cobaltstrike | 3c272a9946ba958233186431f90cafdb1c9afa41accd14413c89bd0e23ce3325

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/12/2024, 04:21 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ccf837dac53a22aaebf3c294862af820
SHA1

f0d71195b42337e4936dcbee45a7467002405b4c
SHA256

3c272a9946ba958233186431f90cafdb1c9afa41accd14413c89bd0e23ce3325
SHA512

503436b452c6d7cde7c556148cff82311bdcacdd861995dd681052e2d0934d8c4dcebc36c28942fc2b18c9fca686bfea01042549422bdb13e043fdb9bffbb8dd
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUM:T+q56utgpPF8u/7M

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012116-3.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001873d-33.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-63.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019838-192.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197f8-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001977d-182.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196b1-177.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196af-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-98.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-73.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878f-47.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000187a5-44.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018784-39.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001925e-54.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018728-29.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186fd-20.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186ee-16.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2512-0-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x0007000000012116-3.dat	xmrig
behavioral1/files/0x000600000001873d-33.dat	xmrig
behavioral1/memory/2948-60-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c5-63.dat	xmrig
behavioral1/memory/2876-76-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2932-81-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/1508-100-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019625-162.dat	xmrig
behavioral1/memory/1508-1371-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2512-1370-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2932-732-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019838-192.dat	xmrig
behavioral1/files/0x00050000000197f8-187.dat	xmrig
behavioral1/files/0x000500000001977d-182.dat	xmrig
behavioral1/files/0x00050000000196b1-177.dat	xmrig
behavioral1/files/0x00050000000196af-172.dat	xmrig
behavioral1/files/0x0005000000019667-167.dat	xmrig
behavioral1/files/0x0005000000019623-157.dat	xmrig
behavioral1/files/0x0005000000019622-153.dat	xmrig
behavioral1/files/0x0005000000019621-148.dat	xmrig
behavioral1/files/0x000500000001961f-142.dat	xmrig
behavioral1/files/0x000500000001961d-138.dat	xmrig
behavioral1/files/0x000500000001961b-132.dat	xmrig
behavioral1/files/0x0005000000019619-128.dat	xmrig
behavioral1/files/0x0005000000019617-122.dat	xmrig
behavioral1/files/0x0005000000019615-118.dat	xmrig
behavioral1/files/0x0005000000019613-112.dat	xmrig
behavioral1/memory/2656-109-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019611-107.dat	xmrig
behavioral1/memory/2948-101-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x000500000001960f-98.dat	xmrig
behavioral1/memory/1092-93-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x000500000001960d-90.dat	xmrig
behavioral1/memory/2908-84-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2764-83-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2808-82-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001960b-79.dat	xmrig
behavioral1/memory/2512-66-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2656-65-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019609-73.dat	xmrig
behavioral1/memory/2764-48-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x000600000001878f-47.dat	xmrig
behavioral1/files/0x00060000000187a5-44.dat	xmrig
behavioral1/files/0x0006000000018784-39.dat	xmrig
behavioral1/memory/2916-58-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x000800000001925e-54.dat	xmrig
behavioral1/memory/2908-51-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2808-36-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/1628-34-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2560-31-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/files/0x0007000000018728-29.dat	xmrig
behavioral1/memory/1952-26-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x00070000000186fd-20.dat	xmrig
behavioral1/files/0x00070000000186ee-16.dat	xmrig
behavioral1/memory/2284-12-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2916-4025-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2908-4024-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2808-4023-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2560-4022-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2656-4029-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/1952-4028-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/1628-4027-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2876-4026-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2284	jjbzdeF.exe
1952	cfbDtkP.exe
2560	QIdOvis.exe
1628	DwQiTrz.exe
2808	URtpMjV.exe
2764	pijCKZo.exe
2908	viRAPWK.exe
2916	PGQauId.exe
2948	SiLgLun.exe
2656	lYyAoxG.exe
2876	zRRLZXR.exe
2932	tEJNraY.exe
1092	RgRmixZ.exe
1508	lIkXRZJ.exe
692	Tbublpv.exe
2004	zKyUbSP.exe
1996	igJxxxd.exe
2860	FzOVMLt.exe
2988	OvambBo.exe
2856	PjEXFLR.exe
1500	WGWONjL.exe
2488	ZlQJfKx.exe
1148	FVHwAfd.exe
2260	mkTJmle.exe
2068	djNNiCk.exe
2380	wulCqkZ.exe
1868	IHQNksX.exe
2144	jhszwlE.exe
1532	SFrxckf.exe
496	vIZTHTC.exe
2600	sWxvMpl.exe
1068	jTVbIXH.exe
2424	PQeMWYP.exe
2128	FKAvuCD.exe
1712	amBSNjz.exe
1556	VVKxdqw.exe
1876	QMYuSUu.exe
904	SnjMDzL.exe
1376	XPdULQI.exe
2136	tLGxARo.exe
1900	JFgwxXc.exe
1656	YHVBpeD.exe
1784	zIxqXbk.exe
1704	NbiXvGF.exe
1172	YLdVUDy.exe
284	Kabpiok.exe
2536	PPllFFy.exe
2056	JxeuMtz.exe
804	QYGlkha.exe
888	MbwdXau.exe
2548	GXfjIvO.exe
1960	ZTMyKwK.exe
1588	ueqsSAs.exe
2556	roiWSGU.exe
2572	JqTgdrP.exe
1748	mGWzsss.exe
2392	WSXpnAQ.exe
1048	bRhWbYE.exe
2896	nGZXtfU.exe
3000	uprnDRh.exe
2304	jpCBVOu.exe
840	fUEttXY.exe
1668	KMuFLHc.exe
2836	YjWhKOf.exe

Loads dropped DLL 64 IoCs

pid	Process
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2512-0-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x0007000000012116-3.dat	upx
behavioral1/files/0x000600000001873d-33.dat	upx
behavioral1/memory/2948-60-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x00050000000195c5-63.dat	upx
behavioral1/memory/2876-76-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2932-81-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/1508-100-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/files/0x0005000000019625-162.dat	upx
behavioral1/memory/1508-1371-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2932-732-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x0005000000019838-192.dat	upx
behavioral1/files/0x00050000000197f8-187.dat	upx
behavioral1/files/0x000500000001977d-182.dat	upx
behavioral1/files/0x00050000000196b1-177.dat	upx
behavioral1/files/0x00050000000196af-172.dat	upx
behavioral1/files/0x0005000000019667-167.dat	upx
behavioral1/files/0x0005000000019623-157.dat	upx
behavioral1/files/0x0005000000019622-153.dat	upx
behavioral1/files/0x0005000000019621-148.dat	upx
behavioral1/files/0x000500000001961f-142.dat	upx
behavioral1/files/0x000500000001961d-138.dat	upx
behavioral1/files/0x000500000001961b-132.dat	upx
behavioral1/files/0x0005000000019619-128.dat	upx
behavioral1/files/0x0005000000019617-122.dat	upx
behavioral1/files/0x0005000000019615-118.dat	upx
behavioral1/files/0x0005000000019613-112.dat	upx
behavioral1/memory/2656-109-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x0005000000019611-107.dat	upx
behavioral1/memory/2948-101-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x000500000001960f-98.dat	upx
behavioral1/memory/1092-93-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x000500000001960d-90.dat	upx
behavioral1/memory/2908-84-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2764-83-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2808-82-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x000500000001960b-79.dat	upx
behavioral1/memory/2512-66-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2656-65-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x0005000000019609-73.dat	upx
behavioral1/memory/2764-48-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x000600000001878f-47.dat	upx
behavioral1/files/0x00060000000187a5-44.dat	upx
behavioral1/files/0x0006000000018784-39.dat	upx
behavioral1/memory/2916-58-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x000800000001925e-54.dat	upx
behavioral1/memory/2908-51-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2808-36-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/1628-34-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2560-31-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/files/0x0007000000018728-29.dat	upx
behavioral1/memory/1952-26-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x00070000000186fd-20.dat	upx
behavioral1/files/0x00070000000186ee-16.dat	upx
behavioral1/memory/2284-12-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2916-4025-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2908-4024-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2808-4023-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2560-4022-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2656-4029-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/1952-4028-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/1628-4027-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2876-4026-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2932-4031-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\lNYlXFs.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVVeIfd.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KfFYZOm.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qYhDdjl.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OqfFNjt.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUiOVIW.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nyzEggT.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uqgkgAf.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mRtMhNq.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wbKUPIx.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mZEBsJO.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MGoiFYh.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPRLcsK.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GIwNHeU.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdsZEyu.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JwrBuQW.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jRAGHTf.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OEgullZ.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OGEICxW.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YrkqFws.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KaERvWR.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vmnZnes.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yXIoxbo.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VFiRRtb.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TmzagDX.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EVHhIVx.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Kabpiok.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uFBwhuv.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Xlydhwq.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BXrmexV.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wHrktzY.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qatDrVd.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQeMWYP.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DWLcUig.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LJWTinH.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xHORijL.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uELxyOB.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HGjfMnU.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QMOMmgz.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbriveV.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwQiTrz.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fUEttXY.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qDVvdYG.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLMbEps.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpQDxQw.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RTAfgGL.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GRvsCkJ.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZZrevtT.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UJMuzdb.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bfZpnaV.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QtwiiMi.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkrUhYx.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IvwCIhi.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sEbGfKK.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzKBqDf.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LgFXaiF.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lCvvvgS.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\koxjSTg.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WRtwTCE.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LFUIPTx.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjNixhq.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wEowgwC.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FRDvyLK.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TVKoufu.exe	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2284	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2512 wrote to memory of 2284	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2512 wrote to memory of 2284	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2512 wrote to memory of 1952	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2512 wrote to memory of 1952	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2512 wrote to memory of 1952	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2512 wrote to memory of 2560	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2512 wrote to memory of 2560	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2512 wrote to memory of 2560	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2512 wrote to memory of 1628	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2512 wrote to memory of 1628	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2512 wrote to memory of 1628	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2512 wrote to memory of 2808	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2512 wrote to memory of 2808	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2512 wrote to memory of 2808	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2512 wrote to memory of 2764	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2512 wrote to memory of 2764	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2512 wrote to memory of 2764	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2512 wrote to memory of 2908	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2512 wrote to memory of 2908	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2512 wrote to memory of 2908	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2512 wrote to memory of 2948	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2512 wrote to memory of 2948	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2512 wrote to memory of 2948	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2512 wrote to memory of 2916	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2512 wrote to memory of 2916	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2512 wrote to memory of 2916	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2512 wrote to memory of 2656	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2512 wrote to memory of 2656	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2512 wrote to memory of 2656	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2512 wrote to memory of 2876	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2512 wrote to memory of 2876	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2512 wrote to memory of 2876	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2512 wrote to memory of 2932	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2512 wrote to memory of 2932	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2512 wrote to memory of 2932	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2512 wrote to memory of 1092	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2512 wrote to memory of 1092	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2512 wrote to memory of 1092	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2512 wrote to memory of 1508	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2512 wrote to memory of 1508	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2512 wrote to memory of 1508	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2512 wrote to memory of 692	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2512 wrote to memory of 692	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2512 wrote to memory of 692	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2512 wrote to memory of 2004	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2512 wrote to memory of 2004	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2512 wrote to memory of 2004	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2512 wrote to memory of 1996	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2512 wrote to memory of 1996	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2512 wrote to memory of 1996	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2512 wrote to memory of 2860	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2512 wrote to memory of 2860	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2512 wrote to memory of 2860	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2512 wrote to memory of 2988	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2512 wrote to memory of 2988	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2512 wrote to memory of 2988	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2512 wrote to memory of 2856	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2512 wrote to memory of 2856	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2512 wrote to memory of 2856	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2512 wrote to memory of 1500	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2512 wrote to memory of 1500	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2512 wrote to memory of 1500	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2512 wrote to memory of 2488	2512	2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-19_ccf837dac53a22aaebf3c294862af820_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\System\jjbzdeF.exe
  C:\Windows\System\jjbzdeF.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\cfbDtkP.exe
  C:\Windows\System\cfbDtkP.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\QIdOvis.exe
  C:\Windows\System\QIdOvis.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\DwQiTrz.exe
  C:\Windows\System\DwQiTrz.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\URtpMjV.exe
  C:\Windows\System\URtpMjV.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\pijCKZo.exe
  C:\Windows\System\pijCKZo.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\viRAPWK.exe
  C:\Windows\System\viRAPWK.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\SiLgLun.exe
  C:\Windows\System\SiLgLun.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\PGQauId.exe
  C:\Windows\System\PGQauId.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\lYyAoxG.exe
  C:\Windows\System\lYyAoxG.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\zRRLZXR.exe
  C:\Windows\System\zRRLZXR.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\tEJNraY.exe
  C:\Windows\System\tEJNraY.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\RgRmixZ.exe
  C:\Windows\System\RgRmixZ.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\lIkXRZJ.exe
  C:\Windows\System\lIkXRZJ.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\Tbublpv.exe
  C:\Windows\System\Tbublpv.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\zKyUbSP.exe
  C:\Windows\System\zKyUbSP.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\igJxxxd.exe
  C:\Windows\System\igJxxxd.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\FzOVMLt.exe
  C:\Windows\System\FzOVMLt.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\OvambBo.exe
  C:\Windows\System\OvambBo.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\PjEXFLR.exe
  C:\Windows\System\PjEXFLR.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\WGWONjL.exe
  C:\Windows\System\WGWONjL.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\ZlQJfKx.exe
  C:\Windows\System\ZlQJfKx.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\FVHwAfd.exe
  C:\Windows\System\FVHwAfd.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\mkTJmle.exe
  C:\Windows\System\mkTJmle.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\djNNiCk.exe
  C:\Windows\System\djNNiCk.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\wulCqkZ.exe
  C:\Windows\System\wulCqkZ.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\IHQNksX.exe
  C:\Windows\System\IHQNksX.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\jhszwlE.exe
  C:\Windows\System\jhszwlE.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\SFrxckf.exe
  C:\Windows\System\SFrxckf.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\vIZTHTC.exe
  C:\Windows\System\vIZTHTC.exe
  2⤵
  - Executes dropped EXE
  PID:496
- C:\Windows\System\sWxvMpl.exe
  C:\Windows\System\sWxvMpl.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\jTVbIXH.exe
  C:\Windows\System\jTVbIXH.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\PQeMWYP.exe
  C:\Windows\System\PQeMWYP.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\FKAvuCD.exe
  C:\Windows\System\FKAvuCD.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\amBSNjz.exe
  C:\Windows\System\amBSNjz.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\VVKxdqw.exe
  C:\Windows\System\VVKxdqw.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\QMYuSUu.exe
  C:\Windows\System\QMYuSUu.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\SnjMDzL.exe
  C:\Windows\System\SnjMDzL.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\XPdULQI.exe
  C:\Windows\System\XPdULQI.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\tLGxARo.exe
  C:\Windows\System\tLGxARo.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\JFgwxXc.exe
  C:\Windows\System\JFgwxXc.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\YHVBpeD.exe
  C:\Windows\System\YHVBpeD.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\zIxqXbk.exe
  C:\Windows\System\zIxqXbk.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\NbiXvGF.exe
  C:\Windows\System\NbiXvGF.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\YLdVUDy.exe
  C:\Windows\System\YLdVUDy.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\Kabpiok.exe
  C:\Windows\System\Kabpiok.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\PPllFFy.exe
  C:\Windows\System\PPllFFy.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\JxeuMtz.exe
  C:\Windows\System\JxeuMtz.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\QYGlkha.exe
  C:\Windows\System\QYGlkha.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\MbwdXau.exe
  C:\Windows\System\MbwdXau.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\GXfjIvO.exe
  C:\Windows\System\GXfjIvO.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\ZTMyKwK.exe
  C:\Windows\System\ZTMyKwK.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\ueqsSAs.exe
  C:\Windows\System\ueqsSAs.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\roiWSGU.exe
  C:\Windows\System\roiWSGU.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\JqTgdrP.exe
  C:\Windows\System\JqTgdrP.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\mGWzsss.exe
  C:\Windows\System\mGWzsss.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\WSXpnAQ.exe
  C:\Windows\System\WSXpnAQ.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\bRhWbYE.exe
  C:\Windows\System\bRhWbYE.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\nGZXtfU.exe
  C:\Windows\System\nGZXtfU.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\uprnDRh.exe
  C:\Windows\System\uprnDRh.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\jpCBVOu.exe
  C:\Windows\System\jpCBVOu.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\fUEttXY.exe
  C:\Windows\System\fUEttXY.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\KMuFLHc.exe
  C:\Windows\System\KMuFLHc.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\YjWhKOf.exe
  C:\Windows\System\YjWhKOf.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\rzdhEWA.exe
  C:\Windows\System\rzdhEWA.exe
  2⤵
  PID:2844
- C:\Windows\System\IdStNvT.exe
  C:\Windows\System\IdStNvT.exe
  2⤵
  PID:1808
- C:\Windows\System\NPWvxGz.exe
  C:\Windows\System\NPWvxGz.exe
  2⤵
  PID:1968
- C:\Windows\System\gPYXwAl.exe
  C:\Windows\System\gPYXwAl.exe
  2⤵
  PID:1880
- C:\Windows\System\JejtImM.exe
  C:\Windows\System\JejtImM.exe
  2⤵
  PID:2188
- C:\Windows\System\fxseiKP.exe
  C:\Windows\System\fxseiKP.exe
  2⤵
  PID:1888
- C:\Windows\System\TpouIpz.exe
  C:\Windows\System\TpouIpz.exe
  2⤵
  PID:2496
- C:\Windows\System\HhvpAED.exe
  C:\Windows\System\HhvpAED.exe
  2⤵
  PID:1672
- C:\Windows\System\dydGDqR.exe
  C:\Windows\System\dydGDqR.exe
  2⤵
  PID:956
- C:\Windows\System\uELxyOB.exe
  C:\Windows\System\uELxyOB.exe
  2⤵
  PID:1088
- C:\Windows\System\bixviwG.exe
  C:\Windows\System\bixviwG.exe
  2⤵
  PID:316
- C:\Windows\System\lyeszdR.exe
  C:\Windows\System\lyeszdR.exe
  2⤵
  PID:2156
- C:\Windows\System\UVlbkUo.exe
  C:\Windows\System\UVlbkUo.exe
  2⤵
  PID:1368
- C:\Windows\System\gRocWHJ.exe
  C:\Windows\System\gRocWHJ.exe
  2⤵
  PID:596
- C:\Windows\System\zDPlBgA.exe
  C:\Windows\System\zDPlBgA.exe
  2⤵
  PID:2376
- C:\Windows\System\JpsjBLa.exe
  C:\Windows\System\JpsjBLa.exe
  2⤵
  PID:352
- C:\Windows\System\MCkQXWl.exe
  C:\Windows\System\MCkQXWl.exe
  2⤵
  PID:2060
- C:\Windows\System\HyPSLSv.exe
  C:\Windows\System\HyPSLSv.exe
  2⤵
  PID:988
- C:\Windows\System\SZHYpuM.exe
  C:\Windows\System\SZHYpuM.exe
  2⤵
  PID:1616
- C:\Windows\System\pvzHOTm.exe
  C:\Windows\System\pvzHOTm.exe
  2⤵
  PID:772
- C:\Windows\System\hmwYuEn.exe
  C:\Windows\System\hmwYuEn.exe
  2⤵
  PID:1580
- C:\Windows\System\VfyGRQx.exe
  C:\Windows\System\VfyGRQx.exe
  2⤵
  PID:3028
- C:\Windows\System\wEowgwC.exe
  C:\Windows\System\wEowgwC.exe
  2⤵
  PID:2920
- C:\Windows\System\UUimleM.exe
  C:\Windows\System\UUimleM.exe
  2⤵
  PID:580
- C:\Windows\System\CJFTqxT.exe
  C:\Windows\System\CJFTqxT.exe
  2⤵
  PID:2028
- C:\Windows\System\ZUZDVtQ.exe
  C:\Windows\System\ZUZDVtQ.exe
  2⤵
  PID:2760
- C:\Windows\System\kKXoZFj.exe
  C:\Windows\System\kKXoZFj.exe
  2⤵
  PID:576
- C:\Windows\System\fOkAQNj.exe
  C:\Windows\System\fOkAQNj.exe
  2⤵
  PID:1664
- C:\Windows\System\QDIGJdg.exe
  C:\Windows\System\QDIGJdg.exe
  2⤵
  PID:2264
- C:\Windows\System\kUCizPR.exe
  C:\Windows\System\kUCizPR.exe
  2⤵
  PID:2368
- C:\Windows\System\ZZrevtT.exe
  C:\Windows\System\ZZrevtT.exe
  2⤵
  PID:2180
- C:\Windows\System\uBjstqD.exe
  C:\Windows\System\uBjstqD.exe
  2⤵
  PID:3084
- C:\Windows\System\xvNmzwP.exe
  C:\Windows\System\xvNmzwP.exe
  2⤵
  PID:3104
- C:\Windows\System\XohpeGQ.exe
  C:\Windows\System\XohpeGQ.exe
  2⤵
  PID:3124
- C:\Windows\System\RsMeyjF.exe
  C:\Windows\System\RsMeyjF.exe
  2⤵
  PID:3144
- C:\Windows\System\oqDNZDD.exe
  C:\Windows\System\oqDNZDD.exe
  2⤵
  PID:3164
- C:\Windows\System\KOVIzxO.exe
  C:\Windows\System\KOVIzxO.exe
  2⤵
  PID:3184
- C:\Windows\System\xAUQqEH.exe
  C:\Windows\System\xAUQqEH.exe
  2⤵
  PID:3204
- C:\Windows\System\Xgbzwlh.exe
  C:\Windows\System\Xgbzwlh.exe
  2⤵
  PID:3224
- C:\Windows\System\MSsyQsW.exe
  C:\Windows\System\MSsyQsW.exe
  2⤵
  PID:3244
- C:\Windows\System\bIgRPyQ.exe
  C:\Windows\System\bIgRPyQ.exe
  2⤵
  PID:3264
- C:\Windows\System\mRtMhNq.exe
  C:\Windows\System\mRtMhNq.exe
  2⤵
  PID:3284
- C:\Windows\System\LuZkuah.exe
  C:\Windows\System\LuZkuah.exe
  2⤵
  PID:3304
- C:\Windows\System\lFlvEaB.exe
  C:\Windows\System\lFlvEaB.exe
  2⤵
  PID:3324
- C:\Windows\System\izGrGub.exe
  C:\Windows\System\izGrGub.exe
  2⤵
  PID:3344
- C:\Windows\System\gTRkTMU.exe
  C:\Windows\System\gTRkTMU.exe
  2⤵
  PID:3364
- C:\Windows\System\xuOuIcJ.exe
  C:\Windows\System\xuOuIcJ.exe
  2⤵
  PID:3384
- C:\Windows\System\fqvKMkS.exe
  C:\Windows\System\fqvKMkS.exe
  2⤵
  PID:3404
- C:\Windows\System\HNpIQlk.exe
  C:\Windows\System\HNpIQlk.exe
  2⤵
  PID:3424
- C:\Windows\System\wayCyiG.exe
  C:\Windows\System\wayCyiG.exe
  2⤵
  PID:3444
- C:\Windows\System\GteQGJU.exe
  C:\Windows\System\GteQGJU.exe
  2⤵
  PID:3464
- C:\Windows\System\QJIWqfV.exe
  C:\Windows\System\QJIWqfV.exe
  2⤵
  PID:3484
- C:\Windows\System\yXIoxbo.exe
  C:\Windows\System\yXIoxbo.exe
  2⤵
  PID:3504
- C:\Windows\System\VMkHbna.exe
  C:\Windows\System\VMkHbna.exe
  2⤵
  PID:3524
- C:\Windows\System\ApfUFSW.exe
  C:\Windows\System\ApfUFSW.exe
  2⤵
  PID:3544
- C:\Windows\System\kFeTUug.exe
  C:\Windows\System\kFeTUug.exe
  2⤵
  PID:3564
- C:\Windows\System\Kxhcpty.exe
  C:\Windows\System\Kxhcpty.exe
  2⤵
  PID:3584
- C:\Windows\System\kBcVHjf.exe
  C:\Windows\System\kBcVHjf.exe
  2⤵
  PID:3604
- C:\Windows\System\DWLcUig.exe
  C:\Windows\System\DWLcUig.exe
  2⤵
  PID:3624
- C:\Windows\System\WCVdTfj.exe
  C:\Windows\System\WCVdTfj.exe
  2⤵
  PID:3644
- C:\Windows\System\AGduShq.exe
  C:\Windows\System\AGduShq.exe
  2⤵
  PID:3664
- C:\Windows\System\MAYZedO.exe
  C:\Windows\System\MAYZedO.exe
  2⤵
  PID:3684
- C:\Windows\System\CGMiBeY.exe
  C:\Windows\System\CGMiBeY.exe
  2⤵
  PID:3704
- C:\Windows\System\crQIwTb.exe
  C:\Windows\System\crQIwTb.exe
  2⤵
  PID:3728
- C:\Windows\System\jUYqkde.exe
  C:\Windows\System\jUYqkde.exe
  2⤵
  PID:3748
- C:\Windows\System\wbojpwX.exe
  C:\Windows\System\wbojpwX.exe
  2⤵
  PID:3768
- C:\Windows\System\LJWTinH.exe
  C:\Windows\System\LJWTinH.exe
  2⤵
  PID:3788
- C:\Windows\System\FXWbylN.exe
  C:\Windows\System\FXWbylN.exe
  2⤵
  PID:3808
- C:\Windows\System\YtHdHhP.exe
  C:\Windows\System\YtHdHhP.exe
  2⤵
  PID:3828
- C:\Windows\System\cxRBLNZ.exe
  C:\Windows\System\cxRBLNZ.exe
  2⤵
  PID:3848
- C:\Windows\System\bCMKSbb.exe
  C:\Windows\System\bCMKSbb.exe
  2⤵
  PID:3868
- C:\Windows\System\MQjHYHP.exe
  C:\Windows\System\MQjHYHP.exe
  2⤵
  PID:3888
- C:\Windows\System\OqfFNjt.exe
  C:\Windows\System\OqfFNjt.exe
  2⤵
  PID:3908
- C:\Windows\System\JnyuEYd.exe
  C:\Windows\System\JnyuEYd.exe
  2⤵
  PID:3928
- C:\Windows\System\UJMuzdb.exe
  C:\Windows\System\UJMuzdb.exe
  2⤵
  PID:3948
- C:\Windows\System\uwchlzI.exe
  C:\Windows\System\uwchlzI.exe
  2⤵
  PID:3968
- C:\Windows\System\KVnRBbk.exe
  C:\Windows\System\KVnRBbk.exe
  2⤵
  PID:3988
- C:\Windows\System\SzDoskQ.exe
  C:\Windows\System\SzDoskQ.exe
  2⤵
  PID:4008
- C:\Windows\System\LxghjyA.exe
  C:\Windows\System\LxghjyA.exe
  2⤵
  PID:4028
- C:\Windows\System\wTMRbpB.exe
  C:\Windows\System\wTMRbpB.exe
  2⤵
  PID:4048
- C:\Windows\System\aGIpWxF.exe
  C:\Windows\System\aGIpWxF.exe
  2⤵
  PID:4068
- C:\Windows\System\GQfDJWt.exe
  C:\Windows\System\GQfDJWt.exe
  2⤵
  PID:4088
- C:\Windows\System\dCPxPEs.exe
  C:\Windows\System\dCPxPEs.exe
  2⤵
  PID:3056
- C:\Windows\System\WnQFhOu.exe
  C:\Windows\System\WnQFhOu.exe
  2⤵
  PID:1516
- C:\Windows\System\VlVefyM.exe
  C:\Windows\System\VlVefyM.exe
  2⤵
  PID:2364
- C:\Windows\System\YFcJtZN.exe
  C:\Windows\System\YFcJtZN.exe
  2⤵
  PID:1564
- C:\Windows\System\rAiRtgI.exe
  C:\Windows\System\rAiRtgI.exe
  2⤵
  PID:1524
- C:\Windows\System\puiHERG.exe
  C:\Windows\System\puiHERG.exe
  2⤵
  PID:1468
- C:\Windows\System\mUlEQAN.exe
  C:\Windows\System\mUlEQAN.exe
  2⤵
  PID:1688
- C:\Windows\System\TdrkyfL.exe
  C:\Windows\System\TdrkyfL.exe
  2⤵
  PID:2456
- C:\Windows\System\FDdPqzz.exe
  C:\Windows\System\FDdPqzz.exe
  2⤵
  PID:1584
- C:\Windows\System\OsovhZV.exe
  C:\Windows\System\OsovhZV.exe
  2⤵
  PID:2164
- C:\Windows\System\kLkKeAy.exe
  C:\Windows\System\kLkKeAy.exe
  2⤵
  PID:2052
- C:\Windows\System\QRwXNlO.exe
  C:\Windows\System\QRwXNlO.exe
  2⤵
  PID:2884
- C:\Windows\System\nYlPvEB.exe
  C:\Windows\System\nYlPvEB.exe
  2⤵
  PID:2312
- C:\Windows\System\TjYsQWA.exe
  C:\Windows\System\TjYsQWA.exe
  2⤵
  PID:884
- C:\Windows\System\WLUZjyy.exe
  C:\Windows\System\WLUZjyy.exe
  2⤵
  PID:1936
- C:\Windows\System\zhwHmva.exe
  C:\Windows\System\zhwHmva.exe
  2⤵
  PID:3100
- C:\Windows\System\KyxGQtP.exe
  C:\Windows\System\KyxGQtP.exe
  2⤵
  PID:3132
- C:\Windows\System\ftoYizg.exe
  C:\Windows\System\ftoYizg.exe
  2⤵
  PID:3156
- C:\Windows\System\GTQubfV.exe
  C:\Windows\System\GTQubfV.exe
  2⤵
  PID:3176
- C:\Windows\System\EHCCyvb.exe
  C:\Windows\System\EHCCyvb.exe
  2⤵
  PID:3216
- C:\Windows\System\XltYTNh.exe
  C:\Windows\System\XltYTNh.exe
  2⤵
  PID:3256
- C:\Windows\System\kHMUcDo.exe
  C:\Windows\System\kHMUcDo.exe
  2⤵
  PID:3300
- C:\Windows\System\MpEhCVP.exe
  C:\Windows\System\MpEhCVP.exe
  2⤵
  PID:3332
- C:\Windows\System\WWknlGK.exe
  C:\Windows\System\WWknlGK.exe
  2⤵
  PID:3356
- C:\Windows\System\CTTJtGm.exe
  C:\Windows\System\CTTJtGm.exe
  2⤵
  PID:3380
- C:\Windows\System\usulOGb.exe
  C:\Windows\System\usulOGb.exe
  2⤵
  PID:3432
- C:\Windows\System\jzBNXWi.exe
  C:\Windows\System\jzBNXWi.exe
  2⤵
  PID:3460
- C:\Windows\System\BVLxOWF.exe
  C:\Windows\System\BVLxOWF.exe
  2⤵
  PID:3512
- C:\Windows\System\bbElNKC.exe
  C:\Windows\System\bbElNKC.exe
  2⤵
  PID:3532
- C:\Windows\System\kBLXEti.exe
  C:\Windows\System\kBLXEti.exe
  2⤵
  PID:3580
- C:\Windows\System\zXNYWEQ.exe
  C:\Windows\System\zXNYWEQ.exe
  2⤵
  PID:3612
- C:\Windows\System\urfHtiS.exe
  C:\Windows\System\urfHtiS.exe
  2⤵
  PID:3636
- C:\Windows\System\fFPSUEj.exe
  C:\Windows\System\fFPSUEj.exe
  2⤵
  PID:3680
- C:\Windows\System\LQRXnqW.exe
  C:\Windows\System\LQRXnqW.exe
  2⤵
  PID:3696
- C:\Windows\System\vkswUEN.exe
  C:\Windows\System\vkswUEN.exe
  2⤵
  PID:3764
- C:\Windows\System\mRDtSUn.exe
  C:\Windows\System\mRDtSUn.exe
  2⤵
  PID:3784
- C:\Windows\System\HGjfMnU.exe
  C:\Windows\System\HGjfMnU.exe
  2⤵
  PID:3816
- C:\Windows\System\ncsMTBl.exe
  C:\Windows\System\ncsMTBl.exe
  2⤵
  PID:3840
- C:\Windows\System\qBbKfGw.exe
  C:\Windows\System\qBbKfGw.exe
  2⤵
  PID:3884
- C:\Windows\System\foFMfAS.exe
  C:\Windows\System\foFMfAS.exe
  2⤵
  PID:3916
- C:\Windows\System\phIuiLF.exe
  C:\Windows\System\phIuiLF.exe
  2⤵
  PID:3936
- C:\Windows\System\ZwsJhwM.exe
  C:\Windows\System\ZwsJhwM.exe
  2⤵
  PID:3984
- C:\Windows\System\XyuvioW.exe
  C:\Windows\System\XyuvioW.exe
  2⤵
  PID:4016
- C:\Windows\System\FGEMEha.exe
  C:\Windows\System\FGEMEha.exe
  2⤵
  PID:4040
- C:\Windows\System\dQDacVL.exe
  C:\Windows\System\dQDacVL.exe
  2⤵
  PID:4084
- C:\Windows\System\mKUauys.exe
  C:\Windows\System\mKUauys.exe
  2⤵
  PID:380
- C:\Windows\System\KPXlaHa.exe
  C:\Windows\System\KPXlaHa.exe
  2⤵
  PID:296
- C:\Windows\System\PTBFAlz.exe
  C:\Windows\System\PTBFAlz.exe
  2⤵
  PID:952
- C:\Windows\System\DDtYXBU.exe
  C:\Windows\System\DDtYXBU.exe
  2⤵
  PID:556
- C:\Windows\System\qMrhWos.exe
  C:\Windows\System\qMrhWos.exe
  2⤵
  PID:1636
- C:\Windows\System\VQulZuT.exe
  C:\Windows\System\VQulZuT.exe
  2⤵
  PID:2192
- C:\Windows\System\dGDyKJh.exe
  C:\Windows\System\dGDyKJh.exe
  2⤵
  PID:1028
- C:\Windows\System\iYlIlNy.exe
  C:\Windows\System\iYlIlNy.exe
  2⤵
  PID:2840
- C:\Windows\System\EBBRkkk.exe
  C:\Windows\System\EBBRkkk.exe
  2⤵
  PID:1184
- C:\Windows\System\jXiWdnr.exe
  C:\Windows\System\jXiWdnr.exe
  2⤵
  PID:3096
- C:\Windows\System\ROgYxDp.exe
  C:\Windows\System\ROgYxDp.exe
  2⤵
  PID:3152
- C:\Windows\System\AoKRQAN.exe
  C:\Windows\System\AoKRQAN.exe
  2⤵
  PID:3220
- C:\Windows\System\qoDEQIS.exe
  C:\Windows\System\qoDEQIS.exe
  2⤵
  PID:3252
- C:\Windows\System\JYwPPMc.exe
  C:\Windows\System\JYwPPMc.exe
  2⤵
  PID:3360
- C:\Windows\System\zygiHBF.exe
  C:\Windows\System\zygiHBF.exe
  2⤵
  PID:3396
- C:\Windows\System\CoyHrjO.exe
  C:\Windows\System\CoyHrjO.exe
  2⤵
  PID:3436
- C:\Windows\System\tczsUkN.exe
  C:\Windows\System\tczsUkN.exe
  2⤵
  PID:3476
- C:\Windows\System\LfIAmQv.exe
  C:\Windows\System\LfIAmQv.exe
  2⤵
  PID:3572
- C:\Windows\System\eBVsMLX.exe
  C:\Windows\System\eBVsMLX.exe
  2⤵
  PID:3632
- C:\Windows\System\xytDtgR.exe
  C:\Windows\System\xytDtgR.exe
  2⤵
  PID:3656
- C:\Windows\System\rdhuZgk.exe
  C:\Windows\System\rdhuZgk.exe
  2⤵
  PID:4124
- C:\Windows\System\cYloQZt.exe
  C:\Windows\System\cYloQZt.exe
  2⤵
  PID:4144
- C:\Windows\System\aQgTiQj.exe
  C:\Windows\System\aQgTiQj.exe
  2⤵
  PID:4164
- C:\Windows\System\BqtVonG.exe
  C:\Windows\System\BqtVonG.exe
  2⤵
  PID:4184
- C:\Windows\System\fomYPEZ.exe
  C:\Windows\System\fomYPEZ.exe
  2⤵
  PID:4204
- C:\Windows\System\uJdynyq.exe
  C:\Windows\System\uJdynyq.exe
  2⤵
  PID:4224
- C:\Windows\System\fRPKAyG.exe
  C:\Windows\System\fRPKAyG.exe
  2⤵
  PID:4244
- C:\Windows\System\LgFXaiF.exe
  C:\Windows\System\LgFXaiF.exe
  2⤵
  PID:4264
- C:\Windows\System\JntDMwx.exe
  C:\Windows\System\JntDMwx.exe
  2⤵
  PID:4284
- C:\Windows\System\NXzDCMF.exe
  C:\Windows\System\NXzDCMF.exe
  2⤵
  PID:4304
- C:\Windows\System\FTLPgHC.exe
  C:\Windows\System\FTLPgHC.exe
  2⤵
  PID:4324
- C:\Windows\System\waVFWWV.exe
  C:\Windows\System\waVFWWV.exe
  2⤵
  PID:4344
- C:\Windows\System\tckJUEF.exe
  C:\Windows\System\tckJUEF.exe
  2⤵
  PID:4364
- C:\Windows\System\Dojfckk.exe
  C:\Windows\System\Dojfckk.exe
  2⤵
  PID:4384
- C:\Windows\System\sxmRtmh.exe
  C:\Windows\System\sxmRtmh.exe
  2⤵
  PID:4404
- C:\Windows\System\JHdHMPi.exe
  C:\Windows\System\JHdHMPi.exe
  2⤵
  PID:4424
- C:\Windows\System\ytnttKE.exe
  C:\Windows\System\ytnttKE.exe
  2⤵
  PID:4448
- C:\Windows\System\cXaskzu.exe
  C:\Windows\System\cXaskzu.exe
  2⤵
  PID:4468
- C:\Windows\System\zmNCvag.exe
  C:\Windows\System\zmNCvag.exe
  2⤵
  PID:4488
- C:\Windows\System\qMErMjT.exe
  C:\Windows\System\qMErMjT.exe
  2⤵
  PID:4508
- C:\Windows\System\LogCXgX.exe
  C:\Windows\System\LogCXgX.exe
  2⤵
  PID:4528
- C:\Windows\System\VrpzXXI.exe
  C:\Windows\System\VrpzXXI.exe
  2⤵
  PID:4548
- C:\Windows\System\vqiTEbv.exe
  C:\Windows\System\vqiTEbv.exe
  2⤵
  PID:4568
- C:\Windows\System\ycImvkY.exe
  C:\Windows\System\ycImvkY.exe
  2⤵
  PID:4588
- C:\Windows\System\lgLGWlk.exe
  C:\Windows\System\lgLGWlk.exe
  2⤵
  PID:4608
- C:\Windows\System\RKcHQMs.exe
  C:\Windows\System\RKcHQMs.exe
  2⤵
  PID:4628
- C:\Windows\System\vlqcPkF.exe
  C:\Windows\System\vlqcPkF.exe
  2⤵
  PID:4648
- C:\Windows\System\AoyCgry.exe
  C:\Windows\System\AoyCgry.exe
  2⤵
  PID:4668
- C:\Windows\System\JvtQrun.exe
  C:\Windows\System\JvtQrun.exe
  2⤵
  PID:4688
- C:\Windows\System\mGmGWWA.exe
  C:\Windows\System\mGmGWWA.exe
  2⤵
  PID:4708
- C:\Windows\System\CkGcrfH.exe
  C:\Windows\System\CkGcrfH.exe
  2⤵
  PID:4728
- C:\Windows\System\WVuAyUi.exe
  C:\Windows\System\WVuAyUi.exe
  2⤵
  PID:4748
- C:\Windows\System\lULGCAl.exe
  C:\Windows\System\lULGCAl.exe
  2⤵
  PID:4768
- C:\Windows\System\qwDMSFH.exe
  C:\Windows\System\qwDMSFH.exe
  2⤵
  PID:4788
- C:\Windows\System\CHbaazO.exe
  C:\Windows\System\CHbaazO.exe
  2⤵
  PID:4808
- C:\Windows\System\tQlwUQt.exe
  C:\Windows\System\tQlwUQt.exe
  2⤵
  PID:4828
- C:\Windows\System\sxJhlpa.exe
  C:\Windows\System\sxJhlpa.exe
  2⤵
  PID:4848
- C:\Windows\System\SKqZoZo.exe
  C:\Windows\System\SKqZoZo.exe
  2⤵
  PID:4868
- C:\Windows\System\bxBIeSS.exe
  C:\Windows\System\bxBIeSS.exe
  2⤵
  PID:4888
- C:\Windows\System\kcYTpoW.exe
  C:\Windows\System\kcYTpoW.exe
  2⤵
  PID:4908
- C:\Windows\System\cbPXhdI.exe
  C:\Windows\System\cbPXhdI.exe
  2⤵
  PID:4928
- C:\Windows\System\rKuLqRv.exe
  C:\Windows\System\rKuLqRv.exe
  2⤵
  PID:4948
- C:\Windows\System\VBJMwpl.exe
  C:\Windows\System\VBJMwpl.exe
  2⤵
  PID:4968
- C:\Windows\System\MErUdTs.exe
  C:\Windows\System\MErUdTs.exe
  2⤵
  PID:4988
- C:\Windows\System\FMPVPGS.exe
  C:\Windows\System\FMPVPGS.exe
  2⤵
  PID:5008
- C:\Windows\System\tCjGOsl.exe
  C:\Windows\System\tCjGOsl.exe
  2⤵
  PID:5028
- C:\Windows\System\vWQXDUA.exe
  C:\Windows\System\vWQXDUA.exe
  2⤵
  PID:5048
- C:\Windows\System\wbKUPIx.exe
  C:\Windows\System\wbKUPIx.exe
  2⤵
  PID:5068
- C:\Windows\System\uzmxIXl.exe
  C:\Windows\System\uzmxIXl.exe
  2⤵
  PID:5088
- C:\Windows\System\nBvJHkQ.exe
  C:\Windows\System\nBvJHkQ.exe
  2⤵
  PID:5108
- C:\Windows\System\tESVuHs.exe
  C:\Windows\System\tESVuHs.exe
  2⤵
  PID:3700
- C:\Windows\System\iDWljBv.exe
  C:\Windows\System\iDWljBv.exe
  2⤵
  PID:3736
- C:\Windows\System\hdlDDlm.exe
  C:\Windows\System\hdlDDlm.exe
  2⤵
  PID:3800
- C:\Windows\System\wpdlbDj.exe
  C:\Windows\System\wpdlbDj.exe
  2⤵
  PID:3900
- C:\Windows\System\TvFVqPi.exe
  C:\Windows\System\TvFVqPi.exe
  2⤵
  PID:3964
- C:\Windows\System\oqicMUc.exe
  C:\Windows\System\oqicMUc.exe
  2⤵
  PID:3996
- C:\Windows\System\JEyuhkq.exe
  C:\Windows\System\JEyuhkq.exe
  2⤵
  PID:4024
- C:\Windows\System\eTUskOt.exe
  C:\Windows\System\eTUskOt.exe
  2⤵
  PID:4064
- C:\Windows\System\wmRGFkg.exe
  C:\Windows\System\wmRGFkg.exe
  2⤵
  PID:1680
- C:\Windows\System\tHdnQoj.exe
  C:\Windows\System\tHdnQoj.exe
  2⤵
  PID:1072
- C:\Windows\System\YIBHFEy.exe
  C:\Windows\System\YIBHFEy.exe
  2⤵
  PID:2676
- C:\Windows\System\oVlaQWr.exe
  C:\Windows\System\oVlaQWr.exe
  2⤵
  PID:2792
- C:\Windows\System\VFiRRtb.exe
  C:\Windows\System\VFiRRtb.exe
  2⤵
  PID:2992
- C:\Windows\System\vZONmAa.exe
  C:\Windows\System\vZONmAa.exe
  2⤵
  PID:3092
- C:\Windows\System\rLOQLyt.exe
  C:\Windows\System\rLOQLyt.exe
  2⤵
  PID:3260
- C:\Windows\System\LVbWoln.exe
  C:\Windows\System\LVbWoln.exe
  2⤵
  PID:3312
- C:\Windows\System\pZQmJvA.exe
  C:\Windows\System\pZQmJvA.exe
  2⤵
  PID:3452
- C:\Windows\System\XwFnhBG.exe
  C:\Windows\System\XwFnhBG.exe
  2⤵
  PID:3516
- C:\Windows\System\iuUxNpl.exe
  C:\Windows\System\iuUxNpl.exe
  2⤵
  PID:3596
- C:\Windows\System\OTfWszZ.exe
  C:\Windows\System\OTfWszZ.exe
  2⤵
  PID:3660
- C:\Windows\System\oAXLdXq.exe
  C:\Windows\System\oAXLdXq.exe
  2⤵
  PID:4136
- C:\Windows\System\sEMWaqa.exe
  C:\Windows\System\sEMWaqa.exe
  2⤵
  PID:4192
- C:\Windows\System\gjSSgyR.exe
  C:\Windows\System\gjSSgyR.exe
  2⤵
  PID:4232
- C:\Windows\System\MmYUSFA.exe
  C:\Windows\System\MmYUSFA.exe
  2⤵
  PID:4260
- C:\Windows\System\tfeEpYU.exe
  C:\Windows\System\tfeEpYU.exe
  2⤵
  PID:4292
- C:\Windows\System\JolqFfU.exe
  C:\Windows\System\JolqFfU.exe
  2⤵
  PID:4316
- C:\Windows\System\pPGuLyn.exe
  C:\Windows\System\pPGuLyn.exe
  2⤵
  PID:4360
- C:\Windows\System\cqHnulI.exe
  C:\Windows\System\cqHnulI.exe
  2⤵
  PID:4392
- C:\Windows\System\fsaLolB.exe
  C:\Windows\System\fsaLolB.exe
  2⤵
  PID:4420
- C:\Windows\System\FTIEEzN.exe
  C:\Windows\System\FTIEEzN.exe
  2⤵
  PID:4476
- C:\Windows\System\oSVIxAD.exe
  C:\Windows\System\oSVIxAD.exe
  2⤵
  PID:4496
- C:\Windows\System\TmzagDX.exe
  C:\Windows\System\TmzagDX.exe
  2⤵
  PID:4520
- C:\Windows\System\lfccCrB.exe
  C:\Windows\System\lfccCrB.exe
  2⤵
  PID:4564
- C:\Windows\System\RvspCVQ.exe
  C:\Windows\System\RvspCVQ.exe
  2⤵
  PID:4596
- C:\Windows\System\iIBQDeD.exe
  C:\Windows\System\iIBQDeD.exe
  2⤵
  PID:4624
- C:\Windows\System\BGiXOLc.exe
  C:\Windows\System\BGiXOLc.exe
  2⤵
  PID:4676
- C:\Windows\System\adyybOo.exe
  C:\Windows\System\adyybOo.exe
  2⤵
  PID:4716
- C:\Windows\System\nUsItCX.exe
  C:\Windows\System\nUsItCX.exe
  2⤵
  PID:4736
- C:\Windows\System\hxNgQLM.exe
  C:\Windows\System\hxNgQLM.exe
  2⤵
  PID:4760
- C:\Windows\System\oAEopOk.exe
  C:\Windows\System\oAEopOk.exe
  2⤵
  PID:4804
- C:\Windows\System\UyZRphk.exe
  C:\Windows\System\UyZRphk.exe
  2⤵
  PID:4836
- C:\Windows\System\EmJqIbc.exe
  C:\Windows\System\EmJqIbc.exe
  2⤵
  PID:4860
- C:\Windows\System\BdiRmxI.exe
  C:\Windows\System\BdiRmxI.exe
  2⤵
  PID:4916
- C:\Windows\System\lCvvvgS.exe
  C:\Windows\System\lCvvvgS.exe
  2⤵
  PID:4936
- C:\Windows\System\nQUqAeB.exe
  C:\Windows\System\nQUqAeB.exe
  2⤵
  PID:4960
- C:\Windows\System\zTkpbNt.exe
  C:\Windows\System\zTkpbNt.exe
  2⤵
  PID:5004
- C:\Windows\System\HlNknZE.exe
  C:\Windows\System\HlNknZE.exe
  2⤵
  PID:5044
- C:\Windows\System\DrcAAQN.exe
  C:\Windows\System\DrcAAQN.exe
  2⤵
  PID:5060
- C:\Windows\System\CKvgLlQ.exe
  C:\Windows\System\CKvgLlQ.exe
  2⤵
  PID:5104
- C:\Windows\System\DCyvNzY.exe
  C:\Windows\System\DCyvNzY.exe
  2⤵
  PID:3720
- C:\Windows\System\KOIabig.exe
  C:\Windows\System\KOIabig.exe
  2⤵
  PID:3904
- C:\Windows\System\NUiOVIW.exe
  C:\Windows\System\NUiOVIW.exe
  2⤵
  PID:3860
- C:\Windows\System\VaszBVP.exe
  C:\Windows\System\VaszBVP.exe
  2⤵
  PID:3956
- C:\Windows\System\txmVTnE.exe
  C:\Windows\System\txmVTnE.exe
  2⤵
  PID:236
- C:\Windows\System\WIDzqBP.exe
  C:\Windows\System\WIDzqBP.exe
  2⤵
  PID:2076
- C:\Windows\System\hlNUdio.exe
  C:\Windows\System\hlNUdio.exe
  2⤵
  PID:1416
- C:\Windows\System\FRDvyLK.exe
  C:\Windows\System\FRDvyLK.exe
  2⤵
  PID:3160
- C:\Windows\System\vNfgPkA.exe
  C:\Windows\System\vNfgPkA.exe
  2⤵
  PID:3232
- C:\Windows\System\SJQccjQ.exe
  C:\Windows\System\SJQccjQ.exe
  2⤵
  PID:3336
- C:\Windows\System\AvQFAdj.exe
  C:\Windows\System\AvQFAdj.exe
  2⤵
  PID:3600
- C:\Windows\System\kVdhKky.exe
  C:\Windows\System\kVdhKky.exe
  2⤵
  PID:4140
- C:\Windows\System\TnGtXcn.exe
  C:\Windows\System\TnGtXcn.exe
  2⤵
  PID:4176
- C:\Windows\System\eKdTzVl.exe
  C:\Windows\System\eKdTzVl.exe
  2⤵
  PID:4240
- C:\Windows\System\fqnZhTh.exe
  C:\Windows\System\fqnZhTh.exe
  2⤵
  PID:4300
- C:\Windows\System\VnyWYMq.exe
  C:\Windows\System\VnyWYMq.exe
  2⤵
  PID:4340
- C:\Windows\System\obMrCUT.exe
  C:\Windows\System\obMrCUT.exe
  2⤵
  PID:4380
- C:\Windows\System\MtEVerU.exe
  C:\Windows\System\MtEVerU.exe
  2⤵
  PID:4440
- C:\Windows\System\AJRaqde.exe
  C:\Windows\System\AJRaqde.exe
  2⤵
  PID:4556
- C:\Windows\System\DkAXTYo.exe
  C:\Windows\System\DkAXTYo.exe
  2⤵
  PID:4600
- C:\Windows\System\TERYIVv.exe
  C:\Windows\System\TERYIVv.exe
  2⤵
  PID:4644
- C:\Windows\System\MSCBgce.exe
  C:\Windows\System\MSCBgce.exe
  2⤵
  PID:4684
- C:\Windows\System\woSSgRf.exe
  C:\Windows\System\woSSgRf.exe
  2⤵
  PID:4724
- C:\Windows\System\NDLgESO.exe
  C:\Windows\System\NDLgESO.exe
  2⤵
  PID:4780
- C:\Windows\System\jRAGHTf.exe
  C:\Windows\System\jRAGHTf.exe
  2⤵
  PID:4880
- C:\Windows\System\MbxZqWA.exe
  C:\Windows\System\MbxZqWA.exe
  2⤵
  PID:4904
- C:\Windows\System\cQLtgvf.exe
  C:\Windows\System\cQLtgvf.exe
  2⤵
  PID:5036
- C:\Windows\System\pQlmPwf.exe
  C:\Windows\System\pQlmPwf.exe
  2⤵
  PID:5040
- C:\Windows\System\KomWHBg.exe
  C:\Windows\System\KomWHBg.exe
  2⤵
  PID:5080
- C:\Windows\System\bfZpnaV.exe
  C:\Windows\System\bfZpnaV.exe
  2⤵
  PID:3836
- C:\Windows\System\QKgMbjB.exe
  C:\Windows\System\QKgMbjB.exe
  2⤵
  PID:3960
- C:\Windows\System\HykEdpf.exe
  C:\Windows\System\HykEdpf.exe
  2⤵
  PID:292
- C:\Windows\System\RnxTYWt.exe
  C:\Windows\System\RnxTYWt.exe
  2⤵
  PID:1864
- C:\Windows\System\HWtKTWh.exe
  C:\Windows\System\HWtKTWh.exe
  2⤵
  PID:5128
- C:\Windows\System\BSBZrjj.exe
  C:\Windows\System\BSBZrjj.exe
  2⤵
  PID:5148
- C:\Windows\System\HrZppdD.exe
  C:\Windows\System\HrZppdD.exe
  2⤵
  PID:5168
- C:\Windows\System\FDOiaEY.exe
  C:\Windows\System\FDOiaEY.exe
  2⤵
  PID:5184
- C:\Windows\System\yQwInki.exe
  C:\Windows\System\yQwInki.exe
  2⤵
  PID:5208
- C:\Windows\System\RpYBVjE.exe
  C:\Windows\System\RpYBVjE.exe
  2⤵
  PID:5224
- C:\Windows\System\FHakPVZ.exe
  C:\Windows\System\FHakPVZ.exe
  2⤵
  PID:5248
- C:\Windows\System\hPNdHUd.exe
  C:\Windows\System\hPNdHUd.exe
  2⤵
  PID:5268
- C:\Windows\System\zmXzVeC.exe
  C:\Windows\System\zmXzVeC.exe
  2⤵
  PID:5288
- C:\Windows\System\hdMlmgL.exe
  C:\Windows\System\hdMlmgL.exe
  2⤵
  PID:5308
- C:\Windows\System\TuxyGFh.exe
  C:\Windows\System\TuxyGFh.exe
  2⤵
  PID:5328
- C:\Windows\System\naptcoS.exe
  C:\Windows\System\naptcoS.exe
  2⤵
  PID:5344
- C:\Windows\System\CYVRzBY.exe
  C:\Windows\System\CYVRzBY.exe
  2⤵
  PID:5368
- C:\Windows\System\sdrZnRE.exe
  C:\Windows\System\sdrZnRE.exe
  2⤵
  PID:5388
- C:\Windows\System\LpEYXcA.exe
  C:\Windows\System\LpEYXcA.exe
  2⤵
  PID:5404
- C:\Windows\System\MAgoaGb.exe
  C:\Windows\System\MAgoaGb.exe
  2⤵
  PID:5428
- C:\Windows\System\gjuWBFs.exe
  C:\Windows\System\gjuWBFs.exe
  2⤵
  PID:5448
- C:\Windows\System\iCwtaXC.exe
  C:\Windows\System\iCwtaXC.exe
  2⤵
  PID:5468
- C:\Windows\System\eAEeOia.exe
  C:\Windows\System\eAEeOia.exe
  2⤵
  PID:5484
- C:\Windows\System\HOGJjer.exe
  C:\Windows\System\HOGJjer.exe
  2⤵
  PID:5508
- C:\Windows\System\kEbBQUz.exe
  C:\Windows\System\kEbBQUz.exe
  2⤵
  PID:5528
- C:\Windows\System\pNkLlho.exe
  C:\Windows\System\pNkLlho.exe
  2⤵
  PID:5548
- C:\Windows\System\YrmElJq.exe
  C:\Windows\System\YrmElJq.exe
  2⤵
  PID:5568
- C:\Windows\System\JqVXayR.exe
  C:\Windows\System\JqVXayR.exe
  2⤵
  PID:5588
- C:\Windows\System\lxBCRFa.exe
  C:\Windows\System\lxBCRFa.exe
  2⤵
  PID:5608
- C:\Windows\System\vshFJQe.exe
  C:\Windows\System\vshFJQe.exe
  2⤵
  PID:5628
- C:\Windows\System\aXVTper.exe
  C:\Windows\System\aXVTper.exe
  2⤵
  PID:5648
- C:\Windows\System\NtdfwLC.exe
  C:\Windows\System\NtdfwLC.exe
  2⤵
  PID:5668
- C:\Windows\System\ZozoStV.exe
  C:\Windows\System\ZozoStV.exe
  2⤵
  PID:5688
- C:\Windows\System\ZBxAysU.exe
  C:\Windows\System\ZBxAysU.exe
  2⤵
  PID:5708
- C:\Windows\System\OKktXTB.exe
  C:\Windows\System\OKktXTB.exe
  2⤵
  PID:5728
- C:\Windows\System\sylQIyW.exe
  C:\Windows\System\sylQIyW.exe
  2⤵
  PID:5748
- C:\Windows\System\CeaoRBL.exe
  C:\Windows\System\CeaoRBL.exe
  2⤵
  PID:5768
- C:\Windows\System\UnSSleH.exe
  C:\Windows\System\UnSSleH.exe
  2⤵
  PID:5788
- C:\Windows\System\NmpDHBk.exe
  C:\Windows\System\NmpDHBk.exe
  2⤵
  PID:5808
- C:\Windows\System\wNraQnD.exe
  C:\Windows\System\wNraQnD.exe
  2⤵
  PID:5824
- C:\Windows\System\MGLJlLM.exe
  C:\Windows\System\MGLJlLM.exe
  2⤵
  PID:5848
- C:\Windows\System\hSWyZFX.exe
  C:\Windows\System\hSWyZFX.exe
  2⤵
  PID:5868
- C:\Windows\System\UGpHVRL.exe
  C:\Windows\System\UGpHVRL.exe
  2⤵
  PID:5888
- C:\Windows\System\tbbKTMW.exe
  C:\Windows\System\tbbKTMW.exe
  2⤵
  PID:5908
- C:\Windows\System\QKBHIdH.exe
  C:\Windows\System\QKBHIdH.exe
  2⤵
  PID:5928
- C:\Windows\System\WFpqTgf.exe
  C:\Windows\System\WFpqTgf.exe
  2⤵
  PID:5948
- C:\Windows\System\ELuMEhd.exe
  C:\Windows\System\ELuMEhd.exe
  2⤵
  PID:5968
- C:\Windows\System\UpEuXSl.exe
  C:\Windows\System\UpEuXSl.exe
  2⤵
  PID:5992
- C:\Windows\System\qnFXkmI.exe
  C:\Windows\System\qnFXkmI.exe
  2⤵
  PID:6012
- C:\Windows\System\JKSBTrH.exe
  C:\Windows\System\JKSBTrH.exe
  2⤵
  PID:6032
- C:\Windows\System\NsepEYW.exe
  C:\Windows\System\NsepEYW.exe
  2⤵
  PID:6052
- C:\Windows\System\nRvELDi.exe
  C:\Windows\System\nRvELDi.exe
  2⤵
  PID:6072
- C:\Windows\System\QDiwxnv.exe
  C:\Windows\System\QDiwxnv.exe
  2⤵
  PID:6092
- C:\Windows\System\AKlNLjY.exe
  C:\Windows\System\AKlNLjY.exe
  2⤵
  PID:6112
- C:\Windows\System\EMWMcXm.exe
  C:\Windows\System\EMWMcXm.exe
  2⤵
  PID:6132
- C:\Windows\System\LknQjsn.exe
  C:\Windows\System\LknQjsn.exe
  2⤵
  PID:3392
- C:\Windows\System\XBTvkOf.exe
  C:\Windows\System\XBTvkOf.exe
  2⤵
  PID:4152
- C:\Windows\System\EBPZotJ.exe
  C:\Windows\System\EBPZotJ.exe
  2⤵
  PID:3416
- C:\Windows\System\tmJktMj.exe
  C:\Windows\System\tmJktMj.exe
  2⤵
  PID:4172
- C:\Windows\System\drcDIWV.exe
  C:\Windows\System\drcDIWV.exe
  2⤵
  PID:4280
- C:\Windows\System\WJodWEu.exe
  C:\Windows\System\WJodWEu.exe
  2⤵
  PID:4464
- C:\Windows\System\koxjSTg.exe
  C:\Windows\System\koxjSTg.exe
  2⤵
  PID:4576
- C:\Windows\System\fzDQwID.exe
  C:\Windows\System\fzDQwID.exe
  2⤵
  PID:4580
- C:\Windows\System\TRAUIAC.exe
  C:\Windows\System\TRAUIAC.exe
  2⤵
  PID:4584
- C:\Windows\System\aQQIMiP.exe
  C:\Windows\System\aQQIMiP.exe
  2⤵
  PID:4796
- C:\Windows\System\bGznHpc.exe
  C:\Windows\System\bGznHpc.exe
  2⤵
  PID:4940
- C:\Windows\System\oFyMjrN.exe
  C:\Windows\System\oFyMjrN.exe
  2⤵
  PID:4956
- C:\Windows\System\OkOZEXW.exe
  C:\Windows\System\OkOZEXW.exe
  2⤵
  PID:5096
- C:\Windows\System\GxYHhZO.exe
  C:\Windows\System\GxYHhZO.exe
  2⤵
  PID:4004
- C:\Windows\System\ciTaXDf.exe
  C:\Windows\System\ciTaXDf.exe
  2⤵
  PID:3864
- C:\Windows\System\QBhCibR.exe
  C:\Windows\System\QBhCibR.exe
  2⤵
  PID:1692
- C:\Windows\System\ZdSqFuL.exe
  C:\Windows\System\ZdSqFuL.exe
  2⤵
  PID:5160
- C:\Windows\System\QefHmYn.exe
  C:\Windows\System\QefHmYn.exe
  2⤵
  PID:5204
- C:\Windows\System\UWSKgjw.exe
  C:\Windows\System\UWSKgjw.exe
  2⤵
  PID:5240
- C:\Windows\System\YljqTgo.exe
  C:\Windows\System\YljqTgo.exe
  2⤵
  PID:5256
- C:\Windows\System\RMeWKTh.exe
  C:\Windows\System\RMeWKTh.exe
  2⤵
  PID:5280
- C:\Windows\System\ecuEwOx.exe
  C:\Windows\System\ecuEwOx.exe
  2⤵
  PID:5324
- C:\Windows\System\pNeSIDQ.exe
  C:\Windows\System\pNeSIDQ.exe
  2⤵
  PID:5360
- C:\Windows\System\VbvIMja.exe
  C:\Windows\System\VbvIMja.exe
  2⤵
  PID:5384
- C:\Windows\System\qgdmoeS.exe
  C:\Windows\System\qgdmoeS.exe
  2⤵
  PID:5416
- C:\Windows\System\znZhfOk.exe
  C:\Windows\System\znZhfOk.exe
  2⤵
  PID:5456
- C:\Windows\System\SyZLvPT.exe
  C:\Windows\System\SyZLvPT.exe
  2⤵
  PID:5492
- C:\Windows\System\MIMWKUp.exe
  C:\Windows\System\MIMWKUp.exe
  2⤵
  PID:5520
- C:\Windows\System\yCROjbJ.exe
  C:\Windows\System\yCROjbJ.exe
  2⤵
  PID:5560
- C:\Windows\System\nFBpAFJ.exe
  C:\Windows\System\nFBpAFJ.exe
  2⤵
  PID:5604
- C:\Windows\System\BzXJkrf.exe
  C:\Windows\System\BzXJkrf.exe
  2⤵
  PID:5620
- C:\Windows\System\sFxmYvh.exe
  C:\Windows\System\sFxmYvh.exe
  2⤵
  PID:5664
- C:\Windows\System\LQbTIvD.exe
  C:\Windows\System\LQbTIvD.exe
  2⤵
  PID:5716
- C:\Windows\System\uTKIpcE.exe
  C:\Windows\System\uTKIpcE.exe
  2⤵
  PID:5736
- C:\Windows\System\QBmVxaE.exe
  C:\Windows\System\QBmVxaE.exe
  2⤵
  PID:5760
- C:\Windows\System\IaWVykW.exe
  C:\Windows\System\IaWVykW.exe
  2⤵
  PID:5780
- C:\Windows\System\hbljlIQ.exe
  C:\Windows\System\hbljlIQ.exe
  2⤵
  PID:5816
- C:\Windows\System\klMjfSo.exe
  C:\Windows\System\klMjfSo.exe
  2⤵
  PID:5864
- C:\Windows\System\NzUKhwx.exe
  C:\Windows\System\NzUKhwx.exe
  2⤵
  PID:5904
- C:\Windows\System\bFAlaPq.exe
  C:\Windows\System\bFAlaPq.exe
  2⤵
  PID:5956
- C:\Windows\System\BehBUKD.exe
  C:\Windows\System\BehBUKD.exe
  2⤵
  PID:5960
- C:\Windows\System\yTqdytV.exe
  C:\Windows\System\yTqdytV.exe
  2⤵
  PID:6008
- C:\Windows\System\UfDVHxH.exe
  C:\Windows\System\UfDVHxH.exe
  2⤵
  PID:6048
- C:\Windows\System\pHNgMsI.exe
  C:\Windows\System\pHNgMsI.exe
  2⤵
  PID:6080
- C:\Windows\System\ykorhAL.exe
  C:\Windows\System\ykorhAL.exe
  2⤵
  PID:6120
- C:\Windows\System\bYHlGkS.exe
  C:\Windows\System\bYHlGkS.exe
  2⤵
  PID:6140
- C:\Windows\System\zErEufX.exe
  C:\Windows\System\zErEufX.exe
  2⤵
  PID:2680
- C:\Windows\System\rKpjVqF.exe
  C:\Windows\System\rKpjVqF.exe
  2⤵
  PID:4296
- C:\Windows\System\gFvchgi.exe
  C:\Windows\System\gFvchgi.exe
  2⤵
  PID:4236
- C:\Windows\System\ttkRGNv.exe
  C:\Windows\System\ttkRGNv.exe
  2⤵
  PID:4504
- C:\Windows\System\CfCXott.exe
  C:\Windows\System\CfCXott.exe
  2⤵
  PID:4784
- C:\Windows\System\DgEGqOt.exe
  C:\Windows\System\DgEGqOt.exe
  2⤵
  PID:4884
- C:\Windows\System\zSdCVrY.exe
  C:\Windows\System\zSdCVrY.exe
  2⤵
  PID:5084
- C:\Windows\System\QZHWYZn.exe
  C:\Windows\System\QZHWYZn.exe
  2⤵
  PID:3776
- C:\Windows\System\wcKZHvK.exe
  C:\Windows\System\wcKZHvK.exe
  2⤵
  PID:3920
- C:\Windows\System\pYtuyfo.exe
  C:\Windows\System\pYtuyfo.exe
  2⤵
  PID:5136
- C:\Windows\System\SfaDLMo.exe
  C:\Windows\System\SfaDLMo.exe
  2⤵
  PID:5220
- C:\Windows\System\lQVifiR.exe
  C:\Windows\System\lQVifiR.exe
  2⤵
  PID:5296
- C:\Windows\System\gxrKYFG.exe
  C:\Windows\System\gxrKYFG.exe
  2⤵
  PID:5352
- C:\Windows\System\AmGblkF.exe
  C:\Windows\System\AmGblkF.exe
  2⤵
  PID:5396
- C:\Windows\System\NLGaFJf.exe
  C:\Windows\System\NLGaFJf.exe
  2⤵
  PID:5440
- C:\Windows\System\qVKiLgS.exe
  C:\Windows\System\qVKiLgS.exe
  2⤵
  PID:5480
- C:\Windows\System\cQaCmLl.exe
  C:\Windows\System\cQaCmLl.exe
  2⤵
  PID:5536
- C:\Windows\System\vXjqkeJ.exe
  C:\Windows\System\vXjqkeJ.exe
  2⤵
  PID:5640
- C:\Windows\System\hDfYeHz.exe
  C:\Windows\System\hDfYeHz.exe
  2⤵
  PID:5720
- C:\Windows\System\qFsbuUU.exe
  C:\Windows\System\qFsbuUU.exe
  2⤵
  PID:5680
- C:\Windows\System\KYSbYWY.exe
  C:\Windows\System\KYSbYWY.exe
  2⤵
  PID:5776
- C:\Windows\System\ddgXbBD.exe
  C:\Windows\System\ddgXbBD.exe
  2⤵
  PID:5836
- C:\Windows\System\TiZVusK.exe
  C:\Windows\System\TiZVusK.exe
  2⤵
  PID:5884
- C:\Windows\System\JOVQKsN.exe
  C:\Windows\System\JOVQKsN.exe
  2⤵
  PID:5976
- C:\Windows\System\MdkDBPd.exe
  C:\Windows\System\MdkDBPd.exe
  2⤵
  PID:6020
- C:\Windows\System\OEgullZ.exe
  C:\Windows\System\OEgullZ.exe
  2⤵
  PID:6068
- C:\Windows\System\WWtysQS.exe
  C:\Windows\System\WWtysQS.exe
  2⤵
  PID:2400
- C:\Windows\System\yKnBbhQ.exe
  C:\Windows\System\yKnBbhQ.exe
  2⤵
  PID:4112
- C:\Windows\System\goZtuFE.exe
  C:\Windows\System\goZtuFE.exe
  2⤵
  PID:6156
- C:\Windows\System\qBrlbzB.exe
  C:\Windows\System\qBrlbzB.exe
  2⤵
  PID:6176
- C:\Windows\System\DeDJJqS.exe
  C:\Windows\System\DeDJJqS.exe
  2⤵
  PID:6196
- C:\Windows\System\acCNmFc.exe
  C:\Windows\System\acCNmFc.exe
  2⤵
  PID:6216
- C:\Windows\System\ubqZdFG.exe
  C:\Windows\System\ubqZdFG.exe
  2⤵
  PID:6236
- C:\Windows\System\SlIwyzD.exe
  C:\Windows\System\SlIwyzD.exe
  2⤵
  PID:6256
- C:\Windows\System\SyJBkqz.exe
  C:\Windows\System\SyJBkqz.exe
  2⤵
  PID:6276
- C:\Windows\System\htiEYwi.exe
  C:\Windows\System\htiEYwi.exe
  2⤵
  PID:6296
- C:\Windows\System\kvEfrjl.exe
  C:\Windows\System\kvEfrjl.exe
  2⤵
  PID:6316
- C:\Windows\System\rUMadGq.exe
  C:\Windows\System\rUMadGq.exe
  2⤵
  PID:6336
- C:\Windows\System\xtIiiqv.exe
  C:\Windows\System\xtIiiqv.exe
  2⤵
  PID:6356
- C:\Windows\System\vBERxEJ.exe
  C:\Windows\System\vBERxEJ.exe
  2⤵
  PID:6376
- C:\Windows\System\cbkoYiE.exe
  C:\Windows\System\cbkoYiE.exe
  2⤵
  PID:6396
- C:\Windows\System\VwLXaOP.exe
  C:\Windows\System\VwLXaOP.exe
  2⤵
  PID:6416
- C:\Windows\System\vuDDrJM.exe
  C:\Windows\System\vuDDrJM.exe
  2⤵
  PID:6436
- C:\Windows\System\knKCouX.exe
  C:\Windows\System\knKCouX.exe
  2⤵
  PID:6456
- C:\Windows\System\SPpuGPJ.exe
  C:\Windows\System\SPpuGPJ.exe
  2⤵
  PID:6476
- C:\Windows\System\dcJzCvV.exe
  C:\Windows\System\dcJzCvV.exe
  2⤵
  PID:6496
- C:\Windows\System\YtfqyKK.exe
  C:\Windows\System\YtfqyKK.exe
  2⤵
  PID:6516
- C:\Windows\System\UyWXOeS.exe
  C:\Windows\System\UyWXOeS.exe
  2⤵
  PID:6536
- C:\Windows\System\RaDUnln.exe
  C:\Windows\System\RaDUnln.exe
  2⤵
  PID:6556
- C:\Windows\System\kyJCCFc.exe
  C:\Windows\System\kyJCCFc.exe
  2⤵
  PID:6580
- C:\Windows\System\WRPVFtr.exe
  C:\Windows\System\WRPVFtr.exe
  2⤵
  PID:6600
- C:\Windows\System\FEtRMPX.exe
  C:\Windows\System\FEtRMPX.exe
  2⤵
  PID:6620
- C:\Windows\System\tsrTxgJ.exe
  C:\Windows\System\tsrTxgJ.exe
  2⤵
  PID:6640
- C:\Windows\System\ACEBKmZ.exe
  C:\Windows\System\ACEBKmZ.exe
  2⤵
  PID:6660
- C:\Windows\System\ARSdyGv.exe
  C:\Windows\System\ARSdyGv.exe
  2⤵
  PID:6680
- C:\Windows\System\UkQYtYb.exe
  C:\Windows\System\UkQYtYb.exe
  2⤵
  PID:6700
- C:\Windows\System\aCvJLrX.exe
  C:\Windows\System\aCvJLrX.exe
  2⤵
  PID:6720
- C:\Windows\System\NiuuDZC.exe
  C:\Windows\System\NiuuDZC.exe
  2⤵
  PID:6740
- C:\Windows\System\yGXcoaQ.exe
  C:\Windows\System\yGXcoaQ.exe
  2⤵
  PID:6760
- C:\Windows\System\Tkedjvf.exe
  C:\Windows\System\Tkedjvf.exe
  2⤵
  PID:6780
- C:\Windows\System\WzRZofD.exe
  C:\Windows\System\WzRZofD.exe
  2⤵
  PID:6800
- C:\Windows\System\syEFSke.exe
  C:\Windows\System\syEFSke.exe
  2⤵
  PID:6820
- C:\Windows\System\uGEQUlu.exe
  C:\Windows\System\uGEQUlu.exe
  2⤵
  PID:6840
- C:\Windows\System\qvaXDNG.exe
  C:\Windows\System\qvaXDNG.exe
  2⤵
  PID:6860
- C:\Windows\System\ZSBEdTh.exe
  C:\Windows\System\ZSBEdTh.exe
  2⤵
  PID:6880
- C:\Windows\System\ioEnDFE.exe
  C:\Windows\System\ioEnDFE.exe
  2⤵
  PID:6900
- C:\Windows\System\OQpGWfC.exe
  C:\Windows\System\OQpGWfC.exe
  2⤵
  PID:6920
- C:\Windows\System\vMSsgKm.exe
  C:\Windows\System\vMSsgKm.exe
  2⤵
  PID:6940
- C:\Windows\System\NzQMmOF.exe
  C:\Windows\System\NzQMmOF.exe
  2⤵
  PID:6960
- C:\Windows\System\CjzbVKP.exe
  C:\Windows\System\CjzbVKP.exe
  2⤵
  PID:6980
- C:\Windows\System\oSjptpj.exe
  C:\Windows\System\oSjptpj.exe
  2⤵
  PID:7000
- C:\Windows\System\GgBxoln.exe
  C:\Windows\System\GgBxoln.exe
  2⤵
  PID:7020
- C:\Windows\System\xIxqaYY.exe
  C:\Windows\System\xIxqaYY.exe
  2⤵
  PID:7040
- C:\Windows\System\LkyZTLP.exe
  C:\Windows\System\LkyZTLP.exe
  2⤵
  PID:7060
- C:\Windows\System\GIZAVYU.exe
  C:\Windows\System\GIZAVYU.exe
  2⤵
  PID:7080
- C:\Windows\System\cXCiLNR.exe
  C:\Windows\System\cXCiLNR.exe
  2⤵
  PID:7100
- C:\Windows\System\ofnKEvF.exe
  C:\Windows\System\ofnKEvF.exe
  2⤵
  PID:7120
- C:\Windows\System\PssyMjf.exe
  C:\Windows\System\PssyMjf.exe
  2⤵
  PID:7140
- C:\Windows\System\GXiHNST.exe
  C:\Windows\System\GXiHNST.exe
  2⤵
  PID:7160
- C:\Windows\System\NeJktye.exe
  C:\Windows\System\NeJktye.exe
  2⤵
  PID:4276
- C:\Windows\System\XiwKufA.exe
  C:\Windows\System\XiwKufA.exe
  2⤵
  PID:4720
- C:\Windows\System\vtigXDF.exe
  C:\Windows\System\vtigXDF.exe
  2⤵
  PID:5024
- C:\Windows\System\oWyLZjk.exe
  C:\Windows\System\oWyLZjk.exe
  2⤵
  PID:4060
- C:\Windows\System\kvixOJj.exe
  C:\Windows\System\kvixOJj.exe
  2⤵
  PID:5192
- C:\Windows\System\tPwJHQU.exe
  C:\Windows\System\tPwJHQU.exe
  2⤵
  PID:5176
- C:\Windows\System\NGIPTUt.exe
  C:\Windows\System\NGIPTUt.exe
  2⤵
  PID:5376
- C:\Windows\System\sOuqmRS.exe
  C:\Windows\System\sOuqmRS.exe
  2⤵
  PID:5464
- C:\Windows\System\aDpDagU.exe
  C:\Windows\System\aDpDagU.exe
  2⤵
  PID:5596
- C:\Windows\System\UjMFppY.exe
  C:\Windows\System\UjMFppY.exe
  2⤵
  PID:5576
- C:\Windows\System\rlznBQm.exe
  C:\Windows\System\rlznBQm.exe
  2⤵
  PID:5624
- C:\Windows\System\mZEBsJO.exe
  C:\Windows\System\mZEBsJO.exe
  2⤵
  PID:5832
- C:\Windows\System\wNrELDc.exe
  C:\Windows\System\wNrELDc.exe
  2⤵
  PID:5920
- C:\Windows\System\CuuIMtU.exe
  C:\Windows\System\CuuIMtU.exe
  2⤵
  PID:5980
- C:\Windows\System\OiCCFCV.exe
  C:\Windows\System\OiCCFCV.exe
  2⤵
  PID:6028
- C:\Windows\System\QkBQRhU.exe
  C:\Windows\System\QkBQRhU.exe
  2⤵
  PID:6100
- C:\Windows\System\kdjGfOC.exe
  C:\Windows\System\kdjGfOC.exe
  2⤵
  PID:6172
- C:\Windows\System\UZiKlrc.exe
  C:\Windows\System\UZiKlrc.exe
  2⤵
  PID:6188
- C:\Windows\System\ehqaRol.exe
  C:\Windows\System\ehqaRol.exe
  2⤵
  PID:6252
- C:\Windows\System\ZmfFnvj.exe
  C:\Windows\System\ZmfFnvj.exe
  2⤵
  PID:6264
- C:\Windows\System\yOuszOn.exe
  C:\Windows\System\yOuszOn.exe
  2⤵
  PID:6288
- C:\Windows\System\BCvRRNz.exe
  C:\Windows\System\BCvRRNz.exe
  2⤵
  PID:6332
- C:\Windows\System\BgegwUL.exe
  C:\Windows\System\BgegwUL.exe
  2⤵
  PID:6364
- C:\Windows\System\IYCDFUo.exe
  C:\Windows\System\IYCDFUo.exe
  2⤵
  PID:6392
- C:\Windows\System\JWtvDDx.exe
  C:\Windows\System\JWtvDDx.exe
  2⤵
  PID:6444
- C:\Windows\System\AVqcxLD.exe
  C:\Windows\System\AVqcxLD.exe
  2⤵
  PID:6448
- C:\Windows\System\WfORDel.exe
  C:\Windows\System\WfORDel.exe
  2⤵
  PID:6492
- C:\Windows\System\OGEICxW.exe
  C:\Windows\System\OGEICxW.exe
  2⤵
  PID:6532
- C:\Windows\System\RAvaDss.exe
  C:\Windows\System\RAvaDss.exe
  2⤵
  PID:6548
- C:\Windows\System\jzRgMkl.exe
  C:\Windows\System\jzRgMkl.exe
  2⤵
  PID:6596
- C:\Windows\System\iOjRoqo.exe
  C:\Windows\System\iOjRoqo.exe
  2⤵
  PID:6636
- C:\Windows\System\JFBYXoN.exe
  C:\Windows\System\JFBYXoN.exe
  2⤵
  PID:6652
- C:\Windows\System\yfnKUJN.exe
  C:\Windows\System\yfnKUJN.exe
  2⤵
  PID:6672
- C:\Windows\System\UhbgciK.exe
  C:\Windows\System\UhbgciK.exe
  2⤵
  PID:6716
- C:\Windows\System\pBEyzMY.exe
  C:\Windows\System\pBEyzMY.exe
  2⤵
  PID:6768
- C:\Windows\System\mBpftkZ.exe
  C:\Windows\System\mBpftkZ.exe
  2⤵
  PID:6788
- C:\Windows\System\DORwYyu.exe
  C:\Windows\System\DORwYyu.exe
  2⤵
  PID:6812
- C:\Windows\System\HiOpYrr.exe
  C:\Windows\System\HiOpYrr.exe
  2⤵
  PID:6856
- C:\Windows\System\sDOqGna.exe
  C:\Windows\System\sDOqGna.exe
  2⤵
  PID:6872
- C:\Windows\System\LcwlBev.exe
  C:\Windows\System\LcwlBev.exe
  2⤵
  PID:6916
- C:\Windows\System\GSgRKQj.exe
  C:\Windows\System\GSgRKQj.exe
  2⤵
  PID:6968
- C:\Windows\System\cDXiDVM.exe
  C:\Windows\System\cDXiDVM.exe
  2⤵
  PID:2728
- C:\Windows\System\YCfQPgu.exe
  C:\Windows\System\YCfQPgu.exe
  2⤵
  PID:7016
- C:\Windows\System\tacKscu.exe
  C:\Windows\System\tacKscu.exe
  2⤵
  PID:7056
- C:\Windows\System\clvrXtQ.exe
  C:\Windows\System\clvrXtQ.exe
  2⤵
  PID:7076
- C:\Windows\System\RPIWkDU.exe
  C:\Windows\System\RPIWkDU.exe
  2⤵
  PID:1476
- C:\Windows\System\TVKoufu.exe
  C:\Windows\System\TVKoufu.exe
  2⤵
  PID:7136
- C:\Windows\System\LhQUEpQ.exe
  C:\Windows\System\LhQUEpQ.exe
  2⤵
  PID:4480
- C:\Windows\System\jsowESb.exe
  C:\Windows\System\jsowESb.exe
  2⤵
  PID:4964
- C:\Windows\System\vsveumm.exe
  C:\Windows\System\vsveumm.exe
  2⤵
  PID:2320
- C:\Windows\System\axdrUcb.exe
  C:\Windows\System\axdrUcb.exe
  2⤵
  PID:5180
- C:\Windows\System\aeKkSWu.exe
  C:\Windows\System\aeKkSWu.exe
  2⤵
  PID:5232
- C:\Windows\System\rescorv.exe
  C:\Windows\System\rescorv.exe
  2⤵
  PID:5516
- C:\Windows\System\FzJeUoJ.exe
  C:\Windows\System\FzJeUoJ.exe
  2⤵
  PID:5684
- C:\Windows\System\gQEOxtP.exe
  C:\Windows\System\gQEOxtP.exe
  2⤵
  PID:5876
- C:\Windows\System\FvSFaCy.exe
  C:\Windows\System\FvSFaCy.exe
  2⤵
  PID:5940
- C:\Windows\System\pqRRHHU.exe
  C:\Windows\System\pqRRHHU.exe
  2⤵
  PID:6124
- C:\Windows\System\Llsuxdc.exe
  C:\Windows\System\Llsuxdc.exe
  2⤵
  PID:4212
- C:\Windows\System\bPHowfs.exe
  C:\Windows\System\bPHowfs.exe
  2⤵
  PID:6168
- C:\Windows\System\XsYqcYI.exe
  C:\Windows\System\XsYqcYI.exe
  2⤵
  PID:6292
- C:\Windows\System\TTspoPc.exe
  C:\Windows\System\TTspoPc.exe
  2⤵
  PID:6352
- C:\Windows\System\XRKzRHB.exe
  C:\Windows\System\XRKzRHB.exe
  2⤵
  PID:6412
- C:\Windows\System\ekSwJIP.exe
  C:\Windows\System\ekSwJIP.exe
  2⤵
  PID:6484
- C:\Windows\System\gbnyeSC.exe
  C:\Windows\System\gbnyeSC.exe
  2⤵
  PID:6428
- C:\Windows\System\baXrOwz.exe
  C:\Windows\System\baXrOwz.exe
  2⤵
  PID:6508
- C:\Windows\System\yXqnoKB.exe
  C:\Windows\System\yXqnoKB.exe
  2⤵
  PID:6576
- C:\Windows\System\VmMmCBF.exe
  C:\Windows\System\VmMmCBF.exe
  2⤵
  PID:6676
- C:\Windows\System\xfDoztq.exe
  C:\Windows\System\xfDoztq.exe
  2⤵
  PID:6736
- C:\Windows\System\lNYlXFs.exe
  C:\Windows\System\lNYlXFs.exe
  2⤵
  PID:6712
- C:\Windows\System\CdhAugU.exe
  C:\Windows\System\CdhAugU.exe
  2⤵
  PID:6888
- C:\Windows\System\UjQyQjC.exe
  C:\Windows\System\UjQyQjC.exe
  2⤵
  PID:6848
- C:\Windows\System\NAYdLVQ.exe
  C:\Windows\System\NAYdLVQ.exe
  2⤵
  PID:6932
- C:\Windows\System\ZSoqhus.exe
  C:\Windows\System\ZSoqhus.exe
  2⤵
  PID:6996
- C:\Windows\System\nfopATm.exe
  C:\Windows\System\nfopATm.exe
  2⤵
  PID:7048
- C:\Windows\System\dJZVZAF.exe
  C:\Windows\System\dJZVZAF.exe
  2⤵
  PID:7112
- C:\Windows\System\QMWbEnu.exe
  C:\Windows\System\QMWbEnu.exe
  2⤵
  PID:4396
- C:\Windows\System\TZIFFIS.exe
  C:\Windows\System\TZIFFIS.exe
  2⤵
  PID:4376
- C:\Windows\System\CLZTzjB.exe
  C:\Windows\System\CLZTzjB.exe
  2⤵
  PID:4460
- C:\Windows\System\XwRgoFW.exe
  C:\Windows\System\XwRgoFW.exe
  2⤵
  PID:5260
- C:\Windows\System\QcAcKXq.exe
  C:\Windows\System\QcAcKXq.exe
  2⤵
  PID:5696
- C:\Windows\System\ciqMrlR.exe
  C:\Windows\System\ciqMrlR.exe
  2⤵
  PID:5740
- C:\Windows\System\WQjRSwY.exe
  C:\Windows\System\WQjRSwY.exe
  2⤵
  PID:6164
- C:\Windows\System\nkbIYGJ.exe
  C:\Windows\System\nkbIYGJ.exe
  2⤵
  PID:6152
- C:\Windows\System\xSfxRZE.exe
  C:\Windows\System\xSfxRZE.exe
  2⤵
  PID:6268
- C:\Windows\System\DrjdXAE.exe
  C:\Windows\System\DrjdXAE.exe
  2⤵
  PID:7184
- C:\Windows\System\RhOmPkR.exe
  C:\Windows\System\RhOmPkR.exe
  2⤵
  PID:7204
- C:\Windows\System\fFsQVZT.exe
  C:\Windows\System\fFsQVZT.exe
  2⤵
  PID:7224
- C:\Windows\System\jwlLApU.exe
  C:\Windows\System\jwlLApU.exe
  2⤵
  PID:7244
- C:\Windows\System\RRgocDO.exe
  C:\Windows\System\RRgocDO.exe
  2⤵
  PID:7264
- C:\Windows\System\mVyzcTR.exe
  C:\Windows\System\mVyzcTR.exe
  2⤵
  PID:7284
- C:\Windows\System\JSoMsTY.exe
  C:\Windows\System\JSoMsTY.exe
  2⤵
  PID:7304
- C:\Windows\System\SmEBIWc.exe
  C:\Windows\System\SmEBIWc.exe
  2⤵
  PID:7324
- C:\Windows\System\NnFjnCU.exe
  C:\Windows\System\NnFjnCU.exe
  2⤵
  PID:7344
- C:\Windows\System\XJjXGap.exe
  C:\Windows\System\XJjXGap.exe
  2⤵
  PID:7364
- C:\Windows\System\zEtiHvu.exe
  C:\Windows\System\zEtiHvu.exe
  2⤵
  PID:7384
- C:\Windows\System\eKgUCaz.exe
  C:\Windows\System\eKgUCaz.exe
  2⤵
  PID:7404
- C:\Windows\System\WumNVUw.exe
  C:\Windows\System\WumNVUw.exe
  2⤵
  PID:7424
- C:\Windows\System\ySXfDvL.exe
  C:\Windows\System\ySXfDvL.exe
  2⤵
  PID:7440
- C:\Windows\System\gQxmEJg.exe
  C:\Windows\System\gQxmEJg.exe
  2⤵
  PID:7464
- C:\Windows\System\UYGVyYb.exe
  C:\Windows\System\UYGVyYb.exe
  2⤵
  PID:7484
- C:\Windows\System\MlyNmrv.exe
  C:\Windows\System\MlyNmrv.exe
  2⤵
  PID:7504
- C:\Windows\System\WkIMfXK.exe
  C:\Windows\System\WkIMfXK.exe
  2⤵
  PID:7524
- C:\Windows\System\LyAeNwy.exe
  C:\Windows\System\LyAeNwy.exe
  2⤵
  PID:7544
- C:\Windows\System\aEyzJiX.exe
  C:\Windows\System\aEyzJiX.exe
  2⤵
  PID:7564
- C:\Windows\System\iLqjTQT.exe
  C:\Windows\System\iLqjTQT.exe
  2⤵
  PID:7580
- C:\Windows\System\VZTlAmD.exe
  C:\Windows\System\VZTlAmD.exe
  2⤵
  PID:7604
- C:\Windows\System\SWaizEP.exe
  C:\Windows\System\SWaizEP.exe
  2⤵
  PID:7624
- C:\Windows\System\OMncPid.exe
  C:\Windows\System\OMncPid.exe
  2⤵
  PID:7644
- C:\Windows\System\AIEMEVP.exe
  C:\Windows\System\AIEMEVP.exe
  2⤵
  PID:7664
- C:\Windows\System\hZnDozV.exe
  C:\Windows\System\hZnDozV.exe
  2⤵
  PID:7684
- C:\Windows\System\VmqJAlh.exe
  C:\Windows\System\VmqJAlh.exe
  2⤵
  PID:7704
- C:\Windows\System\XOFJGhd.exe
  C:\Windows\System\XOFJGhd.exe
  2⤵
  PID:7724
- C:\Windows\System\uctqExE.exe
  C:\Windows\System\uctqExE.exe
  2⤵
  PID:7744
- C:\Windows\System\hYCuMUy.exe
  C:\Windows\System\hYCuMUy.exe
  2⤵
  PID:7764
- C:\Windows\System\pWAPJpy.exe
  C:\Windows\System\pWAPJpy.exe
  2⤵
  PID:7784
- C:\Windows\System\zbpiuWM.exe
  C:\Windows\System\zbpiuWM.exe
  2⤵
  PID:7808
- C:\Windows\System\Qkzjxeu.exe
  C:\Windows\System\Qkzjxeu.exe
  2⤵
  PID:7828
- C:\Windows\System\DZNTqjl.exe
  C:\Windows\System\DZNTqjl.exe
  2⤵
  PID:7844
- C:\Windows\System\eGwkqTi.exe
  C:\Windows\System\eGwkqTi.exe
  2⤵
  PID:7868
- C:\Windows\System\SGNMQbn.exe
  C:\Windows\System\SGNMQbn.exe
  2⤵
  PID:7888
- C:\Windows\System\mPAoalJ.exe
  C:\Windows\System\mPAoalJ.exe
  2⤵
  PID:7904
- C:\Windows\System\vrnMfVS.exe
  C:\Windows\System\vrnMfVS.exe
  2⤵
  PID:7928
- C:\Windows\System\xlZTRYp.exe
  C:\Windows\System\xlZTRYp.exe
  2⤵
  PID:7948
- C:\Windows\System\KfxPyOV.exe
  C:\Windows\System\KfxPyOV.exe
  2⤵
  PID:7964
- C:\Windows\System\ZYGxglZ.exe
  C:\Windows\System\ZYGxglZ.exe
  2⤵
  PID:7988
- C:\Windows\System\TRfYNDB.exe
  C:\Windows\System\TRfYNDB.exe
  2⤵
  PID:8004
- C:\Windows\System\QBAUTVK.exe
  C:\Windows\System\QBAUTVK.exe
  2⤵
  PID:8024
- C:\Windows\System\NJsntlv.exe
  C:\Windows\System\NJsntlv.exe
  2⤵
  PID:8048
- C:\Windows\System\VlnyIRo.exe
  C:\Windows\System\VlnyIRo.exe
  2⤵
  PID:8068
- C:\Windows\System\AgBfUEW.exe
  C:\Windows\System\AgBfUEW.exe
  2⤵
  PID:8088
- C:\Windows\System\ZrIUxsC.exe
  C:\Windows\System\ZrIUxsC.exe
  2⤵
  PID:8108
- C:\Windows\System\jgQkNAw.exe
  C:\Windows\System\jgQkNAw.exe
  2⤵
  PID:8128
- C:\Windows\System\vIvfOAY.exe
  C:\Windows\System\vIvfOAY.exe
  2⤵
  PID:8148
- C:\Windows\System\MGoiFYh.exe
  C:\Windows\System\MGoiFYh.exe
  2⤵
  PID:8168
- C:\Windows\System\fmFrbpd.exe
  C:\Windows\System\fmFrbpd.exe
  2⤵
  PID:8188
- C:\Windows\System\qTGCmcY.exe
  C:\Windows\System\qTGCmcY.exe
  2⤵
  PID:6324
- C:\Windows\System\lFdWgVU.exe
  C:\Windows\System\lFdWgVU.exe
  2⤵
  PID:6544
- C:\Windows\System\JPRLcsK.exe
  C:\Windows\System\JPRLcsK.exe
  2⤵
  PID:6612
- C:\Windows\System\CYlnIxg.exe
  C:\Windows\System\CYlnIxg.exe
  2⤵
  PID:6632
- C:\Windows\System\MCDVzmH.exe
  C:\Windows\System\MCDVzmH.exe
  2⤵
  PID:6732
- C:\Windows\System\VOSQlUP.exe
  C:\Windows\System\VOSQlUP.exe
  2⤵
  PID:6792
- C:\Windows\System\PsHmQiL.exe
  C:\Windows\System\PsHmQiL.exe
  2⤵
  PID:6952
- C:\Windows\System\nbNcULr.exe
  C:\Windows\System\nbNcULr.exe
  2⤵
  PID:7032
- C:\Windows\System\jJDjAEt.exe
  C:\Windows\System\jJDjAEt.exe
  2⤵
  PID:6988
- C:\Windows\System\RCgmjkw.exe
  C:\Windows\System\RCgmjkw.exe
  2⤵
  PID:2628
- C:\Windows\System\LFwqpTr.exe
  C:\Windows\System\LFwqpTr.exe
  2⤵
  PID:1892
- C:\Windows\System\niCnjhs.exe
  C:\Windows\System\niCnjhs.exe
  2⤵
  PID:6024
- C:\Windows\System\DAWifMx.exe
  C:\Windows\System\DAWifMx.exe
  2⤵
  PID:5784
- C:\Windows\System\TCUFBlX.exe
  C:\Windows\System\TCUFBlX.exe
  2⤵
  PID:5936
- C:\Windows\System\FbbgxUM.exe
  C:\Windows\System\FbbgxUM.exe
  2⤵
  PID:7180
- C:\Windows\System\pDzKEhN.exe
  C:\Windows\System\pDzKEhN.exe
  2⤵
  PID:7192
- C:\Windows\System\mNxQiZj.exe
  C:\Windows\System\mNxQiZj.exe
  2⤵
  PID:7252
- C:\Windows\System\LcGqdtI.exe
  C:\Windows\System\LcGqdtI.exe
  2⤵
  PID:7292
- C:\Windows\System\RWdAArB.exe
  C:\Windows\System\RWdAArB.exe
  2⤵
  PID:7332
- C:\Windows\System\GgoXApf.exe
  C:\Windows\System\GgoXApf.exe
  2⤵
  PID:7336
- C:\Windows\System\EAinKxo.exe
  C:\Windows\System\EAinKxo.exe
  2⤵
  PID:7360
- C:\Windows\System\dDELSHy.exe
  C:\Windows\System\dDELSHy.exe
  2⤵
  PID:7416
- C:\Windows\System\kTjSMiK.exe
  C:\Windows\System\kTjSMiK.exe
  2⤵
  PID:7396
- C:\Windows\System\qMExgrK.exe
  C:\Windows\System\qMExgrK.exe
  2⤵
  PID:7492
- C:\Windows\System\zUHWZfD.exe
  C:\Windows\System\zUHWZfD.exe
  2⤵
  PID:7480
- C:\Windows\System\IRvvatr.exe
  C:\Windows\System\IRvvatr.exe
  2⤵
  PID:7516
- C:\Windows\System\dcMnvaW.exe
  C:\Windows\System\dcMnvaW.exe
  2⤵
  PID:7560
- C:\Windows\System\AuxuJiF.exe
  C:\Windows\System\AuxuJiF.exe
  2⤵
  PID:7588
- C:\Windows\System\DzZfdBp.exe
  C:\Windows\System\DzZfdBp.exe
  2⤵
  PID:7652
- C:\Windows\System\ZJIcqwS.exe
  C:\Windows\System\ZJIcqwS.exe
  2⤵
  PID:7692
- C:\Windows\System\EVlTtQh.exe
  C:\Windows\System\EVlTtQh.exe
  2⤵
  PID:7680
- C:\Windows\System\ZlvABPd.exe
  C:\Windows\System\ZlvABPd.exe
  2⤵
  PID:7740
- C:\Windows\System\hBZnXlB.exe
  C:\Windows\System\hBZnXlB.exe
  2⤵
  PID:7760
- C:\Windows\System\TgqoEKI.exe
  C:\Windows\System\TgqoEKI.exe
  2⤵
  PID:7820
- C:\Windows\System\BIkGrns.exe
  C:\Windows\System\BIkGrns.exe
  2⤵
  PID:7796
- C:\Windows\System\ZQsEqFI.exe
  C:\Windows\System\ZQsEqFI.exe
  2⤵
  PID:7896
- C:\Windows\System\RGRXeKM.exe
  C:\Windows\System\RGRXeKM.exe
  2⤵
  PID:7936
- C:\Windows\System\ckSaOVR.exe
  C:\Windows\System\ckSaOVR.exe
  2⤵
  PID:7920
- C:\Windows\System\wbQUgIH.exe
  C:\Windows\System\wbQUgIH.exe
  2⤵
  PID:7984
- C:\Windows\System\foqkYiP.exe
  C:\Windows\System\foqkYiP.exe
  2⤵
  PID:8020
- C:\Windows\System\izrNtTI.exe
  C:\Windows\System\izrNtTI.exe
  2⤵
  PID:8032
- C:\Windows\System\GbUEgld.exe
  C:\Windows\System\GbUEgld.exe
  2⤵
  PID:8056
- C:\Windows\System\WRtwTCE.exe
  C:\Windows\System\WRtwTCE.exe
  2⤵
  PID:8104
- C:\Windows\System\hWDPeXD.exe
  C:\Windows\System\hWDPeXD.exe
  2⤵
  PID:8124
- C:\Windows\System\aXzUmkd.exe
  C:\Windows\System\aXzUmkd.exe
  2⤵
  PID:8156
- C:\Windows\System\gHDoYMl.exe
  C:\Windows\System\gHDoYMl.exe
  2⤵
  PID:8180
- C:\Windows\System\XyntvYe.exe
  C:\Windows\System\XyntvYe.exe
  2⤵
  PID:6368
- C:\Windows\System\MsyfqND.exe
  C:\Windows\System\MsyfqND.exe
  2⤵
  PID:6452
- C:\Windows\System\uFBwhuv.exe
  C:\Windows\System\uFBwhuv.exe
  2⤵
  PID:6796
- C:\Windows\System\ozhEllH.exe
  C:\Windows\System\ozhEllH.exe
  2⤵
  PID:6692
- C:\Windows\System\cyIPmok.exe
  C:\Windows\System\cyIPmok.exe
  2⤵
  PID:7068
- C:\Windows\System\YiLalfa.exe
  C:\Windows\System\YiLalfa.exe
  2⤵
  PID:7012
- C:\Windows\System\rdQJspX.exe
  C:\Windows\System\rdQJspX.exe
  2⤵
  PID:5804
- C:\Windows\System\XihgdFJ.exe
  C:\Windows\System\XihgdFJ.exe
  2⤵
  PID:6248
- C:\Windows\System\xxTtMNG.exe
  C:\Windows\System\xxTtMNG.exe
  2⤵
  PID:6344
- C:\Windows\System\aLkBDxj.exe
  C:\Windows\System\aLkBDxj.exe
  2⤵
  PID:6184
- C:\Windows\System\NsBzuzD.exe
  C:\Windows\System\NsBzuzD.exe
  2⤵
  PID:7240
- C:\Windows\System\ejmlgWq.exe
  C:\Windows\System\ejmlgWq.exe
  2⤵
  PID:7316
- C:\Windows\System\WCBhVZo.exe
  C:\Windows\System\WCBhVZo.exe
  2⤵
  PID:7420
- C:\Windows\System\GyHHEAn.exe
  C:\Windows\System\GyHHEAn.exe
  2⤵
  PID:7436
- C:\Windows\System\QMOMmgz.exe
  C:\Windows\System\QMOMmgz.exe
  2⤵
  PID:2100
- C:\Windows\System\gRnQOSb.exe
  C:\Windows\System\gRnQOSb.exe
  2⤵
  PID:7612
- C:\Windows\System\ACClHiC.exe
  C:\Windows\System\ACClHiC.exe
  2⤵
  PID:7572
- C:\Windows\System\CavSYaT.exe
  C:\Windows\System\CavSYaT.exe
  2⤵
  PID:7636
- C:\Windows\System\yXdaDLA.exe
  C:\Windows\System\yXdaDLA.exe
  2⤵
  PID:7716
- C:\Windows\System\DHNmSRS.exe
  C:\Windows\System\DHNmSRS.exe
  2⤵
  PID:7776
- C:\Windows\System\MhmDZTt.exe
  C:\Windows\System\MhmDZTt.exe
  2⤵
  PID:7816
- C:\Windows\System\DysJEqo.exe
  C:\Windows\System\DysJEqo.exe
  2⤵
  PID:7800
- C:\Windows\System\JDegSSh.exe
  C:\Windows\System\JDegSSh.exe
  2⤵
  PID:7916
- C:\Windows\System\OhgBPkq.exe
  C:\Windows\System\OhgBPkq.exe
  2⤵
  PID:2868
- C:\Windows\System\STflGCV.exe
  C:\Windows\System\STflGCV.exe
  2⤵
  PID:8040
- C:\Windows\System\PQxuCTq.exe
  C:\Windows\System\PQxuCTq.exe
  2⤵
  PID:8036
- C:\Windows\System\XsTsAAA.exe
  C:\Windows\System\XsTsAAA.exe
  2⤵
  PID:2420
- C:\Windows\System\kBRgrII.exe
  C:\Windows\System\kBRgrII.exe
  2⤵
  PID:8060
- C:\Windows\System\EeqlWWB.exe
  C:\Windows\System\EeqlWWB.exe
  2⤵
  PID:8140
- C:\Windows\System\XEAdZaZ.exe
  C:\Windows\System\XEAdZaZ.exe
  2⤵
  PID:1108
- C:\Windows\System\nqfCYcn.exe
  C:\Windows\System\nqfCYcn.exe
  2⤵
  PID:6552
- C:\Windows\System\fyuXhBo.exe
  C:\Windows\System\fyuXhBo.exe
  2⤵
  PID:6836
- C:\Windows\System\MAiuaRE.exe
  C:\Windows\System\MAiuaRE.exe
  2⤵
  PID:6616
- C:\Windows\System\HyrvcTF.exe
  C:\Windows\System\HyrvcTF.exe
  2⤵
  PID:3712
- C:\Windows\System\APdcpMw.exe
  C:\Windows\System\APdcpMw.exe
  2⤵
  PID:5236
- C:\Windows\System\qBbjJzb.exe
  C:\Windows\System\qBbjJzb.exe
  2⤵
  PID:5540
- C:\Windows\System\HgynalP.exe
  C:\Windows\System\HgynalP.exe
  2⤵
  PID:7272
- C:\Windows\System\ohjOIUr.exe
  C:\Windows\System\ohjOIUr.exe
  2⤵
  PID:7412
- C:\Windows\System\nyzEggT.exe
  C:\Windows\System\nyzEggT.exe
  2⤵
  PID:2744
- C:\Windows\System\dPfpJbk.exe
  C:\Windows\System\dPfpJbk.exe
  2⤵
  PID:7576
- C:\Windows\System\qNutBOT.exe
  C:\Windows\System\qNutBOT.exe
  2⤵
  PID:7672
- C:\Windows\System\SoPWjTd.exe
  C:\Windows\System\SoPWjTd.exe
  2⤵
  PID:7640
- C:\Windows\System\bwPifKq.exe
  C:\Windows\System\bwPifKq.exe
  2⤵
  PID:7752
- C:\Windows\System\jbTGjzI.exe
  C:\Windows\System\jbTGjzI.exe
  2⤵
  PID:8012
- C:\Windows\System\qPWKllg.exe
  C:\Windows\System\qPWKllg.exe
  2⤵
  PID:7960
- C:\Windows\System\WbLydRb.exe
  C:\Windows\System\WbLydRb.exe
  2⤵
  PID:8044
- C:\Windows\System\kEjeJwk.exe
  C:\Windows\System\kEjeJwk.exe
  2⤵
  PID:8160
- C:\Windows\System\mWCabvM.exe
  C:\Windows\System\mWCabvM.exe
  2⤵
  PID:2644
- C:\Windows\System\GIwNHeU.exe
  C:\Windows\System\GIwNHeU.exe
  2⤵
  PID:6868
- C:\Windows\System\warQeGO.exe
  C:\Windows\System\warQeGO.exe
  2⤵
  PID:6976
- C:\Windows\System\TTkiyfd.exe
  C:\Windows\System\TTkiyfd.exe
  2⤵
  PID:6628
- C:\Windows\System\pfOmQEy.exe
  C:\Windows\System\pfOmQEy.exe
  2⤵
  PID:6312
- C:\Windows\System\NFeqzSB.exe
  C:\Windows\System\NFeqzSB.exe
  2⤵
  PID:7196
- C:\Windows\System\lisCVIO.exe
  C:\Windows\System\lisCVIO.exe
  2⤵
  PID:7512
- C:\Windows\System\cmaBFrk.exe
  C:\Windows\System\cmaBFrk.exe
  2⤵
  PID:8208
- C:\Windows\System\QtwiiMi.exe
  C:\Windows\System\QtwiiMi.exe
  2⤵
  PID:8228
- C:\Windows\System\QEoxzHh.exe
  C:\Windows\System\QEoxzHh.exe
  2⤵
  PID:8248
- C:\Windows\System\lbvqlKD.exe
  C:\Windows\System\lbvqlKD.exe
  2⤵
  PID:8268
- C:\Windows\System\OWxrOhC.exe
  C:\Windows\System\OWxrOhC.exe
  2⤵
  PID:8284
- C:\Windows\System\DeaCLOQ.exe
  C:\Windows\System\DeaCLOQ.exe
  2⤵
  PID:8308
- C:\Windows\System\HzJtZKx.exe
  C:\Windows\System\HzJtZKx.exe
  2⤵
  PID:8328
- C:\Windows\System\OUIQCCs.exe
  C:\Windows\System\OUIQCCs.exe
  2⤵
  PID:8348
- C:\Windows\System\emQnRHQ.exe
  C:\Windows\System\emQnRHQ.exe
  2⤵
  PID:8368
- C:\Windows\System\snPnJyV.exe
  C:\Windows\System\snPnJyV.exe
  2⤵
  PID:8384
- C:\Windows\System\YLMbEps.exe
  C:\Windows\System\YLMbEps.exe
  2⤵
  PID:8408
- C:\Windows\System\lggxTJH.exe
  C:\Windows\System\lggxTJH.exe
  2⤵
  PID:8428
- C:\Windows\System\GClLPBd.exe
  C:\Windows\System\GClLPBd.exe
  2⤵
  PID:8444
- C:\Windows\System\MypkfWW.exe
  C:\Windows\System\MypkfWW.exe
  2⤵
  PID:8468
- C:\Windows\System\wXNhDmU.exe
  C:\Windows\System\wXNhDmU.exe
  2⤵
  PID:8484
- C:\Windows\System\JrntZHM.exe
  C:\Windows\System\JrntZHM.exe
  2⤵
  PID:8500
- C:\Windows\System\BXrmexV.exe
  C:\Windows\System\BXrmexV.exe
  2⤵
  PID:8516
- C:\Windows\System\ICRVbpD.exe
  C:\Windows\System\ICRVbpD.exe
  2⤵
  PID:8532
- C:\Windows\System\sntSPIM.exe
  C:\Windows\System\sntSPIM.exe
  2⤵
  PID:8548
- C:\Windows\System\fGfigwf.exe
  C:\Windows\System\fGfigwf.exe
  2⤵
  PID:8592
- C:\Windows\System\lIYgcIB.exe
  C:\Windows\System\lIYgcIB.exe
  2⤵
  PID:8608
- C:\Windows\System\owLctsw.exe
  C:\Windows\System\owLctsw.exe
  2⤵
  PID:8628
- C:\Windows\System\gVdNvSa.exe
  C:\Windows\System\gVdNvSa.exe
  2⤵
  PID:8648
- C:\Windows\System\NVZpWhV.exe
  C:\Windows\System\NVZpWhV.exe
  2⤵
  PID:8664
- C:\Windows\System\JvEpQNG.exe
  C:\Windows\System\JvEpQNG.exe
  2⤵
  PID:8680
- C:\Windows\System\oHDGwcJ.exe
  C:\Windows\System\oHDGwcJ.exe
  2⤵
  PID:8696
- C:\Windows\System\auvMRBU.exe
  C:\Windows\System\auvMRBU.exe
  2⤵
  PID:8716
- C:\Windows\System\AvdbXTI.exe
  C:\Windows\System\AvdbXTI.exe
  2⤵
  PID:8732
- C:\Windows\System\qDVvdYG.exe
  C:\Windows\System\qDVvdYG.exe
  2⤵
  PID:8748
- C:\Windows\System\uwkNpGU.exe
  C:\Windows\System\uwkNpGU.exe
  2⤵
  PID:8764
- C:\Windows\System\RoYycab.exe
  C:\Windows\System\RoYycab.exe
  2⤵
  PID:8780
- C:\Windows\System\LHuLOBg.exe
  C:\Windows\System\LHuLOBg.exe
  2⤵
  PID:8796
- C:\Windows\System\onATAwH.exe
  C:\Windows\System\onATAwH.exe
  2⤵
  PID:8812
- C:\Windows\System\whyROKU.exe
  C:\Windows\System\whyROKU.exe
  2⤵
  PID:8832
- C:\Windows\System\ztiMDrg.exe
  C:\Windows\System\ztiMDrg.exe
  2⤵
  PID:8848
- C:\Windows\System\SVyzWXo.exe
  C:\Windows\System\SVyzWXo.exe
  2⤵
  PID:8864
- C:\Windows\System\ubcvWbJ.exe
  C:\Windows\System\ubcvWbJ.exe
  2⤵
  PID:8880
- C:\Windows\System\cjcCWOJ.exe
  C:\Windows\System\cjcCWOJ.exe
  2⤵
  PID:8896
- C:\Windows\System\tdYrIhl.exe
  C:\Windows\System\tdYrIhl.exe
  2⤵
  PID:8912
- C:\Windows\System\WIkLDDu.exe
  C:\Windows\System\WIkLDDu.exe
  2⤵
  PID:8936
- C:\Windows\System\snbHpdO.exe
  C:\Windows\System\snbHpdO.exe
  2⤵
  PID:8960
- C:\Windows\System\yDhjvMs.exe
  C:\Windows\System\yDhjvMs.exe
  2⤵
  PID:8976
- C:\Windows\System\sgcgjno.exe
  C:\Windows\System\sgcgjno.exe
  2⤵
  PID:8992
- C:\Windows\System\kyzNmuo.exe
  C:\Windows\System\kyzNmuo.exe
  2⤵
  PID:9016
- C:\Windows\System\NSiWqyX.exe
  C:\Windows\System\NSiWqyX.exe
  2⤵
  PID:9056
- C:\Windows\System\XuKFRDG.exe
  C:\Windows\System\XuKFRDG.exe
  2⤵
  PID:9116
- C:\Windows\System\hPjINnp.exe
  C:\Windows\System\hPjINnp.exe
  2⤵
  PID:9136
- C:\Windows\System\YhUSQED.exe
  C:\Windows\System\YhUSQED.exe
  2⤵
  PID:9156
- C:\Windows\System\JjDmFdU.exe
  C:\Windows\System\JjDmFdU.exe
  2⤵
  PID:9172
- C:\Windows\System\wxvdvDT.exe
  C:\Windows\System\wxvdvDT.exe
  2⤵
  PID:9196
- C:\Windows\System\qFwseAJ.exe
  C:\Windows\System\qFwseAJ.exe
  2⤵
  PID:9212
- C:\Windows\System\lurdXmG.exe
  C:\Windows\System\lurdXmG.exe
  2⤵
  PID:7596
- C:\Windows\System\TwcdGRY.exe
  C:\Windows\System\TwcdGRY.exe
  2⤵
  PID:1464
- C:\Windows\System\QguBbuE.exe
  C:\Windows\System\QguBbuE.exe
  2⤵
  PID:7780
- C:\Windows\System\ADtDsHJ.exe
  C:\Windows\System\ADtDsHJ.exe
  2⤵
  PID:7972
- C:\Windows\System\yLoPpkx.exe
  C:\Windows\System\yLoPpkx.exe
  2⤵
  PID:8096
- C:\Windows\System\ztgAcDw.exe
  C:\Windows\System\ztgAcDw.exe
  2⤵
  PID:7092
- C:\Windows\System\fEEJWGJ.exe
  C:\Windows\System\fEEJWGJ.exe
  2⤵
  PID:5412
- C:\Windows\System\rzaYlih.exe
  C:\Windows\System\rzaYlih.exe
  2⤵
  PID:6208
- C:\Windows\System\mXwOFoa.exe
  C:\Windows\System\mXwOFoa.exe
  2⤵
  PID:7376
- C:\Windows\System\groaoQZ.exe
  C:\Windows\System\groaoQZ.exe
  2⤵
  PID:8256
- C:\Windows\System\ySsAEMM.exe
  C:\Windows\System\ySsAEMM.exe
  2⤵
  PID:8260
- C:\Windows\System\hGoDJRE.exe
  C:\Windows\System\hGoDJRE.exe
  2⤵
  PID:8276
- C:\Windows\System\cvfZAnN.exe
  C:\Windows\System\cvfZAnN.exe
  2⤵
  PID:8336
- C:\Windows\System\qSZoPhN.exe
  C:\Windows\System\qSZoPhN.exe
  2⤵
  PID:8340
- C:\Windows\System\rvzBUWN.exe
  C:\Windows\System\rvzBUWN.exe
  2⤵
  PID:8360
- C:\Windows\System\VoGeyTd.exe
  C:\Windows\System\VoGeyTd.exe
  2⤵
  PID:8404
- C:\Windows\System\KPAanmO.exe
  C:\Windows\System\KPAanmO.exe
  2⤵
  PID:8420
- C:\Windows\System\IakvlJW.exe
  C:\Windows\System\IakvlJW.exe
  2⤵
  PID:8436
- C:\Windows\System\vMeMTAz.exe
  C:\Windows\System\vMeMTAz.exe
  2⤵
  PID:8480
- C:\Windows\System\PHuHMyN.exe
  C:\Windows\System\PHuHMyN.exe
  2⤵
  PID:8524
- C:\Windows\System\lCoEeyx.exe
  C:\Windows\System\lCoEeyx.exe
  2⤵
  PID:8544
- C:\Windows\System\UZrtwLH.exe
  C:\Windows\System\UZrtwLH.exe
  2⤵
  PID:8568
- C:\Windows\System\LFUIPTx.exe
  C:\Windows\System\LFUIPTx.exe
  2⤵
  PID:8656
- C:\Windows\System\bCjdRAX.exe
  C:\Windows\System\bCjdRAX.exe
  2⤵
  PID:8660
- C:\Windows\System\aViIVZy.exe
  C:\Windows\System\aViIVZy.exe
  2⤵
  PID:8888
- C:\Windows\System\GUrQWDq.exe
  C:\Windows\System\GUrQWDq.exe
  2⤵
  PID:8920
- C:\Windows\System\WkrUhYx.exe
  C:\Windows\System\WkrUhYx.exe
  2⤵
  PID:8968
- C:\Windows\System\Xlydhwq.exe
  C:\Windows\System\Xlydhwq.exe
  2⤵
  PID:8956
- C:\Windows\System\YiqQhoD.exe
  C:\Windows\System\YiqQhoD.exe
  2⤵
  PID:9008
- C:\Windows\System\pHcojnQ.exe
  C:\Windows\System\pHcojnQ.exe
  2⤵
  PID:9032
- C:\Windows\System\FiVQYcE.exe
  C:\Windows\System\FiVQYcE.exe
  2⤵
  PID:9048
- C:\Windows\System\NxWzmkq.exe
  C:\Windows\System\NxWzmkq.exe
  2⤵
  PID:9072
- C:\Windows\System\QXokXju.exe
  C:\Windows\System\QXokXju.exe
  2⤵
  PID:9092
- C:\Windows\System\dBDYIlm.exe
  C:\Windows\System\dBDYIlm.exe
  2⤵
  PID:9108
- C:\Windows\System\bpQDxQw.exe
  C:\Windows\System\bpQDxQw.exe
  2⤵
  PID:2340
- C:\Windows\System\ZWuLUVi.exe
  C:\Windows\System\ZWuLUVi.exe
  2⤵
  PID:9144
- C:\Windows\System\eulIwPk.exe
  C:\Windows\System\eulIwPk.exe
  2⤵
  PID:9124
- C:\Windows\System\JRYRMLq.exe
  C:\Windows\System\JRYRMLq.exe
  2⤵
  PID:9180
- C:\Windows\System\VWkPccR.exe
  C:\Windows\System\VWkPccR.exe
  2⤵
  PID:9184
- C:\Windows\System\JMyfHRj.exe
  C:\Windows\System\JMyfHRj.exe
  2⤵
  PID:7696
- C:\Windows\System\hGIePKj.exe
  C:\Windows\System\hGIePKj.exe
  2⤵
  PID:2648
- C:\Windows\System\peBPtli.exe
  C:\Windows\System\peBPtli.exe
  2⤵
  PID:2724
- C:\Windows\System\jIddOpW.exe
  C:\Windows\System\jIddOpW.exe
  2⤵
  PID:892
- C:\Windows\System\rMXWVMv.exe
  C:\Windows\System\rMXWVMv.exe
  2⤵
  PID:2500
- C:\Windows\System\YIrChuh.exe
  C:\Windows\System\YIrChuh.exe
  2⤵
  PID:7460
- C:\Windows\System\svYimWG.exe
  C:\Windows\System\svYimWG.exe
  2⤵
  PID:8220
- C:\Windows\System\hxyaacp.exe
  C:\Windows\System\hxyaacp.exe
  2⤵
  PID:2912
- C:\Windows\System\RTAfgGL.exe
  C:\Windows\System\RTAfgGL.exe
  2⤵
  PID:8320
- C:\Windows\System\VYISYug.exe
  C:\Windows\System\VYISYug.exe
  2⤵
  PID:8392
- C:\Windows\System\lLFoJBR.exe
  C:\Windows\System\lLFoJBR.exe
  2⤵
  PID:8464
- C:\Windows\System\GIOAZxK.exe
  C:\Windows\System\GIOAZxK.exe
  2⤵
  PID:8508
- C:\Windows\System\ZZvKIKw.exe
  C:\Windows\System\ZZvKIKw.exe
  2⤵
  PID:8564
- C:\Windows\System\ycfiRyo.exe
  C:\Windows\System\ycfiRyo.exe
  2⤵
  PID:8600
- C:\Windows\System\XbWTSfZ.exe
  C:\Windows\System\XbWTSfZ.exe
  2⤵
  PID:1544
- C:\Windows\System\xhEFqav.exe
  C:\Windows\System\xhEFqav.exe
  2⤵
  PID:2976
- C:\Windows\System\erNGPSx.exe
  C:\Windows\System\erNGPSx.exe
  2⤵
  PID:1200
- C:\Windows\System\kAQKxPK.exe
  C:\Windows\System\kAQKxPK.exe
  2⤵
  PID:1940
- C:\Windows\System\vanCILW.exe
  C:\Windows\System\vanCILW.exe
  2⤵
  PID:2020
- C:\Windows\System\lawXdXZ.exe
  C:\Windows\System\lawXdXZ.exe
  2⤵
  PID:2212
- C:\Windows\System\qvhnDYl.exe
  C:\Windows\System\qvhnDYl.exe
  2⤵
  PID:2360
- C:\Windows\System\VwABfSc.exe
  C:\Windows\System\VwABfSc.exe
  2⤵
  PID:1764
- C:\Windows\System\zDRcybx.exe
  C:\Windows\System\zDRcybx.exe
  2⤵
  PID:3064
- C:\Windows\System\nMbvGhm.exe
  C:\Windows\System\nMbvGhm.exe
  2⤵
  PID:2344
- C:\Windows\System\sAMrfSk.exe
  C:\Windows\System\sAMrfSk.exe
  2⤵
  PID:2476
- C:\Windows\System\glwSFXO.exe
  C:\Windows\System\glwSFXO.exe
  2⤵
  PID:2268
- C:\Windows\System\TWNpLvY.exe
  C:\Windows\System\TWNpLvY.exe
  2⤵
  PID:8924
- C:\Windows\System\KEINziG.exe
  C:\Windows\System\KEINziG.exe
  2⤵
  PID:9028
- C:\Windows\System\VYIOmkp.exe
  C:\Windows\System\VYIOmkp.exe
  2⤵
  PID:4120
- C:\Windows\System\EaIYJtA.exe
  C:\Windows\System\EaIYJtA.exe
  2⤵
  PID:1044
- C:\Windows\System\DxnviYd.exe
  C:\Windows\System\DxnviYd.exe
  2⤵
  PID:9004
- C:\Windows\System\nXEPOoE.exe
  C:\Windows\System\nXEPOoE.exe
  2⤵
  PID:7620
- C:\Windows\System\tFKvCSC.exe
  C:\Windows\System\tFKvCSC.exe
  2⤵
  PID:7876
- C:\Windows\System\zyduedN.exe
  C:\Windows\System\zyduedN.exe
  2⤵
  PID:7732
- C:\Windows\System\erRtiYD.exe
  C:\Windows\System\erRtiYD.exe
  2⤵
  PID:6936
- C:\Windows\System\IvwCIhi.exe
  C:\Windows\System\IvwCIhi.exe
  2⤵
  PID:7352
- C:\Windows\System\whDjhWR.exe
  C:\Windows\System\whDjhWR.exe
  2⤵
  PID:8316
- C:\Windows\System\XfBXCQc.exe
  C:\Windows\System\XfBXCQc.exe
  2⤵
  PID:8556
- C:\Windows\System\RJLnNMS.exe
  C:\Windows\System\RJLnNMS.exe
  2⤵
  PID:8588
- C:\Windows\System\uTaOITz.exe
  C:\Windows\System\uTaOITz.exe
  2⤵
  PID:8416
- C:\Windows\System\kHwjEEA.exe
  C:\Windows\System\kHwjEEA.exe
  2⤵
  PID:8620
- C:\Windows\System\TISzopk.exe
  C:\Windows\System\TISzopk.exe
  2⤵
  PID:1728
- C:\Windows\System\HfLRpFx.exe
  C:\Windows\System\HfLRpFx.exe
  2⤵
  PID:8640
- C:\Windows\System\vxFqZMi.exe
  C:\Windows\System\vxFqZMi.exe
  2⤵
  PID:8708
- C:\Windows\System\rPbwMBP.exe
  C:\Windows\System\rPbwMBP.exe
  2⤵
  PID:5580
- C:\Windows\System\CoKlRTP.exe
  C:\Windows\System\CoKlRTP.exe
  2⤵
  PID:2828
- C:\Windows\System\YqxkTIO.exe
  C:\Windows\System\YqxkTIO.exe
  2⤵
  PID:5584
- C:\Windows\System\mUtXXOj.exe
  C:\Windows\System\mUtXXOj.exe
  2⤵
  PID:1920
- C:\Windows\System\QVGHpYK.exe
  C:\Windows\System\QVGHpYK.exe
  2⤵
  PID:2852
- C:\Windows\System\HneOGgH.exe
  C:\Windows\System\HneOGgH.exe
  2⤵
  PID:8932
- C:\Windows\System\pKEzfgG.exe
  C:\Windows\System\pKEzfgG.exe
  2⤵
  PID:2104
- C:\Windows\System\dOEgWrR.exe
  C:\Windows\System\dOEgWrR.exe
  2⤵
  PID:2624
- C:\Windows\System\WnAHFwf.exe
  C:\Windows\System\WnAHFwf.exe
  2⤵
  PID:8424
- C:\Windows\System\UBTIUmv.exe
  C:\Windows\System\UBTIUmv.exe
  2⤵
  PID:8576
- C:\Windows\System\jzTKbNz.exe
  C:\Windows\System\jzTKbNz.exe
  2⤵
  PID:8676
- C:\Windows\System\GAtxBSQ.exe
  C:\Windows\System\GAtxBSQ.exe
  2⤵
  PID:8236
- C:\Windows\System\PGCpJJd.exe
  C:\Windows\System\PGCpJJd.exe
  2⤵
  PID:8580
- C:\Windows\System\pgpcQET.exe
  C:\Windows\System\pgpcQET.exe
  2⤵
  PID:1988
- C:\Windows\System\szqVCcu.exe
  C:\Windows\System\szqVCcu.exe
  2⤵
  PID:8692
- C:\Windows\System\FImWgMT.exe
  C:\Windows\System\FImWgMT.exe
  2⤵
  PID:2708
- C:\Windows\System\CYTvaQV.exe
  C:\Windows\System\CYTvaQV.exe
  2⤵
  PID:8672
- C:\Windows\System\snAjFfr.exe
  C:\Windows\System\snAjFfr.exe
  2⤵
  PID:8300
- C:\Windows\System\KnmuxSb.exe
  C:\Windows\System\KnmuxSb.exe
  2⤵
  PID:1548
- C:\Windows\System\QOSNREE.exe
  C:\Windows\System\QOSNREE.exe
  2⤵
  PID:1292
- C:\Windows\System\qinmQyG.exe
  C:\Windows\System\qinmQyG.exe
  2⤵
  PID:1884
- C:\Windows\System\rpTHIJJ.exe
  C:\Windows\System\rpTHIJJ.exe
  2⤵
  PID:9168
- C:\Windows\System\NdecvRW.exe
  C:\Windows\System\NdecvRW.exe
  2⤵
  PID:8496
- C:\Windows\System\mHZJsoF.exe
  C:\Windows\System\mHZJsoF.exe
  2⤵
  PID:8712
- C:\Windows\System\EluxryW.exe
  C:\Windows\System\EluxryW.exe
  2⤵
  PID:872
- C:\Windows\System\ODawvDH.exe
  C:\Windows\System\ODawvDH.exe
  2⤵
  PID:5100
- C:\Windows\System\WdsZEyu.exe
  C:\Windows\System\WdsZEyu.exe
  2⤵
  PID:8944
- C:\Windows\System\FbJKMAM.exe
  C:\Windows\System\FbJKMAM.exe
  2⤵
  PID:8200
- C:\Windows\System\potWcVb.exe
  C:\Windows\System\potWcVb.exe
  2⤵
  PID:8876
- C:\Windows\System\DUmuLpf.exe
  C:\Windows\System\DUmuLpf.exe
  2⤵
  PID:9224
- C:\Windows\System\vNznKeH.exe
  C:\Windows\System\vNznKeH.exe
  2⤵
  PID:9240
- C:\Windows\System\OFCuDts.exe
  C:\Windows\System\OFCuDts.exe
  2⤵
  PID:9256
- C:\Windows\System\lGvAFaN.exe
  C:\Windows\System\lGvAFaN.exe
  2⤵
  PID:9272
- C:\Windows\System\fCsFOZi.exe
  C:\Windows\System\fCsFOZi.exe
  2⤵
  PID:9288
- C:\Windows\System\DCLkaft.exe
  C:\Windows\System\DCLkaft.exe
  2⤵
  PID:9304
- C:\Windows\System\cAYRezo.exe
  C:\Windows\System\cAYRezo.exe
  2⤵
  PID:9320
- C:\Windows\System\JVVIzuy.exe
  C:\Windows\System\JVVIzuy.exe
  2⤵
  PID:9336
- C:\Windows\System\xHORijL.exe
  C:\Windows\System\xHORijL.exe
  2⤵
  PID:9356
- C:\Windows\System\kkJAwsy.exe
  C:\Windows\System\kkJAwsy.exe
  2⤵
  PID:9376
- C:\Windows\System\KpsFARJ.exe
  C:\Windows\System\KpsFARJ.exe
  2⤵
  PID:9396
- C:\Windows\System\DJzIJkH.exe
  C:\Windows\System\DJzIJkH.exe
  2⤵
  PID:9416
- C:\Windows\System\xKPlmku.exe
  C:\Windows\System\xKPlmku.exe
  2⤵
  PID:9432
- C:\Windows\System\IGSqnhf.exe
  C:\Windows\System\IGSqnhf.exe
  2⤵
  PID:9448
- C:\Windows\System\RgYzCqT.exe
  C:\Windows\System\RgYzCqT.exe
  2⤵
  PID:9476
- C:\Windows\System\TXLDvqT.exe
  C:\Windows\System\TXLDvqT.exe
  2⤵
  PID:9504
- C:\Windows\System\DtCJoMZ.exe
  C:\Windows\System\DtCJoMZ.exe
  2⤵
  PID:9524
- C:\Windows\System\StnwRcX.exe
  C:\Windows\System\StnwRcX.exe
  2⤵
  PID:9544
- C:\Windows\System\PfUweXc.exe
  C:\Windows\System\PfUweXc.exe
  2⤵
  PID:9576
- C:\Windows\System\uqgkgAf.exe
  C:\Windows\System\uqgkgAf.exe
  2⤵
  PID:9600
- C:\Windows\System\rtSUofI.exe
  C:\Windows\System\rtSUofI.exe
  2⤵
  PID:9620
- C:\Windows\System\pIdeQGy.exe
  C:\Windows\System\pIdeQGy.exe
  2⤵
  PID:9640
- C:\Windows\System\msvXEmL.exe
  C:\Windows\System\msvXEmL.exe
  2⤵
  PID:9656
- C:\Windows\System\VCZjbob.exe
  C:\Windows\System\VCZjbob.exe
  2⤵
  PID:9680
- C:\Windows\System\YqLNBZe.exe
  C:\Windows\System\YqLNBZe.exe
  2⤵
  PID:9720
- C:\Windows\System\yJKZLHr.exe
  C:\Windows\System\yJKZLHr.exe
  2⤵
  PID:9736
- C:\Windows\System\HsjQXbK.exe
  C:\Windows\System\HsjQXbK.exe
  2⤵
  PID:9752
- C:\Windows\System\HYHZqrN.exe
  C:\Windows\System\HYHZqrN.exe
  2⤵
  PID:9776
- C:\Windows\System\hylqYWg.exe
  C:\Windows\System\hylqYWg.exe
  2⤵
  PID:9800
- C:\Windows\System\qTfSqgY.exe
  C:\Windows\System\qTfSqgY.exe
  2⤵
  PID:9816
- C:\Windows\System\wHrktzY.exe
  C:\Windows\System\wHrktzY.exe
  2⤵
  PID:9840
- C:\Windows\System\lZDhTmN.exe
  C:\Windows\System\lZDhTmN.exe
  2⤵
  PID:9864
- C:\Windows\System\bCsvlaY.exe
  C:\Windows\System\bCsvlaY.exe
  2⤵
  PID:9884
- C:\Windows\System\FNXBfEj.exe
  C:\Windows\System\FNXBfEj.exe
  2⤵
  PID:9900
- C:\Windows\System\SoTZcQj.exe
  C:\Windows\System\SoTZcQj.exe
  2⤵
  PID:9920
- C:\Windows\System\vBxTGys.exe
  C:\Windows\System\vBxTGys.exe
  2⤵
  PID:9944
- C:\Windows\System\xIfusFC.exe
  C:\Windows\System\xIfusFC.exe
  2⤵
  PID:9968
- C:\Windows\System\ZfWrJCq.exe
  C:\Windows\System\ZfWrJCq.exe
  2⤵
  PID:9988
- C:\Windows\System\wsDAgBo.exe
  C:\Windows\System\wsDAgBo.exe
  2⤵
  PID:10008
- C:\Windows\System\yjmtFRi.exe
  C:\Windows\System\yjmtFRi.exe
  2⤵
  PID:10032
- C:\Windows\System\nOFSMhn.exe
  C:\Windows\System\nOFSMhn.exe
  2⤵
  PID:10052
- C:\Windows\System\MurVqwM.exe
  C:\Windows\System\MurVqwM.exe
  2⤵
  PID:10072
- C:\Windows\System\micULQe.exe
  C:\Windows\System\micULQe.exe
  2⤵
  PID:10092
- C:\Windows\System\JnTkHMD.exe
  C:\Windows\System\JnTkHMD.exe
  2⤵
  PID:10116
- C:\Windows\System\SfPPPBr.exe
  C:\Windows\System\SfPPPBr.exe
  2⤵
  PID:10136
- C:\Windows\System\iiNUccX.exe
  C:\Windows\System\iiNUccX.exe
  2⤵
  PID:10152
- C:\Windows\System\GqntZTW.exe
  C:\Windows\System\GqntZTW.exe
  2⤵
  PID:10172
- C:\Windows\System\vywSbUt.exe
  C:\Windows\System\vywSbUt.exe
  2⤵
  PID:10196
- C:\Windows\System\VfTOWxb.exe
  C:\Windows\System\VfTOWxb.exe
  2⤵
  PID:10212
- C:\Windows\System\DfDJhno.exe
  C:\Windows\System\DfDJhno.exe
  2⤵
  PID:10236
- C:\Windows\System\oLMioKk.exe
  C:\Windows\System\oLMioKk.exe
  2⤵
  PID:2316
- C:\Windows\System\HDBZRpC.exe
  C:\Windows\System\HDBZRpC.exe
  2⤵
  PID:9148
- C:\Windows\System\gDldurj.exe
  C:\Windows\System\gDldurj.exe
  2⤵
  PID:8224
- C:\Windows\System\NfjLtKF.exe
  C:\Windows\System\NfjLtKF.exe
  2⤵
  PID:9268
- C:\Windows\System\IvYqUip.exe
  C:\Windows\System\IvYqUip.exe
  2⤵
  PID:2596
- C:\Windows\System\pPUdxci.exe
  C:\Windows\System\pPUdxci.exe
  2⤵
  PID:9252
- C:\Windows\System\kmrbomN.exe
  C:\Windows\System\kmrbomN.exe
  2⤵
  PID:9372
- C:\Windows\System\npgQOwU.exe
  C:\Windows\System\npgQOwU.exe
  2⤵
  PID:9440
- C:\Windows\System\GyvKhRF.exe
  C:\Windows\System\GyvKhRF.exe
  2⤵
  PID:9316
- C:\Windows\System\tXKeAKn.exe
  C:\Windows\System\tXKeAKn.exe
  2⤵
  PID:9384
- C:\Windows\System\rynrZFd.exe
  C:\Windows\System\rynrZFd.exe
  2⤵
  PID:9484
- C:\Windows\System\KfFYZOm.exe
  C:\Windows\System\KfFYZOm.exe
  2⤵
  PID:9472
- C:\Windows\System\FeWUMYe.exe
  C:\Windows\System\FeWUMYe.exe
  2⤵
  PID:9536
- C:\Windows\System\fEkCESA.exe
  C:\Windows\System\fEkCESA.exe
  2⤵
  PID:9516
- C:\Windows\System\KtdxoKA.exe
  C:\Windows\System\KtdxoKA.exe
  2⤵
  PID:9584
- C:\Windows\System\BsNkFLc.exe
  C:\Windows\System\BsNkFLc.exe
  2⤵
  PID:9632
- C:\Windows\System\zYZlGiO.exe
  C:\Windows\System\zYZlGiO.exe
  2⤵
  PID:9672
- C:\Windows\System\NYTQESZ.exe
  C:\Windows\System\NYTQESZ.exe
  2⤵
  PID:9572
- C:\Windows\System\jwhcrKF.exe
  C:\Windows\System\jwhcrKF.exe
  2⤵
  PID:9648
- C:\Windows\System\JwrBuQW.exe
  C:\Windows\System\JwrBuQW.exe
  2⤵
  PID:9708
- C:\Windows\System\qhAUtkQ.exe
  C:\Windows\System\qhAUtkQ.exe
  2⤵
  PID:9732
- C:\Windows\System\KjrCbMM.exe
  C:\Windows\System\KjrCbMM.exe
  2⤵
  PID:9772
- C:\Windows\System\JCEiJrG.exe
  C:\Windows\System\JCEiJrG.exe
  2⤵
  PID:9796
- C:\Windows\System\degBesq.exe
  C:\Windows\System\degBesq.exe
  2⤵
  PID:9848
- C:\Windows\System\vzsPjoi.exe
  C:\Windows\System\vzsPjoi.exe
  2⤵
  PID:9856
- C:\Windows\System\sTeDCbE.exe
  C:\Windows\System\sTeDCbE.exe
  2⤵
  PID:9880
- C:\Windows\System\hbAMBMJ.exe
  C:\Windows\System\hbAMBMJ.exe
  2⤵
  PID:9928
- C:\Windows\System\uxFsXKR.exe
  C:\Windows\System\uxFsXKR.exe
  2⤵
  PID:9956
- C:\Windows\System\kmKmxjC.exe
  C:\Windows\System\kmKmxjC.exe
  2⤵
  PID:9996
- C:\Windows\System\oYpmbvD.exe
  C:\Windows\System\oYpmbvD.exe
  2⤵
  PID:10016
- C:\Windows\System\lOErKtS.exe
  C:\Windows\System\lOErKtS.exe
  2⤵
  PID:10044
- C:\Windows\System\tZGVipl.exe
  C:\Windows\System\tZGVipl.exe
  2⤵
  PID:10068
- C:\Windows\System\whKLBtf.exe
  C:\Windows\System\whKLBtf.exe
  2⤵
  PID:10192
- C:\Windows\System\qdoDNbw.exe
  C:\Windows\System\qdoDNbw.exe
  2⤵
  PID:10224
- C:\Windows\System\vmnZnes.exe
  C:\Windows\System\vmnZnes.exe
  2⤵
  PID:1460
- C:\Windows\System\JWqpShE.exe
  C:\Windows\System\JWqpShE.exe
  2⤵
  PID:8644
- C:\Windows\System\tWIJcSL.exe
  C:\Windows\System\tWIJcSL.exe
  2⤵
  PID:9236
- C:\Windows\System\evLiECu.exe
  C:\Windows\System\evLiECu.exe
  2⤵
  PID:9332
- C:\Windows\System\FzhdxgC.exe
  C:\Windows\System\FzhdxgC.exe
  2⤵
  PID:9368
- C:\Windows\System\zwAUNOi.exe
  C:\Windows\System\zwAUNOi.exe
  2⤵
  PID:9424
- C:\Windows\System\AwViZee.exe
  C:\Windows\System\AwViZee.exe
  2⤵
  PID:9636
- C:\Windows\System\qBbUdPg.exe
  C:\Windows\System\qBbUdPg.exe
  2⤵
  PID:9696
- C:\Windows\System\QQgUdph.exe
  C:\Windows\System\QQgUdph.exe
  2⤵
  PID:9784
- C:\Windows\System\JwWFLBn.exe
  C:\Windows\System\JwWFLBn.exe
  2⤵
  PID:9852
- C:\Windows\System\iZQdjbP.exe
  C:\Windows\System\iZQdjbP.exe
  2⤵
  PID:9960
- C:\Windows\System\zDmiEVC.exe
  C:\Windows\System\zDmiEVC.exe
  2⤵
  PID:9412
- C:\Windows\System\ziYVhLT.exe
  C:\Windows\System\ziYVhLT.exe
  2⤵
  PID:10080
- C:\Windows\System\rgEgeGv.exe
  C:\Windows\System\rgEgeGv.exe
  2⤵
  PID:10132
- C:\Windows\System\OUvfmGj.exe
  C:\Windows\System\OUvfmGj.exe
  2⤵
  PID:10168
- C:\Windows\System\CTIzOLr.exe
  C:\Windows\System\CTIzOLr.exe
  2⤵
  PID:9704
- C:\Windows\System\BDyPfch.exe
  C:\Windows\System\BDyPfch.exe
  2⤵
  PID:9496
- C:\Windows\System\seJynRj.exe
  C:\Windows\System\seJynRj.exe
  2⤵
  PID:9560
- C:\Windows\System\nkesUXT.exe
  C:\Windows\System\nkesUXT.exe
  2⤵
  PID:9760
- C:\Windows\System\GYuDQre.exe
  C:\Windows\System\GYuDQre.exe
  2⤵
  PID:10060
- C:\Windows\System\KnGAfqh.exe
  C:\Windows\System\KnGAfqh.exe
  2⤵
  PID:10188
- C:\Windows\System\uIiwPDJ.exe
  C:\Windows\System\uIiwPDJ.exe
  2⤵
  PID:8756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DwQiTrz.exe

Filesize
6.0MB

MD5
0190e2b7d008031e8771df585beb072b

SHA1
3cea449553638982f09420d1b04adc266de26029

SHA256
a160e600209d0faad9505aa0cd71b6f8fc16c3f8441bb28a69e9ed8a1ba07393

SHA512
da023bd6948855e198635aae9d2a5be2c903c24a835dfa2c0ae28cf6df42f4f9e4f19c13548d1daf25469fd66c807f1cc167799403db97098123474cdd65dcbb

Download Submit
C:\Windows\system\FVHwAfd.exe

Filesize
6.0MB

MD5
d906e0e51732d39dd43b8faeaa609f2b

SHA1
bb05585efe6cc47ca4bea4505a752d984c344a64

SHA256
b1fcdf8190088a03791fd6cd6f93764cb9cc98e3b40e38a53fe8e35d7146d7d2

SHA512
c7aef625575aff3c299c0ac32fca9b36158b535cb312362c14f2fc9eeeca8e49a2450a246577fb92e43e279333207bbdc9558671989e33b7ba34779471b30480

Download Submit
C:\Windows\system\FzOVMLt.exe

Filesize
6.0MB

MD5
35af1fe5f12a0f4694a03297b69a85a1

SHA1
7734ae47e16713c2e95988f43927d4e55dbeec8f

SHA256
fff867ca99875fa270e257fcdfb7bf313da1b53ff4145cc658a28fc92769c52f

SHA512
7768be71560451ed00d75663d3e9ea6e22b0c52a6376713508c3b79568811d17dbd42e9a90f0dff3e0a2ea33163db7f6529c91b8f42ad77599c17554daec2cc8

Download Submit
C:\Windows\system\IHQNksX.exe

Filesize
6.0MB

MD5
a9771e66b3b067ba299c8ebb3da95734

SHA1
da454cea43847aebc4557b478b15a28b29376401

SHA256
b418a85b6dc5b40aa28e30406557f33be2830a7c8dcb38c23ea263e37cb8f73d

SHA512
260bf6ed733a4604518a168e29c438c5b2015d9b9790ee0bd2d98a1b8b999606fd7d18b0e78eefdc25e1d645828d785c7ba96ed4316de0fe0171385205749ab8

Download Submit
C:\Windows\system\OvambBo.exe

Filesize
6.0MB

MD5
453912c7ec661b1ed6cd449f956f5843

SHA1
2f1b94bd1a91e6d24fe1cdff1adc5ccfd68dd90f

SHA256
94407288116c647786fdf6d78cc54a63eb844a8f445318da928a199da395ec71

SHA512
ca3a6044e4c7da4c65806c3b51bbe1e49ad207b13048e8f39878cb7f68f07417a26a96e0f0e9edb3248b0d7203df173ba85f94e59b17ba6fdf3a2ccb6890f2de

Download Submit
C:\Windows\system\PGQauId.exe

Filesize
6.0MB

MD5
e003ae08d50d033e2a27fd8f2d7afb2e

SHA1
e68929b44beecbdc8556b2c52b27638b9759ea87

SHA256
a067d4b9bf4e56cfa10ef073b8d791d8e636631db3478b4e2e84d62a1b4efb44

SHA512
e7a08c918f514d5f97e060db5b1f741df371ce0921a428ec68c40f01cadfca82a6f81dc40a0bcf63e39fc77c7c7e0713962572e196edd7ba59575b21bbbc6c9d

Download Submit
C:\Windows\system\PjEXFLR.exe

Filesize
6.0MB

MD5
b3ea5d0afc60e0898df84130e8c3aec8

SHA1
f96e8d2661a6f0806fc377124ce3132e3ea68b6c

SHA256
f8f03bcc5d69f46896bcbd059966e55d13161a1676bbcb1fb45ff1d75c66a86a

SHA512
d18d7e59b5c595ca7cb781140c91c1cec7a3756d693eeb2deccdb55a9ebda66ea9c51ac504f87aa303bee556d6e218ffd2232c492d78dcf29174d1df966ae398

Download Submit
C:\Windows\system\QIdOvis.exe

Filesize
6.0MB

MD5
9cac4d2d5a56ca15890fd12f4dd857b3

SHA1
55823fe443742eaea1e8b5dd6fe556319ef430ba

SHA256
2ec171032bbbe86d1dfd0dc627f9fe6e937419cbfb14c9c670b75f9b02905225

SHA512
40d1124f125ea3dec97c4f928390a1bcaf49ba9698549b689b89b5bc3df2d21ff6b6fe81bebd94dd3dcff45bdd15b7bbeacae23aa2d556e4fd6c0c187d9cc219

Download Submit
C:\Windows\system\RgRmixZ.exe

Filesize
6.0MB

MD5
6ca4edb1dce3775594f93ce750d8cbea

SHA1
7abeb2f07038bf88de5173323b2a5406b320da16

SHA256
2500db485b9e9dcebf4a4a20dc4c49daddf2ae5e855050abbe60b9e94b2d9656

SHA512
72cf0e3e57f9f47a7ad5becc55f992fda15eb2a8cf882152704710bff7d3a2d0ba5e2c6b3c7404d6a6c20ba6e189d30569a378e9e3203b417d2021ed59681287

Download Submit
C:\Windows\system\SFrxckf.exe

Filesize
6.0MB

MD5
100773d243f3ecdd31a15e4e95f944e6

SHA1
8a4a60ade7fbcb3028afe1e241df08cc6dedc6da

SHA256
4fca30890b01a061fd845f529cc54a494367b3ae55d26cd33f5c1a1cb9e74d72

SHA512
d05325344208f816e0b17bfe4f6916e82ce4dee82d964f9ed5e74d72dea0c45718f84e9491a4cf12d25d7103656debcdfab4ba7467dc9d9a653c98d8af587fcb

Download Submit
C:\Windows\system\Tbublpv.exe

Filesize
6.0MB

MD5
0121cc8a3cc913e727f204ec150b6f55

SHA1
b1ea3939205aa1d002536f8f83bf0be7bd20c6b9

SHA256
8d72ad175a34ed695974b2928822c56d2cdef34a406e2f7d340b5fd65fdfbae3

SHA512
6d157b98d47868ddc33158ff6e8002eb17cffa0e0380ff2853a4c3d8126857906fc3705238a123d052ae39201dd6455d2cb6faf7c9ff8055d72c74c30451932b

Download Submit
C:\Windows\system\URtpMjV.exe

Filesize
6.0MB

MD5
69d5242fc878005e2c6db3e248bc3ac4

SHA1
c3044709287240e4d0b028c55034a2a5d3b11136

SHA256
4404dcb06e08a39eaab3a36f6c726d1c45e43c418099cfce0d20fd9c312de653

SHA512
74876af80245bca1ce1bf91257dcdbd1d76cb8033e42fa67f326977833a29a69f0800ddbe50232a0559fd83676d1dedd6162e9644611528d8e304922b8a48316

Download Submit
C:\Windows\system\WGWONjL.exe

Filesize
6.0MB

MD5
fea6074efda78b7ae541877b708b713b

SHA1
df5b1e3df2e10e8c7f93b62e07bf22b2f6ae5a34

SHA256
0bb43f6c33faeedc3423c298e2db10bb16ba59f07abc67762fc3c3c94e2fed53

SHA512
5b767eb53a0a1892108be56a79777da86e06b88486a9f5c151d57f9f8c353e4dc50e5a37c9b711755a0d76b87814c4af76f837ff4d2ec6aec6f69f3157642d2d

Download Submit
C:\Windows\system\ZlQJfKx.exe

Filesize
6.0MB

MD5
5fe98c28f89afb46de8b61d89578d072

SHA1
10e52a7ddb3ebbce2ef0f349c354f6d027420d5e

SHA256
cc4fff5f160025ad7d45a5c3bd61ee5b2ac6a67b69e081b9b0d7f9deec839ce6

SHA512
b0823bdf05af3051a984b57fb843cae9a348846fdf5c12503ada36980154dcdef90200d9c909a04d5118ba8758530431f4f7861cf429fd6ff86a7a11a8cf11ac

Download Submit
C:\Windows\system\cfbDtkP.exe

Filesize
6.0MB

MD5
7c503f7e275760995528a03b2ab45cc0

SHA1
13c993d04fbaef12ac70d847b18f7710de0a67b2

SHA256
5f48be31ce813248e0fa6017ca41941629234d52847bd3fae045bb743ea16b27

SHA512
7dd53ae044b21c5991c031df10680203ceacf25665a8bf5001d0f67321b94feab11bf11d2823d864f6c45d61130e3f37a1f91b829b1209eb35c462f6b8f9cb1e

Download Submit
C:\Windows\system\djNNiCk.exe

Filesize
6.0MB

MD5
60be0702c836f263c4c6560bf818de5e

SHA1
ccda74bb80766cce66cb1a500c7b6c7d95a3d42c

SHA256
82711dd7d4c937768dcfb9371fd28a2f98646b150079599032bb593888bfc9c8

SHA512
51b4b5ebcda671c943c72111ebdbbb5d21623d68020452eb3376f90959fea4a370deb459a9086f481df609c3f753af8526628e80abaad75d2e04cafce4d29052

Download Submit
C:\Windows\system\igJxxxd.exe

Filesize
6.0MB

MD5
44589a07fb60d21b72f96af34968269d

SHA1
d1da0921c8ec04a3bb3aa9edb95669ba1fb543c9

SHA256
737a3d11808bf6e3c995bce94f3c4d8233d95bfc366908809be7b03056a0712d

SHA512
fbd05c572074fc80cf3b7e8f6a8c28637a90f05c3534f285fb8b8cde625f7dc299af7406889bea1a03bd7cf5d14760f7d5a8b52c5e9dd69dd8eb0294d0458d55

Download Submit
C:\Windows\system\jTVbIXH.exe

Filesize
6.0MB

MD5
b54b1458b09c8366b16a83b521bf3f12

SHA1
fb29115fc833f499d0c382d0ce73059a43e60ec7

SHA256
f70ab3fa278420f75bd0ce757f065baf4a3a099443efa4f86886294e9061ef9a

SHA512
cf237fb115e3feb2b52e813f0c540673922e7a29140b7f27b275203b59c40e8f35de7451a8c692e85f8935271f63ac3f7f23b056053019968af3c308b3b51f13

Download Submit
C:\Windows\system\jhszwlE.exe

Filesize
6.0MB

MD5
a70a44f09c31c5b589c11011f27883b0

SHA1
16a7d2b4011c6a996c5851dc9dd903daeb6771a6

SHA256
06fc31c3722f7bce118f5688c182fe6c049ae50115459fbe51f9753b25904ae1

SHA512
741c48b2c15b6ccf31139e4ec16d3615a59a681dc96788136ce59ac187e0757c3d58a005bc201ee67dd63eb6d2c535a75aa420d20eff56405fd08cf53a1818b0

Download Submit
C:\Windows\system\lIkXRZJ.exe

Filesize
6.0MB

MD5
632677c99a65169babfa779a8a6b49b3

SHA1
42943bfbfaeb9d033078327adb0c58a129fd8889

SHA256
2b00a90bafa900990555b4148fb98172b275b08517995b9b4e5e5e08d4fb9582

SHA512
b8864f34a83efe08990ad3ac79e11398927cbdc4fe995edc1ffd9e920a2e16c974a1541caa11f481578a822c4adaa21537fb0acc9961937ed409387b07e62639

Download Submit
C:\Windows\system\lYyAoxG.exe

Filesize
6.0MB

MD5
5f4fb89ab6ae00aba14b1ddd736758c8

SHA1
8d9df48b63b178906e098aaf0d5e6d8cab57a658

SHA256
dff4b1d3cc73894f159b89c26c0336d4d7c49b1bc380ac8c4c92abb2b52d0ca9

SHA512
f06ac701cdbf111dae5bacf3823a2f23e567fe12996dd2479f65fc032961f3c262bec582178933a96d6d6de08c97d488476853d4ea3dd3877cc93a28603d2365

Download Submit
C:\Windows\system\mkTJmle.exe

Filesize
6.0MB

MD5
3fddbdaa98f023e0dfc64e1b3fa68f51

SHA1
9da8c626cc178d92dc114d43559dd93f96836b0e

SHA256
cf36509e516c5cbb05e72defa17fea3c1e61e607e43adb75cbfd08650144b53a

SHA512
db4a7e0551636a7da5d4f248c00683eeaaf9e3f79db47a1cea2671d512cc13cc8824d8673fcb5e963d44ba6cad40f4564a7cb035b6d32ab71f7b5158ddd4c904

Download Submit
C:\Windows\system\pijCKZo.exe

Filesize
6.0MB

MD5
eddf63898c6f3ed53696f01f8488340c

SHA1
4473d1c0a6e3526af344fedc737164fe68a8f43e

SHA256
955a1031668900b5ea4e5a7f944f700cff4c7b6b7e5cc59cce16414631fa3e4e

SHA512
46e2df2d9e03ade1b7c98e46ff7a22281dadea96617e3f06f8444927b725460716e5014b0902aacda2ada2aaf911d9230693cef9a5a5462c19cbe4f4d6a30515

Download Submit
C:\Windows\system\sWxvMpl.exe

Filesize
6.0MB

MD5
3b65a0c5d64489848cf9899d004c744b

SHA1
75c16278ac704d7cebd1e6a8770526c806133a4b

SHA256
37c651dadc7c30a63f7b8fbabcb98fbdafb6a68f9028eb5f71dd0b2e74449161

SHA512
aa7aa4a9f9d63d7884e7762462d5d35297e32259501a63bce73985a0ee5fb9c07ba3c1cc868608f21ac7e86cb2efe57a685058d27bce710d0c8478dfd8be7eec

Download Submit
C:\Windows\system\tEJNraY.exe

Filesize
6.0MB

MD5
114a634404c4e97c885ebfd973e18725

SHA1
563585d20329d3e605935e6fad15dff238e71e58

SHA256
bbce59120d8b7fce91f46cb3cfa6572cbd14309a88763b41e6b702e57423eaa9

SHA512
5a5886a414fbd6a1c86bc2262d0b26b36377769bc1f8b8841ee842bec5ce446e83b539ed4574298f9e6d256f6133145b1d8b36ade94b39e217b260dbb00c8fa7

Download Submit
C:\Windows\system\vIZTHTC.exe

Filesize
6.0MB

MD5
35e5ff38e3df0823ac1db84432f2639b

SHA1
2bed649076a3d91ad86d207011e48b1c95a84824

SHA256
99d6c2c985227cb9e3b5ea8bba33ad5f365d4853ccd325194b73f967586ac16b

SHA512
335d635d6462c558b4711cd17989db12604af230afb4818cabf5fb132f3b36ff509a93d92bc4340598327ed9036f3c2a05a6a537ac0654231ea1b6e62aa6206b

Download Submit
C:\Windows\system\viRAPWK.exe

Filesize
6.0MB

MD5
ea6b68a8c7b6e5604d6ff47b90093230

SHA1
28610cfb110e40ac0786005962ecaa3fb912acc6

SHA256
3b9ff867ed4cea766554de6b0e422c50f04923c382f54df57d3e4936bb14d622

SHA512
afdb3aeebd3572e6ad7bd338e9f9fdae7b34fe4c64de6464cd1d989ca02e7d213a6751538884c78dd685197e0e90da03e4db6a22133a8e07ecd585440044fd5d

Download Submit
C:\Windows\system\wulCqkZ.exe

Filesize
6.0MB

MD5
4f96b8cfc570e6c4dcd5a416123f2293

SHA1
9a2d8592a84222983cf60cc38c75a87326def2f0

SHA256
4db6525cce5db0b0570db7d891beea7d96946e03f1d79514849cd096b3e59cc7

SHA512
aabdc6cd5e881988b2f83fc4ba3cf4d4efce49fc51534ebffa280aec2aa62cc876bd27e29f250fe4f987e07499aa270de7595c0715e8ebd653a1178cdb65bdb5

Download Submit
C:\Windows\system\zKyUbSP.exe

Filesize
6.0MB

MD5
e76d583636dbd6e8eb0a7ffff3d00a12

SHA1
5bc9e5dca43805494d3cacc4665a44d477d32fab

SHA256
9b3d58d6344a210b1bc26eddd15208a3599e2cd0ca0bf60ce0f2541187d37461

SHA512
066f008ea9e716fa282b0beacef2f98cde94cebc0c151a85ef54475e95f7cd45e8ffaf7ea860cc40a9a6127f47a737057f904f71ba4ef4f38bf6bee9c6fc7a21

Download Submit
C:\Windows\system\zRRLZXR.exe

Filesize
6.0MB

MD5
33662b8a04fd88e3830c87f75678d751

SHA1
c54dfd356716da404aed92a1da60996202c639c3

SHA256
923cb80823dd00858e4d436f7327539e0d7d343a25110427a98f39f142b3048a

SHA512
34bb7ff061db8b8716d351a79379fc4873a4722344b19a1b224893e614d2e59f5621d1453580cfab8bf4ee185948d873b3fdf0884e0aa24759988ce4df45add5

Download Submit
\Windows\system\SiLgLun.exe

Filesize
6.0MB

MD5
04fa6de0f0adb401121f547ead0f6057

SHA1
17845521dd4f50e38582e642ee58031ca219732a

SHA256
642267afe382d113e52433f6abf4c83351b13bfa29fbd82cc583bc3e1bea82b1

SHA512
00b9a73363d9df8a1dfaac222498dcdb318f5b13aadea336df548bc3c2f5e4cbda8bbc9fd951a31baf6f10d930ca21f4834cfa8ddc4377dd561eece202a2269c

Download Submit
\Windows\system\jjbzdeF.exe

Filesize
6.0MB

MD5
61bbdd12950a0603cd2b743a64459475

SHA1
6bd8d8cf8faeb4ade86baa9dd01a1c0fc176e0ad

SHA256
8eada4d7b3e935ddabce1eafdbb34130fabd8f3f7a72f10cef2494a80dd9c855

SHA512
37ca3653fbb5098f5c1cdfc78614fa6b8c7b4d64cfe44effdbcc58cbb5cfcd09b0f58d03740663e7c0c5f54d608ad9577d7d834aa57d1f1aa82fd46fa77b1aea

Download Submit
memory/1092-93-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1092-4033-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1371-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-4032-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-100-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-34-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1628-4027-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1952-4028-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1952-26-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-12-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2512-32-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-0-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2512-80-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2512-24-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2512-75-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-66-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2512-8-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2512-64-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2512-92-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2512-95-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2512-94-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2512-99-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1370-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-23-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2512-56-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2512-55-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1048-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2512-731-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2560-31-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2560-4022-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4029-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2656-109-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2656-65-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2764-83-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2764-48-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4034-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2808-82-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-4023-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-36-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-4026-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-76-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-4024-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-84-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-51-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-4025-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2916-58-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2932-81-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-4031-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-732-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-101-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2948-60-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2948-4030-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download