cobaltstrike | 9535235096371715fadceda2d319550853afeca72a5030625be5833edbeab1de

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/11/2024, 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

93425569e2af7961ae1037b4eedbaf82
SHA1

2347817c064a139ac5378a62acd4ae7ab08d706d
SHA256

9535235096371715fadceda2d319550853afeca72a5030625be5833edbeab1de
SHA512

aa8670d191f744e1a7b7c1fffb1f3ea2c68cebdfade4822082e8bf90f50c15fe750e198d38c46460b124a3b368da2b213d553a824f5dd5030e63932c71e71cde
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUW:T+q56utgpPF8u/7W

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012029-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015dc3-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e25-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f1b-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f2a-32.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000162b8-36.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016d46-43.dat	cobalt_reflective_dll
behavioral1/files/0x0034000000015d5c-56.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903d-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019228-78.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001920f-96.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925c-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192f0-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933e-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-190.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-187.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-177.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019346-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019030-64.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019241-91.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2884-0-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012029-3.dat	xmrig
behavioral1/memory/2132-8-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x0008000000015dc3-9.dat	xmrig
behavioral1/memory/2704-14-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015e25-11.dat	xmrig
behavioral1/memory/3048-23-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f1b-20.dat	xmrig
behavioral1/memory/2752-35-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2884-33-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f2a-32.dat	xmrig
behavioral1/memory/2488-31-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x00080000000162b8-36.dat	xmrig
behavioral1/memory/2636-42-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x000a000000016d46-43.dat	xmrig
behavioral1/memory/2132-44-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/536-51-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2704-53-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x0034000000015d5c-56.dat	xmrig
behavioral1/memory/3048-57-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x000600000001903d-69.dat	xmrig
behavioral1/files/0x0005000000019228-78.dat	xmrig
behavioral1/memory/2884-90-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/3000-95-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/files/0x000500000001920f-96.dat	xmrig
behavioral1/memory/2884-99-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/files/0x000500000001925c-106.dat	xmrig
behavioral1/files/0x00050000000192f0-116.dat	xmrig
behavioral1/files/0x000500000001933e-126.dat	xmrig
behavioral1/files/0x0005000000019384-136.dat	xmrig
behavioral1/files/0x00050000000193f8-157.dat	xmrig
behavioral1/files/0x00050000000194da-190.dat	xmrig
behavioral1/memory/2540-1001-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2988-550-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2884-1097-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/800-227-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194d4-187.dat	xmrig
behavioral1/files/0x00050000000194a7-177.dat	xmrig
behavioral1/files/0x00050000000194b4-180.dat	xmrig
behavioral1/files/0x0005000000019408-166.dat	xmrig
behavioral1/files/0x0005000000019494-171.dat	xmrig
behavioral1/files/0x00050000000193fa-161.dat	xmrig
behavioral1/files/0x00050000000193af-146.dat	xmrig
behavioral1/files/0x00050000000193c9-151.dat	xmrig
behavioral1/files/0x00050000000193a2-141.dat	xmrig
behavioral1/files/0x0005000000019346-131.dat	xmrig
behavioral1/files/0x000500000001932a-121.dat	xmrig
behavioral1/files/0x0005000000019273-111.dat	xmrig
behavioral1/memory/2884-104-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/536-103-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/files/0x0005000000019234-81.dat	xmrig
behavioral1/memory/2148-77-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2988-65-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2540-100-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019030-64.dat	xmrig
behavioral1/memory/2360-97-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/1968-92-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x0005000000019241-91.dat	xmrig
behavioral1/memory/2752-88-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/800-62-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2884-54-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2132-3969-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2704-3961-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2488-3982-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2132	vsdZavd.exe
2704	XVKXknn.exe
3048	yDgVLBT.exe
2488	wxJLEqp.exe
2752	WrlVxiQ.exe
2636	RLOFcxY.exe
536	JEqCDwh.exe
800	LYzhzDo.exe
2988	waPfEFg.exe
2148	aQAHhOK.exe
1968	aploKlY.exe
3000	yWVlvBA.exe
2360	AGDykwO.exe
2540	yyXPLkh.exe
2992	DIjKZXm.exe
2688	PGYTlCj.exe
3016	eVBLvYO.exe
2284	QEGyFFc.exe
1132	ICwsEGx.exe
1440	LGoXvWL.exe
552	sKFoFRa.exe
2424	CvULMgt.exe
2136	bGvspxc.exe
1676	ofGhOBS.exe
1628	JecKHSo.exe
2648	CKOHrUT.exe
2124	BzdefXA.exe
768	xpOTfDH.exe
2204	wUMXsOg.exe
1076	XBMDEFH.exe
1900	nJmlJnJ.exe
1376	KiiQKOt.exe
1516	fKRIUdW.exe
1324	TKXaJoo.exe
288	fYoyLAK.exe
1352	DdJWvho.exe
1388	sBbChDx.exe
1540	CRhjEKC.exe
1720	JTAfjxE.exe
1668	yrtoVqx.exe
912	IsDOkFw.exe
852	onnsVHr.exe
2012	rRoGmBE.exe
2900	mCTSiGD.exe
1096	ZwueCom.exe
2672	CiHdRJc.exe
1124	BQQFiUQ.exe
2332	VZjecbz.exe
1200	kYXZCWd.exe
1964	qwnWQgk.exe
1796	PnmLGJJ.exe
2832	RXTGZac.exe
2476	lEWOkRz.exe
3068	oieUFpc.exe
1700	WauVchz.exe
2596	dRhBqSX.exe
2236	DHjjpkC.exe
2796	DrfUaIQ.exe
1244	xcTxrRN.exe
2848	ipDnCTl.exe
2612	KvBvcuS.exe
2924	hMCFnIF.exe
1936	xHtYCrW.exe
476	HfYCKGf.exe

Loads dropped DLL 64 IoCs

pid	Process
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2884-0-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x000b000000012029-3.dat	upx
behavioral1/memory/2132-8-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x0008000000015dc3-9.dat	upx
behavioral1/memory/2704-14-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x0007000000015e25-11.dat	upx
behavioral1/memory/3048-23-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x0007000000015f1b-20.dat	upx
behavioral1/memory/2752-35-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2884-33-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x0007000000015f2a-32.dat	upx
behavioral1/memory/2488-31-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/files/0x00080000000162b8-36.dat	upx
behavioral1/memory/2636-42-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x000a000000016d46-43.dat	upx
behavioral1/memory/2132-44-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/536-51-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2704-53-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x0034000000015d5c-56.dat	upx
behavioral1/memory/3048-57-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x000600000001903d-69.dat	upx
behavioral1/files/0x0005000000019228-78.dat	upx
behavioral1/memory/3000-95-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/files/0x000500000001920f-96.dat	upx
behavioral1/files/0x000500000001925c-106.dat	upx
behavioral1/files/0x00050000000192f0-116.dat	upx
behavioral1/files/0x000500000001933e-126.dat	upx
behavioral1/files/0x0005000000019384-136.dat	upx
behavioral1/files/0x00050000000193f8-157.dat	upx
behavioral1/files/0x00050000000194da-190.dat	upx
behavioral1/memory/2540-1001-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2988-550-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/800-227-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/files/0x00050000000194d4-187.dat	upx
behavioral1/files/0x00050000000194a7-177.dat	upx
behavioral1/files/0x00050000000194b4-180.dat	upx
behavioral1/files/0x0005000000019408-166.dat	upx
behavioral1/files/0x0005000000019494-171.dat	upx
behavioral1/files/0x00050000000193fa-161.dat	upx
behavioral1/files/0x00050000000193af-146.dat	upx
behavioral1/files/0x00050000000193c9-151.dat	upx
behavioral1/files/0x00050000000193a2-141.dat	upx
behavioral1/files/0x0005000000019346-131.dat	upx
behavioral1/files/0x000500000001932a-121.dat	upx
behavioral1/files/0x0005000000019273-111.dat	upx
behavioral1/memory/536-103-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/files/0x0005000000019234-81.dat	upx
behavioral1/memory/2148-77-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2988-65-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2540-100-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x0006000000019030-64.dat	upx
behavioral1/memory/2360-97-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/1968-92-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x0005000000019241-91.dat	upx
behavioral1/memory/2752-88-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/800-62-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2132-3969-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2704-3961-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2488-3982-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2752-3983-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/3048-3990-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2636-4002-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2988-4041-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/1968-4042-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TxBmQZN.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngynSxN.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lEWOkRz.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TfMTcTg.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KOQnJqZ.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TriRGMD.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\isujUvI.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCadgtC.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ipDnCTl.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TawfjcB.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\deVClWV.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZInWJOy.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KgiFEUV.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KLRlTiI.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vKQQuZd.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gBjLeiU.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZnAEaqI.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rRoGmBE.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ISFBTpk.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eEXKwnS.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qNfSfjQ.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTrbBEs.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\COMWnvc.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aRnyPjl.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zcOGaVX.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JTAfjxE.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hyaVMTY.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VYUfJqL.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oOcpYrO.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mXeLTTT.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NpmpNQm.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XDDnLOC.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJTShmj.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eVBLvYO.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wIWFFHy.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbMgJaa.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bzNXvZb.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TUADQTh.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NbFaZPP.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pFOkGmG.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aiVwtcX.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AcVgBgN.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FpfExuA.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EnvmDXM.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\urxEfsE.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LKDkAET.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dOopJko.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGDykwO.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tGjlvOe.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AnINkFl.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvTDmfF.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CKOHrUT.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQbfnIt.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cOVLYEE.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kBdFjiQ.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PbUjEsa.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MCXBmRE.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HyEfkAE.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hwyCDaH.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQvFbmH.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FktoZeo.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\orjytvr.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYXZCWd.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\glQTOxN.exe	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2132	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2884 wrote to memory of 2132	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2884 wrote to memory of 2132	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2884 wrote to memory of 2704	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2884 wrote to memory of 2704	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2884 wrote to memory of 2704	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2884 wrote to memory of 3048	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2884 wrote to memory of 3048	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2884 wrote to memory of 3048	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2884 wrote to memory of 2488	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2884 wrote to memory of 2488	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2884 wrote to memory of 2488	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2884 wrote to memory of 2752	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2884 wrote to memory of 2752	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2884 wrote to memory of 2752	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2884 wrote to memory of 2636	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2884 wrote to memory of 2636	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2884 wrote to memory of 2636	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2884 wrote to memory of 536	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2884 wrote to memory of 536	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2884 wrote to memory of 536	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2884 wrote to memory of 800	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2884 wrote to memory of 800	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2884 wrote to memory of 800	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2884 wrote to memory of 2988	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2884 wrote to memory of 2988	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2884 wrote to memory of 2988	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2884 wrote to memory of 2148	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2884 wrote to memory of 2148	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2884 wrote to memory of 2148	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2884 wrote to memory of 2360	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2884 wrote to memory of 2360	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2884 wrote to memory of 2360	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2884 wrote to memory of 1968	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2884 wrote to memory of 1968	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2884 wrote to memory of 1968	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2884 wrote to memory of 2540	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2884 wrote to memory of 2540	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2884 wrote to memory of 2540	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2884 wrote to memory of 3000	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2884 wrote to memory of 3000	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2884 wrote to memory of 3000	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2884 wrote to memory of 2992	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2884 wrote to memory of 2992	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2884 wrote to memory of 2992	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2884 wrote to memory of 2688	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2884 wrote to memory of 2688	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2884 wrote to memory of 2688	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2884 wrote to memory of 3016	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2884 wrote to memory of 3016	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2884 wrote to memory of 3016	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2884 wrote to memory of 2284	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2884 wrote to memory of 2284	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2884 wrote to memory of 2284	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2884 wrote to memory of 1132	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2884 wrote to memory of 1132	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2884 wrote to memory of 1132	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2884 wrote to memory of 1440	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2884 wrote to memory of 1440	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2884 wrote to memory of 1440	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2884 wrote to memory of 552	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2884 wrote to memory of 552	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2884 wrote to memory of 552	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2884 wrote to memory of 2424	2884	2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-11_93425569e2af7961ae1037b4eedbaf82_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Windows\System\vsdZavd.exe
  C:\Windows\System\vsdZavd.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\XVKXknn.exe
  C:\Windows\System\XVKXknn.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\yDgVLBT.exe
  C:\Windows\System\yDgVLBT.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\wxJLEqp.exe
  C:\Windows\System\wxJLEqp.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\WrlVxiQ.exe
  C:\Windows\System\WrlVxiQ.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\RLOFcxY.exe
  C:\Windows\System\RLOFcxY.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\JEqCDwh.exe
  C:\Windows\System\JEqCDwh.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\LYzhzDo.exe
  C:\Windows\System\LYzhzDo.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\waPfEFg.exe
  C:\Windows\System\waPfEFg.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\aQAHhOK.exe
  C:\Windows\System\aQAHhOK.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\AGDykwO.exe
  C:\Windows\System\AGDykwO.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\aploKlY.exe
  C:\Windows\System\aploKlY.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\yyXPLkh.exe
  C:\Windows\System\yyXPLkh.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\yWVlvBA.exe
  C:\Windows\System\yWVlvBA.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\DIjKZXm.exe
  C:\Windows\System\DIjKZXm.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\PGYTlCj.exe
  C:\Windows\System\PGYTlCj.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\eVBLvYO.exe
  C:\Windows\System\eVBLvYO.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\QEGyFFc.exe
  C:\Windows\System\QEGyFFc.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\ICwsEGx.exe
  C:\Windows\System\ICwsEGx.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\LGoXvWL.exe
  C:\Windows\System\LGoXvWL.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\sKFoFRa.exe
  C:\Windows\System\sKFoFRa.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\CvULMgt.exe
  C:\Windows\System\CvULMgt.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\bGvspxc.exe
  C:\Windows\System\bGvspxc.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\ofGhOBS.exe
  C:\Windows\System\ofGhOBS.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\JecKHSo.exe
  C:\Windows\System\JecKHSo.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\CKOHrUT.exe
  C:\Windows\System\CKOHrUT.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\BzdefXA.exe
  C:\Windows\System\BzdefXA.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\xpOTfDH.exe
  C:\Windows\System\xpOTfDH.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\wUMXsOg.exe
  C:\Windows\System\wUMXsOg.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\XBMDEFH.exe
  C:\Windows\System\XBMDEFH.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\nJmlJnJ.exe
  C:\Windows\System\nJmlJnJ.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\KiiQKOt.exe
  C:\Windows\System\KiiQKOt.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\fKRIUdW.exe
  C:\Windows\System\fKRIUdW.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\TKXaJoo.exe
  C:\Windows\System\TKXaJoo.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\fYoyLAK.exe
  C:\Windows\System\fYoyLAK.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\DdJWvho.exe
  C:\Windows\System\DdJWvho.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\sBbChDx.exe
  C:\Windows\System\sBbChDx.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\CRhjEKC.exe
  C:\Windows\System\CRhjEKC.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\JTAfjxE.exe
  C:\Windows\System\JTAfjxE.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\yrtoVqx.exe
  C:\Windows\System\yrtoVqx.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\IsDOkFw.exe
  C:\Windows\System\IsDOkFw.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\onnsVHr.exe
  C:\Windows\System\onnsVHr.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\rRoGmBE.exe
  C:\Windows\System\rRoGmBE.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\mCTSiGD.exe
  C:\Windows\System\mCTSiGD.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\CiHdRJc.exe
  C:\Windows\System\CiHdRJc.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\ZwueCom.exe
  C:\Windows\System\ZwueCom.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\VZjecbz.exe
  C:\Windows\System\VZjecbz.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\BQQFiUQ.exe
  C:\Windows\System\BQQFiUQ.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\kYXZCWd.exe
  C:\Windows\System\kYXZCWd.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\qwnWQgk.exe
  C:\Windows\System\qwnWQgk.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\PnmLGJJ.exe
  C:\Windows\System\PnmLGJJ.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\RXTGZac.exe
  C:\Windows\System\RXTGZac.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\lEWOkRz.exe
  C:\Windows\System\lEWOkRz.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\oieUFpc.exe
  C:\Windows\System\oieUFpc.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\WauVchz.exe
  C:\Windows\System\WauVchz.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\dRhBqSX.exe
  C:\Windows\System\dRhBqSX.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\DHjjpkC.exe
  C:\Windows\System\DHjjpkC.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\DrfUaIQ.exe
  C:\Windows\System\DrfUaIQ.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\xcTxrRN.exe
  C:\Windows\System\xcTxrRN.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\ipDnCTl.exe
  C:\Windows\System\ipDnCTl.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\KvBvcuS.exe
  C:\Windows\System\KvBvcuS.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\hMCFnIF.exe
  C:\Windows\System\hMCFnIF.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\xHtYCrW.exe
  C:\Windows\System\xHtYCrW.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\HfYCKGf.exe
  C:\Windows\System\HfYCKGf.exe
  2⤵
  - Executes dropped EXE
  PID:476
- C:\Windows\System\nOPaere.exe
  C:\Windows\System\nOPaere.exe
  2⤵
  PID:2532
- C:\Windows\System\fTSXkjB.exe
  C:\Windows\System\fTSXkjB.exe
  2⤵
  PID:1960
- C:\Windows\System\ToHWHGe.exe
  C:\Windows\System\ToHWHGe.exe
  2⤵
  PID:2920
- C:\Windows\System\PjfVuYq.exe
  C:\Windows\System\PjfVuYq.exe
  2⤵
  PID:2300
- C:\Windows\System\lvAeUNx.exe
  C:\Windows\System\lvAeUNx.exe
  2⤵
  PID:2620
- C:\Windows\System\bGbUgsr.exe
  C:\Windows\System\bGbUgsr.exe
  2⤵
  PID:2780
- C:\Windows\System\rswTJgu.exe
  C:\Windows\System\rswTJgu.exe
  2⤵
  PID:1064
- C:\Windows\System\ffxbhlJ.exe
  C:\Windows\System\ffxbhlJ.exe
  2⤵
  PID:2004
- C:\Windows\System\ZiWmpCU.exe
  C:\Windows\System\ZiWmpCU.exe
  2⤵
  PID:2168
- C:\Windows\System\wOnazpx.exe
  C:\Windows\System\wOnazpx.exe
  2⤵
  PID:1508
- C:\Windows\System\gPKKjgY.exe
  C:\Windows\System\gPKKjgY.exe
  2⤵
  PID:1988
- C:\Windows\System\ooVXKbN.exe
  C:\Windows\System\ooVXKbN.exe
  2⤵
  PID:1148
- C:\Windows\System\uCXWceD.exe
  C:\Windows\System\uCXWceD.exe
  2⤵
  PID:612
- C:\Windows\System\kpytPUt.exe
  C:\Windows\System\kpytPUt.exe
  2⤵
  PID:1748
- C:\Windows\System\oHoUmBk.exe
  C:\Windows\System\oHoUmBk.exe
  2⤵
  PID:1816
- C:\Windows\System\cfwuQtN.exe
  C:\Windows\System\cfwuQtN.exe
  2⤵
  PID:1908
- C:\Windows\System\fqnQfKs.exe
  C:\Windows\System\fqnQfKs.exe
  2⤵
  PID:1732
- C:\Windows\System\WPadGZG.exe
  C:\Windows\System\WPadGZG.exe
  2⤵
  PID:2196
- C:\Windows\System\kXtWnNn.exe
  C:\Windows\System\kXtWnNn.exe
  2⤵
  PID:1260
- C:\Windows\System\hhLggsK.exe
  C:\Windows\System\hhLggsK.exe
  2⤵
  PID:924
- C:\Windows\System\bfzgRIK.exe
  C:\Windows\System\bfzgRIK.exe
  2⤵
  PID:2564
- C:\Windows\System\sEdTBxI.exe
  C:\Windows\System\sEdTBxI.exe
  2⤵
  PID:1744
- C:\Windows\System\yqWPEHi.exe
  C:\Windows\System\yqWPEHi.exe
  2⤵
  PID:996
- C:\Windows\System\FDUPyiQ.exe
  C:\Windows\System\FDUPyiQ.exe
  2⤵
  PID:1636
- C:\Windows\System\glQTOxN.exe
  C:\Windows\System\glQTOxN.exe
  2⤵
  PID:1776
- C:\Windows\System\inaSvZX.exe
  C:\Windows\System\inaSvZX.exe
  2⤵
  PID:2736
- C:\Windows\System\GKpGgED.exe
  C:\Windows\System\GKpGgED.exe
  2⤵
  PID:3064
- C:\Windows\System\YsvYVsW.exe
  C:\Windows\System\YsvYVsW.exe
  2⤵
  PID:2588
- C:\Windows\System\KFsWCff.exe
  C:\Windows\System\KFsWCff.exe
  2⤵
  PID:2592
- C:\Windows\System\isOeuHp.exe
  C:\Windows\System\isOeuHp.exe
  2⤵
  PID:2644
- C:\Windows\System\Ezfgbzn.exe
  C:\Windows\System\Ezfgbzn.exe
  2⤵
  PID:556
- C:\Windows\System\DHZWCDb.exe
  C:\Windows\System\DHZWCDb.exe
  2⤵
  PID:2756
- C:\Windows\System\rAUMseJ.exe
  C:\Windows\System\rAUMseJ.exe
  2⤵
  PID:2860
- C:\Windows\System\kEdWiBd.exe
  C:\Windows\System\kEdWiBd.exe
  2⤵
  PID:3024
- C:\Windows\System\EeZInjh.exe
  C:\Windows\System\EeZInjh.exe
  2⤵
  PID:2608
- C:\Windows\System\VjgzcUU.exe
  C:\Windows\System\VjgzcUU.exe
  2⤵
  PID:2260
- C:\Windows\System\QlcvXyL.exe
  C:\Windows\System\QlcvXyL.exe
  2⤵
  PID:2016
- C:\Windows\System\zEgSMCT.exe
  C:\Windows\System\zEgSMCT.exe
  2⤵
  PID:2176
- C:\Windows\System\rlGjqwS.exe
  C:\Windows\System\rlGjqwS.exe
  2⤵
  PID:864
- C:\Windows\System\miNnolS.exe
  C:\Windows\System\miNnolS.exe
  2⤵
  PID:2552
- C:\Windows\System\valTbIo.exe
  C:\Windows\System\valTbIo.exe
  2⤵
  PID:1712
- C:\Windows\System\AnCGVHP.exe
  C:\Windows\System\AnCGVHP.exe
  2⤵
  PID:2160
- C:\Windows\System\YdTJcxH.exe
  C:\Windows\System\YdTJcxH.exe
  2⤵
  PID:1992
- C:\Windows\System\wDmDkAp.exe
  C:\Windows\System\wDmDkAp.exe
  2⤵
  PID:1812
- C:\Windows\System\mKVZPoG.exe
  C:\Windows\System\mKVZPoG.exe
  2⤵
  PID:1752
- C:\Windows\System\DAeVIWo.exe
  C:\Windows\System\DAeVIWo.exe
  2⤵
  PID:1092
- C:\Windows\System\QklUpeH.exe
  C:\Windows\System\QklUpeH.exe
  2⤵
  PID:2492
- C:\Windows\System\MjpzcaT.exe
  C:\Windows\System\MjpzcaT.exe
  2⤵
  PID:1592
- C:\Windows\System\shHSjwk.exe
  C:\Windows\System\shHSjwk.exe
  2⤵
  PID:2668
- C:\Windows\System\vwutSeO.exe
  C:\Windows\System\vwutSeO.exe
  2⤵
  PID:2788
- C:\Windows\System\HYhGSOG.exe
  C:\Windows\System\HYhGSOG.exe
  2⤵
  PID:1480
- C:\Windows\System\KGQXxct.exe
  C:\Windows\System\KGQXxct.exe
  2⤵
  PID:2584
- C:\Windows\System\VjFJHWB.exe
  C:\Windows\System\VjFJHWB.exe
  2⤵
  PID:2624
- C:\Windows\System\NrNkizl.exe
  C:\Windows\System\NrNkizl.exe
  2⤵
  PID:1820
- C:\Windows\System\SEFLZTN.exe
  C:\Windows\System\SEFLZTN.exe
  2⤵
  PID:1724
- C:\Windows\System\qxFcOpw.exe
  C:\Windows\System\qxFcOpw.exe
  2⤵
  PID:2940
- C:\Windows\System\TUCHudz.exe
  C:\Windows\System\TUCHudz.exe
  2⤵
  PID:944
- C:\Windows\System\kezSogp.exe
  C:\Windows\System\kezSogp.exe
  2⤵
  PID:1392
- C:\Windows\System\sqIUjyW.exe
  C:\Windows\System\sqIUjyW.exe
  2⤵
  PID:2344
- C:\Windows\System\mebeKeQ.exe
  C:\Windows\System\mebeKeQ.exe
  2⤵
  PID:2100
- C:\Windows\System\zlTSzBV.exe
  C:\Windows\System\zlTSzBV.exe
  2⤵
  PID:1584
- C:\Windows\System\dsjxTAQ.exe
  C:\Windows\System\dsjxTAQ.exe
  2⤵
  PID:2108
- C:\Windows\System\VgXnnwL.exe
  C:\Windows\System\VgXnnwL.exe
  2⤵
  PID:1980
- C:\Windows\System\mvnTNPF.exe
  C:\Windows\System\mvnTNPF.exe
  2⤵
  PID:2724
- C:\Windows\System\yggXeZY.exe
  C:\Windows\System\yggXeZY.exe
  2⤵
  PID:2512
- C:\Windows\System\QmfoNGl.exe
  C:\Windows\System\QmfoNGl.exe
  2⤵
  PID:3096
- C:\Windows\System\cDGBwWI.exe
  C:\Windows\System\cDGBwWI.exe
  2⤵
  PID:3116
- C:\Windows\System\TJoubQI.exe
  C:\Windows\System\TJoubQI.exe
  2⤵
  PID:3132
- C:\Windows\System\HZlplUQ.exe
  C:\Windows\System\HZlplUQ.exe
  2⤵
  PID:3152
- C:\Windows\System\WsjEkJC.exe
  C:\Windows\System\WsjEkJC.exe
  2⤵
  PID:3172
- C:\Windows\System\CfFtCqU.exe
  C:\Windows\System\CfFtCqU.exe
  2⤵
  PID:3192
- C:\Windows\System\znbwNVg.exe
  C:\Windows\System\znbwNVg.exe
  2⤵
  PID:3208
- C:\Windows\System\gpExiIR.exe
  C:\Windows\System\gpExiIR.exe
  2⤵
  PID:3236
- C:\Windows\System\NiqGysO.exe
  C:\Windows\System\NiqGysO.exe
  2⤵
  PID:3252
- C:\Windows\System\kKKUDDE.exe
  C:\Windows\System\kKKUDDE.exe
  2⤵
  PID:3276
- C:\Windows\System\bfwqKzw.exe
  C:\Windows\System\bfwqKzw.exe
  2⤵
  PID:3292
- C:\Windows\System\yDqPLKA.exe
  C:\Windows\System\yDqPLKA.exe
  2⤵
  PID:3312
- C:\Windows\System\nriaDMy.exe
  C:\Windows\System\nriaDMy.exe
  2⤵
  PID:3328
- C:\Windows\System\GhzGeSK.exe
  C:\Windows\System\GhzGeSK.exe
  2⤵
  PID:3356
- C:\Windows\System\VgJQRjh.exe
  C:\Windows\System\VgJQRjh.exe
  2⤵
  PID:3376
- C:\Windows\System\CHoyQZG.exe
  C:\Windows\System\CHoyQZG.exe
  2⤵
  PID:3396
- C:\Windows\System\nDDSxLr.exe
  C:\Windows\System\nDDSxLr.exe
  2⤵
  PID:3412
- C:\Windows\System\IsmbALT.exe
  C:\Windows\System\IsmbALT.exe
  2⤵
  PID:3432
- C:\Windows\System\ULqMoLi.exe
  C:\Windows\System\ULqMoLi.exe
  2⤵
  PID:3452
- C:\Windows\System\JJfyqpF.exe
  C:\Windows\System\JJfyqpF.exe
  2⤵
  PID:3472
- C:\Windows\System\vltXljA.exe
  C:\Windows\System\vltXljA.exe
  2⤵
  PID:3496
- C:\Windows\System\aFvTTfR.exe
  C:\Windows\System\aFvTTfR.exe
  2⤵
  PID:3524
- C:\Windows\System\qMaTLjB.exe
  C:\Windows\System\qMaTLjB.exe
  2⤵
  PID:3540
- C:\Windows\System\VYqtVVv.exe
  C:\Windows\System\VYqtVVv.exe
  2⤵
  PID:3560
- C:\Windows\System\BoaoMge.exe
  C:\Windows\System\BoaoMge.exe
  2⤵
  PID:3580
- C:\Windows\System\knqBrwZ.exe
  C:\Windows\System\knqBrwZ.exe
  2⤵
  PID:3600
- C:\Windows\System\tGjlvOe.exe
  C:\Windows\System\tGjlvOe.exe
  2⤵
  PID:3624
- C:\Windows\System\qzjHaHE.exe
  C:\Windows\System\qzjHaHE.exe
  2⤵
  PID:3644
- C:\Windows\System\GGSgrBo.exe
  C:\Windows\System\GGSgrBo.exe
  2⤵
  PID:3660
- C:\Windows\System\OoinAxC.exe
  C:\Windows\System\OoinAxC.exe
  2⤵
  PID:3680
- C:\Windows\System\sBwGHoX.exe
  C:\Windows\System\sBwGHoX.exe
  2⤵
  PID:3700
- C:\Windows\System\MOLVsMV.exe
  C:\Windows\System\MOLVsMV.exe
  2⤵
  PID:3720
- C:\Windows\System\IQIMkKN.exe
  C:\Windows\System\IQIMkKN.exe
  2⤵
  PID:3736
- C:\Windows\System\oFqcyIS.exe
  C:\Windows\System\oFqcyIS.exe
  2⤵
  PID:3756
- C:\Windows\System\lQeFJUI.exe
  C:\Windows\System\lQeFJUI.exe
  2⤵
  PID:3776
- C:\Windows\System\gdwtGgI.exe
  C:\Windows\System\gdwtGgI.exe
  2⤵
  PID:3796
- C:\Windows\System\xhFRzXl.exe
  C:\Windows\System\xhFRzXl.exe
  2⤵
  PID:3820
- C:\Windows\System\TySbNYI.exe
  C:\Windows\System\TySbNYI.exe
  2⤵
  PID:3848
- C:\Windows\System\uaSVwvB.exe
  C:\Windows\System\uaSVwvB.exe
  2⤵
  PID:3864
- C:\Windows\System\PailhRp.exe
  C:\Windows\System\PailhRp.exe
  2⤵
  PID:3888
- C:\Windows\System\TlumnJR.exe
  C:\Windows\System\TlumnJR.exe
  2⤵
  PID:3908
- C:\Windows\System\yWuCzYo.exe
  C:\Windows\System\yWuCzYo.exe
  2⤵
  PID:3928
- C:\Windows\System\AjswueY.exe
  C:\Windows\System\AjswueY.exe
  2⤵
  PID:3944
- C:\Windows\System\KwfgGXi.exe
  C:\Windows\System\KwfgGXi.exe
  2⤵
  PID:3968
- C:\Windows\System\rkVwmcx.exe
  C:\Windows\System\rkVwmcx.exe
  2⤵
  PID:3984
- C:\Windows\System\xOGqNPr.exe
  C:\Windows\System\xOGqNPr.exe
  2⤵
  PID:4008
- C:\Windows\System\OHOQPPQ.exe
  C:\Windows\System\OHOQPPQ.exe
  2⤵
  PID:4024
- C:\Windows\System\tFVFLkB.exe
  C:\Windows\System\tFVFLkB.exe
  2⤵
  PID:4048
- C:\Windows\System\QZxjGKW.exe
  C:\Windows\System\QZxjGKW.exe
  2⤵
  PID:4068
- C:\Windows\System\yPQwoBO.exe
  C:\Windows\System\yPQwoBO.exe
  2⤵
  PID:4088
- C:\Windows\System\vIkjtgw.exe
  C:\Windows\System\vIkjtgw.exe
  2⤵
  PID:1308
- C:\Windows\System\ZsZqnnt.exe
  C:\Windows\System\ZsZqnnt.exe
  2⤵
  PID:704
- C:\Windows\System\fLyYWJr.exe
  C:\Windows\System\fLyYWJr.exe
  2⤵
  PID:1620
- C:\Windows\System\zkhVSFg.exe
  C:\Windows\System\zkhVSFg.exe
  2⤵
  PID:1000
- C:\Windows\System\SfCBcfE.exe
  C:\Windows\System\SfCBcfE.exe
  2⤵
  PID:2760
- C:\Windows\System\lMwiOwy.exe
  C:\Windows\System\lMwiOwy.exe
  2⤵
  PID:2000
- C:\Windows\System\xKMzUjy.exe
  C:\Windows\System\xKMzUjy.exe
  2⤵
  PID:3140
- C:\Windows\System\MRReISV.exe
  C:\Windows\System\MRReISV.exe
  2⤵
  PID:1248
- C:\Windows\System\rFuhJDM.exe
  C:\Windows\System\rFuhJDM.exe
  2⤵
  PID:3092
- C:\Windows\System\AoBwIXp.exe
  C:\Windows\System\AoBwIXp.exe
  2⤵
  PID:3216
- C:\Windows\System\SkrmfNz.exe
  C:\Windows\System\SkrmfNz.exe
  2⤵
  PID:3260
- C:\Windows\System\OdvWQyw.exe
  C:\Windows\System\OdvWQyw.exe
  2⤵
  PID:3272
- C:\Windows\System\IvwqEvi.exe
  C:\Windows\System\IvwqEvi.exe
  2⤵
  PID:3300
- C:\Windows\System\pZkcBYi.exe
  C:\Windows\System\pZkcBYi.exe
  2⤵
  PID:3336
- C:\Windows\System\HyEfkAE.exe
  C:\Windows\System\HyEfkAE.exe
  2⤵
  PID:3288
- C:\Windows\System\gXqifCs.exe
  C:\Windows\System\gXqifCs.exe
  2⤵
  PID:3392
- C:\Windows\System\eifMYdv.exe
  C:\Windows\System\eifMYdv.exe
  2⤵
  PID:3372
- C:\Windows\System\BVKSDRK.exe
  C:\Windows\System\BVKSDRK.exe
  2⤵
  PID:3404
- C:\Windows\System\vMCHTWD.exe
  C:\Windows\System\vMCHTWD.exe
  2⤵
  PID:3548
- C:\Windows\System\KxxfKNC.exe
  C:\Windows\System\KxxfKNC.exe
  2⤵
  PID:3592
- C:\Windows\System\bceeOFr.exe
  C:\Windows\System\bceeOFr.exe
  2⤵
  PID:3668
- C:\Windows\System\xPARavK.exe
  C:\Windows\System\xPARavK.exe
  2⤵
  PID:3440
- C:\Windows\System\yyCVSiO.exe
  C:\Windows\System\yyCVSiO.exe
  2⤵
  PID:3492
- C:\Windows\System\nRKJZCn.exe
  C:\Windows\System\nRKJZCn.exe
  2⤵
  PID:3752
- C:\Windows\System\oYWRNwy.exe
  C:\Windows\System\oYWRNwy.exe
  2⤵
  PID:1860
- C:\Windows\System\VBfLrGz.exe
  C:\Windows\System\VBfLrGz.exe
  2⤵
  PID:3572
- C:\Windows\System\IcAGeNF.exe
  C:\Windows\System\IcAGeNF.exe
  2⤵
  PID:3616
- C:\Windows\System\WzxcWbF.exe
  C:\Windows\System\WzxcWbF.exe
  2⤵
  PID:3692
- C:\Windows\System\JDGnfoQ.exe
  C:\Windows\System\JDGnfoQ.exe
  2⤵
  PID:3836
- C:\Windows\System\ivHRkVJ.exe
  C:\Windows\System\ivHRkVJ.exe
  2⤵
  PID:3764
- C:\Windows\System\gggZFey.exe
  C:\Windows\System\gggZFey.exe
  2⤵
  PID:2268
- C:\Windows\System\HzMKegO.exe
  C:\Windows\System\HzMKegO.exe
  2⤵
  PID:3856
- C:\Windows\System\cFfFYHL.exe
  C:\Windows\System\cFfFYHL.exe
  2⤵
  PID:3924
- C:\Windows\System\PRLupxW.exe
  C:\Windows\System\PRLupxW.exe
  2⤵
  PID:3904
- C:\Windows\System\FpfExuA.exe
  C:\Windows\System\FpfExuA.exe
  2⤵
  PID:3960
- C:\Windows\System\UTrbBEs.exe
  C:\Windows\System\UTrbBEs.exe
  2⤵
  PID:4000
- C:\Windows\System\uORKmeP.exe
  C:\Windows\System\uORKmeP.exe
  2⤵
  PID:4040
- C:\Windows\System\PqnCvSq.exe
  C:\Windows\System\PqnCvSq.exe
  2⤵
  PID:4076
- C:\Windows\System\QnoDHHk.exe
  C:\Windows\System\QnoDHHk.exe
  2⤵
  PID:2320
- C:\Windows\System\cFDmjjd.exe
  C:\Windows\System\cFDmjjd.exe
  2⤵
  PID:2984
- C:\Windows\System\XftnEZO.exe
  C:\Windows\System\XftnEZO.exe
  2⤵
  PID:560
- C:\Windows\System\vOwGETs.exe
  C:\Windows\System\vOwGETs.exe
  2⤵
  PID:1864
- C:\Windows\System\IeJHJob.exe
  C:\Windows\System\IeJHJob.exe
  2⤵
  PID:1640
- C:\Windows\System\yALuMXx.exe
  C:\Windows\System\yALuMXx.exe
  2⤵
  PID:2420
- C:\Windows\System\AcVgBgN.exe
  C:\Windows\System\AcVgBgN.exe
  2⤵
  PID:3128
- C:\Windows\System\qaYTrju.exe
  C:\Windows\System\qaYTrju.exe
  2⤵
  PID:3160
- C:\Windows\System\rMAtsKr.exe
  C:\Windows\System\rMAtsKr.exe
  2⤵
  PID:3188
- C:\Windows\System\QtkuSNJ.exe
  C:\Windows\System\QtkuSNJ.exe
  2⤵
  PID:3232
- C:\Windows\System\SZvOeeR.exe
  C:\Windows\System\SZvOeeR.exe
  2⤵
  PID:3204
- C:\Windows\System\QnmFstT.exe
  C:\Windows\System\QnmFstT.exe
  2⤵
  PID:3464
- C:\Windows\System\syJpWWk.exe
  C:\Windows\System\syJpWWk.exe
  2⤵
  PID:3424
- C:\Windows\System\UeNvrFe.exe
  C:\Windows\System\UeNvrFe.exe
  2⤵
  PID:3596
- C:\Windows\System\JbTlegW.exe
  C:\Windows\System\JbTlegW.exe
  2⤵
  PID:3520
- C:\Windows\System\sOGKYyz.exe
  C:\Windows\System\sOGKYyz.exe
  2⤵
  PID:3448
- C:\Windows\System\uMTQqWb.exe
  C:\Windows\System\uMTQqWb.exe
  2⤵
  PID:3744
- C:\Windows\System\acXdIap.exe
  C:\Windows\System\acXdIap.exe
  2⤵
  PID:1496
- C:\Windows\System\mGBpUNb.exe
  C:\Windows\System\mGBpUNb.exe
  2⤵
  PID:3688
- C:\Windows\System\pCWIkIJ.exe
  C:\Windows\System\pCWIkIJ.exe
  2⤵
  PID:3788
- C:\Windows\System\pOOqvUM.exe
  C:\Windows\System\pOOqvUM.exe
  2⤵
  PID:3608
- C:\Windows\System\UvpNQFJ.exe
  C:\Windows\System\UvpNQFJ.exe
  2⤵
  PID:3816
- C:\Windows\System\ccPDowx.exe
  C:\Windows\System\ccPDowx.exe
  2⤵
  PID:3808
- C:\Windows\System\UgejPQm.exe
  C:\Windows\System\UgejPQm.exe
  2⤵
  PID:3860
- C:\Windows\System\pXFHbOM.exe
  C:\Windows\System\pXFHbOM.exe
  2⤵
  PID:4044
- C:\Windows\System\SaRsDgI.exe
  C:\Windows\System\SaRsDgI.exe
  2⤵
  PID:3952
- C:\Windows\System\PlaEwhX.exe
  C:\Windows\System\PlaEwhX.exe
  2⤵
  PID:1696
- C:\Windows\System\hyaVMTY.exe
  C:\Windows\System\hyaVMTY.exe
  2⤵
  PID:4020
- C:\Windows\System\vmxFeZm.exe
  C:\Windows\System\vmxFeZm.exe
  2⤵
  PID:4064
- C:\Windows\System\uEdzONs.exe
  C:\Windows\System\uEdzONs.exe
  2⤵
  PID:2720
- C:\Windows\System\TZsVDoC.exe
  C:\Windows\System\TZsVDoC.exe
  2⤵
  PID:3084
- C:\Windows\System\YsIRvIo.exe
  C:\Windows\System\YsIRvIo.exe
  2⤵
  PID:3304
- C:\Windows\System\azORWVV.exe
  C:\Windows\System\azORWVV.exe
  2⤵
  PID:3460
- C:\Windows\System\WNGRMhj.exe
  C:\Windows\System\WNGRMhj.exe
  2⤵
  PID:3428
- C:\Windows\System\WEXpkBc.exe
  C:\Windows\System\WEXpkBc.exe
  2⤵
  PID:3504
- C:\Windows\System\grAMWEF.exe
  C:\Windows\System\grAMWEF.exe
  2⤵
  PID:3508
- C:\Windows\System\RqlDmPC.exe
  C:\Windows\System\RqlDmPC.exe
  2⤵
  PID:3620
- C:\Windows\System\xpeahFl.exe
  C:\Windows\System\xpeahFl.exe
  2⤵
  PID:3536
- C:\Windows\System\ipowmaK.exe
  C:\Windows\System\ipowmaK.exe
  2⤵
  PID:2956
- C:\Windows\System\HJHFIDp.exe
  C:\Windows\System\HJHFIDp.exe
  2⤵
  PID:3976
- C:\Windows\System\TvWJVit.exe
  C:\Windows\System\TvWJVit.exe
  2⤵
  PID:3804
- C:\Windows\System\kzyNccj.exe
  C:\Windows\System\kzyNccj.exe
  2⤵
  PID:3020
- C:\Windows\System\FuRNUrG.exe
  C:\Windows\System\FuRNUrG.exe
  2⤵
  PID:1680
- C:\Windows\System\ixwyXSn.exe
  C:\Windows\System\ixwyXSn.exe
  2⤵
  PID:4016
- C:\Windows\System\FRfTOpA.exe
  C:\Windows\System\FRfTOpA.exe
  2⤵
  PID:3284
- C:\Windows\System\xzblOVF.exe
  C:\Windows\System\xzblOVF.exe
  2⤵
  PID:2316
- C:\Windows\System\GqunRIQ.exe
  C:\Windows\System\GqunRIQ.exe
  2⤵
  PID:2308
- C:\Windows\System\oAXYmfE.exe
  C:\Windows\System\oAXYmfE.exe
  2⤵
  PID:3784
- C:\Windows\System\zkfrkXY.exe
  C:\Windows\System\zkfrkXY.exe
  2⤵
  PID:584
- C:\Windows\System\VuyPZDx.exe
  C:\Windows\System\VuyPZDx.exe
  2⤵
  PID:1292
- C:\Windows\System\KxCdFiG.exe
  C:\Windows\System\KxCdFiG.exe
  2⤵
  PID:3568
- C:\Windows\System\oksYhxC.exe
  C:\Windows\System\oksYhxC.exe
  2⤵
  PID:3728
- C:\Windows\System\WcZrNon.exe
  C:\Windows\System\WcZrNon.exe
  2⤵
  PID:3964
- C:\Windows\System\PLSLJll.exe
  C:\Windows\System\PLSLJll.exe
  2⤵
  PID:2088
- C:\Windows\System\JbgxPkW.exe
  C:\Windows\System\JbgxPkW.exe
  2⤵
  PID:3108
- C:\Windows\System\oSdXkuE.exe
  C:\Windows\System\oSdXkuE.exe
  2⤵
  PID:2996
- C:\Windows\System\EnvmDXM.exe
  C:\Windows\System\EnvmDXM.exe
  2⤵
  PID:3348
- C:\Windows\System\SXvieJo.exe
  C:\Windows\System\SXvieJo.exe
  2⤵
  PID:1784
- C:\Windows\System\PtyRfxg.exe
  C:\Windows\System\PtyRfxg.exe
  2⤵
  PID:3552
- C:\Windows\System\YRMMFpj.exe
  C:\Windows\System\YRMMFpj.exe
  2⤵
  PID:1228
- C:\Windows\System\bXQEdyV.exe
  C:\Windows\System\bXQEdyV.exe
  2⤵
  PID:2976
- C:\Windows\System\QseHAbg.exe
  C:\Windows\System\QseHAbg.exe
  2⤵
  PID:3080
- C:\Windows\System\rxFmKdF.exe
  C:\Windows\System\rxFmKdF.exe
  2⤵
  PID:3168
- C:\Windows\System\PvrcVpB.exe
  C:\Windows\System\PvrcVpB.exe
  2⤵
  PID:3516
- C:\Windows\System\DzGdYtU.exe
  C:\Windows\System\DzGdYtU.exe
  2⤵
  PID:4108
- C:\Windows\System\RMBRxiB.exe
  C:\Windows\System\RMBRxiB.exe
  2⤵
  PID:4128
- C:\Windows\System\WrNEJRi.exe
  C:\Windows\System\WrNEJRi.exe
  2⤵
  PID:4156
- C:\Windows\System\bzNXvZb.exe
  C:\Windows\System\bzNXvZb.exe
  2⤵
  PID:4176
- C:\Windows\System\wSTGWdX.exe
  C:\Windows\System\wSTGWdX.exe
  2⤵
  PID:4192
- C:\Windows\System\IvUpBbA.exe
  C:\Windows\System\IvUpBbA.exe
  2⤵
  PID:4212
- C:\Windows\System\jQyReam.exe
  C:\Windows\System\jQyReam.exe
  2⤵
  PID:4232
- C:\Windows\System\zGkkpkM.exe
  C:\Windows\System\zGkkpkM.exe
  2⤵
  PID:4252
- C:\Windows\System\OSEEulA.exe
  C:\Windows\System\OSEEulA.exe
  2⤵
  PID:4276
- C:\Windows\System\MuLXbNE.exe
  C:\Windows\System\MuLXbNE.exe
  2⤵
  PID:4296
- C:\Windows\System\EAKIaBH.exe
  C:\Windows\System\EAKIaBH.exe
  2⤵
  PID:4312
- C:\Windows\System\vKQQuZd.exe
  C:\Windows\System\vKQQuZd.exe
  2⤵
  PID:4336
- C:\Windows\System\idAktxr.exe
  C:\Windows\System\idAktxr.exe
  2⤵
  PID:4352
- C:\Windows\System\YxmjBAp.exe
  C:\Windows\System\YxmjBAp.exe
  2⤵
  PID:4372
- C:\Windows\System\cqprmtn.exe
  C:\Windows\System\cqprmtn.exe
  2⤵
  PID:4392
- C:\Windows\System\UZQUCZp.exe
  C:\Windows\System\UZQUCZp.exe
  2⤵
  PID:4412
- C:\Windows\System\txMMfXu.exe
  C:\Windows\System\txMMfXu.exe
  2⤵
  PID:4432
- C:\Windows\System\rTkmmjY.exe
  C:\Windows\System\rTkmmjY.exe
  2⤵
  PID:4452
- C:\Windows\System\VYUfJqL.exe
  C:\Windows\System\VYUfJqL.exe
  2⤵
  PID:4484
- C:\Windows\System\UCZbOkm.exe
  C:\Windows\System\UCZbOkm.exe
  2⤵
  PID:4500
- C:\Windows\System\okvNIBf.exe
  C:\Windows\System\okvNIBf.exe
  2⤵
  PID:4520
- C:\Windows\System\QfDjvYH.exe
  C:\Windows\System\QfDjvYH.exe
  2⤵
  PID:4536
- C:\Windows\System\mHZwfzn.exe
  C:\Windows\System\mHZwfzn.exe
  2⤵
  PID:4556
- C:\Windows\System\FTdxfCD.exe
  C:\Windows\System\FTdxfCD.exe
  2⤵
  PID:4572
- C:\Windows\System\lStCecK.exe
  C:\Windows\System\lStCecK.exe
  2⤵
  PID:4588
- C:\Windows\System\EjKuIuB.exe
  C:\Windows\System\EjKuIuB.exe
  2⤵
  PID:4608
- C:\Windows\System\QJjxkfL.exe
  C:\Windows\System\QJjxkfL.exe
  2⤵
  PID:4628
- C:\Windows\System\MpHSnOG.exe
  C:\Windows\System\MpHSnOG.exe
  2⤵
  PID:4644
- C:\Windows\System\FwgCWlR.exe
  C:\Windows\System\FwgCWlR.exe
  2⤵
  PID:4660
- C:\Windows\System\fXfRGOw.exe
  C:\Windows\System\fXfRGOw.exe
  2⤵
  PID:4676
- C:\Windows\System\eFmmxEj.exe
  C:\Windows\System\eFmmxEj.exe
  2⤵
  PID:4692
- C:\Windows\System\MCXBmRE.exe
  C:\Windows\System\MCXBmRE.exe
  2⤵
  PID:4708
- C:\Windows\System\OiAidyu.exe
  C:\Windows\System\OiAidyu.exe
  2⤵
  PID:4724
- C:\Windows\System\hHwjEDn.exe
  C:\Windows\System\hHwjEDn.exe
  2⤵
  PID:4740
- C:\Windows\System\rSPMbbR.exe
  C:\Windows\System\rSPMbbR.exe
  2⤵
  PID:4756
- C:\Windows\System\EobWuYL.exe
  C:\Windows\System\EobWuYL.exe
  2⤵
  PID:4772
- C:\Windows\System\iYawxKC.exe
  C:\Windows\System\iYawxKC.exe
  2⤵
  PID:4796
- C:\Windows\System\iQYtJZj.exe
  C:\Windows\System\iQYtJZj.exe
  2⤵
  PID:4832
- C:\Windows\System\EPCDtol.exe
  C:\Windows\System\EPCDtol.exe
  2⤵
  PID:4872
- C:\Windows\System\SQATngx.exe
  C:\Windows\System\SQATngx.exe
  2⤵
  PID:4888
- C:\Windows\System\GxhtbuJ.exe
  C:\Windows\System\GxhtbuJ.exe
  2⤵
  PID:4908
- C:\Windows\System\gBjLeiU.exe
  C:\Windows\System\gBjLeiU.exe
  2⤵
  PID:4940
- C:\Windows\System\XZiDMKS.exe
  C:\Windows\System\XZiDMKS.exe
  2⤵
  PID:4960
- C:\Windows\System\HSCYpmi.exe
  C:\Windows\System\HSCYpmi.exe
  2⤵
  PID:4976
- C:\Windows\System\ucjaIVF.exe
  C:\Windows\System\ucjaIVF.exe
  2⤵
  PID:4992
- C:\Windows\System\ZnAEaqI.exe
  C:\Windows\System\ZnAEaqI.exe
  2⤵
  PID:5008
- C:\Windows\System\tBuapCT.exe
  C:\Windows\System\tBuapCT.exe
  2⤵
  PID:5028
- C:\Windows\System\YIFQyUj.exe
  C:\Windows\System\YIFQyUj.exe
  2⤵
  PID:5056
- C:\Windows\System\XyJioLF.exe
  C:\Windows\System\XyJioLF.exe
  2⤵
  PID:5088
- C:\Windows\System\wzcrKkF.exe
  C:\Windows\System\wzcrKkF.exe
  2⤵
  PID:5104
- C:\Windows\System\mwMYLBq.exe
  C:\Windows\System\mwMYLBq.exe
  2⤵
  PID:2628
- C:\Windows\System\TEJUIDO.exe
  C:\Windows\System\TEJUIDO.exe
  2⤵
  PID:2464
- C:\Windows\System\WnYoQLX.exe
  C:\Windows\System\WnYoQLX.exe
  2⤵
  PID:3884
- C:\Windows\System\mXJBMIV.exe
  C:\Windows\System\mXJBMIV.exe
  2⤵
  PID:4116
- C:\Windows\System\IcDlAfS.exe
  C:\Windows\System\IcDlAfS.exe
  2⤵
  PID:3940
- C:\Windows\System\oHKJnkc.exe
  C:\Windows\System\oHKJnkc.exe
  2⤵
  PID:4136
- C:\Windows\System\QWtlLrZ.exe
  C:\Windows\System\QWtlLrZ.exe
  2⤵
  PID:4100
- C:\Windows\System\kkGNYUI.exe
  C:\Windows\System\kkGNYUI.exe
  2⤵
  PID:4184
- C:\Windows\System\fZwWeny.exe
  C:\Windows\System\fZwWeny.exe
  2⤵
  PID:4292
- C:\Windows\System\ZzuoDHh.exe
  C:\Windows\System\ZzuoDHh.exe
  2⤵
  PID:2092
- C:\Windows\System\wJAtdLT.exe
  C:\Windows\System\wJAtdLT.exe
  2⤵
  PID:4228
- C:\Windows\System\qcgYByg.exe
  C:\Windows\System\qcgYByg.exe
  2⤵
  PID:4368
- C:\Windows\System\SyltMjJ.exe
  C:\Windows\System\SyltMjJ.exe
  2⤵
  PID:1500
- C:\Windows\System\gfZdfIF.exe
  C:\Windows\System\gfZdfIF.exe
  2⤵
  PID:2468
- C:\Windows\System\VcMdCmf.exe
  C:\Windows\System\VcMdCmf.exe
  2⤵
  PID:4272
- C:\Windows\System\tMsupzG.exe
  C:\Windows\System\tMsupzG.exe
  2⤵
  PID:4444
- C:\Windows\System\ojNSGrw.exe
  C:\Windows\System\ojNSGrw.exe
  2⤵
  PID:4384
- C:\Windows\System\aIXaojY.exe
  C:\Windows\System\aIXaojY.exe
  2⤵
  PID:4420
- C:\Windows\System\myXVSyc.exe
  C:\Windows\System\myXVSyc.exe
  2⤵
  PID:1888
- C:\Windows\System\XWPBpXJ.exe
  C:\Windows\System\XWPBpXJ.exe
  2⤵
  PID:2772
- C:\Windows\System\zOgnocO.exe
  C:\Windows\System\zOgnocO.exe
  2⤵
  PID:2728
- C:\Windows\System\xRCFkNq.exe
  C:\Windows\System\xRCFkNq.exe
  2⤵
  PID:2400
- C:\Windows\System\dhtkRXn.exe
  C:\Windows\System\dhtkRXn.exe
  2⤵
  PID:4596
- C:\Windows\System\jEOdull.exe
  C:\Windows\System\jEOdull.exe
  2⤵
  PID:4640
- C:\Windows\System\FnMOSId.exe
  C:\Windows\System\FnMOSId.exe
  2⤵
  PID:4704
- C:\Windows\System\mWGJLIx.exe
  C:\Windows\System\mWGJLIx.exe
  2⤵
  PID:2356
- C:\Windows\System\xsZQDif.exe
  C:\Windows\System\xsZQDif.exe
  2⤵
  PID:2060
- C:\Windows\System\sPKLLXN.exe
  C:\Windows\System\sPKLLXN.exe
  2⤵
  PID:696
- C:\Windows\System\TawfjcB.exe
  C:\Windows\System\TawfjcB.exe
  2⤵
  PID:4552
- C:\Windows\System\ISFBTpk.exe
  C:\Windows\System\ISFBTpk.exe
  2⤵
  PID:4476
- C:\Windows\System\raNTCPl.exe
  C:\Windows\System\raNTCPl.exe
  2⤵
  PID:4620
- C:\Windows\System\zPWuirV.exe
  C:\Windows\System\zPWuirV.exe
  2⤵
  PID:4684
- C:\Windows\System\exulBIv.exe
  C:\Windows\System\exulBIv.exe
  2⤵
  PID:4748
- C:\Windows\System\OPVYrEq.exe
  C:\Windows\System\OPVYrEq.exe
  2⤵
  PID:4652
- C:\Windows\System\BlKURHz.exe
  C:\Windows\System\BlKURHz.exe
  2⤵
  PID:4884
- C:\Windows\System\hyMqGgR.exe
  C:\Windows\System\hyMqGgR.exe
  2⤵
  PID:4932
- C:\Windows\System\jCsvLCt.exe
  C:\Windows\System\jCsvLCt.exe
  2⤵
  PID:4968
- C:\Windows\System\cgnDKRu.exe
  C:\Windows\System\cgnDKRu.exe
  2⤵
  PID:5004
- C:\Windows\System\dGyOLeS.exe
  C:\Windows\System\dGyOLeS.exe
  2⤵
  PID:4856
- C:\Windows\System\WkHumPM.exe
  C:\Windows\System\WkHumPM.exe
  2⤵
  PID:4904
- C:\Windows\System\TlzSOqv.exe
  C:\Windows\System\TlzSOqv.exe
  2⤵
  PID:5024
- C:\Windows\System\vmMtgMC.exe
  C:\Windows\System\vmMtgMC.exe
  2⤵
  PID:5072
- C:\Windows\System\waseZDJ.exe
  C:\Windows\System\waseZDJ.exe
  2⤵
  PID:5052
- C:\Windows\System\JNgDuXB.exe
  C:\Windows\System\JNgDuXB.exe
  2⤵
  PID:5112
- C:\Windows\System\qasqrwT.exe
  C:\Windows\System\qasqrwT.exe
  2⤵
  PID:5084
- C:\Windows\System\DAdhqjI.exe
  C:\Windows\System\DAdhqjI.exe
  2⤵
  PID:2880
- C:\Windows\System\qFLxmbC.exe
  C:\Windows\System\qFLxmbC.exe
  2⤵
  PID:4144
- C:\Windows\System\nlzLbcq.exe
  C:\Windows\System\nlzLbcq.exe
  2⤵
  PID:4244
- C:\Windows\System\VPGkGLz.exe
  C:\Windows\System\VPGkGLz.exe
  2⤵
  PID:4284
- C:\Windows\System\TfMTcTg.exe
  C:\Windows\System\TfMTcTg.exe
  2⤵
  PID:4320
- C:\Windows\System\gQplLGn.exe
  C:\Windows\System\gQplLGn.exe
  2⤵
  PID:4360
- C:\Windows\System\gesJUmy.exe
  C:\Windows\System\gesJUmy.exe
  2⤵
  PID:1288
- C:\Windows\System\dHoJGae.exe
  C:\Windows\System\dHoJGae.exe
  2⤵
  PID:4268
- C:\Windows\System\vnLYhWa.exe
  C:\Windows\System\vnLYhWa.exe
  2⤵
  PID:1060
- C:\Windows\System\pdIDjiY.exe
  C:\Windows\System\pdIDjiY.exe
  2⤵
  PID:4496
- C:\Windows\System\HMtKqut.exe
  C:\Windows\System\HMtKqut.exe
  2⤵
  PID:2876
- C:\Windows\System\GTlhgHf.exe
  C:\Windows\System\GTlhgHf.exe
  2⤵
  PID:4472
- C:\Windows\System\cxFbkdb.exe
  C:\Windows\System\cxFbkdb.exe
  2⤵
  PID:2352
- C:\Windows\System\fqqOSKD.exe
  C:\Windows\System\fqqOSKD.exe
  2⤵
  PID:4736
- C:\Windows\System\OHPmaAQ.exe
  C:\Windows\System\OHPmaAQ.exe
  2⤵
  PID:4812
- C:\Windows\System\PlPXDPR.exe
  C:\Windows\System\PlPXDPR.exe
  2⤵
  PID:1284
- C:\Windows\System\xPxstPS.exe
  C:\Windows\System\xPxstPS.exe
  2⤵
  PID:4788
- C:\Windows\System\PSfjFqF.exe
  C:\Windows\System\PSfjFqF.exe
  2⤵
  PID:4656
- C:\Windows\System\lmKitEc.exe
  C:\Windows\System\lmKitEc.exe
  2⤵
  PID:4548
- C:\Windows\System\kTGQGlb.exe
  C:\Windows\System\kTGQGlb.exe
  2⤵
  PID:4864
- C:\Windows\System\ZqoiNgq.exe
  C:\Windows\System\ZqoiNgq.exe
  2⤵
  PID:4720
- C:\Windows\System\sWipaUT.exe
  C:\Windows\System\sWipaUT.exe
  2⤵
  PID:5016
- C:\Windows\System\CKzYLFa.exe
  C:\Windows\System\CKzYLFa.exe
  2⤵
  PID:4880
- C:\Windows\System\beSvjVJ.exe
  C:\Windows\System\beSvjVJ.exe
  2⤵
  PID:5080
- C:\Windows\System\lMZQnXd.exe
  C:\Windows\System\lMZQnXd.exe
  2⤵
  PID:2428
- C:\Windows\System\wTprlyU.exe
  C:\Windows\System\wTprlyU.exe
  2⤵
  PID:2676
- C:\Windows\System\WPyGHff.exe
  C:\Windows\System\WPyGHff.exe
  2⤵
  PID:4248
- C:\Windows\System\cUJvFDx.exe
  C:\Windows\System\cUJvFDx.exe
  2⤵
  PID:4404
- C:\Windows\System\tWACPtn.exe
  C:\Windows\System\tWACPtn.exe
  2⤵
  PID:4188
- C:\Windows\System\yKuKEix.exe
  C:\Windows\System\yKuKEix.exe
  2⤵
  PID:4208
- C:\Windows\System\hoIwLOy.exe
  C:\Windows\System\hoIwLOy.exe
  2⤵
  PID:2508
- C:\Windows\System\WDSNHMM.exe
  C:\Windows\System\WDSNHMM.exe
  2⤵
  PID:4768
- C:\Windows\System\LuuPsRB.exe
  C:\Windows\System\LuuPsRB.exe
  2⤵
  PID:2008
- C:\Windows\System\XSrOOSg.exe
  C:\Windows\System\XSrOOSg.exe
  2⤵
  PID:4532
- C:\Windows\System\RtbVGMP.exe
  C:\Windows\System\RtbVGMP.exe
  2⤵
  PID:4824
- C:\Windows\System\fRTfmpq.exe
  C:\Windows\System\fRTfmpq.exe
  2⤵
  PID:3956
- C:\Windows\System\urxEfsE.exe
  C:\Windows\System\urxEfsE.exe
  2⤵
  PID:4512
- C:\Windows\System\dUmwLFB.exe
  C:\Windows\System\dUmwLFB.exe
  2⤵
  PID:5000
- C:\Windows\System\kksxsZi.exe
  C:\Windows\System\kksxsZi.exe
  2⤵
  PID:4348
- C:\Windows\System\WkCkTRU.exe
  C:\Windows\System\WkCkTRU.exe
  2⤵
  PID:4288
- C:\Windows\System\sSzLecB.exe
  C:\Windows\System\sSzLecB.exe
  2⤵
  PID:4716
- C:\Windows\System\wRCPiIZ.exe
  C:\Windows\System\wRCPiIZ.exe
  2⤵
  PID:4988
- C:\Windows\System\uwSGDjs.exe
  C:\Windows\System\uwSGDjs.exe
  2⤵
  PID:5048
- C:\Windows\System\fMdgSpX.exe
  C:\Windows\System\fMdgSpX.exe
  2⤵
  PID:4400
- C:\Windows\System\ETpcBLI.exe
  C:\Windows\System\ETpcBLI.exe
  2⤵
  PID:4700
- C:\Windows\System\ZGZwBXL.exe
  C:\Windows\System\ZGZwBXL.exe
  2⤵
  PID:4752
- C:\Windows\System\joxQcUx.exe
  C:\Windows\System\joxQcUx.exe
  2⤵
  PID:4564
- C:\Windows\System\RSHlCTL.exe
  C:\Windows\System\RSHlCTL.exe
  2⤵
  PID:580
- C:\Windows\System\nPpbYyo.exe
  C:\Windows\System\nPpbYyo.exe
  2⤵
  PID:4492
- C:\Windows\System\wAEbOFu.exe
  C:\Windows\System\wAEbOFu.exe
  2⤵
  PID:4328
- C:\Windows\System\TUADQTh.exe
  C:\Windows\System\TUADQTh.exe
  2⤵
  PID:4408
- C:\Windows\System\YhnuVuR.exe
  C:\Windows\System\YhnuVuR.exe
  2⤵
  PID:4868
- C:\Windows\System\EhdSVCN.exe
  C:\Windows\System\EhdSVCN.exe
  2⤵
  PID:4636
- C:\Windows\System\bJjflCT.exe
  C:\Windows\System\bJjflCT.exe
  2⤵
  PID:4468
- C:\Windows\System\hZPktpg.exe
  C:\Windows\System\hZPktpg.exe
  2⤵
  PID:5136
- C:\Windows\System\svnUJst.exe
  C:\Windows\System\svnUJst.exe
  2⤵
  PID:5156
- C:\Windows\System\zdUOVwZ.exe
  C:\Windows\System\zdUOVwZ.exe
  2⤵
  PID:5172
- C:\Windows\System\cnwchXR.exe
  C:\Windows\System\cnwchXR.exe
  2⤵
  PID:5188
- C:\Windows\System\UnVYWXn.exe
  C:\Windows\System\UnVYWXn.exe
  2⤵
  PID:5204
- C:\Windows\System\TbpXBWw.exe
  C:\Windows\System\TbpXBWw.exe
  2⤵
  PID:5220
- C:\Windows\System\pDnvfpY.exe
  C:\Windows\System\pDnvfpY.exe
  2⤵
  PID:5236
- C:\Windows\System\tXMzEGu.exe
  C:\Windows\System\tXMzEGu.exe
  2⤵
  PID:5252
- C:\Windows\System\ByTKNmi.exe
  C:\Windows\System\ByTKNmi.exe
  2⤵
  PID:5268
- C:\Windows\System\VsLTYCN.exe
  C:\Windows\System\VsLTYCN.exe
  2⤵
  PID:5324
- C:\Windows\System\XNFstyd.exe
  C:\Windows\System\XNFstyd.exe
  2⤵
  PID:5348
- C:\Windows\System\eGSKRGR.exe
  C:\Windows\System\eGSKRGR.exe
  2⤵
  PID:5368
- C:\Windows\System\ohLtXEU.exe
  C:\Windows\System\ohLtXEU.exe
  2⤵
  PID:5392
- C:\Windows\System\FPPEYAZ.exe
  C:\Windows\System\FPPEYAZ.exe
  2⤵
  PID:5408
- C:\Windows\System\iyEBcBz.exe
  C:\Windows\System\iyEBcBz.exe
  2⤵
  PID:5424
- C:\Windows\System\McfulEl.exe
  C:\Windows\System\McfulEl.exe
  2⤵
  PID:5440
- C:\Windows\System\wrHEoxZ.exe
  C:\Windows\System\wrHEoxZ.exe
  2⤵
  PID:5456
- C:\Windows\System\WoGhEim.exe
  C:\Windows\System\WoGhEim.exe
  2⤵
  PID:5480
- C:\Windows\System\hwyCDaH.exe
  C:\Windows\System\hwyCDaH.exe
  2⤵
  PID:5500
- C:\Windows\System\LtcDJdZ.exe
  C:\Windows\System\LtcDJdZ.exe
  2⤵
  PID:5516
- C:\Windows\System\qsrUwmL.exe
  C:\Windows\System\qsrUwmL.exe
  2⤵
  PID:5532
- C:\Windows\System\bAjXLUI.exe
  C:\Windows\System\bAjXLUI.exe
  2⤵
  PID:5548
- C:\Windows\System\kgkdtbA.exe
  C:\Windows\System\kgkdtbA.exe
  2⤵
  PID:5568
- C:\Windows\System\PTHCIFi.exe
  C:\Windows\System\PTHCIFi.exe
  2⤵
  PID:5592
- C:\Windows\System\WyNAJjt.exe
  C:\Windows\System\WyNAJjt.exe
  2⤵
  PID:5608
- C:\Windows\System\VuITPnW.exe
  C:\Windows\System\VuITPnW.exe
  2⤵
  PID:5624
- C:\Windows\System\diQzAOu.exe
  C:\Windows\System\diQzAOu.exe
  2⤵
  PID:5644
- C:\Windows\System\vXNPlJT.exe
  C:\Windows\System\vXNPlJT.exe
  2⤵
  PID:5664
- C:\Windows\System\nComSTV.exe
  C:\Windows\System\nComSTV.exe
  2⤵
  PID:5680
- C:\Windows\System\nZBwMXY.exe
  C:\Windows\System\nZBwMXY.exe
  2⤵
  PID:5748
- C:\Windows\System\DUiWMsU.exe
  C:\Windows\System\DUiWMsU.exe
  2⤵
  PID:5768
- C:\Windows\System\vLXiEpz.exe
  C:\Windows\System\vLXiEpz.exe
  2⤵
  PID:5784
- C:\Windows\System\NggTBvw.exe
  C:\Windows\System\NggTBvw.exe
  2⤵
  PID:5800
- C:\Windows\System\athwsGm.exe
  C:\Windows\System\athwsGm.exe
  2⤵
  PID:5816
- C:\Windows\System\wlDKdoe.exe
  C:\Windows\System\wlDKdoe.exe
  2⤵
  PID:5836
- C:\Windows\System\fRRugxa.exe
  C:\Windows\System\fRRugxa.exe
  2⤵
  PID:5852
- C:\Windows\System\syiCowE.exe
  C:\Windows\System\syiCowE.exe
  2⤵
  PID:5868
- C:\Windows\System\XKhUnkU.exe
  C:\Windows\System\XKhUnkU.exe
  2⤵
  PID:5884
- C:\Windows\System\aWeykSP.exe
  C:\Windows\System\aWeykSP.exe
  2⤵
  PID:5900
- C:\Windows\System\SnzDqJQ.exe
  C:\Windows\System\SnzDqJQ.exe
  2⤵
  PID:5920
- C:\Windows\System\ZGCFsgP.exe
  C:\Windows\System\ZGCFsgP.exe
  2⤵
  PID:5940
- C:\Windows\System\lqEwIAa.exe
  C:\Windows\System\lqEwIAa.exe
  2⤵
  PID:5960
- C:\Windows\System\wIWFFHy.exe
  C:\Windows\System\wIWFFHy.exe
  2⤵
  PID:5976
- C:\Windows\System\IlfyPlw.exe
  C:\Windows\System\IlfyPlw.exe
  2⤵
  PID:5992
- C:\Windows\System\MHLmhIS.exe
  C:\Windows\System\MHLmhIS.exe
  2⤵
  PID:6048
- C:\Windows\System\XTXJehU.exe
  C:\Windows\System\XTXJehU.exe
  2⤵
  PID:6064
- C:\Windows\System\FnQLnsT.exe
  C:\Windows\System\FnQLnsT.exe
  2⤵
  PID:6080
- C:\Windows\System\VpXHmRn.exe
  C:\Windows\System\VpXHmRn.exe
  2⤵
  PID:6096
- C:\Windows\System\vUpIbco.exe
  C:\Windows\System\vUpIbco.exe
  2⤵
  PID:6120
- C:\Windows\System\NkRbQhW.exe
  C:\Windows\System\NkRbQhW.exe
  2⤵
  PID:6140
- C:\Windows\System\NPfwzcI.exe
  C:\Windows\System\NPfwzcI.exe
  2⤵
  PID:3220
- C:\Windows\System\qKxYwsC.exe
  C:\Windows\System\qKxYwsC.exe
  2⤵
  PID:1056
- C:\Windows\System\tNLcFQe.exe
  C:\Windows\System\tNLcFQe.exe
  2⤵
  PID:4920
- C:\Windows\System\ilUexbX.exe
  C:\Windows\System\ilUexbX.exe
  2⤵
  PID:5184
- C:\Windows\System\vNVhkAS.exe
  C:\Windows\System\vNVhkAS.exe
  2⤵
  PID:4624
- C:\Windows\System\njgcTWs.exe
  C:\Windows\System\njgcTWs.exe
  2⤵
  PID:5280
- C:\Windows\System\TVawNmS.exe
  C:\Windows\System\TVawNmS.exe
  2⤵
  PID:4264
- C:\Windows\System\PECtLFH.exe
  C:\Windows\System\PECtLFH.exe
  2⤵
  PID:5168
- C:\Windows\System\DTzBNoU.exe
  C:\Windows\System\DTzBNoU.exe
  2⤵
  PID:5232
- C:\Windows\System\eEXKwnS.exe
  C:\Windows\System\eEXKwnS.exe
  2⤵
  PID:5304
- C:\Windows\System\mzTTHlQ.exe
  C:\Windows\System\mzTTHlQ.exe
  2⤵
  PID:5344
- C:\Windows\System\MBScRqm.exe
  C:\Windows\System\MBScRqm.exe
  2⤵
  PID:5388
- C:\Windows\System\uITjUAW.exe
  C:\Windows\System\uITjUAW.exe
  2⤵
  PID:5564
- C:\Windows\System\TgbTsuM.exe
  C:\Windows\System\TgbTsuM.exe
  2⤵
  PID:5636
- C:\Windows\System\KidznHg.exe
  C:\Windows\System\KidznHg.exe
  2⤵
  PID:5400
- C:\Windows\System\JVYvsho.exe
  C:\Windows\System\JVYvsho.exe
  2⤵
  PID:5464
- C:\Windows\System\ZAvdTRY.exe
  C:\Windows\System\ZAvdTRY.exe
  2⤵
  PID:5508
- C:\Windows\System\zpyVhnO.exe
  C:\Windows\System\zpyVhnO.exe
  2⤵
  PID:5544
- C:\Windows\System\WbEcYCf.exe
  C:\Windows\System\WbEcYCf.exe
  2⤵
  PID:5588
- C:\Windows\System\ZJpAHPV.exe
  C:\Windows\System\ZJpAHPV.exe
  2⤵
  PID:5656
- C:\Windows\System\HKyavue.exe
  C:\Windows\System\HKyavue.exe
  2⤵
  PID:5320
- C:\Windows\System\caCseaj.exe
  C:\Windows\System\caCseaj.exe
  2⤵
  PID:5724
- C:\Windows\System\CCFUoTJ.exe
  C:\Windows\System\CCFUoTJ.exe
  2⤵
  PID:5720
- C:\Windows\System\EMvDyki.exe
  C:\Windows\System\EMvDyki.exe
  2⤵
  PID:5740
- C:\Windows\System\IQIsUzi.exe
  C:\Windows\System\IQIsUzi.exe
  2⤵
  PID:5860
- C:\Windows\System\xUKtFFC.exe
  C:\Windows\System\xUKtFFC.exe
  2⤵
  PID:5968
- C:\Windows\System\RWbuRDA.exe
  C:\Windows\System\RWbuRDA.exe
  2⤵
  PID:6016
- C:\Windows\System\CuzoaLQ.exe
  C:\Windows\System\CuzoaLQ.exe
  2⤵
  PID:6032
- C:\Windows\System\dCiVZnd.exe
  C:\Windows\System\dCiVZnd.exe
  2⤵
  PID:5844
- C:\Windows\System\BfUfziL.exe
  C:\Windows\System\BfUfziL.exe
  2⤵
  PID:5916
- C:\Windows\System\RrpIPYx.exe
  C:\Windows\System\RrpIPYx.exe
  2⤵
  PID:6040
- C:\Windows\System\empKAeY.exe
  C:\Windows\System\empKAeY.exe
  2⤵
  PID:6076
- C:\Windows\System\NkDvoqQ.exe
  C:\Windows\System\NkDvoqQ.exe
  2⤵
  PID:6112
- C:\Windows\System\RHwBQOd.exe
  C:\Windows\System\RHwBQOd.exe
  2⤵
  PID:2548
- C:\Windows\System\MRSEbRR.exe
  C:\Windows\System\MRSEbRR.exe
  2⤵
  PID:5216
- C:\Windows\System\xcfJOPh.exe
  C:\Windows\System\xcfJOPh.exe
  2⤵
  PID:5200
- C:\Windows\System\gdQNrcX.exe
  C:\Windows\System\gdQNrcX.exe
  2⤵
  PID:6136
- C:\Windows\System\IwnOmYV.exe
  C:\Windows\System\IwnOmYV.exe
  2⤵
  PID:5420
- C:\Windows\System\CsivsQm.exe
  C:\Windows\System\CsivsQm.exe
  2⤵
  PID:5300
- C:\Windows\System\TFysZrW.exe
  C:\Windows\System\TFysZrW.exe
  2⤵
  PID:5248
- C:\Windows\System\qAGfHDW.exe
  C:\Windows\System\qAGfHDW.exe
  2⤵
  PID:5264
- C:\Windows\System\KdBAFes.exe
  C:\Windows\System\KdBAFes.exe
  2⤵
  PID:5556
- C:\Windows\System\AnINkFl.exe
  C:\Windows\System\AnINkFl.exe
  2⤵
  PID:5672
- C:\Windows\System\AmcUytu.exe
  C:\Windows\System\AmcUytu.exe
  2⤵
  PID:5584
- C:\Windows\System\JIyUtvk.exe
  C:\Windows\System\JIyUtvk.exe
  2⤵
  PID:5708
- C:\Windows\System\AIjsakM.exe
  C:\Windows\System\AIjsakM.exe
  2⤵
  PID:5824
- C:\Windows\System\ItHZPty.exe
  C:\Windows\System\ItHZPty.exe
  2⤵
  PID:5732
- C:\Windows\System\UmSGKjm.exe
  C:\Windows\System\UmSGKjm.exe
  2⤵
  PID:5360
- C:\Windows\System\EgIpAxU.exe
  C:\Windows\System\EgIpAxU.exe
  2⤵
  PID:5828
- C:\Windows\System\GYlgomT.exe
  C:\Windows\System\GYlgomT.exe
  2⤵
  PID:5928
- C:\Windows\System\JSPnPhg.exe
  C:\Windows\System\JSPnPhg.exe
  2⤵
  PID:6008
- C:\Windows\System\QLvFVhg.exe
  C:\Windows\System\QLvFVhg.exe
  2⤵
  PID:5776
- C:\Windows\System\JbeRTee.exe
  C:\Windows\System\JbeRTee.exe
  2⤵
  PID:5908
- C:\Windows\System\HSKsRew.exe
  C:\Windows\System\HSKsRew.exe
  2⤵
  PID:5988
- C:\Windows\System\rkcJkGe.exe
  C:\Windows\System\rkcJkGe.exe
  2⤵
  PID:5196
- C:\Windows\System\vayFbje.exe
  C:\Windows\System\vayFbje.exe
  2⤵
  PID:6044
- C:\Windows\System\WOQrJes.exe
  C:\Windows\System\WOQrJes.exe
  2⤵
  PID:6092
- C:\Windows\System\JtoJmnr.exe
  C:\Windows\System\JtoJmnr.exe
  2⤵
  PID:5492
- C:\Windows\System\fWfhync.exe
  C:\Windows\System\fWfhync.exe
  2⤵
  PID:5164
- C:\Windows\System\OsqzeKE.exe
  C:\Windows\System\OsqzeKE.exe
  2⤵
  PID:5316
- C:\Windows\System\nYwVxPY.exe
  C:\Windows\System\nYwVxPY.exe
  2⤵
  PID:5704
- C:\Windows\System\AqfeuKZ.exe
  C:\Windows\System\AqfeuKZ.exe
  2⤵
  PID:5936
- C:\Windows\System\DAscGQu.exe
  C:\Windows\System\DAscGQu.exe
  2⤵
  PID:6060
- C:\Windows\System\nEwsrxR.exe
  C:\Windows\System\nEwsrxR.exe
  2⤵
  PID:4164
- C:\Windows\System\UDFuhMM.exe
  C:\Windows\System\UDFuhMM.exe
  2⤵
  PID:5760
- C:\Windows\System\gUDTgUZ.exe
  C:\Windows\System\gUDTgUZ.exe
  2⤵
  PID:4508
- C:\Windows\System\rGIZBRr.exe
  C:\Windows\System\rGIZBRr.exe
  2⤵
  PID:6012
- C:\Windows\System\XtuAQbf.exe
  C:\Windows\System\XtuAQbf.exe
  2⤵
  PID:1100
- C:\Windows\System\MdCAOte.exe
  C:\Windows\System\MdCAOte.exe
  2⤵
  PID:5716
- C:\Windows\System\LXdcEee.exe
  C:\Windows\System\LXdcEee.exe
  2⤵
  PID:5528
- C:\Windows\System\VwCxJJA.exe
  C:\Windows\System\VwCxJJA.exe
  2⤵
  PID:5132
- C:\Windows\System\IXzYdOS.exe
  C:\Windows\System\IXzYdOS.exe
  2⤵
  PID:5632
- C:\Windows\System\VjQDCPV.exe
  C:\Windows\System\VjQDCPV.exe
  2⤵
  PID:5812
- C:\Windows\System\nUaGkQk.exe
  C:\Windows\System\nUaGkQk.exe
  2⤵
  PID:5580
- C:\Windows\System\RvGJcvd.exe
  C:\Windows\System\RvGJcvd.exe
  2⤵
  PID:6088
- C:\Windows\System\uzkqlLh.exe
  C:\Windows\System\uzkqlLh.exe
  2⤵
  PID:5696
- C:\Windows\System\wkwShVy.exe
  C:\Windows\System\wkwShVy.exe
  2⤵
  PID:5384
- C:\Windows\System\pbOGgnx.exe
  C:\Windows\System\pbOGgnx.exe
  2⤵
  PID:6152
- C:\Windows\System\MfWCVal.exe
  C:\Windows\System\MfWCVal.exe
  2⤵
  PID:6168
- C:\Windows\System\VYoBFdZ.exe
  C:\Windows\System\VYoBFdZ.exe
  2⤵
  PID:6184
- C:\Windows\System\kHRjCkY.exe
  C:\Windows\System\kHRjCkY.exe
  2⤵
  PID:6200
- C:\Windows\System\iJhQWSq.exe
  C:\Windows\System\iJhQWSq.exe
  2⤵
  PID:6220
- C:\Windows\System\TEDCYBX.exe
  C:\Windows\System\TEDCYBX.exe
  2⤵
  PID:6236
- C:\Windows\System\NtBlVOI.exe
  C:\Windows\System\NtBlVOI.exe
  2⤵
  PID:6252
- C:\Windows\System\JFdgwdK.exe
  C:\Windows\System\JFdgwdK.exe
  2⤵
  PID:6284
- C:\Windows\System\MhjZlgt.exe
  C:\Windows\System\MhjZlgt.exe
  2⤵
  PID:6316
- C:\Windows\System\RBOXqsn.exe
  C:\Windows\System\RBOXqsn.exe
  2⤵
  PID:6356
- C:\Windows\System\qQURxBh.exe
  C:\Windows\System\qQURxBh.exe
  2⤵
  PID:6372
- C:\Windows\System\TvNYKoQ.exe
  C:\Windows\System\TvNYKoQ.exe
  2⤵
  PID:6388
- C:\Windows\System\UyvuHna.exe
  C:\Windows\System\UyvuHna.exe
  2⤵
  PID:6428
- C:\Windows\System\GIjwMWD.exe
  C:\Windows\System\GIjwMWD.exe
  2⤵
  PID:6444
- C:\Windows\System\xAxcjWn.exe
  C:\Windows\System\xAxcjWn.exe
  2⤵
  PID:6460
- C:\Windows\System\HocwPoh.exe
  C:\Windows\System\HocwPoh.exe
  2⤵
  PID:6476
- C:\Windows\System\BFsVkiS.exe
  C:\Windows\System\BFsVkiS.exe
  2⤵
  PID:6492
- C:\Windows\System\ofdsxJy.exe
  C:\Windows\System\ofdsxJy.exe
  2⤵
  PID:6508
- C:\Windows\System\OZlqNxB.exe
  C:\Windows\System\OZlqNxB.exe
  2⤵
  PID:6524
- C:\Windows\System\LoythDT.exe
  C:\Windows\System\LoythDT.exe
  2⤵
  PID:6540
- C:\Windows\System\qOCJpLA.exe
  C:\Windows\System\qOCJpLA.exe
  2⤵
  PID:6556
- C:\Windows\System\qceCQDJ.exe
  C:\Windows\System\qceCQDJ.exe
  2⤵
  PID:6572
- C:\Windows\System\dgeXNHY.exe
  C:\Windows\System\dgeXNHY.exe
  2⤵
  PID:6592
- C:\Windows\System\fTZrnIw.exe
  C:\Windows\System\fTZrnIw.exe
  2⤵
  PID:6636
- C:\Windows\System\eQhyLYp.exe
  C:\Windows\System\eQhyLYp.exe
  2⤵
  PID:6652
- C:\Windows\System\pdJSypo.exe
  C:\Windows\System\pdJSypo.exe
  2⤵
  PID:6668
- C:\Windows\System\oIdMcRY.exe
  C:\Windows\System\oIdMcRY.exe
  2⤵
  PID:6684
- C:\Windows\System\wkOHVZD.exe
  C:\Windows\System\wkOHVZD.exe
  2⤵
  PID:6720
- C:\Windows\System\kFokHDI.exe
  C:\Windows\System\kFokHDI.exe
  2⤵
  PID:6736
- C:\Windows\System\VNPGYfQ.exe
  C:\Windows\System\VNPGYfQ.exe
  2⤵
  PID:6752
- C:\Windows\System\CmxEvNZ.exe
  C:\Windows\System\CmxEvNZ.exe
  2⤵
  PID:6772
- C:\Windows\System\SZaMDVH.exe
  C:\Windows\System\SZaMDVH.exe
  2⤵
  PID:6792
- C:\Windows\System\bspJjcy.exe
  C:\Windows\System\bspJjcy.exe
  2⤵
  PID:6808
- C:\Windows\System\atNogJN.exe
  C:\Windows\System\atNogJN.exe
  2⤵
  PID:6828
- C:\Windows\System\SvTDmfF.exe
  C:\Windows\System\SvTDmfF.exe
  2⤵
  PID:6844
- C:\Windows\System\GePAtYC.exe
  C:\Windows\System\GePAtYC.exe
  2⤵
  PID:6860
- C:\Windows\System\sYLYGDC.exe
  C:\Windows\System\sYLYGDC.exe
  2⤵
  PID:6876
- C:\Windows\System\msZqTpn.exe
  C:\Windows\System\msZqTpn.exe
  2⤵
  PID:6892
- C:\Windows\System\TnUTWYM.exe
  C:\Windows\System\TnUTWYM.exe
  2⤵
  PID:6952
- C:\Windows\System\lJOuXJz.exe
  C:\Windows\System\lJOuXJz.exe
  2⤵
  PID:6968
- C:\Windows\System\CQEZGcg.exe
  C:\Windows\System\CQEZGcg.exe
  2⤵
  PID:6984
- C:\Windows\System\vlHqEmR.exe
  C:\Windows\System\vlHqEmR.exe
  2⤵
  PID:7004
- C:\Windows\System\ZSJIMJQ.exe
  C:\Windows\System\ZSJIMJQ.exe
  2⤵
  PID:7020
- C:\Windows\System\SWEFiCe.exe
  C:\Windows\System\SWEFiCe.exe
  2⤵
  PID:7040
- C:\Windows\System\SntJfUY.exe
  C:\Windows\System\SntJfUY.exe
  2⤵
  PID:7060
- C:\Windows\System\qTcfYlk.exe
  C:\Windows\System\qTcfYlk.exe
  2⤵
  PID:7076
- C:\Windows\System\RAMJtcz.exe
  C:\Windows\System\RAMJtcz.exe
  2⤵
  PID:7092
- C:\Windows\System\NWwcYBQ.exe
  C:\Windows\System\NWwcYBQ.exe
  2⤵
  PID:7112
- C:\Windows\System\AZOiFsw.exe
  C:\Windows\System\AZOiFsw.exe
  2⤵
  PID:7128
- C:\Windows\System\tfdQRpB.exe
  C:\Windows\System\tfdQRpB.exe
  2⤵
  PID:5892
- C:\Windows\System\NaUnfrM.exe
  C:\Windows\System\NaUnfrM.exe
  2⤵
  PID:6160
- C:\Windows\System\VPCAFSJ.exe
  C:\Windows\System\VPCAFSJ.exe
  2⤵
  PID:6228
- C:\Windows\System\hQHVaKL.exe
  C:\Windows\System\hQHVaKL.exe
  2⤵
  PID:6272
- C:\Windows\System\JJikvFS.exe
  C:\Windows\System\JJikvFS.exe
  2⤵
  PID:5880
- C:\Windows\System\agSHSDA.exe
  C:\Windows\System\agSHSDA.exe
  2⤵
  PID:6176
- C:\Windows\System\ihzlAtx.exe
  C:\Windows\System\ihzlAtx.exe
  2⤵
  PID:6212
- C:\Windows\System\JaZkBfM.exe
  C:\Windows\System\JaZkBfM.exe
  2⤵
  PID:5436
- C:\Windows\System\EPRqVdC.exe
  C:\Windows\System\EPRqVdC.exe
  2⤵
  PID:6300
- C:\Windows\System\OkQApKn.exe
  C:\Windows\System\OkQApKn.exe
  2⤵
  PID:6308
- C:\Windows\System\YFXRqkq.exe
  C:\Windows\System\YFXRqkq.exe
  2⤵
  PID:5476
- C:\Windows\System\LKfVBFl.exe
  C:\Windows\System\LKfVBFl.exe
  2⤵
  PID:6348
- C:\Windows\System\gDLZqYx.exe
  C:\Windows\System\gDLZqYx.exe
  2⤵
  PID:6292
- C:\Windows\System\RBwwIeM.exe
  C:\Windows\System\RBwwIeM.exe
  2⤵
  PID:6424
- C:\Windows\System\JCHAQhs.exe
  C:\Windows\System\JCHAQhs.exe
  2⤵
  PID:6440
- C:\Windows\System\JQvFbmH.exe
  C:\Windows\System\JQvFbmH.exe
  2⤵
  PID:6488
- C:\Windows\System\NfRdObC.exe
  C:\Windows\System\NfRdObC.exe
  2⤵
  PID:6548
- C:\Windows\System\VIWoMsp.exe
  C:\Windows\System\VIWoMsp.exe
  2⤵
  PID:6536
- C:\Windows\System\FheqHXR.exe
  C:\Windows\System\FheqHXR.exe
  2⤵
  PID:6604
- C:\Windows\System\kKBsRZM.exe
  C:\Windows\System\kKBsRZM.exe
  2⤵
  PID:6624
- C:\Windows\System\smzzZyJ.exe
  C:\Windows\System\smzzZyJ.exe
  2⤵
  PID:6660
- C:\Windows\System\eBvTqJm.exe
  C:\Windows\System\eBvTqJm.exe
  2⤵
  PID:6700
- C:\Windows\System\emijcYM.exe
  C:\Windows\System\emijcYM.exe
  2⤵
  PID:6716
- C:\Windows\System\OvGfqGc.exe
  C:\Windows\System\OvGfqGc.exe
  2⤵
  PID:6800
- C:\Windows\System\iQNaoKX.exe
  C:\Windows\System\iQNaoKX.exe
  2⤵
  PID:6868
- C:\Windows\System\wtZRaMz.exe
  C:\Windows\System\wtZRaMz.exe
  2⤵
  PID:6820
- C:\Windows\System\gOdtMji.exe
  C:\Windows\System\gOdtMji.exe
  2⤵
  PID:6856
- C:\Windows\System\rjxhnIl.exe
  C:\Windows\System\rjxhnIl.exe
  2⤵
  PID:6932
- C:\Windows\System\nPZBtQF.exe
  C:\Windows\System\nPZBtQF.exe
  2⤵
  PID:6928
- C:\Windows\System\umrgAyL.exe
  C:\Windows\System\umrgAyL.exe
  2⤵
  PID:6924
- C:\Windows\System\hGCVTDN.exe
  C:\Windows\System\hGCVTDN.exe
  2⤵
  PID:6908
- C:\Windows\System\deVClWV.exe
  C:\Windows\System\deVClWV.exe
  2⤵
  PID:7032
- C:\Windows\System\BxgQwLD.exe
  C:\Windows\System\BxgQwLD.exe
  2⤵
  PID:7036
- C:\Windows\System\CqiNtDp.exe
  C:\Windows\System\CqiNtDp.exe
  2⤵
  PID:7104
- C:\Windows\System\iHgPaGS.exe
  C:\Windows\System\iHgPaGS.exe
  2⤵
  PID:7160
- C:\Windows\System\QOTPTAF.exe
  C:\Windows\System\QOTPTAF.exe
  2⤵
  PID:7052
- C:\Windows\System\kjGiedI.exe
  C:\Windows\System\kjGiedI.exe
  2⤵
  PID:6976
- C:\Windows\System\fKAaPDj.exe
  C:\Windows\System\fKAaPDj.exe
  2⤵
  PID:6328
- C:\Windows\System\XurUNIF.exe
  C:\Windows\System\XurUNIF.exe
  2⤵
  PID:6248
- C:\Windows\System\iHuaXyK.exe
  C:\Windows\System\iHuaXyK.exe
  2⤵
  PID:6344
- C:\Windows\System\hJHFAwu.exe
  C:\Windows\System\hJHFAwu.exe
  2⤵
  PID:6368
- C:\Windows\System\ttQxcLE.exe
  C:\Windows\System\ttQxcLE.exe
  2⤵
  PID:6380
- C:\Windows\System\EMRILwJ.exe
  C:\Windows\System\EMRILwJ.exe
  2⤵
  PID:6396
- C:\Windows\System\XNFqniu.exe
  C:\Windows\System\XNFqniu.exe
  2⤵
  PID:6484
- C:\Windows\System\hhgVdHJ.exe
  C:\Windows\System\hhgVdHJ.exe
  2⤵
  PID:6468
- C:\Windows\System\WNlocyU.exe
  C:\Windows\System\WNlocyU.exe
  2⤵
  PID:6500
- C:\Windows\System\nbzaKLh.exe
  C:\Windows\System\nbzaKLh.exe
  2⤵
  PID:6744
- C:\Windows\System\LvhnERN.exe
  C:\Windows\System\LvhnERN.exe
  2⤵
  PID:6532
- C:\Windows\System\FktoZeo.exe
  C:\Windows\System\FktoZeo.exe
  2⤵
  PID:6768
- C:\Windows\System\IeIhwZG.exe
  C:\Windows\System\IeIhwZG.exe
  2⤵
  PID:6764
- C:\Windows\System\icZPXQx.exe
  C:\Windows\System\icZPXQx.exe
  2⤵
  PID:7028
- C:\Windows\System\OFkaKzo.exe
  C:\Windows\System\OFkaKzo.exe
  2⤵
  PID:6816
- C:\Windows\System\PrHMZEQ.exe
  C:\Windows\System\PrHMZEQ.exe
  2⤵
  PID:6280
- C:\Windows\System\TrnEvJS.exe
  C:\Windows\System\TrnEvJS.exe
  2⤵
  PID:7012
- C:\Windows\System\kwiVhHH.exe
  C:\Windows\System\kwiVhHH.exe
  2⤵
  PID:5984
- C:\Windows\System\zGNOgmB.exe
  C:\Windows\System\zGNOgmB.exe
  2⤵
  PID:6940
- C:\Windows\System\RJqzQjt.exe
  C:\Windows\System\RJqzQjt.exe
  2⤵
  PID:6996
- C:\Windows\System\nkMhOuO.exe
  C:\Windows\System\nkMhOuO.exe
  2⤵
  PID:5180
- C:\Windows\System\QCwvNLd.exe
  C:\Windows\System\QCwvNLd.exe
  2⤵
  PID:6332
- C:\Windows\System\OxyPhZs.exe
  C:\Windows\System\OxyPhZs.exe
  2⤵
  PID:6588
- C:\Windows\System\cUeGgqf.exe
  C:\Windows\System\cUeGgqf.exe
  2⤵
  PID:6620
- C:\Windows\System\LnpUADA.exe
  C:\Windows\System\LnpUADA.exe
  2⤵
  PID:6920
- C:\Windows\System\rJRyhSj.exe
  C:\Windows\System\rJRyhSj.exe
  2⤵
  PID:6296
- C:\Windows\System\pMHhAwk.exe
  C:\Windows\System\pMHhAwk.exe
  2⤵
  PID:6676
- C:\Windows\System\kFVcPIw.exe
  C:\Windows\System\kFVcPIw.exe
  2⤵
  PID:6416
- C:\Windows\System\ippcpJA.exe
  C:\Windows\System\ippcpJA.exe
  2⤵
  PID:6680
- C:\Windows\System\PtVOedK.exe
  C:\Windows\System\PtVOedK.exe
  2⤵
  PID:7136
- C:\Windows\System\qcrodwX.exe
  C:\Windows\System\qcrodwX.exe
  2⤵
  PID:6884
- C:\Windows\System\zVtleog.exe
  C:\Windows\System\zVtleog.exe
  2⤵
  PID:7016
- C:\Windows\System\nKdZsQR.exe
  C:\Windows\System\nKdZsQR.exe
  2⤵
  PID:7000
- C:\Windows\System\XTpAdsH.exe
  C:\Windows\System\XTpAdsH.exe
  2⤵
  PID:5152
- C:\Windows\System\gVDlJFf.exe
  C:\Windows\System\gVDlJFf.exe
  2⤵
  PID:6616
- C:\Windows\System\dsaGZKl.exe
  C:\Windows\System\dsaGZKl.exe
  2⤵
  PID:6312
- C:\Windows\System\ONNnaFb.exe
  C:\Windows\System\ONNnaFb.exe
  2⤵
  PID:6192
- C:\Windows\System\ZPqDZlU.exe
  C:\Windows\System\ZPqDZlU.exe
  2⤵
  PID:7100
- C:\Windows\System\rNzuXMA.exe
  C:\Windows\System\rNzuXMA.exe
  2⤵
  PID:6580
- C:\Windows\System\iNvvnIQ.exe
  C:\Windows\System\iNvvnIQ.exe
  2⤵
  PID:6912
- C:\Windows\System\SmzvjJX.exe
  C:\Windows\System\SmzvjJX.exe
  2⤵
  PID:6568
- C:\Windows\System\ZsKDJAi.exe
  C:\Windows\System\ZsKDJAi.exe
  2⤵
  PID:6268
- C:\Windows\System\OEjVOZC.exe
  C:\Windows\System\OEjVOZC.exe
  2⤵
  PID:6520
- C:\Windows\System\qiTkrUr.exe
  C:\Windows\System\qiTkrUr.exe
  2⤵
  PID:6148
- C:\Windows\System\AFPOBak.exe
  C:\Windows\System\AFPOBak.exe
  2⤵
  PID:1552
- C:\Windows\System\sudVdfO.exe
  C:\Windows\System\sudVdfO.exe
  2⤵
  PID:7048
- C:\Windows\System\ubBjWmd.exe
  C:\Windows\System\ubBjWmd.exe
  2⤵
  PID:7172
- C:\Windows\System\MSgBbXN.exe
  C:\Windows\System\MSgBbXN.exe
  2⤵
  PID:7188
- C:\Windows\System\xUUQDeW.exe
  C:\Windows\System\xUUQDeW.exe
  2⤵
  PID:7208
- C:\Windows\System\LwrZQSK.exe
  C:\Windows\System\LwrZQSK.exe
  2⤵
  PID:7224
- C:\Windows\System\pJggQtj.exe
  C:\Windows\System\pJggQtj.exe
  2⤵
  PID:7240
- C:\Windows\System\gBLFCmH.exe
  C:\Windows\System\gBLFCmH.exe
  2⤵
  PID:7256
- C:\Windows\System\aYfkBLc.exe
  C:\Windows\System\aYfkBLc.exe
  2⤵
  PID:7296
- C:\Windows\System\qnEFOHa.exe
  C:\Windows\System\qnEFOHa.exe
  2⤵
  PID:7316
- C:\Windows\System\VQHbIwa.exe
  C:\Windows\System\VQHbIwa.exe
  2⤵
  PID:7336
- C:\Windows\System\fbTfIcB.exe
  C:\Windows\System\fbTfIcB.exe
  2⤵
  PID:7356
- C:\Windows\System\AyyItAw.exe
  C:\Windows\System\AyyItAw.exe
  2⤵
  PID:7376
- C:\Windows\System\nuVENee.exe
  C:\Windows\System\nuVENee.exe
  2⤵
  PID:7392
- C:\Windows\System\UPCcWkZ.exe
  C:\Windows\System\UPCcWkZ.exe
  2⤵
  PID:7412
- C:\Windows\System\TTtwCBl.exe
  C:\Windows\System\TTtwCBl.exe
  2⤵
  PID:7428
- C:\Windows\System\BHHpFAv.exe
  C:\Windows\System\BHHpFAv.exe
  2⤵
  PID:7444
- C:\Windows\System\zJFpqZR.exe
  C:\Windows\System\zJFpqZR.exe
  2⤵
  PID:7464
- C:\Windows\System\QrSEzXt.exe
  C:\Windows\System\QrSEzXt.exe
  2⤵
  PID:7484
- C:\Windows\System\xUrQeFF.exe
  C:\Windows\System\xUrQeFF.exe
  2⤵
  PID:7500
- C:\Windows\System\iQIgZVO.exe
  C:\Windows\System\iQIgZVO.exe
  2⤵
  PID:7532
- C:\Windows\System\RexyEeg.exe
  C:\Windows\System\RexyEeg.exe
  2⤵
  PID:7556
- C:\Windows\System\osKjPtn.exe
  C:\Windows\System\osKjPtn.exe
  2⤵
  PID:7576
- C:\Windows\System\LNvzxMa.exe
  C:\Windows\System\LNvzxMa.exe
  2⤵
  PID:7592
- C:\Windows\System\tTkJnAE.exe
  C:\Windows\System\tTkJnAE.exe
  2⤵
  PID:7612
- C:\Windows\System\GbOMRwg.exe
  C:\Windows\System\GbOMRwg.exe
  2⤵
  PID:7628
- C:\Windows\System\xCuOFlT.exe
  C:\Windows\System\xCuOFlT.exe
  2⤵
  PID:7648
- C:\Windows\System\RlpiUHl.exe
  C:\Windows\System\RlpiUHl.exe
  2⤵
  PID:7664
- C:\Windows\System\cfXAcDM.exe
  C:\Windows\System\cfXAcDM.exe
  2⤵
  PID:7680
- C:\Windows\System\cSIfPEC.exe
  C:\Windows\System\cSIfPEC.exe
  2⤵
  PID:7700
- C:\Windows\System\JVdQIHg.exe
  C:\Windows\System\JVdQIHg.exe
  2⤵
  PID:7716
- C:\Windows\System\KfcjuRs.exe
  C:\Windows\System\KfcjuRs.exe
  2⤵
  PID:7736
- C:\Windows\System\lRHyrna.exe
  C:\Windows\System\lRHyrna.exe
  2⤵
  PID:7756
- C:\Windows\System\TxBmQZN.exe
  C:\Windows\System\TxBmQZN.exe
  2⤵
  PID:7772
- C:\Windows\System\QAXagao.exe
  C:\Windows\System\QAXagao.exe
  2⤵
  PID:7804
- C:\Windows\System\jfmsYSs.exe
  C:\Windows\System\jfmsYSs.exe
  2⤵
  PID:7820
- C:\Windows\System\IdBGkqP.exe
  C:\Windows\System\IdBGkqP.exe
  2⤵
  PID:7860
- C:\Windows\System\TxrRlwJ.exe
  C:\Windows\System\TxrRlwJ.exe
  2⤵
  PID:7876
- C:\Windows\System\JbMgJaa.exe
  C:\Windows\System\JbMgJaa.exe
  2⤵
  PID:7896
- C:\Windows\System\kwvoUZl.exe
  C:\Windows\System\kwvoUZl.exe
  2⤵
  PID:7912
- C:\Windows\System\FQMYNPK.exe
  C:\Windows\System\FQMYNPK.exe
  2⤵
  PID:7928
- C:\Windows\System\bRWuRZh.exe
  C:\Windows\System\bRWuRZh.exe
  2⤵
  PID:7944
- C:\Windows\System\SlJQFVz.exe
  C:\Windows\System\SlJQFVz.exe
  2⤵
  PID:7964
- C:\Windows\System\mfEgpag.exe
  C:\Windows\System\mfEgpag.exe
  2⤵
  PID:7980
- C:\Windows\System\OBkWurt.exe
  C:\Windows\System\OBkWurt.exe
  2⤵
  PID:7996
- C:\Windows\System\olTyUrU.exe
  C:\Windows\System\olTyUrU.exe
  2⤵
  PID:8012
- C:\Windows\System\FmzVuII.exe
  C:\Windows\System\FmzVuII.exe
  2⤵
  PID:8028
- C:\Windows\System\VLoxkPw.exe
  C:\Windows\System\VLoxkPw.exe
  2⤵
  PID:8044
- C:\Windows\System\DNvrtdc.exe
  C:\Windows\System\DNvrtdc.exe
  2⤵
  PID:8060
- C:\Windows\System\GGkQeGc.exe
  C:\Windows\System\GGkQeGc.exe
  2⤵
  PID:8080
- C:\Windows\System\zeTSeNG.exe
  C:\Windows\System\zeTSeNG.exe
  2⤵
  PID:8096
- C:\Windows\System\guoVrSN.exe
  C:\Windows\System\guoVrSN.exe
  2⤵
  PID:8112
- C:\Windows\System\pcnsiHf.exe
  C:\Windows\System\pcnsiHf.exe
  2⤵
  PID:8128
- C:\Windows\System\fxbqHer.exe
  C:\Windows\System\fxbqHer.exe
  2⤵
  PID:8144
- C:\Windows\System\kGQNNtb.exe
  C:\Windows\System\kGQNNtb.exe
  2⤵
  PID:8160
- C:\Windows\System\HRSQRcI.exe
  C:\Windows\System\HRSQRcI.exe
  2⤵
  PID:8180
- C:\Windows\System\XbsgBHK.exe
  C:\Windows\System\XbsgBHK.exe
  2⤵
  PID:6452
- C:\Windows\System\ozaqtsn.exe
  C:\Windows\System\ozaqtsn.exe
  2⤵
  PID:6760
- C:\Windows\System\TdlFAif.exe
  C:\Windows\System\TdlFAif.exe
  2⤵
  PID:7252
- C:\Windows\System\gABfgrR.exe
  C:\Windows\System\gABfgrR.exe
  2⤵
  PID:6340
- C:\Windows\System\gWhhZtP.exe
  C:\Windows\System\gWhhZtP.exe
  2⤵
  PID:7272
- C:\Windows\System\aYllHWp.exe
  C:\Windows\System\aYllHWp.exe
  2⤵
  PID:7292
- C:\Windows\System\AEetwmq.exe
  C:\Windows\System\AEetwmq.exe
  2⤵
  PID:7324
- C:\Windows\System\ekbXDDW.exe
  C:\Windows\System\ekbXDDW.exe
  2⤵
  PID:7352
- C:\Windows\System\LTuWTQd.exe
  C:\Windows\System\LTuWTQd.exe
  2⤵
  PID:7400
- C:\Windows\System\gnzBiJg.exe
  C:\Windows\System\gnzBiJg.exe
  2⤵
  PID:7388
- C:\Windows\System\oGWYsHh.exe
  C:\Windows\System\oGWYsHh.exe
  2⤵
  PID:7492
- C:\Windows\System\kylicrJ.exe
  C:\Windows\System\kylicrJ.exe
  2⤵
  PID:7476
- C:\Windows\System\lCjCfsC.exe
  C:\Windows\System\lCjCfsC.exe
  2⤵
  PID:7520
- C:\Windows\System\rXoRfiu.exe
  C:\Windows\System\rXoRfiu.exe
  2⤵
  PID:7436
- C:\Windows\System\aNBKdSS.exe
  C:\Windows\System\aNBKdSS.exe
  2⤵
  PID:7544
- C:\Windows\System\sSDYTSb.exe
  C:\Windows\System\sSDYTSb.exe
  2⤵
  PID:7588
- C:\Windows\System\XUJEuBz.exe
  C:\Windows\System\XUJEuBz.exe
  2⤵
  PID:7660
- C:\Windows\System\GPdRzgm.exe
  C:\Windows\System\GPdRzgm.exe
  2⤵
  PID:7724
- C:\Windows\System\uOhiLTC.exe
  C:\Windows\System\uOhiLTC.exe
  2⤵
  PID:7568
- C:\Windows\System\rUhQgwE.exe
  C:\Windows\System\rUhQgwE.exe
  2⤵
  PID:7672
- C:\Windows\System\AaFdlje.exe
  C:\Windows\System\AaFdlje.exe
  2⤵
  PID:7816
- C:\Windows\System\gDtRxAH.exe
  C:\Windows\System\gDtRxAH.exe
  2⤵
  PID:7800
- C:\Windows\System\kSJmuXF.exe
  C:\Windows\System\kSJmuXF.exe
  2⤵
  PID:7836
- C:\Windows\System\PYtRrdH.exe
  C:\Windows\System\PYtRrdH.exe
  2⤵
  PID:7744
- C:\Windows\System\cOVLYEE.exe
  C:\Windows\System\cOVLYEE.exe
  2⤵
  PID:7784
- C:\Windows\System\FWFPuWJ.exe
  C:\Windows\System\FWFPuWJ.exe
  2⤵
  PID:7848
- C:\Windows\System\JdhSFxX.exe
  C:\Windows\System\JdhSFxX.exe
  2⤵
  PID:7872
- C:\Windows\System\mpkIgNN.exe
  C:\Windows\System\mpkIgNN.exe
  2⤵
  PID:7952
- C:\Windows\System\npvneke.exe
  C:\Windows\System\npvneke.exe
  2⤵
  PID:7992
- C:\Windows\System\ksbbRwV.exe
  C:\Windows\System\ksbbRwV.exe
  2⤵
  PID:7908
- C:\Windows\System\cuAfPxl.exe
  C:\Windows\System\cuAfPxl.exe
  2⤵
  PID:7976
- C:\Windows\System\CnqXHkR.exe
  C:\Windows\System\CnqXHkR.exe
  2⤵
  PID:8040
- C:\Windows\System\aOcvGPm.exe
  C:\Windows\System\aOcvGPm.exe
  2⤵
  PID:8076
- C:\Windows\System\OCORKlL.exe
  C:\Windows\System\OCORKlL.exe
  2⤵
  PID:8124
- C:\Windows\System\KJEsYTD.exe
  C:\Windows\System\KJEsYTD.exe
  2⤵
  PID:8188
- C:\Windows\System\tLveMRn.exe
  C:\Windows\System\tLveMRn.exe
  2⤵
  PID:7216
- C:\Windows\System\zpcxkih.exe
  C:\Windows\System\zpcxkih.exe
  2⤵
  PID:7248
- C:\Windows\System\QqKlKUt.exe
  C:\Windows\System\QqKlKUt.exe
  2⤵
  PID:7344
- C:\Windows\System\IKCWEuk.exe
  C:\Windows\System\IKCWEuk.exe
  2⤵
  PID:7552
- C:\Windows\System\QcmWXoJ.exe
  C:\Windows\System\QcmWXoJ.exe
  2⤵
  PID:7644
- C:\Windows\System\muaFUsQ.exe
  C:\Windows\System\muaFUsQ.exe
  2⤵
  PID:7608
- C:\Windows\System\aMURhHF.exe
  C:\Windows\System\aMURhHF.exe
  2⤵
  PID:7304
- C:\Windows\System\NjKIvYs.exe
  C:\Windows\System\NjKIvYs.exe
  2⤵
  PID:7372
- C:\Windows\System\jAuVRMf.exe
  C:\Windows\System\jAuVRMf.exe
  2⤵
  PID:7508
- C:\Windows\System\IrZkZMG.exe
  C:\Windows\System\IrZkZMG.exe
  2⤵
  PID:7624
- C:\Windows\System\leNIONi.exe
  C:\Windows\System\leNIONi.exe
  2⤵
  PID:7712
- C:\Windows\System\VnSVuIc.exe
  C:\Windows\System\VnSVuIc.exe
  2⤵
  PID:7832
- C:\Windows\System\hmDxfAK.exe
  C:\Windows\System\hmDxfAK.exe
  2⤵
  PID:7844
- C:\Windows\System\eQRmzfE.exe
  C:\Windows\System\eQRmzfE.exe
  2⤵
  PID:8072
- C:\Windows\System\MLTUUxF.exe
  C:\Windows\System\MLTUUxF.exe
  2⤵
  PID:8068
- C:\Windows\System\COMWnvc.exe
  C:\Windows\System\COMWnvc.exe
  2⤵
  PID:8108
- C:\Windows\System\ELXEkal.exe
  C:\Windows\System\ELXEkal.exe
  2⤵
  PID:8088
- C:\Windows\System\bWFoBwj.exe
  C:\Windows\System\bWFoBwj.exe
  2⤵
  PID:6632
- C:\Windows\System\xfhAEWk.exe
  C:\Windows\System\xfhAEWk.exe
  2⤵
  PID:6784
- C:\Windows\System\xPZREqh.exe
  C:\Windows\System\xPZREqh.exe
  2⤵
  PID:7288
- C:\Windows\System\EvhByYJ.exe
  C:\Windows\System\EvhByYJ.exe
  2⤵
  PID:7472
- C:\Windows\System\AONFelS.exe
  C:\Windows\System\AONFelS.exe
  2⤵
  PID:7696
- C:\Windows\System\cbYGujC.exe
  C:\Windows\System\cbYGujC.exe
  2⤵
  PID:7424
- C:\Windows\System\LxRxMxI.exe
  C:\Windows\System\LxRxMxI.exe
  2⤵
  PID:7792
- C:\Windows\System\ddbmBDc.exe
  C:\Windows\System\ddbmBDc.exe
  2⤵
  PID:7312
- C:\Windows\System\AUHfXiN.exe
  C:\Windows\System\AUHfXiN.exe
  2⤵
  PID:7752
- C:\Windows\System\vNaBzDq.exe
  C:\Windows\System\vNaBzDq.exe
  2⤵
  PID:8008
- C:\Windows\System\PzYyxxP.exe
  C:\Windows\System\PzYyxxP.exe
  2⤵
  PID:8092
- C:\Windows\System\jtcVssR.exe
  C:\Windows\System\jtcVssR.exe
  2⤵
  PID:7856
- C:\Windows\System\DbmzWUj.exe
  C:\Windows\System\DbmzWUj.exe
  2⤵
  PID:8136
- C:\Windows\System\IrCYoEW.exe
  C:\Windows\System\IrCYoEW.exe
  2⤵
  PID:7604
- C:\Windows\System\TSXiuAD.exe
  C:\Windows\System\TSXiuAD.exe
  2⤵
  PID:7764
- C:\Windows\System\VlbGMRN.exe
  C:\Windows\System\VlbGMRN.exe
  2⤵
  PID:7940
- C:\Windows\System\VFNrTzg.exe
  C:\Windows\System\VFNrTzg.exe
  2⤵
  PID:8052
- C:\Windows\System\GUeUWEo.exe
  C:\Windows\System\GUeUWEo.exe
  2⤵
  PID:7220
- C:\Windows\System\QPDRuES.exe
  C:\Windows\System\QPDRuES.exe
  2⤵
  PID:8152
- C:\Windows\System\rZeLYbV.exe
  C:\Windows\System\rZeLYbV.exe
  2⤵
  PID:7284
- C:\Windows\System\yHtYqMJ.exe
  C:\Windows\System\yHtYqMJ.exe
  2⤵
  PID:8120
- C:\Windows\System\BWbEKzr.exe
  C:\Windows\System\BWbEKzr.exe
  2⤵
  PID:7540
- C:\Windows\System\pWHoUKY.exe
  C:\Windows\System\pWHoUKY.exe
  2⤵
  PID:7780
- C:\Windows\System\QMPhZdT.exe
  C:\Windows\System\QMPhZdT.exe
  2⤵
  PID:7456
- C:\Windows\System\PvRvEbP.exe
  C:\Windows\System\PvRvEbP.exe
  2⤵
  PID:8204
- C:\Windows\System\vrujXSk.exe
  C:\Windows\System\vrujXSk.exe
  2⤵
  PID:8220
- C:\Windows\System\dgEjRQP.exe
  C:\Windows\System\dgEjRQP.exe
  2⤵
  PID:8236
- C:\Windows\System\iKanIId.exe
  C:\Windows\System\iKanIId.exe
  2⤵
  PID:8252
- C:\Windows\System\gQUqcTp.exe
  C:\Windows\System\gQUqcTp.exe
  2⤵
  PID:8268
- C:\Windows\System\UzxSoOe.exe
  C:\Windows\System\UzxSoOe.exe
  2⤵
  PID:8288
- C:\Windows\System\AJYcrls.exe
  C:\Windows\System\AJYcrls.exe
  2⤵
  PID:8304
- C:\Windows\System\iLgTCvK.exe
  C:\Windows\System\iLgTCvK.exe
  2⤵
  PID:8320
- C:\Windows\System\OFCZlrY.exe
  C:\Windows\System\OFCZlrY.exe
  2⤵
  PID:8340
- C:\Windows\System\lpecKNC.exe
  C:\Windows\System\lpecKNC.exe
  2⤵
  PID:8364
- C:\Windows\System\lEnTZHT.exe
  C:\Windows\System\lEnTZHT.exe
  2⤵
  PID:8380
- C:\Windows\System\MYchALi.exe
  C:\Windows\System\MYchALi.exe
  2⤵
  PID:8396
- C:\Windows\System\LKDkAET.exe
  C:\Windows\System\LKDkAET.exe
  2⤵
  PID:8412
- C:\Windows\System\RWXONgu.exe
  C:\Windows\System\RWXONgu.exe
  2⤵
  PID:8440
- C:\Windows\System\NoIngPU.exe
  C:\Windows\System\NoIngPU.exe
  2⤵
  PID:8464
- C:\Windows\System\zAuaXvz.exe
  C:\Windows\System\zAuaXvz.exe
  2⤵
  PID:8512
- C:\Windows\System\NZRCwxD.exe
  C:\Windows\System\NZRCwxD.exe
  2⤵
  PID:8528
- C:\Windows\System\aGjpsVV.exe
  C:\Windows\System\aGjpsVV.exe
  2⤵
  PID:8544
- C:\Windows\System\JetcHeE.exe
  C:\Windows\System\JetcHeE.exe
  2⤵
  PID:8560
- C:\Windows\System\PJEKLSi.exe
  C:\Windows\System\PJEKLSi.exe
  2⤵
  PID:8668
- C:\Windows\System\JqeHkiu.exe
  C:\Windows\System\JqeHkiu.exe
  2⤵
  PID:8696
- C:\Windows\System\zTxlKbe.exe
  C:\Windows\System\zTxlKbe.exe
  2⤵
  PID:8840
- C:\Windows\System\IBeElsF.exe
  C:\Windows\System\IBeElsF.exe
  2⤵
  PID:8860
- C:\Windows\System\suhfbDV.exe
  C:\Windows\System\suhfbDV.exe
  2⤵
  PID:8876
- C:\Windows\System\oOcpYrO.exe
  C:\Windows\System\oOcpYrO.exe
  2⤵
  PID:8892
- C:\Windows\System\PrxyjeC.exe
  C:\Windows\System\PrxyjeC.exe
  2⤵
  PID:8912
- C:\Windows\System\FyPgAHs.exe
  C:\Windows\System\FyPgAHs.exe
  2⤵
  PID:8932
- C:\Windows\System\stbmrwC.exe
  C:\Windows\System\stbmrwC.exe
  2⤵
  PID:8948
- C:\Windows\System\nsdqOsu.exe
  C:\Windows\System\nsdqOsu.exe
  2⤵
  PID:8972
- C:\Windows\System\anyshqG.exe
  C:\Windows\System\anyshqG.exe
  2⤵
  PID:8992
- C:\Windows\System\KUWQMyd.exe
  C:\Windows\System\KUWQMyd.exe
  2⤵
  PID:9008
- C:\Windows\System\rWutgIw.exe
  C:\Windows\System\rWutgIw.exe
  2⤵
  PID:9028
- C:\Windows\System\EIxBJch.exe
  C:\Windows\System\EIxBJch.exe
  2⤵
  PID:9048
- C:\Windows\System\PloulMS.exe
  C:\Windows\System\PloulMS.exe
  2⤵
  PID:9064
- C:\Windows\System\XSzHquL.exe
  C:\Windows\System\XSzHquL.exe
  2⤵
  PID:9084
- C:\Windows\System\PUZaidM.exe
  C:\Windows\System\PUZaidM.exe
  2⤵
  PID:9108
- C:\Windows\System\uRKZqFS.exe
  C:\Windows\System\uRKZqFS.exe
  2⤵
  PID:9124
- C:\Windows\System\ngynSxN.exe
  C:\Windows\System\ngynSxN.exe
  2⤵
  PID:9140
- C:\Windows\System\NELTaBM.exe
  C:\Windows\System\NELTaBM.exe
  2⤵
  PID:9156
- C:\Windows\System\BcCylcn.exe
  C:\Windows\System\BcCylcn.exe
  2⤵
  PID:9172
- C:\Windows\System\xmuruOh.exe
  C:\Windows\System\xmuruOh.exe
  2⤵
  PID:9208
- C:\Windows\System\WasMOVS.exe
  C:\Windows\System\WasMOVS.exe
  2⤵
  PID:8244
- C:\Windows\System\oLrBecK.exe
  C:\Windows\System\oLrBecK.exe
  2⤵
  PID:8200
- C:\Windows\System\wSFuDmj.exe
  C:\Windows\System\wSFuDmj.exe
  2⤵
  PID:8232
- C:\Windows\System\RITgJoD.exe
  C:\Windows\System\RITgJoD.exe
  2⤵
  PID:8332
- C:\Windows\System\LTIJpZR.exe
  C:\Windows\System\LTIJpZR.exe
  2⤵
  PID:8356
- C:\Windows\System\vUfLJgQ.exe
  C:\Windows\System\vUfLJgQ.exe
  2⤵
  PID:8376
- C:\Windows\System\JUsRxLi.exe
  C:\Windows\System\JUsRxLi.exe
  2⤵
  PID:8424
- C:\Windows\System\qkuRkXE.exe
  C:\Windows\System\qkuRkXE.exe
  2⤵
  PID:8460
- C:\Windows\System\fCWPwoT.exe
  C:\Windows\System\fCWPwoT.exe
  2⤵
  PID:8284
- C:\Windows\System\DmKOgng.exe
  C:\Windows\System\DmKOgng.exe
  2⤵
  PID:8536
- C:\Windows\System\toVuGQB.exe
  C:\Windows\System\toVuGQB.exe
  2⤵
  PID:8568
- C:\Windows\System\GIKQElP.exe
  C:\Windows\System\GIKQElP.exe
  2⤵
  PID:8612
- C:\Windows\System\myQfecy.exe
  C:\Windows\System\myQfecy.exe
  2⤵
  PID:8628
- C:\Windows\System\GUKCNVX.exe
  C:\Windows\System\GUKCNVX.exe
  2⤵
  PID:8648
- C:\Windows\System\mqmaFXn.exe
  C:\Windows\System\mqmaFXn.exe
  2⤵
  PID:8660
- C:\Windows\System\WDsORBu.exe
  C:\Windows\System\WDsORBu.exe
  2⤵
  PID:8692
- C:\Windows\System\dizywUx.exe
  C:\Windows\System\dizywUx.exe
  2⤵
  PID:8720
- C:\Windows\System\idHlLzi.exe
  C:\Windows\System\idHlLzi.exe
  2⤵
  PID:8736
- C:\Windows\System\edkecog.exe
  C:\Windows\System\edkecog.exe
  2⤵
  PID:8752
- C:\Windows\System\IXJkEgb.exe
  C:\Windows\System\IXJkEgb.exe
  2⤵
  PID:8772
- C:\Windows\System\dAarLni.exe
  C:\Windows\System\dAarLni.exe
  2⤵
  PID:8788
- C:\Windows\System\iPxlmdl.exe
  C:\Windows\System\iPxlmdl.exe
  2⤵
  PID:8804
- C:\Windows\System\TGGCtjr.exe
  C:\Windows\System\TGGCtjr.exe
  2⤵
  PID:8848
- C:\Windows\System\zgRxrbg.exe
  C:\Windows\System\zgRxrbg.exe
  2⤵
  PID:8884
- C:\Windows\System\rchkVyp.exe
  C:\Windows\System\rchkVyp.exe
  2⤵
  PID:8908
- C:\Windows\System\hLaRlqw.exe
  C:\Windows\System\hLaRlqw.exe
  2⤵
  PID:9016
- C:\Windows\System\ZRgikbX.exe
  C:\Windows\System\ZRgikbX.exe
  2⤵
  PID:8924
- C:\Windows\System\lGgXIbW.exe
  C:\Windows\System\lGgXIbW.exe
  2⤵
  PID:9036
- C:\Windows\System\jloyMNL.exe
  C:\Windows\System\jloyMNL.exe
  2⤵
  PID:9044
- C:\Windows\System\hSAolnZ.exe
  C:\Windows\System\hSAolnZ.exe
  2⤵
  PID:9104
- C:\Windows\System\xqoQpBO.exe
  C:\Windows\System\xqoQpBO.exe
  2⤵
  PID:9116
- C:\Windows\System\FTFuEPC.exe
  C:\Windows\System\FTFuEPC.exe
  2⤵
  PID:9188
- C:\Windows\System\xwDRhmk.exe
  C:\Windows\System\xwDRhmk.exe
  2⤵
  PID:9200
- C:\Windows\System\dOopJko.exe
  C:\Windows\System\dOopJko.exe
  2⤵
  PID:7236
- C:\Windows\System\MvNepZC.exe
  C:\Windows\System\MvNepZC.exe
  2⤵
  PID:8312
- C:\Windows\System\FKGaOyN.exe
  C:\Windows\System\FKGaOyN.exe
  2⤵
  PID:8260
- C:\Windows\System\LFXYtzv.exe
  C:\Windows\System\LFXYtzv.exe
  2⤵
  PID:8408
- C:\Windows\System\dRIelXc.exe
  C:\Windows\System\dRIelXc.exe
  2⤵
  PID:8592
- C:\Windows\System\LwxrUFV.exe
  C:\Windows\System\LwxrUFV.exe
  2⤵
  PID:8712
- C:\Windows\System\yMJVcyh.exe
  C:\Windows\System\yMJVcyh.exe
  2⤵
  PID:8744
- C:\Windows\System\DabWgsQ.exe
  C:\Windows\System\DabWgsQ.exe
  2⤵
  PID:8644
- C:\Windows\System\ApVdKgf.exe
  C:\Windows\System\ApVdKgf.exe
  2⤵
  PID:8704
- C:\Windows\System\qpUFEyf.exe
  C:\Windows\System\qpUFEyf.exe
  2⤵
  PID:8764
- C:\Windows\System\NnLdDUJ.exe
  C:\Windows\System\NnLdDUJ.exe
  2⤵
  PID:8728
- C:\Windows\System\yrKSXXa.exe
  C:\Windows\System\yrKSXXa.exe
  2⤵
  PID:8868
- C:\Windows\System\pdJzHhS.exe
  C:\Windows\System\pdJzHhS.exe
  2⤵
  PID:8944
- C:\Windows\System\bRoLTkI.exe
  C:\Windows\System\bRoLTkI.exe
  2⤵
  PID:8988
- C:\Windows\System\zteucIU.exe
  C:\Windows\System\zteucIU.exe
  2⤵
  PID:9060
- C:\Windows\System\vGIkZxf.exe
  C:\Windows\System\vGIkZxf.exe
  2⤵
  PID:9136
- C:\Windows\System\ICaaLsl.exe
  C:\Windows\System\ICaaLsl.exe
  2⤵
  PID:9152
- C:\Windows\System\lBZxCyk.exe
  C:\Windows\System\lBZxCyk.exe
  2⤵
  PID:8024
- C:\Windows\System\DfJliwJ.exe
  C:\Windows\System\DfJliwJ.exe
  2⤵
  PID:9204
- C:\Windows\System\chqQWKM.exe
  C:\Windows\System\chqQWKM.exe
  2⤵
  PID:8336
- C:\Windows\System\jduOyWC.exe
  C:\Windows\System\jduOyWC.exe
  2⤵
  PID:8552
- C:\Windows\System\mJDPIcw.exe
  C:\Windows\System\mJDPIcw.exe
  2⤵
  PID:8616
- C:\Windows\System\PUnDwoo.exe
  C:\Windows\System\PUnDwoo.exe
  2⤵
  PID:8708
- C:\Windows\System\kNvpWXl.exe
  C:\Windows\System\kNvpWXl.exe
  2⤵
  PID:8732
- C:\Windows\System\KQGhuxa.exe
  C:\Windows\System\KQGhuxa.exe
  2⤵
  PID:8800
- C:\Windows\System\zMSsUuq.exe
  C:\Windows\System\zMSsUuq.exe
  2⤵
  PID:8920
- C:\Windows\System\bEETOvt.exe
  C:\Windows\System\bEETOvt.exe
  2⤵
  PID:8964
- C:\Windows\System\fYoJdXT.exe
  C:\Windows\System\fYoJdXT.exe
  2⤵
  PID:9004
- C:\Windows\System\QjoyzOW.exe
  C:\Windows\System\QjoyzOW.exe
  2⤵
  PID:9180
- C:\Windows\System\OqqmbOd.exe
  C:\Windows\System\OqqmbOd.exe
  2⤵
  PID:8664
- C:\Windows\System\xGpuoiY.exe
  C:\Windows\System\xGpuoiY.exe
  2⤵
  PID:8624
- C:\Windows\System\yZjTynT.exe
  C:\Windows\System\yZjTynT.exe
  2⤵
  PID:8228
- C:\Windows\System\QWiZbMB.exe
  C:\Windows\System\QWiZbMB.exe
  2⤵
  PID:8832
- C:\Windows\System\KRQSvMl.exe
  C:\Windows\System\KRQSvMl.exe
  2⤵
  PID:8928
- C:\Windows\System\ZInWJOy.exe
  C:\Windows\System\ZInWJOy.exe
  2⤵
  PID:8904
- C:\Windows\System\byGzsZd.exe
  C:\Windows\System\byGzsZd.exe
  2⤵
  PID:8540
- C:\Windows\System\qVNLWyD.exe
  C:\Windows\System\qVNLWyD.exe
  2⤵
  PID:8676
- C:\Windows\System\ZoVzjGv.exe
  C:\Windows\System\ZoVzjGv.exe
  2⤵
  PID:8856
- C:\Windows\System\ZmzQkJA.exe
  C:\Windows\System\ZmzQkJA.exe
  2⤵
  PID:8792
- C:\Windows\System\vkaTHDL.exe
  C:\Windows\System\vkaTHDL.exe
  2⤵
  PID:9164
- C:\Windows\System\sJXXjdZ.exe
  C:\Windows\System\sJXXjdZ.exe
  2⤵
  PID:8404
- C:\Windows\System\lPhXoqv.exe
  C:\Windows\System\lPhXoqv.exe
  2⤵
  PID:8980
- C:\Windows\System\dVSbktl.exe
  C:\Windows\System\dVSbktl.exe
  2⤵
  PID:8212
- C:\Windows\System\NsMioOb.exe
  C:\Windows\System\NsMioOb.exe
  2⤵
  PID:9040
- C:\Windows\System\AshPvwd.exe
  C:\Windows\System\AshPvwd.exe
  2⤵
  PID:8452
- C:\Windows\System\LgpxsXo.exe
  C:\Windows\System\LgpxsXo.exe
  2⤵
  PID:9240
- C:\Windows\System\uAeReBI.exe
  C:\Windows\System\uAeReBI.exe
  2⤵
  PID:9260
- C:\Windows\System\chsencE.exe
  C:\Windows\System\chsencE.exe
  2⤵
  PID:9276
- C:\Windows\System\aSFRsrc.exe
  C:\Windows\System\aSFRsrc.exe
  2⤵
  PID:9296
- C:\Windows\System\ypAmfGA.exe
  C:\Windows\System\ypAmfGA.exe
  2⤵
  PID:9316
- C:\Windows\System\KtdCWPI.exe
  C:\Windows\System\KtdCWPI.exe
  2⤵
  PID:9336
- C:\Windows\System\eucfSAS.exe
  C:\Windows\System\eucfSAS.exe
  2⤵
  PID:9352
- C:\Windows\System\SyAgZTE.exe
  C:\Windows\System\SyAgZTE.exe
  2⤵
  PID:9380
- C:\Windows\System\qeBNKcu.exe
  C:\Windows\System\qeBNKcu.exe
  2⤵
  PID:9396
- C:\Windows\System\gXsDrEq.exe
  C:\Windows\System\gXsDrEq.exe
  2⤵
  PID:9416
- C:\Windows\System\HHASIMZ.exe
  C:\Windows\System\HHASIMZ.exe
  2⤵
  PID:9436
- C:\Windows\System\XEnXhWp.exe
  C:\Windows\System\XEnXhWp.exe
  2⤵
  PID:9460
- C:\Windows\System\aXwWNPh.exe
  C:\Windows\System\aXwWNPh.exe
  2⤵
  PID:9476
- C:\Windows\System\BJYypSV.exe
  C:\Windows\System\BJYypSV.exe
  2⤵
  PID:9492
- C:\Windows\System\QHtzUNR.exe
  C:\Windows\System\QHtzUNR.exe
  2⤵
  PID:9520
- C:\Windows\System\JANehoZ.exe
  C:\Windows\System\JANehoZ.exe
  2⤵
  PID:9544
- C:\Windows\System\wvhHKbo.exe
  C:\Windows\System\wvhHKbo.exe
  2⤵
  PID:9564
- C:\Windows\System\SYUnoqO.exe
  C:\Windows\System\SYUnoqO.exe
  2⤵
  PID:9580
- C:\Windows\System\dZcEZts.exe
  C:\Windows\System\dZcEZts.exe
  2⤵
  PID:9604
- C:\Windows\System\OjrkIDj.exe
  C:\Windows\System\OjrkIDj.exe
  2⤵
  PID:9628
- C:\Windows\System\MZRDtUO.exe
  C:\Windows\System\MZRDtUO.exe
  2⤵
  PID:9644
- C:\Windows\System\vQhbpUe.exe
  C:\Windows\System\vQhbpUe.exe
  2⤵
  PID:9664
- C:\Windows\System\bkDDzfC.exe
  C:\Windows\System\bkDDzfC.exe
  2⤵
  PID:9684
- C:\Windows\System\IydDIHW.exe
  C:\Windows\System\IydDIHW.exe
  2⤵
  PID:9704
- C:\Windows\System\DlkSvqk.exe
  C:\Windows\System\DlkSvqk.exe
  2⤵
  PID:9728
- C:\Windows\System\HGsMVBj.exe
  C:\Windows\System\HGsMVBj.exe
  2⤵
  PID:9744
- C:\Windows\System\ByLJyUR.exe
  C:\Windows\System\ByLJyUR.exe
  2⤵
  PID:9764
- C:\Windows\System\orjytvr.exe
  C:\Windows\System\orjytvr.exe
  2⤵
  PID:9784
- C:\Windows\System\GBjlUOd.exe
  C:\Windows\System\GBjlUOd.exe
  2⤵
  PID:9804
- C:\Windows\System\YKiBQeT.exe
  C:\Windows\System\YKiBQeT.exe
  2⤵
  PID:9820
- C:\Windows\System\mXeLTTT.exe
  C:\Windows\System\mXeLTTT.exe
  2⤵
  PID:9844
- C:\Windows\System\lzZjHsF.exe
  C:\Windows\System\lzZjHsF.exe
  2⤵
  PID:9868
- C:\Windows\System\eyUYkYH.exe
  C:\Windows\System\eyUYkYH.exe
  2⤵
  PID:9888
- C:\Windows\System\bYjzHWG.exe
  C:\Windows\System\bYjzHWG.exe
  2⤵
  PID:9904
- C:\Windows\System\yxIVBeS.exe
  C:\Windows\System\yxIVBeS.exe
  2⤵
  PID:9924
- C:\Windows\System\MIcEOLL.exe
  C:\Windows\System\MIcEOLL.exe
  2⤵
  PID:9940
- C:\Windows\System\AwfByYO.exe
  C:\Windows\System\AwfByYO.exe
  2⤵
  PID:9956
- C:\Windows\System\PQOOsyQ.exe
  C:\Windows\System\PQOOsyQ.exe
  2⤵
  PID:9980
- C:\Windows\System\sDxApAy.exe
  C:\Windows\System\sDxApAy.exe
  2⤵
  PID:10000
- C:\Windows\System\fEDjGdd.exe
  C:\Windows\System\fEDjGdd.exe
  2⤵
  PID:10016
- C:\Windows\System\oVccSei.exe
  C:\Windows\System\oVccSei.exe
  2⤵
  PID:10044
- C:\Windows\System\rvzJfKJ.exe
  C:\Windows\System\rvzJfKJ.exe
  2⤵
  PID:10064
- C:\Windows\System\eCGCUdO.exe
  C:\Windows\System\eCGCUdO.exe
  2⤵
  PID:10080
- C:\Windows\System\yFcbeuS.exe
  C:\Windows\System\yFcbeuS.exe
  2⤵
  PID:10100
- C:\Windows\System\Bsulaxt.exe
  C:\Windows\System\Bsulaxt.exe
  2⤵
  PID:10116
- C:\Windows\System\fzPzkkA.exe
  C:\Windows\System\fzPzkkA.exe
  2⤵
  PID:10136
- C:\Windows\System\ITosjSZ.exe
  C:\Windows\System\ITosjSZ.exe
  2⤵
  PID:10160
- C:\Windows\System\GPQbpmr.exe
  C:\Windows\System\GPQbpmr.exe
  2⤵
  PID:10176
- C:\Windows\System\GVjovbl.exe
  C:\Windows\System\GVjovbl.exe
  2⤵
  PID:10208
- C:\Windows\System\jRuJxbH.exe
  C:\Windows\System\jRuJxbH.exe
  2⤵
  PID:10224
- C:\Windows\System\GOfbfMP.exe
  C:\Windows\System\GOfbfMP.exe
  2⤵
  PID:9224
- C:\Windows\System\iRBxoRH.exe
  C:\Windows\System\iRBxoRH.exe
  2⤵
  PID:9248
- C:\Windows\System\qvlPDAj.exe
  C:\Windows\System\qvlPDAj.exe
  2⤵
  PID:9292
- C:\Windows\System\EEaiYTY.exe
  C:\Windows\System\EEaiYTY.exe
  2⤵
  PID:9324
- C:\Windows\System\NHKmPux.exe
  C:\Windows\System\NHKmPux.exe
  2⤵
  PID:9348
- C:\Windows\System\SkUtiTJ.exe
  C:\Windows\System\SkUtiTJ.exe
  2⤵
  PID:9372
- C:\Windows\System\kimDaBG.exe
  C:\Windows\System\kimDaBG.exe
  2⤵
  PID:9408
- C:\Windows\System\lQLjtMt.exe
  C:\Windows\System\lQLjtMt.exe
  2⤵
  PID:9444
- C:\Windows\System\qzTdUWG.exe
  C:\Windows\System\qzTdUWG.exe
  2⤵
  PID:9452
- C:\Windows\System\DHucSNH.exe
  C:\Windows\System\DHucSNH.exe
  2⤵
  PID:9508
- C:\Windows\System\eQTBWhh.exe
  C:\Windows\System\eQTBWhh.exe
  2⤵
  PID:9540
- C:\Windows\System\QwLUebL.exe
  C:\Windows\System\QwLUebL.exe
  2⤵
  PID:9572
- C:\Windows\System\nhjlSNM.exe
  C:\Windows\System\nhjlSNM.exe
  2⤵
  PID:9612
- C:\Windows\System\LEBrZbe.exe
  C:\Windows\System\LEBrZbe.exe
  2⤵
  PID:9656
- C:\Windows\System\bEdNAnc.exe
  C:\Windows\System\bEdNAnc.exe
  2⤵
  PID:9692
- C:\Windows\System\rxmgLSL.exe
  C:\Windows\System\rxmgLSL.exe
  2⤵
  PID:9720
- C:\Windows\System\DBCELir.exe
  C:\Windows\System\DBCELir.exe
  2⤵
  PID:9760
- C:\Windows\System\Xmitdka.exe
  C:\Windows\System\Xmitdka.exe
  2⤵
  PID:9776
- C:\Windows\System\IHbuCRx.exe
  C:\Windows\System\IHbuCRx.exe
  2⤵
  PID:9840
- C:\Windows\System\gYfqLNA.exe
  C:\Windows\System\gYfqLNA.exe
  2⤵
  PID:9860
- C:\Windows\System\QzcWGWP.exe
  C:\Windows\System\QzcWGWP.exe
  2⤵
  PID:9884
- C:\Windows\System\GlDeSAy.exe
  C:\Windows\System\GlDeSAy.exe
  2⤵
  PID:9916
- C:\Windows\System\BjIGNhU.exe
  C:\Windows\System\BjIGNhU.exe
  2⤵
  PID:9988
- C:\Windows\System\PKiOaGE.exe
  C:\Windows\System\PKiOaGE.exe
  2⤵
  PID:9992
- C:\Windows\System\iWUqttz.exe
  C:\Windows\System\iWUqttz.exe
  2⤵
  PID:10028
- C:\Windows\System\LhKltzU.exe
  C:\Windows\System\LhKltzU.exe
  2⤵
  PID:10092
- C:\Windows\System\kMvREok.exe
  C:\Windows\System\kMvREok.exe
  2⤵
  PID:10124
- C:\Windows\System\YKNnkJT.exe
  C:\Windows\System\YKNnkJT.exe
  2⤵
  PID:10108
- C:\Windows\System\HsFogWj.exe
  C:\Windows\System\HsFogWj.exe
  2⤵
  PID:10148
- C:\Windows\System\yKeSqPE.exe
  C:\Windows\System\yKeSqPE.exe
  2⤵
  PID:10196
- C:\Windows\System\GxaAJzS.exe
  C:\Windows\System\GxaAJzS.exe
  2⤵
  PID:10232
- C:\Windows\System\UsgUmBZ.exe
  C:\Windows\System\UsgUmBZ.exe
  2⤵
  PID:9268
- C:\Windows\System\xqLOPET.exe
  C:\Windows\System\xqLOPET.exe
  2⤵
  PID:9368
- C:\Windows\System\gHZGvmW.exe
  C:\Windows\System\gHZGvmW.exe
  2⤵
  PID:9484
- C:\Windows\System\XiADBdP.exe
  C:\Windows\System\XiADBdP.exe
  2⤵
  PID:9556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AGDykwO.exe

Filesize
6.0MB

MD5
8c899376e978e94ccbe99ca0a68da23b

SHA1
f5e7edaa4506f209f2ad8fb8a9840ddb87727ff1

SHA256
41d1bc6f5070a4509f494f4b6b99809be493ab81f0d8f3beadc6239d3b410492

SHA512
f9df0632374ff8ed77efa8125c056b10347bf44cbf1524a0d861e2dbe9ee6f73934394fab1dc775d118f9b15cd39be2e70ba17cec2eb0f6897214495200e8be6

Download Submit
C:\Windows\system\BzdefXA.exe

Filesize
6.0MB

MD5
d6eaec2919131ac26a73c7fc921b3676

SHA1
e67b40bae4fd1f085f0a4cc697dfc37705030542

SHA256
45a68ed79e139555ed01c22c7510184883c8edad5ae5921ec75c68a001a9a997

SHA512
b65f4ea317c4da85d2e1664336f146481822207563d47284f90499b7c55ec95eb5252069fd624d59937e557b105dae59e5d171870122e8cfde4f5300b739bf5b

Download Submit
C:\Windows\system\CKOHrUT.exe

Filesize
6.0MB

MD5
4eed785be1c2150f1a892803b011f475

SHA1
4189f601b83fcfd6bab8a32e96f818d2f97fc920

SHA256
a0fe004bda294596ec47dc161aebff2f311e2ef2c8a3e16366736d0f6590407a

SHA512
203969b4c94aaa5ba0221273722a4bd3ee879c201aa636c5f11a8d9e66d3eb7a9a2be2778db37d87db78b0b83705ee6476a9551a41bbdbaa1c1380c766a77594

Download Submit
C:\Windows\system\CvULMgt.exe

Filesize
6.0MB

MD5
5cce7cf59ce2078466b24a3b85d5217a

SHA1
58073c4e14ad5e5005e28f14586bd4a02b0ad608

SHA256
e50e0f75d3284e0dca62507f870c5276cde0c4a2ba79b76726d71da8734a7ff8

SHA512
19de048352b482e1425171aeb76e0e8cf68003d9034f382072df4a6350d08791b9b5466ed92c55895f931afba11cbc78b84fe8e2420878b578ecf2706d740ced

Download Submit
C:\Windows\system\DIjKZXm.exe

Filesize
6.0MB

MD5
1758655bc5b088bd951db5a335bf750e

SHA1
269e288022135b3f210d6fe692bbf1a6a32392df

SHA256
ba142bfdd5df193c47c60948b04e166cc7c99c2757c3bf5d8dc7e1bb26e03833

SHA512
912bfd55ef09347379036bd4b1165ad8afe418df8c332841d1b7353e87a3e1f9906acf6f34e9e30a9912bf0f92032d546f98bc4f7ca2441649f5c70ee49b6d73

Download Submit
C:\Windows\system\ICwsEGx.exe

Filesize
6.0MB

MD5
8f65acab19ceacd53c1b3bb6f84fac71

SHA1
346e0d9f5fe674493c244d02748210dcd10d867f

SHA256
d15110462096cc7603f0eddb9a91a77c3269e4166678099b4c659b49695acd11

SHA512
6c511d835f4defd409ee0f1e93d3bb4e336d5c8d3459dfd016c3c598fb4ce5d78520d877cdde0df4289c1a9c19bf3b2f1c79f52a722c5f7773bbeff297bd030c

Download Submit
C:\Windows\system\JecKHSo.exe

Filesize
6.0MB

MD5
0e53b3ad65f62f7fc5893144297a3c7e

SHA1
5e2a09856cfff2fcf0ea0c56017dcdd4aded86ba

SHA256
3682378354e04f6e31d0db431dd30383d08831213d9c93441f8a78fa3007e6a9

SHA512
341aa1cdab81d7c2c0b4fa1c4b11e39c37de0faa4716bafdafdcf620f5b54a35260186a16d80405623720e45f8ac2660e90733142a19bf41297789206fa24391

Download Submit
C:\Windows\system\KiiQKOt.exe

Filesize
6.0MB

MD5
1302a86e8716f871dd9f42d2643add52

SHA1
3756bae27d8ac8d6267949dfcefed778a5feed35

SHA256
e2602979b2a908ed4e1063ab1933b9ffe29e06a4b266611ed0ba811cfa81b8b6

SHA512
044038eb1d982798f855638be1c03549eb66cbae555ea980ba0afc19bf21c913022110eb21b438ccde2871e4a05f34f4e55872fdacb3b740543724f254904aff

Download Submit
C:\Windows\system\LGoXvWL.exe

Filesize
6.0MB

MD5
081819b5d72040366648ce26e64b6f22

SHA1
ace368bba38448c0155ce8ecb7efa7fc08eba9a4

SHA256
1d4eb39a07292f0e1a419894b946c08d56674681902b2c894bd4d67288c13b24

SHA512
5c47c44f5ddd814a0611816983d9c05ecbb17b2304eda0f158afc2f9334862e713ce27407742429807f53b60b63f3ee68cd421070d965028721c6320ffc022c1

Download Submit
C:\Windows\system\LYzhzDo.exe

Filesize
6.0MB

MD5
2c93c6a7e14eb710b8905e1de65e70a2

SHA1
5bd78bcd463a891c841f9e65145ae0d127b270b0

SHA256
9848ad101af1986e75a89a3764401d94823fc4eb5e4348a028dd3fd76c805b9e

SHA512
72cfe796176e3f5eeae8381ff3f14e787bb21bfd71f31ca29ed88b2c266af65be7ddc038fc46e2c727c0e3a67c71bb8c4bbf9a5862be30372f75269b90177fa8

Download Submit
C:\Windows\system\PGYTlCj.exe

Filesize
6.0MB

MD5
93484baec577b1137879501dd4daff81

SHA1
7bd68dedbb29f878e7ca002e2e5e824cca805239

SHA256
951df8dcdb82bac778221bab3fd9b0c64660c7b23959b23e0076a7557f456709

SHA512
2620550f6df235c18ed52791003243e5b8d3615843ac8cc8f3e50aa60d9fbe6ed715dfc98802022b5b0c6a68da78004ddcf33b860d5d66dffd59b52f9e916fb9

Download Submit
C:\Windows\system\QEGyFFc.exe

Filesize
6.0MB

MD5
b51a37dfccdb380c7e0f215bb7716440

SHA1
49a14814f8d716152289c2f55f2fac6cd3cdb9f1

SHA256
9d8bc86b2f72fac17f0995341233c0bbaea05e2a47ee637a19481d14fc8c4396

SHA512
d88c6a2c0f854bdce21454206058125aa0d36e2f30aab534504bd27917262bbfce35ada017e6be91ee4732770989570bb96c0d5ef3c4658ac9a46ffda5e7820c

Download Submit
C:\Windows\system\WrlVxiQ.exe

Filesize
6.0MB

MD5
4ff81ceac6aeeccc87d47e1ab1d73c89

SHA1
6dbae83b88928b87119aa585bc65a425d2717c09

SHA256
efb0ac4ee396418c116d140e05de34c8666980e4bf46e3bbc5c3b24099e9b81e

SHA512
0bec3b49cba1bee576f7cba855c1e5bfd26ff54eb7bef460ab133618ede8cddb03688ab34cba516c3adb25b0111385b716560d77aed944c61f11272141261b77

Download Submit
C:\Windows\system\XBMDEFH.exe

Filesize
6.0MB

MD5
4254cd9677d81d3b4e699657e9dfe8f1

SHA1
0124f133c8a5f4c4feba25ce56cf3e8ba674baca

SHA256
b609d0914db2b4ff2f8c45da7a379be583a9f972a8d13830af81dcff53dc1810

SHA512
93ed2dbc0ac055fbd18de273ba5d8559bbb5da2317a8ced56e5f68ab453e32a02fd03a83fccb8274e0240e5371d05a26c21c75dcdb4a78280e53eab65d15a0c8

Download Submit
C:\Windows\system\aQAHhOK.exe

Filesize
6.0MB

MD5
7a3a55e432a848b3a977e51d92ccd452

SHA1
916d1869c7ef9c941717d3eafb933240772e1afb

SHA256
ed9f42e8f15c5eb474cf5abc00a6c1c4ccefd74d887766a3e85acca0fbc5df88

SHA512
91bc555951aea429e0e631db1d50b9817da9790a0c2d2541c17d7bebe48bee3b35e9288fe283c3472c2bc5e8ff40e0aaffff5872679c8d7ae814cde51c61e5d6

Download Submit
C:\Windows\system\bGvspxc.exe

Filesize
6.0MB

MD5
929c402e058c312d97c2803b476f6c42

SHA1
8f5d36a1c757f1b58f288e66e4f0e736df5fd668

SHA256
2c5746800bb9a9924dcfe5a7960031b6a4c19aa0cdb3763bdd7946bd100197d8

SHA512
3257709f7d97e4d8905c718de81d1e2d01c86b90339234fec804f0ed94a728477423181985356cf16f8e2dd366550a2aa9ea9d7e2282e5a496515335800dc209

Download Submit
C:\Windows\system\eVBLvYO.exe

Filesize
6.0MB

MD5
9e044f61aba03dec86301189aca56eb5

SHA1
eceb6978252af4f9f17c639dfd2a622fdca4968d

SHA256
497ce6e2f1b444458abde12ceb1a2d101c8340181f1b3fcec7fbec3a1a65e01c

SHA512
e3696bf37af9d8a02a9b25409476c1e770bb741db584071d6ac1299871a1f5de1d7d612012e83d6822cf1f77cc74ff07cebcd70bd980a1b97b358f3ec47c3262

Download Submit
C:\Windows\system\nJmlJnJ.exe

Filesize
6.0MB

MD5
874b101d96b86328781118ddf39a3d4b

SHA1
6ce58e8782157aa18f24d67d75b2e14c7af69aed

SHA256
f6cbec229cfcaeb85514aa0f705fe8e9f04bcdb8bb32c40bbb2fecadf6b8ce8f

SHA512
7575109337ecd99fdf9aace40113daea8dbb210d54a3dfddfd4e8486c0e9eeff243f63b6838e95f57a03404a19b152a91277dc142bc3cd82429cfe12e8739cba

Download Submit
C:\Windows\system\ofGhOBS.exe

Filesize
6.0MB

MD5
676f82453495910db9699a8cc0fc267a

SHA1
ff4f19f34a39575835ed8c2e1d06ce1378eee9b3

SHA256
15a1eb80d97eccf6906765d6a8912d45beb5450d8f715ec7fe62b54ced9c5701

SHA512
4502ad09ab18915ea174842fd1ffb62a539898fd1895636e4b75c47643024ae26da5f8a92378ffa4e03ee46c2a15aae792b69e1b7aba14731fdf8454895b5241

Download Submit
C:\Windows\system\sKFoFRa.exe

Filesize
6.0MB

MD5
c92a0befa1c11c4be5e61cdff400958f

SHA1
d9077952a445818caa8c14845bbbdd58647e382a

SHA256
e78f24c38ddc5ffb74943a7b1efcaacac15114a3e35b5bd5930d4412b0c9a65c

SHA512
be1c5cfd45a892d0e28b064ef4076b59acfd5c52ac55b511c7f654eaa8f12c48fb709199ddca6212907ab61c8307a380a3c8b9494062c675ba30d1ef4126c7c4

Download Submit
C:\Windows\system\wUMXsOg.exe

Filesize
6.0MB

MD5
2c7e9651c32581705fa75bbb3f88231a

SHA1
89bd14d6882cd23acfed3d318a30a93cf25a685e

SHA256
93d5a0af4fd04687e1d292e511e0bfb07127c64c0ac7dd7df948f1c8d37f6033

SHA512
4959e93feac26aa4db64cab679459914c0dedb4382ceb4e744a00baf0727cfae7030887e4a88ac94c658abbe611f07ce78d34168f7960e80a826045a658413f1

Download Submit
C:\Windows\system\waPfEFg.exe

Filesize
6.0MB

MD5
b3053b909291b3b78fc9dec619bbd166

SHA1
282d40d884dd721efee75c9fe1b9cede11be7275

SHA256
28ad17190fa204052cdf71436d8ac7c3fd684cb59de908bda86a8259db31fd06

SHA512
cd5c3da73d188c6498a2beeb256bb8f63d10da835b3ba966d4009b27ca4ea4713d6bffd4cdfeed620f3bcd3702a8e99d160f17a3ed5d799f26dcc6a604547f5d

Download Submit
C:\Windows\system\xpOTfDH.exe

Filesize
6.0MB

MD5
718d89564b36e6a596ede967e3a43526

SHA1
7446a95cc7d4aa1d02a397dab8cf5e452b9eb662

SHA256
f0d28b1df838374428a2b3b6d112842189ae52e99a53dbaf07e37ddae986d134

SHA512
943d86470fb148bfb2d6e56f0ce6b17967cb9132b9e09a057cfec3595d729ae1c04f709963622eb168a7bbffb1eec94a5e4242069be7040f65a27218cb7b8d58

Download Submit
C:\Windows\system\yDgVLBT.exe

Filesize
6.0MB

MD5
0df18f5296de377029b133ce54134789

SHA1
5369cf7928b2e5b3350e882e40ea6c4029ef9a4e

SHA256
98ae08d8fe48ad01451d9b3a6246bf98d376de2e22d7a7eb74c4e6c27af969e4

SHA512
2a84f586a366c24e7870af8c325da7f2c113e2bed0f19eb04e07353574b4b14f8c2f7bc14332c8fd86d986e008268bea02d55617ace5a59263ce602ce199852d

Download Submit
C:\Windows\system\yWVlvBA.exe

Filesize
6.0MB

MD5
e9ca7581b70d88806b998600b8975f21

SHA1
be88276589a7748b1b13c5953849938b8321a0fb

SHA256
cdd74654458ea5afba0aa02461a5a75fcf29ce5823a3a7f77f907ac8cdf2b3e4

SHA512
a5f9df27759962dc8145e43fd2f987d554c6a50671d1cb72acce1e5acb4ed1ad36b1109b3d2d5ef908dbd7459d6b57e47f2064805dd9fa92880bbecac6444c22

Download Submit
\Windows\system\JEqCDwh.exe

Filesize
6.0MB

MD5
50e276e0c26300db6f9fca6eb1b84d19

SHA1
c063407a4cc6ea68f3d6bee60854b017214e3fb2

SHA256
a0faeb3a06775b1af121cc6daa0078bbcc8048080d21ccb6ccd547811d86c2cb

SHA512
c49eb7efe462229f305221b9f9c924bf640245a7baf71da3e05be3bfac7b475511a02e0e5f6218f307414907e22abb20f23283187a7a5373b05f1e0c0f36011d

Download Submit
\Windows\system\RLOFcxY.exe

Filesize
6.0MB

MD5
9b4a59a36c5727c0f61dc72a92000d5b

SHA1
348f8627472c6d67605be90cc3ac0d94a1e55b3c

SHA256
8ca7943fedc28704d2374aeed3f1b5d17de0980d8dd693f0936c795390ccb5c6

SHA512
a7d153b5fb6aa434726ac39ab1712981c42393fa7b8920c53f8efd494b45edd2dd23b95de1d34a19f0ece0c947a1af7b2a852a34b3ec351bd0affddd88c9e2da

Download Submit
\Windows\system\XVKXknn.exe

Filesize
6.0MB

MD5
50bc1d7c319b6918b319d9a68a48a98c

SHA1
793ec4d4e4a511cff9acf253a0a231879c354066

SHA256
760bd221523e54b178fbab9547881bed115b36377f1971985b612905359e4b27

SHA512
48d1b46c650c282618d32d7e1e52e104dab3bd146d6cf023acdadd0b7e8dc6222b07bc31b2b2ccbf2c47bae1e0b93732ccc49c3467d29fe44d99643e70ff9173

Download Submit
\Windows\system\aploKlY.exe

Filesize
6.0MB

MD5
fd993be1db032aab548ac0cd85a04f54

SHA1
b5e8ccf3e92e562a8777ad5a012327108adddd3f

SHA256
31fa87e06286b45579c63b7090833b027d1cb2d79db8314a67b2a57cdacfc0fd

SHA512
958bebb6fe6746d0cad7d9d6ff8a0ccd4e4df77c9731871c9cd19ca1184362297f5e722029d9541fe3cd9ba3732be304c368447d232b87df5d0f06d068a26436

Download Submit
\Windows\system\vsdZavd.exe

Filesize
6.0MB

MD5
1fb649b639143e885a0a7cbc5159aa51

SHA1
ec844abbc902479a1b4fb6329078c07b70c9894c

SHA256
f69ed540b7385c43eb1cd5b254d5ed8c54264b46b2d74865e786eae6636173ea

SHA512
085d82d53a574444f456e68896b0a82026ab668d7f0ad4fe3541b6278bfedb7cb9feb49be3d9b8ea9390e0e615c6587c5ac711fe067fd05e145edf0ec9302366

Download Submit
\Windows\system\wxJLEqp.exe

Filesize
6.0MB

MD5
75e8016a3bd4f0cf9b3c47582638a9c4

SHA1
d50b215b69afdae078f95ace8fc0216bb3176579

SHA256
8a1fda02f115f1b3c8e4462152937b8b7c1fc604045c17b97e4365f88f7b99a4

SHA512
10ad773557343ad2f96dbb1e9570f72a365e983a47c2124241f5188cb5cfe25fe26671809265b0a409a9e5dd3352b48ff924fed4419b1fc01a76bdb7f68bdbe9

Download Submit
\Windows\system\yyXPLkh.exe

Filesize
6.0MB

MD5
7e4d33a589d8fa3d03f2f6f1767dfe3e

SHA1
544ea809189b68abc30e90ea18c6ed4495fb69e5

SHA256
da0fd8330fe9f85e9efd74a06bddff7a89a5eda957e78a7f369784c1d8a671b1

SHA512
3e9c9e469989304e9818175902fdacef88180c58183830e757f7c2cb9c68b2bb00397f0bdd8a41da734f0065301fa94dca81651e2f93f7743f9c3f1670b2372f

Download Submit
memory/536-51-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/536-103-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/800-227-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/800-62-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-92-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/1968-4042-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2132-3969-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2132-44-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2132-8-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2148-77-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-97-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2360-4045-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2488-3982-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-31-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-1001-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-4044-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-100-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-42-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2636-4002-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3961-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-53-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-14-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3983-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2752-35-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2752-88-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2884-49-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-38-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2884-104-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2884-1097-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2884-428-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2884-18-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2884-551-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-862-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-99-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2884-33-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-94-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2884-90-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2884-30-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2884-72-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-67-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2884-54-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-47-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2884-0-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-226-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-4041-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2988-65-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2988-550-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/3000-95-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/3000-4043-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/3048-57-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3990-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/3048-23-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download