cobaltstrike | fe9e6c6cfb94a762be517677676aea27c3a62da188c3996964804dfdbe6a4dcb

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19-12-2024 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

304e36cac4c01e2d506ba92425c6714b
SHA1

975a4227eb92452dbe7abd9ac58ecfa8c08548f4
SHA256

fe9e6c6cfb94a762be517677676aea27c3a62da188c3996964804dfdbe6a4dcb
SHA512

70156e6bf8c36a4795db51f19213c587c9ae66609254de9d20b11dfc09b9d435e89a113f5420bb998e8301e34c58a43899918e5460bb4c090ee6b92cca73ea35
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU3:T+q56utgpPF8u/73

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012263-3.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194e4-29.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194da-40.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-96.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d4-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d1-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cf-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cd-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c9-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cb-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c7-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c5-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c3-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c1-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-109.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019429-92.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ad-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ab-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a5-68.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a495-60.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194e6-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019551-54.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001949d-31.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194d0-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019490-27.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2556-0-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x000c000000012263-3.dat	xmrig
behavioral1/files/0x00060000000194e4-29.dat	xmrig
behavioral1/memory/3012-39-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x00060000000194da-40.dat	xmrig
behavioral1/memory/2568-65-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2780-71-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/3024-85-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2716-86-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4af-96.dat	xmrig
behavioral1/memory/2716-538-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/1500-899-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/1196-741-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2656-372-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2780-204-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4d4-193.dat	xmrig
behavioral1/files/0x000500000001a4d1-188.dat	xmrig
behavioral1/files/0x000500000001a4cf-183.dat	xmrig
behavioral1/files/0x000500000001a4cd-179.dat	xmrig
behavioral1/files/0x000500000001a4c9-169.dat	xmrig
behavioral1/files/0x000500000001a4cb-173.dat	xmrig
behavioral1/files/0x000500000001a4c7-163.dat	xmrig
behavioral1/files/0x000500000001a4c5-159.dat	xmrig
behavioral1/files/0x000500000001a4c3-153.dat	xmrig
behavioral1/files/0x000500000001a4c1-149.dat	xmrig
behavioral1/files/0x000500000001a4bf-143.dat	xmrig
behavioral1/files/0x000500000001a4bd-139.dat	xmrig
behavioral1/files/0x000500000001a4b9-129.dat	xmrig
behavioral1/files/0x000500000001a4bb-133.dat	xmrig
behavioral1/files/0x000500000001a4b7-123.dat	xmrig
behavioral1/files/0x000500000001a4b5-119.dat	xmrig
behavioral1/files/0x000500000001a4b3-113.dat	xmrig
behavioral1/files/0x000500000001a4b1-109.dat	xmrig
behavioral1/memory/1500-101-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/3044-100-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/1196-94-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/3068-93-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x0008000000019429-92.dat	xmrig
behavioral1/files/0x000500000001a4ad-84.dat	xmrig
behavioral1/memory/2656-77-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4ab-76.dat	xmrig
behavioral1/memory/2752-70-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/3056-69-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4a5-68.dat	xmrig
behavioral1/memory/3044-61-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x000500000001a495-60.dat	xmrig
behavioral1/memory/3068-55-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/3024-48-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/1900-47-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x00070000000194e6-46.dat	xmrig
behavioral1/files/0x0007000000019551-54.dat	xmrig
behavioral1/memory/1300-41-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2556-38-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2752-35-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/3056-33-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x000700000001949d-31.dat	xmrig
behavioral1/memory/2568-30-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/files/0x00060000000194d0-28.dat	xmrig
behavioral1/files/0x0007000000019490-27.dat	xmrig
behavioral1/memory/1900-10-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/3056-3504-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2752-3507-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/3068-3511-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2568-3523-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1900	JLYdgmi.exe
2568	GkRolcO.exe
3056	jKOFJnu.exe
2752	ujEqpuf.exe
3012	tcROlTY.exe
1300	IsQSoUN.exe
3024	hDBxrOp.exe
3068	LBOcDKw.exe
3044	ctOsHvX.exe
2780	nVRUPYX.exe
2656	mkHKBgE.exe
2716	qojQaFf.exe
1196	bcJwijs.exe
1500	TwTuSOZ.exe
2852	wxNXPFz.exe
1620	ZvrlnAm.exe
2836	TnXoQFf.exe
1916	kpjgewO.exe
1496	cHxQUzi.exe
1396	beuFdQv.exe
3036	yFOwthD.exe
2956	fRJDDFf.exe
1168	efiXgid.exe
392	UsYlHhA.exe
236	xOLGRBl.exe
1352	edkrkjb.exe
756	DtTmrgN.exe
2328	BxUxpnP.exe
1892	cVruzKW.exe
1280	GUpYrpC.exe
1516	IwPkOaQ.exe
1624	YglIWdS.exe
1116	FhzXmdH.exe
2108	QLsOlnn.exe
952	wukOktL.exe
2400	goPQilE.exe
1252	PpDGFYA.exe
1648	whbsOQx.exe
2440	GLeZnUA.exe
2444	csDWjCH.exe
2520	CcdhIbU.exe
2208	SpkXaUA.exe
1564	EFGLVYq.exe
600	XQTWbNo.exe
1596	ERudzdA.exe
908	EQWUCjf.exe
872	dvdjrJp.exe
3060	uOiVUKB.exe
1508	ZwABUtb.exe
2172	KRpyaDt.exe
2304	sDqJAdA.exe
2588	fcXtALC.exe
2928	WwJVSyD.exe
2420	cvUIZkE.exe
3016	wxCZpQx.exe
1640	VwCWDQx.exe
2676	wBnPdLR.exe
2708	VnOjCXT.exe
2084	snhDVzC.exe
764	msCPQpz.exe
1360	CPUzAYP.exe
2980	FCoNMtA.exe
1836	nFBIjIa.exe
2120	FxLdOZV.exe

Loads dropped DLL 64 IoCs

pid	Process
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2556-0-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x000c000000012263-3.dat	upx
behavioral1/files/0x00060000000194e4-29.dat	upx
behavioral1/memory/3012-39-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x00060000000194da-40.dat	upx
behavioral1/memory/2568-65-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2780-71-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/3024-85-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2716-86-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/files/0x000500000001a4af-96.dat	upx
behavioral1/memory/2716-538-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/1500-899-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/1196-741-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2656-372-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2780-204-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x000500000001a4d4-193.dat	upx
behavioral1/files/0x000500000001a4d1-188.dat	upx
behavioral1/files/0x000500000001a4cf-183.dat	upx
behavioral1/files/0x000500000001a4cd-179.dat	upx
behavioral1/files/0x000500000001a4c9-169.dat	upx
behavioral1/files/0x000500000001a4cb-173.dat	upx
behavioral1/files/0x000500000001a4c7-163.dat	upx
behavioral1/files/0x000500000001a4c5-159.dat	upx
behavioral1/files/0x000500000001a4c3-153.dat	upx
behavioral1/files/0x000500000001a4c1-149.dat	upx
behavioral1/files/0x000500000001a4bf-143.dat	upx
behavioral1/files/0x000500000001a4bd-139.dat	upx
behavioral1/files/0x000500000001a4b9-129.dat	upx
behavioral1/files/0x000500000001a4bb-133.dat	upx
behavioral1/files/0x000500000001a4b7-123.dat	upx
behavioral1/files/0x000500000001a4b5-119.dat	upx
behavioral1/files/0x000500000001a4b3-113.dat	upx
behavioral1/files/0x000500000001a4b1-109.dat	upx
behavioral1/memory/1500-101-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/3044-100-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/1196-94-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/3068-93-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x0008000000019429-92.dat	upx
behavioral1/files/0x000500000001a4ad-84.dat	upx
behavioral1/memory/2656-77-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x000500000001a4ab-76.dat	upx
behavioral1/memory/2752-70-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/3056-69-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x000500000001a4a5-68.dat	upx
behavioral1/memory/3044-61-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x000500000001a495-60.dat	upx
behavioral1/memory/3068-55-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/3024-48-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/1900-47-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x00070000000194e6-46.dat	upx
behavioral1/files/0x0007000000019551-54.dat	upx
behavioral1/memory/1300-41-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2556-38-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2752-35-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/3056-33-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x000700000001949d-31.dat	upx
behavioral1/memory/2568-30-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/files/0x00060000000194d0-28.dat	upx
behavioral1/files/0x0007000000019490-27.dat	upx
behavioral1/memory/1900-10-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/3056-3504-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2752-3507-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/3068-3511-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2568-3523-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\LbJgTiB.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\loYHuwq.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pDtzGFO.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EffdoqI.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTnEoaW.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyuTuQU.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\epGmEtb.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UkXrlnO.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QwAfmym.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YvWDBcq.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LqXsFaf.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qcczUMa.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tlouMro.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EzPjnRq.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ATUrGte.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SjgdrSL.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZPiTqvH.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CtHkjEd.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nWJtyPM.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lsWmGnh.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTemNVR.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qKzJjfp.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUNkvjV.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RnUJJzD.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qWrGrSR.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXcNUng.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bjdYmvf.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nZJWWNl.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCKEjlh.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mgWFhzE.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wYSPZEm.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wnEbBfn.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mqLLsxl.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XuQblss.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LvgJrSO.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cQNmNmO.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UdaNGzF.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lOyWzDH.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lomBtwV.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\msWLyoU.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MEBZLGY.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TDLrgaP.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mgrQXlx.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xahiPBf.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JdjybQX.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nABaKHG.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RYoXItD.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CUomxtq.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBnpPLY.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SjWITej.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAMHyBJ.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DaOEJXb.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgEIbAX.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\knBPNBs.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GzhCaoQ.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bztlJRy.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhHQYpZ.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YwZRXGy.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qojQaFf.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WwJVSyD.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CdmMeVE.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oHBdkIt.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mtuRFms.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\swWRdgW.exe	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 1900	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2556 wrote to memory of 1900	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2556 wrote to memory of 1900	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2556 wrote to memory of 2568	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2556 wrote to memory of 2568	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2556 wrote to memory of 2568	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2556 wrote to memory of 3012	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2556 wrote to memory of 3012	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2556 wrote to memory of 3012	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2556 wrote to memory of 3056	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2556 wrote to memory of 3056	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2556 wrote to memory of 3056	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2556 wrote to memory of 1300	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2556 wrote to memory of 1300	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2556 wrote to memory of 1300	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2556 wrote to memory of 2752	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2556 wrote to memory of 2752	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2556 wrote to memory of 2752	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2556 wrote to memory of 3024	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2556 wrote to memory of 3024	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2556 wrote to memory of 3024	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2556 wrote to memory of 3068	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2556 wrote to memory of 3068	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2556 wrote to memory of 3068	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2556 wrote to memory of 3044	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2556 wrote to memory of 3044	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2556 wrote to memory of 3044	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2556 wrote to memory of 2780	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2556 wrote to memory of 2780	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2556 wrote to memory of 2780	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2556 wrote to memory of 2656	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2556 wrote to memory of 2656	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2556 wrote to memory of 2656	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2556 wrote to memory of 2716	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2556 wrote to memory of 2716	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2556 wrote to memory of 2716	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2556 wrote to memory of 1196	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2556 wrote to memory of 1196	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2556 wrote to memory of 1196	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2556 wrote to memory of 1500	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2556 wrote to memory of 1500	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2556 wrote to memory of 1500	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2556 wrote to memory of 2852	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2556 wrote to memory of 2852	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2556 wrote to memory of 2852	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2556 wrote to memory of 1620	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2556 wrote to memory of 1620	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2556 wrote to memory of 1620	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2556 wrote to memory of 2836	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2556 wrote to memory of 2836	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2556 wrote to memory of 2836	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2556 wrote to memory of 1916	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2556 wrote to memory of 1916	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2556 wrote to memory of 1916	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2556 wrote to memory of 1496	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2556 wrote to memory of 1496	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2556 wrote to memory of 1496	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2556 wrote to memory of 1396	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2556 wrote to memory of 1396	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2556 wrote to memory of 1396	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2556 wrote to memory of 3036	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2556 wrote to memory of 3036	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2556 wrote to memory of 3036	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2556 wrote to memory of 2956	2556	2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-19_304e36cac4c01e2d506ba92425c6714b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Windows\System\JLYdgmi.exe
  C:\Windows\System\JLYdgmi.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\GkRolcO.exe
  C:\Windows\System\GkRolcO.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\tcROlTY.exe
  C:\Windows\System\tcROlTY.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\jKOFJnu.exe
  C:\Windows\System\jKOFJnu.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\IsQSoUN.exe
  C:\Windows\System\IsQSoUN.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\ujEqpuf.exe
  C:\Windows\System\ujEqpuf.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\hDBxrOp.exe
  C:\Windows\System\hDBxrOp.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\LBOcDKw.exe
  C:\Windows\System\LBOcDKw.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\ctOsHvX.exe
  C:\Windows\System\ctOsHvX.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\nVRUPYX.exe
  C:\Windows\System\nVRUPYX.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\mkHKBgE.exe
  C:\Windows\System\mkHKBgE.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\qojQaFf.exe
  C:\Windows\System\qojQaFf.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\bcJwijs.exe
  C:\Windows\System\bcJwijs.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\TwTuSOZ.exe
  C:\Windows\System\TwTuSOZ.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\wxNXPFz.exe
  C:\Windows\System\wxNXPFz.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\ZvrlnAm.exe
  C:\Windows\System\ZvrlnAm.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\TnXoQFf.exe
  C:\Windows\System\TnXoQFf.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\kpjgewO.exe
  C:\Windows\System\kpjgewO.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\cHxQUzi.exe
  C:\Windows\System\cHxQUzi.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\beuFdQv.exe
  C:\Windows\System\beuFdQv.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\yFOwthD.exe
  C:\Windows\System\yFOwthD.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\fRJDDFf.exe
  C:\Windows\System\fRJDDFf.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\efiXgid.exe
  C:\Windows\System\efiXgid.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\UsYlHhA.exe
  C:\Windows\System\UsYlHhA.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\xOLGRBl.exe
  C:\Windows\System\xOLGRBl.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\edkrkjb.exe
  C:\Windows\System\edkrkjb.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\DtTmrgN.exe
  C:\Windows\System\DtTmrgN.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\BxUxpnP.exe
  C:\Windows\System\BxUxpnP.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\cVruzKW.exe
  C:\Windows\System\cVruzKW.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\GUpYrpC.exe
  C:\Windows\System\GUpYrpC.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\IwPkOaQ.exe
  C:\Windows\System\IwPkOaQ.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\YglIWdS.exe
  C:\Windows\System\YglIWdS.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\FhzXmdH.exe
  C:\Windows\System\FhzXmdH.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\QLsOlnn.exe
  C:\Windows\System\QLsOlnn.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\wukOktL.exe
  C:\Windows\System\wukOktL.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\goPQilE.exe
  C:\Windows\System\goPQilE.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\PpDGFYA.exe
  C:\Windows\System\PpDGFYA.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\whbsOQx.exe
  C:\Windows\System\whbsOQx.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\GLeZnUA.exe
  C:\Windows\System\GLeZnUA.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\csDWjCH.exe
  C:\Windows\System\csDWjCH.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\CcdhIbU.exe
  C:\Windows\System\CcdhIbU.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\SpkXaUA.exe
  C:\Windows\System\SpkXaUA.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\EFGLVYq.exe
  C:\Windows\System\EFGLVYq.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\XQTWbNo.exe
  C:\Windows\System\XQTWbNo.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\ERudzdA.exe
  C:\Windows\System\ERudzdA.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\EQWUCjf.exe
  C:\Windows\System\EQWUCjf.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\dvdjrJp.exe
  C:\Windows\System\dvdjrJp.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\uOiVUKB.exe
  C:\Windows\System\uOiVUKB.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\ZwABUtb.exe
  C:\Windows\System\ZwABUtb.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\KRpyaDt.exe
  C:\Windows\System\KRpyaDt.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\sDqJAdA.exe
  C:\Windows\System\sDqJAdA.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\fcXtALC.exe
  C:\Windows\System\fcXtALC.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\WwJVSyD.exe
  C:\Windows\System\WwJVSyD.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\cvUIZkE.exe
  C:\Windows\System\cvUIZkE.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\wxCZpQx.exe
  C:\Windows\System\wxCZpQx.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\VwCWDQx.exe
  C:\Windows\System\VwCWDQx.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\wBnPdLR.exe
  C:\Windows\System\wBnPdLR.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\VnOjCXT.exe
  C:\Windows\System\VnOjCXT.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\snhDVzC.exe
  C:\Windows\System\snhDVzC.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\msCPQpz.exe
  C:\Windows\System\msCPQpz.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\CPUzAYP.exe
  C:\Windows\System\CPUzAYP.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\FCoNMtA.exe
  C:\Windows\System\FCoNMtA.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\nFBIjIa.exe
  C:\Windows\System\nFBIjIa.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\FxLdOZV.exe
  C:\Windows\System\FxLdOZV.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\SjENEYw.exe
  C:\Windows\System\SjENEYw.exe
  2⤵
  PID:1692
- C:\Windows\System\QSngOvQ.exe
  C:\Windows\System\QSngOvQ.exe
  2⤵
  PID:2092
- C:\Windows\System\RDxDYCG.exe
  C:\Windows\System\RDxDYCG.exe
  2⤵
  PID:2628
- C:\Windows\System\ZkroWyq.exe
  C:\Windows\System\ZkroWyq.exe
  2⤵
  PID:820
- C:\Windows\System\AMGpiGm.exe
  C:\Windows\System\AMGpiGm.exe
  2⤵
  PID:2136
- C:\Windows\System\TXmqqib.exe
  C:\Windows\System\TXmqqib.exe
  2⤵
  PID:1904
- C:\Windows\System\aAlXJxr.exe
  C:\Windows\System\aAlXJxr.exe
  2⤵
  PID:748
- C:\Windows\System\VcMilTn.exe
  C:\Windows\System\VcMilTn.exe
  2⤵
  PID:2160
- C:\Windows\System\LHrDJgM.exe
  C:\Windows\System\LHrDJgM.exe
  2⤵
  PID:1476
- C:\Windows\System\xSJBktF.exe
  C:\Windows\System\xSJBktF.exe
  2⤵
  PID:1996
- C:\Windows\System\UEmUUTG.exe
  C:\Windows\System\UEmUUTG.exe
  2⤵
  PID:2080
- C:\Windows\System\WJAAJQN.exe
  C:\Windows\System\WJAAJQN.exe
  2⤵
  PID:2464
- C:\Windows\System\gxUDovn.exe
  C:\Windows\System\gxUDovn.exe
  2⤵
  PID:2320
- C:\Windows\System\HRlHVYP.exe
  C:\Windows\System\HRlHVYP.exe
  2⤵
  PID:880
- C:\Windows\System\kKJqcwB.exe
  C:\Windows\System\kKJqcwB.exe
  2⤵
  PID:2408
- C:\Windows\System\zZKjnmU.exe
  C:\Windows\System\zZKjnmU.exe
  2⤵
  PID:1520
- C:\Windows\System\BnSFYsX.exe
  C:\Windows\System\BnSFYsX.exe
  2⤵
  PID:2308
- C:\Windows\System\VbKjVtc.exe
  C:\Windows\System\VbKjVtc.exe
  2⤵
  PID:788
- C:\Windows\System\NkqJveD.exe
  C:\Windows\System\NkqJveD.exe
  2⤵
  PID:2164
- C:\Windows\System\xrBczto.exe
  C:\Windows\System\xrBczto.exe
  2⤵
  PID:1812
- C:\Windows\System\FNdMVoP.exe
  C:\Windows\System\FNdMVoP.exe
  2⤵
  PID:1772
- C:\Windows\System\GGHEAJc.exe
  C:\Windows\System\GGHEAJc.exe
  2⤵
  PID:1492
- C:\Windows\System\UqWEeCS.exe
  C:\Windows\System\UqWEeCS.exe
  2⤵
  PID:1176
- C:\Windows\System\uUYVPzQ.exe
  C:\Windows\System\uUYVPzQ.exe
  2⤵
  PID:3048
- C:\Windows\System\DFoknYZ.exe
  C:\Windows\System\DFoknYZ.exe
  2⤵
  PID:2992
- C:\Windows\System\VkzLtOS.exe
  C:\Windows\System\VkzLtOS.exe
  2⤵
  PID:840
- C:\Windows\System\dFVrpcw.exe
  C:\Windows\System\dFVrpcw.exe
  2⤵
  PID:1776
- C:\Windows\System\ELnrLwR.exe
  C:\Windows\System\ELnrLwR.exe
  2⤵
  PID:768
- C:\Windows\System\xulzXIR.exe
  C:\Windows\System\xulzXIR.exe
  2⤵
  PID:524
- C:\Windows\System\XpgwvwW.exe
  C:\Windows\System\XpgwvwW.exe
  2⤵
  PID:2384
- C:\Windows\System\eFmJLGJ.exe
  C:\Windows\System\eFmJLGJ.exe
  2⤵
  PID:1764
- C:\Windows\System\kJVCLAj.exe
  C:\Windows\System\kJVCLAj.exe
  2⤵
  PID:2168
- C:\Windows\System\vMjskPr.exe
  C:\Windows\System\vMjskPr.exe
  2⤵
  PID:1528
- C:\Windows\System\msXQMjg.exe
  C:\Windows\System\msXQMjg.exe
  2⤵
  PID:2728
- C:\Windows\System\lErNJAt.exe
  C:\Windows\System\lErNJAt.exe
  2⤵
  PID:2788
- C:\Windows\System\rYBJECa.exe
  C:\Windows\System\rYBJECa.exe
  2⤵
  PID:2904
- C:\Windows\System\nzBJsce.exe
  C:\Windows\System\nzBJsce.exe
  2⤵
  PID:2820
- C:\Windows\System\LEWkyHH.exe
  C:\Windows\System\LEWkyHH.exe
  2⤵
  PID:2632
- C:\Windows\System\BwFyYwx.exe
  C:\Windows\System\BwFyYwx.exe
  2⤵
  PID:2988
- C:\Windows\System\DKkpXrt.exe
  C:\Windows\System\DKkpXrt.exe
  2⤵
  PID:1756
- C:\Windows\System\kVhjBqp.exe
  C:\Windows\System\kVhjBqp.exe
  2⤵
  PID:1464
- C:\Windows\System\twZslnS.exe
  C:\Windows\System\twZslnS.exe
  2⤵
  PID:2044
- C:\Windows\System\ZtRFkgR.exe
  C:\Windows\System\ZtRFkgR.exe
  2⤵
  PID:864
- C:\Windows\System\JEoSwWm.exe
  C:\Windows\System\JEoSwWm.exe
  2⤵
  PID:3084
- C:\Windows\System\qMMSviu.exe
  C:\Windows\System\qMMSviu.exe
  2⤵
  PID:3104
- C:\Windows\System\apIQoel.exe
  C:\Windows\System\apIQoel.exe
  2⤵
  PID:3124
- C:\Windows\System\WuecqEt.exe
  C:\Windows\System\WuecqEt.exe
  2⤵
  PID:3144
- C:\Windows\System\nRRqQOL.exe
  C:\Windows\System\nRRqQOL.exe
  2⤵
  PID:3160
- C:\Windows\System\YnEQlQd.exe
  C:\Windows\System\YnEQlQd.exe
  2⤵
  PID:3184
- C:\Windows\System\VnHzcgy.exe
  C:\Windows\System\VnHzcgy.exe
  2⤵
  PID:3200
- C:\Windows\System\cXtkhIE.exe
  C:\Windows\System\cXtkhIE.exe
  2⤵
  PID:3228
- C:\Windows\System\NbqJgMM.exe
  C:\Windows\System\NbqJgMM.exe
  2⤵
  PID:3244
- C:\Windows\System\hKgZurU.exe
  C:\Windows\System\hKgZurU.exe
  2⤵
  PID:3264
- C:\Windows\System\LmLCUso.exe
  C:\Windows\System\LmLCUso.exe
  2⤵
  PID:3288
- C:\Windows\System\FfasbdO.exe
  C:\Windows\System\FfasbdO.exe
  2⤵
  PID:3308
- C:\Windows\System\ZXsEhLI.exe
  C:\Windows\System\ZXsEhLI.exe
  2⤵
  PID:3332
- C:\Windows\System\YXbMvHx.exe
  C:\Windows\System\YXbMvHx.exe
  2⤵
  PID:3352
- C:\Windows\System\grleYUP.exe
  C:\Windows\System\grleYUP.exe
  2⤵
  PID:3372
- C:\Windows\System\OlbsEej.exe
  C:\Windows\System\OlbsEej.exe
  2⤵
  PID:3392
- C:\Windows\System\PGHdbPt.exe
  C:\Windows\System\PGHdbPt.exe
  2⤵
  PID:3412
- C:\Windows\System\IXUOrKB.exe
  C:\Windows\System\IXUOrKB.exe
  2⤵
  PID:3432
- C:\Windows\System\BTiAvaA.exe
  C:\Windows\System\BTiAvaA.exe
  2⤵
  PID:3452
- C:\Windows\System\Scteezk.exe
  C:\Windows\System\Scteezk.exe
  2⤵
  PID:3472
- C:\Windows\System\RnzfgKP.exe
  C:\Windows\System\RnzfgKP.exe
  2⤵
  PID:3492
- C:\Windows\System\kkqHHte.exe
  C:\Windows\System\kkqHHte.exe
  2⤵
  PID:3512
- C:\Windows\System\oLNdYHX.exe
  C:\Windows\System\oLNdYHX.exe
  2⤵
  PID:3532
- C:\Windows\System\MIaLXWr.exe
  C:\Windows\System\MIaLXWr.exe
  2⤵
  PID:3552
- C:\Windows\System\VrdGCrb.exe
  C:\Windows\System\VrdGCrb.exe
  2⤵
  PID:3572
- C:\Windows\System\oQMYyeQ.exe
  C:\Windows\System\oQMYyeQ.exe
  2⤵
  PID:3592
- C:\Windows\System\ewOuvcT.exe
  C:\Windows\System\ewOuvcT.exe
  2⤵
  PID:3612
- C:\Windows\System\vbTvtNE.exe
  C:\Windows\System\vbTvtNE.exe
  2⤵
  PID:3632
- C:\Windows\System\TeXQzVd.exe
  C:\Windows\System\TeXQzVd.exe
  2⤵
  PID:3652
- C:\Windows\System\PMypqgJ.exe
  C:\Windows\System\PMypqgJ.exe
  2⤵
  PID:3672
- C:\Windows\System\LCaxzqA.exe
  C:\Windows\System\LCaxzqA.exe
  2⤵
  PID:3692
- C:\Windows\System\QqtVslq.exe
  C:\Windows\System\QqtVslq.exe
  2⤵
  PID:3712
- C:\Windows\System\kiAmWGo.exe
  C:\Windows\System\kiAmWGo.exe
  2⤵
  PID:3732
- C:\Windows\System\AogOYQp.exe
  C:\Windows\System\AogOYQp.exe
  2⤵
  PID:3752
- C:\Windows\System\HFGvKZw.exe
  C:\Windows\System\HFGvKZw.exe
  2⤵
  PID:3772
- C:\Windows\System\CbfQQGw.exe
  C:\Windows\System\CbfQQGw.exe
  2⤵
  PID:3792
- C:\Windows\System\TRlMsUD.exe
  C:\Windows\System\TRlMsUD.exe
  2⤵
  PID:3812
- C:\Windows\System\wgzdjVP.exe
  C:\Windows\System\wgzdjVP.exe
  2⤵
  PID:3832
- C:\Windows\System\ldqBFCl.exe
  C:\Windows\System\ldqBFCl.exe
  2⤵
  PID:3856
- C:\Windows\System\GcKdzdW.exe
  C:\Windows\System\GcKdzdW.exe
  2⤵
  PID:3876
- C:\Windows\System\MQhYhpM.exe
  C:\Windows\System\MQhYhpM.exe
  2⤵
  PID:3896
- C:\Windows\System\QkdsSgt.exe
  C:\Windows\System\QkdsSgt.exe
  2⤵
  PID:3916
- C:\Windows\System\KnDClUy.exe
  C:\Windows\System\KnDClUy.exe
  2⤵
  PID:3936
- C:\Windows\System\ABpagZf.exe
  C:\Windows\System\ABpagZf.exe
  2⤵
  PID:3956
- C:\Windows\System\nOlwQab.exe
  C:\Windows\System\nOlwQab.exe
  2⤵
  PID:3972
- C:\Windows\System\JoQAZmR.exe
  C:\Windows\System\JoQAZmR.exe
  2⤵
  PID:3996
- C:\Windows\System\UNrqbOT.exe
  C:\Windows\System\UNrqbOT.exe
  2⤵
  PID:4016
- C:\Windows\System\GlzvZJC.exe
  C:\Windows\System\GlzvZJC.exe
  2⤵
  PID:4036
- C:\Windows\System\HmXkyvb.exe
  C:\Windows\System\HmXkyvb.exe
  2⤵
  PID:4056
- C:\Windows\System\YSrIlGb.exe
  C:\Windows\System\YSrIlGb.exe
  2⤵
  PID:4076
- C:\Windows\System\OcmuxPv.exe
  C:\Windows\System\OcmuxPv.exe
  2⤵
  PID:4092
- C:\Windows\System\lKXMPgF.exe
  C:\Windows\System\lKXMPgF.exe
  2⤵
  PID:1524
- C:\Windows\System\fJNIJnl.exe
  C:\Windows\System\fJNIJnl.exe
  2⤵
  PID:2640
- C:\Windows\System\tHCfdPf.exe
  C:\Windows\System\tHCfdPf.exe
  2⤵
  PID:1368
- C:\Windows\System\UkXrlnO.exe
  C:\Windows\System\UkXrlnO.exe
  2⤵
  PID:1872
- C:\Windows\System\aoWLfQd.exe
  C:\Windows\System\aoWLfQd.exe
  2⤵
  PID:1736
- C:\Windows\System\jhtjOnY.exe
  C:\Windows\System\jhtjOnY.exe
  2⤵
  PID:1044
- C:\Windows\System\XPYckKJ.exe
  C:\Windows\System\XPYckKJ.exe
  2⤵
  PID:3080
- C:\Windows\System\WvEWYpw.exe
  C:\Windows\System\WvEWYpw.exe
  2⤵
  PID:3112
- C:\Windows\System\lvyBUWb.exe
  C:\Windows\System\lvyBUWb.exe
  2⤵
  PID:3168
- C:\Windows\System\mrBBgpq.exe
  C:\Windows\System\mrBBgpq.exe
  2⤵
  PID:3152
- C:\Windows\System\HwPbuLm.exe
  C:\Windows\System\HwPbuLm.exe
  2⤵
  PID:3192
- C:\Windows\System\GtVMASb.exe
  C:\Windows\System\GtVMASb.exe
  2⤵
  PID:3236
- C:\Windows\System\NcsKZJK.exe
  C:\Windows\System\NcsKZJK.exe
  2⤵
  PID:3284
- C:\Windows\System\RqeDthF.exe
  C:\Windows\System\RqeDthF.exe
  2⤵
  PID:3340
- C:\Windows\System\kKKrJLu.exe
  C:\Windows\System\kKKrJLu.exe
  2⤵
  PID:3380
- C:\Windows\System\RCgutwW.exe
  C:\Windows\System\RCgutwW.exe
  2⤵
  PID:3364
- C:\Windows\System\BVIecpK.exe
  C:\Windows\System\BVIecpK.exe
  2⤵
  PID:3424
- C:\Windows\System\XSwPKsX.exe
  C:\Windows\System\XSwPKsX.exe
  2⤵
  PID:3444
- C:\Windows\System\PfLIqkj.exe
  C:\Windows\System\PfLIqkj.exe
  2⤵
  PID:3480
- C:\Windows\System\WgsjKqR.exe
  C:\Windows\System\WgsjKqR.exe
  2⤵
  PID:3528
- C:\Windows\System\iqXaQje.exe
  C:\Windows\System\iqXaQje.exe
  2⤵
  PID:3588
- C:\Windows\System\hGoSPDn.exe
  C:\Windows\System\hGoSPDn.exe
  2⤵
  PID:3564
- C:\Windows\System\TmkIIxj.exe
  C:\Windows\System\TmkIIxj.exe
  2⤵
  PID:3604
- C:\Windows\System\AKfZHro.exe
  C:\Windows\System\AKfZHro.exe
  2⤵
  PID:3668
- C:\Windows\System\sbEiUZP.exe
  C:\Windows\System\sbEiUZP.exe
  2⤵
  PID:3684
- C:\Windows\System\LwLZcGF.exe
  C:\Windows\System\LwLZcGF.exe
  2⤵
  PID:3744
- C:\Windows\System\hCiClqR.exe
  C:\Windows\System\hCiClqR.exe
  2⤵
  PID:3780
- C:\Windows\System\ymZtGaB.exe
  C:\Windows\System\ymZtGaB.exe
  2⤵
  PID:3764
- C:\Windows\System\quxsMti.exe
  C:\Windows\System\quxsMti.exe
  2⤵
  PID:3824
- C:\Windows\System\JRmUwgm.exe
  C:\Windows\System\JRmUwgm.exe
  2⤵
  PID:3864
- C:\Windows\System\RmERvYa.exe
  C:\Windows\System\RmERvYa.exe
  2⤵
  PID:3904
- C:\Windows\System\qaSkdGl.exe
  C:\Windows\System\qaSkdGl.exe
  2⤵
  PID:3892
- C:\Windows\System\pfsqPRr.exe
  C:\Windows\System\pfsqPRr.exe
  2⤵
  PID:3932
- C:\Windows\System\IdvMnPL.exe
  C:\Windows\System\IdvMnPL.exe
  2⤵
  PID:3964
- C:\Windows\System\fdJitQs.exe
  C:\Windows\System\fdJitQs.exe
  2⤵
  PID:4012
- C:\Windows\System\DuKxHIF.exe
  C:\Windows\System\DuKxHIF.exe
  2⤵
  PID:4068
- C:\Windows\System\uQbzQre.exe
  C:\Windows\System\uQbzQre.exe
  2⤵
  PID:996
- C:\Windows\System\ljOopKT.exe
  C:\Windows\System\ljOopKT.exe
  2⤵
  PID:2744
- C:\Windows\System\PmLDXKh.exe
  C:\Windows\System\PmLDXKh.exe
  2⤵
  PID:1864
- C:\Windows\System\uGUxkVf.exe
  C:\Windows\System\uGUxkVf.exe
  2⤵
  PID:1820
- C:\Windows\System\aNzVRtG.exe
  C:\Windows\System\aNzVRtG.exe
  2⤵
  PID:300
- C:\Windows\System\rKipzIR.exe
  C:\Windows\System\rKipzIR.exe
  2⤵
  PID:3096
- C:\Windows\System\sTIPGmu.exe
  C:\Windows\System\sTIPGmu.exe
  2⤵
  PID:3172
- C:\Windows\System\ksuhXAK.exe
  C:\Windows\System\ksuhXAK.exe
  2⤵
  PID:3276
- C:\Windows\System\LqgnxFV.exe
  C:\Windows\System\LqgnxFV.exe
  2⤵
  PID:3348
- C:\Windows\System\igGSmSO.exe
  C:\Windows\System\igGSmSO.exe
  2⤵
  PID:3420
- C:\Windows\System\vtQBIac.exe
  C:\Windows\System\vtQBIac.exe
  2⤵
  PID:3360
- C:\Windows\System\MrdMDQq.exe
  C:\Windows\System\MrdMDQq.exe
  2⤵
  PID:3448
- C:\Windows\System\FkCvwzf.exe
  C:\Windows\System\FkCvwzf.exe
  2⤵
  PID:3548
- C:\Windows\System\PsUECYE.exe
  C:\Windows\System\PsUECYE.exe
  2⤵
  PID:3520
- C:\Windows\System\oyixthD.exe
  C:\Windows\System\oyixthD.exe
  2⤵
  PID:3680
- C:\Windows\System\QlGITPX.exe
  C:\Windows\System\QlGITPX.exe
  2⤵
  PID:3760
- C:\Windows\System\ieHVAwg.exe
  C:\Windows\System\ieHVAwg.exe
  2⤵
  PID:3748
- C:\Windows\System\wxneujh.exe
  C:\Windows\System\wxneujh.exe
  2⤵
  PID:3784
- C:\Windows\System\ydtrggl.exe
  C:\Windows\System\ydtrggl.exe
  2⤵
  PID:3840
- C:\Windows\System\oZNmtSA.exe
  C:\Windows\System\oZNmtSA.exe
  2⤵
  PID:3884
- C:\Windows\System\ZpOCgyo.exe
  C:\Windows\System\ZpOCgyo.exe
  2⤵
  PID:3988
- C:\Windows\System\jDeLemn.exe
  C:\Windows\System\jDeLemn.exe
  2⤵
  PID:3992
- C:\Windows\System\NfxFmCN.exe
  C:\Windows\System\NfxFmCN.exe
  2⤵
  PID:4072
- C:\Windows\System\mlCRyua.exe
  C:\Windows\System\mlCRyua.exe
  2⤵
  PID:2388
- C:\Windows\System\SPJTVGC.exe
  C:\Windows\System\SPJTVGC.exe
  2⤵
  PID:2096
- C:\Windows\System\QBxyzdw.exe
  C:\Windows\System\QBxyzdw.exe
  2⤵
  PID:3136
- C:\Windows\System\HQwZTxX.exe
  C:\Windows\System\HQwZTxX.exe
  2⤵
  PID:3304
- C:\Windows\System\xqdFHLQ.exe
  C:\Windows\System\xqdFHLQ.exe
  2⤵
  PID:3240
- C:\Windows\System\eUyoaVu.exe
  C:\Windows\System\eUyoaVu.exe
  2⤵
  PID:3300
- C:\Windows\System\CXRFxGu.exe
  C:\Windows\System\CXRFxGu.exe
  2⤵
  PID:3580
- C:\Windows\System\dLHzBKj.exe
  C:\Windows\System\dLHzBKj.exe
  2⤵
  PID:3704
- C:\Windows\System\ZnfxWEz.exe
  C:\Windows\System\ZnfxWEz.exe
  2⤵
  PID:3608
- C:\Windows\System\yzNkKxH.exe
  C:\Windows\System\yzNkKxH.exe
  2⤵
  PID:3844
- C:\Windows\System\ojHKfWr.exe
  C:\Windows\System\ojHKfWr.exe
  2⤵
  PID:3868
- C:\Windows\System\driGeoH.exe
  C:\Windows\System\driGeoH.exe
  2⤵
  PID:3980
- C:\Windows\System\zbXZqlG.exe
  C:\Windows\System\zbXZqlG.exe
  2⤵
  PID:2624
- C:\Windows\System\CWOVfDV.exe
  C:\Windows\System\CWOVfDV.exe
  2⤵
  PID:3256
- C:\Windows\System\omRMqoR.exe
  C:\Windows\System\omRMqoR.exe
  2⤵
  PID:3120
- C:\Windows\System\TugNVnb.exe
  C:\Windows\System\TugNVnb.exe
  2⤵
  PID:3320
- C:\Windows\System\TsGnEyu.exe
  C:\Windows\System\TsGnEyu.exe
  2⤵
  PID:4112
- C:\Windows\System\runDqvC.exe
  C:\Windows\System\runDqvC.exe
  2⤵
  PID:4132
- C:\Windows\System\TUnBhus.exe
  C:\Windows\System\TUnBhus.exe
  2⤵
  PID:4148
- C:\Windows\System\szcoodd.exe
  C:\Windows\System\szcoodd.exe
  2⤵
  PID:4172
- C:\Windows\System\RoNCFVA.exe
  C:\Windows\System\RoNCFVA.exe
  2⤵
  PID:4188
- C:\Windows\System\opluBVH.exe
  C:\Windows\System\opluBVH.exe
  2⤵
  PID:4212
- C:\Windows\System\OKbfgxa.exe
  C:\Windows\System\OKbfgxa.exe
  2⤵
  PID:4232
- C:\Windows\System\IbnFZAp.exe
  C:\Windows\System\IbnFZAp.exe
  2⤵
  PID:4252
- C:\Windows\System\PjGzaAi.exe
  C:\Windows\System\PjGzaAi.exe
  2⤵
  PID:4272
- C:\Windows\System\gsqzzPD.exe
  C:\Windows\System\gsqzzPD.exe
  2⤵
  PID:4296
- C:\Windows\System\NGrFycB.exe
  C:\Windows\System\NGrFycB.exe
  2⤵
  PID:4316
- C:\Windows\System\MVvYqUk.exe
  C:\Windows\System\MVvYqUk.exe
  2⤵
  PID:4336
- C:\Windows\System\yumaoss.exe
  C:\Windows\System\yumaoss.exe
  2⤵
  PID:4356
- C:\Windows\System\zboIAXI.exe
  C:\Windows\System\zboIAXI.exe
  2⤵
  PID:4380
- C:\Windows\System\pFumlGt.exe
  C:\Windows\System\pFumlGt.exe
  2⤵
  PID:4396
- C:\Windows\System\XqvmlMd.exe
  C:\Windows\System\XqvmlMd.exe
  2⤵
  PID:4420
- C:\Windows\System\PvAoCEm.exe
  C:\Windows\System\PvAoCEm.exe
  2⤵
  PID:4440
- C:\Windows\System\ulrAkNb.exe
  C:\Windows\System\ulrAkNb.exe
  2⤵
  PID:4460
- C:\Windows\System\lEgJtPM.exe
  C:\Windows\System\lEgJtPM.exe
  2⤵
  PID:4476
- C:\Windows\System\KYMTMsF.exe
  C:\Windows\System\KYMTMsF.exe
  2⤵
  PID:4496
- C:\Windows\System\MFxiqgS.exe
  C:\Windows\System\MFxiqgS.exe
  2⤵
  PID:4520
- C:\Windows\System\mjYjYmy.exe
  C:\Windows\System\mjYjYmy.exe
  2⤵
  PID:4540
- C:\Windows\System\GIbSnlF.exe
  C:\Windows\System\GIbSnlF.exe
  2⤵
  PID:4560
- C:\Windows\System\zYPbnGn.exe
  C:\Windows\System\zYPbnGn.exe
  2⤵
  PID:4580
- C:\Windows\System\eIgFDdh.exe
  C:\Windows\System\eIgFDdh.exe
  2⤵
  PID:4596
- C:\Windows\System\QeAbuIb.exe
  C:\Windows\System\QeAbuIb.exe
  2⤵
  PID:4620
- C:\Windows\System\ffhBXpA.exe
  C:\Windows\System\ffhBXpA.exe
  2⤵
  PID:4640
- C:\Windows\System\xOOtBiA.exe
  C:\Windows\System\xOOtBiA.exe
  2⤵
  PID:4660
- C:\Windows\System\zwpZDBX.exe
  C:\Windows\System\zwpZDBX.exe
  2⤵
  PID:4680
- C:\Windows\System\iJekwzg.exe
  C:\Windows\System\iJekwzg.exe
  2⤵
  PID:4700
- C:\Windows\System\itIeIrb.exe
  C:\Windows\System\itIeIrb.exe
  2⤵
  PID:4720
- C:\Windows\System\zmvIhAD.exe
  C:\Windows\System\zmvIhAD.exe
  2⤵
  PID:4744
- C:\Windows\System\xdHgQeq.exe
  C:\Windows\System\xdHgQeq.exe
  2⤵
  PID:4764
- C:\Windows\System\KtrzftV.exe
  C:\Windows\System\KtrzftV.exe
  2⤵
  PID:4788
- C:\Windows\System\uSCoCZJ.exe
  C:\Windows\System\uSCoCZJ.exe
  2⤵
  PID:4808
- C:\Windows\System\ZZwMNJJ.exe
  C:\Windows\System\ZZwMNJJ.exe
  2⤵
  PID:4828
- C:\Windows\System\yxaCLKs.exe
  C:\Windows\System\yxaCLKs.exe
  2⤵
  PID:4848
- C:\Windows\System\xOAIOmK.exe
  C:\Windows\System\xOAIOmK.exe
  2⤵
  PID:4868
- C:\Windows\System\NtToxgw.exe
  C:\Windows\System\NtToxgw.exe
  2⤵
  PID:4888
- C:\Windows\System\OAIcikP.exe
  C:\Windows\System\OAIcikP.exe
  2⤵
  PID:4908
- C:\Windows\System\vbCpxeD.exe
  C:\Windows\System\vbCpxeD.exe
  2⤵
  PID:4924
- C:\Windows\System\FQYceBH.exe
  C:\Windows\System\FQYceBH.exe
  2⤵
  PID:4948
- C:\Windows\System\lcAenYB.exe
  C:\Windows\System\lcAenYB.exe
  2⤵
  PID:4968
- C:\Windows\System\SygWjJw.exe
  C:\Windows\System\SygWjJw.exe
  2⤵
  PID:4988
- C:\Windows\System\CQdwofu.exe
  C:\Windows\System\CQdwofu.exe
  2⤵
  PID:5008
- C:\Windows\System\nmJscWd.exe
  C:\Windows\System\nmJscWd.exe
  2⤵
  PID:5028
- C:\Windows\System\GejalGC.exe
  C:\Windows\System\GejalGC.exe
  2⤵
  PID:5048
- C:\Windows\System\JsFYydl.exe
  C:\Windows\System\JsFYydl.exe
  2⤵
  PID:5068
- C:\Windows\System\DsGrCCI.exe
  C:\Windows\System\DsGrCCI.exe
  2⤵
  PID:5084
- C:\Windows\System\GADbGcc.exe
  C:\Windows\System\GADbGcc.exe
  2⤵
  PID:5108
- C:\Windows\System\ycayfmK.exe
  C:\Windows\System\ycayfmK.exe
  2⤵
  PID:3624
- C:\Windows\System\JtzpHlE.exe
  C:\Windows\System\JtzpHlE.exe
  2⤵
  PID:3728
- C:\Windows\System\aaymDvs.exe
  C:\Windows\System\aaymDvs.exe
  2⤵
  PID:4028
- C:\Windows\System\XWcfURT.exe
  C:\Windows\System\XWcfURT.exe
  2⤵
  PID:3808
- C:\Windows\System\vsdityx.exe
  C:\Windows\System\vsdityx.exe
  2⤵
  PID:2052
- C:\Windows\System\tUWVoLj.exe
  C:\Windows\System\tUWVoLj.exe
  2⤵
  PID:1700
- C:\Windows\System\FMHOxOe.exe
  C:\Windows\System\FMHOxOe.exe
  2⤵
  PID:2396
- C:\Windows\System\oFMKPrT.exe
  C:\Windows\System\oFMKPrT.exe
  2⤵
  PID:4124
- C:\Windows\System\yGvbDHS.exe
  C:\Windows\System\yGvbDHS.exe
  2⤵
  PID:4168
- C:\Windows\System\vIhYQnv.exe
  C:\Windows\System\vIhYQnv.exe
  2⤵
  PID:4204
- C:\Windows\System\sMRiPRt.exe
  C:\Windows\System\sMRiPRt.exe
  2⤵
  PID:4240
- C:\Windows\System\AuHDqmb.exe
  C:\Windows\System\AuHDqmb.exe
  2⤵
  PID:4280
- C:\Windows\System\ZBWLtcS.exe
  C:\Windows\System\ZBWLtcS.exe
  2⤵
  PID:4292
- C:\Windows\System\UCeQclo.exe
  C:\Windows\System\UCeQclo.exe
  2⤵
  PID:4312
- C:\Windows\System\mzqjCjj.exe
  C:\Windows\System\mzqjCjj.exe
  2⤵
  PID:4344
- C:\Windows\System\xbDIZxn.exe
  C:\Windows\System\xbDIZxn.exe
  2⤵
  PID:4404
- C:\Windows\System\NLPxAiX.exe
  C:\Windows\System\NLPxAiX.exe
  2⤵
  PID:4428
- C:\Windows\System\gPOMgMp.exe
  C:\Windows\System\gPOMgMp.exe
  2⤵
  PID:4436
- C:\Windows\System\WnijtYu.exe
  C:\Windows\System\WnijtYu.exe
  2⤵
  PID:4504
- C:\Windows\System\hNcoxQX.exe
  C:\Windows\System\hNcoxQX.exe
  2⤵
  PID:4536
- C:\Windows\System\AhKTULr.exe
  C:\Windows\System\AhKTULr.exe
  2⤵
  PID:4556
- C:\Windows\System\efRFIeE.exe
  C:\Windows\System\efRFIeE.exe
  2⤵
  PID:4608
- C:\Windows\System\vVwOHOu.exe
  C:\Windows\System\vVwOHOu.exe
  2⤵
  PID:4616
- C:\Windows\System\YNBhMAh.exe
  C:\Windows\System\YNBhMAh.exe
  2⤵
  PID:4656
- C:\Windows\System\zvJiMlw.exe
  C:\Windows\System\zvJiMlw.exe
  2⤵
  PID:4672
- C:\Windows\System\ErTzaPU.exe
  C:\Windows\System\ErTzaPU.exe
  2⤵
  PID:2920
- C:\Windows\System\ZTHQVnA.exe
  C:\Windows\System\ZTHQVnA.exe
  2⤵
  PID:4716
- C:\Windows\System\IkidvoV.exe
  C:\Windows\System\IkidvoV.exe
  2⤵
  PID:4752
- C:\Windows\System\yAxLGLS.exe
  C:\Windows\System\yAxLGLS.exe
  2⤵
  PID:4756
- C:\Windows\System\DXGUcEp.exe
  C:\Windows\System\DXGUcEp.exe
  2⤵
  PID:4820
- C:\Windows\System\krgWfjI.exe
  C:\Windows\System\krgWfjI.exe
  2⤵
  PID:4844
- C:\Windows\System\pDtzGFO.exe
  C:\Windows\System\pDtzGFO.exe
  2⤵
  PID:4896
- C:\Windows\System\JMoUJZS.exe
  C:\Windows\System\JMoUJZS.exe
  2⤵
  PID:4932
- C:\Windows\System\FQgxKMe.exe
  C:\Windows\System\FQgxKMe.exe
  2⤵
  PID:4920
- C:\Windows\System\TYSaGlz.exe
  C:\Windows\System\TYSaGlz.exe
  2⤵
  PID:4976
- C:\Windows\System\YUSeghl.exe
  C:\Windows\System\YUSeghl.exe
  2⤵
  PID:2292
- C:\Windows\System\TzPnYnt.exe
  C:\Windows\System\TzPnYnt.exe
  2⤵
  PID:5020
- C:\Windows\System\MPjycft.exe
  C:\Windows\System\MPjycft.exe
  2⤵
  PID:5044
- C:\Windows\System\ggqMsXL.exe
  C:\Windows\System\ggqMsXL.exe
  2⤵
  PID:5104
- C:\Windows\System\cQNmNmO.exe
  C:\Windows\System\cQNmNmO.exe
  2⤵
  PID:5116
- C:\Windows\System\SYzPhmg.exe
  C:\Windows\System\SYzPhmg.exe
  2⤵
  PID:3484
- C:\Windows\System\WVZTQLl.exe
  C:\Windows\System\WVZTQLl.exe
  2⤵
  PID:1512
- C:\Windows\System\BDLLdUH.exe
  C:\Windows\System\BDLLdUH.exe
  2⤵
  PID:4044
- C:\Windows\System\epCdhUS.exe
  C:\Windows\System\epCdhUS.exe
  2⤵
  PID:4104
- C:\Windows\System\hmXmWDz.exe
  C:\Windows\System\hmXmWDz.exe
  2⤵
  PID:4200
- C:\Windows\System\eOcOfHk.exe
  C:\Windows\System\eOcOfHk.exe
  2⤵
  PID:4244
- C:\Windows\System\IVQbKNY.exe
  C:\Windows\System\IVQbKNY.exe
  2⤵
  PID:4268
- C:\Windows\System\jnaYzVI.exe
  C:\Windows\System\jnaYzVI.exe
  2⤵
  PID:4264
- C:\Windows\System\XaUmYyI.exe
  C:\Windows\System\XaUmYyI.exe
  2⤵
  PID:4412
- C:\Windows\System\GEoGwsd.exe
  C:\Windows\System\GEoGwsd.exe
  2⤵
  PID:4416
- C:\Windows\System\ycleCyS.exe
  C:\Windows\System\ycleCyS.exe
  2⤵
  PID:4484
- C:\Windows\System\jJwmokE.exe
  C:\Windows\System\jJwmokE.exe
  2⤵
  PID:4568
- C:\Windows\System\vdjYNES.exe
  C:\Windows\System\vdjYNES.exe
  2⤵
  PID:4532
- C:\Windows\System\wsPgTtg.exe
  C:\Windows\System\wsPgTtg.exe
  2⤵
  PID:4612
- C:\Windows\System\EcyHIxC.exe
  C:\Windows\System\EcyHIxC.exe
  2⤵
  PID:4668
- C:\Windows\System\wXhYlaZ.exe
  C:\Windows\System\wXhYlaZ.exe
  2⤵
  PID:4732
- C:\Windows\System\PfbEmbe.exe
  C:\Windows\System\PfbEmbe.exe
  2⤵
  PID:4824
- C:\Windows\System\WZkRIio.exe
  C:\Windows\System\WZkRIio.exe
  2⤵
  PID:4860
- C:\Windows\System\tHDDCWd.exe
  C:\Windows\System\tHDDCWd.exe
  2⤵
  PID:4940
- C:\Windows\System\aviLuMC.exe
  C:\Windows\System\aviLuMC.exe
  2⤵
  PID:4944
- C:\Windows\System\pAERFra.exe
  C:\Windows\System\pAERFra.exe
  2⤵
  PID:3008
- C:\Windows\System\LcngpGN.exe
  C:\Windows\System\LcngpGN.exe
  2⤵
  PID:5016
- C:\Windows\System\vxqlcUP.exe
  C:\Windows\System\vxqlcUP.exe
  2⤵
  PID:2812
- C:\Windows\System\grSOFDw.exe
  C:\Windows\System\grSOFDw.exe
  2⤵
  PID:3220
- C:\Windows\System\ZwdvSVk.exe
  C:\Windows\System\ZwdvSVk.exe
  2⤵
  PID:3700
- C:\Windows\System\WYtZQZh.exe
  C:\Windows\System\WYtZQZh.exe
  2⤵
  PID:1200
- C:\Windows\System\UqKdrdt.exe
  C:\Windows\System\UqKdrdt.exe
  2⤵
  PID:896
- C:\Windows\System\yRgymQw.exe
  C:\Windows\System\yRgymQw.exe
  2⤵
  PID:3928
- C:\Windows\System\gYBvXDr.exe
  C:\Windows\System\gYBvXDr.exe
  2⤵
  PID:2776
- C:\Windows\System\nVjoKDk.exe
  C:\Windows\System\nVjoKDk.exe
  2⤵
  PID:4220
- C:\Windows\System\VIPchwb.exe
  C:\Windows\System\VIPchwb.exe
  2⤵
  PID:4372
- C:\Windows\System\mqLLsxl.exe
  C:\Windows\System\mqLLsxl.exe
  2⤵
  PID:4492
- C:\Windows\System\ONBquQk.exe
  C:\Windows\System\ONBquQk.exe
  2⤵
  PID:4652
- C:\Windows\System\bZcOkzR.exe
  C:\Windows\System\bZcOkzR.exe
  2⤵
  PID:2940
- C:\Windows\System\TFgUaer.exe
  C:\Windows\System\TFgUaer.exe
  2⤵
  PID:2944
- C:\Windows\System\cGfXHQa.exe
  C:\Windows\System\cGfXHQa.exe
  2⤵
  PID:4784
- C:\Windows\System\yNPJWky.exe
  C:\Windows\System\yNPJWky.exe
  2⤵
  PID:4904
- C:\Windows\System\CGrxaCR.exe
  C:\Windows\System\CGrxaCR.exe
  2⤵
  PID:4996
- C:\Windows\System\FznaJxu.exe
  C:\Windows\System\FznaJxu.exe
  2⤵
  PID:3404
- C:\Windows\System\zSuARgP.exe
  C:\Windows\System\zSuARgP.exe
  2⤵
  PID:5140
- C:\Windows\System\YyUDWtO.exe
  C:\Windows\System\YyUDWtO.exe
  2⤵
  PID:5160
- C:\Windows\System\jZsoNPs.exe
  C:\Windows\System\jZsoNPs.exe
  2⤵
  PID:5180
- C:\Windows\System\AisuTSw.exe
  C:\Windows\System\AisuTSw.exe
  2⤵
  PID:5200
- C:\Windows\System\HihzEVZ.exe
  C:\Windows\System\HihzEVZ.exe
  2⤵
  PID:5220
- C:\Windows\System\iGtPhSV.exe
  C:\Windows\System\iGtPhSV.exe
  2⤵
  PID:5240
- C:\Windows\System\pVCNayW.exe
  C:\Windows\System\pVCNayW.exe
  2⤵
  PID:5260
- C:\Windows\System\CVmuJuP.exe
  C:\Windows\System\CVmuJuP.exe
  2⤵
  PID:5280
- C:\Windows\System\EcpBaZa.exe
  C:\Windows\System\EcpBaZa.exe
  2⤵
  PID:5300
- C:\Windows\System\CABgVQf.exe
  C:\Windows\System\CABgVQf.exe
  2⤵
  PID:5320
- C:\Windows\System\UnzZfiB.exe
  C:\Windows\System\UnzZfiB.exe
  2⤵
  PID:5340
- C:\Windows\System\VwnYASo.exe
  C:\Windows\System\VwnYASo.exe
  2⤵
  PID:5360
- C:\Windows\System\pmiPRci.exe
  C:\Windows\System\pmiPRci.exe
  2⤵
  PID:5380
- C:\Windows\System\mpAfVUq.exe
  C:\Windows\System\mpAfVUq.exe
  2⤵
  PID:5400
- C:\Windows\System\PsnPrjF.exe
  C:\Windows\System\PsnPrjF.exe
  2⤵
  PID:5420
- C:\Windows\System\oqUwdHF.exe
  C:\Windows\System\oqUwdHF.exe
  2⤵
  PID:5440
- C:\Windows\System\rMgXiqT.exe
  C:\Windows\System\rMgXiqT.exe
  2⤵
  PID:5460
- C:\Windows\System\fRhQkhs.exe
  C:\Windows\System\fRhQkhs.exe
  2⤵
  PID:5480
- C:\Windows\System\USILRwR.exe
  C:\Windows\System\USILRwR.exe
  2⤵
  PID:5500
- C:\Windows\System\oJwTukw.exe
  C:\Windows\System\oJwTukw.exe
  2⤵
  PID:5520
- C:\Windows\System\vxrTzXc.exe
  C:\Windows\System\vxrTzXc.exe
  2⤵
  PID:5540
- C:\Windows\System\HgwDqOH.exe
  C:\Windows\System\HgwDqOH.exe
  2⤵
  PID:5556
- C:\Windows\System\yGpWTaM.exe
  C:\Windows\System\yGpWTaM.exe
  2⤵
  PID:5580
- C:\Windows\System\IvMbKxP.exe
  C:\Windows\System\IvMbKxP.exe
  2⤵
  PID:5596
- C:\Windows\System\EvKRBAv.exe
  C:\Windows\System\EvKRBAv.exe
  2⤵
  PID:5616
- C:\Windows\System\adyOqpN.exe
  C:\Windows\System\adyOqpN.exe
  2⤵
  PID:5636
- C:\Windows\System\ibwoUpw.exe
  C:\Windows\System\ibwoUpw.exe
  2⤵
  PID:5660
- C:\Windows\System\ZzsSDhs.exe
  C:\Windows\System\ZzsSDhs.exe
  2⤵
  PID:5676
- C:\Windows\System\IlBgTHJ.exe
  C:\Windows\System\IlBgTHJ.exe
  2⤵
  PID:5700
- C:\Windows\System\XmrjFze.exe
  C:\Windows\System\XmrjFze.exe
  2⤵
  PID:5720
- C:\Windows\System\fiIGgyJ.exe
  C:\Windows\System\fiIGgyJ.exe
  2⤵
  PID:5736
- C:\Windows\System\aHFWVlU.exe
  C:\Windows\System\aHFWVlU.exe
  2⤵
  PID:5756
- C:\Windows\System\Unywnzw.exe
  C:\Windows\System\Unywnzw.exe
  2⤵
  PID:5776
- C:\Windows\System\NpVHSDP.exe
  C:\Windows\System\NpVHSDP.exe
  2⤵
  PID:5796
- C:\Windows\System\iplLTzy.exe
  C:\Windows\System\iplLTzy.exe
  2⤵
  PID:5816
- C:\Windows\System\jnuQEec.exe
  C:\Windows\System\jnuQEec.exe
  2⤵
  PID:5840
- C:\Windows\System\ZpLuEwU.exe
  C:\Windows\System\ZpLuEwU.exe
  2⤵
  PID:5860
- C:\Windows\System\YUGnfaB.exe
  C:\Windows\System\YUGnfaB.exe
  2⤵
  PID:5880
- C:\Windows\System\QPtJeNU.exe
  C:\Windows\System\QPtJeNU.exe
  2⤵
  PID:5900
- C:\Windows\System\RQmgloX.exe
  C:\Windows\System\RQmgloX.exe
  2⤵
  PID:5920
- C:\Windows\System\xSfqpLF.exe
  C:\Windows\System\xSfqpLF.exe
  2⤵
  PID:5944
- C:\Windows\System\vyXbEeD.exe
  C:\Windows\System\vyXbEeD.exe
  2⤵
  PID:5964
- C:\Windows\System\ZOUbBcL.exe
  C:\Windows\System\ZOUbBcL.exe
  2⤵
  PID:5984
- C:\Windows\System\OyTPPUr.exe
  C:\Windows\System\OyTPPUr.exe
  2⤵
  PID:6004
- C:\Windows\System\mopQUtk.exe
  C:\Windows\System\mopQUtk.exe
  2⤵
  PID:6024
- C:\Windows\System\qFNbuxl.exe
  C:\Windows\System\qFNbuxl.exe
  2⤵
  PID:6044
- C:\Windows\System\qWrGrSR.exe
  C:\Windows\System\qWrGrSR.exe
  2⤵
  PID:6064
- C:\Windows\System\qJKfKah.exe
  C:\Windows\System\qJKfKah.exe
  2⤵
  PID:6084
- C:\Windows\System\hxsxBbe.exe
  C:\Windows\System\hxsxBbe.exe
  2⤵
  PID:6104
- C:\Windows\System\axuWNTO.exe
  C:\Windows\System\axuWNTO.exe
  2⤵
  PID:6124
- C:\Windows\System\SynAOpD.exe
  C:\Windows\System\SynAOpD.exe
  2⤵
  PID:2692
- C:\Windows\System\LOAViKj.exe
  C:\Windows\System\LOAViKj.exe
  2⤵
  PID:5100
- C:\Windows\System\ZkBcGJR.exe
  C:\Windows\System\ZkBcGJR.exe
  2⤵
  PID:3568
- C:\Windows\System\DWSjlAG.exe
  C:\Windows\System\DWSjlAG.exe
  2⤵
  PID:4388
- C:\Windows\System\WjCNjeA.exe
  C:\Windows\System\WjCNjeA.exe
  2⤵
  PID:4164
- C:\Windows\System\nWDIyiy.exe
  C:\Windows\System\nWDIyiy.exe
  2⤵
  PID:4364
- C:\Windows\System\AJCozwl.exe
  C:\Windows\System\AJCozwl.exe
  2⤵
  PID:4528
- C:\Windows\System\jFVfgmj.exe
  C:\Windows\System\jFVfgmj.exe
  2⤵
  PID:4452
- C:\Windows\System\vATjNzt.exe
  C:\Windows\System\vATjNzt.exe
  2⤵
  PID:4804
- C:\Windows\System\HPuAefx.exe
  C:\Windows\System\HPuAefx.exe
  2⤵
  PID:4856
- C:\Windows\System\cLsQwdA.exe
  C:\Windows\System\cLsQwdA.exe
  2⤵
  PID:5060
- C:\Windows\System\RZNbbhv.exe
  C:\Windows\System\RZNbbhv.exe
  2⤵
  PID:3032
- C:\Windows\System\JeRUTiz.exe
  C:\Windows\System\JeRUTiz.exe
  2⤵
  PID:5176
- C:\Windows\System\TjoQgjj.exe
  C:\Windows\System\TjoQgjj.exe
  2⤵
  PID:5212
- C:\Windows\System\Dbugewh.exe
  C:\Windows\System\Dbugewh.exe
  2⤵
  PID:5248
- C:\Windows\System\difGonx.exe
  C:\Windows\System\difGonx.exe
  2⤵
  PID:5296
- C:\Windows\System\hKyvHvY.exe
  C:\Windows\System\hKyvHvY.exe
  2⤵
  PID:5328
- C:\Windows\System\LFYHhaa.exe
  C:\Windows\System\LFYHhaa.exe
  2⤵
  PID:4836
- C:\Windows\System\iMxrKpm.exe
  C:\Windows\System\iMxrKpm.exe
  2⤵
  PID:5356
- C:\Windows\System\qSJuPum.exe
  C:\Windows\System\qSJuPum.exe
  2⤵
  PID:5412
- C:\Windows\System\JvJAXSB.exe
  C:\Windows\System\JvJAXSB.exe
  2⤵
  PID:5452
- C:\Windows\System\UAgAotP.exe
  C:\Windows\System\UAgAotP.exe
  2⤵
  PID:5496
- C:\Windows\System\zqwiwnt.exe
  C:\Windows\System\zqwiwnt.exe
  2⤵
  PID:5468
- C:\Windows\System\qOTcFFW.exe
  C:\Windows\System\qOTcFFW.exe
  2⤵
  PID:5572
- C:\Windows\System\aWrTNfV.exe
  C:\Windows\System\aWrTNfV.exe
  2⤵
  PID:5508
- C:\Windows\System\CqkJfXx.exe
  C:\Windows\System\CqkJfXx.exe
  2⤵
  PID:5608
- C:\Windows\System\IUYDnXD.exe
  C:\Windows\System\IUYDnXD.exe
  2⤵
  PID:5552
- C:\Windows\System\BhrDFek.exe
  C:\Windows\System\BhrDFek.exe
  2⤵
  PID:5684
- C:\Windows\System\liCgBwK.exe
  C:\Windows\System\liCgBwK.exe
  2⤵
  PID:5632
- C:\Windows\System\SPkNEzv.exe
  C:\Windows\System\SPkNEzv.exe
  2⤵
  PID:5732
- C:\Windows\System\EDSlOQO.exe
  C:\Windows\System\EDSlOQO.exe
  2⤵
  PID:5772
- C:\Windows\System\qapSOcH.exe
  C:\Windows\System\qapSOcH.exe
  2⤵
  PID:5744
- C:\Windows\System\NMBYehG.exe
  C:\Windows\System\NMBYehG.exe
  2⤵
  PID:5848
- C:\Windows\System\dSVeQWd.exe
  C:\Windows\System\dSVeQWd.exe
  2⤵
  PID:5824
- C:\Windows\System\XTOFlPb.exe
  C:\Windows\System\XTOFlPb.exe
  2⤵
  PID:5888
- C:\Windows\System\OMEvRar.exe
  C:\Windows\System\OMEvRar.exe
  2⤵
  PID:5892
- C:\Windows\System\OitwewG.exe
  C:\Windows\System\OitwewG.exe
  2⤵
  PID:5916
- C:\Windows\System\QBHeakR.exe
  C:\Windows\System\QBHeakR.exe
  2⤵
  PID:5960
- C:\Windows\System\mmfDCzz.exe
  C:\Windows\System\mmfDCzz.exe
  2⤵
  PID:1008
- C:\Windows\System\LLXLFvG.exe
  C:\Windows\System\LLXLFvG.exe
  2⤵
  PID:6016
- C:\Windows\System\KsTJFEZ.exe
  C:\Windows\System\KsTJFEZ.exe
  2⤵
  PID:6036
- C:\Windows\System\FTTHjYU.exe
  C:\Windows\System\FTTHjYU.exe
  2⤵
  PID:6092
- C:\Windows\System\jKSIHdv.exe
  C:\Windows\System\jKSIHdv.exe
  2⤵
  PID:6132
- C:\Windows\System\UhGuhAG.exe
  C:\Windows\System\UhGuhAG.exe
  2⤵
  PID:5024
- C:\Windows\System\ZnKDxza.exe
  C:\Windows\System\ZnKDxza.exe
  2⤵
  PID:2668
- C:\Windows\System\IMagSSy.exe
  C:\Windows\System\IMagSSy.exe
  2⤵
  PID:3140
- C:\Windows\System\kSGntgb.exe
  C:\Windows\System\kSGntgb.exe
  2⤵
  PID:4144
- C:\Windows\System\cSTBHxP.exe
  C:\Windows\System\cSTBHxP.exe
  2⤵
  PID:4632
- C:\Windows\System\CttsYvO.exe
  C:\Windows\System\CttsYvO.exe
  2⤵
  PID:5004
- C:\Windows\System\BbFzZTq.exe
  C:\Windows\System\BbFzZTq.exe
  2⤵
  PID:4864
- C:\Windows\System\cdfHEzT.exe
  C:\Windows\System\cdfHEzT.exe
  2⤵
  PID:5156
- C:\Windows\System\ElNWBzf.exe
  C:\Windows\System\ElNWBzf.exe
  2⤵
  PID:5188
- C:\Windows\System\ZbVhhwF.exe
  C:\Windows\System\ZbVhhwF.exe
  2⤵
  PID:5232
- C:\Windows\System\sCKEjlh.exe
  C:\Windows\System\sCKEjlh.exe
  2⤵
  PID:5308
- C:\Windows\System\ezUFnBC.exe
  C:\Windows\System\ezUFnBC.exe
  2⤵
  PID:5388
- C:\Windows\System\viiPSeI.exe
  C:\Windows\System\viiPSeI.exe
  2⤵
  PID:2704
- C:\Windows\System\HeUhEaU.exe
  C:\Windows\System\HeUhEaU.exe
  2⤵
  PID:2848
- C:\Windows\System\kHZGEYe.exe
  C:\Windows\System\kHZGEYe.exe
  2⤵
  PID:5564
- C:\Windows\System\gPSzZBZ.exe
  C:\Windows\System\gPSzZBZ.exe
  2⤵
  PID:5652
- C:\Windows\System\PZycJbq.exe
  C:\Windows\System\PZycJbq.exe
  2⤵
  PID:5588
- C:\Windows\System\moKOUJS.exe
  C:\Windows\System\moKOUJS.exe
  2⤵
  PID:5688
- C:\Windows\System\UAysmAF.exe
  C:\Windows\System\UAysmAF.exe
  2⤵
  PID:2696
- C:\Windows\System\CKLIdDL.exe
  C:\Windows\System\CKLIdDL.exe
  2⤵
  PID:5808
- C:\Windows\System\LHhrzjB.exe
  C:\Windows\System\LHhrzjB.exe
  2⤵
  PID:5788
- C:\Windows\System\pXdAZbD.exe
  C:\Windows\System\pXdAZbD.exe
  2⤵
  PID:5908
- C:\Windows\System\LbEfMlQ.exe
  C:\Windows\System\LbEfMlQ.exe
  2⤵
  PID:5972
- C:\Windows\System\GNBXaVu.exe
  C:\Windows\System\GNBXaVu.exe
  2⤵
  PID:5980
- C:\Windows\System\SvWrtiX.exe
  C:\Windows\System\SvWrtiX.exe
  2⤵
  PID:6012
- C:\Windows\System\SBPMYDl.exe
  C:\Windows\System\SBPMYDl.exe
  2⤵
  PID:6056
- C:\Windows\System\EffdoqI.exe
  C:\Windows\System\EffdoqI.exe
  2⤵
  PID:5000
- C:\Windows\System\MmuMeno.exe
  C:\Windows\System\MmuMeno.exe
  2⤵
  PID:4184
- C:\Windows\System\slopagq.exe
  C:\Windows\System\slopagq.exe
  2⤵
  PID:2804
- C:\Windows\System\yazQPML.exe
  C:\Windows\System\yazQPML.exe
  2⤵
  PID:2916
- C:\Windows\System\MeaicKk.exe
  C:\Windows\System\MeaicKk.exe
  2⤵
  PID:5148
- C:\Windows\System\WAMzvAO.exe
  C:\Windows\System\WAMzvAO.exe
  2⤵
  PID:5236
- C:\Windows\System\TvOVqmi.exe
  C:\Windows\System\TvOVqmi.exe
  2⤵
  PID:5368
- C:\Windows\System\KsOEfEE.exe
  C:\Windows\System\KsOEfEE.exe
  2⤵
  PID:5488
- C:\Windows\System\IhtSJCi.exe
  C:\Windows\System\IhtSJCi.exe
  2⤵
  PID:5408
- C:\Windows\System\KUxDsIh.exe
  C:\Windows\System\KUxDsIh.exe
  2⤵
  PID:5656
- C:\Windows\System\ivtrgrU.exe
  C:\Windows\System\ivtrgrU.exe
  2⤵
  PID:980
- C:\Windows\System\mVxOyEP.exe
  C:\Windows\System\mVxOyEP.exe
  2⤵
  PID:5804
- C:\Windows\System\vSCBGBE.exe
  C:\Windows\System\vSCBGBE.exe
  2⤵
  PID:836
- C:\Windows\System\aaSabLX.exe
  C:\Windows\System\aaSabLX.exe
  2⤵
  PID:5932
- C:\Windows\System\SdsRKOh.exe
  C:\Windows\System\SdsRKOh.exe
  2⤵
  PID:5952
- C:\Windows\System\OVhMbAQ.exe
  C:\Windows\System\OVhMbAQ.exe
  2⤵
  PID:6032
- C:\Windows\System\RajjxmN.exe
  C:\Windows\System\RajjxmN.exe
  2⤵
  PID:6072
- C:\Windows\System\VODGEKa.exe
  C:\Windows\System\VODGEKa.exe
  2⤵
  PID:4728
- C:\Windows\System\bQHxQJl.exe
  C:\Windows\System\bQHxQJl.exe
  2⤵
  PID:3660
- C:\Windows\System\wLkJkjr.exe
  C:\Windows\System\wLkJkjr.exe
  2⤵
  PID:5208
- C:\Windows\System\IBblhah.exe
  C:\Windows\System\IBblhah.exe
  2⤵
  PID:5252
- C:\Windows\System\wKgkPcJ.exe
  C:\Windows\System\wKgkPcJ.exe
  2⤵
  PID:5352
- C:\Windows\System\DYmDGMw.exe
  C:\Windows\System\DYmDGMw.exe
  2⤵
  PID:5752
- C:\Windows\System\zMPPNwq.exe
  C:\Windows\System\zMPPNwq.exe
  2⤵
  PID:5604
- C:\Windows\System\AHMKkYQ.exe
  C:\Windows\System\AHMKkYQ.exe
  2⤵
  PID:5672
- C:\Windows\System\YVlInaE.exe
  C:\Windows\System\YVlInaE.exe
  2⤵
  PID:1948
- C:\Windows\System\pMjFPWh.exe
  C:\Windows\System\pMjFPWh.exe
  2⤵
  PID:3984
- C:\Windows\System\moxhXfd.exe
  C:\Windows\System\moxhXfd.exe
  2⤵
  PID:4884
- C:\Windows\System\wDMzmDH.exe
  C:\Windows\System\wDMzmDH.exe
  2⤵
  PID:5548
- C:\Windows\System\hunBGGm.exe
  C:\Windows\System\hunBGGm.exe
  2⤵
  PID:6160
- C:\Windows\System\caRjZeG.exe
  C:\Windows\System\caRjZeG.exe
  2⤵
  PID:6180
- C:\Windows\System\efMkYVF.exe
  C:\Windows\System\efMkYVF.exe
  2⤵
  PID:6200
- C:\Windows\System\jNtcTsm.exe
  C:\Windows\System\jNtcTsm.exe
  2⤵
  PID:6220
- C:\Windows\System\wDRZsrs.exe
  C:\Windows\System\wDRZsrs.exe
  2⤵
  PID:6240
- C:\Windows\System\CizuAQL.exe
  C:\Windows\System\CizuAQL.exe
  2⤵
  PID:6260
- C:\Windows\System\gjmWcnM.exe
  C:\Windows\System\gjmWcnM.exe
  2⤵
  PID:6280
- C:\Windows\System\HUkyvLV.exe
  C:\Windows\System\HUkyvLV.exe
  2⤵
  PID:6300
- C:\Windows\System\gkEieeK.exe
  C:\Windows\System\gkEieeK.exe
  2⤵
  PID:6320
- C:\Windows\System\kfZmKCI.exe
  C:\Windows\System\kfZmKCI.exe
  2⤵
  PID:6340
- C:\Windows\System\sIOaRmo.exe
  C:\Windows\System\sIOaRmo.exe
  2⤵
  PID:6360
- C:\Windows\System\lXjCvjn.exe
  C:\Windows\System\lXjCvjn.exe
  2⤵
  PID:6384
- C:\Windows\System\vAtnfHI.exe
  C:\Windows\System\vAtnfHI.exe
  2⤵
  PID:6404
- C:\Windows\System\oHUJjTu.exe
  C:\Windows\System\oHUJjTu.exe
  2⤵
  PID:6420
- C:\Windows\System\FwOJGss.exe
  C:\Windows\System\FwOJGss.exe
  2⤵
  PID:6444
- C:\Windows\System\ccjxuQJ.exe
  C:\Windows\System\ccjxuQJ.exe
  2⤵
  PID:6464
- C:\Windows\System\BVdnLFe.exe
  C:\Windows\System\BVdnLFe.exe
  2⤵
  PID:6484
- C:\Windows\System\rJptlan.exe
  C:\Windows\System\rJptlan.exe
  2⤵
  PID:6500
- C:\Windows\System\rIbOTdi.exe
  C:\Windows\System\rIbOTdi.exe
  2⤵
  PID:6524
- C:\Windows\System\vzPAaaK.exe
  C:\Windows\System\vzPAaaK.exe
  2⤵
  PID:6548
- C:\Windows\System\FzuTdQf.exe
  C:\Windows\System\FzuTdQf.exe
  2⤵
  PID:6568
- C:\Windows\System\VXHKXKh.exe
  C:\Windows\System\VXHKXKh.exe
  2⤵
  PID:6588
- C:\Windows\System\NJdPryv.exe
  C:\Windows\System\NJdPryv.exe
  2⤵
  PID:6608
- C:\Windows\System\vgiannc.exe
  C:\Windows\System\vgiannc.exe
  2⤵
  PID:6628
- C:\Windows\System\mmivZjb.exe
  C:\Windows\System\mmivZjb.exe
  2⤵
  PID:6648
- C:\Windows\System\bHcCwWB.exe
  C:\Windows\System\bHcCwWB.exe
  2⤵
  PID:6664
- C:\Windows\System\YnWvpqO.exe
  C:\Windows\System\YnWvpqO.exe
  2⤵
  PID:6688
- C:\Windows\System\aFyhbLP.exe
  C:\Windows\System\aFyhbLP.exe
  2⤵
  PID:6708
- C:\Windows\System\aVBuTbV.exe
  C:\Windows\System\aVBuTbV.exe
  2⤵
  PID:6728
- C:\Windows\System\FBmREmv.exe
  C:\Windows\System\FBmREmv.exe
  2⤵
  PID:6748
- C:\Windows\System\MaYSdFR.exe
  C:\Windows\System\MaYSdFR.exe
  2⤵
  PID:6768
- C:\Windows\System\oVyydzd.exe
  C:\Windows\System\oVyydzd.exe
  2⤵
  PID:6788
- C:\Windows\System\AWLzlbA.exe
  C:\Windows\System\AWLzlbA.exe
  2⤵
  PID:6808
- C:\Windows\System\ojniixP.exe
  C:\Windows\System\ojniixP.exe
  2⤵
  PID:6828
- C:\Windows\System\HgzEnPa.exe
  C:\Windows\System\HgzEnPa.exe
  2⤵
  PID:6848
- C:\Windows\System\lvctHSP.exe
  C:\Windows\System\lvctHSP.exe
  2⤵
  PID:6868
- C:\Windows\System\TXZYTXA.exe
  C:\Windows\System\TXZYTXA.exe
  2⤵
  PID:6888
- C:\Windows\System\TKccmUF.exe
  C:\Windows\System\TKccmUF.exe
  2⤵
  PID:6908
- C:\Windows\System\kyuwCBM.exe
  C:\Windows\System\kyuwCBM.exe
  2⤵
  PID:6928
- C:\Windows\System\CxMidHe.exe
  C:\Windows\System\CxMidHe.exe
  2⤵
  PID:6948
- C:\Windows\System\tGmfaOx.exe
  C:\Windows\System\tGmfaOx.exe
  2⤵
  PID:6968
- C:\Windows\System\pQLySQI.exe
  C:\Windows\System\pQLySQI.exe
  2⤵
  PID:6988
- C:\Windows\System\vNReOJy.exe
  C:\Windows\System\vNReOJy.exe
  2⤵
  PID:7008
- C:\Windows\System\JaaUXZo.exe
  C:\Windows\System\JaaUXZo.exe
  2⤵
  PID:7028
- C:\Windows\System\xahiPBf.exe
  C:\Windows\System\xahiPBf.exe
  2⤵
  PID:7048
- C:\Windows\System\ZQUmkFo.exe
  C:\Windows\System\ZQUmkFo.exe
  2⤵
  PID:7068
- C:\Windows\System\GjXBntM.exe
  C:\Windows\System\GjXBntM.exe
  2⤵
  PID:7088
- C:\Windows\System\BrzBWvz.exe
  C:\Windows\System\BrzBWvz.exe
  2⤵
  PID:7108
- C:\Windows\System\zVVOgYo.exe
  C:\Windows\System\zVVOgYo.exe
  2⤵
  PID:7128
- C:\Windows\System\dCUvybG.exe
  C:\Windows\System\dCUvybG.exe
  2⤵
  PID:7148
- C:\Windows\System\tcQejsz.exe
  C:\Windows\System\tcQejsz.exe
  2⤵
  PID:5472
- C:\Windows\System\SutFWTJ.exe
  C:\Windows\System\SutFWTJ.exe
  2⤵
  PID:5936
- C:\Windows\System\aJzGlZF.exe
  C:\Windows\System\aJzGlZF.exe
  2⤵
  PID:5592
- C:\Windows\System\NnJYScc.exe
  C:\Windows\System\NnJYScc.exe
  2⤵
  PID:2536
- C:\Windows\System\lfQmFxf.exe
  C:\Windows\System\lfQmFxf.exe
  2⤵
  PID:5128
- C:\Windows\System\bwRFuNe.exe
  C:\Windows\System\bwRFuNe.exe
  2⤵
  PID:6152
- C:\Windows\System\havDnTv.exe
  C:\Windows\System\havDnTv.exe
  2⤵
  PID:6188
- C:\Windows\System\hlKacLq.exe
  C:\Windows\System\hlKacLq.exe
  2⤵
  PID:6228
- C:\Windows\System\jPnDBvb.exe
  C:\Windows\System\jPnDBvb.exe
  2⤵
  PID:6216
- C:\Windows\System\JRAfSGP.exe
  C:\Windows\System\JRAfSGP.exe
  2⤵
  PID:6276
- C:\Windows\System\ryYyWZf.exe
  C:\Windows\System\ryYyWZf.exe
  2⤵
  PID:6296
- C:\Windows\System\GeTCYif.exe
  C:\Windows\System\GeTCYif.exe
  2⤵
  PID:6352
- C:\Windows\System\eKyieFP.exe
  C:\Windows\System\eKyieFP.exe
  2⤵
  PID:6400
- C:\Windows\System\YRddyqw.exe
  C:\Windows\System\YRddyqw.exe
  2⤵
  PID:6428
- C:\Windows\System\fJeSqwK.exe
  C:\Windows\System\fJeSqwK.exe
  2⤵
  PID:6416
- C:\Windows\System\qvRmjjn.exe
  C:\Windows\System\qvRmjjn.exe
  2⤵
  PID:6476
- C:\Windows\System\sUMRBwY.exe
  C:\Windows\System\sUMRBwY.exe
  2⤵
  PID:1720
- C:\Windows\System\GwAuYkk.exe
  C:\Windows\System\GwAuYkk.exe
  2⤵
  PID:6516
- C:\Windows\System\VmuDwjA.exe
  C:\Windows\System\VmuDwjA.exe
  2⤵
  PID:6532
- C:\Windows\System\hNMHaAB.exe
  C:\Windows\System\hNMHaAB.exe
  2⤵
  PID:3020
- C:\Windows\System\KAaaLOC.exe
  C:\Windows\System\KAaaLOC.exe
  2⤵
  PID:6580
- C:\Windows\System\NVHmqEp.exe
  C:\Windows\System\NVHmqEp.exe
  2⤵
  PID:6620
- C:\Windows\System\tHCNUJQ.exe
  C:\Windows\System\tHCNUJQ.exe
  2⤵
  PID:6676
- C:\Windows\System\rjpRxwV.exe
  C:\Windows\System\rjpRxwV.exe
  2⤵
  PID:6716
- C:\Windows\System\QTcnLNa.exe
  C:\Windows\System\QTcnLNa.exe
  2⤵
  PID:6736
- C:\Windows\System\MNUkWEJ.exe
  C:\Windows\System\MNUkWEJ.exe
  2⤵
  PID:6776
- C:\Windows\System\JkxOjWT.exe
  C:\Windows\System\JkxOjWT.exe
  2⤵
  PID:6780
- C:\Windows\System\lsWmGnh.exe
  C:\Windows\System\lsWmGnh.exe
  2⤵
  PID:6844
- C:\Windows\System\OFeyJmc.exe
  C:\Windows\System\OFeyJmc.exe
  2⤵
  PID:6880
- C:\Windows\System\EtnnBXX.exe
  C:\Windows\System\EtnnBXX.exe
  2⤵
  PID:6916
- C:\Windows\System\TriXVhG.exe
  C:\Windows\System\TriXVhG.exe
  2⤵
  PID:6900
- C:\Windows\System\mENfKNS.exe
  C:\Windows\System\mENfKNS.exe
  2⤵
  PID:6964
- C:\Windows\System\GGPUvJS.exe
  C:\Windows\System\GGPUvJS.exe
  2⤵
  PID:6984
- C:\Windows\System\pDXomvN.exe
  C:\Windows\System\pDXomvN.exe
  2⤵
  PID:7036
- C:\Windows\System\stfwpYd.exe
  C:\Windows\System\stfwpYd.exe
  2⤵
  PID:7020
- C:\Windows\System\XFXxeAu.exe
  C:\Windows\System\XFXxeAu.exe
  2⤵
  PID:7064
- C:\Windows\System\VSVsgRo.exe
  C:\Windows\System\VSVsgRo.exe
  2⤵
  PID:7116
- C:\Windows\System\ydhXiMv.exe
  C:\Windows\System\ydhXiMv.exe
  2⤵
  PID:7164
- C:\Windows\System\SenxYMU.exe
  C:\Windows\System\SenxYMU.exe
  2⤵
  PID:5628
- C:\Windows\System\GzNvxZv.exe
  C:\Windows\System\GzNvxZv.exe
  2⤵
  PID:6096
- C:\Windows\System\eWNeAyL.exe
  C:\Windows\System\eWNeAyL.exe
  2⤵
  PID:6040
- C:\Windows\System\bgaRtXf.exe
  C:\Windows\System\bgaRtXf.exe
  2⤵
  PID:6252
- C:\Windows\System\hzUgOpq.exe
  C:\Windows\System\hzUgOpq.exe
  2⤵
  PID:2572
- C:\Windows\System\FwdJwEW.exe
  C:\Windows\System\FwdJwEW.exe
  2⤵
  PID:6392
- C:\Windows\System\BIXZqkW.exe
  C:\Windows\System\BIXZqkW.exe
  2⤵
  PID:6368
- C:\Windows\System\vMGbNYX.exe
  C:\Windows\System\vMGbNYX.exe
  2⤵
  PID:6380
- C:\Windows\System\PPnBOAd.exe
  C:\Windows\System\PPnBOAd.exe
  2⤵
  PID:6472
- C:\Windows\System\lZgywox.exe
  C:\Windows\System\lZgywox.exe
  2⤵
  PID:6564
- C:\Windows\System\VgkqSRH.exe
  C:\Windows\System\VgkqSRH.exe
  2⤵
  PID:6584
- C:\Windows\System\JFoRzmx.exe
  C:\Windows\System\JFoRzmx.exe
  2⤵
  PID:6596
- C:\Windows\System\mSpbtAX.exe
  C:\Windows\System\mSpbtAX.exe
  2⤵
  PID:6724
- C:\Windows\System\vvPmOHF.exe
  C:\Windows\System\vvPmOHF.exe
  2⤵
  PID:6764
- C:\Windows\System\BxxwyfW.exe
  C:\Windows\System\BxxwyfW.exe
  2⤵
  PID:6804
- C:\Windows\System\FBwjZAB.exe
  C:\Windows\System\FBwjZAB.exe
  2⤵
  PID:6884
- C:\Windows\System\JFmaEns.exe
  C:\Windows\System\JFmaEns.exe
  2⤵
  PID:6836
- C:\Windows\System\arxjHKc.exe
  C:\Windows\System\arxjHKc.exe
  2⤵
  PID:6824
- C:\Windows\System\WsiNsVI.exe
  C:\Windows\System\WsiNsVI.exe
  2⤵
  PID:3504
- C:\Windows\System\gVoieJT.exe
  C:\Windows\System\gVoieJT.exe
  2⤵
  PID:6936
- C:\Windows\System\WgRBHKP.exe
  C:\Windows\System\WgRBHKP.exe
  2⤵
  PID:7004
- C:\Windows\System\lOyWzDH.exe
  C:\Windows\System\lOyWzDH.exe
  2⤵
  PID:7056
- C:\Windows\System\tXCTsfn.exe
  C:\Windows\System\tXCTsfn.exe
  2⤵
  PID:7144
- C:\Windows\System\IYmXZnV.exe
  C:\Windows\System\IYmXZnV.exe
  2⤵
  PID:7136
- C:\Windows\System\tRzHXAW.exe
  C:\Windows\System\tRzHXAW.exe
  2⤵
  PID:6156
- C:\Windows\System\yqMdIQC.exe
  C:\Windows\System\yqMdIQC.exe
  2⤵
  PID:6232
- C:\Windows\System\AkFdxzi.exe
  C:\Windows\System\AkFdxzi.exe
  2⤵
  PID:1780
- C:\Windows\System\dJMqBVL.exe
  C:\Windows\System\dJMqBVL.exe
  2⤵
  PID:4108
- C:\Windows\System\yWfNIla.exe
  C:\Windows\System\yWfNIla.exe
  2⤵
  PID:2248
- C:\Windows\System\wrxxDBn.exe
  C:\Windows\System\wrxxDBn.exe
  2⤵
  PID:1484
- C:\Windows\System\tGAjKPl.exe
  C:\Windows\System\tGAjKPl.exe
  2⤵
  PID:6356
- C:\Windows\System\cMdQmqj.exe
  C:\Windows\System\cMdQmqj.exe
  2⤵
  PID:6432
- C:\Windows\System\fiQsSdc.exe
  C:\Windows\System\fiQsSdc.exe
  2⤵
  PID:6376
- C:\Windows\System\FlZYjfq.exe
  C:\Windows\System\FlZYjfq.exe
  2⤵
  PID:6512
- C:\Windows\System\AbMFAAw.exe
  C:\Windows\System\AbMFAAw.exe
  2⤵
  PID:328
- C:\Windows\System\uuhoIIY.exe
  C:\Windows\System\uuhoIIY.exe
  2⤵
  PID:6560
- C:\Windows\System\CNzPNtN.exe
  C:\Windows\System\CNzPNtN.exe
  2⤵
  PID:6624
- C:\Windows\System\ZxaVzVa.exe
  C:\Windows\System\ZxaVzVa.exe
  2⤵
  PID:6756
- C:\Windows\System\xIbSaIC.exe
  C:\Windows\System\xIbSaIC.exe
  2⤵
  PID:6876
- C:\Windows\System\VMgRyka.exe
  C:\Windows\System\VMgRyka.exe
  2⤵
  PID:832
- C:\Windows\System\bIPBlYl.exe
  C:\Windows\System\bIPBlYl.exe
  2⤵
  PID:6860
- C:\Windows\System\jmaxKtl.exe
  C:\Windows\System\jmaxKtl.exe
  2⤵
  PID:7100
- C:\Windows\System\LqXsFaf.exe
  C:\Windows\System\LqXsFaf.exe
  2⤵
  PID:7084
- C:\Windows\System\PmqQLNN.exe
  C:\Windows\System\PmqQLNN.exe
  2⤵
  PID:2888
- C:\Windows\System\tpoAMEm.exe
  C:\Windows\System\tpoAMEm.exe
  2⤵
  PID:2832
- C:\Windows\System\FVQRgqa.exe
  C:\Windows\System\FVQRgqa.exe
  2⤵
  PID:6212
- C:\Windows\System\ShNCwrV.exe
  C:\Windows\System\ShNCwrV.exe
  2⤵
  PID:6492
- C:\Windows\System\RfMMgvy.exe
  C:\Windows\System\RfMMgvy.exe
  2⤵
  PID:2680
- C:\Windows\System\zitGyHH.exe
  C:\Windows\System\zitGyHH.exe
  2⤵
  PID:6976
- C:\Windows\System\dxknkbw.exe
  C:\Windows\System\dxknkbw.exe
  2⤵
  PID:1732
- C:\Windows\System\BdYpNyf.exe
  C:\Windows\System\BdYpNyf.exe
  2⤵
  PID:6336
- C:\Windows\System\HqmRObm.exe
  C:\Windows\System\HqmRObm.exe
  2⤵
  PID:2868
- C:\Windows\System\ufJgYOJ.exe
  C:\Windows\System\ufJgYOJ.exe
  2⤵
  PID:6696
- C:\Windows\System\IyXqBdt.exe
  C:\Windows\System\IyXqBdt.exe
  2⤵
  PID:1304
- C:\Windows\System\XxLWxcm.exe
  C:\Windows\System\XxLWxcm.exe
  2⤵
  PID:7016
- C:\Windows\System\ZnUfIMu.exe
  C:\Windows\System\ZnUfIMu.exe
  2⤵
  PID:2800
- C:\Windows\System\ylpamEd.exe
  C:\Windows\System\ylpamEd.exe
  2⤵
  PID:2936
- C:\Windows\System\TpthAxK.exe
  C:\Windows\System\TpthAxK.exe
  2⤵
  PID:6288
- C:\Windows\System\eQJEHvA.exe
  C:\Windows\System\eQJEHvA.exe
  2⤵
  PID:7120
- C:\Windows\System\CREsnNO.exe
  C:\Windows\System\CREsnNO.exe
  2⤵
  PID:6996
- C:\Windows\System\CyJlaAx.exe
  C:\Windows\System\CyJlaAx.exe
  2⤵
  PID:6616
- C:\Windows\System\rzkrlVU.exe
  C:\Windows\System\rzkrlVU.exe
  2⤵
  PID:6440
- C:\Windows\System\ISSdGqz.exe
  C:\Windows\System\ISSdGqz.exe
  2⤵
  PID:5192
- C:\Windows\System\ocNrEda.exe
  C:\Windows\System\ocNrEda.exe
  2⤵
  PID:2528
- C:\Windows\System\iifgjUy.exe
  C:\Windows\System\iifgjUy.exe
  2⤵
  PID:2768
- C:\Windows\System\EzPjnRq.exe
  C:\Windows\System\EzPjnRq.exe
  2⤵
  PID:6920
- C:\Windows\System\GmxvDpI.exe
  C:\Windows\System\GmxvDpI.exe
  2⤵
  PID:6316
- C:\Windows\System\KPTqokd.exe
  C:\Windows\System\KPTqokd.exe
  2⤵
  PID:6924
- C:\Windows\System\fXrBzaJ.exe
  C:\Windows\System\fXrBzaJ.exe
  2⤵
  PID:7176
- C:\Windows\System\aHKKnAc.exe
  C:\Windows\System\aHKKnAc.exe
  2⤵
  PID:7192
- C:\Windows\System\KZyDBzA.exe
  C:\Windows\System\KZyDBzA.exe
  2⤵
  PID:7208
- C:\Windows\System\eLAyxrY.exe
  C:\Windows\System\eLAyxrY.exe
  2⤵
  PID:7232
- C:\Windows\System\XZllrwv.exe
  C:\Windows\System\XZllrwv.exe
  2⤵
  PID:7252
- C:\Windows\System\CKRwfsd.exe
  C:\Windows\System\CKRwfsd.exe
  2⤵
  PID:7276
- C:\Windows\System\hMAOIWY.exe
  C:\Windows\System\hMAOIWY.exe
  2⤵
  PID:7292
- C:\Windows\System\sGlwIkM.exe
  C:\Windows\System\sGlwIkM.exe
  2⤵
  PID:7308
- C:\Windows\System\HLZqkxA.exe
  C:\Windows\System\HLZqkxA.exe
  2⤵
  PID:7324
- C:\Windows\System\kmYVAEw.exe
  C:\Windows\System\kmYVAEw.exe
  2⤵
  PID:7340
- C:\Windows\System\hTVsHCb.exe
  C:\Windows\System\hTVsHCb.exe
  2⤵
  PID:7356
- C:\Windows\System\CBHdpSI.exe
  C:\Windows\System\CBHdpSI.exe
  2⤵
  PID:7372
- C:\Windows\System\qdlhhWT.exe
  C:\Windows\System\qdlhhWT.exe
  2⤵
  PID:7388
- C:\Windows\System\mlHvFyO.exe
  C:\Windows\System\mlHvFyO.exe
  2⤵
  PID:7404
- C:\Windows\System\GnReiLR.exe
  C:\Windows\System\GnReiLR.exe
  2⤵
  PID:7420
- C:\Windows\System\PrtXrVJ.exe
  C:\Windows\System\PrtXrVJ.exe
  2⤵
  PID:7436
- C:\Windows\System\HsZrZcp.exe
  C:\Windows\System\HsZrZcp.exe
  2⤵
  PID:7460
- C:\Windows\System\WBiwQHL.exe
  C:\Windows\System\WBiwQHL.exe
  2⤵
  PID:7528
- C:\Windows\System\ALVVHFQ.exe
  C:\Windows\System\ALVVHFQ.exe
  2⤵
  PID:7548
- C:\Windows\System\rXOWreI.exe
  C:\Windows\System\rXOWreI.exe
  2⤵
  PID:7564
- C:\Windows\System\dtLrSef.exe
  C:\Windows\System\dtLrSef.exe
  2⤵
  PID:7580
- C:\Windows\System\nNkTKGD.exe
  C:\Windows\System\nNkTKGD.exe
  2⤵
  PID:7604
- C:\Windows\System\hxUGzxV.exe
  C:\Windows\System\hxUGzxV.exe
  2⤵
  PID:7636
- C:\Windows\System\ULvgcHP.exe
  C:\Windows\System\ULvgcHP.exe
  2⤵
  PID:7656
- C:\Windows\System\uzWEnVJ.exe
  C:\Windows\System\uzWEnVJ.exe
  2⤵
  PID:7672
- C:\Windows\System\gnPvgyH.exe
  C:\Windows\System\gnPvgyH.exe
  2⤵
  PID:7688
- C:\Windows\System\YHNglqZ.exe
  C:\Windows\System\YHNglqZ.exe
  2⤵
  PID:7704
- C:\Windows\System\CdmMeVE.exe
  C:\Windows\System\CdmMeVE.exe
  2⤵
  PID:7720
- C:\Windows\System\fqaeXiq.exe
  C:\Windows\System\fqaeXiq.exe
  2⤵
  PID:7736
- C:\Windows\System\ZUproIN.exe
  C:\Windows\System\ZUproIN.exe
  2⤵
  PID:7752
- C:\Windows\System\CbkQTMU.exe
  C:\Windows\System\CbkQTMU.exe
  2⤵
  PID:7768
- C:\Windows\System\pSBTsTg.exe
  C:\Windows\System\pSBTsTg.exe
  2⤵
  PID:7784
- C:\Windows\System\bjGFKFZ.exe
  C:\Windows\System\bjGFKFZ.exe
  2⤵
  PID:7800
- C:\Windows\System\UdaNGzF.exe
  C:\Windows\System\UdaNGzF.exe
  2⤵
  PID:7816
- C:\Windows\System\HYQeDks.exe
  C:\Windows\System\HYQeDks.exe
  2⤵
  PID:7832
- C:\Windows\System\rHSbZpT.exe
  C:\Windows\System\rHSbZpT.exe
  2⤵
  PID:7848
- C:\Windows\System\YVyqcfx.exe
  C:\Windows\System\YVyqcfx.exe
  2⤵
  PID:7864
- C:\Windows\System\atngFnS.exe
  C:\Windows\System\atngFnS.exe
  2⤵
  PID:7880
- C:\Windows\System\zpDodCa.exe
  C:\Windows\System\zpDodCa.exe
  2⤵
  PID:7896
- C:\Windows\System\jaxFTbk.exe
  C:\Windows\System\jaxFTbk.exe
  2⤵
  PID:7912
- C:\Windows\System\IuOpamF.exe
  C:\Windows\System\IuOpamF.exe
  2⤵
  PID:7928
- C:\Windows\System\HWuFAaz.exe
  C:\Windows\System\HWuFAaz.exe
  2⤵
  PID:7948
- C:\Windows\System\KYZiCMv.exe
  C:\Windows\System\KYZiCMv.exe
  2⤵
  PID:7964
- C:\Windows\System\ieTTBpX.exe
  C:\Windows\System\ieTTBpX.exe
  2⤵
  PID:7988
- C:\Windows\System\bCOEnAO.exe
  C:\Windows\System\bCOEnAO.exe
  2⤵
  PID:8004
- C:\Windows\System\LWgOheF.exe
  C:\Windows\System\LWgOheF.exe
  2⤵
  PID:8020
- C:\Windows\System\IRmdmph.exe
  C:\Windows\System\IRmdmph.exe
  2⤵
  PID:8036
- C:\Windows\System\FNLqiKJ.exe
  C:\Windows\System\FNLqiKJ.exe
  2⤵
  PID:8056
- C:\Windows\System\iUtCGyk.exe
  C:\Windows\System\iUtCGyk.exe
  2⤵
  PID:8124
- C:\Windows\System\DNGWKXp.exe
  C:\Windows\System\DNGWKXp.exe
  2⤵
  PID:8152
- C:\Windows\System\fMAqOzq.exe
  C:\Windows\System\fMAqOzq.exe
  2⤵
  PID:8172
- C:\Windows\System\bqUhyFo.exe
  C:\Windows\System\bqUhyFo.exe
  2⤵
  PID:8188
- C:\Windows\System\undanyZ.exe
  C:\Windows\System\undanyZ.exe
  2⤵
  PID:7204
- C:\Windows\System\odlWDFA.exe
  C:\Windows\System\odlWDFA.exe
  2⤵
  PID:7288
- C:\Windows\System\rvxWvtV.exe
  C:\Windows\System\rvxWvtV.exe
  2⤵
  PID:7352
- C:\Windows\System\mWtHJIK.exe
  C:\Windows\System\mWtHJIK.exe
  2⤵
  PID:6744
- C:\Windows\System\XhLuksL.exe
  C:\Windows\System\XhLuksL.exe
  2⤵
  PID:7000
- C:\Windows\System\YhbKfwZ.exe
  C:\Windows\System\YhbKfwZ.exe
  2⤵
  PID:7220
- C:\Windows\System\rNmdJXk.exe
  C:\Windows\System\rNmdJXk.exe
  2⤵
  PID:7428
- C:\Windows\System\ybEYpTF.exe
  C:\Windows\System\ybEYpTF.exe
  2⤵
  PID:7364
- C:\Windows\System\knhRwKo.exe
  C:\Windows\System\knhRwKo.exe
  2⤵
  PID:7472
- C:\Windows\System\toxTOWH.exe
  C:\Windows\System\toxTOWH.exe
  2⤵
  PID:7492
- C:\Windows\System\KSEloWt.exe
  C:\Windows\System\KSEloWt.exe
  2⤵
  PID:7504
- C:\Windows\System\doQpoxR.exe
  C:\Windows\System\doQpoxR.exe
  2⤵
  PID:7524
- C:\Windows\System\EaLWENK.exe
  C:\Windows\System\EaLWENK.exe
  2⤵
  PID:7544
- C:\Windows\System\nfeNhzX.exe
  C:\Windows\System\nfeNhzX.exe
  2⤵
  PID:7560
- C:\Windows\System\GUtEkvB.exe
  C:\Windows\System\GUtEkvB.exe
  2⤵
  PID:7624
- C:\Windows\System\fatqzVW.exe
  C:\Windows\System\fatqzVW.exe
  2⤵
  PID:664
- C:\Windows\System\koCnjec.exe
  C:\Windows\System\koCnjec.exe
  2⤵
  PID:1840
- C:\Windows\System\pCKzEdX.exe
  C:\Windows\System\pCKzEdX.exe
  2⤵
  PID:1112
- C:\Windows\System\xdCbpmp.exe
  C:\Windows\System\xdCbpmp.exe
  2⤵
  PID:7696
- C:\Windows\System\uuCfLSi.exe
  C:\Windows\System\uuCfLSi.exe
  2⤵
  PID:7732
- C:\Windows\System\czEVIHn.exe
  C:\Windows\System\czEVIHn.exe
  2⤵
  PID:7796
- C:\Windows\System\yNzlmoM.exe
  C:\Windows\System\yNzlmoM.exe
  2⤵
  PID:7860
- C:\Windows\System\BThjFJC.exe
  C:\Windows\System\BThjFJC.exe
  2⤵
  PID:7956
- C:\Windows\System\zuXKcgH.exe
  C:\Windows\System\zuXKcgH.exe
  2⤵
  PID:8028
- C:\Windows\System\cdxnSUG.exe
  C:\Windows\System\cdxnSUG.exe
  2⤵
  PID:2732
- C:\Windows\System\FuInEla.exe
  C:\Windows\System\FuInEla.exe
  2⤵
  PID:7844
- C:\Windows\System\vniNOcv.exe
  C:\Windows\System\vniNOcv.exe
  2⤵
  PID:8084
- C:\Windows\System\soLjgvR.exe
  C:\Windows\System\soLjgvR.exe
  2⤵
  PID:8100
- C:\Windows\System\HDNBPPq.exe
  C:\Windows\System\HDNBPPq.exe
  2⤵
  PID:8116
- C:\Windows\System\YsgoFdv.exe
  C:\Windows\System\YsgoFdv.exe
  2⤵
  PID:8168
- C:\Windows\System\VREHjwE.exe
  C:\Windows\System\VREHjwE.exe
  2⤵
  PID:7908
- C:\Windows\System\ghtOIAT.exe
  C:\Windows\System\ghtOIAT.exe
  2⤵
  PID:7320
- C:\Windows\System\VGlIELx.exe
  C:\Windows\System\VGlIELx.exe
  2⤵
  PID:7348
- C:\Windows\System\AigAKFe.exe
  C:\Windows\System\AigAKFe.exe
  2⤵
  PID:3040
- C:\Windows\System\TOGlbms.exe
  C:\Windows\System\TOGlbms.exe
  2⤵
  PID:8132
- C:\Windows\System\WjyJxuK.exe
  C:\Windows\System\WjyJxuK.exe
  2⤵
  PID:7452
- C:\Windows\System\cOivoSn.exe
  C:\Windows\System\cOivoSn.exe
  2⤵
  PID:7936
- C:\Windows\System\qcczUMa.exe
  C:\Windows\System\qcczUMa.exe
  2⤵
  PID:7444
- C:\Windows\System\KPagURX.exe
  C:\Windows\System\KPagURX.exe
  2⤵
  PID:7684
- C:\Windows\System\QeGScTp.exe
  C:\Windows\System\QeGScTp.exe
  2⤵
  PID:7748
- C:\Windows\System\bvPSEyo.exe
  C:\Windows\System\bvPSEyo.exe
  2⤵
  PID:7812
- C:\Windows\System\AZxdptV.exe
  C:\Windows\System\AZxdptV.exe
  2⤵
  PID:7940
- C:\Windows\System\CwGpoSx.exe
  C:\Windows\System\CwGpoSx.exe
  2⤵
  PID:7976
- C:\Windows\System\bUGfYyp.exe
  C:\Windows\System\bUGfYyp.exe
  2⤵
  PID:8044
- C:\Windows\System\wfdJsqv.exe
  C:\Windows\System\wfdJsqv.exe
  2⤵
  PID:8144
- C:\Windows\System\otlDwrb.exe
  C:\Windows\System\otlDwrb.exe
  2⤵
  PID:7188
- C:\Windows\System\tiRapgQ.exe
  C:\Windows\System\tiRapgQ.exe
  2⤵
  PID:7268
- C:\Windows\System\uzlyLod.exe
  C:\Windows\System\uzlyLod.exe
  2⤵
  PID:7500
- C:\Windows\System\ZaMgyhZ.exe
  C:\Windows\System\ZaMgyhZ.exe
  2⤵
  PID:7620
- C:\Windows\System\htYiOih.exe
  C:\Windows\System\htYiOih.exe
  2⤵
  PID:7520
- C:\Windows\System\YcimDZx.exe
  C:\Windows\System\YcimDZx.exe
  2⤵
  PID:7600
- C:\Windows\System\fxIqEBh.exe
  C:\Windows\System\fxIqEBh.exe
  2⤵
  PID:1400
- C:\Windows\System\fBoKJYL.exe
  C:\Windows\System\fBoKJYL.exe
  2⤵
  PID:7184
- C:\Windows\System\ifmmbmB.exe
  C:\Windows\System\ifmmbmB.exe
  2⤵
  PID:7792
- C:\Windows\System\tRRdBxv.exe
  C:\Windows\System\tRRdBxv.exe
  2⤵
  PID:8064
- C:\Windows\System\IhlgBmU.exe
  C:\Windows\System\IhlgBmU.exe
  2⤵
  PID:7828
- C:\Windows\System\gytJCbR.exe
  C:\Windows\System\gytJCbR.exe
  2⤵
  PID:1588
- C:\Windows\System\TiUUHXI.exe
  C:\Windows\System\TiUUHXI.exe
  2⤵
  PID:7632
- C:\Windows\System\rJyqGrv.exe
  C:\Windows\System\rJyqGrv.exe
  2⤵
  PID:7904
- C:\Windows\System\fvVPolu.exe
  C:\Windows\System\fvVPolu.exe
  2⤵
  PID:6660
- C:\Windows\System\SEhUhPm.exe
  C:\Windows\System\SEhUhPm.exe
  2⤵
  PID:7780
- C:\Windows\System\EpDhTDl.exe
  C:\Windows\System\EpDhTDl.exe
  2⤵
  PID:8160
- C:\Windows\System\GFBVRyB.exe
  C:\Windows\System\GFBVRyB.exe
  2⤵
  PID:2448
- C:\Windows\System\zNetHjz.exe
  C:\Windows\System\zNetHjz.exe
  2⤵
  PID:8052
- C:\Windows\System\zCkUOeF.exe
  C:\Windows\System\zCkUOeF.exe
  2⤵
  PID:1536
- C:\Windows\System\LbJgTiB.exe
  C:\Windows\System\LbJgTiB.exe
  2⤵
  PID:7416
- C:\Windows\System\ZWvOloK.exe
  C:\Windows\System\ZWvOloK.exe
  2⤵
  PID:8184
- C:\Windows\System\SGiplnL.exe
  C:\Windows\System\SGiplnL.exe
  2⤵
  PID:7536
- C:\Windows\System\LvpvLGQ.exe
  C:\Windows\System\LvpvLGQ.exe
  2⤵
  PID:7216
- C:\Windows\System\GVFLBWD.exe
  C:\Windows\System\GVFLBWD.exe
  2⤵
  PID:7996
- C:\Windows\System\hSzJKRn.exe
  C:\Windows\System\hSzJKRn.exe
  2⤵
  PID:7652
- C:\Windows\System\telutRQ.exe
  C:\Windows\System\telutRQ.exe
  2⤵
  PID:7200
- C:\Windows\System\fMxQVTe.exe
  C:\Windows\System\fMxQVTe.exe
  2⤵
  PID:7304
- C:\Windows\System\RxurmHr.exe
  C:\Windows\System\RxurmHr.exe
  2⤵
  PID:8148
- C:\Windows\System\IIZlJqu.exe
  C:\Windows\System\IIZlJqu.exe
  2⤵
  PID:2972
- C:\Windows\System\XXsRZKE.exe
  C:\Windows\System\XXsRZKE.exe
  2⤵
  PID:8080
- C:\Windows\System\sEqDCUV.exe
  C:\Windows\System\sEqDCUV.exe
  2⤵
  PID:8096
- C:\Windows\System\CcXOywi.exe
  C:\Windows\System\CcXOywi.exe
  2⤵
  PID:7396
- C:\Windows\System\ZusKhXA.exe
  C:\Windows\System\ZusKhXA.exe
  2⤵
  PID:8000
- C:\Windows\System\sTXYxWQ.exe
  C:\Windows\System\sTXYxWQ.exe
  2⤵
  PID:7744
- C:\Windows\System\HPsiDne.exe
  C:\Windows\System\HPsiDne.exe
  2⤵
  PID:8208
- C:\Windows\System\boLphaP.exe
  C:\Windows\System\boLphaP.exe
  2⤵
  PID:8224
- C:\Windows\System\bOJKJVj.exe
  C:\Windows\System\bOJKJVj.exe
  2⤵
  PID:8240
- C:\Windows\System\HsfCfEy.exe
  C:\Windows\System\HsfCfEy.exe
  2⤵
  PID:8256
- C:\Windows\System\UyxTiFw.exe
  C:\Windows\System\UyxTiFw.exe
  2⤵
  PID:8272
- C:\Windows\System\qoAjLbP.exe
  C:\Windows\System\qoAjLbP.exe
  2⤵
  PID:8288
- C:\Windows\System\rasCFtv.exe
  C:\Windows\System\rasCFtv.exe
  2⤵
  PID:8304
- C:\Windows\System\uUBLpwC.exe
  C:\Windows\System\uUBLpwC.exe
  2⤵
  PID:8320
- C:\Windows\System\vdjyFwN.exe
  C:\Windows\System\vdjyFwN.exe
  2⤵
  PID:8336
- C:\Windows\System\jZeLsqU.exe
  C:\Windows\System\jZeLsqU.exe
  2⤵
  PID:8352
- C:\Windows\System\BvOpmvd.exe
  C:\Windows\System\BvOpmvd.exe
  2⤵
  PID:8368
- C:\Windows\System\tTFkPhP.exe
  C:\Windows\System\tTFkPhP.exe
  2⤵
  PID:8384
- C:\Windows\System\SwejHqA.exe
  C:\Windows\System\SwejHqA.exe
  2⤵
  PID:8400
- C:\Windows\System\nwEtCmf.exe
  C:\Windows\System\nwEtCmf.exe
  2⤵
  PID:8416
- C:\Windows\System\alHMQcJ.exe
  C:\Windows\System\alHMQcJ.exe
  2⤵
  PID:8432
- C:\Windows\System\ipOlpUe.exe
  C:\Windows\System\ipOlpUe.exe
  2⤵
  PID:8448
- C:\Windows\System\XUdylTz.exe
  C:\Windows\System\XUdylTz.exe
  2⤵
  PID:8464
- C:\Windows\System\jKYRWEQ.exe
  C:\Windows\System\jKYRWEQ.exe
  2⤵
  PID:8480
- C:\Windows\System\qrRRLZn.exe
  C:\Windows\System\qrRRLZn.exe
  2⤵
  PID:8496
- C:\Windows\System\qWRxHGO.exe
  C:\Windows\System\qWRxHGO.exe
  2⤵
  PID:8512
- C:\Windows\System\qDOpRwG.exe
  C:\Windows\System\qDOpRwG.exe
  2⤵
  PID:8528
- C:\Windows\System\EanRCxS.exe
  C:\Windows\System\EanRCxS.exe
  2⤵
  PID:8544
- C:\Windows\System\zOnMxFg.exe
  C:\Windows\System\zOnMxFg.exe
  2⤵
  PID:8560
- C:\Windows\System\UEAFyYe.exe
  C:\Windows\System\UEAFyYe.exe
  2⤵
  PID:8576
- C:\Windows\System\hFybdUe.exe
  C:\Windows\System\hFybdUe.exe
  2⤵
  PID:8592
- C:\Windows\System\qJxqcqI.exe
  C:\Windows\System\qJxqcqI.exe
  2⤵
  PID:8608
- C:\Windows\System\CGqkEzr.exe
  C:\Windows\System\CGqkEzr.exe
  2⤵
  PID:8624
- C:\Windows\System\NVvqael.exe
  C:\Windows\System\NVvqael.exe
  2⤵
  PID:8640
- C:\Windows\System\YOFKDPP.exe
  C:\Windows\System\YOFKDPP.exe
  2⤵
  PID:8656
- C:\Windows\System\SKlKgSO.exe
  C:\Windows\System\SKlKgSO.exe
  2⤵
  PID:8672
- C:\Windows\System\dTWlUhO.exe
  C:\Windows\System\dTWlUhO.exe
  2⤵
  PID:8688
- C:\Windows\System\eAXDkeT.exe
  C:\Windows\System\eAXDkeT.exe
  2⤵
  PID:8708
- C:\Windows\System\AsfoONt.exe
  C:\Windows\System\AsfoONt.exe
  2⤵
  PID:8724
- C:\Windows\System\XVdswZP.exe
  C:\Windows\System\XVdswZP.exe
  2⤵
  PID:8740
- C:\Windows\System\qMzCBDF.exe
  C:\Windows\System\qMzCBDF.exe
  2⤵
  PID:8756
- C:\Windows\System\NvjOeos.exe
  C:\Windows\System\NvjOeos.exe
  2⤵
  PID:8772
- C:\Windows\System\gXSKsjn.exe
  C:\Windows\System\gXSKsjn.exe
  2⤵
  PID:8792
- C:\Windows\System\uAEZmkn.exe
  C:\Windows\System\uAEZmkn.exe
  2⤵
  PID:8808
- C:\Windows\System\HRwgFXZ.exe
  C:\Windows\System\HRwgFXZ.exe
  2⤵
  PID:8824
- C:\Windows\System\nFNnMCx.exe
  C:\Windows\System\nFNnMCx.exe
  2⤵
  PID:8840
- C:\Windows\System\mTjDhxI.exe
  C:\Windows\System\mTjDhxI.exe
  2⤵
  PID:8856
- C:\Windows\System\nVExSnB.exe
  C:\Windows\System\nVExSnB.exe
  2⤵
  PID:8872
- C:\Windows\System\weNVVgy.exe
  C:\Windows\System\weNVVgy.exe
  2⤵
  PID:8888
- C:\Windows\System\XYnffRd.exe
  C:\Windows\System\XYnffRd.exe
  2⤵
  PID:8904
- C:\Windows\System\oTemNVR.exe
  C:\Windows\System\oTemNVR.exe
  2⤵
  PID:8920
- C:\Windows\System\KNqpmpd.exe
  C:\Windows\System\KNqpmpd.exe
  2⤵
  PID:8936
- C:\Windows\System\RNiMQqN.exe
  C:\Windows\System\RNiMQqN.exe
  2⤵
  PID:8952
- C:\Windows\System\DVaGXFm.exe
  C:\Windows\System\DVaGXFm.exe
  2⤵
  PID:8968
- C:\Windows\System\NqNfhBJ.exe
  C:\Windows\System\NqNfhBJ.exe
  2⤵
  PID:8984
- C:\Windows\System\ONBcMwo.exe
  C:\Windows\System\ONBcMwo.exe
  2⤵
  PID:9000
- C:\Windows\System\JakHGTD.exe
  C:\Windows\System\JakHGTD.exe
  2⤵
  PID:9016
- C:\Windows\System\ssvolTn.exe
  C:\Windows\System\ssvolTn.exe
  2⤵
  PID:9032
- C:\Windows\System\mAPfHse.exe
  C:\Windows\System\mAPfHse.exe
  2⤵
  PID:9048
- C:\Windows\System\xVtBNTR.exe
  C:\Windows\System\xVtBNTR.exe
  2⤵
  PID:9064
- C:\Windows\System\uCIBzPl.exe
  C:\Windows\System\uCIBzPl.exe
  2⤵
  PID:9080
- C:\Windows\System\Ougispj.exe
  C:\Windows\System\Ougispj.exe
  2⤵
  PID:9096
- C:\Windows\System\rWvoMaM.exe
  C:\Windows\System\rWvoMaM.exe
  2⤵
  PID:9112
- C:\Windows\System\pMIrflp.exe
  C:\Windows\System\pMIrflp.exe
  2⤵
  PID:9128
- C:\Windows\System\becTZAr.exe
  C:\Windows\System\becTZAr.exe
  2⤵
  PID:9144
- C:\Windows\System\QBtAvJk.exe
  C:\Windows\System\QBtAvJk.exe
  2⤵
  PID:9160
- C:\Windows\System\TVNDGAG.exe
  C:\Windows\System\TVNDGAG.exe
  2⤵
  PID:9176
- C:\Windows\System\ihncTxR.exe
  C:\Windows\System\ihncTxR.exe
  2⤵
  PID:9192
- C:\Windows\System\bKnHDYl.exe
  C:\Windows\System\bKnHDYl.exe
  2⤵
  PID:9208
- C:\Windows\System\vgMYqBy.exe
  C:\Windows\System\vgMYqBy.exe
  2⤵
  PID:7240
- C:\Windows\System\erVHJWY.exe
  C:\Windows\System\erVHJWY.exe
  2⤵
  PID:7664
- C:\Windows\System\BMMyskF.exe
  C:\Windows\System\BMMyskF.exe
  2⤵
  PID:8200
- C:\Windows\System\KFPqYmU.exe
  C:\Windows\System\KFPqYmU.exe
  2⤵
  PID:8204
- C:\Windows\System\jhQknnU.exe
  C:\Windows\System\jhQknnU.exe
  2⤵
  PID:8216
- C:\Windows\System\jwZZwEb.exe
  C:\Windows\System\jwZZwEb.exe
  2⤵
  PID:8300
- C:\Windows\System\WUfTngX.exe
  C:\Windows\System\WUfTngX.exe
  2⤵
  PID:8360
- C:\Windows\System\NsIViti.exe
  C:\Windows\System\NsIViti.exe
  2⤵
  PID:8396
- C:\Windows\System\NGenOba.exe
  C:\Windows\System\NGenOba.exe
  2⤵
  PID:8164
- C:\Windows\System\HbcbjjI.exe
  C:\Windows\System\HbcbjjI.exe
  2⤵
  PID:8488
- C:\Windows\System\oLoOqPg.exe
  C:\Windows\System\oLoOqPg.exe
  2⤵
  PID:7728
- C:\Windows\System\MgHbJBM.exe
  C:\Windows\System\MgHbJBM.exe
  2⤵
  PID:8520
- C:\Windows\System\xJqEKPz.exe
  C:\Windows\System\xJqEKPz.exe
  2⤵
  PID:8316
- C:\Windows\System\oAiUwil.exe
  C:\Windows\System\oAiUwil.exe
  2⤵
  PID:8380
- C:\Windows\System\csCUZqn.exe
  C:\Windows\System\csCUZqn.exe
  2⤵
  PID:8556
- C:\Windows\System\KcyZaoh.exe
  C:\Windows\System\KcyZaoh.exe
  2⤵
  PID:8476
- C:\Windows\System\dZadIDt.exe
  C:\Windows\System\dZadIDt.exe
  2⤵
  PID:8504
- C:\Windows\System\yejaptF.exe
  C:\Windows\System\yejaptF.exe
  2⤵
  PID:8964
- C:\Windows\System\tMoqAkQ.exe
  C:\Windows\System\tMoqAkQ.exe
  2⤵
  PID:9056
- C:\Windows\System\eWTDSyX.exe
  C:\Windows\System\eWTDSyX.exe
  2⤵
  PID:9024
- C:\Windows\System\OksJqiV.exe
  C:\Windows\System\OksJqiV.exe
  2⤵
  PID:2672
- C:\Windows\System\DjvLQmk.exe
  C:\Windows\System\DjvLQmk.exe
  2⤵
  PID:8460
- C:\Windows\System\wETYQhS.exe
  C:\Windows\System\wETYQhS.exe
  2⤵
  PID:8376
- C:\Windows\System\EnQQTSa.exe
  C:\Windows\System\EnQQTSa.exe
  2⤵
  PID:8572
- C:\Windows\System\hydOXkL.exe
  C:\Windows\System\hydOXkL.exe
  2⤵
  PID:8312
- C:\Windows\System\vsDSYVN.exe
  C:\Windows\System\vsDSYVN.exe
  2⤵
  PID:8328
- C:\Windows\System\TjZUAoR.exe
  C:\Windows\System\TjZUAoR.exe
  2⤵
  PID:8552
- C:\Windows\System\jIQEkzA.exe
  C:\Windows\System\jIQEkzA.exe
  2⤵
  PID:8604
- C:\Windows\System\hpvBZzC.exe
  C:\Windows\System\hpvBZzC.exe
  2⤵
  PID:8684
- C:\Windows\System\ToYiLuJ.exe
  C:\Windows\System\ToYiLuJ.exe
  2⤵
  PID:8716
- C:\Windows\System\kIMwkga.exe
  C:\Windows\System\kIMwkga.exe
  2⤵
  PID:8732
- C:\Windows\System\ZvPXEGm.exe
  C:\Windows\System\ZvPXEGm.exe
  2⤵
  PID:8748
- C:\Windows\System\UpWBFnt.exe
  C:\Windows\System\UpWBFnt.exe
  2⤵
  PID:8764
- C:\Windows\System\ImRKygR.exe
  C:\Windows\System\ImRKygR.exe
  2⤵
  PID:8736
- C:\Windows\System\wzrdfRO.exe
  C:\Windows\System\wzrdfRO.exe
  2⤵
  PID:8836
- C:\Windows\System\msWLyoU.exe
  C:\Windows\System\msWLyoU.exe
  2⤵
  PID:7644
- C:\Windows\System\fXSuqHB.exe
  C:\Windows\System\fXSuqHB.exe
  2⤵
  PID:8896
- C:\Windows\System\hkkmpeu.exe
  C:\Windows\System\hkkmpeu.exe
  2⤵
  PID:8976
- C:\Windows\System\nfdWHMd.exe
  C:\Windows\System\nfdWHMd.exe
  2⤵
  PID:9040
- C:\Windows\System\lMYaWWt.exe
  C:\Windows\System\lMYaWWt.exe
  2⤵
  PID:9104
- C:\Windows\System\AqCDPkb.exe
  C:\Windows\System\AqCDPkb.exe
  2⤵
  PID:9168
- C:\Windows\System\hhDGvlk.exe
  C:\Windows\System\hhDGvlk.exe
  2⤵
  PID:8928
- C:\Windows\System\yyEWChY.exe
  C:\Windows\System\yyEWChY.exe
  2⤵
  PID:8664
- C:\Windows\System\FHBmoPo.exe
  C:\Windows\System\FHBmoPo.exe
  2⤵
  PID:8820
- C:\Windows\System\SvknwKS.exe
  C:\Windows\System\SvknwKS.exe
  2⤵
  PID:8900
- C:\Windows\System\eYCvfXD.exe
  C:\Windows\System\eYCvfXD.exe
  2⤵
  PID:8980
- C:\Windows\System\dSkGtqJ.exe
  C:\Windows\System\dSkGtqJ.exe
  2⤵
  PID:9136
- C:\Windows\System\GfHnVLo.exe
  C:\Windows\System\GfHnVLo.exe
  2⤵
  PID:9092
- C:\Windows\System\hZgNSJp.exe
  C:\Windows\System\hZgNSJp.exe
  2⤵
  PID:8264
- C:\Windows\System\YrlgeOV.exe
  C:\Windows\System\YrlgeOV.exe
  2⤵
  PID:7300
- C:\Windows\System\MEBZLGY.exe
  C:\Windows\System\MEBZLGY.exe
  2⤵
  PID:8428
- C:\Windows\System\JvGxbQR.exe
  C:\Windows\System\JvGxbQR.exe
  2⤵
  PID:8412
- C:\Windows\System\KFUmrko.exe
  C:\Windows\System\KFUmrko.exe
  2⤵
  PID:8472
- C:\Windows\System\wglfgiP.exe
  C:\Windows\System\wglfgiP.exe
  2⤵
  PID:7680
- C:\Windows\System\mdrdEaG.exe
  C:\Windows\System\mdrdEaG.exe
  2⤵
  PID:8804
- C:\Windows\System\ScJISuM.exe
  C:\Windows\System\ScJISuM.exe
  2⤵
  PID:8848
- C:\Windows\System\LvKAmEe.exe
  C:\Windows\System\LvKAmEe.exe
  2⤵
  PID:9088
- C:\Windows\System\JdjybQX.exe
  C:\Windows\System\JdjybQX.exe
  2⤵
  PID:9188
- C:\Windows\System\XaHOxQw.exe
  C:\Windows\System\XaHOxQw.exe
  2⤵
  PID:8392
- C:\Windows\System\XMFGdlE.exe
  C:\Windows\System\XMFGdlE.exe
  2⤵
  PID:8348
- C:\Windows\System\gWaCfUP.exe
  C:\Windows\System\gWaCfUP.exe
  2⤵
  PID:8720
- C:\Windows\System\CUZbbgp.exe
  C:\Windows\System\CUZbbgp.exe
  2⤵
  PID:8784
- C:\Windows\System\Yfpwmrk.exe
  C:\Windows\System\Yfpwmrk.exe
  2⤵
  PID:9076
- C:\Windows\System\gVOPWCM.exe
  C:\Windows\System\gVOPWCM.exe
  2⤵
  PID:9152
- C:\Windows\System\HtmBmXI.exe
  C:\Windows\System\HtmBmXI.exe
  2⤵
  PID:8636
- C:\Windows\System\DEndmdu.exe
  C:\Windows\System\DEndmdu.exe
  2⤵
  PID:9200
- C:\Windows\System\yAOkrqV.exe
  C:\Windows\System\yAOkrqV.exe
  2⤵
  PID:9140
- C:\Windows\System\GnQoGxC.exe
  C:\Windows\System\GnQoGxC.exe
  2⤵
  PID:8652
- C:\Windows\System\GkhWxvZ.exe
  C:\Windows\System\GkhWxvZ.exe
  2⤵
  PID:9124
- C:\Windows\System\ZAhjYQs.exe
  C:\Windows\System\ZAhjYQs.exe
  2⤵
  PID:7228
- C:\Windows\System\YhZNysb.exe
  C:\Windows\System\YhZNysb.exe
  2⤵
  PID:8992
- C:\Windows\System\akZHLiL.exe
  C:\Windows\System\akZHLiL.exe
  2⤵
  PID:9244
- C:\Windows\System\allYGUZ.exe
  C:\Windows\System\allYGUZ.exe
  2⤵
  PID:9260
- C:\Windows\System\lNzNpZf.exe
  C:\Windows\System\lNzNpZf.exe
  2⤵
  PID:9276
- C:\Windows\System\QrjdVNS.exe
  C:\Windows\System\QrjdVNS.exe
  2⤵
  PID:9300
- C:\Windows\System\QWnufuO.exe
  C:\Windows\System\QWnufuO.exe
  2⤵
  PID:9316
- C:\Windows\System\ERAbzWZ.exe
  C:\Windows\System\ERAbzWZ.exe
  2⤵
  PID:9332
- C:\Windows\System\GrDVync.exe
  C:\Windows\System\GrDVync.exe
  2⤵
  PID:9352
- C:\Windows\System\ltzkrhn.exe
  C:\Windows\System\ltzkrhn.exe
  2⤵
  PID:9368
- C:\Windows\System\liahxJe.exe
  C:\Windows\System\liahxJe.exe
  2⤵
  PID:9408
- C:\Windows\System\yWDaDUM.exe
  C:\Windows\System\yWDaDUM.exe
  2⤵
  PID:9428
- C:\Windows\System\ltLIAuD.exe
  C:\Windows\System\ltLIAuD.exe
  2⤵
  PID:9448
- C:\Windows\System\HdVCnNi.exe
  C:\Windows\System\HdVCnNi.exe
  2⤵
  PID:9464
- C:\Windows\System\rhWacPa.exe
  C:\Windows\System\rhWacPa.exe
  2⤵
  PID:9480
- C:\Windows\System\esTRibm.exe
  C:\Windows\System\esTRibm.exe
  2⤵
  PID:9500
- C:\Windows\System\fenpgdY.exe
  C:\Windows\System\fenpgdY.exe
  2⤵
  PID:9516
- C:\Windows\System\pTSRVAa.exe
  C:\Windows\System\pTSRVAa.exe
  2⤵
  PID:9536
- C:\Windows\System\DDlzSnr.exe
  C:\Windows\System\DDlzSnr.exe
  2⤵
  PID:9552
- C:\Windows\System\zBjAKiN.exe
  C:\Windows\System\zBjAKiN.exe
  2⤵
  PID:9572
- C:\Windows\System\DHbnmor.exe
  C:\Windows\System\DHbnmor.exe
  2⤵
  PID:9588
- C:\Windows\System\rwNhYvw.exe
  C:\Windows\System\rwNhYvw.exe
  2⤵
  PID:9604
- C:\Windows\System\mSMSHeN.exe
  C:\Windows\System\mSMSHeN.exe
  2⤵
  PID:9620
- C:\Windows\System\ZnwApge.exe
  C:\Windows\System\ZnwApge.exe
  2⤵
  PID:9636
- C:\Windows\System\xAgSocG.exe
  C:\Windows\System\xAgSocG.exe
  2⤵
  PID:9652
- C:\Windows\System\MylaMoR.exe
  C:\Windows\System\MylaMoR.exe
  2⤵
  PID:9708
- C:\Windows\System\nZYGOAs.exe
  C:\Windows\System\nZYGOAs.exe
  2⤵
  PID:9728
- C:\Windows\System\aXsFAWb.exe
  C:\Windows\System\aXsFAWb.exe
  2⤵
  PID:9748
- C:\Windows\System\yNJlxpJ.exe
  C:\Windows\System\yNJlxpJ.exe
  2⤵
  PID:9764
- C:\Windows\System\BjAywCH.exe
  C:\Windows\System\BjAywCH.exe
  2⤵
  PID:9784
- C:\Windows\System\KtPuNec.exe
  C:\Windows\System\KtPuNec.exe
  2⤵
  PID:9800
- C:\Windows\System\wFBSCTc.exe
  C:\Windows\System\wFBSCTc.exe
  2⤵
  PID:9816
- C:\Windows\System\dzHRwWm.exe
  C:\Windows\System\dzHRwWm.exe
  2⤵
  PID:9836
- C:\Windows\System\tKTcALP.exe
  C:\Windows\System\tKTcALP.exe
  2⤵
  PID:9872
- C:\Windows\System\ZKhkxiz.exe
  C:\Windows\System\ZKhkxiz.exe
  2⤵
  PID:9888
- C:\Windows\System\lLuldkc.exe
  C:\Windows\System\lLuldkc.exe
  2⤵
  PID:9904
- C:\Windows\System\dDEDUwb.exe
  C:\Windows\System\dDEDUwb.exe
  2⤵
  PID:9928
- C:\Windows\System\cCYXDTW.exe
  C:\Windows\System\cCYXDTW.exe
  2⤵
  PID:9952
- C:\Windows\System\UpUUtuW.exe
  C:\Windows\System\UpUUtuW.exe
  2⤵
  PID:9968
- C:\Windows\System\FpLyZLV.exe
  C:\Windows\System\FpLyZLV.exe
  2⤵
  PID:9988
- C:\Windows\System\vEnTZeX.exe
  C:\Windows\System\vEnTZeX.exe
  2⤵
  PID:10004
- C:\Windows\System\BTvhjWZ.exe
  C:\Windows\System\BTvhjWZ.exe
  2⤵
  PID:10020
- C:\Windows\System\KYNRjEI.exe
  C:\Windows\System\KYNRjEI.exe
  2⤵
  PID:10036
- C:\Windows\System\UKVpEct.exe
  C:\Windows\System\UKVpEct.exe
  2⤵
  PID:10060
- C:\Windows\System\NQKmDPJ.exe
  C:\Windows\System\NQKmDPJ.exe
  2⤵
  PID:10076
- C:\Windows\System\JLydehL.exe
  C:\Windows\System\JLydehL.exe
  2⤵
  PID:10104
- C:\Windows\System\zkjCGDT.exe
  C:\Windows\System\zkjCGDT.exe
  2⤵
  PID:10128
- C:\Windows\System\GQBXBlo.exe
  C:\Windows\System\GQBXBlo.exe
  2⤵
  PID:10152
- C:\Windows\System\yiwGjSm.exe
  C:\Windows\System\yiwGjSm.exe
  2⤵
  PID:10172
- C:\Windows\System\fGHXboM.exe
  C:\Windows\System\fGHXboM.exe
  2⤵
  PID:10196
- C:\Windows\System\tBqzFum.exe
  C:\Windows\System\tBqzFum.exe
  2⤵
  PID:10216
- C:\Windows\System\OoZPrNS.exe
  C:\Windows\System\OoZPrNS.exe
  2⤵
  PID:9220
- C:\Windows\System\PpqhRxx.exe
  C:\Windows\System\PpqhRxx.exe
  2⤵
  PID:9232
- C:\Windows\System\ZehMxDC.exe
  C:\Windows\System\ZehMxDC.exe
  2⤵
  PID:9256
- C:\Windows\System\ILwaXhG.exe
  C:\Windows\System\ILwaXhG.exe
  2⤵
  PID:9348
- C:\Windows\System\oCDNQTc.exe
  C:\Windows\System\oCDNQTc.exe
  2⤵
  PID:9288
- C:\Windows\System\MFsPdBT.exe
  C:\Windows\System\MFsPdBT.exe
  2⤵
  PID:9388
- C:\Windows\System\WtZalZn.exe
  C:\Windows\System\WtZalZn.exe
  2⤵
  PID:9416
- C:\Windows\System\kbiDGZa.exe
  C:\Windows\System\kbiDGZa.exe
  2⤵
  PID:9440
- C:\Windows\System\sHnEhLK.exe
  C:\Windows\System\sHnEhLK.exe
  2⤵
  PID:9512
- C:\Windows\System\JhEJDRw.exe
  C:\Windows\System\JhEJDRw.exe
  2⤵
  PID:9460
- C:\Windows\System\ZijRkZw.exe
  C:\Windows\System\ZijRkZw.exe
  2⤵
  PID:9584
- C:\Windows\System\rnKkXPf.exe
  C:\Windows\System\rnKkXPf.exe
  2⤵
  PID:9488
- C:\Windows\System\ZCzLMfv.exe
  C:\Windows\System\ZCzLMfv.exe
  2⤵
  PID:9596
- C:\Windows\System\XjhEpIM.exe
  C:\Windows\System\XjhEpIM.exe
  2⤵
  PID:9664
- C:\Windows\System\iKUQBOz.exe
  C:\Windows\System\iKUQBOz.exe
  2⤵
  PID:9680
- C:\Windows\System\mmlpSwS.exe
  C:\Windows\System\mmlpSwS.exe
  2⤵
  PID:9696
- C:\Windows\System\wZuXaYN.exe
  C:\Windows\System\wZuXaYN.exe
  2⤵
  PID:9724
- C:\Windows\System\grcdyqv.exe
  C:\Windows\System\grcdyqv.exe
  2⤵
  PID:9772
- C:\Windows\System\QyRAAbz.exe
  C:\Windows\System\QyRAAbz.exe
  2⤵
  PID:9832
- C:\Windows\System\uoxrkOR.exe
  C:\Windows\System\uoxrkOR.exe
  2⤵
  PID:9856
- C:\Windows\System\yNDqFea.exe
  C:\Windows\System\yNDqFea.exe
  2⤵
  PID:9880
- C:\Windows\System\GovlxIV.exe
  C:\Windows\System\GovlxIV.exe
  2⤵
  PID:9924
- C:\Windows\System\MTtCtyv.exe
  C:\Windows\System\MTtCtyv.exe
  2⤵
  PID:9948
- C:\Windows\System\byhpFbe.exe
  C:\Windows\System\byhpFbe.exe
  2⤵
  PID:9976
- C:\Windows\System\DveGJcb.exe
  C:\Windows\System\DveGJcb.exe
  2⤵
  PID:10012
- C:\Windows\System\isBXrFd.exe
  C:\Windows\System\isBXrFd.exe
  2⤵
  PID:10044
- C:\Windows\System\LJBFfWm.exe
  C:\Windows\System\LJBFfWm.exe
  2⤵
  PID:10068
- C:\Windows\System\tIcThqq.exe
  C:\Windows\System\tIcThqq.exe
  2⤵
  PID:10100
- C:\Windows\System\sOCIAds.exe
  C:\Windows\System\sOCIAds.exe
  2⤵
  PID:10148
- C:\Windows\System\evvalIW.exe
  C:\Windows\System\evvalIW.exe
  2⤵
  PID:10164
- C:\Windows\System\rnjDlhC.exe
  C:\Windows\System\rnjDlhC.exe
  2⤵
  PID:10192
- C:\Windows\System\SZyCnJi.exe
  C:\Windows\System\SZyCnJi.exe
  2⤵
  PID:10224
- C:\Windows\System\PtHZZuC.exe
  C:\Windows\System\PtHZZuC.exe
  2⤵
  PID:9240
- C:\Windows\System\AOwhoSy.exe
  C:\Windows\System\AOwhoSy.exe
  2⤵
  PID:9340
- C:\Windows\System\iEipqfZ.exe
  C:\Windows\System\iEipqfZ.exe
  2⤵
  PID:9328
- C:\Windows\System\qmiShLX.exe
  C:\Windows\System\qmiShLX.exe
  2⤵
  PID:9508
- C:\Windows\System\EcWuuGY.exe
  C:\Windows\System\EcWuuGY.exe
  2⤵
  PID:9564
- C:\Windows\System\ufTJnIM.exe
  C:\Windows\System\ufTJnIM.exe
  2⤵
  PID:9568
- C:\Windows\System\VRkriqY.exe
  C:\Windows\System\VRkriqY.exe
  2⤵
  PID:9616
- C:\Windows\System\hKKMAHA.exe
  C:\Windows\System\hKKMAHA.exe
  2⤵
  PID:9632
- C:\Windows\System\uGMLTXi.exe
  C:\Windows\System\uGMLTXi.exe
  2⤵
  PID:9716
- C:\Windows\System\QcrxXFV.exe
  C:\Windows\System\QcrxXFV.exe
  2⤵
  PID:9740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BxUxpnP.exe

Filesize
6.0MB

MD5
cb9b0aea14b4d1f1724939ef0c1e3861

SHA1
468986739430a682912cc2b99b71cfad5577ffb7

SHA256
b722658c7475f982f47a78d4ff7101dc19078426ee1afc36c769f125f0682769

SHA512
1dd7adaa8f4fca016d783dc32d29c0cc771198087065fa5451b1cb6760220620a4c95363968b7a1cb276a9de1a8a58306d973082e601907f028704d29bf6cad5

Download Submit
C:\Windows\system\DtTmrgN.exe

Filesize
6.0MB

MD5
a1c0f62f93b95165b08124140975a4d5

SHA1
3691e80fdaf0a8808ed86322d957530a93ce020a

SHA256
e2f52d6fe61b3c96df35d1f3fa382de4f1b1efbbbfd7fe17f517215741c7f2d4

SHA512
f60889475d77392e6d60a72d0f92707b9721c2ca4982661e08ce943dcf1172d4ca223bbf875c5ceb46c5a2fe0c4c71c3b1a81096465fca0336d216f788a3c77c

Download Submit
C:\Windows\system\GUpYrpC.exe

Filesize
6.0MB

MD5
aa9eb77d422cedfa7b592631f4134e75

SHA1
4d4d0fd7ded11e79df6f11f913e700fe05dd3ca3

SHA256
b8104acc8cba3479507e1c09bc3ff651373651c3964762f8c5c7409cb7545b96

SHA512
3b1511ea84eadfe80d7d4c6647f67ac5a1c2b54210fc95f6d7579a3e304121d4357a30fd2997a71ec8625d1b96c98a21a12c1bfad2d06d8c903f12a37b6d6566

Download Submit
C:\Windows\system\GkRolcO.exe

Filesize
6.0MB

MD5
dcabbb024f751f1f635de5fc3931b749

SHA1
fcaf17cf7e187ebec2fb8c9913b3e939293005d4

SHA256
2ed5d1cfde09f120737f05a567908190cf962abfe8df24d9cb32db9965da5e10

SHA512
c427747f5e90d5307b066d5c199f4eb62b1355ee8a6ea5c017ccf4012b0303791c1a39d7207b6c3802152cdd79d4710509baabec1e2747283842163ea618b68e

Download Submit
C:\Windows\system\IsQSoUN.exe

Filesize
6.0MB

MD5
93c62597ab1d57d509cc625a4b56a57e

SHA1
e2d1e6dbcb66794853332df4aab83e186ff53fea

SHA256
842c445f8b97ce7c6b69f71afec23060c94e789ea9d6c881601d5f2603c56f40

SHA512
8e0eb4cb2d66a4933ca82420ebbb8cfe7b2f57eb227aa8252ff8968b4bd53eba3aa7a3131cda6de34bd1f5a50801514d178ac5d14070a1e4da2a8ac27fc9797b

Download Submit
C:\Windows\system\IwPkOaQ.exe

Filesize
6.0MB

MD5
44ee007cd957e2acfa675f0dc83bde3c

SHA1
6c791f26c2a630056f3a43c26b9445ccb4a8dd3e

SHA256
dd0d0d7d080f5c96dcb7e4fd8c8c4fada71b55f335745e427fb940315ba374d3

SHA512
b3fed8bfbacfe8c7d038befb69c6b9eeda68b74e830e919ccfbbc1a9d21b7f1e7312e7b0b974a1f6bf5e59d06eca922c09ef94677cb8c04b7707d3a91fcc3c4a

Download Submit
C:\Windows\system\LBOcDKw.exe

Filesize
6.0MB

MD5
81722a0f0d3d411dc17b9e99f9efccbb

SHA1
84603db62d75154e3d4a6aa6daf0f532ff1f39e8

SHA256
98300909e09d2e1dae6a29f6d4c215e361a64180cb2843f66e45aece727ea68d

SHA512
1398649e1959826ecd2c01adf8dc6a2990bfb7641a06858d0394748dc38ae093a427244cb537f1d91765a24e6687a65ce70b9d02c811b09e6bbc8c430baa0ef2

Download Submit
C:\Windows\system\TnXoQFf.exe

Filesize
6.0MB

MD5
79c77cdcd168ae7cf60d6ef3830f01ec

SHA1
f99f5d7ed064cfd0cc84b07bc25a2cde4e5d7fb0

SHA256
5316a2650ebe78285fecefd2ebfc57c1c4bfa71e0a78ec2d17f57d91149fad76

SHA512
438f9dd2befd9a6ceda68c0acb7be4b75c3971a7827467a527c1b0bb431e5bdfa1a0b18d8b06d72276db7aa43a43ae72c8a1b06eb668be9f3bf18fce711952f6

Download Submit
C:\Windows\system\UsYlHhA.exe

Filesize
6.0MB

MD5
ad1160884353e4b4beed78a335e43458

SHA1
4f3a18e90450d8ae407718bd58c28903a0ea26f9

SHA256
a05377975d73572eaeac4ff7e80d7b8c9015b92396922f638da5ebd98169c46c

SHA512
d73135346318ef519ee4bcebfe1ab16c5c53c7bf74916e373c2805043ff799a26df4c6b7a3eec2145e7d1849eeab7c90adcfef19b284a6eec0511c84d26b1610

Download Submit
C:\Windows\system\YglIWdS.exe

Filesize
6.0MB

MD5
2257ec439119be91286d5e3eb4b0a92f

SHA1
d2abe2eb389a143deab37bb941abfb0204b110df

SHA256
d520cdef490e2857182ac999051bbf7b26a925408f769cbdfe50fe3f42ebccc0

SHA512
b10eb148c07d01034995232b4bf4603eb2da9617fd15101bd7f3ac8f590a126e756fbcb253351eb6c5c79ab4b856377fe573a586bb774dff1c15f41955f03919

Download Submit
C:\Windows\system\ZvrlnAm.exe

Filesize
6.0MB

MD5
abb4ac3c68561696a656f9e3e799bbb2

SHA1
57a74473a3984063a2ace5db796800f29a03ee47

SHA256
0e2836c250b556ff07c915e36700da026b32203b99e1e56617f145f20cc58376

SHA512
1f7bb728953d233e38bdc3a6932affad0c2258aa51e8164bb0ec3360cf073a0d80ce14342dc22fa6a3f7fb139f6c40f048fef7536187bf328b7af57d9d3703bc

Download Submit
C:\Windows\system\bcJwijs.exe

Filesize
6.0MB

MD5
868c945eb56e49075167d8ce87541f72

SHA1
4e8810063478605639829cf325ffc6fcbced8387

SHA256
dc8079fe4d53b76ab77b9a64edaa32229f6d314a897aec417ae380ffe0df2db6

SHA512
aa2e96581f39d84a9e99891905d58b27dc01e46f00d84c6e1ec8a1fee2100d8ff6122f27fde48e319742fc0fdfa2e089740bbd072411eef276d77efea9b06397

Download Submit
C:\Windows\system\beuFdQv.exe

Filesize
6.0MB

MD5
0fafcf3bb454349a00003594248f5d55

SHA1
950414345bb3e679824fd00bacdbe4bd43ae3015

SHA256
61e438729af04576d6cae0af014586a31ef42a59aa342b3c156b26e7ed7be6db

SHA512
9ce0facba57e06c809bcf12d7af4be71368fe6f869928504f1b7d74ddd26a1c156d2a490c4fa9f810ae86ed359968a624453d5e3b33e0d685ccbb5b3dea55649

Download Submit
C:\Windows\system\cHxQUzi.exe

Filesize
6.0MB

MD5
76d05c025604e91fc6a9b899047206de

SHA1
16e4f23e3670ff1e941c71c631d0bf9cbd5a2f6f

SHA256
1f9a14945de2c313a2f8bb39010c64423a6660ff84588aa787b41b855f2788b6

SHA512
c37a5e1d463749349824894f4a105c4f7d408a75c66fa12b7459d3c580edddf20f473094679dd8cf7b025c4a8123af8d29b0866e3d3234ba8f2c0070b5410043

Download Submit
C:\Windows\system\cVruzKW.exe

Filesize
6.0MB

MD5
dee28666afab8028c76247437df5efde

SHA1
b1c72fb018f807d675ba5543255fa1bb3aed9a0c

SHA256
c51b4422c97d56be4e3d4f8335590d5d7650242cd6905a1a4a92e9abd8eb2acd

SHA512
a5e986fd4f741f986d938007230c716b4a8623c1cdf3af755aa50da8f6716de9962ed8918a46e5daf6c1741fd0f37ea64c4d797bcbe0b85734c75a80ce22f81b

Download Submit
C:\Windows\system\ctOsHvX.exe

Filesize
6.0MB

MD5
2442482ca17b671e36c5cc00acb66675

SHA1
10f7ffb02134d8722ebe13ec653adc0f5c1caa40

SHA256
9623ff3fea94c0ed66e22290c74969ed72974da1f96bd1354778599f85ea331a

SHA512
9e328ae4ce8e35a00dd353355154b2af951cbda0e9b8a3f15399cc6c069378a488b7500fb4f160f8d582bbcaf0b50cb555afa01ac2581d9ba8ce4613bf933d60

Download Submit
C:\Windows\system\edkrkjb.exe

Filesize
6.0MB

MD5
ad0ce13499229552028047e313527b9e

SHA1
72bcc1c653f24cfe92aeb750f2603ccb4c9431c7

SHA256
111a2a5dc36fed14c108f2728c105c01bcf01401fcdf19a30b322ea0338ecf5b

SHA512
223efe6a410c9ded6fe7a4f182f61bae31df565688580afe9c18dee20958914543a5feb26e60ffd95fa86a5830e059338b57707aa528dea9cf1de7a93e5486e0

Download Submit
C:\Windows\system\efiXgid.exe

Filesize
6.0MB

MD5
2cce75a4ee71a5cbff9c106f0147f312

SHA1
8f43c79d4ce37eaf92a00d9cedc8542d30f836b7

SHA256
373f7ade5b315c3b446ddbcd7c71a4c6489e5e232dcac879562b366dcfa27137

SHA512
f4c61ee2fcd18e2990ae53725a7367cd031e04c54746186b44c6f8ac2b13ead5c863396527bf83379f71105a555c641befb2c3c1e4fa2ee856e2b7c8da3e9ed8

Download Submit
C:\Windows\system\fRJDDFf.exe

Filesize
6.0MB

MD5
8793f031d294a373ed791ab31b0113e3

SHA1
aa4156e145d856c17fab5e4bbb8895c1db0c64fe

SHA256
f8f744527e9871de36384af4832db50b14ea7ff14a91e7fc9dbfc58688f92c9b

SHA512
164f8e2db8005d6126f5a6c2f1dccf80c2d06ef50a522a18f2c0ac0e969fbb18b756af7df41205c9a658f03c5cf3991cd9e76765d475e2265ef3cb6dfd4c19a5

Download Submit
C:\Windows\system\hDBxrOp.exe

Filesize
6.0MB

MD5
d778745f14667392a953ad8c11956141

SHA1
3d29ab687232a1c7d62cc7f8426fb0df66b22fc6

SHA256
92cd8396b5dcf4beb4d817eb8629147aa23b4614b0a6738ab7169f2f73ed5ef0

SHA512
3bcc8f49c234d5100e9dc48827ac9a3ca62857bd7cdfb68a38457ffff3feaea6a2253bd456f3e5bb52c11af031b6d79d92cf035cc86fea31a2b0793816cf9f45

Download Submit
C:\Windows\system\jKOFJnu.exe

Filesize
6.0MB

MD5
36e394dd9dafb3c3e96b2ee921cb72af

SHA1
3fa59daef127f2da8fb89fde0066f36178701f32

SHA256
782b731f6e40d4dde3f8eaf583600281c54c71ced8f170b5480664364348ccbf

SHA512
5c70440a71beec639e7695e2cfcf33884c5d2ad496358609ece665caec2d0f92def7d2429aad6aab0d2f047d67fbedcc0b747ca84b2f1114bb88350706f74dbc

Download Submit
C:\Windows\system\kpjgewO.exe

Filesize
6.0MB

MD5
6d6210094eef9db54ddcdc78aa21ebe6

SHA1
586afba6fc60c86f7f0c7d9442cd8de3ca68f3f2

SHA256
34a4fcc533d6ad120f10e5e474812a4b178ed7b0bff3cff766086980478643d6

SHA512
726abc5970b986e6733127ba2f2f098470f6e2de2c8cbffecbaa1680187687ccdabaf9f22a64c7d6771931b4a42726bd81ce84e7070fecda2daf04ee90153787

Download Submit
C:\Windows\system\kwxJdsB.exe

Filesize
8B

MD5
2e44aa507959b1bce97f8f21d37609c5

SHA1
873c017c84db9d139743c00ad0377a752577ee1f

SHA256
e9d77b03259d4a224bd233da4004dc6f1c60d59542c36f1a26a6a33348c54a78

SHA512
fb25f4b7fd4b162d83cbab07ce22debea6df8776184290940e7b5722719fbf28a520034531bfc7ffe4699052391dffd3300477e9c2eae5eebbd2c09f9fcebd90

Download Submit
C:\Windows\system\mkHKBgE.exe

Filesize
6.0MB

MD5
418d0e57bc30961e5ea8949b30291924

SHA1
5521eafe9343bd3b8352bd5afbb1be5db3e36a76

SHA256
866e4980400e54746c37dcc5dca9d072672253db1cc5c6fa5eef37d6abf4e5ce

SHA512
4bbed74b9187d7b49fa041877909d25eebb8c784d885a3038073bca69daa10070ad573f637ee4cd418d9e1dfe8eb2bfe9802cb096d962c45f3684c7d7a9136ab

Download Submit
C:\Windows\system\nVRUPYX.exe

Filesize
6.0MB

MD5
0dde2fb282bc8947a98a58794341e640

SHA1
8dd9dd7ea4ff392c8374ffbe20bc4cb7a5fbbfd4

SHA256
150eb2a1a88d9b6a617bcfdfd8101911aa0990230f5a24cf2e3f2a00d9091912

SHA512
d87e3edccc1d8a1f235034a5be0faaf3f7a1224f89f7f7dae3ea250f48087610a06df181c00a2b286c973243c9b0bf5671d5da5b359bc672d7259b73521b7356

Download Submit
C:\Windows\system\qojQaFf.exe

Filesize
6.0MB

MD5
1ba00db886d0c655606207bd79eeda17

SHA1
cc62a8cd8f618c49359cb1bd3f4112ff206eee71

SHA256
36d69a2e54d4b06ab5f10ad585d022ef3c7f843ac7f7d574aa8356cd1af2eab1

SHA512
fb4ba9edd55d506fe09c0d05f14aa3c3061662143310eb3590e8c9c50d5e7ca9797a4beefd3d0bd105551626c45f1cd3ccd505555885ae1cb96a22dc35b2054c

Download Submit
C:\Windows\system\tcROlTY.exe

Filesize
6.0MB

MD5
40b0fa896cae8f6e40937f3e0139bc10

SHA1
9982333f833922a9c906e49959085a4e659b10bd

SHA256
295d09a69de51eec0754edaaa5b02e8e00f341f141eeb3f7ca37c731010c4a73

SHA512
239665e388bb2f43f3b51d2ba78c4eb4c9c528c586a76358c4fe3967999ae7851db8786c327c199d4063652ac678338e59f3e1533528373dd0f00cbfc8899995

Download Submit
C:\Windows\system\ujEqpuf.exe

Filesize
6.0MB

MD5
6a65ffce49c303716e7f31873d85bb86

SHA1
ca0ceeeed2878ce8c9d014deafd767fc0fd9b00c

SHA256
60809090c2f347c1e8b0b5ffbb3ec453ac215839b4e9fab54162f8a135762d92

SHA512
82835fde2c45aa641fe97cf566753b9d83447f93cfc8aa65e496309d332ad6111f48213180c8cdd5c689bba3966972b05f1a8718bbf141cb40d03e5f4611c38f

Download Submit
C:\Windows\system\wxNXPFz.exe

Filesize
6.0MB

MD5
8020a3d56476fa83edf2a9fb2d77c8e4

SHA1
282a2e78a4aefce93c36a33b45ca3460a0b851fc

SHA256
37533246bc1119dc12b6127a727792a833cae5c5ef466ca4f0ba11219774a902

SHA512
677cbe296d5b09e14daa2fa6fc726847f9def937fed468c951ada177c019341701dcf839098000cbac1a6503b002ce47f645b38ec5bbcdcec8c27420dbe44d2f

Download Submit
C:\Windows\system\xOLGRBl.exe

Filesize
6.0MB

MD5
51c0a06c00931e3b2edc0cd9249d5032

SHA1
ef281c2d63b1a6761adf44d50adcd54564084022

SHA256
0db6106378ec4fef8ead3fd7ab1762982fb1573ae243a48ccca7eeaa714afa0b

SHA512
5c97bda7f1b0562bd1d90cc684e8163a0294d05d08b27187479ef2f6759bebca8d2e07ad52ba26a25ee0bf644dbdc1de686c7e613a056f3489cae13dbb12eecc

Download Submit
C:\Windows\system\yFOwthD.exe

Filesize
6.0MB

MD5
d66042a8c22cbe5ddb5bf5449d3fcdfe

SHA1
eddac3feef8c200910c4111284c6aab7413faa1a

SHA256
09d63335729b7f462e30d2f86de4e0f666be1b989694a33b8b5d5c6d074d5c6f

SHA512
d47632b5fda65ce3dfd6505ea5638496acc09e67df2d628e8bc6bd82dcc567924c8875a9d835263b97c6872956a9e777f4bf4b390cdd2816e3f9f775a71ae84c

Download Submit
\Windows\system\JLYdgmi.exe

Filesize
6.0MB

MD5
1201fc3c3b6f8cbae6af43d8c566479e

SHA1
530e9763696ffa99757e69813553f332e4344ec7

SHA256
4157b027a8dc3021e0c6d88e25f05a8c31fc4406dacd69d12a119dba81689f1f

SHA512
eef8fa0f005766fdcdfa23194160d9a8e3df337656d38d3af4609ea05e990ed5f2b2bc0da9aa32cdd24f1075a5f450b24c41b32301acab0a3291425dc0c58eee

Download Submit
\Windows\system\TwTuSOZ.exe

Filesize
6.0MB

MD5
1396d084af9a0ab8776b1007a2f031e4

SHA1
a106262d9b590a6959094547b008c2ed50078634

SHA256
ae31760fa2735cbd3d711b86ccb576c20613c34e3fb58ba700319ba140f93c8d

SHA512
90ccda8414b87e1934d3c43b3179d4fe8d95e66756df91d8ceb9571dcd73fed4cd86b4703184a3127fa1f079bc1ac62313e82ed29b60b210d750c2783ad42848

Download Submit
memory/1196-741-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1196-94-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1196-3531-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1300-41-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/1300-4884-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/1500-899-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1500-3556-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1500-101-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1900-3530-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/1900-47-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/1900-10-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-89-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2556-43-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2556-97-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2556-0-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2556-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2556-81-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2556-976-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2556-105-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2556-14-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-26-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2556-106-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2556-66-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2556-38-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2556-844-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2556-58-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2556-51-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-19-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2556-632-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2556-444-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3523-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2568-65-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2568-30-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2656-372-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2656-3534-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2656-77-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2716-538-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3532-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2716-86-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3507-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2752-70-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2752-35-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2780-71-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2780-204-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3521-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/3012-39-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-3528-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-48-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/3024-85-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/3024-3519-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/3044-100-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/3044-3529-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/3044-61-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/3056-69-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/3056-33-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/3056-3504-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/3068-55-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/3068-3511-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/3068-93-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download