cobaltstrike | 90b2ed6176379b81acc89e8806f6a99071cae1a78faaa48ddf8fb1359defc2a6

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a909b96c8e0d533af0febba5df782539
SHA1

4b4da26f0205e0774d8b5c4a07bd64af9d249857
SHA256

90b2ed6176379b81acc89e8806f6a99071cae1a78faaa48ddf8fb1359defc2a6
SHA512

3f7c021f8216ef8d7e724931e80123c0d098574c0bdae4b5fceef1e59f3a356d4df980b4b67ab4e531acdd438a4897c83c6b2ccd8b7d333f2f613a3a62c47f43
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUE:T+q56utgpPF8u/7E

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0009000000012266-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018b28-9.dat	cobalt_reflective_dll
behavioral1/files/0x00280000000186b7-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b50-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b64-37.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b54-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b71-49.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b89-53.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018baf-66.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018bbf-68.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-98.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a404-199.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2488-0-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x0009000000012266-3.dat	xmrig
behavioral1/memory/2396-8-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x0009000000018b28-9.dat	xmrig
behavioral1/memory/2900-15-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/files/0x00280000000186b7-11.dat	xmrig
behavioral1/files/0x0008000000018b50-21.dat	xmrig
behavioral1/memory/2876-23-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/568-28-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2488-26-0x00000000022A0000-0x00000000025F4000-memory.dmp	xmrig
behavioral1/memory/2804-35-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2396-38-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b64-37.dat	xmrig
behavioral1/memory/2488-42-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2796-43-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000018b54-33.dat	xmrig
behavioral1/memory/2488-32-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2876-47-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2900-46-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/568-48-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b71-49.dat	xmrig
behavioral1/files/0x0007000000018b89-53.dat	xmrig
behavioral1/memory/2804-52-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2836-65-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2820-67-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x0008000000018baf-66.dat	xmrig
behavioral1/memory/1336-63-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2796-61-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000018bbf-68.dat	xmrig
behavioral1/memory/2488-69-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/1996-74-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/files/0x000500000001998d-83.dat	xmrig
behavioral1/memory/1044-81-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/1472-88-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x0005000000019820-79.dat	xmrig
behavioral1/memory/2488-89-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf6-98.dat	xmrig
behavioral1/memory/2700-96-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2488-100-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2836-95-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf5-94.dat	xmrig
behavioral1/memory/2820-99-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/1996-101-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/1044-102-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/1472-103-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf9-108.dat	xmrig
behavioral1/files/0x0005000000019c3c-112.dat	xmrig
behavioral1/memory/1928-118-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2700-120-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d61-121.dat	xmrig
behavioral1/files/0x0005000000019d62-127.dat	xmrig
behavioral1/files/0x0005000000019d6d-131.dat	xmrig
behavioral1/files/0x0005000000019e92-139.dat	xmrig
behavioral1/files/0x0005000000019fd4-142.dat	xmrig
behavioral1/files/0x0005000000019fdd-148.dat	xmrig
behavioral1/files/0x000500000001a03c-152.dat	xmrig
behavioral1/files/0x000500000001a049-159.dat	xmrig
behavioral1/files/0x000500000001a0b6-161.dat	xmrig
behavioral1/files/0x000500000001a309-169.dat	xmrig
behavioral1/files/0x000500000001a3ab-173.dat	xmrig
behavioral1/files/0x000500000001a3f6-177.dat	xmrig
behavioral1/files/0x000500000001a3f8-184.dat	xmrig
behavioral1/files/0x000500000001a3fd-188.dat	xmrig
behavioral1/files/0x000500000001a400-193.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2396	EEriJZa.exe
2900	HHucLcP.exe
2876	ptvtWPr.exe
568	PYVUwtT.exe
2804	aXxzHqG.exe
2796	UwGgMaW.exe
1336	WaETOIK.exe
2836	zqNjwLy.exe
2820	IJjnylx.exe
1996	EoHYnpY.exe
1044	GmnGVWF.exe
1472	BlrNEoi.exe
2700	IrVmVGx.exe
1928	MBBJwKG.exe
3052	efoOVWg.exe
2212	wBQycZZ.exe
2084	boosBmL.exe
384	aDAvFyq.exe
1880	dYoAeaf.exe
2420	SWRqEMR.exe
2356	rJgJzNM.exe
2176	wKkKLrO.exe
2248	CdxkmKg.exe
2468	ROzuydU.exe
2068	EDOYFdk.exe
1972	wEfdhpa.exe
2768	WkPIMVU.exe
1104	GTDELBf.exe
1384	xVOAXZL.exe
1356	cwzivpq.exe
592	OVyKEbx.exe
2600	hPWgHej.exe
1648	eMJgOTu.exe
2092	OMYlfDT.exe
2516	wSuvRVZ.exe
108	MYjObaU.exe
2296	cvZgmbb.exe
1676	yfwNiEi.exe
1328	qxjDqFi.exe
1020	wmmXVei.exe
1036	KuAWoXR.exe
2604	ytIdrxF.exe
1568	CSaUyjN.exe
2612	zJgofvq.exe
2620	DlRHGBs.exe
1612	ydsdSHH.exe
1824	NMwwnlo.exe
2916	FfHzSNe.exe
2912	UpHDGOk.exe
2904	yynwAtX.exe
2944	CZBeUMg.exe
2884	iYhvhZI.exe
2788	TTzmLaY.exe
2992	LCCzKbH.exe
2780	udayrbg.exe
2800	QlXGLKZ.exe
2824	ALJKlEK.exe
3028	XSyFdbV.exe
2364	nRoKwoW.exe
2544	TfmjMSh.exe
1528	YRfluAo.exe
2268	nOCochf.exe
928	qhYNZgV.exe
2240	MUblYpt.exe

Loads dropped DLL 64 IoCs

pid	Process
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2488-0-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x0009000000012266-3.dat	upx
behavioral1/memory/2396-8-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x0009000000018b28-9.dat	upx
behavioral1/memory/2900-15-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/files/0x00280000000186b7-11.dat	upx
behavioral1/files/0x0008000000018b50-21.dat	upx
behavioral1/memory/2876-23-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/568-28-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2804-35-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2396-38-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x0007000000018b64-37.dat	upx
behavioral1/memory/2796-43-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/files/0x0008000000018b54-33.dat	upx
behavioral1/memory/2488-32-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2876-47-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2900-46-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/568-48-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x0007000000018b71-49.dat	upx
behavioral1/files/0x0007000000018b89-53.dat	upx
behavioral1/memory/2804-52-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2836-65-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2820-67-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x0008000000018baf-66.dat	upx
behavioral1/memory/1336-63-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2796-61-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/files/0x0008000000018bbf-68.dat	upx
behavioral1/memory/1996-74-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/files/0x000500000001998d-83.dat	upx
behavioral1/memory/1044-81-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/1472-88-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x0005000000019820-79.dat	upx
behavioral1/files/0x0005000000019bf6-98.dat	upx
behavioral1/memory/2700-96-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2836-95-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x0005000000019bf5-94.dat	upx
behavioral1/memory/2820-99-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/1996-101-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/1044-102-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/1472-103-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x0005000000019bf9-108.dat	upx
behavioral1/files/0x0005000000019c3c-112.dat	upx
behavioral1/memory/1928-118-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2700-120-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x0005000000019d61-121.dat	upx
behavioral1/files/0x0005000000019d62-127.dat	upx
behavioral1/files/0x0005000000019d6d-131.dat	upx
behavioral1/files/0x0005000000019e92-139.dat	upx
behavioral1/files/0x0005000000019fd4-142.dat	upx
behavioral1/files/0x0005000000019fdd-148.dat	upx
behavioral1/files/0x000500000001a03c-152.dat	upx
behavioral1/files/0x000500000001a049-159.dat	upx
behavioral1/files/0x000500000001a0b6-161.dat	upx
behavioral1/files/0x000500000001a309-169.dat	upx
behavioral1/files/0x000500000001a3ab-173.dat	upx
behavioral1/files/0x000500000001a3f6-177.dat	upx
behavioral1/files/0x000500000001a3f8-184.dat	upx
behavioral1/files/0x000500000001a3fd-188.dat	upx
behavioral1/files/0x000500000001a400-193.dat	upx
behavioral1/files/0x000500000001a404-199.dat	upx
behavioral1/memory/2396-329-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2900-330-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2876-349-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/568-355-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\SfrCMmu.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhUICdQ.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VmFWODF.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PkSGSxj.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNssZiS.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CadXrkg.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TtUOBlo.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ReuzmXu.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZumvjO.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gTxWgbI.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gSGZIvy.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XFaygUR.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLZigce.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yruYhVR.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AtmNLcv.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iUgMQCj.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qQuyFMU.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNhJROw.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ltdKxGc.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kvxBNaZ.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fUJQcXF.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvHkvMk.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TysOfxS.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRdjvhs.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lijvdpn.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jMDDSzN.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\guuUAwa.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKNujxL.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uwGinUx.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Jspohrm.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eRocxxv.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhZOhtF.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tcpDwJP.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHFcASy.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DRonXBV.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzBTpvw.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\plsUOEd.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BlHMjDP.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NngLjpU.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ipkNrjw.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\veqHywf.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqNhqvg.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EIOPOvz.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gHaWdbD.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vwtVztG.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qqwyqCj.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYtNlGw.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uLlGihf.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DtuODdH.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zSkxgFD.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oKrXSzI.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ssWUxmm.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aJhGuHf.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zoHIgbv.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IcWIrOb.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PhLNhbD.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eehVqNi.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iYhvhZI.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DzZATtF.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgzFliW.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cRLcEyI.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bgpTrKa.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qnDQLiZ.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vqFQWYu.exe	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 2396	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2488 wrote to memory of 2396	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2488 wrote to memory of 2396	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2488 wrote to memory of 2900	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2488 wrote to memory of 2900	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2488 wrote to memory of 2900	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2488 wrote to memory of 2876	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2488 wrote to memory of 2876	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2488 wrote to memory of 2876	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2488 wrote to memory of 568	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2488 wrote to memory of 568	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2488 wrote to memory of 568	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2488 wrote to memory of 2804	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2488 wrote to memory of 2804	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2488 wrote to memory of 2804	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2488 wrote to memory of 2796	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2488 wrote to memory of 2796	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2488 wrote to memory of 2796	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2488 wrote to memory of 2836	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2488 wrote to memory of 2836	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2488 wrote to memory of 2836	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2488 wrote to memory of 1336	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2488 wrote to memory of 1336	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2488 wrote to memory of 1336	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2488 wrote to memory of 2820	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2488 wrote to memory of 2820	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2488 wrote to memory of 2820	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2488 wrote to memory of 1996	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2488 wrote to memory of 1996	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2488 wrote to memory of 1996	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2488 wrote to memory of 1044	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2488 wrote to memory of 1044	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2488 wrote to memory of 1044	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2488 wrote to memory of 1472	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2488 wrote to memory of 1472	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2488 wrote to memory of 1472	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2488 wrote to memory of 2700	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2488 wrote to memory of 2700	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2488 wrote to memory of 2700	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2488 wrote to memory of 1928	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2488 wrote to memory of 1928	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2488 wrote to memory of 1928	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2488 wrote to memory of 2212	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2488 wrote to memory of 2212	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2488 wrote to memory of 2212	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2488 wrote to memory of 3052	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2488 wrote to memory of 3052	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2488 wrote to memory of 3052	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2488 wrote to memory of 2084	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2488 wrote to memory of 2084	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2488 wrote to memory of 2084	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2488 wrote to memory of 384	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2488 wrote to memory of 384	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2488 wrote to memory of 384	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2488 wrote to memory of 1880	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2488 wrote to memory of 1880	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2488 wrote to memory of 1880	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2488 wrote to memory of 2420	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2488 wrote to memory of 2420	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2488 wrote to memory of 2420	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2488 wrote to memory of 2356	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2488 wrote to memory of 2356	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2488 wrote to memory of 2356	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2488 wrote to memory of 2176	2488	2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_a909b96c8e0d533af0febba5df782539_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Windows\System\EEriJZa.exe
  C:\Windows\System\EEriJZa.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\HHucLcP.exe
  C:\Windows\System\HHucLcP.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\ptvtWPr.exe
  C:\Windows\System\ptvtWPr.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\PYVUwtT.exe
  C:\Windows\System\PYVUwtT.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\aXxzHqG.exe
  C:\Windows\System\aXxzHqG.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\UwGgMaW.exe
  C:\Windows\System\UwGgMaW.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\zqNjwLy.exe
  C:\Windows\System\zqNjwLy.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\WaETOIK.exe
  C:\Windows\System\WaETOIK.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\IJjnylx.exe
  C:\Windows\System\IJjnylx.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\EoHYnpY.exe
  C:\Windows\System\EoHYnpY.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\GmnGVWF.exe
  C:\Windows\System\GmnGVWF.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\BlrNEoi.exe
  C:\Windows\System\BlrNEoi.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\IrVmVGx.exe
  C:\Windows\System\IrVmVGx.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\MBBJwKG.exe
  C:\Windows\System\MBBJwKG.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\wBQycZZ.exe
  C:\Windows\System\wBQycZZ.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\efoOVWg.exe
  C:\Windows\System\efoOVWg.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\boosBmL.exe
  C:\Windows\System\boosBmL.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\aDAvFyq.exe
  C:\Windows\System\aDAvFyq.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\dYoAeaf.exe
  C:\Windows\System\dYoAeaf.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\SWRqEMR.exe
  C:\Windows\System\SWRqEMR.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\rJgJzNM.exe
  C:\Windows\System\rJgJzNM.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\wKkKLrO.exe
  C:\Windows\System\wKkKLrO.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\CdxkmKg.exe
  C:\Windows\System\CdxkmKg.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\ROzuydU.exe
  C:\Windows\System\ROzuydU.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\EDOYFdk.exe
  C:\Windows\System\EDOYFdk.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\wEfdhpa.exe
  C:\Windows\System\wEfdhpa.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\WkPIMVU.exe
  C:\Windows\System\WkPIMVU.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\GTDELBf.exe
  C:\Windows\System\GTDELBf.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\xVOAXZL.exe
  C:\Windows\System\xVOAXZL.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\cwzivpq.exe
  C:\Windows\System\cwzivpq.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\OVyKEbx.exe
  C:\Windows\System\OVyKEbx.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\hPWgHej.exe
  C:\Windows\System\hPWgHej.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\eMJgOTu.exe
  C:\Windows\System\eMJgOTu.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\OMYlfDT.exe
  C:\Windows\System\OMYlfDT.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\wSuvRVZ.exe
  C:\Windows\System\wSuvRVZ.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\MYjObaU.exe
  C:\Windows\System\MYjObaU.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\cvZgmbb.exe
  C:\Windows\System\cvZgmbb.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\yfwNiEi.exe
  C:\Windows\System\yfwNiEi.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\qxjDqFi.exe
  C:\Windows\System\qxjDqFi.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\wmmXVei.exe
  C:\Windows\System\wmmXVei.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\KuAWoXR.exe
  C:\Windows\System\KuAWoXR.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\ytIdrxF.exe
  C:\Windows\System\ytIdrxF.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\CSaUyjN.exe
  C:\Windows\System\CSaUyjN.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\zJgofvq.exe
  C:\Windows\System\zJgofvq.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\DlRHGBs.exe
  C:\Windows\System\DlRHGBs.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\ydsdSHH.exe
  C:\Windows\System\ydsdSHH.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\NMwwnlo.exe
  C:\Windows\System\NMwwnlo.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\FfHzSNe.exe
  C:\Windows\System\FfHzSNe.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\UpHDGOk.exe
  C:\Windows\System\UpHDGOk.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\yynwAtX.exe
  C:\Windows\System\yynwAtX.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\iYhvhZI.exe
  C:\Windows\System\iYhvhZI.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\CZBeUMg.exe
  C:\Windows\System\CZBeUMg.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\TTzmLaY.exe
  C:\Windows\System\TTzmLaY.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\LCCzKbH.exe
  C:\Windows\System\LCCzKbH.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\udayrbg.exe
  C:\Windows\System\udayrbg.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\QlXGLKZ.exe
  C:\Windows\System\QlXGLKZ.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\ALJKlEK.exe
  C:\Windows\System\ALJKlEK.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\XSyFdbV.exe
  C:\Windows\System\XSyFdbV.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\nRoKwoW.exe
  C:\Windows\System\nRoKwoW.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\TfmjMSh.exe
  C:\Windows\System\TfmjMSh.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\YRfluAo.exe
  C:\Windows\System\YRfluAo.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\nOCochf.exe
  C:\Windows\System\nOCochf.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\MUblYpt.exe
  C:\Windows\System\MUblYpt.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\qhYNZgV.exe
  C:\Windows\System\qhYNZgV.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\inaigzR.exe
  C:\Windows\System\inaigzR.exe
  2⤵
  PID:1652
- C:\Windows\System\YKFQaGl.exe
  C:\Windows\System\YKFQaGl.exe
  2⤵
  PID:2352
- C:\Windows\System\CVwWHKe.exe
  C:\Windows\System\CVwWHKe.exe
  2⤵
  PID:2276
- C:\Windows\System\yHQHcwc.exe
  C:\Windows\System\yHQHcwc.exe
  2⤵
  PID:1564
- C:\Windows\System\rQLinUr.exe
  C:\Windows\System\rQLinUr.exe
  2⤵
  PID:644
- C:\Windows\System\hWckbXu.exe
  C:\Windows\System\hWckbXu.exe
  2⤵
  PID:860
- C:\Windows\System\KWrNRPa.exe
  C:\Windows\System\KWrNRPa.exe
  2⤵
  PID:1832
- C:\Windows\System\axHmsro.exe
  C:\Windows\System\axHmsro.exe
  2⤵
  PID:1980
- C:\Windows\System\GrORiHJ.exe
  C:\Windows\System\GrORiHJ.exe
  2⤵
  PID:3068
- C:\Windows\System\sZmBSKT.exe
  C:\Windows\System\sZmBSKT.exe
  2⤵
  PID:1148
- C:\Windows\System\vrHwpgY.exe
  C:\Windows\System\vrHwpgY.exe
  2⤵
  PID:272
- C:\Windows\System\dcIBIAR.exe
  C:\Windows\System\dcIBIAR.exe
  2⤵
  PID:284
- C:\Windows\System\QgYmhtr.exe
  C:\Windows\System\QgYmhtr.exe
  2⤵
  PID:1540
- C:\Windows\System\rGUhTnl.exe
  C:\Windows\System\rGUhTnl.exe
  2⤵
  PID:1016
- C:\Windows\System\JfNUyws.exe
  C:\Windows\System\JfNUyws.exe
  2⤵
  PID:548
- C:\Windows\System\XVTXHhS.exe
  C:\Windows\System\XVTXHhS.exe
  2⤵
  PID:2164
- C:\Windows\System\ITDYvaz.exe
  C:\Windows\System\ITDYvaz.exe
  2⤵
  PID:1524
- C:\Windows\System\vxfdTtV.exe
  C:\Windows\System\vxfdTtV.exe
  2⤵
  PID:2440
- C:\Windows\System\HpwDJxu.exe
  C:\Windows\System\HpwDJxu.exe
  2⤵
  PID:2188
- C:\Windows\System\VQenlDY.exe
  C:\Windows\System\VQenlDY.exe
  2⤵
  PID:2196
- C:\Windows\System\eQZuyjt.exe
  C:\Windows\System\eQZuyjt.exe
  2⤵
  PID:2232
- C:\Windows\System\rQiyVja.exe
  C:\Windows\System\rQiyVja.exe
  2⤵
  PID:840
- C:\Windows\System\VWcPsfB.exe
  C:\Windows\System\VWcPsfB.exe
  2⤵
  PID:2004
- C:\Windows\System\UUmgDAO.exe
  C:\Windows\System\UUmgDAO.exe
  2⤵
  PID:1496
- C:\Windows\System\ReuzmXu.exe
  C:\Windows\System\ReuzmXu.exe
  2⤵
  PID:2724
- C:\Windows\System\MEMaWgP.exe
  C:\Windows\System\MEMaWgP.exe
  2⤵
  PID:1284
- C:\Windows\System\PEEOslY.exe
  C:\Windows\System\PEEOslY.exe
  2⤵
  PID:2028
- C:\Windows\System\arxWcAI.exe
  C:\Windows\System\arxWcAI.exe
  2⤵
  PID:456
- C:\Windows\System\MdiyHlD.exe
  C:\Windows\System\MdiyHlD.exe
  2⤵
  PID:1004
- C:\Windows\System\fmKcPiK.exe
  C:\Windows\System\fmKcPiK.exe
  2⤵
  PID:1592
- C:\Windows\System\FqjYltt.exe
  C:\Windows\System\FqjYltt.exe
  2⤵
  PID:1764
- C:\Windows\System\tfdfURR.exe
  C:\Windows\System\tfdfURR.exe
  2⤵
  PID:2764
- C:\Windows\System\MNOzIHw.exe
  C:\Windows\System\MNOzIHw.exe
  2⤵
  PID:1032
- C:\Windows\System\QKlwrCk.exe
  C:\Windows\System\QKlwrCk.exe
  2⤵
  PID:1320
- C:\Windows\System\mSmYMUY.exe
  C:\Windows\System\mSmYMUY.exe
  2⤵
  PID:1508
- C:\Windows\System\WqcfQQn.exe
  C:\Windows\System\WqcfQQn.exe
  2⤵
  PID:2140
- C:\Windows\System\bSvJRXS.exe
  C:\Windows\System\bSvJRXS.exe
  2⤵
  PID:2864
- C:\Windows\System\WIIzZQA.exe
  C:\Windows\System\WIIzZQA.exe
  2⤵
  PID:3048
- C:\Windows\System\aJhGuHf.exe
  C:\Windows\System\aJhGuHf.exe
  2⤵
  PID:2968
- C:\Windows\System\lUslMdY.exe
  C:\Windows\System\lUslMdY.exe
  2⤵
  PID:3008
- C:\Windows\System\RlsoEWO.exe
  C:\Windows\System\RlsoEWO.exe
  2⤵
  PID:2792
- C:\Windows\System\gvJDlIO.exe
  C:\Windows\System\gvJDlIO.exe
  2⤵
  PID:2208
- C:\Windows\System\ZAKEhLt.exe
  C:\Windows\System\ZAKEhLt.exe
  2⤵
  PID:2540
- C:\Windows\System\UwZdpom.exe
  C:\Windows\System\UwZdpom.exe
  2⤵
  PID:2828
- C:\Windows\System\PBHKQsr.exe
  C:\Windows\System\PBHKQsr.exe
  2⤵
  PID:1856
- C:\Windows\System\bSzuYNH.exe
  C:\Windows\System\bSzuYNH.exe
  2⤵
  PID:1920
- C:\Windows\System\JkXoVkS.exe
  C:\Windows\System\JkXoVkS.exe
  2⤵
  PID:2744
- C:\Windows\System\FKXCfNv.exe
  C:\Windows\System\FKXCfNv.exe
  2⤵
  PID:1156
- C:\Windows\System\YesCEBD.exe
  C:\Windows\System\YesCEBD.exe
  2⤵
  PID:2552
- C:\Windows\System\nLZigce.exe
  C:\Windows\System\nLZigce.exe
  2⤵
  PID:320
- C:\Windows\System\JsQJiQG.exe
  C:\Windows\System\JsQJiQG.exe
  2⤵
  PID:1944
- C:\Windows\System\IMfWSGi.exe
  C:\Windows\System\IMfWSGi.exe
  2⤵
  PID:1712
- C:\Windows\System\JAopoin.exe
  C:\Windows\System\JAopoin.exe
  2⤵
  PID:1468
- C:\Windows\System\SfrCMmu.exe
  C:\Windows\System\SfrCMmu.exe
  2⤵
  PID:2448
- C:\Windows\System\KWpxHRL.exe
  C:\Windows\System\KWpxHRL.exe
  2⤵
  PID:792
- C:\Windows\System\zKNrCGY.exe
  C:\Windows\System\zKNrCGY.exe
  2⤵
  PID:1768
- C:\Windows\System\XvpmRuk.exe
  C:\Windows\System\XvpmRuk.exe
  2⤵
  PID:2036
- C:\Windows\System\dnEfkQg.exe
  C:\Windows\System\dnEfkQg.exe
  2⤵
  PID:2260
- C:\Windows\System\PvFRoiw.exe
  C:\Windows\System\PvFRoiw.exe
  2⤵
  PID:2632
- C:\Windows\System\wLAdyCe.exe
  C:\Windows\System\wLAdyCe.exe
  2⤵
  PID:2128
- C:\Windows\System\LUhvgUH.exe
  C:\Windows\System\LUhvgUH.exe
  2⤵
  PID:2444
- C:\Windows\System\MZhOjLE.exe
  C:\Windows\System\MZhOjLE.exe
  2⤵
  PID:2384
- C:\Windows\System\TEqKleL.exe
  C:\Windows\System\TEqKleL.exe
  2⤵
  PID:1804
- C:\Windows\System\cFwioYd.exe
  C:\Windows\System\cFwioYd.exe
  2⤵
  PID:1100
- C:\Windows\System\vCUDHyW.exe
  C:\Windows\System\vCUDHyW.exe
  2⤵
  PID:2624
- C:\Windows\System\CUtGfVn.exe
  C:\Windows\System\CUtGfVn.exe
  2⤵
  PID:1552
- C:\Windows\System\MEnvwyC.exe
  C:\Windows\System\MEnvwyC.exe
  2⤵
  PID:1688
- C:\Windows\System\vLKfJBa.exe
  C:\Windows\System\vLKfJBa.exe
  2⤵
  PID:620
- C:\Windows\System\ooadpdE.exe
  C:\Windows\System\ooadpdE.exe
  2⤵
  PID:2520
- C:\Windows\System\cInxZCu.exe
  C:\Windows\System\cInxZCu.exe
  2⤵
  PID:2880
- C:\Windows\System\EqhArWr.exe
  C:\Windows\System\EqhArWr.exe
  2⤵
  PID:2808
- C:\Windows\System\TzPocth.exe
  C:\Windows\System\TzPocth.exe
  2⤵
  PID:2932
- C:\Windows\System\jGVogsn.exe
  C:\Windows\System\jGVogsn.exe
  2⤵
  PID:3056
- C:\Windows\System\QYzRkrq.exe
  C:\Windows\System\QYzRkrq.exe
  2⤵
  PID:3060
- C:\Windows\System\JqglrBR.exe
  C:\Windows\System\JqglrBR.exe
  2⤵
  PID:596
- C:\Windows\System\ITQjklW.exe
  C:\Windows\System\ITQjklW.exe
  2⤵
  PID:1632
- C:\Windows\System\Jspohrm.exe
  C:\Windows\System\Jspohrm.exe
  2⤵
  PID:2224
- C:\Windows\System\xLpfwWW.exe
  C:\Windows\System\xLpfwWW.exe
  2⤵
  PID:2348
- C:\Windows\System\YZKeMmR.exe
  C:\Windows\System\YZKeMmR.exe
  2⤵
  PID:1984
- C:\Windows\System\KekobDc.exe
  C:\Windows\System\KekobDc.exe
  2⤵
  PID:2960
- C:\Windows\System\rVBalvg.exe
  C:\Windows\System\rVBalvg.exe
  2⤵
  PID:1352
- C:\Windows\System\UBgeNFk.exe
  C:\Windows\System\UBgeNFk.exe
  2⤵
  PID:2372
- C:\Windows\System\mUhgzYQ.exe
  C:\Windows\System\mUhgzYQ.exe
  2⤵
  PID:2692
- C:\Windows\System\fuSWHth.exe
  C:\Windows\System\fuSWHth.exe
  2⤵
  PID:1932
- C:\Windows\System\uhEHbZO.exe
  C:\Windows\System\uhEHbZO.exe
  2⤵
  PID:720
- C:\Windows\System\YfArfUL.exe
  C:\Windows\System\YfArfUL.exe
  2⤵
  PID:1684
- C:\Windows\System\GTLMSVM.exe
  C:\Windows\System\GTLMSVM.exe
  2⤵
  PID:1060
- C:\Windows\System\MlLwjIZ.exe
  C:\Windows\System\MlLwjIZ.exe
  2⤵
  PID:1820
- C:\Windows\System\eeCzgjt.exe
  C:\Windows\System\eeCzgjt.exe
  2⤵
  PID:2560
- C:\Windows\System\sSWNcbs.exe
  C:\Windows\System\sSWNcbs.exe
  2⤵
  PID:1752
- C:\Windows\System\prnvjgk.exe
  C:\Windows\System\prnvjgk.exe
  2⤵
  PID:1616
- C:\Windows\System\VnnZgOe.exe
  C:\Windows\System\VnnZgOe.exe
  2⤵
  PID:1808
- C:\Windows\System\nTzXCli.exe
  C:\Windows\System\nTzXCli.exe
  2⤵
  PID:2496
- C:\Windows\System\JFVbXkI.exe
  C:\Windows\System\JFVbXkI.exe
  2⤵
  PID:3040
- C:\Windows\System\rIbDKJd.exe
  C:\Windows\System\rIbDKJd.exe
  2⤵
  PID:2628
- C:\Windows\System\ZoNxLbD.exe
  C:\Windows\System\ZoNxLbD.exe
  2⤵
  PID:2476
- C:\Windows\System\cOWfMuA.exe
  C:\Windows\System\cOWfMuA.exe
  2⤵
  PID:2432
- C:\Windows\System\aXkaeoK.exe
  C:\Windows\System\aXkaeoK.exe
  2⤵
  PID:696
- C:\Windows\System\YknkSEj.exe
  C:\Windows\System\YknkSEj.exe
  2⤵
  PID:968
- C:\Windows\System\uPUWtwM.exe
  C:\Windows\System\uPUWtwM.exe
  2⤵
  PID:1236
- C:\Windows\System\TXfWGnJ.exe
  C:\Windows\System\TXfWGnJ.exe
  2⤵
  PID:2064
- C:\Windows\System\oEkqgCQ.exe
  C:\Windows\System\oEkqgCQ.exe
  2⤵
  PID:2360
- C:\Windows\System\ZyLBmDW.exe
  C:\Windows\System\ZyLBmDW.exe
  2⤵
  PID:2132
- C:\Windows\System\uFoaFkJ.exe
  C:\Windows\System\uFoaFkJ.exe
  2⤵
  PID:3016
- C:\Windows\System\rvHkvMk.exe
  C:\Windows\System\rvHkvMk.exe
  2⤵
  PID:2936
- C:\Windows\System\rDLFXHX.exe
  C:\Windows\System\rDLFXHX.exe
  2⤵
  PID:536
- C:\Windows\System\lRwnvOh.exe
  C:\Windows\System\lRwnvOh.exe
  2⤵
  PID:2460
- C:\Windows\System\QbBTYvc.exe
  C:\Windows\System\QbBTYvc.exe
  2⤵
  PID:2292
- C:\Windows\System\ggXEUvJ.exe
  C:\Windows\System\ggXEUvJ.exe
  2⤵
  PID:636
- C:\Windows\System\GwEQmNJ.exe
  C:\Windows\System\GwEQmNJ.exe
  2⤵
  PID:976
- C:\Windows\System\YQaeTFB.exe
  C:\Windows\System\YQaeTFB.exe
  2⤵
  PID:2716
- C:\Windows\System\SLhMfCj.exe
  C:\Windows\System\SLhMfCj.exe
  2⤵
  PID:1992
- C:\Windows\System\CKAaKGz.exe
  C:\Windows\System\CKAaKGz.exe
  2⤵
  PID:892
- C:\Windows\System\UmYHOMM.exe
  C:\Windows\System\UmYHOMM.exe
  2⤵
  PID:2404
- C:\Windows\System\krvXVGc.exe
  C:\Windows\System\krvXVGc.exe
  2⤵
  PID:1388
- C:\Windows\System\mYtjMbJ.exe
  C:\Windows\System\mYtjMbJ.exe
  2⤵
  PID:3020
- C:\Windows\System\DicXsSF.exe
  C:\Windows\System\DicXsSF.exe
  2⤵
  PID:2368
- C:\Windows\System\DjbmCuF.exe
  C:\Windows\System\DjbmCuF.exe
  2⤵
  PID:1108
- C:\Windows\System\twEyTAG.exe
  C:\Windows\System\twEyTAG.exe
  2⤵
  PID:3092
- C:\Windows\System\bltbzie.exe
  C:\Windows\System\bltbzie.exe
  2⤵
  PID:3108
- C:\Windows\System\xmpHoXY.exe
  C:\Windows\System\xmpHoXY.exe
  2⤵
  PID:3140
- C:\Windows\System\kersClT.exe
  C:\Windows\System\kersClT.exe
  2⤵
  PID:3156
- C:\Windows\System\fmUYiAh.exe
  C:\Windows\System\fmUYiAh.exe
  2⤵
  PID:3176
- C:\Windows\System\wvOhigJ.exe
  C:\Windows\System\wvOhigJ.exe
  2⤵
  PID:3196
- C:\Windows\System\PhVoskD.exe
  C:\Windows\System\PhVoskD.exe
  2⤵
  PID:3212
- C:\Windows\System\rnzqJCr.exe
  C:\Windows\System\rnzqJCr.exe
  2⤵
  PID:3236
- C:\Windows\System\pEgMyir.exe
  C:\Windows\System\pEgMyir.exe
  2⤵
  PID:3260
- C:\Windows\System\TAxCDtp.exe
  C:\Windows\System\TAxCDtp.exe
  2⤵
  PID:3276
- C:\Windows\System\WcOlnbU.exe
  C:\Windows\System\WcOlnbU.exe
  2⤵
  PID:3292
- C:\Windows\System\VILkgMk.exe
  C:\Windows\System\VILkgMk.exe
  2⤵
  PID:3336
- C:\Windows\System\LZHfeyY.exe
  C:\Windows\System\LZHfeyY.exe
  2⤵
  PID:3356
- C:\Windows\System\fbQQbci.exe
  C:\Windows\System\fbQQbci.exe
  2⤵
  PID:3376
- C:\Windows\System\OKbbSck.exe
  C:\Windows\System\OKbbSck.exe
  2⤵
  PID:3396
- C:\Windows\System\mTQvdnZ.exe
  C:\Windows\System\mTQvdnZ.exe
  2⤵
  PID:3412
- C:\Windows\System\cHiACnK.exe
  C:\Windows\System\cHiACnK.exe
  2⤵
  PID:3428
- C:\Windows\System\QChcTEG.exe
  C:\Windows\System\QChcTEG.exe
  2⤵
  PID:3444
- C:\Windows\System\awskOGO.exe
  C:\Windows\System\awskOGO.exe
  2⤵
  PID:3464
- C:\Windows\System\pByAFoV.exe
  C:\Windows\System\pByAFoV.exe
  2⤵
  PID:3480
- C:\Windows\System\foOqILX.exe
  C:\Windows\System\foOqILX.exe
  2⤵
  PID:3520
- C:\Windows\System\hKJxKhc.exe
  C:\Windows\System\hKJxKhc.exe
  2⤵
  PID:3536
- C:\Windows\System\CpfCTCs.exe
  C:\Windows\System\CpfCTCs.exe
  2⤵
  PID:3560
- C:\Windows\System\ykXScrE.exe
  C:\Windows\System\ykXScrE.exe
  2⤵
  PID:3576
- C:\Windows\System\ijOOLfT.exe
  C:\Windows\System\ijOOLfT.exe
  2⤵
  PID:3596
- C:\Windows\System\xwbniSK.exe
  C:\Windows\System\xwbniSK.exe
  2⤵
  PID:3612
- C:\Windows\System\BETIkXD.exe
  C:\Windows\System\BETIkXD.exe
  2⤵
  PID:3632
- C:\Windows\System\NbKvxpy.exe
  C:\Windows\System\NbKvxpy.exe
  2⤵
  PID:3664
- C:\Windows\System\OFfhMrq.exe
  C:\Windows\System\OFfhMrq.exe
  2⤵
  PID:3688
- C:\Windows\System\oneqBRX.exe
  C:\Windows\System\oneqBRX.exe
  2⤵
  PID:3712
- C:\Windows\System\iBkDejm.exe
  C:\Windows\System\iBkDejm.exe
  2⤵
  PID:3728
- C:\Windows\System\pxOFFQu.exe
  C:\Windows\System\pxOFFQu.exe
  2⤵
  PID:3744
- C:\Windows\System\ysNZgqh.exe
  C:\Windows\System\ysNZgqh.exe
  2⤵
  PID:3788
- C:\Windows\System\VjaoeAz.exe
  C:\Windows\System\VjaoeAz.exe
  2⤵
  PID:3804
- C:\Windows\System\tBeleJN.exe
  C:\Windows\System\tBeleJN.exe
  2⤵
  PID:3820
- C:\Windows\System\lfnIaag.exe
  C:\Windows\System\lfnIaag.exe
  2⤵
  PID:3840
- C:\Windows\System\UEXcFQv.exe
  C:\Windows\System\UEXcFQv.exe
  2⤵
  PID:3860
- C:\Windows\System\iLMVSFl.exe
  C:\Windows\System\iLMVSFl.exe
  2⤵
  PID:3880
- C:\Windows\System\DzZATtF.exe
  C:\Windows\System\DzZATtF.exe
  2⤵
  PID:3896
- C:\Windows\System\BjkzsVs.exe
  C:\Windows\System\BjkzsVs.exe
  2⤵
  PID:3912
- C:\Windows\System\MfPHUAs.exe
  C:\Windows\System\MfPHUAs.exe
  2⤵
  PID:3932
- C:\Windows\System\jQvLUiJ.exe
  C:\Windows\System\jQvLUiJ.exe
  2⤵
  PID:3948
- C:\Windows\System\KumnASV.exe
  C:\Windows\System\KumnASV.exe
  2⤵
  PID:3968
- C:\Windows\System\NmxAQTn.exe
  C:\Windows\System\NmxAQTn.exe
  2⤵
  PID:4004
- C:\Windows\System\zHygCEe.exe
  C:\Windows\System\zHygCEe.exe
  2⤵
  PID:4028
- C:\Windows\System\RdUGCGL.exe
  C:\Windows\System\RdUGCGL.exe
  2⤵
  PID:4048
- C:\Windows\System\nmtJCbb.exe
  C:\Windows\System\nmtJCbb.exe
  2⤵
  PID:4068
- C:\Windows\System\ppAHoeh.exe
  C:\Windows\System\ppAHoeh.exe
  2⤵
  PID:4092
- C:\Windows\System\TysOfxS.exe
  C:\Windows\System\TysOfxS.exe
  2⤵
  PID:3088
- C:\Windows\System\vMZjSeO.exe
  C:\Windows\System\vMZjSeO.exe
  2⤵
  PID:3120
- C:\Windows\System\kipdQnI.exe
  C:\Windows\System\kipdQnI.exe
  2⤵
  PID:3100
- C:\Windows\System\atqdHGQ.exe
  C:\Windows\System\atqdHGQ.exe
  2⤵
  PID:3136
- C:\Windows\System\CPLhLWY.exe
  C:\Windows\System\CPLhLWY.exe
  2⤵
  PID:3188
- C:\Windows\System\vCWSYgX.exe
  C:\Windows\System\vCWSYgX.exe
  2⤵
  PID:3224
- C:\Windows\System\dcAdXmn.exe
  C:\Windows\System\dcAdXmn.exe
  2⤵
  PID:3256
- C:\Windows\System\kRycJTM.exe
  C:\Windows\System\kRycJTM.exe
  2⤵
  PID:3300
- C:\Windows\System\dsUISIK.exe
  C:\Windows\System\dsUISIK.exe
  2⤵
  PID:3324
- C:\Windows\System\fLFRNPW.exe
  C:\Windows\System\fLFRNPW.exe
  2⤵
  PID:3372
- C:\Windows\System\sPgHllg.exe
  C:\Windows\System\sPgHllg.exe
  2⤵
  PID:3420
- C:\Windows\System\uwGzIAa.exe
  C:\Windows\System\uwGzIAa.exe
  2⤵
  PID:3488
- C:\Windows\System\YjdXnhp.exe
  C:\Windows\System\YjdXnhp.exe
  2⤵
  PID:3476
- C:\Windows\System\RUHtjaq.exe
  C:\Windows\System\RUHtjaq.exe
  2⤵
  PID:3504
- C:\Windows\System\lSltviD.exe
  C:\Windows\System\lSltviD.exe
  2⤵
  PID:3556
- C:\Windows\System\mkCKJBn.exe
  C:\Windows\System\mkCKJBn.exe
  2⤵
  PID:3592
- C:\Windows\System\utuUcSM.exe
  C:\Windows\System\utuUcSM.exe
  2⤵
  PID:3624
- C:\Windows\System\IqemfyQ.exe
  C:\Windows\System\IqemfyQ.exe
  2⤵
  PID:3656
- C:\Windows\System\lWlttWt.exe
  C:\Windows\System\lWlttWt.exe
  2⤵
  PID:3672
- C:\Windows\System\rQkEvmp.exe
  C:\Windows\System\rQkEvmp.exe
  2⤵
  PID:3724
- C:\Windows\System\wwpabNr.exe
  C:\Windows\System\wwpabNr.exe
  2⤵
  PID:3768
- C:\Windows\System\LPyZRIC.exe
  C:\Windows\System\LPyZRIC.exe
  2⤵
  PID:3796
- C:\Windows\System\EAbYfIB.exe
  C:\Windows\System\EAbYfIB.exe
  2⤵
  PID:3848
- C:\Windows\System\cRGrAMA.exe
  C:\Windows\System\cRGrAMA.exe
  2⤵
  PID:3836
- C:\Windows\System\VkmqxEU.exe
  C:\Windows\System\VkmqxEU.exe
  2⤵
  PID:3892
- C:\Windows\System\LpMQoSI.exe
  C:\Windows\System\LpMQoSI.exe
  2⤵
  PID:3928
- C:\Windows\System\AjIxzjo.exe
  C:\Windows\System\AjIxzjo.exe
  2⤵
  PID:3940
- C:\Windows\System\MeKpufx.exe
  C:\Windows\System\MeKpufx.exe
  2⤵
  PID:3984
- C:\Windows\System\qURigub.exe
  C:\Windows\System\qURigub.exe
  2⤵
  PID:4056
- C:\Windows\System\FXmjNqL.exe
  C:\Windows\System\FXmjNqL.exe
  2⤵
  PID:4080
- C:\Windows\System\RqlwZyY.exe
  C:\Windows\System\RqlwZyY.exe
  2⤵
  PID:3080
- C:\Windows\System\OJSOpux.exe
  C:\Windows\System\OJSOpux.exe
  2⤵
  PID:3116
- C:\Windows\System\uvPhZzj.exe
  C:\Windows\System\uvPhZzj.exe
  2⤵
  PID:3184
- C:\Windows\System\aQNcNfz.exe
  C:\Windows\System\aQNcNfz.exe
  2⤵
  PID:3132
- C:\Windows\System\gHaWdbD.exe
  C:\Windows\System\gHaWdbD.exe
  2⤵
  PID:3288
- C:\Windows\System\jgbullv.exe
  C:\Windows\System\jgbullv.exe
  2⤵
  PID:3368
- C:\Windows\System\mnHCbJM.exe
  C:\Windows\System\mnHCbJM.exe
  2⤵
  PID:3392
- C:\Windows\System\ipkNrjw.exe
  C:\Windows\System\ipkNrjw.exe
  2⤵
  PID:3472
- C:\Windows\System\zYfObdB.exe
  C:\Windows\System\zYfObdB.exe
  2⤵
  PID:3548
- C:\Windows\System\ZSACCyc.exe
  C:\Windows\System\ZSACCyc.exe
  2⤵
  PID:3084
- C:\Windows\System\jdarytP.exe
  C:\Windows\System\jdarytP.exe
  2⤵
  PID:3628
- C:\Windows\System\xIDuIFf.exe
  C:\Windows\System\xIDuIFf.exe
  2⤵
  PID:4076
- C:\Windows\System\qXtQTRP.exe
  C:\Windows\System\qXtQTRP.exe
  2⤵
  PID:3684
- C:\Windows\System\sIejrxI.exe
  C:\Windows\System\sIejrxI.exe
  2⤵
  PID:3720
- C:\Windows\System\GdYNzSD.exe
  C:\Windows\System\GdYNzSD.exe
  2⤵
  PID:3876
- C:\Windows\System\vFRmJCb.exe
  C:\Windows\System\vFRmJCb.exe
  2⤵
  PID:3964
- C:\Windows\System\fGWRsFu.exe
  C:\Windows\System\fGWRsFu.exe
  2⤵
  PID:3828
- C:\Windows\System\wcjplZK.exe
  C:\Windows\System\wcjplZK.exe
  2⤵
  PID:3496
- C:\Windows\System\AuXrsZv.exe
  C:\Windows\System\AuXrsZv.exe
  2⤵
  PID:3996
- C:\Windows\System\WfiHvME.exe
  C:\Windows\System\WfiHvME.exe
  2⤵
  PID:4060
- C:\Windows\System\CBFjhVo.exe
  C:\Windows\System\CBFjhVo.exe
  2⤵
  PID:2504
- C:\Windows\System\fRECuBA.exe
  C:\Windows\System\fRECuBA.exe
  2⤵
  PID:3248
- C:\Windows\System\jPgTBMu.exe
  C:\Windows\System\jPgTBMu.exe
  2⤵
  PID:3316
- C:\Windows\System\WLluIaG.exe
  C:\Windows\System\WLluIaG.exe
  2⤵
  PID:3544
- C:\Windows\System\YdSLYxf.exe
  C:\Windows\System\YdSLYxf.exe
  2⤵
  PID:3532
- C:\Windows\System\klyZuYl.exe
  C:\Windows\System\klyZuYl.exe
  2⤵
  PID:3608
- C:\Windows\System\rtfBrpk.exe
  C:\Windows\System\rtfBrpk.exe
  2⤵
  PID:3740
- C:\Windows\System\QKLPhhG.exe
  C:\Windows\System\QKLPhhG.exe
  2⤵
  PID:3816
- C:\Windows\System\LPFRoNc.exe
  C:\Windows\System\LPFRoNc.exe
  2⤵
  PID:3956
- C:\Windows\System\VHvkQCE.exe
  C:\Windows\System\VHvkQCE.exe
  2⤵
  PID:3764
- C:\Windows\System\jhPKFAs.exe
  C:\Windows\System\jhPKFAs.exe
  2⤵
  PID:3856
- C:\Windows\System\vHDLlvH.exe
  C:\Windows\System\vHDLlvH.exe
  2⤵
  PID:4088
- C:\Windows\System\YPAwdTF.exe
  C:\Windows\System\YPAwdTF.exe
  2⤵
  PID:3348
- C:\Windows\System\AZzpgoo.exe
  C:\Windows\System\AZzpgoo.exe
  2⤵
  PID:3352
- C:\Windows\System\jXtPAFP.exe
  C:\Windows\System\jXtPAFP.exe
  2⤵
  PID:3456
- C:\Windows\System\Rtfyoly.exe
  C:\Windows\System\Rtfyoly.exe
  2⤵
  PID:3704
- C:\Windows\System\DQzXFlW.exe
  C:\Windows\System\DQzXFlW.exe
  2⤵
  PID:3944
- C:\Windows\System\WtYVGNP.exe
  C:\Windows\System\WtYVGNP.exe
  2⤵
  PID:3988
- C:\Windows\System\LbkvaqT.exe
  C:\Windows\System\LbkvaqT.exe
  2⤵
  PID:3284
- C:\Windows\System\ppBLwHX.exe
  C:\Windows\System\ppBLwHX.exe
  2⤵
  PID:3832
- C:\Windows\System\DDPdhlM.exe
  C:\Windows\System\DDPdhlM.exe
  2⤵
  PID:3568
- C:\Windows\System\xDTpJTt.exe
  C:\Windows\System\xDTpJTt.exe
  2⤵
  PID:4012
- C:\Windows\System\tAxEqxN.exe
  C:\Windows\System\tAxEqxN.exe
  2⤵
  PID:3980
- C:\Windows\System\tkChmLd.exe
  C:\Windows\System\tkChmLd.exe
  2⤵
  PID:4064
- C:\Windows\System\HcLSZOQ.exe
  C:\Windows\System\HcLSZOQ.exe
  2⤵
  PID:4104
- C:\Windows\System\dfYSbcg.exe
  C:\Windows\System\dfYSbcg.exe
  2⤵
  PID:4120
- C:\Windows\System\dKcuzsv.exe
  C:\Windows\System\dKcuzsv.exe
  2⤵
  PID:4160
- C:\Windows\System\cQhJzDd.exe
  C:\Windows\System\cQhJzDd.exe
  2⤵
  PID:4176
- C:\Windows\System\pZchhKR.exe
  C:\Windows\System\pZchhKR.exe
  2⤵
  PID:4192
- C:\Windows\System\BlhEwtu.exe
  C:\Windows\System\BlhEwtu.exe
  2⤵
  PID:4212
- C:\Windows\System\BzgDqin.exe
  C:\Windows\System\BzgDqin.exe
  2⤵
  PID:4232
- C:\Windows\System\xeBxhex.exe
  C:\Windows\System\xeBxhex.exe
  2⤵
  PID:4252
- C:\Windows\System\wGsMyHl.exe
  C:\Windows\System\wGsMyHl.exe
  2⤵
  PID:4276
- C:\Windows\System\LrfgLzT.exe
  C:\Windows\System\LrfgLzT.exe
  2⤵
  PID:4296
- C:\Windows\System\FAcnnDf.exe
  C:\Windows\System\FAcnnDf.exe
  2⤵
  PID:4312
- C:\Windows\System\EnbTWbY.exe
  C:\Windows\System\EnbTWbY.exe
  2⤵
  PID:4332
- C:\Windows\System\ddKnhMQ.exe
  C:\Windows\System\ddKnhMQ.exe
  2⤵
  PID:4360
- C:\Windows\System\hArxAUu.exe
  C:\Windows\System\hArxAUu.exe
  2⤵
  PID:4376
- C:\Windows\System\UEfODsz.exe
  C:\Windows\System\UEfODsz.exe
  2⤵
  PID:4400
- C:\Windows\System\vYwqHXj.exe
  C:\Windows\System\vYwqHXj.exe
  2⤵
  PID:4416
- C:\Windows\System\sWFdgQG.exe
  C:\Windows\System\sWFdgQG.exe
  2⤵
  PID:4432
- C:\Windows\System\MuktcWq.exe
  C:\Windows\System\MuktcWq.exe
  2⤵
  PID:4456
- C:\Windows\System\WJYQseZ.exe
  C:\Windows\System\WJYQseZ.exe
  2⤵
  PID:4480
- C:\Windows\System\jjfmjtS.exe
  C:\Windows\System\jjfmjtS.exe
  2⤵
  PID:4496
- C:\Windows\System\xktYDkA.exe
  C:\Windows\System\xktYDkA.exe
  2⤵
  PID:4516
- C:\Windows\System\JgHKWcq.exe
  C:\Windows\System\JgHKWcq.exe
  2⤵
  PID:4536
- C:\Windows\System\MwoEZIC.exe
  C:\Windows\System\MwoEZIC.exe
  2⤵
  PID:4560
- C:\Windows\System\JorsxCX.exe
  C:\Windows\System\JorsxCX.exe
  2⤵
  PID:4576
- C:\Windows\System\gaEMkBa.exe
  C:\Windows\System\gaEMkBa.exe
  2⤵
  PID:4600
- C:\Windows\System\xZlTLih.exe
  C:\Windows\System\xZlTLih.exe
  2⤵
  PID:4616
- C:\Windows\System\OYMYenF.exe
  C:\Windows\System\OYMYenF.exe
  2⤵
  PID:4632
- C:\Windows\System\wksCCTp.exe
  C:\Windows\System\wksCCTp.exe
  2⤵
  PID:4648
- C:\Windows\System\pmxCCwH.exe
  C:\Windows\System\pmxCCwH.exe
  2⤵
  PID:4680
- C:\Windows\System\vPJngTh.exe
  C:\Windows\System\vPJngTh.exe
  2⤵
  PID:4696
- C:\Windows\System\bgBdaBc.exe
  C:\Windows\System\bgBdaBc.exe
  2⤵
  PID:4724
- C:\Windows\System\Nrtkkfs.exe
  C:\Windows\System\Nrtkkfs.exe
  2⤵
  PID:4740
- C:\Windows\System\dSqJvlJ.exe
  C:\Windows\System\dSqJvlJ.exe
  2⤵
  PID:4756
- C:\Windows\System\rnwlAZV.exe
  C:\Windows\System\rnwlAZV.exe
  2⤵
  PID:4784
- C:\Windows\System\biWHRdk.exe
  C:\Windows\System\biWHRdk.exe
  2⤵
  PID:4804
- C:\Windows\System\hDhwJWc.exe
  C:\Windows\System\hDhwJWc.exe
  2⤵
  PID:4820
- C:\Windows\System\dSirBIZ.exe
  C:\Windows\System\dSirBIZ.exe
  2⤵
  PID:4844
- C:\Windows\System\RLIpEtA.exe
  C:\Windows\System\RLIpEtA.exe
  2⤵
  PID:4860
- C:\Windows\System\tcpDwJP.exe
  C:\Windows\System\tcpDwJP.exe
  2⤵
  PID:4884
- C:\Windows\System\vKcEvAl.exe
  C:\Windows\System\vKcEvAl.exe
  2⤵
  PID:4900
- C:\Windows\System\ydEHorE.exe
  C:\Windows\System\ydEHorE.exe
  2⤵
  PID:4916
- C:\Windows\System\xmAHJUA.exe
  C:\Windows\System\xmAHJUA.exe
  2⤵
  PID:4932
- C:\Windows\System\HEIisAB.exe
  C:\Windows\System\HEIisAB.exe
  2⤵
  PID:4952
- C:\Windows\System\kcFEKSl.exe
  C:\Windows\System\kcFEKSl.exe
  2⤵
  PID:4968
- C:\Windows\System\Oxcaqlu.exe
  C:\Windows\System\Oxcaqlu.exe
  2⤵
  PID:5000
- C:\Windows\System\yUbrscw.exe
  C:\Windows\System\yUbrscw.exe
  2⤵
  PID:5020
- C:\Windows\System\NvnPSMe.exe
  C:\Windows\System\NvnPSMe.exe
  2⤵
  PID:5040
- C:\Windows\System\bWQnHPz.exe
  C:\Windows\System\bWQnHPz.exe
  2⤵
  PID:5056
- C:\Windows\System\DhUICdQ.exe
  C:\Windows\System\DhUICdQ.exe
  2⤵
  PID:5072
- C:\Windows\System\RazoPpo.exe
  C:\Windows\System\RazoPpo.exe
  2⤵
  PID:5104
- C:\Windows\System\TlVUmMS.exe
  C:\Windows\System\TlVUmMS.exe
  2⤵
  PID:3812
- C:\Windows\System\UZKZYlR.exe
  C:\Windows\System\UZKZYlR.exe
  2⤵
  PID:3124
- C:\Windows\System\yCFtTEu.exe
  C:\Windows\System\yCFtTEu.exe
  2⤵
  PID:3908
- C:\Windows\System\DiGTVdg.exe
  C:\Windows\System\DiGTVdg.exe
  2⤵
  PID:4128
- C:\Windows\System\JztSCDD.exe
  C:\Windows\System\JztSCDD.exe
  2⤵
  PID:4152
- C:\Windows\System\EEwxyNS.exe
  C:\Windows\System\EEwxyNS.exe
  2⤵
  PID:4188
- C:\Windows\System\lDVmush.exe
  C:\Windows\System\lDVmush.exe
  2⤵
  PID:4228
- C:\Windows\System\CjTXDVz.exe
  C:\Windows\System\CjTXDVz.exe
  2⤵
  PID:4260
- C:\Windows\System\dqfTDmG.exe
  C:\Windows\System\dqfTDmG.exe
  2⤵
  PID:4292
- C:\Windows\System\ttZwZgW.exe
  C:\Windows\System\ttZwZgW.exe
  2⤵
  PID:4320
- C:\Windows\System\WDzdiEp.exe
  C:\Windows\System\WDzdiEp.exe
  2⤵
  PID:4356
- C:\Windows\System\goDSOOv.exe
  C:\Windows\System\goDSOOv.exe
  2⤵
  PID:4396
- C:\Windows\System\cQCoipV.exe
  C:\Windows\System\cQCoipV.exe
  2⤵
  PID:4448
- C:\Windows\System\sUBhdcU.exe
  C:\Windows\System\sUBhdcU.exe
  2⤵
  PID:4464
- C:\Windows\System\WxuRaZo.exe
  C:\Windows\System\WxuRaZo.exe
  2⤵
  PID:4504
- C:\Windows\System\MxxRecB.exe
  C:\Windows\System\MxxRecB.exe
  2⤵
  PID:4552
- C:\Windows\System\uOZZyEv.exe
  C:\Windows\System\uOZZyEv.exe
  2⤵
  PID:4568
- C:\Windows\System\lIOxTGx.exe
  C:\Windows\System\lIOxTGx.exe
  2⤵
  PID:4608
- C:\Windows\System\decZNmC.exe
  C:\Windows\System\decZNmC.exe
  2⤵
  PID:4624
- C:\Windows\System\pCUPVEH.exe
  C:\Windows\System\pCUPVEH.exe
  2⤵
  PID:4668
- C:\Windows\System\sAhHAYw.exe
  C:\Windows\System\sAhHAYw.exe
  2⤵
  PID:4704
- C:\Windows\System\TDqKGaW.exe
  C:\Windows\System\TDqKGaW.exe
  2⤵
  PID:4732
- C:\Windows\System\eSKMYzx.exe
  C:\Windows\System\eSKMYzx.exe
  2⤵
  PID:4736
- C:\Windows\System\sdrWFww.exe
  C:\Windows\System\sdrWFww.exe
  2⤵
  PID:4780
- C:\Windows\System\DyonNZw.exe
  C:\Windows\System\DyonNZw.exe
  2⤵
  PID:4812
- C:\Windows\System\zgPufnr.exe
  C:\Windows\System\zgPufnr.exe
  2⤵
  PID:4836
- C:\Windows\System\fErpdAl.exe
  C:\Windows\System\fErpdAl.exe
  2⤵
  PID:4852
- C:\Windows\System\ECVUxaZ.exe
  C:\Windows\System\ECVUxaZ.exe
  2⤵
  PID:4912
- C:\Windows\System\pRdjvhs.exe
  C:\Windows\System\pRdjvhs.exe
  2⤵
  PID:4964
- C:\Windows\System\ktCfFLK.exe
  C:\Windows\System\ktCfFLK.exe
  2⤵
  PID:4976
- C:\Windows\System\jKSPGYl.exe
  C:\Windows\System\jKSPGYl.exe
  2⤵
  PID:4924
- C:\Windows\System\gwmYoRS.exe
  C:\Windows\System\gwmYoRS.exe
  2⤵
  PID:5048
- C:\Windows\System\mUpRPbz.exe
  C:\Windows\System\mUpRPbz.exe
  2⤵
  PID:5092
- C:\Windows\System\OzgvfDD.exe
  C:\Windows\System\OzgvfDD.exe
  2⤵
  PID:4044
- C:\Windows\System\BwvLgGr.exe
  C:\Windows\System\BwvLgGr.exe
  2⤵
  PID:3640
- C:\Windows\System\SnQQDnp.exe
  C:\Windows\System\SnQQDnp.exe
  2⤵
  PID:4136
- C:\Windows\System\LZZXFfK.exe
  C:\Windows\System\LZZXFfK.exe
  2⤵
  PID:4208
- C:\Windows\System\wmSWQND.exe
  C:\Windows\System\wmSWQND.exe
  2⤵
  PID:4288
- C:\Windows\System\QlqHcui.exe
  C:\Windows\System\QlqHcui.exe
  2⤵
  PID:4352
- C:\Windows\System\rAVDnEC.exe
  C:\Windows\System\rAVDnEC.exe
  2⤵
  PID:4388
- C:\Windows\System\GMQmftR.exe
  C:\Windows\System\GMQmftR.exe
  2⤵
  PID:4428
- C:\Windows\System\WkvMZZQ.exe
  C:\Windows\System\WkvMZZQ.exe
  2⤵
  PID:4488
- C:\Windows\System\YmExwTf.exe
  C:\Windows\System\YmExwTf.exe
  2⤵
  PID:4524
- C:\Windows\System\Mppevzh.exe
  C:\Windows\System\Mppevzh.exe
  2⤵
  PID:4612
- C:\Windows\System\hGcpHEz.exe
  C:\Windows\System\hGcpHEz.exe
  2⤵
  PID:3172
- C:\Windows\System\uzxJrKt.exe
  C:\Windows\System\uzxJrKt.exe
  2⤵
  PID:4796
- C:\Windows\System\refrYkZ.exe
  C:\Windows\System\refrYkZ.exe
  2⤵
  PID:4660
- C:\Windows\System\SfXjUJa.exe
  C:\Windows\System\SfXjUJa.exe
  2⤵
  PID:4988
- C:\Windows\System\FSFdBcF.exe
  C:\Windows\System\FSFdBcF.exe
  2⤵
  PID:5088
- C:\Windows\System\lijvdpn.exe
  C:\Windows\System\lijvdpn.exe
  2⤵
  PID:1964
- C:\Windows\System\PcnokqM.exe
  C:\Windows\System\PcnokqM.exe
  2⤵
  PID:4772
- C:\Windows\System\tuhLBfA.exe
  C:\Windows\System\tuhLBfA.exe
  2⤵
  PID:4908
- C:\Windows\System\RdurAEB.exe
  C:\Windows\System\RdurAEB.exe
  2⤵
  PID:5016
- C:\Windows\System\tuPJZcq.exe
  C:\Windows\System\tuPJZcq.exe
  2⤵
  PID:5116
- C:\Windows\System\NVvAMPp.exe
  C:\Windows\System\NVvAMPp.exe
  2⤵
  PID:4244
- C:\Windows\System\UVxnyjz.exe
  C:\Windows\System\UVxnyjz.exe
  2⤵
  PID:4240
- C:\Windows\System\vbhjasn.exe
  C:\Windows\System\vbhjasn.exe
  2⤵
  PID:4412
- C:\Windows\System\dAZUeYa.exe
  C:\Windows\System\dAZUeYa.exe
  2⤵
  PID:4592
- C:\Windows\System\kHbAApv.exe
  C:\Windows\System\kHbAApv.exe
  2⤵
  PID:4676
- C:\Windows\System\ujRSjrR.exe
  C:\Windows\System\ujRSjrR.exe
  2⤵
  PID:4444
- C:\Windows\System\mOSvuBa.exe
  C:\Windows\System\mOSvuBa.exe
  2⤵
  PID:4984
- C:\Windows\System\GkrJdOk.exe
  C:\Windows\System\GkrJdOk.exe
  2⤵
  PID:5080
- C:\Windows\System\huHpskC.exe
  C:\Windows\System\huHpskC.exe
  2⤵
  PID:5028
- C:\Windows\System\ObZWcYk.exe
  C:\Windows\System\ObZWcYk.exe
  2⤵
  PID:5008
- C:\Windows\System\QUZheZn.exe
  C:\Windows\System\QUZheZn.exe
  2⤵
  PID:4184
- C:\Windows\System\LcVZvGI.exe
  C:\Windows\System\LcVZvGI.exe
  2⤵
  PID:4272
- C:\Windows\System\pDMajwT.exe
  C:\Windows\System\pDMajwT.exe
  2⤵
  PID:4708
- C:\Windows\System\HPkbrTi.exe
  C:\Windows\System\HPkbrTi.exe
  2⤵
  PID:4528
- C:\Windows\System\qQuyFMU.exe
  C:\Windows\System\qQuyFMU.exe
  2⤵
  PID:4896
- C:\Windows\System\YxaLKAO.exe
  C:\Windows\System\YxaLKAO.exe
  2⤵
  PID:4892
- C:\Windows\System\VqHaQWS.exe
  C:\Windows\System\VqHaQWS.exe
  2⤵
  PID:2532
- C:\Windows\System\zfzNzQa.exe
  C:\Windows\System\zfzNzQa.exe
  2⤵
  PID:524
- C:\Windows\System\ETTejyM.exe
  C:\Windows\System\ETTejyM.exe
  2⤵
  PID:3440
- C:\Windows\System\jMDDSzN.exe
  C:\Windows\System\jMDDSzN.exe
  2⤵
  PID:4340
- C:\Windows\System\ZChPNvS.exe
  C:\Windows\System\ZChPNvS.exe
  2⤵
  PID:4880
- C:\Windows\System\Webdjef.exe
  C:\Windows\System\Webdjef.exe
  2⤵
  PID:4828
- C:\Windows\System\hdjuLCf.exe
  C:\Windows\System\hdjuLCf.exe
  2⤵
  PID:956
- C:\Windows\System\XSRPkJv.exe
  C:\Windows\System\XSRPkJv.exe
  2⤵
  PID:4172
- C:\Windows\System\fLpKbiH.exe
  C:\Windows\System\fLpKbiH.exe
  2⤵
  PID:5032
- C:\Windows\System\oNzqrIy.exe
  C:\Windows\System\oNzqrIy.exe
  2⤵
  PID:4324
- C:\Windows\System\kZLiMvA.exe
  C:\Windows\System\kZLiMvA.exe
  2⤵
  PID:772
- C:\Windows\System\BECnLTn.exe
  C:\Windows\System\BECnLTn.exe
  2⤵
  PID:4948
- C:\Windows\System\VJerDXz.exe
  C:\Windows\System\VJerDXz.exe
  2⤵
  PID:3680
- C:\Windows\System\VTLMmRy.exe
  C:\Windows\System\VTLMmRy.exe
  2⤵
  PID:5148
- C:\Windows\System\MevMXkO.exe
  C:\Windows\System\MevMXkO.exe
  2⤵
  PID:5164
- C:\Windows\System\qDQzeyP.exe
  C:\Windows\System\qDQzeyP.exe
  2⤵
  PID:5180
- C:\Windows\System\WWJuSMs.exe
  C:\Windows\System\WWJuSMs.exe
  2⤵
  PID:5196
- C:\Windows\System\FJBotGp.exe
  C:\Windows\System\FJBotGp.exe
  2⤵
  PID:5216
- C:\Windows\System\SHeuqfo.exe
  C:\Windows\System\SHeuqfo.exe
  2⤵
  PID:5236
- C:\Windows\System\mEnisON.exe
  C:\Windows\System\mEnisON.exe
  2⤵
  PID:5256
- C:\Windows\System\NapCDwf.exe
  C:\Windows\System\NapCDwf.exe
  2⤵
  PID:5272
- C:\Windows\System\ZliUCyz.exe
  C:\Windows\System\ZliUCyz.exe
  2⤵
  PID:5292
- C:\Windows\System\JutNveC.exe
  C:\Windows\System\JutNveC.exe
  2⤵
  PID:5308
- C:\Windows\System\hkScGEY.exe
  C:\Windows\System\hkScGEY.exe
  2⤵
  PID:5324
- C:\Windows\System\Zhfqkem.exe
  C:\Windows\System\Zhfqkem.exe
  2⤵
  PID:5348
- C:\Windows\System\xkfqTkW.exe
  C:\Windows\System\xkfqTkW.exe
  2⤵
  PID:5364
- C:\Windows\System\rJAmYfU.exe
  C:\Windows\System\rJAmYfU.exe
  2⤵
  PID:5380
- C:\Windows\System\pLdxuHd.exe
  C:\Windows\System\pLdxuHd.exe
  2⤵
  PID:5396
- C:\Windows\System\lHKuDxa.exe
  C:\Windows\System\lHKuDxa.exe
  2⤵
  PID:5424
- C:\Windows\System\qSQSpVm.exe
  C:\Windows\System\qSQSpVm.exe
  2⤵
  PID:5448
- C:\Windows\System\yNZTaRg.exe
  C:\Windows\System\yNZTaRg.exe
  2⤵
  PID:5476
- C:\Windows\System\onPLtdb.exe
  C:\Windows\System\onPLtdb.exe
  2⤵
  PID:5516
- C:\Windows\System\lwnIopc.exe
  C:\Windows\System\lwnIopc.exe
  2⤵
  PID:5536
- C:\Windows\System\DtuODdH.exe
  C:\Windows\System\DtuODdH.exe
  2⤵
  PID:5552
- C:\Windows\System\rSFjSXt.exe
  C:\Windows\System\rSFjSXt.exe
  2⤵
  PID:5568
- C:\Windows\System\yruYhVR.exe
  C:\Windows\System\yruYhVR.exe
  2⤵
  PID:5588
- C:\Windows\System\UsxjAjc.exe
  C:\Windows\System\UsxjAjc.exe
  2⤵
  PID:5616
- C:\Windows\System\bvFBygJ.exe
  C:\Windows\System\bvFBygJ.exe
  2⤵
  PID:5632
- C:\Windows\System\dRDNkMw.exe
  C:\Windows\System\dRDNkMw.exe
  2⤵
  PID:5652
- C:\Windows\System\cKWlsBR.exe
  C:\Windows\System\cKWlsBR.exe
  2⤵
  PID:5672
- C:\Windows\System\vpQapwa.exe
  C:\Windows\System\vpQapwa.exe
  2⤵
  PID:5696
- C:\Windows\System\yakQulP.exe
  C:\Windows\System\yakQulP.exe
  2⤵
  PID:5712
- C:\Windows\System\ngWzsgd.exe
  C:\Windows\System\ngWzsgd.exe
  2⤵
  PID:5736
- C:\Windows\System\EsmLmRg.exe
  C:\Windows\System\EsmLmRg.exe
  2⤵
  PID:5756
- C:\Windows\System\yglJSBr.exe
  C:\Windows\System\yglJSBr.exe
  2⤵
  PID:5772
- C:\Windows\System\ABJmuDl.exe
  C:\Windows\System\ABJmuDl.exe
  2⤵
  PID:5792
- C:\Windows\System\jjXlluQ.exe
  C:\Windows\System\jjXlluQ.exe
  2⤵
  PID:5812
- C:\Windows\System\cFMCqcv.exe
  C:\Windows\System\cFMCqcv.exe
  2⤵
  PID:5832
- C:\Windows\System\bFxKxdx.exe
  C:\Windows\System\bFxKxdx.exe
  2⤵
  PID:5848
- C:\Windows\System\TOIKGPa.exe
  C:\Windows\System\TOIKGPa.exe
  2⤵
  PID:5872
- C:\Windows\System\QQXAeYh.exe
  C:\Windows\System\QQXAeYh.exe
  2⤵
  PID:5888
- C:\Windows\System\xNBYibA.exe
  C:\Windows\System\xNBYibA.exe
  2⤵
  PID:5908
- C:\Windows\System\ajdMApB.exe
  C:\Windows\System\ajdMApB.exe
  2⤵
  PID:5924
- C:\Windows\System\xqijioD.exe
  C:\Windows\System\xqijioD.exe
  2⤵
  PID:5960
- C:\Windows\System\lQMTOYX.exe
  C:\Windows\System\lQMTOYX.exe
  2⤵
  PID:5980
- C:\Windows\System\atcjlWM.exe
  C:\Windows\System\atcjlWM.exe
  2⤵
  PID:5996
- C:\Windows\System\LLFKOxW.exe
  C:\Windows\System\LLFKOxW.exe
  2⤵
  PID:6020
- C:\Windows\System\njQgosI.exe
  C:\Windows\System\njQgosI.exe
  2⤵
  PID:6036
- C:\Windows\System\lYTZNVo.exe
  C:\Windows\System\lYTZNVo.exe
  2⤵
  PID:6060
- C:\Windows\System\MmLhgVd.exe
  C:\Windows\System\MmLhgVd.exe
  2⤵
  PID:6076
- C:\Windows\System\IzwCFdP.exe
  C:\Windows\System\IzwCFdP.exe
  2⤵
  PID:6096
- C:\Windows\System\nYLIpEa.exe
  C:\Windows\System\nYLIpEa.exe
  2⤵
  PID:6116
- C:\Windows\System\Kxtrovu.exe
  C:\Windows\System\Kxtrovu.exe
  2⤵
  PID:6132
- C:\Windows\System\YEBshPu.exe
  C:\Windows\System\YEBshPu.exe
  2⤵
  PID:5132
- C:\Windows\System\kdQbvCh.exe
  C:\Windows\System\kdQbvCh.exe
  2⤵
  PID:5128
- C:\Windows\System\VmFWODF.exe
  C:\Windows\System\VmFWODF.exe
  2⤵
  PID:4752
- C:\Windows\System\LuxlKua.exe
  C:\Windows\System\LuxlKua.exe
  2⤵
  PID:5188
- C:\Windows\System\hkCPgMP.exe
  C:\Windows\System\hkCPgMP.exe
  2⤵
  PID:5264
- C:\Windows\System\RDNhuGi.exe
  C:\Windows\System\RDNhuGi.exe
  2⤵
  PID:5340
- C:\Windows\System\zMLJwNg.exe
  C:\Windows\System\zMLJwNg.exe
  2⤵
  PID:5404
- C:\Windows\System\RmcRdGu.exe
  C:\Windows\System\RmcRdGu.exe
  2⤵
  PID:5420
- C:\Windows\System\jhXxcSJ.exe
  C:\Windows\System\jhXxcSJ.exe
  2⤵
  PID:5280
- C:\Windows\System\vAfHIaD.exe
  C:\Windows\System\vAfHIaD.exe
  2⤵
  PID:5204
- C:\Windows\System\tnyjXQm.exe
  C:\Windows\System\tnyjXQm.exe
  2⤵
  PID:5244
- C:\Windows\System\OaTnoXg.exe
  C:\Windows\System\OaTnoXg.exe
  2⤵
  PID:5468
- C:\Windows\System\vlaFdOO.exe
  C:\Windows\System\vlaFdOO.exe
  2⤵
  PID:5484
- C:\Windows\System\WZhFFwo.exe
  C:\Windows\System\WZhFFwo.exe
  2⤵
  PID:5488
- C:\Windows\System\vwtVztG.exe
  C:\Windows\System\vwtVztG.exe
  2⤵
  PID:5544
- C:\Windows\System\YwfHKie.exe
  C:\Windows\System\YwfHKie.exe
  2⤵
  PID:5564
- C:\Windows\System\hREKpjv.exe
  C:\Windows\System\hREKpjv.exe
  2⤵
  PID:5612
- C:\Windows\System\MOTIpjY.exe
  C:\Windows\System\MOTIpjY.exe
  2⤵
  PID:5644
- C:\Windows\System\DjRMlni.exe
  C:\Windows\System\DjRMlni.exe
  2⤵
  PID:5680
- C:\Windows\System\BNhJROw.exe
  C:\Windows\System\BNhJROw.exe
  2⤵
  PID:5720
- C:\Windows\System\zRXPqzc.exe
  C:\Windows\System\zRXPqzc.exe
  2⤵
  PID:5752
- C:\Windows\System\INlSVRc.exe
  C:\Windows\System\INlSVRc.exe
  2⤵
  PID:5780
- C:\Windows\System\lEzxEcC.exe
  C:\Windows\System\lEzxEcC.exe
  2⤵
  PID:5804
- C:\Windows\System\guuUAwa.exe
  C:\Windows\System\guuUAwa.exe
  2⤵
  PID:5856
- C:\Windows\System\fqvTmyG.exe
  C:\Windows\System\fqvTmyG.exe
  2⤵
  PID:5904
- C:\Windows\System\usbanKd.exe
  C:\Windows\System\usbanKd.exe
  2⤵
  PID:5932
- C:\Windows\System\HrBEwbN.exe
  C:\Windows\System\HrBEwbN.exe
  2⤵
  PID:5944
- C:\Windows\System\FkIJEvZ.exe
  C:\Windows\System\FkIJEvZ.exe
  2⤵
  PID:5976
- C:\Windows\System\qsJwzxJ.exe
  C:\Windows\System\qsJwzxJ.exe
  2⤵
  PID:6008
- C:\Windows\System\vTnvdMA.exe
  C:\Windows\System\vTnvdMA.exe
  2⤵
  PID:6048
- C:\Windows\System\BxQmEIt.exe
  C:\Windows\System\BxQmEIt.exe
  2⤵
  PID:6072
- C:\Windows\System\zSkxgFD.exe
  C:\Windows\System\zSkxgFD.exe
  2⤵
  PID:6128
- C:\Windows\System\MxFwxgW.exe
  C:\Windows\System\MxFwxgW.exe
  2⤵
  PID:4868
- C:\Windows\System\ebYGJaz.exe
  C:\Windows\System\ebYGJaz.exe
  2⤵
  PID:2012
- C:\Windows\System\bNBNhTc.exe
  C:\Windows\System\bNBNhTc.exe
  2⤵
  PID:5304
- C:\Windows\System\IeQTclt.exe
  C:\Windows\System\IeQTclt.exe
  2⤵
  PID:5232
- C:\Windows\System\MnsIxYn.exe
  C:\Windows\System\MnsIxYn.exe
  2⤵
  PID:5376
- C:\Windows\System\YwfMTus.exe
  C:\Windows\System\YwfMTus.exe
  2⤵
  PID:5176
- C:\Windows\System\phZNGIk.exe
  C:\Windows\System\phZNGIk.exe
  2⤵
  PID:5464
- C:\Windows\System\pIpLSXK.exe
  C:\Windows\System\pIpLSXK.exe
  2⤵
  PID:5432
- C:\Windows\System\OTFIwxV.exe
  C:\Windows\System\OTFIwxV.exe
  2⤵
  PID:1664
- C:\Windows\System\GoMGzTx.exe
  C:\Windows\System\GoMGzTx.exe
  2⤵
  PID:5508
- C:\Windows\System\bbeJQpD.exe
  C:\Windows\System\bbeJQpD.exe
  2⤵
  PID:5528
- C:\Windows\System\GPdvGnZ.exe
  C:\Windows\System\GPdvGnZ.exe
  2⤵
  PID:5628
- C:\Windows\System\mDoNsvq.exe
  C:\Windows\System\mDoNsvq.exe
  2⤵
  PID:5724
- C:\Windows\System\GGKgbYF.exe
  C:\Windows\System\GGKgbYF.exe
  2⤵
  PID:5768
- C:\Windows\System\OIVuIBc.exe
  C:\Windows\System\OIVuIBc.exe
  2⤵
  PID:5808
- C:\Windows\System\cVgkvhF.exe
  C:\Windows\System\cVgkvhF.exe
  2⤵
  PID:5880
- C:\Windows\System\syPROVz.exe
  C:\Windows\System\syPROVz.exe
  2⤵
  PID:5860
- C:\Windows\System\zVTpOKJ.exe
  C:\Windows\System\zVTpOKJ.exe
  2⤵
  PID:6012
- C:\Windows\System\vVMUpvp.exe
  C:\Windows\System\vVMUpvp.exe
  2⤵
  PID:6028
- C:\Windows\System\KYnAskj.exe
  C:\Windows\System\KYnAskj.exe
  2⤵
  PID:6140
- C:\Windows\System\bpEuypQ.exe
  C:\Windows\System\bpEuypQ.exe
  2⤵
  PID:5124
- C:\Windows\System\CGbwGCG.exe
  C:\Windows\System\CGbwGCG.exe
  2⤵
  PID:5336
- C:\Windows\System\SNqtOgr.exe
  C:\Windows\System\SNqtOgr.exe
  2⤵
  PID:5372
- C:\Windows\System\zjuVztN.exe
  C:\Windows\System\zjuVztN.exe
  2⤵
  PID:5212
- C:\Windows\System\mPqcIBg.exe
  C:\Windows\System\mPqcIBg.exe
  2⤵
  PID:5284
- C:\Windows\System\GtYQJwb.exe
  C:\Windows\System\GtYQJwb.exe
  2⤵
  PID:5608
- C:\Windows\System\lUZJjjT.exe
  C:\Windows\System\lUZJjjT.exe
  2⤵
  PID:5604
- C:\Windows\System\ruKQSiZ.exe
  C:\Windows\System\ruKQSiZ.exe
  2⤵
  PID:5660
- C:\Windows\System\ltdKxGc.exe
  C:\Windows\System\ltdKxGc.exe
  2⤵
  PID:5844
- C:\Windows\System\TkZRSGE.exe
  C:\Windows\System\TkZRSGE.exe
  2⤵
  PID:5916
- C:\Windows\System\xiwzkmX.exe
  C:\Windows\System\xiwzkmX.exe
  2⤵
  PID:5936
- C:\Windows\System\NitNgvC.exe
  C:\Windows\System\NitNgvC.exe
  2⤵
  PID:6092
- C:\Windows\System\sOSIqzZ.exe
  C:\Windows\System\sOSIqzZ.exe
  2⤵
  PID:5144
- C:\Windows\System\OxplDgp.exe
  C:\Windows\System\OxplDgp.exe
  2⤵
  PID:4720
- C:\Windows\System\nOtOnfw.exe
  C:\Windows\System\nOtOnfw.exe
  2⤵
  PID:5460
- C:\Windows\System\zLZDEnP.exe
  C:\Windows\System\zLZDEnP.exe
  2⤵
  PID:5640
- C:\Windows\System\AEQsPAS.exe
  C:\Windows\System\AEQsPAS.exe
  2⤵
  PID:5788
- C:\Windows\System\VOGZPyG.exe
  C:\Windows\System\VOGZPyG.exe
  2⤵
  PID:5828
- C:\Windows\System\aWXOaew.exe
  C:\Windows\System\aWXOaew.exe
  2⤵
  PID:5992
- C:\Windows\System\MSAhTIL.exe
  C:\Windows\System\MSAhTIL.exe
  2⤵
  PID:6124
- C:\Windows\System\cjHNcAG.exe
  C:\Windows\System\cjHNcAG.exe
  2⤵
  PID:4928
- C:\Windows\System\JeVGzrF.exe
  C:\Windows\System\JeVGzrF.exe
  2⤵
  PID:4644
- C:\Windows\System\CbwWxpP.exe
  C:\Windows\System\CbwWxpP.exe
  2⤵
  PID:5444
- C:\Windows\System\WhYHzCX.exe
  C:\Windows\System\WhYHzCX.exe
  2⤵
  PID:5764
- C:\Windows\System\AtmNLcv.exe
  C:\Windows\System\AtmNLcv.exe
  2⤵
  PID:6164
- C:\Windows\System\oZbWcQw.exe
  C:\Windows\System\oZbWcQw.exe
  2⤵
  PID:6180
- C:\Windows\System\styztOn.exe
  C:\Windows\System\styztOn.exe
  2⤵
  PID:6200
- C:\Windows\System\qWcKWuw.exe
  C:\Windows\System\qWcKWuw.exe
  2⤵
  PID:6216
- C:\Windows\System\JpWtKjf.exe
  C:\Windows\System\JpWtKjf.exe
  2⤵
  PID:6236
- C:\Windows\System\WuEwlhp.exe
  C:\Windows\System\WuEwlhp.exe
  2⤵
  PID:6256
- C:\Windows\System\xjCsfBa.exe
  C:\Windows\System\xjCsfBa.exe
  2⤵
  PID:6284
- C:\Windows\System\BdmmPov.exe
  C:\Windows\System\BdmmPov.exe
  2⤵
  PID:6304
- C:\Windows\System\GymFFGc.exe
  C:\Windows\System\GymFFGc.exe
  2⤵
  PID:6320
- C:\Windows\System\sznCJpR.exe
  C:\Windows\System\sznCJpR.exe
  2⤵
  PID:6336
- C:\Windows\System\UPXTOEb.exe
  C:\Windows\System\UPXTOEb.exe
  2⤵
  PID:6360
- C:\Windows\System\JXONZUA.exe
  C:\Windows\System\JXONZUA.exe
  2⤵
  PID:6384
- C:\Windows\System\GVWqsnU.exe
  C:\Windows\System\GVWqsnU.exe
  2⤵
  PID:6400
- C:\Windows\System\JUDnGwh.exe
  C:\Windows\System\JUDnGwh.exe
  2⤵
  PID:6416
- C:\Windows\System\NMdEMbN.exe
  C:\Windows\System\NMdEMbN.exe
  2⤵
  PID:6436
- C:\Windows\System\fuGIbAh.exe
  C:\Windows\System\fuGIbAh.exe
  2⤵
  PID:6452
- C:\Windows\System\FMtQkFm.exe
  C:\Windows\System\FMtQkFm.exe
  2⤵
  PID:6480
- C:\Windows\System\pyesqTi.exe
  C:\Windows\System\pyesqTi.exe
  2⤵
  PID:6496
- C:\Windows\System\rFQHbqd.exe
  C:\Windows\System\rFQHbqd.exe
  2⤵
  PID:6516
- C:\Windows\System\vnLcWrk.exe
  C:\Windows\System\vnLcWrk.exe
  2⤵
  PID:6536
- C:\Windows\System\xeJPAQN.exe
  C:\Windows\System\xeJPAQN.exe
  2⤵
  PID:6556
- C:\Windows\System\lqhBTtw.exe
  C:\Windows\System\lqhBTtw.exe
  2⤵
  PID:6572
- C:\Windows\System\nvyDJtg.exe
  C:\Windows\System\nvyDJtg.exe
  2⤵
  PID:6588
- C:\Windows\System\LAMnpTM.exe
  C:\Windows\System\LAMnpTM.exe
  2⤵
  PID:6620
- C:\Windows\System\lTWiKkD.exe
  C:\Windows\System\lTWiKkD.exe
  2⤵
  PID:6640
- C:\Windows\System\tSoARyM.exe
  C:\Windows\System\tSoARyM.exe
  2⤵
  PID:6656
- C:\Windows\System\prIXWSE.exe
  C:\Windows\System\prIXWSE.exe
  2⤵
  PID:6688
- C:\Windows\System\amXRpcS.exe
  C:\Windows\System\amXRpcS.exe
  2⤵
  PID:6704
- C:\Windows\System\FeteXEF.exe
  C:\Windows\System\FeteXEF.exe
  2⤵
  PID:6728
- C:\Windows\System\coLnWjC.exe
  C:\Windows\System\coLnWjC.exe
  2⤵
  PID:6744
- C:\Windows\System\dKiQDmb.exe
  C:\Windows\System\dKiQDmb.exe
  2⤵
  PID:6764
- C:\Windows\System\xdVmens.exe
  C:\Windows\System\xdVmens.exe
  2⤵
  PID:6780
- C:\Windows\System\SVaDCgu.exe
  C:\Windows\System\SVaDCgu.exe
  2⤵
  PID:6804
- C:\Windows\System\qqwyqCj.exe
  C:\Windows\System\qqwyqCj.exe
  2⤵
  PID:6828
- C:\Windows\System\yjpHCys.exe
  C:\Windows\System\yjpHCys.exe
  2⤵
  PID:6844
- C:\Windows\System\vbMctiP.exe
  C:\Windows\System\vbMctiP.exe
  2⤵
  PID:6868
- C:\Windows\System\wlrLERL.exe
  C:\Windows\System\wlrLERL.exe
  2⤵
  PID:6884
- C:\Windows\System\KVsNMRI.exe
  C:\Windows\System\KVsNMRI.exe
  2⤵
  PID:6904
- C:\Windows\System\QayNGaT.exe
  C:\Windows\System\QayNGaT.exe
  2⤵
  PID:6920
- C:\Windows\System\kxxHGtE.exe
  C:\Windows\System\kxxHGtE.exe
  2⤵
  PID:6944
- C:\Windows\System\AyftbFl.exe
  C:\Windows\System\AyftbFl.exe
  2⤵
  PID:6960
- C:\Windows\System\argHQyO.exe
  C:\Windows\System\argHQyO.exe
  2⤵
  PID:6988
- C:\Windows\System\zsGYjFI.exe
  C:\Windows\System\zsGYjFI.exe
  2⤵
  PID:7004
- C:\Windows\System\sasQlZq.exe
  C:\Windows\System\sasQlZq.exe
  2⤵
  PID:7020
- C:\Windows\System\jkCsZgH.exe
  C:\Windows\System\jkCsZgH.exe
  2⤵
  PID:7040
- C:\Windows\System\dytsdxa.exe
  C:\Windows\System\dytsdxa.exe
  2⤵
  PID:7060
- C:\Windows\System\DowpwSi.exe
  C:\Windows\System\DowpwSi.exe
  2⤵
  PID:7080
- C:\Windows\System\ePuWSqt.exe
  C:\Windows\System\ePuWSqt.exe
  2⤵
  PID:7096
- C:\Windows\System\wnLZmFw.exe
  C:\Windows\System\wnLZmFw.exe
  2⤵
  PID:7112
- C:\Windows\System\PcxPynM.exe
  C:\Windows\System\PcxPynM.exe
  2⤵
  PID:7128
- C:\Windows\System\eHeiIPq.exe
  C:\Windows\System\eHeiIPq.exe
  2⤵
  PID:7148
- C:\Windows\System\GPkdhSI.exe
  C:\Windows\System\GPkdhSI.exe
  2⤵
  PID:5388
- C:\Windows\System\OxpLSWr.exe
  C:\Windows\System\OxpLSWr.exe
  2⤵
  PID:6108
- C:\Windows\System\OghtvgT.exe
  C:\Windows\System\OghtvgT.exe
  2⤵
  PID:5968
- C:\Windows\System\uNDKrvm.exe
  C:\Windows\System\uNDKrvm.exe
  2⤵
  PID:6188
- C:\Windows\System\vyujIbo.exe
  C:\Windows\System\vyujIbo.exe
  2⤵
  PID:6244
- C:\Windows\System\PkSGSxj.exe
  C:\Windows\System\PkSGSxj.exe
  2⤵
  PID:6252
- C:\Windows\System\fPRdamd.exe
  C:\Windows\System\fPRdamd.exe
  2⤵
  PID:6268
- C:\Windows\System\IcKUFEB.exe
  C:\Windows\System\IcKUFEB.exe
  2⤵
  PID:6328
- C:\Windows\System\BTYLWAC.exe
  C:\Windows\System\BTYLWAC.exe
  2⤵
  PID:6356
- C:\Windows\System\pDgVulY.exe
  C:\Windows\System\pDgVulY.exe
  2⤵
  PID:6380
- C:\Windows\System\OnbeSvA.exe
  C:\Windows\System\OnbeSvA.exe
  2⤵
  PID:6444
- C:\Windows\System\kNDBuxe.exe
  C:\Windows\System\kNDBuxe.exe
  2⤵
  PID:6488
- C:\Windows\System\dKAmFuP.exe
  C:\Windows\System\dKAmFuP.exe
  2⤵
  PID:6464
- C:\Windows\System\cCuOxXe.exe
  C:\Windows\System\cCuOxXe.exe
  2⤵
  PID:6564
- C:\Windows\System\HayCLhI.exe
  C:\Windows\System\HayCLhI.exe
  2⤵
  PID:6580
- C:\Windows\System\HKAPANT.exe
  C:\Windows\System\HKAPANT.exe
  2⤵
  PID:6608
- C:\Windows\System\jUYHLpv.exe
  C:\Windows\System\jUYHLpv.exe
  2⤵
  PID:6648
- C:\Windows\System\NfhfBcq.exe
  C:\Windows\System\NfhfBcq.exe
  2⤵
  PID:6664
- C:\Windows\System\qLecBdV.exe
  C:\Windows\System\qLecBdV.exe
  2⤵
  PID:6672
- C:\Windows\System\ApBrbDe.exe
  C:\Windows\System\ApBrbDe.exe
  2⤵
  PID:6700
- C:\Windows\System\GIlbYeS.exe
  C:\Windows\System\GIlbYeS.exe
  2⤵
  PID:6724
- C:\Windows\System\QHMUNzS.exe
  C:\Windows\System\QHMUNzS.exe
  2⤵
  PID:6792
- C:\Windows\System\kqyZLSa.exe
  C:\Windows\System\kqyZLSa.exe
  2⤵
  PID:6796
- C:\Windows\System\uuHPhOx.exe
  C:\Windows\System\uuHPhOx.exe
  2⤵
  PID:6836
- C:\Windows\System\pYCyPLH.exe
  C:\Windows\System\pYCyPLH.exe
  2⤵
  PID:6892
- C:\Windows\System\NDXXEUF.exe
  C:\Windows\System\NDXXEUF.exe
  2⤵
  PID:6932
- C:\Windows\System\ukSxOAO.exe
  C:\Windows\System\ukSxOAO.exe
  2⤵
  PID:6976
- C:\Windows\System\UyKEvWH.exe
  C:\Windows\System\UyKEvWH.exe
  2⤵
  PID:6952
- C:\Windows\System\GqCOQlB.exe
  C:\Windows\System\GqCOQlB.exe
  2⤵
  PID:7000
- C:\Windows\System\wlABCXp.exe
  C:\Windows\System\wlABCXp.exe
  2⤵
  PID:7088
- C:\Windows\System\zSOIlOU.exe
  C:\Windows\System\zSOIlOU.exe
  2⤵
  PID:6068
- C:\Windows\System\bcXVXqD.exe
  C:\Windows\System\bcXVXqD.exe
  2⤵
  PID:5512
- C:\Windows\System\xhasNLz.exe
  C:\Windows\System\xhasNLz.exe
  2⤵
  PID:7104
- C:\Windows\System\TQuuNPv.exe
  C:\Windows\System\TQuuNPv.exe
  2⤵
  PID:7032
- C:\Windows\System\XmJFeSr.exe
  C:\Windows\System\XmJFeSr.exe
  2⤵
  PID:5800
- C:\Windows\System\lWEjpKs.exe
  C:\Windows\System\lWEjpKs.exe
  2⤵
  PID:5684
- C:\Windows\System\tQOhgeb.exe
  C:\Windows\System\tQOhgeb.exe
  2⤵
  PID:6264
- C:\Windows\System\trYMwPN.exe
  C:\Windows\System\trYMwPN.exe
  2⤵
  PID:6312
- C:\Windows\System\ySVIdaj.exe
  C:\Windows\System\ySVIdaj.exe
  2⤵
  PID:6412
- C:\Windows\System\NNTSgie.exe
  C:\Windows\System\NNTSgie.exe
  2⤵
  PID:6432
- C:\Windows\System\vZVRsDM.exe
  C:\Windows\System\vZVRsDM.exe
  2⤵
  PID:6532
- C:\Windows\System\IfPTIHI.exe
  C:\Windows\System\IfPTIHI.exe
  2⤵
  PID:6468
- C:\Windows\System\MELmxSw.exe
  C:\Windows\System\MELmxSw.exe
  2⤵
  PID:6616
- C:\Windows\System\HMcapqz.exe
  C:\Windows\System\HMcapqz.exe
  2⤵
  PID:6684
- C:\Windows\System\Warxdbf.exe
  C:\Windows\System\Warxdbf.exe
  2⤵
  PID:6720
- C:\Windows\System\VAjnNGI.exe
  C:\Windows\System\VAjnNGI.exe
  2⤵
  PID:6752
- C:\Windows\System\SwskABh.exe
  C:\Windows\System\SwskABh.exe
  2⤵
  PID:6816
- C:\Windows\System\ADoFdMu.exe
  C:\Windows\System\ADoFdMu.exe
  2⤵
  PID:6860
- C:\Windows\System\VtztIij.exe
  C:\Windows\System\VtztIij.exe
  2⤵
  PID:6900
- C:\Windows\System\BKFxFWK.exe
  C:\Windows\System\BKFxFWK.exe
  2⤵
  PID:6980
- C:\Windows\System\HmhSzRQ.exe
  C:\Windows\System\HmhSzRQ.exe
  2⤵
  PID:6996
- C:\Windows\System\edaqyml.exe
  C:\Windows\System\edaqyml.exe
  2⤵
  PID:7164
- C:\Windows\System\TdtFSdl.exe
  C:\Windows\System\TdtFSdl.exe
  2⤵
  PID:6148
- C:\Windows\System\rzuhpMg.exe
  C:\Windows\System\rzuhpMg.exe
  2⤵
  PID:6212
- C:\Windows\System\GSamIfL.exe
  C:\Windows\System\GSamIfL.exe
  2⤵
  PID:6160
- C:\Windows\System\lHeAJco.exe
  C:\Windows\System\lHeAJco.exe
  2⤵
  PID:6004
- C:\Windows\System\DBOUvKY.exe
  C:\Windows\System\DBOUvKY.exe
  2⤵
  PID:6528
- C:\Windows\System\BObnlEe.exe
  C:\Windows\System\BObnlEe.exe
  2⤵
  PID:6548
- C:\Windows\System\hoGtlRS.exe
  C:\Windows\System\hoGtlRS.exe
  2⤵
  PID:6376
- C:\Windows\System\vaQEoWw.exe
  C:\Windows\System\vaQEoWw.exe
  2⤵
  PID:6584
- C:\Windows\System\BSpzdzN.exe
  C:\Windows\System\BSpzdzN.exe
  2⤵
  PID:6696
- C:\Windows\System\JSkNgei.exe
  C:\Windows\System\JSkNgei.exe
  2⤵
  PID:6776
- C:\Windows\System\IGSpVYf.exe
  C:\Windows\System\IGSpVYf.exe
  2⤵
  PID:6856
- C:\Windows\System\lIPSUOv.exe
  C:\Windows\System\lIPSUOv.exe
  2⤵
  PID:7016
- C:\Windows\System\WMDFCHT.exe
  C:\Windows\System\WMDFCHT.exe
  2⤵
  PID:7056
- C:\Windows\System\kvxBNaZ.exe
  C:\Windows\System\kvxBNaZ.exe
  2⤵
  PID:7076
- C:\Windows\System\JMZNYjf.exe
  C:\Windows\System\JMZNYjf.exe
  2⤵
  PID:6300
- C:\Windows\System\qiaEmrT.exe
  C:\Windows\System\qiaEmrT.exe
  2⤵
  PID:6248
- C:\Windows\System\BnBTWcR.exe
  C:\Windows\System\BnBTWcR.exe
  2⤵
  PID:6632
- C:\Windows\System\UMbJOdl.exe
  C:\Windows\System\UMbJOdl.exe
  2⤵
  PID:6156
- C:\Windows\System\MXpIrRJ.exe
  C:\Windows\System\MXpIrRJ.exe
  2⤵
  PID:6344
- C:\Windows\System\IKpcBtb.exe
  C:\Windows\System\IKpcBtb.exe
  2⤵
  PID:6604
- C:\Windows\System\ZwXhemy.exe
  C:\Windows\System\ZwXhemy.exe
  2⤵
  PID:6912
- C:\Windows\System\CmfYDft.exe
  C:\Windows\System\CmfYDft.exe
  2⤵
  PID:7068
- C:\Windows\System\hJofNdh.exe
  C:\Windows\System\hJofNdh.exe
  2⤵
  PID:6280
- C:\Windows\System\SqTXqaO.exe
  C:\Windows\System\SqTXqaO.exe
  2⤵
  PID:6276
- C:\Windows\System\KNssZiS.exe
  C:\Windows\System\KNssZiS.exe
  2⤵
  PID:6600
- C:\Windows\System\CfhMdFu.exe
  C:\Windows\System\CfhMdFu.exe
  2⤵
  PID:5728
- C:\Windows\System\eJaxwCP.exe
  C:\Windows\System\eJaxwCP.exe
  2⤵
  PID:7140
- C:\Windows\System\JIVMDTo.exe
  C:\Windows\System\JIVMDTo.exe
  2⤵
  PID:6876
- C:\Windows\System\ubHwUZY.exe
  C:\Windows\System\ubHwUZY.exe
  2⤵
  PID:7188
- C:\Windows\System\GbSEbtJ.exe
  C:\Windows\System\GbSEbtJ.exe
  2⤵
  PID:7212
- C:\Windows\System\dDfuOXK.exe
  C:\Windows\System\dDfuOXK.exe
  2⤵
  PID:7232
- C:\Windows\System\IOdFSZu.exe
  C:\Windows\System\IOdFSZu.exe
  2⤵
  PID:7252
- C:\Windows\System\DRlHrRh.exe
  C:\Windows\System\DRlHrRh.exe
  2⤵
  PID:7272
- C:\Windows\System\BQzJhGG.exe
  C:\Windows\System\BQzJhGG.exe
  2⤵
  PID:7292
- C:\Windows\System\JUXyxPu.exe
  C:\Windows\System\JUXyxPu.exe
  2⤵
  PID:7316
- C:\Windows\System\iGXfVvt.exe
  C:\Windows\System\iGXfVvt.exe
  2⤵
  PID:7332
- C:\Windows\System\TxBZOjU.exe
  C:\Windows\System\TxBZOjU.exe
  2⤵
  PID:7352
- C:\Windows\System\tHFcASy.exe
  C:\Windows\System\tHFcASy.exe
  2⤵
  PID:7372
- C:\Windows\System\WfxQbXu.exe
  C:\Windows\System\WfxQbXu.exe
  2⤵
  PID:7396
- C:\Windows\System\InJjEua.exe
  C:\Windows\System\InJjEua.exe
  2⤵
  PID:7412
- C:\Windows\System\mrvukal.exe
  C:\Windows\System\mrvukal.exe
  2⤵
  PID:7436
- C:\Windows\System\FSvUoHy.exe
  C:\Windows\System\FSvUoHy.exe
  2⤵
  PID:7456
- C:\Windows\System\DRonXBV.exe
  C:\Windows\System\DRonXBV.exe
  2⤵
  PID:7480
- C:\Windows\System\JAWIXcW.exe
  C:\Windows\System\JAWIXcW.exe
  2⤵
  PID:7496
- C:\Windows\System\nuZBEZv.exe
  C:\Windows\System\nuZBEZv.exe
  2⤵
  PID:7512
- C:\Windows\System\ldGsZHx.exe
  C:\Windows\System\ldGsZHx.exe
  2⤵
  PID:7536
- C:\Windows\System\bVxCJSL.exe
  C:\Windows\System\bVxCJSL.exe
  2⤵
  PID:7552
- C:\Windows\System\yMcjyUQ.exe
  C:\Windows\System\yMcjyUQ.exe
  2⤵
  PID:7568
- C:\Windows\System\pamXCpa.exe
  C:\Windows\System\pamXCpa.exe
  2⤵
  PID:7600
- C:\Windows\System\ovJwaAM.exe
  C:\Windows\System\ovJwaAM.exe
  2⤵
  PID:7616
- C:\Windows\System\ARtWYFS.exe
  C:\Windows\System\ARtWYFS.exe
  2⤵
  PID:7636
- C:\Windows\System\eTuudgF.exe
  C:\Windows\System\eTuudgF.exe
  2⤵
  PID:7652
- C:\Windows\System\CYuqgwL.exe
  C:\Windows\System\CYuqgwL.exe
  2⤵
  PID:7672
- C:\Windows\System\MLDgwjq.exe
  C:\Windows\System\MLDgwjq.exe
  2⤵
  PID:7700
- C:\Windows\System\vwixlfg.exe
  C:\Windows\System\vwixlfg.exe
  2⤵
  PID:7724
- C:\Windows\System\qnXYqHi.exe
  C:\Windows\System\qnXYqHi.exe
  2⤵
  PID:7740
- C:\Windows\System\ysfbCXm.exe
  C:\Windows\System\ysfbCXm.exe
  2⤵
  PID:7764
- C:\Windows\System\bbwbVTv.exe
  C:\Windows\System\bbwbVTv.exe
  2⤵
  PID:7784
- C:\Windows\System\YFpJQJu.exe
  C:\Windows\System\YFpJQJu.exe
  2⤵
  PID:7800
- C:\Windows\System\eyykxxe.exe
  C:\Windows\System\eyykxxe.exe
  2⤵
  PID:7820
- C:\Windows\System\WQXEwrl.exe
  C:\Windows\System\WQXEwrl.exe
  2⤵
  PID:7844
- C:\Windows\System\SSNpYnt.exe
  C:\Windows\System\SSNpYnt.exe
  2⤵
  PID:7860
- C:\Windows\System\rXSVOUK.exe
  C:\Windows\System\rXSVOUK.exe
  2⤵
  PID:7884
- C:\Windows\System\UKXesSa.exe
  C:\Windows\System\UKXesSa.exe
  2⤵
  PID:7900
- C:\Windows\System\vTeHQuR.exe
  C:\Windows\System\vTeHQuR.exe
  2⤵
  PID:7924
- C:\Windows\System\SsYOcAV.exe
  C:\Windows\System\SsYOcAV.exe
  2⤵
  PID:7940
- C:\Windows\System\veqHywf.exe
  C:\Windows\System\veqHywf.exe
  2⤵
  PID:7956
- C:\Windows\System\XeCxOKA.exe
  C:\Windows\System\XeCxOKA.exe
  2⤵
  PID:7984
- C:\Windows\System\RAbtiCv.exe
  C:\Windows\System\RAbtiCv.exe
  2⤵
  PID:8000
- C:\Windows\System\rPeBUDR.exe
  C:\Windows\System\rPeBUDR.exe
  2⤵
  PID:8020
- C:\Windows\System\JyjPeuJ.exe
  C:\Windows\System\JyjPeuJ.exe
  2⤵
  PID:8036
- C:\Windows\System\jGFbnCL.exe
  C:\Windows\System\jGFbnCL.exe
  2⤵
  PID:8064
- C:\Windows\System\hWpMGsZ.exe
  C:\Windows\System\hWpMGsZ.exe
  2⤵
  PID:8080
- C:\Windows\System\NBNyDNC.exe
  C:\Windows\System\NBNyDNC.exe
  2⤵
  PID:8100
- C:\Windows\System\eehVqNi.exe
  C:\Windows\System\eehVqNi.exe
  2⤵
  PID:8124
- C:\Windows\System\DSvAtTd.exe
  C:\Windows\System\DSvAtTd.exe
  2⤵
  PID:8140
- C:\Windows\System\seRzAHs.exe
  C:\Windows\System\seRzAHs.exe
  2⤵
  PID:8160
- C:\Windows\System\CHDTKmr.exe
  C:\Windows\System\CHDTKmr.exe
  2⤵
  PID:8180
- C:\Windows\System\vzBTpvw.exe
  C:\Windows\System\vzBTpvw.exe
  2⤵
  PID:7176
- C:\Windows\System\apaVbHZ.exe
  C:\Windows\System\apaVbHZ.exe
  2⤵
  PID:6296
- C:\Windows\System\yiJGnVp.exe
  C:\Windows\System\yiJGnVp.exe
  2⤵
  PID:7200
- C:\Windows\System\UIpNzLR.exe
  C:\Windows\System\UIpNzLR.exe
  2⤵
  PID:7240
- C:\Windows\System\rkDqYFT.exe
  C:\Windows\System\rkDqYFT.exe
  2⤵
  PID:7260
- C:\Windows\System\bVnsJFb.exe
  C:\Windows\System\bVnsJFb.exe
  2⤵
  PID:7312
- C:\Windows\System\zmuwyyg.exe
  C:\Windows\System\zmuwyyg.exe
  2⤵
  PID:7288
- C:\Windows\System\tOvmuwp.exe
  C:\Windows\System\tOvmuwp.exe
  2⤵
  PID:7380
- C:\Windows\System\MjNZRts.exe
  C:\Windows\System\MjNZRts.exe
  2⤵
  PID:7420
- C:\Windows\System\NwRUofB.exe
  C:\Windows\System\NwRUofB.exe
  2⤵
  PID:7408
- C:\Windows\System\XCbBUWw.exe
  C:\Windows\System\XCbBUWw.exe
  2⤵
  PID:7472
- C:\Windows\System\LIwDdpM.exe
  C:\Windows\System\LIwDdpM.exe
  2⤵
  PID:7508
- C:\Windows\System\dPsDEUy.exe
  C:\Windows\System\dPsDEUy.exe
  2⤵
  PID:7548
- C:\Windows\System\uKZCTCG.exe
  C:\Windows\System\uKZCTCG.exe
  2⤵
  PID:7588
- C:\Windows\System\UBCDWAu.exe
  C:\Windows\System\UBCDWAu.exe
  2⤵
  PID:7560
- C:\Windows\System\MeoEICw.exe
  C:\Windows\System\MeoEICw.exe
  2⤵
  PID:7660
- C:\Windows\System\qofBHfY.exe
  C:\Windows\System\qofBHfY.exe
  2⤵
  PID:7648
- C:\Windows\System\AgvbYTR.exe
  C:\Windows\System\AgvbYTR.exe
  2⤵
  PID:7708
- C:\Windows\System\RwPdBcD.exe
  C:\Windows\System\RwPdBcD.exe
  2⤵
  PID:7716
- C:\Windows\System\BBJfNMk.exe
  C:\Windows\System\BBJfNMk.exe
  2⤵
  PID:7752
- C:\Windows\System\WcCfoQR.exe
  C:\Windows\System\WcCfoQR.exe
  2⤵
  PID:7760
- C:\Windows\System\oNqdVGa.exe
  C:\Windows\System\oNqdVGa.exe
  2⤵
  PID:7812
- C:\Windows\System\MWwlJia.exe
  C:\Windows\System\MWwlJia.exe
  2⤵
  PID:7852
- C:\Windows\System\ycRcyUf.exe
  C:\Windows\System\ycRcyUf.exe
  2⤵
  PID:7916
- C:\Windows\System\hHEYEfT.exe
  C:\Windows\System\hHEYEfT.exe
  2⤵
  PID:7952
- C:\Windows\System\YeZdMOn.exe
  C:\Windows\System\YeZdMOn.exe
  2⤵
  PID:7972
- C:\Windows\System\uHeymzl.exe
  C:\Windows\System\uHeymzl.exe
  2⤵
  PID:8028
- C:\Windows\System\QPejblM.exe
  C:\Windows\System\QPejblM.exe
  2⤵
  PID:8052
- C:\Windows\System\aeQFHUy.exe
  C:\Windows\System\aeQFHUy.exe
  2⤵
  PID:8076
- C:\Windows\System\XHMAMMf.exe
  C:\Windows\System\XHMAMMf.exe
  2⤵
  PID:8092
- C:\Windows\System\CHXjEdh.exe
  C:\Windows\System\CHXjEdh.exe
  2⤵
  PID:8120
- C:\Windows\System\EcGlHLL.exe
  C:\Windows\System\EcGlHLL.exe
  2⤵
  PID:8156
- C:\Windows\System\uhgUAzZ.exe
  C:\Windows\System\uhgUAzZ.exe
  2⤵
  PID:6428
- C:\Windows\System\pINOjDP.exe
  C:\Windows\System\pINOjDP.exe
  2⤵
  PID:7184
- C:\Windows\System\VnTvvnU.exe
  C:\Windows\System\VnTvvnU.exe
  2⤵
  PID:7340
- C:\Windows\System\xXatVyx.exe
  C:\Windows\System\xXatVyx.exe
  2⤵
  PID:7308
- C:\Windows\System\zJlkSxB.exe
  C:\Windows\System\zJlkSxB.exe
  2⤵
  PID:7348
- C:\Windows\System\TuonAYe.exe
  C:\Windows\System\TuonAYe.exe
  2⤵
  PID:7464
- C:\Windows\System\oArMMHk.exe
  C:\Windows\System\oArMMHk.exe
  2⤵
  PID:7432
- C:\Windows\System\pIQTfLZ.exe
  C:\Windows\System\pIQTfLZ.exe
  2⤵
  PID:7520
- C:\Windows\System\UPcmaCJ.exe
  C:\Windows\System\UPcmaCJ.exe
  2⤵
  PID:7668
- C:\Windows\System\plsUOEd.exe
  C:\Windows\System\plsUOEd.exe
  2⤵
  PID:7776
- C:\Windows\System\oQMrKTs.exe
  C:\Windows\System\oQMrKTs.exe
  2⤵
  PID:7632
- C:\Windows\System\vuptJWT.exe
  C:\Windows\System\vuptJWT.exe
  2⤵
  PID:7736
- C:\Windows\System\SDQAPUP.exe
  C:\Windows\System\SDQAPUP.exe
  2⤵
  PID:7816
- C:\Windows\System\myNQtTs.exe
  C:\Windows\System\myNQtTs.exe
  2⤵
  PID:7892
- C:\Windows\System\NOGbcjA.exe
  C:\Windows\System\NOGbcjA.exe
  2⤵
  PID:7948
- C:\Windows\System\EjedrEn.exe
  C:\Windows\System\EjedrEn.exe
  2⤵
  PID:8008
- C:\Windows\System\JTqsCVl.exe
  C:\Windows\System\JTqsCVl.exe
  2⤵
  PID:8072
- C:\Windows\System\mmyAZmn.exe
  C:\Windows\System\mmyAZmn.exe
  2⤵
  PID:8016
- C:\Windows\System\znortbx.exe
  C:\Windows\System\znortbx.exe
  2⤵
  PID:8116
- C:\Windows\System\uqekreT.exe
  C:\Windows\System\uqekreT.exe
  2⤵
  PID:6424
- C:\Windows\System\dxPDrxC.exe
  C:\Windows\System\dxPDrxC.exe
  2⤵
  PID:7196
- C:\Windows\System\nSRnhGH.exe
  C:\Windows\System\nSRnhGH.exe
  2⤵
  PID:7528
- C:\Windows\System\VnYkGrU.exe
  C:\Windows\System\VnYkGrU.exe
  2⤵
  PID:7476
- C:\Windows\System\GirLVzf.exe
  C:\Windows\System\GirLVzf.exe
  2⤵
  PID:7544
- C:\Windows\System\TYMRUGc.exe
  C:\Windows\System\TYMRUGc.exe
  2⤵
  PID:7628
- C:\Windows\System\PwBgwSM.exe
  C:\Windows\System\PwBgwSM.exe
  2⤵
  PID:7712
- C:\Windows\System\RlXfCxs.exe
  C:\Windows\System\RlXfCxs.exe
  2⤵
  PID:7828
- C:\Windows\System\cMhwGvf.exe
  C:\Windows\System\cMhwGvf.exe
  2⤵
  PID:7932
- C:\Windows\System\UEJleiB.exe
  C:\Windows\System\UEJleiB.exe
  2⤵
  PID:7808
- C:\Windows\System\MAALSDp.exe
  C:\Windows\System\MAALSDp.exe
  2⤵
  PID:7992
- C:\Windows\System\RXLtGcf.exe
  C:\Windows\System\RXLtGcf.exe
  2⤵
  PID:8112
- C:\Windows\System\NxTvGSl.exe
  C:\Windows\System\NxTvGSl.exe
  2⤵
  PID:8088
- C:\Windows\System\jDYijqD.exe
  C:\Windows\System\jDYijqD.exe
  2⤵
  PID:8188
- C:\Windows\System\jehefPe.exe
  C:\Windows\System\jehefPe.exe
  2⤵
  PID:7280
- C:\Windows\System\JMMhjBF.exe
  C:\Windows\System\JMMhjBF.exe
  2⤵
  PID:7360
- C:\Windows\System\qMlHsLn.exe
  C:\Windows\System\qMlHsLn.exe
  2⤵
  PID:7596
- C:\Windows\System\aMHkOZG.exe
  C:\Windows\System\aMHkOZG.exe
  2⤵
  PID:7328
- C:\Windows\System\BjNyCmp.exe
  C:\Windows\System\BjNyCmp.exe
  2⤵
  PID:7936
- C:\Windows\System\sjtZPUI.exe
  C:\Windows\System\sjtZPUI.exe
  2⤵
  PID:8108
- C:\Windows\System\YRJzYSt.exe
  C:\Windows\System\YRJzYSt.exe
  2⤵
  PID:7968
- C:\Windows\System\EddcSTM.exe
  C:\Windows\System\EddcSTM.exe
  2⤵
  PID:8176
- C:\Windows\System\JFxwBsX.exe
  C:\Windows\System\JFxwBsX.exe
  2⤵
  PID:7284
- C:\Windows\System\ZWvJmqG.exe
  C:\Windows\System\ZWvJmqG.exe
  2⤵
  PID:7504
- C:\Windows\System\ihScRXk.exe
  C:\Windows\System\ihScRXk.exe
  2⤵
  PID:7692
- C:\Windows\System\qeAweRp.exe
  C:\Windows\System\qeAweRp.exe
  2⤵
  PID:7896
- C:\Windows\System\JXVNYYO.exe
  C:\Windows\System\JXVNYYO.exe
  2⤵
  PID:7228
- C:\Windows\System\RUZPRVq.exe
  C:\Windows\System\RUZPRVq.exe
  2⤵
  PID:8152
- C:\Windows\System\nKgAQbf.exe
  C:\Windows\System\nKgAQbf.exe
  2⤵
  PID:7796
- C:\Windows\System\iBzZylE.exe
  C:\Windows\System\iBzZylE.exe
  2⤵
  PID:8208
- C:\Windows\System\ZBLvdNg.exe
  C:\Windows\System\ZBLvdNg.exe
  2⤵
  PID:8224
- C:\Windows\System\klmvufd.exe
  C:\Windows\System\klmvufd.exe
  2⤵
  PID:8240
- C:\Windows\System\buWRfbH.exe
  C:\Windows\System\buWRfbH.exe
  2⤵
  PID:8256
- C:\Windows\System\kWeLDVR.exe
  C:\Windows\System\kWeLDVR.exe
  2⤵
  PID:8272
- C:\Windows\System\OtRAWeF.exe
  C:\Windows\System\OtRAWeF.exe
  2⤵
  PID:8288
- C:\Windows\System\YcGSVjS.exe
  C:\Windows\System\YcGSVjS.exe
  2⤵
  PID:8304
- C:\Windows\System\XcnTOpX.exe
  C:\Windows\System\XcnTOpX.exe
  2⤵
  PID:8320
- C:\Windows\System\rbuiKCt.exe
  C:\Windows\System\rbuiKCt.exe
  2⤵
  PID:8336
- C:\Windows\System\hnLObGt.exe
  C:\Windows\System\hnLObGt.exe
  2⤵
  PID:8352
- C:\Windows\System\bteyMEE.exe
  C:\Windows\System\bteyMEE.exe
  2⤵
  PID:8384
- C:\Windows\System\CYMUjKs.exe
  C:\Windows\System\CYMUjKs.exe
  2⤵
  PID:8404
- C:\Windows\System\rllqWHL.exe
  C:\Windows\System\rllqWHL.exe
  2⤵
  PID:8420
- C:\Windows\System\CnOJOKa.exe
  C:\Windows\System\CnOJOKa.exe
  2⤵
  PID:8436
- C:\Windows\System\IFlehPA.exe
  C:\Windows\System\IFlehPA.exe
  2⤵
  PID:8456
- C:\Windows\System\nZdZYnk.exe
  C:\Windows\System\nZdZYnk.exe
  2⤵
  PID:8472
- C:\Windows\System\DpPwlrN.exe
  C:\Windows\System\DpPwlrN.exe
  2⤵
  PID:8488
- C:\Windows\System\YCEgyVd.exe
  C:\Windows\System\YCEgyVd.exe
  2⤵
  PID:8504
- C:\Windows\System\KpaLeux.exe
  C:\Windows\System\KpaLeux.exe
  2⤵
  PID:8528
- C:\Windows\System\FDOfobD.exe
  C:\Windows\System\FDOfobD.exe
  2⤵
  PID:8544
- C:\Windows\System\mIUtChn.exe
  C:\Windows\System\mIUtChn.exe
  2⤵
  PID:8560
- C:\Windows\System\usihLaY.exe
  C:\Windows\System\usihLaY.exe
  2⤵
  PID:8580
- C:\Windows\System\sfXjZdC.exe
  C:\Windows\System\sfXjZdC.exe
  2⤵
  PID:8600
- C:\Windows\System\qorOwPr.exe
  C:\Windows\System\qorOwPr.exe
  2⤵
  PID:8624
- C:\Windows\System\IIzkLfM.exe
  C:\Windows\System\IIzkLfM.exe
  2⤵
  PID:8644
- C:\Windows\System\lkjEYJg.exe
  C:\Windows\System\lkjEYJg.exe
  2⤵
  PID:8660
- C:\Windows\System\ifDTJPa.exe
  C:\Windows\System\ifDTJPa.exe
  2⤵
  PID:8676
- C:\Windows\System\qpZkWLS.exe
  C:\Windows\System\qpZkWLS.exe
  2⤵
  PID:8692
- C:\Windows\System\YYszxHr.exe
  C:\Windows\System\YYszxHr.exe
  2⤵
  PID:8712
- C:\Windows\System\AavqOUf.exe
  C:\Windows\System\AavqOUf.exe
  2⤵
  PID:8728
- C:\Windows\System\XNNcBBt.exe
  C:\Windows\System\XNNcBBt.exe
  2⤵
  PID:8748
- C:\Windows\System\nHBMvRe.exe
  C:\Windows\System\nHBMvRe.exe
  2⤵
  PID:8764
- C:\Windows\System\zgGliNK.exe
  C:\Windows\System\zgGliNK.exe
  2⤵
  PID:8780
- C:\Windows\System\KkLmNPA.exe
  C:\Windows\System\KkLmNPA.exe
  2⤵
  PID:8796
- C:\Windows\System\sVVTRst.exe
  C:\Windows\System\sVVTRst.exe
  2⤵
  PID:8816
- C:\Windows\System\ejTjSjL.exe
  C:\Windows\System\ejTjSjL.exe
  2⤵
  PID:8832
- C:\Windows\System\QDKzbSl.exe
  C:\Windows\System\QDKzbSl.exe
  2⤵
  PID:8848
- C:\Windows\System\BxPLIgT.exe
  C:\Windows\System\BxPLIgT.exe
  2⤵
  PID:8864
- C:\Windows\System\cjYjaTH.exe
  C:\Windows\System\cjYjaTH.exe
  2⤵
  PID:8880
- C:\Windows\System\tfZDxLd.exe
  C:\Windows\System\tfZDxLd.exe
  2⤵
  PID:8896
- C:\Windows\System\YqkaabS.exe
  C:\Windows\System\YqkaabS.exe
  2⤵
  PID:8928
- C:\Windows\System\wUSRUOu.exe
  C:\Windows\System\wUSRUOu.exe
  2⤵
  PID:8948
- C:\Windows\System\ejiOIfn.exe
  C:\Windows\System\ejiOIfn.exe
  2⤵
  PID:8964
- C:\Windows\System\WbeHaKu.exe
  C:\Windows\System\WbeHaKu.exe
  2⤵
  PID:8984
- C:\Windows\System\zoHIgbv.exe
  C:\Windows\System\zoHIgbv.exe
  2⤵
  PID:9000
- C:\Windows\System\fSEaAYO.exe
  C:\Windows\System\fSEaAYO.exe
  2⤵
  PID:9016
- C:\Windows\System\FNoxVHP.exe
  C:\Windows\System\FNoxVHP.exe
  2⤵
  PID:9036
- C:\Windows\System\BRsPAWe.exe
  C:\Windows\System\BRsPAWe.exe
  2⤵
  PID:9052
- C:\Windows\System\CzXOxDT.exe
  C:\Windows\System\CzXOxDT.exe
  2⤵
  PID:9068
- C:\Windows\System\sNJidrO.exe
  C:\Windows\System\sNJidrO.exe
  2⤵
  PID:9084
- C:\Windows\System\APXauGN.exe
  C:\Windows\System\APXauGN.exe
  2⤵
  PID:9116
- C:\Windows\System\rFudOhm.exe
  C:\Windows\System\rFudOhm.exe
  2⤵
  PID:9136
- C:\Windows\System\RtQIEqY.exe
  C:\Windows\System\RtQIEqY.exe
  2⤵
  PID:9152
- C:\Windows\System\ZiqoLto.exe
  C:\Windows\System\ZiqoLto.exe
  2⤵
  PID:9168
- C:\Windows\System\QEXDcdl.exe
  C:\Windows\System\QEXDcdl.exe
  2⤵
  PID:9192
- C:\Windows\System\YRtEMAt.exe
  C:\Windows\System\YRtEMAt.exe
  2⤵
  PID:9208
- C:\Windows\System\oLdULjO.exe
  C:\Windows\System\oLdULjO.exe
  2⤵
  PID:7224
- C:\Windows\System\JbqEgBy.exe
  C:\Windows\System\JbqEgBy.exe
  2⤵
  PID:8216
- C:\Windows\System\HDlxOKM.exe
  C:\Windows\System\HDlxOKM.exe
  2⤵
  PID:8252
- C:\Windows\System\sKgNCnt.exe
  C:\Windows\System\sKgNCnt.exe
  2⤵
  PID:8284
- C:\Windows\System\SUVZPWH.exe
  C:\Windows\System\SUVZPWH.exe
  2⤵
  PID:8332
- C:\Windows\System\TBBlRIw.exe
  C:\Windows\System\TBBlRIw.exe
  2⤵
  PID:8364
- C:\Windows\System\AewsMQc.exe
  C:\Windows\System\AewsMQc.exe
  2⤵
  PID:8412
- C:\Windows\System\lFWqSMJ.exe
  C:\Windows\System\lFWqSMJ.exe
  2⤵
  PID:8444
- C:\Windows\System\IGrTAxq.exe
  C:\Windows\System\IGrTAxq.exe
  2⤵
  PID:8448
- C:\Windows\System\vfluIrb.exe
  C:\Windows\System\vfluIrb.exe
  2⤵
  PID:8464
- C:\Windows\System\PgzFliW.exe
  C:\Windows\System\PgzFliW.exe
  2⤵
  PID:8552
- C:\Windows\System\DIwVFlD.exe
  C:\Windows\System\DIwVFlD.exe
  2⤵
  PID:8572
- C:\Windows\System\fnUuAWw.exe
  C:\Windows\System\fnUuAWw.exe
  2⤵
  PID:8592
- C:\Windows\System\SQQEQNu.exe
  C:\Windows\System\SQQEQNu.exe
  2⤵
  PID:8612
- C:\Windows\System\ClsEeCc.exe
  C:\Windows\System\ClsEeCc.exe
  2⤵
  PID:8640
- C:\Windows\System\ZnmRFDm.exe
  C:\Windows\System\ZnmRFDm.exe
  2⤵
  PID:8668
- C:\Windows\System\XEUZdzy.exe
  C:\Windows\System\XEUZdzy.exe
  2⤵
  PID:8736
- C:\Windows\System\GCDOoOO.exe
  C:\Windows\System\GCDOoOO.exe
  2⤵
  PID:8744
- C:\Windows\System\ghFUTRS.exe
  C:\Windows\System\ghFUTRS.exe
  2⤵
  PID:8812
- C:\Windows\System\Llaavou.exe
  C:\Windows\System\Llaavou.exe
  2⤵
  PID:8828
- C:\Windows\System\APruMnH.exe
  C:\Windows\System\APruMnH.exe
  2⤵
  PID:8872
- C:\Windows\System\JzETEHm.exe
  C:\Windows\System\JzETEHm.exe
  2⤵
  PID:8916
- C:\Windows\System\tHmGuEt.exe
  C:\Windows\System\tHmGuEt.exe
  2⤵
  PID:8908
- C:\Windows\System\PIRMkHB.exe
  C:\Windows\System\PIRMkHB.exe
  2⤵
  PID:8940
- C:\Windows\System\wxyIddC.exe
  C:\Windows\System\wxyIddC.exe
  2⤵
  PID:8980
- C:\Windows\System\gTxWgbI.exe
  C:\Windows\System\gTxWgbI.exe
  2⤵
  PID:9032
- C:\Windows\System\fmvugdH.exe
  C:\Windows\System\fmvugdH.exe
  2⤵
  PID:9060
- C:\Windows\System\TQvGcTI.exe
  C:\Windows\System\TQvGcTI.exe
  2⤵
  PID:9076
- C:\Windows\System\SlEJFSx.exe
  C:\Windows\System\SlEJFSx.exe
  2⤵
  PID:9112
- C:\Windows\System\LfzknXd.exe
  C:\Windows\System\LfzknXd.exe
  2⤵
  PID:9132
- C:\Windows\System\raUjvwS.exe
  C:\Windows\System\raUjvwS.exe
  2⤵
  PID:9164
- C:\Windows\System\cRLcEyI.exe
  C:\Windows\System\cRLcEyI.exe
  2⤵
  PID:9188
- C:\Windows\System\zQkiwOp.exe
  C:\Windows\System\zQkiwOp.exe
  2⤵
  PID:9204
- C:\Windows\System\xGvbFWq.exe
  C:\Windows\System\xGvbFWq.exe
  2⤵
  PID:8248
- C:\Windows\System\wAXObrQ.exe
  C:\Windows\System\wAXObrQ.exe
  2⤵
  PID:8360
- C:\Windows\System\LcRgHiy.exe
  C:\Windows\System\LcRgHiy.exe
  2⤵
  PID:8372
- C:\Windows\System\cnCdVLj.exe
  C:\Windows\System\cnCdVLj.exe
  2⤵
  PID:8432
- C:\Windows\System\JeoJkDP.exe
  C:\Windows\System\JeoJkDP.exe
  2⤵
  PID:8484
- C:\Windows\System\AoLNHFf.exe
  C:\Windows\System\AoLNHFf.exe
  2⤵
  PID:8520
- C:\Windows\System\eoSWPyP.exe
  C:\Windows\System\eoSWPyP.exe
  2⤵
  PID:8616
- C:\Windows\System\vBCXrqZ.exe
  C:\Windows\System\vBCXrqZ.exe
  2⤵
  PID:8708
- C:\Windows\System\GPBrcHE.exe
  C:\Windows\System\GPBrcHE.exe
  2⤵
  PID:8772
- C:\Windows\System\BZbpcRY.exe
  C:\Windows\System\BZbpcRY.exe
  2⤵
  PID:8776
- C:\Windows\System\MEszydQ.exe
  C:\Windows\System\MEszydQ.exe
  2⤵
  PID:8656
- C:\Windows\System\PqDGKzI.exe
  C:\Windows\System\PqDGKzI.exe
  2⤵
  PID:8888
- C:\Windows\System\vBSrAUg.exe
  C:\Windows\System\vBSrAUg.exe
  2⤵
  PID:8904
- C:\Windows\System\SiosjpM.exe
  C:\Windows\System\SiosjpM.exe
  2⤵
  PID:8956
- C:\Windows\System\BmxHcHT.exe
  C:\Windows\System\BmxHcHT.exe
  2⤵
  PID:9044
- C:\Windows\System\PYcrxzp.exe
  C:\Windows\System\PYcrxzp.exe
  2⤵
  PID:9104
- C:\Windows\System\CeAwCCf.exe
  C:\Windows\System\CeAwCCf.exe
  2⤵
  PID:9012
- C:\Windows\System\kKjgZca.exe
  C:\Windows\System\kKjgZca.exe
  2⤵
  PID:8704
- C:\Windows\System\mCVnvou.exe
  C:\Windows\System\mCVnvou.exe
  2⤵
  PID:8200
- C:\Windows\System\GiaxpNd.exe
  C:\Windows\System\GiaxpNd.exe
  2⤵
  PID:8264
- C:\Windows\System\pYrfnzl.exe
  C:\Windows\System\pYrfnzl.exe
  2⤵
  PID:8380
- C:\Windows\System\fDWaRFp.exe
  C:\Windows\System\fDWaRFp.exe
  2⤵
  PID:8348
- C:\Windows\System\CPbCtST.exe
  C:\Windows\System\CPbCtST.exe
  2⤵
  PID:8452
- C:\Windows\System\APFLBNR.exe
  C:\Windows\System\APFLBNR.exe
  2⤵
  PID:8540
- C:\Windows\System\WaaEaAi.exe
  C:\Windows\System\WaaEaAi.exe
  2⤵
  PID:8632
- C:\Windows\System\jBxufLk.exe
  C:\Windows\System\jBxufLk.exe
  2⤵
  PID:8856
- C:\Windows\System\nJZRURP.exe
  C:\Windows\System\nJZRURP.exe
  2⤵
  PID:8944
- C:\Windows\System\VZLvkKO.exe
  C:\Windows\System\VZLvkKO.exe
  2⤵
  PID:8976
- C:\Windows\System\cZAAtrN.exe
  C:\Windows\System\cZAAtrN.exe
  2⤵
  PID:9096
- C:\Windows\System\SqNhqvg.exe
  C:\Windows\System\SqNhqvg.exe
  2⤵
  PID:9128
- C:\Windows\System\kYCnTSZ.exe
  C:\Windows\System\kYCnTSZ.exe
  2⤵
  PID:8588
- C:\Windows\System\OphuaJR.exe
  C:\Windows\System\OphuaJR.exe
  2⤵
  PID:8608
- C:\Windows\System\SgBiiSs.exe
  C:\Windows\System\SgBiiSs.exe
  2⤵
  PID:8012
- C:\Windows\System\efAjEPl.exe
  C:\Windows\System\efAjEPl.exe
  2⤵
  PID:8972
- C:\Windows\System\lnqsQhY.exe
  C:\Windows\System\lnqsQhY.exe
  2⤵
  PID:8328
- C:\Windows\System\AYAxvMd.exe
  C:\Windows\System\AYAxvMd.exe
  2⤵
  PID:8844
- C:\Windows\System\jrZuDeo.exe
  C:\Windows\System\jrZuDeo.exe
  2⤵
  PID:8688
- C:\Windows\System\OtaPslD.exe
  C:\Windows\System\OtaPslD.exe
  2⤵
  PID:9224
- C:\Windows\System\xVpEfhy.exe
  C:\Windows\System\xVpEfhy.exe
  2⤵
  PID:9240
- C:\Windows\System\BHOdcbG.exe
  C:\Windows\System\BHOdcbG.exe
  2⤵
  PID:9260
- C:\Windows\System\BADxRGV.exe
  C:\Windows\System\BADxRGV.exe
  2⤵
  PID:9276
- C:\Windows\System\XtCxDBP.exe
  C:\Windows\System\XtCxDBP.exe
  2⤵
  PID:9292
- C:\Windows\System\jpIaHlK.exe
  C:\Windows\System\jpIaHlK.exe
  2⤵
  PID:9308
- C:\Windows\System\XRbRcnK.exe
  C:\Windows\System\XRbRcnK.exe
  2⤵
  PID:9324
- C:\Windows\System\kwaNSep.exe
  C:\Windows\System\kwaNSep.exe
  2⤵
  PID:9340
- C:\Windows\System\fTqDDnn.exe
  C:\Windows\System\fTqDDnn.exe
  2⤵
  PID:9356
- C:\Windows\System\vLHKTBC.exe
  C:\Windows\System\vLHKTBC.exe
  2⤵
  PID:9372
- C:\Windows\System\ucScYhk.exe
  C:\Windows\System\ucScYhk.exe
  2⤵
  PID:9388
- C:\Windows\System\McZlrKv.exe
  C:\Windows\System\McZlrKv.exe
  2⤵
  PID:9404
- C:\Windows\System\yUkhiXR.exe
  C:\Windows\System\yUkhiXR.exe
  2⤵
  PID:9420
- C:\Windows\System\eaUsEZR.exe
  C:\Windows\System\eaUsEZR.exe
  2⤵
  PID:9436
- C:\Windows\System\mWQFEiq.exe
  C:\Windows\System\mWQFEiq.exe
  2⤵
  PID:9452
- C:\Windows\System\WTJHrNE.exe
  C:\Windows\System\WTJHrNE.exe
  2⤵
  PID:9468
- C:\Windows\System\JBTAMqo.exe
  C:\Windows\System\JBTAMqo.exe
  2⤵
  PID:9484
- C:\Windows\System\whrrHAG.exe
  C:\Windows\System\whrrHAG.exe
  2⤵
  PID:9500
- C:\Windows\System\WBYCrNN.exe
  C:\Windows\System\WBYCrNN.exe
  2⤵
  PID:9516
- C:\Windows\System\klbmkei.exe
  C:\Windows\System\klbmkei.exe
  2⤵
  PID:9532
- C:\Windows\System\hxxkcpE.exe
  C:\Windows\System\hxxkcpE.exe
  2⤵
  PID:9548
- C:\Windows\System\UgOyxwh.exe
  C:\Windows\System\UgOyxwh.exe
  2⤵
  PID:9564
- C:\Windows\System\HviUyCe.exe
  C:\Windows\System\HviUyCe.exe
  2⤵
  PID:9580
- C:\Windows\System\bOclnpO.exe
  C:\Windows\System\bOclnpO.exe
  2⤵
  PID:9596
- C:\Windows\System\ZKbFxec.exe
  C:\Windows\System\ZKbFxec.exe
  2⤵
  PID:9612
- C:\Windows\System\XRuRmbG.exe
  C:\Windows\System\XRuRmbG.exe
  2⤵
  PID:9628
- C:\Windows\System\xcezbAD.exe
  C:\Windows\System\xcezbAD.exe
  2⤵
  PID:9644
- C:\Windows\System\rqhxQYv.exe
  C:\Windows\System\rqhxQYv.exe
  2⤵
  PID:9660
- C:\Windows\System\zOeEDwZ.exe
  C:\Windows\System\zOeEDwZ.exe
  2⤵
  PID:9676
- C:\Windows\System\HjQFNEg.exe
  C:\Windows\System\HjQFNEg.exe
  2⤵
  PID:9696
- C:\Windows\System\wMyToun.exe
  C:\Windows\System\wMyToun.exe
  2⤵
  PID:9712
- C:\Windows\System\xmusesl.exe
  C:\Windows\System\xmusesl.exe
  2⤵
  PID:9728
- C:\Windows\System\rnFgljT.exe
  C:\Windows\System\rnFgljT.exe
  2⤵
  PID:9744
- C:\Windows\System\eUErJYd.exe
  C:\Windows\System\eUErJYd.exe
  2⤵
  PID:9760
- C:\Windows\System\hClethp.exe
  C:\Windows\System\hClethp.exe
  2⤵
  PID:9776
- C:\Windows\System\uddkdYE.exe
  C:\Windows\System\uddkdYE.exe
  2⤵
  PID:9792
- C:\Windows\System\PnCDReT.exe
  C:\Windows\System\PnCDReT.exe
  2⤵
  PID:9808
- C:\Windows\System\AmxNzKz.exe
  C:\Windows\System\AmxNzKz.exe
  2⤵
  PID:9824
- C:\Windows\System\SrtfTFe.exe
  C:\Windows\System\SrtfTFe.exe
  2⤵
  PID:9840
- C:\Windows\System\etABVSz.exe
  C:\Windows\System\etABVSz.exe
  2⤵
  PID:9856
- C:\Windows\System\CCghNxm.exe
  C:\Windows\System\CCghNxm.exe
  2⤵
  PID:9872
- C:\Windows\System\usTWFbo.exe
  C:\Windows\System\usTWFbo.exe
  2⤵
  PID:9888
- C:\Windows\System\JzfhBti.exe
  C:\Windows\System\JzfhBti.exe
  2⤵
  PID:9904
- C:\Windows\System\wnZPrCn.exe
  C:\Windows\System\wnZPrCn.exe
  2⤵
  PID:9920
- C:\Windows\System\zTNVlls.exe
  C:\Windows\System\zTNVlls.exe
  2⤵
  PID:9936
- C:\Windows\System\xuxpYAo.exe
  C:\Windows\System\xuxpYAo.exe
  2⤵
  PID:9952
- C:\Windows\System\iPwOpSz.exe
  C:\Windows\System\iPwOpSz.exe
  2⤵
  PID:9968
- C:\Windows\System\taKZGdi.exe
  C:\Windows\System\taKZGdi.exe
  2⤵
  PID:9984
- C:\Windows\System\wBugdoh.exe
  C:\Windows\System\wBugdoh.exe
  2⤵
  PID:10000
- C:\Windows\System\fbIXRvj.exe
  C:\Windows\System\fbIXRvj.exe
  2⤵
  PID:10016
- C:\Windows\System\IDbRZix.exe
  C:\Windows\System\IDbRZix.exe
  2⤵
  PID:10032
- C:\Windows\System\pShmuwC.exe
  C:\Windows\System\pShmuwC.exe
  2⤵
  PID:10048
- C:\Windows\System\PRIaDZP.exe
  C:\Windows\System\PRIaDZP.exe
  2⤵
  PID:10064
- C:\Windows\System\RqBujTi.exe
  C:\Windows\System\RqBujTi.exe
  2⤵
  PID:10080
- C:\Windows\System\mfwubSb.exe
  C:\Windows\System\mfwubSb.exe
  2⤵
  PID:10096
- C:\Windows\System\erIJYmU.exe
  C:\Windows\System\erIJYmU.exe
  2⤵
  PID:10112
- C:\Windows\System\LvCFUgl.exe
  C:\Windows\System\LvCFUgl.exe
  2⤵
  PID:10128
- C:\Windows\System\VBVexEM.exe
  C:\Windows\System\VBVexEM.exe
  2⤵
  PID:10148
- C:\Windows\System\nkUQIai.exe
  C:\Windows\System\nkUQIai.exe
  2⤵
  PID:10164
- C:\Windows\System\zjKonbJ.exe
  C:\Windows\System\zjKonbJ.exe
  2⤵
  PID:10180
- C:\Windows\System\JxJpiTv.exe
  C:\Windows\System\JxJpiTv.exe
  2⤵
  PID:10196
- C:\Windows\System\pJbXmal.exe
  C:\Windows\System\pJbXmal.exe
  2⤵
  PID:10212
- C:\Windows\System\WitnRGm.exe
  C:\Windows\System\WitnRGm.exe
  2⤵
  PID:10228
- C:\Windows\System\zlQMpSR.exe
  C:\Windows\System\zlQMpSR.exe
  2⤵
  PID:8500
- C:\Windows\System\XAEWAkk.exe
  C:\Windows\System\XAEWAkk.exe
  2⤵
  PID:1780
- C:\Windows\System\dkKhCKf.exe
  C:\Windows\System\dkKhCKf.exe
  2⤵
  PID:9288
- C:\Windows\System\NUBBoYz.exe
  C:\Windows\System\NUBBoYz.exe
  2⤵
  PID:9272
- C:\Windows\System\sXMPSAn.exe
  C:\Windows\System\sXMPSAn.exe
  2⤵
  PID:9304
- C:\Windows\System\HQrsnQQ.exe
  C:\Windows\System\HQrsnQQ.exe
  2⤵
  PID:9332
- C:\Windows\System\ZLFszmm.exe
  C:\Windows\System\ZLFszmm.exe
  2⤵
  PID:9380
- C:\Windows\System\Xtoyqps.exe
  C:\Windows\System\Xtoyqps.exe
  2⤵
  PID:9400
- C:\Windows\System\xcLXFGd.exe
  C:\Windows\System\xcLXFGd.exe
  2⤵
  PID:9476
- C:\Windows\System\zcgDsSA.exe
  C:\Windows\System\zcgDsSA.exe
  2⤵
  PID:9460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\GmnGVWF.exe

Filesize
6.0MB

MD5
342c6ef36d76eb9c11deed770366d2dc

SHA1
72a286c4d3524e645c75acd0bd0eb34dc2dad49e

SHA256
eb16d8a2c65cba2e4fcc5a63230d4f6947635b9fee87537719c78783f091d402

SHA512
9d7dc87982467a20e8f7aacd7ac8af01cc9a03ca1a7fc507402ce8046c9946ca5a7020dd70d2ecdaeddcb94b22187c8b3ee695303a26809101bf2126d9589dc0

Download Submit
C:\Windows\system\IJjnylx.exe

Filesize
6.0MB

MD5
bf2589eb68be5e13728c5dccabf4f62f

SHA1
25cc329859d198a0659fea0e092ca1920b7b06ec

SHA256
cedb5e5592ed6addc5e5a2d17c058acbd8924e1fb21eb89f99bcd8dc2b7ad537

SHA512
ea4db6d58904865f8622fbcd73057548069f626610f0917619f66acd402c6a1cf484dbaa7980e245c2b03056f4fe9f3fe6b6757b8158471d0304cbb9966f011d

Download Submit
C:\Windows\system\IrVmVGx.exe

Filesize
6.0MB

MD5
29e1072438d033ce3da66630b7f51161

SHA1
48a9768c20bf72eac4fd5d6991f0a9e1ecc3f580

SHA256
6f4ca6d4146cb3b3f450b3dd0b053a8da5e127345e32443f4128331b10adaeea

SHA512
d001a7b0c054de2e1e5d6802dc6831ef719e9b0388d2bbd83f2c80de872f623ddb3d0409b1928a9fa5e4143f14f6d14949fcfe755af8346c60f4a065549e4966

Download Submit
C:\Windows\system\ROzuydU.exe

Filesize
6.0MB

MD5
12ba6bea3a1046b51a8c333239e62c12

SHA1
f5ac4760d3ff33e7fa5c0328cba3c98e81214634

SHA256
4d9a0ebfd55a5013f509201ce01fc4655f1720b7b3c091b67de17b2543a50ecd

SHA512
1a44ee428d288c81a33c949d7a8bace35d504bed3bc2ed0b6c1723ffb70f01d2b3a78b6435ff877e54bc32e472c0b217cffe79b7507566d98fa6b9f97ab8fd4c

Download Submit
C:\Windows\system\SWRqEMR.exe

Filesize
6.0MB

MD5
503d770faf59f03313b4f3395ceed57a

SHA1
ab2816e53ccb01978ed9fb760ed99a1e817ccfff

SHA256
15eabb6ec24cccf082caaa6bb519758312ffe6a6eaf0f96372f216868551b686

SHA512
fef4600453f3b3a2859379ce961e98e4e54527f84c3bcc0633fc464b3eff00db17df97dcda63229fb2e81a8054f613a70c2222fd2fe43df1aaaec9c2ea87a654

Download Submit
C:\Windows\system\aXxzHqG.exe

Filesize
6.0MB

MD5
f5667f264b66ae8a44b293a700278286

SHA1
e4c4bda6546098d90689c2f92e5148abfa0e4dbb

SHA256
2d8651a77121416a3e1e8bcd9955fe01917ac0743b4490c5abfa9cac838e199a

SHA512
3a643aa7a1b4d20fa7f628c7b4b9a4f78bfc39266d203ca0c3bdfd716815a24f9e2bc3fd2a60d82fadecbc8d31bbd4a3f7b09a0740d136b5b40106a0476589cd

Download Submit
C:\Windows\system\cwzivpq.exe

Filesize
6.0MB

MD5
d6a1f834b71ae6a85c19419a3f7029d2

SHA1
2f1a94a9e2aa4e18c85b30546b98767f493a9192

SHA256
15528fb52de29843c35f7a80331a9e5f87068469817faaf83401dba73d9dd002

SHA512
2815bc2863af86cedcc616aff6161f54c674844e876d1a0ff1b77f333a23cf277cef07d3861c9759ddcef2e002a28cf3111c12700485ab44beb26d6f98cd3bd5

Download Submit
C:\Windows\system\hPWgHej.exe

Filesize
6.0MB

MD5
05761aecb246bfbd87d090b1552669fa

SHA1
f7b28ad5ca1ede42369ec9787125ff0fd6e95e0d

SHA256
1e171cc3ebe5065e4118eec9a300b90f6043b0c416cf84ada6a670ab7d29397e

SHA512
b66f21697c15b85999ea3a5dc9031a82e9da7ca8b3bee999283f3b6d724eb0ecca327652d958edaa402b971ed948bb2ec93e590f722ec5cf668fc46446813685

Download Submit
C:\Windows\system\ptvtWPr.exe

Filesize
6.0MB

MD5
37b8abadfbc03c2f750ebca78e94681f

SHA1
dc2924fe3a9b5db0756c2c6d8a8aa11a55576012

SHA256
ec7e2ef1cc25c20008843104b9a97d5d97e355e3be9cddd08614398634cde031

SHA512
b6b4fc21410011ca59b1a003e1eee97ae05a6a1ce4641218578a4554f06458532585c2df3c3869ef8687d93ebbf17d1319088333ac293b5565e4372130c85794

Download Submit
C:\Windows\system\wEfdhpa.exe

Filesize
6.0MB

MD5
d51a83afa4a96e85c2dd94a70afbe01e

SHA1
352b1b0b18c33473967112b45485d29095547513

SHA256
281632ce30953b9d316c6dbc606a72699516f8fe226d7ecb56e1815da79f4f33

SHA512
777d6d84f25c06581c980a6a82dbcfc128c29d81a16ffbd52d3082ccee640d2a9c54412436e9d77fa6297a8300e1e425848f1b1e5a0ac80776b69744ac36a33f

Download Submit
C:\Windows\system\wKkKLrO.exe

Filesize
6.0MB

MD5
e46da5fefccab2ba0c6c0d62c0da9d0b

SHA1
14ffa536e626a13521d739e3dca3d2cb7fc61a10

SHA256
548789011b418f42695c55fce21ac96b2cae057dff6b4ae78b699205c5855428

SHA512
946df581f83f67ae452d0c0992db24fc09c731ac720a1162d0e1ba8bc5c97ddafd3033f4cc3ae665adc81648e631e7be632a45fa88115e9a026c5fbac4e84e41

Download Submit
C:\Windows\system\xVOAXZL.exe

Filesize
6.0MB

MD5
d81e23df3f04353346734f9ce4afd506

SHA1
3cdde3d02260f1974ee5ad64fb7a42b2127e1de0

SHA256
737d10af4adec8d6ba3f1de24638ae92990effc41b9e3eb4e38bbc696e18c587

SHA512
7a159cb7df8c001dae47ecd40898357a5d1307ae59a48398c6045452d83fe1f674939a2616c972efda65174efa11cd0a180e7f6dd3b3d4cd6f0f8b610d1df569

Download Submit
\Windows\system\BlrNEoi.exe

Filesize
6.0MB

MD5
96e3ab7720f8cbc07fcbb3520dbb42e9

SHA1
3c81e364b2fcc3d192682b9a1990ea31c2affbcb

SHA256
1d3dbe2ffbae95ebef02a87ba656d0a2eaec6dd92eec29e33c5f3bd07661cf1f

SHA512
93ddcee6a8b87a388b7df009205b28e0b6fa840fedbb2375965200c20830adbd4ec4053f713e851343c777b2a396566fb5bb21f0d1011b9099bb945da367257c

Download Submit
\Windows\system\CdxkmKg.exe

Filesize
6.0MB

MD5
fefa314dd09426d96a3a23d5624dff60

SHA1
3c2a8155d3d31e3a1767b9648d2488575e7e8eed

SHA256
202cdd37d0e3f4dc37683c2f7ae79bad7cd9a2239b58e315ad8f4fb1860ca942

SHA512
555b79ee184724e44c6f09028d0b123c4e43d2a9ccb738bc2b53b52d25e111841c6a4b38fc60b146a6f9305dad7880b5791ba1cef7132a9a6682dbbecd27885f

Download Submit
\Windows\system\EDOYFdk.exe

Filesize
6.0MB

MD5
2e439b4dbd9e6c2022f66b0a4da2c05b

SHA1
25b910226fc98dab550e6dd4c7c333d4dc089e64

SHA256
3708d0feac689a9461ba5654e0d13626ea34755fbd97fa5e1e73bd8ca6e2e1e7

SHA512
f0803e5a0c2ef1f8ce6adfcb36403572c2d21cf492c7aa8c116f93c5c4289e25f65da7f6b8abee202c833175011e2cae811fcd4ab84a9afc2fbf581c1b86b99f

Download Submit
\Windows\system\EEriJZa.exe

Filesize
6.0MB

MD5
4e772f0500d0c3adb1be5dec832354c8

SHA1
bcb6f3f0cb5eb36fd3a5fa455aff59a06c3d1abc

SHA256
d9b798baedf77834d6ac1bb46a4d79bed169ee9975adc76210590051d53847f8

SHA512
03670b50b7f62ed6864489b961ab8f661c7bb3a57f655962d2f744929cd1bf1a02f37407a7e2fa36326f54ed237068dd42da73706fa18412c437ab5b8577e252

Download Submit
\Windows\system\EoHYnpY.exe

Filesize
6.0MB

MD5
61edc1562422141bbbd3bd56306f9810

SHA1
7a4811fdb63d42fe9458234c8844bdaad925dd4c

SHA256
36b2b6c579221427437039bc1afa5eb73cf5545c2f043fb2025fb01333f2452c

SHA512
53c63879f4e121d352129ee4cdc30af7faf7301156ec2785357b8bfda9bc4913930b0918e3e1bc58270d1f6e692b9f9e63332e554064d5cff7c1e346f9440bd4

Download Submit
\Windows\system\GTDELBf.exe

Filesize
6.0MB

MD5
18aa687c2d6e7421ea740d773c1cb3cd

SHA1
763b0052a1e084aeca744bd8e3c5984599fae2d7

SHA256
0801a4d675c1dd5cfd739c409307be0f69c9c049744677886c7047d3831234d6

SHA512
c77654dd744c1ddc1c37fdbc30191194de5fd274cb38a6d34dd02d5ad186cb137ebbdc8d32d2a7de363545aba88ee03b4388f0379d8c9fa3edcd69543a8f26b2

Download Submit
\Windows\system\HHucLcP.exe

Filesize
6.0MB

MD5
1a4b9f3776cc588eae2fa690ddf37131

SHA1
f57d7fbeb105de71d816f9b956d81f2ea843da06

SHA256
c8bf0507fba7f2a05bed46bb371e1554980b3006f07e058cd9c12b465d470701

SHA512
8170fe6b14b0d9c9b56a4f5d0c5b5b8ec66c910b2e51a67fb2673974ce409bd4b0a782087af8c58d9e368f09d4df419f7f193bd37b4d268affbe7b3dff5b19d0

Download Submit
\Windows\system\MBBJwKG.exe

Filesize
6.0MB

MD5
219913fd61312e62283f1f77106c1394

SHA1
7984d46901dce4c650d50dcc3d1c306ea431eea3

SHA256
82ea2c0bf2c0f99864f40d34483daf051e81c85d9acadf70599422e90a1c95ff

SHA512
cc73645891b19ef0cae4cfb8bd2facb58697c1f0aefeeb01208090778bb27ba01022164b11c33441ff5901c4678cdd5c9e69c150bc1b56d07da89cb66be0edf4

Download Submit
\Windows\system\OVyKEbx.exe

Filesize
6.0MB

MD5
9bb27ac30c617daf9b60c0847168857a

SHA1
c9f2e67fb37324d3c7b656d95710ae370409cf3d

SHA256
6c6ac770bbbbb9014abcd45b5f4a06fad060d745724031a448e0f13c62b15724

SHA512
63437e7ccf81057a85e7cc257c877c010ec24baf281c2b22e97ad38a480d55c3db7524ed352fd031c5fa73b1d5c24920c654c788eaee16e7c8d5cb71f9cde2f8

Download Submit
\Windows\system\PYVUwtT.exe

Filesize
6.0MB

MD5
716e5e53378325734cd7c921c282b3b9

SHA1
1c51c54289f292b81d56b7dab70bb3019af08ef1

SHA256
76e52c673ffe9a58156ac61af64a586ee833974f83a7d098e65b65d126cfea21

SHA512
a2ea5fb2ac9ea29869fa24016c88531cdd2abd627a0f49d1b30211a2f9854d17e0941aa02f92d86f3731b56fc66ea520583f6867a0a427ec5679a98e16fe4dfc

Download Submit
\Windows\system\UwGgMaW.exe

Filesize
6.0MB

MD5
d305110235e6f0bd6cc666d040a2a6bc

SHA1
f634ecbea85ef7d73caf712f3a40cc80f08551de

SHA256
8664cd5627f7fa793ae45c3254ea2b7635a2d63061c59c53488d37ca45eb3562

SHA512
c49572f0e1b88e05d0d3cf2b5185a1240752c871e9645ad208454b2d5a5709d0bd9b70c7ba083133e9aaf0282cb6cd8e973f0eb4944ebbaf8310cd25f12c883e

Download Submit
\Windows\system\WaETOIK.exe

Filesize
6.0MB

MD5
e47bfbffce8c514e318c11215e0a285a

SHA1
c4e47703100d5d3e44d8e2efadfb730e99fa52a3

SHA256
cfa72318c5f83d1c79b632ac547b07046362ab8c8a53bcd658f488309cd3f0dc

SHA512
5c6f60232767d8a611517016c2a9043162d2725855b3e91f8c5e56f3ed65486d85879186345b759a5572b58b48bf6899fa5ccdae7af89f119538948682e36f0e

Download Submit
\Windows\system\WkPIMVU.exe

Filesize
6.0MB

MD5
72ed4bdec27bfa43da63179e84a45ecb

SHA1
c9c4e04154d6d5215cd64c6d76fc210d74a446ed

SHA256
f9667804d84d87bbbaa12ad9e61411e7cf665791aa337be7c6b690a6b7eee0e9

SHA512
5092ae111b74dacc0d533a550ef268df74c2db67d80ad03a1f9353bc57a4d6b6394b8546e26aa97b35ea6053775b2d6fcf31d2832f9a3985e8feeb22316b30da

Download Submit
\Windows\system\aDAvFyq.exe

Filesize
6.0MB

MD5
1b199f5b8c1ca1aef517de28af2a8e4c

SHA1
4ce29912e36df64e76e5ff316938c78b5a6feec0

SHA256
9367e8b93a50b013b9661c647cafdcc4caf6cf11022d883f3a1f7969465563b4

SHA512
b58ee01a499fea056af99125aa8ca4987a753bca4db4a4c97d7e48d1667c465beffd27c42132d52776e12b4f33e60653d5d2741778257afe454d2343aa5831fb

Download Submit
\Windows\system\boosBmL.exe

Filesize
6.0MB

MD5
47e8d90d1e185f29f3e0355b839c8aed

SHA1
d102208d7be7230390751eb7f76124a9b509fa7c

SHA256
5a82a6f84ad0538f97aec4be8aaf42b77fffefa3d88b22ac41531a4eeefb869c

SHA512
25eeed4f740e908de50d97e934f85e246271100558262a31ee56875abf45097d152c8b01ad4f9523165cc44c9670373dfe4300812906dddc8313eb04600b740c

Download Submit
\Windows\system\dYoAeaf.exe

Filesize
6.0MB

MD5
d729edc40f73f82ff785e4ca27d5a65a

SHA1
00cce26530a33e991f857f0464499de09948168a

SHA256
037d6c106ae068250a0ace506cd590d72dd45d54b2730852274bd5054a39c892

SHA512
262a0d41e4bd168dff0fe0d34ed07e3743ee09b6125b38a26c85ef345676595f2dea425ea6013603180f3e9473eba409cd80efd09ba78b27d2e05ee1a6850f54

Download Submit
\Windows\system\efoOVWg.exe

Filesize
6.0MB

MD5
edb6a87812a68ea65bee80f96f3e6fe5

SHA1
de2bc32e35b5412b406ac2cbc58023329f7af582

SHA256
62d1cbc18d9466b74cfd7e40200a7ecf6973b127859d5cdb578c2ef299504622

SHA512
2538428f3cb6665bf715b05a6b7eaac689b00d6ff3e506a253e1c03ed143be05fde210674fb7922e12db2dd35083bbb629d7269dbbef33814939619f799a3e1a

Download Submit
\Windows\system\rJgJzNM.exe

Filesize
6.0MB

MD5
a3a2513c678ddc473ea72d482c91acf0

SHA1
42d565892fe85033a59d700ce8c38fb121c46226

SHA256
c90664b0ba18e4bfe9587ecc1041d8ad45b9c8b1dac58272f03a8d6a16e13b90

SHA512
b6e3f049bdc67d4a89dc3b84e51ce8df2504c41442278da0a2f025545e2d5bbf87784e95df8608c77e3a12aca584e7574142842c01f1838415aa72b3d887d686

Download Submit
\Windows\system\wBQycZZ.exe

Filesize
6.0MB

MD5
878e5eac4490cc753732877b3b6af308

SHA1
9b1d565ba77ad7d79b3d10316a473a0dda609aac

SHA256
c053df41f405b9def96a0a5cfc9099eb6612a9e2ee579be3d5afda7ae5591f88

SHA512
cd5620462cc0ca1d0b4d0497a5723165e339c88a00e4519bc12b8c794c278b322e32e53e3d3a09623efa45bdbc851b33df73dc51b1ed94ea51488b4d1cb5d01f

Download Submit
\Windows\system\zqNjwLy.exe

Filesize
6.0MB

MD5
a728cfe23f34155339868b61f4257c78

SHA1
1e6654adc698c4e992e59ee614e4b2a77b7e137a

SHA256
daa93e35ccc7f1ede34d3fc0c773c4b183044d386cb0bea833c1bd2cdf6774b1

SHA512
98adb323d398e4fa5d61f59726e37d319b6d025867af51040222c913107042bb0a8a7fc57fbe947738fe7753fc0decd88a9d855b718104aefbb98b7a72130f1a

Download Submit
memory/568-48-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/568-355-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/568-28-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/1044-102-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/1044-818-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/1044-81-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/1336-63-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1336-751-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1472-823-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/1472-88-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/1472-103-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/1928-1366-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1928-118-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1996-74-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1996-101-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1996-798-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2396-8-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2396-38-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2396-329-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2488-0-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2488-100-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2488-32-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2488-172-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-110-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-42-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-123-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2488-34-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2488-69-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2488-19-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2488-26-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-89-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2488-90-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-77-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2488-4-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2488-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2700-96-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-890-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-120-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-420-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-61-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-43-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-35-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-52-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-424-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-804-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-67-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-99-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-756-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-65-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-95-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-349-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2876-47-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2876-23-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2900-46-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2900-330-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2900-15-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download