cobaltstrike | 8e9f8e90dc699369d5ff8aa50efd96e8dcf64dba79e5de01b8f7280f96062e7a

Analysis

max time kernel
146s
max time network
124s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19/12/2024, 04:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8d219e50924ad6646bcc725bf640f3d4
SHA1

1608f3d8609090187d301989cd46ddac7cae022f
SHA256

8e9f8e90dc699369d5ff8aa50efd96e8dcf64dba79e5de01b8f7280f96062e7a
SHA512

2b485574e930ef94e8fc55825cf1c061d6dd690722c3ebe017bcdcb5f41ff48bbde2101fe3a1d74e28a8754407ad828c39db5e8bd7bbf8e3ddcdc638947ea7af
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU7:T+q56utgpPF8u/77

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001202c-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015e8f-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015ef6-16.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f4f-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015fdb-26.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000160db-30.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016599-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019242-50.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925b-55.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001930d-65.dat	cobalt_reflective_dll
behavioral1/files/0x0032000000015d33-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001949d-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001955c-166.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e6-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019551-159.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e4-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c6-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946b-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941b-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019481-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019429-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939c-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938a-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-71.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925d-60.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016307-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016239-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2752-0-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x000a00000001202c-6.dat	xmrig
behavioral1/files/0x0008000000015e8f-8.dat	xmrig
behavioral1/files/0x0008000000015ef6-16.dat	xmrig
behavioral1/files/0x0008000000015f4f-21.dat	xmrig
behavioral1/files/0x0007000000015fdb-26.dat	xmrig
behavioral1/files/0x00070000000160db-30.dat	xmrig
behavioral1/files/0x0008000000016599-45.dat	xmrig
behavioral1/files/0x0005000000019242-50.dat	xmrig
behavioral1/files/0x000500000001925b-55.dat	xmrig
behavioral1/files/0x000500000001930d-65.dat	xmrig
behavioral1/files/0x0032000000015d33-75.dat	xmrig
behavioral1/files/0x000500000001949d-130.dat	xmrig
behavioral1/memory/2836-678-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2752-1606-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2752-1723-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2992-3250-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/1064-3257-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2640-3254-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/596-3239-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/1736-3227-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2748-3226-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/276-3223-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2840-3225-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/1660-3222-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2484-3219-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2836-3209-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2580-3210-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/3016-3208-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2800-3201-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2752-1784-0x00000000024A0000-0x00000000027F4000-memory.dmp	xmrig
behavioral1/memory/1660-619-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/1064-617-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/596-615-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2752-614-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/1736-613-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2580-611-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/276-609-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2640-607-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2840-605-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2748-603-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2992-601-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2800-599-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/files/0x000500000001955c-166.dat	xmrig
behavioral1/files/0x00050000000194e6-155.dat	xmrig
behavioral1/files/0x0005000000019551-159.dat	xmrig
behavioral1/files/0x00050000000194e4-151.dat	xmrig
behavioral1/files/0x00050000000194da-146.dat	xmrig
behavioral1/files/0x00050000000194c6-133.dat	xmrig
behavioral1/files/0x00050000000194d0-138.dat	xmrig
behavioral1/files/0x0005000000019490-125.dat	xmrig
behavioral1/files/0x000500000001946b-115.dat	xmrig
behavioral1/files/0x000500000001941b-105.dat	xmrig
behavioral1/files/0x0005000000019481-120.dat	xmrig
behavioral1/files/0x0005000000019429-111.dat	xmrig
behavioral1/files/0x000500000001939c-100.dat	xmrig
behavioral1/files/0x000500000001938e-95.dat	xmrig
behavioral1/files/0x000500000001938a-90.dat	xmrig
behavioral1/files/0x0005000000019377-86.dat	xmrig
behavioral1/memory/2752-83-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2484-82-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2752-81-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/3016-80-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x000500000001932a-71.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2836	feJwVCy.exe
3016	adDHgLv.exe
2484	ZQOsoDz.exe
2800	sQyJbVW.exe
2992	ZUMOWQy.exe
2748	GJeyLJn.exe
2840	JzKbLFo.exe
2640	SyRNzrT.exe
276	MtmCVdk.exe
2580	dVSkMdT.exe
1736	cvuVTlh.exe
596	ZmRnMAY.exe
1064	vnswmqP.exe
1660	PvMcDmH.exe
2708	FgoDPsv.exe
2860	LMyhgTK.exe
2936	iNDkjwk.exe
1932	ZUoRuZa.exe
2296	BJBldwI.exe
2976	AcaGdvg.exe
2160	NfEefWt.exe
840	oQnfILX.exe
1580	LJwAkbv.exe
2348	gNQnLBZ.exe
2592	wpybXMN.exe
3024	BuxTLnh.exe
2092	BJhrUEp.exe
2200	IUCMbcG.exe
1264	itiuROc.exe
2432	ydVvWps.exe
2492	GVkKebo.exe
1224	SYtoYSq.exe
1676	iuxnrTd.exe
956	rpjdZrk.exe
1632	DCSFisP.exe
2460	VjiDvLu.exe
1604	ogyKEPQ.exe
1488	jeyQYFL.exe
1656	EPjimHs.exe
1568	LBnwAXE.exe
1280	SGjmiKB.exe
1712	IoZyARx.exe
2852	dVvFKsL.exe
1324	KaXLeSn.exe
1896	CDdeXGq.exe
924	AanIwPo.exe
1672	yrTrePB.exe
1020	VhOeAZy.exe
2544	jOkRZqv.exe
2116	fUOZVrl.exe
2252	lhThMOe.exe
2292	VEawqOy.exe
892	pTrUvWu.exe
2692	QwyeWoM.exe
764	ATyhvsA.exe
1536	MIgmpgS.exe
2824	RxrRotk.exe
2900	vCBrCRr.exe
2808	lOuPmgx.exe
2668	KHxNqtn.exe
2872	SrWRdow.exe
2652	GYpnXXT.exe
2664	fTDdAiO.exe
784	irAZHyU.exe

Loads dropped DLL 64 IoCs

pid	Process
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2752-0-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x000a00000001202c-6.dat	upx
behavioral1/files/0x0008000000015e8f-8.dat	upx
behavioral1/files/0x0008000000015ef6-16.dat	upx
behavioral1/files/0x0008000000015f4f-21.dat	upx
behavioral1/files/0x0007000000015fdb-26.dat	upx
behavioral1/files/0x00070000000160db-30.dat	upx
behavioral1/files/0x0008000000016599-45.dat	upx
behavioral1/files/0x0005000000019242-50.dat	upx
behavioral1/files/0x000500000001925b-55.dat	upx
behavioral1/files/0x000500000001930d-65.dat	upx
behavioral1/files/0x0032000000015d33-75.dat	upx
behavioral1/files/0x000500000001949d-130.dat	upx
behavioral1/memory/2836-678-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2752-1606-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2992-3250-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/1064-3257-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2640-3254-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/596-3239-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/1736-3227-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2748-3226-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/276-3223-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2840-3225-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/1660-3222-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2484-3219-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2836-3209-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2580-3210-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/3016-3208-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2800-3201-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/1660-619-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/1064-617-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/596-615-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/1736-613-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2580-611-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/276-609-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2640-607-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2840-605-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2748-603-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2992-601-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2800-599-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/files/0x000500000001955c-166.dat	upx
behavioral1/files/0x00050000000194e6-155.dat	upx
behavioral1/files/0x0005000000019551-159.dat	upx
behavioral1/files/0x00050000000194e4-151.dat	upx
behavioral1/files/0x00050000000194da-146.dat	upx
behavioral1/files/0x00050000000194c6-133.dat	upx
behavioral1/files/0x00050000000194d0-138.dat	upx
behavioral1/files/0x0005000000019490-125.dat	upx
behavioral1/files/0x000500000001946b-115.dat	upx
behavioral1/files/0x000500000001941b-105.dat	upx
behavioral1/files/0x0005000000019481-120.dat	upx
behavioral1/files/0x0005000000019429-111.dat	upx
behavioral1/files/0x000500000001939c-100.dat	upx
behavioral1/files/0x000500000001938e-95.dat	upx
behavioral1/files/0x000500000001938a-90.dat	upx
behavioral1/files/0x0005000000019377-86.dat	upx
behavioral1/memory/2484-82-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/3016-80-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x000500000001932a-71.dat	upx
behavioral1/files/0x000500000001925d-60.dat	upx
behavioral1/files/0x0007000000016307-41.dat	upx
behavioral1/files/0x0007000000016239-36.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MIgmpgS.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yGIYFXj.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSekRTM.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kuuaEFC.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EDDlGDo.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CXJzoLy.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qqRirlc.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oHurQzP.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jdhEHYn.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FcBQPKj.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lhTdiey.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VpTiSTf.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LVmVuIA.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\miTPTyP.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGPgWKe.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nwvrFDQ.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WudZcgG.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vLcyYLI.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BJhrUEp.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SGjmiKB.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVBoryr.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YyzgDRt.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EoDwWYJ.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yfenFiR.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RsJqWVl.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBpbeRI.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OWBLPkS.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DlWTqgq.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AkTZvnf.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zrcAWtW.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFDTFnt.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HwUZShh.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KuaRpLG.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UznhmcE.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MnXnEeP.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vycrJDc.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CyUxZKc.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RvkJgLp.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nQPegQr.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HVAwJEk.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qkOEQys.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UpREruJ.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VPQSlMR.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mSXOjbB.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\peZNgyE.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vIurpnO.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vgVkrJp.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYOsPWN.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DBrcLFH.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MzXXsTN.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aZjqptE.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WOsevOe.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXPgEwy.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\melCDbA.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BSmAHQo.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UQLGpnm.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uTiDYZX.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KKRfqXr.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RYcQnAa.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KHxNqtn.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eDkFnAl.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\weXNwhp.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kjqTyEL.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XrKPhgZ.exe	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 2836	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2752 wrote to memory of 2836	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2752 wrote to memory of 2836	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2752 wrote to memory of 3016	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2752 wrote to memory of 3016	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2752 wrote to memory of 3016	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2752 wrote to memory of 2484	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2752 wrote to memory of 2484	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2752 wrote to memory of 2484	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2752 wrote to memory of 2800	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2752 wrote to memory of 2800	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2752 wrote to memory of 2800	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2752 wrote to memory of 2992	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2752 wrote to memory of 2992	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2752 wrote to memory of 2992	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2752 wrote to memory of 2748	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2752 wrote to memory of 2748	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2752 wrote to memory of 2748	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2752 wrote to memory of 2840	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2752 wrote to memory of 2840	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2752 wrote to memory of 2840	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2752 wrote to memory of 2640	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2752 wrote to memory of 2640	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2752 wrote to memory of 2640	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2752 wrote to memory of 276	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2752 wrote to memory of 276	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2752 wrote to memory of 276	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2752 wrote to memory of 2580	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2752 wrote to memory of 2580	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2752 wrote to memory of 2580	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2752 wrote to memory of 1736	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2752 wrote to memory of 1736	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2752 wrote to memory of 1736	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2752 wrote to memory of 596	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2752 wrote to memory of 596	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2752 wrote to memory of 596	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2752 wrote to memory of 1064	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2752 wrote to memory of 1064	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2752 wrote to memory of 1064	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2752 wrote to memory of 1660	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2752 wrote to memory of 1660	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2752 wrote to memory of 1660	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2752 wrote to memory of 2708	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2752 wrote to memory of 2708	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2752 wrote to memory of 2708	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2752 wrote to memory of 2860	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2752 wrote to memory of 2860	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2752 wrote to memory of 2860	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2752 wrote to memory of 2936	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2752 wrote to memory of 2936	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2752 wrote to memory of 2936	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2752 wrote to memory of 1932	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2752 wrote to memory of 1932	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2752 wrote to memory of 1932	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2752 wrote to memory of 2296	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2752 wrote to memory of 2296	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2752 wrote to memory of 2296	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2752 wrote to memory of 2976	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2752 wrote to memory of 2976	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2752 wrote to memory of 2976	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2752 wrote to memory of 2160	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2752 wrote to memory of 2160	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2752 wrote to memory of 2160	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2752 wrote to memory of 840	2752	2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-19_8d219e50924ad6646bcc725bf640f3d4_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Windows\System\feJwVCy.exe
  C:\Windows\System\feJwVCy.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\adDHgLv.exe
  C:\Windows\System\adDHgLv.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\ZQOsoDz.exe
  C:\Windows\System\ZQOsoDz.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\sQyJbVW.exe
  C:\Windows\System\sQyJbVW.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\ZUMOWQy.exe
  C:\Windows\System\ZUMOWQy.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\GJeyLJn.exe
  C:\Windows\System\GJeyLJn.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\JzKbLFo.exe
  C:\Windows\System\JzKbLFo.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\SyRNzrT.exe
  C:\Windows\System\SyRNzrT.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\MtmCVdk.exe
  C:\Windows\System\MtmCVdk.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\dVSkMdT.exe
  C:\Windows\System\dVSkMdT.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\cvuVTlh.exe
  C:\Windows\System\cvuVTlh.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\ZmRnMAY.exe
  C:\Windows\System\ZmRnMAY.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\vnswmqP.exe
  C:\Windows\System\vnswmqP.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\PvMcDmH.exe
  C:\Windows\System\PvMcDmH.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\FgoDPsv.exe
  C:\Windows\System\FgoDPsv.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\LMyhgTK.exe
  C:\Windows\System\LMyhgTK.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\iNDkjwk.exe
  C:\Windows\System\iNDkjwk.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\ZUoRuZa.exe
  C:\Windows\System\ZUoRuZa.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\BJBldwI.exe
  C:\Windows\System\BJBldwI.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\AcaGdvg.exe
  C:\Windows\System\AcaGdvg.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\NfEefWt.exe
  C:\Windows\System\NfEefWt.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\oQnfILX.exe
  C:\Windows\System\oQnfILX.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\LJwAkbv.exe
  C:\Windows\System\LJwAkbv.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\gNQnLBZ.exe
  C:\Windows\System\gNQnLBZ.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\wpybXMN.exe
  C:\Windows\System\wpybXMN.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\BuxTLnh.exe
  C:\Windows\System\BuxTLnh.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\BJhrUEp.exe
  C:\Windows\System\BJhrUEp.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\IUCMbcG.exe
  C:\Windows\System\IUCMbcG.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\itiuROc.exe
  C:\Windows\System\itiuROc.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\ydVvWps.exe
  C:\Windows\System\ydVvWps.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\GVkKebo.exe
  C:\Windows\System\GVkKebo.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\SYtoYSq.exe
  C:\Windows\System\SYtoYSq.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\iuxnrTd.exe
  C:\Windows\System\iuxnrTd.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\rpjdZrk.exe
  C:\Windows\System\rpjdZrk.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\DCSFisP.exe
  C:\Windows\System\DCSFisP.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\ogyKEPQ.exe
  C:\Windows\System\ogyKEPQ.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\VjiDvLu.exe
  C:\Windows\System\VjiDvLu.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\SGjmiKB.exe
  C:\Windows\System\SGjmiKB.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\jeyQYFL.exe
  C:\Windows\System\jeyQYFL.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\IoZyARx.exe
  C:\Windows\System\IoZyARx.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\EPjimHs.exe
  C:\Windows\System\EPjimHs.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\KaXLeSn.exe
  C:\Windows\System\KaXLeSn.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\LBnwAXE.exe
  C:\Windows\System\LBnwAXE.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\CDdeXGq.exe
  C:\Windows\System\CDdeXGq.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\dVvFKsL.exe
  C:\Windows\System\dVvFKsL.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\AanIwPo.exe
  C:\Windows\System\AanIwPo.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\yrTrePB.exe
  C:\Windows\System\yrTrePB.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\jOkRZqv.exe
  C:\Windows\System\jOkRZqv.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\VhOeAZy.exe
  C:\Windows\System\VhOeAZy.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\lhThMOe.exe
  C:\Windows\System\lhThMOe.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\fUOZVrl.exe
  C:\Windows\System\fUOZVrl.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\VEawqOy.exe
  C:\Windows\System\VEawqOy.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\pTrUvWu.exe
  C:\Windows\System\pTrUvWu.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\QwyeWoM.exe
  C:\Windows\System\QwyeWoM.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\ATyhvsA.exe
  C:\Windows\System\ATyhvsA.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\MIgmpgS.exe
  C:\Windows\System\MIgmpgS.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\RxrRotk.exe
  C:\Windows\System\RxrRotk.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\lOuPmgx.exe
  C:\Windows\System\lOuPmgx.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\vCBrCRr.exe
  C:\Windows\System\vCBrCRr.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\SrWRdow.exe
  C:\Windows\System\SrWRdow.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\KHxNqtn.exe
  C:\Windows\System\KHxNqtn.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\GYpnXXT.exe
  C:\Windows\System\GYpnXXT.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\fTDdAiO.exe
  C:\Windows\System\fTDdAiO.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\irAZHyU.exe
  C:\Windows\System\irAZHyU.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\TiRCfJX.exe
  C:\Windows\System\TiRCfJX.exe
  2⤵
  PID:2208
- C:\Windows\System\aPnAtjt.exe
  C:\Windows\System\aPnAtjt.exe
  2⤵
  PID:2560
- C:\Windows\System\LqaAjBr.exe
  C:\Windows\System\LqaAjBr.exe
  2⤵
  PID:2924
- C:\Windows\System\FjgCwqR.exe
  C:\Windows\System\FjgCwqR.exe
  2⤵
  PID:1740
- C:\Windows\System\SnHZuVi.exe
  C:\Windows\System\SnHZuVi.exe
  2⤵
  PID:2248
- C:\Windows\System\XzaxAcS.exe
  C:\Windows\System\XzaxAcS.exe
  2⤵
  PID:2300
- C:\Windows\System\eeEcnVF.exe
  C:\Windows\System\eeEcnVF.exe
  2⤵
  PID:1900
- C:\Windows\System\NKcvCFo.exe
  C:\Windows\System\NKcvCFo.exe
  2⤵
  PID:324
- C:\Windows\System\mOwrjPQ.exe
  C:\Windows\System\mOwrjPQ.exe
  2⤵
  PID:2184
- C:\Windows\System\KGEBnZk.exe
  C:\Windows\System\KGEBnZk.exe
  2⤵
  PID:2428
- C:\Windows\System\QzKLzvl.exe
  C:\Windows\System\QzKLzvl.exe
  2⤵
  PID:1984
- C:\Windows\System\wyDQKgX.exe
  C:\Windows\System\wyDQKgX.exe
  2⤵
  PID:1248
- C:\Windows\System\wUrMder.exe
  C:\Windows\System\wUrMder.exe
  2⤵
  PID:2496
- C:\Windows\System\UVmVYTx.exe
  C:\Windows\System\UVmVYTx.exe
  2⤵
  PID:2076
- C:\Windows\System\iPThxWF.exe
  C:\Windows\System\iPThxWF.exe
  2⤵
  PID:2168
- C:\Windows\System\SULvlOd.exe
  C:\Windows\System\SULvlOd.exe
  2⤵
  PID:444
- C:\Windows\System\BVTmodG.exe
  C:\Windows\System\BVTmodG.exe
  2⤵
  PID:2140
- C:\Windows\System\RpcVLyV.exe
  C:\Windows\System\RpcVLyV.exe
  2⤵
  PID:1860
- C:\Windows\System\kjkJKRX.exe
  C:\Windows\System\kjkJKRX.exe
  2⤵
  PID:1496
- C:\Windows\System\tkGWrhx.exe
  C:\Windows\System\tkGWrhx.exe
  2⤵
  PID:1980
- C:\Windows\System\AwTyKPl.exe
  C:\Windows\System\AwTyKPl.exe
  2⤵
  PID:2332
- C:\Windows\System\LxDSJtT.exe
  C:\Windows\System\LxDSJtT.exe
  2⤵
  PID:2352
- C:\Windows\System\HlYWxnq.exe
  C:\Windows\System\HlYWxnq.exe
  2⤵
  PID:1208
- C:\Windows\System\OnwnCzX.exe
  C:\Windows\System\OnwnCzX.exe
  2⤵
  PID:636
- C:\Windows\System\ubFNNiy.exe
  C:\Windows\System\ubFNNiy.exe
  2⤵
  PID:1652
- C:\Windows\System\COFAPtw.exe
  C:\Windows\System\COFAPtw.exe
  2⤵
  PID:1540
- C:\Windows\System\pJTlEwz.exe
  C:\Windows\System\pJTlEwz.exe
  2⤵
  PID:2056
- C:\Windows\System\DRNWKPq.exe
  C:\Windows\System\DRNWKPq.exe
  2⤵
  PID:1640
- C:\Windows\System\LgJowvk.exe
  C:\Windows\System\LgJowvk.exe
  2⤵
  PID:2728
- C:\Windows\System\vdIivCT.exe
  C:\Windows\System\vdIivCT.exe
  2⤵
  PID:2896
- C:\Windows\System\RYQlEDr.exe
  C:\Windows\System\RYQlEDr.exe
  2⤵
  PID:760
- C:\Windows\System\eyqIsOO.exe
  C:\Windows\System\eyqIsOO.exe
  2⤵
  PID:968
- C:\Windows\System\JgfjBtV.exe
  C:\Windows\System\JgfjBtV.exe
  2⤵
  PID:660
- C:\Windows\System\IiqWYDN.exe
  C:\Windows\System\IiqWYDN.exe
  2⤵
  PID:2856
- C:\Windows\System\FcBQPKj.exe
  C:\Windows\System\FcBQPKj.exe
  2⤵
  PID:1744
- C:\Windows\System\HtxuKjx.exe
  C:\Windows\System\HtxuKjx.exe
  2⤵
  PID:2412
- C:\Windows\System\YUzbPeY.exe
  C:\Windows\System\YUzbPeY.exe
  2⤵
  PID:1460
- C:\Windows\System\KmdDoQj.exe
  C:\Windows\System\KmdDoQj.exe
  2⤵
  PID:2012
- C:\Windows\System\JsAZXex.exe
  C:\Windows\System\JsAZXex.exe
  2⤵
  PID:1036
- C:\Windows\System\XDfspKK.exe
  C:\Windows\System\XDfspKK.exe
  2⤵
  PID:2176
- C:\Windows\System\cxtQGyx.exe
  C:\Windows\System\cxtQGyx.exe
  2⤵
  PID:1924
- C:\Windows\System\dkqRtpx.exe
  C:\Windows\System\dkqRtpx.exe
  2⤵
  PID:1680
- C:\Windows\System\NyAQjTy.exe
  C:\Windows\System\NyAQjTy.exe
  2⤵
  PID:1708
- C:\Windows\System\XzbIgGG.exe
  C:\Windows\System\XzbIgGG.exe
  2⤵
  PID:1876
- C:\Windows\System\GtxYLvr.exe
  C:\Windows\System\GtxYLvr.exe
  2⤵
  PID:1356
- C:\Windows\System\bJhDvlP.exe
  C:\Windows\System\bJhDvlP.exe
  2⤵
  PID:536
- C:\Windows\System\SnEFoQa.exe
  C:\Windows\System\SnEFoQa.exe
  2⤵
  PID:1420
- C:\Windows\System\IvXlVft.exe
  C:\Windows\System\IvXlVft.exe
  2⤵
  PID:316
- C:\Windows\System\AuoLRKa.exe
  C:\Windows\System\AuoLRKa.exe
  2⤵
  PID:1996
- C:\Windows\System\REuJiXh.exe
  C:\Windows\System\REuJiXh.exe
  2⤵
  PID:2192
- C:\Windows\System\qiPtgdb.exe
  C:\Windows\System\qiPtgdb.exe
  2⤵
  PID:2940
- C:\Windows\System\hKPiYnq.exe
  C:\Windows\System\hKPiYnq.exe
  2⤵
  PID:2688
- C:\Windows\System\aZjqptE.exe
  C:\Windows\System\aZjqptE.exe
  2⤵
  PID:2996
- C:\Windows\System\qIQfPJf.exe
  C:\Windows\System\qIQfPJf.exe
  2⤵
  PID:1564
- C:\Windows\System\afyrVpU.exe
  C:\Windows\System\afyrVpU.exe
  2⤵
  PID:1524
- C:\Windows\System\OdvzuTs.exe
  C:\Windows\System\OdvzuTs.exe
  2⤵
  PID:3004
- C:\Windows\System\IHWEMsW.exe
  C:\Windows\System\IHWEMsW.exe
  2⤵
  PID:2632
- C:\Windows\System\gLutewi.exe
  C:\Windows\System\gLutewi.exe
  2⤵
  PID:2044
- C:\Windows\System\ObweqfI.exe
  C:\Windows\System\ObweqfI.exe
  2⤵
  PID:2060
- C:\Windows\System\nrZAOwB.exe
  C:\Windows\System\nrZAOwB.exe
  2⤵
  PID:1004
- C:\Windows\System\nebXmen.exe
  C:\Windows\System\nebXmen.exe
  2⤵
  PID:3092
- C:\Windows\System\FcUePNj.exe
  C:\Windows\System\FcUePNj.exe
  2⤵
  PID:3108
- C:\Windows\System\mbTLSRD.exe
  C:\Windows\System\mbTLSRD.exe
  2⤵
  PID:3124
- C:\Windows\System\NZyLyIe.exe
  C:\Windows\System\NZyLyIe.exe
  2⤵
  PID:3140
- C:\Windows\System\ClwElHi.exe
  C:\Windows\System\ClwElHi.exe
  2⤵
  PID:3156
- C:\Windows\System\nfwdBTC.exe
  C:\Windows\System\nfwdBTC.exe
  2⤵
  PID:3176
- C:\Windows\System\hiwzJje.exe
  C:\Windows\System\hiwzJje.exe
  2⤵
  PID:3196
- C:\Windows\System\INqpZBh.exe
  C:\Windows\System\INqpZBh.exe
  2⤵
  PID:3212
- C:\Windows\System\bBcqtqh.exe
  C:\Windows\System\bBcqtqh.exe
  2⤵
  PID:3236
- C:\Windows\System\alKZmKo.exe
  C:\Windows\System\alKZmKo.exe
  2⤵
  PID:3252
- C:\Windows\System\FlXJEws.exe
  C:\Windows\System\FlXJEws.exe
  2⤵
  PID:3296
- C:\Windows\System\kfEEAKR.exe
  C:\Windows\System\kfEEAKR.exe
  2⤵
  PID:3316
- C:\Windows\System\fYGKFwS.exe
  C:\Windows\System\fYGKFwS.exe
  2⤵
  PID:3332
- C:\Windows\System\bhoUSRU.exe
  C:\Windows\System\bhoUSRU.exe
  2⤵
  PID:3356
- C:\Windows\System\MGFVZlO.exe
  C:\Windows\System\MGFVZlO.exe
  2⤵
  PID:3376
- C:\Windows\System\PuRyWhc.exe
  C:\Windows\System\PuRyWhc.exe
  2⤵
  PID:3396
- C:\Windows\System\WULfrNq.exe
  C:\Windows\System\WULfrNq.exe
  2⤵
  PID:3412
- C:\Windows\System\gsfwdao.exe
  C:\Windows\System\gsfwdao.exe
  2⤵
  PID:3436
- C:\Windows\System\tZyVYNd.exe
  C:\Windows\System\tZyVYNd.exe
  2⤵
  PID:3452
- C:\Windows\System\NWzVZFd.exe
  C:\Windows\System\NWzVZFd.exe
  2⤵
  PID:3468
- C:\Windows\System\mtKtqdd.exe
  C:\Windows\System\mtKtqdd.exe
  2⤵
  PID:3484
- C:\Windows\System\djBVOfb.exe
  C:\Windows\System\djBVOfb.exe
  2⤵
  PID:3504
- C:\Windows\System\gEcNeOW.exe
  C:\Windows\System\gEcNeOW.exe
  2⤵
  PID:3536
- C:\Windows\System\dlqzaoA.exe
  C:\Windows\System\dlqzaoA.exe
  2⤵
  PID:3556
- C:\Windows\System\jwbpbIk.exe
  C:\Windows\System\jwbpbIk.exe
  2⤵
  PID:3576
- C:\Windows\System\RnHOiNZ.exe
  C:\Windows\System\RnHOiNZ.exe
  2⤵
  PID:3596
- C:\Windows\System\ycDNpxy.exe
  C:\Windows\System\ycDNpxy.exe
  2⤵
  PID:3616
- C:\Windows\System\pbNHsSt.exe
  C:\Windows\System\pbNHsSt.exe
  2⤵
  PID:3632
- C:\Windows\System\TecFwyh.exe
  C:\Windows\System\TecFwyh.exe
  2⤵
  PID:3652
- C:\Windows\System\wdKDavz.exe
  C:\Windows\System\wdKDavz.exe
  2⤵
  PID:3668
- C:\Windows\System\unSCXoF.exe
  C:\Windows\System\unSCXoF.exe
  2⤵
  PID:3688
- C:\Windows\System\lOUJlQk.exe
  C:\Windows\System\lOUJlQk.exe
  2⤵
  PID:3704
- C:\Windows\System\HaCyJgE.exe
  C:\Windows\System\HaCyJgE.exe
  2⤵
  PID:3732
- C:\Windows\System\TkOCMYU.exe
  C:\Windows\System\TkOCMYU.exe
  2⤵
  PID:3756
- C:\Windows\System\LaaNSVj.exe
  C:\Windows\System\LaaNSVj.exe
  2⤵
  PID:3772
- C:\Windows\System\YtkQuFR.exe
  C:\Windows\System\YtkQuFR.exe
  2⤵
  PID:3792
- C:\Windows\System\AWkhQau.exe
  C:\Windows\System\AWkhQau.exe
  2⤵
  PID:3812
- C:\Windows\System\BVtSdHK.exe
  C:\Windows\System\BVtSdHK.exe
  2⤵
  PID:3836
- C:\Windows\System\QfybmVC.exe
  C:\Windows\System\QfybmVC.exe
  2⤵
  PID:3852
- C:\Windows\System\GVJfjps.exe
  C:\Windows\System\GVJfjps.exe
  2⤵
  PID:3868
- C:\Windows\System\zXISAFN.exe
  C:\Windows\System\zXISAFN.exe
  2⤵
  PID:3888
- C:\Windows\System\wSXuzxU.exe
  C:\Windows\System\wSXuzxU.exe
  2⤵
  PID:3904
- C:\Windows\System\uriYCiV.exe
  C:\Windows\System\uriYCiV.exe
  2⤵
  PID:3924
- C:\Windows\System\SjbtUMe.exe
  C:\Windows\System\SjbtUMe.exe
  2⤵
  PID:3948
- C:\Windows\System\umbXPIH.exe
  C:\Windows\System\umbXPIH.exe
  2⤵
  PID:3964
- C:\Windows\System\hQviufU.exe
  C:\Windows\System\hQviufU.exe
  2⤵
  PID:3980
- C:\Windows\System\AqTDdHU.exe
  C:\Windows\System\AqTDdHU.exe
  2⤵
  PID:4004
- C:\Windows\System\fThWVdo.exe
  C:\Windows\System\fThWVdo.exe
  2⤵
  PID:4028
- C:\Windows\System\MssDGDC.exe
  C:\Windows\System\MssDGDC.exe
  2⤵
  PID:4044
- C:\Windows\System\djWmbej.exe
  C:\Windows\System\djWmbej.exe
  2⤵
  PID:4060
- C:\Windows\System\okRDUyV.exe
  C:\Windows\System\okRDUyV.exe
  2⤵
  PID:4076
- C:\Windows\System\BGHkBge.exe
  C:\Windows\System\BGHkBge.exe
  2⤵
  PID:4092
- C:\Windows\System\xklwDNw.exe
  C:\Windows\System\xklwDNw.exe
  2⤵
  PID:2264
- C:\Windows\System\RyOEzQL.exe
  C:\Windows\System\RyOEzQL.exe
  2⤵
  PID:1628
- C:\Windows\System\CWWkdKK.exe
  C:\Windows\System\CWWkdKK.exe
  2⤵
  PID:1620
- C:\Windows\System\QFRFnSk.exe
  C:\Windows\System\QFRFnSk.exe
  2⤵
  PID:2360
- C:\Windows\System\nZIbVAl.exe
  C:\Windows\System\nZIbVAl.exe
  2⤵
  PID:2152
- C:\Windows\System\nAqSRwA.exe
  C:\Windows\System\nAqSRwA.exe
  2⤵
  PID:3228
- C:\Windows\System\uuAvFsx.exe
  C:\Windows\System\uuAvFsx.exe
  2⤵
  PID:3276
- C:\Windows\System\NoSmBOd.exe
  C:\Windows\System\NoSmBOd.exe
  2⤵
  PID:3304
- C:\Windows\System\COlRRtO.exe
  C:\Windows\System\COlRRtO.exe
  2⤵
  PID:3344
- C:\Windows\System\crRisRe.exe
  C:\Windows\System\crRisRe.exe
  2⤵
  PID:3348
- C:\Windows\System\peZNgyE.exe
  C:\Windows\System\peZNgyE.exe
  2⤵
  PID:3388
- C:\Windows\System\KsjscTk.exe
  C:\Windows\System\KsjscTk.exe
  2⤵
  PID:3432
- C:\Windows\System\ozPgRzz.exe
  C:\Windows\System\ozPgRzz.exe
  2⤵
  PID:3500
- C:\Windows\System\KfvDXpE.exe
  C:\Windows\System\KfvDXpE.exe
  2⤵
  PID:3544
- C:\Windows\System\rUASsmO.exe
  C:\Windows\System\rUASsmO.exe
  2⤵
  PID:3584
- C:\Windows\System\Melloxb.exe
  C:\Windows\System\Melloxb.exe
  2⤵
  PID:3516
- C:\Windows\System\rFLMwaa.exe
  C:\Windows\System\rFLMwaa.exe
  2⤵
  PID:3572
- C:\Windows\System\dFCQDbj.exe
  C:\Windows\System\dFCQDbj.exe
  2⤵
  PID:3664
- C:\Windows\System\lhTdiey.exe
  C:\Windows\System\lhTdiey.exe
  2⤵
  PID:3648
- C:\Windows\System\BMHdzWP.exe
  C:\Windows\System\BMHdzWP.exe
  2⤵
  PID:3748
- C:\Windows\System\QJPaerE.exe
  C:\Windows\System\QJPaerE.exe
  2⤵
  PID:3720
- C:\Windows\System\oLyWFRr.exe
  C:\Windows\System\oLyWFRr.exe
  2⤵
  PID:3780
- C:\Windows\System\PgopxAV.exe
  C:\Windows\System\PgopxAV.exe
  2⤵
  PID:3832
- C:\Windows\System\QnvVJAp.exe
  C:\Windows\System\QnvVJAp.exe
  2⤵
  PID:3932
- C:\Windows\System\fJAxxeZ.exe
  C:\Windows\System\fJAxxeZ.exe
  2⤵
  PID:3972
- C:\Windows\System\JyGzLCk.exe
  C:\Windows\System\JyGzLCk.exe
  2⤵
  PID:3768
- C:\Windows\System\FbtNmsZ.exe
  C:\Windows\System\FbtNmsZ.exe
  2⤵
  PID:4072
- C:\Windows\System\YyaFWVW.exe
  C:\Windows\System\YyaFWVW.exe
  2⤵
  PID:3800
- C:\Windows\System\UhVRbRB.exe
  C:\Windows\System\UhVRbRB.exe
  2⤵
  PID:3992
- C:\Windows\System\TTlALUR.exe
  C:\Windows\System\TTlALUR.exe
  2⤵
  PID:3996
- C:\Windows\System\DIsazXK.exe
  C:\Windows\System\DIsazXK.exe
  2⤵
  PID:4020
- C:\Windows\System\deHuAlI.exe
  C:\Windows\System\deHuAlI.exe
  2⤵
  PID:4088
- C:\Windows\System\SRlRYDV.exe
  C:\Windows\System\SRlRYDV.exe
  2⤵
  PID:2080
- C:\Windows\System\OsQvcEh.exe
  C:\Windows\System\OsQvcEh.exe
  2⤵
  PID:3088
- C:\Windows\System\VjaHIcU.exe
  C:\Windows\System\VjaHIcU.exe
  2⤵
  PID:3184
- C:\Windows\System\zqRpxKU.exe
  C:\Windows\System\zqRpxKU.exe
  2⤵
  PID:3224
- C:\Windows\System\CtVHDhH.exe
  C:\Windows\System\CtVHDhH.exe
  2⤵
  PID:3328
- C:\Windows\System\CNSzgPw.exe
  C:\Windows\System\CNSzgPw.exe
  2⤵
  PID:3268
- C:\Windows\System\QEKBjZM.exe
  C:\Windows\System\QEKBjZM.exe
  2⤵
  PID:3524
- C:\Windows\System\gOcSsJu.exe
  C:\Windows\System\gOcSsJu.exe
  2⤵
  PID:3628
- C:\Windows\System\Swneowy.exe
  C:\Windows\System\Swneowy.exe
  2⤵
  PID:3464
- C:\Windows\System\KydecWB.exe
  C:\Windows\System\KydecWB.exe
  2⤵
  PID:3496
- C:\Windows\System\XMkHEwT.exe
  C:\Windows\System\XMkHEwT.exe
  2⤵
  PID:3684
- C:\Windows\System\CvHGBbI.exe
  C:\Windows\System\CvHGBbI.exe
  2⤵
  PID:3728
- C:\Windows\System\lmZvtMY.exe
  C:\Windows\System\lmZvtMY.exe
  2⤵
  PID:3860
- C:\Windows\System\GYVneJv.exe
  C:\Windows\System\GYVneJv.exe
  2⤵
  PID:3640
- C:\Windows\System\kRdetJx.exe
  C:\Windows\System\kRdetJx.exe
  2⤵
  PID:3844
- C:\Windows\System\OfpGMto.exe
  C:\Windows\System\OfpGMto.exe
  2⤵
  PID:4068
- C:\Windows\System\VwNfzsF.exe
  C:\Windows\System\VwNfzsF.exe
  2⤵
  PID:3876
- C:\Windows\System\nbDNtHv.exe
  C:\Windows\System\nbDNtHv.exe
  2⤵
  PID:1780
- C:\Windows\System\gYUAIvV.exe
  C:\Windows\System\gYUAIvV.exe
  2⤵
  PID:3956
- C:\Windows\System\nusuqdx.exe
  C:\Windows\System\nusuqdx.exe
  2⤵
  PID:3084
- C:\Windows\System\DkEAlYC.exe
  C:\Windows\System\DkEAlYC.exe
  2⤵
  PID:3188
- C:\Windows\System\BugZuHt.exe
  C:\Windows\System\BugZuHt.exe
  2⤵
  PID:3292
- C:\Windows\System\dmcERfq.exe
  C:\Windows\System\dmcERfq.exe
  2⤵
  PID:3428
- C:\Windows\System\DOsFmWm.exe
  C:\Windows\System\DOsFmWm.exe
  2⤵
  PID:3340
- C:\Windows\System\XAQglPn.exe
  C:\Windows\System\XAQglPn.exe
  2⤵
  PID:3588
- C:\Windows\System\NfBfXtK.exe
  C:\Windows\System\NfBfXtK.exe
  2⤵
  PID:3532
- C:\Windows\System\gsoVxny.exe
  C:\Windows\System\gsoVxny.exe
  2⤵
  PID:4112
- C:\Windows\System\KvWevKn.exe
  C:\Windows\System\KvWevKn.exe
  2⤵
  PID:4132
- C:\Windows\System\XQxpLnc.exe
  C:\Windows\System\XQxpLnc.exe
  2⤵
  PID:4148
- C:\Windows\System\lKvKXsg.exe
  C:\Windows\System\lKvKXsg.exe
  2⤵
  PID:4172
- C:\Windows\System\KJlbcTd.exe
  C:\Windows\System\KJlbcTd.exe
  2⤵
  PID:4188
- C:\Windows\System\bcsnbSe.exe
  C:\Windows\System\bcsnbSe.exe
  2⤵
  PID:4212
- C:\Windows\System\kSBHBmQ.exe
  C:\Windows\System\kSBHBmQ.exe
  2⤵
  PID:4228
- C:\Windows\System\jKQayql.exe
  C:\Windows\System\jKQayql.exe
  2⤵
  PID:4248
- C:\Windows\System\nQPegQr.exe
  C:\Windows\System\nQPegQr.exe
  2⤵
  PID:4268
- C:\Windows\System\egGeLyf.exe
  C:\Windows\System\egGeLyf.exe
  2⤵
  PID:4288
- C:\Windows\System\xsDqgLC.exe
  C:\Windows\System\xsDqgLC.exe
  2⤵
  PID:4312
- C:\Windows\System\TELCfZC.exe
  C:\Windows\System\TELCfZC.exe
  2⤵
  PID:4332
- C:\Windows\System\JqjgMtk.exe
  C:\Windows\System\JqjgMtk.exe
  2⤵
  PID:4348
- C:\Windows\System\RVQpWEO.exe
  C:\Windows\System\RVQpWEO.exe
  2⤵
  PID:4368
- C:\Windows\System\HtbKvYT.exe
  C:\Windows\System\HtbKvYT.exe
  2⤵
  PID:4388
- C:\Windows\System\pdUeFpu.exe
  C:\Windows\System\pdUeFpu.exe
  2⤵
  PID:4404
- C:\Windows\System\VYjDxsL.exe
  C:\Windows\System\VYjDxsL.exe
  2⤵
  PID:4428
- C:\Windows\System\xpuFaHN.exe
  C:\Windows\System\xpuFaHN.exe
  2⤵
  PID:4452
- C:\Windows\System\CSUVGov.exe
  C:\Windows\System\CSUVGov.exe
  2⤵
  PID:4468
- C:\Windows\System\GjAdbnX.exe
  C:\Windows\System\GjAdbnX.exe
  2⤵
  PID:4484
- C:\Windows\System\XhsJbCf.exe
  C:\Windows\System\XhsJbCf.exe
  2⤵
  PID:4504
- C:\Windows\System\speVBHv.exe
  C:\Windows\System\speVBHv.exe
  2⤵
  PID:4528
- C:\Windows\System\XtxJIIo.exe
  C:\Windows\System\XtxJIIo.exe
  2⤵
  PID:4544
- C:\Windows\System\jWPfIPE.exe
  C:\Windows\System\jWPfIPE.exe
  2⤵
  PID:4568
- C:\Windows\System\RxYKpso.exe
  C:\Windows\System\RxYKpso.exe
  2⤵
  PID:4588
- C:\Windows\System\uzoeixf.exe
  C:\Windows\System\uzoeixf.exe
  2⤵
  PID:4612
- C:\Windows\System\KDLGaEH.exe
  C:\Windows\System\KDLGaEH.exe
  2⤵
  PID:4628
- C:\Windows\System\sldcUvD.exe
  C:\Windows\System\sldcUvD.exe
  2⤵
  PID:4648
- C:\Windows\System\fLGFDXH.exe
  C:\Windows\System\fLGFDXH.exe
  2⤵
  PID:4668
- C:\Windows\System\VZbcECN.exe
  C:\Windows\System\VZbcECN.exe
  2⤵
  PID:4688
- C:\Windows\System\ZzxedTi.exe
  C:\Windows\System\ZzxedTi.exe
  2⤵
  PID:4708
- C:\Windows\System\getZyyI.exe
  C:\Windows\System\getZyyI.exe
  2⤵
  PID:4728
- C:\Windows\System\zmCFtOx.exe
  C:\Windows\System\zmCFtOx.exe
  2⤵
  PID:4748
- C:\Windows\System\YqjFazm.exe
  C:\Windows\System\YqjFazm.exe
  2⤵
  PID:4768
- C:\Windows\System\fFpWCpH.exe
  C:\Windows\System\fFpWCpH.exe
  2⤵
  PID:4784
- C:\Windows\System\pSdtevQ.exe
  C:\Windows\System\pSdtevQ.exe
  2⤵
  PID:4804
- C:\Windows\System\QDaQwPZ.exe
  C:\Windows\System\QDaQwPZ.exe
  2⤵
  PID:4824
- C:\Windows\System\xQGCJoW.exe
  C:\Windows\System\xQGCJoW.exe
  2⤵
  PID:4848
- C:\Windows\System\NtnSDzn.exe
  C:\Windows\System\NtnSDzn.exe
  2⤵
  PID:4868
- C:\Windows\System\TrVxtdu.exe
  C:\Windows\System\TrVxtdu.exe
  2⤵
  PID:4884
- C:\Windows\System\aUWZNJF.exe
  C:\Windows\System\aUWZNJF.exe
  2⤵
  PID:4900
- C:\Windows\System\UzkABia.exe
  C:\Windows\System\UzkABia.exe
  2⤵
  PID:4924
- C:\Windows\System\zVxJhSC.exe
  C:\Windows\System\zVxJhSC.exe
  2⤵
  PID:4940
- C:\Windows\System\BTZmizF.exe
  C:\Windows\System\BTZmizF.exe
  2⤵
  PID:4964
- C:\Windows\System\kkofRHg.exe
  C:\Windows\System\kkofRHg.exe
  2⤵
  PID:4980
- C:\Windows\System\rKYRvkG.exe
  C:\Windows\System\rKYRvkG.exe
  2⤵
  PID:4996
- C:\Windows\System\QjVQkUc.exe
  C:\Windows\System\QjVQkUc.exe
  2⤵
  PID:5020
- C:\Windows\System\VtuUgcv.exe
  C:\Windows\System\VtuUgcv.exe
  2⤵
  PID:5040
- C:\Windows\System\BSryYJg.exe
  C:\Windows\System\BSryYJg.exe
  2⤵
  PID:5064
- C:\Windows\System\OMlLqpi.exe
  C:\Windows\System\OMlLqpi.exe
  2⤵
  PID:5084
- C:\Windows\System\Dolzzif.exe
  C:\Windows\System\Dolzzif.exe
  2⤵
  PID:5112
- C:\Windows\System\TkyVBFv.exe
  C:\Windows\System\TkyVBFv.exe
  2⤵
  PID:3520
- C:\Windows\System\nkDcIEM.exe
  C:\Windows\System\nkDcIEM.exe
  2⤵
  PID:3716
- C:\Windows\System\cTTYIwS.exe
  C:\Windows\System\cTTYIwS.exe
  2⤵
  PID:3828
- C:\Windows\System\YqZPHBK.exe
  C:\Windows\System\YqZPHBK.exe
  2⤵
  PID:3944
- C:\Windows\System\qCmXXIQ.exe
  C:\Windows\System\qCmXXIQ.exe
  2⤵
  PID:3076
- C:\Windows\System\EUIptGU.exe
  C:\Windows\System\EUIptGU.exe
  2⤵
  PID:4052
- C:\Windows\System\OHDNhPE.exe
  C:\Windows\System\OHDNhPE.exe
  2⤵
  PID:3148
- C:\Windows\System\nXtlcMb.exe
  C:\Windows\System\nXtlcMb.exe
  2⤵
  PID:3480
- C:\Windows\System\tutiZUp.exe
  C:\Windows\System\tutiZUp.exe
  2⤵
  PID:4124
- C:\Windows\System\DtVIqHV.exe
  C:\Windows\System\DtVIqHV.exe
  2⤵
  PID:3492
- C:\Windows\System\jHDkyIu.exe
  C:\Windows\System\jHDkyIu.exe
  2⤵
  PID:4156
- C:\Windows\System\eiBtPxJ.exe
  C:\Windows\System\eiBtPxJ.exe
  2⤵
  PID:4144
- C:\Windows\System\iTNOWIo.exe
  C:\Windows\System\iTNOWIo.exe
  2⤵
  PID:4180
- C:\Windows\System\gsDOTkn.exe
  C:\Windows\System\gsDOTkn.exe
  2⤵
  PID:4240
- C:\Windows\System\vDLvqUo.exe
  C:\Windows\System\vDLvqUo.exe
  2⤵
  PID:4224
- C:\Windows\System\CHsxrre.exe
  C:\Windows\System\CHsxrre.exe
  2⤵
  PID:4296
- C:\Windows\System\spkEoVc.exe
  C:\Windows\System\spkEoVc.exe
  2⤵
  PID:4304
- C:\Windows\System\xWVbcaT.exe
  C:\Windows\System\xWVbcaT.exe
  2⤵
  PID:4436
- C:\Windows\System\qLQEDsv.exe
  C:\Windows\System\qLQEDsv.exe
  2⤵
  PID:4380
- C:\Windows\System\KMKDsVV.exe
  C:\Windows\System\KMKDsVV.exe
  2⤵
  PID:4416
- C:\Windows\System\MYLPkHe.exe
  C:\Windows\System\MYLPkHe.exe
  2⤵
  PID:4520
- C:\Windows\System\NMGALBR.exe
  C:\Windows\System\NMGALBR.exe
  2⤵
  PID:4500
- C:\Windows\System\uDGojND.exe
  C:\Windows\System\uDGojND.exe
  2⤵
  PID:4596
- C:\Windows\System\cAsVGLm.exe
  C:\Windows\System\cAsVGLm.exe
  2⤵
  PID:4644
- C:\Windows\System\yoYnOca.exe
  C:\Windows\System\yoYnOca.exe
  2⤵
  PID:4464
- C:\Windows\System\mrxuZUI.exe
  C:\Windows\System\mrxuZUI.exe
  2⤵
  PID:4540
- C:\Windows\System\VpTiSTf.exe
  C:\Windows\System\VpTiSTf.exe
  2⤵
  PID:4756
- C:\Windows\System\uMNBipO.exe
  C:\Windows\System\uMNBipO.exe
  2⤵
  PID:4796
- C:\Windows\System\GByydaW.exe
  C:\Windows\System\GByydaW.exe
  2⤵
  PID:4840
- C:\Windows\System\lHbYUSy.exe
  C:\Windows\System\lHbYUSy.exe
  2⤵
  PID:4876
- C:\Windows\System\RLzrFlf.exe
  C:\Windows\System\RLzrFlf.exe
  2⤵
  PID:4920
- C:\Windows\System\kLnwCRu.exe
  C:\Windows\System\kLnwCRu.exe
  2⤵
  PID:4660
- C:\Windows\System\wXGQEjw.exe
  C:\Windows\System\wXGQEjw.exe
  2⤵
  PID:4696
- C:\Windows\System\likWPfN.exe
  C:\Windows\System\likWPfN.exe
  2⤵
  PID:4956
- C:\Windows\System\NKNAcRg.exe
  C:\Windows\System\NKNAcRg.exe
  2⤵
  PID:4820
- C:\Windows\System\uBXfYzX.exe
  C:\Windows\System\uBXfYzX.exe
  2⤵
  PID:4988
- C:\Windows\System\yoMtAAs.exe
  C:\Windows\System\yoMtAAs.exe
  2⤵
  PID:5008
- C:\Windows\System\VAXGTjX.exe
  C:\Windows\System\VAXGTjX.exe
  2⤵
  PID:5016
- C:\Windows\System\QiEcurM.exe
  C:\Windows\System\QiEcurM.exe
  2⤵
  PID:5052
- C:\Windows\System\NbplYKN.exe
  C:\Windows\System\NbplYKN.exe
  2⤵
  PID:3608
- C:\Windows\System\nrInsDS.exe
  C:\Windows\System\nrInsDS.exe
  2⤵
  PID:5096
- C:\Windows\System\WizSJsG.exe
  C:\Windows\System\WizSJsG.exe
  2⤵
  PID:2684
- C:\Windows\System\atxjKAx.exe
  C:\Windows\System\atxjKAx.exe
  2⤵
  PID:1616
- C:\Windows\System\KJmoNFA.exe
  C:\Windows\System\KJmoNFA.exe
  2⤵
  PID:3920
- C:\Windows\System\fDuGdzs.exe
  C:\Windows\System\fDuGdzs.exe
  2⤵
  PID:4016
- C:\Windows\System\afpIXoU.exe
  C:\Windows\System\afpIXoU.exe
  2⤵
  PID:3120
- C:\Windows\System\OmAvnDw.exe
  C:\Windows\System\OmAvnDw.exe
  2⤵
  PID:2868
- C:\Windows\System\jLCurxB.exe
  C:\Windows\System\jLCurxB.exe
  2⤵
  PID:4140
- C:\Windows\System\pleDtNw.exe
  C:\Windows\System\pleDtNw.exe
  2⤵
  PID:1956
- C:\Windows\System\fuEnNpu.exe
  C:\Windows\System\fuEnNpu.exe
  2⤵
  PID:4284
- C:\Windows\System\almhBAI.exe
  C:\Windows\System\almhBAI.exe
  2⤵
  PID:4236
- C:\Windows\System\nlFBaSv.exe
  C:\Windows\System\nlFBaSv.exe
  2⤵
  PID:4360
- C:\Windows\System\aITCEbw.exe
  C:\Windows\System\aITCEbw.exe
  2⤵
  PID:4376
- C:\Windows\System\wHvyRff.exe
  C:\Windows\System\wHvyRff.exe
  2⤵
  PID:4512
- C:\Windows\System\nQGZmse.exe
  C:\Windows\System\nQGZmse.exe
  2⤵
  PID:4496
- C:\Windows\System\crDhaYY.exe
  C:\Windows\System\crDhaYY.exe
  2⤵
  PID:4324
- C:\Windows\System\mmQlBtk.exe
  C:\Windows\System\mmQlBtk.exe
  2⤵
  PID:2904
- C:\Windows\System\vlOGAwR.exe
  C:\Windows\System\vlOGAwR.exe
  2⤵
  PID:4400
- C:\Windows\System\kluaAzj.exe
  C:\Windows\System\kluaAzj.exe
  2⤵
  PID:4516
- C:\Windows\System\BCPkhGc.exe
  C:\Windows\System\BCPkhGc.exe
  2⤵
  PID:4952
- C:\Windows\System\wOgFzfk.exe
  C:\Windows\System\wOgFzfk.exe
  2⤵
  PID:5028
- C:\Windows\System\YvLpvVh.exe
  C:\Windows\System\YvLpvVh.exe
  2⤵
  PID:3420
- C:\Windows\System\EZuifkZ.exe
  C:\Windows\System\EZuifkZ.exe
  2⤵
  PID:5076
- C:\Windows\System\KdDKxLC.exe
  C:\Windows\System\KdDKxLC.exe
  2⤵
  PID:3740
- C:\Windows\System\PYgYcuc.exe
  C:\Windows\System\PYgYcuc.exe
  2⤵
  PID:4196
- C:\Windows\System\BHwsUQB.exe
  C:\Windows\System\BHwsUQB.exe
  2⤵
  PID:4564
- C:\Windows\System\LVmVuIA.exe
  C:\Windows\System\LVmVuIA.exe
  2⤵
  PID:4720
- C:\Windows\System\GEhDIAs.exe
  C:\Windows\System\GEhDIAs.exe
  2⤵
  PID:4704
- C:\Windows\System\ZMuhwcY.exe
  C:\Windows\System\ZMuhwcY.exe
  2⤵
  PID:3848
- C:\Windows\System\RBSFAVa.exe
  C:\Windows\System\RBSFAVa.exe
  2⤵
  PID:4120
- C:\Windows\System\kohWsgg.exe
  C:\Windows\System\kohWsgg.exe
  2⤵
  PID:4736
- C:\Windows\System\oEIhCfb.exe
  C:\Windows\System\oEIhCfb.exe
  2⤵
  PID:4780
- C:\Windows\System\nfJYdbe.exe
  C:\Windows\System\nfJYdbe.exe
  2⤵
  PID:4280
- C:\Windows\System\XMuKCBO.exe
  C:\Windows\System\XMuKCBO.exe
  2⤵
  PID:4320
- C:\Windows\System\JmLWaql.exe
  C:\Windows\System\JmLWaql.exe
  2⤵
  PID:1916
- C:\Windows\System\NkGsOMg.exe
  C:\Windows\System\NkGsOMg.exe
  2⤵
  PID:4816
- C:\Windows\System\MSnlfXd.exe
  C:\Windows\System\MSnlfXd.exe
  2⤵
  PID:5132
- C:\Windows\System\tCjbBMo.exe
  C:\Windows\System\tCjbBMo.exe
  2⤵
  PID:5148
- C:\Windows\System\DDPNqZe.exe
  C:\Windows\System\DDPNqZe.exe
  2⤵
  PID:5164
- C:\Windows\System\ikYJCgY.exe
  C:\Windows\System\ikYJCgY.exe
  2⤵
  PID:5180
- C:\Windows\System\NoEqCkF.exe
  C:\Windows\System\NoEqCkF.exe
  2⤵
  PID:5196
- C:\Windows\System\kTkhxvT.exe
  C:\Windows\System\kTkhxvT.exe
  2⤵
  PID:5212
- C:\Windows\System\thZlrer.exe
  C:\Windows\System\thZlrer.exe
  2⤵
  PID:5228
- C:\Windows\System\jLdYYaL.exe
  C:\Windows\System\jLdYYaL.exe
  2⤵
  PID:5244
- C:\Windows\System\rgRUxAn.exe
  C:\Windows\System\rgRUxAn.exe
  2⤵
  PID:5264
- C:\Windows\System\zeuQTHi.exe
  C:\Windows\System\zeuQTHi.exe
  2⤵
  PID:5364
- C:\Windows\System\RqTrYOe.exe
  C:\Windows\System\RqTrYOe.exe
  2⤵
  PID:5384
- C:\Windows\System\bzufiCS.exe
  C:\Windows\System\bzufiCS.exe
  2⤵
  PID:5400
- C:\Windows\System\XQZRVSk.exe
  C:\Windows\System\XQZRVSk.exe
  2⤵
  PID:5416
- C:\Windows\System\ObLNiKu.exe
  C:\Windows\System\ObLNiKu.exe
  2⤵
  PID:5432
- C:\Windows\System\NCwzFen.exe
  C:\Windows\System\NCwzFen.exe
  2⤵
  PID:5448
- C:\Windows\System\cPiRBwX.exe
  C:\Windows\System\cPiRBwX.exe
  2⤵
  PID:5468
- C:\Windows\System\cPpQXnR.exe
  C:\Windows\System\cPpQXnR.exe
  2⤵
  PID:5484
- C:\Windows\System\SpsYqdh.exe
  C:\Windows\System\SpsYqdh.exe
  2⤵
  PID:5500
- C:\Windows\System\FcBGxKr.exe
  C:\Windows\System\FcBGxKr.exe
  2⤵
  PID:5516
- C:\Windows\System\HOQTMSg.exe
  C:\Windows\System\HOQTMSg.exe
  2⤵
  PID:5532
- C:\Windows\System\JjfPmJL.exe
  C:\Windows\System\JjfPmJL.exe
  2⤵
  PID:5548
- C:\Windows\System\DXAMbTx.exe
  C:\Windows\System\DXAMbTx.exe
  2⤵
  PID:5564
- C:\Windows\System\zBhbWOE.exe
  C:\Windows\System\zBhbWOE.exe
  2⤵
  PID:5580
- C:\Windows\System\YRxuNNo.exe
  C:\Windows\System\YRxuNNo.exe
  2⤵
  PID:5596
- C:\Windows\System\CVIKeUQ.exe
  C:\Windows\System\CVIKeUQ.exe
  2⤵
  PID:5612
- C:\Windows\System\nowlwap.exe
  C:\Windows\System\nowlwap.exe
  2⤵
  PID:5628
- C:\Windows\System\WRIjaSz.exe
  C:\Windows\System\WRIjaSz.exe
  2⤵
  PID:5644
- C:\Windows\System\UepadXj.exe
  C:\Windows\System\UepadXj.exe
  2⤵
  PID:5664
- C:\Windows\System\FNCHhIC.exe
  C:\Windows\System\FNCHhIC.exe
  2⤵
  PID:5680
- C:\Windows\System\oRwxdnY.exe
  C:\Windows\System\oRwxdnY.exe
  2⤵
  PID:5696
- C:\Windows\System\UPIAyGc.exe
  C:\Windows\System\UPIAyGc.exe
  2⤵
  PID:5712
- C:\Windows\System\mXSbLeM.exe
  C:\Windows\System\mXSbLeM.exe
  2⤵
  PID:5728
- C:\Windows\System\zrQKeEz.exe
  C:\Windows\System\zrQKeEz.exe
  2⤵
  PID:5744
- C:\Windows\System\xeKKgzD.exe
  C:\Windows\System\xeKKgzD.exe
  2⤵
  PID:5764
- C:\Windows\System\DLQdplL.exe
  C:\Windows\System\DLQdplL.exe
  2⤵
  PID:5780
- C:\Windows\System\HuhWvar.exe
  C:\Windows\System\HuhWvar.exe
  2⤵
  PID:5796
- C:\Windows\System\koOeVFm.exe
  C:\Windows\System\koOeVFm.exe
  2⤵
  PID:5812
- C:\Windows\System\tBusuBA.exe
  C:\Windows\System\tBusuBA.exe
  2⤵
  PID:5828
- C:\Windows\System\cLQMEwu.exe
  C:\Windows\System\cLQMEwu.exe
  2⤵
  PID:5844
- C:\Windows\System\XxLUuCV.exe
  C:\Windows\System\XxLUuCV.exe
  2⤵
  PID:5912
- C:\Windows\System\UznhmcE.exe
  C:\Windows\System\UznhmcE.exe
  2⤵
  PID:5928
- C:\Windows\System\GYaGDZP.exe
  C:\Windows\System\GYaGDZP.exe
  2⤵
  PID:5944
- C:\Windows\System\pJUSjMv.exe
  C:\Windows\System\pJUSjMv.exe
  2⤵
  PID:5960
- C:\Windows\System\RWNdGdS.exe
  C:\Windows\System\RWNdGdS.exe
  2⤵
  PID:5976
- C:\Windows\System\fsmGRux.exe
  C:\Windows\System\fsmGRux.exe
  2⤵
  PID:5996
- C:\Windows\System\IxQZbaM.exe
  C:\Windows\System\IxQZbaM.exe
  2⤵
  PID:6012
- C:\Windows\System\RJGiEqf.exe
  C:\Windows\System\RJGiEqf.exe
  2⤵
  PID:6056
- C:\Windows\System\kxsQOTR.exe
  C:\Windows\System\kxsQOTR.exe
  2⤵
  PID:6088
- C:\Windows\System\AZkAtKV.exe
  C:\Windows\System\AZkAtKV.exe
  2⤵
  PID:6112
- C:\Windows\System\HeCDkKW.exe
  C:\Windows\System\HeCDkKW.exe
  2⤵
  PID:6136
- C:\Windows\System\QjjOdqt.exe
  C:\Windows\System\QjjOdqt.exe
  2⤵
  PID:1688
- C:\Windows\System\BjigoQp.exe
  C:\Windows\System\BjigoQp.exe
  2⤵
  PID:5012
- C:\Windows\System\VUhJMNU.exe
  C:\Windows\System\VUhJMNU.exe
  2⤵
  PID:4104
- C:\Windows\System\CmiwhTo.exe
  C:\Windows\System\CmiwhTo.exe
  2⤵
  PID:5124
- C:\Windows\System\XpjhLEe.exe
  C:\Windows\System\XpjhLEe.exe
  2⤵
  PID:5188
- C:\Windows\System\LWcRdBQ.exe
  C:\Windows\System\LWcRdBQ.exe
  2⤵
  PID:5256
- C:\Windows\System\hgZBMRr.exe
  C:\Windows\System\hgZBMRr.exe
  2⤵
  PID:4584
- C:\Windows\System\zNhbmXE.exe
  C:\Windows\System\zNhbmXE.exe
  2⤵
  PID:4932
- C:\Windows\System\BJPQpTJ.exe
  C:\Windows\System\BJPQpTJ.exe
  2⤵
  PID:4792
- C:\Windows\System\iYItGzC.exe
  C:\Windows\System\iYItGzC.exe
  2⤵
  PID:4364
- C:\Windows\System\gnuOqgl.exe
  C:\Windows\System\gnuOqgl.exe
  2⤵
  PID:3896
- C:\Windows\System\yoPhUtY.exe
  C:\Windows\System\yoPhUtY.exe
  2⤵
  PID:4776
- C:\Windows\System\PDuzLEM.exe
  C:\Windows\System\PDuzLEM.exe
  2⤵
  PID:4608
- C:\Windows\System\dmOXSeN.exe
  C:\Windows\System\dmOXSeN.exe
  2⤵
  PID:5176
- C:\Windows\System\KHWjQKK.exe
  C:\Windows\System\KHWjQKK.exe
  2⤵
  PID:5240
- C:\Windows\System\ejYiNhE.exe
  C:\Windows\System\ejYiNhE.exe
  2⤵
  PID:5288
- C:\Windows\System\FMnoKtT.exe
  C:\Windows\System\FMnoKtT.exe
  2⤵
  PID:5316
- C:\Windows\System\SjSQfoa.exe
  C:\Windows\System\SjSQfoa.exe
  2⤵
  PID:5332
- C:\Windows\System\RPUqsRM.exe
  C:\Windows\System\RPUqsRM.exe
  2⤵
  PID:5360
- C:\Windows\System\hsgkTSo.exe
  C:\Windows\System\hsgkTSo.exe
  2⤵
  PID:5348
- C:\Windows\System\pcjdksi.exe
  C:\Windows\System\pcjdksi.exe
  2⤵
  PID:5464
- C:\Windows\System\qZVeEJA.exe
  C:\Windows\System\qZVeEJA.exe
  2⤵
  PID:5656
- C:\Windows\System\uyrTYOc.exe
  C:\Windows\System\uyrTYOc.exe
  2⤵
  PID:5720
- C:\Windows\System\ymroDdL.exe
  C:\Windows\System\ymroDdL.exe
  2⤵
  PID:5788
- C:\Windows\System\ytaXRlO.exe
  C:\Windows\System\ytaXRlO.exe
  2⤵
  PID:5496
- C:\Windows\System\zMuhlGa.exe
  C:\Windows\System\zMuhlGa.exe
  2⤵
  PID:5852
- C:\Windows\System\aJlwdRL.exe
  C:\Windows\System\aJlwdRL.exe
  2⤵
  PID:5876
- C:\Windows\System\dHkWLdW.exe
  C:\Windows\System\dHkWLdW.exe
  2⤵
  PID:5900
- C:\Windows\System\miTPTyP.exe
  C:\Windows\System\miTPTyP.exe
  2⤵
  PID:5868
- C:\Windows\System\RCoGgeR.exe
  C:\Windows\System\RCoGgeR.exe
  2⤵
  PID:5856
- C:\Windows\System\SoVmkoA.exe
  C:\Windows\System\SoVmkoA.exe
  2⤵
  PID:6004
- C:\Windows\System\nBbQiIQ.exe
  C:\Windows\System\nBbQiIQ.exe
  2⤵
  PID:5412
- C:\Windows\System\jaGudVw.exe
  C:\Windows\System\jaGudVw.exe
  2⤵
  PID:5480
- C:\Windows\System\PDudFEz.exe
  C:\Windows\System\PDudFEz.exe
  2⤵
  PID:5544
- C:\Windows\System\hjskUOP.exe
  C:\Windows\System\hjskUOP.exe
  2⤵
  PID:5636
- C:\Windows\System\OQTEAYv.exe
  C:\Windows\System\OQTEAYv.exe
  2⤵
  PID:5708
- C:\Windows\System\FKjIGIv.exe
  C:\Windows\System\FKjIGIv.exe
  2⤵
  PID:5776
- C:\Windows\System\MaTXTlb.exe
  C:\Windows\System\MaTXTlb.exe
  2⤵
  PID:6064
- C:\Windows\System\eYhSXVn.exe
  C:\Windows\System\eYhSXVn.exe
  2⤵
  PID:2676
- C:\Windows\System\pfGALlu.exe
  C:\Windows\System\pfGALlu.exe
  2⤵
  PID:5004
- C:\Windows\System\esATyof.exe
  C:\Windows\System\esATyof.exe
  2⤵
  PID:4200
- C:\Windows\System\geePVBp.exe
  C:\Windows\System\geePVBp.exe
  2⤵
  PID:4168
- C:\Windows\System\VUUdyIb.exe
  C:\Windows\System\VUUdyIb.exe
  2⤵
  PID:5312
- C:\Windows\System\tIIsgEv.exe
  C:\Windows\System\tIIsgEv.exe
  2⤵
  PID:5588
- C:\Windows\System\izxBxwa.exe
  C:\Windows\System\izxBxwa.exe
  2⤵
  PID:5824
- C:\Windows\System\ghKcYZO.exe
  C:\Windows\System\ghKcYZO.exe
  2⤵
  PID:5988
- C:\Windows\System\EVseZtZ.exe
  C:\Windows\System\EVseZtZ.exe
  2⤵
  PID:6028
- C:\Windows\System\FIFbfGd.exe
  C:\Windows\System\FIFbfGd.exe
  2⤵
  PID:6044
- C:\Windows\System\vvUBYhk.exe
  C:\Windows\System\vvUBYhk.exe
  2⤵
  PID:6100
- C:\Windows\System\cQCJqWA.exe
  C:\Windows\System\cQCJqWA.exe
  2⤵
  PID:4056
- C:\Windows\System\xveeODq.exe
  C:\Windows\System\xveeODq.exe
  2⤵
  PID:5160
- C:\Windows\System\xMfNcfs.exe
  C:\Windows\System\xMfNcfs.exe
  2⤵
  PID:4896
- C:\Windows\System\KQHxNwg.exe
  C:\Windows\System\KQHxNwg.exe
  2⤵
  PID:4864
- C:\Windows\System\yigNXQY.exe
  C:\Windows\System\yigNXQY.exe
  2⤵
  PID:5236
- C:\Windows\System\UpREruJ.exe
  C:\Windows\System\UpREruJ.exe
  2⤵
  PID:5344
- C:\Windows\System\FUqeorM.exe
  C:\Windows\System\FUqeorM.exe
  2⤵
  PID:4844
- C:\Windows\System\GiiBYSC.exe
  C:\Windows\System\GiiBYSC.exe
  2⤵
  PID:5792
- C:\Windows\System\TEGbYjL.exe
  C:\Windows\System\TEGbYjL.exe
  2⤵
  PID:5860
- C:\Windows\System\mzMDpIS.exe
  C:\Windows\System\mzMDpIS.exe
  2⤵
  PID:5972
- C:\Windows\System\opBSPjc.exe
  C:\Windows\System\opBSPjc.exe
  2⤵
  PID:5512
- C:\Windows\System\OcDqfFu.exe
  C:\Windows\System\OcDqfFu.exe
  2⤵
  PID:5760
- C:\Windows\System\mYxyQds.exe
  C:\Windows\System\mYxyQds.exe
  2⤵
  PID:5840
- C:\Windows\System\tzdIBdZ.exe
  C:\Windows\System\tzdIBdZ.exe
  2⤵
  PID:5252
- C:\Windows\System\fumvsSO.exe
  C:\Windows\System\fumvsSO.exe
  2⤵
  PID:5604
- C:\Windows\System\gkYDYeo.exe
  C:\Windows\System\gkYDYeo.exe
  2⤵
  PID:6072
- C:\Windows\System\JQPWrJb.exe
  C:\Windows\System\JQPWrJb.exe
  2⤵
  PID:5408
- C:\Windows\System\OZBmZzE.exe
  C:\Windows\System\OZBmZzE.exe
  2⤵
  PID:4356
- C:\Windows\System\dFjWCLZ.exe
  C:\Windows\System\dFjWCLZ.exe
  2⤵
  PID:6020
- C:\Windows\System\MfOhnwn.exe
  C:\Windows\System\MfOhnwn.exe
  2⤵
  PID:6096
- C:\Windows\System\WtogTwl.exe
  C:\Windows\System\WtogTwl.exe
  2⤵
  PID:5032
- C:\Windows\System\VaZxqpj.exe
  C:\Windows\System\VaZxqpj.exe
  2⤵
  PID:5292
- C:\Windows\System\hrqNDmp.exe
  C:\Windows\System\hrqNDmp.exe
  2⤵
  PID:5888
- C:\Windows\System\ArEOmPw.exe
  C:\Windows\System\ArEOmPw.exe
  2⤵
  PID:5892
- C:\Windows\System\QFyLFeu.exe
  C:\Windows\System\QFyLFeu.exe
  2⤵
  PID:5956
- C:\Windows\System\oUFyUXZ.exe
  C:\Windows\System\oUFyUXZ.exe
  2⤵
  PID:6040
- C:\Windows\System\EDDlGDo.exe
  C:\Windows\System\EDDlGDo.exe
  2⤵
  PID:6108
- C:\Windows\System\COtrQuf.exe
  C:\Windows\System\COtrQuf.exe
  2⤵
  PID:4604
- C:\Windows\System\VgegKyf.exe
  C:\Windows\System\VgegKyf.exe
  2⤵
  PID:5304
- C:\Windows\System\pJHEGBq.exe
  C:\Windows\System\pJHEGBq.exe
  2⤵
  PID:5428
- C:\Windows\System\YtYhfGV.exe
  C:\Windows\System\YtYhfGV.exe
  2⤵
  PID:5940
- C:\Windows\System\GZTAfaE.exe
  C:\Windows\System\GZTAfaE.exe
  2⤵
  PID:5968
- C:\Windows\System\MYJzjAP.exe
  C:\Windows\System\MYJzjAP.exe
  2⤵
  PID:5756
- C:\Windows\System\UfvXnkI.exe
  C:\Windows\System\UfvXnkI.exe
  2⤵
  PID:5220
- C:\Windows\System\NFyItPz.exe
  C:\Windows\System\NFyItPz.exe
  2⤵
  PID:5740
- C:\Windows\System\CGjQZGq.exe
  C:\Windows\System\CGjQZGq.exe
  2⤵
  PID:5380
- C:\Windows\System\gvAJNbZ.exe
  C:\Windows\System\gvAJNbZ.exe
  2⤵
  PID:3404
- C:\Windows\System\uHwyeUc.exe
  C:\Windows\System\uHwyeUc.exe
  2⤵
  PID:6076
- C:\Windows\System\JBabRbj.exe
  C:\Windows\System\JBabRbj.exe
  2⤵
  PID:5328
- C:\Windows\System\ahCYMjc.exe
  C:\Windows\System\ahCYMjc.exe
  2⤵
  PID:5896
- C:\Windows\System\jfbhbZp.exe
  C:\Windows\System\jfbhbZp.exe
  2⤵
  PID:4948
- C:\Windows\System\xBgkabE.exe
  C:\Windows\System\xBgkabE.exe
  2⤵
  PID:5692
- C:\Windows\System\Wgxjmvz.exe
  C:\Windows\System\Wgxjmvz.exe
  2⤵
  PID:5276
- C:\Windows\System\MYjnTxK.exe
  C:\Windows\System\MYjnTxK.exe
  2⤵
  PID:4412
- C:\Windows\System\wNwEdpR.exe
  C:\Windows\System\wNwEdpR.exe
  2⤵
  PID:6152
- C:\Windows\System\dOoSMhe.exe
  C:\Windows\System\dOoSMhe.exe
  2⤵
  PID:6168
- C:\Windows\System\Ovwmqyy.exe
  C:\Windows\System\Ovwmqyy.exe
  2⤵
  PID:6184
- C:\Windows\System\bTCwaFX.exe
  C:\Windows\System\bTCwaFX.exe
  2⤵
  PID:6200
- C:\Windows\System\XzCqltN.exe
  C:\Windows\System\XzCqltN.exe
  2⤵
  PID:6216
- C:\Windows\System\ksozjgV.exe
  C:\Windows\System\ksozjgV.exe
  2⤵
  PID:6232
- C:\Windows\System\ZBOkWgK.exe
  C:\Windows\System\ZBOkWgK.exe
  2⤵
  PID:6248
- C:\Windows\System\wZfFqXK.exe
  C:\Windows\System\wZfFqXK.exe
  2⤵
  PID:6264
- C:\Windows\System\yGIYFXj.exe
  C:\Windows\System\yGIYFXj.exe
  2⤵
  PID:6280
- C:\Windows\System\nxEqHmK.exe
  C:\Windows\System\nxEqHmK.exe
  2⤵
  PID:6296
- C:\Windows\System\zwthBcQ.exe
  C:\Windows\System\zwthBcQ.exe
  2⤵
  PID:6312
- C:\Windows\System\RIXlnMh.exe
  C:\Windows\System\RIXlnMh.exe
  2⤵
  PID:6328
- C:\Windows\System\ZFdIPDW.exe
  C:\Windows\System\ZFdIPDW.exe
  2⤵
  PID:6344
- C:\Windows\System\QyKrcTm.exe
  C:\Windows\System\QyKrcTm.exe
  2⤵
  PID:6360
- C:\Windows\System\UQEVZPc.exe
  C:\Windows\System\UQEVZPc.exe
  2⤵
  PID:6376
- C:\Windows\System\ddLZDTR.exe
  C:\Windows\System\ddLZDTR.exe
  2⤵
  PID:6392
- C:\Windows\System\RrCZzWl.exe
  C:\Windows\System\RrCZzWl.exe
  2⤵
  PID:6408
- C:\Windows\System\BhqgfGQ.exe
  C:\Windows\System\BhqgfGQ.exe
  2⤵
  PID:6436
- C:\Windows\System\FbVTxtz.exe
  C:\Windows\System\FbVTxtz.exe
  2⤵
  PID:6456
- C:\Windows\System\lYsmHHr.exe
  C:\Windows\System\lYsmHHr.exe
  2⤵
  PID:6480
- C:\Windows\System\RwQCHHZ.exe
  C:\Windows\System\RwQCHHZ.exe
  2⤵
  PID:6536
- C:\Windows\System\NKtAHnL.exe
  C:\Windows\System\NKtAHnL.exe
  2⤵
  PID:6552
- C:\Windows\System\QbTwzbu.exe
  C:\Windows\System\QbTwzbu.exe
  2⤵
  PID:6572
- C:\Windows\System\VPQSlMR.exe
  C:\Windows\System\VPQSlMR.exe
  2⤵
  PID:6888
- C:\Windows\System\bGdSIFV.exe
  C:\Windows\System\bGdSIFV.exe
  2⤵
  PID:6920
- C:\Windows\System\MQYueMV.exe
  C:\Windows\System\MQYueMV.exe
  2⤵
  PID:6936
- C:\Windows\System\ltwQzVc.exe
  C:\Windows\System\ltwQzVc.exe
  2⤵
  PID:6952
- C:\Windows\System\isPIjTT.exe
  C:\Windows\System\isPIjTT.exe
  2⤵
  PID:6972
- C:\Windows\System\KoEFxpw.exe
  C:\Windows\System\KoEFxpw.exe
  2⤵
  PID:6988
- C:\Windows\System\jlGKeVC.exe
  C:\Windows\System\jlGKeVC.exe
  2⤵
  PID:7004
- C:\Windows\System\zmmMzmS.exe
  C:\Windows\System\zmmMzmS.exe
  2⤵
  PID:7020
- C:\Windows\System\ptadNJm.exe
  C:\Windows\System\ptadNJm.exe
  2⤵
  PID:7036
- C:\Windows\System\GMiMLyV.exe
  C:\Windows\System\GMiMLyV.exe
  2⤵
  PID:7052
- C:\Windows\System\OytOUEa.exe
  C:\Windows\System\OytOUEa.exe
  2⤵
  PID:7068
- C:\Windows\System\DJzfLvm.exe
  C:\Windows\System\DJzfLvm.exe
  2⤵
  PID:7084
- C:\Windows\System\WOBlvDI.exe
  C:\Windows\System\WOBlvDI.exe
  2⤵
  PID:7104
- C:\Windows\System\iuuCYLR.exe
  C:\Windows\System\iuuCYLR.exe
  2⤵
  PID:7120
- C:\Windows\System\GxGBCvT.exe
  C:\Windows\System\GxGBCvT.exe
  2⤵
  PID:7136
- C:\Windows\System\iMHNcOX.exe
  C:\Windows\System\iMHNcOX.exe
  2⤵
  PID:1764
- C:\Windows\System\RgCveEs.exe
  C:\Windows\System\RgCveEs.exe
  2⤵
  PID:5676
- C:\Windows\System\UPbIBJw.exe
  C:\Windows\System\UPbIBJw.exe
  2⤵
  PID:6148
- C:\Windows\System\jKaUHWy.exe
  C:\Windows\System\jKaUHWy.exe
  2⤵
  PID:6180
- C:\Windows\System\obMjaua.exe
  C:\Windows\System\obMjaua.exe
  2⤵
  PID:6212
- C:\Windows\System\WwSWXqN.exe
  C:\Windows\System\WwSWXqN.exe
  2⤵
  PID:6244
- C:\Windows\System\ndOZiKx.exe
  C:\Windows\System\ndOZiKx.exe
  2⤵
  PID:6292
- C:\Windows\System\yklsykv.exe
  C:\Windows\System\yklsykv.exe
  2⤵
  PID:6324
- C:\Windows\System\YPLzNAy.exe
  C:\Windows\System\YPLzNAy.exe
  2⤵
  PID:6352
- C:\Windows\System\pcLbfZd.exe
  C:\Windows\System\pcLbfZd.exe
  2⤵
  PID:6384
- C:\Windows\System\TiqaXgD.exe
  C:\Windows\System\TiqaXgD.exe
  2⤵
  PID:6416
- C:\Windows\System\omigUsK.exe
  C:\Windows\System\omigUsK.exe
  2⤵
  PID:920
- C:\Windows\System\XiIWgiQ.exe
  C:\Windows\System\XiIWgiQ.exe
  2⤵
  PID:2636
- C:\Windows\System\ZxWqEZU.exe
  C:\Windows\System\ZxWqEZU.exe
  2⤵
  PID:6468
- C:\Windows\System\dPOkiBE.exe
  C:\Windows\System\dPOkiBE.exe
  2⤵
  PID:600
- C:\Windows\System\ZObdCly.exe
  C:\Windows\System\ZObdCly.exe
  2⤵
  PID:6580
- C:\Windows\System\PupRZXv.exe
  C:\Windows\System\PupRZXv.exe
  2⤵
  PID:6444
- C:\Windows\System\fyduscZ.exe
  C:\Windows\System\fyduscZ.exe
  2⤵
  PID:6604
- C:\Windows\System\lGLlPjB.exe
  C:\Windows\System\lGLlPjB.exe
  2⤵
  PID:6492
- C:\Windows\System\OJZTDyg.exe
  C:\Windows\System\OJZTDyg.exe
  2⤵
  PID:6512
- C:\Windows\System\ZlzVqlP.exe
  C:\Windows\System\ZlzVqlP.exe
  2⤵
  PID:6528
- C:\Windows\System\FoNyiqH.exe
  C:\Windows\System\FoNyiqH.exe
  2⤵
  PID:6624
- C:\Windows\System\owWcfFQ.exe
  C:\Windows\System\owWcfFQ.exe
  2⤵
  PID:6640
- C:\Windows\System\WOsevOe.exe
  C:\Windows\System\WOsevOe.exe
  2⤵
  PID:6664
- C:\Windows\System\aMCagPq.exe
  C:\Windows\System\aMCagPq.exe
  2⤵
  PID:6684
- C:\Windows\System\bPBVVIh.exe
  C:\Windows\System\bPBVVIh.exe
  2⤵
  PID:6700
- C:\Windows\System\RwFXKPb.exe
  C:\Windows\System\RwFXKPb.exe
  2⤵
  PID:6720
- C:\Windows\System\JHwKyCA.exe
  C:\Windows\System\JHwKyCA.exe
  2⤵
  PID:6736
- C:\Windows\System\IbugEhb.exe
  C:\Windows\System\IbugEhb.exe
  2⤵
  PID:6748
- C:\Windows\System\fFPjDQA.exe
  C:\Windows\System\fFPjDQA.exe
  2⤵
  PID:6764
- C:\Windows\System\sFLKTbT.exe
  C:\Windows\System\sFLKTbT.exe
  2⤵
  PID:6780
- C:\Windows\System\ZchaTBU.exe
  C:\Windows\System\ZchaTBU.exe
  2⤵
  PID:6796
- C:\Windows\System\absZguD.exe
  C:\Windows\System\absZguD.exe
  2⤵
  PID:6832
- C:\Windows\System\HzwFbVZ.exe
  C:\Windows\System\HzwFbVZ.exe
  2⤵
  PID:6864
- C:\Windows\System\MfkTMgx.exe
  C:\Windows\System\MfkTMgx.exe
  2⤵
  PID:6880
- C:\Windows\System\UgYwBvx.exe
  C:\Windows\System\UgYwBvx.exe
  2⤵
  PID:6908
- C:\Windows\System\qrPCNro.exe
  C:\Windows\System\qrPCNro.exe
  2⤵
  PID:6968
- C:\Windows\System\yfenFiR.exe
  C:\Windows\System\yfenFiR.exe
  2⤵
  PID:1508
- C:\Windows\System\mRlbIVX.exe
  C:\Windows\System\mRlbIVX.exe
  2⤵
  PID:6980
- C:\Windows\System\utPfOXD.exe
  C:\Windows\System\utPfOXD.exe
  2⤵
  PID:7016
- C:\Windows\System\NgnDONi.exe
  C:\Windows\System\NgnDONi.exe
  2⤵
  PID:7112
- C:\Windows\System\ZWTUXZn.exe
  C:\Windows\System\ZWTUXZn.exe
  2⤵
  PID:7144
- C:\Windows\System\YKBnOpG.exe
  C:\Windows\System\YKBnOpG.exe
  2⤵
  PID:6128
- C:\Windows\System\jjxiMLu.exe
  C:\Windows\System\jjxiMLu.exe
  2⤵
  PID:6132
- C:\Windows\System\GNrrKDZ.exe
  C:\Windows\System\GNrrKDZ.exe
  2⤵
  PID:6208
- C:\Windows\System\KVbgWoP.exe
  C:\Windows\System\KVbgWoP.exe
  2⤵
  PID:584
- C:\Windows\System\MDcDLfi.exe
  C:\Windows\System\MDcDLfi.exe
  2⤵
  PID:6240
- C:\Windows\System\UyEmxlt.exe
  C:\Windows\System\UyEmxlt.exe
  2⤵
  PID:6372
- C:\Windows\System\qHoQmKp.exe
  C:\Windows\System\qHoQmKp.exe
  2⤵
  PID:6464
- C:\Windows\System\ogvNHEh.exe
  C:\Windows\System\ogvNHEh.exe
  2⤵
  PID:6500
- C:\Windows\System\znaJKgD.exe
  C:\Windows\System\znaJKgD.exe
  2⤵
  PID:6568
- C:\Windows\System\oyZsUOw.exe
  C:\Windows\System\oyZsUOw.exe
  2⤵
  PID:2612
- C:\Windows\System\pdQtlzg.exe
  C:\Windows\System\pdQtlzg.exe
  2⤵
  PID:6676
- C:\Windows\System\gRMRaZR.exe
  C:\Windows\System\gRMRaZR.exe
  2⤵
  PID:6716
- C:\Windows\System\OTQmRDh.exe
  C:\Windows\System\OTQmRDh.exe
  2⤵
  PID:1104
- C:\Windows\System\IozWYcD.exe
  C:\Windows\System\IozWYcD.exe
  2⤵
  PID:320
- C:\Windows\System\YnezdLC.exe
  C:\Windows\System\YnezdLC.exe
  2⤵
  PID:6524
- C:\Windows\System\zEHfVoV.exe
  C:\Windows\System\zEHfVoV.exe
  2⤵
  PID:6808
- C:\Windows\System\BHeYOsb.exe
  C:\Windows\System\BHeYOsb.exe
  2⤵
  PID:6820
- C:\Windows\System\QclrlnC.exe
  C:\Windows\System\QclrlnC.exe
  2⤵
  PID:6884
- C:\Windows\System\hvGvggF.exe
  C:\Windows\System\hvGvggF.exe
  2⤵
  PID:6636
- C:\Windows\System\OARgXnt.exe
  C:\Windows\System\OARgXnt.exe
  2⤵
  PID:6792
- C:\Windows\System\jnyanJi.exe
  C:\Windows\System\jnyanJi.exe
  2⤵
  PID:6928
- C:\Windows\System\gelJgAX.exe
  C:\Windows\System\gelJgAX.exe
  2⤵
  PID:7092
- C:\Windows\System\rEjFqza.exe
  C:\Windows\System\rEjFqza.exe
  2⤵
  PID:7132
- C:\Windows\System\KWAoDYh.exe
  C:\Windows\System\KWAoDYh.exe
  2⤵
  PID:484
- C:\Windows\System\VmxlQoB.exe
  C:\Windows\System\VmxlQoB.exe
  2⤵
  PID:5340
- C:\Windows\System\EQNeaXo.exe
  C:\Windows\System\EQNeaXo.exe
  2⤵
  PID:5540
- C:\Windows\System\bNUTvhP.exe
  C:\Windows\System\bNUTvhP.exe
  2⤵
  PID:6560
- C:\Windows\System\bSekRTM.exe
  C:\Windows\System\bSekRTM.exe
  2⤵
  PID:6272
- C:\Windows\System\rvbavuY.exe
  C:\Windows\System\rvbavuY.exe
  2⤵
  PID:6448
- C:\Windows\System\vZcSdvH.exe
  C:\Windows\System\vZcSdvH.exe
  2⤵
  PID:2280
- C:\Windows\System\HjuFMGZ.exe
  C:\Windows\System\HjuFMGZ.exe
  2⤵
  PID:6712
- C:\Windows\System\JLaZAfT.exe
  C:\Windows\System\JLaZAfT.exe
  2⤵
  PID:6828
- C:\Windows\System\UNRtkFx.exe
  C:\Windows\System\UNRtkFx.exe
  2⤵
  PID:6488
- C:\Windows\System\ESSbMTC.exe
  C:\Windows\System\ESSbMTC.exe
  2⤵
  PID:1584
- C:\Windows\System\uonncQU.exe
  C:\Windows\System\uonncQU.exe
  2⤵
  PID:6912
- C:\Windows\System\oWRcujt.exe
  C:\Windows\System\oWRcujt.exe
  2⤵
  PID:7080
- C:\Windows\System\oUFwXSU.exe
  C:\Windows\System\oUFwXSU.exe
  2⤵
  PID:7060
- C:\Windows\System\hSJgyAd.exe
  C:\Windows\System\hSJgyAd.exe
  2⤵
  PID:6848
- C:\Windows\System\wUXPMcZ.exe
  C:\Windows\System\wUXPMcZ.exe
  2⤵
  PID:6904
- C:\Windows\System\lElrKOT.exe
  C:\Windows\System\lElrKOT.exe
  2⤵
  PID:6080
- C:\Windows\System\kpFrJUy.exe
  C:\Windows\System\kpFrJUy.exe
  2⤵
  PID:7064
- C:\Windows\System\vSNMuUj.exe
  C:\Windows\System\vSNMuUj.exe
  2⤵
  PID:2196
- C:\Windows\System\egiaNHn.exe
  C:\Windows\System\egiaNHn.exe
  2⤵
  PID:6656
- C:\Windows\System\uMcqaoc.exe
  C:\Windows\System\uMcqaoc.exe
  2⤵
  PID:6728
- C:\Windows\System\iEDTqBP.exe
  C:\Windows\System\iEDTqBP.exe
  2⤵
  PID:6816
- C:\Windows\System\VTjoNEe.exe
  C:\Windows\System\VTjoNEe.exe
  2⤵
  PID:6608
- C:\Windows\System\JluhAty.exe
  C:\Windows\System\JluhAty.exe
  2⤵
  PID:6944
- C:\Windows\System\WBIeTEc.exe
  C:\Windows\System\WBIeTEc.exe
  2⤵
  PID:6900
- C:\Windows\System\KUVvTjC.exe
  C:\Windows\System\KUVvTjC.exe
  2⤵
  PID:4976
- C:\Windows\System\BpRRKHO.exe
  C:\Windows\System\BpRRKHO.exe
  2⤵
  PID:6600
- C:\Windows\System\YlKgQot.exe
  C:\Windows\System\YlKgQot.exe
  2⤵
  PID:6632
- C:\Windows\System\ErrmdRL.exe
  C:\Windows\System\ErrmdRL.exe
  2⤵
  PID:6740
- C:\Windows\System\mputoVE.exe
  C:\Windows\System\mputoVE.exe
  2⤵
  PID:7184
- C:\Windows\System\cpIKXgJ.exe
  C:\Windows\System\cpIKXgJ.exe
  2⤵
  PID:7200
- C:\Windows\System\pYOsPWN.exe
  C:\Windows\System\pYOsPWN.exe
  2⤵
  PID:7216
- C:\Windows\System\zGHAEnn.exe
  C:\Windows\System\zGHAEnn.exe
  2⤵
  PID:7232
- C:\Windows\System\IUFnTOx.exe
  C:\Windows\System\IUFnTOx.exe
  2⤵
  PID:7248
- C:\Windows\System\vduaSMT.exe
  C:\Windows\System\vduaSMT.exe
  2⤵
  PID:7264
- C:\Windows\System\OlJacfl.exe
  C:\Windows\System\OlJacfl.exe
  2⤵
  PID:7280
- C:\Windows\System\qHVHEuO.exe
  C:\Windows\System\qHVHEuO.exe
  2⤵
  PID:7296
- C:\Windows\System\AkTZvnf.exe
  C:\Windows\System\AkTZvnf.exe
  2⤵
  PID:7312
- C:\Windows\System\eoUgtRW.exe
  C:\Windows\System\eoUgtRW.exe
  2⤵
  PID:7328
- C:\Windows\System\JrOunIu.exe
  C:\Windows\System\JrOunIu.exe
  2⤵
  PID:7344
- C:\Windows\System\dsNSGMA.exe
  C:\Windows\System\dsNSGMA.exe
  2⤵
  PID:7360
- C:\Windows\System\OYsvSvk.exe
  C:\Windows\System\OYsvSvk.exe
  2⤵
  PID:7376
- C:\Windows\System\lXeyTkP.exe
  C:\Windows\System\lXeyTkP.exe
  2⤵
  PID:7396
- C:\Windows\System\XsyBVDG.exe
  C:\Windows\System\XsyBVDG.exe
  2⤵
  PID:7412
- C:\Windows\System\KmazjyB.exe
  C:\Windows\System\KmazjyB.exe
  2⤵
  PID:7428
- C:\Windows\System\mruHWwS.exe
  C:\Windows\System\mruHWwS.exe
  2⤵
  PID:7444
- C:\Windows\System\dCzSDCm.exe
  C:\Windows\System\dCzSDCm.exe
  2⤵
  PID:7460
- C:\Windows\System\WGPgWKe.exe
  C:\Windows\System\WGPgWKe.exe
  2⤵
  PID:7476
- C:\Windows\System\YPvwYVa.exe
  C:\Windows\System\YPvwYVa.exe
  2⤵
  PID:7492
- C:\Windows\System\JUORBBj.exe
  C:\Windows\System\JUORBBj.exe
  2⤵
  PID:7508
- C:\Windows\System\aGnMhYA.exe
  C:\Windows\System\aGnMhYA.exe
  2⤵
  PID:7524
- C:\Windows\System\CjlCKyn.exe
  C:\Windows\System\CjlCKyn.exe
  2⤵
  PID:7540
- C:\Windows\System\UTgvVmg.exe
  C:\Windows\System\UTgvVmg.exe
  2⤵
  PID:7556
- C:\Windows\System\mjuiPBN.exe
  C:\Windows\System\mjuiPBN.exe
  2⤵
  PID:7572
- C:\Windows\System\CbsPekS.exe
  C:\Windows\System\CbsPekS.exe
  2⤵
  PID:7588
- C:\Windows\System\YLWXiKb.exe
  C:\Windows\System\YLWXiKb.exe
  2⤵
  PID:7604
- C:\Windows\System\nhpULMz.exe
  C:\Windows\System\nhpULMz.exe
  2⤵
  PID:7620
- C:\Windows\System\LLWNuJH.exe
  C:\Windows\System\LLWNuJH.exe
  2⤵
  PID:7636
- C:\Windows\System\njokZeZ.exe
  C:\Windows\System\njokZeZ.exe
  2⤵
  PID:7652
- C:\Windows\System\SybxwFh.exe
  C:\Windows\System\SybxwFh.exe
  2⤵
  PID:7668
- C:\Windows\System\NOERXOc.exe
  C:\Windows\System\NOERXOc.exe
  2⤵
  PID:7684
- C:\Windows\System\lmUwBHD.exe
  C:\Windows\System\lmUwBHD.exe
  2⤵
  PID:7700
- C:\Windows\System\VKliLol.exe
  C:\Windows\System\VKliLol.exe
  2⤵
  PID:7716
- C:\Windows\System\yjrSaak.exe
  C:\Windows\System\yjrSaak.exe
  2⤵
  PID:7732
- C:\Windows\System\trIZSBB.exe
  C:\Windows\System\trIZSBB.exe
  2⤵
  PID:7752
- C:\Windows\System\ApnbYtn.exe
  C:\Windows\System\ApnbYtn.exe
  2⤵
  PID:7864
- C:\Windows\System\TUCzMMi.exe
  C:\Windows\System\TUCzMMi.exe
  2⤵
  PID:7884
- C:\Windows\System\DBaisUP.exe
  C:\Windows\System\DBaisUP.exe
  2⤵
  PID:7912
- C:\Windows\System\GXvqoCs.exe
  C:\Windows\System\GXvqoCs.exe
  2⤵
  PID:7976
- C:\Windows\System\PSuVFOO.exe
  C:\Windows\System\PSuVFOO.exe
  2⤵
  PID:7996
- C:\Windows\System\LmHlUtA.exe
  C:\Windows\System\LmHlUtA.exe
  2⤵
  PID:8012
- C:\Windows\System\IiFUQzp.exe
  C:\Windows\System\IiFUQzp.exe
  2⤵
  PID:8032
- C:\Windows\System\SRirBSU.exe
  C:\Windows\System\SRirBSU.exe
  2⤵
  PID:8048
- C:\Windows\System\bjslCHE.exe
  C:\Windows\System\bjslCHE.exe
  2⤵
  PID:8064
- C:\Windows\System\ZjrdjGq.exe
  C:\Windows\System\ZjrdjGq.exe
  2⤵
  PID:8080
- C:\Windows\System\eJzbXhL.exe
  C:\Windows\System\eJzbXhL.exe
  2⤵
  PID:8100
- C:\Windows\System\NnsotqL.exe
  C:\Windows\System\NnsotqL.exe
  2⤵
  PID:8124
- C:\Windows\System\vrewLSM.exe
  C:\Windows\System\vrewLSM.exe
  2⤵
  PID:8148
- C:\Windows\System\oRowbOf.exe
  C:\Windows\System\oRowbOf.exe
  2⤵
  PID:8172
- C:\Windows\System\oFZfIEh.exe
  C:\Windows\System\oFZfIEh.exe
  2⤵
  PID:1440
- C:\Windows\System\zYOYOJp.exe
  C:\Windows\System\zYOYOJp.exe
  2⤵
  PID:6036
- C:\Windows\System\qTPpAMF.exe
  C:\Windows\System\qTPpAMF.exe
  2⤵
  PID:5308
- C:\Windows\System\NhqUUuq.exe
  C:\Windows\System\NhqUUuq.exe
  2⤵
  PID:2680
- C:\Windows\System\zpGWHei.exe
  C:\Windows\System\zpGWHei.exe
  2⤵
  PID:6404
- C:\Windows\System\qjGClvy.exe
  C:\Windows\System\qjGClvy.exe
  2⤵
  PID:7256
- C:\Windows\System\wdhlPlt.exe
  C:\Windows\System\wdhlPlt.exe
  2⤵
  PID:6744
- C:\Windows\System\HIxsfEE.exe
  C:\Windows\System\HIxsfEE.exe
  2⤵
  PID:7160
- C:\Windows\System\myeqIhM.exe
  C:\Windows\System\myeqIhM.exe
  2⤵
  PID:7208
- C:\Windows\System\iaBDWsq.exe
  C:\Windows\System\iaBDWsq.exe
  2⤵
  PID:7272
- C:\Windows\System\VHVlNBe.exe
  C:\Windows\System\VHVlNBe.exe
  2⤵
  PID:7304
- C:\Windows\System\qKEDuFH.exe
  C:\Windows\System\qKEDuFH.exe
  2⤵
  PID:7340
- C:\Windows\System\QhsULYW.exe
  C:\Windows\System\QhsULYW.exe
  2⤵
  PID:7404
- C:\Windows\System\tZufEkP.exe
  C:\Windows\System\tZufEkP.exe
  2⤵
  PID:7452
- C:\Windows\System\UyPwkyN.exe
  C:\Windows\System\UyPwkyN.exe
  2⤵
  PID:2408
- C:\Windows\System\meQMkFX.exe
  C:\Windows\System\meQMkFX.exe
  2⤵
  PID:7488
- C:\Windows\System\EOjoOEd.exe
  C:\Windows\System\EOjoOEd.exe
  2⤵
  PID:7520
- C:\Windows\System\ncTOPiC.exe
  C:\Windows\System\ncTOPiC.exe
  2⤵
  PID:7552
- C:\Windows\System\udgrLey.exe
  C:\Windows\System\udgrLey.exe
  2⤵
  PID:7584
- C:\Windows\System\xsCyJZh.exe
  C:\Windows\System\xsCyJZh.exe
  2⤵
  PID:7628
- C:\Windows\System\aUatKel.exe
  C:\Windows\System\aUatKel.exe
  2⤵
  PID:7664
- C:\Windows\System\wzDorUJ.exe
  C:\Windows\System\wzDorUJ.exe
  2⤵
  PID:7772
- C:\Windows\System\bVHnlFr.exe
  C:\Windows\System\bVHnlFr.exe
  2⤵
  PID:7696
- C:\Windows\System\JPIqhSe.exe
  C:\Windows\System\JPIqhSe.exe
  2⤵
  PID:7708
- C:\Windows\System\ofNWGSj.exe
  C:\Windows\System\ofNWGSj.exe
  2⤵
  PID:7788
- C:\Windows\System\qptMAbq.exe
  C:\Windows\System\qptMAbq.exe
  2⤵
  PID:7812
- C:\Windows\System\HLPAaiw.exe
  C:\Windows\System\HLPAaiw.exe
  2⤵
  PID:7828
- C:\Windows\System\klhaRed.exe
  C:\Windows\System\klhaRed.exe
  2⤵
  PID:7844
- C:\Windows\System\iiLjaen.exe
  C:\Windows\System\iiLjaen.exe
  2⤵
  PID:3248
- C:\Windows\System\AjUHojg.exe
  C:\Windows\System\AjUHojg.exe
  2⤵
  PID:7872
- C:\Windows\System\axBqrhW.exe
  C:\Windows\System\axBqrhW.exe
  2⤵
  PID:7896
- C:\Windows\System\FRRjWIM.exe
  C:\Windows\System\FRRjWIM.exe
  2⤵
  PID:7920
- C:\Windows\System\tijezdx.exe
  C:\Windows\System\tijezdx.exe
  2⤵
  PID:7944
- C:\Windows\System\lIJKAFO.exe
  C:\Windows\System\lIJKAFO.exe
  2⤵
  PID:7984
- C:\Windows\System\PEFOskk.exe
  C:\Windows\System\PEFOskk.exe
  2⤵
  PID:8088
- C:\Windows\System\MnXnEeP.exe
  C:\Windows\System\MnXnEeP.exe
  2⤵
  PID:8024
- C:\Windows\System\AOQyFkC.exe
  C:\Windows\System\AOQyFkC.exe
  2⤵
  PID:1088
- C:\Windows\System\zFAqWIq.exe
  C:\Windows\System\zFAqWIq.exe
  2⤵
  PID:4620
- C:\Windows\System\GGJCkTV.exe
  C:\Windows\System\GGJCkTV.exe
  2⤵
  PID:3068
- C:\Windows\System\UmsSlDi.exe
  C:\Windows\System\UmsSlDi.exe
  2⤵
  PID:7384
- C:\Windows\System\boONhHm.exe
  C:\Windows\System\boONhHm.exe
  2⤵
  PID:7436
- C:\Windows\System\PQZIAsd.exe
  C:\Windows\System\PQZIAsd.exe
  2⤵
  PID:7568
- C:\Windows\System\nilXGgc.exe
  C:\Windows\System\nilXGgc.exe
  2⤵
  PID:7692
- C:\Windows\System\CdcDQKs.exe
  C:\Windows\System\CdcDQKs.exe
  2⤵
  PID:7744
- C:\Windows\System\RfJGaDP.exe
  C:\Windows\System\RfJGaDP.exe
  2⤵
  PID:8008
- C:\Windows\System\TkECMuh.exe
  C:\Windows\System\TkECMuh.exe
  2⤵
  PID:1168
- C:\Windows\System\EzPKGsE.exe
  C:\Windows\System\EzPKGsE.exe
  2⤵
  PID:7392
- C:\Windows\System\JbokSiM.exe
  C:\Windows\System\JbokSiM.exe
  2⤵
  PID:7972
- C:\Windows\System\LvDYNLa.exe
  C:\Windows\System\LvDYNLa.exe
  2⤵
  PID:6844
- C:\Windows\System\MyVJJxd.exe
  C:\Windows\System\MyVJJxd.exe
  2⤵
  PID:8076
- C:\Windows\System\OQtTIJr.exe
  C:\Windows\System\OQtTIJr.exe
  2⤵
  PID:8156
- C:\Windows\System\uqNfRSc.exe
  C:\Windows\System\uqNfRSc.exe
  2⤵
  PID:8180
- C:\Windows\System\UUBFjAH.exe
  C:\Windows\System\UUBFjAH.exe
  2⤵
  PID:7224
- C:\Windows\System\MpnVwIq.exe
  C:\Windows\System\MpnVwIq.exe
  2⤵
  PID:2968
- C:\Windows\System\YIWEHGU.exe
  C:\Windows\System\YIWEHGU.exe
  2⤵
  PID:7196
- C:\Windows\System\VHBCQML.exe
  C:\Windows\System\VHBCQML.exe
  2⤵
  PID:7324
- C:\Windows\System\lecRpGU.exe
  C:\Windows\System\lecRpGU.exe
  2⤵
  PID:7536
- C:\Windows\System\rVEcIZR.exe
  C:\Windows\System\rVEcIZR.exe
  2⤵
  PID:7616
- C:\Windows\System\hKiatYl.exe
  C:\Windows\System\hKiatYl.exe
  2⤵
  PID:7748
- C:\Windows\System\fCbmket.exe
  C:\Windows\System\fCbmket.exe
  2⤵
  PID:7836
- C:\Windows\System\nMBLcet.exe
  C:\Windows\System\nMBLcet.exe
  2⤵
  PID:7904
- C:\Windows\System\MMOkQYj.exe
  C:\Windows\System\MMOkQYj.exe
  2⤵
  PID:8188
- C:\Windows\System\WVvqSPY.exe
  C:\Windows\System\WVvqSPY.exe
  2⤵
  PID:7968
- C:\Windows\System\Vtqugdh.exe
  C:\Windows\System\Vtqugdh.exe
  2⤵
  PID:2084
- C:\Windows\System\qzevtty.exe
  C:\Windows\System\qzevtty.exe
  2⤵
  PID:3044
- C:\Windows\System\WGEzFLD.exe
  C:\Windows\System\WGEzFLD.exe
  2⤵
  PID:2948
- C:\Windows\System\nWhNkyt.exe
  C:\Windows\System\nWhNkyt.exe
  2⤵
  PID:7468
- C:\Windows\System\HCBLUYp.exe
  C:\Windows\System\HCBLUYp.exe
  2⤵
  PID:7784
- C:\Windows\System\VEotoYd.exe
  C:\Windows\System\VEotoYd.exe
  2⤵
  PID:7648
- C:\Windows\System\EnAwqlj.exe
  C:\Windows\System\EnAwqlj.exe
  2⤵
  PID:7288
- C:\Windows\System\nFlVAxv.exe
  C:\Windows\System\nFlVAxv.exe
  2⤵
  PID:8136
- C:\Windows\System\wJspXin.exe
  C:\Windows\System\wJspXin.exe
  2⤵
  PID:8144
- C:\Windows\System\OfmUtTc.exe
  C:\Windows\System\OfmUtTc.exe
  2⤵
  PID:6692
- C:\Windows\System\qwAiVws.exe
  C:\Windows\System\qwAiVws.exe
  2⤵
  PID:8160
- C:\Windows\System\ujInYFN.exe
  C:\Windows\System\ujInYFN.exe
  2⤵
  PID:8168
- C:\Windows\System\EtRUIyA.exe
  C:\Windows\System\EtRUIyA.exe
  2⤵
  PID:7612
- C:\Windows\System\NgPDBLm.exe
  C:\Windows\System\NgPDBLm.exe
  2⤵
  PID:7808
- C:\Windows\System\oDpVcug.exe
  C:\Windows\System\oDpVcug.exe
  2⤵
  PID:7964
- C:\Windows\System\TWhBuId.exe
  C:\Windows\System\TWhBuId.exe
  2⤵
  PID:2236
- C:\Windows\System\HySPpMA.exe
  C:\Windows\System\HySPpMA.exe
  2⤵
  PID:7824
- C:\Windows\System\prpsawf.exe
  C:\Windows\System\prpsawf.exe
  2⤵
  PID:7988
- C:\Windows\System\hUVokwv.exe
  C:\Windows\System\hUVokwv.exe
  2⤵
  PID:7292
- C:\Windows\System\DOQNQBl.exe
  C:\Windows\System\DOQNQBl.exe
  2⤵
  PID:7504
- C:\Windows\System\xaHunWH.exe
  C:\Windows\System\xaHunWH.exe
  2⤵
  PID:7128
- C:\Windows\System\btYLqml.exe
  C:\Windows\System\btYLqml.exe
  2⤵
  PID:7336
- C:\Windows\System\WPZWLAe.exe
  C:\Windows\System\WPZWLAe.exe
  2⤵
  PID:7676
- C:\Windows\System\aMETyzL.exe
  C:\Windows\System\aMETyzL.exe
  2⤵
  PID:8140
- C:\Windows\System\qeBtNYH.exe
  C:\Windows\System\qeBtNYH.exe
  2⤵
  PID:7764
- C:\Windows\System\GPoTpqS.exe
  C:\Windows\System\GPoTpqS.exe
  2⤵
  PID:2876
- C:\Windows\System\QcqYcpO.exe
  C:\Windows\System\QcqYcpO.exe
  2⤵
  PID:8072
- C:\Windows\System\mCpGTUi.exe
  C:\Windows\System\mCpGTUi.exe
  2⤵
  PID:7804
- C:\Windows\System\YKhRiPV.exe
  C:\Windows\System\YKhRiPV.exe
  2⤵
  PID:7388
- C:\Windows\System\tGtrvtr.exe
  C:\Windows\System\tGtrvtr.exe
  2⤵
  PID:2204
- C:\Windows\System\NUCUFKp.exe
  C:\Windows\System\NUCUFKp.exe
  2⤵
  PID:8056
- C:\Windows\System\aWmkXqZ.exe
  C:\Windows\System\aWmkXqZ.exe
  2⤵
  PID:7892
- C:\Windows\System\URnlOpP.exe
  C:\Windows\System\URnlOpP.exe
  2⤵
  PID:7940
- C:\Windows\System\zGyBAql.exe
  C:\Windows\System\zGyBAql.exe
  2⤵
  PID:7032
- C:\Windows\System\HLAbmGZ.exe
  C:\Windows\System\HLAbmGZ.exe
  2⤵
  PID:680
- C:\Windows\System\SdZtgZQ.exe
  C:\Windows\System\SdZtgZQ.exe
  2⤵
  PID:7308
- C:\Windows\System\qLZSFcB.exe
  C:\Windows\System\qLZSFcB.exe
  2⤵
  PID:8204
- C:\Windows\System\CUtBrTZ.exe
  C:\Windows\System\CUtBrTZ.exe
  2⤵
  PID:8220
- C:\Windows\System\tfgXPRR.exe
  C:\Windows\System\tfgXPRR.exe
  2⤵
  PID:8236
- C:\Windows\System\MSlMHpp.exe
  C:\Windows\System\MSlMHpp.exe
  2⤵
  PID:8256
- C:\Windows\System\oFAtMVp.exe
  C:\Windows\System\oFAtMVp.exe
  2⤵
  PID:8272
- C:\Windows\System\clhPIeH.exe
  C:\Windows\System\clhPIeH.exe
  2⤵
  PID:8288
- C:\Windows\System\wdyTAgr.exe
  C:\Windows\System\wdyTAgr.exe
  2⤵
  PID:8308
- C:\Windows\System\CuoajFo.exe
  C:\Windows\System\CuoajFo.exe
  2⤵
  PID:8324
- C:\Windows\System\iZhWRpT.exe
  C:\Windows\System\iZhWRpT.exe
  2⤵
  PID:8340
- C:\Windows\System\IbZTnAS.exe
  C:\Windows\System\IbZTnAS.exe
  2⤵
  PID:8356
- C:\Windows\System\EKnJGMs.exe
  C:\Windows\System\EKnJGMs.exe
  2⤵
  PID:8372
- C:\Windows\System\zCRPGrs.exe
  C:\Windows\System\zCRPGrs.exe
  2⤵
  PID:8388
- C:\Windows\System\vQPTuaN.exe
  C:\Windows\System\vQPTuaN.exe
  2⤵
  PID:8404
- C:\Windows\System\czmoODr.exe
  C:\Windows\System\czmoODr.exe
  2⤵
  PID:8540
- C:\Windows\System\DXcoemw.exe
  C:\Windows\System\DXcoemw.exe
  2⤵
  PID:8556
- C:\Windows\System\KnCjxiZ.exe
  C:\Windows\System\KnCjxiZ.exe
  2⤵
  PID:8572
- C:\Windows\System\CXJzoLy.exe
  C:\Windows\System\CXJzoLy.exe
  2⤵
  PID:8596
- C:\Windows\System\RweWofj.exe
  C:\Windows\System\RweWofj.exe
  2⤵
  PID:8612
- C:\Windows\System\RHyOwnB.exe
  C:\Windows\System\RHyOwnB.exe
  2⤵
  PID:8628
- C:\Windows\System\JxVbDDN.exe
  C:\Windows\System\JxVbDDN.exe
  2⤵
  PID:8644
- C:\Windows\System\yYvHVuf.exe
  C:\Windows\System\yYvHVuf.exe
  2⤵
  PID:8660
- C:\Windows\System\TquzuGU.exe
  C:\Windows\System\TquzuGU.exe
  2⤵
  PID:8676
- C:\Windows\System\NqYkpQi.exe
  C:\Windows\System\NqYkpQi.exe
  2⤵
  PID:8692
- C:\Windows\System\dhoFIiQ.exe
  C:\Windows\System\dhoFIiQ.exe
  2⤵
  PID:8708
- C:\Windows\System\lEUPABr.exe
  C:\Windows\System\lEUPABr.exe
  2⤵
  PID:8724
- C:\Windows\System\kpgJfLk.exe
  C:\Windows\System\kpgJfLk.exe
  2⤵
  PID:8740
- C:\Windows\System\qdImUMl.exe
  C:\Windows\System\qdImUMl.exe
  2⤵
  PID:8756
- C:\Windows\System\DBrcLFH.exe
  C:\Windows\System\DBrcLFH.exe
  2⤵
  PID:8772
- C:\Windows\System\ZNrkOTS.exe
  C:\Windows\System\ZNrkOTS.exe
  2⤵
  PID:8792
- C:\Windows\System\bBrVDJN.exe
  C:\Windows\System\bBrVDJN.exe
  2⤵
  PID:8808
- C:\Windows\System\enxuLyM.exe
  C:\Windows\System\enxuLyM.exe
  2⤵
  PID:8824
- C:\Windows\System\CqSCwrj.exe
  C:\Windows\System\CqSCwrj.exe
  2⤵
  PID:8840
- C:\Windows\System\OJCRLWr.exe
  C:\Windows\System\OJCRLWr.exe
  2⤵
  PID:8856
- C:\Windows\System\LJvMXLv.exe
  C:\Windows\System\LJvMXLv.exe
  2⤵
  PID:8872
- C:\Windows\System\GjtTzNo.exe
  C:\Windows\System\GjtTzNo.exe
  2⤵
  PID:8948
- C:\Windows\System\zCyhaKI.exe
  C:\Windows\System\zCyhaKI.exe
  2⤵
  PID:9000
- C:\Windows\System\ACanieI.exe
  C:\Windows\System\ACanieI.exe
  2⤵
  PID:9032
- C:\Windows\System\EQxTych.exe
  C:\Windows\System\EQxTych.exe
  2⤵
  PID:9048
- C:\Windows\System\LswBGQa.exe
  C:\Windows\System\LswBGQa.exe
  2⤵
  PID:9064
- C:\Windows\System\aLzPwrR.exe
  C:\Windows\System\aLzPwrR.exe
  2⤵
  PID:9080
- C:\Windows\System\CKAdYkp.exe
  C:\Windows\System\CKAdYkp.exe
  2⤵
  PID:9096
- C:\Windows\System\OkwJVCW.exe
  C:\Windows\System\OkwJVCW.exe
  2⤵
  PID:9112
- C:\Windows\System\eBkYgxL.exe
  C:\Windows\System\eBkYgxL.exe
  2⤵
  PID:9128
- C:\Windows\System\CxhGCXJ.exe
  C:\Windows\System\CxhGCXJ.exe
  2⤵
  PID:9144
- C:\Windows\System\XXFGbZu.exe
  C:\Windows\System\XXFGbZu.exe
  2⤵
  PID:9160
- C:\Windows\System\IBOezXG.exe
  C:\Windows\System\IBOezXG.exe
  2⤵
  PID:9176
- C:\Windows\System\jOpoFHY.exe
  C:\Windows\System\jOpoFHY.exe
  2⤵
  PID:9192
- C:\Windows\System\fXDYpex.exe
  C:\Windows\System\fXDYpex.exe
  2⤵
  PID:9208
- C:\Windows\System\NZWZkYk.exe
  C:\Windows\System\NZWZkYk.exe
  2⤵
  PID:7680
- C:\Windows\System\RpsYVFA.exe
  C:\Windows\System\RpsYVFA.exe
  2⤵
  PID:8164
- C:\Windows\System\qXHNjLE.exe
  C:\Windows\System\qXHNjLE.exe
  2⤵
  PID:8244
- C:\Windows\System\OxfDVhW.exe
  C:\Windows\System\OxfDVhW.exe
  2⤵
  PID:6612
- C:\Windows\System\PJQpuhv.exe
  C:\Windows\System\PJQpuhv.exe
  2⤵
  PID:8004
- C:\Windows\System\qXGlYwD.exe
  C:\Windows\System\qXGlYwD.exe
  2⤵
  PID:8116
- C:\Windows\System\ilsQfkn.exe
  C:\Windows\System\ilsQfkn.exe
  2⤵
  PID:8228
- C:\Windows\System\MYnYtzW.exe
  C:\Windows\System\MYnYtzW.exe
  2⤵
  PID:8296
- C:\Windows\System\UUbPRhm.exe
  C:\Windows\System\UUbPRhm.exe
  2⤵
  PID:8396
- C:\Windows\System\gQSrKJT.exe
  C:\Windows\System\gQSrKJT.exe
  2⤵
  PID:8336
- C:\Windows\System\AhsvbHw.exe
  C:\Windows\System\AhsvbHw.exe
  2⤵
  PID:8348
- C:\Windows\System\GxgSFTI.exe
  C:\Windows\System\GxgSFTI.exe
  2⤵
  PID:8380
- C:\Windows\System\NBkMeYF.exe
  C:\Windows\System\NBkMeYF.exe
  2⤵
  PID:6616
- C:\Windows\System\zdlOOtP.exe
  C:\Windows\System\zdlOOtP.exe
  2⤵
  PID:8420
- C:\Windows\System\tJZvfnY.exe
  C:\Windows\System\tJZvfnY.exe
  2⤵
  PID:8440
- C:\Windows\System\ZfccYYU.exe
  C:\Windows\System\ZfccYYU.exe
  2⤵
  PID:8464
- C:\Windows\System\NVkYKnf.exe
  C:\Windows\System\NVkYKnf.exe
  2⤵
  PID:8472
- C:\Windows\System\dtDWYOr.exe
  C:\Windows\System\dtDWYOr.exe
  2⤵
  PID:8488
- C:\Windows\System\qdYkMIB.exe
  C:\Windows\System\qdYkMIB.exe
  2⤵
  PID:8500
- C:\Windows\System\SZUpxkw.exe
  C:\Windows\System\SZUpxkw.exe
  2⤵
  PID:6508
- C:\Windows\System\fIIRoQI.exe
  C:\Windows\System\fIIRoQI.exe
  2⤵
  PID:8528
- C:\Windows\System\gPMjUoh.exe
  C:\Windows\System\gPMjUoh.exe
  2⤵
  PID:8732
- C:\Windows\System\ptJFbkg.exe
  C:\Windows\System\ptJFbkg.exe
  2⤵
  PID:8652
- C:\Windows\System\oqvGBRc.exe
  C:\Windows\System\oqvGBRc.exe
  2⤵
  PID:8820
- C:\Windows\System\LbYoBZt.exe
  C:\Windows\System\LbYoBZt.exe
  2⤵
  PID:8788
- C:\Windows\System\XkzyLqI.exe
  C:\Windows\System\XkzyLqI.exe
  2⤵
  PID:8688
- C:\Windows\System\jMZoktM.exe
  C:\Windows\System\jMZoktM.exe
  2⤵
  PID:8892
- C:\Windows\System\KvLXYps.exe
  C:\Windows\System\KvLXYps.exe
  2⤵
  PID:8704
- C:\Windows\System\QlxUKxc.exe
  C:\Windows\System\QlxUKxc.exe
  2⤵
  PID:8700
- C:\Windows\System\WrsYDAt.exe
  C:\Windows\System\WrsYDAt.exe
  2⤵
  PID:8836
- C:\Windows\System\LWFNJzP.exe
  C:\Windows\System\LWFNJzP.exe
  2⤵
  PID:1968
- C:\Windows\System\xajVXWg.exe
  C:\Windows\System\xajVXWg.exe
  2⤵
  PID:8912
- C:\Windows\System\CdudOID.exe
  C:\Windows\System\CdudOID.exe
  2⤵
  PID:8932
- C:\Windows\System\vHRHNbS.exe
  C:\Windows\System\vHRHNbS.exe
  2⤵
  PID:2624
- C:\Windows\System\ARybccq.exe
  C:\Windows\System\ARybccq.exe
  2⤵
  PID:768
- C:\Windows\System\LnIoaDi.exe
  C:\Windows\System\LnIoaDi.exe
  2⤵
  PID:8976
- C:\Windows\System\FCtCCed.exe
  C:\Windows\System\FCtCCed.exe
  2⤵
  PID:8992
- C:\Windows\System\JHkeYlx.exe
  C:\Windows\System\JHkeYlx.exe
  2⤵
  PID:6276
- C:\Windows\System\DyiHNfq.exe
  C:\Windows\System\DyiHNfq.exe
  2⤵
  PID:9056
- C:\Windows\System\pwmgErs.exe
  C:\Windows\System\pwmgErs.exe
  2⤵
  PID:9044
- C:\Windows\System\HriPfdZ.exe
  C:\Windows\System\HriPfdZ.exe
  2⤵
  PID:9108
- C:\Windows\System\RsJqWVl.exe
  C:\Windows\System\RsJqWVl.exe
  2⤵
  PID:9172
- C:\Windows\System\vvmZISJ.exe
  C:\Windows\System\vvmZISJ.exe
  2⤵
  PID:8284
- C:\Windows\System\sGQxrGC.exe
  C:\Windows\System\sGQxrGC.exe
  2⤵
  PID:8264
- C:\Windows\System\DlVwFbA.exe
  C:\Windows\System\DlVwFbA.exe
  2⤵
  PID:6368
- C:\Windows\System\WDgUJPi.exe
  C:\Windows\System\WDgUJPi.exe
  2⤵
  PID:8416
- C:\Windows\System\KJuMLxV.exe
  C:\Windows\System\KJuMLxV.exe
  2⤵
  PID:7960
- C:\Windows\System\QBLQcVn.exe
  C:\Windows\System\QBLQcVn.exe
  2⤵
  PID:9016
- C:\Windows\System\ZqUCNFx.exe
  C:\Windows\System\ZqUCNFx.exe
  2⤵
  PID:8196
- C:\Windows\System\SUgxZSx.exe
  C:\Windows\System\SUgxZSx.exe
  2⤵
  PID:9156
- C:\Windows\System\lDzOZrs.exe
  C:\Windows\System\lDzOZrs.exe
  2⤵
  PID:8212
- C:\Windows\System\LSdEkmV.exe
  C:\Windows\System\LSdEkmV.exe
  2⤵
  PID:6588
- C:\Windows\System\CwPaHJq.exe
  C:\Windows\System\CwPaHJq.exe
  2⤵
  PID:8428
- C:\Windows\System\xJATUGs.exe
  C:\Windows\System\xJATUGs.exe
  2⤵
  PID:8456
- C:\Windows\System\Vbyjykv.exe
  C:\Windows\System\Vbyjykv.exe
  2⤵
  PID:9076
- C:\Windows\System\FndMsTq.exe
  C:\Windows\System\FndMsTq.exe
  2⤵
  PID:8480
- C:\Windows\System\VRgIkGd.exe
  C:\Windows\System\VRgIkGd.exe
  2⤵
  PID:8512
- C:\Windows\System\wrSiYye.exe
  C:\Windows\System\wrSiYye.exe
  2⤵
  PID:8584
- C:\Windows\System\mEzZYDw.exe
  C:\Windows\System\mEzZYDw.exe
  2⤵
  PID:8620
- C:\Windows\System\fFflWVl.exe
  C:\Windows\System\fFflWVl.exe
  2⤵
  PID:8580
- C:\Windows\System\dtjbylB.exe
  C:\Windows\System\dtjbylB.exe
  2⤵
  PID:8816
- C:\Windows\System\aTGBRfX.exe
  C:\Windows\System\aTGBRfX.exe
  2⤵
  PID:8624
- C:\Windows\System\hCmcXqN.exe
  C:\Windows\System\hCmcXqN.exe
  2⤵
  PID:8672
- C:\Windows\System\uESVPcH.exe
  C:\Windows\System\uESVPcH.exe
  2⤵
  PID:8880
- C:\Windows\System\FPiDvVN.exe
  C:\Windows\System\FPiDvVN.exe
  2⤵
  PID:8920
- C:\Windows\System\PDtIPdj.exe
  C:\Windows\System\PDtIPdj.exe
  2⤵
  PID:8924
- C:\Windows\System\UPAtYDc.exe
  C:\Windows\System\UPAtYDc.exe
  2⤵
  PID:8984
- C:\Windows\System\ihcWbYh.exe
  C:\Windows\System\ihcWbYh.exe
  2⤵
  PID:2952
- C:\Windows\System\NJYegYH.exe
  C:\Windows\System\NJYegYH.exe
  2⤵
  PID:9040
- C:\Windows\System\xUDNYIq.exe
  C:\Windows\System\xUDNYIq.exe
  2⤵
  PID:9168
- C:\Windows\System\lQMKMcz.exe
  C:\Windows\System\lQMKMcz.exe
  2⤵
  PID:9012
- C:\Windows\System\UrdlbBb.exe
  C:\Windows\System\UrdlbBb.exe
  2⤵
  PID:8280
- C:\Windows\System\Vhaxnby.exe
  C:\Windows\System\Vhaxnby.exe
  2⤵
  PID:3132
- C:\Windows\System\ggYSzYj.exe
  C:\Windows\System\ggYSzYj.exe
  2⤵
  PID:8304
- C:\Windows\System\iOVimiQ.exe
  C:\Windows\System\iOVimiQ.exe
  2⤵
  PID:7180
- C:\Windows\System\XBECucr.exe
  C:\Windows\System\XBECucr.exe
  2⤵
  PID:6672
- C:\Windows\System\hZRIvRE.exe
  C:\Windows\System\hZRIvRE.exe
  2⤵
  PID:8496
- C:\Windows\System\eBrvouu.exe
  C:\Windows\System\eBrvouu.exe
  2⤵
  PID:9088
- C:\Windows\System\XkcjCoj.exe
  C:\Windows\System\XkcjCoj.exe
  2⤵
  PID:8536
- C:\Windows\System\ucbIFJD.exe
  C:\Windows\System\ucbIFJD.exe
  2⤵
  PID:8868
- C:\Windows\System\xOthVBh.exe
  C:\Windows\System\xOthVBh.exe
  2⤵
  PID:9152
- C:\Windows\System\YHbUDQp.exe
  C:\Windows\System\YHbUDQp.exe
  2⤵
  PID:2916
- C:\Windows\System\dnTSqBg.exe
  C:\Windows\System\dnTSqBg.exe
  2⤵
  PID:8936
- C:\Windows\System\AmwqiOr.exe
  C:\Windows\System\AmwqiOr.exe
  2⤵
  PID:8972
- C:\Windows\System\YsrbthG.exe
  C:\Windows\System\YsrbthG.exe
  2⤵
  PID:8636
- C:\Windows\System\aUXMcPl.exe
  C:\Windows\System\aUXMcPl.exe
  2⤵
  PID:7472
- C:\Windows\System\rKaLAod.exe
  C:\Windows\System\rKaLAod.exe
  2⤵
  PID:9024
- C:\Windows\System\EySIYmj.exe
  C:\Windows\System\EySIYmj.exe
  2⤵
  PID:8320
- C:\Windows\System\knBZUFH.exe
  C:\Windows\System\knBZUFH.exe
  2⤵
  PID:9188
- C:\Windows\System\AYmRxLp.exe
  C:\Windows\System\AYmRxLp.exe
  2⤵
  PID:8764
- C:\Windows\System\cfchbTx.exe
  C:\Windows\System\cfchbTx.exe
  2⤵
  PID:8900
- C:\Windows\System\vycrJDc.exe
  C:\Windows\System\vycrJDc.exe
  2⤵
  PID:9232
- C:\Windows\System\LGzljls.exe
  C:\Windows\System\LGzljls.exe
  2⤵
  PID:9284
- C:\Windows\System\cfragoJ.exe
  C:\Windows\System\cfragoJ.exe
  2⤵
  PID:9308
- C:\Windows\System\wvnHbQW.exe
  C:\Windows\System\wvnHbQW.exe
  2⤵
  PID:9336
- C:\Windows\System\HtQkNgF.exe
  C:\Windows\System\HtQkNgF.exe
  2⤵
  PID:9356
- C:\Windows\System\HGOjjGc.exe
  C:\Windows\System\HGOjjGc.exe
  2⤵
  PID:9372
- C:\Windows\System\aUtfIjd.exe
  C:\Windows\System\aUtfIjd.exe
  2⤵
  PID:9388
- C:\Windows\System\ibtiuQB.exe
  C:\Windows\System\ibtiuQB.exe
  2⤵
  PID:9404
- C:\Windows\System\SDCIPoz.exe
  C:\Windows\System\SDCIPoz.exe
  2⤵
  PID:9420
- C:\Windows\System\rLGKIQZ.exe
  C:\Windows\System\rLGKIQZ.exe
  2⤵
  PID:9472
- C:\Windows\System\VrhqWXF.exe
  C:\Windows\System\VrhqWXF.exe
  2⤵
  PID:9488
- C:\Windows\System\zpVZcam.exe
  C:\Windows\System\zpVZcam.exe
  2⤵
  PID:9504
- C:\Windows\System\unHhFOm.exe
  C:\Windows\System\unHhFOm.exe
  2⤵
  PID:9520
- C:\Windows\System\SVLdkdz.exe
  C:\Windows\System\SVLdkdz.exe
  2⤵
  PID:9536
- C:\Windows\System\ItQPfHr.exe
  C:\Windows\System\ItQPfHr.exe
  2⤵
  PID:9552
- C:\Windows\System\KgzJtGW.exe
  C:\Windows\System\KgzJtGW.exe
  2⤵
  PID:9732
- C:\Windows\System\NarxBrc.exe
  C:\Windows\System\NarxBrc.exe
  2⤵
  PID:9752
- C:\Windows\System\xhmJgVE.exe
  C:\Windows\System\xhmJgVE.exe
  2⤵
  PID:9780
- C:\Windows\System\lBkwYLg.exe
  C:\Windows\System\lBkwYLg.exe
  2⤵
  PID:9840
- C:\Windows\System\HyKdWsW.exe
  C:\Windows\System\HyKdWsW.exe
  2⤵
  PID:9980
- C:\Windows\System\IoLvmpM.exe
  C:\Windows\System\IoLvmpM.exe
  2⤵
  PID:9996
- C:\Windows\System\RRDXZsL.exe
  C:\Windows\System\RRDXZsL.exe
  2⤵
  PID:10012
- C:\Windows\System\KRnSmlr.exe
  C:\Windows\System\KRnSmlr.exe
  2⤵
  PID:10028
- C:\Windows\System\MzXXsTN.exe
  C:\Windows\System\MzXXsTN.exe
  2⤵
  PID:10048
- C:\Windows\System\wcOnovC.exe
  C:\Windows\System\wcOnovC.exe
  2⤵
  PID:10068
- C:\Windows\System\GBEOwpG.exe
  C:\Windows\System\GBEOwpG.exe
  2⤵
  PID:10096
- C:\Windows\System\lzCIbLx.exe
  C:\Windows\System\lzCIbLx.exe
  2⤵
  PID:10116
- C:\Windows\System\PQlMkMk.exe
  C:\Windows\System\PQlMkMk.exe
  2⤵
  PID:10132
- C:\Windows\System\zTsKEiq.exe
  C:\Windows\System\zTsKEiq.exe
  2⤵
  PID:10148
- C:\Windows\System\wmNLOnh.exe
  C:\Windows\System\wmNLOnh.exe
  2⤵
  PID:10168
- C:\Windows\System\esazWmR.exe
  C:\Windows\System\esazWmR.exe
  2⤵
  PID:10188
- C:\Windows\System\haFeGGz.exe
  C:\Windows\System\haFeGGz.exe
  2⤵
  PID:10204
- C:\Windows\System\zbyQYTN.exe
  C:\Windows\System\zbyQYTN.exe
  2⤵
  PID:10220
- C:\Windows\System\uWlddiC.exe
  C:\Windows\System\uWlddiC.exe
  2⤵
  PID:10236
- C:\Windows\System\nhWuCam.exe
  C:\Windows\System\nhWuCam.exe
  2⤵
  PID:8568
- C:\Windows\System\MsNKZZi.exe
  C:\Windows\System\MsNKZZi.exe
  2⤵
  PID:2516
- C:\Windows\System\vhAuVZz.exe
  C:\Windows\System\vhAuVZz.exe
  2⤵
  PID:9204
- C:\Windows\System\OrMQBHS.exe
  C:\Windows\System\OrMQBHS.exe
  2⤵
  PID:8752
- C:\Windows\System\GmsAHFW.exe
  C:\Windows\System\GmsAHFW.exe
  2⤵
  PID:9228
- C:\Windows\System\JDQWZCZ.exe
  C:\Windows\System\JDQWZCZ.exe
  2⤵
  PID:9224
- C:\Windows\System\neCskqQ.exe
  C:\Windows\System\neCskqQ.exe
  2⤵
  PID:9256
- C:\Windows\System\TkTJepK.exe
  C:\Windows\System\TkTJepK.exe
  2⤵
  PID:9276
- C:\Windows\System\awxdRiO.exe
  C:\Windows\System\awxdRiO.exe
  2⤵
  PID:9444
- C:\Windows\System\sZiMMnL.exe
  C:\Windows\System\sZiMMnL.exe
  2⤵
  PID:8716
- C:\Windows\System\zTSmCVF.exe
  C:\Windows\System\zTSmCVF.exe
  2⤵
  PID:9516
- C:\Windows\System\DMDBgpq.exe
  C:\Windows\System\DMDBgpq.exe
  2⤵
  PID:9620
- C:\Windows\System\FXPgEwy.exe
  C:\Windows\System\FXPgEwy.exe
  2⤵
  PID:9560
- C:\Windows\System\DomTaTG.exe
  C:\Windows\System\DomTaTG.exe
  2⤵
  PID:9664
- C:\Windows\System\RUiCGyB.exe
  C:\Windows\System\RUiCGyB.exe
  2⤵
  PID:9592
- C:\Windows\System\baOuEcM.exe
  C:\Windows\System\baOuEcM.exe
  2⤵
  PID:9676
- C:\Windows\System\jiVRQND.exe
  C:\Windows\System\jiVRQND.exe
  2⤵
  PID:9644
- C:\Windows\System\iSkRFhm.exe
  C:\Windows\System\iSkRFhm.exe
  2⤵
  PID:9668
- C:\Windows\System\eBBePVP.exe
  C:\Windows\System\eBBePVP.exe
  2⤵
  PID:9700
- C:\Windows\System\VIjNKcr.exe
  C:\Windows\System\VIjNKcr.exe
  2⤵
  PID:9716
- C:\Windows\System\IPYkdXH.exe
  C:\Windows\System\IPYkdXH.exe
  2⤵
  PID:9740
- C:\Windows\System\rBdClVj.exe
  C:\Windows\System\rBdClVj.exe
  2⤵
  PID:9764
- C:\Windows\System\PRpiBhW.exe
  C:\Windows\System\PRpiBhW.exe
  2⤵
  PID:9768
- C:\Windows\System\YzuiahN.exe
  C:\Windows\System\YzuiahN.exe
  2⤵
  PID:9804
- C:\Windows\System\HRhphla.exe
  C:\Windows\System\HRhphla.exe
  2⤵
  PID:9820
- C:\Windows\System\ymYfskO.exe
  C:\Windows\System\ymYfskO.exe
  2⤵
  PID:9836
- C:\Windows\System\fisWnmr.exe
  C:\Windows\System\fisWnmr.exe
  2⤵
  PID:9876
- C:\Windows\System\VucBNhJ.exe
  C:\Windows\System\VucBNhJ.exe
  2⤵
  PID:9924
- C:\Windows\System\wuPbCtq.exe
  C:\Windows\System\wuPbCtq.exe
  2⤵
  PID:9940
- C:\Windows\System\hNJjjQJ.exe
  C:\Windows\System\hNJjjQJ.exe
  2⤵
  PID:9976
- C:\Windows\System\YgqJQxX.exe
  C:\Windows\System\YgqJQxX.exe
  2⤵
  PID:9884
- C:\Windows\System\tnhsVcy.exe
  C:\Windows\System\tnhsVcy.exe
  2⤵
  PID:9916
- C:\Windows\System\crJlDNq.exe
  C:\Windows\System\crJlDNq.exe
  2⤵
  PID:9868
- C:\Windows\System\FmiDItx.exe
  C:\Windows\System\FmiDItx.exe
  2⤵
  PID:10196
- C:\Windows\System\kxUAQIQ.exe
  C:\Windows\System\kxUAQIQ.exe
  2⤵
  PID:10144
- C:\Windows\System\EtLkSYU.exe
  C:\Windows\System\EtLkSYU.exe
  2⤵
  PID:10228
- C:\Windows\System\hnDCNXn.exe
  C:\Windows\System\hnDCNXn.exe
  2⤵
  PID:10212
- C:\Windows\System\iOryYul.exe
  C:\Windows\System\iOryYul.exe
  2⤵
  PID:1012
- C:\Windows\System\NaJYrQo.exe
  C:\Windows\System\NaJYrQo.exe
  2⤵
  PID:2436
- C:\Windows\System\MNnjyoe.exe
  C:\Windows\System\MNnjyoe.exe
  2⤵
  PID:9260
- C:\Windows\System\oPizpuR.exe
  C:\Windows\System\oPizpuR.exe
  2⤵
  PID:9268
- C:\Windows\System\ehRXtRp.exe
  C:\Windows\System\ehRXtRp.exe
  2⤵
  PID:9452
- C:\Windows\System\HCIzWDl.exe
  C:\Windows\System\HCIzWDl.exe
  2⤵
  PID:9384
- C:\Windows\System\SpwrslV.exe
  C:\Windows\System\SpwrslV.exe
  2⤵
  PID:9328
- C:\Windows\System\Xpcmuko.exe
  C:\Windows\System\Xpcmuko.exe
  2⤵
  PID:9480
- C:\Windows\System\smwfLhw.exe
  C:\Windows\System\smwfLhw.exe
  2⤵
  PID:9604
- C:\Windows\System\PQPEuRi.exe
  C:\Windows\System\PQPEuRi.exe
  2⤵
  PID:9576
- C:\Windows\System\IuuXYZV.exe
  C:\Windows\System\IuuXYZV.exe
  2⤵
  PID:9792
- C:\Windows\System\lDAFTKX.exe
  C:\Windows\System\lDAFTKX.exe
  2⤵
  PID:9900
- C:\Windows\System\VRjFTvG.exe
  C:\Windows\System\VRjFTvG.exe
  2⤵
  PID:9896
- C:\Windows\System\bInrMAz.exe
  C:\Windows\System\bInrMAz.exe
  2⤵
  PID:9588
- C:\Windows\System\KWReImg.exe
  C:\Windows\System\KWReImg.exe
  2⤵
  PID:9704
- C:\Windows\System\iNTaBog.exe
  C:\Windows\System\iNTaBog.exe
  2⤵
  PID:9728
- C:\Windows\System\VYIiDlP.exe
  C:\Windows\System\VYIiDlP.exe
  2⤵
  PID:9816
- C:\Windows\System\ictsakm.exe
  C:\Windows\System\ictsakm.exe
  2⤵
  PID:9852
- C:\Windows\System\yXVHdUI.exe
  C:\Windows\System\yXVHdUI.exe
  2⤵
  PID:9952
- C:\Windows\System\HMUryOv.exe
  C:\Windows\System\HMUryOv.exe
  2⤵
  PID:10084
- C:\Windows\System\SyqoRQw.exe
  C:\Windows\System\SyqoRQw.exe
  2⤵
  PID:10164
- C:\Windows\System\DnVxiam.exe
  C:\Windows\System\DnVxiam.exe
  2⤵
  PID:9968
- C:\Windows\System\ASAEmFM.exe
  C:\Windows\System\ASAEmFM.exe
  2⤵
  PID:1432
- C:\Windows\System\ifsaKNo.exe
  C:\Windows\System\ifsaKNo.exe
  2⤵
  PID:9672
- C:\Windows\System\rlSZfIr.exe
  C:\Windows\System\rlSZfIr.exe
  2⤵
  PID:9104
- C:\Windows\System\ZcbGBaI.exe
  C:\Windows\System\ZcbGBaI.exe
  2⤵
  PID:9320
- C:\Windows\System\BnuNdOd.exe
  C:\Windows\System\BnuNdOd.exe
  2⤵
  PID:10112
- C:\Windows\System\vIurpnO.exe
  C:\Windows\System\vIurpnO.exe
  2⤵
  PID:10160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AcaGdvg.exe

Filesize
6.0MB

MD5
5f4e0fd752f0ca440aac225c138218fb

SHA1
57724fa0081f88d299787c28e0e13b6f3ca06e8b

SHA256
91442578a3ea5c5a4a9e4256310ad3d4c754ec8280617ef91f86894ef38f47b8

SHA512
3fb569c27563cf22e75fd05de3e8c3bb4e2bb195682d6a2487b3673e14388d4ebd284258e8aa2669dd562c043ac1462dfc9e9bfb07bcdaa54671413b6385dade

Download Submit
C:\Windows\system\BJBldwI.exe

Filesize
6.0MB

MD5
6d116b64d3c59059c017d895c81cdf9a

SHA1
68437ff59fb097e31d7487e68bbae4c65b7204d2

SHA256
c8e355ccf689d3fb519693fb879477532b323f99332b1b4089f7c95d11a49b17

SHA512
05e1c913f300fa4c710f56cb3108eb767ea28a2210376227a509bd9dc585735512264b4e9bf3a155afbd0ce0a436bdefa5e594330057ff045d0c932f51430d9b

Download Submit
C:\Windows\system\BJhrUEp.exe

Filesize
6.0MB

MD5
81d497521df693225ab3a0c73e43af91

SHA1
ad7f5660449ea67fdcd1357033790566d8aac3e0

SHA256
54409ba8248d053cbb0c7eedfb950f593df30f5f37eeedc2966486fe3765e53b

SHA512
aff7254f01a2d32362194fc45dc2f0c0128c6bf9e09dd313869f0e1ccd43c61a4a7dc6c4a7c760bcf072d59d884c9414a0283789aef11b66051d70e93e9173d5

Download Submit
C:\Windows\system\BuxTLnh.exe

Filesize
6.0MB

MD5
640b443eede05152e499fe453d7f2527

SHA1
f2d12c0440c11fed0a5fa58e658858b9f46a4c8c

SHA256
316709beed77a7af7b1946532b1372e851eba498e98c9b7e1cbfa5bec69ffa95

SHA512
0e6ad559886035f2dbad60e5ad278f8b4215371649d91f490410b41894fa3a291327a719fe7b31daa5de5ec08d9248f2c5b8db40432b1520f77f0ec5637578eb

Download Submit
C:\Windows\system\FgoDPsv.exe

Filesize
6.0MB

MD5
de5e44bf2524231a6b8b830afbd234f1

SHA1
01b2865cd14bc0b084e957510a88d73a51797f62

SHA256
0266afef516d304adf59346599d57312b6a3f6e1a306be2c8693a3f97e167f5a

SHA512
63ce6803b35cfbaa727e6b0c5fa792789ba41968a7649b821676c72384c70bf55448590310a7c07d41d330bcbaf855181c1d623986e5bb889a089f4a36a8b8f8

Download Submit
C:\Windows\system\GJeyLJn.exe

Filesize
6.0MB

MD5
61f7450ea5ce3e2fccf0838d66428551

SHA1
192a86e5a79c2be6b2a2d18cd79193bd09442814

SHA256
39fe7abce2836cd96540d2cb696463cdd7e298919c33e457565bfb8ea05670ba

SHA512
ffc03ba037ab56239534938e34dfc8a8ada4ee9c93daa8a4882f605f0bf9b10f3e9277139bbe7d75eeb7358689d88a2c9e9eeb0e05a944be3e200f9489aabeeb

Download Submit
C:\Windows\system\GVkKebo.exe

Filesize
6.0MB

MD5
b4c4036308f536632b2d009010dc9980

SHA1
0ac978091eac115f9098b8c154851c6f83df6889

SHA256
a814381db5073292c30d168b9d64db50c89aad9df9679a98e2ed8e65330ebee4

SHA512
36312089828a37153fcb796591de96a87fd08de45919b1cf9127392f6f77a1a61a1c55ebf8fff8c39ae49f4caa890b925a1aa11d94ca7e91bb6789ae539e775b

Download Submit
C:\Windows\system\IUCMbcG.exe

Filesize
6.0MB

MD5
28692d7f3de480847e2156bf568b1681

SHA1
48528c6315c29ebd7ba4fa43df67e1f98e7573e1

SHA256
b6983fb39689d5f509a575fb65d172f4e102ebb413b471a7ac1676c3e6eaca92

SHA512
5ec7ba2f393eba2c219898ddf2d28e6792f176f9e99dce6f973d9050e832e492c429573f14c4a59ac90cc87a3ef0fb37e77612d4b0cb416e056ef3f48d8512c7

Download Submit
C:\Windows\system\JzKbLFo.exe

Filesize
6.0MB

MD5
29417963fa09b66588071f0ae93668fb

SHA1
a1263975b9e0c9f31600844aa7968922f82cae22

SHA256
e533bd6495465127888547b0d2e40a215bd7897bc68c14d2f3cca4358a4cd5ae

SHA512
1b237c57b042600c8d683d0ca17f32f97ff49b8e344bb798638365fe294dc507fe13977050e2562cd8fc18ffd888c7d8a21051948d9e84ee6589c33ee4e50975

Download Submit
C:\Windows\system\LJwAkbv.exe

Filesize
6.0MB

MD5
b380708177b1669e593b3daea035bb17

SHA1
9e617e806e27f79c620c0dd36c563c5faacc7227

SHA256
6b240f3e4e8d3139968e35263d335a3ece7daba96376487ba023d96ad0a03cdd

SHA512
007763ee723c8f4e78dc07614a5f5e284fd6233d67c7c254d148430e64da9e3c9e195a3777523dbf97766529ae8d7ab32266f8e0160aa86c3146d3d7e8efe956

Download Submit
C:\Windows\system\LMyhgTK.exe

Filesize
6.0MB

MD5
368f535f7b09e4c14ce9fd521d412837

SHA1
a278f873ad271ceed031da1908072f744d5cb90f

SHA256
1d4bd97ecbfcb7099297d874c56f2404f30ed9596d4b53c4e642e8ee64361d46

SHA512
2a369ad2411429f0ce545af9dd577714060d41a8cb2397c222883b68059261ee5c89e659b6dcac7c30a138f8121793dc993c8f5e97ad2ba0917c72f70e2ef83e

Download Submit
C:\Windows\system\MtmCVdk.exe

Filesize
6.0MB

MD5
2f0f65fd48a1f6d552a3391880be0880

SHA1
c6fb3cdf69376bf5114078e4f03c409a0d72e834

SHA256
250f65ca7eacd4ef6e2a4494b499fdc31e8b016723a82854e4d19890aafcce2e

SHA512
49bf1c60a3ab280cfe21bbd524d28df534d41e6eafb2dee15789b39e6204376918a79783aa292315c123ae8d81137018ed3a84b8d861d5a8364db9d69d8866dc

Download Submit
C:\Windows\system\NfEefWt.exe

Filesize
6.0MB

MD5
3fea54bc9b0397757d1fe595964f8d8f

SHA1
741448dd546849bc2fa1262f6c8e2a7c984fe253

SHA256
2cc2154784be7af1a8cbe22f963bf2350236a373862589dd20d385b230dde331

SHA512
0b580f4f72a667b69d174aab2aeab5bc30012456b6cf6974920ac1b0c07f91d38d350e744fa609f89f362e5df1e108544e4e06b1c6528ed24929517ca992d32c

Download Submit
C:\Windows\system\PvMcDmH.exe

Filesize
6.0MB

MD5
ee68474b1e5a940707493c3210614883

SHA1
2efb80bbcb672a9105bf8d1a747dbb074ccb6bf4

SHA256
4044d7db00d1b15f334779258b1ea92e0de00057101a60a1e0d2c99907577428

SHA512
d02a5f9455fdda4b9c873f77c4f5c1ce58249ba14ffca8fcf62285af1e7990d09aea14f649e814a7a7afb260cc2b26b4fbb04b924f374ab5ca709610823a69d5

Download Submit
C:\Windows\system\SYtoYSq.exe

Filesize
6.0MB

MD5
12c5c0e290210ff55ac59b4eb26ceeef

SHA1
65c957d5d98cdaea3b1b061293c873b2b8d769b5

SHA256
7a81691261eb431e51818de7301bbb7fb204ad41160cd3ccba0b8f244ea80415

SHA512
5bc30d27931d5df9c2925b201093fa5d1bd26bccfa341b60ed654c7ab5e6d98ca949507415728d0896955fe4dbdb642b83566ec8d4af94a0e460cd4a2c0dbad5

Download Submit
C:\Windows\system\SyRNzrT.exe

Filesize
6.0MB

MD5
6b0728bab9a27cb345bcf99292a883cc

SHA1
6c158ee3b988660941b3a568f7ccd93b1a42b0c7

SHA256
e729b5b0f0d50dbdb6a226d5880d126689c23c4f807e4cb00072789f96d99092

SHA512
194178a4efb815b545b8a31aa272d86f203efb7ee68a0e3dea920402afd2adc3218ab050829af40eb601dcd3a7982101ad399cd9df2cfbfbab9bb448fc01e647

Download Submit
C:\Windows\system\ZQOsoDz.exe

Filesize
6.0MB

MD5
faf9158d5d02a738c5b20665a14a0919

SHA1
21f9f8959c27e5bd0601f42186023b083ec9c14e

SHA256
6de6ff2e4ec5925957a8a6f076877f0cc2d504840c4acf8044335e64640b6e33

SHA512
fdfbf93c72a4ccf7077cc1e86b1f6a9c03f9a52b572214e0ad86ee66a48fb1159691abc1b4dfc98704288cb8dbf053f1804d50c7f025fc292ecda8341e378d91

Download Submit
C:\Windows\system\ZUMOWQy.exe

Filesize
6.0MB

MD5
b32b59dc04fe94924206d42862bd9f06

SHA1
eeda2cd45134cf697b492830647fb20697bd883a

SHA256
5769c88773fc586f9cfeedb21877fb277f13293fa86fabba1825af37494f9776

SHA512
7e59bfe629e6795790e4a56f47c4fde2182d51f797e05decd937bc75e68c12bfa7440ab8741d012f92888b85a5934f0423bce19fffb3ab3c4cdd2883de0c7ec9

Download Submit
C:\Windows\system\ZUoRuZa.exe

Filesize
6.0MB

MD5
7eb2ad7d712f604437dfd99cd5614ccd

SHA1
7ef2b85eb353381d17717165bcde15109df06017

SHA256
81aa530930e1da5f829228186a79ead590bc2d6496da20c0c874345a56cf1606

SHA512
85491e3b4eaf025495085a8521039e8599b2155e10de5072dd115c74f26225fdb0cc4ab93146ea1b5be56082fe686f1317099194a29a6874c4905345c6c8c5a9

Download Submit
C:\Windows\system\ZmRnMAY.exe

Filesize
6.0MB

MD5
cfb57ed553ddbf299cc201c86ff13157

SHA1
5f7aece1920920f1415a4c1ccb547461a6cf467f

SHA256
66a9b7b2228734966c77dcc132d2a1e2feb7d3b5a601910097925e90c55f778c

SHA512
ebecab4886654b8d1159dd194477ad6e6e708b3b71f00208389663e36e0cfebc11bc46ddd89830956b6ac78575eb9eb6f12e3dca68a08d033a8baa6f286a9496

Download Submit
C:\Windows\system\cvuVTlh.exe

Filesize
6.0MB

MD5
db9ff2e03dd6f15ae1d88b3f5bd43e07

SHA1
a73db249d6d956e5b1cf994ac5c68b0329878ed0

SHA256
b46ebae7d2e296e9bed1aab25ef9a7b797142cfa1e4246832d2ad368ee6d90e3

SHA512
74ff87c5e5401c98a3e0339f553a87d2f1bf87a99358565bf5e9c3388bb99ef3aa6795b493defda6ff42984b2c76b9b7c2218105ae1986df01020a90fcc0530f

Download Submit
C:\Windows\system\dVSkMdT.exe

Filesize
6.0MB

MD5
d3af7005864d5f6990f64146f03179ec

SHA1
156f0d379f5f0b572ccc726cfd2d8edee9147188

SHA256
a03dbd1ce7490dae6c8daff106cc44e4867236dbfb47cf44b17de395beb699dd

SHA512
320b76d06c464c1ad00a772ac823e2600882538f03f815898fd31f264a774af23b6f59b25d19b484d1ce6633877587ec2c9ebe5c4695680ae1687f947ebcee43

Download Submit
C:\Windows\system\feJwVCy.exe

Filesize
6.0MB

MD5
b6bcbf3ebb8d3329570199fbfbaceeee

SHA1
b99c32912b0e2aa33e23d1529c817f349aa09662

SHA256
adeee89e867a0f25b44c063db7b79db8ca0e9e3ccd25082294bbf3c3f33bba7b

SHA512
d0c71a872b5f55da42ba5fa838c2b33847e10152f2959b7ef838b65f37eaaad7406d5023df8896c289696979d2e53c978211e491066a968c52ffa30a7060130d

Download Submit
C:\Windows\system\gNQnLBZ.exe

Filesize
6.0MB

MD5
51adf704479c6c5d6fa5480354ed4c3c

SHA1
9f508347a31d587169926c08aed90ca25ee5d828

SHA256
eb322ff4c2f7893ddd889526f3acd215e0b7fc09399934dd26adc9057bab8050

SHA512
5e3074ec864fc4ceca24ab8b1b591f9e1a4c9ec7ffb2429e41349f7a3a2cae7caba4cf27be901d9067130815824d65dd48a86e689dfa84f63b67fd133ef07407

Download Submit
C:\Windows\system\iNDkjwk.exe

Filesize
6.0MB

MD5
43d629bee746b7f9ed24408359be9364

SHA1
898728dd1f80e216fe2c2f5c9fd44b8028460cc8

SHA256
40b63ab22ef3b4fff8cbf8f13e1afcf2ac9fb77d9464ddaf3b3c8f195f180f8a

SHA512
94d22d567c5e6c31ebe1c79acd8006a3bd4439f84ff2f021d3ad756a606e7b1b8895fddecfceb50fc12b54571d3e820c964d57500f5f9e4dd44df3fa3444b742

Download Submit
C:\Windows\system\itiuROc.exe

Filesize
6.0MB

MD5
59f6b43ac6576bd7914452b298a18037

SHA1
9118215ef4ca8fcc255fe0247e199d64c587e4ac

SHA256
329e8cacff89c3a32d8b11c34f84806044dcebde17c52b22389f7d1b81ec4380

SHA512
5a422065ee09a20bafd4037a7318b66c5e93bd6bb71811ad1bdf4a61c8bf32e27b886bb14f3b7188ca27653ef5a9f72a4339192921409bdb1fd3a0b50f9940a4

Download Submit
C:\Windows\system\oQnfILX.exe

Filesize
6.0MB

MD5
613cda7ab44246a415624a16fdbfedde

SHA1
65e4133e626286c21273c5144f616aef813c8c7f

SHA256
352ae16bd9e9ce2ccb9d3910a8b7faef12ad8c46ff1e62347e089d03c317da7d

SHA512
f201d63f4ac4321b2a5c98b299e57cbe695450ebba473bdfb7a120154b65aa20a56eee71758595a6e27eb7a0c7a3c6f4442a65ebe99212d6a715497055a52616

Download Submit
C:\Windows\system\sQyJbVW.exe

Filesize
6.0MB

MD5
40f6ac19698fafc19dae209f55af235d

SHA1
3df26da4529556735fd5ec4efef1f9058437e2d1

SHA256
8e79afc8a1136fa37fdc9f959111f14bc8b7fed6aac5c0eab9b180190ae84ba5

SHA512
cec93ed31061d40d7a79d9d2817878868b3243986f77772bf31f0e1dcbb5b16f621a9efceb9a3927fa9bdda6bdb01d6afa888f609f9d8e317ac9b234097f51a2

Download Submit
C:\Windows\system\vnswmqP.exe

Filesize
6.0MB

MD5
07deda2467709b89bbb7e23ee5523e36

SHA1
794a1724c79574983e759198df94827b8346beaa

SHA256
251932e580a1523f7ba3afb1914c4bc305598bff691107cec4f4eb267b1fcbfb

SHA512
48e84fbb62a5389ee025b2d5f0bb11b27c71a717044d0f0aec32841e363245399b1bb9f24e144ba50b4f6fc34d11491056fd8a67f1be1d4aec2698e1a6218da6

Download Submit
C:\Windows\system\wpybXMN.exe

Filesize
6.0MB

MD5
193ba15574eed212f49f2a86a606b53f

SHA1
6fd8c1f364ed0f4893ae031762a4e9921e4b392f

SHA256
377b747a7aa5e29d904e5e4a30b86766fc12b568eca2ffe995d52b7a39b41cdd

SHA512
36141dfc927204d27778365e08fcd80c4b2cea4615dea53178c7430c2d0419a755f0cabd2377d2319d04e60e0c43c56875ad81cc5fbfb1191142fc2730290c0e

Download Submit
C:\Windows\system\ydVvWps.exe

Filesize
6.0MB

MD5
0c4b8938c52c2a050e82338037eef3e6

SHA1
a484bf9138fef16b0d718730884f3edcb5ffc808

SHA256
f0ea1137c72587283e5f612c0c035609171559df07da07a665bb6e50fa194961

SHA512
a9384775440493cc3915df2d65642d60babc227b65a910b1d78883b7f09d8fcd0b144355e0dc9e859ab1d4df97047236479b5101a15eed54972a6ad14d00787e

Download Submit
\Windows\system\adDHgLv.exe

Filesize
6.0MB

MD5
15617a4d23a67c7578541487a78f839a

SHA1
31c6ad94728e5acee1a1424528cc67bc759644e3

SHA256
dce42d84ff66f1bdbd2c4e71ec50811ec2f6e0845c5eacecccd2301effc03035

SHA512
688252e7a1dc2d8ca09b033f4a5629357f9a52da9c5a586839a4ac21cf3ed6ca246652e7e922757c963f716afc7971912992edea6fd12527bb639e3ea1d41855

Download Submit
memory/276-3223-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/276-609-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/596-3239-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/596-615-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1064-3257-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1064-617-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1660-619-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1660-3222-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-3227-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1736-613-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2484-3219-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2484-82-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3210-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-611-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-607-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3254-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-603-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3226-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1726-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1762-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2752-618-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-614-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2752-620-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1713-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1724-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-608-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1740-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-606-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-10-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1747-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-602-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2752-600-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2752-604-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1733-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1770-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1777-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1784-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1754-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-616-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-610-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-612-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-79-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-81-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2752-83-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2752-0-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1723-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1710-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1620-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1606-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3201-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2800-599-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2836-678-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3209-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3225-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-605-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-3250-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2992-601-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/3016-80-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-3208-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download