cobaltstrike | c4dc13523929a944e48b0eca31cf460fe56838245cab32faea315a5650cd9a89

Analysis

max time kernel
150s
max time network
20s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 00:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8807f308da523788f8c79725fff0d4e9
SHA1

042fcd3d57e5f9d0a2188559c084031bb87640c7
SHA256

c4dc13523929a944e48b0eca31cf460fe56838245cab32faea315a5650cd9a89
SHA512

14c7b3f30a13684b1f364e1b0550737dce7b2132b68567b30541633d51b7d6bb6f978d8d759e2438fd3e86fc61974eaed8af98e2ebc5ba33075fd50e4e7cedac
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUG:T+q56utgpPF8u/7G

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012262-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000197fd-9.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001960c-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019820-19.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001998d-29.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019c3c-51.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019bf9-44.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44d-74.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44f-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a479-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a488-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48a-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a486-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a484-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a482-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a480-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47d-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47b-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a475-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a473-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46b-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a469-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a459-102.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a457-93.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019d62-63.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001a438-69.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019bf6-40.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1968-0-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x000a000000012262-3.dat	xmrig
behavioral1/files/0x00080000000197fd-9.dat	xmrig
behavioral1/memory/1620-14-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x000800000001960c-15.dat	xmrig
behavioral1/files/0x0007000000019820-19.dat	xmrig
behavioral1/memory/1056-24-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2572-26-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/files/0x000700000001998d-29.dat	xmrig
behavioral1/memory/2200-39-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2732-41-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2952-35-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0006000000019c3c-51.dat	xmrig
behavioral1/files/0x0006000000019bf9-44.dat	xmrig
behavioral1/memory/2908-56-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2760-49-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2772-65-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2740-71-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a44d-74.dat	xmrig
behavioral1/memory/2892-79-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2732-78-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/files/0x000500000001a44f-84.dat	xmrig
behavioral1/memory/2772-103-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a479-156.dat	xmrig
behavioral1/memory/2892-214-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2200-654-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/1620-655-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2572-657-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2908-661-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2772-662-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2892-664-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2740-663-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2420-667-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/1796-666-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2468-665-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2760-660-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2732-659-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2952-658-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/1056-656-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2420-380-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/1796-292-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2468-267-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x000500000001a488-191.dat	xmrig
behavioral1/files/0x000500000001a48a-194.dat	xmrig
behavioral1/files/0x000500000001a486-185.dat	xmrig
behavioral1/files/0x000500000001a484-181.dat	xmrig
behavioral1/files/0x000500000001a482-175.dat	xmrig
behavioral1/files/0x000500000001a480-171.dat	xmrig
behavioral1/files/0x000500000001a47d-165.dat	xmrig
behavioral1/files/0x000500000001a47b-160.dat	xmrig
behavioral1/files/0x000500000001a477-150.dat	xmrig
behavioral1/memory/2740-142-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a475-146.dat	xmrig
behavioral1/files/0x000500000001a473-139.dat	xmrig
behavioral1/files/0x000500000001a471-135.dat	xmrig
behavioral1/files/0x000500000001a46f-129.dat	xmrig
behavioral1/files/0x000500000001a46b-119.dat	xmrig
behavioral1/files/0x000500000001a46d-125.dat	xmrig
behavioral1/files/0x000500000001a469-115.dat	xmrig
behavioral1/files/0x000500000001a463-110.dat	xmrig
behavioral1/memory/2420-104-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x000500000001a459-102.dat	xmrig
behavioral1/memory/1796-95-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2908-94-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2200	WliggSm.exe
1620	NXUJdbw.exe
1056	HbHxUzm.exe
2572	Aurkpst.exe
2952	NQrRUoF.exe
2732	IsNvAUJ.exe
2760	mrduqzI.exe
2908	IMiUDtx.exe
2772	bvWaXRz.exe
2740	XuubfgB.exe
2892	lCKkqlw.exe
2468	AiDRvIi.exe
1796	QEKmOZd.exe
2420	jMRzNLv.exe
2968	JnOOWWQ.exe
3044	NUEBLIr.exe
2544	ElptEJe.exe
296	GqGDlhS.exe
2820	rUNVkEX.exe
2340	gHnDgqn.exe
1964	DlliohH.exe
1868	kJpzKrr.exe
1748	KfsPZbK.exe
2372	zyXJSeI.exe
640	BONIihm.exe
1552	waPHPxE.exe
2492	XFqlGrp.exe
976	MjWPiph.exe
2368	uxXyUEg.exe
960	WqGfGtU.exe
1564	txhlIiZ.exe
1500	WAwXQMq.exe
1508	PSpLFOp.exe
2412	NFEcFGT.exe
2436	CkVkhuP.exe
2584	CmwgQHZ.exe
1788	KEnwXBZ.exe
772	bGxnJZH.exe
796	ImnNoMi.exe
2440	YrUBQRz.exe
112	RZwANLW.exe
1312	YqFhoCI.exe
2236	jtrpCif.exe
576	IuMNjVA.exe
2472	iacunTh.exe
2032	UpPafjD.exe
532	kNJCDmf.exe
2588	plzlxBc.exe
2452	PqDoZeQ.exe
2360	uJwYFAy.exe
2660	eLicCvD.exe
912	rvoDBzM.exe
1532	rffsbVc.exe
972	CHIvLVE.exe
1652	ocZhkOK.exe
1892	uCnpcjk.exe
2864	IhQNjss.exe
2680	TruIjFq.exe
816	bWcdCiE.exe
2844	VcYXozP.exe
2376	gAIoCet.exe
1224	eqkdQdT.exe
1716	GQrMVjl.exe
800	ysUbijj.exe

Loads dropped DLL 64 IoCs

pid	Process
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1968-0-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x000a000000012262-3.dat	upx
behavioral1/files/0x00080000000197fd-9.dat	upx
behavioral1/memory/1620-14-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/files/0x000800000001960c-15.dat	upx
behavioral1/files/0x0007000000019820-19.dat	upx
behavioral1/memory/1056-24-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2572-26-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/files/0x000700000001998d-29.dat	upx
behavioral1/memory/2200-39-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2732-41-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2952-35-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0006000000019c3c-51.dat	upx
behavioral1/files/0x0006000000019bf9-44.dat	upx
behavioral1/memory/2908-56-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2760-49-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2772-65-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2740-71-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/files/0x000500000001a44d-74.dat	upx
behavioral1/memory/2892-79-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2732-78-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/files/0x000500000001a44f-84.dat	upx
behavioral1/memory/2772-103-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/files/0x000500000001a479-156.dat	upx
behavioral1/memory/2892-214-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2200-654-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/1620-655-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2572-657-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2908-661-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2772-662-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2892-664-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2740-663-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2420-667-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/1796-666-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2468-665-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2760-660-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2732-659-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2952-658-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/1056-656-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2420-380-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/1796-292-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2468-267-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x000500000001a488-191.dat	upx
behavioral1/files/0x000500000001a48a-194.dat	upx
behavioral1/files/0x000500000001a486-185.dat	upx
behavioral1/files/0x000500000001a484-181.dat	upx
behavioral1/files/0x000500000001a482-175.dat	upx
behavioral1/files/0x000500000001a480-171.dat	upx
behavioral1/files/0x000500000001a47d-165.dat	upx
behavioral1/files/0x000500000001a47b-160.dat	upx
behavioral1/files/0x000500000001a477-150.dat	upx
behavioral1/memory/2740-142-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/files/0x000500000001a475-146.dat	upx
behavioral1/files/0x000500000001a473-139.dat	upx
behavioral1/files/0x000500000001a471-135.dat	upx
behavioral1/files/0x000500000001a46f-129.dat	upx
behavioral1/files/0x000500000001a46b-119.dat	upx
behavioral1/files/0x000500000001a46d-125.dat	upx
behavioral1/files/0x000500000001a469-115.dat	upx
behavioral1/files/0x000500000001a463-110.dat	upx
behavioral1/memory/2420-104-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x000500000001a459-102.dat	upx
behavioral1/memory/1796-95-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2908-94-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\irQaAWk.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pWERLFp.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RrCGvMD.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tyJDtPP.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ocgdsWb.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ROubrsR.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCacRSN.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nynNslr.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HHKTtoJ.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hFkTHDF.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OMOknLQ.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sZiPjxj.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\csxnNHW.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UklJMJU.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qXQfDhI.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\darMDYi.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TruIjFq.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rwAZXkj.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LdKoWTm.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PrKrcaQ.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OhkcNZm.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dYYzosO.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IVwCXNp.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YRORJms.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AIMvftm.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\atxWyAX.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mubCbKH.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ASKWZqj.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tyMpBdP.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\msFacLz.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gNMzkRZ.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbIcmGJ.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hwqslJA.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yYzYfDJ.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BpkifoF.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\otchNjg.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HNhSzxx.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hgZltSn.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jjhjZoY.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Zfyazec.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NTgyyDm.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MRPIutU.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nkbwTNz.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oVwZlSn.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tucIhWJ.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdlGBVz.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xAjsbDW.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rBVBZBM.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cMZhzxm.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cjYmONL.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZUtxiCs.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVGBofl.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bsOEySe.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nNmsHxr.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tDWtwdO.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pkPpQfc.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPTWdXm.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sizwgPs.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PNmiVKa.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CKzYzJx.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\igdPaWm.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jtrpCif.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PlbvCBw.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HtHIqiR.exe	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2200	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1968 wrote to memory of 2200	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1968 wrote to memory of 2200	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1968 wrote to memory of 1620	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1968 wrote to memory of 1620	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1968 wrote to memory of 1620	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1968 wrote to memory of 2572	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1968 wrote to memory of 2572	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1968 wrote to memory of 2572	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1968 wrote to memory of 1056	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1968 wrote to memory of 1056	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1968 wrote to memory of 1056	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1968 wrote to memory of 2952	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1968 wrote to memory of 2952	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1968 wrote to memory of 2952	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1968 wrote to memory of 2732	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1968 wrote to memory of 2732	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1968 wrote to memory of 2732	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1968 wrote to memory of 2760	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1968 wrote to memory of 2760	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1968 wrote to memory of 2760	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1968 wrote to memory of 2908	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1968 wrote to memory of 2908	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1968 wrote to memory of 2908	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1968 wrote to memory of 2772	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1968 wrote to memory of 2772	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1968 wrote to memory of 2772	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1968 wrote to memory of 2740	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1968 wrote to memory of 2740	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1968 wrote to memory of 2740	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1968 wrote to memory of 2892	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1968 wrote to memory of 2892	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1968 wrote to memory of 2892	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1968 wrote to memory of 2468	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1968 wrote to memory of 2468	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1968 wrote to memory of 2468	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1968 wrote to memory of 1796	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1968 wrote to memory of 1796	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1968 wrote to memory of 1796	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1968 wrote to memory of 2420	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1968 wrote to memory of 2420	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1968 wrote to memory of 2420	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1968 wrote to memory of 2968	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1968 wrote to memory of 2968	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1968 wrote to memory of 2968	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1968 wrote to memory of 3044	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1968 wrote to memory of 3044	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1968 wrote to memory of 3044	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1968 wrote to memory of 2544	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1968 wrote to memory of 2544	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1968 wrote to memory of 2544	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1968 wrote to memory of 296	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1968 wrote to memory of 296	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1968 wrote to memory of 296	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1968 wrote to memory of 2820	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1968 wrote to memory of 2820	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1968 wrote to memory of 2820	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1968 wrote to memory of 2340	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1968 wrote to memory of 2340	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1968 wrote to memory of 2340	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1968 wrote to memory of 1964	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1968 wrote to memory of 1964	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1968 wrote to memory of 1964	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1968 wrote to memory of 1868	1968	2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-26_8807f308da523788f8c79725fff0d4e9_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\System\WliggSm.exe
  C:\Windows\System\WliggSm.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\NXUJdbw.exe
  C:\Windows\System\NXUJdbw.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\Aurkpst.exe
  C:\Windows\System\Aurkpst.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\HbHxUzm.exe
  C:\Windows\System\HbHxUzm.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\NQrRUoF.exe
  C:\Windows\System\NQrRUoF.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\IsNvAUJ.exe
  C:\Windows\System\IsNvAUJ.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\mrduqzI.exe
  C:\Windows\System\mrduqzI.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\IMiUDtx.exe
  C:\Windows\System\IMiUDtx.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\bvWaXRz.exe
  C:\Windows\System\bvWaXRz.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\XuubfgB.exe
  C:\Windows\System\XuubfgB.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\lCKkqlw.exe
  C:\Windows\System\lCKkqlw.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\AiDRvIi.exe
  C:\Windows\System\AiDRvIi.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\QEKmOZd.exe
  C:\Windows\System\QEKmOZd.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\jMRzNLv.exe
  C:\Windows\System\jMRzNLv.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\JnOOWWQ.exe
  C:\Windows\System\JnOOWWQ.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\NUEBLIr.exe
  C:\Windows\System\NUEBLIr.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\ElptEJe.exe
  C:\Windows\System\ElptEJe.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\GqGDlhS.exe
  C:\Windows\System\GqGDlhS.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\rUNVkEX.exe
  C:\Windows\System\rUNVkEX.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\gHnDgqn.exe
  C:\Windows\System\gHnDgqn.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\DlliohH.exe
  C:\Windows\System\DlliohH.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\kJpzKrr.exe
  C:\Windows\System\kJpzKrr.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\KfsPZbK.exe
  C:\Windows\System\KfsPZbK.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\zyXJSeI.exe
  C:\Windows\System\zyXJSeI.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\BONIihm.exe
  C:\Windows\System\BONIihm.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\waPHPxE.exe
  C:\Windows\System\waPHPxE.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\XFqlGrp.exe
  C:\Windows\System\XFqlGrp.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\MjWPiph.exe
  C:\Windows\System\MjWPiph.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\uxXyUEg.exe
  C:\Windows\System\uxXyUEg.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\WqGfGtU.exe
  C:\Windows\System\WqGfGtU.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\txhlIiZ.exe
  C:\Windows\System\txhlIiZ.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\WAwXQMq.exe
  C:\Windows\System\WAwXQMq.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\PSpLFOp.exe
  C:\Windows\System\PSpLFOp.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\NFEcFGT.exe
  C:\Windows\System\NFEcFGT.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\CkVkhuP.exe
  C:\Windows\System\CkVkhuP.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\CmwgQHZ.exe
  C:\Windows\System\CmwgQHZ.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\KEnwXBZ.exe
  C:\Windows\System\KEnwXBZ.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\bGxnJZH.exe
  C:\Windows\System\bGxnJZH.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\ImnNoMi.exe
  C:\Windows\System\ImnNoMi.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\YrUBQRz.exe
  C:\Windows\System\YrUBQRz.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\RZwANLW.exe
  C:\Windows\System\RZwANLW.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\YqFhoCI.exe
  C:\Windows\System\YqFhoCI.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\jtrpCif.exe
  C:\Windows\System\jtrpCif.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\IuMNjVA.exe
  C:\Windows\System\IuMNjVA.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\iacunTh.exe
  C:\Windows\System\iacunTh.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\UpPafjD.exe
  C:\Windows\System\UpPafjD.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\kNJCDmf.exe
  C:\Windows\System\kNJCDmf.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\plzlxBc.exe
  C:\Windows\System\plzlxBc.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\PqDoZeQ.exe
  C:\Windows\System\PqDoZeQ.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\uJwYFAy.exe
  C:\Windows\System\uJwYFAy.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\eLicCvD.exe
  C:\Windows\System\eLicCvD.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\rvoDBzM.exe
  C:\Windows\System\rvoDBzM.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\rffsbVc.exe
  C:\Windows\System\rffsbVc.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\CHIvLVE.exe
  C:\Windows\System\CHIvLVE.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\ocZhkOK.exe
  C:\Windows\System\ocZhkOK.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\uCnpcjk.exe
  C:\Windows\System\uCnpcjk.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\IhQNjss.exe
  C:\Windows\System\IhQNjss.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\TruIjFq.exe
  C:\Windows\System\TruIjFq.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\bWcdCiE.exe
  C:\Windows\System\bWcdCiE.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\VcYXozP.exe
  C:\Windows\System\VcYXozP.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\gAIoCet.exe
  C:\Windows\System\gAIoCet.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\eqkdQdT.exe
  C:\Windows\System\eqkdQdT.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\GQrMVjl.exe
  C:\Windows\System\GQrMVjl.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\ysUbijj.exe
  C:\Windows\System\ysUbijj.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\pEennBO.exe
  C:\Windows\System\pEennBO.exe
  2⤵
  PID:2140
- C:\Windows\System\xtdhbvo.exe
  C:\Windows\System\xtdhbvo.exe
  2⤵
  PID:2216
- C:\Windows\System\RPbyZyY.exe
  C:\Windows\System\RPbyZyY.exe
  2⤵
  PID:2288
- C:\Windows\System\nSippEA.exe
  C:\Windows\System\nSippEA.exe
  2⤵
  PID:1952
- C:\Windows\System\CarjUdQ.exe
  C:\Windows\System\CarjUdQ.exe
  2⤵
  PID:1304
- C:\Windows\System\FaPQmsi.exe
  C:\Windows\System\FaPQmsi.exe
  2⤵
  PID:2172
- C:\Windows\System\omTxaFT.exe
  C:\Windows\System\omTxaFT.exe
  2⤵
  PID:2296
- C:\Windows\System\bTBTyiT.exe
  C:\Windows\System\bTBTyiT.exe
  2⤵
  PID:1488
- C:\Windows\System\bmxfRha.exe
  C:\Windows\System\bmxfRha.exe
  2⤵
  PID:1120
- C:\Windows\System\BBKqVor.exe
  C:\Windows\System\BBKqVor.exe
  2⤵
  PID:272
- C:\Windows\System\oNYXZFI.exe
  C:\Windows\System\oNYXZFI.exe
  2⤵
  PID:456
- C:\Windows\System\FPBMCLC.exe
  C:\Windows\System\FPBMCLC.exe
  2⤵
  PID:1704
- C:\Windows\System\hOPQHvQ.exe
  C:\Windows\System\hOPQHvQ.exe
  2⤵
  PID:1428
- C:\Windows\System\INlsqzW.exe
  C:\Windows\System\INlsqzW.exe
  2⤵
  PID:2700
- C:\Windows\System\DbpRjvI.exe
  C:\Windows\System\DbpRjvI.exe
  2⤵
  PID:1800
- C:\Windows\System\faYgLKd.exe
  C:\Windows\System\faYgLKd.exe
  2⤵
  PID:2224
- C:\Windows\System\GnAmxjA.exe
  C:\Windows\System\GnAmxjA.exe
  2⤵
  PID:1264
- C:\Windows\System\cMZhzxm.exe
  C:\Windows\System\cMZhzxm.exe
  2⤵
  PID:560
- C:\Windows\System\vDhHCAd.exe
  C:\Windows\System\vDhHCAd.exe
  2⤵
  PID:1596
- C:\Windows\System\xOwvYYI.exe
  C:\Windows\System\xOwvYYI.exe
  2⤵
  PID:1504
- C:\Windows\System\Atmxihd.exe
  C:\Windows\System\Atmxihd.exe
  2⤵
  PID:1544
- C:\Windows\System\UyOKyvP.exe
  C:\Windows\System\UyOKyvP.exe
  2⤵
  PID:1524
- C:\Windows\System\QlSFYBf.exe
  C:\Windows\System\QlSFYBf.exe
  2⤵
  PID:964
- C:\Windows\System\fxMOZbj.exe
  C:\Windows\System\fxMOZbj.exe
  2⤵
  PID:2292
- C:\Windows\System\tZIXHlP.exe
  C:\Windows\System\tZIXHlP.exe
  2⤵
  PID:2832
- C:\Windows\System\FFdqOXj.exe
  C:\Windows\System\FFdqOXj.exe
  2⤵
  PID:2052
- C:\Windows\System\YxsvLkz.exe
  C:\Windows\System\YxsvLkz.exe
  2⤵
  PID:3048
- C:\Windows\System\cvsBXEf.exe
  C:\Windows\System\cvsBXEf.exe
  2⤵
  PID:3008
- C:\Windows\System\tjbuxSr.exe
  C:\Windows\System\tjbuxSr.exe
  2⤵
  PID:2548
- C:\Windows\System\Ejjfxua.exe
  C:\Windows\System\Ejjfxua.exe
  2⤵
  PID:836
- C:\Windows\System\yEfRKeG.exe
  C:\Windows\System\yEfRKeG.exe
  2⤵
  PID:2072
- C:\Windows\System\hxATnhG.exe
  C:\Windows\System\hxATnhG.exe
  2⤵
  PID:2248
- C:\Windows\System\JIhAKub.exe
  C:\Windows\System\JIhAKub.exe
  2⤵
  PID:2056
- C:\Windows\System\yECflgR.exe
  C:\Windows\System\yECflgR.exe
  2⤵
  PID:1720
- C:\Windows\System\ImDBENN.exe
  C:\Windows\System\ImDBENN.exe
  2⤵
  PID:1844
- C:\Windows\System\hIoamIw.exe
  C:\Windows\System\hIoamIw.exe
  2⤵
  PID:1776
- C:\Windows\System\VoPLOeY.exe
  C:\Windows\System\VoPLOeY.exe
  2⤵
  PID:472
- C:\Windows\System\RgbNZaW.exe
  C:\Windows\System\RgbNZaW.exe
  2⤵
  PID:1904
- C:\Windows\System\BerwvEo.exe
  C:\Windows\System\BerwvEo.exe
  2⤵
  PID:236
- C:\Windows\System\kvFgcFQ.exe
  C:\Windows\System\kvFgcFQ.exe
  2⤵
  PID:680
- C:\Windows\System\DeaVOiU.exe
  C:\Windows\System\DeaVOiU.exe
  2⤵
  PID:2188
- C:\Windows\System\NTgyyDm.exe
  C:\Windows\System\NTgyyDm.exe
  2⤵
  PID:892
- C:\Windows\System\gjJpqBs.exe
  C:\Windows\System\gjJpqBs.exe
  2⤵
  PID:2624
- C:\Windows\System\yYUownn.exe
  C:\Windows\System\yYUownn.exe
  2⤵
  PID:2284
- C:\Windows\System\NNbojyX.exe
  C:\Windows\System\NNbojyX.exe
  2⤵
  PID:2988
- C:\Windows\System\bsOEySe.exe
  C:\Windows\System\bsOEySe.exe
  2⤵
  PID:3012
- C:\Windows\System\SyQbNzI.exe
  C:\Windows\System\SyQbNzI.exe
  2⤵
  PID:2112
- C:\Windows\System\GPeJZXy.exe
  C:\Windows\System\GPeJZXy.exe
  2⤵
  PID:1908
- C:\Windows\System\NDeLDdH.exe
  C:\Windows\System\NDeLDdH.exe
  2⤵
  PID:2120
- C:\Windows\System\QMMJRWg.exe
  C:\Windows\System\QMMJRWg.exe
  2⤵
  PID:2144
- C:\Windows\System\jbPpTpE.exe
  C:\Windows\System\jbPpTpE.exe
  2⤵
  PID:3084
- C:\Windows\System\PmBReCP.exe
  C:\Windows\System\PmBReCP.exe
  2⤵
  PID:3104
- C:\Windows\System\DyTFeoX.exe
  C:\Windows\System\DyTFeoX.exe
  2⤵
  PID:3124
- C:\Windows\System\qwRXgSY.exe
  C:\Windows\System\qwRXgSY.exe
  2⤵
  PID:3148
- C:\Windows\System\kdJzNHL.exe
  C:\Windows\System\kdJzNHL.exe
  2⤵
  PID:3168
- C:\Windows\System\PxuWtqF.exe
  C:\Windows\System\PxuWtqF.exe
  2⤵
  PID:3188
- C:\Windows\System\KRymvHR.exe
  C:\Windows\System\KRymvHR.exe
  2⤵
  PID:3208
- C:\Windows\System\WtMgOaG.exe
  C:\Windows\System\WtMgOaG.exe
  2⤵
  PID:3228
- C:\Windows\System\jEJZHaX.exe
  C:\Windows\System\jEJZHaX.exe
  2⤵
  PID:3248
- C:\Windows\System\HiFCoBN.exe
  C:\Windows\System\HiFCoBN.exe
  2⤵
  PID:3268
- C:\Windows\System\cOsUWKz.exe
  C:\Windows\System\cOsUWKz.exe
  2⤵
  PID:3288
- C:\Windows\System\ChjdiwV.exe
  C:\Windows\System\ChjdiwV.exe
  2⤵
  PID:3304
- C:\Windows\System\XXmYUrE.exe
  C:\Windows\System\XXmYUrE.exe
  2⤵
  PID:3328
- C:\Windows\System\UrUMpIg.exe
  C:\Windows\System\UrUMpIg.exe
  2⤵
  PID:3352
- C:\Windows\System\AmTmFuV.exe
  C:\Windows\System\AmTmFuV.exe
  2⤵
  PID:3372
- C:\Windows\System\rRIKpTB.exe
  C:\Windows\System\rRIKpTB.exe
  2⤵
  PID:3392
- C:\Windows\System\niLuOEZ.exe
  C:\Windows\System\niLuOEZ.exe
  2⤵
  PID:3412
- C:\Windows\System\WJTdrys.exe
  C:\Windows\System\WJTdrys.exe
  2⤵
  PID:3432
- C:\Windows\System\sZiPjxj.exe
  C:\Windows\System\sZiPjxj.exe
  2⤵
  PID:3452
- C:\Windows\System\mbekAHr.exe
  C:\Windows\System\mbekAHr.exe
  2⤵
  PID:3472
- C:\Windows\System\vwRUAVF.exe
  C:\Windows\System\vwRUAVF.exe
  2⤵
  PID:3492
- C:\Windows\System\zXgcUwC.exe
  C:\Windows\System\zXgcUwC.exe
  2⤵
  PID:3512
- C:\Windows\System\bVaxlKz.exe
  C:\Windows\System\bVaxlKz.exe
  2⤵
  PID:3536
- C:\Windows\System\aRcMbNK.exe
  C:\Windows\System\aRcMbNK.exe
  2⤵
  PID:3556
- C:\Windows\System\cuKEhwa.exe
  C:\Windows\System\cuKEhwa.exe
  2⤵
  PID:3576
- C:\Windows\System\JPlMGzQ.exe
  C:\Windows\System\JPlMGzQ.exe
  2⤵
  PID:3596
- C:\Windows\System\JmEFpIl.exe
  C:\Windows\System\JmEFpIl.exe
  2⤵
  PID:3616
- C:\Windows\System\qSyNUVw.exe
  C:\Windows\System\qSyNUVw.exe
  2⤵
  PID:3636
- C:\Windows\System\RkQQFxT.exe
  C:\Windows\System\RkQQFxT.exe
  2⤵
  PID:3660
- C:\Windows\System\TvXZPXj.exe
  C:\Windows\System\TvXZPXj.exe
  2⤵
  PID:3680
- C:\Windows\System\PcFwAHh.exe
  C:\Windows\System\PcFwAHh.exe
  2⤵
  PID:3700
- C:\Windows\System\XvXxRUY.exe
  C:\Windows\System\XvXxRUY.exe
  2⤵
  PID:3720
- C:\Windows\System\hPwDAvU.exe
  C:\Windows\System\hPwDAvU.exe
  2⤵
  PID:3740
- C:\Windows\System\eOyrOAM.exe
  C:\Windows\System\eOyrOAM.exe
  2⤵
  PID:3760
- C:\Windows\System\rqqLBYh.exe
  C:\Windows\System\rqqLBYh.exe
  2⤵
  PID:3780
- C:\Windows\System\AOEhxRt.exe
  C:\Windows\System\AOEhxRt.exe
  2⤵
  PID:3800
- C:\Windows\System\DPYvBpw.exe
  C:\Windows\System\DPYvBpw.exe
  2⤵
  PID:3820
- C:\Windows\System\dYYzosO.exe
  C:\Windows\System\dYYzosO.exe
  2⤵
  PID:3840
- C:\Windows\System\lDtEeur.exe
  C:\Windows\System\lDtEeur.exe
  2⤵
  PID:3860
- C:\Windows\System\cmucBUX.exe
  C:\Windows\System\cmucBUX.exe
  2⤵
  PID:3880
- C:\Windows\System\TbMlPtS.exe
  C:\Windows\System\TbMlPtS.exe
  2⤵
  PID:3904
- C:\Windows\System\pHIICJd.exe
  C:\Windows\System\pHIICJd.exe
  2⤵
  PID:3924
- C:\Windows\System\qytWHLw.exe
  C:\Windows\System\qytWHLw.exe
  2⤵
  PID:3948
- C:\Windows\System\hcskPoL.exe
  C:\Windows\System\hcskPoL.exe
  2⤵
  PID:3968
- C:\Windows\System\bzuvTni.exe
  C:\Windows\System\bzuvTni.exe
  2⤵
  PID:3988
- C:\Windows\System\CHgeWxU.exe
  C:\Windows\System\CHgeWxU.exe
  2⤵
  PID:4008
- C:\Windows\System\YPXyJUz.exe
  C:\Windows\System\YPXyJUz.exe
  2⤵
  PID:4028
- C:\Windows\System\JNwUJhY.exe
  C:\Windows\System\JNwUJhY.exe
  2⤵
  PID:4048
- C:\Windows\System\jCMICpU.exe
  C:\Windows\System\jCMICpU.exe
  2⤵
  PID:4068
- C:\Windows\System\tLsRlPS.exe
  C:\Windows\System\tLsRlPS.exe
  2⤵
  PID:4088
- C:\Windows\System\feSgSKx.exe
  C:\Windows\System\feSgSKx.exe
  2⤵
  PID:684
- C:\Windows\System\etzJTJF.exe
  C:\Windows\System\etzJTJF.exe
  2⤵
  PID:1960
- C:\Windows\System\KWIMJDC.exe
  C:\Windows\System\KWIMJDC.exe
  2⤵
  PID:2196
- C:\Windows\System\FodBVou.exe
  C:\Windows\System\FodBVou.exe
  2⤵
  PID:2308
- C:\Windows\System\xLhSidN.exe
  C:\Windows\System\xLhSidN.exe
  2⤵
  PID:2576
- C:\Windows\System\MmOhoDG.exe
  C:\Windows\System\MmOhoDG.exe
  2⤵
  PID:2960
- C:\Windows\System\QzesiJK.exe
  C:\Windows\System\QzesiJK.exe
  2⤵
  PID:2388
- C:\Windows\System\RiyMYeJ.exe
  C:\Windows\System\RiyMYeJ.exe
  2⤵
  PID:1956
- C:\Windows\System\hCNsmpq.exe
  C:\Windows\System\hCNsmpq.exe
  2⤵
  PID:2536
- C:\Windows\System\bzCRcPA.exe
  C:\Windows\System\bzCRcPA.exe
  2⤵
  PID:2516
- C:\Windows\System\AORwBuU.exe
  C:\Windows\System\AORwBuU.exe
  2⤵
  PID:3120
- C:\Windows\System\iuNIBUN.exe
  C:\Windows\System\iuNIBUN.exe
  2⤵
  PID:3144
- C:\Windows\System\qhXvceZ.exe
  C:\Windows\System\qhXvceZ.exe
  2⤵
  PID:3180
- C:\Windows\System\hsgpNvw.exe
  C:\Windows\System\hsgpNvw.exe
  2⤵
  PID:3236
- C:\Windows\System\GQcpPKN.exe
  C:\Windows\System\GQcpPKN.exe
  2⤵
  PID:3140
- C:\Windows\System\oFHAFCk.exe
  C:\Windows\System\oFHAFCk.exe
  2⤵
  PID:3260
- C:\Windows\System\RCzwAHr.exe
  C:\Windows\System\RCzwAHr.exe
  2⤵
  PID:3296
- C:\Windows\System\ywsZAdg.exe
  C:\Windows\System\ywsZAdg.exe
  2⤵
  PID:3344
- C:\Windows\System\dkKSBWv.exe
  C:\Windows\System\dkKSBWv.exe
  2⤵
  PID:3768
- C:\Windows\System\GOUtuZL.exe
  C:\Windows\System\GOUtuZL.exe
  2⤵
  PID:3772
- C:\Windows\System\wadGNjx.exe
  C:\Windows\System\wadGNjx.exe
  2⤵
  PID:3812
- C:\Windows\System\csxnNHW.exe
  C:\Windows\System\csxnNHW.exe
  2⤵
  PID:3856
- C:\Windows\System\BYBLQDm.exe
  C:\Windows\System\BYBLQDm.exe
  2⤵
  PID:3876
- C:\Windows\System\eEnJCkC.exe
  C:\Windows\System\eEnJCkC.exe
  2⤵
  PID:3932
- C:\Windows\System\avovFhi.exe
  C:\Windows\System\avovFhi.exe
  2⤵
  PID:3936
- C:\Windows\System\SMjXmRF.exe
  C:\Windows\System\SMjXmRF.exe
  2⤵
  PID:3960
- C:\Windows\System\kmtPVVV.exe
  C:\Windows\System\kmtPVVV.exe
  2⤵
  PID:4000
- C:\Windows\System\ABfNMcj.exe
  C:\Windows\System\ABfNMcj.exe
  2⤵
  PID:4036
- C:\Windows\System\atxWyAX.exe
  C:\Windows\System\atxWyAX.exe
  2⤵
  PID:1616
- C:\Windows\System\XDXLvin.exe
  C:\Windows\System\XDXLvin.exe
  2⤵
  PID:1448
- C:\Windows\System\AjpEiQy.exe
  C:\Windows\System\AjpEiQy.exe
  2⤵
  PID:1280
- C:\Windows\System\irQaAWk.exe
  C:\Windows\System\irQaAWk.exe
  2⤵
  PID:1028
- C:\Windows\System\VRNGrVo.exe
  C:\Windows\System\VRNGrVo.exe
  2⤵
  PID:2096
- C:\Windows\System\opmafLb.exe
  C:\Windows\System\opmafLb.exe
  2⤵
  PID:2336
- C:\Windows\System\WxNgBee.exe
  C:\Windows\System\WxNgBee.exe
  2⤵
  PID:2812
- C:\Windows\System\CpZsDdT.exe
  C:\Windows\System\CpZsDdT.exe
  2⤵
  PID:3096
- C:\Windows\System\vHfuQsQ.exe
  C:\Windows\System\vHfuQsQ.exe
  2⤵
  PID:3132
- C:\Windows\System\APehxQO.exe
  C:\Windows\System\APehxQO.exe
  2⤵
  PID:3200
- C:\Windows\System\rlPgNbt.exe
  C:\Windows\System\rlPgNbt.exe
  2⤵
  PID:3264
- C:\Windows\System\CetMlRG.exe
  C:\Windows\System\CetMlRG.exe
  2⤵
  PID:3320
- C:\Windows\System\rcwVnNC.exe
  C:\Windows\System\rcwVnNC.exe
  2⤵
  PID:3408
- C:\Windows\System\wCpoRoB.exe
  C:\Windows\System\wCpoRoB.exe
  2⤵
  PID:3404
- C:\Windows\System\YMVgOww.exe
  C:\Windows\System\YMVgOww.exe
  2⤵
  PID:3444
- C:\Windows\System\CYAxntH.exe
  C:\Windows\System\CYAxntH.exe
  2⤵
  PID:2800
- C:\Windows\System\BVqmCRo.exe
  C:\Windows\System\BVqmCRo.exe
  2⤵
  PID:2836
- C:\Windows\System\xAjsbDW.exe
  C:\Windows\System\xAjsbDW.exe
  2⤵
  PID:2604
- C:\Windows\System\tpXzzGX.exe
  C:\Windows\System\tpXzzGX.exe
  2⤵
  PID:3528
- C:\Windows\System\LVAQChP.exe
  C:\Windows\System\LVAQChP.exe
  2⤵
  PID:1520
- C:\Windows\System\gRGkzTR.exe
  C:\Windows\System\gRGkzTR.exe
  2⤵
  PID:1316
- C:\Windows\System\liwoeYK.exe
  C:\Windows\System\liwoeYK.exe
  2⤵
  PID:320
- C:\Windows\System\OVQrQuE.exe
  C:\Windows\System\OVQrQuE.exe
  2⤵
  PID:756
- C:\Windows\System\dysmTxr.exe
  C:\Windows\System\dysmTxr.exe
  2⤵
  PID:2792
- C:\Windows\System\FhDVjxO.exe
  C:\Windows\System\FhDVjxO.exe
  2⤵
  PID:2984
- C:\Windows\System\VUHsDZQ.exe
  C:\Windows\System\VUHsDZQ.exe
  2⤵
  PID:2088
- C:\Windows\System\YWrZwlG.exe
  C:\Windows\System\YWrZwlG.exe
  2⤵
  PID:3020
- C:\Windows\System\FHpgbzB.exe
  C:\Windows\System\FHpgbzB.exe
  2⤵
  PID:2344
- C:\Windows\System\JzqchIp.exe
  C:\Windows\System\JzqchIp.exe
  2⤵
  PID:1884
- C:\Windows\System\rwDViAj.exe
  C:\Windows\System\rwDViAj.exe
  2⤵
  PID:2124
- C:\Windows\System\oKetZiC.exe
  C:\Windows\System\oKetZiC.exe
  2⤵
  PID:556
- C:\Windows\System\hwqslJA.exe
  C:\Windows\System\hwqslJA.exe
  2⤵
  PID:1840
- C:\Windows\System\TpaEujz.exe
  C:\Windows\System\TpaEujz.exe
  2⤵
  PID:3708
- C:\Windows\System\mDoENah.exe
  C:\Windows\System\mDoENah.exe
  2⤵
  PID:2496
- C:\Windows\System\Rzkytvk.exe
  C:\Windows\System\Rzkytvk.exe
  2⤵
  PID:1680
- C:\Windows\System\ZYzYHQL.exe
  C:\Windows\System\ZYzYHQL.exe
  2⤵
  PID:1708
- C:\Windows\System\GuMxxNe.exe
  C:\Windows\System\GuMxxNe.exe
  2⤵
  PID:744
- C:\Windows\System\HuDMLWu.exe
  C:\Windows\System\HuDMLWu.exe
  2⤵
  PID:2068
- C:\Windows\System\rxugcby.exe
  C:\Windows\System\rxugcby.exe
  2⤵
  PID:3752
- C:\Windows\System\FPJoGXJ.exe
  C:\Windows\System\FPJoGXJ.exe
  2⤵
  PID:3848
- C:\Windows\System\LfpZknl.exe
  C:\Windows\System\LfpZknl.exe
  2⤵
  PID:3912
- C:\Windows\System\irYHaSG.exe
  C:\Windows\System\irYHaSG.exe
  2⤵
  PID:3920
- C:\Windows\System\VQTiKoW.exe
  C:\Windows\System\VQTiKoW.exe
  2⤵
  PID:4060
- C:\Windows\System\EEpZxaX.exe
  C:\Windows\System\EEpZxaX.exe
  2⤵
  PID:4056
- C:\Windows\System\ABPDKsO.exe
  C:\Windows\System\ABPDKsO.exe
  2⤵
  PID:1372
- C:\Windows\System\LpTYMxx.exe
  C:\Windows\System\LpTYMxx.exe
  2⤵
  PID:3028
- C:\Windows\System\vtmCfnv.exe
  C:\Windows\System\vtmCfnv.exe
  2⤵
  PID:1692
- C:\Windows\System\jmaxpBa.exe
  C:\Windows\System\jmaxpBa.exe
  2⤵
  PID:3076
- C:\Windows\System\kddongW.exe
  C:\Windows\System\kddongW.exe
  2⤵
  PID:3184
- C:\Windows\System\TVGvCAN.exe
  C:\Windows\System\TVGvCAN.exe
  2⤵
  PID:3160
- C:\Windows\System\bzckIXb.exe
  C:\Windows\System\bzckIXb.exe
  2⤵
  PID:3284
- C:\Windows\System\dEWAiEV.exe
  C:\Windows\System\dEWAiEV.exe
  2⤵
  PID:3628
- C:\Windows\System\lYyeDGP.exe
  C:\Windows\System\lYyeDGP.exe
  2⤵
  PID:3368
- C:\Windows\System\XcUXStL.exe
  C:\Windows\System\XcUXStL.exe
  2⤵
  PID:2380
- C:\Windows\System\CIBFTmb.exe
  C:\Windows\System\CIBFTmb.exe
  2⤵
  PID:3736
- C:\Windows\System\rglTnMG.exe
  C:\Windows\System\rglTnMG.exe
  2⤵
  PID:3068
- C:\Windows\System\uWWctJg.exe
  C:\Windows\System\uWWctJg.exe
  2⤵
  PID:3464
- C:\Windows\System\xOtNQcU.exe
  C:\Windows\System\xOtNQcU.exe
  2⤵
  PID:1212
- C:\Windows\System\dKkJdTD.exe
  C:\Windows\System\dKkJdTD.exe
  2⤵
  PID:668
- C:\Windows\System\kFGJyVS.exe
  C:\Windows\System\kFGJyVS.exe
  2⤵
  PID:2876
- C:\Windows\System\OEbNFUu.exe
  C:\Windows\System\OEbNFUu.exe
  2⤵
  PID:1456
- C:\Windows\System\mmQsVwh.exe
  C:\Windows\System\mmQsVwh.exe
  2⤵
  PID:2456
- C:\Windows\System\CkiEJZv.exe
  C:\Windows\System\CkiEJZv.exe
  2⤵
  PID:2080
- C:\Windows\System\iIRHAcz.exe
  C:\Windows\System\iIRHAcz.exe
  2⤵
  PID:2916
- C:\Windows\System\tWYzMIc.exe
  C:\Windows\System\tWYzMIc.exe
  2⤵
  PID:2364
- C:\Windows\System\FemWRdW.exe
  C:\Windows\System\FemWRdW.exe
  2⤵
  PID:520
- C:\Windows\System\npnaDxd.exe
  C:\Windows\System\npnaDxd.exe
  2⤵
  PID:1144
- C:\Windows\System\KUHISgv.exe
  C:\Windows\System\KUHISgv.exe
  2⤵
  PID:3716
- C:\Windows\System\LIfIeUv.exe
  C:\Windows\System\LIfIeUv.exe
  2⤵
  PID:3980
- C:\Windows\System\ZFLsgEW.exe
  C:\Windows\System\ZFLsgEW.exe
  2⤵
  PID:4044
- C:\Windows\System\RPZxPBa.exe
  C:\Windows\System\RPZxPBa.exe
  2⤵
  PID:3896
- C:\Windows\System\yRiPiph.exe
  C:\Windows\System\yRiPiph.exe
  2⤵
  PID:2432
- C:\Windows\System\HBiJRRI.exe
  C:\Windows\System\HBiJRRI.exe
  2⤵
  PID:2504
- C:\Windows\System\lHXIjcv.exe
  C:\Windows\System\lHXIjcv.exe
  2⤵
  PID:3204
- C:\Windows\System\vVrvRGt.exe
  C:\Windows\System\vVrvRGt.exe
  2⤵
  PID:3592
- C:\Windows\System\fiXhxZP.exe
  C:\Windows\System\fiXhxZP.exe
  2⤵
  PID:3336
- C:\Windows\System\aDqvVKl.exe
  C:\Windows\System\aDqvVKl.exe
  2⤵
  PID:2552
- C:\Windows\System\lmcHodi.exe
  C:\Windows\System\lmcHodi.exe
  2⤵
  PID:3520
- C:\Windows\System\ePvkGVl.exe
  C:\Windows\System\ePvkGVl.exe
  2⤵
  PID:2704
- C:\Windows\System\mAhHvxg.exe
  C:\Windows\System\mAhHvxg.exe
  2⤵
  PID:3500
- C:\Windows\System\HuMFOMH.exe
  C:\Windows\System\HuMFOMH.exe
  2⤵
  PID:1344
- C:\Windows\System\cfreFip.exe
  C:\Windows\System\cfreFip.exe
  2⤵
  PID:3564
- C:\Windows\System\LZAxpEY.exe
  C:\Windows\System\LZAxpEY.exe
  2⤵
  PID:1624
- C:\Windows\System\grUmoAq.exe
  C:\Windows\System\grUmoAq.exe
  2⤵
  PID:2632
- C:\Windows\System\YKsHCBm.exe
  C:\Windows\System\YKsHCBm.exe
  2⤵
  PID:2148
- C:\Windows\System\BKEIUxT.exe
  C:\Windows\System\BKEIUxT.exe
  2⤵
  PID:2232
- C:\Windows\System\tyNytGH.exe
  C:\Windows\System\tyNytGH.exe
  2⤵
  PID:2528
- C:\Windows\System\rFrrOix.exe
  C:\Windows\System\rFrrOix.exe
  2⤵
  PID:2356
- C:\Windows\System\pbyPvSJ.exe
  C:\Windows\System\pbyPvSJ.exe
  2⤵
  PID:3996
- C:\Windows\System\kQmHzRy.exe
  C:\Windows\System\kQmHzRy.exe
  2⤵
  PID:4020
- C:\Windows\System\sSafxAM.exe
  C:\Windows\System\sSafxAM.exe
  2⤵
  PID:3612
- C:\Windows\System\SOGwubl.exe
  C:\Windows\System\SOGwubl.exe
  2⤵
  PID:3316
- C:\Windows\System\aCzhPws.exe
  C:\Windows\System\aCzhPws.exe
  2⤵
  PID:2888
- C:\Windows\System\NUPDjFS.exe
  C:\Windows\System\NUPDjFS.exe
  2⤵
  PID:2444
- C:\Windows\System\pVEvyfQ.exe
  C:\Windows\System\pVEvyfQ.exe
  2⤵
  PID:3524
- C:\Windows\System\GuQgsxs.exe
  C:\Windows\System\GuQgsxs.exe
  2⤵
  PID:2352
- C:\Windows\System\eGezqvm.exe
  C:\Windows\System\eGezqvm.exe
  2⤵
  PID:2264
- C:\Windows\System\pvoupKD.exe
  C:\Windows\System\pvoupKD.exe
  2⤵
  PID:2696
- C:\Windows\System\xWXHYaF.exe
  C:\Windows\System\xWXHYaF.exe
  2⤵
  PID:2184
- C:\Windows\System\diuoWCr.exe
  C:\Windows\System\diuoWCr.exe
  2⤵
  PID:2688
- C:\Windows\System\sDZIxhB.exe
  C:\Windows\System\sDZIxhB.exe
  2⤵
  PID:3424
- C:\Windows\System\VLVBGJu.exe
  C:\Windows\System\VLVBGJu.exe
  2⤵
  PID:1860
- C:\Windows\System\QJJdWsG.exe
  C:\Windows\System\QJJdWsG.exe
  2⤵
  PID:1276
- C:\Windows\System\CrTqbZR.exe
  C:\Windows\System\CrTqbZR.exe
  2⤵
  PID:3504
- C:\Windows\System\eTWkoaY.exe
  C:\Windows\System\eTWkoaY.exe
  2⤵
  PID:3604
- C:\Windows\System\eRwzQWQ.exe
  C:\Windows\System\eRwzQWQ.exe
  2⤵
  PID:3728
- C:\Windows\System\pruCWer.exe
  C:\Windows\System\pruCWer.exe
  2⤵
  PID:3624
- C:\Windows\System\qdlGBVz.exe
  C:\Windows\System\qdlGBVz.exe
  2⤵
  PID:2796
- C:\Windows\System\tZbkOnv.exe
  C:\Windows\System\tZbkOnv.exe
  2⤵
  PID:4080
- C:\Windows\System\rftrphR.exe
  C:\Windows\System\rftrphR.exe
  2⤵
  PID:3164
- C:\Windows\System\pNllXtO.exe
  C:\Windows\System\pNllXtO.exe
  2⤵
  PID:1772
- C:\Windows\System\TpLEtqH.exe
  C:\Windows\System\TpLEtqH.exe
  2⤵
  PID:3544
- C:\Windows\System\iuAlQsD.exe
  C:\Windows\System\iuAlQsD.exe
  2⤵
  PID:4116
- C:\Windows\System\UdLAGtr.exe
  C:\Windows\System\UdLAGtr.exe
  2⤵
  PID:4132
- C:\Windows\System\KrjBADf.exe
  C:\Windows\System\KrjBADf.exe
  2⤵
  PID:4148
- C:\Windows\System\eGTkVYx.exe
  C:\Windows\System\eGTkVYx.exe
  2⤵
  PID:4168
- C:\Windows\System\APECioN.exe
  C:\Windows\System\APECioN.exe
  2⤵
  PID:4188
- C:\Windows\System\UAVpCWe.exe
  C:\Windows\System\UAVpCWe.exe
  2⤵
  PID:4204
- C:\Windows\System\fngKQQN.exe
  C:\Windows\System\fngKQQN.exe
  2⤵
  PID:4224
- C:\Windows\System\nwFcYDz.exe
  C:\Windows\System\nwFcYDz.exe
  2⤵
  PID:4260
- C:\Windows\System\xGzeAke.exe
  C:\Windows\System\xGzeAke.exe
  2⤵
  PID:4280
- C:\Windows\System\rwAZXkj.exe
  C:\Windows\System\rwAZXkj.exe
  2⤵
  PID:4296
- C:\Windows\System\AWiceyt.exe
  C:\Windows\System\AWiceyt.exe
  2⤵
  PID:4312
- C:\Windows\System\XqKZQwt.exe
  C:\Windows\System\XqKZQwt.exe
  2⤵
  PID:4332
- C:\Windows\System\pUJNpiX.exe
  C:\Windows\System\pUJNpiX.exe
  2⤵
  PID:4352
- C:\Windows\System\pXqnBMw.exe
  C:\Windows\System\pXqnBMw.exe
  2⤵
  PID:4372
- C:\Windows\System\rfYkfXj.exe
  C:\Windows\System\rfYkfXj.exe
  2⤵
  PID:4396
- C:\Windows\System\KBzxbcQ.exe
  C:\Windows\System\KBzxbcQ.exe
  2⤵
  PID:4416
- C:\Windows\System\UklJMJU.exe
  C:\Windows\System\UklJMJU.exe
  2⤵
  PID:4444
- C:\Windows\System\FrzQkTv.exe
  C:\Windows\System\FrzQkTv.exe
  2⤵
  PID:4460
- C:\Windows\System\IVwCXNp.exe
  C:\Windows\System\IVwCXNp.exe
  2⤵
  PID:4480
- C:\Windows\System\mJfSLTs.exe
  C:\Windows\System\mJfSLTs.exe
  2⤵
  PID:4504
- C:\Windows\System\kwXUKjy.exe
  C:\Windows\System\kwXUKjy.exe
  2⤵
  PID:4520
- C:\Windows\System\TKxzHfI.exe
  C:\Windows\System\TKxzHfI.exe
  2⤵
  PID:4536
- C:\Windows\System\UzXmAxm.exe
  C:\Windows\System\UzXmAxm.exe
  2⤵
  PID:4552
- C:\Windows\System\dymNVKD.exe
  C:\Windows\System\dymNVKD.exe
  2⤵
  PID:4568
- C:\Windows\System\fLCwITD.exe
  C:\Windows\System\fLCwITD.exe
  2⤵
  PID:4584
- C:\Windows\System\MQLiRLJ.exe
  C:\Windows\System\MQLiRLJ.exe
  2⤵
  PID:4600
- C:\Windows\System\SnipplK.exe
  C:\Windows\System\SnipplK.exe
  2⤵
  PID:4616
- C:\Windows\System\zRRzwKP.exe
  C:\Windows\System\zRRzwKP.exe
  2⤵
  PID:4632
- C:\Windows\System\skkUbuk.exe
  C:\Windows\System\skkUbuk.exe
  2⤵
  PID:4648
- C:\Windows\System\PqdKpwu.exe
  C:\Windows\System\PqdKpwu.exe
  2⤵
  PID:4664
- C:\Windows\System\wuGpnYB.exe
  C:\Windows\System\wuGpnYB.exe
  2⤵
  PID:4680
- C:\Windows\System\pRCQfWu.exe
  C:\Windows\System\pRCQfWu.exe
  2⤵
  PID:4696
- C:\Windows\System\tSgUsFt.exe
  C:\Windows\System\tSgUsFt.exe
  2⤵
  PID:4712
- C:\Windows\System\ebCqwMW.exe
  C:\Windows\System\ebCqwMW.exe
  2⤵
  PID:4728
- C:\Windows\System\QCtNQyu.exe
  C:\Windows\System\QCtNQyu.exe
  2⤵
  PID:4748
- C:\Windows\System\JpVhIxw.exe
  C:\Windows\System\JpVhIxw.exe
  2⤵
  PID:4764
- C:\Windows\System\FoudlXV.exe
  C:\Windows\System\FoudlXV.exe
  2⤵
  PID:4780
- C:\Windows\System\KFCNZsv.exe
  C:\Windows\System\KFCNZsv.exe
  2⤵
  PID:4796
- C:\Windows\System\JfrXESp.exe
  C:\Windows\System\JfrXESp.exe
  2⤵
  PID:4812
- C:\Windows\System\nJELZGA.exe
  C:\Windows\System\nJELZGA.exe
  2⤵
  PID:4828
- C:\Windows\System\JVylwoP.exe
  C:\Windows\System\JVylwoP.exe
  2⤵
  PID:4844
- C:\Windows\System\RSJoChO.exe
  C:\Windows\System\RSJoChO.exe
  2⤵
  PID:4860
- C:\Windows\System\lYsYakq.exe
  C:\Windows\System\lYsYakq.exe
  2⤵
  PID:4876
- C:\Windows\System\jhhhEQY.exe
  C:\Windows\System\jhhhEQY.exe
  2⤵
  PID:4892
- C:\Windows\System\iuDpZpM.exe
  C:\Windows\System\iuDpZpM.exe
  2⤵
  PID:4908
- C:\Windows\System\bscuboJ.exe
  C:\Windows\System\bscuboJ.exe
  2⤵
  PID:4924
- C:\Windows\System\frCbElC.exe
  C:\Windows\System\frCbElC.exe
  2⤵
  PID:4944
- C:\Windows\System\KFBOoAJ.exe
  C:\Windows\System\KFBOoAJ.exe
  2⤵
  PID:4964
- C:\Windows\System\tHqXPxz.exe
  C:\Windows\System\tHqXPxz.exe
  2⤵
  PID:4980
- C:\Windows\System\GpXDaDC.exe
  C:\Windows\System\GpXDaDC.exe
  2⤵
  PID:5000
- C:\Windows\System\HPtKCsE.exe
  C:\Windows\System\HPtKCsE.exe
  2⤵
  PID:5024
- C:\Windows\System\ljSVQmT.exe
  C:\Windows\System\ljSVQmT.exe
  2⤵
  PID:5048
- C:\Windows\System\sGNZZIx.exe
  C:\Windows\System\sGNZZIx.exe
  2⤵
  PID:5068
- C:\Windows\System\XbEGSRi.exe
  C:\Windows\System\XbEGSRi.exe
  2⤵
  PID:5084
- C:\Windows\System\WnynBYp.exe
  C:\Windows\System\WnynBYp.exe
  2⤵
  PID:5100
- C:\Windows\System\KBNXsXz.exe
  C:\Windows\System\KBNXsXz.exe
  2⤵
  PID:5116
- C:\Windows\System\gKcLtDD.exe
  C:\Windows\System\gKcLtDD.exe
  2⤵
  PID:4112
- C:\Windows\System\zBjDyMe.exe
  C:\Windows\System\zBjDyMe.exe
  2⤵
  PID:4176
- C:\Windows\System\nghBeBo.exe
  C:\Windows\System\nghBeBo.exe
  2⤵
  PID:4124
- C:\Windows\System\xpWwThb.exe
  C:\Windows\System\xpWwThb.exe
  2⤵
  PID:4240
- C:\Windows\System\UaCQCNp.exe
  C:\Windows\System\UaCQCNp.exe
  2⤵
  PID:4276
- C:\Windows\System\rcMPGic.exe
  C:\Windows\System\rcMPGic.exe
  2⤵
  PID:4164
- C:\Windows\System\koccdMj.exe
  C:\Windows\System\koccdMj.exe
  2⤵
  PID:4304
- C:\Windows\System\BtejRiO.exe
  C:\Windows\System\BtejRiO.exe
  2⤵
  PID:4348
- C:\Windows\System\wecXvuz.exe
  C:\Windows\System\wecXvuz.exe
  2⤵
  PID:4288
- C:\Windows\System\jiwcely.exe
  C:\Windows\System\jiwcely.exe
  2⤵
  PID:4292
- C:\Windows\System\MptRxDz.exe
  C:\Windows\System\MptRxDz.exe
  2⤵
  PID:4392
- C:\Windows\System\HMggqeV.exe
  C:\Windows\System\HMggqeV.exe
  2⤵
  PID:4368
- C:\Windows\System\EMlSsCt.exe
  C:\Windows\System\EMlSsCt.exe
  2⤵
  PID:4436
- C:\Windows\System\QbjUsGX.exe
  C:\Windows\System\QbjUsGX.exe
  2⤵
  PID:4456
- C:\Windows\System\VBViyoz.exe
  C:\Windows\System\VBViyoz.exe
  2⤵
  PID:4476
- C:\Windows\System\IdMUldk.exe
  C:\Windows\System\IdMUldk.exe
  2⤵
  PID:4404
- C:\Windows\System\zhOxIdf.exe
  C:\Windows\System\zhOxIdf.exe
  2⤵
  PID:4544
- C:\Windows\System\LtycyUT.exe
  C:\Windows\System\LtycyUT.exe
  2⤵
  PID:4608
- C:\Windows\System\oDPnHxA.exe
  C:\Windows\System\oDPnHxA.exe
  2⤵
  PID:4592
- C:\Windows\System\SPkuBUs.exe
  C:\Windows\System\SPkuBUs.exe
  2⤵
  PID:4628
- C:\Windows\System\ppLoJsK.exe
  C:\Windows\System\ppLoJsK.exe
  2⤵
  PID:4692
- C:\Windows\System\NtWycGm.exe
  C:\Windows\System\NtWycGm.exe
  2⤵
  PID:4720
- C:\Windows\System\JFfKzaa.exe
  C:\Windows\System\JFfKzaa.exe
  2⤵
  PID:4772
- C:\Windows\System\tzrlajy.exe
  C:\Windows\System\tzrlajy.exe
  2⤵
  PID:4804
- C:\Windows\System\AFyvnoz.exe
  C:\Windows\System\AFyvnoz.exe
  2⤵
  PID:4836
- C:\Windows\System\MRPIutU.exe
  C:\Windows\System\MRPIutU.exe
  2⤵
  PID:4900
- C:\Windows\System\zzUsItu.exe
  C:\Windows\System\zzUsItu.exe
  2⤵
  PID:4932
- C:\Windows\System\SCIlaYR.exe
  C:\Windows\System\SCIlaYR.exe
  2⤵
  PID:4936
- C:\Windows\System\LhbvWyy.exe
  C:\Windows\System\LhbvWyy.exe
  2⤵
  PID:5012
- C:\Windows\System\peJmBoJ.exe
  C:\Windows\System\peJmBoJ.exe
  2⤵
  PID:4960
- C:\Windows\System\EsGArnk.exe
  C:\Windows\System\EsGArnk.exe
  2⤵
  PID:5044
- C:\Windows\System\aFmxsmr.exe
  C:\Windows\System\aFmxsmr.exe
  2⤵
  PID:5064
- C:\Windows\System\IUyYlGN.exe
  C:\Windows\System\IUyYlGN.exe
  2⤵
  PID:5096
- C:\Windows\System\Zfyazec.exe
  C:\Windows\System\Zfyazec.exe
  2⤵
  PID:5108
- C:\Windows\System\LGIxdTN.exe
  C:\Windows\System\LGIxdTN.exe
  2⤵
  PID:4272
- C:\Windows\System\QTRVpZi.exe
  C:\Windows\System\QTRVpZi.exe
  2⤵
  PID:4144
- C:\Windows\System\wflPROx.exe
  C:\Windows\System\wflPROx.exe
  2⤵
  PID:4156
- C:\Windows\System\xRPGAIU.exe
  C:\Windows\System\xRPGAIU.exe
  2⤵
  PID:4328
- C:\Windows\System\PlbvCBw.exe
  C:\Windows\System\PlbvCBw.exe
  2⤵
  PID:4412
- C:\Windows\System\CAZEsOq.exe
  C:\Windows\System\CAZEsOq.exe
  2⤵
  PID:4472
- C:\Windows\System\vqVJsji.exe
  C:\Windows\System\vqVJsji.exe
  2⤵
  PID:4528
- C:\Windows\System\KdJpiKM.exe
  C:\Windows\System\KdJpiKM.exe
  2⤵
  PID:4640
- C:\Windows\System\ahJkzMm.exe
  C:\Windows\System\ahJkzMm.exe
  2⤵
  PID:4624
- C:\Windows\System\ivvATjg.exe
  C:\Windows\System\ivvATjg.exe
  2⤵
  PID:4740
- C:\Windows\System\hoOJINU.exe
  C:\Windows\System\hoOJINU.exe
  2⤵
  PID:4776
- C:\Windows\System\LYkzJoS.exe
  C:\Windows\System\LYkzJoS.exe
  2⤵
  PID:4788
- C:\Windows\System\ILCwFVu.exe
  C:\Windows\System\ILCwFVu.exe
  2⤵
  PID:4868
- C:\Windows\System\ebFykqQ.exe
  C:\Windows\System\ebFykqQ.exe
  2⤵
  PID:5008
- C:\Windows\System\eKHYwIT.exe
  C:\Windows\System\eKHYwIT.exe
  2⤵
  PID:4956
- C:\Windows\System\VNzstlr.exe
  C:\Windows\System\VNzstlr.exe
  2⤵
  PID:5092
- C:\Windows\System\ZIZATvm.exe
  C:\Windows\System\ZIZATvm.exe
  2⤵
  PID:4268
- C:\Windows\System\QAFufQS.exe
  C:\Windows\System\QAFufQS.exe
  2⤵
  PID:4180
- C:\Windows\System\HgpzvUR.exe
  C:\Windows\System\HgpzvUR.exe
  2⤵
  PID:4160
- C:\Windows\System\treRctC.exe
  C:\Windows\System\treRctC.exe
  2⤵
  PID:4364
- C:\Windows\System\skGvJtv.exe
  C:\Windows\System\skGvJtv.exe
  2⤵
  PID:3688
- C:\Windows\System\LOZMbfQ.exe
  C:\Windows\System\LOZMbfQ.exe
  2⤵
  PID:4756
- C:\Windows\System\oEkrjtU.exe
  C:\Windows\System\oEkrjtU.exe
  2⤵
  PID:4840
- C:\Windows\System\igdPaWm.exe
  C:\Windows\System\igdPaWm.exe
  2⤵
  PID:4904
- C:\Windows\System\TFLkBRn.exe
  C:\Windows\System\TFLkBRn.exe
  2⤵
  PID:5040
- C:\Windows\System\uYbqMIp.exe
  C:\Windows\System\uYbqMIp.exe
  2⤵
  PID:5112
- C:\Windows\System\SSZlVmi.exe
  C:\Windows\System\SSZlVmi.exe
  2⤵
  PID:4432
- C:\Windows\System\NbovxaA.exe
  C:\Windows\System\NbovxaA.exe
  2⤵
  PID:4704
- C:\Windows\System\HeXFbUf.exe
  C:\Windows\System\HeXFbUf.exe
  2⤵
  PID:4360
- C:\Windows\System\oRFuZpZ.exe
  C:\Windows\System\oRFuZpZ.exe
  2⤵
  PID:4428
- C:\Windows\System\KhgnOhc.exe
  C:\Windows\System\KhgnOhc.exe
  2⤵
  PID:5020
- C:\Windows\System\DPGAcPy.exe
  C:\Windows\System\DPGAcPy.exe
  2⤵
  PID:5144
- C:\Windows\System\vaCGWTL.exe
  C:\Windows\System\vaCGWTL.exe
  2⤵
  PID:5168
- C:\Windows\System\EOpGPyB.exe
  C:\Windows\System\EOpGPyB.exe
  2⤵
  PID:5184
- C:\Windows\System\hKRzXXk.exe
  C:\Windows\System\hKRzXXk.exe
  2⤵
  PID:5204
- C:\Windows\System\LhBwUte.exe
  C:\Windows\System\LhBwUte.exe
  2⤵
  PID:5220
- C:\Windows\System\yWBESCY.exe
  C:\Windows\System\yWBESCY.exe
  2⤵
  PID:5248
- C:\Windows\System\RGZAGGC.exe
  C:\Windows\System\RGZAGGC.exe
  2⤵
  PID:5264
- C:\Windows\System\reyZIZF.exe
  C:\Windows\System\reyZIZF.exe
  2⤵
  PID:5284
- C:\Windows\System\AAQarkS.exe
  C:\Windows\System\AAQarkS.exe
  2⤵
  PID:5300
- C:\Windows\System\HtHIqiR.exe
  C:\Windows\System\HtHIqiR.exe
  2⤵
  PID:5324
- C:\Windows\System\tybGeZb.exe
  C:\Windows\System\tybGeZb.exe
  2⤵
  PID:5340
- C:\Windows\System\nHJLPnJ.exe
  C:\Windows\System\nHJLPnJ.exe
  2⤵
  PID:5364
- C:\Windows\System\ZmWAwXX.exe
  C:\Windows\System\ZmWAwXX.exe
  2⤵
  PID:5388
- C:\Windows\System\ykHIGls.exe
  C:\Windows\System\ykHIGls.exe
  2⤵
  PID:5404
- C:\Windows\System\MMLOiCr.exe
  C:\Windows\System\MMLOiCr.exe
  2⤵
  PID:5424
- C:\Windows\System\ColAXQo.exe
  C:\Windows\System\ColAXQo.exe
  2⤵
  PID:5440
- C:\Windows\System\WXLhinw.exe
  C:\Windows\System\WXLhinw.exe
  2⤵
  PID:5460
- C:\Windows\System\rZskkks.exe
  C:\Windows\System\rZskkks.exe
  2⤵
  PID:5488
- C:\Windows\System\RbywTap.exe
  C:\Windows\System\RbywTap.exe
  2⤵
  PID:5504
- C:\Windows\System\ggTNKat.exe
  C:\Windows\System\ggTNKat.exe
  2⤵
  PID:5520
- C:\Windows\System\aqzFEyf.exe
  C:\Windows\System\aqzFEyf.exe
  2⤵
  PID:5544
- C:\Windows\System\SGTQAOQ.exe
  C:\Windows\System\SGTQAOQ.exe
  2⤵
  PID:5560
- C:\Windows\System\ZXzbqWN.exe
  C:\Windows\System\ZXzbqWN.exe
  2⤵
  PID:5584
- C:\Windows\System\zhVtPVm.exe
  C:\Windows\System\zhVtPVm.exe
  2⤵
  PID:5612
- C:\Windows\System\kdXHZvL.exe
  C:\Windows\System\kdXHZvL.exe
  2⤵
  PID:5628
- C:\Windows\System\AeflFpY.exe
  C:\Windows\System\AeflFpY.exe
  2⤵
  PID:5648
- C:\Windows\System\XLWkLTW.exe
  C:\Windows\System\XLWkLTW.exe
  2⤵
  PID:5668
- C:\Windows\System\AwOkCoA.exe
  C:\Windows\System\AwOkCoA.exe
  2⤵
  PID:5692
- C:\Windows\System\bitupzd.exe
  C:\Windows\System\bitupzd.exe
  2⤵
  PID:5708
- C:\Windows\System\TAqrkTK.exe
  C:\Windows\System\TAqrkTK.exe
  2⤵
  PID:5740
- C:\Windows\System\FdEUMlA.exe
  C:\Windows\System\FdEUMlA.exe
  2⤵
  PID:5760
- C:\Windows\System\sZMlMPG.exe
  C:\Windows\System\sZMlMPG.exe
  2⤵
  PID:5780
- C:\Windows\System\kHkdugB.exe
  C:\Windows\System\kHkdugB.exe
  2⤵
  PID:5796
- C:\Windows\System\izVwBgY.exe
  C:\Windows\System\izVwBgY.exe
  2⤵
  PID:5820
- C:\Windows\System\NleEYdU.exe
  C:\Windows\System\NleEYdU.exe
  2⤵
  PID:5836
- C:\Windows\System\uLZJneX.exe
  C:\Windows\System\uLZJneX.exe
  2⤵
  PID:5852
- C:\Windows\System\UcqXVGK.exe
  C:\Windows\System\UcqXVGK.exe
  2⤵
  PID:5868
- C:\Windows\System\yPQNoPa.exe
  C:\Windows\System\yPQNoPa.exe
  2⤵
  PID:5888
- C:\Windows\System\hYbegOS.exe
  C:\Windows\System\hYbegOS.exe
  2⤵
  PID:5908
- C:\Windows\System\KNTNWPv.exe
  C:\Windows\System\KNTNWPv.exe
  2⤵
  PID:5944
- C:\Windows\System\IkqfNQj.exe
  C:\Windows\System\IkqfNQj.exe
  2⤵
  PID:5964
- C:\Windows\System\DxvemeS.exe
  C:\Windows\System\DxvemeS.exe
  2⤵
  PID:5980
- C:\Windows\System\zIvzPHo.exe
  C:\Windows\System\zIvzPHo.exe
  2⤵
  PID:5996
- C:\Windows\System\KSmoDKF.exe
  C:\Windows\System\KSmoDKF.exe
  2⤵
  PID:6024
- C:\Windows\System\wDYZWaA.exe
  C:\Windows\System\wDYZWaA.exe
  2⤵
  PID:6044
- C:\Windows\System\nHaSxdv.exe
  C:\Windows\System\nHaSxdv.exe
  2⤵
  PID:6064
- C:\Windows\System\CLNDnpN.exe
  C:\Windows\System\CLNDnpN.exe
  2⤵
  PID:6088
- C:\Windows\System\aDVQxxT.exe
  C:\Windows\System\aDVQxxT.exe
  2⤵
  PID:6104
- C:\Windows\System\OmMXUgw.exe
  C:\Windows\System\OmMXUgw.exe
  2⤵
  PID:6120
- C:\Windows\System\OWpPZtX.exe
  C:\Windows\System\OWpPZtX.exe
  2⤵
  PID:6140
- C:\Windows\System\NmzQNYv.exe
  C:\Windows\System\NmzQNYv.exe
  2⤵
  PID:4340
- C:\Windows\System\jofnhgH.exe
  C:\Windows\System\jofnhgH.exe
  2⤵
  PID:4888
- C:\Windows\System\bxZRcnr.exe
  C:\Windows\System\bxZRcnr.exe
  2⤵
  PID:5136
- C:\Windows\System\aWebgST.exe
  C:\Windows\System\aWebgST.exe
  2⤵
  PID:5140
- C:\Windows\System\npYgnWg.exe
  C:\Windows\System\npYgnWg.exe
  2⤵
  PID:5156
- C:\Windows\System\glUcQHs.exe
  C:\Windows\System\glUcQHs.exe
  2⤵
  PID:5200
- C:\Windows\System\nkWRXiL.exe
  C:\Windows\System\nkWRXiL.exe
  2⤵
  PID:5216
- C:\Windows\System\JhQIMXE.exe
  C:\Windows\System\JhQIMXE.exe
  2⤵
  PID:5276
- C:\Windows\System\KcCoWHH.exe
  C:\Windows\System\KcCoWHH.exe
  2⤵
  PID:5296
- C:\Windows\System\mcPANAc.exe
  C:\Windows\System\mcPANAc.exe
  2⤵
  PID:5356
- C:\Windows\System\TOJtpZG.exe
  C:\Windows\System\TOJtpZG.exe
  2⤵
  PID:5352
- C:\Windows\System\AkCkXnQ.exe
  C:\Windows\System\AkCkXnQ.exe
  2⤵
  PID:5400
- C:\Windows\System\kqBUbyZ.exe
  C:\Windows\System\kqBUbyZ.exe
  2⤵
  PID:5448
- C:\Windows\System\ZIQQoNR.exe
  C:\Windows\System\ZIQQoNR.exe
  2⤵
  PID:5472
- C:\Windows\System\OeINnFH.exe
  C:\Windows\System\OeINnFH.exe
  2⤵
  PID:5512
- C:\Windows\System\RebeyAf.exe
  C:\Windows\System\RebeyAf.exe
  2⤵
  PID:5536
- C:\Windows\System\QeANJWL.exe
  C:\Windows\System\QeANJWL.exe
  2⤵
  PID:5572
- C:\Windows\System\gKnJLAl.exe
  C:\Windows\System\gKnJLAl.exe
  2⤵
  PID:5596
- C:\Windows\System\TKKNcOY.exe
  C:\Windows\System\TKKNcOY.exe
  2⤵
  PID:5636
- C:\Windows\System\VobxUMw.exe
  C:\Windows\System\VobxUMw.exe
  2⤵
  PID:5660
- C:\Windows\System\PlbnzlT.exe
  C:\Windows\System\PlbnzlT.exe
  2⤵
  PID:5684
- C:\Windows\System\dZsJXKv.exe
  C:\Windows\System\dZsJXKv.exe
  2⤵
  PID:5716
- C:\Windows\System\PkHDMwE.exe
  C:\Windows\System\PkHDMwE.exe
  2⤵
  PID:1020
- C:\Windows\System\Rqztfuo.exe
  C:\Windows\System\Rqztfuo.exe
  2⤵
  PID:2464
- C:\Windows\System\mvnYXhc.exe
  C:\Windows\System\mvnYXhc.exe
  2⤵
  PID:5748
- C:\Windows\System\XIdYnwa.exe
  C:\Windows\System\XIdYnwa.exe
  2⤵
  PID:5808
- C:\Windows\System\SkutayH.exe
  C:\Windows\System\SkutayH.exe
  2⤵
  PID:5876
- C:\Windows\System\EFhedgX.exe
  C:\Windows\System\EFhedgX.exe
  2⤵
  PID:5928
- C:\Windows\System\hxlGcDH.exe
  C:\Windows\System\hxlGcDH.exe
  2⤵
  PID:5900
- C:\Windows\System\UaCMLQb.exe
  C:\Windows\System\UaCMLQb.exe
  2⤵
  PID:5732
- C:\Windows\System\CjQlVOb.exe
  C:\Windows\System\CjQlVOb.exe
  2⤵
  PID:5972
- C:\Windows\System\DagYpaB.exe
  C:\Windows\System\DagYpaB.exe
  2⤵
  PID:5992
- C:\Windows\System\oDmGQKy.exe
  C:\Windows\System\oDmGQKy.exe
  2⤵
  PID:6036
- C:\Windows\System\tYiJSDu.exe
  C:\Windows\System\tYiJSDu.exe
  2⤵
  PID:6056
- C:\Windows\System\WOgmDXD.exe
  C:\Windows\System\WOgmDXD.exe
  2⤵
  PID:6100
- C:\Windows\System\oncnZtq.exe
  C:\Windows\System\oncnZtq.exe
  2⤵
  PID:4560
- C:\Windows\System\IVWNWcB.exe
  C:\Windows\System\IVWNWcB.exe
  2⤵
  PID:4516
- C:\Windows\System\yetpiTY.exe
  C:\Windows\System\yetpiTY.exe
  2⤵
  PID:5196
- C:\Windows\System\DnVVQMi.exe
  C:\Windows\System\DnVVQMi.exe
  2⤵
  PID:4216
- C:\Windows\System\XLdhKgb.exe
  C:\Windows\System\XLdhKgb.exe
  2⤵
  PID:5232
- C:\Windows\System\fPdUqnJ.exe
  C:\Windows\System\fPdUqnJ.exe
  2⤵
  PID:5176
- C:\Windows\System\sVMwqGe.exe
  C:\Windows\System\sVMwqGe.exe
  2⤵
  PID:5348
- C:\Windows\System\BpvWLvs.exe
  C:\Windows\System\BpvWLvs.exe
  2⤵
  PID:5384
- C:\Windows\System\TUXCnsO.exe
  C:\Windows\System\TUXCnsO.exe
  2⤵
  PID:5416
- C:\Windows\System\SbRNfwO.exe
  C:\Windows\System\SbRNfwO.exe
  2⤵
  PID:5484
- C:\Windows\System\tpEuJim.exe
  C:\Windows\System\tpEuJim.exe
  2⤵
  PID:5516
- C:\Windows\System\llxLkGq.exe
  C:\Windows\System\llxLkGq.exe
  2⤵
  PID:5576
- C:\Windows\System\smdFtWB.exe
  C:\Windows\System\smdFtWB.exe
  2⤵
  PID:5700
- C:\Windows\System\XvsnZTS.exe
  C:\Windows\System\XvsnZTS.exe
  2⤵
  PID:1792
- C:\Windows\System\LRlOWhy.exe
  C:\Windows\System\LRlOWhy.exe
  2⤵
  PID:5688
- C:\Windows\System\SDKQUqf.exe
  C:\Windows\System\SDKQUqf.exe
  2⤵
  PID:2640
- C:\Windows\System\JZnkTvI.exe
  C:\Windows\System\JZnkTvI.exe
  2⤵
  PID:5884
- C:\Windows\System\OKRLZJU.exe
  C:\Windows\System\OKRLZJU.exe
  2⤵
  PID:5924
- C:\Windows\System\MpyXKRW.exe
  C:\Windows\System\MpyXKRW.exe
  2⤵
  PID:5864
- C:\Windows\System\sFePYxf.exe
  C:\Windows\System\sFePYxf.exe
  2⤵
  PID:5956
- C:\Windows\System\GIaDhHj.exe
  C:\Windows\System\GIaDhHj.exe
  2⤵
  PID:6032
- C:\Windows\System\hFDTGIT.exe
  C:\Windows\System\hFDTGIT.exe
  2⤵
  PID:2392
- C:\Windows\System\uptiyTz.exe
  C:\Windows\System\uptiyTz.exe
  2⤵
  PID:6080
- C:\Windows\System\VptjZZR.exe
  C:\Windows\System\VptjZZR.exe
  2⤵
  PID:6116
- C:\Windows\System\njsEifW.exe
  C:\Windows\System\njsEifW.exe
  2⤵
  PID:5164
- C:\Windows\System\NZdvDYs.exe
  C:\Windows\System\NZdvDYs.exe
  2⤵
  PID:5244
- C:\Windows\System\jrtoRAm.exe
  C:\Windows\System\jrtoRAm.exe
  2⤵
  PID:5260
- C:\Windows\System\iUMQkrz.exe
  C:\Windows\System\iUMQkrz.exe
  2⤵
  PID:5332
- C:\Windows\System\OJAUCPl.exe
  C:\Windows\System\OJAUCPl.exe
  2⤵
  PID:5500
- C:\Windows\System\WTdaUrD.exe
  C:\Windows\System\WTdaUrD.exe
  2⤵
  PID:5336
- C:\Windows\System\RRwDMvf.exe
  C:\Windows\System\RRwDMvf.exe
  2⤵
  PID:5680
- C:\Windows\System\qYRuyjb.exe
  C:\Windows\System\qYRuyjb.exe
  2⤵
  PID:5812
- C:\Windows\System\sncIldC.exe
  C:\Windows\System\sncIldC.exe
  2⤵
  PID:5604
- C:\Windows\System\IOLOKQw.exe
  C:\Windows\System\IOLOKQw.exe
  2⤵
  PID:2904
- C:\Windows\System\DBkmEeU.exe
  C:\Windows\System\DBkmEeU.exe
  2⤵
  PID:5916
- C:\Windows\System\HTmWMpF.exe
  C:\Windows\System\HTmWMpF.exe
  2⤵
  PID:6012
- C:\Windows\System\hPrbQMx.exe
  C:\Windows\System\hPrbQMx.exe
  2⤵
  PID:2932
- C:\Windows\System\eQCyKME.exe
  C:\Windows\System\eQCyKME.exe
  2⤵
  PID:4976
- C:\Windows\System\hgZltSn.exe
  C:\Windows\System\hgZltSn.exe
  2⤵
  PID:5308
- C:\Windows\System\dRnwcWn.exe
  C:\Windows\System\dRnwcWn.exe
  2⤵
  PID:4656
- C:\Windows\System\yxdzCPQ.exe
  C:\Windows\System\yxdzCPQ.exe
  2⤵
  PID:5396
- C:\Windows\System\vlsFInB.exe
  C:\Windows\System\vlsFInB.exe
  2⤵
  PID:5556
- C:\Windows\System\suiJIeR.exe
  C:\Windows\System\suiJIeR.exe
  2⤵
  PID:5804
- C:\Windows\System\aHEQVHu.exe
  C:\Windows\System\aHEQVHu.exe
  2⤵
  PID:6004
- C:\Windows\System\eMrxDxQ.exe
  C:\Windows\System\eMrxDxQ.exe
  2⤵
  PID:6060
- C:\Windows\System\nphJJSw.exe
  C:\Windows\System\nphJJSw.exe
  2⤵
  PID:5728
- C:\Windows\System\OdIlHxG.exe
  C:\Windows\System\OdIlHxG.exe
  2⤵
  PID:5236
- C:\Windows\System\MmVCWso.exe
  C:\Windows\System\MmVCWso.exe
  2⤵
  PID:6020
- C:\Windows\System\QSeKtNa.exe
  C:\Windows\System\QSeKtNa.exe
  2⤵
  PID:5192
- C:\Windows\System\neUKbZp.exe
  C:\Windows\System\neUKbZp.exe
  2⤵
  PID:2228
- C:\Windows\System\HAkMoUk.exe
  C:\Windows\System\HAkMoUk.exe
  2⤵
  PID:5580
- C:\Windows\System\weVTELm.exe
  C:\Windows\System\weVTELm.exe
  2⤵
  PID:6156
- C:\Windows\System\FJjcYgk.exe
  C:\Windows\System\FJjcYgk.exe
  2⤵
  PID:6176
- C:\Windows\System\MMAmrox.exe
  C:\Windows\System\MMAmrox.exe
  2⤵
  PID:6196
- C:\Windows\System\iKzfilh.exe
  C:\Windows\System\iKzfilh.exe
  2⤵
  PID:6220
- C:\Windows\System\PCMmjKB.exe
  C:\Windows\System\PCMmjKB.exe
  2⤵
  PID:6236
- C:\Windows\System\Jrxwype.exe
  C:\Windows\System\Jrxwype.exe
  2⤵
  PID:6260
- C:\Windows\System\dPRyBsQ.exe
  C:\Windows\System\dPRyBsQ.exe
  2⤵
  PID:6280
- C:\Windows\System\vVEwGCa.exe
  C:\Windows\System\vVEwGCa.exe
  2⤵
  PID:6296
- C:\Windows\System\BoQcxZS.exe
  C:\Windows\System\BoQcxZS.exe
  2⤵
  PID:6316
- C:\Windows\System\KYGijwc.exe
  C:\Windows\System\KYGijwc.exe
  2⤵
  PID:6332
- C:\Windows\System\srDZyXN.exe
  C:\Windows\System\srDZyXN.exe
  2⤵
  PID:6356
- C:\Windows\System\jOBMnAc.exe
  C:\Windows\System\jOBMnAc.exe
  2⤵
  PID:6380
- C:\Windows\System\mGzyUZW.exe
  C:\Windows\System\mGzyUZW.exe
  2⤵
  PID:6400
- C:\Windows\System\iMSyHBb.exe
  C:\Windows\System\iMSyHBb.exe
  2⤵
  PID:6420
- C:\Windows\System\FgnVlGu.exe
  C:\Windows\System\FgnVlGu.exe
  2⤵
  PID:6440
- C:\Windows\System\yhigLTU.exe
  C:\Windows\System\yhigLTU.exe
  2⤵
  PID:6464
- C:\Windows\System\QKPpLVr.exe
  C:\Windows\System\QKPpLVr.exe
  2⤵
  PID:6480
- C:\Windows\System\QpjDAuP.exe
  C:\Windows\System\QpjDAuP.exe
  2⤵
  PID:6500
- C:\Windows\System\wHlZPcv.exe
  C:\Windows\System\wHlZPcv.exe
  2⤵
  PID:6516
- C:\Windows\System\pfWjLYa.exe
  C:\Windows\System\pfWjLYa.exe
  2⤵
  PID:6536
- C:\Windows\System\bEusXwn.exe
  C:\Windows\System\bEusXwn.exe
  2⤵
  PID:6564
- C:\Windows\System\azpVAzS.exe
  C:\Windows\System\azpVAzS.exe
  2⤵
  PID:6580
- C:\Windows\System\xfiZnPe.exe
  C:\Windows\System\xfiZnPe.exe
  2⤵
  PID:6600
- C:\Windows\System\aBMboaR.exe
  C:\Windows\System\aBMboaR.exe
  2⤵
  PID:6620
- C:\Windows\System\sBijXEV.exe
  C:\Windows\System\sBijXEV.exe
  2⤵
  PID:6636
- C:\Windows\System\LSBlWHG.exe
  C:\Windows\System\LSBlWHG.exe
  2⤵
  PID:6664
- C:\Windows\System\kRPjYDu.exe
  C:\Windows\System\kRPjYDu.exe
  2⤵
  PID:6680
- C:\Windows\System\JIjBwou.exe
  C:\Windows\System\JIjBwou.exe
  2⤵
  PID:6704
- C:\Windows\System\YpHimvT.exe
  C:\Windows\System\YpHimvT.exe
  2⤵
  PID:6724
- C:\Windows\System\rbislok.exe
  C:\Windows\System\rbislok.exe
  2⤵
  PID:6740
- C:\Windows\System\iOhnyUm.exe
  C:\Windows\System\iOhnyUm.exe
  2⤵
  PID:6760
- C:\Windows\System\brqJtcZ.exe
  C:\Windows\System\brqJtcZ.exe
  2⤵
  PID:6776
- C:\Windows\System\jYuqSGE.exe
  C:\Windows\System\jYuqSGE.exe
  2⤵
  PID:6800
- C:\Windows\System\zPTWdXm.exe
  C:\Windows\System\zPTWdXm.exe
  2⤵
  PID:6820
- C:\Windows\System\iSFEnXG.exe
  C:\Windows\System\iSFEnXG.exe
  2⤵
  PID:6840
- C:\Windows\System\cKLLOPW.exe
  C:\Windows\System\cKLLOPW.exe
  2⤵
  PID:6868
- C:\Windows\System\yPLfbDV.exe
  C:\Windows\System\yPLfbDV.exe
  2⤵
  PID:6884
- C:\Windows\System\rWWnmal.exe
  C:\Windows\System\rWWnmal.exe
  2⤵
  PID:6908
- C:\Windows\System\yADeOLr.exe
  C:\Windows\System\yADeOLr.exe
  2⤵
  PID:6924
- C:\Windows\System\IXNNzdN.exe
  C:\Windows\System\IXNNzdN.exe
  2⤵
  PID:6944
- C:\Windows\System\shjUgFL.exe
  C:\Windows\System\shjUgFL.exe
  2⤵
  PID:6960
- C:\Windows\System\MWWnEFD.exe
  C:\Windows\System\MWWnEFD.exe
  2⤵
  PID:7012
- C:\Windows\System\kdQCSzC.exe
  C:\Windows\System\kdQCSzC.exe
  2⤵
  PID:7032
- C:\Windows\System\pQsJXub.exe
  C:\Windows\System\pQsJXub.exe
  2⤵
  PID:7048
- C:\Windows\System\UqHfKBG.exe
  C:\Windows\System\UqHfKBG.exe
  2⤵
  PID:7068
- C:\Windows\System\efLyFak.exe
  C:\Windows\System\efLyFak.exe
  2⤵
  PID:7092
- C:\Windows\System\MAAPamK.exe
  C:\Windows\System\MAAPamK.exe
  2⤵
  PID:7112
- C:\Windows\System\zEZkuPm.exe
  C:\Windows\System\zEZkuPm.exe
  2⤵
  PID:7128
- C:\Windows\System\xflRNsc.exe
  C:\Windows\System\xflRNsc.exe
  2⤵
  PID:7148
- C:\Windows\System\wamBjcE.exe
  C:\Windows\System\wamBjcE.exe
  2⤵
  PID:7164
- C:\Windows\System\vTrZhTI.exe
  C:\Windows\System\vTrZhTI.exe
  2⤵
  PID:5608
- C:\Windows\System\NxuqSPb.exe
  C:\Windows\System\NxuqSPb.exe
  2⤵
  PID:6096
- C:\Windows\System\XYHMBxr.exe
  C:\Windows\System\XYHMBxr.exe
  2⤵
  PID:6152
- C:\Windows\System\IGSMexQ.exe
  C:\Windows\System\IGSMexQ.exe
  2⤵
  PID:6168
- C:\Windows\System\HtKsCcX.exe
  C:\Windows\System\HtKsCcX.exe
  2⤵
  PID:6212
- C:\Windows\System\nMZXGuo.exe
  C:\Windows\System\nMZXGuo.exe
  2⤵
  PID:6252
- C:\Windows\System\IGYNkYZ.exe
  C:\Windows\System\IGYNkYZ.exe
  2⤵
  PID:6292
- C:\Windows\System\QLOOzOn.exe
  C:\Windows\System\QLOOzOn.exe
  2⤵
  PID:6312
- C:\Windows\System\iJmKTtU.exe
  C:\Windows\System\iJmKTtU.exe
  2⤵
  PID:6352
- C:\Windows\System\xVYbkWB.exe
  C:\Windows\System\xVYbkWB.exe
  2⤵
  PID:6368
- C:\Windows\System\YGUtfIY.exe
  C:\Windows\System\YGUtfIY.exe
  2⤵
  PID:6392
- C:\Windows\System\DUCQIDY.exe
  C:\Windows\System\DUCQIDY.exe
  2⤵
  PID:6456
- C:\Windows\System\GxcmMzM.exe
  C:\Windows\System\GxcmMzM.exe
  2⤵
  PID:6488
- C:\Windows\System\iboRkcw.exe
  C:\Windows\System\iboRkcw.exe
  2⤵
  PID:6512
- C:\Windows\System\fmSFlBu.exe
  C:\Windows\System\fmSFlBu.exe
  2⤵
  PID:6548
- C:\Windows\System\vuJPSPB.exe
  C:\Windows\System\vuJPSPB.exe
  2⤵
  PID:6592
- C:\Windows\System\tIyKlwZ.exe
  C:\Windows\System\tIyKlwZ.exe
  2⤵
  PID:6616
- C:\Windows\System\rBVBZBM.exe
  C:\Windows\System\rBVBZBM.exe
  2⤵
  PID:6632
- C:\Windows\System\tcXbdUf.exe
  C:\Windows\System\tcXbdUf.exe
  2⤵
  PID:6676
- C:\Windows\System\boSPkjZ.exe
  C:\Windows\System\boSPkjZ.exe
  2⤵
  PID:6716
- C:\Windows\System\bDZYTVa.exe
  C:\Windows\System\bDZYTVa.exe
  2⤵
  PID:6256
- C:\Windows\System\mubCbKH.exe
  C:\Windows\System\mubCbKH.exe
  2⤵
  PID:6756
- C:\Windows\System\uPilEzn.exe
  C:\Windows\System\uPilEzn.exe
  2⤵
  PID:6796
- C:\Windows\System\LbgDgOf.exe
  C:\Windows\System\LbgDgOf.exe
  2⤵
  PID:6860
- C:\Windows\System\DyRZrWw.exe
  C:\Windows\System\DyRZrWw.exe
  2⤵
  PID:6880
- C:\Windows\System\curJXEL.exe
  C:\Windows\System\curJXEL.exe
  2⤵
  PID:6904
- C:\Windows\System\HCrUTaR.exe
  C:\Windows\System\HCrUTaR.exe
  2⤵
  PID:6952
- C:\Windows\System\YAKTjSm.exe
  C:\Windows\System\YAKTjSm.exe
  2⤵
  PID:6972
- C:\Windows\System\TVAnVkx.exe
  C:\Windows\System\TVAnVkx.exe
  2⤵
  PID:7020
- C:\Windows\System\WtYBeAw.exe
  C:\Windows\System\WtYBeAw.exe
  2⤵
  PID:7080
- C:\Windows\System\fHAIytZ.exe
  C:\Windows\System\fHAIytZ.exe
  2⤵
  PID:7060
- C:\Windows\System\QBTkRNV.exe
  C:\Windows\System\QBTkRNV.exe
  2⤵
  PID:7104
- C:\Windows\System\BGKbrUd.exe
  C:\Windows\System\BGKbrUd.exe
  2⤵
  PID:7144
- C:\Windows\System\pvKVbtP.exe
  C:\Windows\System\pvKVbtP.exe
  2⤵
  PID:5904
- C:\Windows\System\NeehJQc.exe
  C:\Windows\System\NeehJQc.exe
  2⤵
  PID:6112
- C:\Windows\System\yydqbcV.exe
  C:\Windows\System\yydqbcV.exe
  2⤵
  PID:6192
- C:\Windows\System\fkNkuhO.exe
  C:\Windows\System\fkNkuhO.exe
  2⤵
  PID:6244
- C:\Windows\System\vVJqCsc.exe
  C:\Windows\System\vVJqCsc.exe
  2⤵
  PID:6268
- C:\Windows\System\GiFKdxp.exe
  C:\Windows\System\GiFKdxp.exe
  2⤵
  PID:6372
- C:\Windows\System\JojszLd.exe
  C:\Windows\System\JojszLd.exe
  2⤵
  PID:6432
- C:\Windows\System\aeDUGAW.exe
  C:\Windows\System\aeDUGAW.exe
  2⤵
  PID:6460
- C:\Windows\System\FFFPnGr.exe
  C:\Windows\System\FFFPnGr.exe
  2⤵
  PID:6528
- C:\Windows\System\fbhhdxe.exe
  C:\Windows\System\fbhhdxe.exe
  2⤵
  PID:6556
- C:\Windows\System\PgDMtLo.exe
  C:\Windows\System\PgDMtLo.exe
  2⤵
  PID:6648
- C:\Windows\System\HvpZnPq.exe
  C:\Windows\System\HvpZnPq.exe
  2⤵
  PID:6696
- C:\Windows\System\NevrJVO.exe
  C:\Windows\System\NevrJVO.exe
  2⤵
  PID:6720
- C:\Windows\System\XEEEhKe.exe
  C:\Windows\System\XEEEhKe.exe
  2⤵
  PID:6812
- C:\Windows\System\OdjjAcC.exe
  C:\Windows\System\OdjjAcC.exe
  2⤵
  PID:6848
- C:\Windows\System\wCbqmYT.exe
  C:\Windows\System\wCbqmYT.exe
  2⤵
  PID:6896
- C:\Windows\System\ogwKhzm.exe
  C:\Windows\System\ogwKhzm.exe
  2⤵
  PID:7008
- C:\Windows\System\nAqjqZI.exe
  C:\Windows\System\nAqjqZI.exe
  2⤵
  PID:7024
- C:\Windows\System\bVieYfy.exe
  C:\Windows\System\bVieYfy.exe
  2⤵
  PID:7160
- C:\Windows\System\pggDaRM.exe
  C:\Windows\System\pggDaRM.exe
  2⤵
  PID:7076
- C:\Windows\System\xjDCfwu.exe
  C:\Windows\System\xjDCfwu.exe
  2⤵
  PID:5816
- C:\Windows\System\YepXHPo.exe
  C:\Windows\System\YepXHPo.exe
  2⤵
  PID:6204
- C:\Windows\System\UwoJdrg.exe
  C:\Windows\System\UwoJdrg.exe
  2⤵
  PID:6304
- C:\Windows\System\hyNGSVo.exe
  C:\Windows\System\hyNGSVo.exe
  2⤵
  PID:6452
- C:\Windows\System\jgkpZgl.exe
  C:\Windows\System\jgkpZgl.exe
  2⤵
  PID:6416
- C:\Windows\System\bwtJIkc.exe
  C:\Windows\System\bwtJIkc.exe
  2⤵
  PID:6588
- C:\Windows\System\onXkqVC.exe
  C:\Windows\System\onXkqVC.exe
  2⤵
  PID:6808
- C:\Windows\System\SDFXGPV.exe
  C:\Windows\System\SDFXGPV.exe
  2⤵
  PID:6628
- C:\Windows\System\eAoDmJv.exe
  C:\Windows\System\eAoDmJv.exe
  2⤵
  PID:6876
- C:\Windows\System\htcAKmh.exe
  C:\Windows\System\htcAKmh.exe
  2⤵
  PID:6968
- C:\Windows\System\QTYlOQA.exe
  C:\Windows\System\QTYlOQA.exe
  2⤵
  PID:6916
- C:\Windows\System\gnEpdTL.exe
  C:\Windows\System\gnEpdTL.exe
  2⤵
  PID:7140
- C:\Windows\System\wUqUKId.exe
  C:\Windows\System\wUqUKId.exe
  2⤵
  PID:6172
- C:\Windows\System\euLkYJm.exe
  C:\Windows\System\euLkYJm.exe
  2⤵
  PID:6276
- C:\Windows\System\WnIUoQG.exe
  C:\Windows\System\WnIUoQG.exe
  2⤵
  PID:6496
- C:\Windows\System\tPvmEsq.exe
  C:\Windows\System\tPvmEsq.exe
  2⤵
  PID:6700
- C:\Windows\System\qFJuPGO.exe
  C:\Windows\System\qFJuPGO.exe
  2⤵
  PID:6596
- C:\Windows\System\pWERLFp.exe
  C:\Windows\System\pWERLFp.exe
  2⤵
  PID:6900
- C:\Windows\System\tvkyUqC.exe
  C:\Windows\System\tvkyUqC.exe
  2⤵
  PID:5756
- C:\Windows\System\mAVLgpH.exe
  C:\Windows\System\mAVLgpH.exe
  2⤵
  PID:6940
- C:\Windows\System\njjMRSF.exe
  C:\Windows\System\njjMRSF.exe
  2⤵
  PID:6344
- C:\Windows\System\puNApmv.exe
  C:\Windows\System\puNApmv.exe
  2⤵
  PID:6552
- C:\Windows\System\mFUDIDS.exe
  C:\Windows\System\mFUDIDS.exe
  2⤵
  PID:6976
- C:\Windows\System\CJcOlCE.exe
  C:\Windows\System\CJcOlCE.exe
  2⤵
  PID:6228
- C:\Windows\System\hRWyBin.exe
  C:\Windows\System\hRWyBin.exe
  2⤵
  PID:6660
- C:\Windows\System\RrCGvMD.exe
  C:\Windows\System\RrCGvMD.exe
  2⤵
  PID:6608
- C:\Windows\System\bILIXpw.exe
  C:\Windows\System\bILIXpw.exe
  2⤵
  PID:5656
- C:\Windows\System\HwBJhtg.exe
  C:\Windows\System\HwBJhtg.exe
  2⤵
  PID:7108
- C:\Windows\System\yChJlxF.exe
  C:\Windows\System\yChJlxF.exe
  2⤵
  PID:7196
- C:\Windows\System\SROemnA.exe
  C:\Windows\System\SROemnA.exe
  2⤵
  PID:7212
- C:\Windows\System\JRhbNOq.exe
  C:\Windows\System\JRhbNOq.exe
  2⤵
  PID:7228
- C:\Windows\System\LgYcFtF.exe
  C:\Windows\System\LgYcFtF.exe
  2⤵
  PID:7244
- C:\Windows\System\VQEnmzg.exe
  C:\Windows\System\VQEnmzg.exe
  2⤵
  PID:7268
- C:\Windows\System\RPUJsBI.exe
  C:\Windows\System\RPUJsBI.exe
  2⤵
  PID:7284
- C:\Windows\System\GEdPaPQ.exe
  C:\Windows\System\GEdPaPQ.exe
  2⤵
  PID:7300
- C:\Windows\System\fJgBmne.exe
  C:\Windows\System\fJgBmne.exe
  2⤵
  PID:7320
- C:\Windows\System\PrAZMsD.exe
  C:\Windows\System\PrAZMsD.exe
  2⤵
  PID:7356
- C:\Windows\System\UekqscS.exe
  C:\Windows\System\UekqscS.exe
  2⤵
  PID:7372
- C:\Windows\System\eACLRJN.exe
  C:\Windows\System\eACLRJN.exe
  2⤵
  PID:7388
- C:\Windows\System\EPhgdNo.exe
  C:\Windows\System\EPhgdNo.exe
  2⤵
  PID:7408
- C:\Windows\System\BorCroH.exe
  C:\Windows\System\BorCroH.exe
  2⤵
  PID:7428
- C:\Windows\System\kNkRRuo.exe
  C:\Windows\System\kNkRRuo.exe
  2⤵
  PID:7452
- C:\Windows\System\JjjsTnH.exe
  C:\Windows\System\JjjsTnH.exe
  2⤵
  PID:7476
- C:\Windows\System\hBdxENV.exe
  C:\Windows\System\hBdxENV.exe
  2⤵
  PID:7492
- C:\Windows\System\WRdEDWF.exe
  C:\Windows\System\WRdEDWF.exe
  2⤵
  PID:7512
- C:\Windows\System\kULARFl.exe
  C:\Windows\System\kULARFl.exe
  2⤵
  PID:7536
- C:\Windows\System\yZVThGf.exe
  C:\Windows\System\yZVThGf.exe
  2⤵
  PID:7552
- C:\Windows\System\qDQVSTz.exe
  C:\Windows\System\qDQVSTz.exe
  2⤵
  PID:7572
- C:\Windows\System\EUklCYO.exe
  C:\Windows\System\EUklCYO.exe
  2⤵
  PID:7588
- C:\Windows\System\lBskAea.exe
  C:\Windows\System\lBskAea.exe
  2⤵
  PID:7604
- C:\Windows\System\gIJtnvZ.exe
  C:\Windows\System\gIJtnvZ.exe
  2⤵
  PID:7628
- C:\Windows\System\vaJddPZ.exe
  C:\Windows\System\vaJddPZ.exe
  2⤵
  PID:7652
- C:\Windows\System\sIFQaoC.exe
  C:\Windows\System\sIFQaoC.exe
  2⤵
  PID:7672
- C:\Windows\System\icBIXip.exe
  C:\Windows\System\icBIXip.exe
  2⤵
  PID:7692
- C:\Windows\System\CBdhXjq.exe
  C:\Windows\System\CBdhXjq.exe
  2⤵
  PID:7716
- C:\Windows\System\XyUyEtP.exe
  C:\Windows\System\XyUyEtP.exe
  2⤵
  PID:7732
- C:\Windows\System\wEmjcQv.exe
  C:\Windows\System\wEmjcQv.exe
  2⤵
  PID:7752
- C:\Windows\System\ZCacRSN.exe
  C:\Windows\System\ZCacRSN.exe
  2⤵
  PID:7776
- C:\Windows\System\vkikoXb.exe
  C:\Windows\System\vkikoXb.exe
  2⤵
  PID:7800
- C:\Windows\System\Kunwjrb.exe
  C:\Windows\System\Kunwjrb.exe
  2⤵
  PID:7816
- C:\Windows\System\egcLBfs.exe
  C:\Windows\System\egcLBfs.exe
  2⤵
  PID:7840
- C:\Windows\System\dNXnYqf.exe
  C:\Windows\System\dNXnYqf.exe
  2⤵
  PID:7856
- C:\Windows\System\PYTuotD.exe
  C:\Windows\System\PYTuotD.exe
  2⤵
  PID:7876
- C:\Windows\System\azRvGzq.exe
  C:\Windows\System\azRvGzq.exe
  2⤵
  PID:7904
- C:\Windows\System\iCuQpEG.exe
  C:\Windows\System\iCuQpEG.exe
  2⤵
  PID:7920
- C:\Windows\System\WavgfZa.exe
  C:\Windows\System\WavgfZa.exe
  2⤵
  PID:7948
- C:\Windows\System\GMcGzEh.exe
  C:\Windows\System\GMcGzEh.exe
  2⤵
  PID:7964
- C:\Windows\System\zyTucwu.exe
  C:\Windows\System\zyTucwu.exe
  2⤵
  PID:7984
- C:\Windows\System\TCKBIqj.exe
  C:\Windows\System\TCKBIqj.exe
  2⤵
  PID:8008
- C:\Windows\System\ixtTYxt.exe
  C:\Windows\System\ixtTYxt.exe
  2⤵
  PID:8024
- C:\Windows\System\CzULFxe.exe
  C:\Windows\System\CzULFxe.exe
  2⤵
  PID:8044
- C:\Windows\System\GkQODNK.exe
  C:\Windows\System\GkQODNK.exe
  2⤵
  PID:8068
- C:\Windows\System\CnwKExE.exe
  C:\Windows\System\CnwKExE.exe
  2⤵
  PID:8084
- C:\Windows\System\HUBkLIX.exe
  C:\Windows\System\HUBkLIX.exe
  2⤵
  PID:8104
- C:\Windows\System\HBecqUZ.exe
  C:\Windows\System\HBecqUZ.exe
  2⤵
  PID:8120
- C:\Windows\System\dhAJwxR.exe
  C:\Windows\System\dhAJwxR.exe
  2⤵
  PID:8144
- C:\Windows\System\kMFJrxn.exe
  C:\Windows\System\kMFJrxn.exe
  2⤵
  PID:8164
- C:\Windows\System\sUdBiHI.exe
  C:\Windows\System\sUdBiHI.exe
  2⤵
  PID:8180
- C:\Windows\System\cgveBtc.exe
  C:\Windows\System\cgveBtc.exe
  2⤵
  PID:7188
- C:\Windows\System\mnYvCsG.exe
  C:\Windows\System\mnYvCsG.exe
  2⤵
  PID:5952
- C:\Windows\System\RSORuZf.exe
  C:\Windows\System\RSORuZf.exe
  2⤵
  PID:7204
- C:\Windows\System\TMaYKWv.exe
  C:\Windows\System\TMaYKWv.exe
  2⤵
  PID:7208
- C:\Windows\System\jqugZKD.exe
  C:\Windows\System\jqugZKD.exe
  2⤵
  PID:7336
- C:\Windows\System\tqlAqHe.exe
  C:\Windows\System\tqlAqHe.exe
  2⤵
  PID:7308
- C:\Windows\System\mWdkSaW.exe
  C:\Windows\System\mWdkSaW.exe
  2⤵
  PID:7352
- C:\Windows\System\GljrKFh.exe
  C:\Windows\System\GljrKFh.exe
  2⤵
  PID:7424
- C:\Windows\System\hlCeDYy.exe
  C:\Windows\System\hlCeDYy.exe
  2⤵
  PID:7436
- C:\Windows\System\pOaAzki.exe
  C:\Windows\System\pOaAzki.exe
  2⤵
  PID:7464
- C:\Windows\System\AnhjlyS.exe
  C:\Windows\System\AnhjlyS.exe
  2⤵
  PID:7504
- C:\Windows\System\daRFsGl.exe
  C:\Windows\System\daRFsGl.exe
  2⤵
  PID:7524
- C:\Windows\System\RIAvBbv.exe
  C:\Windows\System\RIAvBbv.exe
  2⤵
  PID:7612
- C:\Windows\System\NUduXIi.exe
  C:\Windows\System\NUduXIi.exe
  2⤵
  PID:7624
- C:\Windows\System\LNRwQtn.exe
  C:\Windows\System\LNRwQtn.exe
  2⤵
  PID:7640
- C:\Windows\System\gCjwNMI.exe
  C:\Windows\System\gCjwNMI.exe
  2⤵
  PID:7668
- C:\Windows\System\nNkEoge.exe
  C:\Windows\System\nNkEoge.exe
  2⤵
  PID:7704
- C:\Windows\System\BLqUHsG.exe
  C:\Windows\System\BLqUHsG.exe
  2⤵
  PID:7728
- C:\Windows\System\wJFqsKU.exe
  C:\Windows\System\wJFqsKU.exe
  2⤵
  PID:7764
- C:\Windows\System\SJNLAvj.exe
  C:\Windows\System\SJNLAvj.exe
  2⤵
  PID:7792
- C:\Windows\System\kzppUIa.exe
  C:\Windows\System\kzppUIa.exe
  2⤵
  PID:7836
- C:\Windows\System\CbsuHBH.exe
  C:\Windows\System\CbsuHBH.exe
  2⤵
  PID:7852
- C:\Windows\System\pOoAJkA.exe
  C:\Windows\System\pOoAJkA.exe
  2⤵
  PID:7884
- C:\Windows\System\gFHRgTD.exe
  C:\Windows\System\gFHRgTD.exe
  2⤵
  PID:7932
- C:\Windows\System\dkMhWqj.exe
  C:\Windows\System\dkMhWqj.exe
  2⤵
  PID:7972
- C:\Windows\System\AbIcmGJ.exe
  C:\Windows\System\AbIcmGJ.exe
  2⤵
  PID:7996
- C:\Windows\System\FzXoyIx.exe
  C:\Windows\System\FzXoyIx.exe
  2⤵
  PID:8032
- C:\Windows\System\jhflsdw.exe
  C:\Windows\System\jhflsdw.exe
  2⤵
  PID:8060
- C:\Windows\System\lONKskf.exe
  C:\Windows\System\lONKskf.exe
  2⤵
  PID:7896
- C:\Windows\System\ycwDMDp.exe
  C:\Windows\System\ycwDMDp.exe
  2⤵
  PID:8140
- C:\Windows\System\CYYHAaQ.exe
  C:\Windows\System\CYYHAaQ.exe
  2⤵
  PID:8160
- C:\Windows\System\KGZPLbR.exe
  C:\Windows\System\KGZPLbR.exe
  2⤵
  PID:7180
- C:\Windows\System\GbjoQBk.exe
  C:\Windows\System\GbjoQBk.exe
  2⤵
  PID:7264
- C:\Windows\System\ITuBCxG.exe
  C:\Windows\System\ITuBCxG.exe
  2⤵
  PID:6712
- C:\Windows\System\lrDQXxG.exe
  C:\Windows\System\lrDQXxG.exe
  2⤵
  PID:7332
- C:\Windows\System\vWyUzGI.exe
  C:\Windows\System\vWyUzGI.exe
  2⤵
  PID:7348
- C:\Windows\System\mFCNsbG.exe
  C:\Windows\System\mFCNsbG.exe
  2⤵
  PID:7400
- C:\Windows\System\VjnjLEH.exe
  C:\Windows\System\VjnjLEH.exe
  2⤵
  PID:7500
- C:\Windows\System\VgpbJGx.exe
  C:\Windows\System\VgpbJGx.exe
  2⤵
  PID:7460
- C:\Windows\System\VZJgzUq.exe
  C:\Windows\System\VZJgzUq.exe
  2⤵
  PID:7616
- C:\Windows\System\BqwGPio.exe
  C:\Windows\System\BqwGPio.exe
  2⤵
  PID:7664
- C:\Windows\System\oeGxBvN.exe
  C:\Windows\System\oeGxBvN.exe
  2⤵
  PID:7684
- C:\Windows\System\fyFjNYf.exe
  C:\Windows\System\fyFjNYf.exe
  2⤵
  PID:7744
- C:\Windows\System\WarykKK.exe
  C:\Windows\System\WarykKK.exe
  2⤵
  PID:7788
- C:\Windows\System\WUFHHLZ.exe
  C:\Windows\System\WUFHHLZ.exe
  2⤵
  PID:7808
- C:\Windows\System\QiADOnH.exe
  C:\Windows\System\QiADOnH.exe
  2⤵
  PID:7944
- C:\Windows\System\GKwbYCm.exe
  C:\Windows\System\GKwbYCm.exe
  2⤵
  PID:7960
- C:\Windows\System\XaQBUAc.exe
  C:\Windows\System\XaQBUAc.exe
  2⤵
  PID:8016
- C:\Windows\System\HmJveSX.exe
  C:\Windows\System\HmJveSX.exe
  2⤵
  PID:8056
- C:\Windows\System\FjcSCVx.exe
  C:\Windows\System\FjcSCVx.exe
  2⤵
  PID:8100
- C:\Windows\System\zpKPWdy.exe
  C:\Windows\System\zpKPWdy.exe
  2⤵
  PID:7280
- C:\Windows\System\yjHkvDS.exe
  C:\Windows\System\yjHkvDS.exe
  2⤵
  PID:7380
- C:\Windows\System\GqwuNFH.exe
  C:\Windows\System\GqwuNFH.exe
  2⤵
  PID:8188
- C:\Windows\System\BbZjkhP.exe
  C:\Windows\System\BbZjkhP.exe
  2⤵
  PID:7316
- C:\Windows\System\hyUODHv.exe
  C:\Windows\System\hyUODHv.exe
  2⤵
  PID:7472
- C:\Windows\System\oiSWjTZ.exe
  C:\Windows\System\oiSWjTZ.exe
  2⤵
  PID:7520
- C:\Windows\System\FeTzzSa.exe
  C:\Windows\System\FeTzzSa.exe
  2⤵
  PID:7648
- C:\Windows\System\YfnPnxD.exe
  C:\Windows\System\YfnPnxD.exe
  2⤵
  PID:7760
- C:\Windows\System\qtgShGM.exe
  C:\Windows\System\qtgShGM.exe
  2⤵
  PID:7916
- C:\Windows\System\jpWUgmF.exe
  C:\Windows\System\jpWUgmF.exe
  2⤵
  PID:8064
- C:\Windows\System\oVOyqUc.exe
  C:\Windows\System\oVOyqUc.exe
  2⤵
  PID:8112
- C:\Windows\System\uIwOVAu.exe
  C:\Windows\System\uIwOVAu.exe
  2⤵
  PID:7992
- C:\Windows\System\nynNslr.exe
  C:\Windows\System\nynNslr.exe
  2⤵
  PID:7384
- C:\Windows\System\nmryVqW.exe
  C:\Windows\System\nmryVqW.exe
  2⤵
  PID:7252
- C:\Windows\System\yYzYfDJ.exe
  C:\Windows\System\yYzYfDJ.exe
  2⤵
  PID:7940
- C:\Windows\System\JsDaMzz.exe
  C:\Windows\System\JsDaMzz.exe
  2⤵
  PID:7712
- C:\Windows\System\wzQhLlT.exe
  C:\Windows\System\wzQhLlT.exe
  2⤵
  PID:7484
- C:\Windows\System\czHelqx.exe
  C:\Windows\System\czHelqx.exe
  2⤵
  PID:8136
- C:\Windows\System\kyOSiyA.exe
  C:\Windows\System\kyOSiyA.exe
  2⤵
  PID:8152
- C:\Windows\System\hkePjaX.exe
  C:\Windows\System\hkePjaX.exe
  2⤵
  PID:7644
- C:\Windows\System\cDSPvVU.exe
  C:\Windows\System\cDSPvVU.exe
  2⤵
  PID:7724
- C:\Windows\System\XkiTRai.exe
  C:\Windows\System\XkiTRai.exe
  2⤵
  PID:7956
- C:\Windows\System\RKOaVrZ.exe
  C:\Windows\System\RKOaVrZ.exe
  2⤵
  PID:7224
- C:\Windows\System\lecdIpY.exe
  C:\Windows\System\lecdIpY.exe
  2⤵
  PID:7444
- C:\Windows\System\HAVpXDb.exe
  C:\Windows\System\HAVpXDb.exe
  2⤵
  PID:8116
- C:\Windows\System\KGoPNDs.exe
  C:\Windows\System\KGoPNDs.exe
  2⤵
  PID:7548
- C:\Windows\System\mVsSLgw.exe
  C:\Windows\System\mVsSLgw.exe
  2⤵
  PID:7848
- C:\Windows\System\TTjnDJn.exe
  C:\Windows\System\TTjnDJn.exe
  2⤵
  PID:8040
- C:\Windows\System\faAqQoi.exe
  C:\Windows\System\faAqQoi.exe
  2⤵
  PID:8204
- C:\Windows\System\BiJIdvP.exe
  C:\Windows\System\BiJIdvP.exe
  2⤵
  PID:8224
- C:\Windows\System\hZVhhbO.exe
  C:\Windows\System\hZVhhbO.exe
  2⤵
  PID:8252
- C:\Windows\System\ZAbpVgn.exe
  C:\Windows\System\ZAbpVgn.exe
  2⤵
  PID:8268
- C:\Windows\System\TOzBjiH.exe
  C:\Windows\System\TOzBjiH.exe
  2⤵
  PID:8284
- C:\Windows\System\dVJBYcL.exe
  C:\Windows\System\dVJBYcL.exe
  2⤵
  PID:8304
- C:\Windows\System\zPkuCpt.exe
  C:\Windows\System\zPkuCpt.exe
  2⤵
  PID:8328
- C:\Windows\System\eZiDXxE.exe
  C:\Windows\System\eZiDXxE.exe
  2⤵
  PID:8344
- C:\Windows\System\IyPhenv.exe
  C:\Windows\System\IyPhenv.exe
  2⤵
  PID:8372
- C:\Windows\System\dzyoFpz.exe
  C:\Windows\System\dzyoFpz.exe
  2⤵
  PID:8392
- C:\Windows\System\jjbmFtV.exe
  C:\Windows\System\jjbmFtV.exe
  2⤵
  PID:8408
- C:\Windows\System\txmeiuP.exe
  C:\Windows\System\txmeiuP.exe
  2⤵
  PID:8432
- C:\Windows\System\tpkCEXf.exe
  C:\Windows\System\tpkCEXf.exe
  2⤵
  PID:8456
- C:\Windows\System\wrpsnJu.exe
  C:\Windows\System\wrpsnJu.exe
  2⤵
  PID:8472
- C:\Windows\System\zPXPmKs.exe
  C:\Windows\System\zPXPmKs.exe
  2⤵
  PID:8488
- C:\Windows\System\vatGSfA.exe
  C:\Windows\System\vatGSfA.exe
  2⤵
  PID:8512
- C:\Windows\System\MpWsROE.exe
  C:\Windows\System\MpWsROE.exe
  2⤵
  PID:8540
- C:\Windows\System\RUEbcLY.exe
  C:\Windows\System\RUEbcLY.exe
  2⤵
  PID:8556
- C:\Windows\System\expDinZ.exe
  C:\Windows\System\expDinZ.exe
  2⤵
  PID:8572
- C:\Windows\System\sqbjGyq.exe
  C:\Windows\System\sqbjGyq.exe
  2⤵
  PID:8592
- C:\Windows\System\yyocLAm.exe
  C:\Windows\System\yyocLAm.exe
  2⤵
  PID:8616
- C:\Windows\System\CMmuuyv.exe
  C:\Windows\System\CMmuuyv.exe
  2⤵
  PID:8632
- C:\Windows\System\SIKLpHk.exe
  C:\Windows\System\SIKLpHk.exe
  2⤵
  PID:8652
- C:\Windows\System\vjLKDuY.exe
  C:\Windows\System\vjLKDuY.exe
  2⤵
  PID:8672
- C:\Windows\System\YGIxwba.exe
  C:\Windows\System\YGIxwba.exe
  2⤵
  PID:8692
- C:\Windows\System\cZLppDj.exe
  C:\Windows\System\cZLppDj.exe
  2⤵
  PID:8720
- C:\Windows\System\tucIhWJ.exe
  C:\Windows\System\tucIhWJ.exe
  2⤵
  PID:8736
- C:\Windows\System\MEnvrkM.exe
  C:\Windows\System\MEnvrkM.exe
  2⤵
  PID:8756
- C:\Windows\System\GTCHTCy.exe
  C:\Windows\System\GTCHTCy.exe
  2⤵
  PID:8772
- C:\Windows\System\RTPcjdz.exe
  C:\Windows\System\RTPcjdz.exe
  2⤵
  PID:8796
- C:\Windows\System\cPGkTWg.exe
  C:\Windows\System\cPGkTWg.exe
  2⤵
  PID:8820
- C:\Windows\System\upiSjIN.exe
  C:\Windows\System\upiSjIN.exe
  2⤵
  PID:8836
- C:\Windows\System\FhWSMNa.exe
  C:\Windows\System\FhWSMNa.exe
  2⤵
  PID:8852
- C:\Windows\System\ouHqODZ.exe
  C:\Windows\System\ouHqODZ.exe
  2⤵
  PID:8872
- C:\Windows\System\foURurW.exe
  C:\Windows\System\foURurW.exe
  2⤵
  PID:8892
- C:\Windows\System\KwDjKSN.exe
  C:\Windows\System\KwDjKSN.exe
  2⤵
  PID:8912
- C:\Windows\System\VjHngld.exe
  C:\Windows\System\VjHngld.exe
  2⤵
  PID:8940
- C:\Windows\System\wlXiQYu.exe
  C:\Windows\System\wlXiQYu.exe
  2⤵
  PID:8956
- C:\Windows\System\tBDwXJL.exe
  C:\Windows\System\tBDwXJL.exe
  2⤵
  PID:8976
- C:\Windows\System\HXZNzzO.exe
  C:\Windows\System\HXZNzzO.exe
  2⤵
  PID:8992
- C:\Windows\System\GTAPyxg.exe
  C:\Windows\System\GTAPyxg.exe
  2⤵
  PID:9016
- C:\Windows\System\ruMqjnU.exe
  C:\Windows\System\ruMqjnU.exe
  2⤵
  PID:9036
- C:\Windows\System\HBGTzeU.exe
  C:\Windows\System\HBGTzeU.exe
  2⤵
  PID:9064
- C:\Windows\System\JENHLOZ.exe
  C:\Windows\System\JENHLOZ.exe
  2⤵
  PID:9080
- C:\Windows\System\uHGbjKK.exe
  C:\Windows\System\uHGbjKK.exe
  2⤵
  PID:9100
- C:\Windows\System\prSKSzt.exe
  C:\Windows\System\prSKSzt.exe
  2⤵
  PID:9120
- C:\Windows\System\XTBmdjj.exe
  C:\Windows\System\XTBmdjj.exe
  2⤵
  PID:9136
- C:\Windows\System\rytQXtz.exe
  C:\Windows\System\rytQXtz.exe
  2⤵
  PID:9156
- C:\Windows\System\UaIggVM.exe
  C:\Windows\System\UaIggVM.exe
  2⤵
  PID:9180
- C:\Windows\System\NbLEPDi.exe
  C:\Windows\System\NbLEPDi.exe
  2⤵
  PID:9200
- C:\Windows\System\cUNqcMM.exe
  C:\Windows\System\cUNqcMM.exe
  2⤵
  PID:8200
- C:\Windows\System\SrKoOmG.exe
  C:\Windows\System\SrKoOmG.exe
  2⤵
  PID:8216
- C:\Windows\System\PgLqZnD.exe
  C:\Windows\System\PgLqZnD.exe
  2⤵
  PID:8244
- C:\Windows\System\vUUOoSx.exe
  C:\Windows\System\vUUOoSx.exe
  2⤵
  PID:8280
- C:\Windows\System\HbmlnBT.exe
  C:\Windows\System\HbmlnBT.exe
  2⤵
  PID:8292
- C:\Windows\System\hGhdiTI.exe
  C:\Windows\System\hGhdiTI.exe
  2⤵
  PID:8340
- C:\Windows\System\EWrgQEv.exe
  C:\Windows\System\EWrgQEv.exe
  2⤵
  PID:8368
- C:\Windows\System\YCTsOQW.exe
  C:\Windows\System\YCTsOQW.exe
  2⤵
  PID:8400
- C:\Windows\System\sOOaEEk.exe
  C:\Windows\System\sOOaEEk.exe
  2⤵
  PID:8444
- C:\Windows\System\orhEVDk.exe
  C:\Windows\System\orhEVDk.exe
  2⤵
  PID:8464
- C:\Windows\System\ilfgzNI.exe
  C:\Windows\System\ilfgzNI.exe
  2⤵
  PID:8508
- C:\Windows\System\aQVErUk.exe
  C:\Windows\System\aQVErUk.exe
  2⤵
  PID:8536
- C:\Windows\System\AonnIhd.exe
  C:\Windows\System\AonnIhd.exe
  2⤵
  PID:8624
- C:\Windows\System\VieNKcT.exe
  C:\Windows\System\VieNKcT.exe
  2⤵
  PID:8612
- C:\Windows\System\wcOWsrm.exe
  C:\Windows\System\wcOWsrm.exe
  2⤵
  PID:8680
- C:\Windows\System\LSQQMcy.exe
  C:\Windows\System\LSQQMcy.exe
  2⤵
  PID:8668
- C:\Windows\System\EhOjZjY.exe
  C:\Windows\System\EhOjZjY.exe
  2⤵
  PID:8708
- C:\Windows\System\cXUmzDu.exe
  C:\Windows\System\cXUmzDu.exe
  2⤵
  PID:8764
- C:\Windows\System\fCrAYwK.exe
  C:\Windows\System\fCrAYwK.exe
  2⤵
  PID:8792
- C:\Windows\System\vTtAhxw.exe
  C:\Windows\System\vTtAhxw.exe
  2⤵
  PID:8808
- C:\Windows\System\UmflIdJ.exe
  C:\Windows\System\UmflIdJ.exe
  2⤵
  PID:8880
- C:\Windows\System\yfwFwuz.exe
  C:\Windows\System\yfwFwuz.exe
  2⤵
  PID:8864
- C:\Windows\System\qkxJLai.exe
  C:\Windows\System\qkxJLai.exe
  2⤵
  PID:8928
- C:\Windows\System\qaywRby.exe
  C:\Windows\System\qaywRby.exe
  2⤵
  PID:8968
- C:\Windows\System\yyjZeBN.exe
  C:\Windows\System\yyjZeBN.exe
  2⤵
  PID:8972
- C:\Windows\System\IAwvmjC.exe
  C:\Windows\System\IAwvmjC.exe
  2⤵
  PID:9000
- C:\Windows\System\hvztHnj.exe
  C:\Windows\System\hvztHnj.exe
  2⤵
  PID:9052
- C:\Windows\System\HWXFTcw.exe
  C:\Windows\System\HWXFTcw.exe
  2⤵
  PID:9076
- C:\Windows\System\jpsjULu.exe
  C:\Windows\System\jpsjULu.exe
  2⤵
  PID:9128
- C:\Windows\System\BkvKetK.exe
  C:\Windows\System\BkvKetK.exe
  2⤵
  PID:9168
- C:\Windows\System\QcbcCKS.exe
  C:\Windows\System\QcbcCKS.exe
  2⤵
  PID:9192
- C:\Windows\System\EFgnSFy.exe
  C:\Windows\System\EFgnSFy.exe
  2⤵
  PID:8196
- C:\Windows\System\nHteOeQ.exe
  C:\Windows\System\nHteOeQ.exe
  2⤵
  PID:8172
- C:\Windows\System\OhHcSLP.exe
  C:\Windows\System\OhHcSLP.exe
  2⤵
  PID:8312
- C:\Windows\System\EUiptsN.exe
  C:\Windows\System\EUiptsN.exe
  2⤵
  PID:8380
- C:\Windows\System\IQKsmOP.exe
  C:\Windows\System\IQKsmOP.exe
  2⤵
  PID:8364
- C:\Windows\System\wENEueM.exe
  C:\Windows\System\wENEueM.exe
  2⤵
  PID:8416
- C:\Windows\System\VikRRyU.exe
  C:\Windows\System\VikRRyU.exe
  2⤵
  PID:8480
- C:\Windows\System\tlOpvIs.exe
  C:\Windows\System\tlOpvIs.exe
  2⤵
  PID:8504
- C:\Windows\System\fuiKNNW.exe
  C:\Windows\System\fuiKNNW.exe
  2⤵
  PID:8580
- C:\Windows\System\EBxjFjt.exe
  C:\Windows\System\EBxjFjt.exe
  2⤵
  PID:8588
- C:\Windows\System\uUUUUhA.exe
  C:\Windows\System\uUUUUhA.exe
  2⤵
  PID:8648
- C:\Windows\System\ekMsMtw.exe
  C:\Windows\System\ekMsMtw.exe
  2⤵
  PID:8688
- C:\Windows\System\eRikLMy.exe
  C:\Windows\System\eRikLMy.exe
  2⤵
  PID:8660
- C:\Windows\System\bDPxzxs.exe
  C:\Windows\System\bDPxzxs.exe
  2⤵
  PID:8748
- C:\Windows\System\IsRCHjz.exe
  C:\Windows\System\IsRCHjz.exe
  2⤵
  PID:8816
- C:\Windows\System\RmYAEoa.exe
  C:\Windows\System\RmYAEoa.exe
  2⤵
  PID:8848
- C:\Windows\System\WOeZicJ.exe
  C:\Windows\System\WOeZicJ.exe
  2⤵
  PID:8924
- C:\Windows\System\PVMTFDw.exe
  C:\Windows\System\PVMTFDw.exe
  2⤵
  PID:9048
- C:\Windows\System\qPFeajy.exe
  C:\Windows\System\qPFeajy.exe
  2⤵
  PID:9096
- C:\Windows\System\yVBbwpe.exe
  C:\Windows\System\yVBbwpe.exe
  2⤵
  PID:9012
- C:\Windows\System\JZezAUs.exe
  C:\Windows\System\JZezAUs.exe
  2⤵
  PID:9116
- C:\Windows\System\hKBNdlf.exe
  C:\Windows\System\hKBNdlf.exe
  2⤵
  PID:9112
- C:\Windows\System\ROubrsR.exe
  C:\Windows\System\ROubrsR.exe
  2⤵
  PID:9060
- C:\Windows\System\cGYOJhG.exe
  C:\Windows\System\cGYOJhG.exe
  2⤵
  PID:8260
- C:\Windows\System\nGLeOlX.exe
  C:\Windows\System\nGLeOlX.exe
  2⤵
  PID:7660
- C:\Windows\System\igKsRyu.exe
  C:\Windows\System\igKsRyu.exe
  2⤵
  PID:8248
- C:\Windows\System\TOOhQat.exe
  C:\Windows\System\TOOhQat.exe
  2⤵
  PID:8420
- C:\Windows\System\ntpkgXk.exe
  C:\Windows\System\ntpkgXk.exe
  2⤵
  PID:8528
- C:\Windows\System\akZOfUi.exe
  C:\Windows\System\akZOfUi.exe
  2⤵
  PID:8628
- C:\Windows\System\sqcZdls.exe
  C:\Windows\System\sqcZdls.exe
  2⤵
  PID:8728
- C:\Windows\System\sELigEq.exe
  C:\Windows\System\sELigEq.exe
  2⤵
  PID:8568
- C:\Windows\System\LDRNpla.exe
  C:\Windows\System\LDRNpla.exe
  2⤵
  PID:8788
- C:\Windows\System\QMQjueG.exe
  C:\Windows\System\QMQjueG.exe
  2⤵
  PID:8868
- C:\Windows\System\KjjJLSH.exe
  C:\Windows\System\KjjJLSH.exe
  2⤵
  PID:9148
- C:\Windows\System\NcDsQhF.exe
  C:\Windows\System\NcDsQhF.exe
  2⤵
  PID:9004
- C:\Windows\System\LccvvGx.exe
  C:\Windows\System\LccvvGx.exe
  2⤵
  PID:9208
- C:\Windows\System\kDbZLeG.exe
  C:\Windows\System\kDbZLeG.exe
  2⤵
  PID:8236
- C:\Windows\System\sXIcEQH.exe
  C:\Windows\System\sXIcEQH.exe
  2⤵
  PID:8564
- C:\Windows\System\NnYRPWX.exe
  C:\Windows\System\NnYRPWX.exe
  2⤵
  PID:8984
- C:\Windows\System\qqCkFbw.exe
  C:\Windows\System\qqCkFbw.exe
  2⤵
  PID:8644
- C:\Windows\System\NAkyJQt.exe
  C:\Windows\System\NAkyJQt.exe
  2⤵
  PID:8952
- C:\Windows\System\ktMTdOJ.exe
  C:\Windows\System\ktMTdOJ.exe
  2⤵
  PID:8440
- C:\Windows\System\BpkifoF.exe
  C:\Windows\System\BpkifoF.exe
  2⤵
  PID:8360
- C:\Windows\System\hKBElxw.exe
  C:\Windows\System\hKBElxw.exe
  2⤵
  PID:8812
- C:\Windows\System\sHOrABJ.exe
  C:\Windows\System\sHOrABJ.exe
  2⤵
  PID:9072
- C:\Windows\System\JRiuaWM.exe
  C:\Windows\System\JRiuaWM.exe
  2⤵
  PID:8780
- C:\Windows\System\MlJfmMK.exe
  C:\Windows\System\MlJfmMK.exe
  2⤵
  PID:9232
- C:\Windows\System\oQMpYpf.exe
  C:\Windows\System\oQMpYpf.exe
  2⤵
  PID:9248
- C:\Windows\System\BGUxamP.exe
  C:\Windows\System\BGUxamP.exe
  2⤵
  PID:9264
- C:\Windows\System\aYpNeye.exe
  C:\Windows\System\aYpNeye.exe
  2⤵
  PID:9280
- C:\Windows\System\UzThZRF.exe
  C:\Windows\System\UzThZRF.exe
  2⤵
  PID:9296
- C:\Windows\System\ausNgYD.exe
  C:\Windows\System\ausNgYD.exe
  2⤵
  PID:9312
- C:\Windows\System\eSrTRBS.exe
  C:\Windows\System\eSrTRBS.exe
  2⤵
  PID:9328
- C:\Windows\System\oBgPWVm.exe
  C:\Windows\System\oBgPWVm.exe
  2⤵
  PID:9352
- C:\Windows\System\mMQQsJJ.exe
  C:\Windows\System\mMQQsJJ.exe
  2⤵
  PID:9368
- C:\Windows\System\VAmHVlz.exe
  C:\Windows\System\VAmHVlz.exe
  2⤵
  PID:9384
- C:\Windows\System\AkoZCMg.exe
  C:\Windows\System\AkoZCMg.exe
  2⤵
  PID:9400
- C:\Windows\System\gIMUYeM.exe
  C:\Windows\System\gIMUYeM.exe
  2⤵
  PID:9416
- C:\Windows\System\KRcTfiG.exe
  C:\Windows\System\KRcTfiG.exe
  2⤵
  PID:9432
- C:\Windows\System\KFadpxi.exe
  C:\Windows\System\KFadpxi.exe
  2⤵
  PID:9448
- C:\Windows\System\pHLdyOY.exe
  C:\Windows\System\pHLdyOY.exe
  2⤵
  PID:9464
- C:\Windows\System\hNktSTV.exe
  C:\Windows\System\hNktSTV.exe
  2⤵
  PID:9480
- C:\Windows\System\uxeHcFL.exe
  C:\Windows\System\uxeHcFL.exe
  2⤵
  PID:9496
- C:\Windows\System\WEznjlw.exe
  C:\Windows\System\WEznjlw.exe
  2⤵
  PID:9512
- C:\Windows\System\nNmsHxr.exe
  C:\Windows\System\nNmsHxr.exe
  2⤵
  PID:9536
- C:\Windows\System\TwGBITD.exe
  C:\Windows\System\TwGBITD.exe
  2⤵
  PID:9556
- C:\Windows\System\KrOsfMV.exe
  C:\Windows\System\KrOsfMV.exe
  2⤵
  PID:9572
- C:\Windows\System\tyJDtPP.exe
  C:\Windows\System\tyJDtPP.exe
  2⤵
  PID:9588
- C:\Windows\System\klOApFx.exe
  C:\Windows\System\klOApFx.exe
  2⤵
  PID:9608
- C:\Windows\System\cHDYQYM.exe
  C:\Windows\System\cHDYQYM.exe
  2⤵
  PID:9624
- C:\Windows\System\rKNJdXr.exe
  C:\Windows\System\rKNJdXr.exe
  2⤵
  PID:9644
- C:\Windows\System\sqjAyZn.exe
  C:\Windows\System\sqjAyZn.exe
  2⤵
  PID:9660
- C:\Windows\System\uaSAXkd.exe
  C:\Windows\System\uaSAXkd.exe
  2⤵
  PID:9676
- C:\Windows\System\otIysms.exe
  C:\Windows\System\otIysms.exe
  2⤵
  PID:9692
- C:\Windows\System\qmffaOy.exe
  C:\Windows\System\qmffaOy.exe
  2⤵
  PID:9708
- C:\Windows\System\ZkTeoKG.exe
  C:\Windows\System\ZkTeoKG.exe
  2⤵
  PID:9724
- C:\Windows\System\tKpeynS.exe
  C:\Windows\System\tKpeynS.exe
  2⤵
  PID:9740
- C:\Windows\System\tATTbLh.exe
  C:\Windows\System\tATTbLh.exe
  2⤵
  PID:9756
- C:\Windows\System\fmOTokE.exe
  C:\Windows\System\fmOTokE.exe
  2⤵
  PID:9776
- C:\Windows\System\cdFQgGc.exe
  C:\Windows\System\cdFQgGc.exe
  2⤵
  PID:9792
- C:\Windows\System\sizwgPs.exe
  C:\Windows\System\sizwgPs.exe
  2⤵
  PID:9808
- C:\Windows\System\kKNVFUi.exe
  C:\Windows\System\kKNVFUi.exe
  2⤵
  PID:9824
- C:\Windows\System\voyJnLM.exe
  C:\Windows\System\voyJnLM.exe
  2⤵
  PID:9840
- C:\Windows\System\QbkXbMv.exe
  C:\Windows\System\QbkXbMv.exe
  2⤵
  PID:9856
- C:\Windows\System\PfcTIsf.exe
  C:\Windows\System\PfcTIsf.exe
  2⤵
  PID:9872
- C:\Windows\System\kUmsHUB.exe
  C:\Windows\System\kUmsHUB.exe
  2⤵
  PID:9892
- C:\Windows\System\zxUKqWv.exe
  C:\Windows\System\zxUKqWv.exe
  2⤵
  PID:9908
- C:\Windows\System\VyTsBSZ.exe
  C:\Windows\System\VyTsBSZ.exe
  2⤵
  PID:9924
- C:\Windows\System\SKXnOsc.exe
  C:\Windows\System\SKXnOsc.exe
  2⤵
  PID:9940
- C:\Windows\System\paAiJRb.exe
  C:\Windows\System\paAiJRb.exe
  2⤵
  PID:9956
- C:\Windows\System\sGaSsFK.exe
  C:\Windows\System\sGaSsFK.exe
  2⤵
  PID:9980
- C:\Windows\System\vneqeNV.exe
  C:\Windows\System\vneqeNV.exe
  2⤵
  PID:9996
- C:\Windows\System\MVLGxsw.exe
  C:\Windows\System\MVLGxsw.exe
  2⤵
  PID:10012
- C:\Windows\System\HHKTtoJ.exe
  C:\Windows\System\HHKTtoJ.exe
  2⤵
  PID:10032
- C:\Windows\System\uxLZLkJ.exe
  C:\Windows\System\uxLZLkJ.exe
  2⤵
  PID:10052
- C:\Windows\System\waQNHYx.exe
  C:\Windows\System\waQNHYx.exe
  2⤵
  PID:10068
- C:\Windows\System\bQCGcCt.exe
  C:\Windows\System\bQCGcCt.exe
  2⤵
  PID:10084
- C:\Windows\System\lGvtElC.exe
  C:\Windows\System\lGvtElC.exe
  2⤵
  PID:10100
- C:\Windows\System\KqUDbvS.exe
  C:\Windows\System\KqUDbvS.exe
  2⤵
  PID:10116
- C:\Windows\System\uXtlKLL.exe
  C:\Windows\System\uXtlKLL.exe
  2⤵
  PID:10132
- C:\Windows\System\XTWSrpo.exe
  C:\Windows\System\XTWSrpo.exe
  2⤵
  PID:10148
- C:\Windows\System\zUSxxHc.exe
  C:\Windows\System\zUSxxHc.exe
  2⤵
  PID:10164
- C:\Windows\System\hAcBmmy.exe
  C:\Windows\System\hAcBmmy.exe
  2⤵
  PID:10180
- C:\Windows\System\KsZuPZJ.exe
  C:\Windows\System\KsZuPZJ.exe
  2⤵
  PID:10196
- C:\Windows\System\yiegvmD.exe
  C:\Windows\System\yiegvmD.exe
  2⤵
  PID:10212
- C:\Windows\System\kQHZdSa.exe
  C:\Windows\System\kQHZdSa.exe
  2⤵
  PID:10228
- C:\Windows\System\UJfLcsr.exe
  C:\Windows\System\UJfLcsr.exe
  2⤵
  PID:9152
- C:\Windows\System\VaEMFnS.exe
  C:\Windows\System\VaEMFnS.exe
  2⤵
  PID:9220
- C:\Windows\System\UpChWFQ.exe
  C:\Windows\System\UpChWFQ.exe
  2⤵
  PID:9272
- C:\Windows\System\HgHERKQ.exe
  C:\Windows\System\HgHERKQ.exe
  2⤵
  PID:9304
- C:\Windows\System\mTWSFhF.exe
  C:\Windows\System\mTWSFhF.exe
  2⤵
  PID:9320
- C:\Windows\System\xtQWsXB.exe
  C:\Windows\System\xtQWsXB.exe
  2⤵
  PID:9408
- C:\Windows\System\HquapFQ.exe
  C:\Windows\System\HquapFQ.exe
  2⤵
  PID:9428
- C:\Windows\System\oHVkSdr.exe
  C:\Windows\System\oHVkSdr.exe
  2⤵
  PID:9472
- C:\Windows\System\HAOLcYG.exe
  C:\Windows\System\HAOLcYG.exe
  2⤵
  PID:9492
- C:\Windows\System\iBGGCdX.exe
  C:\Windows\System\iBGGCdX.exe
  2⤵
  PID:9568
- C:\Windows\System\IWcoVRN.exe
  C:\Windows\System\IWcoVRN.exe
  2⤵
  PID:9584
- C:\Windows\System\GnJgtcE.exe
  C:\Windows\System\GnJgtcE.exe
  2⤵
  PID:9596
- C:\Windows\System\SlwfByr.exe
  C:\Windows\System\SlwfByr.exe
  2⤵
  PID:9652
- C:\Windows\System\TNXwOfJ.exe
  C:\Windows\System\TNXwOfJ.exe
  2⤵
  PID:9688
- C:\Windows\System\hZfuCCd.exe
  C:\Windows\System\hZfuCCd.exe
  2⤵
  PID:9228
- C:\Windows\System\PyuMGGr.exe
  C:\Windows\System\PyuMGGr.exe
  2⤵
  PID:9864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AiDRvIi.exe

Filesize
6.0MB

MD5
0792100f49acb3b710d3ee27e07301ac

SHA1
eabdfc781244ea0155bcf5e80fc1a7a7b49627be

SHA256
842bacf56b63ea94fa130a0579c629ade50322aa85cbd235988952e7379f9c5f

SHA512
2b741962e4134f49ea5cdde17cc4e72a3b98704ab4159f198d31f9f3a8230dd1ba10024ea6fee306daf3b1eb107a234b86d7ef58cb2a9e4028028cf3ab876749

Download Submit
C:\Windows\system\BONIihm.exe

Filesize
6.0MB

MD5
9ccffbff5b6b375a0b36bf2c5611a100

SHA1
ce665f8dc20b1d943d5db123732c89bba2a62488

SHA256
542523f5d8daa1106a87ab32657024bab8f625398cd042006efb27de00d37a1b

SHA512
6aa72105f56aa64582470fdbda31251c5d20e675e57435700d5f2f0652cb8bb0649c2f91afaa17097fec333267d00a24f32b0dd456de6b9b0872b72cbc01bc0b

Download Submit
C:\Windows\system\DlliohH.exe

Filesize
6.0MB

MD5
b01f452dddc1ecdca40309e94d7d8313

SHA1
b247b73850a26cd3350212b6d90ed29245b2d3d5

SHA256
fcf62578972829679cd3fa241cdc254de94c71d34a2730047e451b23b7120331

SHA512
34f816a040b33afe62a2b22690cb8d2d87ef996219717170cfc0b7a5b23a9378843e13ad68a1d31083f273271965dd6e234f1e098fac8505a48d072377801f19

Download Submit
C:\Windows\system\ElptEJe.exe

Filesize
6.0MB

MD5
00e102335483eae5d27ff8b3e64ea413

SHA1
d8e3763d009bb8fd3cdd489c8c8ec948b671eaf7

SHA256
55f903ee48356402fe7b0be578acd5b651670ea383eda59fdaa78558a0f859db

SHA512
c847919541e05aef5e0f9151969c92189e308a64dc8e6abbd3bce071769dbc784ce393da4b9efc97b4300607112ed1e97fc0eaa5ddcfe9761fd1f391296e9842

Download Submit
C:\Windows\system\GqGDlhS.exe

Filesize
6.0MB

MD5
fc3ad10506ff220f25f6de2820465fb4

SHA1
eef5d77bf8d95c46eed7e35a5855208e0f82da67

SHA256
14493e13135569a51ee50a577efece91e29ea773fefcfe13eeaefc79f2814d05

SHA512
1c61f2fdc6256570869feaa455c317bebbb359d4e9efa3da9788acde9e3893dc2adaeea6d05d312ceb18f90db2cc8e195d580104c73e861d5578a3cd55527745

Download Submit
C:\Windows\system\IsNvAUJ.exe

Filesize
6.0MB

MD5
bb0536bd94c7814d856432add532d0cc

SHA1
234627673dfd229067b11edaf43cbb6f18d33a25

SHA256
625c7cac195fd244e31a4090f1f16c3e2a9910fd48ad01181733b473ad80c198

SHA512
467bafabf3a8caaa03601bb0d6da68c9754fb64d9887d6f2235d5ccba9ae1bce7e44db881c9160cc1fc3315302078dd8de7538c0fe361da97580e42c6c57f4b5

Download Submit
C:\Windows\system\JnOOWWQ.exe

Filesize
6.0MB

MD5
11487791cb6f52897739432b83d3dc24

SHA1
7439a76802acf7cfa2d7bbc8c38e577f1e8a2617

SHA256
75ee0ab0f457443a76bb5b16351fecf510c2d830ee85862dffc6e24099b35f44

SHA512
b178eb30dcf79cccf37ebcc32e5e35868f65d38c992de7f6deaf30d5c4b62f459d5eed43667ab40a56aabe314f1eaaed014552651e64374b5ae65e76f2fc090d

Download Submit
C:\Windows\system\KfsPZbK.exe

Filesize
6.0MB

MD5
69e46e9ce4eb4e8e0e1248a894f96703

SHA1
2c71408f96f801d35b168c47786bbde38a1dbce0

SHA256
eb775d5bdffb054f994bfd3b75a1c283eacf6a64e45a6a82e2ff9ecf53ba2530

SHA512
75958503db6039382d1b7f1696b06928fac9f5a86299b36c969e92d7ebc9755e0cc4b2ff5a9733a152421aa89e2289cfb218a77c7551b9fd08bbc326ce165175

Download Submit
C:\Windows\system\MjWPiph.exe

Filesize
6.0MB

MD5
3b89b610597b5de4b4c9dd627a9fd7b7

SHA1
9269be32ace973c787fb96e8302467b9951a6127

SHA256
fe8209ce257591e98d070ec3e25c44d41c079db716afa3eb0b31dac71dc75c68

SHA512
1abb38ae480a7d8c8f57acab4b415c353cc589fae998a92a6dd7e562de1377547eecbae6952b9b8e9a708f67a106876856b849b2ba24cdc5d9178647ef5f24e0

Download Submit
C:\Windows\system\NUEBLIr.exe

Filesize
6.0MB

MD5
86ce43ec82cc10b0a186368546a43b84

SHA1
85ef63df78cd3b4822b692d3393e98a1a3d605e1

SHA256
749a9a27edaa65bc73c62e7b57ee42ec8c2793335aca92b36e90a744de77547b

SHA512
3a096bd17b2534e238e294e1e27c28e6990d9ee5cd87c11c811d824d9a9eb308057d106c317d449bdb77f58cec58aa3b810b82b17e3d3bf077b74d865088e8a8

Download Submit
C:\Windows\system\QEKmOZd.exe

Filesize
6.0MB

MD5
b649200189ba80a646408f4f9115d60e

SHA1
fd19b43ab399e1820e1c4bc4138f98c87601818f

SHA256
b13a6907aa241fe2d92a7244a63b7b1a8a3502e16e83bc3ea1f65435d1b5a6de

SHA512
9371914318413cdf47bdb7c15175242f3351ce38a26114b11f0b1da8c8a10059615e7857c773fbdbeb8d8f03270f1fb88670a985c53b1958c7fd4b2d9ff7820a

Download Submit
C:\Windows\system\WAwXQMq.exe

Filesize
6.0MB

MD5
334a2c7dd9630cb231e8c30eef9a0ef2

SHA1
08a2d16dfea2a0107c127023ff18ceb527b140cb

SHA256
6e75348a22465a25a609028f45bcfc23cb5fa32befd9c40efb2d62d6fbdee45f

SHA512
f4e2961f70220071a413f5384df9b1a8c1ffd1e8f571a9e382f56cfb40a13e13b624a29ce0c174a6d7ec6640cea1349393fa421b881568d8e2d3df5a48798697

Download Submit
C:\Windows\system\WqGfGtU.exe

Filesize
6.0MB

MD5
0f5090562b2095a130fb7914235d2ae6

SHA1
b2e4b3d64bb349bc9b19c4f3e766735780264823

SHA256
d25dd44579888dcee2d934f38fc3ab3a39b8ae858a4d149f3ac941ef49a07534

SHA512
37defb752ec37f4d264f3f2c6c80bfa5d1e87752fafd28a0ce3f7d3dd349d2ad1b0a9377e17e4adfa83c07d2ea2482c0dee5c80f60c265315a296c86ca759640

Download Submit
C:\Windows\system\XFqlGrp.exe

Filesize
6.0MB

MD5
0d242e25c384a5d3c7f71e2c5df06cba

SHA1
f72772699ca9754bb84b0086a1e1ded3619ff158

SHA256
341cba985f754abc581895ff782185fa2e77a40456056230059b0268c7dac393

SHA512
2a10bba11eebeab31cf3000f5035220f4c9f430e4faecfa98d874281723535e9db39a26f52a5dd0eaec9f1614cdea662bfa5f0b389bddef21da8f15f7b182720

Download Submit
C:\Windows\system\XuubfgB.exe

Filesize
6.0MB

MD5
ad5fdb06d92508203a98c2c5f63dd3a4

SHA1
de8feea128a8983e61f32fb091e2e51b7210284c

SHA256
6b5e87227f50f1b0838679b7448b0262973920823e840ed8f80cbda00942c53a

SHA512
3fc6a0d09a87424d1dc8eb39d14755cf8e23a2cdd64690dde159d5123baa8b0d61a3d10f7ad9a28123c8d51b0a2cf5ddff16acdcecce9b27668f51bf634bfcc6

Download Submit
C:\Windows\system\bvWaXRz.exe

Filesize
6.0MB

MD5
d3a5f8d229d5ded5380ecde3a6e92ef0

SHA1
a6d150595100397624b4b6f87b0e4d58fc921658

SHA256
d39d01362066933003a937ce50a1b3e13485b6f858c22a0f4e66da8824f5186b

SHA512
8037d1d9030110bc851b29517b359d5efb74ab68a9e1ba6ccb02433323ae66af39e191af9b30ebee6e6ae7a0911cb1ac9054c44ed191521afcf658866feff1fa

Download Submit
C:\Windows\system\gHnDgqn.exe

Filesize
6.0MB

MD5
36ae7ed021f99f9df36c831ba4b5ee99

SHA1
114bf330c40ca799a710fc3065716455853de808

SHA256
69b946961801da3b01d8c792694c10309cf0ea611133570c2794cf9de6a51733

SHA512
e4389af3bcebdfe32a4f9547dbacea9e402bedde4e7d31ff11dd5cd6b11e9dd4cdf839f71de5bb894e2e4789e909953ef1669f826967248118d439e34b3c3964

Download Submit
C:\Windows\system\jMRzNLv.exe

Filesize
6.0MB

MD5
b62848d127cbce38496808556087277d

SHA1
3d93e81f3d5e53f01dc1c5dd76b7540250d8f8a4

SHA256
205d98a125e4c2d2603bf7a6fb735c9d120ee0bcb103ffb0a1019fc6612b6225

SHA512
580feb1f9bcc8627fc69439e5a72f2000139a560dfd9a119d7482c37085400c8ae9a9eb97b2c97f81810c420b8276af29a6c36fb28524b2edce25baae160c544

Download Submit
C:\Windows\system\kJpzKrr.exe

Filesize
6.0MB

MD5
94e94333517349eb5753c5482b9c30af

SHA1
282c01b797d659d303c7315e3956bba477f4d550

SHA256
50e770312f1012b70cb6edcd99066fce1c0b8bd463293d3ebd650f18939bc39e

SHA512
0b902cd81c3089b252573fd9cef065d81a386d6bf3396c340b4ea628baecd33e1e366d8508313ca25fa3abe486dfd46edb193e05b72d403b91892483296d2c27

Download Submit
C:\Windows\system\rUNVkEX.exe

Filesize
6.0MB

MD5
657af618c82a64d004cf137f63aef03a

SHA1
881e95ed8958d3934750ef6e70fd332cab0b9761

SHA256
6de8a3dd99aad1afb54817780eaad97f3bc4d975d684310a7720536efa8afd9c

SHA512
d9dc129df8368b9fd42fdf115b4d244a49e9d9256a973f4f573099968d420a1c40a8fa01e3652ca46844ae456395d2f4580b66fe46b88ed3fe9009a7b1048b46

Download Submit
C:\Windows\system\txhlIiZ.exe

Filesize
6.0MB

MD5
f76e6b0f022d5b8d9d1a73b353ebf072

SHA1
5c333983da2694f205ff5b4e22743af4445f7052

SHA256
255189679f05c868e6ba9fb16c68f576de3bb617edf2ce738cf956979350952d

SHA512
6e63f37342449004b3ddbd6925131877b2f68dfe4753e8dfb3a68ca9efb83c38fd54f5407d740f557529ce3b5f6a6233b63776a1888fba1646577ff4fe3147cd

Download Submit
C:\Windows\system\uxXyUEg.exe

Filesize
6.0MB

MD5
9b4357fa94e579618eec3c17b0374dab

SHA1
f402a18bacfbc6260458c9dbaae9dc04d690adc9

SHA256
d54b9deebb3d29c8d518d85b5e01d35bdf44e42013f42506c56c698609be7bb5

SHA512
29a9fb230e471e949925f149d668a2a77d620408f4e91dfad035bf97de888af2bc498d40890187ed99d3079fbd4138ccf38c1caa2c750ef250739dc27283bf5b

Download Submit
C:\Windows\system\waPHPxE.exe

Filesize
6.0MB

MD5
c078d71233b85f8581f3ad3658335912

SHA1
9157f34f1509504955aa079ac6aeeb8a6ed7eb7e

SHA256
261e08acfe01fd3667f31979f93820ff31fdc020e631fd39f334cc61e2507b76

SHA512
ab5a19001be6b50c67031ceb45f9ceee23e583d603a9bea0cc7096863575ef91b8f9ec4b38546d4fee333cf60b593b345dc2b660dac5b63beaddd151821f14e7

Download Submit
C:\Windows\system\zyXJSeI.exe

Filesize
6.0MB

MD5
34c655510e2e4915b33e84a0365adea6

SHA1
8bb16b4b9834077bd133cd1a0f7e89d71610081c

SHA256
3b64dd6c159032033003fb71ec37eaa372a5e03f924a980ecf278a4001220b47

SHA512
9985fa8f4ff39efa579d8245c85040c5a3574d4c6ecded3ae52bc8dad3fa241b641d2fb5fddc5d790f15e771c4c17f613532127438bbf093123c29f085ef4b20

Download Submit
\Windows\system\Aurkpst.exe

Filesize
6.0MB

MD5
bd76eac5fadf07c32d532ee47bd2ab3a

SHA1
80b1eaa0cf62bb7fe206f7c76dc074404f6c7ca0

SHA256
396d5e406a5b93b2aeee713eafe1b48f2e0ec513d6a2a48262f2c2d917affca2

SHA512
a01b4cbf8be4c9d863e5febe853873ff216524b2d27c750f45f3413b0f88306cb07414385f6f0a44b840de81dfddc2a794cbb807de25a77d10660993422c542b

Download Submit
\Windows\system\HbHxUzm.exe

Filesize
6.0MB

MD5
d6cad1760ddcb7b45f623802f22002b0

SHA1
13095509421a4dfb9174abb741b6361e72e98d40

SHA256
b1a3ccd8d9bca75d53a9cb3cf426da23b4aa8fa28e762ba451b5127e4eb75579

SHA512
13fb26d2c8459c00e1968eb376a6108ee4cca6ca83647aa026405ee3883f9e656c1237008e81f6f61bdf8af1b6dadf54267940f6b4d8944be621fcdfe46297f6

Download Submit
\Windows\system\IMiUDtx.exe

Filesize
6.0MB

MD5
90b2a56a0c9510dccd4419d0ad163c59

SHA1
35174bbc67d9f07bf7921d91fd9d56da83a066f0

SHA256
e445740f6b5b640dbe89563f61d94badc8dd276c6a7cfa4bb3e5f9be939a658a

SHA512
67a0ebc2fe4174e60f6390d858e656b2ac0059ba3a11ba893c90246f796428203261ea9776d9be5b3eac6e2743eaf31ffa943d30581ab8cc64761a8458a37475

Download Submit
\Windows\system\NQrRUoF.exe

Filesize
6.0MB

MD5
c6f40950b220ac18bec8d16272c7056d

SHA1
d35864332906989b6b04f552bee3ece94211fe5a

SHA256
d1083b07800c93dabdd57942fd702642a479c510436f33db631975313365ae0d

SHA512
96f4ad784134b530e0b4b803accdfc2a9e6290df561c407fd757ef6f190ca2fcfd39d4cb270ae192a7382c91dad736dc608fe94735f3f9b8162904b36e892e17

Download Submit
\Windows\system\NXUJdbw.exe

Filesize
6.0MB

MD5
0da374632d8ccc3cdd619dc6af30d771

SHA1
cf45d5abb48f0bdeab2c6f8147d7b344bc59ca49

SHA256
9fd01ae4b7aafe27beade8e25565d06818715980c01539d8bc88407c0a894e7b

SHA512
22e23ae3632d358a5591fb7339ad566c513a4b32598a5d6f871944ea9f14efd32bc8787b16307357f0aab80c3a42accadec0df7a367b61addb81f68d160d6109

Download Submit
\Windows\system\WliggSm.exe

Filesize
6.0MB

MD5
62ed8625afac2a63822a415f2204ef6a

SHA1
87ff9e1005bef1115ee0bbe7c0e9fc2ab3c38c96

SHA256
fada1e974f05b7b8715fefebb50625933a7511aa4bf72cca5448f3bdf7cb4cd9

SHA512
b28cfb0306f43d6019948e68df72bdd0a95a8af2e072c139f90e39f94f5784855b7a3d22faf6c14051d3959c21fd3b2c90f4e67c1341ed88772048059d9cf766

Download Submit
\Windows\system\lCKkqlw.exe

Filesize
6.0MB

MD5
4427b2bad4e34a4f2546562042c20798

SHA1
84656f27416af12dd20fd80d8b9d840eb3987a26

SHA256
5f08ab8f60b0e41be203b75456967b79612e0eea9694842d43c52040a9d88b44

SHA512
125fec6c39483ec771c36ce146d11424c99043e3653ab4262141be820782d252160d21c3d67bb99023714d88deacf74ed316fc1e583ca75cadfefa1f1cc907fb

Download Submit
\Windows\system\mrduqzI.exe

Filesize
6.0MB

MD5
ed20b62a3a9014cedb7d7eaa70135053

SHA1
4d5d8a8921014d0ccabada349f054d12e48abf75

SHA256
0bb139e90bd179b83c514cf841fcf760cb39a38da0beba7e1445c383fd9368ef

SHA512
5e0eaa4716c73fc04b79dc41953cbc49f9ade1776108185a21550d5592aed9d22a124041089e02f3f6b02ca50e4891b3c2692e46131ed032644f1750a87fa127

Download Submit
memory/1056-656-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-59-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-24-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-655-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/1620-48-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/1620-14-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/1796-95-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1796-292-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1796-666-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1968-247-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1968-83-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1968-99-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1968-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1968-0-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-329-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1968-91-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1968-276-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1968-90-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1968-100-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1968-60-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1968-34-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1968-52-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1968-30-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-6-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1968-22-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1968-18-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2200-39-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-654-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-380-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2420-667-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2420-104-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2468-267-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2468-665-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2468-86-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2572-657-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2572-26-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2572-64-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2732-659-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2732-41-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2732-78-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2740-71-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-142-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-663-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-85-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2760-660-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2760-49-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2772-662-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-103-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-65-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-664-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2892-79-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2892-214-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2908-94-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2908-56-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2908-661-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2952-70-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2952-35-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2952-658-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download