cobaltstrike | 0602adf2014fecdc0ede7bd766f969eec1b48c0a822a4b44145565e28490b958

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-12-2024 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

90a4cd26b411227c7a7764246ae7ab71
SHA1

df1e15b4cfc4161d447460042b5ebf047d0ecf12
SHA256

0602adf2014fecdc0ede7bd766f969eec1b48c0a822a4b44145565e28490b958
SHA512

78f2a284f267835a0d6eb11d71ce95591adb2bc85749e4d69cf0536f30ac6883712b8a3be2dca614120f561b3f3954ce9728cda5abd234e930c7835862abb1ee
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUo:T+q56utgpPF8u/7o

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017409-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174ac-23.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001747b-15.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000018678-37.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001752f-45.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001748f-44.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-78.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196f6-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019639-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-188.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196be-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019620-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e4-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d8-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967d-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947e-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942f-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-93.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-129.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000190d6-67.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019539-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018690-53.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001879b-60.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1680-0-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0009000000017409-11.dat	xmrig
behavioral1/memory/2348-26-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x00070000000174ac-23.dat	xmrig
behavioral1/memory/1680-17-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/files/0x000800000001747b-15.dat	xmrig
behavioral1/files/0x000a000000018678-37.dat	xmrig
behavioral1/files/0x000800000001752f-45.dat	xmrig
behavioral1/files/0x000800000001748f-44.dat	xmrig
behavioral1/memory/2264-48-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2844-49-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2744-64-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/1680-68-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x00050000000193df-78.dat	xmrig
behavioral1/files/0x00050000000196f6-193.dat	xmrig
behavioral1/memory/560-1285-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2472-951-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2680-950-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2604-828-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x0005000000019639-189.dat	xmrig
behavioral1/files/0x0005000000019627-188.dat	xmrig
behavioral1/files/0x00050000000196be-186.dat	xmrig
behavioral1/files/0x0005000000019623-179.dat	xmrig
behavioral1/files/0x0005000000019620-176.dat	xmrig
behavioral1/files/0x00050000000195e4-165.dat	xmrig
behavioral1/files/0x00050000000194d8-162.dat	xmrig
behavioral1/files/0x0005000000019403-151.dat	xmrig
behavioral1/files/0x000500000001967d-182.dat	xmrig
behavioral1/files/0x000500000001961d-124.dat	xmrig
behavioral1/files/0x000500000001947e-105.dat	xmrig
behavioral1/files/0x0005000000019629-168.dat	xmrig
behavioral1/files/0x000500000001942f-97.dat	xmrig
behavioral1/memory/2472-96-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x0005000000019441-93.dat	xmrig
behavioral1/files/0x0005000000019401-86.dat	xmrig
behavioral1/files/0x0005000000019625-156.dat	xmrig
behavioral1/files/0x0005000000019621-142.dat	xmrig
behavioral1/memory/2604-71-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x000500000001961f-129.dat	xmrig
behavioral1/memory/2348-70-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x00080000000190d6-67.dat	xmrig
behavioral1/memory/2844-123-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/files/0x000500000001961b-122.dat	xmrig
behavioral1/memory/2264-121-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2740-120-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/560-119-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x0005000000019539-117.dat	xmrig
behavioral1/memory/1680-101-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/2680-92-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x00050000000193d9-76.dat	xmrig
behavioral1/memory/2244-56-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018690-53.dat	xmrig
behavioral1/files/0x000600000001879b-60.dat	xmrig
behavioral1/memory/3024-35-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2788-32-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2740-46-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/1680-42-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/2736-41-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2740-3797-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2736-3799-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2680-3801-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2788-3800-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2348-3798-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3024	BUvtBUH.exe
2348	buebKMb.exe
2788	AkIHPEM.exe
2736	eVBkDmF.exe
2740	EnbReeM.exe
2264	JVibudW.exe
2844	VaTIwQV.exe
2244	szmmtKQ.exe
2744	RdZYsBv.exe
2604	lvrmzeY.exe
2680	sPPsMPE.exe
2472	gdKoRqk.exe
560	irlkHIq.exe
2940	gWotbth.exe
2784	TcvFeHK.exe
1748	GMlmLdP.exe
2428	tlSRlxw.exe
760	kxzbncm.exe
1796	Psprsur.exe
372	puWOHuV.exe
2996	QeBXLBk.exe
1488	CYcROvJ.exe
2664	lefAPAF.exe
2944	XthmGwR.exe
1044	lWMxTtX.exe
2948	FDEYCVE.exe
2040	fTSLowu.exe
2124	MpSmXWl.exe
936	oDrIAcA.exe
892	hJTZcog.exe
1428	XnyFNvT.exe
1780	uDRncgd.exe
1564	dbKruyg.exe
2252	DbnlXbt.exe
2956	NFASmIt.exe
1932	pYrWAnu.exe
2520	MYfNhlv.exe
2192	iaRELyG.exe
1676	aCJbUQy.exe
2984	zVeFzbv.exe
3064	aVRaaFf.exe
1736	zVHgvYS.exe
324	KEqGEtz.exe
884	WxiwYEi.exe
1760	ejpXflS.exe
1876	iUKQAys.exe
1596	twxXZgh.exe
1604	fPsXjOS.exe
3028	YrflibL.exe
1028	shaWUxI.exe
2724	cwRJavl.exe
2988	GHVUnCH.exe
2776	vTUkBwF.exe
1820	QloGApb.exe
1872	pxDbLTU.exe
1712	WPjGLzt.exe
2616	WHgWObd.exe
2272	AOGNeuG.exe
1064	HObhKqt.exe
960	aUdRKGi.exe
1652	Nmcuxav.exe
2028	qqQtiec.exe
2672	nFFCFnw.exe
1928	lmuOLSJ.exe

Loads dropped DLL 64 IoCs

pid	Process
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1680-0-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0009000000017409-11.dat	upx
behavioral1/memory/2348-26-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x00070000000174ac-23.dat	upx
behavioral1/files/0x000800000001747b-15.dat	upx
behavioral1/files/0x000a000000018678-37.dat	upx
behavioral1/files/0x000800000001752f-45.dat	upx
behavioral1/files/0x000800000001748f-44.dat	upx
behavioral1/memory/2264-48-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2844-49-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2744-64-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/1680-68-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x00050000000193df-78.dat	upx
behavioral1/files/0x00050000000196f6-193.dat	upx
behavioral1/memory/560-1285-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2472-951-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2680-950-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2604-828-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x0005000000019639-189.dat	upx
behavioral1/files/0x0005000000019627-188.dat	upx
behavioral1/files/0x00050000000196be-186.dat	upx
behavioral1/files/0x0005000000019623-179.dat	upx
behavioral1/files/0x0005000000019620-176.dat	upx
behavioral1/files/0x00050000000195e4-165.dat	upx
behavioral1/files/0x00050000000194d8-162.dat	upx
behavioral1/files/0x0005000000019403-151.dat	upx
behavioral1/files/0x000500000001967d-182.dat	upx
behavioral1/files/0x000500000001961d-124.dat	upx
behavioral1/files/0x000500000001947e-105.dat	upx
behavioral1/files/0x0005000000019629-168.dat	upx
behavioral1/files/0x000500000001942f-97.dat	upx
behavioral1/memory/2472-96-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x0005000000019441-93.dat	upx
behavioral1/files/0x0005000000019401-86.dat	upx
behavioral1/files/0x0005000000019625-156.dat	upx
behavioral1/files/0x0005000000019621-142.dat	upx
behavioral1/memory/2604-71-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x000500000001961f-129.dat	upx
behavioral1/memory/2348-70-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x00080000000190d6-67.dat	upx
behavioral1/memory/2844-123-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x000500000001961b-122.dat	upx
behavioral1/memory/2264-121-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2740-120-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/560-119-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x0005000000019539-117.dat	upx
behavioral1/memory/2680-92-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x00050000000193d9-76.dat	upx
behavioral1/memory/2244-56-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/files/0x0006000000018690-53.dat	upx
behavioral1/files/0x000600000001879b-60.dat	upx
behavioral1/memory/3024-35-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2788-32-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2740-46-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2736-41-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2740-3797-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2736-3799-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2680-3801-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2788-3800-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2348-3798-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/560-3802-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2844-3807-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2244-3806-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\unClISG.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XaUebzi.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jXHuLgy.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RJpbnJD.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\senukVZ.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HfvJtGr.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IOpYKDN.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KzpLybi.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SpKjVFM.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CymzNqu.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JHxhnlw.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zkEwDqn.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xenbMCb.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NwYXvVq.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QmYvddt.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rywkngt.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZJuRPRF.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYwOfpS.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xTwukpZ.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qzFATSB.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FbKHxwp.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gxAcSpr.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IONhsKB.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxegFnU.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JWTNNar.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvXaUFF.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SWnqMeu.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hCYttMH.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vhraYSY.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rTayEig.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XYAwNkO.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zQarHCK.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FLyjczr.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YBJfpgO.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OcaIavP.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yqlXCXy.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOwcFBR.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xkQKasp.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OmiIAmN.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MbqzTdQ.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBgXLgd.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZyATRfS.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aqyBPAT.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kmGFHyG.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YvEcdhT.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rxbthsN.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pkkjPGV.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYMQmRc.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YvLHGFy.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\buebKMb.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CSLTXRE.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lAOnTwm.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IHuOHhn.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fFPJIMQ.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HSJhnAs.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JpSQGVR.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MZHQZwN.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CaCHOLK.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wrqczMO.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKOeMko.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LzQtTLL.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OnDjKez.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLOchCy.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ykVOWWh.exe	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 3024	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1680 wrote to memory of 3024	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1680 wrote to memory of 3024	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1680 wrote to memory of 2348	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1680 wrote to memory of 2348	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1680 wrote to memory of 2348	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1680 wrote to memory of 2788	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1680 wrote to memory of 2788	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1680 wrote to memory of 2788	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1680 wrote to memory of 2264	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1680 wrote to memory of 2264	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1680 wrote to memory of 2264	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1680 wrote to memory of 2736	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1680 wrote to memory of 2736	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1680 wrote to memory of 2736	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1680 wrote to memory of 2844	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1680 wrote to memory of 2844	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1680 wrote to memory of 2844	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1680 wrote to memory of 2740	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1680 wrote to memory of 2740	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1680 wrote to memory of 2740	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1680 wrote to memory of 2244	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1680 wrote to memory of 2244	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1680 wrote to memory of 2244	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1680 wrote to memory of 2744	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1680 wrote to memory of 2744	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1680 wrote to memory of 2744	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1680 wrote to memory of 2604	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1680 wrote to memory of 2604	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1680 wrote to memory of 2604	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1680 wrote to memory of 2680	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1680 wrote to memory of 2680	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1680 wrote to memory of 2680	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1680 wrote to memory of 1796	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1680 wrote to memory of 1796	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1680 wrote to memory of 1796	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1680 wrote to memory of 2472	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1680 wrote to memory of 2472	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1680 wrote to memory of 2472	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1680 wrote to memory of 372	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1680 wrote to memory of 372	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1680 wrote to memory of 372	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1680 wrote to memory of 560	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1680 wrote to memory of 560	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1680 wrote to memory of 560	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1680 wrote to memory of 1488	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1680 wrote to memory of 1488	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1680 wrote to memory of 1488	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1680 wrote to memory of 2940	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1680 wrote to memory of 2940	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1680 wrote to memory of 2940	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1680 wrote to memory of 2664	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1680 wrote to memory of 2664	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1680 wrote to memory of 2664	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1680 wrote to memory of 2784	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1680 wrote to memory of 2784	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1680 wrote to memory of 2784	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1680 wrote to memory of 2944	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1680 wrote to memory of 2944	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1680 wrote to memory of 2944	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1680 wrote to memory of 1748	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1680 wrote to memory of 1748	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1680 wrote to memory of 1748	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1680 wrote to memory of 2948	1680	2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-27_90a4cd26b411227c7a7764246ae7ab71_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Windows\System\BUvtBUH.exe
  C:\Windows\System\BUvtBUH.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\buebKMb.exe
  C:\Windows\System\buebKMb.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\AkIHPEM.exe
  C:\Windows\System\AkIHPEM.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\JVibudW.exe
  C:\Windows\System\JVibudW.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\eVBkDmF.exe
  C:\Windows\System\eVBkDmF.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\VaTIwQV.exe
  C:\Windows\System\VaTIwQV.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\EnbReeM.exe
  C:\Windows\System\EnbReeM.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\szmmtKQ.exe
  C:\Windows\System\szmmtKQ.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\RdZYsBv.exe
  C:\Windows\System\RdZYsBv.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\lvrmzeY.exe
  C:\Windows\System\lvrmzeY.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\sPPsMPE.exe
  C:\Windows\System\sPPsMPE.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\Psprsur.exe
  C:\Windows\System\Psprsur.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\gdKoRqk.exe
  C:\Windows\System\gdKoRqk.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\puWOHuV.exe
  C:\Windows\System\puWOHuV.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\irlkHIq.exe
  C:\Windows\System\irlkHIq.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\CYcROvJ.exe
  C:\Windows\System\CYcROvJ.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\gWotbth.exe
  C:\Windows\System\gWotbth.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\lefAPAF.exe
  C:\Windows\System\lefAPAF.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\TcvFeHK.exe
  C:\Windows\System\TcvFeHK.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\XthmGwR.exe
  C:\Windows\System\XthmGwR.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\GMlmLdP.exe
  C:\Windows\System\GMlmLdP.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\FDEYCVE.exe
  C:\Windows\System\FDEYCVE.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\tlSRlxw.exe
  C:\Windows\System\tlSRlxw.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\fTSLowu.exe
  C:\Windows\System\fTSLowu.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\kxzbncm.exe
  C:\Windows\System\kxzbncm.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\MpSmXWl.exe
  C:\Windows\System\MpSmXWl.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\QeBXLBk.exe
  C:\Windows\System\QeBXLBk.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\hJTZcog.exe
  C:\Windows\System\hJTZcog.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\lWMxTtX.exe
  C:\Windows\System\lWMxTtX.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\XnyFNvT.exe
  C:\Windows\System\XnyFNvT.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\oDrIAcA.exe
  C:\Windows\System\oDrIAcA.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\dbKruyg.exe
  C:\Windows\System\dbKruyg.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\uDRncgd.exe
  C:\Windows\System\uDRncgd.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\DbnlXbt.exe
  C:\Windows\System\DbnlXbt.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\NFASmIt.exe
  C:\Windows\System\NFASmIt.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\pYrWAnu.exe
  C:\Windows\System\pYrWAnu.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\MYfNhlv.exe
  C:\Windows\System\MYfNhlv.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\iaRELyG.exe
  C:\Windows\System\iaRELyG.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\aCJbUQy.exe
  C:\Windows\System\aCJbUQy.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\zVeFzbv.exe
  C:\Windows\System\zVeFzbv.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\aVRaaFf.exe
  C:\Windows\System\aVRaaFf.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\zVHgvYS.exe
  C:\Windows\System\zVHgvYS.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\KEqGEtz.exe
  C:\Windows\System\KEqGEtz.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\ejpXflS.exe
  C:\Windows\System\ejpXflS.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\WxiwYEi.exe
  C:\Windows\System\WxiwYEi.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\iUKQAys.exe
  C:\Windows\System\iUKQAys.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\twxXZgh.exe
  C:\Windows\System\twxXZgh.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\fPsXjOS.exe
  C:\Windows\System\fPsXjOS.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\YrflibL.exe
  C:\Windows\System\YrflibL.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\shaWUxI.exe
  C:\Windows\System\shaWUxI.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\cwRJavl.exe
  C:\Windows\System\cwRJavl.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\GHVUnCH.exe
  C:\Windows\System\GHVUnCH.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\vTUkBwF.exe
  C:\Windows\System\vTUkBwF.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\QloGApb.exe
  C:\Windows\System\QloGApb.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\pxDbLTU.exe
  C:\Windows\System\pxDbLTU.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\WPjGLzt.exe
  C:\Windows\System\WPjGLzt.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\WHgWObd.exe
  C:\Windows\System\WHgWObd.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\AOGNeuG.exe
  C:\Windows\System\AOGNeuG.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\HObhKqt.exe
  C:\Windows\System\HObhKqt.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\Nmcuxav.exe
  C:\Windows\System\Nmcuxav.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\aUdRKGi.exe
  C:\Windows\System\aUdRKGi.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\nFFCFnw.exe
  C:\Windows\System\nFFCFnw.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\qqQtiec.exe
  C:\Windows\System\qqQtiec.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\lmuOLSJ.exe
  C:\Windows\System\lmuOLSJ.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\BYwOfpS.exe
  C:\Windows\System\BYwOfpS.exe
  2⤵
  PID:1808
- C:\Windows\System\WWcBlbt.exe
  C:\Windows\System\WWcBlbt.exe
  2⤵
  PID:2508
- C:\Windows\System\JjzaOqV.exe
  C:\Windows\System\JjzaOqV.exe
  2⤵
  PID:856
- C:\Windows\System\vztJNQB.exe
  C:\Windows\System\vztJNQB.exe
  2⤵
  PID:1788
- C:\Windows\System\dYYaMlP.exe
  C:\Windows\System\dYYaMlP.exe
  2⤵
  PID:1664
- C:\Windows\System\tXIxxBu.exe
  C:\Windows\System\tXIxxBu.exe
  2⤵
  PID:1416
- C:\Windows\System\rxowRRr.exe
  C:\Windows\System\rxowRRr.exe
  2⤵
  PID:2076
- C:\Windows\System\IujCdHe.exe
  C:\Windows\System\IujCdHe.exe
  2⤵
  PID:2424
- C:\Windows\System\CCsgUcL.exe
  C:\Windows\System\CCsgUcL.exe
  2⤵
  PID:1496
- C:\Windows\System\eOEZJEM.exe
  C:\Windows\System\eOEZJEM.exe
  2⤵
  PID:1668
- C:\Windows\System\rWHXZJm.exe
  C:\Windows\System\rWHXZJm.exe
  2⤵
  PID:492
- C:\Windows\System\RRSGswb.exe
  C:\Windows\System\RRSGswb.exe
  2⤵
  PID:2972
- C:\Windows\System\rPtkogb.exe
  C:\Windows\System\rPtkogb.exe
  2⤵
  PID:868
- C:\Windows\System\NrFSBIv.exe
  C:\Windows\System\NrFSBIv.exe
  2⤵
  PID:2748
- C:\Windows\System\wojlJHB.exe
  C:\Windows\System\wojlJHB.exe
  2⤵
  PID:2128
- C:\Windows\System\xUcGgJe.exe
  C:\Windows\System\xUcGgJe.exe
  2⤵
  PID:2840
- C:\Windows\System\jYmbeMg.exe
  C:\Windows\System\jYmbeMg.exe
  2⤵
  PID:2660
- C:\Windows\System\ZBrfGKD.exe
  C:\Windows\System\ZBrfGKD.exe
  2⤵
  PID:2120
- C:\Windows\System\nQZLWHM.exe
  C:\Windows\System\nQZLWHM.exe
  2⤵
  PID:2644
- C:\Windows\System\AXALPrv.exe
  C:\Windows\System\AXALPrv.exe
  2⤵
  PID:440
- C:\Windows\System\gQXxnCw.exe
  C:\Windows\System\gQXxnCw.exe
  2⤵
  PID:1692
- C:\Windows\System\zRjybwD.exe
  C:\Windows\System\zRjybwD.exe
  2⤵
  PID:3084
- C:\Windows\System\fNmeBTY.exe
  C:\Windows\System\fNmeBTY.exe
  2⤵
  PID:3100
- C:\Windows\System\TYIFQza.exe
  C:\Windows\System\TYIFQza.exe
  2⤵
  PID:3120
- C:\Windows\System\IdehYuM.exe
  C:\Windows\System\IdehYuM.exe
  2⤵
  PID:3136
- C:\Windows\System\ynhTubg.exe
  C:\Windows\System\ynhTubg.exe
  2⤵
  PID:3156
- C:\Windows\System\cJWIZnm.exe
  C:\Windows\System\cJWIZnm.exe
  2⤵
  PID:3172
- C:\Windows\System\KhAJdiO.exe
  C:\Windows\System\KhAJdiO.exe
  2⤵
  PID:3200
- C:\Windows\System\wGgPNCd.exe
  C:\Windows\System\wGgPNCd.exe
  2⤵
  PID:3216
- C:\Windows\System\ibdfUsQ.exe
  C:\Windows\System\ibdfUsQ.exe
  2⤵
  PID:3232
- C:\Windows\System\omjGTOo.exe
  C:\Windows\System\omjGTOo.exe
  2⤵
  PID:3252
- C:\Windows\System\YkShFvz.exe
  C:\Windows\System\YkShFvz.exe
  2⤵
  PID:3268
- C:\Windows\System\JNksxLS.exe
  C:\Windows\System\JNksxLS.exe
  2⤵
  PID:3288
- C:\Windows\System\trtESFI.exe
  C:\Windows\System\trtESFI.exe
  2⤵
  PID:3312
- C:\Windows\System\JTefoGD.exe
  C:\Windows\System\JTefoGD.exe
  2⤵
  PID:3332
- C:\Windows\System\prcYJtg.exe
  C:\Windows\System\prcYJtg.exe
  2⤵
  PID:3368
- C:\Windows\System\MIkfoal.exe
  C:\Windows\System\MIkfoal.exe
  2⤵
  PID:3384
- C:\Windows\System\xFZiyii.exe
  C:\Windows\System\xFZiyii.exe
  2⤵
  PID:3400
- C:\Windows\System\JHDIskK.exe
  C:\Windows\System\JHDIskK.exe
  2⤵
  PID:3416
- C:\Windows\System\imKmbvp.exe
  C:\Windows\System\imKmbvp.exe
  2⤵
  PID:3436
- C:\Windows\System\AWlkzsw.exe
  C:\Windows\System\AWlkzsw.exe
  2⤵
  PID:3456
- C:\Windows\System\pAuvTLc.exe
  C:\Windows\System\pAuvTLc.exe
  2⤵
  PID:3476
- C:\Windows\System\mcIzIJf.exe
  C:\Windows\System\mcIzIJf.exe
  2⤵
  PID:3496
- C:\Windows\System\MDSkQQs.exe
  C:\Windows\System\MDSkQQs.exe
  2⤵
  PID:3528
- C:\Windows\System\wycJHeh.exe
  C:\Windows\System\wycJHeh.exe
  2⤵
  PID:3544
- C:\Windows\System\CVeZeAw.exe
  C:\Windows\System\CVeZeAw.exe
  2⤵
  PID:3564
- C:\Windows\System\hHRsKST.exe
  C:\Windows\System\hHRsKST.exe
  2⤵
  PID:3584
- C:\Windows\System\nTxnHel.exe
  C:\Windows\System\nTxnHel.exe
  2⤵
  PID:3600
- C:\Windows\System\pPdYfFy.exe
  C:\Windows\System\pPdYfFy.exe
  2⤵
  PID:3620
- C:\Windows\System\LDVCzDm.exe
  C:\Windows\System\LDVCzDm.exe
  2⤵
  PID:3636
- C:\Windows\System\TnGBtiA.exe
  C:\Windows\System\TnGBtiA.exe
  2⤵
  PID:3664
- C:\Windows\System\xmiZTsE.exe
  C:\Windows\System\xmiZTsE.exe
  2⤵
  PID:3684
- C:\Windows\System\ecsfzjh.exe
  C:\Windows\System\ecsfzjh.exe
  2⤵
  PID:3700
- C:\Windows\System\hRqdMTM.exe
  C:\Windows\System\hRqdMTM.exe
  2⤵
  PID:3716
- C:\Windows\System\PcQXoGW.exe
  C:\Windows\System\PcQXoGW.exe
  2⤵
  PID:3732
- C:\Windows\System\BvMMCGy.exe
  C:\Windows\System\BvMMCGy.exe
  2⤵
  PID:3752
- C:\Windows\System\brEzxup.exe
  C:\Windows\System\brEzxup.exe
  2⤵
  PID:3776
- C:\Windows\System\DEXmbpA.exe
  C:\Windows\System\DEXmbpA.exe
  2⤵
  PID:3800
- C:\Windows\System\VlbpmWa.exe
  C:\Windows\System\VlbpmWa.exe
  2⤵
  PID:3820
- C:\Windows\System\ZqFSPwr.exe
  C:\Windows\System\ZqFSPwr.exe
  2⤵
  PID:3844
- C:\Windows\System\NfZoMqJ.exe
  C:\Windows\System\NfZoMqJ.exe
  2⤵
  PID:3860
- C:\Windows\System\qdBaBpq.exe
  C:\Windows\System\qdBaBpq.exe
  2⤵
  PID:3880
- C:\Windows\System\QufDcrD.exe
  C:\Windows\System\QufDcrD.exe
  2⤵
  PID:3900
- C:\Windows\System\lAwnpEu.exe
  C:\Windows\System\lAwnpEu.exe
  2⤵
  PID:3920
- C:\Windows\System\CoBfXvL.exe
  C:\Windows\System\CoBfXvL.exe
  2⤵
  PID:3936
- C:\Windows\System\gQyIpGt.exe
  C:\Windows\System\gQyIpGt.exe
  2⤵
  PID:3956
- C:\Windows\System\EgEANQr.exe
  C:\Windows\System\EgEANQr.exe
  2⤵
  PID:3984
- C:\Windows\System\UYNflcn.exe
  C:\Windows\System\UYNflcn.exe
  2⤵
  PID:4008
- C:\Windows\System\dBqYZkk.exe
  C:\Windows\System\dBqYZkk.exe
  2⤵
  PID:4024
- C:\Windows\System\VzXDTrP.exe
  C:\Windows\System\VzXDTrP.exe
  2⤵
  PID:4044
- C:\Windows\System\uJyIReo.exe
  C:\Windows\System\uJyIReo.exe
  2⤵
  PID:4064
- C:\Windows\System\eGPUWvw.exe
  C:\Windows\System\eGPUWvw.exe
  2⤵
  PID:4084
- C:\Windows\System\oYdJyYS.exe
  C:\Windows\System\oYdJyYS.exe
  2⤵
  PID:3008
- C:\Windows\System\xxkaEho.exe
  C:\Windows\System\xxkaEho.exe
  2⤵
  PID:540
- C:\Windows\System\DCvIDfe.exe
  C:\Windows\System\DCvIDfe.exe
  2⤵
  PID:2296
- C:\Windows\System\TZstCcf.exe
  C:\Windows\System\TZstCcf.exe
  2⤵
  PID:1700
- C:\Windows\System\QOIDvNj.exe
  C:\Windows\System\QOIDvNj.exe
  2⤵
  PID:2464
- C:\Windows\System\hUKuAXN.exe
  C:\Windows\System\hUKuAXN.exe
  2⤵
  PID:564
- C:\Windows\System\qIWeNAW.exe
  C:\Windows\System\qIWeNAW.exe
  2⤵
  PID:2528
- C:\Windows\System\GVDJVvj.exe
  C:\Windows\System\GVDJVvj.exe
  2⤵
  PID:1708
- C:\Windows\System\mhOuKNS.exe
  C:\Windows\System\mhOuKNS.exe
  2⤵
  PID:3048
- C:\Windows\System\nZRdgYl.exe
  C:\Windows\System\nZRdgYl.exe
  2⤵
  PID:2728
- C:\Windows\System\UJpVhSo.exe
  C:\Windows\System\UJpVhSo.exe
  2⤵
  PID:1608
- C:\Windows\System\tUoFJsE.exe
  C:\Windows\System\tUoFJsE.exe
  2⤵
  PID:3060
- C:\Windows\System\wTZSqrm.exe
  C:\Windows\System\wTZSqrm.exe
  2⤵
  PID:2864
- C:\Windows\System\JooJaNk.exe
  C:\Windows\System\JooJaNk.exe
  2⤵
  PID:1284
- C:\Windows\System\dZLQjsE.exe
  C:\Windows\System\dZLQjsE.exe
  2⤵
  PID:3116
- C:\Windows\System\CbwBfrU.exe
  C:\Windows\System\CbwBfrU.exe
  2⤵
  PID:3192
- C:\Windows\System\luukEGB.exe
  C:\Windows\System\luukEGB.exe
  2⤵
  PID:3228
- C:\Windows\System\LmvXdMd.exe
  C:\Windows\System\LmvXdMd.exe
  2⤵
  PID:3308
- C:\Windows\System\uIzUWER.exe
  C:\Windows\System\uIzUWER.exe
  2⤵
  PID:3132
- C:\Windows\System\nodjthw.exe
  C:\Windows\System\nodjthw.exe
  2⤵
  PID:3276
- C:\Windows\System\mUfQHPJ.exe
  C:\Windows\System\mUfQHPJ.exe
  2⤵
  PID:3248
- C:\Windows\System\JbFhVTb.exe
  C:\Windows\System\JbFhVTb.exe
  2⤵
  PID:3348
- C:\Windows\System\gIswoJO.exe
  C:\Windows\System\gIswoJO.exe
  2⤵
  PID:3396
- C:\Windows\System\hrNVFir.exe
  C:\Windows\System\hrNVFir.exe
  2⤵
  PID:3464
- C:\Windows\System\ArYaERL.exe
  C:\Windows\System\ArYaERL.exe
  2⤵
  PID:3512
- C:\Windows\System\ZPjJaQU.exe
  C:\Windows\System\ZPjJaQU.exe
  2⤵
  PID:3560
- C:\Windows\System\jXHuLgy.exe
  C:\Windows\System\jXHuLgy.exe
  2⤵
  PID:3376
- C:\Windows\System\siCnAwO.exe
  C:\Windows\System\siCnAwO.exe
  2⤵
  PID:3484
- C:\Windows\System\ZOzozrD.exe
  C:\Windows\System\ZOzozrD.exe
  2⤵
  PID:3596
- C:\Windows\System\fDWkEzr.exe
  C:\Windows\System\fDWkEzr.exe
  2⤵
  PID:3572
- C:\Windows\System\scVftmx.exe
  C:\Windows\System\scVftmx.exe
  2⤵
  PID:3708
- C:\Windows\System\PxRpIrg.exe
  C:\Windows\System\PxRpIrg.exe
  2⤵
  PID:3748
- C:\Windows\System\yvSXGed.exe
  C:\Windows\System\yvSXGed.exe
  2⤵
  PID:3788
- C:\Windows\System\CNDQMiL.exe
  C:\Windows\System\CNDQMiL.exe
  2⤵
  PID:3656
- C:\Windows\System\INATDNp.exe
  C:\Windows\System\INATDNp.exe
  2⤵
  PID:3840
- C:\Windows\System\RMlpHpt.exe
  C:\Windows\System\RMlpHpt.exe
  2⤵
  PID:3764
- C:\Windows\System\EUuaWfO.exe
  C:\Windows\System\EUuaWfO.exe
  2⤵
  PID:3872
- C:\Windows\System\iuLMqsH.exe
  C:\Windows\System\iuLMqsH.exe
  2⤵
  PID:3808
- C:\Windows\System\htnmeWU.exe
  C:\Windows\System\htnmeWU.exe
  2⤵
  PID:3916
- C:\Windows\System\uVquWOd.exe
  C:\Windows\System\uVquWOd.exe
  2⤵
  PID:3992
- C:\Windows\System\CSLTXRE.exe
  C:\Windows\System\CSLTXRE.exe
  2⤵
  PID:3932
- C:\Windows\System\YOzZaFt.exe
  C:\Windows\System\YOzZaFt.exe
  2⤵
  PID:3980
- C:\Windows\System\QXyAJVA.exe
  C:\Windows\System\QXyAJVA.exe
  2⤵
  PID:4036
- C:\Windows\System\RRpbpft.exe
  C:\Windows\System\RRpbpft.exe
  2⤵
  PID:4060
- C:\Windows\System\PjnQoNu.exe
  C:\Windows\System\PjnQoNu.exe
  2⤵
  PID:1364
- C:\Windows\System\lxaQaqB.exe
  C:\Windows\System\lxaQaqB.exe
  2⤵
  PID:2412
- C:\Windows\System\lAOnTwm.exe
  C:\Windows\System\lAOnTwm.exe
  2⤵
  PID:1956
- C:\Windows\System\awwmGBN.exe
  C:\Windows\System\awwmGBN.exe
  2⤵
  PID:2384
- C:\Windows\System\HPEUmuo.exe
  C:\Windows\System\HPEUmuo.exe
  2⤵
  PID:2392
- C:\Windows\System\ZQKBAQs.exe
  C:\Windows\System\ZQKBAQs.exe
  2⤵
  PID:3020
- C:\Windows\System\YWhMpeA.exe
  C:\Windows\System\YWhMpeA.exe
  2⤵
  PID:1768
- C:\Windows\System\aZTtXte.exe
  C:\Windows\System\aZTtXte.exe
  2⤵
  PID:2780
- C:\Windows\System\lYQWyfV.exe
  C:\Windows\System\lYQWyfV.exe
  2⤵
  PID:3180
- C:\Windows\System\RJpbnJD.exe
  C:\Windows\System\RJpbnJD.exe
  2⤵
  PID:3112
- C:\Windows\System\uvXaUFF.exe
  C:\Windows\System\uvXaUFF.exe
  2⤵
  PID:3196
- C:\Windows\System\brZbyCA.exe
  C:\Windows\System\brZbyCA.exe
  2⤵
  PID:3324
- C:\Windows\System\PHkdlnT.exe
  C:\Windows\System\PHkdlnT.exe
  2⤵
  PID:3212
- C:\Windows\System\XwDbBsF.exe
  C:\Windows\System\XwDbBsF.exe
  2⤵
  PID:3392
- C:\Windows\System\GnFIkaL.exe
  C:\Windows\System\GnFIkaL.exe
  2⤵
  PID:3468
- C:\Windows\System\utCCDOU.exe
  C:\Windows\System\utCCDOU.exe
  2⤵
  PID:3520
- C:\Windows\System\IjfnyDJ.exe
  C:\Windows\System\IjfnyDJ.exe
  2⤵
  PID:3592
- C:\Windows\System\mbyZIji.exe
  C:\Windows\System\mbyZIji.exe
  2⤵
  PID:3536
- C:\Windows\System\eKtdcVx.exe
  C:\Windows\System\eKtdcVx.exe
  2⤵
  PID:3612
- C:\Windows\System\CfilaHA.exe
  C:\Windows\System\CfilaHA.exe
  2⤵
  PID:3644
- C:\Windows\System\OZGyvuZ.exe
  C:\Windows\System\OZGyvuZ.exe
  2⤵
  PID:3692
- C:\Windows\System\zLDSDBO.exe
  C:\Windows\System\zLDSDBO.exe
  2⤵
  PID:3760
- C:\Windows\System\iwFjxgS.exe
  C:\Windows\System\iwFjxgS.exe
  2⤵
  PID:3868
- C:\Windows\System\MKXBWmi.exe
  C:\Windows\System\MKXBWmi.exe
  2⤵
  PID:3852
- C:\Windows\System\gnBpGOY.exe
  C:\Windows\System\gnBpGOY.exe
  2⤵
  PID:4004
- C:\Windows\System\NdHbVom.exe
  C:\Windows\System\NdHbVom.exe
  2⤵
  PID:3968
- C:\Windows\System\sUzQgPH.exe
  C:\Windows\System\sUzQgPH.exe
  2⤵
  PID:4020
- C:\Windows\System\qUeLqRy.exe
  C:\Windows\System\qUeLqRy.exe
  2⤵
  PID:2704
- C:\Windows\System\tCfphwj.exe
  C:\Windows\System\tCfphwj.exe
  2⤵
  PID:4052
- C:\Windows\System\brvVnZB.exe
  C:\Windows\System\brvVnZB.exe
  2⤵
  PID:3036
- C:\Windows\System\MQwVpIh.exe
  C:\Windows\System\MQwVpIh.exe
  2⤵
  PID:236
- C:\Windows\System\flxLuSw.exe
  C:\Windows\System\flxLuSw.exe
  2⤵
  PID:2928
- C:\Windows\System\SDqXdjC.exe
  C:\Windows\System\SDqXdjC.exe
  2⤵
  PID:3152
- C:\Windows\System\EheNfzM.exe
  C:\Windows\System\EheNfzM.exe
  2⤵
  PID:4104
- C:\Windows\System\zQarHCK.exe
  C:\Windows\System\zQarHCK.exe
  2⤵
  PID:4120
- C:\Windows\System\CmIzHdL.exe
  C:\Windows\System\CmIzHdL.exe
  2⤵
  PID:4136
- C:\Windows\System\CBTQSrJ.exe
  C:\Windows\System\CBTQSrJ.exe
  2⤵
  PID:4152
- C:\Windows\System\KfMqART.exe
  C:\Windows\System\KfMqART.exe
  2⤵
  PID:4172
- C:\Windows\System\SWnqMeu.exe
  C:\Windows\System\SWnqMeu.exe
  2⤵
  PID:4188
- C:\Windows\System\cLIVKGZ.exe
  C:\Windows\System\cLIVKGZ.exe
  2⤵
  PID:4204
- C:\Windows\System\inKbhbh.exe
  C:\Windows\System\inKbhbh.exe
  2⤵
  PID:4220
- C:\Windows\System\FrGQInW.exe
  C:\Windows\System\FrGQInW.exe
  2⤵
  PID:4236
- C:\Windows\System\ISrEryg.exe
  C:\Windows\System\ISrEryg.exe
  2⤵
  PID:4252
- C:\Windows\System\MULYAiA.exe
  C:\Windows\System\MULYAiA.exe
  2⤵
  PID:4268
- C:\Windows\System\LciBCAz.exe
  C:\Windows\System\LciBCAz.exe
  2⤵
  PID:4284
- C:\Windows\System\wmDZdWQ.exe
  C:\Windows\System\wmDZdWQ.exe
  2⤵
  PID:4304
- C:\Windows\System\PoPQeCC.exe
  C:\Windows\System\PoPQeCC.exe
  2⤵
  PID:4356
- C:\Windows\System\AduqaFi.exe
  C:\Windows\System\AduqaFi.exe
  2⤵
  PID:4380
- C:\Windows\System\dlljLjT.exe
  C:\Windows\System\dlljLjT.exe
  2⤵
  PID:4400
- C:\Windows\System\awEPPGC.exe
  C:\Windows\System\awEPPGC.exe
  2⤵
  PID:4460
- C:\Windows\System\zsNqBhz.exe
  C:\Windows\System\zsNqBhz.exe
  2⤵
  PID:4476
- C:\Windows\System\eRcsNLc.exe
  C:\Windows\System\eRcsNLc.exe
  2⤵
  PID:4496
- C:\Windows\System\cwlrboO.exe
  C:\Windows\System\cwlrboO.exe
  2⤵
  PID:4512
- C:\Windows\System\oXkbtgM.exe
  C:\Windows\System\oXkbtgM.exe
  2⤵
  PID:4532
- C:\Windows\System\vgUaTcc.exe
  C:\Windows\System\vgUaTcc.exe
  2⤵
  PID:4552
- C:\Windows\System\XjxncfJ.exe
  C:\Windows\System\XjxncfJ.exe
  2⤵
  PID:4576
- C:\Windows\System\aAYtpkU.exe
  C:\Windows\System\aAYtpkU.exe
  2⤵
  PID:4596
- C:\Windows\System\iWynRax.exe
  C:\Windows\System\iWynRax.exe
  2⤵
  PID:4616
- C:\Windows\System\RjiosfQ.exe
  C:\Windows\System\RjiosfQ.exe
  2⤵
  PID:4644
- C:\Windows\System\KlWXpaa.exe
  C:\Windows\System\KlWXpaa.exe
  2⤵
  PID:4660
- C:\Windows\System\vVzywKs.exe
  C:\Windows\System\vVzywKs.exe
  2⤵
  PID:4676
- C:\Windows\System\DLtbguV.exe
  C:\Windows\System\DLtbguV.exe
  2⤵
  PID:4696
- C:\Windows\System\vdFFtkB.exe
  C:\Windows\System\vdFFtkB.exe
  2⤵
  PID:4712
- C:\Windows\System\csgBJdg.exe
  C:\Windows\System\csgBJdg.exe
  2⤵
  PID:4736
- C:\Windows\System\KIZXpAw.exe
  C:\Windows\System\KIZXpAw.exe
  2⤵
  PID:4760
- C:\Windows\System\udSwazJ.exe
  C:\Windows\System\udSwazJ.exe
  2⤵
  PID:4784
- C:\Windows\System\AHtUMOO.exe
  C:\Windows\System\AHtUMOO.exe
  2⤵
  PID:4804
- C:\Windows\System\mbzCdAw.exe
  C:\Windows\System\mbzCdAw.exe
  2⤵
  PID:4820
- C:\Windows\System\kvRqQwe.exe
  C:\Windows\System\kvRqQwe.exe
  2⤵
  PID:4840
- C:\Windows\System\deEXtes.exe
  C:\Windows\System\deEXtes.exe
  2⤵
  PID:4868
- C:\Windows\System\lcnyJBf.exe
  C:\Windows\System\lcnyJBf.exe
  2⤵
  PID:4888
- C:\Windows\System\voaByCM.exe
  C:\Windows\System\voaByCM.exe
  2⤵
  PID:4904
- C:\Windows\System\UWZvsbe.exe
  C:\Windows\System\UWZvsbe.exe
  2⤵
  PID:4920
- C:\Windows\System\EgKonCL.exe
  C:\Windows\System\EgKonCL.exe
  2⤵
  PID:4944
- C:\Windows\System\kSgBaRy.exe
  C:\Windows\System\kSgBaRy.exe
  2⤵
  PID:4968
- C:\Windows\System\rsdtzbs.exe
  C:\Windows\System\rsdtzbs.exe
  2⤵
  PID:4984
- C:\Windows\System\NyYgadz.exe
  C:\Windows\System\NyYgadz.exe
  2⤵
  PID:5008
- C:\Windows\System\wdnogSG.exe
  C:\Windows\System\wdnogSG.exe
  2⤵
  PID:5028
- C:\Windows\System\dnJITnX.exe
  C:\Windows\System\dnJITnX.exe
  2⤵
  PID:5048
- C:\Windows\System\bCEukaR.exe
  C:\Windows\System\bCEukaR.exe
  2⤵
  PID:5064
- C:\Windows\System\JAXCAtf.exe
  C:\Windows\System\JAXCAtf.exe
  2⤵
  PID:5080
- C:\Windows\System\fvrcWRd.exe
  C:\Windows\System\fvrcWRd.exe
  2⤵
  PID:5100
- C:\Windows\System\ZaOmNJx.exe
  C:\Windows\System\ZaOmNJx.exe
  2⤵
  PID:5116
- C:\Windows\System\YughvfB.exe
  C:\Windows\System\YughvfB.exe
  2⤵
  PID:3208
- C:\Windows\System\EBZZdVb.exe
  C:\Windows\System\EBZZdVb.exe
  2⤵
  PID:3552
- C:\Windows\System\OiNtSiN.exe
  C:\Windows\System\OiNtSiN.exe
  2⤵
  PID:3680
- C:\Windows\System\roaNqVP.exe
  C:\Windows\System\roaNqVP.exe
  2⤵
  PID:3944
- C:\Windows\System\uxXVEls.exe
  C:\Windows\System\uxXVEls.exe
  2⤵
  PID:444
- C:\Windows\System\NOuKuDO.exe
  C:\Windows\System\NOuKuDO.exe
  2⤵
  PID:1144
- C:\Windows\System\WBugRbW.exe
  C:\Windows\System\WBugRbW.exe
  2⤵
  PID:3128
- C:\Windows\System\GcgzJbb.exe
  C:\Windows\System\GcgzJbb.exe
  2⤵
  PID:4100
- C:\Windows\System\UhHUzyy.exe
  C:\Windows\System\UhHUzyy.exe
  2⤵
  PID:4196
- C:\Windows\System\MrWFKEb.exe
  C:\Windows\System\MrWFKEb.exe
  2⤵
  PID:3360
- C:\Windows\System\NikAeel.exe
  C:\Windows\System\NikAeel.exe
  2⤵
  PID:3452
- C:\Windows\System\OxDIlDW.exe
  C:\Windows\System\OxDIlDW.exe
  2⤵
  PID:3648
- C:\Windows\System\dhTmieT.exe
  C:\Windows\System\dhTmieT.exe
  2⤵
  PID:3796
- C:\Windows\System\vEBCRHa.exe
  C:\Windows\System\vEBCRHa.exe
  2⤵
  PID:4376
- C:\Windows\System\XHFpKLU.exe
  C:\Windows\System\XHFpKLU.exe
  2⤵
  PID:3908
- C:\Windows\System\KLCSthL.exe
  C:\Windows\System\KLCSthL.exe
  2⤵
  PID:4420
- C:\Windows\System\hcaxakQ.exe
  C:\Windows\System\hcaxakQ.exe
  2⤵
  PID:4440
- C:\Windows\System\LxJAWih.exe
  C:\Windows\System\LxJAWih.exe
  2⤵
  PID:4276
- C:\Windows\System\XtcobZi.exe
  C:\Windows\System\XtcobZi.exe
  2⤵
  PID:4328
- C:\Windows\System\dNjXSTY.exe
  C:\Windows\System\dNjXSTY.exe
  2⤵
  PID:4344
- C:\Windows\System\tSHzGZk.exe
  C:\Windows\System\tSHzGZk.exe
  2⤵
  PID:4216
- C:\Windows\System\MoPRnyn.exe
  C:\Windows\System\MoPRnyn.exe
  2⤵
  PID:4112
- C:\Windows\System\sCQvtRb.exe
  C:\Windows\System\sCQvtRb.exe
  2⤵
  PID:2316
- C:\Windows\System\tsTvttY.exe
  C:\Windows\System\tsTvttY.exe
  2⤵
  PID:4452
- C:\Windows\System\pGpxzNm.exe
  C:\Windows\System\pGpxzNm.exe
  2⤵
  PID:4524
- C:\Windows\System\PcwIdge.exe
  C:\Windows\System\PcwIdge.exe
  2⤵
  PID:4564
- C:\Windows\System\sOrolkW.exe
  C:\Windows\System\sOrolkW.exe
  2⤵
  PID:4608
- C:\Windows\System\SfmQBDP.exe
  C:\Windows\System\SfmQBDP.exe
  2⤵
  PID:4548
- C:\Windows\System\kjeSWoy.exe
  C:\Windows\System\kjeSWoy.exe
  2⤵
  PID:4624
- C:\Windows\System\Pungirw.exe
  C:\Windows\System\Pungirw.exe
  2⤵
  PID:4636
- C:\Windows\System\RWkOhmo.exe
  C:\Windows\System\RWkOhmo.exe
  2⤵
  PID:4728
- C:\Windows\System\XceBTKh.exe
  C:\Windows\System\XceBTKh.exe
  2⤵
  PID:4772
- C:\Windows\System\TbNFdyC.exe
  C:\Windows\System\TbNFdyC.exe
  2⤵
  PID:4744
- C:\Windows\System\GMoTDtJ.exe
  C:\Windows\System\GMoTDtJ.exe
  2⤵
  PID:4704
- C:\Windows\System\BDYpiSp.exe
  C:\Windows\System\BDYpiSp.exe
  2⤵
  PID:4832
- C:\Windows\System\ZgHEjvM.exe
  C:\Windows\System\ZgHEjvM.exe
  2⤵
  PID:4856
- C:\Windows\System\tbOyDvp.exe
  C:\Windows\System\tbOyDvp.exe
  2⤵
  PID:4940
- C:\Windows\System\rNwLQce.exe
  C:\Windows\System\rNwLQce.exe
  2⤵
  PID:4876
- C:\Windows\System\DqZuWZf.exe
  C:\Windows\System\DqZuWZf.exe
  2⤵
  PID:5016
- C:\Windows\System\GYZXYCg.exe
  C:\Windows\System\GYZXYCg.exe
  2⤵
  PID:4992
- C:\Windows\System\xXFDBJd.exe
  C:\Windows\System\xXFDBJd.exe
  2⤵
  PID:5020
- C:\Windows\System\kUMegxw.exe
  C:\Windows\System\kUMegxw.exe
  2⤵
  PID:5040
- C:\Windows\System\YBdfHbe.exe
  C:\Windows\System\YBdfHbe.exe
  2⤵
  PID:3096
- C:\Windows\System\AsLlSeY.exe
  C:\Windows\System\AsLlSeY.exe
  2⤵
  PID:3492
- C:\Windows\System\IGRovQT.exe
  C:\Windows\System\IGRovQT.exe
  2⤵
  PID:3224
- C:\Windows\System\IHuOHhn.exe
  C:\Windows\System\IHuOHhn.exe
  2⤵
  PID:3296
- C:\Windows\System\DIMcweY.exe
  C:\Windows\System\DIMcweY.exe
  2⤵
  PID:3356
- C:\Windows\System\GKhKPfV.exe
  C:\Windows\System\GKhKPfV.exe
  2⤵
  PID:824
- C:\Windows\System\cXNAJql.exe
  C:\Windows\System\cXNAJql.exe
  2⤵
  PID:3412
- C:\Windows\System\hCYttMH.exe
  C:\Windows\System\hCYttMH.exe
  2⤵
  PID:4296
- C:\Windows\System\LNqcWsq.exe
  C:\Windows\System\LNqcWsq.exe
  2⤵
  PID:1340
- C:\Windows\System\tkLiJoD.exe
  C:\Windows\System\tkLiJoD.exe
  2⤵
  PID:4428
- C:\Windows\System\Umayrud.exe
  C:\Windows\System\Umayrud.exe
  2⤵
  PID:3888
- C:\Windows\System\VOeCDik.exe
  C:\Windows\System\VOeCDik.exe
  2⤵
  PID:4324
- C:\Windows\System\EXJutVq.exe
  C:\Windows\System\EXJutVq.exe
  2⤵
  PID:4244
- C:\Windows\System\GyuNDiO.exe
  C:\Windows\System\GyuNDiO.exe
  2⤵
  PID:4388
- C:\Windows\System\hXvJpgF.exe
  C:\Windows\System\hXvJpgF.exe
  2⤵
  PID:4492
- C:\Windows\System\iIRbQga.exe
  C:\Windows\System\iIRbQga.exe
  2⤵
  PID:4468
- C:\Windows\System\MoKYAYJ.exe
  C:\Windows\System\MoKYAYJ.exe
  2⤵
  PID:4080
- C:\Windows\System\mlkJakJ.exe
  C:\Windows\System\mlkJakJ.exe
  2⤵
  PID:4568
- C:\Windows\System\VWXGnzQ.exe
  C:\Windows\System\VWXGnzQ.exe
  2⤵
  PID:4720
- C:\Windows\System\kJmHeGe.exe
  C:\Windows\System\kJmHeGe.exe
  2⤵
  PID:4780
- C:\Windows\System\ridgTcr.exe
  C:\Windows\System\ridgTcr.exe
  2⤵
  PID:4792
- C:\Windows\System\lpHMArr.exe
  C:\Windows\System\lpHMArr.exe
  2⤵
  PID:4768
- C:\Windows\System\YbxjkqP.exe
  C:\Windows\System\YbxjkqP.exe
  2⤵
  PID:4672
- C:\Windows\System\yVBPhvY.exe
  C:\Windows\System\yVBPhvY.exe
  2⤵
  PID:4860
- C:\Windows\System\gTHHGxp.exe
  C:\Windows\System\gTHHGxp.exe
  2⤵
  PID:4980
- C:\Windows\System\mRXGACi.exe
  C:\Windows\System\mRXGACi.exe
  2⤵
  PID:5096
- C:\Windows\System\IFdKcqp.exe
  C:\Windows\System\IFdKcqp.exe
  2⤵
  PID:5024
- C:\Windows\System\YquVxoN.exe
  C:\Windows\System\YquVxoN.exe
  2⤵
  PID:3168
- C:\Windows\System\aRSizTd.exe
  C:\Windows\System\aRSizTd.exe
  2⤵
  PID:5060
- C:\Windows\System\wAyeEFe.exe
  C:\Windows\System\wAyeEFe.exe
  2⤵
  PID:4160
- C:\Windows\System\nvgzxrT.exe
  C:\Windows\System\nvgzxrT.exe
  2⤵
  PID:3772
- C:\Windows\System\YUhypRX.exe
  C:\Windows\System\YUhypRX.exe
  2⤵
  PID:4432
- C:\Windows\System\tTEdhXr.exe
  C:\Windows\System\tTEdhXr.exe
  2⤵
  PID:5108
- C:\Windows\System\KDRxmwh.exe
  C:\Windows\System\KDRxmwh.exe
  2⤵
  PID:2284
- C:\Windows\System\GpCxTsZ.exe
  C:\Windows\System\GpCxTsZ.exe
  2⤵
  PID:2884
- C:\Windows\System\VfsjETg.exe
  C:\Windows\System\VfsjETg.exe
  2⤵
  PID:1716
- C:\Windows\System\GMSZsVz.exe
  C:\Windows\System\GMSZsVz.exe
  2⤵
  PID:4708
- C:\Windows\System\RqPLGDc.exe
  C:\Windows\System\RqPLGDc.exe
  2⤵
  PID:4336
- C:\Windows\System\OvgZCGJ.exe
  C:\Windows\System\OvgZCGJ.exe
  2⤵
  PID:5128
- C:\Windows\System\wUYZDPI.exe
  C:\Windows\System\wUYZDPI.exe
  2⤵
  PID:5144
- C:\Windows\System\GGbAeQm.exe
  C:\Windows\System\GGbAeQm.exe
  2⤵
  PID:5164
- C:\Windows\System\Nutqsja.exe
  C:\Windows\System\Nutqsja.exe
  2⤵
  PID:5184
- C:\Windows\System\SMIjUtb.exe
  C:\Windows\System\SMIjUtb.exe
  2⤵
  PID:5204
- C:\Windows\System\kXgaiKl.exe
  C:\Windows\System\kXgaiKl.exe
  2⤵
  PID:5224
- C:\Windows\System\IgPjYxc.exe
  C:\Windows\System\IgPjYxc.exe
  2⤵
  PID:5248
- C:\Windows\System\BJHQMVU.exe
  C:\Windows\System\BJHQMVU.exe
  2⤵
  PID:5264
- C:\Windows\System\sVFNLgt.exe
  C:\Windows\System\sVFNLgt.exe
  2⤵
  PID:5296
- C:\Windows\System\uFsTmCN.exe
  C:\Windows\System\uFsTmCN.exe
  2⤵
  PID:5316
- C:\Windows\System\vbiZByl.exe
  C:\Windows\System\vbiZByl.exe
  2⤵
  PID:5336
- C:\Windows\System\fMljswp.exe
  C:\Windows\System\fMljswp.exe
  2⤵
  PID:5356
- C:\Windows\System\XtMLnct.exe
  C:\Windows\System\XtMLnct.exe
  2⤵
  PID:5376
- C:\Windows\System\vZsBevi.exe
  C:\Windows\System\vZsBevi.exe
  2⤵
  PID:5396
- C:\Windows\System\rvMmZcW.exe
  C:\Windows\System\rvMmZcW.exe
  2⤵
  PID:5416
- C:\Windows\System\XDYFLhN.exe
  C:\Windows\System\XDYFLhN.exe
  2⤵
  PID:5436
- C:\Windows\System\aXOsChx.exe
  C:\Windows\System\aXOsChx.exe
  2⤵
  PID:5456
- C:\Windows\System\cklwsPv.exe
  C:\Windows\System\cklwsPv.exe
  2⤵
  PID:5476
- C:\Windows\System\fFPawMc.exe
  C:\Windows\System\fFPawMc.exe
  2⤵
  PID:5496
- C:\Windows\System\qLBszap.exe
  C:\Windows\System\qLBszap.exe
  2⤵
  PID:5516
- C:\Windows\System\zCYJkhI.exe
  C:\Windows\System\zCYJkhI.exe
  2⤵
  PID:5536
- C:\Windows\System\BUnHYRm.exe
  C:\Windows\System\BUnHYRm.exe
  2⤵
  PID:5556
- C:\Windows\System\DiVeRSf.exe
  C:\Windows\System\DiVeRSf.exe
  2⤵
  PID:5576
- C:\Windows\System\CaCHOLK.exe
  C:\Windows\System\CaCHOLK.exe
  2⤵
  PID:5596
- C:\Windows\System\CiUOYbI.exe
  C:\Windows\System\CiUOYbI.exe
  2⤵
  PID:5616
- C:\Windows\System\aeCryBz.exe
  C:\Windows\System\aeCryBz.exe
  2⤵
  PID:5636
- C:\Windows\System\nhhSajI.exe
  C:\Windows\System\nhhSajI.exe
  2⤵
  PID:5656
- C:\Windows\System\ftIcqXj.exe
  C:\Windows\System\ftIcqXj.exe
  2⤵
  PID:5676
- C:\Windows\System\IcfwkIp.exe
  C:\Windows\System\IcfwkIp.exe
  2⤵
  PID:5696
- C:\Windows\System\HfLzdHI.exe
  C:\Windows\System\HfLzdHI.exe
  2⤵
  PID:5716
- C:\Windows\System\PnfFVPH.exe
  C:\Windows\System\PnfFVPH.exe
  2⤵
  PID:5736
- C:\Windows\System\hAWgtds.exe
  C:\Windows\System\hAWgtds.exe
  2⤵
  PID:5756
- C:\Windows\System\XhrtFMb.exe
  C:\Windows\System\XhrtFMb.exe
  2⤵
  PID:5776
- C:\Windows\System\DdsggGD.exe
  C:\Windows\System\DdsggGD.exe
  2⤵
  PID:5796
- C:\Windows\System\jGrXXOU.exe
  C:\Windows\System\jGrXXOU.exe
  2⤵
  PID:5816
- C:\Windows\System\umztJGV.exe
  C:\Windows\System\umztJGV.exe
  2⤵
  PID:5836
- C:\Windows\System\NQcAxXK.exe
  C:\Windows\System\NQcAxXK.exe
  2⤵
  PID:5856
- C:\Windows\System\UTfUdtT.exe
  C:\Windows\System\UTfUdtT.exe
  2⤵
  PID:5876
- C:\Windows\System\sKVUadB.exe
  C:\Windows\System\sKVUadB.exe
  2⤵
  PID:5896
- C:\Windows\System\FNFCxVW.exe
  C:\Windows\System\FNFCxVW.exe
  2⤵
  PID:5916
- C:\Windows\System\KkGtWNv.exe
  C:\Windows\System\KkGtWNv.exe
  2⤵
  PID:5936
- C:\Windows\System\jejTFNv.exe
  C:\Windows\System\jejTFNv.exe
  2⤵
  PID:5956
- C:\Windows\System\GkxzAZk.exe
  C:\Windows\System\GkxzAZk.exe
  2⤵
  PID:5976
- C:\Windows\System\WQWGZlL.exe
  C:\Windows\System\WQWGZlL.exe
  2⤵
  PID:5996
- C:\Windows\System\TijDgSz.exe
  C:\Windows\System\TijDgSz.exe
  2⤵
  PID:6016
- C:\Windows\System\VVQejsr.exe
  C:\Windows\System\VVQejsr.exe
  2⤵
  PID:6036
- C:\Windows\System\QBIAuxo.exe
  C:\Windows\System\QBIAuxo.exe
  2⤵
  PID:6056
- C:\Windows\System\RZCSBHt.exe
  C:\Windows\System\RZCSBHt.exe
  2⤵
  PID:6076
- C:\Windows\System\qqJoRJm.exe
  C:\Windows\System\qqJoRJm.exe
  2⤵
  PID:6096
- C:\Windows\System\QJabMmY.exe
  C:\Windows\System\QJabMmY.exe
  2⤵
  PID:6116
- C:\Windows\System\TZbbRBC.exe
  C:\Windows\System\TZbbRBC.exe
  2⤵
  PID:6136
- C:\Windows\System\LAfSeKB.exe
  C:\Windows\System\LAfSeKB.exe
  2⤵
  PID:4864
- C:\Windows\System\jEnknIJ.exe
  C:\Windows\System\jEnknIJ.exe
  2⤵
  PID:4540
- C:\Windows\System\ikpKwUa.exe
  C:\Windows\System\ikpKwUa.exe
  2⤵
  PID:3972
- C:\Windows\System\fJLALlz.exe
  C:\Windows\System\fJLALlz.exe
  2⤵
  PID:3304
- C:\Windows\System\raOCtMg.exe
  C:\Windows\System\raOCtMg.exe
  2⤵
  PID:4260
- C:\Windows\System\JHwNjDl.exe
  C:\Windows\System\JHwNjDl.exe
  2⤵
  PID:5000
- C:\Windows\System\LwZPWJJ.exe
  C:\Windows\System\LwZPWJJ.exe
  2⤵
  PID:4164
- C:\Windows\System\XeHhove.exe
  C:\Windows\System\XeHhove.exe
  2⤵
  PID:1052
- C:\Windows\System\ZfpVOOF.exe
  C:\Windows\System\ZfpVOOF.exe
  2⤵
  PID:3428
- C:\Windows\System\EZbpOsu.exe
  C:\Windows\System\EZbpOsu.exe
  2⤵
  PID:4484
- C:\Windows\System\CEWssKX.exe
  C:\Windows\System\CEWssKX.exe
  2⤵
  PID:4572
- C:\Windows\System\YZnjbQQ.exe
  C:\Windows\System\YZnjbQQ.exe
  2⤵
  PID:4488
- C:\Windows\System\PMQPwiI.exe
  C:\Windows\System\PMQPwiI.exe
  2⤵
  PID:5160
- C:\Windows\System\tAtfCwI.exe
  C:\Windows\System\tAtfCwI.exe
  2⤵
  PID:5176
- C:\Windows\System\xTwukpZ.exe
  C:\Windows\System\xTwukpZ.exe
  2⤵
  PID:5220
- C:\Windows\System\TbtLxEQ.exe
  C:\Windows\System\TbtLxEQ.exe
  2⤵
  PID:5256
- C:\Windows\System\Aoehyrm.exe
  C:\Windows\System\Aoehyrm.exe
  2⤵
  PID:2268
- C:\Windows\System\HSGzEHN.exe
  C:\Windows\System\HSGzEHN.exe
  2⤵
  PID:5312
- C:\Windows\System\Obvtgtt.exe
  C:\Windows\System\Obvtgtt.exe
  2⤵
  PID:5364
- C:\Windows\System\TLbYimo.exe
  C:\Windows\System\TLbYimo.exe
  2⤵
  PID:5384
- C:\Windows\System\CudhKrH.exe
  C:\Windows\System\CudhKrH.exe
  2⤵
  PID:5408
- C:\Windows\System\qzFATSB.exe
  C:\Windows\System\qzFATSB.exe
  2⤵
  PID:5452
- C:\Windows\System\SNMUmOC.exe
  C:\Windows\System\SNMUmOC.exe
  2⤵
  PID:5468
- C:\Windows\System\suopFXO.exe
  C:\Windows\System\suopFXO.exe
  2⤵
  PID:5512
- C:\Windows\System\hCidsQA.exe
  C:\Windows\System\hCidsQA.exe
  2⤵
  PID:5544
- C:\Windows\System\nnTAreU.exe
  C:\Windows\System\nnTAreU.exe
  2⤵
  PID:5568
- C:\Windows\System\phkTeml.exe
  C:\Windows\System\phkTeml.exe
  2⤵
  PID:5592
- C:\Windows\System\SnmKvwC.exe
  C:\Windows\System\SnmKvwC.exe
  2⤵
  PID:5644
- C:\Windows\System\fmsqFtN.exe
  C:\Windows\System\fmsqFtN.exe
  2⤵
  PID:5668
- C:\Windows\System\cQKqPEc.exe
  C:\Windows\System\cQKqPEc.exe
  2⤵
  PID:5724
- C:\Windows\System\msSiYLR.exe
  C:\Windows\System\msSiYLR.exe
  2⤵
  PID:5728
- C:\Windows\System\IARBFJX.exe
  C:\Windows\System\IARBFJX.exe
  2⤵
  PID:5748
- C:\Windows\System\UiTDbsv.exe
  C:\Windows\System\UiTDbsv.exe
  2⤵
  PID:5812
- C:\Windows\System\ixXVckF.exe
  C:\Windows\System\ixXVckF.exe
  2⤵
  PID:5832
- C:\Windows\System\exaKjYP.exe
  C:\Windows\System\exaKjYP.exe
  2⤵
  PID:5884
- C:\Windows\System\sVbTGZj.exe
  C:\Windows\System\sVbTGZj.exe
  2⤵
  PID:5868
- C:\Windows\System\XalziVo.exe
  C:\Windows\System\XalziVo.exe
  2⤵
  PID:5924
- C:\Windows\System\dWdHgqt.exe
  C:\Windows\System\dWdHgqt.exe
  2⤵
  PID:5948
- C:\Windows\System\fkZRKnZ.exe
  C:\Windows\System\fkZRKnZ.exe
  2⤵
  PID:6004
- C:\Windows\System\YvTnyHI.exe
  C:\Windows\System\YvTnyHI.exe
  2⤵
  PID:6024
- C:\Windows\System\YwUxGFs.exe
  C:\Windows\System\YwUxGFs.exe
  2⤵
  PID:6048
- C:\Windows\System\gJyAWae.exe
  C:\Windows\System\gJyAWae.exe
  2⤵
  PID:6068
- C:\Windows\System\tYPCPsp.exe
  C:\Windows\System\tYPCPsp.exe
  2⤵
  PID:6108
- C:\Windows\System\QBDnLhk.exe
  C:\Windows\System\QBDnLhk.exe
  2⤵
  PID:4656
- C:\Windows\System\gaNLQVV.exe
  C:\Windows\System\gaNLQVV.exe
  2⤵
  PID:4976
- C:\Windows\System\RZTNZFK.exe
  C:\Windows\System\RZTNZFK.exe
  2⤵
  PID:4928
- C:\Windows\System\MgVIddy.exe
  C:\Windows\System\MgVIddy.exe
  2⤵
  PID:3320
- C:\Windows\System\SNWdlXA.exe
  C:\Windows\System\SNWdlXA.exe
  2⤵
  PID:3912
- C:\Windows\System\WNSWlwH.exe
  C:\Windows\System\WNSWlwH.exe
  2⤵
  PID:4312
- C:\Windows\System\miymKZd.exe
  C:\Windows\System\miymKZd.exe
  2⤵
  PID:4688
- C:\Windows\System\BOuVcYX.exe
  C:\Windows\System\BOuVcYX.exe
  2⤵
  PID:5152
- C:\Windows\System\PMmvUDO.exe
  C:\Windows\System\PMmvUDO.exe
  2⤵
  PID:5212
- C:\Windows\System\ggybyug.exe
  C:\Windows\System\ggybyug.exe
  2⤵
  PID:5244
- C:\Windows\System\senukVZ.exe
  C:\Windows\System\senukVZ.exe
  2⤵
  PID:5324
- C:\Windows\System\FwLkLcM.exe
  C:\Windows\System\FwLkLcM.exe
  2⤵
  PID:5368
- C:\Windows\System\RGucxyd.exe
  C:\Windows\System\RGucxyd.exe
  2⤵
  PID:5444
- C:\Windows\System\cBrtRxr.exe
  C:\Windows\System\cBrtRxr.exe
  2⤵
  PID:2904
- C:\Windows\System\RFcRHHM.exe
  C:\Windows\System\RFcRHHM.exe
  2⤵
  PID:5524
- C:\Windows\System\cqmAJhp.exe
  C:\Windows\System\cqmAJhp.exe
  2⤵
  PID:5564
- C:\Windows\System\xLoxXzs.exe
  C:\Windows\System\xLoxXzs.exe
  2⤵
  PID:5628
- C:\Windows\System\YgORYAf.exe
  C:\Windows\System\YgORYAf.exe
  2⤵
  PID:5688
- C:\Windows\System\zCwbmzL.exe
  C:\Windows\System\zCwbmzL.exe
  2⤵
  PID:5752
- C:\Windows\System\XdAKJKz.exe
  C:\Windows\System\XdAKJKz.exe
  2⤵
  PID:5788
- C:\Windows\System\NNTxoAk.exe
  C:\Windows\System\NNTxoAk.exe
  2⤵
  PID:5828
- C:\Windows\System\DxBAJyq.exe
  C:\Windows\System\DxBAJyq.exe
  2⤵
  PID:5872
- C:\Windows\System\xyvqLIY.exe
  C:\Windows\System\xyvqLIY.exe
  2⤵
  PID:5908
- C:\Windows\System\djXLQzj.exe
  C:\Windows\System\djXLQzj.exe
  2⤵
  PID:5992
- C:\Windows\System\kYZrtEc.exe
  C:\Windows\System\kYZrtEc.exe
  2⤵
  PID:6052
- C:\Windows\System\CJvugBx.exe
  C:\Windows\System\CJvugBx.exe
  2⤵
  PID:6104
- C:\Windows\System\NkDykfc.exe
  C:\Windows\System\NkDykfc.exe
  2⤵
  PID:6156
- C:\Windows\System\HfvJtGr.exe
  C:\Windows\System\HfvJtGr.exe
  2⤵
  PID:6176
- C:\Windows\System\jLBYfLu.exe
  C:\Windows\System\jLBYfLu.exe
  2⤵
  PID:6200
- C:\Windows\System\lcxsmjm.exe
  C:\Windows\System\lcxsmjm.exe
  2⤵
  PID:6220
- C:\Windows\System\qMZakpD.exe
  C:\Windows\System\qMZakpD.exe
  2⤵
  PID:6240
- C:\Windows\System\IXQqIdP.exe
  C:\Windows\System\IXQqIdP.exe
  2⤵
  PID:6260
- C:\Windows\System\QtOBdFR.exe
  C:\Windows\System\QtOBdFR.exe
  2⤵
  PID:6280
- C:\Windows\System\uqUohiT.exe
  C:\Windows\System\uqUohiT.exe
  2⤵
  PID:6300
- C:\Windows\System\eXNcixP.exe
  C:\Windows\System\eXNcixP.exe
  2⤵
  PID:6320
- C:\Windows\System\jNmsChy.exe
  C:\Windows\System\jNmsChy.exe
  2⤵
  PID:6340
- C:\Windows\System\PbTwtTW.exe
  C:\Windows\System\PbTwtTW.exe
  2⤵
  PID:6360
- C:\Windows\System\JcvNcXT.exe
  C:\Windows\System\JcvNcXT.exe
  2⤵
  PID:6380
- C:\Windows\System\kTpnqii.exe
  C:\Windows\System\kTpnqii.exe
  2⤵
  PID:6400
- C:\Windows\System\CZmjTXO.exe
  C:\Windows\System\CZmjTXO.exe
  2⤵
  PID:6420
- C:\Windows\System\zpMJxNz.exe
  C:\Windows\System\zpMJxNz.exe
  2⤵
  PID:6440
- C:\Windows\System\qSgedKJ.exe
  C:\Windows\System\qSgedKJ.exe
  2⤵
  PID:6460
- C:\Windows\System\RhwJHwv.exe
  C:\Windows\System\RhwJHwv.exe
  2⤵
  PID:6480
- C:\Windows\System\tsalYDC.exe
  C:\Windows\System\tsalYDC.exe
  2⤵
  PID:6500
- C:\Windows\System\vHxHajb.exe
  C:\Windows\System\vHxHajb.exe
  2⤵
  PID:6520
- C:\Windows\System\CufdvAx.exe
  C:\Windows\System\CufdvAx.exe
  2⤵
  PID:6540
- C:\Windows\System\coniZNl.exe
  C:\Windows\System\coniZNl.exe
  2⤵
  PID:6560
- C:\Windows\System\BrnledB.exe
  C:\Windows\System\BrnledB.exe
  2⤵
  PID:6580
- C:\Windows\System\NwYXvVq.exe
  C:\Windows\System\NwYXvVq.exe
  2⤵
  PID:6600
- C:\Windows\System\etEkVTX.exe
  C:\Windows\System\etEkVTX.exe
  2⤵
  PID:6620
- C:\Windows\System\jzYDMWV.exe
  C:\Windows\System\jzYDMWV.exe
  2⤵
  PID:6640
- C:\Windows\System\VPdQKkd.exe
  C:\Windows\System\VPdQKkd.exe
  2⤵
  PID:6660
- C:\Windows\System\fJGHzmw.exe
  C:\Windows\System\fJGHzmw.exe
  2⤵
  PID:6680
- C:\Windows\System\oQzYbxW.exe
  C:\Windows\System\oQzYbxW.exe
  2⤵
  PID:6700
- C:\Windows\System\oXjatxi.exe
  C:\Windows\System\oXjatxi.exe
  2⤵
  PID:6720
- C:\Windows\System\JvHwfoR.exe
  C:\Windows\System\JvHwfoR.exe
  2⤵
  PID:6740
- C:\Windows\System\lEuBxFG.exe
  C:\Windows\System\lEuBxFG.exe
  2⤵
  PID:6760
- C:\Windows\System\HXsEMZB.exe
  C:\Windows\System\HXsEMZB.exe
  2⤵
  PID:6780
- C:\Windows\System\OZuzUIr.exe
  C:\Windows\System\OZuzUIr.exe
  2⤵
  PID:6800
- C:\Windows\System\xhZfpLz.exe
  C:\Windows\System\xhZfpLz.exe
  2⤵
  PID:6820
- C:\Windows\System\AWxQtHx.exe
  C:\Windows\System\AWxQtHx.exe
  2⤵
  PID:6840
- C:\Windows\System\LEkJfmx.exe
  C:\Windows\System\LEkJfmx.exe
  2⤵
  PID:6860
- C:\Windows\System\kmGFHyG.exe
  C:\Windows\System\kmGFHyG.exe
  2⤵
  PID:6880
- C:\Windows\System\BrtAhpY.exe
  C:\Windows\System\BrtAhpY.exe
  2⤵
  PID:6900
- C:\Windows\System\qkkFwsI.exe
  C:\Windows\System\qkkFwsI.exe
  2⤵
  PID:6920
- C:\Windows\System\DwkPeKt.exe
  C:\Windows\System\DwkPeKt.exe
  2⤵
  PID:6940
- C:\Windows\System\NqjIZyC.exe
  C:\Windows\System\NqjIZyC.exe
  2⤵
  PID:6960
- C:\Windows\System\FyfQpZZ.exe
  C:\Windows\System\FyfQpZZ.exe
  2⤵
  PID:6980
- C:\Windows\System\ShJeuMV.exe
  C:\Windows\System\ShJeuMV.exe
  2⤵
  PID:7000
- C:\Windows\System\EqcOSSv.exe
  C:\Windows\System\EqcOSSv.exe
  2⤵
  PID:7020
- C:\Windows\System\QzqVRmI.exe
  C:\Windows\System\QzqVRmI.exe
  2⤵
  PID:7040
- C:\Windows\System\gzQEied.exe
  C:\Windows\System\gzQEied.exe
  2⤵
  PID:7060
- C:\Windows\System\nyPbdnT.exe
  C:\Windows\System\nyPbdnT.exe
  2⤵
  PID:7080
- C:\Windows\System\aGfVNEC.exe
  C:\Windows\System\aGfVNEC.exe
  2⤵
  PID:7100
- C:\Windows\System\BWLXShC.exe
  C:\Windows\System\BWLXShC.exe
  2⤵
  PID:7120
- C:\Windows\System\fFPJIMQ.exe
  C:\Windows\System\fFPJIMQ.exe
  2⤵
  PID:7140
- C:\Windows\System\PCTTFDH.exe
  C:\Windows\System\PCTTFDH.exe
  2⤵
  PID:7160
- C:\Windows\System\oUPGQho.exe
  C:\Windows\System\oUPGQho.exe
  2⤵
  PID:4396
- C:\Windows\System\zsPrclV.exe
  C:\Windows\System\zsPrclV.exe
  2⤵
  PID:4504
- C:\Windows\System\tIiVfVc.exe
  C:\Windows\System\tIiVfVc.exe
  2⤵
  PID:4232
- C:\Windows\System\vZKWCAP.exe
  C:\Windows\System\vZKWCAP.exe
  2⤵
  PID:4364
- C:\Windows\System\sWnBRDH.exe
  C:\Windows\System\sWnBRDH.exe
  2⤵
  PID:5200
- C:\Windows\System\VHfqTVg.exe
  C:\Windows\System\VHfqTVg.exe
  2⤵
  PID:5280
- C:\Windows\System\dkQbDgl.exe
  C:\Windows\System\dkQbDgl.exe
  2⤵
  PID:5372
- C:\Windows\System\FLyjczr.exe
  C:\Windows\System\FLyjczr.exe
  2⤵
  PID:5392
- C:\Windows\System\AjvsfeU.exe
  C:\Windows\System\AjvsfeU.exe
  2⤵
  PID:5492
- C:\Windows\System\XsUhOOL.exe
  C:\Windows\System\XsUhOOL.exe
  2⤵
  PID:5532
- C:\Windows\System\fsgOUSC.exe
  C:\Windows\System\fsgOUSC.exe
  2⤵
  PID:5692
- C:\Windows\System\QmYvddt.exe
  C:\Windows\System\QmYvddt.exe
  2⤵
  PID:5824
- C:\Windows\System\kXcfhki.exe
  C:\Windows\System\kXcfhki.exe
  2⤵
  PID:5864
- C:\Windows\System\vfRNCbp.exe
  C:\Windows\System\vfRNCbp.exe
  2⤵
  PID:5928
- C:\Windows\System\fGqzacQ.exe
  C:\Windows\System\fGqzacQ.exe
  2⤵
  PID:6072
- C:\Windows\System\elPyXSn.exe
  C:\Windows\System\elPyXSn.exe
  2⤵
  PID:6092
- C:\Windows\System\PboVDQJ.exe
  C:\Windows\System\PboVDQJ.exe
  2⤵
  PID:6196
- C:\Windows\System\xbPvrHm.exe
  C:\Windows\System\xbPvrHm.exe
  2⤵
  PID:6228
- C:\Windows\System\ZvgsALM.exe
  C:\Windows\System\ZvgsALM.exe
  2⤵
  PID:6248
- C:\Windows\System\vxFbsLx.exe
  C:\Windows\System\vxFbsLx.exe
  2⤵
  PID:6272
- C:\Windows\System\FjQGYQh.exe
  C:\Windows\System\FjQGYQh.exe
  2⤵
  PID:6292
- C:\Windows\System\lzJwuug.exe
  C:\Windows\System\lzJwuug.exe
  2⤵
  PID:6332
- C:\Windows\System\szUzKiK.exe
  C:\Windows\System\szUzKiK.exe
  2⤵
  PID:6376
- C:\Windows\System\oAHkAOe.exe
  C:\Windows\System\oAHkAOe.exe
  2⤵
  PID:6428
- C:\Windows\System\wazFOjl.exe
  C:\Windows\System\wazFOjl.exe
  2⤵
  PID:6448
- C:\Windows\System\CdpQSnv.exe
  C:\Windows\System\CdpQSnv.exe
  2⤵
  PID:6472
- C:\Windows\System\okkAelE.exe
  C:\Windows\System\okkAelE.exe
  2⤵
  PID:6516
- C:\Windows\System\rzbbPJF.exe
  C:\Windows\System\rzbbPJF.exe
  2⤵
  PID:6532
- C:\Windows\System\jioxbPe.exe
  C:\Windows\System\jioxbPe.exe
  2⤵
  PID:6576
- C:\Windows\System\LuZZTux.exe
  C:\Windows\System\LuZZTux.exe
  2⤵
  PID:6628
- C:\Windows\System\pntSoCm.exe
  C:\Windows\System\pntSoCm.exe
  2⤵
  PID:6648
- C:\Windows\System\gStUCgh.exe
  C:\Windows\System\gStUCgh.exe
  2⤵
  PID:6672
- C:\Windows\System\Zkfcncy.exe
  C:\Windows\System\Zkfcncy.exe
  2⤵
  PID:6716
- C:\Windows\System\MhQMlad.exe
  C:\Windows\System\MhQMlad.exe
  2⤵
  PID:6748
- C:\Windows\System\kqdtKjH.exe
  C:\Windows\System\kqdtKjH.exe
  2⤵
  PID:6772
- C:\Windows\System\pgclBMd.exe
  C:\Windows\System\pgclBMd.exe
  2⤵
  PID:6816
- C:\Windows\System\rXBSPnR.exe
  C:\Windows\System\rXBSPnR.exe
  2⤵
  PID:6848
- C:\Windows\System\ZPPLtQj.exe
  C:\Windows\System\ZPPLtQj.exe
  2⤵
  PID:6876
- C:\Windows\System\HCJjqjZ.exe
  C:\Windows\System\HCJjqjZ.exe
  2⤵
  PID:6892
- C:\Windows\System\ADCwgLe.exe
  C:\Windows\System\ADCwgLe.exe
  2⤵
  PID:6948
- C:\Windows\System\XHqAcvz.exe
  C:\Windows\System\XHqAcvz.exe
  2⤵
  PID:6988
- C:\Windows\System\btxnRvq.exe
  C:\Windows\System\btxnRvq.exe
  2⤵
  PID:2732
- C:\Windows\System\xXEgDnR.exe
  C:\Windows\System\xXEgDnR.exe
  2⤵
  PID:7028
- C:\Windows\System\mztvSPc.exe
  C:\Windows\System\mztvSPc.exe
  2⤵
  PID:7032
- C:\Windows\System\Evolsex.exe
  C:\Windows\System\Evolsex.exe
  2⤵
  PID:7076
- C:\Windows\System\pxRpMdW.exe
  C:\Windows\System\pxRpMdW.exe
  2⤵
  PID:7092
- C:\Windows\System\TuiBhQP.exe
  C:\Windows\System\TuiBhQP.exe
  2⤵
  PID:7128
- C:\Windows\System\xneyMWO.exe
  C:\Windows\System\xneyMWO.exe
  2⤵
  PID:7152
- C:\Windows\System\VqHYjiw.exe
  C:\Windows\System\VqHYjiw.exe
  2⤵
  PID:4852
- C:\Windows\System\ALQLxsN.exe
  C:\Windows\System\ALQLxsN.exe
  2⤵
  PID:5044
- C:\Windows\System\GEbFbxT.exe
  C:\Windows\System\GEbFbxT.exe
  2⤵
  PID:5216
- C:\Windows\System\bNusOKc.exe
  C:\Windows\System\bNusOKc.exe
  2⤵
  PID:5196
- C:\Windows\System\yJtLGJB.exe
  C:\Windows\System\yJtLGJB.exe
  2⤵
  PID:5344
- C:\Windows\System\gpOxFzo.exe
  C:\Windows\System\gpOxFzo.exe
  2⤵
  PID:5488
- C:\Windows\System\TESFyku.exe
  C:\Windows\System\TESFyku.exe
  2⤵
  PID:5764
- C:\Windows\System\tjjlkUn.exe
  C:\Windows\System\tjjlkUn.exe
  2⤵
  PID:5952
- C:\Windows\System\McixinH.exe
  C:\Windows\System\McixinH.exe
  2⤵
  PID:5852
- C:\Windows\System\lMOUvUO.exe
  C:\Windows\System\lMOUvUO.exe
  2⤵
  PID:5984
- C:\Windows\System\CxiGpQv.exe
  C:\Windows\System\CxiGpQv.exe
  2⤵
  PID:6164
- C:\Windows\System\fPnbkIb.exe
  C:\Windows\System\fPnbkIb.exe
  2⤵
  PID:6252
- C:\Windows\System\dIiclsj.exe
  C:\Windows\System\dIiclsj.exe
  2⤵
  PID:6348
- C:\Windows\System\njzWkkP.exe
  C:\Windows\System\njzWkkP.exe
  2⤵
  PID:6396
- C:\Windows\System\xOBPPij.exe
  C:\Windows\System\xOBPPij.exe
  2⤵
  PID:6388
- C:\Windows\System\rTvWlru.exe
  C:\Windows\System\rTvWlru.exe
  2⤵
  PID:6452
- C:\Windows\System\GtnjEom.exe
  C:\Windows\System\GtnjEom.exe
  2⤵
  PID:6528
- C:\Windows\System\hTqGbdx.exe
  C:\Windows\System\hTqGbdx.exe
  2⤵
  PID:6496
- C:\Windows\System\pdCZpVb.exe
  C:\Windows\System\pdCZpVb.exe
  2⤵
  PID:6608
- C:\Windows\System\sfQcnFS.exe
  C:\Windows\System\sfQcnFS.exe
  2⤵
  PID:6668
- C:\Windows\System\dsFikny.exe
  C:\Windows\System\dsFikny.exe
  2⤵
  PID:6688
- C:\Windows\System\GbYacLj.exe
  C:\Windows\System\GbYacLj.exe
  2⤵
  PID:6752
- C:\Windows\System\kmkgYUa.exe
  C:\Windows\System\kmkgYUa.exe
  2⤵
  PID:6852
- C:\Windows\System\jWrXshw.exe
  C:\Windows\System\jWrXshw.exe
  2⤵
  PID:6856
- C:\Windows\System\YvEcdhT.exe
  C:\Windows\System\YvEcdhT.exe
  2⤵
  PID:6908
- C:\Windows\System\OmmtXxN.exe
  C:\Windows\System\OmmtXxN.exe
  2⤵
  PID:6972
- C:\Windows\System\TnAvQtq.exe
  C:\Windows\System\TnAvQtq.exe
  2⤵
  PID:2896
- C:\Windows\System\eNpUvEU.exe
  C:\Windows\System\eNpUvEU.exe
  2⤵
  PID:7056
- C:\Windows\System\rxbthsN.exe
  C:\Windows\System\rxbthsN.exe
  2⤵
  PID:7132
- C:\Windows\System\fkWjoCG.exe
  C:\Windows\System\fkWjoCG.exe
  2⤵
  PID:7148
- C:\Windows\System\utyWOgE.exe
  C:\Windows\System\utyWOgE.exe
  2⤵
  PID:6112
- C:\Windows\System\OszSiNW.exe
  C:\Windows\System\OszSiNW.exe
  2⤵
  PID:2932
- C:\Windows\System\QwbNUoE.exe
  C:\Windows\System\QwbNUoE.exe
  2⤵
  PID:5240
- C:\Windows\System\jyTdlnN.exe
  C:\Windows\System\jyTdlnN.exe
  2⤵
  PID:1724
- C:\Windows\System\UIXsotG.exe
  C:\Windows\System\UIXsotG.exe
  2⤵
  PID:6084
- C:\Windows\System\iFyfKzl.exe
  C:\Windows\System\iFyfKzl.exe
  2⤵
  PID:5972
- C:\Windows\System\IcNJpUC.exe
  C:\Windows\System\IcNJpUC.exe
  2⤵
  PID:6148
- C:\Windows\System\uIPuXaC.exe
  C:\Windows\System\uIPuXaC.exe
  2⤵
  PID:2952
- C:\Windows\System\OVgqpGh.exe
  C:\Windows\System\OVgqpGh.exe
  2⤵
  PID:6368
- C:\Windows\System\MSnuMoO.exe
  C:\Windows\System\MSnuMoO.exe
  2⤵
  PID:6508
- C:\Windows\System\dNaLxGx.exe
  C:\Windows\System\dNaLxGx.exe
  2⤵
  PID:6552
- C:\Windows\System\XJWOIWO.exe
  C:\Windows\System\XJWOIWO.exe
  2⤵
  PID:6632
- C:\Windows\System\VlljNXD.exe
  C:\Windows\System\VlljNXD.exe
  2⤵
  PID:6736
- C:\Windows\System\PgbOjLb.exe
  C:\Windows\System\PgbOjLb.exe
  2⤵
  PID:6808
- C:\Windows\System\QupTrSv.exe
  C:\Windows\System\QupTrSv.exe
  2⤵
  PID:6932
- C:\Windows\System\rYSbPXl.exe
  C:\Windows\System\rYSbPXl.exe
  2⤵
  PID:7088
- C:\Windows\System\BmdoWvB.exe
  C:\Windows\System\BmdoWvB.exe
  2⤵
  PID:2624
- C:\Windows\System\rywkngt.exe
  C:\Windows\System\rywkngt.exe
  2⤵
  PID:7112
- C:\Windows\System\qPWiDTl.exe
  C:\Windows\System\qPWiDTl.exe
  2⤵
  PID:3696
- C:\Windows\System\YNGPMhJ.exe
  C:\Windows\System\YNGPMhJ.exe
  2⤵
  PID:4800
- C:\Windows\System\szOMCdp.exe
  C:\Windows\System\szOMCdp.exe
  2⤵
  PID:5684
- C:\Windows\System\MvtfZYD.exe
  C:\Windows\System\MvtfZYD.exe
  2⤵
  PID:7184
- C:\Windows\System\LJAAwgK.exe
  C:\Windows\System\LJAAwgK.exe
  2⤵
  PID:7204
- C:\Windows\System\JlMNzpW.exe
  C:\Windows\System\JlMNzpW.exe
  2⤵
  PID:7224
- C:\Windows\System\ipWHoHo.exe
  C:\Windows\System\ipWHoHo.exe
  2⤵
  PID:7244
- C:\Windows\System\vnGHmzl.exe
  C:\Windows\System\vnGHmzl.exe
  2⤵
  PID:7268
- C:\Windows\System\bXZPkkA.exe
  C:\Windows\System\bXZPkkA.exe
  2⤵
  PID:7284
- C:\Windows\System\RTbFnMy.exe
  C:\Windows\System\RTbFnMy.exe
  2⤵
  PID:7308
- C:\Windows\System\gRIXbqR.exe
  C:\Windows\System\gRIXbqR.exe
  2⤵
  PID:7328
- C:\Windows\System\jNiRdHt.exe
  C:\Windows\System\jNiRdHt.exe
  2⤵
  PID:7348
- C:\Windows\System\BaiTDVQ.exe
  C:\Windows\System\BaiTDVQ.exe
  2⤵
  PID:7368
- C:\Windows\System\eqAigqq.exe
  C:\Windows\System\eqAigqq.exe
  2⤵
  PID:7388
- C:\Windows\System\ZPwpoDz.exe
  C:\Windows\System\ZPwpoDz.exe
  2⤵
  PID:7408
- C:\Windows\System\ZZmYMFZ.exe
  C:\Windows\System\ZZmYMFZ.exe
  2⤵
  PID:7428
- C:\Windows\System\kuEdYOM.exe
  C:\Windows\System\kuEdYOM.exe
  2⤵
  PID:7444
- C:\Windows\System\NLuZmjv.exe
  C:\Windows\System\NLuZmjv.exe
  2⤵
  PID:7468
- C:\Windows\System\eDkpNxA.exe
  C:\Windows\System\eDkpNxA.exe
  2⤵
  PID:7488
- C:\Windows\System\ozZnnsn.exe
  C:\Windows\System\ozZnnsn.exe
  2⤵
  PID:7508
- C:\Windows\System\FarsgGw.exe
  C:\Windows\System\FarsgGw.exe
  2⤵
  PID:7528
- C:\Windows\System\gtYNCva.exe
  C:\Windows\System\gtYNCva.exe
  2⤵
  PID:7548
- C:\Windows\System\xxyzuAT.exe
  C:\Windows\System\xxyzuAT.exe
  2⤵
  PID:7568
- C:\Windows\System\hCNbGYX.exe
  C:\Windows\System\hCNbGYX.exe
  2⤵
  PID:7588
- C:\Windows\System\WAqiHIN.exe
  C:\Windows\System\WAqiHIN.exe
  2⤵
  PID:7608
- C:\Windows\System\HdocKLL.exe
  C:\Windows\System\HdocKLL.exe
  2⤵
  PID:7628
- C:\Windows\System\xpfzYmH.exe
  C:\Windows\System\xpfzYmH.exe
  2⤵
  PID:7648
- C:\Windows\System\DQHAVrW.exe
  C:\Windows\System\DQHAVrW.exe
  2⤵
  PID:7668
- C:\Windows\System\MhKHguO.exe
  C:\Windows\System\MhKHguO.exe
  2⤵
  PID:7688
- C:\Windows\System\IOpYKDN.exe
  C:\Windows\System\IOpYKDN.exe
  2⤵
  PID:7708
- C:\Windows\System\TzfagtK.exe
  C:\Windows\System\TzfagtK.exe
  2⤵
  PID:7728
- C:\Windows\System\yqlXCXy.exe
  C:\Windows\System\yqlXCXy.exe
  2⤵
  PID:7748
- C:\Windows\System\ebpmkQW.exe
  C:\Windows\System\ebpmkQW.exe
  2⤵
  PID:7768
- C:\Windows\System\sJnlkaI.exe
  C:\Windows\System\sJnlkaI.exe
  2⤵
  PID:7788
- C:\Windows\System\uLdzzJd.exe
  C:\Windows\System\uLdzzJd.exe
  2⤵
  PID:7808
- C:\Windows\System\tokjbZr.exe
  C:\Windows\System\tokjbZr.exe
  2⤵
  PID:7828
- C:\Windows\System\tqAnCdt.exe
  C:\Windows\System\tqAnCdt.exe
  2⤵
  PID:7848
- C:\Windows\System\dchmlgy.exe
  C:\Windows\System\dchmlgy.exe
  2⤵
  PID:7868
- C:\Windows\System\uhyijFD.exe
  C:\Windows\System\uhyijFD.exe
  2⤵
  PID:7888
- C:\Windows\System\XXUBbnp.exe
  C:\Windows\System\XXUBbnp.exe
  2⤵
  PID:7908
- C:\Windows\System\FsoqMcX.exe
  C:\Windows\System\FsoqMcX.exe
  2⤵
  PID:7928
- C:\Windows\System\kIRRdOV.exe
  C:\Windows\System\kIRRdOV.exe
  2⤵
  PID:7948
- C:\Windows\System\ZLoXEkn.exe
  C:\Windows\System\ZLoXEkn.exe
  2⤵
  PID:7968
- C:\Windows\System\nfitQkj.exe
  C:\Windows\System\nfitQkj.exe
  2⤵
  PID:7988
- C:\Windows\System\iPPraWQ.exe
  C:\Windows\System\iPPraWQ.exe
  2⤵
  PID:8008
- C:\Windows\System\ynrznJB.exe
  C:\Windows\System\ynrznJB.exe
  2⤵
  PID:8028
- C:\Windows\System\GAqyLKv.exe
  C:\Windows\System\GAqyLKv.exe
  2⤵
  PID:8048
- C:\Windows\System\lifMSYF.exe
  C:\Windows\System\lifMSYF.exe
  2⤵
  PID:8068
- C:\Windows\System\vTEMlgl.exe
  C:\Windows\System\vTEMlgl.exe
  2⤵
  PID:8088
- C:\Windows\System\twEMNtn.exe
  C:\Windows\System\twEMNtn.exe
  2⤵
  PID:8112
- C:\Windows\System\VMizsvl.exe
  C:\Windows\System\VMizsvl.exe
  2⤵
  PID:8132
- C:\Windows\System\RkkuWFP.exe
  C:\Windows\System\RkkuWFP.exe
  2⤵
  PID:8152
- C:\Windows\System\sdbcwFy.exe
  C:\Windows\System\sdbcwFy.exe
  2⤵
  PID:8176
- C:\Windows\System\pkkjPGV.exe
  C:\Windows\System\pkkjPGV.exe
  2⤵
  PID:5608
- C:\Windows\System\cKhmlmH.exe
  C:\Windows\System\cKhmlmH.exe
  2⤵
  PID:5808
- C:\Windows\System\qnFosyo.exe
  C:\Windows\System\qnFosyo.exe
  2⤵
  PID:6184
- C:\Windows\System\AiMrHJx.exe
  C:\Windows\System\AiMrHJx.exe
  2⤵
  PID:6392
- C:\Windows\System\RWBskuo.exe
  C:\Windows\System\RWBskuo.exe
  2⤵
  PID:6612
- C:\Windows\System\jcGNYQD.exe
  C:\Windows\System\jcGNYQD.exe
  2⤵
  PID:6708
- C:\Windows\System\HdThhfv.exe
  C:\Windows\System\HdThhfv.exe
  2⤵
  PID:3052
- C:\Windows\System\hywbpqq.exe
  C:\Windows\System\hywbpqq.exe
  2⤵
  PID:6936
- C:\Windows\System\xgHoPgK.exe
  C:\Windows\System\xgHoPgK.exe
  2⤵
  PID:1444
- C:\Windows\System\VNjnGlT.exe
  C:\Windows\System\VNjnGlT.exe
  2⤵
  PID:2764
- C:\Windows\System\svKmTHq.exe
  C:\Windows\System\svKmTHq.exe
  2⤵
  PID:4416
- C:\Windows\System\pQMCzmJ.exe
  C:\Windows\System\pQMCzmJ.exe
  2⤵
  PID:5624
- C:\Windows\System\VWhrsBn.exe
  C:\Windows\System\VWhrsBn.exe
  2⤵
  PID:7196
- C:\Windows\System\zCyFOHd.exe
  C:\Windows\System\zCyFOHd.exe
  2⤵
  PID:7256
- C:\Windows\System\POYLQKM.exe
  C:\Windows\System\POYLQKM.exe
  2⤵
  PID:7292
- C:\Windows\System\fLgISPG.exe
  C:\Windows\System\fLgISPG.exe
  2⤵
  PID:7276
- C:\Windows\System\bJsFUyj.exe
  C:\Windows\System\bJsFUyj.exe
  2⤵
  PID:7336
- C:\Windows\System\FPATURO.exe
  C:\Windows\System\FPATURO.exe
  2⤵
  PID:7360
- C:\Windows\System\gVQdQLt.exe
  C:\Windows\System\gVQdQLt.exe
  2⤵
  PID:7404
- C:\Windows\System\GijwREv.exe
  C:\Windows\System\GijwREv.exe
  2⤵
  PID:7436
- C:\Windows\System\wsnYnBE.exe
  C:\Windows\System\wsnYnBE.exe
  2⤵
  PID:7440
- C:\Windows\System\mgPgzET.exe
  C:\Windows\System\mgPgzET.exe
  2⤵
  PID:7484
- C:\Windows\System\UnMdvch.exe
  C:\Windows\System\UnMdvch.exe
  2⤵
  PID:7544
- C:\Windows\System\aeUCfim.exe
  C:\Windows\System\aeUCfim.exe
  2⤵
  PID:7560
- C:\Windows\System\OBWKAHv.exe
  C:\Windows\System\OBWKAHv.exe
  2⤵
  PID:7596
- C:\Windows\System\PvoRoIl.exe
  C:\Windows\System\PvoRoIl.exe
  2⤵
  PID:7620
- C:\Windows\System\jltnfPx.exe
  C:\Windows\System\jltnfPx.exe
  2⤵
  PID:7640
- C:\Windows\System\yPtdBOB.exe
  C:\Windows\System\yPtdBOB.exe
  2⤵
  PID:7676
- C:\Windows\System\BLGUhbZ.exe
  C:\Windows\System\BLGUhbZ.exe
  2⤵
  PID:7736
- C:\Windows\System\hLwDPkm.exe
  C:\Windows\System\hLwDPkm.exe
  2⤵
  PID:7776
- C:\Windows\System\yUqEuxd.exe
  C:\Windows\System\yUqEuxd.exe
  2⤵
  PID:7796
- C:\Windows\System\wSWVAoO.exe
  C:\Windows\System\wSWVAoO.exe
  2⤵
  PID:7820
- C:\Windows\System\KzpLybi.exe
  C:\Windows\System\KzpLybi.exe
  2⤵
  PID:7840
- C:\Windows\System\SiElDZL.exe
  C:\Windows\System\SiElDZL.exe
  2⤵
  PID:7876
- C:\Windows\System\wjlwwgL.exe
  C:\Windows\System\wjlwwgL.exe
  2⤵
  PID:7924
- C:\Windows\System\jCuCjoQ.exe
  C:\Windows\System\jCuCjoQ.exe
  2⤵
  PID:7984
- C:\Windows\System\JprJnwr.exe
  C:\Windows\System\JprJnwr.exe
  2⤵
  PID:7996
- C:\Windows\System\vnCODbQ.exe
  C:\Windows\System\vnCODbQ.exe
  2⤵
  PID:8020
- C:\Windows\System\YxkpAHo.exe
  C:\Windows\System\YxkpAHo.exe
  2⤵
  PID:8040
- C:\Windows\System\DTfTiJp.exe
  C:\Windows\System\DTfTiJp.exe
  2⤵
  PID:8080
- C:\Windows\System\HWHUQqc.exe
  C:\Windows\System\HWHUQqc.exe
  2⤵
  PID:8140
- C:\Windows\System\JXHtTGL.exe
  C:\Windows\System\JXHtTGL.exe
  2⤵
  PID:8188
- C:\Windows\System\Wizanig.exe
  C:\Windows\System\Wizanig.exe
  2⤵
  PID:6192
- C:\Windows\System\warDcmW.exe
  C:\Windows\System\warDcmW.exe
  2⤵
  PID:6124
- C:\Windows\System\ujlFopK.exe
  C:\Windows\System\ujlFopK.exe
  2⤵
  PID:6636
- C:\Windows\System\GGzEetn.exe
  C:\Windows\System\GGzEetn.exe
  2⤵
  PID:6432
- C:\Windows\System\PRBuQGo.exe
  C:\Windows\System\PRBuQGo.exe
  2⤵
  PID:6832
- C:\Windows\System\ZvIMZpC.exe
  C:\Windows\System\ZvIMZpC.exe
  2⤵
  PID:2652
- C:\Windows\System\WSNsvRf.exe
  C:\Windows\System\WSNsvRf.exe
  2⤵
  PID:7192
- C:\Windows\System\lzUAEwC.exe
  C:\Windows\System\lzUAEwC.exe
  2⤵
  PID:7220
- C:\Windows\System\ilpCnJc.exe
  C:\Windows\System\ilpCnJc.exe
  2⤵
  PID:7216
- C:\Windows\System\FLQyTeA.exe
  C:\Windows\System\FLQyTeA.exe
  2⤵
  PID:7304
- C:\Windows\System\rJVSuJx.exe
  C:\Windows\System\rJVSuJx.exe
  2⤵
  PID:7356
- C:\Windows\System\tVeKkqN.exe
  C:\Windows\System\tVeKkqN.exe
  2⤵
  PID:7456
- C:\Windows\System\kkZCGKF.exe
  C:\Windows\System\kkZCGKF.exe
  2⤵
  PID:7516
- C:\Windows\System\hwxeCKq.exe
  C:\Windows\System\hwxeCKq.exe
  2⤵
  PID:7504
- C:\Windows\System\OjWStws.exe
  C:\Windows\System\OjWStws.exe
  2⤵
  PID:7580
- C:\Windows\System\fatujhN.exe
  C:\Windows\System\fatujhN.exe
  2⤵
  PID:7600
- C:\Windows\System\ithdheq.exe
  C:\Windows\System\ithdheq.exe
  2⤵
  PID:7716
- C:\Windows\System\LDIJSQi.exe
  C:\Windows\System\LDIJSQi.exe
  2⤵
  PID:7780
- C:\Windows\System\waKTHNU.exe
  C:\Windows\System\waKTHNU.exe
  2⤵
  PID:7844
- C:\Windows\System\YdIwhYe.exe
  C:\Windows\System\YdIwhYe.exe
  2⤵
  PID:7880
- C:\Windows\System\VrnbEsA.exe
  C:\Windows\System\VrnbEsA.exe
  2⤵
  PID:7904
- C:\Windows\System\HNLYdpW.exe
  C:\Windows\System\HNLYdpW.exe
  2⤵
  PID:7940
- C:\Windows\System\fdFTAOB.exe
  C:\Windows\System\fdFTAOB.exe
  2⤵
  PID:8064
- C:\Windows\System\VPHnANt.exe
  C:\Windows\System\VPHnANt.exe
  2⤵
  PID:8120
- C:\Windows\System\hkbMojj.exe
  C:\Windows\System\hkbMojj.exe
  2⤵
  PID:8168
- C:\Windows\System\SshfOXj.exe
  C:\Windows\System\SshfOXj.exe
  2⤵
  PID:5772
- C:\Windows\System\rSsPHEe.exe
  C:\Windows\System\rSsPHEe.exe
  2⤵
  PID:2640
- C:\Windows\System\wZFhDuk.exe
  C:\Windows\System\wZFhDuk.exe
  2⤵
  PID:2696
- C:\Windows\System\UpNNxsf.exe
  C:\Windows\System\UpNNxsf.exe
  2⤵
  PID:2760
- C:\Windows\System\GxjfdQg.exe
  C:\Windows\System\GxjfdQg.exe
  2⤵
  PID:7180
- C:\Windows\System\hlSYnko.exe
  C:\Windows\System\hlSYnko.exe
  2⤵
  PID:5236
- C:\Windows\System\lrFbIFM.exe
  C:\Windows\System\lrFbIFM.exe
  2⤵
  PID:7316
- C:\Windows\System\XLULcfo.exe
  C:\Windows\System\XLULcfo.exe
  2⤵
  PID:7424
- C:\Windows\System\LOFNXot.exe
  C:\Windows\System\LOFNXot.exe
  2⤵
  PID:7460
- C:\Windows\System\hhSPjnV.exe
  C:\Windows\System\hhSPjnV.exe
  2⤵
  PID:7604
- C:\Windows\System\zjyZLQm.exe
  C:\Windows\System\zjyZLQm.exe
  2⤵
  PID:7704
- C:\Windows\System\vhraYSY.exe
  C:\Windows\System\vhraYSY.exe
  2⤵
  PID:7720
- C:\Windows\System\bwhkLvh.exe
  C:\Windows\System\bwhkLvh.exe
  2⤵
  PID:7936
- C:\Windows\System\fnnlejQ.exe
  C:\Windows\System\fnnlejQ.exe
  2⤵
  PID:8044
- C:\Windows\System\slzjqZT.exe
  C:\Windows\System\slzjqZT.exe
  2⤵
  PID:8164
- C:\Windows\System\Iwuiayi.exe
  C:\Windows\System\Iwuiayi.exe
  2⤵
  PID:8076
- C:\Windows\System\PJYMJpn.exe
  C:\Windows\System\PJYMJpn.exe
  2⤵
  PID:8144
- C:\Windows\System\nxoblBN.exe
  C:\Windows\System\nxoblBN.exe
  2⤵
  PID:6828
- C:\Windows\System\xcRwzuR.exe
  C:\Windows\System\xcRwzuR.exe
  2⤵
  PID:6968
- C:\Windows\System\WIUlCOV.exe
  C:\Windows\System\WIUlCOV.exe
  2⤵
  PID:8208
- C:\Windows\System\DVwRiBn.exe
  C:\Windows\System\DVwRiBn.exe
  2⤵
  PID:8228
- C:\Windows\System\zibMVXV.exe
  C:\Windows\System\zibMVXV.exe
  2⤵
  PID:8248
- C:\Windows\System\xTZVrKv.exe
  C:\Windows\System\xTZVrKv.exe
  2⤵
  PID:8264
- C:\Windows\System\nnMeHxe.exe
  C:\Windows\System\nnMeHxe.exe
  2⤵
  PID:8288
- C:\Windows\System\iiBMSmb.exe
  C:\Windows\System\iiBMSmb.exe
  2⤵
  PID:8312
- C:\Windows\System\unmsCet.exe
  C:\Windows\System\unmsCet.exe
  2⤵
  PID:8332
- C:\Windows\System\RlMzqfN.exe
  C:\Windows\System\RlMzqfN.exe
  2⤵
  PID:8352
- C:\Windows\System\HUHMvDi.exe
  C:\Windows\System\HUHMvDi.exe
  2⤵
  PID:8372
- C:\Windows\System\YiifuEu.exe
  C:\Windows\System\YiifuEu.exe
  2⤵
  PID:8392
- C:\Windows\System\XTNMXLK.exe
  C:\Windows\System\XTNMXLK.exe
  2⤵
  PID:8412
- C:\Windows\System\wrqczMO.exe
  C:\Windows\System\wrqczMO.exe
  2⤵
  PID:8432
- C:\Windows\System\pOszCLV.exe
  C:\Windows\System\pOszCLV.exe
  2⤵
  PID:8452
- C:\Windows\System\NlwRsQY.exe
  C:\Windows\System\NlwRsQY.exe
  2⤵
  PID:8472
- C:\Windows\System\jdLevLy.exe
  C:\Windows\System\jdLevLy.exe
  2⤵
  PID:8492
- C:\Windows\System\XSNEGkW.exe
  C:\Windows\System\XSNEGkW.exe
  2⤵
  PID:8512
- C:\Windows\System\gxHrJJJ.exe
  C:\Windows\System\gxHrJJJ.exe
  2⤵
  PID:8532
- C:\Windows\System\OTVjZyn.exe
  C:\Windows\System\OTVjZyn.exe
  2⤵
  PID:8552
- C:\Windows\System\QBgXLgd.exe
  C:\Windows\System\QBgXLgd.exe
  2⤵
  PID:8568
- C:\Windows\System\njcgcVI.exe
  C:\Windows\System\njcgcVI.exe
  2⤵
  PID:8584
- C:\Windows\System\kQkFrJm.exe
  C:\Windows\System\kQkFrJm.exe
  2⤵
  PID:8600
- C:\Windows\System\NnEPYBn.exe
  C:\Windows\System\NnEPYBn.exe
  2⤵
  PID:8616
- C:\Windows\System\BIIWBSE.exe
  C:\Windows\System\BIIWBSE.exe
  2⤵
  PID:8632
- C:\Windows\System\wXcPoou.exe
  C:\Windows\System\wXcPoou.exe
  2⤵
  PID:8648
- C:\Windows\System\MKOeMko.exe
  C:\Windows\System\MKOeMko.exe
  2⤵
  PID:8664
- C:\Windows\System\aElizev.exe
  C:\Windows\System\aElizev.exe
  2⤵
  PID:8680
- C:\Windows\System\tOwcFBR.exe
  C:\Windows\System\tOwcFBR.exe
  2⤵
  PID:8696
- C:\Windows\System\MoIgAdt.exe
  C:\Windows\System\MoIgAdt.exe
  2⤵
  PID:8752
- C:\Windows\System\yhIGsCg.exe
  C:\Windows\System\yhIGsCg.exe
  2⤵
  PID:8768
- C:\Windows\System\noqidkz.exe
  C:\Windows\System\noqidkz.exe
  2⤵
  PID:8784
- C:\Windows\System\SpKjVFM.exe
  C:\Windows\System\SpKjVFM.exe
  2⤵
  PID:8800
- C:\Windows\System\kxQTAkg.exe
  C:\Windows\System\kxQTAkg.exe
  2⤵
  PID:8820
- C:\Windows\System\RaxdbZZ.exe
  C:\Windows\System\RaxdbZZ.exe
  2⤵
  PID:8836
- C:\Windows\System\htbWoPb.exe
  C:\Windows\System\htbWoPb.exe
  2⤵
  PID:8852
- C:\Windows\System\lklgTKF.exe
  C:\Windows\System\lklgTKF.exe
  2⤵
  PID:8868
- C:\Windows\System\DYcXBPP.exe
  C:\Windows\System\DYcXBPP.exe
  2⤵
  PID:8884
- C:\Windows\System\xtjxdQT.exe
  C:\Windows\System\xtjxdQT.exe
  2⤵
  PID:8900
- C:\Windows\System\uQYxbTF.exe
  C:\Windows\System\uQYxbTF.exe
  2⤵
  PID:8916
- C:\Windows\System\TzxLHmI.exe
  C:\Windows\System\TzxLHmI.exe
  2⤵
  PID:8932
- C:\Windows\System\qvZYRJX.exe
  C:\Windows\System\qvZYRJX.exe
  2⤵
  PID:8948
- C:\Windows\System\dlvIoxh.exe
  C:\Windows\System\dlvIoxh.exe
  2⤵
  PID:8988
- C:\Windows\System\fRMUoZE.exe
  C:\Windows\System\fRMUoZE.exe
  2⤵
  PID:9012
- C:\Windows\System\HLFxEKu.exe
  C:\Windows\System\HLFxEKu.exe
  2⤵
  PID:9040
- C:\Windows\System\vruYlRp.exe
  C:\Windows\System\vruYlRp.exe
  2⤵
  PID:9056
- C:\Windows\System\TMkSEcr.exe
  C:\Windows\System\TMkSEcr.exe
  2⤵
  PID:9072
- C:\Windows\System\FkdkdRF.exe
  C:\Windows\System\FkdkdRF.exe
  2⤵
  PID:9096
- C:\Windows\System\JlxXwsb.exe
  C:\Windows\System\JlxXwsb.exe
  2⤵
  PID:9176
- C:\Windows\System\vzTAyWT.exe
  C:\Windows\System\vzTAyWT.exe
  2⤵
  PID:9192
- C:\Windows\System\UBcRLvB.exe
  C:\Windows\System\UBcRLvB.exe
  2⤵
  PID:9208
- C:\Windows\System\YHoEEYq.exe
  C:\Windows\System\YHoEEYq.exe
  2⤵
  PID:7464
- C:\Windows\System\LgQqoRP.exe
  C:\Windows\System\LgQqoRP.exe
  2⤵
  PID:7396
- C:\Windows\System\pkoXEuo.exe
  C:\Windows\System\pkoXEuo.exe
  2⤵
  PID:7564
- C:\Windows\System\loBjhFr.exe
  C:\Windows\System\loBjhFr.exe
  2⤵
  PID:7740
- C:\Windows\System\yiGyLng.exe
  C:\Windows\System\yiGyLng.exe
  2⤵
  PID:7824
- C:\Windows\System\uJzIbPK.exe
  C:\Windows\System\uJzIbPK.exe
  2⤵
  PID:7960
- C:\Windows\System\SZAoHxc.exe
  C:\Windows\System\SZAoHxc.exe
  2⤵
  PID:7964
- C:\Windows\System\zXfmnjH.exe
  C:\Windows\System\zXfmnjH.exe
  2⤵
  PID:8128
- C:\Windows\System\oJXoShI.exe
  C:\Windows\System\oJXoShI.exe
  2⤵
  PID:2916
- C:\Windows\System\ZyCDMDv.exe
  C:\Windows\System\ZyCDMDv.exe
  2⤵
  PID:8200
- C:\Windows\System\DuwNaXX.exe
  C:\Windows\System\DuwNaXX.exe
  2⤵
  PID:7260
- C:\Windows\System\VJztEFU.exe
  C:\Windows\System\VJztEFU.exe
  2⤵
  PID:8240
- C:\Windows\System\mzgTiMs.exe
  C:\Windows\System\mzgTiMs.exe
  2⤵
  PID:8300
- C:\Windows\System\CymzNqu.exe
  C:\Windows\System\CymzNqu.exe
  2⤵
  PID:8320
- C:\Windows\System\iHmTjAp.exe
  C:\Windows\System\iHmTjAp.exe
  2⤵
  PID:8344
- C:\Windows\System\bJIdErP.exe
  C:\Windows\System\bJIdErP.exe
  2⤵
  PID:8408
- C:\Windows\System\JHxhnlw.exe
  C:\Windows\System\JHxhnlw.exe
  2⤵
  PID:8424
- C:\Windows\System\DNrJFvN.exe
  C:\Windows\System\DNrJFvN.exe
  2⤵
  PID:8488
- C:\Windows\System\rTayEig.exe
  C:\Windows\System\rTayEig.exe
  2⤵
  PID:8504
- C:\Windows\System\VqdPLLs.exe
  C:\Windows\System\VqdPLLs.exe
  2⤵
  PID:8544
- C:\Windows\System\kiwRPZL.exe
  C:\Windows\System\kiwRPZL.exe
  2⤵
  PID:8580
- C:\Windows\System\GmsMpaJ.exe
  C:\Windows\System\GmsMpaJ.exe
  2⤵
  PID:8628
- C:\Windows\System\noyTwKx.exe
  C:\Windows\System\noyTwKx.exe
  2⤵
  PID:8660
- C:\Windows\System\ZNeSzHm.exe
  C:\Windows\System\ZNeSzHm.exe
  2⤵
  PID:8692
- C:\Windows\System\XesKqRH.exe
  C:\Windows\System\XesKqRH.exe
  2⤵
  PID:8716
- C:\Windows\System\ytoTAaE.exe
  C:\Windows\System\ytoTAaE.exe
  2⤵
  PID:8736
- C:\Windows\System\KXSABxU.exe
  C:\Windows\System\KXSABxU.exe
  2⤵
  PID:2656
- C:\Windows\System\UGzpcOj.exe
  C:\Windows\System\UGzpcOj.exe
  2⤵
  PID:8776
- C:\Windows\System\qCGyJse.exe
  C:\Windows\System\qCGyJse.exe
  2⤵
  PID:8896
- C:\Windows\System\FIIIVbg.exe
  C:\Windows\System\FIIIVbg.exe
  2⤵
  PID:8924
- C:\Windows\System\EXbgecd.exe
  C:\Windows\System\EXbgecd.exe
  2⤵
  PID:8964
- C:\Windows\System\ZxmacJF.exe
  C:\Windows\System\ZxmacJF.exe
  2⤵
  PID:8980
- C:\Windows\System\SsoECol.exe
  C:\Windows\System\SsoECol.exe
  2⤵
  PID:4180
- C:\Windows\System\QJEVlKD.exe
  C:\Windows\System\QJEVlKD.exe
  2⤵
  PID:9008
- C:\Windows\System\FqOZgVD.exe
  C:\Windows\System\FqOZgVD.exe
  2⤵
  PID:9036
- C:\Windows\System\RMxhEgR.exe
  C:\Windows\System\RMxhEgR.exe
  2⤵
  PID:9052
- C:\Windows\System\nOzKgTG.exe
  C:\Windows\System\nOzKgTG.exe
  2⤵
  PID:9080
- C:\Windows\System\EikvBsg.exe
  C:\Windows\System\EikvBsg.exe
  2⤵
  PID:9104
- C:\Windows\System\nictjqi.exe
  C:\Windows\System\nictjqi.exe
  2⤵
  PID:9124
- C:\Windows\System\aqVDSEf.exe
  C:\Windows\System\aqVDSEf.exe
  2⤵
  PID:4816
- C:\Windows\System\iZIZXxf.exe
  C:\Windows\System\iZIZXxf.exe
  2⤵
  PID:2824
- C:\Windows\System\WMiXWBw.exe
  C:\Windows\System\WMiXWBw.exe
  2⤵
  PID:2016
- C:\Windows\System\jFVHBfv.exe
  C:\Windows\System\jFVHBfv.exe
  2⤵
  PID:9184
- C:\Windows\System\NbWVsvQ.exe
  C:\Windows\System\NbWVsvQ.exe
  2⤵
  PID:2236
- C:\Windows\System\rCckcKC.exe
  C:\Windows\System\rCckcKC.exe
  2⤵
  PID:1296
- C:\Windows\System\JCZNvPq.exe
  C:\Windows\System\JCZNvPq.exe
  2⤵
  PID:8024
- C:\Windows\System\UmJokdE.exe
  C:\Windows\System\UmJokdE.exe
  2⤵
  PID:1764
- C:\Windows\System\HXZfamS.exe
  C:\Windows\System\HXZfamS.exe
  2⤵
  PID:1104
- C:\Windows\System\sFCGDSv.exe
  C:\Windows\System\sFCGDSv.exe
  2⤵
  PID:6792
- C:\Windows\System\ecXkSgj.exe
  C:\Windows\System\ecXkSgj.exe
  2⤵
  PID:6352
- C:\Windows\System\LhIkxFP.exe
  C:\Windows\System\LhIkxFP.exe
  2⤵
  PID:8236
- C:\Windows\System\OXkkdiW.exe
  C:\Windows\System\OXkkdiW.exe
  2⤵
  PID:8304
- C:\Windows\System\rEnDIix.exe
  C:\Windows\System\rEnDIix.exe
  2⤵
  PID:8308
- C:\Windows\System\NEyPplv.exe
  C:\Windows\System\NEyPplv.exe
  2⤵
  PID:8368
- C:\Windows\System\RTMvmyW.exe
  C:\Windows\System\RTMvmyW.exe
  2⤵
  PID:2232
- C:\Windows\System\cPMebwp.exe
  C:\Windows\System\cPMebwp.exe
  2⤵
  PID:8440
- C:\Windows\System\GJeNBTu.exe
  C:\Windows\System\GJeNBTu.exe
  2⤵
  PID:8460
- C:\Windows\System\EfEyplA.exe
  C:\Windows\System\EfEyplA.exe
  2⤵
  PID:8480
- C:\Windows\System\qbWaMWp.exe
  C:\Windows\System\qbWaMWp.exe
  2⤵
  PID:8500
- C:\Windows\System\EFlDAFY.exe
  C:\Windows\System\EFlDAFY.exe
  2⤵
  PID:8524
- C:\Windows\System\HSwZQyZ.exe
  C:\Windows\System\HSwZQyZ.exe
  2⤵
  PID:2136
- C:\Windows\System\LdOXedH.exe
  C:\Windows\System\LdOXedH.exe
  2⤵
  PID:956
- C:\Windows\System\oWlCeWb.exe
  C:\Windows\System\oWlCeWb.exe
  2⤵
  PID:1332
- C:\Windows\System\xhQmrsH.exe
  C:\Windows\System\xhQmrsH.exe
  2⤵
  PID:2768
- C:\Windows\System\taptwVP.exe
  C:\Windows\System\taptwVP.exe
  2⤵
  PID:8576
- C:\Windows\System\fhOHMkj.exe
  C:\Windows\System\fhOHMkj.exe
  2⤵
  PID:8592
- C:\Windows\System\yCJjLZP.exe
  C:\Windows\System\yCJjLZP.exe
  2⤵
  PID:4756
- C:\Windows\System\tGIhKoL.exe
  C:\Windows\System\tGIhKoL.exe
  2⤵
  PID:8724
- C:\Windows\System\wcNujYb.exe
  C:\Windows\System\wcNujYb.exe
  2⤵
  PID:2772
- C:\Windows\System\XfeqSIu.exe
  C:\Windows\System\XfeqSIu.exe
  2⤵
  PID:8796
- C:\Windows\System\bMqVEtH.exe
  C:\Windows\System\bMqVEtH.exe
  2⤵
  PID:8832
- C:\Windows\System\vBVfoqm.exe
  C:\Windows\System\vBVfoqm.exe
  2⤵
  PID:8844
- C:\Windows\System\ZJuRPRF.exe
  C:\Windows\System\ZJuRPRF.exe
  2⤵
  PID:8928
- C:\Windows\System\ZyATRfS.exe
  C:\Windows\System\ZyATRfS.exe
  2⤵
  PID:8944
- C:\Windows\System\iXVHtCv.exe
  C:\Windows\System\iXVHtCv.exe
  2⤵
  PID:4148
- C:\Windows\System\RnvaGco.exe
  C:\Windows\System\RnvaGco.exe
  2⤵
  PID:9140
- C:\Windows\System\fCHorAu.exe
  C:\Windows\System\fCHorAu.exe
  2⤵
  PID:8996
- C:\Windows\System\FyRPPAR.exe
  C:\Windows\System\FyRPPAR.exe
  2⤵
  PID:9092
- C:\Windows\System\OTLZYZS.exe
  C:\Windows\System\OTLZYZS.exe
  2⤵
  PID:2356
- C:\Windows\System\tapHYpx.exe
  C:\Windows\System\tapHYpx.exe
  2⤵
  PID:1936
- C:\Windows\System\ixHNiWT.exe
  C:\Windows\System\ixHNiWT.exe
  2⤵
  PID:1032
- C:\Windows\System\RZrhybx.exe
  C:\Windows\System\RZrhybx.exe
  2⤵
  PID:5288
- C:\Windows\System\OWtkLEE.exe
  C:\Windows\System\OWtkLEE.exe
  2⤵
  PID:7500
- C:\Windows\System\ZXKXjsI.exe
  C:\Windows\System\ZXKXjsI.exe
  2⤵
  PID:1628
- C:\Windows\System\IwnBZHT.exe
  C:\Windows\System\IwnBZHT.exe
  2⤵
  PID:7680
- C:\Windows\System\rxTMHbI.exe
  C:\Windows\System\rxTMHbI.exe
  2⤵
  PID:8000
- C:\Windows\System\shAJjhS.exe
  C:\Windows\System\shAJjhS.exe
  2⤵
  PID:8428
- C:\Windows\System\zdacEgp.exe
  C:\Windows\System\zdacEgp.exe
  2⤵
  PID:2592
- C:\Windows\System\juCmRIu.exe
  C:\Windows\System\juCmRIu.exe
  2⤵
  PID:8388
- C:\Windows\System\bQjiBdH.exe
  C:\Windows\System\bQjiBdH.exe
  2⤵
  PID:2600
- C:\Windows\System\ZnjEJIV.exe
  C:\Windows\System\ZnjEJIV.exe
  2⤵
  PID:1520
- C:\Windows\System\lwFpOJj.exe
  C:\Windows\System\lwFpOJj.exe
  2⤵
  PID:2300
- C:\Windows\System\kYXuygk.exe
  C:\Windows\System\kYXuygk.exe
  2⤵
  PID:9200
- C:\Windows\System\zffzdBa.exe
  C:\Windows\System\zffzdBa.exe
  2⤵
  PID:9020
- C:\Windows\System\wRMLpkV.exe
  C:\Windows\System\wRMLpkV.exe
  2⤵
  PID:2628
- C:\Windows\System\ZVrltKo.exe
  C:\Windows\System\ZVrltKo.exe
  2⤵
  PID:8280
- C:\Windows\System\xkQKasp.exe
  C:\Windows\System\xkQKasp.exe
  2⤵
  PID:8384
- C:\Windows\System\tCPNAsG.exe
  C:\Windows\System\tCPNAsG.exe
  2⤵
  PID:2200
- C:\Windows\System\QqNmdvS.exe
  C:\Windows\System\QqNmdvS.exe
  2⤵
  PID:2992
- C:\Windows\System\saIhxiG.exe
  C:\Windows\System\saIhxiG.exe
  2⤵
  PID:2804
- C:\Windows\System\YbfLgUG.exe
  C:\Windows\System\YbfLgUG.exe
  2⤵
  PID:2976
- C:\Windows\System\HSJhnAs.exe
  C:\Windows\System\HSJhnAs.exe
  2⤵
  PID:1500
- C:\Windows\System\xqbxKxk.exe
  C:\Windows\System\xqbxKxk.exe
  2⤵
  PID:8260
- C:\Windows\System\kaukaqh.exe
  C:\Windows\System\kaukaqh.exe
  2⤵
  PID:8892
- C:\Windows\System\jdUxllG.exe
  C:\Windows\System\jdUxllG.exe
  2⤵
  PID:8880
- C:\Windows\System\qAvlYxk.exe
  C:\Windows\System\qAvlYxk.exe
  2⤵
  PID:8676
- C:\Windows\System\buPohjM.exe
  C:\Windows\System\buPohjM.exe
  2⤵
  PID:4560
- C:\Windows\System\ieUKAvW.exe
  C:\Windows\System\ieUKAvW.exe
  2⤵
  PID:9108
- C:\Windows\System\diocrbn.exe
  C:\Windows\System\diocrbn.exe
  2⤵
  PID:7380
- C:\Windows\System\AqJguqf.exe
  C:\Windows\System\AqJguqf.exe
  2⤵
  PID:8196
- C:\Windows\System\HRJaJaa.exe
  C:\Windows\System\HRJaJaa.exe
  2⤵
  PID:3004
- C:\Windows\System\FHfjHlF.exe
  C:\Windows\System\FHfjHlF.exe
  2⤵
  PID:8792
- C:\Windows\System\TxTbVai.exe
  C:\Windows\System\TxTbVai.exe
  2⤵
  PID:9224
- C:\Windows\System\lIfvldm.exe
  C:\Windows\System\lIfvldm.exe
  2⤵
  PID:9240
- C:\Windows\System\AueabaH.exe
  C:\Windows\System\AueabaH.exe
  2⤵
  PID:9256
- C:\Windows\System\hrANlzW.exe
  C:\Windows\System\hrANlzW.exe
  2⤵
  PID:9272
- C:\Windows\System\XYAwNkO.exe
  C:\Windows\System\XYAwNkO.exe
  2⤵
  PID:9288
- C:\Windows\System\ItHQexa.exe
  C:\Windows\System\ItHQexa.exe
  2⤵
  PID:9304
- C:\Windows\System\zZAEvCG.exe
  C:\Windows\System\zZAEvCG.exe
  2⤵
  PID:9320
- C:\Windows\System\sZPIzQH.exe
  C:\Windows\System\sZPIzQH.exe
  2⤵
  PID:9336
- C:\Windows\System\uIxTZvf.exe
  C:\Windows\System\uIxTZvf.exe
  2⤵
  PID:9352
- C:\Windows\System\ApiSaHw.exe
  C:\Windows\System\ApiSaHw.exe
  2⤵
  PID:9368
- C:\Windows\System\oPTphmc.exe
  C:\Windows\System\oPTphmc.exe
  2⤵
  PID:9384
- C:\Windows\System\ygszlqT.exe
  C:\Windows\System\ygszlqT.exe
  2⤵
  PID:9400
- C:\Windows\System\utLsbQe.exe
  C:\Windows\System\utLsbQe.exe
  2⤵
  PID:9416
- C:\Windows\System\BLloXAO.exe
  C:\Windows\System\BLloXAO.exe
  2⤵
  PID:9432
- C:\Windows\System\jDGqpqb.exe
  C:\Windows\System\jDGqpqb.exe
  2⤵
  PID:9448
- C:\Windows\System\SJOkueA.exe
  C:\Windows\System\SJOkueA.exe
  2⤵
  PID:9464
- C:\Windows\System\rHMPHgf.exe
  C:\Windows\System\rHMPHgf.exe
  2⤵
  PID:9480
- C:\Windows\System\FbKHxwp.exe
  C:\Windows\System\FbKHxwp.exe
  2⤵
  PID:9496
- C:\Windows\System\myDVXSh.exe
  C:\Windows\System\myDVXSh.exe
  2⤵
  PID:9512
- C:\Windows\System\uCzabWo.exe
  C:\Windows\System\uCzabWo.exe
  2⤵
  PID:9528
- C:\Windows\System\wTENbmH.exe
  C:\Windows\System\wTENbmH.exe
  2⤵
  PID:9544
- C:\Windows\System\kqVQjfF.exe
  C:\Windows\System\kqVQjfF.exe
  2⤵
  PID:9560
- C:\Windows\System\qtzdlVf.exe
  C:\Windows\System\qtzdlVf.exe
  2⤵
  PID:9576
- C:\Windows\System\LzQtTLL.exe
  C:\Windows\System\LzQtTLL.exe
  2⤵
  PID:9592
- C:\Windows\System\JRyviqp.exe
  C:\Windows\System\JRyviqp.exe
  2⤵
  PID:9608
- C:\Windows\System\UosWfDv.exe
  C:\Windows\System\UosWfDv.exe
  2⤵
  PID:9624
- C:\Windows\System\ZAkVRCp.exe
  C:\Windows\System\ZAkVRCp.exe
  2⤵
  PID:9640
- C:\Windows\System\fTmnBqs.exe
  C:\Windows\System\fTmnBqs.exe
  2⤵
  PID:9656
- C:\Windows\System\ufFIBLN.exe
  C:\Windows\System\ufFIBLN.exe
  2⤵
  PID:9672
- C:\Windows\System\AmdEItU.exe
  C:\Windows\System\AmdEItU.exe
  2⤵
  PID:9688
- C:\Windows\System\btKIsCk.exe
  C:\Windows\System\btKIsCk.exe
  2⤵
  PID:9704
- C:\Windows\System\yKQIKYx.exe
  C:\Windows\System\yKQIKYx.exe
  2⤵
  PID:9720
- C:\Windows\System\MbymrxW.exe
  C:\Windows\System\MbymrxW.exe
  2⤵
  PID:9736
- C:\Windows\System\xqlnier.exe
  C:\Windows\System\xqlnier.exe
  2⤵
  PID:9752
- C:\Windows\System\YBdPcTT.exe
  C:\Windows\System\YBdPcTT.exe
  2⤵
  PID:9768
- C:\Windows\System\fuZOjVk.exe
  C:\Windows\System\fuZOjVk.exe
  2⤵
  PID:9784
- C:\Windows\System\fkoDiGF.exe
  C:\Windows\System\fkoDiGF.exe
  2⤵
  PID:9808
- C:\Windows\System\AofmuyV.exe
  C:\Windows\System\AofmuyV.exe
  2⤵
  PID:9836
- C:\Windows\System\SIMpuTN.exe
  C:\Windows\System\SIMpuTN.exe
  2⤵
  PID:9856
- C:\Windows\System\VUXnXHX.exe
  C:\Windows\System\VUXnXHX.exe
  2⤵
  PID:9876
- C:\Windows\System\HdBpltE.exe
  C:\Windows\System\HdBpltE.exe
  2⤵
  PID:9892
- C:\Windows\System\dAUueAH.exe
  C:\Windows\System\dAUueAH.exe
  2⤵
  PID:9908
- C:\Windows\System\bbpxjol.exe
  C:\Windows\System\bbpxjol.exe
  2⤵
  PID:9924
- C:\Windows\System\NsGwFXA.exe
  C:\Windows\System\NsGwFXA.exe
  2⤵
  PID:9940
- C:\Windows\System\BtHUjTH.exe
  C:\Windows\System\BtHUjTH.exe
  2⤵
  PID:9956
- C:\Windows\System\RyGuqVy.exe
  C:\Windows\System\RyGuqVy.exe
  2⤵
  PID:9972
- C:\Windows\System\LZdVdcu.exe
  C:\Windows\System\LZdVdcu.exe
  2⤵
  PID:9988
- C:\Windows\System\qoRlllf.exe
  C:\Windows\System\qoRlllf.exe
  2⤵
  PID:10004
- C:\Windows\System\ZEiMTWo.exe
  C:\Windows\System\ZEiMTWo.exe
  2⤵
  PID:10020
- C:\Windows\System\QlhUnBB.exe
  C:\Windows\System\QlhUnBB.exe
  2⤵
  PID:10036
- C:\Windows\System\uEyrtag.exe
  C:\Windows\System\uEyrtag.exe
  2⤵
  PID:10052
- C:\Windows\System\NNaTrgk.exe
  C:\Windows\System\NNaTrgk.exe
  2⤵
  PID:10068
- C:\Windows\System\LRpjFJT.exe
  C:\Windows\System\LRpjFJT.exe
  2⤵
  PID:10088
- C:\Windows\System\CnDPXeG.exe
  C:\Windows\System\CnDPXeG.exe
  2⤵
  PID:10104
- C:\Windows\System\yBKVErL.exe
  C:\Windows\System\yBKVErL.exe
  2⤵
  PID:10120
- C:\Windows\System\yVTicOO.exe
  C:\Windows\System\yVTicOO.exe
  2⤵
  PID:10136
- C:\Windows\System\opgJZnU.exe
  C:\Windows\System\opgJZnU.exe
  2⤵
  PID:10152
- C:\Windows\System\bVTeCtW.exe
  C:\Windows\System\bVTeCtW.exe
  2⤵
  PID:10172
- C:\Windows\System\WzSwGAE.exe
  C:\Windows\System\WzSwGAE.exe
  2⤵
  PID:10188
- C:\Windows\System\wjApBHK.exe
  C:\Windows\System\wjApBHK.exe
  2⤵
  PID:10204
- C:\Windows\System\ikAvfkt.exe
  C:\Windows\System\ikAvfkt.exe
  2⤵
  PID:10220
- C:\Windows\System\QVtfIHk.exe
  C:\Windows\System\QVtfIHk.exe
  2⤵
  PID:2088
- C:\Windows\System\DOEPyLE.exe
  C:\Windows\System\DOEPyLE.exe
  2⤵
  PID:8812
- C:\Windows\System\OnDjKez.exe
  C:\Windows\System\OnDjKez.exe
  2⤵
  PID:9296
- C:\Windows\System\nMFMyEs.exe
  C:\Windows\System\nMFMyEs.exe
  2⤵
  PID:7364
- C:\Windows\System\yvrFLuL.exe
  C:\Windows\System\yvrFLuL.exe
  2⤵
  PID:8540
- C:\Windows\System\ofwtfLF.exe
  C:\Windows\System\ofwtfLF.exe
  2⤵
  PID:9248
- C:\Windows\System\rQcxVYL.exe
  C:\Windows\System\rQcxVYL.exe
  2⤵
  PID:9312
- C:\Windows\System\UzFobLw.exe
  C:\Windows\System\UzFobLw.exe
  2⤵
  PID:9332
- C:\Windows\System\TpymcnP.exe
  C:\Windows\System\TpymcnP.exe
  2⤵
  PID:9348
- C:\Windows\System\KFCEoqf.exe
  C:\Windows\System\KFCEoqf.exe
  2⤵
  PID:9492
- C:\Windows\System\QmCLyqN.exe
  C:\Windows\System\QmCLyqN.exe
  2⤵
  PID:9472
- C:\Windows\System\eTxZLVW.exe
  C:\Windows\System\eTxZLVW.exe
  2⤵
  PID:9556
- C:\Windows\System\WhnMPOh.exe
  C:\Windows\System\WhnMPOh.exe
  2⤵
  PID:9620
- C:\Windows\System\OmiIAmN.exe
  C:\Windows\System\OmiIAmN.exe
  2⤵
  PID:9684
- C:\Windows\System\uEGlJCS.exe
  C:\Windows\System\uEGlJCS.exe
  2⤵
  PID:9776
- C:\Windows\System\kWcyygk.exe
  C:\Windows\System\kWcyygk.exe
  2⤵
  PID:9820
- C:\Windows\System\PSpZuhI.exe
  C:\Windows\System\PSpZuhI.exe
  2⤵
  PID:9872
- C:\Windows\System\gmmZdyd.exe
  C:\Windows\System\gmmZdyd.exe
  2⤵
  PID:9936
- C:\Windows\System\GIUCqCY.exe
  C:\Windows\System\GIUCqCY.exe
  2⤵
  PID:9604
- C:\Windows\System\IdAynFG.exe
  C:\Windows\System\IdAynFG.exe
  2⤵
  PID:9668
- C:\Windows\System\KDStqHv.exe
  C:\Windows\System\KDStqHv.exe
  2⤵
  PID:9732
- C:\Windows\System\PXuLqoz.exe
  C:\Windows\System\PXuLqoz.exe
  2⤵
  PID:9796
- C:\Windows\System\ywtRoAK.exe
  C:\Windows\System\ywtRoAK.exe
  2⤵
  PID:9848
- C:\Windows\System\OwhewLU.exe
  C:\Windows\System\OwhewLU.exe
  2⤵
  PID:9888
- C:\Windows\System\FQarqvf.exe
  C:\Windows\System\FQarqvf.exe
  2⤵
  PID:9952
- C:\Windows\System\LwLotRg.exe
  C:\Windows\System\LwLotRg.exe
  2⤵
  PID:9968
- C:\Windows\System\TQrDoRs.exe
  C:\Windows\System\TQrDoRs.exe
  2⤵
  PID:10044
- C:\Windows\System\ylzWfxJ.exe
  C:\Windows\System\ylzWfxJ.exe
  2⤵
  PID:10060
- C:\Windows\System\YQQcdiB.exe
  C:\Windows\System\YQQcdiB.exe
  2⤵
  PID:10096
- C:\Windows\System\ZMTpIpD.exe
  C:\Windows\System\ZMTpIpD.exe
  2⤵
  PID:10128
- C:\Windows\System\vREmnUq.exe
  C:\Windows\System\vREmnUq.exe
  2⤵
  PID:10168
- C:\Windows\System\kBWqKOx.exe
  C:\Windows\System\kBWqKOx.exe
  2⤵
  PID:10184
- C:\Windows\System\fdqGmmW.exe
  C:\Windows\System\fdqGmmW.exe
  2⤵
  PID:10216
- C:\Windows\System\rcpPNSz.exe
  C:\Windows\System\rcpPNSz.exe
  2⤵
  PID:9264
- C:\Windows\System\gycDiRt.exe
  C:\Windows\System\gycDiRt.exe
  2⤵
  PID:2856
- C:\Windows\System\Rtuwiik.exe
  C:\Windows\System\Rtuwiik.exe
  2⤵
  PID:2960
- C:\Windows\System\fejwLRe.exe
  C:\Windows\System\fejwLRe.exe
  2⤵
  PID:2532
- C:\Windows\System\PPmSPAF.exe
  C:\Windows\System\PPmSPAF.exe
  2⤵
  PID:8448
- C:\Windows\System\cakzcSq.exe
  C:\Windows\System\cakzcSq.exe
  2⤵
  PID:9868
- C:\Windows\System\zVwYvAX.exe
  C:\Windows\System\zVwYvAX.exe
  2⤵
  PID:9328
- C:\Windows\System\teQQkbf.exe
  C:\Windows\System\teQQkbf.exe
  2⤵
  PID:9396
- C:\Windows\System\nQcsNAQ.exe
  C:\Windows\System\nQcsNAQ.exe
  2⤵
  PID:9524
- C:\Windows\System\bDdqVAh.exe
  C:\Windows\System\bDdqVAh.exe
  2⤵
  PID:9568
- C:\Windows\System\vviqAXO.exe
  C:\Windows\System\vviqAXO.exe
  2⤵
  PID:9864
- C:\Windows\System\XDhufOg.exe
  C:\Windows\System\XDhufOg.exe
  2⤵
  PID:1004
- C:\Windows\System\hmUSbpI.exe
  C:\Windows\System\hmUSbpI.exe
  2⤵
  PID:9748
- C:\Windows\System\SFiifBS.exe
  C:\Windows\System\SFiifBS.exe
  2⤵
  PID:9980
- C:\Windows\System\wiaxEZw.exe
  C:\Windows\System\wiaxEZw.exe
  2⤵
  PID:10228
- C:\Windows\System\sUbuLOW.exe
  C:\Windows\System\sUbuLOW.exe
  2⤵
  PID:9716
- C:\Windows\System\jHMNpIU.exe
  C:\Windows\System\jHMNpIU.exe
  2⤵
  PID:9456
- C:\Windows\System\bLYqzyV.exe
  C:\Windows\System\bLYqzyV.exe
  2⤵
  PID:9572
- C:\Windows\System\NXIrnVH.exe
  C:\Windows\System\NXIrnVH.exe
  2⤵
  PID:9540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AkIHPEM.exe

Filesize
6.0MB

MD5
43588a125a8e601d0501773cf72319aa

SHA1
4e92d33041e629ceb35de3e924d75747370ed90b

SHA256
86f416c3f88924edd9c2d38f230df1282a7c9e8648f35f4cd1dac530d72439f9

SHA512
9144c632302d25bd4c956c10a9b836169c123458a16072a0635b16824434a8eb1490df372446cf19f25339c65f783df799f92437b2a16103bcb2b333c8e9811c

Download Submit
C:\Windows\system\BUvtBUH.exe

Filesize
6.0MB

MD5
d7b8130d7269b5a9cebf1fbbe490841e

SHA1
d5e60a8ed44cbc779a716213bd075381102a7886

SHA256
430934af1fa08b57d029aaa0a09d51c94804d4961b7ef3e1fb1a82f5d1a1e8e4

SHA512
9268223df450165e03b5563caa6364687faf5aa011c96225ae1e71ddb1c9d78c86e2f17b150024d82457eb51046c7280da03bb5125c5df85fd3404da4f5e2783

Download Submit
C:\Windows\system\GMlmLdP.exe

Filesize
6.0MB

MD5
db476a2e2caf6bdc415b749f7302a3e1

SHA1
97550e73545970cf9a420055565a6a700f0cafd7

SHA256
a1de547ad63df90ee9ba6f73f91562c8b0d1c8b1e3ad1dcad4a14e1709854442

SHA512
e9fea572383fcd850805c6335d32e43c38c61fb0bea154be1870abe3061dcdfaca561ce3d054c3451582b8ef767231480f5c040b069116434f56781b9744324c

Download Submit
C:\Windows\system\JVibudW.exe

Filesize
6.0MB

MD5
896092a0a4c176196c26558950aa4a04

SHA1
1e609d18a88c45723d09faed176aa2db28ac7cdf

SHA256
fda183b7feacbc3f1e8496cb1f03b90761b5da52caaddf57af403d49e2b92f5a

SHA512
a552f4930be496b33283d51d47961e11737131c039da03d5634ffc05242b4f5c8413d042d004ad1c8c1c5a96e8945f84966686c8ecec36db896afbc9dd1681a0

Download Submit
C:\Windows\system\MpSmXWl.exe

Filesize
6.0MB

MD5
9127938f5e28fd1acca94e1795b1d2d1

SHA1
e37535a34fb77701e29957a5b90ddd7cc2dab444

SHA256
81bdd2fb4ea29f349a7e95fedbeff9920bfc278d6de12c9018cd5671642798db

SHA512
e65872fd038e6b182e1887fb03cb935757beb07d47eb20cb9fdcd68756df8d1fe03d8b226352f21102ef5becc248f667efb8146e3ccf261b3b65164a0189c2b7

Download Submit
C:\Windows\system\QeBXLBk.exe

Filesize
6.0MB

MD5
23ceb54db660f9bcdcae413a3a68e167

SHA1
11e194394d9b167d4f34ab7bef560efce8defa3d

SHA256
c01c4c48efe5094f5944fb44312096ca865648e916cff27263eaca0a0fcec6df

SHA512
0b3eac37e6c4bb3868abeedb996d35b27be4147f0f0d27c9a3d43ff7a03158f1ab60b375d2f1add985726985e6be953eabc2379b124bbd92aaf377262cbdbc40

Download Submit
C:\Windows\system\RdZYsBv.exe

Filesize
6.0MB

MD5
4f13118196c08ebbe8d7ed106f4df62c

SHA1
ef2d723579dd688b4ce953506f9e8be91414aa09

SHA256
b3aecfaeddb816c5b17a18efe2a8eb3019f490be1fcb4fe909f3b01c04545191

SHA512
8316a09bc771134a6a6ca078994002515bef63ee54eb5eeda77afd975bc6acde6204557542cb688a8a3b8d9b0fc3c80cdaab8bb13846afb0f47d3c9840f68ecd

Download Submit
C:\Windows\system\TcvFeHK.exe

Filesize
6.0MB

MD5
74ae4659dbcf41e8151dca19d4a8cf84

SHA1
3b5fc99c46f091cf3071d88a9a0dfa48478c31d8

SHA256
b32f347596de4392e8851c2ed2bbd99150201cfa34c4a89e8101076390bee280

SHA512
9c8031e7e5108fdc6b77850cb7d11b3cff88fd5403d30faa64cdbedff1604bc47bf699e87adb2035809ccaec074569af47fbc878e8eed4cf87877edcf6d26aaf

Download Submit
C:\Windows\system\VaTIwQV.exe

Filesize
6.0MB

MD5
495bf4e20abccad7c886d74d018f60ae

SHA1
74702b934e39e85136e925ecb1085fe5b64cec62

SHA256
5cb1a1b1c18553e38d150994f26e27aeb645c1d33be1b4a3ad8845770d2a17d3

SHA512
caff6558aa3d6deb3b8bb6e0712259a4af020704177bebd90fdcaee879c3f6976dbff6f303029ab2c1d795af61fa57466d56f0bcbf4f8a8a44129d60cf727941

Download Submit
C:\Windows\system\XnyFNvT.exe

Filesize
6.0MB

MD5
45eb694cc5b6df533a6c98bc150dbe62

SHA1
15e528b89cec3fe6aaa07331abddad6fbf2290d9

SHA256
8b38412ab9e12abb85c0383367473c210c84ae91525ac34514ac4df564719ae4

SHA512
51c697c10301d052b308dfdb232dc60cb00eeaaae8abcaebcca4fed01099c09878962fca15da53d1dd449853b878de501a2a5a098e08e938bcc6b38a1e468392

Download Submit
C:\Windows\system\XthmGwR.exe

Filesize
6.0MB

MD5
246174b783a2ff67810cc35cae4ad57d

SHA1
488eb290eb6ab218c9015894fc4671681003107e

SHA256
9a62cfbd3074a6be5deaf39962e80be9dd5aed94c4ddbb3edc1bcc8ec5d0c032

SHA512
493ccca90b17b099a47476ef72cd505cdc41b6c6ae16fecb4572b58fa437dd791b28d76e945f666169797bb53fbce08579decabc5207f1b814e75f8fd0a924b3

Download Submit
C:\Windows\system\buebKMb.exe

Filesize
6.0MB

MD5
0c15cab1999978bb8f031c73ad2c2094

SHA1
96c318fa38fc77aa0863c6deb080fde57f539990

SHA256
4778ac4b5ac76bba795d59aa09fe4828a5e902dc6b08606b722001e917bc27b1

SHA512
2b2c201a787ae400e8ee368529b11e95db769f514cac136efcd23905826e2d74a8bcb2c2e8713636b9ff159f3cdfc74343c17b884ad66fba96c8acf2ab79ff7b

Download Submit
C:\Windows\system\fTSLowu.exe

Filesize
6.0MB

MD5
7e0ee21020fe00bb71a6ca9303785a3e

SHA1
f167ae60cb778cfd625db361c0e0684ae8a92fd2

SHA256
b21d8144abaa6a1bd5a4b028bc2f63075711da844e4125eba454a01275bb918c

SHA512
b7a8f2414abd5c372fa66e1440c38950552084381abe2a4d3d272cc6026c517675d13ee98cf2cd14750e9d0fdea76475033bdc953193b9cf838151b5ebaafbee

Download Submit
C:\Windows\system\gWotbth.exe

Filesize
6.0MB

MD5
1412ad88b5f1fc139b470d35bd07bfff

SHA1
dfb3e9ec17b8f2aad83fa512fd53a3eec463c2b5

SHA256
83022730526b0e82f5e380627ff79520c6993a66ad83f94a9d0a022a235608f6

SHA512
53932bc40264ed83c05c6d3bf7d683a115a7480b124bf897f29f32934bf60c2fbbfe89531505e615e288625cadf2ab2e0d90feb5897861f98a00558cf3162978

Download Submit
C:\Windows\system\gdKoRqk.exe

Filesize
6.0MB

MD5
1504ed2f2a11e0da19e2f39ee84ebf42

SHA1
7f0d587009564c41548ac8853aff8f36b511aa7d

SHA256
38313e44ce13381ab68d4df9f812127ace6b6393c77a2ddaecfd3a5149f03405

SHA512
e019e88b237927c59754c49f81659a5ffa6a98bbbc12c80ad147d3cefa449a88f996a2b35fc1f38aa822e6656c86d74b84b59e3bedbd5065c66602741fb5b5fd

Download Submit
C:\Windows\system\hJTZcog.exe

Filesize
6.0MB

MD5
9d2faf34e71209e5c4ce4455bb61b070

SHA1
72301ae85e5cb0348b966c092606a1ac41948058

SHA256
1b7846728e7ca9708aeb4cdc0950dbf94ff5618e33b27d432700d685cc87f576

SHA512
8380842438e6f4dd9c55dcf21cb1336d6c1217ffce1f53e4ee8bc6cfe839594cb80a81853bff624addb22be6e9ca0062216dec8e3de3d1c5f113f9c2120c008d

Download Submit
C:\Windows\system\irlkHIq.exe

Filesize
6.0MB

MD5
2f8701e7d95805508427e70e8ff5a0c3

SHA1
3646dfdd6f7f30d662a0f52476dd4d12644d8bd8

SHA256
32acbcce306719748451380a5b28759c7d6059006b6c87b60bc55f47e74298e8

SHA512
d16c40ea61cf1a02ac822326805a78741388f3c1c7bace55aeadc5ea11122aa235941682cd69aa86868cbe930702a795d64138c66806cb59e568f3f04e3aabe7

Download Submit
C:\Windows\system\kxzbncm.exe

Filesize
6.0MB

MD5
6f7f146ebd42e1f6a4676ded359f1908

SHA1
f1a513bb156624a35aacf10357959a9981e01c05

SHA256
755c32bfccc0c82dd02dacf676dda0a4c12db6d824f90cf605eb3f52eee6edd5

SHA512
a97bcf8a79a221c52f66a41f6832edc38dd1ade191b951322f5b7a1c963f6868d6549d67b38888032f8be8ae108a27ebf9573f06e28bbf015ac16aad4483f1e5

Download Submit
C:\Windows\system\lWMxTtX.exe

Filesize
6.0MB

MD5
b8ef9e8a9ebce2430e24688b491695ee

SHA1
7152ecff16b2db2f2986c326c8f32d11789592a0

SHA256
79a15549f4688974f185cc65f59b4f88686e2b09dff76c2a78f8966ef5444b84

SHA512
ff0c0b29a23a16411c85f4c4d5fe87f6f5f5f0fba25f45adb17325eb4cba9d6d81c52f1ec9bede3738fc8bea8a97d2d1f8147fee323fc6f44a463eaf366c6cd2

Download Submit
C:\Windows\system\lefAPAF.exe

Filesize
6.0MB

MD5
293cc140232cade327219e2c253661bc

SHA1
b892d3a2d694a962c30fbdf3502b30c744175f16

SHA256
cb81498321c41735d4ce501b0fca60c142bfdb30107dbf8fd5a99fe415697097

SHA512
2605a777a8f52c95e8ffab15ea8f5d283bbfa6c0e2ca1d46725e7ee38944e406cbd01c4829cc141b492c5106b789b4d31cd69be42d18f91bcca478f176a596b7

Download Submit
C:\Windows\system\lvrmzeY.exe

Filesize
6.0MB

MD5
9a181798c7a3cf32ea81f83d829826f3

SHA1
be313a64ca6ecbfa89d2a87d22b322f6b32df554

SHA256
147dfa68a8395ed90c0efba42355b1e367b48e6295f1d0e4586bed84ba160cae

SHA512
3e9651bf50e2bab02c93df362a3fd6ac4e1cd303e051b8d7d299d298d1d84d4e1ba2d6a554caea2c35552ada761b6a772ff7c89dcde9552f5f466872694f556b

Download Submit
C:\Windows\system\oDrIAcA.exe

Filesize
6.0MB

MD5
6702e6fba4cdb1c19217f3fa4c05ec47

SHA1
03893458dbccfed55245ac607cf58974c062c87d

SHA256
0f890e426499bda244f99610a476ec6c10dc3b569a2cd9f5fe77c61253fbc14a

SHA512
6a08e063b6bc7e4ae1baad74e7c9cf0952e8c3ee9ac8d767466acf57244ef83b2d49808e73236c31319453710e5c304c6dd67ad8f46a4a709f0acb377bc58af6

Download Submit
C:\Windows\system\puWOHuV.exe

Filesize
6.0MB

MD5
ae69408e956f52e3d43e0835d98e7d29

SHA1
6683c79dd70bc49efe8e8667342d95409f680397

SHA256
6eaa18a0a7c0224eacabd74877d303f298b0c62709cb42fbe821602c708a4148

SHA512
8c0b08e2ab810c28fd44e7d36138396ed04c145aae69b1a3041db6629271e72f6138402cc2059785622da56bb9022491b52e4e8965efe65d027bf5fd46df9178

Download Submit
C:\Windows\system\sPPsMPE.exe

Filesize
6.0MB

MD5
0e9c00ab5d0a65a08f3695b24039561f

SHA1
7ad30a012b796418ac8fd21f35aca603a88b1932

SHA256
bb44e892b27cf306eacfd4a94c6de7dc3a9441809c41e37d59e680eec95c8b8d

SHA512
82a22dfb08cf4af600c2464addbb5ef30c1f4947a40c754a0358608b802c8095b208de0abe068778f55455cdd75a5926f10bd4dd801b9ce9ac16624d7f164f6c

Download Submit
C:\Windows\system\szmmtKQ.exe

Filesize
6.0MB

MD5
78554d0056b6e763a61ffdbf0bb9471d

SHA1
f3bb5ac0e5adcdc2ac4f859c2d918b7a1d434277

SHA256
14330fdc342dbda45356638d1ef464d62952f034a61660f58402bb6ccd892020

SHA512
95b8f88b405b4e3d6fd8c37170d23e60bdcda45256584b735d4a556823993e39cda87f15320b48443b9ce2c3171551a20df5d448393f2cc1b414e2903c2846a0

Download Submit
C:\Windows\system\tlSRlxw.exe

Filesize
6.0MB

MD5
b0e59cda20a442c91fb40ded7ea46cff

SHA1
430778588d183276ce745c0cb58fb5cdb674f6a9

SHA256
3f323d3683d294e5f0e99dc4b803b47533455d19768c0c5302ca685ac61e1029

SHA512
bd3f10f38b12f2f4e574134cae4105902a84627eb4a43f7c8d3629c39438508197f5b57454d693ce5f054972f3e081fc70bd45d3bc345f7a377ac38bac3f1ee2

Download Submit
\Windows\system\CYcROvJ.exe

Filesize
6.0MB

MD5
bea026555d46bfb09633cb0e6bc36039

SHA1
0c8d8e91ed9916f508905bc84f3e3559e7abbaf1

SHA256
fa3cde577f56643ff55c302ff0da658f1adcca545b7e32bef4731c2c7c71ef70

SHA512
226b0b8b0a2d56bfcc95440ceb38f73019d189e715539496f3c6879d774cb410b7462df453bbefb9be57633f73ebfa012f6803b5952d73fe7b539c67a2ae1932

Download Submit
\Windows\system\EnbReeM.exe

Filesize
6.0MB

MD5
3c4228b2f732e8d70d9a916b5ee46ea5

SHA1
4f7536d7768ec6d84f8a5efc9c6af7a09e412088

SHA256
743b06c222450ab0370ad5d457e4940881345ac5f1dd019d8cc952ca895a0a92

SHA512
485609b248c26d48dd44b8767c6c704fc9578e183a645119dc9de9ff31e85482f22f9920628a78858d34a2dcf103ee7f4cccaf41718bee913eab23177100b4e3

Download Submit
\Windows\system\FDEYCVE.exe

Filesize
6.0MB

MD5
d5e3375febac995b343c3377af8b7df1

SHA1
08592233dc2a8f95846850f388fda6e001415413

SHA256
40180c1d81b8efa88ac8aca2ee8712921cd65069bb482fe8394752d654c5f0c8

SHA512
744d80d1c8d6a618f196be7b3b0ac0905c394e5adfc7f14e496588c2f6fc2a1ac1f920d219a89901889a900306b6ec1117d54e2832ef84fd587d5c9ab4703c6b

Download Submit
\Windows\system\Psprsur.exe

Filesize
6.0MB

MD5
bebd6706da4980144dca723e31b37bbc

SHA1
05eea1c605137ee9303a7aee87512065d678473e

SHA256
b90eee5078eeee222de5e38a6caba56f2ca69bab0c2d3db9b5a4ffba3d4e89c2

SHA512
7903b3d9087f87c719684ca48042432c63c1498f085db34e211d92c6b18fcc33b1823a13f91c1afbe281cbda52a1ca3a177c27aa1329efa6fcb5bcae8573285d

Download Submit
\Windows\system\dbKruyg.exe

Filesize
6.0MB

MD5
31303a0da4d9e87eed03b8e49c8a32f1

SHA1
3b6731fcae241d9b0be8cdddf89430164b65304e

SHA256
5ee4d44d5c787a9428dd0afa13658e918c8e1fbbc19490e669e41fe4c3554e90

SHA512
ce8b91a69af71406682f7115ffd26e91cf25f9d4c12c2924cccbfde0e05e834c288918a3f17ded9c9395b6726164ebc482117287acf5101bf3d06f22ea864447

Download Submit
\Windows\system\eVBkDmF.exe

Filesize
6.0MB

MD5
929dde26f7569b45c5fbd8065711007a

SHA1
b34c23a889090f2efce38674fedaef9a3548e8f4

SHA256
550fc697a3f686a250e05aa5808efe0210f02fc33b712edf74ebdb9f31732838

SHA512
b37ce8953fec653dbbd97b25daf8ea708c60768f344f4a9ae403567de320696666634da37eaafb56669af063a0e1d233f25a471b90d037b1d3cf613a10b6ed40

Download Submit
\Windows\system\uDRncgd.exe

Filesize
6.0MB

MD5
a70092b8e9961428949f1047c2688ab6

SHA1
111eb943526018a682ed1fa5b10c02011c47ebe1

SHA256
5c6737520e0dab7d38129a11ee0d6b1b6e94aeb22379373e01ec0ae2bd4d3fc0

SHA512
8c71a0b8a2acd70b72d2507a8291f32121f53417e2c5b1935960cabb8ff3495f462f53c2a73c8e82bcb6b29fb6c3b084bde4b26f1d02b9a83c32536c2e2f8898

Download Submit
memory/560-3802-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/560-119-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/560-1285-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1680-55-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-111-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1680-68-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1680-40-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-949-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1680-42-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-1156-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-88-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1680-29-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-33-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-1155-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-36-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-1073-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1680-69-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-17-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-0-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1680-18-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1680-107-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/1680-63-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1680-101-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-102-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-56-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-3806-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-121-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-4169-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-48-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-3798-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2348-26-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2348-70-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2472-951-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2472-96-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2472-3803-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2604-71-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2604-828-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3808-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2680-950-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2680-92-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3801-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3799-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2736-41-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2740-46-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-3797-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-120-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-64-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3805-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2788-32-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3800-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-3807-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-49-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-123-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-3804-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/3024-35-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download