cobaltstrike | 00c15f6c67bf64655f5b367e31f4f03b146ba971b3a6e10a1687104fbe3c1f4a

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 03:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

40b4ced36901f818b93e438a68c9b8d0
SHA1

2a4a74d4797f7ee5a55e671a1dabdf1e98174e8a
SHA256

00c15f6c67bf64655f5b367e31f4f03b146ba971b3a6e10a1687104fbe3c1f4a
SHA512

79c11c86e9e4f31ba158482af56e4d6f0822ee63aab01d1b4950d5b87c9e0074c3bdca7beb26cfd339054732caad8154c13650400362c859561bbc643a056fea
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUp:T+q56utgpPF8u/7p

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012263-3.dat	cobalt_reflective_dll
behavioral1/files/0x0038000000017021-14.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186bf-23.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938a-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946b-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019551-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fb-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fd-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f9-172.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f7-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c0-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019581-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001955c-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e6-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e4-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-128.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c6-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001949d-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019481-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941b-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019429-96.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939c-95.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001932a-61.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018703-55.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000186d8-47.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c9-38.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c5-33.dat	cobalt_reflective_dll
behavioral1/files/0x0033000000018650-22.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1824-0-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x000a000000012263-3.dat	xmrig
behavioral1/memory/1824-6-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/files/0x0038000000017021-14.dat	xmrig
behavioral1/files/0x00060000000186bf-23.dat	xmrig
behavioral1/memory/2120-29-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2984-35-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2688-50-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001938a-69.dat	xmrig
behavioral1/files/0x0005000000019377-65.dat	xmrig
behavioral1/memory/2716-105-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x000500000001946b-108.dat	xmrig
behavioral1/files/0x0005000000019551-144.dat	xmrig
behavioral1/files/0x00050000000195fb-168.dat	xmrig
behavioral1/memory/1824-692-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/1824-528-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2312-401-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2688-273-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195fd-173.dat	xmrig
behavioral1/files/0x00050000000195f9-172.dat	xmrig
behavioral1/files/0x00050000000195f7-160.dat	xmrig
behavioral1/files/0x00050000000195c0-156.dat	xmrig
behavioral1/files/0x0005000000019581-152.dat	xmrig
behavioral1/files/0x000500000001955c-148.dat	xmrig
behavioral1/files/0x00050000000194e6-140.dat	xmrig
behavioral1/files/0x00050000000194e4-137.dat	xmrig
behavioral1/files/0x00050000000194da-132.dat	xmrig
behavioral1/files/0x00050000000194d0-128.dat	xmrig
behavioral1/files/0x00050000000194c6-124.dat	xmrig
behavioral1/files/0x000500000001949d-120.dat	xmrig
behavioral1/files/0x0005000000019490-116.dat	xmrig
behavioral1/files/0x0005000000019481-112.dat	xmrig
behavioral1/memory/2264-104-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/1496-103-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2028-102-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/1448-101-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2136-100-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x000500000001941b-81.dat	xmrig
behavioral1/memory/828-76-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/files/0x000500000001938e-73.dat	xmrig
behavioral1/memory/2120-68-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/files/0x0005000000019429-96.dat	xmrig
behavioral1/files/0x000500000001939c-95.dat	xmrig
behavioral1/memory/2984-90-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/1824-79-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2872-64-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/files/0x000600000001932a-61.dat	xmrig
behavioral1/memory/2900-58-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2312-57-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/files/0x0008000000018703-55.dat	xmrig
behavioral1/memory/1824-49-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/1824-41-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2716-40-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x00090000000186d8-47.dat	xmrig
behavioral1/files/0x00060000000186c9-38.dat	xmrig
behavioral1/files/0x00060000000186c5-33.dat	xmrig
behavioral1/memory/2828-27-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2872-26-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2900-19-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x0033000000018650-22.dat	xmrig
behavioral1/memory/2312-3221-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2136-4316-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/1448-4317-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2028-4318-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2900	pEsowEV.exe
2872	hXekuzc.exe
2828	GQrSEez.exe
2120	npJAzAd.exe
2984	TlYXoPt.exe
2716	yECdLyk.exe
2688	oNnlRHr.exe
2312	wlQHWvx.exe
828	ixtGmwO.exe
2136	Rngieua.exe
1448	dBphHiM.exe
2028	DatYAhB.exe
1496	mOXNmMU.exe
2264	YyxxgfD.exe
2328	OmUknjq.exe
2996	rUsTqcJ.exe
1864	ROgpRIB.exe
2180	xiwhRCG.exe
1956	ioSvbyN.exe
1900	NjuaqVG.exe
1744	JEvTATg.exe
332	NRLhsfu.exe
1200	DeQeeUU.exe
1480	pwVzZgU.exe
2652	gyUjzfY.exe
2472	ACLIRlk.exe
2416	oCpqDkG.exe
2160	upqGnHP.exe
2468	QLdFwxk.exe
1284	bubOTNx.exe
548	OnFvxYh.exe
624	jRjqfDj.exe
1716	QXDjnsG.exe
2480	SYriLYp.exe
2460	eDwBvMX.exe
1976	ESXYqNC.exe
468	vjYVipy.exe
1376	HzLCyHf.exe
1752	LamoPMy.exe
1044	ikSgRap.exe
1508	xcZBfpM.exe
1772	rROgmRH.exe
1644	RfiQaDr.exe
1676	JHDqTNm.exe
2528	UEvnQBK.exe
352	QdWwHMf.exe
608	kRMhEkm.exe
572	acgpwjr.exe
832	JiiuoaC.exe
1224	yqOjsJY.exe
2760	IoOyoEr.exe
1724	kmdVETb.exe
1592	guDkJFT.exe
1708	rlYkkFQ.exe
2492	FRmTomE.exe
2352	cfRUyCN.exe
1788	IFcSOfx.exe
2372	ehRFPFJ.exe
1820	lpbaySA.exe
1748	IayJcYu.exe
872	qdWZikf.exe
1816	vIiOxlP.exe
2004	BTrBgpk.exe
1548	IWILAFc.exe

Loads dropped DLL 64 IoCs

pid	Process
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1824-0-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x000a000000012263-3.dat	upx
behavioral1/files/0x0038000000017021-14.dat	upx
behavioral1/files/0x00060000000186bf-23.dat	upx
behavioral1/memory/2120-29-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2984-35-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2688-50-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x000500000001938a-69.dat	upx
behavioral1/files/0x0005000000019377-65.dat	upx
behavioral1/memory/2716-105-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x000500000001946b-108.dat	upx
behavioral1/files/0x0005000000019551-144.dat	upx
behavioral1/files/0x00050000000195fb-168.dat	upx
behavioral1/memory/2312-401-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2688-273-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x00050000000195fd-173.dat	upx
behavioral1/files/0x00050000000195f9-172.dat	upx
behavioral1/files/0x00050000000195f7-160.dat	upx
behavioral1/files/0x00050000000195c0-156.dat	upx
behavioral1/files/0x0005000000019581-152.dat	upx
behavioral1/files/0x000500000001955c-148.dat	upx
behavioral1/files/0x00050000000194e6-140.dat	upx
behavioral1/files/0x00050000000194e4-137.dat	upx
behavioral1/files/0x00050000000194da-132.dat	upx
behavioral1/files/0x00050000000194d0-128.dat	upx
behavioral1/files/0x00050000000194c6-124.dat	upx
behavioral1/files/0x000500000001949d-120.dat	upx
behavioral1/files/0x0005000000019490-116.dat	upx
behavioral1/files/0x0005000000019481-112.dat	upx
behavioral1/memory/2264-104-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/1496-103-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2028-102-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/1448-101-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2136-100-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x000500000001941b-81.dat	upx
behavioral1/memory/828-76-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/files/0x000500000001938e-73.dat	upx
behavioral1/memory/2120-68-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/files/0x0005000000019429-96.dat	upx
behavioral1/files/0x000500000001939c-95.dat	upx
behavioral1/memory/2984-90-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2872-64-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/files/0x000600000001932a-61.dat	upx
behavioral1/memory/2900-58-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2312-57-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/files/0x0008000000018703-55.dat	upx
behavioral1/memory/1824-41-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2716-40-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x00090000000186d8-47.dat	upx
behavioral1/files/0x00060000000186c9-38.dat	upx
behavioral1/files/0x00060000000186c5-33.dat	upx
behavioral1/memory/2828-27-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2872-26-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2900-19-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x0033000000018650-22.dat	upx
behavioral1/memory/2312-3221-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2136-4316-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/1448-4317-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2028-4318-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/1496-4319-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2264-4320-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BLthjlF.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbGrraJ.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SFzPXUn.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HDoAEiG.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XrHymsM.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BocYVgZ.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lJSBRJB.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IFcSOfx.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgbDNzd.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Arwyged.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gXOosai.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxhzVvx.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FWVyGRl.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\teVfsfH.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dmuzzvO.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BijHwkf.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jBnRszA.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CDjrsNB.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qkXzrwz.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dCeSktv.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQIRuWP.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SDrUCrg.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PePMHRR.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kocEqCS.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Midfriq.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eNzrFtO.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ERSkIYf.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ufVUHVx.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uiOCvop.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vWySWEY.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\psRgHEI.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JJJRRfM.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfrcqYL.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iNiCdPx.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cbsbHsJ.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RWIQEIy.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TDWOblz.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zDlfxSZ.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ogyTFkX.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owUpydY.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uGljsOg.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wCkEdPJ.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PPeEltG.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rfvIpaS.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\quEHPZP.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ymdymYP.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ynfvyby.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FJajgZB.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aOpqaXW.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tavcfDP.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kjxUpbr.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxJKgkj.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xjnAuvK.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dlvqfZh.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rBnNjPW.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNWSDWs.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tGYjfPP.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wkAhsSK.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wlQHWvx.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PdqQcKw.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KYLWVNz.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qXTlcii.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwHmTHs.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oIRwdDV.exe	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1824 wrote to memory of 2872	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1824 wrote to memory of 2872	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1824 wrote to memory of 2872	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1824 wrote to memory of 2900	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1824 wrote to memory of 2900	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1824 wrote to memory of 2900	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1824 wrote to memory of 2828	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1824 wrote to memory of 2828	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1824 wrote to memory of 2828	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1824 wrote to memory of 2120	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1824 wrote to memory of 2120	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1824 wrote to memory of 2120	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1824 wrote to memory of 2984	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1824 wrote to memory of 2984	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1824 wrote to memory of 2984	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1824 wrote to memory of 2716	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1824 wrote to memory of 2716	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1824 wrote to memory of 2716	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1824 wrote to memory of 2688	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1824 wrote to memory of 2688	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1824 wrote to memory of 2688	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1824 wrote to memory of 2312	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1824 wrote to memory of 2312	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1824 wrote to memory of 2312	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1824 wrote to memory of 828	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1824 wrote to memory of 828	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1824 wrote to memory of 828	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1824 wrote to memory of 1496	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1824 wrote to memory of 1496	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1824 wrote to memory of 1496	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1824 wrote to memory of 2136	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1824 wrote to memory of 2136	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1824 wrote to memory of 2136	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1824 wrote to memory of 2264	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1824 wrote to memory of 2264	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1824 wrote to memory of 2264	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1824 wrote to memory of 1448	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1824 wrote to memory of 1448	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1824 wrote to memory of 1448	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1824 wrote to memory of 2328	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1824 wrote to memory of 2328	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1824 wrote to memory of 2328	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1824 wrote to memory of 2028	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1824 wrote to memory of 2028	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1824 wrote to memory of 2028	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1824 wrote to memory of 2996	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1824 wrote to memory of 2996	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1824 wrote to memory of 2996	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1824 wrote to memory of 1864	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1824 wrote to memory of 1864	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1824 wrote to memory of 1864	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1824 wrote to memory of 2180	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1824 wrote to memory of 2180	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1824 wrote to memory of 2180	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1824 wrote to memory of 1956	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1824 wrote to memory of 1956	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1824 wrote to memory of 1956	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1824 wrote to memory of 1900	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1824 wrote to memory of 1900	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1824 wrote to memory of 1900	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1824 wrote to memory of 1744	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1824 wrote to memory of 1744	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1824 wrote to memory of 1744	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1824 wrote to memory of 332	1824	2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_40b4ced36901f818b93e438a68c9b8d0_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Windows\System\hXekuzc.exe
  C:\Windows\System\hXekuzc.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\pEsowEV.exe
  C:\Windows\System\pEsowEV.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\GQrSEez.exe
  C:\Windows\System\GQrSEez.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\npJAzAd.exe
  C:\Windows\System\npJAzAd.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\TlYXoPt.exe
  C:\Windows\System\TlYXoPt.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\yECdLyk.exe
  C:\Windows\System\yECdLyk.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\oNnlRHr.exe
  C:\Windows\System\oNnlRHr.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\wlQHWvx.exe
  C:\Windows\System\wlQHWvx.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\ixtGmwO.exe
  C:\Windows\System\ixtGmwO.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\mOXNmMU.exe
  C:\Windows\System\mOXNmMU.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\Rngieua.exe
  C:\Windows\System\Rngieua.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\YyxxgfD.exe
  C:\Windows\System\YyxxgfD.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\dBphHiM.exe
  C:\Windows\System\dBphHiM.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\OmUknjq.exe
  C:\Windows\System\OmUknjq.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\DatYAhB.exe
  C:\Windows\System\DatYAhB.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\rUsTqcJ.exe
  C:\Windows\System\rUsTqcJ.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\ROgpRIB.exe
  C:\Windows\System\ROgpRIB.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\xiwhRCG.exe
  C:\Windows\System\xiwhRCG.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\ioSvbyN.exe
  C:\Windows\System\ioSvbyN.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\NjuaqVG.exe
  C:\Windows\System\NjuaqVG.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\JEvTATg.exe
  C:\Windows\System\JEvTATg.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\NRLhsfu.exe
  C:\Windows\System\NRLhsfu.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\DeQeeUU.exe
  C:\Windows\System\DeQeeUU.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\pwVzZgU.exe
  C:\Windows\System\pwVzZgU.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\gyUjzfY.exe
  C:\Windows\System\gyUjzfY.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\ACLIRlk.exe
  C:\Windows\System\ACLIRlk.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\oCpqDkG.exe
  C:\Windows\System\oCpqDkG.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\upqGnHP.exe
  C:\Windows\System\upqGnHP.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\QLdFwxk.exe
  C:\Windows\System\QLdFwxk.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\OnFvxYh.exe
  C:\Windows\System\OnFvxYh.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\bubOTNx.exe
  C:\Windows\System\bubOTNx.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\jRjqfDj.exe
  C:\Windows\System\jRjqfDj.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\QXDjnsG.exe
  C:\Windows\System\QXDjnsG.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\SYriLYp.exe
  C:\Windows\System\SYriLYp.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\eDwBvMX.exe
  C:\Windows\System\eDwBvMX.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\ESXYqNC.exe
  C:\Windows\System\ESXYqNC.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\vjYVipy.exe
  C:\Windows\System\vjYVipy.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\HzLCyHf.exe
  C:\Windows\System\HzLCyHf.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\LamoPMy.exe
  C:\Windows\System\LamoPMy.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\ikSgRap.exe
  C:\Windows\System\ikSgRap.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\xcZBfpM.exe
  C:\Windows\System\xcZBfpM.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\rROgmRH.exe
  C:\Windows\System\rROgmRH.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\RfiQaDr.exe
  C:\Windows\System\RfiQaDr.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\UEvnQBK.exe
  C:\Windows\System\UEvnQBK.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\JHDqTNm.exe
  C:\Windows\System\JHDqTNm.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\QdWwHMf.exe
  C:\Windows\System\QdWwHMf.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\kRMhEkm.exe
  C:\Windows\System\kRMhEkm.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\acgpwjr.exe
  C:\Windows\System\acgpwjr.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\JiiuoaC.exe
  C:\Windows\System\JiiuoaC.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\yqOjsJY.exe
  C:\Windows\System\yqOjsJY.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\IoOyoEr.exe
  C:\Windows\System\IoOyoEr.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\kmdVETb.exe
  C:\Windows\System\kmdVETb.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\guDkJFT.exe
  C:\Windows\System\guDkJFT.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\rlYkkFQ.exe
  C:\Windows\System\rlYkkFQ.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\FRmTomE.exe
  C:\Windows\System\FRmTomE.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\cfRUyCN.exe
  C:\Windows\System\cfRUyCN.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\IFcSOfx.exe
  C:\Windows\System\IFcSOfx.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\ehRFPFJ.exe
  C:\Windows\System\ehRFPFJ.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\lpbaySA.exe
  C:\Windows\System\lpbaySA.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\IayJcYu.exe
  C:\Windows\System\IayJcYu.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\qdWZikf.exe
  C:\Windows\System\qdWZikf.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\vIiOxlP.exe
  C:\Windows\System\vIiOxlP.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\BTrBgpk.exe
  C:\Windows\System\BTrBgpk.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\IWILAFc.exe
  C:\Windows\System\IWILAFc.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\uZyzLQr.exe
  C:\Windows\System\uZyzLQr.exe
  2⤵
  PID:1564
- C:\Windows\System\ahxQNsk.exe
  C:\Windows\System\ahxQNsk.exe
  2⤵
  PID:2824
- C:\Windows\System\hcbYhKe.exe
  C:\Windows\System\hcbYhKe.exe
  2⤵
  PID:2892
- C:\Windows\System\cWnRhsK.exe
  C:\Windows\System\cWnRhsK.exe
  2⤵
  PID:2916
- C:\Windows\System\ajiqTGF.exe
  C:\Windows\System\ajiqTGF.exe
  2⤵
  PID:2932
- C:\Windows\System\jpuIYOp.exe
  C:\Windows\System\jpuIYOp.exe
  2⤵
  PID:2748
- C:\Windows\System\QRzQDOS.exe
  C:\Windows\System\QRzQDOS.exe
  2⤵
  PID:2052
- C:\Windows\System\takbCvC.exe
  C:\Windows\System\takbCvC.exe
  2⤵
  PID:648
- C:\Windows\System\YAYXYyu.exe
  C:\Windows\System\YAYXYyu.exe
  2⤵
  PID:2148
- C:\Windows\System\kwcMjIP.exe
  C:\Windows\System\kwcMjIP.exe
  2⤵
  PID:2024
- C:\Windows\System\vQVqWut.exe
  C:\Windows\System\vQVqWut.exe
  2⤵
  PID:2580
- C:\Windows\System\rIbqJoL.exe
  C:\Windows\System\rIbqJoL.exe
  2⤵
  PID:2660
- C:\Windows\System\aeUCEgM.exe
  C:\Windows\System\aeUCEgM.exe
  2⤵
  PID:320
- C:\Windows\System\adSbgfj.exe
  C:\Windows\System\adSbgfj.exe
  2⤵
  PID:1440
- C:\Windows\System\KJYGBDD.exe
  C:\Windows\System\KJYGBDD.exe
  2⤵
  PID:1596
- C:\Windows\System\ZbHjDuV.exe
  C:\Windows\System\ZbHjDuV.exe
  2⤵
  PID:1064
- C:\Windows\System\egbrvTk.exe
  C:\Windows\System\egbrvTk.exe
  2⤵
  PID:2268
- C:\Windows\System\SKwemzu.exe
  C:\Windows\System\SKwemzu.exe
  2⤵
  PID:2240
- C:\Windows\System\DtPDHBK.exe
  C:\Windows\System\DtPDHBK.exe
  2⤵
  PID:2084
- C:\Windows\System\LaJTLyd.exe
  C:\Windows\System\LaJTLyd.exe
  2⤵
  PID:1116
- C:\Windows\System\YPnrrjr.exe
  C:\Windows\System\YPnrrjr.exe
  2⤵
  PID:2248
- C:\Windows\System\mXuXKib.exe
  C:\Windows\System\mXuXKib.exe
  2⤵
  PID:944
- C:\Windows\System\AHHkamU.exe
  C:\Windows\System\AHHkamU.exe
  2⤵
  PID:268
- C:\Windows\System\qvIIeJO.exe
  C:\Windows\System\qvIIeJO.exe
  2⤵
  PID:2756
- C:\Windows\System\aPqqrxg.exe
  C:\Windows\System\aPqqrxg.exe
  2⤵
  PID:1964
- C:\Windows\System\HoNxEjI.exe
  C:\Windows\System\HoNxEjI.exe
  2⤵
  PID:796
- C:\Windows\System\rjcjxmX.exe
  C:\Windows\System\rjcjxmX.exe
  2⤵
  PID:756
- C:\Windows\System\iwYDNUM.exe
  C:\Windows\System\iwYDNUM.exe
  2⤵
  PID:688
- C:\Windows\System\tzcvCtM.exe
  C:\Windows\System\tzcvCtM.exe
  2⤵
  PID:2592
- C:\Windows\System\bTHKjUK.exe
  C:\Windows\System\bTHKjUK.exe
  2⤵
  PID:2608
- C:\Windows\System\mCiSYeK.exe
  C:\Windows\System\mCiSYeK.exe
  2⤵
  PID:2304
- C:\Windows\System\XemjIai.exe
  C:\Windows\System\XemjIai.exe
  2⤵
  PID:2992
- C:\Windows\System\XfwdWlH.exe
  C:\Windows\System\XfwdWlH.exe
  2⤵
  PID:1032
- C:\Windows\System\FJWGGIX.exe
  C:\Windows\System\FJWGGIX.exe
  2⤵
  PID:1992
- C:\Windows\System\EiRfcEQ.exe
  C:\Windows\System\EiRfcEQ.exe
  2⤵
  PID:1936
- C:\Windows\System\PJBsssZ.exe
  C:\Windows\System\PJBsssZ.exe
  2⤵
  PID:1680
- C:\Windows\System\sbxzibO.exe
  C:\Windows\System\sbxzibO.exe
  2⤵
  PID:2884
- C:\Windows\System\xPITevG.exe
  C:\Windows\System\xPITevG.exe
  2⤵
  PID:2504
- C:\Windows\System\LOwMCow.exe
  C:\Windows\System\LOwMCow.exe
  2⤵
  PID:2732
- C:\Windows\System\mkfpFeI.exe
  C:\Windows\System\mkfpFeI.exe
  2⤵
  PID:2140
- C:\Windows\System\ilCulZD.exe
  C:\Windows\System\ilCulZD.exe
  2⤵
  PID:1248
- C:\Windows\System\tCnIZYe.exe
  C:\Windows\System\tCnIZYe.exe
  2⤵
  PID:2168
- C:\Windows\System\jBnaUBi.exe
  C:\Windows\System\jBnaUBi.exe
  2⤵
  PID:1328
- C:\Windows\System\DbwStzd.exe
  C:\Windows\System\DbwStzd.exe
  2⤵
  PID:2552
- C:\Windows\System\tQzqMUE.exe
  C:\Windows\System\tQzqMUE.exe
  2⤵
  PID:3084
- C:\Windows\System\QMdYFtX.exe
  C:\Windows\System\QMdYFtX.exe
  2⤵
  PID:3100
- C:\Windows\System\pPsaciI.exe
  C:\Windows\System\pPsaciI.exe
  2⤵
  PID:3116
- C:\Windows\System\UhbbGDD.exe
  C:\Windows\System\UhbbGDD.exe
  2⤵
  PID:3132
- C:\Windows\System\UDlPIVm.exe
  C:\Windows\System\UDlPIVm.exe
  2⤵
  PID:3148
- C:\Windows\System\emMkljS.exe
  C:\Windows\System\emMkljS.exe
  2⤵
  PID:3164
- C:\Windows\System\IcNrBcG.exe
  C:\Windows\System\IcNrBcG.exe
  2⤵
  PID:3180
- C:\Windows\System\UQxBgAc.exe
  C:\Windows\System\UQxBgAc.exe
  2⤵
  PID:3196
- C:\Windows\System\kLfiKnT.exe
  C:\Windows\System\kLfiKnT.exe
  2⤵
  PID:3212
- C:\Windows\System\hqwdofC.exe
  C:\Windows\System\hqwdofC.exe
  2⤵
  PID:3228
- C:\Windows\System\eeADMyX.exe
  C:\Windows\System\eeADMyX.exe
  2⤵
  PID:3244
- C:\Windows\System\oGSdyQd.exe
  C:\Windows\System\oGSdyQd.exe
  2⤵
  PID:3260
- C:\Windows\System\yjObCzN.exe
  C:\Windows\System\yjObCzN.exe
  2⤵
  PID:3276
- C:\Windows\System\qxDAEBZ.exe
  C:\Windows\System\qxDAEBZ.exe
  2⤵
  PID:3292
- C:\Windows\System\tTclZft.exe
  C:\Windows\System\tTclZft.exe
  2⤵
  PID:3308
- C:\Windows\System\gTWrHeR.exe
  C:\Windows\System\gTWrHeR.exe
  2⤵
  PID:3324
- C:\Windows\System\ytuvDwl.exe
  C:\Windows\System\ytuvDwl.exe
  2⤵
  PID:3340
- C:\Windows\System\YgeZUPw.exe
  C:\Windows\System\YgeZUPw.exe
  2⤵
  PID:3356
- C:\Windows\System\OhWJIdi.exe
  C:\Windows\System\OhWJIdi.exe
  2⤵
  PID:3372
- C:\Windows\System\lEVJaSK.exe
  C:\Windows\System\lEVJaSK.exe
  2⤵
  PID:3388
- C:\Windows\System\GQPlOUJ.exe
  C:\Windows\System\GQPlOUJ.exe
  2⤵
  PID:3404
- C:\Windows\System\wahRkkd.exe
  C:\Windows\System\wahRkkd.exe
  2⤵
  PID:3420
- C:\Windows\System\WPBSfDO.exe
  C:\Windows\System\WPBSfDO.exe
  2⤵
  PID:3436
- C:\Windows\System\wQuoFPn.exe
  C:\Windows\System\wQuoFPn.exe
  2⤵
  PID:3452
- C:\Windows\System\wjWiFem.exe
  C:\Windows\System\wjWiFem.exe
  2⤵
  PID:3468
- C:\Windows\System\nMzZnSl.exe
  C:\Windows\System\nMzZnSl.exe
  2⤵
  PID:3484
- C:\Windows\System\MCuxHUY.exe
  C:\Windows\System\MCuxHUY.exe
  2⤵
  PID:3500
- C:\Windows\System\cmOMhIw.exe
  C:\Windows\System\cmOMhIw.exe
  2⤵
  PID:3516
- C:\Windows\System\ZWvJobE.exe
  C:\Windows\System\ZWvJobE.exe
  2⤵
  PID:3532
- C:\Windows\System\jKlyEJu.exe
  C:\Windows\System\jKlyEJu.exe
  2⤵
  PID:3548
- C:\Windows\System\qjulufx.exe
  C:\Windows\System\qjulufx.exe
  2⤵
  PID:3564
- C:\Windows\System\lcJKkot.exe
  C:\Windows\System\lcJKkot.exe
  2⤵
  PID:3580
- C:\Windows\System\sXpfsIQ.exe
  C:\Windows\System\sXpfsIQ.exe
  2⤵
  PID:3596
- C:\Windows\System\qQIgjnm.exe
  C:\Windows\System\qQIgjnm.exe
  2⤵
  PID:3612
- C:\Windows\System\FSYRgUv.exe
  C:\Windows\System\FSYRgUv.exe
  2⤵
  PID:3628
- C:\Windows\System\EqOojOB.exe
  C:\Windows\System\EqOojOB.exe
  2⤵
  PID:3648
- C:\Windows\System\enMfimR.exe
  C:\Windows\System\enMfimR.exe
  2⤵
  PID:3668
- C:\Windows\System\QJgYqdy.exe
  C:\Windows\System\QJgYqdy.exe
  2⤵
  PID:3684
- C:\Windows\System\aUbEolY.exe
  C:\Windows\System\aUbEolY.exe
  2⤵
  PID:3700
- C:\Windows\System\anpfiBv.exe
  C:\Windows\System\anpfiBv.exe
  2⤵
  PID:3716
- C:\Windows\System\suabRsP.exe
  C:\Windows\System\suabRsP.exe
  2⤵
  PID:3732
- C:\Windows\System\iKWiZYC.exe
  C:\Windows\System\iKWiZYC.exe
  2⤵
  PID:3748
- C:\Windows\System\tSzUPYK.exe
  C:\Windows\System\tSzUPYK.exe
  2⤵
  PID:3764
- C:\Windows\System\BWiyqHf.exe
  C:\Windows\System\BWiyqHf.exe
  2⤵
  PID:3780
- C:\Windows\System\wdOYkyP.exe
  C:\Windows\System\wdOYkyP.exe
  2⤵
  PID:3796
- C:\Windows\System\DSqpjCQ.exe
  C:\Windows\System\DSqpjCQ.exe
  2⤵
  PID:3812
- C:\Windows\System\zqZtndA.exe
  C:\Windows\System\zqZtndA.exe
  2⤵
  PID:3828
- C:\Windows\System\ZNbOBfG.exe
  C:\Windows\System\ZNbOBfG.exe
  2⤵
  PID:3844
- C:\Windows\System\cDFUnGE.exe
  C:\Windows\System\cDFUnGE.exe
  2⤵
  PID:3860
- C:\Windows\System\ocVyDrO.exe
  C:\Windows\System\ocVyDrO.exe
  2⤵
  PID:3880
- C:\Windows\System\BLthjlF.exe
  C:\Windows\System\BLthjlF.exe
  2⤵
  PID:3896
- C:\Windows\System\CDjrsNB.exe
  C:\Windows\System\CDjrsNB.exe
  2⤵
  PID:3912
- C:\Windows\System\VdRqgpW.exe
  C:\Windows\System\VdRqgpW.exe
  2⤵
  PID:3928
- C:\Windows\System\CJfrCFN.exe
  C:\Windows\System\CJfrCFN.exe
  2⤵
  PID:3944
- C:\Windows\System\DlAhFqa.exe
  C:\Windows\System\DlAhFqa.exe
  2⤵
  PID:3960
- C:\Windows\System\FCEWODj.exe
  C:\Windows\System\FCEWODj.exe
  2⤵
  PID:3976
- C:\Windows\System\WBYpfao.exe
  C:\Windows\System\WBYpfao.exe
  2⤵
  PID:3992
- C:\Windows\System\rxNfPSW.exe
  C:\Windows\System\rxNfPSW.exe
  2⤵
  PID:4008
- C:\Windows\System\bUiuSIh.exe
  C:\Windows\System\bUiuSIh.exe
  2⤵
  PID:4024
- C:\Windows\System\LPqtYsQ.exe
  C:\Windows\System\LPqtYsQ.exe
  2⤵
  PID:4040
- C:\Windows\System\rmoCmAZ.exe
  C:\Windows\System\rmoCmAZ.exe
  2⤵
  PID:4056
- C:\Windows\System\JxKJArB.exe
  C:\Windows\System\JxKJArB.exe
  2⤵
  PID:4072
- C:\Windows\System\fWWDCUC.exe
  C:\Windows\System\fWWDCUC.exe
  2⤵
  PID:4088
- C:\Windows\System\NXASlpP.exe
  C:\Windows\System\NXASlpP.exe
  2⤵
  PID:396
- C:\Windows\System\bTJjgMH.exe
  C:\Windows\System\bTJjgMH.exe
  2⤵
  PID:2280
- C:\Windows\System\ApSCRuV.exe
  C:\Windows\System\ApSCRuV.exe
  2⤵
  PID:1336
- C:\Windows\System\RnZtdeC.exe
  C:\Windows\System\RnZtdeC.exe
  2⤵
  PID:1520
- C:\Windows\System\slYBspz.exe
  C:\Windows\System\slYBspz.exe
  2⤵
  PID:2172
- C:\Windows\System\iZaeOwp.exe
  C:\Windows\System\iZaeOwp.exe
  2⤵
  PID:2132
- C:\Windows\System\ohQSOBM.exe
  C:\Windows\System\ohQSOBM.exe
  2⤵
  PID:2108
- C:\Windows\System\eUuYcZS.exe
  C:\Windows\System\eUuYcZS.exe
  2⤵
  PID:1688
- C:\Windows\System\kjxUpbr.exe
  C:\Windows\System\kjxUpbr.exe
  2⤵
  PID:2588
- C:\Windows\System\pXpICWb.exe
  C:\Windows\System\pXpICWb.exe
  2⤵
  PID:3044
- C:\Windows\System\HDsnqdj.exe
  C:\Windows\System\HDsnqdj.exe
  2⤵
  PID:2684
- C:\Windows\System\DJygeFE.exe
  C:\Windows\System\DJygeFE.exe
  2⤵
  PID:1304
- C:\Windows\System\OktzGTl.exe
  C:\Windows\System\OktzGTl.exe
  2⤵
  PID:1760
- C:\Windows\System\ImYmYyn.exe
  C:\Windows\System\ImYmYyn.exe
  2⤵
  PID:3092
- C:\Windows\System\LAjCJrh.exe
  C:\Windows\System\LAjCJrh.exe
  2⤵
  PID:3124
- C:\Windows\System\SvZNJYb.exe
  C:\Windows\System\SvZNJYb.exe
  2⤵
  PID:3112
- C:\Windows\System\nkXjoHf.exe
  C:\Windows\System\nkXjoHf.exe
  2⤵
  PID:3188
- C:\Windows\System\QwMIIxI.exe
  C:\Windows\System\QwMIIxI.exe
  2⤵
  PID:3220
- C:\Windows\System\xeiHRMn.exe
  C:\Windows\System\xeiHRMn.exe
  2⤵
  PID:3252
- C:\Windows\System\GtWqekf.exe
  C:\Windows\System\GtWqekf.exe
  2⤵
  PID:3284
- C:\Windows\System\dWyUAYW.exe
  C:\Windows\System\dWyUAYW.exe
  2⤵
  PID:3316
- C:\Windows\System\PFFUKjV.exe
  C:\Windows\System\PFFUKjV.exe
  2⤵
  PID:3336
- C:\Windows\System\UufZEOV.exe
  C:\Windows\System\UufZEOV.exe
  2⤵
  PID:3368
- C:\Windows\System\wYywLtO.exe
  C:\Windows\System\wYywLtO.exe
  2⤵
  PID:3412
- C:\Windows\System\hsVlTdN.exe
  C:\Windows\System\hsVlTdN.exe
  2⤵
  PID:3480
- C:\Windows\System\fvtyHUr.exe
  C:\Windows\System\fvtyHUr.exe
  2⤵
  PID:3464
- C:\Windows\System\PotQDsT.exe
  C:\Windows\System\PotQDsT.exe
  2⤵
  PID:3512
- C:\Windows\System\wYHEYUo.exe
  C:\Windows\System\wYHEYUo.exe
  2⤵
  PID:3556
- C:\Windows\System\UpvlsWW.exe
  C:\Windows\System\UpvlsWW.exe
  2⤵
  PID:3560
- C:\Windows\System\qojxdIZ.exe
  C:\Windows\System\qojxdIZ.exe
  2⤵
  PID:3636
- C:\Windows\System\grntVbJ.exe
  C:\Windows\System\grntVbJ.exe
  2⤵
  PID:3676
- C:\Windows\System\GShVRdS.exe
  C:\Windows\System\GShVRdS.exe
  2⤵
  PID:3660
- C:\Windows\System\QQVDQPC.exe
  C:\Windows\System\QQVDQPC.exe
  2⤵
  PID:3712
- C:\Windows\System\BOJzscR.exe
  C:\Windows\System\BOJzscR.exe
  2⤵
  PID:3744
- C:\Windows\System\CJjfLNk.exe
  C:\Windows\System\CJjfLNk.exe
  2⤵
  PID:3776
- C:\Windows\System\DMBsEEZ.exe
  C:\Windows\System\DMBsEEZ.exe
  2⤵
  PID:3792
- C:\Windows\System\kfXcbiq.exe
  C:\Windows\System\kfXcbiq.exe
  2⤵
  PID:3868
- C:\Windows\System\eMhtjxJ.exe
  C:\Windows\System\eMhtjxJ.exe
  2⤵
  PID:3904
- C:\Windows\System\JUSWfPD.exe
  C:\Windows\System\JUSWfPD.exe
  2⤵
  PID:3924
- C:\Windows\System\THWVXPW.exe
  C:\Windows\System\THWVXPW.exe
  2⤵
  PID:3968
- C:\Windows\System\IwdlakT.exe
  C:\Windows\System\IwdlakT.exe
  2⤵
  PID:4000
- C:\Windows\System\jPgHkGI.exe
  C:\Windows\System\jPgHkGI.exe
  2⤵
  PID:4032
- C:\Windows\System\GerACCo.exe
  C:\Windows\System\GerACCo.exe
  2⤵
  PID:4048
- C:\Windows\System\xRMzpYe.exe
  C:\Windows\System\xRMzpYe.exe
  2⤵
  PID:2156
- C:\Windows\System\KbbwCbW.exe
  C:\Windows\System\KbbwCbW.exe
  2⤵
  PID:2536
- C:\Windows\System\WJOsLql.exe
  C:\Windows\System\WJOsLql.exe
  2⤵
  PID:1060
- C:\Windows\System\avKfGfh.exe
  C:\Windows\System\avKfGfh.exe
  2⤵
  PID:2068
- C:\Windows\System\VgIiQxO.exe
  C:\Windows\System\VgIiQxO.exe
  2⤵
  PID:2624
- C:\Windows\System\tnybvig.exe
  C:\Windows\System\tnybvig.exe
  2⤵
  PID:2868
- C:\Windows\System\tFAiILd.exe
  C:\Windows\System\tFAiILd.exe
  2⤵
  PID:2668
- C:\Windows\System\wicVllt.exe
  C:\Windows\System\wicVllt.exe
  2⤵
  PID:3064
- C:\Windows\System\HOpigYk.exe
  C:\Windows\System\HOpigYk.exe
  2⤵
  PID:3156
- C:\Windows\System\yeygjdZ.exe
  C:\Windows\System\yeygjdZ.exe
  2⤵
  PID:3208
- C:\Windows\System\XYHAPoL.exe
  C:\Windows\System\XYHAPoL.exe
  2⤵
  PID:3192
- C:\Windows\System\dAqQtbB.exe
  C:\Windows\System\dAqQtbB.exe
  2⤵
  PID:3352
- C:\Windows\System\kiKfSlx.exe
  C:\Windows\System\kiKfSlx.exe
  2⤵
  PID:3384
- C:\Windows\System\zQIqLtf.exe
  C:\Windows\System\zQIqLtf.exe
  2⤵
  PID:3428
- C:\Windows\System\yuOnrud.exe
  C:\Windows\System\yuOnrud.exe
  2⤵
  PID:3540
- C:\Windows\System\VfvtSkq.exe
  C:\Windows\System\VfvtSkq.exe
  2⤵
  PID:3620
- C:\Windows\System\uGljsOg.exe
  C:\Windows\System\uGljsOg.exe
  2⤵
  PID:3692
- C:\Windows\System\qKYaTfZ.exe
  C:\Windows\System\qKYaTfZ.exe
  2⤵
  PID:3740
- C:\Windows\System\MJiDACN.exe
  C:\Windows\System\MJiDACN.exe
  2⤵
  PID:3760
- C:\Windows\System\XPoCybV.exe
  C:\Windows\System\XPoCybV.exe
  2⤵
  PID:3788
- C:\Windows\System\QmRVjFb.exe
  C:\Windows\System\QmRVjFb.exe
  2⤵
  PID:4112
- C:\Windows\System\QsCFmZb.exe
  C:\Windows\System\QsCFmZb.exe
  2⤵
  PID:4132
- C:\Windows\System\WzPEoZO.exe
  C:\Windows\System\WzPEoZO.exe
  2⤵
  PID:4148
- C:\Windows\System\YWDmqPe.exe
  C:\Windows\System\YWDmqPe.exe
  2⤵
  PID:4164
- C:\Windows\System\RTqGUuy.exe
  C:\Windows\System\RTqGUuy.exe
  2⤵
  PID:4180
- C:\Windows\System\hkxcKIk.exe
  C:\Windows\System\hkxcKIk.exe
  2⤵
  PID:4196
- C:\Windows\System\XgLPlpi.exe
  C:\Windows\System\XgLPlpi.exe
  2⤵
  PID:4212
- C:\Windows\System\DzjsqEY.exe
  C:\Windows\System\DzjsqEY.exe
  2⤵
  PID:4228
- C:\Windows\System\ZeaVoDL.exe
  C:\Windows\System\ZeaVoDL.exe
  2⤵
  PID:4244
- C:\Windows\System\ojudUid.exe
  C:\Windows\System\ojudUid.exe
  2⤵
  PID:4260
- C:\Windows\System\sHGqOjg.exe
  C:\Windows\System\sHGqOjg.exe
  2⤵
  PID:4276
- C:\Windows\System\NahAeKO.exe
  C:\Windows\System\NahAeKO.exe
  2⤵
  PID:4292
- C:\Windows\System\nhRQZTQ.exe
  C:\Windows\System\nhRQZTQ.exe
  2⤵
  PID:4308
- C:\Windows\System\JdzpePm.exe
  C:\Windows\System\JdzpePm.exe
  2⤵
  PID:4324
- C:\Windows\System\yWCbwsA.exe
  C:\Windows\System\yWCbwsA.exe
  2⤵
  PID:4340
- C:\Windows\System\quOmliW.exe
  C:\Windows\System\quOmliW.exe
  2⤵
  PID:4356
- C:\Windows\System\JLrdEPR.exe
  C:\Windows\System\JLrdEPR.exe
  2⤵
  PID:4372
- C:\Windows\System\KfFZCsQ.exe
  C:\Windows\System\KfFZCsQ.exe
  2⤵
  PID:4388
- C:\Windows\System\YeButML.exe
  C:\Windows\System\YeButML.exe
  2⤵
  PID:4404
- C:\Windows\System\lYcPDYs.exe
  C:\Windows\System\lYcPDYs.exe
  2⤵
  PID:4420
- C:\Windows\System\uCiCxuP.exe
  C:\Windows\System\uCiCxuP.exe
  2⤵
  PID:4436
- C:\Windows\System\uzpTdfa.exe
  C:\Windows\System\uzpTdfa.exe
  2⤵
  PID:4452
- C:\Windows\System\KyTmQyY.exe
  C:\Windows\System\KyTmQyY.exe
  2⤵
  PID:4468
- C:\Windows\System\ptwGfUn.exe
  C:\Windows\System\ptwGfUn.exe
  2⤵
  PID:4484
- C:\Windows\System\cxJKgkj.exe
  C:\Windows\System\cxJKgkj.exe
  2⤵
  PID:4500
- C:\Windows\System\MUtpKOz.exe
  C:\Windows\System\MUtpKOz.exe
  2⤵
  PID:4516
- C:\Windows\System\jWuXNrS.exe
  C:\Windows\System\jWuXNrS.exe
  2⤵
  PID:4532
- C:\Windows\System\uOPZVyY.exe
  C:\Windows\System\uOPZVyY.exe
  2⤵
  PID:4548
- C:\Windows\System\LHMVPES.exe
  C:\Windows\System\LHMVPES.exe
  2⤵
  PID:4564
- C:\Windows\System\GzqWPOR.exe
  C:\Windows\System\GzqWPOR.exe
  2⤵
  PID:4580
- C:\Windows\System\CTkAsbg.exe
  C:\Windows\System\CTkAsbg.exe
  2⤵
  PID:4596
- C:\Windows\System\ibBYdqK.exe
  C:\Windows\System\ibBYdqK.exe
  2⤵
  PID:4612
- C:\Windows\System\BPmNUED.exe
  C:\Windows\System\BPmNUED.exe
  2⤵
  PID:4628
- C:\Windows\System\FOVTmNm.exe
  C:\Windows\System\FOVTmNm.exe
  2⤵
  PID:4644
- C:\Windows\System\rBvYYWa.exe
  C:\Windows\System\rBvYYWa.exe
  2⤵
  PID:4660
- C:\Windows\System\Bnagxfk.exe
  C:\Windows\System\Bnagxfk.exe
  2⤵
  PID:4676
- C:\Windows\System\xjnAuvK.exe
  C:\Windows\System\xjnAuvK.exe
  2⤵
  PID:4692
- C:\Windows\System\PkqZCbX.exe
  C:\Windows\System\PkqZCbX.exe
  2⤵
  PID:4708
- C:\Windows\System\qWWdpSw.exe
  C:\Windows\System\qWWdpSw.exe
  2⤵
  PID:4724
- C:\Windows\System\XGKgOzR.exe
  C:\Windows\System\XGKgOzR.exe
  2⤵
  PID:4740
- C:\Windows\System\dlvqfZh.exe
  C:\Windows\System\dlvqfZh.exe
  2⤵
  PID:4756
- C:\Windows\System\NLHJonD.exe
  C:\Windows\System\NLHJonD.exe
  2⤵
  PID:4772
- C:\Windows\System\yoEjZhp.exe
  C:\Windows\System\yoEjZhp.exe
  2⤵
  PID:4788
- C:\Windows\System\hEsHkqM.exe
  C:\Windows\System\hEsHkqM.exe
  2⤵
  PID:4804
- C:\Windows\System\tBtsVgy.exe
  C:\Windows\System\tBtsVgy.exe
  2⤵
  PID:4820
- C:\Windows\System\kEuSCcF.exe
  C:\Windows\System\kEuSCcF.exe
  2⤵
  PID:4836
- C:\Windows\System\vRrqTaB.exe
  C:\Windows\System\vRrqTaB.exe
  2⤵
  PID:4852
- C:\Windows\System\RWIQEIy.exe
  C:\Windows\System\RWIQEIy.exe
  2⤵
  PID:4868
- C:\Windows\System\tpaMVXk.exe
  C:\Windows\System\tpaMVXk.exe
  2⤵
  PID:4884
- C:\Windows\System\vWySWEY.exe
  C:\Windows\System\vWySWEY.exe
  2⤵
  PID:4900
- C:\Windows\System\rumgYuL.exe
  C:\Windows\System\rumgYuL.exe
  2⤵
  PID:4916
- C:\Windows\System\oFwhwzO.exe
  C:\Windows\System\oFwhwzO.exe
  2⤵
  PID:4932
- C:\Windows\System\kZSsmeI.exe
  C:\Windows\System\kZSsmeI.exe
  2⤵
  PID:4952
- C:\Windows\System\EoZpHLq.exe
  C:\Windows\System\EoZpHLq.exe
  2⤵
  PID:4968
- C:\Windows\System\QIilIKU.exe
  C:\Windows\System\QIilIKU.exe
  2⤵
  PID:4988
- C:\Windows\System\FHMZQuk.exe
  C:\Windows\System\FHMZQuk.exe
  2⤵
  PID:5008
- C:\Windows\System\fLHViYk.exe
  C:\Windows\System\fLHViYk.exe
  2⤵
  PID:5024
- C:\Windows\System\QTUttql.exe
  C:\Windows\System\QTUttql.exe
  2⤵
  PID:5044
- C:\Windows\System\nfrZDPw.exe
  C:\Windows\System\nfrZDPw.exe
  2⤵
  PID:5060
- C:\Windows\System\WPpmbBE.exe
  C:\Windows\System\WPpmbBE.exe
  2⤵
  PID:5076
- C:\Windows\System\hWEBoDi.exe
  C:\Windows\System\hWEBoDi.exe
  2⤵
  PID:5092
- C:\Windows\System\HHdzVDW.exe
  C:\Windows\System\HHdzVDW.exe
  2⤵
  PID:5108
- C:\Windows\System\INVrYzw.exe
  C:\Windows\System\INVrYzw.exe
  2⤵
  PID:3908
- C:\Windows\System\OBZoIti.exe
  C:\Windows\System\OBZoIti.exe
  2⤵
  PID:3972
- C:\Windows\System\XdRjQeZ.exe
  C:\Windows\System\XdRjQeZ.exe
  2⤵
  PID:4020
- C:\Windows\System\NnAydRe.exe
  C:\Windows\System\NnAydRe.exe
  2⤵
  PID:4084
- C:\Windows\System\rBnNjPW.exe
  C:\Windows\System\rBnNjPW.exe
  2⤵
  PID:4052
- C:\Windows\System\PlhhNGi.exe
  C:\Windows\System\PlhhNGi.exe
  2⤵
  PID:1008
- C:\Windows\System\FtrZVsE.exe
  C:\Windows\System\FtrZVsE.exe
  2⤵
  PID:2768
- C:\Windows\System\QubfrMy.exe
  C:\Windows\System\QubfrMy.exe
  2⤵
  PID:3140
- C:\Windows\System\JclKTaG.exe
  C:\Windows\System\JclKTaG.exe
  2⤵
  PID:3256
- C:\Windows\System\UghmRdU.exe
  C:\Windows\System\UghmRdU.exe
  2⤵
  PID:3444
- C:\Windows\System\uXwqjqF.exe
  C:\Windows\System\uXwqjqF.exe
  2⤵
  PID:3576
- C:\Windows\System\zAbcdbJ.exe
  C:\Windows\System\zAbcdbJ.exe
  2⤵
  PID:3624
- C:\Windows\System\pRFVmEy.exe
  C:\Windows\System\pRFVmEy.exe
  2⤵
  PID:3608
- C:\Windows\System\aufSHmc.exe
  C:\Windows\System\aufSHmc.exe
  2⤵
  PID:4120
- C:\Windows\System\TqVGCYf.exe
  C:\Windows\System\TqVGCYf.exe
  2⤵
  PID:4156
- C:\Windows\System\yRgrptU.exe
  C:\Windows\System\yRgrptU.exe
  2⤵
  PID:4188
- C:\Windows\System\zLxKthz.exe
  C:\Windows\System\zLxKthz.exe
  2⤵
  PID:4220
- C:\Windows\System\rDHBRao.exe
  C:\Windows\System\rDHBRao.exe
  2⤵
  PID:4252
- C:\Windows\System\tmVxbfb.exe
  C:\Windows\System\tmVxbfb.exe
  2⤵
  PID:4284
- C:\Windows\System\RqfeOTU.exe
  C:\Windows\System\RqfeOTU.exe
  2⤵
  PID:4320
- C:\Windows\System\RvQQtXz.exe
  C:\Windows\System\RvQQtXz.exe
  2⤵
  PID:4352
- C:\Windows\System\xwJknbV.exe
  C:\Windows\System\xwJknbV.exe
  2⤵
  PID:4364
- C:\Windows\System\SonsyYV.exe
  C:\Windows\System\SonsyYV.exe
  2⤵
  PID:4412
- C:\Windows\System\kfWZDLz.exe
  C:\Windows\System\kfWZDLz.exe
  2⤵
  PID:4444
- C:\Windows\System\OYOxUUy.exe
  C:\Windows\System\OYOxUUy.exe
  2⤵
  PID:4460
- C:\Windows\System\AvjjVIl.exe
  C:\Windows\System\AvjjVIl.exe
  2⤵
  PID:4508
- C:\Windows\System\dykAgdM.exe
  C:\Windows\System\dykAgdM.exe
  2⤵
  PID:4544
- C:\Windows\System\LSmuLjf.exe
  C:\Windows\System\LSmuLjf.exe
  2⤵
  PID:4576
- C:\Windows\System\FEivvHE.exe
  C:\Windows\System\FEivvHE.exe
  2⤵
  PID:4588
- C:\Windows\System\RsqkZGX.exe
  C:\Windows\System\RsqkZGX.exe
  2⤵
  PID:4640
- C:\Windows\System\KvalTrb.exe
  C:\Windows\System\KvalTrb.exe
  2⤵
  PID:4672
- C:\Windows\System\xUhbBWF.exe
  C:\Windows\System\xUhbBWF.exe
  2⤵
  PID:4684
- C:\Windows\System\KTRYIKD.exe
  C:\Windows\System\KTRYIKD.exe
  2⤵
  PID:4720
- C:\Windows\System\eyholSf.exe
  C:\Windows\System\eyholSf.exe
  2⤵
  PID:4768
- C:\Windows\System\dQSkXAl.exe
  C:\Windows\System\dQSkXAl.exe
  2⤵
  PID:4780
- C:\Windows\System\bRVhuCk.exe
  C:\Windows\System\bRVhuCk.exe
  2⤵
  PID:4812
- C:\Windows\System\OTEdzhg.exe
  C:\Windows\System\OTEdzhg.exe
  2⤵
  PID:4864
- C:\Windows\System\giKDVsH.exe
  C:\Windows\System\giKDVsH.exe
  2⤵
  PID:4892
- C:\Windows\System\CjpOJFK.exe
  C:\Windows\System\CjpOJFK.exe
  2⤵
  PID:4924
- C:\Windows\System\iPcuBeh.exe
  C:\Windows\System\iPcuBeh.exe
  2⤵
  PID:4960
- C:\Windows\System\xsYztSd.exe
  C:\Windows\System\xsYztSd.exe
  2⤵
  PID:5000
- C:\Windows\System\ymdymYP.exe
  C:\Windows\System\ymdymYP.exe
  2⤵
  PID:4980
- C:\Windows\System\JhCbqph.exe
  C:\Windows\System\JhCbqph.exe
  2⤵
  PID:5052
- C:\Windows\System\aPMjXwE.exe
  C:\Windows\System\aPMjXwE.exe
  2⤵
  PID:5084
- C:\Windows\System\AoerrZX.exe
  C:\Windows\System\AoerrZX.exe
  2⤵
  PID:3920
- C:\Windows\System\IOSdAxf.exe
  C:\Windows\System\IOSdAxf.exe
  2⤵
  PID:3984
- C:\Windows\System\FDHDbfg.exe
  C:\Windows\System\FDHDbfg.exe
  2⤵
  PID:1204
- C:\Windows\System\MIIgFeF.exe
  C:\Windows\System\MIIgFeF.exe
  2⤵
  PID:2584
- C:\Windows\System\cXUWlAM.exe
  C:\Windows\System\cXUWlAM.exe
  2⤵
  PID:4948
- C:\Windows\System\zJQldGA.exe
  C:\Windows\System\zJQldGA.exe
  2⤵
  PID:3476
- C:\Windows\System\uWvSeVP.exe
  C:\Windows\System\uWvSeVP.exe
  2⤵
  PID:3808
- C:\Windows\System\uHrETlv.exe
  C:\Windows\System\uHrETlv.exe
  2⤵
  PID:4108
- C:\Windows\System\XjzuMax.exe
  C:\Windows\System\XjzuMax.exe
  2⤵
  PID:4176
- C:\Windows\System\wCkEdPJ.exe
  C:\Windows\System\wCkEdPJ.exe
  2⤵
  PID:4256
- C:\Windows\System\uZjxCXk.exe
  C:\Windows\System\uZjxCXk.exe
  2⤵
  PID:4300
- C:\Windows\System\LSVhNGP.exe
  C:\Windows\System\LSVhNGP.exe
  2⤵
  PID:4368
- C:\Windows\System\CpJDyzu.exe
  C:\Windows\System\CpJDyzu.exe
  2⤵
  PID:4428
- C:\Windows\System\DctSGCp.exe
  C:\Windows\System\DctSGCp.exe
  2⤵
  PID:4524
- C:\Windows\System\fGXHKRc.exe
  C:\Windows\System\fGXHKRc.exe
  2⤵
  PID:4656
- C:\Windows\System\CPNJpmz.exe
  C:\Windows\System\CPNJpmz.exe
  2⤵
  PID:4556
- C:\Windows\System\erroWun.exe
  C:\Windows\System\erroWun.exe
  2⤵
  PID:4624
- C:\Windows\System\bIQcmBR.exe
  C:\Windows\System\bIQcmBR.exe
  2⤵
  PID:5128
- C:\Windows\System\wLcRtMP.exe
  C:\Windows\System\wLcRtMP.exe
  2⤵
  PID:5144
- C:\Windows\System\psRgHEI.exe
  C:\Windows\System\psRgHEI.exe
  2⤵
  PID:5160
- C:\Windows\System\ACpwFUR.exe
  C:\Windows\System\ACpwFUR.exe
  2⤵
  PID:5176
- C:\Windows\System\fGYJicb.exe
  C:\Windows\System\fGYJicb.exe
  2⤵
  PID:5192
- C:\Windows\System\cghJVFz.exe
  C:\Windows\System\cghJVFz.exe
  2⤵
  PID:5208
- C:\Windows\System\vyrFVTT.exe
  C:\Windows\System\vyrFVTT.exe
  2⤵
  PID:5224
- C:\Windows\System\pyxeivK.exe
  C:\Windows\System\pyxeivK.exe
  2⤵
  PID:5244
- C:\Windows\System\NoLlRYM.exe
  C:\Windows\System\NoLlRYM.exe
  2⤵
  PID:5260
- C:\Windows\System\IbGrraJ.exe
  C:\Windows\System\IbGrraJ.exe
  2⤵
  PID:5276
- C:\Windows\System\VoZmwBw.exe
  C:\Windows\System\VoZmwBw.exe
  2⤵
  PID:5292
- C:\Windows\System\mqPHVuV.exe
  C:\Windows\System\mqPHVuV.exe
  2⤵
  PID:5308
- C:\Windows\System\GxKstus.exe
  C:\Windows\System\GxKstus.exe
  2⤵
  PID:5324
- C:\Windows\System\lUJraiL.exe
  C:\Windows\System\lUJraiL.exe
  2⤵
  PID:5340
- C:\Windows\System\yTqNjUo.exe
  C:\Windows\System\yTqNjUo.exe
  2⤵
  PID:5356
- C:\Windows\System\PWzjdLE.exe
  C:\Windows\System\PWzjdLE.exe
  2⤵
  PID:5372
- C:\Windows\System\jzxHGJE.exe
  C:\Windows\System\jzxHGJE.exe
  2⤵
  PID:5388
- C:\Windows\System\qsBWpdE.exe
  C:\Windows\System\qsBWpdE.exe
  2⤵
  PID:5404
- C:\Windows\System\dVnpAzG.exe
  C:\Windows\System\dVnpAzG.exe
  2⤵
  PID:5420
- C:\Windows\System\vFBPoBS.exe
  C:\Windows\System\vFBPoBS.exe
  2⤵
  PID:5436
- C:\Windows\System\dknAlPe.exe
  C:\Windows\System\dknAlPe.exe
  2⤵
  PID:5452
- C:\Windows\System\QIVZWQT.exe
  C:\Windows\System\QIVZWQT.exe
  2⤵
  PID:5468
- C:\Windows\System\bPqdsNS.exe
  C:\Windows\System\bPqdsNS.exe
  2⤵
  PID:5484
- C:\Windows\System\YveDtEE.exe
  C:\Windows\System\YveDtEE.exe
  2⤵
  PID:5500
- C:\Windows\System\ABMUlxA.exe
  C:\Windows\System\ABMUlxA.exe
  2⤵
  PID:5516
- C:\Windows\System\prNwVkW.exe
  C:\Windows\System\prNwVkW.exe
  2⤵
  PID:5532
- C:\Windows\System\gaqQXIh.exe
  C:\Windows\System\gaqQXIh.exe
  2⤵
  PID:5548
- C:\Windows\System\NgunREW.exe
  C:\Windows\System\NgunREW.exe
  2⤵
  PID:5564
- C:\Windows\System\FUGMnZY.exe
  C:\Windows\System\FUGMnZY.exe
  2⤵
  PID:5580
- C:\Windows\System\wVQqsev.exe
  C:\Windows\System\wVQqsev.exe
  2⤵
  PID:5596
- C:\Windows\System\GgfKyvG.exe
  C:\Windows\System\GgfKyvG.exe
  2⤵
  PID:5612
- C:\Windows\System\hyNnooo.exe
  C:\Windows\System\hyNnooo.exe
  2⤵
  PID:5628
- C:\Windows\System\ortWGOl.exe
  C:\Windows\System\ortWGOl.exe
  2⤵
  PID:5644
- C:\Windows\System\MNseaKv.exe
  C:\Windows\System\MNseaKv.exe
  2⤵
  PID:5660
- C:\Windows\System\LIRQvQV.exe
  C:\Windows\System\LIRQvQV.exe
  2⤵
  PID:5676
- C:\Windows\System\SFzPXUn.exe
  C:\Windows\System\SFzPXUn.exe
  2⤵
  PID:5692
- C:\Windows\System\MgILYLU.exe
  C:\Windows\System\MgILYLU.exe
  2⤵
  PID:5708
- C:\Windows\System\WAVUamP.exe
  C:\Windows\System\WAVUamP.exe
  2⤵
  PID:5724
- C:\Windows\System\sNWSDWs.exe
  C:\Windows\System\sNWSDWs.exe
  2⤵
  PID:5740
- C:\Windows\System\rosLuFb.exe
  C:\Windows\System\rosLuFb.exe
  2⤵
  PID:5756
- C:\Windows\System\KHDtOMB.exe
  C:\Windows\System\KHDtOMB.exe
  2⤵
  PID:5772
- C:\Windows\System\DdnbOTt.exe
  C:\Windows\System\DdnbOTt.exe
  2⤵
  PID:5788
- C:\Windows\System\UmlDAFA.exe
  C:\Windows\System\UmlDAFA.exe
  2⤵
  PID:5804
- C:\Windows\System\AgLDrKl.exe
  C:\Windows\System\AgLDrKl.exe
  2⤵
  PID:5820
- C:\Windows\System\riLMBXa.exe
  C:\Windows\System\riLMBXa.exe
  2⤵
  PID:5836
- C:\Windows\System\qthxoVZ.exe
  C:\Windows\System\qthxoVZ.exe
  2⤵
  PID:5852
- C:\Windows\System\fkHLYsZ.exe
  C:\Windows\System\fkHLYsZ.exe
  2⤵
  PID:5868
- C:\Windows\System\HDoAEiG.exe
  C:\Windows\System\HDoAEiG.exe
  2⤵
  PID:5884
- C:\Windows\System\XWoVykx.exe
  C:\Windows\System\XWoVykx.exe
  2⤵
  PID:5900
- C:\Windows\System\gGCoblg.exe
  C:\Windows\System\gGCoblg.exe
  2⤵
  PID:5916
- C:\Windows\System\xXweode.exe
  C:\Windows\System\xXweode.exe
  2⤵
  PID:5932
- C:\Windows\System\BWfVlCx.exe
  C:\Windows\System\BWfVlCx.exe
  2⤵
  PID:5948
- C:\Windows\System\CXkujeX.exe
  C:\Windows\System\CXkujeX.exe
  2⤵
  PID:5964
- C:\Windows\System\NizUOZL.exe
  C:\Windows\System\NizUOZL.exe
  2⤵
  PID:5980
- C:\Windows\System\kcgwuxY.exe
  C:\Windows\System\kcgwuxY.exe
  2⤵
  PID:5996
- C:\Windows\System\RvrVooE.exe
  C:\Windows\System\RvrVooE.exe
  2⤵
  PID:6012
- C:\Windows\System\HfFBEbo.exe
  C:\Windows\System\HfFBEbo.exe
  2⤵
  PID:6028
- C:\Windows\System\PbdYrfK.exe
  C:\Windows\System\PbdYrfK.exe
  2⤵
  PID:6044
- C:\Windows\System\AnNaQeZ.exe
  C:\Windows\System\AnNaQeZ.exe
  2⤵
  PID:6060
- C:\Windows\System\ynhgLbc.exe
  C:\Windows\System\ynhgLbc.exe
  2⤵
  PID:6080
- C:\Windows\System\vZtDsky.exe
  C:\Windows\System\vZtDsky.exe
  2⤵
  PID:6096
- C:\Windows\System\JJJRRfM.exe
  C:\Windows\System\JJJRRfM.exe
  2⤵
  PID:6112
- C:\Windows\System\eBjYzRn.exe
  C:\Windows\System\eBjYzRn.exe
  2⤵
  PID:6128
- C:\Windows\System\yeRCNxD.exe
  C:\Windows\System\yeRCNxD.exe
  2⤵
  PID:4736
- C:\Windows\System\AyIhetU.exe
  C:\Windows\System\AyIhetU.exe
  2⤵
  PID:4828
- C:\Windows\System\KtpAwYq.exe
  C:\Windows\System\KtpAwYq.exe
  2⤵
  PID:4816
- C:\Windows\System\RgTONWD.exe
  C:\Windows\System\RgTONWD.exe
  2⤵
  PID:4896
- C:\Windows\System\zwlgoXZ.exe
  C:\Windows\System\zwlgoXZ.exe
  2⤵
  PID:4964
- C:\Windows\System\uiOCvop.exe
  C:\Windows\System\uiOCvop.exe
  2⤵
  PID:5020
- C:\Windows\System\eNzrFtO.exe
  C:\Windows\System\eNzrFtO.exe
  2⤵
  PID:5104
- C:\Windows\System\TDWOblz.exe
  C:\Windows\System\TDWOblz.exe
  2⤵
  PID:1616
- C:\Windows\System\BnyHRfr.exe
  C:\Windows\System\BnyHRfr.exe
  2⤵
  PID:3108
- C:\Windows\System\rxWTneB.exe
  C:\Windows\System\rxWTneB.exe
  2⤵
  PID:1280
- C:\Windows\System\jHpGnDh.exe
  C:\Windows\System\jHpGnDh.exe
  2⤵
  PID:4204
- C:\Windows\System\LIttgXz.exe
  C:\Windows\System\LIttgXz.exe
  2⤵
  PID:4272
- C:\Windows\System\PgOOSdK.exe
  C:\Windows\System\PgOOSdK.exe
  2⤵
  PID:4268
- C:\Windows\System\mkRavVV.exe
  C:\Windows\System\mkRavVV.exe
  2⤵
  PID:4608
- C:\Windows\System\hzxMwnp.exe
  C:\Windows\System\hzxMwnp.exe
  2⤵
  PID:2100
- C:\Windows\System\JOEUbMm.exe
  C:\Windows\System\JOEUbMm.exe
  2⤵
  PID:5136
- C:\Windows\System\DDMpMLD.exe
  C:\Windows\System\DDMpMLD.exe
  2⤵
  PID:5168
- C:\Windows\System\rKkKGTX.exe
  C:\Windows\System\rKkKGTX.exe
  2⤵
  PID:5200
- C:\Windows\System\iTagpEE.exe
  C:\Windows\System\iTagpEE.exe
  2⤵
  PID:5232
- C:\Windows\System\RnEDHrg.exe
  C:\Windows\System\RnEDHrg.exe
  2⤵
  PID:5284
- C:\Windows\System\YNxzkAa.exe
  C:\Windows\System\YNxzkAa.exe
  2⤵
  PID:5300
- C:\Windows\System\hcOoQZZ.exe
  C:\Windows\System\hcOoQZZ.exe
  2⤵
  PID:5332
- C:\Windows\System\bWglYen.exe
  C:\Windows\System\bWglYen.exe
  2⤵
  PID:5336
- C:\Windows\System\NRmNbvn.exe
  C:\Windows\System\NRmNbvn.exe
  2⤵
  PID:5412
- C:\Windows\System\cKbdJSZ.exe
  C:\Windows\System\cKbdJSZ.exe
  2⤵
  PID:5428
- C:\Windows\System\gPLWpmh.exe
  C:\Windows\System\gPLWpmh.exe
  2⤵
  PID:5476
- C:\Windows\System\UPPShkd.exe
  C:\Windows\System\UPPShkd.exe
  2⤵
  PID:5492
- C:\Windows\System\yUNnMDv.exe
  C:\Windows\System\yUNnMDv.exe
  2⤵
  PID:5496
- C:\Windows\System\HxGvscd.exe
  C:\Windows\System\HxGvscd.exe
  2⤵
  PID:5528
- C:\Windows\System\YUyuhLz.exe
  C:\Windows\System\YUyuhLz.exe
  2⤵
  PID:5604
- C:\Windows\System\pHwVHlx.exe
  C:\Windows\System\pHwVHlx.exe
  2⤵
  PID:5592
- C:\Windows\System\BYdgqtH.exe
  C:\Windows\System\BYdgqtH.exe
  2⤵
  PID:5640
- C:\Windows\System\yeCkNaA.exe
  C:\Windows\System\yeCkNaA.exe
  2⤵
  PID:5672
- C:\Windows\System\yYlFBhe.exe
  C:\Windows\System\yYlFBhe.exe
  2⤵
  PID:5688
- C:\Windows\System\WXnuNHi.exe
  C:\Windows\System\WXnuNHi.exe
  2⤵
  PID:5720
- C:\Windows\System\BDBhZDS.exe
  C:\Windows\System\BDBhZDS.exe
  2⤵
  PID:5752
- C:\Windows\System\VUyQqRD.exe
  C:\Windows\System\VUyQqRD.exe
  2⤵
  PID:5784
- C:\Windows\System\Midfriq.exe
  C:\Windows\System\Midfriq.exe
  2⤵
  PID:5816
- C:\Windows\System\VTvFwsr.exe
  C:\Windows\System\VTvFwsr.exe
  2⤵
  PID:5864
- C:\Windows\System\pjgIFZg.exe
  C:\Windows\System\pjgIFZg.exe
  2⤵
  PID:5880
- C:\Windows\System\ewvgwCe.exe
  C:\Windows\System\ewvgwCe.exe
  2⤵
  PID:5928
- C:\Windows\System\YkYBFXd.exe
  C:\Windows\System\YkYBFXd.exe
  2⤵
  PID:5960
- C:\Windows\System\kLvNBbS.exe
  C:\Windows\System\kLvNBbS.exe
  2⤵
  PID:5992
- C:\Windows\System\DwFICaj.exe
  C:\Windows\System\DwFICaj.exe
  2⤵
  PID:6024
- C:\Windows\System\upOxipz.exe
  C:\Windows\System\upOxipz.exe
  2⤵
  PID:6040
- C:\Windows\System\uBvykiS.exe
  C:\Windows\System\uBvykiS.exe
  2⤵
  PID:6072
- C:\Windows\System\dBWuqnO.exe
  C:\Windows\System\dBWuqnO.exe
  2⤵
  PID:6124
- C:\Windows\System\YqiJXAk.exe
  C:\Windows\System\YqiJXAk.exe
  2⤵
  PID:4764
- C:\Windows\System\shwkphh.exe
  C:\Windows\System\shwkphh.exe
  2⤵
  PID:4996
- C:\Windows\System\lvzLxWV.exe
  C:\Windows\System\lvzLxWV.exe
  2⤵
  PID:4908
- C:\Windows\System\fdBbIeP.exe
  C:\Windows\System\fdBbIeP.exe
  2⤵
  PID:1352
- C:\Windows\System\RVbpGtL.exe
  C:\Windows\System\RVbpGtL.exe
  2⤵
  PID:4172
- C:\Windows\System\VShJafN.exe
  C:\Windows\System\VShJafN.exe
  2⤵
  PID:4416
- C:\Windows\System\vUmwcLy.exe
  C:\Windows\System\vUmwcLy.exe
  2⤵
  PID:4492
- C:\Windows\System\KQpumpf.exe
  C:\Windows\System\KQpumpf.exe
  2⤵
  PID:4560
- C:\Windows\System\RLeRaIA.exe
  C:\Windows\System\RLeRaIA.exe
  2⤵
  PID:5256
- C:\Windows\System\UZtPMWX.exe
  C:\Windows\System\UZtPMWX.exe
  2⤵
  PID:5304
- C:\Windows\System\mWGoAyV.exe
  C:\Windows\System\mWGoAyV.exe
  2⤵
  PID:5272
- C:\Windows\System\vqrByST.exe
  C:\Windows\System\vqrByST.exe
  2⤵
  PID:5380
- C:\Windows\System\SKzMybX.exe
  C:\Windows\System\SKzMybX.exe
  2⤵
  PID:5416
- C:\Windows\System\DedTMvw.exe
  C:\Windows\System\DedTMvw.exe
  2⤵
  PID:5464
- C:\Windows\System\MtvEyHc.exe
  C:\Windows\System\MtvEyHc.exe
  2⤵
  PID:5576
- C:\Windows\System\kvpQEyN.exe
  C:\Windows\System\kvpQEyN.exe
  2⤵
  PID:5588
- C:\Windows\System\jndtuzV.exe
  C:\Windows\System\jndtuzV.exe
  2⤵
  PID:5656
- C:\Windows\System\ZDxhYKb.exe
  C:\Windows\System\ZDxhYKb.exe
  2⤵
  PID:6152
- C:\Windows\System\Ixwrbru.exe
  C:\Windows\System\Ixwrbru.exe
  2⤵
  PID:6168
- C:\Windows\System\QMGYVLg.exe
  C:\Windows\System\QMGYVLg.exe
  2⤵
  PID:6184
- C:\Windows\System\zrjDmGC.exe
  C:\Windows\System\zrjDmGC.exe
  2⤵
  PID:6200
- C:\Windows\System\OTyiNOI.exe
  C:\Windows\System\OTyiNOI.exe
  2⤵
  PID:6216
- C:\Windows\System\KlvQIBo.exe
  C:\Windows\System\KlvQIBo.exe
  2⤵
  PID:6232
- C:\Windows\System\GycldKN.exe
  C:\Windows\System\GycldKN.exe
  2⤵
  PID:6248
- C:\Windows\System\UlLaSyy.exe
  C:\Windows\System\UlLaSyy.exe
  2⤵
  PID:6264
- C:\Windows\System\bCGBnRl.exe
  C:\Windows\System\bCGBnRl.exe
  2⤵
  PID:6280
- C:\Windows\System\RrGkXWZ.exe
  C:\Windows\System\RrGkXWZ.exe
  2⤵
  PID:6296
- C:\Windows\System\CYgQEPT.exe
  C:\Windows\System\CYgQEPT.exe
  2⤵
  PID:6312
- C:\Windows\System\DksEsCv.exe
  C:\Windows\System\DksEsCv.exe
  2⤵
  PID:6328
- C:\Windows\System\joeIYEZ.exe
  C:\Windows\System\joeIYEZ.exe
  2⤵
  PID:6344
- C:\Windows\System\gvnIaZP.exe
  C:\Windows\System\gvnIaZP.exe
  2⤵
  PID:6360
- C:\Windows\System\PODGCyw.exe
  C:\Windows\System\PODGCyw.exe
  2⤵
  PID:6376
- C:\Windows\System\rHUWUPe.exe
  C:\Windows\System\rHUWUPe.exe
  2⤵
  PID:6392
- C:\Windows\System\VfrcqYL.exe
  C:\Windows\System\VfrcqYL.exe
  2⤵
  PID:6408
- C:\Windows\System\XRvopEN.exe
  C:\Windows\System\XRvopEN.exe
  2⤵
  PID:6424
- C:\Windows\System\gQncPrO.exe
  C:\Windows\System\gQncPrO.exe
  2⤵
  PID:6440
- C:\Windows\System\jZFKBXA.exe
  C:\Windows\System\jZFKBXA.exe
  2⤵
  PID:6456
- C:\Windows\System\ERSIezu.exe
  C:\Windows\System\ERSIezu.exe
  2⤵
  PID:6472
- C:\Windows\System\DaHriwp.exe
  C:\Windows\System\DaHriwp.exe
  2⤵
  PID:6488
- C:\Windows\System\dGxJmWn.exe
  C:\Windows\System\dGxJmWn.exe
  2⤵
  PID:6504
- C:\Windows\System\CkyIgcu.exe
  C:\Windows\System\CkyIgcu.exe
  2⤵
  PID:6520
- C:\Windows\System\mYTXMcn.exe
  C:\Windows\System\mYTXMcn.exe
  2⤵
  PID:6536
- C:\Windows\System\ynfvyby.exe
  C:\Windows\System\ynfvyby.exe
  2⤵
  PID:6552
- C:\Windows\System\WAGOXbP.exe
  C:\Windows\System\WAGOXbP.exe
  2⤵
  PID:6568
- C:\Windows\System\xRXDQOR.exe
  C:\Windows\System\xRXDQOR.exe
  2⤵
  PID:6584
- C:\Windows\System\hHThYPS.exe
  C:\Windows\System\hHThYPS.exe
  2⤵
  PID:6600
- C:\Windows\System\kTunzmz.exe
  C:\Windows\System\kTunzmz.exe
  2⤵
  PID:6616
- C:\Windows\System\nlCzqcR.exe
  C:\Windows\System\nlCzqcR.exe
  2⤵
  PID:6632
- C:\Windows\System\LZrzEnH.exe
  C:\Windows\System\LZrzEnH.exe
  2⤵
  PID:6648
- C:\Windows\System\pmuxRRE.exe
  C:\Windows\System\pmuxRRE.exe
  2⤵
  PID:6664
- C:\Windows\System\wxhzVvx.exe
  C:\Windows\System\wxhzVvx.exe
  2⤵
  PID:6684
- C:\Windows\System\kvrkPPT.exe
  C:\Windows\System\kvrkPPT.exe
  2⤵
  PID:6700
- C:\Windows\System\KqfjKvT.exe
  C:\Windows\System\KqfjKvT.exe
  2⤵
  PID:6716
- C:\Windows\System\MLVfINd.exe
  C:\Windows\System\MLVfINd.exe
  2⤵
  PID:6732
- C:\Windows\System\FWVyGRl.exe
  C:\Windows\System\FWVyGRl.exe
  2⤵
  PID:6748
- C:\Windows\System\ChHJdcG.exe
  C:\Windows\System\ChHJdcG.exe
  2⤵
  PID:6764
- C:\Windows\System\dBeMqAa.exe
  C:\Windows\System\dBeMqAa.exe
  2⤵
  PID:6780
- C:\Windows\System\PzQlKEe.exe
  C:\Windows\System\PzQlKEe.exe
  2⤵
  PID:6796
- C:\Windows\System\qbWKxZQ.exe
  C:\Windows\System\qbWKxZQ.exe
  2⤵
  PID:6812
- C:\Windows\System\YvGGVDO.exe
  C:\Windows\System\YvGGVDO.exe
  2⤵
  PID:6828
- C:\Windows\System\IJbRYoL.exe
  C:\Windows\System\IJbRYoL.exe
  2⤵
  PID:6844
- C:\Windows\System\oYuGbKg.exe
  C:\Windows\System\oYuGbKg.exe
  2⤵
  PID:6860
- C:\Windows\System\vcmASOS.exe
  C:\Windows\System\vcmASOS.exe
  2⤵
  PID:6876
- C:\Windows\System\WnukAqM.exe
  C:\Windows\System\WnukAqM.exe
  2⤵
  PID:6892
- C:\Windows\System\EBaeTyZ.exe
  C:\Windows\System\EBaeTyZ.exe
  2⤵
  PID:6908
- C:\Windows\System\GPeJNUx.exe
  C:\Windows\System\GPeJNUx.exe
  2⤵
  PID:6924
- C:\Windows\System\PkzvajY.exe
  C:\Windows\System\PkzvajY.exe
  2⤵
  PID:6940
- C:\Windows\System\BmwUrOV.exe
  C:\Windows\System\BmwUrOV.exe
  2⤵
  PID:6956
- C:\Windows\System\FmZXQqY.exe
  C:\Windows\System\FmZXQqY.exe
  2⤵
  PID:6972
- C:\Windows\System\BzFghnU.exe
  C:\Windows\System\BzFghnU.exe
  2⤵
  PID:6988
- C:\Windows\System\tNWioBy.exe
  C:\Windows\System\tNWioBy.exe
  2⤵
  PID:7004
- C:\Windows\System\IaylWfI.exe
  C:\Windows\System\IaylWfI.exe
  2⤵
  PID:7020
- C:\Windows\System\TidxPez.exe
  C:\Windows\System\TidxPez.exe
  2⤵
  PID:7036
- C:\Windows\System\tfxSbJI.exe
  C:\Windows\System\tfxSbJI.exe
  2⤵
  PID:7052
- C:\Windows\System\teddSEE.exe
  C:\Windows\System\teddSEE.exe
  2⤵
  PID:7068
- C:\Windows\System\EJGhPty.exe
  C:\Windows\System\EJGhPty.exe
  2⤵
  PID:7084
- C:\Windows\System\jJAxMpa.exe
  C:\Windows\System\jJAxMpa.exe
  2⤵
  PID:7100
- C:\Windows\System\PzbMPuf.exe
  C:\Windows\System\PzbMPuf.exe
  2⤵
  PID:7120
- C:\Windows\System\bsrSjau.exe
  C:\Windows\System\bsrSjau.exe
  2⤵
  PID:7136
- C:\Windows\System\aUFKLrL.exe
  C:\Windows\System\aUFKLrL.exe
  2⤵
  PID:7152
- C:\Windows\System\DHwoqxz.exe
  C:\Windows\System\DHwoqxz.exe
  2⤵
  PID:5828
- C:\Windows\System\wRcAWow.exe
  C:\Windows\System\wRcAWow.exe
  2⤵
  PID:5832
- C:\Windows\System\IRRUDBb.exe
  C:\Windows\System\IRRUDBb.exe
  2⤵
  PID:5848
- C:\Windows\System\NgMXvps.exe
  C:\Windows\System\NgMXvps.exe
  2⤵
  PID:5944
- C:\Windows\System\mhrADWG.exe
  C:\Windows\System\mhrADWG.exe
  2⤵
  PID:6008
- C:\Windows\System\lgjyzEN.exe
  C:\Windows\System\lgjyzEN.exe
  2⤵
  PID:6092
- C:\Windows\System\UPeSMzv.exe
  C:\Windows\System\UPeSMzv.exe
  2⤵
  PID:6108
- C:\Windows\System\slXUQwd.exe
  C:\Windows\System\slXUQwd.exe
  2⤵
  PID:4752
- C:\Windows\System\UIjTXCP.exe
  C:\Windows\System\UIjTXCP.exe
  2⤵
  PID:5072
- C:\Windows\System\uxEqBnH.exe
  C:\Windows\System\uxEqBnH.exe
  2⤵
  PID:6076
- C:\Windows\System\TqurEaj.exe
  C:\Windows\System\TqurEaj.exe
  2⤵
  PID:5124
- C:\Windows\System\EChkfCY.exe
  C:\Windows\System\EChkfCY.exe
  2⤵
  PID:5268
- C:\Windows\System\teVfsfH.exe
  C:\Windows\System\teVfsfH.exe
  2⤵
  PID:5368
- C:\Windows\System\rZWoslg.exe
  C:\Windows\System\rZWoslg.exe
  2⤵
  PID:2808
- C:\Windows\System\vwPvsSu.exe
  C:\Windows\System\vwPvsSu.exe
  2⤵
  PID:5608
- C:\Windows\System\TwozEJU.exe
  C:\Windows\System\TwozEJU.exe
  2⤵
  PID:6160
- C:\Windows\System\BRkBrph.exe
  C:\Windows\System\BRkBrph.exe
  2⤵
  PID:6164
- C:\Windows\System\oSBvcGD.exe
  C:\Windows\System\oSBvcGD.exe
  2⤵
  PID:6196
- C:\Windows\System\XFXXMNd.exe
  C:\Windows\System\XFXXMNd.exe
  2⤵
  PID:6212
- C:\Windows\System\jlNKvBz.exe
  C:\Windows\System\jlNKvBz.exe
  2⤵
  PID:6260
- C:\Windows\System\veUUrdA.exe
  C:\Windows\System\veUUrdA.exe
  2⤵
  PID:6276
- C:\Windows\System\vTcAWgA.exe
  C:\Windows\System\vTcAWgA.exe
  2⤵
  PID:6304
- C:\Windows\System\WgDLxsx.exe
  C:\Windows\System\WgDLxsx.exe
  2⤵
  PID:6340
- C:\Windows\System\AqlJnmA.exe
  C:\Windows\System\AqlJnmA.exe
  2⤵
  PID:6388
- C:\Windows\System\PlPprbE.exe
  C:\Windows\System\PlPprbE.exe
  2⤵
  PID:6420
- C:\Windows\System\aCluPoh.exe
  C:\Windows\System\aCluPoh.exe
  2⤵
  PID:6436
- C:\Windows\System\RTnhgCQ.exe
  C:\Windows\System\RTnhgCQ.exe
  2⤵
  PID:6484
- C:\Windows\System\oqBletc.exe
  C:\Windows\System\oqBletc.exe
  2⤵
  PID:6500
- C:\Windows\System\GmPyDHJ.exe
  C:\Windows\System\GmPyDHJ.exe
  2⤵
  PID:6532
- C:\Windows\System\TOolyRW.exe
  C:\Windows\System\TOolyRW.exe
  2⤵
  PID:6564
- C:\Windows\System\RKocYrY.exe
  C:\Windows\System\RKocYrY.exe
  2⤵
  PID:6612
- C:\Windows\System\rJKGMpJ.exe
  C:\Windows\System\rJKGMpJ.exe
  2⤵
  PID:6644
- C:\Windows\System\VXPFwAh.exe
  C:\Windows\System\VXPFwAh.exe
  2⤵
  PID:6676
- C:\Windows\System\OgZehKe.exe
  C:\Windows\System\OgZehKe.exe
  2⤵
  PID:6696
- C:\Windows\System\qkXzrwz.exe
  C:\Windows\System\qkXzrwz.exe
  2⤵
  PID:6728
- C:\Windows\System\FjDXCXf.exe
  C:\Windows\System\FjDXCXf.exe
  2⤵
  PID:6760
- C:\Windows\System\wPDwrsi.exe
  C:\Windows\System\wPDwrsi.exe
  2⤵
  PID:2812
- C:\Windows\System\SQVkTph.exe
  C:\Windows\System\SQVkTph.exe
  2⤵
  PID:6824
- C:\Windows\System\HCEmAOJ.exe
  C:\Windows\System\HCEmAOJ.exe
  2⤵
  PID:6856
- C:\Windows\System\wWVZTIv.exe
  C:\Windows\System\wWVZTIv.exe
  2⤵
  PID:6884
- C:\Windows\System\phFrwVr.exe
  C:\Windows\System\phFrwVr.exe
  2⤵
  PID:6916
- C:\Windows\System\xRTPUXb.exe
  C:\Windows\System\xRTPUXb.exe
  2⤵
  PID:6932
- C:\Windows\System\HmBSTiR.exe
  C:\Windows\System\HmBSTiR.exe
  2⤵
  PID:6952
- C:\Windows\System\EHTNHlw.exe
  C:\Windows\System\EHTNHlw.exe
  2⤵
  PID:2700
- C:\Windows\System\mOcGVHj.exe
  C:\Windows\System\mOcGVHj.exe
  2⤵
  PID:7012
- C:\Windows\System\abPNCDA.exe
  C:\Windows\System\abPNCDA.exe
  2⤵
  PID:7044
- C:\Windows\System\VdAbUIf.exe
  C:\Windows\System\VdAbUIf.exe
  2⤵
  PID:7076
- C:\Windows\System\RQYFaWq.exe
  C:\Windows\System\RQYFaWq.exe
  2⤵
  PID:7108
- C:\Windows\System\HeGIJgV.exe
  C:\Windows\System\HeGIJgV.exe
  2⤵
  PID:7144
- C:\Windows\System\CrjaxVZ.exe
  C:\Windows\System\CrjaxVZ.exe
  2⤵
  PID:5736
- C:\Windows\System\EIQisfO.exe
  C:\Windows\System\EIQisfO.exe
  2⤵
  PID:5908
- C:\Windows\System\oMVrHCp.exe
  C:\Windows\System\oMVrHCp.exe
  2⤵
  PID:4432
- C:\Windows\System\cnlyaxr.exe
  C:\Windows\System\cnlyaxr.exe
  2⤵
  PID:4860
- C:\Windows\System\cFhkBSB.exe
  C:\Windows\System\cFhkBSB.exe
  2⤵
  PID:2896
- C:\Windows\System\lgyTEYj.exe
  C:\Windows\System\lgyTEYj.exe
  2⤵
  PID:4476
- C:\Windows\System\MjpHNid.exe
  C:\Windows\System\MjpHNid.exe
  2⤵
  PID:4636
- C:\Windows\System\sHMvXII.exe
  C:\Windows\System\sHMvXII.exe
  2⤵
  PID:5348
- C:\Windows\System\oQRkliY.exe
  C:\Windows\System\oQRkliY.exe
  2⤵
  PID:6148
- C:\Windows\System\HfLRhxe.exe
  C:\Windows\System\HfLRhxe.exe
  2⤵
  PID:6224
- C:\Windows\System\XqyqhKk.exe
  C:\Windows\System\XqyqhKk.exe
  2⤵
  PID:6240
- C:\Windows\System\QfDaVQa.exe
  C:\Windows\System\QfDaVQa.exe
  2⤵
  PID:6356
- C:\Windows\System\aAgDsLw.exe
  C:\Windows\System\aAgDsLw.exe
  2⤵
  PID:6368
- C:\Windows\System\LaDDQbB.exe
  C:\Windows\System\LaDDQbB.exe
  2⤵
  PID:6464
- C:\Windows\System\gULhugO.exe
  C:\Windows\System\gULhugO.exe
  2⤵
  PID:6528
- C:\Windows\System\inPJZdv.exe
  C:\Windows\System\inPJZdv.exe
  2⤵
  PID:6608
- C:\Windows\System\qNiHUDW.exe
  C:\Windows\System\qNiHUDW.exe
  2⤵
  PID:6640
- C:\Windows\System\HOrnPSW.exe
  C:\Windows\System\HOrnPSW.exe
  2⤵
  PID:6708
- C:\Windows\System\uZHInWf.exe
  C:\Windows\System\uZHInWf.exe
  2⤵
  PID:2672
- C:\Windows\System\DOVaQEq.exe
  C:\Windows\System\DOVaQEq.exe
  2⤵
  PID:6756
- C:\Windows\System\TFVlbYB.exe
  C:\Windows\System\TFVlbYB.exe
  2⤵
  PID:6820
- C:\Windows\System\TEsjUCi.exe
  C:\Windows\System\TEsjUCi.exe
  2⤵
  PID:6872
- C:\Windows\System\jodiksy.exe
  C:\Windows\System\jodiksy.exe
  2⤵
  PID:6920
- C:\Windows\System\AoRnKVz.exe
  C:\Windows\System\AoRnKVz.exe
  2⤵
  PID:6980
- C:\Windows\System\frxgPrq.exe
  C:\Windows\System\frxgPrq.exe
  2⤵
  PID:7032
- C:\Windows\System\oOHQfxw.exe
  C:\Windows\System\oOHQfxw.exe
  2⤵
  PID:7096
- C:\Windows\System\tleGMAU.exe
  C:\Windows\System\tleGMAU.exe
  2⤵
  PID:5860
- C:\Windows\System\sYJDrYE.exe
  C:\Windows\System\sYJDrYE.exe
  2⤵
  PID:7176
- C:\Windows\System\CKbRVuJ.exe
  C:\Windows\System\CKbRVuJ.exe
  2⤵
  PID:7192
- C:\Windows\System\klKFiIN.exe
  C:\Windows\System\klKFiIN.exe
  2⤵
  PID:7208
- C:\Windows\System\AtgVxuN.exe
  C:\Windows\System\AtgVxuN.exe
  2⤵
  PID:7224
- C:\Windows\System\DoYTgzC.exe
  C:\Windows\System\DoYTgzC.exe
  2⤵
  PID:7240
- C:\Windows\System\NEWuGxA.exe
  C:\Windows\System\NEWuGxA.exe
  2⤵
  PID:7256
- C:\Windows\System\OPowywc.exe
  C:\Windows\System\OPowywc.exe
  2⤵
  PID:7272
- C:\Windows\System\lYobsJf.exe
  C:\Windows\System\lYobsJf.exe
  2⤵
  PID:7288
- C:\Windows\System\IyZDloR.exe
  C:\Windows\System\IyZDloR.exe
  2⤵
  PID:7304
- C:\Windows\System\TBmFDJc.exe
  C:\Windows\System\TBmFDJc.exe
  2⤵
  PID:7320
- C:\Windows\System\HFCvLuO.exe
  C:\Windows\System\HFCvLuO.exe
  2⤵
  PID:7336
- C:\Windows\System\UkkCIsO.exe
  C:\Windows\System\UkkCIsO.exe
  2⤵
  PID:7352
- C:\Windows\System\gioYvqV.exe
  C:\Windows\System\gioYvqV.exe
  2⤵
  PID:7368
- C:\Windows\System\fXVRVCJ.exe
  C:\Windows\System\fXVRVCJ.exe
  2⤵
  PID:7384
- C:\Windows\System\DwsBpdS.exe
  C:\Windows\System\DwsBpdS.exe
  2⤵
  PID:7400
- C:\Windows\System\WKpdreP.exe
  C:\Windows\System\WKpdreP.exe
  2⤵
  PID:7416
- C:\Windows\System\JRNVutt.exe
  C:\Windows\System\JRNVutt.exe
  2⤵
  PID:7432
- C:\Windows\System\xmKTKbV.exe
  C:\Windows\System\xmKTKbV.exe
  2⤵
  PID:7452
- C:\Windows\System\VvwukYx.exe
  C:\Windows\System\VvwukYx.exe
  2⤵
  PID:7468
- C:\Windows\System\ZVqZvrp.exe
  C:\Windows\System\ZVqZvrp.exe
  2⤵
  PID:7484
- C:\Windows\System\qPCaVgv.exe
  C:\Windows\System\qPCaVgv.exe
  2⤵
  PID:7500
- C:\Windows\System\suuyhnM.exe
  C:\Windows\System\suuyhnM.exe
  2⤵
  PID:7516
- C:\Windows\System\nANULJg.exe
  C:\Windows\System\nANULJg.exe
  2⤵
  PID:7532
- C:\Windows\System\GhMJqix.exe
  C:\Windows\System\GhMJqix.exe
  2⤵
  PID:7548
- C:\Windows\System\nozOHGw.exe
  C:\Windows\System\nozOHGw.exe
  2⤵
  PID:7564
- C:\Windows\System\UClDoHt.exe
  C:\Windows\System\UClDoHt.exe
  2⤵
  PID:7580
- C:\Windows\System\nRFCyEV.exe
  C:\Windows\System\nRFCyEV.exe
  2⤵
  PID:7596
- C:\Windows\System\AnXCzas.exe
  C:\Windows\System\AnXCzas.exe
  2⤵
  PID:7612
- C:\Windows\System\RplvzaC.exe
  C:\Windows\System\RplvzaC.exe
  2⤵
  PID:7628
- C:\Windows\System\UipFSQE.exe
  C:\Windows\System\UipFSQE.exe
  2⤵
  PID:7644
- C:\Windows\System\sHMoHDC.exe
  C:\Windows\System\sHMoHDC.exe
  2⤵
  PID:7660
- C:\Windows\System\opEuvXh.exe
  C:\Windows\System\opEuvXh.exe
  2⤵
  PID:7676
- C:\Windows\System\KtfkiPM.exe
  C:\Windows\System\KtfkiPM.exe
  2⤵
  PID:7692
- C:\Windows\System\IXYxqPW.exe
  C:\Windows\System\IXYxqPW.exe
  2⤵
  PID:7708
- C:\Windows\System\IVQGOvI.exe
  C:\Windows\System\IVQGOvI.exe
  2⤵
  PID:7728
- C:\Windows\System\NJhDLsN.exe
  C:\Windows\System\NJhDLsN.exe
  2⤵
  PID:7744
- C:\Windows\System\nbPpxVA.exe
  C:\Windows\System\nbPpxVA.exe
  2⤵
  PID:7760
- C:\Windows\System\cvbDgvG.exe
  C:\Windows\System\cvbDgvG.exe
  2⤵
  PID:7776
- C:\Windows\System\VcxGEqG.exe
  C:\Windows\System\VcxGEqG.exe
  2⤵
  PID:7792
- C:\Windows\System\RjqdtsN.exe
  C:\Windows\System\RjqdtsN.exe
  2⤵
  PID:7808
- C:\Windows\System\IacUPEi.exe
  C:\Windows\System\IacUPEi.exe
  2⤵
  PID:7824
- C:\Windows\System\TQdzrYZ.exe
  C:\Windows\System\TQdzrYZ.exe
  2⤵
  PID:7840
- C:\Windows\System\njsNEIQ.exe
  C:\Windows\System\njsNEIQ.exe
  2⤵
  PID:7856
- C:\Windows\System\VsLyEGb.exe
  C:\Windows\System\VsLyEGb.exe
  2⤵
  PID:7872
- C:\Windows\System\otMsYwQ.exe
  C:\Windows\System\otMsYwQ.exe
  2⤵
  PID:7888
- C:\Windows\System\oJWbcwW.exe
  C:\Windows\System\oJWbcwW.exe
  2⤵
  PID:7904
- C:\Windows\System\NJfCeFD.exe
  C:\Windows\System\NJfCeFD.exe
  2⤵
  PID:7920
- C:\Windows\System\vIqKdXl.exe
  C:\Windows\System\vIqKdXl.exe
  2⤵
  PID:7936
- C:\Windows\System\gQJgeZS.exe
  C:\Windows\System\gQJgeZS.exe
  2⤵
  PID:7952
- C:\Windows\System\SDDpXsE.exe
  C:\Windows\System\SDDpXsE.exe
  2⤵
  PID:7968
- C:\Windows\System\JDxxohQ.exe
  C:\Windows\System\JDxxohQ.exe
  2⤵
  PID:7984
- C:\Windows\System\VgnAcLk.exe
  C:\Windows\System\VgnAcLk.exe
  2⤵
  PID:8000
- C:\Windows\System\tVPQpxx.exe
  C:\Windows\System\tVPQpxx.exe
  2⤵
  PID:8016
- C:\Windows\System\lknChLk.exe
  C:\Windows\System\lknChLk.exe
  2⤵
  PID:8032
- C:\Windows\System\GppweSQ.exe
  C:\Windows\System\GppweSQ.exe
  2⤵
  PID:8048
- C:\Windows\System\vwCTEal.exe
  C:\Windows\System\vwCTEal.exe
  2⤵
  PID:8064
- C:\Windows\System\VeVMUTM.exe
  C:\Windows\System\VeVMUTM.exe
  2⤵
  PID:8080
- C:\Windows\System\tYgpxUI.exe
  C:\Windows\System\tYgpxUI.exe
  2⤵
  PID:8096
- C:\Windows\System\skNhIyD.exe
  C:\Windows\System\skNhIyD.exe
  2⤵
  PID:8112
- C:\Windows\System\YuKtukL.exe
  C:\Windows\System\YuKtukL.exe
  2⤵
  PID:8128
- C:\Windows\System\fhWEvUy.exe
  C:\Windows\System\fhWEvUy.exe
  2⤵
  PID:8144
- C:\Windows\System\BQJmcwG.exe
  C:\Windows\System\BQJmcwG.exe
  2⤵
  PID:8160
- C:\Windows\System\kEQTDHP.exe
  C:\Windows\System\kEQTDHP.exe
  2⤵
  PID:8176
- C:\Windows\System\zSzaGiK.exe
  C:\Windows\System\zSzaGiK.exe
  2⤵
  PID:6088
- C:\Windows\System\dNwSqzp.exe
  C:\Windows\System\dNwSqzp.exe
  2⤵
  PID:1812
- C:\Windows\System\alBtQdd.exe
  C:\Windows\System\alBtQdd.exe
  2⤵
  PID:5544
- C:\Windows\System\yNIYjYY.exe
  C:\Windows\System\yNIYjYY.exe
  2⤵
  PID:5624
- C:\Windows\System\XFqrugy.exe
  C:\Windows\System\XFqrugy.exe
  2⤵
  PID:6272
- C:\Windows\System\gkyqSvD.exe
  C:\Windows\System\gkyqSvD.exe
  2⤵
  PID:6404
- C:\Windows\System\DNtpcyR.exe
  C:\Windows\System\DNtpcyR.exe
  2⤵
  PID:6516
- C:\Windows\System\VidgxzN.exe
  C:\Windows\System\VidgxzN.exe
  2⤵
  PID:6660
- C:\Windows\System\KjPFXaG.exe
  C:\Windows\System\KjPFXaG.exe
  2⤵
  PID:6712
- C:\Windows\System\bBKGuwK.exe
  C:\Windows\System\bBKGuwK.exe
  2⤵
  PID:6840
- C:\Windows\System\SdZROAz.exe
  C:\Windows\System\SdZROAz.exe
  2⤵
  PID:3000
- C:\Windows\System\xtDzgto.exe
  C:\Windows\System\xtDzgto.exe
  2⤵
  PID:7048
- C:\Windows\System\TWJiAmB.exe
  C:\Windows\System\TWJiAmB.exe
  2⤵
  PID:5956
- C:\Windows\System\AkOVZRE.exe
  C:\Windows\System\AkOVZRE.exe
  2⤵
  PID:7200
- C:\Windows\System\WqsnYwA.exe
  C:\Windows\System\WqsnYwA.exe
  2⤵
  PID:7236
- C:\Windows\System\wLiQaXG.exe
  C:\Windows\System\wLiQaXG.exe
  2⤵
  PID:7268
- C:\Windows\System\DeOQaWh.exe
  C:\Windows\System\DeOQaWh.exe
  2⤵
  PID:7300
- C:\Windows\System\NUDtpYx.exe
  C:\Windows\System\NUDtpYx.exe
  2⤵
  PID:7316
- C:\Windows\System\endorTa.exe
  C:\Windows\System\endorTa.exe
  2⤵
  PID:2104
- C:\Windows\System\OAscNbr.exe
  C:\Windows\System\OAscNbr.exe
  2⤵
  PID:2060
- C:\Windows\System\EMvjkGT.exe
  C:\Windows\System\EMvjkGT.exe
  2⤵
  PID:7396
- C:\Windows\System\DHfYQfC.exe
  C:\Windows\System\DHfYQfC.exe
  2⤵
  PID:7428
- C:\Windows\System\gXOosai.exe
  C:\Windows\System\gXOosai.exe
  2⤵
  PID:7464
- C:\Windows\System\QBjFwMb.exe
  C:\Windows\System\QBjFwMb.exe
  2⤵
  PID:7496
- C:\Windows\System\iElFYgq.exe
  C:\Windows\System\iElFYgq.exe
  2⤵
  PID:7524
- C:\Windows\System\MsxMjGI.exe
  C:\Windows\System\MsxMjGI.exe
  2⤵
  PID:7540
- C:\Windows\System\qNKNKhn.exe
  C:\Windows\System\qNKNKhn.exe
  2⤵
  PID:7556
- C:\Windows\System\xGluvDh.exe
  C:\Windows\System\xGluvDh.exe
  2⤵
  PID:7588
- C:\Windows\System\uqLXwdh.exe
  C:\Windows\System\uqLXwdh.exe
  2⤵
  PID:7620
- C:\Windows\System\cbpWcWo.exe
  C:\Windows\System\cbpWcWo.exe
  2⤵
  PID:7640
- C:\Windows\System\GTyfalC.exe
  C:\Windows\System\GTyfalC.exe
  2⤵
  PID:3016
- C:\Windows\System\tpsIIes.exe
  C:\Windows\System\tpsIIes.exe
  2⤵
  PID:7688
- C:\Windows\System\vQCFEoM.exe
  C:\Windows\System\vQCFEoM.exe
  2⤵
  PID:3032
- C:\Windows\System\cgJVPIW.exe
  C:\Windows\System\cgJVPIW.exe
  2⤵
  PID:7736
- C:\Windows\System\JBWosTn.exe
  C:\Windows\System\JBWosTn.exe
  2⤵
  PID:7756
- C:\Windows\System\OxzcLPy.exe
  C:\Windows\System\OxzcLPy.exe
  2⤵
  PID:2764
- C:\Windows\System\iZUpIKk.exe
  C:\Windows\System\iZUpIKk.exe
  2⤵
  PID:7804
- C:\Windows\System\KyEMKBO.exe
  C:\Windows\System\KyEMKBO.exe
  2⤵
  PID:7832
- C:\Windows\System\PdqQcKw.exe
  C:\Windows\System\PdqQcKw.exe
  2⤵
  PID:7864
- C:\Windows\System\eFqFWwd.exe
  C:\Windows\System\eFqFWwd.exe
  2⤵
  PID:7896
- C:\Windows\System\fQPZpuW.exe
  C:\Windows\System\fQPZpuW.exe
  2⤵
  PID:7916
- C:\Windows\System\FJajgZB.exe
  C:\Windows\System\FJajgZB.exe
  2⤵
  PID:7948
- C:\Windows\System\qpiYfRw.exe
  C:\Windows\System\qpiYfRw.exe
  2⤵
  PID:7980
- C:\Windows\System\mowLQhy.exe
  C:\Windows\System\mowLQhy.exe
  2⤵
  PID:8012
- C:\Windows\System\gvDEykW.exe
  C:\Windows\System\gvDEykW.exe
  2⤵
  PID:8044
- C:\Windows\System\AwQemAH.exe
  C:\Windows\System\AwQemAH.exe
  2⤵
  PID:8076
- C:\Windows\System\hwfiheE.exe
  C:\Windows\System\hwfiheE.exe
  2⤵
  PID:8092
- C:\Windows\System\KYLWVNz.exe
  C:\Windows\System\KYLWVNz.exe
  2⤵
  PID:8140
- C:\Windows\System\WIvDfHU.exe
  C:\Windows\System\WIvDfHU.exe
  2⤵
  PID:8172
- C:\Windows\System\dVmxjCr.exe
  C:\Windows\System\dVmxjCr.exe
  2⤵
  PID:5116
- C:\Windows\System\VDmoXET.exe
  C:\Windows\System\VDmoXET.exe
  2⤵
  PID:6208
- C:\Windows\System\BjBzFQQ.exe
  C:\Windows\System\BjBzFQQ.exe
  2⤵
  PID:6432
- C:\Windows\System\PWeblyk.exe
  C:\Windows\System\PWeblyk.exe
  2⤵
  PID:6744
- C:\Windows\System\EUUtCAC.exe
  C:\Windows\System\EUUtCAC.exe
  2⤵
  PID:7016
- C:\Windows\System\uPqlSIr.exe
  C:\Windows\System\uPqlSIr.exe
  2⤵
  PID:5780
- C:\Windows\System\hYUXmJJ.exe
  C:\Windows\System\hYUXmJJ.exe
  2⤵
  PID:7220
- C:\Windows\System\jPGwvWx.exe
  C:\Windows\System\jPGwvWx.exe
  2⤵
  PID:2380
- C:\Windows\System\BSluAjZ.exe
  C:\Windows\System\BSluAjZ.exe
  2⤵
  PID:888
- C:\Windows\System\vzELsgp.exe
  C:\Windows\System\vzELsgp.exe
  2⤵
  PID:7412
- C:\Windows\System\XgkTIYE.exe
  C:\Windows\System\XgkTIYE.exe
  2⤵
  PID:7424
- C:\Windows\System\zDlfxSZ.exe
  C:\Windows\System\zDlfxSZ.exe
  2⤵
  PID:7480
- C:\Windows\System\PzxgddH.exe
  C:\Windows\System\PzxgddH.exe
  2⤵
  PID:2744
- C:\Windows\System\lofwFqa.exe
  C:\Windows\System\lofwFqa.exe
  2⤵
  PID:7576
- C:\Windows\System\JibIVQp.exe
  C:\Windows\System\JibIVQp.exe
  2⤵
  PID:7636
- C:\Windows\System\YbRoKWD.exe
  C:\Windows\System\YbRoKWD.exe
  2⤵
  PID:7684
- C:\Windows\System\IFZqNTf.exe
  C:\Windows\System\IFZqNTf.exe
  2⤵
  PID:2960
- C:\Windows\System\wpDHpAz.exe
  C:\Windows\System\wpDHpAz.exe
  2⤵
  PID:7784
- C:\Windows\System\SUUzoQZ.exe
  C:\Windows\System\SUUzoQZ.exe
  2⤵
  PID:7820
- C:\Windows\System\zYflLuI.exe
  C:\Windows\System\zYflLuI.exe
  2⤵
  PID:2364
- C:\Windows\System\ZBTUWjV.exe
  C:\Windows\System\ZBTUWjV.exe
  2⤵
  PID:7976
- C:\Windows\System\vZCINnv.exe
  C:\Windows\System\vZCINnv.exe
  2⤵
  PID:8028
- C:\Windows\System\AGXVBNu.exe
  C:\Windows\System\AGXVBNu.exe
  2⤵
  PID:8108
- C:\Windows\System\ncXaXxf.exe
  C:\Windows\System\ncXaXxf.exe
  2⤵
  PID:6120
- C:\Windows\System\vTwhHRU.exe
  C:\Windows\System\vTwhHRU.exe
  2⤵
  PID:6996
- C:\Windows\System\AaZHKDF.exe
  C:\Windows\System\AaZHKDF.exe
  2⤵
  PID:6808
- C:\Windows\System\qobDyIe.exe
  C:\Windows\System\qobDyIe.exe
  2⤵
  PID:7188
- C:\Windows\System\GzRXxik.exe
  C:\Windows\System\GzRXxik.exe
  2⤵
  PID:7284
- C:\Windows\System\ckZpMii.exe
  C:\Windows\System\ckZpMii.exe
  2⤵
  PID:7392
- C:\Windows\System\iNiCdPx.exe
  C:\Windows\System\iNiCdPx.exe
  2⤵
  PID:2032
- C:\Windows\System\mvYQazx.exe
  C:\Windows\System\mvYQazx.exe
  2⤵
  PID:8204
- C:\Windows\System\UUDwTlG.exe
  C:\Windows\System\UUDwTlG.exe
  2⤵
  PID:8224
- C:\Windows\System\HKvNMAq.exe
  C:\Windows\System\HKvNMAq.exe
  2⤵
  PID:8244
- C:\Windows\System\aOpqaXW.exe
  C:\Windows\System\aOpqaXW.exe
  2⤵
  PID:8264
- C:\Windows\System\ogimNWZ.exe
  C:\Windows\System\ogimNWZ.exe
  2⤵
  PID:8280
- C:\Windows\System\FWoSqqB.exe
  C:\Windows\System\FWoSqqB.exe
  2⤵
  PID:8296
- C:\Windows\System\kYscgGV.exe
  C:\Windows\System\kYscgGV.exe
  2⤵
  PID:8312
- C:\Windows\System\xfgtTyV.exe
  C:\Windows\System\xfgtTyV.exe
  2⤵
  PID:8344
- C:\Windows\System\grWjvbR.exe
  C:\Windows\System\grWjvbR.exe
  2⤵
  PID:8360
- C:\Windows\System\uYHsQAK.exe
  C:\Windows\System\uYHsQAK.exe
  2⤵
  PID:8384
- C:\Windows\System\zfNCHmI.exe
  C:\Windows\System\zfNCHmI.exe
  2⤵
  PID:8400
- C:\Windows\System\ACkUmJn.exe
  C:\Windows\System\ACkUmJn.exe
  2⤵
  PID:8416
- C:\Windows\System\xTzCJLr.exe
  C:\Windows\System\xTzCJLr.exe
  2⤵
  PID:8432
- C:\Windows\System\ZlNHAJT.exe
  C:\Windows\System\ZlNHAJT.exe
  2⤵
  PID:8448
- C:\Windows\System\vqiLvZc.exe
  C:\Windows\System\vqiLvZc.exe
  2⤵
  PID:8464
- C:\Windows\System\dzKNbcd.exe
  C:\Windows\System\dzKNbcd.exe
  2⤵
  PID:8480
- C:\Windows\System\xEUWbxS.exe
  C:\Windows\System\xEUWbxS.exe
  2⤵
  PID:8496
- C:\Windows\System\OIcCLcL.exe
  C:\Windows\System\OIcCLcL.exe
  2⤵
  PID:8512
- C:\Windows\System\fJhrrXQ.exe
  C:\Windows\System\fJhrrXQ.exe
  2⤵
  PID:8536
- C:\Windows\System\VrwlDlv.exe
  C:\Windows\System\VrwlDlv.exe
  2⤵
  PID:8552
- C:\Windows\System\BbJLMcx.exe
  C:\Windows\System\BbJLMcx.exe
  2⤵
  PID:8568
- C:\Windows\System\NPCPwZw.exe
  C:\Windows\System\NPCPwZw.exe
  2⤵
  PID:8584
- C:\Windows\System\AaDAggi.exe
  C:\Windows\System\AaDAggi.exe
  2⤵
  PID:8600
- C:\Windows\System\IXfZaia.exe
  C:\Windows\System\IXfZaia.exe
  2⤵
  PID:8616
- C:\Windows\System\mLFJpRD.exe
  C:\Windows\System\mLFJpRD.exe
  2⤵
  PID:8632
- C:\Windows\System\wxOaKWa.exe
  C:\Windows\System\wxOaKWa.exe
  2⤵
  PID:8648
- C:\Windows\System\czimByN.exe
  C:\Windows\System\czimByN.exe
  2⤵
  PID:8664
- C:\Windows\System\sOsLcCV.exe
  C:\Windows\System\sOsLcCV.exe
  2⤵
  PID:8680
- C:\Windows\System\Tlvhvjc.exe
  C:\Windows\System\Tlvhvjc.exe
  2⤵
  PID:8696
- C:\Windows\System\tprDYqi.exe
  C:\Windows\System\tprDYqi.exe
  2⤵
  PID:8712
- C:\Windows\System\YEleXqI.exe
  C:\Windows\System\YEleXqI.exe
  2⤵
  PID:8728
- C:\Windows\System\BOmVbeC.exe
  C:\Windows\System\BOmVbeC.exe
  2⤵
  PID:8744
- C:\Windows\System\zEbMZTJ.exe
  C:\Windows\System\zEbMZTJ.exe
  2⤵
  PID:8760
- C:\Windows\System\NINzyNK.exe
  C:\Windows\System\NINzyNK.exe
  2⤵
  PID:8776
- C:\Windows\System\McpDLFg.exe
  C:\Windows\System\McpDLFg.exe
  2⤵
  PID:8792
- C:\Windows\System\LwtiJTc.exe
  C:\Windows\System\LwtiJTc.exe
  2⤵
  PID:8808
- C:\Windows\System\PncZAEN.exe
  C:\Windows\System\PncZAEN.exe
  2⤵
  PID:8824
- C:\Windows\System\WYACCjE.exe
  C:\Windows\System\WYACCjE.exe
  2⤵
  PID:8840
- C:\Windows\System\vAyhxau.exe
  C:\Windows\System\vAyhxau.exe
  2⤵
  PID:8856
- C:\Windows\System\sUMkHmO.exe
  C:\Windows\System\sUMkHmO.exe
  2⤵
  PID:8872
- C:\Windows\System\jNjgozM.exe
  C:\Windows\System\jNjgozM.exe
  2⤵
  PID:8888
- C:\Windows\System\vAyMUoA.exe
  C:\Windows\System\vAyMUoA.exe
  2⤵
  PID:8904
- C:\Windows\System\PUmcIsQ.exe
  C:\Windows\System\PUmcIsQ.exe
  2⤵
  PID:8920
- C:\Windows\System\kIsgwWN.exe
  C:\Windows\System\kIsgwWN.exe
  2⤵
  PID:8936
- C:\Windows\System\TaOyKDt.exe
  C:\Windows\System\TaOyKDt.exe
  2⤵
  PID:8952
- C:\Windows\System\XrHymsM.exe
  C:\Windows\System\XrHymsM.exe
  2⤵
  PID:8968
- C:\Windows\System\JfEiUqD.exe
  C:\Windows\System\JfEiUqD.exe
  2⤵
  PID:8984
- C:\Windows\System\bbQSBmz.exe
  C:\Windows\System\bbQSBmz.exe
  2⤵
  PID:9000
- C:\Windows\System\lalTNAC.exe
  C:\Windows\System\lalTNAC.exe
  2⤵
  PID:9016
- C:\Windows\System\VKIYYef.exe
  C:\Windows\System\VKIYYef.exe
  2⤵
  PID:9032
- C:\Windows\System\wEpuXoC.exe
  C:\Windows\System\wEpuXoC.exe
  2⤵
  PID:9048
- C:\Windows\System\zfWrDeY.exe
  C:\Windows\System\zfWrDeY.exe
  2⤵
  PID:9064
- C:\Windows\System\kuzWVJu.exe
  C:\Windows\System\kuzWVJu.exe
  2⤵
  PID:9080
- C:\Windows\System\dmuzzvO.exe
  C:\Windows\System\dmuzzvO.exe
  2⤵
  PID:9096
- C:\Windows\System\VLGIEtz.exe
  C:\Windows\System\VLGIEtz.exe
  2⤵
  PID:9112
- C:\Windows\System\xYXrBuG.exe
  C:\Windows\System\xYXrBuG.exe
  2⤵
  PID:9128
- C:\Windows\System\CbatTSk.exe
  C:\Windows\System\CbatTSk.exe
  2⤵
  PID:9144
- C:\Windows\System\sGoFJfu.exe
  C:\Windows\System\sGoFJfu.exe
  2⤵
  PID:9164
- C:\Windows\System\tkWMPMu.exe
  C:\Windows\System\tkWMPMu.exe
  2⤵
  PID:9180
- C:\Windows\System\uEtvtNi.exe
  C:\Windows\System\uEtvtNi.exe
  2⤵
  PID:9196
- C:\Windows\System\HbFzDdV.exe
  C:\Windows\System\HbFzDdV.exe
  2⤵
  PID:9212
- C:\Windows\System\IXYwtLg.exe
  C:\Windows\System\IXYwtLg.exe
  2⤵
  PID:2360
- C:\Windows\System\QpAaNuG.exe
  C:\Windows\System\QpAaNuG.exe
  2⤵
  PID:7716
- C:\Windows\System\RnrJDoO.exe
  C:\Windows\System\RnrJDoO.exe
  2⤵
  PID:7800
- C:\Windows\System\acvnrMm.exe
  C:\Windows\System\acvnrMm.exe
  2⤵
  PID:7880
- C:\Windows\System\orJbNAZ.exe
  C:\Windows\System\orJbNAZ.exe
  2⤵
  PID:8008
- C:\Windows\System\fzVkqBE.exe
  C:\Windows\System\fzVkqBE.exe
  2⤵
  PID:8124
- C:\Windows\System\LJEbjpB.exe
  C:\Windows\System\LJEbjpB.exe
  2⤵
  PID:6576
- C:\Windows\System\AriIMrI.exe
  C:\Windows\System\AriIMrI.exe
  2⤵
  PID:6948
- C:\Windows\System\nXXOrQP.exe
  C:\Windows\System\nXXOrQP.exe
  2⤵
  PID:7380
- C:\Windows\System\MnJnmbW.exe
  C:\Windows\System\MnJnmbW.exe
  2⤵
  PID:8200
- C:\Windows\System\NGlKaPd.exe
  C:\Windows\System\NGlKaPd.exe
  2⤵
  PID:8252
- C:\Windows\System\wSGnoUd.exe
  C:\Windows\System\wSGnoUd.exe
  2⤵
  PID:8276
- C:\Windows\System\WWecCZY.exe
  C:\Windows\System\WWecCZY.exe
  2⤵
  PID:8320
- C:\Windows\System\YRgMqUR.exe
  C:\Windows\System\YRgMqUR.exe
  2⤵
  PID:8372
- C:\Windows\System\tvamzFi.exe
  C:\Windows\System\tvamzFi.exe
  2⤵
  PID:8408
- C:\Windows\System\OUAWpIk.exe
  C:\Windows\System\OUAWpIk.exe
  2⤵
  PID:8428
- C:\Windows\System\qPWkUyW.exe
  C:\Windows\System\qPWkUyW.exe
  2⤵
  PID:8456
- C:\Windows\System\lioCMrn.exe
  C:\Windows\System\lioCMrn.exe
  2⤵
  PID:8492
- C:\Windows\System\xVYTXkQ.exe
  C:\Windows\System\xVYTXkQ.exe
  2⤵
  PID:8524
- C:\Windows\System\tARTkzi.exe
  C:\Windows\System\tARTkzi.exe
  2⤵
  PID:8580
- C:\Windows\System\ElDOTEg.exe
  C:\Windows\System\ElDOTEg.exe
  2⤵
  PID:8612
- C:\Windows\System\QmhZreb.exe
  C:\Windows\System\QmhZreb.exe
  2⤵
  PID:8644
- C:\Windows\System\FvwBEqx.exe
  C:\Windows\System\FvwBEqx.exe
  2⤵
  PID:8676
- C:\Windows\System\ppJqUKk.exe
  C:\Windows\System\ppJqUKk.exe
  2⤵
  PID:8708
- C:\Windows\System\adXdEGN.exe
  C:\Windows\System\adXdEGN.exe
  2⤵
  PID:3644
- C:\Windows\System\XvBXtup.exe
  C:\Windows\System\XvBXtup.exe
  2⤵
  PID:8772
- C:\Windows\System\PgbDNzd.exe
  C:\Windows\System\PgbDNzd.exe
  2⤵
  PID:8784
- C:\Windows\System\CnLwqWj.exe
  C:\Windows\System\CnLwqWj.exe
  2⤵
  PID:8820
- C:\Windows\System\cYdClWt.exe
  C:\Windows\System\cYdClWt.exe
  2⤵
  PID:8852
- C:\Windows\System\NYhRJJC.exe
  C:\Windows\System\NYhRJJC.exe
  2⤵
  PID:8896
- C:\Windows\System\mpbwjZJ.exe
  C:\Windows\System\mpbwjZJ.exe
  2⤵
  PID:8928
- C:\Windows\System\OpJEVDz.exe
  C:\Windows\System\OpJEVDz.exe
  2⤵
  PID:8944
- C:\Windows\System\fThmKOe.exe
  C:\Windows\System\fThmKOe.exe
  2⤵
  PID:8976
- C:\Windows\System\gdrFdAs.exe
  C:\Windows\System\gdrFdAs.exe
  2⤵
  PID:9008
- C:\Windows\System\GcEIgDS.exe
  C:\Windows\System\GcEIgDS.exe
  2⤵
  PID:9040
- C:\Windows\System\IyovDNp.exe
  C:\Windows\System\IyovDNp.exe
  2⤵
  PID:9072
- C:\Windows\System\vtLtvHm.exe
  C:\Windows\System\vtLtvHm.exe
  2⤵
  PID:9104
- C:\Windows\System\kLTJLNy.exe
  C:\Windows\System\kLTJLNy.exe
  2⤵
  PID:8532
- C:\Windows\System\lmCpoBs.exe
  C:\Windows\System\lmCpoBs.exe
  2⤵
  PID:9156
- C:\Windows\System\OZWbUmL.exe
  C:\Windows\System\OZWbUmL.exe
  2⤵
  PID:9176
- C:\Windows\System\QklBnRl.exe
  C:\Windows\System\QklBnRl.exe
  2⤵
  PID:9208
- C:\Windows\System\JdMWmLI.exe
  C:\Windows\System\JdMWmLI.exe
  2⤵
  PID:7720
- C:\Windows\System\YhwzLue.exe
  C:\Windows\System\YhwzLue.exe
  2⤵
  PID:2000
- C:\Windows\System\ZjrvbcJ.exe
  C:\Windows\System\ZjrvbcJ.exe
  2⤵
  PID:8104
- C:\Windows\System\jaXtKei.exe
  C:\Windows\System\jaXtKei.exe
  2⤵
  PID:7216
- C:\Windows\System\CKPeHyn.exe
  C:\Windows\System\CKPeHyn.exe
  2⤵
  PID:8236
- C:\Windows\System\tGYjfPP.exe
  C:\Windows\System\tGYjfPP.exe
  2⤵
  PID:3840
- C:\Windows\System\FICQZSs.exe
  C:\Windows\System\FICQZSs.exe
  2⤵
  PID:3852
- C:\Windows\System\YzkZIsn.exe
  C:\Windows\System\YzkZIsn.exe
  2⤵
  PID:8472
- C:\Windows\System\YTcOCdV.exe
  C:\Windows\System\YTcOCdV.exe
  2⤵
  PID:8504
- C:\Windows\System\nhLYdqg.exe
  C:\Windows\System\nhLYdqg.exe
  2⤵
  PID:8576
- C:\Windows\System\QbBULkt.exe
  C:\Windows\System\QbBULkt.exe
  2⤵
  PID:8672
- C:\Windows\System\lefHLRp.exe
  C:\Windows\System\lefHLRp.exe
  2⤵
  PID:2708
- C:\Windows\System\RnYJhGZ.exe
  C:\Windows\System\RnYJhGZ.exe
  2⤵
  PID:8724
- C:\Windows\System\hVZdHjH.exe
  C:\Windows\System\hVZdHjH.exe
  2⤵
  PID:8800
- C:\Windows\System\YMAdpwX.exe
  C:\Windows\System\YMAdpwX.exe
  2⤵
  PID:8848
- C:\Windows\System\JchBboZ.exe
  C:\Windows\System\JchBboZ.exe
  2⤵
  PID:8880
- C:\Windows\System\pTZqnHn.exe
  C:\Windows\System\pTZqnHn.exe
  2⤵
  PID:8964
- C:\Windows\System\hHSbFyN.exe
  C:\Windows\System\hHSbFyN.exe
  2⤵
  PID:9028
- C:\Windows\System\Altzjuu.exe
  C:\Windows\System\Altzjuu.exe
  2⤵
  PID:9060
- C:\Windows\System\hRBSFMo.exe
  C:\Windows\System\hRBSFMo.exe
  2⤵
  PID:9140
- C:\Windows\System\NBurDvx.exe
  C:\Windows\System\NBurDvx.exe
  2⤵
  PID:2804
- C:\Windows\System\EkVGsqB.exe
  C:\Windows\System\EkVGsqB.exe
  2⤵
  PID:6452
- C:\Windows\System\nACHbDE.exe
  C:\Windows\System\nACHbDE.exe
  2⤵
  PID:8188
- C:\Windows\System\TeVxwFw.exe
  C:\Windows\System\TeVxwFw.exe
  2⤵
  PID:8304
- C:\Windows\System\zTYOsKx.exe
  C:\Windows\System\zTYOsKx.exe
  2⤵
  PID:5004
- C:\Windows\System\cMutAdj.exe
  C:\Windows\System\cMutAdj.exe
  2⤵
  PID:8476
- C:\Windows\System\vGjkmDS.exe
  C:\Windows\System\vGjkmDS.exe
  2⤵
  PID:2696
- C:\Windows\System\pvfAoRH.exe
  C:\Windows\System\pvfAoRH.exe
  2⤵
  PID:8692
- C:\Windows\System\InOUgfX.exe
  C:\Windows\System\InOUgfX.exe
  2⤵
  PID:4984
- C:\Windows\System\LGJplze.exe
  C:\Windows\System\LGJplze.exe
  2⤵
  PID:8816
- C:\Windows\System\iVtiTNw.exe
  C:\Windows\System\iVtiTNw.exe
  2⤵
  PID:9012
- C:\Windows\System\DHdFoKS.exe
  C:\Windows\System\DHdFoKS.exe
  2⤵
  PID:9076
- C:\Windows\System\QrIPesS.exe
  C:\Windows\System\QrIPesS.exe
  2⤵
  PID:9204
- C:\Windows\System\pIRwMle.exe
  C:\Windows\System\pIRwMle.exe
  2⤵
  PID:6680
- C:\Windows\System\oPOJWlk.exe
  C:\Windows\System\oPOJWlk.exe
  2⤵
  PID:8212
- C:\Windows\System\dgZehQR.exe
  C:\Windows\System\dgZehQR.exe
  2⤵
  PID:8424
- C:\Windows\System\mqqmBjO.exe
  C:\Windows\System\mqqmBjO.exe
  2⤵
  PID:1960
- C:\Windows\System\liFOrkE.exe
  C:\Windows\System\liFOrkE.exe
  2⤵
  PID:9224
- C:\Windows\System\BjUfSiD.exe
  C:\Windows\System\BjUfSiD.exe
  2⤵
  PID:9240
- C:\Windows\System\hMGhHVC.exe
  C:\Windows\System\hMGhHVC.exe
  2⤵
  PID:9256
- C:\Windows\System\MnuPeYV.exe
  C:\Windows\System\MnuPeYV.exe
  2⤵
  PID:9272
- C:\Windows\System\rDBFjlT.exe
  C:\Windows\System\rDBFjlT.exe
  2⤵
  PID:9288
- C:\Windows\System\EVLRWAs.exe
  C:\Windows\System\EVLRWAs.exe
  2⤵
  PID:9304
- C:\Windows\System\OLPbxqD.exe
  C:\Windows\System\OLPbxqD.exe
  2⤵
  PID:9320
- C:\Windows\System\Hanfnzf.exe
  C:\Windows\System\Hanfnzf.exe
  2⤵
  PID:9336
- C:\Windows\System\lkfqvbO.exe
  C:\Windows\System\lkfqvbO.exe
  2⤵
  PID:9352
- C:\Windows\System\HmsZcdA.exe
  C:\Windows\System\HmsZcdA.exe
  2⤵
  PID:9368
- C:\Windows\System\hyXDLMq.exe
  C:\Windows\System\hyXDLMq.exe
  2⤵
  PID:9384
- C:\Windows\System\wxJxDUu.exe
  C:\Windows\System\wxJxDUu.exe
  2⤵
  PID:9400
- C:\Windows\System\XMFYTVh.exe
  C:\Windows\System\XMFYTVh.exe
  2⤵
  PID:9416
- C:\Windows\System\icvdVZd.exe
  C:\Windows\System\icvdVZd.exe
  2⤵
  PID:9436
- C:\Windows\System\tHEoRVr.exe
  C:\Windows\System\tHEoRVr.exe
  2⤵
  PID:9452
- C:\Windows\System\QkyFFxQ.exe
  C:\Windows\System\QkyFFxQ.exe
  2⤵
  PID:9468
- C:\Windows\System\ERSkIYf.exe
  C:\Windows\System\ERSkIYf.exe
  2⤵
  PID:9484
- C:\Windows\System\yUxScXn.exe
  C:\Windows\System\yUxScXn.exe
  2⤵
  PID:9500
- C:\Windows\System\bsBFbOy.exe
  C:\Windows\System\bsBFbOy.exe
  2⤵
  PID:9516
- C:\Windows\System\HkZmAJq.exe
  C:\Windows\System\HkZmAJq.exe
  2⤵
  PID:9532
- C:\Windows\System\YpQnRqS.exe
  C:\Windows\System\YpQnRqS.exe
  2⤵
  PID:9548
- C:\Windows\System\UIytLZV.exe
  C:\Windows\System\UIytLZV.exe
  2⤵
  PID:9564
- C:\Windows\System\pISBhVJ.exe
  C:\Windows\System\pISBhVJ.exe
  2⤵
  PID:9580
- C:\Windows\System\SEIbHOZ.exe
  C:\Windows\System\SEIbHOZ.exe
  2⤵
  PID:9596
- C:\Windows\System\jxDTRLq.exe
  C:\Windows\System\jxDTRLq.exe
  2⤵
  PID:9612
- C:\Windows\System\CLftbkN.exe
  C:\Windows\System\CLftbkN.exe
  2⤵
  PID:9628
- C:\Windows\System\fkkxsQP.exe
  C:\Windows\System\fkkxsQP.exe
  2⤵
  PID:9644
- C:\Windows\System\HwCWtnJ.exe
  C:\Windows\System\HwCWtnJ.exe
  2⤵
  PID:9660
- C:\Windows\System\tNLrHyr.exe
  C:\Windows\System\tNLrHyr.exe
  2⤵
  PID:9676
- C:\Windows\System\eOgVUoq.exe
  C:\Windows\System\eOgVUoq.exe
  2⤵
  PID:9692
- C:\Windows\System\KxJJKDy.exe
  C:\Windows\System\KxJJKDy.exe
  2⤵
  PID:9708
- C:\Windows\System\PPeEltG.exe
  C:\Windows\System\PPeEltG.exe
  2⤵
  PID:9724
- C:\Windows\System\WlhjHUQ.exe
  C:\Windows\System\WlhjHUQ.exe
  2⤵
  PID:9740
- C:\Windows\System\BRhOTjz.exe
  C:\Windows\System\BRhOTjz.exe
  2⤵
  PID:9756
- C:\Windows\System\QhDcpZv.exe
  C:\Windows\System\QhDcpZv.exe
  2⤵
  PID:9772
- C:\Windows\System\tpIhgUK.exe
  C:\Windows\System\tpIhgUK.exe
  2⤵
  PID:9788
- C:\Windows\System\AHtGNHS.exe
  C:\Windows\System\AHtGNHS.exe
  2⤵
  PID:9804
- C:\Windows\System\MUVcuan.exe
  C:\Windows\System\MUVcuan.exe
  2⤵
  PID:9820
- C:\Windows\System\BSfDYbO.exe
  C:\Windows\System\BSfDYbO.exe
  2⤵
  PID:9836
- C:\Windows\System\pAZdCVN.exe
  C:\Windows\System\pAZdCVN.exe
  2⤵
  PID:9852
- C:\Windows\System\GdhmsTh.exe
  C:\Windows\System\GdhmsTh.exe
  2⤵
  PID:9868
- C:\Windows\System\BocYVgZ.exe
  C:\Windows\System\BocYVgZ.exe
  2⤵
  PID:9884
- C:\Windows\System\OUdcWmF.exe
  C:\Windows\System\OUdcWmF.exe
  2⤵
  PID:9900
- C:\Windows\System\JfpPIMu.exe
  C:\Windows\System\JfpPIMu.exe
  2⤵
  PID:9916
- C:\Windows\System\lcIeBSh.exe
  C:\Windows\System\lcIeBSh.exe
  2⤵
  PID:9932
- C:\Windows\System\NAxDRFe.exe
  C:\Windows\System\NAxDRFe.exe
  2⤵
  PID:9948
- C:\Windows\System\VCHVKVp.exe
  C:\Windows\System\VCHVKVp.exe
  2⤵
  PID:9964
- C:\Windows\System\acpmDgR.exe
  C:\Windows\System\acpmDgR.exe
  2⤵
  PID:9980
- C:\Windows\System\lEnyyLL.exe
  C:\Windows\System\lEnyyLL.exe
  2⤵
  PID:9996
- C:\Windows\System\oNmsvLQ.exe
  C:\Windows\System\oNmsvLQ.exe
  2⤵
  PID:10012
- C:\Windows\System\oUJGDkZ.exe
  C:\Windows\System\oUJGDkZ.exe
  2⤵
  PID:10028
- C:\Windows\System\OWxAIAv.exe
  C:\Windows\System\OWxAIAv.exe
  2⤵
  PID:10044
- C:\Windows\System\ONgYYQF.exe
  C:\Windows\System\ONgYYQF.exe
  2⤵
  PID:10060
- C:\Windows\System\DNTPqVl.exe
  C:\Windows\System\DNTPqVl.exe
  2⤵
  PID:10076
- C:\Windows\System\govvqCb.exe
  C:\Windows\System\govvqCb.exe
  2⤵
  PID:10092
- C:\Windows\System\LOuwRzW.exe
  C:\Windows\System\LOuwRzW.exe
  2⤵
  PID:10108
- C:\Windows\System\eraSlwC.exe
  C:\Windows\System\eraSlwC.exe
  2⤵
  PID:10124
- C:\Windows\System\SSHkWYs.exe
  C:\Windows\System\SSHkWYs.exe
  2⤵
  PID:10144
- C:\Windows\System\xPBcMie.exe
  C:\Windows\System\xPBcMie.exe
  2⤵
  PID:10160
- C:\Windows\System\oknCHYc.exe
  C:\Windows\System\oknCHYc.exe
  2⤵
  PID:8948
- C:\Windows\System\EKHxSUH.exe
  C:\Windows\System\EKHxSUH.exe
  2⤵
  PID:2876
- C:\Windows\System\rQnCShq.exe
  C:\Windows\System\rQnCShq.exe
  2⤵
  PID:8352
- C:\Windows\System\IYxfius.exe
  C:\Windows\System\IYxfius.exe
  2⤵
  PID:9220
- C:\Windows\System\BTGgsqY.exe
  C:\Windows\System\BTGgsqY.exe
  2⤵
  PID:9252
- C:\Windows\System\GZdwXOk.exe
  C:\Windows\System\GZdwXOk.exe
  2⤵
  PID:9284
- C:\Windows\System\lhKDuWa.exe
  C:\Windows\System\lhKDuWa.exe
  2⤵
  PID:9316
- C:\Windows\System\pQdymIy.exe
  C:\Windows\System\pQdymIy.exe
  2⤵
  PID:9348
- C:\Windows\System\ZZEetVy.exe
  C:\Windows\System\ZZEetVy.exe
  2⤵
  PID:9364
- C:\Windows\System\DUgfLTE.exe
  C:\Windows\System\DUgfLTE.exe
  2⤵
  PID:9396
- C:\Windows\System\TMRuCgy.exe
  C:\Windows\System\TMRuCgy.exe
  2⤵
  PID:9432
- C:\Windows\System\QbzflrJ.exe
  C:\Windows\System\QbzflrJ.exe
  2⤵
  PID:9476
- C:\Windows\System\npTNuxf.exe
  C:\Windows\System\npTNuxf.exe
  2⤵
  PID:9508
- C:\Windows\System\VSslnHV.exe
  C:\Windows\System\VSslnHV.exe
  2⤵
  PID:9540
- C:\Windows\System\XmJVQZA.exe
  C:\Windows\System\XmJVQZA.exe
  2⤵
  PID:9560
- C:\Windows\System\xSlufPo.exe
  C:\Windows\System\xSlufPo.exe
  2⤵
  PID:9604
- C:\Windows\System\awFYnYS.exe
  C:\Windows\System\awFYnYS.exe
  2⤵
  PID:9620
- C:\Windows\System\lDeKRZR.exe
  C:\Windows\System\lDeKRZR.exe
  2⤵
  PID:9652
- C:\Windows\System\FJvctcr.exe
  C:\Windows\System\FJvctcr.exe
  2⤵
  PID:9684
- C:\Windows\System\pwkAMfX.exe
  C:\Windows\System\pwkAMfX.exe
  2⤵
  PID:9732
- C:\Windows\System\MvCYUnq.exe
  C:\Windows\System\MvCYUnq.exe
  2⤵
  PID:9764
- C:\Windows\System\tuRtmes.exe
  C:\Windows\System\tuRtmes.exe
  2⤵
  PID:9796
- C:\Windows\System\oWgxSpX.exe
  C:\Windows\System\oWgxSpX.exe
  2⤵
  PID:9812
- C:\Windows\System\xHIwwEE.exe
  C:\Windows\System\xHIwwEE.exe
  2⤵
  PID:2216
- C:\Windows\System\FLQMdij.exe
  C:\Windows\System\FLQMdij.exe
  2⤵
  PID:8660
- C:\Windows\System\NgPflha.exe
  C:\Windows\System\NgPflha.exe
  2⤵
  PID:9848
- C:\Windows\System\EkJRcZH.exe
  C:\Windows\System\EkJRcZH.exe
  2⤵
  PID:9892
- C:\Windows\System\HYdzFFX.exe
  C:\Windows\System\HYdzFFX.exe
  2⤵
  PID:9912
- C:\Windows\System\KRDROQJ.exe
  C:\Windows\System\KRDROQJ.exe
  2⤵
  PID:9928
- C:\Windows\System\gBMfgvI.exe
  C:\Windows\System\gBMfgvI.exe
  2⤵
  PID:9944
- C:\Windows\System\ogyTFkX.exe
  C:\Windows\System\ogyTFkX.exe
  2⤵
  PID:9972
- C:\Windows\System\XDhkkUR.exe
  C:\Windows\System\XDhkkUR.exe
  2⤵
  PID:9992
- C:\Windows\System\cDlQBWl.exe
  C:\Windows\System\cDlQBWl.exe
  2⤵
  PID:10008
- C:\Windows\System\lUJeXow.exe
  C:\Windows\System\lUJeXow.exe
  2⤵
  PID:2228
- C:\Windows\System\TKlRLUN.exe
  C:\Windows\System\TKlRLUN.exe
  2⤵
  PID:3028
- C:\Windows\System\lVrawOV.exe
  C:\Windows\System\lVrawOV.exe
  2⤵
  PID:10072
- C:\Windows\System\pzkzsaW.exe
  C:\Windows\System\pzkzsaW.exe
  2⤵
  PID:10116
- C:\Windows\System\uOjKkHk.exe
  C:\Windows\System\uOjKkHk.exe
  2⤵
  PID:10104
- C:\Windows\System\qdzlBVa.exe
  C:\Windows\System\qdzlBVa.exe
  2⤵
  PID:10156
- C:\Windows\System\xbQoKrj.exe
  C:\Windows\System\xbQoKrj.exe
  2⤵
  PID:2176
- C:\Windows\System\vYdRVWS.exe
  C:\Windows\System\vYdRVWS.exe
  2⤵
  PID:1324
- C:\Windows\System\SwygMuB.exe
  C:\Windows\System\SwygMuB.exe
  2⤵
  PID:1468
- C:\Windows\System\GjRqmcM.exe
  C:\Windows\System\GjRqmcM.exe
  2⤵
  PID:3012
- C:\Windows\System\McgmTYd.exe
  C:\Windows\System\McgmTYd.exe
  2⤵
  PID:700
- C:\Windows\System\iVNSbFK.exe
  C:\Windows\System\iVNSbFK.exe
  2⤵
  PID:2124
- C:\Windows\System\Eteormu.exe
  C:\Windows\System\Eteormu.exe
  2⤵
  PID:2200
- C:\Windows\System\zwLzRto.exe
  C:\Windows\System\zwLzRto.exe
  2⤵
  PID:2252
- C:\Windows\System\lcRidNN.exe
  C:\Windows\System\lcRidNN.exe
  2⤵
  PID:636
- C:\Windows\System\slxFbgH.exe
  C:\Windows\System\slxFbgH.exe
  2⤵
  PID:9236
- C:\Windows\System\gZwWpER.exe
  C:\Windows\System\gZwWpER.exe
  2⤵
  PID:2740
- C:\Windows\System\yANVAbY.exe
  C:\Windows\System\yANVAbY.exe
  2⤵
  PID:9492
- C:\Windows\System\AvlKhFl.exe
  C:\Windows\System\AvlKhFl.exe
  2⤵
  PID:2912
- C:\Windows\System\NXqWeCR.exe
  C:\Windows\System\NXqWeCR.exe
  2⤵
  PID:9736
- C:\Windows\System\iKVQtCT.exe
  C:\Windows\System\iKVQtCT.exe
  2⤵
  PID:764
- C:\Windows\System\qFUkTnh.exe
  C:\Windows\System\qFUkTnh.exe
  2⤵
  PID:1120
- C:\Windows\System\OVXvqxW.exe
  C:\Windows\System\OVXvqxW.exe
  2⤵
  PID:2076
- C:\Windows\System\wSqLOqv.exe
  C:\Windows\System\wSqLOqv.exe
  2⤵
  PID:1544
- C:\Windows\System\lkIrAEA.exe
  C:\Windows\System\lkIrAEA.exe
  2⤵
  PID:2572
- C:\Windows\System\ntUUQiS.exe
  C:\Windows\System\ntUUQiS.exe
  2⤵
  PID:2224
- C:\Windows\System\cCKwIym.exe
  C:\Windows\System\cCKwIym.exe
  2⤵
  PID:9248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ACLIRlk.exe

Filesize
6.0MB

MD5
368a298fc58adbb0262b85382efea2b8

SHA1
22b5d55d9fd6d3bf10599bb7f7b418860c0d899d

SHA256
4ff7e1042050576ead60d66a0e4c5ea5b3ebaf4905abb8b4421f01653d5d9ff1

SHA512
3bfce1a988cd0ed28c1f6fb58c94f3c5ef2dd4f15c641c588e3f301c11cc4cde8c891e9eadae2bdef251312ae3c46f485f3f2587c8fcf2a4dfdf2cc1e2745371

Download Submit
C:\Windows\system\DatYAhB.exe

Filesize
6.0MB

MD5
716e17ec462c4b658b714da40c06035a

SHA1
f5abed2395ef3ade88cac838ae109d72675d511c

SHA256
a8584e63b3393aa989f08c58037228dbce242784e03d590400776436e1d78fc9

SHA512
014e8038329fca851395037607e04488f9a77e152e825a1cc905dbdbb577e82c90119dbe89c5c2aa2208914911c48ddf6f9d20712aa267491db700632594bebf

Download Submit
C:\Windows\system\DeQeeUU.exe

Filesize
6.0MB

MD5
1c75904327c27469d8b0d0e7e98223f9

SHA1
b1a9b5bdb87a0cfa73a748e3598537a745082111

SHA256
79e697d29317aa01b73badf89c192420a3f60b16a038b2117266ed4d7ccb3c5a

SHA512
35a9967d8720495e748841167f838b13a33e8a5f0c3edac04572b776e8b2ef504e1eb827d9259bff548c100cef9266d101b75d541b9152462844935f46cc4109

Download Submit
C:\Windows\system\GQrSEez.exe

Filesize
6.0MB

MD5
6622a56fddab5ae0b034d6c17cb6ca73

SHA1
3ff58a208b6fde3dbf48ce172fb2dc9edf156db7

SHA256
39cb6fcc8af9fd3b0281ad724b22aafefa6367735f72a883a5f3f096ccac16a7

SHA512
769d555618094c702e87f9c8f1c1de6379fdacf0a7befdc6a37f01eb783e3469ea51ec36acfbf058cd99ea8fd6458d2a2fadc2bb294e9a02c40907f7949b81ba

Download Submit
C:\Windows\system\JEvTATg.exe

Filesize
6.0MB

MD5
45b6930341b9ffc045d1a333c9dc0c3c

SHA1
c091221a660005bd7e5b27893108f57c2490f4da

SHA256
dc5f1c2a8b17df88bb11831ae971c1fe4e0fae4cb8a2bb37d045534f22195a8e

SHA512
a0df7294df378732b2ad375e4fe941aad26bc62f0872aa454fc1afca17b9c6678113c15598eb5c8673e307671127639dd089c8d53ae8ddcab7cab035adc71c9c

Download Submit
C:\Windows\system\NRLhsfu.exe

Filesize
6.0MB

MD5
b147e2bd4884b0e0b6b4ffa8c0e21f34

SHA1
8e7f73576c80419bb71a0df9b279b369112a3fdd

SHA256
d39c16111768fe5fa659c47e301b19c594d3180eba0cfd3892a593806a02ca87

SHA512
cd64d02eb75d0fec7a863f901f79a02c8498df0565aef0dd5cb439e03d3d32ff441fe76ad7eb360f37d9ea1bd4af99690ce70b7c3a0790566ceda00a8345066d

Download Submit
C:\Windows\system\NjuaqVG.exe

Filesize
6.0MB

MD5
1e6924a691c6b976705c2b8071700651

SHA1
ae1530ee24e29ca9650d3187e54b2374c4d64141

SHA256
baaf31a15975543851861791feeea4de74153068d5c93d91803b1fe7043f3f87

SHA512
e7cd08b6ad58fae0fdc00ff849f403fb2e005dd554cee9253881536a25bb0d86006fd8bb2afaab3e42d66cdce5dc4c4e8e8458e0c14beebbd838ca1adc39773a

Download Submit
C:\Windows\system\OnFvxYh.exe

Filesize
6.0MB

MD5
eca7c9272cae9644ade8924cb50dbcdd

SHA1
7b504cbedc63eaacc6acc5d2fbf2b956c5465e1a

SHA256
6999108a07cf5444b7aad50b399ab48b6b39e2502b58b9151344fc39b4d0f793

SHA512
a93e02507f3dbe28a5abe69535d630df628cfbb8d13f75d7e704a959e221b8068565e1dd56797ff505a624c5d3d648aa05fe72a61950b28943e38a58066c7ff9

Download Submit
C:\Windows\system\QLdFwxk.exe

Filesize
6.0MB

MD5
4f4441161c5c9a12db6f09f8f9ebed1f

SHA1
f4cdf291525eb7fe52780526e030964dfceb1b71

SHA256
b9bdd25536624d8ffc0199840babd491431379eb97661318f5aa343c0aa4f1c4

SHA512
deba3291c7c2b6793d9781aaf5edc9ed0ce554b690dfaa7b5441e6ad3a9668ddbb4e772fd9df27b7549e981806d60220b19172dc5c37ca4c23af8031539bcc0e

Download Submit
C:\Windows\system\ROgpRIB.exe

Filesize
6.0MB

MD5
0f3f5c1901bd4f411197e0c044ec34dd

SHA1
20e56daecc2e57ee38ea7df3613812e78250fa53

SHA256
b5582c55d3b59cc43409f90f9ab6ee381127df99b80bf68c47625fc772568004

SHA512
bb85ff88e01d264fb25edfa5dd6927fbb2fd7affeafa698906d0c37e9978528c7500b85147966542ad5ed7e9a5dfdb256c46d56b3f47f8f735abd129f6e2b76b

Download Submit
C:\Windows\system\TlYXoPt.exe

Filesize
6.0MB

MD5
0d8e43e4121ef0bdb7e6e84187696314

SHA1
72d8c1456659a5b8be615f618f584b274d898e23

SHA256
6059ee0aa01164451d438545a965b7e0450ee02b755ba5616148a1ae561d8b1e

SHA512
5c759bc012c2b17e3885559e325e24870288c1f3178cd4ec75f42f6cc84f8e7ffb753dcb6f771e039ca2ebfff75a013345a69557ebbfb3e36be3b30f8149789e

Download Submit
C:\Windows\system\bubOTNx.exe

Filesize
6.0MB

MD5
6cce0cd03d315d3217d5d6798c5c8074

SHA1
1f3de379d7ff9b88a673d15ec3324c2992485c68

SHA256
43995436f3291b72215d885c0069ea9bc6a78f5e9852de69d8bf253f3ee47bc4

SHA512
5a53aee63f62d47c1e94e0561f90529556a3ad8aa08dfc97282fb0c27a6f8bc01b1d29219ea8f4b4d42a0fea7732c805ee3b3854f2e13907da2b6d57852ca7fd

Download Submit
C:\Windows\system\dBphHiM.exe

Filesize
6.0MB

MD5
39bc28a1696d45735824a798b5404604

SHA1
a931607be63471bdd7f34c4e3657a32269fdd7f3

SHA256
b89e1a8fc600793810abfed96a3541f09a0688f4a4a14d301e8dad1959a31608

SHA512
18ea5cbf816284a4dc2ec220987497c0b3828fad6fde640b7838e7edf9aa8931ba3465bcc615b320e7956d7a20934af1aa564f1596d06c2f41af26e841bdf398

Download Submit
C:\Windows\system\gyUjzfY.exe

Filesize
6.0MB

MD5
3ee1ccf9e01589edc8f081f14f060ddb

SHA1
50adbe94d0ae5051c456cd94e625b7cf7fa9e147

SHA256
dcf4c6d361d1bf7ff14279e8109ed27553999ab568535c3b358c07fd933a8a1c

SHA512
a9d1d77954a0d4682f9bb992acafcdb8ea74b0c746028f26e93dcda1ae13654bfce997dfbbfee77c966760ddb4ff117f2ca0b3c8524bcecfaa12a109a2a0c172

Download Submit
C:\Windows\system\ioSvbyN.exe

Filesize
6.0MB

MD5
cada49204d4e86f9a26beca64deb0a9d

SHA1
8986d7879e4d39c2aa0f1f0d6783c80290422c17

SHA256
a0d434e0a437a904a7207220422e11635f4173acf9b0af942ee671acc51f2e78

SHA512
ebb713268829e184f484cd917cc124a4fe6da037f081543fd313cf75a7f8249162b8b2847352d0a778eb902866abeab20701e926921de093a2f74f08c180a088

Download Submit
C:\Windows\system\ixtGmwO.exe

Filesize
6.0MB

MD5
4f32ff520be396d879d22a099ff1bb34

SHA1
bc83b4c9dfd38296be097ff4d6524fbb2b5e1db9

SHA256
67ace8cac9931437bcf7d22502f0a3bcc7664d54cf8f48cef7db9960310a64e8

SHA512
d023e67e15dea276792dd768b6171c9e4bd89ae6b91bc6d6a101a1221733368c87119b8435add5e42a41fd9e68a81baf6e41ffdcf35159619258c737e52fe89b

Download Submit
C:\Windows\system\jRjqfDj.exe

Filesize
6.0MB

MD5
46e062451ca37ca1fbf42c148728b430

SHA1
bedb9d7338ff70e48fb9a56f80a4c425ba9cc197

SHA256
2f4df428e62f8d283e40f41848df9df89a241addb721d2577a7e33f18ed47c78

SHA512
f8aca2c01491c741e102be7b59059361f1dfc8a6c92bd301cdabd7b6fdc88bfaf17af06a2bfa1a4cffca2320ec63cedab763470e52f4fdae1d72fdfea0bb7874

Download Submit
C:\Windows\system\npJAzAd.exe

Filesize
6.0MB

MD5
72450ede30034e1e857966d76a98953f

SHA1
7fdf8c495ed47cac6a267596caff51181837854c

SHA256
bc0a6466a690ed46f329933e82c689393eea386522fac0cf67c8461db33b7cbe

SHA512
74cb9c038d10edd3fe01dc91a3cf236a0d9cc8bdee13d6f7a652a247ad8873a485050e037a757de2f968e254f91b17c2ad14891f743a21d1aedcf9ada0bf613d

Download Submit
C:\Windows\system\oCpqDkG.exe

Filesize
6.0MB

MD5
784ed1097aeb08bc7dc438e67c74992c

SHA1
92d5afbc57e7346e1644f6e214e39821994187df

SHA256
25eb8888027c750413ac5af895b255a7dc78f17eeaaf14fdfe7e9d17a0aa0452

SHA512
fbe51c599d3157dccfca22b98c7e77bcc9bb82a6ca7b945c625328d43a1e4d3e9d02c034cc862c7d36ec8f53a0b8a8c58bf13c89ff95f7fdbc3cc295f88a09f2

Download Submit
C:\Windows\system\oNnlRHr.exe

Filesize
6.0MB

MD5
b84ca601037b4f3f8a627e4eb90bd5bf

SHA1
a28be93e540daa00c23875724f858f27ee119ad8

SHA256
3accceb6ec1463942cf15a32713c5324838454e27ce7503946ec54bea005a251

SHA512
eac982debeb3add94f9a6e5320ad2fe02a2fb54aae7881f8628527f951a8f27f60c2de50dde9c303ced46be49a7a98b11d7775b3647961f518ed2e36c28f1bd4

Download Submit
C:\Windows\system\pEsowEV.exe

Filesize
6.0MB

MD5
dcc90d924274cfe5bdca69d282cd00f7

SHA1
5f11105eaed8b4b7cf9610f9187ad66d26a7347b

SHA256
16ade3f9110c5fceaca5b6a2c9050d288c0119331474a907376189e23174bdc8

SHA512
925321131afcf3c1bfaef85bf399d13911e73f8f62e47c9b9e41f7040759368c44462ea2b6b973cf493d4dcd3772009fb833134cfd9228e0ee22bd2014e14303

Download Submit
C:\Windows\system\pwVzZgU.exe

Filesize
6.0MB

MD5
73a35adf38b82683df23a38425ad3b9f

SHA1
4f7af318ecff9c79ba2336817f3766b8db5d9837

SHA256
9bb65c102ab4f656624d674043ddb4cc926ac634b9e18e42ad57854e57452332

SHA512
beead591f0fba08ebef055d13da0f85d6f193f41ca22dbb724e7116d5d059ba7822afaec58f2a1786b19198d9f946e718fcdae2e8b32c4724e78f59cc670ca8b

Download Submit
C:\Windows\system\rUsTqcJ.exe

Filesize
6.0MB

MD5
470bce92f45cb5ae9f748f2237c4ab61

SHA1
efcc8e6efca1754aae1c8c5f1357e91e7e5ff6c4

SHA256
0d4c6fa33eac7aa6d2328b1e5c84fc77245203c529a265659be4d6eb9dc86fe3

SHA512
87386f23d80da47303c8c24821e4dd94c804b7ca4fe98a2fd48173c4868546c19bbcdd6dfad91c7f969b2c3f64ba346c6bbb5a4c76eb86f53994a2a67d396223

Download Submit
C:\Windows\system\upqGnHP.exe

Filesize
6.0MB

MD5
89c5bfca1183cc0018622b87ba2c6db8

SHA1
fcc0cd6a410f084a15dc140e90a9f9b2683acad4

SHA256
aa54755b8f8ea7e52abfc249aa3a140bd27dea317afd72e51de7b79c4a055ed1

SHA512
881c4a0764fc8873e1a54800ff8ac3bda646c05ea49137ef5495fd5bc46a0215f17c20749c73f7f4aaaf4d32c1ab5530cde2f6d6678a44ffe52221367b92e026

Download Submit
C:\Windows\system\wlQHWvx.exe

Filesize
6.0MB

MD5
5cafe36c7e54069a29fe0b4fe4e0eb21

SHA1
745e5a885fb8e79f882208497d557bbd88709183

SHA256
fd9b8ee039aa2023ef2ef0aacf7afe89fdbafe30e50606799a87041616a9f773

SHA512
5137115f2286c35a9ef9ce47ec076117c49e69779d1e19111c8e12a54388e23f2e41c69df3ac5b9127b2ab74d44cc75c3e8f1605e905c1c742dd987e6f2d0425

Download Submit
C:\Windows\system\xiwhRCG.exe

Filesize
6.0MB

MD5
431678e6e7c0f92d842f19db0a48236c

SHA1
89e531cf5f1a7d25c4898d6d2f6532dced12f9bd

SHA256
fbd9e9da6c1a003ea9b509f72db6b48487011f9f0a7b03446ad6c6c8290bb168

SHA512
13eda3d8d4697577759faf04e41cac4c5c8d74c2088dc09dcedce03581ee6fe630ad639b985d38396c3bf9ba4a8a86c9a32117cede62b35f2697a9b4835056d8

Download Submit
C:\Windows\system\yECdLyk.exe

Filesize
6.0MB

MD5
ce902e55c6d587d03e56bdb35480e475

SHA1
c0faf44a5a0a9622df1ca29342d2cca183c8bef0

SHA256
a0c2ec8505eb451d08767362ff6d33a3ad780d84ad9418bd5308ea23a3396bf2

SHA512
b2c60f77865eca87448e17c8b67d60f8202558e6877b745d6a99daa80100b2dbe6654f28662ab1b1950fe3388530bedde5234345641aeac9519ab8014294a0c9

Download Submit
\Windows\system\OmUknjq.exe

Filesize
6.0MB

MD5
03de92717c7cec8c76bd56a1c6a0e46d

SHA1
ba21ca4fb1142e6244e0dda1249fe74b38f811bc

SHA256
7be84635ee0935ad60af4913695b476c1136b22ba2558b5406b4c7df2f5e30fc

SHA512
1b785fa979016edc75e68ccec265d60dc78646ac0caced0f6799c3e8696dd91bd2a10b8fb15b09455b13ecd573dd7a2671fb98767dbc3536456ac22fc924a3e5

Download Submit
\Windows\system\Rngieua.exe

Filesize
6.0MB

MD5
fe5c4fa9c9cd2d4ca563872f20147388

SHA1
dc263dbee434891c002c0772a4a9391e47d414da

SHA256
e987d6c2d02cc700b421598c45075a4df51e1cd41797d836c46fb361663a49f0

SHA512
926084a3f93abaa638e050520f39c0dc260167a5568b504f46c787d42682cdc874140640c6b8c8a39f996880790b76b4c06ba5afda4cd94e0fb597ab3ffeff6d

Download Submit
\Windows\system\YyxxgfD.exe

Filesize
6.0MB

MD5
a63bb40b29599eb79baf792a106a4b69

SHA1
a93766eb730e6831e21920871a009afdc93323d9

SHA256
7a5e3665b650cc564c7e088c985c23a5d9a0ce92775ab8500ef0d6f437b8844d

SHA512
a33f9a5c49a80656f29e6f070803b96d62970d8013f027b048af4b31c337e81c1df6cd0b87a99d4e2754a3f4b8f34d5256dae3723fb60b12f31f6f850e758337

Download Submit
\Windows\system\hXekuzc.exe

Filesize
6.0MB

MD5
11170e2ef026529b26d428d451c86e87

SHA1
56ec1a172c9af3532f6002901913e79d48e05462

SHA256
b5b86024d3012a9736d052fa9e29d69f23d6c51a027f780f1b4636e7e5b1c7a7

SHA512
25364c2180b6bacd55f819b04049901b86f79a3d1ce91b4b736ab1d69702a8c6ff9a3ece0fea16bee0b8b81aae9ea242f7666d9a7631805fbe7bd8605fccd77f

Download Submit
\Windows\system\mOXNmMU.exe

Filesize
6.0MB

MD5
0e9965a954e8f23dac0dc312625d3b2a

SHA1
453531bc49670e4b76ffba6f7983ba7c8ecd0c22

SHA256
895ff3de0caabe968a99ab9a98386edeed209bcc16b7b4357bfc86133c67461d

SHA512
b7fc5712274077b6751a484b93cc3dc8753a65a482e1cfe58df83d4ccf39e29704a139855835d6095491fe1f95bbc14b3a186e50df0f09bad8e03dfb7b2ad05f

Download Submit
memory/828-76-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/1448-101-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1448-4317-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1496-103-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-4319-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/1824-34-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1824-18-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1824-529-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1824-56-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1824-0-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1824-13-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/1824-692-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1824-84-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/1824-272-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1824-695-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1824-398-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1824-39-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1824-6-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1824-528-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/1824-93-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1824-92-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1824-91-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1824-41-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1824-89-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1824-79-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1824-72-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/1824-49-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1824-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2028-102-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2028-4318-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2120-29-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2120-68-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2136-4316-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2136-100-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2264-104-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-4320-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-3221-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-401-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-57-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-273-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-50-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-105-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-40-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-27-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2872-64-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2872-26-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2900-19-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2900-58-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2984-90-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-35-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download