cobaltstrike | 66f9ddf84d5c451f63bad344b014e166afc42edfb3e857a115620215d2fc6cfe

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-11-2024 20:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

25b6e142d6e8c88da18e51eb5789648d
SHA1

6ee2ea7e244428d37366673ec6757fed0f4177aa
SHA256

66f9ddf84d5c451f63bad344b014e166afc42edfb3e857a115620215d2fc6cfe
SHA512

4b4df607dbb1ea42808b829c0fba634de27733b19eb14a8af1fae90801a19784eeaa464f9b3ef5055bf1a8c7bbe75578da4823bd67f6b4b4b3a66cd5f728a497
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU6:T+q56utgpPF8u/76

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173a9-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017488-12.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174cc-34.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186ea-49.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018683-48.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186fd-55.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017492-47.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186e4-44.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019582-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950c-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-96.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-80.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2384-0-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x00080000000173a9-8.dat	xmrig
behavioral1/files/0x0008000000017488-12.dat	xmrig
behavioral1/files/0x00080000000174cc-34.dat	xmrig
behavioral1/files/0x00060000000186ea-49.dat	xmrig
behavioral1/memory/2780-57-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2384-62-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019431-67.dat	xmrig
behavioral1/files/0x0005000000019427-60.dat	xmrig
behavioral1/memory/2452-52-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2816-51-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2904-50-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x0006000000018683-48.dat	xmrig
behavioral1/files/0x00070000000186fd-55.dat	xmrig
behavioral1/files/0x0008000000017492-47.dat	xmrig
behavioral1/memory/2860-46-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x00060000000186e4-44.dat	xmrig
behavioral1/memory/2260-42-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2384-31-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2396-24-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2292-23-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/1156-18-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2592-1159-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2384-864-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2692-584-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2668-395-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x0005000000019623-190.dat	xmrig
behavioral1/files/0x0005000000019622-186.dat	xmrig
behavioral1/files/0x0005000000019621-181.dat	xmrig
behavioral1/files/0x000500000001961f-175.dat	xmrig
behavioral1/files/0x000500000001961d-171.dat	xmrig
behavioral1/files/0x000500000001961b-165.dat	xmrig
behavioral1/files/0x0005000000019619-161.dat	xmrig
behavioral1/files/0x0005000000019615-151.dat	xmrig
behavioral1/files/0x0005000000019617-155.dat	xmrig
behavioral1/files/0x0005000000019611-141.dat	xmrig
behavioral1/files/0x0005000000019613-144.dat	xmrig
behavioral1/files/0x0005000000019609-129.dat	xmrig
behavioral1/files/0x0005000000019582-127.dat	xmrig
behavioral1/files/0x000500000001960d-124.dat	xmrig
behavioral1/files/0x000500000001960f-132.dat	xmrig
behavioral1/memory/2644-123-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x000500000001960b-120.dat	xmrig
behavioral1/files/0x00050000000195c5-112.dat	xmrig
behavioral1/memory/2592-99-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/files/0x000500000001950c-104.dat	xmrig
behavioral1/memory/2780-97-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019461-96.dat	xmrig
behavioral1/memory/2892-92-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2384-91-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2452-90-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2816-89-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2904-88-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x000500000001944f-85.dat	xmrig
behavioral1/memory/2692-82-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019441-80.dat	xmrig
behavioral1/memory/1156-64-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2644-63-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2668-70-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2592-3767-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2692-3768-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2644-3769-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2292-3778-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2396	YqKHeDP.exe
1156	JGpSqMD.exe
2292	bwRThpS.exe
2260	trABiYE.exe
2860	KVlTOxi.exe
2904	hFZgrOX.exe
2816	Lpvylyi.exe
2452	MWpsYZR.exe
2780	CSKaziN.exe
2644	cIFJjCG.exe
2668	qLCnzGe.exe
2692	jeNTFRp.exe
2892	FrOMMTl.exe
2592	rGkLobv.exe
1996	AkDfJYm.exe
1740	uBQZZMl.exe
1492	AskdHdD.exe
768	yHLLYsh.exe
264	ICUEQoT.exe
780	FKoXPqC.exe
1712	wFTCoao.exe
576	QaamAxD.exe
1072	mhgGMcZ.exe
2188	RxynxQC.exe
2140	FJUjqGv.exe
2092	CRlIOuv.exe
2224	lPNQRhK.exe
704	dEAALxR.exe
2968	VqbJstx.exe
2604	RwcZpXd.exe
1736	IxYzOjj.exe
1884	klfhBzw.exe
628	IkPLFHj.exe
1800	dJcYQCP.exe
1376	KZrMyqw.exe
1776	zoVPGDx.exe
1700	mZRnWLF.exe
1764	bDeIAVP.exe
960	tfwOetl.exe
1392	qHrWjPs.exe
2324	zzVNqgd.exe
2236	XfYWcEh.exe
3060	uwbSuAi.exe
1188	EtDsFNh.exe
1796	tlGmTyj.exe
1888	djMKPor.exe
1636	ppaNmVk.exe
3056	HorcbjY.exe
2988	YvcfFIi.exe
2168	OocQqcZ.exe
1520	qkDDBLN.exe
1052	dBuyjdL.exe
2996	QwixDSv.exe
2112	pSrcIxm.exe
2208	GTXLmtU.exe
2768	ovpEIMb.exe
2748	BTUyTzf.exe
2952	pfFQGcB.exe
556	fHKFniU.exe
2664	lpEvqFJ.exe
3032	jersmEp.exe
604	fYdVHCa.exe
2448	jKqlPgQ.exe
1048	zXKuLjE.exe

Loads dropped DLL 64 IoCs

pid	Process
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2384-0-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/files/0x00080000000173a9-8.dat	upx
behavioral1/files/0x0008000000017488-12.dat	upx
behavioral1/files/0x00080000000174cc-34.dat	upx
behavioral1/files/0x00060000000186ea-49.dat	upx
behavioral1/memory/2780-57-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2384-62-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x0005000000019431-67.dat	upx
behavioral1/files/0x0005000000019427-60.dat	upx
behavioral1/memory/2452-52-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2816-51-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2904-50-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x0006000000018683-48.dat	upx
behavioral1/files/0x00070000000186fd-55.dat	upx
behavioral1/files/0x0008000000017492-47.dat	upx
behavioral1/memory/2860-46-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x00060000000186e4-44.dat	upx
behavioral1/memory/2260-42-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2396-24-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2292-23-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/1156-18-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2592-1159-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2692-584-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2668-395-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x0005000000019623-190.dat	upx
behavioral1/files/0x0005000000019622-186.dat	upx
behavioral1/files/0x0005000000019621-181.dat	upx
behavioral1/files/0x000500000001961f-175.dat	upx
behavioral1/files/0x000500000001961d-171.dat	upx
behavioral1/files/0x000500000001961b-165.dat	upx
behavioral1/files/0x0005000000019619-161.dat	upx
behavioral1/files/0x0005000000019615-151.dat	upx
behavioral1/files/0x0005000000019617-155.dat	upx
behavioral1/files/0x0005000000019611-141.dat	upx
behavioral1/files/0x0005000000019613-144.dat	upx
behavioral1/files/0x0005000000019609-129.dat	upx
behavioral1/files/0x0005000000019582-127.dat	upx
behavioral1/files/0x000500000001960d-124.dat	upx
behavioral1/files/0x000500000001960f-132.dat	upx
behavioral1/memory/2644-123-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x000500000001960b-120.dat	upx
behavioral1/files/0x00050000000195c5-112.dat	upx
behavioral1/memory/2592-99-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/files/0x000500000001950c-104.dat	upx
behavioral1/memory/2780-97-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/files/0x0005000000019461-96.dat	upx
behavioral1/memory/2892-92-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2452-90-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2816-89-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2904-88-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x000500000001944f-85.dat	upx
behavioral1/memory/2692-82-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x0005000000019441-80.dat	upx
behavioral1/memory/1156-64-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2644-63-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2668-70-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2592-3767-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2692-3768-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2644-3769-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2292-3778-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2668-3780-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2780-3779-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2260-3777-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pTunfbx.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ukMBXvW.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JUsuFHw.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zwCDPxp.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YSGFFhI.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UfgOLst.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PqwYydp.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zoVPGDx.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVrCvcE.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXilkCE.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krFhNXu.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzKwRGk.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EBubeFT.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wTKBUkR.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ycGAYjs.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAWCcRu.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SYhSNAH.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OZRuKbh.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zXKuLjE.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tidwTQM.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SjcbZBg.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wGpcEcz.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xlEuHEp.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IInfxPD.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GVpmXap.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XrVwUwz.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nJvaMzL.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GNYEhiQ.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iXSNyva.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWNCQyz.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OaXdUAV.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqLCFnd.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cuuCqVW.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbNByoe.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UPECJZO.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZNbaQbQ.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cmkYhoU.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gXnDbBi.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\phsbmKy.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FSqPXNH.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bwghQlH.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xxTlfWl.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FrOMMTl.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DqNFanV.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VRKPtrp.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NNwqixZ.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnNLcgF.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jtxqSwk.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ojtgtxB.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CIAMpEO.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GDmIaTv.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hMPqvuw.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xblsWOV.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ExaFtHi.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdPXSbT.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AkfNkWZ.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTBOuTr.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TpXpneV.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gepjOLi.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BpRlelA.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wzyAnVF.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHrUlua.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaIbLBY.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UbKRxXA.exe	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2396	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2384 wrote to memory of 2396	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2384 wrote to memory of 2396	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2384 wrote to memory of 1156	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2384 wrote to memory of 1156	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2384 wrote to memory of 1156	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2384 wrote to memory of 2292	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2384 wrote to memory of 2292	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2384 wrote to memory of 2292	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2384 wrote to memory of 2904	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2384 wrote to memory of 2904	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2384 wrote to memory of 2904	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2384 wrote to memory of 2260	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2384 wrote to memory of 2260	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2384 wrote to memory of 2260	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2384 wrote to memory of 2816	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2384 wrote to memory of 2816	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2384 wrote to memory of 2816	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2384 wrote to memory of 2860	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2384 wrote to memory of 2860	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2384 wrote to memory of 2860	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2384 wrote to memory of 2452	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2384 wrote to memory of 2452	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2384 wrote to memory of 2452	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2384 wrote to memory of 2780	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2384 wrote to memory of 2780	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2384 wrote to memory of 2780	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2384 wrote to memory of 2644	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2384 wrote to memory of 2644	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2384 wrote to memory of 2644	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2384 wrote to memory of 2668	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2384 wrote to memory of 2668	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2384 wrote to memory of 2668	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2384 wrote to memory of 2692	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2384 wrote to memory of 2692	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2384 wrote to memory of 2692	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2384 wrote to memory of 2892	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2384 wrote to memory of 2892	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2384 wrote to memory of 2892	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2384 wrote to memory of 2592	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2384 wrote to memory of 2592	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2384 wrote to memory of 2592	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2384 wrote to memory of 1996	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2384 wrote to memory of 1996	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2384 wrote to memory of 1996	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2384 wrote to memory of 768	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2384 wrote to memory of 768	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2384 wrote to memory of 768	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2384 wrote to memory of 1740	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2384 wrote to memory of 1740	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2384 wrote to memory of 1740	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2384 wrote to memory of 264	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2384 wrote to memory of 264	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2384 wrote to memory of 264	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2384 wrote to memory of 1492	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2384 wrote to memory of 1492	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2384 wrote to memory of 1492	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2384 wrote to memory of 1712	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2384 wrote to memory of 1712	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2384 wrote to memory of 1712	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2384 wrote to memory of 780	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2384 wrote to memory of 780	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2384 wrote to memory of 780	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2384 wrote to memory of 576	2384	2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-11_25b6e142d6e8c88da18e51eb5789648d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\System\YqKHeDP.exe
  C:\Windows\System\YqKHeDP.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\JGpSqMD.exe
  C:\Windows\System\JGpSqMD.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\bwRThpS.exe
  C:\Windows\System\bwRThpS.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\hFZgrOX.exe
  C:\Windows\System\hFZgrOX.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\trABiYE.exe
  C:\Windows\System\trABiYE.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\Lpvylyi.exe
  C:\Windows\System\Lpvylyi.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\KVlTOxi.exe
  C:\Windows\System\KVlTOxi.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\MWpsYZR.exe
  C:\Windows\System\MWpsYZR.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\CSKaziN.exe
  C:\Windows\System\CSKaziN.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\cIFJjCG.exe
  C:\Windows\System\cIFJjCG.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\qLCnzGe.exe
  C:\Windows\System\qLCnzGe.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\jeNTFRp.exe
  C:\Windows\System\jeNTFRp.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\FrOMMTl.exe
  C:\Windows\System\FrOMMTl.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\rGkLobv.exe
  C:\Windows\System\rGkLobv.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\AkDfJYm.exe
  C:\Windows\System\AkDfJYm.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\yHLLYsh.exe
  C:\Windows\System\yHLLYsh.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\uBQZZMl.exe
  C:\Windows\System\uBQZZMl.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\ICUEQoT.exe
  C:\Windows\System\ICUEQoT.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\AskdHdD.exe
  C:\Windows\System\AskdHdD.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\wFTCoao.exe
  C:\Windows\System\wFTCoao.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\FKoXPqC.exe
  C:\Windows\System\FKoXPqC.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\QaamAxD.exe
  C:\Windows\System\QaamAxD.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\mhgGMcZ.exe
  C:\Windows\System\mhgGMcZ.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\RxynxQC.exe
  C:\Windows\System\RxynxQC.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\FJUjqGv.exe
  C:\Windows\System\FJUjqGv.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\CRlIOuv.exe
  C:\Windows\System\CRlIOuv.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\lPNQRhK.exe
  C:\Windows\System\lPNQRhK.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\dEAALxR.exe
  C:\Windows\System\dEAALxR.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\VqbJstx.exe
  C:\Windows\System\VqbJstx.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\RwcZpXd.exe
  C:\Windows\System\RwcZpXd.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\IxYzOjj.exe
  C:\Windows\System\IxYzOjj.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\klfhBzw.exe
  C:\Windows\System\klfhBzw.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\IkPLFHj.exe
  C:\Windows\System\IkPLFHj.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\dJcYQCP.exe
  C:\Windows\System\dJcYQCP.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\KZrMyqw.exe
  C:\Windows\System\KZrMyqw.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\mZRnWLF.exe
  C:\Windows\System\mZRnWLF.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\zoVPGDx.exe
  C:\Windows\System\zoVPGDx.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\bDeIAVP.exe
  C:\Windows\System\bDeIAVP.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\tfwOetl.exe
  C:\Windows\System\tfwOetl.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\qHrWjPs.exe
  C:\Windows\System\qHrWjPs.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\zzVNqgd.exe
  C:\Windows\System\zzVNqgd.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\XfYWcEh.exe
  C:\Windows\System\XfYWcEh.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\uwbSuAi.exe
  C:\Windows\System\uwbSuAi.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\EtDsFNh.exe
  C:\Windows\System\EtDsFNh.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\tlGmTyj.exe
  C:\Windows\System\tlGmTyj.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\YvcfFIi.exe
  C:\Windows\System\YvcfFIi.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\djMKPor.exe
  C:\Windows\System\djMKPor.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\OocQqcZ.exe
  C:\Windows\System\OocQqcZ.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\ppaNmVk.exe
  C:\Windows\System\ppaNmVk.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\qkDDBLN.exe
  C:\Windows\System\qkDDBLN.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\HorcbjY.exe
  C:\Windows\System\HorcbjY.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\dBuyjdL.exe
  C:\Windows\System\dBuyjdL.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\QwixDSv.exe
  C:\Windows\System\QwixDSv.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\GTXLmtU.exe
  C:\Windows\System\GTXLmtU.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\pSrcIxm.exe
  C:\Windows\System\pSrcIxm.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\BTUyTzf.exe
  C:\Windows\System\BTUyTzf.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\ovpEIMb.exe
  C:\Windows\System\ovpEIMb.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\pfFQGcB.exe
  C:\Windows\System\pfFQGcB.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\fHKFniU.exe
  C:\Windows\System\fHKFniU.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\lpEvqFJ.exe
  C:\Windows\System\lpEvqFJ.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\jersmEp.exe
  C:\Windows\System\jersmEp.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\fYdVHCa.exe
  C:\Windows\System\fYdVHCa.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\jKqlPgQ.exe
  C:\Windows\System\jKqlPgQ.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\zXKuLjE.exe
  C:\Windows\System\zXKuLjE.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\CgkkFDP.exe
  C:\Windows\System\CgkkFDP.exe
  2⤵
  PID:1808
- C:\Windows\System\JpwoZzJ.exe
  C:\Windows\System\JpwoZzJ.exe
  2⤵
  PID:1068
- C:\Windows\System\jayPodU.exe
  C:\Windows\System\jayPodU.exe
  2⤵
  PID:2588
- C:\Windows\System\xjCrvcM.exe
  C:\Windows\System\xjCrvcM.exe
  2⤵
  PID:2508
- C:\Windows\System\mPrxbcK.exe
  C:\Windows\System\mPrxbcK.exe
  2⤵
  PID:2220
- C:\Windows\System\EDqBNAJ.exe
  C:\Windows\System\EDqBNAJ.exe
  2⤵
  PID:1948
- C:\Windows\System\HNzXmbv.exe
  C:\Windows\System\HNzXmbv.exe
  2⤵
  PID:2600
- C:\Windows\System\wSYtrtu.exe
  C:\Windows\System\wSYtrtu.exe
  2⤵
  PID:840
- C:\Windows\System\ajKRwTG.exe
  C:\Windows\System\ajKRwTG.exe
  2⤵
  PID:408
- C:\Windows\System\eWNCQyz.exe
  C:\Windows\System\eWNCQyz.exe
  2⤵
  PID:2928
- C:\Windows\System\JzjGVPl.exe
  C:\Windows\System\JzjGVPl.exe
  2⤵
  PID:1840
- C:\Windows\System\ehETVYA.exe
  C:\Windows\System\ehETVYA.exe
  2⤵
  PID:1608
- C:\Windows\System\JfriATH.exe
  C:\Windows\System\JfriATH.exe
  2⤵
  PID:316
- C:\Windows\System\oiNrlma.exe
  C:\Windows\System\oiNrlma.exe
  2⤵
  PID:924
- C:\Windows\System\VVaKZuH.exe
  C:\Windows\System\VVaKZuH.exe
  2⤵
  PID:2104
- C:\Windows\System\EJMBcgo.exe
  C:\Windows\System\EJMBcgo.exe
  2⤵
  PID:2900
- C:\Windows\System\OxaXOYz.exe
  C:\Windows\System\OxaXOYz.exe
  2⤵
  PID:2556
- C:\Windows\System\fzlZmKC.exe
  C:\Windows\System\fzlZmKC.exe
  2⤵
  PID:2308
- C:\Windows\System\QhRyXqk.exe
  C:\Windows\System\QhRyXqk.exe
  2⤵
  PID:2388
- C:\Windows\System\sTvABil.exe
  C:\Windows\System\sTvABil.exe
  2⤵
  PID:2156
- C:\Windows\System\guXWSFB.exe
  C:\Windows\System\guXWSFB.exe
  2⤵
  PID:2800
- C:\Windows\System\iXauPfg.exe
  C:\Windows\System\iXauPfg.exe
  2⤵
  PID:1580
- C:\Windows\System\bJjDrXx.exe
  C:\Windows\System\bJjDrXx.exe
  2⤵
  PID:2828
- C:\Windows\System\PpDXyUR.exe
  C:\Windows\System\PpDXyUR.exe
  2⤵
  PID:2636
- C:\Windows\System\QNysSWY.exe
  C:\Windows\System\QNysSWY.exe
  2⤵
  PID:2884
- C:\Windows\System\MEYNDvb.exe
  C:\Windows\System\MEYNDvb.exe
  2⤵
  PID:1284
- C:\Windows\System\PwQmLOE.exe
  C:\Windows\System\PwQmLOE.exe
  2⤵
  PID:332
- C:\Windows\System\PnBGTWX.exe
  C:\Windows\System\PnBGTWX.exe
  2⤵
  PID:1864
- C:\Windows\System\gsannMJ.exe
  C:\Windows\System\gsannMJ.exe
  2⤵
  PID:664
- C:\Windows\System\pcsLyEb.exe
  C:\Windows\System\pcsLyEb.exe
  2⤵
  PID:1008
- C:\Windows\System\fkAvEeO.exe
  C:\Windows\System\fkAvEeO.exe
  2⤵
  PID:496
- C:\Windows\System\bYAVPgJ.exe
  C:\Windows\System\bYAVPgJ.exe
  2⤵
  PID:2484
- C:\Windows\System\kxcorSR.exe
  C:\Windows\System\kxcorSR.exe
  2⤵
  PID:1136
- C:\Windows\System\Echufaj.exe
  C:\Windows\System\Echufaj.exe
  2⤵
  PID:1384
- C:\Windows\System\RDCUUvM.exe
  C:\Windows\System\RDCUUvM.exe
  2⤵
  PID:2488
- C:\Windows\System\QtXZSwD.exe
  C:\Windows\System\QtXZSwD.exe
  2⤵
  PID:2252
- C:\Windows\System\CxMpNGr.exe
  C:\Windows\System\CxMpNGr.exe
  2⤵
  PID:2152
- C:\Windows\System\potGYXY.exe
  C:\Windows\System\potGYXY.exe
  2⤵
  PID:2596
- C:\Windows\System\CPcGDoa.exe
  C:\Windows\System\CPcGDoa.exe
  2⤵
  PID:2540
- C:\Windows\System\hCMXCkX.exe
  C:\Windows\System\hCMXCkX.exe
  2⤵
  PID:2256
- C:\Windows\System\DdgJILi.exe
  C:\Windows\System\DdgJILi.exe
  2⤵
  PID:3080
- C:\Windows\System\WSAJDnO.exe
  C:\Windows\System\WSAJDnO.exe
  2⤵
  PID:3100
- C:\Windows\System\WYLbKvh.exe
  C:\Windows\System\WYLbKvh.exe
  2⤵
  PID:3120
- C:\Windows\System\riwFpir.exe
  C:\Windows\System\riwFpir.exe
  2⤵
  PID:3140
- C:\Windows\System\jtwwzqU.exe
  C:\Windows\System\jtwwzqU.exe
  2⤵
  PID:3160
- C:\Windows\System\dcEEjFw.exe
  C:\Windows\System\dcEEjFw.exe
  2⤵
  PID:3180
- C:\Windows\System\YivZmdt.exe
  C:\Windows\System\YivZmdt.exe
  2⤵
  PID:3200
- C:\Windows\System\cEEkkWh.exe
  C:\Windows\System\cEEkkWh.exe
  2⤵
  PID:3220
- C:\Windows\System\HwxiOZc.exe
  C:\Windows\System\HwxiOZc.exe
  2⤵
  PID:3240
- C:\Windows\System\zPWEqSO.exe
  C:\Windows\System\zPWEqSO.exe
  2⤵
  PID:3260
- C:\Windows\System\JkOVqaU.exe
  C:\Windows\System\JkOVqaU.exe
  2⤵
  PID:3280
- C:\Windows\System\qRPrXFp.exe
  C:\Windows\System\qRPrXFp.exe
  2⤵
  PID:3300
- C:\Windows\System\zNpuwfa.exe
  C:\Windows\System\zNpuwfa.exe
  2⤵
  PID:3320
- C:\Windows\System\OqXScEy.exe
  C:\Windows\System\OqXScEy.exe
  2⤵
  PID:3340
- C:\Windows\System\aCZiAOZ.exe
  C:\Windows\System\aCZiAOZ.exe
  2⤵
  PID:3360
- C:\Windows\System\KTeOkHY.exe
  C:\Windows\System\KTeOkHY.exe
  2⤵
  PID:3380
- C:\Windows\System\ffSqZZb.exe
  C:\Windows\System\ffSqZZb.exe
  2⤵
  PID:3400
- C:\Windows\System\fgTjxTW.exe
  C:\Windows\System\fgTjxTW.exe
  2⤵
  PID:3420
- C:\Windows\System\OOQKLGa.exe
  C:\Windows\System\OOQKLGa.exe
  2⤵
  PID:3440
- C:\Windows\System\DcnOOvX.exe
  C:\Windows\System\DcnOOvX.exe
  2⤵
  PID:3460
- C:\Windows\System\gTDZpAA.exe
  C:\Windows\System\gTDZpAA.exe
  2⤵
  PID:3480
- C:\Windows\System\HkSvlkb.exe
  C:\Windows\System\HkSvlkb.exe
  2⤵
  PID:3500
- C:\Windows\System\ccOUXzs.exe
  C:\Windows\System\ccOUXzs.exe
  2⤵
  PID:3520
- C:\Windows\System\bErkTHK.exe
  C:\Windows\System\bErkTHK.exe
  2⤵
  PID:3540
- C:\Windows\System\EHFXulq.exe
  C:\Windows\System\EHFXulq.exe
  2⤵
  PID:3560
- C:\Windows\System\vwmWvrK.exe
  C:\Windows\System\vwmWvrK.exe
  2⤵
  PID:3580
- C:\Windows\System\ATWDPuG.exe
  C:\Windows\System\ATWDPuG.exe
  2⤵
  PID:3600
- C:\Windows\System\UdAEuon.exe
  C:\Windows\System\UdAEuon.exe
  2⤵
  PID:3620
- C:\Windows\System\xiYmoNo.exe
  C:\Windows\System\xiYmoNo.exe
  2⤵
  PID:3640
- C:\Windows\System\srBijZH.exe
  C:\Windows\System\srBijZH.exe
  2⤵
  PID:3660
- C:\Windows\System\tidwTQM.exe
  C:\Windows\System\tidwTQM.exe
  2⤵
  PID:3680
- C:\Windows\System\CkCiRfL.exe
  C:\Windows\System\CkCiRfL.exe
  2⤵
  PID:3700
- C:\Windows\System\WtfGHcD.exe
  C:\Windows\System\WtfGHcD.exe
  2⤵
  PID:3720
- C:\Windows\System\ZrFYEvA.exe
  C:\Windows\System\ZrFYEvA.exe
  2⤵
  PID:3740
- C:\Windows\System\uhOJXVt.exe
  C:\Windows\System\uhOJXVt.exe
  2⤵
  PID:3760
- C:\Windows\System\AWLePGa.exe
  C:\Windows\System\AWLePGa.exe
  2⤵
  PID:3780
- C:\Windows\System\LPWUsoW.exe
  C:\Windows\System\LPWUsoW.exe
  2⤵
  PID:3800
- C:\Windows\System\EDveQgo.exe
  C:\Windows\System\EDveQgo.exe
  2⤵
  PID:3820
- C:\Windows\System\GDmIaTv.exe
  C:\Windows\System\GDmIaTv.exe
  2⤵
  PID:3840
- C:\Windows\System\bUfTbsR.exe
  C:\Windows\System\bUfTbsR.exe
  2⤵
  PID:3860
- C:\Windows\System\eatbhMP.exe
  C:\Windows\System\eatbhMP.exe
  2⤵
  PID:3880
- C:\Windows\System\PyFDjWW.exe
  C:\Windows\System\PyFDjWW.exe
  2⤵
  PID:3900
- C:\Windows\System\WUZzeNr.exe
  C:\Windows\System\WUZzeNr.exe
  2⤵
  PID:3920
- C:\Windows\System\TuhzwaX.exe
  C:\Windows\System\TuhzwaX.exe
  2⤵
  PID:3940
- C:\Windows\System\tlhcVUd.exe
  C:\Windows\System\tlhcVUd.exe
  2⤵
  PID:3960
- C:\Windows\System\sczjvSf.exe
  C:\Windows\System\sczjvSf.exe
  2⤵
  PID:3980
- C:\Windows\System\CeYaceE.exe
  C:\Windows\System\CeYaceE.exe
  2⤵
  PID:4000
- C:\Windows\System\rUPjXMU.exe
  C:\Windows\System\rUPjXMU.exe
  2⤵
  PID:4020
- C:\Windows\System\eSdXskH.exe
  C:\Windows\System\eSdXskH.exe
  2⤵
  PID:4040
- C:\Windows\System\jLuvwMM.exe
  C:\Windows\System\jLuvwMM.exe
  2⤵
  PID:4060
- C:\Windows\System\fxetNJa.exe
  C:\Windows\System\fxetNJa.exe
  2⤵
  PID:4076
- C:\Windows\System\sLymgGE.exe
  C:\Windows\System\sLymgGE.exe
  2⤵
  PID:2316
- C:\Windows\System\QoLQedO.exe
  C:\Windows\System\QoLQedO.exe
  2⤵
  PID:1624
- C:\Windows\System\BUESNsQ.exe
  C:\Windows\System\BUESNsQ.exe
  2⤵
  PID:892
- C:\Windows\System\CVBhQvg.exe
  C:\Windows\System\CVBhQvg.exe
  2⤵
  PID:676
- C:\Windows\System\wOcZwbr.exe
  C:\Windows\System\wOcZwbr.exe
  2⤵
  PID:2340
- C:\Windows\System\MWSSaIR.exe
  C:\Windows\System\MWSSaIR.exe
  2⤵
  PID:2720
- C:\Windows\System\kHAhhmn.exe
  C:\Windows\System\kHAhhmn.exe
  2⤵
  PID:648
- C:\Windows\System\pLvMXxo.exe
  C:\Windows\System\pLvMXxo.exe
  2⤵
  PID:568
- C:\Windows\System\AOuWLtr.exe
  C:\Windows\System\AOuWLtr.exe
  2⤵
  PID:2080
- C:\Windows\System\CKEcUuq.exe
  C:\Windows\System\CKEcUuq.exe
  2⤵
  PID:1680
- C:\Windows\System\nqBWIzX.exe
  C:\Windows\System\nqBWIzX.exe
  2⤵
  PID:1620
- C:\Windows\System\jVNBRyR.exe
  C:\Windows\System\jVNBRyR.exe
  2⤵
  PID:3076
- C:\Windows\System\KkThjCi.exe
  C:\Windows\System\KkThjCi.exe
  2⤵
  PID:3136
- C:\Windows\System\SXfwUmp.exe
  C:\Windows\System\SXfwUmp.exe
  2⤵
  PID:3132
- C:\Windows\System\fsndljY.exe
  C:\Windows\System\fsndljY.exe
  2⤵
  PID:3208
- C:\Windows\System\bIdEqQQ.exe
  C:\Windows\System\bIdEqQQ.exe
  2⤵
  PID:3192
- C:\Windows\System\ZXppsSN.exe
  C:\Windows\System\ZXppsSN.exe
  2⤵
  PID:3232
- C:\Windows\System\QhxOvgZ.exe
  C:\Windows\System\QhxOvgZ.exe
  2⤵
  PID:3296
- C:\Windows\System\yVYYTdm.exe
  C:\Windows\System\yVYYTdm.exe
  2⤵
  PID:3336
- C:\Windows\System\Tnnhyyr.exe
  C:\Windows\System\Tnnhyyr.exe
  2⤵
  PID:3352
- C:\Windows\System\YErYeJu.exe
  C:\Windows\System\YErYeJu.exe
  2⤵
  PID:3388
- C:\Windows\System\UcMBEEZ.exe
  C:\Windows\System\UcMBEEZ.exe
  2⤵
  PID:3428
- C:\Windows\System\emyBEqp.exe
  C:\Windows\System\emyBEqp.exe
  2⤵
  PID:3432
- C:\Windows\System\GjfmKBo.exe
  C:\Windows\System\GjfmKBo.exe
  2⤵
  PID:3472
- C:\Windows\System\LqdGQQl.exe
  C:\Windows\System\LqdGQQl.exe
  2⤵
  PID:3536
- C:\Windows\System\pVmyJNu.exe
  C:\Windows\System\pVmyJNu.exe
  2⤵
  PID:3568
- C:\Windows\System\KGwuPFX.exe
  C:\Windows\System\KGwuPFX.exe
  2⤵
  PID:3588
- C:\Windows\System\djUfeqQ.exe
  C:\Windows\System\djUfeqQ.exe
  2⤵
  PID:3628
- C:\Windows\System\lBrDpQV.exe
  C:\Windows\System\lBrDpQV.exe
  2⤵
  PID:3652
- C:\Windows\System\FlAeMte.exe
  C:\Windows\System\FlAeMte.exe
  2⤵
  PID:3672
- C:\Windows\System\nQVfjjD.exe
  C:\Windows\System\nQVfjjD.exe
  2⤵
  PID:3716
- C:\Windows\System\rUSnDnh.exe
  C:\Windows\System\rUSnDnh.exe
  2⤵
  PID:3756
- C:\Windows\System\YZGXIVv.exe
  C:\Windows\System\YZGXIVv.exe
  2⤵
  PID:3796
- C:\Windows\System\LvNbHFL.exe
  C:\Windows\System\LvNbHFL.exe
  2⤵
  PID:3828
- C:\Windows\System\fZYIkqg.exe
  C:\Windows\System\fZYIkqg.exe
  2⤵
  PID:3852
- C:\Windows\System\tbnOqQL.exe
  C:\Windows\System\tbnOqQL.exe
  2⤵
  PID:3888
- C:\Windows\System\kXSyvMY.exe
  C:\Windows\System\kXSyvMY.exe
  2⤵
  PID:3916
- C:\Windows\System\RfsgcnM.exe
  C:\Windows\System\RfsgcnM.exe
  2⤵
  PID:3932
- C:\Windows\System\ahqRtIJ.exe
  C:\Windows\System\ahqRtIJ.exe
  2⤵
  PID:3968
- C:\Windows\System\rDFDkdk.exe
  C:\Windows\System\rDFDkdk.exe
  2⤵
  PID:4012
- C:\Windows\System\ulLDpAk.exe
  C:\Windows\System\ulLDpAk.exe
  2⤵
  PID:4092
- C:\Windows\System\StMmVoH.exe
  C:\Windows\System\StMmVoH.exe
  2⤵
  PID:2840
- C:\Windows\System\gvRKzOL.exe
  C:\Windows\System\gvRKzOL.exe
  2⤵
  PID:1600
- C:\Windows\System\FJckijD.exe
  C:\Windows\System\FJckijD.exe
  2⤵
  PID:4068
- C:\Windows\System\VajLaJB.exe
  C:\Windows\System\VajLaJB.exe
  2⤵
  PID:2372
- C:\Windows\System\dEtGXsy.exe
  C:\Windows\System\dEtGXsy.exe
  2⤵
  PID:2812
- C:\Windows\System\mzaVdOb.exe
  C:\Windows\System\mzaVdOb.exe
  2⤵
  PID:864
- C:\Windows\System\wrQMVlJ.exe
  C:\Windows\System\wrQMVlJ.exe
  2⤵
  PID:2012
- C:\Windows\System\msyDisr.exe
  C:\Windows\System\msyDisr.exe
  2⤵
  PID:3088
- C:\Windows\System\iGwPviV.exe
  C:\Windows\System\iGwPviV.exe
  2⤵
  PID:3156
- C:\Windows\System\dmSKhmF.exe
  C:\Windows\System\dmSKhmF.exe
  2⤵
  PID:3256
- C:\Windows\System\mvGMJvd.exe
  C:\Windows\System\mvGMJvd.exe
  2⤵
  PID:3212
- C:\Windows\System\EpphfFG.exe
  C:\Windows\System\EpphfFG.exe
  2⤵
  PID:3308
- C:\Windows\System\xYdRyOe.exe
  C:\Windows\System\xYdRyOe.exe
  2⤵
  PID:3436
- C:\Windows\System\AkXwYWC.exe
  C:\Windows\System\AkXwYWC.exe
  2⤵
  PID:3552
- C:\Windows\System\NHjxJZV.exe
  C:\Windows\System\NHjxJZV.exe
  2⤵
  PID:3348
- C:\Windows\System\lWHlEZd.exe
  C:\Windows\System\lWHlEZd.exe
  2⤵
  PID:3392
- C:\Windows\System\ffCLgld.exe
  C:\Windows\System\ffCLgld.exe
  2⤵
  PID:3488
- C:\Windows\System\iXsbmHN.exe
  C:\Windows\System\iXsbmHN.exe
  2⤵
  PID:3476
- C:\Windows\System\CnJQOnZ.exe
  C:\Windows\System\CnJQOnZ.exe
  2⤵
  PID:3516
- C:\Windows\System\pmVAQKE.exe
  C:\Windows\System\pmVAQKE.exe
  2⤵
  PID:3788
- C:\Windows\System\kkZYgqw.exe
  C:\Windows\System\kkZYgqw.exe
  2⤵
  PID:3848
- C:\Windows\System\fIvAsTi.exe
  C:\Windows\System\fIvAsTi.exe
  2⤵
  PID:3952
- C:\Windows\System\VgHMfpp.exe
  C:\Windows\System\VgHMfpp.exe
  2⤵
  PID:4056
- C:\Windows\System\hpLknJb.exe
  C:\Windows\System\hpLknJb.exe
  2⤵
  PID:4084
- C:\Windows\System\acnVQWU.exe
  C:\Windows\System\acnVQWU.exe
  2⤵
  PID:4052
- C:\Windows\System\cicstnP.exe
  C:\Windows\System\cicstnP.exe
  2⤵
  PID:1320
- C:\Windows\System\EPeulQM.exe
  C:\Windows\System\EPeulQM.exe
  2⤵
  PID:2132
- C:\Windows\System\GzfxWDp.exe
  C:\Windows\System\GzfxWDp.exe
  2⤵
  PID:4112
- C:\Windows\System\XNxOvSX.exe
  C:\Windows\System\XNxOvSX.exe
  2⤵
  PID:4168
- C:\Windows\System\GwJnbgw.exe
  C:\Windows\System\GwJnbgw.exe
  2⤵
  PID:4196
- C:\Windows\System\OaXdUAV.exe
  C:\Windows\System\OaXdUAV.exe
  2⤵
  PID:4212
- C:\Windows\System\VIpIFMK.exe
  C:\Windows\System\VIpIFMK.exe
  2⤵
  PID:4228
- C:\Windows\System\rSjqnbh.exe
  C:\Windows\System\rSjqnbh.exe
  2⤵
  PID:4244
- C:\Windows\System\lBBhvfE.exe
  C:\Windows\System\lBBhvfE.exe
  2⤵
  PID:4260
- C:\Windows\System\fReeAsw.exe
  C:\Windows\System\fReeAsw.exe
  2⤵
  PID:4276
- C:\Windows\System\cdtWhpC.exe
  C:\Windows\System\cdtWhpC.exe
  2⤵
  PID:4296
- C:\Windows\System\ZvTQdbM.exe
  C:\Windows\System\ZvTQdbM.exe
  2⤵
  PID:4328
- C:\Windows\System\dKIlPgX.exe
  C:\Windows\System\dKIlPgX.exe
  2⤵
  PID:4348
- C:\Windows\System\qMDhVWp.exe
  C:\Windows\System\qMDhVWp.exe
  2⤵
  PID:4368
- C:\Windows\System\iOLfodV.exe
  C:\Windows\System\iOLfodV.exe
  2⤵
  PID:4388
- C:\Windows\System\ObExOXT.exe
  C:\Windows\System\ObExOXT.exe
  2⤵
  PID:4404
- C:\Windows\System\iAtVxwq.exe
  C:\Windows\System\iAtVxwq.exe
  2⤵
  PID:4420
- C:\Windows\System\ltTkrRG.exe
  C:\Windows\System\ltTkrRG.exe
  2⤵
  PID:4436
- C:\Windows\System\ObYEHZk.exe
  C:\Windows\System\ObYEHZk.exe
  2⤵
  PID:4452
- C:\Windows\System\BEAKDmW.exe
  C:\Windows\System\BEAKDmW.exe
  2⤵
  PID:4468
- C:\Windows\System\WkOzJKz.exe
  C:\Windows\System\WkOzJKz.exe
  2⤵
  PID:4484
- C:\Windows\System\kVvLchy.exe
  C:\Windows\System\kVvLchy.exe
  2⤵
  PID:4500
- C:\Windows\System\PUnCfHn.exe
  C:\Windows\System\PUnCfHn.exe
  2⤵
  PID:4516
- C:\Windows\System\ItuTmgn.exe
  C:\Windows\System\ItuTmgn.exe
  2⤵
  PID:4536
- C:\Windows\System\FnSFoKa.exe
  C:\Windows\System\FnSFoKa.exe
  2⤵
  PID:4552
- C:\Windows\System\peThRVZ.exe
  C:\Windows\System\peThRVZ.exe
  2⤵
  PID:4568
- C:\Windows\System\iTTjBrY.exe
  C:\Windows\System\iTTjBrY.exe
  2⤵
  PID:4600
- C:\Windows\System\nUiIAFr.exe
  C:\Windows\System\nUiIAFr.exe
  2⤵
  PID:4616
- C:\Windows\System\wPwrNoB.exe
  C:\Windows\System\wPwrNoB.exe
  2⤵
  PID:4632
- C:\Windows\System\RVtAGms.exe
  C:\Windows\System\RVtAGms.exe
  2⤵
  PID:4648
- C:\Windows\System\AryWsel.exe
  C:\Windows\System\AryWsel.exe
  2⤵
  PID:4672
- C:\Windows\System\zeGQpDP.exe
  C:\Windows\System\zeGQpDP.exe
  2⤵
  PID:4700
- C:\Windows\System\eTjbBzz.exe
  C:\Windows\System\eTjbBzz.exe
  2⤵
  PID:4720
- C:\Windows\System\VkRBesN.exe
  C:\Windows\System\VkRBesN.exe
  2⤵
  PID:4736
- C:\Windows\System\DSAIKyW.exe
  C:\Windows\System\DSAIKyW.exe
  2⤵
  PID:4752
- C:\Windows\System\OwzEUMk.exe
  C:\Windows\System\OwzEUMk.exe
  2⤵
  PID:4776
- C:\Windows\System\rGpHTmw.exe
  C:\Windows\System\rGpHTmw.exe
  2⤵
  PID:4800
- C:\Windows\System\viPIydc.exe
  C:\Windows\System\viPIydc.exe
  2⤵
  PID:4876
- C:\Windows\System\FdPEPUx.exe
  C:\Windows\System\FdPEPUx.exe
  2⤵
  PID:4900
- C:\Windows\System\NybLtrj.exe
  C:\Windows\System\NybLtrj.exe
  2⤵
  PID:4916
- C:\Windows\System\rRGjANC.exe
  C:\Windows\System\rRGjANC.exe
  2⤵
  PID:4932
- C:\Windows\System\hMPqvuw.exe
  C:\Windows\System\hMPqvuw.exe
  2⤵
  PID:4948
- C:\Windows\System\iiWtLxb.exe
  C:\Windows\System\iiWtLxb.exe
  2⤵
  PID:4964
- C:\Windows\System\ogjPljr.exe
  C:\Windows\System\ogjPljr.exe
  2⤵
  PID:4988
- C:\Windows\System\tejbBRh.exe
  C:\Windows\System\tejbBRh.exe
  2⤵
  PID:5012
- C:\Windows\System\wbFLKxZ.exe
  C:\Windows\System\wbFLKxZ.exe
  2⤵
  PID:5036
- C:\Windows\System\LXzijty.exe
  C:\Windows\System\LXzijty.exe
  2⤵
  PID:5056
- C:\Windows\System\zUtJyaK.exe
  C:\Windows\System\zUtJyaK.exe
  2⤵
  PID:5072
- C:\Windows\System\hZBQHnh.exe
  C:\Windows\System\hZBQHnh.exe
  2⤵
  PID:5088
- C:\Windows\System\GHbypyu.exe
  C:\Windows\System\GHbypyu.exe
  2⤵
  PID:5104
- C:\Windows\System\OVBnKsM.exe
  C:\Windows\System\OVBnKsM.exe
  2⤵
  PID:3816
- C:\Windows\System\gAppcog.exe
  C:\Windows\System\gAppcog.exe
  2⤵
  PID:3936
- C:\Windows\System\IODypDA.exe
  C:\Windows\System\IODypDA.exe
  2⤵
  PID:4008
- C:\Windows\System\GVpmXap.exe
  C:\Windows\System\GVpmXap.exe
  2⤵
  PID:3152
- C:\Windows\System\vDZpaOJ.exe
  C:\Windows\System\vDZpaOJ.exe
  2⤵
  PID:3252
- C:\Windows\System\HUViWbS.exe
  C:\Windows\System\HUViWbS.exe
  2⤵
  PID:3492
- C:\Windows\System\ffyRVnt.exe
  C:\Windows\System\ffyRVnt.exe
  2⤵
  PID:3648
- C:\Windows\System\RGPTaIm.exe
  C:\Windows\System\RGPTaIm.exe
  2⤵
  PID:2088
- C:\Windows\System\oImEwxx.exe
  C:\Windows\System\oImEwxx.exe
  2⤵
  PID:3908
- C:\Windows\System\ybCjtmt.exe
  C:\Windows\System\ybCjtmt.exe
  2⤵
  PID:3748
- C:\Windows\System\KheaYzE.exe
  C:\Windows\System\KheaYzE.exe
  2⤵
  PID:1940
- C:\Windows\System\wqmLoOx.exe
  C:\Windows\System\wqmLoOx.exe
  2⤵
  PID:4104
- C:\Windows\System\FXiZnQF.exe
  C:\Windows\System\FXiZnQF.exe
  2⤵
  PID:3228
- C:\Windows\System\xzFPqlu.exe
  C:\Windows\System\xzFPqlu.exe
  2⤵
  PID:4188
- C:\Windows\System\TdZkCWF.exe
  C:\Windows\System\TdZkCWF.exe
  2⤵
  PID:4252
- C:\Windows\System\qaIAgwP.exe
  C:\Windows\System\qaIAgwP.exe
  2⤵
  PID:4292
- C:\Windows\System\xnMBLME.exe
  C:\Windows\System\xnMBLME.exe
  2⤵
  PID:4380
- C:\Windows\System\mQsFumF.exe
  C:\Windows\System\mQsFumF.exe
  2⤵
  PID:4448
- C:\Windows\System\WYCSdrR.exe
  C:\Windows\System\WYCSdrR.exe
  2⤵
  PID:4512
- C:\Windows\System\OVKNCIj.exe
  C:\Windows\System\OVKNCIj.exe
  2⤵
  PID:4588
- C:\Windows\System\lkEAKrE.exe
  C:\Windows\System\lkEAKrE.exe
  2⤵
  PID:1612
- C:\Windows\System\mRdxBdh.exe
  C:\Windows\System\mRdxBdh.exe
  2⤵
  PID:4128
- C:\Windows\System\WBypXqh.exe
  C:\Windows\System\WBypXqh.exe
  2⤵
  PID:3856
- C:\Windows\System\DxMpyMQ.exe
  C:\Windows\System\DxMpyMQ.exe
  2⤵
  PID:3356
- C:\Windows\System\EBubeFT.exe
  C:\Windows\System\EBubeFT.exe
  2⤵
  PID:4136
- C:\Windows\System\szkzjsF.exe
  C:\Windows\System\szkzjsF.exe
  2⤵
  PID:4164
- C:\Windows\System\YycVpCm.exe
  C:\Windows\System\YycVpCm.exe
  2⤵
  PID:4664
- C:\Windows\System\LyqWgeG.exe
  C:\Windows\System\LyqWgeG.exe
  2⤵
  PID:4712
- C:\Windows\System\cNJzazQ.exe
  C:\Windows\System\cNJzazQ.exe
  2⤵
  PID:2936
- C:\Windows\System\VRKPtrp.exe
  C:\Windows\System\VRKPtrp.exe
  2⤵
  PID:4324
- C:\Windows\System\SkCAIat.exe
  C:\Windows\System\SkCAIat.exe
  2⤵
  PID:4320
- C:\Windows\System\jsIRmcl.exe
  C:\Windows\System\jsIRmcl.exe
  2⤵
  PID:4400
- C:\Windows\System\RFcUEyC.exe
  C:\Windows\System\RFcUEyC.exe
  2⤵
  PID:4792
- C:\Windows\System\CuQhcrh.exe
  C:\Windows\System\CuQhcrh.exe
  2⤵
  PID:4680
- C:\Windows\System\wyHAhAH.exe
  C:\Windows\System\wyHAhAH.exe
  2⤵
  PID:4532
- C:\Windows\System\YyhBfHn.exe
  C:\Windows\System\YyhBfHn.exe
  2⤵
  PID:4464
- C:\Windows\System\zIypkgI.exe
  C:\Windows\System\zIypkgI.exe
  2⤵
  PID:4896
- C:\Windows\System\ATtEmZQ.exe
  C:\Windows\System\ATtEmZQ.exe
  2⤵
  PID:4956
- C:\Windows\System\wyoGmKw.exe
  C:\Windows\System\wyoGmKw.exe
  2⤵
  PID:5048
- C:\Windows\System\gBLitcg.exe
  C:\Windows\System\gBLitcg.exe
  2⤵
  PID:5112
- C:\Windows\System\cYFkxOj.exe
  C:\Windows\System\cYFkxOj.exe
  2⤵
  PID:3656
- C:\Windows\System\NwtgGHe.exe
  C:\Windows\System\NwtgGHe.exe
  2⤵
  PID:4840
- C:\Windows\System\XCLnzDz.exe
  C:\Windows\System\XCLnzDz.exe
  2⤵
  PID:4860
- C:\Windows\System\ipApRtw.exe
  C:\Windows\System\ipApRtw.exe
  2⤵
  PID:4100
- C:\Windows\System\saTgxOT.exe
  C:\Windows\System\saTgxOT.exe
  2⤵
  PID:4836
- C:\Windows\System\ileyLPQ.exe
  C:\Windows\System\ileyLPQ.exe
  2⤵
  PID:4180
- C:\Windows\System\ljzMwjQ.exe
  C:\Windows\System\ljzMwjQ.exe
  2⤵
  PID:4508
- C:\Windows\System\gRTXYgB.exe
  C:\Windows\System\gRTXYgB.exe
  2⤵
  PID:3688
- C:\Windows\System\ofUzESd.exe
  C:\Windows\System\ofUzESd.exe
  2⤵
  PID:4208
- C:\Windows\System\feSWycb.exe
  C:\Windows\System\feSWycb.exe
  2⤵
  PID:4944
- C:\Windows\System\mGXqAtA.exe
  C:\Windows\System\mGXqAtA.exe
  2⤵
  PID:4984
- C:\Windows\System\NonYXeI.exe
  C:\Windows\System\NonYXeI.exe
  2⤵
  PID:5024
- C:\Windows\System\yPHUiuo.exe
  C:\Windows\System\yPHUiuo.exe
  2⤵
  PID:5064
- C:\Windows\System\FeUMpsg.exe
  C:\Windows\System\FeUMpsg.exe
  2⤵
  PID:4268
- C:\Windows\System\yjrvXws.exe
  C:\Windows\System\yjrvXws.exe
  2⤵
  PID:4028
- C:\Windows\System\pJQCpFA.exe
  C:\Windows\System\pJQCpFA.exe
  2⤵
  PID:3728
- C:\Windows\System\dmEGwGu.exe
  C:\Windows\System\dmEGwGu.exe
  2⤵
  PID:3768
- C:\Windows\System\OpWvcVc.exe
  C:\Windows\System\OpWvcVc.exe
  2⤵
  PID:4416
- C:\Windows\System\usKtIOt.exe
  C:\Windows\System\usKtIOt.exe
  2⤵
  PID:4708
- C:\Windows\System\ejwqrHq.exe
  C:\Windows\System\ejwqrHq.exe
  2⤵
  PID:4396
- C:\Windows\System\IkHPtdE.exe
  C:\Windows\System\IkHPtdE.exe
  2⤵
  PID:4152
- C:\Windows\System\FRsopSK.exe
  C:\Windows\System\FRsopSK.exe
  2⤵
  PID:4120
- C:\Windows\System\MaYpXGX.exe
  C:\Windows\System\MaYpXGX.exe
  2⤵
  PID:4444
- C:\Windows\System\mZIuzQO.exe
  C:\Windows\System\mZIuzQO.exe
  2⤵
  PID:3332
- C:\Windows\System\ahkxcsO.exe
  C:\Windows\System\ahkxcsO.exe
  2⤵
  PID:4688
- C:\Windows\System\DMyvcsw.exe
  C:\Windows\System\DMyvcsw.exe
  2⤵
  PID:4732
- C:\Windows\System\YXenxOa.exe
  C:\Windows\System\YXenxOa.exe
  2⤵
  PID:4772
- C:\Windows\System\NqYfmcx.exe
  C:\Windows\System\NqYfmcx.exe
  2⤵
  PID:4608
- C:\Windows\System\xlMnVnX.exe
  C:\Windows\System\xlMnVnX.exe
  2⤵
  PID:4888
- C:\Windows\System\AUDhoCw.exe
  C:\Windows\System\AUDhoCw.exe
  2⤵
  PID:5008
- C:\Windows\System\QMgxjGV.exe
  C:\Windows\System\QMgxjGV.exe
  2⤵
  PID:3996
- C:\Windows\System\ICBRjMM.exe
  C:\Windows\System\ICBRjMM.exe
  2⤵
  PID:4344
- C:\Windows\System\dRqJYxu.exe
  C:\Windows\System\dRqJYxu.exe
  2⤵
  PID:4928
- C:\Windows\System\vwroUas.exe
  C:\Windows\System\vwroUas.exe
  2⤵
  PID:5084
- C:\Windows\System\aVkwPgS.exe
  C:\Windows\System\aVkwPgS.exe
  2⤵
  PID:2616
- C:\Windows\System\hgHiFAa.exe
  C:\Windows\System\hgHiFAa.exe
  2⤵
  PID:1632
- C:\Windows\System\dDdnJJe.exe
  C:\Windows\System\dDdnJJe.exe
  2⤵
  PID:3928
- C:\Windows\System\msyIAVl.exe
  C:\Windows\System\msyIAVl.exe
  2⤵
  PID:3128
- C:\Windows\System\mRvumnq.exe
  C:\Windows\System\mRvumnq.exe
  2⤵
  PID:4184
- C:\Windows\System\bSrZhrI.exe
  C:\Windows\System\bSrZhrI.exe
  2⤵
  PID:3372
- C:\Windows\System\vywZbiv.exe
  C:\Windows\System\vywZbiv.exe
  2⤵
  PID:4584
- C:\Windows\System\NNwqixZ.exe
  C:\Windows\System\NNwqixZ.exe
  2⤵
  PID:4156
- C:\Windows\System\HchNiqL.exe
  C:\Windows\System\HchNiqL.exe
  2⤵
  PID:4236
- C:\Windows\System\zTsdbOx.exe
  C:\Windows\System\zTsdbOx.exe
  2⤵
  PID:4640
- C:\Windows\System\lYdPIkQ.exe
  C:\Windows\System\lYdPIkQ.exe
  2⤵
  PID:4884
- C:\Windows\System\bHSwLkS.exe
  C:\Windows\System\bHSwLkS.exe
  2⤵
  PID:4132
- C:\Windows\System\LPccVhf.exe
  C:\Windows\System\LPccVhf.exe
  2⤵
  PID:5132
- C:\Windows\System\nGGuJAw.exe
  C:\Windows\System\nGGuJAw.exe
  2⤵
  PID:5148
- C:\Windows\System\FVhpXOo.exe
  C:\Windows\System\FVhpXOo.exe
  2⤵
  PID:5172
- C:\Windows\System\SpRPgTU.exe
  C:\Windows\System\SpRPgTU.exe
  2⤵
  PID:5188
- C:\Windows\System\yKSlHZO.exe
  C:\Windows\System\yKSlHZO.exe
  2⤵
  PID:5204
- C:\Windows\System\tjRrrWD.exe
  C:\Windows\System\tjRrrWD.exe
  2⤵
  PID:5220
- C:\Windows\System\ZWtBJdV.exe
  C:\Windows\System\ZWtBJdV.exe
  2⤵
  PID:5236
- C:\Windows\System\nVrCvcE.exe
  C:\Windows\System\nVrCvcE.exe
  2⤵
  PID:5252
- C:\Windows\System\NWIuYoS.exe
  C:\Windows\System\NWIuYoS.exe
  2⤵
  PID:5268
- C:\Windows\System\ENeRvOO.exe
  C:\Windows\System\ENeRvOO.exe
  2⤵
  PID:5284
- C:\Windows\System\iyaVURA.exe
  C:\Windows\System\iyaVURA.exe
  2⤵
  PID:5300
- C:\Windows\System\bytuDHn.exe
  C:\Windows\System\bytuDHn.exe
  2⤵
  PID:5316
- C:\Windows\System\gasGVwP.exe
  C:\Windows\System\gasGVwP.exe
  2⤵
  PID:5332
- C:\Windows\System\BzOOESS.exe
  C:\Windows\System\BzOOESS.exe
  2⤵
  PID:5348
- C:\Windows\System\udBWyVQ.exe
  C:\Windows\System\udBWyVQ.exe
  2⤵
  PID:5364
- C:\Windows\System\uxaVtiC.exe
  C:\Windows\System\uxaVtiC.exe
  2⤵
  PID:5380
- C:\Windows\System\fpbFyVU.exe
  C:\Windows\System\fpbFyVU.exe
  2⤵
  PID:5396
- C:\Windows\System\aqYkkhC.exe
  C:\Windows\System\aqYkkhC.exe
  2⤵
  PID:5428
- C:\Windows\System\kRSQlra.exe
  C:\Windows\System\kRSQlra.exe
  2⤵
  PID:5456
- C:\Windows\System\OJgWqch.exe
  C:\Windows\System\OJgWqch.exe
  2⤵
  PID:5472
- C:\Windows\System\ALkDxmm.exe
  C:\Windows\System\ALkDxmm.exe
  2⤵
  PID:5488
- C:\Windows\System\jMJHEOp.exe
  C:\Windows\System\jMJHEOp.exe
  2⤵
  PID:5504
- C:\Windows\System\sWcrgJL.exe
  C:\Windows\System\sWcrgJL.exe
  2⤵
  PID:5520
- C:\Windows\System\piwbAHl.exe
  C:\Windows\System\piwbAHl.exe
  2⤵
  PID:5536
- C:\Windows\System\fzjXYGU.exe
  C:\Windows\System\fzjXYGU.exe
  2⤵
  PID:5552
- C:\Windows\System\QnqjjWo.exe
  C:\Windows\System\QnqjjWo.exe
  2⤵
  PID:5568
- C:\Windows\System\OsrlvCB.exe
  C:\Windows\System\OsrlvCB.exe
  2⤵
  PID:5584
- C:\Windows\System\TayhZnQ.exe
  C:\Windows\System\TayhZnQ.exe
  2⤵
  PID:5600
- C:\Windows\System\mdnpBqo.exe
  C:\Windows\System\mdnpBqo.exe
  2⤵
  PID:5616
- C:\Windows\System\hNxZYME.exe
  C:\Windows\System\hNxZYME.exe
  2⤵
  PID:5632
- C:\Windows\System\gSzVzDx.exe
  C:\Windows\System\gSzVzDx.exe
  2⤵
  PID:5648
- C:\Windows\System\qqIlNmF.exe
  C:\Windows\System\qqIlNmF.exe
  2⤵
  PID:5664
- C:\Windows\System\QvtQspw.exe
  C:\Windows\System\QvtQspw.exe
  2⤵
  PID:5680
- C:\Windows\System\BvwdZWL.exe
  C:\Windows\System\BvwdZWL.exe
  2⤵
  PID:5696
- C:\Windows\System\thpIFcW.exe
  C:\Windows\System\thpIFcW.exe
  2⤵
  PID:5712
- C:\Windows\System\kXOpVGT.exe
  C:\Windows\System\kXOpVGT.exe
  2⤵
  PID:5728
- C:\Windows\System\QVMLsIR.exe
  C:\Windows\System\QVMLsIR.exe
  2⤵
  PID:5744
- C:\Windows\System\JKhNUqk.exe
  C:\Windows\System\JKhNUqk.exe
  2⤵
  PID:5764
- C:\Windows\System\RxJaRzh.exe
  C:\Windows\System\RxJaRzh.exe
  2⤵
  PID:5780
- C:\Windows\System\WhCXnUQ.exe
  C:\Windows\System\WhCXnUQ.exe
  2⤵
  PID:5796
- C:\Windows\System\sUtsAhk.exe
  C:\Windows\System\sUtsAhk.exe
  2⤵
  PID:5848
- C:\Windows\System\NweQnRI.exe
  C:\Windows\System\NweQnRI.exe
  2⤵
  PID:6060
- C:\Windows\System\wzyAnVF.exe
  C:\Windows\System\wzyAnVF.exe
  2⤵
  PID:6076
- C:\Windows\System\NaXnCcL.exe
  C:\Windows\System\NaXnCcL.exe
  2⤵
  PID:6100
- C:\Windows\System\LnYVJRQ.exe
  C:\Windows\System\LnYVJRQ.exe
  2⤵
  PID:6120
- C:\Windows\System\RazNDbe.exe
  C:\Windows\System\RazNDbe.exe
  2⤵
  PID:4980
- C:\Windows\System\vAULmvQ.exe
  C:\Windows\System\vAULmvQ.exe
  2⤵
  PID:4912
- C:\Windows\System\XHrUlua.exe
  C:\Windows\System\XHrUlua.exe
  2⤵
  PID:5100
- C:\Windows\System\sujDKZy.exe
  C:\Windows\System\sujDKZy.exe
  2⤵
  PID:528
- C:\Windows\System\ukMBXvW.exe
  C:\Windows\System\ukMBXvW.exe
  2⤵
  PID:4072
- C:\Windows\System\UUUSvXn.exe
  C:\Windows\System\UUUSvXn.exe
  2⤵
  PID:4240
- C:\Windows\System\wxwjIZZ.exe
  C:\Windows\System\wxwjIZZ.exe
  2⤵
  PID:2696
- C:\Windows\System\LMAOzmy.exe
  C:\Windows\System\LMAOzmy.exe
  2⤵
  PID:5160
- C:\Windows\System\YRsuRnX.exe
  C:\Windows\System\YRsuRnX.exe
  2⤵
  PID:5232
- C:\Windows\System\FnMspaJ.exe
  C:\Windows\System\FnMspaJ.exe
  2⤵
  PID:5296
- C:\Windows\System\UBNyRCJ.exe
  C:\Windows\System\UBNyRCJ.exe
  2⤵
  PID:4284
- C:\Windows\System\YaCSysC.exe
  C:\Windows\System\YaCSysC.exe
  2⤵
  PID:4612
- C:\Windows\System\tPeIfVk.exe
  C:\Windows\System\tPeIfVk.exe
  2⤵
  PID:5360
- C:\Windows\System\WZCWnJD.exe
  C:\Windows\System\WZCWnJD.exe
  2⤵
  PID:4848
- C:\Windows\System\rbhpAkg.exe
  C:\Windows\System\rbhpAkg.exe
  2⤵
  PID:2044
- C:\Windows\System\CXiXzDy.exe
  C:\Windows\System\CXiXzDy.exe
  2⤵
  PID:4496
- C:\Windows\System\dofKfQg.exe
  C:\Windows\System\dofKfQg.exe
  2⤵
  PID:4788
- C:\Windows\System\EauzTRX.exe
  C:\Windows\System\EauzTRX.exe
  2⤵
  PID:3548
- C:\Windows\System\OMBXQRr.exe
  C:\Windows\System\OMBXQRr.exe
  2⤵
  PID:5184
- C:\Windows\System\bBicUip.exe
  C:\Windows\System\bBicUip.exe
  2⤵
  PID:5248
- C:\Windows\System\utNiZva.exe
  C:\Windows\System\utNiZva.exe
  2⤵
  PID:5312
- C:\Windows\System\gXnDbBi.exe
  C:\Windows\System\gXnDbBi.exe
  2⤵
  PID:3236
- C:\Windows\System\YULexun.exe
  C:\Windows\System\YULexun.exe
  2⤵
  PID:5404
- C:\Windows\System\UxnBAtG.exe
  C:\Windows\System\UxnBAtG.exe
  2⤵
  PID:5448
- C:\Windows\System\dQOsSLO.exe
  C:\Windows\System\dQOsSLO.exe
  2⤵
  PID:5496
- C:\Windows\System\xYsBiZh.exe
  C:\Windows\System\xYsBiZh.exe
  2⤵
  PID:5544
- C:\Windows\System\uNutxyo.exe
  C:\Windows\System\uNutxyo.exe
  2⤵
  PID:1096
- C:\Windows\System\EQbmLYi.exe
  C:\Windows\System\EQbmLYi.exe
  2⤵
  PID:5612
- C:\Windows\System\xatyeHu.exe
  C:\Windows\System\xatyeHu.exe
  2⤵
  PID:5676
- C:\Windows\System\EijxcIM.exe
  C:\Windows\System\EijxcIM.exe
  2⤵
  PID:5500
- C:\Windows\System\beTWkDj.exe
  C:\Windows\System\beTWkDj.exe
  2⤵
  PID:5592
- C:\Windows\System\dJfYRsM.exe
  C:\Windows\System\dJfYRsM.exe
  2⤵
  PID:5772
- C:\Windows\System\oGOEWhN.exe
  C:\Windows\System\oGOEWhN.exe
  2⤵
  PID:5812
- C:\Windows\System\miximUT.exe
  C:\Windows\System\miximUT.exe
  2⤵
  PID:5828
- C:\Windows\System\SqSupxh.exe
  C:\Windows\System\SqSupxh.exe
  2⤵
  PID:5948
- C:\Windows\System\ByKrwHD.exe
  C:\Windows\System\ByKrwHD.exe
  2⤵
  PID:5964
- C:\Windows\System\pIddEyL.exe
  C:\Windows\System\pIddEyL.exe
  2⤵
  PID:5980
- C:\Windows\System\Vsipoxq.exe
  C:\Windows\System\Vsipoxq.exe
  2⤵
  PID:6000
- C:\Windows\System\XHUTrRJ.exe
  C:\Windows\System\XHUTrRJ.exe
  2⤵
  PID:6020
- C:\Windows\System\uMIfpzS.exe
  C:\Windows\System\uMIfpzS.exe
  2⤵
  PID:6036
- C:\Windows\System\rytgGDu.exe
  C:\Windows\System\rytgGDu.exe
  2⤵
  PID:6068
- C:\Windows\System\wTKBUkR.exe
  C:\Windows\System\wTKBUkR.exe
  2⤵
  PID:6116
- C:\Windows\System\nXlFFlj.exe
  C:\Windows\System\nXlFFlj.exe
  2⤵
  PID:4360
- C:\Windows\System\dxQAWkv.exe
  C:\Windows\System\dxQAWkv.exe
  2⤵
  PID:2120
- C:\Windows\System\XvCUYwF.exe
  C:\Windows\System\XvCUYwF.exe
  2⤵
  PID:4744
- C:\Windows\System\agVwFwK.exe
  C:\Windows\System\agVwFwK.exe
  2⤵
  PID:5264
- C:\Windows\System\LGXLypI.exe
  C:\Windows\System\LGXLypI.exe
  2⤵
  PID:4728
- C:\Windows\System\kISQuXp.exe
  C:\Windows\System\kISQuXp.exe
  2⤵
  PID:6140
- C:\Windows\System\XKSFNrd.exe
  C:\Windows\System\XKSFNrd.exe
  2⤵
  PID:6092
- C:\Windows\System\pmcNJfV.exe
  C:\Windows\System\pmcNJfV.exe
  2⤵
  PID:2116
- C:\Windows\System\qxieEtq.exe
  C:\Windows\System\qxieEtq.exe
  2⤵
  PID:3272
- C:\Windows\System\LMMIuWb.exe
  C:\Windows\System\LMMIuWb.exe
  2⤵
  PID:4856
- C:\Windows\System\YiSdiik.exe
  C:\Windows\System\YiSdiik.exe
  2⤵
  PID:5144
- C:\Windows\System\XnwSxPu.exe
  C:\Windows\System\XnwSxPu.exe
  2⤵
  PID:5516
- C:\Windows\System\KXilkCE.exe
  C:\Windows\System\KXilkCE.exe
  2⤵
  PID:5708
- C:\Windows\System\rNomXum.exe
  C:\Windows\System\rNomXum.exe
  2⤵
  PID:2312
- C:\Windows\System\GEeJcWz.exe
  C:\Windows\System\GEeJcWz.exe
  2⤵
  PID:5736
- C:\Windows\System\ZbnDTOs.exe
  C:\Windows\System\ZbnDTOs.exe
  2⤵
  PID:5280
- C:\Windows\System\nFHtdbu.exe
  C:\Windows\System\nFHtdbu.exe
  2⤵
  PID:2908
- C:\Windows\System\XCWoILH.exe
  C:\Windows\System\XCWoILH.exe
  2⤵
  PID:5576
- C:\Windows\System\kwVNMWh.exe
  C:\Windows\System\kwVNMWh.exe
  2⤵
  PID:5672
- C:\Windows\System\zViigXx.exe
  C:\Windows\System\zViigXx.exe
  2⤵
  PID:5808
- C:\Windows\System\fhluxzx.exe
  C:\Windows\System\fhluxzx.exe
  2⤵
  PID:5724
- C:\Windows\System\jetHZGL.exe
  C:\Windows\System\jetHZGL.exe
  2⤵
  PID:5752
- C:\Windows\System\WRrjRQb.exe
  C:\Windows\System\WRrjRQb.exe
  2⤵
  PID:5864
- C:\Windows\System\McxNhHA.exe
  C:\Windows\System\McxNhHA.exe
  2⤵
  PID:2960
- C:\Windows\System\gGqTHrV.exe
  C:\Windows\System\gGqTHrV.exe
  2⤵
  PID:5896
- C:\Windows\System\sdPXSbT.exe
  C:\Windows\System\sdPXSbT.exe
  2⤵
  PID:2820
- C:\Windows\System\oSrinVO.exe
  C:\Windows\System\oSrinVO.exe
  2⤵
  PID:6136
- C:\Windows\System\onxGCde.exe
  C:\Windows\System\onxGCde.exe
  2⤵
  PID:2708
- C:\Windows\System\BMLhuTZ.exe
  C:\Windows\System\BMLhuTZ.exe
  2⤵
  PID:5932
- C:\Windows\System\GiHdlRm.exe
  C:\Windows\System\GiHdlRm.exe
  2⤵
  PID:1160
- C:\Windows\System\sxPhhjQ.exe
  C:\Windows\System\sxPhhjQ.exe
  2⤵
  PID:2980
- C:\Windows\System\gxhHeqX.exe
  C:\Windows\System\gxhHeqX.exe
  2⤵
  PID:1036
- C:\Windows\System\gxggaYh.exe
  C:\Windows\System\gxggaYh.exe
  2⤵
  PID:2280
- C:\Windows\System\aMVVdcU.exe
  C:\Windows\System\aMVVdcU.exe
  2⤵
  PID:2232
- C:\Windows\System\xdadySz.exe
  C:\Windows\System\xdadySz.exe
  2⤵
  PID:1356
- C:\Windows\System\nSzeXdk.exe
  C:\Windows\System\nSzeXdk.exe
  2⤵
  PID:5936
- C:\Windows\System\lmWuwyp.exe
  C:\Windows\System\lmWuwyp.exe
  2⤵
  PID:5956
- C:\Windows\System\bkCGHFF.exe
  C:\Windows\System\bkCGHFF.exe
  2⤵
  PID:6112
- C:\Windows\System\FkuXAwo.exe
  C:\Windows\System\FkuXAwo.exe
  2⤵
  PID:6056
- C:\Windows\System\LEveAZo.exe
  C:\Windows\System\LEveAZo.exe
  2⤵
  PID:6016
- C:\Windows\System\iIzSVGV.exe
  C:\Windows\System\iIzSVGV.exe
  2⤵
  PID:6084
- C:\Windows\System\TptLtit.exe
  C:\Windows\System\TptLtit.exe
  2⤵
  PID:2624
- C:\Windows\System\dwxTfdX.exe
  C:\Windows\System\dwxTfdX.exe
  2⤵
  PID:6088
- C:\Windows\System\NZktbZN.exe
  C:\Windows\System\NZktbZN.exe
  2⤵
  PID:2776
- C:\Windows\System\CcSLRgD.exe
  C:\Windows\System\CcSLRgD.exe
  2⤵
  PID:5096
- C:\Windows\System\VzvJkjL.exe
  C:\Windows\System\VzvJkjL.exe
  2⤵
  PID:5328
- C:\Windows\System\HvhiTGQ.exe
  C:\Windows\System\HvhiTGQ.exe
  2⤵
  PID:2852
- C:\Windows\System\NDVntdn.exe
  C:\Windows\System\NDVntdn.exe
  2⤵
  PID:5408
- C:\Windows\System\eMUIjWg.exe
  C:\Windows\System\eMUIjWg.exe
  2⤵
  PID:5820
- C:\Windows\System\DTyDjsN.exe
  C:\Windows\System\DTyDjsN.exe
  2⤵
  PID:5480
- C:\Windows\System\GMIpqnE.exe
  C:\Windows\System\GMIpqnE.exe
  2⤵
  PID:5140
- C:\Windows\System\kZPmodc.exe
  C:\Windows\System\kZPmodc.exe
  2⤵
  PID:1816
- C:\Windows\System\fXFHmJq.exe
  C:\Windows\System\fXFHmJq.exe
  2⤵
  PID:2332
- C:\Windows\System\YopKcNl.exe
  C:\Windows\System\YopKcNl.exe
  2⤵
  PID:832
- C:\Windows\System\kxwaLGQ.exe
  C:\Windows\System\kxwaLGQ.exe
  2⤵
  PID:5996
- C:\Windows\System\dhCTkDg.exe
  C:\Windows\System\dhCTkDg.exe
  2⤵
  PID:2360
- C:\Windows\System\UaIbLBY.exe
  C:\Windows\System\UaIbLBY.exe
  2⤵
  PID:5840
- C:\Windows\System\boqKwQR.exe
  C:\Windows\System\boqKwQR.exe
  2⤵
  PID:2880
- C:\Windows\System\WfDEJtq.exe
  C:\Windows\System\WfDEJtq.exe
  2⤵
  PID:5792
- C:\Windows\System\QWwSDXz.exe
  C:\Windows\System\QWwSDXz.exe
  2⤵
  PID:5892
- C:\Windows\System\nihdadh.exe
  C:\Windows\System\nihdadh.exe
  2⤵
  PID:2276
- C:\Windows\System\CLKrihm.exe
  C:\Windows\System\CLKrihm.exe
  2⤵
  PID:1672
- C:\Windows\System\kgTKkeA.exe
  C:\Windows\System\kgTKkeA.exe
  2⤵
  PID:5944
- C:\Windows\System\jxZlCJf.exe
  C:\Windows\System\jxZlCJf.exe
  2⤵
  PID:2808
- C:\Windows\System\dGJXSTG.exe
  C:\Windows\System\dGJXSTG.exe
  2⤵
  PID:1952
- C:\Windows\System\unBsdOg.exe
  C:\Windows\System\unBsdOg.exe
  2⤵
  PID:6048
- C:\Windows\System\hsSkeBd.exe
  C:\Windows\System\hsSkeBd.exe
  2⤵
  PID:4768
- C:\Windows\System\UTBOuTr.exe
  C:\Windows\System\UTBOuTr.exe
  2⤵
  PID:2344
- C:\Windows\System\zolTMWe.exe
  C:\Windows\System\zolTMWe.exe
  2⤵
  PID:5228
- C:\Windows\System\bFLLyOG.exe
  C:\Windows\System\bFLLyOG.exe
  2⤵
  PID:5000
- C:\Windows\System\OJymFLj.exe
  C:\Windows\System\OJymFLj.exe
  2⤵
  PID:2500
- C:\Windows\System\SXqfdLc.exe
  C:\Windows\System\SXqfdLc.exe
  2⤵
  PID:2744
- C:\Windows\System\mezPzVB.exe
  C:\Windows\System\mezPzVB.exe
  2⤵
  PID:5804
- C:\Windows\System\oazSaqQ.exe
  C:\Windows\System\oazSaqQ.exe
  2⤵
  PID:5688
- C:\Windows\System\XOgABuN.exe
  C:\Windows\System\XOgABuN.exe
  2⤵
  PID:5900
- C:\Windows\System\ycOMlDL.exe
  C:\Windows\System\ycOMlDL.exe
  2⤵
  PID:2868
- C:\Windows\System\PXLTgyw.exe
  C:\Windows\System\PXLTgyw.exe
  2⤵
  PID:2872
- C:\Windows\System\VhHExTD.exe
  C:\Windows\System\VhHExTD.exe
  2⤵
  PID:1280
- C:\Windows\System\kdNcgXK.exe
  C:\Windows\System\kdNcgXK.exe
  2⤵
  PID:5128
- C:\Windows\System\JLKKbPq.exe
  C:\Windows\System\JLKKbPq.exe
  2⤵
  PID:1832
- C:\Windows\System\HjuYDXU.exe
  C:\Windows\System\HjuYDXU.exe
  2⤵
  PID:2672
- C:\Windows\System\huHnINR.exe
  C:\Windows\System\huHnINR.exe
  2⤵
  PID:4624
- C:\Windows\System\nVYDnmt.exe
  C:\Windows\System\nVYDnmt.exe
  2⤵
  PID:6132
- C:\Windows\System\YWllCid.exe
  C:\Windows\System\YWllCid.exe
  2⤵
  PID:5992
- C:\Windows\System\lZwCOtN.exe
  C:\Windows\System\lZwCOtN.exe
  2⤵
  PID:2920
- C:\Windows\System\pkohwUH.exe
  C:\Windows\System\pkohwUH.exe
  2⤵
  PID:448
- C:\Windows\System\yvzQedR.exe
  C:\Windows\System\yvzQedR.exe
  2⤵
  PID:5692
- C:\Windows\System\gqiCaxn.exe
  C:\Windows\System\gqiCaxn.exe
  2⤵
  PID:5876
- C:\Windows\System\aTQijJh.exe
  C:\Windows\System\aTQijJh.exe
  2⤵
  PID:6032
- C:\Windows\System\wOsWUcO.exe
  C:\Windows\System\wOsWUcO.exe
  2⤵
  PID:2716
- C:\Windows\System\CprCyfB.exe
  C:\Windows\System\CprCyfB.exe
  2⤵
  PID:3020
- C:\Windows\System\udAPpMx.exe
  C:\Windows\System\udAPpMx.exe
  2⤵
  PID:5856
- C:\Windows\System\BcCEKlM.exe
  C:\Windows\System\BcCEKlM.exe
  2⤵
  PID:5292
- C:\Windows\System\vDVTcxS.exe
  C:\Windows\System\vDVTcxS.exe
  2⤵
  PID:5836
- C:\Windows\System\OjxBxIb.exe
  C:\Windows\System\OjxBxIb.exe
  2⤵
  PID:2680
- C:\Windows\System\HIGfVRU.exe
  C:\Windows\System\HIGfVRU.exe
  2⤵
  PID:620
- C:\Windows\System\mJcCuDC.exe
  C:\Windows\System\mJcCuDC.exe
  2⤵
  PID:852
- C:\Windows\System\TrEtFrI.exe
  C:\Windows\System\TrEtFrI.exe
  2⤵
  PID:5704
- C:\Windows\System\ycGAYjs.exe
  C:\Windows\System\ycGAYjs.exe
  2⤵
  PID:1648
- C:\Windows\System\xXLXKKR.exe
  C:\Windows\System\xXLXKKR.exe
  2⤵
  PID:596
- C:\Windows\System\SDUBhfh.exe
  C:\Windows\System\SDUBhfh.exe
  2⤵
  PID:2784
- C:\Windows\System\BNBSztl.exe
  C:\Windows\System\BNBSztl.exe
  2⤵
  PID:5788
- C:\Windows\System\XHnoQVo.exe
  C:\Windows\System\XHnoQVo.exe
  2⤵
  PID:1596
- C:\Windows\System\mohPDhF.exe
  C:\Windows\System\mohPDhF.exe
  2⤵
  PID:6160
- C:\Windows\System\UTzZWto.exe
  C:\Windows\System\UTzZWto.exe
  2⤵
  PID:6176
- C:\Windows\System\vFZssmI.exe
  C:\Windows\System\vFZssmI.exe
  2⤵
  PID:6192
- C:\Windows\System\AptPLSu.exe
  C:\Windows\System\AptPLSu.exe
  2⤵
  PID:6208
- C:\Windows\System\TGrfrBc.exe
  C:\Windows\System\TGrfrBc.exe
  2⤵
  PID:6224
- C:\Windows\System\zlVKORf.exe
  C:\Windows\System\zlVKORf.exe
  2⤵
  PID:6240
- C:\Windows\System\TQZapVZ.exe
  C:\Windows\System\TQZapVZ.exe
  2⤵
  PID:6256
- C:\Windows\System\KKYHxWk.exe
  C:\Windows\System\KKYHxWk.exe
  2⤵
  PID:6272
- C:\Windows\System\xneEFsp.exe
  C:\Windows\System\xneEFsp.exe
  2⤵
  PID:6288
- C:\Windows\System\USJrcOF.exe
  C:\Windows\System\USJrcOF.exe
  2⤵
  PID:6304
- C:\Windows\System\FEyLAeK.exe
  C:\Windows\System\FEyLAeK.exe
  2⤵
  PID:6320
- C:\Windows\System\OUTDcaR.exe
  C:\Windows\System\OUTDcaR.exe
  2⤵
  PID:6336
- C:\Windows\System\GDVPzqg.exe
  C:\Windows\System\GDVPzqg.exe
  2⤵
  PID:6352
- C:\Windows\System\eWsTtXr.exe
  C:\Windows\System\eWsTtXr.exe
  2⤵
  PID:6368
- C:\Windows\System\peScnAT.exe
  C:\Windows\System\peScnAT.exe
  2⤵
  PID:6384
- C:\Windows\System\TnNLcgF.exe
  C:\Windows\System\TnNLcgF.exe
  2⤵
  PID:6400
- C:\Windows\System\HxTyTts.exe
  C:\Windows\System\HxTyTts.exe
  2⤵
  PID:6416
- C:\Windows\System\fZFkWKI.exe
  C:\Windows\System\fZFkWKI.exe
  2⤵
  PID:6432
- C:\Windows\System\sTznFZS.exe
  C:\Windows\System\sTznFZS.exe
  2⤵
  PID:6448
- C:\Windows\System\gzxhJMY.exe
  C:\Windows\System\gzxhJMY.exe
  2⤵
  PID:6464
- C:\Windows\System\pspfZcY.exe
  C:\Windows\System\pspfZcY.exe
  2⤵
  PID:6480
- C:\Windows\System\fOeqTvz.exe
  C:\Windows\System\fOeqTvz.exe
  2⤵
  PID:6496
- C:\Windows\System\oSzkmnr.exe
  C:\Windows\System\oSzkmnr.exe
  2⤵
  PID:6512
- C:\Windows\System\bsIDNeX.exe
  C:\Windows\System\bsIDNeX.exe
  2⤵
  PID:6528
- C:\Windows\System\phsbmKy.exe
  C:\Windows\System\phsbmKy.exe
  2⤵
  PID:6544
- C:\Windows\System\qdfJOfx.exe
  C:\Windows\System\qdfJOfx.exe
  2⤵
  PID:6560
- C:\Windows\System\oHLVSyY.exe
  C:\Windows\System\oHLVSyY.exe
  2⤵
  PID:6576
- C:\Windows\System\vWrnPpH.exe
  C:\Windows\System\vWrnPpH.exe
  2⤵
  PID:6592
- C:\Windows\System\nRsZTDM.exe
  C:\Windows\System\nRsZTDM.exe
  2⤵
  PID:6608
- C:\Windows\System\CfjdUfQ.exe
  C:\Windows\System\CfjdUfQ.exe
  2⤵
  PID:6624
- C:\Windows\System\EJUKWqt.exe
  C:\Windows\System\EJUKWqt.exe
  2⤵
  PID:6640
- C:\Windows\System\aMNDoIa.exe
  C:\Windows\System\aMNDoIa.exe
  2⤵
  PID:6656
- C:\Windows\System\qaFTbOS.exe
  C:\Windows\System\qaFTbOS.exe
  2⤵
  PID:6672
- C:\Windows\System\ZvfpFes.exe
  C:\Windows\System\ZvfpFes.exe
  2⤵
  PID:6688
- C:\Windows\System\CVHKLOc.exe
  C:\Windows\System\CVHKLOc.exe
  2⤵
  PID:6704
- C:\Windows\System\pYesyYj.exe
  C:\Windows\System\pYesyYj.exe
  2⤵
  PID:6720
- C:\Windows\System\nNyaMoN.exe
  C:\Windows\System\nNyaMoN.exe
  2⤵
  PID:6736
- C:\Windows\System\YJILawP.exe
  C:\Windows\System\YJILawP.exe
  2⤵
  PID:6752
- C:\Windows\System\sXtmzwB.exe
  C:\Windows\System\sXtmzwB.exe
  2⤵
  PID:6768
- C:\Windows\System\sViYfNe.exe
  C:\Windows\System\sViYfNe.exe
  2⤵
  PID:6784
- C:\Windows\System\pYpUAjT.exe
  C:\Windows\System\pYpUAjT.exe
  2⤵
  PID:6800
- C:\Windows\System\AtgAIwA.exe
  C:\Windows\System\AtgAIwA.exe
  2⤵
  PID:6816
- C:\Windows\System\XYxADVS.exe
  C:\Windows\System\XYxADVS.exe
  2⤵
  PID:6832
- C:\Windows\System\FPEcscn.exe
  C:\Windows\System\FPEcscn.exe
  2⤵
  PID:6848
- C:\Windows\System\eavYniq.exe
  C:\Windows\System\eavYniq.exe
  2⤵
  PID:6864
- C:\Windows\System\uuHpUuM.exe
  C:\Windows\System\uuHpUuM.exe
  2⤵
  PID:6880
- C:\Windows\System\sxSwLvb.exe
  C:\Windows\System\sxSwLvb.exe
  2⤵
  PID:6896
- C:\Windows\System\jtxqSwk.exe
  C:\Windows\System\jtxqSwk.exe
  2⤵
  PID:6912
- C:\Windows\System\ZEXoMvk.exe
  C:\Windows\System\ZEXoMvk.exe
  2⤵
  PID:6928
- C:\Windows\System\CwIVAtV.exe
  C:\Windows\System\CwIVAtV.exe
  2⤵
  PID:6944
- C:\Windows\System\TfQakrQ.exe
  C:\Windows\System\TfQakrQ.exe
  2⤵
  PID:6960
- C:\Windows\System\XGkJuHi.exe
  C:\Windows\System\XGkJuHi.exe
  2⤵
  PID:6976
- C:\Windows\System\leigbRR.exe
  C:\Windows\System\leigbRR.exe
  2⤵
  PID:6992
- C:\Windows\System\JhBOUdC.exe
  C:\Windows\System\JhBOUdC.exe
  2⤵
  PID:7008
- C:\Windows\System\BoNqyTb.exe
  C:\Windows\System\BoNqyTb.exe
  2⤵
  PID:7024
- C:\Windows\System\tCpVoHW.exe
  C:\Windows\System\tCpVoHW.exe
  2⤵
  PID:7040
- C:\Windows\System\ZMTatPP.exe
  C:\Windows\System\ZMTatPP.exe
  2⤵
  PID:7056
- C:\Windows\System\JjIkqbz.exe
  C:\Windows\System\JjIkqbz.exe
  2⤵
  PID:7072
- C:\Windows\System\sLZADtI.exe
  C:\Windows\System\sLZADtI.exe
  2⤵
  PID:7088
- C:\Windows\System\KpTpLio.exe
  C:\Windows\System\KpTpLio.exe
  2⤵
  PID:7104
- C:\Windows\System\JjNgJVn.exe
  C:\Windows\System\JjNgJVn.exe
  2⤵
  PID:7120
- C:\Windows\System\voCuEHL.exe
  C:\Windows\System\voCuEHL.exe
  2⤵
  PID:7136
- C:\Windows\System\ZdbBrhl.exe
  C:\Windows\System\ZdbBrhl.exe
  2⤵
  PID:7152
- C:\Windows\System\TpXpneV.exe
  C:\Windows\System\TpXpneV.exe
  2⤵
  PID:5452
- C:\Windows\System\wlsWnDH.exe
  C:\Windows\System\wlsWnDH.exe
  2⤵
  PID:1944
- C:\Windows\System\fGKxmNP.exe
  C:\Windows\System\fGKxmNP.exe
  2⤵
  PID:444
- C:\Windows\System\yXBfodB.exe
  C:\Windows\System\yXBfodB.exe
  2⤵
  PID:6248
- C:\Windows\System\yraQlyE.exe
  C:\Windows\System\yraQlyE.exe
  2⤵
  PID:6280
- C:\Windows\System\LCxpOrU.exe
  C:\Windows\System\LCxpOrU.exe
  2⤵
  PID:6200
- C:\Windows\System\ojtgtxB.exe
  C:\Windows\System\ojtgtxB.exe
  2⤵
  PID:6168
- C:\Windows\System\PIaWdRU.exe
  C:\Windows\System\PIaWdRU.exe
  2⤵
  PID:6332
- C:\Windows\System\PAFFquc.exe
  C:\Windows\System\PAFFquc.exe
  2⤵
  PID:6376
- C:\Windows\System\pwLCLpM.exe
  C:\Windows\System\pwLCLpM.exe
  2⤵
  PID:6408
- C:\Windows\System\sbAOBcn.exe
  C:\Windows\System\sbAOBcn.exe
  2⤵
  PID:6444
- C:\Windows\System\fRmSLki.exe
  C:\Windows\System\fRmSLki.exe
  2⤵
  PID:6460
- C:\Windows\System\qRUDjgI.exe
  C:\Windows\System\qRUDjgI.exe
  2⤵
  PID:6508
- C:\Windows\System\BtuHuJp.exe
  C:\Windows\System\BtuHuJp.exe
  2⤵
  PID:6540
- C:\Windows\System\xRUtSQE.exe
  C:\Windows\System\xRUtSQE.exe
  2⤵
  PID:6600
- C:\Windows\System\DOBfOHy.exe
  C:\Windows\System\DOBfOHy.exe
  2⤵
  PID:6524
- C:\Windows\System\PscFkky.exe
  C:\Windows\System\PscFkky.exe
  2⤵
  PID:6552
- C:\Windows\System\JDtEwyy.exe
  C:\Windows\System\JDtEwyy.exe
  2⤵
  PID:6588
- C:\Windows\System\oXdyosc.exe
  C:\Windows\System\oXdyosc.exe
  2⤵
  PID:6700
- C:\Windows\System\RjULnAJ.exe
  C:\Windows\System\RjULnAJ.exe
  2⤵
  PID:6684
- C:\Windows\System\JoQttSd.exe
  C:\Windows\System\JoQttSd.exe
  2⤵
  PID:6796
- C:\Windows\System\LQhYflW.exe
  C:\Windows\System\LQhYflW.exe
  2⤵
  PID:6812
- C:\Windows\System\DcgpJZk.exe
  C:\Windows\System\DcgpJZk.exe
  2⤵
  PID:6716
- C:\Windows\System\rcHUyjw.exe
  C:\Windows\System\rcHUyjw.exe
  2⤵
  PID:6840
- C:\Windows\System\nMThmra.exe
  C:\Windows\System\nMThmra.exe
  2⤵
  PID:6876
- C:\Windows\System\ctMHXhN.exe
  C:\Windows\System\ctMHXhN.exe
  2⤵
  PID:6924
- C:\Windows\System\ATALSgI.exe
  C:\Windows\System\ATALSgI.exe
  2⤵
  PID:6940
- C:\Windows\System\BEmtNWD.exe
  C:\Windows\System\BEmtNWD.exe
  2⤵
  PID:7048
- C:\Windows\System\VRoTIEF.exe
  C:\Windows\System\VRoTIEF.exe
  2⤵
  PID:7064
- C:\Windows\System\XrVwUwz.exe
  C:\Windows\System\XrVwUwz.exe
  2⤵
  PID:7080
- C:\Windows\System\lDKCuug.exe
  C:\Windows\System\lDKCuug.exe
  2⤵
  PID:7100
- C:\Windows\System\zViuCzL.exe
  C:\Windows\System\zViuCzL.exe
  2⤵
  PID:5168
- C:\Windows\System\QmuwYzp.exe
  C:\Windows\System\QmuwYzp.exe
  2⤵
  PID:6216
- C:\Windows\System\qVIVqsq.exe
  C:\Windows\System\qVIVqsq.exe
  2⤵
  PID:1000
- C:\Windows\System\hTJCTUP.exe
  C:\Windows\System\hTJCTUP.exe
  2⤵
  PID:1976
- C:\Windows\System\reXUykv.exe
  C:\Windows\System\reXUykv.exe
  2⤵
  PID:6232
- C:\Windows\System\bySrAGY.exe
  C:\Windows\System\bySrAGY.exe
  2⤵
  PID:6348
- C:\Windows\System\OAuEbjT.exe
  C:\Windows\System\OAuEbjT.exe
  2⤵
  PID:6300
- C:\Windows\System\JICpKeJ.exe
  C:\Windows\System\JICpKeJ.exe
  2⤵
  PID:6456
- C:\Windows\System\odpRdiI.exe
  C:\Windows\System\odpRdiI.exe
  2⤵
  PID:6632
- C:\Windows\System\mxLASxS.exe
  C:\Windows\System\mxLASxS.exe
  2⤵
  PID:3616
- C:\Windows\System\gepjOLi.exe
  C:\Windows\System\gepjOLi.exe
  2⤵
  PID:6584
- C:\Windows\System\OtArJSo.exe
  C:\Windows\System\OtArJSo.exe
  2⤵
  PID:6808
- C:\Windows\System\ducHjIN.exe
  C:\Windows\System\ducHjIN.exe
  2⤵
  PID:6764
- C:\Windows\System\GWZjaaQ.exe
  C:\Windows\System\GWZjaaQ.exe
  2⤵
  PID:6872
- C:\Windows\System\nJvaMzL.exe
  C:\Windows\System\nJvaMzL.exe
  2⤵
  PID:7020
- C:\Windows\System\TMPWMfO.exe
  C:\Windows\System\TMPWMfO.exe
  2⤵
  PID:7004
- C:\Windows\System\hlOONbs.exe
  C:\Windows\System\hlOONbs.exe
  2⤵
  PID:6776
- C:\Windows\System\ydKUXkj.exe
  C:\Windows\System\ydKUXkj.exe
  2⤵
  PID:7036
- C:\Windows\System\NkmRzDz.exe
  C:\Windows\System\NkmRzDz.exe
  2⤵
  PID:6188
- C:\Windows\System\AkfNkWZ.exe
  C:\Windows\System\AkfNkWZ.exe
  2⤵
  PID:7112
- C:\Windows\System\qqqhuTI.exe
  C:\Windows\System\qqqhuTI.exe
  2⤵
  PID:6536
- C:\Windows\System\wkyNbay.exe
  C:\Windows\System\wkyNbay.exe
  2⤵
  PID:6428
- C:\Windows\System\SqLCFnd.exe
  C:\Windows\System\SqLCFnd.exe
  2⤵
  PID:6620
- C:\Windows\System\EjqSHQS.exe
  C:\Windows\System\EjqSHQS.exe
  2⤵
  PID:7144
- C:\Windows\System\tvsEbdx.exe
  C:\Windows\System\tvsEbdx.exe
  2⤵
  PID:6920
- C:\Windows\System\HHsYfvN.exe
  C:\Windows\System\HHsYfvN.exe
  2⤵
  PID:1660
- C:\Windows\System\QFNcXwp.exe
  C:\Windows\System\QFNcXwp.exe
  2⤵
  PID:6264
- C:\Windows\System\CBCTWhB.exe
  C:\Windows\System\CBCTWhB.exe
  2⤵
  PID:6328
- C:\Windows\System\JZKMumB.exe
  C:\Windows\System\JZKMumB.exe
  2⤵
  PID:7000
- C:\Windows\System\ZmZQnVe.exe
  C:\Windows\System\ZmZQnVe.exe
  2⤵
  PID:6648
- C:\Windows\System\GNiNYkG.exe
  C:\Windows\System\GNiNYkG.exe
  2⤵
  PID:7164
- C:\Windows\System\gCFFVOo.exe
  C:\Windows\System\gCFFVOo.exe
  2⤵
  PID:3532
- C:\Windows\System\SYPsSyL.exe
  C:\Windows\System\SYPsSyL.exe
  2⤵
  PID:6972
- C:\Windows\System\cuuCqVW.exe
  C:\Windows\System\cuuCqVW.exe
  2⤵
  PID:7176
- C:\Windows\System\KXYDmwR.exe
  C:\Windows\System\KXYDmwR.exe
  2⤵
  PID:7192
- C:\Windows\System\EbIcSmP.exe
  C:\Windows\System\EbIcSmP.exe
  2⤵
  PID:7208
- C:\Windows\System\dWikSzh.exe
  C:\Windows\System\dWikSzh.exe
  2⤵
  PID:7224
- C:\Windows\System\cWwgYFB.exe
  C:\Windows\System\cWwgYFB.exe
  2⤵
  PID:7240
- C:\Windows\System\gBZbZqk.exe
  C:\Windows\System\gBZbZqk.exe
  2⤵
  PID:7256
- C:\Windows\System\UnRHdEa.exe
  C:\Windows\System\UnRHdEa.exe
  2⤵
  PID:7272
- C:\Windows\System\UfivMCS.exe
  C:\Windows\System\UfivMCS.exe
  2⤵
  PID:7288
- C:\Windows\System\mpEvHYR.exe
  C:\Windows\System\mpEvHYR.exe
  2⤵
  PID:7304
- C:\Windows\System\EzavWKf.exe
  C:\Windows\System\EzavWKf.exe
  2⤵
  PID:7332
- C:\Windows\System\yvRdSHp.exe
  C:\Windows\System\yvRdSHp.exe
  2⤵
  PID:7372
- C:\Windows\System\RUXyAZV.exe
  C:\Windows\System\RUXyAZV.exe
  2⤵
  PID:7396
- C:\Windows\System\WvwQsWn.exe
  C:\Windows\System\WvwQsWn.exe
  2⤵
  PID:7412
- C:\Windows\System\qKVkgZT.exe
  C:\Windows\System\qKVkgZT.exe
  2⤵
  PID:7436
- C:\Windows\System\zWUopci.exe
  C:\Windows\System\zWUopci.exe
  2⤵
  PID:7452
- C:\Windows\System\XGuBAIZ.exe
  C:\Windows\System\XGuBAIZ.exe
  2⤵
  PID:7468
- C:\Windows\System\kQaYpUP.exe
  C:\Windows\System\kQaYpUP.exe
  2⤵
  PID:7484
- C:\Windows\System\vxEwiiT.exe
  C:\Windows\System\vxEwiiT.exe
  2⤵
  PID:7500
- C:\Windows\System\OtPrOHB.exe
  C:\Windows\System\OtPrOHB.exe
  2⤵
  PID:7516
- C:\Windows\System\WoSBovi.exe
  C:\Windows\System\WoSBovi.exe
  2⤵
  PID:7536
- C:\Windows\System\yWYmAjM.exe
  C:\Windows\System\yWYmAjM.exe
  2⤵
  PID:7552
- C:\Windows\System\XQjtlHN.exe
  C:\Windows\System\XQjtlHN.exe
  2⤵
  PID:7568
- C:\Windows\System\yzWFVSD.exe
  C:\Windows\System\yzWFVSD.exe
  2⤵
  PID:7584
- C:\Windows\System\ElhJWNi.exe
  C:\Windows\System\ElhJWNi.exe
  2⤵
  PID:7600
- C:\Windows\System\RLmDPRK.exe
  C:\Windows\System\RLmDPRK.exe
  2⤵
  PID:7616
- C:\Windows\System\izcdioC.exe
  C:\Windows\System\izcdioC.exe
  2⤵
  PID:7632
- C:\Windows\System\YMHmuuB.exe
  C:\Windows\System\YMHmuuB.exe
  2⤵
  PID:7648
- C:\Windows\System\huhytdY.exe
  C:\Windows\System\huhytdY.exe
  2⤵
  PID:7664
- C:\Windows\System\jJypsud.exe
  C:\Windows\System\jJypsud.exe
  2⤵
  PID:7680
- C:\Windows\System\ifZjxiy.exe
  C:\Windows\System\ifZjxiy.exe
  2⤵
  PID:7696
- C:\Windows\System\IkFgdZG.exe
  C:\Windows\System\IkFgdZG.exe
  2⤵
  PID:7712
- C:\Windows\System\fQodpFr.exe
  C:\Windows\System\fQodpFr.exe
  2⤵
  PID:7728
- C:\Windows\System\oPuFfiY.exe
  C:\Windows\System\oPuFfiY.exe
  2⤵
  PID:7744
- C:\Windows\System\iCUBDJc.exe
  C:\Windows\System\iCUBDJc.exe
  2⤵
  PID:7760
- C:\Windows\System\zqGsdwf.exe
  C:\Windows\System\zqGsdwf.exe
  2⤵
  PID:7776
- C:\Windows\System\jnYsrBs.exe
  C:\Windows\System\jnYsrBs.exe
  2⤵
  PID:7792
- C:\Windows\System\JONkUHI.exe
  C:\Windows\System\JONkUHI.exe
  2⤵
  PID:7808
- C:\Windows\System\mnnaSSR.exe
  C:\Windows\System\mnnaSSR.exe
  2⤵
  PID:7824
- C:\Windows\System\polNnTd.exe
  C:\Windows\System\polNnTd.exe
  2⤵
  PID:7840
- C:\Windows\System\nagMGdz.exe
  C:\Windows\System\nagMGdz.exe
  2⤵
  PID:7856
- C:\Windows\System\xbVsVhn.exe
  C:\Windows\System\xbVsVhn.exe
  2⤵
  PID:7872
- C:\Windows\System\rBOFLJI.exe
  C:\Windows\System\rBOFLJI.exe
  2⤵
  PID:7888
- C:\Windows\System\KRruhSo.exe
  C:\Windows\System\KRruhSo.exe
  2⤵
  PID:7904
- C:\Windows\System\OpjRAzb.exe
  C:\Windows\System\OpjRAzb.exe
  2⤵
  PID:7920
- C:\Windows\System\EjqsGjA.exe
  C:\Windows\System\EjqsGjA.exe
  2⤵
  PID:7936
- C:\Windows\System\wfGCAOd.exe
  C:\Windows\System\wfGCAOd.exe
  2⤵
  PID:7952
- C:\Windows\System\DLLRqaC.exe
  C:\Windows\System\DLLRqaC.exe
  2⤵
  PID:7972
- C:\Windows\System\kxVofRe.exe
  C:\Windows\System\kxVofRe.exe
  2⤵
  PID:7988
- C:\Windows\System\ONpfCcj.exe
  C:\Windows\System\ONpfCcj.exe
  2⤵
  PID:8004
- C:\Windows\System\EhJYhbW.exe
  C:\Windows\System\EhJYhbW.exe
  2⤵
  PID:8020
- C:\Windows\System\vjNZrfv.exe
  C:\Windows\System\vjNZrfv.exe
  2⤵
  PID:8036
- C:\Windows\System\FGQGRJr.exe
  C:\Windows\System\FGQGRJr.exe
  2⤵
  PID:8052
- C:\Windows\System\FiMDfpg.exe
  C:\Windows\System\FiMDfpg.exe
  2⤵
  PID:8068
- C:\Windows\System\lKjHTKW.exe
  C:\Windows\System\lKjHTKW.exe
  2⤵
  PID:8084
- C:\Windows\System\POGUTvw.exe
  C:\Windows\System\POGUTvw.exe
  2⤵
  PID:8100
- C:\Windows\System\XmSLJFs.exe
  C:\Windows\System\XmSLJFs.exe
  2⤵
  PID:8116
- C:\Windows\System\lTNkOHN.exe
  C:\Windows\System\lTNkOHN.exe
  2⤵
  PID:8132
- C:\Windows\System\tzUfzBF.exe
  C:\Windows\System\tzUfzBF.exe
  2⤵
  PID:8148
- C:\Windows\System\VtDJZwE.exe
  C:\Windows\System\VtDJZwE.exe
  2⤵
  PID:8164
- C:\Windows\System\xQfPwSO.exe
  C:\Windows\System\xQfPwSO.exe
  2⤵
  PID:8180
- C:\Windows\System\dtwaizX.exe
  C:\Windows\System\dtwaizX.exe
  2⤵
  PID:6636
- C:\Windows\System\eztqOpV.exe
  C:\Windows\System\eztqOpV.exe
  2⤵
  PID:7216
- C:\Windows\System\wetLHUA.exe
  C:\Windows\System\wetLHUA.exe
  2⤵
  PID:6504
- C:\Windows\System\NnFktNw.exe
  C:\Windows\System\NnFktNw.exe
  2⤵
  PID:7096
- C:\Windows\System\WnjvlSg.exe
  C:\Windows\System\WnjvlSg.exe
  2⤵
  PID:7236
- C:\Windows\System\zakTpVh.exe
  C:\Windows\System\zakTpVh.exe
  2⤵
  PID:6488
- C:\Windows\System\mkwMNco.exe
  C:\Windows\System\mkwMNco.exe
  2⤵
  PID:7232
- C:\Windows\System\LqfwuQE.exe
  C:\Windows\System\LqfwuQE.exe
  2⤵
  PID:7032
- C:\Windows\System\CuWucTo.exe
  C:\Windows\System\CuWucTo.exe
  2⤵
  PID:7320
- C:\Windows\System\nPAtviG.exe
  C:\Windows\System\nPAtviG.exe
  2⤵
  PID:7340
- C:\Windows\System\ELCcLDR.exe
  C:\Windows\System\ELCcLDR.exe
  2⤵
  PID:7384
- C:\Windows\System\biYQjMC.exe
  C:\Windows\System\biYQjMC.exe
  2⤵
  PID:7428
- C:\Windows\System\uBGdMzu.exe
  C:\Windows\System\uBGdMzu.exe
  2⤵
  PID:7424
- C:\Windows\System\KqteETg.exe
  C:\Windows\System\KqteETg.exe
  2⤵
  PID:7496
- C:\Windows\System\JzmReDU.exe
  C:\Windows\System\JzmReDU.exe
  2⤵
  PID:7368
- C:\Windows\System\KEZcblW.exe
  C:\Windows\System\KEZcblW.exe
  2⤵
  PID:7508
- C:\Windows\System\BGmUjuH.exe
  C:\Windows\System\BGmUjuH.exe
  2⤵
  PID:7512
- C:\Windows\System\pJDCbil.exe
  C:\Windows\System\pJDCbil.exe
  2⤵
  PID:7544
- C:\Windows\System\GMVWmPk.exe
  C:\Windows\System\GMVWmPk.exe
  2⤵
  PID:7596
- C:\Windows\System\JVXkGKV.exe
  C:\Windows\System\JVXkGKV.exe
  2⤵
  PID:7628
- C:\Windows\System\PDrCYtB.exe
  C:\Windows\System\PDrCYtB.exe
  2⤵
  PID:7640
- C:\Windows\System\MgzxixL.exe
  C:\Windows\System\MgzxixL.exe
  2⤵
  PID:7720
- C:\Windows\System\SpwNTXb.exe
  C:\Windows\System\SpwNTXb.exe
  2⤵
  PID:7752
- C:\Windows\System\zbNByoe.exe
  C:\Windows\System\zbNByoe.exe
  2⤵
  PID:7768
- C:\Windows\System\aRshcQe.exe
  C:\Windows\System\aRshcQe.exe
  2⤵
  PID:7816
- C:\Windows\System\xvbHimc.exe
  C:\Windows\System\xvbHimc.exe
  2⤵
  PID:7772
- C:\Windows\System\JaaAeeR.exe
  C:\Windows\System\JaaAeeR.exe
  2⤵
  PID:7800
- C:\Windows\System\OlaKdrR.exe
  C:\Windows\System\OlaKdrR.exe
  2⤵
  PID:7836
- C:\Windows\System\MwSpkRr.exe
  C:\Windows\System\MwSpkRr.exe
  2⤵
  PID:7896
- C:\Windows\System\rypRGam.exe
  C:\Windows\System\rypRGam.exe
  2⤵
  PID:7948
- C:\Windows\System\agxINJO.exe
  C:\Windows\System\agxINJO.exe
  2⤵
  PID:8012
- C:\Windows\System\ZRpiLnk.exe
  C:\Windows\System\ZRpiLnk.exe
  2⤵
  PID:8060
- C:\Windows\System\sWVSFTH.exe
  C:\Windows\System\sWVSFTH.exe
  2⤵
  PID:8048
- C:\Windows\System\OjcOhtR.exe
  C:\Windows\System\OjcOhtR.exe
  2⤵
  PID:8112
- C:\Windows\System\mqBdqHn.exe
  C:\Windows\System\mqBdqHn.exe
  2⤵
  PID:8176
- C:\Windows\System\dZkpYIX.exe
  C:\Windows\System\dZkpYIX.exe
  2⤵
  PID:6680
- C:\Windows\System\uDwvtHB.exe
  C:\Windows\System\uDwvtHB.exe
  2⤵
  PID:7248
- C:\Windows\System\dnswhZa.exe
  C:\Windows\System\dnswhZa.exe
  2⤵
  PID:7312
- C:\Windows\System\mduJKAM.exe
  C:\Windows\System\mduJKAM.exe
  2⤵
  PID:7172
- C:\Windows\System\gCqDdqE.exe
  C:\Windows\System\gCqDdqE.exe
  2⤵
  PID:8128
- C:\Windows\System\eeOnRHL.exe
  C:\Windows\System\eeOnRHL.exe
  2⤵
  PID:7268
- C:\Windows\System\cZoUYDJ.exe
  C:\Windows\System\cZoUYDJ.exe
  2⤵
  PID:7316
- C:\Windows\System\VFYsivT.exe
  C:\Windows\System\VFYsivT.exe
  2⤵
  PID:7464
- C:\Windows\System\KKuqDKv.exe
  C:\Windows\System\KKuqDKv.exe
  2⤵
  PID:7564
- C:\Windows\System\KFjAnDl.exe
  C:\Windows\System\KFjAnDl.exe
  2⤵
  PID:7692
- C:\Windows\System\hZDttLY.exe
  C:\Windows\System\hZDttLY.exe
  2⤵
  PID:7532
- C:\Windows\System\IYtqxGt.exe
  C:\Windows\System\IYtqxGt.exe
  2⤵
  PID:7580
- C:\Windows\System\zqfEghb.exe
  C:\Windows\System\zqfEghb.exe
  2⤵
  PID:7708
- C:\Windows\System\ZQQHbna.exe
  C:\Windows\System\ZQQHbna.exe
  2⤵
  PID:7912
- C:\Windows\System\YsrJYdA.exe
  C:\Windows\System\YsrJYdA.exe
  2⤵
  PID:7864
- C:\Windows\System\HwgaptV.exe
  C:\Windows\System\HwgaptV.exe
  2⤵
  PID:8000
- C:\Windows\System\wgPbdDc.exe
  C:\Windows\System\wgPbdDc.exe
  2⤵
  PID:6988
- C:\Windows\System\cUbFqXv.exe
  C:\Windows\System\cUbFqXv.exe
  2⤵
  PID:7528
- C:\Windows\System\Dvwlvav.exe
  C:\Windows\System\Dvwlvav.exe
  2⤵
  PID:7492
- C:\Windows\System\YRxMGyB.exe
  C:\Windows\System\YRxMGyB.exe
  2⤵
  PID:7644
- C:\Windows\System\jTXxiyl.exe
  C:\Windows\System\jTXxiyl.exe
  2⤵
  PID:8108
- C:\Windows\System\dueoYnG.exe
  C:\Windows\System\dueoYnG.exe
  2⤵
  PID:8196
- C:\Windows\System\JwFUEyb.exe
  C:\Windows\System\JwFUEyb.exe
  2⤵
  PID:8212
- C:\Windows\System\afcMeVC.exe
  C:\Windows\System\afcMeVC.exe
  2⤵
  PID:8228
- C:\Windows\System\GAmumCn.exe
  C:\Windows\System\GAmumCn.exe
  2⤵
  PID:8244
- C:\Windows\System\yTtVopK.exe
  C:\Windows\System\yTtVopK.exe
  2⤵
  PID:8260
- C:\Windows\System\nPTMEgY.exe
  C:\Windows\System\nPTMEgY.exe
  2⤵
  PID:8276
- C:\Windows\System\NRWYUHv.exe
  C:\Windows\System\NRWYUHv.exe
  2⤵
  PID:8292
- C:\Windows\System\xblsWOV.exe
  C:\Windows\System\xblsWOV.exe
  2⤵
  PID:8308
- C:\Windows\System\UxLJWwv.exe
  C:\Windows\System\UxLJWwv.exe
  2⤵
  PID:8328
- C:\Windows\System\WFnPYDN.exe
  C:\Windows\System\WFnPYDN.exe
  2⤵
  PID:8344
- C:\Windows\System\IThaKlT.exe
  C:\Windows\System\IThaKlT.exe
  2⤵
  PID:8360
- C:\Windows\System\KIfjYhb.exe
  C:\Windows\System\KIfjYhb.exe
  2⤵
  PID:8376
- C:\Windows\System\nKeUXLf.exe
  C:\Windows\System\nKeUXLf.exe
  2⤵
  PID:8392
- C:\Windows\System\wOVMaQv.exe
  C:\Windows\System\wOVMaQv.exe
  2⤵
  PID:8408
- C:\Windows\System\HgjUUHx.exe
  C:\Windows\System\HgjUUHx.exe
  2⤵
  PID:8424
- C:\Windows\System\RHdNnQR.exe
  C:\Windows\System\RHdNnQR.exe
  2⤵
  PID:8440
- C:\Windows\System\TTxCLVC.exe
  C:\Windows\System\TTxCLVC.exe
  2⤵
  PID:8456
- C:\Windows\System\MYWwpYH.exe
  C:\Windows\System\MYWwpYH.exe
  2⤵
  PID:8472
- C:\Windows\System\YVUcDYf.exe
  C:\Windows\System\YVUcDYf.exe
  2⤵
  PID:8496
- C:\Windows\System\gjJQGPm.exe
  C:\Windows\System\gjJQGPm.exe
  2⤵
  PID:8604
- C:\Windows\System\vMHDwsM.exe
  C:\Windows\System\vMHDwsM.exe
  2⤵
  PID:8620
- C:\Windows\System\VrMzGeE.exe
  C:\Windows\System\VrMzGeE.exe
  2⤵
  PID:8636
- C:\Windows\System\NlVYmwk.exe
  C:\Windows\System\NlVYmwk.exe
  2⤵
  PID:8652
- C:\Windows\System\bFbNzZK.exe
  C:\Windows\System\bFbNzZK.exe
  2⤵
  PID:8668
- C:\Windows\System\AeEffib.exe
  C:\Windows\System\AeEffib.exe
  2⤵
  PID:8684
- C:\Windows\System\NIsLQUo.exe
  C:\Windows\System\NIsLQUo.exe
  2⤵
  PID:8700
- C:\Windows\System\THejktM.exe
  C:\Windows\System\THejktM.exe
  2⤵
  PID:8716
- C:\Windows\System\cAWCcRu.exe
  C:\Windows\System\cAWCcRu.exe
  2⤵
  PID:8732
- C:\Windows\System\cGKwksc.exe
  C:\Windows\System\cGKwksc.exe
  2⤵
  PID:8748
- C:\Windows\System\BNDxksR.exe
  C:\Windows\System\BNDxksR.exe
  2⤵
  PID:8764
- C:\Windows\System\QNsfcQl.exe
  C:\Windows\System\QNsfcQl.exe
  2⤵
  PID:8780
- C:\Windows\System\HWMDJVp.exe
  C:\Windows\System\HWMDJVp.exe
  2⤵
  PID:8796
- C:\Windows\System\SWZjmPv.exe
  C:\Windows\System\SWZjmPv.exe
  2⤵
  PID:8812
- C:\Windows\System\INvkbrg.exe
  C:\Windows\System\INvkbrg.exe
  2⤵
  PID:8828
- C:\Windows\System\fjxGpGu.exe
  C:\Windows\System\fjxGpGu.exe
  2⤵
  PID:8844
- C:\Windows\System\ixefPuU.exe
  C:\Windows\System\ixefPuU.exe
  2⤵
  PID:8860
- C:\Windows\System\VpyfoVE.exe
  C:\Windows\System\VpyfoVE.exe
  2⤵
  PID:8880
- C:\Windows\System\gqjQcXA.exe
  C:\Windows\System\gqjQcXA.exe
  2⤵
  PID:8896
- C:\Windows\System\JvOjTqL.exe
  C:\Windows\System\JvOjTqL.exe
  2⤵
  PID:8912
- C:\Windows\System\xihwWki.exe
  C:\Windows\System\xihwWki.exe
  2⤵
  PID:8928
- C:\Windows\System\QRcsMYk.exe
  C:\Windows\System\QRcsMYk.exe
  2⤵
  PID:8944
- C:\Windows\System\TxGZUqx.exe
  C:\Windows\System\TxGZUqx.exe
  2⤵
  PID:8960
- C:\Windows\System\LxOTwkf.exe
  C:\Windows\System\LxOTwkf.exe
  2⤵
  PID:8976
- C:\Windows\System\wOageMs.exe
  C:\Windows\System\wOageMs.exe
  2⤵
  PID:8992
- C:\Windows\System\VWlsEBK.exe
  C:\Windows\System\VWlsEBK.exe
  2⤵
  PID:9008
- C:\Windows\System\gqtUhUB.exe
  C:\Windows\System\gqtUhUB.exe
  2⤵
  PID:9024
- C:\Windows\System\PygDHGK.exe
  C:\Windows\System\PygDHGK.exe
  2⤵
  PID:9040
- C:\Windows\System\syAjpBm.exe
  C:\Windows\System\syAjpBm.exe
  2⤵
  PID:9056
- C:\Windows\System\zYXsouc.exe
  C:\Windows\System\zYXsouc.exe
  2⤵
  PID:9072
- C:\Windows\System\MxvzOxV.exe
  C:\Windows\System\MxvzOxV.exe
  2⤵
  PID:9088
- C:\Windows\System\ITEdvaV.exe
  C:\Windows\System\ITEdvaV.exe
  2⤵
  PID:9104
- C:\Windows\System\MhyxAYA.exe
  C:\Windows\System\MhyxAYA.exe
  2⤵
  PID:9120
- C:\Windows\System\VqDoZOH.exe
  C:\Windows\System\VqDoZOH.exe
  2⤵
  PID:9136
- C:\Windows\System\kWJTsYH.exe
  C:\Windows\System\kWJTsYH.exe
  2⤵
  PID:9164
- C:\Windows\System\QGhZNsn.exe
  C:\Windows\System\QGhZNsn.exe
  2⤵
  PID:9180
- C:\Windows\System\UPECJZO.exe
  C:\Windows\System\UPECJZO.exe
  2⤵
  PID:9196
- C:\Windows\System\FzqUqXP.exe
  C:\Windows\System\FzqUqXP.exe
  2⤵
  PID:9212
- C:\Windows\System\FFbwgCv.exe
  C:\Windows\System\FFbwgCv.exe
  2⤵
  PID:8236
- C:\Windows\System\XtyByvy.exe
  C:\Windows\System\XtyByvy.exe
  2⤵
  PID:8300
- C:\Windows\System\mFfCafL.exe
  C:\Windows\System\mFfCafL.exe
  2⤵
  PID:7784
- C:\Windows\System\vasUhaI.exe
  C:\Windows\System\vasUhaI.exe
  2⤵
  PID:7868
- C:\Windows\System\OSgsYgi.exe
  C:\Windows\System\OSgsYgi.exe
  2⤵
  PID:7352
- C:\Windows\System\ySEkNyf.exe
  C:\Windows\System\ySEkNyf.exe
  2⤵
  PID:8220
- C:\Windows\System\NdvCYux.exe
  C:\Windows\System\NdvCYux.exe
  2⤵
  PID:8400
- C:\Windows\System\xPSvyEx.exe
  C:\Windows\System\xPSvyEx.exe
  2⤵
  PID:8464
- C:\Windows\System\fqxOBfe.exe
  C:\Windows\System\fqxOBfe.exe
  2⤵
  PID:8172
- C:\Windows\System\AYmaNOK.exe
  C:\Windows\System\AYmaNOK.exe
  2⤵
  PID:7200
- C:\Windows\System\ndtBiUm.exe
  C:\Windows\System\ndtBiUm.exe
  2⤵
  PID:7480
- C:\Windows\System\MFEhSIA.exe
  C:\Windows\System\MFEhSIA.exe
  2⤵
  PID:7676
- C:\Windows\System\QffEbLm.exe
  C:\Windows\System\QffEbLm.exe
  2⤵
  PID:7672
- C:\Windows\System\XMoajUL.exe
  C:\Windows\System\XMoajUL.exe
  2⤵
  PID:8256
- C:\Windows\System\hQwLHYn.exe
  C:\Windows\System\hQwLHYn.exe
  2⤵
  PID:8468
- C:\Windows\System\KSKDfMy.exe
  C:\Windows\System\KSKDfMy.exe
  2⤵
  PID:8388
- C:\Windows\System\plAklKG.exe
  C:\Windows\System\plAklKG.exe
  2⤵
  PID:8452
- C:\Windows\System\kFiUoSI.exe
  C:\Windows\System\kFiUoSI.exe
  2⤵
  PID:8564
- C:\Windows\System\wVCfGGW.exe
  C:\Windows\System\wVCfGGW.exe
  2⤵
  PID:8512
- C:\Windows\System\RJNqFNi.exe
  C:\Windows\System\RJNqFNi.exe
  2⤵
  PID:8540
- C:\Windows\System\VQeMRjg.exe
  C:\Windows\System\VQeMRjg.exe
  2⤵
  PID:8556
- C:\Windows\System\gvxwTfP.exe
  C:\Windows\System\gvxwTfP.exe
  2⤵
  PID:8580
- C:\Windows\System\fFgFpDJ.exe
  C:\Windows\System\fFgFpDJ.exe
  2⤵
  PID:8596
- C:\Windows\System\jZQUTWW.exe
  C:\Windows\System\jZQUTWW.exe
  2⤵
  PID:8644
- C:\Windows\System\qQKWbeC.exe
  C:\Windows\System\qQKWbeC.exe
  2⤵
  PID:8628
- C:\Windows\System\LPKWkZE.exe
  C:\Windows\System\LPKWkZE.exe
  2⤵
  PID:8724
- C:\Windows\System\SoZxEjX.exe
  C:\Windows\System\SoZxEjX.exe
  2⤵
  PID:8788
- C:\Windows\System\fLbtThK.exe
  C:\Windows\System\fLbtThK.exe
  2⤵
  PID:8772
- C:\Windows\System\ypsezIa.exe
  C:\Windows\System\ypsezIa.exe
  2⤵
  PID:8712
- C:\Windows\System\YPqYpWg.exe
  C:\Windows\System\YPqYpWg.exe
  2⤵
  PID:8808
- C:\Windows\System\DDSnFHU.exe
  C:\Windows\System\DDSnFHU.exe
  2⤵
  PID:8888
- C:\Windows\System\WDjnxxp.exe
  C:\Windows\System\WDjnxxp.exe
  2⤵
  PID:8924
- C:\Windows\System\PaoQGHk.exe
  C:\Windows\System\PaoQGHk.exe
  2⤵
  PID:8936
- C:\Windows\System\FDkxIWH.exe
  C:\Windows\System\FDkxIWH.exe
  2⤵
  PID:9020
- C:\Windows\System\IFztxRv.exe
  C:\Windows\System\IFztxRv.exe
  2⤵
  PID:9032
- C:\Windows\System\GzQbyMg.exe
  C:\Windows\System\GzQbyMg.exe
  2⤵
  PID:9004
- C:\Windows\System\qLoLnJa.exe
  C:\Windows\System\qLoLnJa.exe
  2⤵
  PID:9112
- C:\Windows\System\HgGhtzY.exe
  C:\Windows\System\HgGhtzY.exe
  2⤵
  PID:9064
- C:\Windows\System\uHUfylf.exe
  C:\Windows\System\uHUfylf.exe
  2⤵
  PID:9156
- C:\Windows\System\CzrzFhq.exe
  C:\Windows\System\CzrzFhq.exe
  2⤵
  PID:9192
- C:\Windows\System\IOJCEts.exe
  C:\Windows\System\IOJCEts.exe
  2⤵
  PID:9208
- C:\Windows\System\eNCZScV.exe
  C:\Windows\System\eNCZScV.exe
  2⤵
  PID:7980
- C:\Windows\System\AzsIyPs.exe
  C:\Windows\System\AzsIyPs.exe
  2⤵
  PID:8144
- C:\Windows\System\cmENPnp.exe
  C:\Windows\System\cmENPnp.exe
  2⤵
  PID:8268
- C:\Windows\System\hbhcsLl.exe
  C:\Windows\System\hbhcsLl.exe
  2⤵
  PID:6860
- C:\Windows\System\lWRWOLW.exe
  C:\Windows\System\lWRWOLW.exe
  2⤵
  PID:8436
- C:\Windows\System\kDusbUD.exe
  C:\Windows\System\kDusbUD.exe
  2⤵
  PID:8420
- C:\Windows\System\hUUlULk.exe
  C:\Windows\System\hUUlULk.exe
  2⤵
  PID:8224
- C:\Windows\System\LHGNQDu.exe
  C:\Windows\System\LHGNQDu.exe
  2⤵
  PID:8252
- C:\Windows\System\pqTsEYp.exe
  C:\Windows\System\pqTsEYp.exe
  2⤵
  PID:8524
- C:\Windows\System\JDvEohJ.exe
  C:\Windows\System\JDvEohJ.exe
  2⤵
  PID:8584
- C:\Windows\System\SYhSNAH.exe
  C:\Windows\System\SYhSNAH.exe
  2⤵
  PID:8756
- C:\Windows\System\zmfTjqc.exe
  C:\Windows\System\zmfTjqc.exe
  2⤵
  PID:8612
- C:\Windows\System\iLlhUFs.exe
  C:\Windows\System\iLlhUFs.exe
  2⤵
  PID:8820
- C:\Windows\System\niDqPkU.exe
  C:\Windows\System\niDqPkU.exe
  2⤵
  PID:8952
- C:\Windows\System\EvVnhgg.exe
  C:\Windows\System\EvVnhgg.exe
  2⤵
  PID:8872
- C:\Windows\System\xlEuHEp.exe
  C:\Windows\System\xlEuHEp.exe
  2⤵
  PID:8852
- C:\Windows\System\naZPdQJ.exe
  C:\Windows\System\naZPdQJ.exe
  2⤵
  PID:9132
- C:\Windows\System\zjxxAqZ.exe
  C:\Windows\System\zjxxAqZ.exe
  2⤵
  PID:8836
- C:\Windows\System\hSyoXlq.exe
  C:\Windows\System\hSyoXlq.exe
  2⤵
  PID:8988
- C:\Windows\System\xMDbRMc.exe
  C:\Windows\System\xMDbRMc.exe
  2⤵
  PID:9068
- C:\Windows\System\FLUVceJ.exe
  C:\Windows\System\FLUVceJ.exe
  2⤵
  PID:9204
- C:\Windows\System\AiJZvNk.exe
  C:\Windows\System\AiJZvNk.exe
  2⤵
  PID:7884
- C:\Windows\System\KvOXTte.exe
  C:\Windows\System\KvOXTte.exe
  2⤵
  PID:8324
- C:\Windows\System\fFGPnoT.exe
  C:\Windows\System\fFGPnoT.exe
  2⤵
  PID:8532
- C:\Windows\System\eABCxjS.exe
  C:\Windows\System\eABCxjS.exe
  2⤵
  PID:8576
- C:\Windows\System\WaWJvHO.exe
  C:\Windows\System\WaWJvHO.exe
  2⤵
  PID:8204
- C:\Windows\System\YHLCAeS.exe
  C:\Windows\System\YHLCAeS.exe
  2⤵
  PID:8972
- C:\Windows\System\VitFihk.exe
  C:\Windows\System\VitFihk.exe
  2⤵
  PID:7624
- C:\Windows\System\uCOUczz.exe
  C:\Windows\System\uCOUczz.exe
  2⤵
  PID:8432
- C:\Windows\System\qQHtUyY.exe
  C:\Windows\System\qQHtUyY.exe
  2⤵
  PID:8480
- C:\Windows\System\ciVLSoY.exe
  C:\Windows\System\ciVLSoY.exe
  2⤵
  PID:8572
- C:\Windows\System\XDVoVNE.exe
  C:\Windows\System\XDVoVNE.exe
  2⤵
  PID:8892
- C:\Windows\System\yLtCjdU.exe
  C:\Windows\System\yLtCjdU.exe
  2⤵
  PID:7996
- C:\Windows\System\OxWESHv.exe
  C:\Windows\System\OxWESHv.exe
  2⤵
  PID:9036
- C:\Windows\System\jPlZPEO.exe
  C:\Windows\System\jPlZPEO.exe
  2⤵
  PID:9148
- C:\Windows\System\ctQZIlK.exe
  C:\Windows\System\ctQZIlK.exe
  2⤵
  PID:8384
- C:\Windows\System\XKxRBOD.exe
  C:\Windows\System\XKxRBOD.exe
  2⤵
  PID:9228
- C:\Windows\System\geMcIGj.exe
  C:\Windows\System\geMcIGj.exe
  2⤵
  PID:9244
- C:\Windows\System\coyLGDr.exe
  C:\Windows\System\coyLGDr.exe
  2⤵
  PID:9260
- C:\Windows\System\ZEvCryr.exe
  C:\Windows\System\ZEvCryr.exe
  2⤵
  PID:9276
- C:\Windows\System\XIskbZX.exe
  C:\Windows\System\XIskbZX.exe
  2⤵
  PID:9292
- C:\Windows\System\AkxbwnN.exe
  C:\Windows\System\AkxbwnN.exe
  2⤵
  PID:9308
- C:\Windows\System\kPyELxW.exe
  C:\Windows\System\kPyELxW.exe
  2⤵
  PID:9324
- C:\Windows\System\ZakFeBs.exe
  C:\Windows\System\ZakFeBs.exe
  2⤵
  PID:9340
- C:\Windows\System\kNFgdox.exe
  C:\Windows\System\kNFgdox.exe
  2⤵
  PID:9356
- C:\Windows\System\MdXbepP.exe
  C:\Windows\System\MdXbepP.exe
  2⤵
  PID:9372
- C:\Windows\System\YRQpoph.exe
  C:\Windows\System\YRQpoph.exe
  2⤵
  PID:9388
- C:\Windows\System\CQBJwaU.exe
  C:\Windows\System\CQBJwaU.exe
  2⤵
  PID:9404
- C:\Windows\System\CnpmzUn.exe
  C:\Windows\System\CnpmzUn.exe
  2⤵
  PID:9420
- C:\Windows\System\SMHjLdJ.exe
  C:\Windows\System\SMHjLdJ.exe
  2⤵
  PID:9436
- C:\Windows\System\MUREHja.exe
  C:\Windows\System\MUREHja.exe
  2⤵
  PID:9452
- C:\Windows\System\oQVXxGf.exe
  C:\Windows\System\oQVXxGf.exe
  2⤵
  PID:9468
- C:\Windows\System\HMrEVBo.exe
  C:\Windows\System\HMrEVBo.exe
  2⤵
  PID:9484
- C:\Windows\System\PfykMkR.exe
  C:\Windows\System\PfykMkR.exe
  2⤵
  PID:9500
- C:\Windows\System\ExaFtHi.exe
  C:\Windows\System\ExaFtHi.exe
  2⤵
  PID:9516
- C:\Windows\System\yseyfgA.exe
  C:\Windows\System\yseyfgA.exe
  2⤵
  PID:9532
- C:\Windows\System\iULZFyM.exe
  C:\Windows\System\iULZFyM.exe
  2⤵
  PID:9548
- C:\Windows\System\vJfMGCR.exe
  C:\Windows\System\vJfMGCR.exe
  2⤵
  PID:9564
- C:\Windows\System\SoNhFgA.exe
  C:\Windows\System\SoNhFgA.exe
  2⤵
  PID:9580
- C:\Windows\System\KZJUUap.exe
  C:\Windows\System\KZJUUap.exe
  2⤵
  PID:9596
- C:\Windows\System\wWDPBzb.exe
  C:\Windows\System\wWDPBzb.exe
  2⤵
  PID:9612
- C:\Windows\System\qMkxtcb.exe
  C:\Windows\System\qMkxtcb.exe
  2⤵
  PID:9628
- C:\Windows\System\huVoCTA.exe
  C:\Windows\System\huVoCTA.exe
  2⤵
  PID:9644
- C:\Windows\System\bjhHAjR.exe
  C:\Windows\System\bjhHAjR.exe
  2⤵
  PID:9660
- C:\Windows\System\fQHyUaL.exe
  C:\Windows\System\fQHyUaL.exe
  2⤵
  PID:9676
- C:\Windows\System\TJlpIkd.exe
  C:\Windows\System\TJlpIkd.exe
  2⤵
  PID:9692
- C:\Windows\System\NdNgbtk.exe
  C:\Windows\System\NdNgbtk.exe
  2⤵
  PID:9708
- C:\Windows\System\upYvanR.exe
  C:\Windows\System\upYvanR.exe
  2⤵
  PID:9724
- C:\Windows\System\kDvUwWg.exe
  C:\Windows\System\kDvUwWg.exe
  2⤵
  PID:9740
- C:\Windows\System\HWALSPj.exe
  C:\Windows\System\HWALSPj.exe
  2⤵
  PID:9756
- C:\Windows\System\JZxUuKy.exe
  C:\Windows\System\JZxUuKy.exe
  2⤵
  PID:9772
- C:\Windows\System\vUIgDeY.exe
  C:\Windows\System\vUIgDeY.exe
  2⤵
  PID:9788
- C:\Windows\System\qvdbiXC.exe
  C:\Windows\System\qvdbiXC.exe
  2⤵
  PID:9804
- C:\Windows\System\EmHYWUL.exe
  C:\Windows\System\EmHYWUL.exe
  2⤵
  PID:9820
- C:\Windows\System\sBDTngR.exe
  C:\Windows\System\sBDTngR.exe
  2⤵
  PID:9836
- C:\Windows\System\RPhPOUZ.exe
  C:\Windows\System\RPhPOUZ.exe
  2⤵
  PID:9852
- C:\Windows\System\GagXUFi.exe
  C:\Windows\System\GagXUFi.exe
  2⤵
  PID:9880
- C:\Windows\System\eAbLSmz.exe
  C:\Windows\System\eAbLSmz.exe
  2⤵
  PID:9896
- C:\Windows\System\ovLFkSK.exe
  C:\Windows\System\ovLFkSK.exe
  2⤵
  PID:9916
- C:\Windows\System\IUgsVYr.exe
  C:\Windows\System\IUgsVYr.exe
  2⤵
  PID:9932
- C:\Windows\System\OXCwcaT.exe
  C:\Windows\System\OXCwcaT.exe
  2⤵
  PID:9952
- C:\Windows\System\kFuUEiO.exe
  C:\Windows\System\kFuUEiO.exe
  2⤵
  PID:9972
- C:\Windows\System\TpzFMyR.exe
  C:\Windows\System\TpzFMyR.exe
  2⤵
  PID:9988
- C:\Windows\System\zwaBULt.exe
  C:\Windows\System\zwaBULt.exe
  2⤵
  PID:10004
- C:\Windows\System\AoetnKY.exe
  C:\Windows\System\AoetnKY.exe
  2⤵
  PID:10020
- C:\Windows\System\MuDrTww.exe
  C:\Windows\System\MuDrTww.exe
  2⤵
  PID:10036
- C:\Windows\System\ZPBMNqs.exe
  C:\Windows\System\ZPBMNqs.exe
  2⤵
  PID:10052
- C:\Windows\System\kbjrink.exe
  C:\Windows\System\kbjrink.exe
  2⤵
  PID:10068
- C:\Windows\System\JUsuFHw.exe
  C:\Windows\System\JUsuFHw.exe
  2⤵
  PID:10088
- C:\Windows\System\LyzUcpm.exe
  C:\Windows\System\LyzUcpm.exe
  2⤵
  PID:10104
- C:\Windows\System\vfFtavM.exe
  C:\Windows\System\vfFtavM.exe
  2⤵
  PID:10120
- C:\Windows\System\PUCwCRJ.exe
  C:\Windows\System\PUCwCRJ.exe
  2⤵
  PID:10136
- C:\Windows\System\AqiYeta.exe
  C:\Windows\System\AqiYeta.exe
  2⤵
  PID:10152
- C:\Windows\System\wMcWmxN.exe
  C:\Windows\System\wMcWmxN.exe
  2⤵
  PID:10168
- C:\Windows\System\TZqKArB.exe
  C:\Windows\System\TZqKArB.exe
  2⤵
  PID:10184
- C:\Windows\System\AzSRxIM.exe
  C:\Windows\System\AzSRxIM.exe
  2⤵
  PID:10200
- C:\Windows\System\oaUJGhF.exe
  C:\Windows\System\oaUJGhF.exe
  2⤵
  PID:10216
- C:\Windows\System\SEqXOvA.exe
  C:\Windows\System\SEqXOvA.exe
  2⤵
  PID:10232
- C:\Windows\System\UkJyNqo.exe
  C:\Windows\System\UkJyNqo.exe
  2⤵
  PID:8744
- C:\Windows\System\ZrZhmWR.exe
  C:\Windows\System\ZrZhmWR.exe
  2⤵
  PID:9240
- C:\Windows\System\InggndN.exe
  C:\Windows\System\InggndN.exe
  2⤵
  PID:9304
- C:\Windows\System\DFMUUrC.exe
  C:\Windows\System\DFMUUrC.exe
  2⤵
  PID:9368
- C:\Windows\System\yLbpTRK.exe
  C:\Windows\System\yLbpTRK.exe
  2⤵
  PID:9400
- C:\Windows\System\SDpkTDY.exe
  C:\Windows\System\SDpkTDY.exe
  2⤵
  PID:9464
- C:\Windows\System\OMKijEK.exe
  C:\Windows\System\OMKijEK.exe
  2⤵
  PID:9524
- C:\Windows\System\ujWjeLK.exe
  C:\Windows\System\ujWjeLK.exe
  2⤵
  PID:9588
- C:\Windows\System\lcJNkOm.exe
  C:\Windows\System\lcJNkOm.exe
  2⤵
  PID:9652
- C:\Windows\System\JGaVgKj.exe
  C:\Windows\System\JGaVgKj.exe
  2⤵
  PID:8632
- C:\Windows\System\hGIUznQ.exe
  C:\Windows\System\hGIUznQ.exe
  2⤵
  PID:8660
- C:\Windows\System\ZNbaQbQ.exe
  C:\Windows\System\ZNbaQbQ.exe
  2⤵
  PID:9720
- C:\Windows\System\kehPTUr.exe
  C:\Windows\System\kehPTUr.exe
  2⤵
  PID:9640
- C:\Windows\System\YTHoReE.exe
  C:\Windows\System\YTHoReE.exe
  2⤵
  PID:9348
- C:\Windows\System\kgYgQDR.exe
  C:\Windows\System\kgYgQDR.exe
  2⤵
  PID:9220
- C:\Windows\System\sWcUQHv.exe
  C:\Windows\System\sWcUQHv.exe
  2⤵
  PID:9256
- C:\Windows\System\OZRuKbh.exe
  C:\Windows\System\OZRuKbh.exe
  2⤵
  PID:9780
- C:\Windows\System\dQumYOi.exe
  C:\Windows\System\dQumYOi.exe
  2⤵
  PID:9508
- C:\Windows\System\RrZYPFK.exe
  C:\Windows\System\RrZYPFK.exe
  2⤵
  PID:9576
- C:\Windows\System\bvibZRd.exe
  C:\Windows\System\bvibZRd.exe
  2⤵
  PID:9668
- C:\Windows\System\uhidSot.exe
  C:\Windows\System\uhidSot.exe
  2⤵
  PID:9768
- C:\Windows\System\zwCDPxp.exe
  C:\Windows\System\zwCDPxp.exe
  2⤵
  PID:9800
- C:\Windows\System\XnqYESs.exe
  C:\Windows\System\XnqYESs.exe
  2⤵
  PID:9832
- C:\Windows\System\bNOjeJz.exe
  C:\Windows\System\bNOjeJz.exe
  2⤵
  PID:9868
- C:\Windows\System\YQkYPeQ.exe
  C:\Windows\System\YQkYPeQ.exe
  2⤵
  PID:9864
- C:\Windows\System\SRiOTSP.exe
  C:\Windows\System\SRiOTSP.exe
  2⤵
  PID:9908
- C:\Windows\System\WfaZVnE.exe
  C:\Windows\System\WfaZVnE.exe
  2⤵
  PID:9968
- C:\Windows\System\krFhNXu.exe
  C:\Windows\System\krFhNXu.exe
  2⤵
  PID:10032
- C:\Windows\System\cmkYhoU.exe
  C:\Windows\System\cmkYhoU.exe
  2⤵
  PID:9980
- C:\Windows\System\nKgJsDD.exe
  C:\Windows\System\nKgJsDD.exe
  2⤵
  PID:10044
- C:\Windows\System\xRhyseg.exe
  C:\Windows\System\xRhyseg.exe
  2⤵
  PID:9984
- C:\Windows\System\wtsCtXi.exe
  C:\Windows\System\wtsCtXi.exe
  2⤵
  PID:10080
- C:\Windows\System\DPAaBdP.exe
  C:\Windows\System\DPAaBdP.exe
  2⤵
  PID:10160
- C:\Windows\System\CQEAhBX.exe
  C:\Windows\System\CQEAhBX.exe
  2⤵
  PID:10196
- C:\Windows\System\MsrXplA.exe
  C:\Windows\System\MsrXplA.exe
  2⤵
  PID:9236
- C:\Windows\System\aJLPWRt.exe
  C:\Windows\System\aJLPWRt.exe
  2⤵
  PID:9556
- C:\Windows\System\QfuBlMj.exe
  C:\Windows\System\QfuBlMj.exe
  2⤵
  PID:9752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AkDfJYm.exe

Filesize
6.0MB

MD5
3778e8c51dfa711c8405b1617b90d367

SHA1
06c3bf43420f6d4edc2610d084bdccf3bca834e2

SHA256
4723c6781d07ed1ad8e76d5f39e6ee89ee5c5191c2a4a964730f95f2dc675ae7

SHA512
5f82e9ba56c93dbc0e147fa0805691afe8ed0b5aacbf855a18e83853aa8db8a5718a0d0cce8e06c31f51f6c19e27c36152cc44d80d5a047e00e541332cf56bc2

Download Submit
C:\Windows\system\AskdHdD.exe

Filesize
6.0MB

MD5
9cd2fbb751f2e61024659acd40136901

SHA1
97019348f7b258f74553f933a7d4d12bc0c77082

SHA256
aa78240e4591575d31512e5c3ecd47597b029da3b17b2d82d412810eaa64f11d

SHA512
424bc8cfb001efb9ff4a85ba3fc5664784bcf92ef4aab6f8cf9c61198fd310a1f54df1646eeb9b1c81e4ebdcf92840f6c57e176e7351ad432ea59da4c0f2df97

Download Submit
C:\Windows\system\CRlIOuv.exe

Filesize
6.0MB

MD5
90f867614508d141bdb0db70ccd8aa33

SHA1
aaec62f731888df892500ca21b2ba987cb61179a

SHA256
c6dd306d9e7597e5a45ac9b185da40468fa1ff1f66ae7c61bd38ca69e7bc4022

SHA512
40f5973de877bb2f11e41c1c7dd6e6c921db9a3e5c93369cd14e59bf780662d31f3f8c8d1c3ead6ba6b0b1de849caa677aa5faf693faea04c07e8772f6f6c696

Download Submit
C:\Windows\system\CSKaziN.exe

Filesize
6.0MB

MD5
43a1ec4031e4d72c7ccb65910d1ab2eb

SHA1
ef0aff08ae1d739c0c07c4f33e954e5b3c54a674

SHA256
f402a19fb36a85dab81d7d286e716fecbe63a046322e1e4e9482b49ba299509c

SHA512
8ac38f7895a4d41949dfbb0f24ae1b90c93028545fed778df9cbb7adec0a75d53e1b822393774be1a3d9579dedbc82522d4689f9e9c27b5099120e0fa8b56e12

Download Submit
C:\Windows\system\FJUjqGv.exe

Filesize
6.0MB

MD5
10f4ed26bcf087d0dec71d8c13e72b13

SHA1
a628edef870075a77bf0739cefc456cbca2684d5

SHA256
a2b8d47d5e452c11998a917f64dedcdb718f032cd4c0a8cfa5705f89b2f0c6cd

SHA512
5ac9d4e6df24bdb3a100e3aa482bb38d7c0c94d7e9661877e2def05a191dc80c9f01695d76e3bac13e20f773b37c33ec6c8b8a3972382e879559faf8eeb97c25

Download Submit
C:\Windows\system\FKoXPqC.exe

Filesize
6.0MB

MD5
4d67fb664f2ad60aa01f1dd54bdadbf9

SHA1
9fa11be0555a4c9f1d22c85902d8c270176121df

SHA256
7e472a74fa0cb9420ada24d8d798898644812a1bbea8f107c3d5345300d22290

SHA512
ccb31def3883138266b0b39e0fc76345e8da9d4de06c18957561c4176794816bd0d83d52686db3c6b966df91b266dbfc28d99d9ee0c96ca111492f7e11c2e71a

Download Submit
C:\Windows\system\FrOMMTl.exe

Filesize
6.0MB

MD5
4ba4033e9cd931ee904d6a983109b684

SHA1
9242d7866428ac4940a504931447263ab10bf596

SHA256
c599110537f6a3ccb7b9c3a3ad4e5deb2922f776d5242ba6885b4d19797074c8

SHA512
c86dbf3bc5bc90646747d03d6e90f72e143211ccef9e3df919941e235897dc1ae101502fa418e9328aa37173b9ddba1dac90eb040eb279389c421f37e2d112a8

Download Submit
C:\Windows\system\ICUEQoT.exe

Filesize
6.0MB

MD5
f19d8da166572e56e8ac528d53e81cce

SHA1
3a259c26923697b23198eb19ebab5ef36e81b2d3

SHA256
bef0edb77e5d332fa8e55a5ca3ef0aa818e8b874071e70194907c8f67ae6bf1b

SHA512
2467ef0483adc4b37b409ada0108aaf0c2638db76c4f18b201235fea9f139dfc309a5ffedf19336f523ea1213f672fefc04b3df6d6a8544e39aac5fd12bca888

Download Submit
C:\Windows\system\IxYzOjj.exe

Filesize
6.0MB

MD5
debbb4f435eabe0a4ef4502fecd45326

SHA1
53f2277dc0fdb30b3ae4178fbb9923c030dc8d52

SHA256
0a03ec87d817c1176dabc6648461f104fdd5b0e316703846ffc59033dd5bed6f

SHA512
14c994140496c4888a6b7aad5ee37be34eff39778aa27580b745e0e2075a7583267a88eb53c3097a94f19dd88177d7afb45f5eac311021c59ba5709511a50504

Download Submit
C:\Windows\system\KVlTOxi.exe

Filesize
6.0MB

MD5
9ecf5d60297ff009be6d243bd8efe4e4

SHA1
b8de198545d6d6850b4a4167a71b5b500475f102

SHA256
ae950634ce49a8e6b5df8a5af9721d32a96c17efd0fc4e7e58a3015e30ca6602

SHA512
cb0047f786cc63059fdfeeea1818622e3e0a60818a3e0372ebdeb28d6057399de96d4a3241e8af9b859b5dd748ab6156b9cea0537d70d9f3f8da31d52750c23a

Download Submit
C:\Windows\system\Lpvylyi.exe

Filesize
6.0MB

MD5
acc2cd54df1d3b0e64df401de2253ee8

SHA1
cdb4d9b49e04af8c37ac06267dcb06e7daef1daf

SHA256
c164af32685736f0a33429c1113c6cf619bd2f4bab266c4aabd76d5e28b2b687

SHA512
2bd3ad1e13379440683d9c438b8c78d3f8f827f7e0abb0b1a4546a7281d5ede106af6bc92e5472079d33a659f534bf2e668900826907525aa1bfb295bfcd1359

Download Submit
C:\Windows\system\MWpsYZR.exe

Filesize
6.0MB

MD5
b84a817d80b5b93adf9af854c4035dc1

SHA1
53d35c5e5224626ea4b94aee20f4a780990efd25

SHA256
701668ce7c8110e4a17f8f0f230024e34aa56ca95e3cdf75cab248d9cb4a3b85

SHA512
a370a8ee9b7019e9d5b812b5077d0d83de1ba3772d1be830c92948850d768815a93c845e59c5f6fb1942bc7c9f68269415c35274c35e5594564ad927f6119493

Download Submit
C:\Windows\system\QaamAxD.exe

Filesize
6.0MB

MD5
474a036032f80ccaa8110390e3245509

SHA1
0a60fc695ebaaca9ce14b77e6ebd3615b0fce50b

SHA256
af4a5db9572083d5c94fa162a206af8541eb0b9d336519dc42f8823d919f5562

SHA512
fb18b634c11070250f09a96de0a82a55f27f60082d61997951bc220dc6a75d8248073d028e75a6b7fb9fb7916320df2d85bca7b5c676d6b82cd8d2fe3228490b

Download Submit
C:\Windows\system\RwcZpXd.exe

Filesize
6.0MB

MD5
0b913251308a0e33dc7eb5de6532259e

SHA1
ed6dec42dbbd507c1191fff399d398b08023f3cc

SHA256
2b154b7679fd38dd57284bdc02d3b789e8d6c2d352075562d288c506eaafdcfc

SHA512
ff90526154094a204091463e047c2edbbae4233382a8269627c419d0fa2213ec5162056cf0a10cd6188c9767d99f17e3e460679d668c7e77553b9b608126c23b

Download Submit
C:\Windows\system\RxynxQC.exe

Filesize
6.0MB

MD5
8944156fae2f43075aaf174c4b02a40d

SHA1
c6fa04705c0cc7eab71987e32b37ea06e780e11e

SHA256
08db90e48ce5c36a1f12012b7083bdc03f69c1e4063c15c901d673b43a0632b9

SHA512
db75658feedef71fdf2c948368548089f1e20f595b21361c1fff84040f3aea3a429bf326ea82ef396d4627db7ff3f09298141cfca6ebcb06e482656f58f728e4

Download Submit
C:\Windows\system\VqbJstx.exe

Filesize
6.0MB

MD5
e1e81d5ae2d17a9de1cd05a9bd672fee

SHA1
dced2e1a0de6cf9d53dba67ced4291e3cce28769

SHA256
5061fb36e525fced675105f4d9d62e670e5e9b7c0de9e0de17baa6da9b85b032

SHA512
090ba109c0fef8a250af313823b4a3d3f393ebe2f038afcb1fbec79b4b05441e6abd9b257c95575020009b7ddcede129c98893252f6fe8092628e45b5dfc4b5c

Download Submit
C:\Windows\system\cIFJjCG.exe

Filesize
6.0MB

MD5
ed5ba30bc4a28515443f51d12cf95e4b

SHA1
eea9444255ec84fd00e0bb05a66a778c5aa0c3cc

SHA256
04fd57c8c0f4908e63073d74a967226891f61f736a34ab4a538873e10a6dca61

SHA512
275da034c2bca80514ebc3e02bc2b441ec22e32f4a496e366f88df69a4941afc0c64b2ba22156d98fc5ed136065be2400d4114fe690f6974a6c68080a22597c6

Download Submit
C:\Windows\system\dEAALxR.exe

Filesize
6.0MB

MD5
0f0fce4232221cbc78b5fb4278209be5

SHA1
5586154e93b932acb4f45f64b8a77ad9ccc286d7

SHA256
386f10e19b9c87de18fc0bcfae6844b1d4e67867d5f5db8b402fd4c7e0f0805c

SHA512
5f2bf82eb6c7fe7f139d74e055765c4a99f5455bbe9ca5dc20b378a9ca9f951559dae754c7322ddbf0cecee422ae1608be2baa460c91114aea8594abd920b86c

Download Submit
C:\Windows\system\hFZgrOX.exe

Filesize
6.0MB

MD5
d2f330f0bf5e98807f29dcc46fddf64e

SHA1
fd2802b8f1493e374ee2ea81f88368fc60b7ba9a

SHA256
55202f2f6141f0908c338b2563da9088bac7334c73c36fb95a03ba3a8484f09e

SHA512
587fa9064f4aa08c97c68fc60f7dce2475e9e59dfdbd353746c383d72d2776b29a7f31d848ed83c596f1d5ede4c4a4e3d5362d85216d6777c6831d997b3c29a9

Download Submit
C:\Windows\system\jeNTFRp.exe

Filesize
6.0MB

MD5
409acb687b6b49261a3cbdf2a19ee4a3

SHA1
f5ac61f4b062d97d57b26947babe6a20c8b35b51

SHA256
57f1d4c7b5c41d9550d222320c63bc054e3c74b2d9d3a119658ab5fbc0ac2bad

SHA512
13b17e1ddaa894af6287cec2d8b6ae6c6c6301190d6921ca55eb1b2f645d52ddcb9b7c9d9f1b294b12e937aad08241851aab6497cebbb3409b16240e7a96f492

Download Submit
C:\Windows\system\klfhBzw.exe

Filesize
6.0MB

MD5
b99de32ce1fa6913a387c975ae2564a1

SHA1
f2a14f60fbe7fec97ce25568a588dd2e8626769c

SHA256
972c127c02153ec486f977cc4bc47a81e0d297aedf3156b99ad6c1050788e677

SHA512
cf353048fff7b44cee8e95377e9fd4ceb78cdf7ee0b6ce0364d401be9e94d77c6b058e4ef4b9a2fcba8823229ae76514d6a4f0753c73054c8d8ef2d40ed8fb69

Download Submit
C:\Windows\system\lPNQRhK.exe

Filesize
6.0MB

MD5
95aeaa463017e8cc7d64742db917ac96

SHA1
3cd340bb7e89df653714370290fc5f7489afbe83

SHA256
06ccdf6dabe26d0890f32c283fb89100ae0a88ddda26589ffb8f7808ea4a365f

SHA512
abfaf68846f6e47725b1eb027ee12b0f0a20091ee52b71ba2c0a62adb1209ba322ee0a9883a02082a10dd06674458598d3549145d09bca9ba29b7cdd761e9228

Download Submit
C:\Windows\system\mhgGMcZ.exe

Filesize
6.0MB

MD5
6cb05c78ff825bc4c9cc58c79e630cf1

SHA1
6592da5ee9969b3a68a80ed18188c4058650d92a

SHA256
6a9cd754a2fce5df74959edd44e7d22b47d2ea63e2e3f021f14a55e6d32ade32

SHA512
eddfc9947fe101e1855202c416dbe49bdd906d7c4d13197bf009a66b13726d507c8bc519b9436e0feaf5f55a79b0f3b2603e760f038944cf820056d119f961c3

Download Submit
C:\Windows\system\qLCnzGe.exe

Filesize
6.0MB

MD5
e00e176fd5d4ec0fcfe7e3b46d964e35

SHA1
d61ed927eabe944c9424a8d50d3b0e07d65685f4

SHA256
e55a1ae4be5a5fbc7d999b03e53eae9352fc43576dc8b8334cb24030f28e97a0

SHA512
7cf185d27ce3635f5acd4b89fda0d48e3596c1d6d0e5727d78cb49cff5aa6b42f64ff7bbfd7c2a417d6ed81e48da277fec28bc10a9221e58314224d0a434b225

Download Submit
C:\Windows\system\rGkLobv.exe

Filesize
6.0MB

MD5
f6ea356f76fc7497040b74a45ae19a22

SHA1
231f76672dd573dcf2cd00e3d7896dcf0cd61560

SHA256
8bd934492781d3684db7c91eb65469bbe396720f57d9f21a7cd70231aec6c174

SHA512
8912a666a994cc676940fcc10e4e2a5d504b127e3b48f65dd5712f6d8b35db8408159f9ace55dab37375b66bbb1aa80eaac87be293f2cdfb921f69fbe26a6f77

Download Submit
C:\Windows\system\trABiYE.exe

Filesize
6.0MB

MD5
a321801d5baeb1215b07df818c5610dc

SHA1
57410eafccd9f4824a392cacd3c34839f4521e8b

SHA256
1a931645e0a0c4e4d3aff6973a178a59bf0b5bd3fb77947e9a411bcbbda1874a

SHA512
da2843ef37893f6d74c3a3aac4d85e03d3c4bb546b4ee73fb6c2da27fd397c65433257fe8a02ed9acbf3e5ea5c4b5284e50be8be95df36a91631bd5459e50df6

Download Submit
C:\Windows\system\uBQZZMl.exe

Filesize
6.0MB

MD5
ce5ccee28cd960db16348c24656b1469

SHA1
a96c6f2203d3904a46153ce71b9586c2c86a3601

SHA256
082cf31c527f2b260c1a596f98aa1f389370b15fd6f0ec5500abef5593980917

SHA512
3cded6d641de608036c7aa1491334e5de251ef164de5ac6ef136c7c1354cfd026b7c7b91bd065be56b2b973aaae697f55f960276b5e127f841fdff5027282fb7

Download Submit
C:\Windows\system\yHLLYsh.exe

Filesize
6.0MB

MD5
485eb9305aaeb9722063179f66672c09

SHA1
2b996bdce75d125ff925297ac50564e0120a2b3a

SHA256
650211531263afc857348fc75ff79bd58116ed16a962efefa5ab51cabb356252

SHA512
9f33fa4fae539219dfe564461ac4082cfc27f2618d23236d17ee8addcdd047a38dc2c6602d88ff6ca859c67558b683a6cf028af032c548e4bf7d7de312fa0c82

Download Submit
\Windows\system\JGpSqMD.exe

Filesize
6.0MB

MD5
f0f39f78ba98697ec955c4606ba3c37c

SHA1
20b65e60ecf6f14a98d3087fcca16136a96d04f6

SHA256
99b29196229c9107c6152f0e338f832d523a84e705db229d3ee8dfa6dbf41083

SHA512
b9ce5f1131a85e3d95b3eedff92f544894af2fb45e75f486fc00722df6cc1a131d5312efcc01e3ab1056065380d29be80759c4082131e9ebcefb66a2ba4c332f

Download Submit
\Windows\system\YqKHeDP.exe

Filesize
6.0MB

MD5
d7376d43b2b2935fde085da5fa6efaf9

SHA1
9dc2a136404a40478e01a8d08a7b71420d1d8c40

SHA256
718f398b5fd66271f760817d92b20e8a6feb21f21a63d14744696692759546de

SHA512
60f250dcfe04b7a333cf125b2f5f2fd6f0f5ae9e2516f8b7e067beb90ca73ddba8deea6f0a7ec6820f014a24ca44ee5447335aa75076e34dbe5b755499fc2268

Download Submit
\Windows\system\bwRThpS.exe

Filesize
6.0MB

MD5
203138a5e53f432ef4846c9bdd72be19

SHA1
3adcd73e50cd1dd683cc8fc12c6775eef240f63f

SHA256
8b97d73a9e80a1bf002d74eb65656f14a9a7244f2b695e09f64af3842a2547ab

SHA512
1992c4c637e2ee5d4a859f02512bd94fc97594c9501b4e55889b0803518d81648c4e58d4d41719e516beacbaaee7743856fecbf1933a6c406a170edba7927e55

Download Submit
\Windows\system\wFTCoao.exe

Filesize
6.0MB

MD5
0a8dbbdcebc0db999547e3e0b6624f7e

SHA1
a2df4f291e9444cae2d0936cfb32b08d14ca1ef7

SHA256
bfd82b4fa61a1cad4fbec4d8a6a7a55b3c09e3e8a062fd57c62ed8970e790e0a

SHA512
b9246aaa18f0ba947fb225a67ca1f836a79f8b73ba8b484880d7fc7caf4160b93af7898289ba15fa1022a5a75b9f6b14ce07b4349ce152ebc974f9c1dd600350

Download Submit
memory/1156-18-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1156-64-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1156-3772-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2260-42-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2260-3777-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2292-23-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2292-3778-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2384-91-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2384-98-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1158-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1393-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-36-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2384-22-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2384-77-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2384-583-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-31-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2384-32-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2384-0-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-43-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2384-864-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2384-62-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1-0x0000000001B20000-0x0000000001B30000-memory.dmp

Filesize
64KB

Download
memory/2384-394-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2384-69-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3773-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2396-24-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2452-52-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2452-90-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2452-3771-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2592-99-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2592-3767-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2592-1159-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3769-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2644-63-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2644-123-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3780-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2668-395-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2668-70-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2692-584-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-82-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3768-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-97-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-57-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3779-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-89-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2816-51-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3770-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2860-46-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3774-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3776-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2892-92-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2904-88-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2904-3775-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2904-50-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download