cobaltstrike | 6b44db55956838bf56c1793973117a8339c66be633e1b9d8069ccc4ea46e216c

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

53b0edbb67be905086da9fee9e1b3fa5
SHA1

50029afa64bc8c37c4f58294a17ecf5b25bc5778
SHA256

6b44db55956838bf56c1793973117a8339c66be633e1b9d8069ccc4ea46e216c
SHA512

8616ea77b41a892b0d9cf6b5b26300db89979c06763d1dd22c1b8be1ea15d69cf74bc945a23dbd1607a612612ac64723db35f473159d5b8a7e1696e22ad8a2a8
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUT:T+q56utgpPF8u/7T

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120f9-6.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000162e4-8.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000164de-27.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016689-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c89-47.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ca0-51.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017570-101.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-167.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-160.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-140.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-155.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-145.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-110.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-82.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174f8-81.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-79.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015fa6-64.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-93.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cf0-62.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016b86-41.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016399-15.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 58 IoCs

miner

resource	yara_rule
behavioral1/memory/3048-0-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120f9-6.dat	xmrig
behavioral1/files/0x00080000000162e4-8.dat	xmrig
behavioral1/files/0x00080000000164de-27.dat	xmrig
behavioral1/memory/2700-28-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/files/0x0008000000016689-32.dat	xmrig
behavioral1/files/0x0007000000016c89-47.dat	xmrig
behavioral1/memory/2836-50-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016ca0-51.dat	xmrig
behavioral1/memory/2908-42-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/3048-57-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x0006000000017570-101.dat	xmrig
behavioral1/files/0x0006000000018fdf-150.dat	xmrig
behavioral1/files/0x0005000000019274-174.dat	xmrig
behavioral1/memory/1340-1018-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/3048-888-0x0000000002390000-0x00000000026E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019354-188.dat	xmrig
behavioral1/files/0x0005000000019299-181.dat	xmrig
behavioral1/files/0x000500000001924f-167.dat	xmrig
behavioral1/files/0x00050000000192a1-187.dat	xmrig
behavioral1/files/0x000500000001927a-179.dat	xmrig
behavioral1/files/0x0005000000019261-173.dat	xmrig
behavioral1/files/0x0005000000019237-165.dat	xmrig
behavioral1/files/0x0005000000019203-160.dat	xmrig
behavioral1/files/0x0006000000018d7b-140.dat	xmrig
behavioral1/files/0x0006000000019056-155.dat	xmrig
behavioral1/files/0x0006000000018d83-145.dat	xmrig
behavioral1/files/0x0006000000018be7-135.dat	xmrig
behavioral1/files/0x0005000000018745-130.dat	xmrig
behavioral1/files/0x000500000001871c-125.dat	xmrig
behavioral1/files/0x000500000001870c-120.dat	xmrig
behavioral1/files/0x0005000000018706-115.dat	xmrig
behavioral1/files/0x0005000000018697-110.dat	xmrig
behavioral1/memory/2908-108-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2648-106-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/304-105-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2700-85-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/files/0x00060000000175f1-82.dat	xmrig
behavioral1/files/0x00060000000174f8-81.dat	xmrig
behavioral1/files/0x00060000000175f7-79.dat	xmrig
behavioral1/memory/3048-73-0x0000000002390000-0x00000000026E4000-memory.dmp	xmrig
behavioral1/memory/488-65-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x0008000000015fa6-64.dat	xmrig
behavioral1/memory/1340-98-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2724-58-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/996-94-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/files/0x000d000000018683-93.dat	xmrig
behavioral1/memory/2608-92-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x0009000000016cf0-62.dat	xmrig
behavioral1/files/0x0007000000016b86-41.dat	xmrig
behavioral1/memory/2864-39-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/772-25-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2340-24-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/1280-21-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/files/0x0008000000016399-15.dat	xmrig
behavioral1/memory/2908-3993-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2700-3974-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2836-3969-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
772	LwEAdof.exe
1280	fuNFtxA.exe
2340	PUbLyCF.exe
2700	aodCTVT.exe
2864	ADlVCMf.exe
2908	pJdmhLQ.exe
2836	USTRfnf.exe
2724	CcCujKU.exe
488	lHeAMRA.exe
2608	RccrLUk.exe
996	vTtBlBV.exe
1340	CMgCSPq.exe
304	RpVBoFd.exe
2648	JdGJSoj.exe
2664	cbnErSX.exe
2812	DMGxnvN.exe
1032	tAWyaYl.exe
1992	IGBZPfI.exe
1796	jZjxten.exe
2508	XXxGKvy.exe
1844	sRpIIbH.exe
1636	tgvLbXT.exe
1976	LjWEUAl.exe
1984	MVXxXjl.exe
2964	PdUchWJ.exe
816	BtcYixD.exe
3020	ifZbhKA.exe
1620	nyCjjKn.exe
2576	lqvqniq.exe
1312	gDnEOTJ.exe
956	sIzfWUv.exe
916	hshXuqn.exe
1396	RtcQVbM.exe
844	GOhaXbj.exe
1328	flTqTqW.exe
1300	IVlhIWq.exe
1444	jMtyZld.exe
2012	OWbcLqT.exe
564	KZjTDZz.exe
2484	iTcUBTd.exe
3032	LZJIjgf.exe
2376	ANGksHq.exe
2440	nIdgHwu.exe
2324	OialPOD.exe
2388	EKPYCvl.exe
1676	jpEjDRV.exe
2408	ypFyeoj.exe
2552	jibeStF.exe
2400	aRlRWTo.exe
2544	KNJaXrI.exe
2900	NzwFnmU.exe
2716	QIGuMJk.exe
2244	GvCNvhM.exe
2972	RjZQTnL.exe
1876	kTXgzJy.exe
796	xhwHxFt.exe
2728	WpJvLNh.exe
584	BgaixLY.exe
1788	RaqXuhY.exe
2148	JvoZpGt.exe
1628	ShUaLmo.exe
1764	ZaKsMGA.exe
2004	kPhxmpk.exe
2948	DOcPnnJ.exe

Loads dropped DLL 64 IoCs

pid	Process
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 56 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3048-0-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x00080000000120f9-6.dat	upx
behavioral1/files/0x00080000000162e4-8.dat	upx
behavioral1/files/0x00080000000164de-27.dat	upx
behavioral1/memory/2700-28-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/files/0x0008000000016689-32.dat	upx
behavioral1/files/0x0007000000016c89-47.dat	upx
behavioral1/memory/2836-50-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x0007000000016ca0-51.dat	upx
behavioral1/memory/2908-42-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/3048-57-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x0006000000017570-101.dat	upx
behavioral1/files/0x0006000000018fdf-150.dat	upx
behavioral1/files/0x0005000000019274-174.dat	upx
behavioral1/memory/1340-1018-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x0005000000019354-188.dat	upx
behavioral1/files/0x0005000000019299-181.dat	upx
behavioral1/files/0x000500000001924f-167.dat	upx
behavioral1/files/0x00050000000192a1-187.dat	upx
behavioral1/files/0x000500000001927a-179.dat	upx
behavioral1/files/0x0005000000019261-173.dat	upx
behavioral1/files/0x0005000000019237-165.dat	upx
behavioral1/files/0x0005000000019203-160.dat	upx
behavioral1/files/0x0006000000018d7b-140.dat	upx
behavioral1/files/0x0006000000019056-155.dat	upx
behavioral1/files/0x0006000000018d83-145.dat	upx
behavioral1/files/0x0006000000018be7-135.dat	upx
behavioral1/files/0x0005000000018745-130.dat	upx
behavioral1/files/0x000500000001871c-125.dat	upx
behavioral1/files/0x000500000001870c-120.dat	upx
behavioral1/files/0x0005000000018706-115.dat	upx
behavioral1/files/0x0005000000018697-110.dat	upx
behavioral1/memory/2908-108-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2648-106-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/304-105-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2700-85-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/files/0x00060000000175f1-82.dat	upx
behavioral1/files/0x00060000000174f8-81.dat	upx
behavioral1/files/0x00060000000175f7-79.dat	upx
behavioral1/memory/488-65-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x0008000000015fa6-64.dat	upx
behavioral1/memory/1340-98-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2724-58-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/996-94-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/files/0x000d000000018683-93.dat	upx
behavioral1/memory/2608-92-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x0009000000016cf0-62.dat	upx
behavioral1/files/0x0007000000016b86-41.dat	upx
behavioral1/memory/2864-39-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/772-25-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2340-24-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/1280-21-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/files/0x0008000000016399-15.dat	upx
behavioral1/memory/2908-3993-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2700-3974-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2836-3969-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ewmEdyC.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\exIJvKk.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LqtkZkZ.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uyWAGku.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tlPnNjz.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpVPsib.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\emvTzGd.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FVMQDnL.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iOVJnBA.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jIWZyjR.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RiZCsuV.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZaKsMGA.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ROAjSJN.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VcGrbdt.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fklRFYt.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FNzdEuT.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\thcXrPk.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zmIQNFW.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yVeUwEr.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bMctAaI.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nYXAgbq.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Viodzqe.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cZFYhRX.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tAyQzab.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hJUGORp.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WaZxCWq.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\plMVpcO.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UwjpGti.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QXOBuit.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yeLepBS.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuHJWws.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJKuTuk.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqzNCRL.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TbzTbmq.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgEdkFe.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\obEZawx.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\isutFxG.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TwuefdU.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jbrOhBf.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ORPWoZM.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hHyrSJg.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bkYAUEe.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IdsFfIR.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtGQFdy.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JNauxOO.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uCsaHWm.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zpZSgQQ.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BpgpHwS.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXhcLHy.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lDEUcNZ.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PhrOhxC.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aXClUMH.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OPpyYFY.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jqZuGPD.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vhzqbkO.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PdUchWJ.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OialPOD.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RmDBXGH.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tBGqCMX.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GTIyKmO.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FNeWoiM.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVVYUrD.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jcpJwjk.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ECwilVZ.exe	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 772	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3048 wrote to memory of 772	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3048 wrote to memory of 772	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3048 wrote to memory of 1280	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3048 wrote to memory of 1280	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3048 wrote to memory of 1280	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3048 wrote to memory of 2340	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3048 wrote to memory of 2340	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3048 wrote to memory of 2340	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3048 wrote to memory of 2700	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3048 wrote to memory of 2700	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3048 wrote to memory of 2700	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3048 wrote to memory of 2864	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3048 wrote to memory of 2864	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3048 wrote to memory of 2864	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3048 wrote to memory of 2908	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3048 wrote to memory of 2908	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3048 wrote to memory of 2908	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3048 wrote to memory of 2836	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3048 wrote to memory of 2836	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3048 wrote to memory of 2836	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3048 wrote to memory of 2724	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3048 wrote to memory of 2724	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3048 wrote to memory of 2724	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3048 wrote to memory of 488	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3048 wrote to memory of 488	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3048 wrote to memory of 488	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3048 wrote to memory of 304	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3048 wrote to memory of 304	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3048 wrote to memory of 304	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3048 wrote to memory of 2608	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3048 wrote to memory of 2608	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3048 wrote to memory of 2608	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3048 wrote to memory of 2648	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3048 wrote to memory of 2648	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3048 wrote to memory of 2648	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3048 wrote to memory of 996	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3048 wrote to memory of 996	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3048 wrote to memory of 996	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3048 wrote to memory of 2664	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3048 wrote to memory of 2664	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3048 wrote to memory of 2664	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3048 wrote to memory of 1340	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3048 wrote to memory of 1340	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3048 wrote to memory of 1340	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3048 wrote to memory of 2812	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3048 wrote to memory of 2812	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3048 wrote to memory of 2812	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3048 wrote to memory of 1032	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3048 wrote to memory of 1032	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3048 wrote to memory of 1032	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3048 wrote to memory of 1992	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3048 wrote to memory of 1992	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3048 wrote to memory of 1992	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3048 wrote to memory of 1796	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3048 wrote to memory of 1796	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3048 wrote to memory of 1796	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3048 wrote to memory of 2508	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3048 wrote to memory of 2508	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3048 wrote to memory of 2508	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3048 wrote to memory of 1844	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3048 wrote to memory of 1844	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3048 wrote to memory of 1844	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3048 wrote to memory of 1636	3048	2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-22_53b0edbb67be905086da9fee9e1b3fa5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\System\LwEAdof.exe
  C:\Windows\System\LwEAdof.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\fuNFtxA.exe
  C:\Windows\System\fuNFtxA.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\PUbLyCF.exe
  C:\Windows\System\PUbLyCF.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\aodCTVT.exe
  C:\Windows\System\aodCTVT.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\ADlVCMf.exe
  C:\Windows\System\ADlVCMf.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\pJdmhLQ.exe
  C:\Windows\System\pJdmhLQ.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\USTRfnf.exe
  C:\Windows\System\USTRfnf.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\CcCujKU.exe
  C:\Windows\System\CcCujKU.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\lHeAMRA.exe
  C:\Windows\System\lHeAMRA.exe
  2⤵
  - Executes dropped EXE
  PID:488
- C:\Windows\System\RpVBoFd.exe
  C:\Windows\System\RpVBoFd.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\RccrLUk.exe
  C:\Windows\System\RccrLUk.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\JdGJSoj.exe
  C:\Windows\System\JdGJSoj.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\vTtBlBV.exe
  C:\Windows\System\vTtBlBV.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\cbnErSX.exe
  C:\Windows\System\cbnErSX.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\CMgCSPq.exe
  C:\Windows\System\CMgCSPq.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\DMGxnvN.exe
  C:\Windows\System\DMGxnvN.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\tAWyaYl.exe
  C:\Windows\System\tAWyaYl.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\IGBZPfI.exe
  C:\Windows\System\IGBZPfI.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\jZjxten.exe
  C:\Windows\System\jZjxten.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\XXxGKvy.exe
  C:\Windows\System\XXxGKvy.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\sRpIIbH.exe
  C:\Windows\System\sRpIIbH.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\tgvLbXT.exe
  C:\Windows\System\tgvLbXT.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\LjWEUAl.exe
  C:\Windows\System\LjWEUAl.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\MVXxXjl.exe
  C:\Windows\System\MVXxXjl.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\PdUchWJ.exe
  C:\Windows\System\PdUchWJ.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\BtcYixD.exe
  C:\Windows\System\BtcYixD.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\ifZbhKA.exe
  C:\Windows\System\ifZbhKA.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\sIzfWUv.exe
  C:\Windows\System\sIzfWUv.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\nyCjjKn.exe
  C:\Windows\System\nyCjjKn.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\RtcQVbM.exe
  C:\Windows\System\RtcQVbM.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\lqvqniq.exe
  C:\Windows\System\lqvqniq.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\GOhaXbj.exe
  C:\Windows\System\GOhaXbj.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\gDnEOTJ.exe
  C:\Windows\System\gDnEOTJ.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\flTqTqW.exe
  C:\Windows\System\flTqTqW.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\hshXuqn.exe
  C:\Windows\System\hshXuqn.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\IVlhIWq.exe
  C:\Windows\System\IVlhIWq.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\jMtyZld.exe
  C:\Windows\System\jMtyZld.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\OWbcLqT.exe
  C:\Windows\System\OWbcLqT.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\KZjTDZz.exe
  C:\Windows\System\KZjTDZz.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\nIdgHwu.exe
  C:\Windows\System\nIdgHwu.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\iTcUBTd.exe
  C:\Windows\System\iTcUBTd.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\EKPYCvl.exe
  C:\Windows\System\EKPYCvl.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\LZJIjgf.exe
  C:\Windows\System\LZJIjgf.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\jpEjDRV.exe
  C:\Windows\System\jpEjDRV.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\ANGksHq.exe
  C:\Windows\System\ANGksHq.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\jibeStF.exe
  C:\Windows\System\jibeStF.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\OialPOD.exe
  C:\Windows\System\OialPOD.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\aRlRWTo.exe
  C:\Windows\System\aRlRWTo.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\ypFyeoj.exe
  C:\Windows\System\ypFyeoj.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\KNJaXrI.exe
  C:\Windows\System\KNJaXrI.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\NzwFnmU.exe
  C:\Windows\System\NzwFnmU.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\GvCNvhM.exe
  C:\Windows\System\GvCNvhM.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\QIGuMJk.exe
  C:\Windows\System\QIGuMJk.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\RjZQTnL.exe
  C:\Windows\System\RjZQTnL.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\kTXgzJy.exe
  C:\Windows\System\kTXgzJy.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\xhwHxFt.exe
  C:\Windows\System\xhwHxFt.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\WpJvLNh.exe
  C:\Windows\System\WpJvLNh.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\BgaixLY.exe
  C:\Windows\System\BgaixLY.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\RaqXuhY.exe
  C:\Windows\System\RaqXuhY.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\JvoZpGt.exe
  C:\Windows\System\JvoZpGt.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\ShUaLmo.exe
  C:\Windows\System\ShUaLmo.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\ZaKsMGA.exe
  C:\Windows\System\ZaKsMGA.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\kPhxmpk.exe
  C:\Windows\System\kPhxmpk.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\DOcPnnJ.exe
  C:\Windows\System\DOcPnnJ.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\NbbJhAy.exe
  C:\Windows\System\NbbJhAy.exe
  2⤵
  PID:1812
- C:\Windows\System\ZiSnCJr.exe
  C:\Windows\System\ZiSnCJr.exe
  2⤵
  PID:1560
- C:\Windows\System\WXgKRon.exe
  C:\Windows\System\WXgKRon.exe
  2⤵
  PID:2468
- C:\Windows\System\SUWkzxu.exe
  C:\Windows\System\SUWkzxu.exe
  2⤵
  PID:1556
- C:\Windows\System\WGEHERV.exe
  C:\Windows\System\WGEHERV.exe
  2⤵
  PID:1236
- C:\Windows\System\GETdWLi.exe
  C:\Windows\System\GETdWLi.exe
  2⤵
  PID:1352
- C:\Windows\System\zoAfsgJ.exe
  C:\Windows\System\zoAfsgJ.exe
  2⤵
  PID:2268
- C:\Windows\System\xsWVyMo.exe
  C:\Windows\System\xsWVyMo.exe
  2⤵
  PID:700
- C:\Windows\System\nyMoAFL.exe
  C:\Windows\System\nyMoAFL.exe
  2⤵
  PID:2116
- C:\Windows\System\toWbKiF.exe
  C:\Windows\System\toWbKiF.exe
  2⤵
  PID:2916
- C:\Windows\System\HTBnHNv.exe
  C:\Windows\System\HTBnHNv.exe
  2⤵
  PID:2524
- C:\Windows\System\lDajFwD.exe
  C:\Windows\System\lDajFwD.exe
  2⤵
  PID:3060
- C:\Windows\System\eeLLLYW.exe
  C:\Windows\System\eeLLLYW.exe
  2⤵
  PID:2052
- C:\Windows\System\TtbIhwf.exe
  C:\Windows\System\TtbIhwf.exe
  2⤵
  PID:1048
- C:\Windows\System\HgjBgBO.exe
  C:\Windows\System\HgjBgBO.exe
  2⤵
  PID:2912
- C:\Windows\System\rqYyems.exe
  C:\Windows\System\rqYyems.exe
  2⤵
  PID:2744
- C:\Windows\System\IyXAVIk.exe
  C:\Windows\System\IyXAVIk.exe
  2⤵
  PID:2632
- C:\Windows\System\MmrAlgK.exe
  C:\Windows\System\MmrAlgK.exe
  2⤵
  PID:2720
- C:\Windows\System\fSPPfLq.exe
  C:\Windows\System\fSPPfLq.exe
  2⤵
  PID:988
- C:\Windows\System\uEHawkt.exe
  C:\Windows\System\uEHawkt.exe
  2⤵
  PID:2036
- C:\Windows\System\LzTGCnE.exe
  C:\Windows\System\LzTGCnE.exe
  2⤵
  PID:1868
- C:\Windows\System\fSoSGPd.exe
  C:\Windows\System\fSoSGPd.exe
  2⤵
  PID:2956
- C:\Windows\System\XODAcCx.exe
  C:\Windows\System\XODAcCx.exe
  2⤵
  PID:1872
- C:\Windows\System\iwEJAGs.exe
  C:\Windows\System\iwEJAGs.exe
  2⤵
  PID:2492
- C:\Windows\System\XRuVpqR.exe
  C:\Windows\System\XRuVpqR.exe
  2⤵
  PID:1776
- C:\Windows\System\ehDgPfD.exe
  C:\Windows\System\ehDgPfD.exe
  2⤵
  PID:1092
- C:\Windows\System\UskpYoo.exe
  C:\Windows\System\UskpYoo.exe
  2⤵
  PID:1156
- C:\Windows\System\mlaXZol.exe
  C:\Windows\System\mlaXZol.exe
  2⤵
  PID:3084
- C:\Windows\System\NEkmXAs.exe
  C:\Windows\System\NEkmXAs.exe
  2⤵
  PID:3104
- C:\Windows\System\qgwWsqf.exe
  C:\Windows\System\qgwWsqf.exe
  2⤵
  PID:3124
- C:\Windows\System\SaQGsfX.exe
  C:\Windows\System\SaQGsfX.exe
  2⤵
  PID:3144
- C:\Windows\System\onCzOhp.exe
  C:\Windows\System\onCzOhp.exe
  2⤵
  PID:3164
- C:\Windows\System\xiRpmxP.exe
  C:\Windows\System\xiRpmxP.exe
  2⤵
  PID:3184
- C:\Windows\System\Ajowkka.exe
  C:\Windows\System\Ajowkka.exe
  2⤵
  PID:3204
- C:\Windows\System\JNauxOO.exe
  C:\Windows\System\JNauxOO.exe
  2⤵
  PID:3224
- C:\Windows\System\vlBWAnm.exe
  C:\Windows\System\vlBWAnm.exe
  2⤵
  PID:3244
- C:\Windows\System\JSyzuSG.exe
  C:\Windows\System\JSyzuSG.exe
  2⤵
  PID:3264
- C:\Windows\System\dlVlOkE.exe
  C:\Windows\System\dlVlOkE.exe
  2⤵
  PID:3284
- C:\Windows\System\WtNSxtu.exe
  C:\Windows\System\WtNSxtu.exe
  2⤵
  PID:3304
- C:\Windows\System\uVMHYhP.exe
  C:\Windows\System\uVMHYhP.exe
  2⤵
  PID:3324
- C:\Windows\System\dgHdCOZ.exe
  C:\Windows\System\dgHdCOZ.exe
  2⤵
  PID:3344
- C:\Windows\System\qlePkRc.exe
  C:\Windows\System\qlePkRc.exe
  2⤵
  PID:3364
- C:\Windows\System\rsoizYh.exe
  C:\Windows\System\rsoizYh.exe
  2⤵
  PID:3384
- C:\Windows\System\gddiUQr.exe
  C:\Windows\System\gddiUQr.exe
  2⤵
  PID:3404
- C:\Windows\System\KloJbsd.exe
  C:\Windows\System\KloJbsd.exe
  2⤵
  PID:3424
- C:\Windows\System\ozBLqjP.exe
  C:\Windows\System\ozBLqjP.exe
  2⤵
  PID:3444
- C:\Windows\System\NDTHMJf.exe
  C:\Windows\System\NDTHMJf.exe
  2⤵
  PID:3464
- C:\Windows\System\jOwRoGn.exe
  C:\Windows\System\jOwRoGn.exe
  2⤵
  PID:3484
- C:\Windows\System\vnprFRX.exe
  C:\Windows\System\vnprFRX.exe
  2⤵
  PID:3504
- C:\Windows\System\OPzRZiz.exe
  C:\Windows\System\OPzRZiz.exe
  2⤵
  PID:3524
- C:\Windows\System\ROAjSJN.exe
  C:\Windows\System\ROAjSJN.exe
  2⤵
  PID:3544
- C:\Windows\System\vMrNYgz.exe
  C:\Windows\System\vMrNYgz.exe
  2⤵
  PID:3564
- C:\Windows\System\odeKROv.exe
  C:\Windows\System\odeKROv.exe
  2⤵
  PID:3584
- C:\Windows\System\BKNiphd.exe
  C:\Windows\System\BKNiphd.exe
  2⤵
  PID:3604
- C:\Windows\System\ZIVVkik.exe
  C:\Windows\System\ZIVVkik.exe
  2⤵
  PID:3624
- C:\Windows\System\uCsaHWm.exe
  C:\Windows\System\uCsaHWm.exe
  2⤵
  PID:3644
- C:\Windows\System\OvMeIwM.exe
  C:\Windows\System\OvMeIwM.exe
  2⤵
  PID:3664
- C:\Windows\System\TTEYNyT.exe
  C:\Windows\System\TTEYNyT.exe
  2⤵
  PID:3684
- C:\Windows\System\tNnjfrb.exe
  C:\Windows\System\tNnjfrb.exe
  2⤵
  PID:3704
- C:\Windows\System\LTMCJmJ.exe
  C:\Windows\System\LTMCJmJ.exe
  2⤵
  PID:3724
- C:\Windows\System\nYXAgbq.exe
  C:\Windows\System\nYXAgbq.exe
  2⤵
  PID:3744
- C:\Windows\System\yPbjocM.exe
  C:\Windows\System\yPbjocM.exe
  2⤵
  PID:3764
- C:\Windows\System\oPBkCYJ.exe
  C:\Windows\System\oPBkCYJ.exe
  2⤵
  PID:3784
- C:\Windows\System\yeLepBS.exe
  C:\Windows\System\yeLepBS.exe
  2⤵
  PID:3800
- C:\Windows\System\VbgMpAE.exe
  C:\Windows\System\VbgMpAE.exe
  2⤵
  PID:3816
- C:\Windows\System\RmDBXGH.exe
  C:\Windows\System\RmDBXGH.exe
  2⤵
  PID:3832
- C:\Windows\System\heJVhXr.exe
  C:\Windows\System\heJVhXr.exe
  2⤵
  PID:3848
- C:\Windows\System\AslsLEO.exe
  C:\Windows\System\AslsLEO.exe
  2⤵
  PID:3868
- C:\Windows\System\CEHxvWZ.exe
  C:\Windows\System\CEHxvWZ.exe
  2⤵
  PID:3884
- C:\Windows\System\gAcplLH.exe
  C:\Windows\System\gAcplLH.exe
  2⤵
  PID:3900
- C:\Windows\System\bnrAbkr.exe
  C:\Windows\System\bnrAbkr.exe
  2⤵
  PID:3928
- C:\Windows\System\nbZzLvS.exe
  C:\Windows\System\nbZzLvS.exe
  2⤵
  PID:3956
- C:\Windows\System\iOsWXnF.exe
  C:\Windows\System\iOsWXnF.exe
  2⤵
  PID:3984
- C:\Windows\System\NCQwuMq.exe
  C:\Windows\System\NCQwuMq.exe
  2⤵
  PID:4004
- C:\Windows\System\oayDFWQ.exe
  C:\Windows\System\oayDFWQ.exe
  2⤵
  PID:4020
- C:\Windows\System\yNYAEHq.exe
  C:\Windows\System\yNYAEHq.exe
  2⤵
  PID:4044
- C:\Windows\System\sbAsjjG.exe
  C:\Windows\System\sbAsjjG.exe
  2⤵
  PID:4064
- C:\Windows\System\EsZCvRU.exe
  C:\Windows\System\EsZCvRU.exe
  2⤵
  PID:4084
- C:\Windows\System\YmffoZq.exe
  C:\Windows\System\YmffoZq.exe
  2⤵
  PID:392
- C:\Windows\System\uKpLjCh.exe
  C:\Windows\System\uKpLjCh.exe
  2⤵
  PID:1792
- C:\Windows\System\MtvzAfP.exe
  C:\Windows\System\MtvzAfP.exe
  2⤵
  PID:1608
- C:\Windows\System\TZdnUpm.exe
  C:\Windows\System\TZdnUpm.exe
  2⤵
  PID:2344
- C:\Windows\System\TuHJWws.exe
  C:\Windows\System\TuHJWws.exe
  2⤵
  PID:2168
- C:\Windows\System\KFXVAMg.exe
  C:\Windows\System\KFXVAMg.exe
  2⤵
  PID:1948
- C:\Windows\System\dDKLBsi.exe
  C:\Windows\System\dDKLBsi.exe
  2⤵
  PID:2248
- C:\Windows\System\thHjwSc.exe
  C:\Windows\System\thHjwSc.exe
  2⤵
  PID:1856
- C:\Windows\System\AJKuTuk.exe
  C:\Windows\System\AJKuTuk.exe
  2⤵
  PID:660
- C:\Windows\System\HbJQGxm.exe
  C:\Windows\System\HbJQGxm.exe
  2⤵
  PID:1996
- C:\Windows\System\TtaVQUy.exe
  C:\Windows\System\TtaVQUy.exe
  2⤵
  PID:1544
- C:\Windows\System\VcXfxCx.exe
  C:\Windows\System\VcXfxCx.exe
  2⤵
  PID:3076
- C:\Windows\System\NjnKgCZ.exe
  C:\Windows\System\NjnKgCZ.exe
  2⤵
  PID:3120
- C:\Windows\System\kIIZMnz.exe
  C:\Windows\System\kIIZMnz.exe
  2⤵
  PID:3152
- C:\Windows\System\mFfBYPo.exe
  C:\Windows\System\mFfBYPo.exe
  2⤵
  PID:3172
- C:\Windows\System\kDqyBAJ.exe
  C:\Windows\System\kDqyBAJ.exe
  2⤵
  PID:3176
- C:\Windows\System\YaXQbbY.exe
  C:\Windows\System\YaXQbbY.exe
  2⤵
  PID:3216
- C:\Windows\System\hmooHTN.exe
  C:\Windows\System\hmooHTN.exe
  2⤵
  PID:3256
- C:\Windows\System\YKRqFeV.exe
  C:\Windows\System\YKRqFeV.exe
  2⤵
  PID:3312
- C:\Windows\System\oUCuisz.exe
  C:\Windows\System\oUCuisz.exe
  2⤵
  PID:3360
- C:\Windows\System\XlcUhHn.exe
  C:\Windows\System\XlcUhHn.exe
  2⤵
  PID:3392
- C:\Windows\System\IBbZDva.exe
  C:\Windows\System\IBbZDva.exe
  2⤵
  PID:3376
- C:\Windows\System\DTPGbAl.exe
  C:\Windows\System\DTPGbAl.exe
  2⤵
  PID:3440
- C:\Windows\System\aBEkpYG.exe
  C:\Windows\System\aBEkpYG.exe
  2⤵
  PID:3512
- C:\Windows\System\iLSfSIm.exe
  C:\Windows\System\iLSfSIm.exe
  2⤵
  PID:3456
- C:\Windows\System\QZcNRje.exe
  C:\Windows\System\QZcNRje.exe
  2⤵
  PID:3532
- C:\Windows\System\BDoUKXW.exe
  C:\Windows\System\BDoUKXW.exe
  2⤵
  PID:3592
- C:\Windows\System\zGaqunF.exe
  C:\Windows\System\zGaqunF.exe
  2⤵
  PID:3576
- C:\Windows\System\emvTzGd.exe
  C:\Windows\System\emvTzGd.exe
  2⤵
  PID:3672
- C:\Windows\System\WJHYQix.exe
  C:\Windows\System\WJHYQix.exe
  2⤵
  PID:3716
- C:\Windows\System\jbFvoxB.exe
  C:\Windows\System\jbFvoxB.exe
  2⤵
  PID:3656
- C:\Windows\System\FsAqiby.exe
  C:\Windows\System\FsAqiby.exe
  2⤵
  PID:3740
- C:\Windows\System\NVWPYuD.exe
  C:\Windows\System\NVWPYuD.exe
  2⤵
  PID:3792
- C:\Windows\System\fCwbHWn.exe
  C:\Windows\System\fCwbHWn.exe
  2⤵
  PID:3824
- C:\Windows\System\Viodzqe.exe
  C:\Windows\System\Viodzqe.exe
  2⤵
  PID:3892
- C:\Windows\System\JcVwoNk.exe
  C:\Windows\System\JcVwoNk.exe
  2⤵
  PID:3912
- C:\Windows\System\grxNxAj.exe
  C:\Windows\System\grxNxAj.exe
  2⤵
  PID:3840
- C:\Windows\System\uGGqUpa.exe
  C:\Windows\System\uGGqUpa.exe
  2⤵
  PID:3948
- C:\Windows\System\AVTGTTs.exe
  C:\Windows\System\AVTGTTs.exe
  2⤵
  PID:3972
- C:\Windows\System\iNTBTpo.exe
  C:\Windows\System\iNTBTpo.exe
  2⤵
  PID:3996
- C:\Windows\System\rZhvJOy.exe
  C:\Windows\System\rZhvJOy.exe
  2⤵
  PID:4040
- C:\Windows\System\jGZtJcp.exe
  C:\Windows\System\jGZtJcp.exe
  2⤵
  PID:4056
- C:\Windows\System\fxAmkuL.exe
  C:\Windows\System\fxAmkuL.exe
  2⤵
  PID:1616
- C:\Windows\System\UZNhRtx.exe
  C:\Windows\System\UZNhRtx.exe
  2⤵
  PID:2528
- C:\Windows\System\kYQiief.exe
  C:\Windows\System\kYQiief.exe
  2⤵
  PID:2772
- C:\Windows\System\iHiFNpl.exe
  C:\Windows\System\iHiFNpl.exe
  2⤵
  PID:1688
- C:\Windows\System\oqVnKMa.exe
  C:\Windows\System\oqVnKMa.exe
  2⤵
  PID:2604
- C:\Windows\System\VcGrbdt.exe
  C:\Windows\System\VcGrbdt.exe
  2⤵
  PID:3012
- C:\Windows\System\kkjoqZy.exe
  C:\Windows\System\kkjoqZy.exe
  2⤵
  PID:3080
- C:\Windows\System\AtrlBkB.exe
  C:\Windows\System\AtrlBkB.exe
  2⤵
  PID:3200
- C:\Windows\System\iAYsweT.exe
  C:\Windows\System\iAYsweT.exe
  2⤵
  PID:3136
- C:\Windows\System\tsUXCgm.exe
  C:\Windows\System\tsUXCgm.exe
  2⤵
  PID:3272
- C:\Windows\System\LrywWvZ.exe
  C:\Windows\System\LrywWvZ.exe
  2⤵
  PID:3276
- C:\Windows\System\rYqNqZW.exe
  C:\Windows\System\rYqNqZW.exe
  2⤵
  PID:3316
- C:\Windows\System\NhWWPwK.exe
  C:\Windows\System\NhWWPwK.exe
  2⤵
  PID:3396
- C:\Windows\System\TwuefdU.exe
  C:\Windows\System\TwuefdU.exe
  2⤵
  PID:3472
- C:\Windows\System\AXxVmOx.exe
  C:\Windows\System\AXxVmOx.exe
  2⤵
  PID:3500
- C:\Windows\System\hoRxFPr.exe
  C:\Windows\System\hoRxFPr.exe
  2⤵
  PID:3596
- C:\Windows\System\LfLyVXM.exe
  C:\Windows\System\LfLyVXM.exe
  2⤵
  PID:3632
- C:\Windows\System\crNhLSC.exe
  C:\Windows\System\crNhLSC.exe
  2⤵
  PID:3640
- C:\Windows\System\tPPKAQv.exe
  C:\Windows\System\tPPKAQv.exe
  2⤵
  PID:3732
- C:\Windows\System\cTjKJAO.exe
  C:\Windows\System\cTjKJAO.exe
  2⤵
  PID:3752
- C:\Windows\System\NiuZAiY.exe
  C:\Windows\System\NiuZAiY.exe
  2⤵
  PID:3864
- C:\Windows\System\mYaKPdV.exe
  C:\Windows\System\mYaKPdV.exe
  2⤵
  PID:3844
- C:\Windows\System\TMmKMsS.exe
  C:\Windows\System\TMmKMsS.exe
  2⤵
  PID:3944
- C:\Windows\System\sSbUxOc.exe
  C:\Windows\System\sSbUxOc.exe
  2⤵
  PID:3964
- C:\Windows\System\FYVoFdj.exe
  C:\Windows\System\FYVoFdj.exe
  2⤵
  PID:4032
- C:\Windows\System\qzLyjbM.exe
  C:\Windows\System\qzLyjbM.exe
  2⤵
  PID:4092
- C:\Windows\System\VxMyfJv.exe
  C:\Windows\System\VxMyfJv.exe
  2⤵
  PID:2592
- C:\Windows\System\vfMhwLj.exe
  C:\Windows\System\vfMhwLj.exe
  2⤵
  PID:1988
- C:\Windows\System\WaZxCWq.exe
  C:\Windows\System\WaZxCWq.exe
  2⤵
  PID:3100
- C:\Windows\System\MEUJtMG.exe
  C:\Windows\System\MEUJtMG.exe
  2⤵
  PID:2988
- C:\Windows\System\iJfpmBw.exe
  C:\Windows\System\iJfpmBw.exe
  2⤵
  PID:3196
- C:\Windows\System\cfSbdBq.exe
  C:\Windows\System\cfSbdBq.exe
  2⤵
  PID:3252
- C:\Windows\System\Fygahpv.exe
  C:\Windows\System\Fygahpv.exe
  2⤵
  PID:3432
- C:\Windows\System\gFyplim.exe
  C:\Windows\System\gFyplim.exe
  2⤵
  PID:3460
- C:\Windows\System\FFCLVxR.exe
  C:\Windows\System\FFCLVxR.exe
  2⤵
  PID:3560
- C:\Windows\System\YCbhtFs.exe
  C:\Windows\System\YCbhtFs.exe
  2⤵
  PID:3712
- C:\Windows\System\pUuvajF.exe
  C:\Windows\System\pUuvajF.exe
  2⤵
  PID:3700
- C:\Windows\System\IjCbNwI.exe
  C:\Windows\System\IjCbNwI.exe
  2⤵
  PID:3856
- C:\Windows\System\zHQrSel.exe
  C:\Windows\System\zHQrSel.exe
  2⤵
  PID:4104
- C:\Windows\System\IARshrb.exe
  C:\Windows\System\IARshrb.exe
  2⤵
  PID:4124
- C:\Windows\System\PfcewlU.exe
  C:\Windows\System\PfcewlU.exe
  2⤵
  PID:4144
- C:\Windows\System\gjTrqwj.exe
  C:\Windows\System\gjTrqwj.exe
  2⤵
  PID:4164
- C:\Windows\System\YnlbrNa.exe
  C:\Windows\System\YnlbrNa.exe
  2⤵
  PID:4184
- C:\Windows\System\xqzNCRL.exe
  C:\Windows\System\xqzNCRL.exe
  2⤵
  PID:4204
- C:\Windows\System\cbspSzW.exe
  C:\Windows\System\cbspSzW.exe
  2⤵
  PID:4224
- C:\Windows\System\zuOkvAH.exe
  C:\Windows\System\zuOkvAH.exe
  2⤵
  PID:4244
- C:\Windows\System\HNhmrum.exe
  C:\Windows\System\HNhmrum.exe
  2⤵
  PID:4264
- C:\Windows\System\ZcsWbxk.exe
  C:\Windows\System\ZcsWbxk.exe
  2⤵
  PID:4284
- C:\Windows\System\euEoSbn.exe
  C:\Windows\System\euEoSbn.exe
  2⤵
  PID:4304
- C:\Windows\System\YyVFuiI.exe
  C:\Windows\System\YyVFuiI.exe
  2⤵
  PID:4324
- C:\Windows\System\wiyAAcv.exe
  C:\Windows\System\wiyAAcv.exe
  2⤵
  PID:4344
- C:\Windows\System\xeQWDHP.exe
  C:\Windows\System\xeQWDHP.exe
  2⤵
  PID:4364
- C:\Windows\System\IovkJHI.exe
  C:\Windows\System\IovkJHI.exe
  2⤵
  PID:4384
- C:\Windows\System\zeGaUSl.exe
  C:\Windows\System\zeGaUSl.exe
  2⤵
  PID:4404
- C:\Windows\System\WTAFQCH.exe
  C:\Windows\System\WTAFQCH.exe
  2⤵
  PID:4424
- C:\Windows\System\zNPugSl.exe
  C:\Windows\System\zNPugSl.exe
  2⤵
  PID:4444
- C:\Windows\System\tqRAslS.exe
  C:\Windows\System\tqRAslS.exe
  2⤵
  PID:4464
- C:\Windows\System\jbrOhBf.exe
  C:\Windows\System\jbrOhBf.exe
  2⤵
  PID:4484
- C:\Windows\System\OfxGmcg.exe
  C:\Windows\System\OfxGmcg.exe
  2⤵
  PID:4504
- C:\Windows\System\dQrRbVR.exe
  C:\Windows\System\dQrRbVR.exe
  2⤵
  PID:4524
- C:\Windows\System\SIQJOcI.exe
  C:\Windows\System\SIQJOcI.exe
  2⤵
  PID:4544
- C:\Windows\System\QUoasYe.exe
  C:\Windows\System\QUoasYe.exe
  2⤵
  PID:4564
- C:\Windows\System\lvbDNAk.exe
  C:\Windows\System\lvbDNAk.exe
  2⤵
  PID:4584
- C:\Windows\System\ewmEdyC.exe
  C:\Windows\System\ewmEdyC.exe
  2⤵
  PID:4604
- C:\Windows\System\SoTsPTF.exe
  C:\Windows\System\SoTsPTF.exe
  2⤵
  PID:4624
- C:\Windows\System\ZyDxjNN.exe
  C:\Windows\System\ZyDxjNN.exe
  2⤵
  PID:4644
- C:\Windows\System\lNRFeBe.exe
  C:\Windows\System\lNRFeBe.exe
  2⤵
  PID:4664
- C:\Windows\System\yEiRkiB.exe
  C:\Windows\System\yEiRkiB.exe
  2⤵
  PID:4684
- C:\Windows\System\vbQVFus.exe
  C:\Windows\System\vbQVFus.exe
  2⤵
  PID:4704
- C:\Windows\System\BaPhpUu.exe
  C:\Windows\System\BaPhpUu.exe
  2⤵
  PID:4724
- C:\Windows\System\ORPWoZM.exe
  C:\Windows\System\ORPWoZM.exe
  2⤵
  PID:4744
- C:\Windows\System\SybDJva.exe
  C:\Windows\System\SybDJva.exe
  2⤵
  PID:4764
- C:\Windows\System\XJpHiOl.exe
  C:\Windows\System\XJpHiOl.exe
  2⤵
  PID:4784
- C:\Windows\System\QZywySq.exe
  C:\Windows\System\QZywySq.exe
  2⤵
  PID:4804
- C:\Windows\System\szcOQrR.exe
  C:\Windows\System\szcOQrR.exe
  2⤵
  PID:4824
- C:\Windows\System\nmmZMJD.exe
  C:\Windows\System\nmmZMJD.exe
  2⤵
  PID:4844
- C:\Windows\System\cslLwva.exe
  C:\Windows\System\cslLwva.exe
  2⤵
  PID:4864
- C:\Windows\System\PhrOhxC.exe
  C:\Windows\System\PhrOhxC.exe
  2⤵
  PID:4884
- C:\Windows\System\mDhpYPn.exe
  C:\Windows\System\mDhpYPn.exe
  2⤵
  PID:4904
- C:\Windows\System\ZsJmwHR.exe
  C:\Windows\System\ZsJmwHR.exe
  2⤵
  PID:4924
- C:\Windows\System\BEzvCiT.exe
  C:\Windows\System\BEzvCiT.exe
  2⤵
  PID:4948
- C:\Windows\System\eqXFVGp.exe
  C:\Windows\System\eqXFVGp.exe
  2⤵
  PID:4968
- C:\Windows\System\YXAVsqh.exe
  C:\Windows\System\YXAVsqh.exe
  2⤵
  PID:4988
- C:\Windows\System\cWplaga.exe
  C:\Windows\System\cWplaga.exe
  2⤵
  PID:5008
- C:\Windows\System\hlgyqGk.exe
  C:\Windows\System\hlgyqGk.exe
  2⤵
  PID:5028
- C:\Windows\System\RgpXjvy.exe
  C:\Windows\System\RgpXjvy.exe
  2⤵
  PID:5048
- C:\Windows\System\HmKybZT.exe
  C:\Windows\System\HmKybZT.exe
  2⤵
  PID:5068
- C:\Windows\System\hLtgQOC.exe
  C:\Windows\System\hLtgQOC.exe
  2⤵
  PID:5088
- C:\Windows\System\XUZuOpL.exe
  C:\Windows\System\XUZuOpL.exe
  2⤵
  PID:5108
- C:\Windows\System\IbmMllg.exe
  C:\Windows\System\IbmMllg.exe
  2⤵
  PID:3976
- C:\Windows\System\vaIPsIV.exe
  C:\Windows\System\vaIPsIV.exe
  2⤵
  PID:4052
- C:\Windows\System\lhsOmEm.exe
  C:\Windows\System\lhsOmEm.exe
  2⤵
  PID:1532
- C:\Windows\System\OYZKHIJ.exe
  C:\Windows\System\OYZKHIJ.exe
  2⤵
  PID:1932
- C:\Windows\System\NZHAiYN.exe
  C:\Windows\System\NZHAiYN.exe
  2⤵
  PID:3132
- C:\Windows\System\FNeWoiM.exe
  C:\Windows\System\FNeWoiM.exe
  2⤵
  PID:3160
- C:\Windows\System\fvTpCWQ.exe
  C:\Windows\System\fvTpCWQ.exe
  2⤵
  PID:3480
- C:\Windows\System\AIcoONv.exe
  C:\Windows\System\AIcoONv.exe
  2⤵
  PID:3452
- C:\Windows\System\uhyItat.exe
  C:\Windows\System\uhyItat.exe
  2⤵
  PID:3780
- C:\Windows\System\YFKcjBD.exe
  C:\Windows\System\YFKcjBD.exe
  2⤵
  PID:3776
- C:\Windows\System\lKAKNie.exe
  C:\Windows\System\lKAKNie.exe
  2⤵
  PID:4100
- C:\Windows\System\oelwhrQ.exe
  C:\Windows\System\oelwhrQ.exe
  2⤵
  PID:4156
- C:\Windows\System\MXdddTD.exe
  C:\Windows\System\MXdddTD.exe
  2⤵
  PID:4192
- C:\Windows\System\sBHckjW.exe
  C:\Windows\System\sBHckjW.exe
  2⤵
  PID:4212
- C:\Windows\System\DhzdluW.exe
  C:\Windows\System\DhzdluW.exe
  2⤵
  PID:4236
- C:\Windows\System\vcojtPX.exe
  C:\Windows\System\vcojtPX.exe
  2⤵
  PID:4280
- C:\Windows\System\GxYsmYM.exe
  C:\Windows\System\GxYsmYM.exe
  2⤵
  PID:4296
- C:\Windows\System\hUyFKQf.exe
  C:\Windows\System\hUyFKQf.exe
  2⤵
  PID:4332
- C:\Windows\System\csyHPfX.exe
  C:\Windows\System\csyHPfX.exe
  2⤵
  PID:4380
- C:\Windows\System\AepIiqZ.exe
  C:\Windows\System\AepIiqZ.exe
  2⤵
  PID:4412
- C:\Windows\System\OnurwOF.exe
  C:\Windows\System\OnurwOF.exe
  2⤵
  PID:4440
- C:\Windows\System\WjRiuiq.exe
  C:\Windows\System\WjRiuiq.exe
  2⤵
  PID:4480
- C:\Windows\System\FVMQDnL.exe
  C:\Windows\System\FVMQDnL.exe
  2⤵
  PID:4512
- C:\Windows\System\EaZeZqI.exe
  C:\Windows\System\EaZeZqI.exe
  2⤵
  PID:4536
- C:\Windows\System\shhjWtV.exe
  C:\Windows\System\shhjWtV.exe
  2⤵
  PID:4592
- C:\Windows\System\ZtZZDLU.exe
  C:\Windows\System\ZtZZDLU.exe
  2⤵
  PID:4632
- C:\Windows\System\lczzVyh.exe
  C:\Windows\System\lczzVyh.exe
  2⤵
  PID:4636
- C:\Windows\System\EopMgZN.exe
  C:\Windows\System\EopMgZN.exe
  2⤵
  PID:4680
- C:\Windows\System\blCYBYM.exe
  C:\Windows\System\blCYBYM.exe
  2⤵
  PID:4696
- C:\Windows\System\NqYwiZo.exe
  C:\Windows\System\NqYwiZo.exe
  2⤵
  PID:4736
- C:\Windows\System\eeLwBLG.exe
  C:\Windows\System\eeLwBLG.exe
  2⤵
  PID:4800
- C:\Windows\System\GXMWQKG.exe
  C:\Windows\System\GXMWQKG.exe
  2⤵
  PID:4812
- C:\Windows\System\EYOAemF.exe
  C:\Windows\System\EYOAemF.exe
  2⤵
  PID:4836
- C:\Windows\System\IaCDgof.exe
  C:\Windows\System\IaCDgof.exe
  2⤵
  PID:4892
- C:\Windows\System\iTadNkJ.exe
  C:\Windows\System\iTadNkJ.exe
  2⤵
  PID:4916
- C:\Windows\System\cxekuPV.exe
  C:\Windows\System\cxekuPV.exe
  2⤵
  PID:4964
- C:\Windows\System\HNmIkqd.exe
  C:\Windows\System\HNmIkqd.exe
  2⤵
  PID:4980
- C:\Windows\System\pmQdVQm.exe
  C:\Windows\System\pmQdVQm.exe
  2⤵
  PID:5020
- C:\Windows\System\tpveSZJ.exe
  C:\Windows\System\tpveSZJ.exe
  2⤵
  PID:5064
- C:\Windows\System\hIwnGOw.exe
  C:\Windows\System\hIwnGOw.exe
  2⤵
  PID:5096
- C:\Windows\System\MhNlOGG.exe
  C:\Windows\System\MhNlOGG.exe
  2⤵
  PID:3880
- C:\Windows\System\qhPwvBH.exe
  C:\Windows\System\qhPwvBH.exe
  2⤵
  PID:2140
- C:\Windows\System\vCNLBCJ.exe
  C:\Windows\System\vCNLBCJ.exe
  2⤵
  PID:1408
- C:\Windows\System\RqPaoBx.exe
  C:\Windows\System\RqPaoBx.exe
  2⤵
  PID:3092
- C:\Windows\System\xBDkKTL.exe
  C:\Windows\System\xBDkKTL.exe
  2⤵
  PID:3496
- C:\Windows\System\tTxedrN.exe
  C:\Windows\System\tTxedrN.exe
  2⤵
  PID:3920
- C:\Windows\System\eOWBrwp.exe
  C:\Windows\System\eOWBrwp.exe
  2⤵
  PID:3940
- C:\Windows\System\yWVafWE.exe
  C:\Windows\System\yWVafWE.exe
  2⤵
  PID:4160
- C:\Windows\System\GwTlflp.exe
  C:\Windows\System\GwTlflp.exe
  2⤵
  PID:4240
- C:\Windows\System\oplTXvn.exe
  C:\Windows\System\oplTXvn.exe
  2⤵
  PID:4260
- C:\Windows\System\sAbtFfL.exe
  C:\Windows\System\sAbtFfL.exe
  2⤵
  PID:4316
- C:\Windows\System\pBwUWrh.exe
  C:\Windows\System\pBwUWrh.exe
  2⤵
  PID:4356
- C:\Windows\System\hHyrSJg.exe
  C:\Windows\System\hHyrSJg.exe
  2⤵
  PID:4400
- C:\Windows\System\JomeVWl.exe
  C:\Windows\System\JomeVWl.exe
  2⤵
  PID:4500
- C:\Windows\System\JmxPEoO.exe
  C:\Windows\System\JmxPEoO.exe
  2⤵
  PID:4516
- C:\Windows\System\kKSumIe.exe
  C:\Windows\System\kKSumIe.exe
  2⤵
  PID:4596
- C:\Windows\System\MwBWZlp.exe
  C:\Windows\System\MwBWZlp.exe
  2⤵
  PID:4660
- C:\Windows\System\rBqrpBM.exe
  C:\Windows\System\rBqrpBM.exe
  2⤵
  PID:4692
- C:\Windows\System\MeJHxSa.exe
  C:\Windows\System\MeJHxSa.exe
  2⤵
  PID:4732
- C:\Windows\System\Etiemba.exe
  C:\Windows\System\Etiemba.exe
  2⤵
  PID:4840
- C:\Windows\System\tBGqCMX.exe
  C:\Windows\System\tBGqCMX.exe
  2⤵
  PID:4876
- C:\Windows\System\cFNohdb.exe
  C:\Windows\System\cFNohdb.exe
  2⤵
  PID:4976
- C:\Windows\System\lkDccAd.exe
  C:\Windows\System\lkDccAd.exe
  2⤵
  PID:4996
- C:\Windows\System\qtXHCcC.exe
  C:\Windows\System\qtXHCcC.exe
  2⤵
  PID:5056
- C:\Windows\System\NekifYy.exe
  C:\Windows\System\NekifYy.exe
  2⤵
  PID:5084
- C:\Windows\System\EGdcvyl.exe
  C:\Windows\System\EGdcvyl.exe
  2⤵
  PID:5132
- C:\Windows\System\JwaFgBN.exe
  C:\Windows\System\JwaFgBN.exe
  2⤵
  PID:5152
- C:\Windows\System\phoKiOJ.exe
  C:\Windows\System\phoKiOJ.exe
  2⤵
  PID:5172
- C:\Windows\System\exUaxrr.exe
  C:\Windows\System\exUaxrr.exe
  2⤵
  PID:5192
- C:\Windows\System\uSrlUqR.exe
  C:\Windows\System\uSrlUqR.exe
  2⤵
  PID:5212
- C:\Windows\System\thcXrPk.exe
  C:\Windows\System\thcXrPk.exe
  2⤵
  PID:5232
- C:\Windows\System\giaACAl.exe
  C:\Windows\System\giaACAl.exe
  2⤵
  PID:5252
- C:\Windows\System\vbSmzjF.exe
  C:\Windows\System\vbSmzjF.exe
  2⤵
  PID:5272
- C:\Windows\System\zcRRDtf.exe
  C:\Windows\System\zcRRDtf.exe
  2⤵
  PID:5292
- C:\Windows\System\OygUZFh.exe
  C:\Windows\System\OygUZFh.exe
  2⤵
  PID:5312
- C:\Windows\System\qaMqKAC.exe
  C:\Windows\System\qaMqKAC.exe
  2⤵
  PID:5332
- C:\Windows\System\tkxeAQq.exe
  C:\Windows\System\tkxeAQq.exe
  2⤵
  PID:5352
- C:\Windows\System\NItfBaE.exe
  C:\Windows\System\NItfBaE.exe
  2⤵
  PID:5372
- C:\Windows\System\iAhYRPR.exe
  C:\Windows\System\iAhYRPR.exe
  2⤵
  PID:5392
- C:\Windows\System\JebdirN.exe
  C:\Windows\System\JebdirN.exe
  2⤵
  PID:5412
- C:\Windows\System\YWSxflE.exe
  C:\Windows\System\YWSxflE.exe
  2⤵
  PID:5432
- C:\Windows\System\sIwaRjO.exe
  C:\Windows\System\sIwaRjO.exe
  2⤵
  PID:5452
- C:\Windows\System\cKmnkKH.exe
  C:\Windows\System\cKmnkKH.exe
  2⤵
  PID:5472
- C:\Windows\System\TbzTbmq.exe
  C:\Windows\System\TbzTbmq.exe
  2⤵
  PID:5492
- C:\Windows\System\ClMGFiX.exe
  C:\Windows\System\ClMGFiX.exe
  2⤵
  PID:5512
- C:\Windows\System\SyokJkr.exe
  C:\Windows\System\SyokJkr.exe
  2⤵
  PID:5532
- C:\Windows\System\QkgFkHp.exe
  C:\Windows\System\QkgFkHp.exe
  2⤵
  PID:5552
- C:\Windows\System\nWhaybl.exe
  C:\Windows\System\nWhaybl.exe
  2⤵
  PID:5572
- C:\Windows\System\mCZZUls.exe
  C:\Windows\System\mCZZUls.exe
  2⤵
  PID:5592
- C:\Windows\System\ZnpJjiG.exe
  C:\Windows\System\ZnpJjiG.exe
  2⤵
  PID:5612
- C:\Windows\System\OmsNWkL.exe
  C:\Windows\System\OmsNWkL.exe
  2⤵
  PID:5632
- C:\Windows\System\qSTZUwh.exe
  C:\Windows\System\qSTZUwh.exe
  2⤵
  PID:5652
- C:\Windows\System\oUYcCgn.exe
  C:\Windows\System\oUYcCgn.exe
  2⤵
  PID:5672
- C:\Windows\System\ppCdoaU.exe
  C:\Windows\System\ppCdoaU.exe
  2⤵
  PID:5692
- C:\Windows\System\EejRAJU.exe
  C:\Windows\System\EejRAJU.exe
  2⤵
  PID:5712
- C:\Windows\System\rwRxAuR.exe
  C:\Windows\System\rwRxAuR.exe
  2⤵
  PID:5732
- C:\Windows\System\pxVplPE.exe
  C:\Windows\System\pxVplPE.exe
  2⤵
  PID:5752
- C:\Windows\System\QHCvTug.exe
  C:\Windows\System\QHCvTug.exe
  2⤵
  PID:5772
- C:\Windows\System\UOnzzSw.exe
  C:\Windows\System\UOnzzSw.exe
  2⤵
  PID:5796
- C:\Windows\System\ZIzyzex.exe
  C:\Windows\System\ZIzyzex.exe
  2⤵
  PID:5816
- C:\Windows\System\HSqNreM.exe
  C:\Windows\System\HSqNreM.exe
  2⤵
  PID:5836
- C:\Windows\System\yJyBboo.exe
  C:\Windows\System\yJyBboo.exe
  2⤵
  PID:5856
- C:\Windows\System\bkYAUEe.exe
  C:\Windows\System\bkYAUEe.exe
  2⤵
  PID:5876
- C:\Windows\System\GlUsPXo.exe
  C:\Windows\System\GlUsPXo.exe
  2⤵
  PID:5896
- C:\Windows\System\qDulSfW.exe
  C:\Windows\System\qDulSfW.exe
  2⤵
  PID:5916
- C:\Windows\System\aHoGNlW.exe
  C:\Windows\System\aHoGNlW.exe
  2⤵
  PID:5936
- C:\Windows\System\GguKSEd.exe
  C:\Windows\System\GguKSEd.exe
  2⤵
  PID:5956
- C:\Windows\System\HYaDWcQ.exe
  C:\Windows\System\HYaDWcQ.exe
  2⤵
  PID:5976
- C:\Windows\System\cBYZibg.exe
  C:\Windows\System\cBYZibg.exe
  2⤵
  PID:5996
- C:\Windows\System\BuyHWky.exe
  C:\Windows\System\BuyHWky.exe
  2⤵
  PID:6016
- C:\Windows\System\uUuOeYu.exe
  C:\Windows\System\uUuOeYu.exe
  2⤵
  PID:6036
- C:\Windows\System\KFesLYL.exe
  C:\Windows\System\KFesLYL.exe
  2⤵
  PID:6056
- C:\Windows\System\PaJVBFq.exe
  C:\Windows\System\PaJVBFq.exe
  2⤵
  PID:6076
- C:\Windows\System\HmjRUls.exe
  C:\Windows\System\HmjRUls.exe
  2⤵
  PID:6096
- C:\Windows\System\CSvotcQ.exe
  C:\Windows\System\CSvotcQ.exe
  2⤵
  PID:6116
- C:\Windows\System\SmIhCDZ.exe
  C:\Windows\System\SmIhCDZ.exe
  2⤵
  PID:6136
- C:\Windows\System\TtPVCva.exe
  C:\Windows\System\TtPVCva.exe
  2⤵
  PID:4028
- C:\Windows\System\lSSVRYb.exe
  C:\Windows\System\lSSVRYb.exe
  2⤵
  PID:2752
- C:\Windows\System\YXusmOY.exe
  C:\Windows\System\YXusmOY.exe
  2⤵
  PID:3240
- C:\Windows\System\cJqCKRR.exe
  C:\Windows\System\cJqCKRR.exe
  2⤵
  PID:3536
- C:\Windows\System\UkflNyX.exe
  C:\Windows\System\UkflNyX.exe
  2⤵
  PID:4136
- C:\Windows\System\FOHNYBG.exe
  C:\Windows\System\FOHNYBG.exe
  2⤵
  PID:2736
- C:\Windows\System\OPASQnD.exe
  C:\Windows\System\OPASQnD.exe
  2⤵
  PID:4300
- C:\Windows\System\WhYPuZq.exe
  C:\Windows\System\WhYPuZq.exe
  2⤵
  PID:4352
- C:\Windows\System\jOZysbw.exe
  C:\Windows\System\jOZysbw.exe
  2⤵
  PID:4460
- C:\Windows\System\qZignkw.exe
  C:\Windows\System\qZignkw.exe
  2⤵
  PID:4600
- C:\Windows\System\tjBDVKv.exe
  C:\Windows\System\tjBDVKv.exe
  2⤵
  PID:4712
- C:\Windows\System\mfboxhy.exe
  C:\Windows\System\mfboxhy.exe
  2⤵
  PID:4792
- C:\Windows\System\RQbLSUr.exe
  C:\Windows\System\RQbLSUr.exe
  2⤵
  PID:4796
- C:\Windows\System\IhGsGiH.exe
  C:\Windows\System\IhGsGiH.exe
  2⤵
  PID:4956
- C:\Windows\System\RgDiBDh.exe
  C:\Windows\System\RgDiBDh.exe
  2⤵
  PID:5076
- C:\Windows\System\IMPjqFI.exe
  C:\Windows\System\IMPjqFI.exe
  2⤵
  PID:5140
- C:\Windows\System\BPcZENe.exe
  C:\Windows\System\BPcZENe.exe
  2⤵
  PID:5124
- C:\Windows\System\PAHVcVN.exe
  C:\Windows\System\PAHVcVN.exe
  2⤵
  PID:5188
- C:\Windows\System\rWZdaoW.exe
  C:\Windows\System\rWZdaoW.exe
  2⤵
  PID:5220
- C:\Windows\System\KhSCVtW.exe
  C:\Windows\System\KhSCVtW.exe
  2⤵
  PID:5244
- C:\Windows\System\PgaHFNs.exe
  C:\Windows\System\PgaHFNs.exe
  2⤵
  PID:5288
- C:\Windows\System\wylhHeh.exe
  C:\Windows\System\wylhHeh.exe
  2⤵
  PID:5340
- C:\Windows\System\NCORDDn.exe
  C:\Windows\System\NCORDDn.exe
  2⤵
  PID:5344
- C:\Windows\System\neHHbqG.exe
  C:\Windows\System\neHHbqG.exe
  2⤵
  PID:5364
- C:\Windows\System\oyMrhEl.exe
  C:\Windows\System\oyMrhEl.exe
  2⤵
  PID:5420
- C:\Windows\System\TzQrRBx.exe
  C:\Windows\System\TzQrRBx.exe
  2⤵
  PID:5460
- C:\Windows\System\zObcect.exe
  C:\Windows\System\zObcect.exe
  2⤵
  PID:5500
- C:\Windows\System\DBgaiDY.exe
  C:\Windows\System\DBgaiDY.exe
  2⤵
  PID:5504
- C:\Windows\System\ZRYdODa.exe
  C:\Windows\System\ZRYdODa.exe
  2⤵
  PID:5544
- C:\Windows\System\PuOfeCE.exe
  C:\Windows\System\PuOfeCE.exe
  2⤵
  PID:5588
- C:\Windows\System\JllcQBY.exe
  C:\Windows\System\JllcQBY.exe
  2⤵
  PID:5604
- C:\Windows\System\JeERZCJ.exe
  C:\Windows\System\JeERZCJ.exe
  2⤵
  PID:5648
- C:\Windows\System\zvAkgBB.exe
  C:\Windows\System\zvAkgBB.exe
  2⤵
  PID:5680
- C:\Windows\System\vaxgGCf.exe
  C:\Windows\System\vaxgGCf.exe
  2⤵
  PID:5704
- C:\Windows\System\TLxBqzB.exe
  C:\Windows\System\TLxBqzB.exe
  2⤵
  PID:5760
- C:\Windows\System\srLzbKq.exe
  C:\Windows\System\srLzbKq.exe
  2⤵
  PID:5788
- C:\Windows\System\cWtuzuq.exe
  C:\Windows\System\cWtuzuq.exe
  2⤵
  PID:5828
- C:\Windows\System\BbYdQuv.exe
  C:\Windows\System\BbYdQuv.exe
  2⤵
  PID:5868
- C:\Windows\System\IdsFfIR.exe
  C:\Windows\System\IdsFfIR.exe
  2⤵
  PID:5904
- C:\Windows\System\kvpItAe.exe
  C:\Windows\System\kvpItAe.exe
  2⤵
  PID:5928
- C:\Windows\System\ecINtju.exe
  C:\Windows\System\ecINtju.exe
  2⤵
  PID:5972
- C:\Windows\System\VJuoBat.exe
  C:\Windows\System\VJuoBat.exe
  2⤵
  PID:6004
- C:\Windows\System\hsjHMPB.exe
  C:\Windows\System\hsjHMPB.exe
  2⤵
  PID:6044
- C:\Windows\System\GGUmSlt.exe
  C:\Windows\System\GGUmSlt.exe
  2⤵
  PID:6104
- C:\Windows\System\AsHPZhW.exe
  C:\Windows\System\AsHPZhW.exe
  2⤵
  PID:6108
- C:\Windows\System\MzfHIjj.exe
  C:\Windows\System\MzfHIjj.exe
  2⤵
  PID:2076
- C:\Windows\System\AuOrLSY.exe
  C:\Windows\System\AuOrLSY.exe
  2⤵
  PID:3420
- C:\Windows\System\JXFoFZL.exe
  C:\Windows\System\JXFoFZL.exe
  2⤵
  PID:3372
- C:\Windows\System\wrNKphL.exe
  C:\Windows\System\wrNKphL.exe
  2⤵
  PID:4180
- C:\Windows\System\pVSilif.exe
  C:\Windows\System\pVSilif.exe
  2⤵
  PID:4372
- C:\Windows\System\RuCNXYF.exe
  C:\Windows\System\RuCNXYF.exe
  2⤵
  PID:4532
- C:\Windows\System\waJnswf.exe
  C:\Windows\System\waJnswf.exe
  2⤵
  PID:4756
- C:\Windows\System\ooUhsVg.exe
  C:\Windows\System\ooUhsVg.exe
  2⤵
  PID:4740
- C:\Windows\System\dgCIorT.exe
  C:\Windows\System\dgCIorT.exe
  2⤵
  PID:5024
- C:\Windows\System\lvwzDVq.exe
  C:\Windows\System\lvwzDVq.exe
  2⤵
  PID:2128
- C:\Windows\System\YYasIoJ.exe
  C:\Windows\System\YYasIoJ.exe
  2⤵
  PID:5200
- C:\Windows\System\bhIAdDx.exe
  C:\Windows\System\bhIAdDx.exe
  2⤵
  PID:5208
- C:\Windows\System\eJACRQQ.exe
  C:\Windows\System\eJACRQQ.exe
  2⤵
  PID:5240
- C:\Windows\System\dRfQSWZ.exe
  C:\Windows\System\dRfQSWZ.exe
  2⤵
  PID:5328
- C:\Windows\System\APGTygu.exe
  C:\Windows\System\APGTygu.exe
  2⤵
  PID:5360
- C:\Windows\System\EKfxMdB.exe
  C:\Windows\System\EKfxMdB.exe
  2⤵
  PID:5424
- C:\Windows\System\FdBuBfe.exe
  C:\Windows\System\FdBuBfe.exe
  2⤵
  PID:5528
- C:\Windows\System\qipIsMw.exe
  C:\Windows\System\qipIsMw.exe
  2⤵
  PID:5524
- C:\Windows\System\OJroTAr.exe
  C:\Windows\System\OJroTAr.exe
  2⤵
  PID:5568
- C:\Windows\System\bUClBfs.exe
  C:\Windows\System\bUClBfs.exe
  2⤵
  PID:5624
- C:\Windows\System\PgEdkFe.exe
  C:\Windows\System\PgEdkFe.exe
  2⤵
  PID:5684
- C:\Windows\System\CvWEwsJ.exe
  C:\Windows\System\CvWEwsJ.exe
  2⤵
  PID:5792
- C:\Windows\System\dwVowcs.exe
  C:\Windows\System\dwVowcs.exe
  2⤵
  PID:5872
- C:\Windows\System\TnNxjvA.exe
  C:\Windows\System\TnNxjvA.exe
  2⤵
  PID:5932
- C:\Windows\System\qehjXNF.exe
  C:\Windows\System\qehjXNF.exe
  2⤵
  PID:5948
- C:\Windows\System\xYoOCzr.exe
  C:\Windows\System\xYoOCzr.exe
  2⤵
  PID:6008
- C:\Windows\System\QrbyDTI.exe
  C:\Windows\System\QrbyDTI.exe
  2⤵
  PID:6064
- C:\Windows\System\pMewRJd.exe
  C:\Windows\System\pMewRJd.exe
  2⤵
  PID:6088
- C:\Windows\System\iOVJnBA.exe
  C:\Windows\System\iOVJnBA.exe
  2⤵
  PID:2264
- C:\Windows\System\DZjmLcL.exe
  C:\Windows\System\DZjmLcL.exe
  2⤵
  PID:4292
- C:\Windows\System\gNBUTGG.exe
  C:\Windows\System\gNBUTGG.exe
  2⤵
  PID:4416
- C:\Windows\System\AsuIucJ.exe
  C:\Windows\System\AsuIucJ.exe
  2⤵
  PID:4616
- C:\Windows\System\rGDQXur.exe
  C:\Windows\System\rGDQXur.exe
  2⤵
  PID:4920
- C:\Windows\System\fklRFYt.exe
  C:\Windows\System\fklRFYt.exe
  2⤵
  PID:5116
- C:\Windows\System\VdrXnxV.exe
  C:\Windows\System\VdrXnxV.exe
  2⤵
  PID:5280
- C:\Windows\System\JRKhaJt.exe
  C:\Windows\System\JRKhaJt.exe
  2⤵
  PID:5324
- C:\Windows\System\aqEnXOh.exe
  C:\Windows\System\aqEnXOh.exe
  2⤵
  PID:5404
- C:\Windows\System\sxLKRzG.exe
  C:\Windows\System\sxLKRzG.exe
  2⤵
  PID:6156
- C:\Windows\System\EcIFwRn.exe
  C:\Windows\System\EcIFwRn.exe
  2⤵
  PID:6176
- C:\Windows\System\SIihdja.exe
  C:\Windows\System\SIihdja.exe
  2⤵
  PID:6196
- C:\Windows\System\VucwhfB.exe
  C:\Windows\System\VucwhfB.exe
  2⤵
  PID:6216
- C:\Windows\System\RPyXpHF.exe
  C:\Windows\System\RPyXpHF.exe
  2⤵
  PID:6236
- C:\Windows\System\wjWTSEA.exe
  C:\Windows\System\wjWTSEA.exe
  2⤵
  PID:6256
- C:\Windows\System\wEgbuLI.exe
  C:\Windows\System\wEgbuLI.exe
  2⤵
  PID:6276
- C:\Windows\System\vKCpsez.exe
  C:\Windows\System\vKCpsez.exe
  2⤵
  PID:6300
- C:\Windows\System\LyVPtWv.exe
  C:\Windows\System\LyVPtWv.exe
  2⤵
  PID:6320
- C:\Windows\System\PQubxEv.exe
  C:\Windows\System\PQubxEv.exe
  2⤵
  PID:6340
- C:\Windows\System\FnetSuy.exe
  C:\Windows\System\FnetSuy.exe
  2⤵
  PID:6360
- C:\Windows\System\RjUIRbI.exe
  C:\Windows\System\RjUIRbI.exe
  2⤵
  PID:6380
- C:\Windows\System\nEuDShR.exe
  C:\Windows\System\nEuDShR.exe
  2⤵
  PID:6400
- C:\Windows\System\ntqzgXT.exe
  C:\Windows\System\ntqzgXT.exe
  2⤵
  PID:6420
- C:\Windows\System\lOWzDfv.exe
  C:\Windows\System\lOWzDfv.exe
  2⤵
  PID:6440
- C:\Windows\System\lfEdjun.exe
  C:\Windows\System\lfEdjun.exe
  2⤵
  PID:6460
- C:\Windows\System\UghFJDK.exe
  C:\Windows\System\UghFJDK.exe
  2⤵
  PID:6480
- C:\Windows\System\mIribdL.exe
  C:\Windows\System\mIribdL.exe
  2⤵
  PID:6500
- C:\Windows\System\RdtUHTm.exe
  C:\Windows\System\RdtUHTm.exe
  2⤵
  PID:6520
- C:\Windows\System\TOQAWfR.exe
  C:\Windows\System\TOQAWfR.exe
  2⤵
  PID:6540
- C:\Windows\System\XQZeabE.exe
  C:\Windows\System\XQZeabE.exe
  2⤵
  PID:6560
- C:\Windows\System\hmcUTMN.exe
  C:\Windows\System\hmcUTMN.exe
  2⤵
  PID:6580
- C:\Windows\System\xQyYwMp.exe
  C:\Windows\System\xQyYwMp.exe
  2⤵
  PID:6600
- C:\Windows\System\zmIQNFW.exe
  C:\Windows\System\zmIQNFW.exe
  2⤵
  PID:6620
- C:\Windows\System\pVvDBCI.exe
  C:\Windows\System\pVvDBCI.exe
  2⤵
  PID:6640
- C:\Windows\System\asqAUfd.exe
  C:\Windows\System\asqAUfd.exe
  2⤵
  PID:6660
- C:\Windows\System\vVyjeMN.exe
  C:\Windows\System\vVyjeMN.exe
  2⤵
  PID:6680
- C:\Windows\System\uSQfJKc.exe
  C:\Windows\System\uSQfJKc.exe
  2⤵
  PID:6700
- C:\Windows\System\srMQDQT.exe
  C:\Windows\System\srMQDQT.exe
  2⤵
  PID:6720
- C:\Windows\System\EEmSlhL.exe
  C:\Windows\System\EEmSlhL.exe
  2⤵
  PID:6740
- C:\Windows\System\XyaGOeS.exe
  C:\Windows\System\XyaGOeS.exe
  2⤵
  PID:6760
- C:\Windows\System\YSdEZTR.exe
  C:\Windows\System\YSdEZTR.exe
  2⤵
  PID:6780
- C:\Windows\System\VzXCcNq.exe
  C:\Windows\System\VzXCcNq.exe
  2⤵
  PID:6800
- C:\Windows\System\LTcfgHC.exe
  C:\Windows\System\LTcfgHC.exe
  2⤵
  PID:6820
- C:\Windows\System\BHfMebY.exe
  C:\Windows\System\BHfMebY.exe
  2⤵
  PID:6840
- C:\Windows\System\IYgdssu.exe
  C:\Windows\System\IYgdssu.exe
  2⤵
  PID:6860
- C:\Windows\System\CjtauhG.exe
  C:\Windows\System\CjtauhG.exe
  2⤵
  PID:6880
- C:\Windows\System\DLNgjVP.exe
  C:\Windows\System\DLNgjVP.exe
  2⤵
  PID:6900
- C:\Windows\System\zJOcYle.exe
  C:\Windows\System\zJOcYle.exe
  2⤵
  PID:6920
- C:\Windows\System\IJJvAiG.exe
  C:\Windows\System\IJJvAiG.exe
  2⤵
  PID:6940
- C:\Windows\System\WhbcnYf.exe
  C:\Windows\System\WhbcnYf.exe
  2⤵
  PID:6960
- C:\Windows\System\CjAjBzN.exe
  C:\Windows\System\CjAjBzN.exe
  2⤵
  PID:6980
- C:\Windows\System\LSopMaK.exe
  C:\Windows\System\LSopMaK.exe
  2⤵
  PID:7000
- C:\Windows\System\fYbGcxP.exe
  C:\Windows\System\fYbGcxP.exe
  2⤵
  PID:7020
- C:\Windows\System\KBVODKR.exe
  C:\Windows\System\KBVODKR.exe
  2⤵
  PID:7040
- C:\Windows\System\FynAYxY.exe
  C:\Windows\System\FynAYxY.exe
  2⤵
  PID:7060
- C:\Windows\System\rPPXTii.exe
  C:\Windows\System\rPPXTii.exe
  2⤵
  PID:7080
- C:\Windows\System\BbobDwI.exe
  C:\Windows\System\BbobDwI.exe
  2⤵
  PID:7100
- C:\Windows\System\blSscjg.exe
  C:\Windows\System\blSscjg.exe
  2⤵
  PID:7120
- C:\Windows\System\LQKQKOs.exe
  C:\Windows\System\LQKQKOs.exe
  2⤵
  PID:7140
- C:\Windows\System\uBLMRAP.exe
  C:\Windows\System\uBLMRAP.exe
  2⤵
  PID:7160
- C:\Windows\System\CcSkfaL.exe
  C:\Windows\System\CcSkfaL.exe
  2⤵
  PID:5488
- C:\Windows\System\dhKQDZY.exe
  C:\Windows\System\dhKQDZY.exe
  2⤵
  PID:5564
- C:\Windows\System\VkhCyVR.exe
  C:\Windows\System\VkhCyVR.exe
  2⤵
  PID:5708
- C:\Windows\System\JvtwdSK.exe
  C:\Windows\System\JvtwdSK.exe
  2⤵
  PID:1084
- C:\Windows\System\mnCInJh.exe
  C:\Windows\System\mnCInJh.exe
  2⤵
  PID:680
- C:\Windows\System\xpxxnXZ.exe
  C:\Windows\System\xpxxnXZ.exe
  2⤵
  PID:1632
- C:\Windows\System\aXClUMH.exe
  C:\Windows\System\aXClUMH.exe
  2⤵
  PID:5988
- C:\Windows\System\OTxBkFC.exe
  C:\Windows\System\OTxBkFC.exe
  2⤵
  PID:1612
- C:\Windows\System\xGbwlbl.exe
  C:\Windows\System\xGbwlbl.exe
  2⤵
  PID:3636
- C:\Windows\System\uFCtJwA.exe
  C:\Windows\System\uFCtJwA.exe
  2⤵
  PID:4196
- C:\Windows\System\uiiyFmE.exe
  C:\Windows\System\uiiyFmE.exe
  2⤵
  PID:4396
- C:\Windows\System\GrZkXsY.exe
  C:\Windows\System\GrZkXsY.exe
  2⤵
  PID:2852
- C:\Windows\System\eBUSGCS.exe
  C:\Windows\System\eBUSGCS.exe
  2⤵
  PID:5168
- C:\Windows\System\MnILOSx.exe
  C:\Windows\System\MnILOSx.exe
  2⤵
  PID:5448
- C:\Windows\System\LAZGlrk.exe
  C:\Windows\System\LAZGlrk.exe
  2⤵
  PID:6168
- C:\Windows\System\hbGCKBB.exe
  C:\Windows\System\hbGCKBB.exe
  2⤵
  PID:6212
- C:\Windows\System\hBUroun.exe
  C:\Windows\System\hBUroun.exe
  2⤵
  PID:6228
- C:\Windows\System\XRgGmGY.exe
  C:\Windows\System\XRgGmGY.exe
  2⤵
  PID:6284
- C:\Windows\System\jkiYubc.exe
  C:\Windows\System\jkiYubc.exe
  2⤵
  PID:6308
- C:\Windows\System\RfnYeIM.exe
  C:\Windows\System\RfnYeIM.exe
  2⤵
  PID:6336
- C:\Windows\System\oHhQaZF.exe
  C:\Windows\System\oHhQaZF.exe
  2⤵
  PID:6368
- C:\Windows\System\XZwdNwA.exe
  C:\Windows\System\XZwdNwA.exe
  2⤵
  PID:6392
- C:\Windows\System\scDrvdn.exe
  C:\Windows\System\scDrvdn.exe
  2⤵
  PID:6436
- C:\Windows\System\YngJWxV.exe
  C:\Windows\System\YngJWxV.exe
  2⤵
  PID:6468
- C:\Windows\System\uDmtgfh.exe
  C:\Windows\System\uDmtgfh.exe
  2⤵
  PID:2676
- C:\Windows\System\CpRMwld.exe
  C:\Windows\System\CpRMwld.exe
  2⤵
  PID:6512
- C:\Windows\System\PKjsYBG.exe
  C:\Windows\System\PKjsYBG.exe
  2⤵
  PID:6568
- C:\Windows\System\sqinkEt.exe
  C:\Windows\System\sqinkEt.exe
  2⤵
  PID:6588
- C:\Windows\System\AQZkLEg.exe
  C:\Windows\System\AQZkLEg.exe
  2⤵
  PID:6612
- C:\Windows\System\RsihBEi.exe
  C:\Windows\System\RsihBEi.exe
  2⤵
  PID:6632
- C:\Windows\System\QKBmDmR.exe
  C:\Windows\System\QKBmDmR.exe
  2⤵
  PID:6672
- C:\Windows\System\daBIAdr.exe
  C:\Windows\System\daBIAdr.exe
  2⤵
  PID:6728
- C:\Windows\System\NgkbFQG.exe
  C:\Windows\System\NgkbFQG.exe
  2⤵
  PID:6748
- C:\Windows\System\cYUJplm.exe
  C:\Windows\System\cYUJplm.exe
  2⤵
  PID:6752
- C:\Windows\System\yIezyNT.exe
  C:\Windows\System\yIezyNT.exe
  2⤵
  PID:6792
- C:\Windows\System\JZWdeAV.exe
  C:\Windows\System\JZWdeAV.exe
  2⤵
  PID:2680
- C:\Windows\System\iIgqECT.exe
  C:\Windows\System\iIgqECT.exe
  2⤵
  PID:2672
- C:\Windows\System\kpUwDVx.exe
  C:\Windows\System\kpUwDVx.exe
  2⤵
  PID:6876
- C:\Windows\System\wvRMVTq.exe
  C:\Windows\System\wvRMVTq.exe
  2⤵
  PID:6928
- C:\Windows\System\BVVYUrD.exe
  C:\Windows\System\BVVYUrD.exe
  2⤵
  PID:6948
- C:\Windows\System\cbdWTpH.exe
  C:\Windows\System\cbdWTpH.exe
  2⤵
  PID:600
- C:\Windows\System\tQrXeBL.exe
  C:\Windows\System\tQrXeBL.exe
  2⤵
  PID:7016
- C:\Windows\System\ffQLJCV.exe
  C:\Windows\System\ffQLJCV.exe
  2⤵
  PID:7048
- C:\Windows\System\ulEffyJ.exe
  C:\Windows\System\ulEffyJ.exe
  2⤵
  PID:7088
- C:\Windows\System\YruMJCc.exe
  C:\Windows\System\YruMJCc.exe
  2⤵
  PID:7128
- C:\Windows\System\MytvpCy.exe
  C:\Windows\System\MytvpCy.exe
  2⤵
  PID:7148
- C:\Windows\System\HCqpXty.exe
  C:\Windows\System\HCqpXty.exe
  2⤵
  PID:5408
- C:\Windows\System\lchuFaD.exe
  C:\Windows\System\lchuFaD.exe
  2⤵
  PID:5640
- C:\Windows\System\puJiNbT.exe
  C:\Windows\System\puJiNbT.exe
  2⤵
  PID:5764
- C:\Windows\System\UnovEHz.exe
  C:\Windows\System\UnovEHz.exe
  2⤵
  PID:5952
- C:\Windows\System\ihJQQSx.exe
  C:\Windows\System\ihJQQSx.exe
  2⤵
  PID:6112
- C:\Windows\System\QKlqaSA.exe
  C:\Windows\System\QKlqaSA.exe
  2⤵
  PID:3720
- C:\Windows\System\LmEJmbo.exe
  C:\Windows\System\LmEJmbo.exe
  2⤵
  PID:4940
- C:\Windows\System\jnDFeCW.exe
  C:\Windows\System\jnDFeCW.exe
  2⤵
  PID:5304
- C:\Windows\System\BfkiSVM.exe
  C:\Windows\System\BfkiSVM.exe
  2⤵
  PID:1288
- C:\Windows\System\mgDlhjV.exe
  C:\Windows\System\mgDlhjV.exe
  2⤵
  PID:6192
- C:\Windows\System\bsVLYlO.exe
  C:\Windows\System\bsVLYlO.exe
  2⤵
  PID:6248
- C:\Windows\System\UyTtgPi.exe
  C:\Windows\System\UyTtgPi.exe
  2⤵
  PID:6296
- C:\Windows\System\nrLLTfi.exe
  C:\Windows\System\nrLLTfi.exe
  2⤵
  PID:6352
- C:\Windows\System\prDPIUQ.exe
  C:\Windows\System\prDPIUQ.exe
  2⤵
  PID:6412
- C:\Windows\System\pWrPgCX.exe
  C:\Windows\System\pWrPgCX.exe
  2⤵
  PID:6472
- C:\Windows\System\HWHwQPR.exe
  C:\Windows\System\HWHwQPR.exe
  2⤵
  PID:2820
- C:\Windows\System\KQJhKST.exe
  C:\Windows\System\KQJhKST.exe
  2⤵
  PID:6556
- C:\Windows\System\AWZCxCn.exe
  C:\Windows\System\AWZCxCn.exe
  2⤵
  PID:6636
- C:\Windows\System\FNsJtUD.exe
  C:\Windows\System\FNsJtUD.exe
  2⤵
  PID:6676
- C:\Windows\System\GUTsTKQ.exe
  C:\Windows\System\GUTsTKQ.exe
  2⤵
  PID:6692
- C:\Windows\System\AHPYCpL.exe
  C:\Windows\System\AHPYCpL.exe
  2⤵
  PID:6776
- C:\Windows\System\hjiiVyY.exe
  C:\Windows\System\hjiiVyY.exe
  2⤵
  PID:6856
- C:\Windows\System\ktRxFkK.exe
  C:\Windows\System\ktRxFkK.exe
  2⤵
  PID:6868
- C:\Windows\System\SAHrrTB.exe
  C:\Windows\System\SAHrrTB.exe
  2⤵
  PID:6956
- C:\Windows\System\irMMFyb.exe
  C:\Windows\System\irMMFyb.exe
  2⤵
  PID:6912
- C:\Windows\System\TUslmrJ.exe
  C:\Windows\System\TUslmrJ.exe
  2⤵
  PID:5484
- C:\Windows\System\XBBfYMC.exe
  C:\Windows\System\XBBfYMC.exe
  2⤵
  PID:5968
- C:\Windows\System\WvozDPU.exe
  C:\Windows\System\WvozDPU.exe
  2⤵
  PID:4140
- C:\Windows\System\SUetsTJ.exe
  C:\Windows\System\SUetsTJ.exe
  2⤵
  PID:3296
- C:\Windows\System\UCzPzxc.exe
  C:\Windows\System\UCzPzxc.exe
  2⤵
  PID:6172
- C:\Windows\System\nNGrTdn.exe
  C:\Windows\System\nNGrTdn.exe
  2⤵
  PID:6224
- C:\Windows\System\DQCPgBC.exe
  C:\Windows\System\DQCPgBC.exe
  2⤵
  PID:6348
- C:\Windows\System\cNDNKIS.exe
  C:\Windows\System\cNDNKIS.exe
  2⤵
  PID:6448
- C:\Windows\System\uwDWMhm.exe
  C:\Windows\System\uwDWMhm.exe
  2⤵
  PID:6452
- C:\Windows\System\gWcSscf.exe
  C:\Windows\System\gWcSscf.exe
  2⤵
  PID:6548
- C:\Windows\System\hoofysb.exe
  C:\Windows\System\hoofysb.exe
  2⤵
  PID:2832
- C:\Windows\System\CPRDjWe.exe
  C:\Windows\System\CPRDjWe.exe
  2⤵
  PID:6592
- C:\Windows\System\vTozSAT.exe
  C:\Windows\System\vTozSAT.exe
  2⤵
  PID:2796
- C:\Windows\System\mHXpAXP.exe
  C:\Windows\System\mHXpAXP.exe
  2⤵
  PID:6828
- C:\Windows\System\RHiTqfq.exe
  C:\Windows\System\RHiTqfq.exe
  2⤵
  PID:6996
- C:\Windows\System\yozMYMa.exe
  C:\Windows\System\yozMYMa.exe
  2⤵
  PID:5608
- C:\Windows\System\eyWsEJt.exe
  C:\Windows\System\eyWsEJt.exe
  2⤵
  PID:7028
- C:\Windows\System\OxgJoFh.exe
  C:\Windows\System\OxgJoFh.exe
  2⤵
  PID:6048
- C:\Windows\System\aduaGHi.exe
  C:\Windows\System\aduaGHi.exe
  2⤵
  PID:7184
- C:\Windows\System\HVFhRTo.exe
  C:\Windows\System\HVFhRTo.exe
  2⤵
  PID:7204
- C:\Windows\System\ZythtvX.exe
  C:\Windows\System\ZythtvX.exe
  2⤵
  PID:7220
- C:\Windows\System\siZQeWt.exe
  C:\Windows\System\siZQeWt.exe
  2⤵
  PID:7244
- C:\Windows\System\BiOxaed.exe
  C:\Windows\System\BiOxaed.exe
  2⤵
  PID:7264
- C:\Windows\System\cZFYhRX.exe
  C:\Windows\System\cZFYhRX.exe
  2⤵
  PID:7284
- C:\Windows\System\xtadzQT.exe
  C:\Windows\System\xtadzQT.exe
  2⤵
  PID:7304
- C:\Windows\System\ugIKVWh.exe
  C:\Windows\System\ugIKVWh.exe
  2⤵
  PID:7324
- C:\Windows\System\SxiCXZx.exe
  C:\Windows\System\SxiCXZx.exe
  2⤵
  PID:7344
- C:\Windows\System\VNFyiDC.exe
  C:\Windows\System\VNFyiDC.exe
  2⤵
  PID:7364
- C:\Windows\System\unpvjPw.exe
  C:\Windows\System\unpvjPw.exe
  2⤵
  PID:7384
- C:\Windows\System\mmCdqas.exe
  C:\Windows\System\mmCdqas.exe
  2⤵
  PID:7404
- C:\Windows\System\PfYoKpU.exe
  C:\Windows\System\PfYoKpU.exe
  2⤵
  PID:7424
- C:\Windows\System\mDLdMBm.exe
  C:\Windows\System\mDLdMBm.exe
  2⤵
  PID:7444
- C:\Windows\System\moskLXn.exe
  C:\Windows\System\moskLXn.exe
  2⤵
  PID:7464
- C:\Windows\System\hrmBnJl.exe
  C:\Windows\System\hrmBnJl.exe
  2⤵
  PID:7484
- C:\Windows\System\sONMcdP.exe
  C:\Windows\System\sONMcdP.exe
  2⤵
  PID:7504
- C:\Windows\System\IhKMjER.exe
  C:\Windows\System\IhKMjER.exe
  2⤵
  PID:7524
- C:\Windows\System\HQVpCNY.exe
  C:\Windows\System\HQVpCNY.exe
  2⤵
  PID:7544
- C:\Windows\System\yZRWggX.exe
  C:\Windows\System\yZRWggX.exe
  2⤵
  PID:7564
- C:\Windows\System\TwXPDEg.exe
  C:\Windows\System\TwXPDEg.exe
  2⤵
  PID:7584
- C:\Windows\System\UxuwlJp.exe
  C:\Windows\System\UxuwlJp.exe
  2⤵
  PID:7604
- C:\Windows\System\cFzNSev.exe
  C:\Windows\System\cFzNSev.exe
  2⤵
  PID:7624
- C:\Windows\System\WXLzQKb.exe
  C:\Windows\System\WXLzQKb.exe
  2⤵
  PID:7644
- C:\Windows\System\fIqIGgX.exe
  C:\Windows\System\fIqIGgX.exe
  2⤵
  PID:7664
- C:\Windows\System\AtowFEk.exe
  C:\Windows\System\AtowFEk.exe
  2⤵
  PID:7684
- C:\Windows\System\jYfyGda.exe
  C:\Windows\System\jYfyGda.exe
  2⤵
  PID:7704
- C:\Windows\System\AXUZfeK.exe
  C:\Windows\System\AXUZfeK.exe
  2⤵
  PID:7724
- C:\Windows\System\kIwJpqk.exe
  C:\Windows\System\kIwJpqk.exe
  2⤵
  PID:7744
- C:\Windows\System\aYuqHtc.exe
  C:\Windows\System\aYuqHtc.exe
  2⤵
  PID:7764
- C:\Windows\System\rsBcwBv.exe
  C:\Windows\System\rsBcwBv.exe
  2⤵
  PID:7784
- C:\Windows\System\fYbDBEn.exe
  C:\Windows\System\fYbDBEn.exe
  2⤵
  PID:7808
- C:\Windows\System\rbvqVqH.exe
  C:\Windows\System\rbvqVqH.exe
  2⤵
  PID:7828
- C:\Windows\System\oqjCzRv.exe
  C:\Windows\System\oqjCzRv.exe
  2⤵
  PID:7848
- C:\Windows\System\EAkYEsG.exe
  C:\Windows\System\EAkYEsG.exe
  2⤵
  PID:7868
- C:\Windows\System\SqrsVni.exe
  C:\Windows\System\SqrsVni.exe
  2⤵
  PID:7888
- C:\Windows\System\KWUfGfE.exe
  C:\Windows\System\KWUfGfE.exe
  2⤵
  PID:7908
- C:\Windows\System\jNzYKtH.exe
  C:\Windows\System\jNzYKtH.exe
  2⤵
  PID:7928
- C:\Windows\System\IdwwmZm.exe
  C:\Windows\System\IdwwmZm.exe
  2⤵
  PID:7948
- C:\Windows\System\zYGWACd.exe
  C:\Windows\System\zYGWACd.exe
  2⤵
  PID:7968
- C:\Windows\System\gjOaPSB.exe
  C:\Windows\System\gjOaPSB.exe
  2⤵
  PID:7988
- C:\Windows\System\btKHjJg.exe
  C:\Windows\System\btKHjJg.exe
  2⤵
  PID:8008
- C:\Windows\System\vraRbzO.exe
  C:\Windows\System\vraRbzO.exe
  2⤵
  PID:8028
- C:\Windows\System\qffDrJP.exe
  C:\Windows\System\qffDrJP.exe
  2⤵
  PID:8048
- C:\Windows\System\eOCBFob.exe
  C:\Windows\System\eOCBFob.exe
  2⤵
  PID:8068
- C:\Windows\System\zXVYUSv.exe
  C:\Windows\System\zXVYUSv.exe
  2⤵
  PID:8088
- C:\Windows\System\UwjpGti.exe
  C:\Windows\System\UwjpGti.exe
  2⤵
  PID:8108
- C:\Windows\System\fWOugWQ.exe
  C:\Windows\System\fWOugWQ.exe
  2⤵
  PID:8128
- C:\Windows\System\zpZSgQQ.exe
  C:\Windows\System\zpZSgQQ.exe
  2⤵
  PID:8148
- C:\Windows\System\heWUglk.exe
  C:\Windows\System\heWUglk.exe
  2⤵
  PID:8168
- C:\Windows\System\jeflydP.exe
  C:\Windows\System\jeflydP.exe
  2⤵
  PID:8188
- C:\Windows\System\dNmiHyP.exe
  C:\Windows\System\dNmiHyP.exe
  2⤵
  PID:6164
- C:\Windows\System\RnkDzGU.exe
  C:\Windows\System\RnkDzGU.exe
  2⤵
  PID:6268
- C:\Windows\System\GiQtBAs.exe
  C:\Windows\System\GiQtBAs.exe
  2⤵
  PID:6416
- C:\Windows\System\ffTazFW.exe
  C:\Windows\System\ffTazFW.exe
  2⤵
  PID:6668
- C:\Windows\System\KbQFBMa.exe
  C:\Windows\System\KbQFBMa.exe
  2⤵
  PID:6848
- C:\Windows\System\IruKxsd.exe
  C:\Windows\System\IruKxsd.exe
  2⤵
  PID:2892
- C:\Windows\System\LMBvRyy.exe
  C:\Windows\System\LMBvRyy.exe
  2⤵
  PID:6932
- C:\Windows\System\eHvXYnP.exe
  C:\Windows\System\eHvXYnP.exe
  2⤵
  PID:5908
- C:\Windows\System\BNzgAIF.exe
  C:\Windows\System\BNzgAIF.exe
  2⤵
  PID:7180
- C:\Windows\System\jvUZITf.exe
  C:\Windows\System\jvUZITf.exe
  2⤵
  PID:7216
- C:\Windows\System\RusbkRR.exe
  C:\Windows\System\RusbkRR.exe
  2⤵
  PID:7260
- C:\Windows\System\TQkTThL.exe
  C:\Windows\System\TQkTThL.exe
  2⤵
  PID:7292
- C:\Windows\System\BmqoZLD.exe
  C:\Windows\System\BmqoZLD.exe
  2⤵
  PID:7316
- C:\Windows\System\PTRVqoP.exe
  C:\Windows\System\PTRVqoP.exe
  2⤵
  PID:7356
- C:\Windows\System\KPPqwSf.exe
  C:\Windows\System\KPPqwSf.exe
  2⤵
  PID:7392
- C:\Windows\System\GfxpRER.exe
  C:\Windows\System\GfxpRER.exe
  2⤵
  PID:7420
- C:\Windows\System\xkOPoeW.exe
  C:\Windows\System\xkOPoeW.exe
  2⤵
  PID:7480
- C:\Windows\System\EnrMsJl.exe
  C:\Windows\System\EnrMsJl.exe
  2⤵
  PID:7512
- C:\Windows\System\RNPAuQo.exe
  C:\Windows\System\RNPAuQo.exe
  2⤵
  PID:7496
- C:\Windows\System\jIWZyjR.exe
  C:\Windows\System\jIWZyjR.exe
  2⤵
  PID:7536
- C:\Windows\System\WvkJiYu.exe
  C:\Windows\System\WvkJiYu.exe
  2⤵
  PID:7592
- C:\Windows\System\oGuMwcc.exe
  C:\Windows\System\oGuMwcc.exe
  2⤵
  PID:7640
- C:\Windows\System\rofYMJs.exe
  C:\Windows\System\rofYMJs.exe
  2⤵
  PID:7672
- C:\Windows\System\hltvbYE.exe
  C:\Windows\System\hltvbYE.exe
  2⤵
  PID:7692
- C:\Windows\System\IAPKcUF.exe
  C:\Windows\System\IAPKcUF.exe
  2⤵
  PID:7752
- C:\Windows\System\kIdgiGR.exe
  C:\Windows\System\kIdgiGR.exe
  2⤵
  PID:7736
- C:\Windows\System\djXUEvH.exe
  C:\Windows\System\djXUEvH.exe
  2⤵
  PID:7780
- C:\Windows\System\SGYUEkN.exe
  C:\Windows\System\SGYUEkN.exe
  2⤵
  PID:7836
- C:\Windows\System\RFAcstM.exe
  C:\Windows\System\RFAcstM.exe
  2⤵
  PID:7876
- C:\Windows\System\jdceBoz.exe
  C:\Windows\System\jdceBoz.exe
  2⤵
  PID:7880
- C:\Windows\System\JigtOSz.exe
  C:\Windows\System\JigtOSz.exe
  2⤵
  PID:7900
- C:\Windows\System\BQFalqM.exe
  C:\Windows\System\BQFalqM.exe
  2⤵
  PID:7956
- C:\Windows\System\sQyGuwJ.exe
  C:\Windows\System\sQyGuwJ.exe
  2⤵
  PID:8000
- C:\Windows\System\MxkbTnr.exe
  C:\Windows\System\MxkbTnr.exe
  2⤵
  PID:8036
- C:\Windows\System\yknROgx.exe
  C:\Windows\System\yknROgx.exe
  2⤵
  PID:8076
- C:\Windows\System\OsmLYem.exe
  C:\Windows\System\OsmLYem.exe
  2⤵
  PID:8116
- C:\Windows\System\RCBTbFg.exe
  C:\Windows\System\RCBTbFg.exe
  2⤵
  PID:8120
- C:\Windows\System\jJBUuvU.exe
  C:\Windows\System\jJBUuvU.exe
  2⤵
  PID:8160
- C:\Windows\System\SYQPMOR.exe
  C:\Windows\System\SYQPMOR.exe
  2⤵
  PID:8184
- C:\Windows\System\vvvjOvX.exe
  C:\Windows\System\vvvjOvX.exe
  2⤵
  PID:776
- C:\Windows\System\BtbqTpM.exe
  C:\Windows\System\BtbqTpM.exe
  2⤵
  PID:6372
- C:\Windows\System\fMghSyg.exe
  C:\Windows\System\fMghSyg.exe
  2⤵
  PID:6712
- C:\Windows\System\sFvnLsv.exe
  C:\Windows\System\sFvnLsv.exe
  2⤵
  PID:4620
- C:\Windows\System\gfvKDQi.exe
  C:\Windows\System\gfvKDQi.exe
  2⤵
  PID:5924
- C:\Windows\System\KmtiTlq.exe
  C:\Windows\System\KmtiTlq.exe
  2⤵
  PID:7196
- C:\Windows\System\jpZoNco.exe
  C:\Windows\System\jpZoNco.exe
  2⤵
  PID:7256
- C:\Windows\System\grHJIhq.exe
  C:\Windows\System\grHJIhq.exe
  2⤵
  PID:7380
- C:\Windows\System\MBIaIvV.exe
  C:\Windows\System\MBIaIvV.exe
  2⤵
  PID:2740
- C:\Windows\System\QviTtGd.exe
  C:\Windows\System\QviTtGd.exe
  2⤵
  PID:7412
- C:\Windows\System\xQNWNvy.exe
  C:\Windows\System\xQNWNvy.exe
  2⤵
  PID:7492
- C:\Windows\System\IDOspun.exe
  C:\Windows\System\IDOspun.exe
  2⤵
  PID:7580
- C:\Windows\System\UuOiQZP.exe
  C:\Windows\System\UuOiQZP.exe
  2⤵
  PID:7620
- C:\Windows\System\ZjAyAph.exe
  C:\Windows\System\ZjAyAph.exe
  2⤵
  PID:7632
- C:\Windows\System\vGLFFYa.exe
  C:\Windows\System\vGLFFYa.exe
  2⤵
  PID:7712
- C:\Windows\System\FVJFRpX.exe
  C:\Windows\System\FVJFRpX.exe
  2⤵
  PID:7804
- C:\Windows\System\WHYJlEz.exe
  C:\Windows\System\WHYJlEz.exe
  2⤵
  PID:7816
- C:\Windows\System\imKvwkg.exe
  C:\Windows\System\imKvwkg.exe
  2⤵
  PID:7824
- C:\Windows\System\BmxHEdr.exe
  C:\Windows\System\BmxHEdr.exe
  2⤵
  PID:7924
- C:\Windows\System\NjUiLwc.exe
  C:\Windows\System\NjUiLwc.exe
  2⤵
  PID:7940
- C:\Windows\System\PbadXUt.exe
  C:\Windows\System\PbadXUt.exe
  2⤵
  PID:8020
- C:\Windows\System\zlTcShN.exe
  C:\Windows\System\zlTcShN.exe
  2⤵
  PID:8024
- C:\Windows\System\BQYflQw.exe
  C:\Windows\System\BQYflQw.exe
  2⤵
  PID:8060
- C:\Windows\System\bKqCxHS.exe
  C:\Windows\System\bKqCxHS.exe
  2⤵
  PID:8136
- C:\Windows\System\fbRQUMj.exe
  C:\Windows\System\fbRQUMj.exe
  2⤵
  PID:6288
- C:\Windows\System\AaMGviQ.exe
  C:\Windows\System\AaMGviQ.exe
  2⤵
  PID:6796
- C:\Windows\System\yhNPTbt.exe
  C:\Windows\System\yhNPTbt.exe
  2⤵
  PID:7240
- C:\Windows\System\VMrvguy.exe
  C:\Windows\System\VMrvguy.exe
  2⤵
  PID:7172
- C:\Windows\System\WaAKfez.exe
  C:\Windows\System\WaAKfez.exe
  2⤵
  PID:7296
- C:\Windows\System\zJQfTwj.exe
  C:\Windows\System\zJQfTwj.exe
  2⤵
  PID:7472
- C:\Windows\System\ZLSvPXQ.exe
  C:\Windows\System\ZLSvPXQ.exe
  2⤵
  PID:7500
- C:\Windows\System\EspydrU.exe
  C:\Windows\System\EspydrU.exe
  2⤵
  PID:7572
- C:\Windows\System\ugwtBgL.exe
  C:\Windows\System\ugwtBgL.exe
  2⤵
  PID:7552
- C:\Windows\System\RbJsQIH.exe
  C:\Windows\System\RbJsQIH.exe
  2⤵
  PID:7720
- C:\Windows\System\ImHbbbm.exe
  C:\Windows\System\ImHbbbm.exe
  2⤵
  PID:2884
- C:\Windows\System\JrLPLeZ.exe
  C:\Windows\System\JrLPLeZ.exe
  2⤵
  PID:7896
- C:\Windows\System\PFmxoiI.exe
  C:\Windows\System\PFmxoiI.exe
  2⤵
  PID:8004
- C:\Windows\System\UBdskeX.exe
  C:\Windows\System\UBdskeX.exe
  2⤵
  PID:7996
- C:\Windows\System\etTLZHo.exe
  C:\Windows\System\etTLZHo.exe
  2⤵
  PID:6428
- C:\Windows\System\YIZiMKF.exe
  C:\Windows\System\YIZiMKF.exe
  2⤵
  PID:6768
- C:\Windows\System\ZJkrQpA.exe
  C:\Windows\System\ZJkrQpA.exe
  2⤵
  PID:2616
- C:\Windows\System\YraWOAv.exe
  C:\Windows\System\YraWOAv.exe
  2⤵
  PID:6976
- C:\Windows\System\KagmEkP.exe
  C:\Windows\System\KagmEkP.exe
  2⤵
  PID:7336
- C:\Windows\System\QZnBvBS.exe
  C:\Windows\System\QZnBvBS.exe
  2⤵
  PID:8212
- C:\Windows\System\NhXEHLl.exe
  C:\Windows\System\NhXEHLl.exe
  2⤵
  PID:8232
- C:\Windows\System\towvNTh.exe
  C:\Windows\System\towvNTh.exe
  2⤵
  PID:8252
- C:\Windows\System\gMsULVH.exe
  C:\Windows\System\gMsULVH.exe
  2⤵
  PID:8272
- C:\Windows\System\luOeSUQ.exe
  C:\Windows\System\luOeSUQ.exe
  2⤵
  PID:8288
- C:\Windows\System\YoUYecU.exe
  C:\Windows\System\YoUYecU.exe
  2⤵
  PID:8312
- C:\Windows\System\OIVdwdm.exe
  C:\Windows\System\OIVdwdm.exe
  2⤵
  PID:8332
- C:\Windows\System\dIBHXER.exe
  C:\Windows\System\dIBHXER.exe
  2⤵
  PID:8352
- C:\Windows\System\SIVRWfz.exe
  C:\Windows\System\SIVRWfz.exe
  2⤵
  PID:8372
- C:\Windows\System\dCjfJVN.exe
  C:\Windows\System\dCjfJVN.exe
  2⤵
  PID:8392
- C:\Windows\System\ASZumym.exe
  C:\Windows\System\ASZumym.exe
  2⤵
  PID:8412
- C:\Windows\System\AIWyZRQ.exe
  C:\Windows\System\AIWyZRQ.exe
  2⤵
  PID:8432
- C:\Windows\System\YKalGBM.exe
  C:\Windows\System\YKalGBM.exe
  2⤵
  PID:8452
- C:\Windows\System\HZijriH.exe
  C:\Windows\System\HZijriH.exe
  2⤵
  PID:8472
- C:\Windows\System\MPVnvwY.exe
  C:\Windows\System\MPVnvwY.exe
  2⤵
  PID:8492
- C:\Windows\System\FASbMKd.exe
  C:\Windows\System\FASbMKd.exe
  2⤵
  PID:8508
- C:\Windows\System\VULkCJl.exe
  C:\Windows\System\VULkCJl.exe
  2⤵
  PID:8528
- C:\Windows\System\jloMzPG.exe
  C:\Windows\System\jloMzPG.exe
  2⤵
  PID:8552
- C:\Windows\System\EoAvASI.exe
  C:\Windows\System\EoAvASI.exe
  2⤵
  PID:8572
- C:\Windows\System\QXOBuit.exe
  C:\Windows\System\QXOBuit.exe
  2⤵
  PID:8592
- C:\Windows\System\GKQeoJY.exe
  C:\Windows\System\GKQeoJY.exe
  2⤵
  PID:8612
- C:\Windows\System\vyKStrh.exe
  C:\Windows\System\vyKStrh.exe
  2⤵
  PID:8632
- C:\Windows\System\sfFZuJm.exe
  C:\Windows\System\sfFZuJm.exe
  2⤵
  PID:8648
- C:\Windows\System\RmVYneW.exe
  C:\Windows\System\RmVYneW.exe
  2⤵
  PID:8668
- C:\Windows\System\OjNiGGv.exe
  C:\Windows\System\OjNiGGv.exe
  2⤵
  PID:8692
- C:\Windows\System\wVFMAHs.exe
  C:\Windows\System\wVFMAHs.exe
  2⤵
  PID:8712
- C:\Windows\System\ELwhSiH.exe
  C:\Windows\System\ELwhSiH.exe
  2⤵
  PID:8732
- C:\Windows\System\MXuNjVR.exe
  C:\Windows\System\MXuNjVR.exe
  2⤵
  PID:8748
- C:\Windows\System\cnvXiZL.exe
  C:\Windows\System\cnvXiZL.exe
  2⤵
  PID:8768
- C:\Windows\System\FntjipL.exe
  C:\Windows\System\FntjipL.exe
  2⤵
  PID:8788
- C:\Windows\System\LIGMYQI.exe
  C:\Windows\System\LIGMYQI.exe
  2⤵
  PID:8812
- C:\Windows\System\KpmoVNl.exe
  C:\Windows\System\KpmoVNl.exe
  2⤵
  PID:8832
- C:\Windows\System\TpryLzn.exe
  C:\Windows\System\TpryLzn.exe
  2⤵
  PID:8852
- C:\Windows\System\ffJQTZr.exe
  C:\Windows\System\ffJQTZr.exe
  2⤵
  PID:8872
- C:\Windows\System\ZPOqpoP.exe
  C:\Windows\System\ZPOqpoP.exe
  2⤵
  PID:8892
- C:\Windows\System\saCJjVD.exe
  C:\Windows\System\saCJjVD.exe
  2⤵
  PID:8912
- C:\Windows\System\qdErEOs.exe
  C:\Windows\System\qdErEOs.exe
  2⤵
  PID:8932
- C:\Windows\System\yorHmnt.exe
  C:\Windows\System\yorHmnt.exe
  2⤵
  PID:8956
- C:\Windows\System\HyUMInu.exe
  C:\Windows\System\HyUMInu.exe
  2⤵
  PID:8976
- C:\Windows\System\zhPcMqq.exe
  C:\Windows\System\zhPcMqq.exe
  2⤵
  PID:8996
- C:\Windows\System\UUZGIml.exe
  C:\Windows\System\UUZGIml.exe
  2⤵
  PID:9016
- C:\Windows\System\aduktji.exe
  C:\Windows\System\aduktji.exe
  2⤵
  PID:9036
- C:\Windows\System\pclyIoX.exe
  C:\Windows\System\pclyIoX.exe
  2⤵
  PID:9056
- C:\Windows\System\YwNmBid.exe
  C:\Windows\System\YwNmBid.exe
  2⤵
  PID:9072
- C:\Windows\System\URWcImp.exe
  C:\Windows\System\URWcImp.exe
  2⤵
  PID:9088
- C:\Windows\System\ZICRuly.exe
  C:\Windows\System\ZICRuly.exe
  2⤵
  PID:9104
- C:\Windows\System\dfskKxC.exe
  C:\Windows\System\dfskKxC.exe
  2⤵
  PID:9120
- C:\Windows\System\aVzvVMg.exe
  C:\Windows\System\aVzvVMg.exe
  2⤵
  PID:9136
- C:\Windows\System\BGcTSrb.exe
  C:\Windows\System\BGcTSrb.exe
  2⤵
  PID:9152
- C:\Windows\System\RTQBJLz.exe
  C:\Windows\System\RTQBJLz.exe
  2⤵
  PID:9168
- C:\Windows\System\obEZawx.exe
  C:\Windows\System\obEZawx.exe
  2⤵
  PID:9184
- C:\Windows\System\bfhhgED.exe
  C:\Windows\System\bfhhgED.exe
  2⤵
  PID:9200
- C:\Windows\System\UjtBZgF.exe
  C:\Windows\System\UjtBZgF.exe
  2⤵
  PID:7560
- C:\Windows\System\blIZWIX.exe
  C:\Windows\System\blIZWIX.exe
  2⤵
  PID:7652
- C:\Windows\System\iqJmLyB.exe
  C:\Windows\System\iqJmLyB.exe
  2⤵
  PID:1056
- C:\Windows\System\EUSAvYP.exe
  C:\Windows\System\EUSAvYP.exe
  2⤵
  PID:7884
- C:\Windows\System\nyJVixZ.exe
  C:\Windows\System\nyJVixZ.exe
  2⤵
  PID:7840
- C:\Windows\System\TERXFHP.exe
  C:\Windows\System\TERXFHP.exe
  2⤵
  PID:8040
- C:\Windows\System\hvjXAxq.exe
  C:\Windows\System\hvjXAxq.exe
  2⤵
  PID:8016
- C:\Windows\System\hgWSoei.exe
  C:\Windows\System\hgWSoei.exe
  2⤵
  PID:7236
- C:\Windows\System\dkXOYiF.exe
  C:\Windows\System\dkXOYiF.exe
  2⤵
  PID:7352
- C:\Windows\System\tvFeSUX.exe
  C:\Windows\System\tvFeSUX.exe
  2⤵
  PID:8240
- C:\Windows\System\sHXQGVk.exe
  C:\Windows\System\sHXQGVk.exe
  2⤵
  PID:8224
- C:\Windows\System\jcpJwjk.exe
  C:\Windows\System\jcpJwjk.exe
  2⤵
  PID:8320
- C:\Windows\System\vpOgWAE.exe
  C:\Windows\System\vpOgWAE.exe
  2⤵
  PID:8300
- C:\Windows\System\ZwwsJzz.exe
  C:\Windows\System\ZwwsJzz.exe
  2⤵
  PID:8340
- C:\Windows\System\XsQUULS.exe
  C:\Windows\System\XsQUULS.exe
  2⤵
  PID:8400
- C:\Windows\System\hmkhTWW.exe
  C:\Windows\System\hmkhTWW.exe
  2⤵
  PID:8380
- C:\Windows\System\lqZMysG.exe
  C:\Windows\System\lqZMysG.exe
  2⤵
  PID:1756
- C:\Windows\System\dUdrouo.exe
  C:\Windows\System\dUdrouo.exe
  2⤵
  PID:8424
- C:\Windows\System\aUSxcZv.exe
  C:\Windows\System\aUSxcZv.exe
  2⤵
  PID:8464
- C:\Windows\System\kKOyaSS.exe
  C:\Windows\System\kKOyaSS.exe
  2⤵
  PID:8580
- C:\Windows\System\jppkrRg.exe
  C:\Windows\System\jppkrRg.exe
  2⤵
  PID:8628
- C:\Windows\System\nszuQvv.exe
  C:\Windows\System\nszuQvv.exe
  2⤵
  PID:568
- C:\Windows\System\OOyMdja.exe
  C:\Windows\System\OOyMdja.exe
  2⤵
  PID:8680
- C:\Windows\System\OcqLckQ.exe
  C:\Windows\System\OcqLckQ.exe
  2⤵
  PID:8720
- C:\Windows\System\PYEtrgW.exe
  C:\Windows\System\PYEtrgW.exe
  2⤵
  PID:8724
- C:\Windows\System\QapjElz.exe
  C:\Windows\System\QapjElz.exe
  2⤵
  PID:8760
- C:\Windows\System\pGaSLFc.exe
  C:\Windows\System\pGaSLFc.exe
  2⤵
  PID:8744
- C:\Windows\System\NaNqaON.exe
  C:\Windows\System\NaNqaON.exe
  2⤵
  PID:8784
- C:\Windows\System\OVFgmCR.exe
  C:\Windows\System\OVFgmCR.exe
  2⤵
  PID:8828
- C:\Windows\System\IaPFyNV.exe
  C:\Windows\System\IaPFyNV.exe
  2⤵
  PID:8824
- C:\Windows\System\mVKfmHu.exe
  C:\Windows\System\mVKfmHu.exe
  2⤵
  PID:8868
- C:\Windows\System\CKCoVWW.exe
  C:\Windows\System\CKCoVWW.exe
  2⤵
  PID:4856
- C:\Windows\System\diclNFW.exe
  C:\Windows\System\diclNFW.exe
  2⤵
  PID:1804
- C:\Windows\System\ZdCinfL.exe
  C:\Windows\System\ZdCinfL.exe
  2⤵
  PID:8908
- C:\Windows\System\ECwilVZ.exe
  C:\Windows\System\ECwilVZ.exe
  2⤵
  PID:8948
- C:\Windows\System\DPSPirK.exe
  C:\Windows\System\DPSPirK.exe
  2⤵
  PID:9044
- C:\Windows\System\uqqncuj.exe
  C:\Windows\System\uqqncuj.exe
  2⤵
  PID:9080
- C:\Windows\System\fhYOKzw.exe
  C:\Windows\System\fhYOKzw.exe
  2⤵
  PID:1660
- C:\Windows\System\VmOkCUD.exe
  C:\Windows\System\VmOkCUD.exe
  2⤵
  PID:544
- C:\Windows\System\SaMiNxi.exe
  C:\Windows\System\SaMiNxi.exe
  2⤵
  PID:264
- C:\Windows\System\yqjkuNG.exe
  C:\Windows\System\yqjkuNG.exe
  2⤵
  PID:9116
- C:\Windows\System\YqVBcta.exe
  C:\Windows\System\YqVBcta.exe
  2⤵
  PID:9148
- C:\Windows\System\fSdWWEj.exe
  C:\Windows\System\fSdWWEj.exe
  2⤵
  PID:2512
- C:\Windows\System\DcHjmbz.exe
  C:\Windows\System\DcHjmbz.exe
  2⤵
  PID:9164
- C:\Windows\System\jAnywpf.exe
  C:\Windows\System\jAnywpf.exe
  2⤵
  PID:3064
- C:\Windows\System\WNIRPaI.exe
  C:\Windows\System\WNIRPaI.exe
  2⤵
  PID:9196
- C:\Windows\System\djBJXAT.exe
  C:\Windows\System\djBJXAT.exe
  2⤵
  PID:2732
- C:\Windows\System\pnDLzoQ.exe
  C:\Windows\System\pnDLzoQ.exe
  2⤵
  PID:7796
- C:\Windows\System\qWHswQX.exe
  C:\Windows\System\qWHswQX.exe
  2⤵
  PID:7964
- C:\Windows\System\YSBPZpj.exe
  C:\Windows\System\YSBPZpj.exe
  2⤵
  PID:8176
- C:\Windows\System\dmIQPMb.exe
  C:\Windows\System\dmIQPMb.exe
  2⤵
  PID:8124
- C:\Windows\System\lXqhpdy.exe
  C:\Windows\System\lXqhpdy.exe
  2⤵
  PID:6616
- C:\Windows\System\smMrBCh.exe
  C:\Windows\System\smMrBCh.exe
  2⤵
  PID:7228
- C:\Windows\System\EdhKYft.exe
  C:\Windows\System\EdhKYft.exe
  2⤵
  PID:8268
- C:\Windows\System\LhOgIMU.exe
  C:\Windows\System\LhOgIMU.exe
  2⤵
  PID:8324
- C:\Windows\System\ZEkWnvd.exe
  C:\Windows\System\ZEkWnvd.exe
  2⤵
  PID:8364
- C:\Windows\System\tmXSfSP.exe
  C:\Windows\System\tmXSfSP.exe
  2⤵
  PID:8408
- C:\Windows\System\bVYrCNe.exe
  C:\Windows\System\bVYrCNe.exe
  2⤵
  PID:4936
- C:\Windows\System\qVCMjuL.exe
  C:\Windows\System\qVCMjuL.exe
  2⤵
  PID:8444
- C:\Windows\System\ecWeXit.exe
  C:\Windows\System\ecWeXit.exe
  2⤵
  PID:8524
- C:\Windows\System\eFvMPWt.exe
  C:\Windows\System\eFvMPWt.exe
  2⤵
  PID:8568
- C:\Windows\System\vqZQPRF.exe
  C:\Windows\System\vqZQPRF.exe
  2⤵
  PID:8548
- C:\Windows\System\vHByfxS.exe
  C:\Windows\System\vHByfxS.exe
  2⤵
  PID:8584
- C:\Windows\System\mQhANsu.exe
  C:\Windows\System\mQhANsu.exe
  2⤵
  PID:2960
- C:\Windows\System\rpRraig.exe
  C:\Windows\System\rpRraig.exe
  2⤵
  PID:2156
- C:\Windows\System\qjFyZPz.exe
  C:\Windows\System\qjFyZPz.exe
  2⤵
  PID:8644
- C:\Windows\System\YBARxis.exe
  C:\Windows\System\YBARxis.exe
  2⤵
  PID:8660
- C:\Windows\System\rsBhcNK.exe
  C:\Windows\System\rsBhcNK.exe
  2⤵
  PID:8800
- C:\Windows\System\xJwhgud.exe
  C:\Windows\System\xJwhgud.exe
  2⤵
  PID:8888
- C:\Windows\System\ZNLxfGU.exe
  C:\Windows\System\ZNLxfGU.exe
  2⤵
  PID:8924
- C:\Windows\System\isutFxG.exe
  C:\Windows\System\isutFxG.exe
  2⤵
  PID:2016
- C:\Windows\System\KvEiNqn.exe
  C:\Windows\System\KvEiNqn.exe
  2⤵
  PID:8844
- C:\Windows\System\RqWKaeo.exe
  C:\Windows\System\RqWKaeo.exe
  2⤵
  PID:8684
- C:\Windows\System\uGMTYBJ.exe
  C:\Windows\System\uGMTYBJ.exe
  2⤵
  PID:8984
- C:\Windows\System\AjTnOhB.exe
  C:\Windows\System\AjTnOhB.exe
  2⤵
  PID:9012
- C:\Windows\System\DlCjOwm.exe
  C:\Windows\System\DlCjOwm.exe
  2⤵
  PID:9008
- C:\Windows\System\fjyVNWy.exe
  C:\Windows\System\fjyVNWy.exe
  2⤵
  PID:9028
- C:\Windows\System\pKxfHwU.exe
  C:\Windows\System\pKxfHwU.exe
  2⤵
  PID:2656
- C:\Windows\System\oXVyFDe.exe
  C:\Windows\System\oXVyFDe.exe
  2⤵
  PID:9160
- C:\Windows\System\PhaUBAl.exe
  C:\Windows\System\PhaUBAl.exe
  2⤵
  PID:9048
- C:\Windows\System\BpgpHwS.exe
  C:\Windows\System\BpgpHwS.exe
  2⤵
  PID:9112
- C:\Windows\System\DgcoqEc.exe
  C:\Windows\System\DgcoqEc.exe
  2⤵
  PID:7456
- C:\Windows\System\GUxDarB.exe
  C:\Windows\System\GUxDarB.exe
  2⤵
  PID:2456
- C:\Windows\System\fvLlRki.exe
  C:\Windows\System\fvLlRki.exe
  2⤵
  PID:7252
- C:\Windows\System\KvjkHbt.exe
  C:\Windows\System\KvjkHbt.exe
  2⤵
  PID:8308
- C:\Windows\System\UtmBXtU.exe
  C:\Windows\System\UtmBXtU.exe
  2⤵
  PID:8516
- C:\Windows\System\QccJtOY.exe
  C:\Windows\System\QccJtOY.exe
  2⤵
  PID:8244
- C:\Windows\System\FYFWqbs.exe
  C:\Windows\System\FYFWqbs.exe
  2⤵
  PID:8688
- C:\Windows\System\ZZOcNwz.exe
  C:\Windows\System\ZZOcNwz.exe
  2⤵
  PID:1664
- C:\Windows\System\lkyIYOv.exe
  C:\Windows\System\lkyIYOv.exe
  2⤵
  PID:8940
- C:\Windows\System\TzhKayj.exe
  C:\Windows\System\TzhKayj.exe
  2⤵
  PID:2936
- C:\Windows\System\gafxNCj.exe
  C:\Windows\System\gafxNCj.exe
  2⤵
  PID:1724
- C:\Windows\System\ontmEoh.exe
  C:\Windows\System\ontmEoh.exe
  2⤵
  PID:9180
- C:\Windows\System\ngqqoLq.exe
  C:\Windows\System\ngqqoLq.exe
  2⤵
  PID:2928
- C:\Windows\System\vsYKlUS.exe
  C:\Windows\System\vsYKlUS.exe
  2⤵
  PID:1584
- C:\Windows\System\exIJvKk.exe
  C:\Windows\System\exIJvKk.exe
  2⤵
  PID:8228
- C:\Windows\System\sNEnnRa.exe
  C:\Windows\System\sNEnnRa.exe
  2⤵
  PID:8280
- C:\Windows\System\ImwkoIt.exe
  C:\Windows\System\ImwkoIt.exe
  2⤵
  PID:8428
- C:\Windows\System\BKdAOjf.exe
  C:\Windows\System\BKdAOjf.exe
  2⤵
  PID:8500
- C:\Windows\System\UPjledA.exe
  C:\Windows\System\UPjledA.exe
  2⤵
  PID:1292
- C:\Windows\System\odoOBtm.exe
  C:\Windows\System\odoOBtm.exe
  2⤵
  PID:2644
- C:\Windows\System\VkHUpIq.exe
  C:\Windows\System\VkHUpIq.exe
  2⤵
  PID:1784
- C:\Windows\System\dAJWDaA.exe
  C:\Windows\System\dAJWDaA.exe
  2⤵
  PID:8884
- C:\Windows\System\BeJWbzM.exe
  C:\Windows\System\BeJWbzM.exe
  2⤵
  PID:9144
- C:\Windows\System\snfeWWj.exe
  C:\Windows\System\snfeWWj.exe
  2⤵
  PID:8964
- C:\Windows\System\fBjQlEN.exe
  C:\Windows\System\fBjQlEN.exe
  2⤵
  PID:8992
- C:\Windows\System\YpWSzHS.exe
  C:\Windows\System\YpWSzHS.exe
  2⤵
  PID:8208
- C:\Windows\System\LuIEYJa.exe
  C:\Windows\System\LuIEYJa.exe
  2⤵
  PID:8384
- C:\Windows\System\gchndjb.exe
  C:\Windows\System\gchndjb.exe
  2⤵
  PID:8284
- C:\Windows\System\HnehBbH.exe
  C:\Windows\System\HnehBbH.exe
  2⤵
  PID:7360
- C:\Windows\System\EFPFiZK.exe
  C:\Windows\System\EFPFiZK.exe
  2⤵
  PID:840
- C:\Windows\System\YtiTnCd.exe
  C:\Windows\System\YtiTnCd.exe
  2⤵
  PID:9192
- C:\Windows\System\mfKtpHc.exe
  C:\Windows\System\mfKtpHc.exe
  2⤵
  PID:8504
- C:\Windows\System\WdVdlOx.exe
  C:\Windows\System\WdVdlOx.exe
  2⤵
  PID:2760
- C:\Windows\System\pnasBQB.exe
  C:\Windows\System\pnasBQB.exe
  2⤵
  PID:9228
- C:\Windows\System\tHxdvYd.exe
  C:\Windows\System\tHxdvYd.exe
  2⤵
  PID:9244
- C:\Windows\System\ORpmpYK.exe
  C:\Windows\System\ORpmpYK.exe
  2⤵
  PID:9260
- C:\Windows\System\BXNJJsX.exe
  C:\Windows\System\BXNJJsX.exe
  2⤵
  PID:9276
- C:\Windows\System\UgUVYoH.exe
  C:\Windows\System\UgUVYoH.exe
  2⤵
  PID:9292
- C:\Windows\System\itJghve.exe
  C:\Windows\System\itJghve.exe
  2⤵
  PID:9320
- C:\Windows\System\ImbvYii.exe
  C:\Windows\System\ImbvYii.exe
  2⤵
  PID:9336
- C:\Windows\System\rANnOge.exe
  C:\Windows\System\rANnOge.exe
  2⤵
  PID:9352
- C:\Windows\System\tkHtMRI.exe
  C:\Windows\System\tkHtMRI.exe
  2⤵
  PID:9368
- C:\Windows\System\AeEAzlQ.exe
  C:\Windows\System\AeEAzlQ.exe
  2⤵
  PID:9384
- C:\Windows\System\MxkHjgk.exe
  C:\Windows\System\MxkHjgk.exe
  2⤵
  PID:9400
- C:\Windows\System\kgaXHfp.exe
  C:\Windows\System\kgaXHfp.exe
  2⤵
  PID:9416
- C:\Windows\System\iqxTAHR.exe
  C:\Windows\System\iqxTAHR.exe
  2⤵
  PID:9432
- C:\Windows\System\eFcKYzq.exe
  C:\Windows\System\eFcKYzq.exe
  2⤵
  PID:9448
- C:\Windows\System\tZxpxZI.exe
  C:\Windows\System\tZxpxZI.exe
  2⤵
  PID:9464
- C:\Windows\System\BqcVUUL.exe
  C:\Windows\System\BqcVUUL.exe
  2⤵
  PID:9480
- C:\Windows\System\klUPmqy.exe
  C:\Windows\System\klUPmqy.exe
  2⤵
  PID:9496
- C:\Windows\System\tTQNHTj.exe
  C:\Windows\System\tTQNHTj.exe
  2⤵
  PID:9512
- C:\Windows\System\BcWukCU.exe
  C:\Windows\System\BcWukCU.exe
  2⤵
  PID:9532
- C:\Windows\System\fFGGfJL.exe
  C:\Windows\System\fFGGfJL.exe
  2⤵
  PID:9548
- C:\Windows\System\SXpDDuR.exe
  C:\Windows\System\SXpDDuR.exe
  2⤵
  PID:9564
- C:\Windows\System\ETINOqZ.exe
  C:\Windows\System\ETINOqZ.exe
  2⤵
  PID:9580
- C:\Windows\System\EyspdUw.exe
  C:\Windows\System\EyspdUw.exe
  2⤵
  PID:9596
- C:\Windows\System\YutlwxA.exe
  C:\Windows\System\YutlwxA.exe
  2⤵
  PID:9616
- C:\Windows\System\CMJHdLi.exe
  C:\Windows\System\CMJHdLi.exe
  2⤵
  PID:9636
- C:\Windows\System\alccdkz.exe
  C:\Windows\System\alccdkz.exe
  2⤵
  PID:9652
- C:\Windows\System\lJZDjng.exe
  C:\Windows\System\lJZDjng.exe
  2⤵
  PID:9668
- C:\Windows\System\oPapLGy.exe
  C:\Windows\System\oPapLGy.exe
  2⤵
  PID:9684
- C:\Windows\System\dkNGbkb.exe
  C:\Windows\System\dkNGbkb.exe
  2⤵
  PID:9700
- C:\Windows\System\DtiFCGE.exe
  C:\Windows\System\DtiFCGE.exe
  2⤵
  PID:9716
- C:\Windows\System\IjUeYsV.exe
  C:\Windows\System\IjUeYsV.exe
  2⤵
  PID:9732
- C:\Windows\System\lhJCCHE.exe
  C:\Windows\System\lhJCCHE.exe
  2⤵
  PID:9748
- C:\Windows\System\QVeDYwq.exe
  C:\Windows\System\QVeDYwq.exe
  2⤵
  PID:9764
- C:\Windows\System\pioXmXg.exe
  C:\Windows\System\pioXmXg.exe
  2⤵
  PID:9780
- C:\Windows\System\KGfVXGK.exe
  C:\Windows\System\KGfVXGK.exe
  2⤵
  PID:9804
- C:\Windows\System\ZVKbAIW.exe
  C:\Windows\System\ZVKbAIW.exe
  2⤵
  PID:9824
- C:\Windows\System\gdePuYI.exe
  C:\Windows\System\gdePuYI.exe
  2⤵
  PID:9848
- C:\Windows\System\ZJlLQAl.exe
  C:\Windows\System\ZJlLQAl.exe
  2⤵
  PID:9864
- C:\Windows\System\iMdvsMW.exe
  C:\Windows\System\iMdvsMW.exe
  2⤵
  PID:9880
- C:\Windows\System\vPSPPqn.exe
  C:\Windows\System\vPSPPqn.exe
  2⤵
  PID:9896
- C:\Windows\System\GofAFtu.exe
  C:\Windows\System\GofAFtu.exe
  2⤵
  PID:9912
- C:\Windows\System\KthDJHQ.exe
  C:\Windows\System\KthDJHQ.exe
  2⤵
  PID:9928
- C:\Windows\System\XNwWKql.exe
  C:\Windows\System\XNwWKql.exe
  2⤵
  PID:9948
- C:\Windows\System\WuNPuyd.exe
  C:\Windows\System\WuNPuyd.exe
  2⤵
  PID:9964
- C:\Windows\System\PmrVtew.exe
  C:\Windows\System\PmrVtew.exe
  2⤵
  PID:9980
- C:\Windows\System\ONnbUoR.exe
  C:\Windows\System\ONnbUoR.exe
  2⤵
  PID:9996
- C:\Windows\System\uKsNaqI.exe
  C:\Windows\System\uKsNaqI.exe
  2⤵
  PID:10012
- C:\Windows\System\hLNAVpT.exe
  C:\Windows\System\hLNAVpT.exe
  2⤵
  PID:10028
- C:\Windows\System\vXhcLHy.exe
  C:\Windows\System\vXhcLHy.exe
  2⤵
  PID:10044
- C:\Windows\System\zpAPrsY.exe
  C:\Windows\System\zpAPrsY.exe
  2⤵
  PID:10060
- C:\Windows\System\qRJCpvy.exe
  C:\Windows\System\qRJCpvy.exe
  2⤵
  PID:10076
- C:\Windows\System\bilJlxu.exe
  C:\Windows\System\bilJlxu.exe
  2⤵
  PID:10092
- C:\Windows\System\QMQEyRY.exe
  C:\Windows\System\QMQEyRY.exe
  2⤵
  PID:10108
- C:\Windows\System\yGkXbbe.exe
  C:\Windows\System\yGkXbbe.exe
  2⤵
  PID:10124
- C:\Windows\System\JvEHcQe.exe
  C:\Windows\System\JvEHcQe.exe
  2⤵
  PID:10140
- C:\Windows\System\MBzZlyA.exe
  C:\Windows\System\MBzZlyA.exe
  2⤵
  PID:10156
- C:\Windows\System\PwFTHxB.exe
  C:\Windows\System\PwFTHxB.exe
  2⤵
  PID:10172
- C:\Windows\System\OPpyYFY.exe
  C:\Windows\System\OPpyYFY.exe
  2⤵
  PID:10192
- C:\Windows\System\WkUqcLb.exe
  C:\Windows\System\WkUqcLb.exe
  2⤵
  PID:10208
- C:\Windows\System\jDiWLNV.exe
  C:\Windows\System\jDiWLNV.exe
  2⤵
  PID:10224
- C:\Windows\System\qlGPzma.exe
  C:\Windows\System\qlGPzma.exe
  2⤵
  PID:8928
- C:\Windows\System\MTrJifH.exe
  C:\Windows\System\MTrJifH.exe
  2⤵
  PID:8104
- C:\Windows\System\MyJCcaI.exe
  C:\Windows\System\MyJCcaI.exe
  2⤵
  PID:8972
- C:\Windows\System\lsPUTZM.exe
  C:\Windows\System\lsPUTZM.exe
  2⤵
  PID:9272
- C:\Windows\System\VAarneW.exe
  C:\Windows\System\VAarneW.exe
  2⤵
  PID:1284
- C:\Windows\System\lGURiHy.exe
  C:\Windows\System\lGURiHy.exe
  2⤵
  PID:9252
- C:\Windows\System\oMVeMxP.exe
  C:\Windows\System\oMVeMxP.exe
  2⤵
  PID:9492
- C:\Windows\System\JgRXyNy.exe
  C:\Windows\System\JgRXyNy.exe
  2⤵
  PID:9348
- C:\Windows\System\UyiqyaE.exe
  C:\Windows\System\UyiqyaE.exe
  2⤵
  PID:9540
- C:\Windows\System\JaMPexa.exe
  C:\Windows\System\JaMPexa.exe
  2⤵
  PID:9604
- C:\Windows\System\XVUIifk.exe
  C:\Windows\System\XVUIifk.exe
  2⤵
  PID:9648
- C:\Windows\System\UzvkMdW.exe
  C:\Windows\System\UzvkMdW.exe
  2⤵
  PID:9696
- C:\Windows\System\UrJYQEN.exe
  C:\Windows\System\UrJYQEN.exe
  2⤵
  PID:9624
- C:\Windows\System\qHKaLca.exe
  C:\Windows\System\qHKaLca.exe
  2⤵
  PID:9660
- C:\Windows\System\XKwjGRO.exe
  C:\Windows\System\XKwjGRO.exe
  2⤵
  PID:9392
- C:\Windows\System\FNzdEuT.exe
  C:\Windows\System\FNzdEuT.exe
  2⤵
  PID:9428
- C:\Windows\System\gHKfTCq.exe
  C:\Windows\System\gHKfTCq.exe
  2⤵
  PID:9816
- C:\Windows\System\bwNFHIB.exe
  C:\Windows\System\bwNFHIB.exe
  2⤵
  PID:9756
- C:\Windows\System\KYhWdAz.exe
  C:\Windows\System\KYhWdAz.exe
  2⤵
  PID:9892
- C:\Windows\System\OhqCWLX.exe
  C:\Windows\System\OhqCWLX.exe
  2⤵
  PID:9792
- C:\Windows\System\NarZmAd.exe
  C:\Windows\System\NarZmAd.exe
  2⤵
  PID:9836
- C:\Windows\System\ysvRWiD.exe
  C:\Windows\System\ysvRWiD.exe
  2⤵
  PID:10020
- C:\Windows\System\WomBwpR.exe
  C:\Windows\System\WomBwpR.exe
  2⤵
  PID:8840
- C:\Windows\System\cgdvUYo.exe
  C:\Windows\System\cgdvUYo.exe
  2⤵
  PID:10116
- C:\Windows\System\YBrdiTR.exe
  C:\Windows\System\YBrdiTR.exe
  2⤵
  PID:10200
- C:\Windows\System\HDSByvS.exe
  C:\Windows\System\HDSByvS.exe
  2⤵
  PID:10188
- C:\Windows\System\SCbMCqO.exe
  C:\Windows\System\SCbMCqO.exe
  2⤵
  PID:10216
- C:\Windows\System\zCQpUsD.exe
  C:\Windows\System\zCQpUsD.exe
  2⤵
  PID:8756
- C:\Windows\System\ZlJtqII.exe
  C:\Windows\System\ZlJtqII.exe
  2⤵
  PID:9328
- C:\Windows\System\xzxtZWi.exe
  C:\Windows\System\xzxtZWi.exe
  2⤵
  PID:9236
- C:\Windows\System\bzSjImf.exe
  C:\Windows\System\bzSjImf.exe
  2⤵
  PID:9308
- C:\Windows\System\WLvzMIP.exe
  C:\Windows\System\WLvzMIP.exe
  2⤵
  PID:9612
- C:\Windows\System\QYKLWuL.exe
  C:\Windows\System\QYKLWuL.exe
  2⤵
  PID:9576
- C:\Windows\System\LhxTzyA.exe
  C:\Windows\System\LhxTzyA.exe
  2⤵
  PID:9488
- C:\Windows\System\GIrWDqR.exe
  C:\Windows\System\GIrWDqR.exe
  2⤵
  PID:9476
- C:\Windows\System\aScOqig.exe
  C:\Windows\System\aScOqig.exe
  2⤵
  PID:9412
- C:\Windows\System\zHBYRIY.exe
  C:\Windows\System\zHBYRIY.exe
  2⤵
  PID:9740
- C:\Windows\System\WtmtwHY.exe
  C:\Windows\System\WtmtwHY.exe
  2⤵
  PID:9812
- C:\Windows\System\zhKIORj.exe
  C:\Windows\System\zhKIORj.exe
  2⤵
  PID:9856
- C:\Windows\System\NQSteQz.exe
  C:\Windows\System\NQSteQz.exe
  2⤵
  PID:9888
- C:\Windows\System\AtEPwEi.exe
  C:\Windows\System\AtEPwEi.exe
  2⤵
  PID:9796
- C:\Windows\System\mLLdRTe.exe
  C:\Windows\System\mLLdRTe.exe
  2⤵
  PID:9872
- C:\Windows\System\aybqRGy.exe
  C:\Windows\System\aybqRGy.exe
  2⤵
  PID:10072
- C:\Windows\System\emQfaAf.exe
  C:\Windows\System\emQfaAf.exe
  2⤵
  PID:10164
- C:\Windows\System\zhSgfGW.exe
  C:\Windows\System\zhSgfGW.exe
  2⤵
  PID:9944
- C:\Windows\System\ofoZCVW.exe
  C:\Windows\System\ofoZCVW.exe
  2⤵
  PID:9992
- C:\Windows\System\SrkvHCW.exe
  C:\Windows\System\SrkvHCW.exe
  2⤵
  PID:1356
- C:\Windows\System\cmwndda.exe
  C:\Windows\System\cmwndda.exe
  2⤵
  PID:10180
- C:\Windows\System\rTCbiho.exe
  C:\Windows\System\rTCbiho.exe
  2⤵
  PID:10236
- C:\Windows\System\MddHJti.exe
  C:\Windows\System\MddHJti.exe
  2⤵
  PID:9288
- C:\Windows\System\jqZuGPD.exe
  C:\Windows\System\jqZuGPD.exe
  2⤵
  PID:9572
- C:\Windows\System\ucEiEIC.exe
  C:\Windows\System\ucEiEIC.exe
  2⤵
  PID:9588
- C:\Windows\System\qPOqffR.exe
  C:\Windows\System\qPOqffR.exe
  2⤵
  PID:9424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ADlVCMf.exe

Filesize
6.0MB

MD5
fcd74cccb1d3de80da4cc175dbaea737

SHA1
e057cbbf888bf9ec124f23f58d72bac04ed22ae7

SHA256
82d9debc2d9f2e46ebc33bb4b5b0ee6fff1002dab0cc069b05e7f1d461e189a1

SHA512
009cab28e668e46c9115be6791ba444be7524d0ede7d8d04fb9e5adf3b8344aab6d396b6e98b60aef6f3a687b6006d6148551410332f7669a4e1f9071611c32a

Download Submit
C:\Windows\system\BtcYixD.exe

Filesize
6.0MB

MD5
032c235d88f17524742142ff6fadace7

SHA1
d0705458930c8a6388bdbdc31ff5a076d34d9964

SHA256
9488b406cd37400b915e4029936106ca3a5c723b1d6a690b7c2c8b6305fb9add

SHA512
7c02bd8bd73b4da549994746b2b5fa612060435f188f00dba1dda2d706a02701ed1682c06be6a9f879323523f2454c1685d31beb6f58776cdcdbf2e3ed29c843

Download Submit
C:\Windows\system\CMgCSPq.exe

Filesize
6.0MB

MD5
b68a1fbb7f8c63207a30c2b16019ec99

SHA1
b0d610a10d1b1cbe13b836587c9ed70e0baf4389

SHA256
f064e95648823fde74fd49b161c8d1c16092664295cb0a99dd4eff8ae60f8b90

SHA512
4ee8ff7bc30b6b55f0907bcb55a5cc87ce1fb9f1eb6538674e6e9b803fdbd624d8e5c59d3fd8ddfea634f6c06b39c79082cb22adb528e4123b395637cf0b8b31

Download Submit
C:\Windows\system\DMGxnvN.exe

Filesize
6.0MB

MD5
0b025326f29e1ef1c14721ef3270267e

SHA1
4317b7f7e579ce40ab55ee0cdb76da6f3ed8c97f

SHA256
95d5521ca8d6378d48a514133e9f520979d730126e645085e4863813accf881c

SHA512
b1e0d7f45d84c7194eb497e39f16377dae53cdf2924adfaa9ba7034a67081cb8cebc6fc3488d352f8c86a577edcc7c4f0199ef444e2bac149e8524426cbeacd4

Download Submit
C:\Windows\system\IGBZPfI.exe

Filesize
6.0MB

MD5
d756c85f8320f4f485e23f2a74e000da

SHA1
fd172b004a82185ea4cbc3bb154a7258cb0cd670

SHA256
2b17c6d763ced271e7551ae1735caa33b22a98cc9a94c05754d557bbaf931fc3

SHA512
70f4f0ebe6459349f027149fa44174cfc4f1a35c216e7da1de0f2fb59bf8871bb059731ede17060fe2b59a0d8fc2485214177643a6fc42efafa247473acabf1f

Download Submit
C:\Windows\system\JdGJSoj.exe

Filesize
6.0MB

MD5
b9d520440d0b5d3337555407d5a3b768

SHA1
b056d763bbdafdf1bbb77634682420203478f278

SHA256
f881daa8a69bb5e9b4bc4d1a76805b863a9af9800d73e4155250c4cd1ee11447

SHA512
81672c56c120fd312b91a3a5847f488e561f5bf8c8ffdd88fce42d7707387ee49453f6d06cbe4c5624a56227c75f34e7daf1ffcef73a4af4fd2acfa6fc6df6cb

Download Submit
C:\Windows\system\LjWEUAl.exe

Filesize
6.0MB

MD5
b01d1384db61af90d4043d25e384203b

SHA1
d1fc95c67d61c00541b974db55567df54463a830

SHA256
046b13a5e0136fbc5cd8c606852ec9d0d830d6e0dc5d99c61fd1884ded3d6e7f

SHA512
35057c703650b4b250cb56eb465e3c9ae0c2b244d972c05806f9ce231a8571411cbeb3bcb971f42cb3d372403ce0e207899a87dea056236f8d65d61f92532d4a

Download Submit
C:\Windows\system\LwEAdof.exe

Filesize
6.0MB

MD5
0eba2965f1ad1a892f2b58e22535d58f

SHA1
2ed6f4ba47df5de24b074136a231eddfddd2b66f

SHA256
e29334de5f3d881708e3972b0b46696f78d1b410537e7381f0cc50f0b8dfbbb8

SHA512
068c88f9b94297317fcc2503d0a7a0b2e1827607fc87cbd1781d9bd15ec1dd86780a7f96e1b1d6d8c53b2c5f5bf5549e18acdb407ef33b264af411b7c62ab7c1

Download Submit
C:\Windows\system\MVXxXjl.exe

Filesize
6.0MB

MD5
35d076576e2e2bcdcdf89181785f74ba

SHA1
3cde30a3bee02aab3e146647b6065f962486329f

SHA256
0cf84f81f480eede6e537869359d9e1077767b591aeb8b29323d4fbdbc49af96

SHA512
e95df3008dcb973f02c3ecb77f83fd3510641f94a74970a061830bb1ffc4db1b753be78c01482c533f5ab40f836fb3b21950369858ec89ff20e3ff8a6c4b0118

Download Submit
C:\Windows\system\PUbLyCF.exe

Filesize
6.0MB

MD5
5ed0372c1313e7480ff05e6d00c3dc78

SHA1
bc09b0aded5ed07f30ff33ec1646744322b661b9

SHA256
fa044fd55097d60fe2ce65a58ff40435e9d92776a22362bb8a7f6e4d22464463

SHA512
80624f1431a13b84edf8769ab715dc00aead7cf23688451867e92b6b030d0ffb8bf6aef298b050c21aa46e5d9aa0cbb20a2739176ffc55699f18cb37e36d4cd5

Download Submit
C:\Windows\system\PdUchWJ.exe

Filesize
6.0MB

MD5
e64786e8d01f264a4004f2c7c75bd411

SHA1
228ad7fdcac5e79469fb57162e96130a4d3d7551

SHA256
8e1451ec90ef0d0811186e9d6817e2a42db7af46265b31a12905dcb6552b2725

SHA512
425a1d62618c24f1f29b34979bf05492a40068ded29d40bc91156ce9053a4f81ca75b8f64ba91ddca39999a82c4dcb3a138352f19a2b86fb2dc27f049419409d

Download Submit
C:\Windows\system\RccrLUk.exe

Filesize
6.0MB

MD5
21f2316160f85e5e1f84709ce33fbd4e

SHA1
493b011a2f29de8f59c9c9bd5e5ab8d41b738110

SHA256
cb6791665d4daa25e1020fb9a22cd763cd1c876751f8e45081af4b8ec95a3e3a

SHA512
c265f79374dbac7550b6e34fc1a121e97ff0e8857f2cbd3f187c00a43a0eb41a35dd01e2cea6100d0de8155ff1bec234090228691cea25e7a8d691726931cefc

Download Submit
C:\Windows\system\USTRfnf.exe

Filesize
6.0MB

MD5
21a63a861f977be0b6da884559f698fa

SHA1
06c5e0f46da0aa67ed04f900eb85056d1a294f19

SHA256
30d87c4664b584dc512a7662dd43a00520f2dcfc9d04c8ff9091c9e5734355d8

SHA512
264cfac156c8a4324c4c3b793d0aec6fb04b070fe7fee1349537b06201f08b87e1c4887f4a32cb84aab64cce350dc6f937eb85cd95a5a17645cbe3e0ee3cfb3e

Download Submit
C:\Windows\system\XXxGKvy.exe

Filesize
6.0MB

MD5
5d75f565c5d6a50c0c6d5f8ebd56921f

SHA1
760620f494241290a238ccac024a60b8f5e73f64

SHA256
8b911918b62c19dc281d4891da8518d7145b7b9e9aa2b344360760561bfe0de6

SHA512
d70ee8c60587d2930152cef00a6834d041463394708fbf18e0bfcbf9abaa3a047f2b6d20317d8d420d658d95fde56fb45f1d2e26a7c69a8cab435c0c3735df61

Download Submit
C:\Windows\system\aodCTVT.exe

Filesize
6.0MB

MD5
73dca15b3f585b69244f2e93f1e7b2a4

SHA1
eae8fbe7f7523bcf3cc299c33f7ac25f72e38d5d

SHA256
fbf225dbe0b07409f2e7a41c71714b77f0cfed1e755eb3d23fc4086d6ffaba9c

SHA512
c6f27376edb49df4a0c3523b92546c188b95f2abcbfe5b9ecb674342a7c304c46f1eb6475688bb93c72ee8ef283b952cb1cc4c9f7254768ebfca39dadbe054f0

Download Submit
C:\Windows\system\gDnEOTJ.exe

Filesize
6.0MB

MD5
d73b06dc42414b14f671a93776c38120

SHA1
6dbfddcc64bba4fcc911d019dc4e4614d239cc29

SHA256
c2a431a2f74567068953f43472fe7f3774f014021cf34ef79c78c02691650cef

SHA512
0e7e64c30fa131b9640a35ed5c6b1856765cc63a34173d4a54e5cdd1967007c18587120ea71838b116366d2c7d3b579f38f9b08fa3648225bc203c562a723f46

Download Submit
C:\Windows\system\ifZbhKA.exe

Filesize
6.0MB

MD5
fae052377bba42a0817b5980d58b1e7f

SHA1
0eddc8397cb04c91ba358992debad7a85e658665

SHA256
75c570f93f26cb799eb249e2ff26809694fbd2f97113ed66504a248431eabb7c

SHA512
37e7cfd594a79b592fed57a34e088e5bef1727e863e995856047ef3f02df0e8fbdcb00c8c03a81d786291cf513b7f56498082c938514092f0cc07232eee11fda

Download Submit
C:\Windows\system\jZjxten.exe

Filesize
6.0MB

MD5
c9e7e8a3f9b8c142ad8952c75f849c8b

SHA1
92e904debd50de42f46125c7d5e0f1468026a513

SHA256
340be11ada299dde6cf6a5cb1c5fe9c5be5f2023d0fa4c8d26f26a1b79253a0a

SHA512
8b4f7d4e8290d2de744b4a864aff7650264c4e8b4e7e2f36512ae7a4de7351ab222b5af3cf7920867ed0748cd9b93e4204197689c711178c0efa533602eb81bf

Download Submit
C:\Windows\system\lHeAMRA.exe

Filesize
6.0MB

MD5
1d7a65661dea539ea2f6c9e6617897a7

SHA1
c3957e5a68473ca94007ef7fad08436c6f9a1105

SHA256
c7d0acfd9d768fcb275f1af4a01848996e3002fd4adec5aa6838938478132aae

SHA512
666fcf6636241c81bd4f7444c6227f80f8431b5df6e853f30434028460359bca4248615da4c8f00473c3e0743e7cb608dd49d233125a1bf610fa1016e563db9a

Download Submit
C:\Windows\system\lqvqniq.exe

Filesize
6.0MB

MD5
c90992621949068d04e136c8a03ef768

SHA1
885ad498af44cab13a4f62447f8fd5bdede7b71b

SHA256
600c08311302ba3dbb16cb30dda656b9a6cdef6e13406498c4e0ec5a53e82248

SHA512
3035f2bd1c8bd569bc84499d77e46fa66da7176640966b172096af8e88eb5baceefc0f73ede6593a6e2d46caa37771bda61692ef1100d1d9b489e4a4dc20f1e1

Download Submit
C:\Windows\system\nyCjjKn.exe

Filesize
6.0MB

MD5
a82d5bd53180c063f79ebecaa2e231f7

SHA1
77c86cda33245a62c289a4a13f97e3fa1d8f473e

SHA256
d99b4aee50d40c0a20b2fa170204642a6c55a1ae30b0f90f8659fb829343047e

SHA512
e0a3971cc0d889ca937b90600672a568d36c87b5186eee4486d6bf40bb6122e07d185c3a99ee86a2392e20103cc44933dfaec52c51a37e3666aac5cd7bae8f32

Download Submit
C:\Windows\system\pJdmhLQ.exe

Filesize
6.0MB

MD5
9281574ffe6909ff4654b658dfb5c5be

SHA1
bcf949c9e23e599a25a2ac33694d989c76a4779b

SHA256
220a30bc71366b04ca9ad1f554f3756ef1dd7508d2b8309aa1aea5aabb2c5819

SHA512
2181bb1fc0ebba48a9fb8033580492f687b39d40f946ab57182fc4179c719fc77143941152d5998783c8fb8de80cb2a3609e161900d97c0d643157ccaff9bb9d

Download Submit
C:\Windows\system\sRpIIbH.exe

Filesize
6.0MB

MD5
a923c2e3f0ec6aa06b8dd631ab4c4d7f

SHA1
17601ea5cd24548ae5e41371d0e3afe0e8548222

SHA256
0c07dacdd87c72275bb1686c9ec8871804f9874897212c76f9e9f7a9aa001de6

SHA512
09ed0c35a5fe60b421485d5faf49fff3687abf40709d0a5383019181c4cee7334e245955e7979915b28ce9e6b59ea51d3eacea5ff8c13e0c865377ecb02699fb

Download Submit
C:\Windows\system\tAWyaYl.exe

Filesize
6.0MB

MD5
dd227e11f9d26b338035b2031cd851dc

SHA1
813cf66f601332af8a626f09c17571724fa43e1a

SHA256
926873f74a0102b44b7885fa672828098ffa477813f0a656e42477c9658e58fc

SHA512
766e656e83f070134f5605bac34252b4839c1e920a83a0d9aa60923c89085bced788a72eb7a7f22d7ab145ac4e7215751fc5ee7f8275fc87f003327ab0b03d93

Download Submit
C:\Windows\system\tgvLbXT.exe

Filesize
6.0MB

MD5
17f67f58509abb364e50158620ba44bd

SHA1
a4434077fdfa13486b626da206074111b32a1f4b

SHA256
89e0b3d24f3f10af4d3a0819dda7dadb6bcadaba2a98e65f913e24ff077964e2

SHA512
68a0a72c10180553a580090f007ff4828e61de68afc50acf0abd648afaa2c50a77db8e75e34e669488e2043bb1a30cfa2986b31ad4d9535b6be151d001815ce0

Download Submit
C:\Windows\system\vTtBlBV.exe

Filesize
6.0MB

MD5
07453a194b4f0f6a5cd9ebd3b08f1f5b

SHA1
3c1a201265e82df8ce5834159dc84d71e69833c0

SHA256
43e6594eca5a4a0045e52b7fe2136843ee7baf5bd5e3ca259f68b0caf809e906

SHA512
373ccec52a6d00c1daa39ca400f1a9da9cabea1782f54d7879e89dd544b6900b2fb761a53c1f4a511675ceb4cc2062da97408374edb4a3c2eb1e6992f33d480a

Download Submit
\Windows\system\CcCujKU.exe

Filesize
6.0MB

MD5
eedfda6e24decf20c8c1702b1dc5a0f1

SHA1
33d2df7ec6388eb0d59bfb9b28ecd1105b3a4ea0

SHA256
43f070b8276352c782c2c9e8baa236f8dd080c3142d88ea456c500ea00cde9e5

SHA512
990af1aeefcab98bff6386bf4ecfad9d3e44c84c352534577bdec285e463931d7bb6142735dfab5592eeec8d41b14d9a1f125ce10fa5c1851632ce9c76ae886c

Download Submit
\Windows\system\GOhaXbj.exe

Filesize
6.0MB

MD5
1687f96754b95720c0165e8a0ecf0247

SHA1
ad20ac7f4a9d47a5ce6c7d38b9df25682197bd09

SHA256
2fc04ff017da0acb64d7e5f4d56f8f655050a440485efb08ab85ea9589e4462e

SHA512
4921b53b8abc9a069b280d5b29ff788a0473b71be7b7abb6e8347ae0fd5ea0d1bba6fa84602243bddceb93a92eea8bcc561ff500aa9809606b57b4bfb84988db

Download Submit
\Windows\system\RpVBoFd.exe

Filesize
6.0MB

MD5
a715d97eda72a437ac12a2b5a0b2be06

SHA1
1ed15e9134c6a18a783fbb2ce7172bb601f2cd5e

SHA256
82c307c998bd202b4d7b2d7474d71f6e08a6b8d84e16d0eaebbea28c571198ba

SHA512
cf08b198068d8356a8c66a99ce8b255464ce2338f2de2a421baf1518517791ba2bee5d357399dd24cb8c4d3cbcffd0e7d66c5d8a0a22f45d6e7547b77dd56abc

Download Submit
\Windows\system\RtcQVbM.exe

Filesize
6.0MB

MD5
720785489cfdce59898ef09bd51626dc

SHA1
c6e0ec3c8f35dfb55f6f91cfaad11902b0858753

SHA256
10afddd4ab334ce25d725c8d3749102d1bf9889ea03bdc1c876de14739ede695

SHA512
bd14297cce9c2bdf9725bf4c0b9e853f972bacb7d448617b4ba0430fd8ff7e3a156f8b61bb07498cfcfe23042c6f3c4a5d7d1e5cf6006a6da42e2e06440d0b44

Download Submit
\Windows\system\cbnErSX.exe

Filesize
6.0MB

MD5
83465484974cdb017b61719dc18c65ce

SHA1
49de4a5884a195d40f140bd4f234502651670bcd

SHA256
89175be5ae144ad3df4458039e75c7cb2f9990b3216a6a01ce5a548fdd9b3cd0

SHA512
e52a2bc5a65d8ed81af00af4900a4972d634cb0a8bd16df0a9a23b1507a2c237cc5364c6a56f3d4d5259b69e7b85ad2c71a7206cfd843da78b87b769def9e42f

Download Submit
\Windows\system\flTqTqW.exe

Filesize
6.0MB

MD5
0b46557bc2901db5c045224db4027673

SHA1
e78a51ca1ea24396f8ddb03b4142ebe08ea55cec

SHA256
f9afd586d114501f916ab25e7b343e73a3cfdbfc6cf69341e0f3d8302bd5e4b1

SHA512
5382fbc50cffa1d1f2dd9dbc7b03adb232646c176175a623a239fffeaf2762906a8ef82aee20aa5fe9d0fc87ab3fcb210f2306587edd373f9266add32b0d346d

Download Submit
\Windows\system\fuNFtxA.exe

Filesize
6.0MB

MD5
b7a184cbc3192941c2bba5e6e1129355

SHA1
78a365dbe9291cafc4726675575d2c0ee9890d8a

SHA256
0d549e1b39985423e9c5189ba218b587da3af464d8e60c7353d97e4f17cc9fe4

SHA512
3019979b75dbd8cd0ed1855d5c5e0a0195ba1a39618e7d098f02cb2745c8ff6541d8da19e939551c704b7bb6c831f183e20550417b60b65097aab8c63d79f332

Download Submit
\Windows\system\sIzfWUv.exe

Filesize
6.0MB

MD5
aa7e76f13806848a2e9471a3079dcc1f

SHA1
cceb89b84107f7707dcfeb2591cc3ba5e746136f

SHA256
526f82b3c42ab81e5053653907ce4357529e9dd28005e86e68629da6497c21c9

SHA512
119efaa6400349fe5f99ce6486f9ab06e72048060f05611202e6d99e85bde9fc99c055716a7935ef0606492af39d96b482a374211ef1742474dd300a95ec7e27

Download Submit
memory/304-105-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/488-65-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/772-25-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/996-94-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1280-21-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/1340-98-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1340-1018-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-24-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2608-92-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2648-106-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2700-85-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2700-28-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2700-3974-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2724-58-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-50-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3969-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-39-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2908-108-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2908-42-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2908-3993-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/3048-96-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-95-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/3048-16-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/3048-73-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-90-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/3048-89-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-76-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/3048-19-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/3048-52-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-40-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-49-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-38-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/3048-26-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-57-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-0-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-1017-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/3048-888-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-664-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-663-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download