cobaltstrike | 07385bf22ab765fe85eb76a89159efea86583de65d3333768935323fe25e20f0

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25/11/2024, 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

65e4ea81bb98c343b8a99210e154329f
SHA1

c6d36e10ce46022309a4661fd6f7b5deaf528aed
SHA256

07385bf22ab765fe85eb76a89159efea86583de65d3333768935323fe25e20f0
SHA512

13cbee0d97a2d2769e4fb0d544bca1bafa0864becd1f685ddeea3f8429455938ba308c74828f2bde393c95fce057f845dfe4d219b03257233ddbab5f5c83427d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUb:T+q56utgpPF8u/7b

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001225e-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018780-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018bdd-13.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001921d-21.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001923e-26.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019242-30.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e4-46.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001955c-58.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019581-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c0-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019551-55.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e6-50.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001930d-40.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001925b-36.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c32-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019999-174.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ed-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001969b-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019659-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-152.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fe-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019601-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019603-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ff-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fd-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fb-116.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018718-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f9-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f7-76.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2636-0-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x000b00000001225e-3.dat	xmrig
behavioral1/files/0x0007000000018780-8.dat	xmrig
behavioral1/files/0x0008000000018bdd-13.dat	xmrig
behavioral1/files/0x000700000001921d-21.dat	xmrig
behavioral1/files/0x000600000001923e-26.dat	xmrig
behavioral1/files/0x0006000000019242-30.dat	xmrig
behavioral1/files/0x00050000000194e4-46.dat	xmrig
behavioral1/files/0x000500000001955c-58.dat	xmrig
behavioral1/files/0x0005000000019581-65.dat	xmrig
behavioral1/files/0x00050000000195c0-70.dat	xmrig
behavioral1/files/0x0005000000019551-55.dat	xmrig
behavioral1/files/0x00050000000194e6-50.dat	xmrig
behavioral1/files/0x000800000001930d-40.dat	xmrig
behavioral1/files/0x000600000001925b-36.dat	xmrig
behavioral1/memory/2636-73-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/2636-103-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2056-102-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2976-101-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2636-861-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c36-189.dat	xmrig
behavioral1/files/0x0005000000019c34-185.dat	xmrig
behavioral1/files/0x0005000000019c32-180.dat	xmrig
behavioral1/files/0x0005000000019999-174.dat	xmrig
behavioral1/files/0x00050000000196ed-169.dat	xmrig
behavioral1/files/0x000500000001969b-163.dat	xmrig
behavioral1/files/0x0005000000019659-159.dat	xmrig
behavioral1/files/0x0005000000019605-147.dat	xmrig
behavioral1/files/0x0005000000019615-152.dat	xmrig
behavioral1/files/0x00050000000195fe-138.dat	xmrig
behavioral1/files/0x0005000000019601-133.dat	xmrig
behavioral1/files/0x0005000000019603-141.dat	xmrig
behavioral1/files/0x00050000000195ff-129.dat	xmrig
behavioral1/files/0x00050000000195fd-121.dat	xmrig
behavioral1/files/0x00050000000195fb-116.dat	xmrig
behavioral1/files/0x0008000000018718-113.dat	xmrig
behavioral1/files/0x00050000000195f9-109.dat	xmrig
behavioral1/memory/2636-100-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/2864-99-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2912-97-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2732-95-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/3024-93-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2636-92-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2156-91-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2948-89-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2636-88-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/2964-87-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2840-85-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2636-84-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2464-83-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2636-82-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/3060-81-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2636-80-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/2532-79-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/1748-77-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x00050000000195f7-76.dat	xmrig
behavioral1/memory/2976-5001-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/3024-4999-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2840-4998-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/3060-4997-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2912-4996-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2056-4985-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2864-4984-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2464-5010-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2056	EakBewg.exe
1748	SwUWLyy.exe
2532	sLXdBhQ.exe
3060	FeaqPty.exe
2464	sXadKyu.exe
2840	BHZnQDL.exe
2964	HtozReb.exe
2948	wzxcMkk.exe
2156	JWsyCZD.exe
3024	gfwxvoz.exe
2732	hZPOsYG.exe
2912	nBhfNUB.exe
2864	wkZDMKH.exe
2976	qMTMbBb.exe
1088	XPxmRVR.exe
1604	pBFoAWr.exe
1864	vSegvpE.exe
1732	dVLsfHK.exe
2004	EmMszWl.exe
1476	WireYpe.exe
2028	kUjSiIQ.exe
1844	UARNkJO.exe
1236	YxAnllr.exe
2916	DsuBvyr.exe
2924	xEufQRq.exe
2656	zfwAapr.exe
2176	hTizGfG.exe
2512	OpTqrah.exe
1600	ezvKyXc.exe
828	YqsCUeK.exe
2188	opRdmjQ.exe
1736	WOwOkgI.exe
1312	dcyENgu.exe
1796	hbqAsla.exe
608	vJHRbyo.exe
1852	VHUPwDc.exe
2368	kWbqTDE.exe
868	yLUwGIJ.exe
1468	RMGsFIP.exe
932	iZHGjfP.exe
1572	KncsmFq.exe
2024	FzUOgMa.exe
2468	xuphjJC.exe
1400	oCvbdGd.exe
2360	pMEZweS.exe
2664	ENtYVKA.exe
2492	aWDoeiU.exe
1212	YwVvlJv.exe
396	uPpSZJO.exe
540	IETHbHf.exe
2132	cVCHPNv.exe
1524	DUmunWP.exe
1536	wUrQVDb.exe
2352	HfQDPRx.exe
2620	CemsbsF.exe
2588	sShDdMu.exe
2956	CxKVUBf.exe
2848	pmWpSFI.exe
2556	BTSrPfE.exe
3040	KgjzoGu.exe
2744	WjnuHAg.exe
2716	XqoNpMG.exe
2596	ZSHdvYE.exe
1672	rYnmNsK.exe

Loads dropped DLL 64 IoCs

pid	Process
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2636-0-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x000b00000001225e-3.dat	upx
behavioral1/files/0x0007000000018780-8.dat	upx
behavioral1/files/0x0008000000018bdd-13.dat	upx
behavioral1/files/0x000700000001921d-21.dat	upx
behavioral1/files/0x000600000001923e-26.dat	upx
behavioral1/files/0x0006000000019242-30.dat	upx
behavioral1/files/0x00050000000194e4-46.dat	upx
behavioral1/files/0x000500000001955c-58.dat	upx
behavioral1/files/0x0005000000019581-65.dat	upx
behavioral1/files/0x00050000000195c0-70.dat	upx
behavioral1/files/0x0005000000019551-55.dat	upx
behavioral1/files/0x00050000000194e6-50.dat	upx
behavioral1/files/0x000800000001930d-40.dat	upx
behavioral1/files/0x000600000001925b-36.dat	upx
behavioral1/memory/2056-102-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2976-101-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2636-861-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x0005000000019c36-189.dat	upx
behavioral1/files/0x0005000000019c34-185.dat	upx
behavioral1/files/0x0005000000019c32-180.dat	upx
behavioral1/files/0x0005000000019999-174.dat	upx
behavioral1/files/0x00050000000196ed-169.dat	upx
behavioral1/files/0x000500000001969b-163.dat	upx
behavioral1/files/0x0005000000019659-159.dat	upx
behavioral1/files/0x0005000000019605-147.dat	upx
behavioral1/files/0x0005000000019615-152.dat	upx
behavioral1/files/0x00050000000195fe-138.dat	upx
behavioral1/files/0x0005000000019601-133.dat	upx
behavioral1/files/0x0005000000019603-141.dat	upx
behavioral1/files/0x00050000000195ff-129.dat	upx
behavioral1/files/0x00050000000195fd-121.dat	upx
behavioral1/files/0x00050000000195fb-116.dat	upx
behavioral1/files/0x0008000000018718-113.dat	upx
behavioral1/files/0x00050000000195f9-109.dat	upx
behavioral1/memory/2864-99-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2912-97-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2732-95-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/3024-93-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2156-91-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2948-89-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2964-87-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2840-85-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2464-83-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/3060-81-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2532-79-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/1748-77-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x00050000000195f7-76.dat	upx
behavioral1/memory/2976-5001-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/3024-4999-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2840-4998-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/3060-4997-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2912-4996-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2056-4985-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2864-4984-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2464-5010-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2532-5009-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2156-5008-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2964-5007-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/1748-5044-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2948-5043-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2732-5006-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NmhxvVv.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YGtHrIo.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\njPLQaM.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gUSeUjV.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AkzNXvG.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VHUPwDc.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nSsobVE.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HsSOZke.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yBLnzwH.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lQFDSnu.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mgWFEVk.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SFiobRy.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\okioNZQ.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MvFdjNU.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nBLfWht.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OJITZtX.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xpKYtLI.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AmwZEdF.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xyUTVWT.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YABMItC.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDwgEQe.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXHiakQ.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owMziOe.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KuieOqJ.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZOVxLlF.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EVtdPus.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bhzpNEo.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tRvStct.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VwvOnGW.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lIwkdVQ.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MGejmcL.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGsvTLE.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BBQnRgn.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tXDdwUd.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hTizGfG.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\taEKdYG.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJDtFnk.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UoHWyzy.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWbqTDE.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BTSrPfE.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OaWLhId.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UoVcCwt.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjBFVkN.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MUjDhyp.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jGKtHxc.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bVOZnnN.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eHwseMm.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qNoUuhB.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zKGpQjh.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IwAuNRO.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EanBFNr.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KSicBXu.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBxUjvh.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RMGsFIP.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNCHVNx.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tKDNuuI.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZqIOumT.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMfpDUP.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IUbBBeD.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EFhPjBB.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HKZPkFE.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mmXYrKe.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mFYKghz.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QMWRpSF.exe	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 2056	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2636 wrote to memory of 2056	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2636 wrote to memory of 2056	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2636 wrote to memory of 1748	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2636 wrote to memory of 1748	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2636 wrote to memory of 1748	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2636 wrote to memory of 2532	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2636 wrote to memory of 2532	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2636 wrote to memory of 2532	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2636 wrote to memory of 3060	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2636 wrote to memory of 3060	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2636 wrote to memory of 3060	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2636 wrote to memory of 2464	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2636 wrote to memory of 2464	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2636 wrote to memory of 2464	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2636 wrote to memory of 2840	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2636 wrote to memory of 2840	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2636 wrote to memory of 2840	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2636 wrote to memory of 2964	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2636 wrote to memory of 2964	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2636 wrote to memory of 2964	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2636 wrote to memory of 2948	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2636 wrote to memory of 2948	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2636 wrote to memory of 2948	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2636 wrote to memory of 2156	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2636 wrote to memory of 2156	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2636 wrote to memory of 2156	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2636 wrote to memory of 3024	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2636 wrote to memory of 3024	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2636 wrote to memory of 3024	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2636 wrote to memory of 2732	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2636 wrote to memory of 2732	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2636 wrote to memory of 2732	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2636 wrote to memory of 2912	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2636 wrote to memory of 2912	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2636 wrote to memory of 2912	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2636 wrote to memory of 2864	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2636 wrote to memory of 2864	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2636 wrote to memory of 2864	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2636 wrote to memory of 2976	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2636 wrote to memory of 2976	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2636 wrote to memory of 2976	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2636 wrote to memory of 1088	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2636 wrote to memory of 1088	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2636 wrote to memory of 1088	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2636 wrote to memory of 1604	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2636 wrote to memory of 1604	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2636 wrote to memory of 1604	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2636 wrote to memory of 1864	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2636 wrote to memory of 1864	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2636 wrote to memory of 1864	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2636 wrote to memory of 1732	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2636 wrote to memory of 1732	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2636 wrote to memory of 1732	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2636 wrote to memory of 2004	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2636 wrote to memory of 2004	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2636 wrote to memory of 2004	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2636 wrote to memory of 2028	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2636 wrote to memory of 2028	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2636 wrote to memory of 2028	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2636 wrote to memory of 1476	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2636 wrote to memory of 1476	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2636 wrote to memory of 1476	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2636 wrote to memory of 1236	2636	2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-25_65e4ea81bb98c343b8a99210e154329f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Windows\System\EakBewg.exe
  C:\Windows\System\EakBewg.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\SwUWLyy.exe
  C:\Windows\System\SwUWLyy.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\sLXdBhQ.exe
  C:\Windows\System\sLXdBhQ.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\FeaqPty.exe
  C:\Windows\System\FeaqPty.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\sXadKyu.exe
  C:\Windows\System\sXadKyu.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\BHZnQDL.exe
  C:\Windows\System\BHZnQDL.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\HtozReb.exe
  C:\Windows\System\HtozReb.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\wzxcMkk.exe
  C:\Windows\System\wzxcMkk.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\JWsyCZD.exe
  C:\Windows\System\JWsyCZD.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\gfwxvoz.exe
  C:\Windows\System\gfwxvoz.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\hZPOsYG.exe
  C:\Windows\System\hZPOsYG.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\nBhfNUB.exe
  C:\Windows\System\nBhfNUB.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\wkZDMKH.exe
  C:\Windows\System\wkZDMKH.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\qMTMbBb.exe
  C:\Windows\System\qMTMbBb.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\XPxmRVR.exe
  C:\Windows\System\XPxmRVR.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\pBFoAWr.exe
  C:\Windows\System\pBFoAWr.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\vSegvpE.exe
  C:\Windows\System\vSegvpE.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\dVLsfHK.exe
  C:\Windows\System\dVLsfHK.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\EmMszWl.exe
  C:\Windows\System\EmMszWl.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\kUjSiIQ.exe
  C:\Windows\System\kUjSiIQ.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\WireYpe.exe
  C:\Windows\System\WireYpe.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\YxAnllr.exe
  C:\Windows\System\YxAnllr.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\UARNkJO.exe
  C:\Windows\System\UARNkJO.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\xEufQRq.exe
  C:\Windows\System\xEufQRq.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\DsuBvyr.exe
  C:\Windows\System\DsuBvyr.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\zfwAapr.exe
  C:\Windows\System\zfwAapr.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\hTizGfG.exe
  C:\Windows\System\hTizGfG.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\OpTqrah.exe
  C:\Windows\System\OpTqrah.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\ezvKyXc.exe
  C:\Windows\System\ezvKyXc.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\YqsCUeK.exe
  C:\Windows\System\YqsCUeK.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\opRdmjQ.exe
  C:\Windows\System\opRdmjQ.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\WOwOkgI.exe
  C:\Windows\System\WOwOkgI.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\dcyENgu.exe
  C:\Windows\System\dcyENgu.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\hbqAsla.exe
  C:\Windows\System\hbqAsla.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\vJHRbyo.exe
  C:\Windows\System\vJHRbyo.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\VHUPwDc.exe
  C:\Windows\System\VHUPwDc.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\kWbqTDE.exe
  C:\Windows\System\kWbqTDE.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\yLUwGIJ.exe
  C:\Windows\System\yLUwGIJ.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\RMGsFIP.exe
  C:\Windows\System\RMGsFIP.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\iZHGjfP.exe
  C:\Windows\System\iZHGjfP.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\KncsmFq.exe
  C:\Windows\System\KncsmFq.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\FzUOgMa.exe
  C:\Windows\System\FzUOgMa.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\xuphjJC.exe
  C:\Windows\System\xuphjJC.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\oCvbdGd.exe
  C:\Windows\System\oCvbdGd.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\pMEZweS.exe
  C:\Windows\System\pMEZweS.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\ENtYVKA.exe
  C:\Windows\System\ENtYVKA.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\aWDoeiU.exe
  C:\Windows\System\aWDoeiU.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\YwVvlJv.exe
  C:\Windows\System\YwVvlJv.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\uPpSZJO.exe
  C:\Windows\System\uPpSZJO.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\IETHbHf.exe
  C:\Windows\System\IETHbHf.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\cVCHPNv.exe
  C:\Windows\System\cVCHPNv.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\DUmunWP.exe
  C:\Windows\System\DUmunWP.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\wUrQVDb.exe
  C:\Windows\System\wUrQVDb.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\HfQDPRx.exe
  C:\Windows\System\HfQDPRx.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\CemsbsF.exe
  C:\Windows\System\CemsbsF.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\sShDdMu.exe
  C:\Windows\System\sShDdMu.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\CxKVUBf.exe
  C:\Windows\System\CxKVUBf.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\pmWpSFI.exe
  C:\Windows\System\pmWpSFI.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\BTSrPfE.exe
  C:\Windows\System\BTSrPfE.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\KgjzoGu.exe
  C:\Windows\System\KgjzoGu.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\WjnuHAg.exe
  C:\Windows\System\WjnuHAg.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\XqoNpMG.exe
  C:\Windows\System\XqoNpMG.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\ZSHdvYE.exe
  C:\Windows\System\ZSHdvYE.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\rYnmNsK.exe
  C:\Windows\System\rYnmNsK.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\nhJeMdu.exe
  C:\Windows\System\nhJeMdu.exe
  2⤵
  PID:1624
- C:\Windows\System\djLSvfs.exe
  C:\Windows\System\djLSvfs.exe
  2⤵
  PID:836
- C:\Windows\System\osGOdic.exe
  C:\Windows\System\osGOdic.exe
  2⤵
  PID:316
- C:\Windows\System\aZrNJJI.exe
  C:\Windows\System\aZrNJJI.exe
  2⤵
  PID:3044
- C:\Windows\System\MYGGySR.exe
  C:\Windows\System\MYGGySR.exe
  2⤵
  PID:2316
- C:\Windows\System\ckIUFNF.exe
  C:\Windows\System\ckIUFNF.exe
  2⤵
  PID:1152
- C:\Windows\System\mBltqKI.exe
  C:\Windows\System\mBltqKI.exe
  2⤵
  PID:2452
- C:\Windows\System\gNxvNLL.exe
  C:\Windows\System\gNxvNLL.exe
  2⤵
  PID:2292
- C:\Windows\System\sLCiFUV.exe
  C:\Windows\System\sLCiFUV.exe
  2⤵
  PID:328
- C:\Windows\System\ZQYMoVp.exe
  C:\Windows\System\ZQYMoVp.exe
  2⤵
  PID:1708
- C:\Windows\System\FUVVesk.exe
  C:\Windows\System\FUVVesk.exe
  2⤵
  PID:1300
- C:\Windows\System\NJvNhSK.exe
  C:\Windows\System\NJvNhSK.exe
  2⤵
  PID:904
- C:\Windows\System\LiClBYr.exe
  C:\Windows\System\LiClBYr.exe
  2⤵
  PID:1488
- C:\Windows\System\MNCHVNx.exe
  C:\Windows\System\MNCHVNx.exe
  2⤵
  PID:696
- C:\Windows\System\IuJVSmo.exe
  C:\Windows\System\IuJVSmo.exe
  2⤵
  PID:2136
- C:\Windows\System\fftckBi.exe
  C:\Windows\System\fftckBi.exe
  2⤵
  PID:3032
- C:\Windows\System\DEHQLbk.exe
  C:\Windows\System\DEHQLbk.exe
  2⤵
  PID:2192
- C:\Windows\System\OajGPcQ.exe
  C:\Windows\System\OajGPcQ.exe
  2⤵
  PID:892
- C:\Windows\System\cOBtrNP.exe
  C:\Windows\System\cOBtrNP.exe
  2⤵
  PID:2244
- C:\Windows\System\FYEufHr.exe
  C:\Windows\System\FYEufHr.exe
  2⤵
  PID:2484
- C:\Windows\System\bMyjOUU.exe
  C:\Windows\System\bMyjOUU.exe
  2⤵
  PID:1644
- C:\Windows\System\BlnMhtU.exe
  C:\Windows\System\BlnMhtU.exe
  2⤵
  PID:2604
- C:\Windows\System\NvujNYn.exe
  C:\Windows\System\NvujNYn.exe
  2⤵
  PID:3020
- C:\Windows\System\kQywXvN.exe
  C:\Windows\System\kQywXvN.exe
  2⤵
  PID:3008
- C:\Windows\System\kArxhbd.exe
  C:\Windows\System\kArxhbd.exe
  2⤵
  PID:2804
- C:\Windows\System\bIdOrvK.exe
  C:\Windows\System\bIdOrvK.exe
  2⤵
  PID:2752
- C:\Windows\System\kMVpTIF.exe
  C:\Windows\System\kMVpTIF.exe
  2⤵
  PID:1884
- C:\Windows\System\khRkLHS.exe
  C:\Windows\System\khRkLHS.exe
  2⤵
  PID:1996
- C:\Windows\System\qOPKZeF.exe
  C:\Windows\System\qOPKZeF.exe
  2⤵
  PID:1692
- C:\Windows\System\FjyOGZU.exe
  C:\Windows\System\FjyOGZU.exe
  2⤵
  PID:3052
- C:\Windows\System\TmffdWK.exe
  C:\Windows\System\TmffdWK.exe
  2⤵
  PID:2208
- C:\Windows\System\lojGWqO.exe
  C:\Windows\System\lojGWqO.exe
  2⤵
  PID:1108
- C:\Windows\System\GjLpcBs.exe
  C:\Windows\System\GjLpcBs.exe
  2⤵
  PID:3088
- C:\Windows\System\qArmAsh.exe
  C:\Windows\System\qArmAsh.exe
  2⤵
  PID:3108
- C:\Windows\System\Zzgcaxy.exe
  C:\Windows\System\Zzgcaxy.exe
  2⤵
  PID:3128
- C:\Windows\System\ACIyTor.exe
  C:\Windows\System\ACIyTor.exe
  2⤵
  PID:3148
- C:\Windows\System\MOSaFrj.exe
  C:\Windows\System\MOSaFrj.exe
  2⤵
  PID:3168
- C:\Windows\System\DsjyqLs.exe
  C:\Windows\System\DsjyqLs.exe
  2⤵
  PID:3188
- C:\Windows\System\rCxUnQu.exe
  C:\Windows\System\rCxUnQu.exe
  2⤵
  PID:3208
- C:\Windows\System\JnEHTfI.exe
  C:\Windows\System\JnEHTfI.exe
  2⤵
  PID:3228
- C:\Windows\System\YJDLyPr.exe
  C:\Windows\System\YJDLyPr.exe
  2⤵
  PID:3248
- C:\Windows\System\WEvAKdE.exe
  C:\Windows\System\WEvAKdE.exe
  2⤵
  PID:3268
- C:\Windows\System\okioNZQ.exe
  C:\Windows\System\okioNZQ.exe
  2⤵
  PID:3288
- C:\Windows\System\OsPsaSQ.exe
  C:\Windows\System\OsPsaSQ.exe
  2⤵
  PID:3312
- C:\Windows\System\xbSdkWo.exe
  C:\Windows\System\xbSdkWo.exe
  2⤵
  PID:3332
- C:\Windows\System\CsieAdd.exe
  C:\Windows\System\CsieAdd.exe
  2⤵
  PID:3352
- C:\Windows\System\spqrZBk.exe
  C:\Windows\System\spqrZBk.exe
  2⤵
  PID:3372
- C:\Windows\System\fgIOGZS.exe
  C:\Windows\System\fgIOGZS.exe
  2⤵
  PID:3400
- C:\Windows\System\wNpOzQw.exe
  C:\Windows\System\wNpOzQw.exe
  2⤵
  PID:3420
- C:\Windows\System\XerLGLe.exe
  C:\Windows\System\XerLGLe.exe
  2⤵
  PID:3440
- C:\Windows\System\KSsNXmT.exe
  C:\Windows\System\KSsNXmT.exe
  2⤵
  PID:3460
- C:\Windows\System\VFnXuSg.exe
  C:\Windows\System\VFnXuSg.exe
  2⤵
  PID:3480
- C:\Windows\System\BdcdBWg.exe
  C:\Windows\System\BdcdBWg.exe
  2⤵
  PID:3500
- C:\Windows\System\qPSktCQ.exe
  C:\Windows\System\qPSktCQ.exe
  2⤵
  PID:3520
- C:\Windows\System\rLNNgeg.exe
  C:\Windows\System\rLNNgeg.exe
  2⤵
  PID:3540
- C:\Windows\System\NmhxvVv.exe
  C:\Windows\System\NmhxvVv.exe
  2⤵
  PID:3560
- C:\Windows\System\OwhbeJk.exe
  C:\Windows\System\OwhbeJk.exe
  2⤵
  PID:3580
- C:\Windows\System\pBhTEsG.exe
  C:\Windows\System\pBhTEsG.exe
  2⤵
  PID:3600
- C:\Windows\System\sTnZOgH.exe
  C:\Windows\System\sTnZOgH.exe
  2⤵
  PID:3620
- C:\Windows\System\zqeksFt.exe
  C:\Windows\System\zqeksFt.exe
  2⤵
  PID:3640
- C:\Windows\System\xEcsmwu.exe
  C:\Windows\System\xEcsmwu.exe
  2⤵
  PID:3660
- C:\Windows\System\fRpPDlD.exe
  C:\Windows\System\fRpPDlD.exe
  2⤵
  PID:3680
- C:\Windows\System\doJchYX.exe
  C:\Windows\System\doJchYX.exe
  2⤵
  PID:3700
- C:\Windows\System\zdUFwWh.exe
  C:\Windows\System\zdUFwWh.exe
  2⤵
  PID:3720
- C:\Windows\System\ZMyHOXF.exe
  C:\Windows\System\ZMyHOXF.exe
  2⤵
  PID:3740
- C:\Windows\System\oltWHgZ.exe
  C:\Windows\System\oltWHgZ.exe
  2⤵
  PID:3760
- C:\Windows\System\ArkSAHY.exe
  C:\Windows\System\ArkSAHY.exe
  2⤵
  PID:3780
- C:\Windows\System\fMPBjTE.exe
  C:\Windows\System\fMPBjTE.exe
  2⤵
  PID:3800
- C:\Windows\System\grgGlib.exe
  C:\Windows\System\grgGlib.exe
  2⤵
  PID:3820
- C:\Windows\System\Wxzacyh.exe
  C:\Windows\System\Wxzacyh.exe
  2⤵
  PID:3840
- C:\Windows\System\UUVQcFC.exe
  C:\Windows\System\UUVQcFC.exe
  2⤵
  PID:3860
- C:\Windows\System\JNbdUJO.exe
  C:\Windows\System\JNbdUJO.exe
  2⤵
  PID:3880
- C:\Windows\System\tLnPpZg.exe
  C:\Windows\System\tLnPpZg.exe
  2⤵
  PID:3900
- C:\Windows\System\aoqeriP.exe
  C:\Windows\System\aoqeriP.exe
  2⤵
  PID:3920
- C:\Windows\System\ERtXCIe.exe
  C:\Windows\System\ERtXCIe.exe
  2⤵
  PID:3940
- C:\Windows\System\HhsAPmz.exe
  C:\Windows\System\HhsAPmz.exe
  2⤵
  PID:3960
- C:\Windows\System\NitaozP.exe
  C:\Windows\System\NitaozP.exe
  2⤵
  PID:3980
- C:\Windows\System\tyYkETQ.exe
  C:\Windows\System\tyYkETQ.exe
  2⤵
  PID:4000
- C:\Windows\System\vIHqcuM.exe
  C:\Windows\System\vIHqcuM.exe
  2⤵
  PID:4020
- C:\Windows\System\FLXOjpK.exe
  C:\Windows\System\FLXOjpK.exe
  2⤵
  PID:4040
- C:\Windows\System\LHzNnLn.exe
  C:\Windows\System\LHzNnLn.exe
  2⤵
  PID:4060
- C:\Windows\System\MUjDhyp.exe
  C:\Windows\System\MUjDhyp.exe
  2⤵
  PID:4080
- C:\Windows\System\MtgpucB.exe
  C:\Windows\System\MtgpucB.exe
  2⤵
  PID:2676
- C:\Windows\System\ZFhoZgg.exe
  C:\Windows\System\ZFhoZgg.exe
  2⤵
  PID:1284
- C:\Windows\System\VjSAOvd.exe
  C:\Windows\System\VjSAOvd.exe
  2⤵
  PID:808
- C:\Windows\System\hhRRxnr.exe
  C:\Windows\System\hhRRxnr.exe
  2⤵
  PID:2504
- C:\Windows\System\KuieOqJ.exe
  C:\Windows\System\KuieOqJ.exe
  2⤵
  PID:1540
- C:\Windows\System\rFLwlBg.exe
  C:\Windows\System\rFLwlBg.exe
  2⤵
  PID:468
- C:\Windows\System\EwMGYXd.exe
  C:\Windows\System\EwMGYXd.exe
  2⤵
  PID:612
- C:\Windows\System\LKLfySx.exe
  C:\Windows\System\LKLfySx.exe
  2⤵
  PID:768
- C:\Windows\System\nglCbxA.exe
  C:\Windows\System\nglCbxA.exe
  2⤵
  PID:2612
- C:\Windows\System\blKzXRU.exe
  C:\Windows\System\blKzXRU.exe
  2⤵
  PID:2252
- C:\Windows\System\zcZhnIU.exe
  C:\Windows\System\zcZhnIU.exe
  2⤵
  PID:3004
- C:\Windows\System\UcQXcNo.exe
  C:\Windows\System\UcQXcNo.exe
  2⤵
  PID:2036
- C:\Windows\System\coZHtbO.exe
  C:\Windows\System\coZHtbO.exe
  2⤵
  PID:2768
- C:\Windows\System\JtrRTFU.exe
  C:\Windows\System\JtrRTFU.exe
  2⤵
  PID:356
- C:\Windows\System\dKkbhRU.exe
  C:\Windows\System\dKkbhRU.exe
  2⤵
  PID:2460
- C:\Windows\System\YGtHrIo.exe
  C:\Windows\System\YGtHrIo.exe
  2⤵
  PID:3080
- C:\Windows\System\gLSdwEw.exe
  C:\Windows\System\gLSdwEw.exe
  2⤵
  PID:3136
- C:\Windows\System\KVXqbCD.exe
  C:\Windows\System\KVXqbCD.exe
  2⤵
  PID:3164
- C:\Windows\System\lQeNtTO.exe
  C:\Windows\System\lQeNtTO.exe
  2⤵
  PID:3196
- C:\Windows\System\bceJPho.exe
  C:\Windows\System\bceJPho.exe
  2⤵
  PID:3220
- C:\Windows\System\kDzZNin.exe
  C:\Windows\System\kDzZNin.exe
  2⤵
  PID:3264
- C:\Windows\System\BgSuBDF.exe
  C:\Windows\System\BgSuBDF.exe
  2⤵
  PID:3308
- C:\Windows\System\ZMuGSfB.exe
  C:\Windows\System\ZMuGSfB.exe
  2⤵
  PID:3340
- C:\Windows\System\cHoGfvO.exe
  C:\Windows\System\cHoGfvO.exe
  2⤵
  PID:3368
- C:\Windows\System\hYIpjlO.exe
  C:\Windows\System\hYIpjlO.exe
  2⤵
  PID:3384
- C:\Windows\System\jGKtHxc.exe
  C:\Windows\System\jGKtHxc.exe
  2⤵
  PID:3432
- C:\Windows\System\rsdnLqO.exe
  C:\Windows\System\rsdnLqO.exe
  2⤵
  PID:3476
- C:\Windows\System\uoWRfnL.exe
  C:\Windows\System\uoWRfnL.exe
  2⤵
  PID:3492
- C:\Windows\System\RMYERRt.exe
  C:\Windows\System\RMYERRt.exe
  2⤵
  PID:3532
- C:\Windows\System\SLdAOEd.exe
  C:\Windows\System\SLdAOEd.exe
  2⤵
  PID:3576
- C:\Windows\System\RwUIKtr.exe
  C:\Windows\System\RwUIKtr.exe
  2⤵
  PID:3608
- C:\Windows\System\vaEJfyx.exe
  C:\Windows\System\vaEJfyx.exe
  2⤵
  PID:3632
- C:\Windows\System\NWYvVfX.exe
  C:\Windows\System\NWYvVfX.exe
  2⤵
  PID:3652
- C:\Windows\System\HpjVjBS.exe
  C:\Windows\System\HpjVjBS.exe
  2⤵
  PID:3716
- C:\Windows\System\vbbtiNS.exe
  C:\Windows\System\vbbtiNS.exe
  2⤵
  PID:3736
- C:\Windows\System\njPLQaM.exe
  C:\Windows\System\njPLQaM.exe
  2⤵
  PID:3776
- C:\Windows\System\iQvvxbu.exe
  C:\Windows\System\iQvvxbu.exe
  2⤵
  PID:3828
- C:\Windows\System\yUvzUlM.exe
  C:\Windows\System\yUvzUlM.exe
  2⤵
  PID:3832
- C:\Windows\System\OeczCwX.exe
  C:\Windows\System\OeczCwX.exe
  2⤵
  PID:3876
- C:\Windows\System\KaCvYmR.exe
  C:\Windows\System\KaCvYmR.exe
  2⤵
  PID:3908
- C:\Windows\System\DeKhHtV.exe
  C:\Windows\System\DeKhHtV.exe
  2⤵
  PID:3936
- C:\Windows\System\aEqBJDG.exe
  C:\Windows\System\aEqBJDG.exe
  2⤵
  PID:3968
- C:\Windows\System\EGzMQMM.exe
  C:\Windows\System\EGzMQMM.exe
  2⤵
  PID:4008
- C:\Windows\System\aklnuxG.exe
  C:\Windows\System\aklnuxG.exe
  2⤵
  PID:4068
- C:\Windows\System\jhGkvqE.exe
  C:\Windows\System\jhGkvqE.exe
  2⤵
  PID:4072
- C:\Windows\System\PQXYuxG.exe
  C:\Windows\System\PQXYuxG.exe
  2⤵
  PID:948
- C:\Windows\System\hDLSkwa.exe
  C:\Windows\System\hDLSkwa.exe
  2⤵
  PID:880
- C:\Windows\System\QkkcZKa.exe
  C:\Windows\System\QkkcZKa.exe
  2⤵
  PID:1704
- C:\Windows\System\NcjtVYL.exe
  C:\Windows\System\NcjtVYL.exe
  2⤵
  PID:2116
- C:\Windows\System\lAeutXR.exe
  C:\Windows\System\lAeutXR.exe
  2⤵
  PID:1532
- C:\Windows\System\dMDhaOi.exe
  C:\Windows\System\dMDhaOi.exe
  2⤵
  PID:2332
- C:\Windows\System\vyGeHAi.exe
  C:\Windows\System\vyGeHAi.exe
  2⤵
  PID:2212
- C:\Windows\System\QzyECqt.exe
  C:\Windows\System\QzyECqt.exe
  2⤵
  PID:1944
- C:\Windows\System\vPiWmPF.exe
  C:\Windows\System\vPiWmPF.exe
  2⤵
  PID:3076
- C:\Windows\System\xQUNhol.exe
  C:\Windows\System\xQUNhol.exe
  2⤵
  PID:3156
- C:\Windows\System\QyNvVLo.exe
  C:\Windows\System\QyNvVLo.exe
  2⤵
  PID:3184
- C:\Windows\System\ZEeoMkU.exe
  C:\Windows\System\ZEeoMkU.exe
  2⤵
  PID:3160
- C:\Windows\System\eVNYwof.exe
  C:\Windows\System\eVNYwof.exe
  2⤵
  PID:3296
- C:\Windows\System\BElqbND.exe
  C:\Windows\System\BElqbND.exe
  2⤵
  PID:3328
- C:\Windows\System\gUSeUjV.exe
  C:\Windows\System\gUSeUjV.exe
  2⤵
  PID:3436
- C:\Windows\System\BXKPGLG.exe
  C:\Windows\System\BXKPGLG.exe
  2⤵
  PID:3456
- C:\Windows\System\ohmbsIY.exe
  C:\Windows\System\ohmbsIY.exe
  2⤵
  PID:3512
- C:\Windows\System\VtWbQRr.exe
  C:\Windows\System\VtWbQRr.exe
  2⤵
  PID:3552
- C:\Windows\System\OaWLhId.exe
  C:\Windows\System\OaWLhId.exe
  2⤵
  PID:3636
- C:\Windows\System\KhBEErK.exe
  C:\Windows\System\KhBEErK.exe
  2⤵
  PID:3708
- C:\Windows\System\bpFOUQn.exe
  C:\Windows\System\bpFOUQn.exe
  2⤵
  PID:3756
- C:\Windows\System\TpvstKS.exe
  C:\Windows\System\TpvstKS.exe
  2⤵
  PID:3796
- C:\Windows\System\EtWUOrw.exe
  C:\Windows\System\EtWUOrw.exe
  2⤵
  PID:3856
- C:\Windows\System\BimKjpR.exe
  C:\Windows\System\BimKjpR.exe
  2⤵
  PID:3896
- C:\Windows\System\ztSfdsX.exe
  C:\Windows\System\ztSfdsX.exe
  2⤵
  PID:3988
- C:\Windows\System\ThBFvMX.exe
  C:\Windows\System\ThBFvMX.exe
  2⤵
  PID:3996
- C:\Windows\System\InDLgon.exe
  C:\Windows\System\InDLgon.exe
  2⤵
  PID:4104
- C:\Windows\System\qFuupaD.exe
  C:\Windows\System\qFuupaD.exe
  2⤵
  PID:4124
- C:\Windows\System\iZQnYSk.exe
  C:\Windows\System\iZQnYSk.exe
  2⤵
  PID:4144
- C:\Windows\System\hPpaguw.exe
  C:\Windows\System\hPpaguw.exe
  2⤵
  PID:4164
- C:\Windows\System\XpexbQR.exe
  C:\Windows\System\XpexbQR.exe
  2⤵
  PID:4184
- C:\Windows\System\fVqLWas.exe
  C:\Windows\System\fVqLWas.exe
  2⤵
  PID:4204
- C:\Windows\System\BbdjFjS.exe
  C:\Windows\System\BbdjFjS.exe
  2⤵
  PID:4224
- C:\Windows\System\qugviTW.exe
  C:\Windows\System\qugviTW.exe
  2⤵
  PID:4244
- C:\Windows\System\ufVrkri.exe
  C:\Windows\System\ufVrkri.exe
  2⤵
  PID:4264
- C:\Windows\System\AdWaYbN.exe
  C:\Windows\System\AdWaYbN.exe
  2⤵
  PID:4288
- C:\Windows\System\WkDwYgK.exe
  C:\Windows\System\WkDwYgK.exe
  2⤵
  PID:4308
- C:\Windows\System\eMIsQHM.exe
  C:\Windows\System\eMIsQHM.exe
  2⤵
  PID:4328
- C:\Windows\System\dREtgUK.exe
  C:\Windows\System\dREtgUK.exe
  2⤵
  PID:4348
- C:\Windows\System\chxQYaF.exe
  C:\Windows\System\chxQYaF.exe
  2⤵
  PID:4368
- C:\Windows\System\BnahKcJ.exe
  C:\Windows\System\BnahKcJ.exe
  2⤵
  PID:4388
- C:\Windows\System\ozNnLSB.exe
  C:\Windows\System\ozNnLSB.exe
  2⤵
  PID:4408
- C:\Windows\System\yUCyyEv.exe
  C:\Windows\System\yUCyyEv.exe
  2⤵
  PID:4428
- C:\Windows\System\lvkunKo.exe
  C:\Windows\System\lvkunKo.exe
  2⤵
  PID:4448
- C:\Windows\System\SkdXiuD.exe
  C:\Windows\System\SkdXiuD.exe
  2⤵
  PID:4468
- C:\Windows\System\QEmpUHr.exe
  C:\Windows\System\QEmpUHr.exe
  2⤵
  PID:4488
- C:\Windows\System\hrZabyy.exe
  C:\Windows\System\hrZabyy.exe
  2⤵
  PID:4508
- C:\Windows\System\kGvaCIc.exe
  C:\Windows\System\kGvaCIc.exe
  2⤵
  PID:4528
- C:\Windows\System\NBjRZEr.exe
  C:\Windows\System\NBjRZEr.exe
  2⤵
  PID:4548
- C:\Windows\System\wOkuVcQ.exe
  C:\Windows\System\wOkuVcQ.exe
  2⤵
  PID:4568
- C:\Windows\System\EUsXfOD.exe
  C:\Windows\System\EUsXfOD.exe
  2⤵
  PID:4588
- C:\Windows\System\VnWTLYe.exe
  C:\Windows\System\VnWTLYe.exe
  2⤵
  PID:4608
- C:\Windows\System\qxnLkRV.exe
  C:\Windows\System\qxnLkRV.exe
  2⤵
  PID:4628
- C:\Windows\System\iUboHoP.exe
  C:\Windows\System\iUboHoP.exe
  2⤵
  PID:4648
- C:\Windows\System\LTFWgTl.exe
  C:\Windows\System\LTFWgTl.exe
  2⤵
  PID:4668
- C:\Windows\System\ZOVxLlF.exe
  C:\Windows\System\ZOVxLlF.exe
  2⤵
  PID:4688
- C:\Windows\System\ZNDHcJM.exe
  C:\Windows\System\ZNDHcJM.exe
  2⤵
  PID:4708
- C:\Windows\System\PZbEKME.exe
  C:\Windows\System\PZbEKME.exe
  2⤵
  PID:4728
- C:\Windows\System\rexfvQP.exe
  C:\Windows\System\rexfvQP.exe
  2⤵
  PID:4748
- C:\Windows\System\PbmpfLs.exe
  C:\Windows\System\PbmpfLs.exe
  2⤵
  PID:4768
- C:\Windows\System\EeAIeqt.exe
  C:\Windows\System\EeAIeqt.exe
  2⤵
  PID:4788
- C:\Windows\System\MfPMYpF.exe
  C:\Windows\System\MfPMYpF.exe
  2⤵
  PID:4808
- C:\Windows\System\nrkMVLW.exe
  C:\Windows\System\nrkMVLW.exe
  2⤵
  PID:4828
- C:\Windows\System\oPrdmmC.exe
  C:\Windows\System\oPrdmmC.exe
  2⤵
  PID:4848
- C:\Windows\System\fWUGOkw.exe
  C:\Windows\System\fWUGOkw.exe
  2⤵
  PID:4872
- C:\Windows\System\sKvykuk.exe
  C:\Windows\System\sKvykuk.exe
  2⤵
  PID:4892
- C:\Windows\System\taEKdYG.exe
  C:\Windows\System\taEKdYG.exe
  2⤵
  PID:4912
- C:\Windows\System\njcPlZK.exe
  C:\Windows\System\njcPlZK.exe
  2⤵
  PID:4932
- C:\Windows\System\fjhwYxM.exe
  C:\Windows\System\fjhwYxM.exe
  2⤵
  PID:4952
- C:\Windows\System\zMbrSWI.exe
  C:\Windows\System\zMbrSWI.exe
  2⤵
  PID:4972
- C:\Windows\System\TbUCupZ.exe
  C:\Windows\System\TbUCupZ.exe
  2⤵
  PID:4992
- C:\Windows\System\jrFVaxv.exe
  C:\Windows\System\jrFVaxv.exe
  2⤵
  PID:5012
- C:\Windows\System\qzPjGGf.exe
  C:\Windows\System\qzPjGGf.exe
  2⤵
  PID:5032
- C:\Windows\System\oglECBE.exe
  C:\Windows\System\oglECBE.exe
  2⤵
  PID:5052
- C:\Windows\System\aKSMKVx.exe
  C:\Windows\System\aKSMKVx.exe
  2⤵
  PID:5072
- C:\Windows\System\yxMIuZB.exe
  C:\Windows\System\yxMIuZB.exe
  2⤵
  PID:5096
- C:\Windows\System\JBmtjwM.exe
  C:\Windows\System\JBmtjwM.exe
  2⤵
  PID:5116
- C:\Windows\System\xUGhvbm.exe
  C:\Windows\System\xUGhvbm.exe
  2⤵
  PID:4092
- C:\Windows\System\uBwZFKT.exe
  C:\Windows\System\uBwZFKT.exe
  2⤵
  PID:2784
- C:\Windows\System\CuAmlji.exe
  C:\Windows\System\CuAmlji.exe
  2⤵
  PID:1720
- C:\Windows\System\gtrUoIn.exe
  C:\Windows\System\gtrUoIn.exe
  2⤵
  PID:2836
- C:\Windows\System\uHBSZGx.exe
  C:\Windows\System\uHBSZGx.exe
  2⤵
  PID:1688
- C:\Windows\System\hZySdhp.exe
  C:\Windows\System\hZySdhp.exe
  2⤵
  PID:3096
- C:\Windows\System\MErOBqf.exe
  C:\Windows\System\MErOBqf.exe
  2⤵
  PID:3124
- C:\Windows\System\gaBlTpA.exe
  C:\Windows\System\gaBlTpA.exe
  2⤵
  PID:3200
- C:\Windows\System\OpOXjdP.exe
  C:\Windows\System\OpOXjdP.exe
  2⤵
  PID:3412
- C:\Windows\System\lpPMAhD.exe
  C:\Windows\System\lpPMAhD.exe
  2⤵
  PID:3488
- C:\Windows\System\mNugizX.exe
  C:\Windows\System\mNugizX.exe
  2⤵
  PID:3556
- C:\Windows\System\gyCVQSd.exe
  C:\Windows\System\gyCVQSd.exe
  2⤵
  PID:3656
- C:\Windows\System\AOREkcq.exe
  C:\Windows\System\AOREkcq.exe
  2⤵
  PID:3712
- C:\Windows\System\aNQKAvd.exe
  C:\Windows\System\aNQKAvd.exe
  2⤵
  PID:3812
- C:\Windows\System\nphtuct.exe
  C:\Windows\System\nphtuct.exe
  2⤵
  PID:3956
- C:\Windows\System\ThYwiAd.exe
  C:\Windows\System\ThYwiAd.exe
  2⤵
  PID:3992
- C:\Windows\System\btSoXpf.exe
  C:\Windows\System\btSoXpf.exe
  2⤵
  PID:4120
- C:\Windows\System\nSsobVE.exe
  C:\Windows\System\nSsobVE.exe
  2⤵
  PID:4152
- C:\Windows\System\ZPzFXvL.exe
  C:\Windows\System\ZPzFXvL.exe
  2⤵
  PID:4176
- C:\Windows\System\uIgIzin.exe
  C:\Windows\System\uIgIzin.exe
  2⤵
  PID:4196
- C:\Windows\System\fVIDDnV.exe
  C:\Windows\System\fVIDDnV.exe
  2⤵
  PID:4236
- C:\Windows\System\plqOQHA.exe
  C:\Windows\System\plqOQHA.exe
  2⤵
  PID:4276
- C:\Windows\System\kCAKrCi.exe
  C:\Windows\System\kCAKrCi.exe
  2⤵
  PID:4336
- C:\Windows\System\YIavRLl.exe
  C:\Windows\System\YIavRLl.exe
  2⤵
  PID:4376
- C:\Windows\System\MWwSNHW.exe
  C:\Windows\System\MWwSNHW.exe
  2⤵
  PID:4396
- C:\Windows\System\afCySGC.exe
  C:\Windows\System\afCySGC.exe
  2⤵
  PID:4420
- C:\Windows\System\uqjPHMZ.exe
  C:\Windows\System\uqjPHMZ.exe
  2⤵
  PID:4464
- C:\Windows\System\mVEHicp.exe
  C:\Windows\System\mVEHicp.exe
  2⤵
  PID:4480
- C:\Windows\System\iVXlYuH.exe
  C:\Windows\System\iVXlYuH.exe
  2⤵
  PID:4536
- C:\Windows\System\MvOKAeE.exe
  C:\Windows\System\MvOKAeE.exe
  2⤵
  PID:4576
- C:\Windows\System\TzeOSKV.exe
  C:\Windows\System\TzeOSKV.exe
  2⤵
  PID:4616
- C:\Windows\System\HDMfYia.exe
  C:\Windows\System\HDMfYia.exe
  2⤵
  PID:4600
- C:\Windows\System\PJRWUPo.exe
  C:\Windows\System\PJRWUPo.exe
  2⤵
  PID:4660
- C:\Windows\System\KyJsArY.exe
  C:\Windows\System\KyJsArY.exe
  2⤵
  PID:4704
- C:\Windows\System\GFcxfoc.exe
  C:\Windows\System\GFcxfoc.exe
  2⤵
  PID:4736
- C:\Windows\System\ZYndWcq.exe
  C:\Windows\System\ZYndWcq.exe
  2⤵
  PID:4776
- C:\Windows\System\SpHeAOC.exe
  C:\Windows\System\SpHeAOC.exe
  2⤵
  PID:4804
- C:\Windows\System\JEcIeKF.exe
  C:\Windows\System\JEcIeKF.exe
  2⤵
  PID:4836
- C:\Windows\System\ZHtvSFR.exe
  C:\Windows\System\ZHtvSFR.exe
  2⤵
  PID:4860
- C:\Windows\System\diPLhIz.exe
  C:\Windows\System\diPLhIz.exe
  2⤵
  PID:4884
- C:\Windows\System\dDhLuDL.exe
  C:\Windows\System\dDhLuDL.exe
  2⤵
  PID:4948
- C:\Windows\System\tjWrcKp.exe
  C:\Windows\System\tjWrcKp.exe
  2⤵
  PID:4980
- C:\Windows\System\GsetCSB.exe
  C:\Windows\System\GsetCSB.exe
  2⤵
  PID:5008
- C:\Windows\System\oQAriyM.exe
  C:\Windows\System\oQAriyM.exe
  2⤵
  PID:5040
- C:\Windows\System\AQNGyLp.exe
  C:\Windows\System\AQNGyLp.exe
  2⤵
  PID:5064
- C:\Windows\System\xYBFpnt.exe
  C:\Windows\System\xYBFpnt.exe
  2⤵
  PID:5108
- C:\Windows\System\YJcbloG.exe
  C:\Windows\System\YJcbloG.exe
  2⤵
  PID:4052
- C:\Windows\System\sEvwkUJ.exe
  C:\Windows\System\sEvwkUJ.exe
  2⤵
  PID:2396
- C:\Windows\System\VOBKiFe.exe
  C:\Windows\System\VOBKiFe.exe
  2⤵
  PID:860
- C:\Windows\System\HjUqVvj.exe
  C:\Windows\System\HjUqVvj.exe
  2⤵
  PID:3100
- C:\Windows\System\wNcrBQe.exe
  C:\Windows\System\wNcrBQe.exe
  2⤵
  PID:3256
- C:\Windows\System\ZeGXVbt.exe
  C:\Windows\System\ZeGXVbt.exe
  2⤵
  PID:3380
- C:\Windows\System\WGPPAjk.exe
  C:\Windows\System\WGPPAjk.exe
  2⤵
  PID:3612
- C:\Windows\System\WtHTsKC.exe
  C:\Windows\System\WtHTsKC.exe
  2⤵
  PID:3816
- C:\Windows\System\ulyZTmV.exe
  C:\Windows\System\ulyZTmV.exe
  2⤵
  PID:3888
- C:\Windows\System\DXwnYBZ.exe
  C:\Windows\System\DXwnYBZ.exe
  2⤵
  PID:4100
- C:\Windows\System\tJCIFvN.exe
  C:\Windows\System\tJCIFvN.exe
  2⤵
  PID:4140
- C:\Windows\System\loKsCwq.exe
  C:\Windows\System\loKsCwq.exe
  2⤵
  PID:4220
- C:\Windows\System\VrprFqi.exe
  C:\Windows\System\VrprFqi.exe
  2⤵
  PID:4240
- C:\Windows\System\xZSuNQh.exe
  C:\Windows\System\xZSuNQh.exe
  2⤵
  PID:4320
- C:\Windows\System\pVJAQMZ.exe
  C:\Windows\System\pVJAQMZ.exe
  2⤵
  PID:4400
- C:\Windows\System\dxNvJjG.exe
  C:\Windows\System\dxNvJjG.exe
  2⤵
  PID:4456
- C:\Windows\System\MQhgyFi.exe
  C:\Windows\System\MQhgyFi.exe
  2⤵
  PID:4524
- C:\Windows\System\CZrzSHS.exe
  C:\Windows\System\CZrzSHS.exe
  2⤵
  PID:4604
- C:\Windows\System\eiaDnmh.exe
  C:\Windows\System\eiaDnmh.exe
  2⤵
  PID:4640
- C:\Windows\System\zqVVmGk.exe
  C:\Windows\System\zqVVmGk.exe
  2⤵
  PID:4716
- C:\Windows\System\FltdVkD.exe
  C:\Windows\System\FltdVkD.exe
  2⤵
  PID:4764
- C:\Windows\System\kEyDzEA.exe
  C:\Windows\System\kEyDzEA.exe
  2⤵
  PID:4820
- C:\Windows\System\RSsSjsQ.exe
  C:\Windows\System\RSsSjsQ.exe
  2⤵
  PID:4908
- C:\Windows\System\kKPZvPx.exe
  C:\Windows\System\kKPZvPx.exe
  2⤵
  PID:5028
- C:\Windows\System\KpnfgRw.exe
  C:\Windows\System\KpnfgRw.exe
  2⤵
  PID:5092
- C:\Windows\System\EeFWrRK.exe
  C:\Windows\System\EeFWrRK.exe
  2⤵
  PID:1464
- C:\Windows\System\uXHhjtk.exe
  C:\Windows\System\uXHhjtk.exe
  2⤵
  PID:3348
- C:\Windows\System\thAZOWr.exe
  C:\Windows\System\thAZOWr.exe
  2⤵
  PID:3788
- C:\Windows\System\fJtiVXG.exe
  C:\Windows\System\fJtiVXG.exe
  2⤵
  PID:4920
- C:\Windows\System\FiRCudG.exe
  C:\Windows\System\FiRCudG.exe
  2⤵
  PID:4988
- C:\Windows\System\wjlZxuT.exe
  C:\Windows\System\wjlZxuT.exe
  2⤵
  PID:5044
- C:\Windows\System\ASckTtW.exe
  C:\Windows\System\ASckTtW.exe
  2⤵
  PID:1424
- C:\Windows\System\vXOvuRj.exe
  C:\Windows\System\vXOvuRj.exe
  2⤵
  PID:3972
- C:\Windows\System\HKZPkFE.exe
  C:\Windows\System\HKZPkFE.exe
  2⤵
  PID:4180
- C:\Windows\System\ahEwRDa.exe
  C:\Windows\System\ahEwRDa.exe
  2⤵
  PID:4360
- C:\Windows\System\zchNfcU.exe
  C:\Windows\System\zchNfcU.exe
  2⤵
  PID:3204
- C:\Windows\System\SlTwtKk.exe
  C:\Windows\System\SlTwtKk.exe
  2⤵
  PID:3728
- C:\Windows\System\MvFdjNU.exe
  C:\Windows\System\MvFdjNU.exe
  2⤵
  PID:4136
- C:\Windows\System\WtYwhkB.exe
  C:\Windows\System\WtYwhkB.exe
  2⤵
  PID:4252
- C:\Windows\System\RGxkvDO.exe
  C:\Windows\System\RGxkvDO.exe
  2⤵
  PID:4444
- C:\Windows\System\EwbIlBf.exe
  C:\Windows\System\EwbIlBf.exe
  2⤵
  PID:2416
- C:\Windows\System\mUsSIcD.exe
  C:\Windows\System\mUsSIcD.exe
  2⤵
  PID:4816
- C:\Windows\System\fHdLNMr.exe
  C:\Windows\System\fHdLNMr.exe
  2⤵
  PID:4968
- C:\Windows\System\NEAcEOE.exe
  C:\Windows\System\NEAcEOE.exe
  2⤵
  PID:2020
- C:\Windows\System\LcIEHwH.exe
  C:\Windows\System\LcIEHwH.exe
  2⤵
  PID:4844
- C:\Windows\System\LocQURp.exe
  C:\Windows\System\LocQURp.exe
  2⤵
  PID:4984
- C:\Windows\System\GshPacm.exe
  C:\Windows\System\GshPacm.exe
  2⤵
  PID:2876
- C:\Windows\System\wsLFdHI.exe
  C:\Windows\System\wsLFdHI.exe
  2⤵
  PID:4304
- C:\Windows\System\Jtltzbd.exe
  C:\Windows\System\Jtltzbd.exe
  2⤵
  PID:5088
- C:\Windows\System\UtmAMDY.exe
  C:\Windows\System\UtmAMDY.exe
  2⤵
  PID:4256
- C:\Windows\System\OcNuDkJ.exe
  C:\Windows\System\OcNuDkJ.exe
  2⤵
  PID:5128
- C:\Windows\System\WOguBLr.exe
  C:\Windows\System\WOguBLr.exe
  2⤵
  PID:5144
- C:\Windows\System\nYqBRLT.exe
  C:\Windows\System\nYqBRLT.exe
  2⤵
  PID:5160
- C:\Windows\System\aVQoukT.exe
  C:\Windows\System\aVQoukT.exe
  2⤵
  PID:5176
- C:\Windows\System\bjNyVlG.exe
  C:\Windows\System\bjNyVlG.exe
  2⤵
  PID:5192
- C:\Windows\System\mmXYrKe.exe
  C:\Windows\System\mmXYrKe.exe
  2⤵
  PID:5208
- C:\Windows\System\SRdVlCj.exe
  C:\Windows\System\SRdVlCj.exe
  2⤵
  PID:5224
- C:\Windows\System\mufVwNu.exe
  C:\Windows\System\mufVwNu.exe
  2⤵
  PID:5248
- C:\Windows\System\RINMgKU.exe
  C:\Windows\System\RINMgKU.exe
  2⤵
  PID:5264
- C:\Windows\System\iXCAwgF.exe
  C:\Windows\System\iXCAwgF.exe
  2⤵
  PID:5280
- C:\Windows\System\JJPnpVP.exe
  C:\Windows\System\JJPnpVP.exe
  2⤵
  PID:5296
- C:\Windows\System\DtHuLvT.exe
  C:\Windows\System\DtHuLvT.exe
  2⤵
  PID:5312
- C:\Windows\System\fHPVnkx.exe
  C:\Windows\System\fHPVnkx.exe
  2⤵
  PID:5328
- C:\Windows\System\DQfLRKG.exe
  C:\Windows\System\DQfLRKG.exe
  2⤵
  PID:5344
- C:\Windows\System\tKDNuuI.exe
  C:\Windows\System\tKDNuuI.exe
  2⤵
  PID:5360
- C:\Windows\System\nPFlWQD.exe
  C:\Windows\System\nPFlWQD.exe
  2⤵
  PID:5376
- C:\Windows\System\mvQQAmC.exe
  C:\Windows\System\mvQQAmC.exe
  2⤵
  PID:5396
- C:\Windows\System\qumtVhX.exe
  C:\Windows\System\qumtVhX.exe
  2⤵
  PID:5412
- C:\Windows\System\mPgTxBE.exe
  C:\Windows\System\mPgTxBE.exe
  2⤵
  PID:5428
- C:\Windows\System\jQufSlx.exe
  C:\Windows\System\jQufSlx.exe
  2⤵
  PID:5444
- C:\Windows\System\OCjpcut.exe
  C:\Windows\System\OCjpcut.exe
  2⤵
  PID:5460
- C:\Windows\System\sPCGaIh.exe
  C:\Windows\System\sPCGaIh.exe
  2⤵
  PID:5476
- C:\Windows\System\dEGRAsn.exe
  C:\Windows\System\dEGRAsn.exe
  2⤵
  PID:5492
- C:\Windows\System\leOsAYr.exe
  C:\Windows\System\leOsAYr.exe
  2⤵
  PID:5532
- C:\Windows\System\wYmRivD.exe
  C:\Windows\System\wYmRivD.exe
  2⤵
  PID:5552
- C:\Windows\System\SWUTXVY.exe
  C:\Windows\System\SWUTXVY.exe
  2⤵
  PID:5568
- C:\Windows\System\ReoTSGS.exe
  C:\Windows\System\ReoTSGS.exe
  2⤵
  PID:5584
- C:\Windows\System\EOKxDzu.exe
  C:\Windows\System\EOKxDzu.exe
  2⤵
  PID:5600
- C:\Windows\System\ZqIOumT.exe
  C:\Windows\System\ZqIOumT.exe
  2⤵
  PID:5616
- C:\Windows\System\pNBdvES.exe
  C:\Windows\System\pNBdvES.exe
  2⤵
  PID:5632
- C:\Windows\System\imPaAqL.exe
  C:\Windows\System\imPaAqL.exe
  2⤵
  PID:5648
- C:\Windows\System\SenOqbH.exe
  C:\Windows\System\SenOqbH.exe
  2⤵
  PID:5668
- C:\Windows\System\PTzFgFr.exe
  C:\Windows\System\PTzFgFr.exe
  2⤵
  PID:5684
- C:\Windows\System\OERHnFJ.exe
  C:\Windows\System\OERHnFJ.exe
  2⤵
  PID:5700
- C:\Windows\System\HsSOZke.exe
  C:\Windows\System\HsSOZke.exe
  2⤵
  PID:5716
- C:\Windows\System\xcOKMoG.exe
  C:\Windows\System\xcOKMoG.exe
  2⤵
  PID:5732
- C:\Windows\System\nBLfWht.exe
  C:\Windows\System\nBLfWht.exe
  2⤵
  PID:5748
- C:\Windows\System\kFDXDxt.exe
  C:\Windows\System\kFDXDxt.exe
  2⤵
  PID:5764
- C:\Windows\System\hIEbRJw.exe
  C:\Windows\System\hIEbRJw.exe
  2⤵
  PID:5780
- C:\Windows\System\abgMvLe.exe
  C:\Windows\System\abgMvLe.exe
  2⤵
  PID:5796
- C:\Windows\System\ijuSGEk.exe
  C:\Windows\System\ijuSGEk.exe
  2⤵
  PID:5812
- C:\Windows\System\vlZDhQB.exe
  C:\Windows\System\vlZDhQB.exe
  2⤵
  PID:5828
- C:\Windows\System\mFYKghz.exe
  C:\Windows\System\mFYKghz.exe
  2⤵
  PID:5844
- C:\Windows\System\TQwzSXo.exe
  C:\Windows\System\TQwzSXo.exe
  2⤵
  PID:5864
- C:\Windows\System\SINaWet.exe
  C:\Windows\System\SINaWet.exe
  2⤵
  PID:5880
- C:\Windows\System\rFwNEIH.exe
  C:\Windows\System\rFwNEIH.exe
  2⤵
  PID:5896
- C:\Windows\System\tDsRsjY.exe
  C:\Windows\System\tDsRsjY.exe
  2⤵
  PID:5912
- C:\Windows\System\BaNWngR.exe
  C:\Windows\System\BaNWngR.exe
  2⤵
  PID:5928
- C:\Windows\System\FfxfOeY.exe
  C:\Windows\System\FfxfOeY.exe
  2⤵
  PID:5944
- C:\Windows\System\hutqENP.exe
  C:\Windows\System\hutqENP.exe
  2⤵
  PID:5960
- C:\Windows\System\qTLcfUG.exe
  C:\Windows\System\qTLcfUG.exe
  2⤵
  PID:5976
- C:\Windows\System\OsccWMh.exe
  C:\Windows\System\OsccWMh.exe
  2⤵
  PID:5992
- C:\Windows\System\fZnLosU.exe
  C:\Windows\System\fZnLosU.exe
  2⤵
  PID:6008
- C:\Windows\System\ltKCAnr.exe
  C:\Windows\System\ltKCAnr.exe
  2⤵
  PID:6024
- C:\Windows\System\OJITZtX.exe
  C:\Windows\System\OJITZtX.exe
  2⤵
  PID:6040
- C:\Windows\System\tPmvawq.exe
  C:\Windows\System\tPmvawq.exe
  2⤵
  PID:6056
- C:\Windows\System\qBUKwUM.exe
  C:\Windows\System\qBUKwUM.exe
  2⤵
  PID:6072
- C:\Windows\System\zFRQLsD.exe
  C:\Windows\System\zFRQLsD.exe
  2⤵
  PID:6088
- C:\Windows\System\nqxuEnO.exe
  C:\Windows\System\nqxuEnO.exe
  2⤵
  PID:6104
- C:\Windows\System\pGZYVWQ.exe
  C:\Windows\System\pGZYVWQ.exe
  2⤵
  PID:6120
- C:\Windows\System\WPDTBFv.exe
  C:\Windows\System\WPDTBFv.exe
  2⤵
  PID:6136
- C:\Windows\System\MEXDIBE.exe
  C:\Windows\System\MEXDIBE.exe
  2⤵
  PID:4364
- C:\Windows\System\vKGrbbm.exe
  C:\Windows\System\vKGrbbm.exe
  2⤵
  PID:4664
- C:\Windows\System\TgAKQOj.exe
  C:\Windows\System\TgAKQOj.exe
  2⤵
  PID:4888
- C:\Windows\System\BCnpIFx.exe
  C:\Windows\System\BCnpIFx.exe
  2⤵
  PID:4680
- C:\Windows\System\xNOCbYv.exe
  C:\Windows\System\xNOCbYv.exe
  2⤵
  PID:4724
- C:\Windows\System\eHjbEsy.exe
  C:\Windows\System\eHjbEsy.exe
  2⤵
  PID:5152
- C:\Windows\System\LBbaYIx.exe
  C:\Windows\System\LBbaYIx.exe
  2⤵
  PID:4760
- C:\Windows\System\aeIsWDA.exe
  C:\Windows\System\aeIsWDA.exe
  2⤵
  PID:5216
- C:\Windows\System\dzrgrqU.exe
  C:\Windows\System\dzrgrqU.exe
  2⤵
  PID:5288
- C:\Windows\System\ctrDakt.exe
  C:\Windows\System\ctrDakt.exe
  2⤵
  PID:5140
- C:\Windows\System\tnmfyYm.exe
  C:\Windows\System\tnmfyYm.exe
  2⤵
  PID:5200
- C:\Windows\System\BnaRUqQ.exe
  C:\Windows\System\BnaRUqQ.exe
  2⤵
  PID:5320
- C:\Windows\System\GYvDOoc.exe
  C:\Windows\System\GYvDOoc.exe
  2⤵
  PID:5384
- C:\Windows\System\vjMZxyj.exe
  C:\Windows\System\vjMZxyj.exe
  2⤵
  PID:5308
- C:\Windows\System\rEAEPjX.exe
  C:\Windows\System\rEAEPjX.exe
  2⤵
  PID:5372
- C:\Windows\System\RiEFVfK.exe
  C:\Windows\System\RiEFVfK.exe
  2⤵
  PID:5452
- C:\Windows\System\WGvUgVv.exe
  C:\Windows\System\WGvUgVv.exe
  2⤵
  PID:5408
- C:\Windows\System\zKBKJQR.exe
  C:\Windows\System\zKBKJQR.exe
  2⤵
  PID:5468
- C:\Windows\System\lpvbKmC.exe
  C:\Windows\System\lpvbKmC.exe
  2⤵
  PID:5540
- C:\Windows\System\IGKpkDa.exe
  C:\Windows\System\IGKpkDa.exe
  2⤵
  PID:5608
- C:\Windows\System\jmpNSlU.exe
  C:\Windows\System\jmpNSlU.exe
  2⤵
  PID:5592
- C:\Windows\System\etQgyTP.exe
  C:\Windows\System\etQgyTP.exe
  2⤵
  PID:5624
- C:\Windows\System\ZIbquBa.exe
  C:\Windows\System\ZIbquBa.exe
  2⤵
  PID:5680
- C:\Windows\System\xpKYtLI.exe
  C:\Windows\System\xpKYtLI.exe
  2⤵
  PID:5712
- C:\Windows\System\bPgFruY.exe
  C:\Windows\System\bPgFruY.exe
  2⤵
  PID:5724
- C:\Windows\System\AmwZEdF.exe
  C:\Windows\System\AmwZEdF.exe
  2⤵
  PID:5760
- C:\Windows\System\SyohtMv.exe
  C:\Windows\System\SyohtMv.exe
  2⤵
  PID:5792
- C:\Windows\System\EKoEiwL.exe
  C:\Windows\System\EKoEiwL.exe
  2⤵
  PID:5840
- C:\Windows\System\dvJXJwI.exe
  C:\Windows\System\dvJXJwI.exe
  2⤵
  PID:5904
- C:\Windows\System\MiSXzfw.exe
  C:\Windows\System\MiSXzfw.exe
  2⤵
  PID:5856
- C:\Windows\System\NIkPbar.exe
  C:\Windows\System\NIkPbar.exe
  2⤵
  PID:5924
- C:\Windows\System\wvwEVBy.exe
  C:\Windows\System\wvwEVBy.exe
  2⤵
  PID:6000
- C:\Windows\System\hUTjEui.exe
  C:\Windows\System\hUTjEui.exe
  2⤵
  PID:6032
- C:\Windows\System\puawerb.exe
  C:\Windows\System\puawerb.exe
  2⤵
  PID:6096
- C:\Windows\System\AOzaatp.exe
  C:\Windows\System\AOzaatp.exe
  2⤵
  PID:3676
- C:\Windows\System\dNBKFbt.exe
  C:\Windows\System\dNBKFbt.exe
  2⤵
  PID:6020
- C:\Windows\System\oaSFWxJ.exe
  C:\Windows\System\oaSFWxJ.exe
  2⤵
  PID:6052
- C:\Windows\System\PPPwmur.exe
  C:\Windows\System\PPPwmur.exe
  2⤵
  PID:1788
- C:\Windows\System\DzwAUMj.exe
  C:\Windows\System\DzwAUMj.exe
  2⤵
  PID:6112
- C:\Windows\System\XvFetXo.exe
  C:\Windows\System\XvFetXo.exe
  2⤵
  PID:1008
- C:\Windows\System\dzMHyDA.exe
  C:\Windows\System\dzMHyDA.exe
  2⤵
  PID:4232
- C:\Windows\System\xdbCSwA.exe
  C:\Windows\System\xdbCSwA.exe
  2⤵
  PID:4928
- C:\Windows\System\bkvGpjv.exe
  C:\Windows\System\bkvGpjv.exe
  2⤵
  PID:1948
- C:\Windows\System\fxqWEwU.exe
  C:\Windows\System\fxqWEwU.exe
  2⤵
  PID:5104
- C:\Windows\System\sepTpRU.exe
  C:\Windows\System\sepTpRU.exe
  2⤵
  PID:5304
- C:\Windows\System\LFHrEUq.exe
  C:\Windows\System\LFHrEUq.exe
  2⤵
  PID:5424
- C:\Windows\System\tsiWdWU.exe
  C:\Windows\System\tsiWdWU.exe
  2⤵
  PID:752
- C:\Windows\System\jpEFEkp.exe
  C:\Windows\System\jpEFEkp.exe
  2⤵
  PID:756
- C:\Windows\System\GCvyxjo.exe
  C:\Windows\System\GCvyxjo.exe
  2⤵
  PID:5436
- C:\Windows\System\zRsptRZ.exe
  C:\Windows\System\zRsptRZ.exe
  2⤵
  PID:5576
- C:\Windows\System\OXIrOtX.exe
  C:\Windows\System\OXIrOtX.exe
  2⤵
  PID:5560
- C:\Windows\System\FrnZpVK.exe
  C:\Windows\System\FrnZpVK.exe
  2⤵
  PID:5340
- C:\Windows\System\tXhVBIy.exe
  C:\Windows\System\tXhVBIy.exe
  2⤵
  PID:5500
- C:\Windows\System\kuntGja.exe
  C:\Windows\System\kuntGja.exe
  2⤵
  PID:5692
- C:\Windows\System\xbYnMTB.exe
  C:\Windows\System\xbYnMTB.exe
  2⤵
  PID:5640
- C:\Windows\System\XsabAzw.exe
  C:\Windows\System\XsabAzw.exe
  2⤵
  PID:5820
- C:\Windows\System\qKMuTrs.exe
  C:\Windows\System\qKMuTrs.exe
  2⤵
  PID:5656
- C:\Windows\System\ArKokUj.exe
  C:\Windows\System\ArKokUj.exe
  2⤵
  PID:5852
- C:\Windows\System\gDAlClP.exe
  C:\Windows\System\gDAlClP.exe
  2⤵
  PID:5872
- C:\Windows\System\emJiVJN.exe
  C:\Windows\System\emJiVJN.exe
  2⤵
  PID:6064
- C:\Windows\System\QDmwDpg.exe
  C:\Windows\System\QDmwDpg.exe
  2⤵
  PID:6016
- C:\Windows\System\hIVFJTr.exe
  C:\Windows\System\hIVFJTr.exe
  2⤵
  PID:5124
- C:\Windows\System\ARAkJvj.exe
  C:\Windows\System\ARAkJvj.exe
  2⤵
  PID:1932
- C:\Windows\System\fuQEsch.exe
  C:\Windows\System\fuQEsch.exe
  2⤵
  PID:6128
- C:\Windows\System\FRLlaXU.exe
  C:\Windows\System\FRLlaXU.exe
  2⤵
  PID:876
- C:\Windows\System\fRkVZwy.exe
  C:\Windows\System\fRkVZwy.exe
  2⤵
  PID:2624
- C:\Windows\System\ASClEss.exe
  C:\Windows\System\ASClEss.exe
  2⤵
  PID:1408
- C:\Windows\System\uKSDYNp.exe
  C:\Windows\System\uKSDYNp.exe
  2⤵
  PID:3036
- C:\Windows\System\WZkfSMt.exe
  C:\Windows\System\WZkfSMt.exe
  2⤵
  PID:2040
- C:\Windows\System\gTkZHPE.exe
  C:\Windows\System\gTkZHPE.exe
  2⤵
  PID:5356
- C:\Windows\System\VGskuAK.exe
  C:\Windows\System\VGskuAK.exe
  2⤵
  PID:1916
- C:\Windows\System\IVVrLGT.exe
  C:\Windows\System\IVVrLGT.exe
  2⤵
  PID:5484
- C:\Windows\System\AlxCVed.exe
  C:\Windows\System\AlxCVed.exe
  2⤵
  PID:5744
- C:\Windows\System\GQPMNBv.exe
  C:\Windows\System\GQPMNBv.exe
  2⤵
  PID:1728
- C:\Windows\System\zohqOFQ.exe
  C:\Windows\System\zohqOFQ.exe
  2⤵
  PID:5788
- C:\Windows\System\GIddjaz.exe
  C:\Windows\System\GIddjaz.exe
  2⤵
  PID:5988
- C:\Windows\System\AIDrTBg.exe
  C:\Windows\System\AIDrTBg.exe
  2⤵
  PID:5956
- C:\Windows\System\EFZwWZo.exe
  C:\Windows\System\EFZwWZo.exe
  2⤵
  PID:4496
- C:\Windows\System\MpCVpAh.exe
  C:\Windows\System\MpCVpAh.exe
  2⤵
  PID:1612
- C:\Windows\System\ChpCvIh.exe
  C:\Windows\System\ChpCvIh.exe
  2⤵
  PID:5276
- C:\Windows\System\yiEAeXj.exe
  C:\Windows\System\yiEAeXj.exe
  2⤵
  PID:5892
- C:\Windows\System\FLHScNO.exe
  C:\Windows\System\FLHScNO.exe
  2⤵
  PID:5728
- C:\Windows\System\NQcOZeE.exe
  C:\Windows\System\NQcOZeE.exe
  2⤵
  PID:2952
- C:\Windows\System\OLUZmYy.exe
  C:\Windows\System\OLUZmYy.exe
  2⤵
  PID:5836
- C:\Windows\System\XOjGYbu.exe
  C:\Windows\System\XOjGYbu.exe
  2⤵
  PID:6152
- C:\Windows\System\KUkZDQA.exe
  C:\Windows\System\KUkZDQA.exe
  2⤵
  PID:6168
- C:\Windows\System\QSmwREO.exe
  C:\Windows\System\QSmwREO.exe
  2⤵
  PID:6184
- C:\Windows\System\zZxYjXl.exe
  C:\Windows\System\zZxYjXl.exe
  2⤵
  PID:6200
- C:\Windows\System\yFDQyMH.exe
  C:\Windows\System\yFDQyMH.exe
  2⤵
  PID:6216
- C:\Windows\System\ABjDuzD.exe
  C:\Windows\System\ABjDuzD.exe
  2⤵
  PID:6232
- C:\Windows\System\KKSYPPN.exe
  C:\Windows\System\KKSYPPN.exe
  2⤵
  PID:6248
- C:\Windows\System\YWTbhkM.exe
  C:\Windows\System\YWTbhkM.exe
  2⤵
  PID:6264
- C:\Windows\System\ntywfGO.exe
  C:\Windows\System\ntywfGO.exe
  2⤵
  PID:6280
- C:\Windows\System\hORlAvY.exe
  C:\Windows\System\hORlAvY.exe
  2⤵
  PID:6296
- C:\Windows\System\aJIYipM.exe
  C:\Windows\System\aJIYipM.exe
  2⤵
  PID:6312
- C:\Windows\System\RcXEVfb.exe
  C:\Windows\System\RcXEVfb.exe
  2⤵
  PID:6328
- C:\Windows\System\qIbYDox.exe
  C:\Windows\System\qIbYDox.exe
  2⤵
  PID:6344
- C:\Windows\System\svbtKAL.exe
  C:\Windows\System\svbtKAL.exe
  2⤵
  PID:6360
- C:\Windows\System\xTaATuM.exe
  C:\Windows\System\xTaATuM.exe
  2⤵
  PID:6376
- C:\Windows\System\waWRMaP.exe
  C:\Windows\System\waWRMaP.exe
  2⤵
  PID:6392
- C:\Windows\System\VAaAAUS.exe
  C:\Windows\System\VAaAAUS.exe
  2⤵
  PID:6408
- C:\Windows\System\aeEvHWB.exe
  C:\Windows\System\aeEvHWB.exe
  2⤵
  PID:6424
- C:\Windows\System\lTTpyso.exe
  C:\Windows\System\lTTpyso.exe
  2⤵
  PID:6440
- C:\Windows\System\buWtREM.exe
  C:\Windows\System\buWtREM.exe
  2⤵
  PID:6456
- C:\Windows\System\aDGnAum.exe
  C:\Windows\System\aDGnAum.exe
  2⤵
  PID:6472
- C:\Windows\System\hsMNNkn.exe
  C:\Windows\System\hsMNNkn.exe
  2⤵
  PID:6488
- C:\Windows\System\qVKqKVS.exe
  C:\Windows\System\qVKqKVS.exe
  2⤵
  PID:6504
- C:\Windows\System\gtTSUwj.exe
  C:\Windows\System\gtTSUwj.exe
  2⤵
  PID:6520
- C:\Windows\System\gWkDxcN.exe
  C:\Windows\System\gWkDxcN.exe
  2⤵
  PID:6540
- C:\Windows\System\fpRJRru.exe
  C:\Windows\System\fpRJRru.exe
  2⤵
  PID:6556
- C:\Windows\System\QCkVLJN.exe
  C:\Windows\System\QCkVLJN.exe
  2⤵
  PID:6572
- C:\Windows\System\DmDJzMH.exe
  C:\Windows\System\DmDJzMH.exe
  2⤵
  PID:6588
- C:\Windows\System\ClLNHyY.exe
  C:\Windows\System\ClLNHyY.exe
  2⤵
  PID:6604
- C:\Windows\System\amuVtiW.exe
  C:\Windows\System\amuVtiW.exe
  2⤵
  PID:6620
- C:\Windows\System\WMfpDUP.exe
  C:\Windows\System\WMfpDUP.exe
  2⤵
  PID:6636
- C:\Windows\System\yBLnzwH.exe
  C:\Windows\System\yBLnzwH.exe
  2⤵
  PID:6652
- C:\Windows\System\EVtdPus.exe
  C:\Windows\System\EVtdPus.exe
  2⤵
  PID:6668
- C:\Windows\System\RAvsaJk.exe
  C:\Windows\System\RAvsaJk.exe
  2⤵
  PID:6684
- C:\Windows\System\UQSVMeU.exe
  C:\Windows\System\UQSVMeU.exe
  2⤵
  PID:6700
- C:\Windows\System\CUtbQTR.exe
  C:\Windows\System\CUtbQTR.exe
  2⤵
  PID:6724
- C:\Windows\System\rpsiWEV.exe
  C:\Windows\System\rpsiWEV.exe
  2⤵
  PID:6864
- C:\Windows\System\KQKMWEC.exe
  C:\Windows\System\KQKMWEC.exe
  2⤵
  PID:6884
- C:\Windows\System\VfmNNFd.exe
  C:\Windows\System\VfmNNFd.exe
  2⤵
  PID:6900
- C:\Windows\System\zZHIFON.exe
  C:\Windows\System\zZHIFON.exe
  2⤵
  PID:6916
- C:\Windows\System\DAzmjbC.exe
  C:\Windows\System\DAzmjbC.exe
  2⤵
  PID:6980
- C:\Windows\System\yiFlvum.exe
  C:\Windows\System\yiFlvum.exe
  2⤵
  PID:7000
- C:\Windows\System\vTQiXkx.exe
  C:\Windows\System\vTQiXkx.exe
  2⤵
  PID:7100
- C:\Windows\System\MCcXgop.exe
  C:\Windows\System\MCcXgop.exe
  2⤵
  PID:6336
- C:\Windows\System\udqZqdD.exe
  C:\Windows\System\udqZqdD.exe
  2⤵
  PID:6436
- C:\Windows\System\SZAprNd.exe
  C:\Windows\System\SZAprNd.exe
  2⤵
  PID:2436
- C:\Windows\System\lNTxmwq.exe
  C:\Windows\System\lNTxmwq.exe
  2⤵
  PID:6452
- C:\Windows\System\DDDsSGc.exe
  C:\Windows\System\DDDsSGc.exe
  2⤵
  PID:6548
- C:\Windows\System\ClCBpid.exe
  C:\Windows\System\ClCBpid.exe
  2⤵
  PID:6612
- C:\Windows\System\UGUZvsb.exe
  C:\Windows\System\UGUZvsb.exe
  2⤵
  PID:6676
- C:\Windows\System\UWCABcG.exe
  C:\Windows\System\UWCABcG.exe
  2⤵
  PID:6712
- C:\Windows\System\IInTWwg.exe
  C:\Windows\System\IInTWwg.exe
  2⤵
  PID:2980
- C:\Windows\System\rKowmqp.exe
  C:\Windows\System\rKowmqp.exe
  2⤵
  PID:6496
- C:\Windows\System\owhIwbc.exe
  C:\Windows\System\owhIwbc.exe
  2⤵
  PID:6564
- C:\Windows\System\sdPfWsI.exe
  C:\Windows\System\sdPfWsI.exe
  2⤵
  PID:6600
- C:\Windows\System\YABMItC.exe
  C:\Windows\System\YABMItC.exe
  2⤵
  PID:6664
- C:\Windows\System\VVysOZe.exe
  C:\Windows\System\VVysOZe.exe
  2⤵
  PID:6872
- C:\Windows\System\ovlxLif.exe
  C:\Windows\System\ovlxLif.exe
  2⤵
  PID:6740
- C:\Windows\System\hAWRCVU.exe
  C:\Windows\System\hAWRCVU.exe
  2⤵
  PID:6756
- C:\Windows\System\tgiFvQu.exe
  C:\Windows\System\tgiFvQu.exe
  2⤵
  PID:6772
- C:\Windows\System\vAvXGvQ.exe
  C:\Windows\System\vAvXGvQ.exe
  2⤵
  PID:6788
- C:\Windows\System\UqsdcPK.exe
  C:\Windows\System\UqsdcPK.exe
  2⤵
  PID:6804
- C:\Windows\System\UzNrSkW.exe
  C:\Windows\System\UzNrSkW.exe
  2⤵
  PID:6820
- C:\Windows\System\xaJAjBu.exe
  C:\Windows\System\xaJAjBu.exe
  2⤵
  PID:6836
- C:\Windows\System\tCNFTAL.exe
  C:\Windows\System\tCNFTAL.exe
  2⤵
  PID:6852
- C:\Windows\System\wCjEVWO.exe
  C:\Windows\System\wCjEVWO.exe
  2⤵
  PID:6992
- C:\Windows\System\MGzBvfh.exe
  C:\Windows\System\MGzBvfh.exe
  2⤵
  PID:6892
- C:\Windows\System\bhzpNEo.exe
  C:\Windows\System\bhzpNEo.exe
  2⤵
  PID:6928
- C:\Windows\System\lmkFoKa.exe
  C:\Windows\System\lmkFoKa.exe
  2⤵
  PID:6948
- C:\Windows\System\ZbQtfYI.exe
  C:\Windows\System\ZbQtfYI.exe
  2⤵
  PID:6968
- C:\Windows\System\hKbYZzw.exe
  C:\Windows\System\hKbYZzw.exe
  2⤵
  PID:6148
- C:\Windows\System\FMgMylE.exe
  C:\Windows\System\FMgMylE.exe
  2⤵
  PID:7012
- C:\Windows\System\EaqWhNR.exe
  C:\Windows\System\EaqWhNR.exe
  2⤵
  PID:7028
- C:\Windows\System\JLjDDcl.exe
  C:\Windows\System\JLjDDcl.exe
  2⤵
  PID:7044
- C:\Windows\System\nHBoDEA.exe
  C:\Windows\System\nHBoDEA.exe
  2⤵
  PID:7064
- C:\Windows\System\katJNjK.exe
  C:\Windows\System\katJNjK.exe
  2⤵
  PID:2868
- C:\Windows\System\gnssMuF.exe
  C:\Windows\System\gnssMuF.exe
  2⤵
  PID:7084
- C:\Windows\System\pnatEZq.exe
  C:\Windows\System\pnatEZq.exe
  2⤵
  PID:7096
- C:\Windows\System\kMNvIRh.exe
  C:\Windows\System\kMNvIRh.exe
  2⤵
  PID:7120
- C:\Windows\System\DdUsaxU.exe
  C:\Windows\System\DdUsaxU.exe
  2⤵
  PID:7136
- C:\Windows\System\IClVgtk.exe
  C:\Windows\System\IClVgtk.exe
  2⤵
  PID:7152
- C:\Windows\System\IaMvZQZ.exe
  C:\Windows\System\IaMvZQZ.exe
  2⤵
  PID:4380
- C:\Windows\System\kOkhnQR.exe
  C:\Windows\System\kOkhnQR.exe
  2⤵
  PID:5756
- C:\Windows\System\AFrylLa.exe
  C:\Windows\System\AFrylLa.exe
  2⤵
  PID:1800
- C:\Windows\System\IsGyoQd.exe
  C:\Windows\System\IsGyoQd.exe
  2⤵
  PID:1992
- C:\Windows\System\qiOnuYX.exe
  C:\Windows\System\qiOnuYX.exe
  2⤵
  PID:5860
- C:\Windows\System\geMzNSH.exe
  C:\Windows\System\geMzNSH.exe
  2⤵
  PID:6256
- C:\Windows\System\anTgffO.exe
  C:\Windows\System\anTgffO.exe
  2⤵
  PID:6292
- C:\Windows\System\CfkJqVv.exe
  C:\Windows\System\CfkJqVv.exe
  2⤵
  PID:6212
- C:\Windows\System\iJLgqbc.exe
  C:\Windows\System\iJLgqbc.exe
  2⤵
  PID:6352
- C:\Windows\System\orpPvEB.exe
  C:\Windows\System\orpPvEB.exe
  2⤵
  PID:6308
- C:\Windows\System\qDNSyXy.exe
  C:\Windows\System\qDNSyXy.exe
  2⤵
  PID:6388
- C:\Windows\System\XmEkJVQ.exe
  C:\Windows\System\XmEkJVQ.exe
  2⤵
  PID:6448
- C:\Windows\System\ZAxYXlC.exe
  C:\Windows\System\ZAxYXlC.exe
  2⤵
  PID:6368
- C:\Windows\System\oVKoXiZ.exe
  C:\Windows\System\oVKoXiZ.exe
  2⤵
  PID:748
- C:\Windows\System\EOYozDF.exe
  C:\Windows\System\EOYozDF.exe
  2⤵
  PID:6720
- C:\Windows\System\OvRqqhH.exe
  C:\Windows\System\OvRqqhH.exe
  2⤵
  PID:6632
- C:\Windows\System\MGejmcL.exe
  C:\Windows\System\MGejmcL.exe
  2⤵
  PID:2548
- C:\Windows\System\YQiqSKM.exe
  C:\Windows\System\YQiqSKM.exe
  2⤵
  PID:6696
- C:\Windows\System\YELNAxJ.exe
  C:\Windows\System\YELNAxJ.exe
  2⤵
  PID:6708
- C:\Windows\System\JruNnIp.exe
  C:\Windows\System\JruNnIp.exe
  2⤵
  PID:6748
- C:\Windows\System\pnYjuct.exe
  C:\Windows\System\pnYjuct.exe
  2⤵
  PID:6736
- C:\Windows\System\JfrhmHd.exe
  C:\Windows\System\JfrhmHd.exe
  2⤵
  PID:6844
- C:\Windows\System\QCSdwLx.exe
  C:\Windows\System\QCSdwLx.exe
  2⤵
  PID:6856
- C:\Windows\System\tGfZMMq.exe
  C:\Windows\System\tGfZMMq.exe
  2⤵
  PID:2856
- C:\Windows\System\lQFDSnu.exe
  C:\Windows\System\lQFDSnu.exe
  2⤵
  PID:6972
- C:\Windows\System\rrGQftb.exe
  C:\Windows\System\rrGQftb.exe
  2⤵
  PID:7024
- C:\Windows\System\HtJqwTP.exe
  C:\Windows\System\HtJqwTP.exe
  2⤵
  PID:6800
- C:\Windows\System\UrSwJUi.exe
  C:\Windows\System\UrSwJUi.exe
  2⤵
  PID:6988
- C:\Windows\System\bUqBKOZ.exe
  C:\Windows\System\bUqBKOZ.exe
  2⤵
  PID:6960
- C:\Windows\System\IcEGUWS.exe
  C:\Windows\System\IcEGUWS.exe
  2⤵
  PID:7036
- C:\Windows\System\oDKFLsr.exe
  C:\Windows\System\oDKFLsr.exe
  2⤵
  PID:7088
- C:\Windows\System\QxAEtGb.exe
  C:\Windows\System\QxAEtGb.exe
  2⤵
  PID:7132
- C:\Windows\System\DGAibfA.exe
  C:\Windows\System\DGAibfA.exe
  2⤵
  PID:7148
- C:\Windows\System\bYKwklD.exe
  C:\Windows\System\bYKwklD.exe
  2⤵
  PID:1608
- C:\Windows\System\HDcposD.exe
  C:\Windows\System\HDcposD.exe
  2⤵
  PID:6276
- C:\Windows\System\kVxgajB.exe
  C:\Windows\System\kVxgajB.exe
  2⤵
  PID:1628
- C:\Windows\System\gCYIkFR.exe
  C:\Windows\System\gCYIkFR.exe
  2⤵
  PID:3016
- C:\Windows\System\EqFojuS.exe
  C:\Windows\System\EqFojuS.exe
  2⤵
  PID:6532
- C:\Windows\System\WVzGFdx.exe
  C:\Windows\System\WVzGFdx.exe
  2⤵
  PID:3012
- C:\Windows\System\xOVWZPx.exe
  C:\Windows\System\xOVWZPx.exe
  2⤵
  PID:6648
- C:\Windows\System\GaIqcJo.exe
  C:\Windows\System\GaIqcJo.exe
  2⤵
  PID:6260
- C:\Windows\System\sNDNNGa.exe
  C:\Windows\System\sNDNNGa.exe
  2⤵
  PID:2536
- C:\Windows\System\WvWxGNg.exe
  C:\Windows\System\WvWxGNg.exe
  2⤵
  PID:3068
- C:\Windows\System\IUbBBeD.exe
  C:\Windows\System\IUbBBeD.exe
  2⤵
  PID:7076
- C:\Windows\System\AIOEIeO.exe
  C:\Windows\System\AIOEIeO.exe
  2⤵
  PID:7080
- C:\Windows\System\NKCELBz.exe
  C:\Windows\System\NKCELBz.exe
  2⤵
  PID:3000
- C:\Windows\System\VQvKvqR.exe
  C:\Windows\System\VQvKvqR.exe
  2⤵
  PID:6160
- C:\Windows\System\TuuEFec.exe
  C:\Windows\System\TuuEFec.exe
  2⤵
  PID:1268
- C:\Windows\System\hJCosXO.exe
  C:\Windows\System\hJCosXO.exe
  2⤵
  PID:2540
- C:\Windows\System\UkJabGA.exe
  C:\Windows\System\UkJabGA.exe
  2⤵
  PID:2700
- C:\Windows\System\BCBIEXc.exe
  C:\Windows\System\BCBIEXc.exe
  2⤵
  PID:6384
- C:\Windows\System\mgWFEVk.exe
  C:\Windows\System\mgWFEVk.exe
  2⤵
  PID:7176
- C:\Windows\System\vbbyTuB.exe
  C:\Windows\System\vbbyTuB.exe
  2⤵
  PID:7192
- C:\Windows\System\ifkpYGV.exe
  C:\Windows\System\ifkpYGV.exe
  2⤵
  PID:7208
- C:\Windows\System\vECJGes.exe
  C:\Windows\System\vECJGes.exe
  2⤵
  PID:7224
- C:\Windows\System\PMyulve.exe
  C:\Windows\System\PMyulve.exe
  2⤵
  PID:7240
- C:\Windows\System\EPkDpoY.exe
  C:\Windows\System\EPkDpoY.exe
  2⤵
  PID:7256
- C:\Windows\System\JoEXbHs.exe
  C:\Windows\System\JoEXbHs.exe
  2⤵
  PID:7272
- C:\Windows\System\DXzGGFr.exe
  C:\Windows\System\DXzGGFr.exe
  2⤵
  PID:7288
- C:\Windows\System\eYPPldr.exe
  C:\Windows\System\eYPPldr.exe
  2⤵
  PID:7304
- C:\Windows\System\pJjARuh.exe
  C:\Windows\System\pJjARuh.exe
  2⤵
  PID:7320
- C:\Windows\System\yhzifec.exe
  C:\Windows\System\yhzifec.exe
  2⤵
  PID:7336
- C:\Windows\System\PePGuJZ.exe
  C:\Windows\System\PePGuJZ.exe
  2⤵
  PID:7352
- C:\Windows\System\qYZHMkZ.exe
  C:\Windows\System\qYZHMkZ.exe
  2⤵
  PID:7368
- C:\Windows\System\IRsEYhG.exe
  C:\Windows\System\IRsEYhG.exe
  2⤵
  PID:7384
- C:\Windows\System\sLPNvJR.exe
  C:\Windows\System\sLPNvJR.exe
  2⤵
  PID:7400
- C:\Windows\System\RNQAzYV.exe
  C:\Windows\System\RNQAzYV.exe
  2⤵
  PID:7416
- C:\Windows\System\GEsBLDT.exe
  C:\Windows\System\GEsBLDT.exe
  2⤵
  PID:7432
- C:\Windows\System\kNabWnB.exe
  C:\Windows\System\kNabWnB.exe
  2⤵
  PID:7448
- C:\Windows\System\NLSJIQJ.exe
  C:\Windows\System\NLSJIQJ.exe
  2⤵
  PID:7464
- C:\Windows\System\xwsmhTA.exe
  C:\Windows\System\xwsmhTA.exe
  2⤵
  PID:7480
- C:\Windows\System\DwTPzEs.exe
  C:\Windows\System\DwTPzEs.exe
  2⤵
  PID:7496
- C:\Windows\System\LZEkxZv.exe
  C:\Windows\System\LZEkxZv.exe
  2⤵
  PID:7512
- C:\Windows\System\cxvnNkl.exe
  C:\Windows\System\cxvnNkl.exe
  2⤵
  PID:7528
- C:\Windows\System\bZzcCzn.exe
  C:\Windows\System\bZzcCzn.exe
  2⤵
  PID:7544
- C:\Windows\System\ROrapII.exe
  C:\Windows\System\ROrapII.exe
  2⤵
  PID:7560
- C:\Windows\System\tFqqUPK.exe
  C:\Windows\System\tFqqUPK.exe
  2⤵
  PID:7576
- C:\Windows\System\pmpotlo.exe
  C:\Windows\System\pmpotlo.exe
  2⤵
  PID:7592
- C:\Windows\System\SwPbaCF.exe
  C:\Windows\System\SwPbaCF.exe
  2⤵
  PID:7608
- C:\Windows\System\bdYYFbw.exe
  C:\Windows\System\bdYYFbw.exe
  2⤵
  PID:7628
- C:\Windows\System\uRcEXio.exe
  C:\Windows\System\uRcEXio.exe
  2⤵
  PID:7644
- C:\Windows\System\xVPSMhP.exe
  C:\Windows\System\xVPSMhP.exe
  2⤵
  PID:7660
- C:\Windows\System\URJcmel.exe
  C:\Windows\System\URJcmel.exe
  2⤵
  PID:7676
- C:\Windows\System\EChXPZZ.exe
  C:\Windows\System\EChXPZZ.exe
  2⤵
  PID:7692
- C:\Windows\System\FITOtso.exe
  C:\Windows\System\FITOtso.exe
  2⤵
  PID:7708
- C:\Windows\System\rsPeXrX.exe
  C:\Windows\System\rsPeXrX.exe
  2⤵
  PID:7724
- C:\Windows\System\OJsRBEQ.exe
  C:\Windows\System\OJsRBEQ.exe
  2⤵
  PID:7740
- C:\Windows\System\xETFaqE.exe
  C:\Windows\System\xETFaqE.exe
  2⤵
  PID:7756
- C:\Windows\System\brYdphg.exe
  C:\Windows\System\brYdphg.exe
  2⤵
  PID:7772
- C:\Windows\System\nheQnCp.exe
  C:\Windows\System\nheQnCp.exe
  2⤵
  PID:7788
- C:\Windows\System\ggpKuoe.exe
  C:\Windows\System\ggpKuoe.exe
  2⤵
  PID:7804
- C:\Windows\System\KzvzHqA.exe
  C:\Windows\System\KzvzHqA.exe
  2⤵
  PID:7820
- C:\Windows\System\wZRvVYc.exe
  C:\Windows\System\wZRvVYc.exe
  2⤵
  PID:7836
- C:\Windows\System\RDQIqSY.exe
  C:\Windows\System\RDQIqSY.exe
  2⤵
  PID:7852
- C:\Windows\System\SFiobRy.exe
  C:\Windows\System\SFiobRy.exe
  2⤵
  PID:7868
- C:\Windows\System\VdxtdUW.exe
  C:\Windows\System\VdxtdUW.exe
  2⤵
  PID:7884
- C:\Windows\System\UFnHwpC.exe
  C:\Windows\System\UFnHwpC.exe
  2⤵
  PID:7900
- C:\Windows\System\XwArdZL.exe
  C:\Windows\System\XwArdZL.exe
  2⤵
  PID:7916
- C:\Windows\System\diNTAer.exe
  C:\Windows\System\diNTAer.exe
  2⤵
  PID:7932
- C:\Windows\System\QKgwcDh.exe
  C:\Windows\System\QKgwcDh.exe
  2⤵
  PID:7948
- C:\Windows\System\cnQekbS.exe
  C:\Windows\System\cnQekbS.exe
  2⤵
  PID:7964
- C:\Windows\System\ukGfANZ.exe
  C:\Windows\System\ukGfANZ.exe
  2⤵
  PID:7980
- C:\Windows\System\ZljvEdw.exe
  C:\Windows\System\ZljvEdw.exe
  2⤵
  PID:7996
- C:\Windows\System\bKsJBrq.exe
  C:\Windows\System\bKsJBrq.exe
  2⤵
  PID:8012
- C:\Windows\System\DofZzLO.exe
  C:\Windows\System\DofZzLO.exe
  2⤵
  PID:8028
- C:\Windows\System\yVCfjUP.exe
  C:\Windows\System\yVCfjUP.exe
  2⤵
  PID:8044
- C:\Windows\System\TvONzJL.exe
  C:\Windows\System\TvONzJL.exe
  2⤵
  PID:8060
- C:\Windows\System\JjdWmhT.exe
  C:\Windows\System\JjdWmhT.exe
  2⤵
  PID:8076
- C:\Windows\System\gLiRywm.exe
  C:\Windows\System\gLiRywm.exe
  2⤵
  PID:8092
- C:\Windows\System\hxeztLZ.exe
  C:\Windows\System\hxeztLZ.exe
  2⤵
  PID:8108
- C:\Windows\System\NfPcNnb.exe
  C:\Windows\System\NfPcNnb.exe
  2⤵
  PID:8124
- C:\Windows\System\SefRtjs.exe
  C:\Windows\System\SefRtjs.exe
  2⤵
  PID:8140
- C:\Windows\System\ofVlLeo.exe
  C:\Windows\System\ofVlLeo.exe
  2⤵
  PID:8156
- C:\Windows\System\hBVNRuL.exe
  C:\Windows\System\hBVNRuL.exe
  2⤵
  PID:8172
- C:\Windows\System\PKnTEhR.exe
  C:\Windows\System\PKnTEhR.exe
  2⤵
  PID:8188
- C:\Windows\System\bVOZnnN.exe
  C:\Windows\System\bVOZnnN.exe
  2⤵
  PID:7204
- C:\Windows\System\tRvStct.exe
  C:\Windows\System\tRvStct.exe
  2⤵
  PID:7268
- C:\Windows\System\eXpPUnj.exe
  C:\Windows\System\eXpPUnj.exe
  2⤵
  PID:7328
- C:\Windows\System\JuqZxHn.exe
  C:\Windows\System\JuqZxHn.exe
  2⤵
  PID:7396
- C:\Windows\System\dCSSxGM.exe
  C:\Windows\System\dCSSxGM.exe
  2⤵
  PID:7424
- C:\Windows\System\hndktuR.exe
  C:\Windows\System\hndktuR.exe
  2⤵
  PID:7492
- C:\Windows\System\QXsZWWX.exe
  C:\Windows\System\QXsZWWX.exe
  2⤵
  PID:7556
- C:\Windows\System\slVVzFZ.exe
  C:\Windows\System\slVVzFZ.exe
  2⤵
  PID:6584
- C:\Windows\System\lLvJcje.exe
  C:\Windows\System\lLvJcje.exe
  2⤵
  PID:1928
- C:\Windows\System\jldeBzM.exe
  C:\Windows\System\jldeBzM.exe
  2⤵
  PID:6768
- C:\Windows\System\LauHaFl.exe
  C:\Windows\System\LauHaFl.exe
  2⤵
  PID:6940
- C:\Windows\System\fVAfSYq.exe
  C:\Windows\System\fVAfSYq.exe
  2⤵
  PID:7380
- C:\Windows\System\uaTqhOa.exe
  C:\Windows\System\uaTqhOa.exe
  2⤵
  PID:7472
- C:\Windows\System\nhPvLrG.exe
  C:\Windows\System\nhPvLrG.exe
  2⤵
  PID:7536
- C:\Windows\System\AesjxpY.exe
  C:\Windows\System\AesjxpY.exe
  2⤵
  PID:7348
- C:\Windows\System\YYFOgLy.exe
  C:\Windows\System\YYFOgLy.exe
  2⤵
  PID:7316
- C:\Windows\System\SKLKxNQ.exe
  C:\Windows\System\SKLKxNQ.exe
  2⤵
  PID:7248
- C:\Windows\System\KvHHlDo.exe
  C:\Windows\System\KvHHlDo.exe
  2⤵
  PID:7184
- C:\Windows\System\tEDpvph.exe
  C:\Windows\System\tEDpvph.exe
  2⤵
  PID:6644
- C:\Windows\System\IjampXT.exe
  C:\Windows\System\IjampXT.exe
  2⤵
  PID:1784
- C:\Windows\System\CpJvShB.exe
  C:\Windows\System\CpJvShB.exe
  2⤵
  PID:6192
- C:\Windows\System\XKpFHyI.exe
  C:\Windows\System\XKpFHyI.exe
  2⤵
  PID:6208
- C:\Windows\System\Zljgbvw.exe
  C:\Windows\System\Zljgbvw.exe
  2⤵
  PID:7144
- C:\Windows\System\OuNEjSh.exe
  C:\Windows\System\OuNEjSh.exe
  2⤵
  PID:7624
- C:\Windows\System\DTkHYcn.exe
  C:\Windows\System\DTkHYcn.exe
  2⤵
  PID:1020
- C:\Windows\System\WbAbHBK.exe
  C:\Windows\System\WbAbHBK.exe
  2⤵
  PID:2900
- C:\Windows\System\wvvpPnd.exe
  C:\Windows\System\wvvpPnd.exe
  2⤵
  PID:7688
- C:\Windows\System\MhfGgRe.exe
  C:\Windows\System\MhfGgRe.exe
  2⤵
  PID:7748
- C:\Windows\System\aQDrpzO.exe
  C:\Windows\System\aQDrpzO.exe
  2⤵
  PID:7752
- C:\Windows\System\SUXRYOe.exe
  C:\Windows\System\SUXRYOe.exe
  2⤵
  PID:7672
- C:\Windows\System\WlitsVh.exe
  C:\Windows\System\WlitsVh.exe
  2⤵
  PID:7848
- C:\Windows\System\zpCpslI.exe
  C:\Windows\System\zpCpslI.exe
  2⤵
  PID:7736
- C:\Windows\System\XwiohRg.exe
  C:\Windows\System\XwiohRg.exe
  2⤵
  PID:7912
- C:\Windows\System\eHwseMm.exe
  C:\Windows\System\eHwseMm.exe
  2⤵
  PID:8004
- C:\Windows\System\wsMNtxe.exe
  C:\Windows\System\wsMNtxe.exe
  2⤵
  PID:2896
- C:\Windows\System\EanBFNr.exe
  C:\Windows\System\EanBFNr.exe
  2⤵
  PID:8100
- C:\Windows\System\pyLGQLz.exe
  C:\Windows\System\pyLGQLz.exe
  2⤵
  PID:8168
- C:\Windows\System\MFXZBir.exe
  C:\Windows\System\MFXZBir.exe
  2⤵
  PID:7300
- C:\Windows\System\oxPAhzC.exe
  C:\Windows\System\oxPAhzC.exe
  2⤵
  PID:7392
- C:\Windows\System\hIkkPcT.exe
  C:\Windows\System\hIkkPcT.exe
  2⤵
  PID:6848
- C:\Windows\System\NtbxPoT.exe
  C:\Windows\System\NtbxPoT.exe
  2⤵
  PID:7604
- C:\Windows\System\OFCNaBa.exe
  C:\Windows\System\OFCNaBa.exe
  2⤵
  PID:7864
- C:\Windows\System\dWoQFYz.exe
  C:\Windows\System\dWoQFYz.exe
  2⤵
  PID:7828
- C:\Windows\System\JWMbOWQ.exe
  C:\Windows\System\JWMbOWQ.exe
  2⤵
  PID:2508
- C:\Windows\System\VhdKOoj.exe
  C:\Windows\System\VhdKOoj.exe
  2⤵
  PID:7896
- C:\Windows\System\dNvmOMu.exe
  C:\Windows\System\dNvmOMu.exe
  2⤵
  PID:7960
- C:\Windows\System\nuHBsSS.exe
  C:\Windows\System\nuHBsSS.exe
  2⤵
  PID:6468
- C:\Windows\System\putGYSB.exe
  C:\Windows\System\putGYSB.exe
  2⤵
  PID:6932
- C:\Windows\System\SBwrVMU.exe
  C:\Windows\System\SBwrVMU.exe
  2⤵
  PID:7344
- C:\Windows\System\gyLjaha.exe
  C:\Windows\System\gyLjaha.exe
  2⤵
  PID:2708
- C:\Windows\System\qlUfyzd.exe
  C:\Windows\System\qlUfyzd.exe
  2⤵
  PID:1740
- C:\Windows\System\ZuFcFBa.exe
  C:\Windows\System\ZuFcFBa.exe
  2⤵
  PID:8184
- C:\Windows\System\QMWRpSF.exe
  C:\Windows\System\QMWRpSF.exe
  2⤵
  PID:8120
- C:\Windows\System\eTOBGCy.exe
  C:\Windows\System\eTOBGCy.exe
  2⤵
  PID:8056
- C:\Windows\System\VjLpQdU.exe
  C:\Windows\System\VjLpQdU.exe
  2⤵
  PID:1504
- C:\Windows\System\SntXzPR.exe
  C:\Windows\System\SntXzPR.exe
  2⤵
  PID:7068
- C:\Windows\System\ordDuta.exe
  C:\Windows\System\ordDuta.exe
  2⤵
  PID:7684
- C:\Windows\System\NpHCHWW.exe
  C:\Windows\System\NpHCHWW.exe
  2⤵
  PID:7784
- C:\Windows\System\QIyvbgc.exe
  C:\Windows\System\QIyvbgc.exe
  2⤵
  PID:8008
- C:\Windows\System\qNoUuhB.exe
  C:\Windows\System\qNoUuhB.exe
  2⤵
  PID:1076
- C:\Windows\System\NGQSdaJ.exe
  C:\Windows\System\NGQSdaJ.exe
  2⤵
  PID:7524
- C:\Windows\System\KOjDvPD.exe
  C:\Windows\System\KOjDvPD.exe
  2⤵
  PID:7768
- C:\Windows\System\vkLUDOm.exe
  C:\Windows\System\vkLUDOm.exe
  2⤵
  PID:6776
- C:\Windows\System\beosYxd.exe
  C:\Windows\System\beosYxd.exe
  2⤵
  PID:7488
- C:\Windows\System\czQnISS.exe
  C:\Windows\System\czQnISS.exe
  2⤵
  PID:7668
- C:\Windows\System\smAGyuu.exe
  C:\Windows\System\smAGyuu.exe
  2⤵
  PID:8024
- C:\Windows\System\IXhqkaz.exe
  C:\Windows\System\IXhqkaz.exe
  2⤵
  PID:8208
- C:\Windows\System\wGMxqsK.exe
  C:\Windows\System\wGMxqsK.exe
  2⤵
  PID:8224
- C:\Windows\System\ZwdctwE.exe
  C:\Windows\System\ZwdctwE.exe
  2⤵
  PID:8244
- C:\Windows\System\pUGGZun.exe
  C:\Windows\System\pUGGZun.exe
  2⤵
  PID:8260
- C:\Windows\System\gtCyHuG.exe
  C:\Windows\System\gtCyHuG.exe
  2⤵
  PID:8276
- C:\Windows\System\rqHaycZ.exe
  C:\Windows\System\rqHaycZ.exe
  2⤵
  PID:8292
- C:\Windows\System\cMJmiSo.exe
  C:\Windows\System\cMJmiSo.exe
  2⤵
  PID:8308
- C:\Windows\System\JwNQDBm.exe
  C:\Windows\System\JwNQDBm.exe
  2⤵
  PID:8340
- C:\Windows\System\vXzRJyX.exe
  C:\Windows\System\vXzRJyX.exe
  2⤵
  PID:8364
- C:\Windows\System\cKHMfPO.exe
  C:\Windows\System\cKHMfPO.exe
  2⤵
  PID:8404
- C:\Windows\System\tQmuiZC.exe
  C:\Windows\System\tQmuiZC.exe
  2⤵
  PID:8424
- C:\Windows\System\VhiOXwu.exe
  C:\Windows\System\VhiOXwu.exe
  2⤵
  PID:8440
- C:\Windows\System\xvaZyOU.exe
  C:\Windows\System\xvaZyOU.exe
  2⤵
  PID:8456
- C:\Windows\System\ujhqjwx.exe
  C:\Windows\System\ujhqjwx.exe
  2⤵
  PID:8472
- C:\Windows\System\xqMalER.exe
  C:\Windows\System\xqMalER.exe
  2⤵
  PID:8488
- C:\Windows\System\NrfKXIa.exe
  C:\Windows\System\NrfKXIa.exe
  2⤵
  PID:8504
- C:\Windows\System\TuABcXK.exe
  C:\Windows\System\TuABcXK.exe
  2⤵
  PID:8520
- C:\Windows\System\Ejayowp.exe
  C:\Windows\System\Ejayowp.exe
  2⤵
  PID:8536
- C:\Windows\System\YiXcABZ.exe
  C:\Windows\System\YiXcABZ.exe
  2⤵
  PID:8552
- C:\Windows\System\efSQDkH.exe
  C:\Windows\System\efSQDkH.exe
  2⤵
  PID:8568
- C:\Windows\System\zgcjnqX.exe
  C:\Windows\System\zgcjnqX.exe
  2⤵
  PID:8584
- C:\Windows\System\pkHcobd.exe
  C:\Windows\System\pkHcobd.exe
  2⤵
  PID:8600
- C:\Windows\System\ZfjXpXq.exe
  C:\Windows\System\ZfjXpXq.exe
  2⤵
  PID:8616
- C:\Windows\System\DQJLJrd.exe
  C:\Windows\System\DQJLJrd.exe
  2⤵
  PID:8632
- C:\Windows\System\mMBrJqD.exe
  C:\Windows\System\mMBrJqD.exe
  2⤵
  PID:8648
- C:\Windows\System\PYpMoBa.exe
  C:\Windows\System\PYpMoBa.exe
  2⤵
  PID:8664
- C:\Windows\System\zqNrOcy.exe
  C:\Windows\System\zqNrOcy.exe
  2⤵
  PID:8680
- C:\Windows\System\irlgfUC.exe
  C:\Windows\System\irlgfUC.exe
  2⤵
  PID:8696
- C:\Windows\System\YqWPORk.exe
  C:\Windows\System\YqWPORk.exe
  2⤵
  PID:8716
- C:\Windows\System\ceDimJk.exe
  C:\Windows\System\ceDimJk.exe
  2⤵
  PID:8732
- C:\Windows\System\TrEYOCb.exe
  C:\Windows\System\TrEYOCb.exe
  2⤵
  PID:8748
- C:\Windows\System\jxDQbkM.exe
  C:\Windows\System\jxDQbkM.exe
  2⤵
  PID:8764
- C:\Windows\System\YxcRnJL.exe
  C:\Windows\System\YxcRnJL.exe
  2⤵
  PID:8780
- C:\Windows\System\ThbwDiG.exe
  C:\Windows\System\ThbwDiG.exe
  2⤵
  PID:8796
- C:\Windows\System\WMmEXWU.exe
  C:\Windows\System\WMmEXWU.exe
  2⤵
  PID:8820
- C:\Windows\System\PoiJtel.exe
  C:\Windows\System\PoiJtel.exe
  2⤵
  PID:8840
- C:\Windows\System\abKviRX.exe
  C:\Windows\System\abKviRX.exe
  2⤵
  PID:8856
- C:\Windows\System\wEgHuxm.exe
  C:\Windows\System\wEgHuxm.exe
  2⤵
  PID:8872
- C:\Windows\System\tFgambc.exe
  C:\Windows\System\tFgambc.exe
  2⤵
  PID:8888
- C:\Windows\System\UGIiVKw.exe
  C:\Windows\System\UGIiVKw.exe
  2⤵
  PID:8904
- C:\Windows\System\gRcIhYk.exe
  C:\Windows\System\gRcIhYk.exe
  2⤵
  PID:8924
- C:\Windows\System\goglToG.exe
  C:\Windows\System\goglToG.exe
  2⤵
  PID:8940
- C:\Windows\System\zKGpQjh.exe
  C:\Windows\System\zKGpQjh.exe
  2⤵
  PID:8956
- C:\Windows\System\QdRaIqv.exe
  C:\Windows\System\QdRaIqv.exe
  2⤵
  PID:8972
- C:\Windows\System\kuEWTXR.exe
  C:\Windows\System\kuEWTXR.exe
  2⤵
  PID:8988
- C:\Windows\System\ExpLRdl.exe
  C:\Windows\System\ExpLRdl.exe
  2⤵
  PID:9004
- C:\Windows\System\wquthlT.exe
  C:\Windows\System\wquthlT.exe
  2⤵
  PID:9020
- C:\Windows\System\ZbjwDHe.exe
  C:\Windows\System\ZbjwDHe.exe
  2⤵
  PID:9036
- C:\Windows\System\CncsJOc.exe
  C:\Windows\System\CncsJOc.exe
  2⤵
  PID:9052
- C:\Windows\System\xyUTVWT.exe
  C:\Windows\System\xyUTVWT.exe
  2⤵
  PID:9068
- C:\Windows\System\DdgzqGt.exe
  C:\Windows\System\DdgzqGt.exe
  2⤵
  PID:9084
- C:\Windows\System\Qhxqpwr.exe
  C:\Windows\System\Qhxqpwr.exe
  2⤵
  PID:9100
- C:\Windows\System\NeVhzXl.exe
  C:\Windows\System\NeVhzXl.exe
  2⤵
  PID:9116
- C:\Windows\System\fatmBeo.exe
  C:\Windows\System\fatmBeo.exe
  2⤵
  PID:9132
- C:\Windows\System\bayLhAN.exe
  C:\Windows\System\bayLhAN.exe
  2⤵
  PID:9148
- C:\Windows\System\PpaeGBN.exe
  C:\Windows\System\PpaeGBN.exe
  2⤵
  PID:9164
- C:\Windows\System\qziPmmC.exe
  C:\Windows\System\qziPmmC.exe
  2⤵
  PID:9180
- C:\Windows\System\INbMuuH.exe
  C:\Windows\System\INbMuuH.exe
  2⤵
  PID:9196
- C:\Windows\System\CLsRKbI.exe
  C:\Windows\System\CLsRKbI.exe
  2⤵
  PID:9212
- C:\Windows\System\SxsXneY.exe
  C:\Windows\System\SxsXneY.exe
  2⤵
  PID:8072
- C:\Windows\System\hYOieKA.exe
  C:\Windows\System\hYOieKA.exe
  2⤵
  PID:7616
- C:\Windows\System\OPNGxPO.exe
  C:\Windows\System\OPNGxPO.exe
  2⤵
  PID:7832
- C:\Windows\System\DEvttBn.exe
  C:\Windows\System\DEvttBn.exe
  2⤵
  PID:6880
- C:\Windows\System\zwQQZJx.exe
  C:\Windows\System\zwQQZJx.exe
  2⤵
  PID:7364
- C:\Windows\System\RkoCYIh.exe
  C:\Windows\System\RkoCYIh.exe
  2⤵
  PID:8164
- C:\Windows\System\LMETJeQ.exe
  C:\Windows\System\LMETJeQ.exe
  2⤵
  PID:8200
- C:\Windows\System\oqcPSYS.exe
  C:\Windows\System\oqcPSYS.exe
  2⤵
  PID:6536
- C:\Windows\System\sJDiysv.exe
  C:\Windows\System\sJDiysv.exe
  2⤵
  PID:7720
- C:\Windows\System\sMafPpR.exe
  C:\Windows\System\sMafPpR.exe
  2⤵
  PID:7504
- C:\Windows\System\ewEbwAi.exe
  C:\Windows\System\ewEbwAi.exe
  2⤵
  PID:7508
- C:\Windows\System\QDRXqMp.exe
  C:\Windows\System\QDRXqMp.exe
  2⤵
  PID:592
- C:\Windows\System\EwGEUqw.exe
  C:\Windows\System\EwGEUqw.exe
  2⤵
  PID:8232
- C:\Windows\System\FVNwNZW.exe
  C:\Windows\System\FVNwNZW.exe
  2⤵
  PID:8252
- C:\Windows\System\mazzkje.exe
  C:\Windows\System\mazzkje.exe
  2⤵
  PID:8268
- C:\Windows\System\HLAngiX.exe
  C:\Windows\System\HLAngiX.exe
  2⤵
  PID:8272
- C:\Windows\System\RRlXQzh.exe
  C:\Windows\System\RRlXQzh.exe
  2⤵
  PID:8304
- C:\Windows\System\yHlNOrj.exe
  C:\Windows\System\yHlNOrj.exe
  2⤵
  PID:8324
- C:\Windows\System\uDNYOsp.exe
  C:\Windows\System\uDNYOsp.exe
  2⤵
  PID:8348
- C:\Windows\System\OBHucPy.exe
  C:\Windows\System\OBHucPy.exe
  2⤵
  PID:8360
- C:\Windows\System\ZJnkXwr.exe
  C:\Windows\System\ZJnkXwr.exe
  2⤵
  PID:8380
- C:\Windows\System\zMpPpYh.exe
  C:\Windows\System\zMpPpYh.exe
  2⤵
  PID:8396
- C:\Windows\System\lGsRRka.exe
  C:\Windows\System\lGsRRka.exe
  2⤵
  PID:284
- C:\Windows\System\tTJWUuK.exe
  C:\Windows\System\tTJWUuK.exe
  2⤵
  PID:8500
- C:\Windows\System\LDWvGtj.exe
  C:\Windows\System\LDWvGtj.exe
  2⤵
  PID:8564
- C:\Windows\System\ZxoVVaS.exe
  C:\Windows\System\ZxoVVaS.exe
  2⤵
  PID:8628
- C:\Windows\System\laEyOaf.exe
  C:\Windows\System\laEyOaf.exe
  2⤵
  PID:8692
- C:\Windows\System\sRjqpzh.exe
  C:\Windows\System\sRjqpzh.exe
  2⤵
  PID:8580
- C:\Windows\System\NPauaqg.exe
  C:\Windows\System\NPauaqg.exe
  2⤵
  PID:8644
- C:\Windows\System\fxOfQYv.exe
  C:\Windows\System\fxOfQYv.exe
  2⤵
  PID:8724
- C:\Windows\System\vJlqrVC.exe
  C:\Windows\System\vJlqrVC.exe
  2⤵
  PID:8708
- C:\Windows\System\cYTlzYn.exe
  C:\Windows\System\cYTlzYn.exe
  2⤵
  PID:8480
- C:\Windows\System\juqItBc.exe
  C:\Windows\System\juqItBc.exe
  2⤵
  PID:8772
- C:\Windows\System\HSgRHtO.exe
  C:\Windows\System\HSgRHtO.exe
  2⤵
  PID:8808
- C:\Windows\System\sKQcNIG.exe
  C:\Windows\System\sKQcNIG.exe
  2⤵
  PID:8812
- C:\Windows\System\YZQHZbu.exe
  C:\Windows\System\YZQHZbu.exe
  2⤵
  PID:8920
- C:\Windows\System\cwfYNUq.exe
  C:\Windows\System\cwfYNUq.exe
  2⤵
  PID:8984
- C:\Windows\System\WhTRDHS.exe
  C:\Windows\System\WhTRDHS.exe
  2⤵
  PID:8816
- C:\Windows\System\jfOWUbV.exe
  C:\Windows\System\jfOWUbV.exe
  2⤵
  PID:8788
- C:\Windows\System\LesYXbG.exe
  C:\Windows\System\LesYXbG.exe
  2⤵
  PID:9048
- C:\Windows\System\FbILHDj.exe
  C:\Windows\System\FbILHDj.exe
  2⤵
  PID:9112
- C:\Windows\System\hLKJRLw.exe
  C:\Windows\System\hLKJRLw.exe
  2⤵
  PID:8828
- C:\Windows\System\BcHOpEO.exe
  C:\Windows\System\BcHOpEO.exe
  2⤵
  PID:8900
- C:\Windows\System\ZPCuMmK.exe
  C:\Windows\System\ZPCuMmK.exe
  2⤵
  PID:9208
- C:\Windows\System\rFtqwIO.exe
  C:\Windows\System\rFtqwIO.exe
  2⤵
  PID:6660
- C:\Windows\System\tVDiFyu.exe
  C:\Windows\System\tVDiFyu.exe
  2⤵
  PID:6176
- C:\Windows\System\sohGuBM.exe
  C:\Windows\System\sohGuBM.exe
  2⤵
  PID:8968
- C:\Windows\System\MmxFWHV.exe
  C:\Windows\System\MmxFWHV.exe
  2⤵
  PID:9032
- C:\Windows\System\JxAsXOK.exe
  C:\Windows\System\JxAsXOK.exe
  2⤵
  PID:9124
- C:\Windows\System\StWKDns.exe
  C:\Windows\System\StWKDns.exe
  2⤵
  PID:2824
- C:\Windows\System\ehhJCNe.exe
  C:\Windows\System\ehhJCNe.exe
  2⤵
  PID:9092
- C:\Windows\System\bqZyfKm.exe
  C:\Windows\System\bqZyfKm.exe
  2⤵
  PID:1232
- C:\Windows\System\vNcAiSh.exe
  C:\Windows\System\vNcAiSh.exe
  2⤵
  PID:7640
- C:\Windows\System\cAdWUkQ.exe
  C:\Windows\System\cAdWUkQ.exe
  2⤵
  PID:8356
- C:\Windows\System\iwsCoGt.exe
  C:\Windows\System\iwsCoGt.exe
  2⤵
  PID:7188
- C:\Windows\System\pqGyAtD.exe
  C:\Windows\System\pqGyAtD.exe
  2⤵
  PID:7976
- C:\Windows\System\EALsCon.exe
  C:\Windows\System\EALsCon.exe
  2⤵
  PID:8388
- C:\Windows\System\aMxNpwi.exe
  C:\Windows\System\aMxNpwi.exe
  2⤵
  PID:8624
- C:\Windows\System\XujarAw.exe
  C:\Windows\System\XujarAw.exe
  2⤵
  PID:8676
- C:\Windows\System\mfRBOYv.exe
  C:\Windows\System\mfRBOYv.exe
  2⤵
  PID:856
- C:\Windows\System\dnmUEDv.exe
  C:\Windows\System\dnmUEDv.exe
  2⤵
  PID:8300
- C:\Windows\System\yDJxJvs.exe
  C:\Windows\System\yDJxJvs.exe
  2⤵
  PID:8484
- C:\Windows\System\KzoGcQB.exe
  C:\Windows\System\KzoGcQB.exe
  2⤵
  PID:8916
- C:\Windows\System\pfAtcOc.exe
  C:\Windows\System\pfAtcOc.exe
  2⤵
  PID:8728
- C:\Windows\System\ZQmDAsr.exe
  C:\Windows\System\ZQmDAsr.exe
  2⤵
  PID:9172
- C:\Windows\System\sHvHNtV.exe
  C:\Windows\System\sHvHNtV.exe
  2⤵
  PID:6516
- C:\Windows\System\bfBdjbE.exe
  C:\Windows\System\bfBdjbE.exe
  2⤵
  PID:8020
- C:\Windows\System\qDsqDoo.exe
  C:\Windows\System\qDsqDoo.exe
  2⤵
  PID:7892
- C:\Windows\System\XhJGzfV.exe
  C:\Windows\System\XhJGzfV.exe
  2⤵
  PID:7732
- C:\Windows\System\YtAbGzw.exe
  C:\Windows\System\YtAbGzw.exe
  2⤵
  PID:8864
- C:\Windows\System\rdVcUPX.exe
  C:\Windows\System\rdVcUPX.exe
  2⤵
  PID:8132
- C:\Windows\System\uJfvYSZ.exe
  C:\Windows\System\uJfvYSZ.exe
  2⤵
  PID:8512
- C:\Windows\System\NiLabVN.exe
  C:\Windows\System\NiLabVN.exe
  2⤵
  PID:9236
- C:\Windows\System\FhrGWhz.exe
  C:\Windows\System\FhrGWhz.exe
  2⤵
  PID:9252
- C:\Windows\System\WWIxYCV.exe
  C:\Windows\System\WWIxYCV.exe
  2⤵
  PID:9268
- C:\Windows\System\llaqxTi.exe
  C:\Windows\System\llaqxTi.exe
  2⤵
  PID:9284
- C:\Windows\System\jaxcQEy.exe
  C:\Windows\System\jaxcQEy.exe
  2⤵
  PID:9300
- C:\Windows\System\BKipifg.exe
  C:\Windows\System\BKipifg.exe
  2⤵
  PID:9316
- C:\Windows\System\Qzxyqft.exe
  C:\Windows\System\Qzxyqft.exe
  2⤵
  PID:9332
- C:\Windows\System\rNSxLSi.exe
  C:\Windows\System\rNSxLSi.exe
  2⤵
  PID:9348
- C:\Windows\System\clLFtnZ.exe
  C:\Windows\System\clLFtnZ.exe
  2⤵
  PID:9364
- C:\Windows\System\gQOdUEV.exe
  C:\Windows\System\gQOdUEV.exe
  2⤵
  PID:9380
- C:\Windows\System\tTICBxT.exe
  C:\Windows\System\tTICBxT.exe
  2⤵
  PID:9396
- C:\Windows\System\nBfFJyP.exe
  C:\Windows\System\nBfFJyP.exe
  2⤵
  PID:9412
- C:\Windows\System\ZpuaFwp.exe
  C:\Windows\System\ZpuaFwp.exe
  2⤵
  PID:9428
- C:\Windows\System\yhxROLW.exe
  C:\Windows\System\yhxROLW.exe
  2⤵
  PID:9444
- C:\Windows\System\ObYsFkn.exe
  C:\Windows\System\ObYsFkn.exe
  2⤵
  PID:9460
- C:\Windows\System\VRbloyd.exe
  C:\Windows\System\VRbloyd.exe
  2⤵
  PID:9476
- C:\Windows\System\HMuAzcR.exe
  C:\Windows\System\HMuAzcR.exe
  2⤵
  PID:9492
- C:\Windows\System\sAAKDuI.exe
  C:\Windows\System\sAAKDuI.exe
  2⤵
  PID:9508
- C:\Windows\System\VcUgArX.exe
  C:\Windows\System\VcUgArX.exe
  2⤵
  PID:9524
- C:\Windows\System\ctdknjv.exe
  C:\Windows\System\ctdknjv.exe
  2⤵
  PID:9540
- C:\Windows\System\fUSpVpO.exe
  C:\Windows\System\fUSpVpO.exe
  2⤵
  PID:9556
- C:\Windows\System\iTLfggp.exe
  C:\Windows\System\iTLfggp.exe
  2⤵
  PID:9572
- C:\Windows\System\MMbKtMp.exe
  C:\Windows\System\MMbKtMp.exe
  2⤵
  PID:9588
- C:\Windows\System\fflHBKG.exe
  C:\Windows\System\fflHBKG.exe
  2⤵
  PID:9604
- C:\Windows\System\QJDtFnk.exe
  C:\Windows\System\QJDtFnk.exe
  2⤵
  PID:9620
- C:\Windows\System\Cwslfdr.exe
  C:\Windows\System\Cwslfdr.exe
  2⤵
  PID:9636
- C:\Windows\System\qPwcdBV.exe
  C:\Windows\System\qPwcdBV.exe
  2⤵
  PID:9652
- C:\Windows\System\ZtKansA.exe
  C:\Windows\System\ZtKansA.exe
  2⤵
  PID:9668
- C:\Windows\System\TiRzXhv.exe
  C:\Windows\System\TiRzXhv.exe
  2⤵
  PID:9684
- C:\Windows\System\XqOreMq.exe
  C:\Windows\System\XqOreMq.exe
  2⤵
  PID:9700
- C:\Windows\System\jyJTgRL.exe
  C:\Windows\System\jyJTgRL.exe
  2⤵
  PID:9716
- C:\Windows\System\mVncXmK.exe
  C:\Windows\System\mVncXmK.exe
  2⤵
  PID:9732
- C:\Windows\System\xNGuQao.exe
  C:\Windows\System\xNGuQao.exe
  2⤵
  PID:9748
- C:\Windows\System\kaQKHEc.exe
  C:\Windows\System\kaQKHEc.exe
  2⤵
  PID:9764
- C:\Windows\System\xktjwGA.exe
  C:\Windows\System\xktjwGA.exe
  2⤵
  PID:9780
- C:\Windows\System\fsOVMsr.exe
  C:\Windows\System\fsOVMsr.exe
  2⤵
  PID:9796
- C:\Windows\System\rfupRuv.exe
  C:\Windows\System\rfupRuv.exe
  2⤵
  PID:9812
- C:\Windows\System\lACVyTW.exe
  C:\Windows\System\lACVyTW.exe
  2⤵
  PID:9828
- C:\Windows\System\tDYqcTx.exe
  C:\Windows\System\tDYqcTx.exe
  2⤵
  PID:9844
- C:\Windows\System\kbBlpaC.exe
  C:\Windows\System\kbBlpaC.exe
  2⤵
  PID:9860
- C:\Windows\System\htSWeMr.exe
  C:\Windows\System\htSWeMr.exe
  2⤵
  PID:9876
- C:\Windows\System\ItOODJa.exe
  C:\Windows\System\ItOODJa.exe
  2⤵
  PID:9892
- C:\Windows\System\OBkzckJ.exe
  C:\Windows\System\OBkzckJ.exe
  2⤵
  PID:9908
- C:\Windows\System\ybGecPs.exe
  C:\Windows\System\ybGecPs.exe
  2⤵
  PID:9924
- C:\Windows\System\ijwGwAl.exe
  C:\Windows\System\ijwGwAl.exe
  2⤵
  PID:9940
- C:\Windows\System\MStNcsl.exe
  C:\Windows\System\MStNcsl.exe
  2⤵
  PID:9956
- C:\Windows\System\gIWfBPm.exe
  C:\Windows\System\gIWfBPm.exe
  2⤵
  PID:9972
- C:\Windows\System\GzTVepz.exe
  C:\Windows\System\GzTVepz.exe
  2⤵
  PID:9988
- C:\Windows\System\UntHaeD.exe
  C:\Windows\System\UntHaeD.exe
  2⤵
  PID:10004
- C:\Windows\System\HkeguqC.exe
  C:\Windows\System\HkeguqC.exe
  2⤵
  PID:10020
- C:\Windows\System\KqCrmNe.exe
  C:\Windows\System\KqCrmNe.exe
  2⤵
  PID:10036
- C:\Windows\System\eSinyEx.exe
  C:\Windows\System\eSinyEx.exe
  2⤵
  PID:10052
- C:\Windows\System\IbQiJeu.exe
  C:\Windows\System\IbQiJeu.exe
  2⤵
  PID:10068
- C:\Windows\System\gmwYRKp.exe
  C:\Windows\System\gmwYRKp.exe
  2⤵
  PID:10084
- C:\Windows\System\xPuElKe.exe
  C:\Windows\System\xPuElKe.exe
  2⤵
  PID:10100
- C:\Windows\System\UoHWyzy.exe
  C:\Windows\System\UoHWyzy.exe
  2⤵
  PID:10116
- C:\Windows\System\DvHBCbP.exe
  C:\Windows\System\DvHBCbP.exe
  2⤵
  PID:10132
- C:\Windows\System\QACjmyv.exe
  C:\Windows\System\QACjmyv.exe
  2⤵
  PID:10148
- C:\Windows\System\ngtVxVc.exe
  C:\Windows\System\ngtVxVc.exe
  2⤵
  PID:10168
- C:\Windows\System\FcaOBvA.exe
  C:\Windows\System\FcaOBvA.exe
  2⤵
  PID:10184
- C:\Windows\System\MjXukuk.exe
  C:\Windows\System\MjXukuk.exe
  2⤵
  PID:10200
- C:\Windows\System\XdXiQhx.exe
  C:\Windows\System\XdXiQhx.exe
  2⤵
  PID:10216
- C:\Windows\System\YDftplJ.exe
  C:\Windows\System\YDftplJ.exe
  2⤵
  PID:10232
- C:\Windows\System\KHJQDSO.exe
  C:\Windows\System\KHJQDSO.exe
  2⤵
  PID:1112
- C:\Windows\System\BeGEJbo.exe
  C:\Windows\System\BeGEJbo.exe
  2⤵
  PID:8756
- C:\Windows\System\mRqNvVh.exe
  C:\Windows\System\mRqNvVh.exe
  2⤵
  PID:8560
- C:\Windows\System\eAFhMPC.exe
  C:\Windows\System\eAFhMPC.exe
  2⤵
  PID:8640
- C:\Windows\System\igZFSuX.exe
  C:\Windows\System\igZFSuX.exe
  2⤵
  PID:7252
- C:\Windows\System\PHxTeen.exe
  C:\Windows\System\PHxTeen.exe
  2⤵
  PID:8496
- C:\Windows\System\VwvOnGW.exe
  C:\Windows\System\VwvOnGW.exe
  2⤵
  PID:8884
- C:\Windows\System\rTFjoDQ.exe
  C:\Windows\System\rTFjoDQ.exe
  2⤵
  PID:2796
- C:\Windows\System\SEfJeYm.exe
  C:\Windows\System\SEfJeYm.exe
  2⤵
  PID:8448
- C:\Windows\System\xlxDHOW.exe
  C:\Windows\System\xlxDHOW.exe
  2⤵
  PID:8548
- C:\Windows\System\HcVcVNP.exe
  C:\Windows\System\HcVcVNP.exe
  2⤵
  PID:9160
- C:\Windows\System\KePNKJX.exe
  C:\Windows\System\KePNKJX.exe
  2⤵
  PID:8964
- C:\Windows\System\McNyapb.exe
  C:\Windows\System\McNyapb.exe
  2⤵
  PID:8836
- C:\Windows\System\CPeCzBZ.exe
  C:\Windows\System\CPeCzBZ.exe
  2⤵
  PID:8852
- C:\Windows\System\YPdFkkE.exe
  C:\Windows\System\YPdFkkE.exe
  2⤵
  PID:684
- C:\Windows\System\kmNxolc.exe
  C:\Windows\System\kmNxolc.exe
  2⤵
  PID:9248
- C:\Windows\System\HOImEzd.exe
  C:\Windows\System\HOImEzd.exe
  2⤵
  PID:9436
- C:\Windows\System\KNyxQxx.exe
  C:\Windows\System\KNyxQxx.exe
  2⤵
  PID:9264
- C:\Windows\System\XZHTDOu.exe
  C:\Windows\System\XZHTDOu.exe
  2⤵
  PID:9324
- C:\Windows\System\PGIUsqg.exe
  C:\Windows\System\PGIUsqg.exe
  2⤵
  PID:9296
- C:\Windows\System\pTwGtTh.exe
  C:\Windows\System\pTwGtTh.exe
  2⤵
  PID:9392
- C:\Windows\System\OTnavXl.exe
  C:\Windows\System\OTnavXl.exe
  2⤵
  PID:9456
- C:\Windows\System\wVgdhqw.exe
  C:\Windows\System\wVgdhqw.exe
  2⤵
  PID:9536
- C:\Windows\System\FVaJRck.exe
  C:\Windows\System\FVaJRck.exe
  2⤵
  PID:9600
- C:\Windows\System\kayHLXj.exe
  C:\Windows\System\kayHLXj.exe
  2⤵
  PID:9664
- C:\Windows\System\PkYXBLl.exe
  C:\Windows\System\PkYXBLl.exe
  2⤵
  PID:9728
- C:\Windows\System\KAlJKds.exe
  C:\Windows\System\KAlJKds.exe
  2⤵
  PID:9520
- C:\Windows\System\QMoBOFG.exe
  C:\Windows\System\QMoBOFG.exe
  2⤵
  PID:9516
- C:\Windows\System\DPZDElG.exe
  C:\Windows\System\DPZDElG.exe
  2⤵
  PID:9612
- C:\Windows\System\yNwyLhg.exe
  C:\Windows\System\yNwyLhg.exe
  2⤵
  PID:9648
- C:\Windows\System\nbBKDmU.exe
  C:\Windows\System\nbBKDmU.exe
  2⤵
  PID:9856
- C:\Windows\System\cgzryGU.exe
  C:\Windows\System\cgzryGU.exe
  2⤵
  PID:9740
- C:\Windows\System\HztOAnk.exe
  C:\Windows\System\HztOAnk.exe
  2⤵
  PID:9804
- C:\Windows\System\FgXqncy.exe
  C:\Windows\System\FgXqncy.exe
  2⤵
  PID:9868
- C:\Windows\System\HCMrvGs.exe
  C:\Windows\System\HCMrvGs.exe
  2⤵
  PID:9948
- C:\Windows\System\cELxNqr.exe
  C:\Windows\System\cELxNqr.exe
  2⤵
  PID:10012
- C:\Windows\System\AGsvTLE.exe
  C:\Windows\System\AGsvTLE.exe
  2⤵
  PID:10044
- C:\Windows\System\DfGEUzQ.exe
  C:\Windows\System\DfGEUzQ.exe
  2⤵
  PID:10080
- C:\Windows\System\AYklkxU.exe
  C:\Windows\System\AYklkxU.exe
  2⤵
  PID:10144
- C:\Windows\System\mEkFBZm.exe
  C:\Windows\System\mEkFBZm.exe
  2⤵
  PID:10208
- C:\Windows\System\qsMvtPi.exe
  C:\Windows\System\qsMvtPi.exe
  2⤵
  PID:10000
- C:\Windows\System\MBQlHEe.exe
  C:\Windows\System\MBQlHEe.exe
  2⤵
  PID:9932
- C:\Windows\System\jkAIVaw.exe
  C:\Windows\System\jkAIVaw.exe
  2⤵
  PID:10032
- C:\Windows\System\pMDDvQN.exe
  C:\Windows\System\pMDDvQN.exe
  2⤵
  PID:10064
- C:\Windows\System\mrpxbge.exe
  C:\Windows\System\mrpxbge.exe
  2⤵
  PID:10124
- C:\Windows\System\lSgwRvj.exe
  C:\Windows\System\lSgwRvj.exe
  2⤵
  PID:10228
- C:\Windows\System\TUJVIeI.exe
  C:\Windows\System\TUJVIeI.exe
  2⤵
  PID:8612
- C:\Windows\System\KSicBXu.exe
  C:\Windows\System\KSicBXu.exe
  2⤵
  PID:8760
- C:\Windows\System\WZoyZEc.exe
  C:\Windows\System\WZoyZEc.exe
  2⤵
  PID:7956
- C:\Windows\System\VuKfMma.exe
  C:\Windows\System\VuKfMma.exe
  2⤵
  PID:8576
- C:\Windows\System\pCVSVsC.exe
  C:\Windows\System\pCVSVsC.exe
  2⤵
  PID:8804
- C:\Windows\System\oGkiFvu.exe
  C:\Windows\System\oGkiFvu.exe
  2⤵
  PID:9080
- C:\Windows\System\LPQAcAS.exe
  C:\Windows\System\LPQAcAS.exe
  2⤵
  PID:9228
- C:\Windows\System\nxofUVj.exe
  C:\Windows\System\nxofUVj.exe
  2⤵
  PID:9312
- C:\Windows\System\WySRyfj.exe
  C:\Windows\System\WySRyfj.exe
  2⤵
  PID:9376
- C:\Windows\System\MdWBpsv.exe
  C:\Windows\System\MdWBpsv.exe
  2⤵
  PID:9404
- C:\Windows\System\ddudFOe.exe
  C:\Windows\System\ddudFOe.exe
  2⤵
  PID:9632
- C:\Windows\System\IDLYopl.exe
  C:\Windows\System\IDLYopl.exe
  2⤵
  PID:9532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BHZnQDL.exe

Filesize
6.0MB

MD5
c0a993572aeabbe6e0e9ab233331463f

SHA1
1a0fbefe4949c3adc40a2f54704ff6a24e844fc6

SHA256
6a21b796f4adb59c53e9ff034e588a7b00273fb2ae0f2e336e48bb1b16b1815c

SHA512
9a862db97e8a02a2727db2e1fb3085e423b22a4774983b30a29d9209dffbf8a9288d7abaf250604368b19ee43ebd3c8ae636011873cafb305b62d98aff09f8e5

Download Submit
C:\Windows\system\DsuBvyr.exe

Filesize
6.0MB

MD5
55a6fe46e288e81526b5f43f487fea23

SHA1
9f5b8cd52aa1c70bf9b70e8ab94d3a77da3ac1fc

SHA256
977098b92dcca22f5273666a3c6e771a2c5e6d55e5a349dfb509c3ed3945035e

SHA512
abb91f8a3d62aa526aba840b5d29b3b3581f3f7c4b8ed462bf800b61f1947619279a3cc0ebbe21b3bf0c0196bafbf2274bdadafe4dca4bfd5752637573e340b6

Download Submit
C:\Windows\system\EmMszWl.exe

Filesize
6.0MB

MD5
c92a6f37c01841f72f60faa6a99163ae

SHA1
2aa1674538675f785a4f5ee907ec2fd2aac559bb

SHA256
2f0b28f6a197fd71ef389d01644584a1cf4d2e2b9d0973fecfcb359378a6e939

SHA512
280409bd1cc4fc9b627cd52538bb6d9d96056f40670ab720d2def6d54c73c9a1f17dd22f69a60069481a226bff83aaef8ad2cc8b48598c28ec3dfa8ebef94cf1

Download Submit
C:\Windows\system\FeaqPty.exe

Filesize
6.0MB

MD5
e87a37a87f64e9dc7f50135bce5a1ff7

SHA1
aca38c0efbd513482fbc4a0bc37ad391189d3266

SHA256
44887110a0a986b1e4abb049f90477ea4e01af60e36bb1f1d5ebdb4901420e8f

SHA512
d07bcdf460261a1c0a29ab2a363e425675cbdfbb422c26159ef058b0174c09f09420db3dcdb7884046de071b6aa0236d5fc58620dc1432b4dd1cdaf534b834be

Download Submit
C:\Windows\system\HtozReb.exe

Filesize
6.0MB

MD5
ed9d3f6c2e0ece7db2bafad34a95a66f

SHA1
09382022a9a6383eca2b297ccf5b3fc619a34345

SHA256
68a9879f49efa9c12d3c4e67e61ca9421a7c77a3ca3c318e13155c281510f2e2

SHA512
6f15eb1c3e55ec20f2b58dc89e526a3461f10772ad6789142c938f7b583f690d1ef5600aaf45f32000dbb4132b1e31f7c4a962924d200ff13416fea4a58eec4c

Download Submit
C:\Windows\system\JWsyCZD.exe

Filesize
6.0MB

MD5
8de5b621d1489f1ef20b2854a8224401

SHA1
e25e5ab80236e4c84de8bf71c6a41193b773f8c9

SHA256
ff0085b80629d4e97d013c2e7d55e0f990a1ba5b8333482a028699f76cb30de9

SHA512
d87c58efa8c6bcb36da1dab3b26b7b91505e3bf4c9ca97552bb9b56f9fbef60e99e88bb6764cac36b09934b49d13a6a2794aaa7f815f03cc6e16a8523df65cd1

Download Submit
C:\Windows\system\OpTqrah.exe

Filesize
6.0MB

MD5
b3039d1c091e81735b90fa11d848a552

SHA1
16b03c3cfb5a44438304bb7ca2bb81afc03126c6

SHA256
c61454ab6b670197ea5c287b0e4beb31c938a74db168e8d11b618935db7bde5c

SHA512
78be1aef83a92d9d12e22fa7399065d2ca6262872d663abb32b57e6784f169d2ae690553313269d2dc7a6e70fb9f832d01ba710a7064a11103468edf3d9804bd

Download Submit
C:\Windows\system\UARNkJO.exe

Filesize
6.0MB

MD5
e13421c19179a8170b118a79abce5426

SHA1
410abab244479ef8d62c647814d75f3540fee096

SHA256
d75dde8e405d7b6483a4e406402b86263013e8bb54132cc94287363331d3c1d3

SHA512
e73bb5d602b16fe1636950776150e756dab15644bf1a1020aecd8fbd4d98ea335ed5ad0c755052bb6852b9616106707ccbc940e23441227fb692869d39de3299

Download Submit
C:\Windows\system\WOwOkgI.exe

Filesize
6.0MB

MD5
7ae39ca1e7a4644f2d2a3865a6dedd7c

SHA1
39f7007cf9b3c8ee376917a09a61427e29f8cb0a

SHA256
3f53651666ecb8711541d212f93f4d7775354869f82e7dc621240a00a0e07138

SHA512
dd6f9b7053366a992c2f29bbfab3150794112c8ae9b8c60e9ff218f8079c7058d6f4fbf9fd5ac69b6518da39e02006bd39a2897ec620f0836a9808b7140b7a1a

Download Submit
C:\Windows\system\WireYpe.exe

Filesize
6.0MB

MD5
f216fa63eaf77d6573a9af97ef83f900

SHA1
1dd1b7d5975fd661128fd25c49b7f1d8221d807a

SHA256
3a6af9841746aef59764243ea07a17b64dc2321d89d16c5a203870965b813de1

SHA512
c4d985493cc5968489c18a48ef1285299e4e6735c1fc568b2d07e5a40e0df0d4dd9f6fbf2eb26bfbf538059842f67d9caabbb4620e50fc6d004b8922349593e0

Download Submit
C:\Windows\system\XPxmRVR.exe

Filesize
6.0MB

MD5
07b43e7a9e352edf2efbd98e87adcf49

SHA1
125e775155fbc297252576983c68c17d5f3716d0

SHA256
3c7b6f78c5bb4d029a266c55bbb19e9a242ae221d98337d780293e3c8e06e901

SHA512
86e761e786bf8e2d9891a793f05e7e6dfbab7464037a53003f069e937bec3917942fb144e8fd773cdfeee930426c37b41af2e2542446f13a38c869f986619f66

Download Submit
C:\Windows\system\YqsCUeK.exe

Filesize
6.0MB

MD5
d8abc189afcba6f63c0d564fe6f2ffaa

SHA1
068da74c4aefcd8bc7d21b62b59011065bd38308

SHA256
66160fa0a326e78f451e2919e8907be0fbb0e50e681d1f8c4be3ea15e6ecbef3

SHA512
082f813cee0ee54ce16b2513f5514d6e3212312bd6414ff7fcbabb9dc8718a2cb985acf25a95d74cbebde64f9186edfff9620b4d16ae69865219c6d766c30353

Download Submit
C:\Windows\system\dVLsfHK.exe

Filesize
6.0MB

MD5
e0cc75f57c1455708e804d2c2687711b

SHA1
5eb222361e48d0c5df54d04b1a0393552f5c0685

SHA256
51900a1226950aa6bae2d730453158541c053996c916355149701c2d88269205

SHA512
06a24989d585c81acf3078cf5118af9b3cb92e00a3f8dae33edcb22310a7edb91654ef929fa39e4fb970280982e3281eb4f2c622f65248088690414242b99679

Download Submit
C:\Windows\system\ezvKyXc.exe

Filesize
6.0MB

MD5
10dc481b404c3672bd1e4b76f5382de0

SHA1
b4839531646e2669523b80c7eb53697864c68d59

SHA256
58feb9085d5a30ffd53bdd40666258c584821bb84eb2dfd645911d3b649cea0a

SHA512
910946aaa5f3ffea66b2e1028c46bf4a069f2ebd64bbd378078467adbf6313b614d4e8ba14953604537ced03b43f7cd49a9cc581dba960da6399ed6b24b864a2

Download Submit
C:\Windows\system\gfwxvoz.exe

Filesize
6.0MB

MD5
624bedfa6bcf3f952a1c7aa2c693d16e

SHA1
90ee9394168d4cce7cf70dc432c120ff7b4d770f

SHA256
0753838f423ea2f7d8306dc13452d09ec3ce7b4acdf1b2f77b329f7822817369

SHA512
1c0756d46bedd671cee77624a1c83c2fdab1f352ff3c386184908f4b06da84af4a405b73473d7badce264fbd3c69eb072ff8df8034510de3f021bcd8a03fdfcf

Download Submit
C:\Windows\system\hTizGfG.exe

Filesize
6.0MB

MD5
af9d6e320630b3e337c1c4e8981bf90d

SHA1
d37880b1436dccb109aadd666a55f743cf9d5b3c

SHA256
8a36460c28245612eba8783732177fa1ae8ed7804f239bbc01d82464a10fea72

SHA512
4463a0aa55f75880dca89e91988e32cef3b86b166ef7ad702c61d776f64b85e900427a2aef278e1f8f15a2596cc3a6232942fab897b5e567b2efec3ac81579f8

Download Submit
C:\Windows\system\hZPOsYG.exe

Filesize
6.0MB

MD5
4c4cda83d31a4de40db8a5b4a35fd462

SHA1
216783c085571f93c0902589356ffe77a96a4743

SHA256
779cab822568635628762551c10d3dda3569ccf890916c62f23ddbc8f59b38e2

SHA512
b29346c9388247574887bb3e7eeba04909aa3ea9a78ab76b67e1d1e36681e3bc9d5e7b7a9db9bb69e48c542f8745b8d87c5a69898ffeae8ead456180c93f12d5

Download Submit
C:\Windows\system\kUjSiIQ.exe

Filesize
6.0MB

MD5
0e332068931ed5fae9e4429c4d33264c

SHA1
99e3f41cbc12d1737757ac2a7d4da7e1fbc6d023

SHA256
31c1d6c446c6d222afc5ed4b0fe934068262a87672bf09d8b68375c5a155ee17

SHA512
64606818f56e9c8a402c41e848645e0df45e95953f688ec5a2835bc6000b31cfee1918b30b782c204965a3b1f1ee397fa060897ba2e88be2d03b47a5974ad0f4

Download Submit
C:\Windows\system\opRdmjQ.exe

Filesize
6.0MB

MD5
6377ff669c77c42f6f55fb05142a25fa

SHA1
f3d343e7b95a0e1254abe55bcb31ebf9535cb2f6

SHA256
12811c2db85c22d38c2dea9ef1a056f0751314088be7e9518a168b8b9e141a0f

SHA512
068f074d77e04a7e45d1be6728e0e91259ad8491fc8c0dfac922987f58d73b504efef1b0250f4060d64dfcbf1cd919f28f8d33bf61d755f8a5f04216f8752d37

Download Submit
C:\Windows\system\pBFoAWr.exe

Filesize
6.0MB

MD5
f06c7ef0b3194984eeef1e0b13d71ffe

SHA1
778f284238f02a663a7b3e0816b952441ab70ff7

SHA256
b3a5aab7de195b54329b1775167c362d3a7a06b80c62add3cb9cf7e190638171

SHA512
4d89278f38557eeb94d552b08c29e44073aa349b3082fd6211ba9fa5ecec083e02f7f88142c00be507753a54df6443e0a863c83bc209cff868049a8824908ecf

Download Submit
C:\Windows\system\qMTMbBb.exe

Filesize
6.0MB

MD5
414d235b8529d1ee4264b6890a594044

SHA1
b8e3338ac1180ff5ff83a1d320edddb289fcb642

SHA256
1ce8aa1e2535be398e07f13cadf7d35fb22b067d49aa3dc595d032c5bf03e2f8

SHA512
1e66cf4ea8538503ed639fff39465f14f146f8cf13f73f72fd6980be4259537feef4d2083bd0bcaae28245ef1023e4aeb93c479c19d629e73249ce67087e1781

Download Submit
C:\Windows\system\sXadKyu.exe

Filesize
6.0MB

MD5
6004a4c82acebd50b22083919207f166

SHA1
c788ed87a89483844cf7bc3e404ec818e138d75e

SHA256
187252773265e60e1dc9aba21fab3d38a5d596057f6aae537f4e6ac5042cd535

SHA512
5ea681898d8108cd8ac8c62ef0ed0f4d0dfcf4c7d60eadf8050579de373ba2218dd0bafa73a2fead0057f15b72e5fc9cb1af573538aa91802f0ad7632046f1d1

Download Submit
C:\Windows\system\vSegvpE.exe

Filesize
6.0MB

MD5
593469521f29fd3f15405ca77518aabb

SHA1
19bf990c70fd9c1f156cff09756de4849a8845f8

SHA256
473093a7dfae6f83ec18af146ac83e3b7fd4def6ab686fa639e2f98879ca8009

SHA512
552b7497c4a7eb3419ec2dac0ccbe0e271827f74e825c1f3e2ff6858c37ede37269558e37b34d09d44fb27e34335e6eb7cb3b88d9bb2e58868e7f1e4a65d4041

Download Submit
C:\Windows\system\wkZDMKH.exe

Filesize
6.0MB

MD5
21f0e0a80e2a4b94a7bfd1aaccd5363c

SHA1
d219bc9154036d5cdb3894bfbd755576d824f067

SHA256
46fabd88c068678fdbc5f18bc875c3a423fc03b9f70cb32de6467c08cd5068c3

SHA512
bcc14befe20b6107ca8fb10e97855937374397336dd092255a1019775749bad07b1219a25fac8c7c9f346c6dcf42e26ccf851a38dede587ca3d5691e30687f5a

Download Submit
C:\Windows\system\wzxcMkk.exe

Filesize
6.0MB

MD5
6cbddd086460256459ac8ae4cdc049c0

SHA1
bae24ef4a202e3bae8f4dbdb67b2452081b57d01

SHA256
a9c529099c09ba842b52dc4f523f5782673dcddb3822b6bef3b5d57ca91942fb

SHA512
645c7438b352f8d50de3107b6857872429b5a52230b187c5d9d0de776815218a70ac53a3f665c50a8b9b597403f1f7f3b2ffa3a5f866da72257e4b824973d3fe

Download Submit
C:\Windows\system\zfwAapr.exe

Filesize
6.0MB

MD5
8b06f6dfbb2868cfe190694949c737df

SHA1
5acb7c38906cf628e44a490ba1137b8b5e01c775

SHA256
15e952375220a93619207a072b7192e919da41962b8bf39e12e1721bc7b821f6

SHA512
9d57b3b3f8eed8ac93966653d02d1d90eabb1b384673205a8a166a74cee607952768979f848aef9b6f502033ff45323de5c2a188dbb785ab29defee6dc44d1c6

Download Submit
\Windows\system\EakBewg.exe

Filesize
6.0MB

MD5
9110dc0509b24790ace83309ec7e3fee

SHA1
43f9d3c736eebae1cfbee66d138af43cd70491ec

SHA256
cef5d8dc789243cd95ba77682d81fc35fa5fefa4b036d6e7511710fa1d2a5216

SHA512
07265855c902a5563899252964f67d160371b245da1be668db2ec46922c7de2d268da0969b20635d2bf83dce79c3e1ef1ecad11f080d7062cd991217615e3cee

Download Submit
\Windows\system\SwUWLyy.exe

Filesize
6.0MB

MD5
9a6fd156c63a90ed4816144374c3f9b2

SHA1
4da58dc67e3c2332bba5e26f7217dc1e134e2c8b

SHA256
514f43b9cdd68e3f3fed05a6286449b4f4f112fcc4c636ab1d634ddaeaa31cb3

SHA512
989961dec52aecd9f0c06eedbef51f1620569c93a538c0ed7b70b52ceab715578cdc9a4b4cf833b232bb3015178ae18a76302e41c10762f26f1d23ba1553e253

Download Submit
\Windows\system\YxAnllr.exe

Filesize
6.0MB

MD5
3b76afa16fa66dca02daec483bc9005b

SHA1
dda2e3cb5cb198f7e9db16ae2e6885027523b54b

SHA256
adf11e5741233a2c2309b7d74b34ad8c277ff89e3063d6685ed5298e5c6d042e

SHA512
ae4d00aaf9f5a78d42d80987b15219f64ca61be8ba88be2a1dd69dffa3c2cb9ab800de8c3212c0bd8bed47d1a2a06d0489ef8e3ceeb7e71371b0c0ae6466770a

Download Submit
\Windows\system\nBhfNUB.exe

Filesize
6.0MB

MD5
69ffec96ddf19c6640703e3076f11c7e

SHA1
1bd09008629d7529ba9b2d28fa50287cacc11a5b

SHA256
5e919f4b67d38bf68870ec7b357fb871e08b819398a49af4436345bd6dea9e88

SHA512
a07f837a36b8136936739a175bd753119a4f5f97d4637febadf85a56f4c3ea681ca44a47565c2901fafa3e775477bf44e074fbfa57d3fb6d24ff7f83288e5eb3

Download Submit
\Windows\system\sLXdBhQ.exe

Filesize
6.0MB

MD5
54d3613c96959cbc7ee42695ab6c8d4e

SHA1
96070925e24e210363a29115c633ee20cba8a7b2

SHA256
adb4c9ad844e235c1c4c38c960a3af3ae6bb6bcff8464d5fc506ee5fc8a97a5d

SHA512
3fb5028b36e3e0bb54783dfa85fef980bd047d15c41315f605a12e9b9580580e40b16f074ea0573e737a4ea3107bc3a8aca9e32fc5b0f5effd09e8e5ab5d3d8d

Download Submit
\Windows\system\xEufQRq.exe

Filesize
6.0MB

MD5
e0ee87b93f3486662e0caa658670551f

SHA1
418539ee70e284a69b3a531f79e1bd3dc1a7843f

SHA256
c8173e333ec6789184a4eabc3c8db5c43fd4077d10afa14e1ab77bdf7d4ba8b5

SHA512
7c0e6bcde960b0067bd70768a59d7c07ccc0f7397f33e0831385826b05c9d7f458695217dd59a7446078b7a282c695fb4fb9c92cbd696ad5a256c17fb7200d85

Download Submit
memory/1748-5044-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/1748-77-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2056-4985-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2056-102-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2156-5008-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2156-91-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2464-5010-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2464-83-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2532-79-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2532-5009-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2636-1088-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2636-86-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2636-98-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2636-96-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2636-0-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2636-94-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2636-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2636-92-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2636-973-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2636-90-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2636-73-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2636-88-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2636-104-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2636-78-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2636-861-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2636-84-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2636-100-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2636-82-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2636-103-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2636-80-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2732-95-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2732-5006-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2840-85-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2840-4998-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2864-99-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2864-4984-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2912-4996-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-97-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-89-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2948-5043-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2964-87-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2964-5007-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2976-101-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2976-5001-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/3024-4999-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/3024-93-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/3060-4997-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/3060-81-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download