exe
  C:\Windows\System\uxnfsIO.exe
  2⤵
  PID:2852
- C:\Windows\System\muDemFE.exe
  C:\Windows\System\muDemFE.exe
  2⤵
  PID:4788
- C:\Windows\System\GOhZhQX.exe
  C:\Windows\System\GOhZhQX.exe
  2⤵
  PID:5012
- C:\Windows\System\SZTSdeV.exe
  C:\Windows\System\SZTSdeV.exe
  2⤵
  PID:4528
- C:\Windows\System\gzibCGN.exe
  C:\Windows\System\gzibCGN.exe
  2⤵
  PID:4104
- C:\Windows\System\GMgzQcf.exe
  C:\Windows\System\GMgzQcf.exe
  2⤵
  PID:4256
- C:\Windows\System\sXpVIeV.exe
  C:\Windows\System\sXpVIeV.exe
  2⤵
  PID:4680
- C:\Windows\System\aChljxY.exe
  C:\Windows\System\aChljxY.exe
  2⤵
  PID:4300
- C:\Windows\System\bWKlmar.exe
  C:\Windows\System\bWKlmar.exe
  2⤵
  PID:2812
- C:\Windows\System\zRcAoPd.exe
  C:\Windows\System\zRcAoPd.exe
  2⤵
  PID:1172
- C:\Windows\System\kvvVEXy.exe
  C:\Windows\System\kvvVEXy.exe
  2⤵
  PID:1380
- C:\Windows\System\lIHpvgD.exe
  C:\Windows\System\lIHpvgD.exe
  2⤵
  PID:4288
- C:\Windows\System\xREhEsC.exe
  C:\Windows\System\xREhEsC.exe
  2⤵
  PID:4920
- C:\Windows\System\oCAzORV.exe
  C:\Windows\System\oCAzORV.exe
  2⤵
  PID:4888
- C:\Windows\System\HVCFWNf.exe
  C:\Windows\System\HVCFWNf.exe
  2⤵
  PID:4976
- C:\Windows\System\wXzxdah.exe
  C:\Windows\System\wXzxdah.exe
  2⤵
  PID:5080
- C:\Windows\System\hjEgYJy.exe
  C:\Windows\System\hjEgYJy.exe
  2⤵
  PID:4492
- C:\Windows\System\bqrrGRk.exe
  C:\Windows\System\bqrrGRk.exe
  2⤵
  PID:5060
- C:\Windows\System\zayPYVY.exe
  C:\Windows\System\zayPYVY.exe
  2⤵
  PID:4832
- C:\Windows\System\JLjGjfX.exe
  C:\Windows\System\JLjGjfX.exe
  2⤵
  PID:4168
- C:\Windows\System\srwDtTb.exe
  C:\Windows\System\srwDtTb.exe
  2⤵
  PID:4796
- C:\Windows\System\gygNKuk.exe
  C:\Windows\System\gygNKuk.exe
  2⤵
  PID:2008
- C:\Windows\System\WxKgtCT.exe
  C:\Windows\System\WxKgtCT.exe
  2⤵
  PID:4704
- C:\Windows\System\WrnFQsY.exe
  C:\Windows\System\WrnFQsY.exe
  2⤵
  PID:4752
- C:\Windows\System\bqARVyF.exe
  C:\Windows\System\bqARVyF.exe
  2⤵
  PID:5148
- C:\Windows\System\IJJtjMf.exe
  C:\Windows\System\IJJtjMf.exe
  2⤵
  PID:5200
- C:\Windows\System\hzjbeqJ.exe
  C:\Windows\System\hzjbeqJ.exe
  2⤵
  PID:5220
- C:\Windows\System\oqMecuH.exe
  C:\Windows\System\oqMecuH.exe
  2⤵
  PID:5240
- C:\Windows\System\CxBxylb.exe
  C:\Windows\System\CxBxylb.exe
  2⤵
  PID:5256
- C:\Windows\System\gQnWJhq.exe
  C:\Windows\System\gQnWJhq.exe
  2⤵
  PID:5276
- C:\Windows\System\fNxlaNG.exe
  C:\Windows\System\fNxlaNG.exe
  2⤵
  PID:5292
- C:\Windows\System\MkCoQKS.exe
  C:\Windows\System\MkCoQKS.exe
  2⤵
  PID:5308
- C:\Windows\System\qYqtRES.exe
  C:\Windows\System\qYqtRES.exe
  2⤵
  PID:5324
- C:\Windows\System\yCezbjT.exe
  C:\Windows\System\yCezbjT.exe
  2⤵
  PID:5344
- C:\Windows\System\YFZdcmW.exe
  C:\Windows\System\YFZdcmW.exe
  2⤵
  PID:5364
- C:\Windows\System\rEVCsmC.exe
  C:\Windows\System\rEVCsmC.exe
  2⤵
  PID:5384
- C:\Windows\System\IgDVZOw.exe
  C:\Windows\System\IgDVZOw.exe
  2⤵
  PID:5428
- C:\Windows\System\GqfdnIH.exe
  C:\Windows\System\GqfdnIH.exe
  2⤵
  PID:5448
- C:\Windows\System\gSmAclS.exe
  C:\Windows\System\gSmAclS.exe
  2⤵
  PID:5464
- C:\Windows\System\NdiIAKC.exe
  C:\Windows\System\NdiIAKC.exe
  2⤵
  PID:5480
- C:\Windows\System\CuMobSk.exe
  C:\Windows\System\CuMobSk.exe
  2⤵
  PID:5500
- C:\Windows\System\mZgFHsc.exe
  C:\Windows\System\mZgFHsc.exe
  2⤵
  PID:5520
- C:\Windows\System\sFiAPpH.exe
  C:\Windows\System\sFiAPpH.exe
  2⤵
  PID:5536
- C:\Windows\System\AxTvhxk.exe
  C:\Windows\System\AxTvhxk.exe
  2⤵
  PID:5572
- C:\Windows\System\fESZAPx.exe
  C:\Windows\System\fESZAPx.exe
  2⤵
  PID:5588
- C:\Windows\System\ozUrOZv.exe
  C:\Windows\System\ozUrOZv.exe
  2⤵
  PID:5608
- C:\Windows\System\KUnhuBX.exe
  C:\Windows\System\KUnhuBX.exe
  2⤵
  PID:5628
- C:\Windows\System\gKNEhyr.exe
  C:\Windows\System\gKNEhyr.exe
  2⤵
  PID:5652
- C:\Windows\System\HnHFgCF.exe
  C:\Windows\System\HnHFgCF.exe
  2⤵
  PID:5672
- C:\Windows\System\taAPBrs.exe
  C:\Windows\System\taAPBrs.exe
  2⤵
  PID:5688
- C:\Windows\System\sDFradc.exe
  C:\Windows\System\sDFradc.exe
  2⤵
  PID:5704
- C:\Windows\System\oyKvuoY.exe
  C:\Windows\System\oyKvuoY.exe
  2⤵
  PID:5720
- C:\Windows\System\gYJdhXp.exe
  C:\Windows\System\gYJdhXp.exe
  2⤵
  PID:5744
- C:\Windows\System\wcCdcWf.exe
  C:\Windows\System\wcCdcWf.exe
  2⤵
  PID:5772
- C:\Windows\System\AwuoQhX.exe
  C:\Windows\System\AwuoQhX.exe
  2⤵
  PID:5788
- C:\Windows\System\WrQTGJd.exe
  C:\Windows\System\WrQTGJd.exe
  2⤵
  PID:5808
- C:\Windows\System\kbkZKKe.exe
  C:\Windows\System\kbkZKKe.exe
  2⤵
  PID:5824
- C:\Windows\System\RuzzVPv.exe
  C:\Windows\System\RuzzVPv.exe
  2⤵
  PID:5848
- C:\Windows\System\HMwRQTj.exe
  C:\Windows\System\HMwRQTj.exe
  2⤵
  PID:5868
- C:\Windows\System\lAMipUz.exe
  C:\Windows\System\lAMipUz.exe
  2⤵
  PID:5884
- C:\Windows\System\bBvZNpJ.exe
  C:\Windows\System\bBvZNpJ.exe
  2⤵
  PID:5900
- C:\Windows\System\EhFEWBp.exe
  C:\Windows\System\EhFEWBp.exe
  2⤵
  PID:5916
- C:\Windows\System\pIEnlqK.exe
  C:\Windows\System\pIEnlqK.exe
  2⤵
  PID:5936
- C:\Windows\System\RzNuHbh.exe
  C:\Windows\System\RzNuHbh.exe
  2⤵
  PID:5952
- C:\Windows\System\LOfOtsO.exe
  C:\Windows\System\LOfOtsO.exe
  2⤵
  PID:5980
- C:\Windows\System\endQOux.exe
  C:\Windows\System\endQOux.exe
  2⤵
  PID:5996
- C:\Windows\System\qLluYsi.exe
  C:\Windows\System\qLluYsi.exe
  2⤵
  PID:6012
- C:\Windows\System\BSUTmKW.exe
  C:\Windows\System\BSUTmKW.exe
  2⤵
  PID:6028
- C:\Windows\System\puOQjIe.exe
  C:\Windows\System\puOQjIe.exe
  2⤵
  PID:6048
- C:\Windows\System\xKqXRxK.exe
  C:\Windows\System\xKqXRxK.exe
  2⤵
  PID:6068
- C:\Windows\System\JEURoMc.exe
  C:\Windows\System\JEURoMc.exe
  2⤵
  PID:6108
- C:\Windows\System\Isulmmh.exe
  C:\Windows\System\Isulmmh.exe
  2⤵
  PID:6124
- C:\Windows\System\MDerxja.exe
  C:\Windows\System\MDerxja.exe
  2⤵
  PID:6140
- C:\Windows\System\WdItdiy.exe
  C:\Windows\System\WdItdiy.exe
  2⤵
  PID:5048
- C:\Windows\System\ixQcPtp.exe
  C:\Windows\System\ixQcPtp.exe
  2⤵
  PID:4872
- C:\Windows\System\HgeUtzf.exe
  C:\Windows\System\HgeUtzf.exe
  2⤵
  PID:4828
- C:\Windows\System\bJHlEFN.exe
  C:\Windows\System\bJHlEFN.exe
  2⤵
  PID:2064
- C:\Windows\System\IGUUpIF.exe
  C:\Windows\System\IGUUpIF.exe
  2⤵
  PID:5104
- C:\Windows\System\JNuvQVC.exe
  C:\Windows\System\JNuvQVC.exe
  2⤵
  PID:5108
- C:\Windows\System\WzhFNhF.exe
  C:\Windows\System\WzhFNhF.exe
  2⤵
  PID:5144
- C:\Windows\System\gZqiWyb.exe
  C:\Windows\System\gZqiWyb.exe
  2⤵
  PID:5180
- C:\Windows\System\oRztxft.exe
  C:\Windows\System\oRztxft.exe
  2⤵
  PID:5172
- C:\Windows\System\lVloQfx.exe
  C:\Windows\System\lVloQfx.exe
  2⤵
  PID:5248
- C:\Windows\System\jCPwudj.exe
  C:\Windows\System\jCPwudj.exe
  2⤵
  PID:5316
- C:\Windows\System\bQKRDfh.exe
  C:\Windows\System\bQKRDfh.exe
  2⤵
  PID:5372
- C:\Windows\System\jemjiGy.exe
  C:\Windows\System\jemjiGy.exe
  2⤵
  PID:5392
- C:\Windows\System\UNaRZzV.exe
  C:\Windows\System\UNaRZzV.exe
  2⤵
  PID:5404
- C:\Windows\System\PrmiPUd.exe
  C:\Windows\System\PrmiPUd.exe
  2⤵
  PID:5456
- C:\Windows\System\zpQrFJC.exe
  C:\Windows\System\zpQrFJC.exe
  2⤵
  PID:5272
- C:\Windows\System\CWLrZix.exe
  C:\Windows\System\CWLrZix.exe
  2⤵
  PID:5496
- C:\Windows\System\xSamRpI.exe
  C:\Windows\System\xSamRpI.exe
  2⤵
  PID:1784
- C:\Windows\System\oCqhveU.exe
  C:\Windows\System\oCqhveU.exe
  2⤵
  PID:5472
- C:\Windows\System\rswQzxF.exe
  C:\Windows\System\rswQzxF.exe
  2⤵
  PID:5552
- C:\Windows\System\qPNuoPi.exe
  C:\Windows\System\qPNuoPi.exe
  2⤵
  PID:5568
- C:\Windows\System\tnRwqcb.exe
  C:\Windows\System\tnRwqcb.exe
  2⤵
  PID:5636
- C:\Windows\System\muFsTfn.exe
  C:\Windows\System\muFsTfn.exe
  2⤵
  PID:5668
- C:\Windows\System\xAttFwH.exe
  C:\Windows\System\xAttFwH.exe
  2⤵
  PID:5700
- C:\Windows\System\eYpjgZq.exe
  C:\Windows\System\eYpjgZq.exe
  2⤵
  PID:5740
- C:\Windows\System\DUtdmJx.exe
  C:\Windows\System\DUtdmJx.exe
  2⤵
  PID:5756
- C:\Windows\System\bmPhgxi.exe
  C:\Windows\System\bmPhgxi.exe
  2⤵
  PID:5780
- C:\Windows\System\DguLpsQ.exe
  C:\Windows\System\DguLpsQ.exe
  2⤵
  PID:5816
- C:\Windows\System\LPAeIcH.exe
  C:\Windows\System\LPAeIcH.exe
  2⤵
  PID:5840
- C:\Windows\System\ciZZdzu.exe
  C:\Windows\System\ciZZdzu.exe
  2⤵
  PID:5896
- C:\Windows\System\iGxEiqZ.exe
  C:\Windows\System\iGxEiqZ.exe
  2⤵
  PID:5928
- C:\Windows\System\kRCCDUy.exe
  C:\Windows\System\kRCCDUy.exe
  2⤵
  PID:5944
- C:\Windows\System\HWeiHOF.exe
  C:\Windows\System\HWeiHOF.exe
  2⤵
  PID:6004
- C:\Windows\System\XzoVfzc.exe
  C:\Windows\System\XzoVfzc.exe
  2⤵
  PID:6044
- C:\Windows\System\RUqLjwY.exe
  C:\Windows\System\RUqLjwY.exe
  2⤵
  PID:6096
- C:\Windows\System\BUmPcxK.exe
  C:\Windows\System\BUmPcxK.exe
  2⤵
  PID:6104
- C:\Windows\System\ZLZUIxi.exe
  C:\Windows\System\ZLZUIxi.exe
  2⤵
  PID:3316
- C:\Windows\System\pFdDWEZ.exe
  C:\Windows\System\pFdDWEZ.exe
  2⤵
  PID:4524
- C:\Windows\System\yvceJmx.exe
  C:\Windows\System\yvceJmx.exe
  2⤵
  PID:6116
- C:\Windows\System\xoJwWHn.exe
  C:\Windows\System\xoJwWHn.exe
  2⤵
  PID:5184
- C:\Windows\System\GVNXWaO.exe
  C:\Windows\System\GVNXWaO.exe
  2⤵
  PID:4656
- C:\Windows\System\gsyFJPF.exe
  C:\Windows\System\gsyFJPF.exe
  2⤵
  PID:5136
- C:\Windows\System\wZgUMcr.exe
  C:\Windows\System\wZgUMcr.exe
  2⤵
  PID:3928
- C:\Windows\System\RubMijW.exe
  C:\Windows\System\RubMijW.exe
  2⤵
  PID:5156
- C:\Windows\System\LHAnbpZ.exe
  C:\Windows\System\LHAnbpZ.exe
  2⤵
  PID:5284
- C:\Windows\System\JParzSu.exe
  C:\Windows\System\JParzSu.exe
  2⤵
  PID:5400
- C:\Windows\System\FlBJUjh.exe
  C:\Windows\System\FlBJUjh.exe
  2⤵
  PID:5196
- C:\Windows\System\xGNfYGy.exe
  C:\Windows\System\xGNfYGy.exe
  2⤵
  PID:5604
- C:\Windows\System\JVwCdIZ.exe
  C:\Windows\System\JVwCdIZ.exe
  2⤵
  PID:5640
- C:\Windows\System\OgLrMvA.exe
  C:\Windows\System\OgLrMvA.exe
  2⤵
  PID:5492
- C:\Windows\System\oMCCgtN.exe
  C:\Windows\System\oMCCgtN.exe
  2⤵
  PID:5660
- C:\Windows\System\YEumHCL.exe
  C:\Windows\System\YEumHCL.exe
  2⤵
  PID:5796
- C:\Windows\System\XVQXomk.exe
  C:\Windows\System\XVQXomk.exe
  2⤵
  PID:5892
- C:\Windows\System\IGdFbGG.exe
  C:\Windows\System\IGdFbGG.exe
  2⤵
  PID:5908
- C:\Windows\System\gMhhCMX.exe
  C:\Windows\System\gMhhCMX.exe
  2⤵
  PID:5964
- C:\Windows\System\hRaHucj.exe
  C:\Windows\System\hRaHucj.exe
  2⤵
  PID:6040
- C:\Windows\System\aEBBFAZ.exe
  C:\Windows\System\aEBBFAZ.exe
  2⤵
  PID:5972
- C:\Windows\System\fMTXOSl.exe
  C:\Windows\System\fMTXOSl.exe
  2⤵
  PID:5168
- C:\Windows\System\aEPqEuR.exe
  C:\Windows\System\aEPqEuR.exe
  2⤵
  PID:4736
- C:\Windows\System\ygkSPcW.exe
  C:\Windows\System\ygkSPcW.exe
  2⤵
  PID:6088
- C:\Windows\System\RljJtVW.exe
  C:\Windows\System\RljJtVW.exe
  2⤵
  PID:6132
- C:\Windows\System\xYDkNJI.exe
  C:\Windows\System\xYDkNJI.exe
  2⤵
  PID:5352
- C:\Windows\System\DOLqLps.exe
  C:\Windows\System\DOLqLps.exe
  2⤵
  PID:4836
- C:\Windows\System\yKtETbm.exe
  C:\Windows\System\yKtETbm.exe
  2⤵
  PID:5356
- C:\Windows\System\VoifIbT.exe
  C:\Windows\System\VoifIbT.exe
  2⤵
  PID:5564
- C:\Windows\System\hbuokgo.exe
  C:\Windows\System\hbuokgo.exe
  2⤵
  PID:5160
- C:\Windows\System\rldWXrY.exe
  C:\Windows\System\rldWXrY.exe
  2⤵
  PID:5596
- C:\Windows\System\VhkOhLk.exe
  C:\Windows\System\VhkOhLk.exe
  2⤵
  PID:5624
- C:\Windows\System\XDngpGm.exe
  C:\Windows\System\XDngpGm.exe
  2⤵
  PID:5960
- C:\Windows\System\RHdgCRu.exe
  C:\Windows\System\RHdgCRu.exe
  2⤵
  PID:5440
- C:\Windows\System\QcMpiyO.exe
  C:\Windows\System\QcMpiyO.exe
  2⤵
  PID:5832
- C:\Windows\System\JoAzcya.exe
  C:\Windows\System\JoAzcya.exe
  2⤵
  PID:5764
- C:\Windows\System\qPheLHt.exe
  C:\Windows\System\qPheLHt.exe
  2⤵
  PID:5416
- C:\Windows\System\QkpqOfc.exe
  C:\Windows\System\QkpqOfc.exe
  2⤵
  PID:6080
- C:\Windows\System\TiPACQY.exe
  C:\Windows\System\TiPACQY.exe
  2⤵
  PID:6156
- C:\Windows\System\TkGYTGW.exe
  C:\Windows\System\TkGYTGW.exe
  2⤵
  PID:6176
- C:\Windows\System\gsUrVgB.exe
  C:\Windows\System\gsUrVgB.exe
  2⤵
  PID:6196
- C:\Windows\System\BCSegjR.exe
  C:\Windows\System\BCSegjR.exe
  2⤵
  PID:6212
- C:\Windows\System\bXaUdFh.exe
  C:\Windows\System\bXaUdFh.exe
  2⤵
  PID:6228
- C:\Windows\System\BWvJuLx.exe
  C:\Windows\System\BWvJuLx.exe
  2⤵
  PID:6244
- C:\Windows\System\LfnWExH.exe
  C:\Windows\System\LfnWExH.exe
  2⤵
  PID:6264
- C:\Windows\System\oNZyxCy.exe
  C:\Windows\System\oNZyxCy.exe
  2⤵
  PID:6280
- C:\Windows\System\yIDyqPS.exe
  C:\Windows\System\yIDyqPS.exe
  2⤵
  PID:6296
- C:\Windows\System\grYvyXB.exe
  C:\Windows\System\grYvyXB.exe
  2⤵
  PID:6312
- C:\Windows\System\uoqlQlg.exe
  C:\Windows\System\uoqlQlg.exe
  2⤵
  PID:6328
- C:\Windows\System\heMRyqS.exe
  C:\Windows\System\heMRyqS.exe
  2⤵
  PID:6348
- C:\Windows\System\xvhREiv.exe
  C:\Windows\System\xvhREiv.exe
  2⤵
  PID:6368
- C:\Windows\System\jegIWkQ.exe
  C:\Windows\System\jegIWkQ.exe
  2⤵
  PID:6440
- C:\Windows\System\mtGPsUf.exe
  C:\Windows\System\mtGPsUf.exe
  2⤵
  PID:6456
- C:\Windows\System\BTFXfiT.exe
  C:\Windows\System\BTFXfiT.exe
  2⤵
  PID:6472
- C:\Windows\System\VRMsrbz.exe
  C:\Windows\System\VRMsrbz.exe
  2⤵
  PID:6492
- C:\Windows\System\LATNoCU.exe
  C:\Windows\System\LATNoCU.exe
  2⤵
  PID:6512
- C:\Windows\System\TRBZoPv.exe
  C:\Windows\System\TRBZoPv.exe
  2⤵
  PID:6532
- C:\Windows\System\rBDqZkb.exe
  C:\Windows\System\rBDqZkb.exe
  2⤵
  PID:6552
- C:\Windows\System\SVRqSgk.exe
  C:\Windows\System\SVRqSgk.exe
  2⤵
  PID:6572
- C:\Windows\System\zJLqrmJ.exe
  C:\Windows\System\zJLqrmJ.exe
  2⤵
  PID:6588
- C:\Windows\System\xrKkQGR.exe
  C:\Windows\System\xrKkQGR.exe
  2⤵
  PID:6604
- C:\Windows\System\CZXLpTA.exe
  C:\Windows\System\CZXLpTA.exe
  2⤵
  PID:6620
- C:\Windows\System\QwYSNIa.exe
  C:\Windows\System\QwYSNIa.exe
  2⤵
  PID:6636
- C:\Windows\System\fQjzbgy.exe
  C:\Windows\System\fQjzbgy.exe
  2⤵
  PID:6660
- C:\Windows\System\xRCHGNt.exe
  C:\Windows\System\xRCHGNt.exe
  2⤵
  PID:6684
- C:\Windows\System\KACvOCn.exe
  C:\Windows\System\KACvOCn.exe
  2⤵
  PID:6724
- C:\Windows\System\sHjVscr.exe
  C:\Windows\System\sHjVscr.exe
  2⤵
  PID:6760
- C:\Windows\System\piPysIe.exe
  C:\Windows\System\piPysIe.exe
  2⤵
  PID:6788
- C:\Windows\System\jbzPtbU.exe
  C:\Windows\System\jbzPtbU.exe
  2⤵
  PID:6804
- C:\Windows\System\dZRziaE.exe
  C:\Windows\System\dZRziaE.exe
  2⤵
  PID:6820
- C:\Windows\System\dqYzpIO.exe
  C:\Windows\System\dqYzpIO.exe
  2⤵
  PID:6836
- C:\Windows\System\vElzlYD.exe
  C:\Windows\System\vElzlYD.exe
  2⤵
  PID:6852
- C:\Windows\System\LoOZfEt.exe
  C:\Windows\System\LoOZfEt.exe
  2⤵
  PID:6868
- C:\Windows\System\YjVFbyS.exe
  C:\Windows\System\YjVFbyS.exe
  2⤵
  PID:6920
- C:\Windows\System\jiwEpXl.exe
  C:\Windows\System\jiwEpXl.exe
  2⤵
  PID:6936
- C:\Windows\System\YMKgiGD.exe
  C:\Windows\System\YMKgiGD.exe
  2⤵
  PID:6956
- C:\Windows\System\YIadwiq.exe
  C:\Windows\System\YIadwiq.exe
  2⤵
  PID:6976
- C:\Windows\System\CqLtZlE.exe
  C:\Windows\System\CqLtZlE.exe
  2⤵
  PID:6992
- C:\Windows\System\eJTxrRw.exe
  C:\Windows\System\eJTxrRw.exe
  2⤵
  PID:7008
- C:\Windows\System\hvCjbMV.exe
  C:\Windows\System\hvCjbMV.exe
  2⤵
  PID:7024
- C:\Windows\System\wTXJqBQ.exe
  C:\Windows\System\wTXJqBQ.exe
  2⤵
  PID:7044
- C:\Windows\System\ByeKaqf.exe
  C:\Windows\System\ByeKaqf.exe
  2⤵
  PID:7060
- C:\Windows\System\PRCMAwZ.exe
  C:\Windows\System\PRCMAwZ.exe
  2⤵
  PID:7076
- C:\Windows\System\ymMXTnm.exe
  C:\Windows\System\ymMXTnm.exe
  2⤵
  PID:7092
- C:\Windows\System\eBiUBws.exe
  C:\Windows\System\eBiUBws.exe
  2⤵
  PID:7108
- C:\Windows\System\nRisyen.exe
  C:\Windows\System\nRisyen.exe
  2⤵
  PID:7128
- C:\Windows\System\BJusueR.exe
  C:\Windows\System\BJusueR.exe
  2⤵
  PID:7148
- C:\Windows\System\MODwMyy.exe
  C:\Windows\System\MODwMyy.exe
  2⤵
  PID:7164
- C:\Windows\System\wuTaOgX.exe
  C:\Windows\System\wuTaOgX.exe
  2⤵
  PID:5300
- C:\Windows\System\XJdWBGe.exe
  C:\Windows\System\XJdWBGe.exe
  2⤵
  PID:6188
- C:\Windows\System\BcmnedX.exe
  C:\Windows\System\BcmnedX.exe
  2⤵
  PID:6256
- C:\Windows\System\TDTzFKo.exe
  C:\Windows\System\TDTzFKo.exe
  2⤵
  PID:6324
- C:\Windows\System\lvMpxKD.exe
  C:\Windows\System\lvMpxKD.exe
  2⤵
  PID:4444
- C:\Windows\System\IplkXFG.exe
  C:\Windows\System\IplkXFG.exe
  2⤵
  PID:6084
- C:\Windows\System\ZRSbxyS.exe
  C:\Windows\System\ZRSbxyS.exe
  2⤵
  PID:4620
- C:\Windows\System\XNBodnt.exe
  C:\Windows\System\XNBodnt.exe
  2⤵
  PID:5304
- C:\Windows\System\oehHlAk.exe
  C:\Windows\System\oehHlAk.exe
  2⤵
  PID:6452
- C:\Windows\System\sbbrFFI.exe
  C:\Windows\System\sbbrFFI.exe
  2⤵
  PID:6568
- C:\Windows\System\ubYPqNh.exe
  C:\Windows\System\ubYPqNh.exe
  2⤵
  PID:5420
- C:\Windows\System\AdpOCbB.exe
  C:\Windows\System\AdpOCbB.exe
  2⤵
  PID:6340
- C:\Windows\System\fMDtDZE.exe
  C:\Windows\System\fMDtDZE.exe
  2⤵
  PID:6420
- C:\Windows\System\zampCtz.exe
  C:\Windows\System\zampCtz.exe
  2⤵
  PID:6172
- C:\Windows\System\WXlSSJS.exe
  C:\Windows\System\WXlSSJS.exe
  2⤵
  PID:6240
- C:\Windows\System\WoTXliW.exe
  C:\Windows\System\WoTXliW.exe
  2⤵
  PID:6344
- C:\Windows\System\vzZNJTl.exe
  C:\Windows\System\vzZNJTl.exe
  2⤵
  PID:6424
- C:\Windows\System\naUhcDW.exe
  C:\Windows\System\naUhcDW.exe
  2⤵
  PID:6500
- C:\Windows\System\AfPnMjB.exe
  C:\Windows\System\AfPnMjB.exe
  2⤵
  PID:6580
- C:\Windows\System\hIVBGkZ.exe
  C:\Windows\System\hIVBGkZ.exe
  2⤵
  PID:6648
- C:\Windows\System\BosJhir.exe
  C:\Windows\System\BosJhir.exe
  2⤵
  PID:6484
- C:\Windows\System\IkGvEAw.exe
  C:\Windows\System\IkGvEAw.exe
  2⤵
  PID:6708
- C:\Windows\System\nscihLi.exe
  C:\Windows\System\nscihLi.exe
  2⤵
  PID:6712
- C:\Windows\System\qCZvDeg.exe
  C:\Windows\System\qCZvDeg.exe
  2⤵
  PID:6676
- C:\Windows\System\MuiaEDG.exe
  C:\Windows\System\MuiaEDG.exe
  2⤵
  PID:6740
- C:\Windows\System\rfySSHV.exe
  C:\Windows\System\rfySSHV.exe
  2⤵
  PID:6756
- C:\Windows\System\oviSHaC.exe
  C:\Windows\System\oviSHaC.exe
  2⤵
  PID:6812
- C:\Windows\System\OhKpUrf.exe
  C:\Windows\System\OhKpUrf.exe
  2⤵
  PID:2300
- C:\Windows\System\PVfrBFY.exe
  C:\Windows\System\PVfrBFY.exe
  2⤵
  PID:6896
- C:\Windows\System\oNrAyMl.exe
  C:\Windows\System\oNrAyMl.exe
  2⤵
  PID:4564
- C:\Windows\System\hWYdjBa.exe
  C:\Windows\System\hWYdjBa.exe
  2⤵
  PID:6932
- C:\Windows\System\msEnwbH.exe
  C:\Windows\System\msEnwbH.exe
  2⤵
  PID:6984
- C:\Windows\System\NhVQpjB.exe
  C:\Windows\System\NhVQpjB.exe
  2⤵
  PID:7000
- C:\Windows\System\sIckipV.exe
  C:\Windows\System\sIckipV.exe
  2⤵
  PID:7052
- C:\Windows\System\PtazAHG.exe
  C:\Windows\System\PtazAHG.exe
  2⤵
  PID:5268
- C:\Windows\System\hmblEsx.exe
  C:\Windows\System\hmblEsx.exe
  2⤵
  PID:7160
- C:\Windows\System\CADqtnd.exe
  C:\Windows\System\CADqtnd.exe
  2⤵
  PID:5736
- C:\Windows\System\hnCmddA.exe
  C:\Windows\System\hnCmddA.exe
  2⤵
  PID:7144
- C:\Windows\System\FORoQqg.exe
  C:\Windows\System\FORoQqg.exe
  2⤵
  PID:7100
- C:\Windows\System\RshrnsN.exe
  C:\Windows\System\RshrnsN.exe
  2⤵
  PID:6292
- C:\Windows\System\TtepUxW.exe
  C:\Windows\System\TtepUxW.exe
  2⤵
  PID:5212
- C:\Windows\System\aUKuGjD.exe
  C:\Windows\System\aUKuGjD.exe
  2⤵
  PID:6520
- C:\Windows\System\WqEFUAv.exe
  C:\Windows\System\WqEFUAv.exe
  2⤵
  PID:6252
- C:\Windows\System\bmPXCMC.exe
  C:\Windows\System\bmPXCMC.exe
  2⤵
  PID:5516
- C:\Windows\System\AkOUKRE.exe
  C:\Windows\System\AkOUKRE.exe
  2⤵
  PID:6612
- C:\Windows\System\dtpLWaK.exe
  C:\Windows\System\dtpLWaK.exe
  2⤵
  PID:6448
- C:\Windows\System\hVQBDgX.exe
  C:\Windows\System\hVQBDgX.exe
  2⤵
  PID:4320
- C:\Windows\System\wiNSKLL.exe
  C:\Windows\System\wiNSKLL.exe
  2⤵
  PID:6408
- C:\Windows\System\ZGSEvOO.exe
  C:\Windows\System\ZGSEvOO.exe
  2⤵
  PID:4404
- C:\Windows\System\emPVWyP.exe
  C:\Windows\System\emPVWyP.exe
  2⤵
  PID:6416
- C:\Windows\System\OYHCDho.exe
  C:\Windows\System\OYHCDho.exe
  2⤵
  PID:6544
- C:\Windows\System\SKCjRNG.exe
  C:\Windows\System\SKCjRNG.exe
  2⤵
  PID:6716
- C:\Windows\System\MzJkcBu.exe
  C:\Windows\System\MzJkcBu.exe
  2⤵
  PID:6680
- C:\Windows\System\uBBkNQP.exe
  C:\Windows\System\uBBkNQP.exe
  2⤵
  PID:6784
- C:\Windows\System\yTXjXxo.exe
  C:\Windows\System\yTXjXxo.exe
  2⤵
  PID:6860
- C:\Windows\System\mVMaOEO.exe
  C:\Windows\System\mVMaOEO.exe
  2⤵
  PID:6876
- C:\Windows\System\nKFyUJN.exe
  C:\Windows\System\nKFyUJN.exe
  2⤵
  PID:6892
- C:\Windows\System\HwBRceF.exe
  C:\Windows\System\HwBRceF.exe
  2⤵
  PID:7088
- C:\Windows\System\mmYAdxB.exe
  C:\Windows\System\mmYAdxB.exe
  2⤵
  PID:7016
- C:\Windows\System\QEphIKl.exe
  C:\Windows\System\QEphIKl.exe
  2⤵
  PID:5716
- C:\Windows\System\fesnQGz.exe
  C:\Windows\System\fesnQGz.exe
  2⤵
  PID:6964
- C:\Windows\System\MZmXzro.exe
  C:\Windows\System\MZmXzro.exe
  2⤵
  PID:6148
- C:\Windows\System\qbjcgiW.exe
  C:\Windows\System\qbjcgiW.exe
  2⤵
  PID:5488
- C:\Windows\System\VfubcxI.exe
  C:\Windows\System\VfubcxI.exe
  2⤵
  PID:6360
- C:\Windows\System\RJGyznB.exe
  C:\Windows\System\RJGyznB.exe
  2⤵
  PID:6404
- C:\Windows\System\XfVhGrY.exe
  C:\Windows\System\XfVhGrY.exe
  2⤵
  PID:6336
- C:\Windows\System\EBaSLDs.exe
  C:\Windows\System\EBaSLDs.exe
  2⤵
  PID:6464
- C:\Windows\System\aRtZTiv.exe
  C:\Windows\System\aRtZTiv.exe
  2⤵
  PID:6384
- C:\Windows\System\oeoEUKq.exe
  C:\Windows\System\oeoEUKq.exe
  2⤵
  PID:6508
- C:\Windows\System\buSlwsb.exe
  C:\Windows\System\buSlwsb.exe
  2⤵
  PID:6468
- C:\Windows\System\VeLqwRl.exe
  C:\Windows\System\VeLqwRl.exe
  2⤵
  PID:6796
- C:\Windows\System\qAgGqYS.exe
  C:\Windows\System\qAgGqYS.exe
  2⤵
  PID:6948
- C:\Windows\System\jnfUJhY.exe
  C:\Windows\System\jnfUJhY.exe
  2⤵
  PID:7124
- C:\Windows\System\UohBTwC.exe
  C:\Windows\System\UohBTwC.exe
  2⤵
  PID:7072
- C:\Windows\System\oLdlIZn.exe
  C:\Windows\System\oLdlIZn.exe
  2⤵
  PID:5476
- C:\Windows\System\VIFYArm.exe
  C:\Windows\System\VIFYArm.exe
  2⤵
  PID:5876
- C:\Windows\System\sKigJIi.exe
  C:\Windows\System\sKigJIi.exe
  2⤵
  PID:6164
- C:\Windows\System\hAlsJVF.exe
  C:\Windows\System\hAlsJVF.exe
  2⤵
  PID:6628
- C:\Windows\System\rXCvGLZ.exe
  C:\Windows\System\rXCvGLZ.exe
  2⤵
  PID:6224
- C:\Windows\System\uTpMFkR.exe
  C:\Windows\System\uTpMFkR.exe
  2⤵
  PID:6560
- C:\Windows\System\BtBCNdn.exe
  C:\Windows\System\BtBCNdn.exe
  2⤵
  PID:6904
- C:\Windows\System\UjyKjOb.exe
  C:\Windows\System\UjyKjOb.exe
  2⤵
  PID:6632
- C:\Windows\System\JmByOgv.exe
  C:\Windows\System\JmByOgv.exe
  2⤵
  PID:7140
- C:\Windows\System\jYjIiBi.exe
  C:\Windows\System\jYjIiBi.exe
  2⤵
  PID:6844
- C:\Windows\System\yVKJBkj.exe
  C:\Windows\System\yVKJBkj.exe
  2⤵
  PID:7184
- C:\Windows\System\oCgYlIo.exe
  C:\Windows\System\oCgYlIo.exe
  2⤵
  PID:7200
- C:\Windows\System\ipsBkuK.exe
  C:\Windows\System\ipsBkuK.exe
  2⤵
  PID:7216
- C:\Windows\System\bkzXKCS.exe
  C:\Windows\System\bkzXKCS.exe
  2⤵
  PID:7232
- C:\Windows\System\NuWmIAe.exe
  C:\Windows\System\NuWmIAe.exe
  2⤵
  PID:7252
- C:\Windows\System\bNHYztq.exe
  C:\Windows\System\bNHYztq.exe
  2⤵
  PID:7268
- C:\Windows\System\fAJMZcs.exe
  C:\Windows\System\fAJMZcs.exe
  2⤵
  PID:7284
- C:\Windows\System\MPzFlun.exe
  C:\Windows\System\MPzFlun.exe
  2⤵
  PID:7300
- C:\Windows\System\XWOdxzU.exe
  C:\Windows\System\XWOdxzU.exe
  2⤵
  PID:7320
- C:\Windows\System\THxbvEO.exe
  C:\Windows\System\THxbvEO.exe
  2⤵
  PID:7376
- C:\Windows\System\UJHhPal.exe
  C:\Windows\System\UJHhPal.exe
  2⤵
  PID:7396
- C:\Windows\System\KXGXvxV.exe
  C:\Windows\System\KXGXvxV.exe
  2⤵
  PID:7416
- C:\Windows\System\VrIlyCD.exe
  C:\Windows\System\VrIlyCD.exe
  2⤵
  PID:7432
- C:\Windows\System\vGdRitg.exe
  C:\Windows\System\vGdRitg.exe
  2⤵
  PID:7448
- C:\Windows\System\AwoaYbo.exe
  C:\Windows\System\AwoaYbo.exe
  2⤵
  PID:7464
- C:\Windows\System\hxCGshy.exe
  C:\Windows\System\hxCGshy.exe
  2⤵
  PID:7480
- C:\Windows\System\YJFdHKj.exe
  C:\Windows\System\YJFdHKj.exe
  2⤵
  PID:7496
- C:\Windows\System\YwQtQsO.exe
  C:\Windows\System\YwQtQsO.exe
  2⤵
  PID:7512
- C:\Windows\System\NKJAeho.exe
  C:\Windows\System\NKJAeho.exe
  2⤵
  PID:7532
- C:\Windows\System\IvNDiyr.exe
  C:\Windows\System\IvNDiyr.exe
  2⤵
  PID:7548
- C:\Windows\System\jzlVyAt.exe
  C:\Windows\System\jzlVyAt.exe
  2⤵
  PID:7564
- C:\Windows\System\rCtDrAM.exe
  C:\Windows\System\rCtDrAM.exe
  2⤵
  PID:7580
- C:\Windows\System\MOxZHpj.exe
  C:\Windows\System\MOxZHpj.exe
  2⤵
  PID:7596
- C:\Windows\System\HYLykUj.exe
  C:\Windows\System\HYLykUj.exe
  2⤵
  PID:7616
- C:\Windows\System\eRStxNI.exe
  C:\Windows\System\eRStxNI.exe
  2⤵
  PID:7632
- C:\Windows\System\yFWinJY.exe
  C:\Windows\System\yFWinJY.exe
  2⤵
  PID:7648
- C:\Windows\System\bhLRxfI.exe
  C:\Windows\System\bhLRxfI.exe
  2⤵
  PID:7684
- C:\Windows\System\qHRLeAN.exe
  C:\Windows\System\qHRLeAN.exe
  2⤵
  PID:7764
- C:\Windows\System\CSCjfYo.exe
  C:\Windows\System\CSCjfYo.exe
  2⤵
  PID:7804
- C:\Windows\System\ZxsECly.exe
  C:\Windows\System\ZxsECly.exe
  2⤵
  PID:7824
- C:\Windows\System\JFcGoYa.exe
  C:\Windows\System\JFcGoYa.exe
  2⤵
  PID:7840
- C:\Windows\System\JTgRzEi.exe
  C:\Windows\System\JTgRzEi.exe
  2⤵
  PID:7860
- C:\Windows\System\AeBtfbR.exe
  C:\Windows\System\AeBtfbR.exe
  2⤵
  PID:7876
- C:\Windows\System\HPjYLpp.exe
  C:\Windows\System\HPjYLpp.exe
  2⤵
  PID:7896
- C:\Windows\System\zrGjGgR.exe
  C:\Windows\System\zrGjGgR.exe
  2⤵
  PID:7916
- C:\Windows\System\MnOoiRC.exe
  C:\Windows\System\MnOoiRC.exe
  2⤵
  PID:7936
- C:\Windows\System\pbdtSsA.exe
  C:\Windows\System\pbdtSsA.exe
  2⤵
  PID:7952
- C:\Windows\System\FzYrfRw.exe
  C:\Windows\System\FzYrfRw.exe
  2⤵
  PID:7968
- C:\Windows\System\pWfUzzd.exe
  C:\Windows\System\pWfUzzd.exe
  2⤵
  PID:7984
- C:\Windows\System\JgaKFRd.exe
  C:\Windows\System\JgaKFRd.exe
  2⤵
  PID:8016
- C:\Windows\System\TKgudlw.exe
  C:\Windows\System\TKgudlw.exe
  2⤵
  PID:8040
- C:\Windows\System\ptfeTlV.exe
  C:\Windows\System\ptfeTlV.exe
  2⤵
  PID:8056
- C:\Windows\System\iKIbyxc.exe
  C:\Windows\System\iKIbyxc.exe
  2⤵
  PID:8072
- C:\Windows\System\rovLeGu.exe
  C:\Windows\System\rovLeGu.exe
  2⤵
  PID:8088
- C:\Windows\System\Iatcouw.exe
  C:\Windows\System\Iatcouw.exe
  2⤵
  PID:8104
- C:\Windows\System\JvBAfHg.exe
  C:\Windows\System\JvBAfHg.exe
  2⤵
  PID:8120
- C:\Windows\System\XmPoWTF.exe
  C:\Windows\System\XmPoWTF.exe
  2⤵
  PID:8144
- C:\Windows\System\yJZuGgv.exe
  C:\Windows\System\yJZuGgv.exe
  2⤵
  PID:8160
- C:\Windows\System\gcMfxEk.exe
  C:\Windows\System\gcMfxEk.exe
  2⤵
  PID:8176
- C:\Windows\System\uzfXEEG.exe
  C:\Windows\System\uzfXEEG.exe
  2⤵
  PID:6972
- C:\Windows\System\HwfcSTy.exe
  C:\Windows\System\HwfcSTy.exe
  2⤵
  PID:5584
- C:\Windows\System\ALoVmjK.exe
  C:\Windows\System\ALoVmjK.exe
  2⤵
  PID:5860
- C:\Windows\System\MVvcNqQ.exe
  C:\Windows\System\MVvcNqQ.exe
  2⤵
  PID:6736
- C:\Windows\System\jKFKyPa.exe
  C:\Windows\System\jKFKyPa.exe
  2⤵
  PID:7248
- C:\Windows\System\aqwvLTs.exe
  C:\Windows\System\aqwvLTs.exe
  2⤵
  PID:7388
- C:\Windows\System\pZxtCOX.exe
  C:\Windows\System\pZxtCOX.exe
  2⤵
  PID:6644
- C:\Windows\System\STjUSMf.exe
  C:\Windows\System\STjUSMf.exe
  2⤵
  PID:7520
- C:\Windows\System\ACkMNuu.exe
  C:\Windows\System\ACkMNuu.exe
  2⤵
  PID:7592
- C:\Windows\System\VwTHOkF.exe
  C:\Windows\System\VwTHOkF.exe
  2⤵
  PID:7664
- C:\Windows\System\aKNsYPL.exe
  C:\Windows\System\aKNsYPL.exe
  2⤵
  PID:7628
- C:\Windows\System\IDlWFrt.exe
  C:\Windows\System\IDlWFrt.exe
  2⤵
  PID:7192
- C:\Windows\System\WlLXLGS.exe
  C:\Windows\System\WlLXLGS.exe
  2⤵
  PID:7260
- C:\Windows\System\edoOyCZ.exe
  C:\Windows\System\edoOyCZ.exe
  2⤵
  PID:7328
- C:\Windows\System\jdPdDuA.exe
  C:\Windows\System\jdPdDuA.exe
  2⤵
  PID:7348
- C:\Windows\System\YVFGrhG.exe
  C:\Windows\System\YVFGrhG.exe
  2⤵
  PID:7408
- C:\Windows\System\NATCoqY.exe
  C:\Windows\System\NATCoqY.exe
  2⤵
  PID:7544
- C:\Windows\System\nIanEiI.exe
  C:\Windows\System\nIanEiI.exe
  2⤵
  PID:7644
- C:\Windows\System\BeqYMBM.exe
  C:\Windows\System\BeqYMBM.exe
  2⤵
  PID:7700
- C:\Windows\System\LowcYBn.exe
  C:\Windows\System\LowcYBn.exe
  2⤵
  PID:7772
- C:\Windows\System\NFIqHKY.exe
  C:\Windows\System\NFIqHKY.exe
  2⤵
  PID:7736
- C:\Windows\System\mwknwrd.exe
  C:\Windows\System\mwknwrd.exe
  2⤵
  PID:7752
- C:\Windows\System\slznSMA.exe
  C:\Windows\System\slznSMA.exe
  2⤵
  PID:7776
- C:\Windows\System\AmqPnHj.exe
  C:\Windows\System\AmqPnHj.exe
  2⤵
  PID:7856
- C:\Windows\System\OhBqKqF.exe
  C:\Windows\System\OhBqKqF.exe
  2⤵
  PID:7924
- C:\Windows\System\QeKXrHq.exe
  C:\Windows\System\QeKXrHq.exe
  2⤵
  PID:7996
- C:\Windows\System\WqyfcBK.exe
  C:\Windows\System\WqyfcBK.exe
  2⤵
  PID:7908
- C:\Windows\System\HeaUbQT.exe
  C:\Windows\System\HeaUbQT.exe
  2⤵
  PID:8048
- C:\Windows\System\IZoJftE.exe
  C:\Windows\System\IZoJftE.exe
  2⤵
  PID:8024
- C:\Windows\System\VvkxSGw.exe
  C:\Windows\System\VvkxSGw.exe
  2⤵
  PID:7948
- C:\Windows\System\TCcGFBN.exe
  C:\Windows\System\TCcGFBN.exe
  2⤵
  PID:8152
- C:\Windows\System\eRNNDrN.exe
  C:\Windows\System\eRNNDrN.exe
  2⤵
  PID:6928
- C:\Windows\System\XISJQlw.exe
  C:\Windows\System\XISJQlw.exe
  2⤵
  PID:7244
- C:\Windows\System\mPdPkfp.exe
  C:\Windows\System\mPdPkfp.exe
  2⤵
  PID:8128
- C:\Windows\System\mNRwLyd.exe
  C:\Windows\System\mNRwLyd.exe
  2⤵
  PID:8172
- C:\Windows\System\lCvcQjo.exe
  C:\Windows\System\lCvcQjo.exe
  2⤵
  PID:7020
- C:\Windows\System\DRjjrxq.exe
  C:\Windows\System\DRjjrxq.exe
  2⤵
  PID:7316
- C:\Windows\System\GkkCkQG.exe
  C:\Windows\System\GkkCkQG.exe
  2⤵
  PID:6400
- C:\Windows\System\CnmAjTS.exe
  C:\Windows\System\CnmAjTS.exe
  2⤵
  PID:6036
- C:\Windows\System\oGfrOeX.exe
  C:\Windows\System\oGfrOeX.exe
  2⤵
  PID:7560
- C:\Windows\System\XEwfvRI.exe
  C:\Windows\System\XEwfvRI.exe
  2⤵
  PID:7440
- C:\Windows\System\jnVIgCn.exe
  C:\Windows\System\jnVIgCn.exe
  2⤵
  PID:6864
- C:\Windows\System\soHcvif.exe
  C:\Windows\System\soHcvif.exe
  2⤵
  PID:7692
- C:\Windows\System\sspQfRP.exe
  C:\Windows\System\sspQfRP.exe
  2⤵
  PID:7732
- C:\Windows\System\rrdaqsl.exe
  C:\Windows\System\rrdaqsl.exe
  2⤵
  PID:7488
- C:\Windows\System\sxymTJX.exe
  C:\Windows\System\sxymTJX.exe
  2⤵
  PID:7372
- C:\Windows\System\WlKiCHW.exe
  C:\Windows\System\WlKiCHW.exe
  2⤵
  PID:7892
- C:\Windows\System\bQPtgKw.exe
  C:\Windows\System\bQPtgKw.exe
  2⤵
  PID:7964
- C:\Windows\System\HZKMzje.exe
  C:\Windows\System\HZKMzje.exe
  2⤵
  PID:7748
- C:\Windows\System\vBQRdfL.exe
  C:\Windows\System\vBQRdfL.exe
  2⤵
  PID:7816
- C:\Windows\System\yAuYoZx.exe
  C:\Windows\System\yAuYoZx.exe
  2⤵
  PID:7832
- C:\Windows\System\RtdXIHD.exe
  C:\Windows\System\RtdXIHD.exe
  2⤵
  PID:7944
- C:\Windows\System\UwWARfB.exe
  C:\Windows\System\UwWARfB.exe
  2⤵
  PID:8188
- C:\Windows\System\UyPZTMU.exe
  C:\Windows\System\UyPZTMU.exe
  2⤵
  PID:7240
- C:\Windows\System\keJKDDH.exe
  C:\Windows\System\keJKDDH.exe
  2⤵
  PID:7588
- C:\Windows\System\QVwCfud.exe
  C:\Windows\System\QVwCfud.exe
  2⤵
  PID:7228
- C:\Windows\System\mIClJes.exe
  C:\Windows\System\mIClJes.exe
  2⤵
  PID:8168
- C:\Windows\System\XvkxMQL.exe
  C:\Windows\System\XvkxMQL.exe
  2⤵
  PID:6912
- C:\Windows\System\RRpLChr.exe
  C:\Windows\System\RRpLChr.exe
  2⤵
  PID:6888
- C:\Windows\System\xseZRQt.exe
  C:\Windows\System\xseZRQt.exe
  2⤵
  PID:7472
- C:\Windows\System\ZZspTjZ.exe
  C:\Windows\System\ZZspTjZ.exe
  2⤵
  PID:7296
- C:\Windows\System\WaJoQMR.exe
  C:\Windows\System\WaJoQMR.exe
  2⤵
  PID:7640
- C:\Windows\System\FnltNbo.exe
  C:\Windows\System\FnltNbo.exe
  2⤵
  PID:7992
- C:\Windows\System\AWqHAjF.exe
  C:\Windows\System\AWqHAjF.exe
  2⤵
  PID:1572
- C:\Windows\System\awqxRKN.exe
  C:\Windows\System\awqxRKN.exe
  2⤵
  PID:7872
- C:\Windows\System\UgOohhD.exe
  C:\Windows\System\UgOohhD.exe
  2⤵
  PID:7116
- C:\Windows\System\TGhBkDZ.exe
  C:\Windows\System\TGhBkDZ.exe
  2⤵
  PID:6304
- C:\Windows\System\PRfCina.exe
  C:\Windows\System\PRfCina.exe
  2⤵
  PID:7608
- C:\Windows\System\PvlpUeq.exe
  C:\Windows\System\PvlpUeq.exe
  2⤵
  PID:7344
- C:\Windows\System\AZfiRzB.exe
  C:\Windows\System\AZfiRzB.exe
  2⤵
  PID:7424
- C:\Windows\System\GPDQNli.exe
  C:\Windows\System\GPDQNli.exe
  2⤵
  PID:7724
- C:\Windows\System\DPFwsrj.exe
  C:\Windows\System\DPFwsrj.exe
  2⤵
  PID:8012
- C:\Windows\System\fXhpQRy.exe
  C:\Windows\System\fXhpQRy.exe
  2⤵
  PID:7476
- C:\Windows\System\CaztyVv.exe
  C:\Windows\System\CaztyVv.exe
  2⤵
  PID:8064
- C:\Windows\System\xBpeQsZ.exe
  C:\Windows\System\xBpeQsZ.exe
  2⤵
  PID:7224
- C:\Windows\System\mgfRhMV.exe
  C:\Windows\System\mgfRhMV.exe
  2⤵
  PID:7360
- C:\Windows\System\fejtnUS.exe
  C:\Windows\System\fejtnUS.exe
  2⤵
  PID:7712
- C:\Windows\System\TzITohx.exe
  C:\Windows\System\TzITohx.exe
  2⤵
  PID:8084
- C:\Windows\System\CAjpUyM.exe
  C:\Windows\System\CAjpUyM.exe
  2⤵
  PID:4436
- C:\Windows\System\yFBXjCU.exe
  C:\Windows\System\yFBXjCU.exe
  2⤵
  PID:8008
- C:\Windows\System\txLNBxr.exe
  C:\Windows\System\txLNBxr.exe
  2⤵
  PID:8132
- C:\Windows\System\WlcLLZf.exe
  C:\Windows\System\WlcLLZf.exe
  2⤵
  PID:7292
- C:\Windows\System\GrSunpd.exe
  C:\Windows\System\GrSunpd.exe
  2⤵
  PID:7716
- C:\Windows\System\IPVNlJx.exe
  C:\Windows\System\IPVNlJx.exe
  2⤵
  PID:7172
- C:\Windows\System\BPvVYGD.exe
  C:\Windows\System\BPvVYGD.exe
  2⤵
  PID:7660
- C:\Windows\System\uHxHxcF.exe
  C:\Windows\System\uHxHxcF.exe
  2⤵
  PID:7820
- C:\Windows\System\yiGAMmi.exe
  C:\Windows\System\yiGAMmi.exe
  2⤵
  PID:7780
- C:\Windows\System\oJrpHhN.exe
  C:\Windows\System\oJrpHhN.exe
  2⤵
  PID:7176
- C:\Windows\System\JqmSblI.exe
  C:\Windows\System\JqmSblI.exe
  2⤵
  PID:7796
- C:\Windows\System\XkzZAMA.exe
  C:\Windows\System\XkzZAMA.exe
  2⤵
  PID:8080
- C:\Windows\System\SBCjzaL.exe
  C:\Windows\System\SBCjzaL.exe
  2⤵
  PID:8208
- C:\Windows\System\vDjmAmY.exe
  C:\Windows\System\vDjmAmY.exe
  2⤵
  PID:8232
- C:\Windows\System\kxXkcxi.exe
  C:\Windows\System\kxXkcxi.exe
  2⤵
  PID:8260
- C:\Windows\System\uJNNTyg.exe
  C:\Windows\System\uJNNTyg.exe
  2⤵
  PID:8280
- C:\Windows\System\LcpJemY.exe
  C:\Windows\System\LcpJemY.exe
  2⤵
  PID:8296
- C:\Windows\System\QkJWhJq.exe
  C:\Windows\System\QkJWhJq.exe
  2⤵
  PID:8324
- C:\Windows\System\OBZmnIw.exe
  C:\Windows\System\OBZmnIw.exe
  2⤵
  PID:8344
- C:\Windows\System\FinNHRP.exe
  C:\Windows\System\FinNHRP.exe
  2⤵
  PID:8360
- C:\Windows\System\twDGKDd.exe
  C:\Windows\System\twDGKDd.exe
  2⤵
  PID:8376
- C:\Windows\System\JTkGCxI.exe
  C:\Windows\System\JTkGCxI.exe
  2⤵
  PID:8400
- C:\Windows\System\pKMywSm.exe
  C:\Windows\System\pKMywSm.exe
  2⤵
  PID:8420
- C:\Windows\System\IbUULBc.exe
  C:\Windows\System\IbUULBc.exe
  2⤵
  PID:8436
- C:\Windows\System\KsAZpGN.exe
  C:\Windows\System\KsAZpGN.exe
  2⤵
  PID:8460
- C:\Windows\System\RPJWaCZ.exe
  C:\Windows\System\RPJWaCZ.exe
  2⤵
  PID:8476
- C:\Windows\System\MXroYiM.exe
  C:\Windows\System\MXroYiM.exe
  2⤵
  PID:8500
- C:\Windows\System\Bejyicn.exe
  C:\Windows\System\Bejyicn.exe
  2⤵
  PID:8520
- C:\Windows\System\GBOVjKY.exe
  C:\Windows\System\GBOVjKY.exe
  2⤵
  PID:8544
- C:\Windows\System\lfPEriT.exe
  C:\Windows\System\lfPEriT.exe
  2⤵
  PID:8564
- C:\Windows\System\jeciiHm.exe
  C:\Windows\System\jeciiHm.exe
  2⤵
  PID:8580
- C:\Windows\System\PpFzoXz.exe
  C:\Windows\System\PpFzoXz.exe
  2⤵
  PID:8600
- C:\Windows\System\eBnZlls.exe
  C:\Windows\System\eBnZlls.exe
  2⤵
  PID:8616
- C:\Windows\System\Htqzzqu.exe
  C:\Windows\System\Htqzzqu.exe
  2⤵
  PID:8632
- C:\Windows\System\zqXBBDf.exe
  C:\Windows\System\zqXBBDf.exe
  2⤵
  PID:8648
- C:\Windows\System\pkmXJOr.exe
  C:\Windows\System\pkmXJOr.exe
  2⤵
  PID:8668
- C:\Windows\System\DWfoptv.exe
  C:\Windows\System\DWfoptv.exe
  2⤵
  PID:8696
- C:\Windows\System\qeAXedM.exe
  C:\Windows\System\qeAXedM.exe
  2⤵
  PID:8712
- C:\Windows\System\JebrQeO.exe
  C:\Windows\System\JebrQeO.exe
  2⤵
  PID:8728
- C:\Windows\System\LNojexS.exe
  C:\Windows\System\LNojexS.exe
  2⤵
  PID:8752
- C:\Windows\System\tFIUcJC.exe
  C:\Windows\System\tFIUcJC.exe
  2⤵
  PID:8788
- C:\Windows\System\RNebspc.exe
  C:\Windows\System\RNebspc.exe
  2⤵
  PID:8808
- C:\Windows\System\HLppKkT.exe
  C:\Windows\System\HLppKkT.exe
  2⤵
  PID:8824
- C:\Windows\System\zaXCGaL.exe
  C:\Windows\System\zaXCGaL.exe
  2⤵
  PID:8848
- C:\Windows\System\DCxMAlr.exe
  C:\Windows\System\DCxMAlr.exe
  2⤵
  PID:8864
- C:\Windows\System\dzrQCiC.exe
  C:\Windows\System\dzrQCiC.exe
  2⤵
  PID:8884
- C:\Windows\System\MJDJIbn.exe
  C:\Windows\System\MJDJIbn.exe
  2⤵
  PID:8912
- C:\Windows\System\peYIjbk.exe
  C:\Windows\System\peYIjbk.exe
  2⤵
  PID:8928
- C:\Windows\System\SyUjbRG.exe
  C:\Windows\System\SyUjbRG.exe
  2⤵
  PID:8944
- C:\Windows\System\scVcSwC.exe
  C:\Windows\System\scVcSwC.exe
  2⤵
  PID:8960
- C:\Windows\System\NcWUFNk.exe
  C:\Windows\System\NcWUFNk.exe
  2⤵
  PID:8976
- C:\Windows\System\ruUjHjW.exe
  C:\Windows\System\ruUjHjW.exe
  2⤵
  PID:8996
- C:\Windows\System\yILxYVX.exe
  C:\Windows\System\yILxYVX.exe
  2⤵
  PID:9012
- C:\Windows\System\AvCnKLp.exe
  C:\Windows\System\AvCnKLp.exe
  2⤵
  PID:9028
- C:\Windows\System\eAQjjoM.exe
  C:\Windows\System\eAQjjoM.exe
  2⤵
  PID:9044
- C:\Windows\System\ankmdQZ.exe
  C:\Windows\System\ankmdQZ.exe
  2⤵
  PID:9060
- C:\Windows\System\aOtunQC.exe
  C:\Windows\System\aOtunQC.exe
  2⤵
  PID:9088
- C:\Windows\System\tMoZUzz.exe
  C:\Windows\System\tMoZUzz.exe
  2⤵
  PID:9136
- C:\Windows\System\ToWWsVW.exe
  C:\Windows\System\ToWWsVW.exe
  2⤵
  PID:9156
- C:\Windows\System\WHaSjNp.exe
  C:\Windows\System\WHaSjNp.exe
  2⤵
  PID:9172
- C:\Windows\System\CzPUXTS.exe
  C:\Windows\System\CzPUXTS.exe
  2⤵
  PID:9188
- C:\Windows\System\WiIyNFm.exe
  C:\Windows\System\WiIyNFm.exe
  2⤵
  PID:9204
- C:\Windows\System\CfyTjnc.exe
  C:\Windows\System\CfyTjnc.exe
  2⤵
  PID:8200
- C:\Windows\System\oZqMkDt.exe
  C:\Windows\System\oZqMkDt.exe
  2⤵
  PID:8216
- C:\Windows\System\PpNvBuk.exe
  C:\Windows\System\PpNvBuk.exe
  2⤵
  PID:8252
- C:\Windows\System\IwedNut.exe
  C:\Windows\System\IwedNut.exe
  2⤵
  PID:8268
- C:\Windows\System\JGYQgud.exe
  C:\Windows\System\JGYQgud.exe
  2⤵
  PID:8316
- C:\Windows\System\fDJlXPD.exe
  C:\Windows\System\fDJlXPD.exe
  2⤵
  PID:8352
- C:\Windows\System\oIQMReQ.exe
  C:\Windows\System\oIQMReQ.exe
  2⤵
  PID:8356
- C:\Windows\System\HYiltps.exe
  C:\Windows\System\HYiltps.exe
  2⤵
  PID:8456
- C:\Windows\System\kSCcBWH.exe
  C:\Windows\System\kSCcBWH.exe
  2⤵
  PID:8492
- C:\Windows\System\tnXexTl.exe
  C:\Windows\System\tnXexTl.exe
  2⤵
  PID:8432
- C:\Windows\System\uwUIhkG.exe
  C:\Windows\System\uwUIhkG.exe
  2⤵
  PID:8536
- C:\Windows\System\ZgFgJdC.exe
  C:\Windows\System\ZgFgJdC.exe
  2⤵
  PID:8572
- C:\Windows\System\QHEiWqH.exe
  C:\Windows\System\QHEiWqH.exe
  2⤵
  PID:8556
- C:\Windows\System\HfgAoMW.exe
  C:\Windows\System\HfgAoMW.exe
  2⤵
  PID:8596
- C:\Windows\System\ybkggNq.exe
  C:\Windows\System\ybkggNq.exe
  2⤵
  PID:8692
- C:\Windows\System\ahjPNoO.exe
  C:\Windows\System\ahjPNoO.exe
  2⤵
  PID:8656
- C:\Windows\System\drYdRkk.exe
  C:\Windows\System\drYdRkk.exe
  2⤵
  PID:8704
- C:\Windows\System\vbqRpzi.exe
  C:\Windows\System\vbqRpzi.exe
  2⤵
  PID:8768
- C:\Windows\System\lgOGumh.exe
  C:\Windows\System\lgOGumh.exe
  2⤵
  PID:8780
- C:\Windows\System\qsCDmha.exe
  C:\Windows\System\qsCDmha.exe
  2⤵
  PID:8800
- C:\Windows\System\iZhfAIs.exe
  C:\Windows\System\iZhfAIs.exe
  2⤵
  PID:8820
- C:\Windows\System\nzhdaer.exe
  C:\Windows\System\nzhdaer.exe
  2⤵
  PID:8844
- C:\Windows\System\EGlhfCt.exe
  C:\Windows\System\EGlhfCt.exe
  2⤵
  PID:8900
- C:\Windows\System\cdRKFnd.exe
  C:\Windows\System\cdRKFnd.exe
  2⤵
  PID:8936
- C:\Windows\System\ptxjRaG.exe
  C:\Windows\System\ptxjRaG.exe
  2⤵
  PID:9036
- C:\Windows\System\TtpmQLy.exe
  C:\Windows\System\TtpmQLy.exe
  2⤵
  PID:9072
- C:\Windows\System\lOpgQBO.exe
  C:\Windows\System\lOpgQBO.exe
  2⤵
  PID:9096
- C:\Windows\System\fDcVzue.exe
  C:\Windows\System\fDcVzue.exe
  2⤵
  PID:9104
- C:\Windows\System\iqfFoBn.exe
  C:\Windows\System\iqfFoBn.exe
  2⤵
  PID:9124
- C:\Windows\System\BfLeMSQ.exe
  C:\Windows\System\BfLeMSQ.exe
  2⤵
  PID:9148
- C:\Windows\System\otCYgbp.exe
  C:\Windows\System\otCYgbp.exe
  2⤵
  PID:8240
- C:\Windows\System\kkYmrrU.exe
  C:\Windows\System\kkYmrrU.exe
  2⤵
  PID:9184
- C:\Windows\System\xaTFGBk.exe
  C:\Windows\System\xaTFGBk.exe
  2⤵
  PID:8228
- C:\Windows\System\GphxfPr.exe
  C:\Windows\System\GphxfPr.exe
  2⤵
  PID:8304
- C:\Windows\System\EaEjTPT.exe
  C:\Windows\System\EaEjTPT.exe
  2⤵
  PID:8408
- C:\Windows\System\DSNBkRC.exe
  C:\Windows\System\DSNBkRC.exe
  2⤵
  PID:8484
- C:\Windows\System\kTlOClm.exe
  C:\Windows\System\kTlOClm.exe
  2⤵
  PID:8388
- C:\Windows\System\lxyGRoP.exe
  C:\Windows\System\lxyGRoP.exe
  2⤵
  PID:8644
- C:\Windows\System\pzxUooA.exe
  C:\Windows\System\pzxUooA.exe
  2⤵
  PID:8368
- C:\Windows\System\KjKytnq.exe
  C:\Windows\System\KjKytnq.exe
  2⤵
  PID:8516
- C:\Windows\System\xmgJzwl.exe
  C:\Windows\System\xmgJzwl.exe
  2⤵
  PID:8628
- C:\Windows\System\nQuZrVf.exe
  C:\Windows\System\nQuZrVf.exe
  2⤵
  PID:8776
- C:\Windows\System\dKiNOTG.exe
  C:\Windows\System\dKiNOTG.exe
  2⤵
  PID:8892
- C:\Windows\System\OUYNvNT.exe
  C:\Windows\System\OUYNvNT.exe
  2⤵
  PID:8860
- C:\Windows\System\MOOyMvY.exe
  C:\Windows\System\MOOyMvY.exe
  2⤵
  PID:8972
- C:\Windows\System\cPZdRAF.exe
  C:\Windows\System\cPZdRAF.exe
  2⤵
  PID:9068
- C:\Windows\System\NCddAXW.exe
  C:\Windows\System\NCddAXW.exe
  2⤵
  PID:9128
- C:\Windows\System\yojWDwF.exe
  C:\Windows\System\yojWDwF.exe
  2⤵
  PID:9112
- C:\Windows\System\kmcAqWi.exe
  C:\Windows\System\kmcAqWi.exe
  2⤵
  PID:9152
- C:\Windows\System\cOwchvm.exe
  C:\Windows\System\cOwchvm.exe
  2⤵
  PID:9168
- C:\Windows\System\KDygWvh.exe
  C:\Windows\System\KDygWvh.exe
  2⤵
  PID:8220
- C:\Windows\System\sJNNWbh.exe
  C:\Windows\System\sJNNWbh.exe
  2⤵
  PID:8680
- C:\Windows\System\JUjsfCh.exe
  C:\Windows\System\JUjsfCh.exe
  2⤵
  PID:9132
- C:\Windows\System\rdeYWgu.exe
  C:\Windows\System\rdeYWgu.exe
  2⤵
  PID:8880
- C:\Windows\System\hZaSrRs.exe
  C:\Windows\System\hZaSrRs.exe
  2⤵
  PID:8336
- C:\Windows\System\AesjvPZ.exe
  C:\Windows\System\AesjvPZ.exe
  2⤵
  PID:8836
- C:\Windows\System\nIOsOGr.exe
  C:\Windows\System\nIOsOGr.exe
  2⤵
  PID:8748
- C:\Windows\System\RlxbULH.exe
  C:\Windows\System\RlxbULH.exe
  2⤵
  PID:8764
- C:\Windows\System\oIxLajg.exe
  C:\Windows\System\oIxLajg.exe
  2⤵
  PID:8940
- C:\Windows\System\bTgbvgl.exe
  C:\Windows\System\bTgbvgl.exe
  2⤵
  PID:9040
- C:\Windows\System\OVhsjbg.exe
  C:\Windows\System\OVhsjbg.exe
  2⤵
  PID:9084
- C:\Windows\System\DQvSTph.exe
  C:\Windows\System\DQvSTph.exe
  2⤵
  PID:9108
- C:\Windows\System\qhpOwjd.exe
  C:\Windows\System\qhpOwjd.exe
  2⤵
  PID:8676
- C:\Windows\System\ktpiRJv.exe
  C:\Windows\System\ktpiRJv.exe
  2⤵
  PID:8816
- C:\Windows\System\DnUHLde.exe
  C:\Windows\System\DnUHLde.exe
  2⤵
  PID:8896
- C:\Windows\System\xDQZSdg.exe
  C:\Windows\System\xDQZSdg.exe
  2⤵
  PID:8448
- C:\Windows\System\hDPMBOx.exe
  C:\Windows\System\hDPMBOx.exe
  2⤵
  PID:7784
- C:\Windows\System\WLQnZDV.exe
  C:\Windows\System\WLQnZDV.exe
  2⤵
  PID:8540
- C:\Windows\System\GfmbhQq.exe
  C:\Windows\System\GfmbhQq.exe
  2⤵
  PID:8272
- C:\Windows\System\KnlODJY.exe
  C:\Windows\System\KnlODJY.exe
  2⤵
  PID:8292
- C:\Windows\System\iBCbVBL.exe
  C:\Windows\System\iBCbVBL.exe
  2⤵
  PID:8908
- C:\Windows\System\EvinOhc.exe
  C:\Windows\System\EvinOhc.exe
  2⤵
  PID:8872
- C:\Windows\System\QPwxKyY.exe
  C:\Windows\System\QPwxKyY.exe
  2⤵
  PID:9180
- C:\Windows\System\hxmXTLP.exe
  C:\Windows\System\hxmXTLP.exe
  2⤵
  PID:8248
- C:\Windows\System\IQVKDlK.exe
  C:\Windows\System\IQVKDlK.exe
  2⤵
  PID:8740
- C:\Windows\System\ufccJin.exe
  C:\Windows\System\ufccJin.exe
  2⤵
  PID:1320
- C:\Windows\System\ALrbLEs.exe
  C:\Windows\System\ALrbLEs.exe
  2⤵
  PID:9052
- C:\Windows\System\ykXPlUu.exe
  C:\Windows\System\ykXPlUu.exe
  2⤵
  PID:9232
- C:\Windows\System\mRTiXGt.exe
  C:\Windows\System\mRTiXGt.exe
  2⤵
  PID:9260
- C:\Windows\System\WRCGXqx.exe
  C:\Windows\System\WRCGXqx.exe
  2⤵
  PID:9276
- C:\Windows\System\JbdFGzI.exe
  C:\Windows\System\JbdFGzI.exe
  2⤵
  PID:9292
- C:\Windows\System\kwxuCDo.exe
  C:\Windows\System\kwxuCDo.exe
  2⤵
  PID:9312
- C:\Windows\System\FWdurJr.exe
  C:\Windows\System\FWdurJr.exe
  2⤵
  PID:9332
- C:\Windows\System\ortEpOZ.exe
  C:\Windows\System\ortEpOZ.exe
  2⤵
  PID:9348
- C:\Windows\System\JFDdbeP.exe
  C:\Windows\System\JFDdbeP.exe
  2⤵
  PID:9364
- C:\Windows\System\LFCgoXj.exe
  C:\Windows\System\LFCgoXj.exe
  2⤵
  PID:9380
- C:\Windows\System\jftwnDH.exe
  C:\Windows\System\jftwnDH.exe
  2⤵
  PID:9400
- C:\Windows\System\cpolzZE.exe
  C:\Windows\System\cpolzZE.exe
  2⤵
  PID:9416
- C:\Windows\System\PhIvWFj.exe
  C:\Windows\System\PhIvWFj.exe
  2⤵
  PID:9432
- C:\Windows\System\ZXAgLyK.exe
  C:\Windows\System\ZXAgLyK.exe
  2⤵
  PID:9456
- C:\Windows\System\GSVODnI.exe
  C:\Windows\System\GSVODnI.exe
  2⤵
  PID:9476
- C:\Windows\System\VaRhLtS.exe
  C:\Windows\System\VaRhLtS.exe
  2⤵
  PID:9500
- C:\Windows\System\jgtvSqF.exe
  C:\Windows\System\jgtvSqF.exe
  2⤵
  PID:9516
- C:\Windows\System\PGTdbIr.exe
  C:\Windows\System\PGTdbIr.exe
  2⤵
  PID:9532
- C:\Windows\System\mUfLoqY.exe
  C:\Windows\System\mUfLoqY.exe
  2⤵
  PID:9588
- C:\Windows\System\JqoDYnH.exe
  C:\Windows\System\JqoDYnH.exe
  2⤵
  PID:9608
- C:\Windows\System\hdwCeXG.exe
  C:\Windows\System\hdwCeXG.exe
  2⤵
  PID:9624
- C:\Windows\System\dZyXZRt.exe
  C:\Windows\System\dZyXZRt.exe
  2⤵
  PID:9640
- C:\Windows\System\nVjIqwL.exe
  C:\Windows\System\nVjIqwL.exe
  2⤵
  PID:9656
- C:\Windows\System\kHOgnRW.exe
  C:\Windows\System\kHOgnRW.exe
  2⤵
  PID:9672
- C:\Windows\System\MLvAEkd.exe
  C:\Windows\System\MLvAEkd.exe
  2⤵
  PID:9692
- C:\Windows\System\QQeFNGl.exe
  C:\Windows\System\QQeFNGl.exe
  2⤵
  PID:9712
- C:\Windows\System\fDIRcgt.exe
  C:\Windows\System\fDIRcgt.exe
  2⤵
  PID:9728
- C:\Windows\System\sbAwUEo.exe
  C:\Windows\System\sbAwUEo.exe
  2⤵
  PID:9744
- C:\Windows\System\OoTtqZd.exe
  C:\Windows\System\OoTtqZd.exe
  2⤵
  PID:9768
- C:\Windows\System\izmEZKz.exe
  C:\Windows\System\izmEZKz.exe
  2⤵
  PID:9784
- C:\Windows\System\mhzBYIj.exe
  C:\Windows\System\mhzBYIj.exe
  2⤵
  PID:9804
- C:\Windows\System\iSsTFrh.exe
  C:\Windows\System\iSsTFrh.exe
  2⤵
  PID:9828
- C:\Windows\System\usQzkdh.exe
  C:\Windows\System\usQzkdh.exe
  2⤵
  PID:9868
- C:\Windows\System\gtricKz.exe
  C:\Windows\System\gtricKz.exe
  2⤵
  PID:9884
- C:\Windows\System\MJvbqqk.exe
  C:\Windows\System\MJvbqqk.exe
  2⤵
  PID:9900
- C:\Windows\System\ijGDslI.exe
  C:\Windows\System\ijGDslI.exe
  2⤵
  PID:9916
- C:\Windows\System\rQVVXJa.exe
  C:\Windows\System\rQVVXJa.exe
  2⤵
  PID:9936
- C:\Windows\System\IlCdtBP.exe
  C:\Windows\System\IlCdtBP.exe
  2⤵
  PID:9952
- C:\Windows\System\ferblsp.exe
  C:\Windows\System\ferblsp.exe
  2⤵
  PID:9968
- C:\Windows\System\MaerfLc.exe
  C:\Windows\System\MaerfLc.exe
  2⤵
  PID:9992
- C:\Windows\System\gPpAzRZ.exe
  C:\Windows\System\gPpAzRZ.exe
  2⤵
  PID:10008
- C:\Windows\System\qaidlhT.exe
  C:\Windows\System\qaidlhT.exe
  2⤵
  PID:10024
- C:\Windows\System\YTDHDbQ.exe
  C:\Windows\System\YTDHDbQ.exe
  2⤵
  PID:10040
- C:\Windows\System\BnJZjGq.exe
  C:\Windows\System\BnJZjGq.exe
  2⤵
  PID:10080
- C:\Windows\System\KJbzhQn.exe
  C:\Windows\System\KJbzhQn.exe
  2⤵
  PID:10108
- C:\Windows\System\syQkUoh.exe
  C:\Windows\System\syQkUoh.exe
  2⤵
  PID:10124
- C:\Windows\System\rLtGhdu.exe
  C:\Windows\System\rLtGhdu.exe
  2⤵
  PID:10144
- C:\Windows\System\RjVNIcD.exe
  C:\Windows\System\RjVNIcD.exe
  2⤵
  PID:10164
- C:\Windows\System\BBxjoTy.exe
  C:\Windows\System\BBxjoTy.exe
  2⤵
  PID:10180
- C:\Windows\System\Sgtkcku.exe
  C:\Windows\System\Sgtkcku.exe
  2⤵
  PID:10200
- C:\Windows\System\CDVBalM.exe
  C:\Windows\System\CDVBalM.exe
  2⤵
  PID:10224
- C:\Windows\System\AfBYShO.exe
  C:\Windows\System\AfBYShO.exe
  2⤵
  PID:9224
- C:\Windows\System\ecRuTfF.exe
  C:\Windows\System\ecRuTfF.exe
  2⤵
  PID:9244
- C:\Windows\System\roAEymG.exe
  C:\Windows\System\roAEymG.exe
  2⤵
  PID:9288
- C:\Windows\System\KPoQbJo.exe
  C:\Windows\System\KPoQbJo.exe
  2⤵
  PID:9392
- C:\Windows\System\cGoXzuR.exe
  C:\Windows\System\cGoXzuR.exe
  2⤵
  PID:9464
- C:\Windows\System\HYxAtEa.exe
  C:\Windows\System\HYxAtEa.exe
  2⤵
  PID:9300
- C:\Windows\System\rYoOLbS.exe
  C:\Windows\System\rYoOLbS.exe
  2⤵
  PID:9444
- C:\Windows\System\MBinLOx.exe
  C:\Windows\System\MBinLOx.exe
  2⤵
  PID:9492
- C:\Windows\System\THpUjsK.exe
  C:\Windows\System\THpUjsK.exe
  2⤵
  PID:9452
- C:\Windows\System\jupFrRC.exe
  C:\Windows\System\jupFrRC.exe
  2⤵
  PID:9544
- C:\Windows\System\YomkPlh.exe
  C:\Windows\System\YomkPlh.exe
  2⤵
  PID:9560
- C:\Windows\System\pVuLFmA.exe
  C:\Windows\System\pVuLFmA.exe
  2⤵
  PID:9576
- C:\Windows\System\zhBpzkC.exe
  C:\Windows\System\zhBpzkC.exe
  2⤵
  PID:9600
- C:\Windows\System\LDvBDko.exe
  C:\Windows\System\LDvBDko.exe
  2⤵
  PID:9664
- C:\Windows\System\PriTRvT.exe
  C:\Windows\System\PriTRvT.exe
  2⤵
  PID:9652
- C:\Windows\System\SjvYtsO.exe
  C:\Windows\System\SjvYtsO.exe
  2⤵
  PID:9796
- C:\Windows\System\NTtQQbS.exe
  C:\Windows\System\NTtQQbS.exe
  2⤵
  PID:9800
- C:\Windows\System\iJNzLWI.exe
  C:\Windows\System\iJNzLWI.exe
  2⤵
  PID:9820
- C:\Windows\System\WFJnFsp.exe
  C:\Windows\System\WFJnFsp.exe
  2⤵
  PID:9856
- C:\Windows\System\PlkEkAC.exe
  C:\Windows\System\PlkEkAC.exe
  2⤵
  PID:9780
- C:\Windows\System\GldadJj.exe
  C:\Windows\System\GldadJj.exe
  2⤵
  PID:9864
- C:\Windows\System\JMGAgWt.exe
  C:\Windows\System\JMGAgWt.exe
  2⤵
  PID:9924
- C:\Windows\System\dRKuPgU.exe
  C:\Windows\System\dRKuPgU.exe
  2⤵
  PID:9944
- C:\Windows\System\KcKvYRV.exe
  C:\Windows\System\KcKvYRV.exe
  2⤵
  PID:9976
- C:\Windows\System\HjDHWuc.exe
  C:\Windows\System\HjDHWuc.exe
  2⤵
  PID:9964
- C:\Windows\System\rvDFLZK.exe
  C:\Windows\System\rvDFLZK.exe
  2⤵
  PID:10036
- C:\Windows\System\EYfodMy.exe
  C:\Windows\System\EYfodMy.exe
  2⤵
  PID:10088
- C:\Windows\System\ZMQPpZe.exe
  C:\Windows\System\ZMQPpZe.exe
  2⤵
  PID:10104
- C:\Windows\System\bmfmZZl.exe
  C:\Windows\System\bmfmZZl.exe
  2⤵
  PID:10172
- C:\Windows\System\dKbWyNW.exe
  C:\Windows\System\dKbWyNW.exe
  2⤵
  PID:10208
- C:\Windows\System\IKJTiGy.exe
  C:\Windows\System\IKJTiGy.exe
  2⤵
  PID:10160
- C:\Windows\System\lUOSmnW.exe
  C:\Windows\System\lUOSmnW.exe
  2⤵
  PID:8472
- C:\Windows\System\sCDjsLO.exe
  C:\Windows\System\sCDjsLO.exe
  2⤵
  PID:10232
- C:\Windows\System\XlVuTwC.exe
  C:\Windows\System\XlVuTwC.exe
  2⤵
  PID:9328
- C:\Windows\System\VgQZksT.exe
  C:\Windows\System\VgQZksT.exe
  2⤵
  PID:9472
- C:\Windows\System\FeKTGtk.exe
  C:\Windows\System\FeKTGtk.exe
  2⤵
  PID:9428
- C:\Windows\System\sIoXVWJ.exe
  C:\Windows\System\sIoXVWJ.exe
  2⤵
  PID:9440
- C:\Windows\System\VYHbYhv.exe
  C:\Windows\System\VYHbYhv.exe
  2⤵
  PID:9412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BFplGeW.exe

Filesize
6.0MB

MD5
0dae780a4e67ced169877a972c51b9c4

SHA1
c90d030c60dce22bdb9ff14854895ad9a64c7e44

SHA256
321475240623ba3a2ddb065031490babf435b97df1f2940232be886d3f720c47

SHA512
f2f8ebd0ae835089fd45eab6c50ba625e15eef45777b46dab09285fe6b9451769dffb96ad8812f53633e3faf74604395603997048e3f86580dc8949853053716

Download Submit
C:\Windows\system\BWUHyPa.exe

Filesize
6.0MB

MD5
28313cd3624987aec108cc549d135592

SHA1
b10d087e39b545d6b433ca67a89dad768f1b9947

SHA256
906d2c2a290fde6d0034cbc414d5c8be2c44f76f58dc3ae510592d1943f0aa01

SHA512
e37cf2b9a2017e21576874eaf4bb3af3e84ca3d38ff0e36f34d32e41ceab77217b9d5682bd9fdb7b382d2b9549fa04000f0dda5be92d93176e480461911ea309

Download Submit
C:\Windows\system\CmBwUID.exe

Filesize
6.0MB

MD5
754337ceef5026e1a9c456d2636884bb

SHA1
78ae3e8d88e6c6301f37ab458ef2cb78211aa3fc

SHA256
4e344bf9e848b3cf448c64783b5f9a5f328646465f1c38456919a12342c1f6d6

SHA512
e36c0049ce6b85719169337d4e3eb80d52261a23d2c9db1b0ac4ab4a893d9253c683f8a7175da588e352ec9d3804a5c1062b4c4ad553f0335a6a2d1bade8e7b4

Download Submit
C:\Windows\system\DTeyylI.exe

Filesize
6.0MB

MD5
a97bd6608eddf9975c1c17922218fe58

SHA1
056f52a995faeff5e6bd2202820294f9b27961c4

SHA256
417da7a4658b8589d434d13f0926ea0ca0cb05232a0629b9dcd6dd9ae7549e9d

SHA512
14011e4db23a009543fc6f61dbca00a56d3bf0086ae93b5c9bf34f812f2f9d148706bdc1db0970bd901d7e00c007bef495ee479b09306d20e9cf9cca58e536d7

Download Submit
C:\Windows\system\DzOYRwt.exe

Filesize
6.0MB

MD5
fc36549923087c61a3c48f016d91b057

SHA1
fc20cd9bac3ad4e9ee5b6febcc7ee22b85259575

SHA256
f529711fea57bc413480c426eee8befa9cf7fc41602db714ad8fa86619c34eee

SHA512
7b436ef93ae64d04c00ba3b4095f123c5cc02fc78d09b80352605a91f22edc583e6e636f5ea03ce2d05ccc0f55c535da1875a70134e66b0f4f437b46400e1dca

Download Submit
C:\Windows\system\JFxREmm.exe

Filesize
6.0MB

MD5
76f8b0713edc0e39a72272f1839a5f05

SHA1
662d3a32a245c1e437dca06d89da9b86a4dc6bcf

SHA256
f3a9f33659ffaf25c91acb7f0d4b43d41b03f0373453ca8b45568d8b20251566

SHA512
5e4dd481b99f3b8a246738ca6a9d7de6bad9f940a9e3a8449459ac27166439a50362907adc0653cce6c1546c6d18e6a23770b62b001badaef7cf1a234db93652

Download Submit
C:\Windows\system\JgoRqrl.exe

Filesize
6.0MB

MD5
3f32339e1ba5f3a5816b302524984977

SHA1
80a44baa90dd5637e09d89ecfd8d4ef9f51a507e

SHA256
ea6f786cfbd732fc51f1e178ec299356ad46b5fc94a9312a9bcfacf9ed0e714c

SHA512
36ff1acfe05aadaebb44cd81eab8ff27848b256b2a668258a5e9d2ebd7e6479b0695bf7cf82b57f2063308fbbd12ef922357918899cd4c0622a4c9ec5304dcf2

Download Submit
C:\Windows\system\MXCFYmd.exe

Filesize
6.0MB

MD5
8dedb1185ec0b667b5761a5e4b6ecdf8

SHA1
c490ee52b096701d3448e08f69861fa7e8eb993b

SHA256
0b10402ee74ca10728a20a135306f87bfd00bb69c2b9395ae59c8d3d1b5dfa78

SHA512
32d2f228f1d229fe5aa2d6e544a99dab2713236509b3bc1ac7e7873415f79f8512e30c154aaf05fcda194552637da0390502f0dd437014f3fc22ad4a75ad7a09

Download Submit
C:\Windows\system\OXskdVV.exe

Filesize
6.0MB

MD5
4db1c00cc51aca584591285c0f7b433a

SHA1
e8576723cf25daa4792dcd77a5f3519f38dd12a8

SHA256
cd2eb8438072a9b5951d503d7ffd8e5e84a2b3f8d939b6cf4e9a53f73278d4f9

SHA512
bc5e9fce5521e9b4a685068378de87acd0bf35c87f7d2a7bcd13c9a0dd84004f8f85466fa76b9910d47330e4382c3619729d611c9dcf3d3b40dc9998b83872b7

Download Submit
C:\Windows\system\TKYpzdr.exe

Filesize
6.0MB

MD5
398d77ebb31a1b599100c2d3d11b146f

SHA1
f7deb7667bcc77a536b7785596307f7f7c56ea34

SHA256
7b5bb492ea6fdcbd2c2513b30bb9a2b024518383b6907429b8c20492fc622296

SHA512
f68c632bccb9d7974d33b8d56336924e9e5839e29b382f3bee9384150902d09446e36bbefb5f568bdd709c9fd38bdab2448cba21f9353746e0f0c1c41403f400

Download Submit
C:\Windows\system\WeMcdhX.exe

Filesize
6.0MB

MD5
0e8b3aa20ded0ccd9a8a6c57bcae3ee7

SHA1
fcc99c3c6497f2398cb834e36082367ca6831b0a

SHA256
f4070b040972717227e29e10abea3dc2346dbe6dee29fc8d3c093b5a24c94a14

SHA512
bb826008e005ff7ea4dcbc77229e59426c0436b0e8934368c141e647a02abf6062d244b65d32a469adba349451014060e290426080d470b6a8cc66aa50f445ac

Download Submit
C:\Windows\system\ZlVLizX.exe

Filesize
6.0MB

MD5
80aa8dd4835ec7e9e838facca1510441

SHA1
3efc3556fb4fa750036f997804ddc9d55c7647ac

SHA256
a1432141c172ef08ad3741c2170c5ab0e04a6686068a1cccfc35605abcf7083e

SHA512
929285f02fd6e44231830943aaa24640b37445eb29085d94129c4ed6f0342d46f0c9f4530e17bec287f550d961af3a0ba41825751540499868b0ec7320906518

Download Submit
C:\Windows\system\aTDokBF.exe

Filesize
6.0MB

MD5
029014a33508d281994f22a9a7727bfc

SHA1
3f5f7a606a741660c2556970b95777ee3bbba0c6

SHA256
553f693e2e246bb8ca6a44f5b769dab092b0c20a51da91a045b9fafca04f1ee2

SHA512
72662a19d44fb1321b705e409cac40502520cfe3c0c102ed1d17d75c9f8b94e0da9c2ff945e67c8cfd5983d225e64e9dc957c20136d849d405f296e1ff9d03bf

Download Submit
C:\Windows\system\arzfJgG.exe

Filesize
6.0MB

MD5
80a23f8ca539780994d9bd088b866283

SHA1
58ae5fd8b8dbaff793e80aaa4c49049bc6bdc1d3

SHA256
4c514d05d8f9942e9c29776efdda736a6f854ea57f639fd5ea87586d8415f3db

SHA512
7f7c4a2bbd099a58e55e01dad714baf9efb21e5d0bc2d03837c09df99aa6498943905443779b6edfa03fe9ee8a20a8fa5695e7390374e3cdd6f168971dd78c7a

Download Submit
C:\Windows\system\bOluXgA.exe

Filesize
6.0MB

MD5
abcb81c29c8efdabb4f969bc34878cef

SHA1
ba482a8aa1357492199769073262c9c021d0a47e

SHA256
581032c9d1bc8a1cd58b64fe1755b0f849f955b611f35140504b75dfda0475b5

SHA512
ee7d41fd02a209e24705fa67d4d8b19ad39054770dbdef9ebb67efa660013ed2c7b9eb53fdd2dfd8ce8bd285484558b32a4847a5d2d5b21256ba8654e0083767

Download Submit
C:\Windows\system\cLLXQhO.exe

Filesize
6.0MB

MD5
01a4dda63107f43dd1113a3fb937d1e9

SHA1
ce0a06c405b4c9cfb8753fe7e82d88930c09ee49

SHA256
e4fa2069b014be0d0e77f0d0d52c8841bf703806d73d87ce703afc98890dca98

SHA512
63cfd4df805652db64ac7b26334959e95fc04ca2f611e6c5f42bffd7842c0901c0dff7032a79d209376c20a1e6688e50847132c8938fbafdb4b31c4e9cb19ae5

Download Submit
C:\Windows\system\drdMUtb.exe

Filesize
6.0MB

MD5
0021b14aa90ce426f493ba4c0d9e6638

SHA1
0c7fb800f3416087ee1c61849fcfd461e7781320

SHA256
fd813ae182ac64047fef08464662b5bdaf7c7fde5755acbea4b6cb1ad44dd7fb

SHA512
cdd88c05d6b7a25276e8ea1de6493441084b603aa103c0aa313ac3acf8b1ee92486d2e822791c294a7db1996180555324a4e50fb58a58d52b4e7ff4e4ff25856

Download Submit
C:\Windows\system\icTVpOD.exe

Filesize
6.0MB

MD5
0cfd2837cac912c151d8ad3735ec4447

SHA1
99246f32ff837bec5d37a509bff7201f81453109

SHA256
ace33c93903e01d5da086137e110f4b9960f5a69f7c232c7897a07f13bf3c110

SHA512
306469376de53d98952186597fc3b998c1e659c2e4761d715999345d9d8245875c5d6c3210d7108dcdc7010b564b1261aeb08036cfa4b1f008404d88195eebe9

Download Submit
C:\Windows\system\jwjnycd.exe

Filesize
6.0MB

MD5
691fe3a10d63f07372587ea0b80aa428

SHA1
13f9448c51a7a0e010c31f5071b28d4fb8a4f926

SHA256
bc4562bc1915755ea75d65ffc8660761ed86248f19046b2bf00120d55535b539

SHA512
ab31353fa4fc976431ec79d20646ce3cf775e569276f08a3aa1284af75b189f99dbc94f0b9245c0e7d93f30bedd9f536562cf307094ecf31689e229ecd9955a4

Download Submit
C:\Windows\system\mSSsQmg.exe

Filesize
6.0MB

MD5
6deb1c79bf72bd86ccfd1c125580a834

SHA1
09105957fc5e791c342f5b3c70db697931fee965

SHA256
7c3382e47dad484b672d0b9f01de58fedb7b2d21dec08f6142efd2f29e6c15fc

SHA512
de177f86164ea89e97b1fabf812b964e9eea19f18734d136ce6e419ec891d4aa4a26d851d809aa897df15926836dc89acc952b4724b25bb50b48daa75471ec89

Download Submit
C:\Windows\system\pIllJCQ.exe

Filesize
6.0MB

MD5
8ce8b298fb4228fe8c0329294bb3acc6

SHA1
897ca2b0023444bf6eb430e570cd38d4fb96328e

SHA256
93df6bd8b6712863977752aebe9bdfb2a5994c7ed855090667fff2a7c0c23053

SHA512
100134c0f2fbb9be963eadc73318eeeee1bbde03c7ea409822761eac4095a9b6d1059c29507cf5777c05ea04165785f8766777adecfff83a5c225fa339e3f828

Download Submit
C:\Windows\system\rbHjtLm.exe

Filesize
6.0MB

MD5
d11836c8171ee0e0f23c30387ce625f9

SHA1
0f002b59f297d8a62b185e55718e0f1132e2da5d

SHA256
ed7688b64d881a2910e3f256392dc87234af004b6d6a4dfe293a6100fba7218f

SHA512
a9cdf98ef34bf588d6d272a2bec5f99d7a86ab18aeb783e270ee091e72a59acf249f9468a4802df5763bc371fa1993baaeb6ef5256840ce51efe3cac84dfdf31

Download Submit
C:\Windows\system\vCwxqDM.exe

Filesize
8B

MD5
0e2f112759ace4dc2318b56e106c368a

SHA1
d11cacad615d3989e684fd093f05620ad28d9421

SHA256
cc5e7ac355e449615582009b5d0f076e53530d843c17eb48880569ae6a08a27c

SHA512
ba1c3525391686e8333aaae9eaed655da2973438501764f5adbdd8c71065d824a7a76da37cc8f91bb4aba3687c50ffd7e3041b3c6737139bf48f6719a66d0dea

Download Submit
C:\Windows\system\vDbAxgo.exe

Filesize
6.0MB

MD5
ebd4049d861318638aea2fbf5af8ee8c

SHA1
28b8ff15bc477c9808b27388bbb702473659b70b

SHA256
5862d77d470efed3322e56ed37db49953b82a3c127132743b72c44538fb84585

SHA512
ff52225fe78e1879c0be069b9a6b1dd3d4a5f9273eeea428eb19b1be86e93140eb0547e14715449ac483ab3c79c8006a4daec28becf5520e5de7e50e1cdb5bd2

Download Submit
C:\Windows\system\yEcHTDr.exe

Filesize
6.0MB

MD5
a52c4eeb8682a3356a4f1b38c3766832

SHA1
4433a7654c3d179c1db942bc977c352622e0c1e1

SHA256
4c3322fc549c006adb9da2f284d16f78eb8055e095110055979644d8642244b3

SHA512
e904667d57a04781c0cce3a08bb9c128088911fe6a0eae2a6b263e0ff7874f4cf317ff52b9f39f30068a30d5d43599a1c76e092fdf75614e9a782ebed0bbdf8e

Download Submit
C:\Windows\system\zHecoja.exe

Filesize
6.0MB

MD5
ddb6a4d7bb88d60ffc8952cd27ac679a

SHA1
396cbf3892d7f9b7ad1278f90113258e8218248c

SHA256
75dcd6e1b732c38ce1fe1cf20f23c422cc4436e763e3f35b5a5ed503c365570d

SHA512
c4c0b3f53c96ac47fb2712d3f37afae1ee8726b0ed2959af4173ce73657700ce8daf6e6511c16fd6e15b5e057bb603068e2f4831f83d0212d98846b588a8c28f

Download Submit
C:\Windows\system\zfKWgwm.exe

Filesize
6.0MB

MD5
1e1d71391e75310dcec761017e9b5acf

SHA1
f2e9dc7284c242c258c661fcd32e7820447c8713

SHA256
5866c6c4fe9fa20f4277a3e64bbf0777939d7844b85aa44ff5a70826a9888d3a

SHA512
89744e282eaeb8a840e585b45e551c147495fe059957c3c0c8d146fda6d1440f2589eb22adb839b6fa28a723e14f01731fc41e7cb959918ecb66f54d0685fe99

Download Submit
\Windows\system\JGUHZek.exe

Filesize
6.0MB

MD5
b2bfcf5b20a26364c02dc3b81a5e22be

SHA1
90864256516d85dcff4276502d98870ac1f062b4

SHA256
c10149b45f135d1f335e133ffe54632dbd3dd8667218473f0bc8ee547d9bb4b1

SHA512
5b1ed48afda8a827a4ae72587e6fd2394de119eabfa3ea5b8332640bfe595602e1e66bb074c27ace483484a283e0c0c3ab3a26f4e3c460358ba40799d6db99ed

Download Submit
\Windows\system\PrXPlWw.exe

Filesize
6.0MB

MD5
703324a242271166374c694846e2e3f0

SHA1
d0e715adef4d2d670577a72f3cc7698fbaed3efd

SHA256
6f4b723132e4837314e67e2cebeab321f8fd88e5c228bcd876db884e50f8b6ab

SHA512
6f1c4b002eac107adcfc093024a9adb3f42bdf0b7e5fc9c121f2842f74621350e5e85c415b93045f0ead4447c879343adb85aa7e7c0e07935fae8220285e7b1f

Download Submit
\Windows\system\WMmpnhA.exe

Filesize
6.0MB

MD5
007b234b67cf0ee79fe7170fe8f91d50

SHA1
b2b78c4e01df3f0e0452313aa7d4f8cf3483ae1e

SHA256
4df38e18dc9c43b56daf2ef7aea9875695c5719d59e9b05676500e19084f7170

SHA512
4758c76835712a9e7e12006054e96e99ff37dbd866400ed0e69e9469326cc7394a4c350f0d3a91cab815d2ff5e3a8e2241213ff168417d1a2d204610c467033e

Download Submit
\Windows\system\pfDWnop.exe

Filesize
6.0MB

MD5
50c7f504b90fe519b4897712ac6bd324

SHA1
912f607b6ecff361e4442d290a981d9cfbf7edbf

SHA256
7dc7b84c8996b546409f23f7d5f1aa56f616aca1a1c7ec66f908505051325b90

SHA512
b6b230264a2714696d4be899c0c9216199df351a8443d2900405e6119aa305bcc53ce68815684d07c06a7594b4dbf1b4b5dd24a76587d86ee02fb9fcf505c03c

Download Submit
\Windows\system\qpgRjuy.exe

Filesize
6.0MB

MD5
4859fc437d65a0a6446f4883366bfd80

SHA1
273dab3bcda4430bbe1886eb88251d88ff1c9b54

SHA256
944e39899bb59ab8b6a49310a3ca8a6bef56d3b33590c81b1316875ab9738449

SHA512
761abd6ec3c45bc82116856b46939e1f3fa5d7dc8946fb93d84d6e787f6431f21a3d19dd07b7a3ce7dbc4210e04d7a503ca1a3011bb31a2420fb6cf726c57768

Download Submit
\Windows\system\vdPCARn.exe

Filesize
6.0MB

MD5
4d65e7d1102e3a50e1c48ce8d6c884b2

SHA1
48e0a7165218609466b545232d4ec1f81bab7423

SHA256
e5162d38c36ec918cf7a293e9beff9d8c29a82ef97f0e1af840816304f4d38b7

SHA512
341c0bc515c50b96290c7b9d53977c16f27cbb9d7a378d6f5c0fa52f1ee34a493eac22b3ecc28bf5564fcebb27f73325a6bfceb66ec27eceeb31ea463b98a614

Download Submit
memory/916-20-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/916-3857-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1328-3875-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1328-9-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1328-1022-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-3876-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-695-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-724-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2392-722-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2392-726-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2392-0-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2392-697-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-699-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2392-703-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1-0x0000000000200000-0x0000000000210000-memory.dmp

Filesize
64KB

Download
memory/2392-701-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1808-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2392-6-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2128-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2163-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2170-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2173-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2181-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2123-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2200-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2345-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2199-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2198-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2195-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2392-714-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1010-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2392-790-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2392-718-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2392-23-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2392-727-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2392-14-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2392-720-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2624-723-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3944-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2636-3884-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2636-717-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3907-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2688-725-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2692-22-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2692-1696-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3897-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2724-721-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3912-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2744-702-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3881-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3908-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2752-719-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2756-2101-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2756-696-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2756-4385-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3937-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2764-700-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2864-3878-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-698-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-713-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-3940-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download