cobaltstrike | f832af9e9a972bd770c1fcfef962c554b186f25f563ca3910c851fde3945628a

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 00:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

56dd08e4861f42a9f418d4859e1b63f7
SHA1

9257a23ef1f743fa0174ddc6d18a45f59383c6f2
SHA256

f832af9e9a972bd770c1fcfef962c554b186f25f563ca3910c851fde3945628a
SHA512

96cb73463fd5a86b1fde8420f4f8b790f66869671819724b4eb3e493f460c2ba7a8f22e16438a1bf30bec69a611387c304b7259a27aa2efd32d8596c1412d530
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU0:T+q56utgpPF8u/70

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001225a-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d75-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d7f-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e25-17.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f1b-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e47-27.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001920f-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192f0-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019346-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-167.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-170.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933e-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019241-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925c-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019228-94.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d5c-88.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903d-71.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d68-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019030-57.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c89-49.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000160ae-35.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2308-0-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x000b00000001225a-3.dat	xmrig
behavioral1/files/0x0008000000015d75-11.dat	xmrig
behavioral1/files/0x0008000000015d7f-12.dat	xmrig
behavioral1/files/0x0007000000015e25-17.dat	xmrig
behavioral1/files/0x0007000000015f1b-30.dat	xmrig
behavioral1/files/0x0007000000015e47-27.dat	xmrig
behavioral1/memory/2092-33-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/444-48-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2876-44-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2308-43-0x00000000022F0000-0x0000000002644000-memory.dmp	xmrig
behavioral1/memory/2768-79-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x000500000001920f-80.dat	xmrig
behavioral1/memory/2736-76-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x00050000000192f0-118.dat	xmrig
behavioral1/files/0x000500000001932a-122.dat	xmrig
behavioral1/files/0x0005000000019346-132.dat	xmrig
behavioral1/files/0x00050000000193af-148.dat	xmrig
behavioral1/files/0x0005000000019494-161.dat	xmrig
behavioral1/files/0x00050000000194a7-177.dat	xmrig
behavioral1/files/0x0005000000019408-176.dat	xmrig
behavioral1/files/0x00050000000194da-173.dat	xmrig
behavioral1/files/0x00050000000194b4-167.dat	xmrig
behavioral1/files/0x00050000000193fa-156.dat	xmrig
behavioral1/files/0x00050000000193c9-149.dat	xmrig
behavioral1/files/0x00050000000194d4-170.dat	xmrig
behavioral1/memory/2676-317-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193f8-153.dat	xmrig
behavioral1/memory/1328-433-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2932-739-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a2-140.dat	xmrig
behavioral1/files/0x0005000000019384-137.dat	xmrig
behavioral1/files/0x0005000000019273-116.dat	xmrig
behavioral1/files/0x000500000001933e-128.dat	xmrig
behavioral1/files/0x0005000000019241-108.dat	xmrig
behavioral1/files/0x000500000001925c-112.dat	xmrig
behavioral1/memory/2932-97-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2308-102-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019234-100.dat	xmrig
behavioral1/files/0x0005000000019228-94.dat	xmrig
behavioral1/memory/1328-91-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x0009000000015d5c-88.dat	xmrig
behavioral1/memory/2676-85-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x000600000001903d-71.dat	xmrig
behavioral1/memory/3036-69-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/452-65-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2640-64-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2864-62-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2804-53-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018d68-50.dat	xmrig
behavioral1/files/0x0006000000019030-57.dat	xmrig
behavioral1/memory/2684-42-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x0009000000016c89-49.dat	xmrig
behavioral1/files/0x00090000000160ae-35.dat	xmrig
behavioral1/memory/444-3538-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2876-3539-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2864-3540-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2092-3537-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/3036-3536-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2684-3535-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/452-3541-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2768-3548-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2640-3553-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2804-3552-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3036	XGgAdgn.exe
2092	fIvrgGT.exe
2684	VOEoHRr.exe
2876	ixCKIMQ.exe
444	mfiEkwx.exe
2804	FnsQowM.exe
2864	nSGFzqi.exe
2736	rNvlEsD.exe
2640	ljwnZvt.exe
452	KdWzYwj.exe
2768	oZzMIbc.exe
2676	rDFQnjE.exe
1328	ozQrERN.exe
2932	VsjxBts.exe
2428	RJUAspD.exe
2920	eqPabcx.exe
864	sddBdvn.exe
2780	rChIIyL.exe
2952	McqxRan.exe
2576	nVHePJE.exe
1504	FzgggNI.exe
1332	EmUCIGf.exe
2356	QqSumKP.exe
2996	PiJsGqt.exe
1952	lzSYrQD.exe
2124	sGtkwfN.exe
2332	dIWvTiE.exe
2700	ZRAzRYJ.exe
872	PRdEAMy.exe
1860	bTMLTVc.exe
816	RUBvjKr.exe
1600	PpINPFY.exe
1744	WnuJbbl.exe
1832	eAourZo.exe
1628	DQSbMJU.exe
2168	DyNZPsd.exe
3068	oILDhnn.exe
1880	csnosun.exe
1112	nwOTlVY.exe
2644	ikDqkhC.exe
3060	ARplDlh.exe
1856	tMIMJcH.exe
2552	GPTfVLz.exe
692	OaMuaSE.exe
2280	YsZLRDm.exe
1876	SmQcFqs.exe
2448	HtzTxlY.exe
2500	ALOZTLQ.exe
892	gSihEVS.exe
1904	JwOVeGo.exe
1584	LlpoBbn.exe
2524	mhTgzjr.exe
1624	AyvutsJ.exe
2612	haEHcid.exe
2840	ZeHQQsV.exe
1348	kFfBLId.exe
1232	eCYYFIt.exe
1052	kUIGGdr.exe
2324	DJgNeZK.exe
3032	wsgipZL.exe
2744	YQJFUuU.exe
2944	EPnAnaZ.exe
2652	ezdRogb.exe
2388	aBdhefc.exe

Loads dropped DLL 64 IoCs

pid	Process
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2308-0-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/files/0x000b00000001225a-3.dat	upx
behavioral1/files/0x0008000000015d75-11.dat	upx
behavioral1/files/0x0008000000015d7f-12.dat	upx
behavioral1/files/0x0007000000015e25-17.dat	upx
behavioral1/files/0x0007000000015f1b-30.dat	upx
behavioral1/files/0x0007000000015e47-27.dat	upx
behavioral1/memory/2092-33-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/444-48-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2876-44-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/2768-79-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x000500000001920f-80.dat	upx
behavioral1/memory/2736-76-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x00050000000192f0-118.dat	upx
behavioral1/files/0x000500000001932a-122.dat	upx
behavioral1/files/0x0005000000019346-132.dat	upx
behavioral1/files/0x00050000000193af-148.dat	upx
behavioral1/files/0x0005000000019494-161.dat	upx
behavioral1/files/0x00050000000194a7-177.dat	upx
behavioral1/files/0x0005000000019408-176.dat	upx
behavioral1/files/0x00050000000194da-173.dat	upx
behavioral1/files/0x00050000000194b4-167.dat	upx
behavioral1/files/0x00050000000193fa-156.dat	upx
behavioral1/files/0x00050000000193c9-149.dat	upx
behavioral1/files/0x00050000000194d4-170.dat	upx
behavioral1/memory/2676-317-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x00050000000193f8-153.dat	upx
behavioral1/memory/1328-433-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2932-739-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/files/0x00050000000193a2-140.dat	upx
behavioral1/files/0x0005000000019384-137.dat	upx
behavioral1/files/0x0005000000019273-116.dat	upx
behavioral1/files/0x000500000001933e-128.dat	upx
behavioral1/files/0x0005000000019241-108.dat	upx
behavioral1/files/0x000500000001925c-112.dat	upx
behavioral1/memory/2932-97-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2308-102-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/files/0x0005000000019234-100.dat	upx
behavioral1/files/0x0005000000019228-94.dat	upx
behavioral1/memory/1328-91-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x0009000000015d5c-88.dat	upx
behavioral1/memory/2676-85-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x000600000001903d-71.dat	upx
behavioral1/memory/3036-69-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/452-65-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2640-64-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2864-62-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2804-53-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x0006000000018d68-50.dat	upx
behavioral1/files/0x0006000000019030-57.dat	upx
behavioral1/memory/2684-42-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x0009000000016c89-49.dat	upx
behavioral1/files/0x00090000000160ae-35.dat	upx
behavioral1/memory/444-3538-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2876-3539-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/2864-3540-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2092-3537-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/3036-3536-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2684-3535-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/452-3541-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2768-3548-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2640-3553-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2804-3552-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2932-3557-0x000000013FF20000-0x0000000140274000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\xDDGfNB.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHQrGmD.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvffDKh.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bbKPphk.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OExjxMq.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NPPULIz.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LQlGsej.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tWPYxcI.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iqWoSSC.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nkuVrqs.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jdegbKT.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tjSnmEc.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RusayhP.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rtmBNCY.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jKZaExz.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZwkEUEB.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xVVnkAG.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VuQyylc.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rgIuKMe.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZQUbgQj.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xGKQHFG.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rRcMuCd.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xUtjizD.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mhyqlfM.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYwITky.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DWjxNXL.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QSAswrW.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbkfIGu.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VyluJcV.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zSDjoAk.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\icvAKDq.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DgqHneH.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gmkMZMk.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VRorNyr.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gJGYQpF.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ficWZiS.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uzeIBkb.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eICctWx.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KrvwybN.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qjOmDGC.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTnjUTZ.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GVkimta.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OJPCZch.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hidELWY.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FDPuvwn.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMIMJcH.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhJteAT.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\japMUHi.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezBsjNf.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wuSmvIA.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PEAoygZ.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\obBReVl.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RWXniZy.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sddBdvn.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JWKHeYB.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RpOzxfF.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LFvQyGj.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yQSeAfw.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NygzOzF.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmglwCd.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdotSKu.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDSVuGi.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RwTuCwR.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vxDnAPe.exe	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 3036	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2308 wrote to memory of 3036	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2308 wrote to memory of 3036	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2308 wrote to memory of 2092	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2308 wrote to memory of 2092	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2308 wrote to memory of 2092	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2308 wrote to memory of 2684	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2308 wrote to memory of 2684	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2308 wrote to memory of 2684	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2308 wrote to memory of 2876	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2308 wrote to memory of 2876	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2308 wrote to memory of 2876	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2308 wrote to memory of 444	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2308 wrote to memory of 444	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2308 wrote to memory of 444	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2308 wrote to memory of 2804	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2308 wrote to memory of 2804	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2308 wrote to memory of 2804	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2308 wrote to memory of 2864	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2308 wrote to memory of 2864	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2308 wrote to memory of 2864	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2308 wrote to memory of 2736	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2308 wrote to memory of 2736	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2308 wrote to memory of 2736	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2308 wrote to memory of 452	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2308 wrote to memory of 452	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2308 wrote to memory of 452	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2308 wrote to memory of 2640	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2308 wrote to memory of 2640	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2308 wrote to memory of 2640	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2308 wrote to memory of 2768	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2308 wrote to memory of 2768	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2308 wrote to memory of 2768	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2308 wrote to memory of 2676	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2308 wrote to memory of 2676	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2308 wrote to memory of 2676	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2308 wrote to memory of 1328	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2308 wrote to memory of 1328	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2308 wrote to memory of 1328	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2308 wrote to memory of 2932	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2308 wrote to memory of 2932	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2308 wrote to memory of 2932	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2308 wrote to memory of 2428	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2308 wrote to memory of 2428	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2308 wrote to memory of 2428	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2308 wrote to memory of 2920	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2308 wrote to memory of 2920	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2308 wrote to memory of 2920	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2308 wrote to memory of 864	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2308 wrote to memory of 864	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2308 wrote to memory of 864	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2308 wrote to memory of 2780	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2308 wrote to memory of 2780	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2308 wrote to memory of 2780	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2308 wrote to memory of 2952	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2308 wrote to memory of 2952	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2308 wrote to memory of 2952	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2308 wrote to memory of 2576	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2308 wrote to memory of 2576	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2308 wrote to memory of 2576	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2308 wrote to memory of 1504	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2308 wrote to memory of 1504	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2308 wrote to memory of 1504	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2308 wrote to memory of 1332	2308	2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-26_56dd08e4861f42a9f418d4859e1b63f7_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Windows\System\XGgAdgn.exe
  C:\Windows\System\XGgAdgn.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\fIvrgGT.exe
  C:\Windows\System\fIvrgGT.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\VOEoHRr.exe
  C:\Windows\System\VOEoHRr.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\ixCKIMQ.exe
  C:\Windows\System\ixCKIMQ.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\mfiEkwx.exe
  C:\Windows\System\mfiEkwx.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\FnsQowM.exe
  C:\Windows\System\FnsQowM.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\nSGFzqi.exe
  C:\Windows\System\nSGFzqi.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\rNvlEsD.exe
  C:\Windows\System\rNvlEsD.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\KdWzYwj.exe
  C:\Windows\System\KdWzYwj.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\ljwnZvt.exe
  C:\Windows\System\ljwnZvt.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\oZzMIbc.exe
  C:\Windows\System\oZzMIbc.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\rDFQnjE.exe
  C:\Windows\System\rDFQnjE.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\ozQrERN.exe
  C:\Windows\System\ozQrERN.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\VsjxBts.exe
  C:\Windows\System\VsjxBts.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\RJUAspD.exe
  C:\Windows\System\RJUAspD.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\eqPabcx.exe
  C:\Windows\System\eqPabcx.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\sddBdvn.exe
  C:\Windows\System\sddBdvn.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\rChIIyL.exe
  C:\Windows\System\rChIIyL.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\McqxRan.exe
  C:\Windows\System\McqxRan.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\nVHePJE.exe
  C:\Windows\System\nVHePJE.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\FzgggNI.exe
  C:\Windows\System\FzgggNI.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\EmUCIGf.exe
  C:\Windows\System\EmUCIGf.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\QqSumKP.exe
  C:\Windows\System\QqSumKP.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\PiJsGqt.exe
  C:\Windows\System\PiJsGqt.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\lzSYrQD.exe
  C:\Windows\System\lzSYrQD.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\sGtkwfN.exe
  C:\Windows\System\sGtkwfN.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\dIWvTiE.exe
  C:\Windows\System\dIWvTiE.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\ZRAzRYJ.exe
  C:\Windows\System\ZRAzRYJ.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\PRdEAMy.exe
  C:\Windows\System\PRdEAMy.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\DyNZPsd.exe
  C:\Windows\System\DyNZPsd.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\bTMLTVc.exe
  C:\Windows\System\bTMLTVc.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\oILDhnn.exe
  C:\Windows\System\oILDhnn.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\RUBvjKr.exe
  C:\Windows\System\RUBvjKr.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\csnosun.exe
  C:\Windows\System\csnosun.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\PpINPFY.exe
  C:\Windows\System\PpINPFY.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\nwOTlVY.exe
  C:\Windows\System\nwOTlVY.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\WnuJbbl.exe
  C:\Windows\System\WnuJbbl.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\ikDqkhC.exe
  C:\Windows\System\ikDqkhC.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\eAourZo.exe
  C:\Windows\System\eAourZo.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\ARplDlh.exe
  C:\Windows\System\ARplDlh.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\DQSbMJU.exe
  C:\Windows\System\DQSbMJU.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\tMIMJcH.exe
  C:\Windows\System\tMIMJcH.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\GPTfVLz.exe
  C:\Windows\System\GPTfVLz.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\OaMuaSE.exe
  C:\Windows\System\OaMuaSE.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\YsZLRDm.exe
  C:\Windows\System\YsZLRDm.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\HtzTxlY.exe
  C:\Windows\System\HtzTxlY.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\SmQcFqs.exe
  C:\Windows\System\SmQcFqs.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\gSihEVS.exe
  C:\Windows\System\gSihEVS.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\ALOZTLQ.exe
  C:\Windows\System\ALOZTLQ.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\JwOVeGo.exe
  C:\Windows\System\JwOVeGo.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\LlpoBbn.exe
  C:\Windows\System\LlpoBbn.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\DJgNeZK.exe
  C:\Windows\System\DJgNeZK.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\mhTgzjr.exe
  C:\Windows\System\mhTgzjr.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\wsgipZL.exe
  C:\Windows\System\wsgipZL.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\AyvutsJ.exe
  C:\Windows\System\AyvutsJ.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\YQJFUuU.exe
  C:\Windows\System\YQJFUuU.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\haEHcid.exe
  C:\Windows\System\haEHcid.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\EPnAnaZ.exe
  C:\Windows\System\EPnAnaZ.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\ZeHQQsV.exe
  C:\Windows\System\ZeHQQsV.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\ezdRogb.exe
  C:\Windows\System\ezdRogb.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\kFfBLId.exe
  C:\Windows\System\kFfBLId.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\aBdhefc.exe
  C:\Windows\System\aBdhefc.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\eCYYFIt.exe
  C:\Windows\System\eCYYFIt.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\oVlJDfD.exe
  C:\Windows\System\oVlJDfD.exe
  2⤵
  PID:1840
- C:\Windows\System\kUIGGdr.exe
  C:\Windows\System\kUIGGdr.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\QKDDujX.exe
  C:\Windows\System\QKDDujX.exe
  2⤵
  PID:2060
- C:\Windows\System\jBQtlmJ.exe
  C:\Windows\System\jBQtlmJ.exe
  2⤵
  PID:2360
- C:\Windows\System\ahMHtHU.exe
  C:\Windows\System\ahMHtHU.exe
  2⤵
  PID:1756
- C:\Windows\System\CUhmiKb.exe
  C:\Windows\System\CUhmiKb.exe
  2⤵
  PID:1108
- C:\Windows\System\FUQkyPY.exe
  C:\Windows\System\FUQkyPY.exe
  2⤵
  PID:676
- C:\Windows\System\KwfeMgV.exe
  C:\Windows\System\KwfeMgV.exe
  2⤵
  PID:324
- C:\Windows\System\IlNBnXU.exe
  C:\Windows\System\IlNBnXU.exe
  2⤵
  PID:1340
- C:\Windows\System\bvOHMCQ.exe
  C:\Windows\System\bvOHMCQ.exe
  2⤵
  PID:2240
- C:\Windows\System\oypQMWx.exe
  C:\Windows\System\oypQMWx.exe
  2⤵
  PID:680
- C:\Windows\System\uQViQDN.exe
  C:\Windows\System\uQViQDN.exe
  2⤵
  PID:1764
- C:\Windows\System\JSBLhWP.exe
  C:\Windows\System\JSBLhWP.exe
  2⤵
  PID:776
- C:\Windows\System\WcAwUQE.exe
  C:\Windows\System\WcAwUQE.exe
  2⤵
  PID:276
- C:\Windows\System\MzvqYoU.exe
  C:\Windows\System\MzvqYoU.exe
  2⤵
  PID:1256
- C:\Windows\System\SwQSyeF.exe
  C:\Windows\System\SwQSyeF.exe
  2⤵
  PID:2488
- C:\Windows\System\xMKayqv.exe
  C:\Windows\System\xMKayqv.exe
  2⤵
  PID:1520
- C:\Windows\System\DbETGer.exe
  C:\Windows\System\DbETGer.exe
  2⤵
  PID:2568
- C:\Windows\System\PqtGWMv.exe
  C:\Windows\System\PqtGWMv.exe
  2⤵
  PID:1736
- C:\Windows\System\bywPFWU.exe
  C:\Windows\System\bywPFWU.exe
  2⤵
  PID:1524
- C:\Windows\System\MbDJFsO.exe
  C:\Windows\System\MbDJFsO.exe
  2⤵
  PID:2688
- C:\Windows\System\ummPdua.exe
  C:\Windows\System\ummPdua.exe
  2⤵
  PID:2852
- C:\Windows\System\rjEypEI.exe
  C:\Windows\System\rjEypEI.exe
  2⤵
  PID:2928
- C:\Windows\System\zVYlIkj.exe
  C:\Windows\System\zVYlIkj.exe
  2⤵
  PID:584
- C:\Windows\System\UMwUxGH.exe
  C:\Windows\System\UMwUxGH.exe
  2⤵
  PID:3004
- C:\Windows\System\uGTtGdN.exe
  C:\Windows\System\uGTtGdN.exe
  2⤵
  PID:1032
- C:\Windows\System\zBPEroP.exe
  C:\Windows\System\zBPEroP.exe
  2⤵
  PID:532
- C:\Windows\System\nWlkgLr.exe
  C:\Windows\System\nWlkgLr.exe
  2⤵
  PID:1864
- C:\Windows\System\CBmLmDF.exe
  C:\Windows\System\CBmLmDF.exe
  2⤵
  PID:912
- C:\Windows\System\VcWMnPr.exe
  C:\Windows\System\VcWMnPr.exe
  2⤵
  PID:2020
- C:\Windows\System\NeykiWq.exe
  C:\Windows\System\NeykiWq.exe
  2⤵
  PID:1708
- C:\Windows\System\vnDVMtW.exe
  C:\Windows\System\vnDVMtW.exe
  2⤵
  PID:2116
- C:\Windows\System\FzxInKN.exe
  C:\Windows\System\FzxInKN.exe
  2⤵
  PID:1788
- C:\Windows\System\dMuwwWa.exe
  C:\Windows\System\dMuwwWa.exe
  2⤵
  PID:3024
- C:\Windows\System\FtOUHny.exe
  C:\Windows\System\FtOUHny.exe
  2⤵
  PID:1712
- C:\Windows\System\lWjaXnm.exe
  C:\Windows\System\lWjaXnm.exe
  2⤵
  PID:2836
- C:\Windows\System\SWSbHPP.exe
  C:\Windows\System\SWSbHPP.exe
  2⤵
  PID:1792
- C:\Windows\System\IySoMfU.exe
  C:\Windows\System\IySoMfU.exe
  2⤵
  PID:2440
- C:\Windows\System\hTwRSTV.exe
  C:\Windows\System\hTwRSTV.exe
  2⤵
  PID:3048
- C:\Windows\System\zSpsnUg.exe
  C:\Windows\System\zSpsnUg.exe
  2⤵
  PID:2708
- C:\Windows\System\dEqiYUB.exe
  C:\Windows\System\dEqiYUB.exe
  2⤵
  PID:2668
- C:\Windows\System\JWKHeYB.exe
  C:\Windows\System\JWKHeYB.exe
  2⤵
  PID:2624
- C:\Windows\System\iPminFx.exe
  C:\Windows\System\iPminFx.exe
  2⤵
  PID:2416
- C:\Windows\System\fSCyFNK.exe
  C:\Windows\System\fSCyFNK.exe
  2⤵
  PID:2984
- C:\Windows\System\hdEStPn.exe
  C:\Windows\System\hdEStPn.exe
  2⤵
  PID:1288
- C:\Windows\System\vQPflRO.exe
  C:\Windows\System\vQPflRO.exe
  2⤵
  PID:1636
- C:\Windows\System\jBuZCpt.exe
  C:\Windows\System\jBuZCpt.exe
  2⤵
  PID:2432
- C:\Windows\System\vsVQfiY.exe
  C:\Windows\System\vsVQfiY.exe
  2⤵
  PID:2032
- C:\Windows\System\xJmGulJ.exe
  C:\Windows\System\xJmGulJ.exe
  2⤵
  PID:764
- C:\Windows\System\GUfmwFH.exe
  C:\Windows\System\GUfmwFH.exe
  2⤵
  PID:644
- C:\Windows\System\tUlTqAA.exe
  C:\Windows\System\tUlTqAA.exe
  2⤵
  PID:1620
- C:\Windows\System\LXFamoI.exe
  C:\Windows\System\LXFamoI.exe
  2⤵
  PID:1772
- C:\Windows\System\PNCbVkD.exe
  C:\Windows\System\PNCbVkD.exe
  2⤵
  PID:2832
- C:\Windows\System\SdxRzTS.exe
  C:\Windows\System\SdxRzTS.exe
  2⤵
  PID:2404
- C:\Windows\System\hvxohWW.exe
  C:\Windows\System\hvxohWW.exe
  2⤵
  PID:2696
- C:\Windows\System\JFdVOHy.exe
  C:\Windows\System\JFdVOHy.exe
  2⤵
  PID:640
- C:\Windows\System\peWEQqW.exe
  C:\Windows\System\peWEQqW.exe
  2⤵
  PID:2336
- C:\Windows\System\DddBOYE.exe
  C:\Windows\System\DddBOYE.exe
  2⤵
  PID:1680
- C:\Windows\System\ibiqKBx.exe
  C:\Windows\System\ibiqKBx.exe
  2⤵
  PID:884
- C:\Windows\System\xdczcHG.exe
  C:\Windows\System\xdczcHG.exe
  2⤵
  PID:2148
- C:\Windows\System\tDiWjRL.exe
  C:\Windows\System\tDiWjRL.exe
  2⤵
  PID:2860
- C:\Windows\System\mbiITMe.exe
  C:\Windows\System\mbiITMe.exe
  2⤵
  PID:2776
- C:\Windows\System\hxdknyT.exe
  C:\Windows\System\hxdknyT.exe
  2⤵
  PID:1540
- C:\Windows\System\yfdNeDK.exe
  C:\Windows\System\yfdNeDK.exe
  2⤵
  PID:1552
- C:\Windows\System\QSAswrW.exe
  C:\Windows\System\QSAswrW.exe
  2⤵
  PID:3076
- C:\Windows\System\rnrBgYQ.exe
  C:\Windows\System\rnrBgYQ.exe
  2⤵
  PID:3092
- C:\Windows\System\hqZiLnq.exe
  C:\Windows\System\hqZiLnq.exe
  2⤵
  PID:3108
- C:\Windows\System\uhJteAT.exe
  C:\Windows\System\uhJteAT.exe
  2⤵
  PID:3124
- C:\Windows\System\sBuCXdx.exe
  C:\Windows\System\sBuCXdx.exe
  2⤵
  PID:3140
- C:\Windows\System\isNyPTE.exe
  C:\Windows\System\isNyPTE.exe
  2⤵
  PID:3160
- C:\Windows\System\XRnNIcm.exe
  C:\Windows\System\XRnNIcm.exe
  2⤵
  PID:3176
- C:\Windows\System\ECYBPVt.exe
  C:\Windows\System\ECYBPVt.exe
  2⤵
  PID:3196
- C:\Windows\System\CjxJJuN.exe
  C:\Windows\System\CjxJJuN.exe
  2⤵
  PID:3212
- C:\Windows\System\mxeTQyP.exe
  C:\Windows\System\mxeTQyP.exe
  2⤵
  PID:3228
- C:\Windows\System\onPgKpm.exe
  C:\Windows\System\onPgKpm.exe
  2⤵
  PID:3244
- C:\Windows\System\QNdnLGd.exe
  C:\Windows\System\QNdnLGd.exe
  2⤵
  PID:3260
- C:\Windows\System\heRfbgH.exe
  C:\Windows\System\heRfbgH.exe
  2⤵
  PID:3276
- C:\Windows\System\JrKwKKX.exe
  C:\Windows\System\JrKwKKX.exe
  2⤵
  PID:3292
- C:\Windows\System\xGKQHFG.exe
  C:\Windows\System\xGKQHFG.exe
  2⤵
  PID:3308
- C:\Windows\System\rkHUxec.exe
  C:\Windows\System\rkHUxec.exe
  2⤵
  PID:3324
- C:\Windows\System\cAWoPdo.exe
  C:\Windows\System\cAWoPdo.exe
  2⤵
  PID:3340
- C:\Windows\System\hVnibAJ.exe
  C:\Windows\System\hVnibAJ.exe
  2⤵
  PID:3356
- C:\Windows\System\vtfwmyj.exe
  C:\Windows\System\vtfwmyj.exe
  2⤵
  PID:3372
- C:\Windows\System\HrEQEXx.exe
  C:\Windows\System\HrEQEXx.exe
  2⤵
  PID:3388
- C:\Windows\System\rRmuAyq.exe
  C:\Windows\System\rRmuAyq.exe
  2⤵
  PID:3404
- C:\Windows\System\NHhOZor.exe
  C:\Windows\System\NHhOZor.exe
  2⤵
  PID:3424
- C:\Windows\System\PDrESkG.exe
  C:\Windows\System\PDrESkG.exe
  2⤵
  PID:3640
- C:\Windows\System\xotFbYJ.exe
  C:\Windows\System\xotFbYJ.exe
  2⤵
  PID:3656
- C:\Windows\System\BlInmCh.exe
  C:\Windows\System\BlInmCh.exe
  2⤵
  PID:3672
- C:\Windows\System\VGUzrdR.exe
  C:\Windows\System\VGUzrdR.exe
  2⤵
  PID:3688
- C:\Windows\System\mtbQhFZ.exe
  C:\Windows\System\mtbQhFZ.exe
  2⤵
  PID:3704
- C:\Windows\System\mqfdMcW.exe
  C:\Windows\System\mqfdMcW.exe
  2⤵
  PID:3720
- C:\Windows\System\yhGgklW.exe
  C:\Windows\System\yhGgklW.exe
  2⤵
  PID:3736
- C:\Windows\System\PyvjFLH.exe
  C:\Windows\System\PyvjFLH.exe
  2⤵
  PID:3752
- C:\Windows\System\aGybyfu.exe
  C:\Windows\System\aGybyfu.exe
  2⤵
  PID:3768
- C:\Windows\System\OjGYaLG.exe
  C:\Windows\System\OjGYaLG.exe
  2⤵
  PID:3784
- C:\Windows\System\DZddTEO.exe
  C:\Windows\System\DZddTEO.exe
  2⤵
  PID:3800
- C:\Windows\System\HsvRiAi.exe
  C:\Windows\System\HsvRiAi.exe
  2⤵
  PID:3816
- C:\Windows\System\rUqWqkp.exe
  C:\Windows\System\rUqWqkp.exe
  2⤵
  PID:3832
- C:\Windows\System\YevGdZg.exe
  C:\Windows\System\YevGdZg.exe
  2⤵
  PID:3848
- C:\Windows\System\sEdEmIX.exe
  C:\Windows\System\sEdEmIX.exe
  2⤵
  PID:3868
- C:\Windows\System\uSWKkzf.exe
  C:\Windows\System\uSWKkzf.exe
  2⤵
  PID:3884
- C:\Windows\System\japMUHi.exe
  C:\Windows\System\japMUHi.exe
  2⤵
  PID:3900
- C:\Windows\System\GUhAkiZ.exe
  C:\Windows\System\GUhAkiZ.exe
  2⤵
  PID:3916
- C:\Windows\System\IRVFuDy.exe
  C:\Windows\System\IRVFuDy.exe
  2⤵
  PID:3932
- C:\Windows\System\eICctWx.exe
  C:\Windows\System\eICctWx.exe
  2⤵
  PID:3948
- C:\Windows\System\cSxoEaT.exe
  C:\Windows\System\cSxoEaT.exe
  2⤵
  PID:3964
- C:\Windows\System\nkuVrqs.exe
  C:\Windows\System\nkuVrqs.exe
  2⤵
  PID:3980
- C:\Windows\System\GYAypGg.exe
  C:\Windows\System\GYAypGg.exe
  2⤵
  PID:3996
- C:\Windows\System\GrgHdrR.exe
  C:\Windows\System\GrgHdrR.exe
  2⤵
  PID:4012
- C:\Windows\System\qcFPoTr.exe
  C:\Windows\System\qcFPoTr.exe
  2⤵
  PID:4028
- C:\Windows\System\mRiZHJm.exe
  C:\Windows\System\mRiZHJm.exe
  2⤵
  PID:4044
- C:\Windows\System\PqrevWg.exe
  C:\Windows\System\PqrevWg.exe
  2⤵
  PID:3268
- C:\Windows\System\kgIvBCM.exe
  C:\Windows\System\kgIvBCM.exe
  2⤵
  PID:3304
- C:\Windows\System\yhqIAqn.exe
  C:\Windows\System\yhqIAqn.exe
  2⤵
  PID:2372
- C:\Windows\System\LfknucI.exe
  C:\Windows\System\LfknucI.exe
  2⤵
  PID:3120
- C:\Windows\System\KZcqQNe.exe
  C:\Windows\System\KZcqQNe.exe
  2⤵
  PID:3284
- C:\Windows\System\bPtJimZ.exe
  C:\Windows\System\bPtJimZ.exe
  2⤵
  PID:3436
- C:\Windows\System\dpCELdb.exe
  C:\Windows\System\dpCELdb.exe
  2⤵
  PID:3452
- C:\Windows\System\IgyujsM.exe
  C:\Windows\System\IgyujsM.exe
  2⤵
  PID:3468
- C:\Windows\System\GVxjKyD.exe
  C:\Windows\System\GVxjKyD.exe
  2⤵
  PID:3484
- C:\Windows\System\cQSfYBc.exe
  C:\Windows\System\cQSfYBc.exe
  2⤵
  PID:3504
- C:\Windows\System\kADzzdx.exe
  C:\Windows\System\kADzzdx.exe
  2⤵
  PID:3524
- C:\Windows\System\CGqWDfG.exe
  C:\Windows\System\CGqWDfG.exe
  2⤵
  PID:3540
- C:\Windows\System\yTnjUTZ.exe
  C:\Windows\System\yTnjUTZ.exe
  2⤵
  PID:3552
- C:\Windows\System\UsvSufl.exe
  C:\Windows\System\UsvSufl.exe
  2⤵
  PID:1260
- C:\Windows\System\EqNYxoP.exe
  C:\Windows\System\EqNYxoP.exe
  2⤵
  PID:3600
- C:\Windows\System\MRaaJlR.exe
  C:\Windows\System\MRaaJlR.exe
  2⤵
  PID:3616
- C:\Windows\System\kBsywAd.exe
  C:\Windows\System\kBsywAd.exe
  2⤵
  PID:3684
- C:\Windows\System\NtKpzpQ.exe
  C:\Windows\System\NtKpzpQ.exe
  2⤵
  PID:3748
- C:\Windows\System\jscEDYI.exe
  C:\Windows\System\jscEDYI.exe
  2⤵
  PID:3840
- C:\Windows\System\hkkhqdJ.exe
  C:\Windows\System\hkkhqdJ.exe
  2⤵
  PID:3700
- C:\Windows\System\FBvhSEg.exe
  C:\Windows\System\FBvhSEg.exe
  2⤵
  PID:3760
- C:\Windows\System\XNmuvlJ.exe
  C:\Windows\System\XNmuvlJ.exe
  2⤵
  PID:3828
- C:\Windows\System\sNKPjLO.exe
  C:\Windows\System\sNKPjLO.exe
  2⤵
  PID:3880
- C:\Windows\System\loAdicL.exe
  C:\Windows\System\loAdicL.exe
  2⤵
  PID:3940
- C:\Windows\System\RjqpNdB.exe
  C:\Windows\System\RjqpNdB.exe
  2⤵
  PID:3928
- C:\Windows\System\ojKxxoX.exe
  C:\Windows\System\ojKxxoX.exe
  2⤵
  PID:3988
- C:\Windows\System\QWXvmJd.exe
  C:\Windows\System\QWXvmJd.exe
  2⤵
  PID:3976
- C:\Windows\System\kAenlZy.exe
  C:\Windows\System\kAenlZy.exe
  2⤵
  PID:4040
- C:\Windows\System\AZVYxIU.exe
  C:\Windows\System\AZVYxIU.exe
  2⤵
  PID:4072
- C:\Windows\System\FwRoupi.exe
  C:\Windows\System\FwRoupi.exe
  2⤵
  PID:4052
- C:\Windows\System\BmZbjUp.exe
  C:\Windows\System\BmZbjUp.exe
  2⤵
  PID:2064
- C:\Windows\System\qUOYskp.exe
  C:\Windows\System\qUOYskp.exe
  2⤵
  PID:4092
- C:\Windows\System\ZvsOLIh.exe
  C:\Windows\System\ZvsOLIh.exe
  2⤵
  PID:3136
- C:\Windows\System\GYeSMTY.exe
  C:\Windows\System\GYeSMTY.exe
  2⤵
  PID:2172
- C:\Windows\System\EJCVdUe.exe
  C:\Windows\System\EJCVdUe.exe
  2⤵
  PID:3380
- C:\Windows\System\TSRdlgO.exe
  C:\Windows\System\TSRdlgO.exe
  2⤵
  PID:2608
- C:\Windows\System\RjqQEOz.exe
  C:\Windows\System\RjqQEOz.exe
  2⤵
  PID:3316
- C:\Windows\System\kiuDTaM.exe
  C:\Windows\System\kiuDTaM.exe
  2⤵
  PID:2616
- C:\Windows\System\TgymYlW.exe
  C:\Windows\System\TgymYlW.exe
  2⤵
  PID:1508
- C:\Windows\System\tHPeync.exe
  C:\Windows\System\tHPeync.exe
  2⤵
  PID:3240
- C:\Windows\System\qXCwJqe.exe
  C:\Windows\System\qXCwJqe.exe
  2⤵
  PID:2748
- C:\Windows\System\fllGseG.exe
  C:\Windows\System\fllGseG.exe
  2⤵
  PID:3480
- C:\Windows\System\rQJnCTL.exe
  C:\Windows\System\rQJnCTL.exe
  2⤵
  PID:3536
- C:\Windows\System\RlxVKmg.exe
  C:\Windows\System\RlxVKmg.exe
  2⤵
  PID:3444
- C:\Windows\System\JJfPbwF.exe
  C:\Windows\System\JJfPbwF.exe
  2⤵
  PID:3156
- C:\Windows\System\OZTRlqK.exe
  C:\Windows\System\OZTRlqK.exe
  2⤵
  PID:3224
- C:\Windows\System\aDFzmCH.exe
  C:\Windows\System\aDFzmCH.exe
  2⤵
  PID:3576
- C:\Windows\System\fvpQdoz.exe
  C:\Windows\System\fvpQdoz.exe
  2⤵
  PID:3612
- C:\Windows\System\dtaAuzv.exe
  C:\Windows\System\dtaAuzv.exe
  2⤵
  PID:3808
- C:\Windows\System\lFkwZYc.exe
  C:\Windows\System\lFkwZYc.exe
  2⤵
  PID:3664
- C:\Windows\System\ZFIoSBD.exe
  C:\Windows\System\ZFIoSBD.exe
  2⤵
  PID:3792
- C:\Windows\System\IDpSyGp.exe
  C:\Windows\System\IDpSyGp.exe
  2⤵
  PID:3912
- C:\Windows\System\BWYaFyV.exe
  C:\Windows\System\BWYaFyV.exe
  2⤵
  PID:3960
- C:\Windows\System\FdNDvri.exe
  C:\Windows\System\FdNDvri.exe
  2⤵
  PID:4036
- C:\Windows\System\fAaBrhp.exe
  C:\Windows\System\fAaBrhp.exe
  2⤵
  PID:3596
- C:\Windows\System\sulkaes.exe
  C:\Windows\System\sulkaes.exe
  2⤵
  PID:2788
- C:\Windows\System\yUZsoWG.exe
  C:\Windows\System\yUZsoWG.exe
  2⤵
  PID:3680
- C:\Windows\System\JClbAtN.exe
  C:\Windows\System\JClbAtN.exe
  2⤵
  PID:3764
- C:\Windows\System\LqGkbMB.exe
  C:\Windows\System\LqGkbMB.exe
  2⤵
  PID:3892
- C:\Windows\System\ZMlvgUy.exe
  C:\Windows\System\ZMlvgUy.exe
  2⤵
  PID:2604
- C:\Windows\System\icvAKDq.exe
  C:\Windows\System\icvAKDq.exe
  2⤵
  PID:2844
- C:\Windows\System\ebxSjKb.exe
  C:\Windows\System\ebxSjKb.exe
  2⤵
  PID:1640
- C:\Windows\System\rYgPCwQ.exe
  C:\Windows\System\rYgPCwQ.exe
  2⤵
  PID:1808
- C:\Windows\System\VfHTGGW.exe
  C:\Windows\System\VfHTGGW.exe
  2⤵
  PID:2800
- C:\Windows\System\imNBzHH.exe
  C:\Windows\System\imNBzHH.exe
  2⤵
  PID:3236
- C:\Windows\System\gRlKHhq.exe
  C:\Windows\System\gRlKHhq.exe
  2⤵
  PID:3204
- C:\Windows\System\bBYZkUf.exe
  C:\Windows\System\bBYZkUf.exe
  2⤵
  PID:3352
- C:\Windows\System\clkDNBF.exe
  C:\Windows\System\clkDNBF.exe
  2⤵
  PID:3116
- C:\Windows\System\nBtvkYW.exe
  C:\Windows\System\nBtvkYW.exe
  2⤵
  PID:3332
- C:\Windows\System\sorEMqs.exe
  C:\Windows\System\sorEMqs.exe
  2⤵
  PID:3396
- C:\Windows\System\sYLyFSK.exe
  C:\Windows\System\sYLyFSK.exe
  2⤵
  PID:3500
- C:\Windows\System\mvDvkch.exe
  C:\Windows\System\mvDvkch.exe
  2⤵
  PID:1268
- C:\Windows\System\wrGYjGs.exe
  C:\Windows\System\wrGYjGs.exe
  2⤵
  PID:3956
- C:\Windows\System\bcePAEf.exe
  C:\Windows\System\bcePAEf.exe
  2⤵
  PID:3460
- C:\Windows\System\WgJkbIM.exe
  C:\Windows\System\WgJkbIM.exe
  2⤵
  PID:3608
- C:\Windows\System\MOJfRee.exe
  C:\Windows\System\MOJfRee.exe
  2⤵
  PID:3908
- C:\Windows\System\qQLyJgR.exe
  C:\Windows\System\qQLyJgR.exe
  2⤵
  PID:4084
- C:\Windows\System\TKdsUPt.exe
  C:\Windows\System\TKdsUPt.exe
  2⤵
  PID:3944
- C:\Windows\System\lmMZAsV.exe
  C:\Windows\System\lmMZAsV.exe
  2⤵
  PID:3572
- C:\Windows\System\VnHJwgl.exe
  C:\Windows\System\VnHJwgl.exe
  2⤵
  PID:2672
- C:\Windows\System\gamjWlw.exe
  C:\Windows\System\gamjWlw.exe
  2⤵
  PID:3744
- C:\Windows\System\GoYaqRs.exe
  C:\Windows\System\GoYaqRs.exe
  2⤵
  PID:3336
- C:\Windows\System\BANZVmq.exe
  C:\Windows\System\BANZVmq.exe
  2⤵
  PID:3628
- C:\Windows\System\lslognC.exe
  C:\Windows\System\lslognC.exe
  2⤵
  PID:4064
- C:\Windows\System\NFsOhGd.exe
  C:\Windows\System\NFsOhGd.exe
  2⤵
  PID:3100
- C:\Windows\System\ZxCxBzC.exe
  C:\Windows\System\ZxCxBzC.exe
  2⤵
  PID:3084
- C:\Windows\System\ICRmiNj.exe
  C:\Windows\System\ICRmiNj.exe
  2⤵
  PID:3416
- C:\Windows\System\RusayhP.exe
  C:\Windows\System\RusayhP.exe
  2⤵
  PID:2940
- C:\Windows\System\ohJDAAV.exe
  C:\Windows\System\ohJDAAV.exe
  2⤵
  PID:3472
- C:\Windows\System\VmxcGwl.exe
  C:\Windows\System\VmxcGwl.exe
  2⤵
  PID:3192
- C:\Windows\System\RcZNgIh.exe
  C:\Windows\System\RcZNgIh.exe
  2⤵
  PID:4024
- C:\Windows\System\PttfZpp.exe
  C:\Windows\System\PttfZpp.exe
  2⤵
  PID:4088
- C:\Windows\System\FwkGMuz.exe
  C:\Windows\System\FwkGMuz.exe
  2⤵
  PID:3520
- C:\Windows\System\SvBGaLI.exe
  C:\Windows\System\SvBGaLI.exe
  2⤵
  PID:2400
- C:\Windows\System\rarjwmT.exe
  C:\Windows\System\rarjwmT.exe
  2⤵
  PID:3864
- C:\Windows\System\zQpIdEE.exe
  C:\Windows\System\zQpIdEE.exe
  2⤵
  PID:1868
- C:\Windows\System\KMXDWXC.exe
  C:\Windows\System\KMXDWXC.exe
  2⤵
  PID:2096
- C:\Windows\System\pzsLmBx.exe
  C:\Windows\System\pzsLmBx.exe
  2⤵
  PID:2536
- C:\Windows\System\mUkxDep.exe
  C:\Windows\System\mUkxDep.exe
  2⤵
  PID:2724
- C:\Windows\System\VEwctEy.exe
  C:\Windows\System\VEwctEy.exe
  2⤵
  PID:4104
- C:\Windows\System\pRxTlRC.exe
  C:\Windows\System\pRxTlRC.exe
  2⤵
  PID:4120
- C:\Windows\System\gUJsAAV.exe
  C:\Windows\System\gUJsAAV.exe
  2⤵
  PID:4136
- C:\Windows\System\FdxCPhI.exe
  C:\Windows\System\FdxCPhI.exe
  2⤵
  PID:4152
- C:\Windows\System\peLcmzN.exe
  C:\Windows\System\peLcmzN.exe
  2⤵
  PID:4168
- C:\Windows\System\NsuuUuD.exe
  C:\Windows\System\NsuuUuD.exe
  2⤵
  PID:4184
- C:\Windows\System\TMZvpmd.exe
  C:\Windows\System\TMZvpmd.exe
  2⤵
  PID:4200
- C:\Windows\System\vpEReow.exe
  C:\Windows\System\vpEReow.exe
  2⤵
  PID:4216
- C:\Windows\System\xKSArPG.exe
  C:\Windows\System\xKSArPG.exe
  2⤵
  PID:4232
- C:\Windows\System\emTOuKe.exe
  C:\Windows\System\emTOuKe.exe
  2⤵
  PID:4248
- C:\Windows\System\JbkfIGu.exe
  C:\Windows\System\JbkfIGu.exe
  2⤵
  PID:4264
- C:\Windows\System\AkVlHbp.exe
  C:\Windows\System\AkVlHbp.exe
  2⤵
  PID:4280
- C:\Windows\System\UXwRUmm.exe
  C:\Windows\System\UXwRUmm.exe
  2⤵
  PID:4296
- C:\Windows\System\xEVTLOs.exe
  C:\Windows\System\xEVTLOs.exe
  2⤵
  PID:4312
- C:\Windows\System\YmoDYXg.exe
  C:\Windows\System\YmoDYXg.exe
  2⤵
  PID:4328
- C:\Windows\System\rRcMuCd.exe
  C:\Windows\System\rRcMuCd.exe
  2⤵
  PID:4344
- C:\Windows\System\cvAopEe.exe
  C:\Windows\System\cvAopEe.exe
  2⤵
  PID:4360
- C:\Windows\System\MwLFITA.exe
  C:\Windows\System\MwLFITA.exe
  2⤵
  PID:4376
- C:\Windows\System\xeRDdbJ.exe
  C:\Windows\System\xeRDdbJ.exe
  2⤵
  PID:4392
- C:\Windows\System\uvffDKh.exe
  C:\Windows\System\uvffDKh.exe
  2⤵
  PID:4408
- C:\Windows\System\hBlZMEc.exe
  C:\Windows\System\hBlZMEc.exe
  2⤵
  PID:4424
- C:\Windows\System\qVfmAda.exe
  C:\Windows\System\qVfmAda.exe
  2⤵
  PID:4440
- C:\Windows\System\DdYCvms.exe
  C:\Windows\System\DdYCvms.exe
  2⤵
  PID:4456
- C:\Windows\System\aYEYJtW.exe
  C:\Windows\System\aYEYJtW.exe
  2⤵
  PID:4472
- C:\Windows\System\zbBIABY.exe
  C:\Windows\System\zbBIABY.exe
  2⤵
  PID:4488
- C:\Windows\System\NPOSQWe.exe
  C:\Windows\System\NPOSQWe.exe
  2⤵
  PID:4504
- C:\Windows\System\PVJUPdZ.exe
  C:\Windows\System\PVJUPdZ.exe
  2⤵
  PID:4520
- C:\Windows\System\bHGEBGu.exe
  C:\Windows\System\bHGEBGu.exe
  2⤵
  PID:4536
- C:\Windows\System\JtEnzJb.exe
  C:\Windows\System\JtEnzJb.exe
  2⤵
  PID:4552
- C:\Windows\System\xcCURQK.exe
  C:\Windows\System\xcCURQK.exe
  2⤵
  PID:4568
- C:\Windows\System\qWBKCtq.exe
  C:\Windows\System\qWBKCtq.exe
  2⤵
  PID:4588
- C:\Windows\System\pHUEzSG.exe
  C:\Windows\System\pHUEzSG.exe
  2⤵
  PID:4604
- C:\Windows\System\JRuaCeR.exe
  C:\Windows\System\JRuaCeR.exe
  2⤵
  PID:4620
- C:\Windows\System\PGhcxFk.exe
  C:\Windows\System\PGhcxFk.exe
  2⤵
  PID:4636
- C:\Windows\System\CWHmQGK.exe
  C:\Windows\System\CWHmQGK.exe
  2⤵
  PID:4652
- C:\Windows\System\KnowkxP.exe
  C:\Windows\System\KnowkxP.exe
  2⤵
  PID:4668
- C:\Windows\System\mOAGDdW.exe
  C:\Windows\System\mOAGDdW.exe
  2⤵
  PID:4684
- C:\Windows\System\DzItPKt.exe
  C:\Windows\System\DzItPKt.exe
  2⤵
  PID:4700
- C:\Windows\System\wnyIIBn.exe
  C:\Windows\System\wnyIIBn.exe
  2⤵
  PID:4716
- C:\Windows\System\KCRXiLj.exe
  C:\Windows\System\KCRXiLj.exe
  2⤵
  PID:4732
- C:\Windows\System\yoHwJqu.exe
  C:\Windows\System\yoHwJqu.exe
  2⤵
  PID:4748
- C:\Windows\System\QQjGCHq.exe
  C:\Windows\System\QQjGCHq.exe
  2⤵
  PID:4764
- C:\Windows\System\Tnxhszg.exe
  C:\Windows\System\Tnxhszg.exe
  2⤵
  PID:4780
- C:\Windows\System\kffXzCw.exe
  C:\Windows\System\kffXzCw.exe
  2⤵
  PID:4796
- C:\Windows\System\shroDKj.exe
  C:\Windows\System\shroDKj.exe
  2⤵
  PID:4812
- C:\Windows\System\CBeLvOG.exe
  C:\Windows\System\CBeLvOG.exe
  2⤵
  PID:4828
- C:\Windows\System\VzqwZKz.exe
  C:\Windows\System\VzqwZKz.exe
  2⤵
  PID:4844
- C:\Windows\System\IvTFWTA.exe
  C:\Windows\System\IvTFWTA.exe
  2⤵
  PID:4860
- C:\Windows\System\efnuFxX.exe
  C:\Windows\System\efnuFxX.exe
  2⤵
  PID:4876
- C:\Windows\System\wmNENiP.exe
  C:\Windows\System\wmNENiP.exe
  2⤵
  PID:4892
- C:\Windows\System\jvGmCpq.exe
  C:\Windows\System\jvGmCpq.exe
  2⤵
  PID:4908
- C:\Windows\System\mHcjOMK.exe
  C:\Windows\System\mHcjOMK.exe
  2⤵
  PID:4924
- C:\Windows\System\vpQwXkM.exe
  C:\Windows\System\vpQwXkM.exe
  2⤵
  PID:4940
- C:\Windows\System\kxiAFYc.exe
  C:\Windows\System\kxiAFYc.exe
  2⤵
  PID:4956
- C:\Windows\System\IwoEAbk.exe
  C:\Windows\System\IwoEAbk.exe
  2⤵
  PID:4972
- C:\Windows\System\WLEGGjs.exe
  C:\Windows\System\WLEGGjs.exe
  2⤵
  PID:4988
- C:\Windows\System\opyFEMl.exe
  C:\Windows\System\opyFEMl.exe
  2⤵
  PID:5004
- C:\Windows\System\RcKFkXo.exe
  C:\Windows\System\RcKFkXo.exe
  2⤵
  PID:5020
- C:\Windows\System\ntcwXyK.exe
  C:\Windows\System\ntcwXyK.exe
  2⤵
  PID:5036
- C:\Windows\System\tZtxRld.exe
  C:\Windows\System\tZtxRld.exe
  2⤵
  PID:5056
- C:\Windows\System\PIfexOo.exe
  C:\Windows\System\PIfexOo.exe
  2⤵
  PID:5072
- C:\Windows\System\buBvsaq.exe
  C:\Windows\System\buBvsaq.exe
  2⤵
  PID:5088
- C:\Windows\System\jeaOxBE.exe
  C:\Windows\System\jeaOxBE.exe
  2⤵
  PID:5104
- C:\Windows\System\wlWAcUM.exe
  C:\Windows\System\wlWAcUM.exe
  2⤵
  PID:3696
- C:\Windows\System\SrZnklt.exe
  C:\Windows\System\SrZnklt.exe
  2⤵
  PID:4116
- C:\Windows\System\gHDzCVf.exe
  C:\Windows\System\gHDzCVf.exe
  2⤵
  PID:4180
- C:\Windows\System\IfpjzuR.exe
  C:\Windows\System\IfpjzuR.exe
  2⤵
  PID:2720
- C:\Windows\System\SqfrWHv.exe
  C:\Windows\System\SqfrWHv.exe
  2⤵
  PID:4244
- C:\Windows\System\SGEIrug.exe
  C:\Windows\System\SGEIrug.exe
  2⤵
  PID:4304
- C:\Windows\System\sjXeZbD.exe
  C:\Windows\System\sjXeZbD.exe
  2⤵
  PID:4276
- C:\Windows\System\aYwITky.exe
  C:\Windows\System\aYwITky.exe
  2⤵
  PID:2908
- C:\Windows\System\tcBKoKd.exe
  C:\Windows\System\tcBKoKd.exe
  2⤵
  PID:4400
- C:\Windows\System\yFkTPpT.exe
  C:\Windows\System\yFkTPpT.exe
  2⤵
  PID:4436
- C:\Windows\System\dOvSuCk.exe
  C:\Windows\System\dOvSuCk.exe
  2⤵
  PID:4500
- C:\Windows\System\irznJyE.exe
  C:\Windows\System\irznJyE.exe
  2⤵
  PID:4560
- C:\Windows\System\dNcokay.exe
  C:\Windows\System\dNcokay.exe
  2⤵
  PID:2288
- C:\Windows\System\yzuLMTH.exe
  C:\Windows\System\yzuLMTH.exe
  2⤵
  PID:3652
- C:\Windows\System\sIRNcZw.exe
  C:\Windows\System\sIRNcZw.exe
  2⤵
  PID:4132
- C:\Windows\System\rfMMIHl.exe
  C:\Windows\System\rfMMIHl.exe
  2⤵
  PID:4192
- C:\Windows\System\LSdgQTP.exe
  C:\Windows\System\LSdgQTP.exe
  2⤵
  PID:4288
- C:\Windows\System\xVZdwyb.exe
  C:\Windows\System\xVZdwyb.exe
  2⤵
  PID:4384
- C:\Windows\System\lyFCgCJ.exe
  C:\Windows\System\lyFCgCJ.exe
  2⤵
  PID:4448
- C:\Windows\System\qNbbNvT.exe
  C:\Windows\System\qNbbNvT.exe
  2⤵
  PID:4516
- C:\Windows\System\LffanMC.exe
  C:\Windows\System\LffanMC.exe
  2⤵
  PID:4544
- C:\Windows\System\BXkkfMO.exe
  C:\Windows\System\BXkkfMO.exe
  2⤵
  PID:4628
- C:\Windows\System\adWTDsV.exe
  C:\Windows\System\adWTDsV.exe
  2⤵
  PID:1824
- C:\Windows\System\wXDfQVE.exe
  C:\Windows\System\wXDfQVE.exe
  2⤵
  PID:4664
- C:\Windows\System\xUtjizD.exe
  C:\Windows\System\xUtjizD.exe
  2⤵
  PID:4696
- C:\Windows\System\qbGgaHJ.exe
  C:\Windows\System\qbGgaHJ.exe
  2⤵
  PID:2180
- C:\Windows\System\eXpiiQU.exe
  C:\Windows\System\eXpiiQU.exe
  2⤵
  PID:4824
- C:\Windows\System\oSmhCUn.exe
  C:\Windows\System\oSmhCUn.exe
  2⤵
  PID:4676
- C:\Windows\System\VLYepLZ.exe
  C:\Windows\System\VLYepLZ.exe
  2⤵
  PID:4612
- C:\Windows\System\RPMPseS.exe
  C:\Windows\System\RPMPseS.exe
  2⤵
  PID:4772
- C:\Windows\System\pjEReVA.exe
  C:\Windows\System\pjEReVA.exe
  2⤵
  PID:4840
- C:\Windows\System\rrxLpEk.exe
  C:\Windows\System\rrxLpEk.exe
  2⤵
  PID:4856
- C:\Windows\System\bbKPphk.exe
  C:\Windows\System\bbKPphk.exe
  2⤵
  PID:4952
- C:\Windows\System\HYVUCPk.exe
  C:\Windows\System\HYVUCPk.exe
  2⤵
  PID:4744
- C:\Windows\System\VueTaIj.exe
  C:\Windows\System\VueTaIj.exe
  2⤵
  PID:5048
- C:\Windows\System\RCEnLig.exe
  C:\Windows\System\RCEnLig.exe
  2⤵
  PID:4900
- C:\Windows\System\eCUrIup.exe
  C:\Windows\System\eCUrIup.exe
  2⤵
  PID:4936
- C:\Windows\System\xeEuCNO.exe
  C:\Windows\System\xeEuCNO.exe
  2⤵
  PID:4996
- C:\Windows\System\CJEQNHV.exe
  C:\Windows\System\CJEQNHV.exe
  2⤵
  PID:5028
- C:\Windows\System\tPNmUAE.exe
  C:\Windows\System\tPNmUAE.exe
  2⤵
  PID:5096
- C:\Windows\System\lmXuffC.exe
  C:\Windows\System\lmXuffC.exe
  2⤵
  PID:3716
- C:\Windows\System\dUeswxl.exe
  C:\Windows\System\dUeswxl.exe
  2⤵
  PID:4212
- C:\Windows\System\RpOzxfF.exe
  C:\Windows\System\RpOzxfF.exe
  2⤵
  PID:3516
- C:\Windows\System\ASSZjbn.exe
  C:\Windows\System\ASSZjbn.exe
  2⤵
  PID:4128
- C:\Windows\System\GYiaPON.exe
  C:\Windows\System\GYiaPON.exe
  2⤵
  PID:1364
- C:\Windows\System\OPHJMBS.exe
  C:\Windows\System\OPHJMBS.exe
  2⤵
  PID:4416
- C:\Windows\System\ULvXSzU.exe
  C:\Windows\System\ULvXSzU.exe
  2⤵
  PID:4432
- C:\Windows\System\vKEsCCj.exe
  C:\Windows\System\vKEsCCj.exe
  2⤵
  PID:4532
- C:\Windows\System\kPnVVMu.exe
  C:\Windows\System\kPnVVMu.exe
  2⤵
  PID:4356
- C:\Windows\System\zUjbBTT.exe
  C:\Windows\System\zUjbBTT.exe
  2⤵
  PID:4596
- C:\Windows\System\dudTKoP.exe
  C:\Windows\System\dudTKoP.exe
  2⤵
  PID:4708
- C:\Windows\System\uPtPFva.exe
  C:\Windows\System\uPtPFva.exe
  2⤵
  PID:4584
- C:\Windows\System\OthhLuO.exe
  C:\Windows\System\OthhLuO.exe
  2⤵
  PID:4920
- C:\Windows\System\bHrLEFf.exe
  C:\Windows\System\bHrLEFf.exe
  2⤵
  PID:4712
- C:\Windows\System\ocQtZzE.exe
  C:\Windows\System\ocQtZzE.exe
  2⤵
  PID:4112
- C:\Windows\System\uniqbjV.exe
  C:\Windows\System\uniqbjV.exe
  2⤵
  PID:4196
- C:\Windows\System\UoJLGPC.exe
  C:\Windows\System\UoJLGPC.exe
  2⤵
  PID:2980
- C:\Windows\System\Viwzuco.exe
  C:\Windows\System\Viwzuco.exe
  2⤵
  PID:4484
- C:\Windows\System\AshNMRy.exe
  C:\Windows\System\AshNMRy.exe
  2⤵
  PID:5136
- C:\Windows\System\McUkcJQ.exe
  C:\Windows\System\McUkcJQ.exe
  2⤵
  PID:5152
- C:\Windows\System\JJLXHDm.exe
  C:\Windows\System\JJLXHDm.exe
  2⤵
  PID:5168
- C:\Windows\System\eAZFXSG.exe
  C:\Windows\System\eAZFXSG.exe
  2⤵
  PID:5184
- C:\Windows\System\dvHCgtG.exe
  C:\Windows\System\dvHCgtG.exe
  2⤵
  PID:5204
- C:\Windows\System\sNIyNbl.exe
  C:\Windows\System\sNIyNbl.exe
  2⤵
  PID:5220
- C:\Windows\System\fEPerjm.exe
  C:\Windows\System\fEPerjm.exe
  2⤵
  PID:5236
- C:\Windows\System\FwLZBGR.exe
  C:\Windows\System\FwLZBGR.exe
  2⤵
  PID:5252
- C:\Windows\System\qWpYvvF.exe
  C:\Windows\System\qWpYvvF.exe
  2⤵
  PID:5268
- C:\Windows\System\RwTuCwR.exe
  C:\Windows\System\RwTuCwR.exe
  2⤵
  PID:5284
- C:\Windows\System\VEFFdQo.exe
  C:\Windows\System\VEFFdQo.exe
  2⤵
  PID:5300
- C:\Windows\System\XVocQHE.exe
  C:\Windows\System\XVocQHE.exe
  2⤵
  PID:5316
- C:\Windows\System\jQhphzf.exe
  C:\Windows\System\jQhphzf.exe
  2⤵
  PID:5332
- C:\Windows\System\cMcTOUJ.exe
  C:\Windows\System\cMcTOUJ.exe
  2⤵
  PID:5348
- C:\Windows\System\vxDnAPe.exe
  C:\Windows\System\vxDnAPe.exe
  2⤵
  PID:5364
- C:\Windows\System\vdUsVjw.exe
  C:\Windows\System\vdUsVjw.exe
  2⤵
  PID:5388
- C:\Windows\System\rXmIaoj.exe
  C:\Windows\System\rXmIaoj.exe
  2⤵
  PID:5408
- C:\Windows\System\WRvSxun.exe
  C:\Windows\System\WRvSxun.exe
  2⤵
  PID:5424
- C:\Windows\System\YqCDWTr.exe
  C:\Windows\System\YqCDWTr.exe
  2⤵
  PID:5440
- C:\Windows\System\APwqpil.exe
  C:\Windows\System\APwqpil.exe
  2⤵
  PID:5456
- C:\Windows\System\NCABacY.exe
  C:\Windows\System\NCABacY.exe
  2⤵
  PID:5476
- C:\Windows\System\YATSluM.exe
  C:\Windows\System\YATSluM.exe
  2⤵
  PID:5492
- C:\Windows\System\DWQbtVU.exe
  C:\Windows\System\DWQbtVU.exe
  2⤵
  PID:5508
- C:\Windows\System\zhYGAMX.exe
  C:\Windows\System\zhYGAMX.exe
  2⤵
  PID:5524
- C:\Windows\System\ilLPJfU.exe
  C:\Windows\System\ilLPJfU.exe
  2⤵
  PID:5540
- C:\Windows\System\zuGhATZ.exe
  C:\Windows\System\zuGhATZ.exe
  2⤵
  PID:5556
- C:\Windows\System\DGLOAtm.exe
  C:\Windows\System\DGLOAtm.exe
  2⤵
  PID:5572
- C:\Windows\System\XFvgKvC.exe
  C:\Windows\System\XFvgKvC.exe
  2⤵
  PID:5588
- C:\Windows\System\PaYzQMY.exe
  C:\Windows\System\PaYzQMY.exe
  2⤵
  PID:5604
- C:\Windows\System\vuJBtbW.exe
  C:\Windows\System\vuJBtbW.exe
  2⤵
  PID:5620
- C:\Windows\System\yfqxBwP.exe
  C:\Windows\System\yfqxBwP.exe
  2⤵
  PID:5636
- C:\Windows\System\BWNvTVu.exe
  C:\Windows\System\BWNvTVu.exe
  2⤵
  PID:5652
- C:\Windows\System\GLbrMrb.exe
  C:\Windows\System\GLbrMrb.exe
  2⤵
  PID:5668
- C:\Windows\System\qIxpgrk.exe
  C:\Windows\System\qIxpgrk.exe
  2⤵
  PID:5688
- C:\Windows\System\OHJRBaP.exe
  C:\Windows\System\OHJRBaP.exe
  2⤵
  PID:5704
- C:\Windows\System\rubFGGD.exe
  C:\Windows\System\rubFGGD.exe
  2⤵
  PID:5720
- C:\Windows\System\BZfideh.exe
  C:\Windows\System\BZfideh.exe
  2⤵
  PID:5736
- C:\Windows\System\rAkVpqr.exe
  C:\Windows\System\rAkVpqr.exe
  2⤵
  PID:5752
- C:\Windows\System\iVNxJXi.exe
  C:\Windows\System\iVNxJXi.exe
  2⤵
  PID:5768
- C:\Windows\System\WkndRsH.exe
  C:\Windows\System\WkndRsH.exe
  2⤵
  PID:5784
- C:\Windows\System\CPtzVON.exe
  C:\Windows\System\CPtzVON.exe
  2⤵
  PID:5800
- C:\Windows\System\AxekYbi.exe
  C:\Windows\System\AxekYbi.exe
  2⤵
  PID:5820
- C:\Windows\System\NqLAUpM.exe
  C:\Windows\System\NqLAUpM.exe
  2⤵
  PID:5836
- C:\Windows\System\vRYXBfz.exe
  C:\Windows\System\vRYXBfz.exe
  2⤵
  PID:5852
- C:\Windows\System\awCnCDp.exe
  C:\Windows\System\awCnCDp.exe
  2⤵
  PID:5872
- C:\Windows\System\HLwhhdD.exe
  C:\Windows\System\HLwhhdD.exe
  2⤵
  PID:5924
- C:\Windows\System\aQagfPc.exe
  C:\Windows\System\aQagfPc.exe
  2⤵
  PID:5940
- C:\Windows\System\QaajGpQ.exe
  C:\Windows\System\QaajGpQ.exe
  2⤵
  PID:5956
- C:\Windows\System\dmVFnya.exe
  C:\Windows\System\dmVFnya.exe
  2⤵
  PID:5972
- C:\Windows\System\FjdEpXZ.exe
  C:\Windows\System\FjdEpXZ.exe
  2⤵
  PID:5988
- C:\Windows\System\jpAzjtI.exe
  C:\Windows\System\jpAzjtI.exe
  2⤵
  PID:6004
- C:\Windows\System\XGzTgHn.exe
  C:\Windows\System\XGzTgHn.exe
  2⤵
  PID:6020
- C:\Windows\System\TyGdsJG.exe
  C:\Windows\System\TyGdsJG.exe
  2⤵
  PID:6036
- C:\Windows\System\jpZsXjU.exe
  C:\Windows\System\jpZsXjU.exe
  2⤵
  PID:6052
- C:\Windows\System\gGJbvab.exe
  C:\Windows\System\gGJbvab.exe
  2⤵
  PID:6068
- C:\Windows\System\xXknztX.exe
  C:\Windows\System\xXknztX.exe
  2⤵
  PID:6084
- C:\Windows\System\UTxrPgA.exe
  C:\Windows\System\UTxrPgA.exe
  2⤵
  PID:6100
- C:\Windows\System\ZplUTau.exe
  C:\Windows\System\ZplUTau.exe
  2⤵
  PID:6116
- C:\Windows\System\munXYGc.exe
  C:\Windows\System\munXYGc.exe
  2⤵
  PID:6132
- C:\Windows\System\nWNnNpL.exe
  C:\Windows\System\nWNnNpL.exe
  2⤵
  PID:4580
- C:\Windows\System\xQUQYru.exe
  C:\Windows\System\xQUQYru.exe
  2⤵
  PID:948
- C:\Windows\System\vugoWSD.exe
  C:\Windows\System\vugoWSD.exe
  2⤵
  PID:4888
- C:\Windows\System\LIIfMrB.exe
  C:\Windows\System\LIIfMrB.exe
  2⤵
  PID:4868
- C:\Windows\System\SugIekz.exe
  C:\Windows\System\SugIekz.exe
  2⤵
  PID:5068
- C:\Windows\System\tQfPxKa.exe
  C:\Windows\System\tQfPxKa.exe
  2⤵
  PID:3592
- C:\Windows\System\XmForsB.exe
  C:\Windows\System\XmForsB.exe
  2⤵
  PID:2256
- C:\Windows\System\nVIbqzg.exe
  C:\Windows\System\nVIbqzg.exe
  2⤵
  PID:4660
- C:\Windows\System\zIaexYt.exe
  C:\Windows\System\zIaexYt.exe
  2⤵
  PID:4836
- C:\Windows\System\EmUQWZW.exe
  C:\Windows\System\EmUQWZW.exe
  2⤵
  PID:376
- C:\Windows\System\DgxORXT.exe
  C:\Windows\System\DgxORXT.exe
  2⤵
  PID:4160
- C:\Windows\System\ahJLgBE.exe
  C:\Windows\System\ahJLgBE.exe
  2⤵
  PID:4512
- C:\Windows\System\gkXyVMc.exe
  C:\Windows\System\gkXyVMc.exe
  2⤵
  PID:5160
- C:\Windows\System\aczfWsp.exe
  C:\Windows\System\aczfWsp.exe
  2⤵
  PID:5180
- C:\Windows\System\TkGMSOQ.exe
  C:\Windows\System\TkGMSOQ.exe
  2⤵
  PID:5244
- C:\Windows\System\PlzgKmu.exe
  C:\Windows\System\PlzgKmu.exe
  2⤵
  PID:5312
- C:\Windows\System\GVkimta.exe
  C:\Windows\System\GVkimta.exe
  2⤵
  PID:5192
- C:\Windows\System\DLCvnoH.exe
  C:\Windows\System\DLCvnoH.exe
  2⤵
  PID:5264
- C:\Windows\System\IQPCSSE.exe
  C:\Windows\System\IQPCSSE.exe
  2⤵
  PID:5296
- C:\Windows\System\eIzCTde.exe
  C:\Windows\System\eIzCTde.exe
  2⤵
  PID:5356
- C:\Windows\System\lFBxCNF.exe
  C:\Windows\System\lFBxCNF.exe
  2⤵
  PID:5432
- C:\Windows\System\UwFPMQB.exe
  C:\Windows\System\UwFPMQB.exe
  2⤵
  PID:5468
- C:\Windows\System\MhRVkWN.exe
  C:\Windows\System\MhRVkWN.exe
  2⤵
  PID:5504
- C:\Windows\System\HLIgFTD.exe
  C:\Windows\System\HLIgFTD.exe
  2⤵
  PID:5568
- C:\Windows\System\kjNnyfN.exe
  C:\Windows\System\kjNnyfN.exe
  2⤵
  PID:5628
- C:\Windows\System\mLLJwAD.exe
  C:\Windows\System\mLLJwAD.exe
  2⤵
  PID:5696
- C:\Windows\System\sRKlOmo.exe
  C:\Windows\System\sRKlOmo.exe
  2⤵
  PID:5764
- C:\Windows\System\bfxZIad.exe
  C:\Windows\System\bfxZIad.exe
  2⤵
  PID:5828
- C:\Windows\System\hbkCoqn.exe
  C:\Windows\System\hbkCoqn.exe
  2⤵
  PID:5420
- C:\Windows\System\JbRuHOg.exe
  C:\Windows\System\JbRuHOg.exe
  2⤵
  PID:5516
- C:\Windows\System\xBnnhXi.exe
  C:\Windows\System\xBnnhXi.exe
  2⤵
  PID:5584
- C:\Windows\System\SZaEaID.exe
  C:\Windows\System\SZaEaID.exe
  2⤵
  PID:5648
- C:\Windows\System\zQWAmnD.exe
  C:\Windows\System\zQWAmnD.exe
  2⤵
  PID:5680
- C:\Windows\System\MWqKkwD.exe
  C:\Windows\System\MWqKkwD.exe
  2⤵
  PID:5712
- C:\Windows\System\JpTYmPl.exe
  C:\Windows\System\JpTYmPl.exe
  2⤵
  PID:5776
- C:\Windows\System\DgqHneH.exe
  C:\Windows\System\DgqHneH.exe
  2⤵
  PID:5848
- C:\Windows\System\BieNPHr.exe
  C:\Windows\System\BieNPHr.exe
  2⤵
  PID:5892
- C:\Windows\System\YPxJkZE.exe
  C:\Windows\System\YPxJkZE.exe
  2⤵
  PID:5908
- C:\Windows\System\NdJplea.exe
  C:\Windows\System\NdJplea.exe
  2⤵
  PID:5920
- C:\Windows\System\aHStiqt.exe
  C:\Windows\System\aHStiqt.exe
  2⤵
  PID:5948
- C:\Windows\System\wUegYfR.exe
  C:\Windows\System\wUegYfR.exe
  2⤵
  PID:6032
- C:\Windows\System\CGlCbkH.exe
  C:\Windows\System\CGlCbkH.exe
  2⤵
  PID:6092
- C:\Windows\System\GJDhJZY.exe
  C:\Windows\System\GJDhJZY.exe
  2⤵
  PID:4760
- C:\Windows\System\qhmFoSE.exe
  C:\Windows\System\qhmFoSE.exe
  2⤵
  PID:6016
- C:\Windows\System\ljtyCda.exe
  C:\Windows\System\ljtyCda.exe
  2⤵
  PID:6076
- C:\Windows\System\ezBsjNf.exe
  C:\Windows\System\ezBsjNf.exe
  2⤵
  PID:2972
- C:\Windows\System\UOfjsLX.exe
  C:\Windows\System\UOfjsLX.exe
  2⤵
  PID:5080
- C:\Windows\System\CZzJcqC.exe
  C:\Windows\System\CZzJcqC.exe
  2⤵
  PID:4820
- C:\Windows\System\DJPFRHu.exe
  C:\Windows\System\DJPFRHu.exe
  2⤵
  PID:5112
- C:\Windows\System\fPxZSgZ.exe
  C:\Windows\System\fPxZSgZ.exe
  2⤵
  PID:5128
- C:\Windows\System\ZrbxHUM.exe
  C:\Windows\System\ZrbxHUM.exe
  2⤵
  PID:3088
- C:\Windows\System\jAPtuCq.exe
  C:\Windows\System\jAPtuCq.exe
  2⤵
  PID:4576
- C:\Windows\System\MyshmpK.exe
  C:\Windows\System\MyshmpK.exe
  2⤵
  PID:5212
- C:\Windows\System\XbsJLgw.exe
  C:\Windows\System\XbsJLgw.exe
  2⤵
  PID:5372
- C:\Windows\System\bPiCRHb.exe
  C:\Windows\System\bPiCRHb.exe
  2⤵
  PID:5292
- C:\Windows\System\HeGochU.exe
  C:\Windows\System\HeGochU.exe
  2⤵
  PID:5280
- C:\Windows\System\KIuWenm.exe
  C:\Windows\System\KIuWenm.exe
  2⤵
  PID:5436
- C:\Windows\System\CwbPBqH.exe
  C:\Windows\System\CwbPBqH.exe
  2⤵
  PID:5384
- C:\Windows\System\yQSeAfw.exe
  C:\Windows\System\yQSeAfw.exe
  2⤵
  PID:5664
- C:\Windows\System\NvstwLf.exe
  C:\Windows\System\NvstwLf.exe
  2⤵
  PID:5732
- C:\Windows\System\nAbKofL.exe
  C:\Windows\System\nAbKofL.exe
  2⤵
  PID:5488
- C:\Windows\System\zbYotyk.exe
  C:\Windows\System\zbYotyk.exe
  2⤵
  PID:5644
- C:\Windows\System\NNfToIB.exe
  C:\Windows\System\NNfToIB.exe
  2⤵
  PID:5520
- C:\Windows\System\orMfWkY.exe
  C:\Windows\System\orMfWkY.exe
  2⤵
  PID:5416
- C:\Windows\System\RgwksmZ.exe
  C:\Windows\System\RgwksmZ.exe
  2⤵
  PID:5936
- C:\Windows\System\jvmHtmF.exe
  C:\Windows\System\jvmHtmF.exe
  2⤵
  PID:5808
- C:\Windows\System\aRegOCI.exe
  C:\Windows\System\aRegOCI.exe
  2⤵
  PID:6012
- C:\Windows\System\aOodNHX.exe
  C:\Windows\System\aOodNHX.exe
  2⤵
  PID:6128
- C:\Windows\System\pPKwFsd.exe
  C:\Windows\System\pPKwFsd.exe
  2⤵
  PID:5916
- C:\Windows\System\VAUVTEM.exe
  C:\Windows\System\VAUVTEM.exe
  2⤵
  PID:6140
- C:\Windows\System\utRbBIq.exe
  C:\Windows\System\utRbBIq.exe
  2⤵
  PID:6080
- C:\Windows\System\kORUVFM.exe
  C:\Windows\System\kORUVFM.exe
  2⤵
  PID:4324
- C:\Windows\System\LhzPjZG.exe
  C:\Windows\System\LhzPjZG.exe
  2⤵
  PID:5044
- C:\Windows\System\wTOyEcp.exe
  C:\Windows\System\wTOyEcp.exe
  2⤵
  PID:5328
- C:\Windows\System\ADGMSSi.exe
  C:\Windows\System\ADGMSSi.exe
  2⤵
  PID:5728
- C:\Windows\System\OExjxMq.exe
  C:\Windows\System\OExjxMq.exe
  2⤵
  PID:6060
- C:\Windows\System\PSNGbNy.exe
  C:\Windows\System\PSNGbNy.exe
  2⤵
  PID:6064
- C:\Windows\System\JrsSJen.exe
  C:\Windows\System\JrsSJen.exe
  2⤵
  PID:5744
- C:\Windows\System\BCQlWVD.exe
  C:\Windows\System\BCQlWVD.exe
  2⤵
  PID:5228
- C:\Windows\System\AqMAjGv.exe
  C:\Windows\System\AqMAjGv.exe
  2⤵
  PID:5796
- C:\Windows\System\LdfcAWC.exe
  C:\Windows\System\LdfcAWC.exe
  2⤵
  PID:6112
- C:\Windows\System\kIYdYYW.exe
  C:\Windows\System\kIYdYYW.exe
  2⤵
  PID:5904
- C:\Windows\System\bwtbaKK.exe
  C:\Windows\System\bwtbaKK.exe
  2⤵
  PID:5932
- C:\Windows\System\FRtVFne.exe
  C:\Windows\System\FRtVFne.exe
  2⤵
  PID:5812
- C:\Windows\System\fmsEtfF.exe
  C:\Windows\System\fmsEtfF.exe
  2⤵
  PID:5660
- C:\Windows\System\ABXThyc.exe
  C:\Windows\System\ABXThyc.exe
  2⤵
  PID:5012
- C:\Windows\System\yMlzayf.exe
  C:\Windows\System\yMlzayf.exe
  2⤵
  PID:5260
- C:\Windows\System\bQeOsok.exe
  C:\Windows\System\bQeOsok.exe
  2⤵
  PID:4528
- C:\Windows\System\CsGgQya.exe
  C:\Windows\System\CsGgQya.exe
  2⤵
  PID:6124
- C:\Windows\System\zVJpMXq.exe
  C:\Windows\System\zVJpMXq.exe
  2⤵
  PID:5344
- C:\Windows\System\WupFYlS.exe
  C:\Windows\System\WupFYlS.exe
  2⤵
  PID:6148
- C:\Windows\System\pnLmyky.exe
  C:\Windows\System\pnLmyky.exe
  2⤵
  PID:6164
- C:\Windows\System\UvGguFG.exe
  C:\Windows\System\UvGguFG.exe
  2⤵
  PID:6180
- C:\Windows\System\uyWixTy.exe
  C:\Windows\System\uyWixTy.exe
  2⤵
  PID:6196
- C:\Windows\System\vaRgxUv.exe
  C:\Windows\System\vaRgxUv.exe
  2⤵
  PID:6212
- C:\Windows\System\TVlSkNd.exe
  C:\Windows\System\TVlSkNd.exe
  2⤵
  PID:6228
- C:\Windows\System\qfIOLeK.exe
  C:\Windows\System\qfIOLeK.exe
  2⤵
  PID:6244
- C:\Windows\System\KrvwybN.exe
  C:\Windows\System\KrvwybN.exe
  2⤵
  PID:6260
- C:\Windows\System\asUYlJS.exe
  C:\Windows\System\asUYlJS.exe
  2⤵
  PID:6276
- C:\Windows\System\QDDHoUr.exe
  C:\Windows\System\QDDHoUr.exe
  2⤵
  PID:6292
- C:\Windows\System\eZIvBpn.exe
  C:\Windows\System\eZIvBpn.exe
  2⤵
  PID:6308
- C:\Windows\System\uXCQXUG.exe
  C:\Windows\System\uXCQXUG.exe
  2⤵
  PID:6324
- C:\Windows\System\owjfope.exe
  C:\Windows\System\owjfope.exe
  2⤵
  PID:6340
- C:\Windows\System\lQjjDlW.exe
  C:\Windows\System\lQjjDlW.exe
  2⤵
  PID:6356
- C:\Windows\System\zftzreR.exe
  C:\Windows\System\zftzreR.exe
  2⤵
  PID:6372
- C:\Windows\System\QcbhMBY.exe
  C:\Windows\System\QcbhMBY.exe
  2⤵
  PID:6388
- C:\Windows\System\zCuBGKe.exe
  C:\Windows\System\zCuBGKe.exe
  2⤵
  PID:6404
- C:\Windows\System\erJFSQx.exe
  C:\Windows\System\erJFSQx.exe
  2⤵
  PID:6420
- C:\Windows\System\VgxJFfd.exe
  C:\Windows\System\VgxJFfd.exe
  2⤵
  PID:6436
- C:\Windows\System\sosyWPU.exe
  C:\Windows\System\sosyWPU.exe
  2⤵
  PID:6452
- C:\Windows\System\VRFWbsA.exe
  C:\Windows\System\VRFWbsA.exe
  2⤵
  PID:6468
- C:\Windows\System\uJKYOid.exe
  C:\Windows\System\uJKYOid.exe
  2⤵
  PID:6484
- C:\Windows\System\ipWsKRi.exe
  C:\Windows\System\ipWsKRi.exe
  2⤵
  PID:6500
- C:\Windows\System\cvmOcNk.exe
  C:\Windows\System\cvmOcNk.exe
  2⤵
  PID:6516
- C:\Windows\System\JDVfllG.exe
  C:\Windows\System\JDVfllG.exe
  2⤵
  PID:6532
- C:\Windows\System\dDZBbiw.exe
  C:\Windows\System\dDZBbiw.exe
  2⤵
  PID:6548
- C:\Windows\System\RwYaRBI.exe
  C:\Windows\System\RwYaRBI.exe
  2⤵
  PID:6564
- C:\Windows\System\okCVzHI.exe
  C:\Windows\System\okCVzHI.exe
  2⤵
  PID:6580
- C:\Windows\System\lsJvjHt.exe
  C:\Windows\System\lsJvjHt.exe
  2⤵
  PID:6596
- C:\Windows\System\JwQHKUu.exe
  C:\Windows\System\JwQHKUu.exe
  2⤵
  PID:6612
- C:\Windows\System\AvhqIpO.exe
  C:\Windows\System\AvhqIpO.exe
  2⤵
  PID:6628
- C:\Windows\System\ukVDIgg.exe
  C:\Windows\System\ukVDIgg.exe
  2⤵
  PID:6644
- C:\Windows\System\obbYqJo.exe
  C:\Windows\System\obbYqJo.exe
  2⤵
  PID:6660
- C:\Windows\System\mZdJzJw.exe
  C:\Windows\System\mZdJzJw.exe
  2⤵
  PID:6676
- C:\Windows\System\evocrKq.exe
  C:\Windows\System\evocrKq.exe
  2⤵
  PID:6692
- C:\Windows\System\HALXzSc.exe
  C:\Windows\System\HALXzSc.exe
  2⤵
  PID:6708
- C:\Windows\System\SMetLvQ.exe
  C:\Windows\System\SMetLvQ.exe
  2⤵
  PID:6724
- C:\Windows\System\tJJcEYa.exe
  C:\Windows\System\tJJcEYa.exe
  2⤵
  PID:6740
- C:\Windows\System\xHSTfap.exe
  C:\Windows\System\xHSTfap.exe
  2⤵
  PID:6756
- C:\Windows\System\xEZJhaj.exe
  C:\Windows\System\xEZJhaj.exe
  2⤵
  PID:6772
- C:\Windows\System\gYrUmlx.exe
  C:\Windows\System\gYrUmlx.exe
  2⤵
  PID:6788
- C:\Windows\System\OyWzZrg.exe
  C:\Windows\System\OyWzZrg.exe
  2⤵
  PID:6804
- C:\Windows\System\cDZjawT.exe
  C:\Windows\System\cDZjawT.exe
  2⤵
  PID:6820
- C:\Windows\System\PUWRZRj.exe
  C:\Windows\System\PUWRZRj.exe
  2⤵
  PID:6836
- C:\Windows\System\xXRNpfy.exe
  C:\Windows\System\xXRNpfy.exe
  2⤵
  PID:6852
- C:\Windows\System\calOxFB.exe
  C:\Windows\System\calOxFB.exe
  2⤵
  PID:6868
- C:\Windows\System\ORUlzYZ.exe
  C:\Windows\System\ORUlzYZ.exe
  2⤵
  PID:6884
- C:\Windows\System\YryqIkX.exe
  C:\Windows\System\YryqIkX.exe
  2⤵
  PID:6900
- C:\Windows\System\dSPrXGf.exe
  C:\Windows\System\dSPrXGf.exe
  2⤵
  PID:6916
- C:\Windows\System\bKKzQTT.exe
  C:\Windows\System\bKKzQTT.exe
  2⤵
  PID:6932
- C:\Windows\System\kNQFomd.exe
  C:\Windows\System\kNQFomd.exe
  2⤵
  PID:6948
- C:\Windows\System\uStLcjG.exe
  C:\Windows\System\uStLcjG.exe
  2⤵
  PID:6964
- C:\Windows\System\sympcQW.exe
  C:\Windows\System\sympcQW.exe
  2⤵
  PID:6980
- C:\Windows\System\LMMhRlw.exe
  C:\Windows\System\LMMhRlw.exe
  2⤵
  PID:6996
- C:\Windows\System\jdegbKT.exe
  C:\Windows\System\jdegbKT.exe
  2⤵
  PID:7012
- C:\Windows\System\xDDGfNB.exe
  C:\Windows\System\xDDGfNB.exe
  2⤵
  PID:7028
- C:\Windows\System\EsnBSJh.exe
  C:\Windows\System\EsnBSJh.exe
  2⤵
  PID:7044
- C:\Windows\System\dFkaGxJ.exe
  C:\Windows\System\dFkaGxJ.exe
  2⤵
  PID:7060
- C:\Windows\System\KlAjQFF.exe
  C:\Windows\System\KlAjQFF.exe
  2⤵
  PID:7076
- C:\Windows\System\WWpUkSg.exe
  C:\Windows\System\WWpUkSg.exe
  2⤵
  PID:7092
- C:\Windows\System\dkaDavo.exe
  C:\Windows\System\dkaDavo.exe
  2⤵
  PID:7108
- C:\Windows\System\vlMiYYT.exe
  C:\Windows\System\vlMiYYT.exe
  2⤵
  PID:7124
- C:\Windows\System\AlPrOTN.exe
  C:\Windows\System\AlPrOTN.exe
  2⤵
  PID:7140
- C:\Windows\System\NygzOzF.exe
  C:\Windows\System\NygzOzF.exe
  2⤵
  PID:7160
- C:\Windows\System\zvojbmS.exe
  C:\Windows\System\zvojbmS.exe
  2⤵
  PID:6156
- C:\Windows\System\ilOfuGy.exe
  C:\Windows\System\ilOfuGy.exe
  2⤵
  PID:6252
- C:\Windows\System\DhCOnva.exe
  C:\Windows\System\DhCOnva.exe
  2⤵
  PID:6320
- C:\Windows\System\KNvHkyC.exe
  C:\Windows\System\KNvHkyC.exe
  2⤵
  PID:6380
- C:\Windows\System\imOUENr.exe
  C:\Windows\System\imOUENr.exe
  2⤵
  PID:6204
- C:\Windows\System\LwwCPkR.exe
  C:\Windows\System\LwwCPkR.exe
  2⤵
  PID:6000
- C:\Windows\System\sKCxQSS.exe
  C:\Windows\System\sKCxQSS.exe
  2⤵
  PID:6240
- C:\Windows\System\cHhacrL.exe
  C:\Windows\System\cHhacrL.exe
  2⤵
  PID:5064
- C:\Windows\System\FrNtjxN.exe
  C:\Windows\System\FrNtjxN.exe
  2⤵
  PID:6412
- C:\Windows\System\qjOmDGC.exe
  C:\Windows\System\qjOmDGC.exe
  2⤵
  PID:6476
- C:\Windows\System\nGsziHn.exe
  C:\Windows\System\nGsziHn.exe
  2⤵
  PID:6336
- C:\Windows\System\tTDVoCa.exe
  C:\Windows\System\tTDVoCa.exe
  2⤵
  PID:6508
- C:\Windows\System\IpPtxJf.exe
  C:\Windows\System\IpPtxJf.exe
  2⤵
  PID:6572
- C:\Windows\System\ywEtlbM.exe
  C:\Windows\System\ywEtlbM.exe
  2⤵
  PID:6460
- C:\Windows\System\NRsADse.exe
  C:\Windows\System\NRsADse.exe
  2⤵
  PID:6604
- C:\Windows\System\zgUzrHM.exe
  C:\Windows\System\zgUzrHM.exe
  2⤵
  PID:6556
- C:\Windows\System\qjkPMGS.exe
  C:\Windows\System\qjkPMGS.exe
  2⤵
  PID:6636
- C:\Windows\System\YINoirL.exe
  C:\Windows\System\YINoirL.exe
  2⤵
  PID:6672
- C:\Windows\System\SDbEksb.exe
  C:\Windows\System\SDbEksb.exe
  2⤵
  PID:6652
- C:\Windows\System\BRvpSDW.exe
  C:\Windows\System\BRvpSDW.exe
  2⤵
  PID:6732
- C:\Windows\System\qyofYoN.exe
  C:\Windows\System\qyofYoN.exe
  2⤵
  PID:6716
- C:\Windows\System\ZwkEUEB.exe
  C:\Windows\System\ZwkEUEB.exe
  2⤵
  PID:6796
- C:\Windows\System\zBdYQRQ.exe
  C:\Windows\System\zBdYQRQ.exe
  2⤵
  PID:6864
- C:\Windows\System\VRorNyr.exe
  C:\Windows\System\VRorNyr.exe
  2⤵
  PID:6748
- C:\Windows\System\QfntUND.exe
  C:\Windows\System\QfntUND.exe
  2⤵
  PID:6928
- C:\Windows\System\HPdEXbJ.exe
  C:\Windows\System\HPdEXbJ.exe
  2⤵
  PID:6988
- C:\Windows\System\fchfWSm.exe
  C:\Windows\System\fchfWSm.exe
  2⤵
  PID:6784
- C:\Windows\System\XRMLUoJ.exe
  C:\Windows\System\XRMLUoJ.exe
  2⤵
  PID:6848
- C:\Windows\System\IYxHFcq.exe
  C:\Windows\System\IYxHFcq.exe
  2⤵
  PID:7088
- C:\Windows\System\xVVnkAG.exe
  C:\Windows\System\xVVnkAG.exe
  2⤵
  PID:6908
- C:\Windows\System\VtHLTOo.exe
  C:\Windows\System\VtHLTOo.exe
  2⤵
  PID:7132
- C:\Windows\System\CWtfalR.exe
  C:\Windows\System\CWtfalR.exe
  2⤵
  PID:6972
- C:\Windows\System\wHbcFlD.exe
  C:\Windows\System\wHbcFlD.exe
  2⤵
  PID:7036
- C:\Windows\System\xSTpZvI.exe
  C:\Windows\System\xSTpZvI.exe
  2⤵
  PID:7104
- C:\Windows\System\OJPCZch.exe
  C:\Windows\System\OJPCZch.exe
  2⤵
  PID:6352
- C:\Windows\System\DlKqWcn.exe
  C:\Windows\System\DlKqWcn.exe
  2⤵
  PID:6288
- C:\Windows\System\PMLPVtW.exe
  C:\Windows\System\PMLPVtW.exe
  2⤵
  PID:6396
- C:\Windows\System\kfaSTah.exe
  C:\Windows\System\kfaSTah.exe
  2⤵
  PID:6208
- C:\Windows\System\omTiKHa.exe
  C:\Windows\System\omTiKHa.exe
  2⤵
  PID:5376
- C:\Windows\System\cOymLuR.exe
  C:\Windows\System\cOymLuR.exe
  2⤵
  PID:6236
- C:\Windows\System\oPUeIud.exe
  C:\Windows\System\oPUeIud.exe
  2⤵
  PID:6540
- C:\Windows\System\awGMUrx.exe
  C:\Windows\System\awGMUrx.exe
  2⤵
  PID:6496
- C:\Windows\System\XpihCtt.exe
  C:\Windows\System\XpihCtt.exe
  2⤵
  PID:6700
- C:\Windows\System\wEfyoAo.exe
  C:\Windows\System\wEfyoAo.exe
  2⤵
  PID:6620
- C:\Windows\System\FDMCgun.exe
  C:\Windows\System\FDMCgun.exe
  2⤵
  PID:3400
- C:\Windows\System\SGitRbA.exe
  C:\Windows\System\SGitRbA.exe
  2⤵
  PID:6924
- C:\Windows\System\jCIxDsl.exe
  C:\Windows\System\jCIxDsl.exe
  2⤵
  PID:7072
- C:\Windows\System\YwnaSzO.exe
  C:\Windows\System\YwnaSzO.exe
  2⤵
  PID:7052
- C:\Windows\System\sefYtJe.exe
  C:\Windows\System\sefYtJe.exe
  2⤵
  PID:7120
- C:\Windows\System\cdJiNGI.exe
  C:\Windows\System\cdJiNGI.exe
  2⤵
  PID:6224
- C:\Windows\System\YzkXcsO.exe
  C:\Windows\System\YzkXcsO.exe
  2⤵
  PID:6400
- C:\Windows\System\DNKJUKX.exe
  C:\Windows\System\DNKJUKX.exe
  2⤵
  PID:6464
- C:\Windows\System\bgfIgGE.exe
  C:\Windows\System\bgfIgGE.exe
  2⤵
  PID:6432
- C:\Windows\System\hidELWY.exe
  C:\Windows\System\hidELWY.exe
  2⤵
  PID:5880
- C:\Windows\System\uZEtnfZ.exe
  C:\Windows\System\uZEtnfZ.exe
  2⤵
  PID:6768
- C:\Windows\System\HxhteOQ.exe
  C:\Windows\System\HxhteOQ.exe
  2⤵
  PID:6832
- C:\Windows\System\EANcIdS.exe
  C:\Windows\System\EANcIdS.exe
  2⤵
  PID:2796
- C:\Windows\System\uKlPRbE.exe
  C:\Windows\System\uKlPRbE.exe
  2⤵
  PID:6880
- C:\Windows\System\eeXRAHA.exe
  C:\Windows\System\eeXRAHA.exe
  2⤵
  PID:6220
- C:\Windows\System\vHbqvZD.exe
  C:\Windows\System\vHbqvZD.exe
  2⤵
  PID:6416
- C:\Windows\System\ULFXUPN.exe
  C:\Windows\System\ULFXUPN.exe
  2⤵
  PID:992
- C:\Windows\System\xLJSJZb.exe
  C:\Windows\System\xLJSJZb.exe
  2⤵
  PID:6624
- C:\Windows\System\clbfeaO.exe
  C:\Windows\System\clbfeaO.exe
  2⤵
  PID:7136
- C:\Windows\System\IRRksLf.exe
  C:\Windows\System\IRRksLf.exe
  2⤵
  PID:6272
- C:\Windows\System\LVGdaZj.exe
  C:\Windows\System\LVGdaZj.exe
  2⤵
  PID:6764
- C:\Windows\System\RNgCOcW.exe
  C:\Windows\System\RNgCOcW.exe
  2⤵
  PID:6668
- C:\Windows\System\bubDeOk.exe
  C:\Windows\System\bubDeOk.exe
  2⤵
  PID:2152
- C:\Windows\System\JwsBfMr.exe
  C:\Windows\System\JwsBfMr.exe
  2⤵
  PID:6172
- C:\Windows\System\aDTrtFc.exe
  C:\Windows\System\aDTrtFc.exe
  2⤵
  PID:7180
- C:\Windows\System\mMuKWVf.exe
  C:\Windows\System\mMuKWVf.exe
  2⤵
  PID:7196
- C:\Windows\System\FdbuuFN.exe
  C:\Windows\System\FdbuuFN.exe
  2⤵
  PID:7212
- C:\Windows\System\cJsiofw.exe
  C:\Windows\System\cJsiofw.exe
  2⤵
  PID:7228
- C:\Windows\System\azaDnnN.exe
  C:\Windows\System\azaDnnN.exe
  2⤵
  PID:7244
- C:\Windows\System\hPKhMct.exe
  C:\Windows\System\hPKhMct.exe
  2⤵
  PID:7260
- C:\Windows\System\JVeDVlG.exe
  C:\Windows\System\JVeDVlG.exe
  2⤵
  PID:7276
- C:\Windows\System\ATQeJyw.exe
  C:\Windows\System\ATQeJyw.exe
  2⤵
  PID:7292
- C:\Windows\System\tMApqMm.exe
  C:\Windows\System\tMApqMm.exe
  2⤵
  PID:7308
- C:\Windows\System\NdgdAaA.exe
  C:\Windows\System\NdgdAaA.exe
  2⤵
  PID:7324
- C:\Windows\System\pkqmnUq.exe
  C:\Windows\System\pkqmnUq.exe
  2⤵
  PID:7340
- C:\Windows\System\ebeMlBM.exe
  C:\Windows\System\ebeMlBM.exe
  2⤵
  PID:7356
- C:\Windows\System\BpOGWHk.exe
  C:\Windows\System\BpOGWHk.exe
  2⤵
  PID:7372
- C:\Windows\System\tGCTlar.exe
  C:\Windows\System\tGCTlar.exe
  2⤵
  PID:7388
- C:\Windows\System\fsvuNeA.exe
  C:\Windows\System\fsvuNeA.exe
  2⤵
  PID:7404
- C:\Windows\System\kyhKHVF.exe
  C:\Windows\System\kyhKHVF.exe
  2⤵
  PID:7420
- C:\Windows\System\gJGYQpF.exe
  C:\Windows\System\gJGYQpF.exe
  2⤵
  PID:7436
- C:\Windows\System\WweJSbj.exe
  C:\Windows\System\WweJSbj.exe
  2⤵
  PID:7456
- C:\Windows\System\IZTKejb.exe
  C:\Windows\System\IZTKejb.exe
  2⤵
  PID:7472
- C:\Windows\System\MqoKZvd.exe
  C:\Windows\System\MqoKZvd.exe
  2⤵
  PID:7488
- C:\Windows\System\hTVdYeA.exe
  C:\Windows\System\hTVdYeA.exe
  2⤵
  PID:7504
- C:\Windows\System\OCDvNHa.exe
  C:\Windows\System\OCDvNHa.exe
  2⤵
  PID:7520
- C:\Windows\System\dvEOWGE.exe
  C:\Windows\System\dvEOWGE.exe
  2⤵
  PID:7536
- C:\Windows\System\tGiaBkE.exe
  C:\Windows\System\tGiaBkE.exe
  2⤵
  PID:7552
- C:\Windows\System\MhOrdcz.exe
  C:\Windows\System\MhOrdcz.exe
  2⤵
  PID:7568
- C:\Windows\System\JTmfLDb.exe
  C:\Windows\System\JTmfLDb.exe
  2⤵
  PID:7584
- C:\Windows\System\cIJKqkD.exe
  C:\Windows\System\cIJKqkD.exe
  2⤵
  PID:7600
- C:\Windows\System\QejSrbJ.exe
  C:\Windows\System\QejSrbJ.exe
  2⤵
  PID:7616
- C:\Windows\System\DWjxNXL.exe
  C:\Windows\System\DWjxNXL.exe
  2⤵
  PID:7632
- C:\Windows\System\jqYEFVv.exe
  C:\Windows\System\jqYEFVv.exe
  2⤵
  PID:7648
- C:\Windows\System\icaXCns.exe
  C:\Windows\System\icaXCns.exe
  2⤵
  PID:7664
- C:\Windows\System\ROoPuxr.exe
  C:\Windows\System\ROoPuxr.exe
  2⤵
  PID:7680
- C:\Windows\System\tjSnmEc.exe
  C:\Windows\System\tjSnmEc.exe
  2⤵
  PID:7696
- C:\Windows\System\OIOezmJ.exe
  C:\Windows\System\OIOezmJ.exe
  2⤵
  PID:7712
- C:\Windows\System\KdljPrt.exe
  C:\Windows\System\KdljPrt.exe
  2⤵
  PID:7728
- C:\Windows\System\TAESYKa.exe
  C:\Windows\System\TAESYKa.exe
  2⤵
  PID:7744
- C:\Windows\System\jmQhptu.exe
  C:\Windows\System\jmQhptu.exe
  2⤵
  PID:7760
- C:\Windows\System\LYLwFbm.exe
  C:\Windows\System\LYLwFbm.exe
  2⤵
  PID:7776
- C:\Windows\System\LVwGRJC.exe
  C:\Windows\System\LVwGRJC.exe
  2⤵
  PID:7792
- C:\Windows\System\YUTccxi.exe
  C:\Windows\System\YUTccxi.exe
  2⤵
  PID:7808
- C:\Windows\System\KmUequS.exe
  C:\Windows\System\KmUequS.exe
  2⤵
  PID:7824
- C:\Windows\System\TTxRWzA.exe
  C:\Windows\System\TTxRWzA.exe
  2⤵
  PID:7840
- C:\Windows\System\zXgBvTP.exe
  C:\Windows\System\zXgBvTP.exe
  2⤵
  PID:7856
- C:\Windows\System\ycWtovE.exe
  C:\Windows\System\ycWtovE.exe
  2⤵
  PID:7872
- C:\Windows\System\Ztexkpb.exe
  C:\Windows\System\Ztexkpb.exe
  2⤵
  PID:7888
- C:\Windows\System\aXZftRQ.exe
  C:\Windows\System\aXZftRQ.exe
  2⤵
  PID:7904
- C:\Windows\System\ujHNCtE.exe
  C:\Windows\System\ujHNCtE.exe
  2⤵
  PID:7920
- C:\Windows\System\BICMBjp.exe
  C:\Windows\System\BICMBjp.exe
  2⤵
  PID:7940
- C:\Windows\System\rcJPftS.exe
  C:\Windows\System\rcJPftS.exe
  2⤵
  PID:7956
- C:\Windows\System\qsdXapJ.exe
  C:\Windows\System\qsdXapJ.exe
  2⤵
  PID:7972
- C:\Windows\System\ghmXwGy.exe
  C:\Windows\System\ghmXwGy.exe
  2⤵
  PID:7988
- C:\Windows\System\OcwoyTW.exe
  C:\Windows\System\OcwoyTW.exe
  2⤵
  PID:8004
- C:\Windows\System\XsnQegF.exe
  C:\Windows\System\XsnQegF.exe
  2⤵
  PID:8020
- C:\Windows\System\HaXTLZf.exe
  C:\Windows\System\HaXTLZf.exe
  2⤵
  PID:8036
- C:\Windows\System\SSPiMKc.exe
  C:\Windows\System\SSPiMKc.exe
  2⤵
  PID:8052
- C:\Windows\System\GNxhyxj.exe
  C:\Windows\System\GNxhyxj.exe
  2⤵
  PID:8068
- C:\Windows\System\IDdiOMG.exe
  C:\Windows\System\IDdiOMG.exe
  2⤵
  PID:8084
- C:\Windows\System\dAafuhh.exe
  C:\Windows\System\dAafuhh.exe
  2⤵
  PID:8100
- C:\Windows\System\WmnEJfs.exe
  C:\Windows\System\WmnEJfs.exe
  2⤵
  PID:8116
- C:\Windows\System\Uazxjvp.exe
  C:\Windows\System\Uazxjvp.exe
  2⤵
  PID:8132
- C:\Windows\System\ZPvxeea.exe
  C:\Windows\System\ZPvxeea.exe
  2⤵
  PID:8148
- C:\Windows\System\IrDJbmV.exe
  C:\Windows\System\IrDJbmV.exe
  2⤵
  PID:8164
- C:\Windows\System\gcWIYgv.exe
  C:\Windows\System\gcWIYgv.exe
  2⤵
  PID:8180
- C:\Windows\System\jfMkTDm.exe
  C:\Windows\System\jfMkTDm.exe
  2⤵
  PID:7024
- C:\Windows\System\GvjRVuE.exe
  C:\Windows\System\GvjRVuE.exe
  2⤵
  PID:7224
- C:\Windows\System\jQkcStf.exe
  C:\Windows\System\jQkcStf.exe
  2⤵
  PID:7288
- C:\Windows\System\IUUbAWY.exe
  C:\Windows\System\IUUbAWY.exe
  2⤵
  PID:7348
- C:\Windows\System\zteWGzJ.exe
  C:\Windows\System\zteWGzJ.exe
  2⤵
  PID:7412
- C:\Windows\System\fCvnDTn.exe
  C:\Windows\System\fCvnDTn.exe
  2⤵
  PID:7172
- C:\Windows\System\dkMLZTk.exe
  C:\Windows\System\dkMLZTk.exe
  2⤵
  PID:7480
- C:\Windows\System\XSlanwp.exe
  C:\Windows\System\XSlanwp.exe
  2⤵
  PID:7364
- C:\Windows\System\lrEBbYP.exe
  C:\Windows\System\lrEBbYP.exe
  2⤵
  PID:7468
- C:\Windows\System\GpnBFkW.exe
  C:\Windows\System\GpnBFkW.exe
  2⤵
  PID:7008
- C:\Windows\System\sNTxLnt.exe
  C:\Windows\System\sNTxLnt.exe
  2⤵
  PID:7208
- C:\Windows\System\dXwmQuK.exe
  C:\Windows\System\dXwmQuK.exe
  2⤵
  PID:7268
- C:\Windows\System\dXSYavs.exe
  C:\Windows\System\dXSYavs.exe
  2⤵
  PID:7512
- C:\Windows\System\OrotNzD.exe
  C:\Windows\System\OrotNzD.exe
  2⤵
  PID:7576
- C:\Windows\System\rrWYGVH.exe
  C:\Windows\System\rrWYGVH.exe
  2⤵
  PID:7640
- C:\Windows\System\dXIToPN.exe
  C:\Windows\System\dXIToPN.exe
  2⤵
  PID:7704
- C:\Windows\System\aDDzElC.exe
  C:\Windows\System\aDDzElC.exe
  2⤵
  PID:7528
- C:\Windows\System\aicsayF.exe
  C:\Windows\System\aicsayF.exe
  2⤵
  PID:7596
- C:\Windows\System\OkMfldP.exe
  C:\Windows\System\OkMfldP.exe
  2⤵
  PID:7660
- C:\Windows\System\yJNFtAt.exe
  C:\Windows\System\yJNFtAt.exe
  2⤵
  PID:7724
- C:\Windows\System\jkuYXEL.exe
  C:\Windows\System\jkuYXEL.exe
  2⤵
  PID:7772
- C:\Windows\System\lomyAWT.exe
  C:\Windows\System\lomyAWT.exe
  2⤵
  PID:7836
- C:\Windows\System\yuGkmbv.exe
  C:\Windows\System\yuGkmbv.exe
  2⤵
  PID:7868
- C:\Windows\System\nEFhVzl.exe
  C:\Windows\System\nEFhVzl.exe
  2⤵
  PID:7852
- C:\Windows\System\ubXZrNF.exe
  C:\Windows\System\ubXZrNF.exe
  2⤵
  PID:7816
- C:\Windows\System\AZiGvxf.exe
  C:\Windows\System\AZiGvxf.exe
  2⤵
  PID:7884
- C:\Windows\System\rkztioe.exe
  C:\Windows\System\rkztioe.exe
  2⤵
  PID:7936
- C:\Windows\System\qLbtaAV.exe
  C:\Windows\System\qLbtaAV.exe
  2⤵
  PID:7968
- C:\Windows\System\lQqUOlc.exe
  C:\Windows\System\lQqUOlc.exe
  2⤵
  PID:8064
- C:\Windows\System\NyGzVbF.exe
  C:\Windows\System\NyGzVbF.exe
  2⤵
  PID:8128
- C:\Windows\System\bDtywjO.exe
  C:\Windows\System\bDtywjO.exe
  2⤵
  PID:7948
- C:\Windows\System\ficWZiS.exe
  C:\Windows\System\ficWZiS.exe
  2⤵
  PID:7380
- C:\Windows\System\CPCMSjs.exe
  C:\Windows\System\CPCMSjs.exe
  2⤵
  PID:8016
- C:\Windows\System\UgebFTO.exe
  C:\Windows\System\UgebFTO.exe
  2⤵
  PID:7952
- C:\Windows\System\yKxmcBz.exe
  C:\Windows\System\yKxmcBz.exe
  2⤵
  PID:8044
- C:\Windows\System\aBtpLNi.exe
  C:\Windows\System\aBtpLNi.exe
  2⤵
  PID:8112
- C:\Windows\System\HTMJYKH.exe
  C:\Windows\System\HTMJYKH.exe
  2⤵
  PID:7444
- C:\Windows\System\JiFtovN.exe
  C:\Windows\System\JiFtovN.exe
  2⤵
  PID:7396
- C:\Windows\System\NSloxPC.exe
  C:\Windows\System\NSloxPC.exe
  2⤵
  PID:7204
- C:\Windows\System\cHQrGmD.exe
  C:\Windows\System\cHQrGmD.exe
  2⤵
  PID:7612
- C:\Windows\System\KpPzQwm.exe
  C:\Windows\System\KpPzQwm.exe
  2⤵
  PID:7672
- C:\Windows\System\neayuqS.exe
  C:\Windows\System\neayuqS.exe
  2⤵
  PID:7740
- C:\Windows\System\DAZykav.exe
  C:\Windows\System\DAZykav.exe
  2⤵
  PID:7692
- C:\Windows\System\eEojgMb.exe
  C:\Windows\System\eEojgMb.exe
  2⤵
  PID:7236
- C:\Windows\System\QJKLrDh.exe
  C:\Windows\System\QJKLrDh.exe
  2⤵
  PID:7564
- C:\Windows\System\eZKjPcd.exe
  C:\Windows\System\eZKjPcd.exe
  2⤵
  PID:7848
- C:\Windows\System\ljUAkQE.exe
  C:\Windows\System\ljUAkQE.exe
  2⤵
  PID:7784
- C:\Windows\System\sxvZTfh.exe
  C:\Windows\System\sxvZTfh.exe
  2⤵
  PID:8060
- C:\Windows\System\PLKEXeh.exe
  C:\Windows\System\PLKEXeh.exe
  2⤵
  PID:7880
- C:\Windows\System\gmkMZMk.exe
  C:\Windows\System\gmkMZMk.exe
  2⤵
  PID:8124
- C:\Windows\System\NFYwpaT.exe
  C:\Windows\System\NFYwpaT.exe
  2⤵
  PID:8012
- C:\Windows\System\EJIyJAI.exe
  C:\Windows\System\EJIyJAI.exe
  2⤵
  PID:8176
- C:\Windows\System\VuQyylc.exe
  C:\Windows\System\VuQyylc.exe
  2⤵
  PID:6828
- C:\Windows\System\sRQmgJt.exe
  C:\Windows\System\sRQmgJt.exe
  2⤵
  PID:7300
- C:\Windows\System\FUAOjsN.exe
  C:\Windows\System\FUAOjsN.exe
  2⤵
  PID:7432
- C:\Windows\System\rgIuKMe.exe
  C:\Windows\System\rgIuKMe.exe
  2⤵
  PID:7768
- C:\Windows\System\wuSmvIA.exe
  C:\Windows\System\wuSmvIA.exe
  2⤵
  PID:7900
- C:\Windows\System\YODZGge.exe
  C:\Windows\System\YODZGge.exe
  2⤵
  PID:7980
- C:\Windows\System\JayysXB.exe
  C:\Windows\System\JayysXB.exe
  2⤵
  PID:7708
- C:\Windows\System\DjWWSPY.exe
  C:\Windows\System\DjWWSPY.exe
  2⤵
  PID:8000
- C:\Windows\System\gxPRaLz.exe
  C:\Windows\System\gxPRaLz.exe
  2⤵
  PID:7220
- C:\Windows\System\yMEhmWD.exe
  C:\Windows\System\yMEhmWD.exe
  2⤵
  PID:7896
- C:\Windows\System\AknmAUg.exe
  C:\Windows\System\AknmAUg.exe
  2⤵
  PID:8172
- C:\Windows\System\BlaLonx.exe
  C:\Windows\System\BlaLonx.exe
  2⤵
  PID:8200
- C:\Windows\System\HrfUHta.exe
  C:\Windows\System\HrfUHta.exe
  2⤵
  PID:8216
- C:\Windows\System\PZgqrLX.exe
  C:\Windows\System\PZgqrLX.exe
  2⤵
  PID:8232
- C:\Windows\System\XEqvTew.exe
  C:\Windows\System\XEqvTew.exe
  2⤵
  PID:8248
- C:\Windows\System\mvpZcpO.exe
  C:\Windows\System\mvpZcpO.exe
  2⤵
  PID:8264
- C:\Windows\System\ggNVXom.exe
  C:\Windows\System\ggNVXom.exe
  2⤵
  PID:8280
- C:\Windows\System\SpmAQhr.exe
  C:\Windows\System\SpmAQhr.exe
  2⤵
  PID:8296
- C:\Windows\System\JfHvoVG.exe
  C:\Windows\System\JfHvoVG.exe
  2⤵
  PID:8312
- C:\Windows\System\KdCgQCg.exe
  C:\Windows\System\KdCgQCg.exe
  2⤵
  PID:8328
- C:\Windows\System\YwokFow.exe
  C:\Windows\System\YwokFow.exe
  2⤵
  PID:8344
- C:\Windows\System\PEAoygZ.exe
  C:\Windows\System\PEAoygZ.exe
  2⤵
  PID:8360
- C:\Windows\System\NaynPLc.exe
  C:\Windows\System\NaynPLc.exe
  2⤵
  PID:8376
- C:\Windows\System\eWJyJOJ.exe
  C:\Windows\System\eWJyJOJ.exe
  2⤵
  PID:8392
- C:\Windows\System\VOvkhZg.exe
  C:\Windows\System\VOvkhZg.exe
  2⤵
  PID:8408
- C:\Windows\System\lgdGVlY.exe
  C:\Windows\System\lgdGVlY.exe
  2⤵
  PID:8424
- C:\Windows\System\ayHwuMz.exe
  C:\Windows\System\ayHwuMz.exe
  2⤵
  PID:8440
- C:\Windows\System\HQHLOBe.exe
  C:\Windows\System\HQHLOBe.exe
  2⤵
  PID:8456
- C:\Windows\System\zodKGzV.exe
  C:\Windows\System\zodKGzV.exe
  2⤵
  PID:8472
- C:\Windows\System\xFZTEnw.exe
  C:\Windows\System\xFZTEnw.exe
  2⤵
  PID:8488
- C:\Windows\System\QImGhNF.exe
  C:\Windows\System\QImGhNF.exe
  2⤵
  PID:8504
- C:\Windows\System\UxvIoWb.exe
  C:\Windows\System\UxvIoWb.exe
  2⤵
  PID:8520
- C:\Windows\System\aNtWwJV.exe
  C:\Windows\System\aNtWwJV.exe
  2⤵
  PID:8536
- C:\Windows\System\UcLUxMg.exe
  C:\Windows\System\UcLUxMg.exe
  2⤵
  PID:8552
- C:\Windows\System\uhHxaQz.exe
  C:\Windows\System\uhHxaQz.exe
  2⤵
  PID:8568
- C:\Windows\System\umDrmbh.exe
  C:\Windows\System\umDrmbh.exe
  2⤵
  PID:8584
- C:\Windows\System\xxYqCBv.exe
  C:\Windows\System\xxYqCBv.exe
  2⤵
  PID:8600
- C:\Windows\System\xvPvFiv.exe
  C:\Windows\System\xvPvFiv.exe
  2⤵
  PID:8616
- C:\Windows\System\zazZnnW.exe
  C:\Windows\System\zazZnnW.exe
  2⤵
  PID:8632
- C:\Windows\System\CuYmvLH.exe
  C:\Windows\System\CuYmvLH.exe
  2⤵
  PID:8648
- C:\Windows\System\AgyKUrA.exe
  C:\Windows\System\AgyKUrA.exe
  2⤵
  PID:8664
- C:\Windows\System\dmNLBmw.exe
  C:\Windows\System\dmNLBmw.exe
  2⤵
  PID:8680
- C:\Windows\System\zShwKRt.exe
  C:\Windows\System\zShwKRt.exe
  2⤵
  PID:8696
- C:\Windows\System\ZmrdzNI.exe
  C:\Windows\System\ZmrdzNI.exe
  2⤵
  PID:8712
- C:\Windows\System\VxIvrIY.exe
  C:\Windows\System\VxIvrIY.exe
  2⤵
  PID:8728
- C:\Windows\System\TOMObOb.exe
  C:\Windows\System\TOMObOb.exe
  2⤵
  PID:8744
- C:\Windows\System\xcZPtln.exe
  C:\Windows\System\xcZPtln.exe
  2⤵
  PID:8760
- C:\Windows\System\iAGIRRw.exe
  C:\Windows\System\iAGIRRw.exe
  2⤵
  PID:8776
- C:\Windows\System\UUyQzvP.exe
  C:\Windows\System\UUyQzvP.exe
  2⤵
  PID:8792
- C:\Windows\System\lpkePOl.exe
  C:\Windows\System\lpkePOl.exe
  2⤵
  PID:8808
- C:\Windows\System\zaWOvIm.exe
  C:\Windows\System\zaWOvIm.exe
  2⤵
  PID:8824
- C:\Windows\System\ZjCyCiQ.exe
  C:\Windows\System\ZjCyCiQ.exe
  2⤵
  PID:8840
- C:\Windows\System\DFXTApM.exe
  C:\Windows\System\DFXTApM.exe
  2⤵
  PID:8856
- C:\Windows\System\NYlspuB.exe
  C:\Windows\System\NYlspuB.exe
  2⤵
  PID:8872
- C:\Windows\System\pAwkqeS.exe
  C:\Windows\System\pAwkqeS.exe
  2⤵
  PID:8888
- C:\Windows\System\rdXKuLs.exe
  C:\Windows\System\rdXKuLs.exe
  2⤵
  PID:8904
- C:\Windows\System\eNgEefX.exe
  C:\Windows\System\eNgEefX.exe
  2⤵
  PID:8920
- C:\Windows\System\RFVLjNV.exe
  C:\Windows\System\RFVLjNV.exe
  2⤵
  PID:8936
- C:\Windows\System\IpAchjQ.exe
  C:\Windows\System\IpAchjQ.exe
  2⤵
  PID:8952
- C:\Windows\System\nekJWFe.exe
  C:\Windows\System\nekJWFe.exe
  2⤵
  PID:8968
- C:\Windows\System\HnhlBYj.exe
  C:\Windows\System\HnhlBYj.exe
  2⤵
  PID:8984
- C:\Windows\System\VfOZivJ.exe
  C:\Windows\System\VfOZivJ.exe
  2⤵
  PID:9000
- C:\Windows\System\vIMWFBY.exe
  C:\Windows\System\vIMWFBY.exe
  2⤵
  PID:9016
- C:\Windows\System\eBaTmPX.exe
  C:\Windows\System\eBaTmPX.exe
  2⤵
  PID:9032
- C:\Windows\System\ZGiDoil.exe
  C:\Windows\System\ZGiDoil.exe
  2⤵
  PID:9048
- C:\Windows\System\gVwAfIu.exe
  C:\Windows\System\gVwAfIu.exe
  2⤵
  PID:9064
- C:\Windows\System\EzdcuSv.exe
  C:\Windows\System\EzdcuSv.exe
  2⤵
  PID:9080
- C:\Windows\System\hAnOybd.exe
  C:\Windows\System\hAnOybd.exe
  2⤵
  PID:9096
- C:\Windows\System\psGvglr.exe
  C:\Windows\System\psGvglr.exe
  2⤵
  PID:9112
- C:\Windows\System\KrXGEFK.exe
  C:\Windows\System\KrXGEFK.exe
  2⤵
  PID:9128
- C:\Windows\System\iAKNCPi.exe
  C:\Windows\System\iAKNCPi.exe
  2⤵
  PID:9144
- C:\Windows\System\TIBNDMO.exe
  C:\Windows\System\TIBNDMO.exe
  2⤵
  PID:9160
- C:\Windows\System\JLMTTvM.exe
  C:\Windows\System\JLMTTvM.exe
  2⤵
  PID:9176
- C:\Windows\System\GuZjffd.exe
  C:\Windows\System\GuZjffd.exe
  2⤵
  PID:9192
- C:\Windows\System\UiOfbKr.exe
  C:\Windows\System\UiOfbKr.exe
  2⤵
  PID:9208
- C:\Windows\System\HgYRIKy.exe
  C:\Windows\System\HgYRIKy.exe
  2⤵
  PID:7628
- C:\Windows\System\luDaVlA.exe
  C:\Windows\System\luDaVlA.exe
  2⤵
  PID:8188
- C:\Windows\System\RtGTIsa.exe
  C:\Windows\System\RtGTIsa.exe
  2⤵
  PID:1676
- C:\Windows\System\xAznMqa.exe
  C:\Windows\System\xAznMqa.exe
  2⤵
  PID:8212
- C:\Windows\System\GnRtTCd.exe
  C:\Windows\System\GnRtTCd.exe
  2⤵
  PID:8276
- C:\Windows\System\hQpProy.exe
  C:\Windows\System\hQpProy.exe
  2⤵
  PID:8340
- C:\Windows\System\rtmBNCY.exe
  C:\Windows\System\rtmBNCY.exe
  2⤵
  PID:8404
- C:\Windows\System\NIBDyks.exe
  C:\Windows\System\NIBDyks.exe
  2⤵
  PID:8468
- C:\Windows\System\eygNzNq.exe
  C:\Windows\System\eygNzNq.exe
  2⤵
  PID:8532
- C:\Windows\System\btsBVDK.exe
  C:\Windows\System\btsBVDK.exe
  2⤵
  PID:8596
- C:\Windows\System\eSWKGcU.exe
  C:\Windows\System\eSWKGcU.exe
  2⤵
  PID:8656
- C:\Windows\System\czByUsd.exe
  C:\Windows\System\czByUsd.exe
  2⤵
  PID:8692
- C:\Windows\System\DBefncx.exe
  C:\Windows\System\DBefncx.exe
  2⤵
  PID:8756
- C:\Windows\System\STyabzb.exe
  C:\Windows\System\STyabzb.exe
  2⤵
  PID:8228
- C:\Windows\System\sKmNBdz.exe
  C:\Windows\System\sKmNBdz.exe
  2⤵
  PID:8880
- C:\Windows\System\uzeIBkb.exe
  C:\Windows\System\uzeIBkb.exe
  2⤵
  PID:8544
- C:\Windows\System\mjvGnDn.exe
  C:\Windows\System\mjvGnDn.exe
  2⤵
  PID:8640
- C:\Windows\System\iSCRIrW.exe
  C:\Windows\System\iSCRIrW.exe
  2⤵
  PID:8384
- C:\Windows\System\FDPuvwn.exe
  C:\Windows\System\FDPuvwn.exe
  2⤵
  PID:8736
- C:\Windows\System\poPaiDU.exe
  C:\Windows\System\poPaiDU.exe
  2⤵
  PID:8804
- C:\Windows\System\EWUdkrE.exe
  C:\Windows\System\EWUdkrE.exe
  2⤵
  PID:8836
- C:\Windows\System\SUSHDnu.exe
  C:\Windows\System\SUSHDnu.exe
  2⤵
  PID:8896
- C:\Windows\System\xpszzEv.exe
  C:\Windows\System\xpszzEv.exe
  2⤵
  PID:8516
- C:\Windows\System\XiyYkMX.exe
  C:\Windows\System\XiyYkMX.exe
  2⤵
  PID:8576
- C:\Windows\System\KnrjScF.exe
  C:\Windows\System\KnrjScF.exe
  2⤵
  PID:8356
- C:\Windows\System\LjocZLD.exe
  C:\Windows\System\LjocZLD.exe
  2⤵
  PID:8928
- C:\Windows\System\WjdMkPL.exe
  C:\Windows\System\WjdMkPL.exe
  2⤵
  PID:8932
- C:\Windows\System\iwXZTAE.exe
  C:\Windows\System\iwXZTAE.exe
  2⤵
  PID:9008
- C:\Windows\System\KVRjcAU.exe
  C:\Windows\System\KVRjcAU.exe
  2⤵
  PID:8992
- C:\Windows\System\jKZaExz.exe
  C:\Windows\System\jKZaExz.exe
  2⤵
  PID:9072
- C:\Windows\System\cqkXfuZ.exe
  C:\Windows\System\cqkXfuZ.exe
  2⤵
  PID:9136
- C:\Windows\System\gcKQrXY.exe
  C:\Windows\System\gcKQrXY.exe
  2⤵
  PID:9168
- C:\Windows\System\znYXLAB.exe
  C:\Windows\System\znYXLAB.exe
  2⤵
  PID:9088
- C:\Windows\System\PyhTNTJ.exe
  C:\Windows\System\PyhTNTJ.exe
  2⤵
  PID:9172
- C:\Windows\System\DfjwTZU.exe
  C:\Windows\System\DfjwTZU.exe
  2⤵
  PID:7592
- C:\Windows\System\zPAWygZ.exe
  C:\Windows\System\zPAWygZ.exe
  2⤵
  PID:8336
- C:\Windows\System\XrqozjY.exe
  C:\Windows\System\XrqozjY.exe
  2⤵
  PID:8244
- C:\Windows\System\WTVBAXb.exe
  C:\Windows\System\WTVBAXb.exe
  2⤵
  PID:9188
- C:\Windows\System\UlcxCwj.exe
  C:\Windows\System\UlcxCwj.exe
  2⤵
  PID:8032
- C:\Windows\System\OZIEkkC.exe
  C:\Windows\System\OZIEkkC.exe
  2⤵
  PID:8224
- C:\Windows\System\oShJdfM.exe
  C:\Windows\System\oShJdfM.exe
  2⤵
  PID:8256
- C:\Windows\System\HqOByBX.exe
  C:\Windows\System\HqOByBX.exe
  2⤵
  PID:8816
- C:\Windows\System\sVSmjab.exe
  C:\Windows\System\sVSmjab.exe
  2⤵
  PID:8672
- C:\Windows\System\uxygNBE.exe
  C:\Windows\System\uxygNBE.exe
  2⤵
  PID:8288
- C:\Windows\System\jmquRAP.exe
  C:\Windows\System\jmquRAP.exe
  2⤵
  PID:8452
- C:\Windows\System\qPkYDHr.exe
  C:\Windows\System\qPkYDHr.exe
  2⤵
  PID:8868
- C:\Windows\System\WpvYXIi.exe
  C:\Windows\System\WpvYXIi.exe
  2⤵
  PID:8484
- C:\Windows\System\cVFQyao.exe
  C:\Windows\System\cVFQyao.exe
  2⤵
  PID:8980
- C:\Windows\System\SokEBDO.exe
  C:\Windows\System\SokEBDO.exe
  2⤵
  PID:9056
- C:\Windows\System\SOwTcfy.exe
  C:\Windows\System\SOwTcfy.exe
  2⤵
  PID:9124
- C:\Windows\System\PhVFBWS.exe
  C:\Windows\System\PhVFBWS.exe
  2⤵
  PID:9040
- C:\Windows\System\XuutuqV.exe
  C:\Windows\System\XuutuqV.exe
  2⤵
  PID:8564
- C:\Windows\System\UyLIQJN.exe
  C:\Windows\System\UyLIQJN.exe
  2⤵
  PID:8676
- C:\Windows\System\KMqMRLm.exe
  C:\Windows\System\KMqMRLm.exe
  2⤵
  PID:8436
- C:\Windows\System\vmZEXVG.exe
  C:\Windows\System\vmZEXVG.exe
  2⤵
  PID:9060
- C:\Windows\System\rFFRYFF.exe
  C:\Windows\System\rFFRYFF.exe
  2⤵
  PID:8260
- C:\Windows\System\vdswRyv.exe
  C:\Windows\System\vdswRyv.exe
  2⤵
  PID:7932
- C:\Windows\System\gynClkY.exe
  C:\Windows\System\gynClkY.exe
  2⤵
  PID:8864
- C:\Windows\System\jWgCFWO.exe
  C:\Windows\System\jWgCFWO.exe
  2⤵
  PID:8512
- C:\Windows\System\HKpyuFl.exe
  C:\Windows\System\HKpyuFl.exe
  2⤵
  PID:9108
- C:\Windows\System\OKkpUAV.exe
  C:\Windows\System\OKkpUAV.exe
  2⤵
  PID:8592
- C:\Windows\System\SWQdLzh.exe
  C:\Windows\System\SWQdLzh.exe
  2⤵
  PID:8912
- C:\Windows\System\soqWxLJ.exe
  C:\Windows\System\soqWxLJ.exe
  2⤵
  PID:9028
- C:\Windows\System\VPlHFRl.exe
  C:\Windows\System\VPlHFRl.exe
  2⤵
  PID:8772
- C:\Windows\System\RNorRJM.exe
  C:\Windows\System\RNorRJM.exe
  2⤵
  PID:1548
- C:\Windows\System\jJmwvzw.exe
  C:\Windows\System\jJmwvzw.exe
  2⤵
  PID:8400
- C:\Windows\System\vrPWgOt.exe
  C:\Windows\System\vrPWgOt.exe
  2⤵
  PID:8916
- C:\Windows\System\OETsqkr.exe
  C:\Windows\System\OETsqkr.exe
  2⤵
  PID:8768
- C:\Windows\System\tmJKEFp.exe
  C:\Windows\System\tmJKEFp.exe
  2⤵
  PID:9228
- C:\Windows\System\CCPMRIm.exe
  C:\Windows\System\CCPMRIm.exe
  2⤵
  PID:9244
- C:\Windows\System\cBpwjMS.exe
  C:\Windows\System\cBpwjMS.exe
  2⤵
  PID:9260
- C:\Windows\System\PIzuCyl.exe
  C:\Windows\System\PIzuCyl.exe
  2⤵
  PID:9276
- C:\Windows\System\KaEhpYg.exe
  C:\Windows\System\KaEhpYg.exe
  2⤵
  PID:9292
- C:\Windows\System\wZfHgLT.exe
  C:\Windows\System\wZfHgLT.exe
  2⤵
  PID:9308
- C:\Windows\System\hJVMRMe.exe
  C:\Windows\System\hJVMRMe.exe
  2⤵
  PID:9324
- C:\Windows\System\OwIuxUX.exe
  C:\Windows\System\OwIuxUX.exe
  2⤵
  PID:9340
- C:\Windows\System\SBzOuce.exe
  C:\Windows\System\SBzOuce.exe
  2⤵
  PID:9356
- C:\Windows\System\YyjgDpJ.exe
  C:\Windows\System\YyjgDpJ.exe
  2⤵
  PID:9372
- C:\Windows\System\sweQmHb.exe
  C:\Windows\System\sweQmHb.exe
  2⤵
  PID:9388
- C:\Windows\System\iKKnjLO.exe
  C:\Windows\System\iKKnjLO.exe
  2⤵
  PID:9404
- C:\Windows\System\qpJdvBn.exe
  C:\Windows\System\qpJdvBn.exe
  2⤵
  PID:9420
- C:\Windows\System\UXjqXOQ.exe
  C:\Windows\System\UXjqXOQ.exe
  2⤵
  PID:9436
- C:\Windows\System\pmjbaqK.exe
  C:\Windows\System\pmjbaqK.exe
  2⤵
  PID:9452
- C:\Windows\System\lwbQXsF.exe
  C:\Windows\System\lwbQXsF.exe
  2⤵
  PID:9468
- C:\Windows\System\aCxvwye.exe
  C:\Windows\System\aCxvwye.exe
  2⤵
  PID:9484
- C:\Windows\System\fBduNoD.exe
  C:\Windows\System\fBduNoD.exe
  2⤵
  PID:9500
- C:\Windows\System\tysnFef.exe
  C:\Windows\System\tysnFef.exe
  2⤵
  PID:9516
- C:\Windows\System\IhabpNu.exe
  C:\Windows\System\IhabpNu.exe
  2⤵
  PID:9532
- C:\Windows\System\vehzBVh.exe
  C:\Windows\System\vehzBVh.exe
  2⤵
  PID:9548
- C:\Windows\System\wwlQRTh.exe
  C:\Windows\System\wwlQRTh.exe
  2⤵
  PID:9564
- C:\Windows\System\tlJkXoS.exe
  C:\Windows\System\tlJkXoS.exe
  2⤵
  PID:9580
- C:\Windows\System\oKmWpvs.exe
  C:\Windows\System\oKmWpvs.exe
  2⤵
  PID:9596
- C:\Windows\System\LVmqmeC.exe
  C:\Windows\System\LVmqmeC.exe
  2⤵
  PID:9616
- C:\Windows\System\SDNJjQZ.exe
  C:\Windows\System\SDNJjQZ.exe
  2⤵
  PID:9632
- C:\Windows\System\aSndRhQ.exe
  C:\Windows\System\aSndRhQ.exe
  2⤵
  PID:9648
- C:\Windows\System\hfcUmOS.exe
  C:\Windows\System\hfcUmOS.exe
  2⤵
  PID:9664
- C:\Windows\System\KQPMujS.exe
  C:\Windows\System\KQPMujS.exe
  2⤵
  PID:9680
- C:\Windows\System\sEmkTUL.exe
  C:\Windows\System\sEmkTUL.exe
  2⤵
  PID:9696
- C:\Windows\System\obBReVl.exe
  C:\Windows\System\obBReVl.exe
  2⤵
  PID:9712
- C:\Windows\System\wJGScBc.exe
  C:\Windows\System\wJGScBc.exe
  2⤵
  PID:9728
- C:\Windows\System\sDuVCst.exe
  C:\Windows\System\sDuVCst.exe
  2⤵
  PID:9744
- C:\Windows\System\UBeGfAb.exe
  C:\Windows\System\UBeGfAb.exe
  2⤵
  PID:9760
- C:\Windows\System\GlDwDry.exe
  C:\Windows\System\GlDwDry.exe
  2⤵
  PID:9776
- C:\Windows\System\KybQHdR.exe
  C:\Windows\System\KybQHdR.exe
  2⤵
  PID:9792
- C:\Windows\System\OGuGGYv.exe
  C:\Windows\System\OGuGGYv.exe
  2⤵
  PID:9808
- C:\Windows\System\xXhzAGw.exe
  C:\Windows\System\xXhzAGw.exe
  2⤵
  PID:9824
- C:\Windows\System\DvQHLex.exe
  C:\Windows\System\DvQHLex.exe
  2⤵
  PID:9840
- C:\Windows\System\FeJdxGP.exe
  C:\Windows\System\FeJdxGP.exe
  2⤵
  PID:9856
- C:\Windows\System\ZQUbgQj.exe
  C:\Windows\System\ZQUbgQj.exe
  2⤵
  PID:9872
- C:\Windows\System\hbevvcc.exe
  C:\Windows\System\hbevvcc.exe
  2⤵
  PID:9888
- C:\Windows\System\Kxihwxx.exe
  C:\Windows\System\Kxihwxx.exe
  2⤵
  PID:9904
- C:\Windows\System\sHseESO.exe
  C:\Windows\System\sHseESO.exe
  2⤵
  PID:9920
- C:\Windows\System\WFFxtJK.exe
  C:\Windows\System\WFFxtJK.exe
  2⤵
  PID:9936
- C:\Windows\System\HWzuzEz.exe
  C:\Windows\System\HWzuzEz.exe
  2⤵
  PID:9952
- C:\Windows\System\GGVoeKm.exe
  C:\Windows\System\GGVoeKm.exe
  2⤵
  PID:9968
- C:\Windows\System\SoNFjxp.exe
  C:\Windows\System\SoNFjxp.exe
  2⤵
  PID:9984
- C:\Windows\System\IqHCrRY.exe
  C:\Windows\System\IqHCrRY.exe
  2⤵
  PID:10000
- C:\Windows\System\LwbfohH.exe
  C:\Windows\System\LwbfohH.exe
  2⤵
  PID:10024
- C:\Windows\System\YHBIEcT.exe
  C:\Windows\System\YHBIEcT.exe
  2⤵
  PID:10096
- C:\Windows\System\jSayUIS.exe
  C:\Windows\System\jSayUIS.exe
  2⤵
  PID:10220
- C:\Windows\System\yCamLFI.exe
  C:\Windows\System\yCamLFI.exe
  2⤵
  PID:10232
- C:\Windows\System\KriafNO.exe
  C:\Windows\System\KriafNO.exe
  2⤵
  PID:2384
- C:\Windows\System\mvTKhLx.exe
  C:\Windows\System\mvTKhLx.exe
  2⤵
  PID:9300
- C:\Windows\System\uYNkReJ.exe
  C:\Windows\System\uYNkReJ.exe
  2⤵
  PID:9364
- C:\Windows\System\LruPuKu.exe
  C:\Windows\System\LruPuKu.exe
  2⤵
  PID:9432
- C:\Windows\System\UIcWlnt.exe
  C:\Windows\System\UIcWlnt.exe
  2⤵
  PID:9224
- C:\Windows\System\NSimHUe.exe
  C:\Windows\System\NSimHUe.exe
  2⤵
  PID:9556
- C:\Windows\System\XBTGlDX.exe
  C:\Windows\System\XBTGlDX.exe
  2⤵
  PID:9588
- C:\Windows\System\IoxcOAk.exe
  C:\Windows\System\IoxcOAk.exe
  2⤵
  PID:9220
- C:\Windows\System\DdYYtrB.exe
  C:\Windows\System\DdYYtrB.exe
  2⤵
  PID:9540
- C:\Windows\System\NHFFavP.exe
  C:\Windows\System\NHFFavP.exe
  2⤵
  PID:9320
- C:\Windows\System\mVYHBTo.exe
  C:\Windows\System\mVYHBTo.exe
  2⤵
  PID:9384
- C:\Windows\System\zOJIFfg.exe
  C:\Windows\System\zOJIFfg.exe
  2⤵
  PID:9448
- C:\Windows\System\tnPwaFC.exe
  C:\Windows\System\tnPwaFC.exe
  2⤵
  PID:9624
- C:\Windows\System\PFEgiNP.exe
  C:\Windows\System\PFEgiNP.exe
  2⤵
  PID:9612
- C:\Windows\System\VSQJdBO.exe
  C:\Windows\System\VSQJdBO.exe
  2⤵
  PID:9644
- C:\Windows\System\nHSNJfi.exe
  C:\Windows\System\nHSNJfi.exe
  2⤵
  PID:9692
- C:\Windows\System\TeeOBWk.exe
  C:\Windows\System\TeeOBWk.exe
  2⤵
  PID:9724
- C:\Windows\System\kLzkLEQ.exe
  C:\Windows\System\kLzkLEQ.exe
  2⤵
  PID:9736
- C:\Windows\System\npqXHWf.exe
  C:\Windows\System\npqXHWf.exe
  2⤵
  PID:9784
- C:\Windows\System\IcvChTJ.exe
  C:\Windows\System\IcvChTJ.exe
  2⤵
  PID:9848
- C:\Windows\System\CHhpejE.exe
  C:\Windows\System\CHhpejE.exe
  2⤵
  PID:9880
- C:\Windows\System\syiMHjp.exe
  C:\Windows\System\syiMHjp.exe
  2⤵
  PID:9864
- C:\Windows\System\jbUtbHF.exe
  C:\Windows\System\jbUtbHF.exe
  2⤵
  PID:9912
- C:\Windows\System\GgdqVAb.exe
  C:\Windows\System\GgdqVAb.exe
  2⤵
  PID:9932
- C:\Windows\System\xBAIHfw.exe
  C:\Windows\System\xBAIHfw.exe
  2⤵
  PID:9948
- C:\Windows\System\ikEHrzQ.exe
  C:\Windows\System\ikEHrzQ.exe
  2⤵
  PID:9992
- C:\Windows\System\PJUDEaj.exe
  C:\Windows\System\PJUDEaj.exe
  2⤵
  PID:10036
- C:\Windows\System\MThyuHG.exe
  C:\Windows\System\MThyuHG.exe
  2⤵
  PID:10052
- C:\Windows\System\hEZhdSf.exe
  C:\Windows\System\hEZhdSf.exe
  2⤵
  PID:10064
- C:\Windows\System\MyAcYah.exe
  C:\Windows\System\MyAcYah.exe
  2⤵
  PID:10088
- C:\Windows\System\WmglwCd.exe
  C:\Windows\System\WmglwCd.exe
  2⤵
  PID:10136
- C:\Windows\System\wzITaGJ.exe
  C:\Windows\System\wzITaGJ.exe
  2⤵
  PID:10040
- C:\Windows\System\HuMMtFo.exe
  C:\Windows\System\HuMMtFo.exe
  2⤵
  PID:10132
- C:\Windows\System\bhHzcFx.exe
  C:\Windows\System\bhHzcFx.exe
  2⤵
  PID:10128
- C:\Windows\System\tUNtfFF.exe
  C:\Windows\System\tUNtfFF.exe
  2⤵
  PID:10152
- C:\Windows\System\osaqdHR.exe
  C:\Windows\System\osaqdHR.exe
  2⤵
  PID:10192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EmUCIGf.exe

Filesize
6.0MB

MD5
1738511bac9b272218eb39297ee500e9

SHA1
2502be7bc5c6add7e9724c687e7b9b45ff55c4db

SHA256
13dbab641c2c0d9c623db8c79497b92f39e80bab317e1bc0962f97e1dd2e072d

SHA512
d6ead00197749326afbfa1b976e595bb0215f1734c91e11d059ac08d781c94d8b1137f51f0f28b5930e716a83455067110ccebc93695ba6572deea0e2dc8be3e

Download Submit
C:\Windows\system\FzgggNI.exe

Filesize
6.0MB

MD5
87d2bfad535561569feb0832fef60e3f

SHA1
10c69ea46aa4bfaffa2a4122f36e3767668b1f93

SHA256
ecb691b03b9ac9f99e5c353d32c97b97de108005abce48bc62b62b8abe426804

SHA512
b5fe066d8ae4fd77415cb20d4621e4a2d5e2847ab46cb456eab8881d778ab8ebca2cb1c8d8bab407c130961b34ca600db0242444278d0432cae837f7e9ad3f7e

Download Submit
C:\Windows\system\PRdEAMy.exe

Filesize
6.0MB

MD5
b6ecd36ba50f1269b3ac2c7bc615e3da

SHA1
ef03def7775462aeda8a4e7bfe37f7847c1f889f

SHA256
f6f4e4e9233616a272e571fa0014b27c8242774ab0f6547a728a426ac16e15b2

SHA512
a3cbbafb10a701bc3cd143a4030669cf944d2e47ff8bdcbc7350cf0977140796ac2f65c37f437772a1ed67a40fe38edc2eaa49e0b56a72ec6f0f94df6673e7a0

Download Submit
C:\Windows\system\PiJsGqt.exe

Filesize
6.0MB

MD5
83d4788b0b9e3a4ce9b4b562e5e4384d

SHA1
6121972f8cfa8485aea561c6e9c650903f85f54a

SHA256
f88afd0127ba0e9cb03de8a4ba9694a6b89c3c45271bb56181839b23119e0d24

SHA512
6cc872dd5a104968fb39a9810939484d72a004a706c403d18d6952419ee1cae7cc597237864334fb9227eeff5d149a9b71dfaf0645b0b04fdb916651f1f5591d

Download Submit
C:\Windows\system\QqSumKP.exe

Filesize
6.0MB

MD5
a84fabdbdd3ce44929f636630bf9531c

SHA1
7590ab17454023a0025743c097a993f1eacffe58

SHA256
58e09e8282b7385c899e60d5410153bb2cb4b506a1774e0f44b7553d5032ac39

SHA512
bb5363dcbc3f32fa8579d74da946fe18ba7f941c35d3f825844216a47aa75fb294c3e75a230c5e81104ebeba66b0e40c105f856149dd6fe12428ce6ef02c4bda

Download Submit
C:\Windows\system\RJUAspD.exe

Filesize
6.0MB

MD5
12d8229c46444616781db405d29fc3be

SHA1
fcc225fc158e73e75498825669856a4b346c22e9

SHA256
6720c73b220add9ae72ba0495023753f923f2c0f48eb9289377a978600b9181c

SHA512
43d5f3873de40e624cc433ce3a0237264568b429ce19df1b776e68360860b8f435ea274ffe5c4d8397619513d170bb5d54ffe5c1d7d0d8fbb0014a5751df99b0

Download Submit
C:\Windows\system\VsjxBts.exe

Filesize
6.0MB

MD5
099fa4091cb1877d4a1c2f10c1c22258

SHA1
2cfd21ad897b1fb76251f10d484cca85735cc8c8

SHA256
c35f262e41fe9d08efde5d05bd35393cba181a34c495426e5dc8ca59e752d322

SHA512
c4f98e33770ea12ab504675fc66364a4a0e415eff37ef41bdb54afc24e0f8683ce7cffe5d2c35c9a3b4182a2fc7fa01252002159b694feedb5a99800c340e241

Download Submit
C:\Windows\system\ZRAzRYJ.exe

Filesize
6.0MB

MD5
82eb42437a36df0a12e1577213f1f3c9

SHA1
aa6d1edcc6cce2eadd02d30e187dccc0adee7f22

SHA256
7183d60a29e122eeac8e510f9da47c93a9a4a7225fa9d9b732dcf7e9933d5935

SHA512
ad9c17a89c456f8af95d26a808dadde431aa8aa15e19a878b071e650240a852c3e805bcd3193931e280e7e507cbe49264af97f0c548b8d14ed2418ce1f162d65

Download Submit
C:\Windows\system\bTMLTVc.exe

Filesize
6.0MB

MD5
d2359411dff46a4e75e647e32e29e4ba

SHA1
ff291214e0e97179828526634776e5f9554b64da

SHA256
63e15043270d099ac2733ac97677a6a0f12ab15d96adbe867d798d103872effc

SHA512
f229615bd867dab222172009d6c525111da3352631987e4c2ad40fb595acdf634987e526563696081d7495ccef7e7d171e79e1851a7e9739cbebbf2aff03ae2d

Download Submit
C:\Windows\system\dIWvTiE.exe

Filesize
6.0MB

MD5
01e22798634a17dd8a6304c48efac87a

SHA1
bc89580df3d7f6d7cf0030ab1aad50b173511fde

SHA256
25de4f3d1a02ad958ac93c148ff7b5e4c45d2848028830bd2fbdea3732aab8c4

SHA512
c144e147bf6a023b5bbd7b89776934457e44c1df2aa8fcc3fc21fca0641a01ee72394de8f61646e2226fdd4cf42cbee84434e29bd5013dd8c75b3825b42f3a49

Download Submit
C:\Windows\system\eqPabcx.exe

Filesize
6.0MB

MD5
44eda9d3a99bf97d6c5cd5ae612cad81

SHA1
ccd0dc9343edc6de375a3f79cdbf30572471f995

SHA256
f98f529b3c9f41f11c71405ff21d59cfd22c33f786cfda9df9f0c73905a2e889

SHA512
11855c5d492a4784607f941c3466486b9581123d5e38e2b8f979b7b6ba1bda1c627ef84b245f267a1d3ece50e018aadae09b2d48264dcd26b8fcda6ec71fa0d7

Download Submit
C:\Windows\system\fIvrgGT.exe

Filesize
6.0MB

MD5
cad41ab8389c53b478b0bc7628bb5870

SHA1
60e3e979ee95f57de1f2b5ed42fea72088e48450

SHA256
c8e3bcee6fd8bb697da0c8fdbaaca2195d3d0c4f02b1a6da1cd8174b1c65f6fd

SHA512
fbb7e19dceec568b6008766991e143320cb8326077cf46f21f378bfca6b56db1658c0ba5ce045e0fa7bf36e3388ed4406b20b2cc3e78cf00e9c19f0ccf88887e

Download Submit
C:\Windows\system\ljwnZvt.exe

Filesize
6.0MB

MD5
b053cf8f32214897cf4b2c2672339165

SHA1
bd77de0479182401a3a81fe9192bb31f9e0ab139

SHA256
ebb343015e865dab036f7edb4f43cb6239d1253e91ad544e4c2ff450b9713d54

SHA512
6a2a408908600ad2c5199768db8ef22f035252c76cfff281298875d54be788feac142d84befec88f42440ce4b33e57159a03947adad698962c59ecde9af5cbdb

Download Submit
C:\Windows\system\lzSYrQD.exe

Filesize
6.0MB

MD5
67b60d74a262922df5a0e5f0f312dee5

SHA1
7620aa11f61013374cec8f950e932f0b4d833ae1

SHA256
8f41453b054e91a8b5f8ac668d31aeb6dda9c2cfe667cb9f93c5c1bd6115783d

SHA512
d59271d3962a19ea67b48564f51d1f4dcbfc0aa2fb79678db533797fe7f9ba42c119b9d313af47fde6c60d9755eff38aa7877c468990ec9b167fa66a4c50d5aa

Download Submit
C:\Windows\system\mfiEkwx.exe

Filesize
6.0MB

MD5
1c9d7054f189ff14b263976046aeb45f

SHA1
7b23eb76d7769915812036d8ac2633a09245f112

SHA256
e94c0f8ed1ed18d425ab649ca6136050ce101830cae8b2e28c7fbf54d36c9539

SHA512
f11f1c66d0a7bfaccf8b04e346d5183257d15416f6bf2db734d07ab07c354a9e34b9c02752ad8d0514067e15e3169345a69a5fc912302a51c012cc3df6846ced

Download Submit
C:\Windows\system\oZzMIbc.exe

Filesize
6.0MB

MD5
d13e378ac6395133e5c71f3e233b8586

SHA1
1dbad40fe0cde275a0a1f5e31a2f9aa3904ab9b8

SHA256
35412b920c2d43e449fe9ed812524106a0d60783ccf299a1b59697688b1c5eff

SHA512
0ee4385131ff2ac7d1a0bf98f9bff11a77ba93e26b886e603f724f7b72494f60ab12a0ee6e7f56115a9700653ea6d39f30350dff733e250e6db7b5582180c6ca

Download Submit
C:\Windows\system\ozQrERN.exe

Filesize
6.0MB

MD5
a1b79b957509e9cc48ec0964496b2378

SHA1
599b5253cc65ae76d63f29d1a38fc897eaa71b9d

SHA256
a9f2de002203ddacaf24fad6f8d1862c6f1c1fab11d975e3f4db3721847387f3

SHA512
533ea5d0cb4a1b353cefbd2450a402594ae174112a597391c69c6261d47e84e6846adc1e5ddc0ed4ba67a3cd3de7c2a82376b2f5a5ca7853d75bca3d180ff9f5

Download Submit
C:\Windows\system\rChIIyL.exe

Filesize
6.0MB

MD5
2a91e52577c60aa09d51f85dca4a7d96

SHA1
9c421501e5199b4520d2db23ded42b555a3cc3c4

SHA256
ae7d235b869cb6240dfefe4e84a0859e9dcfcc2148ffa4b74c4825ab39dc7e55

SHA512
9a7cb3d533da00d37c219f78c26662af525f4247d1503ec99c49507ffd4bf2d2084d7446430594233ec4717602cf9afa6bffcdb7e343f526d7ac81870c41787e

Download Submit
C:\Windows\system\rNvlEsD.exe

Filesize
6.0MB

MD5
7cd0bf6a7e6d0fafe6c82d8d41fb6a7c

SHA1
86436d4bd762973d26089c04d679fa0bc4d39f75

SHA256
760a9a32625a2677bc70374aa8915eab92cd6a68ce7806636f86c83ad5b96a3d

SHA512
65917b401ad49a2c0e5072d8c8d136a5d0744e45dc042f817739b0620df0160e781ea50e9a798921caec96db6024aa396ce3f5659e8abefca505c7d429dbb866

Download Submit
C:\Windows\system\sGtkwfN.exe

Filesize
6.0MB

MD5
2baad2e1909eb434302d238e65edd2dd

SHA1
140d2de78fcda5f9643e070d84df0f0975008192

SHA256
97dbc35b59d6fd162e4e723e232aa32837c255fe092b985559c1b9f012e1f0af

SHA512
957d1121ce8445c9a82268230e8243dc5f43aa2140b1def5950e15f87c5f8da365491af918f87c7ed5d273e3488f234f3917950d25c6d3f2554fa6485b970b79

Download Submit
C:\Windows\system\sddBdvn.exe

Filesize
6.0MB

MD5
ffd213ad02c3f22157bc39bc8ccf2a70

SHA1
101ee3ccefb0a830f85ce5fcdeb3528831b7467a

SHA256
f56658bf05ee00c8b21d951a70a9e60e1454dee865e5cd0271fc26b7c3cd288c

SHA512
ab134503bfe6f28ac37c76f723aee22b093a45e668d471ff95852e37e62dbc48f895e935c3629030b4de1e99ed9a2696c3c01af24f8813ebd2f071f785950420

Download Submit
\Windows\system\DyNZPsd.exe

Filesize
6.0MB

MD5
c79b96a698d68067171fa1d3fa03de97

SHA1
510f724e207e39ecd70ba0dfec07846aebadf290

SHA256
7a59844ef4f5536a0c510c2f27d11ca5aeebec3b9adcab8a3a2e58a39d3346da

SHA512
a9b5b903cf3138497d67eb91ba847cbc661a4d5ebc22b28b5893dfe79a7a84b9924e82ade160e88e4c4428d370cec32dfd28d877e9645cd38b8310d9a8aa4920

Download Submit
\Windows\system\FnsQowM.exe

Filesize
6.0MB

MD5
05cb5ec98ad1cda7654abdcec9a54bf2

SHA1
b80ec7f1ffc90f1faaf4afe6f53c011acaaf1028

SHA256
dde9edbd940771b4dcc6ba4773b0a5bd62d280bd315f6a95ac22b136ce9fa46d

SHA512
ec6895e56c4321786babfb386e756930d89117ca02fcd71d5ef775d4f43e3ef71b7d15334453bd2544fba0da6f0734210d3796e2f8d6b495596943fecc3e9502

Download Submit
\Windows\system\KdWzYwj.exe

Filesize
6.0MB

MD5
cccd2bec5fd3832de39e4d8fc858443e

SHA1
6a6a1ad8f0b0bef46b4b1f036e3c0fa6de9df2e6

SHA256
f56a6bd1536bce1e4f92f0a6ec0394b16a99a9802a9ab4f1d58a3445470b8cff

SHA512
211aa8d0c2fbe411c6822617ebbe6bbd3f883aa442a28d0072e05be8f3ce87151fc002ce1a99640eaadd283d22eb6e95d9a05e16c0f6e6589ddb640b673331cd

Download Submit
\Windows\system\McqxRan.exe

Filesize
6.0MB

MD5
5583815d0e086feb70797a566f495c55

SHA1
043733c88134a2314bcb7ce1375c9a2e89cfb1fd

SHA256
2c5133c1de55ca7a047b2bbf52b4548343424b4cc7e95c8e1d311c7a9c519d63

SHA512
4dfead794cbc154acd23e6e2924299cf0ddbc50b641587538b8d0a1751e91c80c70124fc45a15243a664ef47c0b9bdbd01507cae0531d585348ae2fffbffb6b1

Download Submit
\Windows\system\RUBvjKr.exe

Filesize
6.0MB

MD5
2d0059c15befaa0ba95418f1fd6c6cb9

SHA1
e0e177ee7011b18a6f84b59a964ba7d4faf3a911

SHA256
5b61cf062e1955032c07c44e8c84115aeaa6d21d1eb6ea501ee12d96388e8e9e

SHA512
5cefd459ed6429dbf315c5749d5e43c5dc9dec4c6748e512684645716a502ff6edaed8d5d5c8e9a64b4bcce9d8a4c23d3b63c44876b3b914308b59b45bbf08f1

Download Submit
\Windows\system\VOEoHRr.exe

Filesize
6.0MB

MD5
440e75e4f2a3e34cf00075896795941b

SHA1
dda0089196d0c75efda3f666583ed911ea045f66

SHA256
e570919178c2e185a4ed23344455140c76c024a9b0f022fc54954d09fd2f2362

SHA512
0d9aacee2019ae347cf3017649174ac66978d231fd182d998d283e0d2def1e92595f1413275f7d79d2d7d7e353d2dabb8f01d460edf00ce011d95ddc3f0880a1

Download Submit
\Windows\system\XGgAdgn.exe

Filesize
6.0MB

MD5
5ca7c2d05925fe4ae1f665bb6da16d96

SHA1
5978f4788b652f3052979ead21c820c2fd8ee41c

SHA256
722e24a400008b5ef2814cfcdd3881efb84ce45ef50a9ee6067996c701f3a3e6

SHA512
cc99f1d202a5d5dc44e86bffab6fc34581d7e9704cff7d9dcb69f0696c8ed79201dcc8cf736643793721db0b0e39db378db7b7fd84c257bf67a589b37dfd3ebc

Download Submit
\Windows\system\csnosun.exe

Filesize
6.0MB

MD5
185ce6061856b7cee7d37bde56ee49c1

SHA1
bb287938d58f54c792d0485ab0d292a9acb19846

SHA256
91a9ed3bdc51edc8dfa9975c63979bfda82534afff7a2c1f68d466b5935b4ebf

SHA512
3a4d4bda49cc13e01777d5a497fee675fdd8f24a118b0e5250e2a8e7c7ae555d4deba0572d2f68fab6f2b300c6cf6c8d8e1bf2a076b383c13554e313b37f9601

Download Submit
\Windows\system\ixCKIMQ.exe

Filesize
6.0MB

MD5
2d1eaad1a582d944cb9f36a82ed6ce37

SHA1
40a364ab8807ac55387fdc3cd1e506fdbca64444

SHA256
8984b1fc8f5b7903faf0533343ee266596a2fd604d3ab089b851244537efb6bc

SHA512
16d125a057506f103612bf600de2d0267bd900a8ee977e97bce5c11381744dc2087b547e8aa3e18dfe1c86b597e3ae03b94c877abfd5761045f05ac689da2358

Download Submit
\Windows\system\nSGFzqi.exe

Filesize
6.0MB

MD5
4f6f6f7c4240ddd1f95b05d99fdc299d

SHA1
a91ffcdcc05c41f2b76b4ae6c079cc31845b74ca

SHA256
26236e139e71fe51df13112cfb9d0873cf60cc768ef139893a0b10a6b87fd2a5

SHA512
3fa071ba043aa80d0c0991299b4fb466a6c6d65f1b68eccf9cd3e441958dc172be02e4cb90a3ab7dc0cfbe5de34a2e5803463033a68c79efeac6fe9bbaa9e29a

Download Submit
\Windows\system\nVHePJE.exe

Filesize
6.0MB

MD5
f884b24607d3220802ab213ebe1a2687

SHA1
94db06ec54c990e390c70ded3001f518e9288bb3

SHA256
0b22f3cc0ee4df48424673fa87acac8a1c6983e8f899e557fb35b435f5908279

SHA512
12368f0d45026da79d7e16863a481cce0226549b6668dd3e88a206f337498803fb9c7269e4ac5a7eea92431f3f00e6e4fdc1548306a98b8a7ab47ddf6d15e478

Download Submit
\Windows\system\oILDhnn.exe

Filesize
6.0MB

MD5
e9183606bcc05175d12e3817507f4858

SHA1
16ca82cabc8914ce261fa774659c1a00f17f7c99

SHA256
0efc6bcf1d0e4cc17da73e3ae41bdb373388b57f1eee3dd16367bbc1eb372fee

SHA512
18e48043d2bf21ac2e8b1ff36059ef10ae889591fd38ed6a245682b6aad6670c68d81eac3fd97092a120663a7aea1664a683eb0849d68272e132ace25e195641

Download Submit
\Windows\system\rDFQnjE.exe

Filesize
6.0MB

MD5
f656ce9a2411d230c537d073ce247d74

SHA1
14db80d07f707bea6ac67003fe423fd170dc77a2

SHA256
c332f916f0317a35db3883f9a31137c1a1e9d4c35dd07a36713d0c48c6d736ea

SHA512
f42eeaf2b9088397fdded381b61c8d1de7795896ddc7ef48c5ff056092dd4e328a9830761b0d691c4f811bf4f0b7b0705a74c1a75dff539e84b65cbbaa2f2706

Download Submit
memory/444-3538-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/444-48-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/452-3541-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/452-65-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/1328-91-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/1328-433-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/1328-3551-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2092-3537-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2092-33-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2308-737-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2308-28-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2308-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2308-428-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2308-21-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2308-316-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2308-96-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2308-72-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-0-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-105-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2308-104-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2308-103-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2308-102-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-74-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2308-75-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2308-39-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2308-90-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2308-77-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2308-43-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2308-78-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2308-70-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2308-63-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-81-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3553-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2640-64-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2676-3556-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-85-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-317-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3535-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2684-42-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3657-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2736-76-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3548-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2768-79-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3552-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-53-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-3540-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2864-62-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2876-3539-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-44-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-97-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3557-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2932-739-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/3036-3536-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/3036-69-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download