cobaltstrike | 9f4c130f30725cb32ea251999bfb1ff2496be52748d654f481045641d6c599ca

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-11-2024 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

5c955ee3ee54af495001c7e946f6953d
SHA1

e96891de9d4862ec99342d4cb450ff59e8be61c4
SHA256

9f4c130f30725cb32ea251999bfb1ff2496be52748d654f481045641d6c599ca
SHA512

27d4e3508c6114b394917386a1ea9c0ec7d8536bc65c14c88f70d104b5e1fc72e0b2f1a21e2d792d36e9bbeaa3ec4179c2919944a4a88c9a2ed04f4a90a87c9a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU6:T+q56utgpPF8u/76

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x000a0000000120d6-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015689-7.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015697-15.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000156b8-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ccf-26.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d0a-41.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d15-45.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016141-50.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000162e4-55.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000164de-66.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001660e-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016b86-91.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cf0-108.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df8-161.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de9-151.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df5-156.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd5-141.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd9-146.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d73-135.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-131.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4c-122.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d68-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d22-114.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ca0-101.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cab-106.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c89-96.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016890-86.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016689-80.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015415-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016399-60.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cfd-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ce4-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 54 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2524-0-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/files/0x000a0000000120d6-6.dat	xmrig
behavioral1/files/0x0009000000015689-7.dat	xmrig
behavioral1/files/0x0008000000015697-15.dat	xmrig
behavioral1/files/0x00080000000156b8-21.dat	xmrig
behavioral1/files/0x0007000000015ccf-26.dat	xmrig
behavioral1/files/0x0008000000015d0a-41.dat	xmrig
behavioral1/files/0x0008000000015d15-45.dat	xmrig
behavioral1/files/0x0006000000016141-50.dat	xmrig
behavioral1/files/0x00060000000162e4-55.dat	xmrig
behavioral1/files/0x00060000000164de-66.dat	xmrig
behavioral1/files/0x000600000001660e-75.dat	xmrig
behavioral1/files/0x0006000000016b86-91.dat	xmrig
behavioral1/files/0x0006000000016cf0-108.dat	xmrig
behavioral1/files/0x0006000000016df8-161.dat	xmrig
behavioral1/memory/2496-2077-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2260-2266-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2808-2304-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/3016-2309-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2192-2331-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2524-2334-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2880-2339-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2524-2013-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2328-2000-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2464-2368-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016de9-151.dat	xmrig
behavioral1/files/0x0006000000016df5-156.dat	xmrig
behavioral1/files/0x0006000000016dd5-141.dat	xmrig
behavioral1/files/0x0006000000016dd9-146.dat	xmrig
behavioral1/files/0x0006000000016d73-135.dat	xmrig
behavioral1/files/0x0006000000016d6f-131.dat	xmrig
behavioral1/files/0x0006000000016d4c-122.dat	xmrig
behavioral1/files/0x0006000000016d68-125.dat	xmrig
behavioral1/files/0x0006000000016d22-114.dat	xmrig
behavioral1/files/0x0006000000016ca0-101.dat	xmrig
behavioral1/files/0x0006000000016cab-106.dat	xmrig
behavioral1/files/0x0006000000016c89-96.dat	xmrig
behavioral1/files/0x0006000000016890-86.dat	xmrig
behavioral1/files/0x0006000000016689-80.dat	xmrig
behavioral1/files/0x0008000000015415-70.dat	xmrig
behavioral1/files/0x0006000000016399-60.dat	xmrig
behavioral1/files/0x0007000000015cfd-36.dat	xmrig
behavioral1/files/0x0007000000015ce4-30.dat	xmrig
behavioral1/memory/2464-2796-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2524-2793-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2260-2817-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2808-2820-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2880-2853-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/3016-2846-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2192-2841-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2600-2834-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2328-2828-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2496-2805-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2524-3143-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

BMIUcnl.exegtiaJum.exeAuOYsra.exeelAjsBb.exeFMzaMTY.exewTAARfW.exeqFZGtHY.exehiryqvD.exeyaPuTvF.exeRgvlSJQ.exemJptEtT.exeAXfVUpj.exeOxYAlFQ.exewJdWeau.exemLkwEnf.exeevHrUVx.exetqBVrnH.exeHoivJoP.exeXoayDML.exeegcQrrJ.exeGivYIjY.exenQFmCVw.exebSWHRzA.exeJAbxilH.exezrcXcRS.exeLRzOqKM.exedISUelP.exeFivJfXa.exenfhEIKQ.exeHdRmLOM.exewEsuOuO.exeeqYeLnJ.exePMYimao.exeqjmgCkp.exetcWlhtK.exeCPqYLoW.exeukZIOmQ.exeeSCAsVk.exeHAjfpdK.exePpfBMsW.exeUQaLDmQ.exepdcqvMj.execPCStrc.exeAEcEatd.exeyofyZOt.exeGXGjyCg.exememKLOj.exeCDRnmsC.exeXDvJqzf.exeirEZIEu.exezwYtUcc.exeyJUBzVB.exeDjTflHS.exexNLxBWj.exewWlDDur.exeYyzXPZV.exeDvnifRm.exeFUIVGcD.exeQbaWetZ.exeuEjAXOW.exefwgGdFU.exeaWwIVqo.exeQjwLOuM.exejwvAGMO.exe

pid	Process
2464	BMIUcnl.exe
2328	gtiaJum.exe
2496	AuOYsra.exe
2260	elAjsBb.exe
2808	FMzaMTY.exe
3016	wTAARfW.exe
2192	qFZGtHY.exe
2880	hiryqvD.exe
2760	yaPuTvF.exe
2924	RgvlSJQ.exe
2736	mJptEtT.exe
2600	AXfVUpj.exe
2644	OxYAlFQ.exe
2312	wJdWeau.exe
2212	mLkwEnf.exe
2008	evHrUVx.exe
2820	tqBVrnH.exe
2920	HoivJoP.exe
2564	XoayDML.exe
576	egcQrrJ.exe
2968	GivYIjY.exe
2016	nQFmCVw.exe
316	bSWHRzA.exe
1996	JAbxilH.exe
2548	zrcXcRS.exe
584	LRzOqKM.exe
1516	dISUelP.exe
1240	FivJfXa.exe
1872	nfhEIKQ.exe
2400	HdRmLOM.exe
2320	wEsuOuO.exe
2108	eqYeLnJ.exe
1272	PMYimao.exe
1108	qjmgCkp.exe
1376	tcWlhtK.exe
1056	CPqYLoW.exe
1884	ukZIOmQ.exe
1332	eSCAsVk.exe
1792	HAjfpdK.exe
1540	PpfBMsW.exe
2276	UQaLDmQ.exe
1668	pdcqvMj.exe
1556	cPCStrc.exe
940	AEcEatd.exe
2976	yofyZOt.exe
1732	GXGjyCg.exe
1804	memKLOj.exe
1936	CDRnmsC.exe
2992	XDvJqzf.exe
3056	irEZIEu.exe
1888	zwYtUcc.exe
988	yJUBzVB.exe
1752	DjTflHS.exe
552	xNLxBWj.exe
880	wWlDDur.exe
1244	YyzXPZV.exe
1604	DvnifRm.exe
1644	FUIVGcD.exe
2216	QbaWetZ.exe
1268	uEjAXOW.exe
1808	fwgGdFU.exe
2848	aWwIVqo.exe
2708	QjwLOuM.exe
2476	jwvAGMO.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 51 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2524-0-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/files/0x000a0000000120d6-6.dat	upx
behavioral1/files/0x0009000000015689-7.dat	upx
behavioral1/files/0x0008000000015697-15.dat	upx
behavioral1/files/0x00080000000156b8-21.dat	upx
behavioral1/files/0x0007000000015ccf-26.dat	upx
behavioral1/files/0x0008000000015d0a-41.dat	upx
behavioral1/files/0x0008000000015d15-45.dat	upx
behavioral1/files/0x0006000000016141-50.dat	upx
behavioral1/files/0x00060000000162e4-55.dat	upx
behavioral1/files/0x00060000000164de-66.dat	upx
behavioral1/files/0x000600000001660e-75.dat	upx
behavioral1/files/0x0006000000016b86-91.dat	upx
behavioral1/files/0x0006000000016cf0-108.dat	upx
behavioral1/files/0x0006000000016df8-161.dat	upx
behavioral1/memory/2496-2077-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2260-2266-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2808-2304-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/3016-2309-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2192-2331-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2880-2339-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2328-2000-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2464-2368-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x0006000000016de9-151.dat	upx
behavioral1/files/0x0006000000016df5-156.dat	upx
behavioral1/files/0x0006000000016dd5-141.dat	upx
behavioral1/files/0x0006000000016dd9-146.dat	upx
behavioral1/files/0x0006000000016d73-135.dat	upx
behavioral1/files/0x0006000000016d6f-131.dat	upx
behavioral1/files/0x0006000000016d4c-122.dat	upx
behavioral1/files/0x0006000000016d68-125.dat	upx
behavioral1/files/0x0006000000016d22-114.dat	upx
behavioral1/files/0x0006000000016ca0-101.dat	upx
behavioral1/files/0x0006000000016cab-106.dat	upx
behavioral1/files/0x0006000000016c89-96.dat	upx
behavioral1/files/0x0006000000016890-86.dat	upx
behavioral1/files/0x0006000000016689-80.dat	upx
behavioral1/files/0x0008000000015415-70.dat	upx
behavioral1/files/0x0006000000016399-60.dat	upx
behavioral1/files/0x0007000000015cfd-36.dat	upx
behavioral1/files/0x0007000000015ce4-30.dat	upx
behavioral1/memory/2464-2796-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2524-2793-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2260-2817-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2808-2820-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2880-2853-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/3016-2846-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2192-2841-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2600-2834-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2328-2828-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2496-2805-0x000000013F040000-0x000000013F394000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\aIFgPTT.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BQgvnVD.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wrnuLJV.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\POOMyrT.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EhDnjHh.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CznGXfL.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dxWrhmy.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xSlsXpt.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dpIwyJf.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JZazlbY.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WERZCEn.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpeQbqm.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DZbjnJv.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NTvLuUx.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VozpsbT.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNGVMPB.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RdeFRRX.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MHoredH.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sazOFHC.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RkvCmwi.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DOwkjjh.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CEcJykW.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZKGzylx.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eVNjsZw.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tWLFLFN.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKOxaKt.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xPdfTXc.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KTFlDkq.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JDKiMgZ.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PswySCE.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GPhvvyo.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JSGnDwQ.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zfawhGp.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vUqKLvL.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\elAjsBb.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QzIWFPe.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aGrnQGQ.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GNQtDGD.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dIeOpax.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jpsNPuT.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVmRasT.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qciEKlN.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzFGZpS.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jqjwoqT.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hpPpXSw.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TCsEPDg.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XkSyvMR.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PMYimao.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CDRnmsC.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wyYcflF.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DioDpGB.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOfssem.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wlNNWsU.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mKYXOhG.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wRksZGr.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNdItJL.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CuDJkZn.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LVBafoQ.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSXzajS.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CjRgtBd.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kvllDZF.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVOWzSi.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ScoabUJ.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xwiBaIa.exe	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 2524 wrote to memory of 2464	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2524 wrote to memory of 2464	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2524 wrote to memory of 2464	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2524 wrote to memory of 2328	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2524 wrote to memory of 2328	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2524 wrote to memory of 2328	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2524 wrote to memory of 2496	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2524 wrote to memory of 2496	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2524 wrote to memory of 2496	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2524 wrote to memory of 2260	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2524 wrote to memory of 2260	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2524 wrote to memory of 2260	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2524 wrote to memory of 2808	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2524 wrote to memory of 2808	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2524 wrote to memory of 2808	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2524 wrote to memory of 3016	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2524 wrote to memory of 3016	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2524 wrote to memory of 3016	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2524 wrote to memory of 2192	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2524 wrote to memory of 2192	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2524 wrote to memory of 2192	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2524 wrote to memory of 2880	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2524 wrote to memory of 2880	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2524 wrote to memory of 2880	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2524 wrote to memory of 2760	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2524 wrote to memory of 2760	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2524 wrote to memory of 2760	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2524 wrote to memory of 2924	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2524 wrote to memory of 2924	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2524 wrote to memory of 2924	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2524 wrote to memory of 2736	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2524 wrote to memory of 2736	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2524 wrote to memory of 2736	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2524 wrote to memory of 2600	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2524 wrote to memory of 2600	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2524 wrote to memory of 2600	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2524 wrote to memory of 2644	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2524 wrote to memory of 2644	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2524 wrote to memory of 2644	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2524 wrote to memory of 2312	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2524 wrote to memory of 2312	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2524 wrote to memory of 2312	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2524 wrote to memory of 2212	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2524 wrote to memory of 2212	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2524 wrote to memory of 2212	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2524 wrote to memory of 2008	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2524 wrote to memory of 2008	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2524 wrote to memory of 2008	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2524 wrote to memory of 2820	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2524 wrote to memory of 2820	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2524 wrote to memory of 2820	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2524 wrote to memory of 2920	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2524 wrote to memory of 2920	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2524 wrote to memory of 2920	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2524 wrote to memory of 2564	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2524 wrote to memory of 2564	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2524 wrote to memory of 2564	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2524 wrote to memory of 576	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2524 wrote to memory of 576	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2524 wrote to memory of 576	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2524 wrote to memory of 2968	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2524 wrote to memory of 2968	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2524 wrote to memory of 2968	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2524 wrote to memory of 316	2524	2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-18_5c955ee3ee54af495001c7e946f6953d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Windows\System\BMIUcnl.exe
  C:\Windows\System\BMIUcnl.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\gtiaJum.exe
  C:\Windows\System\gtiaJum.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\AuOYsra.exe
  C:\Windows\System\AuOYsra.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\elAjsBb.exe
  C:\Windows\System\elAjsBb.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\FMzaMTY.exe
  C:\Windows\System\FMzaMTY.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\wTAARfW.exe
  C:\Windows\System\wTAARfW.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\qFZGtHY.exe
  C:\Windows\System\qFZGtHY.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\hiryqvD.exe
  C:\Windows\System\hiryqvD.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\yaPuTvF.exe
  C:\Windows\System\yaPuTvF.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\RgvlSJQ.exe
  C:\Windows\System\RgvlSJQ.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\mJptEtT.exe
  C:\Windows\System\mJptEtT.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\AXfVUpj.exe
  C:\Windows\System\AXfVUpj.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\OxYAlFQ.exe
  C:\Windows\System\OxYAlFQ.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\wJdWeau.exe
  C:\Windows\System\wJdWeau.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\mLkwEnf.exe
  C:\Windows\System\mLkwEnf.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\evHrUVx.exe
  C:\Windows\System\evHrUVx.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\tqBVrnH.exe
  C:\Windows\System\tqBVrnH.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\HoivJoP.exe
  C:\Windows\System\HoivJoP.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\XoayDML.exe
  C:\Windows\System\XoayDML.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\egcQrrJ.exe
  C:\Windows\System\egcQrrJ.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\GivYIjY.exe
  C:\Windows\System\GivYIjY.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\bSWHRzA.exe
  C:\Windows\System\bSWHRzA.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\nQFmCVw.exe
  C:\Windows\System\nQFmCVw.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\JAbxilH.exe
  C:\Windows\System\JAbxilH.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\zrcXcRS.exe
  C:\Windows\System\zrcXcRS.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\LRzOqKM.exe
  C:\Windows\System\LRzOqKM.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\dISUelP.exe
  C:\Windows\System\dISUelP.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\FivJfXa.exe
  C:\Windows\System\FivJfXa.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\nfhEIKQ.exe
  C:\Windows\System\nfhEIKQ.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\HdRmLOM.exe
  C:\Windows\System\HdRmLOM.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\wEsuOuO.exe
  C:\Windows\System\wEsuOuO.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\eqYeLnJ.exe
  C:\Windows\System\eqYeLnJ.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\PMYimao.exe
  C:\Windows\System\PMYimao.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\qjmgCkp.exe
  C:\Windows\System\qjmgCkp.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\tcWlhtK.exe
  C:\Windows\System\tcWlhtK.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\ukZIOmQ.exe
  C:\Windows\System\ukZIOmQ.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\CPqYLoW.exe
  C:\Windows\System\CPqYLoW.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\eSCAsVk.exe
  C:\Windows\System\eSCAsVk.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\HAjfpdK.exe
  C:\Windows\System\HAjfpdK.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\PpfBMsW.exe
  C:\Windows\System\PpfBMsW.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\UQaLDmQ.exe
  C:\Windows\System\UQaLDmQ.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\pdcqvMj.exe
  C:\Windows\System\pdcqvMj.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\cPCStrc.exe
  C:\Windows\System\cPCStrc.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\AEcEatd.exe
  C:\Windows\System\AEcEatd.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\yofyZOt.exe
  C:\Windows\System\yofyZOt.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\GXGjyCg.exe
  C:\Windows\System\GXGjyCg.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\memKLOj.exe
  C:\Windows\System\memKLOj.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\CDRnmsC.exe
  C:\Windows\System\CDRnmsC.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\XDvJqzf.exe
  C:\Windows\System\XDvJqzf.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\irEZIEu.exe
  C:\Windows\System\irEZIEu.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\zwYtUcc.exe
  C:\Windows\System\zwYtUcc.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\yJUBzVB.exe
  C:\Windows\System\yJUBzVB.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\DjTflHS.exe
  C:\Windows\System\DjTflHS.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\xNLxBWj.exe
  C:\Windows\System\xNLxBWj.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\wWlDDur.exe
  C:\Windows\System\wWlDDur.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\FUIVGcD.exe
  C:\Windows\System\FUIVGcD.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\YyzXPZV.exe
  C:\Windows\System\YyzXPZV.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\uEjAXOW.exe
  C:\Windows\System\uEjAXOW.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\DvnifRm.exe
  C:\Windows\System\DvnifRm.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\fwgGdFU.exe
  C:\Windows\System\fwgGdFU.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\QbaWetZ.exe
  C:\Windows\System\QbaWetZ.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\aWwIVqo.exe
  C:\Windows\System\aWwIVqo.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\QjwLOuM.exe
  C:\Windows\System\QjwLOuM.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\jwvAGMO.exe
  C:\Windows\System\jwvAGMO.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\ZCutXhC.exe
  C:\Windows\System\ZCutXhC.exe
  2⤵
  PID:2768
- C:\Windows\System\QwdVwCd.exe
  C:\Windows\System\QwdVwCd.exe
  2⤵
  PID:2612
- C:\Windows\System\GBOAZuA.exe
  C:\Windows\System\GBOAZuA.exe
  2⤵
  PID:2156
- C:\Windows\System\GePPXqd.exe
  C:\Windows\System\GePPXqd.exe
  2⤵
  PID:592
- C:\Windows\System\MosCPDQ.exe
  C:\Windows\System\MosCPDQ.exe
  2⤵
  PID:1944
- C:\Windows\System\hrBGavh.exe
  C:\Windows\System\hrBGavh.exe
  2⤵
  PID:264
- C:\Windows\System\QEAAucu.exe
  C:\Windows\System\QEAAucu.exe
  2⤵
  PID:2844
- C:\Windows\System\jQjstrp.exe
  C:\Windows\System\jQjstrp.exe
  2⤵
  PID:1264
- C:\Windows\System\cZvmKJk.exe
  C:\Windows\System\cZvmKJk.exe
  2⤵
  PID:1028
- C:\Windows\System\BTZOCeh.exe
  C:\Windows\System\BTZOCeh.exe
  2⤵
  PID:1012
- C:\Windows\System\MWGhGba.exe
  C:\Windows\System\MWGhGba.exe
  2⤵
  PID:2080
- C:\Windows\System\STIbuXn.exe
  C:\Windows\System\STIbuXn.exe
  2⤵
  PID:1512
- C:\Windows\System\YetKSXI.exe
  C:\Windows\System\YetKSXI.exe
  2⤵
  PID:2132
- C:\Windows\System\KcgrCeW.exe
  C:\Windows\System\KcgrCeW.exe
  2⤵
  PID:1132
- C:\Windows\System\xpzoXGF.exe
  C:\Windows\System\xpzoXGF.exe
  2⤵
  PID:2868
- C:\Windows\System\qWHWOOW.exe
  C:\Windows\System\qWHWOOW.exe
  2⤵
  PID:344
- C:\Windows\System\bkUYiIQ.exe
  C:\Windows\System\bkUYiIQ.exe
  2⤵
  PID:1684
- C:\Windows\System\DPmdvdZ.exe
  C:\Windows\System\DPmdvdZ.exe
  2⤵
  PID:1552
- C:\Windows\System\rNYzQlG.exe
  C:\Windows\System\rNYzQlG.exe
  2⤵
  PID:1700
- C:\Windows\System\JablsFG.exe
  C:\Windows\System\JablsFG.exe
  2⤵
  PID:1656
- C:\Windows\System\AZrlsHS.exe
  C:\Windows\System\AZrlsHS.exe
  2⤵
  PID:1544
- C:\Windows\System\RgxrSHc.exe
  C:\Windows\System\RgxrSHc.exe
  2⤵
  PID:2368
- C:\Windows\System\QDKXYnv.exe
  C:\Windows\System\QDKXYnv.exe
  2⤵
  PID:560
- C:\Windows\System\XaYyvCo.exe
  C:\Windows\System\XaYyvCo.exe
  2⤵
  PID:1768
- C:\Windows\System\pinfscO.exe
  C:\Windows\System\pinfscO.exe
  2⤵
  PID:856
- C:\Windows\System\TVyzlkc.exe
  C:\Windows\System\TVyzlkc.exe
  2⤵
  PID:1820
- C:\Windows\System\wyYcflF.exe
  C:\Windows\System\wyYcflF.exe
  2⤵
  PID:3044
- C:\Windows\System\KqHizyH.exe
  C:\Windows\System\KqHizyH.exe
  2⤵
  PID:1508
- C:\Windows\System\hYvpAgG.exe
  C:\Windows\System\hYvpAgG.exe
  2⤵
  PID:2488
- C:\Windows\System\YgeqBbl.exe
  C:\Windows\System\YgeqBbl.exe
  2⤵
  PID:276
- C:\Windows\System\wdRAUNw.exe
  C:\Windows\System\wdRAUNw.exe
  2⤵
  PID:2748
- C:\Windows\System\BIfYiDI.exe
  C:\Windows\System\BIfYiDI.exe
  2⤵
  PID:3004
- C:\Windows\System\cGMdXSX.exe
  C:\Windows\System\cGMdXSX.exe
  2⤵
  PID:2988
- C:\Windows\System\QDULEnj.exe
  C:\Windows\System\QDULEnj.exe
  2⤵
  PID:2656
- C:\Windows\System\qtJZhzk.exe
  C:\Windows\System\qtJZhzk.exe
  2⤵
  PID:2056
- C:\Windows\System\DTOELUa.exe
  C:\Windows\System\DTOELUa.exe
  2⤵
  PID:1196
- C:\Windows\System\ZvIFulb.exe
  C:\Windows\System\ZvIFulb.exe
  2⤵
  PID:2700
- C:\Windows\System\wixBATK.exe
  C:\Windows\System\wixBATK.exe
  2⤵
  PID:760
- C:\Windows\System\FuVlpRM.exe
  C:\Windows\System\FuVlpRM.exe
  2⤵
  PID:2096
- C:\Windows\System\QJRzKDj.exe
  C:\Windows\System\QJRzKDj.exe
  2⤵
  PID:1492
- C:\Windows\System\qRaZqUD.exe
  C:\Windows\System\qRaZqUD.exe
  2⤵
  PID:1256
- C:\Windows\System\lBmVohx.exe
  C:\Windows\System\lBmVohx.exe
  2⤵
  PID:2472
- C:\Windows\System\mEEsHKM.exe
  C:\Windows\System\mEEsHKM.exe
  2⤵
  PID:836
- C:\Windows\System\VnNvdrm.exe
  C:\Windows\System\VnNvdrm.exe
  2⤵
  PID:3020
- C:\Windows\System\SXrwdmo.exe
  C:\Windows\System\SXrwdmo.exe
  2⤵
  PID:1696
- C:\Windows\System\DhMVnKU.exe
  C:\Windows\System\DhMVnKU.exe
  2⤵
  PID:2996
- C:\Windows\System\bEHNzns.exe
  C:\Windows\System\bEHNzns.exe
  2⤵
  PID:1648
- C:\Windows\System\qxBYMBV.exe
  C:\Windows\System\qxBYMBV.exe
  2⤵
  PID:1840
- C:\Windows\System\tFNjjyi.exe
  C:\Windows\System\tFNjjyi.exe
  2⤵
  PID:1744
- C:\Windows\System\ovKgZfY.exe
  C:\Windows\System\ovKgZfY.exe
  2⤵
  PID:1504
- C:\Windows\System\ZnAeoAH.exe
  C:\Windows\System\ZnAeoAH.exe
  2⤵
  PID:1824
- C:\Windows\System\Hwghutk.exe
  C:\Windows\System\Hwghutk.exe
  2⤵
  PID:2692
- C:\Windows\System\CqkvlHW.exe
  C:\Windows\System\CqkvlHW.exe
  2⤵
  PID:2956
- C:\Windows\System\wYHNBMe.exe
  C:\Windows\System\wYHNBMe.exe
  2⤵
  PID:2620
- C:\Windows\System\ccOxMLP.exe
  C:\Windows\System\ccOxMLP.exe
  2⤵
  PID:1052
- C:\Windows\System\ZAjuiHj.exe
  C:\Windows\System\ZAjuiHj.exe
  2⤵
  PID:2364
- C:\Windows\System\dUyoDoN.exe
  C:\Windows\System\dUyoDoN.exe
  2⤵
  PID:2032
- C:\Windows\System\aUHPYpz.exe
  C:\Windows\System\aUHPYpz.exe
  2⤵
  PID:2964
- C:\Windows\System\ZpFYphX.exe
  C:\Windows\System\ZpFYphX.exe
  2⤵
  PID:2580
- C:\Windows\System\izkBkYy.exe
  C:\Windows\System\izkBkYy.exe
  2⤵
  PID:1632
- C:\Windows\System\UVmABtP.exe
  C:\Windows\System\UVmABtP.exe
  2⤵
  PID:1384
- C:\Windows\System\WoRlzWu.exe
  C:\Windows\System\WoRlzWu.exe
  2⤵
  PID:684
- C:\Windows\System\dpzYWjl.exe
  C:\Windows\System\dpzYWjl.exe
  2⤵
  PID:1836
- C:\Windows\System\ZVWkqhu.exe
  C:\Windows\System\ZVWkqhu.exe
  2⤵
  PID:2484
- C:\Windows\System\zyXIHCH.exe
  C:\Windows\System\zyXIHCH.exe
  2⤵
  PID:3084
- C:\Windows\System\POOMyrT.exe
  C:\Windows\System\POOMyrT.exe
  2⤵
  PID:3104
- C:\Windows\System\xwDYcrK.exe
  C:\Windows\System\xwDYcrK.exe
  2⤵
  PID:3124
- C:\Windows\System\sJVCGmt.exe
  C:\Windows\System\sJVCGmt.exe
  2⤵
  PID:3140
- C:\Windows\System\kDuSfJT.exe
  C:\Windows\System\kDuSfJT.exe
  2⤵
  PID:3160
- C:\Windows\System\oUizACa.exe
  C:\Windows\System\oUizACa.exe
  2⤵
  PID:3180
- C:\Windows\System\BdmTvgN.exe
  C:\Windows\System\BdmTvgN.exe
  2⤵
  PID:3200
- C:\Windows\System\VOluSpK.exe
  C:\Windows\System\VOluSpK.exe
  2⤵
  PID:3220
- C:\Windows\System\dRLJVzP.exe
  C:\Windows\System\dRLJVzP.exe
  2⤵
  PID:3236
- C:\Windows\System\kuQcFdE.exe
  C:\Windows\System\kuQcFdE.exe
  2⤵
  PID:3252
- C:\Windows\System\CPUJlbg.exe
  C:\Windows\System\CPUJlbg.exe
  2⤵
  PID:3268
- C:\Windows\System\TIhzhFI.exe
  C:\Windows\System\TIhzhFI.exe
  2⤵
  PID:3284
- C:\Windows\System\afvByKu.exe
  C:\Windows\System\afvByKu.exe
  2⤵
  PID:3308
- C:\Windows\System\aNOfPtf.exe
  C:\Windows\System\aNOfPtf.exe
  2⤵
  PID:3328
- C:\Windows\System\iUiKhBg.exe
  C:\Windows\System\iUiKhBg.exe
  2⤵
  PID:3344
- C:\Windows\System\SQfahtS.exe
  C:\Windows\System\SQfahtS.exe
  2⤵
  PID:3364
- C:\Windows\System\DbvGKNa.exe
  C:\Windows\System\DbvGKNa.exe
  2⤵
  PID:3384
- C:\Windows\System\KhTrjLS.exe
  C:\Windows\System\KhTrjLS.exe
  2⤵
  PID:3408
- C:\Windows\System\YtiJgZw.exe
  C:\Windows\System\YtiJgZw.exe
  2⤵
  PID:3432
- C:\Windows\System\vfVBBTg.exe
  C:\Windows\System\vfVBBTg.exe
  2⤵
  PID:3456
- C:\Windows\System\HzBLiwH.exe
  C:\Windows\System\HzBLiwH.exe
  2⤵
  PID:3472
- C:\Windows\System\KVAmAeA.exe
  C:\Windows\System\KVAmAeA.exe
  2⤵
  PID:3504
- C:\Windows\System\nMXPpEA.exe
  C:\Windows\System\nMXPpEA.exe
  2⤵
  PID:3524
- C:\Windows\System\GUFfjAg.exe
  C:\Windows\System\GUFfjAg.exe
  2⤵
  PID:3544
- C:\Windows\System\QHKygqC.exe
  C:\Windows\System\QHKygqC.exe
  2⤵
  PID:3564
- C:\Windows\System\kZaFbEf.exe
  C:\Windows\System\kZaFbEf.exe
  2⤵
  PID:3584
- C:\Windows\System\fYnoOVv.exe
  C:\Windows\System\fYnoOVv.exe
  2⤵
  PID:3604
- C:\Windows\System\pPDeShe.exe
  C:\Windows\System\pPDeShe.exe
  2⤵
  PID:3624
- C:\Windows\System\jsqLOcc.exe
  C:\Windows\System\jsqLOcc.exe
  2⤵
  PID:3644
- C:\Windows\System\LdrpjPs.exe
  C:\Windows\System\LdrpjPs.exe
  2⤵
  PID:3664
- C:\Windows\System\vUqJXwY.exe
  C:\Windows\System\vUqJXwY.exe
  2⤵
  PID:3684
- C:\Windows\System\IBHqnNV.exe
  C:\Windows\System\IBHqnNV.exe
  2⤵
  PID:3704
- C:\Windows\System\DLTMxQj.exe
  C:\Windows\System\DLTMxQj.exe
  2⤵
  PID:3724
- C:\Windows\System\SPXvhbx.exe
  C:\Windows\System\SPXvhbx.exe
  2⤵
  PID:3744
- C:\Windows\System\LVMOUXl.exe
  C:\Windows\System\LVMOUXl.exe
  2⤵
  PID:3764
- C:\Windows\System\yjuKMGY.exe
  C:\Windows\System\yjuKMGY.exe
  2⤵
  PID:3784
- C:\Windows\System\lySksEM.exe
  C:\Windows\System\lySksEM.exe
  2⤵
  PID:3804
- C:\Windows\System\YYbFMht.exe
  C:\Windows\System\YYbFMht.exe
  2⤵
  PID:3824
- C:\Windows\System\AKfKSFs.exe
  C:\Windows\System\AKfKSFs.exe
  2⤵
  PID:3844
- C:\Windows\System\Mpdxygs.exe
  C:\Windows\System\Mpdxygs.exe
  2⤵
  PID:3864
- C:\Windows\System\CIiBZeX.exe
  C:\Windows\System\CIiBZeX.exe
  2⤵
  PID:3884
- C:\Windows\System\gvxRfxK.exe
  C:\Windows\System\gvxRfxK.exe
  2⤵
  PID:3904
- C:\Windows\System\oEqDcuA.exe
  C:\Windows\System\oEqDcuA.exe
  2⤵
  PID:3924
- C:\Windows\System\gbxgPBY.exe
  C:\Windows\System\gbxgPBY.exe
  2⤵
  PID:3944
- C:\Windows\System\KOksMof.exe
  C:\Windows\System\KOksMof.exe
  2⤵
  PID:3964
- C:\Windows\System\XQGqHNS.exe
  C:\Windows\System\XQGqHNS.exe
  2⤵
  PID:3984
- C:\Windows\System\pQkOMcG.exe
  C:\Windows\System\pQkOMcG.exe
  2⤵
  PID:4004
- C:\Windows\System\OHGHNRO.exe
  C:\Windows\System\OHGHNRO.exe
  2⤵
  PID:4024
- C:\Windows\System\yNdItJL.exe
  C:\Windows\System\yNdItJL.exe
  2⤵
  PID:4044
- C:\Windows\System\GPevkoA.exe
  C:\Windows\System\GPevkoA.exe
  2⤵
  PID:4064
- C:\Windows\System\klusnDB.exe
  C:\Windows\System\klusnDB.exe
  2⤵
  PID:4084
- C:\Windows\System\lewEhBV.exe
  C:\Windows\System\lewEhBV.exe
  2⤵
  PID:1152
- C:\Windows\System\kYqDopk.exe
  C:\Windows\System\kYqDopk.exe
  2⤵
  PID:2676
- C:\Windows\System\WiXkxSB.exe
  C:\Windows\System\WiXkxSB.exe
  2⤵
  PID:628
- C:\Windows\System\XcLmaUx.exe
  C:\Windows\System\XcLmaUx.exe
  2⤵
  PID:1800
- C:\Windows\System\WYjrhlH.exe
  C:\Windows\System\WYjrhlH.exe
  2⤵
  PID:2052
- C:\Windows\System\DIlRDvm.exe
  C:\Windows\System\DIlRDvm.exe
  2⤵
  PID:3092
- C:\Windows\System\XIbgPKQ.exe
  C:\Windows\System\XIbgPKQ.exe
  2⤵
  PID:3136
- C:\Windows\System\oCtfKbi.exe
  C:\Windows\System\oCtfKbi.exe
  2⤵
  PID:3028
- C:\Windows\System\ATDKcrd.exe
  C:\Windows\System\ATDKcrd.exe
  2⤵
  PID:3172
- C:\Windows\System\sgbXTMx.exe
  C:\Windows\System\sgbXTMx.exe
  2⤵
  PID:3208
- C:\Windows\System\MbRWsOp.exe
  C:\Windows\System\MbRWsOp.exe
  2⤵
  PID:3276
- C:\Windows\System\BltojMD.exe
  C:\Windows\System\BltojMD.exe
  2⤵
  PID:3152
- C:\Windows\System\cCqhhIR.exe
  C:\Windows\System\cCqhhIR.exe
  2⤵
  PID:3316
- C:\Windows\System\YzDmCmC.exe
  C:\Windows\System\YzDmCmC.exe
  2⤵
  PID:3352
- C:\Windows\System\jIwktPc.exe
  C:\Windows\System\jIwktPc.exe
  2⤵
  PID:3392
- C:\Windows\System\YyglhWS.exe
  C:\Windows\System\YyglhWS.exe
  2⤵
  PID:3264
- C:\Windows\System\QSbjJBi.exe
  C:\Windows\System\QSbjJBi.exe
  2⤵
  PID:3452
- C:\Windows\System\gSlTNUa.exe
  C:\Windows\System\gSlTNUa.exe
  2⤵
  PID:3376
- C:\Windows\System\VOJumyL.exe
  C:\Windows\System\VOJumyL.exe
  2⤵
  PID:3428
- C:\Windows\System\TkIyvUa.exe
  C:\Windows\System\TkIyvUa.exe
  2⤵
  PID:3492
- C:\Windows\System\gMTVdNi.exe
  C:\Windows\System\gMTVdNi.exe
  2⤵
  PID:3468
- C:\Windows\System\EPqfwEc.exe
  C:\Windows\System\EPqfwEc.exe
  2⤵
  PID:3552
- C:\Windows\System\YBXChtW.exe
  C:\Windows\System\YBXChtW.exe
  2⤵
  PID:3576
- C:\Windows\System\MrfCjEB.exe
  C:\Windows\System\MrfCjEB.exe
  2⤵
  PID:3620
- C:\Windows\System\tfMiXDG.exe
  C:\Windows\System\tfMiXDG.exe
  2⤵
  PID:3652
- C:\Windows\System\cnjhUXc.exe
  C:\Windows\System\cnjhUXc.exe
  2⤵
  PID:3680
- C:\Windows\System\VjDNkEe.exe
  C:\Windows\System\VjDNkEe.exe
  2⤵
  PID:3732
- C:\Windows\System\ixgCcwM.exe
  C:\Windows\System\ixgCcwM.exe
  2⤵
  PID:3772
- C:\Windows\System\WulDThd.exe
  C:\Windows\System\WulDThd.exe
  2⤵
  PID:3756
- C:\Windows\System\schqtOV.exe
  C:\Windows\System\schqtOV.exe
  2⤵
  PID:3796
- C:\Windows\System\erNulLi.exe
  C:\Windows\System\erNulLi.exe
  2⤵
  PID:3860
- C:\Windows\System\plDDyuN.exe
  C:\Windows\System\plDDyuN.exe
  2⤵
  PID:3892
- C:\Windows\System\LBufzIr.exe
  C:\Windows\System\LBufzIr.exe
  2⤵
  PID:3932
- C:\Windows\System\eRbelqQ.exe
  C:\Windows\System\eRbelqQ.exe
  2⤵
  PID:3952
- C:\Windows\System\orNwLee.exe
  C:\Windows\System\orNwLee.exe
  2⤵
  PID:3976
- C:\Windows\System\YzTBTtq.exe
  C:\Windows\System\YzTBTtq.exe
  2⤵
  PID:4000
- C:\Windows\System\UqvdVsn.exe
  C:\Windows\System\UqvdVsn.exe
  2⤵
  PID:4032
- C:\Windows\System\RFHoAtU.exe
  C:\Windows\System\RFHoAtU.exe
  2⤵
  PID:2864
- C:\Windows\System\oIXcnCt.exe
  C:\Windows\System\oIXcnCt.exe
  2⤵
  PID:2020
- C:\Windows\System\CxAtXkA.exe
  C:\Windows\System\CxAtXkA.exe
  2⤵
  PID:2816
- C:\Windows\System\tilpGwp.exe
  C:\Windows\System\tilpGwp.exe
  2⤵
  PID:2852
- C:\Windows\System\pgCmHRN.exe
  C:\Windows\System\pgCmHRN.exe
  2⤵
  PID:888
- C:\Windows\System\kzzPkTI.exe
  C:\Windows\System\kzzPkTI.exe
  2⤵
  PID:2412
- C:\Windows\System\YoWsVrt.exe
  C:\Windows\System\YoWsVrt.exe
  2⤵
  PID:816
- C:\Windows\System\fKcoida.exe
  C:\Windows\System\fKcoida.exe
  2⤵
  PID:3280
- C:\Windows\System\ZZkBOjw.exe
  C:\Windows\System\ZZkBOjw.exe
  2⤵
  PID:3296
- C:\Windows\System\MDLDXea.exe
  C:\Windows\System\MDLDXea.exe
  2⤵
  PID:3192
- C:\Windows\System\YJEfQEN.exe
  C:\Windows\System\YJEfQEN.exe
  2⤵
  PID:3232
- C:\Windows\System\TQdTxLf.exe
  C:\Windows\System\TQdTxLf.exe
  2⤵
  PID:3420
- C:\Windows\System\xFKvXYU.exe
  C:\Windows\System\xFKvXYU.exe
  2⤵
  PID:3500
- C:\Windows\System\inQkUGV.exe
  C:\Windows\System\inQkUGV.exe
  2⤵
  PID:3580
- C:\Windows\System\ijcyXZJ.exe
  C:\Windows\System\ijcyXZJ.exe
  2⤵
  PID:3600
- C:\Windows\System\tQWwwbg.exe
  C:\Windows\System\tQWwwbg.exe
  2⤵
  PID:3596
- C:\Windows\System\YhMkUDt.exe
  C:\Windows\System\YhMkUDt.exe
  2⤵
  PID:3712
- C:\Windows\System\gCFKNaa.exe
  C:\Windows\System\gCFKNaa.exe
  2⤵
  PID:3752
- C:\Windows\System\mEqeLYm.exe
  C:\Windows\System\mEqeLYm.exe
  2⤵
  PID:3736
- C:\Windows\System\lwsNOXC.exe
  C:\Windows\System\lwsNOXC.exe
  2⤵
  PID:3880
- C:\Windows\System\yQGMlsY.exe
  C:\Windows\System\yQGMlsY.exe
  2⤵
  PID:3960
- C:\Windows\System\kJXywIJ.exe
  C:\Windows\System\kJXywIJ.exe
  2⤵
  PID:3956
- C:\Windows\System\lqDetpl.exe
  C:\Windows\System\lqDetpl.exe
  2⤵
  PID:3992
- C:\Windows\System\ltESQSf.exe
  C:\Windows\System\ltESQSf.exe
  2⤵
  PID:4092
- C:\Windows\System\hvtgyfg.exe
  C:\Windows\System\hvtgyfg.exe
  2⤵
  PID:1692
- C:\Windows\System\EPiaZXQ.exe
  C:\Windows\System\EPiaZXQ.exe
  2⤵
  PID:1008
- C:\Windows\System\zLpmQvh.exe
  C:\Windows\System\zLpmQvh.exe
  2⤵
  PID:3076
- C:\Windows\System\uxfNhkG.exe
  C:\Windows\System\uxfNhkG.exe
  2⤵
  PID:3116
- C:\Windows\System\LuFYlsK.exe
  C:\Windows\System\LuFYlsK.exe
  2⤵
  PID:3400
- C:\Windows\System\RlSpJHB.exe
  C:\Windows\System\RlSpJHB.exe
  2⤵
  PID:3260
- C:\Windows\System\vmamIFH.exe
  C:\Windows\System\vmamIFH.exe
  2⤵
  PID:3372
- C:\Windows\System\GTYxWUq.exe
  C:\Windows\System\GTYxWUq.exe
  2⤵
  PID:3516
- C:\Windows\System\DBaXzNB.exe
  C:\Windows\System\DBaXzNB.exe
  2⤵
  PID:3740
- C:\Windows\System\YbUFcxf.exe
  C:\Windows\System\YbUFcxf.exe
  2⤵
  PID:3832
- C:\Windows\System\sraWAOQ.exe
  C:\Windows\System\sraWAOQ.exe
  2⤵
  PID:3900
- C:\Windows\System\MtZSjZN.exe
  C:\Windows\System\MtZSjZN.exe
  2⤵
  PID:3916
- C:\Windows\System\oyyqqkl.exe
  C:\Windows\System\oyyqqkl.exe
  2⤵
  PID:4112
- C:\Windows\System\ARtlGKh.exe
  C:\Windows\System\ARtlGKh.exe
  2⤵
  PID:4132
- C:\Windows\System\fmTjnRO.exe
  C:\Windows\System\fmTjnRO.exe
  2⤵
  PID:4152
- C:\Windows\System\DHQetIs.exe
  C:\Windows\System\DHQetIs.exe
  2⤵
  PID:4168
- C:\Windows\System\SyrSVOm.exe
  C:\Windows\System\SyrSVOm.exe
  2⤵
  PID:4192
- C:\Windows\System\rdnpnYB.exe
  C:\Windows\System\rdnpnYB.exe
  2⤵
  PID:4212
- C:\Windows\System\WQbPkua.exe
  C:\Windows\System\WQbPkua.exe
  2⤵
  PID:4232
- C:\Windows\System\rQTHlwQ.exe
  C:\Windows\System\rQTHlwQ.exe
  2⤵
  PID:4252
- C:\Windows\System\YJOMqJD.exe
  C:\Windows\System\YJOMqJD.exe
  2⤵
  PID:4268
- C:\Windows\System\sPsTRVq.exe
  C:\Windows\System\sPsTRVq.exe
  2⤵
  PID:4292
- C:\Windows\System\UMkfYMz.exe
  C:\Windows\System\UMkfYMz.exe
  2⤵
  PID:4312
- C:\Windows\System\nSKcrmi.exe
  C:\Windows\System\nSKcrmi.exe
  2⤵
  PID:4332
- C:\Windows\System\xzYIfNm.exe
  C:\Windows\System\xzYIfNm.exe
  2⤵
  PID:4348
- C:\Windows\System\MDAxPjc.exe
  C:\Windows\System\MDAxPjc.exe
  2⤵
  PID:4372
- C:\Windows\System\KbYnTLd.exe
  C:\Windows\System\KbYnTLd.exe
  2⤵
  PID:4388
- C:\Windows\System\drDAWIV.exe
  C:\Windows\System\drDAWIV.exe
  2⤵
  PID:4412
- C:\Windows\System\CPgNwBm.exe
  C:\Windows\System\CPgNwBm.exe
  2⤵
  PID:4432
- C:\Windows\System\hTsGtTp.exe
  C:\Windows\System\hTsGtTp.exe
  2⤵
  PID:4452
- C:\Windows\System\fXhWbqi.exe
  C:\Windows\System\fXhWbqi.exe
  2⤵
  PID:4472
- C:\Windows\System\VIEgzHT.exe
  C:\Windows\System\VIEgzHT.exe
  2⤵
  PID:4492
- C:\Windows\System\MGjhYOd.exe
  C:\Windows\System\MGjhYOd.exe
  2⤵
  PID:4512
- C:\Windows\System\KgpuVYl.exe
  C:\Windows\System\KgpuVYl.exe
  2⤵
  PID:4532
- C:\Windows\System\Whgexld.exe
  C:\Windows\System\Whgexld.exe
  2⤵
  PID:4552
- C:\Windows\System\gRCvkxP.exe
  C:\Windows\System\gRCvkxP.exe
  2⤵
  PID:4572
- C:\Windows\System\lPbGXfD.exe
  C:\Windows\System\lPbGXfD.exe
  2⤵
  PID:4592
- C:\Windows\System\VDtNFRd.exe
  C:\Windows\System\VDtNFRd.exe
  2⤵
  PID:4612
- C:\Windows\System\LQPmJlh.exe
  C:\Windows\System\LQPmJlh.exe
  2⤵
  PID:4628
- C:\Windows\System\TjfMMqS.exe
  C:\Windows\System\TjfMMqS.exe
  2⤵
  PID:4652
- C:\Windows\System\NFYkNWT.exe
  C:\Windows\System\NFYkNWT.exe
  2⤵
  PID:4672
- C:\Windows\System\NQtDxRD.exe
  C:\Windows\System\NQtDxRD.exe
  2⤵
  PID:4692
- C:\Windows\System\JqdPXgv.exe
  C:\Windows\System\JqdPXgv.exe
  2⤵
  PID:4708
- C:\Windows\System\UHmyxyy.exe
  C:\Windows\System\UHmyxyy.exe
  2⤵
  PID:4736
- C:\Windows\System\YQDptsB.exe
  C:\Windows\System\YQDptsB.exe
  2⤵
  PID:4752
- C:\Windows\System\fzmsKzA.exe
  C:\Windows\System\fzmsKzA.exe
  2⤵
  PID:4772
- C:\Windows\System\DGBuUVW.exe
  C:\Windows\System\DGBuUVW.exe
  2⤵
  PID:4796
- C:\Windows\System\KaagUGa.exe
  C:\Windows\System\KaagUGa.exe
  2⤵
  PID:4816
- C:\Windows\System\QJNVsJv.exe
  C:\Windows\System\QJNVsJv.exe
  2⤵
  PID:4836
- C:\Windows\System\OiBcwiO.exe
  C:\Windows\System\OiBcwiO.exe
  2⤵
  PID:4856
- C:\Windows\System\MhuJqAI.exe
  C:\Windows\System\MhuJqAI.exe
  2⤵
  PID:4876
- C:\Windows\System\zDjevEY.exe
  C:\Windows\System\zDjevEY.exe
  2⤵
  PID:4896
- C:\Windows\System\FnTipBf.exe
  C:\Windows\System\FnTipBf.exe
  2⤵
  PID:4916
- C:\Windows\System\alYhUPq.exe
  C:\Windows\System\alYhUPq.exe
  2⤵
  PID:4936
- C:\Windows\System\yiIdIpI.exe
  C:\Windows\System\yiIdIpI.exe
  2⤵
  PID:4952
- C:\Windows\System\qUcoRbn.exe
  C:\Windows\System\qUcoRbn.exe
  2⤵
  PID:4976
- C:\Windows\System\czSiDHb.exe
  C:\Windows\System\czSiDHb.exe
  2⤵
  PID:4992
- C:\Windows\System\wcjDMFZ.exe
  C:\Windows\System\wcjDMFZ.exe
  2⤵
  PID:5012
- C:\Windows\System\IgXCgcE.exe
  C:\Windows\System\IgXCgcE.exe
  2⤵
  PID:5032
- C:\Windows\System\NvKUhgC.exe
  C:\Windows\System\NvKUhgC.exe
  2⤵
  PID:5052
- C:\Windows\System\aFxIEJp.exe
  C:\Windows\System\aFxIEJp.exe
  2⤵
  PID:5076
- C:\Windows\System\UQSclaN.exe
  C:\Windows\System\UQSclaN.exe
  2⤵
  PID:5096
- C:\Windows\System\rpWddZp.exe
  C:\Windows\System\rpWddZp.exe
  2⤵
  PID:5116
- C:\Windows\System\KSANFoa.exe
  C:\Windows\System\KSANFoa.exe
  2⤵
  PID:4020
- C:\Windows\System\maHuUpf.exe
  C:\Windows\System\maHuUpf.exe
  2⤵
  PID:2092
- C:\Windows\System\uGYekLS.exe
  C:\Windows\System\uGYekLS.exe
  2⤵
  PID:2872
- C:\Windows\System\ScoabUJ.exe
  C:\Windows\System\ScoabUJ.exe
  2⤵
  PID:3360
- C:\Windows\System\dFwVAPd.exe
  C:\Windows\System\dFwVAPd.exe
  2⤵
  PID:3640
- C:\Windows\System\eLBKUWj.exe
  C:\Windows\System\eLBKUWj.exe
  2⤵
  PID:3692
- C:\Windows\System\zlwsxrT.exe
  C:\Windows\System\zlwsxrT.exe
  2⤵
  PID:3672
- C:\Windows\System\Jxhkemm.exe
  C:\Windows\System\Jxhkemm.exe
  2⤵
  PID:3852
- C:\Windows\System\TqyIFoI.exe
  C:\Windows\System\TqyIFoI.exe
  2⤵
  PID:4100
- C:\Windows\System\urKRQWU.exe
  C:\Windows\System\urKRQWU.exe
  2⤵
  PID:4148
- C:\Windows\System\gmjGPNK.exe
  C:\Windows\System\gmjGPNK.exe
  2⤵
  PID:4200
- C:\Windows\System\XoUqgXm.exe
  C:\Windows\System\XoUqgXm.exe
  2⤵
  PID:4184
- C:\Windows\System\mtWpjHH.exe
  C:\Windows\System\mtWpjHH.exe
  2⤵
  PID:4224
- C:\Windows\System\oXBVAJU.exe
  C:\Windows\System\oXBVAJU.exe
  2⤵
  PID:4320
- C:\Windows\System\CEvjsKK.exe
  C:\Windows\System\CEvjsKK.exe
  2⤵
  PID:4328
- C:\Windows\System\rBrsUNy.exe
  C:\Windows\System\rBrsUNy.exe
  2⤵
  PID:4368
- C:\Windows\System\GPCjbqV.exe
  C:\Windows\System\GPCjbqV.exe
  2⤵
  PID:4340
- C:\Windows\System\XzhNVaL.exe
  C:\Windows\System\XzhNVaL.exe
  2⤵
  PID:4448
- C:\Windows\System\HmjmqTM.exe
  C:\Windows\System\HmjmqTM.exe
  2⤵
  PID:4460
- C:\Windows\System\pBbtqUI.exe
  C:\Windows\System\pBbtqUI.exe
  2⤵
  PID:4520
- C:\Windows\System\XkrqcXT.exe
  C:\Windows\System\XkrqcXT.exe
  2⤵
  PID:4508
- C:\Windows\System\EbziAIw.exe
  C:\Windows\System\EbziAIw.exe
  2⤵
  PID:4560
- C:\Windows\System\xhtIPrV.exe
  C:\Windows\System\xhtIPrV.exe
  2⤵
  PID:4604
- C:\Windows\System\HZYThTu.exe
  C:\Windows\System\HZYThTu.exe
  2⤵
  PID:4636
- C:\Windows\System\NLTcOhE.exe
  C:\Windows\System\NLTcOhE.exe
  2⤵
  PID:4680
- C:\Windows\System\oohPDSt.exe
  C:\Windows\System\oohPDSt.exe
  2⤵
  PID:4720
- C:\Windows\System\sNqhYDo.exe
  C:\Windows\System\sNqhYDo.exe
  2⤵
  PID:4760
- C:\Windows\System\QHlmZrQ.exe
  C:\Windows\System\QHlmZrQ.exe
  2⤵
  PID:4744
- C:\Windows\System\QtRwpJy.exe
  C:\Windows\System\QtRwpJy.exe
  2⤵
  PID:4812
- C:\Windows\System\BvihWxW.exe
  C:\Windows\System\BvihWxW.exe
  2⤵
  PID:4852
- C:\Windows\System\kcnVyNC.exe
  C:\Windows\System\kcnVyNC.exe
  2⤵
  PID:4884
- C:\Windows\System\CTOzBcJ.exe
  C:\Windows\System\CTOzBcJ.exe
  2⤵
  PID:4868
- C:\Windows\System\OJcGBmQ.exe
  C:\Windows\System\OJcGBmQ.exe
  2⤵
  PID:4908
- C:\Windows\System\XOvrIGK.exe
  C:\Windows\System\XOvrIGK.exe
  2⤵
  PID:4944
- C:\Windows\System\HBdrDXD.exe
  C:\Windows\System\HBdrDXD.exe
  2⤵
  PID:5004
- C:\Windows\System\XdKpMZd.exe
  C:\Windows\System\XdKpMZd.exe
  2⤵
  PID:5044
- C:\Windows\System\hOOHiut.exe
  C:\Windows\System\hOOHiut.exe
  2⤵
  PID:5020
- C:\Windows\System\YoYCchl.exe
  C:\Windows\System\YoYCchl.exe
  2⤵
  PID:5068
- C:\Windows\System\LwBgbvl.exe
  C:\Windows\System\LwBgbvl.exe
  2⤵
  PID:5108
- C:\Windows\System\tCxBPil.exe
  C:\Windows\System\tCxBPil.exe
  2⤵
  PID:2716
- C:\Windows\System\GMoTTez.exe
  C:\Windows\System\GMoTTez.exe
  2⤵
  PID:3248
- C:\Windows\System\rfQmJAc.exe
  C:\Windows\System\rfQmJAc.exe
  2⤵
  PID:3416
- C:\Windows\System\aSEOdSL.exe
  C:\Windows\System\aSEOdSL.exe
  2⤵
  PID:3488
- C:\Windows\System\EaAZIev.exe
  C:\Windows\System\EaAZIev.exe
  2⤵
  PID:3820
- C:\Windows\System\RJfepIw.exe
  C:\Windows\System\RJfepIw.exe
  2⤵
  PID:4208
- C:\Windows\System\eMxdKUw.exe
  C:\Windows\System\eMxdKUw.exe
  2⤵
  PID:4220
- C:\Windows\System\IRoLoWW.exe
  C:\Windows\System\IRoLoWW.exe
  2⤵
  PID:4280
- C:\Windows\System\EhDnjHh.exe
  C:\Windows\System\EhDnjHh.exe
  2⤵
  PID:4300
- C:\Windows\System\FiZwDhx.exe
  C:\Windows\System\FiZwDhx.exe
  2⤵
  PID:4356
- C:\Windows\System\uLJjlye.exe
  C:\Windows\System\uLJjlye.exe
  2⤵
  PID:4384
- C:\Windows\System\MxUeWrF.exe
  C:\Windows\System\MxUeWrF.exe
  2⤵
  PID:4488
- C:\Windows\System\mQQcHkS.exe
  C:\Windows\System\mQQcHkS.exe
  2⤵
  PID:4580
- C:\Windows\System\UMYodpG.exe
  C:\Windows\System\UMYodpG.exe
  2⤵
  PID:4624
- C:\Windows\System\NZZPwtx.exe
  C:\Windows\System\NZZPwtx.exe
  2⤵
  PID:4668
- C:\Windows\System\crXNtvU.exe
  C:\Windows\System\crXNtvU.exe
  2⤵
  PID:4732
- C:\Windows\System\gObOxQr.exe
  C:\Windows\System\gObOxQr.exe
  2⤵
  PID:4704
- C:\Windows\System\KmfUDNx.exe
  C:\Windows\System\KmfUDNx.exe
  2⤵
  PID:4792
- C:\Windows\System\SbzaTci.exe
  C:\Windows\System\SbzaTci.exe
  2⤵
  PID:4932
- C:\Windows\System\ctZVuxP.exe
  C:\Windows\System\ctZVuxP.exe
  2⤵
  PID:5008
- C:\Windows\System\nYJmjZl.exe
  C:\Windows\System\nYJmjZl.exe
  2⤵
  PID:4964
- C:\Windows\System\ionFfBf.exe
  C:\Windows\System\ionFfBf.exe
  2⤵
  PID:5028
- C:\Windows\System\OLapFkl.exe
  C:\Windows\System\OLapFkl.exe
  2⤵
  PID:5104
- C:\Windows\System\WERZCEn.exe
  C:\Windows\System\WERZCEn.exe
  2⤵
  PID:3132
- C:\Windows\System\MKUauZa.exe
  C:\Windows\System\MKUauZa.exe
  2⤵
  PID:3716
- C:\Windows\System\qvQdsIp.exe
  C:\Windows\System\qvQdsIp.exe
  2⤵
  PID:4144
- C:\Windows\System\tTNnljD.exe
  C:\Windows\System\tTNnljD.exe
  2⤵
  PID:4244
- C:\Windows\System\sVTHJpM.exe
  C:\Windows\System\sVTHJpM.exe
  2⤵
  PID:4204
- C:\Windows\System\FGBtAfA.exe
  C:\Windows\System\FGBtAfA.exe
  2⤵
  PID:4360
- C:\Windows\System\WrxMkud.exe
  C:\Windows\System\WrxMkud.exe
  2⤵
  PID:4380
- C:\Windows\System\igqFBBb.exe
  C:\Windows\System\igqFBBb.exe
  2⤵
  PID:4644
- C:\Windows\System\DXlHWUx.exe
  C:\Windows\System\DXlHWUx.exe
  2⤵
  PID:4688
- C:\Windows\System\CuDJkZn.exe
  C:\Windows\System\CuDJkZn.exe
  2⤵
  PID:4824
- C:\Windows\System\UBJouic.exe
  C:\Windows\System\UBJouic.exe
  2⤵
  PID:4864
- C:\Windows\System\PIyxMPJ.exe
  C:\Windows\System\PIyxMPJ.exe
  2⤵
  PID:4788
- C:\Windows\System\BhTcgHE.exe
  C:\Windows\System\BhTcgHE.exe
  2⤵
  PID:5040
- C:\Windows\System\OlQjTmW.exe
  C:\Windows\System\OlQjTmW.exe
  2⤵
  PID:1948
- C:\Windows\System\qeiGjlh.exe
  C:\Windows\System\qeiGjlh.exe
  2⤵
  PID:4124
- C:\Windows\System\JNKxIxz.exe
  C:\Windows\System\JNKxIxz.exe
  2⤵
  PID:5140
- C:\Windows\System\SURzvhl.exe
  C:\Windows\System\SURzvhl.exe
  2⤵
  PID:5164
- C:\Windows\System\FlHUpgo.exe
  C:\Windows\System\FlHUpgo.exe
  2⤵
  PID:5184
- C:\Windows\System\hfyCQOW.exe
  C:\Windows\System\hfyCQOW.exe
  2⤵
  PID:5204
- C:\Windows\System\eRPOFCJ.exe
  C:\Windows\System\eRPOFCJ.exe
  2⤵
  PID:5220
- C:\Windows\System\obsEwnn.exe
  C:\Windows\System\obsEwnn.exe
  2⤵
  PID:5244
- C:\Windows\System\xyoAiAq.exe
  C:\Windows\System\xyoAiAq.exe
  2⤵
  PID:5264
- C:\Windows\System\CSKTYNf.exe
  C:\Windows\System\CSKTYNf.exe
  2⤵
  PID:5284
- C:\Windows\System\QdakNMs.exe
  C:\Windows\System\QdakNMs.exe
  2⤵
  PID:5300
- C:\Windows\System\YwyXtuS.exe
  C:\Windows\System\YwyXtuS.exe
  2⤵
  PID:5324
- C:\Windows\System\MZaNXKS.exe
  C:\Windows\System\MZaNXKS.exe
  2⤵
  PID:5344
- C:\Windows\System\YvwJoGG.exe
  C:\Windows\System\YvwJoGG.exe
  2⤵
  PID:5364
- C:\Windows\System\NSqwqmV.exe
  C:\Windows\System\NSqwqmV.exe
  2⤵
  PID:5384
- C:\Windows\System\AudpDco.exe
  C:\Windows\System\AudpDco.exe
  2⤵
  PID:5404
- C:\Windows\System\fikYBpm.exe
  C:\Windows\System\fikYBpm.exe
  2⤵
  PID:5424
- C:\Windows\System\QQqbQub.exe
  C:\Windows\System\QQqbQub.exe
  2⤵
  PID:5444
- C:\Windows\System\fexrmrx.exe
  C:\Windows\System\fexrmrx.exe
  2⤵
  PID:5464
- C:\Windows\System\xPdfTXc.exe
  C:\Windows\System\xPdfTXc.exe
  2⤵
  PID:5488
- C:\Windows\System\QdJMcGw.exe
  C:\Windows\System\QdJMcGw.exe
  2⤵
  PID:5508
- C:\Windows\System\CCdklPd.exe
  C:\Windows\System\CCdklPd.exe
  2⤵
  PID:5528
- C:\Windows\System\XAGLkpl.exe
  C:\Windows\System\XAGLkpl.exe
  2⤵
  PID:5548
- C:\Windows\System\Paecrwx.exe
  C:\Windows\System\Paecrwx.exe
  2⤵
  PID:5568
- C:\Windows\System\MAuqATH.exe
  C:\Windows\System\MAuqATH.exe
  2⤵
  PID:5584
- C:\Windows\System\PZYITaL.exe
  C:\Windows\System\PZYITaL.exe
  2⤵
  PID:5600
- C:\Windows\System\nRSXSZT.exe
  C:\Windows\System\nRSXSZT.exe
  2⤵
  PID:5624
- C:\Windows\System\gzfdONG.exe
  C:\Windows\System\gzfdONG.exe
  2⤵
  PID:5640
- C:\Windows\System\MlzjSNG.exe
  C:\Windows\System\MlzjSNG.exe
  2⤵
  PID:5664
- C:\Windows\System\FBSjfHk.exe
  C:\Windows\System\FBSjfHk.exe
  2⤵
  PID:5680
- C:\Windows\System\GebMdpp.exe
  C:\Windows\System\GebMdpp.exe
  2⤵
  PID:5700
- C:\Windows\System\vdMrDtO.exe
  C:\Windows\System\vdMrDtO.exe
  2⤵
  PID:5724
- C:\Windows\System\YHogkRx.exe
  C:\Windows\System\YHogkRx.exe
  2⤵
  PID:5744
- C:\Windows\System\JpmdhOD.exe
  C:\Windows\System\JpmdhOD.exe
  2⤵
  PID:5764
- C:\Windows\System\QzIWFPe.exe
  C:\Windows\System\QzIWFPe.exe
  2⤵
  PID:5784
- C:\Windows\System\khNhzZd.exe
  C:\Windows\System\khNhzZd.exe
  2⤵
  PID:5804
- C:\Windows\System\nPgiWRl.exe
  C:\Windows\System\nPgiWRl.exe
  2⤵
  PID:5824
- C:\Windows\System\QqtsVBH.exe
  C:\Windows\System\QqtsVBH.exe
  2⤵
  PID:5844
- C:\Windows\System\eetoPYb.exe
  C:\Windows\System\eetoPYb.exe
  2⤵
  PID:5864
- C:\Windows\System\SMDkrWT.exe
  C:\Windows\System\SMDkrWT.exe
  2⤵
  PID:5880
- C:\Windows\System\jjAvOjP.exe
  C:\Windows\System\jjAvOjP.exe
  2⤵
  PID:5904
- C:\Windows\System\sakUqpg.exe
  C:\Windows\System\sakUqpg.exe
  2⤵
  PID:5920
- C:\Windows\System\RbwYyCD.exe
  C:\Windows\System\RbwYyCD.exe
  2⤵
  PID:5948
- C:\Windows\System\dIKLZPw.exe
  C:\Windows\System\dIKLZPw.exe
  2⤵
  PID:5968
- C:\Windows\System\sAJqyaX.exe
  C:\Windows\System\sAJqyaX.exe
  2⤵
  PID:5988
- C:\Windows\System\bRTFEoT.exe
  C:\Windows\System\bRTFEoT.exe
  2⤵
  PID:6004
- C:\Windows\System\uVmRasT.exe
  C:\Windows\System\uVmRasT.exe
  2⤵
  PID:6024
- C:\Windows\System\InhcyEI.exe
  C:\Windows\System\InhcyEI.exe
  2⤵
  PID:6048
- C:\Windows\System\prsIYYt.exe
  C:\Windows\System\prsIYYt.exe
  2⤵
  PID:6068
- C:\Windows\System\iSohuxO.exe
  C:\Windows\System\iSohuxO.exe
  2⤵
  PID:6088
- C:\Windows\System\rEXHdNI.exe
  C:\Windows\System\rEXHdNI.exe
  2⤵
  PID:6108
- C:\Windows\System\yOrQYSx.exe
  C:\Windows\System\yOrQYSx.exe
  2⤵
  PID:6128
- C:\Windows\System\LVBafoQ.exe
  C:\Windows\System\LVBafoQ.exe
  2⤵
  PID:3520
- C:\Windows\System\ecqCFiH.exe
  C:\Windows\System\ecqCFiH.exe
  2⤵
  PID:3912
- C:\Windows\System\XtuzDUc.exe
  C:\Windows\System\XtuzDUc.exe
  2⤵
  PID:4420
- C:\Windows\System\zwHscYl.exe
  C:\Windows\System\zwHscYl.exe
  2⤵
  PID:4500
- C:\Windows\System\kubqPEm.exe
  C:\Windows\System\kubqPEm.exe
  2⤵
  PID:4468
- C:\Windows\System\GzqlsIS.exe
  C:\Windows\System\GzqlsIS.exe
  2⤵
  PID:4684
- C:\Windows\System\VdpkJRa.exe
  C:\Windows\System\VdpkJRa.exe
  2⤵
  PID:4584
- C:\Windows\System\ojdgOkB.exe
  C:\Windows\System\ojdgOkB.exe
  2⤵
  PID:5084
- C:\Windows\System\hEQwrhx.exe
  C:\Windows\System\hEQwrhx.exe
  2⤵
  PID:4972
- C:\Windows\System\hzmYVWB.exe
  C:\Windows\System\hzmYVWB.exe
  2⤵
  PID:5200
- C:\Windows\System\peYvNET.exe
  C:\Windows\System\peYvNET.exe
  2⤵
  PID:5176
- C:\Windows\System\jzAXTaZ.exe
  C:\Windows\System\jzAXTaZ.exe
  2⤵
  PID:5212
- C:\Windows\System\CNkUUaa.exe
  C:\Windows\System\CNkUUaa.exe
  2⤵
  PID:5260
- C:\Windows\System\kwJODyc.exe
  C:\Windows\System\kwJODyc.exe
  2⤵
  PID:5312
- C:\Windows\System\lVQaBGF.exe
  C:\Windows\System\lVQaBGF.exe
  2⤵
  PID:5296
- C:\Windows\System\tnWnxLU.exe
  C:\Windows\System\tnWnxLU.exe
  2⤵
  PID:5392
- C:\Windows\System\RjxyWYC.exe
  C:\Windows\System\RjxyWYC.exe
  2⤵
  PID:5380
- C:\Windows\System\lfXcLPW.exe
  C:\Windows\System\lfXcLPW.exe
  2⤵
  PID:5484
- C:\Windows\System\ilLPgtI.exe
  C:\Windows\System\ilLPgtI.exe
  2⤵
  PID:5524
- C:\Windows\System\IkyDMBh.exe
  C:\Windows\System\IkyDMBh.exe
  2⤵
  PID:5460
- C:\Windows\System\kLrwLtf.exe
  C:\Windows\System\kLrwLtf.exe
  2⤵
  PID:5596
- C:\Windows\System\rpQrIQN.exe
  C:\Windows\System\rpQrIQN.exe
  2⤵
  PID:5632
- C:\Windows\System\ALxcAGj.exe
  C:\Windows\System\ALxcAGj.exe
  2⤵
  PID:5676
- C:\Windows\System\Cpypkzs.exe
  C:\Windows\System\Cpypkzs.exe
  2⤵
  PID:5608
- C:\Windows\System\jZAKkpz.exe
  C:\Windows\System\jZAKkpz.exe
  2⤵
  PID:5712
- C:\Windows\System\krvGQYj.exe
  C:\Windows\System\krvGQYj.exe
  2⤵
  PID:5796
- C:\Windows\System\tvFBSCK.exe
  C:\Windows\System\tvFBSCK.exe
  2⤵
  PID:5660
- C:\Windows\System\IvBqUvj.exe
  C:\Windows\System\IvBqUvj.exe
  2⤵
  PID:5740
- C:\Windows\System\pBnEXtA.exe
  C:\Windows\System\pBnEXtA.exe
  2⤵
  PID:5776
- C:\Windows\System\HpeQbqm.exe
  C:\Windows\System\HpeQbqm.exe
  2⤵
  PID:5876
- C:\Windows\System\iYFJlWA.exe
  C:\Windows\System\iYFJlWA.exe
  2⤵
  PID:5916
- C:\Windows\System\YkDYsRy.exe
  C:\Windows\System\YkDYsRy.exe
  2⤵
  PID:5956
- C:\Windows\System\cBjzHLt.exe
  C:\Windows\System\cBjzHLt.exe
  2⤵
  PID:5932
- C:\Windows\System\aGrnQGQ.exe
  C:\Windows\System\aGrnQGQ.exe
  2⤵
  PID:5996
- C:\Windows\System\ZLpqnwA.exe
  C:\Windows\System\ZLpqnwA.exe
  2⤵
  PID:5976
- C:\Windows\System\TmVBZuZ.exe
  C:\Windows\System\TmVBZuZ.exe
  2⤵
  PID:6084
- C:\Windows\System\peySGfp.exe
  C:\Windows\System\peySGfp.exe
  2⤵
  PID:6056
- C:\Windows\System\nSeNRmn.exe
  C:\Windows\System\nSeNRmn.exe
  2⤵
  PID:6064
- C:\Windows\System\DhpYWGk.exe
  C:\Windows\System\DhpYWGk.exe
  2⤵
  PID:4240
- C:\Windows\System\bElmwXZ.exe
  C:\Windows\System\bElmwXZ.exe
  2⤵
  PID:4440
- C:\Windows\System\ivvAIVs.exe
  C:\Windows\System\ivvAIVs.exe
  2⤵
  PID:4120
- C:\Windows\System\UtxjxFv.exe
  C:\Windows\System\UtxjxFv.exe
  2⤵
  PID:4620
- C:\Windows\System\YfxMyKv.exe
  C:\Windows\System\YfxMyKv.exe
  2⤵
  PID:4396
- C:\Windows\System\YLOsENx.exe
  C:\Windows\System\YLOsENx.exe
  2⤵
  PID:5152
- C:\Windows\System\PjtAePu.exe
  C:\Windows\System\PjtAePu.exe
  2⤵
  PID:5240
- C:\Windows\System\evhqpXD.exe
  C:\Windows\System\evhqpXD.exe
  2⤵
  PID:5132
- C:\Windows\System\HhhzGmv.exe
  C:\Windows\System\HhhzGmv.exe
  2⤵
  PID:5272
- C:\Windows\System\BKydJfK.exe
  C:\Windows\System\BKydJfK.exe
  2⤵
  PID:5356
- C:\Windows\System\ExoEtOv.exe
  C:\Windows\System\ExoEtOv.exe
  2⤵
  PID:5396
- C:\Windows\System\kdjqFvZ.exe
  C:\Windows\System\kdjqFvZ.exe
  2⤵
  PID:5556
- C:\Windows\System\kiHflNN.exe
  C:\Windows\System\kiHflNN.exe
  2⤵
  PID:5560
- C:\Windows\System\RmcHmbk.exe
  C:\Windows\System\RmcHmbk.exe
  2⤵
  PID:5576
- C:\Windows\System\syVrTPk.exe
  C:\Windows\System\syVrTPk.exe
  2⤵
  PID:5672
- C:\Windows\System\yqQIIZw.exe
  C:\Windows\System\yqQIIZw.exe
  2⤵
  PID:5620
- C:\Windows\System\qttNaNz.exe
  C:\Windows\System\qttNaNz.exe
  2⤵
  PID:5648
- C:\Windows\System\buvcinQ.exe
  C:\Windows\System\buvcinQ.exe
  2⤵
  PID:5872
- C:\Windows\System\ecHIYFB.exe
  C:\Windows\System\ecHIYFB.exe
  2⤵
  PID:5772
- C:\Windows\System\FzEfPxb.exe
  C:\Windows\System\FzEfPxb.exe
  2⤵
  PID:2668
- C:\Windows\System\FcpTKrV.exe
  C:\Windows\System\FcpTKrV.exe
  2⤵
  PID:5984
- C:\Windows\System\kgmvEjJ.exe
  C:\Windows\System\kgmvEjJ.exe
  2⤵
  PID:5888
- C:\Windows\System\wusxzkA.exe
  C:\Windows\System\wusxzkA.exe
  2⤵
  PID:6120
- C:\Windows\System\UWjkexV.exe
  C:\Windows\System\UWjkexV.exe
  2⤵
  PID:5112
- C:\Windows\System\QIqxCzy.exe
  C:\Windows\System\QIqxCzy.exe
  2⤵
  PID:6100
- C:\Windows\System\kNUaFvg.exe
  C:\Windows\System\kNUaFvg.exe
  2⤵
  PID:4284
- C:\Windows\System\PtlUdnY.exe
  C:\Windows\System\PtlUdnY.exe
  2⤵
  PID:5172
- C:\Windows\System\CQYrouA.exe
  C:\Windows\System\CQYrouA.exe
  2⤵
  PID:4960
- C:\Windows\System\CxWxlxq.exe
  C:\Windows\System\CxWxlxq.exe
  2⤵
  PID:5360
- C:\Windows\System\BiweuhF.exe
  C:\Windows\System\BiweuhF.exe
  2⤵
  PID:5308
- C:\Windows\System\UrCLUnj.exe
  C:\Windows\System\UrCLUnj.exe
  2⤵
  PID:5536
- C:\Windows\System\PNRJMxh.exe
  C:\Windows\System\PNRJMxh.exe
  2⤵
  PID:5500
- C:\Windows\System\MFlLCjs.exe
  C:\Windows\System\MFlLCjs.exe
  2⤵
  PID:5544
- C:\Windows\System\hkEbnbG.exe
  C:\Windows\System\hkEbnbG.exe
  2⤵
  PID:5652
- C:\Windows\System\RxoKhwE.exe
  C:\Windows\System\RxoKhwE.exe
  2⤵
  PID:5732
- C:\Windows\System\mdPRegg.exe
  C:\Windows\System\mdPRegg.exe
  2⤵
  PID:5912
- C:\Windows\System\SNOJFti.exe
  C:\Windows\System\SNOJFti.exe
  2⤵
  PID:5964
- C:\Windows\System\UZSalvu.exe
  C:\Windows\System\UZSalvu.exe
  2⤵
  PID:6040
- C:\Windows\System\toyKXYV.exe
  C:\Windows\System\toyKXYV.exe
  2⤵
  PID:4832
- C:\Windows\System\FZXQjfZ.exe
  C:\Windows\System\FZXQjfZ.exe
  2⤵
  PID:4564
- C:\Windows\System\OCzcxUW.exe
  C:\Windows\System\OCzcxUW.exe
  2⤵
  PID:5372
- C:\Windows\System\JmygnJV.exe
  C:\Windows\System\JmygnJV.exe
  2⤵
  PID:5352
- C:\Windows\System\LuDbXDS.exe
  C:\Windows\System\LuDbXDS.exe
  2⤵
  PID:5564
- C:\Windows\System\wqdUwGQ.exe
  C:\Windows\System\wqdUwGQ.exe
  2⤵
  PID:6160
- C:\Windows\System\FaTmobt.exe
  C:\Windows\System\FaTmobt.exe
  2⤵
  PID:6180
- C:\Windows\System\EEquCER.exe
  C:\Windows\System\EEquCER.exe
  2⤵
  PID:6204
- C:\Windows\System\vPmszgL.exe
  C:\Windows\System\vPmszgL.exe
  2⤵
  PID:6224
- C:\Windows\System\SaBqEJD.exe
  C:\Windows\System\SaBqEJD.exe
  2⤵
  PID:6244
- C:\Windows\System\tcGIJat.exe
  C:\Windows\System\tcGIJat.exe
  2⤵
  PID:6264
- C:\Windows\System\ZkZFfJz.exe
  C:\Windows\System\ZkZFfJz.exe
  2⤵
  PID:6284
- C:\Windows\System\tUpeJLt.exe
  C:\Windows\System\tUpeJLt.exe
  2⤵
  PID:6300
- C:\Windows\System\DTDMlYP.exe
  C:\Windows\System\DTDMlYP.exe
  2⤵
  PID:6320
- C:\Windows\System\qdkUCVE.exe
  C:\Windows\System\qdkUCVE.exe
  2⤵
  PID:6340
- C:\Windows\System\wIbnHct.exe
  C:\Windows\System\wIbnHct.exe
  2⤵
  PID:6360
- C:\Windows\System\UoAgcmB.exe
  C:\Windows\System\UoAgcmB.exe
  2⤵
  PID:6380
- C:\Windows\System\sANAOKC.exe
  C:\Windows\System\sANAOKC.exe
  2⤵
  PID:6396
- C:\Windows\System\kjGgtzm.exe
  C:\Windows\System\kjGgtzm.exe
  2⤵
  PID:6420
- C:\Windows\System\laoHuOC.exe
  C:\Windows\System\laoHuOC.exe
  2⤵
  PID:6436
- C:\Windows\System\GdNdnUL.exe
  C:\Windows\System\GdNdnUL.exe
  2⤵
  PID:6460
- C:\Windows\System\PWajAyX.exe
  C:\Windows\System\PWajAyX.exe
  2⤵
  PID:6484
- C:\Windows\System\GkaMrHJ.exe
  C:\Windows\System\GkaMrHJ.exe
  2⤵
  PID:6500
- C:\Windows\System\ECpkyyd.exe
  C:\Windows\System\ECpkyyd.exe
  2⤵
  PID:6520
- C:\Windows\System\HkQwOIS.exe
  C:\Windows\System\HkQwOIS.exe
  2⤵
  PID:6540
- C:\Windows\System\xMbEnms.exe
  C:\Windows\System\xMbEnms.exe
  2⤵
  PID:6560
- C:\Windows\System\GJJiltn.exe
  C:\Windows\System\GJJiltn.exe
  2⤵
  PID:6580
- C:\Windows\System\EWCRDoQ.exe
  C:\Windows\System\EWCRDoQ.exe
  2⤵
  PID:6600
- C:\Windows\System\mOXnWEv.exe
  C:\Windows\System\mOXnWEv.exe
  2⤵
  PID:6620
- C:\Windows\System\XFRQxNK.exe
  C:\Windows\System\XFRQxNK.exe
  2⤵
  PID:6644
- C:\Windows\System\oVzaHaH.exe
  C:\Windows\System\oVzaHaH.exe
  2⤵
  PID:6664
- C:\Windows\System\RcwqyTX.exe
  C:\Windows\System\RcwqyTX.exe
  2⤵
  PID:6684
- C:\Windows\System\Dubgqdy.exe
  C:\Windows\System\Dubgqdy.exe
  2⤵
  PID:6704
- C:\Windows\System\BWHCywg.exe
  C:\Windows\System\BWHCywg.exe
  2⤵
  PID:6724
- C:\Windows\System\SQSlxAE.exe
  C:\Windows\System\SQSlxAE.exe
  2⤵
  PID:6740
- C:\Windows\System\dQZoAxL.exe
  C:\Windows\System\dQZoAxL.exe
  2⤵
  PID:6764
- C:\Windows\System\LWLwYqB.exe
  C:\Windows\System\LWLwYqB.exe
  2⤵
  PID:6784
- C:\Windows\System\fAxbjbF.exe
  C:\Windows\System\fAxbjbF.exe
  2⤵
  PID:6804
- C:\Windows\System\AVUBbpY.exe
  C:\Windows\System\AVUBbpY.exe
  2⤵
  PID:6824
- C:\Windows\System\HYKzfFN.exe
  C:\Windows\System\HYKzfFN.exe
  2⤵
  PID:6844
- C:\Windows\System\ZIDTtsn.exe
  C:\Windows\System\ZIDTtsn.exe
  2⤵
  PID:6864
- C:\Windows\System\qoSeSEh.exe
  C:\Windows\System\qoSeSEh.exe
  2⤵
  PID:6884
- C:\Windows\System\WiizQhf.exe
  C:\Windows\System\WiizQhf.exe
  2⤵
  PID:6904
- C:\Windows\System\AtQXyeO.exe
  C:\Windows\System\AtQXyeO.exe
  2⤵
  PID:6924
- C:\Windows\System\bBjdtDs.exe
  C:\Windows\System\bBjdtDs.exe
  2⤵
  PID:6948
- C:\Windows\System\eVDFYQf.exe
  C:\Windows\System\eVDFYQf.exe
  2⤵
  PID:6964
- C:\Windows\System\ptPfJCs.exe
  C:\Windows\System\ptPfJCs.exe
  2⤵
  PID:6984
- C:\Windows\System\wsojwpI.exe
  C:\Windows\System\wsojwpI.exe
  2⤵
  PID:7008
- C:\Windows\System\ukqgpSO.exe
  C:\Windows\System\ukqgpSO.exe
  2⤵
  PID:7028
- C:\Windows\System\EwOdJhd.exe
  C:\Windows\System\EwOdJhd.exe
  2⤵
  PID:7048
- C:\Windows\System\MUqISDD.exe
  C:\Windows\System\MUqISDD.exe
  2⤵
  PID:7068
- C:\Windows\System\AaVXHoB.exe
  C:\Windows\System\AaVXHoB.exe
  2⤵
  PID:7088
- C:\Windows\System\ujIxeOI.exe
  C:\Windows\System\ujIxeOI.exe
  2⤵
  PID:7108
- C:\Windows\System\DAMxyXw.exe
  C:\Windows\System\DAMxyXw.exe
  2⤵
  PID:7128
- C:\Windows\System\oXdKPxp.exe
  C:\Windows\System\oXdKPxp.exe
  2⤵
  PID:7148
- C:\Windows\System\MTHlGYZ.exe
  C:\Windows\System\MTHlGYZ.exe
  2⤵
  PID:5692
- C:\Windows\System\TvDdIrE.exe
  C:\Windows\System\TvDdIrE.exe
  2⤵
  PID:5756
- C:\Windows\System\OEDTULY.exe
  C:\Windows\System\OEDTULY.exe
  2⤵
  PID:5696
- C:\Windows\System\splkubt.exe
  C:\Windows\System\splkubt.exe
  2⤵
  PID:6012
- C:\Windows\System\XHuWIak.exe
  C:\Windows\System\XHuWIak.exe
  2⤵
  PID:2324
- C:\Windows\System\MGHfMfU.exe
  C:\Windows\System\MGHfMfU.exe
  2⤵
  PID:5252
- C:\Windows\System\YbSqKLS.exe
  C:\Windows\System\YbSqKLS.exe
  2⤵
  PID:5516
- C:\Windows\System\SeLNGRC.exe
  C:\Windows\System\SeLNGRC.exe
  2⤵
  PID:5472
- C:\Windows\System\xuBiwWV.exe
  C:\Windows\System\xuBiwWV.exe
  2⤵
  PID:6168
- C:\Windows\System\VYQtYLz.exe
  C:\Windows\System\VYQtYLz.exe
  2⤵
  PID:6236
- C:\Windows\System\LfZNgkf.exe
  C:\Windows\System\LfZNgkf.exe
  2⤵
  PID:6212
- C:\Windows\System\PiPubkW.exe
  C:\Windows\System\PiPubkW.exe
  2⤵
  PID:6252
- C:\Windows\System\QcRNann.exe
  C:\Windows\System\QcRNann.exe
  2⤵
  PID:6356
- C:\Windows\System\YMMXxdr.exe
  C:\Windows\System\YMMXxdr.exe
  2⤵
  PID:6328
- C:\Windows\System\wdcwjqy.exe
  C:\Windows\System\wdcwjqy.exe
  2⤵
  PID:6368
- C:\Windows\System\jCmTEya.exe
  C:\Windows\System\jCmTEya.exe
  2⤵
  PID:6408
- C:\Windows\System\ZPqiWKV.exe
  C:\Windows\System\ZPqiWKV.exe
  2⤵
  PID:6480
- C:\Windows\System\LjbtlMG.exe
  C:\Windows\System\LjbtlMG.exe
  2⤵
  PID:6444
- C:\Windows\System\LoJLoWr.exe
  C:\Windows\System\LoJLoWr.exe
  2⤵
  PID:6492
- C:\Windows\System\FxcYUby.exe
  C:\Windows\System\FxcYUby.exe
  2⤵
  PID:6588
- C:\Windows\System\DNYoFmQ.exe
  C:\Windows\System\DNYoFmQ.exe
  2⤵
  PID:6640
- C:\Windows\System\UIZAbFU.exe
  C:\Windows\System\UIZAbFU.exe
  2⤵
  PID:6572
- C:\Windows\System\ezMyWJu.exe
  C:\Windows\System\ezMyWJu.exe
  2⤵
  PID:6652
- C:\Windows\System\ekllBwv.exe
  C:\Windows\System\ekllBwv.exe
  2⤵
  PID:6712
- C:\Windows\System\ckdKECO.exe
  C:\Windows\System\ckdKECO.exe
  2⤵
  PID:6748
- C:\Windows\System\XauBadc.exe
  C:\Windows\System\XauBadc.exe
  2⤵
  PID:6760
- C:\Windows\System\rJHLGav.exe
  C:\Windows\System\rJHLGav.exe
  2⤵
  PID:6792
- C:\Windows\System\fFZHgKS.exe
  C:\Windows\System\fFZHgKS.exe
  2⤵
  PID:6840
- C:\Windows\System\MiMNzbM.exe
  C:\Windows\System\MiMNzbM.exe
  2⤵
  PID:6816
- C:\Windows\System\xwiBaIa.exe
  C:\Windows\System\xwiBaIa.exe
  2⤵
  PID:6860
- C:\Windows\System\zGqPuot.exe
  C:\Windows\System\zGqPuot.exe
  2⤵
  PID:6892
- C:\Windows\System\MzfMPFH.exe
  C:\Windows\System\MzfMPFH.exe
  2⤵
  PID:6932
- C:\Windows\System\cimDpAM.exe
  C:\Windows\System\cimDpAM.exe
  2⤵
  PID:6996
- C:\Windows\System\sazOFHC.exe
  C:\Windows\System\sazOFHC.exe
  2⤵
  PID:7076
- C:\Windows\System\mQuSpBd.exe
  C:\Windows\System\mQuSpBd.exe
  2⤵
  PID:7016
- C:\Windows\System\WFqFVpG.exe
  C:\Windows\System\WFqFVpG.exe
  2⤵
  PID:7060
- C:\Windows\System\kmOyuJN.exe
  C:\Windows\System\kmOyuJN.exe
  2⤵
  PID:7120
- C:\Windows\System\suehhGo.exe
  C:\Windows\System\suehhGo.exe
  2⤵
  PID:7100
- C:\Windows\System\fgiWYrs.exe
  C:\Windows\System\fgiWYrs.exe
  2⤵
  PID:2428
- C:\Windows\System\KJPwQOo.exe
  C:\Windows\System\KJPwQOo.exe
  2⤵
  PID:5720
- C:\Windows\System\PeEkXnc.exe
  C:\Windows\System\PeEkXnc.exe
  2⤵
  PID:5236
- C:\Windows\System\TpaZUea.exe
  C:\Windows\System\TpaZUea.exe
  2⤵
  PID:6080
- C:\Windows\System\vDcwOEq.exe
  C:\Windows\System\vDcwOEq.exe
  2⤵
  PID:4988
- C:\Windows\System\xyNrqfz.exe
  C:\Windows\System\xyNrqfz.exe
  2⤵
  PID:2492
- C:\Windows\System\nZcmGzR.exe
  C:\Windows\System\nZcmGzR.exe
  2⤵
  PID:6336
- C:\Windows\System\FYGLUPU.exe
  C:\Windows\System\FYGLUPU.exe
  2⤵
  PID:6316
- C:\Windows\System\vbtKrkV.exe
  C:\Windows\System\vbtKrkV.exe
  2⤵
  PID:6552
- C:\Windows\System\iFtutZE.exe
  C:\Windows\System\iFtutZE.exe
  2⤵
  PID:6596
- C:\Windows\System\yZNPaxc.exe
  C:\Windows\System\yZNPaxc.exe
  2⤵
  PID:6392
- C:\Windows\System\PSuQnoy.exe
  C:\Windows\System\PSuQnoy.exe
  2⤵
  PID:2164
- C:\Windows\System\UDIaUvr.exe
  C:\Windows\System\UDIaUvr.exe
  2⤵
  PID:6772
- C:\Windows\System\jqZqsLy.exe
  C:\Windows\System\jqZqsLy.exe
  2⤵
  PID:6812
- C:\Windows\System\vLMyXZZ.exe
  C:\Windows\System\vLMyXZZ.exe
  2⤵
  PID:6536
- C:\Windows\System\RIXtjUM.exe
  C:\Windows\System\RIXtjUM.exe
  2⤵
  PID:6656
- C:\Windows\System\HCSEvYp.exe
  C:\Windows\System\HCSEvYp.exe
  2⤵
  PID:6976
- C:\Windows\System\gLxCJdI.exe
  C:\Windows\System\gLxCJdI.exe
  2⤵
  PID:6832
- C:\Windows\System\xgrzCHj.exe
  C:\Windows\System\xgrzCHj.exe
  2⤵
  PID:2244
- C:\Windows\System\VWkjYCv.exe
  C:\Windows\System\VWkjYCv.exe
  2⤵
  PID:6876
- C:\Windows\System\mLIdYYH.exe
  C:\Windows\System\mLIdYYH.exe
  2⤵
  PID:1616
- C:\Windows\System\JIfQocz.exe
  C:\Windows\System\JIfQocz.exe
  2⤵
  PID:6416
- C:\Windows\System\CpsWoVb.exe
  C:\Windows\System\CpsWoVb.exe
  2⤵
  PID:7064
- C:\Windows\System\HOKJPcG.exe
  C:\Windows\System\HOKJPcG.exe
  2⤵
  PID:2636
- C:\Windows\System\AAZAmeE.exe
  C:\Windows\System\AAZAmeE.exe
  2⤵
  PID:2340
- C:\Windows\System\wLcBxJW.exe
  C:\Windows\System\wLcBxJW.exe
  2⤵
  PID:5928
- C:\Windows\System\iFawLBv.exe
  C:\Windows\System\iFawLBv.exe
  2⤵
  PID:6200
- C:\Windows\System\bnkPSoz.exe
  C:\Windows\System\bnkPSoz.exe
  2⤵
  PID:6376
- C:\Windows\System\QgtcEEM.exe
  C:\Windows\System\QgtcEEM.exe
  2⤵
  PID:6516
- C:\Windows\System\nBXpgwa.exe
  C:\Windows\System\nBXpgwa.exe
  2⤵
  PID:6716
- C:\Windows\System\XIECZFn.exe
  C:\Windows\System\XIECZFn.exe
  2⤵
  PID:6508
- C:\Windows\System\ZuuCuOt.exe
  C:\Windows\System\ZuuCuOt.exe
  2⤵
  PID:6676
- C:\Windows\System\xYWocrA.exe
  C:\Windows\System\xYWocrA.exe
  2⤵
  PID:6756
- C:\Windows\System\DZbjnJv.exe
  C:\Windows\System\DZbjnJv.exe
  2⤵
  PID:7036
- C:\Windows\System\zXVzyWY.exe
  C:\Windows\System\zXVzyWY.exe
  2⤵
  PID:1572
- C:\Windows\System\dqMYPYQ.exe
  C:\Windows\System\dqMYPYQ.exe
  2⤵
  PID:912
- C:\Windows\System\gCVFkAS.exe
  C:\Windows\System\gCVFkAS.exe
  2⤵
  PID:6216
- C:\Windows\System\gyspUaZ.exe
  C:\Windows\System\gyspUaZ.exe
  2⤵
  PID:7104
- C:\Windows\System\RPnsIRK.exe
  C:\Windows\System\RPnsIRK.exe
  2⤵
  PID:6232
- C:\Windows\System\qucRqbZ.exe
  C:\Windows\System\qucRqbZ.exe
  2⤵
  PID:2752
- C:\Windows\System\IXkxIcb.exe
  C:\Windows\System\IXkxIcb.exe
  2⤵
  PID:2704
- C:\Windows\System\WOwPRYZ.exe
  C:\Windows\System\WOwPRYZ.exe
  2⤵
  PID:6452
- C:\Windows\System\KWkOYYV.exe
  C:\Windows\System\KWkOYYV.exe
  2⤵
  PID:6576
- C:\Windows\System\SvIuZCo.exe
  C:\Windows\System\SvIuZCo.exe
  2⤵
  PID:5416
- C:\Windows\System\yBIPUHH.exe
  C:\Windows\System\yBIPUHH.exe
  2⤵
  PID:6276
- C:\Windows\System\WNcFFpO.exe
  C:\Windows\System\WNcFFpO.exe
  2⤵
  PID:2308
- C:\Windows\System\LXpVcbF.exe
  C:\Windows\System\LXpVcbF.exe
  2⤵
  PID:2176
- C:\Windows\System\OSsJNaF.exe
  C:\Windows\System\OSsJNaF.exe
  2⤵
  PID:1352
- C:\Windows\System\qyKpEIs.exe
  C:\Windows\System\qyKpEIs.exe
  2⤵
  PID:2012
- C:\Windows\System\EyuZVrM.exe
  C:\Windows\System\EyuZVrM.exe
  2⤵
  PID:6124
- C:\Windows\System\NwFkHSC.exe
  C:\Windows\System\NwFkHSC.exe
  2⤵
  PID:5832
- C:\Windows\System\qgxCvuf.exe
  C:\Windows\System\qgxCvuf.exe
  2⤵
  PID:2596
- C:\Windows\System\cnActtJ.exe
  C:\Windows\System\cnActtJ.exe
  2⤵
  PID:6172
- C:\Windows\System\ePkXRuC.exe
  C:\Windows\System\ePkXRuC.exe
  2⤵
  PID:6920
- C:\Windows\System\VfnaxHO.exe
  C:\Windows\System\VfnaxHO.exe
  2⤵
  PID:6820
- C:\Windows\System\wgVsywf.exe
  C:\Windows\System\wgVsywf.exe
  2⤵
  PID:7176
- C:\Windows\System\EpwofEW.exe
  C:\Windows\System\EpwofEW.exe
  2⤵
  PID:7196
- C:\Windows\System\NfbKgnS.exe
  C:\Windows\System\NfbKgnS.exe
  2⤵
  PID:7216
- C:\Windows\System\llwixPG.exe
  C:\Windows\System\llwixPG.exe
  2⤵
  PID:7232
- C:\Windows\System\CUXkKLZ.exe
  C:\Windows\System\CUXkKLZ.exe
  2⤵
  PID:7248
- C:\Windows\System\BdRaUcI.exe
  C:\Windows\System\BdRaUcI.exe
  2⤵
  PID:7264
- C:\Windows\System\VhowYrc.exe
  C:\Windows\System\VhowYrc.exe
  2⤵
  PID:7284
- C:\Windows\System\VvtWBye.exe
  C:\Windows\System\VvtWBye.exe
  2⤵
  PID:7304
- C:\Windows\System\oAwWwNa.exe
  C:\Windows\System\oAwWwNa.exe
  2⤵
  PID:7320
- C:\Windows\System\OLtkdTN.exe
  C:\Windows\System\OLtkdTN.exe
  2⤵
  PID:7340
- C:\Windows\System\TfGHpBl.exe
  C:\Windows\System\TfGHpBl.exe
  2⤵
  PID:7356
- C:\Windows\System\UDFbaMU.exe
  C:\Windows\System\UDFbaMU.exe
  2⤵
  PID:7372
- C:\Windows\System\XsrGMIZ.exe
  C:\Windows\System\XsrGMIZ.exe
  2⤵
  PID:7388
- C:\Windows\System\TZcpOot.exe
  C:\Windows\System\TZcpOot.exe
  2⤵
  PID:7404
- C:\Windows\System\wftWNrS.exe
  C:\Windows\System\wftWNrS.exe
  2⤵
  PID:7420
- C:\Windows\System\ejqCxcF.exe
  C:\Windows\System\ejqCxcF.exe
  2⤵
  PID:7452
- C:\Windows\System\AjXBzDR.exe
  C:\Windows\System\AjXBzDR.exe
  2⤵
  PID:7496
- C:\Windows\System\yhChhPD.exe
  C:\Windows\System\yhChhPD.exe
  2⤵
  PID:7512
- C:\Windows\System\WGxajNp.exe
  C:\Windows\System\WGxajNp.exe
  2⤵
  PID:7548
- C:\Windows\System\lqujsvb.exe
  C:\Windows\System\lqujsvb.exe
  2⤵
  PID:7564
- C:\Windows\System\VbKualQ.exe
  C:\Windows\System\VbKualQ.exe
  2⤵
  PID:7608
- C:\Windows\System\goZlnyj.exe
  C:\Windows\System\goZlnyj.exe
  2⤵
  PID:7624
- C:\Windows\System\jHwhfCv.exe
  C:\Windows\System\jHwhfCv.exe
  2⤵
  PID:7640
- C:\Windows\System\cNHqIvF.exe
  C:\Windows\System\cNHqIvF.exe
  2⤵
  PID:7656
- C:\Windows\System\iZZrFhM.exe
  C:\Windows\System\iZZrFhM.exe
  2⤵
  PID:7672
- C:\Windows\System\RLPLUCr.exe
  C:\Windows\System\RLPLUCr.exe
  2⤵
  PID:7688
- C:\Windows\System\xHtAhsx.exe
  C:\Windows\System\xHtAhsx.exe
  2⤵
  PID:7704
- C:\Windows\System\dQrsfQp.exe
  C:\Windows\System\dQrsfQp.exe
  2⤵
  PID:7720
- C:\Windows\System\ssEyqoc.exe
  C:\Windows\System\ssEyqoc.exe
  2⤵
  PID:7740
- C:\Windows\System\WkZYkrK.exe
  C:\Windows\System\WkZYkrK.exe
  2⤵
  PID:7756
- C:\Windows\System\aIFgPTT.exe
  C:\Windows\System\aIFgPTT.exe
  2⤵
  PID:7776
- C:\Windows\System\atvcahx.exe
  C:\Windows\System\atvcahx.exe
  2⤵
  PID:7816
- C:\Windows\System\CPfbBqp.exe
  C:\Windows\System\CPfbBqp.exe
  2⤵
  PID:7836
- C:\Windows\System\MXznrGy.exe
  C:\Windows\System\MXznrGy.exe
  2⤵
  PID:7884
- C:\Windows\System\NAdfXJP.exe
  C:\Windows\System\NAdfXJP.exe
  2⤵
  PID:7900
- C:\Windows\System\RObYLHU.exe
  C:\Windows\System\RObYLHU.exe
  2⤵
  PID:7924
- C:\Windows\System\quvutAe.exe
  C:\Windows\System\quvutAe.exe
  2⤵
  PID:7940
- C:\Windows\System\sfFMsMm.exe
  C:\Windows\System\sfFMsMm.exe
  2⤵
  PID:7960
- C:\Windows\System\LMmezHC.exe
  C:\Windows\System\LMmezHC.exe
  2⤵
  PID:7984
- C:\Windows\System\NKBOioT.exe
  C:\Windows\System\NKBOioT.exe
  2⤵
  PID:8004
- C:\Windows\System\gzfkRcL.exe
  C:\Windows\System\gzfkRcL.exe
  2⤵
  PID:8024
- C:\Windows\System\bpjWLGM.exe
  C:\Windows\System\bpjWLGM.exe
  2⤵
  PID:8040
- C:\Windows\System\mGeYIAG.exe
  C:\Windows\System\mGeYIAG.exe
  2⤵
  PID:8064
- C:\Windows\System\kgXcuMh.exe
  C:\Windows\System\kgXcuMh.exe
  2⤵
  PID:8088
- C:\Windows\System\llFYQrA.exe
  C:\Windows\System\llFYQrA.exe
  2⤵
  PID:8108
- C:\Windows\System\LkpzVUm.exe
  C:\Windows\System\LkpzVUm.exe
  2⤵
  PID:8124
- C:\Windows\System\VlXsaSn.exe
  C:\Windows\System\VlXsaSn.exe
  2⤵
  PID:8144
- C:\Windows\System\AIUBTii.exe
  C:\Windows\System\AIUBTii.exe
  2⤵
  PID:8160
- C:\Windows\System\PnbGMxM.exe
  C:\Windows\System\PnbGMxM.exe
  2⤵
  PID:8184
- C:\Windows\System\vNeCXYs.exe
  C:\Windows\System\vNeCXYs.exe
  2⤵
  PID:2792
- C:\Windows\System\rhyCtdl.exe
  C:\Windows\System\rhyCtdl.exe
  2⤵
  PID:1880
- C:\Windows\System\nFbbsRX.exe
  C:\Windows\System\nFbbsRX.exe
  2⤵
  PID:2184
- C:\Windows\System\mOfssem.exe
  C:\Windows\System\mOfssem.exe
  2⤵
  PID:2640
- C:\Windows\System\DGidQEZ.exe
  C:\Windows\System\DGidQEZ.exe
  2⤵
  PID:7192
- C:\Windows\System\DioDpGB.exe
  C:\Windows\System\DioDpGB.exe
  2⤵
  PID:7228
- C:\Windows\System\xmJVLbk.exe
  C:\Windows\System\xmJVLbk.exe
  2⤵
  PID:7260
- C:\Windows\System\RZHxnne.exe
  C:\Windows\System\RZHxnne.exe
  2⤵
  PID:7300
- C:\Windows\System\lFBxENa.exe
  C:\Windows\System\lFBxENa.exe
  2⤵
  PID:7368
- C:\Windows\System\PYCQJxW.exe
  C:\Windows\System\PYCQJxW.exe
  2⤵
  PID:7416
- C:\Windows\System\Cglccvu.exe
  C:\Windows\System\Cglccvu.exe
  2⤵
  PID:7524
- C:\Windows\System\JVdQmsl.exe
  C:\Windows\System\JVdQmsl.exe
  2⤵
  PID:7480
- C:\Windows\System\kmJoZUY.exe
  C:\Windows\System\kmJoZUY.exe
  2⤵
  PID:7364
- C:\Windows\System\RMNPMUd.exe
  C:\Windows\System\RMNPMUd.exe
  2⤵
  PID:7572
- C:\Windows\System\dyphTDF.exe
  C:\Windows\System\dyphTDF.exe
  2⤵
  PID:6916
- C:\Windows\System\kKwqJow.exe
  C:\Windows\System\kKwqJow.exe
  2⤵
  PID:7440
- C:\Windows\System\BkvuCdm.exe
  C:\Windows\System\BkvuCdm.exe
  2⤵
  PID:7508
- C:\Windows\System\wBGUkkm.exe
  C:\Windows\System\wBGUkkm.exe
  2⤵
  PID:7664
- C:\Windows\System\SYHmYMD.exe
  C:\Windows\System\SYHmYMD.exe
  2⤵
  PID:7696
- C:\Windows\System\wJsjgBT.exe
  C:\Windows\System\wJsjgBT.exe
  2⤵
  PID:7768
- C:\Windows\System\JMARSmd.exe
  C:\Windows\System\JMARSmd.exe
  2⤵
  PID:7832
- C:\Windows\System\NscIpbG.exe
  C:\Windows\System\NscIpbG.exe
  2⤵
  PID:7680
- C:\Windows\System\cSXJQWd.exe
  C:\Windows\System\cSXJQWd.exe
  2⤵
  PID:7936
- C:\Windows\System\GkFZjHA.exe
  C:\Windows\System\GkFZjHA.exe
  2⤵
  PID:7972
- C:\Windows\System\aWQvDAN.exe
  C:\Windows\System\aWQvDAN.exe
  2⤵
  PID:7748
- C:\Windows\System\xOtayxI.exe
  C:\Windows\System\xOtayxI.exe
  2⤵
  PID:7796
- C:\Windows\System\CznGXfL.exe
  C:\Windows\System\CznGXfL.exe
  2⤵
  PID:8060
- C:\Windows\System\jesUWTG.exe
  C:\Windows\System\jesUWTG.exe
  2⤵
  PID:8100
- C:\Windows\System\gJIVrsu.exe
  C:\Windows\System\gJIVrsu.exe
  2⤵
  PID:7812
- C:\Windows\System\zcqiTBE.exe
  C:\Windows\System\zcqiTBE.exe
  2⤵
  PID:7856
- C:\Windows\System\QmydUZq.exe
  C:\Windows\System\QmydUZq.exe
  2⤵
  PID:7880
- C:\Windows\System\GNQtDGD.exe
  C:\Windows\System\GNQtDGD.exe
  2⤵
  PID:8168
- C:\Windows\System\ujQRRoJ.exe
  C:\Windows\System\ujQRRoJ.exe
  2⤵
  PID:2608
- C:\Windows\System\BebgqcL.exe
  C:\Windows\System\BebgqcL.exe
  2⤵
  PID:7992
- C:\Windows\System\IvDFXOB.exe
  C:\Windows\System\IvDFXOB.exe
  2⤵
  PID:8036
- C:\Windows\System\HIAljnt.exe
  C:\Windows\System\HIAljnt.exe
  2⤵
  PID:8076
- C:\Windows\System\ibhjNZn.exe
  C:\Windows\System\ibhjNZn.exe
  2⤵
  PID:8120
- C:\Windows\System\oyJFrEw.exe
  C:\Windows\System\oyJFrEw.exe
  2⤵
  PID:7224
- C:\Windows\System\fypCJNu.exe
  C:\Windows\System\fypCJNu.exe
  2⤵
  PID:1236
- C:\Windows\System\pjLYvaP.exe
  C:\Windows\System\pjLYvaP.exe
  2⤵
  PID:2788
- C:\Windows\System\GPhvvyo.exe
  C:\Windows\System\GPhvvyo.exe
  2⤵
  PID:7204
- C:\Windows\System\cNgkFuj.exe
  C:\Windows\System\cNgkFuj.exe
  2⤵
  PID:7296
- C:\Windows\System\qggGBKq.exe
  C:\Windows\System\qggGBKq.exe
  2⤵
  PID:2912
- C:\Windows\System\ThlSuyX.exe
  C:\Windows\System\ThlSuyX.exe
  2⤵
  PID:7332
- C:\Windows\System\kydhPyq.exe
  C:\Windows\System\kydhPyq.exe
  2⤵
  PID:7728
- C:\Windows\System\fTABdEV.exe
  C:\Windows\System\fTABdEV.exe
  2⤵
  PID:2028
- C:\Windows\System\xvQhgRp.exe
  C:\Windows\System\xvQhgRp.exe
  2⤵
  PID:7468
- C:\Windows\System\kuIUOXR.exe
  C:\Windows\System\kuIUOXR.exe
  2⤵
  PID:7792
- C:\Windows\System\JSGnDwQ.exe
  C:\Windows\System\JSGnDwQ.exe
  2⤵
  PID:1156
- C:\Windows\System\xWesKIu.exe
  C:\Windows\System\xWesKIu.exe
  2⤵
  PID:8016
- C:\Windows\System\cOcdNmp.exe
  C:\Windows\System\cOcdNmp.exe
  2⤵
  PID:8104
- C:\Windows\System\upORrRU.exe
  C:\Windows\System\upORrRU.exe
  2⤵
  PID:7956
- C:\Windows\System\inROlpt.exe
  C:\Windows\System\inROlpt.exe
  2⤵
  PID:7056
- C:\Windows\System\HnucxAM.exe
  C:\Windows\System\HnucxAM.exe
  2⤵
  PID:7868
- C:\Windows\System\mycUXyo.exe
  C:\Windows\System\mycUXyo.exe
  2⤵
  PID:8172
- C:\Windows\System\uhUZwBC.exe
  C:\Windows\System\uhUZwBC.exe
  2⤵
  PID:1032
- C:\Windows\System\QJRGVOk.exe
  C:\Windows\System\QJRGVOk.exe
  2⤵
  PID:8156
- C:\Windows\System\kIYUhPt.exe
  C:\Windows\System\kIYUhPt.exe
  2⤵
  PID:7328
- C:\Windows\System\qglyUMG.exe
  C:\Windows\System\qglyUMG.exe
  2⤵
  PID:7384
- C:\Windows\System\NLXYzjw.exe
  C:\Windows\System\NLXYzjw.exe
  2⤵
  PID:7488
- C:\Windows\System\ULgIVLv.exe
  C:\Windows\System\ULgIVLv.exe
  2⤵
  PID:7584
- C:\Windows\System\KEawDnY.exe
  C:\Windows\System\KEawDnY.exe
  2⤵
  PID:2228
- C:\Windows\System\ZqNtejT.exe
  C:\Windows\System\ZqNtejT.exe
  2⤵
  PID:6672
- C:\Windows\System\eBSWVTI.exe
  C:\Windows\System\eBSWVTI.exe
  2⤵
  PID:7472
- C:\Windows\System\jLAYgBn.exe
  C:\Windows\System\jLAYgBn.exe
  2⤵
  PID:7504
- C:\Windows\System\zdqXJKV.exe
  C:\Windows\System\zdqXJKV.exe
  2⤵
  PID:2316
- C:\Windows\System\ocXBffk.exe
  C:\Windows\System\ocXBffk.exe
  2⤵
  PID:7668
- C:\Windows\System\mBPTgPC.exe
  C:\Windows\System\mBPTgPC.exe
  2⤵
  PID:2584
- C:\Windows\System\mOouVwQ.exe
  C:\Windows\System\mOouVwQ.exe
  2⤵
  PID:8048
- C:\Windows\System\wlNNWsU.exe
  C:\Windows\System\wlNNWsU.exe
  2⤵
  PID:7920
- C:\Windows\System\hshgTPj.exe
  C:\Windows\System\hshgTPj.exe
  2⤵
  PID:7432
- C:\Windows\System\DOArJgB.exe
  C:\Windows\System\DOArJgB.exe
  2⤵
  PID:7240
- C:\Windows\System\tfaaanK.exe
  C:\Windows\System\tfaaanK.exe
  2⤵
  PID:6568
- C:\Windows\System\JZBOGzA.exe
  C:\Windows\System\JZBOGzA.exe
  2⤵
  PID:7464
- C:\Windows\System\uzzQAic.exe
  C:\Windows\System\uzzQAic.exe
  2⤵
  PID:7184
- C:\Windows\System\sGveHcS.exe
  C:\Windows\System\sGveHcS.exe
  2⤵
  PID:7684
- C:\Windows\System\FEhXoyR.exe
  C:\Windows\System\FEhXoyR.exe
  2⤵
  PID:7588
- C:\Windows\System\EFDQVfv.exe
  C:\Windows\System\EFDQVfv.exe
  2⤵
  PID:7784
- C:\Windows\System\aDGnpTW.exe
  C:\Windows\System\aDGnpTW.exe
  2⤵
  PID:7976
- C:\Windows\System\SuauJDH.exe
  C:\Windows\System\SuauJDH.exe
  2⤵
  PID:2936
- C:\Windows\System\yDOUjUJ.exe
  C:\Windows\System\yDOUjUJ.exe
  2⤵
  PID:7652
- C:\Windows\System\JUcMBhX.exe
  C:\Windows\System\JUcMBhX.exe
  2⤵
  PID:7436
- C:\Windows\System\rerLxOP.exe
  C:\Windows\System\rerLxOP.exe
  2⤵
  PID:8140
- C:\Windows\System\KqGLxVM.exe
  C:\Windows\System\KqGLxVM.exe
  2⤵
  PID:7272
- C:\Windows\System\khhvgYa.exe
  C:\Windows\System\khhvgYa.exe
  2⤵
  PID:7532
- C:\Windows\System\FetcstW.exe
  C:\Windows\System\FetcstW.exe
  2⤵
  PID:7576
- C:\Windows\System\irxjruV.exe
  C:\Windows\System\irxjruV.exe
  2⤵
  PID:7716
- C:\Windows\System\XuZHyAA.exe
  C:\Windows\System\XuZHyAA.exe
  2⤵
  PID:8196
- C:\Windows\System\eEpbonE.exe
  C:\Windows\System\eEpbonE.exe
  2⤵
  PID:8216
- C:\Windows\System\mjfnbzk.exe
  C:\Windows\System\mjfnbzk.exe
  2⤵
  PID:8232
- C:\Windows\System\wjCSCbx.exe
  C:\Windows\System\wjCSCbx.exe
  2⤵
  PID:8248
- C:\Windows\System\DYjjDwv.exe
  C:\Windows\System\DYjjDwv.exe
  2⤵
  PID:8268
- C:\Windows\System\cXujITo.exe
  C:\Windows\System\cXujITo.exe
  2⤵
  PID:8296
- C:\Windows\System\GBgKCxV.exe
  C:\Windows\System\GBgKCxV.exe
  2⤵
  PID:8316
- C:\Windows\System\trquHyv.exe
  C:\Windows\System\trquHyv.exe
  2⤵
  PID:8332
- C:\Windows\System\ifocnCZ.exe
  C:\Windows\System\ifocnCZ.exe
  2⤵
  PID:8348
- C:\Windows\System\KxHBImO.exe
  C:\Windows\System\KxHBImO.exe
  2⤵
  PID:8364
- C:\Windows\System\tmtIIDf.exe
  C:\Windows\System\tmtIIDf.exe
  2⤵
  PID:8380
- C:\Windows\System\znmHgvC.exe
  C:\Windows\System\znmHgvC.exe
  2⤵
  PID:8396
- C:\Windows\System\UNSMPnd.exe
  C:\Windows\System\UNSMPnd.exe
  2⤵
  PID:8412
- C:\Windows\System\rPwnTnd.exe
  C:\Windows\System\rPwnTnd.exe
  2⤵
  PID:8436
- C:\Windows\System\xSjKmqc.exe
  C:\Windows\System\xSjKmqc.exe
  2⤵
  PID:8452
- C:\Windows\System\sMOwbLo.exe
  C:\Windows\System\sMOwbLo.exe
  2⤵
  PID:8468
- C:\Windows\System\GzYTNLC.exe
  C:\Windows\System\GzYTNLC.exe
  2⤵
  PID:8484
- C:\Windows\System\ocEgpvI.exe
  C:\Windows\System\ocEgpvI.exe
  2⤵
  PID:8524
- C:\Windows\System\RkvCmwi.exe
  C:\Windows\System\RkvCmwi.exe
  2⤵
  PID:8544
- C:\Windows\System\rXvQGuG.exe
  C:\Windows\System\rXvQGuG.exe
  2⤵
  PID:8624
- C:\Windows\System\eWfvETm.exe
  C:\Windows\System\eWfvETm.exe
  2⤵
  PID:8660
- C:\Windows\System\ZCkhjIm.exe
  C:\Windows\System\ZCkhjIm.exe
  2⤵
  PID:8688
- C:\Windows\System\tOEKNiX.exe
  C:\Windows\System\tOEKNiX.exe
  2⤵
  PID:8708
- C:\Windows\System\qTBoSZi.exe
  C:\Windows\System\qTBoSZi.exe
  2⤵
  PID:8724
- C:\Windows\System\riEEQMi.exe
  C:\Windows\System\riEEQMi.exe
  2⤵
  PID:8740
- C:\Windows\System\mQvMdQI.exe
  C:\Windows\System\mQvMdQI.exe
  2⤵
  PID:8756
- C:\Windows\System\nmizonh.exe
  C:\Windows\System\nmizonh.exe
  2⤵
  PID:8772
- C:\Windows\System\fXbGNbl.exe
  C:\Windows\System\fXbGNbl.exe
  2⤵
  PID:8788
- C:\Windows\System\aAzGDzg.exe
  C:\Windows\System\aAzGDzg.exe
  2⤵
  PID:8808
- C:\Windows\System\eMYrBBc.exe
  C:\Windows\System\eMYrBBc.exe
  2⤵
  PID:8876
- C:\Windows\System\vZXbGai.exe
  C:\Windows\System\vZXbGai.exe
  2⤵
  PID:8892
- C:\Windows\System\VozpsbT.exe
  C:\Windows\System\VozpsbT.exe
  2⤵
  PID:8912
- C:\Windows\System\VpgMHLz.exe
  C:\Windows\System\VpgMHLz.exe
  2⤵
  PID:8928
- C:\Windows\System\KRMGNjf.exe
  C:\Windows\System\KRMGNjf.exe
  2⤵
  PID:8944
- C:\Windows\System\rkOCvOW.exe
  C:\Windows\System\rkOCvOW.exe
  2⤵
  PID:8960
- C:\Windows\System\QQFIIlW.exe
  C:\Windows\System\QQFIIlW.exe
  2⤵
  PID:8980
- C:\Windows\System\hJWNpBO.exe
  C:\Windows\System\hJWNpBO.exe
  2⤵
  PID:8996
- C:\Windows\System\XTWcKGd.exe
  C:\Windows\System\XTWcKGd.exe
  2⤵
  PID:9012
- C:\Windows\System\jXbVBtZ.exe
  C:\Windows\System\jXbVBtZ.exe
  2⤵
  PID:9028
- C:\Windows\System\sOEUhHS.exe
  C:\Windows\System\sOEUhHS.exe
  2⤵
  PID:9044
- C:\Windows\System\fpHAHQq.exe
  C:\Windows\System\fpHAHQq.exe
  2⤵
  PID:9060
- C:\Windows\System\PQMXEIq.exe
  C:\Windows\System\PQMXEIq.exe
  2⤵
  PID:9076
- C:\Windows\System\kLarKrT.exe
  C:\Windows\System\kLarKrT.exe
  2⤵
  PID:9092
- C:\Windows\System\leoTASd.exe
  C:\Windows\System\leoTASd.exe
  2⤵
  PID:9108
- C:\Windows\System\iHwCzWu.exe
  C:\Windows\System\iHwCzWu.exe
  2⤵
  PID:9124
- C:\Windows\System\AHsudwg.exe
  C:\Windows\System\AHsudwg.exe
  2⤵
  PID:9140
- C:\Windows\System\NdUgSrO.exe
  C:\Windows\System\NdUgSrO.exe
  2⤵
  PID:9156
- C:\Windows\System\vvQWuiY.exe
  C:\Windows\System\vvQWuiY.exe
  2⤵
  PID:9172
- C:\Windows\System\vpZkjUR.exe
  C:\Windows\System\vpZkjUR.exe
  2⤵
  PID:9188
- C:\Windows\System\pJbnfHG.exe
  C:\Windows\System\pJbnfHG.exe
  2⤵
  PID:9204
- C:\Windows\System\WDLmukE.exe
  C:\Windows\System\WDLmukE.exe
  2⤵
  PID:8072
- C:\Windows\System\fayoSPa.exe
  C:\Windows\System\fayoSPa.exe
  2⤵
  PID:7824
- C:\Windows\System\fnxRupz.exe
  C:\Windows\System\fnxRupz.exe
  2⤵
  PID:8204
- C:\Windows\System\IrbcUQu.exe
  C:\Windows\System\IrbcUQu.exe
  2⤵
  PID:8244
- C:\Windows\System\gZWuwYl.exe
  C:\Windows\System\gZWuwYl.exe
  2⤵
  PID:8288
- C:\Windows\System\iKyXPan.exe
  C:\Windows\System\iKyXPan.exe
  2⤵
  PID:8356
- C:\Windows\System\nvQtpeO.exe
  C:\Windows\System\nvQtpeO.exe
  2⤵
  PID:6636
- C:\Windows\System\vdHrGIL.exe
  C:\Windows\System\vdHrGIL.exe
  2⤵
  PID:7916
- C:\Windows\System\YxqnJyF.exe
  C:\Windows\System\YxqnJyF.exe
  2⤵
  PID:8260
- C:\Windows\System\AskRYKW.exe
  C:\Windows\System\AskRYKW.exe
  2⤵
  PID:8308
- C:\Windows\System\AOJYsjk.exe
  C:\Windows\System\AOJYsjk.exe
  2⤵
  PID:8376
- C:\Windows\System\FwFXnao.exe
  C:\Windows\System\FwFXnao.exe
  2⤵
  PID:8392
- C:\Windows\System\psWtVAd.exe
  C:\Windows\System\psWtVAd.exe
  2⤵
  PID:8428
- C:\Windows\System\qVlDaRy.exe
  C:\Windows\System\qVlDaRy.exe
  2⤵
  PID:8492
- C:\Windows\System\xRgvpdh.exe
  C:\Windows\System\xRgvpdh.exe
  2⤵
  PID:8504
- C:\Windows\System\KKrvDbX.exe
  C:\Windows\System\KKrvDbX.exe
  2⤵
  PID:8536
- C:\Windows\System\whErceS.exe
  C:\Windows\System\whErceS.exe
  2⤵
  PID:8552
- C:\Windows\System\KzSvbpn.exe
  C:\Windows\System\KzSvbpn.exe
  2⤵
  PID:8568
- C:\Windows\System\fmOaFfr.exe
  C:\Windows\System\fmOaFfr.exe
  2⤵
  PID:8588
- C:\Windows\System\uiQsxaW.exe
  C:\Windows\System\uiQsxaW.exe
  2⤵
  PID:8612
- C:\Windows\System\lyfzcrx.exe
  C:\Windows\System\lyfzcrx.exe
  2⤵
  PID:8616
- C:\Windows\System\LSGeuSS.exe
  C:\Windows\System\LSGeuSS.exe
  2⤵
  PID:8648
- C:\Windows\System\wwTOfIR.exe
  C:\Windows\System\wwTOfIR.exe
  2⤵
  PID:8680
- C:\Windows\System\aavGAeq.exe
  C:\Windows\System\aavGAeq.exe
  2⤵
  PID:8828
- C:\Windows\System\UZmsPmb.exe
  C:\Windows\System\UZmsPmb.exe
  2⤵
  PID:8904
- C:\Windows\System\CbZFkxa.exe
  C:\Windows\System\CbZFkxa.exe
  2⤵
  PID:8976
- C:\Windows\System\HxWTwJM.exe
  C:\Windows\System\HxWTwJM.exe
  2⤵
  PID:8920
- C:\Windows\System\pJaaawv.exe
  C:\Windows\System\pJaaawv.exe
  2⤵
  PID:8992
- C:\Windows\System\SNyHOHU.exe
  C:\Windows\System\SNyHOHU.exe
  2⤵
  PID:9148
- C:\Windows\System\vIORkhH.exe
  C:\Windows\System\vIORkhH.exe
  2⤵
  PID:9152
- C:\Windows\System\dwVhzHa.exe
  C:\Windows\System\dwVhzHa.exe
  2⤵
  PID:9168
- C:\Windows\System\qncZIVf.exe
  C:\Windows\System\qncZIVf.exe
  2⤵
  PID:8280
- C:\Windows\System\oJxwWVv.exe
  C:\Windows\System\oJxwWVv.exe
  2⤵
  PID:8000
- C:\Windows\System\cZGPMzp.exe
  C:\Windows\System\cZGPMzp.exe
  2⤵
  PID:7952
- C:\Windows\System\OuWZUFg.exe
  C:\Windows\System\OuWZUFg.exe
  2⤵
  PID:7616
- C:\Windows\System\IIeYjyx.exe
  C:\Windows\System\IIeYjyx.exe
  2⤵
  PID:2236
- C:\Windows\System\ugucUWk.exe
  C:\Windows\System\ugucUWk.exe
  2⤵
  PID:8476
- C:\Windows\System\ocliYgZ.exe
  C:\Windows\System\ocliYgZ.exe
  2⤵
  PID:8592
- C:\Windows\System\RgmyGNI.exe
  C:\Windows\System\RgmyGNI.exe
  2⤵
  PID:8444
- C:\Windows\System\HGshNBU.exe
  C:\Windows\System\HGshNBU.exe
  2⤵
  PID:8520
- C:\Windows\System\MQkVniC.exe
  C:\Windows\System\MQkVniC.exe
  2⤵
  PID:8600
- C:\Windows\System\eGDMPyn.exe
  C:\Windows\System\eGDMPyn.exe
  2⤵
  PID:8636
- C:\Windows\System\KaNCdrY.exe
  C:\Windows\System\KaNCdrY.exe
  2⤵
  PID:8672
- C:\Windows\System\knujyoN.exe
  C:\Windows\System\knujyoN.exe
  2⤵
  PID:8704
- C:\Windows\System\PjeXEOL.exe
  C:\Windows\System\PjeXEOL.exe
  2⤵
  PID:8796
- C:\Windows\System\tzxYyhG.exe
  C:\Windows\System\tzxYyhG.exe
  2⤵
  PID:7336
- C:\Windows\System\DDrmqEc.exe
  C:\Windows\System\DDrmqEc.exe
  2⤵
  PID:8956
- C:\Windows\System\QtYavSV.exe
  C:\Windows\System\QtYavSV.exe
  2⤵
  PID:8856
- C:\Windows\System\JBCjEQs.exe
  C:\Windows\System\JBCjEQs.exe
  2⤵
  PID:8860
- C:\Windows\System\SwSfqYZ.exe
  C:\Windows\System\SwSfqYZ.exe
  2⤵
  PID:9088
- C:\Windows\System\uCLrxFA.exe
  C:\Windows\System\uCLrxFA.exe
  2⤵
  PID:9020
- C:\Windows\System\gJfqzNk.exe
  C:\Windows\System\gJfqzNk.exe
  2⤵
  PID:7484
- C:\Windows\System\UBZCWmd.exe
  C:\Windows\System\UBZCWmd.exe
  2⤵
  PID:9040
- C:\Windows\System\JEriYjV.exe
  C:\Windows\System\JEriYjV.exe
  2⤵
  PID:9036
- C:\Windows\System\aWcttQs.exe
  C:\Windows\System\aWcttQs.exe
  2⤵
  PID:7560
- C:\Windows\System\wNwGONr.exe
  C:\Windows\System\wNwGONr.exe
  2⤵
  PID:8284
- C:\Windows\System\wykyKQT.exe
  C:\Windows\System\wykyKQT.exe
  2⤵
  PID:7912
- C:\Windows\System\iIOCqIQ.exe
  C:\Windows\System\iIOCqIQ.exe
  2⤵
  PID:8512
- C:\Windows\System\amuSrzw.exe
  C:\Windows\System\amuSrzw.exe
  2⤵
  PID:8580
- C:\Windows\System\EZIIiju.exe
  C:\Windows\System\EZIIiju.exe
  2⤵
  PID:8312
- C:\Windows\System\qUrIUxa.exe
  C:\Windows\System\qUrIUxa.exe
  2⤵
  PID:8576
- C:\Windows\System\vfFixKW.exe
  C:\Windows\System\vfFixKW.exe
  2⤵
  PID:9068
- C:\Windows\System\VdkXZEu.exe
  C:\Windows\System\VdkXZEu.exe
  2⤵
  PID:8872
- C:\Windows\System\lrWUVhR.exe
  C:\Windows\System\lrWUVhR.exe
  2⤵
  PID:8500
- C:\Windows\System\YTskylt.exe
  C:\Windows\System\YTskylt.exe
  2⤵
  PID:8836
- C:\Windows\System\EMOORtX.exe
  C:\Windows\System\EMOORtX.exe
  2⤵
  PID:8240
- C:\Windows\System\KTFlDkq.exe
  C:\Windows\System\KTFlDkq.exe
  2⤵
  PID:8560
- C:\Windows\System\ujtwkGl.exe
  C:\Windows\System\ujtwkGl.exe
  2⤵
  PID:8716
- C:\Windows\System\PZWFVbh.exe
  C:\Windows\System\PZWFVbh.exe
  2⤵
  PID:8596
- C:\Windows\System\oaCrRNW.exe
  C:\Windows\System\oaCrRNW.exe
  2⤵
  PID:8848
- C:\Windows\System\tZMWFFv.exe
  C:\Windows\System\tZMWFFv.exe
  2⤵
  PID:9136
- C:\Windows\System\sTtWjqM.exe
  C:\Windows\System\sTtWjqM.exe
  2⤵
  PID:8640
- C:\Windows\System\uYWsCGt.exe
  C:\Windows\System\uYWsCGt.exe
  2⤵
  PID:8752
- C:\Windows\System\uGbzOQZ.exe
  C:\Windows\System\uGbzOQZ.exe
  2⤵
  PID:9052
- C:\Windows\System\aCCNqCg.exe
  C:\Windows\System\aCCNqCg.exe
  2⤵
  PID:9184
- C:\Windows\System\dQVGSfA.exe
  C:\Windows\System\dQVGSfA.exe
  2⤵
  PID:8432
- C:\Windows\System\JGJzxcc.exe
  C:\Windows\System\JGJzxcc.exe
  2⤵
  PID:7852
- C:\Windows\System\YlpxKpM.exe
  C:\Windows\System\YlpxKpM.exe
  2⤵
  PID:9236
- C:\Windows\System\qpTqsmE.exe
  C:\Windows\System\qpTqsmE.exe
  2⤵
  PID:9252
- C:\Windows\System\RbePtVM.exe
  C:\Windows\System\RbePtVM.exe
  2⤵
  PID:9304
- C:\Windows\System\JycNuIM.exe
  C:\Windows\System\JycNuIM.exe
  2⤵
  PID:9320
- C:\Windows\System\gCgBOpP.exe
  C:\Windows\System\gCgBOpP.exe
  2⤵
  PID:9348
- C:\Windows\System\MbTOmoX.exe
  C:\Windows\System\MbTOmoX.exe
  2⤵
  PID:9368
- C:\Windows\System\TnonGMa.exe
  C:\Windows\System\TnonGMa.exe
  2⤵
  PID:9388
- C:\Windows\System\JuzhYSE.exe
  C:\Windows\System\JuzhYSE.exe
  2⤵
  PID:9408
- C:\Windows\System\nzEFVaa.exe
  C:\Windows\System\nzEFVaa.exe
  2⤵
  PID:9424
- C:\Windows\System\MKpiTvu.exe
  C:\Windows\System\MKpiTvu.exe
  2⤵
  PID:9444
- C:\Windows\System\DOwkjjh.exe
  C:\Windows\System\DOwkjjh.exe
  2⤵
  PID:9460
- C:\Windows\System\JlfShsx.exe
  C:\Windows\System\JlfShsx.exe
  2⤵
  PID:9476
- C:\Windows\System\ZnKhuZd.exe
  C:\Windows\System\ZnKhuZd.exe
  2⤵
  PID:9492
- C:\Windows\System\JxaIUkP.exe
  C:\Windows\System\JxaIUkP.exe
  2⤵
  PID:9508
- C:\Windows\System\CoLwhFH.exe
  C:\Windows\System\CoLwhFH.exe
  2⤵
  PID:9524
- C:\Windows\System\kIjlZRa.exe
  C:\Windows\System\kIjlZRa.exe
  2⤵
  PID:9540
- C:\Windows\System\YJRMSec.exe
  C:\Windows\System\YJRMSec.exe
  2⤵
  PID:9556
- C:\Windows\System\eXYClaQ.exe
  C:\Windows\System\eXYClaQ.exe
  2⤵
  PID:9572
- C:\Windows\System\gzVnuqa.exe
  C:\Windows\System\gzVnuqa.exe
  2⤵
  PID:9592
- C:\Windows\System\pQOQbak.exe
  C:\Windows\System\pQOQbak.exe
  2⤵
  PID:9612
- C:\Windows\System\JcnPxeX.exe
  C:\Windows\System\JcnPxeX.exe
  2⤵
  PID:9628
- C:\Windows\System\ZKGzylx.exe
  C:\Windows\System\ZKGzylx.exe
  2⤵
  PID:9644
- C:\Windows\System\IwcVLnI.exe
  C:\Windows\System\IwcVLnI.exe
  2⤵
  PID:9660
- C:\Windows\System\DqlzozI.exe
  C:\Windows\System\DqlzozI.exe
  2⤵
  PID:9676
- C:\Windows\System\VPwmOOY.exe
  C:\Windows\System\VPwmOOY.exe
  2⤵
  PID:9692
- C:\Windows\System\cfYDkWb.exe
  C:\Windows\System\cfYDkWb.exe
  2⤵
  PID:9708
- C:\Windows\System\RYrHzIn.exe
  C:\Windows\System\RYrHzIn.exe
  2⤵
  PID:9724
- C:\Windows\System\qgKGyMw.exe
  C:\Windows\System\qgKGyMw.exe
  2⤵
  PID:9740
- C:\Windows\System\mKkqwfZ.exe
  C:\Windows\System\mKkqwfZ.exe
  2⤵
  PID:9756
- C:\Windows\System\SckspZn.exe
  C:\Windows\System\SckspZn.exe
  2⤵
  PID:9772
- C:\Windows\System\cUbtHPn.exe
  C:\Windows\System\cUbtHPn.exe
  2⤵
  PID:9788
- C:\Windows\System\EBhDAnH.exe
  C:\Windows\System\EBhDAnH.exe
  2⤵
  PID:9804
- C:\Windows\System\YgTyjFT.exe
  C:\Windows\System\YgTyjFT.exe
  2⤵
  PID:9820
- C:\Windows\System\uDZaKEz.exe
  C:\Windows\System\uDZaKEz.exe
  2⤵
  PID:9836
- C:\Windows\System\KduDLfK.exe
  C:\Windows\System\KduDLfK.exe
  2⤵
  PID:9852
- C:\Windows\System\JkezWOb.exe
  C:\Windows\System\JkezWOb.exe
  2⤵
  PID:9900
- C:\Windows\System\sHUfzYP.exe
  C:\Windows\System\sHUfzYP.exe
  2⤵
  PID:9920
- C:\Windows\System\KrAhamo.exe
  C:\Windows\System\KrAhamo.exe
  2⤵
  PID:9936
- C:\Windows\System\TJjjwIl.exe
  C:\Windows\System\TJjjwIl.exe
  2⤵
  PID:9952
- C:\Windows\System\urrspcr.exe
  C:\Windows\System\urrspcr.exe
  2⤵
  PID:9968
- C:\Windows\System\ZnBasnS.exe
  C:\Windows\System\ZnBasnS.exe
  2⤵
  PID:9984
- C:\Windows\System\HdnwHRg.exe
  C:\Windows\System\HdnwHRg.exe
  2⤵
  PID:10000
- C:\Windows\System\UiCaFzo.exe
  C:\Windows\System\UiCaFzo.exe
  2⤵
  PID:10020
- C:\Windows\System\afOfHcz.exe
  C:\Windows\System\afOfHcz.exe
  2⤵
  PID:10040
- C:\Windows\System\zVlCHvP.exe
  C:\Windows\System\zVlCHvP.exe
  2⤵
  PID:10060
- C:\Windows\System\KPafytW.exe
  C:\Windows\System\KPafytW.exe
  2⤵
  PID:10080
- C:\Windows\System\hpPpXSw.exe
  C:\Windows\System\hpPpXSw.exe
  2⤵
  PID:10096
- C:\Windows\System\bukEUgu.exe
  C:\Windows\System\bukEUgu.exe
  2⤵
  PID:10116
- C:\Windows\System\CZqEFxd.exe
  C:\Windows\System\CZqEFxd.exe
  2⤵
  PID:10136
- C:\Windows\System\aTfxDHM.exe
  C:\Windows\System\aTfxDHM.exe
  2⤵
  PID:10152
- C:\Windows\System\tkOSmYa.exe
  C:\Windows\System\tkOSmYa.exe
  2⤵
  PID:10168
- C:\Windows\System\AoZKvWP.exe
  C:\Windows\System\AoZKvWP.exe
  2⤵
  PID:10184
- C:\Windows\System\VLvTfpX.exe
  C:\Windows\System\VLvTfpX.exe
  2⤵
  PID:10204
- C:\Windows\System\SbhuCpp.exe
  C:\Windows\System\SbhuCpp.exe
  2⤵
  PID:10220
- C:\Windows\System\CJaTQHZ.exe
  C:\Windows\System\CJaTQHZ.exe
  2⤵
  PID:10236
- C:\Windows\System\vZncofJ.exe
  C:\Windows\System\vZncofJ.exe
  2⤵
  PID:8936
- C:\Windows\System\UzQAwwK.exe
  C:\Windows\System\UzQAwwK.exe
  2⤵
  PID:9360
- C:\Windows\System\aObDdjd.exe
  C:\Windows\System\aObDdjd.exe
  2⤵
  PID:8700
- C:\Windows\System\ZEEGamx.exe
  C:\Windows\System\ZEEGamx.exe
  2⤵
  PID:8800
- C:\Windows\System\VwGYTGl.exe
  C:\Windows\System\VwGYTGl.exe
  2⤵
  PID:9356
- C:\Windows\System\vruqBTq.exe
  C:\Windows\System\vruqBTq.exe
  2⤵
  PID:9404
- C:\Windows\System\wivPNir.exe
  C:\Windows\System\wivPNir.exe
  2⤵
  PID:9472
- C:\Windows\System\GdrwhQg.exe
  C:\Windows\System\GdrwhQg.exe
  2⤵
  PID:9600
- C:\Windows\System\OIppmnW.exe
  C:\Windows\System\OIppmnW.exe
  2⤵
  PID:9608
- C:\Windows\System\QTHnNDr.exe
  C:\Windows\System\QTHnNDr.exe
  2⤵
  PID:9636
- C:\Windows\System\BoIwDmL.exe
  C:\Windows\System\BoIwDmL.exe
  2⤵
  PID:9280
- C:\Windows\System\eBOtwxt.exe
  C:\Windows\System\eBOtwxt.exe
  2⤵
  PID:9300
- C:\Windows\System\MDXmHuT.exe
  C:\Windows\System\MDXmHuT.exe
  2⤵
  PID:9384
- C:\Windows\System\qVyTQyL.exe
  C:\Windows\System\qVyTQyL.exe
  2⤵
  PID:9260
- C:\Windows\System\kwlnVCJ.exe
  C:\Windows\System\kwlnVCJ.exe
  2⤵
  PID:9452
- C:\Windows\System\lmsdDjn.exe
  C:\Windows\System\lmsdDjn.exe
  2⤵
  PID:9580
- C:\Windows\System\IFhrdTi.exe
  C:\Windows\System\IFhrdTi.exe
  2⤵
  PID:9520
- C:\Windows\System\eVNjsZw.exe
  C:\Windows\System\eVNjsZw.exe
  2⤵
  PID:8820
- C:\Windows\System\qWSxbRR.exe
  C:\Windows\System\qWSxbRR.exe
  2⤵
  PID:9668
- C:\Windows\System\fHfSouv.exe
  C:\Windows\System\fHfSouv.exe
  2⤵
  PID:9700
- C:\Windows\System\AvSqoeI.exe
  C:\Windows\System\AvSqoeI.exe
  2⤵
  PID:9732
- C:\Windows\System\xmMlGrD.exe
  C:\Windows\System\xmMlGrD.exe
  2⤵
  PID:9084
- C:\Windows\System\LNcAuhg.exe
  C:\Windows\System\LNcAuhg.exe
  2⤵
  PID:9780
- C:\Windows\System\xVMAAKE.exe
  C:\Windows\System\xVMAAKE.exe
  2⤵
  PID:9832
- C:\Windows\System\ZGswKtD.exe
  C:\Windows\System\ZGswKtD.exe
  2⤵
  PID:9860
- C:\Windows\System\gEwSvmF.exe
  C:\Windows\System\gEwSvmF.exe
  2⤵
  PID:9888
- C:\Windows\System\dYmhvWC.exe
  C:\Windows\System\dYmhvWC.exe
  2⤵
  PID:9932
- C:\Windows\System\GyPSqkP.exe
  C:\Windows\System\GyPSqkP.exe
  2⤵
  PID:9916
- C:\Windows\System\FkGSnXv.exe
  C:\Windows\System\FkGSnXv.exe
  2⤵
  PID:10008
- C:\Windows\System\GxIrMrh.exe
  C:\Windows\System\GxIrMrh.exe
  2⤵
  PID:10048
- C:\Windows\System\FerifLd.exe
  C:\Windows\System\FerifLd.exe
  2⤵
  PID:10072
- C:\Windows\System\DgwNPsk.exe
  C:\Windows\System\DgwNPsk.exe
  2⤵
  PID:10108
- C:\Windows\System\tLwayWf.exe
  C:\Windows\System\tLwayWf.exe
  2⤵
  PID:10124
- C:\Windows\System\QfylJto.exe
  C:\Windows\System\QfylJto.exe
  2⤵
  PID:10160
- C:\Windows\System\GpVOGKY.exe
  C:\Windows\System\GpVOGKY.exe
  2⤵
  PID:10180
- C:\Windows\System\ulmhMMh.exe
  C:\Windows\System\ulmhMMh.exe
  2⤵
  PID:10216
- C:\Windows\System\CJoVxOX.exe
  C:\Windows\System\CJoVxOX.exe
  2⤵
  PID:8696
- C:\Windows\System\ltaRGlr.exe
  C:\Windows\System\ltaRGlr.exe
  2⤵
  PID:9400
- C:\Windows\System\zFYacpe.exe
  C:\Windows\System\zFYacpe.exe
  2⤵
  PID:9536
- C:\Windows\System\eXPisCT.exe
  C:\Windows\System\eXPisCT.exe
  2⤵
  PID:9272
- C:\Windows\System\AKaDTaD.exe
  C:\Windows\System\AKaDTaD.exe
  2⤵
  PID:9288
- C:\Windows\System\VCfzJql.exe
  C:\Windows\System\VCfzJql.exe
  2⤵
  PID:9844
- C:\Windows\System\UUuBBFP.exe
  C:\Windows\System\UUuBBFP.exe
  2⤵
  PID:10200
- C:\Windows\System\cXpxuCG.exe
  C:\Windows\System\cXpxuCG.exe
  2⤵
  PID:9296
- C:\Windows\System\jwQpLPv.exe
  C:\Windows\System\jwQpLPv.exe
  2⤵
  PID:9228
- C:\Windows\System\umvfdik.exe
  C:\Windows\System\umvfdik.exe
  2⤵
  PID:9268
- C:\Windows\System\bcPcKJQ.exe
  C:\Windows\System\bcPcKJQ.exe
  2⤵
  PID:9748
- C:\Windows\System\YWnuNVO.exe
  C:\Windows\System\YWnuNVO.exe
  2⤵
  PID:10132
- C:\Windows\System\MkXSyDZ.exe
  C:\Windows\System\MkXSyDZ.exe
  2⤵
  PID:9816
- C:\Windows\System\WsScfyg.exe
  C:\Windows\System\WsScfyg.exe
  2⤵
  PID:9720
- C:\Windows\System\WVKnlkl.exe
  C:\Windows\System\WVKnlkl.exe
  2⤵
  PID:9876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AXfVUpj.exe

Filesize
6.0MB

MD5
4e272f52d7861148f5ecb89da4391d8c

SHA1
421db2fb2056d8bf5916592274a82b809ce5a1a7

SHA256
a2b88e085bc99e16fba7a710920baf938da8ff80d61eeb48c633f45ed06e7f25

SHA512
46a3e97981bea23a044014ab274c5c6ff6afbce85f815c5ce30f511ff82da3e8c3e3c3df3f7cb40b611cbce61589a3929dde12afc28941148257be26131b732e

Download Submit
C:\Windows\system\AuOYsra.exe

Filesize
6.0MB

MD5
e9376fd3f0cdc49521a57c58fd063848

SHA1
0bfbb8f8ed6d854e1bf4d377443061521b07a8c3

SHA256
a6276556916b25a0beb593df1a1c7f88afc2dd03f18c9bdd07cff2b5449631fb

SHA512
f3b6d8013f9d7147351508ba9fffc1b4ee5d9cabc5102eb83efd32ff5bbda141ffa00a18c6913d74a1cdc1ce5e883f93f989f1e3f358c010d91cbe6c34f62bba

Download Submit
C:\Windows\system\BMIUcnl.exe

Filesize
6.0MB

MD5
f50ce688456677f1747cc28424fd4f12

SHA1
3d4803589d6f2b021addc50de12bd0c24940b8c2

SHA256
a501e75441f9e4b56537a1b561d40875f4975788997d4d25a7c49348368de569

SHA512
407d1e2d513afcdc18fd1083733c0bb42d4b1b088d0eb6d63c7dfdd7a3858f7288b4ee42895433675e4dba282e5db4fbc862e392a90f37f3d31af554ba7f5516

Download Submit
C:\Windows\system\FMzaMTY.exe

Filesize
6.0MB

MD5
1a78d3a21f140c63e0d0977e056d2604

SHA1
87774eb08136b50a789a35dd5985976e8f0735c4

SHA256
f3c68eeedb3b2267574919a93da3e3d905623de8e94f043e8eafd932950e685b

SHA512
dcb6f28dde280ccdb44dbad822d77427f8e4f1944696fecc02ced8b8e56e647dbfc4638392085c2a7123c008003682690863a7b301d40f8eeca59e56fb14ddfd

Download Submit
C:\Windows\system\FivJfXa.exe

Filesize
6.0MB

MD5
63a23d2ae252a055145387548088ed4f

SHA1
642d32efc3c3fa738921225d76d09fcd4e557176

SHA256
4ace1431df1afc788e8f2440e8dcbc9e8bfbfc2c0493dfaa80f59db3a9892494

SHA512
42b299f80011c5ca4c3d0dd367eaed0d3370e9cea326fa92cbebeae8c7bf7f805134fcbbcedeb06e594975b98984e6a9a5b792979b880c6fa66717f99ce9dd8b

Download Submit
C:\Windows\system\GivYIjY.exe

Filesize
6.0MB

MD5
e2a15e44dae17a3f62ddd88fdb6dabbe

SHA1
b7c5774ac7a8fba8cae3624dff56a4817ac81a3b

SHA256
26a17cae4e4757512241cdcc96fe46ea452fe5412fb8650c3c9d718038b2f486

SHA512
6e67f3ee7f01dab976720cb2532143e9a00b8b7466577d86b549d6c2914fa4108461090d929cf590699f0489fc94da100efe887d8e0fea542f828aac8ac22468

Download Submit
C:\Windows\system\HdRmLOM.exe

Filesize
6.0MB

MD5
0ce1e60bd26591fa80f1d6ca240c662a

SHA1
04ea37d5ad8af4159e2f9095c6351670ba9d1e54

SHA256
01a1734a45ad4151488b5f150ab3d42e2b1166efab78befb4ef94cfc404538f9

SHA512
98f585480ffb17e9c8709979e1260cbedc039ea00bfbcade4c638718cae4b1de50ab44b64614e711158bad9ee5683294016fb49689a5e5cc416d6ebf1ef832b2

Download Submit
C:\Windows\system\HoivJoP.exe

Filesize
6.0MB

MD5
5865850703affd0bef639c02ae1907b2

SHA1
6c8ae353b0362be3ae7d83336030fe902c6488c8

SHA256
43fa7edabe6c9f3b5ee86e44fa2cadc94712c3460e83e5501be8616d1d1831fd

SHA512
73700a2c178c50b4f7e7e950ae673cdf5ab823386bab283801a8cc7070a2b2e67f0c478d95038cf66a53a4a03cab7f3ef0fa875ae1f3409e2240024abc605a59

Download Submit
C:\Windows\system\JAbxilH.exe

Filesize
6.0MB

MD5
f3726c8fe45948c6d2ee706d5363cd7b

SHA1
92624a2a5856ae7a19b012b53bb35a42983db4c8

SHA256
33cb5da0626b80ea0adac89e811e5554ce60c7e5d18f9c87c4e67898fe72171f

SHA512
f3fdf4213ece63146ef973d138e410257e726b3577909d0c9ee4101063a16921e3d85b431c4a099b5a93654bbeb624e91db0db2a02519386e3d2bf819944d76f

Download Submit
C:\Windows\system\LRzOqKM.exe

Filesize
6.0MB

MD5
489d4a876e6d98046f1a3eb63d122417

SHA1
893a76d4fe47dc6f2ff7a9e9b9ca7c34c28a0d59

SHA256
b1988ccd02daed67eca53d9f24777725112e3d145e67efe5dbd9dbde679d803d

SHA512
0c33505ba0037a4887232927e10c7ecd654b46c298bacee60b588cebc5c7be3ff9ac7b50c71a3372b833ab7f0cf43523a077ee632eb099ccef2b82647de23923

Download Submit
C:\Windows\system\OxYAlFQ.exe

Filesize
6.0MB

MD5
30583439ee2b196724bacc359bd47f7c

SHA1
76cb001a574e6567220b4f14bdddc2fedeaafc3c

SHA256
5a02ce235f0e2fc9f132407364cfd3daa35a113dec9f9883df182927233e66d0

SHA512
c7db8ffcbf0be50c9e2ad85654e62d7362856ae727f5ac83c1bc0308cdb5e674071eacbb5b8eae0690bdda0e9e79ffc55b65e251fe3368ceb0f1682103561df2

Download Submit
C:\Windows\system\RgvlSJQ.exe

Filesize
6.0MB

MD5
b61065508b43dd6b283a1b95d6e2600b

SHA1
7faabb8c5a816f7d5000ae7430f49797bd27141c

SHA256
4f00c2bc16d21f8f40a1b55f36703fbb10f037954308ecd34eaa6fe6e9157614

SHA512
9167f7fe4c4b48b2f2dbcac180909b7af8052e3c9d0727506fe0f59e314f894cd93a35125df30f5b0bdd58b9ea5214175b6eab48ead20423e392effaeec3fe75

Download Submit
C:\Windows\system\XoayDML.exe

Filesize
6.0MB

MD5
51c2ef071ea54c61112d17864d4f10b4

SHA1
7b83681ce91ed202c003f4705847a0979956b5c3

SHA256
ba4b312d751c209365a532005f4492c67945798d9c41aafa1bd57e6f3f5eb2d8

SHA512
c65dd2facc31cd4698f4c813aa7de970da59a0ff76ac4acb78355ae51ab354b4be86c752c72bd4b020c71586fb1e34ee31f7cbc1261d910f2f5d22a72f1c4b94

Download Submit
C:\Windows\system\dISUelP.exe

Filesize
6.0MB

MD5
41bfc590a27a6b6bd8091d00c291c64b

SHA1
e11da409c7e454bc008db390a2dbef68f2a392ac

SHA256
b10f919285827d0c810a4f820f0e905a50e9a1ac5b193e49ca099c5c76bcfaa5

SHA512
9fadc47b52d53a7b5bea0ce389832a70e47f38ec19e3153fc05f3e2d700742d919946fe1a860a7ede26c4a0208cc3ff181bf0f9e187c6d25bc28a133ab06949f

Download Submit
C:\Windows\system\egcQrrJ.exe

Filesize
6.0MB

MD5
c6f3fb056052f7fb8196466001668684

SHA1
2f7da506fa3129a780c570c3e88780f8a7678099

SHA256
5a152cf433e203923196afe3eb3f0f927480ff2120631ef289a0c73d0656d544

SHA512
ae0e3ab7cfc603782c8c8175ee62a34499c3b257233c1486dca5eaadbc9ad5afd0f4c9bc3481812ec92cf196d3a724ffa42d9238d281152725a197bc30a9449e

Download Submit
C:\Windows\system\elAjsBb.exe

Filesize
6.0MB

MD5
01ac8676527d090b8b2070f86feb2a44

SHA1
9b0a31bfb1a18e5a3ed1d4f840a274b4940d39fc

SHA256
7ff7aa2d87cc4fc4884d105643968e55c11c33f337db5a00a96f1aaa9dd94f22

SHA512
753b57fabb134774c2a844b212bfb0ca6d868fd9e9c422c88c9239bfec20fb04bb2d0bcd995a71b2ff17123332960bead5a449863578e9e3d330bc65d99287d0

Download Submit
C:\Windows\system\eqYeLnJ.exe

Filesize
6.0MB

MD5
b02428940d2c30ec62abfd3eb5baf90d

SHA1
e085a5338901a86d17e3f5109c076fc86c41df35

SHA256
35f980416740738022c0ed859a787ba800c8a07d0cecc3bb976d21e41ee42efb

SHA512
b2cbce15911d9b767e76be95755e25fd39c32d5ff90d1dc64a8fea61360b1f9118a38c6cff1a0a30d95fbf9df7ae330826d13486cf1864f76e3ee2fae6b9f98c

Download Submit
C:\Windows\system\evHrUVx.exe

Filesize
6.0MB

MD5
f59ba51782102ec811695dea44f68607

SHA1
b6fb4996b39693a85cca41537d0295e3a7b5b333

SHA256
d1639187e873dd602f8964a3141688f85a220994b5516c40f55f8c72377ef268

SHA512
3bd9231c47344bf68127556ab27c366f59534f521cebea11bc4be1713de71fdc838b67596ea294403265e0f02a84eef1f32c8999808976434c6a1aa5dcfbcacf

Download Submit
C:\Windows\system\hiryqvD.exe

Filesize
6.0MB

MD5
629b04d3695eb5510de6d9c1316e8259

SHA1
05b578afec62d613a26795e0f1b07511e7168c79

SHA256
89276b5bcfb1a3596fa8effa00f043d37ecaf74ec9d54ef5c1f976ea46bc3b51

SHA512
bf3a642e6a3749427bb16283aa4c28af64e20a2cac684fbfe21b271db01d7f2c0f9dde8e1a151491ba1bba625404045cb448a14bc7406c3732a5c997d7d3d253

Download Submit
C:\Windows\system\mJptEtT.exe

Filesize
6.0MB

MD5
3cabaa7b7ed0a686accb98b4824eaac5

SHA1
3adcd115919695b22a92c6f7a639fd6afd02cd17

SHA256
6bd6f56f228836b39e47fbc6c9ae90d95f771be86d3ab4498e979be4e39b10ac

SHA512
77bdfbb8d597b2f3efabe0eafddef484128cf9448a2a88d7c25194dcec3f8d8c3ede8efdfde9f90fa218a38052ad2704dc7df99fe261bd4c9785c3122469f122

Download Submit
C:\Windows\system\mLkwEnf.exe

Filesize
6.0MB

MD5
35803f229ed7fce0fbc59e8bb89b4ad9

SHA1
2242a3a7fb3ea7fb23cdbaa3931254f464b2c419

SHA256
ebe310b7265cbae0b55cc1defdb4b21acf0c8b30c8e7351ff399949fb043ad30

SHA512
977b80896b1b635199a9fe935129a1a539510a4e4ff87cc823b199a660e0e8a6cfa70257baa83835436db9744061c45824e56f38ad217d82ba5a75b8a7f562af

Download Submit
C:\Windows\system\nQFmCVw.exe

Filesize
6.0MB

MD5
7bfacd0b1ffcaaeae048588f20328be2

SHA1
ef546920751eae76e6de85078bb6a3cb576baf53

SHA256
e18b37cd050011c1b61b15f13a17775004650e325644ecf905a53ccc47eb9844

SHA512
9ee12876bcf65e05a938cae0bf89d2ee9a72e7dd7dc96d69fb6c7af277dc5db370ce89a3b036816cdb684a070a49d06be24c380a0bb2bf49a9baa5b8196040cb

Download Submit
C:\Windows\system\nfhEIKQ.exe

Filesize
6.0MB

MD5
56252437b9a1c03337b4322b2828bb3e

SHA1
8e6605d1ee81a0dcc90e72191052ae3e0555c620

SHA256
a0bbd12982f6fc034bcc718ae403f02a06a7059e30a6f392f74903e509471cee

SHA512
f3d0a503567955b6238e958a8bef3f34cd0173e7046c9e89414b31360813b6791ce774658e4ccd11318ea9b602324d5bb7394d6626ea700545c94ddaec559fbf

Download Submit
C:\Windows\system\qFZGtHY.exe

Filesize
6.0MB

MD5
e493b375eec5e682f918663a2d8d8122

SHA1
e365e67c4369a017506417308ae56bafa3714376

SHA256
cd2163f9d2f6c6445ce0af8007b56c06ec7317dd3b3fd4132f31e688d401f1c2

SHA512
9ee118b57bd9be426c4415b785625ec35f9aeef99f2bcf93d7d9739ed27ba17cacea5b1fb04112b1de6a44f6acd20f5cbac4af488cd57363ac2732255c84f787

Download Submit
C:\Windows\system\tqBVrnH.exe

Filesize
6.0MB

MD5
1dea3b9f141b06d6dc65d123552ad804

SHA1
2ff2f2301d1d4edc3391896ddc02dadb3a93cc3c

SHA256
7eb0fb5fb6299d33b9378ad4e6ac50f54f49d8e1077495e90346226fc9219833

SHA512
5740941eef0f72e9c4ec38c26bda26127be78e93a7b4787f5aa86c21e49abcc533602e8840cbb9aae74fb4a462e21cf3c04055e4397f611ea6c1ca5a621296f7

Download Submit
C:\Windows\system\wEsuOuO.exe

Filesize
6.0MB

MD5
e99b91aca54e56953a7e558f5a53b9a1

SHA1
8131204c20f2762793c0f67952676f401b0e3a39

SHA256
1ca21422595d8ab0f608869ac0aec518be5f5476ce2e0b39cb0e07499372fe38

SHA512
cce6a7064dd71dd48f2bb79ad9db95e17728cd6231377cdde6c5a09aeeffaa08dadadacb3bfea96d61c91464faa6387504d3a38419d5eac4400b34fc0ada8c2c

Download Submit
C:\Windows\system\wJdWeau.exe

Filesize
6.0MB

MD5
4fc004b8ae31879053cc7678b4f33e6f

SHA1
f02777802843526c8644533edf2d491a2b20db8d

SHA256
26902a4fad7f0bda486b82d06b7c5936d58dbdfb185ce71286de5687743b8bb8

SHA512
95dacb3ed50d990ad62afcd3e1ddeae7dfab1966dd2e268c32fd10fef0fe5abc7ab7a06058785a5721bba2530acaf3e7c4f1499c00b42a3cbe59328c3c9402c9

Download Submit
C:\Windows\system\wTAARfW.exe

Filesize
6.0MB

MD5
6edbdfada255c75b112c4f27d8043cb6

SHA1
9d7ca4bdcbf497be2705089261a77a8b87b8a552

SHA256
a756c35cec4173364ccc9e247fab3d7b700a19b7e42d3a96e397d8eb8673f6e4

SHA512
8744ccafee972b2ffee58c281ee58bab64d9ca322c2708e37c292afa7b99f90e9da60986552b245febaa144dfaaa426f5f4c31a1c07a1716b4f38e88381ee977

Download Submit
C:\Windows\system\yaPuTvF.exe

Filesize
6.0MB

MD5
ef16dcd93fbe6fefc7bb5e2afb21f299

SHA1
38036e158dce574a797756346ec0ab10a90a7ec7

SHA256
6da39794a502cf2ea90449fae0db757b30d11253f57e905855e59d999d57df64

SHA512
fbef6f453b2702db2c30b23b9881ac40db18525d87eeccabaaf6ca3960718bfec11923cb47f731585e670fc432f5fddd0cf024943bdde0ebd9ccaf9c60f98ef4

Download Submit
C:\Windows\system\zrcXcRS.exe

Filesize
6.0MB

MD5
dc841b46a6a0a831df85c7949b1a44e3

SHA1
1a9bc22f43fd9595a03bfa2730fe9f094449550b

SHA256
dbe0d3cf82782ae4a13504c95ce54b8be0512464e4f08db54bade8c838e37f71

SHA512
4f261547db98054d11fce4a77d526e9e57b7a82fb58b7e1d1f5feb02865e456f5e7b152a998374ac5c6c6a50ce6eac8e2ece48cfaae280c349f906ffa919d059

Download Submit
\Windows\system\bSWHRzA.exe

Filesize
6.0MB

MD5
68de9fe83436fd1ce20f9fafa901cbc7

SHA1
94817d70d932f546504aabef10ff8937be5bcd11

SHA256
f17cdddc5bdc26e1071c705a869bc100eedf9a671131743a3902affa3e42ff4f

SHA512
3a71fbbe0ca9aa5c876f26480a83fd2731f7ad81c266ce1ef1f64b5554b4e6574e2cb32b9a5884d2ae0c6ec2c7e0357b688d75fc9c546b85e104524043f21edd

Download Submit
\Windows\system\gtiaJum.exe

Filesize
6.0MB

MD5
5b1ce42d3f2318e1a7a2b1a4049670c4

SHA1
59f4a7d1022c0b8fad8af7f9ba871a4a62e05708

SHA256
d06d25e32312f486e647711569095ca27692917c246c3b09826219d98eb795f3

SHA512
aa24f43ee937275d3b5b3b5ee1668897fefb7858033d56e9ea0e6db6037dc9d4f699adaca246dd29e1bd02653d2d6ac39fd44c58d88cc516635707bad08a682f

Download Submit
memory/2192-2331-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-2841-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-2266-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2260-2817-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2000-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2828-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2464-2796-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2464-2368-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-2077-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2496-2805-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2524-0-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2793-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2334-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2310-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-4790-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3905-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2305-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2278-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2524-5405-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2986-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2794-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-83-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2089-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3143-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2955-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3046-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2916-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2524-1922-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2342-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2524-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2524-2013-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2600-2834-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-2820-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2808-2304-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2880-2853-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-2339-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-2846-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-2309-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download