cobaltstrike | b8806ec32f79f9fd7031664e1a9bed12fb4d9335b049a0ffb6037c19ee426770

Analysis

max time kernel
137s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/11/2024, 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

41aac1516802331194cf700f33a2f868
SHA1

c90c0c726940e8bb98e723e842a5825e96d2dbcf
SHA256

b8806ec32f79f9fd7031664e1a9bed12fb4d9335b049a0ffb6037c19ee426770
SHA512

a27d141d4ac1665b8e98ad62bf800bbbb3800fd6892b616de799328a494b82d147755b46b924c74cba4c31f69ca6d8065e371bb31f9169a3a8416692b070a32d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUX:T+q56utgpPF8u/7X

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016031-14.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001620e-15.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001650a-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016593-25.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000167dc-30.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c3d-31.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dad-45.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f9c-57.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fb-75.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001747b-89.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-170.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-174.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018678-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-164.dat	cobalt_reflective_dll
behavioral1/files/0x001500000001866d-155.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015daa-140.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001752f-136.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174ac-98.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001748f-93.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017409-85.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017403-81.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173e4-73.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173aa-69.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739c-65.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739a-61.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016e74-53.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dc8-49.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d50-37.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015fc4-10.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2124-0-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0008000000016031-14.dat	xmrig
behavioral1/files/0x000800000001620e-15.dat	xmrig
behavioral1/files/0x000700000001650a-22.dat	xmrig
behavioral1/files/0x0007000000016593-25.dat	xmrig
behavioral1/files/0x00070000000167dc-30.dat	xmrig
behavioral1/files/0x0008000000016c3d-31.dat	xmrig
behavioral1/files/0x0006000000016dad-45.dat	xmrig
behavioral1/files/0x0006000000016f9c-57.dat	xmrig
behavioral1/files/0x00060000000173fb-75.dat	xmrig
behavioral1/files/0x000600000001747b-89.dat	xmrig
behavioral1/memory/2852-1775-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2148-1931-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2124-1890-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2796-1889-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2124-1781-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2844-1785-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x00060000000190d6-180.dat	xmrig
behavioral1/files/0x000500000001879b-170.dat	xmrig
behavioral1/files/0x00060000000190cd-174.dat	xmrig
behavioral1/files/0x0009000000018678-160.dat	xmrig
behavioral1/files/0x0005000000018690-164.dat	xmrig
behavioral1/files/0x001500000001866d-155.dat	xmrig
behavioral1/files/0x0008000000015daa-140.dat	xmrig
behavioral1/memory/2124-131-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2732-130-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2988-128-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2124-127-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2816-126-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2704-124-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2124-123-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/576-122-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2340-120-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2124-119-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2320-118-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2124-117-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2556-116-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2364-114-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2124-113-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2536-112-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/files/0x000600000001752f-136.dat	xmrig
behavioral1/files/0x00060000000174ac-98.dat	xmrig
behavioral1/files/0x000600000001748f-93.dat	xmrig
behavioral1/files/0x0006000000017409-85.dat	xmrig
behavioral1/files/0x0006000000017403-81.dat	xmrig
behavioral1/files/0x00060000000173e4-73.dat	xmrig
behavioral1/files/0x00060000000173aa-69.dat	xmrig
behavioral1/files/0x000600000001739c-65.dat	xmrig
behavioral1/files/0x000600000001739a-61.dat	xmrig
behavioral1/files/0x0006000000016e74-53.dat	xmrig
behavioral1/files/0x0006000000016dc8-49.dat	xmrig
behavioral1/files/0x0006000000016d9f-41.dat	xmrig
behavioral1/files/0x0007000000016d50-37.dat	xmrig
behavioral1/files/0x0008000000015fc4-10.dat	xmrig
behavioral1/memory/2124-2489-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2732-2619-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/576-2875-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2536-2874-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2556-2881-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2732-2886-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2988-2914-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2704-2913-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2340-2889-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2148	vflueqD.exe
2536	wEMKMTP.exe
2364	kVPvYQr.exe
2556	iGNiHon.exe
2320	yhKEXMQ.exe
2340	INCfaXY.exe
576	qTNXBaS.exe
2704	aZNhuft.exe
2816	doUjupY.exe
2988	lUlpOnc.exe
2732	SZsqlRs.exe
2852	fbtoSnR.exe
2844	roIBrGI.exe
2796	CYDTjXn.exe
1716	KvQuOqx.exe
2800	RaqWCsq.exe
2592	HLHRgPu.exe
2664	MTJNqrf.exe
2656	kvuTLov.exe
1860	SaztBto.exe
2308	xgDHYUw.exe
1640	fSbhbXR.exe
592	eSRLRGX.exe
304	lmJLfsx.exe
2960	bLvwdkr.exe
2924	owKlwXo.exe
2140	LtvzpfZ.exe
1632	hlNTBkh.exe
1548	cnSbunz.exe
1136	jFAFjJU.exe
2996	gADIJKV.exe
2036	qPxmwLb.exe
1360	FVmPHAw.exe
948	myUbPOT.exe
1660	IHrflOe.exe
2480	zcRGUrG.exe
2432	fRSuJQA.exe
1724	fcVeQOE.exe
2172	TwsiSnE.exe
1852	MZEyRDj.exe
1628	JnQMuYy.exe
2460	yGcHeTr.exe
700	bSPiEUO.exe
912	npKTnYb.exe
292	HjLoQHw.exe
1120	eGbbgFo.exe
2444	XMnvZiD.exe
1232	NRKBGlJ.exe
1676	pTgEouw.exe
1348	COhUolE.exe
3044	AAMecPw.exe
1448	coTbSlA.exe
1560	GfHwNxG.exe
2152	esZFVvq.exe
2504	QoEmOfT.exe
2528	jWNitPk.exe
2336	GmNDAMM.exe
2476	pgCikld.exe
2772	UftwZTh.exe
2388	KjujUSr.exe
2864	HonMTMu.exe
2780	gCQZxzj.exe
2720	shEtpOd.exe
2216	MlVrqts.exe

Loads dropped DLL 64 IoCs

pid	Process
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2124-0-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0008000000016031-14.dat	upx
behavioral1/files/0x000800000001620e-15.dat	upx
behavioral1/files/0x000700000001650a-22.dat	upx
behavioral1/files/0x0007000000016593-25.dat	upx
behavioral1/files/0x00070000000167dc-30.dat	upx
behavioral1/files/0x0008000000016c3d-31.dat	upx
behavioral1/files/0x0006000000016dad-45.dat	upx
behavioral1/files/0x0006000000016f9c-57.dat	upx
behavioral1/files/0x00060000000173fb-75.dat	upx
behavioral1/files/0x000600000001747b-89.dat	upx
behavioral1/memory/2852-1775-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2148-1931-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2796-1889-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2844-1785-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x00060000000190d6-180.dat	upx
behavioral1/files/0x000500000001879b-170.dat	upx
behavioral1/files/0x00060000000190cd-174.dat	upx
behavioral1/files/0x0009000000018678-160.dat	upx
behavioral1/files/0x0005000000018690-164.dat	upx
behavioral1/files/0x001500000001866d-155.dat	upx
behavioral1/files/0x0008000000015daa-140.dat	upx
behavioral1/memory/2732-130-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2988-128-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2816-126-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2704-124-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/576-122-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2340-120-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2320-118-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2556-116-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2364-114-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2536-112-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/files/0x000600000001752f-136.dat	upx
behavioral1/files/0x00060000000174ac-98.dat	upx
behavioral1/files/0x000600000001748f-93.dat	upx
behavioral1/files/0x0006000000017409-85.dat	upx
behavioral1/files/0x0006000000017403-81.dat	upx
behavioral1/files/0x00060000000173e4-73.dat	upx
behavioral1/files/0x00060000000173aa-69.dat	upx
behavioral1/files/0x000600000001739c-65.dat	upx
behavioral1/files/0x000600000001739a-61.dat	upx
behavioral1/files/0x0006000000016e74-53.dat	upx
behavioral1/files/0x0006000000016dc8-49.dat	upx
behavioral1/files/0x0006000000016d9f-41.dat	upx
behavioral1/files/0x0007000000016d50-37.dat	upx
behavioral1/files/0x0008000000015fc4-10.dat	upx
behavioral1/memory/2124-2489-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2732-2619-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/576-2875-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2536-2874-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2556-2881-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2732-2886-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2988-2914-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2704-2913-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2340-2889-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2844-2888-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2796-2887-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2320-2873-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2364-2870-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2148-2869-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2816-2867-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2852-5086-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zPtpEMc.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dCzOwth.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fUFSGhn.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gdPEhNI.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QPpgQwd.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDaZKsM.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HmVHEDh.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSMWDpA.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rjPXAzq.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ErgiXlU.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ApYjSPH.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SRVpBPD.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPmUbcd.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jLlqhIZ.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qRgAjfQ.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uRzhknA.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sacQzJh.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGKatcq.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iMFvfDB.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qRBKRxb.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRrnhHg.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVscaaE.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xajbVxK.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qpFpKBc.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lKCBZOS.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\plEIgmT.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QXVWJrf.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YbHoUQS.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yPyVzEA.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kvuTLov.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZbFhNyB.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cGPVHND.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dHrgWOG.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfaJoAk.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hcRWvPJ.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pmaKcIY.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZGdfPbg.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EJqrNFO.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\smRijDp.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VyzgLRY.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPxmwLb.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nlcrrYg.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qpHVzWM.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zIoOlWw.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQxpawu.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mVknVHy.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bKuZOsj.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jcWNQEd.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBhjuyk.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KfwczmB.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ItKWxDE.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gKEwBLW.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MfIKyOL.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VTHrEnp.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hhCTlLX.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\psqqlHh.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPXYKVE.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZskGlaS.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qAYhiSY.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wHtEzHG.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NlpTKxE.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uXtILyX.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lmJLfsx.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cuZTuNf.exe	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2148	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2124 wrote to memory of 2148	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2124 wrote to memory of 2148	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2124 wrote to memory of 2536	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2124 wrote to memory of 2536	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2124 wrote to memory of 2536	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2124 wrote to memory of 2364	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2124 wrote to memory of 2364	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2124 wrote to memory of 2364	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2124 wrote to memory of 2556	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2124 wrote to memory of 2556	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2124 wrote to memory of 2556	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2124 wrote to memory of 2320	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2124 wrote to memory of 2320	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2124 wrote to memory of 2320	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2124 wrote to memory of 2340	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2124 wrote to memory of 2340	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2124 wrote to memory of 2340	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2124 wrote to memory of 576	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2124 wrote to memory of 576	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2124 wrote to memory of 576	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2124 wrote to memory of 2704	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2124 wrote to memory of 2704	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2124 wrote to memory of 2704	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2124 wrote to memory of 2816	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2124 wrote to memory of 2816	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2124 wrote to memory of 2816	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2124 wrote to memory of 2988	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2124 wrote to memory of 2988	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2124 wrote to memory of 2988	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2124 wrote to memory of 2732	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2124 wrote to memory of 2732	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2124 wrote to memory of 2732	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2124 wrote to memory of 2852	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2124 wrote to memory of 2852	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2124 wrote to memory of 2852	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2124 wrote to memory of 2844	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2124 wrote to memory of 2844	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2124 wrote to memory of 2844	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2124 wrote to memory of 2796	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2124 wrote to memory of 2796	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2124 wrote to memory of 2796	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2124 wrote to memory of 1716	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2124 wrote to memory of 1716	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2124 wrote to memory of 1716	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2124 wrote to memory of 2800	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2124 wrote to memory of 2800	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2124 wrote to memory of 2800	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2124 wrote to memory of 2592	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2124 wrote to memory of 2592	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2124 wrote to memory of 2592	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2124 wrote to memory of 2664	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2124 wrote to memory of 2664	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2124 wrote to memory of 2664	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2124 wrote to memory of 2656	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2124 wrote to memory of 2656	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2124 wrote to memory of 2656	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2124 wrote to memory of 1860	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2124 wrote to memory of 1860	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2124 wrote to memory of 1860	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2124 wrote to memory of 2308	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2124 wrote to memory of 2308	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2124 wrote to memory of 2308	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2124 wrote to memory of 1640	2124	2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-27_41aac1516802331194cf700f33a2f868_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Windows\System\vflueqD.exe
  C:\Windows\System\vflueqD.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\wEMKMTP.exe
  C:\Windows\System\wEMKMTP.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\kVPvYQr.exe
  C:\Windows\System\kVPvYQr.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\iGNiHon.exe
  C:\Windows\System\iGNiHon.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\yhKEXMQ.exe
  C:\Windows\System\yhKEXMQ.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\INCfaXY.exe
  C:\Windows\System\INCfaXY.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\qTNXBaS.exe
  C:\Windows\System\qTNXBaS.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\aZNhuft.exe
  C:\Windows\System\aZNhuft.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\doUjupY.exe
  C:\Windows\System\doUjupY.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\lUlpOnc.exe
  C:\Windows\System\lUlpOnc.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\SZsqlRs.exe
  C:\Windows\System\SZsqlRs.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\fbtoSnR.exe
  C:\Windows\System\fbtoSnR.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\roIBrGI.exe
  C:\Windows\System\roIBrGI.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\CYDTjXn.exe
  C:\Windows\System\CYDTjXn.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\KvQuOqx.exe
  C:\Windows\System\KvQuOqx.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\RaqWCsq.exe
  C:\Windows\System\RaqWCsq.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\HLHRgPu.exe
  C:\Windows\System\HLHRgPu.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\MTJNqrf.exe
  C:\Windows\System\MTJNqrf.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\kvuTLov.exe
  C:\Windows\System\kvuTLov.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\SaztBto.exe
  C:\Windows\System\SaztBto.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\xgDHYUw.exe
  C:\Windows\System\xgDHYUw.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\fSbhbXR.exe
  C:\Windows\System\fSbhbXR.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\eSRLRGX.exe
  C:\Windows\System\eSRLRGX.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\lmJLfsx.exe
  C:\Windows\System\lmJLfsx.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\bLvwdkr.exe
  C:\Windows\System\bLvwdkr.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\owKlwXo.exe
  C:\Windows\System\owKlwXo.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\LtvzpfZ.exe
  C:\Windows\System\LtvzpfZ.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\hlNTBkh.exe
  C:\Windows\System\hlNTBkh.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\cnSbunz.exe
  C:\Windows\System\cnSbunz.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\jFAFjJU.exe
  C:\Windows\System\jFAFjJU.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\gADIJKV.exe
  C:\Windows\System\gADIJKV.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\qPxmwLb.exe
  C:\Windows\System\qPxmwLb.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\FVmPHAw.exe
  C:\Windows\System\FVmPHAw.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\myUbPOT.exe
  C:\Windows\System\myUbPOT.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\IHrflOe.exe
  C:\Windows\System\IHrflOe.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\zcRGUrG.exe
  C:\Windows\System\zcRGUrG.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\fRSuJQA.exe
  C:\Windows\System\fRSuJQA.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\fcVeQOE.exe
  C:\Windows\System\fcVeQOE.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\TwsiSnE.exe
  C:\Windows\System\TwsiSnE.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\MZEyRDj.exe
  C:\Windows\System\MZEyRDj.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\JnQMuYy.exe
  C:\Windows\System\JnQMuYy.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\bSPiEUO.exe
  C:\Windows\System\bSPiEUO.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\yGcHeTr.exe
  C:\Windows\System\yGcHeTr.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\npKTnYb.exe
  C:\Windows\System\npKTnYb.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\HjLoQHw.exe
  C:\Windows\System\HjLoQHw.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\eGbbgFo.exe
  C:\Windows\System\eGbbgFo.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\XMnvZiD.exe
  C:\Windows\System\XMnvZiD.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\NRKBGlJ.exe
  C:\Windows\System\NRKBGlJ.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\pTgEouw.exe
  C:\Windows\System\pTgEouw.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\COhUolE.exe
  C:\Windows\System\COhUolE.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\AAMecPw.exe
  C:\Windows\System\AAMecPw.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\coTbSlA.exe
  C:\Windows\System\coTbSlA.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\GfHwNxG.exe
  C:\Windows\System\GfHwNxG.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\esZFVvq.exe
  C:\Windows\System\esZFVvq.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\QoEmOfT.exe
  C:\Windows\System\QoEmOfT.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\jWNitPk.exe
  C:\Windows\System\jWNitPk.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\GmNDAMM.exe
  C:\Windows\System\GmNDAMM.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\HonMTMu.exe
  C:\Windows\System\HonMTMu.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\pgCikld.exe
  C:\Windows\System\pgCikld.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\gCQZxzj.exe
  C:\Windows\System\gCQZxzj.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\UftwZTh.exe
  C:\Windows\System\UftwZTh.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\shEtpOd.exe
  C:\Windows\System\shEtpOd.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\KjujUSr.exe
  C:\Windows\System\KjujUSr.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\MlVrqts.exe
  C:\Windows\System\MlVrqts.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\MBwBUJz.exe
  C:\Windows\System\MBwBUJz.exe
  2⤵
  PID:1880
- C:\Windows\System\Yuugowb.exe
  C:\Windows\System\Yuugowb.exe
  2⤵
  PID:1268
- C:\Windows\System\XldYVsy.exe
  C:\Windows\System\XldYVsy.exe
  2⤵
  PID:2040
- C:\Windows\System\pcQlZkX.exe
  C:\Windows\System\pcQlZkX.exe
  2⤵
  PID:2164
- C:\Windows\System\QyvgpIg.exe
  C:\Windows\System\QyvgpIg.exe
  2⤵
  PID:2192
- C:\Windows\System\rKfoXsO.exe
  C:\Windows\System\rKfoXsO.exe
  2⤵
  PID:2280
- C:\Windows\System\CeGIzxg.exe
  C:\Windows\System\CeGIzxg.exe
  2⤵
  PID:2376
- C:\Windows\System\sCASdAb.exe
  C:\Windows\System\sCASdAb.exe
  2⤵
  PID:572
- C:\Windows\System\MuBzbjM.exe
  C:\Windows\System\MuBzbjM.exe
  2⤵
  PID:1048
- C:\Windows\System\ioPBCOh.exe
  C:\Windows\System\ioPBCOh.exe
  2⤵
  PID:752
- C:\Windows\System\hKVaxfS.exe
  C:\Windows\System\hKVaxfS.exe
  2⤵
  PID:1732
- C:\Windows\System\jIfdIzT.exe
  C:\Windows\System\jIfdIzT.exe
  2⤵
  PID:1752
- C:\Windows\System\oknvEUw.exe
  C:\Windows\System\oknvEUw.exe
  2⤵
  PID:900
- C:\Windows\System\plEIgmT.exe
  C:\Windows\System\plEIgmT.exe
  2⤵
  PID:1612
- C:\Windows\System\hcRWvPJ.exe
  C:\Windows\System\hcRWvPJ.exe
  2⤵
  PID:1840
- C:\Windows\System\xgtZyKu.exe
  C:\Windows\System\xgtZyKu.exe
  2⤵
  PID:484
- C:\Windows\System\XgnoWOC.exe
  C:\Windows\System\XgnoWOC.exe
  2⤵
  PID:988
- C:\Windows\System\VliZOxp.exe
  C:\Windows\System\VliZOxp.exe
  2⤵
  PID:2896
- C:\Windows\System\WmqwOOF.exe
  C:\Windows\System\WmqwOOF.exe
  2⤵
  PID:2372
- C:\Windows\System\uPdbSjR.exe
  C:\Windows\System\uPdbSjR.exe
  2⤵
  PID:776
- C:\Windows\System\wxnnJMe.exe
  C:\Windows\System\wxnnJMe.exe
  2⤵
  PID:1692
- C:\Windows\System\JTxPmAf.exe
  C:\Windows\System\JTxPmAf.exe
  2⤵
  PID:316
- C:\Windows\System\BxUqJfy.exe
  C:\Windows\System\BxUqJfy.exe
  2⤵
  PID:2812
- C:\Windows\System\sSbWBOF.exe
  C:\Windows\System\sSbWBOF.exe
  2⤵
  PID:876
- C:\Windows\System\NmWVRaM.exe
  C:\Windows\System\NmWVRaM.exe
  2⤵
  PID:2512
- C:\Windows\System\OOFfgnE.exe
  C:\Windows\System\OOFfgnE.exe
  2⤵
  PID:2892
- C:\Windows\System\oXwWaXO.exe
  C:\Windows\System\oXwWaXO.exe
  2⤵
  PID:556
- C:\Windows\System\JPQPhZw.exe
  C:\Windows\System\JPQPhZw.exe
  2⤵
  PID:268
- C:\Windows\System\KsRumBt.exe
  C:\Windows\System\KsRumBt.exe
  2⤵
  PID:2644
- C:\Windows\System\SOPQKFk.exe
  C:\Windows\System\SOPQKFk.exe
  2⤵
  PID:2180
- C:\Windows\System\mgJxHSg.exe
  C:\Windows\System\mgJxHSg.exe
  2⤵
  PID:2060
- C:\Windows\System\xFPNOZN.exe
  C:\Windows\System\xFPNOZN.exe
  2⤵
  PID:1804
- C:\Windows\System\iohKhhB.exe
  C:\Windows\System\iohKhhB.exe
  2⤵
  PID:2972
- C:\Windows\System\CaHSpOh.exe
  C:\Windows\System\CaHSpOh.exe
  2⤵
  PID:2252
- C:\Windows\System\DnqhgxS.exe
  C:\Windows\System\DnqhgxS.exe
  2⤵
  PID:1756
- C:\Windows\System\GEEhutG.exe
  C:\Windows\System\GEEhutG.exe
  2⤵
  PID:868
- C:\Windows\System\IeOdfSp.exe
  C:\Windows\System\IeOdfSp.exe
  2⤵
  PID:2056
- C:\Windows\System\NvRCHxa.exe
  C:\Windows\System\NvRCHxa.exe
  2⤵
  PID:880
- C:\Windows\System\FBbcTyG.exe
  C:\Windows\System\FBbcTyG.exe
  2⤵
  PID:652
- C:\Windows\System\qMsNRAP.exe
  C:\Windows\System\qMsNRAP.exe
  2⤵
  PID:1492
- C:\Windows\System\uBzSGOt.exe
  C:\Windows\System\uBzSGOt.exe
  2⤵
  PID:2296
- C:\Windows\System\CDTJDkj.exe
  C:\Windows\System\CDTJDkj.exe
  2⤵
  PID:2236
- C:\Windows\System\wswpyOp.exe
  C:\Windows\System\wswpyOp.exe
  2⤵
  PID:1728
- C:\Windows\System\VdqDIEN.exe
  C:\Windows\System\VdqDIEN.exe
  2⤵
  PID:848
- C:\Windows\System\odnWWEW.exe
  C:\Windows\System\odnWWEW.exe
  2⤵
  PID:1672
- C:\Windows\System\aKTiUPD.exe
  C:\Windows\System\aKTiUPD.exe
  2⤵
  PID:1308
- C:\Windows\System\WyUnPQk.exe
  C:\Windows\System\WyUnPQk.exe
  2⤵
  PID:1680
- C:\Windows\System\TQJKtci.exe
  C:\Windows\System\TQJKtci.exe
  2⤵
  PID:3076
- C:\Windows\System\BSLHvvN.exe
  C:\Windows\System\BSLHvvN.exe
  2⤵
  PID:3100
- C:\Windows\System\EKspdWE.exe
  C:\Windows\System\EKspdWE.exe
  2⤵
  PID:3116
- C:\Windows\System\jJULlwh.exe
  C:\Windows\System\jJULlwh.exe
  2⤵
  PID:3132
- C:\Windows\System\wCtJMly.exe
  C:\Windows\System\wCtJMly.exe
  2⤵
  PID:3148
- C:\Windows\System\SzKvOmn.exe
  C:\Windows\System\SzKvOmn.exe
  2⤵
  PID:3180
- C:\Windows\System\vyiepiA.exe
  C:\Windows\System\vyiepiA.exe
  2⤵
  PID:3208
- C:\Windows\System\hOBGmbF.exe
  C:\Windows\System\hOBGmbF.exe
  2⤵
  PID:3224
- C:\Windows\System\mZQiJRr.exe
  C:\Windows\System\mZQiJRr.exe
  2⤵
  PID:3244
- C:\Windows\System\ypSyCnA.exe
  C:\Windows\System\ypSyCnA.exe
  2⤵
  PID:3268
- C:\Windows\System\oWAxbhu.exe
  C:\Windows\System\oWAxbhu.exe
  2⤵
  PID:3288
- C:\Windows\System\ZvGDcOu.exe
  C:\Windows\System\ZvGDcOu.exe
  2⤵
  PID:3308
- C:\Windows\System\xfmqjQp.exe
  C:\Windows\System\xfmqjQp.exe
  2⤵
  PID:3328
- C:\Windows\System\qSBrrlk.exe
  C:\Windows\System\qSBrrlk.exe
  2⤵
  PID:3348
- C:\Windows\System\lpGiTGZ.exe
  C:\Windows\System\lpGiTGZ.exe
  2⤵
  PID:3368
- C:\Windows\System\zFonblU.exe
  C:\Windows\System\zFonblU.exe
  2⤵
  PID:3388
- C:\Windows\System\CvnlcAC.exe
  C:\Windows\System\CvnlcAC.exe
  2⤵
  PID:3408
- C:\Windows\System\dKOTCwG.exe
  C:\Windows\System\dKOTCwG.exe
  2⤵
  PID:3428
- C:\Windows\System\ZELAQUb.exe
  C:\Windows\System\ZELAQUb.exe
  2⤵
  PID:3448
- C:\Windows\System\oDhvNGI.exe
  C:\Windows\System\oDhvNGI.exe
  2⤵
  PID:3468
- C:\Windows\System\sGAQElt.exe
  C:\Windows\System\sGAQElt.exe
  2⤵
  PID:3488
- C:\Windows\System\DMStnGZ.exe
  C:\Windows\System\DMStnGZ.exe
  2⤵
  PID:3508
- C:\Windows\System\hSHcShR.exe
  C:\Windows\System\hSHcShR.exe
  2⤵
  PID:3528
- C:\Windows\System\RTXsKJR.exe
  C:\Windows\System\RTXsKJR.exe
  2⤵
  PID:3548
- C:\Windows\System\bfVpGVG.exe
  C:\Windows\System\bfVpGVG.exe
  2⤵
  PID:3568
- C:\Windows\System\iPGOWxe.exe
  C:\Windows\System\iPGOWxe.exe
  2⤵
  PID:3588
- C:\Windows\System\DWXulDi.exe
  C:\Windows\System\DWXulDi.exe
  2⤵
  PID:3608
- C:\Windows\System\mIQQQoR.exe
  C:\Windows\System\mIQQQoR.exe
  2⤵
  PID:3628
- C:\Windows\System\bzYfTYY.exe
  C:\Windows\System\bzYfTYY.exe
  2⤵
  PID:3648
- C:\Windows\System\dOxibcc.exe
  C:\Windows\System\dOxibcc.exe
  2⤵
  PID:3668
- C:\Windows\System\fYegepy.exe
  C:\Windows\System\fYegepy.exe
  2⤵
  PID:3684
- C:\Windows\System\bkeKxLz.exe
  C:\Windows\System\bkeKxLz.exe
  2⤵
  PID:3704
- C:\Windows\System\SHfRdXf.exe
  C:\Windows\System\SHfRdXf.exe
  2⤵
  PID:3724
- C:\Windows\System\CJKXGRp.exe
  C:\Windows\System\CJKXGRp.exe
  2⤵
  PID:3740
- C:\Windows\System\MUuLlJH.exe
  C:\Windows\System\MUuLlJH.exe
  2⤵
  PID:3760
- C:\Windows\System\SaTWcHj.exe
  C:\Windows\System\SaTWcHj.exe
  2⤵
  PID:3780
- C:\Windows\System\ilkkcBc.exe
  C:\Windows\System\ilkkcBc.exe
  2⤵
  PID:3800
- C:\Windows\System\nqlMVuX.exe
  C:\Windows\System\nqlMVuX.exe
  2⤵
  PID:3820
- C:\Windows\System\NGGsSGi.exe
  C:\Windows\System\NGGsSGi.exe
  2⤵
  PID:3840
- C:\Windows\System\YjfYjwH.exe
  C:\Windows\System\YjfYjwH.exe
  2⤵
  PID:3860
- C:\Windows\System\ZzPyrPi.exe
  C:\Windows\System\ZzPyrPi.exe
  2⤵
  PID:3876
- C:\Windows\System\ncpWzSe.exe
  C:\Windows\System\ncpWzSe.exe
  2⤵
  PID:3900
- C:\Windows\System\OMpfkeQ.exe
  C:\Windows\System\OMpfkeQ.exe
  2⤵
  PID:3920
- C:\Windows\System\TekCuZg.exe
  C:\Windows\System\TekCuZg.exe
  2⤵
  PID:3940
- C:\Windows\System\wfkOWEN.exe
  C:\Windows\System\wfkOWEN.exe
  2⤵
  PID:3956
- C:\Windows\System\RhxjpyT.exe
  C:\Windows\System\RhxjpyT.exe
  2⤵
  PID:3972
- C:\Windows\System\kGnyjFv.exe
  C:\Windows\System\kGnyjFv.exe
  2⤵
  PID:3988
- C:\Windows\System\zcbdDrC.exe
  C:\Windows\System\zcbdDrC.exe
  2⤵
  PID:4004
- C:\Windows\System\ysIZQxz.exe
  C:\Windows\System\ysIZQxz.exe
  2⤵
  PID:4020
- C:\Windows\System\SmAXEil.exe
  C:\Windows\System\SmAXEil.exe
  2⤵
  PID:4036
- C:\Windows\System\MaVDFlr.exe
  C:\Windows\System\MaVDFlr.exe
  2⤵
  PID:4052
- C:\Windows\System\EOLFdCn.exe
  C:\Windows\System\EOLFdCn.exe
  2⤵
  PID:4068
- C:\Windows\System\gqEXegF.exe
  C:\Windows\System\gqEXegF.exe
  2⤵
  PID:4088
- C:\Windows\System\BEwFEiZ.exe
  C:\Windows\System\BEwFEiZ.exe
  2⤵
  PID:1740
- C:\Windows\System\fUFSGhn.exe
  C:\Windows\System\fUFSGhn.exe
  2⤵
  PID:1472
- C:\Windows\System\FCuaRzi.exe
  C:\Windows\System\FCuaRzi.exe
  2⤵
  PID:1376
- C:\Windows\System\JfaxErA.exe
  C:\Windows\System\JfaxErA.exe
  2⤵
  PID:344
- C:\Windows\System\BlfjckW.exe
  C:\Windows\System\BlfjckW.exe
  2⤵
  PID:3084
- C:\Windows\System\WYedaqv.exe
  C:\Windows\System\WYedaqv.exe
  2⤵
  PID:3096
- C:\Windows\System\ziiWlIw.exe
  C:\Windows\System\ziiWlIw.exe
  2⤵
  PID:2932
- C:\Windows\System\ODdmlxt.exe
  C:\Windows\System\ODdmlxt.exe
  2⤵
  PID:636
- C:\Windows\System\fpdGrbz.exe
  C:\Windows\System\fpdGrbz.exe
  2⤵
  PID:3216
- C:\Windows\System\ixOcVbQ.exe
  C:\Windows\System\ixOcVbQ.exe
  2⤵
  PID:3200
- C:\Windows\System\QXVWJrf.exe
  C:\Windows\System\QXVWJrf.exe
  2⤵
  PID:3260
- C:\Windows\System\OfNRwbz.exe
  C:\Windows\System\OfNRwbz.exe
  2⤵
  PID:3304
- C:\Windows\System\MIzmfdA.exe
  C:\Windows\System\MIzmfdA.exe
  2⤵
  PID:3336
- C:\Windows\System\Cfxrqyc.exe
  C:\Windows\System\Cfxrqyc.exe
  2⤵
  PID:3340
- C:\Windows\System\PnfCwUt.exe
  C:\Windows\System\PnfCwUt.exe
  2⤵
  PID:3384
- C:\Windows\System\jKEGLPr.exe
  C:\Windows\System\jKEGLPr.exe
  2⤵
  PID:3456
- C:\Windows\System\oEzzlGp.exe
  C:\Windows\System\oEzzlGp.exe
  2⤵
  PID:3500
- C:\Windows\System\nLcPFis.exe
  C:\Windows\System\nLcPFis.exe
  2⤵
  PID:3544
- C:\Windows\System\KzqDCll.exe
  C:\Windows\System\KzqDCll.exe
  2⤵
  PID:3580
- C:\Windows\System\Ddhfwdu.exe
  C:\Windows\System\Ddhfwdu.exe
  2⤵
  PID:3484
- C:\Windows\System\BGThuLK.exe
  C:\Windows\System\BGThuLK.exe
  2⤵
  PID:3664
- C:\Windows\System\ntAECNa.exe
  C:\Windows\System\ntAECNa.exe
  2⤵
  PID:3732
- C:\Windows\System\qOJCQNA.exe
  C:\Windows\System\qOJCQNA.exe
  2⤵
  PID:3556
- C:\Windows\System\eGLITrJ.exe
  C:\Windows\System\eGLITrJ.exe
  2⤵
  PID:3604
- C:\Windows\System\aROEktQ.exe
  C:\Windows\System\aROEktQ.exe
  2⤵
  PID:3808
- C:\Windows\System\MFvSqTP.exe
  C:\Windows\System\MFvSqTP.exe
  2⤵
  PID:3856
- C:\Windows\System\ISyDfIP.exe
  C:\Windows\System\ISyDfIP.exe
  2⤵
  PID:3676
- C:\Windows\System\OiKtlGA.exe
  C:\Windows\System\OiKtlGA.exe
  2⤵
  PID:3720
- C:\Windows\System\FBRciIz.exe
  C:\Windows\System\FBRciIz.exe
  2⤵
  PID:3756
- C:\Windows\System\DnxySOU.exe
  C:\Windows\System\DnxySOU.exe
  2⤵
  PID:3928
- C:\Windows\System\BJTDQGO.exe
  C:\Windows\System\BJTDQGO.exe
  2⤵
  PID:3968
- C:\Windows\System\eyEPkGM.exe
  C:\Windows\System\eyEPkGM.exe
  2⤵
  PID:3908
- C:\Windows\System\bPrATMu.exe
  C:\Windows\System\bPrATMu.exe
  2⤵
  PID:3868
- C:\Windows\System\CwkYCrf.exe
  C:\Windows\System\CwkYCrf.exe
  2⤵
  PID:4060
- C:\Windows\System\jPsQzaA.exe
  C:\Windows\System\jPsQzaA.exe
  2⤵
  PID:2916
- C:\Windows\System\bELqfAR.exe
  C:\Windows\System\bELqfAR.exe
  2⤵
  PID:2648
- C:\Windows\System\PTUtKsq.exe
  C:\Windows\System\PTUtKsq.exe
  2⤵
  PID:3984
- C:\Windows\System\ivpxzGL.exe
  C:\Windows\System\ivpxzGL.exe
  2⤵
  PID:1264
- C:\Windows\System\DTlLzbX.exe
  C:\Windows\System\DTlLzbX.exe
  2⤵
  PID:2688
- C:\Windows\System\tVRITNj.exe
  C:\Windows\System\tVRITNj.exe
  2⤵
  PID:448
- C:\Windows\System\cDgyCHE.exe
  C:\Windows\System\cDgyCHE.exe
  2⤵
  PID:548
- C:\Windows\System\MucZlJy.exe
  C:\Windows\System\MucZlJy.exe
  2⤵
  PID:3168
- C:\Windows\System\kjnNwVz.exe
  C:\Windows\System\kjnNwVz.exe
  2⤵
  PID:3124
- C:\Windows\System\wDbLbnA.exe
  C:\Windows\System\wDbLbnA.exe
  2⤵
  PID:3280
- C:\Windows\System\xbGaDmp.exe
  C:\Windows\System\xbGaDmp.exe
  2⤵
  PID:3460
- C:\Windows\System\jrZmzIF.exe
  C:\Windows\System\jrZmzIF.exe
  2⤵
  PID:3624
- C:\Windows\System\SWDSRai.exe
  C:\Windows\System\SWDSRai.exe
  2⤵
  PID:3108
- C:\Windows\System\MnqCopu.exe
  C:\Windows\System\MnqCopu.exe
  2⤵
  PID:3516
- C:\Windows\System\zjEXhfR.exe
  C:\Windows\System\zjEXhfR.exe
  2⤵
  PID:3296
- C:\Windows\System\RUYVnsf.exe
  C:\Windows\System\RUYVnsf.exe
  2⤵
  PID:3316
- C:\Windows\System\aUyqqGX.exe
  C:\Windows\System\aUyqqGX.exe
  2⤵
  PID:3936
- C:\Windows\System\GtupwPe.exe
  C:\Windows\System\GtupwPe.exe
  2⤵
  PID:3424
- C:\Windows\System\fpAblmv.exe
  C:\Windows\System\fpAblmv.exe
  2⤵
  PID:3396
- C:\Windows\System\rnggLfI.exe
  C:\Windows\System\rnggLfI.exe
  2⤵
  PID:2440
- C:\Windows\System\GeBcdGC.exe
  C:\Windows\System\GeBcdGC.exe
  2⤵
  PID:3700
- C:\Windows\System\HSbCFiN.exe
  C:\Windows\System\HSbCFiN.exe
  2⤵
  PID:4044
- C:\Windows\System\xfwtzxR.exe
  C:\Windows\System\xfwtzxR.exe
  2⤵
  PID:3068
- C:\Windows\System\xpfokOE.exe
  C:\Windows\System\xpfokOE.exe
  2⤵
  PID:4032
- C:\Windows\System\jmdBzwG.exe
  C:\Windows\System\jmdBzwG.exe
  2⤵
  PID:3896
- C:\Windows\System\xXmTFxZ.exe
  C:\Windows\System\xXmTFxZ.exe
  2⤵
  PID:3792
- C:\Windows\System\tyzJMBT.exe
  C:\Windows\System\tyzJMBT.exe
  2⤵
  PID:3156
- C:\Windows\System\zwMpRLd.exe
  C:\Windows\System\zwMpRLd.exe
  2⤵
  PID:2848
- C:\Windows\System\mLuSCir.exe
  C:\Windows\System\mLuSCir.exe
  2⤵
  PID:3620
- C:\Windows\System\SojCuci.exe
  C:\Windows\System\SojCuci.exe
  2⤵
  PID:3400
- C:\Windows\System\szEyUQu.exe
  C:\Windows\System\szEyUQu.exe
  2⤵
  PID:3256
- C:\Windows\System\zrimudO.exe
  C:\Windows\System\zrimudO.exe
  2⤵
  PID:3776
- C:\Windows\System\BRVMobH.exe
  C:\Windows\System\BRVMobH.exe
  2⤵
  PID:3772
- C:\Windows\System\aLWGTuI.exe
  C:\Windows\System\aLWGTuI.exe
  2⤵
  PID:3828
- C:\Windows\System\nVaEOLV.exe
  C:\Windows\System\nVaEOLV.exe
  2⤵
  PID:3416
- C:\Windows\System\TWQbPXA.exe
  C:\Windows\System\TWQbPXA.exe
  2⤵
  PID:3696
- C:\Windows\System\XZagftL.exe
  C:\Windows\System\XZagftL.exe
  2⤵
  PID:4108
- C:\Windows\System\GJBNcvv.exe
  C:\Windows\System\GJBNcvv.exe
  2⤵
  PID:4128
- C:\Windows\System\WhpHXqm.exe
  C:\Windows\System\WhpHXqm.exe
  2⤵
  PID:4148
- C:\Windows\System\NuyOKHn.exe
  C:\Windows\System\NuyOKHn.exe
  2⤵
  PID:4168
- C:\Windows\System\ZzHdBHM.exe
  C:\Windows\System\ZzHdBHM.exe
  2⤵
  PID:4188
- C:\Windows\System\irkqZXg.exe
  C:\Windows\System\irkqZXg.exe
  2⤵
  PID:4208
- C:\Windows\System\SUjoVbm.exe
  C:\Windows\System\SUjoVbm.exe
  2⤵
  PID:4228
- C:\Windows\System\eoALJsJ.exe
  C:\Windows\System\eoALJsJ.exe
  2⤵
  PID:4248
- C:\Windows\System\kyPnnXC.exe
  C:\Windows\System\kyPnnXC.exe
  2⤵
  PID:4268
- C:\Windows\System\BxffzMd.exe
  C:\Windows\System\BxffzMd.exe
  2⤵
  PID:4288
- C:\Windows\System\byihAYL.exe
  C:\Windows\System\byihAYL.exe
  2⤵
  PID:4308
- C:\Windows\System\bqFQbLe.exe
  C:\Windows\System\bqFQbLe.exe
  2⤵
  PID:4328
- C:\Windows\System\lPrKPXI.exe
  C:\Windows\System\lPrKPXI.exe
  2⤵
  PID:4344
- C:\Windows\System\dJJzKkI.exe
  C:\Windows\System\dJJzKkI.exe
  2⤵
  PID:4360
- C:\Windows\System\fBlYTDO.exe
  C:\Windows\System\fBlYTDO.exe
  2⤵
  PID:4376
- C:\Windows\System\agFQZYm.exe
  C:\Windows\System\agFQZYm.exe
  2⤵
  PID:4404
- C:\Windows\System\YaNfLMO.exe
  C:\Windows\System\YaNfLMO.exe
  2⤵
  PID:4424
- C:\Windows\System\uwZkQqE.exe
  C:\Windows\System\uwZkQqE.exe
  2⤵
  PID:4448
- C:\Windows\System\TuenQsI.exe
  C:\Windows\System\TuenQsI.exe
  2⤵
  PID:4468
- C:\Windows\System\ralCiUr.exe
  C:\Windows\System\ralCiUr.exe
  2⤵
  PID:4488
- C:\Windows\System\EVkvHcY.exe
  C:\Windows\System\EVkvHcY.exe
  2⤵
  PID:4508
- C:\Windows\System\zxsCyKy.exe
  C:\Windows\System\zxsCyKy.exe
  2⤵
  PID:4528
- C:\Windows\System\vXIyGwS.exe
  C:\Windows\System\vXIyGwS.exe
  2⤵
  PID:4544
- C:\Windows\System\briJkHw.exe
  C:\Windows\System\briJkHw.exe
  2⤵
  PID:4560
- C:\Windows\System\UUbdnuh.exe
  C:\Windows\System\UUbdnuh.exe
  2⤵
  PID:4584
- C:\Windows\System\XAvlhUe.exe
  C:\Windows\System\XAvlhUe.exe
  2⤵
  PID:4608
- C:\Windows\System\QCrwTby.exe
  C:\Windows\System\QCrwTby.exe
  2⤵
  PID:4624
- C:\Windows\System\iFEYHmL.exe
  C:\Windows\System\iFEYHmL.exe
  2⤵
  PID:4644
- C:\Windows\System\UNBrhzt.exe
  C:\Windows\System\UNBrhzt.exe
  2⤵
  PID:4664
- C:\Windows\System\MGwlLtH.exe
  C:\Windows\System\MGwlLtH.exe
  2⤵
  PID:4688
- C:\Windows\System\zylPvvI.exe
  C:\Windows\System\zylPvvI.exe
  2⤵
  PID:4704
- C:\Windows\System\pmaKcIY.exe
  C:\Windows\System\pmaKcIY.exe
  2⤵
  PID:4728
- C:\Windows\System\piwIsRW.exe
  C:\Windows\System\piwIsRW.exe
  2⤵
  PID:4744
- C:\Windows\System\jGHZAvA.exe
  C:\Windows\System\jGHZAvA.exe
  2⤵
  PID:4760
- C:\Windows\System\MitVrEw.exe
  C:\Windows\System\MitVrEw.exe
  2⤵
  PID:4776
- C:\Windows\System\gmakpdE.exe
  C:\Windows\System\gmakpdE.exe
  2⤵
  PID:4792
- C:\Windows\System\ZUwwAHu.exe
  C:\Windows\System\ZUwwAHu.exe
  2⤵
  PID:4808
- C:\Windows\System\jEJGwph.exe
  C:\Windows\System\jEJGwph.exe
  2⤵
  PID:4824
- C:\Windows\System\ztCYpOr.exe
  C:\Windows\System\ztCYpOr.exe
  2⤵
  PID:4840
- C:\Windows\System\ILZrQSH.exe
  C:\Windows\System\ILZrQSH.exe
  2⤵
  PID:4856
- C:\Windows\System\wXwHdMY.exe
  C:\Windows\System\wXwHdMY.exe
  2⤵
  PID:4888
- C:\Windows\System\yzBbAVN.exe
  C:\Windows\System\yzBbAVN.exe
  2⤵
  PID:4908
- C:\Windows\System\cdukXmf.exe
  C:\Windows\System\cdukXmf.exe
  2⤵
  PID:4932
- C:\Windows\System\IRNNVmu.exe
  C:\Windows\System\IRNNVmu.exe
  2⤵
  PID:4948
- C:\Windows\System\LHlXCws.exe
  C:\Windows\System\LHlXCws.exe
  2⤵
  PID:4988
- C:\Windows\System\ovyVPlT.exe
  C:\Windows\System\ovyVPlT.exe
  2⤵
  PID:5008
- C:\Windows\System\XgAgICO.exe
  C:\Windows\System\XgAgICO.exe
  2⤵
  PID:5024
- C:\Windows\System\lzRkRno.exe
  C:\Windows\System\lzRkRno.exe
  2⤵
  PID:5044
- C:\Windows\System\HydjkCo.exe
  C:\Windows\System\HydjkCo.exe
  2⤵
  PID:5068
- C:\Windows\System\AzvIQqm.exe
  C:\Windows\System\AzvIQqm.exe
  2⤵
  PID:5088
- C:\Windows\System\aJxUBvH.exe
  C:\Windows\System\aJxUBvH.exe
  2⤵
  PID:5108
- C:\Windows\System\pKfmnIr.exe
  C:\Windows\System\pKfmnIr.exe
  2⤵
  PID:4048
- C:\Windows\System\yzYZgDg.exe
  C:\Windows\System\yzYZgDg.exe
  2⤵
  PID:4076
- C:\Windows\System\USjHpWD.exe
  C:\Windows\System\USjHpWD.exe
  2⤵
  PID:3996
- C:\Windows\System\MhqaRLb.exe
  C:\Windows\System\MhqaRLb.exe
  2⤵
  PID:3948
- C:\Windows\System\TaaxEvo.exe
  C:\Windows\System\TaaxEvo.exe
  2⤵
  PID:1540
- C:\Windows\System\dIvFelI.exe
  C:\Windows\System\dIvFelI.exe
  2⤵
  PID:3284
- C:\Windows\System\agvMIUB.exe
  C:\Windows\System\agvMIUB.exe
  2⤵
  PID:3636
- C:\Windows\System\zevxXRL.exe
  C:\Windows\System\zevxXRL.exe
  2⤵
  PID:3640
- C:\Windows\System\HmHVomD.exe
  C:\Windows\System\HmHVomD.exe
  2⤵
  PID:3716
- C:\Windows\System\ILQyxBH.exe
  C:\Windows\System\ILQyxBH.exe
  2⤵
  PID:3024
- C:\Windows\System\ELQKcTp.exe
  C:\Windows\System\ELQKcTp.exe
  2⤵
  PID:4144
- C:\Windows\System\NCtMufb.exe
  C:\Windows\System\NCtMufb.exe
  2⤵
  PID:4176
- C:\Windows\System\hJLrYeu.exe
  C:\Windows\System\hJLrYeu.exe
  2⤵
  PID:4220
- C:\Windows\System\AEQggUa.exe
  C:\Windows\System\AEQggUa.exe
  2⤵
  PID:4236
- C:\Windows\System\lVQcfmr.exe
  C:\Windows\System\lVQcfmr.exe
  2⤵
  PID:4296
- C:\Windows\System\TaseaOk.exe
  C:\Windows\System\TaseaOk.exe
  2⤵
  PID:4300
- C:\Windows\System\LSiPZwd.exe
  C:\Windows\System\LSiPZwd.exe
  2⤵
  PID:4368
- C:\Windows\System\ZxcwGPQ.exe
  C:\Windows\System\ZxcwGPQ.exe
  2⤵
  PID:4412
- C:\Windows\System\QYJwuXt.exe
  C:\Windows\System\QYJwuXt.exe
  2⤵
  PID:4400
- C:\Windows\System\fngeraV.exe
  C:\Windows\System\fngeraV.exe
  2⤵
  PID:4460
- C:\Windows\System\kCyNYJx.exe
  C:\Windows\System\kCyNYJx.exe
  2⤵
  PID:4540
- C:\Windows\System\jduZFAK.exe
  C:\Windows\System\jduZFAK.exe
  2⤵
  PID:4616
- C:\Windows\System\TOOMkSS.exe
  C:\Windows\System\TOOMkSS.exe
  2⤵
  PID:4696
- C:\Windows\System\bdDImNB.exe
  C:\Windows\System\bdDImNB.exe
  2⤵
  PID:4384
- C:\Windows\System\RUPEKcL.exe
  C:\Windows\System\RUPEKcL.exe
  2⤵
  PID:4484
- C:\Windows\System\giIFSxA.exe
  C:\Windows\System\giIFSxA.exe
  2⤵
  PID:4556
- C:\Windows\System\MZCDPOr.exe
  C:\Windows\System\MZCDPOr.exe
  2⤵
  PID:4800
- C:\Windows\System\QsySJMg.exe
  C:\Windows\System\QsySJMg.exe
  2⤵
  PID:4864
- C:\Windows\System\bERieZK.exe
  C:\Windows\System\bERieZK.exe
  2⤵
  PID:4884
- C:\Windows\System\bKMxJlL.exe
  C:\Windows\System\bKMxJlL.exe
  2⤵
  PID:4636
- C:\Windows\System\pZqpOlY.exe
  C:\Windows\System\pZqpOlY.exe
  2⤵
  PID:4716
- C:\Windows\System\sacQzJh.exe
  C:\Windows\System\sacQzJh.exe
  2⤵
  PID:4916
- C:\Windows\System\YTrRviJ.exe
  C:\Windows\System\YTrRviJ.exe
  2⤵
  PID:4940
- C:\Windows\System\OjnXmYv.exe
  C:\Windows\System\OjnXmYv.exe
  2⤵
  PID:4820
- C:\Windows\System\gdPEhNI.exe
  C:\Windows\System\gdPEhNI.exe
  2⤵
  PID:4956
- C:\Windows\System\izQyMiX.exe
  C:\Windows\System\izQyMiX.exe
  2⤵
  PID:4984
- C:\Windows\System\jDJOgLI.exe
  C:\Windows\System\jDJOgLI.exe
  2⤵
  PID:4944
- C:\Windows\System\zPtpEMc.exe
  C:\Windows\System\zPtpEMc.exe
  2⤵
  PID:5004
- C:\Windows\System\XZPSDvT.exe
  C:\Windows\System\XZPSDvT.exe
  2⤵
  PID:5056
- C:\Windows\System\WNomRmX.exe
  C:\Windows\System\WNomRmX.exe
  2⤵
  PID:5080
- C:\Windows\System\WxxnVBl.exe
  C:\Windows\System\WxxnVBl.exe
  2⤵
  PID:5116
- C:\Windows\System\dyCvgJE.exe
  C:\Windows\System\dyCvgJE.exe
  2⤵
  PID:2992
- C:\Windows\System\qVHNqtG.exe
  C:\Windows\System\qVHNqtG.exe
  2⤵
  PID:3088
- C:\Windows\System\uvqxJHp.exe
  C:\Windows\System\uvqxJHp.exe
  2⤵
  PID:3232
- C:\Windows\System\yZoBABZ.exe
  C:\Windows\System\yZoBABZ.exe
  2⤵
  PID:3736
- C:\Windows\System\RtdzBll.exe
  C:\Windows\System\RtdzBll.exe
  2⤵
  PID:1856
- C:\Windows\System\UNdhiyv.exe
  C:\Windows\System\UNdhiyv.exe
  2⤵
  PID:4164
- C:\Windows\System\GNBpgks.exe
  C:\Windows\System\GNBpgks.exe
  2⤵
  PID:4200
- C:\Windows\System\QlMAnKV.exe
  C:\Windows\System\QlMAnKV.exe
  2⤵
  PID:4240
- C:\Windows\System\gcWGZJb.exe
  C:\Windows\System\gcWGZJb.exe
  2⤵
  PID:4356
- C:\Windows\System\rxpDQSn.exe
  C:\Windows\System\rxpDQSn.exe
  2⤵
  PID:4336
- C:\Windows\System\HxPGkIg.exe
  C:\Windows\System\HxPGkIg.exe
  2⤵
  PID:4572
- C:\Windows\System\qrHRZCq.exe
  C:\Windows\System\qrHRZCq.exe
  2⤵
  PID:4388
- C:\Windows\System\nQUqRJX.exe
  C:\Windows\System\nQUqRJX.exe
  2⤵
  PID:4392
- C:\Windows\System\HigbqZj.exe
  C:\Windows\System\HigbqZj.exe
  2⤵
  PID:4524
- C:\Windows\System\rIiuAYl.exe
  C:\Windows\System\rIiuAYl.exe
  2⤵
  PID:4652
- C:\Windows\System\qcLJZmc.exe
  C:\Windows\System\qcLJZmc.exe
  2⤵
  PID:4768
- C:\Windows\System\AhQczvQ.exe
  C:\Windows\System\AhQczvQ.exe
  2⤵
  PID:4724
- C:\Windows\System\IOxaOmI.exe
  C:\Windows\System\IOxaOmI.exe
  2⤵
  PID:4596
- C:\Windows\System\WxnYxfT.exe
  C:\Windows\System\WxnYxfT.exe
  2⤵
  PID:4852
- C:\Windows\System\gLrcmNo.exe
  C:\Windows\System\gLrcmNo.exe
  2⤵
  PID:4872
- C:\Windows\System\ZfDspgh.exe
  C:\Windows\System\ZfDspgh.exe
  2⤵
  PID:4684
- C:\Windows\System\YXrrQKu.exe
  C:\Windows\System\YXrrQKu.exe
  2⤵
  PID:5100
- C:\Windows\System\lhsaZIZ.exe
  C:\Windows\System\lhsaZIZ.exe
  2⤵
  PID:3496
- C:\Windows\System\EiDTLiQ.exe
  C:\Windows\System\EiDTLiQ.exe
  2⤵
  PID:3748
- C:\Windows\System\xiWMzBE.exe
  C:\Windows\System\xiWMzBE.exe
  2⤵
  PID:4320
- C:\Windows\System\UHBhQrd.exe
  C:\Windows\System\UHBhQrd.exe
  2⤵
  PID:4520
- C:\Windows\System\NjZXrrN.exe
  C:\Windows\System\NjZXrrN.exe
  2⤵
  PID:4976
- C:\Windows\System\sACTTOS.exe
  C:\Windows\System\sACTTOS.exe
  2⤵
  PID:5040
- C:\Windows\System\COCmdyU.exe
  C:\Windows\System\COCmdyU.exe
  2⤵
  PID:4680
- C:\Windows\System\KqbVjda.exe
  C:\Windows\System\KqbVjda.exe
  2⤵
  PID:3848
- C:\Windows\System\gqredlM.exe
  C:\Windows\System\gqredlM.exe
  2⤵
  PID:3176
- C:\Windows\System\amUQzDK.exe
  C:\Windows\System\amUQzDK.exe
  2⤵
  PID:4276
- C:\Windows\System\mYbLifm.exe
  C:\Windows\System\mYbLifm.exe
  2⤵
  PID:4180
- C:\Windows\System\WYUHFCG.exe
  C:\Windows\System\WYUHFCG.exe
  2⤵
  PID:4740
- C:\Windows\System\KrpgKvD.exe
  C:\Windows\System\KrpgKvD.exe
  2⤵
  PID:5140
- C:\Windows\System\UFYkcwf.exe
  C:\Windows\System\UFYkcwf.exe
  2⤵
  PID:5160
- C:\Windows\System\CEElAeM.exe
  C:\Windows\System\CEElAeM.exe
  2⤵
  PID:5184
- C:\Windows\System\bLkSkRd.exe
  C:\Windows\System\bLkSkRd.exe
  2⤵
  PID:5204
- C:\Windows\System\FHcTZKi.exe
  C:\Windows\System\FHcTZKi.exe
  2⤵
  PID:5224
- C:\Windows\System\MUiNeFs.exe
  C:\Windows\System\MUiNeFs.exe
  2⤵
  PID:5244
- C:\Windows\System\Ailqvom.exe
  C:\Windows\System\Ailqvom.exe
  2⤵
  PID:5264
- C:\Windows\System\fuZkKNu.exe
  C:\Windows\System\fuZkKNu.exe
  2⤵
  PID:5284
- C:\Windows\System\PwUkryz.exe
  C:\Windows\System\PwUkryz.exe
  2⤵
  PID:5300
- C:\Windows\System\WlhIyZu.exe
  C:\Windows\System\WlhIyZu.exe
  2⤵
  PID:5320
- C:\Windows\System\ihDZVsj.exe
  C:\Windows\System\ihDZVsj.exe
  2⤵
  PID:5336
- C:\Windows\System\vjtRuNB.exe
  C:\Windows\System\vjtRuNB.exe
  2⤵
  PID:5352
- C:\Windows\System\wAuSHhD.exe
  C:\Windows\System\wAuSHhD.exe
  2⤵
  PID:5368
- C:\Windows\System\btlEepW.exe
  C:\Windows\System\btlEepW.exe
  2⤵
  PID:5384
- C:\Windows\System\OPhsuNH.exe
  C:\Windows\System\OPhsuNH.exe
  2⤵
  PID:5400
- C:\Windows\System\caeGYmu.exe
  C:\Windows\System\caeGYmu.exe
  2⤵
  PID:5416
- C:\Windows\System\ZhbYsxc.exe
  C:\Windows\System\ZhbYsxc.exe
  2⤵
  PID:5432
- C:\Windows\System\QgzajcK.exe
  C:\Windows\System\QgzajcK.exe
  2⤵
  PID:5448
- C:\Windows\System\QQxpawu.exe
  C:\Windows\System\QQxpawu.exe
  2⤵
  PID:5468
- C:\Windows\System\bkgNVqH.exe
  C:\Windows\System\bkgNVqH.exe
  2⤵
  PID:5500
- C:\Windows\System\fgoeppN.exe
  C:\Windows\System\fgoeppN.exe
  2⤵
  PID:5524
- C:\Windows\System\JKFsCwN.exe
  C:\Windows\System\JKFsCwN.exe
  2⤵
  PID:5564
- C:\Windows\System\wIFahaA.exe
  C:\Windows\System\wIFahaA.exe
  2⤵
  PID:5584
- C:\Windows\System\XyZdEvq.exe
  C:\Windows\System\XyZdEvq.exe
  2⤵
  PID:5600
- C:\Windows\System\LSLnfXW.exe
  C:\Windows\System\LSLnfXW.exe
  2⤵
  PID:5620
- C:\Windows\System\hoixsdV.exe
  C:\Windows\System\hoixsdV.exe
  2⤵
  PID:5636
- C:\Windows\System\wDaSxkK.exe
  C:\Windows\System\wDaSxkK.exe
  2⤵
  PID:5656
- C:\Windows\System\mxXEXCV.exe
  C:\Windows\System\mxXEXCV.exe
  2⤵
  PID:5684
- C:\Windows\System\aqsxrTR.exe
  C:\Windows\System\aqsxrTR.exe
  2⤵
  PID:5704
- C:\Windows\System\kHCNEJB.exe
  C:\Windows\System\kHCNEJB.exe
  2⤵
  PID:5720
- C:\Windows\System\werxAHR.exe
  C:\Windows\System\werxAHR.exe
  2⤵
  PID:5736
- C:\Windows\System\tQtTQkh.exe
  C:\Windows\System\tQtTQkh.exe
  2⤵
  PID:5760
- C:\Windows\System\kyAzhsg.exe
  C:\Windows\System\kyAzhsg.exe
  2⤵
  PID:5776
- C:\Windows\System\AAAFjMj.exe
  C:\Windows\System\AAAFjMj.exe
  2⤵
  PID:5796
- C:\Windows\System\WeBPRtw.exe
  C:\Windows\System\WeBPRtw.exe
  2⤵
  PID:5824
- C:\Windows\System\fPKxVeU.exe
  C:\Windows\System\fPKxVeU.exe
  2⤵
  PID:5844
- C:\Windows\System\EIqmIrp.exe
  C:\Windows\System\EIqmIrp.exe
  2⤵
  PID:5864
- C:\Windows\System\yfmfxob.exe
  C:\Windows\System\yfmfxob.exe
  2⤵
  PID:5884
- C:\Windows\System\LubAINR.exe
  C:\Windows\System\LubAINR.exe
  2⤵
  PID:5904
- C:\Windows\System\ErgiXlU.exe
  C:\Windows\System\ErgiXlU.exe
  2⤵
  PID:5920
- C:\Windows\System\zULvshW.exe
  C:\Windows\System\zULvshW.exe
  2⤵
  PID:5936
- C:\Windows\System\EkYBANJ.exe
  C:\Windows\System\EkYBANJ.exe
  2⤵
  PID:5952
- C:\Windows\System\nrOzfsy.exe
  C:\Windows\System\nrOzfsy.exe
  2⤵
  PID:5976
- C:\Windows\System\ngrABzL.exe
  C:\Windows\System\ngrABzL.exe
  2⤵
  PID:5996
- C:\Windows\System\PEFyFpf.exe
  C:\Windows\System\PEFyFpf.exe
  2⤵
  PID:6016
- C:\Windows\System\relhtSo.exe
  C:\Windows\System\relhtSo.exe
  2⤵
  PID:6036
- C:\Windows\System\TpXlKbm.exe
  C:\Windows\System\TpXlKbm.exe
  2⤵
  PID:6060
- C:\Windows\System\MaCVkdh.exe
  C:\Windows\System\MaCVkdh.exe
  2⤵
  PID:6076
- C:\Windows\System\Iennily.exe
  C:\Windows\System\Iennily.exe
  2⤵
  PID:6096
- C:\Windows\System\owsnSKw.exe
  C:\Windows\System\owsnSKw.exe
  2⤵
  PID:6116
- C:\Windows\System\AAnTqxI.exe
  C:\Windows\System\AAnTqxI.exe
  2⤵
  PID:6140
- C:\Windows\System\oRutayM.exe
  C:\Windows\System\oRutayM.exe
  2⤵
  PID:5064
- C:\Windows\System\kktdpwY.exe
  C:\Windows\System\kktdpwY.exe
  2⤵
  PID:4464
- C:\Windows\System\PgLEQJf.exe
  C:\Windows\System\PgLEQJf.exe
  2⤵
  PID:4880
- C:\Windows\System\iMMrTxf.exe
  C:\Windows\System\iMMrTxf.exe
  2⤵
  PID:4660
- C:\Windows\System\SzOkKmQ.exe
  C:\Windows\System\SzOkKmQ.exe
  2⤵
  PID:4752
- C:\Windows\System\isNvbHF.exe
  C:\Windows\System\isNvbHF.exe
  2⤵
  PID:4012
- C:\Windows\System\GvQzUYB.exe
  C:\Windows\System\GvQzUYB.exe
  2⤵
  PID:3356
- C:\Windows\System\zAkwHul.exe
  C:\Windows\System\zAkwHul.exe
  2⤵
  PID:5128
- C:\Windows\System\ZHTKfmC.exe
  C:\Windows\System\ZHTKfmC.exe
  2⤵
  PID:5180
- C:\Windows\System\qPmUbcd.exe
  C:\Windows\System\qPmUbcd.exe
  2⤵
  PID:5252
- C:\Windows\System\cuZTuNf.exe
  C:\Windows\System\cuZTuNf.exe
  2⤵
  PID:5036
- C:\Windows\System\rLaLdiS.exe
  C:\Windows\System\rLaLdiS.exe
  2⤵
  PID:4284
- C:\Windows\System\ueKFNUr.exe
  C:\Windows\System\ueKFNUr.exe
  2⤵
  PID:5360
- C:\Windows\System\eiUbYss.exe
  C:\Windows\System\eiUbYss.exe
  2⤵
  PID:5428
- C:\Windows\System\RFkvPds.exe
  C:\Windows\System\RFkvPds.exe
  2⤵
  PID:5148
- C:\Windows\System\dFrtrGU.exe
  C:\Windows\System\dFrtrGU.exe
  2⤵
  PID:5240
- C:\Windows\System\AVIcqxV.exe
  C:\Windows\System\AVIcqxV.exe
  2⤵
  PID:2508
- C:\Windows\System\DlPSWAc.exe
  C:\Windows\System\DlPSWAc.exe
  2⤵
  PID:5316
- C:\Windows\System\QKrlDze.exe
  C:\Windows\System\QKrlDze.exe
  2⤵
  PID:5440
- C:\Windows\System\SSHcSqG.exe
  C:\Windows\System\SSHcSqG.exe
  2⤵
  PID:5488
- C:\Windows\System\rIGmduc.exe
  C:\Windows\System\rIGmduc.exe
  2⤵
  PID:5380
- C:\Windows\System\Toctgaf.exe
  C:\Windows\System\Toctgaf.exe
  2⤵
  PID:5344
- C:\Windows\System\lgnFTju.exe
  C:\Windows\System\lgnFTju.exe
  2⤵
  PID:5548
- C:\Windows\System\jhavleQ.exe
  C:\Windows\System\jhavleQ.exe
  2⤵
  PID:5580
- C:\Windows\System\ntoFNZV.exe
  C:\Windows\System\ntoFNZV.exe
  2⤵
  PID:5612
- C:\Windows\System\SkjsTHt.exe
  C:\Windows\System\SkjsTHt.exe
  2⤵
  PID:5652
- C:\Windows\System\UULfvDO.exe
  C:\Windows\System\UULfvDO.exe
  2⤵
  PID:5672
- C:\Windows\System\rTGzbNo.exe
  C:\Windows\System\rTGzbNo.exe
  2⤵
  PID:5696
- C:\Windows\System\RYUKbMB.exe
  C:\Windows\System\RYUKbMB.exe
  2⤵
  PID:5804
- C:\Windows\System\cYNBwny.exe
  C:\Windows\System\cYNBwny.exe
  2⤵
  PID:5820
- C:\Windows\System\rBTHfXH.exe
  C:\Windows\System\rBTHfXH.exe
  2⤵
  PID:5856
- C:\Windows\System\pNkCeyA.exe
  C:\Windows\System\pNkCeyA.exe
  2⤵
  PID:5788
- C:\Windows\System\siKhBPE.exe
  C:\Windows\System\siKhBPE.exe
  2⤵
  PID:5900
- C:\Windows\System\YaniesN.exe
  C:\Windows\System\YaniesN.exe
  2⤵
  PID:5964
- C:\Windows\System\lAgDRbv.exe
  C:\Windows\System\lAgDRbv.exe
  2⤵
  PID:5880
- C:\Windows\System\RXAxZDU.exe
  C:\Windows\System\RXAxZDU.exe
  2⤵
  PID:6044
- C:\Windows\System\gHlDift.exe
  C:\Windows\System\gHlDift.exe
  2⤵
  PID:5948
- C:\Windows\System\DsOPzab.exe
  C:\Windows\System\DsOPzab.exe
  2⤵
  PID:6088
- C:\Windows\System\rmdRzeO.exe
  C:\Windows\System\rmdRzeO.exe
  2⤵
  PID:6028
- C:\Windows\System\qswZZrB.exe
  C:\Windows\System\qswZZrB.exe
  2⤵
  PID:6132
- C:\Windows\System\hMcFfZJ.exe
  C:\Windows\System\hMcFfZJ.exe
  2⤵
  PID:6068
- C:\Windows\System\KKuPYLG.exe
  C:\Windows\System\KKuPYLG.exe
  2⤵
  PID:4592
- C:\Windows\System\SovoBxg.exe
  C:\Windows\System\SovoBxg.exe
  2⤵
  PID:4964
- C:\Windows\System\bhEAZes.exe
  C:\Windows\System\bhEAZes.exe
  2⤵
  PID:4516
- C:\Windows\System\WZcmWGF.exe
  C:\Windows\System\WZcmWGF.exe
  2⤵
  PID:1200
- C:\Windows\System\GEicdpY.exe
  C:\Windows\System\GEicdpY.exe
  2⤵
  PID:5260
- C:\Windows\System\PhnKyKc.exe
  C:\Windows\System\PhnKyKc.exe
  2⤵
  PID:4028
- C:\Windows\System\UPahQGH.exe
  C:\Windows\System\UPahQGH.exe
  2⤵
  PID:5232
- C:\Windows\System\qAYhiSY.exe
  C:\Windows\System\qAYhiSY.exe
  2⤵
  PID:5280
- C:\Windows\System\HdeBPUh.exe
  C:\Windows\System\HdeBPUh.exe
  2⤵
  PID:5484
- C:\Windows\System\oocJNCI.exe
  C:\Windows\System\oocJNCI.exe
  2⤵
  PID:5376
- C:\Windows\System\xHBCDwa.exe
  C:\Windows\System\xHBCDwa.exe
  2⤵
  PID:5572
- C:\Windows\System\SlcSWfR.exe
  C:\Windows\System\SlcSWfR.exe
  2⤵
  PID:5152
- C:\Windows\System\CdkcRsj.exe
  C:\Windows\System\CdkcRsj.exe
  2⤵
  PID:5700
- C:\Windows\System\wqWPfPL.exe
  C:\Windows\System\wqWPfPL.exe
  2⤵
  PID:5460
- C:\Windows\System\dluBxqV.exe
  C:\Windows\System\dluBxqV.exe
  2⤵
  PID:5312
- C:\Windows\System\isSEIVN.exe
  C:\Windows\System\isSEIVN.exe
  2⤵
  PID:5536
- C:\Windows\System\HYlQFZt.exe
  C:\Windows\System\HYlQFZt.exe
  2⤵
  PID:5716
- C:\Windows\System\ouTgjCS.exe
  C:\Windows\System\ouTgjCS.exe
  2⤵
  PID:5772
- C:\Windows\System\psqqlHh.exe
  C:\Windows\System\psqqlHh.exe
  2⤵
  PID:5628
- C:\Windows\System\GihWtrr.exe
  C:\Windows\System\GihWtrr.exe
  2⤵
  PID:5960
- C:\Windows\System\pRrnhHg.exe
  C:\Windows\System\pRrnhHg.exe
  2⤵
  PID:5972
- C:\Windows\System\xpwDhah.exe
  C:\Windows\System\xpwDhah.exe
  2⤵
  PID:5876
- C:\Windows\System\UnJfJMe.exe
  C:\Windows\System\UnJfJMe.exe
  2⤵
  PID:6056
- C:\Windows\System\jbyupvE.exe
  C:\Windows\System\jbyupvE.exe
  2⤵
  PID:6136
- C:\Windows\System\BlddUWW.exe
  C:\Windows\System\BlddUWW.exe
  2⤵
  PID:2396
- C:\Windows\System\AxzVuIg.exe
  C:\Windows\System\AxzVuIg.exe
  2⤵
  PID:4444
- C:\Windows\System\bxnObhn.exe
  C:\Windows\System\bxnObhn.exe
  2⤵
  PID:4736
- C:\Windows\System\sVBpbAG.exe
  C:\Windows\System\sVBpbAG.exe
  2⤵
  PID:4900
- C:\Windows\System\qbgbrYk.exe
  C:\Windows\System\qbgbrYk.exe
  2⤵
  PID:5200
- C:\Windows\System\VjoggIo.exe
  C:\Windows\System\VjoggIo.exe
  2⤵
  PID:5508
- C:\Windows\System\hDjPREe.exe
  C:\Windows\System\hDjPREe.exe
  2⤵
  PID:5256
- C:\Windows\System\ejMXwof.exe
  C:\Windows\System\ejMXwof.exe
  2⤵
  PID:5644
- C:\Windows\System\dQfcPNq.exe
  C:\Windows\System\dQfcPNq.exe
  2⤵
  PID:5648
- C:\Windows\System\BceJTMz.exe
  C:\Windows\System\BceJTMz.exe
  2⤵
  PID:6164
- C:\Windows\System\YwaLwJc.exe
  C:\Windows\System\YwaLwJc.exe
  2⤵
  PID:6184
- C:\Windows\System\zsbtQpJ.exe
  C:\Windows\System\zsbtQpJ.exe
  2⤵
  PID:6204
- C:\Windows\System\oXIiTOo.exe
  C:\Windows\System\oXIiTOo.exe
  2⤵
  PID:6224
- C:\Windows\System\bVqTBQS.exe
  C:\Windows\System\bVqTBQS.exe
  2⤵
  PID:6244
- C:\Windows\System\tePJylz.exe
  C:\Windows\System\tePJylz.exe
  2⤵
  PID:6264
- C:\Windows\System\hsgZFVA.exe
  C:\Windows\System\hsgZFVA.exe
  2⤵
  PID:6284
- C:\Windows\System\zvQabMH.exe
  C:\Windows\System\zvQabMH.exe
  2⤵
  PID:6304
- C:\Windows\System\nhTCtpS.exe
  C:\Windows\System\nhTCtpS.exe
  2⤵
  PID:6324
- C:\Windows\System\QAhdrUP.exe
  C:\Windows\System\QAhdrUP.exe
  2⤵
  PID:6344
- C:\Windows\System\TeBVndp.exe
  C:\Windows\System\TeBVndp.exe
  2⤵
  PID:6364
- C:\Windows\System\GDtmFbs.exe
  C:\Windows\System\GDtmFbs.exe
  2⤵
  PID:6384
- C:\Windows\System\OguzXkD.exe
  C:\Windows\System\OguzXkD.exe
  2⤵
  PID:6404
- C:\Windows\System\ZLzaFUJ.exe
  C:\Windows\System\ZLzaFUJ.exe
  2⤵
  PID:6424
- C:\Windows\System\pPXYKVE.exe
  C:\Windows\System\pPXYKVE.exe
  2⤵
  PID:6444
- C:\Windows\System\qUqxajz.exe
  C:\Windows\System\qUqxajz.exe
  2⤵
  PID:6464
- C:\Windows\System\QmBrdKx.exe
  C:\Windows\System\QmBrdKx.exe
  2⤵
  PID:6484
- C:\Windows\System\fxcdBpj.exe
  C:\Windows\System\fxcdBpj.exe
  2⤵
  PID:6504
- C:\Windows\System\vHIHWKN.exe
  C:\Windows\System\vHIHWKN.exe
  2⤵
  PID:6524
- C:\Windows\System\TDTHpqC.exe
  C:\Windows\System\TDTHpqC.exe
  2⤵
  PID:6544
- C:\Windows\System\TjtSVET.exe
  C:\Windows\System\TjtSVET.exe
  2⤵
  PID:6564
- C:\Windows\System\EcdVhDC.exe
  C:\Windows\System\EcdVhDC.exe
  2⤵
  PID:6584
- C:\Windows\System\kDoUGIf.exe
  C:\Windows\System\kDoUGIf.exe
  2⤵
  PID:6604
- C:\Windows\System\RRnPzBm.exe
  C:\Windows\System\RRnPzBm.exe
  2⤵
  PID:6624
- C:\Windows\System\AQyFKDb.exe
  C:\Windows\System\AQyFKDb.exe
  2⤵
  PID:6644
- C:\Windows\System\GdSXuWZ.exe
  C:\Windows\System\GdSXuWZ.exe
  2⤵
  PID:6664
- C:\Windows\System\lJfCKKL.exe
  C:\Windows\System\lJfCKKL.exe
  2⤵
  PID:6684
- C:\Windows\System\iEyrcde.exe
  C:\Windows\System\iEyrcde.exe
  2⤵
  PID:6704
- C:\Windows\System\HEqbpCP.exe
  C:\Windows\System\HEqbpCP.exe
  2⤵
  PID:6724
- C:\Windows\System\phJSMRk.exe
  C:\Windows\System\phJSMRk.exe
  2⤵
  PID:6748
- C:\Windows\System\ihgJleE.exe
  C:\Windows\System\ihgJleE.exe
  2⤵
  PID:6768
- C:\Windows\System\kwCBQVL.exe
  C:\Windows\System\kwCBQVL.exe
  2⤵
  PID:6788
- C:\Windows\System\SLgumyI.exe
  C:\Windows\System\SLgumyI.exe
  2⤵
  PID:6808
- C:\Windows\System\tWCKniy.exe
  C:\Windows\System\tWCKniy.exe
  2⤵
  PID:6828
- C:\Windows\System\DtKvmWk.exe
  C:\Windows\System\DtKvmWk.exe
  2⤵
  PID:6848
- C:\Windows\System\qJMdPDH.exe
  C:\Windows\System\qJMdPDH.exe
  2⤵
  PID:6868
- C:\Windows\System\fKISgHW.exe
  C:\Windows\System\fKISgHW.exe
  2⤵
  PID:6888
- C:\Windows\System\XUCRmDX.exe
  C:\Windows\System\XUCRmDX.exe
  2⤵
  PID:6908
- C:\Windows\System\AniEQKx.exe
  C:\Windows\System\AniEQKx.exe
  2⤵
  PID:6928
- C:\Windows\System\cRYmRsu.exe
  C:\Windows\System\cRYmRsu.exe
  2⤵
  PID:6948
- C:\Windows\System\Zjnzadj.exe
  C:\Windows\System\Zjnzadj.exe
  2⤵
  PID:6968
- C:\Windows\System\KeqLgpd.exe
  C:\Windows\System\KeqLgpd.exe
  2⤵
  PID:6988
- C:\Windows\System\KcisrEj.exe
  C:\Windows\System\KcisrEj.exe
  2⤵
  PID:7008
- C:\Windows\System\tRwxwHa.exe
  C:\Windows\System\tRwxwHa.exe
  2⤵
  PID:7028
- C:\Windows\System\VAbelrW.exe
  C:\Windows\System\VAbelrW.exe
  2⤵
  PID:7048
- C:\Windows\System\rRcVNXg.exe
  C:\Windows\System\rRcVNXg.exe
  2⤵
  PID:7068
- C:\Windows\System\IiGHZfl.exe
  C:\Windows\System\IiGHZfl.exe
  2⤵
  PID:7088
- C:\Windows\System\dtvvfXA.exe
  C:\Windows\System\dtvvfXA.exe
  2⤵
  PID:7108
- C:\Windows\System\DBtXdDN.exe
  C:\Windows\System\DBtXdDN.exe
  2⤵
  PID:7128
- C:\Windows\System\nmmGCEf.exe
  C:\Windows\System\nmmGCEf.exe
  2⤵
  PID:7148
- C:\Windows\System\ZDaZKsM.exe
  C:\Windows\System\ZDaZKsM.exe
  2⤵
  PID:5520
- C:\Windows\System\KmOtRGn.exe
  C:\Windows\System\KmOtRGn.exe
  2⤵
  PID:5516
- C:\Windows\System\IzRtIwe.exe
  C:\Windows\System\IzRtIwe.exe
  2⤵
  PID:5596
- C:\Windows\System\dJZVQeQ.exe
  C:\Windows\System\dJZVQeQ.exe
  2⤵
  PID:5892
- C:\Windows\System\xajbVxK.exe
  C:\Windows\System\xajbVxK.exe
  2⤵
  PID:1824
- C:\Windows\System\bSGbSqR.exe
  C:\Windows\System\bSGbSqR.exe
  2⤵
  PID:5732
- C:\Windows\System\pNkdVAc.exe
  C:\Windows\System\pNkdVAc.exe
  2⤵
  PID:6008
- C:\Windows\System\qMqwduW.exe
  C:\Windows\System\qMqwduW.exe
  2⤵
  PID:5840
- C:\Windows\System\YTezbIt.exe
  C:\Windows\System\YTezbIt.exe
  2⤵
  PID:6092
- C:\Windows\System\VkcHNlU.exe
  C:\Windows\System\VkcHNlU.exe
  2⤵
  PID:6128
- C:\Windows\System\RfyuUjC.exe
  C:\Windows\System\RfyuUjC.exe
  2⤵
  PID:5988
- C:\Windows\System\xnJdJmD.exe
  C:\Windows\System\xnJdJmD.exe
  2⤵
  PID:3872
- C:\Windows\System\ApYjSPH.exe
  C:\Windows\System\ApYjSPH.exe
  2⤵
  PID:1936
- C:\Windows\System\xyWabkY.exe
  C:\Windows\System\xyWabkY.exe
  2⤵
  PID:4784
- C:\Windows\System\ZlrbVLA.exe
  C:\Windows\System\ZlrbVLA.exe
  2⤵
  PID:5196
- C:\Windows\System\XhtztFt.exe
  C:\Windows\System\XhtztFt.exe
  2⤵
  PID:3952
- C:\Windows\System\WHdLCIC.exe
  C:\Windows\System\WHdLCIC.exe
  2⤵
  PID:5692
- C:\Windows\System\bfEprYS.exe
  C:\Windows\System\bfEprYS.exe
  2⤵
  PID:6160
- C:\Windows\System\FyBVOGM.exe
  C:\Windows\System\FyBVOGM.exe
  2⤵
  PID:6200
- C:\Windows\System\vsmPwnu.exe
  C:\Windows\System\vsmPwnu.exe
  2⤵
  PID:6252
- C:\Windows\System\VroqdeY.exe
  C:\Windows\System\VroqdeY.exe
  2⤵
  PID:6272
- C:\Windows\System\BbzzjQu.exe
  C:\Windows\System\BbzzjQu.exe
  2⤵
  PID:6312
- C:\Windows\System\aYESMVA.exe
  C:\Windows\System\aYESMVA.exe
  2⤵
  PID:6352
- C:\Windows\System\wVumAXU.exe
  C:\Windows\System\wVumAXU.exe
  2⤵
  PID:6356
- C:\Windows\System\GCrpYLb.exe
  C:\Windows\System\GCrpYLb.exe
  2⤵
  PID:6420
- C:\Windows\System\zclyMFY.exe
  C:\Windows\System\zclyMFY.exe
  2⤵
  PID:6436
- C:\Windows\System\nlcrrYg.exe
  C:\Windows\System\nlcrrYg.exe
  2⤵
  PID:6480
- C:\Windows\System\roqPzzC.exe
  C:\Windows\System\roqPzzC.exe
  2⤵
  PID:6496
- C:\Windows\System\jXGoDCt.exe
  C:\Windows\System\jXGoDCt.exe
  2⤵
  PID:6540
- C:\Windows\System\mVknVHy.exe
  C:\Windows\System\mVknVHy.exe
  2⤵
  PID:6700
- C:\Windows\System\bmvBEyG.exe
  C:\Windows\System\bmvBEyG.exe
  2⤵
  PID:6720
- C:\Windows\System\CuRLQSk.exe
  C:\Windows\System\CuRLQSk.exe
  2⤵
  PID:6780
- C:\Windows\System\bSCysaw.exe
  C:\Windows\System\bSCysaw.exe
  2⤵
  PID:6804
- C:\Windows\System\FjlDTVl.exe
  C:\Windows\System\FjlDTVl.exe
  2⤵
  PID:6836
- C:\Windows\System\oKerPLg.exe
  C:\Windows\System\oKerPLg.exe
  2⤵
  PID:6860
- C:\Windows\System\oHYSzGU.exe
  C:\Windows\System\oHYSzGU.exe
  2⤵
  PID:6884
- C:\Windows\System\kCKbdek.exe
  C:\Windows\System\kCKbdek.exe
  2⤵
  PID:6936
- C:\Windows\System\nQxCyNn.exe
  C:\Windows\System\nQxCyNn.exe
  2⤵
  PID:6940
- C:\Windows\System\OrRPrTK.exe
  C:\Windows\System\OrRPrTK.exe
  2⤵
  PID:6980
- C:\Windows\System\hyRddll.exe
  C:\Windows\System\hyRddll.exe
  2⤵
  PID:7024
- C:\Windows\System\vbfXyYa.exe
  C:\Windows\System\vbfXyYa.exe
  2⤵
  PID:7040
- C:\Windows\System\ZzKiuck.exe
  C:\Windows\System\ZzKiuck.exe
  2⤵
  PID:7080
- C:\Windows\System\wOxyikj.exe
  C:\Windows\System\wOxyikj.exe
  2⤵
  PID:7140
- C:\Windows\System\FPksOGD.exe
  C:\Windows\System\FPksOGD.exe
  2⤵
  PID:7156
- C:\Windows\System\zosRQnU.exe
  C:\Windows\System\zosRQnU.exe
  2⤵
  PID:7160
- C:\Windows\System\bGsybaJ.exe
  C:\Windows\System\bGsybaJ.exe
  2⤵
  PID:2856
- C:\Windows\System\KFiLtsf.exe
  C:\Windows\System\KFiLtsf.exe
  2⤵
  PID:2880
- C:\Windows\System\WBfcHCi.exe
  C:\Windows\System\WBfcHCi.exe
  2⤵
  PID:5744
- C:\Windows\System\aehCiIb.exe
  C:\Windows\System\aehCiIb.exe
  2⤵
  PID:5768
- C:\Windows\System\KFqyxBQ.exe
  C:\Windows\System\KFqyxBQ.exe
  2⤵
  PID:6048
- C:\Windows\System\pbrrMWX.exe
  C:\Windows\System\pbrrMWX.exe
  2⤵
  PID:2116
- C:\Windows\System\rHwenSy.exe
  C:\Windows\System\rHwenSy.exe
  2⤵
  PID:2928
- C:\Windows\System\ixJXGEt.exe
  C:\Windows\System\ixJXGEt.exe
  2⤵
  PID:2088
- C:\Windows\System\qXwUjLy.exe
  C:\Windows\System\qXwUjLy.exe
  2⤵
  PID:2884
- C:\Windows\System\lUhFgos.exe
  C:\Windows\System\lUhFgos.exe
  2⤵
  PID:6112
- C:\Windows\System\eposyOe.exe
  C:\Windows\System\eposyOe.exe
  2⤵
  PID:5176
- C:\Windows\System\SYnUoft.exe
  C:\Windows\System\SYnUoft.exe
  2⤵
  PID:6156
- C:\Windows\System\qcpVbnH.exe
  C:\Windows\System\qcpVbnH.exe
  2⤵
  PID:5220
- C:\Windows\System\UzqPauF.exe
  C:\Windows\System\UzqPauF.exe
  2⤵
  PID:5332
- C:\Windows\System\GFJTdGf.exe
  C:\Windows\System\GFJTdGf.exe
  2⤵
  PID:6240
- C:\Windows\System\ikxOUer.exe
  C:\Windows\System\ikxOUer.exe
  2⤵
  PID:6276
- C:\Windows\System\gKEwBLW.exe
  C:\Windows\System\gKEwBLW.exe
  2⤵
  PID:6212
- C:\Windows\System\SzwGddw.exe
  C:\Windows\System\SzwGddw.exe
  2⤵
  PID:6380
- C:\Windows\System\AKRRzFM.exe
  C:\Windows\System\AKRRzFM.exe
  2⤵
  PID:6220
- C:\Windows\System\NMdxhHV.exe
  C:\Windows\System\NMdxhHV.exe
  2⤵
  PID:6472
- C:\Windows\System\ROaIeSh.exe
  C:\Windows\System\ROaIeSh.exe
  2⤵
  PID:6336
- C:\Windows\System\fScQNNm.exe
  C:\Windows\System\fScQNNm.exe
  2⤵
  PID:6456
- C:\Windows\System\kdjIWnX.exe
  C:\Windows\System\kdjIWnX.exe
  2⤵
  PID:6520
- C:\Windows\System\KhTYyYu.exe
  C:\Windows\System\KhTYyYu.exe
  2⤵
  PID:6776
- C:\Windows\System\eTiTHpU.exe
  C:\Windows\System\eTiTHpU.exe
  2⤵
  PID:6824
- C:\Windows\System\kDAgRld.exe
  C:\Windows\System\kDAgRld.exe
  2⤵
  PID:2368
- C:\Windows\System\dutisLq.exe
  C:\Windows\System\dutisLq.exe
  2⤵
  PID:6996
- C:\Windows\System\JyNTjHL.exe
  C:\Windows\System\JyNTjHL.exe
  2⤵
  PID:6676
- C:\Windows\System\TUUywHb.exe
  C:\Windows\System\TUUywHb.exe
  2⤵
  PID:6816
- C:\Windows\System\vsHLDcS.exe
  C:\Windows\System\vsHLDcS.exe
  2⤵
  PID:6844
- C:\Windows\System\mnhIZNV.exe
  C:\Windows\System\mnhIZNV.exe
  2⤵
  PID:7076
- C:\Windows\System\oilbuuI.exe
  C:\Windows\System\oilbuuI.exe
  2⤵
  PID:5540
- C:\Windows\System\jRDtmHp.exe
  C:\Windows\System\jRDtmHp.exe
  2⤵
  PID:2012
- C:\Windows\System\ZQAkhjQ.exe
  C:\Windows\System\ZQAkhjQ.exe
  2⤵
  PID:2612
- C:\Windows\System\doxfvGY.exe
  C:\Windows\System\doxfvGY.exe
  2⤵
  PID:7116
- C:\Windows\System\dbOrXqs.exe
  C:\Windows\System\dbOrXqs.exe
  2⤵
  PID:7120
- C:\Windows\System\IGYMFDO.exe
  C:\Windows\System\IGYMFDO.exe
  2⤵
  PID:5816
- C:\Windows\System\FUDxqTV.exe
  C:\Windows\System\FUDxqTV.exe
  2⤵
  PID:1256
- C:\Windows\System\WDTDofq.exe
  C:\Windows\System\WDTDofq.exe
  2⤵
  PID:6172
- C:\Windows\System\gYMbvEP.exe
  C:\Windows\System\gYMbvEP.exe
  2⤵
  PID:1884
- C:\Windows\System\TqUemaM.exe
  C:\Windows\System\TqUemaM.exe
  2⤵
  PID:5060
- C:\Windows\System\XVgpBsE.exe
  C:\Windows\System\XVgpBsE.exe
  2⤵
  PID:1556
- C:\Windows\System\YdMTuqy.exe
  C:\Windows\System\YdMTuqy.exe
  2⤵
  PID:5668
- C:\Windows\System\FOXoQrM.exe
  C:\Windows\System\FOXoQrM.exe
  2⤵
  PID:2692
- C:\Windows\System\YQWapLv.exe
  C:\Windows\System\YQWapLv.exe
  2⤵
  PID:7056
- C:\Windows\System\yOwNJuV.exe
  C:\Windows\System\yOwNJuV.exe
  2⤵
  PID:6108
- C:\Windows\System\obUlcOH.exe
  C:\Windows\System\obUlcOH.exe
  2⤵
  PID:5784
- C:\Windows\System\YBqTyrl.exe
  C:\Windows\System\YBqTyrl.exe
  2⤵
  PID:2312
- C:\Windows\System\kXbmGRA.exe
  C:\Windows\System\kXbmGRA.exe
  2⤵
  PID:1816
- C:\Windows\System\lBuwhuJ.exe
  C:\Windows\System\lBuwhuJ.exe
  2⤵
  PID:6152
- C:\Windows\System\cyvIwoL.exe
  C:\Windows\System\cyvIwoL.exe
  2⤵
  PID:6316
- C:\Windows\System\fiuHVBw.exe
  C:\Windows\System\fiuHVBw.exe
  2⤵
  PID:6376
- C:\Windows\System\eTLUDRi.exe
  C:\Windows\System\eTLUDRi.exe
  2⤵
  PID:6260
- C:\Windows\System\yZYpNaZ.exe
  C:\Windows\System\yZYpNaZ.exe
  2⤵
  PID:6396
- C:\Windows\System\tbyUJwX.exe
  C:\Windows\System\tbyUJwX.exe
  2⤵
  PID:6556
- C:\Windows\System\WnUeYtT.exe
  C:\Windows\System\WnUeYtT.exe
  2⤵
  PID:2952
- C:\Windows\System\vwSvtAL.exe
  C:\Windows\System\vwSvtAL.exe
  2⤵
  PID:2976
- C:\Windows\System\LhfhyMf.exe
  C:\Windows\System\LhfhyMf.exe
  2⤵
  PID:2676
- C:\Windows\System\HJQrksG.exe
  C:\Windows\System\HJQrksG.exe
  2⤵
  PID:1044
- C:\Windows\System\jLlqhIZ.exe
  C:\Windows\System\jLlqhIZ.exe
  2⤵
  PID:2096
- C:\Windows\System\qpFpKBc.exe
  C:\Windows\System\qpFpKBc.exe
  2⤵
  PID:5872
- C:\Windows\System\qSTPqRR.exe
  C:\Windows\System\qSTPqRR.exe
  2⤵
  PID:1484
- C:\Windows\System\bixAflD.exe
  C:\Windows\System\bixAflD.exe
  2⤵
  PID:6452
- C:\Windows\System\yvBFMMD.exe
  C:\Windows\System\yvBFMMD.exe
  2⤵
  PID:2904
- C:\Windows\System\qJIsKeK.exe
  C:\Windows\System\qJIsKeK.exe
  2⤵
  PID:6372
- C:\Windows\System\xqzNJeT.exe
  C:\Windows\System\xqzNJeT.exe
  2⤵
  PID:6924
- C:\Windows\System\yQhlDvH.exe
  C:\Windows\System\yQhlDvH.exe
  2⤵
  PID:7004
- C:\Windows\System\uknCheb.exe
  C:\Windows\System\uknCheb.exe
  2⤵
  PID:6900
- C:\Windows\System\prMelcH.exe
  C:\Windows\System\prMelcH.exe
  2⤵
  PID:2352
- C:\Windows\System\bZcRMAl.exe
  C:\Windows\System\bZcRMAl.exe
  2⤵
  PID:6916
- C:\Windows\System\sdgkDvt.exe
  C:\Windows\System\sdgkDvt.exe
  2⤵
  PID:7188
- C:\Windows\System\edreSyO.exe
  C:\Windows\System\edreSyO.exe
  2⤵
  PID:7204
- C:\Windows\System\sliBncT.exe
  C:\Windows\System\sliBncT.exe
  2⤵
  PID:7220
- C:\Windows\System\AMgnLET.exe
  C:\Windows\System\AMgnLET.exe
  2⤵
  PID:7236
- C:\Windows\System\llOYNYe.exe
  C:\Windows\System\llOYNYe.exe
  2⤵
  PID:7252
- C:\Windows\System\wYWFUBi.exe
  C:\Windows\System\wYWFUBi.exe
  2⤵
  PID:7268
- C:\Windows\System\yhupoHW.exe
  C:\Windows\System\yhupoHW.exe
  2⤵
  PID:7284
- C:\Windows\System\bOTlSzQ.exe
  C:\Windows\System\bOTlSzQ.exe
  2⤵
  PID:7300
- C:\Windows\System\fKPCkvO.exe
  C:\Windows\System\fKPCkvO.exe
  2⤵
  PID:7316
- C:\Windows\System\qYJhvGD.exe
  C:\Windows\System\qYJhvGD.exe
  2⤵
  PID:7332
- C:\Windows\System\JoGqaLJ.exe
  C:\Windows\System\JoGqaLJ.exe
  2⤵
  PID:7348
- C:\Windows\System\crqYqoM.exe
  C:\Windows\System\crqYqoM.exe
  2⤵
  PID:7364
- C:\Windows\System\otBQaji.exe
  C:\Windows\System\otBQaji.exe
  2⤵
  PID:7380
- C:\Windows\System\GWmaYJD.exe
  C:\Windows\System\GWmaYJD.exe
  2⤵
  PID:7396
- C:\Windows\System\MNrycac.exe
  C:\Windows\System\MNrycac.exe
  2⤵
  PID:7412
- C:\Windows\System\UVqhOpX.exe
  C:\Windows\System\UVqhOpX.exe
  2⤵
  PID:7428
- C:\Windows\System\PpsWrip.exe
  C:\Windows\System\PpsWrip.exe
  2⤵
  PID:7448
- C:\Windows\System\maLhcHg.exe
  C:\Windows\System\maLhcHg.exe
  2⤵
  PID:7468
- C:\Windows\System\mODtTPS.exe
  C:\Windows\System\mODtTPS.exe
  2⤵
  PID:7568
- C:\Windows\System\vctcnih.exe
  C:\Windows\System\vctcnih.exe
  2⤵
  PID:7584
- C:\Windows\System\bCMjNxV.exe
  C:\Windows\System\bCMjNxV.exe
  2⤵
  PID:7600
- C:\Windows\System\LpCRSom.exe
  C:\Windows\System\LpCRSom.exe
  2⤵
  PID:7616
- C:\Windows\System\EDnhAOP.exe
  C:\Windows\System\EDnhAOP.exe
  2⤵
  PID:7672
- C:\Windows\System\RWFRMZt.exe
  C:\Windows\System\RWFRMZt.exe
  2⤵
  PID:7688
- C:\Windows\System\corQDkO.exe
  C:\Windows\System\corQDkO.exe
  2⤵
  PID:7708
- C:\Windows\System\LOBPuiY.exe
  C:\Windows\System\LOBPuiY.exe
  2⤵
  PID:7724
- C:\Windows\System\JEmubAH.exe
  C:\Windows\System\JEmubAH.exe
  2⤵
  PID:7740
- C:\Windows\System\zKCRpIt.exe
  C:\Windows\System\zKCRpIt.exe
  2⤵
  PID:7756
- C:\Windows\System\XlNamPY.exe
  C:\Windows\System\XlNamPY.exe
  2⤵
  PID:7796
- C:\Windows\System\xHFEPfJ.exe
  C:\Windows\System\xHFEPfJ.exe
  2⤵
  PID:7812
- C:\Windows\System\wAAiDyo.exe
  C:\Windows\System\wAAiDyo.exe
  2⤵
  PID:7868
- C:\Windows\System\WfvHOqr.exe
  C:\Windows\System\WfvHOqr.exe
  2⤵
  PID:7888
- C:\Windows\System\VSCFcaR.exe
  C:\Windows\System\VSCFcaR.exe
  2⤵
  PID:7912
- C:\Windows\System\xglzFiI.exe
  C:\Windows\System\xglzFiI.exe
  2⤵
  PID:7936
- C:\Windows\System\abPbPqb.exe
  C:\Windows\System\abPbPqb.exe
  2⤵
  PID:7956
- C:\Windows\System\IAdVDtK.exe
  C:\Windows\System\IAdVDtK.exe
  2⤵
  PID:7992
- C:\Windows\System\vvqrqGK.exe
  C:\Windows\System\vvqrqGK.exe
  2⤵
  PID:8008
- C:\Windows\System\JCYgAza.exe
  C:\Windows\System\JCYgAza.exe
  2⤵
  PID:8024
- C:\Windows\System\MKDqKBb.exe
  C:\Windows\System\MKDqKBb.exe
  2⤵
  PID:8040
- C:\Windows\System\uAWEfPm.exe
  C:\Windows\System\uAWEfPm.exe
  2⤵
  PID:8056
- C:\Windows\System\RmDhtTh.exe
  C:\Windows\System\RmDhtTh.exe
  2⤵
  PID:8072
- C:\Windows\System\QrmZOdW.exe
  C:\Windows\System\QrmZOdW.exe
  2⤵
  PID:8088
- C:\Windows\System\rNVkLBL.exe
  C:\Windows\System\rNVkLBL.exe
  2⤵
  PID:8104
- C:\Windows\System\SXIayXX.exe
  C:\Windows\System\SXIayXX.exe
  2⤵
  PID:8120
- C:\Windows\System\akhttSA.exe
  C:\Windows\System\akhttSA.exe
  2⤵
  PID:8136
- C:\Windows\System\FiUmheP.exe
  C:\Windows\System\FiUmheP.exe
  2⤵
  PID:8152
- C:\Windows\System\SJVIoqY.exe
  C:\Windows\System\SJVIoqY.exe
  2⤵
  PID:8168
- C:\Windows\System\dAdQZKG.exe
  C:\Windows\System\dAdQZKG.exe
  2⤵
  PID:8184
- C:\Windows\System\njJkdFR.exe
  C:\Windows\System\njJkdFR.exe
  2⤵
  PID:2820
- C:\Windows\System\MIDIFEB.exe
  C:\Windows\System\MIDIFEB.exe
  2⤵
  PID:2100
- C:\Windows\System\XJxtKpw.exe
  C:\Windows\System\XJxtKpw.exe
  2⤵
  PID:1768
- C:\Windows\System\AVmOCul.exe
  C:\Windows\System\AVmOCul.exe
  2⤵
  PID:7184
- C:\Windows\System\hbTghsm.exe
  C:\Windows\System\hbTghsm.exe
  2⤵
  PID:7228
- C:\Windows\System\jeFiAzg.exe
  C:\Windows\System\jeFiAzg.exe
  2⤵
  PID:7260
- C:\Windows\System\bRZoWid.exe
  C:\Windows\System\bRZoWid.exe
  2⤵
  PID:7280
- C:\Windows\System\pGKatcq.exe
  C:\Windows\System\pGKatcq.exe
  2⤵
  PID:7296
- C:\Windows\System\RVQlDuG.exe
  C:\Windows\System\RVQlDuG.exe
  2⤵
  PID:3060
- C:\Windows\System\RUyVBGU.exe
  C:\Windows\System\RUyVBGU.exe
  2⤵
  PID:7344
- C:\Windows\System\jAaMPgc.exe
  C:\Windows\System\jAaMPgc.exe
  2⤵
  PID:7376
- C:\Windows\System\rZsGVxa.exe
  C:\Windows\System\rZsGVxa.exe
  2⤵
  PID:7404
- C:\Windows\System\VIreZRn.exe
  C:\Windows\System\VIreZRn.exe
  2⤵
  PID:7440
- C:\Windows\System\nDTUeqf.exe
  C:\Windows\System\nDTUeqf.exe
  2⤵
  PID:7484
- C:\Windows\System\TseqeER.exe
  C:\Windows\System\TseqeER.exe
  2⤵
  PID:7500
- C:\Windows\System\PgbtjpP.exe
  C:\Windows\System\PgbtjpP.exe
  2⤵
  PID:7516
- C:\Windows\System\upKhfAR.exe
  C:\Windows\System\upKhfAR.exe
  2⤵
  PID:7528
- C:\Windows\System\iMtcHkS.exe
  C:\Windows\System\iMtcHkS.exe
  2⤵
  PID:7656
- C:\Windows\System\wcrujgU.exe
  C:\Windows\System\wcrujgU.exe
  2⤵
  PID:7668
- C:\Windows\System\mzvcjpp.exe
  C:\Windows\System\mzvcjpp.exe
  2⤵
  PID:7580
- C:\Windows\System\MhEEFiT.exe
  C:\Windows\System\MhEEFiT.exe
  2⤵
  PID:7684
- C:\Windows\System\bhHYXVc.exe
  C:\Windows\System\bhHYXVc.exe
  2⤵
  PID:7720
- C:\Windows\System\OdvROZQ.exe
  C:\Windows\System\OdvROZQ.exe
  2⤵
  PID:7768
- C:\Windows\System\XWChJkf.exe
  C:\Windows\System\XWChJkf.exe
  2⤵
  PID:7784
- C:\Windows\System\dnQbeoO.exe
  C:\Windows\System\dnQbeoO.exe
  2⤵
  PID:7808
- C:\Windows\System\KCYvPyp.exe
  C:\Windows\System\KCYvPyp.exe
  2⤵
  PID:7836
- C:\Windows\System\yGPrXBc.exe
  C:\Windows\System\yGPrXBc.exe
  2⤵
  PID:7852
- C:\Windows\System\smtRxbK.exe
  C:\Windows\System\smtRxbK.exe
  2⤵
  PID:7824
- C:\Windows\System\vilfaOO.exe
  C:\Windows\System\vilfaOO.exe
  2⤵
  PID:1904
- C:\Windows\System\UxpCheN.exe
  C:\Windows\System\UxpCheN.exe
  2⤵
  PID:7904
- C:\Windows\System\NvPELDW.exe
  C:\Windows\System\NvPELDW.exe
  2⤵
  PID:7920
- C:\Windows\System\StBrCzg.exe
  C:\Windows\System\StBrCzg.exe
  2⤵
  PID:7964
- C:\Windows\System\gxmwTgc.exe
  C:\Windows\System\gxmwTgc.exe
  2⤵
  PID:7948
- C:\Windows\System\BBYZfyd.exe
  C:\Windows\System\BBYZfyd.exe
  2⤵
  PID:5276
- C:\Windows\System\vlXkDEl.exe
  C:\Windows\System\vlXkDEl.exe
  2⤵
  PID:8064
- C:\Windows\System\dEmTtUD.exe
  C:\Windows\System\dEmTtUD.exe
  2⤵
  PID:8144
- C:\Windows\System\wRfECnS.exe
  C:\Windows\System\wRfECnS.exe
  2⤵
  PID:8180
- C:\Windows\System\eBOAbph.exe
  C:\Windows\System\eBOAbph.exe
  2⤵
  PID:2176
- C:\Windows\System\YhvPZNm.exe
  C:\Windows\System\YhvPZNm.exe
  2⤵
  PID:3032
- C:\Windows\System\VISINrA.exe
  C:\Windows\System\VISINrA.exe
  2⤵
  PID:7180
- C:\Windows\System\PRHbRJj.exe
  C:\Windows\System\PRHbRJj.exe
  2⤵
  PID:7476
- C:\Windows\System\xMmKwOO.exe
  C:\Windows\System\xMmKwOO.exe
  2⤵
  PID:7372
- C:\Windows\System\BLPNIXR.exe
  C:\Windows\System\BLPNIXR.exe
  2⤵
  PID:7492
- C:\Windows\System\hHXWWZd.exe
  C:\Windows\System\hHXWWZd.exe
  2⤵
  PID:7232
- C:\Windows\System\YpAhTtH.exe
  C:\Windows\System\YpAhTtH.exe
  2⤵
  PID:7508
- C:\Windows\System\bsyOPer.exe
  C:\Windows\System\bsyOPer.exe
  2⤵
  PID:7536
- C:\Windows\System\EskzqmV.exe
  C:\Windows\System\EskzqmV.exe
  2⤵
  PID:7556
- C:\Windows\System\cmCOIUl.exe
  C:\Windows\System\cmCOIUl.exe
  2⤵
  PID:7624
- C:\Windows\System\GeDgDUx.exe
  C:\Windows\System\GeDgDUx.exe
  2⤵
  PID:6740
- C:\Windows\System\XCZHdVT.exe
  C:\Windows\System\XCZHdVT.exe
  2⤵
  PID:7652
- C:\Windows\System\vkpKFhu.exe
  C:\Windows\System\vkpKFhu.exe
  2⤵
  PID:7696
- C:\Windows\System\YmisGCT.exe
  C:\Windows\System\YmisGCT.exe
  2⤵
  PID:7828
- C:\Windows\System\NABPyDA.exe
  C:\Windows\System\NABPyDA.exe
  2⤵
  PID:7804
- C:\Windows\System\GvUqqdk.exe
  C:\Windows\System\GvUqqdk.exe
  2⤵
  PID:7844
- C:\Windows\System\nEoCwJh.exe
  C:\Windows\System\nEoCwJh.exe
  2⤵
  PID:6964
- C:\Windows\System\LGCZbWE.exe
  C:\Windows\System\LGCZbWE.exe
  2⤵
  PID:7924
- C:\Windows\System\HVlLkWS.exe
  C:\Windows\System\HVlLkWS.exe
  2⤵
  PID:7980
- C:\Windows\System\rHlXfIp.exe
  C:\Windows\System\rHlXfIp.exe
  2⤵
  PID:8112
- C:\Windows\System\bQFrGlq.exe
  C:\Windows\System\bQFrGlq.exe
  2⤵
  PID:8048
- C:\Windows\System\fzbPdQu.exe
  C:\Windows\System\fzbPdQu.exe
  2⤵
  PID:8132
- C:\Windows\System\etzyIRU.exe
  C:\Windows\System\etzyIRU.exe
  2⤵
  PID:1820
- C:\Windows\System\sbFiAyP.exe
  C:\Windows\System\sbFiAyP.exe
  2⤵
  PID:8148
- C:\Windows\System\WKvjFDl.exe
  C:\Windows\System\WKvjFDl.exe
  2⤵
  PID:7196
- C:\Windows\System\GUQKYqv.exe
  C:\Windows\System\GUQKYqv.exe
  2⤵
  PID:7420
- C:\Windows\System\uQziZUM.exe
  C:\Windows\System\uQziZUM.exe
  2⤵
  PID:7292
- C:\Windows\System\VPpeXQw.exe
  C:\Windows\System\VPpeXQw.exe
  2⤵
  PID:7408
- C:\Windows\System\dmWdPBa.exe
  C:\Windows\System\dmWdPBa.exe
  2⤵
  PID:7540
- C:\Windows\System\DotnToC.exe
  C:\Windows\System\DotnToC.exe
  2⤵
  PID:7340
- C:\Windows\System\WTbtrhc.exe
  C:\Windows\System\WTbtrhc.exe
  2⤵
  PID:7644
- C:\Windows\System\VHoZdJD.exe
  C:\Windows\System\VHoZdJD.exe
  2⤵
  PID:7748
- C:\Windows\System\fgSCYnZ.exe
  C:\Windows\System\fgSCYnZ.exe
  2⤵
  PID:692
- C:\Windows\System\GeEScqX.exe
  C:\Windows\System\GeEScqX.exe
  2⤵
  PID:1388
- C:\Windows\System\hFtUefi.exe
  C:\Windows\System\hFtUefi.exe
  2⤵
  PID:7716
- C:\Windows\System\PvyEDFH.exe
  C:\Windows\System\PvyEDFH.exe
  2⤵
  PID:7792
- C:\Windows\System\ygOhPZy.exe
  C:\Windows\System\ygOhPZy.exe
  2⤵
  PID:8100
- C:\Windows\System\MLeGXYD.exe
  C:\Windows\System\MLeGXYD.exe
  2⤵
  PID:8128
- C:\Windows\System\HQhToXp.exe
  C:\Windows\System\HQhToXp.exe
  2⤵
  PID:7308
- C:\Windows\System\NStnrsa.exe
  C:\Windows\System\NStnrsa.exe
  2⤵
  PID:7176
- C:\Windows\System\YfUWEws.exe
  C:\Windows\System\YfUWEws.exe
  2⤵
  PID:7424
- C:\Windows\System\bQIzBkl.exe
  C:\Windows\System\bQIzBkl.exe
  2⤵
  PID:7732
- C:\Windows\System\KlCThrd.exe
  C:\Windows\System\KlCThrd.exe
  2⤵
  PID:7264
- C:\Windows\System\kOAiVns.exe
  C:\Windows\System\kOAiVns.exe
  2⤵
  PID:7884
- C:\Windows\System\ZbFhNyB.exe
  C:\Windows\System\ZbFhNyB.exe
  2⤵
  PID:7632
- C:\Windows\System\UhqUljk.exe
  C:\Windows\System\UhqUljk.exe
  2⤵
  PID:2228
- C:\Windows\System\hTLcWhu.exe
  C:\Windows\System\hTLcWhu.exe
  2⤵
  PID:8032
- C:\Windows\System\DWaExMi.exe
  C:\Windows\System\DWaExMi.exe
  2⤵
  PID:7172
- C:\Windows\System\FLIgJaP.exe
  C:\Windows\System\FLIgJaP.exe
  2⤵
  PID:7592
- C:\Windows\System\hrjLzab.exe
  C:\Windows\System\hrjLzab.exe
  2⤵
  PID:7596
- C:\Windows\System\EpSZjfx.exe
  C:\Windows\System\EpSZjfx.exe
  2⤵
  PID:7752
- C:\Windows\System\JgABJbm.exe
  C:\Windows\System\JgABJbm.exe
  2⤵
  PID:1000
- C:\Windows\System\kiKAahS.exe
  C:\Windows\System\kiKAahS.exe
  2⤵
  PID:8204
- C:\Windows\System\IgXPIea.exe
  C:\Windows\System\IgXPIea.exe
  2⤵
  PID:8224
- C:\Windows\System\NfVubtt.exe
  C:\Windows\System\NfVubtt.exe
  2⤵
  PID:8276
- C:\Windows\System\govyitK.exe
  C:\Windows\System\govyitK.exe
  2⤵
  PID:8292
- C:\Windows\System\OXnRPpW.exe
  C:\Windows\System\OXnRPpW.exe
  2⤵
  PID:8308
- C:\Windows\System\RGTAoQZ.exe
  C:\Windows\System\RGTAoQZ.exe
  2⤵
  PID:8324
- C:\Windows\System\xrDVPVz.exe
  C:\Windows\System\xrDVPVz.exe
  2⤵
  PID:8340
- C:\Windows\System\UQUsoXr.exe
  C:\Windows\System\UQUsoXr.exe
  2⤵
  PID:8356
- C:\Windows\System\ioVMxjV.exe
  C:\Windows\System\ioVMxjV.exe
  2⤵
  PID:8376
- C:\Windows\System\WaHlVyT.exe
  C:\Windows\System\WaHlVyT.exe
  2⤵
  PID:8392
- C:\Windows\System\BXuNsaB.exe
  C:\Windows\System\BXuNsaB.exe
  2⤵
  PID:8408
- C:\Windows\System\DuflQDY.exe
  C:\Windows\System\DuflQDY.exe
  2⤵
  PID:8464
- C:\Windows\System\gRIBLNn.exe
  C:\Windows\System\gRIBLNn.exe
  2⤵
  PID:8480
- C:\Windows\System\GDJBZRf.exe
  C:\Windows\System\GDJBZRf.exe
  2⤵
  PID:8496
- C:\Windows\System\rzNiCUF.exe
  C:\Windows\System\rzNiCUF.exe
  2⤵
  PID:8512
- C:\Windows\System\HZnRbXu.exe
  C:\Windows\System\HZnRbXu.exe
  2⤵
  PID:8528
- C:\Windows\System\iMzhwlb.exe
  C:\Windows\System\iMzhwlb.exe
  2⤵
  PID:8544
- C:\Windows\System\KixGFvz.exe
  C:\Windows\System\KixGFvz.exe
  2⤵
  PID:8564
- C:\Windows\System\IEsXcXM.exe
  C:\Windows\System\IEsXcXM.exe
  2⤵
  PID:8584
- C:\Windows\System\qBJvtEl.exe
  C:\Windows\System\qBJvtEl.exe
  2⤵
  PID:8600
- C:\Windows\System\aeFBrDv.exe
  C:\Windows\System\aeFBrDv.exe
  2⤵
  PID:8616
- C:\Windows\System\YeKSeAv.exe
  C:\Windows\System\YeKSeAv.exe
  2⤵
  PID:8632
- C:\Windows\System\QeCNNgt.exe
  C:\Windows\System\QeCNNgt.exe
  2⤵
  PID:8648
- C:\Windows\System\nTqHxAQ.exe
  C:\Windows\System\nTqHxAQ.exe
  2⤵
  PID:8664
- C:\Windows\System\spgWVXa.exe
  C:\Windows\System\spgWVXa.exe
  2⤵
  PID:8700
- C:\Windows\System\arnGhDx.exe
  C:\Windows\System\arnGhDx.exe
  2⤵
  PID:8732
- C:\Windows\System\GXnHIwZ.exe
  C:\Windows\System\GXnHIwZ.exe
  2⤵
  PID:8760
- C:\Windows\System\hVbNsdC.exe
  C:\Windows\System\hVbNsdC.exe
  2⤵
  PID:8776
- C:\Windows\System\mLZxYla.exe
  C:\Windows\System\mLZxYla.exe
  2⤵
  PID:8792
- C:\Windows\System\lBpHzYR.exe
  C:\Windows\System\lBpHzYR.exe
  2⤵
  PID:8808
- C:\Windows\System\SehyDJo.exe
  C:\Windows\System\SehyDJo.exe
  2⤵
  PID:8824
- C:\Windows\System\SRVpBPD.exe
  C:\Windows\System\SRVpBPD.exe
  2⤵
  PID:8848
- C:\Windows\System\oXjTVCl.exe
  C:\Windows\System\oXjTVCl.exe
  2⤵
  PID:8864
- C:\Windows\System\iCOIFSY.exe
  C:\Windows\System\iCOIFSY.exe
  2⤵
  PID:8880
- C:\Windows\System\ycpCcld.exe
  C:\Windows\System\ycpCcld.exe
  2⤵
  PID:8896
- C:\Windows\System\wpjgfgP.exe
  C:\Windows\System\wpjgfgP.exe
  2⤵
  PID:8912
- C:\Windows\System\sxyqAFs.exe
  C:\Windows\System\sxyqAFs.exe
  2⤵
  PID:8928
- C:\Windows\System\PFopDYw.exe
  C:\Windows\System\PFopDYw.exe
  2⤵
  PID:8944
- C:\Windows\System\WdXFoyv.exe
  C:\Windows\System\WdXFoyv.exe
  2⤵
  PID:8968
- C:\Windows\System\FkIMmdu.exe
  C:\Windows\System\FkIMmdu.exe
  2⤵
  PID:8984
- C:\Windows\System\AEhuDzb.exe
  C:\Windows\System\AEhuDzb.exe
  2⤵
  PID:9004
- C:\Windows\System\CVMvCHJ.exe
  C:\Windows\System\CVMvCHJ.exe
  2⤵
  PID:9020
- C:\Windows\System\xumxufY.exe
  C:\Windows\System\xumxufY.exe
  2⤵
  PID:9036
- C:\Windows\System\wIVcxRO.exe
  C:\Windows\System\wIVcxRO.exe
  2⤵
  PID:9052
- C:\Windows\System\KxGoHhX.exe
  C:\Windows\System\KxGoHhX.exe
  2⤵
  PID:9068
- C:\Windows\System\jfYUCXR.exe
  C:\Windows\System\jfYUCXR.exe
  2⤵
  PID:9084
- C:\Windows\System\hxgphuR.exe
  C:\Windows\System\hxgphuR.exe
  2⤵
  PID:9100
- C:\Windows\System\MhnznRA.exe
  C:\Windows\System\MhnznRA.exe
  2⤵
  PID:9116
- C:\Windows\System\dtlcLFk.exe
  C:\Windows\System\dtlcLFk.exe
  2⤵
  PID:9140
- C:\Windows\System\RQgWyYi.exe
  C:\Windows\System\RQgWyYi.exe
  2⤵
  PID:9164
- C:\Windows\System\JajvoKZ.exe
  C:\Windows\System\JajvoKZ.exe
  2⤵
  PID:9192
- C:\Windows\System\IKpkQZm.exe
  C:\Windows\System\IKpkQZm.exe
  2⤵
  PID:8176
- C:\Windows\System\kZfVDBy.exe
  C:\Windows\System\kZfVDBy.exe
  2⤵
  PID:8216
- C:\Windows\System\pEnbHSA.exe
  C:\Windows\System\pEnbHSA.exe
  2⤵
  PID:8248
- C:\Windows\System\CGsSnIp.exe
  C:\Windows\System\CGsSnIp.exe
  2⤵
  PID:8288
- C:\Windows\System\OCrDYnY.exe
  C:\Windows\System\OCrDYnY.exe
  2⤵
  PID:8352
- C:\Windows\System\DrKKXXP.exe
  C:\Windows\System\DrKKXXP.exe
  2⤵
  PID:8304
- C:\Windows\System\wxRFHBW.exe
  C:\Windows\System\wxRFHBW.exe
  2⤵
  PID:8440
- C:\Windows\System\qsREgVg.exe
  C:\Windows\System\qsREgVg.exe
  2⤵
  PID:8456
- C:\Windows\System\ksjvaiR.exe
  C:\Windows\System\ksjvaiR.exe
  2⤵
  PID:8488
- C:\Windows\System\mQRLFRJ.exe
  C:\Windows\System\mQRLFRJ.exe
  2⤵
  PID:8540
- C:\Windows\System\YUvKgcK.exe
  C:\Windows\System\YUvKgcK.exe
  2⤵
  PID:8608
- C:\Windows\System\EHvlcIJ.exe
  C:\Windows\System\EHvlcIJ.exe
  2⤵
  PID:8640
- C:\Windows\System\yXAnfRN.exe
  C:\Windows\System\yXAnfRN.exe
  2⤵
  PID:8448
- C:\Windows\System\ARnMogZ.exe
  C:\Windows\System\ARnMogZ.exe
  2⤵
  PID:8672
- C:\Windows\System\YsaAsrx.exe
  C:\Windows\System\YsaAsrx.exe
  2⤵
  PID:8680
- C:\Windows\System\OVhcNpl.exe
  C:\Windows\System\OVhcNpl.exe
  2⤵
  PID:8692
- C:\Windows\System\MArNSzI.exe
  C:\Windows\System\MArNSzI.exe
  2⤵
  PID:8724
- C:\Windows\System\SdQWZfI.exe
  C:\Windows\System\SdQWZfI.exe
  2⤵
  PID:8768
- C:\Windows\System\xTbqOfX.exe
  C:\Windows\System\xTbqOfX.exe
  2⤵
  PID:8836
- C:\Windows\System\ARaPBQK.exe
  C:\Windows\System\ARaPBQK.exe
  2⤵
  PID:8744
- C:\Windows\System\pRhIJgQ.exe
  C:\Windows\System\pRhIJgQ.exe
  2⤵
  PID:8752
- C:\Windows\System\lwdrfRk.exe
  C:\Windows\System\lwdrfRk.exe
  2⤵
  PID:8816
- C:\Windows\System\XDQUixZ.exe
  C:\Windows\System\XDQUixZ.exe
  2⤵
  PID:8920
- C:\Windows\System\gIOFgWu.exe
  C:\Windows\System\gIOFgWu.exe
  2⤵
  PID:8952
- C:\Windows\System\gHnDkpQ.exe
  C:\Windows\System\gHnDkpQ.exe
  2⤵
  PID:9032
- C:\Windows\System\OAcnCBS.exe
  C:\Windows\System\OAcnCBS.exe
  2⤵
  PID:9012
- C:\Windows\System\srqAItz.exe
  C:\Windows\System\srqAItz.exe
  2⤵
  PID:9080
- C:\Windows\System\AGCwCDH.exe
  C:\Windows\System\AGCwCDH.exe
  2⤵
  PID:9136
- C:\Windows\System\UlMAvhs.exe
  C:\Windows\System\UlMAvhs.exe
  2⤵
  PID:9160
- C:\Windows\System\Hdsjwed.exe
  C:\Windows\System\Hdsjwed.exe
  2⤵
  PID:9188
- C:\Windows\System\lEzegNX.exe
  C:\Windows\System\lEzegNX.exe
  2⤵
  PID:9212
- C:\Windows\System\jmhFCOY.exe
  C:\Windows\System\jmhFCOY.exe
  2⤵
  PID:9172
- C:\Windows\System\NAStXxP.exe
  C:\Windows\System\NAStXxP.exe
  2⤵
  PID:7464
- C:\Windows\System\IgJGtMs.exe
  C:\Windows\System\IgJGtMs.exe
  2⤵
  PID:8236
- C:\Windows\System\UOYsHze.exe
  C:\Windows\System\UOYsHze.exe
  2⤵
  PID:8320
- C:\Windows\System\IDgDWbZ.exe
  C:\Windows\System\IDgDWbZ.exe
  2⤵
  PID:8388
- C:\Windows\System\OGySTQH.exe
  C:\Windows\System\OGySTQH.exe
  2⤵
  PID:8432
- C:\Windows\System\rkGboLJ.exe
  C:\Windows\System\rkGboLJ.exe
  2⤵
  PID:8520
- C:\Windows\System\EXUgLGu.exe
  C:\Windows\System\EXUgLGu.exe
  2⤵
  PID:8580
- C:\Windows\System\OJJCLyg.exe
  C:\Windows\System\OJJCLyg.exe
  2⤵
  PID:8660
- C:\Windows\System\tAzKVAx.exe
  C:\Windows\System\tAzKVAx.exe
  2⤵
  PID:8772
- C:\Windows\System\jevXEdw.exe
  C:\Windows\System\jevXEdw.exe
  2⤵
  PID:8788
- C:\Windows\System\txNESdv.exe
  C:\Windows\System\txNESdv.exe
  2⤵
  PID:9064
- C:\Windows\System\TuOvZGG.exe
  C:\Windows\System\TuOvZGG.exe
  2⤵
  PID:8624
- C:\Windows\System\zihvIjz.exe
  C:\Windows\System\zihvIjz.exe
  2⤵
  PID:8728
- C:\Windows\System\iXnZLzU.exe
  C:\Windows\System\iXnZLzU.exe
  2⤵
  PID:8756
- C:\Windows\System\hvxRqFD.exe
  C:\Windows\System\hvxRqFD.exe
  2⤵
  PID:8960
- C:\Windows\System\dCzOwth.exe
  C:\Windows\System\dCzOwth.exe
  2⤵
  PID:9128
- C:\Windows\System\tTMfUxL.exe
  C:\Windows\System\tTMfUxL.exe
  2⤵
  PID:8404
- C:\Windows\System\RPApwLx.exe
  C:\Windows\System\RPApwLx.exe
  2⤵
  PID:9180
- C:\Windows\System\OzDOgRt.exe
  C:\Windows\System\OzDOgRt.exe
  2⤵
  PID:7780
- C:\Windows\System\EkRGiWO.exe
  C:\Windows\System\EkRGiWO.exe
  2⤵
  PID:1920
- C:\Windows\System\YFXtKiB.exe
  C:\Windows\System\YFXtKiB.exe
  2⤵
  PID:2620
- C:\Windows\System\EiOFzkY.exe
  C:\Windows\System\EiOFzkY.exe
  2⤵
  PID:8424
- C:\Windows\System\YanPNGi.exe
  C:\Windows\System\YanPNGi.exe
  2⤵
  PID:8364
- C:\Windows\System\YshZuRq.exe
  C:\Windows\System\YshZuRq.exe
  2⤵
  PID:8508
- C:\Windows\System\sBrqVPN.exe
  C:\Windows\System\sBrqVPN.exe
  2⤵
  PID:8696
- C:\Windows\System\kVSSPcr.exe
  C:\Windows\System\kVSSPcr.exe
  2⤵
  PID:8904
- C:\Windows\System\hdmEyey.exe
  C:\Windows\System\hdmEyey.exe
  2⤵
  PID:9060
- C:\Windows\System\TSuHvLt.exe
  C:\Windows\System\TSuHvLt.exe
  2⤵
  PID:8784
- C:\Windows\System\NSotHVf.exe
  C:\Windows\System\NSotHVf.exe
  2⤵
  PID:9000
- C:\Windows\System\BaKFaDK.exe
  C:\Windows\System\BaKFaDK.exe
  2⤵
  PID:9204
- C:\Windows\System\UTumzhH.exe
  C:\Windows\System\UTumzhH.exe
  2⤵
  PID:8284
- C:\Windows\System\RHJHRxf.exe
  C:\Windows\System\RHJHRxf.exe
  2⤵
  PID:8452
- C:\Windows\System\pCTLrhu.exe
  C:\Windows\System\pCTLrhu.exe
  2⤵
  PID:7560
- C:\Windows\System\HmVHEDh.exe
  C:\Windows\System\HmVHEDh.exe
  2⤵
  PID:8348
- C:\Windows\System\sshcvKW.exe
  C:\Windows\System\sshcvKW.exe
  2⤵
  PID:8832
- C:\Windows\System\QPpgQwd.exe
  C:\Windows\System\QPpgQwd.exe
  2⤵
  PID:8940
- C:\Windows\System\vxJkZnz.exe
  C:\Windows\System\vxJkZnz.exe
  2⤵
  PID:9108
- C:\Windows\System\jIYFMTA.exe
  C:\Windows\System\jIYFMTA.exe
  2⤵
  PID:8720
- C:\Windows\System\YYMFXXR.exe
  C:\Windows\System\YYMFXXR.exe
  2⤵
  PID:8992
- C:\Windows\System\lnDLklM.exe
  C:\Windows\System\lnDLklM.exe
  2⤵
  PID:8428
- C:\Windows\System\KPyejDj.exe
  C:\Windows\System\KPyejDj.exe
  2⤵
  PID:8400
- C:\Windows\System\PsepCfQ.exe
  C:\Windows\System\PsepCfQ.exe
  2⤵
  PID:9232
- C:\Windows\System\ASIHtIO.exe
  C:\Windows\System\ASIHtIO.exe
  2⤵
  PID:9248
- C:\Windows\System\dbmvTNx.exe
  C:\Windows\System\dbmvTNx.exe
  2⤵
  PID:9264
- C:\Windows\System\sCgYvbB.exe
  C:\Windows\System\sCgYvbB.exe
  2⤵
  PID:9284
- C:\Windows\System\NKmZyex.exe
  C:\Windows\System\NKmZyex.exe
  2⤵
  PID:9304
- C:\Windows\System\KTBtuky.exe
  C:\Windows\System\KTBtuky.exe
  2⤵
  PID:9320
- C:\Windows\System\mjZqBuM.exe
  C:\Windows\System\mjZqBuM.exe
  2⤵
  PID:9364
- C:\Windows\System\CNcpZEu.exe
  C:\Windows\System\CNcpZEu.exe
  2⤵
  PID:9380
- C:\Windows\System\JPYzHuY.exe
  C:\Windows\System\JPYzHuY.exe
  2⤵
  PID:9396
- C:\Windows\System\atxtcJQ.exe
  C:\Windows\System\atxtcJQ.exe
  2⤵
  PID:9412
- C:\Windows\System\svTyfiV.exe
  C:\Windows\System\svTyfiV.exe
  2⤵
  PID:9428
- C:\Windows\System\OEKjYdz.exe
  C:\Windows\System\OEKjYdz.exe
  2⤵
  PID:9444
- C:\Windows\System\KtbCfZv.exe
  C:\Windows\System\KtbCfZv.exe
  2⤵
  PID:9496
- C:\Windows\System\qWtpDxt.exe
  C:\Windows\System\qWtpDxt.exe
  2⤵
  PID:9512
- C:\Windows\System\DjldljV.exe
  C:\Windows\System\DjldljV.exe
  2⤵
  PID:9532
- C:\Windows\System\fxdPXpL.exe
  C:\Windows\System\fxdPXpL.exe
  2⤵
  PID:9548
- C:\Windows\System\wREgjyr.exe
  C:\Windows\System\wREgjyr.exe
  2⤵
  PID:9572
- C:\Windows\System\bjZwHjf.exe
  C:\Windows\System\bjZwHjf.exe
  2⤵
  PID:9600
- C:\Windows\System\fpEnKrR.exe
  C:\Windows\System\fpEnKrR.exe
  2⤵
  PID:9620
- C:\Windows\System\TPheAYt.exe
  C:\Windows\System\TPheAYt.exe
  2⤵
  PID:9644
- C:\Windows\System\ymQqGKz.exe
  C:\Windows\System\ymQqGKz.exe
  2⤵
  PID:9664
- C:\Windows\System\owdahYh.exe
  C:\Windows\System\owdahYh.exe
  2⤵
  PID:9680
- C:\Windows\System\JaVDGiZ.exe
  C:\Windows\System\JaVDGiZ.exe
  2⤵
  PID:9696
- C:\Windows\System\OmZMQcl.exe
  C:\Windows\System\OmZMQcl.exe
  2⤵
  PID:9712
- C:\Windows\System\pYeicea.exe
  C:\Windows\System\pYeicea.exe
  2⤵
  PID:9728
- C:\Windows\System\xrdIbFI.exe
  C:\Windows\System\xrdIbFI.exe
  2⤵
  PID:9748
- C:\Windows\System\AdPDfQh.exe
  C:\Windows\System\AdPDfQh.exe
  2⤵
  PID:9772
- C:\Windows\System\kBnBSpw.exe
  C:\Windows\System\kBnBSpw.exe
  2⤵
  PID:9788
- C:\Windows\System\bXtzLio.exe
  C:\Windows\System\bXtzLio.exe
  2⤵
  PID:9804
- C:\Windows\System\GhhuRdR.exe
  C:\Windows\System\GhhuRdR.exe
  2⤵
  PID:9820
- C:\Windows\System\FikFrhp.exe
  C:\Windows\System\FikFrhp.exe
  2⤵
  PID:9836
- C:\Windows\System\SbNYdaz.exe
  C:\Windows\System\SbNYdaz.exe
  2⤵
  PID:9852
- C:\Windows\System\fDoVivB.exe
  C:\Windows\System\fDoVivB.exe
  2⤵
  PID:9868
- C:\Windows\System\JhUhwAQ.exe
  C:\Windows\System\JhUhwAQ.exe
  2⤵
  PID:9884
- C:\Windows\System\xEmNmFP.exe
  C:\Windows\System\xEmNmFP.exe
  2⤵
  PID:9900
- C:\Windows\System\oydwggg.exe
  C:\Windows\System\oydwggg.exe
  2⤵
  PID:9916
- C:\Windows\System\tExREGv.exe
  C:\Windows\System\tExREGv.exe
  2⤵
  PID:9940
- C:\Windows\System\LkIKsMd.exe
  C:\Windows\System\LkIKsMd.exe
  2⤵
  PID:9964
- C:\Windows\System\zfhymin.exe
  C:\Windows\System\zfhymin.exe
  2⤵
  PID:9996
- C:\Windows\System\PWzwhJj.exe
  C:\Windows\System\PWzwhJj.exe
  2⤵
  PID:10044
- C:\Windows\System\ycHwZuR.exe
  C:\Windows\System\ycHwZuR.exe
  2⤵
  PID:10064
- C:\Windows\System\KhkcxMD.exe
  C:\Windows\System\KhkcxMD.exe
  2⤵
  PID:10096
- C:\Windows\System\ObBUnqt.exe
  C:\Windows\System\ObBUnqt.exe
  2⤵
  PID:10124
- C:\Windows\System\SvCFLEr.exe
  C:\Windows\System\SvCFLEr.exe
  2⤵
  PID:10144
- C:\Windows\System\VlVKhMR.exe
  C:\Windows\System\VlVKhMR.exe
  2⤵
  PID:10176
- C:\Windows\System\lcWXlqe.exe
  C:\Windows\System\lcWXlqe.exe
  2⤵
  PID:10192
- C:\Windows\System\KMBdjMf.exe
  C:\Windows\System\KMBdjMf.exe
  2⤵
  PID:10220
- C:\Windows\System\pbgYEhB.exe
  C:\Windows\System\pbgYEhB.exe
  2⤵
  PID:8232
- C:\Windows\System\yESbYbi.exe
  C:\Windows\System\yESbYbi.exe
  2⤵
  PID:8264
- C:\Windows\System\VAehKMM.exe
  C:\Windows\System\VAehKMM.exe
  2⤵
  PID:9244
- C:\Windows\System\iMFvfDB.exe
  C:\Windows\System\iMFvfDB.exe
  2⤵
  PID:9312
- C:\Windows\System\UixLZyZ.exe
  C:\Windows\System\UixLZyZ.exe
  2⤵
  PID:9048
- C:\Windows\System\zsYLcvE.exe
  C:\Windows\System\zsYLcvE.exe
  2⤵
  PID:9152
- C:\Windows\System\TFQBUzC.exe
  C:\Windows\System\TFQBUzC.exe
  2⤵
  PID:9228
- C:\Windows\System\dSMWDpA.exe
  C:\Windows\System\dSMWDpA.exe
  2⤵
  PID:9336
- C:\Windows\System\ePsoBsG.exe
  C:\Windows\System\ePsoBsG.exe
  2⤵
  PID:9360
- C:\Windows\System\VZQuhVb.exe
  C:\Windows\System\VZQuhVb.exe
  2⤵
  PID:9452
- C:\Windows\System\ACMmytg.exe
  C:\Windows\System\ACMmytg.exe
  2⤵
  PID:9492
- C:\Windows\System\LJXXYfB.exe
  C:\Windows\System\LJXXYfB.exe
  2⤵
  PID:9404
- C:\Windows\System\HyUZmZn.exe
  C:\Windows\System\HyUZmZn.exe
  2⤵
  PID:9524
- C:\Windows\System\TNhBwBJ.exe
  C:\Windows\System\TNhBwBJ.exe
  2⤵
  PID:9608
- C:\Windows\System\ChXkUiT.exe
  C:\Windows\System\ChXkUiT.exe
  2⤵
  PID:9612
- C:\Windows\System\sluJQGq.exe
  C:\Windows\System\sluJQGq.exe
  2⤵
  PID:9720
- C:\Windows\System\eLMImml.exe
  C:\Windows\System\eLMImml.exe
  2⤵
  PID:9592
- C:\Windows\System\LysrILC.exe
  C:\Windows\System\LysrILC.exe
  2⤵
  PID:9704
- C:\Windows\System\dpsqJOS.exe
  C:\Windows\System\dpsqJOS.exe
  2⤵
  PID:9764
- C:\Windows\System\DmviqPl.exe
  C:\Windows\System\DmviqPl.exe
  2⤵
  PID:9828
- C:\Windows\System\cfpVses.exe
  C:\Windows\System\cfpVses.exe
  2⤵
  PID:9784
- C:\Windows\System\WPYTbbw.exe
  C:\Windows\System\WPYTbbw.exe
  2⤵
  PID:9864
- C:\Windows\System\XVsxUdF.exe
  C:\Windows\System\XVsxUdF.exe
  2⤵
  PID:9896
- C:\Windows\System\mPynFHh.exe
  C:\Windows\System\mPynFHh.exe
  2⤵
  PID:9880
- C:\Windows\System\JScPHPJ.exe
  C:\Windows\System\JScPHPJ.exe
  2⤵
  PID:9976
- C:\Windows\System\kStPrhr.exe
  C:\Windows\System\kStPrhr.exe
  2⤵
  PID:9948
- C:\Windows\System\tjluome.exe
  C:\Windows\System\tjluome.exe
  2⤵
  PID:10016
- C:\Windows\System\NCGoDWI.exe
  C:\Windows\System\NCGoDWI.exe
  2⤵
  PID:10104
- C:\Windows\System\iubdQrL.exe
  C:\Windows\System\iubdQrL.exe
  2⤵
  PID:10120
- C:\Windows\System\bygkDQT.exe
  C:\Windows\System\bygkDQT.exe
  2⤵
  PID:10028
- C:\Windows\System\cMbHOaE.exe
  C:\Windows\System\cMbHOaE.exe
  2⤵
  PID:10072
- C:\Windows\System\oQBNrkz.exe
  C:\Windows\System\oQBNrkz.exe
  2⤵
  PID:10084
- C:\Windows\System\qsVhOsG.exe
  C:\Windows\System\qsVhOsG.exe
  2⤵
  PID:10140
- C:\Windows\System\RxVBZID.exe
  C:\Windows\System\RxVBZID.exe
  2⤵
  PID:10216
- C:\Windows\System\PQueUBa.exe
  C:\Windows\System\PQueUBa.exe
  2⤵
  PID:8460
- C:\Windows\System\CFtQwPn.exe
  C:\Windows\System\CFtQwPn.exe
  2⤵
  PID:9276
- C:\Windows\System\GTqQurz.exe
  C:\Windows\System\GTqQurz.exe
  2⤵
  PID:9256
- C:\Windows\System\mAyHHwZ.exe
  C:\Windows\System\mAyHHwZ.exe
  2⤵
  PID:9332
- C:\Windows\System\bMDlvwa.exe
  C:\Windows\System\bMDlvwa.exe
  2⤵
  PID:8332
- C:\Windows\System\WUxQXaE.exe
  C:\Windows\System\WUxQXaE.exe
  2⤵
  PID:9392
- C:\Windows\System\IintcJf.exe
  C:\Windows\System\IintcJf.exe
  2⤵
  PID:9376
- C:\Windows\System\JWfGAJX.exe
  C:\Windows\System\JWfGAJX.exe
  2⤵
  PID:9484
- C:\Windows\System\AVPOGhf.exe
  C:\Windows\System\AVPOGhf.exe
  2⤵
  PID:9456
- C:\Windows\System\pfpRiQh.exe
  C:\Windows\System\pfpRiQh.exe
  2⤵
  PID:9688
- C:\Windows\System\GlQIiCk.exe
  C:\Windows\System\GlQIiCk.exe
  2⤵
  PID:9760
- C:\Windows\System\caLswMA.exe
  C:\Windows\System\caLswMA.exe
  2⤵
  PID:9796
- C:\Windows\System\ydTPkkp.exe
  C:\Windows\System\ydTPkkp.exe
  2⤵
  PID:9848
- C:\Windows\System\XpScYkn.exe
  C:\Windows\System\XpScYkn.exe
  2⤵
  PID:9936
- C:\Windows\System\TaCwsiW.exe
  C:\Windows\System\TaCwsiW.exe
  2⤵
  PID:9596
- C:\Windows\System\nKqLRdY.exe
  C:\Windows\System\nKqLRdY.exe
  2⤵
  PID:9860
- C:\Windows\System\mCkduqm.exe
  C:\Windows\System\mCkduqm.exe
  2⤵
  PID:9956
- C:\Windows\System\LiVBybB.exe
  C:\Windows\System\LiVBybB.exe
  2⤵
  PID:10112
- C:\Windows\System\rlCsulI.exe
  C:\Windows\System\rlCsulI.exe
  2⤵
  PID:10008
- C:\Windows\System\RKeblIm.exe
  C:\Windows\System\RKeblIm.exe
  2⤵
  PID:10036
- C:\Windows\System\bCTGjkR.exe
  C:\Windows\System\bCTGjkR.exe
  2⤵
  PID:10092
- C:\Windows\System\oKQNpkX.exe
  C:\Windows\System\oKQNpkX.exe
  2⤵
  PID:8740
- C:\Windows\System\npQSIgn.exe
  C:\Windows\System\npQSIgn.exe
  2⤵
  PID:9340
- C:\Windows\System\qPaCsSm.exe
  C:\Windows\System\qPaCsSm.exe
  2⤵
  PID:10204
- C:\Windows\System\PoAwBKo.exe
  C:\Windows\System\PoAwBKo.exe
  2⤵
  PID:10232
- C:\Windows\System\aObcLLd.exe
  C:\Windows\System\aObcLLd.exe
  2⤵
  PID:9348
- C:\Windows\System\YhxStXP.exe
  C:\Windows\System\YhxStXP.exe
  2⤵
  PID:9724
- C:\Windows\System\kJesuSf.exe
  C:\Windows\System\kJesuSf.exe
  2⤵
  PID:9476
- C:\Windows\System\peGeXvL.exe
  C:\Windows\System\peGeXvL.exe
  2⤵
  PID:9556
- C:\Windows\System\ArNxqfl.exe
  C:\Windows\System\ArNxqfl.exe
  2⤵
  PID:9972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CYDTjXn.exe

Filesize
6.0MB

MD5
91cc73f146f5816360cc1527ccd2c304

SHA1
929556ec58ed8c84febc196be258aafcbc9ff843

SHA256
bf5aecb9436e01ff74724e442f9d0714f78c5c807f9e920060bafd3a838cc0d5

SHA512
8903eaac28acceed61da479cce2f30f20ab0613837b14349b7756bfd2c2441c0ff0e9b77ccf107ce4e7f3cae3f70cd88c431cec074f92c265aabef54fadf0537

Download Submit
C:\Windows\system\HLHRgPu.exe

Filesize
6.0MB

MD5
90d62b729d0b998e4345cce4c7ceaf72

SHA1
f6c42c5f04146485540e1bcdfd0a5faccca35f5d

SHA256
a8d5043f419355221ee064b7cf76e622bfaee3873f452c99595d53ab92a2464e

SHA512
156a7cec924f62f67b2dcc963b75e1ed81c0cab65ce0f7835d5f42a0ab7f5fe32ffee275d8cd67b3597605f2e24eb3157520caf1245f204008e67d718bf024ec

Download Submit
C:\Windows\system\INCfaXY.exe

Filesize
6.0MB

MD5
7ff8da724c7ae17e8e8e3e5a068ebfa5

SHA1
7cbc1b7f53b90b82752cc12c873002350d9af70d

SHA256
1699c5a941955bdbbc44d65cb0825785edfdee767d8597746d9fa16b8218f37e

SHA512
fc433261431dd8a8a4ebbc23e09a29b7419e13f4faf88d68b866a95033cb31958a60e88b7b69ad3686c5a78f8cb5d7ad87fdc13dc5fc808d14a10ee405df7905

Download Submit
C:\Windows\system\KvQuOqx.exe

Filesize
6.0MB

MD5
58e65c17f77a496961aa4ce1825caf2a

SHA1
0d2a083110cc98728e48abe31a6656e25faf9e64

SHA256
4041397233f8d387ebe5ec2368235828c70dc37b87122b2be1bf53123c316665

SHA512
f73495e949bbfffc11a297a0185357daf0e7f8e291995537bef170144c20d8e018ffd60606b04b5923bf2c0edc83457ca477cec3a37df19a9f35c15971285e40

Download Submit
C:\Windows\system\LtvzpfZ.exe

Filesize
6.0MB

MD5
33b7b6c838ec881291a3cbe48cf57fde

SHA1
bca8f10dd3e26e85c03222af46d35beac1ea4d31

SHA256
b716a6613a764c56822e3c24a8674bcbaafb84d1f8d76d39885a94070321d54a

SHA512
b8d2d1a637afabc579bc53fd9459e579dfa42fa390840eb4d4d1addf41c87a22898a5a7ffa9f6f4673e677ab25756f5e211c8b67898430e8a4ec745333428118

Download Submit
C:\Windows\system\MTJNqrf.exe

Filesize
6.0MB

MD5
a49aa821bb26568d087c4b16fcf8ac8b

SHA1
518a39ca66af0ccaebb71cfa7dae630495c1be92

SHA256
57022930b8cf2f9ba3e3053dc2a4c44e1deb8f02dcadf9136a73e5e36552b6c3

SHA512
ab6d1406608eb9c91fe19936e9f052263b70e5f794e2f8129f0f10a3afb885da3e3cdab85de6f7d38a76add51552a471a200ac59c12916ea6dfde4b4a4281cf0

Download Submit
C:\Windows\system\RaqWCsq.exe

Filesize
6.0MB

MD5
a1d358ffa8cdf59e1fb58055da9fe0f2

SHA1
d9a6cc7fc7dbbd3255502da6fa597f3a83b8586b

SHA256
da1de94c729ba705424e983a4f00d64741b9203c9b267aeae4f1fe86cd1ecd7a

SHA512
f47057b7717c2da10a68278b496ffc64351189dcb95760a2018f42b7aa0a74941dcef3549471ac2c47a718d2bd40385ce337540a3800e6fa9422c858c661b5ec

Download Submit
C:\Windows\system\SZsqlRs.exe

Filesize
6.0MB

MD5
b12d4b50fea9c879de9fe7bcbfba2dfd

SHA1
0f97e34c3e6198e7e605b99ead975bf2e198feba

SHA256
f67731c7d199844ac9d54faa893516ebd5899486f5eb5748eff1afae4e871063

SHA512
0557fcd93dde0a18067446853fe2d62542f5963e213480d3a177334c8974e2e323ffca5904e54cb6b810d21419b726ad9d04e3ed0ab6f7f1fcd1a8b66d4dbffc

Download Submit
C:\Windows\system\SaztBto.exe

Filesize
6.0MB

MD5
99c518f888ddacebe87117ed7e1f15bc

SHA1
d3de168bd319c2ce535f5d8b7be255fc3ee195c4

SHA256
7ee17f3b1ed6a4fcfe323aa36293ad9a7fc1ae0bf51d3606efdc93212edbc776

SHA512
27358336ba1e753754f98fcbeb0837e9af710deea41f7df1f76a6695077f332463bc52b61c7f32804c4b0eb038fdf2ae018832e0e281a239913837fa38a571a1

Download Submit
C:\Windows\system\bLvwdkr.exe

Filesize
6.0MB

MD5
48eb6efab49fceeff6199289e56e6ea8

SHA1
503551d587e10c36735e832e39af81f04d00c03d

SHA256
921af56b3cf2f153f434ceb07a6ddf1ce9406b138dbcbb91ae77716e3c7a146a

SHA512
3f30df9d9d40eb607e214e207f4746da103f0f1bcb35f84e02944b51125901cf4aa69ac4c57ae81da706d38af8900674d5e8968c305dfb492009f8a89504b797

Download Submit
C:\Windows\system\cnSbunz.exe

Filesize
6.0MB

MD5
b9a357f87cfb4dd4c0130f68c7f91a45

SHA1
bb32e1be5a45dcd17f422ffcad88dea5aa39308c

SHA256
55fdc697895df8397e31c3df22c6743ebfe1bec92a94a779b5dbf9ddd07ce842

SHA512
11b077a0d2c32f36ad8f1dfdc9df684865577f77fec26561d4d0fa2b79ee0b9facd7f07e7c2a92e81b5ac9a5de4167852e2ba9bff43269e2f7e374e96902c4a4

Download Submit
C:\Windows\system\doUjupY.exe

Filesize
6.0MB

MD5
642bfcf2c5d91eec7a3d2929492ff6a6

SHA1
d97b0b2247cfe2aa735526666820c362de17b439

SHA256
6bb7f8c17b4507460d0aa8dd04e792ac0352ac487c0f0006d244d437dd542786

SHA512
25f69897181b5aa5e3d11746c88b2aeaf4419901c16b2a94dbc16a79b218e414fe0882c64f189ebf8300e76ff8a233b08653a4bcf400fe57668555d7f743ef6f

Download Submit
C:\Windows\system\eSRLRGX.exe

Filesize
6.0MB

MD5
224d1351b37e549e7d839cc8f536abe4

SHA1
f6265bc7e83e218f6a5d2e57c2f5475cae96ead8

SHA256
1254432d87ec87435e0d3cc666298638db04941dc2ae726c0952209686affd4f

SHA512
4ed51296c0e7bca69ef0d95a1ed305425ea87fc339908decd2aace378dd74b37d71a970edf365df391d4ae294ec48a37a37dd162ed4315984bb0c02c92a30bea

Download Submit
C:\Windows\system\fSbhbXR.exe

Filesize
6.0MB

MD5
87584fc21407af8e05abdfbcac521f26

SHA1
286afb27868b8524f8ce8603c31edd70e416744f

SHA256
182adbe0fecb198f95ae201a56a353190d242bcb735b4459ac1417e9e959c0d7

SHA512
6160eecb5083634ebfa8203b94c6460dcfba3e367fe998d4bdc655db8c13e88a6d1b57315e937caa46f23d6b79b3772375b9243c08a73d4e65c2f7ca3285ec99

Download Submit
C:\Windows\system\fbtoSnR.exe

Filesize
6.0MB

MD5
39a43ae9c12ed7112e93b59e0b0b6667

SHA1
677f91a49fc24d1c4259caee0d8682dc9598470a

SHA256
9cec36dc8a52bceae9c707e492a538dcc868ebf07fd3410c271652d07051f78d

SHA512
ceaf2bfde9dbcddf9453e86a17f7afce8b33d49a8e9cbea77fbe8ab3727cf4a1a3e99b3d5ef55a1dfb962f3bb14c5b9373c5054a65328e001cbe5c83d91346bc

Download Submit
C:\Windows\system\gADIJKV.exe

Filesize
6.0MB

MD5
2bdc7390f4fd1dc1e729504306de45f6

SHA1
6da4a940709b66dedb7d8b45cb5866bafd38d6c8

SHA256
32a710b59268ff00a048eb331e568fed3faa267d27c5a95d13f1812bcf61c66b

SHA512
64a09b079e762ac00f0b7e3e5951c4b2520871d45f6e6d9e863b368d640a29d60b5eab683a97dee203928b2243175455da10c1df0ab7dfe1106dd0fe7c222145

Download Submit
C:\Windows\system\hlNTBkh.exe

Filesize
6.0MB

MD5
299191aaaab9b24469725a4402708df9

SHA1
a0e2816d433b0eafae58f1bf79d3b6a05c008739

SHA256
9101199258561f911dbd18577c3c1906fe640ac711d6cc60c67cf1b3129a6ebe

SHA512
7c658f1691cc7f77c529d663f807090dce5fbcda5ecafcd09c78cd1feaa2469a548cb5bdf2f27d5f10fa6330dd91f3a6f741a421da8604643ce5dc72804c9102

Download Submit
C:\Windows\system\jFAFjJU.exe

Filesize
6.0MB

MD5
414a2a4a1248ef9be571583d0c0b1609

SHA1
7867bd3c1ca4a46858707b4e8a367b8eecf2f9b0

SHA256
05daaba62b649ceb65e648c9c08e5f66cb760551ec555b4d4f3852ceab687689

SHA512
7dd6981aad34def0d967585ea54bd03761c0af8834d55c7a21768937cf81cd3162d225395e28cc27626b90944d4a7702d67bd9c25266190924107f003877b3a7

Download Submit
C:\Windows\system\kVPvYQr.exe

Filesize
6.0MB

MD5
d6f3c7bad20eea7a3f520da5e0af2208

SHA1
afff312ff2c167646f809f8988559570023ac7fb

SHA256
c90c01046a1a7eb8981805baa08af850432d41e9a7d85cffcb748f34c7d0848f

SHA512
7ba730426551325879bef4d7d68976b52dfda41e6e6b0c5c840dd250cd393ac8bba64362fc1d3a8002dfc7f7ebd0f904af8356d49887a276f299ea07f5214679

Download Submit
C:\Windows\system\lUlpOnc.exe

Filesize
6.0MB

MD5
fa37345d1b32b9ead1bcf6b7debb7438

SHA1
58df64a414dafd1d8119d75fd5e4f301cadeb028

SHA256
4f7ebeb29dc388f9b93a2a604366fe0ef291969da76f0044db3c85ecddf9cc5a

SHA512
2baa776be29349729a9f694266081cada7aa24e836e583dba8d3441b596ad99f3bca9b75d63155d9d49061b9884fb56cf7a8929bb127e7b7717c39578d49e831

Download Submit
C:\Windows\system\lmJLfsx.exe

Filesize
6.0MB

MD5
598f520c70aa76bf5638b78e7e800690

SHA1
514efaa414626595ee4b4c7eddb4d422d11f0968

SHA256
f18b6a23741c242de31f5f7c0278c0f3b32943fd00481bf408d5f135f4716f9e

SHA512
17dfa6debf322a3e21eab4c3a63d065addc0b36500a89403b37b8302c0748c146c171765ba89b395912a875a54484baa450bdac2b0e62a32003e6d70af9cb8a0

Download Submit
C:\Windows\system\owKlwXo.exe

Filesize
6.0MB

MD5
2d276a173069392ff2e84b6b17806436

SHA1
6c236f90750b7206ab5feaa7d0d0bd654ff6dacc

SHA256
368941e6645f3fe20f9259cf0ffe0c81a332e887ae7fb988c80573175b660af9

SHA512
a73ed7e76018b8fbc0a0e6627695243aedf34ff364b0a744576cbce8b8c0ebb0bddcedcd914ea4f304471ac2aeb1be3b0159a235c87497dd6dd53adebf1dbccf

Download Submit
C:\Windows\system\qPxmwLb.exe

Filesize
6.0MB

MD5
e8df3bd5aa778818bb476f481da3fd3f

SHA1
5541ec5b0814101514277e8c80022a25aadfa4b4

SHA256
0b59ff11690475c031517e95a010f495c50364937875acbaa2f451f78e992b92

SHA512
5830e2a0f0358a8e3d812cc8d93c41a1af5f440f8360801cf62bde450fd7c2768e7405c6e8303c07c652a7c20d699d38180717c7d6bedfb80bc243866c332717

Download Submit
C:\Windows\system\qTNXBaS.exe

Filesize
6.0MB

MD5
6dd5b20dc292fa2feeedcab28a33381b

SHA1
28d595b41b7e6f45dbaf817c97191dcff683178b

SHA256
4e3db73622c0e375fbc81fe56923ee706100475dde66f6a94dca8c2591d4fc08

SHA512
62387336653c23503506fb71aa5d28eacb03afadf5f7b97f56be658dd701f705efc0e4b9785ac9bdfe1050950573d530bd3d74c8aa23c3166e3230392c019e60

Download Submit
C:\Windows\system\roIBrGI.exe

Filesize
6.0MB

MD5
6520b0dd1845b91ad540431f482fb869

SHA1
c5aaa7a20d53c769fab138fb79e67c75599b2eab

SHA256
07cdf5b504b4cdf167670470470253f46f0b7dfe5f0fdc769a937c3646bb2b28

SHA512
766881fb550764153987523c67418b993039b9f243cd55f7a361cd48db1383184d1942cc4e5576fdfa406a7acb80aa25bb7980a0e456f29f3015463c0ca7bc77

Download Submit
C:\Windows\system\vflueqD.exe

Filesize
6.0MB

MD5
891cc74161776e2d8c96f6d68de57e79

SHA1
4111866df9eee240eedb6901e654e6855f9f0c5f

SHA256
2688252e8208d806ed8634ccfbd3bed6cf5c28678b19b502899d030c589b5670

SHA512
e462703d8b3ca11e9ffe2bfee29cf9735034b1e4f2dee5fc0284e101c25231b5631f6c44a9637bb4677cfe232ea0fd438a27a5aea346c92b31853fd84053d6e7

Download Submit
C:\Windows\system\wEMKMTP.exe

Filesize
6.0MB

MD5
771980b02ae7071f677084bc4dd17c32

SHA1
fc06898165695d84e733815fa91519cdb8fb830f

SHA256
cd760e2de8c4ac7bf11d3b6fd05fe60b49a8f7795286320e8bfeddeef4483c53

SHA512
d0cff57154497f585b7bc3b2b4c4780c5d7b8ddf017476eeda9865c9f009109b3e055a20806e74dcea1c1248a65d803579be2d695cba3ffee349660a291c7c9d

Download Submit
C:\Windows\system\xgDHYUw.exe

Filesize
6.0MB

MD5
a33829b1e82ed67aed47536e3a9c2750

SHA1
dc54597cbf8ca96ada6fbce6b1572034b977bfdd

SHA256
fd717f81725d2e44d673d552a236b8106d7325a3f71443c22bce80a60c2f920c

SHA512
db5d904739c9556f8d9ccd26f004d8b75e00d765b0966fa97486df32a92d5beb833949787f6cdbd116ffb3bf04c3ab143f8ed9ca6e70f2fc2187c190c4067961

Download Submit
C:\Windows\system\yhKEXMQ.exe

Filesize
6.0MB

MD5
29275c5914960f5ca01ed446fcb7e6a5

SHA1
84863c73e436d5ddb748828ec062e471cee3043e

SHA256
f67e860b3851fba04c4681153780259a293c0f6c9498583fe65da8ec395f508f

SHA512
c15af70c5b61635d6eecc18362f519c1219d371b87eb1e2754fb4e965107773e43c825f4e7ac46dcbbe6ebb3b2d400f01948edaa0261f587326932c4100efcbd

Download Submit
\Windows\system\aZNhuft.exe

Filesize
6.0MB

MD5
e6377a5b8cb0f324629d408572b86535

SHA1
3303a4232c41a5d1523071beb3d3bc4430e6541e

SHA256
9303076537fc19eca5e2e4bd634b751b0fab7d4a6e7bd648d585058de4e1f043

SHA512
499208a8917b5389a1e65feeee9d1d92a3ab7aa961ed7435951c4af694a4176ec6b64a32bee9de2b0daa0172c67d59bbada5a462b1dcc346b4abf84404d5e57e

Download Submit
\Windows\system\iGNiHon.exe

Filesize
6.0MB

MD5
d6df65f219cb6abd773e9501eb48052a

SHA1
ff0545adec68975296c3fb137f4e0822c60f8ee0

SHA256
02807ffa9ac61ca93e7958c38929f91d331b433d2b5a4cc1dcf4a25ff005e705

SHA512
bec53c062431af961855a2831925ed466332a099c9648a3d82ba5a0a2866a4ea7530e1edac05628c2d67f86183e0ca0d867364aea49be48c2cde65c0c9294abe

Download Submit
\Windows\system\kvuTLov.exe

Filesize
6.0MB

MD5
e0ca8ec6c2715fb040221942f7fa620e

SHA1
cff7ce3f05126a5539336f91cb11899d2e9fc1f9

SHA256
5d9f4330b61bee43afb7ae3d0a2f6cff8dc3e15e5a6bd70c1febc353332db7fa

SHA512
6b2ef492bfd12a28951126428580ec4e25044782d1fc672f2d1c4b6f2f15b96d08b5b8c407d18b7212612d34e2dc35d139d476783fe5abe8d5388f9486c4d4b0

Download Submit
memory/576-122-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/576-2875-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-119-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1803-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2124-2637-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2124-121-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-2635-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2124-0-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-2629-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2124-117-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-2618-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2124-115-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2124-2583-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2124-113-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-2489-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-111-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1781-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1890-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2124-125-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2124-123-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-131-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2124-127-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2124-129-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2148-2869-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2148-1931-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-2873-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-118-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-2889-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2340-120-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2364-2870-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-114-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-2874-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2536-112-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2556-116-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2556-2881-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2704-124-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-2913-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-130-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2732-2619-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2732-2886-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2796-1889-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2796-2887-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2816-126-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2867-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1785-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-2888-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-1775-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2852-5086-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2914-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2988-128-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download