cobaltstrike | 81080bcb1be495e3e5b551c469ff027e161f3222327f6f60b1ea32f6faa478e5

Analysis

max time kernel
121s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-12-2024 10:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0a8303b6b53abcc4980f5f99362eccad
SHA1

934fb0bbc64e4d183d90fa8a827e8ce0d7ba1b02
SHA256

81080bcb1be495e3e5b551c469ff027e161f3222327f6f60b1ea32f6faa478e5
SHA512

efa2de93ce3c0a6f680396b4ee4f66ae3bf113c2930eb8cd79fdbd3b43a149056156690daebc3fae3b305cf586f0aa57d6f1a5ee727dbfcf95bbe5c129b3a9f1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUi:T+q56utgpPF8u/7i

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x000f000000018683-14.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175f7-12.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000175f1-8.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193dc-99.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000174b4-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a8-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019543-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019535-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952e-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952b-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019520-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019518-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019510-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019508-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e1-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d5-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-94.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c3-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019428-109.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018be7-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d0-70.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001870c-69.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-58.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-40.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001871c-36.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018706-35.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f9-89.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939f-52.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-51.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2936-0-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000012117-6.dat	xmrig
behavioral1/files/0x000f000000018683-14.dat	xmrig
behavioral1/files/0x00070000000175f7-12.dat	xmrig
behavioral1/files/0x00080000000175f1-8.dat	xmrig
behavioral1/memory/2324-42-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x00050000000193dc-99.dat	xmrig
behavioral1/files/0x00090000000174b4-124.dat	xmrig
behavioral1/memory/3048-920-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2772-798-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2936-587-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195a8-186.dat	xmrig
behavioral1/files/0x0005000000019543-181.dat	xmrig
behavioral1/files/0x0005000000019535-176.dat	xmrig
behavioral1/files/0x000500000001952e-171.dat	xmrig
behavioral1/files/0x000500000001952b-166.dat	xmrig
behavioral1/files/0x0005000000019520-161.dat	xmrig
behavioral1/files/0x0005000000019518-156.dat	xmrig
behavioral1/files/0x0005000000019510-151.dat	xmrig
behavioral1/files/0x0005000000019508-146.dat	xmrig
behavioral1/files/0x00050000000194e1-137.dat	xmrig
behavioral1/files/0x0005000000019502-141.dat	xmrig
behavioral1/files/0x00050000000194d5-129.dat	xmrig
behavioral1/files/0x00050000000194ad-116.dat	xmrig
behavioral1/files/0x0005000000019426-94.dat	xmrig
behavioral1/files/0x00050000000194c3-122.dat	xmrig
behavioral1/files/0x0005000000019428-109.dat	xmrig
behavioral1/memory/2628-107-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2944-106-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/3028-105-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2936-104-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x0008000000018be7-86.dat	xmrig
behavioral1/memory/3048-82-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2772-80-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2340-79-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2756-76-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2936-75-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2908-74-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2240-71-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193d0-70.dat	xmrig
behavioral1/files/0x000600000001870c-69.dat	xmrig
behavioral1/memory/2856-61-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193cc-58.dat	xmrig
behavioral1/files/0x000500000001938e-40.dat	xmrig
behavioral1/files/0x000600000001871c-36.dat	xmrig
behavioral1/files/0x0006000000018706-35.dat	xmrig
behavioral1/memory/2868-103-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193f9-89.dat	xmrig
behavioral1/memory/3008-65-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2936-56-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2752-54-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001939f-52.dat	xmrig
behavioral1/files/0x0005000000019358-51.dat	xmrig
behavioral1/memory/2628-3132-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2868-3137-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2324-3136-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/3048-3135-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2944-3130-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/3008-3110-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2240-3119-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2772-3152-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2908-3153-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2856-3170-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2752-3177-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3008	vZQFJaY.exe
2240	LArSlbt.exe
2324	qFEagJn.exe
2908	ozLnbLM.exe
2752	rJhqkdI.exe
2756	JLlSZIR.exe
2856	ynbeuLI.exe
3048	htEksmc.exe
2340	JrBILaR.exe
2772	UHNadah.exe
2868	yXlYgJL.exe
3028	MJSfPTX.exe
2944	bXXbywt.exe
2628	ZjQFUgN.exe
2884	gcDHOIM.exe
2024	pMRnCGv.exe
1252	SXhSAMg.exe
1976	pGUTLpI.exe
1956	oBWsmJl.exe
1984	KpoRvok.exe
1768	nbkaHIf.exe
808	yZhPIJw.exe
2816	PRQlzTE.exe
2644	GiSMzDJ.exe
2456	qEjUEhT.exe
2916	jPrzmox.exe
772	sZnkyPZ.exe
2460	zhPlMge.exe
1012	bZyMwGx.exe
1088	JxFUbON.exe
2032	fJVJpxM.exe
960	uUkjVXy.exe
1516	oZNTgGy.exe
1952	UjQYtuh.exe
2264	aACNjSg.exe
848	SzryKek.exe
912	zBwgEHO.exe
1880	EloTmES.exe
1492	rVctEeS.exe
576	EULsaFE.exe
264	UemLTBD.exe
2248	kcrQNRw.exe
1908	yiuPkAY.exe
480	gSeBKKf.exe
2288	iAjzMHA.exe
2108	wCDTEkF.exe
568	ALKfQew.exe
1152	StWybdR.exe
884	WwdwkFi.exe
1332	pIhoOlV.exe
2232	LYVmsQl.exe
1600	czbUpbw.exe
1696	wjyHaHj.exe
2532	NsvpqmO.exe
580	HhuyDlq.exe
2708	zqokgYY.exe
2796	PAOoPac.exe
676	JXhwCrM.exe
1040	WTphOeQ.exe
1720	FxLlwpD.exe
2896	NRoTugR.exe
2740	qjrVxAO.exe
2056	fTZQugD.exe
2132	hdNgDzL.exe

Loads dropped DLL 64 IoCs

pid	Process
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2936-0-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x0008000000012117-6.dat	upx
behavioral1/files/0x000f000000018683-14.dat	upx
behavioral1/files/0x00070000000175f7-12.dat	upx
behavioral1/files/0x00080000000175f1-8.dat	upx
behavioral1/memory/2324-42-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x00050000000193dc-99.dat	upx
behavioral1/files/0x00090000000174b4-124.dat	upx
behavioral1/memory/3048-920-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2772-798-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2936-587-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x00050000000195a8-186.dat	upx
behavioral1/files/0x0005000000019543-181.dat	upx
behavioral1/files/0x0005000000019535-176.dat	upx
behavioral1/files/0x000500000001952e-171.dat	upx
behavioral1/files/0x000500000001952b-166.dat	upx
behavioral1/files/0x0005000000019520-161.dat	upx
behavioral1/files/0x0005000000019518-156.dat	upx
behavioral1/files/0x0005000000019510-151.dat	upx
behavioral1/files/0x0005000000019508-146.dat	upx
behavioral1/files/0x00050000000194e1-137.dat	upx
behavioral1/files/0x0005000000019502-141.dat	upx
behavioral1/files/0x00050000000194d5-129.dat	upx
behavioral1/files/0x00050000000194ad-116.dat	upx
behavioral1/files/0x0005000000019426-94.dat	upx
behavioral1/files/0x00050000000194c3-122.dat	upx
behavioral1/files/0x0005000000019428-109.dat	upx
behavioral1/memory/2628-107-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2944-106-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/3028-105-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x0008000000018be7-86.dat	upx
behavioral1/memory/3048-82-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2772-80-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2340-79-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2756-76-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2908-74-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2240-71-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/files/0x00050000000193d0-70.dat	upx
behavioral1/files/0x000600000001870c-69.dat	upx
behavioral1/memory/2856-61-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x00050000000193cc-58.dat	upx
behavioral1/files/0x000500000001938e-40.dat	upx
behavioral1/files/0x000600000001871c-36.dat	upx
behavioral1/files/0x0006000000018706-35.dat	upx
behavioral1/memory/2868-103-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x00050000000193f9-89.dat	upx
behavioral1/memory/3008-65-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2752-54-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x000500000001939f-52.dat	upx
behavioral1/files/0x0005000000019358-51.dat	upx
behavioral1/memory/2628-3132-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2868-3137-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2324-3136-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/3048-3135-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2944-3130-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/3008-3110-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2240-3119-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2772-3152-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2908-3153-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2856-3170-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2752-3177-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/3028-3192-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2756-3193-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2340-4747-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\eKcHrcV.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VWMjfBa.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xeXTUlI.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxhBkND.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sZnkyPZ.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oZNTgGy.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXFgsuM.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bCvSzGJ.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yywFyLx.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yvZDuLA.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lcYQJxN.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UNAkHQu.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGUTLpI.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LBowyzO.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pjZceeX.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zpVjegK.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kMgroxO.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHrZiNj.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVeHpDo.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntXkZhr.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KipxlYn.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZfddLTv.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxKNyQq.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hGEpbHW.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MAmeVVQ.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQjWtuU.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdIvDbr.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KzxrIGT.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jlytrpA.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bkpAeYT.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zleflbW.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AfQLrPr.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VWQJAZh.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lwwcoUn.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oBWsmJl.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SzryKek.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jXYqHSw.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iuvHxxy.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dcWZYqt.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wueFhtD.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OknsPoy.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbnkyYH.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qEjUEhT.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ELnmGLz.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mBphPxn.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yiuPkAY.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FsCnecb.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bipdpOr.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ixMBlal.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EZagPuR.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dLQHTlw.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXDFIEo.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJtFJDH.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GKAcNoZ.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZkHbwLI.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kaNsCBG.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nxEAYhY.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Egglzfw.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iWWUXOw.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ruciGWC.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WuVSsAx.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aTaajwk.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LfsTZEv.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtRczuO.exe	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 3008	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2936 wrote to memory of 3008	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2936 wrote to memory of 3008	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2936 wrote to memory of 2240	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2936 wrote to memory of 2240	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2936 wrote to memory of 2240	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2936 wrote to memory of 2324	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2936 wrote to memory of 2324	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2936 wrote to memory of 2324	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2936 wrote to memory of 3048	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2936 wrote to memory of 3048	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2936 wrote to memory of 3048	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2936 wrote to memory of 2908	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2936 wrote to memory of 2908	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2936 wrote to memory of 2908	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2936 wrote to memory of 2340	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2936 wrote to memory of 2340	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2936 wrote to memory of 2340	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2936 wrote to memory of 2752	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2936 wrote to memory of 2752	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2936 wrote to memory of 2752	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2936 wrote to memory of 2868	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2936 wrote to memory of 2868	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2936 wrote to memory of 2868	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2936 wrote to memory of 2756	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2936 wrote to memory of 2756	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2936 wrote to memory of 2756	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2936 wrote to memory of 2944	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2936 wrote to memory of 2944	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2936 wrote to memory of 2944	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2936 wrote to memory of 2856	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2936 wrote to memory of 2856	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2936 wrote to memory of 2856	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2936 wrote to memory of 2628	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2936 wrote to memory of 2628	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2936 wrote to memory of 2628	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2936 wrote to memory of 2772	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2936 wrote to memory of 2772	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2936 wrote to memory of 2772	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2936 wrote to memory of 2884	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2936 wrote to memory of 2884	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2936 wrote to memory of 2884	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2936 wrote to memory of 3028	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2936 wrote to memory of 3028	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2936 wrote to memory of 3028	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2936 wrote to memory of 1252	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2936 wrote to memory of 1252	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2936 wrote to memory of 1252	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2936 wrote to memory of 2024	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2936 wrote to memory of 2024	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2936 wrote to memory of 2024	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2936 wrote to memory of 1976	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2936 wrote to memory of 1976	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2936 wrote to memory of 1976	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2936 wrote to memory of 1956	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2936 wrote to memory of 1956	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2936 wrote to memory of 1956	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2936 wrote to memory of 1768	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2936 wrote to memory of 1768	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2936 wrote to memory of 1768	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2936 wrote to memory of 1984	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2936 wrote to memory of 1984	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2936 wrote to memory of 1984	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2936 wrote to memory of 808	2936	2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-09_0a8303b6b53abcc4980f5f99362eccad_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\System\vZQFJaY.exe
  C:\Windows\System\vZQFJaY.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\LArSlbt.exe
  C:\Windows\System\LArSlbt.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\qFEagJn.exe
  C:\Windows\System\qFEagJn.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\htEksmc.exe
  C:\Windows\System\htEksmc.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\ozLnbLM.exe
  C:\Windows\System\ozLnbLM.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\JrBILaR.exe
  C:\Windows\System\JrBILaR.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\rJhqkdI.exe
  C:\Windows\System\rJhqkdI.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\yXlYgJL.exe
  C:\Windows\System\yXlYgJL.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\JLlSZIR.exe
  C:\Windows\System\JLlSZIR.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\bXXbywt.exe
  C:\Windows\System\bXXbywt.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\ynbeuLI.exe
  C:\Windows\System\ynbeuLI.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\ZjQFUgN.exe
  C:\Windows\System\ZjQFUgN.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\UHNadah.exe
  C:\Windows\System\UHNadah.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\gcDHOIM.exe
  C:\Windows\System\gcDHOIM.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\MJSfPTX.exe
  C:\Windows\System\MJSfPTX.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\SXhSAMg.exe
  C:\Windows\System\SXhSAMg.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\pMRnCGv.exe
  C:\Windows\System\pMRnCGv.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\pGUTLpI.exe
  C:\Windows\System\pGUTLpI.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\oBWsmJl.exe
  C:\Windows\System\oBWsmJl.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\nbkaHIf.exe
  C:\Windows\System\nbkaHIf.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\KpoRvok.exe
  C:\Windows\System\KpoRvok.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\yZhPIJw.exe
  C:\Windows\System\yZhPIJw.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\PRQlzTE.exe
  C:\Windows\System\PRQlzTE.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\GiSMzDJ.exe
  C:\Windows\System\GiSMzDJ.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\qEjUEhT.exe
  C:\Windows\System\qEjUEhT.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\jPrzmox.exe
  C:\Windows\System\jPrzmox.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\sZnkyPZ.exe
  C:\Windows\System\sZnkyPZ.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\zhPlMge.exe
  C:\Windows\System\zhPlMge.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\bZyMwGx.exe
  C:\Windows\System\bZyMwGx.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\JxFUbON.exe
  C:\Windows\System\JxFUbON.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\fJVJpxM.exe
  C:\Windows\System\fJVJpxM.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\uUkjVXy.exe
  C:\Windows\System\uUkjVXy.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\oZNTgGy.exe
  C:\Windows\System\oZNTgGy.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\UjQYtuh.exe
  C:\Windows\System\UjQYtuh.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\aACNjSg.exe
  C:\Windows\System\aACNjSg.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\SzryKek.exe
  C:\Windows\System\SzryKek.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\zBwgEHO.exe
  C:\Windows\System\zBwgEHO.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\EloTmES.exe
  C:\Windows\System\EloTmES.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\rVctEeS.exe
  C:\Windows\System\rVctEeS.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\EULsaFE.exe
  C:\Windows\System\EULsaFE.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\UemLTBD.exe
  C:\Windows\System\UemLTBD.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\kcrQNRw.exe
  C:\Windows\System\kcrQNRw.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\yiuPkAY.exe
  C:\Windows\System\yiuPkAY.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\gSeBKKf.exe
  C:\Windows\System\gSeBKKf.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\iAjzMHA.exe
  C:\Windows\System\iAjzMHA.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\ALKfQew.exe
  C:\Windows\System\ALKfQew.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\wCDTEkF.exe
  C:\Windows\System\wCDTEkF.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\StWybdR.exe
  C:\Windows\System\StWybdR.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\WwdwkFi.exe
  C:\Windows\System\WwdwkFi.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\pIhoOlV.exe
  C:\Windows\System\pIhoOlV.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\LYVmsQl.exe
  C:\Windows\System\LYVmsQl.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\czbUpbw.exe
  C:\Windows\System\czbUpbw.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\wjyHaHj.exe
  C:\Windows\System\wjyHaHj.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\NsvpqmO.exe
  C:\Windows\System\NsvpqmO.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\HhuyDlq.exe
  C:\Windows\System\HhuyDlq.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\zqokgYY.exe
  C:\Windows\System\zqokgYY.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\PAOoPac.exe
  C:\Windows\System\PAOoPac.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\JXhwCrM.exe
  C:\Windows\System\JXhwCrM.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\WTphOeQ.exe
  C:\Windows\System\WTphOeQ.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\FxLlwpD.exe
  C:\Windows\System\FxLlwpD.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\NRoTugR.exe
  C:\Windows\System\NRoTugR.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\qjrVxAO.exe
  C:\Windows\System\qjrVxAO.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\fTZQugD.exe
  C:\Windows\System\fTZQugD.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\hdNgDzL.exe
  C:\Windows\System\hdNgDzL.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\qjdUeIf.exe
  C:\Windows\System\qjdUeIf.exe
  2⤵
  PID:1756
- C:\Windows\System\UtzRmEg.exe
  C:\Windows\System\UtzRmEg.exe
  2⤵
  PID:1804
- C:\Windows\System\kqhmbWe.exe
  C:\Windows\System\kqhmbWe.exe
  2⤵
  PID:2844
- C:\Windows\System\PDFXvfq.exe
  C:\Windows\System\PDFXvfq.exe
  2⤵
  PID:2168
- C:\Windows\System\oQenFFD.exe
  C:\Windows\System\oQenFFD.exe
  2⤵
  PID:1940
- C:\Windows\System\DSqSgkC.exe
  C:\Windows\System\DSqSgkC.exe
  2⤵
  PID:444
- C:\Windows\System\YXUCWkQ.exe
  C:\Windows\System\YXUCWkQ.exe
  2⤵
  PID:656
- C:\Windows\System\kGxSdKP.exe
  C:\Windows\System\kGxSdKP.exe
  2⤵
  PID:2392
- C:\Windows\System\IQUElGL.exe
  C:\Windows\System\IQUElGL.exe
  2⤵
  PID:1028
- C:\Windows\System\ZVudfiR.exe
  C:\Windows\System\ZVudfiR.exe
  2⤵
  PID:2260
- C:\Windows\System\rKynvAa.exe
  C:\Windows\System\rKynvAa.exe
  2⤵
  PID:1836
- C:\Windows\System\EZagPuR.exe
  C:\Windows\System\EZagPuR.exe
  2⤵
  PID:1660
- C:\Windows\System\fgGKpDm.exe
  C:\Windows\System\fgGKpDm.exe
  2⤵
  PID:2180
- C:\Windows\System\SltPqmG.exe
  C:\Windows\System\SltPqmG.exe
  2⤵
  PID:2512
- C:\Windows\System\XndALJD.exe
  C:\Windows\System\XndALJD.exe
  2⤵
  PID:2276
- C:\Windows\System\ydxfCHy.exe
  C:\Windows\System\ydxfCHy.exe
  2⤵
  PID:1220
- C:\Windows\System\xVmJmTs.exe
  C:\Windows\System\xVmJmTs.exe
  2⤵
  PID:592
- C:\Windows\System\eKeywto.exe
  C:\Windows\System\eKeywto.exe
  2⤵
  PID:2564
- C:\Windows\System\ELnmGLz.exe
  C:\Windows\System\ELnmGLz.exe
  2⤵
  PID:2332
- C:\Windows\System\VaXvIaN.exe
  C:\Windows\System\VaXvIaN.exe
  2⤵
  PID:2996
- C:\Windows\System\WYxlUlL.exe
  C:\Windows\System\WYxlUlL.exe
  2⤵
  PID:1700
- C:\Windows\System\yHONmXH.exe
  C:\Windows\System\yHONmXH.exe
  2⤵
  PID:2100
- C:\Windows\System\CvMXfqb.exe
  C:\Windows\System\CvMXfqb.exe
  2⤵
  PID:2836
- C:\Windows\System\EsUvTgu.exe
  C:\Windows\System\EsUvTgu.exe
  2⤵
  PID:2196
- C:\Windows\System\QQjqJkV.exe
  C:\Windows\System\QQjqJkV.exe
  2⤵
  PID:1276
- C:\Windows\System\awtLXzm.exe
  C:\Windows\System\awtLXzm.exe
  2⤵
  PID:2876
- C:\Windows\System\bMWmoIN.exe
  C:\Windows\System\bMWmoIN.exe
  2⤵
  PID:1144
- C:\Windows\System\IjjNzOa.exe
  C:\Windows\System\IjjNzOa.exe
  2⤵
  PID:3092
- C:\Windows\System\TVBwsXn.exe
  C:\Windows\System\TVBwsXn.exe
  2⤵
  PID:3112
- C:\Windows\System\atfFkov.exe
  C:\Windows\System\atfFkov.exe
  2⤵
  PID:3132
- C:\Windows\System\YmoyuGn.exe
  C:\Windows\System\YmoyuGn.exe
  2⤵
  PID:3152
- C:\Windows\System\hcGfNxn.exe
  C:\Windows\System\hcGfNxn.exe
  2⤵
  PID:3172
- C:\Windows\System\dLQHTlw.exe
  C:\Windows\System\dLQHTlw.exe
  2⤵
  PID:3192
- C:\Windows\System\UNjWCEA.exe
  C:\Windows\System\UNjWCEA.exe
  2⤵
  PID:3212
- C:\Windows\System\GeeAisv.exe
  C:\Windows\System\GeeAisv.exe
  2⤵
  PID:3232
- C:\Windows\System\RlyPPLR.exe
  C:\Windows\System\RlyPPLR.exe
  2⤵
  PID:3252
- C:\Windows\System\IcllMEH.exe
  C:\Windows\System\IcllMEH.exe
  2⤵
  PID:3272
- C:\Windows\System\zYjnFze.exe
  C:\Windows\System\zYjnFze.exe
  2⤵
  PID:3292
- C:\Windows\System\DMjyHvG.exe
  C:\Windows\System\DMjyHvG.exe
  2⤵
  PID:3308
- C:\Windows\System\xvidvvY.exe
  C:\Windows\System\xvidvvY.exe
  2⤵
  PID:3332
- C:\Windows\System\TwpwMaS.exe
  C:\Windows\System\TwpwMaS.exe
  2⤵
  PID:3352
- C:\Windows\System\WArjTjO.exe
  C:\Windows\System\WArjTjO.exe
  2⤵
  PID:3372
- C:\Windows\System\bXDFIEo.exe
  C:\Windows\System\bXDFIEo.exe
  2⤵
  PID:3388
- C:\Windows\System\fhQclTk.exe
  C:\Windows\System\fhQclTk.exe
  2⤵
  PID:3412
- C:\Windows\System\jOvawpB.exe
  C:\Windows\System\jOvawpB.exe
  2⤵
  PID:3428
- C:\Windows\System\BBUvBRk.exe
  C:\Windows\System\BBUvBRk.exe
  2⤵
  PID:3448
- C:\Windows\System\JbwafCg.exe
  C:\Windows\System\JbwafCg.exe
  2⤵
  PID:3468
- C:\Windows\System\OtTYPwI.exe
  C:\Windows\System\OtTYPwI.exe
  2⤵
  PID:3492
- C:\Windows\System\gpEQXqK.exe
  C:\Windows\System\gpEQXqK.exe
  2⤵
  PID:3508
- C:\Windows\System\NleqeaV.exe
  C:\Windows\System\NleqeaV.exe
  2⤵
  PID:3528
- C:\Windows\System\aTpAErn.exe
  C:\Windows\System\aTpAErn.exe
  2⤵
  PID:3548
- C:\Windows\System\gNsbRNB.exe
  C:\Windows\System\gNsbRNB.exe
  2⤵
  PID:3572
- C:\Windows\System\RcYMIjw.exe
  C:\Windows\System\RcYMIjw.exe
  2⤵
  PID:3588
- C:\Windows\System\mCKFqck.exe
  C:\Windows\System\mCKFqck.exe
  2⤵
  PID:3608
- C:\Windows\System\efSTDja.exe
  C:\Windows\System\efSTDja.exe
  2⤵
  PID:3632
- C:\Windows\System\UElFEzB.exe
  C:\Windows\System\UElFEzB.exe
  2⤵
  PID:3652
- C:\Windows\System\BROGFmW.exe
  C:\Windows\System\BROGFmW.exe
  2⤵
  PID:3672
- C:\Windows\System\kfZEEdA.exe
  C:\Windows\System\kfZEEdA.exe
  2⤵
  PID:3688
- C:\Windows\System\NEhQFyb.exe
  C:\Windows\System\NEhQFyb.exe
  2⤵
  PID:3712
- C:\Windows\System\qEmdsiH.exe
  C:\Windows\System\qEmdsiH.exe
  2⤵
  PID:3732
- C:\Windows\System\WyCntev.exe
  C:\Windows\System\WyCntev.exe
  2⤵
  PID:3748
- C:\Windows\System\yYiCeIh.exe
  C:\Windows\System\yYiCeIh.exe
  2⤵
  PID:3772
- C:\Windows\System\uqvrRZE.exe
  C:\Windows\System\uqvrRZE.exe
  2⤵
  PID:3792
- C:\Windows\System\IkUVAUT.exe
  C:\Windows\System\IkUVAUT.exe
  2⤵
  PID:3812
- C:\Windows\System\YQumLHn.exe
  C:\Windows\System\YQumLHn.exe
  2⤵
  PID:3832
- C:\Windows\System\jXYqHSw.exe
  C:\Windows\System\jXYqHSw.exe
  2⤵
  PID:3852
- C:\Windows\System\DgEcmBh.exe
  C:\Windows\System\DgEcmBh.exe
  2⤵
  PID:3872
- C:\Windows\System\FsKFvEJ.exe
  C:\Windows\System\FsKFvEJ.exe
  2⤵
  PID:3888
- C:\Windows\System\yBsqTJN.exe
  C:\Windows\System\yBsqTJN.exe
  2⤵
  PID:3912
- C:\Windows\System\QMXTWzU.exe
  C:\Windows\System\QMXTWzU.exe
  2⤵
  PID:3932
- C:\Windows\System\DPQfOsp.exe
  C:\Windows\System\DPQfOsp.exe
  2⤵
  PID:3952
- C:\Windows\System\DpXayyz.exe
  C:\Windows\System\DpXayyz.exe
  2⤵
  PID:3968
- C:\Windows\System\LHrZiNj.exe
  C:\Windows\System\LHrZiNj.exe
  2⤵
  PID:3992
- C:\Windows\System\fLihHEA.exe
  C:\Windows\System\fLihHEA.exe
  2⤵
  PID:4012
- C:\Windows\System\qJgBdLl.exe
  C:\Windows\System\qJgBdLl.exe
  2⤵
  PID:4032
- C:\Windows\System\NZAaeRz.exe
  C:\Windows\System\NZAaeRz.exe
  2⤵
  PID:4052
- C:\Windows\System\raJEdKo.exe
  C:\Windows\System\raJEdKo.exe
  2⤵
  PID:4068
- C:\Windows\System\SoPKPkf.exe
  C:\Windows\System\SoPKPkf.exe
  2⤵
  PID:4092
- C:\Windows\System\RvNRMfZ.exe
  C:\Windows\System\RvNRMfZ.exe
  2⤵
  PID:2888
- C:\Windows\System\mYgdntQ.exe
  C:\Windows\System\mYgdntQ.exe
  2⤵
  PID:2120
- C:\Windows\System\tcnoslM.exe
  C:\Windows\System\tcnoslM.exe
  2⤵
  PID:2812
- C:\Windows\System\lLGXTfd.exe
  C:\Windows\System\lLGXTfd.exe
  2⤵
  PID:1624
- C:\Windows\System\RPGLOAF.exe
  C:\Windows\System\RPGLOAF.exe
  2⤵
  PID:1944
- C:\Windows\System\iHyUCFN.exe
  C:\Windows\System\iHyUCFN.exe
  2⤵
  PID:2016
- C:\Windows\System\zncnUMe.exe
  C:\Windows\System\zncnUMe.exe
  2⤵
  PID:2164
- C:\Windows\System\RMwmAxd.exe
  C:\Windows\System\RMwmAxd.exe
  2⤵
  PID:988
- C:\Windows\System\AXFgsuM.exe
  C:\Windows\System\AXFgsuM.exe
  2⤵
  PID:2284
- C:\Windows\System\UyoDqgv.exe
  C:\Windows\System\UyoDqgv.exe
  2⤵
  PID:544
- C:\Windows\System\tPgIcfI.exe
  C:\Windows\System\tPgIcfI.exe
  2⤵
  PID:2144
- C:\Windows\System\JPhcrxU.exe
  C:\Windows\System\JPhcrxU.exe
  2⤵
  PID:2420
- C:\Windows\System\WAbqBcy.exe
  C:\Windows\System\WAbqBcy.exe
  2⤵
  PID:2436
- C:\Windows\System\lDaZMKb.exe
  C:\Windows\System\lDaZMKb.exe
  2⤵
  PID:2492
- C:\Windows\System\vmDeeqR.exe
  C:\Windows\System\vmDeeqR.exe
  2⤵
  PID:2940
- C:\Windows\System\BYilPCk.exe
  C:\Windows\System\BYilPCk.exe
  2⤵
  PID:3076
- C:\Windows\System\kdIvDbr.exe
  C:\Windows\System\kdIvDbr.exe
  2⤵
  PID:2364
- C:\Windows\System\NJKIYxx.exe
  C:\Windows\System\NJKIYxx.exe
  2⤵
  PID:3160
- C:\Windows\System\ofXcDPQ.exe
  C:\Windows\System\ofXcDPQ.exe
  2⤵
  PID:3140
- C:\Windows\System\NbXJWww.exe
  C:\Windows\System\NbXJWww.exe
  2⤵
  PID:3204
- C:\Windows\System\zIgdIpi.exe
  C:\Windows\System\zIgdIpi.exe
  2⤵
  PID:3220
- C:\Windows\System\lphbuAT.exe
  C:\Windows\System\lphbuAT.exe
  2⤵
  PID:3244
- C:\Windows\System\WTjsAkv.exe
  C:\Windows\System\WTjsAkv.exe
  2⤵
  PID:3288
- C:\Windows\System\WCaPaeU.exe
  C:\Windows\System\WCaPaeU.exe
  2⤵
  PID:3360
- C:\Windows\System\SqemXZE.exe
  C:\Windows\System\SqemXZE.exe
  2⤵
  PID:3368
- C:\Windows\System\ffbkchU.exe
  C:\Windows\System\ffbkchU.exe
  2⤵
  PID:3380
- C:\Windows\System\lExZFnH.exe
  C:\Windows\System\lExZFnH.exe
  2⤵
  PID:3444
- C:\Windows\System\hBckRwM.exe
  C:\Windows\System\hBckRwM.exe
  2⤵
  PID:3484
- C:\Windows\System\OhZkeLd.exe
  C:\Windows\System\OhZkeLd.exe
  2⤵
  PID:3520
- C:\Windows\System\cWjjJtn.exe
  C:\Windows\System\cWjjJtn.exe
  2⤵
  PID:3540
- C:\Windows\System\KgJGHyi.exe
  C:\Windows\System\KgJGHyi.exe
  2⤵
  PID:3596
- C:\Windows\System\ptGOSKh.exe
  C:\Windows\System\ptGOSKh.exe
  2⤵
  PID:3580
- C:\Windows\System\gTCZDEp.exe
  C:\Windows\System\gTCZDEp.exe
  2⤵
  PID:3624
- C:\Windows\System\vjTLehY.exe
  C:\Windows\System\vjTLehY.exe
  2⤵
  PID:3664
- C:\Windows\System\tITgjwZ.exe
  C:\Windows\System\tITgjwZ.exe
  2⤵
  PID:3720
- C:\Windows\System\amlmtRC.exe
  C:\Windows\System\amlmtRC.exe
  2⤵
  PID:3740
- C:\Windows\System\aCLLjVx.exe
  C:\Windows\System\aCLLjVx.exe
  2⤵
  PID:3764
- C:\Windows\System\TqNteQc.exe
  C:\Windows\System\TqNteQc.exe
  2⤵
  PID:3788
- C:\Windows\System\qNgqCdV.exe
  C:\Windows\System\qNgqCdV.exe
  2⤵
  PID:3844
- C:\Windows\System\rSahLmR.exe
  C:\Windows\System\rSahLmR.exe
  2⤵
  PID:3864
- C:\Windows\System\QhzoZJw.exe
  C:\Windows\System\QhzoZJw.exe
  2⤵
  PID:3920
- C:\Windows\System\DetkDnq.exe
  C:\Windows\System\DetkDnq.exe
  2⤵
  PID:3960
- C:\Windows\System\BZnYQgH.exe
  C:\Windows\System\BZnYQgH.exe
  2⤵
  PID:4004
- C:\Windows\System\JQeqSDc.exe
  C:\Windows\System\JQeqSDc.exe
  2⤵
  PID:3944
- C:\Windows\System\lizcMVy.exe
  C:\Windows\System\lizcMVy.exe
  2⤵
  PID:4020
- C:\Windows\System\aRipFoO.exe
  C:\Windows\System\aRipFoO.exe
  2⤵
  PID:4024
- C:\Windows\System\ezrkLjO.exe
  C:\Windows\System\ezrkLjO.exe
  2⤵
  PID:1104
- C:\Windows\System\xIdCpRD.exe
  C:\Windows\System\xIdCpRD.exe
  2⤵
  PID:2432
- C:\Windows\System\HFQeZLo.exe
  C:\Windows\System\HFQeZLo.exe
  2⤵
  PID:1776
- C:\Windows\System\FAhThAv.exe
  C:\Windows\System\FAhThAv.exe
  2⤵
  PID:2700
- C:\Windows\System\BIAEZOn.exe
  C:\Windows\System\BIAEZOn.exe
  2⤵
  PID:904
- C:\Windows\System\yeIMTwz.exe
  C:\Windows\System\yeIMTwz.exe
  2⤵
  PID:1380
- C:\Windows\System\bCxEXzE.exe
  C:\Windows\System\bCxEXzE.exe
  2⤵
  PID:2764
- C:\Windows\System\pbfLgWH.exe
  C:\Windows\System\pbfLgWH.exe
  2⤵
  PID:1224
- C:\Windows\System\NWjFoEs.exe
  C:\Windows\System\NWjFoEs.exe
  2⤵
  PID:3040
- C:\Windows\System\lBRdSXB.exe
  C:\Windows\System\lBRdSXB.exe
  2⤵
  PID:1632
- C:\Windows\System\hmLnjUY.exe
  C:\Windows\System\hmLnjUY.exe
  2⤵
  PID:3080
- C:\Windows\System\UVTXlEn.exe
  C:\Windows\System\UVTXlEn.exe
  2⤵
  PID:3180
- C:\Windows\System\QsSyZQF.exe
  C:\Windows\System\QsSyZQF.exe
  2⤵
  PID:3224
- C:\Windows\System\SCRXGYc.exe
  C:\Windows\System\SCRXGYc.exe
  2⤵
  PID:3184
- C:\Windows\System\hyPRBRo.exe
  C:\Windows\System\hyPRBRo.exe
  2⤵
  PID:3408
- C:\Windows\System\uUnxPVz.exe
  C:\Windows\System\uUnxPVz.exe
  2⤵
  PID:3436
- C:\Windows\System\YsufzRN.exe
  C:\Windows\System\YsufzRN.exe
  2⤵
  PID:3404
- C:\Windows\System\aqtyuPO.exe
  C:\Windows\System\aqtyuPO.exe
  2⤵
  PID:3500
- C:\Windows\System\SeEaPWx.exe
  C:\Windows\System\SeEaPWx.exe
  2⤵
  PID:3488
- C:\Windows\System\EEAZbNO.exe
  C:\Windows\System\EEAZbNO.exe
  2⤵
  PID:3564
- C:\Windows\System\kPFCfjV.exe
  C:\Windows\System\kPFCfjV.exe
  2⤵
  PID:3696
- C:\Windows\System\VRgOecd.exe
  C:\Windows\System\VRgOecd.exe
  2⤵
  PID:3760
- C:\Windows\System\TOgZkXH.exe
  C:\Windows\System\TOgZkXH.exe
  2⤵
  PID:3768
- C:\Windows\System\bkpAeYT.exe
  C:\Windows\System\bkpAeYT.exe
  2⤵
  PID:3840
- C:\Windows\System\VztGyaM.exe
  C:\Windows\System\VztGyaM.exe
  2⤵
  PID:3940
- C:\Windows\System\DLRUYwI.exe
  C:\Windows\System\DLRUYwI.exe
  2⤵
  PID:4048
- C:\Windows\System\lBJZuXC.exe
  C:\Windows\System\lBJZuXC.exe
  2⤵
  PID:4008
- C:\Windows\System\hhbUdeM.exe
  C:\Windows\System\hhbUdeM.exe
  2⤵
  PID:4000
- C:\Windows\System\CcAWnSG.exe
  C:\Windows\System\CcAWnSG.exe
  2⤵
  PID:3984
- C:\Windows\System\qmvzWWy.exe
  C:\Windows\System\qmvzWWy.exe
  2⤵
  PID:3068
- C:\Windows\System\bwqfhaL.exe
  C:\Windows\System\bwqfhaL.exe
  2⤵
  PID:1704
- C:\Windows\System\sKpICmD.exe
  C:\Windows\System\sKpICmD.exe
  2⤵
  PID:2344
- C:\Windows\System\BMayPUM.exe
  C:\Windows\System\BMayPUM.exe
  2⤵
  PID:4108
- C:\Windows\System\ItOdqxK.exe
  C:\Windows\System\ItOdqxK.exe
  2⤵
  PID:4128
- C:\Windows\System\rCDAuFW.exe
  C:\Windows\System\rCDAuFW.exe
  2⤵
  PID:4148
- C:\Windows\System\DXwMekj.exe
  C:\Windows\System\DXwMekj.exe
  2⤵
  PID:4172
- C:\Windows\System\yijLELO.exe
  C:\Windows\System\yijLELO.exe
  2⤵
  PID:4192
- C:\Windows\System\zSSfaKL.exe
  C:\Windows\System\zSSfaKL.exe
  2⤵
  PID:4212
- C:\Windows\System\aHkXFcO.exe
  C:\Windows\System\aHkXFcO.exe
  2⤵
  PID:4232
- C:\Windows\System\fwMrqbk.exe
  C:\Windows\System\fwMrqbk.exe
  2⤵
  PID:4252
- C:\Windows\System\mXUVKHs.exe
  C:\Windows\System\mXUVKHs.exe
  2⤵
  PID:4272
- C:\Windows\System\UmOqwiU.exe
  C:\Windows\System\UmOqwiU.exe
  2⤵
  PID:4292
- C:\Windows\System\kiieYsk.exe
  C:\Windows\System\kiieYsk.exe
  2⤵
  PID:4312
- C:\Windows\System\CLCsDQA.exe
  C:\Windows\System\CLCsDQA.exe
  2⤵
  PID:4332
- C:\Windows\System\yLAOohe.exe
  C:\Windows\System\yLAOohe.exe
  2⤵
  PID:4352
- C:\Windows\System\hqoaubW.exe
  C:\Windows\System\hqoaubW.exe
  2⤵
  PID:4372
- C:\Windows\System\akypAIy.exe
  C:\Windows\System\akypAIy.exe
  2⤵
  PID:4396
- C:\Windows\System\gnZxiLs.exe
  C:\Windows\System\gnZxiLs.exe
  2⤵
  PID:4416
- C:\Windows\System\GzBUZyo.exe
  C:\Windows\System\GzBUZyo.exe
  2⤵
  PID:4436
- C:\Windows\System\JEYtBLZ.exe
  C:\Windows\System\JEYtBLZ.exe
  2⤵
  PID:4456
- C:\Windows\System\rxbTsHt.exe
  C:\Windows\System\rxbTsHt.exe
  2⤵
  PID:4476
- C:\Windows\System\ehhDQFg.exe
  C:\Windows\System\ehhDQFg.exe
  2⤵
  PID:4496
- C:\Windows\System\dBPIIrm.exe
  C:\Windows\System\dBPIIrm.exe
  2⤵
  PID:4516
- C:\Windows\System\VsaMjAO.exe
  C:\Windows\System\VsaMjAO.exe
  2⤵
  PID:4536
- C:\Windows\System\SmoARmf.exe
  C:\Windows\System\SmoARmf.exe
  2⤵
  PID:4556
- C:\Windows\System\BdePQsR.exe
  C:\Windows\System\BdePQsR.exe
  2⤵
  PID:4576
- C:\Windows\System\xvOmOTR.exe
  C:\Windows\System\xvOmOTR.exe
  2⤵
  PID:4596
- C:\Windows\System\eUxQhFP.exe
  C:\Windows\System\eUxQhFP.exe
  2⤵
  PID:4616
- C:\Windows\System\IZnJbcM.exe
  C:\Windows\System\IZnJbcM.exe
  2⤵
  PID:4636
- C:\Windows\System\yiHEFzj.exe
  C:\Windows\System\yiHEFzj.exe
  2⤵
  PID:4656
- C:\Windows\System\lYPJYCV.exe
  C:\Windows\System\lYPJYCV.exe
  2⤵
  PID:4676
- C:\Windows\System\KtFeOCL.exe
  C:\Windows\System\KtFeOCL.exe
  2⤵
  PID:4696
- C:\Windows\System\mRjjRzd.exe
  C:\Windows\System\mRjjRzd.exe
  2⤵
  PID:4716
- C:\Windows\System\txhsLmW.exe
  C:\Windows\System\txhsLmW.exe
  2⤵
  PID:4736
- C:\Windows\System\elJKEaE.exe
  C:\Windows\System\elJKEaE.exe
  2⤵
  PID:4756
- C:\Windows\System\XXUaBqS.exe
  C:\Windows\System\XXUaBqS.exe
  2⤵
  PID:4776
- C:\Windows\System\AKJoLVe.exe
  C:\Windows\System\AKJoLVe.exe
  2⤵
  PID:4796
- C:\Windows\System\TIIjBnn.exe
  C:\Windows\System\TIIjBnn.exe
  2⤵
  PID:4816
- C:\Windows\System\pepOpmg.exe
  C:\Windows\System\pepOpmg.exe
  2⤵
  PID:4836
- C:\Windows\System\LVSknPD.exe
  C:\Windows\System\LVSknPD.exe
  2⤵
  PID:4856
- C:\Windows\System\UagNYPT.exe
  C:\Windows\System\UagNYPT.exe
  2⤵
  PID:4876
- C:\Windows\System\xtkFnRe.exe
  C:\Windows\System\xtkFnRe.exe
  2⤵
  PID:4896
- C:\Windows\System\BxZLtqr.exe
  C:\Windows\System\BxZLtqr.exe
  2⤵
  PID:4916
- C:\Windows\System\YAumKDc.exe
  C:\Windows\System\YAumKDc.exe
  2⤵
  PID:4936
- C:\Windows\System\jkbiAZt.exe
  C:\Windows\System\jkbiAZt.exe
  2⤵
  PID:4956
- C:\Windows\System\mtdSsVv.exe
  C:\Windows\System\mtdSsVv.exe
  2⤵
  PID:4976
- C:\Windows\System\ZhCOcUN.exe
  C:\Windows\System\ZhCOcUN.exe
  2⤵
  PID:4996
- C:\Windows\System\numGwes.exe
  C:\Windows\System\numGwes.exe
  2⤵
  PID:5016
- C:\Windows\System\ivlbwpX.exe
  C:\Windows\System\ivlbwpX.exe
  2⤵
  PID:5036
- C:\Windows\System\ySFHwCt.exe
  C:\Windows\System\ySFHwCt.exe
  2⤵
  PID:5056
- C:\Windows\System\PPVkRKD.exe
  C:\Windows\System\PPVkRKD.exe
  2⤵
  PID:5076
- C:\Windows\System\xKcoRTf.exe
  C:\Windows\System\xKcoRTf.exe
  2⤵
  PID:5096
- C:\Windows\System\WIzWvZs.exe
  C:\Windows\System\WIzWvZs.exe
  2⤵
  PID:5116
- C:\Windows\System\vsbSrMs.exe
  C:\Windows\System\vsbSrMs.exe
  2⤵
  PID:2280
- C:\Windows\System\uImTPyJ.exe
  C:\Windows\System\uImTPyJ.exe
  2⤵
  PID:3120
- C:\Windows\System\GHkHEMi.exe
  C:\Windows\System\GHkHEMi.exe
  2⤵
  PID:3188
- C:\Windows\System\rGPBRRp.exe
  C:\Windows\System\rGPBRRp.exe
  2⤵
  PID:3400
- C:\Windows\System\GGdvSEr.exe
  C:\Windows\System\GGdvSEr.exe
  2⤵
  PID:3504
- C:\Windows\System\lLprUvv.exe
  C:\Windows\System\lLprUvv.exe
  2⤵
  PID:3464
- C:\Windows\System\YBPpcbq.exe
  C:\Windows\System\YBPpcbq.exe
  2⤵
  PID:3860
- C:\Windows\System\CrCNJkL.exe
  C:\Windows\System\CrCNJkL.exe
  2⤵
  PID:3584
- C:\Windows\System\LBowyzO.exe
  C:\Windows\System\LBowyzO.exe
  2⤵
  PID:3800
- C:\Windows\System\twsrgya.exe
  C:\Windows\System\twsrgya.exe
  2⤵
  PID:3900
- C:\Windows\System\kCnnQRA.exe
  C:\Windows\System\kCnnQRA.exe
  2⤵
  PID:3904
- C:\Windows\System\VZTXMAM.exe
  C:\Windows\System\VZTXMAM.exe
  2⤵
  PID:3980
- C:\Windows\System\XnJbBKV.exe
  C:\Windows\System\XnJbBKV.exe
  2⤵
  PID:1680
- C:\Windows\System\YmcPYtb.exe
  C:\Windows\System\YmcPYtb.exe
  2⤵
  PID:896
- C:\Windows\System\mBphPxn.exe
  C:\Windows\System\mBphPxn.exe
  2⤵
  PID:4156
- C:\Windows\System\ljWAarj.exe
  C:\Windows\System\ljWAarj.exe
  2⤵
  PID:4136
- C:\Windows\System\VyIcEiV.exe
  C:\Windows\System\VyIcEiV.exe
  2⤵
  PID:4180
- C:\Windows\System\UcDPinX.exe
  C:\Windows\System\UcDPinX.exe
  2⤵
  PID:4220
- C:\Windows\System\GmHexLz.exe
  C:\Windows\System\GmHexLz.exe
  2⤵
  PID:4244
- C:\Windows\System\WmiPxeN.exe
  C:\Windows\System\WmiPxeN.exe
  2⤵
  PID:4288
- C:\Windows\System\sxvGbdf.exe
  C:\Windows\System\sxvGbdf.exe
  2⤵
  PID:4320
- C:\Windows\System\LwLLoEJ.exe
  C:\Windows\System\LwLLoEJ.exe
  2⤵
  PID:4344
- C:\Windows\System\JQJZjWW.exe
  C:\Windows\System\JQJZjWW.exe
  2⤵
  PID:4388
- C:\Windows\System\dFGVbnP.exe
  C:\Windows\System\dFGVbnP.exe
  2⤵
  PID:4424
- C:\Windows\System\WMQVxvQ.exe
  C:\Windows\System\WMQVxvQ.exe
  2⤵
  PID:4448
- C:\Windows\System\GhHesnv.exe
  C:\Windows\System\GhHesnv.exe
  2⤵
  PID:4492
- C:\Windows\System\GYmeupE.exe
  C:\Windows\System\GYmeupE.exe
  2⤵
  PID:4508
- C:\Windows\System\LfsTZEv.exe
  C:\Windows\System\LfsTZEv.exe
  2⤵
  PID:4564
- C:\Windows\System\cukWhOz.exe
  C:\Windows\System\cukWhOz.exe
  2⤵
  PID:4592
- C:\Windows\System\XKjobAC.exe
  C:\Windows\System\XKjobAC.exe
  2⤵
  PID:4624
- C:\Windows\System\QmLslBH.exe
  C:\Windows\System\QmLslBH.exe
  2⤵
  PID:4648
- C:\Windows\System\hGEpbHW.exe
  C:\Windows\System\hGEpbHW.exe
  2⤵
  PID:4668
- C:\Windows\System\JjktBMA.exe
  C:\Windows\System\JjktBMA.exe
  2⤵
  PID:4712
- C:\Windows\System\xunXjqg.exe
  C:\Windows\System\xunXjqg.exe
  2⤵
  PID:4748
- C:\Windows\System\ITujVpL.exe
  C:\Windows\System\ITujVpL.exe
  2⤵
  PID:4804
- C:\Windows\System\wDqTiiR.exe
  C:\Windows\System\wDqTiiR.exe
  2⤵
  PID:4824
- C:\Windows\System\iXoIzQA.exe
  C:\Windows\System\iXoIzQA.exe
  2⤵
  PID:4848
- C:\Windows\System\ZSeQqGa.exe
  C:\Windows\System\ZSeQqGa.exe
  2⤵
  PID:4892
- C:\Windows\System\dmhOdRk.exe
  C:\Windows\System\dmhOdRk.exe
  2⤵
  PID:4932
- C:\Windows\System\IjotvHm.exe
  C:\Windows\System\IjotvHm.exe
  2⤵
  PID:4952
- C:\Windows\System\vOWjCRA.exe
  C:\Windows\System\vOWjCRA.exe
  2⤵
  PID:5004
- C:\Windows\System\QFgSOUG.exe
  C:\Windows\System\QFgSOUG.exe
  2⤵
  PID:5024
- C:\Windows\System\xzuveRn.exe
  C:\Windows\System\xzuveRn.exe
  2⤵
  PID:5048
- C:\Windows\System\oRRXSYk.exe
  C:\Windows\System\oRRXSYk.exe
  2⤵
  PID:5068
- C:\Windows\System\zMdqLpV.exe
  C:\Windows\System\zMdqLpV.exe
  2⤵
  PID:2880
- C:\Windows\System\vcqWkkP.exe
  C:\Windows\System\vcqWkkP.exe
  2⤵
  PID:3300
- C:\Windows\System\JQwRScI.exe
  C:\Windows\System\JQwRScI.exe
  2⤵
  PID:3280
- C:\Windows\System\LBDqxIa.exe
  C:\Windows\System\LBDqxIa.exe
  2⤵
  PID:3456
- C:\Windows\System\iwZwHoX.exe
  C:\Windows\System\iwZwHoX.exe
  2⤵
  PID:3704
- C:\Windows\System\MrbPCOj.exe
  C:\Windows\System\MrbPCOj.exe
  2⤵
  PID:3628
- C:\Windows\System\dhZapmP.exe
  C:\Windows\System\dhZapmP.exe
  2⤵
  PID:4080
- C:\Windows\System\KZFMwbO.exe
  C:\Windows\System\KZFMwbO.exe
  2⤵
  PID:4028
- C:\Windows\System\QyWveoc.exe
  C:\Windows\System\QyWveoc.exe
  2⤵
  PID:4124
- C:\Windows\System\egZygfK.exe
  C:\Windows\System\egZygfK.exe
  2⤵
  PID:4168
- C:\Windows\System\HmYuYoR.exe
  C:\Windows\System\HmYuYoR.exe
  2⤵
  PID:876
- C:\Windows\System\gIrZzTp.exe
  C:\Windows\System\gIrZzTp.exe
  2⤵
  PID:4228
- C:\Windows\System\xKCaWRP.exe
  C:\Windows\System\xKCaWRP.exe
  2⤵
  PID:4304
- C:\Windows\System\VMtmNJU.exe
  C:\Windows\System\VMtmNJU.exe
  2⤵
  PID:4340
- C:\Windows\System\JmRmCPQ.exe
  C:\Windows\System\JmRmCPQ.exe
  2⤵
  PID:4452
- C:\Windows\System\LEoKzEi.exe
  C:\Windows\System\LEoKzEi.exe
  2⤵
  PID:4468
- C:\Windows\System\ZGcALXG.exe
  C:\Windows\System\ZGcALXG.exe
  2⤵
  PID:4528
- C:\Windows\System\ajLfWxt.exe
  C:\Windows\System\ajLfWxt.exe
  2⤵
  PID:4652
- C:\Windows\System\zleflbW.exe
  C:\Windows\System\zleflbW.exe
  2⤵
  PID:4608
- C:\Windows\System\acPmwNQ.exe
  C:\Windows\System\acPmwNQ.exe
  2⤵
  PID:4684
- C:\Windows\System\gBMhVua.exe
  C:\Windows\System\gBMhVua.exe
  2⤵
  PID:4744
- C:\Windows\System\Xbwwsuv.exe
  C:\Windows\System\Xbwwsuv.exe
  2⤵
  PID:4844
- C:\Windows\System\kynRpCT.exe
  C:\Windows\System\kynRpCT.exe
  2⤵
  PID:4884
- C:\Windows\System\fXtCyeo.exe
  C:\Windows\System\fXtCyeo.exe
  2⤵
  PID:5140
- C:\Windows\System\JYYOkUh.exe
  C:\Windows\System\JYYOkUh.exe
  2⤵
  PID:5160
- C:\Windows\System\FUGhOCm.exe
  C:\Windows\System\FUGhOCm.exe
  2⤵
  PID:5180
- C:\Windows\System\QqgFabV.exe
  C:\Windows\System\QqgFabV.exe
  2⤵
  PID:5200
- C:\Windows\System\NvfJZKa.exe
  C:\Windows\System\NvfJZKa.exe
  2⤵
  PID:5220
- C:\Windows\System\GJLNzGb.exe
  C:\Windows\System\GJLNzGb.exe
  2⤵
  PID:5240
- C:\Windows\System\ofdcOTX.exe
  C:\Windows\System\ofdcOTX.exe
  2⤵
  PID:5260
- C:\Windows\System\TOeWxXS.exe
  C:\Windows\System\TOeWxXS.exe
  2⤵
  PID:5280
- C:\Windows\System\EbuzKvd.exe
  C:\Windows\System\EbuzKvd.exe
  2⤵
  PID:5300
- C:\Windows\System\VvRNZfg.exe
  C:\Windows\System\VvRNZfg.exe
  2⤵
  PID:5320
- C:\Windows\System\gZgyoQx.exe
  C:\Windows\System\gZgyoQx.exe
  2⤵
  PID:5340
- C:\Windows\System\Xokwkll.exe
  C:\Windows\System\Xokwkll.exe
  2⤵
  PID:5360
- C:\Windows\System\iqeYDaW.exe
  C:\Windows\System\iqeYDaW.exe
  2⤵
  PID:5380
- C:\Windows\System\ZhnvQzz.exe
  C:\Windows\System\ZhnvQzz.exe
  2⤵
  PID:5400
- C:\Windows\System\xAWulkR.exe
  C:\Windows\System\xAWulkR.exe
  2⤵
  PID:5420
- C:\Windows\System\HSOSzXr.exe
  C:\Windows\System\HSOSzXr.exe
  2⤵
  PID:5440
- C:\Windows\System\CaqZciY.exe
  C:\Windows\System\CaqZciY.exe
  2⤵
  PID:5460
- C:\Windows\System\hJnadRX.exe
  C:\Windows\System\hJnadRX.exe
  2⤵
  PID:5480
- C:\Windows\System\YRcPNga.exe
  C:\Windows\System\YRcPNga.exe
  2⤵
  PID:5500
- C:\Windows\System\VatrDDC.exe
  C:\Windows\System\VatrDDC.exe
  2⤵
  PID:5520
- C:\Windows\System\KbygSfL.exe
  C:\Windows\System\KbygSfL.exe
  2⤵
  PID:5540
- C:\Windows\System\YRnhXMZ.exe
  C:\Windows\System\YRnhXMZ.exe
  2⤵
  PID:5560
- C:\Windows\System\tdDOhei.exe
  C:\Windows\System\tdDOhei.exe
  2⤵
  PID:5580
- C:\Windows\System\AnqXdtW.exe
  C:\Windows\System\AnqXdtW.exe
  2⤵
  PID:5600
- C:\Windows\System\pjtrhWY.exe
  C:\Windows\System\pjtrhWY.exe
  2⤵
  PID:5620
- C:\Windows\System\OfWokZx.exe
  C:\Windows\System\OfWokZx.exe
  2⤵
  PID:5640
- C:\Windows\System\xWUlbJs.exe
  C:\Windows\System\xWUlbJs.exe
  2⤵
  PID:5660
- C:\Windows\System\NiRCurw.exe
  C:\Windows\System\NiRCurw.exe
  2⤵
  PID:5680
- C:\Windows\System\iGybCLS.exe
  C:\Windows\System\iGybCLS.exe
  2⤵
  PID:5704
- C:\Windows\System\myiVRZk.exe
  C:\Windows\System\myiVRZk.exe
  2⤵
  PID:5724
- C:\Windows\System\DZzuaCN.exe
  C:\Windows\System\DZzuaCN.exe
  2⤵
  PID:5744
- C:\Windows\System\NObgSIo.exe
  C:\Windows\System\NObgSIo.exe
  2⤵
  PID:5764
- C:\Windows\System\XwDniAU.exe
  C:\Windows\System\XwDniAU.exe
  2⤵
  PID:5784
- C:\Windows\System\DsphvYW.exe
  C:\Windows\System\DsphvYW.exe
  2⤵
  PID:5804
- C:\Windows\System\yxEPYRA.exe
  C:\Windows\System\yxEPYRA.exe
  2⤵
  PID:5824
- C:\Windows\System\fyJtZdG.exe
  C:\Windows\System\fyJtZdG.exe
  2⤵
  PID:5844
- C:\Windows\System\EsptYPa.exe
  C:\Windows\System\EsptYPa.exe
  2⤵
  PID:5864
- C:\Windows\System\UKkGGeS.exe
  C:\Windows\System\UKkGGeS.exe
  2⤵
  PID:5884
- C:\Windows\System\LtYzojl.exe
  C:\Windows\System\LtYzojl.exe
  2⤵
  PID:5904
- C:\Windows\System\gqmyRiI.exe
  C:\Windows\System\gqmyRiI.exe
  2⤵
  PID:5924
- C:\Windows\System\MtVAufD.exe
  C:\Windows\System\MtVAufD.exe
  2⤵
  PID:5944
- C:\Windows\System\VJoxQZm.exe
  C:\Windows\System\VJoxQZm.exe
  2⤵
  PID:5964
- C:\Windows\System\RjZALpi.exe
  C:\Windows\System\RjZALpi.exe
  2⤵
  PID:5984
- C:\Windows\System\VIngJbn.exe
  C:\Windows\System\VIngJbn.exe
  2⤵
  PID:6004
- C:\Windows\System\iAkoBvw.exe
  C:\Windows\System\iAkoBvw.exe
  2⤵
  PID:6024
- C:\Windows\System\WKRUpnn.exe
  C:\Windows\System\WKRUpnn.exe
  2⤵
  PID:6044
- C:\Windows\System\CDZEgrs.exe
  C:\Windows\System\CDZEgrs.exe
  2⤵
  PID:6064
- C:\Windows\System\MpkmWnj.exe
  C:\Windows\System\MpkmWnj.exe
  2⤵
  PID:6084
- C:\Windows\System\CGApLQu.exe
  C:\Windows\System\CGApLQu.exe
  2⤵
  PID:6104
- C:\Windows\System\iJPAjMo.exe
  C:\Windows\System\iJPAjMo.exe
  2⤵
  PID:6124
- C:\Windows\System\JXLqGKp.exe
  C:\Windows\System\JXLqGKp.exe
  2⤵
  PID:4904
- C:\Windows\System\kTNnCxg.exe
  C:\Windows\System\kTNnCxg.exe
  2⤵
  PID:4928
- C:\Windows\System\AfzUnlT.exe
  C:\Windows\System\AfzUnlT.exe
  2⤵
  PID:4968
- C:\Windows\System\Egglzfw.exe
  C:\Windows\System\Egglzfw.exe
  2⤵
  PID:5052
- C:\Windows\System\othmOao.exe
  C:\Windows\System\othmOao.exe
  2⤵
  PID:5092
- C:\Windows\System\MPeRevQ.exe
  C:\Windows\System\MPeRevQ.exe
  2⤵
  PID:1912
- C:\Windows\System\evqvUSp.exe
  C:\Windows\System\evqvUSp.exe
  2⤵
  PID:3316
- C:\Windows\System\zRXdbAw.exe
  C:\Windows\System\zRXdbAw.exe
  2⤵
  PID:3824
- C:\Windows\System\XTOPCHv.exe
  C:\Windows\System\XTOPCHv.exe
  2⤵
  PID:3668
- C:\Windows\System\lfkJXfb.exe
  C:\Windows\System\lfkJXfb.exe
  2⤵
  PID:4120
- C:\Windows\System\MrGJSOv.exe
  C:\Windows\System\MrGJSOv.exe
  2⤵
  PID:4104
- C:\Windows\System\RjTqfvw.exe
  C:\Windows\System\RjTqfvw.exe
  2⤵
  PID:4204
- C:\Windows\System\bWqdWuf.exe
  C:\Windows\System\bWqdWuf.exe
  2⤵
  PID:4348
- C:\Windows\System\bqHFCDQ.exe
  C:\Windows\System\bqHFCDQ.exe
  2⤵
  PID:4428
- C:\Windows\System\xJRdGaa.exe
  C:\Windows\System\xJRdGaa.exe
  2⤵
  PID:4472
- C:\Windows\System\rYAJLRu.exe
  C:\Windows\System\rYAJLRu.exe
  2⤵
  PID:4604
- C:\Windows\System\faVRiEW.exe
  C:\Windows\System\faVRiEW.exe
  2⤵
  PID:4672
- C:\Windows\System\UZepdEH.exe
  C:\Windows\System\UZepdEH.exe
  2⤵
  PID:4788
- C:\Windows\System\IFXBfco.exe
  C:\Windows\System\IFXBfco.exe
  2⤵
  PID:5136
- C:\Windows\System\eKcHrcV.exe
  C:\Windows\System\eKcHrcV.exe
  2⤵
  PID:5188
- C:\Windows\System\xYFkRRn.exe
  C:\Windows\System\xYFkRRn.exe
  2⤵
  PID:5192
- C:\Windows\System\DDutBTI.exe
  C:\Windows\System\DDutBTI.exe
  2⤵
  PID:5212
- C:\Windows\System\waDWomC.exe
  C:\Windows\System\waDWomC.exe
  2⤵
  PID:5256
- C:\Windows\System\yNcUKdu.exe
  C:\Windows\System\yNcUKdu.exe
  2⤵
  PID:5316
- C:\Windows\System\FNejzCo.exe
  C:\Windows\System\FNejzCo.exe
  2⤵
  PID:5336
- C:\Windows\System\LdYHbOC.exe
  C:\Windows\System\LdYHbOC.exe
  2⤵
  PID:5368
- C:\Windows\System\GHKXiif.exe
  C:\Windows\System\GHKXiif.exe
  2⤵
  PID:5392
- C:\Windows\System\RkDjXue.exe
  C:\Windows\System\RkDjXue.exe
  2⤵
  PID:5436
- C:\Windows\System\tHedZVd.exe
  C:\Windows\System\tHedZVd.exe
  2⤵
  PID:5452
- C:\Windows\System\QnzcUmf.exe
  C:\Windows\System\QnzcUmf.exe
  2⤵
  PID:5492
- C:\Windows\System\MTYIzVc.exe
  C:\Windows\System\MTYIzVc.exe
  2⤵
  PID:5548
- C:\Windows\System\gUuoEVm.exe
  C:\Windows\System\gUuoEVm.exe
  2⤵
  PID:5568
- C:\Windows\System\LnfENKf.exe
  C:\Windows\System\LnfENKf.exe
  2⤵
  PID:5592
- C:\Windows\System\YtplRhk.exe
  C:\Windows\System\YtplRhk.exe
  2⤵
  PID:5636
- C:\Windows\System\pnKqLAW.exe
  C:\Windows\System\pnKqLAW.exe
  2⤵
  PID:5652
- C:\Windows\System\WnRijjJ.exe
  C:\Windows\System\WnRijjJ.exe
  2⤵
  PID:5692
- C:\Windows\System\wwnlYKo.exe
  C:\Windows\System\wwnlYKo.exe
  2⤵
  PID:5740
- C:\Windows\System\oOkmboQ.exe
  C:\Windows\System\oOkmboQ.exe
  2⤵
  PID:5772
- C:\Windows\System\tvktYTR.exe
  C:\Windows\System\tvktYTR.exe
  2⤵
  PID:5796
- C:\Windows\System\MIJpRpU.exe
  C:\Windows\System\MIJpRpU.exe
  2⤵
  PID:5840
- C:\Windows\System\IHCADYe.exe
  C:\Windows\System\IHCADYe.exe
  2⤵
  PID:5860
- C:\Windows\System\ixMHAbq.exe
  C:\Windows\System\ixMHAbq.exe
  2⤵
  PID:5912
- C:\Windows\System\aggAuQH.exe
  C:\Windows\System\aggAuQH.exe
  2⤵
  PID:5940
- C:\Windows\System\sSePoUR.exe
  C:\Windows\System\sSePoUR.exe
  2⤵
  PID:5972
- C:\Windows\System\tCvxPWQ.exe
  C:\Windows\System\tCvxPWQ.exe
  2⤵
  PID:5996
- C:\Windows\System\rmHzpyZ.exe
  C:\Windows\System\rmHzpyZ.exe
  2⤵
  PID:6040
- C:\Windows\System\wqysBAG.exe
  C:\Windows\System\wqysBAG.exe
  2⤵
  PID:6056
- C:\Windows\System\yXPucWt.exe
  C:\Windows\System\yXPucWt.exe
  2⤵
  PID:6120
- C:\Windows\System\kZZoKid.exe
  C:\Windows\System\kZZoKid.exe
  2⤵
  PID:6140
- C:\Windows\System\sYcLrSv.exe
  C:\Windows\System\sYcLrSv.exe
  2⤵
  PID:4972
- C:\Windows\System\aEyBaMQ.exe
  C:\Windows\System\aEyBaMQ.exe
  2⤵
  PID:5008
- C:\Windows\System\DDUYKtv.exe
  C:\Windows\System\DDUYKtv.exe
  2⤵
  PID:932
- C:\Windows\System\IsFncve.exe
  C:\Windows\System\IsFncve.exe
  2⤵
  PID:3476
- C:\Windows\System\BdUzzas.exe
  C:\Windows\System\BdUzzas.exe
  2⤵
  PID:4084
- C:\Windows\System\QtIzZBi.exe
  C:\Windows\System\QtIzZBi.exe
  2⤵
  PID:4164
- C:\Windows\System\tlsCtZB.exe
  C:\Windows\System\tlsCtZB.exe
  2⤵
  PID:4324
- C:\Windows\System\BPWHmsV.exe
  C:\Windows\System\BPWHmsV.exe
  2⤵
  PID:4432
- C:\Windows\System\xHXzIal.exe
  C:\Windows\System\xHXzIal.exe
  2⤵
  PID:4568
- C:\Windows\System\stelifg.exe
  C:\Windows\System\stelifg.exe
  2⤵
  PID:4784
- C:\Windows\System\boCUSyv.exe
  C:\Windows\System\boCUSyv.exe
  2⤵
  PID:4852
- C:\Windows\System\UNvwypI.exe
  C:\Windows\System\UNvwypI.exe
  2⤵
  PID:5172
- C:\Windows\System\AfQLrPr.exe
  C:\Windows\System\AfQLrPr.exe
  2⤵
  PID:5276
- C:\Windows\System\uPyfNNu.exe
  C:\Windows\System\uPyfNNu.exe
  2⤵
  PID:5292
- C:\Windows\System\njhAIQG.exe
  C:\Windows\System\njhAIQG.exe
  2⤵
  PID:5312
- C:\Windows\System\wPXNcoY.exe
  C:\Windows\System\wPXNcoY.exe
  2⤵
  PID:5412
- C:\Windows\System\RqLrCLe.exe
  C:\Windows\System\RqLrCLe.exe
  2⤵
  PID:5468
- C:\Windows\System\vkjDRYy.exe
  C:\Windows\System\vkjDRYy.exe
  2⤵
  PID:5532
- C:\Windows\System\mKlAXMZ.exe
  C:\Windows\System\mKlAXMZ.exe
  2⤵
  PID:5596
- C:\Windows\System\yitRlkr.exe
  C:\Windows\System\yitRlkr.exe
  2⤵
  PID:5648
- C:\Windows\System\UMdpqdB.exe
  C:\Windows\System\UMdpqdB.exe
  2⤵
  PID:5688
- C:\Windows\System\CxSWFnV.exe
  C:\Windows\System\CxSWFnV.exe
  2⤵
  PID:5716
- C:\Windows\System\BbiaMvh.exe
  C:\Windows\System\BbiaMvh.exe
  2⤵
  PID:5832
- C:\Windows\System\JIgpCkd.exe
  C:\Windows\System\JIgpCkd.exe
  2⤵
  PID:5852
- C:\Windows\System\JPPeSxb.exe
  C:\Windows\System\JPPeSxb.exe
  2⤵
  PID:5952
- C:\Windows\System\iROMFbs.exe
  C:\Windows\System\iROMFbs.exe
  2⤵
  PID:5976
- C:\Windows\System\fNAEAqW.exe
  C:\Windows\System\fNAEAqW.exe
  2⤵
  PID:6032
- C:\Windows\System\yOIqpDp.exe
  C:\Windows\System\yOIqpDp.exe
  2⤵
  PID:6156
- C:\Windows\System\MqCWJiF.exe
  C:\Windows\System\MqCWJiF.exe
  2⤵
  PID:6176
- C:\Windows\System\cnrZJjZ.exe
  C:\Windows\System\cnrZJjZ.exe
  2⤵
  PID:6196
- C:\Windows\System\gCDUvfc.exe
  C:\Windows\System\gCDUvfc.exe
  2⤵
  PID:6216
- C:\Windows\System\qwbPJMh.exe
  C:\Windows\System\qwbPJMh.exe
  2⤵
  PID:6236
- C:\Windows\System\CvodVxz.exe
  C:\Windows\System\CvodVxz.exe
  2⤵
  PID:6256
- C:\Windows\System\qKBcRfT.exe
  C:\Windows\System\qKBcRfT.exe
  2⤵
  PID:6276
- C:\Windows\System\XDfjGRO.exe
  C:\Windows\System\XDfjGRO.exe
  2⤵
  PID:6296
- C:\Windows\System\KYOcpTe.exe
  C:\Windows\System\KYOcpTe.exe
  2⤵
  PID:6316
- C:\Windows\System\FJBrxeD.exe
  C:\Windows\System\FJBrxeD.exe
  2⤵
  PID:6336
- C:\Windows\System\VxTycLQ.exe
  C:\Windows\System\VxTycLQ.exe
  2⤵
  PID:6356
- C:\Windows\System\SXcJRQH.exe
  C:\Windows\System\SXcJRQH.exe
  2⤵
  PID:6376
- C:\Windows\System\PtWlZmn.exe
  C:\Windows\System\PtWlZmn.exe
  2⤵
  PID:6396
- C:\Windows\System\aFIxrPB.exe
  C:\Windows\System\aFIxrPB.exe
  2⤵
  PID:6416
- C:\Windows\System\SECmRDj.exe
  C:\Windows\System\SECmRDj.exe
  2⤵
  PID:6436
- C:\Windows\System\rBaMezI.exe
  C:\Windows\System\rBaMezI.exe
  2⤵
  PID:6460
- C:\Windows\System\oZKjfHU.exe
  C:\Windows\System\oZKjfHU.exe
  2⤵
  PID:6480
- C:\Windows\System\LYGkIbj.exe
  C:\Windows\System\LYGkIbj.exe
  2⤵
  PID:6500
- C:\Windows\System\fdddsHD.exe
  C:\Windows\System\fdddsHD.exe
  2⤵
  PID:6520
- C:\Windows\System\TRGTYmb.exe
  C:\Windows\System\TRGTYmb.exe
  2⤵
  PID:6540
- C:\Windows\System\DZQkATN.exe
  C:\Windows\System\DZQkATN.exe
  2⤵
  PID:6560
- C:\Windows\System\nABjbPd.exe
  C:\Windows\System\nABjbPd.exe
  2⤵
  PID:6580
- C:\Windows\System\wueFhtD.exe
  C:\Windows\System\wueFhtD.exe
  2⤵
  PID:6600
- C:\Windows\System\OiYovCO.exe
  C:\Windows\System\OiYovCO.exe
  2⤵
  PID:6620
- C:\Windows\System\iWWUXOw.exe
  C:\Windows\System\iWWUXOw.exe
  2⤵
  PID:6640
- C:\Windows\System\MpsjwiC.exe
  C:\Windows\System\MpsjwiC.exe
  2⤵
  PID:6660
- C:\Windows\System\VRxlKvD.exe
  C:\Windows\System\VRxlKvD.exe
  2⤵
  PID:6680
- C:\Windows\System\FeYlqyO.exe
  C:\Windows\System\FeYlqyO.exe
  2⤵
  PID:6700
- C:\Windows\System\tEfBqXg.exe
  C:\Windows\System\tEfBqXg.exe
  2⤵
  PID:6720
- C:\Windows\System\SHiBIGm.exe
  C:\Windows\System\SHiBIGm.exe
  2⤵
  PID:6740
- C:\Windows\System\FNutsyn.exe
  C:\Windows\System\FNutsyn.exe
  2⤵
  PID:6760
- C:\Windows\System\TnMuaLF.exe
  C:\Windows\System\TnMuaLF.exe
  2⤵
  PID:6780
- C:\Windows\System\GGffRDN.exe
  C:\Windows\System\GGffRDN.exe
  2⤵
  PID:6800
- C:\Windows\System\yvlzsbK.exe
  C:\Windows\System\yvlzsbK.exe
  2⤵
  PID:6820
- C:\Windows\System\hQjscLV.exe
  C:\Windows\System\hQjscLV.exe
  2⤵
  PID:6840
- C:\Windows\System\JdpGDsn.exe
  C:\Windows\System\JdpGDsn.exe
  2⤵
  PID:6860
- C:\Windows\System\LOQHTKi.exe
  C:\Windows\System\LOQHTKi.exe
  2⤵
  PID:6880
- C:\Windows\System\wNsQVsW.exe
  C:\Windows\System\wNsQVsW.exe
  2⤵
  PID:6900
- C:\Windows\System\zjbIhhI.exe
  C:\Windows\System\zjbIhhI.exe
  2⤵
  PID:6920
- C:\Windows\System\HdPzInF.exe
  C:\Windows\System\HdPzInF.exe
  2⤵
  PID:6940
- C:\Windows\System\MxGfgsR.exe
  C:\Windows\System\MxGfgsR.exe
  2⤵
  PID:6960
- C:\Windows\System\XNTFUQY.exe
  C:\Windows\System\XNTFUQY.exe
  2⤵
  PID:6980
- C:\Windows\System\KHwwbJO.exe
  C:\Windows\System\KHwwbJO.exe
  2⤵
  PID:7000
- C:\Windows\System\hnAAQyK.exe
  C:\Windows\System\hnAAQyK.exe
  2⤵
  PID:7020
- C:\Windows\System\WvVwvKs.exe
  C:\Windows\System\WvVwvKs.exe
  2⤵
  PID:7040
- C:\Windows\System\jACBRKF.exe
  C:\Windows\System\jACBRKF.exe
  2⤵
  PID:7060
- C:\Windows\System\FIUWwEn.exe
  C:\Windows\System\FIUWwEn.exe
  2⤵
  PID:7080
- C:\Windows\System\xGarnbc.exe
  C:\Windows\System\xGarnbc.exe
  2⤵
  PID:7100
- C:\Windows\System\wSFdDja.exe
  C:\Windows\System\wSFdDja.exe
  2⤵
  PID:7120
- C:\Windows\System\RUClrej.exe
  C:\Windows\System\RUClrej.exe
  2⤵
  PID:7140
- C:\Windows\System\gMBXCjF.exe
  C:\Windows\System\gMBXCjF.exe
  2⤵
  PID:7160
- C:\Windows\System\UQqMPWC.exe
  C:\Windows\System\UQqMPWC.exe
  2⤵
  PID:6096
- C:\Windows\System\xwdZhsg.exe
  C:\Windows\System\xwdZhsg.exe
  2⤵
  PID:4912
- C:\Windows\System\xEZqrGB.exe
  C:\Windows\System\xEZqrGB.exe
  2⤵
  PID:5104
- C:\Windows\System\RgTRvYk.exe
  C:\Windows\System\RgTRvYk.exe
  2⤵
  PID:3724
- C:\Windows\System\gprqLgh.exe
  C:\Windows\System\gprqLgh.exe
  2⤵
  PID:4300
- C:\Windows\System\jlQshTL.exe
  C:\Windows\System\jlQshTL.exe
  2⤵
  PID:4368
- C:\Windows\System\tGqyZql.exe
  C:\Windows\System\tGqyZql.exe
  2⤵
  PID:4692
- C:\Windows\System\PJoipGo.exe
  C:\Windows\System\PJoipGo.exe
  2⤵
  PID:5148
- C:\Windows\System\NDdnmOI.exe
  C:\Windows\System\NDdnmOI.exe
  2⤵
  PID:5248
- C:\Windows\System\cuvcsoD.exe
  C:\Windows\System\cuvcsoD.exe
  2⤵
  PID:5288
- C:\Windows\System\xCazuDM.exe
  C:\Windows\System\xCazuDM.exe
  2⤵
  PID:5372
- C:\Windows\System\nNiLhdn.exe
  C:\Windows\System\nNiLhdn.exe
  2⤵
  PID:5528
- C:\Windows\System\PQnkgLV.exe
  C:\Windows\System\PQnkgLV.exe
  2⤵
  PID:5616
- C:\Windows\System\YmyqpoJ.exe
  C:\Windows\System\YmyqpoJ.exe
  2⤵
  PID:5672
- C:\Windows\System\xjfdXZi.exe
  C:\Windows\System\xjfdXZi.exe
  2⤵
  PID:5752
- C:\Windows\System\UaPkXYv.exe
  C:\Windows\System\UaPkXYv.exe
  2⤵
  PID:5876
- C:\Windows\System\wfrewdV.exe
  C:\Windows\System\wfrewdV.exe
  2⤵
  PID:5992
- C:\Windows\System\mfjuYXw.exe
  C:\Windows\System\mfjuYXw.exe
  2⤵
  PID:6152
- C:\Windows\System\YjKlLbB.exe
  C:\Windows\System\YjKlLbB.exe
  2⤵
  PID:6184
- C:\Windows\System\euarVTE.exe
  C:\Windows\System\euarVTE.exe
  2⤵
  PID:6208
- C:\Windows\System\qRgloYM.exe
  C:\Windows\System\qRgloYM.exe
  2⤵
  PID:6248
- C:\Windows\System\ezDkyCi.exe
  C:\Windows\System\ezDkyCi.exe
  2⤵
  PID:6292
- C:\Windows\System\XvWeIMx.exe
  C:\Windows\System\XvWeIMx.exe
  2⤵
  PID:6324
- C:\Windows\System\zsUnMbh.exe
  C:\Windows\System\zsUnMbh.exe
  2⤵
  PID:6352
- C:\Windows\System\ZyYnALt.exe
  C:\Windows\System\ZyYnALt.exe
  2⤵
  PID:6384
- C:\Windows\System\KmAdWhT.exe
  C:\Windows\System\KmAdWhT.exe
  2⤵
  PID:6408
- C:\Windows\System\kkjLsiS.exe
  C:\Windows\System\kkjLsiS.exe
  2⤵
  PID:6456
- C:\Windows\System\cWlVawY.exe
  C:\Windows\System\cWlVawY.exe
  2⤵
  PID:6488
- C:\Windows\System\uVmokgP.exe
  C:\Windows\System\uVmokgP.exe
  2⤵
  PID:6512
- C:\Windows\System\elnVhBN.exe
  C:\Windows\System\elnVhBN.exe
  2⤵
  PID:6556
- C:\Windows\System\fuTqTjT.exe
  C:\Windows\System\fuTqTjT.exe
  2⤵
  PID:6588
- C:\Windows\System\oiostHP.exe
  C:\Windows\System\oiostHP.exe
  2⤵
  PID:6612
- C:\Windows\System\VlGRdbj.exe
  C:\Windows\System\VlGRdbj.exe
  2⤵
  PID:6656
- C:\Windows\System\UEfIGjC.exe
  C:\Windows\System\UEfIGjC.exe
  2⤵
  PID:6672
- C:\Windows\System\ERpEiqH.exe
  C:\Windows\System\ERpEiqH.exe
  2⤵
  PID:6712
- C:\Windows\System\enmDfji.exe
  C:\Windows\System\enmDfji.exe
  2⤵
  PID:6752
- C:\Windows\System\PJqhyXP.exe
  C:\Windows\System\PJqhyXP.exe
  2⤵
  PID:6796
- C:\Windows\System\OCOHoTN.exe
  C:\Windows\System\OCOHoTN.exe
  2⤵
  PID:6828
- C:\Windows\System\iavWACN.exe
  C:\Windows\System\iavWACN.exe
  2⤵
  PID:6852
- C:\Windows\System\rOMuYuU.exe
  C:\Windows\System\rOMuYuU.exe
  2⤵
  PID:6896
- C:\Windows\System\FEDKRrq.exe
  C:\Windows\System\FEDKRrq.exe
  2⤵
  PID:6912
- C:\Windows\System\WqyXIPC.exe
  C:\Windows\System\WqyXIPC.exe
  2⤵
  PID:6968
- C:\Windows\System\lzpCkjJ.exe
  C:\Windows\System\lzpCkjJ.exe
  2⤵
  PID:6996
- C:\Windows\System\HkAGrEB.exe
  C:\Windows\System\HkAGrEB.exe
  2⤵
  PID:7028
- C:\Windows\System\nglmwEa.exe
  C:\Windows\System\nglmwEa.exe
  2⤵
  PID:7052
- C:\Windows\System\WdTxfZh.exe
  C:\Windows\System\WdTxfZh.exe
  2⤵
  PID:7072
- C:\Windows\System\mQsNOrL.exe
  C:\Windows\System\mQsNOrL.exe
  2⤵
  PID:7128
- C:\Windows\System\joOFZtU.exe
  C:\Windows\System\joOFZtU.exe
  2⤵
  PID:7152
- C:\Windows\System\yamyPmL.exe
  C:\Windows\System\yamyPmL.exe
  2⤵
  PID:4924
- C:\Windows\System\UrwTfco.exe
  C:\Windows\System\UrwTfco.exe
  2⤵
  PID:1460
- C:\Windows\System\ndAKtyP.exe
  C:\Windows\System\ndAKtyP.exe
  2⤵
  PID:2012
- C:\Windows\System\wsUrxXf.exe
  C:\Windows\System\wsUrxXf.exe
  2⤵
  PID:4524
- C:\Windows\System\EvbfePj.exe
  C:\Windows\System\EvbfePj.exe
  2⤵
  PID:5228
- C:\Windows\System\MBXryNn.exe
  C:\Windows\System\MBXryNn.exe
  2⤵
  PID:5352
- C:\Windows\System\WyNFwVN.exe
  C:\Windows\System\WyNFwVN.exe
  2⤵
  PID:5512
- C:\Windows\System\tVfPYkZ.exe
  C:\Windows\System\tVfPYkZ.exe
  2⤵
  PID:5656
- C:\Windows\System\YsgdkrC.exe
  C:\Windows\System\YsgdkrC.exe
  2⤵
  PID:5776
- C:\Windows\System\UELTkqv.exe
  C:\Windows\System\UELTkqv.exe
  2⤵
  PID:5960
- C:\Windows\System\BoSTOKv.exe
  C:\Windows\System\BoSTOKv.exe
  2⤵
  PID:6020
- C:\Windows\System\tuKirdj.exe
  C:\Windows\System\tuKirdj.exe
  2⤵
  PID:6232
- C:\Windows\System\NuYzKOM.exe
  C:\Windows\System\NuYzKOM.exe
  2⤵
  PID:6288
- C:\Windows\System\UFjIgqO.exe
  C:\Windows\System\UFjIgqO.exe
  2⤵
  PID:6348
- C:\Windows\System\gXCpRLf.exe
  C:\Windows\System\gXCpRLf.exe
  2⤵
  PID:6372
- C:\Windows\System\XnncWll.exe
  C:\Windows\System\XnncWll.exe
  2⤵
  PID:6388
- C:\Windows\System\jzAEnnx.exe
  C:\Windows\System\jzAEnnx.exe
  2⤵
  PID:6516
- C:\Windows\System\CxBuFDf.exe
  C:\Windows\System\CxBuFDf.exe
  2⤵
  PID:6568
- C:\Windows\System\QwXpVpL.exe
  C:\Windows\System\QwXpVpL.exe
  2⤵
  PID:6616
- C:\Windows\System\evLmOAs.exe
  C:\Windows\System\evLmOAs.exe
  2⤵
  PID:6692
- C:\Windows\System\PNcNdiG.exe
  C:\Windows\System\PNcNdiG.exe
  2⤵
  PID:6736
- C:\Windows\System\ruciGWC.exe
  C:\Windows\System\ruciGWC.exe
  2⤵
  PID:6732
- C:\Windows\System\XJCZXiK.exe
  C:\Windows\System\XJCZXiK.exe
  2⤵
  PID:6856
- C:\Windows\System\VJFEAPM.exe
  C:\Windows\System\VJFEAPM.exe
  2⤵
  PID:6888
- C:\Windows\System\pOsfylg.exe
  C:\Windows\System\pOsfylg.exe
  2⤵
  PID:6948
- C:\Windows\System\YEBRtCR.exe
  C:\Windows\System\YEBRtCR.exe
  2⤵
  PID:7012
- C:\Windows\System\HjJILNo.exe
  C:\Windows\System\HjJILNo.exe
  2⤵
  PID:7076
- C:\Windows\System\PgyGiLI.exe
  C:\Windows\System\PgyGiLI.exe
  2⤵
  PID:7116
- C:\Windows\System\QDdZDQc.exe
  C:\Windows\System\QDdZDQc.exe
  2⤵
  PID:6116
- C:\Windows\System\eAkBfes.exe
  C:\Windows\System\eAkBfes.exe
  2⤵
  PID:4984
- C:\Windows\System\EVmKRlb.exe
  C:\Windows\System\EVmKRlb.exe
  2⤵
  PID:5128
- C:\Windows\System\pthnEHu.exe
  C:\Windows\System\pthnEHu.exe
  2⤵
  PID:5268
- C:\Windows\System\XjDQGUI.exe
  C:\Windows\System\XjDQGUI.exe
  2⤵
  PID:5488
- C:\Windows\System\jrVXhBk.exe
  C:\Windows\System\jrVXhBk.exe
  2⤵
  PID:7188
- C:\Windows\System\ZLUEVdd.exe
  C:\Windows\System\ZLUEVdd.exe
  2⤵
  PID:7208
- C:\Windows\System\agTKFbE.exe
  C:\Windows\System\agTKFbE.exe
  2⤵
  PID:7228
- C:\Windows\System\BwzFNyK.exe
  C:\Windows\System\BwzFNyK.exe
  2⤵
  PID:7248
- C:\Windows\System\lswPdhU.exe
  C:\Windows\System\lswPdhU.exe
  2⤵
  PID:7268
- C:\Windows\System\TmBaZoU.exe
  C:\Windows\System\TmBaZoU.exe
  2⤵
  PID:7288
- C:\Windows\System\nwEXDVX.exe
  C:\Windows\System\nwEXDVX.exe
  2⤵
  PID:7308
- C:\Windows\System\sVNkdrB.exe
  C:\Windows\System\sVNkdrB.exe
  2⤵
  PID:7328
- C:\Windows\System\unAOCDK.exe
  C:\Windows\System\unAOCDK.exe
  2⤵
  PID:7348
- C:\Windows\System\SdLBHMF.exe
  C:\Windows\System\SdLBHMF.exe
  2⤵
  PID:7368
- C:\Windows\System\esGnPVE.exe
  C:\Windows\System\esGnPVE.exe
  2⤵
  PID:7388
- C:\Windows\System\CjdllHZ.exe
  C:\Windows\System\CjdllHZ.exe
  2⤵
  PID:7408
- C:\Windows\System\nHfnVVE.exe
  C:\Windows\System\nHfnVVE.exe
  2⤵
  PID:7428
- C:\Windows\System\oNvxxtH.exe
  C:\Windows\System\oNvxxtH.exe
  2⤵
  PID:7448
- C:\Windows\System\VpYgdmX.exe
  C:\Windows\System\VpYgdmX.exe
  2⤵
  PID:7468
- C:\Windows\System\OLajYhE.exe
  C:\Windows\System\OLajYhE.exe
  2⤵
  PID:7488
- C:\Windows\System\joMLUNA.exe
  C:\Windows\System\joMLUNA.exe
  2⤵
  PID:7508
- C:\Windows\System\pFFRfuM.exe
  C:\Windows\System\pFFRfuM.exe
  2⤵
  PID:7528
- C:\Windows\System\SPaIfKX.exe
  C:\Windows\System\SPaIfKX.exe
  2⤵
  PID:7548
- C:\Windows\System\VdaWoWg.exe
  C:\Windows\System\VdaWoWg.exe
  2⤵
  PID:7572
- C:\Windows\System\CVDhNER.exe
  C:\Windows\System\CVDhNER.exe
  2⤵
  PID:7592
- C:\Windows\System\RHfKcxj.exe
  C:\Windows\System\RHfKcxj.exe
  2⤵
  PID:7612
- C:\Windows\System\CppAcGa.exe
  C:\Windows\System\CppAcGa.exe
  2⤵
  PID:7632
- C:\Windows\System\gouClFY.exe
  C:\Windows\System\gouClFY.exe
  2⤵
  PID:7652
- C:\Windows\System\JVeHpDo.exe
  C:\Windows\System\JVeHpDo.exe
  2⤵
  PID:7672
- C:\Windows\System\DCIfZfG.exe
  C:\Windows\System\DCIfZfG.exe
  2⤵
  PID:7692
- C:\Windows\System\RXeKbvh.exe
  C:\Windows\System\RXeKbvh.exe
  2⤵
  PID:7712
- C:\Windows\System\UhPstzH.exe
  C:\Windows\System\UhPstzH.exe
  2⤵
  PID:7732
- C:\Windows\System\diPvQcm.exe
  C:\Windows\System\diPvQcm.exe
  2⤵
  PID:7752
- C:\Windows\System\zqSIDVB.exe
  C:\Windows\System\zqSIDVB.exe
  2⤵
  PID:7772
- C:\Windows\System\bPInWKj.exe
  C:\Windows\System\bPInWKj.exe
  2⤵
  PID:7792
- C:\Windows\System\jRcWLGZ.exe
  C:\Windows\System\jRcWLGZ.exe
  2⤵
  PID:7812
- C:\Windows\System\VxnZOVR.exe
  C:\Windows\System\VxnZOVR.exe
  2⤵
  PID:7832
- C:\Windows\System\lMJbatq.exe
  C:\Windows\System\lMJbatq.exe
  2⤵
  PID:7852
- C:\Windows\System\XQedqiT.exe
  C:\Windows\System\XQedqiT.exe
  2⤵
  PID:7872
- C:\Windows\System\yudVvzt.exe
  C:\Windows\System\yudVvzt.exe
  2⤵
  PID:7892
- C:\Windows\System\vvcGhaO.exe
  C:\Windows\System\vvcGhaO.exe
  2⤵
  PID:7912
- C:\Windows\System\eLJqLht.exe
  C:\Windows\System\eLJqLht.exe
  2⤵
  PID:7932
- C:\Windows\System\NPQXIdt.exe
  C:\Windows\System\NPQXIdt.exe
  2⤵
  PID:7952
- C:\Windows\System\ykRCxlH.exe
  C:\Windows\System\ykRCxlH.exe
  2⤵
  PID:7972
- C:\Windows\System\SqeXYpv.exe
  C:\Windows\System\SqeXYpv.exe
  2⤵
  PID:7992
- C:\Windows\System\iLuZpnQ.exe
  C:\Windows\System\iLuZpnQ.exe
  2⤵
  PID:8012
- C:\Windows\System\UXYLLXS.exe
  C:\Windows\System\UXYLLXS.exe
  2⤵
  PID:8032
- C:\Windows\System\VWQJAZh.exe
  C:\Windows\System\VWQJAZh.exe
  2⤵
  PID:8052
- C:\Windows\System\PviMyiL.exe
  C:\Windows\System\PviMyiL.exe
  2⤵
  PID:8072
- C:\Windows\System\vGpLrGQ.exe
  C:\Windows\System\vGpLrGQ.exe
  2⤵
  PID:8092
- C:\Windows\System\TOHTSdZ.exe
  C:\Windows\System\TOHTSdZ.exe
  2⤵
  PID:8112
- C:\Windows\System\GhOgwaF.exe
  C:\Windows\System\GhOgwaF.exe
  2⤵
  PID:8132
- C:\Windows\System\BDoJctH.exe
  C:\Windows\System\BDoJctH.exe
  2⤵
  PID:8152
- C:\Windows\System\GLKIEhX.exe
  C:\Windows\System\GLKIEhX.exe
  2⤵
  PID:8172
- C:\Windows\System\OknsPoy.exe
  C:\Windows\System\OknsPoy.exe
  2⤵
  PID:5756
- C:\Windows\System\vRvRvbz.exe
  C:\Windows\System\vRvRvbz.exe
  2⤵
  PID:5892
- C:\Windows\System\rGdIxWH.exe
  C:\Windows\System\rGdIxWH.exe
  2⤵
  PID:6148
- C:\Windows\System\fELmUgi.exe
  C:\Windows\System\fELmUgi.exe
  2⤵
  PID:6188
- C:\Windows\System\smXnaPj.exe
  C:\Windows\System\smXnaPj.exe
  2⤵
  PID:6272
- C:\Windows\System\rXPeyZb.exe
  C:\Windows\System\rXPeyZb.exe
  2⤵
  PID:6444
- C:\Windows\System\pjZceeX.exe
  C:\Windows\System\pjZceeX.exe
  2⤵
  PID:6532
- C:\Windows\System\FQkNdhm.exe
  C:\Windows\System\FQkNdhm.exe
  2⤵
  PID:6668
- C:\Windows\System\aReUteX.exe
  C:\Windows\System\aReUteX.exe
  2⤵
  PID:6776
- C:\Windows\System\prAgdfa.exe
  C:\Windows\System\prAgdfa.exe
  2⤵
  PID:6788
- C:\Windows\System\yZLVRhY.exe
  C:\Windows\System\yZLVRhY.exe
  2⤵
  PID:6956
- C:\Windows\System\MTbEStV.exe
  C:\Windows\System\MTbEStV.exe
  2⤵
  PID:7008
- C:\Windows\System\rteVQdV.exe
  C:\Windows\System\rteVQdV.exe
  2⤵
  PID:7112
- C:\Windows\System\NOnRarN.exe
  C:\Windows\System\NOnRarN.exe
  2⤵
  PID:3420
- C:\Windows\System\ZPpGiRQ.exe
  C:\Windows\System\ZPpGiRQ.exe
  2⤵
  PID:4268
- C:\Windows\System\dMyCEQf.exe
  C:\Windows\System\dMyCEQf.exe
  2⤵
  PID:5396
- C:\Windows\System\epgEvEu.exe
  C:\Windows\System\epgEvEu.exe
  2⤵
  PID:7180
- C:\Windows\System\mzxySWw.exe
  C:\Windows\System\mzxySWw.exe
  2⤵
  PID:7216
- C:\Windows\System\MEdWkhV.exe
  C:\Windows\System\MEdWkhV.exe
  2⤵
  PID:7276
- C:\Windows\System\HxCwSLu.exe
  C:\Windows\System\HxCwSLu.exe
  2⤵
  PID:7296
- C:\Windows\System\fdqzomo.exe
  C:\Windows\System\fdqzomo.exe
  2⤵
  PID:7320
- C:\Windows\System\ZetAifs.exe
  C:\Windows\System\ZetAifs.exe
  2⤵
  PID:7340
- C:\Windows\System\kFrFRrd.exe
  C:\Windows\System\kFrFRrd.exe
  2⤵
  PID:7396
- C:\Windows\System\WBXvyMe.exe
  C:\Windows\System\WBXvyMe.exe
  2⤵
  PID:7416
- C:\Windows\System\XsylmvG.exe
  C:\Windows\System\XsylmvG.exe
  2⤵
  PID:7440
- C:\Windows\System\DFSrRQY.exe
  C:\Windows\System\DFSrRQY.exe
  2⤵
  PID:7484
- C:\Windows\System\vNDoKlt.exe
  C:\Windows\System\vNDoKlt.exe
  2⤵
  PID:7500
- C:\Windows\System\WgpFDyE.exe
  C:\Windows\System\WgpFDyE.exe
  2⤵
  PID:7556
- C:\Windows\System\fUrCUnT.exe
  C:\Windows\System\fUrCUnT.exe
  2⤵
  PID:7600
- C:\Windows\System\KAiwrMo.exe
  C:\Windows\System\KAiwrMo.exe
  2⤵
  PID:7640
- C:\Windows\System\ysAjEWt.exe
  C:\Windows\System\ysAjEWt.exe
  2⤵
  PID:7624
- C:\Windows\System\YXhaxyH.exe
  C:\Windows\System\YXhaxyH.exe
  2⤵
  PID:7664
- C:\Windows\System\umztNdW.exe
  C:\Windows\System\umztNdW.exe
  2⤵
  PID:7704
- C:\Windows\System\INkOtop.exe
  C:\Windows\System\INkOtop.exe
  2⤵
  PID:7744
- C:\Windows\System\JyXTofP.exe
  C:\Windows\System\JyXTofP.exe
  2⤵
  PID:7804
- C:\Windows\System\dkSzrfm.exe
  C:\Windows\System\dkSzrfm.exe
  2⤵
  PID:7840
- C:\Windows\System\BMJpsKo.exe
  C:\Windows\System\BMJpsKo.exe
  2⤵
  PID:7860
- C:\Windows\System\mPepGDY.exe
  C:\Windows\System\mPepGDY.exe
  2⤵
  PID:7884
- C:\Windows\System\BgGshln.exe
  C:\Windows\System\BgGshln.exe
  2⤵
  PID:7904
- C:\Windows\System\BYjDcho.exe
  C:\Windows\System\BYjDcho.exe
  2⤵
  PID:7968
- C:\Windows\System\xrgyomU.exe
  C:\Windows\System\xrgyomU.exe
  2⤵
  PID:8000
- C:\Windows\System\fwwcUJf.exe
  C:\Windows\System\fwwcUJf.exe
  2⤵
  PID:8040
- C:\Windows\System\rKcINTq.exe
  C:\Windows\System\rKcINTq.exe
  2⤵
  PID:8060
- C:\Windows\System\Wwnloxq.exe
  C:\Windows\System\Wwnloxq.exe
  2⤵
  PID:8084
- C:\Windows\System\IEroOxK.exe
  C:\Windows\System\IEroOxK.exe
  2⤵
  PID:8128
- C:\Windows\System\nPLJltV.exe
  C:\Windows\System\nPLJltV.exe
  2⤵
  PID:8160
- C:\Windows\System\AwkMdJb.exe
  C:\Windows\System\AwkMdJb.exe
  2⤵
  PID:8184
- C:\Windows\System\bRVzkQU.exe
  C:\Windows\System\bRVzkQU.exe
  2⤵
  PID:6212
- C:\Windows\System\CynvNdi.exe
  C:\Windows\System\CynvNdi.exe
  2⤵
  PID:6344
- C:\Windows\System\pKexqYP.exe
  C:\Windows\System\pKexqYP.exe
  2⤵
  PID:6648
- C:\Windows\System\kwJlNJc.exe
  C:\Windows\System\kwJlNJc.exe
  2⤵
  PID:6708
- C:\Windows\System\TFXBGXC.exe
  C:\Windows\System\TFXBGXC.exe
  2⤵
  PID:6932
- C:\Windows\System\yOrsAyh.exe
  C:\Windows\System\yOrsAyh.exe
  2⤵
  PID:7088
- C:\Windows\System\vfZWIIj.exe
  C:\Windows\System\vfZWIIj.exe
  2⤵
  PID:5168
- C:\Windows\System\fMjhrnG.exe
  C:\Windows\System\fMjhrnG.exe
  2⤵
  PID:2308
- C:\Windows\System\ukKSNRK.exe
  C:\Windows\System\ukKSNRK.exe
  2⤵
  PID:7200
- C:\Windows\System\erCakSD.exe
  C:\Windows\System\erCakSD.exe
  2⤵
  PID:7256
- C:\Windows\System\TqyYGWK.exe
  C:\Windows\System\TqyYGWK.exe
  2⤵
  PID:7336
- C:\Windows\System\toofeGw.exe
  C:\Windows\System\toofeGw.exe
  2⤵
  PID:7360
- C:\Windows\System\UJCLIxw.exe
  C:\Windows\System\UJCLIxw.exe
  2⤵
  PID:2640
- C:\Windows\System\klZQwIh.exe
  C:\Windows\System\klZQwIh.exe
  2⤵
  PID:7516
- C:\Windows\System\zaQjuhw.exe
  C:\Windows\System\zaQjuhw.exe
  2⤵
  PID:7536
- C:\Windows\System\VSUiSpz.exe
  C:\Windows\System\VSUiSpz.exe
  2⤵
  PID:7564
- C:\Windows\System\DdAGhSs.exe
  C:\Windows\System\DdAGhSs.exe
  2⤵
  PID:7644
- C:\Windows\System\SwwBZyH.exe
  C:\Windows\System\SwwBZyH.exe
  2⤵
  PID:7700
- C:\Windows\System\lSQsTmo.exe
  C:\Windows\System\lSQsTmo.exe
  2⤵
  PID:7740
- C:\Windows\System\lBlasKG.exe
  C:\Windows\System\lBlasKG.exe
  2⤵
  PID:7800
- C:\Windows\System\rgPJMFb.exe
  C:\Windows\System\rgPJMFb.exe
  2⤵
  PID:7868
- C:\Windows\System\hzncXST.exe
  C:\Windows\System\hzncXST.exe
  2⤵
  PID:7908
- C:\Windows\System\hTWycGs.exe
  C:\Windows\System\hTWycGs.exe
  2⤵
  PID:7980
- C:\Windows\System\IbrkKuK.exe
  C:\Windows\System\IbrkKuK.exe
  2⤵
  PID:8028
- C:\Windows\System\eejlIJy.exe
  C:\Windows\System\eejlIJy.exe
  2⤵
  PID:8100
- C:\Windows\System\gNHtwKE.exe
  C:\Windows\System\gNHtwKE.exe
  2⤵
  PID:8164
- C:\Windows\System\MgelmAl.exe
  C:\Windows\System\MgelmAl.exe
  2⤵
  PID:8180
- C:\Windows\System\CAhklUj.exe
  C:\Windows\System\CAhklUj.exe
  2⤵
  PID:1924
- C:\Windows\System\dOKweje.exe
  C:\Windows\System\dOKweje.exe
  2⤵
  PID:6536
- C:\Windows\System\OqwEvuY.exe
  C:\Windows\System\OqwEvuY.exe
  2⤵
  PID:2676
- C:\Windows\System\vHLamTE.exe
  C:\Windows\System\vHLamTE.exe
  2⤵
  PID:6812
- C:\Windows\System\IgnquYr.exe
  C:\Windows\System\IgnquYr.exe
  2⤵
  PID:6816
- C:\Windows\System\wlFZREU.exe
  C:\Windows\System\wlFZREU.exe
  2⤵
  PID:6988
- C:\Windows\System\cdKyCyN.exe
  C:\Windows\System\cdKyCyN.exe
  2⤵
  PID:7184
- C:\Windows\System\gLkUtha.exe
  C:\Windows\System\gLkUtha.exe
  2⤵
  PID:2680
- C:\Windows\System\lOPBpyL.exe
  C:\Windows\System\lOPBpyL.exe
  2⤵
  PID:7284
- C:\Windows\System\FdJwSdh.exe
  C:\Windows\System\FdJwSdh.exe
  2⤵
  PID:7376
- C:\Windows\System\tHeKFZq.exe
  C:\Windows\System\tHeKFZq.exe
  2⤵
  PID:7520
- C:\Windows\System\eydMRsE.exe
  C:\Windows\System\eydMRsE.exe
  2⤵
  PID:1000
- C:\Windows\System\uIImUax.exe
  C:\Windows\System\uIImUax.exe
  2⤵
  PID:7620
- C:\Windows\System\GrHEjEi.exe
  C:\Windows\System\GrHEjEi.exe
  2⤵
  PID:7748
- C:\Windows\System\nDKemWV.exe
  C:\Windows\System\nDKemWV.exe
  2⤵
  PID:7888
- C:\Windows\System\RUBDAYX.exe
  C:\Windows\System\RUBDAYX.exe
  2⤵
  PID:8044
- C:\Windows\System\LxUNYJc.exe
  C:\Windows\System\LxUNYJc.exe
  2⤵
  PID:8108
- C:\Windows\System\RwoMEaN.exe
  C:\Windows\System\RwoMEaN.exe
  2⤵
  PID:8088
- C:\Windows\System\rEQdSTb.exe
  C:\Windows\System\rEQdSTb.exe
  2⤵
  PID:5800
- C:\Windows\System\NcKJgXB.exe
  C:\Windows\System\NcKJgXB.exe
  2⤵
  PID:8212
- C:\Windows\System\PJSAsGT.exe
  C:\Windows\System\PJSAsGT.exe
  2⤵
  PID:8232
- C:\Windows\System\DISigvM.exe
  C:\Windows\System\DISigvM.exe
  2⤵
  PID:8256
- C:\Windows\System\drnaXMg.exe
  C:\Windows\System\drnaXMg.exe
  2⤵
  PID:8276
- C:\Windows\System\YOcPBxu.exe
  C:\Windows\System\YOcPBxu.exe
  2⤵
  PID:8296
- C:\Windows\System\fqDhANT.exe
  C:\Windows\System\fqDhANT.exe
  2⤵
  PID:8316
- C:\Windows\System\OLzOUjF.exe
  C:\Windows\System\OLzOUjF.exe
  2⤵
  PID:8336
- C:\Windows\System\arCjzwW.exe
  C:\Windows\System\arCjzwW.exe
  2⤵
  PID:8356
- C:\Windows\System\cctEUSy.exe
  C:\Windows\System\cctEUSy.exe
  2⤵
  PID:8376
- C:\Windows\System\OArDMJl.exe
  C:\Windows\System\OArDMJl.exe
  2⤵
  PID:8396
- C:\Windows\System\ZgjjYLh.exe
  C:\Windows\System\ZgjjYLh.exe
  2⤵
  PID:8420
- C:\Windows\System\hDaNmGk.exe
  C:\Windows\System\hDaNmGk.exe
  2⤵
  PID:8440
- C:\Windows\System\WLmeTyw.exe
  C:\Windows\System\WLmeTyw.exe
  2⤵
  PID:8460
- C:\Windows\System\kFkUPur.exe
  C:\Windows\System\kFkUPur.exe
  2⤵
  PID:8476
- C:\Windows\System\hLdIHJs.exe
  C:\Windows\System\hLdIHJs.exe
  2⤵
  PID:8492
- C:\Windows\System\yNZxhTJ.exe
  C:\Windows\System\yNZxhTJ.exe
  2⤵
  PID:8508
- C:\Windows\System\KDFkQyD.exe
  C:\Windows\System\KDFkQyD.exe
  2⤵
  PID:8524
- C:\Windows\System\MfsdifR.exe
  C:\Windows\System\MfsdifR.exe
  2⤵
  PID:8544
- C:\Windows\System\YcxzjsL.exe
  C:\Windows\System\YcxzjsL.exe
  2⤵
  PID:8560
- C:\Windows\System\QblFElz.exe
  C:\Windows\System\QblFElz.exe
  2⤵
  PID:8576
- C:\Windows\System\aSVDZll.exe
  C:\Windows\System\aSVDZll.exe
  2⤵
  PID:8592
- C:\Windows\System\FsCnecb.exe
  C:\Windows\System\FsCnecb.exe
  2⤵
  PID:8608
- C:\Windows\System\ZjAGHUL.exe
  C:\Windows\System\ZjAGHUL.exe
  2⤵
  PID:8628
- C:\Windows\System\saEYeBF.exe
  C:\Windows\System\saEYeBF.exe
  2⤵
  PID:8644
- C:\Windows\System\fImavjc.exe
  C:\Windows\System\fImavjc.exe
  2⤵
  PID:8660
- C:\Windows\System\kPHAJTu.exe
  C:\Windows\System\kPHAJTu.exe
  2⤵
  PID:8676
- C:\Windows\System\CknHKHu.exe
  C:\Windows\System\CknHKHu.exe
  2⤵
  PID:8708
- C:\Windows\System\QFBuDpK.exe
  C:\Windows\System\QFBuDpK.exe
  2⤵
  PID:8724
- C:\Windows\System\GbaNyNL.exe
  C:\Windows\System\GbaNyNL.exe
  2⤵
  PID:8756
- C:\Windows\System\ijXhmOS.exe
  C:\Windows\System\ijXhmOS.exe
  2⤵
  PID:8772
- C:\Windows\System\mlQMNOp.exe
  C:\Windows\System\mlQMNOp.exe
  2⤵
  PID:8788
- C:\Windows\System\KVFCCVN.exe
  C:\Windows\System\KVFCCVN.exe
  2⤵
  PID:8808
- C:\Windows\System\QVLOBEU.exe
  C:\Windows\System\QVLOBEU.exe
  2⤵
  PID:8824
- C:\Windows\System\iNTpzoT.exe
  C:\Windows\System\iNTpzoT.exe
  2⤵
  PID:8840
- C:\Windows\System\YBWYqHk.exe
  C:\Windows\System\YBWYqHk.exe
  2⤵
  PID:8860
- C:\Windows\System\RfBZPoh.exe
  C:\Windows\System\RfBZPoh.exe
  2⤵
  PID:8876
- C:\Windows\System\IzTcnUm.exe
  C:\Windows\System\IzTcnUm.exe
  2⤵
  PID:8900
- C:\Windows\System\HGBjYnb.exe
  C:\Windows\System\HGBjYnb.exe
  2⤵
  PID:8916
- C:\Windows\System\FttJrhg.exe
  C:\Windows\System\FttJrhg.exe
  2⤵
  PID:8932
- C:\Windows\System\idGTLIj.exe
  C:\Windows\System\idGTLIj.exe
  2⤵
  PID:8948
- C:\Windows\System\qGKBWIw.exe
  C:\Windows\System\qGKBWIw.exe
  2⤵
  PID:8964
- C:\Windows\System\vXYidYJ.exe
  C:\Windows\System\vXYidYJ.exe
  2⤵
  PID:8980
- C:\Windows\System\iQqVsps.exe
  C:\Windows\System\iQqVsps.exe
  2⤵
  PID:8996
- C:\Windows\System\RsfXpGE.exe
  C:\Windows\System\RsfXpGE.exe
  2⤵
  PID:9016
- C:\Windows\System\RhdjrcM.exe
  C:\Windows\System\RhdjrcM.exe
  2⤵
  PID:9032
- C:\Windows\System\tuUKegH.exe
  C:\Windows\System\tuUKegH.exe
  2⤵
  PID:9060
- C:\Windows\System\vZfJoXc.exe
  C:\Windows\System\vZfJoXc.exe
  2⤵
  PID:9092
- C:\Windows\System\yLlsmpk.exe
  C:\Windows\System\yLlsmpk.exe
  2⤵
  PID:9112
- C:\Windows\System\ADHbUcF.exe
  C:\Windows\System\ADHbUcF.exe
  2⤵
  PID:9132
- C:\Windows\System\wVboFlT.exe
  C:\Windows\System\wVboFlT.exe
  2⤵
  PID:9172
- C:\Windows\System\iwPnrwS.exe
  C:\Windows\System\iwPnrwS.exe
  2⤵
  PID:9192
- C:\Windows\System\RPAzmIj.exe
  C:\Windows\System\RPAzmIj.exe
  2⤵
  PID:9212
- C:\Windows\System\rcCJoPM.exe
  C:\Windows\System\rcCJoPM.exe
  2⤵
  PID:6508
- C:\Windows\System\RTYTijA.exe
  C:\Windows\System\RTYTijA.exe
  2⤵
  PID:1992
- C:\Windows\System\YmPahZE.exe
  C:\Windows\System\YmPahZE.exe
  2⤵
  PID:7148
- C:\Windows\System\EBMOmzc.exe
  C:\Windows\System\EBMOmzc.exe
  2⤵
  PID:7032
- C:\Windows\System\tYmIFhj.exe
  C:\Windows\System\tYmIFhj.exe
  2⤵
  PID:7304
- C:\Windows\System\irCImUZ.exe
  C:\Windows\System\irCImUZ.exe
  2⤵
  PID:7300
- C:\Windows\System\RIoYAYT.exe
  C:\Windows\System\RIoYAYT.exe
  2⤵
  PID:8020
- C:\Windows\System\OsbsDmT.exe
  C:\Windows\System\OsbsDmT.exe
  2⤵
  PID:7988
- C:\Windows\System\IXLxOzq.exe
  C:\Windows\System\IXLxOzq.exe
  2⤵
  PID:2632
- C:\Windows\System\yndlTKp.exe
  C:\Windows\System\yndlTKp.exe
  2⤵
  PID:8220
- C:\Windows\System\NNOznsR.exe
  C:\Windows\System\NNOznsR.exe
  2⤵
  PID:8224
- C:\Windows\System\EBjmzOb.exe
  C:\Windows\System\EBjmzOb.exe
  2⤵
  PID:8252
- C:\Windows\System\cDCdCbd.exe
  C:\Windows\System\cDCdCbd.exe
  2⤵
  PID:8332
- C:\Windows\System\kzlArMp.exe
  C:\Windows\System\kzlArMp.exe
  2⤵
  PID:8348
- C:\Windows\System\xUauclX.exe
  C:\Windows\System\xUauclX.exe
  2⤵
  PID:8388
- C:\Windows\System\ozkKuFv.exe
  C:\Windows\System\ozkKuFv.exe
  2⤵
  PID:8408
- C:\Windows\System\lACahQz.exe
  C:\Windows\System\lACahQz.exe
  2⤵
  PID:8456
- C:\Windows\System\FpfqZJe.exe
  C:\Windows\System\FpfqZJe.exe
  2⤵
  PID:8484
- C:\Windows\System\cqiDtOw.exe
  C:\Windows\System\cqiDtOw.exe
  2⤵
  PID:8516
- C:\Windows\System\MAmeVVQ.exe
  C:\Windows\System\MAmeVVQ.exe
  2⤵
  PID:8536
- C:\Windows\System\wwxLvuu.exe
  C:\Windows\System\wwxLvuu.exe
  2⤵
  PID:8572
- C:\Windows\System\swKIDFI.exe
  C:\Windows\System\swKIDFI.exe
  2⤵
  PID:8604
- C:\Windows\System\laqSBes.exe
  C:\Windows\System\laqSBes.exe
  2⤵
  PID:8620
- C:\Windows\System\QJtFJDH.exe
  C:\Windows\System\QJtFJDH.exe
  2⤵
  PID:8704
- C:\Windows\System\DKLBNal.exe
  C:\Windows\System\DKLBNal.exe
  2⤵
  PID:8764
- C:\Windows\System\IupNGuv.exe
  C:\Windows\System\IupNGuv.exe
  2⤵
  PID:8796
- C:\Windows\System\yvhQSWq.exe
  C:\Windows\System\yvhQSWq.exe
  2⤵
  PID:8816
- C:\Windows\System\laUNDDY.exe
  C:\Windows\System\laUNDDY.exe
  2⤵
  PID:8868
- C:\Windows\System\AaDGcnz.exe
  C:\Windows\System\AaDGcnz.exe
  2⤵
  PID:8856
- C:\Windows\System\hnFkfUD.exe
  C:\Windows\System\hnFkfUD.exe
  2⤵
  PID:8908
- C:\Windows\System\jTyDPNJ.exe
  C:\Windows\System\jTyDPNJ.exe
  2⤵
  PID:8956
- C:\Windows\System\hevKFeW.exe
  C:\Windows\System\hevKFeW.exe
  2⤵
  PID:8988
- C:\Windows\System\nrJKIQo.exe
  C:\Windows\System\nrJKIQo.exe
  2⤵
  PID:9008
- C:\Windows\System\VnMNxvB.exe
  C:\Windows\System\VnMNxvB.exe
  2⤵
  PID:9044
- C:\Windows\System\tCCcoXs.exe
  C:\Windows\System\tCCcoXs.exe
  2⤵
  PID:9068
- C:\Windows\System\QfPFEed.exe
  C:\Windows\System\QfPFEed.exe
  2⤵
  PID:9072
- C:\Windows\System\iHqusnQ.exe
  C:\Windows\System\iHqusnQ.exe
  2⤵
  PID:9156
- C:\Windows\System\WvFhiSR.exe
  C:\Windows\System\WvFhiSR.exe
  2⤵
  PID:9180
- C:\Windows\System\ImbzYCV.exe
  C:\Windows\System\ImbzYCV.exe
  2⤵
  PID:9208
- C:\Windows\System\lpHhiFz.exe
  C:\Windows\System\lpHhiFz.exe
  2⤵
  PID:2636
- C:\Windows\System\eFcLKLs.exe
  C:\Windows\System\eFcLKLs.exe
  2⤵
  PID:3020
- C:\Windows\System\mFOsYku.exe
  C:\Windows\System\mFOsYku.exe
  2⤵
  PID:7460
- C:\Windows\System\IaBLsNq.exe
  C:\Windows\System\IaBLsNq.exe
  2⤵
  PID:7680
- C:\Windows\System\hiLynFS.exe
  C:\Windows\System\hiLynFS.exe
  2⤵
  PID:7808
- C:\Windows\System\waZQGgX.exe
  C:\Windows\System\waZQGgX.exe
  2⤵
  PID:2400
- C:\Windows\System\QpAhjNT.exe
  C:\Windows\System\QpAhjNT.exe
  2⤵
  PID:7948
- C:\Windows\System\fUlORdX.exe
  C:\Windows\System\fUlORdX.exe
  2⤵
  PID:8196
- C:\Windows\System\eQdRbTa.exe
  C:\Windows\System\eQdRbTa.exe
  2⤵
  PID:3340
- C:\Windows\System\kJRFShf.exe
  C:\Windows\System\kJRFShf.exe
  2⤵
  PID:8268
- C:\Windows\System\AGWoOdr.exe
  C:\Windows\System\AGWoOdr.exe
  2⤵
  PID:8292
- C:\Windows\System\AuRmCXV.exe
  C:\Windows\System\AuRmCXV.exe
  2⤵
  PID:8344
- C:\Windows\System\tYfnnwv.exe
  C:\Windows\System\tYfnnwv.exe
  2⤵
  PID:8368
- C:\Windows\System\eLifGuV.exe
  C:\Windows\System\eLifGuV.exe
  2⤵
  PID:8452
- C:\Windows\System\UTOtukH.exe
  C:\Windows\System\UTOtukH.exe
  2⤵
  PID:8540
- C:\Windows\System\lAqYaSA.exe
  C:\Windows\System\lAqYaSA.exe
  2⤵
  PID:8600
- C:\Windows\System\xhknvXp.exe
  C:\Windows\System\xhknvXp.exe
  2⤵
  PID:8668
- C:\Windows\System\iLPnyLX.exe
  C:\Windows\System\iLPnyLX.exe
  2⤵
  PID:8692
- C:\Windows\System\rmfQYdC.exe
  C:\Windows\System\rmfQYdC.exe
  2⤵
  PID:8780
- C:\Windows\System\uNLNriK.exe
  C:\Windows\System\uNLNriK.exe
  2⤵
  PID:8784
- C:\Windows\System\YVjLPyr.exe
  C:\Windows\System\YVjLPyr.exe
  2⤵
  PID:8848
- C:\Windows\System\nxsPquN.exe
  C:\Windows\System\nxsPquN.exe
  2⤵
  PID:8912
- C:\Windows\System\GTtMjpr.exe
  C:\Windows\System\GTtMjpr.exe
  2⤵
  PID:2268
- C:\Windows\System\PxaEWtj.exe
  C:\Windows\System\PxaEWtj.exe
  2⤵
  PID:8992
- C:\Windows\System\KslIkfb.exe
  C:\Windows\System\KslIkfb.exe
  2⤵
  PID:9080
- C:\Windows\System\fVurVfv.exe
  C:\Windows\System\fVurVfv.exe
  2⤵
  PID:9148
- C:\Windows\System\dfOldhj.exe
  C:\Windows\System\dfOldhj.exe
  2⤵
  PID:9160
- C:\Windows\System\sHqVfsz.exe
  C:\Windows\System\sHqVfsz.exe
  2⤵
  PID:2304
- C:\Windows\System\IYcAFge.exe
  C:\Windows\System\IYcAFge.exe
  2⤵
  PID:2388
- C:\Windows\System\UBzoiEE.exe
  C:\Windows\System\UBzoiEE.exe
  2⤵
  PID:7280
- C:\Windows\System\PXvIOoA.exe
  C:\Windows\System\PXvIOoA.exe
  2⤵
  PID:7580
- C:\Windows\System\zgsALuL.exe
  C:\Windows\System\zgsALuL.exe
  2⤵
  PID:7764
- C:\Windows\System\UcHQVin.exe
  C:\Windows\System\UcHQVin.exe
  2⤵
  PID:2300
- C:\Windows\System\hDygfFZ.exe
  C:\Windows\System\hDygfFZ.exe
  2⤵
  PID:8352
- C:\Windows\System\PNJtoYM.exe
  C:\Windows\System\PNJtoYM.exe
  2⤵
  PID:8412
- C:\Windows\System\fCOBWVS.exe
  C:\Windows\System\fCOBWVS.exe
  2⤵
  PID:8488
- C:\Windows\System\dqJBEHA.exe
  C:\Windows\System\dqJBEHA.exe
  2⤵
  PID:8556
- C:\Windows\System\xgbxtMr.exe
  C:\Windows\System\xgbxtMr.exe
  2⤵
  PID:1004
- C:\Windows\System\ntXkZhr.exe
  C:\Windows\System\ntXkZhr.exe
  2⤵
  PID:8720
- C:\Windows\System\ymHhlfU.exe
  C:\Windows\System\ymHhlfU.exe
  2⤵
  PID:3264
- C:\Windows\System\ZKJGPWp.exe
  C:\Windows\System\ZKJGPWp.exe
  2⤵
  PID:1584
- C:\Windows\System\bCvSzGJ.exe
  C:\Windows\System\bCvSzGJ.exe
  2⤵
  PID:852
- C:\Windows\System\VWMjfBa.exe
  C:\Windows\System\VWMjfBa.exe
  2⤵
  PID:2892
- C:\Windows\System\DJbytob.exe
  C:\Windows\System\DJbytob.exe
  2⤵
  PID:2952
- C:\Windows\System\cxszaAe.exe
  C:\Windows\System\cxszaAe.exe
  2⤵
  PID:2292
- C:\Windows\System\UPcVUKE.exe
  C:\Windows\System\UPcVUKE.exe
  2⤵
  PID:2608
- C:\Windows\System\PBLagzr.exe
  C:\Windows\System\PBLagzr.exe
  2⤵
  PID:948
- C:\Windows\System\TUtBfBy.exe
  C:\Windows\System\TUtBfBy.exe
  2⤵
  PID:632
- C:\Windows\System\SJrHCYf.exe
  C:\Windows\System\SJrHCYf.exe
  2⤵
  PID:8960
- C:\Windows\System\VOaWuIr.exe
  C:\Windows\System\VOaWuIr.exe
  2⤵
  PID:8976
- C:\Windows\System\UOOBHvt.exe
  C:\Windows\System\UOOBHvt.exe
  2⤵
  PID:2720
- C:\Windows\System\vLgGDHs.exe
  C:\Windows\System\vLgGDHs.exe
  2⤵
  PID:9104
- C:\Windows\System\VcaKoaE.exe
  C:\Windows\System\VcaKoaE.exe
  2⤵
  PID:2828
- C:\Windows\System\JEmJyNq.exe
  C:\Windows\System\JEmJyNq.exe
  2⤵
  PID:9128
- C:\Windows\System\jzMQGDV.exe
  C:\Windows\System\jzMQGDV.exe
  2⤵
  PID:3908
- C:\Windows\System\GQjWtuU.exe
  C:\Windows\System\GQjWtuU.exe
  2⤵
  PID:7444
- C:\Windows\System\NdsPLLP.exe
  C:\Windows\System\NdsPLLP.exe
  2⤵
  PID:4404
- C:\Windows\System\Sxgrpym.exe
  C:\Windows\System\Sxgrpym.exe
  2⤵
  PID:3324
- C:\Windows\System\pzFXEDV.exe
  C:\Windows\System\pzFXEDV.exe
  2⤵
  PID:8392
- C:\Windows\System\yqHcYRR.exe
  C:\Windows\System\yqHcYRR.exe
  2⤵
  PID:1964
- C:\Windows\System\oMIrlKh.exe
  C:\Windows\System\oMIrlKh.exe
  2⤵
  PID:8736
- C:\Windows\System\ExDNdUe.exe
  C:\Windows\System\ExDNdUe.exe
  2⤵
  PID:1684
- C:\Windows\System\xnlESzJ.exe
  C:\Windows\System\xnlESzJ.exe
  2⤵
  PID:8716
- C:\Windows\System\arDncOy.exe
  C:\Windows\System\arDncOy.exe
  2⤵
  PID:556
- C:\Windows\System\MtWnvhe.exe
  C:\Windows\System\MtWnvhe.exe
  2⤵
  PID:2664
- C:\Windows\System\znkUhoF.exe
  C:\Windows\System\znkUhoF.exe
  2⤵
  PID:1300
- C:\Windows\System\JygKviU.exe
  C:\Windows\System\JygKviU.exe
  2⤵
  PID:8928
- C:\Windows\System\IIIPqTL.exe
  C:\Windows\System\IIIPqTL.exe
  2⤵
  PID:844
- C:\Windows\System\BfUnTkC.exe
  C:\Windows\System\BfUnTkC.exe
  2⤵
  PID:1488
- C:\Windows\System\zHgGDpw.exe
  C:\Windows\System\zHgGDpw.exe
  2⤵
  PID:1612
- C:\Windows\System\UKXWPpn.exe
  C:\Windows\System\UKXWPpn.exe
  2⤵
  PID:9100
- C:\Windows\System\meAHkTD.exe
  C:\Windows\System\meAHkTD.exe
  2⤵
  PID:2848
- C:\Windows\System\XEahwio.exe
  C:\Windows\System\XEahwio.exe
  2⤵
  PID:2500
- C:\Windows\System\gcowgQZ.exe
  C:\Windows\System\gcowgQZ.exe
  2⤵
  PID:8240
- C:\Windows\System\EtuNlsM.exe
  C:\Windows\System\EtuNlsM.exe
  2⤵
  PID:2928
- C:\Windows\System\vQLyvgS.exe
  C:\Windows\System\vQLyvgS.exe
  2⤵
  PID:9144
- C:\Windows\System\FrRZZvE.exe
  C:\Windows\System\FrRZZvE.exe
  2⤵
  PID:2712
- C:\Windows\System\VrFxbwY.exe
  C:\Windows\System\VrFxbwY.exe
  2⤵
  PID:1968
- C:\Windows\System\pZqGwvO.exe
  C:\Windows\System\pZqGwvO.exe
  2⤵
  PID:2824
- C:\Windows\System\oGFnkQm.exe
  C:\Windows\System\oGFnkQm.exe
  2⤵
  PID:9048
- C:\Windows\System\FNsUaFB.exe
  C:\Windows\System\FNsUaFB.exe
  2⤵
  PID:8144
- C:\Windows\System\IhnhxgH.exe
  C:\Windows\System\IhnhxgH.exe
  2⤵
  PID:1740
- C:\Windows\System\kaaqvmv.exe
  C:\Windows\System\kaaqvmv.exe
  2⤵
  PID:2448
- C:\Windows\System\yiYNggw.exe
  C:\Windows\System\yiYNggw.exe
  2⤵
  PID:7220
- C:\Windows\System\TgwDcHO.exe
  C:\Windows\System\TgwDcHO.exe
  2⤵
  PID:8768
- C:\Windows\System\qikjeMq.exe
  C:\Windows\System\qikjeMq.exe
  2⤵
  PID:8688
- C:\Windows\System\geORwgH.exe
  C:\Windows\System\geORwgH.exe
  2⤵
  PID:2088
- C:\Windows\System\IiBBmzm.exe
  C:\Windows\System\IiBBmzm.exe
  2⤵
  PID:3328
- C:\Windows\System\pAnhCqu.exe
  C:\Windows\System\pAnhCqu.exe
  2⤵
  PID:2092
- C:\Windows\System\EjASWuh.exe
  C:\Windows\System\EjASWuh.exe
  2⤵
  PID:1304
- C:\Windows\System\UhfHtbc.exe
  C:\Windows\System\UhfHtbc.exe
  2⤵
  PID:9120
- C:\Windows\System\NhcaBJu.exe
  C:\Windows\System\NhcaBJu.exe
  2⤵
  PID:9240
- C:\Windows\System\NLPfbct.exe
  C:\Windows\System\NLPfbct.exe
  2⤵
  PID:9256
- C:\Windows\System\eRHfVHD.exe
  C:\Windows\System\eRHfVHD.exe
  2⤵
  PID:9276
- C:\Windows\System\RjiCefc.exe
  C:\Windows\System\RjiCefc.exe
  2⤵
  PID:9292
- C:\Windows\System\YvhgjsR.exe
  C:\Windows\System\YvhgjsR.exe
  2⤵
  PID:9308
- C:\Windows\System\hDsZYzW.exe
  C:\Windows\System\hDsZYzW.exe
  2⤵
  PID:9324
- C:\Windows\System\voYFExc.exe
  C:\Windows\System\voYFExc.exe
  2⤵
  PID:9344
- C:\Windows\System\McWJpOe.exe
  C:\Windows\System\McWJpOe.exe
  2⤵
  PID:9360
- C:\Windows\System\lwwcoUn.exe
  C:\Windows\System\lwwcoUn.exe
  2⤵
  PID:9376
- C:\Windows\System\oPYhnTo.exe
  C:\Windows\System\oPYhnTo.exe
  2⤵
  PID:9392
- C:\Windows\System\GvbVBdv.exe
  C:\Windows\System\GvbVBdv.exe
  2⤵
  PID:9408
- C:\Windows\System\bkbjKsR.exe
  C:\Windows\System\bkbjKsR.exe
  2⤵
  PID:9424
- C:\Windows\System\GDAAjBX.exe
  C:\Windows\System\GDAAjBX.exe
  2⤵
  PID:9440
- C:\Windows\System\BjyOonM.exe
  C:\Windows\System\BjyOonM.exe
  2⤵
  PID:9460
- C:\Windows\System\ztpERjK.exe
  C:\Windows\System\ztpERjK.exe
  2⤵
  PID:9480
- C:\Windows\System\BKRjmFB.exe
  C:\Windows\System\BKRjmFB.exe
  2⤵
  PID:9500
- C:\Windows\System\UJqKoEi.exe
  C:\Windows\System\UJqKoEi.exe
  2⤵
  PID:9520
- C:\Windows\System\MWYiSzc.exe
  C:\Windows\System\MWYiSzc.exe
  2⤵
  PID:9540
- C:\Windows\System\rQUfJzZ.exe
  C:\Windows\System\rQUfJzZ.exe
  2⤵
  PID:9560
- C:\Windows\System\bPDGxTu.exe
  C:\Windows\System\bPDGxTu.exe
  2⤵
  PID:9580
- C:\Windows\System\ZohYmqN.exe
  C:\Windows\System\ZohYmqN.exe
  2⤵
  PID:9644
- C:\Windows\System\XtGirKe.exe
  C:\Windows\System\XtGirKe.exe
  2⤵
  PID:9664
- C:\Windows\System\IDXgfNE.exe
  C:\Windows\System\IDXgfNE.exe
  2⤵
  PID:9680
- C:\Windows\System\TVjEthR.exe
  C:\Windows\System\TVjEthR.exe
  2⤵
  PID:9696
- C:\Windows\System\mMEGMKW.exe
  C:\Windows\System\mMEGMKW.exe
  2⤵
  PID:9712
- C:\Windows\System\eDuFMYX.exe
  C:\Windows\System\eDuFMYX.exe
  2⤵
  PID:9728
- C:\Windows\System\GkwmgXC.exe
  C:\Windows\System\GkwmgXC.exe
  2⤵
  PID:9744
- C:\Windows\System\mACeFdv.exe
  C:\Windows\System\mACeFdv.exe
  2⤵
  PID:9760
- C:\Windows\System\AjYJrwi.exe
  C:\Windows\System\AjYJrwi.exe
  2⤵
  PID:9776
- C:\Windows\System\IlaPhpG.exe
  C:\Windows\System\IlaPhpG.exe
  2⤵
  PID:9820
- C:\Windows\System\ivNtRKF.exe
  C:\Windows\System\ivNtRKF.exe
  2⤵
  PID:9848
- C:\Windows\System\TfHwtMH.exe
  C:\Windows\System\TfHwtMH.exe
  2⤵
  PID:9864
- C:\Windows\System\XmFdXWn.exe
  C:\Windows\System\XmFdXWn.exe
  2⤵
  PID:9884
- C:\Windows\System\WlsTVld.exe
  C:\Windows\System\WlsTVld.exe
  2⤵
  PID:9900
- C:\Windows\System\COMAcpC.exe
  C:\Windows\System\COMAcpC.exe
  2⤵
  PID:9920
- C:\Windows\System\SUHhWgd.exe
  C:\Windows\System\SUHhWgd.exe
  2⤵
  PID:9940
- C:\Windows\System\eDsPQSB.exe
  C:\Windows\System\eDsPQSB.exe
  2⤵
  PID:9964
- C:\Windows\System\bipdpOr.exe
  C:\Windows\System\bipdpOr.exe
  2⤵
  PID:9980
- C:\Windows\System\FGXJDDz.exe
  C:\Windows\System\FGXJDDz.exe
  2⤵
  PID:9996
- C:\Windows\System\oZjLvJF.exe
  C:\Windows\System\oZjLvJF.exe
  2⤵
  PID:10012
- C:\Windows\System\OWCNUoc.exe
  C:\Windows\System\OWCNUoc.exe
  2⤵
  PID:10028
- C:\Windows\System\XVyDCpr.exe
  C:\Windows\System\XVyDCpr.exe
  2⤵
  PID:10044
- C:\Windows\System\tSGUqPX.exe
  C:\Windows\System\tSGUqPX.exe
  2⤵
  PID:10064
- C:\Windows\System\MDImBgH.exe
  C:\Windows\System\MDImBgH.exe
  2⤵
  PID:10088
- C:\Windows\System\wmXkNGF.exe
  C:\Windows\System\wmXkNGF.exe
  2⤵
  PID:10104
- C:\Windows\System\bDXJDax.exe
  C:\Windows\System\bDXJDax.exe
  2⤵
  PID:10124
- C:\Windows\System\fnSZNSG.exe
  C:\Windows\System\fnSZNSG.exe
  2⤵
  PID:10140
- C:\Windows\System\jyDNFao.exe
  C:\Windows\System\jyDNFao.exe
  2⤵
  PID:10156
- C:\Windows\System\EurjYLc.exe
  C:\Windows\System\EurjYLc.exe
  2⤵
  PID:10172
- C:\Windows\System\lbSxrQE.exe
  C:\Windows\System\lbSxrQE.exe
  2⤵
  PID:10188
- C:\Windows\System\wxpbZMK.exe
  C:\Windows\System\wxpbZMK.exe
  2⤵
  PID:10204
- C:\Windows\System\YXlZMNB.exe
  C:\Windows\System\YXlZMNB.exe
  2⤵
  PID:9228
- C:\Windows\System\pwtqMSG.exe
  C:\Windows\System\pwtqMSG.exe
  2⤵
  PID:9268
- C:\Windows\System\UwdAWzf.exe
  C:\Windows\System\UwdAWzf.exe
  2⤵
  PID:9368
- C:\Windows\System\YIFYvUS.exe
  C:\Windows\System\YIFYvUS.exe
  2⤵
  PID:9432
- C:\Windows\System\UbpzzQe.exe
  C:\Windows\System\UbpzzQe.exe
  2⤵
  PID:9476
- C:\Windows\System\snQgMRW.exe
  C:\Windows\System\snQgMRW.exe
  2⤵
  PID:9284
- C:\Windows\System\GbbMYqe.exe
  C:\Windows\System\GbbMYqe.exe
  2⤵
  PID:9384
- C:\Windows\System\wCtinKe.exe
  C:\Windows\System\wCtinKe.exe
  2⤵
  PID:9508
- C:\Windows\System\IRgTFqo.exe
  C:\Windows\System\IRgTFqo.exe
  2⤵
  PID:9596
- C:\Windows\System\ToMKThy.exe
  C:\Windows\System\ToMKThy.exe
  2⤵
  PID:9492
- C:\Windows\System\QmBxNWK.exe
  C:\Windows\System\QmBxNWK.exe
  2⤵
  PID:9568
- C:\Windows\System\DVAnKQo.exe
  C:\Windows\System\DVAnKQo.exe
  2⤵
  PID:9592
- C:\Windows\System\qiZoyyT.exe
  C:\Windows\System\qiZoyyT.exe
  2⤵
  PID:9608
- C:\Windows\System\UwjMBBC.exe
  C:\Windows\System\UwjMBBC.exe
  2⤵
  PID:9632
- C:\Windows\System\TbrENqf.exe
  C:\Windows\System\TbrENqf.exe
  2⤵
  PID:9672
- C:\Windows\System\HvMekag.exe
  C:\Windows\System\HvMekag.exe
  2⤵
  PID:9740
- C:\Windows\System\EYLZpFo.exe
  C:\Windows\System\EYLZpFo.exe
  2⤵
  PID:9788
- C:\Windows\System\wfVEcap.exe
  C:\Windows\System\wfVEcap.exe
  2⤵
  PID:9792
- C:\Windows\System\CchBMwu.exe
  C:\Windows\System\CchBMwu.exe
  2⤵
  PID:9844
- C:\Windows\System\BpXIzTw.exe
  C:\Windows\System\BpXIzTw.exe
  2⤵
  PID:9892
- C:\Windows\System\YHngPFq.exe
  C:\Windows\System\YHngPFq.exe
  2⤵
  PID:9908
- C:\Windows\System\xikRdnQ.exe
  C:\Windows\System\xikRdnQ.exe
  2⤵
  PID:9876
- C:\Windows\System\siWnWiF.exe
  C:\Windows\System\siWnWiF.exe
  2⤵
  PID:10036
- C:\Windows\System\yywFyLx.exe
  C:\Windows\System\yywFyLx.exe
  2⤵
  PID:10008
- C:\Windows\System\MjVfeiA.exe
  C:\Windows\System\MjVfeiA.exe
  2⤵
  PID:10056
- C:\Windows\System\ubtHCht.exe
  C:\Windows\System\ubtHCht.exe
  2⤵
  PID:10084
- C:\Windows\System\tXLJHVS.exe
  C:\Windows\System\tXLJHVS.exe
  2⤵
  PID:10080
- C:\Windows\System\UdWoiik.exe
  C:\Windows\System\UdWoiik.exe
  2⤵
  PID:10116
- C:\Windows\System\TdCLzfl.exe
  C:\Windows\System\TdCLzfl.exe
  2⤵
  PID:10228
- C:\Windows\System\VKXMjOu.exe
  C:\Windows\System\VKXMjOu.exe
  2⤵
  PID:8200
- C:\Windows\System\NUqmFLX.exe
  C:\Windows\System\NUqmFLX.exe
  2⤵
  PID:10136
- C:\Windows\System\lwMFkVY.exe
  C:\Windows\System\lwMFkVY.exe
  2⤵
  PID:9224
- C:\Windows\System\FxUQdeh.exe
  C:\Windows\System\FxUQdeh.exe
  2⤵
  PID:9400
- C:\Windows\System\aehPeeK.exe
  C:\Windows\System\aehPeeK.exe
  2⤵
  PID:9300
- C:\Windows\System\fCRPyJv.exe
  C:\Windows\System\fCRPyJv.exe
  2⤵
  PID:9336
- C:\Windows\System\EdKgmMZ.exe
  C:\Windows\System\EdKgmMZ.exe
  2⤵
  PID:9516
- C:\Windows\System\ouYUjLr.exe
  C:\Windows\System\ouYUjLr.exe
  2⤵
  PID:9556
- C:\Windows\System\WuPvAsY.exe
  C:\Windows\System\WuPvAsY.exe
  2⤵
  PID:9604
- C:\Windows\System\sfEhPUb.exe
  C:\Windows\System\sfEhPUb.exe
  2⤵
  PID:9620
- C:\Windows\System\pPPIoGB.exe
  C:\Windows\System\pPPIoGB.exe
  2⤵
  PID:9056
- C:\Windows\System\GupFHmV.exe
  C:\Windows\System\GupFHmV.exe
  2⤵
  PID:9756
- C:\Windows\System\BtRczuO.exe
  C:\Windows\System\BtRczuO.exe
  2⤵
  PID:9736
- C:\Windows\System\aRZzOTA.exe
  C:\Windows\System\aRZzOTA.exe
  2⤵
  PID:9812
- C:\Windows\System\HioBZRz.exe
  C:\Windows\System\HioBZRz.exe
  2⤵
  PID:9956
- C:\Windows\System\sllVmyf.exe
  C:\Windows\System\sllVmyf.exe
  2⤵
  PID:9880
- C:\Windows\System\ePWNhGw.exe
  C:\Windows\System\ePWNhGw.exe
  2⤵
  PID:9948
- C:\Windows\System\YopRQam.exe
  C:\Windows\System\YopRQam.exe
  2⤵
  PID:10076
- C:\Windows\System\jGRfoCk.exe
  C:\Windows\System\jGRfoCk.exe
  2⤵
  PID:10112
- C:\Windows\System\INDfYeB.exe
  C:\Windows\System\INDfYeB.exe
  2⤵
  PID:10196
- C:\Windows\System\elRyevl.exe
  C:\Windows\System\elRyevl.exe
  2⤵
  PID:9528
- C:\Windows\System\prYfwwy.exe
  C:\Windows\System\prYfwwy.exe
  2⤵
  PID:10224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\GiSMzDJ.exe

Filesize
6.0MB

MD5
7a22fb6f87527d0db7b7f781cc43045d

SHA1
4bb5b17348d9cc2580e3b115a7e13fdd3797565f

SHA256
b77362fb911c9f9a969010637dc4ce4d0e74069f28882c3b67cd6fdf8a14ee0a

SHA512
2bc4e699263bc170d83d02ce5852a0a40f1d9b5ed02abde121a0e3bc147fa14c7803f40ad95713bbc274455ec1bbdcb0c809bea21bbc8397bd16c62bbdd1b482

Download Submit
C:\Windows\system\JLlSZIR.exe

Filesize
6.0MB

MD5
64b37ff5a9c283172cf87d9e5ec9fb22

SHA1
f2ccafcc53e4d73b4ece97ae2039e6c666d69aa1

SHA256
eaa7a1bcb79687344cbd596fd149375f3c5527580d4423c66e492f523a450b42

SHA512
7d9eb3b301af2cf3264623e45efe37dccb2e6a14343b8c7dd245cc21acbff88d94ed009253e2d95d19029c625bd7414f3a6f9fb623d486c4f267ded89ae3ee76

Download Submit
C:\Windows\system\JrBILaR.exe

Filesize
6.0MB

MD5
362f2aeaf9258c2ad9c3cadaed562b85

SHA1
d5a48f4bc5245bf852daa0d0d5e625ab4bd667bd

SHA256
8b27fd5ea9fde63ed2dd5a6559f4033b2f7143a051de51e9f013127954cfc45c

SHA512
dcadc14352c211f03348abd3a1e6bdcbd0d368dd9a24bd69087e9430dd915d417fe7b74ce00d6d79501b32101716aac0f762b7454a9da575bf063e76bede56d9

Download Submit
C:\Windows\system\JxFUbON.exe

Filesize
6.0MB

MD5
1fa17ce29cb675f20be3918319f601b9

SHA1
80840c2aa840bb1156caf1e4879913fa68c6dc65

SHA256
f6b4cda9c532600187c40efabf6abe0831f9488fae9d4f33409b4e235cb36200

SHA512
19d32dd77dd6740eff292cd36a7b0dceaae6ed75ccdd19c7ea2496f982356bd15a0cf59095b3f2993dd9c70d5e5783ff0986a7ff86feb17a9f83666ddcc11d79

Download Submit
C:\Windows\system\KpoRvok.exe

Filesize
6.0MB

MD5
4e737c0e4f34a0cae30d6c1152cc1bf1

SHA1
3e54d42906c45bea018ec141366d671e9ae58199

SHA256
354153f0e7f000291f717dee4704150d6d81888c1ad86f6b9a49a241fe01a9ca

SHA512
ca215dca8b9ac4c70a98cf619ec8997f0140e3d5416e3615f83c46cd0ee835b94f42a1ee35ad077c293f24fc7811a98f9f98582f002cac79eb3dd556a974d561

Download Submit
C:\Windows\system\MJSfPTX.exe

Filesize
6.0MB

MD5
328914442ca72fe3776c76af5a707a88

SHA1
b511ad623599ff42c7914c3691b93ecde4d8b697

SHA256
038d17f6db91c8a7016e149da7863072dd139cb1d28850023d202313d2b6ff85

SHA512
347cb3936ebf35cca8b1637244715877a05000c2bbbd50cae2ad4f1806af3a007d3be2388606dd3be72f12d94b78540f5738b1bbb7c6017191166cea6d87fe03

Download Submit
C:\Windows\system\PRQlzTE.exe

Filesize
6.0MB

MD5
797ecb9d24d68544be7deef9c4026d2e

SHA1
0aa6ee91b3dadf8698000957e08bbc09793fe1b8

SHA256
83e45b565257c6488b6a5a791a23d944cc01fa61b2d989931d9a90609f3d64e6

SHA512
07e326502475df2be62de52a705ea6e34884bbf8ad70fd2c330e77704e1c275b3cb16d7527e5a254d720b1e8e5e10e61032a213d68457da3a97aade27640babe

Download Submit
C:\Windows\system\UHNadah.exe

Filesize
6.0MB

MD5
a75e9813f8e9a8a5956f5781a6fce571

SHA1
8412bd35b4c5c7482856cdeed131b027d4f3390a

SHA256
576505118d2aee206e7a89be4f02f322741ff67ea23ee4582cad094b444087d3

SHA512
793fb468ea072ad54cce2b1b09d9c1c5ad5e84b2671ea9174801124406c113ffc0a98948139d1c91fd77a0896196bd845eb8d1dbd4e7625ade240da6ccd45658

Download Submit
C:\Windows\system\bZyMwGx.exe

Filesize
6.0MB

MD5
b603035bb850642ace7c93d4e1de412f

SHA1
e271456d32bc451e242a7261bf207b03d9d2330d

SHA256
e9925041fb10ca95183dfcc5928caed223c75009444bbe79b139ef66bdb8a1a2

SHA512
018802ee8144c6be24542279ba2cf906b9a901c542f2649015b59a81a53456d0f6e324244d0c35019a6664141c8d3fb39321302545b834e2a3a505155b8d6f2f

Download Submit
C:\Windows\system\fJVJpxM.exe

Filesize
6.0MB

MD5
b4868e196e20ce9a70b04ff8c434699c

SHA1
adf557cda0c169656d7c46fe875984f6cac43085

SHA256
ee8d8b88d07178e6d00df6f4bd4953b9921402d93d8762bb71087feec1d7dec1

SHA512
d95daafae44768cb63f4f42da82a1fcdf6787e317688b2c52a0fc028c355bcea5908944057ebd146cbc83d473ae10d7b44e072258e17985f1f1f55db55495b55

Download Submit
C:\Windows\system\gcDHOIM.exe

Filesize
6.0MB

MD5
f5bfeaa12d124b4dedeb0918bba6c51e

SHA1
95196f49cd7ad2b937e2ee41ea9f914bc4c6b1fd

SHA256
1276af823b79ab0d5fc9359bd6b9ae9be7e224395dbd5a1cc132726803379e0a

SHA512
32f76c4bd67a37f42aa72de1b8a411359bd7c7d1e0f02385d1a871d33102f23bd349b69b3d523300df387436a7d340d9948184b3e0a09583cf8f254052ab195c

Download Submit
C:\Windows\system\htEksmc.exe

Filesize
6.0MB

MD5
91d0def006e2e971f017ef1f656f1237

SHA1
f7e9d17dfb4d2b476086ab7d0fe5cf1bdcc05bd6

SHA256
77a32f750bb92c7f83106284a9083392251ec6e2e6d0efb304cac960872abad3

SHA512
0c6664dab8e83a47410adc34893e76f17d7f01f235ff15e31cae5eb979462b151b1648d9c30419a2b9c1315e73e72e88ee6c09620bc3156d5f133b9e43a890c7

Download Submit
C:\Windows\system\jPrzmox.exe

Filesize
6.0MB

MD5
5e42fc9240b845e16908937d027fb4f6

SHA1
5559cc4a998d5ae6ce345bc7ee109a6c68b1b9e3

SHA256
27d2f25d94d6a259f4cef12f0f235f85570d508a929ef6753f97f409eea8bfbf

SHA512
923306184f2c8c03243d2d2006e81f80d02441d966adb0886ed1521e029997733b5814a7d5259a84e910dc49ca27ad6c4670e9ca47c3b6f3331dcd3fb823e20d

Download Submit
C:\Windows\system\oBWsmJl.exe

Filesize
6.0MB

MD5
325d83fc9801d896c59df4c250aa214f

SHA1
236705e8a579f9b1e8795d9dfe9ac2524ec66e26

SHA256
771561d0f989d2cbfef24883fa1bfd7d201d94566686d76c1f54ac548dad0b5f

SHA512
885ee90b95c0260b8602b44f9e93bb03e870383cda260841d3ef2a18035efa98615da73ec0d7d56f96e515ea5e888e01ebcbc21f5aa359307b9d000877765d27

Download Submit
C:\Windows\system\ozLnbLM.exe

Filesize
6.0MB

MD5
7dd848845208573db7d63b1ba8b1fc15

SHA1
d436353cbc715d00a5e7244c7002d1a5ba9d22c8

SHA256
a9ec461e46f0ad7fbfd98a29344014b023c496d4b114fee1734378a672a56a3e

SHA512
19d09bfc3141640527528d7b4fcc8691f73c69dcb37afbdf0eb3d93ac130f7b3387b604b2638b79452facfc41cb1c8ba612262442ec396aef08c3748139d5ff0

Download Submit
C:\Windows\system\pGUTLpI.exe

Filesize
6.0MB

MD5
b049a4f42da9e6ffcccf7cead732e93f

SHA1
5d2e5cdf67c34697d7289cf939d3ddffaef62f30

SHA256
b995f8bac16d7766673e342ccab2223392aba86896f83bff50ed9150a70482c8

SHA512
29b7fe2ab92a9519e842c0a56897065fc026b69068029bc9d4df5b905246f20649bc3509a1bc46a1dfbdb2f8f50cb1e954016be07f3b5c591ccc773660624401

Download Submit
C:\Windows\system\pMRnCGv.exe

Filesize
6.0MB

MD5
2c6b79351931c4388ddaaf88c61587f7

SHA1
6e54e51006b88d372c2add6c7d3aa4c377d66b49

SHA256
6b647f859c96997b6f1b45752df3ffeff70c1003fcfbe4e1e75d71f4fb319b52

SHA512
7c6cf4317949c302a4ac918bb7c598c97576c37b948e9a4896244c5082feb8083c256a1175ac8fc7e42fa519150c7e73a8f7bb9e4cdf17a707c4e2e22de59049

Download Submit
C:\Windows\system\qEjUEhT.exe

Filesize
6.0MB

MD5
02a28495349585eda49618c93d41d2c4

SHA1
e7ed9dda0ed1603ea758017cdf64051b0dec4792

SHA256
83c03b67c375cbac2f00f1cb545cb8b945f052a8f22ed31577faa217d2f29a43

SHA512
98e6246fa77598e41867cf7ff7bd4e302726a370ad3f1d804ff0101a62b3ff752d6f0b71852b62a23f00728bcc06fb3f62e57512023f8f3d11476edf6b0fc835

Download Submit
C:\Windows\system\rJhqkdI.exe

Filesize
6.0MB

MD5
ee859a5613139749fbe2be48123c9c16

SHA1
fcd5ec9ed2d47a9f760eb94eec6dc0a293ce5d32

SHA256
095c9614cd7721835f5af0f48b5bae0d2e25ade5e411e4400b207fb52423e906

SHA512
0b71d4098b3e19ba2ff8a8ca4737fd6399ab0cda01812b04e39d4fa53de508a287a386ea39f85353360593c5ff4935365c250cb1f05eb804aaef8c2b4d73a9df

Download Submit
C:\Windows\system\sZnkyPZ.exe

Filesize
6.0MB

MD5
753cc2f8e1f577c69c0a39adaf001781

SHA1
8ec31c75f4ccc2748821948edd1442cc74a89bc9

SHA256
ee97a2d8036b68d8b59ed298173211fd72ff3299e7aec83131bc9b361f7d3b76

SHA512
900e904b45831a502557882fca11cdfd31978e26fef66f835b44fe4160bba6008a4b20aefe33aa332037cbf89a85fb0998ea5b2e395541ae2a77dbafd377224e

Download Submit
C:\Windows\system\uUkjVXy.exe

Filesize
6.0MB

MD5
e3c966998f38cb481c80c22fedb04869

SHA1
4728e6acd1102647aff522c98f0458d937023cae

SHA256
f8ee9c919bc02799b5290ed92da06405108fc632dd44e73ddb861ce644f2f28f

SHA512
6227ba4460ce56f9a851ba6b7e35ae074126c8d17b379345e79bab6c5b23e1babf0ad538828d8d7af7786daf7d25b4f15fa5017c869e859eb77d981950915619

Download Submit
C:\Windows\system\vZQFJaY.exe

Filesize
6.0MB

MD5
3941a179e7bcccca5a07211f7206776b

SHA1
d69f7a7d730abc653a1124f27972215cfbf6fe72

SHA256
5f60ce1eba8b4ddef84623da166bd0e4ba3053bd8702142609c414b9a188c765

SHA512
74ffb8b4fa210ac2f29293bdb4d6810f4ebc353a97fa1f0d0ec55bcbc50ccde9d1f5893d135088e118a18ceaec886127f61af00383f4e62ea1c298ecdd277d32

Download Submit
C:\Windows\system\yXlYgJL.exe

Filesize
6.0MB

MD5
97358d0a397ddf8281f6db05d66f2294

SHA1
2b709135a81e5cf398edb68e33647b538d4eb37c

SHA256
f100ce270cc6eb8e5bc8c41d25bc70a51ebc1147af22aa9f7b37241a92770210

SHA512
11e740527025b2df3595034491884b8caae9df69a6a30546cdf8561093510bb20d447facd91a6dd80a3e85a80b892f47a34ffaa9953d8bb06e3162f6b64ca457

Download Submit
C:\Windows\system\yZhPIJw.exe

Filesize
6.0MB

MD5
1f4584d5804589d35f5e083ff55a1e38

SHA1
2f36fbefff57c0d9dd450553bac44dac49d22322

SHA256
2c9094f95a3665b0a8d21455f0bbce6f5655ddc7aaa0a1d8bf8ec16522f4edfe

SHA512
786b0ef4489904026b94670ffc4444d4e59b85acc33b03269c00665cf41eb72432aff6f524c0168b2d03e6cd96290c0f36e75c9a3498a0dd390b7f722dc28e2d

Download Submit
C:\Windows\system\ynbeuLI.exe

Filesize
6.0MB

MD5
fa26a99a94525bf0ebceb8ccbf7e38d2

SHA1
bd37c58820971493dd59c0ef3021874724f45c00

SHA256
20499281a590fbbf90758f73f7191e839964fe95cd01d14058a8541daca95031

SHA512
7e2a2a7c9a8faa1c4e7f9084df29298809aeb0791282114404c283009d140339ef96e8439665c85acf826a6e6f29bba90efc1b4e608d2c9845c782852dc8b4ac

Download Submit
C:\Windows\system\zhPlMge.exe

Filesize
6.0MB

MD5
1b61f6428d0efc06b75c7db84986631f

SHA1
1b31f045201d489e4102c684c5802c2e4cafb464

SHA256
5488a0a605c509ee8678a22198abee70e55826cc822a4188154b2d5bcf0bbaad

SHA512
187259132b868bc79fdf55644ab846f82e61650b297084acfc5887b7d486246bd6229e5a6072d7d42a07e17632a840d8a3e6748b2fd7c08d07fe341753843681

Download Submit
\Windows\system\LArSlbt.exe

Filesize
6.0MB

MD5
f6b7c7c35974077ec0eded273f9f5f1c

SHA1
2391400e44d234db2218029512d5b409061f07fa

SHA256
466c165744e16c487e341c2ef74f61a2ab4c30dcef84a1d81fd3270acea9bbad

SHA512
4221394ff102649cbaf5feea651b58c48f07d4b6922b30fb07e553adce85513c148faea3710f9d810a2f21867c1d30906135e95e9097311b24a90b7296e50c48

Download Submit
\Windows\system\SXhSAMg.exe

Filesize
6.0MB

MD5
915d6c5e196ef11521c7fd23aa6832d1

SHA1
1150a8e5f9ba093bb74fe13866030d66dfd8f9fb

SHA256
9dded9bd7bb569093b32a62e231fd5622ab42704960f7126910c327c0f106f10

SHA512
dad037a05079aad008c6514c1d587f4a6bf0250a734595a0844d79a619e7e4396fc28190085be5ecf47f318947c749b0809bd99b2e3c34b1171bce79fe2bbe29

Download Submit
\Windows\system\ZjQFUgN.exe

Filesize
6.0MB

MD5
8a47519f0b34b4720e9558dd37f960c5

SHA1
e31391e20dd396ae27715c659dcd2f2eec7be6df

SHA256
78f782e6aca0ea05d5094490f1078bd27ba16094f8f4f86ea70efbefb6b95a27

SHA512
de099e28fd4e9fe56ffe81dc9231058ac44634198d3f84ca8c4ca3a676424a4b12a7bfbfb9ec83ca3fd630f66f858aca1dc8bfb62f5b91ed2feb338c9ce34fed

Download Submit
\Windows\system\bXXbywt.exe

Filesize
6.0MB

MD5
69ad361853984ad4c3a8b6ec2972a827

SHA1
018c0cc78d65e3724ac90880874cca4459c1595d

SHA256
e2e8a7cd4682b30d2626f56603cb5e8395c3b61bdd67b6213e647d4ece387ecf

SHA512
0f409f58fd4688f828f49a16c4359db11da40d16d6bc8bf3db22760dbba90a614c4a22ca2b82bf0a5ac072589145835167659aa6b259a01eb4fddc0b15eaccfa

Download Submit
\Windows\system\nbkaHIf.exe

Filesize
6.0MB

MD5
cdc371bbb3fe2e299ed6e74f17b0319d

SHA1
6213393eee5daaeb51a49cda7ede325c7ad6f0a1

SHA256
dc602fea97c6016daf78456251d49c68b7c8be8cdd78a3983a9da82920329a5e

SHA512
568e2cba4dda5aa30dac7ac02138219d603984c2ed437bed295bf7aac224e3e3385054894eb4505e10543789010c513c98944c6b99f023854c7acdbff692f778

Download Submit
\Windows\system\qFEagJn.exe

Filesize
6.0MB

MD5
a723d9a0d7d3d6767a0e1ac6ac6f4d38

SHA1
aebecf5371781ce792a52fa9ca2e0dd94fa0f95d

SHA256
041c8527e22fd00b333069b9252e9f447acfb8ab58b7bf6f5451faa8d2ae5847

SHA512
aad74104bfa6f75d45f42f2b0724cd98088ee8e1ff0b57ed9d5e3b0db21230f08943692f2ef694b997c6a295b42381f4ec2f5c6f2dde81add0dfbd4ecebead71

Download Submit
memory/2240-3119-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2240-71-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-3136-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2324-42-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2340-79-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-4747-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-107-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-3132-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-54-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3177-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3193-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2756-76-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2772-80-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3152-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2772-798-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2856-61-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-3170-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-103-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-3137-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-74-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2908-3153-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2936-57-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-587-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-104-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2936-81-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-919-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-0-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-78-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-56-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2936-77-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2936-588-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-18-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-50-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-49-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-24-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2936-589-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2936-75-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-688-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-72-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2936-73-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-3130-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2944-106-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/3008-3110-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/3008-65-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/3028-105-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/3028-3192-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3135-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/3048-920-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/3048-82-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download