cobaltstrike | 605096e43f0fe99f8798e749bd433f77fcefea31938edf3867ac978a26ac51e2

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-12-2024 17:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

9701cc7d9b86744d26a3370b6285da03
SHA1

7be4fa225e9f5bfc62c7695e9bf307abfa590159
SHA256

605096e43f0fe99f8798e749bd433f77fcefea31938edf3867ac978a26ac51e2
SHA512

574ce6fe748a023642d0aefe6b37bbebc67cbaf277d7d063ebab44db99ec32351959b1f3b923d9b89db4166b476ab992ca20af4d023ab5cab62a774bdb1992e9
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUK:T+q56utgpPF8u/7K

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012029-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d64-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d6d-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d75-24.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903d-54.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e47-49.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019228-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019241-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933e-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-179.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-192.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-187.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-172.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ea-195.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-177.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192f0-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925c-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019346-133.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d2e-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-92.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f1b-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001920f-68.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000160ae-59.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e25-58.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d7f-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2496-0-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012029-3.dat	xmrig
behavioral1/files/0x0008000000015d64-8.dat	xmrig
behavioral1/memory/1076-12-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2144-15-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d6d-10.dat	xmrig
behavioral1/memory/1668-23-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d75-24.dat	xmrig
behavioral1/memory/2228-29-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x000600000001903d-54.dat	xmrig
behavioral1/files/0x0007000000015e47-49.dat	xmrig
behavioral1/memory/2764-80-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2940-82-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019228-85.dat	xmrig
behavioral1/memory/2612-96-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/1668-89-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2636-88-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2228-97-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x0005000000019241-99.dat	xmrig
behavioral1/memory/1452-105-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x0005000000019273-117.dat	xmrig
behavioral1/files/0x000500000001933e-127.dat	xmrig
behavioral1/files/0x00050000000193af-154.dat	xmrig
behavioral1/files/0x00050000000194a7-179.dat	xmrig
behavioral1/files/0x00050000000194e2-192.dat	xmrig
behavioral1/memory/2636-880-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2496-294-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/files/0x00050000000194b4-187.dat	xmrig
behavioral1/files/0x00050000000194d4-185.dat	xmrig
behavioral1/files/0x0005000000019408-172.dat	xmrig
behavioral1/files/0x00050000000193f8-165.dat	xmrig
behavioral1/files/0x00050000000193c9-161.dat	xmrig
behavioral1/files/0x00050000000194ea-195.dat	xmrig
behavioral1/files/0x00050000000194da-189.dat	xmrig
behavioral1/files/0x0005000000019494-177.dat	xmrig
behavioral1/files/0x00050000000193fa-169.dat	xmrig
behavioral1/files/0x0005000000019384-140.dat	xmrig
behavioral1/files/0x000500000001932a-130.dat	xmrig
behavioral1/files/0x00050000000193a2-147.dat	xmrig
behavioral1/files/0x00050000000192f0-121.dat	xmrig
behavioral1/files/0x000500000001925c-115.dat	xmrig
behavioral1/files/0x0005000000019346-133.dat	xmrig
behavioral1/files/0x0008000000015d2e-108.dat	xmrig
behavioral1/files/0x0005000000019234-92.dat	xmrig
behavioral1/memory/2812-81-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2164-77-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2496-72-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f1b-70.dat	xmrig
behavioral1/memory/2144-69-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x000500000001920f-68.dat	xmrig
behavioral1/memory/2724-60-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2952-67-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2496-64-0x0000000002460000-0x00000000027B4000-memory.dmp	xmrig
behavioral1/files/0x00090000000160ae-59.dat	xmrig
behavioral1/files/0x0007000000015e25-58.dat	xmrig
behavioral1/memory/1076-53-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2884-37-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2496-39-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d7f-33.dat	xmrig
behavioral1/memory/1076-4009-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2144-4010-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/1668-4011-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2884-4012-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2228-4013-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1076	IXvdUXw.exe
2144	aGIuICo.exe
1668	TDRCMBN.exe
2228	dNKAOfw.exe
2884	MmuyQyO.exe
2724	PxqBWoa.exe
2164	ADWbQir.exe
2952	rEkbskn.exe
2764	ulzazvu.exe
2812	eRqGHxt.exe
2940	PUDlNaR.exe
2636	wvoTouL.exe
2612	HKPQgkv.exe
1452	TfJdyoA.exe
1688	eetpTiN.exe
1632	OWPcaCX.exe
276	mcfjGxL.exe
2040	NcGlHqM.exe
1340	dBMomvB.exe
1716	vZhWmpx.exe
2140	cJECQJt.exe
2620	VduwSGR.exe
1852	copOwCm.exe
2648	GbdXIRb.exe
2472	sTBCWfp.exe
2072	MPCYACi.exe
660	fFBSDkF.exe
1960	cdgXqdW.exe
1392	dbCyIzq.exe
1204	nwWSXUS.exe
992	BuxZwUP.exe
2352	ZtAzBJN.exe
392	GtwzEKq.exe
1724	HGbjGLb.exe
1444	sqzGVBZ.exe
1292	nNpcTyf.exe
1416	JzcqTHK.exe
1600	CLDuBlA.exe
856	jzMWsTC.exe
2412	rHpqVkS.exe
2288	cpyhKan.exe
1396	MqaQsOv.exe
876	UvHCApf.exe
1304	CYyVQlc.exe
880	DzcUBnY.exe
2300	CYpTCOf.exe
1624	kOHCRoy.exe
1792	FznwSgt.exe
2860	DTavcet.exe
2460	YMtiPwf.exe
3012	sHtUQVl.exe
884	BHjGhdd.exe
852	xYEIcSJ.exe
2828	bgaDcek.exe
2900	QbzcFgR.exe
2092	ahQXtsx.exe
3068	yNkncnB.exe
2104	ohhGbpu.exe
3048	ZbZoTiE.exe
888	cnDIjOS.exe
2216	GKcpAOq.exe
1480	HvYihUp.exe
2232	wgPRAxJ.exe
2016	vzdsPbw.exe

Loads dropped DLL 64 IoCs

pid	Process
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2496-0-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x000b000000012029-3.dat	upx
behavioral1/files/0x0008000000015d64-8.dat	upx
behavioral1/memory/1076-12-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2144-15-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x0008000000015d6d-10.dat	upx
behavioral1/memory/1668-23-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x0008000000015d75-24.dat	upx
behavioral1/memory/2228-29-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x000600000001903d-54.dat	upx
behavioral1/files/0x0007000000015e47-49.dat	upx
behavioral1/memory/2764-80-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2940-82-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/files/0x0005000000019228-85.dat	upx
behavioral1/memory/2612-96-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/1668-89-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2636-88-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2228-97-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x0005000000019241-99.dat	upx
behavioral1/memory/1452-105-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x0005000000019273-117.dat	upx
behavioral1/files/0x000500000001933e-127.dat	upx
behavioral1/files/0x00050000000193af-154.dat	upx
behavioral1/files/0x00050000000194a7-179.dat	upx
behavioral1/files/0x00050000000194e2-192.dat	upx
behavioral1/memory/2636-880-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x00050000000194b4-187.dat	upx
behavioral1/files/0x00050000000194d4-185.dat	upx
behavioral1/files/0x0005000000019408-172.dat	upx
behavioral1/files/0x00050000000193f8-165.dat	upx
behavioral1/files/0x00050000000193c9-161.dat	upx
behavioral1/files/0x00050000000194ea-195.dat	upx
behavioral1/files/0x00050000000194da-189.dat	upx
behavioral1/files/0x0005000000019494-177.dat	upx
behavioral1/files/0x00050000000193fa-169.dat	upx
behavioral1/files/0x0005000000019384-140.dat	upx
behavioral1/files/0x000500000001932a-130.dat	upx
behavioral1/files/0x00050000000193a2-147.dat	upx
behavioral1/files/0x00050000000192f0-121.dat	upx
behavioral1/files/0x000500000001925c-115.dat	upx
behavioral1/files/0x0005000000019346-133.dat	upx
behavioral1/files/0x0008000000015d2e-108.dat	upx
behavioral1/files/0x0005000000019234-92.dat	upx
behavioral1/memory/2812-81-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2164-77-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/files/0x0007000000015f1b-70.dat	upx
behavioral1/memory/2144-69-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x000500000001920f-68.dat	upx
behavioral1/memory/2724-60-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2952-67-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/files/0x00090000000160ae-59.dat	upx
behavioral1/files/0x0007000000015e25-58.dat	upx
behavioral1/memory/1076-53-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2884-37-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2496-39-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x0008000000015d7f-33.dat	upx
behavioral1/memory/1076-4009-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2144-4010-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/1668-4011-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2884-4012-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2228-4013-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2724-4014-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2952-4015-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2164-4016-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pWvzWhm.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tZAAVNq.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ttuhvoG.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nwbPlMV.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dDuIbAg.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHZmHLn.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VIlPToR.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zWPOBAR.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gaaRYUo.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVVaAll.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SUmesXT.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CTdNhgI.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BgVrqBo.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GYNZWKB.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qtWCaxq.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AoWCMRb.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RzoiUop.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zTqCiQR.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fAYuBWT.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfVjhoE.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRSaiJF.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RCdMZEx.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ySqIYHB.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\roZUqlz.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DEkiCEk.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZXJYERu.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OWPcaCX.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GJhPLRT.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PcTaESM.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QOcVaGy.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mcfjGxL.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QGonJZw.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQZkaIk.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fzCkYts.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eyXceMv.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YuayuVB.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPlQQcI.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mThnKJf.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgxfLWu.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ozIPOvP.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EsdexqE.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PPRtpBB.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pyiwqXM.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMtiPwf.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ocNlmmC.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WymhzkT.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BpXuScx.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IInJkiL.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OqmKIMQ.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pSfGJyZ.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wgPRAxJ.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\znkUVMP.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CWscpQo.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mxugApR.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nKSrPyZ.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WZMmZve.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\USwQhUj.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vOEiXwX.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hIcdcPW.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gkULlnT.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QLpEYMB.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hKgLBHJ.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sTzaZgc.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gJvHJxx.exe	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 1076	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2496 wrote to memory of 1076	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2496 wrote to memory of 1076	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2496 wrote to memory of 2144	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2496 wrote to memory of 2144	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2496 wrote to memory of 2144	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2496 wrote to memory of 1668	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2496 wrote to memory of 1668	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2496 wrote to memory of 1668	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2496 wrote to memory of 2228	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2496 wrote to memory of 2228	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2496 wrote to memory of 2228	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2496 wrote to memory of 2884	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2496 wrote to memory of 2884	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2496 wrote to memory of 2884	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2496 wrote to memory of 2164	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2496 wrote to memory of 2164	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2496 wrote to memory of 2164	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2496 wrote to memory of 2724	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2496 wrote to memory of 2724	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2496 wrote to memory of 2724	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2496 wrote to memory of 2812	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2496 wrote to memory of 2812	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2496 wrote to memory of 2812	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2496 wrote to memory of 2952	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2496 wrote to memory of 2952	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2496 wrote to memory of 2952	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2496 wrote to memory of 2940	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2496 wrote to memory of 2940	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2496 wrote to memory of 2940	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2496 wrote to memory of 2764	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2496 wrote to memory of 2764	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2496 wrote to memory of 2764	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2496 wrote to memory of 2636	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2496 wrote to memory of 2636	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2496 wrote to memory of 2636	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2496 wrote to memory of 2612	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2496 wrote to memory of 2612	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2496 wrote to memory of 2612	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2496 wrote to memory of 1452	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2496 wrote to memory of 1452	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2496 wrote to memory of 1452	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2496 wrote to memory of 1688	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2496 wrote to memory of 1688	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2496 wrote to memory of 1688	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2496 wrote to memory of 1632	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2496 wrote to memory of 1632	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2496 wrote to memory of 1632	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2496 wrote to memory of 276	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2496 wrote to memory of 276	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2496 wrote to memory of 276	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2496 wrote to memory of 1716	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2496 wrote to memory of 1716	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2496 wrote to memory of 1716	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2496 wrote to memory of 2040	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2496 wrote to memory of 2040	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2496 wrote to memory of 2040	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2496 wrote to memory of 2140	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2496 wrote to memory of 2140	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2496 wrote to memory of 2140	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2496 wrote to memory of 1340	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2496 wrote to memory of 1340	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2496 wrote to memory of 1340	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2496 wrote to memory of 1852	2496	2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-13_9701cc7d9b86744d26a3370b6285da03_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Windows\System\IXvdUXw.exe
  C:\Windows\System\IXvdUXw.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\aGIuICo.exe
  C:\Windows\System\aGIuICo.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\TDRCMBN.exe
  C:\Windows\System\TDRCMBN.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\dNKAOfw.exe
  C:\Windows\System\dNKAOfw.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\MmuyQyO.exe
  C:\Windows\System\MmuyQyO.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\ADWbQir.exe
  C:\Windows\System\ADWbQir.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\PxqBWoa.exe
  C:\Windows\System\PxqBWoa.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\eRqGHxt.exe
  C:\Windows\System\eRqGHxt.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\rEkbskn.exe
  C:\Windows\System\rEkbskn.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\PUDlNaR.exe
  C:\Windows\System\PUDlNaR.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\ulzazvu.exe
  C:\Windows\System\ulzazvu.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\wvoTouL.exe
  C:\Windows\System\wvoTouL.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\HKPQgkv.exe
  C:\Windows\System\HKPQgkv.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\TfJdyoA.exe
  C:\Windows\System\TfJdyoA.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\eetpTiN.exe
  C:\Windows\System\eetpTiN.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\OWPcaCX.exe
  C:\Windows\System\OWPcaCX.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\mcfjGxL.exe
  C:\Windows\System\mcfjGxL.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\vZhWmpx.exe
  C:\Windows\System\vZhWmpx.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\NcGlHqM.exe
  C:\Windows\System\NcGlHqM.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\cJECQJt.exe
  C:\Windows\System\cJECQJt.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\dBMomvB.exe
  C:\Windows\System\dBMomvB.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\copOwCm.exe
  C:\Windows\System\copOwCm.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\VduwSGR.exe
  C:\Windows\System\VduwSGR.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\GbdXIRb.exe
  C:\Windows\System\GbdXIRb.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\sTBCWfp.exe
  C:\Windows\System\sTBCWfp.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\MPCYACi.exe
  C:\Windows\System\MPCYACi.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\fFBSDkF.exe
  C:\Windows\System\fFBSDkF.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\GtwzEKq.exe
  C:\Windows\System\GtwzEKq.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\cdgXqdW.exe
  C:\Windows\System\cdgXqdW.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\HGbjGLb.exe
  C:\Windows\System\HGbjGLb.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\dbCyIzq.exe
  C:\Windows\System\dbCyIzq.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\sqzGVBZ.exe
  C:\Windows\System\sqzGVBZ.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\nwWSXUS.exe
  C:\Windows\System\nwWSXUS.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\nNpcTyf.exe
  C:\Windows\System\nNpcTyf.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\BuxZwUP.exe
  C:\Windows\System\BuxZwUP.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\JzcqTHK.exe
  C:\Windows\System\JzcqTHK.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\ZtAzBJN.exe
  C:\Windows\System\ZtAzBJN.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\CLDuBlA.exe
  C:\Windows\System\CLDuBlA.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\jzMWsTC.exe
  C:\Windows\System\jzMWsTC.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\QbzcFgR.exe
  C:\Windows\System\QbzcFgR.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\rHpqVkS.exe
  C:\Windows\System\rHpqVkS.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\ahQXtsx.exe
  C:\Windows\System\ahQXtsx.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\cpyhKan.exe
  C:\Windows\System\cpyhKan.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\yNkncnB.exe
  C:\Windows\System\yNkncnB.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\MqaQsOv.exe
  C:\Windows\System\MqaQsOv.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\ohhGbpu.exe
  C:\Windows\System\ohhGbpu.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\UvHCApf.exe
  C:\Windows\System\UvHCApf.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\ZbZoTiE.exe
  C:\Windows\System\ZbZoTiE.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\CYyVQlc.exe
  C:\Windows\System\CYyVQlc.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\cnDIjOS.exe
  C:\Windows\System\cnDIjOS.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\DzcUBnY.exe
  C:\Windows\System\DzcUBnY.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\GKcpAOq.exe
  C:\Windows\System\GKcpAOq.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\CYpTCOf.exe
  C:\Windows\System\CYpTCOf.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\HvYihUp.exe
  C:\Windows\System\HvYihUp.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\kOHCRoy.exe
  C:\Windows\System\kOHCRoy.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\wgPRAxJ.exe
  C:\Windows\System\wgPRAxJ.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\FznwSgt.exe
  C:\Windows\System\FznwSgt.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\vzdsPbw.exe
  C:\Windows\System\vzdsPbw.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\DTavcet.exe
  C:\Windows\System\DTavcet.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\yQqaPhm.exe
  C:\Windows\System\yQqaPhm.exe
  2⤵
  PID:2736
- C:\Windows\System\YMtiPwf.exe
  C:\Windows\System\YMtiPwf.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\fSLstUV.exe
  C:\Windows\System\fSLstUV.exe
  2⤵
  PID:2608
- C:\Windows\System\sHtUQVl.exe
  C:\Windows\System\sHtUQVl.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\wVLZlaq.exe
  C:\Windows\System\wVLZlaq.exe
  2⤵
  PID:2576
- C:\Windows\System\BHjGhdd.exe
  C:\Windows\System\BHjGhdd.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\wrCDaBz.exe
  C:\Windows\System\wrCDaBz.exe
  2⤵
  PID:2484
- C:\Windows\System\xYEIcSJ.exe
  C:\Windows\System\xYEIcSJ.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\nqylOwI.exe
  C:\Windows\System\nqylOwI.exe
  2⤵
  PID:1268
- C:\Windows\System\bgaDcek.exe
  C:\Windows\System\bgaDcek.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\XdzjCgJ.exe
  C:\Windows\System\XdzjCgJ.exe
  2⤵
  PID:300
- C:\Windows\System\PFEMgMC.exe
  C:\Windows\System\PFEMgMC.exe
  2⤵
  PID:2908
- C:\Windows\System\nnJsoMw.exe
  C:\Windows\System\nnJsoMw.exe
  2⤵
  PID:564
- C:\Windows\System\aMBwZYm.exe
  C:\Windows\System\aMBwZYm.exe
  2⤵
  PID:1556
- C:\Windows\System\doyiuli.exe
  C:\Windows\System\doyiuli.exe
  2⤵
  PID:1888
- C:\Windows\System\rYVgfXt.exe
  C:\Windows\System\rYVgfXt.exe
  2⤵
  PID:3036
- C:\Windows\System\uoqUagu.exe
  C:\Windows\System\uoqUagu.exe
  2⤵
  PID:2660
- C:\Windows\System\UZRgQSP.exe
  C:\Windows\System\UZRgQSP.exe
  2⤵
  PID:2780
- C:\Windows\System\gNqpYrx.exe
  C:\Windows\System\gNqpYrx.exe
  2⤵
  PID:2176
- C:\Windows\System\HhuTDWI.exe
  C:\Windows\System\HhuTDWI.exe
  2⤵
  PID:1884
- C:\Windows\System\oEfhRKe.exe
  C:\Windows\System\oEfhRKe.exe
  2⤵
  PID:1984
- C:\Windows\System\SfLWPja.exe
  C:\Windows\System\SfLWPja.exe
  2⤵
  PID:1856
- C:\Windows\System\NDcEFEF.exe
  C:\Windows\System\NDcEFEF.exe
  2⤵
  PID:892
- C:\Windows\System\RQAeFRz.exe
  C:\Windows\System\RQAeFRz.exe
  2⤵
  PID:532
- C:\Windows\System\oWuAFAd.exe
  C:\Windows\System\oWuAFAd.exe
  2⤵
  PID:2088
- C:\Windows\System\HnLBtBo.exe
  C:\Windows\System\HnLBtBo.exe
  2⤵
  PID:1640
- C:\Windows\System\uIjRmIh.exe
  C:\Windows\System\uIjRmIh.exe
  2⤵
  PID:1696
- C:\Windows\System\Fthvscz.exe
  C:\Windows\System\Fthvscz.exe
  2⤵
  PID:2816
- C:\Windows\System\UOVTuUf.exe
  C:\Windows\System\UOVTuUf.exe
  2⤵
  PID:108
- C:\Windows\System\bDjLURB.exe
  C:\Windows\System\bDjLURB.exe
  2⤵
  PID:2980
- C:\Windows\System\oBbfLtC.exe
  C:\Windows\System\oBbfLtC.exe
  2⤵
  PID:1448
- C:\Windows\System\chZihgr.exe
  C:\Windows\System\chZihgr.exe
  2⤵
  PID:2284
- C:\Windows\System\AxgoOaO.exe
  C:\Windows\System\AxgoOaO.exe
  2⤵
  PID:2188
- C:\Windows\System\oBzMCXk.exe
  C:\Windows\System\oBzMCXk.exe
  2⤵
  PID:1720
- C:\Windows\System\YDyDJAb.exe
  C:\Windows\System\YDyDJAb.exe
  2⤵
  PID:1504
- C:\Windows\System\JtXjIgh.exe
  C:\Windows\System\JtXjIgh.exe
  2⤵
  PID:3080
- C:\Windows\System\JErDQgN.exe
  C:\Windows\System\JErDQgN.exe
  2⤵
  PID:3100
- C:\Windows\System\AvsftGQ.exe
  C:\Windows\System\AvsftGQ.exe
  2⤵
  PID:3120
- C:\Windows\System\jyHipXn.exe
  C:\Windows\System\jyHipXn.exe
  2⤵
  PID:3140
- C:\Windows\System\svUjmCQ.exe
  C:\Windows\System\svUjmCQ.exe
  2⤵
  PID:3160
- C:\Windows\System\QaXmQsS.exe
  C:\Windows\System\QaXmQsS.exe
  2⤵
  PID:3180
- C:\Windows\System\kVGuKAC.exe
  C:\Windows\System\kVGuKAC.exe
  2⤵
  PID:3200
- C:\Windows\System\CsXeRux.exe
  C:\Windows\System\CsXeRux.exe
  2⤵
  PID:3220
- C:\Windows\System\lsayhMw.exe
  C:\Windows\System\lsayhMw.exe
  2⤵
  PID:3240
- C:\Windows\System\TxlvYtB.exe
  C:\Windows\System\TxlvYtB.exe
  2⤵
  PID:3260
- C:\Windows\System\gIGpWii.exe
  C:\Windows\System\gIGpWii.exe
  2⤵
  PID:3280
- C:\Windows\System\EPBLXSV.exe
  C:\Windows\System\EPBLXSV.exe
  2⤵
  PID:3300
- C:\Windows\System\YuayuVB.exe
  C:\Windows\System\YuayuVB.exe
  2⤵
  PID:3320
- C:\Windows\System\LLbaNzl.exe
  C:\Windows\System\LLbaNzl.exe
  2⤵
  PID:3336
- C:\Windows\System\yREMeZs.exe
  C:\Windows\System\yREMeZs.exe
  2⤵
  PID:3360
- C:\Windows\System\XDDDMpm.exe
  C:\Windows\System\XDDDMpm.exe
  2⤵
  PID:3380
- C:\Windows\System\pWvzWhm.exe
  C:\Windows\System\pWvzWhm.exe
  2⤵
  PID:3400
- C:\Windows\System\mTqXjaC.exe
  C:\Windows\System\mTqXjaC.exe
  2⤵
  PID:3420
- C:\Windows\System\WpBrmAG.exe
  C:\Windows\System\WpBrmAG.exe
  2⤵
  PID:3440
- C:\Windows\System\XxKHMOb.exe
  C:\Windows\System\XxKHMOb.exe
  2⤵
  PID:3460
- C:\Windows\System\ITKiyaR.exe
  C:\Windows\System\ITKiyaR.exe
  2⤵
  PID:3480
- C:\Windows\System\eiJSzVh.exe
  C:\Windows\System\eiJSzVh.exe
  2⤵
  PID:3500
- C:\Windows\System\nwbPlMV.exe
  C:\Windows\System\nwbPlMV.exe
  2⤵
  PID:3520
- C:\Windows\System\WSIYIeP.exe
  C:\Windows\System\WSIYIeP.exe
  2⤵
  PID:3540
- C:\Windows\System\mnjPzcx.exe
  C:\Windows\System\mnjPzcx.exe
  2⤵
  PID:3560
- C:\Windows\System\GTbGDBi.exe
  C:\Windows\System\GTbGDBi.exe
  2⤵
  PID:3580
- C:\Windows\System\aceTkUc.exe
  C:\Windows\System\aceTkUc.exe
  2⤵
  PID:3600
- C:\Windows\System\GygqmxX.exe
  C:\Windows\System\GygqmxX.exe
  2⤵
  PID:3620
- C:\Windows\System\wRYeVRO.exe
  C:\Windows\System\wRYeVRO.exe
  2⤵
  PID:3640
- C:\Windows\System\aqmhlgQ.exe
  C:\Windows\System\aqmhlgQ.exe
  2⤵
  PID:3656
- C:\Windows\System\hILoBmS.exe
  C:\Windows\System\hILoBmS.exe
  2⤵
  PID:3680
- C:\Windows\System\qMjOeaz.exe
  C:\Windows\System\qMjOeaz.exe
  2⤵
  PID:3700
- C:\Windows\System\oYBINqB.exe
  C:\Windows\System\oYBINqB.exe
  2⤵
  PID:3720
- C:\Windows\System\wqxtsMI.exe
  C:\Windows\System\wqxtsMI.exe
  2⤵
  PID:3740
- C:\Windows\System\yJtZsfW.exe
  C:\Windows\System\yJtZsfW.exe
  2⤵
  PID:3760
- C:\Windows\System\NskpiTA.exe
  C:\Windows\System\NskpiTA.exe
  2⤵
  PID:3780
- C:\Windows\System\WNEvEZz.exe
  C:\Windows\System\WNEvEZz.exe
  2⤵
  PID:3800
- C:\Windows\System\KYPJIYo.exe
  C:\Windows\System\KYPJIYo.exe
  2⤵
  PID:3820
- C:\Windows\System\WKVtZQE.exe
  C:\Windows\System\WKVtZQE.exe
  2⤵
  PID:3840
- C:\Windows\System\bkSqCJy.exe
  C:\Windows\System\bkSqCJy.exe
  2⤵
  PID:3860
- C:\Windows\System\gfDWkYp.exe
  C:\Windows\System\gfDWkYp.exe
  2⤵
  PID:3876
- C:\Windows\System\YtUoeGg.exe
  C:\Windows\System\YtUoeGg.exe
  2⤵
  PID:3900
- C:\Windows\System\dnQVxEk.exe
  C:\Windows\System\dnQVxEk.exe
  2⤵
  PID:3920
- C:\Windows\System\zvhZoGN.exe
  C:\Windows\System\zvhZoGN.exe
  2⤵
  PID:3940
- C:\Windows\System\WjnrUBh.exe
  C:\Windows\System\WjnrUBh.exe
  2⤵
  PID:3960
- C:\Windows\System\VPKMCiA.exe
  C:\Windows\System\VPKMCiA.exe
  2⤵
  PID:3980
- C:\Windows\System\PcSlAmt.exe
  C:\Windows\System\PcSlAmt.exe
  2⤵
  PID:4000
- C:\Windows\System\BMpMIdf.exe
  C:\Windows\System\BMpMIdf.exe
  2⤵
  PID:4024
- C:\Windows\System\IulAWOK.exe
  C:\Windows\System\IulAWOK.exe
  2⤵
  PID:4044
- C:\Windows\System\ommuWhz.exe
  C:\Windows\System\ommuWhz.exe
  2⤵
  PID:4064
- C:\Windows\System\GvJFmGg.exe
  C:\Windows\System\GvJFmGg.exe
  2⤵
  PID:4084
- C:\Windows\System\aJeUMJs.exe
  C:\Windows\System\aJeUMJs.exe
  2⤵
  PID:704
- C:\Windows\System\sMOZYVo.exe
  C:\Windows\System\sMOZYVo.exe
  2⤵
  PID:2944
- C:\Windows\System\YNawtEb.exe
  C:\Windows\System\YNawtEb.exe
  2⤵
  PID:1168
- C:\Windows\System\PCjbNuA.exe
  C:\Windows\System\PCjbNuA.exe
  2⤵
  PID:2220
- C:\Windows\System\CzSrOmT.exe
  C:\Windows\System\CzSrOmT.exe
  2⤵
  PID:1492
- C:\Windows\System\yDGBtps.exe
  C:\Windows\System\yDGBtps.exe
  2⤵
  PID:908
- C:\Windows\System\EtckkdB.exe
  C:\Windows\System\EtckkdB.exe
  2⤵
  PID:1964
- C:\Windows\System\vlzUNLt.exe
  C:\Windows\System\vlzUNLt.exe
  2⤵
  PID:2740
- C:\Windows\System\KCMcODv.exe
  C:\Windows\System\KCMcODv.exe
  2⤵
  PID:1436
- C:\Windows\System\sKEUnmK.exe
  C:\Windows\System\sKEUnmK.exe
  2⤵
  PID:2520
- C:\Windows\System\vElwnaH.exe
  C:\Windows\System\vElwnaH.exe
  2⤵
  PID:2388
- C:\Windows\System\vpxaWuH.exe
  C:\Windows\System\vpxaWuH.exe
  2⤵
  PID:2464
- C:\Windows\System\FueJaMC.exe
  C:\Windows\System\FueJaMC.exe
  2⤵
  PID:1456
- C:\Windows\System\NNmLiVt.exe
  C:\Windows\System\NNmLiVt.exe
  2⤵
  PID:1680
- C:\Windows\System\ciiJDOH.exe
  C:\Windows\System\ciiJDOH.exe
  2⤵
  PID:3096
- C:\Windows\System\lEhaiwR.exe
  C:\Windows\System\lEhaiwR.exe
  2⤵
  PID:3128
- C:\Windows\System\ZHUUmVh.exe
  C:\Windows\System\ZHUUmVh.exe
  2⤵
  PID:3172
- C:\Windows\System\nozvlyf.exe
  C:\Windows\System\nozvlyf.exe
  2⤵
  PID:3156
- C:\Windows\System\zcTtkkZ.exe
  C:\Windows\System\zcTtkkZ.exe
  2⤵
  PID:3228
- C:\Windows\System\hmrXLVx.exe
  C:\Windows\System\hmrXLVx.exe
  2⤵
  PID:3252
- C:\Windows\System\GeVYrkm.exe
  C:\Windows\System\GeVYrkm.exe
  2⤵
  PID:3276
- C:\Windows\System\cnTKpOx.exe
  C:\Windows\System\cnTKpOx.exe
  2⤵
  PID:3328
- C:\Windows\System\JckLpwu.exe
  C:\Windows\System\JckLpwu.exe
  2⤵
  PID:3344
- C:\Windows\System\dICcVwS.exe
  C:\Windows\System\dICcVwS.exe
  2⤵
  PID:3408
- C:\Windows\System\RgOMeeC.exe
  C:\Windows\System\RgOMeeC.exe
  2⤵
  PID:3448
- C:\Windows\System\qDysXux.exe
  C:\Windows\System\qDysXux.exe
  2⤵
  PID:3436
- C:\Windows\System\kkkkRki.exe
  C:\Windows\System\kkkkRki.exe
  2⤵
  PID:3472
- C:\Windows\System\uolGJyj.exe
  C:\Windows\System\uolGJyj.exe
  2⤵
  PID:3528
- C:\Windows\System\OwHUIOZ.exe
  C:\Windows\System\OwHUIOZ.exe
  2⤵
  PID:3556
- C:\Windows\System\DKUYedY.exe
  C:\Windows\System\DKUYedY.exe
  2⤵
  PID:3616
- C:\Windows\System\SfvXsEe.exe
  C:\Windows\System\SfvXsEe.exe
  2⤵
  PID:3628
- C:\Windows\System\SYqtrzH.exe
  C:\Windows\System\SYqtrzH.exe
  2⤵
  PID:3664
- C:\Windows\System\lXpveMX.exe
  C:\Windows\System\lXpveMX.exe
  2⤵
  PID:3692
- C:\Windows\System\ofUmnMX.exe
  C:\Windows\System\ofUmnMX.exe
  2⤵
  PID:3712
- C:\Windows\System\ikwuspM.exe
  C:\Windows\System\ikwuspM.exe
  2⤵
  PID:3748
- C:\Windows\System\TMMgisE.exe
  C:\Windows\System\TMMgisE.exe
  2⤵
  PID:3796
- C:\Windows\System\ZXeVpJF.exe
  C:\Windows\System\ZXeVpJF.exe
  2⤵
  PID:3848
- C:\Windows\System\FOdCLUg.exe
  C:\Windows\System\FOdCLUg.exe
  2⤵
  PID:3852
- C:\Windows\System\IniDkcE.exe
  C:\Windows\System\IniDkcE.exe
  2⤵
  PID:3872
- C:\Windows\System\UzzxwcK.exe
  C:\Windows\System\UzzxwcK.exe
  2⤵
  PID:3908
- C:\Windows\System\LCrVBim.exe
  C:\Windows\System\LCrVBim.exe
  2⤵
  PID:3968
- C:\Windows\System\rwJGwbk.exe
  C:\Windows\System\rwJGwbk.exe
  2⤵
  PID:3988
- C:\Windows\System\vlkKxuu.exe
  C:\Windows\System\vlkKxuu.exe
  2⤵
  PID:4032
- C:\Windows\System\NcZqQvS.exe
  C:\Windows\System\NcZqQvS.exe
  2⤵
  PID:4056
- C:\Windows\System\tUceDtk.exe
  C:\Windows\System\tUceDtk.exe
  2⤵
  PID:1644
- C:\Windows\System\UzOsFPU.exe
  C:\Windows\System\UzOsFPU.exe
  2⤵
  PID:2436
- C:\Windows\System\qOGpgpB.exe
  C:\Windows\System\qOGpgpB.exe
  2⤵
  PID:2888
- C:\Windows\System\XMMgiFb.exe
  C:\Windows\System\XMMgiFb.exe
  2⤵
  PID:2960
- C:\Windows\System\ISRsiOf.exe
  C:\Windows\System\ISRsiOf.exe
  2⤵
  PID:2304
- C:\Windows\System\qKiMpea.exe
  C:\Windows\System\qKiMpea.exe
  2⤵
  PID:2656
- C:\Windows\System\itWjlJX.exe
  C:\Windows\System\itWjlJX.exe
  2⤵
  PID:324
- C:\Windows\System\CwUkygu.exe
  C:\Windows\System\CwUkygu.exe
  2⤵
  PID:1972
- C:\Windows\System\suPEmbf.exe
  C:\Windows\System\suPEmbf.exe
  2⤵
  PID:848
- C:\Windows\System\NQEvjEU.exe
  C:\Windows\System\NQEvjEU.exe
  2⤵
  PID:3132
- C:\Windows\System\vkWBpSq.exe
  C:\Windows\System\vkWBpSq.exe
  2⤵
  PID:3188
- C:\Windows\System\NcEFgFO.exe
  C:\Windows\System\NcEFgFO.exe
  2⤵
  PID:3212
- C:\Windows\System\PbIATBR.exe
  C:\Windows\System\PbIATBR.exe
  2⤵
  PID:3248
- C:\Windows\System\QGonJZw.exe
  C:\Windows\System\QGonJZw.exe
  2⤵
  PID:3312
- C:\Windows\System\gJfAqBm.exe
  C:\Windows\System\gJfAqBm.exe
  2⤵
  PID:3416
- C:\Windows\System\QTLnIgt.exe
  C:\Windows\System\QTLnIgt.exe
  2⤵
  PID:3428
- C:\Windows\System\nGlaDIw.exe
  C:\Windows\System\nGlaDIw.exe
  2⤵
  PID:3548
- C:\Windows\System\JCJcfmA.exe
  C:\Windows\System\JCJcfmA.exe
  2⤵
  PID:3596
- C:\Windows\System\ocNlmmC.exe
  C:\Windows\System\ocNlmmC.exe
  2⤵
  PID:3512
- C:\Windows\System\nVVaAll.exe
  C:\Windows\System\nVVaAll.exe
  2⤵
  PID:3632
- C:\Windows\System\RPlQQcI.exe
  C:\Windows\System\RPlQQcI.exe
  2⤵
  PID:3812
- C:\Windows\System\FJURHcn.exe
  C:\Windows\System\FJURHcn.exe
  2⤵
  PID:3708
- C:\Windows\System\QXLIEsO.exe
  C:\Windows\System\QXLIEsO.exe
  2⤵
  PID:3836
- C:\Windows\System\HIayahO.exe
  C:\Windows\System\HIayahO.exe
  2⤵
  PID:3832
- C:\Windows\System\BrHwhJd.exe
  C:\Windows\System\BrHwhJd.exe
  2⤵
  PID:3932
- C:\Windows\System\gjUucPl.exe
  C:\Windows\System\gjUucPl.exe
  2⤵
  PID:3972
- C:\Windows\System\KdTjHls.exe
  C:\Windows\System\KdTjHls.exe
  2⤵
  PID:4036
- C:\Windows\System\PCJsIFB.exe
  C:\Windows\System\PCJsIFB.exe
  2⤵
  PID:956
- C:\Windows\System\WAwaSuR.exe
  C:\Windows\System\WAwaSuR.exe
  2⤵
  PID:1812
- C:\Windows\System\eIEiVDv.exe
  C:\Windows\System\eIEiVDv.exe
  2⤵
  PID:2720
- C:\Windows\System\LNobTTn.exe
  C:\Windows\System\LNobTTn.exe
  2⤵
  PID:4100
- C:\Windows\System\QdDxPgE.exe
  C:\Windows\System\QdDxPgE.exe
  2⤵
  PID:4120
- C:\Windows\System\zbgPxBF.exe
  C:\Windows\System\zbgPxBF.exe
  2⤵
  PID:4140
- C:\Windows\System\yfumbio.exe
  C:\Windows\System\yfumbio.exe
  2⤵
  PID:4160
- C:\Windows\System\icJVPtC.exe
  C:\Windows\System\icJVPtC.exe
  2⤵
  PID:4180
- C:\Windows\System\nqTwxOR.exe
  C:\Windows\System\nqTwxOR.exe
  2⤵
  PID:4200
- C:\Windows\System\GRiYgyl.exe
  C:\Windows\System\GRiYgyl.exe
  2⤵
  PID:4216
- C:\Windows\System\gpBsZYb.exe
  C:\Windows\System\gpBsZYb.exe
  2⤵
  PID:4236
- C:\Windows\System\XcooKxN.exe
  C:\Windows\System\XcooKxN.exe
  2⤵
  PID:4252
- C:\Windows\System\lKsVkkm.exe
  C:\Windows\System\lKsVkkm.exe
  2⤵
  PID:4276
- C:\Windows\System\zLIGTuH.exe
  C:\Windows\System\zLIGTuH.exe
  2⤵
  PID:4296
- C:\Windows\System\oRENzgy.exe
  C:\Windows\System\oRENzgy.exe
  2⤵
  PID:4316
- C:\Windows\System\JOuBiZR.exe
  C:\Windows\System\JOuBiZR.exe
  2⤵
  PID:4340
- C:\Windows\System\AqbtvuO.exe
  C:\Windows\System\AqbtvuO.exe
  2⤵
  PID:4360
- C:\Windows\System\kSLKxgt.exe
  C:\Windows\System\kSLKxgt.exe
  2⤵
  PID:4380
- C:\Windows\System\DkxfpRi.exe
  C:\Windows\System\DkxfpRi.exe
  2⤵
  PID:4400
- C:\Windows\System\xSqpYMS.exe
  C:\Windows\System\xSqpYMS.exe
  2⤵
  PID:4420
- C:\Windows\System\VrVEgts.exe
  C:\Windows\System\VrVEgts.exe
  2⤵
  PID:4436
- C:\Windows\System\DLAIqfM.exe
  C:\Windows\System\DLAIqfM.exe
  2⤵
  PID:4460
- C:\Windows\System\EJLspBW.exe
  C:\Windows\System\EJLspBW.exe
  2⤵
  PID:4476
- C:\Windows\System\ZXkRxYw.exe
  C:\Windows\System\ZXkRxYw.exe
  2⤵
  PID:4500
- C:\Windows\System\bxVXiuF.exe
  C:\Windows\System\bxVXiuF.exe
  2⤵
  PID:4520
- C:\Windows\System\VyDUIwg.exe
  C:\Windows\System\VyDUIwg.exe
  2⤵
  PID:4540
- C:\Windows\System\PgtOYcK.exe
  C:\Windows\System\PgtOYcK.exe
  2⤵
  PID:4560
- C:\Windows\System\TFEhQZy.exe
  C:\Windows\System\TFEhQZy.exe
  2⤵
  PID:4580
- C:\Windows\System\aFFaahZ.exe
  C:\Windows\System\aFFaahZ.exe
  2⤵
  PID:4600
- C:\Windows\System\hayCxPj.exe
  C:\Windows\System\hayCxPj.exe
  2⤵
  PID:4620
- C:\Windows\System\Jzsxmkr.exe
  C:\Windows\System\Jzsxmkr.exe
  2⤵
  PID:4640
- C:\Windows\System\YqNyxEg.exe
  C:\Windows\System\YqNyxEg.exe
  2⤵
  PID:4660
- C:\Windows\System\GJhPLRT.exe
  C:\Windows\System\GJhPLRT.exe
  2⤵
  PID:4676
- C:\Windows\System\XppOWAU.exe
  C:\Windows\System\XppOWAU.exe
  2⤵
  PID:4700
- C:\Windows\System\NIncPLH.exe
  C:\Windows\System\NIncPLH.exe
  2⤵
  PID:4720
- C:\Windows\System\hjsXsJs.exe
  C:\Windows\System\hjsXsJs.exe
  2⤵
  PID:4740
- C:\Windows\System\gMDKPCs.exe
  C:\Windows\System\gMDKPCs.exe
  2⤵
  PID:4756
- C:\Windows\System\iTeKNMh.exe
  C:\Windows\System\iTeKNMh.exe
  2⤵
  PID:4776
- C:\Windows\System\xsezsEH.exe
  C:\Windows\System\xsezsEH.exe
  2⤵
  PID:4796
- C:\Windows\System\PuqjUnf.exe
  C:\Windows\System\PuqjUnf.exe
  2⤵
  PID:4820
- C:\Windows\System\hyNePHr.exe
  C:\Windows\System\hyNePHr.exe
  2⤵
  PID:4836
- C:\Windows\System\aDqcOIf.exe
  C:\Windows\System\aDqcOIf.exe
  2⤵
  PID:4860
- C:\Windows\System\YchtHpL.exe
  C:\Windows\System\YchtHpL.exe
  2⤵
  PID:4880
- C:\Windows\System\iAyBVWO.exe
  C:\Windows\System\iAyBVWO.exe
  2⤵
  PID:4908
- C:\Windows\System\SHjQMGB.exe
  C:\Windows\System\SHjQMGB.exe
  2⤵
  PID:4924
- C:\Windows\System\JeFNEYz.exe
  C:\Windows\System\JeFNEYz.exe
  2⤵
  PID:4948
- C:\Windows\System\PWvzIgX.exe
  C:\Windows\System\PWvzIgX.exe
  2⤵
  PID:4968
- C:\Windows\System\lDQrkky.exe
  C:\Windows\System\lDQrkky.exe
  2⤵
  PID:4988
- C:\Windows\System\qPqAKdr.exe
  C:\Windows\System\qPqAKdr.exe
  2⤵
  PID:5008
- C:\Windows\System\NuuZPDL.exe
  C:\Windows\System\NuuZPDL.exe
  2⤵
  PID:5028
- C:\Windows\System\gBpVzPo.exe
  C:\Windows\System\gBpVzPo.exe
  2⤵
  PID:5044
- C:\Windows\System\AcGGXfg.exe
  C:\Windows\System\AcGGXfg.exe
  2⤵
  PID:5068
- C:\Windows\System\pzTeiFq.exe
  C:\Windows\System\pzTeiFq.exe
  2⤵
  PID:5084
- C:\Windows\System\Bafswzx.exe
  C:\Windows\System\Bafswzx.exe
  2⤵
  PID:5108
- C:\Windows\System\cjOQjuS.exe
  C:\Windows\System\cjOQjuS.exe
  2⤵
  PID:2972
- C:\Windows\System\lrIFAJf.exe
  C:\Windows\System\lrIFAJf.exe
  2⤵
  PID:3168
- C:\Windows\System\UpirUIa.exe
  C:\Windows\System\UpirUIa.exe
  2⤵
  PID:1992
- C:\Windows\System\mKPqhNy.exe
  C:\Windows\System\mKPqhNy.exe
  2⤵
  PID:3148
- C:\Windows\System\JVdeTEs.exe
  C:\Windows\System\JVdeTEs.exe
  2⤵
  PID:3392
- C:\Windows\System\CWKHZcE.exe
  C:\Windows\System\CWKHZcE.exe
  2⤵
  PID:3368
- C:\Windows\System\VfhHfOS.exe
  C:\Windows\System\VfhHfOS.exe
  2⤵
  PID:3592
- C:\Windows\System\qVaMbwy.exe
  C:\Windows\System\qVaMbwy.exe
  2⤵
  PID:3608
- C:\Windows\System\mpcWrVt.exe
  C:\Windows\System\mpcWrVt.exe
  2⤵
  PID:3768
- C:\Windows\System\QsmuGaJ.exe
  C:\Windows\System\QsmuGaJ.exe
  2⤵
  PID:3928
- C:\Windows\System\HYcaGLc.exe
  C:\Windows\System\HYcaGLc.exe
  2⤵
  PID:3952
- C:\Windows\System\tagFDAJ.exe
  C:\Windows\System\tagFDAJ.exe
  2⤵
  PID:3856
- C:\Windows\System\LpmeQCd.exe
  C:\Windows\System\LpmeQCd.exe
  2⤵
  PID:4016
- C:\Windows\System\Xkkqdrv.exe
  C:\Windows\System\Xkkqdrv.exe
  2⤵
  PID:2120
- C:\Windows\System\EdAZEgX.exe
  C:\Windows\System\EdAZEgX.exe
  2⤵
  PID:4128
- C:\Windows\System\yPjFDWU.exe
  C:\Windows\System\yPjFDWU.exe
  2⤵
  PID:4136
- C:\Windows\System\nnolTTT.exe
  C:\Windows\System\nnolTTT.exe
  2⤵
  PID:4172
- C:\Windows\System\CnbtojT.exe
  C:\Windows\System\CnbtojT.exe
  2⤵
  PID:4196
- C:\Windows\System\KHSuwEx.exe
  C:\Windows\System\KHSuwEx.exe
  2⤵
  PID:4284
- C:\Windows\System\RabNDwu.exe
  C:\Windows\System\RabNDwu.exe
  2⤵
  PID:4224
- C:\Windows\System\wHYmZAF.exe
  C:\Windows\System\wHYmZAF.exe
  2⤵
  PID:4264
- C:\Windows\System\LmAhrWI.exe
  C:\Windows\System\LmAhrWI.exe
  2⤵
  PID:4332
- C:\Windows\System\ADRzbKI.exe
  C:\Windows\System\ADRzbKI.exe
  2⤵
  PID:4372
- C:\Windows\System\VmNLXvb.exe
  C:\Windows\System\VmNLXvb.exe
  2⤵
  PID:4408
- C:\Windows\System\YNYnEiK.exe
  C:\Windows\System\YNYnEiK.exe
  2⤵
  PID:4444
- C:\Windows\System\QJvEbod.exe
  C:\Windows\System\QJvEbod.exe
  2⤵
  PID:4492
- C:\Windows\System\bOpGEVF.exe
  C:\Windows\System\bOpGEVF.exe
  2⤵
  PID:4428
- C:\Windows\System\GwntFZa.exe
  C:\Windows\System\GwntFZa.exe
  2⤵
  PID:4536
- C:\Windows\System\LJkvkyt.exe
  C:\Windows\System\LJkvkyt.exe
  2⤵
  PID:4576
- C:\Windows\System\kzmtYxR.exe
  C:\Windows\System\kzmtYxR.exe
  2⤵
  PID:4552
- C:\Windows\System\PiSwXnO.exe
  C:\Windows\System\PiSwXnO.exe
  2⤵
  PID:4616
- C:\Windows\System\HIPfjQW.exe
  C:\Windows\System\HIPfjQW.exe
  2⤵
  PID:4656
- C:\Windows\System\vhPbmtE.exe
  C:\Windows\System\vhPbmtE.exe
  2⤵
  PID:4696
- C:\Windows\System\yjErPSL.exe
  C:\Windows\System\yjErPSL.exe
  2⤵
  PID:4672
- C:\Windows\System\NRFngle.exe
  C:\Windows\System\NRFngle.exe
  2⤵
  PID:4768
- C:\Windows\System\AgByPvS.exe
  C:\Windows\System\AgByPvS.exe
  2⤵
  PID:4752
- C:\Windows\System\cwaTvhE.exe
  C:\Windows\System\cwaTvhE.exe
  2⤵
  PID:4788
- C:\Windows\System\dDuIbAg.exe
  C:\Windows\System\dDuIbAg.exe
  2⤵
  PID:4848
- C:\Windows\System\fWFRohU.exe
  C:\Windows\System\fWFRohU.exe
  2⤵
  PID:4892
- C:\Windows\System\aEzJEmo.exe
  C:\Windows\System\aEzJEmo.exe
  2⤵
  PID:4944
- C:\Windows\System\qmRSzUx.exe
  C:\Windows\System\qmRSzUx.exe
  2⤵
  PID:4916
- C:\Windows\System\qOnyWHC.exe
  C:\Windows\System\qOnyWHC.exe
  2⤵
  PID:5020
- C:\Windows\System\VAxzAJk.exe
  C:\Windows\System\VAxzAJk.exe
  2⤵
  PID:5000
- C:\Windows\System\lBfjOtr.exe
  C:\Windows\System\lBfjOtr.exe
  2⤵
  PID:5092
- C:\Windows\System\xzjeGMl.exe
  C:\Windows\System\xzjeGMl.exe
  2⤵
  PID:5080
- C:\Windows\System\gMlfKni.exe
  C:\Windows\System\gMlfKni.exe
  2⤵
  PID:5116
- C:\Windows\System\FREvrvA.exe
  C:\Windows\System\FREvrvA.exe
  2⤵
  PID:3532
- C:\Windows\System\HLfwbLV.exe
  C:\Windows\System\HLfwbLV.exe
  2⤵
  PID:3088
- C:\Windows\System\fDrFByy.exe
  C:\Windows\System\fDrFByy.exe
  2⤵
  PID:3788
- C:\Windows\System\XOHydMP.exe
  C:\Windows\System\XOHydMP.exe
  2⤵
  PID:3372
- C:\Windows\System\gefHzFP.exe
  C:\Windows\System\gefHzFP.exe
  2⤵
  PID:2756
- C:\Windows\System\zxfCQsR.exe
  C:\Windows\System\zxfCQsR.exe
  2⤵
  PID:3696
- C:\Windows\System\FhKUOSi.exe
  C:\Windows\System\FhKUOSi.exe
  2⤵
  PID:4188
- C:\Windows\System\vhhCfyB.exe
  C:\Windows\System\vhhCfyB.exe
  2⤵
  PID:4336
- C:\Windows\System\vySmnzW.exe
  C:\Windows\System\vySmnzW.exe
  2⤵
  PID:4356
- C:\Windows\System\zoFGAqU.exe
  C:\Windows\System\zoFGAqU.exe
  2⤵
  PID:1508
- C:\Windows\System\ePzXsgF.exe
  C:\Windows\System\ePzXsgF.exe
  2⤵
  PID:2396
- C:\Windows\System\JxpSPQb.exe
  C:\Windows\System\JxpSPQb.exe
  2⤵
  PID:4468
- C:\Windows\System\LwhGyto.exe
  C:\Windows\System\LwhGyto.exe
  2⤵
  PID:4148
- C:\Windows\System\SKYLjGy.exe
  C:\Windows\System\SKYLjGy.exe
  2⤵
  PID:4728
- C:\Windows\System\TVOQaLB.exe
  C:\Windows\System\TVOQaLB.exe
  2⤵
  PID:4328
- C:\Windows\System\piLcHyW.exe
  C:\Windows\System\piLcHyW.exe
  2⤵
  PID:4376
- C:\Windows\System\oKIKMXl.exe
  C:\Windows\System\oKIKMXl.exe
  2⤵
  PID:4716
- C:\Windows\System\tEvYZqt.exe
  C:\Windows\System\tEvYZqt.exe
  2⤵
  PID:4808
- C:\Windows\System\fjmCKSk.exe
  C:\Windows\System\fjmCKSk.exe
  2⤵
  PID:4632
- C:\Windows\System\KFuOqCZ.exe
  C:\Windows\System\KFuOqCZ.exe
  2⤵
  PID:4932
- C:\Windows\System\KsFvbon.exe
  C:\Windows\System\KsFvbon.exe
  2⤵
  PID:4732
- C:\Windows\System\HxEojsN.exe
  C:\Windows\System\HxEojsN.exe
  2⤵
  PID:4596
- C:\Windows\System\MeqvfHe.exe
  C:\Windows\System\MeqvfHe.exe
  2⤵
  PID:4784
- C:\Windows\System\MsSJhXB.exe
  C:\Windows\System\MsSJhXB.exe
  2⤵
  PID:3356
- C:\Windows\System\xafMNZb.exe
  C:\Windows\System\xafMNZb.exe
  2⤵
  PID:3388
- C:\Windows\System\rymHjaD.exe
  C:\Windows\System\rymHjaD.exe
  2⤵
  PID:4324
- C:\Windows\System\xlaJbfx.exe
  C:\Windows\System\xlaJbfx.exe
  2⤵
  PID:4876
- C:\Windows\System\QsEeqCH.exe
  C:\Windows\System\QsEeqCH.exe
  2⤵
  PID:5064
- C:\Windows\System\NdFcLGv.exe
  C:\Windows\System\NdFcLGv.exe
  2⤵
  PID:2296
- C:\Windows\System\XgwBkgL.exe
  C:\Windows\System\XgwBkgL.exe
  2⤵
  PID:4312
- C:\Windows\System\LGJLQWl.exe
  C:\Windows\System\LGJLQWl.exe
  2⤵
  PID:1568
- C:\Windows\System\YxiHyMC.exe
  C:\Windows\System\YxiHyMC.exe
  2⤵
  PID:3716
- C:\Windows\System\TSxTDOH.exe
  C:\Windows\System\TSxTDOH.exe
  2⤵
  PID:4112
- C:\Windows\System\hIcdcPW.exe
  C:\Windows\System\hIcdcPW.exe
  2⤵
  PID:3776
- C:\Windows\System\BVMmtEx.exe
  C:\Windows\System\BVMmtEx.exe
  2⤵
  PID:4684
- C:\Windows\System\JxtCtOh.exe
  C:\Windows\System\JxtCtOh.exe
  2⤵
  PID:5040
- C:\Windows\System\picCIid.exe
  C:\Windows\System\picCIid.exe
  2⤵
  PID:4412
- C:\Windows\System\nsDnjBR.exe
  C:\Windows\System\nsDnjBR.exe
  2⤵
  PID:4416
- C:\Windows\System\yUFCKrU.exe
  C:\Windows\System\yUFCKrU.exe
  2⤵
  PID:3688
- C:\Windows\System\JWlumDu.exe
  C:\Windows\System\JWlumDu.exe
  2⤵
  PID:4592
- C:\Windows\System\pMtbuJg.exe
  C:\Windows\System\pMtbuJg.exe
  2⤵
  PID:4528
- C:\Windows\System\XzEDdZz.exe
  C:\Windows\System\XzEDdZz.exe
  2⤵
  PID:3956
- C:\Windows\System\NmZoHIK.exe
  C:\Windows\System\NmZoHIK.exe
  2⤵
  PID:4452
- C:\Windows\System\iodwhZf.exe
  C:\Windows\System\iodwhZf.exe
  2⤵
  PID:5096
- C:\Windows\System\CgqyvrY.exe
  C:\Windows\System\CgqyvrY.exe
  2⤵
  PID:2056
- C:\Windows\System\eGmeFPI.exe
  C:\Windows\System\eGmeFPI.exe
  2⤵
  PID:2084
- C:\Windows\System\NbqsvGV.exe
  C:\Windows\System\NbqsvGV.exe
  2⤵
  PID:5132
- C:\Windows\System\DOLUcux.exe
  C:\Windows\System\DOLUcux.exe
  2⤵
  PID:5148
- C:\Windows\System\TqVYQGJ.exe
  C:\Windows\System\TqVYQGJ.exe
  2⤵
  PID:5172
- C:\Windows\System\JTzNidB.exe
  C:\Windows\System\JTzNidB.exe
  2⤵
  PID:5188
- C:\Windows\System\GYNZWKB.exe
  C:\Windows\System\GYNZWKB.exe
  2⤵
  PID:5212
- C:\Windows\System\lMoTFqg.exe
  C:\Windows\System\lMoTFqg.exe
  2⤵
  PID:5232
- C:\Windows\System\HeuGUwy.exe
  C:\Windows\System\HeuGUwy.exe
  2⤵
  PID:5248
- C:\Windows\System\OfeRrLC.exe
  C:\Windows\System\OfeRrLC.exe
  2⤵
  PID:5264
- C:\Windows\System\oVXaGVG.exe
  C:\Windows\System\oVXaGVG.exe
  2⤵
  PID:5288
- C:\Windows\System\HMVZoRZ.exe
  C:\Windows\System\HMVZoRZ.exe
  2⤵
  PID:5308
- C:\Windows\System\LWJpekc.exe
  C:\Windows\System\LWJpekc.exe
  2⤵
  PID:5328
- C:\Windows\System\nDmQGNl.exe
  C:\Windows\System\nDmQGNl.exe
  2⤵
  PID:5344
- C:\Windows\System\DXEjDoL.exe
  C:\Windows\System\DXEjDoL.exe
  2⤵
  PID:5364
- C:\Windows\System\PKRjtzN.exe
  C:\Windows\System\PKRjtzN.exe
  2⤵
  PID:5388
- C:\Windows\System\VSLSMiR.exe
  C:\Windows\System\VSLSMiR.exe
  2⤵
  PID:5408
- C:\Windows\System\rNVKAkP.exe
  C:\Windows\System\rNVKAkP.exe
  2⤵
  PID:5424
- C:\Windows\System\MmQBDgL.exe
  C:\Windows\System\MmQBDgL.exe
  2⤵
  PID:5444
- C:\Windows\System\nSceeKH.exe
  C:\Windows\System\nSceeKH.exe
  2⤵
  PID:5464
- C:\Windows\System\pBttHGx.exe
  C:\Windows\System\pBttHGx.exe
  2⤵
  PID:5484
- C:\Windows\System\lWIyDiZ.exe
  C:\Windows\System\lWIyDiZ.exe
  2⤵
  PID:5504
- C:\Windows\System\FVZJInQ.exe
  C:\Windows\System\FVZJInQ.exe
  2⤵
  PID:5524
- C:\Windows\System\VbemPqE.exe
  C:\Windows\System\VbemPqE.exe
  2⤵
  PID:5540
- C:\Windows\System\gkULlnT.exe
  C:\Windows\System\gkULlnT.exe
  2⤵
  PID:5564
- C:\Windows\System\yjbERaZ.exe
  C:\Windows\System\yjbERaZ.exe
  2⤵
  PID:5584
- C:\Windows\System\xjkQhKW.exe
  C:\Windows\System\xjkQhKW.exe
  2⤵
  PID:5608
- C:\Windows\System\cJwTsEb.exe
  C:\Windows\System\cJwTsEb.exe
  2⤵
  PID:5628
- C:\Windows\System\wlUUSSZ.exe
  C:\Windows\System\wlUUSSZ.exe
  2⤵
  PID:5652
- C:\Windows\System\tcmJjAj.exe
  C:\Windows\System\tcmJjAj.exe
  2⤵
  PID:5676
- C:\Windows\System\tuZZLMz.exe
  C:\Windows\System\tuZZLMz.exe
  2⤵
  PID:5692
- C:\Windows\System\koyLAau.exe
  C:\Windows\System\koyLAau.exe
  2⤵
  PID:5708
- C:\Windows\System\YjyYUiV.exe
  C:\Windows\System\YjyYUiV.exe
  2⤵
  PID:5732
- C:\Windows\System\maGSjYX.exe
  C:\Windows\System\maGSjYX.exe
  2⤵
  PID:5752
- C:\Windows\System\lwSLNSB.exe
  C:\Windows\System\lwSLNSB.exe
  2⤵
  PID:5768
- C:\Windows\System\KatVKtX.exe
  C:\Windows\System\KatVKtX.exe
  2⤵
  PID:5788
- C:\Windows\System\RefzigK.exe
  C:\Windows\System\RefzigK.exe
  2⤵
  PID:5808
- C:\Windows\System\IMgUfhl.exe
  C:\Windows\System\IMgUfhl.exe
  2⤵
  PID:5828
- C:\Windows\System\itLADzh.exe
  C:\Windows\System\itLADzh.exe
  2⤵
  PID:5844
- C:\Windows\System\pMnxpdR.exe
  C:\Windows\System\pMnxpdR.exe
  2⤵
  PID:5868
- C:\Windows\System\NFNOJfo.exe
  C:\Windows\System\NFNOJfo.exe
  2⤵
  PID:5896
- C:\Windows\System\CDJwNua.exe
  C:\Windows\System\CDJwNua.exe
  2⤵
  PID:5912
- C:\Windows\System\leKXFkm.exe
  C:\Windows\System\leKXFkm.exe
  2⤵
  PID:5932
- C:\Windows\System\akhODkD.exe
  C:\Windows\System\akhODkD.exe
  2⤵
  PID:5948
- C:\Windows\System\IkVDDqC.exe
  C:\Windows\System\IkVDDqC.exe
  2⤵
  PID:5972
- C:\Windows\System\IEAtyZQ.exe
  C:\Windows\System\IEAtyZQ.exe
  2⤵
  PID:5988
- C:\Windows\System\YIusXmF.exe
  C:\Windows\System\YIusXmF.exe
  2⤵
  PID:6012
- C:\Windows\System\awmoeAf.exe
  C:\Windows\System\awmoeAf.exe
  2⤵
  PID:6028
- C:\Windows\System\zPvVSly.exe
  C:\Windows\System\zPvVSly.exe
  2⤵
  PID:6048
- C:\Windows\System\ouUqWyP.exe
  C:\Windows\System\ouUqWyP.exe
  2⤵
  PID:6076
- C:\Windows\System\RvLVxZr.exe
  C:\Windows\System\RvLVxZr.exe
  2⤵
  PID:6096
- C:\Windows\System\BFiQaBd.exe
  C:\Windows\System\BFiQaBd.exe
  2⤵
  PID:6116
- C:\Windows\System\kqaBFOt.exe
  C:\Windows\System\kqaBFOt.exe
  2⤵
  PID:6140
- C:\Windows\System\lEbAQQw.exe
  C:\Windows\System\lEbAQQw.exe
  2⤵
  PID:5060
- C:\Windows\System\UChLSOD.exe
  C:\Windows\System\UChLSOD.exe
  2⤵
  PID:4568
- C:\Windows\System\TIPpzQK.exe
  C:\Windows\System\TIPpzQK.exe
  2⤵
  PID:844
- C:\Windows\System\FUHOgwk.exe
  C:\Windows\System\FUHOgwk.exe
  2⤵
  PID:1516
- C:\Windows\System\byPGvAF.exe
  C:\Windows\System\byPGvAF.exe
  2⤵
  PID:3572
- C:\Windows\System\LyXufPN.exe
  C:\Windows\System\LyXufPN.exe
  2⤵
  PID:5180
- C:\Windows\System\uNzOAso.exe
  C:\Windows\System\uNzOAso.exe
  2⤵
  PID:4232
- C:\Windows\System\hFdwVrh.exe
  C:\Windows\System\hFdwVrh.exe
  2⤵
  PID:5224
- C:\Windows\System\mmkGBTH.exe
  C:\Windows\System\mmkGBTH.exe
  2⤵
  PID:5336
- C:\Windows\System\uegcRnK.exe
  C:\Windows\System\uegcRnK.exe
  2⤵
  PID:4472
- C:\Windows\System\SetkEkn.exe
  C:\Windows\System\SetkEkn.exe
  2⤵
  PID:4956
- C:\Windows\System\ysMURCb.exe
  C:\Windows\System\ysMURCb.exe
  2⤵
  PID:5372
- C:\Windows\System\mkOrCcY.exe
  C:\Windows\System\mkOrCcY.exe
  2⤵
  PID:3636
- C:\Windows\System\SANuunb.exe
  C:\Windows\System\SANuunb.exe
  2⤵
  PID:5452
- C:\Windows\System\aiKjeTH.exe
  C:\Windows\System\aiKjeTH.exe
  2⤵
  PID:5156
- C:\Windows\System\aylKYkH.exe
  C:\Windows\System\aylKYkH.exe
  2⤵
  PID:5200
- C:\Windows\System\TAxGoKG.exe
  C:\Windows\System\TAxGoKG.exe
  2⤵
  PID:5500
- C:\Windows\System\OllvFem.exe
  C:\Windows\System\OllvFem.exe
  2⤵
  PID:5276
- C:\Windows\System\UlgMowv.exe
  C:\Windows\System\UlgMowv.exe
  2⤵
  PID:5572
- C:\Windows\System\WymhzkT.exe
  C:\Windows\System\WymhzkT.exe
  2⤵
  PID:5324
- C:\Windows\System\aqfyDSc.exe
  C:\Windows\System\aqfyDSc.exe
  2⤵
  PID:5396
- C:\Windows\System\LCTSlbb.exe
  C:\Windows\System\LCTSlbb.exe
  2⤵
  PID:5520
- C:\Windows\System\mbGmIhi.exe
  C:\Windows\System\mbGmIhi.exe
  2⤵
  PID:5664
- C:\Windows\System\WLVqZAK.exe
  C:\Windows\System\WLVqZAK.exe
  2⤵
  PID:5740
- C:\Windows\System\BpXuScx.exe
  C:\Windows\System\BpXuScx.exe
  2⤵
  PID:5560
- C:\Windows\System\wnkDOUA.exe
  C:\Windows\System\wnkDOUA.exe
  2⤵
  PID:5512
- C:\Windows\System\PanZnqa.exe
  C:\Windows\System\PanZnqa.exe
  2⤵
  PID:5780
- C:\Windows\System\VGedPei.exe
  C:\Windows\System\VGedPei.exe
  2⤵
  PID:5824
- C:\Windows\System\qtWCaxq.exe
  C:\Windows\System\qtWCaxq.exe
  2⤵
  PID:5640
- C:\Windows\System\maQObio.exe
  C:\Windows\System\maQObio.exe
  2⤵
  PID:5852
- C:\Windows\System\DegYVpk.exe
  C:\Windows\System\DegYVpk.exe
  2⤵
  PID:5864
- C:\Windows\System\smJwkzf.exe
  C:\Windows\System\smJwkzf.exe
  2⤵
  PID:5804
- C:\Windows\System\TygvaiZ.exe
  C:\Windows\System\TygvaiZ.exe
  2⤵
  PID:5836
- C:\Windows\System\RgRmbBe.exe
  C:\Windows\System\RgRmbBe.exe
  2⤵
  PID:5720
- C:\Windows\System\SUSHdHH.exe
  C:\Windows\System\SUSHdHH.exe
  2⤵
  PID:6064
- C:\Windows\System\AVtGZSm.exe
  C:\Windows\System\AVtGZSm.exe
  2⤵
  PID:6104
- C:\Windows\System\AwDQsmS.exe
  C:\Windows\System\AwDQsmS.exe
  2⤵
  PID:2668
- C:\Windows\System\TpRFUrg.exe
  C:\Windows\System\TpRFUrg.exe
  2⤵
  PID:5880
- C:\Windows\System\KKSaztB.exe
  C:\Windows\System\KKSaztB.exe
  2⤵
  PID:4688
- C:\Windows\System\fEpzeSR.exe
  C:\Windows\System\fEpzeSR.exe
  2⤵
  PID:4628
- C:\Windows\System\kitQdej.exe
  C:\Windows\System\kitQdej.exe
  2⤵
  PID:1980
- C:\Windows\System\VfVjhoE.exe
  C:\Windows\System\VfVjhoE.exe
  2⤵
  PID:4828
- C:\Windows\System\BTLcFnG.exe
  C:\Windows\System\BTLcFnG.exe
  2⤵
  PID:2748
- C:\Windows\System\LQVcVPd.exe
  C:\Windows\System\LQVcVPd.exe
  2⤵
  PID:5536
- C:\Windows\System\tCHGpDe.exe
  C:\Windows\System\tCHGpDe.exe
  2⤵
  PID:5352
- C:\Windows\System\JcSIxCe.exe
  C:\Windows\System\JcSIxCe.exe
  2⤵
  PID:5928
- C:\Windows\System\gAtZccT.exe
  C:\Windows\System\gAtZccT.exe
  2⤵
  PID:5556
- C:\Windows\System\SizqqfA.exe
  C:\Windows\System\SizqqfA.exe
  2⤵
  PID:5600
- C:\Windows\System\henedJd.exe
  C:\Windows\System\henedJd.exe
  2⤵
  PID:3256
- C:\Windows\System\alFdrrR.exe
  C:\Windows\System\alFdrrR.exe
  2⤵
  PID:5296
- C:\Windows\System\auRAQrC.exe
  C:\Windows\System\auRAQrC.exe
  2⤵
  PID:6128
- C:\Windows\System\gjgYlyU.exe
  C:\Windows\System\gjgYlyU.exe
  2⤵
  PID:6136
- C:\Windows\System\rmCpTiV.exe
  C:\Windows\System\rmCpTiV.exe
  2⤵
  PID:4712
- C:\Windows\System\hrWfGnr.exe
  C:\Windows\System\hrWfGnr.exe
  2⤵
  PID:3508
- C:\Windows\System\xWsepEX.exe
  C:\Windows\System\xWsepEX.exe
  2⤵
  PID:5140
- C:\Windows\System\iTCbCxX.exe
  C:\Windows\System\iTCbCxX.exe
  2⤵
  PID:4248
- C:\Windows\System\zxXObQs.exe
  C:\Windows\System\zxXObQs.exe
  2⤵
  PID:4648
- C:\Windows\System\wQXlpIZ.exe
  C:\Windows\System\wQXlpIZ.exe
  2⤵
  PID:5416
- C:\Windows\System\XAwjkIR.exe
  C:\Windows\System\XAwjkIR.exe
  2⤵
  PID:5532
- C:\Windows\System\lEnOwbo.exe
  C:\Windows\System\lEnOwbo.exe
  2⤵
  PID:5576
- C:\Windows\System\nQXoUCk.exe
  C:\Windows\System\nQXoUCk.exe
  2⤵
  PID:5440
- C:\Windows\System\eNpAmvq.exe
  C:\Windows\System\eNpAmvq.exe
  2⤵
  PID:5704
- C:\Windows\System\niPMkKU.exe
  C:\Windows\System\niPMkKU.exe
  2⤵
  PID:5516
- C:\Windows\System\ADWtVtQ.exe
  C:\Windows\System\ADWtVtQ.exe
  2⤵
  PID:5688
- C:\Windows\System\qpTTuGN.exe
  C:\Windows\System\qpTTuGN.exe
  2⤵
  PID:5876
- C:\Windows\System\DEkiCEk.exe
  C:\Windows\System\DEkiCEk.exe
  2⤵
  PID:5496
- C:\Windows\System\znkUVMP.exe
  C:\Windows\System\znkUVMP.exe
  2⤵
  PID:1956
- C:\Windows\System\xnzxqnb.exe
  C:\Windows\System\xnzxqnb.exe
  2⤵
  PID:2704
- C:\Windows\System\PLHeUSf.exe
  C:\Windows\System\PLHeUSf.exe
  2⤵
  PID:5980
- C:\Windows\System\iEYUtyI.exe
  C:\Windows\System\iEYUtyI.exe
  2⤵
  PID:6024
- C:\Windows\System\tZAAVNq.exe
  C:\Windows\System\tZAAVNq.exe
  2⤵
  PID:2160
- C:\Windows\System\fOpaFzc.exe
  C:\Windows\System\fOpaFzc.exe
  2⤵
  PID:1860
- C:\Windows\System\ZXJYERu.exe
  C:\Windows\System\ZXJYERu.exe
  2⤵
  PID:2744
- C:\Windows\System\tYsnOpN.exe
  C:\Windows\System\tYsnOpN.exe
  2⤵
  PID:3772
- C:\Windows\System\hRmqziY.exe
  C:\Windows\System\hRmqziY.exe
  2⤵
  PID:4548
- C:\Windows\System\zmvqOxx.exe
  C:\Windows\System\zmvqOxx.exe
  2⤵
  PID:5168
- C:\Windows\System\jSteQGh.exe
  C:\Windows\System\jSteQGh.exe
  2⤵
  PID:4844
- C:\Windows\System\KGytPjL.exe
  C:\Windows\System\KGytPjL.exe
  2⤵
  PID:5552
- C:\Windows\System\ydbITsK.exe
  C:\Windows\System\ydbITsK.exe
  2⤵
  PID:5760
- C:\Windows\System\IpwpacG.exe
  C:\Windows\System\IpwpacG.exe
  2⤵
  PID:5124
- C:\Windows\System\CHJaNgM.exe
  C:\Windows\System\CHJaNgM.exe
  2⤵
  PID:5700
- C:\Windows\System\HAPjuvK.exe
  C:\Windows\System\HAPjuvK.exe
  2⤵
  PID:5724
- C:\Windows\System\YlniQpH.exe
  C:\Windows\System\YlniQpH.exe
  2⤵
  PID:5920
- C:\Windows\System\KIDWBHD.exe
  C:\Windows\System\KIDWBHD.exe
  2⤵
  PID:2880
- C:\Windows\System\tJczsOE.exe
  C:\Windows\System\tJczsOE.exe
  2⤵
  PID:5404
- C:\Windows\System\EefyBXJ.exe
  C:\Windows\System\EefyBXJ.exe
  2⤵
  PID:5472
- C:\Windows\System\lUcieVL.exe
  C:\Windows\System\lUcieVL.exe
  2⤵
  PID:5648
- C:\Windows\System\bcIMUWB.exe
  C:\Windows\System\bcIMUWB.exe
  2⤵
  PID:5580
- C:\Windows\System\swtHVzh.exe
  C:\Windows\System\swtHVzh.exe
  2⤵
  PID:5196
- C:\Windows\System\vQaiTBO.exe
  C:\Windows\System\vQaiTBO.exe
  2⤵
  PID:3020
- C:\Windows\System\yGMJXnh.exe
  C:\Windows\System\yGMJXnh.exe
  2⤵
  PID:5728
- C:\Windows\System\SbPnkDu.exe
  C:\Windows\System\SbPnkDu.exe
  2⤵
  PID:2012
- C:\Windows\System\JBLKBcN.exe
  C:\Windows\System\JBLKBcN.exe
  2⤵
  PID:5660
- C:\Windows\System\mZjAJGu.exe
  C:\Windows\System\mZjAJGu.exe
  2⤵
  PID:5128
- C:\Windows\System\LxauLQo.exe
  C:\Windows\System\LxauLQo.exe
  2⤵
  PID:5384
- C:\Windows\System\xDxkSro.exe
  C:\Windows\System\xDxkSro.exe
  2⤵
  PID:6036
- C:\Windows\System\uxVjvpc.exe
  C:\Windows\System\uxVjvpc.exe
  2⤵
  PID:5888
- C:\Windows\System\IejRYbf.exe
  C:\Windows\System\IejRYbf.exe
  2⤵
  PID:6152
- C:\Windows\System\KAdFYiD.exe
  C:\Windows\System\KAdFYiD.exe
  2⤵
  PID:6168
- C:\Windows\System\FbNhNQg.exe
  C:\Windows\System\FbNhNQg.exe
  2⤵
  PID:6184
- C:\Windows\System\QCfdHQJ.exe
  C:\Windows\System\QCfdHQJ.exe
  2⤵
  PID:6200
- C:\Windows\System\QnqfVXc.exe
  C:\Windows\System\QnqfVXc.exe
  2⤵
  PID:6216
- C:\Windows\System\ZyBpZeP.exe
  C:\Windows\System\ZyBpZeP.exe
  2⤵
  PID:6232
- C:\Windows\System\tvLsvtH.exe
  C:\Windows\System\tvLsvtH.exe
  2⤵
  PID:6248
- C:\Windows\System\EyZRaEG.exe
  C:\Windows\System\EyZRaEG.exe
  2⤵
  PID:6264
- C:\Windows\System\xCCsNJd.exe
  C:\Windows\System\xCCsNJd.exe
  2⤵
  PID:6280
- C:\Windows\System\RqTrfBU.exe
  C:\Windows\System\RqTrfBU.exe
  2⤵
  PID:6296
- C:\Windows\System\KnFDxwp.exe
  C:\Windows\System\KnFDxwp.exe
  2⤵
  PID:6312
- C:\Windows\System\ubnHbpC.exe
  C:\Windows\System\ubnHbpC.exe
  2⤵
  PID:6328
- C:\Windows\System\ojxqqRs.exe
  C:\Windows\System\ojxqqRs.exe
  2⤵
  PID:6344
- C:\Windows\System\aIPoUfA.exe
  C:\Windows\System\aIPoUfA.exe
  2⤵
  PID:6360
- C:\Windows\System\hFytmsE.exe
  C:\Windows\System\hFytmsE.exe
  2⤵
  PID:6376
- C:\Windows\System\CWscpQo.exe
  C:\Windows\System\CWscpQo.exe
  2⤵
  PID:6392
- C:\Windows\System\Pjxdysx.exe
  C:\Windows\System\Pjxdysx.exe
  2⤵
  PID:6408
- C:\Windows\System\ChiIgml.exe
  C:\Windows\System\ChiIgml.exe
  2⤵
  PID:6424
- C:\Windows\System\IInJkiL.exe
  C:\Windows\System\IInJkiL.exe
  2⤵
  PID:6440
- C:\Windows\System\nFXzCnV.exe
  C:\Windows\System\nFXzCnV.exe
  2⤵
  PID:6456
- C:\Windows\System\QIWUJEC.exe
  C:\Windows\System\QIWUJEC.exe
  2⤵
  PID:6472
- C:\Windows\System\FmepMUg.exe
  C:\Windows\System\FmepMUg.exe
  2⤵
  PID:6488
- C:\Windows\System\fLQECHV.exe
  C:\Windows\System\fLQECHV.exe
  2⤵
  PID:6504
- C:\Windows\System\CowrvsA.exe
  C:\Windows\System\CowrvsA.exe
  2⤵
  PID:6520
- C:\Windows\System\FjZGZaE.exe
  C:\Windows\System\FjZGZaE.exe
  2⤵
  PID:6536
- C:\Windows\System\bsBHNmF.exe
  C:\Windows\System\bsBHNmF.exe
  2⤵
  PID:6552
- C:\Windows\System\ofhNpCG.exe
  C:\Windows\System\ofhNpCG.exe
  2⤵
  PID:6568
- C:\Windows\System\BmZMPAH.exe
  C:\Windows\System\BmZMPAH.exe
  2⤵
  PID:6584
- C:\Windows\System\WbmgEiH.exe
  C:\Windows\System\WbmgEiH.exe
  2⤵
  PID:6600
- C:\Windows\System\mOSjdDy.exe
  C:\Windows\System\mOSjdDy.exe
  2⤵
  PID:6616
- C:\Windows\System\vsGuZNy.exe
  C:\Windows\System\vsGuZNy.exe
  2⤵
  PID:6632
- C:\Windows\System\HtFkCPa.exe
  C:\Windows\System\HtFkCPa.exe
  2⤵
  PID:6648
- C:\Windows\System\LxhxUtV.exe
  C:\Windows\System\LxhxUtV.exe
  2⤵
  PID:6664
- C:\Windows\System\qVpNQin.exe
  C:\Windows\System\qVpNQin.exe
  2⤵
  PID:6680
- C:\Windows\System\aIpfWlC.exe
  C:\Windows\System\aIpfWlC.exe
  2⤵
  PID:6696
- C:\Windows\System\IeePVNv.exe
  C:\Windows\System\IeePVNv.exe
  2⤵
  PID:6712
- C:\Windows\System\hmIGAPw.exe
  C:\Windows\System\hmIGAPw.exe
  2⤵
  PID:6728
- C:\Windows\System\IgVugrj.exe
  C:\Windows\System\IgVugrj.exe
  2⤵
  PID:6744
- C:\Windows\System\IbwBaZh.exe
  C:\Windows\System\IbwBaZh.exe
  2⤵
  PID:6760
- C:\Windows\System\tjJJmDl.exe
  C:\Windows\System\tjJJmDl.exe
  2⤵
  PID:6776
- C:\Windows\System\fEClhMY.exe
  C:\Windows\System\fEClhMY.exe
  2⤵
  PID:6792
- C:\Windows\System\eFqWLNr.exe
  C:\Windows\System\eFqWLNr.exe
  2⤵
  PID:6808
- C:\Windows\System\EzQvNEj.exe
  C:\Windows\System\EzQvNEj.exe
  2⤵
  PID:6824
- C:\Windows\System\YoHFSXl.exe
  C:\Windows\System\YoHFSXl.exe
  2⤵
  PID:6840
- C:\Windows\System\QwMKMEM.exe
  C:\Windows\System\QwMKMEM.exe
  2⤵
  PID:6856
- C:\Windows\System\jGFBXZs.exe
  C:\Windows\System\jGFBXZs.exe
  2⤵
  PID:6872
- C:\Windows\System\oVfNQCe.exe
  C:\Windows\System\oVfNQCe.exe
  2⤵
  PID:6892
- C:\Windows\System\NkbJoNh.exe
  C:\Windows\System\NkbJoNh.exe
  2⤵
  PID:6908
- C:\Windows\System\wRGfWke.exe
  C:\Windows\System\wRGfWke.exe
  2⤵
  PID:6924
- C:\Windows\System\UuyxcHc.exe
  C:\Windows\System\UuyxcHc.exe
  2⤵
  PID:6940
- C:\Windows\System\WoBzNzm.exe
  C:\Windows\System\WoBzNzm.exe
  2⤵
  PID:6956
- C:\Windows\System\qUMiupZ.exe
  C:\Windows\System\qUMiupZ.exe
  2⤵
  PID:6972
- C:\Windows\System\QzDIiGp.exe
  C:\Windows\System\QzDIiGp.exe
  2⤵
  PID:6988
- C:\Windows\System\pXpQvBP.exe
  C:\Windows\System\pXpQvBP.exe
  2⤵
  PID:7004
- C:\Windows\System\KCzUQDC.exe
  C:\Windows\System\KCzUQDC.exe
  2⤵
  PID:7020
- C:\Windows\System\LOFHOKx.exe
  C:\Windows\System\LOFHOKx.exe
  2⤵
  PID:7036
- C:\Windows\System\iMFMbVC.exe
  C:\Windows\System\iMFMbVC.exe
  2⤵
  PID:7052
- C:\Windows\System\HGZpDyZ.exe
  C:\Windows\System\HGZpDyZ.exe
  2⤵
  PID:7068
- C:\Windows\System\QLpEYMB.exe
  C:\Windows\System\QLpEYMB.exe
  2⤵
  PID:7084
- C:\Windows\System\aSjcQKj.exe
  C:\Windows\System\aSjcQKj.exe
  2⤵
  PID:7100
- C:\Windows\System\FNqSHVu.exe
  C:\Windows\System\FNqSHVu.exe
  2⤵
  PID:7116
- C:\Windows\System\kRWePLc.exe
  C:\Windows\System\kRWePLc.exe
  2⤵
  PID:7136
- C:\Windows\System\JwluYwG.exe
  C:\Windows\System\JwluYwG.exe
  2⤵
  PID:7152
- C:\Windows\System\VysizFz.exe
  C:\Windows\System\VysizFz.exe
  2⤵
  PID:3792
- C:\Windows\System\ASqLvME.exe
  C:\Windows\System\ASqLvME.exe
  2⤵
  PID:4176
- C:\Windows\System\UJIQfjF.exe
  C:\Windows\System\UJIQfjF.exe
  2⤵
  PID:5228
- C:\Windows\System\CPeufXr.exe
  C:\Windows\System\CPeufXr.exe
  2⤵
  PID:6160
- C:\Windows\System\zZWLbgx.exe
  C:\Windows\System\zZWLbgx.exe
  2⤵
  PID:6208
- C:\Windows\System\sRSaiJF.exe
  C:\Windows\System\sRSaiJF.exe
  2⤵
  PID:6240
- C:\Windows\System\wfRmqDY.exe
  C:\Windows\System\wfRmqDY.exe
  2⤵
  PID:6272
- C:\Windows\System\VKcagmS.exe
  C:\Windows\System\VKcagmS.exe
  2⤵
  PID:6304
- C:\Windows\System\kJYCpbQ.exe
  C:\Windows\System\kJYCpbQ.exe
  2⤵
  PID:6336
- C:\Windows\System\nDNYHZW.exe
  C:\Windows\System\nDNYHZW.exe
  2⤵
  PID:6356
- C:\Windows\System\IhXnBCc.exe
  C:\Windows\System\IhXnBCc.exe
  2⤵
  PID:6388
- C:\Windows\System\qRnWAxN.exe
  C:\Windows\System\qRnWAxN.exe
  2⤵
  PID:6432
- C:\Windows\System\hnklBNY.exe
  C:\Windows\System\hnklBNY.exe
  2⤵
  PID:6468
- C:\Windows\System\CvRFLSU.exe
  C:\Windows\System\CvRFLSU.exe
  2⤵
  PID:6496
- C:\Windows\System\JOqWXGv.exe
  C:\Windows\System\JOqWXGv.exe
  2⤵
  PID:6528
- C:\Windows\System\qBkeKbN.exe
  C:\Windows\System\qBkeKbN.exe
  2⤵
  PID:6560
- C:\Windows\System\oBCZTUf.exe
  C:\Windows\System\oBCZTUf.exe
  2⤵
  PID:756
- C:\Windows\System\xHzArlZ.exe
  C:\Windows\System\xHzArlZ.exe
  2⤵
  PID:6608
- C:\Windows\System\JAmuBEJ.exe
  C:\Windows\System\JAmuBEJ.exe
  2⤵
  PID:6640
- C:\Windows\System\UjxZOqD.exe
  C:\Windows\System\UjxZOqD.exe
  2⤵
  PID:6672
- C:\Windows\System\uobiirf.exe
  C:\Windows\System\uobiirf.exe
  2⤵
  PID:6720
- C:\Windows\System\lllfkQu.exe
  C:\Windows\System\lllfkQu.exe
  2⤵
  PID:6736
- C:\Windows\System\yENnDZQ.exe
  C:\Windows\System\yENnDZQ.exe
  2⤵
  PID:6768
- C:\Windows\System\KuMiimV.exe
  C:\Windows\System\KuMiimV.exe
  2⤵
  PID:2672
- C:\Windows\System\tRPqOXg.exe
  C:\Windows\System\tRPqOXg.exe
  2⤵
  PID:6832
- C:\Windows\System\WMZyZxu.exe
  C:\Windows\System\WMZyZxu.exe
  2⤵
  PID:6880
- C:\Windows\System\lMeoIaG.exe
  C:\Windows\System\lMeoIaG.exe
  2⤵
  PID:2768
- C:\Windows\System\QEovUhk.exe
  C:\Windows\System\QEovUhk.exe
  2⤵
  PID:7044
- C:\Windows\System\tEccPRf.exe
  C:\Windows\System\tEccPRf.exe
  2⤵
  PID:2528
- C:\Windows\System\kdLeCvm.exe
  C:\Windows\System\kdLeCvm.exe
  2⤵
  PID:2532
- C:\Windows\System\ZHaFwIA.exe
  C:\Windows\System\ZHaFwIA.exe
  2⤵
  PID:7148
- C:\Windows\System\wNOIVkM.exe
  C:\Windows\System\wNOIVkM.exe
  2⤵
  PID:2596
- C:\Windows\System\BztVSNv.exe
  C:\Windows\System\BztVSNv.exe
  2⤵
  PID:5360
- C:\Windows\System\ocjbJnm.exe
  C:\Windows\System\ocjbJnm.exe
  2⤵
  PID:1588
- C:\Windows\System\HUVrYeo.exe
  C:\Windows\System\HUVrYeo.exe
  2⤵
  PID:6180
- C:\Windows\System\MUZQicY.exe
  C:\Windows\System\MUZQicY.exe
  2⤵
  PID:6276
- C:\Windows\System\JANmzGM.exe
  C:\Windows\System\JANmzGM.exe
  2⤵
  PID:6372
- C:\Windows\System\hEFejVC.exe
  C:\Windows\System\hEFejVC.exe
  2⤵
  PID:6352
- C:\Windows\System\PQZkaIk.exe
  C:\Windows\System\PQZkaIk.exe
  2⤵
  PID:6532
- C:\Windows\System\AoWCMRb.exe
  C:\Windows\System\AoWCMRb.exe
  2⤵
  PID:6644
- C:\Windows\System\iYmNuiL.exe
  C:\Windows\System\iYmNuiL.exe
  2⤵
  PID:6500
- C:\Windows\System\HvKvvif.exe
  C:\Windows\System\HvKvvif.exe
  2⤵
  PID:6660
- C:\Windows\System\SUmesXT.exe
  C:\Windows\System\SUmesXT.exe
  2⤵
  PID:6624
- C:\Windows\System\mSDEHvs.exe
  C:\Windows\System\mSDEHvs.exe
  2⤵
  PID:6740
- C:\Windows\System\vPReVut.exe
  C:\Windows\System\vPReVut.exe
  2⤵
  PID:2864
- C:\Windows\System\NxVQBMX.exe
  C:\Windows\System\NxVQBMX.exe
  2⤵
  PID:6800
- C:\Windows\System\JeBVhmG.exe
  C:\Windows\System\JeBVhmG.exe
  2⤵
  PID:2856
- C:\Windows\System\vJJHLGA.exe
  C:\Windows\System\vJJHLGA.exe
  2⤵
  PID:6900
- C:\Windows\System\tkaMyHR.exe
  C:\Windows\System\tkaMyHR.exe
  2⤵
  PID:6932
- C:\Windows\System\qhSRtNC.exe
  C:\Windows\System\qhSRtNC.exe
  2⤵
  PID:6980
- C:\Windows\System\eLQlloI.exe
  C:\Windows\System\eLQlloI.exe
  2⤵
  PID:6984
- C:\Windows\System\HaWfETR.exe
  C:\Windows\System\HaWfETR.exe
  2⤵
  PID:7028
- C:\Windows\System\KHstsGb.exe
  C:\Windows\System\KHstsGb.exe
  2⤵
  PID:7048
- C:\Windows\System\yhCfvOG.exe
  C:\Windows\System\yhCfvOG.exe
  2⤵
  PID:7076
- C:\Windows\System\GsXSraf.exe
  C:\Windows\System\GsXSraf.exe
  2⤵
  PID:2824
- C:\Windows\System\tXaxFFd.exe
  C:\Windows\System\tXaxFFd.exe
  2⤵
  PID:6132
- C:\Windows\System\jemCeKk.exe
  C:\Windows\System\jemCeKk.exe
  2⤵
  PID:6308
- C:\Windows\System\pOyuKyH.exe
  C:\Windows\System\pOyuKyH.exe
  2⤵
  PID:2652
- C:\Windows\System\nyKjAAr.exe
  C:\Windows\System\nyKjAAr.exe
  2⤵
  PID:6724
- C:\Windows\System\qeWECdp.exe
  C:\Windows\System\qeWECdp.exe
  2⤵
  PID:6920
- C:\Windows\System\OObIANq.exe
  C:\Windows\System\OObIANq.exe
  2⤵
  PID:5996
- C:\Windows\System\zxVaelf.exe
  C:\Windows\System\zxVaelf.exe
  2⤵
  PID:5316
- C:\Windows\System\FgrKhyM.exe
  C:\Windows\System\FgrKhyM.exe
  2⤵
  PID:6324
- C:\Windows\System\HNYwjQR.exe
  C:\Windows\System\HNYwjQR.exe
  2⤵
  PID:7108
- C:\Windows\System\NBwUGgy.exe
  C:\Windows\System\NBwUGgy.exe
  2⤵
  PID:6772
- C:\Windows\System\ZjvoVuV.exe
  C:\Windows\System\ZjvoVuV.exe
  2⤵
  PID:6676
- C:\Windows\System\FCKlzTZ.exe
  C:\Windows\System\FCKlzTZ.exe
  2⤵
  PID:6964
- C:\Windows\System\YOQLvKB.exe
  C:\Windows\System\YOQLvKB.exe
  2⤵
  PID:7128
- C:\Windows\System\FHZmHLn.exe
  C:\Windows\System\FHZmHLn.exe
  2⤵
  PID:6060
- C:\Windows\System\mLbWHhQ.exe
  C:\Windows\System\mLbWHhQ.exe
  2⤵
  PID:7060
- C:\Windows\System\ETEDBNx.exe
  C:\Windows\System\ETEDBNx.exe
  2⤵
  PID:6148
- C:\Windows\System\FJAxGhL.exe
  C:\Windows\System\FJAxGhL.exe
  2⤵
  PID:6512
- C:\Windows\System\tlgKzBD.exe
  C:\Windows\System\tlgKzBD.exe
  2⤵
  PID:6564
- C:\Windows\System\wTlzZmK.exe
  C:\Windows\System\wTlzZmK.exe
  2⤵
  PID:2688
- C:\Windows\System\mxugApR.exe
  C:\Windows\System\mxugApR.exe
  2⤵
  PID:2684
- C:\Windows\System\mFzsVCM.exe
  C:\Windows\System\mFzsVCM.exe
  2⤵
  PID:6948
- C:\Windows\System\ATAxsLE.exe
  C:\Windows\System\ATAxsLE.exe
  2⤵
  PID:7064
- C:\Windows\System\aXzRFtC.exe
  C:\Windows\System\aXzRFtC.exe
  2⤵
  PID:7172
- C:\Windows\System\NSigcNj.exe
  C:\Windows\System\NSigcNj.exe
  2⤵
  PID:7188
- C:\Windows\System\KhisLoE.exe
  C:\Windows\System\KhisLoE.exe
  2⤵
  PID:7208
- C:\Windows\System\ONWZhnx.exe
  C:\Windows\System\ONWZhnx.exe
  2⤵
  PID:7224
- C:\Windows\System\rKPyfqx.exe
  C:\Windows\System\rKPyfqx.exe
  2⤵
  PID:7240
- C:\Windows\System\LvndKYI.exe
  C:\Windows\System\LvndKYI.exe
  2⤵
  PID:7256
- C:\Windows\System\xAEouCe.exe
  C:\Windows\System\xAEouCe.exe
  2⤵
  PID:7272
- C:\Windows\System\HALLDVW.exe
  C:\Windows\System\HALLDVW.exe
  2⤵
  PID:7288
- C:\Windows\System\VyoOAFd.exe
  C:\Windows\System\VyoOAFd.exe
  2⤵
  PID:7304
- C:\Windows\System\bcSJYpI.exe
  C:\Windows\System\bcSJYpI.exe
  2⤵
  PID:7320
- C:\Windows\System\cxFFbsm.exe
  C:\Windows\System\cxFFbsm.exe
  2⤵
  PID:7336
- C:\Windows\System\dgDRjuj.exe
  C:\Windows\System\dgDRjuj.exe
  2⤵
  PID:7352
- C:\Windows\System\UDnYLko.exe
  C:\Windows\System\UDnYLko.exe
  2⤵
  PID:7368
- C:\Windows\System\LwuOHcE.exe
  C:\Windows\System\LwuOHcE.exe
  2⤵
  PID:7384
- C:\Windows\System\FDxdCYB.exe
  C:\Windows\System\FDxdCYB.exe
  2⤵
  PID:7400
- C:\Windows\System\gHySwDZ.exe
  C:\Windows\System\gHySwDZ.exe
  2⤵
  PID:7416
- C:\Windows\System\VaEclWO.exe
  C:\Windows\System\VaEclWO.exe
  2⤵
  PID:7432
- C:\Windows\System\JnAGmqV.exe
  C:\Windows\System\JnAGmqV.exe
  2⤵
  PID:7448
- C:\Windows\System\QutbbMN.exe
  C:\Windows\System\QutbbMN.exe
  2⤵
  PID:7464
- C:\Windows\System\bfyZovT.exe
  C:\Windows\System\bfyZovT.exe
  2⤵
  PID:7480
- C:\Windows\System\lJDsUdv.exe
  C:\Windows\System\lJDsUdv.exe
  2⤵
  PID:7496
- C:\Windows\System\kEuCxRC.exe
  C:\Windows\System\kEuCxRC.exe
  2⤵
  PID:7520
- C:\Windows\System\CKDYvbe.exe
  C:\Windows\System\CKDYvbe.exe
  2⤵
  PID:7536
- C:\Windows\System\YicqOyD.exe
  C:\Windows\System\YicqOyD.exe
  2⤵
  PID:7552
- C:\Windows\System\tmUrnWu.exe
  C:\Windows\System\tmUrnWu.exe
  2⤵
  PID:7568
- C:\Windows\System\PLasLaZ.exe
  C:\Windows\System\PLasLaZ.exe
  2⤵
  PID:7584
- C:\Windows\System\bJZXOnn.exe
  C:\Windows\System\bJZXOnn.exe
  2⤵
  PID:7600
- C:\Windows\System\rYZdVku.exe
  C:\Windows\System\rYZdVku.exe
  2⤵
  PID:7616
- C:\Windows\System\DDHwghV.exe
  C:\Windows\System\DDHwghV.exe
  2⤵
  PID:7632
- C:\Windows\System\pHxrBzZ.exe
  C:\Windows\System\pHxrBzZ.exe
  2⤵
  PID:7664
- C:\Windows\System\BSTbvOJ.exe
  C:\Windows\System\BSTbvOJ.exe
  2⤵
  PID:7684
- C:\Windows\System\ARvgovA.exe
  C:\Windows\System\ARvgovA.exe
  2⤵
  PID:7700
- C:\Windows\System\dvdKjyI.exe
  C:\Windows\System\dvdKjyI.exe
  2⤵
  PID:7716
- C:\Windows\System\XDyIxHT.exe
  C:\Windows\System\XDyIxHT.exe
  2⤵
  PID:7752
- C:\Windows\System\YKPduAo.exe
  C:\Windows\System\YKPduAo.exe
  2⤵
  PID:7768
- C:\Windows\System\qpiRThS.exe
  C:\Windows\System\qpiRThS.exe
  2⤵
  PID:7784
- C:\Windows\System\IqIPauO.exe
  C:\Windows\System\IqIPauO.exe
  2⤵
  PID:7800
- C:\Windows\System\DQuyzXx.exe
  C:\Windows\System\DQuyzXx.exe
  2⤵
  PID:7824
- C:\Windows\System\wiPWBbg.exe
  C:\Windows\System\wiPWBbg.exe
  2⤵
  PID:7840
- C:\Windows\System\tufqPZg.exe
  C:\Windows\System\tufqPZg.exe
  2⤵
  PID:7856
- C:\Windows\System\cCJjxgl.exe
  C:\Windows\System\cCJjxgl.exe
  2⤵
  PID:7872
- C:\Windows\System\AMCLpuD.exe
  C:\Windows\System\AMCLpuD.exe
  2⤵
  PID:7888
- C:\Windows\System\iMsKaih.exe
  C:\Windows\System\iMsKaih.exe
  2⤵
  PID:7904
- C:\Windows\System\DcVsBZn.exe
  C:\Windows\System\DcVsBZn.exe
  2⤵
  PID:7920
- C:\Windows\System\dOxGTnP.exe
  C:\Windows\System\dOxGTnP.exe
  2⤵
  PID:7936
- C:\Windows\System\VPylBjO.exe
  C:\Windows\System\VPylBjO.exe
  2⤵
  PID:7952
- C:\Windows\System\BeTnTCM.exe
  C:\Windows\System\BeTnTCM.exe
  2⤵
  PID:7968
- C:\Windows\System\gDLYBLL.exe
  C:\Windows\System\gDLYBLL.exe
  2⤵
  PID:7984
- C:\Windows\System\LlsrhEu.exe
  C:\Windows\System\LlsrhEu.exe
  2⤵
  PID:8000
- C:\Windows\System\kdetLev.exe
  C:\Windows\System\kdetLev.exe
  2⤵
  PID:8016
- C:\Windows\System\NSTErqn.exe
  C:\Windows\System\NSTErqn.exe
  2⤵
  PID:8032
- C:\Windows\System\GSiKjQI.exe
  C:\Windows\System\GSiKjQI.exe
  2⤵
  PID:8048
- C:\Windows\System\rPyByMh.exe
  C:\Windows\System\rPyByMh.exe
  2⤵
  PID:8064
- C:\Windows\System\MwEjskv.exe
  C:\Windows\System\MwEjskv.exe
  2⤵
  PID:8080
- C:\Windows\System\mThnKJf.exe
  C:\Windows\System\mThnKJf.exe
  2⤵
  PID:8096
- C:\Windows\System\ddvOsbP.exe
  C:\Windows\System\ddvOsbP.exe
  2⤵
  PID:8112
- C:\Windows\System\uNucFLw.exe
  C:\Windows\System\uNucFLw.exe
  2⤵
  PID:8128
- C:\Windows\System\FxMXjrR.exe
  C:\Windows\System\FxMXjrR.exe
  2⤵
  PID:8144
- C:\Windows\System\aVINAzq.exe
  C:\Windows\System\aVINAzq.exe
  2⤵
  PID:8160
- C:\Windows\System\zoRBTsQ.exe
  C:\Windows\System\zoRBTsQ.exe
  2⤵
  PID:8176
- C:\Windows\System\ncAhAHu.exe
  C:\Windows\System\ncAhAHu.exe
  2⤵
  PID:6596
- C:\Windows\System\Cgyqjyk.exe
  C:\Windows\System\Cgyqjyk.exe
  2⤵
  PID:2664
- C:\Windows\System\ruUtZHz.exe
  C:\Windows\System\ruUtZHz.exe
  2⤵
  PID:6628
- C:\Windows\System\xsLlkvZ.exe
  C:\Windows\System\xsLlkvZ.exe
  2⤵
  PID:7216
- C:\Windows\System\NXqDkiB.exe
  C:\Windows\System\NXqDkiB.exe
  2⤵
  PID:7280
- C:\Windows\System\NUpIAxS.exe
  C:\Windows\System\NUpIAxS.exe
  2⤵
  PID:7344
- C:\Windows\System\hKgLBHJ.exe
  C:\Windows\System\hKgLBHJ.exe
  2⤵
  PID:7408
- C:\Windows\System\pIrEZrv.exe
  C:\Windows\System\pIrEZrv.exe
  2⤵
  PID:7472
- C:\Windows\System\dOwwRDI.exe
  C:\Windows\System\dOwwRDI.exe
  2⤵
  PID:7196
- C:\Windows\System\jnHZUaL.exe
  C:\Windows\System\jnHZUaL.exe
  2⤵
  PID:7236
- C:\Windows\System\XQozRus.exe
  C:\Windows\System\XQozRus.exe
  2⤵
  PID:7300
- C:\Windows\System\fzCkYts.exe
  C:\Windows\System\fzCkYts.exe
  2⤵
  PID:7512
- C:\Windows\System\TrrHEkg.exe
  C:\Windows\System\TrrHEkg.exe
  2⤵
  PID:7516
- C:\Windows\System\cXEWzCb.exe
  C:\Windows\System\cXEWzCb.exe
  2⤵
  PID:7332
- C:\Windows\System\opdJBUa.exe
  C:\Windows\System\opdJBUa.exe
  2⤵
  PID:7580
- C:\Windows\System\SJFnHSu.exe
  C:\Windows\System\SJFnHSu.exe
  2⤵
  PID:7460
- C:\Windows\System\GoXafbG.exe
  C:\Windows\System\GoXafbG.exe
  2⤵
  PID:7612
- C:\Windows\System\uNWNzIJ.exe
  C:\Windows\System\uNWNzIJ.exe
  2⤵
  PID:7560
- C:\Windows\System\aJIWyou.exe
  C:\Windows\System\aJIWyou.exe
  2⤵
  PID:7624
- C:\Windows\System\mWfpcYg.exe
  C:\Windows\System\mWfpcYg.exe
  2⤵
  PID:7656
- C:\Windows\System\UBYYRYb.exe
  C:\Windows\System\UBYYRYb.exe
  2⤵
  PID:7796
- C:\Windows\System\pJQCfLy.exe
  C:\Windows\System\pJQCfLy.exe
  2⤵
  PID:7948
- C:\Windows\System\aDUnZbT.exe
  C:\Windows\System\aDUnZbT.exe
  2⤵
  PID:7724
- C:\Windows\System\imFMssz.exe
  C:\Windows\System\imFMssz.exe
  2⤵
  PID:7812
- C:\Windows\System\jcdIzQX.exe
  C:\Windows\System\jcdIzQX.exe
  2⤵
  PID:7980
- C:\Windows\System\CTpCelX.exe
  C:\Windows\System\CTpCelX.exe
  2⤵
  PID:4904
- C:\Windows\System\RCizIKL.exe
  C:\Windows\System\RCizIKL.exe
  2⤵
  PID:7832
- C:\Windows\System\eACOFvo.exe
  C:\Windows\System\eACOFvo.exe
  2⤵
  PID:7916
- C:\Windows\System\zgAhvdX.exe
  C:\Windows\System\zgAhvdX.exe
  2⤵
  PID:7976
- C:\Windows\System\AchrasF.exe
  C:\Windows\System\AchrasF.exe
  2⤵
  PID:2432
- C:\Windows\System\sTzaZgc.exe
  C:\Windows\System\sTzaZgc.exe
  2⤵
  PID:8040
- C:\Windows\System\BatTDDb.exe
  C:\Windows\System\BatTDDb.exe
  2⤵
  PID:7992
- C:\Windows\System\nGGPDUa.exe
  C:\Windows\System\nGGPDUa.exe
  2⤵
  PID:8076
- C:\Windows\System\jPkGnZZ.exe
  C:\Windows\System\jPkGnZZ.exe
  2⤵
  PID:2676
- C:\Windows\System\ABRRKBu.exe
  C:\Windows\System\ABRRKBu.exe
  2⤵
  PID:8136
- C:\Windows\System\RAxzEak.exe
  C:\Windows\System\RAxzEak.exe
  2⤵
  PID:8120
- C:\Windows\System\XpFOCeC.exe
  C:\Windows\System\XpFOCeC.exe
  2⤵
  PID:6288
- C:\Windows\System\FCZGBJU.exe
  C:\Windows\System\FCZGBJU.exe
  2⤵
  PID:7180
- C:\Windows\System\oaBIORG.exe
  C:\Windows\System\oaBIORG.exe
  2⤵
  PID:7440
- C:\Windows\System\npMCWai.exe
  C:\Windows\System\npMCWai.exe
  2⤵
  PID:7380
- C:\Windows\System\jmcwCzE.exe
  C:\Windows\System\jmcwCzE.exe
  2⤵
  PID:7296
- C:\Windows\System\CukZZYb.exe
  C:\Windows\System\CukZZYb.exe
  2⤵
  PID:2448
- C:\Windows\System\mxTYxXW.exe
  C:\Windows\System\mxTYxXW.exe
  2⤵
  PID:7492
- C:\Windows\System\qyzAWui.exe
  C:\Windows\System\qyzAWui.exe
  2⤵
  PID:7576
- C:\Windows\System\vTXtotK.exe
  C:\Windows\System\vTXtotK.exe
  2⤵
  PID:7816
- C:\Windows\System\KFrUeDy.exe
  C:\Windows\System\KFrUeDy.exe
  2⤵
  PID:7680
- C:\Windows\System\umOVApL.exe
  C:\Windows\System\umOVApL.exe
  2⤵
  PID:7760
- C:\Windows\System\ZNmBedq.exe
  C:\Windows\System\ZNmBedq.exe
  2⤵
  PID:7740
- C:\Windows\System\GgRiTcG.exe
  C:\Windows\System\GgRiTcG.exe
  2⤵
  PID:7896
- C:\Windows\System\ybGNPkL.exe
  C:\Windows\System\ybGNPkL.exe
  2⤵
  PID:916
- C:\Windows\System\EYfhTsa.exe
  C:\Windows\System\EYfhTsa.exe
  2⤵
  PID:2844
- C:\Windows\System\lUGJiSR.exe
  C:\Windows\System\lUGJiSR.exe
  2⤵
  PID:7864
- C:\Windows\System\iRSqJgO.exe
  C:\Windows\System\iRSqJgO.exe
  2⤵
  PID:8044
- C:\Windows\System\qkCKDZW.exe
  C:\Windows\System\qkCKDZW.exe
  2⤵
  PID:2372
- C:\Windows\System\IzuhfVq.exe
  C:\Windows\System\IzuhfVq.exe
  2⤵
  PID:8188
- C:\Windows\System\YtuKXIW.exe
  C:\Windows\System\YtuKXIW.exe
  2⤵
  PID:8024
- C:\Windows\System\RByFGfR.exe
  C:\Windows\System\RByFGfR.exe
  2⤵
  PID:7316
- C:\Windows\System\uhihpza.exe
  C:\Windows\System\uhihpza.exe
  2⤵
  PID:8172
- C:\Windows\System\OqmKIMQ.exe
  C:\Windows\System\OqmKIMQ.exe
  2⤵
  PID:7508
- C:\Windows\System\AYhLieQ.exe
  C:\Windows\System\AYhLieQ.exe
  2⤵
  PID:7328
- C:\Windows\System\qQKCMHa.exe
  C:\Windows\System\qQKCMHa.exe
  2⤵
  PID:7696
- C:\Windows\System\GVhyYcF.exe
  C:\Windows\System\GVhyYcF.exe
  2⤵
  PID:7456
- C:\Windows\System\GMIWnOG.exe
  C:\Windows\System\GMIWnOG.exe
  2⤵
  PID:6092
- C:\Windows\System\BJADuOO.exe
  C:\Windows\System\BJADuOO.exe
  2⤵
  PID:7376
- C:\Windows\System\uonqPgu.exe
  C:\Windows\System\uonqPgu.exe
  2⤵
  PID:7708
- C:\Windows\System\ogcRgFs.exe
  C:\Windows\System\ogcRgFs.exe
  2⤵
  PID:7820
- C:\Windows\System\kaLNHMO.exe
  C:\Windows\System\kaLNHMO.exe
  2⤵
  PID:8012
- C:\Windows\System\sdPTxBo.exe
  C:\Windows\System\sdPTxBo.exe
  2⤵
  PID:8152
- C:\Windows\System\iTkZfNC.exe
  C:\Windows\System\iTkZfNC.exe
  2⤵
  PID:7596
- C:\Windows\System\WFJofsl.exe
  C:\Windows\System\WFJofsl.exe
  2⤵
  PID:7392
- C:\Windows\System\uOizboH.exe
  C:\Windows\System\uOizboH.exe
  2⤵
  PID:2256
- C:\Windows\System\gdSnvnF.exe
  C:\Windows\System\gdSnvnF.exe
  2⤵
  PID:8156
- C:\Windows\System\lpicCYj.exe
  C:\Windows\System\lpicCYj.exe
  2⤵
  PID:7672
- C:\Windows\System\iWGmCqt.exe
  C:\Windows\System\iWGmCqt.exe
  2⤵
  PID:7548
- C:\Windows\System\yJXBjya.exe
  C:\Windows\System\yJXBjya.exe
  2⤵
  PID:7608
- C:\Windows\System\mnpHWcq.exe
  C:\Windows\System\mnpHWcq.exe
  2⤵
  PID:7836
- C:\Windows\System\AdRdpeW.exe
  C:\Windows\System\AdRdpeW.exe
  2⤵
  PID:952
- C:\Windows\System\zjclhLa.exe
  C:\Windows\System\zjclhLa.exe
  2⤵
  PID:7268
- C:\Windows\System\PgxfLWu.exe
  C:\Windows\System\PgxfLWu.exe
  2⤵
  PID:7184
- C:\Windows\System\bwYgeuE.exe
  C:\Windows\System\bwYgeuE.exe
  2⤵
  PID:7848
- C:\Windows\System\NbMwimg.exe
  C:\Windows\System\NbMwimg.exe
  2⤵
  PID:8060
- C:\Windows\System\UpyGTHb.exe
  C:\Windows\System\UpyGTHb.exe
  2⤵
  PID:7644
- C:\Windows\System\fEERNTG.exe
  C:\Windows\System\fEERNTG.exe
  2⤵
  PID:7964
- C:\Windows\System\KYEduTO.exe
  C:\Windows\System\KYEduTO.exe
  2⤵
  PID:8196
- C:\Windows\System\SzopZML.exe
  C:\Windows\System\SzopZML.exe
  2⤵
  PID:8212
- C:\Windows\System\HVNBCVD.exe
  C:\Windows\System\HVNBCVD.exe
  2⤵
  PID:8228
- C:\Windows\System\TNWdTYP.exe
  C:\Windows\System\TNWdTYP.exe
  2⤵
  PID:8244
- C:\Windows\System\SmFGfiT.exe
  C:\Windows\System\SmFGfiT.exe
  2⤵
  PID:8260
- C:\Windows\System\htMzfeW.exe
  C:\Windows\System\htMzfeW.exe
  2⤵
  PID:8276
- C:\Windows\System\AKVgfwM.exe
  C:\Windows\System\AKVgfwM.exe
  2⤵
  PID:8292
- C:\Windows\System\ojmqndg.exe
  C:\Windows\System\ojmqndg.exe
  2⤵
  PID:8308
- C:\Windows\System\KzIYZfa.exe
  C:\Windows\System\KzIYZfa.exe
  2⤵
  PID:8324
- C:\Windows\System\MPLYMby.exe
  C:\Windows\System\MPLYMby.exe
  2⤵
  PID:8340
- C:\Windows\System\SnpGIVh.exe
  C:\Windows\System\SnpGIVh.exe
  2⤵
  PID:8356
- C:\Windows\System\PQQpYyE.exe
  C:\Windows\System\PQQpYyE.exe
  2⤵
  PID:8372
- C:\Windows\System\wZLxTyp.exe
  C:\Windows\System\wZLxTyp.exe
  2⤵
  PID:8388
- C:\Windows\System\tirWRTU.exe
  C:\Windows\System\tirWRTU.exe
  2⤵
  PID:8404
- C:\Windows\System\WmTyNVy.exe
  C:\Windows\System\WmTyNVy.exe
  2⤵
  PID:8420
- C:\Windows\System\EuNnEsG.exe
  C:\Windows\System\EuNnEsG.exe
  2⤵
  PID:8436
- C:\Windows\System\cTWcpnh.exe
  C:\Windows\System\cTWcpnh.exe
  2⤵
  PID:8452
- C:\Windows\System\AcRPGVW.exe
  C:\Windows\System\AcRPGVW.exe
  2⤵
  PID:8468
- C:\Windows\System\pcSznuh.exe
  C:\Windows\System\pcSznuh.exe
  2⤵
  PID:8484
- C:\Windows\System\bCeNzzJ.exe
  C:\Windows\System\bCeNzzJ.exe
  2⤵
  PID:8500
- C:\Windows\System\RzoiUop.exe
  C:\Windows\System\RzoiUop.exe
  2⤵
  PID:8516
- C:\Windows\System\OvKkwQv.exe
  C:\Windows\System\OvKkwQv.exe
  2⤵
  PID:8532
- C:\Windows\System\QLtwIHs.exe
  C:\Windows\System\QLtwIHs.exe
  2⤵
  PID:8548
- C:\Windows\System\hJQdQDk.exe
  C:\Windows\System\hJQdQDk.exe
  2⤵
  PID:8564
- C:\Windows\System\mdlUiid.exe
  C:\Windows\System\mdlUiid.exe
  2⤵
  PID:8580
- C:\Windows\System\WFZXTYg.exe
  C:\Windows\System\WFZXTYg.exe
  2⤵
  PID:8600
- C:\Windows\System\wFeHOoB.exe
  C:\Windows\System\wFeHOoB.exe
  2⤵
  PID:8620
- C:\Windows\System\QEAVWGr.exe
  C:\Windows\System\QEAVWGr.exe
  2⤵
  PID:8652
- C:\Windows\System\eXAaylk.exe
  C:\Windows\System\eXAaylk.exe
  2⤵
  PID:8676
- C:\Windows\System\kwzoVty.exe
  C:\Windows\System\kwzoVty.exe
  2⤵
  PID:8700
- C:\Windows\System\iACmSYC.exe
  C:\Windows\System\iACmSYC.exe
  2⤵
  PID:8724
- C:\Windows\System\gNMOlpp.exe
  C:\Windows\System\gNMOlpp.exe
  2⤵
  PID:8748
- C:\Windows\System\cEdsMgV.exe
  C:\Windows\System\cEdsMgV.exe
  2⤵
  PID:8780
- C:\Windows\System\rBAltPp.exe
  C:\Windows\System\rBAltPp.exe
  2⤵
  PID:8800
- C:\Windows\System\aRlLlNQ.exe
  C:\Windows\System\aRlLlNQ.exe
  2⤵
  PID:8816
- C:\Windows\System\DJEjYjW.exe
  C:\Windows\System\DJEjYjW.exe
  2⤵
  PID:8836
- C:\Windows\System\iXPixcn.exe
  C:\Windows\System\iXPixcn.exe
  2⤵
  PID:8852
- C:\Windows\System\EKggAhc.exe
  C:\Windows\System\EKggAhc.exe
  2⤵
  PID:8868
- C:\Windows\System\fKLtrpu.exe
  C:\Windows\System\fKLtrpu.exe
  2⤵
  PID:8896
- C:\Windows\System\lTWkVHJ.exe
  C:\Windows\System\lTWkVHJ.exe
  2⤵
  PID:8912
- C:\Windows\System\KiLKEPb.exe
  C:\Windows\System\KiLKEPb.exe
  2⤵
  PID:8928
- C:\Windows\System\EGcKDNi.exe
  C:\Windows\System\EGcKDNi.exe
  2⤵
  PID:8944
- C:\Windows\System\EPwIjip.exe
  C:\Windows\System\EPwIjip.exe
  2⤵
  PID:8960
- C:\Windows\System\RoPUvoI.exe
  C:\Windows\System\RoPUvoI.exe
  2⤵
  PID:8976
- C:\Windows\System\MURZjpT.exe
  C:\Windows\System\MURZjpT.exe
  2⤵
  PID:8992
- C:\Windows\System\NlVTMZd.exe
  C:\Windows\System\NlVTMZd.exe
  2⤵
  PID:9008
- C:\Windows\System\RzbdUea.exe
  C:\Windows\System\RzbdUea.exe
  2⤵
  PID:9024
- C:\Windows\System\yorwQqM.exe
  C:\Windows\System\yorwQqM.exe
  2⤵
  PID:9040
- C:\Windows\System\PCWOyVw.exe
  C:\Windows\System\PCWOyVw.exe
  2⤵
  PID:9060
- C:\Windows\System\yjppuSJ.exe
  C:\Windows\System\yjppuSJ.exe
  2⤵
  PID:9076
- C:\Windows\System\wXSzcwP.exe
  C:\Windows\System\wXSzcwP.exe
  2⤵
  PID:9092
- C:\Windows\System\eyXceMv.exe
  C:\Windows\System\eyXceMv.exe
  2⤵
  PID:9108
- C:\Windows\System\dELYUTO.exe
  C:\Windows\System\dELYUTO.exe
  2⤵
  PID:9124
- C:\Windows\System\lxXcieB.exe
  C:\Windows\System\lxXcieB.exe
  2⤵
  PID:9140
- C:\Windows\System\XtpgRMQ.exe
  C:\Windows\System\XtpgRMQ.exe
  2⤵
  PID:9156
- C:\Windows\System\BRXqfaU.exe
  C:\Windows\System\BRXqfaU.exe
  2⤵
  PID:9172
- C:\Windows\System\POsLAkH.exe
  C:\Windows\System\POsLAkH.exe
  2⤵
  PID:9192
- C:\Windows\System\siDQOmV.exe
  C:\Windows\System\siDQOmV.exe
  2⤵
  PID:9020
- C:\Windows\System\SWtgWcl.exe
  C:\Windows\System\SWtgWcl.exe
  2⤵
  PID:9052
- C:\Windows\System\Qscxeep.exe
  C:\Windows\System\Qscxeep.exe
  2⤵
  PID:2200
- C:\Windows\System\ZClMjla.exe
  C:\Windows\System\ZClMjla.exe
  2⤵
  PID:9148
- C:\Windows\System\JkXIItp.exe
  C:\Windows\System\JkXIItp.exe
  2⤵
  PID:9168
- C:\Windows\System\delzcoK.exe
  C:\Windows\System\delzcoK.exe
  2⤵
  PID:1880
- C:\Windows\System\eyaknSO.exe
  C:\Windows\System\eyaknSO.exe
  2⤵
  PID:9200
- C:\Windows\System\tfVWIfo.exe
  C:\Windows\System\tfVWIfo.exe
  2⤵
  PID:7912
- C:\Windows\System\rhsKymw.exe
  C:\Windows\System\rhsKymw.exe
  2⤵
  PID:8220
- C:\Windows\System\MLMUgOL.exe
  C:\Windows\System\MLMUgOL.exe
  2⤵
  PID:8368
- C:\Windows\System\HuUTijI.exe
  C:\Windows\System\HuUTijI.exe
  2⤵
  PID:8348
- C:\Windows\System\OccTpcG.exe
  C:\Windows\System\OccTpcG.exe
  2⤵
  PID:8412
- C:\Windows\System\oQcufsi.exe
  C:\Windows\System\oQcufsi.exe
  2⤵
  PID:8476
- C:\Windows\System\wqwWyYM.exe
  C:\Windows\System\wqwWyYM.exe
  2⤵
  PID:8540
- C:\Windows\System\NINjNst.exe
  C:\Windows\System\NINjNst.exe
  2⤵
  PID:8492
- C:\Windows\System\JymfqxB.exe
  C:\Windows\System\JymfqxB.exe
  2⤵
  PID:8464
- C:\Windows\System\HNakWGW.exe
  C:\Windows\System\HNakWGW.exe
  2⤵
  PID:8496
- C:\Windows\System\wofslvN.exe
  C:\Windows\System\wofslvN.exe
  2⤵
  PID:8596
- C:\Windows\System\pitWcLY.exe
  C:\Windows\System\pitWcLY.exe
  2⤵
  PID:8660
- C:\Windows\System\zTqCiQR.exe
  C:\Windows\System\zTqCiQR.exe
  2⤵
  PID:8692
- C:\Windows\System\PRZYVeZ.exe
  C:\Windows\System\PRZYVeZ.exe
  2⤵
  PID:8716
- C:\Windows\System\xOxysDd.exe
  C:\Windows\System\xOxysDd.exe
  2⤵
  PID:8764
- C:\Windows\System\cpqcoQm.exe
  C:\Windows\System\cpqcoQm.exe
  2⤵
  PID:8684
- C:\Windows\System\tWWRKnY.exe
  C:\Windows\System\tWWRKnY.exe
  2⤵
  PID:8628
- C:\Windows\System\XehNWhL.exe
  C:\Windows\System\XehNWhL.exe
  2⤵
  PID:8824
- C:\Windows\System\VIlPToR.exe
  C:\Windows\System\VIlPToR.exe
  2⤵
  PID:9048
- C:\Windows\System\oXrHkQq.exe
  C:\Windows\System\oXrHkQq.exe
  2⤵
  PID:9032
- C:\Windows\System\vnKxcrQ.exe
  C:\Windows\System\vnKxcrQ.exe
  2⤵
  PID:8876
- C:\Windows\System\rHxbNCd.exe
  C:\Windows\System\rHxbNCd.exe
  2⤵
  PID:8864
- C:\Windows\System\ttuhvoG.exe
  C:\Windows\System\ttuhvoG.exe
  2⤵
  PID:8884
- C:\Windows\System\QgXWuTK.exe
  C:\Windows\System\QgXWuTK.exe
  2⤵
  PID:8952
- C:\Windows\System\txkMLDq.exe
  C:\Windows\System\txkMLDq.exe
  2⤵
  PID:9000
- C:\Windows\System\jyrjXtQ.exe
  C:\Windows\System\jyrjXtQ.exe
  2⤵
  PID:8984
- C:\Windows\System\nWGhElP.exe
  C:\Windows\System\nWGhElP.exe
  2⤵
  PID:9088
- C:\Windows\System\BddeeVQ.exe
  C:\Windows\System\BddeeVQ.exe
  2⤵
  PID:9132
- C:\Windows\System\RkUiBYa.exe
  C:\Windows\System\RkUiBYa.exe
  2⤵
  PID:1672
- C:\Windows\System\OKfyGGN.exe
  C:\Windows\System\OKfyGGN.exe
  2⤵
  PID:9184
- C:\Windows\System\EtFAxKv.exe
  C:\Windows\System\EtFAxKv.exe
  2⤵
  PID:9208
- C:\Windows\System\lTrvGvy.exe
  C:\Windows\System\lTrvGvy.exe
  2⤵
  PID:8380
- C:\Windows\System\PRgoDMD.exe
  C:\Windows\System\PRgoDMD.exe
  2⤵
  PID:8512
- C:\Windows\System\HSBpXAI.exe
  C:\Windows\System\HSBpXAI.exe
  2⤵
  PID:8316
- C:\Windows\System\mIcDDRj.exe
  C:\Windows\System\mIcDDRj.exe
  2⤵
  PID:8300
- C:\Windows\System\ESSumIA.exe
  C:\Windows\System\ESSumIA.exe
  2⤵
  PID:8396
- C:\Windows\System\kmeRjUU.exe
  C:\Windows\System\kmeRjUU.exe
  2⤵
  PID:1692
- C:\Windows\System\nEgqUPv.exe
  C:\Windows\System\nEgqUPv.exe
  2⤵
  PID:8616
- C:\Windows\System\KgUqipB.exe
  C:\Windows\System\KgUqipB.exe
  2⤵
  PID:8904
- C:\Windows\System\eGjxsGd.exe
  C:\Windows\System\eGjxsGd.exe
  2⤵
  PID:8888
- C:\Windows\System\epURzuU.exe
  C:\Windows\System\epURzuU.exe
  2⤵
  PID:9116
- C:\Windows\System\AhTHjtv.exe
  C:\Windows\System\AhTHjtv.exe
  2⤵
  PID:9212
- C:\Windows\System\CTdNhgI.exe
  C:\Windows\System\CTdNhgI.exe
  2⤵
  PID:8240
- C:\Windows\System\LUacLjU.exe
  C:\Windows\System\LUacLjU.exe
  2⤵
  PID:8304
- C:\Windows\System\QBLdkQI.exe
  C:\Windows\System\QBLdkQI.exe
  2⤵
  PID:2024
- C:\Windows\System\lJQOEyQ.exe
  C:\Windows\System\lJQOEyQ.exe
  2⤵
  PID:8448
- C:\Windows\System\tDtCapi.exe
  C:\Windows\System\tDtCapi.exe
  2⤵
  PID:8432
- C:\Windows\System\tAdykTN.exe
  C:\Windows\System\tAdykTN.exe
  2⤵
  PID:8268
- C:\Windows\System\nrEazcC.exe
  C:\Windows\System\nrEazcC.exe
  2⤵
  PID:8712
- C:\Windows\System\xgnxvFp.exe
  C:\Windows\System\xgnxvFp.exe
  2⤵
  PID:8772
- C:\Windows\System\CUxYMch.exe
  C:\Windows\System\CUxYMch.exe
  2⤵
  PID:8644
- C:\Windows\System\VvACuCA.exe
  C:\Windows\System\VvACuCA.exe
  2⤵
  PID:8668
- C:\Windows\System\dRhRonv.exe
  C:\Windows\System\dRhRonv.exe
  2⤵
  PID:8988
- C:\Windows\System\RUtmkzn.exe
  C:\Windows\System\RUtmkzn.exe
  2⤵
  PID:8972
- C:\Windows\System\vtAnJUF.exe
  C:\Windows\System\vtAnJUF.exe
  2⤵
  PID:8848
- C:\Windows\System\QKoxxqm.exe
  C:\Windows\System\QKoxxqm.exe
  2⤵
  PID:8508
- C:\Windows\System\nKSrPyZ.exe
  C:\Windows\System\nKSrPyZ.exe
  2⤵
  PID:8320
- C:\Windows\System\OQQUNMO.exe
  C:\Windows\System\OQQUNMO.exe
  2⤵
  PID:8792
- C:\Windows\System\BOgCGRj.exe
  C:\Windows\System\BOgCGRj.exe
  2⤵
  PID:2776
- C:\Windows\System\tUPZxYR.exe
  C:\Windows\System\tUPZxYR.exe
  2⤵
  PID:9164
- C:\Windows\System\UJEDvts.exe
  C:\Windows\System\UJEDvts.exe
  2⤵
  PID:8588
- C:\Windows\System\RnXrxke.exe
  C:\Windows\System\RnXrxke.exe
  2⤵
  PID:9220
- C:\Windows\System\xvcGySH.exe
  C:\Windows\System\xvcGySH.exe
  2⤵
  PID:9236
- C:\Windows\System\dJmmfGO.exe
  C:\Windows\System\dJmmfGO.exe
  2⤵
  PID:9252
- C:\Windows\System\eyCkXiN.exe
  C:\Windows\System\eyCkXiN.exe
  2⤵
  PID:9268
- C:\Windows\System\LknFTGn.exe
  C:\Windows\System\LknFTGn.exe
  2⤵
  PID:9284
- C:\Windows\System\bgBqhcD.exe
  C:\Windows\System\bgBqhcD.exe
  2⤵
  PID:9312
- C:\Windows\System\VsqnCgf.exe
  C:\Windows\System\VsqnCgf.exe
  2⤵
  PID:9336
- C:\Windows\System\vRDTeHt.exe
  C:\Windows\System\vRDTeHt.exe
  2⤵
  PID:9352
- C:\Windows\System\olXPhjJ.exe
  C:\Windows\System\olXPhjJ.exe
  2⤵
  PID:9412
- C:\Windows\System\CZKNgLZ.exe
  C:\Windows\System\CZKNgLZ.exe
  2⤵
  PID:9432
- C:\Windows\System\RCdMZEx.exe
  C:\Windows\System\RCdMZEx.exe
  2⤵
  PID:9448
- C:\Windows\System\uQHXnZj.exe
  C:\Windows\System\uQHXnZj.exe
  2⤵
  PID:9472
- C:\Windows\System\NkcOczg.exe
  C:\Windows\System\NkcOczg.exe
  2⤵
  PID:9488
- C:\Windows\System\PwKAsWo.exe
  C:\Windows\System\PwKAsWo.exe
  2⤵
  PID:9504
- C:\Windows\System\OwicVVb.exe
  C:\Windows\System\OwicVVb.exe
  2⤵
  PID:9556
- C:\Windows\System\esAaYHC.exe
  C:\Windows\System\esAaYHC.exe
  2⤵
  PID:9604
- C:\Windows\System\ZSZlUFy.exe
  C:\Windows\System\ZSZlUFy.exe
  2⤵
  PID:9620
- C:\Windows\System\OSXccvq.exe
  C:\Windows\System\OSXccvq.exe
  2⤵
  PID:9636
- C:\Windows\System\dyNQzoG.exe
  C:\Windows\System\dyNQzoG.exe
  2⤵
  PID:9652
- C:\Windows\System\tBrQYAd.exe
  C:\Windows\System\tBrQYAd.exe
  2⤵
  PID:9668
- C:\Windows\System\VZIlaTu.exe
  C:\Windows\System\VZIlaTu.exe
  2⤵
  PID:9684
- C:\Windows\System\pVFfmmd.exe
  C:\Windows\System\pVFfmmd.exe
  2⤵
  PID:9700
- C:\Windows\System\APwqiCw.exe
  C:\Windows\System\APwqiCw.exe
  2⤵
  PID:9716
- C:\Windows\System\zZVrzdv.exe
  C:\Windows\System\zZVrzdv.exe
  2⤵
  PID:9732
- C:\Windows\System\wVShRjz.exe
  C:\Windows\System\wVShRjz.exe
  2⤵
  PID:9748
- C:\Windows\System\MibrXjJ.exe
  C:\Windows\System\MibrXjJ.exe
  2⤵
  PID:9764
- C:\Windows\System\wETtmsv.exe
  C:\Windows\System\wETtmsv.exe
  2⤵
  PID:9780
- C:\Windows\System\CxyFsLh.exe
  C:\Windows\System\CxyFsLh.exe
  2⤵
  PID:9796
- C:\Windows\System\qMwPkAR.exe
  C:\Windows\System\qMwPkAR.exe
  2⤵
  PID:9812
- C:\Windows\System\jWkvISV.exe
  C:\Windows\System\jWkvISV.exe
  2⤵
  PID:9828
- C:\Windows\System\kDGZJWz.exe
  C:\Windows\System\kDGZJWz.exe
  2⤵
  PID:9844
- C:\Windows\System\wiCAGgn.exe
  C:\Windows\System\wiCAGgn.exe
  2⤵
  PID:9860
- C:\Windows\System\ozIPOvP.exe
  C:\Windows\System\ozIPOvP.exe
  2⤵
  PID:9876
- C:\Windows\System\FWsrdWE.exe
  C:\Windows\System\FWsrdWE.exe
  2⤵
  PID:9892
- C:\Windows\System\CAHvKMc.exe
  C:\Windows\System\CAHvKMc.exe
  2⤵
  PID:9908
- C:\Windows\System\XuOEWuu.exe
  C:\Windows\System\XuOEWuu.exe
  2⤵
  PID:9924
- C:\Windows\System\OGCHcHO.exe
  C:\Windows\System\OGCHcHO.exe
  2⤵
  PID:9940
- C:\Windows\System\HJyXSxg.exe
  C:\Windows\System\HJyXSxg.exe
  2⤵
  PID:9956
- C:\Windows\System\PcTaESM.exe
  C:\Windows\System\PcTaESM.exe
  2⤵
  PID:9972
- C:\Windows\System\kcHDqkB.exe
  C:\Windows\System\kcHDqkB.exe
  2⤵
  PID:9988
- C:\Windows\System\fEhnQCa.exe
  C:\Windows\System\fEhnQCa.exe
  2⤵
  PID:10004
- C:\Windows\System\QOEMtrx.exe
  C:\Windows\System\QOEMtrx.exe
  2⤵
  PID:10020
- C:\Windows\System\PTKRVqN.exe
  C:\Windows\System\PTKRVqN.exe
  2⤵
  PID:10044
- C:\Windows\System\ZolKeDG.exe
  C:\Windows\System\ZolKeDG.exe
  2⤵
  PID:10060
- C:\Windows\System\ovpNIQO.exe
  C:\Windows\System\ovpNIQO.exe
  2⤵
  PID:10076
- C:\Windows\System\duLtdjj.exe
  C:\Windows\System\duLtdjj.exe
  2⤵
  PID:10096
- C:\Windows\System\DklgAFl.exe
  C:\Windows\System\DklgAFl.exe
  2⤵
  PID:10112
- C:\Windows\System\IYvxenY.exe
  C:\Windows\System\IYvxenY.exe
  2⤵
  PID:10128
- C:\Windows\System\ePUJOYS.exe
  C:\Windows\System\ePUJOYS.exe
  2⤵
  PID:10144
- C:\Windows\System\UXvlYyv.exe
  C:\Windows\System\UXvlYyv.exe
  2⤵
  PID:10160
- C:\Windows\System\xnxIyNP.exe
  C:\Windows\System\xnxIyNP.exe
  2⤵
  PID:10176
- C:\Windows\System\TcSTGJq.exe
  C:\Windows\System\TcSTGJq.exe
  2⤵
  PID:10192
- C:\Windows\System\akEDUHT.exe
  C:\Windows\System\akEDUHT.exe
  2⤵
  PID:10208
- C:\Windows\System\VLWhSYD.exe
  C:\Windows\System\VLWhSYD.exe
  2⤵
  PID:10224
- C:\Windows\System\WkYdSVA.exe
  C:\Windows\System\WkYdSVA.exe
  2⤵
  PID:9228
- C:\Windows\System\fkVNTkY.exe
  C:\Windows\System\fkVNTkY.exe
  2⤵
  PID:8092
- C:\Windows\System\uhMwpRF.exe
  C:\Windows\System\uhMwpRF.exe
  2⤵
  PID:2912
- C:\Windows\System\FJmASGD.exe
  C:\Windows\System\FJmASGD.exe
  2⤵
  PID:8732
- C:\Windows\System\ASfMvzP.exe
  C:\Windows\System\ASfMvzP.exe
  2⤵
  PID:9180
- C:\Windows\System\eesZTfY.exe
  C:\Windows\System\eesZTfY.exe
  2⤵
  PID:8640
- C:\Windows\System\TqlRDIg.exe
  C:\Windows\System\TqlRDIg.exe
  2⤵
  PID:9248
- C:\Windows\System\SpBDoSh.exe
  C:\Windows\System\SpBDoSh.exe
  2⤵
  PID:9296
- C:\Windows\System\oAdiVsi.exe
  C:\Windows\System\oAdiVsi.exe
  2⤵
  PID:9304
- C:\Windows\System\PPRtpBB.exe
  C:\Windows\System\PPRtpBB.exe
  2⤵
  PID:9320
- C:\Windows\System\GJxSQca.exe
  C:\Windows\System\GJxSQca.exe
  2⤵
  PID:9388
- C:\Windows\System\rgHigDu.exe
  C:\Windows\System\rgHigDu.exe
  2⤵
  PID:9372
- C:\Windows\System\IvHkGWF.exe
  C:\Windows\System\IvHkGWF.exe
  2⤵
  PID:9400
- C:\Windows\System\KqSwrgD.exe
  C:\Windows\System\KqSwrgD.exe
  2⤵
  PID:9424
- C:\Windows\System\BOKiCIz.exe
  C:\Windows\System\BOKiCIz.exe
  2⤵
  PID:9468
- C:\Windows\System\iKfWMGP.exe
  C:\Windows\System\iKfWMGP.exe
  2⤵
  PID:9512
- C:\Windows\System\KeTjCoT.exe
  C:\Windows\System\KeTjCoT.exe
  2⤵
  PID:9520
- C:\Windows\System\xQNjNxw.exe
  C:\Windows\System\xQNjNxw.exe
  2⤵
  PID:9544
- C:\Windows\System\gRLctVn.exe
  C:\Windows\System\gRLctVn.exe
  2⤵
  PID:9584
- C:\Windows\System\sJViIUU.exe
  C:\Windows\System\sJViIUU.exe
  2⤵
  PID:9592
- C:\Windows\System\jCCMMzN.exe
  C:\Windows\System\jCCMMzN.exe
  2⤵
  PID:9612
- C:\Windows\System\XTMQlvu.exe
  C:\Windows\System\XTMQlvu.exe
  2⤵
  PID:9644
- C:\Windows\System\ZLOgbfU.exe
  C:\Windows\System\ZLOgbfU.exe
  2⤵
  PID:9724
- C:\Windows\System\OhsoeQr.exe
  C:\Windows\System\OhsoeQr.exe
  2⤵
  PID:9660
- C:\Windows\System\mOzLyaH.exe
  C:\Windows\System\mOzLyaH.exe
  2⤵
  PID:9712
- C:\Windows\System\vOeBojm.exe
  C:\Windows\System\vOeBojm.exe
  2⤵
  PID:9772
- C:\Windows\System\Uxeyyly.exe
  C:\Windows\System\Uxeyyly.exe
  2⤵
  PID:9856
- C:\Windows\System\ueYjlyw.exe
  C:\Windows\System\ueYjlyw.exe
  2⤵
  PID:9836
- C:\Windows\System\vGmzdnd.exe
  C:\Windows\System\vGmzdnd.exe
  2⤵
  PID:10052
- C:\Windows\System\govHXUE.exe
  C:\Windows\System\govHXUE.exe
  2⤵
  PID:2588
- C:\Windows\System\ynGVEQL.exe
  C:\Windows\System\ynGVEQL.exe
  2⤵
  PID:9408
- C:\Windows\System\aZGFcgY.exe
  C:\Windows\System\aZGFcgY.exe
  2⤵
  PID:9428
- C:\Windows\System\LEQWRTQ.exe
  C:\Windows\System\LEQWRTQ.exe
  2⤵
  PID:9532
- C:\Windows\System\eJilVPp.exe
  C:\Windows\System\eJilVPp.exe
  2⤵
  PID:9444
- C:\Windows\System\FNgnLRl.exe
  C:\Windows\System\FNgnLRl.exe
  2⤵
  PID:9460
- C:\Windows\System\CIHyIdu.exe
  C:\Windows\System\CIHyIdu.exe
  2⤵
  PID:9628
- C:\Windows\System\pjJIUAE.exe
  C:\Windows\System\pjJIUAE.exe
  2⤵
  PID:9524
- C:\Windows\System\KlvEiYu.exe
  C:\Windows\System\KlvEiYu.exe
  2⤵
  PID:9676
- C:\Windows\System\sWtZpVd.exe
  C:\Windows\System\sWtZpVd.exe
  2⤵
  PID:9696
- C:\Windows\System\sIEEcwL.exe
  C:\Windows\System\sIEEcwL.exe
  2⤵
  PID:9744
- C:\Windows\System\uVysyaf.exe
  C:\Windows\System\uVysyaf.exe
  2⤵
  PID:9820
- C:\Windows\System\Hrxmqhc.exe
  C:\Windows\System\Hrxmqhc.exe
  2⤵
  PID:9888
- C:\Windows\System\gJvHJxx.exe
  C:\Windows\System\gJvHJxx.exe
  2⤵
  PID:10016
- C:\Windows\System\MLmQevM.exe
  C:\Windows\System\MLmQevM.exe
  2⤵
  PID:10152
- C:\Windows\System\APpJMGR.exe
  C:\Windows\System\APpJMGR.exe
  2⤵
  PID:10184
- C:\Windows\System\fAYuBWT.exe
  C:\Windows\System\fAYuBWT.exe
  2⤵
  PID:9968
- C:\Windows\System\HTzmXUl.exe
  C:\Windows\System\HTzmXUl.exe
  2⤵
  PID:10036
- C:\Windows\System\oZlRNFm.exe
  C:\Windows\System\oZlRNFm.exe
  2⤵
  PID:10028
- C:\Windows\System\huQvGiF.exe
  C:\Windows\System\huQvGiF.exe
  2⤵
  PID:10172
- C:\Windows\System\fsJsVRl.exe
  C:\Windows\System\fsJsVRl.exe
  2⤵
  PID:10236
- C:\Windows\System\IPwXadw.exe
  C:\Windows\System\IPwXadw.exe
  2⤵
  PID:9260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ADWbQir.exe

Filesize
6.0MB

MD5
6ca7fd82f0a8ad6a341036bf066a7cf2

SHA1
30ecd1ccf16dc779296bb849ae0eeff0875c84aa

SHA256
04bf4b0f955d5bbf96a65fc7fe59c60ac1a2770d73acf09dc90c69d040d6250e

SHA512
bc1a20e8b281310cf9ed015bcdd3308e40663fab2645b2afa8e3219a843aa7e5c55182e849a32882dc8488d3b7551b50a9aafa85d05e14fa08d45d579929ed45

Download Submit
C:\Windows\system\GbdXIRb.exe

Filesize
6.0MB

MD5
09828338a8e1e2a5343f8c0ac65ff18f

SHA1
8fbd52f232132025d03c0abd80e8d2ec3cd1f80b

SHA256
d122d595c7846772bf7db5f6f09afaaf07f1030d7ed02073fbc73bd684839f4d

SHA512
2ae9fb8adf96232ae192d2514b08b07ee961cb409596e29d2cb7cd1337b332908e9d07b984772f11ebabc7eed4799d0ec7e7b54c1be5560e0d48840b6dc2332c

Download Submit
C:\Windows\system\HKPQgkv.exe

Filesize
6.0MB

MD5
f41887eeb27f3c550bcfa6f53e78f7e6

SHA1
e35a5030ce2907214200aa4ec5fc1714650ba156

SHA256
fd41f42e5417f7ab69cf7c36bb1dcdabb5e02591a26285105072461487642ac8

SHA512
9357d3e3e158e44f0d9193066ebf8589e9728fed52e2676da186e5ead1a7fba6ee10a0e76aa2a4660e2e0c50668894c37402c4e090f859700f29ab6f55cabccd

Download Submit
C:\Windows\system\MPCYACi.exe

Filesize
6.0MB

MD5
7b9f79b48d512c9faab34f9e5bdaa856

SHA1
1e36d35b17e4813ad20104396cb7eb4ed98f57e3

SHA256
68511607da66ca74509bf57c15bee2dd0686fbcdddacdbf1573ac515d933a9f0

SHA512
e2e594891d58135524c3b8fa8fae85abcb548715460e374fdd050bf723f4a0b30da8fb46e215bcae7d803f42bf8206c9969d90a39b7f6c4fdc95bbb7e20106ca

Download Submit
C:\Windows\system\MmuyQyO.exe

Filesize
6.0MB

MD5
3364a4067864a2562a42846d13c8144c

SHA1
751b41163838bc2d670c1aeb5ca9e86b0eeb8b8a

SHA256
eba81d90666dfa75b7a276234e811e517324e0417ef429881d7d4225827b70e5

SHA512
074ce692ecb428af240a5c245c21dcef6dbdd6c934dda025a12557b69f56cd6e82abe35e92b2e3975b45743dbfea6db701e8fa8ab006fd4239ad32a733685970

Download Submit
C:\Windows\system\NcGlHqM.exe

Filesize
6.0MB

MD5
843eccf4bcc98cd04bf0a2283f1fb6a1

SHA1
53fba81ae9d1600a69b95121aab5ac315e1d6989

SHA256
8ea6f5225ca2dcdddd9732c5f3228f707b258cd0ab5cf456cc2c8a311a06f3b6

SHA512
f7649a0933badeaa93bb485e8fddac4b77bc2858f84362b33c4df5e0066b71e0ec5b748bfe7232c9182c0d0c844819798053808d27424279f6d74e3197427912

Download Submit
C:\Windows\system\OWPcaCX.exe

Filesize
6.0MB

MD5
cd889c9599e5cd9a1ab427af26b95fdb

SHA1
08743fe0642680b2238e3198311b83281d2efe83

SHA256
129f9fed90d9906d2944a5fe8a965b50bbe270e9a323beee4bff6e95207080e4

SHA512
7a074dced7be61cc4ead3fa2d4c9c7b3644c2b0eef25ce8c383319e438e501ae6a973e5c95dde786243da24e95753cfad90e09b9e500db579a20344d55f6c96f

Download Submit
C:\Windows\system\PxqBWoa.exe

Filesize
6.0MB

MD5
8fd1d74d47df7d15990249d2e377599a

SHA1
3e22b8525662ceb84787fc6fd80c485ec66c49ae

SHA256
34901b26764222e9fb970b498b1c138e58bfbd3bbcb8e09be32703475cd54bcf

SHA512
5794fe3080bebc8c666963ba91a9d8bed17537081dc44540675e9d704f01bebcbb9006480bde8a26068514f3c98b18f01d79c77da2286a21acc0e064b2694197

Download Submit
C:\Windows\system\TDRCMBN.exe

Filesize
6.0MB

MD5
fec35f226072e0a46f9f946718411f57

SHA1
11ff9e277977244721eafdf5769362671b6dba2e

SHA256
57af8a03198ca7e5640187abe9f8559153c47886a0f9c2623f18603ce4846f61

SHA512
07645a16bc07713cbe53856651942a7892c535d33795fa55a6ad6c2785109731c8695d6e41dae6078f2c19ed685e32a308a6cc01ec2078230024fb6ef1ae2b77

Download Submit
C:\Windows\system\VduwSGR.exe

Filesize
6.0MB

MD5
adc06c35a299e5ee24bfc9d7a8c468f5

SHA1
dc7a1143a64b351dd2aad2e2b44840c9c0dfb7aa

SHA256
6a697cbc63e3d2f3648317f7efb8d03adc2480e9d444d14ab735febc52fe46e7

SHA512
38bdab755f6aeba4145ed5be80b7aa571c1ecb9426b922423a0be24a5a95f893d138872380b19cd632083d1b503a0209a2dcbac3581c0a38a2f8413e20ed95db

Download Submit
C:\Windows\system\cdgXqdW.exe

Filesize
6.0MB

MD5
404897e1d33e84d22cb3b8a26c7a6c03

SHA1
2a65e6fd3f094d881723a5d8d4f275626e033be7

SHA256
e1fb813d6ff6f0384942f5019458696f8a26d694ac1f801c8bf08b5a830fc25f

SHA512
eb79f6108cb85f889892fa9f7420ffd2a609b4f45a3f25aa2227a1870f7e33051c1a3e4241293a66a20cde02798b6fecba352d4f2d9bba0d2a8f710b7f9b3d20

Download Submit
C:\Windows\system\dBMomvB.exe

Filesize
6.0MB

MD5
ef894e9a86e0804766a84b2e8f875550

SHA1
7685fcb096e532c44cfd99e2454fcb18884f3fe4

SHA256
311857ac7f435943250a69487455c0a1f0c4490ea4d929e8e755308a3a1a1985

SHA512
4a0e049002286c77aaeb150016e4fa3ba81ced203c7fd510376155d01559cb4e2337800ea0a07c47c9b98363447244d394a03e2d1f924ce53f2ab26359f0cd39

Download Submit
C:\Windows\system\dbCyIzq.exe

Filesize
6.0MB

MD5
cba784d4c5e0c6abe1ef0abd6c0ee7f3

SHA1
1981e65aa7f4b876549f3a4c3ffa9824c14e916d

SHA256
b3f809708acf4e7ae177aa8b3e030d15b3b1abde759e1df31e45957d2ed5aadf

SHA512
555871a22b3987d9c4b512ba737b749a2a081e2c38fdfcd074aa50d9ac1b69dc76c29d07df6f3add77f4ecf7a9e796f3169485abf535a8ca630c69b17973a89d

Download Submit
C:\Windows\system\eRqGHxt.exe

Filesize
6.0MB

MD5
761d299d6875990a4a041e572f9cf2cb

SHA1
fef2919e15b54573b1a53fb681fde27acadf2296

SHA256
962356b46f35145036c5c0eb2f29ba1b7a6772335b9ce315c3db0dbf8536e0c2

SHA512
f1e262da910ada566a3f1bd5a9f5741805fdb541f8843a05ecf7b54c9a90c36e1d344869edf90ecc44445655a68a3e329334dc808a84c616af66b9f97d1beb5a

Download Submit
C:\Windows\system\eetpTiN.exe

Filesize
6.0MB

MD5
ecd374324f65a476687c4b40ae2e4c81

SHA1
dbb84a2ca9a408728c9fa4fd3e296b283baafc51

SHA256
461ef836b42aa51d2d5686e56dcc07a744b70cb17f96f1164acea8d29642bf7b

SHA512
7efcb04ead97f6e4750186101c179548fc38f41bc675f88b33077d92fb1fe292553a47d8753d6bc928795262ea3612923bfd5144132c8ec17cc1f1b2d078910a

Download Submit
C:\Windows\system\fFBSDkF.exe

Filesize
6.0MB

MD5
5e94c97befec6c0aad9ef76450da692f

SHA1
42cf8d01271f159550ee4d3cebeb3bb248077368

SHA256
cbf88e99da109ada2596872f8eb6314d2ca81b8769651fe52c347f71d6700cfa

SHA512
3387083850fe7aefbf167499d157095a411e0a0e40c0998bc376ba722a65d477c6e8ca38f3828355118f4803b1e3bb44edfb71b5ee668c1b264609e193933be2

Download Submit
C:\Windows\system\rEkbskn.exe

Filesize
6.0MB

MD5
9dbe644eb7836551ba6717cc1065a17b

SHA1
39e11d3a89e375051b2e1046d52ddc7bc30f69c6

SHA256
5e7e7f472addacc53e6aaa24079aa951e29138222e33909df53cbf527ac7079e

SHA512
a10e42e648dc51fa2d878fcca41aaabdbffe06ded8c775cf276ef287a3b9fc36eb00cf601cf8da8c785c8accd92745fd7668740471bfd5ba97b543da8e2842a2

Download Submit
C:\Windows\system\sTBCWfp.exe

Filesize
6.0MB

MD5
451b22ffd6fe809863f90daab6123ba8

SHA1
6c18a30a6535d16f94a3910e5ea8d8038067145f

SHA256
24a6c37b59d5200b7daad69056e769ae93362e24beba349e00cff34d170f35e9

SHA512
c6d4ba4dbdcc095423cad17f2ba159d3ec3b03b889ea206d9d21b74231c2b8c838783a3ff853e35d6c4225469dd1b490a7fefd22abcfa75b7b55eb269a0d6d9e

Download Submit
C:\Windows\system\ulzazvu.exe

Filesize
6.0MB

MD5
8ef85804f1bd2b38470049ddef536855

SHA1
f0b02fe24baba9eb9728bcede613052d5d40d309

SHA256
466c84f3be38b8e7589d889c2452c9fa336338761490c5ac452249aef0c70050

SHA512
7382161570491881c6ba6fe701323dbda753334838913aa12bb3cd8dafc15b2c3e427668719dd1b854048146a9607dc9a80f6234ec7f989160ba14cc4832b82e

Download Submit
C:\Windows\system\wvoTouL.exe

Filesize
6.0MB

MD5
43e288a610f649decc98aebd618ef24e

SHA1
5103cd0dbe35b9716b317a97f6cb08bcff3ac0c4

SHA256
b6010816ca5b0a96673ba75bbe3841bfc47653f3f805c6a25dcada1b7392100e

SHA512
d102789b18ae6160631d70de10adea087a90c35c5a473e90e06fceff2c161e6429f663f668587f4166070e1e839112b39796627c53b4f0da9e546ef1ca43f7d9

Download Submit
\Windows\system\BuxZwUP.exe

Filesize
6.0MB

MD5
159c446d7002c11831bdd69c59ba7f25

SHA1
3dab26aa68d2af7c648f996f229d03b84591e4b2

SHA256
fd4396f867d871dc7d66f2dc5a461cc7df65bce4bda5eca54d728bf3f24d0083

SHA512
224217a16fa73deb342c2e00ae6ec2fb2eab0febea023d986ca4d619ee082baf972ea2402b1a43d1ee0cec1af32a9dd4076b2d7612b65dabb7e275a49c224c4e

Download Submit
\Windows\system\GtwzEKq.exe

Filesize
6.0MB

MD5
fbbbbaa65e5bb7dc3219d69a689b87bd

SHA1
d1284b63857415171856f2ff2a4395c945d16a32

SHA256
3fe072e89b03a22ede87afdbc6bbcf42a8e55ca9d9be70d845fe19df3d016610

SHA512
f41b6422cf92fea13e21aa249c936da8e5ada3366eaa114e2e512106cf291e3f909a7a6ab99aeedeb877e2fbe2829d7877e597249537710669338603fbcb7b30

Download Submit
\Windows\system\HGbjGLb.exe

Filesize
6.0MB

MD5
ce775ff260828ca5078b6c3daddb95f0

SHA1
4058ba71edd8d559f20d3ce11fb79b6459325ac0

SHA256
39db14d3cddd71b057903ed64ef239672f5b7a809e68522629ff6522a3d50d9a

SHA512
168abbbf46904517bb51e7fdbfc1e3a6f02daa1c56fca35dabb839e43637aed9bc0b4cfa708dc1113e9955115f976e1170c49354191c8e5eb89fc9f137c2fcce

Download Submit
\Windows\system\IXvdUXw.exe

Filesize
6.0MB

MD5
ecd457d716c2b7339f49a85334e1040f

SHA1
bfb67ea3eb05f9c3eeeb7006395ce4125788fd46

SHA256
efac28d7af5ec11db9e9ce0f61c0a4cc019d5e8060f6e3ebe8aaa17b06d6ef36

SHA512
5b253e66c4c05d9533d2851b12e882efc08bb44e9a513c13b20e988cabd15eb0fece214ff90e16d39bb20ac7fdd8413fcc29d8ab88466acda4f2a8809a7a2f51

Download Submit
\Windows\system\PUDlNaR.exe

Filesize
6.0MB

MD5
53d019466197baa8e478e91b647c5014

SHA1
bc2eff5debc7a36d674192fe90366ac8cf2df59f

SHA256
3974c2f54119fea76d8bc3ce2c27207f28292ced1dd48a2bb9da07f89c2da190

SHA512
2eda4ed3e3706c494a818a81c75e7c8336a4ada68f07f1ff467d4014424793dc4b158e501c8dad0e87b025d9f9e4316ec63397fa00619fe1ec0e792fe6d84923

Download Submit
\Windows\system\TfJdyoA.exe

Filesize
6.0MB

MD5
8e96873ff5f2516b61ef62f720ccb42b

SHA1
8dd19d04ddd69bcf836e5440b2973641874bac09

SHA256
870ed0121bf54f10a1db2a0c1ea11270c6d854b5ff9b6b2b5b34770e04f9bb94

SHA512
5c54cc768b998290176dafe2202ac1ebcac4c14232d004f762ddbe8abcd95e1a6566dd9a35159646b596e25881b0c4a0ffdacc254c9d8d311edd8c5704b76554

Download Submit
\Windows\system\aGIuICo.exe

Filesize
6.0MB

MD5
c478c8ba80d3e4d0b9f9ca59f9b5e01e

SHA1
18c41c39ad35168b99f1fb706a082acd15c72a58

SHA256
1dd1aac78c5152ef155c45eac86beb6fd7bc4f1cf1a9b5ca83d4977d2015930c

SHA512
e248ec602b005b2de545086b5ca7ad14ec60a8e761db1914804e0c430c4db102852c77c1df8a4b02c5c13a92693704b84a022ef7b0cbddb4559d46988587a9d4

Download Submit
\Windows\system\cJECQJt.exe

Filesize
6.0MB

MD5
b6bd067a2d390ca31ca60f577e264ea2

SHA1
8ece083c7fba9243cfaec9f499fe8727c4903752

SHA256
9fdb8a1ca0546325da98552fa28ee6a17ab47b1131aa849fcfe74a29a71d8e17

SHA512
272a8febb4a9ba0d48c3a127ca4d75f8e590f06cddb0a2a2ae16351255011b739b49b5f01910ca313717578086214aa6875daadda1ad3983c36a08afffa05b96

Download Submit
\Windows\system\copOwCm.exe

Filesize
6.0MB

MD5
b3d8eb17744d7d4ae6c55bfe3b492ef9

SHA1
24b811589452121eb6f3275e0516c27a1b5e9ab4

SHA256
0fc1bd94735c1b92bc75caa814494f902718f1a6600860ea5b428034c83d4017

SHA512
bce0c0a005c02a9f8e6870b73e51608159ce8661dad40df94de16eb567a9116f8a22ac4d13118a36ef2400015d9764dbd801fb868c14c16ff6b15d5fd27cc23a

Download Submit
\Windows\system\dNKAOfw.exe

Filesize
6.0MB

MD5
dc95f268c62d8048d9c34299519ea683

SHA1
e5e904d56619765f53a234a1bbccea464ad8d4bb

SHA256
809b8f0bb3de2cdaa6624cc8cd5e188a762ca31dc7b55cf724365f9a388c0d40

SHA512
0c4ae79f75cfcbc659ad81bed5504431b111a32800cd30bbf8b4b70eb9fe2e61c3f59e3bd149ecf95265ac5f1ef4b530c89c39265f29e1b47bf0520f5bb56ef0

Download Submit
\Windows\system\mcfjGxL.exe

Filesize
6.0MB

MD5
f9b2e1e9f3fce20773812a1ffb69287d

SHA1
d477204f2e1e6772422fa6c45473a2c8ec71e846

SHA256
ec067dbb4afae63076332b0e2c847090aca7430ce11ceccab76db6f1ffe392cc

SHA512
53cf745f43f4614f48b8957cf1edaa3fff837def36a7383188cb4a7f38e588b3a8ce342dc828f387dfd38f46d7d35d5c0b1f4e68cc4200401c8a0ba7e5c79f89

Download Submit
\Windows\system\nNpcTyf.exe

Filesize
6.0MB

MD5
d08668fa8c9338bcaf2e403cfd609045

SHA1
305f08e45033b4ae4e1c78306693113b87ecf6f9

SHA256
847225b8074482b90bb7fcd81a97a3f4eec8c5ece6e6a2b65a2d68e4f3a86712

SHA512
7c225fc65a83cbd4594525f1422573d8e8415c217b55b2ba48b68e699aac8dd215f5adb6987840c8dd50ced56b1750b19d9def7b7cacae2952bf10ff64ce3000

Download Submit
\Windows\system\nwWSXUS.exe

Filesize
6.0MB

MD5
f4b9baad75a11ff1ad1cef6f13110efa

SHA1
0652826e319d5cbc3dc050d6af79c5a760bd964e

SHA256
6740b2da17f14a0396ed56774f3d8c5c7cdb848b76ffdbd2b0cad3b3fa654064

SHA512
ef3ea8a51d9c452743a816b119e997605d568e761a714c3f9ad10e446b66eb02306f7759a9e9c07bfdcf00b555ce8f99cdbd37be9e3522eaef80ff19ebd79916

Download Submit
\Windows\system\sqzGVBZ.exe

Filesize
6.0MB

MD5
51ea76d041e0a22151fcc3d1821fd93b

SHA1
597280ca462a73af936467da9e34f46a9a7ee6b3

SHA256
29562ae4ab84a0c7ee2eccb7d82638f902e850288f571133bb7e76a8e2fb220b

SHA512
0e75f9e2a9fc8b9eefc4f639f46739cc71cc356860a916314721597092706324196f9515ad5a216dd67ea51aed83ac27ac76cea04e807192a9ddd6cefc185b9a

Download Submit
\Windows\system\vZhWmpx.exe

Filesize
6.0MB

MD5
ad12a0786870188df52e953f50626e3c

SHA1
5907f81dfaa995317d19e9793fc4b3bf2f33d1ee

SHA256
3be0fa357838e23e164659f1d50d7b70fbd6c9ea8e5b7ad7f260654091390322

SHA512
fa1bab3e5085bd7db25bfa13bf6bd28e47379f5d7328c54af0d4c961cc50a56d4b837c8a2958ea25888120850cf3b0969fbcd6e577e49a26fa69413edd9e231b

Download Submit
memory/1076-4009-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1076-53-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1076-12-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1452-105-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1452-4022-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1668-89-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-23-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-4011-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2144-69-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2144-4010-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2144-15-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2164-77-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-4016-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-97-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2228-29-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2228-4013-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2496-36-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-78-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-95-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-64-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-87-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2496-7-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-79-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2496-111-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2496-1316-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-76-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-72-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2496-1488-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2496-0-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-294-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2496-16-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2496-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2496-20-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-879-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2496-104-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2496-27-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-41-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-39-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-4020-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-96-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-88-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2636-880-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2636-4021-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2724-60-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2724-4014-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4018-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2764-80-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2812-4019-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2812-81-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2884-4012-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2884-37-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2940-4017-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-82-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-4015-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-67-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download