cobaltstrike | d345cdded2262156954dd67ecb768c94b7d2842f1f08286195fd231eb7c2871f

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 01:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

d065fa6e864310e54f64849709302285
SHA1

a15d0895216f1877dd498a443682141bcfd2e6cd
SHA256

d345cdded2262156954dd67ecb768c94b7d2842f1f08286195fd231eb7c2871f
SHA512

f4f7fb6c7be25836b4bfe5139cf87ae9bc48af8f540e9c0931c4f50e20f52a82de45f395f53e0ee2b544f746aec0aa1a5358e19403bebff5b234e3e49d98aaa1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUA:T+q56utgpPF8u/7A

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x000a00000001225d-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015686-13.dat	cobalt_reflective_dll
behavioral1/files/0x0018000000015682-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015694-24.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000156b5-31.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015c0d-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ccc-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015ed2-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016009-73.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001659b-93.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ac1-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c8c-113.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ce1-154.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016da7-141.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4f-134.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d36-127.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016db5-146.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d58-140.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d47-132.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d0d-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c95-117.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c73-109.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001686c-101.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016645-97.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000164db-89.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016334-85.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016210-81.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001613e-77.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015f96-69.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015e64-61.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cfa-57.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015ce1-54.dat	cobalt_reflective_dll
behavioral1/files/0x00290000000150a7-45.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2964-0-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/files/0x000a00000001225d-6.dat	xmrig
behavioral1/files/0x0008000000015686-13.dat	xmrig
behavioral1/files/0x0018000000015682-12.dat	xmrig
behavioral1/files/0x0008000000015694-24.dat	xmrig
behavioral1/memory/2704-27-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x00070000000156b5-31.dat	xmrig
behavioral1/memory/2788-30-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2964-29-0x0000000002490000-0x00000000027E4000-memory.dmp	xmrig
behavioral1/memory/2812-28-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/1536-21-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2832-37-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015c0d-38.dat	xmrig
behavioral1/files/0x0007000000015ccc-50.dat	xmrig
behavioral1/files/0x0006000000015ed2-65.dat	xmrig
behavioral1/files/0x0006000000016009-73.dat	xmrig
behavioral1/files/0x000600000001659b-93.dat	xmrig
behavioral1/files/0x0006000000016ac1-105.dat	xmrig
behavioral1/files/0x0006000000016c8c-113.dat	xmrig
behavioral1/files/0x0006000000016ce1-154.dat	xmrig
behavioral1/memory/2580-491-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/3024-551-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2964-1080-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/644-592-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2732-580-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2632-513-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/files/0x0006000000016da7-141.dat	xmrig
behavioral1/files/0x0006000000016d4f-134.dat	xmrig
behavioral1/files/0x0006000000016d36-127.dat	xmrig
behavioral1/memory/2964-153-0x0000000002490000-0x00000000027E4000-memory.dmp	xmrig
behavioral1/memory/2616-152-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2696-150-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2816-149-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2828-148-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/files/0x0006000000016db5-146.dat	xmrig
behavioral1/files/0x0006000000016d58-140.dat	xmrig
behavioral1/files/0x0006000000016d47-132.dat	xmrig
behavioral1/files/0x0006000000016d0d-125.dat	xmrig
behavioral1/files/0x0006000000016c95-117.dat	xmrig
behavioral1/files/0x0006000000016c73-109.dat	xmrig
behavioral1/files/0x000600000001686c-101.dat	xmrig
behavioral1/files/0x0006000000016645-97.dat	xmrig
behavioral1/files/0x00060000000164db-89.dat	xmrig
behavioral1/files/0x0006000000016334-85.dat	xmrig
behavioral1/files/0x0006000000016210-81.dat	xmrig
behavioral1/files/0x000600000001613e-77.dat	xmrig
behavioral1/files/0x0006000000015f96-69.dat	xmrig
behavioral1/files/0x0006000000015e64-61.dat	xmrig
behavioral1/files/0x0008000000015cfa-57.dat	xmrig
behavioral1/files/0x0009000000015ce1-54.dat	xmrig
behavioral1/files/0x00290000000150a7-45.dat	xmrig
behavioral1/memory/2964-39-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2616-2801-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2580-2811-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2696-2798-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2828-2791-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2828-3249-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2816-3250-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2696-3253-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2732-3257-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/3024-3261-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2812-3288-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/1536-3287-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2832-3286-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

bHEyLgW.exeCcPxgsp.exeZkhtRLK.exeecQNhDV.exeZkWrqGY.exeSLeHtNf.exehMAPweC.exenHynrMv.exezVOkGVQ.exehYXiMdo.exekEmkDPT.exeXxsjMcf.exekXlFMKw.exeTBiyBCK.exeWAdkkMj.exeUEhaEXc.exewGyUMkS.exeBQKhWpQ.exesvImIHZ.exeVdxQVSS.exeAPzkHZX.exevVsDnVi.exeIaGfNNy.exeWpsEZYA.exekDitHBV.exerlgHeIO.exedRiOdhn.exewMzORsy.exefoDpBjE.exeFgLmPDM.exexNHtldk.exeaKRbGln.exegcCqiIt.exebyoMjIi.exeVbMZVpq.exexkOgYaS.exezdjLnpX.exeqZsaxSU.exeDljgIap.exeLAeIkyP.exeyeYZzdO.exeuQgRxKJ.exeLWwHBrZ.exefjjTvKL.exeVTTUKrT.exeDoGAxRE.exesNMwFMn.exeJFNjkUV.exesrmUZZS.exeFctVwlt.exeUxmTMuB.exedOBcdIr.exetTyRTZZ.exesmGLzcr.exehnwqfiz.exeOPzSQOT.exeelVHuAM.exeHidGZZL.exeUSCfxpC.exekfDaSxR.exeljrOWWC.exevDDEpZA.exendODRmo.exeYXkpPHW.exe

pid	Process
2812	bHEyLgW.exe
1536	CcPxgsp.exe
2704	ZkhtRLK.exe
2788	ecQNhDV.exe
2832	ZkWrqGY.exe
2828	SLeHtNf.exe
2816	hMAPweC.exe
2696	nHynrMv.exe
2616	zVOkGVQ.exe
2580	hYXiMdo.exe
2632	kEmkDPT.exe
3024	XxsjMcf.exe
2732	kXlFMKw.exe
644	TBiyBCK.exe
2396	WAdkkMj.exe
2956	UEhaEXc.exe
3012	wGyUMkS.exe
2176	BQKhWpQ.exe
2464	svImIHZ.exe
1660	VdxQVSS.exe
2012	APzkHZX.exe
2032	vVsDnVi.exe
1244	IaGfNNy.exe
1624	WpsEZYA.exe
1740	kDitHBV.exe
1480	rlgHeIO.exe
572	dRiOdhn.exe
1628	wMzORsy.exe
1508	foDpBjE.exe
1796	FgLmPDM.exe
480	xNHtldk.exe
2924	aKRbGln.exe
1736	gcCqiIt.exe
1572	byoMjIi.exe
1632	VbMZVpq.exe
2428	xkOgYaS.exe
1552	zdjLnpX.exe
1348	qZsaxSU.exe
1780	DljgIap.exe
2528	LAeIkyP.exe
1540	yeYZzdO.exe
744	uQgRxKJ.exe
928	LWwHBrZ.exe
776	fjjTvKL.exe
980	VTTUKrT.exe
2340	DoGAxRE.exe
2100	sNMwFMn.exe
1488	JFNjkUV.exe
2248	srmUZZS.exe
2936	FctVwlt.exe
1512	UxmTMuB.exe
2336	dOBcdIr.exe
2640	tTyRTZZ.exe
1608	smGLzcr.exe
1612	hnwqfiz.exe
2436	OPzSQOT.exe
2756	elVHuAM.exe
2712	HidGZZL.exe
2792	USCfxpC.exe
2564	kfDaSxR.exe
2972	ljrOWWC.exe
2576	vDDEpZA.exe
2996	ndODRmo.exe
2400	YXkpPHW.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2964-0-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/files/0x000a00000001225d-6.dat	upx
behavioral1/files/0x0008000000015686-13.dat	upx
behavioral1/files/0x0018000000015682-12.dat	upx
behavioral1/files/0x0008000000015694-24.dat	upx
behavioral1/memory/2704-27-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x00070000000156b5-31.dat	upx
behavioral1/memory/2788-30-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2812-28-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/1536-21-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2832-37-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/files/0x0007000000015c0d-38.dat	upx
behavioral1/files/0x0007000000015ccc-50.dat	upx
behavioral1/files/0x0006000000015ed2-65.dat	upx
behavioral1/files/0x0006000000016009-73.dat	upx
behavioral1/files/0x000600000001659b-93.dat	upx
behavioral1/files/0x0006000000016ac1-105.dat	upx
behavioral1/files/0x0006000000016c8c-113.dat	upx
behavioral1/files/0x0006000000016ce1-154.dat	upx
behavioral1/memory/2580-491-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/3024-551-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2964-1080-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/644-592-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2732-580-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2632-513-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/files/0x0006000000016da7-141.dat	upx
behavioral1/files/0x0006000000016d4f-134.dat	upx
behavioral1/files/0x0006000000016d36-127.dat	upx
behavioral1/memory/2616-152-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2696-150-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2816-149-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2828-148-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/files/0x0006000000016db5-146.dat	upx
behavioral1/files/0x0006000000016d58-140.dat	upx
behavioral1/files/0x0006000000016d47-132.dat	upx
behavioral1/files/0x0006000000016d0d-125.dat	upx
behavioral1/files/0x0006000000016c95-117.dat	upx
behavioral1/files/0x0006000000016c73-109.dat	upx
behavioral1/files/0x000600000001686c-101.dat	upx
behavioral1/files/0x0006000000016645-97.dat	upx
behavioral1/files/0x00060000000164db-89.dat	upx
behavioral1/files/0x0006000000016334-85.dat	upx
behavioral1/files/0x0006000000016210-81.dat	upx
behavioral1/files/0x000600000001613e-77.dat	upx
behavioral1/files/0x0006000000015f96-69.dat	upx
behavioral1/files/0x0006000000015e64-61.dat	upx
behavioral1/files/0x0008000000015cfa-57.dat	upx
behavioral1/files/0x0009000000015ce1-54.dat	upx
behavioral1/files/0x00290000000150a7-45.dat	upx
behavioral1/memory/2616-2801-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2580-2811-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2696-2798-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2828-2791-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2828-3249-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2816-3250-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2696-3253-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2732-3257-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/3024-3261-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2812-3288-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/1536-3287-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2832-3286-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2788-3285-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2704-3258-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/644-3256-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\FjYWgJX.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IIunViz.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nNmPVsQ.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cIcaKmN.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UgFusaU.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nSjvdYZ.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZRVoSvW.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KgsJDHv.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqqvVcP.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iVeZDXO.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DufKfdD.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KCsYvPc.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wOExldT.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iCzSgVy.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cuWhTIb.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XNhHBRb.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JGIPZND.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GMNNfBE.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTaNgYX.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dpwYGZX.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JLeDnAT.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jbAhIKh.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eykshjs.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yxtuYuc.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BZdBmFx.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WVMFpfC.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sgoLqax.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BjJIUnt.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGRlYiq.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sXOlMUO.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rQQeJVk.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aRgAZcJ.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YVadoag.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oZITsfe.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZYqCsEz.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhopXvo.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ETyUumC.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SkVYtkO.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vVsDnVi.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNYfMEg.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BInxnPp.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\clOeXso.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZpdjDFU.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FOAMTTZ.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KBRoWrb.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXMaNTW.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WORNGgh.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\URGniRc.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IkyQZZG.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KSqfsgh.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fhBplSY.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sPoTLsp.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gNjWTUG.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UbcaqLr.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CWyFSSx.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cNezfgE.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cwXwWtp.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjwBBOV.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXEjHpT.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OuHgyog.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CQzvYPF.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hSdXQmA.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AIKIzvT.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UqAzJfq.exe	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 2964 wrote to memory of 2812	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2964 wrote to memory of 2812	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2964 wrote to memory of 2812	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2964 wrote to memory of 1536	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2964 wrote to memory of 1536	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2964 wrote to memory of 1536	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2964 wrote to memory of 2704	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2964 wrote to memory of 2704	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2964 wrote to memory of 2704	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2964 wrote to memory of 2788	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2964 wrote to memory of 2788	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2964 wrote to memory of 2788	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2964 wrote to memory of 2832	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2964 wrote to memory of 2832	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2964 wrote to memory of 2832	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2964 wrote to memory of 2816	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2964 wrote to memory of 2816	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2964 wrote to memory of 2816	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2964 wrote to memory of 2828	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2964 wrote to memory of 2828	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2964 wrote to memory of 2828	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2964 wrote to memory of 2696	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2964 wrote to memory of 2696	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2964 wrote to memory of 2696	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2964 wrote to memory of 2616	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2964 wrote to memory of 2616	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2964 wrote to memory of 2616	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2964 wrote to memory of 2580	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2964 wrote to memory of 2580	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2964 wrote to memory of 2580	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2964 wrote to memory of 2632	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2964 wrote to memory of 2632	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2964 wrote to memory of 2632	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2964 wrote to memory of 3024	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2964 wrote to memory of 3024	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2964 wrote to memory of 3024	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2964 wrote to memory of 2732	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2964 wrote to memory of 2732	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2964 wrote to memory of 2732	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2964 wrote to memory of 644	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2964 wrote to memory of 644	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2964 wrote to memory of 644	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2964 wrote to memory of 2396	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2964 wrote to memory of 2396	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2964 wrote to memory of 2396	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2964 wrote to memory of 2956	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2964 wrote to memory of 2956	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2964 wrote to memory of 2956	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2964 wrote to memory of 3012	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2964 wrote to memory of 3012	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2964 wrote to memory of 3012	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2964 wrote to memory of 2176	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2964 wrote to memory of 2176	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2964 wrote to memory of 2176	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2964 wrote to memory of 2464	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2964 wrote to memory of 2464	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2964 wrote to memory of 2464	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2964 wrote to memory of 1660	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2964 wrote to memory of 1660	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2964 wrote to memory of 1660	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2964 wrote to memory of 2012	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2964 wrote to memory of 2012	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2964 wrote to memory of 2012	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2964 wrote to memory of 2032	2964	2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-25_d065fa6e864310e54f64849709302285_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Windows\System\bHEyLgW.exe
  C:\Windows\System\bHEyLgW.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\CcPxgsp.exe
  C:\Windows\System\CcPxgsp.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\ZkhtRLK.exe
  C:\Windows\System\ZkhtRLK.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\ecQNhDV.exe
  C:\Windows\System\ecQNhDV.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\ZkWrqGY.exe
  C:\Windows\System\ZkWrqGY.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\hMAPweC.exe
  C:\Windows\System\hMAPweC.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\SLeHtNf.exe
  C:\Windows\System\SLeHtNf.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\nHynrMv.exe
  C:\Windows\System\nHynrMv.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\zVOkGVQ.exe
  C:\Windows\System\zVOkGVQ.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\hYXiMdo.exe
  C:\Windows\System\hYXiMdo.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\kEmkDPT.exe
  C:\Windows\System\kEmkDPT.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\XxsjMcf.exe
  C:\Windows\System\XxsjMcf.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\kXlFMKw.exe
  C:\Windows\System\kXlFMKw.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\TBiyBCK.exe
  C:\Windows\System\TBiyBCK.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\WAdkkMj.exe
  C:\Windows\System\WAdkkMj.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\UEhaEXc.exe
  C:\Windows\System\UEhaEXc.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\wGyUMkS.exe
  C:\Windows\System\wGyUMkS.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\BQKhWpQ.exe
  C:\Windows\System\BQKhWpQ.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\svImIHZ.exe
  C:\Windows\System\svImIHZ.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\VdxQVSS.exe
  C:\Windows\System\VdxQVSS.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\APzkHZX.exe
  C:\Windows\System\APzkHZX.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\vVsDnVi.exe
  C:\Windows\System\vVsDnVi.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\IaGfNNy.exe
  C:\Windows\System\IaGfNNy.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\WpsEZYA.exe
  C:\Windows\System\WpsEZYA.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\kDitHBV.exe
  C:\Windows\System\kDitHBV.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\FgLmPDM.exe
  C:\Windows\System\FgLmPDM.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\rlgHeIO.exe
  C:\Windows\System\rlgHeIO.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\xNHtldk.exe
  C:\Windows\System\xNHtldk.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\dRiOdhn.exe
  C:\Windows\System\dRiOdhn.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\aKRbGln.exe
  C:\Windows\System\aKRbGln.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\wMzORsy.exe
  C:\Windows\System\wMzORsy.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\gcCqiIt.exe
  C:\Windows\System\gcCqiIt.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\foDpBjE.exe
  C:\Windows\System\foDpBjE.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\byoMjIi.exe
  C:\Windows\System\byoMjIi.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\VbMZVpq.exe
  C:\Windows\System\VbMZVpq.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\xkOgYaS.exe
  C:\Windows\System\xkOgYaS.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\zdjLnpX.exe
  C:\Windows\System\zdjLnpX.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\qZsaxSU.exe
  C:\Windows\System\qZsaxSU.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\DljgIap.exe
  C:\Windows\System\DljgIap.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\LAeIkyP.exe
  C:\Windows\System\LAeIkyP.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\yeYZzdO.exe
  C:\Windows\System\yeYZzdO.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\uQgRxKJ.exe
  C:\Windows\System\uQgRxKJ.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\LWwHBrZ.exe
  C:\Windows\System\LWwHBrZ.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\fjjTvKL.exe
  C:\Windows\System\fjjTvKL.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\VTTUKrT.exe
  C:\Windows\System\VTTUKrT.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\DoGAxRE.exe
  C:\Windows\System\DoGAxRE.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\sNMwFMn.exe
  C:\Windows\System\sNMwFMn.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\JFNjkUV.exe
  C:\Windows\System\JFNjkUV.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\srmUZZS.exe
  C:\Windows\System\srmUZZS.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\FctVwlt.exe
  C:\Windows\System\FctVwlt.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\UxmTMuB.exe
  C:\Windows\System\UxmTMuB.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\dOBcdIr.exe
  C:\Windows\System\dOBcdIr.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\tTyRTZZ.exe
  C:\Windows\System\tTyRTZZ.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\smGLzcr.exe
  C:\Windows\System\smGLzcr.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\hnwqfiz.exe
  C:\Windows\System\hnwqfiz.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\OPzSQOT.exe
  C:\Windows\System\OPzSQOT.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\elVHuAM.exe
  C:\Windows\System\elVHuAM.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\HidGZZL.exe
  C:\Windows\System\HidGZZL.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\USCfxpC.exe
  C:\Windows\System\USCfxpC.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\kfDaSxR.exe
  C:\Windows\System\kfDaSxR.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\ljrOWWC.exe
  C:\Windows\System\ljrOWWC.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\vDDEpZA.exe
  C:\Windows\System\vDDEpZA.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\ndODRmo.exe
  C:\Windows\System\ndODRmo.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\YXkpPHW.exe
  C:\Windows\System\YXkpPHW.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\oViiOuU.exe
  C:\Windows\System\oViiOuU.exe
  2⤵
  PID:1756
- C:\Windows\System\kdqZhKN.exe
  C:\Windows\System\kdqZhKN.exe
  2⤵
  PID:1188
- C:\Windows\System\gnZeTPu.exe
  C:\Windows\System\gnZeTPu.exe
  2⤵
  PID:1492
- C:\Windows\System\dcLQnVR.exe
  C:\Windows\System\dcLQnVR.exe
  2⤵
  PID:2392
- C:\Windows\System\IRETKnC.exe
  C:\Windows\System\IRETKnC.exe
  2⤵
  PID:532
- C:\Windows\System\gCZGpfN.exe
  C:\Windows\System\gCZGpfN.exe
  2⤵
  PID:1644
- C:\Windows\System\ILKpRjk.exe
  C:\Windows\System\ILKpRjk.exe
  2⤵
  PID:376
- C:\Windows\System\hvTRhDY.exe
  C:\Windows\System\hvTRhDY.exe
  2⤵
  PID:404
- C:\Windows\System\AlMwRzD.exe
  C:\Windows\System\AlMwRzD.exe
  2⤵
  PID:2156
- C:\Windows\System\chvXcBb.exe
  C:\Windows\System\chvXcBb.exe
  2⤵
  PID:1752
- C:\Windows\System\WcKaRva.exe
  C:\Windows\System\WcKaRva.exe
  2⤵
  PID:2268
- C:\Windows\System\rUhoWXE.exe
  C:\Windows\System\rUhoWXE.exe
  2⤵
  PID:2880
- C:\Windows\System\CPLhGVv.exe
  C:\Windows\System\CPLhGVv.exe
  2⤵
  PID:2744
- C:\Windows\System\tLeYKiJ.exe
  C:\Windows\System\tLeYKiJ.exe
  2⤵
  PID:1044
- C:\Windows\System\zffwnXz.exe
  C:\Windows\System\zffwnXz.exe
  2⤵
  PID:1724
- C:\Windows\System\XPhzvkd.exe
  C:\Windows\System\XPhzvkd.exe
  2⤵
  PID:1976
- C:\Windows\System\npAvYUK.exe
  C:\Windows\System\npAvYUK.exe
  2⤵
  PID:1664
- C:\Windows\System\IXQtutx.exe
  C:\Windows\System\IXQtutx.exe
  2⤵
  PID:984
- C:\Windows\System\FOAMTTZ.exe
  C:\Windows\System\FOAMTTZ.exe
  2⤵
  PID:2384
- C:\Windows\System\cNezfgE.exe
  C:\Windows\System\cNezfgE.exe
  2⤵
  PID:820
- C:\Windows\System\XQgeGPd.exe
  C:\Windows\System\XQgeGPd.exe
  2⤵
  PID:2028
- C:\Windows\System\oFyFRxE.exe
  C:\Windows\System\oFyFRxE.exe
  2⤵
  PID:1956
- C:\Windows\System\BhbxXgz.exe
  C:\Windows\System\BhbxXgz.exe
  2⤵
  PID:884
- C:\Windows\System\JicVKNr.exe
  C:\Windows\System\JicVKNr.exe
  2⤵
  PID:2508
- C:\Windows\System\YVadoag.exe
  C:\Windows\System\YVadoag.exe
  2⤵
  PID:2876
- C:\Windows\System\dwHHAfJ.exe
  C:\Windows\System\dwHHAfJ.exe
  2⤵
  PID:2240
- C:\Windows\System\XEImnHT.exe
  C:\Windows\System\XEImnHT.exe
  2⤵
  PID:2600
- C:\Windows\System\MHuBxnp.exe
  C:\Windows\System\MHuBxnp.exe
  2⤵
  PID:2556
- C:\Windows\System\zQnCzaj.exe
  C:\Windows\System\zQnCzaj.exe
  2⤵
  PID:2736
- C:\Windows\System\QjTBMAS.exe
  C:\Windows\System\QjTBMAS.exe
  2⤵
  PID:2056
- C:\Windows\System\cBFZgVx.exe
  C:\Windows\System\cBFZgVx.exe
  2⤵
  PID:2144
- C:\Windows\System\bzQZDiH.exe
  C:\Windows\System\bzQZDiH.exe
  2⤵
  PID:264
- C:\Windows\System\qCohXiW.exe
  C:\Windows\System\qCohXiW.exe
  2⤵
  PID:1972
- C:\Windows\System\VRiZtNn.exe
  C:\Windows\System\VRiZtNn.exe
  2⤵
  PID:1324
- C:\Windows\System\nkTOQjH.exe
  C:\Windows\System\nkTOQjH.exe
  2⤵
  PID:1072
- C:\Windows\System\SVPSKOS.exe
  C:\Windows\System\SVPSKOS.exe
  2⤵
  PID:1828
- C:\Windows\System\sxPxvKw.exe
  C:\Windows\System\sxPxvKw.exe
  2⤵
  PID:1688
- C:\Windows\System\TDYMaZz.exe
  C:\Windows\System\TDYMaZz.exe
  2⤵
  PID:1704
- C:\Windows\System\KwgXabU.exe
  C:\Windows\System\KwgXabU.exe
  2⤵
  PID:1564
- C:\Windows\System\VZseiwB.exe
  C:\Windows\System\VZseiwB.exe
  2⤵
  PID:1708
- C:\Windows\System\rgjKDCf.exe
  C:\Windows\System\rgjKDCf.exe
  2⤵
  PID:2104
- C:\Windows\System\vASEIvC.exe
  C:\Windows\System\vASEIvC.exe
  2⤵
  PID:2888
- C:\Windows\System\rGynRPG.exe
  C:\Windows\System\rGynRPG.exe
  2⤵
  PID:3036
- C:\Windows\System\HUahnsS.exe
  C:\Windows\System\HUahnsS.exe
  2⤵
  PID:1560
- C:\Windows\System\LhVRtZz.exe
  C:\Windows\System\LhVRtZz.exe
  2⤵
  PID:2776
- C:\Windows\System\iZXnbkp.exe
  C:\Windows\System\iZXnbkp.exe
  2⤵
  PID:2348
- C:\Windows\System\cUlAPsX.exe
  C:\Windows\System\cUlAPsX.exe
  2⤵
  PID:2220
- C:\Windows\System\aTnXhpG.exe
  C:\Windows\System\aTnXhpG.exe
  2⤵
  PID:2416
- C:\Windows\System\RmESIyn.exe
  C:\Windows\System\RmESIyn.exe
  2⤵
  PID:680
- C:\Windows\System\wNbwlIz.exe
  C:\Windows\System\wNbwlIz.exe
  2⤵
  PID:540
- C:\Windows\System\ApKNkcy.exe
  C:\Windows\System\ApKNkcy.exe
  2⤵
  PID:2180
- C:\Windows\System\Xyhmyfx.exe
  C:\Windows\System\Xyhmyfx.exe
  2⤵
  PID:1396
- C:\Windows\System\FIINAkO.exe
  C:\Windows\System\FIINAkO.exe
  2⤵
  PID:1500
- C:\Windows\System\nSjvdYZ.exe
  C:\Windows\System\nSjvdYZ.exe
  2⤵
  PID:1532
- C:\Windows\System\zEbVDZK.exe
  C:\Windows\System\zEbVDZK.exe
  2⤵
  PID:3084
- C:\Windows\System\UyTeSuz.exe
  C:\Windows\System\UyTeSuz.exe
  2⤵
  PID:3100
- C:\Windows\System\LVRDoTx.exe
  C:\Windows\System\LVRDoTx.exe
  2⤵
  PID:3116
- C:\Windows\System\CRXZopK.exe
  C:\Windows\System\CRXZopK.exe
  2⤵
  PID:3132
- C:\Windows\System\aEszhDa.exe
  C:\Windows\System\aEszhDa.exe
  2⤵
  PID:3156
- C:\Windows\System\vHPbIGQ.exe
  C:\Windows\System\vHPbIGQ.exe
  2⤵
  PID:3184
- C:\Windows\System\DbsyUOn.exe
  C:\Windows\System\DbsyUOn.exe
  2⤵
  PID:3208
- C:\Windows\System\RaduBbZ.exe
  C:\Windows\System\RaduBbZ.exe
  2⤵
  PID:3224
- C:\Windows\System\NlstMor.exe
  C:\Windows\System\NlstMor.exe
  2⤵
  PID:3256
- C:\Windows\System\tydjPVr.exe
  C:\Windows\System\tydjPVr.exe
  2⤵
  PID:3272
- C:\Windows\System\ZAqFEjq.exe
  C:\Windows\System\ZAqFEjq.exe
  2⤵
  PID:3288
- C:\Windows\System\KlpSLBC.exe
  C:\Windows\System\KlpSLBC.exe
  2⤵
  PID:3304
- C:\Windows\System\CtAjvMh.exe
  C:\Windows\System\CtAjvMh.exe
  2⤵
  PID:3320
- C:\Windows\System\FSzJVyu.exe
  C:\Windows\System\FSzJVyu.exe
  2⤵
  PID:3336
- C:\Windows\System\ypiXAFC.exe
  C:\Windows\System\ypiXAFC.exe
  2⤵
  PID:3352
- C:\Windows\System\bdHzujc.exe
  C:\Windows\System\bdHzujc.exe
  2⤵
  PID:3368
- C:\Windows\System\UQIKFGt.exe
  C:\Windows\System\UQIKFGt.exe
  2⤵
  PID:3384
- C:\Windows\System\yRwyErE.exe
  C:\Windows\System\yRwyErE.exe
  2⤵
  PID:3400
- C:\Windows\System\uFEnHDa.exe
  C:\Windows\System\uFEnHDa.exe
  2⤵
  PID:3416
- C:\Windows\System\yBTYeLj.exe
  C:\Windows\System\yBTYeLj.exe
  2⤵
  PID:3432
- C:\Windows\System\Hzywzfv.exe
  C:\Windows\System\Hzywzfv.exe
  2⤵
  PID:3448
- C:\Windows\System\jcpuHlW.exe
  C:\Windows\System\jcpuHlW.exe
  2⤵
  PID:3464
- C:\Windows\System\PzxCSBL.exe
  C:\Windows\System\PzxCSBL.exe
  2⤵
  PID:3480
- C:\Windows\System\MfEkBJl.exe
  C:\Windows\System\MfEkBJl.exe
  2⤵
  PID:3508
- C:\Windows\System\hofDMoX.exe
  C:\Windows\System\hofDMoX.exe
  2⤵
  PID:3544
- C:\Windows\System\GMNNfBE.exe
  C:\Windows\System\GMNNfBE.exe
  2⤵
  PID:3564
- C:\Windows\System\KBRoWrb.exe
  C:\Windows\System\KBRoWrb.exe
  2⤵
  PID:3584
- C:\Windows\System\DpaEzjo.exe
  C:\Windows\System\DpaEzjo.exe
  2⤵
  PID:3608
- C:\Windows\System\GfMlkUL.exe
  C:\Windows\System\GfMlkUL.exe
  2⤵
  PID:3628
- C:\Windows\System\cVdgnlh.exe
  C:\Windows\System\cVdgnlh.exe
  2⤵
  PID:3644
- C:\Windows\System\NJsPFyZ.exe
  C:\Windows\System\NJsPFyZ.exe
  2⤵
  PID:3660
- C:\Windows\System\WxdJbeC.exe
  C:\Windows\System\WxdJbeC.exe
  2⤵
  PID:3676
- C:\Windows\System\cUncYDI.exe
  C:\Windows\System\cUncYDI.exe
  2⤵
  PID:3692
- C:\Windows\System\XeMlVUo.exe
  C:\Windows\System\XeMlVUo.exe
  2⤵
  PID:3708
- C:\Windows\System\JDrCDZX.exe
  C:\Windows\System\JDrCDZX.exe
  2⤵
  PID:3724
- C:\Windows\System\ZCgPKvc.exe
  C:\Windows\System\ZCgPKvc.exe
  2⤵
  PID:3740
- C:\Windows\System\itMIKKr.exe
  C:\Windows\System\itMIKKr.exe
  2⤵
  PID:3760
- C:\Windows\System\oZITsfe.exe
  C:\Windows\System\oZITsfe.exe
  2⤵
  PID:3788
- C:\Windows\System\dZkltUi.exe
  C:\Windows\System\dZkltUi.exe
  2⤵
  PID:3824
- C:\Windows\System\WcSopqO.exe
  C:\Windows\System\WcSopqO.exe
  2⤵
  PID:3844
- C:\Windows\System\weGWzMg.exe
  C:\Windows\System\weGWzMg.exe
  2⤵
  PID:3860
- C:\Windows\System\WhOsJtO.exe
  C:\Windows\System\WhOsJtO.exe
  2⤵
  PID:3880
- C:\Windows\System\NxUOxBY.exe
  C:\Windows\System\NxUOxBY.exe
  2⤵
  PID:3896
- C:\Windows\System\HOmpjzS.exe
  C:\Windows\System\HOmpjzS.exe
  2⤵
  PID:3912
- C:\Windows\System\YvfmcqP.exe
  C:\Windows\System\YvfmcqP.exe
  2⤵
  PID:3956
- C:\Windows\System\JOuJPgz.exe
  C:\Windows\System\JOuJPgz.exe
  2⤵
  PID:4040
- C:\Windows\System\QYLOHAb.exe
  C:\Windows\System\QYLOHAb.exe
  2⤵
  PID:4056
- C:\Windows\System\ZPmcWGD.exe
  C:\Windows\System\ZPmcWGD.exe
  2⤵
  PID:4072
- C:\Windows\System\CjDFLGb.exe
  C:\Windows\System\CjDFLGb.exe
  2⤵
  PID:4088
- C:\Windows\System\pstzuax.exe
  C:\Windows\System\pstzuax.exe
  2⤵
  PID:1968
- C:\Windows\System\aTtFbig.exe
  C:\Windows\System\aTtFbig.exe
  2⤵
  PID:3060
- C:\Windows\System\KvkuwoB.exe
  C:\Windows\System\KvkuwoB.exe
  2⤵
  PID:2768
- C:\Windows\System\KkozWDK.exe
  C:\Windows\System\KkozWDK.exe
  2⤵
  PID:2140
- C:\Windows\System\YDzceuC.exe
  C:\Windows\System\YDzceuC.exe
  2⤵
  PID:1716
- C:\Windows\System\fSPVlTY.exe
  C:\Windows\System\fSPVlTY.exe
  2⤵
  PID:1352
- C:\Windows\System\ROKLAyL.exe
  C:\Windows\System\ROKLAyL.exe
  2⤵
  PID:3096
- C:\Windows\System\NFcVsvH.exe
  C:\Windows\System\NFcVsvH.exe
  2⤵
  PID:2172
- C:\Windows\System\DjCugfQ.exe
  C:\Windows\System\DjCugfQ.exe
  2⤵
  PID:2264
- C:\Windows\System\jmzxGGE.exe
  C:\Windows\System\jmzxGGE.exe
  2⤵
  PID:2408
- C:\Windows\System\jIJYvoc.exe
  C:\Windows\System\jIJYvoc.exe
  2⤵
  PID:3332
- C:\Windows\System\wQfOdPq.exe
  C:\Windows\System\wQfOdPq.exe
  2⤵
  PID:3396
- C:\Windows\System\CqrOylm.exe
  C:\Windows\System\CqrOylm.exe
  2⤵
  PID:3152
- C:\Windows\System\tPrkiTh.exe
  C:\Windows\System\tPrkiTh.exe
  2⤵
  PID:3108
- C:\Windows\System\wiRdeTw.exe
  C:\Windows\System\wiRdeTw.exe
  2⤵
  PID:3232
- C:\Windows\System\KFzSSXF.exe
  C:\Windows\System\KFzSSXF.exe
  2⤵
  PID:3252
- C:\Windows\System\Gzgudqt.exe
  C:\Windows\System\Gzgudqt.exe
  2⤵
  PID:3460
- C:\Windows\System\hxEGyGq.exe
  C:\Windows\System\hxEGyGq.exe
  2⤵
  PID:3476
- C:\Windows\System\bzFzgpE.exe
  C:\Windows\System\bzFzgpE.exe
  2⤵
  PID:2568
- C:\Windows\System\KtenujF.exe
  C:\Windows\System\KtenujF.exe
  2⤵
  PID:2800
- C:\Windows\System\PHFBgeE.exe
  C:\Windows\System\PHFBgeE.exe
  2⤵
  PID:2772
- C:\Windows\System\VNtBneu.exe
  C:\Windows\System\VNtBneu.exe
  2⤵
  PID:2708
- C:\Windows\System\kJxaIwz.exe
  C:\Windows\System\kJxaIwz.exe
  2⤵
  PID:2868
- C:\Windows\System\YPbcaEf.exe
  C:\Windows\System\YPbcaEf.exe
  2⤵
  PID:1868
- C:\Windows\System\lDtngwa.exe
  C:\Windows\System\lDtngwa.exe
  2⤵
  PID:3500
- C:\Windows\System\TjkAxTc.exe
  C:\Windows\System\TjkAxTc.exe
  2⤵
  PID:1232
- C:\Windows\System\ngsyitO.exe
  C:\Windows\System\ngsyitO.exe
  2⤵
  PID:464
- C:\Windows\System\SVczLlu.exe
  C:\Windows\System\SVczLlu.exe
  2⤵
  PID:3284
- C:\Windows\System\CTlbpuz.exe
  C:\Windows\System\CTlbpuz.exe
  2⤵
  PID:3412
- C:\Windows\System\EHFivDj.exe
  C:\Windows\System\EHFivDj.exe
  2⤵
  PID:2228
- C:\Windows\System\EYcaJGr.exe
  C:\Windows\System\EYcaJGr.exe
  2⤵
  PID:2456
- C:\Windows\System\YhxscZu.exe
  C:\Windows\System\YhxscZu.exe
  2⤵
  PID:3516
- C:\Windows\System\KSqfsgh.exe
  C:\Windows\System\KSqfsgh.exe
  2⤵
  PID:3528
- C:\Windows\System\JaiiAXV.exe
  C:\Windows\System\JaiiAXV.exe
  2⤵
  PID:3572
- C:\Windows\System\rvEwgMh.exe
  C:\Windows\System\rvEwgMh.exe
  2⤵
  PID:3616
- C:\Windows\System\bJDeqjR.exe
  C:\Windows\System\bJDeqjR.exe
  2⤵
  PID:3656
- C:\Windows\System\xInyzKj.exe
  C:\Windows\System\xInyzKj.exe
  2⤵
  PID:3596
- C:\Windows\System\jxPuGaa.exe
  C:\Windows\System\jxPuGaa.exe
  2⤵
  PID:3672
- C:\Windows\System\lHERYeI.exe
  C:\Windows\System\lHERYeI.exe
  2⤵
  PID:3704
- C:\Windows\System\oMCnRIQ.exe
  C:\Windows\System\oMCnRIQ.exe
  2⤵
  PID:3784
- C:\Windows\System\oYtpkTt.exe
  C:\Windows\System\oYtpkTt.exe
  2⤵
  PID:3868
- C:\Windows\System\TOHmcQE.exe
  C:\Windows\System\TOHmcQE.exe
  2⤵
  PID:3928
- C:\Windows\System\ApcPSxm.exe
  C:\Windows\System\ApcPSxm.exe
  2⤵
  PID:3944
- C:\Windows\System\FvtqyhH.exe
  C:\Windows\System\FvtqyhH.exe
  2⤵
  PID:3752
- C:\Windows\System\uiizWgL.exe
  C:\Windows\System\uiizWgL.exe
  2⤵
  PID:3804
- C:\Windows\System\uzggCKb.exe
  C:\Windows\System\uzggCKb.exe
  2⤵
  PID:3852
- C:\Windows\System\timmPLN.exe
  C:\Windows\System\timmPLN.exe
  2⤵
  PID:3920
- C:\Windows\System\nLgeRMh.exe
  C:\Windows\System\nLgeRMh.exe
  2⤵
  PID:4052
- C:\Windows\System\UkhZsub.exe
  C:\Windows\System\UkhZsub.exe
  2⤵
  PID:2700
- C:\Windows\System\sWXSyry.exe
  C:\Windows\System\sWXSyry.exe
  2⤵
  PID:2612
- C:\Windows\System\oDAoUAl.exe
  C:\Windows\System\oDAoUAl.exe
  2⤵
  PID:3168
- C:\Windows\System\QJQtVak.exe
  C:\Windows\System\QJQtVak.exe
  2⤵
  PID:3972
- C:\Windows\System\FHriafI.exe
  C:\Windows\System\FHriafI.exe
  2⤵
  PID:4000
- C:\Windows\System\SdmgBDu.exe
  C:\Windows\System\SdmgBDu.exe
  2⤵
  PID:3984
- C:\Windows\System\imvxiVt.exe
  C:\Windows\System\imvxiVt.exe
  2⤵
  PID:4064
- C:\Windows\System\OsAosOH.exe
  C:\Windows\System\OsAosOH.exe
  2⤵
  PID:2820
- C:\Windows\System\sNYfMEg.exe
  C:\Windows\System\sNYfMEg.exe
  2⤵
  PID:3244
- C:\Windows\System\qVpklJy.exe
  C:\Windows\System\qVpklJy.exe
  2⤵
  PID:2684
- C:\Windows\System\nSRxvtT.exe
  C:\Windows\System\nSRxvtT.exe
  2⤵
  PID:392
- C:\Windows\System\AImatBV.exe
  C:\Windows\System\AImatBV.exe
  2⤵
  PID:2608
- C:\Windows\System\dgUaDZA.exe
  C:\Windows\System\dgUaDZA.exe
  2⤵
  PID:2536
- C:\Windows\System\bJIDYvP.exe
  C:\Windows\System\bJIDYvP.exe
  2⤵
  PID:3092
- C:\Windows\System\AKmFpSq.exe
  C:\Windows\System\AKmFpSq.exe
  2⤵
  PID:3144
- C:\Windows\System\yPhLHki.exe
  C:\Windows\System\yPhLHki.exe
  2⤵
  PID:3204
- C:\Windows\System\tyGQPJM.exe
  C:\Windows\System\tyGQPJM.exe
  2⤵
  PID:2668
- C:\Windows\System\Oqoqaxq.exe
  C:\Windows\System\Oqoqaxq.exe
  2⤵
  PID:2256
- C:\Windows\System\hhfVhmv.exe
  C:\Windows\System\hhfVhmv.exe
  2⤵
  PID:2920
- C:\Windows\System\gpaigEs.exe
  C:\Windows\System\gpaigEs.exe
  2⤵
  PID:3408
- C:\Windows\System\yJWEzGd.exe
  C:\Windows\System\yJWEzGd.exe
  2⤵
  PID:3056
- C:\Windows\System\rtmkSic.exe
  C:\Windows\System\rtmkSic.exe
  2⤵
  PID:2604
- C:\Windows\System\foniNzk.exe
  C:\Windows\System\foniNzk.exe
  2⤵
  PID:2212
- C:\Windows\System\qKJEAws.exe
  C:\Windows\System\qKJEAws.exe
  2⤵
  PID:1864
- C:\Windows\System\KGMonJg.exe
  C:\Windows\System\KGMonJg.exe
  2⤵
  PID:3532
- C:\Windows\System\qXxyMZN.exe
  C:\Windows\System\qXxyMZN.exe
  2⤵
  PID:2008
- C:\Windows\System\gareCQu.exe
  C:\Windows\System\gareCQu.exe
  2⤵
  PID:3904
- C:\Windows\System\TtziHXX.exe
  C:\Windows\System\TtziHXX.exe
  2⤵
  PID:3940
- C:\Windows\System\aMnntWI.exe
  C:\Windows\System\aMnntWI.exe
  2⤵
  PID:3748
- C:\Windows\System\QxxbCPv.exe
  C:\Windows\System\QxxbCPv.exe
  2⤵
  PID:4048
- C:\Windows\System\ZfCBGtW.exe
  C:\Windows\System\ZfCBGtW.exe
  2⤵
  PID:3936
- C:\Windows\System\fvWggnk.exe
  C:\Windows\System\fvWggnk.exe
  2⤵
  PID:3980
- C:\Windows\System\eGcCFQx.exe
  C:\Windows\System\eGcCFQx.exe
  2⤵
  PID:2916
- C:\Windows\System\wGdeCDg.exe
  C:\Windows\System\wGdeCDg.exe
  2⤵
  PID:4008
- C:\Windows\System\XTEdiWQ.exe
  C:\Windows\System\XTEdiWQ.exe
  2⤵
  PID:3988
- C:\Windows\System\GgdnUzp.exe
  C:\Windows\System\GgdnUzp.exe
  2⤵
  PID:2004
- C:\Windows\System\ZkmdApL.exe
  C:\Windows\System\ZkmdApL.exe
  2⤵
  PID:3200
- C:\Windows\System\NDqTczw.exe
  C:\Windows\System\NDqTczw.exe
  2⤵
  PID:2984
- C:\Windows\System\diEwCbV.exe
  C:\Windows\System\diEwCbV.exe
  2⤵
  PID:2584
- C:\Windows\System\cVZtrXa.exe
  C:\Windows\System\cVZtrXa.exe
  2⤵
  PID:2060
- C:\Windows\System\FbpkqQX.exe
  C:\Windows\System\FbpkqQX.exe
  2⤵
  PID:3624
- C:\Windows\System\PThOlpi.exe
  C:\Windows\System\PThOlpi.exe
  2⤵
  PID:3344
- C:\Windows\System\jdnCaGg.exe
  C:\Windows\System\jdnCaGg.exe
  2⤵
  PID:3328
- C:\Windows\System\SIXeVvh.exe
  C:\Windows\System\SIXeVvh.exe
  2⤵
  PID:1748
- C:\Windows\System\UeyPRQj.exe
  C:\Windows\System\UeyPRQj.exe
  2⤵
  PID:3592
- C:\Windows\System\sTXVTGv.exe
  C:\Windows\System\sTXVTGv.exe
  2⤵
  PID:2112
- C:\Windows\System\yFnOkHH.exe
  C:\Windows\System\yFnOkHH.exe
  2⤵
  PID:3816
- C:\Windows\System\VjnHZSn.exe
  C:\Windows\System\VjnHZSn.exe
  2⤵
  PID:1524
- C:\Windows\System\WlfQmdN.exe
  C:\Windows\System\WlfQmdN.exe
  2⤵
  PID:3780
- C:\Windows\System\ZjCMEgx.exe
  C:\Windows\System\ZjCMEgx.exe
  2⤵
  PID:3888
- C:\Windows\System\DowIgHq.exe
  C:\Windows\System\DowIgHq.exe
  2⤵
  PID:4016
- C:\Windows\System\jVnAahS.exe
  C:\Windows\System\jVnAahS.exe
  2⤵
  PID:4020
- C:\Windows\System\oKffntd.exe
  C:\Windows\System\oKffntd.exe
  2⤵
  PID:3392
- C:\Windows\System\LaylgjL.exe
  C:\Windows\System\LaylgjL.exe
  2⤵
  PID:3044
- C:\Windows\System\jTmpayg.exe
  C:\Windows\System\jTmpayg.exe
  2⤵
  PID:2208
- C:\Windows\System\oGSApXs.exe
  C:\Windows\System\oGSApXs.exe
  2⤵
  PID:3380
- C:\Windows\System\BmuaqCl.exe
  C:\Windows\System\BmuaqCl.exe
  2⤵
  PID:1784
- C:\Windows\System\RHQGlol.exe
  C:\Windows\System\RHQGlol.exe
  2⤵
  PID:3580
- C:\Windows\System\JoKCmvt.exe
  C:\Windows\System\JoKCmvt.exe
  2⤵
  PID:3496
- C:\Windows\System\samLVXZ.exe
  C:\Windows\System\samLVXZ.exe
  2⤵
  PID:3540
- C:\Windows\System\tjtLliJ.exe
  C:\Windows\System\tjtLliJ.exe
  2⤵
  PID:3892
- C:\Windows\System\fhBplSY.exe
  C:\Windows\System\fhBplSY.exe
  2⤵
  PID:4100
- C:\Windows\System\djGcGun.exe
  C:\Windows\System\djGcGun.exe
  2⤵
  PID:4116
- C:\Windows\System\MsktYwq.exe
  C:\Windows\System\MsktYwq.exe
  2⤵
  PID:4132
- C:\Windows\System\YFlRdeM.exe
  C:\Windows\System\YFlRdeM.exe
  2⤵
  PID:4148
- C:\Windows\System\YytKELK.exe
  C:\Windows\System\YytKELK.exe
  2⤵
  PID:4172
- C:\Windows\System\ufJrMJk.exe
  C:\Windows\System\ufJrMJk.exe
  2⤵
  PID:4192
- C:\Windows\System\JERfGSL.exe
  C:\Windows\System\JERfGSL.exe
  2⤵
  PID:4212
- C:\Windows\System\XHFTHJZ.exe
  C:\Windows\System\XHFTHJZ.exe
  2⤵
  PID:4276
- C:\Windows\System\uPnraqw.exe
  C:\Windows\System\uPnraqw.exe
  2⤵
  PID:4304
- C:\Windows\System\PVLUGUR.exe
  C:\Windows\System\PVLUGUR.exe
  2⤵
  PID:4324
- C:\Windows\System\UTBUBuv.exe
  C:\Windows\System\UTBUBuv.exe
  2⤵
  PID:4340
- C:\Windows\System\cIXVdMh.exe
  C:\Windows\System\cIXVdMh.exe
  2⤵
  PID:4356
- C:\Windows\System\AhYptVs.exe
  C:\Windows\System\AhYptVs.exe
  2⤵
  PID:4376
- C:\Windows\System\XxYMsgy.exe
  C:\Windows\System\XxYMsgy.exe
  2⤵
  PID:4392
- C:\Windows\System\UZyZPSp.exe
  C:\Windows\System\UZyZPSp.exe
  2⤵
  PID:4412
- C:\Windows\System\ubjxjEV.exe
  C:\Windows\System\ubjxjEV.exe
  2⤵
  PID:4428
- C:\Windows\System\FxUoGGK.exe
  C:\Windows\System\FxUoGGK.exe
  2⤵
  PID:4448
- C:\Windows\System\FTcYzda.exe
  C:\Windows\System\FTcYzda.exe
  2⤵
  PID:4464
- C:\Windows\System\VHoEywZ.exe
  C:\Windows\System\VHoEywZ.exe
  2⤵
  PID:4480
- C:\Windows\System\QKgwBNc.exe
  C:\Windows\System\QKgwBNc.exe
  2⤵
  PID:4496
- C:\Windows\System\rxhIPOb.exe
  C:\Windows\System\rxhIPOb.exe
  2⤵
  PID:4548
- C:\Windows\System\fRdOTtW.exe
  C:\Windows\System\fRdOTtW.exe
  2⤵
  PID:4564
- C:\Windows\System\FsZmfdM.exe
  C:\Windows\System\FsZmfdM.exe
  2⤵
  PID:4580
- C:\Windows\System\mFragkB.exe
  C:\Windows\System\mFragkB.exe
  2⤵
  PID:4600
- C:\Windows\System\SHMwJlO.exe
  C:\Windows\System\SHMwJlO.exe
  2⤵
  PID:4616
- C:\Windows\System\JrKewuu.exe
  C:\Windows\System\JrKewuu.exe
  2⤵
  PID:4632
- C:\Windows\System\ZoIooEg.exe
  C:\Windows\System\ZoIooEg.exe
  2⤵
  PID:4652
- C:\Windows\System\ZYqCsEz.exe
  C:\Windows\System\ZYqCsEz.exe
  2⤵
  PID:4688
- C:\Windows\System\qxRdouW.exe
  C:\Windows\System\qxRdouW.exe
  2⤵
  PID:4704
- C:\Windows\System\QqZJKBz.exe
  C:\Windows\System\QqZJKBz.exe
  2⤵
  PID:4720
- C:\Windows\System\iFoXmHy.exe
  C:\Windows\System\iFoXmHy.exe
  2⤵
  PID:4744
- C:\Windows\System\zdpCjNu.exe
  C:\Windows\System\zdpCjNu.exe
  2⤵
  PID:4760
- C:\Windows\System\KaESnzi.exe
  C:\Windows\System\KaESnzi.exe
  2⤵
  PID:4780
- C:\Windows\System\URojlJs.exe
  C:\Windows\System\URojlJs.exe
  2⤵
  PID:4796
- C:\Windows\System\wpjEZmL.exe
  C:\Windows\System\wpjEZmL.exe
  2⤵
  PID:4816
- C:\Windows\System\KVtiTZz.exe
  C:\Windows\System\KVtiTZz.exe
  2⤵
  PID:4836
- C:\Windows\System\sIMPiLt.exe
  C:\Windows\System\sIMPiLt.exe
  2⤵
  PID:4852
- C:\Windows\System\vyKLYwO.exe
  C:\Windows\System\vyKLYwO.exe
  2⤵
  PID:4868
- C:\Windows\System\hmzCvET.exe
  C:\Windows\System\hmzCvET.exe
  2⤵
  PID:4888
- C:\Windows\System\fCYvTqz.exe
  C:\Windows\System\fCYvTqz.exe
  2⤵
  PID:4912
- C:\Windows\System\ZmwyRRH.exe
  C:\Windows\System\ZmwyRRH.exe
  2⤵
  PID:4928
- C:\Windows\System\ebNAYxm.exe
  C:\Windows\System\ebNAYxm.exe
  2⤵
  PID:4944
- C:\Windows\System\hAhYTJu.exe
  C:\Windows\System\hAhYTJu.exe
  2⤵
  PID:4988
- C:\Windows\System\HBichMG.exe
  C:\Windows\System\HBichMG.exe
  2⤵
  PID:5004
- C:\Windows\System\XwPNcik.exe
  C:\Windows\System\XwPNcik.exe
  2⤵
  PID:5020
- C:\Windows\System\OmftcPo.exe
  C:\Windows\System\OmftcPo.exe
  2⤵
  PID:5036
- C:\Windows\System\NCzCTZi.exe
  C:\Windows\System\NCzCTZi.exe
  2⤵
  PID:5056
- C:\Windows\System\csIhwdg.exe
  C:\Windows\System\csIhwdg.exe
  2⤵
  PID:5076
- C:\Windows\System\Ijawwqx.exe
  C:\Windows\System\Ijawwqx.exe
  2⤵
  PID:5096
- C:\Windows\System\ZRVoSvW.exe
  C:\Windows\System\ZRVoSvW.exe
  2⤵
  PID:5112
- C:\Windows\System\IWrIGyR.exe
  C:\Windows\System\IWrIGyR.exe
  2⤵
  PID:3076
- C:\Windows\System\YHRYojq.exe
  C:\Windows\System\YHRYojq.exe
  2⤵
  PID:3652
- C:\Windows\System\DJpDURk.exe
  C:\Windows\System\DJpDURk.exe
  2⤵
  PID:2652
- C:\Windows\System\LYhDZug.exe
  C:\Windows\System\LYhDZug.exe
  2⤵
  PID:2596
- C:\Windows\System\RfUBgWJ.exe
  C:\Windows\System\RfUBgWJ.exe
  2⤵
  PID:892
- C:\Windows\System\QrRatTa.exe
  C:\Windows\System\QrRatTa.exe
  2⤵
  PID:2196
- C:\Windows\System\ZJQUfhi.exe
  C:\Windows\System\ZJQUfhi.exe
  2⤵
  PID:4140
- C:\Windows\System\VQeOHAU.exe
  C:\Windows\System\VQeOHAU.exe
  2⤵
  PID:4228
- C:\Windows\System\ikoDscF.exe
  C:\Windows\System\ikoDscF.exe
  2⤵
  PID:4244
- C:\Windows\System\pTqSSlT.exe
  C:\Windows\System\pTqSSlT.exe
  2⤵
  PID:4264
- C:\Windows\System\PdfntGe.exe
  C:\Windows\System\PdfntGe.exe
  2⤵
  PID:4124
- C:\Windows\System\ZulIaLf.exe
  C:\Windows\System\ZulIaLf.exe
  2⤵
  PID:4168
- C:\Windows\System\JvWTZGS.exe
  C:\Windows\System\JvWTZGS.exe
  2⤵
  PID:4288
- C:\Windows\System\QKGJqWj.exe
  C:\Windows\System\QKGJqWj.exe
  2⤵
  PID:4332
- C:\Windows\System\yAqhsmW.exe
  C:\Windows\System\yAqhsmW.exe
  2⤵
  PID:4400
- C:\Windows\System\WVMFpfC.exe
  C:\Windows\System\WVMFpfC.exe
  2⤵
  PID:4444
- C:\Windows\System\qkmFbGv.exe
  C:\Windows\System\qkmFbGv.exe
  2⤵
  PID:4516
- C:\Windows\System\sBCYrWn.exe
  C:\Windows\System\sBCYrWn.exe
  2⤵
  PID:4384
- C:\Windows\System\AylNCGR.exe
  C:\Windows\System\AylNCGR.exe
  2⤵
  PID:4424
- C:\Windows\System\bFVvePZ.exe
  C:\Windows\System\bFVvePZ.exe
  2⤵
  PID:4544
- C:\Windows\System\dhRognN.exe
  C:\Windows\System\dhRognN.exe
  2⤵
  PID:4576
- C:\Windows\System\CvltbdL.exe
  C:\Windows\System\CvltbdL.exe
  2⤵
  PID:4488
- C:\Windows\System\pYkdRKB.exe
  C:\Windows\System\pYkdRKB.exe
  2⤵
  PID:4560
- C:\Windows\System\dYhooVh.exe
  C:\Windows\System\dYhooVh.exe
  2⤵
  PID:4624
- C:\Windows\System\wOExldT.exe
  C:\Windows\System\wOExldT.exe
  2⤵
  PID:4668
- C:\Windows\System\omNfLwP.exe
  C:\Windows\System\omNfLwP.exe
  2⤵
  PID:4684
- C:\Windows\System\TaKfAfe.exe
  C:\Windows\System\TaKfAfe.exe
  2⤵
  PID:4712
- C:\Windows\System\tHfQuHH.exe
  C:\Windows\System\tHfQuHH.exe
  2⤵
  PID:4812
- C:\Windows\System\GUuIaOb.exe
  C:\Windows\System\GUuIaOb.exe
  2⤵
  PID:4876
- C:\Windows\System\saFSVWy.exe
  C:\Windows\System\saFSVWy.exe
  2⤵
  PID:4964
- C:\Windows\System\WIRAqqz.exe
  C:\Windows\System\WIRAqqz.exe
  2⤵
  PID:4824
- C:\Windows\System\CcQttSF.exe
  C:\Windows\System\CcQttSF.exe
  2⤵
  PID:4984
- C:\Windows\System\gMBCJvd.exe
  C:\Windows\System\gMBCJvd.exe
  2⤵
  PID:4896
- C:\Windows\System\eCiUkxD.exe
  C:\Windows\System\eCiUkxD.exe
  2⤵
  PID:5016
- C:\Windows\System\Jepcwhw.exe
  C:\Windows\System\Jepcwhw.exe
  2⤵
  PID:5084
- C:\Windows\System\rAYIews.exe
  C:\Windows\System\rAYIews.exe
  2⤵
  PID:3268
- C:\Windows\System\dSXsHvW.exe
  C:\Windows\System\dSXsHvW.exe
  2⤵
  PID:4904
- C:\Windows\System\OFaypWl.exe
  C:\Windows\System\OFaypWl.exe
  2⤵
  PID:2136
- C:\Windows\System\cQCfYiC.exe
  C:\Windows\System\cQCfYiC.exe
  2⤵
  PID:4996
- C:\Windows\System\IKbMKEE.exe
  C:\Windows\System\IKbMKEE.exe
  2⤵
  PID:3668
- C:\Windows\System\tCuGeXx.exe
  C:\Windows\System\tCuGeXx.exe
  2⤵
  PID:3008
- C:\Windows\System\icFECQA.exe
  C:\Windows\System\icFECQA.exe
  2⤵
  PID:832
- C:\Windows\System\gHHpYyj.exe
  C:\Windows\System\gHHpYyj.exe
  2⤵
  PID:4236
- C:\Windows\System\sBobjTq.exe
  C:\Windows\System\sBobjTq.exe
  2⤵
  PID:4364
- C:\Windows\System\XwZjPso.exe
  C:\Windows\System\XwZjPso.exe
  2⤵
  PID:4476
- C:\Windows\System\hsVbcvU.exe
  C:\Windows\System\hsVbcvU.exe
  2⤵
  PID:4320
- C:\Windows\System\TlSwgsU.exe
  C:\Windows\System\TlSwgsU.exe
  2⤵
  PID:4556
- C:\Windows\System\UfFmTgH.exe
  C:\Windows\System\UfFmTgH.exe
  2⤵
  PID:2036
- C:\Windows\System\GNONtgy.exe
  C:\Windows\System\GNONtgy.exe
  2⤵
  PID:4180
- C:\Windows\System\FZGNBMv.exe
  C:\Windows\System\FZGNBMv.exe
  2⤵
  PID:4260
- C:\Windows\System\JDlTMRu.exe
  C:\Windows\System\JDlTMRu.exe
  2⤵
  PID:4296
- C:\Windows\System\RUNkgvD.exe
  C:\Windows\System\RUNkgvD.exe
  2⤵
  PID:4440
- C:\Windows\System\HjOgEBg.exe
  C:\Windows\System\HjOgEBg.exe
  2⤵
  PID:4536
- C:\Windows\System\rktqZmz.exe
  C:\Windows\System\rktqZmz.exe
  2⤵
  PID:4460
- C:\Windows\System\zVhQsrd.exe
  C:\Windows\System\zVhQsrd.exe
  2⤵
  PID:4628
- C:\Windows\System\FsfdAlU.exe
  C:\Windows\System\FsfdAlU.exe
  2⤵
  PID:4972
- C:\Windows\System\cwXwWtp.exe
  C:\Windows\System\cwXwWtp.exe
  2⤵
  PID:4752
- C:\Windows\System\pquIqEb.exe
  C:\Windows\System\pquIqEb.exe
  2⤵
  PID:5064
- C:\Windows\System\VtQmHle.exe
  C:\Windows\System\VtQmHle.exe
  2⤵
  PID:2148
- C:\Windows\System\YcCkCRL.exe
  C:\Windows\System\YcCkCRL.exe
  2⤵
  PID:4284
- C:\Windows\System\fqrxHJB.exe
  C:\Windows\System\fqrxHJB.exe
  2⤵
  PID:5012
- C:\Windows\System\BwJMylB.exe
  C:\Windows\System\BwJMylB.exe
  2⤵
  PID:4160
- C:\Windows\System\LpBSmKF.exe
  C:\Windows\System\LpBSmKF.exe
  2⤵
  PID:4736
- C:\Windows\System\VbYQnaK.exe
  C:\Windows\System\VbYQnaK.exe
  2⤵
  PID:4776
- C:\Windows\System\wRKXuEK.exe
  C:\Windows\System\wRKXuEK.exe
  2⤵
  PID:4920
- C:\Windows\System\eHzEYui.exe
  C:\Windows\System\eHzEYui.exe
  2⤵
  PID:4980
- C:\Windows\System\RspAukU.exe
  C:\Windows\System\RspAukU.exe
  2⤵
  PID:2976
- C:\Windows\System\xOazLZV.exe
  C:\Windows\System\xOazLZV.exe
  2⤵
  PID:3560
- C:\Windows\System\LpIBnNG.exe
  C:\Windows\System\LpIBnNG.exe
  2⤵
  PID:4532
- C:\Windows\System\lqBvrQE.exe
  C:\Windows\System\lqBvrQE.exe
  2⤵
  PID:2896
- C:\Windows\System\KvnfvPr.exe
  C:\Windows\System\KvnfvPr.exe
  2⤵
  PID:4508
- C:\Windows\System\xCkIjiY.exe
  C:\Windows\System\xCkIjiY.exe
  2⤵
  PID:3924
- C:\Windows\System\kCFomkN.exe
  C:\Windows\System\kCFomkN.exe
  2⤵
  PID:4900
- C:\Windows\System\UvfOWpW.exe
  C:\Windows\System\UvfOWpW.exe
  2⤵
  PID:4696
- C:\Windows\System\vLcmoLM.exe
  C:\Windows\System\vLcmoLM.exe
  2⤵
  PID:1444
- C:\Windows\System\sPvuwfL.exe
  C:\Windows\System\sPvuwfL.exe
  2⤵
  PID:4732
- C:\Windows\System\qzvjShN.exe
  C:\Windows\System\qzvjShN.exe
  2⤵
  PID:4832
- C:\Windows\System\VIxhjCR.exe
  C:\Windows\System\VIxhjCR.exe
  2⤵
  PID:5128
- C:\Windows\System\xneCoUD.exe
  C:\Windows\System\xneCoUD.exe
  2⤵
  PID:5252
- C:\Windows\System\sPoTLsp.exe
  C:\Windows\System\sPoTLsp.exe
  2⤵
  PID:5268
- C:\Windows\System\xCurtPx.exe
  C:\Windows\System\xCurtPx.exe
  2⤵
  PID:5288
- C:\Windows\System\yPzPaHY.exe
  C:\Windows\System\yPzPaHY.exe
  2⤵
  PID:5308
- C:\Windows\System\CTDZOIx.exe
  C:\Windows\System\CTDZOIx.exe
  2⤵
  PID:5332
- C:\Windows\System\vSKOEKs.exe
  C:\Windows\System\vSKOEKs.exe
  2⤵
  PID:5348
- C:\Windows\System\RhCovlp.exe
  C:\Windows\System\RhCovlp.exe
  2⤵
  PID:5368
- C:\Windows\System\yLCdnAJ.exe
  C:\Windows\System\yLCdnAJ.exe
  2⤵
  PID:5384
- C:\Windows\System\PYSSkPL.exe
  C:\Windows\System\PYSSkPL.exe
  2⤵
  PID:5400
- C:\Windows\System\kYpymdd.exe
  C:\Windows\System\kYpymdd.exe
  2⤵
  PID:5416
- C:\Windows\System\pGRlYiq.exe
  C:\Windows\System\pGRlYiq.exe
  2⤵
  PID:5432
- C:\Windows\System\PKAxKZf.exe
  C:\Windows\System\PKAxKZf.exe
  2⤵
  PID:5452
- C:\Windows\System\AspWJYE.exe
  C:\Windows\System\AspWJYE.exe
  2⤵
  PID:5468
- C:\Windows\System\rGjiFzK.exe
  C:\Windows\System\rGjiFzK.exe
  2⤵
  PID:5484
- C:\Windows\System\stefycj.exe
  C:\Windows\System\stefycj.exe
  2⤵
  PID:5524
- C:\Windows\System\zyVLHbT.exe
  C:\Windows\System\zyVLHbT.exe
  2⤵
  PID:5540
- C:\Windows\System\rlqsPyf.exe
  C:\Windows\System\rlqsPyf.exe
  2⤵
  PID:5556
- C:\Windows\System\pGfrdWh.exe
  C:\Windows\System\pGfrdWh.exe
  2⤵
  PID:5588
- C:\Windows\System\gaJBaZQ.exe
  C:\Windows\System\gaJBaZQ.exe
  2⤵
  PID:5604
- C:\Windows\System\DgMAYCA.exe
  C:\Windows\System\DgMAYCA.exe
  2⤵
  PID:5620
- C:\Windows\System\sXOlMUO.exe
  C:\Windows\System\sXOlMUO.exe
  2⤵
  PID:5636
- C:\Windows\System\DaXNzAA.exe
  C:\Windows\System\DaXNzAA.exe
  2⤵
  PID:5652
- C:\Windows\System\wXabsma.exe
  C:\Windows\System\wXabsma.exe
  2⤵
  PID:5668
- C:\Windows\System\UOznoJF.exe
  C:\Windows\System\UOznoJF.exe
  2⤵
  PID:5684
- C:\Windows\System\VvdKheo.exe
  C:\Windows\System\VvdKheo.exe
  2⤵
  PID:5712
- C:\Windows\System\FyWrsti.exe
  C:\Windows\System\FyWrsti.exe
  2⤵
  PID:5728
- C:\Windows\System\zhiOEQq.exe
  C:\Windows\System\zhiOEQq.exe
  2⤵
  PID:5744
- C:\Windows\System\PfwepAz.exe
  C:\Windows\System\PfwepAz.exe
  2⤵
  PID:5764
- C:\Windows\System\yufnPIc.exe
  C:\Windows\System\yufnPIc.exe
  2⤵
  PID:5780
- C:\Windows\System\KTOJZNK.exe
  C:\Windows\System\KTOJZNK.exe
  2⤵
  PID:5828
- C:\Windows\System\rpOuVWk.exe
  C:\Windows\System\rpOuVWk.exe
  2⤵
  PID:5844
- C:\Windows\System\ZTTyYrC.exe
  C:\Windows\System\ZTTyYrC.exe
  2⤵
  PID:5864
- C:\Windows\System\XfBSzZv.exe
  C:\Windows\System\XfBSzZv.exe
  2⤵
  PID:5880
- C:\Windows\System\IywnMWC.exe
  C:\Windows\System\IywnMWC.exe
  2⤵
  PID:5896
- C:\Windows\System\mEzkJEO.exe
  C:\Windows\System\mEzkJEO.exe
  2⤵
  PID:5912
- C:\Windows\System\TBrbYnK.exe
  C:\Windows\System\TBrbYnK.exe
  2⤵
  PID:5960
- C:\Windows\System\ciAcOCE.exe
  C:\Windows\System\ciAcOCE.exe
  2⤵
  PID:5976
- C:\Windows\System\fEsdROZ.exe
  C:\Windows\System\fEsdROZ.exe
  2⤵
  PID:5996
- C:\Windows\System\oaFPNfn.exe
  C:\Windows\System\oaFPNfn.exe
  2⤵
  PID:6012
- C:\Windows\System\AbojGEz.exe
  C:\Windows\System\AbojGEz.exe
  2⤵
  PID:6032
- C:\Windows\System\xSLVUGZ.exe
  C:\Windows\System\xSLVUGZ.exe
  2⤵
  PID:6048
- C:\Windows\System\lqszvJG.exe
  C:\Windows\System\lqszvJG.exe
  2⤵
  PID:6068
- C:\Windows\System\XwvmpcR.exe
  C:\Windows\System\XwvmpcR.exe
  2⤵
  PID:6084
- C:\Windows\System\diLvnqb.exe
  C:\Windows\System\diLvnqb.exe
  2⤵
  PID:6100
- C:\Windows\System\UbncQvd.exe
  C:\Windows\System\UbncQvd.exe
  2⤵
  PID:6116
- C:\Windows\System\ClGjmnb.exe
  C:\Windows\System\ClGjmnb.exe
  2⤵
  PID:6132
- C:\Windows\System\kxPzEIO.exe
  C:\Windows\System\kxPzEIO.exe
  2⤵
  PID:4436
- C:\Windows\System\KgsJDHv.exe
  C:\Windows\System\KgsJDHv.exe
  2⤵
  PID:1992
- C:\Windows\System\lZgrBuY.exe
  C:\Windows\System\lZgrBuY.exe
  2⤵
  PID:5168
- C:\Windows\System\aNBBfnS.exe
  C:\Windows\System\aNBBfnS.exe
  2⤵
  PID:5172
- C:\Windows\System\NxjotZA.exe
  C:\Windows\System\NxjotZA.exe
  2⤵
  PID:5200
- C:\Windows\System\HaVYBhk.exe
  C:\Windows\System\HaVYBhk.exe
  2⤵
  PID:5216
- C:\Windows\System\FjYWgJX.exe
  C:\Windows\System\FjYWgJX.exe
  2⤵
  PID:5028
- C:\Windows\System\vnbRKRE.exe
  C:\Windows\System\vnbRKRE.exe
  2⤵
  PID:5240
- C:\Windows\System\kMRtnoa.exe
  C:\Windows\System\kMRtnoa.exe
  2⤵
  PID:4372
- C:\Windows\System\zNcVwDm.exe
  C:\Windows\System\zNcVwDm.exe
  2⤵
  PID:2068
- C:\Windows\System\HsRGISm.exe
  C:\Windows\System\HsRGISm.exe
  2⤵
  PID:4960
- C:\Windows\System\CUFUuVw.exe
  C:\Windows\System\CUFUuVw.exe
  2⤵
  PID:4848
- C:\Windows\System\cCgagbq.exe
  C:\Windows\System\cCgagbq.exe
  2⤵
  PID:3552
- C:\Windows\System\vVXtYlM.exe
  C:\Windows\System\vVXtYlM.exe
  2⤵
  PID:5264
- C:\Windows\System\xqoTTnp.exe
  C:\Windows\System\xqoTTnp.exe
  2⤵
  PID:5280
- C:\Windows\System\Gxqnfjd.exe
  C:\Windows\System\Gxqnfjd.exe
  2⤵
  PID:5324
- C:\Windows\System\aGUOMBZ.exe
  C:\Windows\System\aGUOMBZ.exe
  2⤵
  PID:5360
- C:\Windows\System\zEzKTjH.exe
  C:\Windows\System\zEzKTjH.exe
  2⤵
  PID:5424
- C:\Windows\System\jczFOiC.exe
  C:\Windows\System\jczFOiC.exe
  2⤵
  PID:5460
- C:\Windows\System\MHuywWT.exe
  C:\Windows\System\MHuywWT.exe
  2⤵
  PID:5448
- C:\Windows\System\pAVfure.exe
  C:\Windows\System\pAVfure.exe
  2⤵
  PID:5464
- C:\Windows\System\MYwhuIM.exe
  C:\Windows\System\MYwhuIM.exe
  2⤵
  PID:5500
- C:\Windows\System\NUbrxkw.exe
  C:\Windows\System\NUbrxkw.exe
  2⤵
  PID:5504
- C:\Windows\System\iRfBTVl.exe
  C:\Windows\System\iRfBTVl.exe
  2⤵
  PID:5576
- C:\Windows\System\ckHojDO.exe
  C:\Windows\System\ckHojDO.exe
  2⤵
  PID:5584
- C:\Windows\System\IIunViz.exe
  C:\Windows\System\IIunViz.exe
  2⤵
  PID:5600
- C:\Windows\System\taYUYMg.exe
  C:\Windows\System\taYUYMg.exe
  2⤵
  PID:5740
- C:\Windows\System\tAzRLst.exe
  C:\Windows\System\tAzRLst.exe
  2⤵
  PID:5680
- C:\Windows\System\LuZRWLi.exe
  C:\Windows\System\LuZRWLi.exe
  2⤵
  PID:5756
- C:\Windows\System\ulnaVze.exe
  C:\Windows\System\ulnaVze.exe
  2⤵
  PID:5776
- C:\Windows\System\VOLzDHT.exe
  C:\Windows\System\VOLzDHT.exe
  2⤵
  PID:5808
- C:\Windows\System\otfFhwM.exe
  C:\Windows\System\otfFhwM.exe
  2⤵
  PID:5872
- C:\Windows\System\tROhIiF.exe
  C:\Windows\System\tROhIiF.exe
  2⤵
  PID:5164
- C:\Windows\System\TDHDjzE.exe
  C:\Windows\System\TDHDjzE.exe
  2⤵
  PID:5824
- C:\Windows\System\qhLsNTg.exe
  C:\Windows\System\qhLsNTg.exe
  2⤵
  PID:5888
- C:\Windows\System\cUPPlpt.exe
  C:\Windows\System\cUPPlpt.exe
  2⤵
  PID:5932
- C:\Windows\System\JErHDFo.exe
  C:\Windows\System\JErHDFo.exe
  2⤵
  PID:5944
- C:\Windows\System\oQuEZjv.exe
  C:\Windows\System\oQuEZjv.exe
  2⤵
  PID:5972
- C:\Windows\System\UEGdwEM.exe
  C:\Windows\System\UEGdwEM.exe
  2⤵
  PID:5136
- C:\Windows\System\zqyJZdm.exe
  C:\Windows\System\zqyJZdm.exe
  2⤵
  PID:4864
- C:\Windows\System\veRNWGB.exe
  C:\Windows\System\veRNWGB.exe
  2⤵
  PID:5152
- C:\Windows\System\GrPrCcR.exe
  C:\Windows\System\GrPrCcR.exe
  2⤵
  PID:3820
- C:\Windows\System\BtsYqUl.exe
  C:\Windows\System\BtsYqUl.exe
  2⤵
  PID:4936
- C:\Windows\System\ynAIpIU.exe
  C:\Windows\System\ynAIpIU.exe
  2⤵
  PID:4772
- C:\Windows\System\JxfrBQX.exe
  C:\Windows\System\JxfrBQX.exe
  2⤵
  PID:5248
- C:\Windows\System\jdWriNU.exe
  C:\Windows\System\jdWriNU.exe
  2⤵
  PID:6056
- C:\Windows\System\aJmPYty.exe
  C:\Windows\System\aJmPYty.exe
  2⤵
  PID:6124
- C:\Windows\System\cnNOdAp.exe
  C:\Windows\System\cnNOdAp.exe
  2⤵
  PID:5184
- C:\Windows\System\XRfuTAC.exe
  C:\Windows\System\XRfuTAC.exe
  2⤵
  PID:3800
- C:\Windows\System\tnAKISB.exe
  C:\Windows\System\tnAKISB.exe
  2⤵
  PID:4456
- C:\Windows\System\zroPMol.exe
  C:\Windows\System\zroPMol.exe
  2⤵
  PID:4680
- C:\Windows\System\WJlZxeN.exe
  C:\Windows\System\WJlZxeN.exe
  2⤵
  PID:5320
- C:\Windows\System\fFzxDTS.exe
  C:\Windows\System\fFzxDTS.exe
  2⤵
  PID:5376
- C:\Windows\System\AXMaNTW.exe
  C:\Windows\System\AXMaNTW.exe
  2⤵
  PID:5552
- C:\Windows\System\jNlivte.exe
  C:\Windows\System\jNlivte.exe
  2⤵
  PID:5316
- C:\Windows\System\ELLVvZl.exe
  C:\Windows\System\ELLVvZl.exe
  2⤵
  PID:5444
- C:\Windows\System\UkXlstY.exe
  C:\Windows\System\UkXlstY.exe
  2⤵
  PID:5564
- C:\Windows\System\GHFlKKz.exe
  C:\Windows\System\GHFlKKz.exe
  2⤵
  PID:5660
- C:\Windows\System\qVpOJRm.exe
  C:\Windows\System\qVpOJRm.exe
  2⤵
  PID:5648
- C:\Windows\System\ZhfAmiF.exe
  C:\Windows\System\ZhfAmiF.exe
  2⤵
  PID:5724
- C:\Windows\System\gdxCbiR.exe
  C:\Windows\System\gdxCbiR.exe
  2⤵
  PID:5856
- C:\Windows\System\VcoOdEE.exe
  C:\Windows\System\VcoOdEE.exe
  2⤵
  PID:5988
- C:\Windows\System\ginchAL.exe
  C:\Windows\System\ginchAL.exe
  2⤵
  PID:5812
- C:\Windows\System\yVGtbKp.exe
  C:\Windows\System\yVGtbKp.exe
  2⤵
  PID:5952
- C:\Windows\System\NKzZWRF.exe
  C:\Windows\System\NKzZWRF.exe
  2⤵
  PID:6108
- C:\Windows\System\RFlvHTI.exe
  C:\Windows\System\RFlvHTI.exe
  2⤵
  PID:4204
- C:\Windows\System\eQfBxgY.exe
  C:\Windows\System\eQfBxgY.exe
  2⤵
  PID:4408
- C:\Windows\System\gblLePG.exe
  C:\Windows\System\gblLePG.exe
  2⤵
  PID:5144
- C:\Windows\System\rWJuIhV.exe
  C:\Windows\System\rWJuIhV.exe
  2⤵
  PID:3716
- C:\Windows\System\DEfLOxU.exe
  C:\Windows\System\DEfLOxU.exe
  2⤵
  PID:5228
- C:\Windows\System\iPNWElP.exe
  C:\Windows\System\iPNWElP.exe
  2⤵
  PID:1096
- C:\Windows\System\LugIKWt.exe
  C:\Windows\System\LugIKWt.exe
  2⤵
  PID:4660
- C:\Windows\System\UHehPkv.exe
  C:\Windows\System\UHehPkv.exe
  2⤵
  PID:5344
- C:\Windows\System\yYIBzJc.exe
  C:\Windows\System\yYIBzJc.exe
  2⤵
  PID:5260
- C:\Windows\System\jrQUDSU.exe
  C:\Windows\System\jrQUDSU.exe
  2⤵
  PID:5380
- C:\Windows\System\xHguJwM.exe
  C:\Windows\System\xHguJwM.exe
  2⤵
  PID:5632
- C:\Windows\System\VesTYUD.exe
  C:\Windows\System\VesTYUD.exe
  2⤵
  PID:5616
- C:\Windows\System\ASAcPLE.exe
  C:\Windows\System\ASAcPLE.exe
  2⤵
  PID:5536
- C:\Windows\System\zihaEJj.exe
  C:\Windows\System\zihaEJj.exe
  2⤵
  PID:5788
- C:\Windows\System\kvlkDwV.exe
  C:\Windows\System\kvlkDwV.exe
  2⤵
  PID:5904
- C:\Windows\System\NzdNnOU.exe
  C:\Windows\System\NzdNnOU.exe
  2⤵
  PID:5792
- C:\Windows\System\fAeVSMu.exe
  C:\Windows\System\fAeVSMu.exe
  2⤵
  PID:6004
- C:\Windows\System\LYIwBAi.exe
  C:\Windows\System\LYIwBAi.exe
  2⤵
  PID:4188
- C:\Windows\System\kKufwsW.exe
  C:\Windows\System\kKufwsW.exe
  2⤵
  PID:3876
- C:\Windows\System\mbZxOBw.exe
  C:\Windows\System\mbZxOBw.exe
  2⤵
  PID:5700
- C:\Windows\System\EfVALGF.exe
  C:\Windows\System\EfVALGF.exe
  2⤵
  PID:5852
- C:\Windows\System\BmCKUzs.exe
  C:\Windows\System\BmCKUzs.exe
  2⤵
  PID:5072
- C:\Windows\System\pbAzYhR.exe
  C:\Windows\System\pbAzYhR.exe
  2⤵
  PID:5836
- C:\Windows\System\hVLkUaa.exe
  C:\Windows\System\hVLkUaa.exe
  2⤵
  PID:6160
- C:\Windows\System\aOYGHTt.exe
  C:\Windows\System\aOYGHTt.exe
  2⤵
  PID:6176
- C:\Windows\System\lDZFOmr.exe
  C:\Windows\System\lDZFOmr.exe
  2⤵
  PID:6192
- C:\Windows\System\mpfXLtN.exe
  C:\Windows\System\mpfXLtN.exe
  2⤵
  PID:6208
- C:\Windows\System\ujGofdi.exe
  C:\Windows\System\ujGofdi.exe
  2⤵
  PID:6224
- C:\Windows\System\zGOjnJu.exe
  C:\Windows\System\zGOjnJu.exe
  2⤵
  PID:6240
- C:\Windows\System\UdziDFZ.exe
  C:\Windows\System\UdziDFZ.exe
  2⤵
  PID:6256
- C:\Windows\System\UGDHTtX.exe
  C:\Windows\System\UGDHTtX.exe
  2⤵
  PID:6272
- C:\Windows\System\dIqLOli.exe
  C:\Windows\System\dIqLOli.exe
  2⤵
  PID:6288
- C:\Windows\System\VUTQfNi.exe
  C:\Windows\System\VUTQfNi.exe
  2⤵
  PID:6304
- C:\Windows\System\VXEjHpT.exe
  C:\Windows\System\VXEjHpT.exe
  2⤵
  PID:6320
- C:\Windows\System\tfuRMqV.exe
  C:\Windows\System\tfuRMqV.exe
  2⤵
  PID:6336
- C:\Windows\System\cfjxbgY.exe
  C:\Windows\System\cfjxbgY.exe
  2⤵
  PID:6352
- C:\Windows\System\DvgbgmQ.exe
  C:\Windows\System\DvgbgmQ.exe
  2⤵
  PID:6368
- C:\Windows\System\aKElqsm.exe
  C:\Windows\System\aKElqsm.exe
  2⤵
  PID:6384
- C:\Windows\System\JZFtrKa.exe
  C:\Windows\System\JZFtrKa.exe
  2⤵
  PID:6400
- C:\Windows\System\sgoLqax.exe
  C:\Windows\System\sgoLqax.exe
  2⤵
  PID:6416
- C:\Windows\System\GJgDQJt.exe
  C:\Windows\System\GJgDQJt.exe
  2⤵
  PID:6436
- C:\Windows\System\MhzKpGX.exe
  C:\Windows\System\MhzKpGX.exe
  2⤵
  PID:6452
- C:\Windows\System\FocOVpX.exe
  C:\Windows\System\FocOVpX.exe
  2⤵
  PID:6468
- C:\Windows\System\UNjyFWg.exe
  C:\Windows\System\UNjyFWg.exe
  2⤵
  PID:6484
- C:\Windows\System\aFZQTib.exe
  C:\Windows\System\aFZQTib.exe
  2⤵
  PID:6500
- C:\Windows\System\zRGEtRQ.exe
  C:\Windows\System\zRGEtRQ.exe
  2⤵
  PID:6516
- C:\Windows\System\ZqkDiEa.exe
  C:\Windows\System\ZqkDiEa.exe
  2⤵
  PID:6532
- C:\Windows\System\GzUJXzW.exe
  C:\Windows\System\GzUJXzW.exe
  2⤵
  PID:6548
- C:\Windows\System\rLuvWkj.exe
  C:\Windows\System\rLuvWkj.exe
  2⤵
  PID:6564
- C:\Windows\System\NCAghDZ.exe
  C:\Windows\System\NCAghDZ.exe
  2⤵
  PID:6580
- C:\Windows\System\ShAJkJQ.exe
  C:\Windows\System\ShAJkJQ.exe
  2⤵
  PID:6608
- C:\Windows\System\kawLdBp.exe
  C:\Windows\System\kawLdBp.exe
  2⤵
  PID:6624
- C:\Windows\System\gQdgPDh.exe
  C:\Windows\System\gQdgPDh.exe
  2⤵
  PID:6640
- C:\Windows\System\gyVyPMY.exe
  C:\Windows\System\gyVyPMY.exe
  2⤵
  PID:6656
- C:\Windows\System\MMmaKKM.exe
  C:\Windows\System\MMmaKKM.exe
  2⤵
  PID:6672
- C:\Windows\System\LsyCIRn.exe
  C:\Windows\System\LsyCIRn.exe
  2⤵
  PID:6688
- C:\Windows\System\JHsVtBD.exe
  C:\Windows\System\JHsVtBD.exe
  2⤵
  PID:6704
- C:\Windows\System\OryjjuC.exe
  C:\Windows\System\OryjjuC.exe
  2⤵
  PID:6720
- C:\Windows\System\bRJqgLz.exe
  C:\Windows\System\bRJqgLz.exe
  2⤵
  PID:6736
- C:\Windows\System\COiHHmh.exe
  C:\Windows\System\COiHHmh.exe
  2⤵
  PID:6752
- C:\Windows\System\cBVtleo.exe
  C:\Windows\System\cBVtleo.exe
  2⤵
  PID:6768
- C:\Windows\System\tBWKgzq.exe
  C:\Windows\System\tBWKgzq.exe
  2⤵
  PID:6788
- C:\Windows\System\qIirlmW.exe
  C:\Windows\System\qIirlmW.exe
  2⤵
  PID:6804
- C:\Windows\System\gmjjJer.exe
  C:\Windows\System\gmjjJer.exe
  2⤵
  PID:6820
- C:\Windows\System\hHoHjXp.exe
  C:\Windows\System\hHoHjXp.exe
  2⤵
  PID:6836
- C:\Windows\System\CqOqXWW.exe
  C:\Windows\System\CqOqXWW.exe
  2⤵
  PID:6852
- C:\Windows\System\Izjglxu.exe
  C:\Windows\System\Izjglxu.exe
  2⤵
  PID:6868
- C:\Windows\System\yHKtlPL.exe
  C:\Windows\System\yHKtlPL.exe
  2⤵
  PID:6884
- C:\Windows\System\uVFWZBm.exe
  C:\Windows\System\uVFWZBm.exe
  2⤵
  PID:6904
- C:\Windows\System\gfcrsUL.exe
  C:\Windows\System\gfcrsUL.exe
  2⤵
  PID:6920
- C:\Windows\System\HMtCcsQ.exe
  C:\Windows\System\HMtCcsQ.exe
  2⤵
  PID:6936
- C:\Windows\System\HYDttse.exe
  C:\Windows\System\HYDttse.exe
  2⤵
  PID:6952
- C:\Windows\System\bVvGSha.exe
  C:\Windows\System\bVvGSha.exe
  2⤵
  PID:6968
- C:\Windows\System\GhXFuCf.exe
  C:\Windows\System\GhXFuCf.exe
  2⤵
  PID:6984
- C:\Windows\System\AzYduVU.exe
  C:\Windows\System\AzYduVU.exe
  2⤵
  PID:7000
- C:\Windows\System\jKvcwgw.exe
  C:\Windows\System\jKvcwgw.exe
  2⤵
  PID:7016
- C:\Windows\System\hNBGqoP.exe
  C:\Windows\System\hNBGqoP.exe
  2⤵
  PID:7032
- C:\Windows\System\iKZKNyU.exe
  C:\Windows\System\iKZKNyU.exe
  2⤵
  PID:7048
- C:\Windows\System\YbkNsir.exe
  C:\Windows\System\YbkNsir.exe
  2⤵
  PID:7064
- C:\Windows\System\orXoUvl.exe
  C:\Windows\System\orXoUvl.exe
  2⤵
  PID:7080
- C:\Windows\System\vAEZUjE.exe
  C:\Windows\System\vAEZUjE.exe
  2⤵
  PID:7096
- C:\Windows\System\HWufwfp.exe
  C:\Windows\System\HWufwfp.exe
  2⤵
  PID:7112
- C:\Windows\System\WXAODIh.exe
  C:\Windows\System\WXAODIh.exe
  2⤵
  PID:7128
- C:\Windows\System\BmPohGO.exe
  C:\Windows\System\BmPohGO.exe
  2⤵
  PID:7144
- C:\Windows\System\oBKpZNh.exe
  C:\Windows\System\oBKpZNh.exe
  2⤵
  PID:7160
- C:\Windows\System\nNmPVsQ.exe
  C:\Windows\System\nNmPVsQ.exe
  2⤵
  PID:6156
- C:\Windows\System\SwxFBOL.exe
  C:\Windows\System\SwxFBOL.exe
  2⤵
  PID:5520
- C:\Windows\System\aFgrLlk.exe
  C:\Windows\System\aFgrLlk.exe
  2⤵
  PID:5928
- C:\Windows\System\idNvUCP.exe
  C:\Windows\System\idNvUCP.exe
  2⤵
  PID:6008
- C:\Windows\System\lGnNwIw.exe
  C:\Windows\System\lGnNwIw.exe
  2⤵
  PID:4884
- C:\Windows\System\NHlZnAG.exe
  C:\Windows\System\NHlZnAG.exe
  2⤵
  PID:5596
- C:\Windows\System\qRtMnPG.exe
  C:\Windows\System\qRtMnPG.exe
  2⤵
  PID:5736
- C:\Windows\System\TTZHhUF.exe
  C:\Windows\System\TTZHhUF.exe
  2⤵
  PID:6220
- C:\Windows\System\rhdmiqs.exe
  C:\Windows\System\rhdmiqs.exe
  2⤵
  PID:6280
- C:\Windows\System\oivpRvV.exe
  C:\Windows\System\oivpRvV.exe
  2⤵
  PID:6080
- C:\Windows\System\AlKtmMo.exe
  C:\Windows\System\AlKtmMo.exe
  2⤵
  PID:5236
- C:\Windows\System\zdJDmBT.exe
  C:\Windows\System\zdJDmBT.exe
  2⤵
  PID:6264
- C:\Windows\System\rMZiUDR.exe
  C:\Windows\System\rMZiUDR.exe
  2⤵
  PID:6200
- C:\Windows\System\vmvsRap.exe
  C:\Windows\System\vmvsRap.exe
  2⤵
  PID:6376
- C:\Windows\System\EmhWWKs.exe
  C:\Windows\System\EmhWWKs.exe
  2⤵
  PID:6444
- C:\Windows\System\idyVzgX.exe
  C:\Windows\System\idyVzgX.exe
  2⤵
  PID:6508
- C:\Windows\System\EpsAPKY.exe
  C:\Windows\System\EpsAPKY.exe
  2⤵
  PID:6576
- C:\Windows\System\qCMZnEM.exe
  C:\Windows\System\qCMZnEM.exe
  2⤵
  PID:6528
- C:\Windows\System\dUHYeaY.exe
  C:\Windows\System\dUHYeaY.exe
  2⤵
  PID:6328
- C:\Windows\System\PgASsNV.exe
  C:\Windows\System\PgASsNV.exe
  2⤵
  PID:6632
- C:\Windows\System\zxenVEo.exe
  C:\Windows\System\zxenVEo.exe
  2⤵
  PID:6696
- C:\Windows\System\putyUuh.exe
  C:\Windows\System\putyUuh.exe
  2⤵
  PID:6760
- C:\Windows\System\RipiAHR.exe
  C:\Windows\System\RipiAHR.exe
  2⤵
  PID:6828
- C:\Windows\System\hwgoBNU.exe
  C:\Windows\System\hwgoBNU.exe
  2⤵
  PID:6392
- C:\Windows\System\dOpnljB.exe
  C:\Windows\System\dOpnljB.exe
  2⤵
  PID:6464
- C:\Windows\System\hPHjYoW.exe
  C:\Windows\System\hPHjYoW.exe
  2⤵
  PID:6892
- C:\Windows\System\vwdDcao.exe
  C:\Windows\System\vwdDcao.exe
  2⤵
  PID:6620
- C:\Windows\System\msvnkwm.exe
  C:\Windows\System\msvnkwm.exe
  2⤵
  PID:6684
- C:\Windows\System\TknZHGL.exe
  C:\Windows\System\TknZHGL.exe
  2⤵
  PID:6748
- C:\Windows\System\aatnvmb.exe
  C:\Windows\System\aatnvmb.exe
  2⤵
  PID:6816
- C:\Windows\System\jvfnGpx.exe
  C:\Windows\System\jvfnGpx.exe
  2⤵
  PID:6932
- C:\Windows\System\ETuZGEW.exe
  C:\Windows\System\ETuZGEW.exe
  2⤵
  PID:6996
- C:\Windows\System\GraEWVW.exe
  C:\Windows\System\GraEWVW.exe
  2⤵
  PID:7056
- C:\Windows\System\LsVFerx.exe
  C:\Windows\System\LsVFerx.exe
  2⤵
  PID:7152
- C:\Windows\System\mHeHtUE.exe
  C:\Windows\System\mHeHtUE.exe
  2⤵
  PID:5224
- C:\Windows\System\VXZnvkv.exe
  C:\Windows\System\VXZnvkv.exe
  2⤵
  PID:6912
- C:\Windows\System\qEEbqSM.exe
  C:\Windows\System\qEEbqSM.exe
  2⤵
  PID:6976
- C:\Windows\System\zREhkul.exe
  C:\Windows\System\zREhkul.exe
  2⤵
  PID:7044
- C:\Windows\System\AQcCTNt.exe
  C:\Windows\System\AQcCTNt.exe
  2⤵
  PID:7108
- C:\Windows\System\mcafGyV.exe
  C:\Windows\System\mcafGyV.exe
  2⤵
  PID:6152
- C:\Windows\System\LBwxjdQ.exe
  C:\Windows\System\LBwxjdQ.exe
  2⤵
  PID:5516
- C:\Windows\System\RpygQyV.exe
  C:\Windows\System\RpygQyV.exe
  2⤵
  PID:5800
- C:\Windows\System\PtoktHv.exe
  C:\Windows\System\PtoktHv.exe
  2⤵
  PID:6232
- C:\Windows\System\upqxVxX.exe
  C:\Windows\System\upqxVxX.exe
  2⤵
  PID:6064
- C:\Windows\System\uOxuJMj.exe
  C:\Windows\System\uOxuJMj.exe
  2⤵
  PID:2540
- C:\Windows\System\MHOKWKG.exe
  C:\Windows\System\MHOKWKG.exe
  2⤵
  PID:6476
- C:\Windows\System\WxVTOYB.exe
  C:\Windows\System\WxVTOYB.exe
  2⤵
  PID:6300
- C:\Windows\System\oMPQKSC.exe
  C:\Windows\System\oMPQKSC.exe
  2⤵
  PID:6860
- C:\Windows\System\HARKfCH.exe
  C:\Windows\System\HARKfCH.exe
  2⤵
  PID:6652
- C:\Windows\System\eRqUmON.exe
  C:\Windows\System\eRqUmON.exe
  2⤵
  PID:6960
- C:\Windows\System\ZwMIxhE.exe
  C:\Windows\System\ZwMIxhE.exe
  2⤵
  PID:6744
- C:\Windows\System\AGEJtol.exe
  C:\Windows\System\AGEJtol.exe
  2⤵
  PID:6876
- C:\Windows\System\ktiTuXF.exe
  C:\Windows\System\ktiTuXF.exe
  2⤵
  PID:7028
- C:\Windows\System\wbrCvBZ.exe
  C:\Windows\System\wbrCvBZ.exe
  2⤵
  PID:7012
- C:\Windows\System\CbwzCyZ.exe
  C:\Windows\System\CbwzCyZ.exe
  2⤵
  PID:6188
- C:\Windows\System\RUWgvvj.exe
  C:\Windows\System\RUWgvvj.exe
  2⤵
  PID:7076
- C:\Windows\System\HbSLQaS.exe
  C:\Windows\System\HbSLQaS.exe
  2⤵
  PID:5052
- C:\Windows\System\YqjuXAL.exe
  C:\Windows\System\YqjuXAL.exe
  2⤵
  PID:5696
- C:\Windows\System\xlIOBpd.exe
  C:\Windows\System\xlIOBpd.exe
  2⤵
  PID:6408
- C:\Windows\System\YhcvywD.exe
  C:\Windows\System\YhcvywD.exe
  2⤵
  PID:5644
- C:\Windows\System\TArSNzP.exe
  C:\Windows\System\TArSNzP.exe
  2⤵
  PID:6432
- C:\Windows\System\ZMAyNrl.exe
  C:\Windows\System\ZMAyNrl.exe
  2⤵
  PID:6732
- C:\Windows\System\IOMZXGg.exe
  C:\Windows\System\IOMZXGg.exe
  2⤵
  PID:6496
- C:\Windows\System\POUzxgv.exe
  C:\Windows\System\POUzxgv.exe
  2⤵
  PID:6964
- C:\Windows\System\ZcVhSYU.exe
  C:\Windows\System\ZcVhSYU.exe
  2⤵
  PID:6948
- C:\Windows\System\HcnvAbq.exe
  C:\Windows\System\HcnvAbq.exe
  2⤵
  PID:6848
- C:\Windows\System\STmiqFc.exe
  C:\Windows\System\STmiqFc.exe
  2⤵
  PID:7040
- C:\Windows\System\LIHmYPS.exe
  C:\Windows\System\LIHmYPS.exe
  2⤵
  PID:6540
- C:\Windows\System\wpeqokT.exe
  C:\Windows\System\wpeqokT.exe
  2⤵
  PID:6252
- C:\Windows\System\JFZeNDC.exe
  C:\Windows\System\JFZeNDC.exe
  2⤵
  PID:6784
- C:\Windows\System\gnHqHXW.exe
  C:\Windows\System\gnHqHXW.exe
  2⤵
  PID:6344
- C:\Windows\System\vBsLoAC.exe
  C:\Windows\System\vBsLoAC.exe
  2⤵
  PID:6728
- C:\Windows\System\sRJMIZD.exe
  C:\Windows\System\sRJMIZD.exe
  2⤵
  PID:7184
- C:\Windows\System\axPWBSx.exe
  C:\Windows\System\axPWBSx.exe
  2⤵
  PID:7200
- C:\Windows\System\KFDCTAN.exe
  C:\Windows\System\KFDCTAN.exe
  2⤵
  PID:7216
- C:\Windows\System\DAJUYlR.exe
  C:\Windows\System\DAJUYlR.exe
  2⤵
  PID:7232
- C:\Windows\System\gQqcFeh.exe
  C:\Windows\System\gQqcFeh.exe
  2⤵
  PID:7248
- C:\Windows\System\qLWhmod.exe
  C:\Windows\System\qLWhmod.exe
  2⤵
  PID:7264
- C:\Windows\System\YrJIESM.exe
  C:\Windows\System\YrJIESM.exe
  2⤵
  PID:7280
- C:\Windows\System\XZRfsAU.exe
  C:\Windows\System\XZRfsAU.exe
  2⤵
  PID:7296
- C:\Windows\System\cZKcozC.exe
  C:\Windows\System\cZKcozC.exe
  2⤵
  PID:7312
- C:\Windows\System\XCvpgqA.exe
  C:\Windows\System\XCvpgqA.exe
  2⤵
  PID:7328
- C:\Windows\System\BnCZYgY.exe
  C:\Windows\System\BnCZYgY.exe
  2⤵
  PID:7344
- C:\Windows\System\pXSBUbG.exe
  C:\Windows\System\pXSBUbG.exe
  2⤵
  PID:7360
- C:\Windows\System\gqlAeAO.exe
  C:\Windows\System\gqlAeAO.exe
  2⤵
  PID:7376
- C:\Windows\System\ORFkupo.exe
  C:\Windows\System\ORFkupo.exe
  2⤵
  PID:7392
- C:\Windows\System\zzxwuzy.exe
  C:\Windows\System\zzxwuzy.exe
  2⤵
  PID:7408
- C:\Windows\System\GpbgFLz.exe
  C:\Windows\System\GpbgFLz.exe
  2⤵
  PID:7424
- C:\Windows\System\kDJvVoj.exe
  C:\Windows\System\kDJvVoj.exe
  2⤵
  PID:7440
- C:\Windows\System\ArKwaED.exe
  C:\Windows\System\ArKwaED.exe
  2⤵
  PID:7456
- C:\Windows\System\oYzFaqY.exe
  C:\Windows\System\oYzFaqY.exe
  2⤵
  PID:7472
- C:\Windows\System\GhizRvM.exe
  C:\Windows\System\GhizRvM.exe
  2⤵
  PID:7492
- C:\Windows\System\nZWynyX.exe
  C:\Windows\System\nZWynyX.exe
  2⤵
  PID:7508
- C:\Windows\System\zQhiFCC.exe
  C:\Windows\System\zQhiFCC.exe
  2⤵
  PID:7524
- C:\Windows\System\XOZpiMB.exe
  C:\Windows\System\XOZpiMB.exe
  2⤵
  PID:7540
- C:\Windows\System\qNIiuBp.exe
  C:\Windows\System\qNIiuBp.exe
  2⤵
  PID:7556
- C:\Windows\System\tUWHJkc.exe
  C:\Windows\System\tUWHJkc.exe
  2⤵
  PID:7576
- C:\Windows\System\NDlhbcM.exe
  C:\Windows\System\NDlhbcM.exe
  2⤵
  PID:7592
- C:\Windows\System\wBRALlL.exe
  C:\Windows\System\wBRALlL.exe
  2⤵
  PID:7608
- C:\Windows\System\bpBqZNA.exe
  C:\Windows\System\bpBqZNA.exe
  2⤵
  PID:7624
- C:\Windows\System\wAXMfEt.exe
  C:\Windows\System\wAXMfEt.exe
  2⤵
  PID:7640
- C:\Windows\System\bhVegrg.exe
  C:\Windows\System\bhVegrg.exe
  2⤵
  PID:7656
- C:\Windows\System\sGRfqOS.exe
  C:\Windows\System\sGRfqOS.exe
  2⤵
  PID:7672
- C:\Windows\System\DWvtgiF.exe
  C:\Windows\System\DWvtgiF.exe
  2⤵
  PID:7688
- C:\Windows\System\OZrStBz.exe
  C:\Windows\System\OZrStBz.exe
  2⤵
  PID:7704
- C:\Windows\System\blWxMje.exe
  C:\Windows\System\blWxMje.exe
  2⤵
  PID:7720
- C:\Windows\System\VmoZnGM.exe
  C:\Windows\System\VmoZnGM.exe
  2⤵
  PID:7736
- C:\Windows\System\RHpEjZx.exe
  C:\Windows\System\RHpEjZx.exe
  2⤵
  PID:7752
- C:\Windows\System\QtprxgS.exe
  C:\Windows\System\QtprxgS.exe
  2⤵
  PID:7768
- C:\Windows\System\qPIhrOi.exe
  C:\Windows\System\qPIhrOi.exe
  2⤵
  PID:7784
- C:\Windows\System\HDDidfj.exe
  C:\Windows\System\HDDidfj.exe
  2⤵
  PID:7800
- C:\Windows\System\FBuuHwh.exe
  C:\Windows\System\FBuuHwh.exe
  2⤵
  PID:7816
- C:\Windows\System\LukXVaT.exe
  C:\Windows\System\LukXVaT.exe
  2⤵
  PID:7832
- C:\Windows\System\sVYZegR.exe
  C:\Windows\System\sVYZegR.exe
  2⤵
  PID:7848
- C:\Windows\System\LSlDBWE.exe
  C:\Windows\System\LSlDBWE.exe
  2⤵
  PID:7864
- C:\Windows\System\HPnaCSz.exe
  C:\Windows\System\HPnaCSz.exe
  2⤵
  PID:7880
- C:\Windows\System\NEdYUFF.exe
  C:\Windows\System\NEdYUFF.exe
  2⤵
  PID:7896
- C:\Windows\System\KAkxiHV.exe
  C:\Windows\System\KAkxiHV.exe
  2⤵
  PID:7912
- C:\Windows\System\qxogEnn.exe
  C:\Windows\System\qxogEnn.exe
  2⤵
  PID:7928
- C:\Windows\System\cIcaKmN.exe
  C:\Windows\System\cIcaKmN.exe
  2⤵
  PID:7944
- C:\Windows\System\clOeXso.exe
  C:\Windows\System\clOeXso.exe
  2⤵
  PID:7960
- C:\Windows\System\CzSqiHW.exe
  C:\Windows\System\CzSqiHW.exe
  2⤵
  PID:7976
- C:\Windows\System\GuqwEHm.exe
  C:\Windows\System\GuqwEHm.exe
  2⤵
  PID:7992
- C:\Windows\System\jvGjaZK.exe
  C:\Windows\System\jvGjaZK.exe
  2⤵
  PID:8008
- C:\Windows\System\VrYQffa.exe
  C:\Windows\System\VrYQffa.exe
  2⤵
  PID:8024
- C:\Windows\System\pavEWww.exe
  C:\Windows\System\pavEWww.exe
  2⤵
  PID:8040
- C:\Windows\System\hrjHpEC.exe
  C:\Windows\System\hrjHpEC.exe
  2⤵
  PID:8056
- C:\Windows\System\tVBEVcz.exe
  C:\Windows\System\tVBEVcz.exe
  2⤵
  PID:8072
- C:\Windows\System\hMuCefd.exe
  C:\Windows\System\hMuCefd.exe
  2⤵
  PID:8088
- C:\Windows\System\PKkIkpQ.exe
  C:\Windows\System\PKkIkpQ.exe
  2⤵
  PID:8104
- C:\Windows\System\pFvJHCD.exe
  C:\Windows\System\pFvJHCD.exe
  2⤵
  PID:8120
- C:\Windows\System\ZrXercI.exe
  C:\Windows\System\ZrXercI.exe
  2⤵
  PID:8136
- C:\Windows\System\KpMlRHp.exe
  C:\Windows\System\KpMlRHp.exe
  2⤵
  PID:8152
- C:\Windows\System\tAgwjEv.exe
  C:\Windows\System\tAgwjEv.exe
  2⤵
  PID:8168
- C:\Windows\System\maPFymr.exe
  C:\Windows\System\maPFymr.exe
  2⤵
  PID:8184
- C:\Windows\System\SrrTQop.exe
  C:\Windows\System\SrrTQop.exe
  2⤵
  PID:6460
- C:\Windows\System\CRQcerq.exe
  C:\Windows\System\CRQcerq.exe
  2⤵
  PID:7008
- C:\Windows\System\XWzDGxr.exe
  C:\Windows\System\XWzDGxr.exe
  2⤵
  PID:6316
- C:\Windows\System\HcHfJEQ.exe
  C:\Windows\System\HcHfJEQ.exe
  2⤵
  PID:7196
- C:\Windows\System\ULgWCPb.exe
  C:\Windows\System\ULgWCPb.exe
  2⤵
  PID:7256
- C:\Windows\System\sCsybie.exe
  C:\Windows\System\sCsybie.exe
  2⤵
  PID:7292
- C:\Windows\System\LUDXfZu.exe
  C:\Windows\System\LUDXfZu.exe
  2⤵
  PID:7352
- C:\Windows\System\KbPYNwI.exe
  C:\Windows\System\KbPYNwI.exe
  2⤵
  PID:7388
- C:\Windows\System\IwLpaUM.exe
  C:\Windows\System\IwLpaUM.exe
  2⤵
  PID:7452
- C:\Windows\System\FtTtYCs.exe
  C:\Windows\System\FtTtYCs.exe
  2⤵
  PID:7240
- C:\Windows\System\ytHovVT.exe
  C:\Windows\System\ytHovVT.exe
  2⤵
  PID:7464
- C:\Windows\System\nVVlzNv.exe
  C:\Windows\System\nVVlzNv.exe
  2⤵
  PID:7400
- C:\Windows\System\dPSDfYS.exe
  C:\Windows\System\dPSDfYS.exe
  2⤵
  PID:7336
- C:\Windows\System\pfsFsTf.exe
  C:\Windows\System\pfsFsTf.exe
  2⤵
  PID:7520
- C:\Windows\System\EojELGG.exe
  C:\Windows\System\EojELGG.exe
  2⤵
  PID:7584
- C:\Windows\System\hRUgUeX.exe
  C:\Windows\System\hRUgUeX.exe
  2⤵
  PID:7648
- C:\Windows\System\GlnTSbR.exe
  C:\Windows\System\GlnTSbR.exe
  2⤵
  PID:7712
- C:\Windows\System\UFkprbF.exe
  C:\Windows\System\UFkprbF.exe
  2⤵
  PID:7536
- C:\Windows\System\auhXGCX.exe
  C:\Windows\System\auhXGCX.exe
  2⤵
  PID:7780
- C:\Windows\System\UWQHKPC.exe
  C:\Windows\System\UWQHKPC.exe
  2⤵
  PID:7844
- C:\Windows\System\DvjKthv.exe
  C:\Windows\System\DvjKthv.exe
  2⤵
  PID:7908
- C:\Windows\System\LIihLPu.exe
  C:\Windows\System\LIihLPu.exe
  2⤵
  PID:7568
- C:\Windows\System\umOjmhO.exe
  C:\Windows\System\umOjmhO.exe
  2⤵
  PID:8032
- C:\Windows\System\VtFoVZG.exe
  C:\Windows\System\VtFoVZG.exe
  2⤵
  PID:8064
- C:\Windows\System\UaFTXDe.exe
  C:\Windows\System\UaFTXDe.exe
  2⤵
  PID:8128
- C:\Windows\System\BjIcKmS.exe
  C:\Windows\System\BjIcKmS.exe
  2⤵
  PID:6616
- C:\Windows\System\HkwouSZ.exe
  C:\Windows\System\HkwouSZ.exe
  2⤵
  PID:7208
- C:\Windows\System\AawByOM.exe
  C:\Windows\System\AawByOM.exe
  2⤵
  PID:7420
- C:\Windows\System\trWTlEs.exe
  C:\Windows\System\trWTlEs.exe
  2⤵
  PID:7368
- C:\Windows\System\hOJPoWP.exe
  C:\Windows\System\hOJPoWP.exe
  2⤵
  PID:7680
- C:\Windows\System\wfZdfUK.exe
  C:\Windows\System\wfZdfUK.exe
  2⤵
  PID:7776
- C:\Windows\System\piYpxyu.exe
  C:\Windows\System\piYpxyu.exe
  2⤵
  PID:7572
- C:\Windows\System\rTsSPub.exe
  C:\Windows\System\rTsSPub.exe
  2⤵
  PID:7664
- C:\Windows\System\rWkQWQa.exe
  C:\Windows\System\rWkQWQa.exe
  2⤵
  PID:7728
- C:\Windows\System\EHuyFIt.exe
  C:\Windows\System\EHuyFIt.exe
  2⤵
  PID:7760
- C:\Windows\System\BKtuFMU.exe
  C:\Windows\System\BKtuFMU.exe
  2⤵
  PID:7432
- C:\Windows\System\MTaNgYX.exe
  C:\Windows\System\MTaNgYX.exe
  2⤵
  PID:7828
- C:\Windows\System\azgvWEf.exe
  C:\Windows\System\azgvWEf.exe
  2⤵
  PID:7924
- C:\Windows\System\RshbGgf.exe
  C:\Windows\System\RshbGgf.exe
  2⤵
  PID:8080
- C:\Windows\System\iCmSElN.exe
  C:\Windows\System\iCmSElN.exe
  2⤵
  PID:8020
- C:\Windows\System\JCFItGJ.exe
  C:\Windows\System\JCFItGJ.exe
  2⤵
  PID:8176
- C:\Windows\System\tUiujVk.exe
  C:\Windows\System\tUiujVk.exe
  2⤵
  PID:7228
- C:\Windows\System\ZrxmbIG.exe
  C:\Windows\System\ZrxmbIG.exe
  2⤵
  PID:8096
- C:\Windows\System\PPDBmhu.exe
  C:\Windows\System\PPDBmhu.exe
  2⤵
  PID:6716
- C:\Windows\System\HpUQmeG.exe
  C:\Windows\System\HpUQmeG.exe
  2⤵
  PID:7468
- C:\Windows\System\JipUXvO.exe
  C:\Windows\System\JipUXvO.exe
  2⤵
  PID:7620
- C:\Windows\System\FlHlhYC.exe
  C:\Windows\System\FlHlhYC.exe
  2⤵
  PID:7968
- C:\Windows\System\YvRTtfM.exe
  C:\Windows\System\YvRTtfM.exe
  2⤵
  PID:7696
- C:\Windows\System\igpURiu.exe
  C:\Windows\System\igpURiu.exe
  2⤵
  PID:7324
- C:\Windows\System\TnQLpte.exe
  C:\Windows\System\TnQLpte.exe
  2⤵
  PID:7356
- C:\Windows\System\QgdZDvO.exe
  C:\Windows\System\QgdZDvO.exe
  2⤵
  PID:7632
- C:\Windows\System\xWXCMap.exe
  C:\Windows\System\xWXCMap.exe
  2⤵
  PID:6360
- C:\Windows\System\XWmsCrw.exe
  C:\Windows\System\XWmsCrw.exe
  2⤵
  PID:7824
- C:\Windows\System\eWSaCwH.exe
  C:\Windows\System\eWSaCwH.exe
  2⤵
  PID:7920
- C:\Windows\System\ugLYjYg.exe
  C:\Windows\System\ugLYjYg.exe
  2⤵
  PID:8004
- C:\Windows\System\nAgLBsA.exe
  C:\Windows\System\nAgLBsA.exe
  2⤵
  PID:7176
- C:\Windows\System\Knngjkp.exe
  C:\Windows\System\Knngjkp.exe
  2⤵
  PID:8048
- C:\Windows\System\pUhXFJt.exe
  C:\Windows\System\pUhXFJt.exe
  2⤵
  PID:7940
- C:\Windows\System\KWuNZAY.exe
  C:\Windows\System\KWuNZAY.exe
  2⤵
  PID:7840
- C:\Windows\System\AcsjIoT.exe
  C:\Windows\System\AcsjIoT.exe
  2⤵
  PID:7552
- C:\Windows\System\EkqbRfb.exe
  C:\Windows\System\EkqbRfb.exe
  2⤵
  PID:7244
- C:\Windows\System\zBeVvwQ.exe
  C:\Windows\System\zBeVvwQ.exe
  2⤵
  PID:6588
- C:\Windows\System\voJPTbT.exe
  C:\Windows\System\voJPTbT.exe
  2⤵
  PID:7404
- C:\Windows\System\eCZCLXX.exe
  C:\Windows\System\eCZCLXX.exe
  2⤵
  PID:7888
- C:\Windows\System\MHuSiBm.exe
  C:\Windows\System\MHuSiBm.exe
  2⤵
  PID:8052
- C:\Windows\System\tHAFLbN.exe
  C:\Windows\System\tHAFLbN.exe
  2⤵
  PID:8196
- C:\Windows\System\kdvfsBT.exe
  C:\Windows\System\kdvfsBT.exe
  2⤵
  PID:8212
- C:\Windows\System\fpcbEWJ.exe
  C:\Windows\System\fpcbEWJ.exe
  2⤵
  PID:8228
- C:\Windows\System\uLhtqDs.exe
  C:\Windows\System\uLhtqDs.exe
  2⤵
  PID:8248
- C:\Windows\System\DriYiWC.exe
  C:\Windows\System\DriYiWC.exe
  2⤵
  PID:8264
- C:\Windows\System\YJafSVu.exe
  C:\Windows\System\YJafSVu.exe
  2⤵
  PID:8280
- C:\Windows\System\dtLpmKU.exe
  C:\Windows\System\dtLpmKU.exe
  2⤵
  PID:8296
- C:\Windows\System\UCeflsl.exe
  C:\Windows\System\UCeflsl.exe
  2⤵
  PID:8312
- C:\Windows\System\LRxEmQK.exe
  C:\Windows\System\LRxEmQK.exe
  2⤵
  PID:8328
- C:\Windows\System\lWiDeBH.exe
  C:\Windows\System\lWiDeBH.exe
  2⤵
  PID:8344
- C:\Windows\System\WlpRXYI.exe
  C:\Windows\System\WlpRXYI.exe
  2⤵
  PID:8360
- C:\Windows\System\VLgOBoX.exe
  C:\Windows\System\VLgOBoX.exe
  2⤵
  PID:8376
- C:\Windows\System\BOXZsUm.exe
  C:\Windows\System\BOXZsUm.exe
  2⤵
  PID:8392
- C:\Windows\System\fsYVYfd.exe
  C:\Windows\System\fsYVYfd.exe
  2⤵
  PID:8408
- C:\Windows\System\VUANMzp.exe
  C:\Windows\System\VUANMzp.exe
  2⤵
  PID:8424
- C:\Windows\System\OcaDEzw.exe
  C:\Windows\System\OcaDEzw.exe
  2⤵
  PID:8440
- C:\Windows\System\pMppMlT.exe
  C:\Windows\System\pMppMlT.exe
  2⤵
  PID:8456
- C:\Windows\System\oYdLgos.exe
  C:\Windows\System\oYdLgos.exe
  2⤵
  PID:8472
- C:\Windows\System\QrKUKYz.exe
  C:\Windows\System\QrKUKYz.exe
  2⤵
  PID:8488
- C:\Windows\System\pyyOUla.exe
  C:\Windows\System\pyyOUla.exe
  2⤵
  PID:8504
- C:\Windows\System\mRZNdsu.exe
  C:\Windows\System\mRZNdsu.exe
  2⤵
  PID:8520
- C:\Windows\System\tAuVyyx.exe
  C:\Windows\System\tAuVyyx.exe
  2⤵
  PID:8536
- C:\Windows\System\DojxnFK.exe
  C:\Windows\System\DojxnFK.exe
  2⤵
  PID:8552
- C:\Windows\System\xRTfZWh.exe
  C:\Windows\System\xRTfZWh.exe
  2⤵
  PID:8568
- C:\Windows\System\mpEDLnR.exe
  C:\Windows\System\mpEDLnR.exe
  2⤵
  PID:8584
- C:\Windows\System\rQQeJVk.exe
  C:\Windows\System\rQQeJVk.exe
  2⤵
  PID:8600
- C:\Windows\System\gdctybs.exe
  C:\Windows\System\gdctybs.exe
  2⤵
  PID:8616
- C:\Windows\System\tBWOpDx.exe
  C:\Windows\System\tBWOpDx.exe
  2⤵
  PID:8632
- C:\Windows\System\KCzDDZo.exe
  C:\Windows\System\KCzDDZo.exe
  2⤵
  PID:8648
- C:\Windows\System\rlriKbl.exe
  C:\Windows\System\rlriKbl.exe
  2⤵
  PID:8664
- C:\Windows\System\EuVAaVP.exe
  C:\Windows\System\EuVAaVP.exe
  2⤵
  PID:8680
- C:\Windows\System\rymEbvf.exe
  C:\Windows\System\rymEbvf.exe
  2⤵
  PID:8696
- C:\Windows\System\JYYQHSq.exe
  C:\Windows\System\JYYQHSq.exe
  2⤵
  PID:8712
- C:\Windows\System\ooaKgmu.exe
  C:\Windows\System\ooaKgmu.exe
  2⤵
  PID:8732
- C:\Windows\System\FNZqZgu.exe
  C:\Windows\System\FNZqZgu.exe
  2⤵
  PID:8748
- C:\Windows\System\dPKrkOQ.exe
  C:\Windows\System\dPKrkOQ.exe
  2⤵
  PID:8764
- C:\Windows\System\jDQeoUW.exe
  C:\Windows\System\jDQeoUW.exe
  2⤵
  PID:8780
- C:\Windows\System\RGLSlJr.exe
  C:\Windows\System\RGLSlJr.exe
  2⤵
  PID:8796
- C:\Windows\System\ZqPgKyc.exe
  C:\Windows\System\ZqPgKyc.exe
  2⤵
  PID:8812
- C:\Windows\System\pRrlllc.exe
  C:\Windows\System\pRrlllc.exe
  2⤵
  PID:8828
- C:\Windows\System\DrpKXCo.exe
  C:\Windows\System\DrpKXCo.exe
  2⤵
  PID:8844
- C:\Windows\System\WjnGEwm.exe
  C:\Windows\System\WjnGEwm.exe
  2⤵
  PID:8860
- C:\Windows\System\XPgHlHO.exe
  C:\Windows\System\XPgHlHO.exe
  2⤵
  PID:8876
- C:\Windows\System\MwvsadZ.exe
  C:\Windows\System\MwvsadZ.exe
  2⤵
  PID:8892
- C:\Windows\System\tCgNnCu.exe
  C:\Windows\System\tCgNnCu.exe
  2⤵
  PID:8908
- C:\Windows\System\kvobLDv.exe
  C:\Windows\System\kvobLDv.exe
  2⤵
  PID:8924
- C:\Windows\System\KaMjVRm.exe
  C:\Windows\System\KaMjVRm.exe
  2⤵
  PID:8940
- C:\Windows\System\zqapZOE.exe
  C:\Windows\System\zqapZOE.exe
  2⤵
  PID:8956
- C:\Windows\System\HiAKKsQ.exe
  C:\Windows\System\HiAKKsQ.exe
  2⤵
  PID:8972
- C:\Windows\System\VegsVHl.exe
  C:\Windows\System\VegsVHl.exe
  2⤵
  PID:8988
- C:\Windows\System\UwRHZyL.exe
  C:\Windows\System\UwRHZyL.exe
  2⤵
  PID:9004
- C:\Windows\System\HhEDAVv.exe
  C:\Windows\System\HhEDAVv.exe
  2⤵
  PID:9020
- C:\Windows\System\PugrDaf.exe
  C:\Windows\System\PugrDaf.exe
  2⤵
  PID:9036
- C:\Windows\System\gLuJHLH.exe
  C:\Windows\System\gLuJHLH.exe
  2⤵
  PID:9076
- C:\Windows\System\OKDptEb.exe
  C:\Windows\System\OKDptEb.exe
  2⤵
  PID:9096
- C:\Windows\System\vQJFOJx.exe
  C:\Windows\System\vQJFOJx.exe
  2⤵
  PID:9120
- C:\Windows\System\veSXPdJ.exe
  C:\Windows\System\veSXPdJ.exe
  2⤵
  PID:9140
- C:\Windows\System\gGLZfLr.exe
  C:\Windows\System\gGLZfLr.exe
  2⤵
  PID:9156
- C:\Windows\System\tfmtfSO.exe
  C:\Windows\System\tfmtfSO.exe
  2⤵
  PID:9176
- C:\Windows\System\sxLTyYW.exe
  C:\Windows\System\sxLTyYW.exe
  2⤵
  PID:9192
- C:\Windows\System\zrhgWZW.exe
  C:\Windows\System\zrhgWZW.exe
  2⤵
  PID:9212
- C:\Windows\System\WMXYvRo.exe
  C:\Windows\System\WMXYvRo.exe
  2⤵
  PID:7616
- C:\Windows\System\bmdMwPA.exe
  C:\Windows\System\bmdMwPA.exe
  2⤵
  PID:8240
- C:\Windows\System\AWKtpWx.exe
  C:\Windows\System\AWKtpWx.exe
  2⤵
  PID:8336
- C:\Windows\System\pJPEmCg.exe
  C:\Windows\System\pJPEmCg.exe
  2⤵
  PID:8400
- C:\Windows\System\scgvzBx.exe
  C:\Windows\System\scgvzBx.exe
  2⤵
  PID:7700
- C:\Windows\System\DpFDcXA.exe
  C:\Windows\System\DpFDcXA.exe
  2⤵
  PID:8224
- C:\Windows\System\tHHblyL.exe
  C:\Windows\System\tHHblyL.exe
  2⤵
  PID:8320
- C:\Windows\System\tjrdPPk.exe
  C:\Windows\System\tjrdPPk.exe
  2⤵
  PID:8388
- C:\Windows\System\qHzdoDz.exe
  C:\Windows\System\qHzdoDz.exe
  2⤵
  PID:8464
- C:\Windows\System\iDWQJGU.exe
  C:\Windows\System\iDWQJGU.exe
  2⤵
  PID:8532
- C:\Windows\System\jSpQZuh.exe
  C:\Windows\System\jSpQZuh.exe
  2⤵
  PID:8624
- C:\Windows\System\GXCZUlR.exe
  C:\Windows\System\GXCZUlR.exe
  2⤵
  PID:8628
- C:\Windows\System\LGyBKRi.exe
  C:\Windows\System\LGyBKRi.exe
  2⤵
  PID:8660
- C:\Windows\System\XUspALD.exe
  C:\Windows\System\XUspALD.exe
  2⤵
  PID:8728
- C:\Windows\System\iEcbCqI.exe
  C:\Windows\System\iEcbCqI.exe
  2⤵
  PID:8548
- C:\Windows\System\QwzFgJP.exe
  C:\Windows\System\QwzFgJP.exe
  2⤵
  PID:8672
- C:\Windows\System\YMiHrKI.exe
  C:\Windows\System\YMiHrKI.exe
  2⤵
  PID:8760
- C:\Windows\System\CnykkSj.exe
  C:\Windows\System\CnykkSj.exe
  2⤵
  PID:8788
- C:\Windows\System\VBuNuHa.exe
  C:\Windows\System\VBuNuHa.exe
  2⤵
  PID:8852
- C:\Windows\System\wDcuNui.exe
  C:\Windows\System\wDcuNui.exe
  2⤵
  PID:8884
- C:\Windows\System\wAQWSqM.exe
  C:\Windows\System\wAQWSqM.exe
  2⤵
  PID:8916
- C:\Windows\System\OTElIWV.exe
  C:\Windows\System\OTElIWV.exe
  2⤵
  PID:8952
- C:\Windows\System\NuLcyoV.exe
  C:\Windows\System\NuLcyoV.exe
  2⤵
  PID:8936
- C:\Windows\System\wllgEit.exe
  C:\Windows\System\wllgEit.exe
  2⤵
  PID:9012
- C:\Windows\System\GjwBBOV.exe
  C:\Windows\System\GjwBBOV.exe
  2⤵
  PID:9032
- C:\Windows\System\ecbvsEG.exe
  C:\Windows\System\ecbvsEG.exe
  2⤵
  PID:9056
- C:\Windows\System\cLlrUuq.exe
  C:\Windows\System\cLlrUuq.exe
  2⤵
  PID:9088
- C:\Windows\System\UluznWz.exe
  C:\Windows\System\UluznWz.exe
  2⤵
  PID:9104
- C:\Windows\System\DfUpCdZ.exe
  C:\Windows\System\DfUpCdZ.exe
  2⤵
  PID:9152
- C:\Windows\System\vSPhYSl.exe
  C:\Windows\System\vSPhYSl.exe
  2⤵
  PID:7564
- C:\Windows\System\OlAuUYi.exe
  C:\Windows\System\OlAuUYi.exe
  2⤵
  PID:9200
- C:\Windows\System\WquxKMi.exe
  C:\Windows\System\WquxKMi.exe
  2⤵
  PID:8308
- C:\Windows\System\mXqQvkY.exe
  C:\Windows\System\mXqQvkY.exe
  2⤵
  PID:8208
- C:\Windows\System\beMqKWH.exe
  C:\Windows\System\beMqKWH.exe
  2⤵
  PID:8432
- C:\Windows\System\JknoEle.exe
  C:\Windows\System\JknoEle.exe
  2⤵
  PID:8356
- C:\Windows\System\vKJuKjd.exe
  C:\Windows\System\vKJuKjd.exe
  2⤵
  PID:8612
- C:\Windows\System\LUvyPtB.exe
  C:\Windows\System\LUvyPtB.exe
  2⤵
  PID:8776
- C:\Windows\System\gWOqGUm.exe
  C:\Windows\System\gWOqGUm.exe
  2⤵
  PID:8580
- C:\Windows\System\mjoYfnD.exe
  C:\Windows\System\mjoYfnD.exe
  2⤵
  PID:8996
- C:\Windows\System\ieUhTVT.exe
  C:\Windows\System\ieUhTVT.exe
  2⤵
  PID:9064
- C:\Windows\System\SsbSnFE.exe
  C:\Windows\System\SsbSnFE.exe
  2⤵
  PID:8968
- C:\Windows\System\ymzgXtK.exe
  C:\Windows\System\ymzgXtK.exe
  2⤵
  PID:8984
- C:\Windows\System\wKSSRlV.exe
  C:\Windows\System\wKSSRlV.exe
  2⤵
  PID:8948
- C:\Windows\System\bPzPbyN.exe
  C:\Windows\System\bPzPbyN.exe
  2⤵
  PID:8980
- C:\Windows\System\FCNfbck.exe
  C:\Windows\System\FCNfbck.exe
  2⤵
  PID:8276
- C:\Windows\System\VdecRDA.exe
  C:\Windows\System\VdecRDA.exe
  2⤵
  PID:8564
- C:\Windows\System\afQqUXr.exe
  C:\Windows\System\afQqUXr.exe
  2⤵
  PID:8500
- C:\Windows\System\TxcgMJB.exe
  C:\Windows\System\TxcgMJB.exe
  2⤵
  PID:8448
- C:\Windows\System\VeYqYhg.exe
  C:\Windows\System\VeYqYhg.exe
  2⤵
  PID:8820
- C:\Windows\System\ymKJIWb.exe
  C:\Windows\System\ymKJIWb.exe
  2⤵
  PID:9028
- C:\Windows\System\nSkFLDd.exe
  C:\Windows\System\nSkFLDd.exe
  2⤵
  PID:9072
- C:\Windows\System\AlGSSWz.exe
  C:\Windows\System\AlGSSWz.exe
  2⤵
  PID:9112
- C:\Windows\System\BYIvckZ.exe
  C:\Windows\System\BYIvckZ.exe
  2⤵
  PID:9164
- C:\Windows\System\CBnkfum.exe
  C:\Windows\System\CBnkfum.exe
  2⤵
  PID:9048
- C:\Windows\System\dpwYGZX.exe
  C:\Windows\System\dpwYGZX.exe
  2⤵
  PID:8772
- C:\Windows\System\iaiwUwE.exe
  C:\Windows\System\iaiwUwE.exe
  2⤵
  PID:8292
- C:\Windows\System\PKDwZsX.exe
  C:\Windows\System\PKDwZsX.exe
  2⤵
  PID:8204
- C:\Windows\System\ekEYgOh.exe
  C:\Windows\System\ekEYgOh.exe
  2⤵
  PID:8436
- C:\Windows\System\qPnYpXL.exe
  C:\Windows\System\qPnYpXL.exe
  2⤵
  PID:8676
- C:\Windows\System\ufRwlPW.exe
  C:\Windows\System\ufRwlPW.exe
  2⤵
  PID:8512
- C:\Windows\System\lgdxaCX.exe
  C:\Windows\System\lgdxaCX.exe
  2⤵
  PID:8744
- C:\Windows\System\aDQvbky.exe
  C:\Windows\System\aDQvbky.exe
  2⤵
  PID:9136
- C:\Windows\System\FeFEnZZ.exe
  C:\Windows\System\FeFEnZZ.exe
  2⤵
  PID:8260
- C:\Windows\System\aHLjDqF.exe
  C:\Windows\System\aHLjDqF.exe
  2⤵
  PID:9232
- C:\Windows\System\nBYDOSd.exe
  C:\Windows\System\nBYDOSd.exe
  2⤵
  PID:9248
- C:\Windows\System\dDnBsWl.exe
  C:\Windows\System\dDnBsWl.exe
  2⤵
  PID:9264
- C:\Windows\System\NjuIpwi.exe
  C:\Windows\System\NjuIpwi.exe
  2⤵
  PID:9280
- C:\Windows\System\HrvtBsw.exe
  C:\Windows\System\HrvtBsw.exe
  2⤵
  PID:9296
- C:\Windows\System\uRonDyy.exe
  C:\Windows\System\uRonDyy.exe
  2⤵
  PID:9312
- C:\Windows\System\KAqTWyp.exe
  C:\Windows\System\KAqTWyp.exe
  2⤵
  PID:9348
- C:\Windows\System\xoIqkER.exe
  C:\Windows\System\xoIqkER.exe
  2⤵
  PID:9396
- C:\Windows\System\jlBeVId.exe
  C:\Windows\System\jlBeVId.exe
  2⤵
  PID:9428
- C:\Windows\System\OuHgyog.exe
  C:\Windows\System\OuHgyog.exe
  2⤵
  PID:9460
- C:\Windows\System\rFCJARd.exe
  C:\Windows\System\rFCJARd.exe
  2⤵
  PID:9520
- C:\Windows\System\KxgZeIf.exe
  C:\Windows\System\KxgZeIf.exe
  2⤵
  PID:9576
- C:\Windows\System\OJggZQU.exe
  C:\Windows\System\OJggZQU.exe
  2⤵
  PID:9664
- C:\Windows\System\cdWPMKj.exe
  C:\Windows\System\cdWPMKj.exe
  2⤵
  PID:9696
- C:\Windows\System\LSohujo.exe
  C:\Windows\System\LSohujo.exe
  2⤵
  PID:9720
- C:\Windows\System\ZWndCvY.exe
  C:\Windows\System\ZWndCvY.exe
  2⤵
  PID:9796
- C:\Windows\System\CQfJaHy.exe
  C:\Windows\System\CQfJaHy.exe
  2⤵
  PID:9812
- C:\Windows\System\hdCImHT.exe
  C:\Windows\System\hdCImHT.exe
  2⤵
  PID:10140
- C:\Windows\System\FzjBfoA.exe
  C:\Windows\System\FzjBfoA.exe
  2⤵
  PID:10156
- C:\Windows\System\zZFYjwW.exe
  C:\Windows\System\zZFYjwW.exe
  2⤵
  PID:10172
- C:\Windows\System\PuFFxlc.exe
  C:\Windows\System\PuFFxlc.exe
  2⤵
  PID:10188
- C:\Windows\System\EaolFuS.exe
  C:\Windows\System\EaolFuS.exe
  2⤵
  PID:10204
- C:\Windows\System\PdCuONW.exe
  C:\Windows\System\PdCuONW.exe
  2⤵
  PID:10220
- C:\Windows\System\huPjUJw.exe
  C:\Windows\System\huPjUJw.exe
  2⤵
  PID:10236
- C:\Windows\System\ZMpnYdu.exe
  C:\Windows\System\ZMpnYdu.exe
  2⤵
  PID:8868
- C:\Windows\System\ErcrHlt.exe
  C:\Windows\System\ErcrHlt.exe
  2⤵
  PID:9244
- C:\Windows\System\XNhHBRb.exe
  C:\Windows\System\XNhHBRb.exe
  2⤵
  PID:8324
- C:\Windows\System\bsXjJmh.exe
  C:\Windows\System\bsXjJmh.exe
  2⤵
  PID:9224
- C:\Windows\System\sRalBga.exe
  C:\Windows\System\sRalBga.exe
  2⤵
  PID:8384
- C:\Windows\System\mwkzYZY.exe
  C:\Windows\System\mwkzYZY.exe
  2⤵
  PID:9260
- C:\Windows\System\FOzISlR.exe
  C:\Windows\System\FOzISlR.exe
  2⤵
  PID:8840
- C:\Windows\System\YxUsaDj.exe
  C:\Windows\System\YxUsaDj.exe
  2⤵
  PID:9392
- C:\Windows\System\VokoXkv.exe
  C:\Windows\System\VokoXkv.exe
  2⤵
  PID:9372
- C:\Windows\System\vmoPLIX.exe
  C:\Windows\System\vmoPLIX.exe
  2⤵
  PID:9408
- C:\Windows\System\HXJtmqA.exe
  C:\Windows\System\HXJtmqA.exe
  2⤵
  PID:9436
- C:\Windows\System\bFtFSPS.exe
  C:\Windows\System\bFtFSPS.exe
  2⤵
  PID:9456
- C:\Windows\System\LJRNxyE.exe
  C:\Windows\System\LJRNxyE.exe
  2⤵
  PID:9480
- C:\Windows\System\iCzSgVy.exe
  C:\Windows\System\iCzSgVy.exe
  2⤵
  PID:9532
- C:\Windows\System\HeXSgZd.exe
  C:\Windows\System\HeXSgZd.exe
  2⤵
  PID:9500
- C:\Windows\System\xQINRSd.exe
  C:\Windows\System\xQINRSd.exe
  2⤵
  PID:9544
- C:\Windows\System\VokYjjO.exe
  C:\Windows\System\VokYjjO.exe
  2⤵
  PID:9556
- C:\Windows\System\UDBokPl.exe
  C:\Windows\System\UDBokPl.exe
  2⤵
  PID:9572
- C:\Windows\System\cXVajfp.exe
  C:\Windows\System\cXVajfp.exe
  2⤵
  PID:9684
- C:\Windows\System\RSVXXpQ.exe
  C:\Windows\System\RSVXXpQ.exe
  2⤵
  PID:9612
- C:\Windows\System\ojibxdh.exe
  C:\Windows\System\ojibxdh.exe
  2⤵
  PID:9644
- C:\Windows\System\DkSGHpk.exe
  C:\Windows\System\DkSGHpk.exe
  2⤵
  PID:9680
- C:\Windows\System\TavSxPg.exe
  C:\Windows\System\TavSxPg.exe
  2⤵
  PID:9716
- C:\Windows\System\BgUJGTO.exe
  C:\Windows\System\BgUJGTO.exe
  2⤵
  PID:9756
- C:\Windows\System\FDjUeGl.exe
  C:\Windows\System\FDjUeGl.exe
  2⤵
  PID:9776
- C:\Windows\System\nZlXVqZ.exe
  C:\Windows\System\nZlXVqZ.exe
  2⤵
  PID:9788
- C:\Windows\System\fieIDWJ.exe
  C:\Windows\System\fieIDWJ.exe
  2⤵
  PID:9808
- C:\Windows\System\rWaKaMs.exe
  C:\Windows\System\rWaKaMs.exe
  2⤵
  PID:9688
- C:\Windows\System\iuCENLN.exe
  C:\Windows\System\iuCENLN.exe
  2⤵
  PID:9884
- C:\Windows\System\MsUWIyk.exe
  C:\Windows\System\MsUWIyk.exe
  2⤵
  PID:9904
- C:\Windows\System\fgdoCDQ.exe
  C:\Windows\System\fgdoCDQ.exe
  2⤵
  PID:9908
- C:\Windows\System\gNjWTUG.exe
  C:\Windows\System\gNjWTUG.exe
  2⤵
  PID:9928
- C:\Windows\System\pYHRDjk.exe
  C:\Windows\System\pYHRDjk.exe
  2⤵
  PID:9944
- C:\Windows\System\cuWhTIb.exe
  C:\Windows\System\cuWhTIb.exe
  2⤵
  PID:9968
- C:\Windows\System\TfHdeuQ.exe
  C:\Windows\System\TfHdeuQ.exe
  2⤵
  PID:9984
- C:\Windows\System\VtxIbJM.exe
  C:\Windows\System\VtxIbJM.exe
  2⤵
  PID:10004
- C:\Windows\System\CqqvVcP.exe
  C:\Windows\System\CqqvVcP.exe
  2⤵
  PID:9964
- C:\Windows\System\BInxnPp.exe
  C:\Windows\System\BInxnPp.exe
  2⤵
  PID:9452
- C:\Windows\System\BjJIUnt.exe
  C:\Windows\System\BjJIUnt.exe
  2⤵
  PID:9536
- C:\Windows\System\kYCTKbM.exe
  C:\Windows\System\kYCTKbM.exe
  2⤵
  PID:9624
- C:\Windows\System\xruhkJT.exe
  C:\Windows\System\xruhkJT.exe
  2⤵
  PID:9608
- C:\Windows\System\ozzswiG.exe
  C:\Windows\System\ozzswiG.exe
  2⤵
  PID:9768
- C:\Windows\System\AEbqnDu.exe
  C:\Windows\System\AEbqnDu.exe
  2⤵
  PID:10048
- C:\Windows\System\wPpaiza.exe
  C:\Windows\System\wPpaiza.exe
  2⤵
  PID:6424
- C:\Windows\System\JLeDnAT.exe
  C:\Windows\System\JLeDnAT.exe
  2⤵
  PID:9292
- C:\Windows\System\UwVboAM.exe
  C:\Windows\System\UwVboAM.exe
  2⤵
  PID:9388
- C:\Windows\System\TJjSoVY.exe
  C:\Windows\System\TJjSoVY.exe
  2⤵
  PID:9384
- C:\Windows\System\ORPeqgf.exe
  C:\Windows\System\ORPeqgf.exe
  2⤵
  PID:9472
- C:\Windows\System\fCzrQuH.exe
  C:\Windows\System\fCzrQuH.exe
  2⤵
  PID:9512
- C:\Windows\System\zhopXvo.exe
  C:\Windows\System\zhopXvo.exe
  2⤵
  PID:9508
- C:\Windows\System\pxJLaap.exe
  C:\Windows\System\pxJLaap.exe
  2⤵
  PID:9676
- C:\Windows\System\HOzRUuL.exe
  C:\Windows\System\HOzRUuL.exe
  2⤵
  PID:9752
- C:\Windows\System\PrxkiqG.exe
  C:\Windows\System\PrxkiqG.exe
  2⤵
  PID:9864
- C:\Windows\System\IqeFyPG.exe
  C:\Windows\System\IqeFyPG.exe
  2⤵
  PID:9896
- C:\Windows\System\iGIYubw.exe
  C:\Windows\System\iGIYubw.exe
  2⤵
  PID:9960
- C:\Windows\System\lkPlVKR.exe
  C:\Windows\System\lkPlVKR.exe
  2⤵
  PID:9764
- C:\Windows\System\DPWMklE.exe
  C:\Windows\System\DPWMklE.exe
  2⤵
  PID:9920
- C:\Windows\System\UvZlYfC.exe
  C:\Windows\System\UvZlYfC.exe
  2⤵
  PID:9836
- C:\Windows\System\cMCvxFG.exe
  C:\Windows\System\cMCvxFG.exe
  2⤵
  PID:9256
- C:\Windows\System\UgFusaU.exe
  C:\Windows\System\UgFusaU.exe
  2⤵
  PID:10040
- C:\Windows\System\ozdagLu.exe
  C:\Windows\System\ozdagLu.exe
  2⤵
  PID:9636
- C:\Windows\System\zrUPCZm.exe
  C:\Windows\System\zrUPCZm.exe
  2⤵
  PID:10060
- C:\Windows\System\wOomykF.exe
  C:\Windows\System\wOomykF.exe
  2⤵
  PID:10132
- C:\Windows\System\PiEocRY.exe
  C:\Windows\System\PiEocRY.exe
  2⤵
  PID:10164
- C:\Windows\System\uiJOtYI.exe
  C:\Windows\System\uiJOtYI.exe
  2⤵
  PID:10196
- C:\Windows\System\bkiytSN.exe
  C:\Windows\System\bkiytSN.exe
  2⤵
  PID:9240
- C:\Windows\System\NHxxstH.exe
  C:\Windows\System\NHxxstH.exe
  2⤵
  PID:10180
- C:\Windows\System\qnBKWKb.exe
  C:\Windows\System\qnBKWKb.exe
  2⤵
  PID:9924
- C:\Windows\System\gCgJXZF.exe
  C:\Windows\System\gCgJXZF.exe
  2⤵
  PID:10116
- C:\Windows\System\sUkkHtm.exe
  C:\Windows\System\sUkkHtm.exe
  2⤵
  PID:10120
- C:\Windows\System\OJrvSYH.exe
  C:\Windows\System\OJrvSYH.exe
  2⤵
  PID:9416
- C:\Windows\System\LFWfjhU.exe
  C:\Windows\System\LFWfjhU.exe
  2⤵
  PID:8368
- C:\Windows\System\jsrmFgW.exe
  C:\Windows\System\jsrmFgW.exe
  2⤵
  PID:9276
- C:\Windows\System\hmUFfTe.exe
  C:\Windows\System\hmUFfTe.exe
  2⤵
  PID:9356
- C:\Windows\System\NNMVEEF.exe
  C:\Windows\System\NNMVEEF.exe
  2⤵
  PID:9424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\APzkHZX.exe

Filesize
6.0MB

MD5
c48227ab706b5a1fa85ad6ca422499a1

SHA1
ad365713c570bc02f3deb90c2375c85b645d8554

SHA256
d69c73cbddbf47436fb38b0fb39b44cd3acc65bc05faf9b7a81b48b793bc036b

SHA512
1a255c78f97ecaafcdce550600c6097575e52d39d8adc0246f999fce1bbf5afc6083e6f879315bd822be7bfb1dab4d0a5d4534ddc86c573fdded648c4f61043a

Download Submit
C:\Windows\system\BQKhWpQ.exe

Filesize
6.0MB

MD5
aa5cc1aeb71f640def04d47aa16649be

SHA1
e364bae5a73fa2c6e3b233cff9e7555824da0022

SHA256
7b6028ed1899898d81009b62a800f30c9761ed80e738b51a329e20d7433ddca6

SHA512
fabac763c198d378b5d90def4c0536603ea0e019d46b9ba5ad963cda64d70499bedf4ed0a4b7ea3bbb007176be213cdd49f6b966be0844788f84bfa5b23e42a3

Download Submit
C:\Windows\system\CcPxgsp.exe

Filesize
6.0MB

MD5
168515048803c57447d267de70ca26d4

SHA1
0a136fcafcea4f8f4dd2c38134ce77a4bcfef670

SHA256
8f68c6ca3e1886868aa8927d1bdc6564d01f313e81e68fdc2f8d2f7293d67273

SHA512
6d4ba9ccefc9ab9d7dab5c88ccfdfc3f37b1fa6e5deba42e9900060e79fc112701dc05387643b5e041cc2a1f0bdd748a548ebd0fc6bfe753f9eec97e9e4a4730

Download Submit
C:\Windows\system\FgLmPDM.exe

Filesize
6.0MB

MD5
192d59105edbc3087785ddfd1aa85c85

SHA1
de52eae3de6344205b54772c39e83f7c78114a62

SHA256
2cf2bb6fd4c446e9f0107c18b11bffa6c0b58a4f76fcd6ef34309562f152be35

SHA512
c4ae7d41eb4a93c3a9b645f889287ae73db28d4060c938491b84ab98ace15eb5914e7bf50244f5644b7ba8a840c0013969875af760b89280f9bcdbc82b3dba42

Download Submit
C:\Windows\system\IaGfNNy.exe

Filesize
6.0MB

MD5
19ca5452ad9b75dc0e72ce666681f8e0

SHA1
27a2eed6c7e4c74e6f95f2e8a677c31bf8778448

SHA256
8e3fb598b8861c3cb3abe61275b64108cd510dfbdad66a4edf1a2af190d6cde7

SHA512
e132188aff207d7f93fb1befc17ca770401224a8e8b154746440bcec2b7866d3a94fbb32bbea5357cb314654718f8fd3b75e54ca0be55006722f3d9875b2d98e

Download Submit
C:\Windows\system\SLeHtNf.exe

Filesize
6.0MB

MD5
b421b2073782cd53b915162133761cde

SHA1
b7de3cbadeac4fffaa6c2593a60ac0db904b6e35

SHA256
7a8a9cadb83322d875ffd88a5f254c4e033f6346c20926a0cd39b7e7a3979106

SHA512
e20b43fb5f0a33a783eb5efbd2ce9eaee4f4ad2adef0ac0e01564c695e6a82e60c10af71f1bcfb55590e9b02b127bdc011f244045536ea7a69e9d0cb56fa734d

Download Submit
C:\Windows\system\TBiyBCK.exe

Filesize
6.0MB

MD5
5832bcde07bc4075790e4c8dd7af00db

SHA1
b218971648585a4fedc113fe712a82be4edab9ec

SHA256
2592bb9ce431f6a309bac67b46f63d17bc2374f935f734567bcf166f26beba87

SHA512
db641638f3f130224f13a4426e15bbd79022eff02915f3c5ced54f37e125c71c05f9eab70e12018dde51b6bec12c3f550b3181c59e6bd125fe16002ac71af047

Download Submit
C:\Windows\system\UEhaEXc.exe

Filesize
6.0MB

MD5
6da49f10c009003a7b4f800e9ea1138e

SHA1
e35c1c3e556956cc1e3b7f4fe2fb404f9c5bd6d2

SHA256
4b1e8c1b9617670b930cce64ebf07547ff4573df5dbf0d9253647031311bb0aa

SHA512
73621e987c73a1a3ac6e347127ae25e846ace0fccb6696bde9eb6e44acf4235daa7068ef2134bf5d7c3e51c37890ba555eeb9cb9f016aa1d045d050159b990cb

Download Submit
C:\Windows\system\VdxQVSS.exe

Filesize
6.0MB

MD5
f4459f82463934395878087af9973b96

SHA1
c85969a6aba9b9104033179d205665babee61a50

SHA256
3e8939aef83c1472511bb0e1db7ac79f3529eaa949fcb8d6c4f201ca2f314962

SHA512
4b80ae8fd1489e0d0b3db8a98ac84c339d2445f87c15a520a9ed9d684ce95ef862ce3cc86f9308bfb0f3b8fedf477db7a2d68f7f2c64d1732304fe3495862140

Download Submit
C:\Windows\system\WAdkkMj.exe

Filesize
6.0MB

MD5
29c554580756ac019c7d3a5112eed069

SHA1
66a4430c48ab74f2b672b185b08898ca9155bbc7

SHA256
0e0c138f439142d9b55c1583dc27a7d3b4cbfb9404fd2ed57cd514f06241bdbd

SHA512
3d1394c8a874898341363d2ba85a3468665a5bc9dcb4d368a2a0cc76204ef90a7f327df02422b440b1fe0f8bc35c4e44f93931ce888771a5d22a9ab6def385ec

Download Submit
C:\Windows\system\WpsEZYA.exe

Filesize
6.0MB

MD5
4ca7d9a1806ecfbbc2fa2a06e69a2d2a

SHA1
8afddffe78276ce05b8fafa1e63079481a536e87

SHA256
c72a784dc057b4df223bcc4721fe9b5158141c0d879f44129cf7c1741d5af330

SHA512
187853b603086505651d5c1dbfadf8d78fd03e43747af44625ad9821fd3d525cb56590a9e560b5bcf5c1231222a1ddfdb16470479100e07214749e3496ebb6ad

Download Submit
C:\Windows\system\XxsjMcf.exe

Filesize
6.0MB

MD5
df0911bf01d5867e3e0fad2409b68a02

SHA1
1001178d28c475446fe1c2573c45f45163403513

SHA256
68434f4e754ff9a127ba7fd5f53ce07b5f1185ca8450b4e2e3dc0b42c6b80d28

SHA512
4aeaf8081cf385fcccf5012da5a9990e0516998f431acf6fe9b3f99f80fb3b1525713eef6859427ec583539cc154af0c669e617d1749e16ed1a01a996c161a5c

Download Submit
C:\Windows\system\bHEyLgW.exe

Filesize
6.0MB

MD5
bbd883b39f6437584b31c76c1789aa45

SHA1
f6d224befe3cd88d96304fb081cd745f0f373fbb

SHA256
a0efb530f197c951f6e96d54ee6df97b6af99bd84f88b5d350969762b2388930

SHA512
5093a8a86758322ee5d8a10976141a75a47f7ce52a60e71a82df17bd3388272f2ebb79bc34faa95c5b5ec46681170283e9e6198371fadcccdc9970cbc8d3484e

Download Submit
C:\Windows\system\dRiOdhn.exe

Filesize
6.0MB

MD5
def4192212a0fa2341fda32ae4f419b6

SHA1
53cb05e1dfac97ed02eda8c29a25af1fd72a3029

SHA256
12201cdfd55e4e77158c2f0fdc05e8e7922c39d035d6191cb4a2c4f353383e1a

SHA512
4c129c0f7cee2303fb3c1d4dfcee028b7d7bafb9a9a9c25258c13f6f1a944ed969f0f6f0a5b06318ba0e5742a86370bda44c4b40803492c8d40d6516c5bd379c

Download Submit
C:\Windows\system\ecQNhDV.exe

Filesize
6.0MB

MD5
0921a340e35455044a17312cece4023a

SHA1
50cecf25cc176b4689f010a6c625950af6cafb2b

SHA256
d39fde6476075e5a6e416a9e6ca5e10b39faa589bd9301aac8dec0e9a1f97c1b

SHA512
89fffa9d40c8f25f69bf4de2cc53b6d09af26fa3ae17aedd451b25cf93619d4ca510905b30d236994bc5971e733ed81653d40cf0e489fe694ddaa90e72427396

Download Submit
C:\Windows\system\foDpBjE.exe

Filesize
6.0MB

MD5
7a2090d0092914aeb106f12b9773fc27

SHA1
493a3bd2e7140f131fb05591b9c235d0bc72276c

SHA256
ef974ccc08980a585f7c1d4d64be1d59a7842365c3d490ee912503ae68d07f15

SHA512
bc1799de7ec1f48d6a8d7ba70680c0691770c0eb1aa73149344e25699e76389df92f24722e1547e6263426b6adec42a62f7e74bac056a2c7c3251404c8b5e287

Download Submit
C:\Windows\system\hYXiMdo.exe

Filesize
6.0MB

MD5
78b1ae228700e1f564894b003b2f5c40

SHA1
9734ee67909ddcc8cb5eb6e161fefce466e02f1b

SHA256
45062e6f8acce5b4b36b1625a548628d15a7af77300e80cba532695d63f4778a

SHA512
37f0f11155c9001e1ce2c5e1076db382c320cc12c05c3cac5c120ba8cafd935ef181a224a7312f9261e154c4a1e5a7b933bdd6f13767eb82b41472caad86a7f4

Download Submit
C:\Windows\system\kDitHBV.exe

Filesize
6.0MB

MD5
c5af32aa4699f765f21383e566294230

SHA1
a98bca848b31a6bf25f60874aaad4934130c940a

SHA256
6b3984f3d093155c20c4f80170a57422da95a06500477e184e0c73894a10de75

SHA512
c0925c9adf64a228828e4fb6d64761ca425628d4615d3c9869c0f2f9008a27a8a8c5921e3d104fbf4aa4dd645242903919d6d943c02ada2054a0dc2c35fd1938

Download Submit
C:\Windows\system\kEmkDPT.exe

Filesize
6.0MB

MD5
91d17d7d11cc8e5acee87089839ae691

SHA1
ae2d0f5c347a271cc371f15aaeaa48c18f3b4e6a

SHA256
26619c8ffd43ec2509887905818d404faa52354547020e23459e6b480dbe0ea6

SHA512
9f6244dae5bf4348352a4141985d732847be2630bda0d464844a26f7826518e011ce55ab6907422cdd082bbf3013e5ffe7b11a0d18d1110db9c8d43d1f240ffb

Download Submit
C:\Windows\system\kXlFMKw.exe

Filesize
6.0MB

MD5
d5b2c0ec69d11a9c5761369010703d40

SHA1
cffa69fc44da55f2cd336f33533f9185df6a9d46

SHA256
50bcad611b6b8bf55a78a000c4d699998db4c1542d94012d5e640c1a8c9032da

SHA512
2edf0bd8c14c30d4bcd7d8932b1b80eccc5bead904a646745e3e2dee84e080b52387c57814f63fb8ae3a9dcb11d1638782d7857aa1cceb029761af97b253ee41

Download Submit
C:\Windows\system\nHynrMv.exe

Filesize
6.0MB

MD5
e70250daa825cb38e0bac40704ac578d

SHA1
c9ae1a2bde305bcdda2ccee6001fe1c4c7f324de

SHA256
1dd11808d05d3c21f5ccb686cff78f0ba3f6b36d2fb93911e42fa57d201ced1d

SHA512
c2dd5b2f0f01d956f3fb230092ff43e90bc19487708e139cf297a4188189e13eed06f87a03460844146c86234e1b1623215d378ad2eaf764214ac88e834dbbae

Download Submit
C:\Windows\system\rlgHeIO.exe

Filesize
6.0MB

MD5
53517f9d6ac3780b6aec0bf988af42a2

SHA1
49ae3a213d4b4b676a5bc4ee224b43c97048434f

SHA256
9ce659188baf976c9c6c1a4b36a454fe399ca0cbe315fdfad228bf365da2bef5

SHA512
2703be2d157298648a04dd691a1ba0d1e6e70d8baf18410807cc4f413c44bbd6dc03853df59fa66c20bfb08b7b524549c7e97a024c4e899bf4e74370bbe089eb

Download Submit
C:\Windows\system\svImIHZ.exe

Filesize
6.0MB

MD5
25bb809e40e51f19b1a1b0284e78d9bf

SHA1
2482fb424716bb5354eba7f5c45995a4fd82a78e

SHA256
d63a65960c19bcc5e47e7f678f23190b52da4397593c456f237f7b5784ed04da

SHA512
0f424f37bbe1125b911984782d9049c7c03f746608124c55341f8f8ee2e24fd787483e124b12ac51a432579a10dd06a8deefa94534e31784808fb9ea2296a7cd

Download Submit
C:\Windows\system\vVsDnVi.exe

Filesize
6.0MB

MD5
e6ca90f777b72b34b2932d4b01b4db03

SHA1
3affd201c982178fe34c8d60e04e486f420b0ca2

SHA256
1761bf90bae426ed91a68f672b9ecfa599b83df28164166893e7a145c31f4de3

SHA512
d144479ba35f1e96b72ceb6e1f03a843771daf0dbbe1acee55b5dccba79563b172a3739b9087e969525b3cec0d77fb09cd94679746b23690e469db24aa367791

Download Submit
C:\Windows\system\wGyUMkS.exe

Filesize
6.0MB

MD5
3f394741892647a6542e92861471a989

SHA1
4d08b70193409683ed25991c43b9b16429c4d726

SHA256
196171395dd629bad8661f728f23ee780e70a9ec73c7355a7043beee49b76a7c

SHA512
6067fd94a1f64000611f08a6c3574a0494adf1db6247f9e2eac5ff59174d0ff7b5fd262c60bf46d1823d2fe04aa172a775bbfb4f1dba7b4f415d896f4c35531d

Download Submit
C:\Windows\system\wMzORsy.exe

Filesize
6.0MB

MD5
37e797e51f1cc323b0d5b3c66f2a5793

SHA1
47a868f074a2d05064982a882cbf92afa73e3d7d

SHA256
dbd885d2bf095e61292776e87b2668260cb844dfa8a73097b9ce83e9e3cd8d83

SHA512
274ded14a363d0765a9f9b2869f182cc2e5d12ae782a8f57d3c274435023cf30000d668af4764248012e766ac0a1f6b367c71172efd6fe502aa947f72825719b

Download Submit
C:\Windows\system\zVOkGVQ.exe

Filesize
6.0MB

MD5
ce01f11aaf0aebce112c276b0ff4dbd9

SHA1
1adbea1ec8b511b5d339c0a04887753dd49a53a2

SHA256
71824ac6eaad8406c1fb3c44d18c20bff9b850c4d2736c8bdb2cca14c4832bde

SHA512
04324dbc149c18e7254bf063201af6c2b962c88cfbb36bf1f4776b501cc1869f7061e723448a6b5c35514eea786d1dd4504ae75c3a7d21130308a03cfbacb826

Download Submit
\Windows\system\ZkWrqGY.exe

Filesize
6.0MB

MD5
cb83b3afc5496090095febdc0a2c24a0

SHA1
0d43dadda0a97fd272d42139f70b3d60a65ea7eb

SHA256
ab20799ea0dee5a7430264d19a22ef8a31a5571eb29ef77c1e01e750dcdcb4c6

SHA512
50f512603bb7a8529ffdd095eba5c981b546fd7072b93da45c1db2bbcf46e13269285cc78e156f4a427cbcb39ae9d811b08a9851d86f6220896b15447c3748c3

Download Submit
\Windows\system\ZkhtRLK.exe

Filesize
6.0MB

MD5
8c0c5b2571b3a2c274258d651ad30e99

SHA1
096da2875ce1800151e8139d50e0cdf0da45873f

SHA256
c72bb0a5b1161a162f8841d663f54b1214ba6f0eefe60f82501e3bafa41ca89e

SHA512
1994de14788186df63658684cfade89545bc423cb7005ad215cbab988a934f1e20a666bc12687d2ffeaba06628e80eb1db1e28e8b317dd8129989e54e4aa8b3f

Download Submit
\Windows\system\aKRbGln.exe

Filesize
6.0MB

MD5
bed391cbdd8b2e6853d7d4a50f8dabc8

SHA1
9edcbdf3f72d69c8e95c8759693cede008a9a28d

SHA256
9e5fb60c4a73610fa88dc1aa852e3750e8c5cfd26db591981200e85872a187ae

SHA512
2602b1f729a557745881cc49601f66e23caf7e6eb41a1462bc75de0fd266e15b61c812753294d9890b53b922b7afe23779b954b4970143c1c0fbd822585b0a1e

Download Submit
\Windows\system\gcCqiIt.exe

Filesize
6.0MB

MD5
25660425fce5665baf1470694dee7d7b

SHA1
308c771f19d1122517a4adafb0310820c4e34076

SHA256
51f426b5913b07957238d81ed7d3bbb97b31608f05c8d4594459ada7c51dc0fb

SHA512
62d7416fe105b54d503ec010a16983473326f39ff65e15530c7763dd801412fafab131c1028746cc7950ac683d13f9d06b4052b8934da45145a4d4a81eff336f

Download Submit
\Windows\system\hMAPweC.exe

Filesize
6.0MB

MD5
6618b88cce88ac90b7197ac853db513c

SHA1
a64c277bcf0e8a2cc5e3505f33766d5cc11fcfaa

SHA256
e974fe7c51793a83cedfd929ea4250d76061c392e7b84ffe93e70399c4ce5dbf

SHA512
0e2d3e508172d2b462d963721ebafb2573dfbff02ac57a506a07b424bf97cbe280061083ae79ea27f76a28e245768ae41770c53eba84dfb3363013ba697a998c

Download Submit
\Windows\system\xNHtldk.exe

Filesize
6.0MB

MD5
5172310c89ae94adc81cd373a95bec12

SHA1
436088bff79dcddcf1ee99181661690698635bdb

SHA256
fe988efe9672ea19c7e045e62cd51e0ddc99db2d72cb56c7452a12041c19ca78

SHA512
393cfa37a0ac49b9d2efbdce1e32f583598fe5c849a449a54955da77cb7043af3e0f89c0b706650b199f44b8dc92d87065bd1259107d33ba79eae1b2ba813dbc

Download Submit
memory/644-3256-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/644-592-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1536-21-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/1536-3287-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2580-4007-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2580-491-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2580-2811-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2616-2801-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2616-152-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3255-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2632-513-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3251-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2696-150-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3253-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2696-2798-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2704-27-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3258-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2732-580-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3257-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3285-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2788-30-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2812-28-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3288-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2816-149-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3250-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3249-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2828-2791-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2828-148-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2832-37-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3286-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-1080-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2788-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-19-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-39-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2964-1554-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-0-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-29-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2808-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2842-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2833-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2826-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2823-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2818-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2964-557-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2964-32-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2934-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2964-614-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2964-1387-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-1092-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-593-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2964-153-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-581-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-25-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2964-543-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-502-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-147-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-8-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2964-151-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/3024-3261-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-551-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download