cobaltstrike | ea9371a52a266973e5c2034275770cb416f93a542bc27d6097801c56ae6733eb

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-12-2024 10:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

96c3ed416412a25c1f453ab0e9c8898d
SHA1

0497d805673c979b606a58b5a8784470a36b1096
SHA256

ea9371a52a266973e5c2034275770cb416f93a542bc27d6097801c56ae6733eb
SHA512

67f4e0e4998b1f2c797895705b87a479316780892ed0bbf01ca6f114ba47c86e1c9f738a6767baa2366a21b4b4f1c73c97413c7beb2d5f6162852b92dbc4c01d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU3:T+q56utgpPF8u/73

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120ff-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016858-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016652-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016b17-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c76-37.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cf8-48.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c81-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-60.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-91.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ea-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-194.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019589-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953a-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019503-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019501-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f6-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f2-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-139.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-102.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016311-87.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-80.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016bfc-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2212-0-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120ff-6.dat	xmrig
behavioral1/files/0x0008000000016858-18.dat	xmrig
behavioral1/files/0x0007000000016652-10.dat	xmrig
behavioral1/memory/2212-22-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/3040-21-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/1664-19-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x0007000000016b17-23.dat	xmrig
behavioral1/memory/2320-28-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c76-37.dat	xmrig
behavioral1/memory/2748-44-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/files/0x0008000000016cf8-48.dat	xmrig
behavioral1/files/0x0007000000016c81-45.dat	xmrig
behavioral1/memory/2776-59-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2320-66-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2212-67-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/memory/2716-69-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2212-64-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2848-63-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019384-60.dat	xmrig
behavioral1/files/0x00050000000193a2-65.dat	xmrig
behavioral1/memory/3040-58-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2872-76-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/1156-75-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2212-54-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/1664-52-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2212-42-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/memory/2736-82-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c9-91.dat	xmrig
behavioral1/memory/1140-95-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/1308-103-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/files/0x00050000000193fa-109.dat	xmrig
behavioral1/files/0x00050000000194ea-144.dat	xmrig
behavioral1/memory/2736-470-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/1308-992-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/1140-810-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2120-687-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2212-373-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001961f-194.dat	xmrig
behavioral1/files/0x0005000000019589-184.dat	xmrig
behavioral1/files/0x000500000001961b-189.dat	xmrig
behavioral1/files/0x000500000001957c-178.dat	xmrig
behavioral1/files/0x000500000001953a-174.dat	xmrig
behavioral1/files/0x0005000000019515-169.dat	xmrig
behavioral1/files/0x0005000000019503-164.dat	xmrig
behavioral1/files/0x0005000000019501-160.dat	xmrig
behavioral1/files/0x00050000000194f6-154.dat	xmrig
behavioral1/files/0x00050000000194f2-149.dat	xmrig
behavioral1/files/0x00050000000194e2-139.dat	xmrig
behavioral1/files/0x00050000000194da-134.dat	xmrig
behavioral1/files/0x00050000000194a7-124.dat	xmrig
behavioral1/files/0x00050000000194d4-129.dat	xmrig
behavioral1/files/0x0005000000019494-119.dat	xmrig
behavioral1/files/0x0005000000019408-114.dat	xmrig
behavioral1/memory/2716-106-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x00050000000193f8-102.dat	xmrig
behavioral1/memory/2120-88-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016311-87.dat	xmrig
behavioral1/memory/2748-81-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/files/0x00050000000193af-80.dat	xmrig
behavioral1/memory/2212-85-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2212-38-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/1156-36-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/files/0x0007000000016bfc-33.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1920	UNjhxET.exe
1664	PifzfJn.exe
3040	HWQLNwD.exe
2320	Asnyrss.exe
1156	nOsuSGf.exe
2748	fqCrFbW.exe
2776	ldFvsIk.exe
2848	kvPXIDQ.exe
2716	qcKZMHi.exe
2872	iZKKXVA.exe
2736	yqsmFdV.exe
2120	ZtTplBb.exe
1140	HERddoU.exe
1308	WhLCpxt.exe
1928	TJuQPtU.exe
1868	DGhliEa.exe
2512	mPfftTc.exe
1616	uuNBqev.exe
1996	vfrLGFG.exe
1944	rqBtKxH.exe
2032	SDzRCWi.exe
2936	wBkmQOQ.exe
2912	GYvBxqt.exe
2296	usOzfab.exe
2656	XqRzhVu.exe
2208	aHDUQZb.exe
2944	zRkBLiD.exe
1860	fsySJAE.exe
1068	IenWOEz.exe
3004	ybaJoGb.exe
1596	ACLvufB.exe
1052	eEfkaNs.exe
688	VqtPfQh.exe
2424	KeVnukb.exe
624	ewEAHsU.exe
852	KRhxYfs.exe
1948	UZnxNyb.exe
1232	aBIDvRg.exe
1060	TJntndA.exe
916	mcvpoLg.exe
2288	QFTJIxp.exe
540	HzRzLmh.exe
2164	pKVCmnr.exe
2568	TSNsRal.exe
2256	Legfmfs.exe
2352	tvgoJsv.exe
2268	CpvySnz.exe
2012	tdWvjFI.exe
2008	QWkLdhx.exe
2056	rvhLgYM.exe
2428	hwbKELd.exe
2144	jCvwxKC.exe
1576	oWMOIar.exe
2416	GnDwWhE.exe
2148	DHhFsyg.exe
488	KBjKGHQ.exe
2820	xNUOBZe.exe
2740	rsvLtqM.exe
2236	zcPTFOs.exe
3060	sfJEGXu.exe
1440	yuQuydk.exe
1932	jUfMnfi.exe
1900	HhzheMc.exe
1320	OZWVNTf.exe

Loads dropped DLL 64 IoCs

pid	Process
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2212-0-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x00080000000120ff-6.dat	upx
behavioral1/files/0x0008000000016858-18.dat	upx
behavioral1/files/0x0007000000016652-10.dat	upx
behavioral1/memory/3040-21-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/1664-19-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x0007000000016b17-23.dat	upx
behavioral1/memory/2320-28-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x0007000000016c76-37.dat	upx
behavioral1/memory/2748-44-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/files/0x0008000000016cf8-48.dat	upx
behavioral1/files/0x0007000000016c81-45.dat	upx
behavioral1/memory/2776-59-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2320-66-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2212-67-0x00000000023B0000-0x0000000002704000-memory.dmp	upx
behavioral1/memory/2716-69-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2848-63-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/files/0x0005000000019384-60.dat	upx
behavioral1/files/0x00050000000193a2-65.dat	upx
behavioral1/memory/3040-58-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2872-76-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/1156-75-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/1664-52-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2736-82-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x00050000000193c9-91.dat	upx
behavioral1/memory/1140-95-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/1308-103-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/files/0x00050000000193fa-109.dat	upx
behavioral1/files/0x00050000000194ea-144.dat	upx
behavioral1/memory/2736-470-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/1308-992-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/1140-810-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2120-687-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x000500000001961f-194.dat	upx
behavioral1/files/0x0005000000019589-184.dat	upx
behavioral1/files/0x000500000001961b-189.dat	upx
behavioral1/files/0x000500000001957c-178.dat	upx
behavioral1/files/0x000500000001953a-174.dat	upx
behavioral1/files/0x0005000000019515-169.dat	upx
behavioral1/files/0x0005000000019503-164.dat	upx
behavioral1/files/0x0005000000019501-160.dat	upx
behavioral1/files/0x00050000000194f6-154.dat	upx
behavioral1/files/0x00050000000194f2-149.dat	upx
behavioral1/files/0x00050000000194e2-139.dat	upx
behavioral1/files/0x00050000000194da-134.dat	upx
behavioral1/files/0x00050000000194a7-124.dat	upx
behavioral1/files/0x00050000000194d4-129.dat	upx
behavioral1/files/0x0005000000019494-119.dat	upx
behavioral1/files/0x0005000000019408-114.dat	upx
behavioral1/memory/2716-106-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x00050000000193f8-102.dat	upx
behavioral1/memory/2120-88-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x0009000000016311-87.dat	upx
behavioral1/memory/2748-81-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/files/0x00050000000193af-80.dat	upx
behavioral1/memory/2212-38-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/1156-36-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/files/0x0007000000016bfc-33.dat	upx
behavioral1/memory/1920-9-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/3040-4019-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2320-4020-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/1664-4021-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/1156-4022-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2748-4023-0x000000013F740000-0x000000013FA94000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MbgLFKu.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eohNYUn.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MfhGYfp.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aqigXcC.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\twnokEn.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ArOPimd.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ytsPAbS.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EOXqewE.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aBIDvRg.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzFfaqy.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lTVtUZT.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nBpUrkO.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FVGdAda.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QXPfaOp.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzFHQOO.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KFhwkih.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IPESnzz.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LVaECiN.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xCMmBif.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mwvJQlO.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vNKcIZD.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FECikVl.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SKcGGML.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lHSpoQf.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aguWgQs.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MHMsQBf.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SAeseoD.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SDzRCWi.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lSdgjvE.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LGGcpnp.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TwwhkuR.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHvZAPa.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xfjyvtB.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dZUIGpI.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rqBtKxH.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TJntndA.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nJkZvJL.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gvKVXaK.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MqluhQw.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nFiaJRq.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zKaAWDO.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RLPpFmi.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NAgyECK.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mzEClxt.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OAQDrYx.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FCdSYrw.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EPCdZPw.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XYYxjxh.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qcKZMHi.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnVLhaL.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvvAygz.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CMGkfFh.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gdLDREm.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CjKIMkE.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DQEuwCH.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DSlCvXq.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qYYXBBc.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ChnSBDS.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\STIjWrX.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btCDChN.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KeVnukb.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KRhxYfs.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hedCaGw.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QFdhGHC.exe	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 1920	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2212 wrote to memory of 1920	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2212 wrote to memory of 1920	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2212 wrote to memory of 1664	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2212 wrote to memory of 1664	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2212 wrote to memory of 1664	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2212 wrote to memory of 3040	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2212 wrote to memory of 3040	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2212 wrote to memory of 3040	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2212 wrote to memory of 2320	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2212 wrote to memory of 2320	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2212 wrote to memory of 2320	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2212 wrote to memory of 1156	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2212 wrote to memory of 1156	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2212 wrote to memory of 1156	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2212 wrote to memory of 2748	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2212 wrote to memory of 2748	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2212 wrote to memory of 2748	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2212 wrote to memory of 2848	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2212 wrote to memory of 2848	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2212 wrote to memory of 2848	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2212 wrote to memory of 2776	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2212 wrote to memory of 2776	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2212 wrote to memory of 2776	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2212 wrote to memory of 2716	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2212 wrote to memory of 2716	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2212 wrote to memory of 2716	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2212 wrote to memory of 2872	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2212 wrote to memory of 2872	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2212 wrote to memory of 2872	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2212 wrote to memory of 2736	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2212 wrote to memory of 2736	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2212 wrote to memory of 2736	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2212 wrote to memory of 2120	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2212 wrote to memory of 2120	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2212 wrote to memory of 2120	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2212 wrote to memory of 1140	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2212 wrote to memory of 1140	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2212 wrote to memory of 1140	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2212 wrote to memory of 1308	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2212 wrote to memory of 1308	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2212 wrote to memory of 1308	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2212 wrote to memory of 1928	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2212 wrote to memory of 1928	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2212 wrote to memory of 1928	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2212 wrote to memory of 1868	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2212 wrote to memory of 1868	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2212 wrote to memory of 1868	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2212 wrote to memory of 2512	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2212 wrote to memory of 2512	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2212 wrote to memory of 2512	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2212 wrote to memory of 1616	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2212 wrote to memory of 1616	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2212 wrote to memory of 1616	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2212 wrote to memory of 1996	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2212 wrote to memory of 1996	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2212 wrote to memory of 1996	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2212 wrote to memory of 1944	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2212 wrote to memory of 1944	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2212 wrote to memory of 1944	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2212 wrote to memory of 2032	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2212 wrote to memory of 2032	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2212 wrote to memory of 2032	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2212 wrote to memory of 2936	2212	2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-09_96c3ed416412a25c1f453ab0e9c8898d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\System\UNjhxET.exe
  C:\Windows\System\UNjhxET.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\PifzfJn.exe
  C:\Windows\System\PifzfJn.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\HWQLNwD.exe
  C:\Windows\System\HWQLNwD.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\Asnyrss.exe
  C:\Windows\System\Asnyrss.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\nOsuSGf.exe
  C:\Windows\System\nOsuSGf.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\fqCrFbW.exe
  C:\Windows\System\fqCrFbW.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\kvPXIDQ.exe
  C:\Windows\System\kvPXIDQ.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\ldFvsIk.exe
  C:\Windows\System\ldFvsIk.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\qcKZMHi.exe
  C:\Windows\System\qcKZMHi.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\iZKKXVA.exe
  C:\Windows\System\iZKKXVA.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\yqsmFdV.exe
  C:\Windows\System\yqsmFdV.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\ZtTplBb.exe
  C:\Windows\System\ZtTplBb.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\HERddoU.exe
  C:\Windows\System\HERddoU.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\WhLCpxt.exe
  C:\Windows\System\WhLCpxt.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\TJuQPtU.exe
  C:\Windows\System\TJuQPtU.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\DGhliEa.exe
  C:\Windows\System\DGhliEa.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\mPfftTc.exe
  C:\Windows\System\mPfftTc.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\uuNBqev.exe
  C:\Windows\System\uuNBqev.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\vfrLGFG.exe
  C:\Windows\System\vfrLGFG.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\rqBtKxH.exe
  C:\Windows\System\rqBtKxH.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\SDzRCWi.exe
  C:\Windows\System\SDzRCWi.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\wBkmQOQ.exe
  C:\Windows\System\wBkmQOQ.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\GYvBxqt.exe
  C:\Windows\System\GYvBxqt.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\usOzfab.exe
  C:\Windows\System\usOzfab.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\XqRzhVu.exe
  C:\Windows\System\XqRzhVu.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\aHDUQZb.exe
  C:\Windows\System\aHDUQZb.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\zRkBLiD.exe
  C:\Windows\System\zRkBLiD.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\fsySJAE.exe
  C:\Windows\System\fsySJAE.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\IenWOEz.exe
  C:\Windows\System\IenWOEz.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\ybaJoGb.exe
  C:\Windows\System\ybaJoGb.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\ACLvufB.exe
  C:\Windows\System\ACLvufB.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\eEfkaNs.exe
  C:\Windows\System\eEfkaNs.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\VqtPfQh.exe
  C:\Windows\System\VqtPfQh.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\KeVnukb.exe
  C:\Windows\System\KeVnukb.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\ewEAHsU.exe
  C:\Windows\System\ewEAHsU.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\KRhxYfs.exe
  C:\Windows\System\KRhxYfs.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\UZnxNyb.exe
  C:\Windows\System\UZnxNyb.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\aBIDvRg.exe
  C:\Windows\System\aBIDvRg.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\TJntndA.exe
  C:\Windows\System\TJntndA.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\mcvpoLg.exe
  C:\Windows\System\mcvpoLg.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\QFTJIxp.exe
  C:\Windows\System\QFTJIxp.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\HzRzLmh.exe
  C:\Windows\System\HzRzLmh.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\pKVCmnr.exe
  C:\Windows\System\pKVCmnr.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\TSNsRal.exe
  C:\Windows\System\TSNsRal.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\Legfmfs.exe
  C:\Windows\System\Legfmfs.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\tvgoJsv.exe
  C:\Windows\System\tvgoJsv.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\CpvySnz.exe
  C:\Windows\System\CpvySnz.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\tdWvjFI.exe
  C:\Windows\System\tdWvjFI.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\QWkLdhx.exe
  C:\Windows\System\QWkLdhx.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\rvhLgYM.exe
  C:\Windows\System\rvhLgYM.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\hwbKELd.exe
  C:\Windows\System\hwbKELd.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\jCvwxKC.exe
  C:\Windows\System\jCvwxKC.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\oWMOIar.exe
  C:\Windows\System\oWMOIar.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\DHhFsyg.exe
  C:\Windows\System\DHhFsyg.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\GnDwWhE.exe
  C:\Windows\System\GnDwWhE.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\KBjKGHQ.exe
  C:\Windows\System\KBjKGHQ.exe
  2⤵
  - Executes dropped EXE
  PID:488
- C:\Windows\System\xNUOBZe.exe
  C:\Windows\System\xNUOBZe.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\rsvLtqM.exe
  C:\Windows\System\rsvLtqM.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\zcPTFOs.exe
  C:\Windows\System\zcPTFOs.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\sfJEGXu.exe
  C:\Windows\System\sfJEGXu.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\yuQuydk.exe
  C:\Windows\System\yuQuydk.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\HhzheMc.exe
  C:\Windows\System\HhzheMc.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\jUfMnfi.exe
  C:\Windows\System\jUfMnfi.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\OZWVNTf.exe
  C:\Windows\System\OZWVNTf.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\BrKUOYo.exe
  C:\Windows\System\BrKUOYo.exe
  2⤵
  PID:2016
- C:\Windows\System\iPRbhQD.exe
  C:\Windows\System\iPRbhQD.exe
  2⤵
  PID:2000
- C:\Windows\System\DziRQYM.exe
  C:\Windows\System\DziRQYM.exe
  2⤵
  PID:1508
- C:\Windows\System\rqOkRup.exe
  C:\Windows\System\rqOkRup.exe
  2⤵
  PID:2464
- C:\Windows\System\sEuODXJ.exe
  C:\Windows\System\sEuODXJ.exe
  2⤵
  PID:2140
- C:\Windows\System\vuVeyRP.exe
  C:\Windows\System\vuVeyRP.exe
  2⤵
  PID:3048
- C:\Windows\System\gnElfPp.exe
  C:\Windows\System\gnElfPp.exe
  2⤵
  PID:2712
- C:\Windows\System\KiptyJi.exe
  C:\Windows\System\KiptyJi.exe
  2⤵
  PID:2524
- C:\Windows\System\XUkhCZq.exe
  C:\Windows\System\XUkhCZq.exe
  2⤵
  PID:1748
- C:\Windows\System\CrLazer.exe
  C:\Windows\System\CrLazer.exe
  2⤵
  PID:2172
- C:\Windows\System\ZiQhJVv.exe
  C:\Windows\System\ZiQhJVv.exe
  2⤵
  PID:1972
- C:\Windows\System\yKdpaqD.exe
  C:\Windows\System\yKdpaqD.exe
  2⤵
  PID:1792
- C:\Windows\System\fllJmof.exe
  C:\Windows\System\fllJmof.exe
  2⤵
  PID:1516
- C:\Windows\System\VFtAiYA.exe
  C:\Windows\System\VFtAiYA.exe
  2⤵
  PID:816
- C:\Windows\System\oEpdEVW.exe
  C:\Windows\System\oEpdEVW.exe
  2⤵
  PID:2764
- C:\Windows\System\eFdCbir.exe
  C:\Windows\System\eFdCbir.exe
  2⤵
  PID:2168
- C:\Windows\System\vKBSEFs.exe
  C:\Windows\System\vKBSEFs.exe
  2⤵
  PID:1976
- C:\Windows\System\fkdPooM.exe
  C:\Windows\System\fkdPooM.exe
  2⤵
  PID:1744
- C:\Windows\System\SUNkHpl.exe
  C:\Windows\System\SUNkHpl.exe
  2⤵
  PID:1572
- C:\Windows\System\DjRVjDd.exe
  C:\Windows\System\DjRVjDd.exe
  2⤵
  PID:2364
- C:\Windows\System\QOHBKUU.exe
  C:\Windows\System\QOHBKUU.exe
  2⤵
  PID:2136
- C:\Windows\System\wbnlnmI.exe
  C:\Windows\System\wbnlnmI.exe
  2⤵
  PID:2284
- C:\Windows\System\qmakmJN.exe
  C:\Windows\System\qmakmJN.exe
  2⤵
  PID:2648
- C:\Windows\System\mzEClxt.exe
  C:\Windows\System\mzEClxt.exe
  2⤵
  PID:2544
- C:\Windows\System\VwUIqCO.exe
  C:\Windows\System\VwUIqCO.exe
  2⤵
  PID:2540
- C:\Windows\System\AQvqlab.exe
  C:\Windows\System\AQvqlab.exe
  2⤵
  PID:2516
- C:\Windows\System\ygDuwRD.exe
  C:\Windows\System\ygDuwRD.exe
  2⤵
  PID:1588
- C:\Windows\System\VrQIFAL.exe
  C:\Windows\System\VrQIFAL.exe
  2⤵
  PID:1524
- C:\Windows\System\KMJbwBq.exe
  C:\Windows\System\KMJbwBq.exe
  2⤵
  PID:2160
- C:\Windows\System\hullsHC.exe
  C:\Windows\System\hullsHC.exe
  2⤵
  PID:2604
- C:\Windows\System\ACGdVAJ.exe
  C:\Windows\System\ACGdVAJ.exe
  2⤵
  PID:1536
- C:\Windows\System\jXBRjNN.exe
  C:\Windows\System\jXBRjNN.exe
  2⤵
  PID:604
- C:\Windows\System\cZyYqRd.exe
  C:\Windows\System\cZyYqRd.exe
  2⤵
  PID:1376
- C:\Windows\System\LVtovGH.exe
  C:\Windows\System\LVtovGH.exe
  2⤵
  PID:1644
- C:\Windows\System\cPkrYPc.exe
  C:\Windows\System\cPkrYPc.exe
  2⤵
  PID:2232
- C:\Windows\System\mTNSzCk.exe
  C:\Windows\System\mTNSzCk.exe
  2⤵
  PID:1224
- C:\Windows\System\pXlzLQO.exe
  C:\Windows\System\pXlzLQO.exe
  2⤵
  PID:2020
- C:\Windows\System\bihgqhU.exe
  C:\Windows\System\bihgqhU.exe
  2⤵
  PID:2028
- C:\Windows\System\SUYsaRa.exe
  C:\Windows\System\SUYsaRa.exe
  2⤵
  PID:2972
- C:\Windows\System\OHmgZDt.exe
  C:\Windows\System\OHmgZDt.exe
  2⤵
  PID:2976
- C:\Windows\System\JwJquGe.exe
  C:\Windows\System\JwJquGe.exe
  2⤵
  PID:2720
- C:\Windows\System\LluFgJd.exe
  C:\Windows\System\LluFgJd.exe
  2⤵
  PID:2452
- C:\Windows\System\deyXqfa.exe
  C:\Windows\System\deyXqfa.exe
  2⤵
  PID:1980
- C:\Windows\System\zZCyTzt.exe
  C:\Windows\System\zZCyTzt.exe
  2⤵
  PID:2152
- C:\Windows\System\FIyrymC.exe
  C:\Windows\System\FIyrymC.exe
  2⤵
  PID:1700
- C:\Windows\System\XuGwCiP.exe
  C:\Windows\System\XuGwCiP.exe
  2⤵
  PID:872
- C:\Windows\System\QZUyZNQ.exe
  C:\Windows\System\QZUyZNQ.exe
  2⤵
  PID:896
- C:\Windows\System\BXWipwX.exe
  C:\Windows\System\BXWipwX.exe
  2⤵
  PID:3000
- C:\Windows\System\SKcGGML.exe
  C:\Windows\System\SKcGGML.exe
  2⤵
  PID:2584
- C:\Windows\System\aggtqJJ.exe
  C:\Windows\System\aggtqJJ.exe
  2⤵
  PID:1336
- C:\Windows\System\mijkXqn.exe
  C:\Windows\System\mijkXqn.exe
  2⤵
  PID:2640
- C:\Windows\System\AnZoEGj.exe
  C:\Windows\System\AnZoEGj.exe
  2⤵
  PID:3076
- C:\Windows\System\GkApBRa.exe
  C:\Windows\System\GkApBRa.exe
  2⤵
  PID:3092
- C:\Windows\System\YpGrFAP.exe
  C:\Windows\System\YpGrFAP.exe
  2⤵
  PID:3112
- C:\Windows\System\xfxVsnZ.exe
  C:\Windows\System\xfxVsnZ.exe
  2⤵
  PID:3132
- C:\Windows\System\bufCXlq.exe
  C:\Windows\System\bufCXlq.exe
  2⤵
  PID:3152
- C:\Windows\System\mqCsqRq.exe
  C:\Windows\System\mqCsqRq.exe
  2⤵
  PID:3176
- C:\Windows\System\qJzHooS.exe
  C:\Windows\System\qJzHooS.exe
  2⤵
  PID:3196
- C:\Windows\System\uiGqLei.exe
  C:\Windows\System\uiGqLei.exe
  2⤵
  PID:3212
- C:\Windows\System\dZLsjru.exe
  C:\Windows\System\dZLsjru.exe
  2⤵
  PID:3240
- C:\Windows\System\OisrnFL.exe
  C:\Windows\System\OisrnFL.exe
  2⤵
  PID:3260
- C:\Windows\System\tSqSeGH.exe
  C:\Windows\System\tSqSeGH.exe
  2⤵
  PID:3280
- C:\Windows\System\EBgZIud.exe
  C:\Windows\System\EBgZIud.exe
  2⤵
  PID:3300
- C:\Windows\System\jkcELHu.exe
  C:\Windows\System\jkcELHu.exe
  2⤵
  PID:3320
- C:\Windows\System\VrAFbXb.exe
  C:\Windows\System\VrAFbXb.exe
  2⤵
  PID:3336
- C:\Windows\System\xbjlFKD.exe
  C:\Windows\System\xbjlFKD.exe
  2⤵
  PID:3356
- C:\Windows\System\KwsUIek.exe
  C:\Windows\System\KwsUIek.exe
  2⤵
  PID:3376
- C:\Windows\System\wxPQWYg.exe
  C:\Windows\System\wxPQWYg.exe
  2⤵
  PID:3396
- C:\Windows\System\GylnidS.exe
  C:\Windows\System\GylnidS.exe
  2⤵
  PID:3420
- C:\Windows\System\uTYmXyS.exe
  C:\Windows\System\uTYmXyS.exe
  2⤵
  PID:3440
- C:\Windows\System\pwJepnX.exe
  C:\Windows\System\pwJepnX.exe
  2⤵
  PID:3460
- C:\Windows\System\cDWEJjG.exe
  C:\Windows\System\cDWEJjG.exe
  2⤵
  PID:3480
- C:\Windows\System\eBFPMWk.exe
  C:\Windows\System\eBFPMWk.exe
  2⤵
  PID:3500
- C:\Windows\System\KxgCqhN.exe
  C:\Windows\System\KxgCqhN.exe
  2⤵
  PID:3520
- C:\Windows\System\FaxVTuk.exe
  C:\Windows\System\FaxVTuk.exe
  2⤵
  PID:3540
- C:\Windows\System\SAudoXw.exe
  C:\Windows\System\SAudoXw.exe
  2⤵
  PID:3560
- C:\Windows\System\whtiZpY.exe
  C:\Windows\System\whtiZpY.exe
  2⤵
  PID:3580
- C:\Windows\System\OvblLqI.exe
  C:\Windows\System\OvblLqI.exe
  2⤵
  PID:3600
- C:\Windows\System\wJwRpEp.exe
  C:\Windows\System\wJwRpEp.exe
  2⤵
  PID:3620
- C:\Windows\System\GneTHZv.exe
  C:\Windows\System\GneTHZv.exe
  2⤵
  PID:3640
- C:\Windows\System\yPHoPKh.exe
  C:\Windows\System\yPHoPKh.exe
  2⤵
  PID:3660
- C:\Windows\System\cOuJREo.exe
  C:\Windows\System\cOuJREo.exe
  2⤵
  PID:3680
- C:\Windows\System\eAEmVrE.exe
  C:\Windows\System\eAEmVrE.exe
  2⤵
  PID:3696
- C:\Windows\System\VydVMoc.exe
  C:\Windows\System\VydVMoc.exe
  2⤵
  PID:3720
- C:\Windows\System\DNTyQcJ.exe
  C:\Windows\System\DNTyQcJ.exe
  2⤵
  PID:3736
- C:\Windows\System\KdGOjhd.exe
  C:\Windows\System\KdGOjhd.exe
  2⤵
  PID:3756
- C:\Windows\System\EKfXzjb.exe
  C:\Windows\System\EKfXzjb.exe
  2⤵
  PID:3776
- C:\Windows\System\xCMmBif.exe
  C:\Windows\System\xCMmBif.exe
  2⤵
  PID:3800
- C:\Windows\System\JzyQHJT.exe
  C:\Windows\System\JzyQHJT.exe
  2⤵
  PID:3816
- C:\Windows\System\vhsIVNb.exe
  C:\Windows\System\vhsIVNb.exe
  2⤵
  PID:3840
- C:\Windows\System\QfkQfVi.exe
  C:\Windows\System\QfkQfVi.exe
  2⤵
  PID:3860
- C:\Windows\System\JACZqkn.exe
  C:\Windows\System\JACZqkn.exe
  2⤵
  PID:3880
- C:\Windows\System\xKgdrZx.exe
  C:\Windows\System\xKgdrZx.exe
  2⤵
  PID:3896
- C:\Windows\System\DmgvkgN.exe
  C:\Windows\System\DmgvkgN.exe
  2⤵
  PID:3924
- C:\Windows\System\XUMNgxq.exe
  C:\Windows\System\XUMNgxq.exe
  2⤵
  PID:3944
- C:\Windows\System\UirTVep.exe
  C:\Windows\System\UirTVep.exe
  2⤵
  PID:3964
- C:\Windows\System\hRNptKj.exe
  C:\Windows\System\hRNptKj.exe
  2⤵
  PID:3980
- C:\Windows\System\IzDdmKK.exe
  C:\Windows\System\IzDdmKK.exe
  2⤵
  PID:4004
- C:\Windows\System\VRxafLP.exe
  C:\Windows\System\VRxafLP.exe
  2⤵
  PID:4024
- C:\Windows\System\gPcimiZ.exe
  C:\Windows\System\gPcimiZ.exe
  2⤵
  PID:4044
- C:\Windows\System\fdRKvvd.exe
  C:\Windows\System\fdRKvvd.exe
  2⤵
  PID:4064
- C:\Windows\System\vAacGNd.exe
  C:\Windows\System\vAacGNd.exe
  2⤵
  PID:4084
- C:\Windows\System\zoQCEsp.exe
  C:\Windows\System\zoQCEsp.exe
  2⤵
  PID:2280
- C:\Windows\System\pOBOMMB.exe
  C:\Windows\System\pOBOMMB.exe
  2⤵
  PID:2680
- C:\Windows\System\XLmNQvk.exe
  C:\Windows\System\XLmNQvk.exe
  2⤵
  PID:2116
- C:\Windows\System\jnhYvlB.exe
  C:\Windows\System\jnhYvlB.exe
  2⤵
  PID:2956
- C:\Windows\System\MqLZpFN.exe
  C:\Windows\System\MqLZpFN.exe
  2⤵
  PID:1380
- C:\Windows\System\SaDqpfL.exe
  C:\Windows\System\SaDqpfL.exe
  2⤵
  PID:2128
- C:\Windows\System\EuWEEJr.exe
  C:\Windows\System\EuWEEJr.exe
  2⤵
  PID:880
- C:\Windows\System\oyvWzcY.exe
  C:\Windows\System\oyvWzcY.exe
  2⤵
  PID:3088
- C:\Windows\System\QnAKcGe.exe
  C:\Windows\System\QnAKcGe.exe
  2⤵
  PID:3124
- C:\Windows\System\dhEKlJp.exe
  C:\Windows\System\dhEKlJp.exe
  2⤵
  PID:3172
- C:\Windows\System\GvLTIzr.exe
  C:\Windows\System\GvLTIzr.exe
  2⤵
  PID:3204
- C:\Windows\System\mErohLl.exe
  C:\Windows\System\mErohLl.exe
  2⤵
  PID:3268
- C:\Windows\System\glgudfh.exe
  C:\Windows\System\glgudfh.exe
  2⤵
  PID:3256
- C:\Windows\System\jzSzrig.exe
  C:\Windows\System\jzSzrig.exe
  2⤵
  PID:2432
- C:\Windows\System\NnxksuI.exe
  C:\Windows\System\NnxksuI.exe
  2⤵
  PID:3344
- C:\Windows\System\QZeYDBe.exe
  C:\Windows\System\QZeYDBe.exe
  2⤵
  PID:3384
- C:\Windows\System\eaBdhRn.exe
  C:\Windows\System\eaBdhRn.exe
  2⤵
  PID:3408
- C:\Windows\System\xjpCaIT.exe
  C:\Windows\System\xjpCaIT.exe
  2⤵
  PID:3432
- C:\Windows\System\pIwqTdg.exe
  C:\Windows\System\pIwqTdg.exe
  2⤵
  PID:3456
- C:\Windows\System\BJgMJvn.exe
  C:\Windows\System\BJgMJvn.exe
  2⤵
  PID:3492
- C:\Windows\System\NZfSYLC.exe
  C:\Windows\System\NZfSYLC.exe
  2⤵
  PID:3548
- C:\Windows\System\RosKvnb.exe
  C:\Windows\System\RosKvnb.exe
  2⤵
  PID:3532
- C:\Windows\System\LRONmvF.exe
  C:\Windows\System\LRONmvF.exe
  2⤵
  PID:3576
- C:\Windows\System\SpcSGvP.exe
  C:\Windows\System\SpcSGvP.exe
  2⤵
  PID:3608
- C:\Windows\System\UcvZtlN.exe
  C:\Windows\System\UcvZtlN.exe
  2⤵
  PID:3676
- C:\Windows\System\QPbQbJX.exe
  C:\Windows\System\QPbQbJX.exe
  2⤵
  PID:3708
- C:\Windows\System\vQdVIuH.exe
  C:\Windows\System\vQdVIuH.exe
  2⤵
  PID:3692
- C:\Windows\System\NjDanJK.exe
  C:\Windows\System\NjDanJK.exe
  2⤵
  PID:3728
- C:\Windows\System\NAsUqxi.exe
  C:\Windows\System\NAsUqxi.exe
  2⤵
  PID:3792
- C:\Windows\System\TiggjJo.exe
  C:\Windows\System\TiggjJo.exe
  2⤵
  PID:3808
- C:\Windows\System\kfVgKhm.exe
  C:\Windows\System\kfVgKhm.exe
  2⤵
  PID:3836
- C:\Windows\System\XSuKhku.exe
  C:\Windows\System\XSuKhku.exe
  2⤵
  PID:3848
- C:\Windows\System\xrtxrmb.exe
  C:\Windows\System\xrtxrmb.exe
  2⤵
  PID:3908
- C:\Windows\System\uTgzvvy.exe
  C:\Windows\System\uTgzvvy.exe
  2⤵
  PID:3888
- C:\Windows\System\bLiEOKv.exe
  C:\Windows\System\bLiEOKv.exe
  2⤵
  PID:3936
- C:\Windows\System\OLjPeSK.exe
  C:\Windows\System\OLjPeSK.exe
  2⤵
  PID:4000
- C:\Windows\System\QevxSNx.exe
  C:\Windows\System\QevxSNx.exe
  2⤵
  PID:4036
- C:\Windows\System\sUWHFTe.exe
  C:\Windows\System\sUWHFTe.exe
  2⤵
  PID:4016
- C:\Windows\System\ZQnzunB.exe
  C:\Windows\System\ZQnzunB.exe
  2⤵
  PID:4056
- C:\Windows\System\JzTAgUa.exe
  C:\Windows\System\JzTAgUa.exe
  2⤵
  PID:2808
- C:\Windows\System\dfhwWWq.exe
  C:\Windows\System\dfhwWWq.exe
  2⤵
  PID:4092
- C:\Windows\System\CxxJYLb.exe
  C:\Windows\System\CxxJYLb.exe
  2⤵
  PID:2908
- C:\Windows\System\nuMQjrk.exe
  C:\Windows\System\nuMQjrk.exe
  2⤵
  PID:904
- C:\Windows\System\KcQsjlA.exe
  C:\Windows\System\KcQsjlA.exe
  2⤵
  PID:2832
- C:\Windows\System\FwcsyjB.exe
  C:\Windows\System\FwcsyjB.exe
  2⤵
  PID:3128
- C:\Windows\System\KmHTSmU.exe
  C:\Windows\System\KmHTSmU.exe
  2⤵
  PID:3232
- C:\Windows\System\hflzcql.exe
  C:\Windows\System\hflzcql.exe
  2⤵
  PID:2804
- C:\Windows\System\aaMfiAf.exe
  C:\Windows\System\aaMfiAf.exe
  2⤵
  PID:3316
- C:\Windows\System\UfMwdlN.exe
  C:\Windows\System\UfMwdlN.exe
  2⤵
  PID:3364
- C:\Windows\System\twIODID.exe
  C:\Windows\System\twIODID.exe
  2⤵
  PID:2784
- C:\Windows\System\uscOIdR.exe
  C:\Windows\System\uscOIdR.exe
  2⤵
  PID:3552
- C:\Windows\System\KWuIzVO.exe
  C:\Windows\System\KWuIzVO.exe
  2⤵
  PID:3368
- C:\Windows\System\HBtyBDc.exe
  C:\Windows\System\HBtyBDc.exe
  2⤵
  PID:3436
- C:\Windows\System\bSeEHrN.exe
  C:\Windows\System\bSeEHrN.exe
  2⤵
  PID:3512
- C:\Windows\System\MbgLFKu.exe
  C:\Windows\System\MbgLFKu.exe
  2⤵
  PID:3716
- C:\Windows\System\PEpsolm.exe
  C:\Windows\System\PEpsolm.exe
  2⤵
  PID:3612
- C:\Windows\System\EIhccel.exe
  C:\Windows\System\EIhccel.exe
  2⤵
  PID:2896
- C:\Windows\System\ZQLVKRs.exe
  C:\Windows\System\ZQLVKRs.exe
  2⤵
  PID:3652
- C:\Windows\System\wrXgYDR.exe
  C:\Windows\System\wrXgYDR.exe
  2⤵
  PID:3920
- C:\Windows\System\yoNTfEZ.exe
  C:\Windows\System\yoNTfEZ.exe
  2⤵
  PID:2688
- C:\Windows\System\zzMBlld.exe
  C:\Windows\System\zzMBlld.exe
  2⤵
  PID:3796
- C:\Windows\System\QtTtuxb.exe
  C:\Windows\System\QtTtuxb.exe
  2⤵
  PID:3828
- C:\Windows\System\teWJtMy.exe
  C:\Windows\System\teWJtMy.exe
  2⤵
  PID:1212
- C:\Windows\System\xUBrZkX.exe
  C:\Windows\System\xUBrZkX.exe
  2⤵
  PID:3008
- C:\Windows\System\FODvfLp.exe
  C:\Windows\System\FODvfLp.exe
  2⤵
  PID:1324
- C:\Windows\System\JkiyYKo.exe
  C:\Windows\System\JkiyYKo.exe
  2⤵
  PID:4032
- C:\Windows\System\DdyPOTA.exe
  C:\Windows\System\DdyPOTA.exe
  2⤵
  PID:3220
- C:\Windows\System\jcwgBmb.exe
  C:\Windows\System\jcwgBmb.exe
  2⤵
  PID:3184
- C:\Windows\System\cheAuNr.exe
  C:\Windows\System\cheAuNr.exe
  2⤵
  PID:1372
- C:\Windows\System\HFCqekm.exe
  C:\Windows\System\HFCqekm.exe
  2⤵
  PID:3308
- C:\Windows\System\LvOKUjb.exe
  C:\Windows\System\LvOKUjb.exe
  2⤵
  PID:3328
- C:\Windows\System\KVDjcGa.exe
  C:\Windows\System\KVDjcGa.exe
  2⤵
  PID:3488
- C:\Windows\System\TirTrKV.exe
  C:\Windows\System\TirTrKV.exe
  2⤵
  PID:3516
- C:\Windows\System\FuDeznh.exe
  C:\Windows\System\FuDeznh.exe
  2⤵
  PID:264
- C:\Windows\System\RndLdFs.exe
  C:\Windows\System\RndLdFs.exe
  2⤵
  PID:3592
- C:\Windows\System\JTQvzLl.exe
  C:\Windows\System\JTQvzLl.exe
  2⤵
  PID:3868
- C:\Windows\System\RrjZNuf.exe
  C:\Windows\System\RrjZNuf.exe
  2⤵
  PID:3876
- C:\Windows\System\doeYPAT.exe
  C:\Windows\System\doeYPAT.exe
  2⤵
  PID:3832
- C:\Windows\System\gdLDREm.exe
  C:\Windows\System\gdLDREm.exe
  2⤵
  PID:3932
- C:\Windows\System\JeWLwmO.exe
  C:\Windows\System\JeWLwmO.exe
  2⤵
  PID:3976
- C:\Windows\System\qKKfLjW.exe
  C:\Windows\System\qKKfLjW.exe
  2⤵
  PID:2504
- C:\Windows\System\nXMmgyb.exe
  C:\Windows\System\nXMmgyb.exe
  2⤵
  PID:1656
- C:\Windows\System\eohNYUn.exe
  C:\Windows\System\eohNYUn.exe
  2⤵
  PID:1912
- C:\Windows\System\YejyUMr.exe
  C:\Windows\System\YejyUMr.exe
  2⤵
  PID:3224
- C:\Windows\System\HzFfaqy.exe
  C:\Windows\System\HzFfaqy.exe
  2⤵
  PID:3248
- C:\Windows\System\SGcTwyN.exe
  C:\Windows\System\SGcTwyN.exe
  2⤵
  PID:3164
- C:\Windows\System\YlpLujS.exe
  C:\Windows\System\YlpLujS.exe
  2⤵
  PID:3192
- C:\Windows\System\VGNVScZ.exe
  C:\Windows\System\VGNVScZ.exe
  2⤵
  PID:3996
- C:\Windows\System\KZivTby.exe
  C:\Windows\System\KZivTby.exe
  2⤵
  PID:3764
- C:\Windows\System\lOjZZlw.exe
  C:\Windows\System\lOjZZlw.exe
  2⤵
  PID:3916
- C:\Windows\System\HvRDRVs.exe
  C:\Windows\System\HvRDRVs.exe
  2⤵
  PID:2132
- C:\Windows\System\MrcJPpM.exe
  C:\Windows\System\MrcJPpM.exe
  2⤵
  PID:3752
- C:\Windows\System\dYRIDuw.exe
  C:\Windows\System\dYRIDuw.exe
  2⤵
  PID:1484
- C:\Windows\System\zpQitKp.exe
  C:\Windows\System\zpQitKp.exe
  2⤵
  PID:2548
- C:\Windows\System\OAHOFPh.exe
  C:\Windows\System\OAHOFPh.exe
  2⤵
  PID:1600
- C:\Windows\System\ejLUqla.exe
  C:\Windows\System\ejLUqla.exe
  2⤵
  PID:2536
- C:\Windows\System\zcojaUb.exe
  C:\Windows\System\zcojaUb.exe
  2⤵
  PID:2876
- C:\Windows\System\vcnzjlR.exe
  C:\Windows\System\vcnzjlR.exe
  2⤵
  PID:3472
- C:\Windows\System\bYevEyT.exe
  C:\Windows\System\bYevEyT.exe
  2⤵
  PID:2692
- C:\Windows\System\mwvJQlO.exe
  C:\Windows\System\mwvJQlO.exe
  2⤵
  PID:2316
- C:\Windows\System\QJquBxs.exe
  C:\Windows\System\QJquBxs.exe
  2⤵
  PID:1432
- C:\Windows\System\IhpDngx.exe
  C:\Windows\System\IhpDngx.exe
  2⤵
  PID:3064
- C:\Windows\System\SDqtCgt.exe
  C:\Windows\System\SDqtCgt.exe
  2⤵
  PID:3292
- C:\Windows\System\PEPyeOB.exe
  C:\Windows\System\PEPyeOB.exe
  2⤵
  PID:3772
- C:\Windows\System\lTVtUZT.exe
  C:\Windows\System\lTVtUZT.exe
  2⤵
  PID:3568
- C:\Windows\System\uSggDWB.exe
  C:\Windows\System\uSggDWB.exe
  2⤵
  PID:3852
- C:\Windows\System\DGvvmrv.exe
  C:\Windows\System\DGvvmrv.exe
  2⤵
  PID:3388
- C:\Windows\System\PRfIIAP.exe
  C:\Windows\System\PRfIIAP.exe
  2⤵
  PID:3404
- C:\Windows\System\VwlPhYS.exe
  C:\Windows\System\VwlPhYS.exe
  2⤵
  PID:1244
- C:\Windows\System\YohfLWl.exe
  C:\Windows\System\YohfLWl.exe
  2⤵
  PID:3236
- C:\Windows\System\Adwpzds.exe
  C:\Windows\System\Adwpzds.exe
  2⤵
  PID:2932
- C:\Windows\System\hwJJuDS.exe
  C:\Windows\System\hwJJuDS.exe
  2⤵
  PID:2412
- C:\Windows\System\fOrbLLF.exe
  C:\Windows\System\fOrbLLF.exe
  2⤵
  PID:4108
- C:\Windows\System\hSlvMQP.exe
  C:\Windows\System\hSlvMQP.exe
  2⤵
  PID:4128
- C:\Windows\System\SvsrZoc.exe
  C:\Windows\System\SvsrZoc.exe
  2⤵
  PID:4152
- C:\Windows\System\lSdgjvE.exe
  C:\Windows\System\lSdgjvE.exe
  2⤵
  PID:4168
- C:\Windows\System\yPAVMDF.exe
  C:\Windows\System\yPAVMDF.exe
  2⤵
  PID:4188
- C:\Windows\System\IyOvTeb.exe
  C:\Windows\System\IyOvTeb.exe
  2⤵
  PID:4204
- C:\Windows\System\fJZWpUH.exe
  C:\Windows\System\fJZWpUH.exe
  2⤵
  PID:4220
- C:\Windows\System\FcqcweU.exe
  C:\Windows\System\FcqcweU.exe
  2⤵
  PID:4252
- C:\Windows\System\TOOejKV.exe
  C:\Windows\System\TOOejKV.exe
  2⤵
  PID:4284
- C:\Windows\System\GjYYBly.exe
  C:\Windows\System\GjYYBly.exe
  2⤵
  PID:4300
- C:\Windows\System\MfhGYfp.exe
  C:\Windows\System\MfhGYfp.exe
  2⤵
  PID:4316
- C:\Windows\System\DSlCvXq.exe
  C:\Windows\System\DSlCvXq.exe
  2⤵
  PID:4340
- C:\Windows\System\wxHOspT.exe
  C:\Windows\System\wxHOspT.exe
  2⤵
  PID:4356
- C:\Windows\System\KFsWpMb.exe
  C:\Windows\System\KFsWpMb.exe
  2⤵
  PID:4372
- C:\Windows\System\jXQWALn.exe
  C:\Windows\System\jXQWALn.exe
  2⤵
  PID:4388
- C:\Windows\System\ZWYcBmr.exe
  C:\Windows\System\ZWYcBmr.exe
  2⤵
  PID:4404
- C:\Windows\System\nFiaJRq.exe
  C:\Windows\System\nFiaJRq.exe
  2⤵
  PID:4428
- C:\Windows\System\xasejTL.exe
  C:\Windows\System\xasejTL.exe
  2⤵
  PID:4444
- C:\Windows\System\eIpAULA.exe
  C:\Windows\System\eIpAULA.exe
  2⤵
  PID:4464
- C:\Windows\System\HNVUAuJ.exe
  C:\Windows\System\HNVUAuJ.exe
  2⤵
  PID:4488
- C:\Windows\System\QgGTtaU.exe
  C:\Windows\System\QgGTtaU.exe
  2⤵
  PID:4504
- C:\Windows\System\aJpXcXp.exe
  C:\Windows\System\aJpXcXp.exe
  2⤵
  PID:4520
- C:\Windows\System\mATcPiC.exe
  C:\Windows\System\mATcPiC.exe
  2⤵
  PID:4564
- C:\Windows\System\vhDyNUF.exe
  C:\Windows\System\vhDyNUF.exe
  2⤵
  PID:4588
- C:\Windows\System\HHxkrKd.exe
  C:\Windows\System\HHxkrKd.exe
  2⤵
  PID:4604
- C:\Windows\System\pXUnYPq.exe
  C:\Windows\System\pXUnYPq.exe
  2⤵
  PID:4620
- C:\Windows\System\pMqFKEu.exe
  C:\Windows\System\pMqFKEu.exe
  2⤵
  PID:4636
- C:\Windows\System\syePzBT.exe
  C:\Windows\System\syePzBT.exe
  2⤵
  PID:4668
- C:\Windows\System\PcTMzuL.exe
  C:\Windows\System\PcTMzuL.exe
  2⤵
  PID:4684
- C:\Windows\System\wPFwyjK.exe
  C:\Windows\System\wPFwyjK.exe
  2⤵
  PID:4700
- C:\Windows\System\vPDgBQe.exe
  C:\Windows\System\vPDgBQe.exe
  2⤵
  PID:4720
- C:\Windows\System\VhwZiTE.exe
  C:\Windows\System\VhwZiTE.exe
  2⤵
  PID:4740
- C:\Windows\System\TsBYQoS.exe
  C:\Windows\System\TsBYQoS.exe
  2⤵
  PID:4756
- C:\Windows\System\wvQYLYm.exe
  C:\Windows\System\wvQYLYm.exe
  2⤵
  PID:4772
- C:\Windows\System\ZRhIxPq.exe
  C:\Windows\System\ZRhIxPq.exe
  2⤵
  PID:4788
- C:\Windows\System\fWLEcrb.exe
  C:\Windows\System\fWLEcrb.exe
  2⤵
  PID:4808
- C:\Windows\System\eNIYrXF.exe
  C:\Windows\System\eNIYrXF.exe
  2⤵
  PID:4848
- C:\Windows\System\qYYXBBc.exe
  C:\Windows\System\qYYXBBc.exe
  2⤵
  PID:4868
- C:\Windows\System\WPoaFtC.exe
  C:\Windows\System\WPoaFtC.exe
  2⤵
  PID:4888
- C:\Windows\System\OZhuHUH.exe
  C:\Windows\System\OZhuHUH.exe
  2⤵
  PID:4904
- C:\Windows\System\aHQcYRM.exe
  C:\Windows\System\aHQcYRM.exe
  2⤵
  PID:4920
- C:\Windows\System\ygpuFOk.exe
  C:\Windows\System\ygpuFOk.exe
  2⤵
  PID:4936
- C:\Windows\System\ZXgQLPK.exe
  C:\Windows\System\ZXgQLPK.exe
  2⤵
  PID:4952
- C:\Windows\System\DqzUOHd.exe
  C:\Windows\System\DqzUOHd.exe
  2⤵
  PID:4976
- C:\Windows\System\kXzUaxB.exe
  C:\Windows\System\kXzUaxB.exe
  2⤵
  PID:4992
- C:\Windows\System\fZPyjmy.exe
  C:\Windows\System\fZPyjmy.exe
  2⤵
  PID:5008
- C:\Windows\System\IRyoGfs.exe
  C:\Windows\System\IRyoGfs.exe
  2⤵
  PID:5028
- C:\Windows\System\HNwkkpQ.exe
  C:\Windows\System\HNwkkpQ.exe
  2⤵
  PID:5048
- C:\Windows\System\LGGcpnp.exe
  C:\Windows\System\LGGcpnp.exe
  2⤵
  PID:5064
- C:\Windows\System\BfYrVcX.exe
  C:\Windows\System\BfYrVcX.exe
  2⤵
  PID:5084
- C:\Windows\System\cOZBqec.exe
  C:\Windows\System\cOZBqec.exe
  2⤵
  PID:5108
- C:\Windows\System\aRgrhZt.exe
  C:\Windows\System\aRgrhZt.exe
  2⤵
  PID:2756
- C:\Windows\System\wjerZvD.exe
  C:\Windows\System\wjerZvD.exe
  2⤵
  PID:2964
- C:\Windows\System\ChnSBDS.exe
  C:\Windows\System\ChnSBDS.exe
  2⤵
  PID:4136
- C:\Windows\System\YOyjjCc.exe
  C:\Windows\System\YOyjjCc.exe
  2⤵
  PID:4232
- C:\Windows\System\SrOHrbg.exe
  C:\Windows\System\SrOHrbg.exe
  2⤵
  PID:4240
- C:\Windows\System\mRlwVfe.exe
  C:\Windows\System\mRlwVfe.exe
  2⤵
  PID:4260
- C:\Windows\System\mnVLhaL.exe
  C:\Windows\System\mnVLhaL.exe
  2⤵
  PID:4272
- C:\Windows\System\MwKhyPL.exe
  C:\Windows\System\MwKhyPL.exe
  2⤵
  PID:4336
- C:\Windows\System\pOoEDdl.exe
  C:\Windows\System\pOoEDdl.exe
  2⤵
  PID:4400
- C:\Windows\System\UIvHLba.exe
  C:\Windows\System\UIvHLba.exe
  2⤵
  PID:4480
- C:\Windows\System\FEunRPr.exe
  C:\Windows\System\FEunRPr.exe
  2⤵
  PID:4424
- C:\Windows\System\vSsAXKi.exe
  C:\Windows\System\vSsAXKi.exe
  2⤵
  PID:4348
- C:\Windows\System\VsBKtSS.exe
  C:\Windows\System\VsBKtSS.exe
  2⤵
  PID:4412
- C:\Windows\System\orCyMEO.exe
  C:\Windows\System\orCyMEO.exe
  2⤵
  PID:4576
- C:\Windows\System\dscZfmK.exe
  C:\Windows\System\dscZfmK.exe
  2⤵
  PID:4540
- C:\Windows\System\cXwfKzl.exe
  C:\Windows\System\cXwfKzl.exe
  2⤵
  PID:4556
- C:\Windows\System\VthotrZ.exe
  C:\Windows\System\VthotrZ.exe
  2⤵
  PID:1936
- C:\Windows\System\hljRiMq.exe
  C:\Windows\System\hljRiMq.exe
  2⤵
  PID:4652
- C:\Windows\System\TgFgMZr.exe
  C:\Windows\System\TgFgMZr.exe
  2⤵
  PID:1152
- C:\Windows\System\XxXpjhv.exe
  C:\Windows\System\XxXpjhv.exe
  2⤵
  PID:4676
- C:\Windows\System\ZxRudSb.exe
  C:\Windows\System\ZxRudSb.exe
  2⤵
  PID:4728
- C:\Windows\System\ARxeTye.exe
  C:\Windows\System\ARxeTye.exe
  2⤵
  PID:4768
- C:\Windows\System\fMWfLnE.exe
  C:\Windows\System\fMWfLnE.exe
  2⤵
  PID:4804
- C:\Windows\System\UAKeDfV.exe
  C:\Windows\System\UAKeDfV.exe
  2⤵
  PID:4864
- C:\Windows\System\lHSpoQf.exe
  C:\Windows\System\lHSpoQf.exe
  2⤵
  PID:4900
- C:\Windows\System\qzAfqCb.exe
  C:\Windows\System\qzAfqCb.exe
  2⤵
  PID:4964
- C:\Windows\System\eKlqRyX.exe
  C:\Windows\System\eKlqRyX.exe
  2⤵
  PID:5004
- C:\Windows\System\hzjmPDT.exe
  C:\Windows\System\hzjmPDT.exe
  2⤵
  PID:4820
- C:\Windows\System\vNKcIZD.exe
  C:\Windows\System\vNKcIZD.exe
  2⤵
  PID:4840
- C:\Windows\System\qKPAcYc.exe
  C:\Windows\System\qKPAcYc.exe
  2⤵
  PID:5076
- C:\Windows\System\hwHDlps.exe
  C:\Windows\System\hwHDlps.exe
  2⤵
  PID:5024
- C:\Windows\System\eRInuPO.exe
  C:\Windows\System\eRInuPO.exe
  2⤵
  PID:4916
- C:\Windows\System\zKaAWDO.exe
  C:\Windows\System\zKaAWDO.exe
  2⤵
  PID:5016
- C:\Windows\System\QjrHXdQ.exe
  C:\Windows\System\QjrHXdQ.exe
  2⤵
  PID:2992
- C:\Windows\System\bTuESzq.exe
  C:\Windows\System\bTuESzq.exe
  2⤵
  PID:2076
- C:\Windows\System\WdKCDfl.exe
  C:\Windows\System\WdKCDfl.exe
  2⤵
  PID:2880
- C:\Windows\System\lPlMnRq.exe
  C:\Windows\System\lPlMnRq.exe
  2⤵
  PID:4396
- C:\Windows\System\mhKvmiu.exe
  C:\Windows\System\mhKvmiu.exe
  2⤵
  PID:4380
- C:\Windows\System\qAltrYd.exe
  C:\Windows\System\qAltrYd.exe
  2⤵
  PID:4440
- C:\Windows\System\gXDCAVd.exe
  C:\Windows\System\gXDCAVd.exe
  2⤵
  PID:4616
- C:\Windows\System\wpVfFoY.exe
  C:\Windows\System\wpVfFoY.exe
  2⤵
  PID:4460
- C:\Windows\System\ZKfkMXS.exe
  C:\Windows\System\ZKfkMXS.exe
  2⤵
  PID:4328
- C:\Windows\System\SjTnypX.exe
  C:\Windows\System\SjTnypX.exe
  2⤵
  PID:4496
- C:\Windows\System\ycvROmK.exe
  C:\Windows\System\ycvROmK.exe
  2⤵
  PID:4644
- C:\Windows\System\aWWCUXj.exe
  C:\Windows\System\aWWCUXj.exe
  2⤵
  PID:4692
- C:\Windows\System\HDfwiZI.exe
  C:\Windows\System\HDfwiZI.exe
  2⤵
  PID:4680
- C:\Windows\System\aKBKZNl.exe
  C:\Windows\System\aKBKZNl.exe
  2⤵
  PID:4748
- C:\Windows\System\qdMdfyP.exe
  C:\Windows\System\qdMdfyP.exe
  2⤵
  PID:2996
- C:\Windows\System\CdAvYbF.exe
  C:\Windows\System\CdAvYbF.exe
  2⤵
  PID:5020
- C:\Windows\System\VGwGCdj.exe
  C:\Windows\System\VGwGCdj.exe
  2⤵
  PID:4884
- C:\Windows\System\XFmVyHs.exe
  C:\Windows\System\XFmVyHs.exe
  2⤵
  PID:4960
- C:\Windows\System\fyBWvMl.exe
  C:\Windows\System\fyBWvMl.exe
  2⤵
  PID:4948
- C:\Windows\System\dlcxLUL.exe
  C:\Windows\System\dlcxLUL.exe
  2⤵
  PID:3032
- C:\Windows\System\BvpwWHE.exe
  C:\Windows\System\BvpwWHE.exe
  2⤵
  PID:4100
- C:\Windows\System\IVPkbtn.exe
  C:\Windows\System\IVPkbtn.exe
  2⤵
  PID:4180
- C:\Windows\System\FSWUgUG.exe
  C:\Windows\System\FSWUgUG.exe
  2⤵
  PID:4176
- C:\Windows\System\vVKLqnN.exe
  C:\Windows\System\vVKLqnN.exe
  2⤵
  PID:4516
- C:\Windows\System\gDehaFp.exe
  C:\Windows\System\gDehaFp.exe
  2⤵
  PID:4536
- C:\Windows\System\kjJWMmu.exe
  C:\Windows\System\kjJWMmu.exe
  2⤵
  PID:4144
- C:\Windows\System\mRdnBEt.exe
  C:\Windows\System\mRdnBEt.exe
  2⤵
  PID:4200
- C:\Windows\System\mRPnKBj.exe
  C:\Windows\System\mRPnKBj.exe
  2⤵
  PID:5000
- C:\Windows\System\aCHnwYY.exe
  C:\Windows\System\aCHnwYY.exe
  2⤵
  PID:4420
- C:\Windows\System\vHpJiBg.exe
  C:\Windows\System\vHpJiBg.exe
  2⤵
  PID:4856
- C:\Windows\System\ctGOcWu.exe
  C:\Windows\System\ctGOcWu.exe
  2⤵
  PID:4552
- C:\Windows\System\GdqCHLL.exe
  C:\Windows\System\GdqCHLL.exe
  2⤵
  PID:4736
- C:\Windows\System\MqwFrPB.exe
  C:\Windows\System\MqwFrPB.exe
  2⤵
  PID:4040
- C:\Windows\System\KNEIPTL.exe
  C:\Windows\System\KNEIPTL.exe
  2⤵
  PID:776
- C:\Windows\System\ttvefdi.exe
  C:\Windows\System\ttvefdi.exe
  2⤵
  PID:5072
- C:\Windows\System\AkEyBUV.exe
  C:\Windows\System\AkEyBUV.exe
  2⤵
  PID:1848
- C:\Windows\System\OAQDrYx.exe
  C:\Windows\System\OAQDrYx.exe
  2⤵
  PID:4584
- C:\Windows\System\jfHvltP.exe
  C:\Windows\System\jfHvltP.exe
  2⤵
  PID:4548
- C:\Windows\System\wEURVjp.exe
  C:\Windows\System\wEURVjp.exe
  2⤵
  PID:4248
- C:\Windows\System\SnRZsbm.exe
  C:\Windows\System\SnRZsbm.exe
  2⤵
  PID:4580
- C:\Windows\System\kLbgOLB.exe
  C:\Windows\System\kLbgOLB.exe
  2⤵
  PID:4800
- C:\Windows\System\HRmsfDC.exe
  C:\Windows\System\HRmsfDC.exe
  2⤵
  PID:2684
- C:\Windows\System\OzFvKAP.exe
  C:\Windows\System\OzFvKAP.exe
  2⤵
  PID:4560
- C:\Windows\System\UdgWVUn.exe
  C:\Windows\System\UdgWVUn.exe
  2⤵
  PID:4784
- C:\Windows\System\idwGaFA.exe
  C:\Windows\System\idwGaFA.exe
  2⤵
  PID:4104
- C:\Windows\System\JlIrTBv.exe
  C:\Windows\System\JlIrTBv.exe
  2⤵
  PID:4656
- C:\Windows\System\xRLFXdS.exe
  C:\Windows\System\xRLFXdS.exe
  2⤵
  PID:4796
- C:\Windows\System\kNPBVoV.exe
  C:\Windows\System\kNPBVoV.exe
  2⤵
  PID:4212
- C:\Windows\System\YqUFyTp.exe
  C:\Windows\System\YqUFyTp.exe
  2⤵
  PID:2300
- C:\Windows\System\jHTvtXb.exe
  C:\Windows\System\jHTvtXb.exe
  2⤵
  PID:5104
- C:\Windows\System\GmjtLmR.exe
  C:\Windows\System\GmjtLmR.exe
  2⤵
  PID:4264
- C:\Windows\System\bYUvVCr.exe
  C:\Windows\System\bYUvVCr.exe
  2⤵
  PID:4244
- C:\Windows\System\EVcVmlT.exe
  C:\Windows\System\EVcVmlT.exe
  2⤵
  PID:5124
- C:\Windows\System\omVnePc.exe
  C:\Windows\System\omVnePc.exe
  2⤵
  PID:5144
- C:\Windows\System\BHKhzbH.exe
  C:\Windows\System\BHKhzbH.exe
  2⤵
  PID:5160
- C:\Windows\System\mTftMvX.exe
  C:\Windows\System\mTftMvX.exe
  2⤵
  PID:5176
- C:\Windows\System\wXBsGRH.exe
  C:\Windows\System\wXBsGRH.exe
  2⤵
  PID:5196
- C:\Windows\System\UEYFNUt.exe
  C:\Windows\System\UEYFNUt.exe
  2⤵
  PID:5212
- C:\Windows\System\jDkwXZu.exe
  C:\Windows\System\jDkwXZu.exe
  2⤵
  PID:5248
- C:\Windows\System\jmnXYbt.exe
  C:\Windows\System\jmnXYbt.exe
  2⤵
  PID:5268
- C:\Windows\System\nJkZvJL.exe
  C:\Windows\System\nJkZvJL.exe
  2⤵
  PID:5284
- C:\Windows\System\hpPMAgZ.exe
  C:\Windows\System\hpPMAgZ.exe
  2⤵
  PID:5308
- C:\Windows\System\ZnpmdKI.exe
  C:\Windows\System\ZnpmdKI.exe
  2⤵
  PID:5328
- C:\Windows\System\wChCVNq.exe
  C:\Windows\System\wChCVNq.exe
  2⤵
  PID:5344
- C:\Windows\System\QJNrWdU.exe
  C:\Windows\System\QJNrWdU.exe
  2⤵
  PID:5360
- C:\Windows\System\bbzHgOI.exe
  C:\Windows\System\bbzHgOI.exe
  2⤵
  PID:5380
- C:\Windows\System\JFqdydP.exe
  C:\Windows\System\JFqdydP.exe
  2⤵
  PID:5396
- C:\Windows\System\uqrpsxL.exe
  C:\Windows\System\uqrpsxL.exe
  2⤵
  PID:5412
- C:\Windows\System\nGukiGg.exe
  C:\Windows\System\nGukiGg.exe
  2⤵
  PID:5428
- C:\Windows\System\GMDXIrT.exe
  C:\Windows\System\GMDXIrT.exe
  2⤵
  PID:5448
- C:\Windows\System\gTTGRbh.exe
  C:\Windows\System\gTTGRbh.exe
  2⤵
  PID:5468
- C:\Windows\System\AshcFtB.exe
  C:\Windows\System\AshcFtB.exe
  2⤵
  PID:5492
- C:\Windows\System\LrlhCjl.exe
  C:\Windows\System\LrlhCjl.exe
  2⤵
  PID:5528
- C:\Windows\System\ylRcaPN.exe
  C:\Windows\System\ylRcaPN.exe
  2⤵
  PID:5548
- C:\Windows\System\ZVlqaJN.exe
  C:\Windows\System\ZVlqaJN.exe
  2⤵
  PID:5568
- C:\Windows\System\WQrViTK.exe
  C:\Windows\System\WQrViTK.exe
  2⤵
  PID:5588
- C:\Windows\System\RIsmoaH.exe
  C:\Windows\System\RIsmoaH.exe
  2⤵
  PID:5612
- C:\Windows\System\hhIINze.exe
  C:\Windows\System\hhIINze.exe
  2⤵
  PID:5640
- C:\Windows\System\ZdftEgh.exe
  C:\Windows\System\ZdftEgh.exe
  2⤵
  PID:5660
- C:\Windows\System\uommBNz.exe
  C:\Windows\System\uommBNz.exe
  2⤵
  PID:5684
- C:\Windows\System\EMeBnVg.exe
  C:\Windows\System\EMeBnVg.exe
  2⤵
  PID:5700
- C:\Windows\System\HfMGfFh.exe
  C:\Windows\System\HfMGfFh.exe
  2⤵
  PID:5720
- C:\Windows\System\UkDLOBs.exe
  C:\Windows\System\UkDLOBs.exe
  2⤵
  PID:5740
- C:\Windows\System\PyGAEYM.exe
  C:\Windows\System\PyGAEYM.exe
  2⤵
  PID:5764
- C:\Windows\System\JYBiQEo.exe
  C:\Windows\System\JYBiQEo.exe
  2⤵
  PID:5780
- C:\Windows\System\ZXrOXhJ.exe
  C:\Windows\System\ZXrOXhJ.exe
  2⤵
  PID:5800
- C:\Windows\System\DtwWeSi.exe
  C:\Windows\System\DtwWeSi.exe
  2⤵
  PID:5816
- C:\Windows\System\jXywNwg.exe
  C:\Windows\System\jXywNwg.exe
  2⤵
  PID:5832
- C:\Windows\System\sNOXpnd.exe
  C:\Windows\System\sNOXpnd.exe
  2⤵
  PID:5852
- C:\Windows\System\viWIGCC.exe
  C:\Windows\System\viWIGCC.exe
  2⤵
  PID:5872
- C:\Windows\System\AFufnea.exe
  C:\Windows\System\AFufnea.exe
  2⤵
  PID:5888
- C:\Windows\System\zzWRoBX.exe
  C:\Windows\System\zzWRoBX.exe
  2⤵
  PID:5904
- C:\Windows\System\mTHxreP.exe
  C:\Windows\System\mTHxreP.exe
  2⤵
  PID:5928
- C:\Windows\System\qGwSAvo.exe
  C:\Windows\System\qGwSAvo.exe
  2⤵
  PID:5948
- C:\Windows\System\imXaHpB.exe
  C:\Windows\System\imXaHpB.exe
  2⤵
  PID:5972
- C:\Windows\System\HNWqwip.exe
  C:\Windows\System\HNWqwip.exe
  2⤵
  PID:5988
- C:\Windows\System\AouQjcy.exe
  C:\Windows\System\AouQjcy.exe
  2⤵
  PID:6024
- C:\Windows\System\FQwNNSe.exe
  C:\Windows\System\FQwNNSe.exe
  2⤵
  PID:6040
- C:\Windows\System\CzWNNaP.exe
  C:\Windows\System\CzWNNaP.exe
  2⤵
  PID:6056
- C:\Windows\System\MGJAiZn.exe
  C:\Windows\System\MGJAiZn.exe
  2⤵
  PID:6072
- C:\Windows\System\gFmbASa.exe
  C:\Windows\System\gFmbASa.exe
  2⤵
  PID:6088
- C:\Windows\System\nIGkbZf.exe
  C:\Windows\System\nIGkbZf.exe
  2⤵
  PID:6104
- C:\Windows\System\SlSsFqc.exe
  C:\Windows\System\SlSsFqc.exe
  2⤵
  PID:6120
- C:\Windows\System\cTouojC.exe
  C:\Windows\System\cTouojC.exe
  2⤵
  PID:4752
- C:\Windows\System\IpvZDCz.exe
  C:\Windows\System\IpvZDCz.exe
  2⤵
  PID:4832
- C:\Windows\System\IAlBROL.exe
  C:\Windows\System\IAlBROL.exe
  2⤵
  PID:5172
- C:\Windows\System\egDTPIb.exe
  C:\Windows\System\egDTPIb.exe
  2⤵
  PID:5208
- C:\Windows\System\tEyJxNt.exe
  C:\Windows\System\tEyJxNt.exe
  2⤵
  PID:5264
- C:\Windows\System\zhtWEJH.exe
  C:\Windows\System\zhtWEJH.exe
  2⤵
  PID:5292
- C:\Windows\System\hedCaGw.exe
  C:\Windows\System\hedCaGw.exe
  2⤵
  PID:5304
- C:\Windows\System\LNsuZnt.exe
  C:\Windows\System\LNsuZnt.exe
  2⤵
  PID:5152
- C:\Windows\System\QYBnfzA.exe
  C:\Windows\System\QYBnfzA.exe
  2⤵
  PID:5184
- C:\Windows\System\vfayQsQ.exe
  C:\Windows\System\vfayQsQ.exe
  2⤵
  PID:5224
- C:\Windows\System\GEoNrht.exe
  C:\Windows\System\GEoNrht.exe
  2⤵
  PID:5376
- C:\Windows\System\uqvuSKb.exe
  C:\Windows\System\uqvuSKb.exe
  2⤵
  PID:5316
- C:\Windows\System\HoWvaZM.exe
  C:\Windows\System\HoWvaZM.exe
  2⤵
  PID:5420
- C:\Windows\System\JkhrKQX.exe
  C:\Windows\System\JkhrKQX.exe
  2⤵
  PID:5240
- C:\Windows\System\aXhorwI.exe
  C:\Windows\System\aXhorwI.exe
  2⤵
  PID:5444
- C:\Windows\System\oIdTyCC.exe
  C:\Windows\System\oIdTyCC.exe
  2⤵
  PID:5488
- C:\Windows\System\sDuKSDi.exe
  C:\Windows\System\sDuKSDi.exe
  2⤵
  PID:5576
- C:\Windows\System\ukYOYxa.exe
  C:\Windows\System\ukYOYxa.exe
  2⤵
  PID:5512
- C:\Windows\System\hErqNVY.exe
  C:\Windows\System\hErqNVY.exe
  2⤵
  PID:5424
- C:\Windows\System\NjVeNQQ.exe
  C:\Windows\System\NjVeNQQ.exe
  2⤵
  PID:5624
- C:\Windows\System\FAXEAwv.exe
  C:\Windows\System\FAXEAwv.exe
  2⤵
  PID:5600
- C:\Windows\System\OpsgeHs.exe
  C:\Windows\System\OpsgeHs.exe
  2⤵
  PID:5520
- C:\Windows\System\ZVsaFmR.exe
  C:\Windows\System\ZVsaFmR.exe
  2⤵
  PID:5564
- C:\Windows\System\ejKmPNM.exe
  C:\Windows\System\ejKmPNM.exe
  2⤵
  PID:5676
- C:\Windows\System\oytcPtd.exe
  C:\Windows\System\oytcPtd.exe
  2⤵
  PID:5696
- C:\Windows\System\cPQkzvm.exe
  C:\Windows\System\cPQkzvm.exe
  2⤵
  PID:5728
- C:\Windows\System\UsTNvJD.exe
  C:\Windows\System\UsTNvJD.exe
  2⤵
  PID:5752
- C:\Windows\System\phThrxX.exe
  C:\Windows\System\phThrxX.exe
  2⤵
  PID:5772
- C:\Windows\System\JbgMGyi.exe
  C:\Windows\System\JbgMGyi.exe
  2⤵
  PID:5776
- C:\Windows\System\mzKkmhT.exe
  C:\Windows\System\mzKkmhT.exe
  2⤵
  PID:5864
- C:\Windows\System\mgbOGUE.exe
  C:\Windows\System\mgbOGUE.exe
  2⤵
  PID:5936
- C:\Windows\System\nBpUrkO.exe
  C:\Windows\System\nBpUrkO.exe
  2⤵
  PID:5980
- C:\Windows\System\Puqycgd.exe
  C:\Windows\System\Puqycgd.exe
  2⤵
  PID:5912
- C:\Windows\System\FncqGMm.exe
  C:\Windows\System\FncqGMm.exe
  2⤵
  PID:5812
- C:\Windows\System\QBVQKFo.exe
  C:\Windows\System\QBVQKFo.exe
  2⤵
  PID:5880
- C:\Windows\System\sxIVYem.exe
  C:\Windows\System\sxIVYem.exe
  2⤵
  PID:5960
- C:\Windows\System\oETncLX.exe
  C:\Windows\System\oETncLX.exe
  2⤵
  PID:6016
- C:\Windows\System\Vzhbeaa.exe
  C:\Windows\System\Vzhbeaa.exe
  2⤵
  PID:6048
- C:\Windows\System\jsbPjyX.exe
  C:\Windows\System\jsbPjyX.exe
  2⤵
  PID:2260
- C:\Windows\System\qckvmCI.exe
  C:\Windows\System\qckvmCI.exe
  2⤵
  PID:6128
- C:\Windows\System\pfhuocc.exe
  C:\Windows\System\pfhuocc.exe
  2⤵
  PID:6064
- C:\Windows\System\UEIYiao.exe
  C:\Windows\System\UEIYiao.exe
  2⤵
  PID:4764
- C:\Windows\System\ZOotkng.exe
  C:\Windows\System\ZOotkng.exe
  2⤵
  PID:2492
- C:\Windows\System\mGKoXfN.exe
  C:\Windows\System\mGKoXfN.exe
  2⤵
  PID:952
- C:\Windows\System\yGIJVTt.exe
  C:\Windows\System\yGIJVTt.exe
  2⤵
  PID:472
- C:\Windows\System\PTsrxdO.exe
  C:\Windows\System\PTsrxdO.exe
  2⤵
  PID:1824
- C:\Windows\System\fLMVukq.exe
  C:\Windows\System\fLMVukq.exe
  2⤵
  PID:5388
- C:\Windows\System\kbEfYvo.exe
  C:\Windows\System\kbEfYvo.exe
  2⤵
  PID:5440
- C:\Windows\System\WVodqbj.exe
  C:\Windows\System\WVodqbj.exe
  2⤵
  PID:5236
- C:\Windows\System\osfCKef.exe
  C:\Windows\System\osfCKef.exe
  2⤵
  PID:5480
- C:\Windows\System\hfrwQaz.exe
  C:\Windows\System\hfrwQaz.exe
  2⤵
  PID:5408
- C:\Windows\System\KBYsuHN.exe
  C:\Windows\System\KBYsuHN.exe
  2⤵
  PID:5464
- C:\Windows\System\eGbuOVg.exe
  C:\Windows\System\eGbuOVg.exe
  2⤵
  PID:4164
- C:\Windows\System\ceyZaXk.exe
  C:\Windows\System\ceyZaXk.exe
  2⤵
  PID:5556
- C:\Windows\System\wAnZknn.exe
  C:\Windows\System\wAnZknn.exe
  2⤵
  PID:5808
- C:\Windows\System\JdoXBjy.exe
  C:\Windows\System\JdoXBjy.exe
  2⤵
  PID:6032
- C:\Windows\System\cVServW.exe
  C:\Windows\System\cVServW.exe
  2⤵
  PID:5748
- C:\Windows\System\pVOPmjy.exe
  C:\Windows\System\pVOPmjy.exe
  2⤵
  PID:5900
- C:\Windows\System\xggcIcl.exe
  C:\Windows\System\xggcIcl.exe
  2⤵
  PID:6008
- C:\Windows\System\ggJONhv.exe
  C:\Windows\System\ggJONhv.exe
  2⤵
  PID:6096
- C:\Windows\System\FVGdAda.exe
  C:\Windows\System\FVGdAda.exe
  2⤵
  PID:6100
- C:\Windows\System\QITPCec.exe
  C:\Windows\System\QITPCec.exe
  2⤵
  PID:5860
- C:\Windows\System\gvKVXaK.exe
  C:\Windows\System\gvKVXaK.exe
  2⤵
  PID:5136
- C:\Windows\System\pvCiFpg.exe
  C:\Windows\System\pvCiFpg.exe
  2⤵
  PID:5372
- C:\Windows\System\GLkkRct.exe
  C:\Windows\System\GLkkRct.exe
  2⤵
  PID:1676
- C:\Windows\System\YcFaXBs.exe
  C:\Windows\System\YcFaXBs.exe
  2⤵
  PID:5540
- C:\Windows\System\ncDEHqg.exe
  C:\Windows\System\ncDEHqg.exe
  2⤵
  PID:5232
- C:\Windows\System\NdCzqev.exe
  C:\Windows\System\NdCzqev.exe
  2⤵
  PID:5220
- C:\Windows\System\AFMuBvZ.exe
  C:\Windows\System\AFMuBvZ.exe
  2⤵
  PID:5996
- C:\Windows\System\GClYWxQ.exe
  C:\Windows\System\GClYWxQ.exe
  2⤵
  PID:5736
- C:\Windows\System\aKPVncx.exe
  C:\Windows\System\aKPVncx.exe
  2⤵
  PID:6000
- C:\Windows\System\radGzdI.exe
  C:\Windows\System\radGzdI.exe
  2⤵
  PID:5668
- C:\Windows\System\feFBEXy.exe
  C:\Windows\System\feFBEXy.exe
  2⤵
  PID:6080
- C:\Windows\System\CzFHQOO.exe
  C:\Windows\System\CzFHQOO.exe
  2⤵
  PID:5944
- C:\Windows\System\vuQGEuw.exe
  C:\Windows\System\vuQGEuw.exe
  2⤵
  PID:4708
- C:\Windows\System\hFJPKnR.exe
  C:\Windows\System\hFJPKnR.exe
  2⤵
  PID:5276
- C:\Windows\System\SeTVLMT.exe
  C:\Windows\System\SeTVLMT.exe
  2⤵
  PID:1668
- C:\Windows\System\AomzaXj.exe
  C:\Windows\System\AomzaXj.exe
  2⤵
  PID:5620
- C:\Windows\System\vsfRznr.exe
  C:\Windows\System\vsfRznr.exe
  2⤵
  PID:2580
- C:\Windows\System\CuDPCFm.exe
  C:\Windows\System\CuDPCFm.exe
  2⤵
  PID:6140
- C:\Windows\System\aXOzulg.exe
  C:\Windows\System\aXOzulg.exe
  2⤵
  PID:5636
- C:\Windows\System\QEIFQYQ.exe
  C:\Windows\System\QEIFQYQ.exe
  2⤵
  PID:6148
- C:\Windows\System\DWBiFDY.exe
  C:\Windows\System\DWBiFDY.exe
  2⤵
  PID:6164
- C:\Windows\System\jmIcKBd.exe
  C:\Windows\System\jmIcKBd.exe
  2⤵
  PID:6180
- C:\Windows\System\OxmwUuj.exe
  C:\Windows\System\OxmwUuj.exe
  2⤵
  PID:6196
- C:\Windows\System\gbLKVEt.exe
  C:\Windows\System\gbLKVEt.exe
  2⤵
  PID:6212
- C:\Windows\System\yyGZJtA.exe
  C:\Windows\System\yyGZJtA.exe
  2⤵
  PID:6228
- C:\Windows\System\xdptWIV.exe
  C:\Windows\System\xdptWIV.exe
  2⤵
  PID:6244
- C:\Windows\System\lSSejPX.exe
  C:\Windows\System\lSSejPX.exe
  2⤵
  PID:6260
- C:\Windows\System\dcIinnE.exe
  C:\Windows\System\dcIinnE.exe
  2⤵
  PID:6276
- C:\Windows\System\kjSxRfQ.exe
  C:\Windows\System\kjSxRfQ.exe
  2⤵
  PID:6292
- C:\Windows\System\cJFSmmz.exe
  C:\Windows\System\cJFSmmz.exe
  2⤵
  PID:6308
- C:\Windows\System\GdPWIKZ.exe
  C:\Windows\System\GdPWIKZ.exe
  2⤵
  PID:6324
- C:\Windows\System\DfAfaXI.exe
  C:\Windows\System\DfAfaXI.exe
  2⤵
  PID:6340
- C:\Windows\System\TwwhkuR.exe
  C:\Windows\System\TwwhkuR.exe
  2⤵
  PID:6356
- C:\Windows\System\cQzdtFw.exe
  C:\Windows\System\cQzdtFw.exe
  2⤵
  PID:6372
- C:\Windows\System\Lwtwwwz.exe
  C:\Windows\System\Lwtwwwz.exe
  2⤵
  PID:6388
- C:\Windows\System\LvBQtef.exe
  C:\Windows\System\LvBQtef.exe
  2⤵
  PID:6404
- C:\Windows\System\wWpWOCk.exe
  C:\Windows\System\wWpWOCk.exe
  2⤵
  PID:6420
- C:\Windows\System\oSPvcdw.exe
  C:\Windows\System\oSPvcdw.exe
  2⤵
  PID:6436
- C:\Windows\System\wZeXSuB.exe
  C:\Windows\System\wZeXSuB.exe
  2⤵
  PID:6452
- C:\Windows\System\jjFWEKj.exe
  C:\Windows\System\jjFWEKj.exe
  2⤵
  PID:6468
- C:\Windows\System\ZuofPIW.exe
  C:\Windows\System\ZuofPIW.exe
  2⤵
  PID:6484
- C:\Windows\System\WkUADvB.exe
  C:\Windows\System\WkUADvB.exe
  2⤵
  PID:6500
- C:\Windows\System\RRZLdKo.exe
  C:\Windows\System\RRZLdKo.exe
  2⤵
  PID:6516
- C:\Windows\System\bJYQPNk.exe
  C:\Windows\System\bJYQPNk.exe
  2⤵
  PID:6532
- C:\Windows\System\tLMviYL.exe
  C:\Windows\System\tLMviYL.exe
  2⤵
  PID:6548
- C:\Windows\System\kHrVrzG.exe
  C:\Windows\System\kHrVrzG.exe
  2⤵
  PID:6564
- C:\Windows\System\TbdEVmQ.exe
  C:\Windows\System\TbdEVmQ.exe
  2⤵
  PID:6580
- C:\Windows\System\wszfnWR.exe
  C:\Windows\System\wszfnWR.exe
  2⤵
  PID:6596
- C:\Windows\System\UYGNSne.exe
  C:\Windows\System\UYGNSne.exe
  2⤵
  PID:6612
- C:\Windows\System\WZgaOXC.exe
  C:\Windows\System\WZgaOXC.exe
  2⤵
  PID:6628
- C:\Windows\System\uqOCdUY.exe
  C:\Windows\System\uqOCdUY.exe
  2⤵
  PID:6644
- C:\Windows\System\sSahRbJ.exe
  C:\Windows\System\sSahRbJ.exe
  2⤵
  PID:6660
- C:\Windows\System\AWajClO.exe
  C:\Windows\System\AWajClO.exe
  2⤵
  PID:6676
- C:\Windows\System\tEwhwQQ.exe
  C:\Windows\System\tEwhwQQ.exe
  2⤵
  PID:6692
- C:\Windows\System\YTYJooz.exe
  C:\Windows\System\YTYJooz.exe
  2⤵
  PID:6708
- C:\Windows\System\hPVVZov.exe
  C:\Windows\System\hPVVZov.exe
  2⤵
  PID:6724
- C:\Windows\System\SWIILNS.exe
  C:\Windows\System\SWIILNS.exe
  2⤵
  PID:6740
- C:\Windows\System\Hdbgwar.exe
  C:\Windows\System\Hdbgwar.exe
  2⤵
  PID:6756
- C:\Windows\System\wogDUVJ.exe
  C:\Windows\System\wogDUVJ.exe
  2⤵
  PID:6772
- C:\Windows\System\FDDTrHJ.exe
  C:\Windows\System\FDDTrHJ.exe
  2⤵
  PID:6788
- C:\Windows\System\MVedSWi.exe
  C:\Windows\System\MVedSWi.exe
  2⤵
  PID:6804
- C:\Windows\System\aOiuvtX.exe
  C:\Windows\System\aOiuvtX.exe
  2⤵
  PID:6820
- C:\Windows\System\OfVsSVq.exe
  C:\Windows\System\OfVsSVq.exe
  2⤵
  PID:6836
- C:\Windows\System\OMbREzr.exe
  C:\Windows\System\OMbREzr.exe
  2⤵
  PID:6852
- C:\Windows\System\AfTjdtE.exe
  C:\Windows\System\AfTjdtE.exe
  2⤵
  PID:6868
- C:\Windows\System\UgRSxbI.exe
  C:\Windows\System\UgRSxbI.exe
  2⤵
  PID:6884
- C:\Windows\System\MfRfMfb.exe
  C:\Windows\System\MfRfMfb.exe
  2⤵
  PID:6900
- C:\Windows\System\oiMgFTQ.exe
  C:\Windows\System\oiMgFTQ.exe
  2⤵
  PID:6916
- C:\Windows\System\haQCtxr.exe
  C:\Windows\System\haQCtxr.exe
  2⤵
  PID:6932
- C:\Windows\System\pBPNrRB.exe
  C:\Windows\System\pBPNrRB.exe
  2⤵
  PID:6948
- C:\Windows\System\RXgOlcp.exe
  C:\Windows\System\RXgOlcp.exe
  2⤵
  PID:6964
- C:\Windows\System\zpopNlp.exe
  C:\Windows\System\zpopNlp.exe
  2⤵
  PID:6980
- C:\Windows\System\WzKhCIc.exe
  C:\Windows\System\WzKhCIc.exe
  2⤵
  PID:6996
- C:\Windows\System\KFhwkih.exe
  C:\Windows\System\KFhwkih.exe
  2⤵
  PID:7012
- C:\Windows\System\nhiwuFc.exe
  C:\Windows\System\nhiwuFc.exe
  2⤵
  PID:7028
- C:\Windows\System\WARduub.exe
  C:\Windows\System\WARduub.exe
  2⤵
  PID:7044
- C:\Windows\System\vuUllAg.exe
  C:\Windows\System\vuUllAg.exe
  2⤵
  PID:7060
- C:\Windows\System\pUEFNKh.exe
  C:\Windows\System\pUEFNKh.exe
  2⤵
  PID:5716
- C:\Windows\System\imQKQrm.exe
  C:\Windows\System\imQKQrm.exe
  2⤵
  PID:6188
- C:\Windows\System\ypKCqiQ.exe
  C:\Windows\System\ypKCqiQ.exe
  2⤵
  PID:5192
- C:\Windows\System\dIBvUkJ.exe
  C:\Windows\System\dIBvUkJ.exe
  2⤵
  PID:5792
- C:\Windows\System\FWoOKPI.exe
  C:\Windows\System\FWoOKPI.exe
  2⤵
  PID:6224
- C:\Windows\System\QDMBUcN.exe
  C:\Windows\System\QDMBUcN.exe
  2⤵
  PID:6352
- C:\Windows\System\uoFVGHp.exe
  C:\Windows\System\uoFVGHp.exe
  2⤵
  PID:6400
- C:\Windows\System\cKWwRHV.exe
  C:\Windows\System\cKWwRHV.exe
  2⤵
  PID:6332
- C:\Windows\System\eJsEcMa.exe
  C:\Windows\System\eJsEcMa.exe
  2⤵
  PID:6368
- C:\Windows\System\FCdSYrw.exe
  C:\Windows\System\FCdSYrw.exe
  2⤵
  PID:7004
- C:\Windows\System\MqluhQw.exe
  C:\Windows\System\MqluhQw.exe
  2⤵
  PID:6876
- C:\Windows\System\WiiYnxW.exe
  C:\Windows\System\WiiYnxW.exe
  2⤵
  PID:6272
- C:\Windows\System\mMwnBin.exe
  C:\Windows\System\mMwnBin.exe
  2⤵
  PID:1492
- C:\Windows\System\SJoNpWI.exe
  C:\Windows\System\SJoNpWI.exe
  2⤵
  PID:2472
- C:\Windows\System\JxqwpAR.exe
  C:\Windows\System\JxqwpAR.exe
  2⤵
  PID:6748
- C:\Windows\System\RPEYXlF.exe
  C:\Windows\System\RPEYXlF.exe
  2⤵
  PID:6780
- C:\Windows\System\EosjTxO.exe
  C:\Windows\System\EosjTxO.exe
  2⤵
  PID:6624
- C:\Windows\System\VGuyWtq.exe
  C:\Windows\System\VGuyWtq.exe
  2⤵
  PID:6656
- C:\Windows\System\KLmNCaS.exe
  C:\Windows\System\KLmNCaS.exe
  2⤵
  PID:6592
- C:\Windows\System\cLBNvyZ.exe
  C:\Windows\System\cLBNvyZ.exe
  2⤵
  PID:6716
- C:\Windows\System\flsQfpo.exe
  C:\Windows\System\flsQfpo.exe
  2⤵
  PID:6736
- C:\Windows\System\fNwHPqJ.exe
  C:\Windows\System\fNwHPqJ.exe
  2⤵
  PID:6828
- C:\Windows\System\hzmXmPr.exe
  C:\Windows\System\hzmXmPr.exe
  2⤵
  PID:876
- C:\Windows\System\KRwrLju.exe
  C:\Windows\System\KRwrLju.exe
  2⤵
  PID:6960
- C:\Windows\System\PWcHapo.exe
  C:\Windows\System\PWcHapo.exe
  2⤵
  PID:6752
- C:\Windows\System\OYYaoZZ.exe
  C:\Windows\System\OYYaoZZ.exe
  2⤵
  PID:7040
- C:\Windows\System\LNMMzpR.exe
  C:\Windows\System\LNMMzpR.exe
  2⤵
  PID:7152
- C:\Windows\System\YYVQxHZ.exe
  C:\Windows\System\YYVQxHZ.exe
  2⤵
  PID:2112
- C:\Windows\System\IFsfFoC.exe
  C:\Windows\System\IFsfFoC.exe
  2⤵
  PID:6220
- C:\Windows\System\xbPAdMb.exe
  C:\Windows\System\xbPAdMb.exe
  2⤵
  PID:1984
- C:\Windows\System\LAZsqCy.exe
  C:\Windows\System\LAZsqCy.exe
  2⤵
  PID:6288
- C:\Windows\System\DSPAvtA.exe
  C:\Windows\System\DSPAvtA.exe
  2⤵
  PID:6384
- C:\Windows\System\JAEcgIi.exe
  C:\Windows\System\JAEcgIi.exe
  2⤵
  PID:6448
- C:\Windows\System\btkCWss.exe
  C:\Windows\System\btkCWss.exe
  2⤵
  PID:6496
- C:\Windows\System\HOsJiKh.exe
  C:\Windows\System\HOsJiKh.exe
  2⤵
  PID:6544
- C:\Windows\System\SQtJNVC.exe
  C:\Windows\System\SQtJNVC.exe
  2⤵
  PID:6812
- C:\Windows\System\PeLMEUO.exe
  C:\Windows\System\PeLMEUO.exe
  2⤵
  PID:6908
- C:\Windows\System\nkWACCh.exe
  C:\Windows\System\nkWACCh.exe
  2⤵
  PID:6492
- C:\Windows\System\dbNRrVZ.exe
  C:\Windows\System\dbNRrVZ.exe
  2⤵
  PID:2844
- C:\Windows\System\OuhpBzx.exe
  C:\Windows\System\OuhpBzx.exe
  2⤵
  PID:7036
- C:\Windows\System\LWYyHMu.exe
  C:\Windows\System\LWYyHMu.exe
  2⤵
  PID:6992
- C:\Windows\System\EiEvuWG.exe
  C:\Windows\System\EiEvuWG.exe
  2⤵
  PID:6668
- C:\Windows\System\cZSmkou.exe
  C:\Windows\System\cZSmkou.exe
  2⤵
  PID:6704
- C:\Windows\System\JYCvYcT.exe
  C:\Windows\System\JYCvYcT.exe
  2⤵
  PID:6892
- C:\Windows\System\kUBTPkq.exe
  C:\Windows\System\kUBTPkq.exe
  2⤵
  PID:7056
- C:\Windows\System\xfOVDOs.exe
  C:\Windows\System\xfOVDOs.exe
  2⤵
  PID:7068
- C:\Windows\System\WjZMyZP.exe
  C:\Windows\System\WjZMyZP.exe
  2⤵
  PID:7052
- C:\Windows\System\sRsCxIM.exe
  C:\Windows\System\sRsCxIM.exe
  2⤵
  PID:5760
- C:\Windows\System\cjDITXl.exe
  C:\Windows\System\cjDITXl.exe
  2⤵
  PID:2760
- C:\Windows\System\sqwmcQQ.exe
  C:\Windows\System\sqwmcQQ.exe
  2⤵
  PID:6460
- C:\Windows\System\amSWyvP.exe
  C:\Windows\System\amSWyvP.exe
  2⤵
  PID:6508
- C:\Windows\System\lqCNxSS.exe
  C:\Windows\System\lqCNxSS.exe
  2⤵
  PID:6588
- C:\Windows\System\wqgBdmT.exe
  C:\Windows\System\wqgBdmT.exe
  2⤵
  PID:2624
- C:\Windows\System\yefiqMB.exe
  C:\Windows\System\yefiqMB.exe
  2⤵
  PID:6732
- C:\Windows\System\lfLHZyo.exe
  C:\Windows\System\lfLHZyo.exe
  2⤵
  PID:7008
- C:\Windows\System\oicaPHj.exe
  C:\Windows\System\oicaPHj.exe
  2⤵
  PID:6316
- C:\Windows\System\QEEqGyX.exe
  C:\Windows\System\QEEqGyX.exe
  2⤵
  PID:7176
- C:\Windows\System\grwwSwD.exe
  C:\Windows\System\grwwSwD.exe
  2⤵
  PID:7192
- C:\Windows\System\PmjUDoc.exe
  C:\Windows\System\PmjUDoc.exe
  2⤵
  PID:7260
- C:\Windows\System\jeaysWq.exe
  C:\Windows\System\jeaysWq.exe
  2⤵
  PID:7276
- C:\Windows\System\XtZViHL.exe
  C:\Windows\System\XtZViHL.exe
  2⤵
  PID:7292
- C:\Windows\System\LKMEXEJ.exe
  C:\Windows\System\LKMEXEJ.exe
  2⤵
  PID:7312
- C:\Windows\System\dTCQPkf.exe
  C:\Windows\System\dTCQPkf.exe
  2⤵
  PID:7332
- C:\Windows\System\IgqHXUm.exe
  C:\Windows\System\IgqHXUm.exe
  2⤵
  PID:7348
- C:\Windows\System\pbIcaKI.exe
  C:\Windows\System\pbIcaKI.exe
  2⤵
  PID:7368
- C:\Windows\System\tYvJNxv.exe
  C:\Windows\System\tYvJNxv.exe
  2⤵
  PID:7392
- C:\Windows\System\iEdriYv.exe
  C:\Windows\System\iEdriYv.exe
  2⤵
  PID:7408
- C:\Windows\System\rgxyYeG.exe
  C:\Windows\System\rgxyYeG.exe
  2⤵
  PID:7432
- C:\Windows\System\DLsXPJe.exe
  C:\Windows\System\DLsXPJe.exe
  2⤵
  PID:7452
- C:\Windows\System\ayWEcBd.exe
  C:\Windows\System\ayWEcBd.exe
  2⤵
  PID:7468
- C:\Windows\System\AkvVrFd.exe
  C:\Windows\System\AkvVrFd.exe
  2⤵
  PID:7496
- C:\Windows\System\TjGxFQT.exe
  C:\Windows\System\TjGxFQT.exe
  2⤵
  PID:7516
- C:\Windows\System\xUIYpId.exe
  C:\Windows\System\xUIYpId.exe
  2⤵
  PID:7536
- C:\Windows\System\lKybZTm.exe
  C:\Windows\System\lKybZTm.exe
  2⤵
  PID:7552
- C:\Windows\System\FrWBkIE.exe
  C:\Windows\System\FrWBkIE.exe
  2⤵
  PID:7576
- C:\Windows\System\bmWkSTn.exe
  C:\Windows\System\bmWkSTn.exe
  2⤵
  PID:7592
- C:\Windows\System\lxCwnUb.exe
  C:\Windows\System\lxCwnUb.exe
  2⤵
  PID:7608
- C:\Windows\System\vULZJjF.exe
  C:\Windows\System\vULZJjF.exe
  2⤵
  PID:7624
- C:\Windows\System\uWAPZjx.exe
  C:\Windows\System\uWAPZjx.exe
  2⤵
  PID:7644
- C:\Windows\System\tpeGyjE.exe
  C:\Windows\System\tpeGyjE.exe
  2⤵
  PID:7668
- C:\Windows\System\cSURaKo.exe
  C:\Windows\System\cSURaKo.exe
  2⤵
  PID:7688
- C:\Windows\System\SHNOQkY.exe
  C:\Windows\System\SHNOQkY.exe
  2⤵
  PID:7704
- C:\Windows\System\PCnRizs.exe
  C:\Windows\System\PCnRizs.exe
  2⤵
  PID:7736
- C:\Windows\System\xmcKkAr.exe
  C:\Windows\System\xmcKkAr.exe
  2⤵
  PID:7752
- C:\Windows\System\JEsGNdh.exe
  C:\Windows\System\JEsGNdh.exe
  2⤵
  PID:7768
- C:\Windows\System\YWlbvBy.exe
  C:\Windows\System\YWlbvBy.exe
  2⤵
  PID:7784
- C:\Windows\System\bmUiJwS.exe
  C:\Windows\System\bmUiJwS.exe
  2⤵
  PID:7804
- C:\Windows\System\aKqLfvA.exe
  C:\Windows\System\aKqLfvA.exe
  2⤵
  PID:7824
- C:\Windows\System\jpjjGiD.exe
  C:\Windows\System\jpjjGiD.exe
  2⤵
  PID:7840
- C:\Windows\System\ORRAmfR.exe
  C:\Windows\System\ORRAmfR.exe
  2⤵
  PID:7864
- C:\Windows\System\yFNpBlw.exe
  C:\Windows\System\yFNpBlw.exe
  2⤵
  PID:7884
- C:\Windows\System\yWwZKnX.exe
  C:\Windows\System\yWwZKnX.exe
  2⤵
  PID:7900
- C:\Windows\System\nYPqDFV.exe
  C:\Windows\System\nYPqDFV.exe
  2⤵
  PID:7916
- C:\Windows\System\FRViLRt.exe
  C:\Windows\System\FRViLRt.exe
  2⤵
  PID:7932
- C:\Windows\System\GgWhkYw.exe
  C:\Windows\System\GgWhkYw.exe
  2⤵
  PID:7952
- C:\Windows\System\AzJzBGy.exe
  C:\Windows\System\AzJzBGy.exe
  2⤵
  PID:8000
- C:\Windows\System\HdvDMEA.exe
  C:\Windows\System\HdvDMEA.exe
  2⤵
  PID:8016
- C:\Windows\System\NlXTgSW.exe
  C:\Windows\System\NlXTgSW.exe
  2⤵
  PID:8032
- C:\Windows\System\weFWoGu.exe
  C:\Windows\System\weFWoGu.exe
  2⤵
  PID:8052
- C:\Windows\System\EcxyGQg.exe
  C:\Windows\System\EcxyGQg.exe
  2⤵
  PID:8068
- C:\Windows\System\loNBmzv.exe
  C:\Windows\System\loNBmzv.exe
  2⤵
  PID:8088
- C:\Windows\System\XdjbNKt.exe
  C:\Windows\System\XdjbNKt.exe
  2⤵
  PID:8112
- C:\Windows\System\RpeBmmV.exe
  C:\Windows\System\RpeBmmV.exe
  2⤵
  PID:8132
- C:\Windows\System\eASxHCO.exe
  C:\Windows\System\eASxHCO.exe
  2⤵
  PID:8156
- C:\Windows\System\SlVMlxH.exe
  C:\Windows\System\SlVMlxH.exe
  2⤵
  PID:8172
- C:\Windows\System\NOzzhdf.exe
  C:\Windows\System\NOzzhdf.exe
  2⤵
  PID:6300
- C:\Windows\System\VhLTQkq.exe
  C:\Windows\System\VhLTQkq.exe
  2⤵
  PID:6416
- C:\Windows\System\HipHfxI.exe
  C:\Windows\System\HipHfxI.exe
  2⤵
  PID:6432
- C:\Windows\System\aHPFSde.exe
  C:\Windows\System\aHPFSde.exe
  2⤵
  PID:6944
- C:\Windows\System\yiWPgYO.exe
  C:\Windows\System\yiWPgYO.exe
  2⤵
  PID:6560
- C:\Windows\System\CQQBmBV.exe
  C:\Windows\System\CQQBmBV.exe
  2⤵
  PID:6924
- C:\Windows\System\zRNFHGz.exe
  C:\Windows\System\zRNFHGz.exe
  2⤵
  PID:2800
- C:\Windows\System\STuOpLr.exe
  C:\Windows\System\STuOpLr.exe
  2⤵
  PID:7172
- C:\Windows\System\MmNOyfC.exe
  C:\Windows\System\MmNOyfC.exe
  2⤵
  PID:7220
- C:\Windows\System\tdoFZrZ.exe
  C:\Windows\System\tdoFZrZ.exe
  2⤵
  PID:7200
- C:\Windows\System\uARULYS.exe
  C:\Windows\System\uARULYS.exe
  2⤵
  PID:7240
- C:\Windows\System\SJmKRnK.exe
  C:\Windows\System\SJmKRnK.exe
  2⤵
  PID:7304
- C:\Windows\System\stqyime.exe
  C:\Windows\System\stqyime.exe
  2⤵
  PID:1072
- C:\Windows\System\JYkjTai.exe
  C:\Windows\System\JYkjTai.exe
  2⤵
  PID:7364
- C:\Windows\System\lgsFiZk.exe
  C:\Windows\System\lgsFiZk.exe
  2⤵
  PID:7384
- C:\Windows\System\IgDFXZQ.exe
  C:\Windows\System\IgDFXZQ.exe
  2⤵
  PID:7424
- C:\Windows\System\BZjVmlO.exe
  C:\Windows\System\BZjVmlO.exe
  2⤵
  PID:7404
- C:\Windows\System\kUQaKXL.exe
  C:\Windows\System\kUQaKXL.exe
  2⤵
  PID:7320
- C:\Windows\System\fCnsXZM.exe
  C:\Windows\System\fCnsXZM.exe
  2⤵
  PID:7492
- C:\Windows\System\ZHvZAPa.exe
  C:\Windows\System\ZHvZAPa.exe
  2⤵
  PID:7548
- C:\Windows\System\fILcVmU.exe
  C:\Windows\System\fILcVmU.exe
  2⤵
  PID:7532
- C:\Windows\System\hjRzBDW.exe
  C:\Windows\System\hjRzBDW.exe
  2⤵
  PID:7660
- C:\Windows\System\DjsMBxI.exe
  C:\Windows\System\DjsMBxI.exe
  2⤵
  PID:7640
- C:\Windows\System\VKtLMYT.exe
  C:\Windows\System\VKtLMYT.exe
  2⤵
  PID:7600
- C:\Windows\System\OPBbOrB.exe
  C:\Windows\System\OPBbOrB.exe
  2⤵
  PID:7748
- C:\Windows\System\whTcyNm.exe
  C:\Windows\System\whTcyNm.exe
  2⤵
  PID:7816
- C:\Windows\System\NwOBmWi.exe
  C:\Windows\System\NwOBmWi.exe
  2⤵
  PID:7848
- C:\Windows\System\DGEPPPp.exe
  C:\Windows\System\DGEPPPp.exe
  2⤵
  PID:7896
- C:\Windows\System\YcGnisV.exe
  C:\Windows\System\YcGnisV.exe
  2⤵
  PID:7712
- C:\Windows\System\jjKthYR.exe
  C:\Windows\System\jjKthYR.exe
  2⤵
  PID:7880
- C:\Windows\System\MeJxiIW.exe
  C:\Windows\System\MeJxiIW.exe
  2⤵
  PID:7944
- C:\Windows\System\vCmsESg.exe
  C:\Windows\System\vCmsESg.exe
  2⤵
  PID:7800
- C:\Windows\System\kfjbtTZ.exe
  C:\Windows\System\kfjbtTZ.exe
  2⤵
  PID:7992
- C:\Windows\System\RumHgwt.exe
  C:\Windows\System\RumHgwt.exe
  2⤵
  PID:7972
- C:\Windows\System\PlkFUbD.exe
  C:\Windows\System\PlkFUbD.exe
  2⤵
  PID:8008
- C:\Windows\System\ufrLftz.exe
  C:\Windows\System\ufrLftz.exe
  2⤵
  PID:8104
- C:\Windows\System\gGHlTqk.exe
  C:\Windows\System\gGHlTqk.exe
  2⤵
  PID:8084
- C:\Windows\System\XyMaTbQ.exe
  C:\Windows\System\XyMaTbQ.exe
  2⤵
  PID:8144
- C:\Windows\System\fxaCFEr.exe
  C:\Windows\System\fxaCFEr.exe
  2⤵
  PID:1908
- C:\Windows\System\UJVTUNm.exe
  C:\Windows\System\UJVTUNm.exe
  2⤵
  PID:6880
- C:\Windows\System\VLOnevf.exe
  C:\Windows\System\VLOnevf.exe
  2⤵
  PID:7188
- C:\Windows\System\fCLkKdU.exe
  C:\Windows\System\fCLkKdU.exe
  2⤵
  PID:6604
- C:\Windows\System\yZEozbh.exe
  C:\Windows\System\yZEozbh.exe
  2⤵
  PID:6912
- C:\Windows\System\kZYXkNi.exe
  C:\Windows\System\kZYXkNi.exe
  2⤵
  PID:7216
- C:\Windows\System\cuGPmOO.exe
  C:\Windows\System\cuGPmOO.exe
  2⤵
  PID:6160
- C:\Windows\System\mtUeyYQ.exe
  C:\Windows\System\mtUeyYQ.exe
  2⤵
  PID:7340
- C:\Windows\System\pAXlnff.exe
  C:\Windows\System\pAXlnff.exe
  2⤵
  PID:7376
- C:\Windows\System\zMuUBaZ.exe
  C:\Windows\System\zMuUBaZ.exe
  2⤵
  PID:7460
- C:\Windows\System\hbxgBtm.exe
  C:\Windows\System\hbxgBtm.exe
  2⤵
  PID:7588
- C:\Windows\System\CKzUcrp.exe
  C:\Windows\System\CKzUcrp.exe
  2⤵
  PID:7328
- C:\Windows\System\VvUOMVw.exe
  C:\Windows\System\VvUOMVw.exe
  2⤵
  PID:7480
- C:\Windows\System\hZlyxJo.exe
  C:\Windows\System\hZlyxJo.exe
  2⤵
  PID:7524
- C:\Windows\System\tihJnbe.exe
  C:\Windows\System\tihJnbe.exe
  2⤵
  PID:7632
- C:\Windows\System\mDNbjMx.exe
  C:\Windows\System\mDNbjMx.exe
  2⤵
  PID:7572
- C:\Windows\System\qZWlreZ.exe
  C:\Windows\System\qZWlreZ.exe
  2⤵
  PID:7744
- C:\Windows\System\BhGeOgz.exe
  C:\Windows\System\BhGeOgz.exe
  2⤵
  PID:7940
- C:\Windows\System\BzxuBcM.exe
  C:\Windows\System\BzxuBcM.exe
  2⤵
  PID:7996
- C:\Windows\System\PAwFydc.exe
  C:\Windows\System\PAwFydc.exe
  2⤵
  PID:7760
- C:\Windows\System\mnnDRoC.exe
  C:\Windows\System\mnnDRoC.exe
  2⤵
  PID:7732
- C:\Windows\System\OwWtkPV.exe
  C:\Windows\System\OwWtkPV.exe
  2⤵
  PID:7976
- C:\Windows\System\XVtmawk.exe
  C:\Windows\System\XVtmawk.exe
  2⤵
  PID:8044
- C:\Windows\System\uVcigAg.exe
  C:\Windows\System\uVcigAg.exe
  2⤵
  PID:8040
- C:\Windows\System\UArQynA.exe
  C:\Windows\System\UArQynA.exe
  2⤵
  PID:8128
- C:\Windows\System\RjsvxIH.exe
  C:\Windows\System\RjsvxIH.exe
  2⤵
  PID:7184
- C:\Windows\System\VcpqDPx.exe
  C:\Windows\System\VcpqDPx.exe
  2⤵
  PID:1808
- C:\Windows\System\cnrSAwg.exe
  C:\Windows\System\cnrSAwg.exe
  2⤵
  PID:7212
- C:\Windows\System\CjKIMkE.exe
  C:\Windows\System\CjKIMkE.exe
  2⤵
  PID:7248
- C:\Windows\System\WoYGVSz.exe
  C:\Windows\System\WoYGVSz.exe
  2⤵
  PID:7252
- C:\Windows\System\bsvVzDr.exe
  C:\Windows\System\bsvVzDr.exe
  2⤵
  PID:7344
- C:\Windows\System\DYkHOyh.exe
  C:\Windows\System\DYkHOyh.exe
  2⤵
  PID:7356
- C:\Windows\System\csZSWLo.exe
  C:\Windows\System\csZSWLo.exe
  2⤵
  PID:7504
- C:\Windows\System\wnCBCIY.exe
  C:\Windows\System\wnCBCIY.exe
  2⤵
  PID:7656
- C:\Windows\System\uNuREeG.exe
  C:\Windows\System\uNuREeG.exe
  2⤵
  PID:7360
- C:\Windows\System\VqCzTqL.exe
  C:\Windows\System\VqCzTqL.exe
  2⤵
  PID:7836
- C:\Windows\System\HzKgQEB.exe
  C:\Windows\System\HzKgQEB.exe
  2⤵
  PID:7912
- C:\Windows\System\SbemtVi.exe
  C:\Windows\System\SbemtVi.exe
  2⤵
  PID:8024
- C:\Windows\System\XTqfcKx.exe
  C:\Windows\System\XTqfcKx.exe
  2⤵
  PID:7860
- C:\Windows\System\eVbLjxA.exe
  C:\Windows\System\eVbLjxA.exe
  2⤵
  PID:7488
- C:\Windows\System\heGLcDW.exe
  C:\Windows\System\heGLcDW.exe
  2⤵
  PID:6832
- C:\Windows\System\AeLEPBA.exe
  C:\Windows\System\AeLEPBA.exe
  2⤵
  PID:7224
- C:\Windows\System\xEBtzYu.exe
  C:\Windows\System\xEBtzYu.exe
  2⤵
  PID:8096
- C:\Windows\System\AYpPomM.exe
  C:\Windows\System\AYpPomM.exe
  2⤵
  PID:7244
- C:\Windows\System\gxmGhes.exe
  C:\Windows\System\gxmGhes.exe
  2⤵
  PID:7872
- C:\Windows\System\STIjWrX.exe
  C:\Windows\System\STIjWrX.exe
  2⤵
  PID:8100
- C:\Windows\System\PhDhyBX.exe
  C:\Windows\System\PhDhyBX.exe
  2⤵
  PID:8196
- C:\Windows\System\FaYLObQ.exe
  C:\Windows\System\FaYLObQ.exe
  2⤵
  PID:8216
- C:\Windows\System\dctPHlE.exe
  C:\Windows\System\dctPHlE.exe
  2⤵
  PID:8252
- C:\Windows\System\VcfHJQg.exe
  C:\Windows\System\VcfHJQg.exe
  2⤵
  PID:8276
- C:\Windows\System\VPHYQVU.exe
  C:\Windows\System\VPHYQVU.exe
  2⤵
  PID:8304
- C:\Windows\System\IPESnzz.exe
  C:\Windows\System\IPESnzz.exe
  2⤵
  PID:8324
- C:\Windows\System\DTktObd.exe
  C:\Windows\System\DTktObd.exe
  2⤵
  PID:8384
- C:\Windows\System\JbeuXwq.exe
  C:\Windows\System\JbeuXwq.exe
  2⤵
  PID:8400
- C:\Windows\System\DXeaKQb.exe
  C:\Windows\System\DXeaKQb.exe
  2⤵
  PID:8416
- C:\Windows\System\ZZrnWBf.exe
  C:\Windows\System\ZZrnWBf.exe
  2⤵
  PID:8432
- C:\Windows\System\XiczOMb.exe
  C:\Windows\System\XiczOMb.exe
  2⤵
  PID:8448
- C:\Windows\System\SYOhVah.exe
  C:\Windows\System\SYOhVah.exe
  2⤵
  PID:8472
- C:\Windows\System\phrhqzB.exe
  C:\Windows\System\phrhqzB.exe
  2⤵
  PID:8488
- C:\Windows\System\rrqbfYH.exe
  C:\Windows\System\rrqbfYH.exe
  2⤵
  PID:8508
- C:\Windows\System\EgHGUkD.exe
  C:\Windows\System\EgHGUkD.exe
  2⤵
  PID:8524
- C:\Windows\System\mvgZuSV.exe
  C:\Windows\System\mvgZuSV.exe
  2⤵
  PID:8564
- C:\Windows\System\JsVmAuz.exe
  C:\Windows\System\JsVmAuz.exe
  2⤵
  PID:8584
- C:\Windows\System\vKRKvFi.exe
  C:\Windows\System\vKRKvFi.exe
  2⤵
  PID:8600
- C:\Windows\System\vuuBktI.exe
  C:\Windows\System\vuuBktI.exe
  2⤵
  PID:8620
- C:\Windows\System\YTcGvZG.exe
  C:\Windows\System\YTcGvZG.exe
  2⤵
  PID:8636
- C:\Windows\System\jQeklWr.exe
  C:\Windows\System\jQeklWr.exe
  2⤵
  PID:8652
- C:\Windows\System\kEONfqx.exe
  C:\Windows\System\kEONfqx.exe
  2⤵
  PID:8672
- C:\Windows\System\jXBxNcm.exe
  C:\Windows\System\jXBxNcm.exe
  2⤵
  PID:8692
- C:\Windows\System\Fbqaqcd.exe
  C:\Windows\System\Fbqaqcd.exe
  2⤵
  PID:8716
- C:\Windows\System\gfhUzJW.exe
  C:\Windows\System\gfhUzJW.exe
  2⤵
  PID:8748
- C:\Windows\System\ssJShRV.exe
  C:\Windows\System\ssJShRV.exe
  2⤵
  PID:8764
- C:\Windows\System\dQraYWw.exe
  C:\Windows\System\dQraYWw.exe
  2⤵
  PID:8784
- C:\Windows\System\HzaJhfz.exe
  C:\Windows\System\HzaJhfz.exe
  2⤵
  PID:8804
- C:\Windows\System\lbVPHvJ.exe
  C:\Windows\System\lbVPHvJ.exe
  2⤵
  PID:8820
- C:\Windows\System\tpDmLeq.exe
  C:\Windows\System\tpDmLeq.exe
  2⤵
  PID:8836
- C:\Windows\System\scFNhdY.exe
  C:\Windows\System\scFNhdY.exe
  2⤵
  PID:8860
- C:\Windows\System\FECikVl.exe
  C:\Windows\System\FECikVl.exe
  2⤵
  PID:8876
- C:\Windows\System\ZbGwNjD.exe
  C:\Windows\System\ZbGwNjD.exe
  2⤵
  PID:8912
- C:\Windows\System\iSxBBZF.exe
  C:\Windows\System\iSxBBZF.exe
  2⤵
  PID:8928
- C:\Windows\System\vpHSlCV.exe
  C:\Windows\System\vpHSlCV.exe
  2⤵
  PID:8944
- C:\Windows\System\QljiyDs.exe
  C:\Windows\System\QljiyDs.exe
  2⤵
  PID:8960
- C:\Windows\System\XLapONz.exe
  C:\Windows\System\XLapONz.exe
  2⤵
  PID:8976
- C:\Windows\System\AHfDtpv.exe
  C:\Windows\System\AHfDtpv.exe
  2⤵
  PID:8992
- C:\Windows\System\waNBqeP.exe
  C:\Windows\System\waNBqeP.exe
  2⤵
  PID:9008
- C:\Windows\System\Viqvrao.exe
  C:\Windows\System\Viqvrao.exe
  2⤵
  PID:9040
- C:\Windows\System\sBUOuve.exe
  C:\Windows\System\sBUOuve.exe
  2⤵
  PID:9068
- C:\Windows\System\eafAXjK.exe
  C:\Windows\System\eafAXjK.exe
  2⤵
  PID:9084
- C:\Windows\System\spfSMhL.exe
  C:\Windows\System\spfSMhL.exe
  2⤵
  PID:9100
- C:\Windows\System\EAoHbIe.exe
  C:\Windows\System\EAoHbIe.exe
  2⤵
  PID:9116
- C:\Windows\System\rvvAygz.exe
  C:\Windows\System\rvvAygz.exe
  2⤵
  PID:9136
- C:\Windows\System\JqKvrDD.exe
  C:\Windows\System\JqKvrDD.exe
  2⤵
  PID:9160
- C:\Windows\System\RsHGjkf.exe
  C:\Windows\System\RsHGjkf.exe
  2⤵
  PID:9176
- C:\Windows\System\lLbNcrd.exe
  C:\Windows\System\lLbNcrd.exe
  2⤵
  PID:9192
- C:\Windows\System\YiNJdYH.exe
  C:\Windows\System\YiNJdYH.exe
  2⤵
  PID:7684
- C:\Windows\System\cQCNfJt.exe
  C:\Windows\System\cQCNfJt.exe
  2⤵
  PID:8224
- C:\Windows\System\voceBPp.exe
  C:\Windows\System\voceBPp.exe
  2⤵
  PID:7448
- C:\Windows\System\GzjUEvw.exe
  C:\Windows\System\GzjUEvw.exe
  2⤵
  PID:7444
- C:\Windows\System\PAuTvUT.exe
  C:\Windows\System\PAuTvUT.exe
  2⤵
  PID:7284
- C:\Windows\System\YNaYSRb.exe
  C:\Windows\System\YNaYSRb.exe
  2⤵
  PID:6192
- C:\Windows\System\YdXEjKo.exe
  C:\Windows\System\YdXEjKo.exe
  2⤵
  PID:7700
- C:\Windows\System\dFuxWiI.exe
  C:\Windows\System\dFuxWiI.exe
  2⤵
  PID:7652
- C:\Windows\System\BpUYAgA.exe
  C:\Windows\System\BpUYAgA.exe
  2⤵
  PID:7232
- C:\Windows\System\WBCMNht.exe
  C:\Windows\System\WBCMNht.exe
  2⤵
  PID:8260
- C:\Windows\System\GHITDJF.exe
  C:\Windows\System\GHITDJF.exe
  2⤵
  PID:8296
- C:\Windows\System\sRYDMLT.exe
  C:\Windows\System\sRYDMLT.exe
  2⤵
  PID:8332
- C:\Windows\System\elOTbsL.exe
  C:\Windows\System\elOTbsL.exe
  2⤵
  PID:8392
- C:\Windows\System\RSEaDgu.exe
  C:\Windows\System\RSEaDgu.exe
  2⤵
  PID:8504
- C:\Windows\System\ZvGIMFk.exe
  C:\Windows\System\ZvGIMFk.exe
  2⤵
  PID:8464
- C:\Windows\System\FEpAxHg.exe
  C:\Windows\System\FEpAxHg.exe
  2⤵
  PID:8544
- C:\Windows\System\jSQHdNF.exe
  C:\Windows\System\jSQHdNF.exe
  2⤵
  PID:8556
- C:\Windows\System\BMRoQKi.exe
  C:\Windows\System\BMRoQKi.exe
  2⤵
  PID:8608
- C:\Windows\System\snxhVQU.exe
  C:\Windows\System\snxhVQU.exe
  2⤵
  PID:8596
- C:\Windows\System\FRakQJN.exe
  C:\Windows\System\FRakQJN.exe
  2⤵
  PID:8592
- C:\Windows\System\SmkkxKo.exe
  C:\Windows\System\SmkkxKo.exe
  2⤵
  PID:8660
- C:\Windows\System\GvRgzrd.exe
  C:\Windows\System\GvRgzrd.exe
  2⤵
  PID:8712
- C:\Windows\System\hGrxIqj.exe
  C:\Windows\System\hGrxIqj.exe
  2⤵
  PID:8744
- C:\Windows\System\xdsXwFw.exe
  C:\Windows\System\xdsXwFw.exe
  2⤵
  PID:8760
- C:\Windows\System\VBsjFSV.exe
  C:\Windows\System\VBsjFSV.exe
  2⤵
  PID:8812
- C:\Windows\System\MkcRJfl.exe
  C:\Windows\System\MkcRJfl.exe
  2⤵
  PID:8832
- C:\Windows\System\EkxwnfU.exe
  C:\Windows\System\EkxwnfU.exe
  2⤵
  PID:8868
- C:\Windows\System\NFKPgDS.exe
  C:\Windows\System\NFKPgDS.exe
  2⤵
  PID:8892
- C:\Windows\System\QldabKj.exe
  C:\Windows\System\QldabKj.exe
  2⤵
  PID:8936
- C:\Windows\System\ghoyfnu.exe
  C:\Windows\System\ghoyfnu.exe
  2⤵
  PID:9048
- C:\Windows\System\pCjIXLZ.exe
  C:\Windows\System\pCjIXLZ.exe
  2⤵
  PID:9096
- C:\Windows\System\nNvZVPn.exe
  C:\Windows\System\nNvZVPn.exe
  2⤵
  PID:9016
- C:\Windows\System\mOwsKMh.exe
  C:\Windows\System\mOwsKMh.exe
  2⤵
  PID:9204
- C:\Windows\System\chbzNJX.exe
  C:\Windows\System\chbzNJX.exe
  2⤵
  PID:8184
- C:\Windows\System\xBMOLmK.exe
  C:\Windows\System\xBMOLmK.exe
  2⤵
  PID:7564
- C:\Windows\System\hEIOleR.exe
  C:\Windows\System\hEIOleR.exe
  2⤵
  PID:8124
- C:\Windows\System\LqeDLgE.exe
  C:\Windows\System\LqeDLgE.exe
  2⤵
  PID:9152
- C:\Windows\System\orsBXTz.exe
  C:\Windows\System\orsBXTz.exe
  2⤵
  PID:8288
- C:\Windows\System\YcccNKS.exe
  C:\Windows\System\YcccNKS.exe
  2⤵
  PID:8212
- C:\Windows\System\lCUsZDB.exe
  C:\Windows\System\lCUsZDB.exe
  2⤵
  PID:9184
- C:\Windows\System\FypeuGw.exe
  C:\Windows\System\FypeuGw.exe
  2⤵
  PID:8364
- C:\Windows\System\rCezeQm.exe
  C:\Windows\System\rCezeQm.exe
  2⤵
  PID:8268
- C:\Windows\System\ItaiNSa.exe
  C:\Windows\System\ItaiNSa.exe
  2⤵
  PID:8440
- C:\Windows\System\vlorgtn.exe
  C:\Windows\System\vlorgtn.exe
  2⤵
  PID:8520
- C:\Windows\System\IJEdSIV.exe
  C:\Windows\System\IJEdSIV.exe
  2⤵
  PID:8496
- C:\Windows\System\RVSzFcd.exe
  C:\Windows\System\RVSzFcd.exe
  2⤵
  PID:8372
- C:\Windows\System\LUHQPac.exe
  C:\Windows\System\LUHQPac.exe
  2⤵
  PID:8732
- C:\Windows\System\bUGAidn.exe
  C:\Windows\System\bUGAidn.exe
  2⤵
  PID:8460
- C:\Windows\System\psTYdAy.exe
  C:\Windows\System\psTYdAy.exe
  2⤵
  PID:8648
- C:\Windows\System\yULsVpk.exe
  C:\Windows\System\yULsVpk.exe
  2⤵
  PID:8772
- C:\Windows\System\qSaxTxq.exe
  C:\Windows\System\qSaxTxq.exe
  2⤵
  PID:8852
- C:\Windows\System\mdFToTw.exe
  C:\Windows\System\mdFToTw.exe
  2⤵
  PID:8908
- C:\Windows\System\DQLlUqk.exe
  C:\Windows\System\DQLlUqk.exe
  2⤵
  PID:8924
- C:\Windows\System\jwxgnbM.exe
  C:\Windows\System\jwxgnbM.exe
  2⤵
  PID:9000
- C:\Windows\System\SRVwhSf.exe
  C:\Windows\System\SRVwhSf.exe
  2⤵
  PID:9092
- C:\Windows\System\TdZPWNY.exe
  C:\Windows\System\TdZPWNY.exe
  2⤵
  PID:8428
- C:\Windows\System\AVdPzEj.exe
  C:\Windows\System\AVdPzEj.exe
  2⤵
  PID:8984
- C:\Windows\System\PSXSdkX.exe
  C:\Windows\System\PSXSdkX.exe
  2⤵
  PID:8108
- C:\Windows\System\WMaqDSj.exe
  C:\Windows\System\WMaqDSj.exe
  2⤵
  PID:9036
- C:\Windows\System\TyMHfGN.exe
  C:\Windows\System\TyMHfGN.exe
  2⤵
  PID:9156
- C:\Windows\System\bcroYVb.exe
  C:\Windows\System\bcroYVb.exe
  2⤵
  PID:7968
- C:\Windows\System\EjwzHKi.exe
  C:\Windows\System\EjwzHKi.exe
  2⤵
  PID:8408
- C:\Windows\System\goNMoqh.exe
  C:\Windows\System\goNMoqh.exe
  2⤵
  PID:8480
- C:\Windows\System\aguWgQs.exe
  C:\Windows\System\aguWgQs.exe
  2⤵
  PID:8484
- C:\Windows\System\OHcFIfb.exe
  C:\Windows\System\OHcFIfb.exe
  2⤵
  PID:8576
- C:\Windows\System\JvMoeuY.exe
  C:\Windows\System\JvMoeuY.exe
  2⤵
  PID:8796
- C:\Windows\System\JGyRMMn.exe
  C:\Windows\System\JGyRMMn.exe
  2⤵
  PID:8704
- C:\Windows\System\EbVwhDv.exe
  C:\Windows\System\EbVwhDv.exe
  2⤵
  PID:8952
- C:\Windows\System\qWFLhux.exe
  C:\Windows\System\qWFLhux.exe
  2⤵
  PID:8188
- C:\Windows\System\khKzQkH.exe
  C:\Windows\System\khKzQkH.exe
  2⤵
  PID:8316
- C:\Windows\System\CGmpDdC.exe
  C:\Windows\System\CGmpDdC.exe
  2⤵
  PID:9004
- C:\Windows\System\SSdWzCa.exe
  C:\Windows\System\SSdWzCa.exe
  2⤵
  PID:8724
- C:\Windows\System\EXySmvG.exe
  C:\Windows\System\EXySmvG.exe
  2⤵
  PID:8612
- C:\Windows\System\DZmlhCJ.exe
  C:\Windows\System\DZmlhCJ.exe
  2⤵
  PID:9168
- C:\Windows\System\SVleaKy.exe
  C:\Windows\System\SVleaKy.exe
  2⤵
  PID:7892
- C:\Windows\System\UnCAQGZ.exe
  C:\Windows\System\UnCAQGZ.exe
  2⤵
  PID:8708
- C:\Windows\System\yXmEUrR.exe
  C:\Windows\System\yXmEUrR.exe
  2⤵
  PID:8896
- C:\Windows\System\VNLsqGh.exe
  C:\Windows\System\VNLsqGh.exe
  2⤵
  PID:8232
- C:\Windows\System\OKSfWVb.exe
  C:\Windows\System\OKSfWVb.exe
  2⤵
  PID:9052
- C:\Windows\System\zDJnvSK.exe
  C:\Windows\System\zDJnvSK.exe
  2⤵
  PID:9112
- C:\Windows\System\geTRGrK.exe
  C:\Windows\System\geTRGrK.exe
  2⤵
  PID:9172
- C:\Windows\System\RLPpFmi.exe
  C:\Windows\System\RLPpFmi.exe
  2⤵
  PID:8888
- C:\Windows\System\OTIRvgG.exe
  C:\Windows\System\OTIRvgG.exe
  2⤵
  PID:8312
- C:\Windows\System\yTjpSAZ.exe
  C:\Windows\System\yTjpSAZ.exe
  2⤵
  PID:7236
- C:\Windows\System\NZEFnjV.exe
  C:\Windows\System\NZEFnjV.exe
  2⤵
  PID:8844
- C:\Windows\System\GJILYwc.exe
  C:\Windows\System\GJILYwc.exe
  2⤵
  PID:9024
- C:\Windows\System\oEvyZLh.exe
  C:\Windows\System\oEvyZLh.exe
  2⤵
  PID:8828
- C:\Windows\System\HllrQKP.exe
  C:\Windows\System\HllrQKP.exe
  2⤵
  PID:9080
- C:\Windows\System\QeHUuWt.exe
  C:\Windows\System\QeHUuWt.exe
  2⤵
  PID:9148
- C:\Windows\System\zCHTRrF.exe
  C:\Windows\System\zCHTRrF.exe
  2⤵
  PID:8572
- C:\Windows\System\PECgwmj.exe
  C:\Windows\System\PECgwmj.exe
  2⤵
  PID:9228
- C:\Windows\System\QunGlae.exe
  C:\Windows\System\QunGlae.exe
  2⤵
  PID:9252
- C:\Windows\System\xfjyvtB.exe
  C:\Windows\System\xfjyvtB.exe
  2⤵
  PID:9272
- C:\Windows\System\uIefXhv.exe
  C:\Windows\System\uIefXhv.exe
  2⤵
  PID:9296
- C:\Windows\System\eYsGXAv.exe
  C:\Windows\System\eYsGXAv.exe
  2⤵
  PID:9316
- C:\Windows\System\fkmAcbz.exe
  C:\Windows\System\fkmAcbz.exe
  2⤵
  PID:9332
- C:\Windows\System\DrfiToO.exe
  C:\Windows\System\DrfiToO.exe
  2⤵
  PID:9356
- C:\Windows\System\axGAhqT.exe
  C:\Windows\System\axGAhqT.exe
  2⤵
  PID:9376
- C:\Windows\System\qGODamV.exe
  C:\Windows\System\qGODamV.exe
  2⤵
  PID:9400
- C:\Windows\System\BiUCdWw.exe
  C:\Windows\System\BiUCdWw.exe
  2⤵
  PID:9416
- C:\Windows\System\APEESOP.exe
  C:\Windows\System\APEESOP.exe
  2⤵
  PID:9440
- C:\Windows\System\SJtggbG.exe
  C:\Windows\System\SJtggbG.exe
  2⤵
  PID:9456
- C:\Windows\System\FWrPGfS.exe
  C:\Windows\System\FWrPGfS.exe
  2⤵
  PID:9476
- C:\Windows\System\HgItHxW.exe
  C:\Windows\System\HgItHxW.exe
  2⤵
  PID:9500
- C:\Windows\System\aqigXcC.exe
  C:\Windows\System\aqigXcC.exe
  2⤵
  PID:9520
- C:\Windows\System\ugRZGMN.exe
  C:\Windows\System\ugRZGMN.exe
  2⤵
  PID:9536
- C:\Windows\System\xcJEuZV.exe
  C:\Windows\System\xcJEuZV.exe
  2⤵
  PID:9552
- C:\Windows\System\DXaBxeP.exe
  C:\Windows\System\DXaBxeP.exe
  2⤵
  PID:9572
- C:\Windows\System\hwplNxi.exe
  C:\Windows\System\hwplNxi.exe
  2⤵
  PID:9596
- C:\Windows\System\oPIaUhU.exe
  C:\Windows\System\oPIaUhU.exe
  2⤵
  PID:9616
- C:\Windows\System\WkLnQJS.exe
  C:\Windows\System\WkLnQJS.exe
  2⤵
  PID:9632
- C:\Windows\System\wqlZwoW.exe
  C:\Windows\System\wqlZwoW.exe
  2⤵
  PID:9656
- C:\Windows\System\yQKAbDp.exe
  C:\Windows\System\yQKAbDp.exe
  2⤵
  PID:9676
- C:\Windows\System\CnpEipW.exe
  C:\Windows\System\CnpEipW.exe
  2⤵
  PID:9696
- C:\Windows\System\WlhHdkE.exe
  C:\Windows\System\WlhHdkE.exe
  2⤵
  PID:9716
- C:\Windows\System\QUsIYVD.exe
  C:\Windows\System\QUsIYVD.exe
  2⤵
  PID:9740
- C:\Windows\System\xCGstva.exe
  C:\Windows\System\xCGstva.exe
  2⤵
  PID:9756
- C:\Windows\System\ArOPimd.exe
  C:\Windows\System\ArOPimd.exe
  2⤵
  PID:9772
- C:\Windows\System\JLJwnYG.exe
  C:\Windows\System\JLJwnYG.exe
  2⤵
  PID:9796
- C:\Windows\System\ytsPAbS.exe
  C:\Windows\System\ytsPAbS.exe
  2⤵
  PID:9816
- C:\Windows\System\pASEraU.exe
  C:\Windows\System\pASEraU.exe
  2⤵
  PID:9836
- C:\Windows\System\gmYZNLw.exe
  C:\Windows\System\gmYZNLw.exe
  2⤵
  PID:9864
- C:\Windows\System\jsEFCzs.exe
  C:\Windows\System\jsEFCzs.exe
  2⤵
  PID:9884
- C:\Windows\System\iyistyi.exe
  C:\Windows\System\iyistyi.exe
  2⤵
  PID:9900
- C:\Windows\System\CXXPzaJ.exe
  C:\Windows\System\CXXPzaJ.exe
  2⤵
  PID:9916
- C:\Windows\System\NBhqfFz.exe
  C:\Windows\System\NBhqfFz.exe
  2⤵
  PID:9944
- C:\Windows\System\LUhzjtS.exe
  C:\Windows\System\LUhzjtS.exe
  2⤵
  PID:9964
- C:\Windows\System\USkvbQE.exe
  C:\Windows\System\USkvbQE.exe
  2⤵
  PID:9984
- C:\Windows\System\TApVyzJ.exe
  C:\Windows\System\TApVyzJ.exe
  2⤵
  PID:10000
- C:\Windows\System\GGgMLoe.exe
  C:\Windows\System\GGgMLoe.exe
  2⤵
  PID:10020
- C:\Windows\System\UVAzzwf.exe
  C:\Windows\System\UVAzzwf.exe
  2⤵
  PID:10036
- C:\Windows\System\bqNMMBl.exe
  C:\Windows\System\bqNMMBl.exe
  2⤵
  PID:10060
- C:\Windows\System\CtDCMDI.exe
  C:\Windows\System\CtDCMDI.exe
  2⤵
  PID:10080
- C:\Windows\System\TXNRLat.exe
  C:\Windows\System\TXNRLat.exe
  2⤵
  PID:10096
- C:\Windows\System\rzuzaqv.exe
  C:\Windows\System\rzuzaqv.exe
  2⤵
  PID:10120
- C:\Windows\System\IgcGnbG.exe
  C:\Windows\System\IgcGnbG.exe
  2⤵
  PID:10136
- C:\Windows\System\SAeseoD.exe
  C:\Windows\System\SAeseoD.exe
  2⤵
  PID:10164
- C:\Windows\System\oFobIdw.exe
  C:\Windows\System\oFobIdw.exe
  2⤵
  PID:10180
- C:\Windows\System\wNNAxKL.exe
  C:\Windows\System\wNNAxKL.exe
  2⤵
  PID:10204
- C:\Windows\System\QFdhGHC.exe
  C:\Windows\System\QFdhGHC.exe
  2⤵
  PID:10224
- C:\Windows\System\oThwhuh.exe
  C:\Windows\System\oThwhuh.exe
  2⤵
  PID:9224
- C:\Windows\System\rWhEBnV.exe
  C:\Windows\System\rWhEBnV.exe
  2⤵
  PID:9244
- C:\Windows\System\vPkPSzB.exe
  C:\Windows\System\vPkPSzB.exe
  2⤵
  PID:9288
- C:\Windows\System\CgEdSpq.exe
  C:\Windows\System\CgEdSpq.exe
  2⤵
  PID:9308
- C:\Windows\System\cGyLCvr.exe
  C:\Windows\System\cGyLCvr.exe
  2⤵
  PID:9344
- C:\Windows\System\tYpnkXa.exe
  C:\Windows\System\tYpnkXa.exe
  2⤵
  PID:9368
- C:\Windows\System\KcWQFqV.exe
  C:\Windows\System\KcWQFqV.exe
  2⤵
  PID:9408
- C:\Windows\System\yIEehJQ.exe
  C:\Windows\System\yIEehJQ.exe
  2⤵
  PID:9448
- C:\Windows\System\rLaOoDz.exe
  C:\Windows\System\rLaOoDz.exe
  2⤵
  PID:9488
- C:\Windows\System\VYzupsg.exe
  C:\Windows\System\VYzupsg.exe
  2⤵
  PID:9512
- C:\Windows\System\iqMkrVi.exe
  C:\Windows\System\iqMkrVi.exe
  2⤵
  PID:9532
- C:\Windows\System\PuRChqn.exe
  C:\Windows\System\PuRChqn.exe
  2⤵
  PID:9588
- C:\Windows\System\TDDxoXt.exe
  C:\Windows\System\TDDxoXt.exe
  2⤵
  PID:9624
- C:\Windows\System\OfXKkUt.exe
  C:\Windows\System\OfXKkUt.exe
  2⤵
  PID:9652
- C:\Windows\System\tROalRG.exe
  C:\Windows\System\tROalRG.exe
  2⤵
  PID:9688
- C:\Windows\System\wDGRMmd.exe
  C:\Windows\System\wDGRMmd.exe
  2⤵
  PID:9724
- C:\Windows\System\hbdgAct.exe
  C:\Windows\System\hbdgAct.exe
  2⤵
  PID:9748
- C:\Windows\System\eFqcbsE.exe
  C:\Windows\System\eFqcbsE.exe
  2⤵
  PID:9792
- C:\Windows\System\oOWZhOo.exe
  C:\Windows\System\oOWZhOo.exe
  2⤵
  PID:9812
- C:\Windows\System\ZFXOQHE.exe
  C:\Windows\System\ZFXOQHE.exe
  2⤵
  PID:9844
- C:\Windows\System\hEIJmhu.exe
  C:\Windows\System\hEIJmhu.exe
  2⤵
  PID:9876
- C:\Windows\System\vXOmAZz.exe
  C:\Windows\System\vXOmAZz.exe
  2⤵
  PID:9896
- C:\Windows\System\YYDRBip.exe
  C:\Windows\System\YYDRBip.exe
  2⤵
  PID:9936
- C:\Windows\System\CPanCnq.exe
  C:\Windows\System\CPanCnq.exe
  2⤵
  PID:9980
- C:\Windows\System\oxyZMHW.exe
  C:\Windows\System\oxyZMHW.exe
  2⤵
  PID:10008
- C:\Windows\System\CXCdRnf.exe
  C:\Windows\System\CXCdRnf.exe
  2⤵
  PID:10056
- C:\Windows\System\jfwLaYA.exe
  C:\Windows\System\jfwLaYA.exe
  2⤵
  PID:10068
- C:\Windows\System\TrAISnR.exe
  C:\Windows\System\TrAISnR.exe
  2⤵
  PID:10092
- C:\Windows\System\GxtyGTC.exe
  C:\Windows\System\GxtyGTC.exe
  2⤵
  PID:10148
- C:\Windows\System\dZtjbCI.exe
  C:\Windows\System\dZtjbCI.exe
  2⤵
  PID:10172
- C:\Windows\System\wJaZfjV.exe
  C:\Windows\System\wJaZfjV.exe
  2⤵
  PID:10200
- C:\Windows\System\vZyJoDq.exe
  C:\Windows\System\vZyJoDq.exe
  2⤵
  PID:10216
- C:\Windows\System\zZCQAFX.exe
  C:\Windows\System\zZCQAFX.exe
  2⤵
  PID:9220
- C:\Windows\System\lTGILTZ.exe
  C:\Windows\System\lTGILTZ.exe
  2⤵
  PID:9264
- C:\Windows\System\OYDXnyE.exe
  C:\Windows\System\OYDXnyE.exe
  2⤵
  PID:9324
- C:\Windows\System\alEAfvq.exe
  C:\Windows\System\alEAfvq.exe
  2⤵
  PID:9432
- C:\Windows\System\GcDpnnT.exe
  C:\Windows\System\GcDpnnT.exe
  2⤵
  PID:9472
- C:\Windows\System\mIsEGoD.exe
  C:\Windows\System\mIsEGoD.exe
  2⤵
  PID:9528
- C:\Windows\System\RxHfHLQ.exe
  C:\Windows\System\RxHfHLQ.exe
  2⤵
  PID:9608
- C:\Windows\System\LnQubwe.exe
  C:\Windows\System\LnQubwe.exe
  2⤵
  PID:9644
- C:\Windows\System\WbNyLTR.exe
  C:\Windows\System\WbNyLTR.exe
  2⤵
  PID:9672
- C:\Windows\System\EPCdZPw.exe
  C:\Windows\System\EPCdZPw.exe
  2⤵
  PID:9736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ACLvufB.exe

Filesize
6.0MB

MD5
179bfe85342f8d2685a9bc2f8a7d5c97

SHA1
4397a1affc38da41888bd1b76b430dbbce782cdb

SHA256
19d6ac6f9ce19e742f33c696011cf19b3188ed94059e58a2ea71ecbb6e0b4504

SHA512
3bb2c007a9d6551c9596c0908ccfd874fcd64a7e84db77a5c6939b529cc25d67cdd9d2fc241a4dd69be1531dd12b7b36f194909ebbc378a92bbedc3b5196fa94

Download Submit
C:\Windows\system\DGhliEa.exe

Filesize
6.0MB

MD5
3a71f0619fd1e3f1bdf3bf19e2969fad

SHA1
a8dac4f042b8d315aa533c59b2a8916b8407e477

SHA256
f5275fc069acd01e86360414ce6894bc186d7506f7e50482dc4ca132953189d2

SHA512
ac1ed2dac596aa798d04b7e0fd0c2be519d35bc688496f05b0f67242ffea6d81bcf2e7ea99ef2d494396c7db9988a399fe83f7b62f7715709f60b362a6f2884b

Download Submit
C:\Windows\system\GYvBxqt.exe

Filesize
6.0MB

MD5
20f5d91c295b06963479db6945466371

SHA1
6d49efbd828546bdf702762f503e22676e6eaa4e

SHA256
55fa0c3e8e826a8799bb5ae6f45edcbd0c55c353a7804b7b8220c1d0d21e043c

SHA512
db6c83e296debd757c2f5039376c27cf4f480213a31b31503bca0aefd9ef41166a859b12c41b655d65c9c48dd1c29e59a35b5b125373dbbe45c5f5da9559a6f3

Download Submit
C:\Windows\system\HWQLNwD.exe

Filesize
6.0MB

MD5
2d64383cdf746877c8fe93dd5a0a9e1a

SHA1
bc84a98adf254fbb260533a74d0c4af3ff2282ab

SHA256
2cb4fb0b84788e11b33532e09d63b7a6ad4196a5adbd90c653c86056350df1b0

SHA512
1d38b4cf340c5b5cfa650e83db0a5b2f7e17a74373ed6edb1ca5ddeb7f9713759aed1d1b8850e58c10257cf21721f7001844ebf40f0ef7b347dae7648c74511e

Download Submit
C:\Windows\system\IenWOEz.exe

Filesize
6.0MB

MD5
558aa2101bbc6ea09f3c2dfc86a944a3

SHA1
accd7b4f3d7a1b8b76370cdf78c4118d0d0b2e0c

SHA256
bca9ae59651d060cdf9e6e003ea5836e22ad0f4e69542bc402dffd924d386dc8

SHA512
051a9d855b98cd15db7d54c421e086f7ce5db6e1f0335bc4b72917d9355207af0136b1c9dfbc727965a606e50a6ff41d15131d9d59fa4d5c4ae5458b0dc91db3

Download Submit
C:\Windows\system\SDzRCWi.exe

Filesize
6.0MB

MD5
3b463ea82164e753d522c58feec481c5

SHA1
2f35e91db35ee7e805f160ff62f72dacd3c12043

SHA256
455104ece0e9671a023a76e04a0808951c95605852bf4a64b2c3317229544208

SHA512
c7cb4d7e1f8ffea96c9d22728a651541b3d8199f4420340f9428eb48b96a59266d85e1218dbb6a07eb50513dff5e0992f1a31f5c529bd42e5bf9f58a2e0da863

Download Submit
C:\Windows\system\TJuQPtU.exe

Filesize
6.0MB

MD5
eff950d5828e44c4eec37d3f8544142d

SHA1
674bbc76e0d18547b779b356ad8d42f7c6ecd264

SHA256
2e11cec757f5e7254eacc8d6fc73eee8bd77e341c97ae39c9bcd3207916df707

SHA512
24ca084b74ed738770858362be077b3b065d5fc1599b6c0e914411999c4f040fabfee5b6df0c73b35004444e0593465084ff4ad013a0c0678346c3b4fc1c5df4

Download Submit
C:\Windows\system\UNjhxET.exe

Filesize
6.0MB

MD5
743b0a9a331f7bc1ab7e99ba534f16f4

SHA1
48bdc85eef5c188368bbbb56aff5cb50e8aba89a

SHA256
e1c05989cacc4d144be7a5ab9485ead5a62f3e1b85ed0d15a46e0e6d862db357

SHA512
3714ab88900fd6e10633aa47403aaef7a3a6a5d4fed832e8db87b09cf3d250a65a5d7ae9e8020f4e98777bc0618f2f3855098ec43bed29e83d70d69e7d593bd7

Download Submit
C:\Windows\system\WhLCpxt.exe

Filesize
6.0MB

MD5
050b62b9b726c161439b2d0dceb959a7

SHA1
45829a46c5d32c4435a27719d7ff0ae641148412

SHA256
4aa58043d48aa3ca50edffd4441f05289a1d150b7a53ceef9fd96b181139ca36

SHA512
3722a831864dcbbd46ed0591f055498e3f92f95ba850ad8f120d0c01da4d018f3af44b01e9b20ea3b527600c7760d12b3e5b04d36bc1ce51170942b3de67d26b

Download Submit
C:\Windows\system\XqRzhVu.exe

Filesize
6.0MB

MD5
e1e9f33ae9411f2613bc29b9a95ef9c6

SHA1
59cc911b797326f258aa430b1be2f1f07e2f3e33

SHA256
afc7a9c1a85296ca4a57df3682abed0a4b539d73ccebb1af356709dc6cedc306

SHA512
bd8e754d34c770b0867d7a31bbd51ddc38b9e2e7a98989d5a63bdbcc03e7f5396251ca87755229c02f8202fc57bafa3095627d560892ff54b69c294f0395979b

Download Submit
C:\Windows\system\ZtTplBb.exe

Filesize
6.0MB

MD5
18b7a02193f60666a13b0693fd92d0d8

SHA1
6a34a67b87da5fbfa118446177185a533ccbc8b3

SHA256
691f9fd7a0e2fe2baf693e1f225934f3afa367b542474e392d4deee76205d6e9

SHA512
794647b41336519d01f885bf9235b2b0d2424c3235894b2791ed8a896401f4f9c317a99258c4143a941146e2908b4ac5bd9ceba544a091f11b3fc8a4627f3133

Download Submit
C:\Windows\system\aHDUQZb.exe

Filesize
6.0MB

MD5
5996014f0c0838e4ece0290ea317d21f

SHA1
68aa2dbffd086be82e54e79298bf0888d23f9ffa

SHA256
c1970dd1c07812b720b677b79b9350003d4cf4515cff76c0d6220e1ba9983053

SHA512
6b6bcb0325f28b52380e51e51f5e21d3afdf0ad916ce59b97c4cf525ef92a86f8b835cafe29bdbb56f923718c49247027213e1c65730072b079e54ce1f61412d

Download Submit
C:\Windows\system\eEfkaNs.exe

Filesize
6.0MB

MD5
5f7fcbdbcc881b5c8ea12b1b92b09e88

SHA1
85ae21aeadb7758bf7d0ca45f9d23d30957f596e

SHA256
4728a7d8454473e4d06d0dde2a5493c3841612fae88b002ec2f5d6ffd93b8240

SHA512
3f162950432c4aa8535937f22eed8b94a388dd3b2e5c38f411de3a0207547b7811603914a5537c21a8c39ffbeef8f4ddac99f64f8e48e1ecc836e9f0266d17e4

Download Submit
C:\Windows\system\fsySJAE.exe

Filesize
6.0MB

MD5
f3e493de93b9ac31cbc9bf690ce316c9

SHA1
c8c66ffe4db3ab4b1ec3f3f5c9ee58436759584e

SHA256
c41a095d47c5f354df69a8230addd97e67592cf55405f81f612758ddda00f93f

SHA512
6b5759a627ed4bbc293c87cd4ccb574728e82f7c60b5a7efa74976130bc33b5b93c2b958522f8fa301c1a64ea62111048a56183cb558218846bb7821c4a531b1

Download Submit
C:\Windows\system\mPfftTc.exe

Filesize
6.0MB

MD5
dc8693c4f4f4131af3922df38779c885

SHA1
5cb7ab63848a6418bd20df62b548df2d9566e0c8

SHA256
7dcbe90ded3e435c7ec3bad5c9577d4011d2d8a1e5405a98984ceaf89ae93bba

SHA512
648251369dc6a6e0e2c6b4d31b66009d3669914c8d9ab86ada9e3c4ee791535d69793b102d5043d934f257885fcb20e04b1426f0b62abcb4312945a6b5f9a1d2

Download Submit
C:\Windows\system\nOsuSGf.exe

Filesize
6.0MB

MD5
a76206d259d3b8b649577e4465fff4c5

SHA1
6cf01a9c8f08dafbcb835b6df38eac7bd49ec407

SHA256
a44bf7452985e24105576f8ac550df4f219c3fa731da5fea58b73be37954f736

SHA512
412c6a6a88b403a12dca6514d7f0739d60d5f77b0a7d3c3c82a5c28046f82e2a5215286591cfc10f5e692be2a849c834876a04d8c11837d0dfed9d5f87d01bac

Download Submit
C:\Windows\system\rqBtKxH.exe

Filesize
6.0MB

MD5
78ac062243a0e21a1b8f8deb9c6e4eaa

SHA1
6060cd09111cad3052cfcb00cf96b2dff910f6fa

SHA256
74d8682cd6c2b4ee10ea6a47242e5ce381f84ed0f59d823101dfc0ec17f38e49

SHA512
6c805bd95fabc5fd023ddbd8974027f285caea79f96a6af07ffba70919fbb599f9621fbb3ca280b8037999a57ec9837e37ce15e4986a7842b67d287fa6462c30

Download Submit
C:\Windows\system\usOzfab.exe

Filesize
6.0MB

MD5
ca0ccb04a751acf3273a312cf31bdc1a

SHA1
929b412306424e27ea760c4d1a0edab7bbc19fc0

SHA256
7aba3518aa945602b26e825fb79364a7858a8eb78602b5c338c7b6467245bd53

SHA512
0b99ebe1c123efb112f5204a822ab7c772fbd69fb248d859e5a0130090cac499652073299b6737b1f86b8cefc97f3b39159670c2d8409aefda739fb05289ef7b

Download Submit
C:\Windows\system\uuNBqev.exe

Filesize
6.0MB

MD5
e92d83114d69ed33161241d5d8149780

SHA1
b6d145511151d1b4d3536f3c60ca13fd90c2048c

SHA256
de6e86b88fca688536c03c4994be10281cdcfbbd6f0523420b30eb2ed4cab732

SHA512
36b5bc1503b032a7045e0a44d85d51f1a50cfbc74c9c86fdd71bec2d9af9aba139026fb09adb4d680997855358469028a583f4565d68255f5256d65c4d22136f

Download Submit
C:\Windows\system\vfrLGFG.exe

Filesize
6.0MB

MD5
e2690d4749358506a868b94281700b47

SHA1
6b79c0f9134077ce3bc0ebfb52aff5d8d85b6048

SHA256
af36776640fa2b50ea33d9dd80ff38075fb98653d4e6d8b44355f765c72ff2ae

SHA512
151f28344f313469813da27933844226686c7926c2e8dac92ab0ba38d2abef70f19e4eebd0eedeba1e18ffad3ea4c627016f18c78edbba44ac708aa0d3c480be

Download Submit
C:\Windows\system\wBkmQOQ.exe

Filesize
6.0MB

MD5
5c043bccf4708755c2c2332a31b4adfe

SHA1
1e0c01b806847618557e9b677037f5b032accb76

SHA256
c2581383279808f5ae701e06076f0aeb57b4f77d893c64b49508f48654a2569a

SHA512
a1c1113870b8772867b0c19199d6538926027c32481b2a6037d80307a41244c6cdb3ff57350f2b0e15ede193890757065b025c9cf1748cc7f2ce40eb7c81d83b

Download Submit
C:\Windows\system\ybaJoGb.exe

Filesize
6.0MB

MD5
876f670fbeea5c2eccbc886e32ad0773

SHA1
4f20aa1c5d43633e3ef26c885211997383fa0a42

SHA256
8c98e8a3a82d135ffb38b7c1f1b677f727baa38f870a68bdb5149a61caa48db8

SHA512
fd3777c8fe7cb45023fac298fe97ee52ee01d4b9b23ad2e103b2b5f56cd15a69d7304bcbb0990bf184010188106416d343f75ad9e149b402274dfc73cd17766e

Download Submit
C:\Windows\system\yqsmFdV.exe

Filesize
6.0MB

MD5
462af21d828c38f788e1fcc985be84de

SHA1
7b35073ad4692275652065968e283c1f97a84d04

SHA256
fce074c6ff323647d29ac66ff27072359a629df4f5e7e979382d5c00fc0e6b9d

SHA512
41df2547e078719b1f757e3f66571df04ec0fa5687e0696d90c1d0f1d6f5db72599317db2b636d74b8ee9ea206180576b0b8b3eaa90441a17f103a40f540efad

Download Submit
C:\Windows\system\zRkBLiD.exe

Filesize
6.0MB

MD5
bf79190e83373d7d309e1234a58a8ad2

SHA1
c9660691601876e053637500297c7b9b14ab845f

SHA256
d23c48ec4d099082b19a15a6c45029a65b9cf65131a5294c0e8b295a1a08075b

SHA512
90ce2c764abff8d5a742fc181e75ab4110b7da3d967b725c4cddbad3e83e28e34b1118fc76095d3dee84ad78767761ac3873c7c9ad9f41c89d1e61672c544b60

Download Submit
\Windows\system\Asnyrss.exe

Filesize
6.0MB

MD5
edebb4f61bdf4c931ea0b7fb6dd4f2b8

SHA1
e55c00b6c66f9e8d999cf4826ccca906ff6c9c27

SHA256
68a1f86052d57a318bcb3452af90641e6db8a3032db37375526c2f01682660ca

SHA512
db17c87fae857e47ead42bfa066d57fc75b84e57dcfbff4c9e2a9249ff9d9cc6f922abeb8dc7c441991e6851f2a132e0793750d66f12b737d5caa62b2b59cda7

Download Submit
\Windows\system\HERddoU.exe

Filesize
6.0MB

MD5
13875d7c9cb07d989d3f59806a2c2bf3

SHA1
fa836c86d28d1b0e400f8600ea971728ae126bc3

SHA256
d7a8163d1b9a3f49f7b1e3aba50efc3f75b499cf38f8ab00307b562d2fa967e9

SHA512
48aab41694bcb45c26a763dd54ba4dc3dc3ea77627a42603d8b3cd64c31d041c94b8e96861fec6560434fa86cca2a22d8101075e1d6cb990769d7df965c7f517

Download Submit
\Windows\system\PifzfJn.exe

Filesize
6.0MB

MD5
df3358639f15b6e0e3b7098523c58d58

SHA1
b226c8508853ea5249da3e8c2aea7d4fb20aaca4

SHA256
8ff726795e13d94c53510101fc4cea8e79962b1db1770decd8f84ec7f8ca74e3

SHA512
e2273d2e1abd0c2329131ee4567b7810a246a178e6461eb97624303a6fc7344fd63a3bd484a288cf6c162a7aa76459f5ad8ab1f8d9057343174e5ecb272a2523

Download Submit
\Windows\system\fqCrFbW.exe

Filesize
6.0MB

MD5
762fc10df10b4d2196aff7cb97427ab5

SHA1
2d8cb7b095e819b6efadfc3e13c3d307f958411d

SHA256
d2f2fcfc5a05a1d74c9dad83a8ba72135aaf8243a46f9af3b7c7a1af3cb78332

SHA512
86476b8f686c6e96f79515f3f48471c47c3e5d6f5c676064a02701b91ed11ffde47f8cb0f4f017bcc1b254778c4ce0ae93ac7493aa341b48e29d547fc6d9c752

Download Submit
\Windows\system\iZKKXVA.exe

Filesize
6.0MB

MD5
dace237ec7fa86ce80d720b320cc54f3

SHA1
1c6e35d895fed8cd532417deca9d49c821cb310c

SHA256
cfd48660b6b4dca850bc7bdf75a7046caa9ade37bdf64a65a65aa51138e06eac

SHA512
ff60142e48afbf5da263faf116ab051650c5148d2c8aa4e1f3b43a5f004bc4b04afa228e5d5957e7d1f41496f27a7d702cd0075c9d0c831144fc43eb5be358ea

Download Submit
\Windows\system\kvPXIDQ.exe

Filesize
6.0MB

MD5
9d776ea30eda1dd31ceef1187b041482

SHA1
2a8332d8491c1669348dfc4715d57d475d9e4759

SHA256
067040ba3585e3b3d05dabea874f7bf4ecb3afb9af613f8f7395193b06e0a2f0

SHA512
91ca27081ac56eeb7b729490132e8617a9322a14a55ea4ea19c933bfb2faca60352924da38d2856ee1707fb9811eca8e5f9a6850c8e0f425e49619d6142a569c

Download Submit
\Windows\system\ldFvsIk.exe

Filesize
6.0MB

MD5
ab9ae4bf70927ba126653053d760f77c

SHA1
05286e5d507282ce26041998f003bc0377f4cb49

SHA256
101147b2673919e1e09a4ba13424e056065760189c09f7469aefddf1465f638d

SHA512
0a8113d2f0c1f9c931f262bfc387ac1c0d72094ae5213a8be0cf70008051f16dc7bc8b7c8637bd4fa59550a3163019cf70284cbe41c90aa9aa2d4837bc0452d8

Download Submit
\Windows\system\qcKZMHi.exe

Filesize
6.0MB

MD5
76a5cdb9c166dafee865e374ad595421

SHA1
28d5436167c849c7ecbf7202e64e7891a213835e

SHA256
204e6fb07c82676a44dc3032e855cdd64c29b518762a89b88c03c3b4960cd2d0

SHA512
eda1d482c726442c7476a6d8c8c4bb1b8f0548c637fcb23bdee1dd2aec9b1ee2fa1c4085166b1d76fadedf08f66f699806a84d244f3eddbda878aac734521fed

Download Submit
memory/1140-810-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/1140-95-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/1140-4030-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/1156-75-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/1156-4022-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/1156-36-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/1308-103-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1308-992-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1308-4031-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1664-19-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/1664-4021-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/1664-52-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/1920-9-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-88-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-687-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-4029-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-85-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-919-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2212-107-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2212-798-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-8-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-92-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-26-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2212-42-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2212-54-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2212-22-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-569-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2212-64-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2212-32-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2212-13-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1192-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2212-67-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2212-99-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2212-0-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-38-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-373-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-4020-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-66-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-28-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4027-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2716-69-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2716-106-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2736-4028-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-82-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-470-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-81-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2748-4023-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2748-44-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2776-4024-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-59-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-4025-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-63-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-4026-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2872-76-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/3040-4019-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-21-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-58-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download