cobaltstrike | 67bd5a0f19ec32866937308b43b769298f143463c051e667c66e3933f182772a

Analysis

max time kernel
147s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-12-2024 06:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

fe692186359175c051407e6a94c6764a
SHA1

5373e1edd37c6ebd7a94996dad7c1140f0dac53f
SHA256

67bd5a0f19ec32866937308b43b769298f143463c051e667c66e3933f182772a
SHA512

8f4ef52e10f57a0f7e75429ddaaa7791186abfba6ac624bc59a8244b15c03842f22f1fd407e9f0f6381287771067979cdc50e7452ec2624e414d8a7eaf6e1705
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUF:T+q56utgpPF8u/7F

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120f9-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016399-14.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000162e4-8.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000164de-27.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016689-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016b86-40.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cf0-68.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-167.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-158.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-153.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-144.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-148.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-112.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-110.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017570-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-118.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015fa6-56.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-92.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-84.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174f8-74.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ca0-66.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c89-47.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3056-0-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x00080000000120f9-6.dat	xmrig
behavioral1/files/0x0008000000016399-14.dat	xmrig
behavioral1/files/0x00080000000162e4-8.dat	xmrig
behavioral1/memory/1672-19-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/1972-17-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/1040-12-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x00080000000164de-27.dat	xmrig
behavioral1/files/0x0008000000016689-33.dat	xmrig
behavioral1/files/0x0007000000016b86-40.dat	xmrig
behavioral1/memory/2764-43-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/1972-59-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/files/0x0009000000016cf0-68.dat	xmrig
behavioral1/files/0x0005000000018745-131.dat	xmrig
behavioral1/files/0x0005000000019274-183.dat	xmrig
behavioral1/memory/1108-748-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/1800-747-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/1688-561-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x0005000000019299-193.dat	xmrig
behavioral1/files/0x000500000001927a-188.dat	xmrig
behavioral1/files/0x000500000001924f-174.dat	xmrig
behavioral1/files/0x0005000000019261-178.dat	xmrig
behavioral1/files/0x0005000000019203-164.dat	xmrig
behavioral1/files/0x0005000000019237-167.dat	xmrig
behavioral1/files/0x0006000000019056-158.dat	xmrig
behavioral1/files/0x0006000000018fdf-153.dat	xmrig
behavioral1/files/0x0006000000018d7b-144.dat	xmrig
behavioral1/files/0x0006000000018d83-148.dat	xmrig
behavioral1/files/0x0006000000018be7-137.dat	xmrig
behavioral1/files/0x000500000001871c-128.dat	xmrig
behavioral1/files/0x000500000001870c-123.dat	xmrig
behavioral1/files/0x0005000000018697-112.dat	xmrig
behavioral1/files/0x00060000000175f7-110.dat	xmrig
behavioral1/files/0x0006000000017570-108.dat	xmrig
behavioral1/files/0x0005000000018706-118.dat	xmrig
behavioral1/memory/2728-117-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2620-78-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/1672-62-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2772-61-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/3056-60-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/1040-58-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x0008000000015fa6-56.dat	xmrig
behavioral1/memory/1108-99-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/1800-98-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/3056-97-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2364-96-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/3056-93-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x000d000000018683-92.dat	xmrig
behavioral1/memory/1688-91-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x00060000000175f1-84.dat	xmrig
behavioral1/files/0x00060000000174f8-74.dat	xmrig
behavioral1/files/0x0007000000016ca0-66.dat	xmrig
behavioral1/memory/3056-51-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/1700-50-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c89-47.dat	xmrig
behavioral1/memory/3056-38-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2872-37-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2364-28-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/3056-23-0x00000000022C0000-0x0000000002614000-memory.dmp	xmrig
behavioral1/memory/1972-2619-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/1672-2641-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/1040-2645-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2872-2658-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2772-2665-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1040	wRmbyMW.exe
1972	ACrdZSB.exe
1672	PylZlcd.exe
2364	BGjmfrn.exe
2872	pkuwFax.exe
2764	VVgVdUz.exe
1700	jJGgHhX.exe
2772	aCMYmSF.exe
2620	xlpsNeC.exe
1688	KColnwK.exe
1800	qBVcIdk.exe
1108	sqdgvrj.exe
2728	zdphgFJ.exe
2084	fKFNSpw.exe
1756	CkrAHQK.exe
1032	YFMRdMT.exe
2036	lbYWqxu.exe
1656	LyrTvEV.exe
2424	aJumohh.exe
2000	CFIrmAw.exe
1976	XgjTdOV.exe
3068	iiTEnxv.exe
2788	dOKuCQv.exe
2160	bHvrhWQ.exe
2444	yiQeVVl.exe
2220	ivYUiIT.exe
1836	pfdGMkn.exe
3064	eTOhkVN.exe
1920	sWvpYnt.exe
2784	CTddrlz.exe
2588	JXsDpoo.exe
1356	gdMrGYb.exe
1872	KHeMofT.exe
2156	Mbxqtvw.exe
840	aOfovFJ.exe
1784	vakxpdq.exe
2380	xMAZeKP.exe
1328	PNuohSp.exe
1776	tZQIAvS.exe
952	zdmCCDz.exe
2496	dCMJPRF.exe
2236	fKtjFgH.exe
2108	xpVzVuL.exe
1780	CApSWaG.exe
2436	wkpFGmp.exe
1668	ERjUWHu.exe
2116	eMjaDLq.exe
2180	BEnWCjb.exe
1048	pwGbPZg.exe
884	SHZtrdQ.exe
1412	WhKkfKS.exe
2324	PazKPfp.exe
1652	aARolji.exe
2408	VeeOpLG.exe
2348	BtXELRY.exe
2752	XimyOUP.exe
2900	meozAQA.exe
2628	jsMQlzA.exe
2240	pKVeMay.exe
680	FOuteOW.exe
1908	cRAQLMO.exe
2128	jKrblSF.exe
2016	hYEfzvI.exe
2816	nZObaxn.exe

Loads dropped DLL 64 IoCs

pid	Process
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3056-0-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x00080000000120f9-6.dat	upx
behavioral1/files/0x0008000000016399-14.dat	upx
behavioral1/files/0x00080000000162e4-8.dat	upx
behavioral1/memory/1672-19-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/1972-17-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/1040-12-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x00080000000164de-27.dat	upx
behavioral1/files/0x0008000000016689-33.dat	upx
behavioral1/files/0x0007000000016b86-40.dat	upx
behavioral1/memory/2764-43-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/1972-59-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/files/0x0009000000016cf0-68.dat	upx
behavioral1/files/0x0005000000018745-131.dat	upx
behavioral1/files/0x0005000000019274-183.dat	upx
behavioral1/memory/1108-748-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/1800-747-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/1688-561-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x0005000000019299-193.dat	upx
behavioral1/files/0x000500000001927a-188.dat	upx
behavioral1/files/0x000500000001924f-174.dat	upx
behavioral1/files/0x0005000000019261-178.dat	upx
behavioral1/files/0x0005000000019203-164.dat	upx
behavioral1/files/0x0005000000019237-167.dat	upx
behavioral1/files/0x0006000000019056-158.dat	upx
behavioral1/files/0x0006000000018fdf-153.dat	upx
behavioral1/files/0x0006000000018d7b-144.dat	upx
behavioral1/files/0x0006000000018d83-148.dat	upx
behavioral1/files/0x0006000000018be7-137.dat	upx
behavioral1/files/0x000500000001871c-128.dat	upx
behavioral1/files/0x000500000001870c-123.dat	upx
behavioral1/files/0x0005000000018697-112.dat	upx
behavioral1/files/0x00060000000175f7-110.dat	upx
behavioral1/files/0x0006000000017570-108.dat	upx
behavioral1/files/0x0005000000018706-118.dat	upx
behavioral1/memory/2728-117-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2620-78-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/1672-62-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2772-61-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/1040-58-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x0008000000015fa6-56.dat	upx
behavioral1/memory/1108-99-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/1800-98-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2364-96-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x000d000000018683-92.dat	upx
behavioral1/memory/1688-91-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x00060000000175f1-84.dat	upx
behavioral1/files/0x00060000000174f8-74.dat	upx
behavioral1/files/0x0007000000016ca0-66.dat	upx
behavioral1/memory/3056-51-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/1700-50-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x0007000000016c89-47.dat	upx
behavioral1/memory/2872-37-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2364-28-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/1972-2619-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/1672-2641-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/1040-2645-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2872-2658-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2772-2665-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/1700-2666-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2364-2667-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2728-2668-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2764-2652-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/1688-2672-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\UMGyJOl.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jqvIhLv.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bJmLGvz.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZzZSyfq.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eFIxBZS.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xyefevt.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\diNUsyk.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ckwdkGY.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wtVVjJy.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FcWHSyq.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uTAXupI.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JuQANcT.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GGJEeJY.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sgJJtGt.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NyXEXTL.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JSnTisL.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\icUKMlz.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GsulZVc.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqNUYCQ.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YNjtmbf.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VnfdwTP.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SPewALg.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eViEitD.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XzyqFKP.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUdaGqe.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XKvbECD.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJskGZm.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbQsghd.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fyHxEfW.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NnsbUaF.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVmJnba.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VuRYtCf.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PUXUxku.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jdwZVyi.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dGIMvrx.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CCsqroo.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdDnMwq.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CJLCJUM.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\meozAQA.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XLoTHYa.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NJFcDiW.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EIhvpHr.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SHtKSpd.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZTBxus.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YbwgslN.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Zhbcpnl.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xOJispP.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HirrpHD.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WXsiDap.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HhQANnR.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\haJCaYx.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pidkxXx.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RUBQtBM.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yvzJEca.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jzsGfDi.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bhiJYkA.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdmCCDz.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pXwygWP.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yPfiSrW.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uyXBNgp.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UMGvbCr.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NxSQoEO.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gzqWQfM.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OGOlITh.exe	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 1040	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3056 wrote to memory of 1040	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3056 wrote to memory of 1040	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3056 wrote to memory of 1972	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3056 wrote to memory of 1972	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3056 wrote to memory of 1972	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3056 wrote to memory of 1672	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3056 wrote to memory of 1672	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3056 wrote to memory of 1672	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3056 wrote to memory of 2364	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3056 wrote to memory of 2364	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3056 wrote to memory of 2364	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3056 wrote to memory of 2872	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3056 wrote to memory of 2872	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3056 wrote to memory of 2872	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3056 wrote to memory of 2764	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3056 wrote to memory of 2764	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3056 wrote to memory of 2764	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3056 wrote to memory of 1700	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3056 wrote to memory of 1700	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3056 wrote to memory of 1700	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3056 wrote to memory of 2772	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3056 wrote to memory of 2772	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3056 wrote to memory of 2772	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3056 wrote to memory of 2620	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3056 wrote to memory of 2620	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3056 wrote to memory of 2620	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3056 wrote to memory of 2728	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3056 wrote to memory of 2728	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3056 wrote to memory of 2728	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3056 wrote to memory of 1688	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3056 wrote to memory of 1688	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3056 wrote to memory of 1688	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3056 wrote to memory of 2084	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3056 wrote to memory of 2084	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3056 wrote to memory of 2084	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3056 wrote to memory of 1800	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3056 wrote to memory of 1800	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3056 wrote to memory of 1800	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3056 wrote to memory of 1756	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3056 wrote to memory of 1756	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3056 wrote to memory of 1756	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3056 wrote to memory of 1108	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3056 wrote to memory of 1108	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3056 wrote to memory of 1108	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3056 wrote to memory of 1032	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3056 wrote to memory of 1032	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3056 wrote to memory of 1032	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3056 wrote to memory of 2036	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3056 wrote to memory of 2036	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3056 wrote to memory of 2036	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3056 wrote to memory of 1656	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3056 wrote to memory of 1656	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3056 wrote to memory of 1656	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3056 wrote to memory of 2424	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3056 wrote to memory of 2424	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3056 wrote to memory of 2424	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3056 wrote to memory of 2000	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3056 wrote to memory of 2000	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3056 wrote to memory of 2000	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3056 wrote to memory of 1976	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3056 wrote to memory of 1976	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3056 wrote to memory of 1976	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3056 wrote to memory of 3068	3056	2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-11_fe692186359175c051407e6a94c6764a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\System\wRmbyMW.exe
  C:\Windows\System\wRmbyMW.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\ACrdZSB.exe
  C:\Windows\System\ACrdZSB.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\PylZlcd.exe
  C:\Windows\System\PylZlcd.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\BGjmfrn.exe
  C:\Windows\System\BGjmfrn.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\pkuwFax.exe
  C:\Windows\System\pkuwFax.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\VVgVdUz.exe
  C:\Windows\System\VVgVdUz.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\jJGgHhX.exe
  C:\Windows\System\jJGgHhX.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\aCMYmSF.exe
  C:\Windows\System\aCMYmSF.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\xlpsNeC.exe
  C:\Windows\System\xlpsNeC.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\zdphgFJ.exe
  C:\Windows\System\zdphgFJ.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\KColnwK.exe
  C:\Windows\System\KColnwK.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\fKFNSpw.exe
  C:\Windows\System\fKFNSpw.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\qBVcIdk.exe
  C:\Windows\System\qBVcIdk.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\CkrAHQK.exe
  C:\Windows\System\CkrAHQK.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\sqdgvrj.exe
  C:\Windows\System\sqdgvrj.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\YFMRdMT.exe
  C:\Windows\System\YFMRdMT.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\lbYWqxu.exe
  C:\Windows\System\lbYWqxu.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\LyrTvEV.exe
  C:\Windows\System\LyrTvEV.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\aJumohh.exe
  C:\Windows\System\aJumohh.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\CFIrmAw.exe
  C:\Windows\System\CFIrmAw.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\XgjTdOV.exe
  C:\Windows\System\XgjTdOV.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\iiTEnxv.exe
  C:\Windows\System\iiTEnxv.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\dOKuCQv.exe
  C:\Windows\System\dOKuCQv.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\bHvrhWQ.exe
  C:\Windows\System\bHvrhWQ.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\yiQeVVl.exe
  C:\Windows\System\yiQeVVl.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\ivYUiIT.exe
  C:\Windows\System\ivYUiIT.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\pfdGMkn.exe
  C:\Windows\System\pfdGMkn.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\eTOhkVN.exe
  C:\Windows\System\eTOhkVN.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\sWvpYnt.exe
  C:\Windows\System\sWvpYnt.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\CTddrlz.exe
  C:\Windows\System\CTddrlz.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\JXsDpoo.exe
  C:\Windows\System\JXsDpoo.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\gdMrGYb.exe
  C:\Windows\System\gdMrGYb.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\KHeMofT.exe
  C:\Windows\System\KHeMofT.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\Mbxqtvw.exe
  C:\Windows\System\Mbxqtvw.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\aOfovFJ.exe
  C:\Windows\System\aOfovFJ.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\vakxpdq.exe
  C:\Windows\System\vakxpdq.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\xMAZeKP.exe
  C:\Windows\System\xMAZeKP.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\PNuohSp.exe
  C:\Windows\System\PNuohSp.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\tZQIAvS.exe
  C:\Windows\System\tZQIAvS.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\zdmCCDz.exe
  C:\Windows\System\zdmCCDz.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\dCMJPRF.exe
  C:\Windows\System\dCMJPRF.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\fKtjFgH.exe
  C:\Windows\System\fKtjFgH.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\xpVzVuL.exe
  C:\Windows\System\xpVzVuL.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\CApSWaG.exe
  C:\Windows\System\CApSWaG.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\wkpFGmp.exe
  C:\Windows\System\wkpFGmp.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\ERjUWHu.exe
  C:\Windows\System\ERjUWHu.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\eMjaDLq.exe
  C:\Windows\System\eMjaDLq.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\BEnWCjb.exe
  C:\Windows\System\BEnWCjb.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\pwGbPZg.exe
  C:\Windows\System\pwGbPZg.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\SHZtrdQ.exe
  C:\Windows\System\SHZtrdQ.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\WhKkfKS.exe
  C:\Windows\System\WhKkfKS.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\PazKPfp.exe
  C:\Windows\System\PazKPfp.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\aARolji.exe
  C:\Windows\System\aARolji.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\VeeOpLG.exe
  C:\Windows\System\VeeOpLG.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\BtXELRY.exe
  C:\Windows\System\BtXELRY.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\XimyOUP.exe
  C:\Windows\System\XimyOUP.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\meozAQA.exe
  C:\Windows\System\meozAQA.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\jsMQlzA.exe
  C:\Windows\System\jsMQlzA.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\pKVeMay.exe
  C:\Windows\System\pKVeMay.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\FOuteOW.exe
  C:\Windows\System\FOuteOW.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\cRAQLMO.exe
  C:\Windows\System\cRAQLMO.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\jKrblSF.exe
  C:\Windows\System\jKrblSF.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\hYEfzvI.exe
  C:\Windows\System\hYEfzvI.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\nZObaxn.exe
  C:\Windows\System\nZObaxn.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\VszFYEj.exe
  C:\Windows\System\VszFYEj.exe
  2⤵
  PID:1844
- C:\Windows\System\eZdrORb.exe
  C:\Windows\System\eZdrORb.exe
  2⤵
  PID:2928
- C:\Windows\System\BXgviXT.exe
  C:\Windows\System\BXgviXT.exe
  2⤵
  PID:1764
- C:\Windows\System\JuZnVTM.exe
  C:\Windows\System\JuZnVTM.exe
  2⤵
  PID:2948
- C:\Windows\System\nanuDRZ.exe
  C:\Windows\System\nanuDRZ.exe
  2⤵
  PID:2120
- C:\Windows\System\EdTqWRW.exe
  C:\Windows\System\EdTqWRW.exe
  2⤵
  PID:1520
- C:\Windows\System\mkNZoRv.exe
  C:\Windows\System\mkNZoRv.exe
  2⤵
  PID:1384
- C:\Windows\System\haJCaYx.exe
  C:\Windows\System\haJCaYx.exe
  2⤵
  PID:544
- C:\Windows\System\Krdzhyg.exe
  C:\Windows\System\Krdzhyg.exe
  2⤵
  PID:3020
- C:\Windows\System\nshufIk.exe
  C:\Windows\System\nshufIk.exe
  2⤵
  PID:2844
- C:\Windows\System\xEcAXLM.exe
  C:\Windows\System\xEcAXLM.exe
  2⤵
  PID:1828
- C:\Windows\System\IeJUdyd.exe
  C:\Windows\System\IeJUdyd.exe
  2⤵
  PID:1240
- C:\Windows\System\UIfuadH.exe
  C:\Windows\System\UIfuadH.exe
  2⤵
  PID:920
- C:\Windows\System\gbncMUm.exe
  C:\Windows\System\gbncMUm.exe
  2⤵
  PID:708
- C:\Windows\System\yXEsjdL.exe
  C:\Windows\System\yXEsjdL.exe
  2⤵
  PID:1156
- C:\Windows\System\BsNZlNS.exe
  C:\Windows\System\BsNZlNS.exe
  2⤵
  PID:700
- C:\Windows\System\LOnBYiu.exe
  C:\Windows\System\LOnBYiu.exe
  2⤵
  PID:2012
- C:\Windows\System\xLpBqJa.exe
  C:\Windows\System\xLpBqJa.exe
  2⤵
  PID:2104
- C:\Windows\System\GhmrKLe.exe
  C:\Windows\System\GhmrKLe.exe
  2⤵
  PID:1748
- C:\Windows\System\yIByNYi.exe
  C:\Windows\System\yIByNYi.exe
  2⤵
  PID:2168
- C:\Windows\System\oyrRLit.exe
  C:\Windows\System\oyrRLit.exe
  2⤵
  PID:1608
- C:\Windows\System\yvzJEca.exe
  C:\Windows\System\yvzJEca.exe
  2⤵
  PID:1612
- C:\Windows\System\THIVDzs.exe
  C:\Windows\System\THIVDzs.exe
  2⤵
  PID:1280
- C:\Windows\System\SxMtTPr.exe
  C:\Windows\System\SxMtTPr.exe
  2⤵
  PID:2260
- C:\Windows\System\SxTqFrc.exe
  C:\Windows\System\SxTqFrc.exe
  2⤵
  PID:1932
- C:\Windows\System\SsdPoGq.exe
  C:\Windows\System\SsdPoGq.exe
  2⤵
  PID:480
- C:\Windows\System\MrJLDvo.exe
  C:\Windows\System\MrJLDvo.exe
  2⤵
  PID:572
- C:\Windows\System\ZpkxTIv.exe
  C:\Windows\System\ZpkxTIv.exe
  2⤵
  PID:1636
- C:\Windows\System\CSNwxsG.exe
  C:\Windows\System\CSNwxsG.exe
  2⤵
  PID:2164
- C:\Windows\System\TXTnFbk.exe
  C:\Windows\System\TXTnFbk.exe
  2⤵
  PID:2964
- C:\Windows\System\EIhvpHr.exe
  C:\Windows\System\EIhvpHr.exe
  2⤵
  PID:2076
- C:\Windows\System\wpfaTKM.exe
  C:\Windows\System\wpfaTKM.exe
  2⤵
  PID:2704
- C:\Windows\System\EpQVXoG.exe
  C:\Windows\System\EpQVXoG.exe
  2⤵
  PID:2644
- C:\Windows\System\bjtHIkw.exe
  C:\Windows\System\bjtHIkw.exe
  2⤵
  PID:3008
- C:\Windows\System\pYUSyRl.exe
  C:\Windows\System\pYUSyRl.exe
  2⤵
  PID:3096
- C:\Windows\System\YxucAOw.exe
  C:\Windows\System\YxucAOw.exe
  2⤵
  PID:3112
- C:\Windows\System\zhZdfRL.exe
  C:\Windows\System\zhZdfRL.exe
  2⤵
  PID:3132
- C:\Windows\System\alFvbdW.exe
  C:\Windows\System\alFvbdW.exe
  2⤵
  PID:3156
- C:\Windows\System\fqpRMOW.exe
  C:\Windows\System\fqpRMOW.exe
  2⤵
  PID:3172
- C:\Windows\System\HCNXQLz.exe
  C:\Windows\System\HCNXQLz.exe
  2⤵
  PID:3188
- C:\Windows\System\RJCtiTT.exe
  C:\Windows\System\RJCtiTT.exe
  2⤵
  PID:3212
- C:\Windows\System\OTtGsOz.exe
  C:\Windows\System\OTtGsOz.exe
  2⤵
  PID:3228
- C:\Windows\System\HaVkUNR.exe
  C:\Windows\System\HaVkUNR.exe
  2⤵
  PID:3248
- C:\Windows\System\ISjxAyP.exe
  C:\Windows\System\ISjxAyP.exe
  2⤵
  PID:3272
- C:\Windows\System\XLoTHYa.exe
  C:\Windows\System\XLoTHYa.exe
  2⤵
  PID:3296
- C:\Windows\System\VRRNbuF.exe
  C:\Windows\System\VRRNbuF.exe
  2⤵
  PID:3316
- C:\Windows\System\JozEgVw.exe
  C:\Windows\System\JozEgVw.exe
  2⤵
  PID:3336
- C:\Windows\System\aCPESRH.exe
  C:\Windows\System\aCPESRH.exe
  2⤵
  PID:3356
- C:\Windows\System\XPJUtzW.exe
  C:\Windows\System\XPJUtzW.exe
  2⤵
  PID:3376
- C:\Windows\System\RFRXcYn.exe
  C:\Windows\System\RFRXcYn.exe
  2⤵
  PID:3396
- C:\Windows\System\mmgoPTa.exe
  C:\Windows\System\mmgoPTa.exe
  2⤵
  PID:3416
- C:\Windows\System\DcpfwbM.exe
  C:\Windows\System\DcpfwbM.exe
  2⤵
  PID:3436
- C:\Windows\System\KuhnPCn.exe
  C:\Windows\System\KuhnPCn.exe
  2⤵
  PID:3456
- C:\Windows\System\hTPFnnX.exe
  C:\Windows\System\hTPFnnX.exe
  2⤵
  PID:3476
- C:\Windows\System\ZzmKfiU.exe
  C:\Windows\System\ZzmKfiU.exe
  2⤵
  PID:3496
- C:\Windows\System\jZBfeSx.exe
  C:\Windows\System\jZBfeSx.exe
  2⤵
  PID:3520
- C:\Windows\System\gclsHFO.exe
  C:\Windows\System\gclsHFO.exe
  2⤵
  PID:3540
- C:\Windows\System\HfUVgov.exe
  C:\Windows\System\HfUVgov.exe
  2⤵
  PID:3560
- C:\Windows\System\XlBgrZP.exe
  C:\Windows\System\XlBgrZP.exe
  2⤵
  PID:3580
- C:\Windows\System\eKrJkIg.exe
  C:\Windows\System\eKrJkIg.exe
  2⤵
  PID:3600
- C:\Windows\System\wZSKWTp.exe
  C:\Windows\System\wZSKWTp.exe
  2⤵
  PID:3620
- C:\Windows\System\tsQVnMd.exe
  C:\Windows\System\tsQVnMd.exe
  2⤵
  PID:3640
- C:\Windows\System\QFSuMrx.exe
  C:\Windows\System\QFSuMrx.exe
  2⤵
  PID:3660
- C:\Windows\System\vINsjPY.exe
  C:\Windows\System\vINsjPY.exe
  2⤵
  PID:3680
- C:\Windows\System\jSaQQhv.exe
  C:\Windows\System\jSaQQhv.exe
  2⤵
  PID:3700
- C:\Windows\System\LmjoHUq.exe
  C:\Windows\System\LmjoHUq.exe
  2⤵
  PID:3720
- C:\Windows\System\xJKcTlt.exe
  C:\Windows\System\xJKcTlt.exe
  2⤵
  PID:3740
- C:\Windows\System\GZQIpMP.exe
  C:\Windows\System\GZQIpMP.exe
  2⤵
  PID:3764
- C:\Windows\System\wycbQsh.exe
  C:\Windows\System\wycbQsh.exe
  2⤵
  PID:3784
- C:\Windows\System\bZTPukg.exe
  C:\Windows\System\bZTPukg.exe
  2⤵
  PID:3804
- C:\Windows\System\Onxveyu.exe
  C:\Windows\System\Onxveyu.exe
  2⤵
  PID:3824
- C:\Windows\System\WhuttOr.exe
  C:\Windows\System\WhuttOr.exe
  2⤵
  PID:3844
- C:\Windows\System\cAyGCyu.exe
  C:\Windows\System\cAyGCyu.exe
  2⤵
  PID:3864
- C:\Windows\System\pUYSPrU.exe
  C:\Windows\System\pUYSPrU.exe
  2⤵
  PID:3884
- C:\Windows\System\yPfiSrW.exe
  C:\Windows\System\yPfiSrW.exe
  2⤵
  PID:3904
- C:\Windows\System\YploiIy.exe
  C:\Windows\System\YploiIy.exe
  2⤵
  PID:3924
- C:\Windows\System\hAjzczj.exe
  C:\Windows\System\hAjzczj.exe
  2⤵
  PID:3944
- C:\Windows\System\XZNJwJJ.exe
  C:\Windows\System\XZNJwJJ.exe
  2⤵
  PID:3964
- C:\Windows\System\hPdRaYa.exe
  C:\Windows\System\hPdRaYa.exe
  2⤵
  PID:3984
- C:\Windows\System\WKsbdGa.exe
  C:\Windows\System\WKsbdGa.exe
  2⤵
  PID:4004
- C:\Windows\System\SRecgRW.exe
  C:\Windows\System\SRecgRW.exe
  2⤵
  PID:4024
- C:\Windows\System\tZanJuz.exe
  C:\Windows\System\tZanJuz.exe
  2⤵
  PID:4044
- C:\Windows\System\gGebLJB.exe
  C:\Windows\System\gGebLJB.exe
  2⤵
  PID:4064
- C:\Windows\System\yRXNfYX.exe
  C:\Windows\System\yRXNfYX.exe
  2⤵
  PID:4084
- C:\Windows\System\TDLylBz.exe
  C:\Windows\System\TDLylBz.exe
  2⤵
  PID:2960
- C:\Windows\System\KAtnThs.exe
  C:\Windows\System\KAtnThs.exe
  2⤵
  PID:2468
- C:\Windows\System\oMmsDLk.exe
  C:\Windows\System\oMmsDLk.exe
  2⤵
  PID:1752
- C:\Windows\System\ChNNdCX.exe
  C:\Windows\System\ChNNdCX.exe
  2⤵
  PID:1300
- C:\Windows\System\SpmTXWG.exe
  C:\Windows\System\SpmTXWG.exe
  2⤵
  PID:2140
- C:\Windows\System\YaVNfvF.exe
  C:\Windows\System\YaVNfvF.exe
  2⤵
  PID:2552
- C:\Windows\System\aBhiCFK.exe
  C:\Windows\System\aBhiCFK.exe
  2⤵
  PID:2172
- C:\Windows\System\AzfKVVQ.exe
  C:\Windows\System\AzfKVVQ.exe
  2⤵
  PID:264
- C:\Windows\System\KfZNKhI.exe
  C:\Windows\System\KfZNKhI.exe
  2⤵
  PID:2656
- C:\Windows\System\HrztaXA.exe
  C:\Windows\System\HrztaXA.exe
  2⤵
  PID:1864
- C:\Windows\System\gpvoPwW.exe
  C:\Windows\System\gpvoPwW.exe
  2⤵
  PID:2708
- C:\Windows\System\zWBsAAl.exe
  C:\Windows\System\zWBsAAl.exe
  2⤵
  PID:2412
- C:\Windows\System\pXwygWP.exe
  C:\Windows\System\pXwygWP.exe
  2⤵
  PID:2456
- C:\Windows\System\YtkwXka.exe
  C:\Windows\System\YtkwXka.exe
  2⤵
  PID:3104
- C:\Windows\System\HPPmupm.exe
  C:\Windows\System\HPPmupm.exe
  2⤵
  PID:3084
- C:\Windows\System\FciDVkF.exe
  C:\Windows\System\FciDVkF.exe
  2⤵
  PID:3180
- C:\Windows\System\nQZMVbo.exe
  C:\Windows\System\nQZMVbo.exe
  2⤵
  PID:3128
- C:\Windows\System\dpOPnUJ.exe
  C:\Windows\System\dpOPnUJ.exe
  2⤵
  PID:3260
- C:\Windows\System\BLQfemE.exe
  C:\Windows\System\BLQfemE.exe
  2⤵
  PID:3268
- C:\Windows\System\BJfeunH.exe
  C:\Windows\System\BJfeunH.exe
  2⤵
  PID:3304
- C:\Windows\System\JsKMjzY.exe
  C:\Windows\System\JsKMjzY.exe
  2⤵
  PID:3280
- C:\Windows\System\HyPPYJj.exe
  C:\Windows\System\HyPPYJj.exe
  2⤵
  PID:3328
- C:\Windows\System\PQXyock.exe
  C:\Windows\System\PQXyock.exe
  2⤵
  PID:3368
- C:\Windows\System\jLLRgnL.exe
  C:\Windows\System\jLLRgnL.exe
  2⤵
  PID:3432
- C:\Windows\System\ZAGfDsA.exe
  C:\Windows\System\ZAGfDsA.exe
  2⤵
  PID:3464
- C:\Windows\System\lNBuayY.exe
  C:\Windows\System\lNBuayY.exe
  2⤵
  PID:3448
- C:\Windows\System\bUxvIVc.exe
  C:\Windows\System\bUxvIVc.exe
  2⤵
  PID:3516
- C:\Windows\System\tyuziqH.exe
  C:\Windows\System\tyuziqH.exe
  2⤵
  PID:3536
- C:\Windows\System\aVKpeSv.exe
  C:\Windows\System\aVKpeSv.exe
  2⤵
  PID:3572
- C:\Windows\System\ebwshyj.exe
  C:\Windows\System\ebwshyj.exe
  2⤵
  PID:3608
- C:\Windows\System\dplrqCH.exe
  C:\Windows\System\dplrqCH.exe
  2⤵
  PID:3648
- C:\Windows\System\HBTgqMH.exe
  C:\Windows\System\HBTgqMH.exe
  2⤵
  PID:3652
- C:\Windows\System\shwBVCO.exe
  C:\Windows\System\shwBVCO.exe
  2⤵
  PID:3692
- C:\Windows\System\yLNhDsC.exe
  C:\Windows\System\yLNhDsC.exe
  2⤵
  PID:3748
- C:\Windows\System\xOkCmdU.exe
  C:\Windows\System\xOkCmdU.exe
  2⤵
  PID:3796
- C:\Windows\System\gObXucj.exe
  C:\Windows\System\gObXucj.exe
  2⤵
  PID:3820
- C:\Windows\System\ugSNFrE.exe
  C:\Windows\System\ugSNFrE.exe
  2⤵
  PID:3872
- C:\Windows\System\ohgLeKv.exe
  C:\Windows\System\ohgLeKv.exe
  2⤵
  PID:3876
- C:\Windows\System\YSxFyLS.exe
  C:\Windows\System\YSxFyLS.exe
  2⤵
  PID:3920
- C:\Windows\System\udMqtHZ.exe
  C:\Windows\System\udMqtHZ.exe
  2⤵
  PID:3960
- C:\Windows\System\RXADYSu.exe
  C:\Windows\System\RXADYSu.exe
  2⤵
  PID:4000
- C:\Windows\System\YyeICyE.exe
  C:\Windows\System\YyeICyE.exe
  2⤵
  PID:4020
- C:\Windows\System\XWUFbhC.exe
  C:\Windows\System\XWUFbhC.exe
  2⤵
  PID:4052
- C:\Windows\System\JILvhpy.exe
  C:\Windows\System\JILvhpy.exe
  2⤵
  PID:4076
- C:\Windows\System\oXevfYi.exe
  C:\Windows\System\oXevfYi.exe
  2⤵
  PID:1376
- C:\Windows\System\ZkwLkqi.exe
  C:\Windows\System\ZkwLkqi.exe
  2⤵
  PID:1444
- C:\Windows\System\bljEhaQ.exe
  C:\Windows\System\bljEhaQ.exe
  2⤵
  PID:392
- C:\Windows\System\jzsGfDi.exe
  C:\Windows\System\jzsGfDi.exe
  2⤵
  PID:1580
- C:\Windows\System\LoHfJaz.exe
  C:\Windows\System\LoHfJaz.exe
  2⤵
  PID:1496
- C:\Windows\System\LwExIxx.exe
  C:\Windows\System\LwExIxx.exe
  2⤵
  PID:2892
- C:\Windows\System\Olmysmc.exe
  C:\Windows\System\Olmysmc.exe
  2⤵
  PID:532
- C:\Windows\System\ZBiQdHu.exe
  C:\Windows\System\ZBiQdHu.exe
  2⤵
  PID:2584
- C:\Windows\System\utsHCBP.exe
  C:\Windows\System\utsHCBP.exe
  2⤵
  PID:3080
- C:\Windows\System\YtyBDpZ.exe
  C:\Windows\System\YtyBDpZ.exe
  2⤵
  PID:3184
- C:\Windows\System\lUdaGqe.exe
  C:\Windows\System\lUdaGqe.exe
  2⤵
  PID:3204
- C:\Windows\System\RBvAJIS.exe
  C:\Windows\System\RBvAJIS.exe
  2⤵
  PID:3292
- C:\Windows\System\wRrWTWA.exe
  C:\Windows\System\wRrWTWA.exe
  2⤵
  PID:3332
- C:\Windows\System\xavLGsD.exe
  C:\Windows\System\xavLGsD.exe
  2⤵
  PID:3364
- C:\Windows\System\LuDeyJM.exe
  C:\Windows\System\LuDeyJM.exe
  2⤵
  PID:3408
- C:\Windows\System\AEvUJHf.exe
  C:\Windows\System\AEvUJHf.exe
  2⤵
  PID:3492
- C:\Windows\System\oHfjSuR.exe
  C:\Windows\System\oHfjSuR.exe
  2⤵
  PID:3552
- C:\Windows\System\zEDfUOS.exe
  C:\Windows\System\zEDfUOS.exe
  2⤵
  PID:3592
- C:\Windows\System\bStpRDV.exe
  C:\Windows\System\bStpRDV.exe
  2⤵
  PID:3612
- C:\Windows\System\yrKxbPo.exe
  C:\Windows\System\yrKxbPo.exe
  2⤵
  PID:3732
- C:\Windows\System\NpNJXMu.exe
  C:\Windows\System\NpNJXMu.exe
  2⤵
  PID:4104
- C:\Windows\System\nMHxQnd.exe
  C:\Windows\System\nMHxQnd.exe
  2⤵
  PID:4124
- C:\Windows\System\TMistFP.exe
  C:\Windows\System\TMistFP.exe
  2⤵
  PID:4156
- C:\Windows\System\tKUADWh.exe
  C:\Windows\System\tKUADWh.exe
  2⤵
  PID:4176
- C:\Windows\System\SPewALg.exe
  C:\Windows\System\SPewALg.exe
  2⤵
  PID:4196
- C:\Windows\System\tyApSox.exe
  C:\Windows\System\tyApSox.exe
  2⤵
  PID:4216
- C:\Windows\System\iAQsInx.exe
  C:\Windows\System\iAQsInx.exe
  2⤵
  PID:4236
- C:\Windows\System\SAfPYHB.exe
  C:\Windows\System\SAfPYHB.exe
  2⤵
  PID:4256
- C:\Windows\System\putlSdb.exe
  C:\Windows\System\putlSdb.exe
  2⤵
  PID:4276
- C:\Windows\System\EXAMcBy.exe
  C:\Windows\System\EXAMcBy.exe
  2⤵
  PID:4296
- C:\Windows\System\vGKNLyA.exe
  C:\Windows\System\vGKNLyA.exe
  2⤵
  PID:4316
- C:\Windows\System\USfNJWk.exe
  C:\Windows\System\USfNJWk.exe
  2⤵
  PID:4336
- C:\Windows\System\nYkPgqs.exe
  C:\Windows\System\nYkPgqs.exe
  2⤵
  PID:4356
- C:\Windows\System\sUeuWdB.exe
  C:\Windows\System\sUeuWdB.exe
  2⤵
  PID:4380
- C:\Windows\System\GsulZVc.exe
  C:\Windows\System\GsulZVc.exe
  2⤵
  PID:4400
- C:\Windows\System\ieurEQN.exe
  C:\Windows\System\ieurEQN.exe
  2⤵
  PID:4420
- C:\Windows\System\BMgpKpy.exe
  C:\Windows\System\BMgpKpy.exe
  2⤵
  PID:4448
- C:\Windows\System\kwzTqOA.exe
  C:\Windows\System\kwzTqOA.exe
  2⤵
  PID:4468
- C:\Windows\System\jHwKKBi.exe
  C:\Windows\System\jHwKKBi.exe
  2⤵
  PID:4488
- C:\Windows\System\tqNUYCQ.exe
  C:\Windows\System\tqNUYCQ.exe
  2⤵
  PID:4508
- C:\Windows\System\tKnxaQB.exe
  C:\Windows\System\tKnxaQB.exe
  2⤵
  PID:4528
- C:\Windows\System\yGZToTB.exe
  C:\Windows\System\yGZToTB.exe
  2⤵
  PID:4548
- C:\Windows\System\lDpMAbJ.exe
  C:\Windows\System\lDpMAbJ.exe
  2⤵
  PID:4568
- C:\Windows\System\mJDZfNu.exe
  C:\Windows\System\mJDZfNu.exe
  2⤵
  PID:4588
- C:\Windows\System\RnfBIhE.exe
  C:\Windows\System\RnfBIhE.exe
  2⤵
  PID:4612
- C:\Windows\System\CEfwfUh.exe
  C:\Windows\System\CEfwfUh.exe
  2⤵
  PID:4636
- C:\Windows\System\ZfvLqno.exe
  C:\Windows\System\ZfvLqno.exe
  2⤵
  PID:4656
- C:\Windows\System\aIgyGap.exe
  C:\Windows\System\aIgyGap.exe
  2⤵
  PID:4680
- C:\Windows\System\NcnvBUs.exe
  C:\Windows\System\NcnvBUs.exe
  2⤵
  PID:4700
- C:\Windows\System\psKwmgQ.exe
  C:\Windows\System\psKwmgQ.exe
  2⤵
  PID:4720
- C:\Windows\System\eJFhamR.exe
  C:\Windows\System\eJFhamR.exe
  2⤵
  PID:4740
- C:\Windows\System\TKjPXcR.exe
  C:\Windows\System\TKjPXcR.exe
  2⤵
  PID:4768
- C:\Windows\System\RKSCEtx.exe
  C:\Windows\System\RKSCEtx.exe
  2⤵
  PID:4788
- C:\Windows\System\CAgdxPx.exe
  C:\Windows\System\CAgdxPx.exe
  2⤵
  PID:4808
- C:\Windows\System\ZQaSjef.exe
  C:\Windows\System\ZQaSjef.exe
  2⤵
  PID:4832
- C:\Windows\System\oEYxCFT.exe
  C:\Windows\System\oEYxCFT.exe
  2⤵
  PID:4852
- C:\Windows\System\QdhycXx.exe
  C:\Windows\System\QdhycXx.exe
  2⤵
  PID:4872
- C:\Windows\System\LYqZJbU.exe
  C:\Windows\System\LYqZJbU.exe
  2⤵
  PID:4892
- C:\Windows\System\PUXUxku.exe
  C:\Windows\System\PUXUxku.exe
  2⤵
  PID:4912
- C:\Windows\System\TITgDFx.exe
  C:\Windows\System\TITgDFx.exe
  2⤵
  PID:4932
- C:\Windows\System\lzpOTYw.exe
  C:\Windows\System\lzpOTYw.exe
  2⤵
  PID:4952
- C:\Windows\System\jbRjozC.exe
  C:\Windows\System\jbRjozC.exe
  2⤵
  PID:4972
- C:\Windows\System\HiItRUV.exe
  C:\Windows\System\HiItRUV.exe
  2⤵
  PID:4992
- C:\Windows\System\ITBxWvd.exe
  C:\Windows\System\ITBxWvd.exe
  2⤵
  PID:5020
- C:\Windows\System\CtKfzRp.exe
  C:\Windows\System\CtKfzRp.exe
  2⤵
  PID:5040
- C:\Windows\System\lUXBdsM.exe
  C:\Windows\System\lUXBdsM.exe
  2⤵
  PID:5060
- C:\Windows\System\HbzKTEh.exe
  C:\Windows\System\HbzKTEh.exe
  2⤵
  PID:5080
- C:\Windows\System\spBEYIz.exe
  C:\Windows\System\spBEYIz.exe
  2⤵
  PID:5100
- C:\Windows\System\Mfmpzsa.exe
  C:\Windows\System\Mfmpzsa.exe
  2⤵
  PID:3780
- C:\Windows\System\GTHYjze.exe
  C:\Windows\System\GTHYjze.exe
  2⤵
  PID:3860
- C:\Windows\System\PHxRPPS.exe
  C:\Windows\System\PHxRPPS.exe
  2⤵
  PID:3832
- C:\Windows\System\qmMlqYi.exe
  C:\Windows\System\qmMlqYi.exe
  2⤵
  PID:3912
- C:\Windows\System\UVjbNlH.exe
  C:\Windows\System\UVjbNlH.exe
  2⤵
  PID:3972
- C:\Windows\System\jpYCvqP.exe
  C:\Windows\System\jpYCvqP.exe
  2⤵
  PID:4040
- C:\Windows\System\XyedCQD.exe
  C:\Windows\System\XyedCQD.exe
  2⤵
  PID:1912
- C:\Windows\System\WHSJuGc.exe
  C:\Windows\System\WHSJuGc.exe
  2⤵
  PID:2988
- C:\Windows\System\BwWUqsW.exe
  C:\Windows\System\BwWUqsW.exe
  2⤵
  PID:2944
- C:\Windows\System\sAjCjVc.exe
  C:\Windows\System\sAjCjVc.exe
  2⤵
  PID:2980
- C:\Windows\System\pidkxXx.exe
  C:\Windows\System\pidkxXx.exe
  2⤵
  PID:2292
- C:\Windows\System\kBlEqLK.exe
  C:\Windows\System\kBlEqLK.exe
  2⤵
  PID:3148
- C:\Windows\System\PWmXiYH.exe
  C:\Windows\System\PWmXiYH.exe
  2⤵
  PID:3208
- C:\Windows\System\PGuufaV.exe
  C:\Windows\System\PGuufaV.exe
  2⤵
  PID:3344
- C:\Windows\System\VCDSfwN.exe
  C:\Windows\System\VCDSfwN.exe
  2⤵
  PID:3284
- C:\Windows\System\OgCSATb.exe
  C:\Windows\System\OgCSATb.exe
  2⤵
  PID:2232
- C:\Windows\System\lBTHqni.exe
  C:\Windows\System\lBTHqni.exe
  2⤵
  PID:3596
- C:\Windows\System\LYzrbel.exe
  C:\Windows\System\LYzrbel.exe
  2⤵
  PID:3672
- C:\Windows\System\tELwYIa.exe
  C:\Windows\System\tELwYIa.exe
  2⤵
  PID:3708
- C:\Windows\System\CZTKBtn.exe
  C:\Windows\System\CZTKBtn.exe
  2⤵
  PID:4132
- C:\Windows\System\amoanul.exe
  C:\Windows\System\amoanul.exe
  2⤵
  PID:4168
- C:\Windows\System\ckCQVFr.exe
  C:\Windows\System\ckCQVFr.exe
  2⤵
  PID:4188
- C:\Windows\System\wpOknwB.exe
  C:\Windows\System\wpOknwB.exe
  2⤵
  PID:4228
- C:\Windows\System\NZkhmHo.exe
  C:\Windows\System\NZkhmHo.exe
  2⤵
  PID:4292
- C:\Windows\System\ZvTAHps.exe
  C:\Windows\System\ZvTAHps.exe
  2⤵
  PID:4312
- C:\Windows\System\ESSwBoA.exe
  C:\Windows\System\ESSwBoA.exe
  2⤵
  PID:4344
- C:\Windows\System\qCOkliZ.exe
  C:\Windows\System\qCOkliZ.exe
  2⤵
  PID:4348
- C:\Windows\System\vbsQDPP.exe
  C:\Windows\System\vbsQDPP.exe
  2⤵
  PID:4412
- C:\Windows\System\dZhyhUM.exe
  C:\Windows\System\dZhyhUM.exe
  2⤵
  PID:4464
- C:\Windows\System\OgjkNME.exe
  C:\Windows\System\OgjkNME.exe
  2⤵
  PID:4496
- C:\Windows\System\XyHnxcj.exe
  C:\Windows\System\XyHnxcj.exe
  2⤵
  PID:4500
- C:\Windows\System\DosYJps.exe
  C:\Windows\System\DosYJps.exe
  2⤵
  PID:4564
- C:\Windows\System\NWOoMfd.exe
  C:\Windows\System\NWOoMfd.exe
  2⤵
  PID:4580
- C:\Windows\System\UnCUPlq.exe
  C:\Windows\System\UnCUPlq.exe
  2⤵
  PID:4652
- C:\Windows\System\FflORwf.exe
  C:\Windows\System\FflORwf.exe
  2⤵
  PID:4696
- C:\Windows\System\ENdAWpH.exe
  C:\Windows\System\ENdAWpH.exe
  2⤵
  PID:4708
- C:\Windows\System\hFoCDgs.exe
  C:\Windows\System\hFoCDgs.exe
  2⤵
  PID:4732
- C:\Windows\System\bhiJYkA.exe
  C:\Windows\System\bhiJYkA.exe
  2⤵
  PID:4784
- C:\Windows\System\WJCgIdW.exe
  C:\Windows\System\WJCgIdW.exe
  2⤵
  PID:4800
- C:\Windows\System\NFQWrOU.exe
  C:\Windows\System\NFQWrOU.exe
  2⤵
  PID:4844
- C:\Windows\System\snEupwV.exe
  C:\Windows\System\snEupwV.exe
  2⤵
  PID:4900
- C:\Windows\System\vzBTmQy.exe
  C:\Windows\System\vzBTmQy.exe
  2⤵
  PID:4920
- C:\Windows\System\oamHxWb.exe
  C:\Windows\System\oamHxWb.exe
  2⤵
  PID:4928
- C:\Windows\System\aTirvWM.exe
  C:\Windows\System\aTirvWM.exe
  2⤵
  PID:4988
- C:\Windows\System\oGilnfj.exe
  C:\Windows\System\oGilnfj.exe
  2⤵
  PID:5028
- C:\Windows\System\myPCMuG.exe
  C:\Windows\System\myPCMuG.exe
  2⤵
  PID:5052
- C:\Windows\System\peZZKZV.exe
  C:\Windows\System\peZZKZV.exe
  2⤵
  PID:5096
- C:\Windows\System\DbQuKUa.exe
  C:\Windows\System\DbQuKUa.exe
  2⤵
  PID:3800
- C:\Windows\System\wtTpeva.exe
  C:\Windows\System\wtTpeva.exe
  2⤵
  PID:3840
- C:\Windows\System\frsLlUP.exe
  C:\Windows\System\frsLlUP.exe
  2⤵
  PID:3980
- C:\Windows\System\lONWNoJ.exe
  C:\Windows\System\lONWNoJ.exe
  2⤵
  PID:4036
- C:\Windows\System\GPsWCKw.exe
  C:\Windows\System\GPsWCKw.exe
  2⤵
  PID:1792
- C:\Windows\System\mVZpGom.exe
  C:\Windows\System\mVZpGom.exe
  2⤵
  PID:2476
- C:\Windows\System\dsIdora.exe
  C:\Windows\System\dsIdora.exe
  2⤵
  PID:1056
- C:\Windows\System\wHFeEem.exe
  C:\Windows\System\wHFeEem.exe
  2⤵
  PID:3124
- C:\Windows\System\cWnKwzw.exe
  C:\Windows\System\cWnKwzw.exe
  2⤵
  PID:3392
- C:\Windows\System\GZCYySn.exe
  C:\Windows\System\GZCYySn.exe
  2⤵
  PID:3488
- C:\Windows\System\NkmLQxI.exe
  C:\Windows\System\NkmLQxI.exe
  2⤵
  PID:3656
- C:\Windows\System\qOYVYMM.exe
  C:\Windows\System\qOYVYMM.exe
  2⤵
  PID:4164
- C:\Windows\System\auRGzsu.exe
  C:\Windows\System\auRGzsu.exe
  2⤵
  PID:4192
- C:\Windows\System\EFkwyTq.exe
  C:\Windows\System\EFkwyTq.exe
  2⤵
  PID:4248
- C:\Windows\System\QdamHye.exe
  C:\Windows\System\QdamHye.exe
  2⤵
  PID:4288
- C:\Windows\System\SqGfxFy.exe
  C:\Windows\System\SqGfxFy.exe
  2⤵
  PID:4372
- C:\Windows\System\Cvnrmms.exe
  C:\Windows\System\Cvnrmms.exe
  2⤵
  PID:4436
- C:\Windows\System\XEUaAOl.exe
  C:\Windows\System\XEUaAOl.exe
  2⤵
  PID:4524
- C:\Windows\System\SqmfBPx.exe
  C:\Windows\System\SqmfBPx.exe
  2⤵
  PID:4540
- C:\Windows\System\TFAhEZD.exe
  C:\Windows\System\TFAhEZD.exe
  2⤵
  PID:4604
- C:\Windows\System\uRSByVr.exe
  C:\Windows\System\uRSByVr.exe
  2⤵
  PID:5136
- C:\Windows\System\yBHhtvW.exe
  C:\Windows\System\yBHhtvW.exe
  2⤵
  PID:5156
- C:\Windows\System\jKEWzIi.exe
  C:\Windows\System\jKEWzIi.exe
  2⤵
  PID:5176
- C:\Windows\System\ieDSSGd.exe
  C:\Windows\System\ieDSSGd.exe
  2⤵
  PID:5196
- C:\Windows\System\LyCySVG.exe
  C:\Windows\System\LyCySVG.exe
  2⤵
  PID:5216
- C:\Windows\System\IJYkpWB.exe
  C:\Windows\System\IJYkpWB.exe
  2⤵
  PID:5236
- C:\Windows\System\vUYxxkg.exe
  C:\Windows\System\vUYxxkg.exe
  2⤵
  PID:5256
- C:\Windows\System\UwFDSvF.exe
  C:\Windows\System\UwFDSvF.exe
  2⤵
  PID:5276
- C:\Windows\System\vDqeSPt.exe
  C:\Windows\System\vDqeSPt.exe
  2⤵
  PID:5296
- C:\Windows\System\eTNQYYM.exe
  C:\Windows\System\eTNQYYM.exe
  2⤵
  PID:5316
- C:\Windows\System\ttlbzZm.exe
  C:\Windows\System\ttlbzZm.exe
  2⤵
  PID:5336
- C:\Windows\System\lZUecZj.exe
  C:\Windows\System\lZUecZj.exe
  2⤵
  PID:5356
- C:\Windows\System\ihIvkMK.exe
  C:\Windows\System\ihIvkMK.exe
  2⤵
  PID:5376
- C:\Windows\System\emTktCP.exe
  C:\Windows\System\emTktCP.exe
  2⤵
  PID:5396
- C:\Windows\System\gUHXIsB.exe
  C:\Windows\System\gUHXIsB.exe
  2⤵
  PID:5416
- C:\Windows\System\fQtVahn.exe
  C:\Windows\System\fQtVahn.exe
  2⤵
  PID:5436
- C:\Windows\System\pGZvQkO.exe
  C:\Windows\System\pGZvQkO.exe
  2⤵
  PID:5456
- C:\Windows\System\CkWVvuo.exe
  C:\Windows\System\CkWVvuo.exe
  2⤵
  PID:5476
- C:\Windows\System\YYQZQpl.exe
  C:\Windows\System\YYQZQpl.exe
  2⤵
  PID:5496
- C:\Windows\System\cvrnPFG.exe
  C:\Windows\System\cvrnPFG.exe
  2⤵
  PID:5516
- C:\Windows\System\QdKnOtb.exe
  C:\Windows\System\QdKnOtb.exe
  2⤵
  PID:5536
- C:\Windows\System\YNpxcNh.exe
  C:\Windows\System\YNpxcNh.exe
  2⤵
  PID:5556
- C:\Windows\System\hZVoExV.exe
  C:\Windows\System\hZVoExV.exe
  2⤵
  PID:5576
- C:\Windows\System\OSPqBjV.exe
  C:\Windows\System\OSPqBjV.exe
  2⤵
  PID:5600
- C:\Windows\System\AVsuYoE.exe
  C:\Windows\System\AVsuYoE.exe
  2⤵
  PID:5620
- C:\Windows\System\XSwxtzv.exe
  C:\Windows\System\XSwxtzv.exe
  2⤵
  PID:5640
- C:\Windows\System\FvwwNMt.exe
  C:\Windows\System\FvwwNMt.exe
  2⤵
  PID:5660
- C:\Windows\System\rGUXtbv.exe
  C:\Windows\System\rGUXtbv.exe
  2⤵
  PID:5680
- C:\Windows\System\sCeuhUi.exe
  C:\Windows\System\sCeuhUi.exe
  2⤵
  PID:5700
- C:\Windows\System\vivHlsO.exe
  C:\Windows\System\vivHlsO.exe
  2⤵
  PID:5720
- C:\Windows\System\oNiSOef.exe
  C:\Windows\System\oNiSOef.exe
  2⤵
  PID:5740
- C:\Windows\System\ouTCtSI.exe
  C:\Windows\System\ouTCtSI.exe
  2⤵
  PID:5760
- C:\Windows\System\kFUzIIP.exe
  C:\Windows\System\kFUzIIP.exe
  2⤵
  PID:5780
- C:\Windows\System\FPLoKQP.exe
  C:\Windows\System\FPLoKQP.exe
  2⤵
  PID:5800
- C:\Windows\System\SYOuINH.exe
  C:\Windows\System\SYOuINH.exe
  2⤵
  PID:5820
- C:\Windows\System\QPibIzN.exe
  C:\Windows\System\QPibIzN.exe
  2⤵
  PID:5840
- C:\Windows\System\MJDEKEO.exe
  C:\Windows\System\MJDEKEO.exe
  2⤵
  PID:5860
- C:\Windows\System\AYrKKEe.exe
  C:\Windows\System\AYrKKEe.exe
  2⤵
  PID:5880
- C:\Windows\System\gagigNC.exe
  C:\Windows\System\gagigNC.exe
  2⤵
  PID:5900
- C:\Windows\System\WhvobbJ.exe
  C:\Windows\System\WhvobbJ.exe
  2⤵
  PID:5920
- C:\Windows\System\ncmyjuc.exe
  C:\Windows\System\ncmyjuc.exe
  2⤵
  PID:5940
- C:\Windows\System\LrKsmTm.exe
  C:\Windows\System\LrKsmTm.exe
  2⤵
  PID:5960
- C:\Windows\System\ROguhQN.exe
  C:\Windows\System\ROguhQN.exe
  2⤵
  PID:5980
- C:\Windows\System\aWLIigt.exe
  C:\Windows\System\aWLIigt.exe
  2⤵
  PID:6000
- C:\Windows\System\vkelDbC.exe
  C:\Windows\System\vkelDbC.exe
  2⤵
  PID:6020
- C:\Windows\System\YRbbFCL.exe
  C:\Windows\System\YRbbFCL.exe
  2⤵
  PID:6040
- C:\Windows\System\DHtEUms.exe
  C:\Windows\System\DHtEUms.exe
  2⤵
  PID:6060
- C:\Windows\System\qPpvaUm.exe
  C:\Windows\System\qPpvaUm.exe
  2⤵
  PID:6080
- C:\Windows\System\yZQGmeC.exe
  C:\Windows\System\yZQGmeC.exe
  2⤵
  PID:6100
- C:\Windows\System\gZzcSjx.exe
  C:\Windows\System\gZzcSjx.exe
  2⤵
  PID:6120
- C:\Windows\System\ZKBsTXx.exe
  C:\Windows\System\ZKBsTXx.exe
  2⤵
  PID:6140
- C:\Windows\System\XhFuzaI.exe
  C:\Windows\System\XhFuzaI.exe
  2⤵
  PID:4676
- C:\Windows\System\NpHJHga.exe
  C:\Windows\System\NpHJHga.exe
  2⤵
  PID:4736
- C:\Windows\System\SQFwpDP.exe
  C:\Windows\System\SQFwpDP.exe
  2⤵
  PID:4804
- C:\Windows\System\UJcMmwk.exe
  C:\Windows\System\UJcMmwk.exe
  2⤵
  PID:4880
- C:\Windows\System\KJCCBzx.exe
  C:\Windows\System\KJCCBzx.exe
  2⤵
  PID:4924
- C:\Windows\System\icsNVlv.exe
  C:\Windows\System\icsNVlv.exe
  2⤵
  PID:4968
- C:\Windows\System\miwRLzG.exe
  C:\Windows\System\miwRLzG.exe
  2⤵
  PID:5056
- C:\Windows\System\ZEIlEvy.exe
  C:\Windows\System\ZEIlEvy.exe
  2⤵
  PID:5108
- C:\Windows\System\GepTDZt.exe
  C:\Windows\System\GepTDZt.exe
  2⤵
  PID:3792
- C:\Windows\System\LIOfCmo.exe
  C:\Windows\System\LIOfCmo.exe
  2⤵
  PID:1284
- C:\Windows\System\ZzZSyfq.exe
  C:\Windows\System\ZzZSyfq.exe
  2⤵
  PID:3032
- C:\Windows\System\ikHvlJs.exe
  C:\Windows\System\ikHvlJs.exe
  2⤵
  PID:2064
- C:\Windows\System\raddfmC.exe
  C:\Windows\System\raddfmC.exe
  2⤵
  PID:3196
- C:\Windows\System\jaXjeOq.exe
  C:\Windows\System\jaXjeOq.exe
  2⤵
  PID:3556
- C:\Windows\System\JRxLLrI.exe
  C:\Windows\System\JRxLLrI.exe
  2⤵
  PID:3716
- C:\Windows\System\FcMAfFb.exe
  C:\Windows\System\FcMAfFb.exe
  2⤵
  PID:4136
- C:\Windows\System\MkuOPMM.exe
  C:\Windows\System\MkuOPMM.exe
  2⤵
  PID:4328
- C:\Windows\System\wYzwrOH.exe
  C:\Windows\System\wYzwrOH.exe
  2⤵
  PID:4432
- C:\Windows\System\qoJIcfF.exe
  C:\Windows\System\qoJIcfF.exe
  2⤵
  PID:4536
- C:\Windows\System\mxOkmcU.exe
  C:\Windows\System\mxOkmcU.exe
  2⤵
  PID:5124
- C:\Windows\System\rrPGptZ.exe
  C:\Windows\System\rrPGptZ.exe
  2⤵
  PID:5152
- C:\Windows\System\LHizfDS.exe
  C:\Windows\System\LHizfDS.exe
  2⤵
  PID:5168
- C:\Windows\System\xZhlQxJ.exe
  C:\Windows\System\xZhlQxJ.exe
  2⤵
  PID:5208
- C:\Windows\System\RFvjWxo.exe
  C:\Windows\System\RFvjWxo.exe
  2⤵
  PID:5252
- C:\Windows\System\nNoACBy.exe
  C:\Windows\System\nNoACBy.exe
  2⤵
  PID:5284
- C:\Windows\System\HZONOYL.exe
  C:\Windows\System\HZONOYL.exe
  2⤵
  PID:5308
- C:\Windows\System\CxbnbQm.exe
  C:\Windows\System\CxbnbQm.exe
  2⤵
  PID:5352
- C:\Windows\System\hjlTwfX.exe
  C:\Windows\System\hjlTwfX.exe
  2⤵
  PID:5372
- C:\Windows\System\VrkaWQA.exe
  C:\Windows\System\VrkaWQA.exe
  2⤵
  PID:5412
- C:\Windows\System\SIFyWqP.exe
  C:\Windows\System\SIFyWqP.exe
  2⤵
  PID:5472
- C:\Windows\System\qZyUKcj.exe
  C:\Windows\System\qZyUKcj.exe
  2⤵
  PID:5484
- C:\Windows\System\fNwVbNZ.exe
  C:\Windows\System\fNwVbNZ.exe
  2⤵
  PID:5508
- C:\Windows\System\qLbpqCJ.exe
  C:\Windows\System\qLbpqCJ.exe
  2⤵
  PID:5552
- C:\Windows\System\LRyacAJ.exe
  C:\Windows\System\LRyacAJ.exe
  2⤵
  PID:5596
- C:\Windows\System\NlGBpQE.exe
  C:\Windows\System\NlGBpQE.exe
  2⤵
  PID:5612
- C:\Windows\System\OXtddnR.exe
  C:\Windows\System\OXtddnR.exe
  2⤵
  PID:5668
- C:\Windows\System\ChOKMWY.exe
  C:\Windows\System\ChOKMWY.exe
  2⤵
  PID:5688
- C:\Windows\System\zpjjOZC.exe
  C:\Windows\System\zpjjOZC.exe
  2⤵
  PID:5712
- C:\Windows\System\lWLcvsR.exe
  C:\Windows\System\lWLcvsR.exe
  2⤵
  PID:2700
- C:\Windows\System\vfonYvE.exe
  C:\Windows\System\vfonYvE.exe
  2⤵
  PID:5776
- C:\Windows\System\MHUGBlU.exe
  C:\Windows\System\MHUGBlU.exe
  2⤵
  PID:5828
- C:\Windows\System\arufPdA.exe
  C:\Windows\System\arufPdA.exe
  2⤵
  PID:5848
- C:\Windows\System\gbgHXRb.exe
  C:\Windows\System\gbgHXRb.exe
  2⤵
  PID:5872
- C:\Windows\System\ngjYroM.exe
  C:\Windows\System\ngjYroM.exe
  2⤵
  PID:5912
- C:\Windows\System\ituKrhr.exe
  C:\Windows\System\ituKrhr.exe
  2⤵
  PID:5956
- C:\Windows\System\rOrNXuM.exe
  C:\Windows\System\rOrNXuM.exe
  2⤵
  PID:5988
- C:\Windows\System\JUryUeI.exe
  C:\Windows\System\JUryUeI.exe
  2⤵
  PID:6016
- C:\Windows\System\HyquQmF.exe
  C:\Windows\System\HyquQmF.exe
  2⤵
  PID:6048
- C:\Windows\System\RUBQtBM.exe
  C:\Windows\System\RUBQtBM.exe
  2⤵
  PID:6072
- C:\Windows\System\XFTamMv.exe
  C:\Windows\System\XFTamMv.exe
  2⤵
  PID:6116
- C:\Windows\System\KcehXzZ.exe
  C:\Windows\System\KcehXzZ.exe
  2⤵
  PID:6132
- C:\Windows\System\hpRSvEZ.exe
  C:\Windows\System\hpRSvEZ.exe
  2⤵
  PID:4776
- C:\Windows\System\hvBFbme.exe
  C:\Windows\System\hvBFbme.exe
  2⤵
  PID:4840
- C:\Windows\System\LLmRQiW.exe
  C:\Windows\System\LLmRQiW.exe
  2⤵
  PID:4884
- C:\Windows\System\SEzUTKg.exe
  C:\Windows\System\SEzUTKg.exe
  2⤵
  PID:5008
- C:\Windows\System\aLDmily.exe
  C:\Windows\System\aLDmily.exe
  2⤵
  PID:3836
- C:\Windows\System\ZLhqqmH.exe
  C:\Windows\System\ZLhqqmH.exe
  2⤵
  PID:3976
- C:\Windows\System\wEpBGbR.exe
  C:\Windows\System\wEpBGbR.exe
  2⤵
  PID:2932
- C:\Windows\System\rKWIQcS.exe
  C:\Windows\System\rKWIQcS.exe
  2⤵
  PID:3472
- C:\Windows\System\weETIak.exe
  C:\Windows\System\weETIak.exe
  2⤵
  PID:4224
- C:\Windows\System\qEHRRRS.exe
  C:\Windows\System\qEHRRRS.exe
  2⤵
  PID:4304
- C:\Windows\System\AwqpbiR.exe
  C:\Windows\System\AwqpbiR.exe
  2⤵
  PID:4504
- C:\Windows\System\TgdDkwz.exe
  C:\Windows\System\TgdDkwz.exe
  2⤵
  PID:4584
- C:\Windows\System\ryhVXHF.exe
  C:\Windows\System\ryhVXHF.exe
  2⤵
  PID:5172
- C:\Windows\System\wXhFLrn.exe
  C:\Windows\System\wXhFLrn.exe
  2⤵
  PID:5264
- C:\Windows\System\fWhgJmI.exe
  C:\Windows\System\fWhgJmI.exe
  2⤵
  PID:5312
- C:\Windows\System\sQzDMAU.exe
  C:\Windows\System\sQzDMAU.exe
  2⤵
  PID:5364
- C:\Windows\System\PhaxCKA.exe
  C:\Windows\System\PhaxCKA.exe
  2⤵
  PID:5404
- C:\Windows\System\SsBIhui.exe
  C:\Windows\System\SsBIhui.exe
  2⤵
  PID:5468
- C:\Windows\System\xLrfPhy.exe
  C:\Windows\System\xLrfPhy.exe
  2⤵
  PID:5504
- C:\Windows\System\gqcHuVy.exe
  C:\Windows\System\gqcHuVy.exe
  2⤵
  PID:5584
- C:\Windows\System\MVdTVsT.exe
  C:\Windows\System\MVdTVsT.exe
  2⤵
  PID:5648
- C:\Windows\System\hFmJBFN.exe
  C:\Windows\System\hFmJBFN.exe
  2⤵
  PID:5692
- C:\Windows\System\gZTvhQH.exe
  C:\Windows\System\gZTvhQH.exe
  2⤵
  PID:5732
- C:\Windows\System\YLFQsYk.exe
  C:\Windows\System\YLFQsYk.exe
  2⤵
  PID:5796
- C:\Windows\System\tuYIDoa.exe
  C:\Windows\System\tuYIDoa.exe
  2⤵
  PID:5812
- C:\Windows\System\MPzGpct.exe
  C:\Windows\System\MPzGpct.exe
  2⤵
  PID:5908
- C:\Windows\System\DVEEPiN.exe
  C:\Windows\System\DVEEPiN.exe
  2⤵
  PID:5952
- C:\Windows\System\vYDCUcZ.exe
  C:\Windows\System\vYDCUcZ.exe
  2⤵
  PID:5992
- C:\Windows\System\lxbRztQ.exe
  C:\Windows\System\lxbRztQ.exe
  2⤵
  PID:6076
- C:\Windows\System\XbFBjFd.exe
  C:\Windows\System\XbFBjFd.exe
  2⤵
  PID:6160
- C:\Windows\System\luCifcr.exe
  C:\Windows\System\luCifcr.exe
  2⤵
  PID:6180
- C:\Windows\System\tcVJHof.exe
  C:\Windows\System\tcVJHof.exe
  2⤵
  PID:6200
- C:\Windows\System\BxFhAZm.exe
  C:\Windows\System\BxFhAZm.exe
  2⤵
  PID:6220
- C:\Windows\System\BNBWGwr.exe
  C:\Windows\System\BNBWGwr.exe
  2⤵
  PID:6240
- C:\Windows\System\mwKXPSo.exe
  C:\Windows\System\mwKXPSo.exe
  2⤵
  PID:6260
- C:\Windows\System\EmTLzwQ.exe
  C:\Windows\System\EmTLzwQ.exe
  2⤵
  PID:6280
- C:\Windows\System\UjwiCfj.exe
  C:\Windows\System\UjwiCfj.exe
  2⤵
  PID:6300
- C:\Windows\System\gXbdNFz.exe
  C:\Windows\System\gXbdNFz.exe
  2⤵
  PID:6320
- C:\Windows\System\HJefLRw.exe
  C:\Windows\System\HJefLRw.exe
  2⤵
  PID:6340
- C:\Windows\System\gdiZmxZ.exe
  C:\Windows\System\gdiZmxZ.exe
  2⤵
  PID:6360
- C:\Windows\System\uCwfeLB.exe
  C:\Windows\System\uCwfeLB.exe
  2⤵
  PID:6380
- C:\Windows\System\EOgMwcX.exe
  C:\Windows\System\EOgMwcX.exe
  2⤵
  PID:6400
- C:\Windows\System\RkNDwoF.exe
  C:\Windows\System\RkNDwoF.exe
  2⤵
  PID:6420
- C:\Windows\System\uabMjUZ.exe
  C:\Windows\System\uabMjUZ.exe
  2⤵
  PID:6444
- C:\Windows\System\sroISxW.exe
  C:\Windows\System\sroISxW.exe
  2⤵
  PID:6464
- C:\Windows\System\Cxfelug.exe
  C:\Windows\System\Cxfelug.exe
  2⤵
  PID:6484
- C:\Windows\System\PlGaIhS.exe
  C:\Windows\System\PlGaIhS.exe
  2⤵
  PID:6504
- C:\Windows\System\kSibmTk.exe
  C:\Windows\System\kSibmTk.exe
  2⤵
  PID:6524
- C:\Windows\System\UBvyEXd.exe
  C:\Windows\System\UBvyEXd.exe
  2⤵
  PID:6544
- C:\Windows\System\akZeYPr.exe
  C:\Windows\System\akZeYPr.exe
  2⤵
  PID:6564
- C:\Windows\System\QvxOARV.exe
  C:\Windows\System\QvxOARV.exe
  2⤵
  PID:6584
- C:\Windows\System\XiUUnWi.exe
  C:\Windows\System\XiUUnWi.exe
  2⤵
  PID:6604
- C:\Windows\System\jUSgsuP.exe
  C:\Windows\System\jUSgsuP.exe
  2⤵
  PID:6624
- C:\Windows\System\YaDvpzz.exe
  C:\Windows\System\YaDvpzz.exe
  2⤵
  PID:6692
- C:\Windows\System\jkbKuPB.exe
  C:\Windows\System\jkbKuPB.exe
  2⤵
  PID:6708
- C:\Windows\System\SmcrRuC.exe
  C:\Windows\System\SmcrRuC.exe
  2⤵
  PID:6724
- C:\Windows\System\PxyfOkH.exe
  C:\Windows\System\PxyfOkH.exe
  2⤵
  PID:6740
- C:\Windows\System\JcnsECJ.exe
  C:\Windows\System\JcnsECJ.exe
  2⤵
  PID:6756
- C:\Windows\System\MSBNpYC.exe
  C:\Windows\System\MSBNpYC.exe
  2⤵
  PID:6772
- C:\Windows\System\KNFpPqZ.exe
  C:\Windows\System\KNFpPqZ.exe
  2⤵
  PID:6792
- C:\Windows\System\TpYBZfH.exe
  C:\Windows\System\TpYBZfH.exe
  2⤵
  PID:6808
- C:\Windows\System\AGncxyp.exe
  C:\Windows\System\AGncxyp.exe
  2⤵
  PID:6824
- C:\Windows\System\eFIxBZS.exe
  C:\Windows\System\eFIxBZS.exe
  2⤵
  PID:6840
- C:\Windows\System\PYgOQuN.exe
  C:\Windows\System\PYgOQuN.exe
  2⤵
  PID:6856
- C:\Windows\System\SCSvVYz.exe
  C:\Windows\System\SCSvVYz.exe
  2⤵
  PID:6872
- C:\Windows\System\wNPnpGK.exe
  C:\Windows\System\wNPnpGK.exe
  2⤵
  PID:6892
- C:\Windows\System\gDNmZpw.exe
  C:\Windows\System\gDNmZpw.exe
  2⤵
  PID:6908
- C:\Windows\System\BZtcbBR.exe
  C:\Windows\System\BZtcbBR.exe
  2⤵
  PID:6924
- C:\Windows\System\yupowhz.exe
  C:\Windows\System\yupowhz.exe
  2⤵
  PID:6940
- C:\Windows\System\ilueSAa.exe
  C:\Windows\System\ilueSAa.exe
  2⤵
  PID:6956
- C:\Windows\System\QIVCUBg.exe
  C:\Windows\System\QIVCUBg.exe
  2⤵
  PID:6972
- C:\Windows\System\seJTLtK.exe
  C:\Windows\System\seJTLtK.exe
  2⤵
  PID:6988
- C:\Windows\System\VcjNbzb.exe
  C:\Windows\System\VcjNbzb.exe
  2⤵
  PID:7004
- C:\Windows\System\bpCQCcN.exe
  C:\Windows\System\bpCQCcN.exe
  2⤵
  PID:7020
- C:\Windows\System\UprmviZ.exe
  C:\Windows\System\UprmviZ.exe
  2⤵
  PID:7036
- C:\Windows\System\NnsbUaF.exe
  C:\Windows\System\NnsbUaF.exe
  2⤵
  PID:7052
- C:\Windows\System\nMAZmuX.exe
  C:\Windows\System\nMAZmuX.exe
  2⤵
  PID:7068
- C:\Windows\System\nkUHGvb.exe
  C:\Windows\System\nkUHGvb.exe
  2⤵
  PID:7088
- C:\Windows\System\UkBMcto.exe
  C:\Windows\System\UkBMcto.exe
  2⤵
  PID:7108
- C:\Windows\System\cHphzBa.exe
  C:\Windows\System\cHphzBa.exe
  2⤵
  PID:5032
- C:\Windows\System\vpuSMgz.exe
  C:\Windows\System\vpuSMgz.exe
  2⤵
  PID:2340
- C:\Windows\System\uvRWOIe.exe
  C:\Windows\System\uvRWOIe.exe
  2⤵
  PID:956
- C:\Windows\System\hXEQNht.exe
  C:\Windows\System\hXEQNht.exe
  2⤵
  PID:3756
- C:\Windows\System\OqVNTgV.exe
  C:\Windows\System\OqVNTgV.exe
  2⤵
  PID:4396
- C:\Windows\System\VEOofUQ.exe
  C:\Windows\System\VEOofUQ.exe
  2⤵
  PID:2912
- C:\Windows\System\qRXxzNW.exe
  C:\Windows\System\qRXxzNW.exe
  2⤵
  PID:5204
- C:\Windows\System\qagoSPJ.exe
  C:\Windows\System\qagoSPJ.exe
  2⤵
  PID:5388
- C:\Windows\System\mRYxiYE.exe
  C:\Windows\System\mRYxiYE.exe
  2⤵
  PID:5428
- C:\Windows\System\dcfNLdX.exe
  C:\Windows\System\dcfNLdX.exe
  2⤵
  PID:5512
- C:\Windows\System\ocqAxPb.exe
  C:\Windows\System\ocqAxPb.exe
  2⤵
  PID:5636
- C:\Windows\System\thjQXhy.exe
  C:\Windows\System\thjQXhy.exe
  2⤵
  PID:5632
- C:\Windows\System\eznRSmp.exe
  C:\Windows\System\eznRSmp.exe
  2⤵
  PID:5768
- C:\Windows\System\MCVxUaD.exe
  C:\Windows\System\MCVxUaD.exe
  2⤵
  PID:5876
- C:\Windows\System\pMSqrWW.exe
  C:\Windows\System\pMSqrWW.exe
  2⤵
  PID:5968
- C:\Windows\System\zHRihNX.exe
  C:\Windows\System\zHRihNX.exe
  2⤵
  PID:6056
- C:\Windows\System\jFpSKBJ.exe
  C:\Windows\System\jFpSKBJ.exe
  2⤵
  PID:6152
- C:\Windows\System\AJFZZNU.exe
  C:\Windows\System\AJFZZNU.exe
  2⤵
  PID:6188
- C:\Windows\System\IXMGlxt.exe
  C:\Windows\System\IXMGlxt.exe
  2⤵
  PID:6212
- C:\Windows\System\vXkxwRT.exe
  C:\Windows\System\vXkxwRT.exe
  2⤵
  PID:6268
- C:\Windows\System\ASVKjFW.exe
  C:\Windows\System\ASVKjFW.exe
  2⤵
  PID:6272
- C:\Windows\System\cTgnRuj.exe
  C:\Windows\System\cTgnRuj.exe
  2⤵
  PID:6328
- C:\Windows\System\SSJofBo.exe
  C:\Windows\System\SSJofBo.exe
  2⤵
  PID:6396
- C:\Windows\System\cwLalrQ.exe
  C:\Windows\System\cwLalrQ.exe
  2⤵
  PID:6428
- C:\Windows\System\AjUBFjJ.exe
  C:\Windows\System\AjUBFjJ.exe
  2⤵
  PID:6452
- C:\Windows\System\jdwZVyi.exe
  C:\Windows\System\jdwZVyi.exe
  2⤵
  PID:6480
- C:\Windows\System\LkpjEiq.exe
  C:\Windows\System\LkpjEiq.exe
  2⤵
  PID:6496
- C:\Windows\System\ieIzbxX.exe
  C:\Windows\System\ieIzbxX.exe
  2⤵
  PID:6540
- C:\Windows\System\jTJhuZe.exe
  C:\Windows\System\jTJhuZe.exe
  2⤵
  PID:6572
- C:\Windows\System\nEeFuEI.exe
  C:\Windows\System\nEeFuEI.exe
  2⤵
  PID:6600
- C:\Windows\System\sgJJtGt.exe
  C:\Windows\System\sgJJtGt.exe
  2⤵
  PID:2744
- C:\Windows\System\mcELzTi.exe
  C:\Windows\System\mcELzTi.exe
  2⤵
  PID:2864
- C:\Windows\System\BlxIYeJ.exe
  C:\Windows\System\BlxIYeJ.exe
  2⤵
  PID:3004
- C:\Windows\System\NjxhOpH.exe
  C:\Windows\System\NjxhOpH.exe
  2⤵
  PID:2820
- C:\Windows\System\SbuSXJw.exe
  C:\Windows\System\SbuSXJw.exe
  2⤵
  PID:600
- C:\Windows\System\zXCkatJ.exe
  C:\Windows\System\zXCkatJ.exe
  2⤵
  PID:2604
- C:\Windows\System\ZBGtJuC.exe
  C:\Windows\System\ZBGtJuC.exe
  2⤵
  PID:1408
- C:\Windows\System\lLokLUz.exe
  C:\Windows\System\lLokLUz.exe
  2⤵
  PID:2796
- C:\Windows\System\yXNHtdX.exe
  C:\Windows\System\yXNHtdX.exe
  2⤵
  PID:4148
- C:\Windows\System\VAFFAzA.exe
  C:\Windows\System\VAFFAzA.exe
  2⤵
  PID:2632
- C:\Windows\System\PjmxHSy.exe
  C:\Windows\System\PjmxHSy.exe
  2⤵
  PID:2612
- C:\Windows\System\TzxiHey.exe
  C:\Windows\System\TzxiHey.exe
  2⤵
  PID:2216
- C:\Windows\System\DmkaDET.exe
  C:\Windows\System\DmkaDET.exe
  2⤵
  PID:1724
- C:\Windows\System\jqWckeJ.exe
  C:\Windows\System\jqWckeJ.exe
  2⤵
  PID:852
- C:\Windows\System\uyXBNgp.exe
  C:\Windows\System\uyXBNgp.exe
  2⤵
  PID:2792
- C:\Windows\System\JNBqlbi.exe
  C:\Windows\System\JNBqlbi.exe
  2⤵
  PID:2432
- C:\Windows\System\AOgPufz.exe
  C:\Windows\System\AOgPufz.exe
  2⤵
  PID:1996
- C:\Windows\System\GQuVaYd.exe
  C:\Windows\System\GQuVaYd.exe
  2⤵
  PID:2716
- C:\Windows\System\pjJemIP.exe
  C:\Windows\System\pjJemIP.exe
  2⤵
  PID:2428
- C:\Windows\System\bANcNao.exe
  C:\Windows\System\bANcNao.exe
  2⤵
  PID:2188
- C:\Windows\System\jerWGDR.exe
  C:\Windows\System\jerWGDR.exe
  2⤵
  PID:2660
- C:\Windows\System\YNjtmbf.exe
  C:\Windows\System\YNjtmbf.exe
  2⤵
  PID:2856
- C:\Windows\System\IuQtFPB.exe
  C:\Windows\System\IuQtFPB.exe
  2⤵
  PID:1016
- C:\Windows\System\kfjEuia.exe
  C:\Windows\System\kfjEuia.exe
  2⤵
  PID:6716
- C:\Windows\System\mZCgiBh.exe
  C:\Windows\System\mZCgiBh.exe
  2⤵
  PID:6752
- C:\Windows\System\xvPffMF.exe
  C:\Windows\System\xvPffMF.exe
  2⤵
  PID:6732
- C:\Windows\System\ojCBaOb.exe
  C:\Windows\System\ojCBaOb.exe
  2⤵
  PID:6800
- C:\Windows\System\efIpgSt.exe
  C:\Windows\System\efIpgSt.exe
  2⤵
  PID:6832
- C:\Windows\System\MxFTSpX.exe
  C:\Windows\System\MxFTSpX.exe
  2⤵
  PID:6864
- C:\Windows\System\jPoRYVj.exe
  C:\Windows\System\jPoRYVj.exe
  2⤵
  PID:6900
- C:\Windows\System\UqZceOi.exe
  C:\Windows\System\UqZceOi.exe
  2⤵
  PID:6932
- C:\Windows\System\tPGACJq.exe
  C:\Windows\System\tPGACJq.exe
  2⤵
  PID:6964
- C:\Windows\System\xyefevt.exe
  C:\Windows\System\xyefevt.exe
  2⤵
  PID:6996
- C:\Windows\System\VVtBdPc.exe
  C:\Windows\System\VVtBdPc.exe
  2⤵
  PID:7044
- C:\Windows\System\mLaFHFS.exe
  C:\Windows\System\mLaFHFS.exe
  2⤵
  PID:7080
- C:\Windows\System\KsblEZB.exe
  C:\Windows\System\KsblEZB.exe
  2⤵
  PID:7096
- C:\Windows\System\iaCFCvV.exe
  C:\Windows\System\iaCFCvV.exe
  2⤵
  PID:5116
- C:\Windows\System\fpNLnQq.exe
  C:\Windows\System\fpNLnQq.exe
  2⤵
  PID:3256
- C:\Windows\System\RdEEqRr.exe
  C:\Windows\System\RdEEqRr.exe
  2⤵
  PID:2760
- C:\Windows\System\wcZHNVn.exe
  C:\Windows\System\wcZHNVn.exe
  2⤵
  PID:5164
- C:\Windows\System\dmOxtZE.exe
  C:\Windows\System\dmOxtZE.exe
  2⤵
  PID:7160
- C:\Windows\System\kCbSdYq.exe
  C:\Windows\System\kCbSdYq.exe
  2⤵
  PID:6128
- C:\Windows\System\FQCAokA.exe
  C:\Windows\System\FQCAokA.exe
  2⤵
  PID:4620
- C:\Windows\System\JJXqWTj.exe
  C:\Windows\System\JJXqWTj.exe
  2⤵
  PID:4820
- C:\Windows\System\xkuuOMZ.exe
  C:\Windows\System\xkuuOMZ.exe
  2⤵
  PID:5288
- C:\Windows\System\xOJispP.exe
  C:\Windows\System\xOJispP.exe
  2⤵
  PID:5672
- C:\Windows\System\gqkFvHF.exe
  C:\Windows\System\gqkFvHF.exe
  2⤵
  PID:4904
- C:\Windows\System\ByOTYCz.exe
  C:\Windows\System\ByOTYCz.exe
  2⤵
  PID:3052
- C:\Windows\System\RnneEjp.exe
  C:\Windows\System\RnneEjp.exe
  2⤵
  PID:5212
- C:\Windows\System\UMGyJOl.exe
  C:\Windows\System\UMGyJOl.exe
  2⤵
  PID:5832
- C:\Windows\System\rFHtqJx.exe
  C:\Windows\System\rFHtqJx.exe
  2⤵
  PID:6172
- C:\Windows\System\IwKrwts.exe
  C:\Windows\System\IwKrwts.exe
  2⤵
  PID:5464
- C:\Windows\System\LAxPKEO.exe
  C:\Windows\System\LAxPKEO.exe
  2⤵
  PID:6316
- C:\Windows\System\SIyeFnP.exe
  C:\Windows\System\SIyeFnP.exe
  2⤵
  PID:5708
- C:\Windows\System\nHpRujw.exe
  C:\Windows\System\nHpRujw.exe
  2⤵
  PID:5928
- C:\Windows\System\HdbzBMk.exe
  C:\Windows\System\HdbzBMk.exe
  2⤵
  PID:5936
- C:\Windows\System\qvzeJsy.exe
  C:\Windows\System\qvzeJsy.exe
  2⤵
  PID:6192
- C:\Windows\System\hUJyFTj.exe
  C:\Windows\System\hUJyFTj.exe
  2⤵
  PID:6388
- C:\Windows\System\nrVINoT.exe
  C:\Windows\System\nrVINoT.exe
  2⤵
  PID:6376
- C:\Windows\System\cfdbPeG.exe
  C:\Windows\System\cfdbPeG.exe
  2⤵
  PID:6456
- C:\Windows\System\amviLlg.exe
  C:\Windows\System\amviLlg.exe
  2⤵
  PID:6520
- C:\Windows\System\yhrmGjL.exe
  C:\Windows\System\yhrmGjL.exe
  2⤵
  PID:6592
- C:\Windows\System\wcYOYrD.exe
  C:\Windows\System\wcYOYrD.exe
  2⤵
  PID:6436
- C:\Windows\System\INslRrL.exe
  C:\Windows\System\INslRrL.exe
  2⤵
  PID:6500
- C:\Windows\System\RRPCEVP.exe
  C:\Windows\System\RRPCEVP.exe
  2⤵
  PID:488
- C:\Windows\System\CbrkDwV.exe
  C:\Windows\System\CbrkDwV.exe
  2⤵
  PID:6616
- C:\Windows\System\gaXcJMf.exe
  C:\Windows\System\gaXcJMf.exe
  2⤵
  PID:1916
- C:\Windows\System\uspvpsR.exe
  C:\Windows\System\uspvpsR.exe
  2⤵
  PID:2540
- C:\Windows\System\mdjzEZl.exe
  C:\Windows\System\mdjzEZl.exe
  2⤵
  PID:2092
- C:\Windows\System\BEypsgz.exe
  C:\Windows\System\BEypsgz.exe
  2⤵
  PID:2592
- C:\Windows\System\wxpLdYS.exe
  C:\Windows\System\wxpLdYS.exe
  2⤵
  PID:592
- C:\Windows\System\FEpqPOd.exe
  C:\Windows\System\FEpqPOd.exe
  2⤵
  PID:1624
- C:\Windows\System\WGSqWOT.exe
  C:\Windows\System\WGSqWOT.exe
  2⤵
  PID:4152
- C:\Windows\System\DMMhwxr.exe
  C:\Windows\System\DMMhwxr.exe
  2⤵
  PID:1876
- C:\Windows\System\WZwGJub.exe
  C:\Windows\System\WZwGJub.exe
  2⤵
  PID:2832
- C:\Windows\System\UcdKbBn.exe
  C:\Windows\System\UcdKbBn.exe
  2⤵
  PID:1628
- C:\Windows\System\akrwUAQ.exe
  C:\Windows\System\akrwUAQ.exe
  2⤵
  PID:2684
- C:\Windows\System\wBuKLfV.exe
  C:\Windows\System\wBuKLfV.exe
  2⤵
  PID:2124
- C:\Windows\System\HGaNZXg.exe
  C:\Windows\System\HGaNZXg.exe
  2⤵
  PID:6788
- C:\Windows\System\ooyZSiu.exe
  C:\Windows\System\ooyZSiu.exe
  2⤵
  PID:6880
- C:\Windows\System\kvsgWvO.exe
  C:\Windows\System\kvsgWvO.exe
  2⤵
  PID:444
- C:\Windows\System\VvRBlkX.exe
  C:\Windows\System\VvRBlkX.exe
  2⤵
  PID:7000
- C:\Windows\System\qzFMPzl.exe
  C:\Windows\System\qzFMPzl.exe
  2⤵
  PID:6764
- C:\Windows\System\RBJWGuQ.exe
  C:\Windows\System\RBJWGuQ.exe
  2⤵
  PID:6904
- C:\Windows\System\CkotwTD.exe
  C:\Windows\System\CkotwTD.exe
  2⤵
  PID:7060
- C:\Windows\System\SUYbPCo.exe
  C:\Windows\System\SUYbPCo.exe
  2⤵
  PID:3452
- C:\Windows\System\AaAjEOk.exe
  C:\Windows\System\AaAjEOk.exe
  2⤵
  PID:6092
- C:\Windows\System\zNYwoxu.exe
  C:\Windows\System\zNYwoxu.exe
  2⤵
  PID:7104
- C:\Windows\System\TzByLaG.exe
  C:\Windows\System\TzByLaG.exe
  2⤵
  PID:4848
- C:\Windows\System\uuVtQVe.exe
  C:\Windows\System\uuVtQVe.exe
  2⤵
  PID:6232
- C:\Windows\System\VBHldzZ.exe
  C:\Windows\System\VBHldzZ.exe
  2⤵
  PID:4408
- C:\Windows\System\fpZljPD.exe
  C:\Windows\System\fpZljPD.exe
  2⤵
  PID:5616
- C:\Windows\System\JFmqfbF.exe
  C:\Windows\System\JFmqfbF.exe
  2⤵
  PID:6276
- C:\Windows\System\TTUbVUV.exe
  C:\Windows\System\TTUbVUV.exe
  2⤵
  PID:6576
- C:\Windows\System\vIfBKAe.exe
  C:\Windows\System\vIfBKAe.exe
  2⤵
  PID:316
- C:\Windows\System\VvotJkV.exe
  C:\Windows\System\VvotJkV.exe
  2⤵
  PID:2600
- C:\Windows\System\pKjGBCj.exe
  C:\Windows\System\pKjGBCj.exe
  2⤵
  PID:6136
- C:\Windows\System\TiyGJeC.exe
  C:\Windows\System\TiyGJeC.exe
  2⤵
  PID:1684
- C:\Windows\System\fousCJL.exe
  C:\Windows\System\fousCJL.exe
  2⤵
  PID:5004
- C:\Windows\System\BTNsLLq.exe
  C:\Windows\System\BTNsLLq.exe
  2⤵
  PID:6176
- C:\Windows\System\uoNlkAH.exe
  C:\Windows\System\uoNlkAH.exe
  2⤵
  PID:2956
- C:\Windows\System\AdttFYA.exe
  C:\Windows\System\AdttFYA.exe
  2⤵
  PID:6820
- C:\Windows\System\jMDQHgk.exe
  C:\Windows\System\jMDQHgk.exe
  2⤵
  PID:6356
- C:\Windows\System\dlMVnQI.exe
  C:\Windows\System\dlMVnQI.exe
  2⤵
  PID:6632
- C:\Windows\System\ORRvEMQ.exe
  C:\Windows\System\ORRvEMQ.exe
  2⤵
  PID:2100
- C:\Windows\System\qCbkyGP.exe
  C:\Windows\System\qCbkyGP.exe
  2⤵
  PID:2524
- C:\Windows\System\nRMincu.exe
  C:\Windows\System\nRMincu.exe
  2⤵
  PID:1576
- C:\Windows\System\CqohOEa.exe
  C:\Windows\System\CqohOEa.exe
  2⤵
  PID:2664
- C:\Windows\System\WTjJKPJ.exe
  C:\Windows\System\WTjJKPJ.exe
  2⤵
  PID:6952
- C:\Windows\System\bWvHxEK.exe
  C:\Windows\System\bWvHxEK.exe
  2⤵
  PID:6852
- C:\Windows\System\zwGRmRn.exe
  C:\Windows\System\zwGRmRn.exe
  2⤵
  PID:4728
- C:\Windows\System\TTusNBs.exe
  C:\Windows\System\TTusNBs.exe
  2⤵
  PID:5792
- C:\Windows\System\XDXdZDo.exe
  C:\Windows\System\XDXdZDo.exe
  2⤵
  PID:6096
- C:\Windows\System\ulDqDqn.exe
  C:\Windows\System\ulDqDqn.exe
  2⤵
  PID:5532
- C:\Windows\System\QmhKVVG.exe
  C:\Windows\System\QmhKVVG.exe
  2⤵
  PID:5868
- C:\Windows\System\XbZNhwg.exe
  C:\Windows\System\XbZNhwg.exe
  2⤵
  PID:7016
- C:\Windows\System\HdyFWYK.exe
  C:\Windows\System\HdyFWYK.exe
  2⤵
  PID:5328
- C:\Windows\System\biyFOeg.exe
  C:\Windows\System\biyFOeg.exe
  2⤵
  PID:4244
- C:\Windows\System\amiFrjV.exe
  C:\Windows\System\amiFrjV.exe
  2⤵
  PID:6292
- C:\Windows\System\gsNKduv.exe
  C:\Windows\System\gsNKduv.exe
  2⤵
  PID:1992
- C:\Windows\System\JyvnUfW.exe
  C:\Windows\System\JyvnUfW.exe
  2⤵
  PID:7028
- C:\Windows\System\hiQOgdt.exe
  C:\Windows\System\hiQOgdt.exe
  2⤵
  PID:6612
- C:\Windows\System\LlRioka.exe
  C:\Windows\System\LlRioka.exe
  2⤵
  PID:2328
- C:\Windows\System\VUgJHzx.exe
  C:\Windows\System\VUgJHzx.exe
  2⤵
  PID:2876
- C:\Windows\System\IsfzPKh.exe
  C:\Windows\System\IsfzPKh.exe
  2⤵
  PID:2136
- C:\Windows\System\rRkQNTI.exe
  C:\Windows\System\rRkQNTI.exe
  2⤵
  PID:7156
- C:\Windows\System\JUoPvYq.exe
  C:\Windows\System\JUoPvYq.exe
  2⤵
  PID:776
- C:\Windows\System\MFNEVFT.exe
  C:\Windows\System\MFNEVFT.exe
  2⤵
  PID:1340
- C:\Windows\System\AYAiAVK.exe
  C:\Windows\System\AYAiAVK.exe
  2⤵
  PID:6416
- C:\Windows\System\xNfhiZv.exe
  C:\Windows\System\xNfhiZv.exe
  2⤵
  PID:3936
- C:\Windows\System\CRVOzyy.exe
  C:\Windows\System\CRVOzyy.exe
  2⤵
  PID:6308
- C:\Windows\System\UlpHeNN.exe
  C:\Windows\System\UlpHeNN.exe
  2⤵
  PID:2696
- C:\Windows\System\qredjrU.exe
  C:\Windows\System\qredjrU.exe
  2⤵
  PID:5948
- C:\Windows\System\UOqQenZ.exe
  C:\Windows\System\UOqQenZ.exe
  2⤵
  PID:2748
- C:\Windows\System\GfxdUvU.exe
  C:\Windows\System\GfxdUvU.exe
  2⤵
  PID:6836
- C:\Windows\System\YfdIjwU.exe
  C:\Windows\System\YfdIjwU.exe
  2⤵
  PID:6560
- C:\Windows\System\UuzfWvR.exe
  C:\Windows\System\UuzfWvR.exe
  2⤵
  PID:7184
- C:\Windows\System\ZEFmCYh.exe
  C:\Windows\System\ZEFmCYh.exe
  2⤵
  PID:7200
- C:\Windows\System\eZlRMNl.exe
  C:\Windows\System\eZlRMNl.exe
  2⤵
  PID:7216
- C:\Windows\System\EQnjsGM.exe
  C:\Windows\System\EQnjsGM.exe
  2⤵
  PID:7232
- C:\Windows\System\BWjTnVY.exe
  C:\Windows\System\BWjTnVY.exe
  2⤵
  PID:7248
- C:\Windows\System\PNtqyju.exe
  C:\Windows\System\PNtqyju.exe
  2⤵
  PID:7264
- C:\Windows\System\cWPmWUi.exe
  C:\Windows\System\cWPmWUi.exe
  2⤵
  PID:7280
- C:\Windows\System\GQiYKWs.exe
  C:\Windows\System\GQiYKWs.exe
  2⤵
  PID:7296
- C:\Windows\System\Zqcojba.exe
  C:\Windows\System\Zqcojba.exe
  2⤵
  PID:7312
- C:\Windows\System\ppFVGWw.exe
  C:\Windows\System\ppFVGWw.exe
  2⤵
  PID:7328
- C:\Windows\System\lJYRhYg.exe
  C:\Windows\System\lJYRhYg.exe
  2⤵
  PID:7344
- C:\Windows\System\eCGhjbo.exe
  C:\Windows\System\eCGhjbo.exe
  2⤵
  PID:7360
- C:\Windows\System\tIOZowx.exe
  C:\Windows\System\tIOZowx.exe
  2⤵
  PID:7376
- C:\Windows\System\mNAAcPO.exe
  C:\Windows\System\mNAAcPO.exe
  2⤵
  PID:7392
- C:\Windows\System\zVyVqfu.exe
  C:\Windows\System\zVyVqfu.exe
  2⤵
  PID:7408
- C:\Windows\System\hlolqxD.exe
  C:\Windows\System\hlolqxD.exe
  2⤵
  PID:7424
- C:\Windows\System\DfrWPnN.exe
  C:\Windows\System\DfrWPnN.exe
  2⤵
  PID:7440
- C:\Windows\System\zVpIQzG.exe
  C:\Windows\System\zVpIQzG.exe
  2⤵
  PID:7456
- C:\Windows\System\shPgxrl.exe
  C:\Windows\System\shPgxrl.exe
  2⤵
  PID:7472
- C:\Windows\System\RKgCghr.exe
  C:\Windows\System\RKgCghr.exe
  2⤵
  PID:7488
- C:\Windows\System\WwYfzTR.exe
  C:\Windows\System\WwYfzTR.exe
  2⤵
  PID:7508
- C:\Windows\System\KcXoiDl.exe
  C:\Windows\System\KcXoiDl.exe
  2⤵
  PID:7524
- C:\Windows\System\laabFPp.exe
  C:\Windows\System\laabFPp.exe
  2⤵
  PID:7540
- C:\Windows\System\YGUltCu.exe
  C:\Windows\System\YGUltCu.exe
  2⤵
  PID:7556
- C:\Windows\System\ujcHxJq.exe
  C:\Windows\System\ujcHxJq.exe
  2⤵
  PID:7572
- C:\Windows\System\duhAaWY.exe
  C:\Windows\System\duhAaWY.exe
  2⤵
  PID:7588
- C:\Windows\System\VDZGalY.exe
  C:\Windows\System\VDZGalY.exe
  2⤵
  PID:7604
- C:\Windows\System\RWlLIfC.exe
  C:\Windows\System\RWlLIfC.exe
  2⤵
  PID:7620
- C:\Windows\System\StwtUeU.exe
  C:\Windows\System\StwtUeU.exe
  2⤵
  PID:7636
- C:\Windows\System\aLkdnen.exe
  C:\Windows\System\aLkdnen.exe
  2⤵
  PID:7652
- C:\Windows\System\ibYoDoM.exe
  C:\Windows\System\ibYoDoM.exe
  2⤵
  PID:7668
- C:\Windows\System\VFRSZkJ.exe
  C:\Windows\System\VFRSZkJ.exe
  2⤵
  PID:7684
- C:\Windows\System\xWLfGXc.exe
  C:\Windows\System\xWLfGXc.exe
  2⤵
  PID:7700
- C:\Windows\System\gODfJGC.exe
  C:\Windows\System\gODfJGC.exe
  2⤵
  PID:7716
- C:\Windows\System\LsBPxrQ.exe
  C:\Windows\System\LsBPxrQ.exe
  2⤵
  PID:7732
- C:\Windows\System\aiGsFZV.exe
  C:\Windows\System\aiGsFZV.exe
  2⤵
  PID:7748
- C:\Windows\System\XvqksjA.exe
  C:\Windows\System\XvqksjA.exe
  2⤵
  PID:7764
- C:\Windows\System\XnniiSe.exe
  C:\Windows\System\XnniiSe.exe
  2⤵
  PID:7780
- C:\Windows\System\OKFbfgR.exe
  C:\Windows\System\OKFbfgR.exe
  2⤵
  PID:7796
- C:\Windows\System\gmdoKMK.exe
  C:\Windows\System\gmdoKMK.exe
  2⤵
  PID:7812
- C:\Windows\System\sxGiGfp.exe
  C:\Windows\System\sxGiGfp.exe
  2⤵
  PID:7828
- C:\Windows\System\IRmDnyr.exe
  C:\Windows\System\IRmDnyr.exe
  2⤵
  PID:7844
- C:\Windows\System\gkGDZIY.exe
  C:\Windows\System\gkGDZIY.exe
  2⤵
  PID:7860
- C:\Windows\System\zOYQAQP.exe
  C:\Windows\System\zOYQAQP.exe
  2⤵
  PID:7876
- C:\Windows\System\SuhPDix.exe
  C:\Windows\System\SuhPDix.exe
  2⤵
  PID:7892
- C:\Windows\System\mKKLQHC.exe
  C:\Windows\System\mKKLQHC.exe
  2⤵
  PID:7908
- C:\Windows\System\CCcGaFh.exe
  C:\Windows\System\CCcGaFh.exe
  2⤵
  PID:7924
- C:\Windows\System\vYjLVHq.exe
  C:\Windows\System\vYjLVHq.exe
  2⤵
  PID:7940
- C:\Windows\System\eOzCuSb.exe
  C:\Windows\System\eOzCuSb.exe
  2⤵
  PID:7956
- C:\Windows\System\CBYvFcn.exe
  C:\Windows\System\CBYvFcn.exe
  2⤵
  PID:7972
- C:\Windows\System\hYVKzda.exe
  C:\Windows\System\hYVKzda.exe
  2⤵
  PID:7988
- C:\Windows\System\murUNyz.exe
  C:\Windows\System\murUNyz.exe
  2⤵
  PID:8004
- C:\Windows\System\kRfzONR.exe
  C:\Windows\System\kRfzONR.exe
  2⤵
  PID:8020
- C:\Windows\System\fYoYscr.exe
  C:\Windows\System\fYoYscr.exe
  2⤵
  PID:8036
- C:\Windows\System\lzCaMGp.exe
  C:\Windows\System\lzCaMGp.exe
  2⤵
  PID:8052
- C:\Windows\System\detpxvF.exe
  C:\Windows\System\detpxvF.exe
  2⤵
  PID:8068
- C:\Windows\System\cgwRkfW.exe
  C:\Windows\System\cgwRkfW.exe
  2⤵
  PID:8084
- C:\Windows\System\ZMwnLtZ.exe
  C:\Windows\System\ZMwnLtZ.exe
  2⤵
  PID:8100
- C:\Windows\System\JZpnwzm.exe
  C:\Windows\System\JZpnwzm.exe
  2⤵
  PID:8116
- C:\Windows\System\ZWbTOgx.exe
  C:\Windows\System\ZWbTOgx.exe
  2⤵
  PID:8132
- C:\Windows\System\ygWEwGj.exe
  C:\Windows\System\ygWEwGj.exe
  2⤵
  PID:8152
- C:\Windows\System\yrUVouZ.exe
  C:\Windows\System\yrUVouZ.exe
  2⤵
  PID:8168
- C:\Windows\System\turnAMK.exe
  C:\Windows\System\turnAMK.exe
  2⤵
  PID:8184
- C:\Windows\System\gHILrtX.exe
  C:\Windows\System\gHILrtX.exe
  2⤵
  PID:7192
- C:\Windows\System\lXOLHHU.exe
  C:\Windows\System\lXOLHHU.exe
  2⤵
  PID:7176
- C:\Windows\System\nvyfiwy.exe
  C:\Windows\System\nvyfiwy.exe
  2⤵
  PID:7256
- C:\Windows\System\hmGbOUY.exe
  C:\Windows\System\hmGbOUY.exe
  2⤵
  PID:7324
- C:\Windows\System\odKgkhM.exe
  C:\Windows\System\odKgkhM.exe
  2⤵
  PID:7384
- C:\Windows\System\crMHwdb.exe
  C:\Windows\System\crMHwdb.exe
  2⤵
  PID:7420
- C:\Windows\System\MXnNVIN.exe
  C:\Windows\System\MXnNVIN.exe
  2⤵
  PID:7304
- C:\Windows\System\xWxXnqI.exe
  C:\Windows\System\xWxXnqI.exe
  2⤵
  PID:7468
- C:\Windows\System\SxJgLpT.exe
  C:\Windows\System\SxJgLpT.exe
  2⤵
  PID:7372
- C:\Windows\System\QnHLAPo.exe
  C:\Windows\System\QnHLAPo.exe
  2⤵
  PID:7436
- C:\Windows\System\RXSTZyQ.exe
  C:\Windows\System\RXSTZyQ.exe
  2⤵
  PID:7500
- C:\Windows\System\ecGYKeB.exe
  C:\Windows\System\ecGYKeB.exe
  2⤵
  PID:7548
- C:\Windows\System\wXsAhqC.exe
  C:\Windows\System\wXsAhqC.exe
  2⤵
  PID:7532
- C:\Windows\System\VZiWvaR.exe
  C:\Windows\System\VZiWvaR.exe
  2⤵
  PID:7616
- C:\Windows\System\hUIrdxF.exe
  C:\Windows\System\hUIrdxF.exe
  2⤵
  PID:7596
- C:\Windows\System\jRAkyJg.exe
  C:\Windows\System\jRAkyJg.exe
  2⤵
  PID:7600
- C:\Windows\System\lmHeAUJ.exe
  C:\Windows\System\lmHeAUJ.exe
  2⤵
  PID:7708
- C:\Windows\System\NQkkkIA.exe
  C:\Windows\System\NQkkkIA.exe
  2⤵
  PID:7692
- C:\Windows\System\cDyTicY.exe
  C:\Windows\System\cDyTicY.exe
  2⤵
  PID:7728
- C:\Windows\System\SHeWkjt.exe
  C:\Windows\System\SHeWkjt.exe
  2⤵
  PID:7804
- C:\Windows\System\SvgDPFr.exe
  C:\Windows\System\SvgDPFr.exe
  2⤵
  PID:7868
- C:\Windows\System\zbQsghd.exe
  C:\Windows\System\zbQsghd.exe
  2⤵
  PID:7852
- C:\Windows\System\THVoXZi.exe
  C:\Windows\System\THVoXZi.exe
  2⤵
  PID:7888
- C:\Windows\System\cQRmJkD.exe
  C:\Windows\System\cQRmJkD.exe
  2⤵
  PID:7820
- C:\Windows\System\AaAIVQU.exe
  C:\Windows\System\AaAIVQU.exe
  2⤵
  PID:7920
- C:\Windows\System\SCLslEH.exe
  C:\Windows\System\SCLslEH.exe
  2⤵
  PID:8000
- C:\Windows\System\byQDicp.exe
  C:\Windows\System\byQDicp.exe
  2⤵
  PID:7980
- C:\Windows\System\SEDCWMz.exe
  C:\Windows\System\SEDCWMz.exe
  2⤵
  PID:8044
- C:\Windows\System\FwZkGMa.exe
  C:\Windows\System\FwZkGMa.exe
  2⤵
  PID:8096
- C:\Windows\System\CrVWaKx.exe
  C:\Windows\System\CrVWaKx.exe
  2⤵
  PID:8140
- C:\Windows\System\ziiQdFz.exe
  C:\Windows\System\ziiQdFz.exe
  2⤵
  PID:8112
- C:\Windows\System\QBiNgpn.exe
  C:\Windows\System\QBiNgpn.exe
  2⤵
  PID:6816
- C:\Windows\System\eNCdHrn.exe
  C:\Windows\System\eNCdHrn.exe
  2⤵
  PID:7228
- C:\Windows\System\mVYzBNZ.exe
  C:\Windows\System\mVYzBNZ.exe
  2⤵
  PID:7368
- C:\Windows\System\alJmKcJ.exe
  C:\Windows\System\alJmKcJ.exe
  2⤵
  PID:7480
- C:\Windows\System\REgyouk.exe
  C:\Windows\System\REgyouk.exe
  2⤵
  PID:7648
- C:\Windows\System\TXuTGRe.exe
  C:\Windows\System\TXuTGRe.exe
  2⤵
  PID:7696
- C:\Windows\System\YuZwxBT.exe
  C:\Windows\System\YuZwxBT.exe
  2⤵
  PID:7664
- C:\Windows\System\pVXlHcD.exe
  C:\Windows\System\pVXlHcD.exe
  2⤵
  PID:7660
- C:\Windows\System\FTlUulm.exe
  C:\Windows\System\FTlUulm.exe
  2⤵
  PID:7432
- C:\Windows\System\rWIuLLt.exe
  C:\Windows\System\rWIuLLt.exe
  2⤵
  PID:7388
- C:\Windows\System\iwtirjf.exe
  C:\Windows\System\iwtirjf.exe
  2⤵
  PID:7836
- C:\Windows\System\xdStNdv.exe
  C:\Windows\System\xdStNdv.exe
  2⤵
  PID:7884
- C:\Windows\System\eldiZUL.exe
  C:\Windows\System\eldiZUL.exe
  2⤵
  PID:8028
- C:\Windows\System\isJPVGh.exe
  C:\Windows\System\isJPVGh.exe
  2⤵
  PID:8080
- C:\Windows\System\Bytefhn.exe
  C:\Windows\System\Bytefhn.exe
  2⤵
  PID:7452
- C:\Windows\System\HARQRRK.exe
  C:\Windows\System\HARQRRK.exe
  2⤵
  PID:7680
- C:\Windows\System\CZHPzAU.exe
  C:\Windows\System\CZHPzAU.exe
  2⤵
  PID:7792
- C:\Windows\System\MXfnhwT.exe
  C:\Windows\System\MXfnhwT.exe
  2⤵
  PID:8012
- C:\Windows\System\pcOMdok.exe
  C:\Windows\System\pcOMdok.exe
  2⤵
  PID:8160
- C:\Windows\System\gLRNQlr.exe
  C:\Windows\System\gLRNQlr.exe
  2⤵
  PID:7564
- C:\Windows\System\OsnJDcj.exe
  C:\Windows\System\OsnJDcj.exe
  2⤵
  PID:7584
- C:\Windows\System\EHoQaHM.exe
  C:\Windows\System\EHoQaHM.exe
  2⤵
  PID:7856
- C:\Windows\System\viBYCix.exe
  C:\Windows\System\viBYCix.exe
  2⤵
  PID:7900
- C:\Windows\System\dEcbrki.exe
  C:\Windows\System\dEcbrki.exe
  2⤵
  PID:7356
- C:\Windows\System\jjgZINu.exe
  C:\Windows\System\jjgZINu.exe
  2⤵
  PID:8176
- C:\Windows\System\FFQRltD.exe
  C:\Windows\System\FFQRltD.exe
  2⤵
  PID:8204
- C:\Windows\System\XKvbECD.exe
  C:\Windows\System\XKvbECD.exe
  2⤵
  PID:8220
- C:\Windows\System\lpKKVCq.exe
  C:\Windows\System\lpKKVCq.exe
  2⤵
  PID:8240
- C:\Windows\System\zCdTykf.exe
  C:\Windows\System\zCdTykf.exe
  2⤵
  PID:8256
- C:\Windows\System\LyyvcMA.exe
  C:\Windows\System\LyyvcMA.exe
  2⤵
  PID:8272
- C:\Windows\System\jZjnLHV.exe
  C:\Windows\System\jZjnLHV.exe
  2⤵
  PID:8288
- C:\Windows\System\GpiyagK.exe
  C:\Windows\System\GpiyagK.exe
  2⤵
  PID:8304
- C:\Windows\System\kgRmfrz.exe
  C:\Windows\System\kgRmfrz.exe
  2⤵
  PID:8320
- C:\Windows\System\XRreACw.exe
  C:\Windows\System\XRreACw.exe
  2⤵
  PID:8336
- C:\Windows\System\jnhaYPQ.exe
  C:\Windows\System\jnhaYPQ.exe
  2⤵
  PID:8356
- C:\Windows\System\dSJwtHi.exe
  C:\Windows\System\dSJwtHi.exe
  2⤵
  PID:8372
- C:\Windows\System\zJFYpjg.exe
  C:\Windows\System\zJFYpjg.exe
  2⤵
  PID:8388
- C:\Windows\System\tomKWtv.exe
  C:\Windows\System\tomKWtv.exe
  2⤵
  PID:8404
- C:\Windows\System\DYigTBt.exe
  C:\Windows\System\DYigTBt.exe
  2⤵
  PID:8420
- C:\Windows\System\vykWAwI.exe
  C:\Windows\System\vykWAwI.exe
  2⤵
  PID:8436
- C:\Windows\System\alfFleI.exe
  C:\Windows\System\alfFleI.exe
  2⤵
  PID:8452
- C:\Windows\System\AkrMQra.exe
  C:\Windows\System\AkrMQra.exe
  2⤵
  PID:8468
- C:\Windows\System\dJYANSi.exe
  C:\Windows\System\dJYANSi.exe
  2⤵
  PID:8484
- C:\Windows\System\JBNVPHU.exe
  C:\Windows\System\JBNVPHU.exe
  2⤵
  PID:8504
- C:\Windows\System\ZZrbYCb.exe
  C:\Windows\System\ZZrbYCb.exe
  2⤵
  PID:8520
- C:\Windows\System\yHfPNLM.exe
  C:\Windows\System\yHfPNLM.exe
  2⤵
  PID:8536
- C:\Windows\System\MxGvovd.exe
  C:\Windows\System\MxGvovd.exe
  2⤵
  PID:8552
- C:\Windows\System\JIGFfuR.exe
  C:\Windows\System\JIGFfuR.exe
  2⤵
  PID:8568
- C:\Windows\System\DEUvsFM.exe
  C:\Windows\System\DEUvsFM.exe
  2⤵
  PID:8584
- C:\Windows\System\XtpxSjw.exe
  C:\Windows\System\XtpxSjw.exe
  2⤵
  PID:8600
- C:\Windows\System\lSlKxAw.exe
  C:\Windows\System\lSlKxAw.exe
  2⤵
  PID:8616
- C:\Windows\System\VxfnGOG.exe
  C:\Windows\System\VxfnGOG.exe
  2⤵
  PID:8632
- C:\Windows\System\yzUuUXf.exe
  C:\Windows\System\yzUuUXf.exe
  2⤵
  PID:8648
- C:\Windows\System\YcCaMTm.exe
  C:\Windows\System\YcCaMTm.exe
  2⤵
  PID:8668
- C:\Windows\System\cWchgoc.exe
  C:\Windows\System\cWchgoc.exe
  2⤵
  PID:8684
- C:\Windows\System\yICOcvE.exe
  C:\Windows\System\yICOcvE.exe
  2⤵
  PID:8700
- C:\Windows\System\IdzpAWI.exe
  C:\Windows\System\IdzpAWI.exe
  2⤵
  PID:8716
- C:\Windows\System\DnbhFhP.exe
  C:\Windows\System\DnbhFhP.exe
  2⤵
  PID:8732
- C:\Windows\System\cXaiVeN.exe
  C:\Windows\System\cXaiVeN.exe
  2⤵
  PID:8748
- C:\Windows\System\VWBaAMB.exe
  C:\Windows\System\VWBaAMB.exe
  2⤵
  PID:8764
- C:\Windows\System\ErAZmPH.exe
  C:\Windows\System\ErAZmPH.exe
  2⤵
  PID:8780
- C:\Windows\System\RGzlvPg.exe
  C:\Windows\System\RGzlvPg.exe
  2⤵
  PID:8796
- C:\Windows\System\LYqTrUk.exe
  C:\Windows\System\LYqTrUk.exe
  2⤵
  PID:8812
- C:\Windows\System\yHLakHc.exe
  C:\Windows\System\yHLakHc.exe
  2⤵
  PID:8828
- C:\Windows\System\bTdLMpB.exe
  C:\Windows\System\bTdLMpB.exe
  2⤵
  PID:8844
- C:\Windows\System\iMiqRqT.exe
  C:\Windows\System\iMiqRqT.exe
  2⤵
  PID:8860
- C:\Windows\System\GlYJwnc.exe
  C:\Windows\System\GlYJwnc.exe
  2⤵
  PID:8876
- C:\Windows\System\gYBiKrz.exe
  C:\Windows\System\gYBiKrz.exe
  2⤵
  PID:8892
- C:\Windows\System\hWnAOIB.exe
  C:\Windows\System\hWnAOIB.exe
  2⤵
  PID:8908
- C:\Windows\System\LKaoMyf.exe
  C:\Windows\System\LKaoMyf.exe
  2⤵
  PID:8924
- C:\Windows\System\iJGtjFw.exe
  C:\Windows\System\iJGtjFw.exe
  2⤵
  PID:8940
- C:\Windows\System\qtmVAWV.exe
  C:\Windows\System\qtmVAWV.exe
  2⤵
  PID:8956
- C:\Windows\System\YwDLvUa.exe
  C:\Windows\System\YwDLvUa.exe
  2⤵
  PID:8972
- C:\Windows\System\xwVPcdS.exe
  C:\Windows\System\xwVPcdS.exe
  2⤵
  PID:8988
- C:\Windows\System\ahGAYyi.exe
  C:\Windows\System\ahGAYyi.exe
  2⤵
  PID:9004
- C:\Windows\System\TgHrmRO.exe
  C:\Windows\System\TgHrmRO.exe
  2⤵
  PID:9020
- C:\Windows\System\LCEndOj.exe
  C:\Windows\System\LCEndOj.exe
  2⤵
  PID:9036
- C:\Windows\System\KeffsVT.exe
  C:\Windows\System\KeffsVT.exe
  2⤵
  PID:9052
- C:\Windows\System\NeeeRqs.exe
  C:\Windows\System\NeeeRqs.exe
  2⤵
  PID:9068
- C:\Windows\System\nLrzbGu.exe
  C:\Windows\System\nLrzbGu.exe
  2⤵
  PID:9084
- C:\Windows\System\OMHIytG.exe
  C:\Windows\System\OMHIytG.exe
  2⤵
  PID:9100
- C:\Windows\System\PHbRaNl.exe
  C:\Windows\System\PHbRaNl.exe
  2⤵
  PID:9116
- C:\Windows\System\SDMpAaH.exe
  C:\Windows\System\SDMpAaH.exe
  2⤵
  PID:9132
- C:\Windows\System\ZlQbMsr.exe
  C:\Windows\System\ZlQbMsr.exe
  2⤵
  PID:9148
- C:\Windows\System\BrpLHMF.exe
  C:\Windows\System\BrpLHMF.exe
  2⤵
  PID:9168
- C:\Windows\System\anyAMFY.exe
  C:\Windows\System\anyAMFY.exe
  2⤵
  PID:9184
- C:\Windows\System\SzcqJEj.exe
  C:\Windows\System\SzcqJEj.exe
  2⤵
  PID:9200
- C:\Windows\System\BtTQyMC.exe
  C:\Windows\System\BtTQyMC.exe
  2⤵
  PID:8196
- C:\Windows\System\QGAwKnX.exe
  C:\Windows\System\QGAwKnX.exe
  2⤵
  PID:8264
- C:\Windows\System\CZXAJqL.exe
  C:\Windows\System\CZXAJqL.exe
  2⤵
  PID:8328
- C:\Windows\System\ARRLswt.exe
  C:\Windows\System\ARRLswt.exe
  2⤵
  PID:7936
- C:\Windows\System\tvKuGMJ.exe
  C:\Windows\System\tvKuGMJ.exe
  2⤵
  PID:7964
- C:\Windows\System\bdsNcxC.exe
  C:\Windows\System\bdsNcxC.exe
  2⤵
  PID:8048
- C:\Windows\System\xKeUomS.exe
  C:\Windows\System\xKeUomS.exe
  2⤵
  PID:7464
- C:\Windows\System\TWyHkJC.exe
  C:\Windows\System\TWyHkJC.exe
  2⤵
  PID:8216
- C:\Windows\System\UUHttSv.exe
  C:\Windows\System\UUHttSv.exe
  2⤵
  PID:8284
- C:\Windows\System\nllOMvX.exe
  C:\Windows\System\nllOMvX.exe
  2⤵
  PID:8352
- C:\Windows\System\wEMDkye.exe
  C:\Windows\System\wEMDkye.exe
  2⤵
  PID:8384
- C:\Windows\System\TgzjFnh.exe
  C:\Windows\System\TgzjFnh.exe
  2⤵
  PID:8492
- C:\Windows\System\jVVvZLG.exe
  C:\Windows\System\jVVvZLG.exe
  2⤵
  PID:8496
- C:\Windows\System\OSTHoyq.exe
  C:\Windows\System\OSTHoyq.exe
  2⤵
  PID:8596
- C:\Windows\System\VMjoSft.exe
  C:\Windows\System\VMjoSft.exe
  2⤵
  PID:8656
- C:\Windows\System\XMdpEgi.exe
  C:\Windows\System\XMdpEgi.exe
  2⤵
  PID:8724
- C:\Windows\System\hLFGvDN.exe
  C:\Windows\System\hLFGvDN.exe
  2⤵
  PID:8756
- C:\Windows\System\nQzQxUw.exe
  C:\Windows\System\nQzQxUw.exe
  2⤵
  PID:8820
- C:\Windows\System\sJICtVf.exe
  C:\Windows\System\sJICtVf.exe
  2⤵
  PID:8856
- C:\Windows\System\plZYmNu.exe
  C:\Windows\System\plZYmNu.exe
  2⤵
  PID:8644
- C:\Windows\System\NmEEOKW.exe
  C:\Windows\System\NmEEOKW.exe
  2⤵
  PID:8544
- C:\Windows\System\DMIrOXp.exe
  C:\Windows\System\DMIrOXp.exe
  2⤵
  PID:8868
- C:\Windows\System\UuoEvFt.exe
  C:\Windows\System\UuoEvFt.exe
  2⤵
  PID:8680
- C:\Windows\System\EkoFDVE.exe
  C:\Windows\System\EkoFDVE.exe
  2⤵
  PID:8744
- C:\Windows\System\cugGMTO.exe
  C:\Windows\System\cugGMTO.exe
  2⤵
  PID:8808
- C:\Windows\System\LGxXBjY.exe
  C:\Windows\System\LGxXBjY.exe
  2⤵
  PID:8900
- C:\Windows\System\AmSPYNE.exe
  C:\Windows\System\AmSPYNE.exe
  2⤵
  PID:8948
- C:\Windows\System\HfsdeLa.exe
  C:\Windows\System\HfsdeLa.exe
  2⤵
  PID:8980
- C:\Windows\System\nyGAQhc.exe
  C:\Windows\System\nyGAQhc.exe
  2⤵
  PID:8996
- C:\Windows\System\ncRhoeN.exe
  C:\Windows\System\ncRhoeN.exe
  2⤵
  PID:9016
- C:\Windows\System\JAkgcqE.exe
  C:\Windows\System\JAkgcqE.exe
  2⤵
  PID:9076
- C:\Windows\System\BMxjmhO.exe
  C:\Windows\System\BMxjmhO.exe
  2⤵
  PID:9140
- C:\Windows\System\TTKutJf.exe
  C:\Windows\System\TTKutJf.exe
  2⤵
  PID:9208
- C:\Windows\System\vhNJBqc.exe
  C:\Windows\System\vhNJBqc.exe
  2⤵
  PID:8300
- C:\Windows\System\ETlZRWT.exe
  C:\Windows\System\ETlZRWT.exe
  2⤵
  PID:9096
- C:\Windows\System\IRTgJIY.exe
  C:\Windows\System\IRTgJIY.exe
  2⤵
  PID:9124
- C:\Windows\System\XdvKYqJ.exe
  C:\Windows\System\XdvKYqJ.exe
  2⤵
  PID:8232
- C:\Windows\System\hDYbCBY.exe
  C:\Windows\System\hDYbCBY.exe
  2⤵
  PID:9156
- C:\Windows\System\xgdaCUq.exe
  C:\Windows\System\xgdaCUq.exe
  2⤵
  PID:7288
- C:\Windows\System\wQVNRjj.exe
  C:\Windows\System\wQVNRjj.exe
  2⤵
  PID:8252
- C:\Windows\System\zJguyJL.exe
  C:\Windows\System\zJguyJL.exe
  2⤵
  PID:8364
- C:\Windows\System\CEVBaCT.exe
  C:\Windows\System\CEVBaCT.exe
  2⤵
  PID:8460
- C:\Windows\System\coJfkgr.exe
  C:\Windows\System\coJfkgr.exe
  2⤵
  PID:8628
- C:\Windows\System\IXcxvoA.exe
  C:\Windows\System\IXcxvoA.exe
  2⤵
  PID:8564
- C:\Windows\System\KWVrrkM.exe
  C:\Windows\System\KWVrrkM.exe
  2⤵
  PID:8788
- C:\Windows\System\cVRxVnr.exe
  C:\Windows\System\cVRxVnr.exe
  2⤵
  PID:8676
- C:\Windows\System\QSIgpwH.exe
  C:\Windows\System\QSIgpwH.exe
  2⤵
  PID:8804
- C:\Windows\System\LDTiTiR.exe
  C:\Windows\System\LDTiTiR.exe
  2⤵
  PID:8792
- C:\Windows\System\cnQtWTw.exe
  C:\Windows\System\cnQtWTw.exe
  2⤵
  PID:8888
- C:\Windows\System\PlliuFN.exe
  C:\Windows\System\PlliuFN.exe
  2⤵
  PID:8712
- C:\Windows\System\ogyudLn.exe
  C:\Windows\System\ogyudLn.exe
  2⤵
  PID:8932
- C:\Windows\System\BQuZhVS.exe
  C:\Windows\System\BQuZhVS.exe
  2⤵
  PID:8280
- C:\Windows\System\KntWsHM.exe
  C:\Windows\System\KntWsHM.exe
  2⤵
  PID:9108
- C:\Windows\System\JayLtdp.exe
  C:\Windows\System\JayLtdp.exe
  2⤵
  PID:7952
- C:\Windows\System\Osiwair.exe
  C:\Windows\System\Osiwair.exe
  2⤵
  PID:7504
- C:\Windows\System\ZdYqpdp.exe
  C:\Windows\System\ZdYqpdp.exe
  2⤵
  PID:9032
- C:\Windows\System\ckwdkGY.exe
  C:\Windows\System\ckwdkGY.exe
  2⤵
  PID:8532
- C:\Windows\System\GypPUbH.exe
  C:\Windows\System\GypPUbH.exe
  2⤵
  PID:8444
- C:\Windows\System\EUmSylj.exe
  C:\Windows\System\EUmSylj.exe
  2⤵
  PID:8640
- C:\Windows\System\RVlIzEL.exe
  C:\Windows\System\RVlIzEL.exe
  2⤵
  PID:9000
- C:\Windows\System\WmvWMMN.exe
  C:\Windows\System\WmvWMMN.exe
  2⤵
  PID:8936
- C:\Windows\System\qfRHKvQ.exe
  C:\Windows\System\qfRHKvQ.exe
  2⤵
  PID:5896
- C:\Windows\System\fUUJoBQ.exe
  C:\Windows\System\fUUJoBQ.exe
  2⤵
  PID:9180
- C:\Windows\System\SHAtSzl.exe
  C:\Windows\System\SHAtSzl.exe
  2⤵
  PID:9164
- C:\Windows\System\jkUwCzA.exe
  C:\Windows\System\jkUwCzA.exe
  2⤵
  PID:8692
- C:\Windows\System\dUNMmyD.exe
  C:\Windows\System\dUNMmyD.exe
  2⤵
  PID:8872
- C:\Windows\System\GrQVdDQ.exe
  C:\Windows\System\GrQVdDQ.exe
  2⤵
  PID:8696
- C:\Windows\System\XyiWJOl.exe
  C:\Windows\System\XyiWJOl.exe
  2⤵
  PID:9220
- C:\Windows\System\tAGOdMI.exe
  C:\Windows\System\tAGOdMI.exe
  2⤵
  PID:9236
- C:\Windows\System\MeGOWBW.exe
  C:\Windows\System\MeGOWBW.exe
  2⤵
  PID:9252
- C:\Windows\System\PxsyeNT.exe
  C:\Windows\System\PxsyeNT.exe
  2⤵
  PID:9268
- C:\Windows\System\IyRPcuS.exe
  C:\Windows\System\IyRPcuS.exe
  2⤵
  PID:9284
- C:\Windows\System\YhXWQnC.exe
  C:\Windows\System\YhXWQnC.exe
  2⤵
  PID:9300
- C:\Windows\System\WblvfRy.exe
  C:\Windows\System\WblvfRy.exe
  2⤵
  PID:9320
- C:\Windows\System\qBNvYOB.exe
  C:\Windows\System\qBNvYOB.exe
  2⤵
  PID:9336
- C:\Windows\System\uaYPuzw.exe
  C:\Windows\System\uaYPuzw.exe
  2⤵
  PID:9352
- C:\Windows\System\aXpiQdk.exe
  C:\Windows\System\aXpiQdk.exe
  2⤵
  PID:9368
- C:\Windows\System\nUxpKUk.exe
  C:\Windows\System\nUxpKUk.exe
  2⤵
  PID:9384
- C:\Windows\System\ezhMYyL.exe
  C:\Windows\System\ezhMYyL.exe
  2⤵
  PID:9400
- C:\Windows\System\eMBWIoS.exe
  C:\Windows\System\eMBWIoS.exe
  2⤵
  PID:9416
- C:\Windows\System\MaoJXyD.exe
  C:\Windows\System\MaoJXyD.exe
  2⤵
  PID:9432
- C:\Windows\System\kmokHfS.exe
  C:\Windows\System\kmokHfS.exe
  2⤵
  PID:9448
- C:\Windows\System\bEcjeHZ.exe
  C:\Windows\System\bEcjeHZ.exe
  2⤵
  PID:9464
- C:\Windows\System\PaxSwQH.exe
  C:\Windows\System\PaxSwQH.exe
  2⤵
  PID:9480
- C:\Windows\System\NLtTIfg.exe
  C:\Windows\System\NLtTIfg.exe
  2⤵
  PID:9496
- C:\Windows\System\CwUDonZ.exe
  C:\Windows\System\CwUDonZ.exe
  2⤵
  PID:9512
- C:\Windows\System\GaJFohx.exe
  C:\Windows\System\GaJFohx.exe
  2⤵
  PID:9528
- C:\Windows\System\XEWoAgi.exe
  C:\Windows\System\XEWoAgi.exe
  2⤵
  PID:9548
- C:\Windows\System\cudlOTk.exe
  C:\Windows\System\cudlOTk.exe
  2⤵
  PID:9564
- C:\Windows\System\HwngPGL.exe
  C:\Windows\System\HwngPGL.exe
  2⤵
  PID:9580
- C:\Windows\System\SlbDPTO.exe
  C:\Windows\System\SlbDPTO.exe
  2⤵
  PID:9596
- C:\Windows\System\LxjEfzA.exe
  C:\Windows\System\LxjEfzA.exe
  2⤵
  PID:9612
- C:\Windows\System\wXvxkiQ.exe
  C:\Windows\System\wXvxkiQ.exe
  2⤵
  PID:9628
- C:\Windows\System\bLxCnZB.exe
  C:\Windows\System\bLxCnZB.exe
  2⤵
  PID:9644
- C:\Windows\System\vpvsJbB.exe
  C:\Windows\System\vpvsJbB.exe
  2⤵
  PID:9660
- C:\Windows\System\vSoWqLn.exe
  C:\Windows\System\vSoWqLn.exe
  2⤵
  PID:9676
- C:\Windows\System\KzpSnWL.exe
  C:\Windows\System\KzpSnWL.exe
  2⤵
  PID:9692
- C:\Windows\System\OSsigsk.exe
  C:\Windows\System\OSsigsk.exe
  2⤵
  PID:9708
- C:\Windows\System\GjOzJTh.exe
  C:\Windows\System\GjOzJTh.exe
  2⤵
  PID:9724
- C:\Windows\System\SNEUuJY.exe
  C:\Windows\System\SNEUuJY.exe
  2⤵
  PID:9740
- C:\Windows\System\ZkyGeZn.exe
  C:\Windows\System\ZkyGeZn.exe
  2⤵
  PID:9756
- C:\Windows\System\kkknywC.exe
  C:\Windows\System\kkknywC.exe
  2⤵
  PID:9772
- C:\Windows\System\NJFcDiW.exe
  C:\Windows\System\NJFcDiW.exe
  2⤵
  PID:9788
- C:\Windows\System\sENEtgV.exe
  C:\Windows\System\sENEtgV.exe
  2⤵
  PID:9804
- C:\Windows\System\GpbZFyi.exe
  C:\Windows\System\GpbZFyi.exe
  2⤵
  PID:9820
- C:\Windows\System\eViEitD.exe
  C:\Windows\System\eViEitD.exe
  2⤵
  PID:9836
- C:\Windows\System\cWjCyad.exe
  C:\Windows\System\cWjCyad.exe
  2⤵
  PID:9852
- C:\Windows\System\Deigmit.exe
  C:\Windows\System\Deigmit.exe
  2⤵
  PID:9868
- C:\Windows\System\NYSkHaw.exe
  C:\Windows\System\NYSkHaw.exe
  2⤵
  PID:9884
- C:\Windows\System\MKCsMsq.exe
  C:\Windows\System\MKCsMsq.exe
  2⤵
  PID:9900
- C:\Windows\System\louaIYR.exe
  C:\Windows\System\louaIYR.exe
  2⤵
  PID:9916
- C:\Windows\System\pNeAutt.exe
  C:\Windows\System\pNeAutt.exe
  2⤵
  PID:9932
- C:\Windows\System\pfhjTEN.exe
  C:\Windows\System\pfhjTEN.exe
  2⤵
  PID:9952
- C:\Windows\System\zhZdITL.exe
  C:\Windows\System\zhZdITL.exe
  2⤵
  PID:9968
- C:\Windows\System\RJaIOhi.exe
  C:\Windows\System\RJaIOhi.exe
  2⤵
  PID:9984
- C:\Windows\System\ecGVqbv.exe
  C:\Windows\System\ecGVqbv.exe
  2⤵
  PID:10000
- C:\Windows\System\IWoShCF.exe
  C:\Windows\System\IWoShCF.exe
  2⤵
  PID:10016
- C:\Windows\System\KHsOVDj.exe
  C:\Windows\System\KHsOVDj.exe
  2⤵
  PID:10032
- C:\Windows\System\ihOhGZS.exe
  C:\Windows\System\ihOhGZS.exe
  2⤵
  PID:10052
- C:\Windows\System\swLnnVc.exe
  C:\Windows\System\swLnnVc.exe
  2⤵
  PID:10068
- C:\Windows\System\UapOOGX.exe
  C:\Windows\System\UapOOGX.exe
  2⤵
  PID:10084
- C:\Windows\System\ugXGfLn.exe
  C:\Windows\System\ugXGfLn.exe
  2⤵
  PID:10100
- C:\Windows\System\EzwCvBL.exe
  C:\Windows\System\EzwCvBL.exe
  2⤵
  PID:10116
- C:\Windows\System\CrxamFl.exe
  C:\Windows\System\CrxamFl.exe
  2⤵
  PID:10136
- C:\Windows\System\ITUVxWD.exe
  C:\Windows\System\ITUVxWD.exe
  2⤵
  PID:10152
- C:\Windows\System\NARaGmF.exe
  C:\Windows\System\NARaGmF.exe
  2⤵
  PID:10172
- C:\Windows\System\FfkfHLH.exe
  C:\Windows\System\FfkfHLH.exe
  2⤵
  PID:10188
- C:\Windows\System\JHlABNt.exe
  C:\Windows\System\JHlABNt.exe
  2⤵
  PID:10208
- C:\Windows\System\rlJrhev.exe
  C:\Windows\System\rlJrhev.exe
  2⤵
  PID:10224
- C:\Windows\System\OqzVQCK.exe
  C:\Windows\System\OqzVQCK.exe
  2⤵
  PID:9228
- C:\Windows\System\gztUdHC.exe
  C:\Windows\System\gztUdHC.exe
  2⤵
  PID:7724
- C:\Windows\System\tdKHRzx.exe
  C:\Windows\System\tdKHRzx.exe
  2⤵
  PID:8840
- C:\Windows\System\ygwLfCe.exe
  C:\Windows\System\ygwLfCe.exe
  2⤵
  PID:8296
- C:\Windows\System\EVDpEVm.exe
  C:\Windows\System\EVDpEVm.exe
  2⤵
  PID:9328
- C:\Windows\System\VoGxqqf.exe
  C:\Windows\System\VoGxqqf.exe
  2⤵
  PID:9424
- C:\Windows\System\FaSYqTe.exe
  C:\Windows\System\FaSYqTe.exe
  2⤵
  PID:9316
- C:\Windows\System\Okyjmce.exe
  C:\Windows\System\Okyjmce.exe
  2⤵
  PID:9376
- C:\Windows\System\dAPQoog.exe
  C:\Windows\System\dAPQoog.exe
  2⤵
  PID:9444
- C:\Windows\System\LnpRxSG.exe
  C:\Windows\System\LnpRxSG.exe
  2⤵
  PID:9508
- C:\Windows\System\XqodzCf.exe
  C:\Windows\System\XqodzCf.exe
  2⤵
  PID:9536
- C:\Windows\System\gNvxJMq.exe
  C:\Windows\System\gNvxJMq.exe
  2⤵
  PID:9716
- C:\Windows\System\jYBSpVo.exe
  C:\Windows\System\jYBSpVo.exe
  2⤵
  PID:9992
- C:\Windows\System\DGcXAHH.exe
  C:\Windows\System\DGcXAHH.exe
  2⤵
  PID:9832
- C:\Windows\System\qcWltxm.exe
  C:\Windows\System\qcWltxm.exe
  2⤵
  PID:9924
- C:\Windows\System\uqbyepe.exe
  C:\Windows\System\uqbyepe.exe
  2⤵
  PID:10048
- C:\Windows\System\ehqYoEU.exe
  C:\Windows\System\ehqYoEU.exe
  2⤵
  PID:10028
- C:\Windows\System\LsHCglV.exe
  C:\Windows\System\LsHCglV.exe
  2⤵
  PID:10080
- C:\Windows\System\KBUjtWl.exe
  C:\Windows\System\KBUjtWl.exe
  2⤵
  PID:10216
- C:\Windows\System\pgPvjhN.exe
  C:\Windows\System\pgPvjhN.exe
  2⤵
  PID:10128
- C:\Windows\System\EeDBHzG.exe
  C:\Windows\System\EeDBHzG.exe
  2⤵
  PID:10196
- C:\Windows\System\olAezno.exe
  C:\Windows\System\olAezno.exe
  2⤵
  PID:9392
- C:\Windows\System\zvOvTdb.exe
  C:\Windows\System\zvOvTdb.exe
  2⤵
  PID:9520
- C:\Windows\System\nnYrgfP.exe
  C:\Windows\System\nnYrgfP.exe
  2⤵
  PID:9344
- C:\Windows\System\XCKVobB.exe
  C:\Windows\System\XCKVobB.exe
  2⤵
  PID:9640
- C:\Windows\System\OxiWJtI.exe
  C:\Windows\System\OxiWJtI.exe
  2⤵
  PID:9844
- C:\Windows\System\pwNxQKk.exe
  C:\Windows\System\pwNxQKk.exe
  2⤵
  PID:9248
- C:\Windows\System\GwIKCVX.exe
  C:\Windows\System\GwIKCVX.exe
  2⤵
  PID:9348
- C:\Windows\System\tzVTPkG.exe
  C:\Windows\System\tzVTPkG.exe
  2⤵
  PID:9592
- C:\Windows\System\pIIHtBB.exe
  C:\Windows\System\pIIHtBB.exe
  2⤵
  PID:9560
- C:\Windows\System\scMmUjP.exe
  C:\Windows\System\scMmUjP.exe
  2⤵
  PID:9668
- C:\Windows\System\jUUsoHE.exe
  C:\Windows\System\jUUsoHE.exe
  2⤵
  PID:9944
- C:\Windows\System\iqZfFnC.exe
  C:\Windows\System\iqZfFnC.exe
  2⤵
  PID:10008
- C:\Windows\System\PCmIabn.exe
  C:\Windows\System\PCmIabn.exe
  2⤵
  PID:9732
- C:\Windows\System\njUzWOR.exe
  C:\Windows\System\njUzWOR.exe
  2⤵
  PID:9800
- C:\Windows\System\XCuDjJZ.exe
  C:\Windows\System\XCuDjJZ.exe
  2⤵
  PID:10112
- C:\Windows\System\hIqmiVO.exe
  C:\Windows\System\hIqmiVO.exe
  2⤵
  PID:9360
- C:\Windows\System\VWCneqS.exe
  C:\Windows\System\VWCneqS.exe
  2⤵
  PID:10180
- C:\Windows\System\BIKDMHa.exe
  C:\Windows\System\BIKDMHa.exe
  2⤵
  PID:10144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BGjmfrn.exe

Filesize
6.0MB

MD5
feaf22a360e961edd21874829de63835

SHA1
658029dedefc06643f384c57bc8ffc842a5b2d48

SHA256
8253b42de85602d837f44d11b760316b9fdf30e086508808fb958385880281e9

SHA512
d19f8a99955899e1e45f02dce743fdb7d028bb76c0fbe572812e64e36148f7283b46379509af60cae933c6f0c452fc1db9512152a55f04f1e270cee924aa9509

Download Submit
C:\Windows\system\CTddrlz.exe

Filesize
6.0MB

MD5
ccedec9d6e083a95a59f08a68f8ebe0f

SHA1
7fadf8e586f1229dcd5eb91f2488b1467084d367

SHA256
8fc4df5deaa8a741ab4ab6d021a9b6bcf706d780a755e49dc6637e698b3ccd93

SHA512
05442659a1a29a3c894d721a1e8b23ca944690d8f1c848a695936a482d1dc76cce6e0493fcc35056afe6a823c9d85c20c8bed479eaa47a6124cf100b9090dcfc

Download Submit
C:\Windows\system\CkrAHQK.exe

Filesize
6.0MB

MD5
d2cd759472ec3d2efbfeb8924bee33fa

SHA1
64c2aa9dc132564da3d4f693eb849b015d4826ec

SHA256
4113830c8527b9c2955a758348a6abd3fd833ddbc3898a92c96d443c8ae5eb46

SHA512
284ace6d4532b4651a949961f02dfaea4445f3581e71505de999b736e314f45a659589f168278c194594caf49a4643366de9261ce1c91bf37335981e035de725

Download Submit
C:\Windows\system\JXsDpoo.exe

Filesize
6.0MB

MD5
738e28f883cf2d5d548e2299b58644ee

SHA1
7a4774cb14f949dbc9ccf1dd4003d4a91d7cd436

SHA256
580a1d397a17fd9fb6ef73bd17879d6db5be9430ab74a7d0cd548327c19ee576

SHA512
9c60d1106dd8fec38964837f337de5d70faf4dcda4c608cd69c337037a6c4d881183e6df9e939434984abea3bf9a1ec20598c96ff0f5fb868cb0a5d0b04bc225

Download Submit
C:\Windows\system\KColnwK.exe

Filesize
6.0MB

MD5
d33d6ca654893d0cae7b44248b3afd6b

SHA1
666fac4f15aa8a9dcaef32fc3feec43611aef862

SHA256
e2f1fd518c4e74ae6e2e53eb284da4c8c78bcc7c6e7a9cfee482e327502ff291

SHA512
c24e9d28c76789abcd11924765937263e9b7eb14d8b7d03d9532cac85c645e4d943a450db5e6d4cc1684ed104956cd473aeb9ed0a76ce0605fee691e2cc1836a

Download Submit
C:\Windows\system\LyrTvEV.exe

Filesize
6.0MB

MD5
943c1347918c2548bf541eedb0e326d1

SHA1
c1eb03afddff9834e07b596e6d7529c7bc9900cd

SHA256
b4e4a2a790f03e30cf86ccd08fe1c4b38c03cdecaaad2a5704aa5eca9a004d3e

SHA512
40e05d27ac6acb048253b7f20da9b2b83244daf9edebdd6756b1c198a7316e4076044a92bcaf28e3756b11fc5788ccf7edef6a8c8cf73d5fb83d6af7e6ff4ed4

Download Submit
C:\Windows\system\PylZlcd.exe

Filesize
6.0MB

MD5
05ef553593426895d0f83ac8ae066dba

SHA1
4a4527427e0b7b8332dc9d61aa2a432a3b206e83

SHA256
fbadd125428eed46375c019647ff59c07d07c950c5d26829e805d256822149b1

SHA512
7c148ecc70f4d0d574f835038c18d59dceb7e61118c07012dbf9e1c3fe757f73542fd0cf0133f2d15c24e4d4af92dd61da996c2069f79b39e7edda60f523a25c

Download Submit
C:\Windows\system\VVgVdUz.exe

Filesize
6.0MB

MD5
fa2aeafefd40e67100dc96cf88d2b490

SHA1
20920ac82c4d0c5492ceaf8257f292b626c844c8

SHA256
47447ef6a3ff0b18f93ba7c41b96fc32d5b2f7e0924acec618ff235eaa159666

SHA512
d2e5e6b3bde22a4a75da97ec72bad3eebb4cad9601cbef675777fe3ebba5dc416ec9a7e10f6ede0772ee9399e1e7689a04695b82c03e77c7132a8e91d5d4613f

Download Submit
C:\Windows\system\XgjTdOV.exe

Filesize
6.0MB

MD5
42a03e1a7e1a38f2fa5cda6daa1aa281

SHA1
c3d2965823bb8b0c739fd01de4ade070a24f83e4

SHA256
298ee549ff96d87f7d948226eecac66af1cda5c1a46801d82fe5cebb085326d4

SHA512
a781b0eb57f9c709e57e6d65321207b018bb5dfef2fece50644379a14e259b426b2860c34aa819024513e83c1fa477d32d8127e0dcf929afc2594e654db469c3

Download Submit
C:\Windows\system\YFMRdMT.exe

Filesize
6.0MB

MD5
376d31ca7bbd72916fd692da381e242c

SHA1
87719e0c9cbdfb171a58106d07c4c118f292722a

SHA256
6e2432aea0c0b756b912faef3ab1f30ae88c393e9662a0d60239702e8223a8b0

SHA512
765af7866563bc93bc6338cbbbf4b5bf0c7dcd3f83520a3a5486b6ae0c1656e77c873c5a5c7a6ff1e8ad082537134e0c470feb2ae232521c2b272edbc975d2d6

Download Submit
C:\Windows\system\aCMYmSF.exe

Filesize
6.0MB

MD5
4c34b5702fa9f02111cbb77bafee12e3

SHA1
1bfe90103602866ea5773661e8dc2dd98ee6fc9b

SHA256
d791424fe233499307b8069d733d7c5fb84e04c14b7aa541dd64390d70fc8c32

SHA512
7e45cbdbc90c7b79cf879e432f279338c0b5fb1de7c7f80cfeb2ee6a931ba6f87ed7446f61b8b4fc328132a1082965f8f29fbca7ecdbb64978eaef93adfcaae8

Download Submit
C:\Windows\system\aJumohh.exe

Filesize
6.0MB

MD5
9707f5270dfb743af197224b618e6af2

SHA1
ca2023934275898f7b86f1fc71c8e088c09a7218

SHA256
65c702068dc611280f1509bb25c7822adaccc6e4c540a6f585cc119f4d4ee1d9

SHA512
cec060284e3d26bcb5b71af542c40921dc73a60869c85aab4d6aa505bbbe08a3168f9f36745a6729e5750928f8b9786eb0984edcf8af7622ba8cdffef0c1d6bf

Download Submit
C:\Windows\system\bHvrhWQ.exe

Filesize
6.0MB

MD5
cf38df4e1744109e601f4158c993bb5d

SHA1
3e25bb3f3a2b9f9cfa0f0b769164978f79aed131

SHA256
8697059f14c0f4edb4a5115ca3b591339748106d7b21360852034f694f341058

SHA512
846bea16f42cd522b1df543c32b29fc06d9021d3b58476190f215b2533e12bb7d99b08220604032502f7aebe5706265c2fa549a2e6eca00f8255bd3e473d90d9

Download Submit
C:\Windows\system\dOKuCQv.exe

Filesize
6.0MB

MD5
0ff592e98e64503fd90a032adf11cb18

SHA1
8362f63a04d03a96eba72e06abef69c2d5dd1827

SHA256
1e4f889f8238e1bbafcc4a9d87ee10ccf17688593c92b916af5b6381be47d0cf

SHA512
66160b5fb81ec23fc9fd2375a47231b0f4de2f29755fd83408753094b3dca3ad46787f33144b7ae6612a810ceadf35c0b4b90b13dc3f4cea1e7a83499dbb3249

Download Submit
C:\Windows\system\eTOhkVN.exe

Filesize
6.0MB

MD5
d0cb0ca87ba8f823d71ee98a1a2170db

SHA1
a8b6e9a44232b036a6b9d1a3f3560b56c271d97a

SHA256
b95a70e14b4ca3e285555e7ec3680284ae56d47b559217021d9f2a99123d463d

SHA512
b92cf881430ff14e050a63880cf0c20763620fe3e358112e092222886993f082057b202aa5edef8051e63fc52a235811caa871945aba7879fa0031d76b4e454d

Download Submit
C:\Windows\system\fKFNSpw.exe

Filesize
6.0MB

MD5
c15949054fd51f4738c0c74ed6cf878f

SHA1
e96008c22dc9b984aa67bf65800b74edf0d7ac0d

SHA256
31a2adc8272d5a8277eed1bc1ebb8ef5161a8afa245bfb5a8090d9b9e4177db2

SHA512
09999a5fa8db6bc2b27256e361670d6e82a9191a42953189694fa55ffad1b275faf3c8dba9986706bbd10dc1ea92723b8af50e3035a4291190886b6acc116ebc

Download Submit
C:\Windows\system\gdMrGYb.exe

Filesize
6.0MB

MD5
e7153cb79de6d415815b6576f9b3957c

SHA1
5c17183504d9c1c3952a0a9b930b8a4243c7e772

SHA256
5af529b70c7aa220044721f913f8470dc8b782b88fb4576888692320f5260e94

SHA512
fa40c3cc1a355dae24cbfc49f4447c93f90b207049db7e24f8ca3f288d75fdb14a3860924fa9ae1e89468316de7730a2d39f7c2ceef39670d21493d9371487fe

Download Submit
C:\Windows\system\iiTEnxv.exe

Filesize
6.0MB

MD5
0216bfa6f0dda87883d986c5c3b55f8d

SHA1
edf207d76bd401bfef5360352ded63a2c4267025

SHA256
1acc1f49807f9ac478ad11f998af8beb02102374fe3c8e82466d817e30ecea33

SHA512
90be59b2bb32d514464db09e0fe3481fd664b4350eba930e86658131e0d5b2d7327872bb9e35672f06102424dabab58a4336cf00fc1eb80ae304cac81fbade74

Download Submit
C:\Windows\system\ivYUiIT.exe

Filesize
6.0MB

MD5
57e6357cc762ec0ec7584965f136a910

SHA1
badc220f5d98951689cf164b8c5497c3a1c69b24

SHA256
440adbe3c4b00ba038f4fb9f79d764c9585a5ee70103d2fa0af86e6cb366a451

SHA512
ca024927843b53f58f16653fc97c7111d224d55e497ef55802c3dce7a66a4cdc48044e3f5db286835c44ed0477367bec061fb9dc6591edd7577f95aeafee2900

Download Submit
C:\Windows\system\jJGgHhX.exe

Filesize
6.0MB

MD5
579a1b113fa404a714bb2c8ec84ebbdb

SHA1
acc2209a3839b29f5de884f23ee96df38b053d59

SHA256
5fe1527344675c26609390e6b5444c05b653957013d910a8a155b36880f01747

SHA512
52fd016fc1511817e44f3a75a0d8375aa627410ff066df62e9d85bb8d7f3174bc847e56c6d19809235c0540276e691f4521f67be8d7a758f707b92785da51a31

Download Submit
C:\Windows\system\lbYWqxu.exe

Filesize
6.0MB

MD5
f65c9a75006de565285e090e201c4ff0

SHA1
c8994080cf6ba7902ca19564fb45299e401b6296

SHA256
9a9dd16343855c76c5363a6b0d4c2346b33fe7d540c6567f488e0b2d11a4d8c5

SHA512
4e18ca8ca23834f3b4ae8688d25020611a5473a449c2ad14e252aa34dab6705ae37fbc68bc0e7cb1c3cd0e6e1ba339488531ba22ff996ea03e94fc3068e3d3c9

Download Submit
C:\Windows\system\pfdGMkn.exe

Filesize
6.0MB

MD5
d48d73aadf5a0cd79c3928c90925694d

SHA1
228ea1e3c2fe8554684715135bb48dcf03c16b59

SHA256
59125dda2ddd0b4c139b52e6aa977270f9bafa641179792e9dd1eef246be5a30

SHA512
1a9752833133b596df2ee30ea22ebacab1343bf8745bb67eb2f4d9f7533ed60e3319bcc9cf6b02459cf9c7c04f4c0b96e279a7510588a0e87ff97ddcd88e5afa

Download Submit
C:\Windows\system\pkuwFax.exe

Filesize
6.0MB

MD5
55b9c48ffcefc2a8e56615d28ebff91b

SHA1
4c8cdd27a8dc22b52d060f161a4af0a8ffe2fe09

SHA256
787758839111c45b9a3d6d133de57d3ef0dbca3ca6558e88802b768c0460abba

SHA512
5451c1edcb767ae58e6ad892699a7dd24d977fe0cb7b3accb9d29e19a91b9fc5abc02f34b6c94eb9645415361efcae6ac5a95dbe2053dbe383be355dc8dcf995

Download Submit
C:\Windows\system\qBVcIdk.exe

Filesize
6.0MB

MD5
5aa005ee9f95374657fb149a4b6bb017

SHA1
2e9d0f82d0764451e7279117c3f09e6052ae96d9

SHA256
38ac9cb960287222d83d58386e0db64a9a0d2b79041911edece35e27c1c9b553

SHA512
2511702a9f06a712d93be346d77906b54cf8466ef676526f2659612a04a644e97e23275c6d2d440e6af965f6db25d2b3dfd894ab0743b597b09c05421a58353f

Download Submit
C:\Windows\system\sWvpYnt.exe

Filesize
6.0MB

MD5
815f16e21d765c7220db4a0e02992559

SHA1
6e7618410c623dbf6e780c2efd0c25fe76862881

SHA256
4f8ecd533c829b8bed890b0384a6f5f25314d955752fa50381ab1f0437ae9cda

SHA512
9cdf5ea6c3996db14e2e184a8aa1a31a8108a11d7b4922ac6aeace15e7754f8804594154459a0314eaeaddae2c9555e8b9afccee9a20239beefccf55be6efc34

Download Submit
C:\Windows\system\sqdgvrj.exe

Filesize
6.0MB

MD5
11d311fa8940f3c6326253c43cd0dbf1

SHA1
d896fff7993b5d9246fb357248245f46e87d254e

SHA256
8d21a2b8bc190e3e02c4389aa87bbb716e91b78e6c491602307195649b66e601

SHA512
90b455d076806b5b5b189522db50e1c69af6da3253b8ee909a979bed5cfabd2a5e4e948f0c318e5430af88623c55165e26feb069753564f7f801b19b139d5ee3

Download Submit
C:\Windows\system\wRmbyMW.exe

Filesize
6.0MB

MD5
ad6df71d9674d11bdc0063fda596c3b3

SHA1
04e34c4cf59230e421f2320c209ff653d1d8430f

SHA256
8a893527e74461b5053fb5d432d24e6b9b30924d862783211ac020434dc41705

SHA512
72cd53309b40a29e7fe50448c8975266800547fc91e357f52c4f0b0d2e58ce6e2b8a4bc8af03247dd9b375c5a4d5f120af66f7f53ca31c5ae99c5bdacf79ae2f

Download Submit
C:\Windows\system\xlpsNeC.exe

Filesize
6.0MB

MD5
dcd2565498c8bd58ebc3a8031e71ef23

SHA1
ce90d499eb4519051a200632eabe927e090dcefb

SHA256
a4752eb9a88514c4220fa34b6a4090fe3d334b56c6837a32bbdc5192b4c33708

SHA512
0295164276f2528930106f9f7636bbff78c0dfa20d281087bac1d54e3ecce91bd2ac463845f2bbb8f1c8fbd206b8765dea5d936f871d0ec7290848894e75f0d1

Download Submit
C:\Windows\system\yiQeVVl.exe

Filesize
6.0MB

MD5
325564d691daa1ce104dc1cad53e96b8

SHA1
a6865f8c80f6b02208601fa3d21d1545d2f1efb0

SHA256
90c80ffb6505ea376f066d1a63de6d04007cf37aac47753563764870326a7bae

SHA512
ce55e81282fbf8d2ee1dca6f12bc1cbe91c199422f2c2b10ce6b509148f6e04d902bd68d361e35d4fd43a7a50700e96eb9c8512152691326c0033fa79bac651b

Download Submit
\Windows\system\ACrdZSB.exe

Filesize
6.0MB

MD5
e45231390712ffba7db53d581b1431da

SHA1
340436b11a7670d45cc83e4f339e2da54fce2504

SHA256
8cd22af483b3c79a6c861e0b25c9131e116a8e2741461f60882f7dcd50cbd44d

SHA512
6f28242d80b9a602c19ec3fa64b7d6f7e201f557331c953943e14fc3c0075a8eae3817ff8022f865add1926277f08a612e2e909dee97a707bbcdf543bd204190

Download Submit
\Windows\system\CFIrmAw.exe

Filesize
6.0MB

MD5
20b146fd38cfe381029cdb6c8df97046

SHA1
fce2f8016fb2cc106bec58a77588e156c3d0de64

SHA256
19aa056b9c3dd4a63e6c32de064b0232a87bf9fd06b96423b82d934732c4bd2b

SHA512
308118381c72cd32053ffa70d50b61e64d52cef1103ebccac2938f7244119f35896b6e62154acb517104eeacfc1862297de42d07d2335abd84bd6ea0ac7b322c

Download Submit
\Windows\system\zdphgFJ.exe

Filesize
6.0MB

MD5
faed7feb781db3031d8b57ea9b92b728

SHA1
fc56943ee1042c85e42e5f8762496f831ec90ec7

SHA256
b3b9dd535ba55c457b1d76fc8f7b365ae0a3a10999a3762189a310141b982eec

SHA512
b51f4f719b474d8aae983a38ff7633a9707c271e74b1586f746baeee81482d0b373f80f588a22f62ea80dfcc8e24449f1d7088fe6df1dd2f2667c6db57c3c663

Download Submit
memory/1040-12-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1040-58-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1040-2645-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1108-2671-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1108-99-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1108-748-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1672-19-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1672-2641-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1672-62-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1688-2672-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1688-561-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1688-91-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1700-2666-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1700-50-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1800-2670-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1800-747-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1800-98-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1972-17-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/1972-59-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/1972-2619-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2364-28-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2364-2667-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2364-96-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2620-78-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-2669-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-2668-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2728-117-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2764-43-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2764-2652-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2772-61-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2772-2665-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2872-37-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2872-2658-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/3056-746-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/3056-52-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/3056-51-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/3056-75-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/3056-49-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/3056-83-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/3056-38-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/3056-93-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/3056-94-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/3056-26-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/3056-23-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/3056-95-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/3056-97-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/3056-60-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/3056-116-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/3056-490-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/3056-559-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/3056-560-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/3056-562-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/3056-0-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/3056-845-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/3056-35-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/3056-25-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/3056-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download