cobaltstrike | 8f4c70d6a38f2f50c1bbd43b47a323b3c19dc96b673e605b8b2fe3e477367c5f

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

7978f28984c0d7dc7846956bd04dcb1c
SHA1

6bb97223b608e2a4cc0b5510f581727e1a795f97
SHA256

8f4c70d6a38f2f50c1bbd43b47a323b3c19dc96b673e605b8b2fe3e477367c5f
SHA512

c99634bb6e4e32cece1a7dffd0dc9f142ba88c9fb99104646fb1f09d128140e7f69f87d6097ab1c56cc49a6bcfaad729b45f54258041b4be94fbd4f86468e86e
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUS:T+q56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x000c00000001202c-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001610d-11.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001628b-16.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000164b1-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016650-24.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016875-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016b47-32.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-41.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-59.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-63.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ecf-51.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-88.dat	cobalt_reflective_dll
behavioral1/files/0x002d000000015f25-92.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-102.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-127.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-152.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-107.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-97.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df3-47.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d9f-40.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c80-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2800-0-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/files/0x000c00000001202c-3.dat	xmrig
behavioral1/memory/2800-6-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x000800000001610d-11.dat	xmrig
behavioral1/files/0x000800000001628b-16.dat	xmrig
behavioral1/files/0x00080000000164b1-20.dat	xmrig
behavioral1/files/0x0007000000016650-24.dat	xmrig
behavioral1/files/0x0007000000016875-27.dat	xmrig
behavioral1/files/0x0007000000016b47-32.dat	xmrig
behavioral1/files/0x0006000000016dea-41.dat	xmrig
behavioral1/files/0x0006000000017497-59.dat	xmrig
behavioral1/files/0x000600000001749c-63.dat	xmrig
behavioral1/files/0x000600000001755b-80.dat	xmrig
behavioral1/files/0x0006000000017049-55.dat	xmrig
behavioral1/files/0x0006000000016ecf-51.dat	xmrig
behavioral1/files/0x0005000000018686-88.dat	xmrig
behavioral1/files/0x002d000000015f25-92.dat	xmrig
behavioral1/files/0x00050000000186ed-102.dat	xmrig
behavioral1/files/0x00050000000186f4-112.dat	xmrig
behavioral1/files/0x0005000000018739-122.dat	xmrig
behavioral1/files/0x0005000000018744-127.dat	xmrig
behavioral1/files/0x0006000000018c16-147.dat	xmrig
behavioral1/memory/2776-722-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2800-727-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2800-729-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2800-1313-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2932-1788-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2800-1887-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2800-1937-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2784-887-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2536-870-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2800-851-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2988-850-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/1732-830-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2240-806-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2476-786-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2732-770-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2672-754-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2112-741-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2936-728-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2684-726-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2920-724-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x0005000000019269-162.dat	xmrig
behavioral1/files/0x0005000000019250-157.dat	xmrig
behavioral1/files/0x0005000000019246-152.dat	xmrig
behavioral1/files/0x0006000000018b4e-142.dat	xmrig
behavioral1/files/0x00050000000187a8-137.dat	xmrig
behavioral1/files/0x000500000001878e-132.dat	xmrig
behavioral1/files/0x0005000000018704-117.dat	xmrig
behavioral1/files/0x00050000000186f1-107.dat	xmrig
behavioral1/files/0x00050000000186e7-97.dat	xmrig
behavioral1/files/0x0006000000016df3-47.dat	xmrig
behavioral1/files/0x0008000000016d9f-40.dat	xmrig
behavioral1/files/0x0009000000016c80-36.dat	xmrig
behavioral1/memory/2932-3103-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/1732-3126-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2920-3128-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2784-3127-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2936-3130-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2672-3134-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2684-3135-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2536-3140-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2732-3141-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2476-3138-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

XYztVfB.exezWqINvo.exekuwBNEC.exenGlAXOl.exeKZLJYsU.execpzdYhc.exeoJmceqP.exeXEnODtE.exeorEGvaY.exeIWChDtw.exeTJsRmIR.exefkqMsAE.exexzZjMUo.exeCRsFdtu.exeMdavcFx.exeeEfAslz.exegPhhmbk.exekblCASV.exeDyXtfIE.exezLBFzjA.exetqEkcMi.exejGRWrkB.exeJMRUDwe.exeehslXeZ.exeZVDxlrD.exemNcNglI.exeMxFPSnn.exefNzmaSV.exeGgEeuuz.exeNbjIwok.execieiZwY.exeQqCRSJj.exeppssglz.exenDYVNBX.exeSTRNWQb.exeVWINTSZ.exejTRAwxf.exegluYXdq.exevcLfVUF.exeldvsvol.exeTJiZFEM.exeDbKNkvh.exevVHMEsV.exeeJSaNrD.exeKoZffZp.exeFPmgyGh.exevcpfMsC.exefRenikT.exeJsXSgha.exeIgTHhYQ.exeOLFpCii.exeNUSgPwZ.exeRSyExIh.exeGKQKKUL.exeHdLbbMd.exeobwesFp.exeGrIGUtN.exezqjhYbX.exeGVmPTox.exeXymhKlD.exejRItBHb.exeTPLXuDY.exeGRWctHG.exeAFdJkxC.exe

pid	Process
2932	XYztVfB.exe
2784	zWqINvo.exe
2776	kuwBNEC.exe
2920	nGlAXOl.exe
2684	KZLJYsU.exe
2936	cpzdYhc.exe
2112	oJmceqP.exe
2672	XEnODtE.exe
2732	orEGvaY.exe
2476	IWChDtw.exe
2240	TJsRmIR.exe
1732	fkqMsAE.exe
2988	xzZjMUo.exe
2536	CRsFdtu.exe
1848	MdavcFx.exe
1368	eEfAslz.exe
2760	gPhhmbk.exe
2952	kblCASV.exe
380	DyXtfIE.exe
620	zLBFzjA.exe
2596	tqEkcMi.exe
2540	jGRWrkB.exe
1748	JMRUDwe.exe
1724	ehslXeZ.exe
2520	ZVDxlrD.exe
2644	mNcNglI.exe
2460	MxFPSnn.exe
2180	fNzmaSV.exe
2416	GgEeuuz.exe
2248	NbjIwok.exe
860	cieiZwY.exe
2896	QqCRSJj.exe
1676	ppssglz.exe
1572	nDYVNBX.exe
408	STRNWQb.exe
2116	VWINTSZ.exe
1888	jTRAwxf.exe
1168	gluYXdq.exe
1976	vcLfVUF.exe
900	ldvsvol.exe
1700	TJiZFEM.exe
1280	DbKNkvh.exe
836	vVHMEsV.exe
1660	eJSaNrD.exe
1652	KoZffZp.exe
1984	FPmgyGh.exe
948	vcpfMsC.exe
704	fRenikT.exe
872	JsXSgha.exe
1656	IgTHhYQ.exe
1564	OLFpCii.exe
2604	NUSgPwZ.exe
2964	RSyExIh.exe
1232	GKQKKUL.exe
908	HdLbbMd.exe
2588	obwesFp.exe
1912	GrIGUtN.exe
1536	zqjhYbX.exe
1540	GVmPTox.exe
2860	XymhKlD.exe
2696	jRItBHb.exe
2716	TPLXuDY.exe
2828	GRWctHG.exe
2092	AFdJkxC.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2800-0-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/files/0x000c00000001202c-3.dat	upx
behavioral1/memory/2800-6-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x000800000001610d-11.dat	upx
behavioral1/files/0x000800000001628b-16.dat	upx
behavioral1/files/0x00080000000164b1-20.dat	upx
behavioral1/files/0x0007000000016650-24.dat	upx
behavioral1/files/0x0007000000016875-27.dat	upx
behavioral1/files/0x0007000000016b47-32.dat	upx
behavioral1/files/0x0006000000016dea-41.dat	upx
behavioral1/files/0x0006000000017497-59.dat	upx
behavioral1/files/0x000600000001749c-63.dat	upx
behavioral1/files/0x000600000001755b-80.dat	upx
behavioral1/files/0x0006000000017049-55.dat	upx
behavioral1/files/0x0006000000016ecf-51.dat	upx
behavioral1/files/0x0005000000018686-88.dat	upx
behavioral1/files/0x002d000000015f25-92.dat	upx
behavioral1/files/0x00050000000186ed-102.dat	upx
behavioral1/files/0x00050000000186f4-112.dat	upx
behavioral1/files/0x0005000000018739-122.dat	upx
behavioral1/files/0x0005000000018744-127.dat	upx
behavioral1/files/0x0006000000018c16-147.dat	upx
behavioral1/memory/2776-722-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2800-1313-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2932-1788-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2784-887-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2536-870-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2988-850-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/1732-830-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2240-806-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2476-786-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2732-770-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2672-754-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2112-741-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2936-728-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2684-726-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2920-724-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x0005000000019269-162.dat	upx
behavioral1/files/0x0005000000019250-157.dat	upx
behavioral1/files/0x0005000000019246-152.dat	upx
behavioral1/files/0x0006000000018b4e-142.dat	upx
behavioral1/files/0x00050000000187a8-137.dat	upx
behavioral1/files/0x000500000001878e-132.dat	upx
behavioral1/files/0x0005000000018704-117.dat	upx
behavioral1/files/0x00050000000186f1-107.dat	upx
behavioral1/files/0x00050000000186e7-97.dat	upx
behavioral1/files/0x0006000000016df3-47.dat	upx
behavioral1/files/0x0008000000016d9f-40.dat	upx
behavioral1/files/0x0009000000016c80-36.dat	upx
behavioral1/memory/2932-3103-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/1732-3126-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2920-3128-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2784-3127-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2936-3130-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2672-3134-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2684-3135-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2536-3140-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2732-3141-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2476-3138-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2240-3143-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2776-3142-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2112-3148-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2988-3147-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\HQQXtDa.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\biLAsjK.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PcahQgh.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HDRhtxS.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rNAlnWn.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bABSHkE.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xPqieFq.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dIDHEyn.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TtWuyWJ.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JyHPGAe.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DXrREtp.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPLdbEB.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CCfPDek.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QIlFwHR.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RMsfDPC.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YgrIgjK.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qBQbzcb.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZMnSByh.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zNmBRwt.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mBRAwOp.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pfCfTkD.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKFiRWK.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qwnyHWq.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ToWTqmH.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNNIHJI.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ebWYoCT.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jbetSKE.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Jkxrale.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lqkoFVT.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nGlAXOl.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uxSKjny.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GEiyreE.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mTwfbix.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EOePjBz.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HdLbbMd.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PHvymJV.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sgdTvAb.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ErZndqF.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mcrwvwh.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\koYpXSt.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MDFqXsr.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fougWRk.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OMqcZsZ.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ChxtpWW.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdRhGAT.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTzdIXp.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHvJmwg.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fkMtuMN.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\erSpXZF.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdXkdML.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MzxBSwD.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IKhCaof.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ERpTQub.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xocuNKp.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TEEhIhh.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fAILEJI.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PiEPzHx.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BHeEYmh.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PlzgrQG.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iCmjZpW.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lefjDEg.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ofxsHbL.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jBMoFDr.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qwwUmMS.exe	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 2800 wrote to memory of 2932	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2800 wrote to memory of 2932	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2800 wrote to memory of 2932	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2800 wrote to memory of 2784	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2800 wrote to memory of 2784	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2800 wrote to memory of 2784	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2800 wrote to memory of 2776	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2800 wrote to memory of 2776	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2800 wrote to memory of 2776	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2800 wrote to memory of 2920	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2800 wrote to memory of 2920	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2800 wrote to memory of 2920	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2800 wrote to memory of 2684	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2800 wrote to memory of 2684	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2800 wrote to memory of 2684	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2800 wrote to memory of 2936	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2800 wrote to memory of 2936	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2800 wrote to memory of 2936	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2800 wrote to memory of 2112	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2800 wrote to memory of 2112	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2800 wrote to memory of 2112	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2800 wrote to memory of 2672	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2800 wrote to memory of 2672	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2800 wrote to memory of 2672	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2800 wrote to memory of 2732	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2800 wrote to memory of 2732	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2800 wrote to memory of 2732	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2800 wrote to memory of 2476	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2800 wrote to memory of 2476	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2800 wrote to memory of 2476	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2800 wrote to memory of 2240	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2800 wrote to memory of 2240	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2800 wrote to memory of 2240	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2800 wrote to memory of 1732	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2800 wrote to memory of 1732	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2800 wrote to memory of 1732	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2800 wrote to memory of 2988	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2800 wrote to memory of 2988	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2800 wrote to memory of 2988	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2800 wrote to memory of 2536	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2800 wrote to memory of 2536	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2800 wrote to memory of 2536	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2800 wrote to memory of 1848	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2800 wrote to memory of 1848	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2800 wrote to memory of 1848	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2800 wrote to memory of 1368	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2800 wrote to memory of 1368	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2800 wrote to memory of 1368	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2800 wrote to memory of 2760	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2800 wrote to memory of 2760	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2800 wrote to memory of 2760	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2800 wrote to memory of 2952	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2800 wrote to memory of 2952	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2800 wrote to memory of 2952	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2800 wrote to memory of 380	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2800 wrote to memory of 380	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2800 wrote to memory of 380	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2800 wrote to memory of 620	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2800 wrote to memory of 620	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2800 wrote to memory of 620	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2800 wrote to memory of 2596	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2800 wrote to memory of 2596	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2800 wrote to memory of 2596	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2800 wrote to memory of 2540	2800	2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-25_7978f28984c0d7dc7846956bd04dcb1c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Windows\System\XYztVfB.exe
  C:\Windows\System\XYztVfB.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\zWqINvo.exe
  C:\Windows\System\zWqINvo.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\kuwBNEC.exe
  C:\Windows\System\kuwBNEC.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\nGlAXOl.exe
  C:\Windows\System\nGlAXOl.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\KZLJYsU.exe
  C:\Windows\System\KZLJYsU.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\cpzdYhc.exe
  C:\Windows\System\cpzdYhc.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\oJmceqP.exe
  C:\Windows\System\oJmceqP.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\XEnODtE.exe
  C:\Windows\System\XEnODtE.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\orEGvaY.exe
  C:\Windows\System\orEGvaY.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\IWChDtw.exe
  C:\Windows\System\IWChDtw.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\TJsRmIR.exe
  C:\Windows\System\TJsRmIR.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\fkqMsAE.exe
  C:\Windows\System\fkqMsAE.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\xzZjMUo.exe
  C:\Windows\System\xzZjMUo.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\CRsFdtu.exe
  C:\Windows\System\CRsFdtu.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\MdavcFx.exe
  C:\Windows\System\MdavcFx.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\eEfAslz.exe
  C:\Windows\System\eEfAslz.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\gPhhmbk.exe
  C:\Windows\System\gPhhmbk.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\kblCASV.exe
  C:\Windows\System\kblCASV.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\DyXtfIE.exe
  C:\Windows\System\DyXtfIE.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\zLBFzjA.exe
  C:\Windows\System\zLBFzjA.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\tqEkcMi.exe
  C:\Windows\System\tqEkcMi.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\jGRWrkB.exe
  C:\Windows\System\jGRWrkB.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\JMRUDwe.exe
  C:\Windows\System\JMRUDwe.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\ehslXeZ.exe
  C:\Windows\System\ehslXeZ.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\ZVDxlrD.exe
  C:\Windows\System\ZVDxlrD.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\mNcNglI.exe
  C:\Windows\System\mNcNglI.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\MxFPSnn.exe
  C:\Windows\System\MxFPSnn.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\fNzmaSV.exe
  C:\Windows\System\fNzmaSV.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\GgEeuuz.exe
  C:\Windows\System\GgEeuuz.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\NbjIwok.exe
  C:\Windows\System\NbjIwok.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\cieiZwY.exe
  C:\Windows\System\cieiZwY.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\QqCRSJj.exe
  C:\Windows\System\QqCRSJj.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\ppssglz.exe
  C:\Windows\System\ppssglz.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\nDYVNBX.exe
  C:\Windows\System\nDYVNBX.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\STRNWQb.exe
  C:\Windows\System\STRNWQb.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\VWINTSZ.exe
  C:\Windows\System\VWINTSZ.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\jTRAwxf.exe
  C:\Windows\System\jTRAwxf.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\gluYXdq.exe
  C:\Windows\System\gluYXdq.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\vcLfVUF.exe
  C:\Windows\System\vcLfVUF.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\ldvsvol.exe
  C:\Windows\System\ldvsvol.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\TJiZFEM.exe
  C:\Windows\System\TJiZFEM.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\DbKNkvh.exe
  C:\Windows\System\DbKNkvh.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\vVHMEsV.exe
  C:\Windows\System\vVHMEsV.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\eJSaNrD.exe
  C:\Windows\System\eJSaNrD.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\KoZffZp.exe
  C:\Windows\System\KoZffZp.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\FPmgyGh.exe
  C:\Windows\System\FPmgyGh.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\vcpfMsC.exe
  C:\Windows\System\vcpfMsC.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\fRenikT.exe
  C:\Windows\System\fRenikT.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\JsXSgha.exe
  C:\Windows\System\JsXSgha.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\IgTHhYQ.exe
  C:\Windows\System\IgTHhYQ.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\OLFpCii.exe
  C:\Windows\System\OLFpCii.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\NUSgPwZ.exe
  C:\Windows\System\NUSgPwZ.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\RSyExIh.exe
  C:\Windows\System\RSyExIh.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\GKQKKUL.exe
  C:\Windows\System\GKQKKUL.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\HdLbbMd.exe
  C:\Windows\System\HdLbbMd.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\obwesFp.exe
  C:\Windows\System\obwesFp.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\GrIGUtN.exe
  C:\Windows\System\GrIGUtN.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\zqjhYbX.exe
  C:\Windows\System\zqjhYbX.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\GVmPTox.exe
  C:\Windows\System\GVmPTox.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\XymhKlD.exe
  C:\Windows\System\XymhKlD.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\jRItBHb.exe
  C:\Windows\System\jRItBHb.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\TPLXuDY.exe
  C:\Windows\System\TPLXuDY.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\GRWctHG.exe
  C:\Windows\System\GRWctHG.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\AFdJkxC.exe
  C:\Windows\System\AFdJkxC.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\lSowToC.exe
  C:\Windows\System\lSowToC.exe
  2⤵
  PID:2164
- C:\Windows\System\gRbiIBn.exe
  C:\Windows\System\gRbiIBn.exe
  2⤵
  PID:2156
- C:\Windows\System\esPFXeg.exe
  C:\Windows\System\esPFXeg.exe
  2⤵
  PID:2648
- C:\Windows\System\VXatvef.exe
  C:\Windows\System\VXatvef.exe
  2⤵
  PID:2844
- C:\Windows\System\RMsfDPC.exe
  C:\Windows\System\RMsfDPC.exe
  2⤵
  PID:2748
- C:\Windows\System\PFLjTmd.exe
  C:\Windows\System\PFLjTmd.exe
  2⤵
  PID:3048
- C:\Windows\System\zHJVkxn.exe
  C:\Windows\System\zHJVkxn.exe
  2⤵
  PID:1208
- C:\Windows\System\Jheoohn.exe
  C:\Windows\System\Jheoohn.exe
  2⤵
  PID:2528
- C:\Windows\System\uFXxYfe.exe
  C:\Windows\System\uFXxYfe.exe
  2⤵
  PID:2720
- C:\Windows\System\vuwxKin.exe
  C:\Windows\System\vuwxKin.exe
  2⤵
  PID:1924
- C:\Windows\System\DsqfbMf.exe
  C:\Windows\System\DsqfbMf.exe
  2⤵
  PID:2076
- C:\Windows\System\WSwyCyr.exe
  C:\Windows\System\WSwyCyr.exe
  2⤵
  PID:2184
- C:\Windows\System\EnSXxsZ.exe
  C:\Windows\System\EnSXxsZ.exe
  2⤵
  PID:716
- C:\Windows\System\iXkwpNj.exe
  C:\Windows\System\iXkwpNj.exe
  2⤵
  PID:2244
- C:\Windows\System\XwhEXuk.exe
  C:\Windows\System\XwhEXuk.exe
  2⤵
  PID:1576
- C:\Windows\System\RFIvwpf.exe
  C:\Windows\System\RFIvwpf.exe
  2⤵
  PID:1788
- C:\Windows\System\NDuBpmT.exe
  C:\Windows\System\NDuBpmT.exe
  2⤵
  PID:1096
- C:\Windows\System\HAMqTGo.exe
  C:\Windows\System\HAMqTGo.exe
  2⤵
  PID:1104
- C:\Windows\System\UIeArLR.exe
  C:\Windows\System\UIeArLR.exe
  2⤵
  PID:1960
- C:\Windows\System\bsvZbnO.exe
  C:\Windows\System\bsvZbnO.exe
  2⤵
  PID:1120
- C:\Windows\System\AXjuehw.exe
  C:\Windows\System\AXjuehw.exe
  2⤵
  PID:1276
- C:\Windows\System\ZwtQkvg.exe
  C:\Windows\System\ZwtQkvg.exe
  2⤵
  PID:1648
- C:\Windows\System\FgVGJOm.exe
  C:\Windows\System\FgVGJOm.exe
  2⤵
  PID:964
- C:\Windows\System\bJtYdVN.exe
  C:\Windows\System\bJtYdVN.exe
  2⤵
  PID:2332
- C:\Windows\System\RNntkfY.exe
  C:\Windows\System\RNntkfY.exe
  2⤵
  PID:2380
- C:\Windows\System\wblEgKZ.exe
  C:\Windows\System\wblEgKZ.exe
  2⤵
  PID:468
- C:\Windows\System\vLaHEaH.exe
  C:\Windows\System\vLaHEaH.exe
  2⤵
  PID:1872
- C:\Windows\System\vlJpLOz.exe
  C:\Windows\System\vlJpLOz.exe
  2⤵
  PID:2620
- C:\Windows\System\MBbrPMV.exe
  C:\Windows\System\MBbrPMV.exe
  2⤵
  PID:2808
- C:\Windows\System\yPxForg.exe
  C:\Windows\System\yPxForg.exe
  2⤵
  PID:1512
- C:\Windows\System\erhpmDN.exe
  C:\Windows\System\erhpmDN.exe
  2⤵
  PID:2812
- C:\Windows\System\YIkQFys.exe
  C:\Windows\System\YIkQFys.exe
  2⤵
  PID:2448
- C:\Windows\System\PsyDbkW.exe
  C:\Windows\System\PsyDbkW.exe
  2⤵
  PID:2772
- C:\Windows\System\KgLgHyS.exe
  C:\Windows\System\KgLgHyS.exe
  2⤵
  PID:2700
- C:\Windows\System\CTGNPxp.exe
  C:\Windows\System\CTGNPxp.exe
  2⤵
  PID:2992
- C:\Windows\System\xgeVNsC.exe
  C:\Windows\System\xgeVNsC.exe
  2⤵
  PID:2888
- C:\Windows\System\GSnhkuP.exe
  C:\Windows\System\GSnhkuP.exe
  2⤵
  PID:592
- C:\Windows\System\ISfNUMJ.exe
  C:\Windows\System\ISfNUMJ.exe
  2⤵
  PID:3040
- C:\Windows\System\ddCdjKq.exe
  C:\Windows\System\ddCdjKq.exe
  2⤵
  PID:1584
- C:\Windows\System\pVMmkjz.exe
  C:\Windows\System\pVMmkjz.exe
  2⤵
  PID:2324
- C:\Windows\System\hmUBtMr.exe
  C:\Windows\System\hmUBtMr.exe
  2⤵
  PID:2224
- C:\Windows\System\GSoHwdN.exe
  C:\Windows\System\GSoHwdN.exe
  2⤵
  PID:2144
- C:\Windows\System\PwyFCkU.exe
  C:\Windows\System\PwyFCkU.exe
  2⤵
  PID:1832
- C:\Windows\System\tqrNgMi.exe
  C:\Windows\System\tqrNgMi.exe
  2⤵
  PID:2816
- C:\Windows\System\UaIzeMt.exe
  C:\Windows\System\UaIzeMt.exe
  2⤵
  PID:1108
- C:\Windows\System\vgmNvVu.exe
  C:\Windows\System\vgmNvVu.exe
  2⤵
  PID:1672
- C:\Windows\System\DoWAJKg.exe
  C:\Windows\System\DoWAJKg.exe
  2⤵
  PID:972
- C:\Windows\System\GavcWIl.exe
  C:\Windows\System\GavcWIl.exe
  2⤵
  PID:1680
- C:\Windows\System\mRhSqSc.exe
  C:\Windows\System\mRhSqSc.exe
  2⤵
  PID:1688
- C:\Windows\System\dDJjXXD.exe
  C:\Windows\System\dDJjXXD.exe
  2⤵
  PID:1020
- C:\Windows\System\iXyZNPa.exe
  C:\Windows\System\iXyZNPa.exe
  2⤵
  PID:2120
- C:\Windows\System\StVfaem.exe
  C:\Windows\System\StVfaem.exe
  2⤵
  PID:1916
- C:\Windows\System\dKlRrRg.exe
  C:\Windows\System\dKlRrRg.exe
  2⤵
  PID:2692
- C:\Windows\System\ykCDVdJ.exe
  C:\Windows\System\ykCDVdJ.exe
  2⤵
  PID:864
- C:\Windows\System\ygSuFKN.exe
  C:\Windows\System\ygSuFKN.exe
  2⤵
  PID:1612
- C:\Windows\System\HADSdOV.exe
  C:\Windows\System\HADSdOV.exe
  2⤵
  PID:1440
- C:\Windows\System\BGzvAZj.exe
  C:\Windows\System\BGzvAZj.exe
  2⤵
  PID:1784
- C:\Windows\System\lMgmmdJ.exe
  C:\Windows\System\lMgmmdJ.exe
  2⤵
  PID:1224
- C:\Windows\System\lbJhqvu.exe
  C:\Windows\System\lbJhqvu.exe
  2⤵
  PID:2264
- C:\Windows\System\qpouned.exe
  C:\Windows\System\qpouned.exe
  2⤵
  PID:800
- C:\Windows\System\LlqXuQg.exe
  C:\Windows\System\LlqXuQg.exe
  2⤵
  PID:304
- C:\Windows\System\SvcdJuU.exe
  C:\Windows\System\SvcdJuU.exe
  2⤵
  PID:1988
- C:\Windows\System\pOGRpHG.exe
  C:\Windows\System\pOGRpHG.exe
  2⤵
  PID:2220
- C:\Windows\System\wnLygLE.exe
  C:\Windows\System\wnLygLE.exe
  2⤵
  PID:1448
- C:\Windows\System\cDoOhhk.exe
  C:\Windows\System\cDoOhhk.exe
  2⤵
  PID:292
- C:\Windows\System\BEpOhYI.exe
  C:\Windows\System\BEpOhYI.exe
  2⤵
  PID:2752
- C:\Windows\System\zKuBCet.exe
  C:\Windows\System\zKuBCet.exe
  2⤵
  PID:776
- C:\Windows\System\iGJFkqW.exe
  C:\Windows\System\iGJFkqW.exe
  2⤵
  PID:2400
- C:\Windows\System\jgXqTgL.exe
  C:\Windows\System\jgXqTgL.exe
  2⤵
  PID:1012
- C:\Windows\System\YXKbCyu.exe
  C:\Windows\System\YXKbCyu.exe
  2⤵
  PID:832
- C:\Windows\System\cGUMrss.exe
  C:\Windows\System\cGUMrss.exe
  2⤵
  PID:2036
- C:\Windows\System\AbtqEnm.exe
  C:\Windows\System\AbtqEnm.exe
  2⤵
  PID:2412
- C:\Windows\System\TdZCZnx.exe
  C:\Windows\System\TdZCZnx.exe
  2⤵
  PID:2384
- C:\Windows\System\PhjeWiZ.exe
  C:\Windows\System\PhjeWiZ.exe
  2⤵
  PID:1716
- C:\Windows\System\CDmeeRM.exe
  C:\Windows\System\CDmeeRM.exe
  2⤵
  PID:3044
- C:\Windows\System\QxkmBLW.exe
  C:\Windows\System\QxkmBLW.exe
  2⤵
  PID:2296
- C:\Windows\System\oWcLwJd.exe
  C:\Windows\System\oWcLwJd.exe
  2⤵
  PID:3080
- C:\Windows\System\sLIDKcs.exe
  C:\Windows\System\sLIDKcs.exe
  2⤵
  PID:3100
- C:\Windows\System\TRXBWqc.exe
  C:\Windows\System\TRXBWqc.exe
  2⤵
  PID:3120
- C:\Windows\System\UFqmlKT.exe
  C:\Windows\System\UFqmlKT.exe
  2⤵
  PID:3140
- C:\Windows\System\QJqclFz.exe
  C:\Windows\System\QJqclFz.exe
  2⤵
  PID:3160
- C:\Windows\System\Oplnsjj.exe
  C:\Windows\System\Oplnsjj.exe
  2⤵
  PID:3180
- C:\Windows\System\GNOzZjl.exe
  C:\Windows\System\GNOzZjl.exe
  2⤵
  PID:3200
- C:\Windows\System\teMDHvi.exe
  C:\Windows\System\teMDHvi.exe
  2⤵
  PID:3220
- C:\Windows\System\XHqJOQV.exe
  C:\Windows\System\XHqJOQV.exe
  2⤵
  PID:3240
- C:\Windows\System\SiPFlVI.exe
  C:\Windows\System\SiPFlVI.exe
  2⤵
  PID:3256
- C:\Windows\System\ieUXDDm.exe
  C:\Windows\System\ieUXDDm.exe
  2⤵
  PID:3280
- C:\Windows\System\LQDQNVk.exe
  C:\Windows\System\LQDQNVk.exe
  2⤵
  PID:3300
- C:\Windows\System\CvRUEvG.exe
  C:\Windows\System\CvRUEvG.exe
  2⤵
  PID:3320
- C:\Windows\System\bdQrSJl.exe
  C:\Windows\System\bdQrSJl.exe
  2⤵
  PID:3336
- C:\Windows\System\CJyJlXW.exe
  C:\Windows\System\CJyJlXW.exe
  2⤵
  PID:3360
- C:\Windows\System\FbijlHq.exe
  C:\Windows\System\FbijlHq.exe
  2⤵
  PID:3380
- C:\Windows\System\djERmIG.exe
  C:\Windows\System\djERmIG.exe
  2⤵
  PID:3400
- C:\Windows\System\wulpvhV.exe
  C:\Windows\System\wulpvhV.exe
  2⤵
  PID:3416
- C:\Windows\System\ONiSgtD.exe
  C:\Windows\System\ONiSgtD.exe
  2⤵
  PID:3440
- C:\Windows\System\MBvXKhw.exe
  C:\Windows\System\MBvXKhw.exe
  2⤵
  PID:3460
- C:\Windows\System\MFgFPTf.exe
  C:\Windows\System\MFgFPTf.exe
  2⤵
  PID:3480
- C:\Windows\System\AxsgOEz.exe
  C:\Windows\System\AxsgOEz.exe
  2⤵
  PID:3500
- C:\Windows\System\iyURNMi.exe
  C:\Windows\System\iyURNMi.exe
  2⤵
  PID:3520
- C:\Windows\System\rfrEwOM.exe
  C:\Windows\System\rfrEwOM.exe
  2⤵
  PID:3536
- C:\Windows\System\IZLSJoS.exe
  C:\Windows\System\IZLSJoS.exe
  2⤵
  PID:3560
- C:\Windows\System\TgUxtqt.exe
  C:\Windows\System\TgUxtqt.exe
  2⤵
  PID:3576
- C:\Windows\System\tvwaGpv.exe
  C:\Windows\System\tvwaGpv.exe
  2⤵
  PID:3600
- C:\Windows\System\KMeZDbx.exe
  C:\Windows\System\KMeZDbx.exe
  2⤵
  PID:3620
- C:\Windows\System\lthEaRe.exe
  C:\Windows\System\lthEaRe.exe
  2⤵
  PID:3640
- C:\Windows\System\ilfOpZt.exe
  C:\Windows\System\ilfOpZt.exe
  2⤵
  PID:3656
- C:\Windows\System\WqibqeL.exe
  C:\Windows\System\WqibqeL.exe
  2⤵
  PID:3680
- C:\Windows\System\qwnyHWq.exe
  C:\Windows\System\qwnyHWq.exe
  2⤵
  PID:3700
- C:\Windows\System\xDRQxUF.exe
  C:\Windows\System\xDRQxUF.exe
  2⤵
  PID:3720
- C:\Windows\System\EvSFAcI.exe
  C:\Windows\System\EvSFAcI.exe
  2⤵
  PID:3740
- C:\Windows\System\ohtnLoG.exe
  C:\Windows\System\ohtnLoG.exe
  2⤵
  PID:3760
- C:\Windows\System\ZyyhBqD.exe
  C:\Windows\System\ZyyhBqD.exe
  2⤵
  PID:3776
- C:\Windows\System\LrbkwKv.exe
  C:\Windows\System\LrbkwKv.exe
  2⤵
  PID:3800
- C:\Windows\System\eWkADDx.exe
  C:\Windows\System\eWkADDx.exe
  2⤵
  PID:3816
- C:\Windows\System\FOUQmWC.exe
  C:\Windows\System\FOUQmWC.exe
  2⤵
  PID:3840
- C:\Windows\System\JwwJQch.exe
  C:\Windows\System\JwwJQch.exe
  2⤵
  PID:3856
- C:\Windows\System\EOuKFhj.exe
  C:\Windows\System\EOuKFhj.exe
  2⤵
  PID:3880
- C:\Windows\System\AEOscBf.exe
  C:\Windows\System\AEOscBf.exe
  2⤵
  PID:3900
- C:\Windows\System\udpJXjq.exe
  C:\Windows\System\udpJXjq.exe
  2⤵
  PID:3920
- C:\Windows\System\tdYeZtT.exe
  C:\Windows\System\tdYeZtT.exe
  2⤵
  PID:3940
- C:\Windows\System\ZvBgUIS.exe
  C:\Windows\System\ZvBgUIS.exe
  2⤵
  PID:3960
- C:\Windows\System\MynnpFf.exe
  C:\Windows\System\MynnpFf.exe
  2⤵
  PID:3976
- C:\Windows\System\QhVFoZm.exe
  C:\Windows\System\QhVFoZm.exe
  2⤵
  PID:4000
- C:\Windows\System\EKtNhSw.exe
  C:\Windows\System\EKtNhSw.exe
  2⤵
  PID:4020
- C:\Windows\System\bkNxRDx.exe
  C:\Windows\System\bkNxRDx.exe
  2⤵
  PID:4040
- C:\Windows\System\UogbZQm.exe
  C:\Windows\System\UogbZQm.exe
  2⤵
  PID:4060
- C:\Windows\System\eVxmgzy.exe
  C:\Windows\System\eVxmgzy.exe
  2⤵
  PID:4080
- C:\Windows\System\EArsazW.exe
  C:\Windows\System\EArsazW.exe
  2⤵
  PID:2268
- C:\Windows\System\OITffOP.exe
  C:\Windows\System\OITffOP.exe
  2⤵
  PID:2236
- C:\Windows\System\tzwSMRm.exe
  C:\Windows\System\tzwSMRm.exe
  2⤵
  PID:2544
- C:\Windows\System\trnyYTe.exe
  C:\Windows\System\trnyYTe.exe
  2⤵
  PID:1480
- C:\Windows\System\pCvfsmX.exe
  C:\Windows\System\pCvfsmX.exe
  2⤵
  PID:3156
- C:\Windows\System\OvTdaDb.exe
  C:\Windows\System\OvTdaDb.exe
  2⤵
  PID:3188
- C:\Windows\System\kqIedTt.exe
  C:\Windows\System\kqIedTt.exe
  2⤵
  PID:3196
- C:\Windows\System\XfxCKCH.exe
  C:\Windows\System\XfxCKCH.exe
  2⤵
  PID:3168
- C:\Windows\System\DMeqSHr.exe
  C:\Windows\System\DMeqSHr.exe
  2⤵
  PID:3264
- C:\Windows\System\HiRulwF.exe
  C:\Windows\System\HiRulwF.exe
  2⤵
  PID:3316
- C:\Windows\System\CvfsxOi.exe
  C:\Windows\System\CvfsxOi.exe
  2⤵
  PID:3288
- C:\Windows\System\GKTKUAg.exe
  C:\Windows\System\GKTKUAg.exe
  2⤵
  PID:3348
- C:\Windows\System\knYpQkf.exe
  C:\Windows\System\knYpQkf.exe
  2⤵
  PID:3396
- C:\Windows\System\oxzMFxk.exe
  C:\Windows\System\oxzMFxk.exe
  2⤵
  PID:3428
- C:\Windows\System\YJzDnDH.exe
  C:\Windows\System\YJzDnDH.exe
  2⤵
  PID:3448
- C:\Windows\System\qkgsyyF.exe
  C:\Windows\System\qkgsyyF.exe
  2⤵
  PID:3472
- C:\Windows\System\PJxSVxa.exe
  C:\Windows\System\PJxSVxa.exe
  2⤵
  PID:3496
- C:\Windows\System\doxRlnN.exe
  C:\Windows\System\doxRlnN.exe
  2⤵
  PID:3532
- C:\Windows\System\ZKOIwzB.exe
  C:\Windows\System\ZKOIwzB.exe
  2⤵
  PID:3568
- C:\Windows\System\ImObRgR.exe
  C:\Windows\System\ImObRgR.exe
  2⤵
  PID:3636
- C:\Windows\System\exMAsnH.exe
  C:\Windows\System\exMAsnH.exe
  2⤵
  PID:3608
- C:\Windows\System\zHLQkoJ.exe
  C:\Windows\System\zHLQkoJ.exe
  2⤵
  PID:3716
- C:\Windows\System\ZXVAKAx.exe
  C:\Windows\System\ZXVAKAx.exe
  2⤵
  PID:3688
- C:\Windows\System\ypGXdwc.exe
  C:\Windows\System\ypGXdwc.exe
  2⤵
  PID:3784
- C:\Windows\System\sLisULS.exe
  C:\Windows\System\sLisULS.exe
  2⤵
  PID:3728
- C:\Windows\System\WLLCAGa.exe
  C:\Windows\System\WLLCAGa.exe
  2⤵
  PID:3836
- C:\Windows\System\NzDLjBU.exe
  C:\Windows\System\NzDLjBU.exe
  2⤵
  PID:3812
- C:\Windows\System\xCybEBs.exe
  C:\Windows\System\xCybEBs.exe
  2⤵
  PID:3892
- C:\Windows\System\KjHQvia.exe
  C:\Windows\System\KjHQvia.exe
  2⤵
  PID:3996
- C:\Windows\System\bwpDsuR.exe
  C:\Windows\System\bwpDsuR.exe
  2⤵
  PID:3972
- C:\Windows\System\FKhDbXb.exe
  C:\Windows\System\FKhDbXb.exe
  2⤵
  PID:4032
- C:\Windows\System\tFXFdLX.exe
  C:\Windows\System\tFXFdLX.exe
  2⤵
  PID:4056
- C:\Windows\System\UOsnpRW.exe
  C:\Windows\System\UOsnpRW.exe
  2⤵
  PID:4088
- C:\Windows\System\OINRwdF.exe
  C:\Windows\System\OINRwdF.exe
  2⤵
  PID:600
- C:\Windows\System\fiWpkTw.exe
  C:\Windows\System\fiWpkTw.exe
  2⤵
  PID:3096
- C:\Windows\System\JdvTmsO.exe
  C:\Windows\System\JdvTmsO.exe
  2⤵
  PID:3176
- C:\Windows\System\vZHWurP.exe
  C:\Windows\System\vZHWurP.exe
  2⤵
  PID:3276
- C:\Windows\System\XADjJrE.exe
  C:\Windows\System\XADjJrE.exe
  2⤵
  PID:3268
- C:\Windows\System\rEcXWgS.exe
  C:\Windows\System\rEcXWgS.exe
  2⤵
  PID:3312
- C:\Windows\System\XnhNxfS.exe
  C:\Windows\System\XnhNxfS.exe
  2⤵
  PID:3392
- C:\Windows\System\fCVIYRm.exe
  C:\Windows\System\fCVIYRm.exe
  2⤵
  PID:3412
- C:\Windows\System\zVexXEH.exe
  C:\Windows\System\zVexXEH.exe
  2⤵
  PID:3516
- C:\Windows\System\lDcKRCo.exe
  C:\Windows\System\lDcKRCo.exe
  2⤵
  PID:3592
- C:\Windows\System\HJARMqt.exe
  C:\Windows\System\HJARMqt.exe
  2⤵
  PID:3708
- C:\Windows\System\JVybCqQ.exe
  C:\Windows\System\JVybCqQ.exe
  2⤵
  PID:3752
- C:\Windows\System\rkGtpWX.exe
  C:\Windows\System\rkGtpWX.exe
  2⤵
  PID:3732
- C:\Windows\System\TbgXMXU.exe
  C:\Windows\System\TbgXMXU.exe
  2⤵
  PID:3772
- C:\Windows\System\khMCUaS.exe
  C:\Windows\System\khMCUaS.exe
  2⤵
  PID:2788
- C:\Windows\System\QeecVqr.exe
  C:\Windows\System\QeecVqr.exe
  2⤵
  PID:3936
- C:\Windows\System\dTLhajH.exe
  C:\Windows\System\dTLhajH.exe
  2⤵
  PID:2128
- C:\Windows\System\bZkyyFe.exe
  C:\Windows\System\bZkyyFe.exe
  2⤵
  PID:2980
- C:\Windows\System\xZERmqt.exe
  C:\Windows\System\xZERmqt.exe
  2⤵
  PID:624
- C:\Windows\System\bhCNnJk.exe
  C:\Windows\System\bhCNnJk.exe
  2⤵
  PID:1004
- C:\Windows\System\EaXTwdx.exe
  C:\Windows\System\EaXTwdx.exe
  2⤵
  PID:3132
- C:\Windows\System\AZWKHFX.exe
  C:\Windows\System\AZWKHFX.exe
  2⤵
  PID:3424
- C:\Windows\System\JTrpFME.exe
  C:\Windows\System\JTrpFME.exe
  2⤵
  PID:3476
- C:\Windows\System\YqumTmd.exe
  C:\Windows\System\YqumTmd.exe
  2⤵
  PID:3432
- C:\Windows\System\waSLkzq.exe
  C:\Windows\System\waSLkzq.exe
  2⤵
  PID:3796
- C:\Windows\System\zjrRXGj.exe
  C:\Windows\System\zjrRXGj.exe
  2⤵
  PID:3848
- C:\Windows\System\TmZVQEC.exe
  C:\Windows\System\TmZVQEC.exe
  2⤵
  PID:4012
- C:\Windows\System\UFtHHhJ.exe
  C:\Windows\System\UFtHHhJ.exe
  2⤵
  PID:3828
- C:\Windows\System\HXFTJrY.exe
  C:\Windows\System\HXFTJrY.exe
  2⤵
  PID:3212
- C:\Windows\System\zzTjhRY.exe
  C:\Windows\System\zzTjhRY.exe
  2⤵
  PID:2768
- C:\Windows\System\tqExgvw.exe
  C:\Windows\System\tqExgvw.exe
  2⤵
  PID:4112
- C:\Windows\System\AFAGrci.exe
  C:\Windows\System\AFAGrci.exe
  2⤵
  PID:4132
- C:\Windows\System\xQpjleI.exe
  C:\Windows\System\xQpjleI.exe
  2⤵
  PID:4152
- C:\Windows\System\yiQHNHa.exe
  C:\Windows\System\yiQHNHa.exe
  2⤵
  PID:4172
- C:\Windows\System\DAMnUWW.exe
  C:\Windows\System\DAMnUWW.exe
  2⤵
  PID:4192
- C:\Windows\System\DIRoVxA.exe
  C:\Windows\System\DIRoVxA.exe
  2⤵
  PID:4212
- C:\Windows\System\gBzhDzr.exe
  C:\Windows\System\gBzhDzr.exe
  2⤵
  PID:4240
- C:\Windows\System\piaLgfh.exe
  C:\Windows\System\piaLgfh.exe
  2⤵
  PID:4256
- C:\Windows\System\xmqDtvO.exe
  C:\Windows\System\xmqDtvO.exe
  2⤵
  PID:4280
- C:\Windows\System\KwchOsj.exe
  C:\Windows\System\KwchOsj.exe
  2⤵
  PID:4296
- C:\Windows\System\QldpKDX.exe
  C:\Windows\System\QldpKDX.exe
  2⤵
  PID:4320
- C:\Windows\System\eVsKaNi.exe
  C:\Windows\System\eVsKaNi.exe
  2⤵
  PID:4348
- C:\Windows\System\bABSHkE.exe
  C:\Windows\System\bABSHkE.exe
  2⤵
  PID:4368
- C:\Windows\System\baCzbMJ.exe
  C:\Windows\System\baCzbMJ.exe
  2⤵
  PID:4388
- C:\Windows\System\IkTqExK.exe
  C:\Windows\System\IkTqExK.exe
  2⤵
  PID:4408
- C:\Windows\System\SktbAZr.exe
  C:\Windows\System\SktbAZr.exe
  2⤵
  PID:4424
- C:\Windows\System\DUpJmNX.exe
  C:\Windows\System\DUpJmNX.exe
  2⤵
  PID:4448
- C:\Windows\System\vVBPqtt.exe
  C:\Windows\System\vVBPqtt.exe
  2⤵
  PID:4468
- C:\Windows\System\FlLtyxs.exe
  C:\Windows\System\FlLtyxs.exe
  2⤵
  PID:4488
- C:\Windows\System\AmJOJrG.exe
  C:\Windows\System\AmJOJrG.exe
  2⤵
  PID:4508
- C:\Windows\System\KrYQwwH.exe
  C:\Windows\System\KrYQwwH.exe
  2⤵
  PID:4528
- C:\Windows\System\xDIoFWE.exe
  C:\Windows\System\xDIoFWE.exe
  2⤵
  PID:4548
- C:\Windows\System\TWSYcKF.exe
  C:\Windows\System\TWSYcKF.exe
  2⤵
  PID:4568
- C:\Windows\System\KhTCHpT.exe
  C:\Windows\System\KhTCHpT.exe
  2⤵
  PID:4584
- C:\Windows\System\kWcdvBu.exe
  C:\Windows\System\kWcdvBu.exe
  2⤵
  PID:4608
- C:\Windows\System\BhaVRSb.exe
  C:\Windows\System\BhaVRSb.exe
  2⤵
  PID:4624
- C:\Windows\System\IgYWcUu.exe
  C:\Windows\System\IgYWcUu.exe
  2⤵
  PID:4648
- C:\Windows\System\oszPNTe.exe
  C:\Windows\System\oszPNTe.exe
  2⤵
  PID:4668
- C:\Windows\System\EMHtRZl.exe
  C:\Windows\System\EMHtRZl.exe
  2⤵
  PID:4692
- C:\Windows\System\xkGDZSP.exe
  C:\Windows\System\xkGDZSP.exe
  2⤵
  PID:4712
- C:\Windows\System\RoAKclc.exe
  C:\Windows\System\RoAKclc.exe
  2⤵
  PID:4732
- C:\Windows\System\vPosXsa.exe
  C:\Windows\System\vPosXsa.exe
  2⤵
  PID:4752
- C:\Windows\System\FjrYrQv.exe
  C:\Windows\System\FjrYrQv.exe
  2⤵
  PID:4772
- C:\Windows\System\MTNQijE.exe
  C:\Windows\System\MTNQijE.exe
  2⤵
  PID:4792
- C:\Windows\System\DAtQIjg.exe
  C:\Windows\System\DAtQIjg.exe
  2⤵
  PID:4812
- C:\Windows\System\KyESdFv.exe
  C:\Windows\System\KyESdFv.exe
  2⤵
  PID:4832
- C:\Windows\System\dsrQtZJ.exe
  C:\Windows\System\dsrQtZJ.exe
  2⤵
  PID:4852
- C:\Windows\System\hTeCZgP.exe
  C:\Windows\System\hTeCZgP.exe
  2⤵
  PID:4872
- C:\Windows\System\mCgCnot.exe
  C:\Windows\System\mCgCnot.exe
  2⤵
  PID:4892
- C:\Windows\System\yZjXrCx.exe
  C:\Windows\System\yZjXrCx.exe
  2⤵
  PID:4908
- C:\Windows\System\QcNPgEK.exe
  C:\Windows\System\QcNPgEK.exe
  2⤵
  PID:4932
- C:\Windows\System\QJydjVO.exe
  C:\Windows\System\QJydjVO.exe
  2⤵
  PID:4952
- C:\Windows\System\witdUMx.exe
  C:\Windows\System\witdUMx.exe
  2⤵
  PID:4972
- C:\Windows\System\BxWzEGG.exe
  C:\Windows\System\BxWzEGG.exe
  2⤵
  PID:4992
- C:\Windows\System\nHrThHd.exe
  C:\Windows\System\nHrThHd.exe
  2⤵
  PID:5012
- C:\Windows\System\SeolZHu.exe
  C:\Windows\System\SeolZHu.exe
  2⤵
  PID:5032
- C:\Windows\System\xpFHbet.exe
  C:\Windows\System\xpFHbet.exe
  2⤵
  PID:5052
- C:\Windows\System\FJWEVSg.exe
  C:\Windows\System\FJWEVSg.exe
  2⤵
  PID:5072
- C:\Windows\System\qdKDCPb.exe
  C:\Windows\System\qdKDCPb.exe
  2⤵
  PID:5092
- C:\Windows\System\DGTLgzH.exe
  C:\Windows\System\DGTLgzH.exe
  2⤵
  PID:5108
- C:\Windows\System\tJDQYCE.exe
  C:\Windows\System\tJDQYCE.exe
  2⤵
  PID:3076
- C:\Windows\System\AbZEKpz.exe
  C:\Windows\System\AbZEKpz.exe
  2⤵
  PID:3628
- C:\Windows\System\xogefkr.exe
  C:\Windows\System\xogefkr.exe
  2⤵
  PID:3984
- C:\Windows\System\bvmsuGo.exe
  C:\Windows\System\bvmsuGo.exe
  2⤵
  PID:3932
- C:\Windows\System\vhSilgx.exe
  C:\Windows\System\vhSilgx.exe
  2⤵
  PID:3192
- C:\Windows\System\yoYQaxw.exe
  C:\Windows\System\yoYQaxw.exe
  2⤵
  PID:3252
- C:\Windows\System\enUxzob.exe
  C:\Windows\System\enUxzob.exe
  2⤵
  PID:4128
- C:\Windows\System\LSkkiIu.exe
  C:\Windows\System\LSkkiIu.exe
  2⤵
  PID:4184
- C:\Windows\System\ROLQUFP.exe
  C:\Windows\System\ROLQUFP.exe
  2⤵
  PID:4168
- C:\Windows\System\aAcomcH.exe
  C:\Windows\System\aAcomcH.exe
  2⤵
  PID:4264
- C:\Windows\System\rbviicB.exe
  C:\Windows\System\rbviicB.exe
  2⤵
  PID:4248
- C:\Windows\System\NhAEpYr.exe
  C:\Windows\System\NhAEpYr.exe
  2⤵
  PID:4316
- C:\Windows\System\XpCGItq.exe
  C:\Windows\System\XpCGItq.exe
  2⤵
  PID:4360
- C:\Windows\System\dXCRJjo.exe
  C:\Windows\System\dXCRJjo.exe
  2⤵
  PID:4400
- C:\Windows\System\jcGqoWH.exe
  C:\Windows\System\jcGqoWH.exe
  2⤵
  PID:4432
- C:\Windows\System\NdypBia.exe
  C:\Windows\System\NdypBia.exe
  2⤵
  PID:4476
- C:\Windows\System\DBrVTVF.exe
  C:\Windows\System\DBrVTVF.exe
  2⤵
  PID:4456
- C:\Windows\System\woutAbx.exe
  C:\Windows\System\woutAbx.exe
  2⤵
  PID:4500
- C:\Windows\System\FZzmyWZ.exe
  C:\Windows\System\FZzmyWZ.exe
  2⤵
  PID:4536
- C:\Windows\System\WzFPGkL.exe
  C:\Windows\System\WzFPGkL.exe
  2⤵
  PID:4604
- C:\Windows\System\fnddxFl.exe
  C:\Windows\System\fnddxFl.exe
  2⤵
  PID:4632
- C:\Windows\System\RlKfDiO.exe
  C:\Windows\System\RlKfDiO.exe
  2⤵
  PID:4676
- C:\Windows\System\gqSGslm.exe
  C:\Windows\System\gqSGslm.exe
  2⤵
  PID:4660
- C:\Windows\System\VELadGr.exe
  C:\Windows\System\VELadGr.exe
  2⤵
  PID:4704
- C:\Windows\System\jNBGjnh.exe
  C:\Windows\System\jNBGjnh.exe
  2⤵
  PID:2924
- C:\Windows\System\ebSFRRq.exe
  C:\Windows\System\ebSFRRq.exe
  2⤵
  PID:4800
- C:\Windows\System\fuczliu.exe
  C:\Windows\System\fuczliu.exe
  2⤵
  PID:3012
- C:\Windows\System\vCofaVI.exe
  C:\Windows\System\vCofaVI.exe
  2⤵
  PID:4828
- C:\Windows\System\cSgopUf.exe
  C:\Windows\System\cSgopUf.exe
  2⤵
  PID:4884
- C:\Windows\System\GRqBdAE.exe
  C:\Windows\System\GRqBdAE.exe
  2⤵
  PID:4920
- C:\Windows\System\iakmhYG.exe
  C:\Windows\System\iakmhYG.exe
  2⤵
  PID:4960
- C:\Windows\System\WZqAyYC.exe
  C:\Windows\System\WZqAyYC.exe
  2⤵
  PID:5000
- C:\Windows\System\avcMinH.exe
  C:\Windows\System\avcMinH.exe
  2⤵
  PID:4688
- C:\Windows\System\rKQFBCy.exe
  C:\Windows\System\rKQFBCy.exe
  2⤵
  PID:5044
- C:\Windows\System\Ekjlwhl.exe
  C:\Windows\System\Ekjlwhl.exe
  2⤵
  PID:2704
- C:\Windows\System\KCuyWZT.exe
  C:\Windows\System\KCuyWZT.exe
  2⤵
  PID:5116
- C:\Windows\System\SJtRnlL.exe
  C:\Windows\System\SJtRnlL.exe
  2⤵
  PID:5104
- C:\Windows\System\CtjzwHb.exe
  C:\Windows\System\CtjzwHb.exe
  2⤵
  PID:2724
- C:\Windows\System\clUClhC.exe
  C:\Windows\System\clUClhC.exe
  2⤵
  PID:3372
- C:\Windows\System\LbcLoLg.exe
  C:\Windows\System\LbcLoLg.exe
  2⤵
  PID:3612
- C:\Windows\System\rvXJsuE.exe
  C:\Windows\System\rvXJsuE.exe
  2⤵
  PID:4148
- C:\Windows\System\fYFgWGX.exe
  C:\Windows\System\fYFgWGX.exe
  2⤵
  PID:4224
- C:\Windows\System\zgSMMit.exe
  C:\Windows\System\zgSMMit.exe
  2⤵
  PID:4200
- C:\Windows\System\CTtpbJZ.exe
  C:\Windows\System\CTtpbJZ.exe
  2⤵
  PID:2680
- C:\Windows\System\bdXhWqa.exe
  C:\Windows\System\bdXhWqa.exe
  2⤵
  PID:4308
- C:\Windows\System\wyasXpm.exe
  C:\Windows\System\wyasXpm.exe
  2⤵
  PID:4376
- C:\Windows\System\jqTsRlZ.exe
  C:\Windows\System\jqTsRlZ.exe
  2⤵
  PID:4464
- C:\Windows\System\dvIeGmN.exe
  C:\Windows\System\dvIeGmN.exe
  2⤵
  PID:4436
- C:\Windows\System\OCYJARI.exe
  C:\Windows\System\OCYJARI.exe
  2⤵
  PID:4520
- C:\Windows\System\yucUnLy.exe
  C:\Windows\System\yucUnLy.exe
  2⤵
  PID:4600
- C:\Windows\System\luMTqdQ.exe
  C:\Windows\System\luMTqdQ.exe
  2⤵
  PID:4620
- C:\Windows\System\dsUtwxg.exe
  C:\Windows\System\dsUtwxg.exe
  2⤵
  PID:4656
- C:\Windows\System\YoHcbXV.exe
  C:\Windows\System\YoHcbXV.exe
  2⤵
  PID:4768
- C:\Windows\System\jxRfELs.exe
  C:\Windows\System\jxRfELs.exe
  2⤵
  PID:4784
- C:\Windows\System\iPYjPNj.exe
  C:\Windows\System\iPYjPNj.exe
  2⤵
  PID:2624
- C:\Windows\System\tDwBATu.exe
  C:\Windows\System\tDwBATu.exe
  2⤵
  PID:4820
- C:\Windows\System\uFEHRHQ.exe
  C:\Windows\System\uFEHRHQ.exe
  2⤵
  PID:4900
- C:\Windows\System\NjBAger.exe
  C:\Windows\System\NjBAger.exe
  2⤵
  PID:4944
- C:\Windows\System\HQibvOy.exe
  C:\Windows\System\HQibvOy.exe
  2⤵
  PID:5028
- C:\Windows\System\xOCDMfK.exe
  C:\Windows\System\xOCDMfK.exe
  2⤵
  PID:5064
- C:\Windows\System\vRNSrLu.exe
  C:\Windows\System\vRNSrLu.exe
  2⤵
  PID:5084
- C:\Windows\System\oxmrHku.exe
  C:\Windows\System\oxmrHku.exe
  2⤵
  PID:3748
- C:\Windows\System\aofyAwR.exe
  C:\Windows\System\aofyAwR.exe
  2⤵
  PID:4120
- C:\Windows\System\TJBSROW.exe
  C:\Windows\System\TJBSROW.exe
  2⤵
  PID:4228
- C:\Windows\System\bAeeDuy.exe
  C:\Windows\System\bAeeDuy.exe
  2⤵
  PID:4144
- C:\Windows\System\FRXLBGj.exe
  C:\Windows\System\FRXLBGj.exe
  2⤵
  PID:2832
- C:\Windows\System\JmSfTUI.exe
  C:\Windows\System\JmSfTUI.exe
  2⤵
  PID:4364
- C:\Windows\System\ZXCpljW.exe
  C:\Windows\System\ZXCpljW.exe
  2⤵
  PID:4336
- C:\Windows\System\HMmZdUB.exe
  C:\Windows\System\HMmZdUB.exe
  2⤵
  PID:4560
- C:\Windows\System\GEWsysd.exe
  C:\Windows\System\GEWsysd.exe
  2⤵
  PID:4420
- C:\Windows\System\NMcnVkP.exe
  C:\Windows\System\NMcnVkP.exe
  2⤵
  PID:1588
- C:\Windows\System\XmEakEu.exe
  C:\Windows\System\XmEakEu.exe
  2⤵
  PID:2712
- C:\Windows\System\oXickDJ.exe
  C:\Windows\System\oXickDJ.exe
  2⤵
  PID:2508
- C:\Windows\System\tpODEwC.exe
  C:\Windows\System\tpODEwC.exe
  2⤵
  PID:904
- C:\Windows\System\KbKQyCX.exe
  C:\Windows\System\KbKQyCX.exe
  2⤵
  PID:4984
- C:\Windows\System\dbivnbe.exe
  C:\Windows\System\dbivnbe.exe
  2⤵
  PID:4888
- C:\Windows\System\TbMGhlM.exe
  C:\Windows\System\TbMGhlM.exe
  2⤵
  PID:3616
- C:\Windows\System\FpHWlIl.exe
  C:\Windows\System\FpHWlIl.exe
  2⤵
  PID:4140
- C:\Windows\System\isWOfpo.exe
  C:\Windows\System\isWOfpo.exe
  2⤵
  PID:3512
- C:\Windows\System\JVKxVnE.exe
  C:\Windows\System\JVKxVnE.exe
  2⤵
  PID:4068
- C:\Windows\System\LLjBuJI.exe
  C:\Windows\System\LLjBuJI.exe
  2⤵
  PID:3020
- C:\Windows\System\xxEndlf.exe
  C:\Windows\System\xxEndlf.exe
  2⤵
  PID:1228
- C:\Windows\System\XRzcqlb.exe
  C:\Windows\System\XRzcqlb.exe
  2⤵
  PID:4396
- C:\Windows\System\rNNSbLz.exe
  C:\Windows\System\rNNSbLz.exe
  2⤵
  PID:4544
- C:\Windows\System\epRXqtf.exe
  C:\Windows\System\epRXqtf.exe
  2⤵
  PID:4592
- C:\Windows\System\vxeiLpk.exe
  C:\Windows\System\vxeiLpk.exe
  2⤵
  PID:4924
- C:\Windows\System\aAVsHaI.exe
  C:\Windows\System\aAVsHaI.exe
  2⤵
  PID:4948
- C:\Windows\System\UoHvVOm.exe
  C:\Windows\System\UoHvVOm.exe
  2⤵
  PID:4780
- C:\Windows\System\xnDOJCY.exe
  C:\Windows\System\xnDOJCY.exe
  2⤵
  PID:2664
- C:\Windows\System\KgtUzew.exe
  C:\Windows\System\KgtUzew.exe
  2⤵
  PID:2532
- C:\Windows\System\bHJtoSQ.exe
  C:\Windows\System\bHJtoSQ.exe
  2⤵
  PID:588
- C:\Windows\System\hwBGVww.exe
  C:\Windows\System\hwBGVww.exe
  2⤵
  PID:1928
- C:\Windows\System\cMPLNso.exe
  C:\Windows\System\cMPLNso.exe
  2⤵
  PID:4748
- C:\Windows\System\xPqieFq.exe
  C:\Windows\System\xPqieFq.exe
  2⤵
  PID:4576
- C:\Windows\System\rpXwBTz.exe
  C:\Windows\System\rpXwBTz.exe
  2⤵
  PID:4708
- C:\Windows\System\NcZqcXu.exe
  C:\Windows\System\NcZqcXu.exe
  2⤵
  PID:3876
- C:\Windows\System\BjIqiIc.exe
  C:\Windows\System\BjIqiIc.exe
  2⤵
  PID:4740
- C:\Windows\System\OatIbGZ.exe
  C:\Windows\System\OatIbGZ.exe
  2⤵
  PID:584
- C:\Windows\System\OMkzTPG.exe
  C:\Windows\System\OMkzTPG.exe
  2⤵
  PID:2064
- C:\Windows\System\gnczHjb.exe
  C:\Windows\System\gnczHjb.exe
  2⤵
  PID:1728
- C:\Windows\System\GsxqbWp.exe
  C:\Windows\System\GsxqbWp.exe
  2⤵
  PID:4916
- C:\Windows\System\DSWquAL.exe
  C:\Windows\System\DSWquAL.exe
  2⤵
  PID:4220
- C:\Windows\System\OZwdrpz.exe
  C:\Windows\System\OZwdrpz.exe
  2⤵
  PID:1740
- C:\Windows\System\MdOZxqf.exe
  C:\Windows\System\MdOZxqf.exe
  2⤵
  PID:1560
- C:\Windows\System\tXGCksu.exe
  C:\Windows\System\tXGCksu.exe
  2⤵
  PID:2944
- C:\Windows\System\WpzFhXj.exe
  C:\Windows\System\WpzFhXj.exe
  2⤵
  PID:1864
- C:\Windows\System\vZNQlhd.exe
  C:\Windows\System\vZNQlhd.exe
  2⤵
  PID:1744
- C:\Windows\System\NIDhVwt.exe
  C:\Windows\System\NIDhVwt.exe
  2⤵
  PID:3028
- C:\Windows\System\tJAtioT.exe
  C:\Windows\System\tJAtioT.exe
  2⤵
  PID:2188
- C:\Windows\System\THrTQCL.exe
  C:\Windows\System\THrTQCL.exe
  2⤵
  PID:1892
- C:\Windows\System\IiZcbZo.exe
  C:\Windows\System\IiZcbZo.exe
  2⤵
  PID:3912
- C:\Windows\System\JHIkHva.exe
  C:\Windows\System\JHIkHva.exe
  2⤵
  PID:4728
- C:\Windows\System\Ltudxal.exe
  C:\Windows\System\Ltudxal.exe
  2⤵
  PID:4072
- C:\Windows\System\JZlqDUY.exe
  C:\Windows\System\JZlqDUY.exe
  2⤵
  PID:2836
- C:\Windows\System\CcvCZuF.exe
  C:\Windows\System\CcvCZuF.exe
  2⤵
  PID:5152
- C:\Windows\System\AORGTav.exe
  C:\Windows\System\AORGTav.exe
  2⤵
  PID:5168
- C:\Windows\System\PqfEpXw.exe
  C:\Windows\System\PqfEpXw.exe
  2⤵
  PID:5184
- C:\Windows\System\eJeVeMR.exe
  C:\Windows\System\eJeVeMR.exe
  2⤵
  PID:5212
- C:\Windows\System\zIzDCGp.exe
  C:\Windows\System\zIzDCGp.exe
  2⤵
  PID:5232
- C:\Windows\System\zoiHwWA.exe
  C:\Windows\System\zoiHwWA.exe
  2⤵
  PID:5252
- C:\Windows\System\DGeUaOU.exe
  C:\Windows\System\DGeUaOU.exe
  2⤵
  PID:5276
- C:\Windows\System\dggSeRT.exe
  C:\Windows\System\dggSeRT.exe
  2⤵
  PID:5292
- C:\Windows\System\HePPIyJ.exe
  C:\Windows\System\HePPIyJ.exe
  2⤵
  PID:5316
- C:\Windows\System\DPOHPaz.exe
  C:\Windows\System\DPOHPaz.exe
  2⤵
  PID:5332
- C:\Windows\System\RpqdyCW.exe
  C:\Windows\System\RpqdyCW.exe
  2⤵
  PID:5348
- C:\Windows\System\JKmhwNk.exe
  C:\Windows\System\JKmhwNk.exe
  2⤵
  PID:5364
- C:\Windows\System\cwvkKAo.exe
  C:\Windows\System\cwvkKAo.exe
  2⤵
  PID:5380
- C:\Windows\System\SAsWUfg.exe
  C:\Windows\System\SAsWUfg.exe
  2⤵
  PID:5400
- C:\Windows\System\YtEDtFC.exe
  C:\Windows\System\YtEDtFC.exe
  2⤵
  PID:5420
- C:\Windows\System\KWKfGRV.exe
  C:\Windows\System\KWKfGRV.exe
  2⤵
  PID:5456
- C:\Windows\System\JoxiZyR.exe
  C:\Windows\System\JoxiZyR.exe
  2⤵
  PID:5472
- C:\Windows\System\FoGeATA.exe
  C:\Windows\System\FoGeATA.exe
  2⤵
  PID:5492
- C:\Windows\System\XyDVSiN.exe
  C:\Windows\System\XyDVSiN.exe
  2⤵
  PID:5508
- C:\Windows\System\VGDyVrM.exe
  C:\Windows\System\VGDyVrM.exe
  2⤵
  PID:5528
- C:\Windows\System\mcrwvwh.exe
  C:\Windows\System\mcrwvwh.exe
  2⤵
  PID:5548
- C:\Windows\System\GRFwwlJ.exe
  C:\Windows\System\GRFwwlJ.exe
  2⤵
  PID:5572
- C:\Windows\System\NTpPUxk.exe
  C:\Windows\System\NTpPUxk.exe
  2⤵
  PID:5588
- C:\Windows\System\ERpTQub.exe
  C:\Windows\System\ERpTQub.exe
  2⤵
  PID:5608
- C:\Windows\System\tImOUOz.exe
  C:\Windows\System\tImOUOz.exe
  2⤵
  PID:5624
- C:\Windows\System\jSDwyey.exe
  C:\Windows\System\jSDwyey.exe
  2⤵
  PID:5640
- C:\Windows\System\HVDbASR.exe
  C:\Windows\System\HVDbASR.exe
  2⤵
  PID:5660
- C:\Windows\System\nFAyWgC.exe
  C:\Windows\System\nFAyWgC.exe
  2⤵
  PID:5688
- C:\Windows\System\ERWtEvF.exe
  C:\Windows\System\ERWtEvF.exe
  2⤵
  PID:5716
- C:\Windows\System\CheZAJq.exe
  C:\Windows\System\CheZAJq.exe
  2⤵
  PID:5732
- C:\Windows\System\dUzFAYr.exe
  C:\Windows\System\dUzFAYr.exe
  2⤵
  PID:5752
- C:\Windows\System\WfgVBIB.exe
  C:\Windows\System\WfgVBIB.exe
  2⤵
  PID:5768
- C:\Windows\System\VtookwU.exe
  C:\Windows\System\VtookwU.exe
  2⤵
  PID:5784
- C:\Windows\System\zcoSUxM.exe
  C:\Windows\System\zcoSUxM.exe
  2⤵
  PID:5800
- C:\Windows\System\xqBkyWo.exe
  C:\Windows\System\xqBkyWo.exe
  2⤵
  PID:5820
- C:\Windows\System\TSVbasX.exe
  C:\Windows\System\TSVbasX.exe
  2⤵
  PID:5836
- C:\Windows\System\pPrMSSX.exe
  C:\Windows\System\pPrMSSX.exe
  2⤵
  PID:5852
- C:\Windows\System\swpgEIY.exe
  C:\Windows\System\swpgEIY.exe
  2⤵
  PID:5868
- C:\Windows\System\sjEwqMZ.exe
  C:\Windows\System\sjEwqMZ.exe
  2⤵
  PID:5888
- C:\Windows\System\uhOMOSG.exe
  C:\Windows\System\uhOMOSG.exe
  2⤵
  PID:5908
- C:\Windows\System\IsKPajE.exe
  C:\Windows\System\IsKPajE.exe
  2⤵
  PID:5924
- C:\Windows\System\ewxPhAB.exe
  C:\Windows\System\ewxPhAB.exe
  2⤵
  PID:5940
- C:\Windows\System\girvLWL.exe
  C:\Windows\System\girvLWL.exe
  2⤵
  PID:5960
- C:\Windows\System\pralQbN.exe
  C:\Windows\System\pralQbN.exe
  2⤵
  PID:5980
- C:\Windows\System\uSkSBlA.exe
  C:\Windows\System\uSkSBlA.exe
  2⤵
  PID:6000
- C:\Windows\System\ZuxEExm.exe
  C:\Windows\System\ZuxEExm.exe
  2⤵
  PID:6020
- C:\Windows\System\jlcOntO.exe
  C:\Windows\System\jlcOntO.exe
  2⤵
  PID:6044
- C:\Windows\System\ppTcrkP.exe
  C:\Windows\System\ppTcrkP.exe
  2⤵
  PID:6060
- C:\Windows\System\cohKsba.exe
  C:\Windows\System\cohKsba.exe
  2⤵
  PID:6112
- C:\Windows\System\uNASgJg.exe
  C:\Windows\System\uNASgJg.exe
  2⤵
  PID:6128
- C:\Windows\System\OSrMqVl.exe
  C:\Windows\System\OSrMqVl.exe
  2⤵
  PID:3000
- C:\Windows\System\flZIQUp.exe
  C:\Windows\System\flZIQUp.exe
  2⤵
  PID:1932
- C:\Windows\System\uHHLphl.exe
  C:\Windows\System\uHHLphl.exe
  2⤵
  PID:5132
- C:\Windows\System\dGaMEWW.exe
  C:\Windows\System\dGaMEWW.exe
  2⤵
  PID:5148
- C:\Windows\System\eRFmEua.exe
  C:\Windows\System\eRFmEua.exe
  2⤵
  PID:3388
- C:\Windows\System\xhPAGeL.exe
  C:\Windows\System\xhPAGeL.exe
  2⤵
  PID:5160
- C:\Windows\System\qciQQOb.exe
  C:\Windows\System\qciQQOb.exe
  2⤵
  PID:5196
- C:\Windows\System\qWXwgaB.exe
  C:\Windows\System\qWXwgaB.exe
  2⤵
  PID:5244
- C:\Windows\System\gcWCkko.exe
  C:\Windows\System\gcWCkko.exe
  2⤵
  PID:5272
- C:\Windows\System\cGvwcKO.exe
  C:\Windows\System\cGvwcKO.exe
  2⤵
  PID:5304
- C:\Windows\System\PpqaxmU.exe
  C:\Windows\System\PpqaxmU.exe
  2⤵
  PID:5344
- C:\Windows\System\mfpmDud.exe
  C:\Windows\System\mfpmDud.exe
  2⤵
  PID:5412
- C:\Windows\System\OarEhmr.exe
  C:\Windows\System\OarEhmr.exe
  2⤵
  PID:2208
- C:\Windows\System\ghElKeZ.exe
  C:\Windows\System\ghElKeZ.exe
  2⤵
  PID:4232
- C:\Windows\System\SGOCjEq.exe
  C:\Windows\System\SGOCjEq.exe
  2⤵
  PID:5392
- C:\Windows\System\IiKamSK.exe
  C:\Windows\System\IiKamSK.exe
  2⤵
  PID:5452
- C:\Windows\System\SLDARNz.exe
  C:\Windows\System\SLDARNz.exe
  2⤵
  PID:5488
- C:\Windows\System\TIWRUpL.exe
  C:\Windows\System\TIWRUpL.exe
  2⤵
  PID:5544
- C:\Windows\System\dyUIirt.exe
  C:\Windows\System\dyUIirt.exe
  2⤵
  PID:5524
- C:\Windows\System\IueZVih.exe
  C:\Windows\System\IueZVih.exe
  2⤵
  PID:5580
- C:\Windows\System\JhnQoYJ.exe
  C:\Windows\System\JhnQoYJ.exe
  2⤵
  PID:5656
- C:\Windows\System\upGELNe.exe
  C:\Windows\System\upGELNe.exe
  2⤵
  PID:5604
- C:\Windows\System\catTfgn.exe
  C:\Windows\System\catTfgn.exe
  2⤵
  PID:5696
- C:\Windows\System\GRSCWtc.exe
  C:\Windows\System\GRSCWtc.exe
  2⤵
  PID:5712
- C:\Windows\System\koYpXSt.exe
  C:\Windows\System\koYpXSt.exe
  2⤵
  PID:5776
- C:\Windows\System\pthCJjs.exe
  C:\Windows\System\pthCJjs.exe
  2⤵
  PID:5844
- C:\Windows\System\ommFUQQ.exe
  C:\Windows\System\ommFUQQ.exe
  2⤵
  PID:5880
- C:\Windows\System\CGwnJJl.exe
  C:\Windows\System\CGwnJJl.exe
  2⤵
  PID:5952
- C:\Windows\System\LHpiszS.exe
  C:\Windows\System\LHpiszS.exe
  2⤵
  PID:6032
- C:\Windows\System\IfTnRWb.exe
  C:\Windows\System\IfTnRWb.exe
  2⤵
  PID:5760
- C:\Windows\System\ySIpMVY.exe
  C:\Windows\System\ySIpMVY.exe
  2⤵
  PID:6092
- C:\Windows\System\rkQoXzg.exe
  C:\Windows\System\rkQoXzg.exe
  2⤵
  PID:6052
- C:\Windows\System\vtRZCpf.exe
  C:\Windows\System\vtRZCpf.exe
  2⤵
  PID:6072
- C:\Windows\System\hePoptN.exe
  C:\Windows\System\hePoptN.exe
  2⤵
  PID:5864
- C:\Windows\System\pkGnlbf.exe
  C:\Windows\System\pkGnlbf.exe
  2⤵
  PID:5932
- C:\Windows\System\dYDraYP.exe
  C:\Windows\System\dYDraYP.exe
  2⤵
  PID:5976
- C:\Windows\System\UkSEUvp.exe
  C:\Windows\System\UkSEUvp.exe
  2⤵
  PID:6120
- C:\Windows\System\XAxbmqg.exe
  C:\Windows\System\XAxbmqg.exe
  2⤵
  PID:3956
- C:\Windows\System\JDskVEE.exe
  C:\Windows\System\JDskVEE.exe
  2⤵
  PID:3664
- C:\Windows\System\IfXxUob.exe
  C:\Windows\System\IfXxUob.exe
  2⤵
  PID:3896
- C:\Windows\System\jqkshpJ.exe
  C:\Windows\System\jqkshpJ.exe
  2⤵
  PID:1100
- C:\Windows\System\PSgsqIZ.exe
  C:\Windows\System\PSgsqIZ.exe
  2⤵
  PID:5268
- C:\Windows\System\MxhToJb.exe
  C:\Windows\System\MxhToJb.exe
  2⤵
  PID:4236
- C:\Windows\System\uQQGwwr.exe
  C:\Windows\System\uQQGwwr.exe
  2⤵
  PID:5240
- C:\Windows\System\lSSfveI.exe
  C:\Windows\System\lSSfveI.exe
  2⤵
  PID:5360
- C:\Windows\System\UHdpuxS.exe
  C:\Windows\System\UHdpuxS.exe
  2⤵
  PID:5324
- C:\Windows\System\UIGMtyg.exe
  C:\Windows\System\UIGMtyg.exe
  2⤵
  PID:5620
- C:\Windows\System\RsSOxPu.exe
  C:\Windows\System\RsSOxPu.exe
  2⤵
  PID:5448
- C:\Windows\System\EHubzBg.exe
  C:\Windows\System\EHubzBg.exe
  2⤵
  PID:5560
- C:\Windows\System\VJmraCU.exe
  C:\Windows\System\VJmraCU.exe
  2⤵
  PID:2440
- C:\Windows\System\PNcXFLz.exe
  C:\Windows\System\PNcXFLz.exe
  2⤵
  PID:5668
- C:\Windows\System\zDLHokR.exe
  C:\Windows\System\zDLHokR.exe
  2⤵
  PID:5988
- C:\Windows\System\icZVHnX.exe
  C:\Windows\System\icZVHnX.exe
  2⤵
  PID:5708
- C:\Windows\System\PyLhkrH.exe
  C:\Windows\System\PyLhkrH.exe
  2⤵
  PID:6084
- C:\Windows\System\cJZuyaU.exe
  C:\Windows\System\cJZuyaU.exe
  2⤵
  PID:5956
- C:\Windows\System\RCobIPk.exe
  C:\Windows\System\RCobIPk.exe
  2⤵
  PID:5916
- C:\Windows\System\VjfjaJa.exe
  C:\Windows\System\VjfjaJa.exe
  2⤵
  PID:6104
- C:\Windows\System\YlwPpox.exe
  C:\Windows\System\YlwPpox.exe
  2⤵
  PID:3148
- C:\Windows\System\ToJOerr.exe
  C:\Windows\System\ToJOerr.exe
  2⤵
  PID:5140
- C:\Windows\System\ZIlfGox.exe
  C:\Windows\System\ZIlfGox.exe
  2⤵
  PID:3584
- C:\Windows\System\TMPgYxV.exe
  C:\Windows\System\TMPgYxV.exe
  2⤵
  PID:2364
- C:\Windows\System\ZQmoxHN.exe
  C:\Windows\System\ZQmoxHN.exe
  2⤵
  PID:2464
- C:\Windows\System\ifTlHdd.exe
  C:\Windows\System\ifTlHdd.exe
  2⤵
  PID:6036
- C:\Windows\System\xtgwBrv.exe
  C:\Windows\System\xtgwBrv.exe
  2⤵
  PID:5144
- C:\Windows\System\HwpPaBV.exe
  C:\Windows\System\HwpPaBV.exe
  2⤵
  PID:5480
- C:\Windows\System\gWydVBU.exe
  C:\Windows\System\gWydVBU.exe
  2⤵
  PID:5484
- C:\Windows\System\MDtkMsk.exe
  C:\Windows\System\MDtkMsk.exe
  2⤵
  PID:5596
- C:\Windows\System\nrePNAw.exe
  C:\Windows\System\nrePNAw.exe
  2⤵
  PID:5632
- C:\Windows\System\IBWxZzv.exe
  C:\Windows\System\IBWxZzv.exe
  2⤵
  PID:5884
- C:\Windows\System\xocuNKp.exe
  C:\Windows\System\xocuNKp.exe
  2⤵
  PID:5728
- C:\Windows\System\uosymAh.exe
  C:\Windows\System\uosymAh.exe
  2⤵
  PID:5792
- C:\Windows\System\JOPeiYz.exe
  C:\Windows\System\JOPeiYz.exe
  2⤵
  PID:5812
- C:\Windows\System\SLNMsGT.exe
  C:\Windows\System\SLNMsGT.exe
  2⤵
  PID:3916
- C:\Windows\System\XiKjdeR.exe
  C:\Windows\System\XiKjdeR.exe
  2⤵
  PID:3948
- C:\Windows\System\MBPzbRd.exe
  C:\Windows\System\MBPzbRd.exe
  2⤵
  PID:5832
- C:\Windows\System\DqbilrH.exe
  C:\Windows\System\DqbilrH.exe
  2⤵
  PID:5224
- C:\Windows\System\npzFWzL.exe
  C:\Windows\System\npzFWzL.exe
  2⤵
  PID:5600
- C:\Windows\System\UvPdiOC.exe
  C:\Windows\System\UvPdiOC.exe
  2⤵
  PID:6200
- C:\Windows\System\qPXuCBq.exe
  C:\Windows\System\qPXuCBq.exe
  2⤵
  PID:6224
- C:\Windows\System\DHdBuxz.exe
  C:\Windows\System\DHdBuxz.exe
  2⤵
  PID:6244
- C:\Windows\System\yUNpHFI.exe
  C:\Windows\System\yUNpHFI.exe
  2⤵
  PID:6260
- C:\Windows\System\OIKZZNS.exe
  C:\Windows\System\OIKZZNS.exe
  2⤵
  PID:6276
- C:\Windows\System\qWJRNDJ.exe
  C:\Windows\System\qWJRNDJ.exe
  2⤵
  PID:6292
- C:\Windows\System\qCnvpNO.exe
  C:\Windows\System\qCnvpNO.exe
  2⤵
  PID:6312
- C:\Windows\System\exjLJXr.exe
  C:\Windows\System\exjLJXr.exe
  2⤵
  PID:6336
- C:\Windows\System\yNUrlnA.exe
  C:\Windows\System\yNUrlnA.exe
  2⤵
  PID:6352
- C:\Windows\System\pjwsUkY.exe
  C:\Windows\System\pjwsUkY.exe
  2⤵
  PID:6384
- C:\Windows\System\EKgPCwD.exe
  C:\Windows\System\EKgPCwD.exe
  2⤵
  PID:6400
- C:\Windows\System\GLICBZb.exe
  C:\Windows\System\GLICBZb.exe
  2⤵
  PID:6416
- C:\Windows\System\OuTRLDx.exe
  C:\Windows\System\OuTRLDx.exe
  2⤵
  PID:6432
- C:\Windows\System\nBRxGAV.exe
  C:\Windows\System\nBRxGAV.exe
  2⤵
  PID:6452
- C:\Windows\System\mkltMtR.exe
  C:\Windows\System\mkltMtR.exe
  2⤵
  PID:6468
- C:\Windows\System\DndoWyQ.exe
  C:\Windows\System\DndoWyQ.exe
  2⤵
  PID:6484
- C:\Windows\System\NMIgOAU.exe
  C:\Windows\System\NMIgOAU.exe
  2⤵
  PID:6500
- C:\Windows\System\qrRwCZz.exe
  C:\Windows\System\qrRwCZz.exe
  2⤵
  PID:6520
- C:\Windows\System\nQRiqyp.exe
  C:\Windows\System\nQRiqyp.exe
  2⤵
  PID:6544
- C:\Windows\System\gasKcbs.exe
  C:\Windows\System\gasKcbs.exe
  2⤵
  PID:6600
- C:\Windows\System\cIaEFbS.exe
  C:\Windows\System\cIaEFbS.exe
  2⤵
  PID:6620
- C:\Windows\System\vHjZIyD.exe
  C:\Windows\System\vHjZIyD.exe
  2⤵
  PID:6636
- C:\Windows\System\RHfXPJM.exe
  C:\Windows\System\RHfXPJM.exe
  2⤵
  PID:6652
- C:\Windows\System\larwtgK.exe
  C:\Windows\System\larwtgK.exe
  2⤵
  PID:6668
- C:\Windows\System\WAPdizV.exe
  C:\Windows\System\WAPdizV.exe
  2⤵
  PID:6688
- C:\Windows\System\VvaEvzP.exe
  C:\Windows\System\VvaEvzP.exe
  2⤵
  PID:6712
- C:\Windows\System\CynAriR.exe
  C:\Windows\System\CynAriR.exe
  2⤵
  PID:6732
- C:\Windows\System\gXJKZyE.exe
  C:\Windows\System\gXJKZyE.exe
  2⤵
  PID:6756
- C:\Windows\System\ZRChjgu.exe
  C:\Windows\System\ZRChjgu.exe
  2⤵
  PID:6776
- C:\Windows\System\yxTrEDz.exe
  C:\Windows\System\yxTrEDz.exe
  2⤵
  PID:6792
- C:\Windows\System\rDOUDRL.exe
  C:\Windows\System\rDOUDRL.exe
  2⤵
  PID:6816
- C:\Windows\System\MJUHaEK.exe
  C:\Windows\System\MJUHaEK.exe
  2⤵
  PID:6836
- C:\Windows\System\xcKhSEt.exe
  C:\Windows\System\xcKhSEt.exe
  2⤵
  PID:6860
- C:\Windows\System\WDJIzJj.exe
  C:\Windows\System\WDJIzJj.exe
  2⤵
  PID:6876
- C:\Windows\System\kubQboN.exe
  C:\Windows\System\kubQboN.exe
  2⤵
  PID:6892
- C:\Windows\System\DMNyCuz.exe
  C:\Windows\System\DMNyCuz.exe
  2⤵
  PID:6908
- C:\Windows\System\xOreGox.exe
  C:\Windows\System\xOreGox.exe
  2⤵
  PID:6924
- C:\Windows\System\zzARFag.exe
  C:\Windows\System\zzARFag.exe
  2⤵
  PID:6948
- C:\Windows\System\LZeGXhN.exe
  C:\Windows\System\LZeGXhN.exe
  2⤵
  PID:6964
- C:\Windows\System\qPIBpwO.exe
  C:\Windows\System\qPIBpwO.exe
  2⤵
  PID:6984
- C:\Windows\System\nKKOjJr.exe
  C:\Windows\System\nKKOjJr.exe
  2⤵
  PID:7004
- C:\Windows\System\ZBMywun.exe
  C:\Windows\System\ZBMywun.exe
  2⤵
  PID:7020
- C:\Windows\System\NpKaMWX.exe
  C:\Windows\System\NpKaMWX.exe
  2⤵
  PID:7040
- C:\Windows\System\tUpggOk.exe
  C:\Windows\System\tUpggOk.exe
  2⤵
  PID:7072
- C:\Windows\System\NsaELxv.exe
  C:\Windows\System\NsaELxv.exe
  2⤵
  PID:7092
- C:\Windows\System\rdRhGAT.exe
  C:\Windows\System\rdRhGAT.exe
  2⤵
  PID:7112
- C:\Windows\System\BeXjLgq.exe
  C:\Windows\System\BeXjLgq.exe
  2⤵
  PID:7132
- C:\Windows\System\xlIhkdu.exe
  C:\Windows\System\xlIhkdu.exe
  2⤵
  PID:7152
- C:\Windows\System\luGxZgd.exe
  C:\Windows\System\luGxZgd.exe
  2⤵
  PID:5408
- C:\Windows\System\RmzJYBT.exe
  C:\Windows\System\RmzJYBT.exe
  2⤵
  PID:5540
- C:\Windows\System\mWPROVm.exe
  C:\Windows\System\mWPROVm.exe
  2⤵
  PID:5676
- C:\Windows\System\behKNPA.exe
  C:\Windows\System\behKNPA.exe
  2⤵
  PID:5340
- C:\Windows\System\MMTQztD.exe
  C:\Windows\System\MMTQztD.exe
  2⤵
  PID:5564
- C:\Windows\System\FQenOHs.exe
  C:\Windows\System\FQenOHs.exe
  2⤵
  PID:6176
- C:\Windows\System\wAkXUQB.exe
  C:\Windows\System\wAkXUQB.exe
  2⤵
  PID:6216
- C:\Windows\System\oTeidcy.exe
  C:\Windows\System\oTeidcy.exe
  2⤵
  PID:6240
- C:\Windows\System\ADieewz.exe
  C:\Windows\System\ADieewz.exe
  2⤵
  PID:6284
- C:\Windows\System\mXDXFcG.exe
  C:\Windows\System\mXDXFcG.exe
  2⤵
  PID:6332
- C:\Windows\System\eHSGlJC.exe
  C:\Windows\System\eHSGlJC.exe
  2⤵
  PID:6376
- C:\Windows\System\BuxCztq.exe
  C:\Windows\System\BuxCztq.exe
  2⤵
  PID:6308
- C:\Windows\System\Qvoupai.exe
  C:\Windows\System\Qvoupai.exe
  2⤵
  PID:6392
- C:\Windows\System\LuPamFr.exe
  C:\Windows\System\LuPamFr.exe
  2⤵
  PID:6448
- C:\Windows\System\AVmNwId.exe
  C:\Windows\System\AVmNwId.exe
  2⤵
  PID:6424
- C:\Windows\System\PJvBTDL.exe
  C:\Windows\System\PJvBTDL.exe
  2⤵
  PID:6516
- C:\Windows\System\sKfFxrx.exe
  C:\Windows\System\sKfFxrx.exe
  2⤵
  PID:6492
- C:\Windows\System\DUZzQGV.exe
  C:\Windows\System\DUZzQGV.exe
  2⤵
  PID:6584
- C:\Windows\System\giEGVIs.exe
  C:\Windows\System\giEGVIs.exe
  2⤵
  PID:4340
- C:\Windows\System\NAoOcaR.exe
  C:\Windows\System\NAoOcaR.exe
  2⤵
  PID:6676
- C:\Windows\System\fxYzndK.exe
  C:\Windows\System\fxYzndK.exe
  2⤵
  PID:6708
- C:\Windows\System\RUdANay.exe
  C:\Windows\System\RUdANay.exe
  2⤵
  PID:6752
- C:\Windows\System\PXVqnRO.exe
  C:\Windows\System\PXVqnRO.exe
  2⤵
  PID:6512
- C:\Windows\System\lfmrXgn.exe
  C:\Windows\System\lfmrXgn.exe
  2⤵
  PID:6772
- C:\Windows\System\SlnaOOG.exe
  C:\Windows\System\SlnaOOG.exe
  2⤵
  PID:6824
- C:\Windows\System\VLUOjVZ.exe
  C:\Windows\System\VLUOjVZ.exe
  2⤵
  PID:6848
- C:\Windows\System\wzinmPs.exe
  C:\Windows\System\wzinmPs.exe
  2⤵
  PID:6888
- C:\Windows\System\pqUvGgw.exe
  C:\Windows\System\pqUvGgw.exe
  2⤵
  PID:6916
- C:\Windows\System\mQYLJED.exe
  C:\Windows\System\mQYLJED.exe
  2⤵
  PID:6936
- C:\Windows\System\TKCfxkg.exe
  C:\Windows\System\TKCfxkg.exe
  2⤵
  PID:7012
- C:\Windows\System\GmIbiiY.exe
  C:\Windows\System\GmIbiiY.exe
  2⤵
  PID:7048
- C:\Windows\System\OtoENUb.exe
  C:\Windows\System\OtoENUb.exe
  2⤵
  PID:7036
- C:\Windows\System\rgrVdwE.exe
  C:\Windows\System\rgrVdwE.exe
  2⤵
  PID:7084
- C:\Windows\System\DwYIGMg.exe
  C:\Windows\System\DwYIGMg.exe
  2⤵
  PID:7164
- C:\Windows\System\SDuuKCH.exe
  C:\Windows\System\SDuuKCH.exe
  2⤵
  PID:7140
- C:\Windows\System\wkILQFt.exe
  C:\Windows\System\wkILQFt.exe
  2⤵
  PID:5520
- C:\Windows\System\lvNqlZg.exe
  C:\Windows\System\lvNqlZg.exe
  2⤵
  PID:6136
- C:\Windows\System\ODIyvJA.exe
  C:\Windows\System\ODIyvJA.exe
  2⤵
  PID:5208
- C:\Windows\System\VObbNPd.exe
  C:\Windows\System\VObbNPd.exe
  2⤵
  PID:6168
- C:\Windows\System\BWzHuQB.exe
  C:\Windows\System\BWzHuQB.exe
  2⤵
  PID:6232
- C:\Windows\System\GLNyIiI.exe
  C:\Windows\System\GLNyIiI.exe
  2⤵
  PID:6528
- C:\Windows\System\YSpcYkh.exe
  C:\Windows\System\YSpcYkh.exe
  2⤵
  PID:6368
- C:\Windows\System\mSmZxHY.exe
  C:\Windows\System\mSmZxHY.exe
  2⤵
  PID:6568
- C:\Windows\System\sIMsegi.exe
  C:\Windows\System\sIMsegi.exe
  2⤵
  PID:6508
- C:\Windows\System\RRUFYvL.exe
  C:\Windows\System\RRUFYvL.exe
  2⤵
  PID:6664
- C:\Windows\System\KIVtUog.exe
  C:\Windows\System\KIVtUog.exe
  2⤵
  PID:6372
- C:\Windows\System\gmCCEIy.exe
  C:\Windows\System\gmCCEIy.exe
  2⤵
  PID:6556
- C:\Windows\System\sadKZeh.exe
  C:\Windows\System\sadKZeh.exe
  2⤵
  PID:6804
- C:\Windows\System\vEVNjYc.exe
  C:\Windows\System\vEVNjYc.exe
  2⤵
  PID:2500
- C:\Windows\System\NaiyMOu.exe
  C:\Windows\System\NaiyMOu.exe
  2⤵
  PID:6832
- C:\Windows\System\OOsBQlx.exe
  C:\Windows\System\OOsBQlx.exe
  2⤵
  PID:6768
- C:\Windows\System\rQIiIcF.exe
  C:\Windows\System\rQIiIcF.exe
  2⤵
  PID:6884
- C:\Windows\System\rBkDaqo.exe
  C:\Windows\System\rBkDaqo.exe
  2⤵
  PID:7028
- C:\Windows\System\dogldKa.exe
  C:\Windows\System\dogldKa.exe
  2⤵
  PID:7080
- C:\Windows\System\vLrZAcM.exe
  C:\Windows\System\vLrZAcM.exe
  2⤵
  PID:5904
- C:\Windows\System\kUTHiGm.exe
  C:\Windows\System\kUTHiGm.exe
  2⤵
  PID:5284
- C:\Windows\System\kWSsZBe.exe
  C:\Windows\System\kWSsZBe.exe
  2⤵
  PID:6188
- C:\Windows\System\SFNiwUx.exe
  C:\Windows\System\SFNiwUx.exe
  2⤵
  PID:6152
- C:\Windows\System\sNQDcAE.exe
  C:\Windows\System\sNQDcAE.exe
  2⤵
  PID:6328
- C:\Windows\System\KZgqMUQ.exe
  C:\Windows\System\KZgqMUQ.exe
  2⤵
  PID:6580
- C:\Windows\System\HJvHEdV.exe
  C:\Windows\System\HJvHEdV.exe
  2⤵
  PID:6684
- C:\Windows\System\cOoWqeA.exe
  C:\Windows\System\cOoWqeA.exe
  2⤵
  PID:6788
- C:\Windows\System\tsirNqf.exe
  C:\Windows\System\tsirNqf.exe
  2⤵
  PID:6572
- C:\Windows\System\JHRxddn.exe
  C:\Windows\System\JHRxddn.exe
  2⤵
  PID:6560
- C:\Windows\System\RRTzbTt.exe
  C:\Windows\System\RRTzbTt.exe
  2⤵
  PID:7032
- C:\Windows\System\UZgZbyU.exe
  C:\Windows\System\UZgZbyU.exe
  2⤵
  PID:6724
- C:\Windows\System\iJRAMKn.exe
  C:\Windows\System\iJRAMKn.exe
  2⤵
  PID:7016
- C:\Windows\System\XzKWaau.exe
  C:\Windows\System\XzKWaau.exe
  2⤵
  PID:7128
- C:\Windows\System\CQnqRQE.exe
  C:\Windows\System\CQnqRQE.exe
  2⤵
  PID:6008
- C:\Windows\System\nrShRJW.exe
  C:\Windows\System\nrShRJW.exe
  2⤵
  PID:6208
- C:\Windows\System\akTQWBF.exe
  C:\Windows\System\akTQWBF.exe
  2⤵
  PID:6444
- C:\Windows\System\TWCiiIR.exe
  C:\Windows\System\TWCiiIR.exe
  2⤵
  PID:6740
- C:\Windows\System\UidyVgI.exe
  C:\Windows\System\UidyVgI.exe
  2⤵
  PID:6904
- C:\Windows\System\VabtvSB.exe
  C:\Windows\System\VabtvSB.exe
  2⤵
  PID:6972
- C:\Windows\System\KflpsXa.exe
  C:\Windows\System\KflpsXa.exe
  2⤵
  PID:6016
- C:\Windows\System\DAmgLyX.exe
  C:\Windows\System\DAmgLyX.exe
  2⤵
  PID:7120
- C:\Windows\System\gTujGNg.exe
  C:\Windows\System\gTujGNg.exe
  2⤵
  PID:7104
- C:\Windows\System\QqiIMwu.exe
  C:\Windows\System\QqiIMwu.exe
  2⤵
  PID:6212
- C:\Windows\System\djeGWsS.exe
  C:\Windows\System\djeGWsS.exe
  2⤵
  PID:7192
- C:\Windows\System\QzirEqF.exe
  C:\Windows\System\QzirEqF.exe
  2⤵
  PID:7212
- C:\Windows\System\swZqSmz.exe
  C:\Windows\System\swZqSmz.exe
  2⤵
  PID:7232
- C:\Windows\System\rpklfqH.exe
  C:\Windows\System\rpklfqH.exe
  2⤵
  PID:7248
- C:\Windows\System\jiKeIvP.exe
  C:\Windows\System\jiKeIvP.exe
  2⤵
  PID:7272
- C:\Windows\System\EUQsaRZ.exe
  C:\Windows\System\EUQsaRZ.exe
  2⤵
  PID:7292
- C:\Windows\System\SdKvxwr.exe
  C:\Windows\System\SdKvxwr.exe
  2⤵
  PID:7308
- C:\Windows\System\WLgRVlR.exe
  C:\Windows\System\WLgRVlR.exe
  2⤵
  PID:7332
- C:\Windows\System\lbAGPKF.exe
  C:\Windows\System\lbAGPKF.exe
  2⤵
  PID:7348
- C:\Windows\System\WakPISD.exe
  C:\Windows\System\WakPISD.exe
  2⤵
  PID:7372
- C:\Windows\System\nFLftDC.exe
  C:\Windows\System\nFLftDC.exe
  2⤵
  PID:7388
- C:\Windows\System\yjedEER.exe
  C:\Windows\System\yjedEER.exe
  2⤵
  PID:7416
- C:\Windows\System\OPbdmpB.exe
  C:\Windows\System\OPbdmpB.exe
  2⤵
  PID:7432
- C:\Windows\System\AMytZmp.exe
  C:\Windows\System\AMytZmp.exe
  2⤵
  PID:7448
- C:\Windows\System\YXxkGku.exe
  C:\Windows\System\YXxkGku.exe
  2⤵
  PID:7464
- C:\Windows\System\qhnjHDz.exe
  C:\Windows\System\qhnjHDz.exe
  2⤵
  PID:7480
- C:\Windows\System\uHDJxJf.exe
  C:\Windows\System\uHDJxJf.exe
  2⤵
  PID:7496
- C:\Windows\System\HAjYYVv.exe
  C:\Windows\System\HAjYYVv.exe
  2⤵
  PID:7516
- C:\Windows\System\xIjLPpo.exe
  C:\Windows\System\xIjLPpo.exe
  2⤵
  PID:7536
- C:\Windows\System\vsXFRDV.exe
  C:\Windows\System\vsXFRDV.exe
  2⤵
  PID:7552
- C:\Windows\System\ajJAJwu.exe
  C:\Windows\System\ajJAJwu.exe
  2⤵
  PID:7616
- C:\Windows\System\ZpWpylU.exe
  C:\Windows\System\ZpWpylU.exe
  2⤵
  PID:7632
- C:\Windows\System\obqrlWY.exe
  C:\Windows\System\obqrlWY.exe
  2⤵
  PID:7652
- C:\Windows\System\QUgNJfu.exe
  C:\Windows\System\QUgNJfu.exe
  2⤵
  PID:7672
- C:\Windows\System\RwYMOPx.exe
  C:\Windows\System\RwYMOPx.exe
  2⤵
  PID:7688
- C:\Windows\System\SIyQGYl.exe
  C:\Windows\System\SIyQGYl.exe
  2⤵
  PID:7712
- C:\Windows\System\uxZZpiu.exe
  C:\Windows\System\uxZZpiu.exe
  2⤵
  PID:7728
- C:\Windows\System\QsiUmGj.exe
  C:\Windows\System\QsiUmGj.exe
  2⤵
  PID:7748
- C:\Windows\System\BUPOcsJ.exe
  C:\Windows\System\BUPOcsJ.exe
  2⤵
  PID:7764
- C:\Windows\System\dcgbCID.exe
  C:\Windows\System\dcgbCID.exe
  2⤵
  PID:7792
- C:\Windows\System\oUBfcWV.exe
  C:\Windows\System\oUBfcWV.exe
  2⤵
  PID:7808
- C:\Windows\System\ssZftZO.exe
  C:\Windows\System\ssZftZO.exe
  2⤵
  PID:7824
- C:\Windows\System\BkLFjZk.exe
  C:\Windows\System\BkLFjZk.exe
  2⤵
  PID:7840
- C:\Windows\System\bBBIIbe.exe
  C:\Windows\System\bBBIIbe.exe
  2⤵
  PID:7860
- C:\Windows\System\RceWjyO.exe
  C:\Windows\System\RceWjyO.exe
  2⤵
  PID:7880
- C:\Windows\System\HIPAmQX.exe
  C:\Windows\System\HIPAmQX.exe
  2⤵
  PID:7896
- C:\Windows\System\OPTUSqX.exe
  C:\Windows\System\OPTUSqX.exe
  2⤵
  PID:7912
- C:\Windows\System\OQhmPPb.exe
  C:\Windows\System\OQhmPPb.exe
  2⤵
  PID:7928
- C:\Windows\System\wZXjSbo.exe
  C:\Windows\System\wZXjSbo.exe
  2⤵
  PID:7952
- C:\Windows\System\pGCIpdF.exe
  C:\Windows\System\pGCIpdF.exe
  2⤵
  PID:7996
- C:\Windows\System\GJxlDwv.exe
  C:\Windows\System\GJxlDwv.exe
  2⤵
  PID:8012
- C:\Windows\System\IKBkozP.exe
  C:\Windows\System\IKBkozP.exe
  2⤵
  PID:8032
- C:\Windows\System\MyDuRLI.exe
  C:\Windows\System\MyDuRLI.exe
  2⤵
  PID:8052
- C:\Windows\System\HITGqgX.exe
  C:\Windows\System\HITGqgX.exe
  2⤵
  PID:8068
- C:\Windows\System\JgYzzeq.exe
  C:\Windows\System\JgYzzeq.exe
  2⤵
  PID:8084
- C:\Windows\System\bxwwKII.exe
  C:\Windows\System\bxwwKII.exe
  2⤵
  PID:8104
- C:\Windows\System\wPPJaVN.exe
  C:\Windows\System\wPPJaVN.exe
  2⤵
  PID:8132
- C:\Windows\System\UGeuvqW.exe
  C:\Windows\System\UGeuvqW.exe
  2⤵
  PID:8152
- C:\Windows\System\xZrIiyH.exe
  C:\Windows\System\xZrIiyH.exe
  2⤵
  PID:8176
- C:\Windows\System\fgxoasa.exe
  C:\Windows\System\fgxoasa.exe
  2⤵
  PID:6680
- C:\Windows\System\IGWqQLI.exe
  C:\Windows\System\IGWqQLI.exe
  2⤵
  PID:6960
- C:\Windows\System\qTFPIVY.exe
  C:\Windows\System\qTFPIVY.exe
  2⤵
  PID:1092
- C:\Windows\System\HmCCqKA.exe
  C:\Windows\System\HmCCqKA.exe
  2⤵
  PID:7148
- C:\Windows\System\EwMqtHv.exe
  C:\Windows\System\EwMqtHv.exe
  2⤵
  PID:7176
- C:\Windows\System\uxSKjny.exe
  C:\Windows\System\uxSKjny.exe
  2⤵
  PID:6764
- C:\Windows\System\wrFGQLw.exe
  C:\Windows\System\wrFGQLw.exe
  2⤵
  PID:7208
- C:\Windows\System\QAXVFrw.exe
  C:\Windows\System\QAXVFrw.exe
  2⤵
  PID:7280
- C:\Windows\System\XqElHQl.exe
  C:\Windows\System\XqElHQl.exe
  2⤵
  PID:7324
- C:\Windows\System\fMhLLdg.exe
  C:\Windows\System\fMhLLdg.exe
  2⤵
  PID:7412
- C:\Windows\System\JwcQLhE.exe
  C:\Windows\System\JwcQLhE.exe
  2⤵
  PID:7508
- C:\Windows\System\nrqnLDv.exe
  C:\Windows\System\nrqnLDv.exe
  2⤵
  PID:7256
- C:\Windows\System\yKFUGJg.exe
  C:\Windows\System\yKFUGJg.exe
  2⤵
  PID:6748
- C:\Windows\System\JkLqDsD.exe
  C:\Windows\System\JkLqDsD.exe
  2⤵
  PID:7488
- C:\Windows\System\jybRPHS.exe
  C:\Windows\System\jybRPHS.exe
  2⤵
  PID:7264
- C:\Windows\System\OlAzmNi.exe
  C:\Windows\System\OlAzmNi.exe
  2⤵
  PID:7380
- C:\Windows\System\QvfBJKM.exe
  C:\Windows\System\QvfBJKM.exe
  2⤵
  PID:7588
- C:\Windows\System\kRnHxLZ.exe
  C:\Windows\System\kRnHxLZ.exe
  2⤵
  PID:7560
- C:\Windows\System\khgzlTc.exe
  C:\Windows\System\khgzlTc.exe
  2⤵
  PID:7604
- C:\Windows\System\ARvhYGf.exe
  C:\Windows\System\ARvhYGf.exe
  2⤵
  PID:7576
- C:\Windows\System\IsKPDuQ.exe
  C:\Windows\System\IsKPDuQ.exe
  2⤵
  PID:7684
- C:\Windows\System\oWnObPa.exe
  C:\Windows\System\oWnObPa.exe
  2⤵
  PID:7744
- C:\Windows\System\aQahsEN.exe
  C:\Windows\System\aQahsEN.exe
  2⤵
  PID:7720
- C:\Windows\System\HLFbxxq.exe
  C:\Windows\System\HLFbxxq.exe
  2⤵
  PID:7776
- C:\Windows\System\BPRFuyB.exe
  C:\Windows\System\BPRFuyB.exe
  2⤵
  PID:7852
- C:\Windows\System\QwtbGeC.exe
  C:\Windows\System\QwtbGeC.exe
  2⤵
  PID:7804
- C:\Windows\System\HCIojhD.exe
  C:\Windows\System\HCIojhD.exe
  2⤵
  PID:7972
- C:\Windows\System\yQXTRrH.exe
  C:\Windows\System\yQXTRrH.exe
  2⤵
  PID:7988
- C:\Windows\System\fiEvvhg.exe
  C:\Windows\System\fiEvvhg.exe
  2⤵
  PID:7876
- C:\Windows\System\QNwzkEG.exe
  C:\Windows\System\QNwzkEG.exe
  2⤵
  PID:7940
- C:\Windows\System\elefCdk.exe
  C:\Windows\System\elefCdk.exe
  2⤵
  PID:8008
- C:\Windows\System\uAUVvCE.exe
  C:\Windows\System\uAUVvCE.exe
  2⤵
  PID:8060
- C:\Windows\System\fNYZjCw.exe
  C:\Windows\System\fNYZjCw.exe
  2⤵
  PID:8112
- C:\Windows\System\zrMiGkO.exe
  C:\Windows\System\zrMiGkO.exe
  2⤵
  PID:8140
- C:\Windows\System\wYfKpdl.exe
  C:\Windows\System\wYfKpdl.exe
  2⤵
  PID:8048
- C:\Windows\System\FoYiBPa.exe
  C:\Windows\System\FoYiBPa.exe
  2⤵
  PID:8148
- C:\Windows\System\JRtUqXb.exe
  C:\Windows\System\JRtUqXb.exe
  2⤵
  PID:8188
- C:\Windows\System\xybfFfk.exe
  C:\Windows\System\xybfFfk.exe
  2⤵
  PID:6196
- C:\Windows\System\QvWTYlR.exe
  C:\Windows\System\QvWTYlR.exe
  2⤵
  PID:7288
- C:\Windows\System\hhHyANf.exe
  C:\Windows\System\hhHyANf.exe
  2⤵
  PID:6996
- C:\Windows\System\Swckbgm.exe
  C:\Windows\System\Swckbgm.exe
  2⤵
  PID:7356
- C:\Windows\System\NjCQnEs.exe
  C:\Windows\System\NjCQnEs.exe
  2⤵
  PID:7364
- C:\Windows\System\ojEafGz.exe
  C:\Windows\System\ojEafGz.exe
  2⤵
  PID:7472
- C:\Windows\System\FooYjBL.exe
  C:\Windows\System\FooYjBL.exe
  2⤵
  PID:7456
- C:\Windows\System\SUJOPVD.exe
  C:\Windows\System\SUJOPVD.exe
  2⤵
  PID:7428
- C:\Windows\System\sXqYJxV.exe
  C:\Windows\System\sXqYJxV.exe
  2⤵
  PID:7628
- C:\Windows\System\oJtHaFV.exe
  C:\Windows\System\oJtHaFV.exe
  2⤵
  PID:7708
- C:\Windows\System\jWhEUjG.exe
  C:\Windows\System\jWhEUjG.exe
  2⤵
  PID:7600
- C:\Windows\System\zNFVTZL.exe
  C:\Windows\System\zNFVTZL.exe
  2⤵
  PID:7780
- C:\Windows\System\XnzIdJv.exe
  C:\Windows\System\XnzIdJv.exe
  2⤵
  PID:7788
- C:\Windows\System\WaWCPAY.exe
  C:\Windows\System\WaWCPAY.exe
  2⤵
  PID:7724
- C:\Windows\System\Iihmjmt.exe
  C:\Windows\System\Iihmjmt.exe
  2⤵
  PID:7836
- C:\Windows\System\SMXPRRP.exe
  C:\Windows\System\SMXPRRP.exe
  2⤵
  PID:7964
- C:\Windows\System\HvdBuUZ.exe
  C:\Windows\System\HvdBuUZ.exe
  2⤵
  PID:7904
- C:\Windows\System\sdIZowZ.exe
  C:\Windows\System\sdIZowZ.exe
  2⤵
  PID:7944
- C:\Windows\System\qPcicGw.exe
  C:\Windows\System\qPcicGw.exe
  2⤵
  PID:8100
- C:\Windows\System\OGmTSol.exe
  C:\Windows\System\OGmTSol.exe
  2⤵
  PID:8028
- C:\Windows\System\ltdiDbd.exe
  C:\Windows\System\ltdiDbd.exe
  2⤵
  PID:8024
- C:\Windows\System\sgqEnGn.exe
  C:\Windows\System\sgqEnGn.exe
  2⤵
  PID:6728
- C:\Windows\System\lUolPLN.exe
  C:\Windows\System\lUolPLN.exe
  2⤵
  PID:8124
- C:\Windows\System\bMqiSiY.exe
  C:\Windows\System\bMqiSiY.exe
  2⤵
  PID:1048
- C:\Windows\System\UcyZotS.exe
  C:\Windows\System\UcyZotS.exe
  2⤵
  PID:7404
- C:\Windows\System\eTzdIXp.exe
  C:\Windows\System\eTzdIXp.exe
  2⤵
  PID:7124
- C:\Windows\System\dGAqIIS.exe
  C:\Windows\System\dGAqIIS.exe
  2⤵
  PID:7400
- C:\Windows\System\jlYxnLt.exe
  C:\Windows\System\jlYxnLt.exe
  2⤵
  PID:7228
- C:\Windows\System\tElRaNy.exe
  C:\Windows\System\tElRaNy.exe
  2⤵
  PID:7568
- C:\Windows\System\NdkQrNs.exe
  C:\Windows\System\NdkQrNs.exe
  2⤵
  PID:7592
- C:\Windows\System\nxXzbKH.exe
  C:\Windows\System\nxXzbKH.exe
  2⤵
  PID:6040
- C:\Windows\System\ptPXbWP.exe
  C:\Windows\System\ptPXbWP.exe
  2⤵
  PID:7816
- C:\Windows\System\AJkdOmm.exe
  C:\Windows\System\AJkdOmm.exe
  2⤵
  PID:7760
- C:\Windows\System\rxcFLxc.exe
  C:\Windows\System\rxcFLxc.exe
  2⤵
  PID:7892
- C:\Windows\System\evAHvEe.exe
  C:\Windows\System\evAHvEe.exe
  2⤵
  PID:8096
- C:\Windows\System\GUKKAMT.exe
  C:\Windows\System\GUKKAMT.exe
  2⤵
  PID:8172
- C:\Windows\System\byPouQT.exe
  C:\Windows\System\byPouQT.exe
  2⤵
  PID:8116
- C:\Windows\System\CSicElH.exe
  C:\Windows\System\CSicElH.exe
  2⤵
  PID:6588
- C:\Windows\System\PSGfeYV.exe
  C:\Windows\System\PSGfeYV.exe
  2⤵
  PID:7608
- C:\Windows\System\BMoviVU.exe
  C:\Windows\System\BMoviVU.exe
  2⤵
  PID:7704
- C:\Windows\System\lSCAEOH.exe
  C:\Windows\System\lSCAEOH.exe
  2⤵
  PID:7888
- C:\Windows\System\AhNYZRk.exe
  C:\Windows\System\AhNYZRk.exe
  2⤵
  PID:7968
- C:\Windows\System\jvyJVwc.exe
  C:\Windows\System\jvyJVwc.exe
  2⤵
  PID:7384
- C:\Windows\System\ysAIiQT.exe
  C:\Windows\System\ysAIiQT.exe
  2⤵
  PID:6324
- C:\Windows\System\sujFGNW.exe
  C:\Windows\System\sujFGNW.exe
  2⤵
  PID:7320
- C:\Windows\System\BlJCVCw.exe
  C:\Windows\System\BlJCVCw.exe
  2⤵
  PID:7504
- C:\Windows\System\PsjqsYw.exe
  C:\Windows\System\PsjqsYw.exe
  2⤵
  PID:7548
- C:\Windows\System\YYoeuYi.exe
  C:\Windows\System\YYoeuYi.exe
  2⤵
  PID:7664
- C:\Windows\System\YcycSWV.exe
  C:\Windows\System\YcycSWV.exe
  2⤵
  PID:7960
- C:\Windows\System\fCLYQzW.exe
  C:\Windows\System\fCLYQzW.exe
  2⤵
  PID:7532
- C:\Windows\System\ZuasVyg.exe
  C:\Windows\System\ZuasVyg.exe
  2⤵
  PID:5176
- C:\Windows\System\SieGoXA.exe
  C:\Windows\System\SieGoXA.exe
  2⤵
  PID:7984
- C:\Windows\System\ZbQpFmt.exe
  C:\Windows\System\ZbQpFmt.exe
  2⤵
  PID:8004
- C:\Windows\System\lFErlnt.exe
  C:\Windows\System\lFErlnt.exe
  2⤵
  PID:108
- C:\Windows\System\gDbCaQT.exe
  C:\Windows\System\gDbCaQT.exe
  2⤵
  PID:7476
- C:\Windows\System\NkMiGZr.exe
  C:\Windows\System\NkMiGZr.exe
  2⤵
  PID:8196
- C:\Windows\System\aATxKvL.exe
  C:\Windows\System\aATxKvL.exe
  2⤵
  PID:8220
- C:\Windows\System\pbRZlDu.exe
  C:\Windows\System\pbRZlDu.exe
  2⤵
  PID:8252
- C:\Windows\System\iliEXoN.exe
  C:\Windows\System\iliEXoN.exe
  2⤵
  PID:8268
- C:\Windows\System\YgVqfLa.exe
  C:\Windows\System\YgVqfLa.exe
  2⤵
  PID:8284
- C:\Windows\System\RXuZEVj.exe
  C:\Windows\System\RXuZEVj.exe
  2⤵
  PID:8312
- C:\Windows\System\ZcFMzAo.exe
  C:\Windows\System\ZcFMzAo.exe
  2⤵
  PID:8328
- C:\Windows\System\tnyOVpw.exe
  C:\Windows\System\tnyOVpw.exe
  2⤵
  PID:8348
- C:\Windows\System\iSYAITB.exe
  C:\Windows\System\iSYAITB.exe
  2⤵
  PID:8368
- C:\Windows\System\YWOhdUa.exe
  C:\Windows\System\YWOhdUa.exe
  2⤵
  PID:8384
- C:\Windows\System\qcQfval.exe
  C:\Windows\System\qcQfval.exe
  2⤵
  PID:8408
- C:\Windows\System\dOrYtkN.exe
  C:\Windows\System\dOrYtkN.exe
  2⤵
  PID:8428
- C:\Windows\System\oRWrYQc.exe
  C:\Windows\System\oRWrYQc.exe
  2⤵
  PID:8444
- C:\Windows\System\VNIzcoY.exe
  C:\Windows\System\VNIzcoY.exe
  2⤵
  PID:8464
- C:\Windows\System\dEHbqHD.exe
  C:\Windows\System\dEHbqHD.exe
  2⤵
  PID:8480
- C:\Windows\System\YdoeqJJ.exe
  C:\Windows\System\YdoeqJJ.exe
  2⤵
  PID:8496
- C:\Windows\System\jfLfHcD.exe
  C:\Windows\System\jfLfHcD.exe
  2⤵
  PID:8512
- C:\Windows\System\PlRvaTN.exe
  C:\Windows\System\PlRvaTN.exe
  2⤵
  PID:8528
- C:\Windows\System\DJTNSqx.exe
  C:\Windows\System\DJTNSqx.exe
  2⤵
  PID:8568
- C:\Windows\System\ITQwgWi.exe
  C:\Windows\System\ITQwgWi.exe
  2⤵
  PID:8584
- C:\Windows\System\ujfwGZZ.exe
  C:\Windows\System\ujfwGZZ.exe
  2⤵
  PID:8616
- C:\Windows\System\FapfVaA.exe
  C:\Windows\System\FapfVaA.exe
  2⤵
  PID:8632
- C:\Windows\System\BEmROpw.exe
  C:\Windows\System\BEmROpw.exe
  2⤵
  PID:8648
- C:\Windows\System\dHfyliV.exe
  C:\Windows\System\dHfyliV.exe
  2⤵
  PID:8672
- C:\Windows\System\aLmUFkr.exe
  C:\Windows\System\aLmUFkr.exe
  2⤵
  PID:8688
- C:\Windows\System\nSHCWYf.exe
  C:\Windows\System\nSHCWYf.exe
  2⤵
  PID:8708
- C:\Windows\System\MCViouf.exe
  C:\Windows\System\MCViouf.exe
  2⤵
  PID:8724
- C:\Windows\System\nEYUgex.exe
  C:\Windows\System\nEYUgex.exe
  2⤵
  PID:8756
- C:\Windows\System\uXOawEI.exe
  C:\Windows\System\uXOawEI.exe
  2⤵
  PID:8776
- C:\Windows\System\ezkhrIK.exe
  C:\Windows\System\ezkhrIK.exe
  2⤵
  PID:8800
- C:\Windows\System\xKaiJBr.exe
  C:\Windows\System\xKaiJBr.exe
  2⤵
  PID:8816
- C:\Windows\System\CpzaoMZ.exe
  C:\Windows\System\CpzaoMZ.exe
  2⤵
  PID:8836
- C:\Windows\System\FAoiVii.exe
  C:\Windows\System\FAoiVii.exe
  2⤵
  PID:8852
- C:\Windows\System\RZAhWUM.exe
  C:\Windows\System\RZAhWUM.exe
  2⤵
  PID:8880
- C:\Windows\System\CCAKMPO.exe
  C:\Windows\System\CCAKMPO.exe
  2⤵
  PID:8896
- C:\Windows\System\SCKgtvF.exe
  C:\Windows\System\SCKgtvF.exe
  2⤵
  PID:8920
- C:\Windows\System\hhnJJKS.exe
  C:\Windows\System\hhnJJKS.exe
  2⤵
  PID:8936
- C:\Windows\System\RVysPAv.exe
  C:\Windows\System\RVysPAv.exe
  2⤵
  PID:8952
- C:\Windows\System\wWAfJTq.exe
  C:\Windows\System\wWAfJTq.exe
  2⤵
  PID:8968
- C:\Windows\System\hJyitin.exe
  C:\Windows\System\hJyitin.exe
  2⤵
  PID:8988
- C:\Windows\System\VJrFuef.exe
  C:\Windows\System\VJrFuef.exe
  2⤵
  PID:9012
- C:\Windows\System\INxnEQy.exe
  C:\Windows\System\INxnEQy.exe
  2⤵
  PID:9028
- C:\Windows\System\gphDCWV.exe
  C:\Windows\System\gphDCWV.exe
  2⤵
  PID:9048
- C:\Windows\System\sGnpXSc.exe
  C:\Windows\System\sGnpXSc.exe
  2⤵
  PID:9076
- C:\Windows\System\ncTaZzp.exe
  C:\Windows\System\ncTaZzp.exe
  2⤵
  PID:9096
- C:\Windows\System\XwFyksp.exe
  C:\Windows\System\XwFyksp.exe
  2⤵
  PID:9112
- C:\Windows\System\qgGgUUo.exe
  C:\Windows\System\qgGgUUo.exe
  2⤵
  PID:9132
- C:\Windows\System\NGOihkc.exe
  C:\Windows\System\NGOihkc.exe
  2⤵
  PID:9156
- C:\Windows\System\cZpkFvv.exe
  C:\Windows\System\cZpkFvv.exe
  2⤵
  PID:9172
- C:\Windows\System\rmdtRMI.exe
  C:\Windows\System\rmdtRMI.exe
  2⤵
  PID:9200
- C:\Windows\System\MllOcrz.exe
  C:\Windows\System\MllOcrz.exe
  2⤵
  PID:5672
- C:\Windows\System\RwWvptD.exe
  C:\Windows\System\RwWvptD.exe
  2⤵
  PID:8044
- C:\Windows\System\tHgLPDp.exe
  C:\Windows\System\tHgLPDp.exe
  2⤵
  PID:8232
- C:\Windows\System\MbssNpl.exe
  C:\Windows\System\MbssNpl.exe
  2⤵
  PID:8248
- C:\Windows\System\yAkhLiP.exe
  C:\Windows\System\yAkhLiP.exe
  2⤵
  PID:8296
- C:\Windows\System\dmSGQaO.exe
  C:\Windows\System\dmSGQaO.exe
  2⤵
  PID:8324
- C:\Windows\System\UXUOqYf.exe
  C:\Windows\System\UXUOqYf.exe
  2⤵
  PID:8340
- C:\Windows\System\dotkQwu.exe
  C:\Windows\System\dotkQwu.exe
  2⤵
  PID:8404
- C:\Windows\System\uSUOlho.exe
  C:\Windows\System\uSUOlho.exe
  2⤵
  PID:8424
- C:\Windows\System\bFZtEpU.exe
  C:\Windows\System\bFZtEpU.exe
  2⤵
  PID:8540
- C:\Windows\System\Oqmiank.exe
  C:\Windows\System\Oqmiank.exe
  2⤵
  PID:8556
- C:\Windows\System\JWTbKUr.exe
  C:\Windows\System\JWTbKUr.exe
  2⤵
  PID:8456
- C:\Windows\System\yApUAbe.exe
  C:\Windows\System\yApUAbe.exe
  2⤵
  PID:8564
- C:\Windows\System\ZTZJaNT.exe
  C:\Windows\System\ZTZJaNT.exe
  2⤵
  PID:8600
- C:\Windows\System\tNZCXfh.exe
  C:\Windows\System\tNZCXfh.exe
  2⤵
  PID:8640
- C:\Windows\System\jsAhkKi.exe
  C:\Windows\System\jsAhkKi.exe
  2⤵
  PID:8656
- C:\Windows\System\ernVDFR.exe
  C:\Windows\System\ernVDFR.exe
  2⤵
  PID:8716
- C:\Windows\System\PxRtgoR.exe
  C:\Windows\System\PxRtgoR.exe
  2⤵
  PID:8740
- C:\Windows\System\bEFpibh.exe
  C:\Windows\System\bEFpibh.exe
  2⤵
  PID:8752
- C:\Windows\System\XFxRIjY.exe
  C:\Windows\System\XFxRIjY.exe
  2⤵
  PID:8788
- C:\Windows\System\CXrTApe.exe
  C:\Windows\System\CXrTApe.exe
  2⤵
  PID:8848
- C:\Windows\System\kcfolje.exe
  C:\Windows\System\kcfolje.exe
  2⤵
  PID:8868
- C:\Windows\System\bxJsJAG.exe
  C:\Windows\System\bxJsJAG.exe
  2⤵
  PID:8876
- C:\Windows\System\ZjRWusZ.exe
  C:\Windows\System\ZjRWusZ.exe
  2⤵
  PID:8932
- C:\Windows\System\KnOyWXW.exe
  C:\Windows\System\KnOyWXW.exe
  2⤵
  PID:8964
- C:\Windows\System\ZHgDUJa.exe
  C:\Windows\System\ZHgDUJa.exe
  2⤵
  PID:8948
- C:\Windows\System\wbCUdzf.exe
  C:\Windows\System\wbCUdzf.exe
  2⤵
  PID:9040
- C:\Windows\System\xXrgWJE.exe
  C:\Windows\System\xXrgWJE.exe
  2⤵
  PID:9060
- C:\Windows\System\NCnaznG.exe
  C:\Windows\System\NCnaznG.exe
  2⤵
  PID:9120
- C:\Windows\System\BcnqJhB.exe
  C:\Windows\System\BcnqJhB.exe
  2⤵
  PID:9164
- C:\Windows\System\MCOItJh.exe
  C:\Windows\System\MCOItJh.exe
  2⤵
  PID:9152
- C:\Windows\System\gkvFUhH.exe
  C:\Windows\System\gkvFUhH.exe
  2⤵
  PID:9208
- C:\Windows\System\XyBqLty.exe
  C:\Windows\System\XyBqLty.exe
  2⤵
  PID:7740
- C:\Windows\System\ZQgpdLu.exe
  C:\Windows\System\ZQgpdLu.exe
  2⤵
  PID:8236
- C:\Windows\System\bXltxtZ.exe
  C:\Windows\System\bXltxtZ.exe
  2⤵
  PID:8360
- C:\Windows\System\YRNCcdP.exe
  C:\Windows\System\YRNCcdP.exe
  2⤵
  PID:8364
- C:\Windows\System\IBPhvMj.exe
  C:\Windows\System\IBPhvMj.exe
  2⤵
  PID:8436
- C:\Windows\System\XJQBbCt.exe
  C:\Windows\System\XJQBbCt.exe
  2⤵
  PID:8380
- C:\Windows\System\SWiDPQW.exe
  C:\Windows\System\SWiDPQW.exe
  2⤵
  PID:8452
- C:\Windows\System\SnTCjNO.exe
  C:\Windows\System\SnTCjNO.exe
  2⤵
  PID:8592
- C:\Windows\System\DxcYNIN.exe
  C:\Windows\System\DxcYNIN.exe
  2⤵
  PID:8624
- C:\Windows\System\jdtStLR.exe
  C:\Windows\System\jdtStLR.exe
  2⤵
  PID:8660
- C:\Windows\System\hCFSWop.exe
  C:\Windows\System\hCFSWop.exe
  2⤵
  PID:8720
- C:\Windows\System\DGRqNuF.exe
  C:\Windows\System\DGRqNuF.exe
  2⤵
  PID:8736
- C:\Windows\System\btXMClF.exe
  C:\Windows\System\btXMClF.exe
  2⤵
  PID:8772
- C:\Windows\System\JBJCEhi.exe
  C:\Windows\System\JBJCEhi.exe
  2⤵
  PID:8888
- C:\Windows\System\mXXCVHz.exe
  C:\Windows\System\mXXCVHz.exe
  2⤵
  PID:8976
- C:\Windows\System\sRZCtvf.exe
  C:\Windows\System\sRZCtvf.exe
  2⤵
  PID:9044
- C:\Windows\System\YGfKBLv.exe
  C:\Windows\System\YGfKBLv.exe
  2⤵
  PID:9104
- C:\Windows\System\eaabMvq.exe
  C:\Windows\System\eaabMvq.exe
  2⤵
  PID:9108
- C:\Windows\System\yegvqIE.exe
  C:\Windows\System\yegvqIE.exe
  2⤵
  PID:9184
- C:\Windows\System\pNTQyNH.exe
  C:\Windows\System\pNTQyNH.exe
  2⤵
  PID:8212
- C:\Windows\System\nrmmVac.exe
  C:\Windows\System\nrmmVac.exe
  2⤵
  PID:8320
- C:\Windows\System\lCJULmI.exe
  C:\Windows\System\lCJULmI.exe
  2⤵
  PID:8244
- C:\Windows\System\SMNfsYV.exe
  C:\Windows\System\SMNfsYV.exe
  2⤵
  PID:8668
- C:\Windows\System\ToWTqmH.exe
  C:\Windows\System\ToWTqmH.exe
  2⤵
  PID:8524
- C:\Windows\System\PGefVfO.exe
  C:\Windows\System\PGefVfO.exe
  2⤵
  PID:8696
- C:\Windows\System\CVWVBWk.exe
  C:\Windows\System\CVWVBWk.exe
  2⤵
  PID:8844
- C:\Windows\System\iuXwOmx.exe
  C:\Windows\System\iuXwOmx.exe
  2⤵
  PID:8904
- C:\Windows\System\zNxwIWa.exe
  C:\Windows\System\zNxwIWa.exe
  2⤵
  PID:8864
- C:\Windows\System\yJSBHoQ.exe
  C:\Windows\System\yJSBHoQ.exe
  2⤵
  PID:9000
- C:\Windows\System\hDVXAYt.exe
  C:\Windows\System\hDVXAYt.exe
  2⤵
  PID:9064
- C:\Windows\System\jiLxGSF.exe
  C:\Windows\System\jiLxGSF.exe
  2⤵
  PID:9148
- C:\Windows\System\SAjMSeT.exe
  C:\Windows\System\SAjMSeT.exe
  2⤵
  PID:8276
- C:\Windows\System\hXYfrpe.exe
  C:\Windows\System\hXYfrpe.exe
  2⤵
  PID:8292
- C:\Windows\System\WFDWzTw.exe
  C:\Windows\System\WFDWzTw.exe
  2⤵
  PID:8536
- C:\Windows\System\gXUspRL.exe
  C:\Windows\System\gXUspRL.exe
  2⤵
  PID:8608
- C:\Windows\System\MMWcark.exe
  C:\Windows\System\MMWcark.exe
  2⤵
  PID:8548
- C:\Windows\System\rPHVbQm.exe
  C:\Windows\System\rPHVbQm.exe
  2⤵
  PID:9124
- C:\Windows\System\gFwlEjq.exe
  C:\Windows\System\gFwlEjq.exe
  2⤵
  PID:9196
- C:\Windows\System\QZwyGxH.exe
  C:\Windows\System\QZwyGxH.exe
  2⤵
  PID:8792
- C:\Windows\System\RGEvvOL.exe
  C:\Windows\System\RGEvvOL.exe
  2⤵
  PID:8204
- C:\Windows\System\EgvGRzf.exe
  C:\Windows\System\EgvGRzf.exe
  2⤵
  PID:8400
- C:\Windows\System\lAAgIdz.exe
  C:\Windows\System\lAAgIdz.exe
  2⤵
  PID:8396
- C:\Windows\System\HEdQwnt.exe
  C:\Windows\System\HEdQwnt.exe
  2⤵
  PID:9056
- C:\Windows\System\jwgmxfY.exe
  C:\Windows\System\jwgmxfY.exe
  2⤵
  PID:9232
- C:\Windows\System\PSOJeQP.exe
  C:\Windows\System\PSOJeQP.exe
  2⤵
  PID:9256
- C:\Windows\System\zRGOqBV.exe
  C:\Windows\System\zRGOqBV.exe
  2⤵
  PID:9280
- C:\Windows\System\omruTfO.exe
  C:\Windows\System\omruTfO.exe
  2⤵
  PID:9300
- C:\Windows\System\hPVgPRa.exe
  C:\Windows\System\hPVgPRa.exe
  2⤵
  PID:9328
- C:\Windows\System\psUMGjp.exe
  C:\Windows\System\psUMGjp.exe
  2⤵
  PID:9344
- C:\Windows\System\XJFWoBQ.exe
  C:\Windows\System\XJFWoBQ.exe
  2⤵
  PID:9372
- C:\Windows\System\ZWorNzq.exe
  C:\Windows\System\ZWorNzq.exe
  2⤵
  PID:9404
- C:\Windows\System\SYNaFzQ.exe
  C:\Windows\System\SYNaFzQ.exe
  2⤵
  PID:9420
- C:\Windows\System\wqfuDDs.exe
  C:\Windows\System\wqfuDDs.exe
  2⤵
  PID:9440
- C:\Windows\System\BnHthUq.exe
  C:\Windows\System\BnHthUq.exe
  2⤵
  PID:9460
- C:\Windows\System\ENjkrbi.exe
  C:\Windows\System\ENjkrbi.exe
  2⤵
  PID:9480
- C:\Windows\System\tiLuaEd.exe
  C:\Windows\System\tiLuaEd.exe
  2⤵
  PID:9496
- C:\Windows\System\wzKgGUZ.exe
  C:\Windows\System\wzKgGUZ.exe
  2⤵
  PID:9516
- C:\Windows\System\ZsqGhzu.exe
  C:\Windows\System\ZsqGhzu.exe
  2⤵
  PID:9532
- C:\Windows\System\WoybLZo.exe
  C:\Windows\System\WoybLZo.exe
  2⤵
  PID:9552
- C:\Windows\System\hQDMLIn.exe
  C:\Windows\System\hQDMLIn.exe
  2⤵
  PID:9584
- C:\Windows\System\JjMpTMM.exe
  C:\Windows\System\JjMpTMM.exe
  2⤵
  PID:9628
- C:\Windows\System\wcuNpEC.exe
  C:\Windows\System\wcuNpEC.exe
  2⤵
  PID:9652
- C:\Windows\System\adjZNvD.exe
  C:\Windows\System\adjZNvD.exe
  2⤵
  PID:9672
- C:\Windows\System\fEhqtLm.exe
  C:\Windows\System\fEhqtLm.exe
  2⤵
  PID:9688
- C:\Windows\System\GUOewZQ.exe
  C:\Windows\System\GUOewZQ.exe
  2⤵
  PID:9712
- C:\Windows\System\PpuSYaE.exe
  C:\Windows\System\PpuSYaE.exe
  2⤵
  PID:9728
- C:\Windows\System\iwFudZi.exe
  C:\Windows\System\iwFudZi.exe
  2⤵
  PID:9744
- C:\Windows\System\ybxJEdy.exe
  C:\Windows\System\ybxJEdy.exe
  2⤵
  PID:9768
- C:\Windows\System\TmdeLpR.exe
  C:\Windows\System\TmdeLpR.exe
  2⤵
  PID:9784
- C:\Windows\System\ohUfZpX.exe
  C:\Windows\System\ohUfZpX.exe
  2⤵
  PID:9800
- C:\Windows\System\Kwvhzun.exe
  C:\Windows\System\Kwvhzun.exe
  2⤵
  PID:9836
- C:\Windows\System\PlzgrQG.exe
  C:\Windows\System\PlzgrQG.exe
  2⤵
  PID:9852
- C:\Windows\System\fucmZCh.exe
  C:\Windows\System\fucmZCh.exe
  2⤵
  PID:9868
- C:\Windows\System\LdPkZGL.exe
  C:\Windows\System\LdPkZGL.exe
  2⤵
  PID:9888
- C:\Windows\System\RHcuNED.exe
  C:\Windows\System\RHcuNED.exe
  2⤵
  PID:9904
- C:\Windows\System\kwSTOiQ.exe
  C:\Windows\System\kwSTOiQ.exe
  2⤵
  PID:9920
- C:\Windows\System\gvSckDX.exe
  C:\Windows\System\gvSckDX.exe
  2⤵
  PID:9936
- C:\Windows\System\DBqBMac.exe
  C:\Windows\System\DBqBMac.exe
  2⤵
  PID:9952
- C:\Windows\System\HFUiExY.exe
  C:\Windows\System\HFUiExY.exe
  2⤵
  PID:9996
- C:\Windows\System\mCFjTBv.exe
  C:\Windows\System\mCFjTBv.exe
  2⤵
  PID:10016
- C:\Windows\System\UYWAyuq.exe
  C:\Windows\System\UYWAyuq.exe
  2⤵
  PID:10036
- C:\Windows\System\flvGJSD.exe
  C:\Windows\System\flvGJSD.exe
  2⤵
  PID:10052
- C:\Windows\System\cRowceb.exe
  C:\Windows\System\cRowceb.exe
  2⤵
  PID:10068
- C:\Windows\System\pJelfUC.exe
  C:\Windows\System\pJelfUC.exe
  2⤵
  PID:10096
- C:\Windows\System\fkMtuMN.exe
  C:\Windows\System\fkMtuMN.exe
  2⤵
  PID:10116
- C:\Windows\System\PdCYtZy.exe
  C:\Windows\System\PdCYtZy.exe
  2⤵
  PID:10140
- C:\Windows\System\rMrSTMf.exe
  C:\Windows\System\rMrSTMf.exe
  2⤵
  PID:10156
- C:\Windows\System\zcBWdoa.exe
  C:\Windows\System\zcBWdoa.exe
  2⤵
  PID:10184
- C:\Windows\System\EVOuwbV.exe
  C:\Windows\System\EVOuwbV.exe
  2⤵
  PID:10200
- C:\Windows\System\VTnIhzE.exe
  C:\Windows\System\VTnIhzE.exe
  2⤵
  PID:10224
- C:\Windows\System\TdexXJS.exe
  C:\Windows\System\TdexXJS.exe
  2⤵
  PID:8812
- C:\Windows\System\UmKkWuj.exe
  C:\Windows\System\UmKkWuj.exe
  2⤵
  PID:9252
- C:\Windows\System\nOESXiQ.exe
  C:\Windows\System\nOESXiQ.exe
  2⤵
  PID:9072
- C:\Windows\System\fyiLUfu.exe
  C:\Windows\System\fyiLUfu.exe
  2⤵
  PID:9228
- C:\Windows\System\PDWfyvr.exe
  C:\Windows\System\PDWfyvr.exe
  2⤵
  PID:8744
- C:\Windows\System\AUhGwsy.exe
  C:\Windows\System\AUhGwsy.exe
  2⤵
  PID:9268
- C:\Windows\System\FOnqGKT.exe
  C:\Windows\System\FOnqGKT.exe
  2⤵
  PID:9312
- C:\Windows\System\EVRCESA.exe
  C:\Windows\System\EVRCESA.exe
  2⤵
  PID:9360
- C:\Windows\System\QBunmfG.exe
  C:\Windows\System\QBunmfG.exe
  2⤵
  PID:9384
- C:\Windows\System\lEhAaGb.exe
  C:\Windows\System\lEhAaGb.exe
  2⤵
  PID:9416
- C:\Windows\System\lGgWhkI.exe
  C:\Windows\System\lGgWhkI.exe
  2⤵
  PID:9468
- C:\Windows\System\SaGSAIC.exe
  C:\Windows\System\SaGSAIC.exe
  2⤵
  PID:9392
- C:\Windows\System\ofOHXoD.exe
  C:\Windows\System\ofOHXoD.exe
  2⤵
  PID:9568
- C:\Windows\System\jNRlFMC.exe
  C:\Windows\System\jNRlFMC.exe
  2⤵
  PID:9612
- C:\Windows\System\MXCIlwf.exe
  C:\Windows\System\MXCIlwf.exe
  2⤵
  PID:9680
- C:\Windows\System\AulDDmK.exe
  C:\Windows\System\AulDDmK.exe
  2⤵
  PID:9752
- C:\Windows\System\zQKAzSn.exe
  C:\Windows\System\zQKAzSn.exe
  2⤵
  PID:9792
- C:\Windows\System\gySdbwU.exe
  C:\Windows\System\gySdbwU.exe
  2⤵
  PID:9796
- C:\Windows\System\xsRiKvG.exe
  C:\Windows\System\xsRiKvG.exe
  2⤵
  PID:9812
- C:\Windows\System\MNLaOmA.exe
  C:\Windows\System\MNLaOmA.exe
  2⤵
  PID:9832
- C:\Windows\System\jiKHRBa.exe
  C:\Windows\System\jiKHRBa.exe
  2⤵
  PID:9860
- C:\Windows\System\qOVipHG.exe
  C:\Windows\System\qOVipHG.exe
  2⤵
  PID:9964
- C:\Windows\System\bKxCWAi.exe
  C:\Windows\System\bKxCWAi.exe
  2⤵
  PID:9976
- C:\Windows\System\wkysjAO.exe
  C:\Windows\System\wkysjAO.exe
  2⤵
  PID:10012
- C:\Windows\System\xVmvdrP.exe
  C:\Windows\System\xVmvdrP.exe
  2⤵
  PID:10032
- C:\Windows\System\ECDftxX.exe
  C:\Windows\System\ECDftxX.exe
  2⤵
  PID:10148
- C:\Windows\System\JtMqrfY.exe
  C:\Windows\System\JtMqrfY.exe
  2⤵
  PID:10180
- C:\Windows\System\FvaFhxC.exe
  C:\Windows\System\FvaFhxC.exe
  2⤵
  PID:10220
- C:\Windows\System\hQmVIDl.exe
  C:\Windows\System\hQmVIDl.exe
  2⤵
  PID:9240
- C:\Windows\System\qzwQHzy.exe
  C:\Windows\System\qzwQHzy.exe
  2⤵
  PID:9288
- C:\Windows\System\kslxZQQ.exe
  C:\Windows\System\kslxZQQ.exe
  2⤵
  PID:9296
- C:\Windows\System\iIZvIou.exe
  C:\Windows\System\iIZvIou.exe
  2⤵
  PID:8488
- C:\Windows\System\GqRCUMJ.exe
  C:\Windows\System\GqRCUMJ.exe
  2⤵
  PID:9316
- C:\Windows\System\mhZiOsV.exe
  C:\Windows\System\mhZiOsV.exe
  2⤵
  PID:9436
- C:\Windows\System\egqxgGl.exe
  C:\Windows\System\egqxgGl.exe
  2⤵
  PID:9308
- C:\Windows\System\xqPecns.exe
  C:\Windows\System\xqPecns.exe
  2⤵
  PID:9528
- C:\Windows\System\HPQvHHo.exe
  C:\Windows\System\HPQvHHo.exe
  2⤵
  PID:9564
- C:\Windows\System\UfuBeky.exe
  C:\Windows\System\UfuBeky.exe
  2⤵
  PID:9640
- C:\Windows\System\XAuxlYs.exe
  C:\Windows\System\XAuxlYs.exe
  2⤵
  PID:9736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CRsFdtu.exe

Filesize
6.0MB

MD5
66eeee9e929e61b9b2423c385d188c9e

SHA1
ba7c62ff907d60e81105fd10b04979c5152727b0

SHA256
1b45552952ceb3409ab3ad46f9fc18eda541d8a7ec301df5f9ef2065ad8b7a2f

SHA512
8c9291937dc26c86f3efc01741a02ce4529170b6eee499b42a7893cf58022eb06002a70a67c3123d8f6a5d2edd92d4c6fd6953d7a8f42324529a194cbe616c98

Download Submit
C:\Windows\system\DyXtfIE.exe

Filesize
6.0MB

MD5
18cfd451fad6aebdb313eb95dd538f54

SHA1
839bd03c884013018d471a67873d888f6e39c5fd

SHA256
f87982476fe93c39e125bfa61f719ba979f9659276f7c1972e4d37c1b3a0de34

SHA512
e0ba8ffde8825f9333c8c302db91cec945167305fc9bf0758e85fca8079e80e2ff518423a46d06cb807eb0558d655f35fd25c5a83901e6076d634a649378a611

Download Submit
C:\Windows\system\GgEeuuz.exe

Filesize
6.0MB

MD5
9011a155dabde3c56388de8646fba91e

SHA1
617ad84fac941e91a0ae8d3c529dd2634a8d2aa5

SHA256
644c93d1ad4f991b499bf72ee936b585984b865a4136d03cfb0c1d776b55e448

SHA512
97077df1573e550277426b4f416d23ecb34d6fdeafde7e5845f1c1e05d78ae98774920722bd5b7c35d64ad76e3f90f3c78a516ebf700d5ca0c02d8815aac431c

Download Submit
C:\Windows\system\JMRUDwe.exe

Filesize
6.0MB

MD5
62d824124cc03244e6f91ceb5a12635c

SHA1
fa25ff2e94fcdcb95b49d02c820514f1bbe605e0

SHA256
69cdaaca49c3761f5178b3bae63c5e378b92b45baead76adf0a4d9de9cd82073

SHA512
79ec90c445bd2757de6d308709d19099e7015ee456717e7551003a733391132d0b3ca6667d1884df6addd9de761988e5bb826607fbc2dcbedeb4b3dc6dc49e22

Download Submit
C:\Windows\system\KZLJYsU.exe

Filesize
6.0MB

MD5
e756f3c022b700e6d550eaffe1e04a17

SHA1
9328d1756ee18d07917c4d1fa5a985c1bbbc60b9

SHA256
6498138cab687743581422b494e41fb58606cb82b814008c907edf5d2a0f1df1

SHA512
42a9f90a363fff3ab25a75a811e0d960f47db3ef96c68c7550373142dddb252a14c8e8210f3ffbc6cccd8cc4fd743e8ac25c9555471b4c5c1c815b79e99d56ef

Download Submit
C:\Windows\system\MdavcFx.exe

Filesize
6.0MB

MD5
d37f14b13ab23dbd2b9d12a59272d869

SHA1
7dce1517b5b84eb7d4ed8f8d03c107a40901a376

SHA256
d4c2ae83ec48263d41a5d916dc01712f6c2cd407b3c03e6aa5371377ef823d87

SHA512
c80c4d50cbbbbf9d0062e242d931f36b7a3668f6c03a61ef174ad00f73265a3a30c276d1c22f10143a447dbe58dc591dadc9501f327a535df2374eb6a3297493

Download Submit
C:\Windows\system\MxFPSnn.exe

Filesize
6.0MB

MD5
fb6b6e42d55bea25c74af32fc7aec716

SHA1
97b92997e959768df28671fbb6b02ab7c4417398

SHA256
6d1bc6f8477a101b2d987971dca478bebad94c6cf544bd5742b73e2dbf63554a

SHA512
ce71d5425f8dcefef88502c0b5dd0baa517d2f76afb7e77df594927119b01734a0041080b11e47276b45cf8c4dde8008f0ee1577c247f0cc3750b5872052c187

Download Submit
C:\Windows\system\NbjIwok.exe

Filesize
6.0MB

MD5
43e8c6bfc515302e5ee19d55a214d7a0

SHA1
5b35190d0abd9b6037dca53dcdc9aaa65b5e7b3c

SHA256
8692cb84a4d106158a4ca6004fa9de51560568ff06c8f222702b2582a1135113

SHA512
3e999727f13c0e559373851eb9a561d4eb8cb617247e268b5658fe946ece458b263dc502ea2707cbbb99b610c06ae222a36191c7bde896adb0904bff747ab38e

Download Submit
C:\Windows\system\QqCRSJj.exe

Filesize
6.0MB

MD5
adb77545946bb97b6503e7ec547102fd

SHA1
efdc9348af97b0fe7e5901524140898d82e66723

SHA256
a9fb67e9a5e785fcaf813555b30f584949fcd06cf73a4ac2cbe3c087538a2b72

SHA512
446c8a194dca293c83ab646f892c36f1b5a1170672212df9a0be8907e533629c3954c2a5521b5a310263ec71d59f2629bcc3c4fef4d649d91363137f943feece

Download Submit
C:\Windows\system\TJsRmIR.exe

Filesize
6.0MB

MD5
bdca8b8c570d041e92f1ffdd351ec0d0

SHA1
431b3fbe062190d16ed12afd17ab4052101fcc23

SHA256
86ce26615a4aec7192933b89753b8295e47af993f810cb3a3527ed62f379d2d0

SHA512
150e245bb4451a7ef77df12e8f9a665d708dd62f8a5d6959472ebe8085b574a7e5cc747ede38ba220b77b90771bcd64d50600978b62eb7b6d7257607ab56df40

Download Submit
C:\Windows\system\XEnODtE.exe

Filesize
6.0MB

MD5
34227abab88c237f3a6f6d87378bf77d

SHA1
4c4ba5135437c142634db5577acca2c59a71573a

SHA256
ad0f253234bfa4a18236f61e118e5f02f27d8b83f82abfcc911f4e0341a5f359

SHA512
cf9414fd827be197808107ca7a556ba3bc3bc01783023c06bbf487e60362a86496b346c5a384ffc9eff6a6b58fbf4030bea73e7ad4fde6ab34da44edc08db7a7

Download Submit
C:\Windows\system\ZVDxlrD.exe

Filesize
6.0MB

MD5
7baeb11be48d2dc55d22c9c576eee462

SHA1
d2a9386498b45ce972608fc7410cd53a8a4d964d

SHA256
e21815cd0e70de1ed30ec20e9bc12769164582de96eb35cfa19097c01af3e1c5

SHA512
df9ecfe6cf5af55fd2c300025ce737c4787633b5fc96d549c385f7927cf4751c9d38fb843d0adc58e587c1484d9c6a42c5fc2724f1e185fcde83118ec3f4deed

Download Submit
C:\Windows\system\cieiZwY.exe

Filesize
6.0MB

MD5
5a2aa34efff3bbc00730045c09a8a610

SHA1
e06b9d841790a32624405a6de1b0eb6b29076fda

SHA256
d46566edcd4bcbf72c4393a65fd406885866b1c4a3d39b536e02d44326e770a8

SHA512
edda57c245f968599044a19c31b18ecdbb0fd84b92bd63f26e4a3de47259cfcca622465bbaa4c2ad1ce562ae1afaa9dc4d32edcd3edf655051d1c43c4c0c40ae

Download Submit
C:\Windows\system\cpzdYhc.exe

Filesize
6.0MB

MD5
08633e9cb11d6e9a56a05bf015d7b782

SHA1
2cecd7ecf7112ef060ee66f2d8cca9d535c5466c

SHA256
4ce5ee3d15efc7ef4994f030b6d7f01fcd49c749d5da453776a9e6bc0dd6a90d

SHA512
92e1b3b7b97a4ec4d488ea0f162a9621079b73839eb37e206e9beb6f8f17e9d025a460d7ed9a71034c0a0cbafb64fb8e4f58381a0a030cd9c58383a3a7ebfe78

Download Submit
C:\Windows\system\dstRwYc.exe

Filesize
8B

MD5
a5ce0e1cd1d3917f12b2586698d6dcc3

SHA1
2f4215182cfc776d7694eb4ff7274612b0593eeb

SHA256
48b3f31c2ddcc55f74d70a7833a2b09f6b374689bbf4cb6de601d6a621a2abbc

SHA512
f349489705218d3925cc06581c9fd70709fc5a0bb4f86496e55ebbbc637c745339459701ffd3b7a8c11bbfdd4f5b738df89620bf4327ebc87ea6731f85a01281

Download Submit
C:\Windows\system\eEfAslz.exe

Filesize
6.0MB

MD5
78d0a6129bba571d13068ed6d07dbead

SHA1
7d4304c570bcc8e627c7a64c1200708359cd08a8

SHA256
a7aaa149d156994c0ab60d978a2af1c065eb0c1030a3bd35cdd0bc92316f3165

SHA512
49ab89256c89d2a8cf3d9c8cd594c5368b452ffe6462903a8ef4aad060a7628a3fc523a8bcca98ab73ed0f21d940e49a0f38ccaefe758420df832f09ab0829be

Download Submit
C:\Windows\system\ehslXeZ.exe

Filesize
6.0MB

MD5
0be9f6ba9390cfe69db94cd9f9c7d7ca

SHA1
476df64d9f3c987b9a3aa33d3c7ef5dfb297f1f1

SHA256
d724d8dc597f16b92e6df1d55e0e5eda07432d895e94b6562b70caf4a6ece8a4

SHA512
1653e7e20173a5e649cd6f9054f9a65c0144bde5b84d7955a073aca6d6af666d182430f8b587309c692a4dbf325e0484a60b34d51d409c78370975c524af2b25

Download Submit
C:\Windows\system\fNzmaSV.exe

Filesize
6.0MB

MD5
67bb22c5d8b4e239f8d53b9c366c9b45

SHA1
c51c2cdcd0f8f8f19e7410fbe00570676d6ae541

SHA256
d05f9c40c21d1b60b27533b5e818f2f6f63d8e72c44e05ff67f6bb72b7abded4

SHA512
73056ee73b1fbf5a29758c9fa59d7e1d54075140f115187d208409ab3eea37173f7987e8b3f762d7e42d9e40ea784c9ef1ca458dd5e17b94e0d2b8856087aa67

Download Submit
C:\Windows\system\fkqMsAE.exe

Filesize
6.0MB

MD5
2803b88b1df8e53779126a0a23fee0fc

SHA1
b052d72712ed8723f444f38d3ef4aca33dacd9a5

SHA256
de7f46c3d90bf4a7ef7da31648c50c9b9167929e363e93559164530b590adaa9

SHA512
8e538b6e76f19c9f7beef1a4c73e7fc4d3dc55d6334652d8c8fda554a5236f804b3236373286831e283e5e04c9c67b7062ef30334ae74abce1a2cc895df797f3

Download Submit
C:\Windows\system\gPhhmbk.exe

Filesize
6.0MB

MD5
1697075f2dd13da4a954073bf7c56cc4

SHA1
ea86b124e3f65b1e3a9f6fab81bcb7a8ea279694

SHA256
3283900cbdc2a48165b5ccd6126590688501368fa21b87bf8aa86af734deb2da

SHA512
b7fe1edd88c0b3db76dbab0765a9d2752265a65872a10d61d806ad7903e6d1311c8f8a89185f9bb7bb770b26e4e8fd44d19946bf3f81c26292095cc5ac86aa4d

Download Submit
C:\Windows\system\jGRWrkB.exe

Filesize
6.0MB

MD5
f65c2458858b2dc0b313a7a93d01758c

SHA1
71ad458cf931a1019ecfb36a35571a30dd84be3d

SHA256
3a15501e8b8e97a34b6c9dd39355baad261d5ddb8295746805ea99b665c86990

SHA512
0b1b34f1b884ddf08e90eba2395c38de6c4a0a6dffbb20670c37d9fe14749cdc0f2ef7fb4eb501991fdc019d4516dfd0f618f36276d40a0e105dd2225ac81325

Download Submit
C:\Windows\system\kblCASV.exe

Filesize
6.0MB

MD5
4a1334b491744d880ff18c43c3fa85f8

SHA1
e0bfc955d8e6de4e1b42b3788c6c1c187b563e17

SHA256
3d7984b55e2957ef849fd8bde2ecf32f5ffd1fda2fa2c1b33a1da7fc2aacdf26

SHA512
262f7aaf1416c9de4ed4d85d507ad9d792317f3723a9ff5b4c78a76362eef0d2a05efa660833c13b1d1c0bcd103a1581072cc0c5bb99c0df782707ac64192763

Download Submit
C:\Windows\system\kuwBNEC.exe

Filesize
6.0MB

MD5
128dcd0f423165d3c5deac3411df3ebe

SHA1
04673c65727f019fd7b94feedc2a31b2b3bbb77f

SHA256
aa87d561fa4e63904a9c9d2e10e470907d571e59986efe46b99b06a72fde4501

SHA512
65fba66fa05a5347e2639afe425c5e266b48eee5412941a1e8417d1d8bd0d84ef819b378018937c8745217eec51edfae97cad303fcf6f18f083084823c585d2e

Download Submit
C:\Windows\system\mNcNglI.exe

Filesize
6.0MB

MD5
4e04898d00424ac00a1664f025ca989a

SHA1
b4c16f2fe8ccc3fdc0c6b4689f9c16f4fbe49915

SHA256
d1e5a0703b1fa2b2312dedb764426defce207a4becc666fa9c269346fb81e24a

SHA512
8034cddd5a268ca0d63e1811e87ec3d9a1e417648e220da5f8dd1db3c3b0cc3adbfc95944757dc22cdec3f1b817e935fa220087b1958b796401364bd74d8d01a

Download Submit
C:\Windows\system\nGlAXOl.exe

Filesize
6.0MB

MD5
ab5c5ea57dfee73a0dfeb217c9ab85be

SHA1
e81726df3987926ab2a825bf560ead058c740bb8

SHA256
5059a3fe04363a8b4cb8a8e0a0dfcbf82b2d9bb931aa0f63b94243e838b9ed5b

SHA512
b9b885ae1848d3141434fe555e04cae115dc4adc13fd9e139028710f6579cddd489d727d6b6ed0eb032c5942ed7ba89170d7680fdbed828e0b35ccc8a87e37be

Download Submit
C:\Windows\system\oJmceqP.exe

Filesize
6.0MB

MD5
cfc986a4258b6f980a53ab30243cf765

SHA1
1c58913e59f8b9961ed7adcc767e0614c725c770

SHA256
a08d1827d352e4b04f13079e5287af27b99c611a6d930eb9e7cb9e7e1819f14c

SHA512
f4033c3706c0f9cb70b2621781807fc2e1f313a181f6d323ca0efd5f56288c11e9f02dc161e917574dba3b11493a0e034ae68cf5af94110bd7d7a9e8ad7a06b3

Download Submit
C:\Windows\system\orEGvaY.exe

Filesize
6.0MB

MD5
d2a565eaf3d85a61d29cc3a987c65b9a

SHA1
b245f6633a0aa9fd8d6948ad7dec84dff8aad49a

SHA256
ebb4edca38160cb3be89ed02d54026ad103e56da79578b59e3112a36f6d91c88

SHA512
3e005cec93f67f3c4196ebacb72a8250e34ed9bfde6dea2665975bf5c74c6609ebe11c10f04005a1fcd9b6c5f81f66ed70f7e032490fe8a04f707a66b5cfb52a

Download Submit
C:\Windows\system\tqEkcMi.exe

Filesize
6.0MB

MD5
c521cf54a03818aa5f971ee5b4e816e0

SHA1
a3004747908b7e819b9e3e97e5f13bdb24f961df

SHA256
a6fef708837ee3f1498ef53efbfc9ee457db43a0a428ffbee30fedf5c9301a13

SHA512
80ff6da632d02a3199f4184171edef78beaf80a2e035df6a9622c631cbefa667e1d43fdc7926233937a1723944530be69704126827350647e0a035aa8716bfb5

Download Submit
C:\Windows\system\xzZjMUo.exe

Filesize
6.0MB

MD5
971f7dd1608ff82fada10b7caf562b9a

SHA1
dbb317a79a449c8e6129bc1d30b7384be325d8a1

SHA256
2963c7f96e5a3e8b9955926e01be13825b4ca0097578b0fe1b2a4fa5dd085cbf

SHA512
3d54d6e3df26f2242ec0436ffd66f9c8892a5d0f23656c6f141e41eedb9505b6abd550e47c7533d59e9edc24abe99fa4fcdb496485c4e72fce48f6b6c7a4f26c

Download Submit
C:\Windows\system\zLBFzjA.exe

Filesize
6.0MB

MD5
e03dd1e9f4634c74bf70e4a5b4f5310e

SHA1
1dd4c35fc9efc521c480a67d572920db8acf3f6f

SHA256
367731dbdf5a7934106a42ac5c441fae31d9d3f10f56990b02fc245560784da7

SHA512
94c22da447c5a6ab48e9d0ceac89837702c88700d6c4884adb1aeae9a212501249f233094d02c92cae3f1107f51c213c453bac343209b255238fa5153a88c118

Download Submit
C:\Windows\system\zWqINvo.exe

Filesize
6.0MB

MD5
404637ee447e0a80d836697e2aed157a

SHA1
d44e22f405442aa2371bd9f8b9d3af8f7713c479

SHA256
b1796f5edc600589e8bf92c14fde99f7c9fa74cafecb3d387f20c6a80591204d

SHA512
6a91103d45ade87c7272a6ed870a515574bb721d1a15af8819c25f5599259a4402bdc961f68eaf4cb18c1adbfd1b9b244617d1bf5cacb6645163a0e780a83cd2

Download Submit
\Windows\system\IWChDtw.exe

Filesize
6.0MB

MD5
ce5c4857fd0f31e58abcd4e30216f5e8

SHA1
10ee7297992586afa71e2ffc8f5f1303cfe1eee8

SHA256
26909a8da54bc2d386ae9dfb1df8870eb88e8fe677b4985d8af47f912529dfdc

SHA512
2b99010ac1c7aa7f2ed8b9b337c3cd85fb3e3733db46bedcd5707d1c5d0b7cfb138bfd60e4813df81b30cbd08c827296ed274affb9613d0c7b9a4853e1c80cb8

Download Submit
\Windows\system\XYztVfB.exe

Filesize
6.0MB

MD5
5cb098535e986a11b82118ef43a074a5

SHA1
93ff92d21ae7434ec93295b7d6849358a8e4dd6f

SHA256
d296d2389ffc19e508daf830384583bc67c70ddb84b017eddbbb5686fa99dae7

SHA512
2abbde910a233c15a9f3cdfa5dbd51243a14f37faefa641f67c75c81491c33f213a7b735ca53d1c09a8b72c96fb3de0b2ce7e45dcf88758a8faded04904c1771

Download Submit
memory/1732-830-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/1732-3126-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2112-3148-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2112-741-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2240-806-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2240-3143-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2476-3138-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-786-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-870-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2536-3140-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2672-754-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3134-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3135-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2684-726-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3141-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2732-770-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3142-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-722-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-887-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3127-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1882-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2800-84-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2800-831-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2800-787-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2800-723-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2800-771-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2800-851-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2800-755-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2800-871-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-742-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2800-888-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2800-725-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1866-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2800-727-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1876-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2800-0-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1884-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1898-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1907-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1916-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2800-2048-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1904-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2800-6-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1937-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1935-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2800-729-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1924-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1313-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1887-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1624-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-807-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1789-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2920-3128-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2920-724-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1788-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3103-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3130-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2936-728-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2988-3147-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-850-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download