cobaltstrike | d3a0d156ade2c8dc1b4b26400f7b35c050dde79f22d6b013e44448adb44ce51b

Analysis

max time kernel
150s
max time network
18s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
16-11-2024 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

64c993ff6894a902eb12184ef402a862
SHA1

2db3805af36c0cbd04b5e5e8616c5876b7b9ab86
SHA256

d3a0d156ade2c8dc1b4b26400f7b35c050dde79f22d6b013e44448adb44ce51b
SHA512

452941180438d470385e5580f64f05e2caeb5e9ba8f81e2ffaecd96dc913ddbe483a0d6914a3ff4a60e9fc66d37851f34da1ad433163d34a899ed374a660ea55
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUy:T+q56utgpPF8u/7y

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000019c57-5.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019cba-11.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000120fe-15.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019d8e-23.dat	cobalt_reflective_dll
behavioral1/files/0x002d000000019c34-34.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019dbf-37.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019f8a-44.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019f94-51.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d5-67.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001a075-63.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d7-77.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d9-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4db-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4de-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e0-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e2-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e4-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4eb-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e8-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ed-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4f7-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001ad76-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001c59b-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001bf13-189.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001be46-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a5bf-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001ad72-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a58f-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a50b-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4f1-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ef-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e6-125.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2296-0-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x0007000000019c57-5.dat	xmrig
behavioral1/files/0x0007000000019cba-11.dat	xmrig
behavioral1/memory/2904-19-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2796-21-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2784-18-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fe-15.dat	xmrig
behavioral1/memory/2296-6-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/files/0x0006000000019d8e-23.dat	xmrig
behavioral1/memory/2952-28-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x002d000000019c34-34.dat	xmrig
behavioral1/files/0x0006000000019dbf-37.dat	xmrig
behavioral1/memory/2868-43-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2920-36-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2296-35-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x0006000000019f8a-44.dat	xmrig
behavioral1/memory/2860-50-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000019f94-51.dat	xmrig
behavioral1/memory/2684-58-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2296-56-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4d5-67.dat	xmrig
behavioral1/memory/2920-68-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/1456-74-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/1700-64-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x000800000001a075-63.dat	xmrig
behavioral1/memory/2952-60-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2868-73-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2296-69-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2796-52-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2296-76-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4d7-77.dat	xmrig
behavioral1/memory/1940-83-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4d9-84.dat	xmrig
behavioral1/memory/2296-87-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2296-89-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/1700-91-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2104-92-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4db-93.dat	xmrig
behavioral1/memory/2340-100-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/1456-99-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4de-101.dat	xmrig
behavioral1/memory/2980-106-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4e0-107.dat	xmrig
behavioral1/files/0x000500000001a4e2-113.dat	xmrig
behavioral1/files/0x000500000001a4e4-116.dat	xmrig
behavioral1/files/0x000500000001a4eb-134.dat	xmrig
behavioral1/files/0x000500000001a4e8-126.dat	xmrig
behavioral1/files/0x000500000001a4ed-140.dat	xmrig
behavioral1/files/0x000500000001a4f7-154.dat	xmrig
behavioral1/files/0x000500000001ad76-177.dat	xmrig
behavioral1/files/0x000500000001c59b-194.dat	xmrig
behavioral1/memory/2296-216-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/1940-215-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x000500000001bf13-189.dat	xmrig
behavioral1/files/0x000400000001be46-184.dat	xmrig
behavioral1/files/0x000500000001a5bf-170.dat	xmrig
behavioral1/files/0x000500000001ad72-174.dat	xmrig
behavioral1/files/0x000500000001a58f-163.dat	xmrig
behavioral1/files/0x000500000001a50b-159.dat	xmrig
behavioral1/files/0x000500000001a4f1-149.dat	xmrig
behavioral1/files/0x000500000001a4ef-143.dat	xmrig
behavioral1/files/0x000500000001a4e6-125.dat	xmrig
behavioral1/memory/2784-2455-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2796-2453-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2784	WysohiP.exe
2904	TyHpxQI.exe
2796	gtcBErp.exe
2952	HCduFUa.exe
2920	cpcarFc.exe
2868	qnnyAEl.exe
2860	SDXhVQE.exe
2684	uXHvTOT.exe
1700	IRYcYtk.exe
1456	QvYQWaR.exe
1940	FJoLudI.exe
2104	GWaJcuZ.exe
2340	iZdTrUv.exe
2980	sZDyGYr.exe
816	wRDbYEL.exe
2676	exSUyzD.exe
2996	xhqIAhq.exe
2548	yVBObdu.exe
1868	GbwmjZw.exe
2268	jhRoggt.exe
1576	GEcOEOQ.exe
1744	bkJshdn.exe
1812	NZYtrna.exe
1388	vNezOqy.exe
2348	MbAqWMy.exe
2224	jEhWtcw.exe
2636	ObZmoui.exe
2108	yXhmWRF.exe
2400	zebbomf.exe
908	CzXXGGd.exe
952	UBiIoya.exe
1684	yaCiXne.exe
2016	nZwlctv.exe
876	OGuasnv.exe
2080	AfHRods.exe
1988	eIaQyOj.exe
552	iZwBXlc.exe
2300	HOErWUX.exe
988	BzggDwf.exe
1924	rlVQkCy.exe
1652	MmdsuWT.exe
632	kUpPlye.exe
1952	UZbetDq.exe
2200	BegwEVn.exe
2624	lLsiFID.exe
2524	FrcIzrT.exe
1936	PYyUAfQ.exe
1216	uBOiKUq.exe
2972	ghobIVI.exe
2600	gJWyceI.exe
1500	lTYNzZL.exe
1572	ndrKIrv.exe
1708	cCHsqMy.exe
2800	wHiURZD.exe
2948	JoyCbCw.exe
2808	hDXWJXw.exe
408	KtIuxWr.exe
2688	jaYfFiG.exe
1488	lryIYwt.exe
2844	TTKJWlx.exe
2888	HgdosaV.exe
2852	jUcLhUx.exe
1832	mxVVdda.exe
1612	rIYbmmb.exe

Loads dropped DLL 64 IoCs

pid	Process
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2296-0-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x0007000000019c57-5.dat	upx
behavioral1/files/0x0007000000019cba-11.dat	upx
behavioral1/memory/2904-19-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2796-21-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2784-18-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x00080000000120fe-15.dat	upx
behavioral1/files/0x0006000000019d8e-23.dat	upx
behavioral1/memory/2952-28-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x002d000000019c34-34.dat	upx
behavioral1/files/0x0006000000019dbf-37.dat	upx
behavioral1/memory/2868-43-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2920-36-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2296-35-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x0006000000019f8a-44.dat	upx
behavioral1/memory/2860-50-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x0008000000019f94-51.dat	upx
behavioral1/memory/2684-58-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x000500000001a4d5-67.dat	upx
behavioral1/memory/2920-68-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/1456-74-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/1700-64-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x000800000001a075-63.dat	upx
behavioral1/memory/2952-60-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2868-73-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2796-52-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/files/0x000500000001a4d7-77.dat	upx
behavioral1/memory/1940-83-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x000500000001a4d9-84.dat	upx
behavioral1/memory/1700-91-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2104-92-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x000500000001a4db-93.dat	upx
behavioral1/memory/2340-100-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/1456-99-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x000500000001a4de-101.dat	upx
behavioral1/memory/2980-106-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/files/0x000500000001a4e0-107.dat	upx
behavioral1/files/0x000500000001a4e2-113.dat	upx
behavioral1/files/0x000500000001a4e4-116.dat	upx
behavioral1/files/0x000500000001a4eb-134.dat	upx
behavioral1/files/0x000500000001a4e8-126.dat	upx
behavioral1/files/0x000500000001a4ed-140.dat	upx
behavioral1/files/0x000500000001a4f7-154.dat	upx
behavioral1/files/0x000500000001ad76-177.dat	upx
behavioral1/files/0x000500000001c59b-194.dat	upx
behavioral1/memory/1940-215-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x000500000001bf13-189.dat	upx
behavioral1/files/0x000400000001be46-184.dat	upx
behavioral1/files/0x000500000001a5bf-170.dat	upx
behavioral1/files/0x000500000001ad72-174.dat	upx
behavioral1/files/0x000500000001a58f-163.dat	upx
behavioral1/files/0x000500000001a50b-159.dat	upx
behavioral1/files/0x000500000001a4f1-149.dat	upx
behavioral1/files/0x000500000001a4ef-143.dat	upx
behavioral1/files/0x000500000001a4e6-125.dat	upx
behavioral1/memory/2784-2455-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2796-2453-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2904-2458-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2952-2508-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2868-2519-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2920-2525-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/1700-2599-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2684-2601-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2860-2600-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dAsEAvl.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hoqdPZz.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXwZNqJ.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qyHgKZp.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rYQZoQt.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yUiutUk.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Yxyarff.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpvwvtb.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AWrqjWY.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQOCoRH.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eYnBeGr.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSnVZkR.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QDSHsya.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YasmOUU.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\csBayog.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RfNfkIt.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ieUWprA.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OKSFsJI.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TMfkkIO.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GXGBLSN.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\axJDSBA.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FZKadXV.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fmUyBED.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hThniaz.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OgvbknV.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XmpnzOU.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WnVXKiV.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HIcrXUK.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzAaByI.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DPCklwX.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZlRSFAO.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LdhIqtG.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZdnrQwV.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jqYPXDF.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WthCPlm.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rtYpJVn.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ltviZdT.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XBpvpXi.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YwmbHgz.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDsIAZl.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mflGgpo.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MpwNRmE.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uRxDVxq.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\svPAUaH.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bdAWLXI.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rHMgVFH.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wSbrbdX.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ycjfYGC.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mRnmTuq.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdrHvsc.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dxUoYQD.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GXTPFwW.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqzGPbP.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eVfWPiI.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZkjffOc.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRiGBYX.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EFuwbgX.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMQdUYY.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RYgSqWv.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqTIFRK.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HDYtkyW.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zXvPPXj.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzBcZkp.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gzkJjgn.exe	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2904	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2296 wrote to memory of 2904	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2296 wrote to memory of 2904	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2296 wrote to memory of 2784	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2296 wrote to memory of 2784	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2296 wrote to memory of 2784	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2296 wrote to memory of 2796	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2296 wrote to memory of 2796	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2296 wrote to memory of 2796	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2296 wrote to memory of 2952	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2296 wrote to memory of 2952	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2296 wrote to memory of 2952	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2296 wrote to memory of 2920	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2296 wrote to memory of 2920	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2296 wrote to memory of 2920	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2296 wrote to memory of 2868	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2296 wrote to memory of 2868	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2296 wrote to memory of 2868	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2296 wrote to memory of 2860	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2296 wrote to memory of 2860	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2296 wrote to memory of 2860	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2296 wrote to memory of 2684	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2296 wrote to memory of 2684	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2296 wrote to memory of 2684	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2296 wrote to memory of 1700	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2296 wrote to memory of 1700	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2296 wrote to memory of 1700	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2296 wrote to memory of 1456	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2296 wrote to memory of 1456	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2296 wrote to memory of 1456	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2296 wrote to memory of 1940	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2296 wrote to memory of 1940	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2296 wrote to memory of 1940	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2296 wrote to memory of 2104	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2296 wrote to memory of 2104	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2296 wrote to memory of 2104	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2296 wrote to memory of 2340	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2296 wrote to memory of 2340	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2296 wrote to memory of 2340	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2296 wrote to memory of 2980	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2296 wrote to memory of 2980	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2296 wrote to memory of 2980	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2296 wrote to memory of 816	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2296 wrote to memory of 816	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2296 wrote to memory of 816	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2296 wrote to memory of 2676	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2296 wrote to memory of 2676	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2296 wrote to memory of 2676	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2296 wrote to memory of 2996	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2296 wrote to memory of 2996	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2296 wrote to memory of 2996	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2296 wrote to memory of 2548	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2296 wrote to memory of 2548	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2296 wrote to memory of 2548	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2296 wrote to memory of 1868	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2296 wrote to memory of 1868	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2296 wrote to memory of 1868	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2296 wrote to memory of 2268	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2296 wrote to memory of 2268	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2296 wrote to memory of 2268	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2296 wrote to memory of 1576	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2296 wrote to memory of 1576	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2296 wrote to memory of 1576	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2296 wrote to memory of 1744	2296	2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-16_64c993ff6894a902eb12184ef402a862_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\System\TyHpxQI.exe
  C:\Windows\System\TyHpxQI.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\WysohiP.exe
  C:\Windows\System\WysohiP.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\gtcBErp.exe
  C:\Windows\System\gtcBErp.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\HCduFUa.exe
  C:\Windows\System\HCduFUa.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\cpcarFc.exe
  C:\Windows\System\cpcarFc.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\qnnyAEl.exe
  C:\Windows\System\qnnyAEl.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\SDXhVQE.exe
  C:\Windows\System\SDXhVQE.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\uXHvTOT.exe
  C:\Windows\System\uXHvTOT.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\IRYcYtk.exe
  C:\Windows\System\IRYcYtk.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\QvYQWaR.exe
  C:\Windows\System\QvYQWaR.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\FJoLudI.exe
  C:\Windows\System\FJoLudI.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\GWaJcuZ.exe
  C:\Windows\System\GWaJcuZ.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\iZdTrUv.exe
  C:\Windows\System\iZdTrUv.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\sZDyGYr.exe
  C:\Windows\System\sZDyGYr.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\wRDbYEL.exe
  C:\Windows\System\wRDbYEL.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\exSUyzD.exe
  C:\Windows\System\exSUyzD.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\xhqIAhq.exe
  C:\Windows\System\xhqIAhq.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\yVBObdu.exe
  C:\Windows\System\yVBObdu.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\GbwmjZw.exe
  C:\Windows\System\GbwmjZw.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\jhRoggt.exe
  C:\Windows\System\jhRoggt.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\GEcOEOQ.exe
  C:\Windows\System\GEcOEOQ.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\bkJshdn.exe
  C:\Windows\System\bkJshdn.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\NZYtrna.exe
  C:\Windows\System\NZYtrna.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\vNezOqy.exe
  C:\Windows\System\vNezOqy.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\MbAqWMy.exe
  C:\Windows\System\MbAqWMy.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\jEhWtcw.exe
  C:\Windows\System\jEhWtcw.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\ObZmoui.exe
  C:\Windows\System\ObZmoui.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\yXhmWRF.exe
  C:\Windows\System\yXhmWRF.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\zebbomf.exe
  C:\Windows\System\zebbomf.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\CzXXGGd.exe
  C:\Windows\System\CzXXGGd.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\UBiIoya.exe
  C:\Windows\System\UBiIoya.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\yaCiXne.exe
  C:\Windows\System\yaCiXne.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\nZwlctv.exe
  C:\Windows\System\nZwlctv.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\OGuasnv.exe
  C:\Windows\System\OGuasnv.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\AfHRods.exe
  C:\Windows\System\AfHRods.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\eIaQyOj.exe
  C:\Windows\System\eIaQyOj.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\iZwBXlc.exe
  C:\Windows\System\iZwBXlc.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\HOErWUX.exe
  C:\Windows\System\HOErWUX.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\BzggDwf.exe
  C:\Windows\System\BzggDwf.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\rlVQkCy.exe
  C:\Windows\System\rlVQkCy.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\MmdsuWT.exe
  C:\Windows\System\MmdsuWT.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\kUpPlye.exe
  C:\Windows\System\kUpPlye.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\UZbetDq.exe
  C:\Windows\System\UZbetDq.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\BegwEVn.exe
  C:\Windows\System\BegwEVn.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\lLsiFID.exe
  C:\Windows\System\lLsiFID.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\FrcIzrT.exe
  C:\Windows\System\FrcIzrT.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\PYyUAfQ.exe
  C:\Windows\System\PYyUAfQ.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\uBOiKUq.exe
  C:\Windows\System\uBOiKUq.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\ghobIVI.exe
  C:\Windows\System\ghobIVI.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\gJWyceI.exe
  C:\Windows\System\gJWyceI.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\lTYNzZL.exe
  C:\Windows\System\lTYNzZL.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\ndrKIrv.exe
  C:\Windows\System\ndrKIrv.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\cCHsqMy.exe
  C:\Windows\System\cCHsqMy.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\wHiURZD.exe
  C:\Windows\System\wHiURZD.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\JoyCbCw.exe
  C:\Windows\System\JoyCbCw.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\hDXWJXw.exe
  C:\Windows\System\hDXWJXw.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\KtIuxWr.exe
  C:\Windows\System\KtIuxWr.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\jaYfFiG.exe
  C:\Windows\System\jaYfFiG.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\lryIYwt.exe
  C:\Windows\System\lryIYwt.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\TTKJWlx.exe
  C:\Windows\System\TTKJWlx.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\HgdosaV.exe
  C:\Windows\System\HgdosaV.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\jUcLhUx.exe
  C:\Windows\System\jUcLhUx.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\mxVVdda.exe
  C:\Windows\System\mxVVdda.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\rIYbmmb.exe
  C:\Windows\System\rIYbmmb.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\bGKlCCW.exe
  C:\Windows\System\bGKlCCW.exe
  2⤵
  PID:2880
- C:\Windows\System\CfrwRlR.exe
  C:\Windows\System\CfrwRlR.exe
  2⤵
  PID:2912
- C:\Windows\System\gvOpKdy.exe
  C:\Windows\System\gvOpKdy.exe
  2⤵
  PID:2240
- C:\Windows\System\CkoBsRQ.exe
  C:\Windows\System\CkoBsRQ.exe
  2⤵
  PID:1520
- C:\Windows\System\KaPkUXg.exe
  C:\Windows\System\KaPkUXg.exe
  2⤵
  PID:2692
- C:\Windows\System\suefdyn.exe
  C:\Windows\System\suefdyn.exe
  2⤵
  PID:2748
- C:\Windows\System\hcoPcko.exe
  C:\Windows\System\hcoPcko.exe
  2⤵
  PID:1964
- C:\Windows\System\ASyRduB.exe
  C:\Windows\System\ASyRduB.exe
  2⤵
  PID:264
- C:\Windows\System\aZxphLe.exe
  C:\Windows\System\aZxphLe.exe
  2⤵
  PID:2960
- C:\Windows\System\sMngGJe.exe
  C:\Windows\System\sMngGJe.exe
  2⤵
  PID:316
- C:\Windows\System\dhyZRRx.exe
  C:\Windows\System\dhyZRRx.exe
  2⤵
  PID:2288
- C:\Windows\System\XNSyuBj.exe
  C:\Windows\System\XNSyuBj.exe
  2⤵
  PID:3040
- C:\Windows\System\DqDSAyt.exe
  C:\Windows\System\DqDSAyt.exe
  2⤵
  PID:836
- C:\Windows\System\EGSQKls.exe
  C:\Windows\System\EGSQKls.exe
  2⤵
  PID:2668
- C:\Windows\System\ovYMBuS.exe
  C:\Windows\System\ovYMBuS.exe
  2⤵
  PID:1408
- C:\Windows\System\WXutCbr.exe
  C:\Windows\System\WXutCbr.exe
  2⤵
  PID:1780
- C:\Windows\System\DjcpKhJ.exe
  C:\Windows\System\DjcpKhJ.exe
  2⤵
  PID:1224
- C:\Windows\System\vMZUWzy.exe
  C:\Windows\System\vMZUWzy.exe
  2⤵
  PID:1932
- C:\Windows\System\lCFXrcL.exe
  C:\Windows\System\lCFXrcL.exe
  2⤵
  PID:2248
- C:\Windows\System\afNHFaz.exe
  C:\Windows\System\afNHFaz.exe
  2⤵
  PID:2512
- C:\Windows\System\zWDsoZT.exe
  C:\Windows\System\zWDsoZT.exe
  2⤵
  PID:484
- C:\Windows\System\fBeWnNt.exe
  C:\Windows\System\fBeWnNt.exe
  2⤵
  PID:1356
- C:\Windows\System\TlVRQjM.exe
  C:\Windows\System\TlVRQjM.exe
  2⤵
  PID:1668
- C:\Windows\System\WeJvOmw.exe
  C:\Windows\System\WeJvOmw.exe
  2⤵
  PID:2656
- C:\Windows\System\xqoplle.exe
  C:\Windows\System\xqoplle.exe
  2⤵
  PID:1660
- C:\Windows\System\hlqgmEV.exe
  C:\Windows\System\hlqgmEV.exe
  2⤵
  PID:1328
- C:\Windows\System\fqMzEGf.exe
  C:\Windows\System\fqMzEGf.exe
  2⤵
  PID:1000
- C:\Windows\System\ShJhSsK.exe
  C:\Windows\System\ShJhSsK.exe
  2⤵
  PID:1852
- C:\Windows\System\EqdngrI.exe
  C:\Windows\System\EqdngrI.exe
  2⤵
  PID:1508
- C:\Windows\System\tYNKbqc.exe
  C:\Windows\System\tYNKbqc.exe
  2⤵
  PID:1532
- C:\Windows\System\yuxSqed.exe
  C:\Windows\System\yuxSqed.exe
  2⤵
  PID:3068
- C:\Windows\System\umegFNY.exe
  C:\Windows\System\umegFNY.exe
  2⤵
  PID:884
- C:\Windows\System\krKBIJp.exe
  C:\Windows\System\krKBIJp.exe
  2⤵
  PID:1080
- C:\Windows\System\ZyJHXeV.exe
  C:\Windows\System\ZyJHXeV.exe
  2⤵
  PID:2892
- C:\Windows\System\LUpzLDb.exe
  C:\Windows\System\LUpzLDb.exe
  2⤵
  PID:3060
- C:\Windows\System\jwIXkii.exe
  C:\Windows\System\jwIXkii.exe
  2⤵
  PID:1944
- C:\Windows\System\FnNuDZi.exe
  C:\Windows\System\FnNuDZi.exe
  2⤵
  PID:2236
- C:\Windows\System\TuNYDlo.exe
  C:\Windows\System\TuNYDlo.exe
  2⤵
  PID:1276
- C:\Windows\System\lUecwxQ.exe
  C:\Windows\System\lUecwxQ.exe
  2⤵
  PID:3064
- C:\Windows\System\MjnEGip.exe
  C:\Windows\System\MjnEGip.exe
  2⤵
  PID:656
- C:\Windows\System\SSygBVv.exe
  C:\Windows\System\SSygBVv.exe
  2⤵
  PID:2756
- C:\Windows\System\pqqKzzl.exe
  C:\Windows\System\pqqKzzl.exe
  2⤵
  PID:2332
- C:\Windows\System\UprbTUh.exe
  C:\Windows\System\UprbTUh.exe
  2⤵
  PID:1620
- C:\Windows\System\CQAAfVr.exe
  C:\Windows\System\CQAAfVr.exe
  2⤵
  PID:1840
- C:\Windows\System\Yzhiqyl.exe
  C:\Windows\System\Yzhiqyl.exe
  2⤵
  PID:320
- C:\Windows\System\FAzYZhV.exe
  C:\Windows\System\FAzYZhV.exe
  2⤵
  PID:2664
- C:\Windows\System\FphCAwl.exe
  C:\Windows\System\FphCAwl.exe
  2⤵
  PID:2100
- C:\Windows\System\zUseFeU.exe
  C:\Windows\System\zUseFeU.exe
  2⤵
  PID:1624
- C:\Windows\System\UZAIJFj.exe
  C:\Windows\System\UZAIJFj.exe
  2⤵
  PID:2444
- C:\Windows\System\TQGBrwt.exe
  C:\Windows\System\TQGBrwt.exe
  2⤵
  PID:2196
- C:\Windows\System\HIcrXUK.exe
  C:\Windows\System\HIcrXUK.exe
  2⤵
  PID:2132
- C:\Windows\System\cASRQgw.exe
  C:\Windows\System\cASRQgw.exe
  2⤵
  PID:2072
- C:\Windows\System\TBDWUBT.exe
  C:\Windows\System\TBDWUBT.exe
  2⤵
  PID:1556
- C:\Windows\System\aGOOCsR.exe
  C:\Windows\System\aGOOCsR.exe
  2⤵
  PID:832
- C:\Windows\System\HkXQtiA.exe
  C:\Windows\System\HkXQtiA.exe
  2⤵
  PID:2660
- C:\Windows\System\HTWfuGy.exe
  C:\Windows\System\HTWfuGy.exe
  2⤵
  PID:800
- C:\Windows\System\XrQLZlE.exe
  C:\Windows\System\XrQLZlE.exe
  2⤵
  PID:1872
- C:\Windows\System\hIHpMnS.exe
  C:\Windows\System\hIHpMnS.exe
  2⤵
  PID:1516
- C:\Windows\System\rbrzSat.exe
  C:\Windows\System\rbrzSat.exe
  2⤵
  PID:584
- C:\Windows\System\vImbqVT.exe
  C:\Windows\System\vImbqVT.exe
  2⤵
  PID:1608
- C:\Windows\System\frextbT.exe
  C:\Windows\System\frextbT.exe
  2⤵
  PID:1132
- C:\Windows\System\mMXtYBS.exe
  C:\Windows\System\mMXtYBS.exe
  2⤵
  PID:2848
- C:\Windows\System\WUaDiZw.exe
  C:\Windows\System\WUaDiZw.exe
  2⤵
  PID:2816
- C:\Windows\System\zUKgChX.exe
  C:\Windows\System\zUKgChX.exe
  2⤵
  PID:2044
- C:\Windows\System\GaHZGmc.exe
  C:\Windows\System\GaHZGmc.exe
  2⤵
  PID:1736
- C:\Windows\System\ozmzAsr.exe
  C:\Windows\System\ozmzAsr.exe
  2⤵
  PID:580
- C:\Windows\System\ivDdVXd.exe
  C:\Windows\System\ivDdVXd.exe
  2⤵
  PID:2432
- C:\Windows\System\RkFpkIW.exe
  C:\Windows\System\RkFpkIW.exe
  2⤵
  PID:1732
- C:\Windows\System\qklRKMa.exe
  C:\Windows\System\qklRKMa.exe
  2⤵
  PID:3012
- C:\Windows\System\zYqtQdA.exe
  C:\Windows\System\zYqtQdA.exe
  2⤵
  PID:2372
- C:\Windows\System\YszlKWX.exe
  C:\Windows\System\YszlKWX.exe
  2⤵
  PID:2128
- C:\Windows\System\VvvZDOl.exe
  C:\Windows\System\VvvZDOl.exe
  2⤵
  PID:1052
- C:\Windows\System\FhSPlCU.exe
  C:\Windows\System\FhSPlCU.exe
  2⤵
  PID:2032
- C:\Windows\System\yveCvIs.exe
  C:\Windows\System\yveCvIs.exe
  2⤵
  PID:932
- C:\Windows\System\KWqRlpi.exe
  C:\Windows\System\KWqRlpi.exe
  2⤵
  PID:2616
- C:\Windows\System\MXHBXxF.exe
  C:\Windows\System\MXHBXxF.exe
  2⤵
  PID:1528
- C:\Windows\System\qdfjuMI.exe
  C:\Windows\System\qdfjuMI.exe
  2⤵
  PID:2884
- C:\Windows\System\MIGRInk.exe
  C:\Windows\System\MIGRInk.exe
  2⤵
  PID:2552
- C:\Windows\System\kixqxqX.exe
  C:\Windows\System\kixqxqX.exe
  2⤵
  PID:2836
- C:\Windows\System\MnONfPL.exe
  C:\Windows\System\MnONfPL.exe
  2⤵
  PID:1344
- C:\Windows\System\UNvOSMz.exe
  C:\Windows\System\UNvOSMz.exe
  2⤵
  PID:2056
- C:\Windows\System\BGMwcxo.exe
  C:\Windows\System\BGMwcxo.exe
  2⤵
  PID:1724
- C:\Windows\System\yOhVeLn.exe
  C:\Windows\System\yOhVeLn.exe
  2⤵
  PID:2788
- C:\Windows\System\VcGBUpk.exe
  C:\Windows\System\VcGBUpk.exe
  2⤵
  PID:2740
- C:\Windows\System\TuEKzoG.exe
  C:\Windows\System\TuEKzoG.exe
  2⤵
  PID:2192
- C:\Windows\System\YalUHXT.exe
  C:\Windows\System\YalUHXT.exe
  2⤵
  PID:1588
- C:\Windows\System\NBjJrII.exe
  C:\Windows\System\NBjJrII.exe
  2⤵
  PID:344
- C:\Windows\System\jiThrtz.exe
  C:\Windows\System\jiThrtz.exe
  2⤵
  PID:2632
- C:\Windows\System\WZlNXsp.exe
  C:\Windows\System\WZlNXsp.exe
  2⤵
  PID:2900
- C:\Windows\System\MvLJTLz.exe
  C:\Windows\System\MvLJTLz.exe
  2⤵
  PID:1092
- C:\Windows\System\nHrivZd.exe
  C:\Windows\System\nHrivZd.exe
  2⤵
  PID:772
- C:\Windows\System\eepGAcB.exe
  C:\Windows\System\eepGAcB.exe
  2⤵
  PID:2940
- C:\Windows\System\zPaadYi.exe
  C:\Windows\System\zPaadYi.exe
  2⤵
  PID:1064
- C:\Windows\System\YYoibgu.exe
  C:\Windows\System\YYoibgu.exe
  2⤵
  PID:1568
- C:\Windows\System\cSlBisv.exe
  C:\Windows\System\cSlBisv.exe
  2⤵
  PID:2736
- C:\Windows\System\HPtQAXT.exe
  C:\Windows\System\HPtQAXT.exe
  2⤵
  PID:1996
- C:\Windows\System\ONZmjAm.exe
  C:\Windows\System\ONZmjAm.exe
  2⤵
  PID:2456
- C:\Windows\System\PgeDjhE.exe
  C:\Windows\System\PgeDjhE.exe
  2⤵
  PID:3080
- C:\Windows\System\VXpTKVK.exe
  C:\Windows\System\VXpTKVK.exe
  2⤵
  PID:3100
- C:\Windows\System\ACjLAIH.exe
  C:\Windows\System\ACjLAIH.exe
  2⤵
  PID:3120
- C:\Windows\System\KSUfLca.exe
  C:\Windows\System\KSUfLca.exe
  2⤵
  PID:3140
- C:\Windows\System\zjkexjk.exe
  C:\Windows\System\zjkexjk.exe
  2⤵
  PID:3160
- C:\Windows\System\UlhZCgR.exe
  C:\Windows\System\UlhZCgR.exe
  2⤵
  PID:3180
- C:\Windows\System\TqhKUmt.exe
  C:\Windows\System\TqhKUmt.exe
  2⤵
  PID:3200
- C:\Windows\System\RhJHauK.exe
  C:\Windows\System\RhJHauK.exe
  2⤵
  PID:3220
- C:\Windows\System\wiigeMK.exe
  C:\Windows\System\wiigeMK.exe
  2⤵
  PID:3240
- C:\Windows\System\TDhDIKt.exe
  C:\Windows\System\TDhDIKt.exe
  2⤵
  PID:3260
- C:\Windows\System\PCWRVmi.exe
  C:\Windows\System\PCWRVmi.exe
  2⤵
  PID:3280
- C:\Windows\System\SIpswrB.exe
  C:\Windows\System\SIpswrB.exe
  2⤵
  PID:3304
- C:\Windows\System\dxUoYQD.exe
  C:\Windows\System\dxUoYQD.exe
  2⤵
  PID:3324
- C:\Windows\System\PVdYrLq.exe
  C:\Windows\System\PVdYrLq.exe
  2⤵
  PID:3344
- C:\Windows\System\ORNZUrr.exe
  C:\Windows\System\ORNZUrr.exe
  2⤵
  PID:3364
- C:\Windows\System\TcuOUKx.exe
  C:\Windows\System\TcuOUKx.exe
  2⤵
  PID:3384
- C:\Windows\System\hAQWRmI.exe
  C:\Windows\System\hAQWRmI.exe
  2⤵
  PID:3404
- C:\Windows\System\WLffGOj.exe
  C:\Windows\System\WLffGOj.exe
  2⤵
  PID:3424
- C:\Windows\System\tqVwOOF.exe
  C:\Windows\System\tqVwOOF.exe
  2⤵
  PID:3444
- C:\Windows\System\LdCTOad.exe
  C:\Windows\System\LdCTOad.exe
  2⤵
  PID:3468
- C:\Windows\System\wsHtNlf.exe
  C:\Windows\System\wsHtNlf.exe
  2⤵
  PID:3488
- C:\Windows\System\CrePlsC.exe
  C:\Windows\System\CrePlsC.exe
  2⤵
  PID:3508
- C:\Windows\System\PBkHDte.exe
  C:\Windows\System\PBkHDte.exe
  2⤵
  PID:3528
- C:\Windows\System\peOpbtJ.exe
  C:\Windows\System\peOpbtJ.exe
  2⤵
  PID:3548
- C:\Windows\System\GbNNewS.exe
  C:\Windows\System\GbNNewS.exe
  2⤵
  PID:3568
- C:\Windows\System\XRvyEjd.exe
  C:\Windows\System\XRvyEjd.exe
  2⤵
  PID:3588
- C:\Windows\System\LRSSpho.exe
  C:\Windows\System\LRSSpho.exe
  2⤵
  PID:3608
- C:\Windows\System\FCPFJYG.exe
  C:\Windows\System\FCPFJYG.exe
  2⤵
  PID:3632
- C:\Windows\System\yEWHJLR.exe
  C:\Windows\System\yEWHJLR.exe
  2⤵
  PID:3652
- C:\Windows\System\eSwmBOC.exe
  C:\Windows\System\eSwmBOC.exe
  2⤵
  PID:3672
- C:\Windows\System\dzLwHdE.exe
  C:\Windows\System\dzLwHdE.exe
  2⤵
  PID:3692
- C:\Windows\System\ytpCbjg.exe
  C:\Windows\System\ytpCbjg.exe
  2⤵
  PID:3712
- C:\Windows\System\lLfcYHr.exe
  C:\Windows\System\lLfcYHr.exe
  2⤵
  PID:3732
- C:\Windows\System\nIzSgxV.exe
  C:\Windows\System\nIzSgxV.exe
  2⤵
  PID:3752
- C:\Windows\System\spLZPdc.exe
  C:\Windows\System\spLZPdc.exe
  2⤵
  PID:3772
- C:\Windows\System\tsWIQws.exe
  C:\Windows\System\tsWIQws.exe
  2⤵
  PID:3792
- C:\Windows\System\BCzHqyY.exe
  C:\Windows\System\BCzHqyY.exe
  2⤵
  PID:3812
- C:\Windows\System\slvYBKp.exe
  C:\Windows\System\slvYBKp.exe
  2⤵
  PID:3832
- C:\Windows\System\TJQYBBy.exe
  C:\Windows\System\TJQYBBy.exe
  2⤵
  PID:3852
- C:\Windows\System\joZZzUc.exe
  C:\Windows\System\joZZzUc.exe
  2⤵
  PID:3872
- C:\Windows\System\SUXLczj.exe
  C:\Windows\System\SUXLczj.exe
  2⤵
  PID:3892
- C:\Windows\System\WBSMlMF.exe
  C:\Windows\System\WBSMlMF.exe
  2⤵
  PID:3912
- C:\Windows\System\ZFRwZnq.exe
  C:\Windows\System\ZFRwZnq.exe
  2⤵
  PID:3928
- C:\Windows\System\ChPWINc.exe
  C:\Windows\System\ChPWINc.exe
  2⤵
  PID:3952
- C:\Windows\System\kwnkxfn.exe
  C:\Windows\System\kwnkxfn.exe
  2⤵
  PID:3968
- C:\Windows\System\gvgkzrj.exe
  C:\Windows\System\gvgkzrj.exe
  2⤵
  PID:3992
- C:\Windows\System\glAvAix.exe
  C:\Windows\System\glAvAix.exe
  2⤵
  PID:4012
- C:\Windows\System\CDrocfQ.exe
  C:\Windows\System\CDrocfQ.exe
  2⤵
  PID:4036
- C:\Windows\System\KBmTbfL.exe
  C:\Windows\System\KBmTbfL.exe
  2⤵
  PID:4056
- C:\Windows\System\NwgzjFU.exe
  C:\Windows\System\NwgzjFU.exe
  2⤵
  PID:4076
- C:\Windows\System\UUMNWGT.exe
  C:\Windows\System\UUMNWGT.exe
  2⤵
  PID:2896
- C:\Windows\System\JjNmjLG.exe
  C:\Windows\System\JjNmjLG.exe
  2⤵
  PID:1860
- C:\Windows\System\EOUQVfw.exe
  C:\Windows\System\EOUQVfw.exe
  2⤵
  PID:2612
- C:\Windows\System\wQaKULI.exe
  C:\Windows\System\wQaKULI.exe
  2⤵
  PID:3128
- C:\Windows\System\iGJSoTD.exe
  C:\Windows\System\iGJSoTD.exe
  2⤵
  PID:2176
- C:\Windows\System\MzzJuRU.exe
  C:\Windows\System\MzzJuRU.exe
  2⤵
  PID:3172
- C:\Windows\System\uvuJPSD.exe
  C:\Windows\System\uvuJPSD.exe
  2⤵
  PID:3216
- C:\Windows\System\kNNrngU.exe
  C:\Windows\System\kNNrngU.exe
  2⤵
  PID:3248
- C:\Windows\System\aqmrfhA.exe
  C:\Windows\System\aqmrfhA.exe
  2⤵
  PID:3252
- C:\Windows\System\sxGXioO.exe
  C:\Windows\System\sxGXioO.exe
  2⤵
  PID:3288
- C:\Windows\System\TYRvtbX.exe
  C:\Windows\System\TYRvtbX.exe
  2⤵
  PID:3340
- C:\Windows\System\WGiEQos.exe
  C:\Windows\System\WGiEQos.exe
  2⤵
  PID:3352
- C:\Windows\System\OOnjbcr.exe
  C:\Windows\System\OOnjbcr.exe
  2⤵
  PID:3356
- C:\Windows\System\HzKfAoG.exe
  C:\Windows\System\HzKfAoG.exe
  2⤵
  PID:3400
- C:\Windows\System\KMvGLrA.exe
  C:\Windows\System\KMvGLrA.exe
  2⤵
  PID:3456
- C:\Windows\System\cfhituj.exe
  C:\Windows\System\cfhituj.exe
  2⤵
  PID:3500
- C:\Windows\System\VtMMKIY.exe
  C:\Windows\System\VtMMKIY.exe
  2⤵
  PID:3536
- C:\Windows\System\WmnCvCn.exe
  C:\Windows\System\WmnCvCn.exe
  2⤵
  PID:3576
- C:\Windows\System\gzooyrI.exe
  C:\Windows\System\gzooyrI.exe
  2⤵
  PID:3616
- C:\Windows\System\DtteDgB.exe
  C:\Windows\System\DtteDgB.exe
  2⤵
  PID:3620
- C:\Windows\System\ZvFKyRf.exe
  C:\Windows\System\ZvFKyRf.exe
  2⤵
  PID:3664
- C:\Windows\System\HgAIpQc.exe
  C:\Windows\System\HgAIpQc.exe
  2⤵
  PID:3680
- C:\Windows\System\RcBstZj.exe
  C:\Windows\System\RcBstZj.exe
  2⤵
  PID:3056
- C:\Windows\System\wvOZOPa.exe
  C:\Windows\System\wvOZOPa.exe
  2⤵
  PID:3748
- C:\Windows\System\IkNeMdA.exe
  C:\Windows\System\IkNeMdA.exe
  2⤵
  PID:3768
- C:\Windows\System\mMIpOJl.exe
  C:\Windows\System\mMIpOJl.exe
  2⤵
  PID:3808
- C:\Windows\System\tOttiNk.exe
  C:\Windows\System\tOttiNk.exe
  2⤵
  PID:1504
- C:\Windows\System\NtqawLO.exe
  C:\Windows\System\NtqawLO.exe
  2⤵
  PID:3848
- C:\Windows\System\jPNniwP.exe
  C:\Windows\System\jPNniwP.exe
  2⤵
  PID:3884
- C:\Windows\System\jIgIGIy.exe
  C:\Windows\System\jIgIGIy.exe
  2⤵
  PID:3940
- C:\Windows\System\dWKfwvj.exe
  C:\Windows\System\dWKfwvj.exe
  2⤵
  PID:3976
- C:\Windows\System\AQearxF.exe
  C:\Windows\System\AQearxF.exe
  2⤵
  PID:4000
- C:\Windows\System\KdSEbOc.exe
  C:\Windows\System\KdSEbOc.exe
  2⤵
  PID:4032
- C:\Windows\System\CLxzQrc.exe
  C:\Windows\System\CLxzQrc.exe
  2⤵
  PID:2060
- C:\Windows\System\bKNcCov.exe
  C:\Windows\System\bKNcCov.exe
  2⤵
  PID:4092
- C:\Windows\System\sKhDjYU.exe
  C:\Windows\System\sKhDjYU.exe
  2⤵
  PID:1752
- C:\Windows\System\BRBZcfS.exe
  C:\Windows\System\BRBZcfS.exe
  2⤵
  PID:3096
- C:\Windows\System\eMUUHKJ.exe
  C:\Windows\System\eMUUHKJ.exe
  2⤵
  PID:3132
- C:\Windows\System\VsaEVEM.exe
  C:\Windows\System\VsaEVEM.exe
  2⤵
  PID:3156
- C:\Windows\System\OobyyYT.exe
  C:\Windows\System\OobyyYT.exe
  2⤵
  PID:3276
- C:\Windows\System\TqUeCQU.exe
  C:\Windows\System\TqUeCQU.exe
  2⤵
  PID:3232
- C:\Windows\System\JYvkeUS.exe
  C:\Windows\System\JYvkeUS.exe
  2⤵
  PID:3332
- C:\Windows\System\lXvmAAE.exe
  C:\Windows\System\lXvmAAE.exe
  2⤵
  PID:3412
- C:\Windows\System\frkmbkK.exe
  C:\Windows\System\frkmbkK.exe
  2⤵
  PID:3464
- C:\Windows\System\yzeuIMH.exe
  C:\Windows\System\yzeuIMH.exe
  2⤵
  PID:3556
- C:\Windows\System\CVkQLuk.exe
  C:\Windows\System\CVkQLuk.exe
  2⤵
  PID:2760
- C:\Windows\System\juDwQxs.exe
  C:\Windows\System\juDwQxs.exe
  2⤵
  PID:3604
- C:\Windows\System\tDjPXiu.exe
  C:\Windows\System\tDjPXiu.exe
  2⤵
  PID:3708
- C:\Windows\System\nVGuYIs.exe
  C:\Windows\System\nVGuYIs.exe
  2⤵
  PID:3740
- C:\Windows\System\hJaqqFP.exe
  C:\Windows\System\hJaqqFP.exe
  2⤵
  PID:3800
- C:\Windows\System\ksydFZQ.exe
  C:\Windows\System\ksydFZQ.exe
  2⤵
  PID:3704
- C:\Windows\System\HMIfDTT.exe
  C:\Windows\System\HMIfDTT.exe
  2⤵
  PID:3868
- C:\Windows\System\EtMKDVM.exe
  C:\Windows\System\EtMKDVM.exe
  2⤵
  PID:3948
- C:\Windows\System\hvdgDeM.exe
  C:\Windows\System\hvdgDeM.exe
  2⤵
  PID:3824
- C:\Windows\System\RWsHVyn.exe
  C:\Windows\System\RWsHVyn.exe
  2⤵
  PID:3540
- C:\Windows\System\oBZFZDp.exe
  C:\Windows\System\oBZFZDp.exe
  2⤵
  PID:3888
- C:\Windows\System\fyNXGfy.exe
  C:\Windows\System\fyNXGfy.exe
  2⤵
  PID:2408
- C:\Windows\System\xXyRJWR.exe
  C:\Windows\System\xXyRJWR.exe
  2⤵
  PID:4064
- C:\Windows\System\UJhfbRd.exe
  C:\Windows\System\UJhfbRd.exe
  2⤵
  PID:2160
- C:\Windows\System\lNQPOqy.exe
  C:\Windows\System\lNQPOqy.exe
  2⤵
  PID:4084
- C:\Windows\System\CMegwRo.exe
  C:\Windows\System\CMegwRo.exe
  2⤵
  PID:3176
- C:\Windows\System\UAlDRxV.exe
  C:\Windows\System\UAlDRxV.exe
  2⤵
  PID:1244
- C:\Windows\System\lqsBWQn.exe
  C:\Windows\System\lqsBWQn.exe
  2⤵
  PID:3212
- C:\Windows\System\WXyjLwa.exe
  C:\Windows\System\WXyjLwa.exe
  2⤵
  PID:2532
- C:\Windows\System\ronZJFW.exe
  C:\Windows\System\ronZJFW.exe
  2⤵
  PID:592
- C:\Windows\System\QSxBwtc.exe
  C:\Windows\System\QSxBwtc.exe
  2⤵
  PID:2232
- C:\Windows\System\BtdnRgI.exe
  C:\Windows\System\BtdnRgI.exe
  2⤵
  PID:2076
- C:\Windows\System\STHwTkr.exe
  C:\Windows\System\STHwTkr.exe
  2⤵
  PID:3316
- C:\Windows\System\rMaFxBA.exe
  C:\Windows\System\rMaFxBA.exe
  2⤵
  PID:3436
- C:\Windows\System\VZOeDLF.exe
  C:\Windows\System\VZOeDLF.exe
  2⤵
  PID:3484
- C:\Windows\System\idALVED.exe
  C:\Windows\System\idALVED.exe
  2⤵
  PID:3600
- C:\Windows\System\UlFvTLZ.exe
  C:\Windows\System\UlFvTLZ.exe
  2⤵
  PID:3724
- C:\Windows\System\GXdpuJJ.exe
  C:\Windows\System\GXdpuJJ.exe
  2⤵
  PID:2052
- C:\Windows\System\AaybqIa.exe
  C:\Windows\System\AaybqIa.exe
  2⤵
  PID:888
- C:\Windows\System\HniElVL.exe
  C:\Windows\System\HniElVL.exe
  2⤵
  PID:3728
- C:\Windows\System\EZowJmI.exe
  C:\Windows\System\EZowJmI.exe
  2⤵
  PID:3904
- C:\Windows\System\onckClA.exe
  C:\Windows\System\onckClA.exe
  2⤵
  PID:4072
- C:\Windows\System\hwzBfKt.exe
  C:\Windows\System\hwzBfKt.exe
  2⤵
  PID:572
- C:\Windows\System\vFPTuBK.exe
  C:\Windows\System\vFPTuBK.exe
  2⤵
  PID:4020
- C:\Windows\System\GZgkMvE.exe
  C:\Windows\System\GZgkMvE.exe
  2⤵
  PID:3116
- C:\Windows\System\qnJdSNg.exe
  C:\Windows\System\qnJdSNg.exe
  2⤵
  PID:3196
- C:\Windows\System\DRMDzQp.exe
  C:\Windows\System\DRMDzQp.exe
  2⤵
  PID:2412
- C:\Windows\System\lSxDckT.exe
  C:\Windows\System\lSxDckT.exe
  2⤵
  PID:3440
- C:\Windows\System\bwzUOCj.exe
  C:\Windows\System\bwzUOCj.exe
  2⤵
  PID:3504
- C:\Windows\System\YWMhAkh.exe
  C:\Windows\System\YWMhAkh.exe
  2⤵
  PID:3420
- C:\Windows\System\WbQpVkp.exe
  C:\Windows\System\WbQpVkp.exe
  2⤵
  PID:2124
- C:\Windows\System\VHHvwdG.exe
  C:\Windows\System\VHHvwdG.exe
  2⤵
  PID:3820
- C:\Windows\System\zcnWsfV.exe
  C:\Windows\System\zcnWsfV.exe
  2⤵
  PID:4048
- C:\Windows\System\eVdEaqK.exe
  C:\Windows\System\eVdEaqK.exe
  2⤵
  PID:916
- C:\Windows\System\kYnFTSb.exe
  C:\Windows\System\kYnFTSb.exe
  2⤵
  PID:3880
- C:\Windows\System\ieUWprA.exe
  C:\Windows\System\ieUWprA.exe
  2⤵
  PID:4004
- C:\Windows\System\Dkdyztp.exe
  C:\Windows\System\Dkdyztp.exe
  2⤵
  PID:1768
- C:\Windows\System\KDsrNps.exe
  C:\Windows\System\KDsrNps.exe
  2⤵
  PID:2148
- C:\Windows\System\XrIvlAC.exe
  C:\Windows\System\XrIvlAC.exe
  2⤵
  PID:2780
- C:\Windows\System\fJfBfAU.exe
  C:\Windows\System\fJfBfAU.exe
  2⤵
  PID:2540
- C:\Windows\System\AewXDig.exe
  C:\Windows\System\AewXDig.exe
  2⤵
  PID:3964
- C:\Windows\System\LvPQeof.exe
  C:\Windows\System\LvPQeof.exe
  2⤵
  PID:3372
- C:\Windows\System\XTqZaXw.exe
  C:\Windows\System\XTqZaXw.exe
  2⤵
  PID:3496
- C:\Windows\System\ezkAVbz.exe
  C:\Windows\System\ezkAVbz.exe
  2⤵
  PID:3924
- C:\Windows\System\rZGfgZo.exe
  C:\Windows\System\rZGfgZo.exe
  2⤵
  PID:4100
- C:\Windows\System\lKaqJxU.exe
  C:\Windows\System\lKaqJxU.exe
  2⤵
  PID:4116
- C:\Windows\System\AhQMidU.exe
  C:\Windows\System\AhQMidU.exe
  2⤵
  PID:4140
- C:\Windows\System\qeOlJEP.exe
  C:\Windows\System\qeOlJEP.exe
  2⤵
  PID:4156
- C:\Windows\System\ykBOMFK.exe
  C:\Windows\System\ykBOMFK.exe
  2⤵
  PID:4172
- C:\Windows\System\MKAelAH.exe
  C:\Windows\System\MKAelAH.exe
  2⤵
  PID:4192
- C:\Windows\System\gredzEr.exe
  C:\Windows\System\gredzEr.exe
  2⤵
  PID:4232
- C:\Windows\System\EfBxtCB.exe
  C:\Windows\System\EfBxtCB.exe
  2⤵
  PID:4252
- C:\Windows\System\LtpqKce.exe
  C:\Windows\System\LtpqKce.exe
  2⤵
  PID:4272
- C:\Windows\System\pYZjlmS.exe
  C:\Windows\System\pYZjlmS.exe
  2⤵
  PID:4292
- C:\Windows\System\WXcylvu.exe
  C:\Windows\System\WXcylvu.exe
  2⤵
  PID:4312
- C:\Windows\System\jizfnfq.exe
  C:\Windows\System\jizfnfq.exe
  2⤵
  PID:4328
- C:\Windows\System\iYRGnPo.exe
  C:\Windows\System\iYRGnPo.exe
  2⤵
  PID:4344
- C:\Windows\System\WBSDrUP.exe
  C:\Windows\System\WBSDrUP.exe
  2⤵
  PID:4364
- C:\Windows\System\PgFrQpE.exe
  C:\Windows\System\PgFrQpE.exe
  2⤵
  PID:4392
- C:\Windows\System\uNJdrlO.exe
  C:\Windows\System\uNJdrlO.exe
  2⤵
  PID:4408
- C:\Windows\System\HASsnKX.exe
  C:\Windows\System\HASsnKX.exe
  2⤵
  PID:4428
- C:\Windows\System\arjTBDD.exe
  C:\Windows\System\arjTBDD.exe
  2⤵
  PID:4448
- C:\Windows\System\IxawxPX.exe
  C:\Windows\System\IxawxPX.exe
  2⤵
  PID:4468
- C:\Windows\System\hagFCIc.exe
  C:\Windows\System\hagFCIc.exe
  2⤵
  PID:4488
- C:\Windows\System\cfrGxdO.exe
  C:\Windows\System\cfrGxdO.exe
  2⤵
  PID:4504
- C:\Windows\System\UnJIYhZ.exe
  C:\Windows\System\UnJIYhZ.exe
  2⤵
  PID:4520
- C:\Windows\System\qjkRjPQ.exe
  C:\Windows\System\qjkRjPQ.exe
  2⤵
  PID:4536
- C:\Windows\System\RNxKYQH.exe
  C:\Windows\System\RNxKYQH.exe
  2⤵
  PID:4564
- C:\Windows\System\ZCtmMPV.exe
  C:\Windows\System\ZCtmMPV.exe
  2⤵
  PID:4592
- C:\Windows\System\GxCrZoo.exe
  C:\Windows\System\GxCrZoo.exe
  2⤵
  PID:4608
- C:\Windows\System\CUXKvwI.exe
  C:\Windows\System\CUXKvwI.exe
  2⤵
  PID:4628
- C:\Windows\System\CQoJQEx.exe
  C:\Windows\System\CQoJQEx.exe
  2⤵
  PID:4652
- C:\Windows\System\pwbijFW.exe
  C:\Windows\System\pwbijFW.exe
  2⤵
  PID:4668
- C:\Windows\System\WkrFPGx.exe
  C:\Windows\System\WkrFPGx.exe
  2⤵
  PID:4684
- C:\Windows\System\WeYGQXX.exe
  C:\Windows\System\WeYGQXX.exe
  2⤵
  PID:4700
- C:\Windows\System\tRiInjr.exe
  C:\Windows\System\tRiInjr.exe
  2⤵
  PID:4716
- C:\Windows\System\ZFkqdWq.exe
  C:\Windows\System\ZFkqdWq.exe
  2⤵
  PID:4732
- C:\Windows\System\uYCHDLW.exe
  C:\Windows\System\uYCHDLW.exe
  2⤵
  PID:4776
- C:\Windows\System\DKmoPzO.exe
  C:\Windows\System\DKmoPzO.exe
  2⤵
  PID:4792
- C:\Windows\System\UYenyqJ.exe
  C:\Windows\System\UYenyqJ.exe
  2⤵
  PID:4812
- C:\Windows\System\BGtarWW.exe
  C:\Windows\System\BGtarWW.exe
  2⤵
  PID:4828
- C:\Windows\System\zXJXeyi.exe
  C:\Windows\System\zXJXeyi.exe
  2⤵
  PID:4848
- C:\Windows\System\VgpCHcU.exe
  C:\Windows\System\VgpCHcU.exe
  2⤵
  PID:4864
- C:\Windows\System\uqlyYDG.exe
  C:\Windows\System\uqlyYDG.exe
  2⤵
  PID:4888
- C:\Windows\System\XIrtHdE.exe
  C:\Windows\System\XIrtHdE.exe
  2⤵
  PID:4916
- C:\Windows\System\sGpFpNq.exe
  C:\Windows\System\sGpFpNq.exe
  2⤵
  PID:4932
- C:\Windows\System\zMWjMJn.exe
  C:\Windows\System\zMWjMJn.exe
  2⤵
  PID:4956
- C:\Windows\System\noXDSHI.exe
  C:\Windows\System\noXDSHI.exe
  2⤵
  PID:4972
- C:\Windows\System\lYqIvor.exe
  C:\Windows\System\lYqIvor.exe
  2⤵
  PID:4996
- C:\Windows\System\DYMOYQD.exe
  C:\Windows\System\DYMOYQD.exe
  2⤵
  PID:5012
- C:\Windows\System\GZVDXyQ.exe
  C:\Windows\System\GZVDXyQ.exe
  2⤵
  PID:5032
- C:\Windows\System\plbuJkZ.exe
  C:\Windows\System\plbuJkZ.exe
  2⤵
  PID:5052
- C:\Windows\System\LLyuTFZ.exe
  C:\Windows\System\LLyuTFZ.exe
  2⤵
  PID:5068
- C:\Windows\System\WezHijx.exe
  C:\Windows\System\WezHijx.exe
  2⤵
  PID:5084
- C:\Windows\System\JFGrcNO.exe
  C:\Windows\System\JFGrcNO.exe
  2⤵
  PID:5108
- C:\Windows\System\Gvhwnxy.exe
  C:\Windows\System\Gvhwnxy.exe
  2⤵
  PID:4152
- C:\Windows\System\gPOZysZ.exe
  C:\Windows\System\gPOZysZ.exe
  2⤵
  PID:3272
- C:\Windows\System\vmmHxEq.exe
  C:\Windows\System\vmmHxEq.exe
  2⤵
  PID:2416
- C:\Windows\System\IrEDRKW.exe
  C:\Windows\System\IrEDRKW.exe
  2⤵
  PID:4124
- C:\Windows\System\euIwLXP.exe
  C:\Windows\System\euIwLXP.exe
  2⤵
  PID:4204
- C:\Windows\System\uHgRMQz.exe
  C:\Windows\System\uHgRMQz.exe
  2⤵
  PID:4148
- C:\Windows\System\XtamQhL.exe
  C:\Windows\System\XtamQhL.exe
  2⤵
  PID:4216
- C:\Windows\System\nhVfLGt.exe
  C:\Windows\System\nhVfLGt.exe
  2⤵
  PID:4264
- C:\Windows\System\LGHjqZm.exe
  C:\Windows\System\LGHjqZm.exe
  2⤵
  PID:4284
- C:\Windows\System\viZLTUQ.exe
  C:\Windows\System\viZLTUQ.exe
  2⤵
  PID:4340
- C:\Windows\System\cIOperU.exe
  C:\Windows\System\cIOperU.exe
  2⤵
  PID:4384
- C:\Windows\System\KYDicGN.exe
  C:\Windows\System\KYDicGN.exe
  2⤵
  PID:4400
- C:\Windows\System\YhMJDNh.exe
  C:\Windows\System\YhMJDNh.exe
  2⤵
  PID:4436
- C:\Windows\System\BbUjKYs.exe
  C:\Windows\System\BbUjKYs.exe
  2⤵
  PID:4512
- C:\Windows\System\zAVhKPj.exe
  C:\Windows\System\zAVhKPj.exe
  2⤵
  PID:4528
- C:\Windows\System\ympPiCf.exe
  C:\Windows\System\ympPiCf.exe
  2⤵
  PID:4484
- C:\Windows\System\dqthAkE.exe
  C:\Windows\System\dqthAkE.exe
  2⤵
  PID:4548
- C:\Windows\System\JLqgyNa.exe
  C:\Windows\System\JLqgyNa.exe
  2⤵
  PID:4560
- C:\Windows\System\MaQmLSG.exe
  C:\Windows\System\MaQmLSG.exe
  2⤵
  PID:4600
- C:\Windows\System\oENZgLF.exe
  C:\Windows\System\oENZgLF.exe
  2⤵
  PID:4696
- C:\Windows\System\MtgBpRy.exe
  C:\Windows\System\MtgBpRy.exe
  2⤵
  PID:4676
- C:\Windows\System\YpPrkGh.exe
  C:\Windows\System\YpPrkGh.exe
  2⤵
  PID:4752
- C:\Windows\System\xXjKqhH.exe
  C:\Windows\System\xXjKqhH.exe
  2⤵
  PID:4712
- C:\Windows\System\iOdtRRE.exe
  C:\Windows\System\iOdtRRE.exe
  2⤵
  PID:4824
- C:\Windows\System\mXuUbRt.exe
  C:\Windows\System\mXuUbRt.exe
  2⤵
  PID:4896
- C:\Windows\System\QebgufM.exe
  C:\Windows\System\QebgufM.exe
  2⤵
  PID:4836
- C:\Windows\System\BtPmhxO.exe
  C:\Windows\System\BtPmhxO.exe
  2⤵
  PID:4872
- C:\Windows\System\IJQPnQp.exe
  C:\Windows\System\IJQPnQp.exe
  2⤵
  PID:4900
- C:\Windows\System\pKywzzH.exe
  C:\Windows\System\pKywzzH.exe
  2⤵
  PID:4952
- C:\Windows\System\rrlYlmb.exe
  C:\Windows\System\rrlYlmb.exe
  2⤵
  PID:5004
- C:\Windows\System\badSEmn.exe
  C:\Windows\System\badSEmn.exe
  2⤵
  PID:5028
- C:\Windows\System\XTwEVJR.exe
  C:\Windows\System\XTwEVJR.exe
  2⤵
  PID:3564
- C:\Windows\System\UDPFYVD.exe
  C:\Windows\System\UDPFYVD.exe
  2⤵
  PID:5048
- C:\Windows\System\vDUslrQ.exe
  C:\Windows\System\vDUslrQ.exe
  2⤵
  PID:5080
- C:\Windows\System\ysHlZoj.exe
  C:\Windows\System\ysHlZoj.exe
  2⤵
  PID:3392
- C:\Windows\System\ZQBxtzP.exe
  C:\Windows\System\ZQBxtzP.exe
  2⤵
  PID:4108
- C:\Windows\System\KNpWzxD.exe
  C:\Windows\System\KNpWzxD.exe
  2⤵
  PID:4224
- C:\Windows\System\CjXzhpL.exe
  C:\Windows\System\CjXzhpL.exe
  2⤵
  PID:4260
- C:\Windows\System\sMeynWV.exe
  C:\Windows\System\sMeynWV.exe
  2⤵
  PID:4336
- C:\Windows\System\cFimkoL.exe
  C:\Windows\System\cFimkoL.exe
  2⤵
  PID:4324
- C:\Windows\System\NwQsvBz.exe
  C:\Windows\System\NwQsvBz.exe
  2⤵
  PID:4356
- C:\Windows\System\qrAfHvO.exe
  C:\Windows\System\qrAfHvO.exe
  2⤵
  PID:4464
- C:\Windows\System\WbZWfEi.exe
  C:\Windows\System\WbZWfEi.exe
  2⤵
  PID:4440
- C:\Windows\System\HkCaYpH.exe
  C:\Windows\System\HkCaYpH.exe
  2⤵
  PID:4556
- C:\Windows\System\qzFpwDl.exe
  C:\Windows\System\qzFpwDl.exe
  2⤵
  PID:4624
- C:\Windows\System\wrLxEpH.exe
  C:\Windows\System\wrLxEpH.exe
  2⤵
  PID:4748
- C:\Windows\System\AGMQYIm.exe
  C:\Windows\System\AGMQYIm.exe
  2⤵
  PID:4680
- C:\Windows\System\xLwqwhi.exe
  C:\Windows\System\xLwqwhi.exe
  2⤵
  PID:4784
- C:\Windows\System\EJrffbo.exe
  C:\Windows\System\EJrffbo.exe
  2⤵
  PID:4880
- C:\Windows\System\JCUUjwM.exe
  C:\Windows\System\JCUUjwM.exe
  2⤵
  PID:4904
- C:\Windows\System\EixXUEK.exe
  C:\Windows\System\EixXUEK.exe
  2⤵
  PID:4968
- C:\Windows\System\FXyrMfz.exe
  C:\Windows\System\FXyrMfz.exe
  2⤵
  PID:5040
- C:\Windows\System\qpsMkEF.exe
  C:\Windows\System\qpsMkEF.exe
  2⤵
  PID:3920
- C:\Windows\System\djfWMpG.exe
  C:\Windows\System\djfWMpG.exe
  2⤵
  PID:4208
- C:\Windows\System\ySwnApd.exe
  C:\Windows\System\ySwnApd.exe
  2⤵
  PID:4136
- C:\Windows\System\ZYeevSl.exe
  C:\Windows\System\ZYeevSl.exe
  2⤵
  PID:4268
- C:\Windows\System\RcNNLkA.exe
  C:\Windows\System\RcNNLkA.exe
  2⤵
  PID:4280
- C:\Windows\System\vJHDzUb.exe
  C:\Windows\System\vJHDzUb.exe
  2⤵
  PID:4360
- C:\Windows\System\ZSnVZkR.exe
  C:\Windows\System\ZSnVZkR.exe
  2⤵
  PID:4424
- C:\Windows\System\wClqjEE.exe
  C:\Windows\System\wClqjEE.exe
  2⤵
  PID:4648
- C:\Windows\System\yQOrUIS.exe
  C:\Windows\System\yQOrUIS.exe
  2⤵
  PID:4764
- C:\Windows\System\HixBODT.exe
  C:\Windows\System\HixBODT.exe
  2⤵
  PID:4908
- C:\Windows\System\GMNbxNZ.exe
  C:\Windows\System\GMNbxNZ.exe
  2⤵
  PID:4788
- C:\Windows\System\zTFJOwp.exe
  C:\Windows\System\zTFJOwp.exe
  2⤵
  PID:4992
- C:\Windows\System\SGpEjJn.exe
  C:\Windows\System\SGpEjJn.exe
  2⤵
  PID:4964
- C:\Windows\System\kMRjcYB.exe
  C:\Windows\System\kMRjcYB.exe
  2⤵
  PID:4188
- C:\Windows\System\RusqrEK.exe
  C:\Windows\System\RusqrEK.exe
  2⤵
  PID:5044
- C:\Windows\System\KbRMjCy.exe
  C:\Windows\System\KbRMjCy.exe
  2⤵
  PID:4552
- C:\Windows\System\vZdCXBR.exe
  C:\Windows\System\vZdCXBR.exe
  2⤵
  PID:5096
- C:\Windows\System\MWhOHSQ.exe
  C:\Windows\System\MWhOHSQ.exe
  2⤵
  PID:4304
- C:\Windows\System\WxDjsZG.exe
  C:\Windows\System\WxDjsZG.exe
  2⤵
  PID:4856
- C:\Windows\System\XDHDyOH.exe
  C:\Windows\System\XDHDyOH.exe
  2⤵
  PID:4164
- C:\Windows\System\xlOnhtU.exe
  C:\Windows\System\xlOnhtU.exe
  2⤵
  PID:4928
- C:\Windows\System\fLJOEpx.exe
  C:\Windows\System\fLJOEpx.exe
  2⤵
  PID:5100
- C:\Windows\System\OZOahMh.exe
  C:\Windows\System\OZOahMh.exe
  2⤵
  PID:4728
- C:\Windows\System\njfhzGI.exe
  C:\Windows\System\njfhzGI.exe
  2⤵
  PID:4240
- C:\Windows\System\zxWfeID.exe
  C:\Windows\System\zxWfeID.exe
  2⤵
  PID:4288
- C:\Windows\System\QdjILxP.exe
  C:\Windows\System\QdjILxP.exe
  2⤵
  PID:4636
- C:\Windows\System\nZknYYX.exe
  C:\Windows\System\nZknYYX.exe
  2⤵
  PID:4532
- C:\Windows\System\QHnYRMw.exe
  C:\Windows\System\QHnYRMw.exe
  2⤵
  PID:4576
- C:\Windows\System\ukzYjgp.exe
  C:\Windows\System\ukzYjgp.exe
  2⤵
  PID:4220
- C:\Windows\System\SPDpQlr.exe
  C:\Windows\System\SPDpQlr.exe
  2⤵
  PID:5132
- C:\Windows\System\NFRESBD.exe
  C:\Windows\System\NFRESBD.exe
  2⤵
  PID:5152
- C:\Windows\System\HWeDpih.exe
  C:\Windows\System\HWeDpih.exe
  2⤵
  PID:5176
- C:\Windows\System\cUhWGWG.exe
  C:\Windows\System\cUhWGWG.exe
  2⤵
  PID:5192
- C:\Windows\System\siydjCz.exe
  C:\Windows\System\siydjCz.exe
  2⤵
  PID:5208
- C:\Windows\System\wosUfmN.exe
  C:\Windows\System\wosUfmN.exe
  2⤵
  PID:5224
- C:\Windows\System\KkzAYJp.exe
  C:\Windows\System\KkzAYJp.exe
  2⤵
  PID:5244
- C:\Windows\System\vOEYYOt.exe
  C:\Windows\System\vOEYYOt.exe
  2⤵
  PID:5260
- C:\Windows\System\NyTUZHg.exe
  C:\Windows\System\NyTUZHg.exe
  2⤵
  PID:5292
- C:\Windows\System\ZsZkYhL.exe
  C:\Windows\System\ZsZkYhL.exe
  2⤵
  PID:5312
- C:\Windows\System\DkhpdkU.exe
  C:\Windows\System\DkhpdkU.exe
  2⤵
  PID:5328
- C:\Windows\System\Uvjhhfg.exe
  C:\Windows\System\Uvjhhfg.exe
  2⤵
  PID:5352
- C:\Windows\System\vGqSREZ.exe
  C:\Windows\System\vGqSREZ.exe
  2⤵
  PID:5380
- C:\Windows\System\qimnKkU.exe
  C:\Windows\System\qimnKkU.exe
  2⤵
  PID:5400
- C:\Windows\System\itXcjFe.exe
  C:\Windows\System\itXcjFe.exe
  2⤵
  PID:5420
- C:\Windows\System\pHRtFjq.exe
  C:\Windows\System\pHRtFjq.exe
  2⤵
  PID:5436
- C:\Windows\System\vUFSRBg.exe
  C:\Windows\System\vUFSRBg.exe
  2⤵
  PID:5456
- C:\Windows\System\AsFyApc.exe
  C:\Windows\System\AsFyApc.exe
  2⤵
  PID:5476
- C:\Windows\System\qzVnszw.exe
  C:\Windows\System\qzVnszw.exe
  2⤵
  PID:5496
- C:\Windows\System\CMzHEIH.exe
  C:\Windows\System\CMzHEIH.exe
  2⤵
  PID:5512
- C:\Windows\System\SDqHnlc.exe
  C:\Windows\System\SDqHnlc.exe
  2⤵
  PID:5532
- C:\Windows\System\VoVCwMn.exe
  C:\Windows\System\VoVCwMn.exe
  2⤵
  PID:5552
- C:\Windows\System\KtXTHjZ.exe
  C:\Windows\System\KtXTHjZ.exe
  2⤵
  PID:5580
- C:\Windows\System\WiOJTpS.exe
  C:\Windows\System\WiOJTpS.exe
  2⤵
  PID:5596
- C:\Windows\System\VvzvknY.exe
  C:\Windows\System\VvzvknY.exe
  2⤵
  PID:5612
- C:\Windows\System\RCbEdgi.exe
  C:\Windows\System\RCbEdgi.exe
  2⤵
  PID:5628
- C:\Windows\System\tYkJQaM.exe
  C:\Windows\System\tYkJQaM.exe
  2⤵
  PID:5648
- C:\Windows\System\LWleOFj.exe
  C:\Windows\System\LWleOFj.exe
  2⤵
  PID:5664
- C:\Windows\System\TRehSbb.exe
  C:\Windows\System\TRehSbb.exe
  2⤵
  PID:5680
- C:\Windows\System\bFqPVla.exe
  C:\Windows\System\bFqPVla.exe
  2⤵
  PID:5700
- C:\Windows\System\HMSxYMN.exe
  C:\Windows\System\HMSxYMN.exe
  2⤵
  PID:5724
- C:\Windows\System\bYKlEZg.exe
  C:\Windows\System\bYKlEZg.exe
  2⤵
  PID:5756
- C:\Windows\System\beegElQ.exe
  C:\Windows\System\beegElQ.exe
  2⤵
  PID:5776
- C:\Windows\System\QBjyxsV.exe
  C:\Windows\System\QBjyxsV.exe
  2⤵
  PID:5792
- C:\Windows\System\nhjzuaz.exe
  C:\Windows\System\nhjzuaz.exe
  2⤵
  PID:5816
- C:\Windows\System\NrFjfGa.exe
  C:\Windows\System\NrFjfGa.exe
  2⤵
  PID:5832
- C:\Windows\System\guZgGkQ.exe
  C:\Windows\System\guZgGkQ.exe
  2⤵
  PID:5852
- C:\Windows\System\tfLJfNC.exe
  C:\Windows\System\tfLJfNC.exe
  2⤵
  PID:5872
- C:\Windows\System\vkrCUFZ.exe
  C:\Windows\System\vkrCUFZ.exe
  2⤵
  PID:5900
- C:\Windows\System\NiKubZB.exe
  C:\Windows\System\NiKubZB.exe
  2⤵
  PID:5916
- C:\Windows\System\Lsnhqgg.exe
  C:\Windows\System\Lsnhqgg.exe
  2⤵
  PID:5936
- C:\Windows\System\uvAwDKe.exe
  C:\Windows\System\uvAwDKe.exe
  2⤵
  PID:5960
- C:\Windows\System\IRMfMJp.exe
  C:\Windows\System\IRMfMJp.exe
  2⤵
  PID:5980
- C:\Windows\System\TDWzxDm.exe
  C:\Windows\System\TDWzxDm.exe
  2⤵
  PID:5996
- C:\Windows\System\TVmpPpD.exe
  C:\Windows\System\TVmpPpD.exe
  2⤵
  PID:6016
- C:\Windows\System\QwaSbDf.exe
  C:\Windows\System\QwaSbDf.exe
  2⤵
  PID:6036
- C:\Windows\System\GBYFdUE.exe
  C:\Windows\System\GBYFdUE.exe
  2⤵
  PID:6064
- C:\Windows\System\IClvyMt.exe
  C:\Windows\System\IClvyMt.exe
  2⤵
  PID:6080
- C:\Windows\System\BavQPzn.exe
  C:\Windows\System\BavQPzn.exe
  2⤵
  PID:6096
- C:\Windows\System\LKbCXSZ.exe
  C:\Windows\System\LKbCXSZ.exe
  2⤵
  PID:6116
- C:\Windows\System\ecMraiA.exe
  C:\Windows\System\ecMraiA.exe
  2⤵
  PID:6132
- C:\Windows\System\cVXxdpu.exe
  C:\Windows\System\cVXxdpu.exe
  2⤵
  PID:5024
- C:\Windows\System\LYbHcMt.exe
  C:\Windows\System\LYbHcMt.exe
  2⤵
  PID:5128
- C:\Windows\System\QGsPzRP.exe
  C:\Windows\System\QGsPzRP.exe
  2⤵
  PID:5188
- C:\Windows\System\zpGIsfc.exe
  C:\Windows\System\zpGIsfc.exe
  2⤵
  PID:5232
- C:\Windows\System\BakKIRh.exe
  C:\Windows\System\BakKIRh.exe
  2⤵
  PID:5276
- C:\Windows\System\BngbQaT.exe
  C:\Windows\System\BngbQaT.exe
  2⤵
  PID:5272
- C:\Windows\System\sWzUeyR.exe
  C:\Windows\System\sWzUeyR.exe
  2⤵
  PID:5360
- C:\Windows\System\fwxrRxr.exe
  C:\Windows\System\fwxrRxr.exe
  2⤵
  PID:5348
- C:\Windows\System\eCwJYZA.exe
  C:\Windows\System\eCwJYZA.exe
  2⤵
  PID:5388
- C:\Windows\System\bGziqfZ.exe
  C:\Windows\System\bGziqfZ.exe
  2⤵
  PID:5412
- C:\Windows\System\iXRgBZM.exe
  C:\Windows\System\iXRgBZM.exe
  2⤵
  PID:5452
- C:\Windows\System\icSRGIk.exe
  C:\Windows\System\icSRGIk.exe
  2⤵
  PID:5468
- C:\Windows\System\SzQRfPv.exe
  C:\Windows\System\SzQRfPv.exe
  2⤵
  PID:5528
- C:\Windows\System\tUfUGQd.exe
  C:\Windows\System\tUfUGQd.exe
  2⤵
  PID:5540
- C:\Windows\System\egECUGY.exe
  C:\Windows\System\egECUGY.exe
  2⤵
  PID:5688
- C:\Windows\System\ouiIOVp.exe
  C:\Windows\System\ouiIOVp.exe
  2⤵
  PID:5592
- C:\Windows\System\TKyvydB.exe
  C:\Windows\System\TKyvydB.exe
  2⤵
  PID:5640
- C:\Windows\System\BqijVXk.exe
  C:\Windows\System\BqijVXk.exe
  2⤵
  PID:5708
- C:\Windows\System\ZvxFwMo.exe
  C:\Windows\System\ZvxFwMo.exe
  2⤵
  PID:5660
- C:\Windows\System\mVDQMGt.exe
  C:\Windows\System\mVDQMGt.exe
  2⤵
  PID:5748
- C:\Windows\System\OftqsSe.exe
  C:\Windows\System\OftqsSe.exe
  2⤵
  PID:5764
- C:\Windows\System\AkvvlLC.exe
  C:\Windows\System\AkvvlLC.exe
  2⤵
  PID:5800
- C:\Windows\System\xWAAOJU.exe
  C:\Windows\System\xWAAOJU.exe
  2⤵
  PID:5824
- C:\Windows\System\sfCBEjA.exe
  C:\Windows\System\sfCBEjA.exe
  2⤵
  PID:5880
- C:\Windows\System\PHeadUE.exe
  C:\Windows\System\PHeadUE.exe
  2⤵
  PID:5908
- C:\Windows\System\HMPYAzn.exe
  C:\Windows\System\HMPYAzn.exe
  2⤵
  PID:5944
- C:\Windows\System\DVjwFez.exe
  C:\Windows\System\DVjwFez.exe
  2⤵
  PID:5976
- C:\Windows\System\tjciTaC.exe
  C:\Windows\System\tjciTaC.exe
  2⤵
  PID:6012
- C:\Windows\System\kPCTegf.exe
  C:\Windows\System\kPCTegf.exe
  2⤵
  PID:6060
- C:\Windows\System\anAuRms.exe
  C:\Windows\System\anAuRms.exe
  2⤵
  PID:6088
- C:\Windows\System\GwFUhjd.exe
  C:\Windows\System\GwFUhjd.exe
  2⤵
  PID:6128
- C:\Windows\System\aPcQqDu.exe
  C:\Windows\System\aPcQqDu.exe
  2⤵
  PID:5148
- C:\Windows\System\LPVNfAW.exe
  C:\Windows\System\LPVNfAW.exe
  2⤵
  PID:5124
- C:\Windows\System\PPDBzPT.exe
  C:\Windows\System\PPDBzPT.exe
  2⤵
  PID:5204
- C:\Windows\System\neLepdy.exe
  C:\Windows\System\neLepdy.exe
  2⤵
  PID:5256
- C:\Windows\System\EgFUoWN.exe
  C:\Windows\System\EgFUoWN.exe
  2⤵
  PID:5340
- C:\Windows\System\eFMBGAv.exe
  C:\Windows\System\eFMBGAv.exe
  2⤵
  PID:5408
- C:\Windows\System\PRiGBYX.exe
  C:\Windows\System\PRiGBYX.exe
  2⤵
  PID:5448
- C:\Windows\System\xNjjlNm.exe
  C:\Windows\System\xNjjlNm.exe
  2⤵
  PID:5508
- C:\Windows\System\FpYCtLm.exe
  C:\Windows\System\FpYCtLm.exe
  2⤵
  PID:5504
- C:\Windows\System\QsKlzpL.exe
  C:\Windows\System\QsKlzpL.exe
  2⤵
  PID:5604
- C:\Windows\System\CmXxOyz.exe
  C:\Windows\System\CmXxOyz.exe
  2⤵
  PID:5672
- C:\Windows\System\JaEBXSs.exe
  C:\Windows\System\JaEBXSs.exe
  2⤵
  PID:5772
- C:\Windows\System\pEetiVb.exe
  C:\Windows\System\pEetiVb.exe
  2⤵
  PID:5716
- C:\Windows\System\XcdeyZl.exe
  C:\Windows\System\XcdeyZl.exe
  2⤵
  PID:5840
- C:\Windows\System\jBEaIvV.exe
  C:\Windows\System\jBEaIvV.exe
  2⤵
  PID:5928
- C:\Windows\System\lsGnfyD.exe
  C:\Windows\System\lsGnfyD.exe
  2⤵
  PID:5988
- C:\Windows\System\LLHxjkY.exe
  C:\Windows\System\LLHxjkY.exe
  2⤵
  PID:5896
- C:\Windows\System\tpfbrdL.exe
  C:\Windows\System\tpfbrdL.exe
  2⤵
  PID:6044
- C:\Windows\System\zHIbnXo.exe
  C:\Windows\System\zHIbnXo.exe
  2⤵
  PID:6076
- C:\Windows\System\wiptTIv.exe
  C:\Windows\System\wiptTIv.exe
  2⤵
  PID:6112
- C:\Windows\System\OMFyDxV.exe
  C:\Windows\System\OMFyDxV.exe
  2⤵
  PID:5252
- C:\Windows\System\COrCzmv.exe
  C:\Windows\System\COrCzmv.exe
  2⤵
  PID:5184
- C:\Windows\System\RhLVybi.exe
  C:\Windows\System\RhLVybi.exe
  2⤵
  PID:5280
- C:\Windows\System\QDSHsya.exe
  C:\Windows\System\QDSHsya.exe
  2⤵
  PID:5744
- C:\Windows\System\iyGzgxw.exe
  C:\Windows\System\iyGzgxw.exe
  2⤵
  PID:5492
- C:\Windows\System\sljxQfl.exe
  C:\Windows\System\sljxQfl.exe
  2⤵
  PID:5624
- C:\Windows\System\TnUyPGe.exe
  C:\Windows\System\TnUyPGe.exe
  2⤵
  PID:5720
- C:\Windows\System\QNqUWkq.exe
  C:\Windows\System\QNqUWkq.exe
  2⤵
  PID:6052
- C:\Windows\System\RqFUKbi.exe
  C:\Windows\System\RqFUKbi.exe
  2⤵
  PID:6028
- C:\Windows\System\IfQEuag.exe
  C:\Windows\System\IfQEuag.exe
  2⤵
  PID:5268
- C:\Windows\System\FCMTBeu.exe
  C:\Windows\System\FCMTBeu.exe
  2⤵
  PID:4808
- C:\Windows\System\kKzqlZr.exe
  C:\Windows\System\kKzqlZr.exe
  2⤵
  PID:5336
- C:\Windows\System\pfrlcpe.exe
  C:\Windows\System\pfrlcpe.exe
  2⤵
  PID:5220
- C:\Windows\System\ZfOtBaT.exe
  C:\Windows\System\ZfOtBaT.exe
  2⤵
  PID:5676
- C:\Windows\System\OKSFsJI.exe
  C:\Windows\System\OKSFsJI.exe
  2⤵
  PID:5576
- C:\Windows\System\nsDuWoJ.exe
  C:\Windows\System\nsDuWoJ.exe
  2⤵
  PID:5572
- C:\Windows\System\UCrSghp.exe
  C:\Windows\System\UCrSghp.exe
  2⤵
  PID:6008
- C:\Windows\System\YYifEMC.exe
  C:\Windows\System\YYifEMC.exe
  2⤵
  PID:5320
- C:\Windows\System\mfizBCO.exe
  C:\Windows\System\mfizBCO.exe
  2⤵
  PID:5464
- C:\Windows\System\BeGLZfA.exe
  C:\Windows\System\BeGLZfA.exe
  2⤵
  PID:5844
- C:\Windows\System\sePIAXY.exe
  C:\Windows\System\sePIAXY.exe
  2⤵
  PID:5488
- C:\Windows\System\aeMzbQc.exe
  C:\Windows\System\aeMzbQc.exe
  2⤵
  PID:5956
- C:\Windows\System\PfJVbTe.exe
  C:\Windows\System\PfJVbTe.exe
  2⤵
  PID:5656
- C:\Windows\System\PaGXHhq.exe
  C:\Windows\System\PaGXHhq.exe
  2⤵
  PID:5848
- C:\Windows\System\kQKTluE.exe
  C:\Windows\System\kQKTluE.exe
  2⤵
  PID:5168
- C:\Windows\System\LUBVGFP.exe
  C:\Windows\System\LUBVGFP.exe
  2⤵
  PID:6148
- C:\Windows\System\yUiutUk.exe
  C:\Windows\System\yUiutUk.exe
  2⤵
  PID:6172
- C:\Windows\System\XDTMzFL.exe
  C:\Windows\System\XDTMzFL.exe
  2⤵
  PID:6188
- C:\Windows\System\HYuscTf.exe
  C:\Windows\System\HYuscTf.exe
  2⤵
  PID:6212
- C:\Windows\System\vDtZHOj.exe
  C:\Windows\System\vDtZHOj.exe
  2⤵
  PID:6228
- C:\Windows\System\WivahaY.exe
  C:\Windows\System\WivahaY.exe
  2⤵
  PID:6260
- C:\Windows\System\onQsits.exe
  C:\Windows\System\onQsits.exe
  2⤵
  PID:6276
- C:\Windows\System\fjkVmpd.exe
  C:\Windows\System\fjkVmpd.exe
  2⤵
  PID:6296
- C:\Windows\System\LyZzgfh.exe
  C:\Windows\System\LyZzgfh.exe
  2⤵
  PID:6316
- C:\Windows\System\tHSghCY.exe
  C:\Windows\System\tHSghCY.exe
  2⤵
  PID:6332
- C:\Windows\System\AtFkRIE.exe
  C:\Windows\System\AtFkRIE.exe
  2⤵
  PID:6348
- C:\Windows\System\LtCVuJd.exe
  C:\Windows\System\LtCVuJd.exe
  2⤵
  PID:6368
- C:\Windows\System\PbaQfbr.exe
  C:\Windows\System\PbaQfbr.exe
  2⤵
  PID:6384
- C:\Windows\System\rOiLkdA.exe
  C:\Windows\System\rOiLkdA.exe
  2⤵
  PID:6420
- C:\Windows\System\iNCDPfm.exe
  C:\Windows\System\iNCDPfm.exe
  2⤵
  PID:6440
- C:\Windows\System\gMhQmlG.exe
  C:\Windows\System\gMhQmlG.exe
  2⤵
  PID:6464
- C:\Windows\System\VGqHQAd.exe
  C:\Windows\System\VGqHQAd.exe
  2⤵
  PID:6480
- C:\Windows\System\ScrICjq.exe
  C:\Windows\System\ScrICjq.exe
  2⤵
  PID:6496
- C:\Windows\System\rYqDEjU.exe
  C:\Windows\System\rYqDEjU.exe
  2⤵
  PID:6512
- C:\Windows\System\LpebcWY.exe
  C:\Windows\System\LpebcWY.exe
  2⤵
  PID:6532
- C:\Windows\System\UKpXgGY.exe
  C:\Windows\System\UKpXgGY.exe
  2⤵
  PID:6548
- C:\Windows\System\wHkHdmb.exe
  C:\Windows\System\wHkHdmb.exe
  2⤵
  PID:6580
- C:\Windows\System\oFoMzyz.exe
  C:\Windows\System\oFoMzyz.exe
  2⤵
  PID:6596
- C:\Windows\System\TnMOvgR.exe
  C:\Windows\System\TnMOvgR.exe
  2⤵
  PID:6612
- C:\Windows\System\jWxwxct.exe
  C:\Windows\System\jWxwxct.exe
  2⤵
  PID:6628
- C:\Windows\System\rBknNQb.exe
  C:\Windows\System\rBknNQb.exe
  2⤵
  PID:6648
- C:\Windows\System\hjQeDUR.exe
  C:\Windows\System\hjQeDUR.exe
  2⤵
  PID:6668
- C:\Windows\System\sMvmerF.exe
  C:\Windows\System\sMvmerF.exe
  2⤵
  PID:6688
- C:\Windows\System\GiIENyj.exe
  C:\Windows\System\GiIENyj.exe
  2⤵
  PID:6720
- C:\Windows\System\lLRmISS.exe
  C:\Windows\System\lLRmISS.exe
  2⤵
  PID:6740
- C:\Windows\System\YAMihav.exe
  C:\Windows\System\YAMihav.exe
  2⤵
  PID:6756
- C:\Windows\System\HczVqPQ.exe
  C:\Windows\System\HczVqPQ.exe
  2⤵
  PID:6784
- C:\Windows\System\GWXJwav.exe
  C:\Windows\System\GWXJwav.exe
  2⤵
  PID:6804
- C:\Windows\System\xRcUkXb.exe
  C:\Windows\System\xRcUkXb.exe
  2⤵
  PID:6820
- C:\Windows\System\uHLXcxY.exe
  C:\Windows\System\uHLXcxY.exe
  2⤵
  PID:6840
- C:\Windows\System\tQbeoyq.exe
  C:\Windows\System\tQbeoyq.exe
  2⤵
  PID:6868
- C:\Windows\System\ZaiTSjL.exe
  C:\Windows\System\ZaiTSjL.exe
  2⤵
  PID:6884
- C:\Windows\System\elXqWJY.exe
  C:\Windows\System\elXqWJY.exe
  2⤵
  PID:6900
- C:\Windows\System\UXOvCTq.exe
  C:\Windows\System\UXOvCTq.exe
  2⤵
  PID:6916
- C:\Windows\System\YXgfdLw.exe
  C:\Windows\System\YXgfdLw.exe
  2⤵
  PID:6932
- C:\Windows\System\XPTBXum.exe
  C:\Windows\System\XPTBXum.exe
  2⤵
  PID:6948
- C:\Windows\System\lfVomiN.exe
  C:\Windows\System\lfVomiN.exe
  2⤵
  PID:6964
- C:\Windows\System\OzlIaLa.exe
  C:\Windows\System\OzlIaLa.exe
  2⤵
  PID:6980
- C:\Windows\System\GsgmFmj.exe
  C:\Windows\System\GsgmFmj.exe
  2⤵
  PID:6996
- C:\Windows\System\SuCjJdM.exe
  C:\Windows\System\SuCjJdM.exe
  2⤵
  PID:7012
- C:\Windows\System\PJQDIoR.exe
  C:\Windows\System\PJQDIoR.exe
  2⤵
  PID:7044
- C:\Windows\System\msBgtee.exe
  C:\Windows\System\msBgtee.exe
  2⤵
  PID:7060
- C:\Windows\System\lDDFCvT.exe
  C:\Windows\System\lDDFCvT.exe
  2⤵
  PID:7092
- C:\Windows\System\uzlQaBB.exe
  C:\Windows\System\uzlQaBB.exe
  2⤵
  PID:7112
- C:\Windows\System\abElwZu.exe
  C:\Windows\System\abElwZu.exe
  2⤵
  PID:7148
- C:\Windows\System\fNVryKE.exe
  C:\Windows\System\fNVryKE.exe
  2⤵
  PID:5392
- C:\Windows\System\dItCvsl.exe
  C:\Windows\System\dItCvsl.exe
  2⤵
  PID:5164
- C:\Windows\System\qqaGTwm.exe
  C:\Windows\System\qqaGTwm.exe
  2⤵
  PID:6196
- C:\Windows\System\pbyLZzf.exe
  C:\Windows\System\pbyLZzf.exe
  2⤵
  PID:6236
- C:\Windows\System\xgCjCXs.exe
  C:\Windows\System\xgCjCXs.exe
  2⤵
  PID:6256
- C:\Windows\System\EPkUGKw.exe
  C:\Windows\System\EPkUGKw.exe
  2⤵
  PID:6288
- C:\Windows\System\dPOnLPQ.exe
  C:\Windows\System\dPOnLPQ.exe
  2⤵
  PID:6308
- C:\Windows\System\tGjGWCP.exe
  C:\Windows\System\tGjGWCP.exe
  2⤵
  PID:6328
- C:\Windows\System\zHJjDAT.exe
  C:\Windows\System\zHJjDAT.exe
  2⤵
  PID:6404
- C:\Windows\System\kusDLGG.exe
  C:\Windows\System\kusDLGG.exe
  2⤵
  PID:6400
- C:\Windows\System\pJgadMv.exe
  C:\Windows\System\pJgadMv.exe
  2⤵
  PID:6412
- C:\Windows\System\CErIOoS.exe
  C:\Windows\System\CErIOoS.exe
  2⤵
  PID:6460
- C:\Windows\System\xHmhllC.exe
  C:\Windows\System\xHmhllC.exe
  2⤵
  PID:6520
- C:\Windows\System\uogGWRD.exe
  C:\Windows\System\uogGWRD.exe
  2⤵
  PID:6568
- C:\Windows\System\rzNsGTA.exe
  C:\Windows\System\rzNsGTA.exe
  2⤵
  PID:6560
- C:\Windows\System\ZkjffOc.exe
  C:\Windows\System\ZkjffOc.exe
  2⤵
  PID:6644
- C:\Windows\System\AFgoxpS.exe
  C:\Windows\System\AFgoxpS.exe
  2⤵
  PID:6656
- C:\Windows\System\snlftRV.exe
  C:\Windows\System\snlftRV.exe
  2⤵
  PID:6696
- C:\Windows\System\zpIEjoV.exe
  C:\Windows\System\zpIEjoV.exe
  2⤵
  PID:6700
- C:\Windows\System\fVBWLaI.exe
  C:\Windows\System\fVBWLaI.exe
  2⤵
  PID:6812
- C:\Windows\System\OcOOPWl.exe
  C:\Windows\System\OcOOPWl.exe
  2⤵
  PID:6848
- C:\Windows\System\jgpyrST.exe
  C:\Windows\System\jgpyrST.exe
  2⤵
  PID:6752
- C:\Windows\System\mqkrlnd.exe
  C:\Windows\System\mqkrlnd.exe
  2⤵
  PID:6860
- C:\Windows\System\RoIdZpo.exe
  C:\Windows\System\RoIdZpo.exe
  2⤵
  PID:6880
- C:\Windows\System\cbrUXoD.exe
  C:\Windows\System\cbrUXoD.exe
  2⤵
  PID:6960
- C:\Windows\System\sUMSBnv.exe
  C:\Windows\System\sUMSBnv.exe
  2⤵
  PID:7024
- C:\Windows\System\CrXOPsR.exe
  C:\Windows\System\CrXOPsR.exe
  2⤵
  PID:7072
- C:\Windows\System\bgiefLE.exe
  C:\Windows\System\bgiefLE.exe
  2⤵
  PID:7088
- C:\Windows\System\QCJwiAD.exe
  C:\Windows\System\QCJwiAD.exe
  2⤵
  PID:7136
- C:\Windows\System\jcwuuGQ.exe
  C:\Windows\System\jcwuuGQ.exe
  2⤵
  PID:7052
- C:\Windows\System\UuWfaEM.exe
  C:\Windows\System\UuWfaEM.exe
  2⤵
  PID:7160
- C:\Windows\System\RCxSfoY.exe
  C:\Windows\System\RCxSfoY.exe
  2⤵
  PID:6204
- C:\Windows\System\aLguZVT.exe
  C:\Windows\System\aLguZVT.exe
  2⤵
  PID:6168
- C:\Windows\System\TBwtHhw.exe
  C:\Windows\System\TBwtHhw.exe
  2⤵
  PID:6268
- C:\Windows\System\ZsyCXNF.exe
  C:\Windows\System\ZsyCXNF.exe
  2⤵
  PID:6304
- C:\Windows\System\dKXFizt.exe
  C:\Windows\System\dKXFizt.exe
  2⤵
  PID:6376
- C:\Windows\System\HGpEUfY.exe
  C:\Windows\System\HGpEUfY.exe
  2⤵
  PID:6448
- C:\Windows\System\pqIwgTl.exe
  C:\Windows\System\pqIwgTl.exe
  2⤵
  PID:6556
- C:\Windows\System\LwNlxrk.exe
  C:\Windows\System\LwNlxrk.exe
  2⤵
  PID:6408
- C:\Windows\System\QSsnewM.exe
  C:\Windows\System\QSsnewM.exe
  2⤵
  PID:6592
- C:\Windows\System\kFOSzQC.exe
  C:\Windows\System\kFOSzQC.exe
  2⤵
  PID:6664
- C:\Windows\System\ERyNnLC.exe
  C:\Windows\System\ERyNnLC.exe
  2⤵
  PID:6780
- C:\Windows\System\PvETuhi.exe
  C:\Windows\System\PvETuhi.exe
  2⤵
  PID:6864
- C:\Windows\System\MDwnkhk.exe
  C:\Windows\System\MDwnkhk.exe
  2⤵
  PID:7020
- C:\Windows\System\iYPtvOv.exe
  C:\Windows\System\iYPtvOv.exe
  2⤵
  PID:6836
- C:\Windows\System\tvhCszg.exe
  C:\Windows\System\tvhCszg.exe
  2⤵
  PID:6928
- C:\Windows\System\KZRTxKi.exe
  C:\Windows\System\KZRTxKi.exe
  2⤵
  PID:7084
- C:\Windows\System\VeUshIR.exe
  C:\Windows\System\VeUshIR.exe
  2⤵
  PID:7128
- C:\Windows\System\bxMVHGN.exe
  C:\Windows\System\bxMVHGN.exe
  2⤵
  PID:7140
- C:\Windows\System\NmdOiMh.exe
  C:\Windows\System\NmdOiMh.exe
  2⤵
  PID:6160
- C:\Windows\System\yjSQPZG.exe
  C:\Windows\System\yjSQPZG.exe
  2⤵
  PID:6184
- C:\Windows\System\lqsebwP.exe
  C:\Windows\System\lqsebwP.exe
  2⤵
  PID:6476
- C:\Windows\System\eSyFWuO.exe
  C:\Windows\System\eSyFWuO.exe
  2⤵
  PID:6456
- C:\Windows\System\DmsRNva.exe
  C:\Windows\System\DmsRNva.exe
  2⤵
  PID:6544
- C:\Windows\System\NeOmMCq.exe
  C:\Windows\System\NeOmMCq.exe
  2⤵
  PID:6640
- C:\Windows\System\HejieZB.exe
  C:\Windows\System\HejieZB.exe
  2⤵
  PID:6588
- C:\Windows\System\gbJtTCE.exe
  C:\Windows\System\gbJtTCE.exe
  2⤵
  PID:6828
- C:\Windows\System\MUUHmOc.exe
  C:\Windows\System\MUUHmOc.exe
  2⤵
  PID:6908
- C:\Windows\System\nEhypkN.exe
  C:\Windows\System\nEhypkN.exe
  2⤵
  PID:6896
- C:\Windows\System\TSgcUTm.exe
  C:\Windows\System\TSgcUTm.exe
  2⤵
  PID:6924
- C:\Windows\System\uoDfcKH.exe
  C:\Windows\System\uoDfcKH.exe
  2⤵
  PID:7124
- C:\Windows\System\MHficsP.exe
  C:\Windows\System\MHficsP.exe
  2⤵
  PID:6340
- C:\Windows\System\unSHhjG.exe
  C:\Windows\System\unSHhjG.exe
  2⤵
  PID:6540
- C:\Windows\System\aeYSmsY.exe
  C:\Windows\System\aeYSmsY.exe
  2⤵
  PID:6272
- C:\Windows\System\lcrdoQM.exe
  C:\Windows\System\lcrdoQM.exe
  2⤵
  PID:7172
- C:\Windows\System\EHKlRrC.exe
  C:\Windows\System\EHKlRrC.exe
  2⤵
  PID:7200
- C:\Windows\System\fcMPAll.exe
  C:\Windows\System\fcMPAll.exe
  2⤵
  PID:7216
- C:\Windows\System\QEDihyo.exe
  C:\Windows\System\QEDihyo.exe
  2⤵
  PID:7232
- C:\Windows\System\NasXKCw.exe
  C:\Windows\System\NasXKCw.exe
  2⤵
  PID:7248
- C:\Windows\System\JcDTqUT.exe
  C:\Windows\System\JcDTqUT.exe
  2⤵
  PID:7296
- C:\Windows\System\vlWGLmz.exe
  C:\Windows\System\vlWGLmz.exe
  2⤵
  PID:7320
- C:\Windows\System\eKAvDWV.exe
  C:\Windows\System\eKAvDWV.exe
  2⤵
  PID:7336
- C:\Windows\System\ZmVXmEo.exe
  C:\Windows\System\ZmVXmEo.exe
  2⤵
  PID:7352
- C:\Windows\System\NHxxCTF.exe
  C:\Windows\System\NHxxCTF.exe
  2⤵
  PID:7372
- C:\Windows\System\wUKyBBy.exe
  C:\Windows\System\wUKyBBy.exe
  2⤵
  PID:7392
- C:\Windows\System\RYLsTfG.exe
  C:\Windows\System\RYLsTfG.exe
  2⤵
  PID:7408
- C:\Windows\System\yupKzFu.exe
  C:\Windows\System\yupKzFu.exe
  2⤵
  PID:7424
- C:\Windows\System\gLeFpSR.exe
  C:\Windows\System\gLeFpSR.exe
  2⤵
  PID:7440
- C:\Windows\System\ErbRCJp.exe
  C:\Windows\System\ErbRCJp.exe
  2⤵
  PID:7460
- C:\Windows\System\mflyWZu.exe
  C:\Windows\System\mflyWZu.exe
  2⤵
  PID:7504
- C:\Windows\System\hbSQhfQ.exe
  C:\Windows\System\hbSQhfQ.exe
  2⤵
  PID:7520
- C:\Windows\System\DcjTXrx.exe
  C:\Windows\System\DcjTXrx.exe
  2⤵
  PID:7536
- C:\Windows\System\kytLJHp.exe
  C:\Windows\System\kytLJHp.exe
  2⤵
  PID:7552
- C:\Windows\System\QQpmjAm.exe
  C:\Windows\System\QQpmjAm.exe
  2⤵
  PID:7580
- C:\Windows\System\xkUjdOM.exe
  C:\Windows\System\xkUjdOM.exe
  2⤵
  PID:7596
- C:\Windows\System\YEIkWpU.exe
  C:\Windows\System\YEIkWpU.exe
  2⤵
  PID:7612
- C:\Windows\System\zTzlZSd.exe
  C:\Windows\System\zTzlZSd.exe
  2⤵
  PID:7628
- C:\Windows\System\GyRAFbl.exe
  C:\Windows\System\GyRAFbl.exe
  2⤵
  PID:7648
- C:\Windows\System\scppXiZ.exe
  C:\Windows\System\scppXiZ.exe
  2⤵
  PID:7668
- C:\Windows\System\PBmvgFq.exe
  C:\Windows\System\PBmvgFq.exe
  2⤵
  PID:7696
- C:\Windows\System\haJJWua.exe
  C:\Windows\System\haJJWua.exe
  2⤵
  PID:7712
- C:\Windows\System\QBuafYn.exe
  C:\Windows\System\QBuafYn.exe
  2⤵
  PID:7728
- C:\Windows\System\vyPANZA.exe
  C:\Windows\System\vyPANZA.exe
  2⤵
  PID:7744
- C:\Windows\System\nAcGxgC.exe
  C:\Windows\System\nAcGxgC.exe
  2⤵
  PID:7760
- C:\Windows\System\VzIEQYk.exe
  C:\Windows\System\VzIEQYk.exe
  2⤵
  PID:7776
- C:\Windows\System\uKOyLMc.exe
  C:\Windows\System\uKOyLMc.exe
  2⤵
  PID:7792
- C:\Windows\System\gaLeVIt.exe
  C:\Windows\System\gaLeVIt.exe
  2⤵
  PID:7808
- C:\Windows\System\JqUKujm.exe
  C:\Windows\System\JqUKujm.exe
  2⤵
  PID:7856
- C:\Windows\System\OeolFCx.exe
  C:\Windows\System\OeolFCx.exe
  2⤵
  PID:7888
- C:\Windows\System\KVXZFpi.exe
  C:\Windows\System\KVXZFpi.exe
  2⤵
  PID:7904
- C:\Windows\System\clcoaDv.exe
  C:\Windows\System\clcoaDv.exe
  2⤵
  PID:7920
- C:\Windows\System\UVBvvkr.exe
  C:\Windows\System\UVBvvkr.exe
  2⤵
  PID:7944
- C:\Windows\System\xIAhhFc.exe
  C:\Windows\System\xIAhhFc.exe
  2⤵
  PID:7964
- C:\Windows\System\EFgJnHC.exe
  C:\Windows\System\EFgJnHC.exe
  2⤵
  PID:7980
- C:\Windows\System\kqhyivL.exe
  C:\Windows\System\kqhyivL.exe
  2⤵
  PID:8000
- C:\Windows\System\HbIyMvj.exe
  C:\Windows\System\HbIyMvj.exe
  2⤵
  PID:8020
- C:\Windows\System\xUQLBJD.exe
  C:\Windows\System\xUQLBJD.exe
  2⤵
  PID:8036
- C:\Windows\System\AzUtiAh.exe
  C:\Windows\System\AzUtiAh.exe
  2⤵
  PID:8072
- C:\Windows\System\GSSvBtU.exe
  C:\Windows\System\GSSvBtU.exe
  2⤵
  PID:8088
- C:\Windows\System\wmgTJVI.exe
  C:\Windows\System\wmgTJVI.exe
  2⤵
  PID:8112
- C:\Windows\System\dmRPbCe.exe
  C:\Windows\System\dmRPbCe.exe
  2⤵
  PID:8128
- C:\Windows\System\oaKuasi.exe
  C:\Windows\System\oaKuasi.exe
  2⤵
  PID:8144
- C:\Windows\System\FeqbERU.exe
  C:\Windows\System\FeqbERU.exe
  2⤵
  PID:8164
- C:\Windows\System\nSGYQRS.exe
  C:\Windows\System\nSGYQRS.exe
  2⤵
  PID:8180
- C:\Windows\System\msEhKWk.exe
  C:\Windows\System\msEhKWk.exe
  2⤵
  PID:7008
- C:\Windows\System\wTOSfhp.exe
  C:\Windows\System\wTOSfhp.exe
  2⤵
  PID:6684
- C:\Windows\System\bCJxiQn.exe
  C:\Windows\System\bCJxiQn.exe
  2⤵
  PID:6912
- C:\Windows\System\aUeHWUH.exe
  C:\Windows\System\aUeHWUH.exe
  2⤵
  PID:6364
- C:\Windows\System\FmUZxRH.exe
  C:\Windows\System\FmUZxRH.exe
  2⤵
  PID:7224
- C:\Windows\System\cTUWGjj.exe
  C:\Windows\System\cTUWGjj.exe
  2⤵
  PID:7272
- C:\Windows\System\WuLGafi.exe
  C:\Windows\System\WuLGafi.exe
  2⤵
  PID:7284
- C:\Windows\System\EOcDXJW.exe
  C:\Windows\System\EOcDXJW.exe
  2⤵
  PID:7260
- C:\Windows\System\ZBOpOpi.exe
  C:\Windows\System\ZBOpOpi.exe
  2⤵
  PID:7364
- C:\Windows\System\MXJGxNX.exe
  C:\Windows\System\MXJGxNX.exe
  2⤵
  PID:7432
- C:\Windows\System\FOgMrXa.exe
  C:\Windows\System\FOgMrXa.exe
  2⤵
  PID:7480
- C:\Windows\System\IPfzTnq.exe
  C:\Windows\System\IPfzTnq.exe
  2⤵
  PID:7240
- C:\Windows\System\ZqPgJQl.exe
  C:\Windows\System\ZqPgJQl.exe
  2⤵
  PID:7476
- C:\Windows\System\YnChdWy.exe
  C:\Windows\System\YnChdWy.exe
  2⤵
  PID:7560
- C:\Windows\System\zLPvAQk.exe
  C:\Windows\System\zLPvAQk.exe
  2⤵
  PID:7572
- C:\Windows\System\pfyDYlE.exe
  C:\Windows\System\pfyDYlE.exe
  2⤵
  PID:7608
- C:\Windows\System\AhjcCXD.exe
  C:\Windows\System\AhjcCXD.exe
  2⤵
  PID:7448
- C:\Windows\System\zJVJqjB.exe
  C:\Windows\System\zJVJqjB.exe
  2⤵
  PID:7312
- C:\Windows\System\TeRaVoJ.exe
  C:\Windows\System\TeRaVoJ.exe
  2⤵
  PID:7684
- C:\Windows\System\GAuyNDR.exe
  C:\Windows\System\GAuyNDR.exe
  2⤵
  PID:7588
- C:\Windows\System\YghPaEk.exe
  C:\Windows\System\YghPaEk.exe
  2⤵
  PID:7664
- C:\Windows\System\YHnjwhX.exe
  C:\Windows\System\YHnjwhX.exe
  2⤵
  PID:7704
- C:\Windows\System\LJTrDpg.exe
  C:\Windows\System\LJTrDpg.exe
  2⤵
  PID:7820
- C:\Windows\System\VaYtVRt.exe
  C:\Windows\System\VaYtVRt.exe
  2⤵
  PID:7836
- C:\Windows\System\YjJTvhr.exe
  C:\Windows\System\YjJTvhr.exe
  2⤵
  PID:7868
- C:\Windows\System\VkMgiwc.exe
  C:\Windows\System\VkMgiwc.exe
  2⤵
  PID:7972
- C:\Windows\System\RzjxdQE.exe
  C:\Windows\System\RzjxdQE.exe
  2⤵
  PID:7872
- C:\Windows\System\LeOAqZt.exe
  C:\Windows\System\LeOAqZt.exe
  2⤵
  PID:7884
- C:\Windows\System\wlRlajc.exe
  C:\Windows\System\wlRlajc.exe
  2⤵
  PID:8012
- C:\Windows\System\KTFABCZ.exe
  C:\Windows\System\KTFABCZ.exe
  2⤵
  PID:8052
- C:\Windows\System\uQFUryV.exe
  C:\Windows\System\uQFUryV.exe
  2⤵
  PID:7988
- C:\Windows\System\NDondMG.exe
  C:\Windows\System\NDondMG.exe
  2⤵
  PID:7996
- C:\Windows\System\QSfjFRN.exe
  C:\Windows\System\QSfjFRN.exe
  2⤵
  PID:8096
- C:\Windows\System\JPpSaAI.exe
  C:\Windows\System\JPpSaAI.exe
  2⤵
  PID:8080
- C:\Windows\System\zQhWrOH.exe
  C:\Windows\System\zQhWrOH.exe
  2⤵
  PID:8140
- C:\Windows\System\lIMXLct.exe
  C:\Windows\System\lIMXLct.exe
  2⤵
  PID:6636
- C:\Windows\System\XzcCyuH.exe
  C:\Windows\System\XzcCyuH.exe
  2⤵
  PID:6660
- C:\Windows\System\puOxRyn.exe
  C:\Windows\System\puOxRyn.exe
  2⤵
  PID:7292
- C:\Windows\System\YpxfNZq.exe
  C:\Windows\System\YpxfNZq.exe
  2⤵
  PID:7368
- C:\Windows\System\wgrebKb.exe
  C:\Windows\System\wgrebKb.exe
  2⤵
  PID:7332
- C:\Windows\System\lsYFGSe.exe
  C:\Windows\System\lsYFGSe.exe
  2⤵
  PID:7304
- C:\Windows\System\YeEqKua.exe
  C:\Windows\System\YeEqKua.exe
  2⤵
  PID:7692
- C:\Windows\System\lncjgZr.exe
  C:\Windows\System\lncjgZr.exe
  2⤵
  PID:7388
- C:\Windows\System\GMgimcb.exe
  C:\Windows\System\GMgimcb.exe
  2⤵
  PID:7472
- C:\Windows\System\tXmBmMF.exe
  C:\Windows\System\tXmBmMF.exe
  2⤵
  PID:7244
- C:\Windows\System\hIykscp.exe
  C:\Windows\System\hIykscp.exe
  2⤵
  PID:7644
- C:\Windows\System\CkrzyJd.exe
  C:\Windows\System\CkrzyJd.exe
  2⤵
  PID:7788
- C:\Windows\System\JZEVclY.exe
  C:\Windows\System\JZEVclY.exe
  2⤵
  PID:7800
- C:\Windows\System\YzPRYpR.exe
  C:\Windows\System\YzPRYpR.exe
  2⤵
  PID:7824
- C:\Windows\System\oEXVqFm.exe
  C:\Windows\System\oEXVqFm.exe
  2⤵
  PID:7900
- C:\Windows\System\blfpgzP.exe
  C:\Windows\System\blfpgzP.exe
  2⤵
  PID:7804
- C:\Windows\System\nLHnkGc.exe
  C:\Windows\System\nLHnkGc.exe
  2⤵
  PID:7180
- C:\Windows\System\FerMIbp.exe
  C:\Windows\System\FerMIbp.exe
  2⤵
  PID:8084
- C:\Windows\System\KhcPAWd.exe
  C:\Windows\System\KhcPAWd.exe
  2⤵
  PID:7976
- C:\Windows\System\hThniaz.exe
  C:\Windows\System\hThniaz.exe
  2⤵
  PID:6284
- C:\Windows\System\UzpiBSm.exe
  C:\Windows\System\UzpiBSm.exe
  2⤵
  PID:6972
- C:\Windows\System\SJOIKYQ.exe
  C:\Windows\System\SJOIKYQ.exe
  2⤵
  PID:7264
- C:\Windows\System\gHRUjOB.exe
  C:\Windows\System\gHRUjOB.exe
  2⤵
  PID:7492
- C:\Windows\System\wVMDvRe.exe
  C:\Windows\System\wVMDvRe.exe
  2⤵
  PID:7316
- C:\Windows\System\qNIhrlm.exe
  C:\Windows\System\qNIhrlm.exe
  2⤵
  PID:7360
- C:\Windows\System\ipsaldM.exe
  C:\Windows\System\ipsaldM.exe
  2⤵
  PID:7724
- C:\Windows\System\cjsjzAn.exe
  C:\Windows\System\cjsjzAn.exe
  2⤵
  PID:7592
- C:\Windows\System\yMOeXFD.exe
  C:\Windows\System\yMOeXFD.exe
  2⤵
  PID:7848
- C:\Windows\System\XvrJCyL.exe
  C:\Windows\System\XvrJCyL.exe
  2⤵
  PID:8044
- C:\Windows\System\GcKHXwR.exe
  C:\Windows\System\GcKHXwR.exe
  2⤵
  PID:8068
- C:\Windows\System\Yghfgni.exe
  C:\Windows\System\Yghfgni.exe
  2⤵
  PID:7404
- C:\Windows\System\RsnjZeZ.exe
  C:\Windows\System\RsnjZeZ.exe
  2⤵
  PID:7636
- C:\Windows\System\IOcKKzr.exe
  C:\Windows\System\IOcKKzr.exe
  2⤵
  PID:6768
- C:\Windows\System\wgxfakp.exe
  C:\Windows\System\wgxfakp.exe
  2⤵
  PID:7164
- C:\Windows\System\eawtuVx.exe
  C:\Windows\System\eawtuVx.exe
  2⤵
  PID:7452
- C:\Windows\System\kFtgTVf.exe
  C:\Windows\System\kFtgTVf.exe
  2⤵
  PID:7516
- C:\Windows\System\TpONQAZ.exe
  C:\Windows\System\TpONQAZ.exe
  2⤵
  PID:6604
- C:\Windows\System\ClIFiQC.exe
  C:\Windows\System\ClIFiQC.exe
  2⤵
  PID:8176
- C:\Windows\System\sQgpFrT.exe
  C:\Windows\System\sQgpFrT.exe
  2⤵
  PID:7528
- C:\Windows\System\KSJtqvl.exe
  C:\Windows\System\KSJtqvl.exe
  2⤵
  PID:7416
- C:\Windows\System\HjIRlkI.exe
  C:\Windows\System\HjIRlkI.exe
  2⤵
  PID:7640
- C:\Windows\System\FeiAteh.exe
  C:\Windows\System\FeiAteh.exe
  2⤵
  PID:7500
- C:\Windows\System\URQPgDB.exe
  C:\Windows\System\URQPgDB.exe
  2⤵
  PID:7196
- C:\Windows\System\pZMyPSO.exe
  C:\Windows\System\pZMyPSO.exe
  2⤵
  PID:6392
- C:\Windows\System\sFmLfzO.exe
  C:\Windows\System\sFmLfzO.exe
  2⤵
  PID:7916
- C:\Windows\System\WLyTrOc.exe
  C:\Windows\System\WLyTrOc.exe
  2⤵
  PID:8108
- C:\Windows\System\rdZaaGN.exe
  C:\Windows\System\rdZaaGN.exe
  2⤵
  PID:8196
- C:\Windows\System\rzVTFpn.exe
  C:\Windows\System\rzVTFpn.exe
  2⤵
  PID:8212
- C:\Windows\System\rQTudIm.exe
  C:\Windows\System\rQTudIm.exe
  2⤵
  PID:8236
- C:\Windows\System\nADXSGO.exe
  C:\Windows\System\nADXSGO.exe
  2⤵
  PID:8252
- C:\Windows\System\ifaxJoD.exe
  C:\Windows\System\ifaxJoD.exe
  2⤵
  PID:8272
- C:\Windows\System\pwGJbns.exe
  C:\Windows\System\pwGJbns.exe
  2⤵
  PID:8296
- C:\Windows\System\jnOQMiO.exe
  C:\Windows\System\jnOQMiO.exe
  2⤵
  PID:8312
- C:\Windows\System\YGVgPKQ.exe
  C:\Windows\System\YGVgPKQ.exe
  2⤵
  PID:8336
- C:\Windows\System\UktVEau.exe
  C:\Windows\System\UktVEau.exe
  2⤵
  PID:8360
- C:\Windows\System\SVkGLLn.exe
  C:\Windows\System\SVkGLLn.exe
  2⤵
  PID:8376
- C:\Windows\System\WxaReZG.exe
  C:\Windows\System\WxaReZG.exe
  2⤵
  PID:8400
- C:\Windows\System\KtyjWgh.exe
  C:\Windows\System\KtyjWgh.exe
  2⤵
  PID:8416
- C:\Windows\System\vFIkUAI.exe
  C:\Windows\System\vFIkUAI.exe
  2⤵
  PID:8432
- C:\Windows\System\kJFRnva.exe
  C:\Windows\System\kJFRnva.exe
  2⤵
  PID:8448
- C:\Windows\System\UHUBDBg.exe
  C:\Windows\System\UHUBDBg.exe
  2⤵
  PID:8464
- C:\Windows\System\IyGbPMs.exe
  C:\Windows\System\IyGbPMs.exe
  2⤵
  PID:8480
- C:\Windows\System\fNnQyJR.exe
  C:\Windows\System\fNnQyJR.exe
  2⤵
  PID:8496
- C:\Windows\System\KnxgRWQ.exe
  C:\Windows\System\KnxgRWQ.exe
  2⤵
  PID:8516
- C:\Windows\System\NQxyiOl.exe
  C:\Windows\System\NQxyiOl.exe
  2⤵
  PID:8584
- C:\Windows\System\QURJPkG.exe
  C:\Windows\System\QURJPkG.exe
  2⤵
  PID:8600
- C:\Windows\System\nwdNhzm.exe
  C:\Windows\System\nwdNhzm.exe
  2⤵
  PID:8616
- C:\Windows\System\cauqFqD.exe
  C:\Windows\System\cauqFqD.exe
  2⤵
  PID:8632
- C:\Windows\System\sQosmrw.exe
  C:\Windows\System\sQosmrw.exe
  2⤵
  PID:8648
- C:\Windows\System\FLdJhnN.exe
  C:\Windows\System\FLdJhnN.exe
  2⤵
  PID:8672
- C:\Windows\System\tmvQjij.exe
  C:\Windows\System\tmvQjij.exe
  2⤵
  PID:8696
- C:\Windows\System\oRAtsJH.exe
  C:\Windows\System\oRAtsJH.exe
  2⤵
  PID:8716
- C:\Windows\System\SEmOJWj.exe
  C:\Windows\System\SEmOJWj.exe
  2⤵
  PID:8732
- C:\Windows\System\WQnYcjI.exe
  C:\Windows\System\WQnYcjI.exe
  2⤵
  PID:8748
- C:\Windows\System\ajNxJwr.exe
  C:\Windows\System\ajNxJwr.exe
  2⤵
  PID:8768
- C:\Windows\System\BmtcGTJ.exe
  C:\Windows\System\BmtcGTJ.exe
  2⤵
  PID:8784
- C:\Windows\System\HyrPfbX.exe
  C:\Windows\System\HyrPfbX.exe
  2⤵
  PID:8800
- C:\Windows\System\FUAVSFX.exe
  C:\Windows\System\FUAVSFX.exe
  2⤵
  PID:8816
- C:\Windows\System\taNFNjG.exe
  C:\Windows\System\taNFNjG.exe
  2⤵
  PID:8852
- C:\Windows\System\QjMuufg.exe
  C:\Windows\System\QjMuufg.exe
  2⤵
  PID:8880
- C:\Windows\System\OoTfkOB.exe
  C:\Windows\System\OoTfkOB.exe
  2⤵
  PID:8904
- C:\Windows\System\LWAlcRv.exe
  C:\Windows\System\LWAlcRv.exe
  2⤵
  PID:8920
- C:\Windows\System\eHqiuRK.exe
  C:\Windows\System\eHqiuRK.exe
  2⤵
  PID:8948
- C:\Windows\System\VsaZBgq.exe
  C:\Windows\System\VsaZBgq.exe
  2⤵
  PID:8964
- C:\Windows\System\zxNAqJC.exe
  C:\Windows\System\zxNAqJC.exe
  2⤵
  PID:8980
- C:\Windows\System\UloiCjN.exe
  C:\Windows\System\UloiCjN.exe
  2⤵
  PID:8996
- C:\Windows\System\LuUsNJM.exe
  C:\Windows\System\LuUsNJM.exe
  2⤵
  PID:9012
- C:\Windows\System\AesCJXl.exe
  C:\Windows\System\AesCJXl.exe
  2⤵
  PID:9028
- C:\Windows\System\RglUDNw.exe
  C:\Windows\System\RglUDNw.exe
  2⤵
  PID:9044
- C:\Windows\System\NhjcYEi.exe
  C:\Windows\System\NhjcYEi.exe
  2⤵
  PID:9060
- C:\Windows\System\vptDcHR.exe
  C:\Windows\System\vptDcHR.exe
  2⤵
  PID:9080
- C:\Windows\System\YxnxEvN.exe
  C:\Windows\System\YxnxEvN.exe
  2⤵
  PID:9096
- C:\Windows\System\WKSoUfS.exe
  C:\Windows\System\WKSoUfS.exe
  2⤵
  PID:9116
- C:\Windows\System\jACqKEl.exe
  C:\Windows\System\jACqKEl.exe
  2⤵
  PID:9132
- C:\Windows\System\XQqlfDD.exe
  C:\Windows\System\XQqlfDD.exe
  2⤵
  PID:9148
- C:\Windows\System\eLJEpDY.exe
  C:\Windows\System\eLJEpDY.exe
  2⤵
  PID:9164
- C:\Windows\System\TfEeUze.exe
  C:\Windows\System\TfEeUze.exe
  2⤵
  PID:9184
- C:\Windows\System\YUVMXzN.exe
  C:\Windows\System\YUVMXzN.exe
  2⤵
  PID:9200
- C:\Windows\System\rvXeOnh.exe
  C:\Windows\System\rvXeOnh.exe
  2⤵
  PID:7720
- C:\Windows\System\uYZrmdj.exe
  C:\Windows\System\uYZrmdj.exe
  2⤵
  PID:8228
- C:\Windows\System\zGcSxXh.exe
  C:\Windows\System\zGcSxXh.exe
  2⤵
  PID:8260
- C:\Windows\System\wZjGAkJ.exe
  C:\Windows\System\wZjGAkJ.exe
  2⤵
  PID:8304
- C:\Windows\System\xYHhPYu.exe
  C:\Windows\System\xYHhPYu.exe
  2⤵
  PID:8344
- C:\Windows\System\IzMHdua.exe
  C:\Windows\System\IzMHdua.exe
  2⤵
  PID:8288
- C:\Windows\System\HODMpGO.exe
  C:\Windows\System\HODMpGO.exe
  2⤵
  PID:8292
- C:\Windows\System\coQSSzO.exe
  C:\Windows\System\coQSSzO.exe
  2⤵
  PID:8388
- C:\Windows\System\WlkjvVa.exe
  C:\Windows\System\WlkjvVa.exe
  2⤵
  PID:8392
- C:\Windows\System\gjqyIFU.exe
  C:\Windows\System\gjqyIFU.exe
  2⤵
  PID:8456
- C:\Windows\System\NYwHSdS.exe
  C:\Windows\System\NYwHSdS.exe
  2⤵
  PID:8492
- C:\Windows\System\vvrVGjU.exe
  C:\Windows\System\vvrVGjU.exe
  2⤵
  PID:8408
- C:\Windows\System\CVZTAbl.exe
  C:\Windows\System\CVZTAbl.exe
  2⤵
  PID:7784
- C:\Windows\System\dWgzZfX.exe
  C:\Windows\System\dWgzZfX.exe
  2⤵
  PID:8572
- C:\Windows\System\gYZXIza.exe
  C:\Windows\System\gYZXIza.exe
  2⤵
  PID:8592
- C:\Windows\System\YasmOUU.exe
  C:\Windows\System\YasmOUU.exe
  2⤵
  PID:8640
- C:\Windows\System\hckmmSk.exe
  C:\Windows\System\hckmmSk.exe
  2⤵
  PID:8712
- C:\Windows\System\YTeTJQr.exe
  C:\Windows\System\YTeTJQr.exe
  2⤵
  PID:8812
- C:\Windows\System\vpQyPvw.exe
  C:\Windows\System\vpQyPvw.exe
  2⤵
  PID:8868
- C:\Windows\System\TQnmZIr.exe
  C:\Windows\System\TQnmZIr.exe
  2⤵
  PID:8928
- C:\Windows\System\QDsTvGP.exe
  C:\Windows\System\QDsTvGP.exe
  2⤵
  PID:8776
- C:\Windows\System\uRxDVxq.exe
  C:\Windows\System\uRxDVxq.exe
  2⤵
  PID:8944
- C:\Windows\System\czAiDbl.exe
  C:\Windows\System\czAiDbl.exe
  2⤵
  PID:9004
- C:\Windows\System\mOyxKtq.exe
  C:\Windows\System\mOyxKtq.exe
  2⤵
  PID:9068
- C:\Windows\System\PoTErFZ.exe
  C:\Windows\System\PoTErFZ.exe
  2⤵
  PID:9088
- C:\Windows\System\tKOvdqd.exe
  C:\Windows\System\tKOvdqd.exe
  2⤵
  PID:9112
- C:\Windows\System\iYLShRE.exe
  C:\Windows\System\iYLShRE.exe
  2⤵
  PID:9144
- C:\Windows\System\BOiUkYd.exe
  C:\Windows\System\BOiUkYd.exe
  2⤵
  PID:9180
- C:\Windows\System\wzKahEh.exe
  C:\Windows\System\wzKahEh.exe
  2⤵
  PID:9208
- C:\Windows\System\IXYUPRK.exe
  C:\Windows\System\IXYUPRK.exe
  2⤵
  PID:8208
- C:\Windows\System\mcHuHpk.exe
  C:\Windows\System\mcHuHpk.exe
  2⤵
  PID:8352
- C:\Windows\System\AmpMwHC.exe
  C:\Windows\System\AmpMwHC.exe
  2⤵
  PID:8368
- C:\Windows\System\HfcgxJm.exe
  C:\Windows\System\HfcgxJm.exe
  2⤵
  PID:8372
- C:\Windows\System\ZrEBfFa.exe
  C:\Windows\System\ZrEBfFa.exe
  2⤵
  PID:8528
- C:\Windows\System\FtTspoz.exe
  C:\Windows\System\FtTspoz.exe
  2⤵
  PID:8536
- C:\Windows\System\IlGaKSU.exe
  C:\Windows\System\IlGaKSU.exe
  2⤵
  PID:8624
- C:\Windows\System\eWkZqnk.exe
  C:\Windows\System\eWkZqnk.exe
  2⤵
  PID:8628
- C:\Windows\System\CNjBrgJ.exe
  C:\Windows\System\CNjBrgJ.exe
  2⤵
  PID:8724
- C:\Windows\System\OLufiZm.exe
  C:\Windows\System\OLufiZm.exe
  2⤵
  PID:8796
- C:\Windows\System\OWqSiVD.exe
  C:\Windows\System\OWqSiVD.exe
  2⤵
  PID:8740
- C:\Windows\System\JQTFCbu.exe
  C:\Windows\System\JQTFCbu.exe
  2⤵
  PID:9176
- C:\Windows\System\TwTusDx.exe
  C:\Windows\System\TwTusDx.exe
  2⤵
  PID:8848
- C:\Windows\System\HQNjSQI.exe
  C:\Windows\System\HQNjSQI.exe
  2⤵
  PID:8900
- C:\Windows\System\zFdrezl.exe
  C:\Windows\System\zFdrezl.exe
  2⤵
  PID:8936
- C:\Windows\System\jsFeWiV.exe
  C:\Windows\System\jsFeWiV.exe
  2⤵
  PID:9052
- C:\Windows\System\HDdRgWO.exe
  C:\Windows\System\HDdRgWO.exe
  2⤵
  PID:9040
- C:\Windows\System\dmTohAw.exe
  C:\Windows\System\dmTohAw.exe
  2⤵
  PID:8708
- C:\Windows\System\PiVJkSS.exe
  C:\Windows\System\PiVJkSS.exe
  2⤵
  PID:8284
- C:\Windows\System\FHnFLHz.exe
  C:\Windows\System\FHnFLHz.exe
  2⤵
  PID:8220
- C:\Windows\System\BVBTSTV.exe
  C:\Windows\System\BVBTSTV.exe
  2⤵
  PID:8488
- C:\Windows\System\IYktXPj.exe
  C:\Windows\System\IYktXPj.exe
  2⤵
  PID:8332
- C:\Windows\System\GpQozNk.exe
  C:\Windows\System\GpQozNk.exe
  2⤵
  PID:8564
- C:\Windows\System\TFncqSe.exe
  C:\Windows\System\TFncqSe.exe
  2⤵
  PID:8760
- C:\Windows\System\HVYMQuW.exe
  C:\Windows\System\HVYMQuW.exe
  2⤵
  PID:9024
- C:\Windows\System\ciLXSsx.exe
  C:\Windows\System\ciLXSsx.exe
  2⤵
  PID:8664
- C:\Windows\System\enFperK.exe
  C:\Windows\System\enFperK.exe
  2⤵
  PID:8844
- C:\Windows\System\QJluRWR.exe
  C:\Windows\System\QJluRWR.exe
  2⤵
  PID:9128
- C:\Windows\System\hZUZfvy.exe
  C:\Windows\System\hZUZfvy.exe
  2⤵
  PID:9160
- C:\Windows\System\fGBCarm.exe
  C:\Windows\System\fGBCarm.exe
  2⤵
  PID:8992
- C:\Windows\System\XYDNIZk.exe
  C:\Windows\System\XYDNIZk.exe
  2⤵
  PID:8268
- C:\Windows\System\vvPHpBm.exe
  C:\Windows\System\vvPHpBm.exe
  2⤵
  PID:8548
- C:\Windows\System\FwpsCQo.exe
  C:\Windows\System\FwpsCQo.exe
  2⤵
  PID:8596
- C:\Windows\System\SthuFpN.exe
  C:\Windows\System\SthuFpN.exe
  2⤵
  PID:8744
- C:\Windows\System\newcYpq.exe
  C:\Windows\System\newcYpq.exe
  2⤵
  PID:8960
- C:\Windows\System\ehpiPAO.exe
  C:\Windows\System\ehpiPAO.exe
  2⤵
  PID:8892
- C:\Windows\System\smhaYTy.exe
  C:\Windows\System\smhaYTy.exe
  2⤵
  PID:9172
- C:\Windows\System\uZdCHaW.exe
  C:\Windows\System\uZdCHaW.exe
  2⤵
  PID:8580
- C:\Windows\System\GRjXDyH.exe
  C:\Windows\System\GRjXDyH.exe
  2⤵
  PID:9196
- C:\Windows\System\GYspbyk.exe
  C:\Windows\System\GYspbyk.exe
  2⤵
  PID:8532
- C:\Windows\System\tGPtRyw.exe
  C:\Windows\System\tGPtRyw.exe
  2⤵
  PID:8764
- C:\Windows\System\jtDcoeC.exe
  C:\Windows\System\jtDcoeC.exe
  2⤵
  PID:8224
- C:\Windows\System\sTCnqrc.exe
  C:\Windows\System\sTCnqrc.exe
  2⤵
  PID:6944
- C:\Windows\System\TDoDWGo.exe
  C:\Windows\System\TDoDWGo.exe
  2⤵
  PID:8972
- C:\Windows\System\zEBCvSU.exe
  C:\Windows\System\zEBCvSU.exe
  2⤵
  PID:8792
- C:\Windows\System\sJSUtiH.exe
  C:\Windows\System\sJSUtiH.exe
  2⤵
  PID:9232
- C:\Windows\System\ZcBJriP.exe
  C:\Windows\System\ZcBJriP.exe
  2⤵
  PID:9252
- C:\Windows\System\OlzIkdD.exe
  C:\Windows\System\OlzIkdD.exe
  2⤵
  PID:9276
- C:\Windows\System\Gifhaww.exe
  C:\Windows\System\Gifhaww.exe
  2⤵
  PID:9308
- C:\Windows\System\FzoMJMN.exe
  C:\Windows\System\FzoMJMN.exe
  2⤵
  PID:9328
- C:\Windows\System\viMHOJc.exe
  C:\Windows\System\viMHOJc.exe
  2⤵
  PID:9344
- C:\Windows\System\yOZmkhu.exe
  C:\Windows\System\yOZmkhu.exe
  2⤵
  PID:9360
- C:\Windows\System\qljxJWJ.exe
  C:\Windows\System\qljxJWJ.exe
  2⤵
  PID:9380
- C:\Windows\System\hRxuKTM.exe
  C:\Windows\System\hRxuKTM.exe
  2⤵
  PID:9396
- C:\Windows\System\LdhIqtG.exe
  C:\Windows\System\LdhIqtG.exe
  2⤵
  PID:9420
- C:\Windows\System\MOwpRMD.exe
  C:\Windows\System\MOwpRMD.exe
  2⤵
  PID:9436
- C:\Windows\System\fiUmoYP.exe
  C:\Windows\System\fiUmoYP.exe
  2⤵
  PID:9460
- C:\Windows\System\TdXLDGv.exe
  C:\Windows\System\TdXLDGv.exe
  2⤵
  PID:9484
- C:\Windows\System\BBycrtw.exe
  C:\Windows\System\BBycrtw.exe
  2⤵
  PID:9504
- C:\Windows\System\tZohGKD.exe
  C:\Windows\System\tZohGKD.exe
  2⤵
  PID:9520
- C:\Windows\System\niBtSWY.exe
  C:\Windows\System\niBtSWY.exe
  2⤵
  PID:9540
- C:\Windows\System\lkRWPNs.exe
  C:\Windows\System\lkRWPNs.exe
  2⤵
  PID:9556
- C:\Windows\System\yNvKuqe.exe
  C:\Windows\System\yNvKuqe.exe
  2⤵
  PID:9572
- C:\Windows\System\SxOYFEg.exe
  C:\Windows\System\SxOYFEg.exe
  2⤵
  PID:9596
- C:\Windows\System\spqYxoI.exe
  C:\Windows\System\spqYxoI.exe
  2⤵
  PID:9624
- C:\Windows\System\ADfmGue.exe
  C:\Windows\System\ADfmGue.exe
  2⤵
  PID:9652
- C:\Windows\System\BaYEFVD.exe
  C:\Windows\System\BaYEFVD.exe
  2⤵
  PID:9668
- C:\Windows\System\FIWdKyE.exe
  C:\Windows\System\FIWdKyE.exe
  2⤵
  PID:9692
- C:\Windows\System\NDsIAZl.exe
  C:\Windows\System\NDsIAZl.exe
  2⤵
  PID:9708
- C:\Windows\System\pdeHVUz.exe
  C:\Windows\System\pdeHVUz.exe
  2⤵
  PID:9724
- C:\Windows\System\cKREFLV.exe
  C:\Windows\System\cKREFLV.exe
  2⤵
  PID:9748
- C:\Windows\System\DGdkjab.exe
  C:\Windows\System\DGdkjab.exe
  2⤵
  PID:9772
- C:\Windows\System\yvBriLv.exe
  C:\Windows\System\yvBriLv.exe
  2⤵
  PID:9788
- C:\Windows\System\OOWtFuI.exe
  C:\Windows\System\OOWtFuI.exe
  2⤵
  PID:9812
- C:\Windows\System\ceZeZgs.exe
  C:\Windows\System\ceZeZgs.exe
  2⤵
  PID:9828
- C:\Windows\System\LqQMENT.exe
  C:\Windows\System\LqQMENT.exe
  2⤵
  PID:9848
- C:\Windows\System\uFHFEhD.exe
  C:\Windows\System\uFHFEhD.exe
  2⤵
  PID:9864
- C:\Windows\System\FoCiqZd.exe
  C:\Windows\System\FoCiqZd.exe
  2⤵
  PID:9880
- C:\Windows\System\FNUYcXq.exe
  C:\Windows\System\FNUYcXq.exe
  2⤵
  PID:9896
- C:\Windows\System\EdpENjL.exe
  C:\Windows\System\EdpENjL.exe
  2⤵
  PID:9920
- C:\Windows\System\NYVPygd.exe
  C:\Windows\System\NYVPygd.exe
  2⤵
  PID:9936
- C:\Windows\System\sLJKFzz.exe
  C:\Windows\System\sLJKFzz.exe
  2⤵
  PID:9956
- C:\Windows\System\pdobcbL.exe
  C:\Windows\System\pdobcbL.exe
  2⤵
  PID:9976
- C:\Windows\System\lYMCRNG.exe
  C:\Windows\System\lYMCRNG.exe
  2⤵
  PID:9992
- C:\Windows\System\GlMqBIe.exe
  C:\Windows\System\GlMqBIe.exe
  2⤵
  PID:10016
- C:\Windows\System\XFStZyZ.exe
  C:\Windows\System\XFStZyZ.exe
  2⤵
  PID:10040
- C:\Windows\System\IlJieUO.exe
  C:\Windows\System\IlJieUO.exe
  2⤵
  PID:10060
- C:\Windows\System\zIQcgMc.exe
  C:\Windows\System\zIQcgMc.exe
  2⤵
  PID:10076
- C:\Windows\System\DlrweUL.exe
  C:\Windows\System\DlrweUL.exe
  2⤵
  PID:10096
- C:\Windows\System\DfPHnwR.exe
  C:\Windows\System\DfPHnwR.exe
  2⤵
  PID:10128
- C:\Windows\System\CbZwEpj.exe
  C:\Windows\System\CbZwEpj.exe
  2⤵
  PID:10144
- C:\Windows\System\rDkzeNB.exe
  C:\Windows\System\rDkzeNB.exe
  2⤵
  PID:10164
- C:\Windows\System\btDaVYe.exe
  C:\Windows\System\btDaVYe.exe
  2⤵
  PID:10192
- C:\Windows\System\ldLHofP.exe
  C:\Windows\System\ldLHofP.exe
  2⤵
  PID:10208
- C:\Windows\System\gzkJjgn.exe
  C:\Windows\System\gzkJjgn.exe
  2⤵
  PID:10228
- C:\Windows\System\mLmqZwZ.exe
  C:\Windows\System\mLmqZwZ.exe
  2⤵
  PID:9224
- C:\Windows\System\WShbuZO.exe
  C:\Windows\System\WShbuZO.exe
  2⤵
  PID:9272
- C:\Windows\System\GuCirJa.exe
  C:\Windows\System\GuCirJa.exe
  2⤵
  PID:8976
- C:\Windows\System\QZvalbT.exe
  C:\Windows\System\QZvalbT.exe
  2⤵
  PID:9284
- C:\Windows\System\XBKNTFE.exe
  C:\Windows\System\XBKNTFE.exe
  2⤵
  PID:9296
- C:\Windows\System\vkTmXaU.exe
  C:\Windows\System\vkTmXaU.exe
  2⤵
  PID:9352
- C:\Windows\System\XxZUQgg.exe
  C:\Windows\System\XxZUQgg.exe
  2⤵
  PID:9432
- C:\Windows\System\ANYhldY.exe
  C:\Windows\System\ANYhldY.exe
  2⤵
  PID:9476
- C:\Windows\System\jAWKKax.exe
  C:\Windows\System\jAWKKax.exe
  2⤵
  PID:9376
- C:\Windows\System\ILVhkJS.exe
  C:\Windows\System\ILVhkJS.exe
  2⤵
  PID:9552
- C:\Windows\System\TMfkkIO.exe
  C:\Windows\System\TMfkkIO.exe
  2⤵
  PID:9452
- C:\Windows\System\DoOrqjX.exe
  C:\Windows\System\DoOrqjX.exe
  2⤵
  PID:9408
- C:\Windows\System\xWXgian.exe
  C:\Windows\System\xWXgian.exe
  2⤵
  PID:9580
- C:\Windows\System\txtToMU.exe
  C:\Windows\System\txtToMU.exe
  2⤵
  PID:9616
- C:\Windows\System\hkOJIru.exe
  C:\Windows\System\hkOJIru.exe
  2⤵
  PID:9636
- C:\Windows\System\HQYtySF.exe
  C:\Windows\System\HQYtySF.exe
  2⤵
  PID:9676
- C:\Windows\System\aoqSjYY.exe
  C:\Windows\System\aoqSjYY.exe
  2⤵
  PID:9716
- C:\Windows\System\UYsuKkx.exe
  C:\Windows\System\UYsuKkx.exe
  2⤵
  PID:9744
- C:\Windows\System\yiMSTOn.exe
  C:\Windows\System\yiMSTOn.exe
  2⤵
  PID:9760
- C:\Windows\System\VvzqLuJ.exe
  C:\Windows\System\VvzqLuJ.exe
  2⤵
  PID:9808
- C:\Windows\System\GadINqm.exe
  C:\Windows\System\GadINqm.exe
  2⤵
  PID:9876
- C:\Windows\System\FPJYfly.exe
  C:\Windows\System\FPJYfly.exe
  2⤵
  PID:9912
- C:\Windows\System\OLhlObg.exe
  C:\Windows\System\OLhlObg.exe
  2⤵
  PID:9984
- C:\Windows\System\DbBfQXc.exe
  C:\Windows\System\DbBfQXc.exe
  2⤵
  PID:10032
- C:\Windows\System\ggmcNHq.exe
  C:\Windows\System\ggmcNHq.exe
  2⤵
  PID:9932
- C:\Windows\System\LRPMWpF.exe
  C:\Windows\System\LRPMWpF.exe
  2⤵
  PID:9972
- C:\Windows\System\eGTOVLx.exe
  C:\Windows\System\eGTOVLx.exe
  2⤵
  PID:10120
- C:\Windows\System\ZNUDPRj.exe
  C:\Windows\System\ZNUDPRj.exe
  2⤵
  PID:10056
- C:\Windows\System\xgZOSDm.exe
  C:\Windows\System\xgZOSDm.exe
  2⤵
  PID:10092
- C:\Windows\System\tGooEwl.exe
  C:\Windows\System\tGooEwl.exe
  2⤵
  PID:10108
- C:\Windows\System\XdPkVBV.exe
  C:\Windows\System\XdPkVBV.exe
  2⤵
  PID:10160
- C:\Windows\System\aNmMfmi.exe
  C:\Windows\System\aNmMfmi.exe
  2⤵
  PID:10184
- C:\Windows\System\AuXIsOm.exe
  C:\Windows\System\AuXIsOm.exe
  2⤵
  PID:10204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CzXXGGd.exe

Filesize
6.0MB

MD5
54957c4877c7cd6711b6186763631f7e

SHA1
da00b14bed22b8855f4a2cfeb76ee0ef0a94a37e

SHA256
9848ef45e6099fb90a4f990546fb7682cd4b2e31c4bc0c93143a9d6c93813936

SHA512
b196206733b54f268b5af2913b742f588c529495f2a9b4da6243dba4d4723cab4229311f274ed81951d853ec44dfd7347e666eb429d402bb897e01c46ac53d75

Download Submit
C:\Windows\system\GEcOEOQ.exe

Filesize
6.0MB

MD5
ce6fa464d1277a8685cb32f4aae9dc1f

SHA1
690cf139c945cc5bc6c748b6151e4d17cdce7ce1

SHA256
8ca08cfb104bb65760d3aa93793b4930ccc16b1072f064b4b0b34fd7c1bd18ff

SHA512
52b3e291a087e489780065bb3bc5f17f08bc1abd95715cf32391eb608ba86ca3cdd2aba30794d7ae736290802719f296b718b57a6c4a0d57fc28157270b4317b

Download Submit
C:\Windows\system\IRYcYtk.exe

Filesize
6.0MB

MD5
b7b73f464889c1ef9b78b0e2b95e39b8

SHA1
1f8d82b55b2a6769d98fb97411215e98a6c3a978

SHA256
4efd364436ef3c592b7e902355a5be2c2f350b68ab13add48b6df8569078d3be

SHA512
4929758f428320819be4c064d3800d9714cbf8a8ce79546e6087ac8ba6e451985735f7ac23837535ed902a5344b0e89280ba4fc8c3986ef4cd197cfebddd2725

Download Submit
C:\Windows\system\MbAqWMy.exe

Filesize
6.0MB

MD5
7fbbded180f9c56f06e2c160d7bbf37e

SHA1
2e25351b315b5cead5134e0e499068cf138e2039

SHA256
e0bb84e0edf43a49abe6e581f1e3e36ca6e577de22d9a62f377234c396d6b2dc

SHA512
35029bafb7cca9064559d9db13a14af848c9ed1af67c865d7c7b912f836372702cc4b6d337a3c3c4f31b46882c645c05c76b97ac3b97c12698dea1002f6375ee

Download Submit
C:\Windows\system\NZYtrna.exe

Filesize
6.0MB

MD5
29868967e6991c46541e32a409686440

SHA1
3485e2da30a7502a789331fed282edaf2be26095

SHA256
eb6e4df105432da35beda2bae2278b24940b80ecbe0806b37e54c68caea0ea61

SHA512
ec9016fde9c0003e70ed540d2c9917928aebf3345dc6126c5bf2bcade2d0b62304c2e053a86dfa443968e0d2391eee3d769513c1cca2e2b6b8fce1470bbd6130

Download Submit
C:\Windows\system\ObZmoui.exe

Filesize
6.0MB

MD5
adcf7718eb6e16f2d9359af53d94ffd9

SHA1
0b30d8d485aaed6054e3be8a63792271cd0fe66f

SHA256
5c716173f6428465dd899abaa65a878a176913adc8d27f3f19aa341e0e13e243

SHA512
04e80e707774820a1433f46661032585491e0bddb8ff9ae048e04ce25e6b955eedd24374a77455779c7fbc875dd4877fb4c2e9f30e9c8cc9fc2d762051175e01

Download Submit
C:\Windows\system\TyHpxQI.exe

Filesize
6.0MB

MD5
24e876512b8f29d6e808ad46a87893f3

SHA1
5b69dcf1de440a94a0f51f5236c0be9b250d3773

SHA256
9ab95a242cee2674525c3de3b8fa35b398a926f2f094522b717ccffa08b6ae6a

SHA512
833ca79f0ef80b186ef9a57327891c16d68f71de08405763204307bb30273e213b0a127b319678f5e4ada617844a0e8bed634552879f2f63e8baa9eded9d0703

Download Submit
C:\Windows\system\UBiIoya.exe

Filesize
6.0MB

MD5
28677cf1ceabb5e59878fdf344ebeda0

SHA1
06ea9a638fc5deab3d244eec262c4dfdc128af6e

SHA256
97daea56d3f248a5bfc0987497ddc2093bf493573e66218d94dbd785470acf9a

SHA512
5390b4ea6f8db2a64240ac0fee7cdce5f1c44d84a1a3bdbcd177bb10ec154ad7a54c878ee0f94611348ba0142c255114ed9133675a2a29466196df308e7f3b01

Download Submit
C:\Windows\system\WysohiP.exe

Filesize
6.0MB

MD5
4451bfdeb9bf5b75a5c8fff1eecccedb

SHA1
e1e789e5a700f875331622dce0cc017da8632091

SHA256
726d8dc049b852e7c4470d76c2b0ba3d167cb5518a3d16d4f09e23aff7ea09b9

SHA512
2c539911f8bf4d28908e160dd137e95ea3bbd407cb82465613d419c41a88fe35a30c111913c8f6feae61b9cd6ec2f67fcc4ff28ea1216e52a4e2078174c984eb

Download Submit
C:\Windows\system\bkJshdn.exe

Filesize
6.0MB

MD5
153f5eedc679d15576a0bc55ac6c8026

SHA1
b67aec33a7276130920c610aa903b08df75422c9

SHA256
bd08880ae600788d5342890d252b9c879202de0f9f43aa7b7504841b771aabd1

SHA512
89040b05915a7daf83d5091ab09491efeb604f4692aca9bf5fe07d99d9133458fccc2631e7a681f4cd41b31da7f64fc521dd785aa4889626eca839cef1ee11ea

Download Submit
C:\Windows\system\cpcarFc.exe

Filesize
6.0MB

MD5
9b35085b89e1cd5c936b57b4fa74ba7c

SHA1
aae2cb8f6043e998394a02df914acbd6f8ed7174

SHA256
c1a37edfd0ff5110853bddcb86d45b7184d46d718045fd51fd41bd6bac02cb14

SHA512
ae920cc782cf9814f872fd72b4a991bf20031eba3f39a9be4d7d70ecce0209c8caa56142798eb1f576d58e001bd93d5fb5a209e3dd0cf3b700f3fb90f4d3bbba

Download Submit
C:\Windows\system\exSUyzD.exe

Filesize
6.0MB

MD5
0c27a235fb4293eb9541198cda579d1a

SHA1
2a93621d6ec8ccf83ab2ee114223a68e9d4b1772

SHA256
421e4e60bb0143c3993822d435b097918b680ae41cbdfaea3a04ad8f8a087645

SHA512
7823ce8d77ad2a3b3ccfd73f04e2e59974a28d4d060a8cf19a702ad7adb191e035c2e260a76f83672abfd4009249dcf2280ea01b4b97008cb8f75f6b93b4a973

Download Submit
C:\Windows\system\jEhWtcw.exe

Filesize
6.0MB

MD5
646e7df914ff88a4003223d3ed885cc4

SHA1
7a9df8d311acd54fef0317e4bcd73900307a9bca

SHA256
da616684b8d056d11f3f4740844c6383fac419dc0f8b9d41e44672948c69dd13

SHA512
01d406881481d194952479a11557784d65167307ea75028ee21178a59b60968599c0d0b6a77cb37b65dcb702e69a7d7fb014f1d029322be6ab1b95e0596d41fd

Download Submit
C:\Windows\system\jhRoggt.exe

Filesize
6.0MB

MD5
8c453865133343f67e3190add7f92e2c

SHA1
76da82c8a22655a94503053168dfa3b96ad43aae

SHA256
6d6ca72cb2c5d4d81081198019680ecae76d02d37f5a807c87df3bcd263bfab3

SHA512
c649dd1a50ea2cab53b16fba426637917c6d8b80ef47bea7823a45588f124c2bf596090c50bf3abd680bfae369072b48f0162a99277a6f79c3960d86f70c70d2

Download Submit
C:\Windows\system\vNezOqy.exe

Filesize
6.0MB

MD5
f22c80531ca01450063526881f95ac4f

SHA1
204de723bc54b5751138e6f8c07a3b47b482e98a

SHA256
8f10c14364185b1e6593dc0b840575938fdcd9a216ace6475fff1afbfb1ecbb7

SHA512
ae818334b7edf401fa13946e57664697c78118d0be7b84c86b5d6c7af583beba91a31058f696892d4a6db5afbf69a1ec91073df96efc70548b9e0fba6c555489

Download Submit
C:\Windows\system\yVBObdu.exe

Filesize
6.0MB

MD5
98b755f7393908ddb180eb44c747ffbf

SHA1
ec984b28ceaab4663226b96be7f2f54ded8e2de9

SHA256
28182d183cbe8964c5a072ca20fa897d5bfebf03aec64618705e37d468f61724

SHA512
62d03627cccd0d998ebe93d85c54cfc5f970d65046f2c709db87174e88627a2e3d18412a154e4e8f7b53709adbc053af084623ef07fb1355de2d2a846fde64bc

Download Submit
C:\Windows\system\yXhmWRF.exe

Filesize
6.0MB

MD5
5c6528989a14f91dc6e46d1488843043

SHA1
6abb2172399df1d601992fb2a0d0065db6b80635

SHA256
a5d051d9e94ab1fe242e4d9db2410516cc886912e6131af10c73c9cf18136c11

SHA512
d1d5837a3ded95a4be90fe36b12dcd750454e23b796fa1f8f75ef65cef02ed7f5f3b4afebb5d86afe6777384c4d729f7571162dac1dbf90902f96a42914efcc6

Download Submit
C:\Windows\system\yaCiXne.exe

Filesize
6.0MB

MD5
640d78aa986d5b0c56abc530bbbd025e

SHA1
272850dd2380275659a883be1d2c416c14fcb8dc

SHA256
f29fac167bfc98002f55e8a46dc5138a06dffb19f857932da23c59346c86782e

SHA512
ae9e6eeca71859cd438eb19bb570e077cbdaf5ec0407c549b44934cbc5e52c4c31b449a3602ebab962adf5d9aaa1a3a1dd4b433213ec2079c30a91e86e0511e9

Download Submit
C:\Windows\system\zolKjHY.exe

Filesize
8B

MD5
df291bcdb8ebdc7240b14dd827f6398f

SHA1
5affc65a790ce656995e39f445b2dfa1d6848c65

SHA256
144f1bfac73422bcb8b83c7b1273e93e2b5f3245068bd656105f2fca31b15f7d

SHA512
e56b89dd2f235ef75da5439f19ca2d42261b414efc1d93983268accfee6e54dd7508bb12579c397372b6b2bfa70f21e2b1f411642303fd76c261a57c09a175d9

Download Submit
\Windows\system\FJoLudI.exe

Filesize
6.0MB

MD5
475e6421026ba3cc7be1f272a9b4158c

SHA1
83c5aff587107dc859cbc7510974fd8f4e9e309b

SHA256
a247a08de5a0e289ccadf855c5b4dd55bdf19d53fea7c4a1fa220efe580512be

SHA512
3138fb20ab36948bda7a74fb359c720eaab298e1cee766382ee82ad074e520ea34b96612466eb18624ffb3162b82108b28cda1e7fe4add37b2a381be62e8252d

Download Submit
\Windows\system\GWaJcuZ.exe

Filesize
6.0MB

MD5
bfbc8801bca7f7015649fbcc5223c20e

SHA1
a8c56fd9ab26223d8adb369965c4b9c27c02b296

SHA256
f60494d3fc9b5ccc73674be282a242caa1fd7c6507273a64862301b902e0f107

SHA512
0d7fc0dcd373f7d27dd3f98eac88fe538b9f68218a92080fabe849509fb5eb526b43d0ddb8e858dd9757a1ccaf18579b849803780d91150659bb0ce47188bdba

Download Submit
\Windows\system\GbwmjZw.exe

Filesize
6.0MB

MD5
c0912e40d4c75b8abf8491956e1edcef

SHA1
00498bb49725daf39b3c1c29401a5a95a1dbb7ef

SHA256
cd3b3f835e17152133698755f430dfe6bfbf9fa5fad90c291f4cd3665f30a418

SHA512
132600bf8e325afa90cf06393f738d857979584109dc0d67fe34c8852d15add4f73e15ce9f73bfabfbd5f6ce739dfaba697006edde7ca16f4f83d9f083df5ed3

Download Submit
\Windows\system\HCduFUa.exe

Filesize
6.0MB

MD5
a572e9e6a859b2457a4dc5227b13993b

SHA1
42d01f794192f99e40e4baa0acd0a68378d0d4dd

SHA256
7405d9a53ac6c2315f065676fc23837242a9a975c383935c9b1be4c89a449fa5

SHA512
4cf0418ed2dae2ee0fd20015447454e3e36d3a462e2009b32d13811327e1c5c75a6b414f9bcac7d71c30fbc4016678452b6b0568cae89bd4e1a2f0a6f734b30b

Download Submit
\Windows\system\QvYQWaR.exe

Filesize
6.0MB

MD5
37d10e9049b1c29345bd520eb1a160da

SHA1
663dc7aa62319388321e73021a926e39cebeb08a

SHA256
b467abbcd4b27946fa90587ed19153906dab313390b72fad526bab8834ab6948

SHA512
d1de6b963c502ca3298b67a26403adf9ad57e8283c5b4912881c1f94e2bfc6316626c02387f52012adc174a7952f6e0061c843fc69839a92d135cea392e69c0d

Download Submit
\Windows\system\SDXhVQE.exe

Filesize
6.0MB

MD5
c49866b7cdbbe4ab63eabc155ab9fe31

SHA1
ee5693285ca2f1902bd6edd6080532385b08f6da

SHA256
3bfed96fc013d4926bc00225c2cc72eec11e3b45a6687045c96095503bfa53f4

SHA512
624761e2995c067792b4e9c1a23a9cdd6d3a81a650f6f10b538373b34187fe357e6280dfd448fa909d223012ed8fdc13ee21d4b04f3e8c4c29a96c34087fa221

Download Submit
\Windows\system\gtcBErp.exe

Filesize
6.0MB

MD5
85e7276df65047a325889c896c437d5d

SHA1
7d256f64cd69d3208f04ef3d20e27e46ee58a049

SHA256
c1c50616e52bc4e0b6c31c9efda3112779ca62fd8824be0f9ddc45ec771f04c7

SHA512
7a99ae8d8ebb5e0e17650e94e2b8f6dff30ba9e875632555ce5b7f0bb14a8bc0c9dad4ab341dd0f0c6f193e3d4ccc5061448deee74bb86f78b4dccb6eef23d2c

Download Submit
\Windows\system\iZdTrUv.exe

Filesize
6.0MB

MD5
2be73f1691c0c1931b6606de81e7a04f

SHA1
eb17ee788b8e8e2094285ab8f52979eacdcfb334

SHA256
5c58a3745e5ab08b105934a96d2c4532d85b48b23b645a69366a01e8da003751

SHA512
36a5e802d377ac30e465927e5d350b5f57cd9d8b3ecba8008b874f8375f74059feca7b306271a9ad039363b0eedafe59871663dd12769564fc24636dd997b11f

Download Submit
\Windows\system\qnnyAEl.exe

Filesize
6.0MB

MD5
039733f4036d8ddf8952b8f87f06eff2

SHA1
0090415b37c7bc2b22d265bee989d5597c5e65bf

SHA256
48584f961618ebca558b8f6aa708bcdf99a6776b79a49ade87615590ba143789

SHA512
e6d10f8659417af044f28526b70937d9c78d5c75d96c128b7a685e6ce0388dd72807b9100f60229c9ae0eda081142f04122d9782f4c26dfc1e14c79cd837e60f

Download Submit
\Windows\system\sZDyGYr.exe

Filesize
6.0MB

MD5
efe1367e0f5744af99cd94c46899c083

SHA1
f5dbfe5b7023dc4cffd7ed1e07e73dba542b513d

SHA256
f94236b2f6e64767ee561d31d35f36cf45b410d7a74c0587e333da0ddb2217cb

SHA512
aba96b1dac149ce077a5d5faaf90dee277d34396baa48e7c3ae94d7d4d2c06d04af36215c85b421970aa14643eb33e2c5b9052a3721e1eb305d4d4c7f910f777

Download Submit
\Windows\system\uXHvTOT.exe

Filesize
6.0MB

MD5
35b574544d325ecca01b6c7e6ac2ebe2

SHA1
1a7d4617cd274971b84ee18eb4055564dd133b57

SHA256
0b7132d866b5cfec7b58e3b98596b8e599ab0f267e2589c1bec3ad02794ff2f4

SHA512
c5cac6453d0006ced78f1f173c5d0b2bf2b6dc73d9399165829840889134e85d03d9e9090e6019c11d5adee262b00fd49812efe1a895c84f58c63abd2cc4dca1

Download Submit
\Windows\system\wRDbYEL.exe

Filesize
6.0MB

MD5
b51b742230aec152ab29b1812f9c7429

SHA1
9251fa8f2d508d07df476c890f62cb3b742417a7

SHA256
aa30fdfef21f0923f1164e5e546edf4a8557aacadc7e7c71370327fd85c19d0f

SHA512
49f86f83a5c4f2e64238e7da105a9fc01c10a8d35ae801474143a5d6ad3c02eb616c00fd64d9a281b28e1e51dd804f77456a1beacc36438ddf0bf92f3d442042

Download Submit
\Windows\system\xhqIAhq.exe

Filesize
6.0MB

MD5
1210cf2f4c08a9f84bddc92739cbad5f

SHA1
9256e281cb70b9610a679c3a5ee3176a3af24249

SHA256
e7dfc7cd86d45388dfa72bfa873901684abf4362aaf57ca5351461a991d76fa0

SHA512
a12f13baa15eb24d5a8c2afa67213b86144772213249529fb2d7feae7b3d3627f28b4da4c33248407f6a14b6cf14fc803d72d3c1b27666a831be2cc64a81aa5b

Download Submit
\Windows\system\zebbomf.exe

Filesize
6.0MB

MD5
c5257e3980efe51c533be9fc4b8cc447

SHA1
41d1f9df8be02da63cf923d6a222ff463b3c2c42

SHA256
1bf69101a5bd121af7dbfe4662c1ec05a85bb5a90331117d483528bf4121ea5c

SHA512
8e074aaa75fc45f5fbdbd1f625129a22acfd544c1039b9f2f2964e0a012fd290bf3349172bc09e41fb166eb4cbaeb14d57d1309693739ad853118cf444ae75be

Download Submit
memory/1456-2602-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1456-74-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1456-99-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1700-2599-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1700-64-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1700-91-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2815-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-83-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-215-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-92-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2104-2866-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2296-372-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2296-89-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2296-56-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2296-87-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2296-80-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2296-76-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2296-45-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-24-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2296-69-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2296-0-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2296-33-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2296-61-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2296-6-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2296-13-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2296-559-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-98-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2296-641-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2296-216-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2296-35-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2340-100-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-2870-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-58-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2684-2601-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2784-2455-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2784-18-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2796-2453-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2796-21-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2796-52-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2860-2600-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-50-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-73-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-2519-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-43-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2458-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2904-19-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2525-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2920-36-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2920-68-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2952-2508-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-28-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-60-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-2925-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-106-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download