cobaltstrike | 6543fab2747ea464687dbeb6efaedf01237f6e86345e96f77295f5dcddaadecf

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-12-2024 06:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e0211001fd2bb9d02bd2b1c17099d51b
SHA1

ff3367e15d7c88605901a7dc49bbb320f5002172
SHA256

6543fab2747ea464687dbeb6efaedf01237f6e86345e96f77295f5dcddaadecf
SHA512

05278e8c18ae3ae948dba3cecbddcb751b3746792a7a4917acc427ca849e98a4c61e82a609b58d47f46cd591d68219665b3e466605d7e30113b62a386d2d82b4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUT:T+q56utgpPF8u/7T

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b0000000122ea-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016db5-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd0-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016de4-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016eb8-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016edb-40.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001707c-48.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017400-59.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-67.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-106.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d58-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-152.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-172.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-132.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/540-0-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/files/0x000b0000000122ea-3.dat	xmrig
behavioral1/memory/2316-7-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x0009000000016db5-9.dat	xmrig
behavioral1/memory/2320-13-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x0008000000016dd0-11.dat	xmrig
behavioral1/memory/1740-20-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x0008000000016de4-21.dat	xmrig
behavioral1/memory/2604-26-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016eb8-27.dat	xmrig
behavioral1/memory/2756-44-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/896-33-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/540-32-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/540-28-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2316-41-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x0007000000016edb-40.dat	xmrig
behavioral1/files/0x000700000001707c-48.dat	xmrig
behavioral1/memory/2780-56-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x0008000000017400-59.dat	xmrig
behavioral1/files/0x00050000000191d2-67.dat	xmrig
behavioral1/files/0x00050000000191f6-77.dat	xmrig
behavioral1/files/0x0005000000019217-85.dat	xmrig
behavioral1/memory/2564-80-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/files/0x0005000000019259-95.dat	xmrig
behavioral1/memory/1628-98-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019240-89.dat	xmrig
behavioral1/files/0x0005000000019268-106.dat	xmrig
behavioral1/memory/540-105-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/396-94-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/896-90-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2560-78-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/1500-86-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2604-82-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/540-76-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2516-74-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/1740-72-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/3020-64-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2320-58-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d58-54.dat	xmrig
behavioral1/memory/540-108-0x00000000024C0000-0x0000000002814000-memory.dmp	xmrig
behavioral1/files/0x0005000000019278-119.dat	xmrig
behavioral1/files/0x0005000000019275-114.dat	xmrig
behavioral1/files/0x000500000001926c-113.dat	xmrig
behavioral1/memory/1500-124-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/files/0x0005000000019365-135.dat	xmrig
behavioral1/files/0x00050000000193a4-152.dat	xmrig
behavioral1/files/0x00050000000193c1-160.dat	xmrig
behavioral1/files/0x000500000001945b-182.dat	xmrig
behavioral1/memory/540-567-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/1628-473-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/396-309-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019465-187.dat	xmrig
behavioral1/files/0x000500000001946a-192.dat	xmrig
behavioral1/files/0x0005000000019450-177.dat	xmrig
behavioral1/files/0x0005000000019433-167.dat	xmrig
behavioral1/files/0x0005000000019446-172.dat	xmrig
behavioral1/files/0x00050000000193b3-157.dat	xmrig
behavioral1/files/0x0005000000019387-147.dat	xmrig
behavioral1/files/0x0005000000019377-142.dat	xmrig
behavioral1/files/0x000500000001929a-127.dat	xmrig
behavioral1/files/0x0005000000019319-132.dat	xmrig
behavioral1/memory/2320-3707-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2316-3710-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2756-3725-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2316	SJHBTTH.exe
2320	UrVlJsP.exe
1740	SBkdQVc.exe
2604	WZyqvyo.exe
896	yHgVTaf.exe
2756	xlQfoOG.exe
2780	lKsDjDz.exe
3020	ozCtHFj.exe
2516	SuJvNLv.exe
2560	DuPVBYn.exe
2564	pyzxOjD.exe
1500	bvXLHOn.exe
396	yVpDbOH.exe
1628	ppKAGEk.exe
2012	QwYKkqz.exe
1964	sRDAUYY.exe
2280	AfHwSpH.exe
2736	cBuhUYm.exe
1608	AwcxGWh.exe
1616	pSuoLhd.exe
2852	SQrMHoM.exe
2864	ZlxClbA.exe
2844	PfocHMu.exe
1800	gpDUhfG.exe
2380	xFVINTW.exe
2192	TpNBzsy.exe
1864	lCVglla.exe
900	kvxGcaG.exe
2304	Uxrgwez.exe
1340	kwHYAsl.exe
2336	QuLeUQt.exe
2388	ZVXLijp.exe
576	umQRpqo.exe
960	oCPTSvt.exe
1048	GgutKiR.exe
1820	ASjjSRI.exe
1060	KbmGQkm.exe
2200	UNcCzlE.exe
1768	HFiYBHA.exe
1932	COmgbcm.exe
1188	QIwFiqb.exe
3048	WbgmyNH.exe
984	kmlvrjS.exe
2084	YRNSMWP.exe
2180	nmikuXW.exe
328	wYSdMvp.exe
1004	ouAFgem.exe
296	ZmdQXry.exe
880	QwQMBNM.exe
1252	mBIRnDw.exe
1672	ScGXjQa.exe
2040	QcoWQwl.exe
3008	QlkFWTe.exe
2432	MyhIaHl.exe
2696	RBSDLvb.exe
2796	nULxDyY.exe
2900	EUZNKNM.exe
2548	nuJSBfT.exe
2632	LnldzuW.exe
1752	wVdtFiY.exe
2024	DfDHFEZ.exe
2416	HmzbQdG.exe
2620	VMDgNcA.exe
2812	GzYGMcZ.exe

Loads dropped DLL 64 IoCs

pid	Process
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/540-0-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/files/0x000b0000000122ea-3.dat	upx
behavioral1/memory/2316-7-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x0009000000016db5-9.dat	upx
behavioral1/memory/2320-13-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x0008000000016dd0-11.dat	upx
behavioral1/memory/1740-20-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x0008000000016de4-21.dat	upx
behavioral1/memory/2604-26-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x0007000000016eb8-27.dat	upx
behavioral1/memory/2756-44-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/896-33-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/540-32-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2316-41-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x0007000000016edb-40.dat	upx
behavioral1/files/0x000700000001707c-48.dat	upx
behavioral1/memory/2780-56-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x0008000000017400-59.dat	upx
behavioral1/files/0x00050000000191d2-67.dat	upx
behavioral1/files/0x00050000000191f6-77.dat	upx
behavioral1/files/0x0005000000019217-85.dat	upx
behavioral1/memory/2564-80-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/files/0x0005000000019259-95.dat	upx
behavioral1/memory/1628-98-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/files/0x0005000000019240-89.dat	upx
behavioral1/files/0x0005000000019268-106.dat	upx
behavioral1/memory/396-94-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/896-90-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2560-78-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/1500-86-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2604-82-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2516-74-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/1740-72-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/3020-64-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2320-58-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x0009000000016d58-54.dat	upx
behavioral1/files/0x0005000000019278-119.dat	upx
behavioral1/files/0x0005000000019275-114.dat	upx
behavioral1/files/0x000500000001926c-113.dat	upx
behavioral1/memory/1500-124-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/files/0x0005000000019365-135.dat	upx
behavioral1/files/0x00050000000193a4-152.dat	upx
behavioral1/files/0x00050000000193c1-160.dat	upx
behavioral1/files/0x000500000001945b-182.dat	upx
behavioral1/memory/1628-473-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/396-309-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x0005000000019465-187.dat	upx
behavioral1/files/0x000500000001946a-192.dat	upx
behavioral1/files/0x0005000000019450-177.dat	upx
behavioral1/files/0x0005000000019433-167.dat	upx
behavioral1/files/0x0005000000019446-172.dat	upx
behavioral1/files/0x00050000000193b3-157.dat	upx
behavioral1/files/0x0005000000019387-147.dat	upx
behavioral1/files/0x0005000000019377-142.dat	upx
behavioral1/files/0x000500000001929a-127.dat	upx
behavioral1/files/0x0005000000019319-132.dat	upx
behavioral1/memory/2320-3707-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2316-3710-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2756-3725-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2604-3721-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/1740-3732-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/896-3741-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/3020-3748-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2516-3753-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EZhXwui.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZiGkZCY.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNarogk.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DUBdiOT.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WOjJbhj.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LXxKtHZ.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EHqTuAf.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cYXWZxp.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PeonogT.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AkxRflJ.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jIVRBBD.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BCGskZE.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dtZsmyL.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tIcnsVL.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zKhiprw.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FqsRmRA.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PFNJmWv.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezBzuXZ.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sjGhEkN.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZkLtsNV.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYDWDis.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wMARQaX.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\couYUSR.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PlFyWXt.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KhSFdlj.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RDyrAZn.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPTJKZZ.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ffMFdJT.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\teybyIp.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PPTzFZO.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\joTdbxF.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QfLwywE.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WZyqvyo.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTjiNYJ.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\soYsyRs.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rgdMREC.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mHmmfXK.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UgvYMci.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpDUhfG.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QwQMBNM.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\peXLOWs.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xeaylQD.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qJhvDrP.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mpmussL.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NsZNbPc.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AfcwLKc.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GvuNfia.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtobjlV.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wrTJcyk.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NZdqAwv.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GvdCIkc.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vlcaYKa.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ermIkuv.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mWRbGZF.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QmJVitr.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtXzPQb.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HNUNkGF.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kjynZbw.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezNLtPG.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjyqFRO.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DDeCKZp.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\COmgbcm.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pfqSHap.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wCEILZC.exe	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 2316	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 540 wrote to memory of 2316	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 540 wrote to memory of 2316	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 540 wrote to memory of 2320	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 540 wrote to memory of 2320	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 540 wrote to memory of 2320	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 540 wrote to memory of 1740	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 540 wrote to memory of 1740	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 540 wrote to memory of 1740	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 540 wrote to memory of 2604	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 540 wrote to memory of 2604	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 540 wrote to memory of 2604	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 540 wrote to memory of 896	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 540 wrote to memory of 896	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 540 wrote to memory of 896	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 540 wrote to memory of 2756	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 540 wrote to memory of 2756	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 540 wrote to memory of 2756	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 540 wrote to memory of 2780	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 540 wrote to memory of 2780	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 540 wrote to memory of 2780	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 540 wrote to memory of 3020	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 540 wrote to memory of 3020	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 540 wrote to memory of 3020	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 540 wrote to memory of 2560	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 540 wrote to memory of 2560	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 540 wrote to memory of 2560	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 540 wrote to memory of 2516	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 540 wrote to memory of 2516	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 540 wrote to memory of 2516	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 540 wrote to memory of 2564	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 540 wrote to memory of 2564	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 540 wrote to memory of 2564	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 540 wrote to memory of 1500	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 540 wrote to memory of 1500	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 540 wrote to memory of 1500	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 540 wrote to memory of 396	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 540 wrote to memory of 396	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 540 wrote to memory of 396	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 540 wrote to memory of 1628	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 540 wrote to memory of 1628	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 540 wrote to memory of 1628	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 540 wrote to memory of 2012	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 540 wrote to memory of 2012	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 540 wrote to memory of 2012	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 540 wrote to memory of 1964	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 540 wrote to memory of 1964	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 540 wrote to memory of 1964	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 540 wrote to memory of 2280	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 540 wrote to memory of 2280	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 540 wrote to memory of 2280	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 540 wrote to memory of 2736	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 540 wrote to memory of 2736	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 540 wrote to memory of 2736	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 540 wrote to memory of 1608	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 540 wrote to memory of 1608	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 540 wrote to memory of 1608	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 540 wrote to memory of 1616	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 540 wrote to memory of 1616	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 540 wrote to memory of 1616	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 540 wrote to memory of 2852	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 540 wrote to memory of 2852	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 540 wrote to memory of 2852	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 540 wrote to memory of 2864	540	2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-11_e0211001fd2bb9d02bd2b1c17099d51b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:540
- C:\Windows\System\SJHBTTH.exe
  C:\Windows\System\SJHBTTH.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\UrVlJsP.exe
  C:\Windows\System\UrVlJsP.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\SBkdQVc.exe
  C:\Windows\System\SBkdQVc.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\WZyqvyo.exe
  C:\Windows\System\WZyqvyo.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\yHgVTaf.exe
  C:\Windows\System\yHgVTaf.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\xlQfoOG.exe
  C:\Windows\System\xlQfoOG.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\lKsDjDz.exe
  C:\Windows\System\lKsDjDz.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\ozCtHFj.exe
  C:\Windows\System\ozCtHFj.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\DuPVBYn.exe
  C:\Windows\System\DuPVBYn.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\SuJvNLv.exe
  C:\Windows\System\SuJvNLv.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\pyzxOjD.exe
  C:\Windows\System\pyzxOjD.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\bvXLHOn.exe
  C:\Windows\System\bvXLHOn.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\yVpDbOH.exe
  C:\Windows\System\yVpDbOH.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\ppKAGEk.exe
  C:\Windows\System\ppKAGEk.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\QwYKkqz.exe
  C:\Windows\System\QwYKkqz.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\sRDAUYY.exe
  C:\Windows\System\sRDAUYY.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\AfHwSpH.exe
  C:\Windows\System\AfHwSpH.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\cBuhUYm.exe
  C:\Windows\System\cBuhUYm.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\AwcxGWh.exe
  C:\Windows\System\AwcxGWh.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\pSuoLhd.exe
  C:\Windows\System\pSuoLhd.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\SQrMHoM.exe
  C:\Windows\System\SQrMHoM.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\ZlxClbA.exe
  C:\Windows\System\ZlxClbA.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\PfocHMu.exe
  C:\Windows\System\PfocHMu.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\gpDUhfG.exe
  C:\Windows\System\gpDUhfG.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\xFVINTW.exe
  C:\Windows\System\xFVINTW.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\TpNBzsy.exe
  C:\Windows\System\TpNBzsy.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\lCVglla.exe
  C:\Windows\System\lCVglla.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\kvxGcaG.exe
  C:\Windows\System\kvxGcaG.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\Uxrgwez.exe
  C:\Windows\System\Uxrgwez.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\kwHYAsl.exe
  C:\Windows\System\kwHYAsl.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\QuLeUQt.exe
  C:\Windows\System\QuLeUQt.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\ZVXLijp.exe
  C:\Windows\System\ZVXLijp.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\umQRpqo.exe
  C:\Windows\System\umQRpqo.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\oCPTSvt.exe
  C:\Windows\System\oCPTSvt.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\GgutKiR.exe
  C:\Windows\System\GgutKiR.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\ASjjSRI.exe
  C:\Windows\System\ASjjSRI.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\KbmGQkm.exe
  C:\Windows\System\KbmGQkm.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\UNcCzlE.exe
  C:\Windows\System\UNcCzlE.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\HFiYBHA.exe
  C:\Windows\System\HFiYBHA.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\COmgbcm.exe
  C:\Windows\System\COmgbcm.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\QIwFiqb.exe
  C:\Windows\System\QIwFiqb.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\WbgmyNH.exe
  C:\Windows\System\WbgmyNH.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\kmlvrjS.exe
  C:\Windows\System\kmlvrjS.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\YRNSMWP.exe
  C:\Windows\System\YRNSMWP.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\nmikuXW.exe
  C:\Windows\System\nmikuXW.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\wYSdMvp.exe
  C:\Windows\System\wYSdMvp.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\ouAFgem.exe
  C:\Windows\System\ouAFgem.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\ZmdQXry.exe
  C:\Windows\System\ZmdQXry.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\QwQMBNM.exe
  C:\Windows\System\QwQMBNM.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\mBIRnDw.exe
  C:\Windows\System\mBIRnDw.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\ScGXjQa.exe
  C:\Windows\System\ScGXjQa.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\QcoWQwl.exe
  C:\Windows\System\QcoWQwl.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\QlkFWTe.exe
  C:\Windows\System\QlkFWTe.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\MyhIaHl.exe
  C:\Windows\System\MyhIaHl.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\RBSDLvb.exe
  C:\Windows\System\RBSDLvb.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\nULxDyY.exe
  C:\Windows\System\nULxDyY.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\EUZNKNM.exe
  C:\Windows\System\EUZNKNM.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\nuJSBfT.exe
  C:\Windows\System\nuJSBfT.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\LnldzuW.exe
  C:\Windows\System\LnldzuW.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\wVdtFiY.exe
  C:\Windows\System\wVdtFiY.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\DfDHFEZ.exe
  C:\Windows\System\DfDHFEZ.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\HmzbQdG.exe
  C:\Windows\System\HmzbQdG.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\VMDgNcA.exe
  C:\Windows\System\VMDgNcA.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\GzYGMcZ.exe
  C:\Windows\System\GzYGMcZ.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\vgTpOrB.exe
  C:\Windows\System\vgTpOrB.exe
  2⤵
  PID:2616
- C:\Windows\System\QvSGFbG.exe
  C:\Windows\System\QvSGFbG.exe
  2⤵
  PID:2868
- C:\Windows\System\SIkhyQj.exe
  C:\Windows\System\SIkhyQj.exe
  2⤵
  PID:1796
- C:\Windows\System\TgxlQtT.exe
  C:\Windows\System\TgxlQtT.exe
  2⤵
  PID:308
- C:\Windows\System\RDOoKnv.exe
  C:\Windows\System\RDOoKnv.exe
  2⤵
  PID:812
- C:\Windows\System\frlFtDW.exe
  C:\Windows\System\frlFtDW.exe
  2⤵
  PID:1816
- C:\Windows\System\onjMiYh.exe
  C:\Windows\System\onjMiYh.exe
  2⤵
  PID:2984
- C:\Windows\System\VXUKPnp.exe
  C:\Windows\System\VXUKPnp.exe
  2⤵
  PID:2832
- C:\Windows\System\blAaYlx.exe
  C:\Windows\System\blAaYlx.exe
  2⤵
  PID:2688
- C:\Windows\System\LGTQOuu.exe
  C:\Windows\System\LGTQOuu.exe
  2⤵
  PID:2860
- C:\Windows\System\ZOeFZAV.exe
  C:\Windows\System\ZOeFZAV.exe
  2⤵
  PID:2148
- C:\Windows\System\mesEcat.exe
  C:\Windows\System\mesEcat.exe
  2⤵
  PID:1532
- C:\Windows\System\YdGKeDc.exe
  C:\Windows\System\YdGKeDc.exe
  2⤵
  PID:2712
- C:\Windows\System\BtXzPQb.exe
  C:\Windows\System\BtXzPQb.exe
  2⤵
  PID:2372
- C:\Windows\System\HnSeRpD.exe
  C:\Windows\System\HnSeRpD.exe
  2⤵
  PID:1516
- C:\Windows\System\CJPcKRc.exe
  C:\Windows\System\CJPcKRc.exe
  2⤵
  PID:860
- C:\Windows\System\vUBxyIC.exe
  C:\Windows\System\vUBxyIC.exe
  2⤵
  PID:2264
- C:\Windows\System\BkkcPmx.exe
  C:\Windows\System\BkkcPmx.exe
  2⤵
  PID:1812
- C:\Windows\System\CLzYlGm.exe
  C:\Windows\System\CLzYlGm.exe
  2⤵
  PID:2788
- C:\Windows\System\awGBScj.exe
  C:\Windows\System\awGBScj.exe
  2⤵
  PID:2080
- C:\Windows\System\mplswue.exe
  C:\Windows\System\mplswue.exe
  2⤵
  PID:2052
- C:\Windows\System\phJBTKd.exe
  C:\Windows\System\phJBTKd.exe
  2⤵
  PID:1804
- C:\Windows\System\RUvLQUq.exe
  C:\Windows\System\RUvLQUq.exe
  2⤵
  PID:1572
- C:\Windows\System\JkjfcUE.exe
  C:\Windows\System\JkjfcUE.exe
  2⤵
  PID:2068
- C:\Windows\System\wSFkxId.exe
  C:\Windows\System\wSFkxId.exe
  2⤵
  PID:2176
- C:\Windows\System\VhgwMzm.exe
  C:\Windows\System\VhgwMzm.exe
  2⤵
  PID:1680
- C:\Windows\System\piOfQON.exe
  C:\Windows\System\piOfQON.exe
  2⤵
  PID:1404
- C:\Windows\System\mWUtyRn.exe
  C:\Windows\System\mWUtyRn.exe
  2⤵
  PID:2876
- C:\Windows\System\DUBdiOT.exe
  C:\Windows\System\DUBdiOT.exe
  2⤵
  PID:2060
- C:\Windows\System\XkYtOPe.exe
  C:\Windows\System\XkYtOPe.exe
  2⤵
  PID:2660
- C:\Windows\System\yPQnilG.exe
  C:\Windows\System\yPQnilG.exe
  2⤵
  PID:2668
- C:\Windows\System\aOMcnKH.exe
  C:\Windows\System\aOMcnKH.exe
  2⤵
  PID:2568
- C:\Windows\System\pfqSHap.exe
  C:\Windows\System\pfqSHap.exe
  2⤵
  PID:2036
- C:\Windows\System\QCICSpm.exe
  C:\Windows\System\QCICSpm.exe
  2⤵
  PID:1268
- C:\Windows\System\diitUpl.exe
  C:\Windows\System\diitUpl.exe
  2⤵
  PID:2328
- C:\Windows\System\DrFOumb.exe
  C:\Windows\System\DrFOumb.exe
  2⤵
  PID:2752
- C:\Windows\System\jTGlOyU.exe
  C:\Windows\System\jTGlOyU.exe
  2⤵
  PID:1364
- C:\Windows\System\UhzwjlI.exe
  C:\Windows\System\UhzwjlI.exe
  2⤵
  PID:2056
- C:\Windows\System\eOlnKhI.exe
  C:\Windows\System\eOlnKhI.exe
  2⤵
  PID:1068
- C:\Windows\System\BtobjlV.exe
  C:\Windows\System\BtobjlV.exe
  2⤵
  PID:952
- C:\Windows\System\EzpZuPP.exe
  C:\Windows\System\EzpZuPP.exe
  2⤵
  PID:3028
- C:\Windows\System\cYXWZxp.exe
  C:\Windows\System\cYXWZxp.exe
  2⤵
  PID:2112
- C:\Windows\System\oDODAym.exe
  C:\Windows\System\oDODAym.exe
  2⤵
  PID:2664
- C:\Windows\System\wIitqTP.exe
  C:\Windows\System\wIitqTP.exe
  2⤵
  PID:1860
- C:\Windows\System\pVushsF.exe
  C:\Windows\System\pVushsF.exe
  2⤵
  PID:1732
- C:\Windows\System\AprOiIe.exe
  C:\Windows\System\AprOiIe.exe
  2⤵
  PID:644
- C:\Windows\System\mPQxMwu.exe
  C:\Windows\System\mPQxMwu.exe
  2⤵
  PID:2908
- C:\Windows\System\oefrkCo.exe
  C:\Windows\System\oefrkCo.exe
  2⤵
  PID:1376
- C:\Windows\System\lPcdkve.exe
  C:\Windows\System\lPcdkve.exe
  2⤵
  PID:1016
- C:\Windows\System\JTeWKwb.exe
  C:\Windows\System\JTeWKwb.exe
  2⤵
  PID:2004
- C:\Windows\System\QWxzjor.exe
  C:\Windows\System\QWxzjor.exe
  2⤵
  PID:2948
- C:\Windows\System\fIbryOW.exe
  C:\Windows\System\fIbryOW.exe
  2⤵
  PID:1236
- C:\Windows\System\ULrYhjO.exe
  C:\Windows\System\ULrYhjO.exe
  2⤵
  PID:2744
- C:\Windows\System\GgPwDNG.exe
  C:\Windows\System\GgPwDNG.exe
  2⤵
  PID:2772
- C:\Windows\System\jFJMJIY.exe
  C:\Windows\System\jFJMJIY.exe
  2⤵
  PID:2748
- C:\Windows\System\jVmRCrP.exe
  C:\Windows\System\jVmRCrP.exe
  2⤵
  PID:2520
- C:\Windows\System\EZhXwui.exe
  C:\Windows\System\EZhXwui.exe
  2⤵
  PID:1412
- C:\Windows\System\mzqpUYx.exe
  C:\Windows\System\mzqpUYx.exe
  2⤵
  PID:2532
- C:\Windows\System\tIcnsVL.exe
  C:\Windows\System\tIcnsVL.exe
  2⤵
  PID:2960
- C:\Windows\System\WQJeoLO.exe
  C:\Windows\System\WQJeoLO.exe
  2⤵
  PID:600
- C:\Windows\System\wQhBAAm.exe
  C:\Windows\System\wQhBAAm.exe
  2⤵
  PID:2392
- C:\Windows\System\LhEmbap.exe
  C:\Windows\System\LhEmbap.exe
  2⤵
  PID:1244
- C:\Windows\System\UDelSwk.exe
  C:\Windows\System\UDelSwk.exe
  2⤵
  PID:1620
- C:\Windows\System\pRiCHtG.exe
  C:\Windows\System\pRiCHtG.exe
  2⤵
  PID:2640
- C:\Windows\System\QqXDICy.exe
  C:\Windows\System\QqXDICy.exe
  2⤵
  PID:2500
- C:\Windows\System\jqWKZNr.exe
  C:\Windows\System\jqWKZNr.exe
  2⤵
  PID:356
- C:\Windows\System\kJzXBLg.exe
  C:\Windows\System\kJzXBLg.exe
  2⤵
  PID:892
- C:\Windows\System\UiubzdS.exe
  C:\Windows\System\UiubzdS.exe
  2⤵
  PID:556
- C:\Windows\System\TUQFqqr.exe
  C:\Windows\System\TUQFqqr.exe
  2⤵
  PID:2344
- C:\Windows\System\CNzIpNp.exe
  C:\Windows\System\CNzIpNp.exe
  2⤵
  PID:1596
- C:\Windows\System\HNUNkGF.exe
  C:\Windows\System\HNUNkGF.exe
  2⤵
  PID:2020
- C:\Windows\System\DlOGDwh.exe
  C:\Windows\System\DlOGDwh.exe
  2⤵
  PID:2352
- C:\Windows\System\Prxhpgu.exe
  C:\Windows\System\Prxhpgu.exe
  2⤵
  PID:1512
- C:\Windows\System\RADfTgv.exe
  C:\Windows\System\RADfTgv.exe
  2⤵
  PID:2856
- C:\Windows\System\CsMEAUl.exe
  C:\Windows\System\CsMEAUl.exe
  2⤵
  PID:1736
- C:\Windows\System\JuRVqQv.exe
  C:\Windows\System\JuRVqQv.exe
  2⤵
  PID:1600
- C:\Windows\System\JeGsBnv.exe
  C:\Windows\System\JeGsBnv.exe
  2⤵
  PID:2120
- C:\Windows\System\JudSdeG.exe
  C:\Windows\System\JudSdeG.exe
  2⤵
  PID:2216
- C:\Windows\System\zOWnIFW.exe
  C:\Windows\System\zOWnIFW.exe
  2⤵
  PID:2996
- C:\Windows\System\qGbvhak.exe
  C:\Windows\System\qGbvhak.exe
  2⤵
  PID:2276
- C:\Windows\System\uQbcAVg.exe
  C:\Windows\System\uQbcAVg.exe
  2⤵
  PID:3024
- C:\Windows\System\IVCmCHe.exe
  C:\Windows\System\IVCmCHe.exe
  2⤵
  PID:1924
- C:\Windows\System\nEcZxeQ.exe
  C:\Windows\System\nEcZxeQ.exe
  2⤵
  PID:2156
- C:\Windows\System\TKrLIlY.exe
  C:\Windows\System\TKrLIlY.exe
  2⤵
  PID:1036
- C:\Windows\System\bXuumom.exe
  C:\Windows\System\bXuumom.exe
  2⤵
  PID:1876
- C:\Windows\System\OtZhHDF.exe
  C:\Windows\System\OtZhHDF.exe
  2⤵
  PID:1148
- C:\Windows\System\jIOSzmE.exe
  C:\Windows\System\jIOSzmE.exe
  2⤵
  PID:2100
- C:\Windows\System\sYKITsf.exe
  C:\Windows\System\sYKITsf.exe
  2⤵
  PID:780
- C:\Windows\System\DsdtwpI.exe
  C:\Windows\System\DsdtwpI.exe
  2⤵
  PID:2992
- C:\Windows\System\VeDSNVC.exe
  C:\Windows\System\VeDSNVC.exe
  2⤵
  PID:2240
- C:\Windows\System\wrTJcyk.exe
  C:\Windows\System\wrTJcyk.exe
  2⤵
  PID:580
- C:\Windows\System\UspRqDi.exe
  C:\Windows\System\UspRqDi.exe
  2⤵
  PID:1996
- C:\Windows\System\grGgVel.exe
  C:\Windows\System\grGgVel.exe
  2⤵
  PID:1940
- C:\Windows\System\SjNyeMq.exe
  C:\Windows\System\SjNyeMq.exe
  2⤵
  PID:1292
- C:\Windows\System\AcdAJse.exe
  C:\Windows\System\AcdAJse.exe
  2⤵
  PID:2800
- C:\Windows\System\WxrbIBu.exe
  C:\Windows\System\WxrbIBu.exe
  2⤵
  PID:3084
- C:\Windows\System\QLRjITe.exe
  C:\Windows\System\QLRjITe.exe
  2⤵
  PID:3104
- C:\Windows\System\JjkDenv.exe
  C:\Windows\System\JjkDenv.exe
  2⤵
  PID:3124
- C:\Windows\System\qNMhrrK.exe
  C:\Windows\System\qNMhrrK.exe
  2⤵
  PID:3144
- C:\Windows\System\OvxhAmI.exe
  C:\Windows\System\OvxhAmI.exe
  2⤵
  PID:3164
- C:\Windows\System\yhJOvUE.exe
  C:\Windows\System\yhJOvUE.exe
  2⤵
  PID:3184
- C:\Windows\System\VhYbKLj.exe
  C:\Windows\System\VhYbKLj.exe
  2⤵
  PID:3204
- C:\Windows\System\ZPnikMa.exe
  C:\Windows\System\ZPnikMa.exe
  2⤵
  PID:3224
- C:\Windows\System\nZWsjam.exe
  C:\Windows\System\nZWsjam.exe
  2⤵
  PID:3244
- C:\Windows\System\MdDmFey.exe
  C:\Windows\System\MdDmFey.exe
  2⤵
  PID:3264
- C:\Windows\System\PPFBgGU.exe
  C:\Windows\System\PPFBgGU.exe
  2⤵
  PID:3284
- C:\Windows\System\LiOlWYo.exe
  C:\Windows\System\LiOlWYo.exe
  2⤵
  PID:3304
- C:\Windows\System\vnYVtFy.exe
  C:\Windows\System\vnYVtFy.exe
  2⤵
  PID:3320
- C:\Windows\System\UdujMIE.exe
  C:\Windows\System\UdujMIE.exe
  2⤵
  PID:3344
- C:\Windows\System\YtyHNqK.exe
  C:\Windows\System\YtyHNqK.exe
  2⤵
  PID:3364
- C:\Windows\System\MMSumrc.exe
  C:\Windows\System\MMSumrc.exe
  2⤵
  PID:3384
- C:\Windows\System\VQAFJxY.exe
  C:\Windows\System\VQAFJxY.exe
  2⤵
  PID:3404
- C:\Windows\System\bxCcZfk.exe
  C:\Windows\System\bxCcZfk.exe
  2⤵
  PID:3424
- C:\Windows\System\LCbQpZA.exe
  C:\Windows\System\LCbQpZA.exe
  2⤵
  PID:3444
- C:\Windows\System\cyKiPgd.exe
  C:\Windows\System\cyKiPgd.exe
  2⤵
  PID:3464
- C:\Windows\System\KcuaPef.exe
  C:\Windows\System\KcuaPef.exe
  2⤵
  PID:3488
- C:\Windows\System\CyGSVzI.exe
  C:\Windows\System\CyGSVzI.exe
  2⤵
  PID:3508
- C:\Windows\System\dZCUmBt.exe
  C:\Windows\System\dZCUmBt.exe
  2⤵
  PID:3528
- C:\Windows\System\CtGdZzN.exe
  C:\Windows\System\CtGdZzN.exe
  2⤵
  PID:3548
- C:\Windows\System\JIdAxvq.exe
  C:\Windows\System\JIdAxvq.exe
  2⤵
  PID:3568
- C:\Windows\System\HiGSwFi.exe
  C:\Windows\System\HiGSwFi.exe
  2⤵
  PID:3588
- C:\Windows\System\HaSzXsE.exe
  C:\Windows\System\HaSzXsE.exe
  2⤵
  PID:3608
- C:\Windows\System\FuSwKvp.exe
  C:\Windows\System\FuSwKvp.exe
  2⤵
  PID:3628
- C:\Windows\System\ByOoNVz.exe
  C:\Windows\System\ByOoNVz.exe
  2⤵
  PID:3648
- C:\Windows\System\cORqOrV.exe
  C:\Windows\System\cORqOrV.exe
  2⤵
  PID:3668
- C:\Windows\System\WlaBUsb.exe
  C:\Windows\System\WlaBUsb.exe
  2⤵
  PID:3688
- C:\Windows\System\EKazlib.exe
  C:\Windows\System\EKazlib.exe
  2⤵
  PID:3708
- C:\Windows\System\hlfpWiL.exe
  C:\Windows\System\hlfpWiL.exe
  2⤵
  PID:3728
- C:\Windows\System\WRBovaC.exe
  C:\Windows\System\WRBovaC.exe
  2⤵
  PID:3748
- C:\Windows\System\feiRcPh.exe
  C:\Windows\System\feiRcPh.exe
  2⤵
  PID:3768
- C:\Windows\System\QXdrztO.exe
  C:\Windows\System\QXdrztO.exe
  2⤵
  PID:3788
- C:\Windows\System\xEczwjX.exe
  C:\Windows\System\xEczwjX.exe
  2⤵
  PID:3808
- C:\Windows\System\faxGSOB.exe
  C:\Windows\System\faxGSOB.exe
  2⤵
  PID:3828
- C:\Windows\System\peXLOWs.exe
  C:\Windows\System\peXLOWs.exe
  2⤵
  PID:3844
- C:\Windows\System\DuJTzaV.exe
  C:\Windows\System\DuJTzaV.exe
  2⤵
  PID:3860
- C:\Windows\System\kpvorRi.exe
  C:\Windows\System\kpvorRi.exe
  2⤵
  PID:3876
- C:\Windows\System\LpHAVEq.exe
  C:\Windows\System\LpHAVEq.exe
  2⤵
  PID:3892
- C:\Windows\System\yYPRwmc.exe
  C:\Windows\System\yYPRwmc.exe
  2⤵
  PID:3908
- C:\Windows\System\qwKuoMJ.exe
  C:\Windows\System\qwKuoMJ.exe
  2⤵
  PID:3924
- C:\Windows\System\FxXMTbU.exe
  C:\Windows\System\FxXMTbU.exe
  2⤵
  PID:3940
- C:\Windows\System\HRqshTb.exe
  C:\Windows\System\HRqshTb.exe
  2⤵
  PID:3956
- C:\Windows\System\mOthSZX.exe
  C:\Windows\System\mOthSZX.exe
  2⤵
  PID:3972
- C:\Windows\System\jFqwesY.exe
  C:\Windows\System\jFqwesY.exe
  2⤵
  PID:3988
- C:\Windows\System\cdatQXC.exe
  C:\Windows\System\cdatQXC.exe
  2⤵
  PID:4004
- C:\Windows\System\qJrCgkJ.exe
  C:\Windows\System\qJrCgkJ.exe
  2⤵
  PID:4020
- C:\Windows\System\JbeesDf.exe
  C:\Windows\System\JbeesDf.exe
  2⤵
  PID:4036
- C:\Windows\System\erdWNpP.exe
  C:\Windows\System\erdWNpP.exe
  2⤵
  PID:4052
- C:\Windows\System\poVCwbE.exe
  C:\Windows\System\poVCwbE.exe
  2⤵
  PID:4068
- C:\Windows\System\nXvnzVy.exe
  C:\Windows\System\nXvnzVy.exe
  2⤵
  PID:4084
- C:\Windows\System\jgPhCqs.exe
  C:\Windows\System\jgPhCqs.exe
  2⤵
  PID:1408
- C:\Windows\System\eELqESq.exe
  C:\Windows\System\eELqESq.exe
  2⤵
  PID:1116
- C:\Windows\System\lOLQeLk.exe
  C:\Windows\System\lOLQeLk.exe
  2⤵
  PID:3080
- C:\Windows\System\yxDGJFT.exe
  C:\Windows\System\yxDGJFT.exe
  2⤵
  PID:3140
- C:\Windows\System\bakHanE.exe
  C:\Windows\System\bakHanE.exe
  2⤵
  PID:3172
- C:\Windows\System\aXOZDah.exe
  C:\Windows\System\aXOZDah.exe
  2⤵
  PID:3156
- C:\Windows\System\HaeFoat.exe
  C:\Windows\System\HaeFoat.exe
  2⤵
  PID:3196
- C:\Windows\System\PRqyHBl.exe
  C:\Windows\System\PRqyHBl.exe
  2⤵
  PID:3232
- C:\Windows\System\COgoZXK.exe
  C:\Windows\System\COgoZXK.exe
  2⤵
  PID:3236
- C:\Windows\System\GkoKvRh.exe
  C:\Windows\System\GkoKvRh.exe
  2⤵
  PID:3296
- C:\Windows\System\ENlCJvK.exe
  C:\Windows\System\ENlCJvK.exe
  2⤵
  PID:3328
- C:\Windows\System\MLpRqaW.exe
  C:\Windows\System\MLpRqaW.exe
  2⤵
  PID:3312
- C:\Windows\System\BWoThpG.exe
  C:\Windows\System\BWoThpG.exe
  2⤵
  PID:3380
- C:\Windows\System\pSaTeBQ.exe
  C:\Windows\System\pSaTeBQ.exe
  2⤵
  PID:3376
- C:\Windows\System\lSxRgeB.exe
  C:\Windows\System\lSxRgeB.exe
  2⤵
  PID:3396
- C:\Windows\System\fQrZBJc.exe
  C:\Windows\System\fQrZBJc.exe
  2⤵
  PID:3460
- C:\Windows\System\FkWHyqx.exe
  C:\Windows\System\FkWHyqx.exe
  2⤵
  PID:3436
- C:\Windows\System\gAduVNs.exe
  C:\Windows\System\gAduVNs.exe
  2⤵
  PID:3480
- C:\Windows\System\bcTknLj.exe
  C:\Windows\System\bcTknLj.exe
  2⤵
  PID:3524
- C:\Windows\System\kjynZbw.exe
  C:\Windows\System\kjynZbw.exe
  2⤵
  PID:3540
- C:\Windows\System\lkiXjWc.exe
  C:\Windows\System\lkiXjWc.exe
  2⤵
  PID:3560
- C:\Windows\System\LvNOzOk.exe
  C:\Windows\System\LvNOzOk.exe
  2⤵
  PID:3616
- C:\Windows\System\DyXuHeB.exe
  C:\Windows\System\DyXuHeB.exe
  2⤵
  PID:3600
- C:\Windows\System\uPxpAMo.exe
  C:\Windows\System\uPxpAMo.exe
  2⤵
  PID:3856
- C:\Windows\System\ZVWtbSp.exe
  C:\Windows\System\ZVWtbSp.exe
  2⤵
  PID:3952
- C:\Windows\System\CQdrjQa.exe
  C:\Windows\System\CQdrjQa.exe
  2⤵
  PID:3996
- C:\Windows\System\EIEWeLU.exe
  C:\Windows\System\EIEWeLU.exe
  2⤵
  PID:4028
- C:\Windows\System\AHwrwsY.exe
  C:\Windows\System\AHwrwsY.exe
  2⤵
  PID:4064
- C:\Windows\System\wzDSQei.exe
  C:\Windows\System\wzDSQei.exe
  2⤵
  PID:3092
- C:\Windows\System\pjmQbPF.exe
  C:\Windows\System\pjmQbPF.exe
  2⤵
  PID:3136
- C:\Windows\System\qnPVajX.exe
  C:\Windows\System\qnPVajX.exe
  2⤵
  PID:3216
- C:\Windows\System\zHoGpKX.exe
  C:\Windows\System\zHoGpKX.exe
  2⤵
  PID:3280
- C:\Windows\System\wqPdbLI.exe
  C:\Windows\System\wqPdbLI.exe
  2⤵
  PID:3360
- C:\Windows\System\YVLbrfE.exe
  C:\Windows\System\YVLbrfE.exe
  2⤵
  PID:3416
- C:\Windows\System\FJupBuX.exe
  C:\Windows\System\FJupBuX.exe
  2⤵
  PID:3440
- C:\Windows\System\eHhhSVy.exe
  C:\Windows\System\eHhhSVy.exe
  2⤵
  PID:3536
- C:\Windows\System\uulviYw.exe
  C:\Windows\System\uulviYw.exe
  2⤵
  PID:3564
- C:\Windows\System\TGLwkxY.exe
  C:\Windows\System\TGLwkxY.exe
  2⤵
  PID:3644
- C:\Windows\System\jUNrstg.exe
  C:\Windows\System\jUNrstg.exe
  2⤵
  PID:3664
- C:\Windows\System\KfRBNON.exe
  C:\Windows\System\KfRBNON.exe
  2⤵
  PID:3676
- C:\Windows\System\ybltMbT.exe
  C:\Windows\System\ybltMbT.exe
  2⤵
  PID:3736
- C:\Windows\System\gsDSGVG.exe
  C:\Windows\System\gsDSGVG.exe
  2⤵
  PID:3756
- C:\Windows\System\AOPmJee.exe
  C:\Windows\System\AOPmJee.exe
  2⤵
  PID:3780
- C:\Windows\System\fTjiNYJ.exe
  C:\Windows\System\fTjiNYJ.exe
  2⤵
  PID:3804
- C:\Windows\System\uTduIUs.exe
  C:\Windows\System\uTduIUs.exe
  2⤵
  PID:2952
- C:\Windows\System\OHyzuXw.exe
  C:\Windows\System\OHyzuXw.exe
  2⤵
  PID:3852
- C:\Windows\System\edjnovs.exe
  C:\Windows\System\edjnovs.exe
  2⤵
  PID:2160
- C:\Windows\System\NXhRpVI.exe
  C:\Windows\System\NXhRpVI.exe
  2⤵
  PID:1968
- C:\Windows\System\zHHbacF.exe
  C:\Windows\System\zHHbacF.exe
  2⤵
  PID:4048
- C:\Windows\System\iOYFlEY.exe
  C:\Windows\System\iOYFlEY.exe
  2⤵
  PID:3068
- C:\Windows\System\jeXBsFV.exe
  C:\Windows\System\jeXBsFV.exe
  2⤵
  PID:3932
- C:\Windows\System\fDnDqVG.exe
  C:\Windows\System\fDnDqVG.exe
  2⤵
  PID:1604
- C:\Windows\System\IyumdoW.exe
  C:\Windows\System\IyumdoW.exe
  2⤵
  PID:4060
- C:\Windows\System\cRPCssv.exe
  C:\Windows\System\cRPCssv.exe
  2⤵
  PID:3116
- C:\Windows\System\oYXDKsI.exe
  C:\Windows\System\oYXDKsI.exe
  2⤵
  PID:1160
- C:\Windows\System\gOMPcvQ.exe
  C:\Windows\System\gOMPcvQ.exe
  2⤵
  PID:3200
- C:\Windows\System\iaFJBaY.exe
  C:\Windows\System\iaFJBaY.exe
  2⤵
  PID:1096
- C:\Windows\System\HjIlxfl.exe
  C:\Windows\System\HjIlxfl.exe
  2⤵
  PID:3432
- C:\Windows\System\xCXNjvh.exe
  C:\Windows\System\xCXNjvh.exe
  2⤵
  PID:1920
- C:\Windows\System\NoEKmEl.exe
  C:\Windows\System\NoEKmEl.exe
  2⤵
  PID:836
- C:\Windows\System\sjGhEkN.exe
  C:\Windows\System\sjGhEkN.exe
  2⤵
  PID:3604
- C:\Windows\System\WHtABEj.exe
  C:\Windows\System\WHtABEj.exe
  2⤵
  PID:2728
- C:\Windows\System\mCFFWjr.exe
  C:\Windows\System\mCFFWjr.exe
  2⤵
  PID:3740
- C:\Windows\System\MVLKVqr.exe
  C:\Windows\System\MVLKVqr.exe
  2⤵
  PID:3720
- C:\Windows\System\oTqWmyK.exe
  C:\Windows\System\oTqWmyK.exe
  2⤵
  PID:3160
- C:\Windows\System\okBCLrT.exe
  C:\Windows\System\okBCLrT.exe
  2⤵
  PID:3884
- C:\Windows\System\JCELNTF.exe
  C:\Windows\System\JCELNTF.exe
  2⤵
  PID:2196
- C:\Windows\System\alasISU.exe
  C:\Windows\System\alasISU.exe
  2⤵
  PID:3120
- C:\Windows\System\DXxyElS.exe
  C:\Windows\System\DXxyElS.exe
  2⤵
  PID:1584
- C:\Windows\System\RvAsfaT.exe
  C:\Windows\System\RvAsfaT.exe
  2⤵
  PID:3920
- C:\Windows\System\abNWwKb.exe
  C:\Windows\System\abNWwKb.exe
  2⤵
  PID:3472
- C:\Windows\System\IQdvCgJ.exe
  C:\Windows\System\IQdvCgJ.exe
  2⤵
  PID:1040
- C:\Windows\System\pJbStAw.exe
  C:\Windows\System\pJbStAw.exe
  2⤵
  PID:3400
- C:\Windows\System\MlIhIDP.exe
  C:\Windows\System\MlIhIDP.exe
  2⤵
  PID:1724
- C:\Windows\System\nTnOWhn.exe
  C:\Windows\System\nTnOWhn.exe
  2⤵
  PID:1908
- C:\Windows\System\fPjYjrB.exe
  C:\Windows\System\fPjYjrB.exe
  2⤵
  PID:3040
- C:\Windows\System\eyexqyd.exe
  C:\Windows\System\eyexqyd.exe
  2⤵
  PID:3716
- C:\Windows\System\KpSzlrP.exe
  C:\Windows\System\KpSzlrP.exe
  2⤵
  PID:3696
- C:\Windows\System\MxnRLBh.exe
  C:\Windows\System\MxnRLBh.exe
  2⤵
  PID:3760
- C:\Windows\System\yVZIrWy.exe
  C:\Windows\System\yVZIrWy.exe
  2⤵
  PID:3100
- C:\Windows\System\ezNLtPG.exe
  C:\Windows\System\ezNLtPG.exe
  2⤵
  PID:3340
- C:\Windows\System\AFonjIw.exe
  C:\Windows\System\AFonjIw.exe
  2⤵
  PID:3132
- C:\Windows\System\QsCKQzK.exe
  C:\Windows\System\QsCKQzK.exe
  2⤵
  PID:3240
- C:\Windows\System\ZwWZsCF.exe
  C:\Windows\System\ZwWZsCF.exe
  2⤵
  PID:3784
- C:\Windows\System\UePLqhN.exe
  C:\Windows\System\UePLqhN.exe
  2⤵
  PID:3500
- C:\Windows\System\GVzeVLM.exe
  C:\Windows\System\GVzeVLM.exe
  2⤵
  PID:3968
- C:\Windows\System\CJfbDvH.exe
  C:\Windows\System\CJfbDvH.exe
  2⤵
  PID:3776
- C:\Windows\System\FOXBjky.exe
  C:\Windows\System\FOXBjky.exe
  2⤵
  PID:3700
- C:\Windows\System\WgnLHMf.exe
  C:\Windows\System\WgnLHMf.exe
  2⤵
  PID:3192
- C:\Windows\System\steRiub.exe
  C:\Windows\System\steRiub.exe
  2⤵
  PID:4000
- C:\Windows\System\upPSrtO.exe
  C:\Windows\System\upPSrtO.exe
  2⤵
  PID:2124
- C:\Windows\System\OpMHRnI.exe
  C:\Windows\System\OpMHRnI.exe
  2⤵
  PID:3980
- C:\Windows\System\qKqqryp.exe
  C:\Windows\System\qKqqryp.exe
  2⤵
  PID:4100
- C:\Windows\System\JqFobtJ.exe
  C:\Windows\System\JqFobtJ.exe
  2⤵
  PID:4116
- C:\Windows\System\lzhYvKS.exe
  C:\Windows\System\lzhYvKS.exe
  2⤵
  PID:4132
- C:\Windows\System\KhSFdlj.exe
  C:\Windows\System\KhSFdlj.exe
  2⤵
  PID:4148
- C:\Windows\System\fDsSbWe.exe
  C:\Windows\System\fDsSbWe.exe
  2⤵
  PID:4164
- C:\Windows\System\OYauPZa.exe
  C:\Windows\System\OYauPZa.exe
  2⤵
  PID:4180
- C:\Windows\System\oHvhkZJ.exe
  C:\Windows\System\oHvhkZJ.exe
  2⤵
  PID:4196
- C:\Windows\System\hjQpGXF.exe
  C:\Windows\System\hjQpGXF.exe
  2⤵
  PID:4212
- C:\Windows\System\jcwOGbu.exe
  C:\Windows\System\jcwOGbu.exe
  2⤵
  PID:4228
- C:\Windows\System\fDvmJKN.exe
  C:\Windows\System\fDvmJKN.exe
  2⤵
  PID:4244
- C:\Windows\System\CVISxmH.exe
  C:\Windows\System\CVISxmH.exe
  2⤵
  PID:4260
- C:\Windows\System\DFkPnRG.exe
  C:\Windows\System\DFkPnRG.exe
  2⤵
  PID:4280
- C:\Windows\System\xeaylQD.exe
  C:\Windows\System\xeaylQD.exe
  2⤵
  PID:4296
- C:\Windows\System\lqaFVCj.exe
  C:\Windows\System\lqaFVCj.exe
  2⤵
  PID:4312
- C:\Windows\System\dRyiwqu.exe
  C:\Windows\System\dRyiwqu.exe
  2⤵
  PID:4328
- C:\Windows\System\NcDZhvg.exe
  C:\Windows\System\NcDZhvg.exe
  2⤵
  PID:4344
- C:\Windows\System\PWLOpqQ.exe
  C:\Windows\System\PWLOpqQ.exe
  2⤵
  PID:4360
- C:\Windows\System\eYacRdY.exe
  C:\Windows\System\eYacRdY.exe
  2⤵
  PID:4376
- C:\Windows\System\YKwsBwj.exe
  C:\Windows\System\YKwsBwj.exe
  2⤵
  PID:4392
- C:\Windows\System\dYIalkd.exe
  C:\Windows\System\dYIalkd.exe
  2⤵
  PID:4408
- C:\Windows\System\qEJTIby.exe
  C:\Windows\System\qEJTIby.exe
  2⤵
  PID:4428
- C:\Windows\System\xTwUIIj.exe
  C:\Windows\System\xTwUIIj.exe
  2⤵
  PID:4444
- C:\Windows\System\ElzhYtY.exe
  C:\Windows\System\ElzhYtY.exe
  2⤵
  PID:4460
- C:\Windows\System\soYsyRs.exe
  C:\Windows\System\soYsyRs.exe
  2⤵
  PID:4476
- C:\Windows\System\ZNoluVG.exe
  C:\Windows\System\ZNoluVG.exe
  2⤵
  PID:4492
- C:\Windows\System\PADpDXS.exe
  C:\Windows\System\PADpDXS.exe
  2⤵
  PID:4508
- C:\Windows\System\IKkSbLo.exe
  C:\Windows\System\IKkSbLo.exe
  2⤵
  PID:4524
- C:\Windows\System\yAOokPO.exe
  C:\Windows\System\yAOokPO.exe
  2⤵
  PID:4540
- C:\Windows\System\DBvCKxD.exe
  C:\Windows\System\DBvCKxD.exe
  2⤵
  PID:4568
- C:\Windows\System\PRTDXJi.exe
  C:\Windows\System\PRTDXJi.exe
  2⤵
  PID:4584
- C:\Windows\System\LMkICHN.exe
  C:\Windows\System\LMkICHN.exe
  2⤵
  PID:4600
- C:\Windows\System\xcGyuKN.exe
  C:\Windows\System\xcGyuKN.exe
  2⤵
  PID:4616
- C:\Windows\System\BpoyjUZ.exe
  C:\Windows\System\BpoyjUZ.exe
  2⤵
  PID:4632
- C:\Windows\System\VRMKpqQ.exe
  C:\Windows\System\VRMKpqQ.exe
  2⤵
  PID:4648
- C:\Windows\System\XvxBZZu.exe
  C:\Windows\System\XvxBZZu.exe
  2⤵
  PID:4664
- C:\Windows\System\kEJNrvS.exe
  C:\Windows\System\kEJNrvS.exe
  2⤵
  PID:4680
- C:\Windows\System\xtCYtob.exe
  C:\Windows\System\xtCYtob.exe
  2⤵
  PID:4700
- C:\Windows\System\WzYfwGf.exe
  C:\Windows\System\WzYfwGf.exe
  2⤵
  PID:4716
- C:\Windows\System\qjEstOM.exe
  C:\Windows\System\qjEstOM.exe
  2⤵
  PID:4736
- C:\Windows\System\FZaWehM.exe
  C:\Windows\System\FZaWehM.exe
  2⤵
  PID:4752
- C:\Windows\System\qxlUJWG.exe
  C:\Windows\System\qxlUJWG.exe
  2⤵
  PID:4768
- C:\Windows\System\eFyGXhW.exe
  C:\Windows\System\eFyGXhW.exe
  2⤵
  PID:4784
- C:\Windows\System\gBhcHoo.exe
  C:\Windows\System\gBhcHoo.exe
  2⤵
  PID:4804
- C:\Windows\System\fVMixii.exe
  C:\Windows\System\fVMixii.exe
  2⤵
  PID:4820
- C:\Windows\System\JfslUim.exe
  C:\Windows\System\JfslUim.exe
  2⤵
  PID:4836
- C:\Windows\System\qYNBmjk.exe
  C:\Windows\System\qYNBmjk.exe
  2⤵
  PID:4852
- C:\Windows\System\tvUunfO.exe
  C:\Windows\System\tvUunfO.exe
  2⤵
  PID:4868
- C:\Windows\System\DiNzWJj.exe
  C:\Windows\System\DiNzWJj.exe
  2⤵
  PID:4884
- C:\Windows\System\GonyGHu.exe
  C:\Windows\System\GonyGHu.exe
  2⤵
  PID:4900
- C:\Windows\System\WtGOwQY.exe
  C:\Windows\System\WtGOwQY.exe
  2⤵
  PID:4916
- C:\Windows\System\YMyybpx.exe
  C:\Windows\System\YMyybpx.exe
  2⤵
  PID:4932
- C:\Windows\System\rUlAhHV.exe
  C:\Windows\System\rUlAhHV.exe
  2⤵
  PID:4948
- C:\Windows\System\npRQGhO.exe
  C:\Windows\System\npRQGhO.exe
  2⤵
  PID:4964
- C:\Windows\System\HVgAsMQ.exe
  C:\Windows\System\HVgAsMQ.exe
  2⤵
  PID:4980
- C:\Windows\System\AlBDUfO.exe
  C:\Windows\System\AlBDUfO.exe
  2⤵
  PID:4996
- C:\Windows\System\ZmMwFOl.exe
  C:\Windows\System\ZmMwFOl.exe
  2⤵
  PID:5012
- C:\Windows\System\yCiFGQv.exe
  C:\Windows\System\yCiFGQv.exe
  2⤵
  PID:5028
- C:\Windows\System\vUpkLwF.exe
  C:\Windows\System\vUpkLwF.exe
  2⤵
  PID:5044
- C:\Windows\System\arUdZTk.exe
  C:\Windows\System\arUdZTk.exe
  2⤵
  PID:5060
- C:\Windows\System\TTsYXXt.exe
  C:\Windows\System\TTsYXXt.exe
  2⤵
  PID:5076
- C:\Windows\System\KMNuZYc.exe
  C:\Windows\System\KMNuZYc.exe
  2⤵
  PID:5092
- C:\Windows\System\uAfQyHz.exe
  C:\Windows\System\uAfQyHz.exe
  2⤵
  PID:5108
- C:\Windows\System\JcaoZTI.exe
  C:\Windows\System\JcaoZTI.exe
  2⤵
  PID:3724
- C:\Windows\System\PeonogT.exe
  C:\Windows\System\PeonogT.exe
  2⤵
  PID:4112
- C:\Windows\System\eHoJuCh.exe
  C:\Windows\System\eHoJuCh.exe
  2⤵
  PID:4176
- C:\Windows\System\DDwDDvP.exe
  C:\Windows\System\DDwDDvP.exe
  2⤵
  PID:4080
- C:\Windows\System\pBQQCnM.exe
  C:\Windows\System\pBQQCnM.exe
  2⤵
  PID:4160
- C:\Windows\System\LduqZkY.exe
  C:\Windows\System\LduqZkY.exe
  2⤵
  PID:4252
- C:\Windows\System\CzfgIjn.exe
  C:\Windows\System\CzfgIjn.exe
  2⤵
  PID:4240
- C:\Windows\System\RjpZRdk.exe
  C:\Windows\System\RjpZRdk.exe
  2⤵
  PID:4304
- C:\Windows\System\sbGIoQM.exe
  C:\Windows\System\sbGIoQM.exe
  2⤵
  PID:4324
- C:\Windows\System\BHlWUjf.exe
  C:\Windows\System\BHlWUjf.exe
  2⤵
  PID:4440
- C:\Windows\System\TXRXRWM.exe
  C:\Windows\System\TXRXRWM.exe
  2⤵
  PID:4484
- C:\Windows\System\KeWbznj.exe
  C:\Windows\System\KeWbznj.exe
  2⤵
  PID:4580
- C:\Windows\System\pqUqdFe.exe
  C:\Windows\System\pqUqdFe.exe
  2⤵
  PID:4672
- C:\Windows\System\xgWgifQ.exe
  C:\Windows\System\xgWgifQ.exe
  2⤵
  PID:4712
- C:\Windows\System\hsLXFPO.exe
  C:\Windows\System\hsLXFPO.exe
  2⤵
  PID:4732
- C:\Windows\System\dkRlWxQ.exe
  C:\Windows\System\dkRlWxQ.exe
  2⤵
  PID:4800
- C:\Windows\System\AZYJohn.exe
  C:\Windows\System\AZYJohn.exe
  2⤵
  PID:4832
- C:\Windows\System\XdYBekF.exe
  C:\Windows\System\XdYBekF.exe
  2⤵
  PID:4896
- C:\Windows\System\Zfgclye.exe
  C:\Windows\System\Zfgclye.exe
  2⤵
  PID:4812
- C:\Windows\System\xPiVEmx.exe
  C:\Windows\System\xPiVEmx.exe
  2⤵
  PID:4880
- C:\Windows\System\pfttJDq.exe
  C:\Windows\System\pfttJDq.exe
  2⤵
  PID:4944
- C:\Windows\System\oUiaxuW.exe
  C:\Windows\System\oUiaxuW.exe
  2⤵
  PID:4956
- C:\Windows\System\ZkLtsNV.exe
  C:\Windows\System\ZkLtsNV.exe
  2⤵
  PID:4992
- C:\Windows\System\telfetU.exe
  C:\Windows\System\telfetU.exe
  2⤵
  PID:5024
- C:\Windows\System\bBJnZVE.exe
  C:\Windows\System\bBJnZVE.exe
  2⤵
  PID:5056
- C:\Windows\System\EROVclq.exe
  C:\Windows\System\EROVclq.exe
  2⤵
  PID:2716
- C:\Windows\System\UKFbkuj.exe
  C:\Windows\System\UKFbkuj.exe
  2⤵
  PID:3220
- C:\Windows\System\RhWrHSu.exe
  C:\Windows\System\RhWrHSu.exe
  2⤵
  PID:4128
- C:\Windows\System\wYFuKXO.exe
  C:\Windows\System\wYFuKXO.exe
  2⤵
  PID:4224
- C:\Windows\System\zobJEWR.exe
  C:\Windows\System\zobJEWR.exe
  2⤵
  PID:4276
- C:\Windows\System\kAxUlxi.exe
  C:\Windows\System\kAxUlxi.exe
  2⤵
  PID:4340
- C:\Windows\System\kSqGDsN.exe
  C:\Windows\System\kSqGDsN.exe
  2⤵
  PID:4404
- C:\Windows\System\ooQReqH.exe
  C:\Windows\System\ooQReqH.exe
  2⤵
  PID:4472
- C:\Windows\System\RDyrAZn.exe
  C:\Windows\System\RDyrAZn.exe
  2⤵
  PID:4456
- C:\Windows\System\lIWqWjF.exe
  C:\Windows\System\lIWqWjF.exe
  2⤵
  PID:4424
- C:\Windows\System\SQOeNoy.exe
  C:\Windows\System\SQOeNoy.exe
  2⤵
  PID:4656
- C:\Windows\System\hznuoML.exe
  C:\Windows\System\hznuoML.exe
  2⤵
  PID:4724
- C:\Windows\System\qlrVFPe.exe
  C:\Windows\System\qlrVFPe.exe
  2⤵
  PID:4556
- C:\Windows\System\ewHytwQ.exe
  C:\Windows\System\ewHytwQ.exe
  2⤵
  PID:4708
- C:\Windows\System\xaxpXra.exe
  C:\Windows\System\xaxpXra.exe
  2⤵
  PID:4892
- C:\Windows\System\elEQJkz.exe
  C:\Windows\System\elEQJkz.exe
  2⤵
  PID:4780
- C:\Windows\System\RNzldJA.exe
  C:\Windows\System\RNzldJA.exe
  2⤵
  PID:4960
- C:\Windows\System\qpAxLHb.exe
  C:\Windows\System\qpAxLHb.exe
  2⤵
  PID:4268
- C:\Windows\System\mJnyvwu.exe
  C:\Windows\System\mJnyvwu.exe
  2⤵
  PID:752
- C:\Windows\System\flCOzEI.exe
  C:\Windows\System\flCOzEI.exe
  2⤵
  PID:4356
- C:\Windows\System\MHxIbgt.exe
  C:\Windows\System\MHxIbgt.exe
  2⤵
  PID:4384
- C:\Windows\System\FhKRkJe.exe
  C:\Windows\System\FhKRkJe.exe
  2⤵
  PID:4576
- C:\Windows\System\lYvRCYY.exe
  C:\Windows\System\lYvRCYY.exe
  2⤵
  PID:4552
- C:\Windows\System\VYsshYx.exe
  C:\Windows\System\VYsshYx.exe
  2⤵
  PID:4592
- C:\Windows\System\jpJjzFw.exe
  C:\Windows\System\jpJjzFw.exe
  2⤵
  PID:4612
- C:\Windows\System\IMIueow.exe
  C:\Windows\System\IMIueow.exe
  2⤵
  PID:4548
- C:\Windows\System\LzhADhh.exe
  C:\Windows\System\LzhADhh.exe
  2⤵
  PID:4776
- C:\Windows\System\MXusebr.exe
  C:\Windows\System\MXusebr.exe
  2⤵
  PID:4976
- C:\Windows\System\nIxYbHN.exe
  C:\Windows\System\nIxYbHN.exe
  2⤵
  PID:5100
- C:\Windows\System\RPTJKZZ.exe
  C:\Windows\System\RPTJKZZ.exe
  2⤵
  PID:5072
- C:\Windows\System\rYKGLSb.exe
  C:\Windows\System\rYKGLSb.exe
  2⤵
  PID:4308
- C:\Windows\System\eYfTxPb.exe
  C:\Windows\System\eYfTxPb.exe
  2⤵
  PID:4864
- C:\Windows\System\yWGnUEc.exe
  C:\Windows\System\yWGnUEc.exe
  2⤵
  PID:5020
- C:\Windows\System\iclLhvO.exe
  C:\Windows\System\iclLhvO.exe
  2⤵
  PID:4532
- C:\Windows\System\KCBBdxs.exe
  C:\Windows\System\KCBBdxs.exe
  2⤵
  PID:4628
- C:\Windows\System\SxjHVIw.exe
  C:\Windows\System\SxjHVIw.exe
  2⤵
  PID:4520
- C:\Windows\System\bmFuneg.exe
  C:\Windows\System\bmFuneg.exe
  2⤵
  PID:4560
- C:\Windows\System\PyUKJZZ.exe
  C:\Windows\System\PyUKJZZ.exe
  2⤵
  PID:4172
- C:\Windows\System\oMBztkW.exe
  C:\Windows\System\oMBztkW.exe
  2⤵
  PID:4236
- C:\Windows\System\TdPAWYg.exe
  C:\Windows\System\TdPAWYg.exe
  2⤵
  PID:5132
- C:\Windows\System\tLWQeGB.exe
  C:\Windows\System\tLWQeGB.exe
  2⤵
  PID:5148
- C:\Windows\System\VZKGSNG.exe
  C:\Windows\System\VZKGSNG.exe
  2⤵
  PID:5164
- C:\Windows\System\PtScLZq.exe
  C:\Windows\System\PtScLZq.exe
  2⤵
  PID:5180
- C:\Windows\System\AkxRflJ.exe
  C:\Windows\System\AkxRflJ.exe
  2⤵
  PID:5196
- C:\Windows\System\VHpiByK.exe
  C:\Windows\System\VHpiByK.exe
  2⤵
  PID:5212
- C:\Windows\System\pDyHYVT.exe
  C:\Windows\System\pDyHYVT.exe
  2⤵
  PID:5228
- C:\Windows\System\ramGqGo.exe
  C:\Windows\System\ramGqGo.exe
  2⤵
  PID:5244
- C:\Windows\System\TxNJTjg.exe
  C:\Windows\System\TxNJTjg.exe
  2⤵
  PID:5260
- C:\Windows\System\gDiopQs.exe
  C:\Windows\System\gDiopQs.exe
  2⤵
  PID:5276
- C:\Windows\System\UkBrBFY.exe
  C:\Windows\System\UkBrBFY.exe
  2⤵
  PID:5292
- C:\Windows\System\qnQiJPJ.exe
  C:\Windows\System\qnQiJPJ.exe
  2⤵
  PID:5308
- C:\Windows\System\kDmzDCn.exe
  C:\Windows\System\kDmzDCn.exe
  2⤵
  PID:5324
- C:\Windows\System\thPThtj.exe
  C:\Windows\System\thPThtj.exe
  2⤵
  PID:5340
- C:\Windows\System\hpWVagJ.exe
  C:\Windows\System\hpWVagJ.exe
  2⤵
  PID:5356
- C:\Windows\System\ZVCJiZA.exe
  C:\Windows\System\ZVCJiZA.exe
  2⤵
  PID:5372
- C:\Windows\System\JzeavId.exe
  C:\Windows\System\JzeavId.exe
  2⤵
  PID:5388
- C:\Windows\System\ciChWDW.exe
  C:\Windows\System\ciChWDW.exe
  2⤵
  PID:5404
- C:\Windows\System\CiohtrE.exe
  C:\Windows\System\CiohtrE.exe
  2⤵
  PID:5420
- C:\Windows\System\pkoMEmA.exe
  C:\Windows\System\pkoMEmA.exe
  2⤵
  PID:5436
- C:\Windows\System\ffsfeYU.exe
  C:\Windows\System\ffsfeYU.exe
  2⤵
  PID:5460
- C:\Windows\System\oFDJRcN.exe
  C:\Windows\System\oFDJRcN.exe
  2⤵
  PID:5484
- C:\Windows\System\hkfauYw.exe
  C:\Windows\System\hkfauYw.exe
  2⤵
  PID:5500
- C:\Windows\System\BePUWDY.exe
  C:\Windows\System\BePUWDY.exe
  2⤵
  PID:5516
- C:\Windows\System\wnHUxEO.exe
  C:\Windows\System\wnHUxEO.exe
  2⤵
  PID:5532
- C:\Windows\System\NZdqAwv.exe
  C:\Windows\System\NZdqAwv.exe
  2⤵
  PID:5548
- C:\Windows\System\tsmwaDd.exe
  C:\Windows\System\tsmwaDd.exe
  2⤵
  PID:5564
- C:\Windows\System\qrcDjRn.exe
  C:\Windows\System\qrcDjRn.exe
  2⤵
  PID:5580
- C:\Windows\System\QxwnHVU.exe
  C:\Windows\System\QxwnHVU.exe
  2⤵
  PID:5596
- C:\Windows\System\WpikAtu.exe
  C:\Windows\System\WpikAtu.exe
  2⤵
  PID:5620
- C:\Windows\System\Nfhqyrw.exe
  C:\Windows\System\Nfhqyrw.exe
  2⤵
  PID:5640
- C:\Windows\System\swDqtMo.exe
  C:\Windows\System\swDqtMo.exe
  2⤵
  PID:5660
- C:\Windows\System\axPpxhN.exe
  C:\Windows\System\axPpxhN.exe
  2⤵
  PID:5676
- C:\Windows\System\ZiGkZCY.exe
  C:\Windows\System\ZiGkZCY.exe
  2⤵
  PID:5696
- C:\Windows\System\CtzFVrj.exe
  C:\Windows\System\CtzFVrj.exe
  2⤵
  PID:5720
- C:\Windows\System\xdjplmG.exe
  C:\Windows\System\xdjplmG.exe
  2⤵
  PID:5736
- C:\Windows\System\DjeToBc.exe
  C:\Windows\System\DjeToBc.exe
  2⤵
  PID:5752
- C:\Windows\System\qzURXrS.exe
  C:\Windows\System\qzURXrS.exe
  2⤵
  PID:5768
- C:\Windows\System\HxtFIJk.exe
  C:\Windows\System\HxtFIJk.exe
  2⤵
  PID:5784
- C:\Windows\System\MYGjNNc.exe
  C:\Windows\System\MYGjNNc.exe
  2⤵
  PID:5800
- C:\Windows\System\TuaTIPQ.exe
  C:\Windows\System\TuaTIPQ.exe
  2⤵
  PID:5816
- C:\Windows\System\IweBjzD.exe
  C:\Windows\System\IweBjzD.exe
  2⤵
  PID:5832
- C:\Windows\System\pTSsQrd.exe
  C:\Windows\System\pTSsQrd.exe
  2⤵
  PID:5848
- C:\Windows\System\jbjNDeM.exe
  C:\Windows\System\jbjNDeM.exe
  2⤵
  PID:5864
- C:\Windows\System\WaQhupk.exe
  C:\Windows\System\WaQhupk.exe
  2⤵
  PID:5880
- C:\Windows\System\IvOMamB.exe
  C:\Windows\System\IvOMamB.exe
  2⤵
  PID:5908
- C:\Windows\System\taBtDuq.exe
  C:\Windows\System\taBtDuq.exe
  2⤵
  PID:5980
- C:\Windows\System\zfWpNvT.exe
  C:\Windows\System\zfWpNvT.exe
  2⤵
  PID:5996
- C:\Windows\System\wXOUuNq.exe
  C:\Windows\System\wXOUuNq.exe
  2⤵
  PID:6012
- C:\Windows\System\HsVDCCg.exe
  C:\Windows\System\HsVDCCg.exe
  2⤵
  PID:6028
- C:\Windows\System\URYNKcv.exe
  C:\Windows\System\URYNKcv.exe
  2⤵
  PID:6044
- C:\Windows\System\feHYemM.exe
  C:\Windows\System\feHYemM.exe
  2⤵
  PID:6060
- C:\Windows\System\jJzKGmM.exe
  C:\Windows\System\jJzKGmM.exe
  2⤵
  PID:6076
- C:\Windows\System\QygCpDW.exe
  C:\Windows\System\QygCpDW.exe
  2⤵
  PID:6092
- C:\Windows\System\qJhvDrP.exe
  C:\Windows\System\qJhvDrP.exe
  2⤵
  PID:6108
- C:\Windows\System\KjRcsZt.exe
  C:\Windows\System\KjRcsZt.exe
  2⤵
  PID:6124
- C:\Windows\System\nJsVmGh.exe
  C:\Windows\System\nJsVmGh.exe
  2⤵
  PID:6140
- C:\Windows\System\iTWPhbT.exe
  C:\Windows\System\iTWPhbT.exe
  2⤵
  PID:4596
- C:\Windows\System\QXvPxZT.exe
  C:\Windows\System\QXvPxZT.exe
  2⤵
  PID:5208
- C:\Windows\System\vNppvlL.exe
  C:\Windows\System\vNppvlL.exe
  2⤵
  PID:5240
- C:\Windows\System\CuOOTXD.exe
  C:\Windows\System\CuOOTXD.exe
  2⤵
  PID:5272
- C:\Windows\System\NOQyfFZ.exe
  C:\Windows\System\NOQyfFZ.exe
  2⤵
  PID:5124
- C:\Windows\System\EFwbLPM.exe
  C:\Windows\System\EFwbLPM.exe
  2⤵
  PID:5192
- C:\Windows\System\jTBrekA.exe
  C:\Windows\System\jTBrekA.exe
  2⤵
  PID:5364
- C:\Windows\System\TDwooFV.exe
  C:\Windows\System\TDwooFV.exe
  2⤵
  PID:5256
- C:\Windows\System\rPtuhhm.exe
  C:\Windows\System\rPtuhhm.exe
  2⤵
  PID:5320
- C:\Windows\System\lkiiZsU.exe
  C:\Windows\System\lkiiZsU.exe
  2⤵
  PID:5384
- C:\Windows\System\lpvwbPG.exe
  C:\Windows\System\lpvwbPG.exe
  2⤵
  PID:5456
- C:\Windows\System\oeOKyRp.exe
  C:\Windows\System\oeOKyRp.exe
  2⤵
  PID:5448
- C:\Windows\System\TakxpHa.exe
  C:\Windows\System\TakxpHa.exe
  2⤵
  PID:5476
- C:\Windows\System\MfDOqpi.exe
  C:\Windows\System\MfDOqpi.exe
  2⤵
  PID:5608
- C:\Windows\System\GUoWoxU.exe
  C:\Windows\System\GUoWoxU.exe
  2⤵
  PID:5652
- C:\Windows\System\rQbpHxy.exe
  C:\Windows\System\rQbpHxy.exe
  2⤵
  PID:5672
- C:\Windows\System\QSdCHWw.exe
  C:\Windows\System\QSdCHWw.exe
  2⤵
  PID:5704
- C:\Windows\System\UPJxJvw.exe
  C:\Windows\System\UPJxJvw.exe
  2⤵
  PID:5744
- C:\Windows\System\hNKJbgx.exe
  C:\Windows\System\hNKJbgx.exe
  2⤵
  PID:5760
- C:\Windows\System\zjFcWUM.exe
  C:\Windows\System\zjFcWUM.exe
  2⤵
  PID:5876
- C:\Windows\System\coHZMSD.exe
  C:\Windows\System\coHZMSD.exe
  2⤵
  PID:5796
- C:\Windows\System\xHFAyCS.exe
  C:\Windows\System\xHFAyCS.exe
  2⤵
  PID:5860
- C:\Windows\System\SOoyjDn.exe
  C:\Windows\System\SOoyjDn.exe
  2⤵
  PID:5896
- C:\Windows\System\hLyCzfg.exe
  C:\Windows\System\hLyCzfg.exe
  2⤵
  PID:5932
- C:\Windows\System\CfGeMHC.exe
  C:\Windows\System\CfGeMHC.exe
  2⤵
  PID:5944
- C:\Windows\System\yGXZyTk.exe
  C:\Windows\System\yGXZyTk.exe
  2⤵
  PID:5960
- C:\Windows\System\wCaWHjP.exe
  C:\Windows\System\wCaWHjP.exe
  2⤵
  PID:5976
- C:\Windows\System\pXzdWaF.exe
  C:\Windows\System\pXzdWaF.exe
  2⤵
  PID:6024
- C:\Windows\System\TIDzyKo.exe
  C:\Windows\System\TIDzyKo.exe
  2⤵
  PID:6056
- C:\Windows\System\MLQdHcG.exe
  C:\Windows\System\MLQdHcG.exe
  2⤵
  PID:6072
- C:\Windows\System\UhewkwU.exe
  C:\Windows\System\UhewkwU.exe
  2⤵
  PID:5088
- C:\Windows\System\vbLYaXM.exe
  C:\Windows\System\vbLYaXM.exe
  2⤵
  PID:5220
- C:\Windows\System\aWtYmwv.exe
  C:\Windows\System\aWtYmwv.exe
  2⤵
  PID:5188
- C:\Windows\System\sgljzjY.exe
  C:\Windows\System\sgljzjY.exe
  2⤵
  PID:6132
- C:\Windows\System\krNuHTN.exe
  C:\Windows\System\krNuHTN.exe
  2⤵
  PID:5144
- C:\Windows\System\cmoIuJs.exe
  C:\Windows\System\cmoIuJs.exe
  2⤵
  PID:5316
- C:\Windows\System\DNtFYXj.exe
  C:\Windows\System\DNtFYXj.exe
  2⤵
  PID:5352
- C:\Windows\System\WpGRVGR.exe
  C:\Windows\System\WpGRVGR.exe
  2⤵
  PID:5472
- C:\Windows\System\VsWyhTN.exe
  C:\Windows\System\VsWyhTN.exe
  2⤵
  PID:5508
- C:\Windows\System\jAewZMl.exe
  C:\Windows\System\jAewZMl.exe
  2⤵
  PID:5604
- C:\Windows\System\lcYifpV.exe
  C:\Windows\System\lcYifpV.exe
  2⤵
  PID:5524
- C:\Windows\System\qfvmBKO.exe
  C:\Windows\System\qfvmBKO.exe
  2⤵
  PID:5560
- C:\Windows\System\rksWxHO.exe
  C:\Windows\System\rksWxHO.exe
  2⤵
  PID:5632
- C:\Windows\System\VTCAyos.exe
  C:\Windows\System\VTCAyos.exe
  2⤵
  PID:1564
- C:\Windows\System\MDkPWnY.exe
  C:\Windows\System\MDkPWnY.exe
  2⤵
  PID:5812
- C:\Windows\System\YHIpxom.exe
  C:\Windows\System\YHIpxom.exe
  2⤵
  PID:5684
- C:\Windows\System\XelGIAp.exe
  C:\Windows\System\XelGIAp.exe
  2⤵
  PID:5844
- C:\Windows\System\jgfcQVy.exe
  C:\Windows\System\jgfcQVy.exe
  2⤵
  PID:5828
- C:\Windows\System\AIdxmmo.exe
  C:\Windows\System\AIdxmmo.exe
  2⤵
  PID:5968
- C:\Windows\System\NyzaifR.exe
  C:\Windows\System\NyzaifR.exe
  2⤵
  PID:6088
- C:\Windows\System\jOySPwG.exe
  C:\Windows\System\jOySPwG.exe
  2⤵
  PID:5956
- C:\Windows\System\BCQVXUm.exe
  C:\Windows\System\BCQVXUm.exe
  2⤵
  PID:6068
- C:\Windows\System\qlKgVTZ.exe
  C:\Windows\System\qlKgVTZ.exe
  2⤵
  PID:5004
- C:\Windows\System\JHtywNR.exe
  C:\Windows\System\JHtywNR.exe
  2⤵
  PID:5252
- C:\Windows\System\GCXXhQq.exe
  C:\Windows\System\GCXXhQq.exe
  2⤵
  PID:4420
- C:\Windows\System\obFQMOI.exe
  C:\Windows\System\obFQMOI.exe
  2⤵
  PID:5576
- C:\Windows\System\rCzBThA.exe
  C:\Windows\System\rCzBThA.exe
  2⤵
  PID:5872
- C:\Windows\System\WYzJnvv.exe
  C:\Windows\System\WYzJnvv.exe
  2⤵
  PID:5592
- C:\Windows\System\xfEXOWU.exe
  C:\Windows\System\xfEXOWU.exe
  2⤵
  PID:5556
- C:\Windows\System\TXVVtjx.exe
  C:\Windows\System\TXVVtjx.exe
  2⤵
  PID:5936
- C:\Windows\System\QSqDviI.exe
  C:\Windows\System\QSqDviI.exe
  2⤵
  PID:6120
- C:\Windows\System\rWpqyid.exe
  C:\Windows\System\rWpqyid.exe
  2⤵
  PID:5916
- C:\Windows\System\qWAXbji.exe
  C:\Windows\System\qWAXbji.exe
  2⤵
  PID:5336
- C:\Windows\System\BEEujMM.exe
  C:\Windows\System\BEEujMM.exe
  2⤵
  PID:5692
- C:\Windows\System\zauPsww.exe
  C:\Windows\System\zauPsww.exe
  2⤵
  PID:5496
- C:\Windows\System\oYwFBbk.exe
  C:\Windows\System\oYwFBbk.exe
  2⤵
  PID:5636
- C:\Windows\System\nBcvZZE.exe
  C:\Windows\System\nBcvZZE.exe
  2⤵
  PID:5888
- C:\Windows\System\qXTmMnR.exe
  C:\Windows\System\qXTmMnR.exe
  2⤵
  PID:6152
- C:\Windows\System\VwXVzbQ.exe
  C:\Windows\System\VwXVzbQ.exe
  2⤵
  PID:6168
- C:\Windows\System\pbOAAYH.exe
  C:\Windows\System\pbOAAYH.exe
  2⤵
  PID:6184
- C:\Windows\System\iNWLFRB.exe
  C:\Windows\System\iNWLFRB.exe
  2⤵
  PID:6200
- C:\Windows\System\EzAyFxn.exe
  C:\Windows\System\EzAyFxn.exe
  2⤵
  PID:6216
- C:\Windows\System\pAhsbby.exe
  C:\Windows\System\pAhsbby.exe
  2⤵
  PID:6252
- C:\Windows\System\YuahxzA.exe
  C:\Windows\System\YuahxzA.exe
  2⤵
  PID:6280
- C:\Windows\System\OWTXkgT.exe
  C:\Windows\System\OWTXkgT.exe
  2⤵
  PID:6332
- C:\Windows\System\EUNEjCs.exe
  C:\Windows\System\EUNEjCs.exe
  2⤵
  PID:6372
- C:\Windows\System\OjyqFRO.exe
  C:\Windows\System\OjyqFRO.exe
  2⤵
  PID:6396
- C:\Windows\System\zKhiprw.exe
  C:\Windows\System\zKhiprw.exe
  2⤵
  PID:6412
- C:\Windows\System\ZiXnlCv.exe
  C:\Windows\System\ZiXnlCv.exe
  2⤵
  PID:6428
- C:\Windows\System\qJYgDaE.exe
  C:\Windows\System\qJYgDaE.exe
  2⤵
  PID:6444
- C:\Windows\System\cRxEETL.exe
  C:\Windows\System\cRxEETL.exe
  2⤵
  PID:6460
- C:\Windows\System\OzYfkRO.exe
  C:\Windows\System\OzYfkRO.exe
  2⤵
  PID:6476
- C:\Windows\System\yVSFtvS.exe
  C:\Windows\System\yVSFtvS.exe
  2⤵
  PID:6492
- C:\Windows\System\GvdCIkc.exe
  C:\Windows\System\GvdCIkc.exe
  2⤵
  PID:6508
- C:\Windows\System\hUexHnI.exe
  C:\Windows\System\hUexHnI.exe
  2⤵
  PID:6524
- C:\Windows\System\psmHstm.exe
  C:\Windows\System\psmHstm.exe
  2⤵
  PID:6544
- C:\Windows\System\amfgDuB.exe
  C:\Windows\System\amfgDuB.exe
  2⤵
  PID:6632
- C:\Windows\System\eAOFCSJ.exe
  C:\Windows\System\eAOFCSJ.exe
  2⤵
  PID:6668
- C:\Windows\System\ZTaHJFV.exe
  C:\Windows\System\ZTaHJFV.exe
  2⤵
  PID:6684
- C:\Windows\System\zfOzSiE.exe
  C:\Windows\System\zfOzSiE.exe
  2⤵
  PID:6700
- C:\Windows\System\VGOSqzL.exe
  C:\Windows\System\VGOSqzL.exe
  2⤵
  PID:6716
- C:\Windows\System\LnYJoGh.exe
  C:\Windows\System\LnYJoGh.exe
  2⤵
  PID:6732
- C:\Windows\System\QMzTKjJ.exe
  C:\Windows\System\QMzTKjJ.exe
  2⤵
  PID:6748
- C:\Windows\System\zqXURWT.exe
  C:\Windows\System\zqXURWT.exe
  2⤵
  PID:6768
- C:\Windows\System\wwzWEGn.exe
  C:\Windows\System\wwzWEGn.exe
  2⤵
  PID:6788
- C:\Windows\System\xYDWDis.exe
  C:\Windows\System\xYDWDis.exe
  2⤵
  PID:6804
- C:\Windows\System\fpmbSiW.exe
  C:\Windows\System\fpmbSiW.exe
  2⤵
  PID:6824
- C:\Windows\System\VGUVZHg.exe
  C:\Windows\System\VGUVZHg.exe
  2⤵
  PID:6840
- C:\Windows\System\YMZvoEM.exe
  C:\Windows\System\YMZvoEM.exe
  2⤵
  PID:6856
- C:\Windows\System\UPdPwmo.exe
  C:\Windows\System\UPdPwmo.exe
  2⤵
  PID:6872
- C:\Windows\System\jNsNYRG.exe
  C:\Windows\System\jNsNYRG.exe
  2⤵
  PID:6888
- C:\Windows\System\bPscbzS.exe
  C:\Windows\System\bPscbzS.exe
  2⤵
  PID:6904
- C:\Windows\System\ZJBLLjW.exe
  C:\Windows\System\ZJBLLjW.exe
  2⤵
  PID:6920
- C:\Windows\System\uZrJlCZ.exe
  C:\Windows\System\uZrJlCZ.exe
  2⤵
  PID:6940
- C:\Windows\System\xiKNwtx.exe
  C:\Windows\System\xiKNwtx.exe
  2⤵
  PID:6956
- C:\Windows\System\EHmSNcm.exe
  C:\Windows\System\EHmSNcm.exe
  2⤵
  PID:6972
- C:\Windows\System\WkDamgs.exe
  C:\Windows\System\WkDamgs.exe
  2⤵
  PID:6992
- C:\Windows\System\HTnPmgb.exe
  C:\Windows\System\HTnPmgb.exe
  2⤵
  PID:7008
- C:\Windows\System\INksUaf.exe
  C:\Windows\System\INksUaf.exe
  2⤵
  PID:7024
- C:\Windows\System\qoNtUpc.exe
  C:\Windows\System\qoNtUpc.exe
  2⤵
  PID:7044
- C:\Windows\System\OoQaeOa.exe
  C:\Windows\System\OoQaeOa.exe
  2⤵
  PID:7060
- C:\Windows\System\pUsUged.exe
  C:\Windows\System\pUsUged.exe
  2⤵
  PID:7076
- C:\Windows\System\kmWWsUF.exe
  C:\Windows\System\kmWWsUF.exe
  2⤵
  PID:7092
- C:\Windows\System\ssvrIHN.exe
  C:\Windows\System\ssvrIHN.exe
  2⤵
  PID:7108
- C:\Windows\System\VjcyPmi.exe
  C:\Windows\System\VjcyPmi.exe
  2⤵
  PID:7124
- C:\Windows\System\FqsRmRA.exe
  C:\Windows\System\FqsRmRA.exe
  2⤵
  PID:7140
- C:\Windows\System\pkptpML.exe
  C:\Windows\System\pkptpML.exe
  2⤵
  PID:7156
- C:\Windows\System\FIzzHmL.exe
  C:\Windows\System\FIzzHmL.exe
  2⤵
  PID:6136
- C:\Windows\System\wMARQaX.exe
  C:\Windows\System\wMARQaX.exe
  2⤵
  PID:6100
- C:\Windows\System\SdqeqeH.exe
  C:\Windows\System\SdqeqeH.exe
  2⤵
  PID:6192
- C:\Windows\System\HACiSGm.exe
  C:\Windows\System\HACiSGm.exe
  2⤵
  PID:6228
- C:\Windows\System\vYBFsHg.exe
  C:\Windows\System\vYBFsHg.exe
  2⤵
  PID:5156
- C:\Windows\System\RSQxBSV.exe
  C:\Windows\System\RSQxBSV.exe
  2⤵
  PID:6236
- C:\Windows\System\XgIIGiV.exe
  C:\Windows\System\XgIIGiV.exe
  2⤵
  PID:6244
- C:\Windows\System\aXTaCBD.exe
  C:\Windows\System\aXTaCBD.exe
  2⤵
  PID:6180
- C:\Windows\System\lfuyszm.exe
  C:\Windows\System\lfuyszm.exe
  2⤵
  PID:6268
- C:\Windows\System\mplHUdy.exe
  C:\Windows\System\mplHUdy.exe
  2⤵
  PID:6292
- C:\Windows\System\iAMBMrU.exe
  C:\Windows\System\iAMBMrU.exe
  2⤵
  PID:6308
- C:\Windows\System\EGcAhOl.exe
  C:\Windows\System\EGcAhOl.exe
  2⤵
  PID:6324
- C:\Windows\System\TqIGJxD.exe
  C:\Windows\System\TqIGJxD.exe
  2⤵
  PID:6348
- C:\Windows\System\EziXLVG.exe
  C:\Windows\System\EziXLVG.exe
  2⤵
  PID:6360
- C:\Windows\System\SfIeKKa.exe
  C:\Windows\System\SfIeKKa.exe
  2⤵
  PID:6384
- C:\Windows\System\MEAinhz.exe
  C:\Windows\System\MEAinhz.exe
  2⤵
  PID:6456
- C:\Windows\System\vsxtOxF.exe
  C:\Windows\System\vsxtOxF.exe
  2⤵
  PID:6452
- C:\Windows\System\ovHAPsV.exe
  C:\Windows\System\ovHAPsV.exe
  2⤵
  PID:6488
- C:\Windows\System\QBXSTtP.exe
  C:\Windows\System\QBXSTtP.exe
  2⤵
  PID:6504
- C:\Windows\System\QrGvPeJ.exe
  C:\Windows\System\QrGvPeJ.exe
  2⤵
  PID:6540
- C:\Windows\System\BZxmglk.exe
  C:\Windows\System\BZxmglk.exe
  2⤵
  PID:6560
- C:\Windows\System\kmCYsJV.exe
  C:\Windows\System\kmCYsJV.exe
  2⤵
  PID:6584
- C:\Windows\System\sJAHjdz.exe
  C:\Windows\System\sJAHjdz.exe
  2⤵
  PID:6600
- C:\Windows\System\TGnKOek.exe
  C:\Windows\System\TGnKOek.exe
  2⤵
  PID:6616
- C:\Windows\System\vlcaYKa.exe
  C:\Windows\System\vlcaYKa.exe
  2⤵
  PID:6640
- C:\Windows\System\kPzhokV.exe
  C:\Windows\System\kPzhokV.exe
  2⤵
  PID:6656
- C:\Windows\System\jTspHEg.exe
  C:\Windows\System\jTspHEg.exe
  2⤵
  PID:6696
- C:\Windows\System\sLCDrha.exe
  C:\Windows\System\sLCDrha.exe
  2⤵
  PID:6740
- C:\Windows\System\tZqGMex.exe
  C:\Windows\System\tZqGMex.exe
  2⤵
  PID:6728
- C:\Windows\System\tDSRozY.exe
  C:\Windows\System\tDSRozY.exe
  2⤵
  PID:6776
- C:\Windows\System\JCOZMtL.exe
  C:\Windows\System\JCOZMtL.exe
  2⤵
  PID:6816
- C:\Windows\System\cuBYWwj.exe
  C:\Windows\System\cuBYWwj.exe
  2⤵
  PID:6832
- C:\Windows\System\GoojYPm.exe
  C:\Windows\System\GoojYPm.exe
  2⤵
  PID:6852
- C:\Windows\System\PzXWdvu.exe
  C:\Windows\System\PzXWdvu.exe
  2⤵
  PID:6916
- C:\Windows\System\NTlSecS.exe
  C:\Windows\System\NTlSecS.exe
  2⤵
  PID:6900
- C:\Windows\System\jKUhzAH.exe
  C:\Windows\System\jKUhzAH.exe
  2⤵
  PID:6964
- C:\Windows\System\mbngLNm.exe
  C:\Windows\System\mbngLNm.exe
  2⤵
  PID:6980
- C:\Windows\System\wYiNunV.exe
  C:\Windows\System\wYiNunV.exe
  2⤵
  PID:7068
- C:\Windows\System\haOcgHU.exe
  C:\Windows\System\haOcgHU.exe
  2⤵
  PID:7132
- C:\Windows\System\KahtXoL.exe
  C:\Windows\System\KahtXoL.exe
  2⤵
  PID:6988
- C:\Windows\System\bJCnGuw.exe
  C:\Windows\System\bJCnGuw.exe
  2⤵
  PID:7056
- C:\Windows\System\cmAwLJY.exe
  C:\Windows\System\cmAwLJY.exe
  2⤵
  PID:7120
- C:\Windows\System\YbCHwAt.exe
  C:\Windows\System\YbCHwAt.exe
  2⤵
  PID:4144
- C:\Windows\System\MVEGhlo.exe
  C:\Windows\System\MVEGhlo.exe
  2⤵
  PID:6304
- C:\Windows\System\VdtdPKh.exe
  C:\Windows\System\VdtdPKh.exe
  2⤵
  PID:6208
- C:\Windows\System\DzdLwSx.exe
  C:\Windows\System\DzdLwSx.exe
  2⤵
  PID:6288
- C:\Windows\System\FYgxvxD.exe
  C:\Windows\System\FYgxvxD.exe
  2⤵
  PID:6420
- C:\Windows\System\UQlssGS.exe
  C:\Windows\System\UQlssGS.exe
  2⤵
  PID:6368
- C:\Windows\System\AwvsKql.exe
  C:\Windows\System\AwvsKql.exe
  2⤵
  PID:6552
- C:\Windows\System\SVpEssy.exe
  C:\Windows\System\SVpEssy.exe
  2⤵
  PID:6572
- C:\Windows\System\DvkBZQL.exe
  C:\Windows\System\DvkBZQL.exe
  2⤵
  PID:6596
- C:\Windows\System\RQugPzI.exe
  C:\Windows\System\RQugPzI.exe
  2⤵
  PID:6652
- C:\Windows\System\cRtdwWD.exe
  C:\Windows\System\cRtdwWD.exe
  2⤵
  PID:6692
- C:\Windows\System\IKaZnRz.exe
  C:\Windows\System\IKaZnRz.exe
  2⤵
  PID:6708
- C:\Windows\System\haBqFyN.exe
  C:\Windows\System\haBqFyN.exe
  2⤵
  PID:6800
- C:\Windows\System\jIuDfdT.exe
  C:\Windows\System\jIuDfdT.exe
  2⤵
  PID:6848
- C:\Windows\System\nsOORrp.exe
  C:\Windows\System\nsOORrp.exe
  2⤵
  PID:6952
- C:\Windows\System\ZNlKyJJ.exe
  C:\Windows\System\ZNlKyJJ.exe
  2⤵
  PID:6008
- C:\Windows\System\ZFISMrd.exe
  C:\Windows\System\ZFISMrd.exe
  2⤵
  PID:6300
- C:\Windows\System\YEHAISp.exe
  C:\Windows\System\YEHAISp.exe
  2⤵
  PID:5780
- C:\Windows\System\BOruuST.exe
  C:\Windows\System\BOruuST.exe
  2⤵
  PID:6520
- C:\Windows\System\BVtJvzW.exe
  C:\Windows\System\BVtJvzW.exe
  2⤵
  PID:6724
- C:\Windows\System\UFSqDHk.exe
  C:\Windows\System\UFSqDHk.exe
  2⤵
  PID:6884
- C:\Windows\System\fpvikYe.exe
  C:\Windows\System\fpvikYe.exe
  2⤵
  PID:7104
- C:\Windows\System\GgZxwYA.exe
  C:\Windows\System\GgZxwYA.exe
  2⤵
  PID:6260
- C:\Windows\System\zSbzBiY.exe
  C:\Windows\System\zSbzBiY.exe
  2⤵
  PID:6356
- C:\Windows\System\nJimsyv.exe
  C:\Windows\System\nJimsyv.exe
  2⤵
  PID:6568
- C:\Windows\System\smGZQUE.exe
  C:\Windows\System\smGZQUE.exe
  2⤵
  PID:6664
- C:\Windows\System\lGGrtaf.exe
  C:\Windows\System\lGGrtaf.exe
  2⤵
  PID:6224
- C:\Windows\System\ffMFdJT.exe
  C:\Windows\System\ffMFdJT.exe
  2⤵
  PID:7164
- C:\Windows\System\IBNxVaD.exe
  C:\Windows\System\IBNxVaD.exe
  2⤵
  PID:6276
- C:\Windows\System\iWTgRAM.exe
  C:\Windows\System\iWTgRAM.exe
  2⤵
  PID:5928
- C:\Windows\System\iMHRjSV.exe
  C:\Windows\System\iMHRjSV.exe
  2⤵
  PID:6380
- C:\Windows\System\OrTQAet.exe
  C:\Windows\System\OrTQAet.exe
  2⤵
  PID:6760
- C:\Windows\System\IxyPlZe.exe
  C:\Windows\System\IxyPlZe.exe
  2⤵
  PID:6344
- C:\Windows\System\BhrqdrB.exe
  C:\Windows\System\BhrqdrB.exe
  2⤵
  PID:6148
- C:\Windows\System\rSvyBeu.exe
  C:\Windows\System\rSvyBeu.exe
  2⤵
  PID:6648
- C:\Windows\System\MzTDykN.exe
  C:\Windows\System\MzTDykN.exe
  2⤵
  PID:6500
- C:\Windows\System\fEbDHJb.exe
  C:\Windows\System\fEbDHJb.exe
  2⤵
  PID:5288
- C:\Windows\System\MdxmoCT.exe
  C:\Windows\System\MdxmoCT.exe
  2⤵
  PID:6628
- C:\Windows\System\wCEILZC.exe
  C:\Windows\System\wCEILZC.exe
  2⤵
  PID:6612
- C:\Windows\System\nBGWuIN.exe
  C:\Windows\System\nBGWuIN.exe
  2⤵
  PID:6392
- C:\Windows\System\jIVRBBD.exe
  C:\Windows\System\jIVRBBD.exe
  2⤵
  PID:7180
- C:\Windows\System\andTRDc.exe
  C:\Windows\System\andTRDc.exe
  2⤵
  PID:7196
- C:\Windows\System\wdDaovy.exe
  C:\Windows\System\wdDaovy.exe
  2⤵
  PID:7212
- C:\Windows\System\NygMpxZ.exe
  C:\Windows\System\NygMpxZ.exe
  2⤵
  PID:7228
- C:\Windows\System\wmRWRGY.exe
  C:\Windows\System\wmRWRGY.exe
  2⤵
  PID:7244
- C:\Windows\System\XKOtXmq.exe
  C:\Windows\System\XKOtXmq.exe
  2⤵
  PID:7260
- C:\Windows\System\LHoHInG.exe
  C:\Windows\System\LHoHInG.exe
  2⤵
  PID:7276
- C:\Windows\System\rgdMREC.exe
  C:\Windows\System\rgdMREC.exe
  2⤵
  PID:7292
- C:\Windows\System\joTdbxF.exe
  C:\Windows\System\joTdbxF.exe
  2⤵
  PID:7308
- C:\Windows\System\cNonsYj.exe
  C:\Windows\System\cNonsYj.exe
  2⤵
  PID:7324
- C:\Windows\System\fMTJJjZ.exe
  C:\Windows\System\fMTJJjZ.exe
  2⤵
  PID:7340
- C:\Windows\System\WaxnamI.exe
  C:\Windows\System\WaxnamI.exe
  2⤵
  PID:7356
- C:\Windows\System\JFIgOMa.exe
  C:\Windows\System\JFIgOMa.exe
  2⤵
  PID:7372
- C:\Windows\System\gyCyaQi.exe
  C:\Windows\System\gyCyaQi.exe
  2⤵
  PID:7388
- C:\Windows\System\uYXLyWB.exe
  C:\Windows\System\uYXLyWB.exe
  2⤵
  PID:7404
- C:\Windows\System\sOQZhCW.exe
  C:\Windows\System\sOQZhCW.exe
  2⤵
  PID:7420
- C:\Windows\System\DDeCKZp.exe
  C:\Windows\System\DDeCKZp.exe
  2⤵
  PID:7436
- C:\Windows\System\BCGskZE.exe
  C:\Windows\System\BCGskZE.exe
  2⤵
  PID:7452
- C:\Windows\System\gIQzAoF.exe
  C:\Windows\System\gIQzAoF.exe
  2⤵
  PID:7468
- C:\Windows\System\JLdKiqk.exe
  C:\Windows\System\JLdKiqk.exe
  2⤵
  PID:7484
- C:\Windows\System\PFNJmWv.exe
  C:\Windows\System\PFNJmWv.exe
  2⤵
  PID:7500
- C:\Windows\System\jlLefoW.exe
  C:\Windows\System\jlLefoW.exe
  2⤵
  PID:7516
- C:\Windows\System\rjaoAbn.exe
  C:\Windows\System\rjaoAbn.exe
  2⤵
  PID:7532
- C:\Windows\System\wEjXLqN.exe
  C:\Windows\System\wEjXLqN.exe
  2⤵
  PID:7548
- C:\Windows\System\aDYqmOH.exe
  C:\Windows\System\aDYqmOH.exe
  2⤵
  PID:7564
- C:\Windows\System\BkQmlyW.exe
  C:\Windows\System\BkQmlyW.exe
  2⤵
  PID:7580
- C:\Windows\System\SWGpSxT.exe
  C:\Windows\System\SWGpSxT.exe
  2⤵
  PID:7596
- C:\Windows\System\zcPeYPi.exe
  C:\Windows\System\zcPeYPi.exe
  2⤵
  PID:7612
- C:\Windows\System\FIjoJuh.exe
  C:\Windows\System\FIjoJuh.exe
  2⤵
  PID:7628
- C:\Windows\System\rYNRJgn.exe
  C:\Windows\System\rYNRJgn.exe
  2⤵
  PID:7644
- C:\Windows\System\OVEssWz.exe
  C:\Windows\System\OVEssWz.exe
  2⤵
  PID:7660
- C:\Windows\System\nNzKWDZ.exe
  C:\Windows\System\nNzKWDZ.exe
  2⤵
  PID:7676
- C:\Windows\System\ifrzBVm.exe
  C:\Windows\System\ifrzBVm.exe
  2⤵
  PID:7692
- C:\Windows\System\iBnwwuW.exe
  C:\Windows\System\iBnwwuW.exe
  2⤵
  PID:7708
- C:\Windows\System\eQeysAt.exe
  C:\Windows\System\eQeysAt.exe
  2⤵
  PID:7724
- C:\Windows\System\TmMSbtj.exe
  C:\Windows\System\TmMSbtj.exe
  2⤵
  PID:7740
- C:\Windows\System\LBYRGlW.exe
  C:\Windows\System\LBYRGlW.exe
  2⤵
  PID:7756
- C:\Windows\System\rJwFpjB.exe
  C:\Windows\System\rJwFpjB.exe
  2⤵
  PID:7772
- C:\Windows\System\ZdxbsbR.exe
  C:\Windows\System\ZdxbsbR.exe
  2⤵
  PID:7788
- C:\Windows\System\kyrHYdA.exe
  C:\Windows\System\kyrHYdA.exe
  2⤵
  PID:7804
- C:\Windows\System\XIaoBYm.exe
  C:\Windows\System\XIaoBYm.exe
  2⤵
  PID:7820
- C:\Windows\System\siCKyTw.exe
  C:\Windows\System\siCKyTw.exe
  2⤵
  PID:7836
- C:\Windows\System\kDxYMhl.exe
  C:\Windows\System\kDxYMhl.exe
  2⤵
  PID:7852
- C:\Windows\System\jVKKoIQ.exe
  C:\Windows\System\jVKKoIQ.exe
  2⤵
  PID:7868
- C:\Windows\System\IQQTKfE.exe
  C:\Windows\System\IQQTKfE.exe
  2⤵
  PID:7884
- C:\Windows\System\jvgJTsv.exe
  C:\Windows\System\jvgJTsv.exe
  2⤵
  PID:7900
- C:\Windows\System\ukdMLIc.exe
  C:\Windows\System\ukdMLIc.exe
  2⤵
  PID:7916
- C:\Windows\System\ecjSonI.exe
  C:\Windows\System\ecjSonI.exe
  2⤵
  PID:7932
- C:\Windows\System\SySlCVs.exe
  C:\Windows\System\SySlCVs.exe
  2⤵
  PID:7948
- C:\Windows\System\gnLUfoN.exe
  C:\Windows\System\gnLUfoN.exe
  2⤵
  PID:7964
- C:\Windows\System\OOCgSxm.exe
  C:\Windows\System\OOCgSxm.exe
  2⤵
  PID:7980
- C:\Windows\System\nJWMdEC.exe
  C:\Windows\System\nJWMdEC.exe
  2⤵
  PID:7996
- C:\Windows\System\QGaJvgV.exe
  C:\Windows\System\QGaJvgV.exe
  2⤵
  PID:8012
- C:\Windows\System\oKaJvOx.exe
  C:\Windows\System\oKaJvOx.exe
  2⤵
  PID:8028
- C:\Windows\System\gsGutms.exe
  C:\Windows\System\gsGutms.exe
  2⤵
  PID:8044
- C:\Windows\System\zZDNFUE.exe
  C:\Windows\System\zZDNFUE.exe
  2⤵
  PID:8060
- C:\Windows\System\pNEcuyk.exe
  C:\Windows\System\pNEcuyk.exe
  2⤵
  PID:8076
- C:\Windows\System\zEXcSBQ.exe
  C:\Windows\System\zEXcSBQ.exe
  2⤵
  PID:8092
- C:\Windows\System\GkChpTf.exe
  C:\Windows\System\GkChpTf.exe
  2⤵
  PID:8108
- C:\Windows\System\ZRHZkDZ.exe
  C:\Windows\System\ZRHZkDZ.exe
  2⤵
  PID:8124
- C:\Windows\System\TXjtiey.exe
  C:\Windows\System\TXjtiey.exe
  2⤵
  PID:8140
- C:\Windows\System\qUZRcrw.exe
  C:\Windows\System\qUZRcrw.exe
  2⤵
  PID:8156
- C:\Windows\System\GSBWKWa.exe
  C:\Windows\System\GSBWKWa.exe
  2⤵
  PID:8172
- C:\Windows\System\ermIkuv.exe
  C:\Windows\System\ermIkuv.exe
  2⤵
  PID:8188
- C:\Windows\System\ntqXjRM.exe
  C:\Windows\System\ntqXjRM.exe
  2⤵
  PID:7188
- C:\Windows\System\xKIbNlR.exe
  C:\Windows\System\xKIbNlR.exe
  2⤵
  PID:7176
- C:\Windows\System\BrkRUZR.exe
  C:\Windows\System\BrkRUZR.exe
  2⤵
  PID:7224
- C:\Windows\System\nNJbORt.exe
  C:\Windows\System\nNJbORt.exe
  2⤵
  PID:7284
- C:\Windows\System\FmLCUQh.exe
  C:\Windows\System\FmLCUQh.exe
  2⤵
  PID:7268
- C:\Windows\System\cseyPqS.exe
  C:\Windows\System\cseyPqS.exe
  2⤵
  PID:7320
- C:\Windows\System\zhRZqCC.exe
  C:\Windows\System\zhRZqCC.exe
  2⤵
  PID:7332
- C:\Windows\System\mRXXstr.exe
  C:\Windows\System\mRXXstr.exe
  2⤵
  PID:7400
- C:\Windows\System\IFJjwVb.exe
  C:\Windows\System\IFJjwVb.exe
  2⤵
  PID:7412
- C:\Windows\System\AfcwLKc.exe
  C:\Windows\System\AfcwLKc.exe
  2⤵
  PID:7476
- C:\Windows\System\wpPiJAq.exe
  C:\Windows\System\wpPiJAq.exe
  2⤵
  PID:7508
- C:\Windows\System\JrnXthM.exe
  C:\Windows\System\JrnXthM.exe
  2⤵
  PID:7492
- C:\Windows\System\IITvbJf.exe
  C:\Windows\System\IITvbJf.exe
  2⤵
  PID:7556
- C:\Windows\System\QLXmVcz.exe
  C:\Windows\System\QLXmVcz.exe
  2⤵
  PID:7608
- C:\Windows\System\jYPQnGf.exe
  C:\Windows\System\jYPQnGf.exe
  2⤵
  PID:7732
- C:\Windows\System\NanEHCR.exe
  C:\Windows\System\NanEHCR.exe
  2⤵
  PID:7736
- C:\Windows\System\nCHgaqh.exe
  C:\Windows\System\nCHgaqh.exe
  2⤵
  PID:7720
- C:\Windows\System\ctejucl.exe
  C:\Windows\System\ctejucl.exe
  2⤵
  PID:7656
- C:\Windows\System\PeUWhnV.exe
  C:\Windows\System\PeUWhnV.exe
  2⤵
  PID:7684
- C:\Windows\System\gwHHKVf.exe
  C:\Windows\System\gwHHKVf.exe
  2⤵
  PID:7796
- C:\Windows\System\pPNaqnU.exe
  C:\Windows\System\pPNaqnU.exe
  2⤵
  PID:7892
- C:\Windows\System\vjwioNW.exe
  C:\Windows\System\vjwioNW.exe
  2⤵
  PID:7940
- C:\Windows\System\nBABVGJ.exe
  C:\Windows\System\nBABVGJ.exe
  2⤵
  PID:7812
- C:\Windows\System\xiXuiVh.exe
  C:\Windows\System\xiXuiVh.exe
  2⤵
  PID:7876
- C:\Windows\System\aZVoXjy.exe
  C:\Windows\System\aZVoXjy.exe
  2⤵
  PID:7960
- C:\Windows\System\KCRncha.exe
  C:\Windows\System\KCRncha.exe
  2⤵
  PID:8056
- C:\Windows\System\mpmussL.exe
  C:\Windows\System\mpmussL.exe
  2⤵
  PID:8088
- C:\Windows\System\qaxXdfd.exe
  C:\Windows\System\qaxXdfd.exe
  2⤵
  PID:8120
- C:\Windows\System\SHEAhAy.exe
  C:\Windows\System\SHEAhAy.exe
  2⤵
  PID:8072
- C:\Windows\System\JypBFQJ.exe
  C:\Windows\System\JypBFQJ.exe
  2⤵
  PID:8148
- C:\Windows\System\wyJiIMd.exe
  C:\Windows\System\wyJiIMd.exe
  2⤵
  PID:8184
- C:\Windows\System\IMNhrsn.exe
  C:\Windows\System\IMNhrsn.exe
  2⤵
  PID:8164
- C:\Windows\System\IJWdtLi.exe
  C:\Windows\System\IJWdtLi.exe
  2⤵
  PID:7220
- C:\Windows\System\OmdEbvr.exe
  C:\Windows\System\OmdEbvr.exe
  2⤵
  PID:7368
- C:\Windows\System\qpvuwhp.exe
  C:\Windows\System\qpvuwhp.exe
  2⤵
  PID:7240
- C:\Windows\System\pnIGUpI.exe
  C:\Windows\System\pnIGUpI.exe
  2⤵
  PID:7432
- C:\Windows\System\FjNehKG.exe
  C:\Windows\System\FjNehKG.exe
  2⤵
  PID:7480
- C:\Windows\System\WkIhMFz.exe
  C:\Windows\System\WkIhMFz.exe
  2⤵
  PID:7604
- C:\Windows\System\TVtNNgh.exe
  C:\Windows\System\TVtNNgh.exe
  2⤵
  PID:7524
- C:\Windows\System\XqKcQfO.exe
  C:\Windows\System\XqKcQfO.exe
  2⤵
  PID:7752
- C:\Windows\System\QUAzpUh.exe
  C:\Windows\System\QUAzpUh.exe
  2⤵
  PID:7592
- C:\Windows\System\ZYyROZz.exe
  C:\Windows\System\ZYyROZz.exe
  2⤵
  PID:7832
- C:\Windows\System\VIfQCYN.exe
  C:\Windows\System\VIfQCYN.exe
  2⤵
  PID:7816
- C:\Windows\System\QTtOhEb.exe
  C:\Windows\System\QTtOhEb.exe
  2⤵
  PID:7880
- C:\Windows\System\zaIJYJT.exe
  C:\Windows\System\zaIJYJT.exe
  2⤵
  PID:7972
- C:\Windows\System\BXQivAk.exe
  C:\Windows\System\BXQivAk.exe
  2⤵
  PID:8132
- C:\Windows\System\jAybtFI.exe
  C:\Windows\System\jAybtFI.exe
  2⤵
  PID:8008
- C:\Windows\System\thwixLX.exe
  C:\Windows\System\thwixLX.exe
  2⤵
  PID:7300
- C:\Windows\System\nJIjgYW.exe
  C:\Windows\System\nJIjgYW.exe
  2⤵
  PID:7236
- C:\Windows\System\hzmnNFB.exe
  C:\Windows\System\hzmnNFB.exe
  2⤵
  PID:7576
- C:\Windows\System\kcxAfPL.exe
  C:\Windows\System\kcxAfPL.exe
  2⤵
  PID:7384
- C:\Windows\System\NcwKRnf.exe
  C:\Windows\System\NcwKRnf.exe
  2⤵
  PID:7704
- C:\Windows\System\sOZryXf.exe
  C:\Windows\System\sOZryXf.exe
  2⤵
  PID:7828
- C:\Windows\System\QsVAaYA.exe
  C:\Windows\System\QsVAaYA.exe
  2⤵
  PID:8020
- C:\Windows\System\usPPJUG.exe
  C:\Windows\System\usPPJUG.exe
  2⤵
  PID:7944
- C:\Windows\System\viPKtDe.exe
  C:\Windows\System\viPKtDe.exe
  2⤵
  PID:8040
- C:\Windows\System\QhEHgsw.exe
  C:\Windows\System\QhEHgsw.exe
  2⤵
  PID:7640
- C:\Windows\System\sykTGkW.exe
  C:\Windows\System\sykTGkW.exe
  2⤵
  PID:7256
- C:\Windows\System\DLvelzV.exe
  C:\Windows\System\DLvelzV.exe
  2⤵
  PID:7036
- C:\Windows\System\FcqJnVi.exe
  C:\Windows\System\FcqJnVi.exe
  2⤵
  PID:8036
- C:\Windows\System\ALAXWRZ.exe
  C:\Windows\System\ALAXWRZ.exe
  2⤵
  PID:7864
- C:\Windows\System\DQMKpcL.exe
  C:\Windows\System\DQMKpcL.exe
  2⤵
  PID:8180
- C:\Windows\System\DPjezJZ.exe
  C:\Windows\System\DPjezJZ.exe
  2⤵
  PID:7716
- C:\Windows\System\dAkHDyd.exe
  C:\Windows\System\dAkHDyd.exe
  2⤵
  PID:7172
- C:\Windows\System\JfjARTn.exe
  C:\Windows\System\JfjARTn.exe
  2⤵
  PID:7620
- C:\Windows\System\XcBYPVO.exe
  C:\Windows\System\XcBYPVO.exe
  2⤵
  PID:8208
- C:\Windows\System\ELkeYyt.exe
  C:\Windows\System\ELkeYyt.exe
  2⤵
  PID:8224
- C:\Windows\System\ENmUjJn.exe
  C:\Windows\System\ENmUjJn.exe
  2⤵
  PID:8240
- C:\Windows\System\teybyIp.exe
  C:\Windows\System\teybyIp.exe
  2⤵
  PID:8256
- C:\Windows\System\QvMeAOL.exe
  C:\Windows\System\QvMeAOL.exe
  2⤵
  PID:8272
- C:\Windows\System\unIbWmh.exe
  C:\Windows\System\unIbWmh.exe
  2⤵
  PID:8288
- C:\Windows\System\yFHfZEa.exe
  C:\Windows\System\yFHfZEa.exe
  2⤵
  PID:8304
- C:\Windows\System\vRrQAlW.exe
  C:\Windows\System\vRrQAlW.exe
  2⤵
  PID:8320
- C:\Windows\System\FFwpMhk.exe
  C:\Windows\System\FFwpMhk.exe
  2⤵
  PID:8336
- C:\Windows\System\OYSSFFN.exe
  C:\Windows\System\OYSSFFN.exe
  2⤵
  PID:8356
- C:\Windows\System\HJAroXa.exe
  C:\Windows\System\HJAroXa.exe
  2⤵
  PID:8372
- C:\Windows\System\srLwdvY.exe
  C:\Windows\System\srLwdvY.exe
  2⤵
  PID:8388
- C:\Windows\System\ZyrRFkV.exe
  C:\Windows\System\ZyrRFkV.exe
  2⤵
  PID:8404
- C:\Windows\System\bzIeNUE.exe
  C:\Windows\System\bzIeNUE.exe
  2⤵
  PID:8420
- C:\Windows\System\ehaAzkY.exe
  C:\Windows\System\ehaAzkY.exe
  2⤵
  PID:8436
- C:\Windows\System\VZcxavZ.exe
  C:\Windows\System\VZcxavZ.exe
  2⤵
  PID:8452
- C:\Windows\System\iLPjHck.exe
  C:\Windows\System\iLPjHck.exe
  2⤵
  PID:8468
- C:\Windows\System\ZGrKKhf.exe
  C:\Windows\System\ZGrKKhf.exe
  2⤵
  PID:8484
- C:\Windows\System\eOcGCvo.exe
  C:\Windows\System\eOcGCvo.exe
  2⤵
  PID:8500
- C:\Windows\System\cOqERVF.exe
  C:\Windows\System\cOqERVF.exe
  2⤵
  PID:8516
- C:\Windows\System\Ieoxdcn.exe
  C:\Windows\System\Ieoxdcn.exe
  2⤵
  PID:8532
- C:\Windows\System\DHaWgzj.exe
  C:\Windows\System\DHaWgzj.exe
  2⤵
  PID:8548
- C:\Windows\System\tPDqWCx.exe
  C:\Windows\System\tPDqWCx.exe
  2⤵
  PID:8568
- C:\Windows\System\PFBRUoC.exe
  C:\Windows\System\PFBRUoC.exe
  2⤵
  PID:8584
- C:\Windows\System\MtuUxZK.exe
  C:\Windows\System\MtuUxZK.exe
  2⤵
  PID:8600
- C:\Windows\System\QhtLayn.exe
  C:\Windows\System\QhtLayn.exe
  2⤵
  PID:8616
- C:\Windows\System\bmiXyIt.exe
  C:\Windows\System\bmiXyIt.exe
  2⤵
  PID:8632
- C:\Windows\System\HPxlfPa.exe
  C:\Windows\System\HPxlfPa.exe
  2⤵
  PID:8652
- C:\Windows\System\VhnQCpk.exe
  C:\Windows\System\VhnQCpk.exe
  2⤵
  PID:8668
- C:\Windows\System\VGMTyge.exe
  C:\Windows\System\VGMTyge.exe
  2⤵
  PID:8684
- C:\Windows\System\yfJklCd.exe
  C:\Windows\System\yfJklCd.exe
  2⤵
  PID:8700
- C:\Windows\System\HUkQNrD.exe
  C:\Windows\System\HUkQNrD.exe
  2⤵
  PID:8720
- C:\Windows\System\HmktIuH.exe
  C:\Windows\System\HmktIuH.exe
  2⤵
  PID:8736
- C:\Windows\System\couYUSR.exe
  C:\Windows\System\couYUSR.exe
  2⤵
  PID:8752
- C:\Windows\System\tiIghcu.exe
  C:\Windows\System\tiIghcu.exe
  2⤵
  PID:8768
- C:\Windows\System\IJKulxV.exe
  C:\Windows\System\IJKulxV.exe
  2⤵
  PID:8784
- C:\Windows\System\CkExTbL.exe
  C:\Windows\System\CkExTbL.exe
  2⤵
  PID:8800
- C:\Windows\System\BUyklXX.exe
  C:\Windows\System\BUyklXX.exe
  2⤵
  PID:8816
- C:\Windows\System\rWqKOjn.exe
  C:\Windows\System\rWqKOjn.exe
  2⤵
  PID:8832
- C:\Windows\System\eiBiykI.exe
  C:\Windows\System\eiBiykI.exe
  2⤵
  PID:8848
- C:\Windows\System\JJvkURc.exe
  C:\Windows\System\JJvkURc.exe
  2⤵
  PID:8864
- C:\Windows\System\tMgDhKq.exe
  C:\Windows\System\tMgDhKq.exe
  2⤵
  PID:8880
- C:\Windows\System\ymwJlEj.exe
  C:\Windows\System\ymwJlEj.exe
  2⤵
  PID:8896
- C:\Windows\System\HBpcPUR.exe
  C:\Windows\System\HBpcPUR.exe
  2⤵
  PID:8912
- C:\Windows\System\iVgXLXy.exe
  C:\Windows\System\iVgXLXy.exe
  2⤵
  PID:8928
- C:\Windows\System\EzfDMAO.exe
  C:\Windows\System\EzfDMAO.exe
  2⤵
  PID:8944
- C:\Windows\System\UaeTYrd.exe
  C:\Windows\System\UaeTYrd.exe
  2⤵
  PID:8960
- C:\Windows\System\uKqIqXm.exe
  C:\Windows\System\uKqIqXm.exe
  2⤵
  PID:8980
- C:\Windows\System\NQJIQBY.exe
  C:\Windows\System\NQJIQBY.exe
  2⤵
  PID:8996
- C:\Windows\System\lHcCopd.exe
  C:\Windows\System\lHcCopd.exe
  2⤵
  PID:9012
- C:\Windows\System\uVxiZBM.exe
  C:\Windows\System\uVxiZBM.exe
  2⤵
  PID:9028
- C:\Windows\System\ZGlNPAf.exe
  C:\Windows\System\ZGlNPAf.exe
  2⤵
  PID:9044
- C:\Windows\System\eomiFCc.exe
  C:\Windows\System\eomiFCc.exe
  2⤵
  PID:9060
- C:\Windows\System\IHoJvrT.exe
  C:\Windows\System\IHoJvrT.exe
  2⤵
  PID:9076
- C:\Windows\System\jrMYGJa.exe
  C:\Windows\System\jrMYGJa.exe
  2⤵
  PID:9100
- C:\Windows\System\xkglJpB.exe
  C:\Windows\System\xkglJpB.exe
  2⤵
  PID:9116
- C:\Windows\System\JxHvAVj.exe
  C:\Windows\System\JxHvAVj.exe
  2⤵
  PID:9132
- C:\Windows\System\JkQhqoZ.exe
  C:\Windows\System\JkQhqoZ.exe
  2⤵
  PID:9148
- C:\Windows\System\rwZhCXd.exe
  C:\Windows\System\rwZhCXd.exe
  2⤵
  PID:9172
- C:\Windows\System\Junyxub.exe
  C:\Windows\System\Junyxub.exe
  2⤵
  PID:9188
- C:\Windows\System\CHWadIj.exe
  C:\Windows\System\CHWadIj.exe
  2⤵
  PID:9204
- C:\Windows\System\pHqCKxz.exe
  C:\Windows\System\pHqCKxz.exe
  2⤵
  PID:8200
- C:\Windows\System\ZhGnNrS.exe
  C:\Windows\System\ZhGnNrS.exe
  2⤵
  PID:8216
- C:\Windows\System\ynOzguX.exe
  C:\Windows\System\ynOzguX.exe
  2⤵
  PID:8264
- C:\Windows\System\GvuNfia.exe
  C:\Windows\System\GvuNfia.exe
  2⤵
  PID:8328
- C:\Windows\System\lUrRZzC.exe
  C:\Windows\System\lUrRZzC.exe
  2⤵
  PID:8348
- C:\Windows\System\jmNgkcK.exe
  C:\Windows\System\jmNgkcK.exe
  2⤵
  PID:8352
- C:\Windows\System\euWkatw.exe
  C:\Windows\System\euWkatw.exe
  2⤵
  PID:8432
- C:\Windows\System\icVpNup.exe
  C:\Windows\System\icVpNup.exe
  2⤵
  PID:8444
- C:\Windows\System\bIHKlwv.exe
  C:\Windows\System\bIHKlwv.exe
  2⤵
  PID:8476
- C:\Windows\System\xpsPgNs.exe
  C:\Windows\System\xpsPgNs.exe
  2⤵
  PID:8556
- C:\Windows\System\BaQkRxq.exe
  C:\Windows\System\BaQkRxq.exe
  2⤵
  PID:8576
- C:\Windows\System\BpuLjtf.exe
  C:\Windows\System\BpuLjtf.exe
  2⤵
  PID:8624
- C:\Windows\System\eIRcmlY.exe
  C:\Windows\System\eIRcmlY.exe
  2⤵
  PID:8544
- C:\Windows\System\ehwQWBU.exe
  C:\Windows\System\ehwQWBU.exe
  2⤵
  PID:8644
- C:\Windows\System\AEtBRfz.exe
  C:\Windows\System\AEtBRfz.exe
  2⤵
  PID:8680
- C:\Windows\System\UXqzRXY.exe
  C:\Windows\System\UXqzRXY.exe
  2⤵
  PID:8708
- C:\Windows\System\QfLwywE.exe
  C:\Windows\System\QfLwywE.exe
  2⤵
  PID:8764
- C:\Windows\System\kTDNxYW.exe
  C:\Windows\System\kTDNxYW.exe
  2⤵
  PID:8748
- C:\Windows\System\hPTdbAv.exe
  C:\Windows\System\hPTdbAv.exe
  2⤵
  PID:8824
- C:\Windows\System\dtZsmyL.exe
  C:\Windows\System\dtZsmyL.exe
  2⤵
  PID:8840
- C:\Windows\System\xMBaTjx.exe
  C:\Windows\System\xMBaTjx.exe
  2⤵
  PID:8904
- C:\Windows\System\VaVnuFS.exe
  C:\Windows\System\VaVnuFS.exe
  2⤵
  PID:8856
- C:\Windows\System\bTZyxxo.exe
  C:\Windows\System\bTZyxxo.exe
  2⤵
  PID:8892
- C:\Windows\System\fOzaucm.exe
  C:\Windows\System\fOzaucm.exe
  2⤵
  PID:8972
- C:\Windows\System\DEyIZVY.exe
  C:\Windows\System\DEyIZVY.exe
  2⤵
  PID:9004
- C:\Windows\System\Cchqtwf.exe
  C:\Windows\System\Cchqtwf.exe
  2⤵
  PID:9056
- C:\Windows\System\oCxkmVU.exe
  C:\Windows\System\oCxkmVU.exe
  2⤵
  PID:9040
- C:\Windows\System\ROxSbbJ.exe
  C:\Windows\System\ROxSbbJ.exe
  2⤵
  PID:9184
- C:\Windows\System\svnuRIB.exe
  C:\Windows\System\svnuRIB.exe
  2⤵
  PID:8232
- C:\Windows\System\mHmmfXK.exe
  C:\Windows\System\mHmmfXK.exe
  2⤵
  PID:9160
- C:\Windows\System\DxYWrlu.exe
  C:\Windows\System\DxYWrlu.exe
  2⤵
  PID:9200
- C:\Windows\System\biRNLJA.exe
  C:\Windows\System\biRNLJA.exe
  2⤵
  PID:9112
- C:\Windows\System\HyLOCZa.exe
  C:\Windows\System\HyLOCZa.exe
  2⤵
  PID:8248
- C:\Windows\System\vlaYuul.exe
  C:\Windows\System\vlaYuul.exe
  2⤵
  PID:8284
- C:\Windows\System\hhxjdwV.exe
  C:\Windows\System\hhxjdwV.exe
  2⤵
  PID:8300
- C:\Windows\System\YmwrMmX.exe
  C:\Windows\System\YmwrMmX.exe
  2⤵
  PID:8384
- C:\Windows\System\AgZtxLv.exe
  C:\Windows\System\AgZtxLv.exe
  2⤵
  PID:8448
- C:\Windows\System\veoWKbB.exe
  C:\Windows\System\veoWKbB.exe
  2⤵
  PID:8512
- C:\Windows\System\HuZohtc.exe
  C:\Windows\System\HuZohtc.exe
  2⤵
  PID:8660
- C:\Windows\System\RSvOOoz.exe
  C:\Windows\System\RSvOOoz.exe
  2⤵
  PID:9140
- C:\Windows\System\nvgzPQc.exe
  C:\Windows\System\nvgzPQc.exe
  2⤵
  PID:8332
- C:\Windows\System\WOjJbhj.exe
  C:\Windows\System\WOjJbhj.exe
  2⤵
  PID:9168
- C:\Windows\System\XWavCgl.exe
  C:\Windows\System\XWavCgl.exe
  2⤵
  PID:8396
- C:\Windows\System\yGNUlWF.exe
  C:\Windows\System\yGNUlWF.exe
  2⤵
  PID:8312
- C:\Windows\System\KxEJXAo.exe
  C:\Windows\System\KxEJXAo.exe
  2⤵
  PID:8716
- C:\Windows\System\LvKqWUx.exe
  C:\Windows\System\LvKqWUx.exe
  2⤵
  PID:8976
- C:\Windows\System\XKfLVRu.exe
  C:\Windows\System\XKfLVRu.exe
  2⤵
  PID:9020
- C:\Windows\System\kwCRvea.exe
  C:\Windows\System\kwCRvea.exe
  2⤵
  PID:9052
- C:\Windows\System\FiCMGVI.exe
  C:\Windows\System\FiCMGVI.exe
  2⤵
  PID:7860
- C:\Windows\System\oqVAaKu.exe
  C:\Windows\System\oqVAaKu.exe
  2⤵
  PID:7784
- C:\Windows\System\jAfDBNe.exe
  C:\Windows\System\jAfDBNe.exe
  2⤵
  PID:8760
- C:\Windows\System\ikqsiNa.exe
  C:\Windows\System\ikqsiNa.exe
  2⤵
  PID:8220
- C:\Windows\System\Mbtqhij.exe
  C:\Windows\System\Mbtqhij.exe
  2⤵
  PID:9072
- C:\Windows\System\sMdRxPv.exe
  C:\Windows\System\sMdRxPv.exe
  2⤵
  PID:9024
- C:\Windows\System\pxuHzje.exe
  C:\Windows\System\pxuHzje.exe
  2⤵
  PID:9144
- C:\Windows\System\fxzCELB.exe
  C:\Windows\System\fxzCELB.exe
  2⤵
  PID:8524
- C:\Windows\System\KyiofJg.exe
  C:\Windows\System\KyiofJg.exe
  2⤵
  PID:9068
- C:\Windows\System\soDzafy.exe
  C:\Windows\System\soDzafy.exe
  2⤵
  PID:8992
- C:\Windows\System\YYnOXpr.exe
  C:\Windows\System\YYnOXpr.exe
  2⤵
  PID:8924
- C:\Windows\System\vGeLUov.exe
  C:\Windows\System\vGeLUov.exe
  2⤵
  PID:9228
- C:\Windows\System\qTDALTh.exe
  C:\Windows\System\qTDALTh.exe
  2⤵
  PID:9244
- C:\Windows\System\jXuGZhY.exe
  C:\Windows\System\jXuGZhY.exe
  2⤵
  PID:9264
- C:\Windows\System\KViRfcU.exe
  C:\Windows\System\KViRfcU.exe
  2⤵
  PID:9280
- C:\Windows\System\bCExOkM.exe
  C:\Windows\System\bCExOkM.exe
  2⤵
  PID:9296
- C:\Windows\System\LDPTDzp.exe
  C:\Windows\System\LDPTDzp.exe
  2⤵
  PID:9312
- C:\Windows\System\cFhnByu.exe
  C:\Windows\System\cFhnByu.exe
  2⤵
  PID:9328
- C:\Windows\System\UlhoKcE.exe
  C:\Windows\System\UlhoKcE.exe
  2⤵
  PID:9344
- C:\Windows\System\xllnOyd.exe
  C:\Windows\System\xllnOyd.exe
  2⤵
  PID:9360
- C:\Windows\System\BsVkRnc.exe
  C:\Windows\System\BsVkRnc.exe
  2⤵
  PID:9376
- C:\Windows\System\QWsiZzy.exe
  C:\Windows\System\QWsiZzy.exe
  2⤵
  PID:9392
- C:\Windows\System\minuwEu.exe
  C:\Windows\System\minuwEu.exe
  2⤵
  PID:9408
- C:\Windows\System\uDWeWld.exe
  C:\Windows\System\uDWeWld.exe
  2⤵
  PID:9424
- C:\Windows\System\vVAueHQ.exe
  C:\Windows\System\vVAueHQ.exe
  2⤵
  PID:9444
- C:\Windows\System\RxpUKDO.exe
  C:\Windows\System\RxpUKDO.exe
  2⤵
  PID:9460
- C:\Windows\System\MYrCVwX.exe
  C:\Windows\System\MYrCVwX.exe
  2⤵
  PID:9480
- C:\Windows\System\aCBJNbl.exe
  C:\Windows\System\aCBJNbl.exe
  2⤵
  PID:9496
- C:\Windows\System\NKulSkd.exe
  C:\Windows\System\NKulSkd.exe
  2⤵
  PID:9516
- C:\Windows\System\YvIBtWY.exe
  C:\Windows\System\YvIBtWY.exe
  2⤵
  PID:9532
- C:\Windows\System\IKQSQFG.exe
  C:\Windows\System\IKQSQFG.exe
  2⤵
  PID:9556
- C:\Windows\System\itUzBSY.exe
  C:\Windows\System\itUzBSY.exe
  2⤵
  PID:9580
- C:\Windows\System\tJKzwWr.exe
  C:\Windows\System\tJKzwWr.exe
  2⤵
  PID:9596
- C:\Windows\System\FWYOepy.exe
  C:\Windows\System\FWYOepy.exe
  2⤵
  PID:9612
- C:\Windows\System\LWhojwL.exe
  C:\Windows\System\LWhojwL.exe
  2⤵
  PID:9628
- C:\Windows\System\UHcRLGh.exe
  C:\Windows\System\UHcRLGh.exe
  2⤵
  PID:9644
- C:\Windows\System\zEeQBAI.exe
  C:\Windows\System\zEeQBAI.exe
  2⤵
  PID:9660
- C:\Windows\System\TYYjCbl.exe
  C:\Windows\System\TYYjCbl.exe
  2⤵
  PID:9684
- C:\Windows\System\pdgZsfj.exe
  C:\Windows\System\pdgZsfj.exe
  2⤵
  PID:9704
- C:\Windows\System\NgFqTTV.exe
  C:\Windows\System\NgFqTTV.exe
  2⤵
  PID:9724
- C:\Windows\System\fNPHdtg.exe
  C:\Windows\System\fNPHdtg.exe
  2⤵
  PID:9740
- C:\Windows\System\yEkYiPk.exe
  C:\Windows\System\yEkYiPk.exe
  2⤵
  PID:10124
- C:\Windows\System\eFHaIla.exe
  C:\Windows\System\eFHaIla.exe
  2⤵
  PID:9876
- C:\Windows\System\jIpxszn.exe
  C:\Windows\System\jIpxszn.exe
  2⤵
  PID:9488
- C:\Windows\System\COAffSc.exe
  C:\Windows\System\COAffSc.exe
  2⤵
  PID:9504
- C:\Windows\System\DGFfkLc.exe
  C:\Windows\System\DGFfkLc.exe
  2⤵
  PID:9636
- C:\Windows\System\IgYgJsE.exe
  C:\Windows\System\IgYgJsE.exe
  2⤵
  PID:9788
- C:\Windows\System\TQiBAxl.exe
  C:\Windows\System\TQiBAxl.exe
  2⤵
  PID:9796
- C:\Windows\System\RuMBsEF.exe
  C:\Windows\System\RuMBsEF.exe
  2⤵
  PID:9924
- C:\Windows\System\YbkpREp.exe
  C:\Windows\System\YbkpREp.exe
  2⤵
  PID:10028
- C:\Windows\System\oXFsWUx.exe
  C:\Windows\System\oXFsWUx.exe
  2⤵
  PID:10108
- C:\Windows\System\dGmxRwJ.exe
  C:\Windows\System\dGmxRwJ.exe
  2⤵
  PID:10232
- C:\Windows\System\PCbxdvZ.exe
  C:\Windows\System\PCbxdvZ.exe
  2⤵
  PID:10216
- C:\Windows\System\PYmJYCi.exe
  C:\Windows\System\PYmJYCi.exe
  2⤵
  PID:10148
- C:\Windows\System\JoxSOfO.exe
  C:\Windows\System\JoxSOfO.exe
  2⤵
  PID:10172
- C:\Windows\System\mWRbGZF.exe
  C:\Windows\System\mWRbGZF.exe
  2⤵
  PID:10200
- C:\Windows\System\xaLjmSp.exe
  C:\Windows\System\xaLjmSp.exe
  2⤵
  PID:9224
- C:\Windows\System\GFeplAW.exe
  C:\Windows\System\GFeplAW.exe
  2⤵
  PID:9292
- C:\Windows\System\VopWfXn.exe
  C:\Windows\System\VopWfXn.exe
  2⤵
  PID:9336
- C:\Windows\System\auAZjRE.exe
  C:\Windows\System\auAZjRE.exe
  2⤵
  PID:9308
- C:\Windows\System\uofpmFv.exe
  C:\Windows\System\uofpmFv.exe
  2⤵
  PID:9340
- C:\Windows\System\BSuqnYb.exe
  C:\Windows\System\BSuqnYb.exe
  2⤵
  PID:9416
- C:\Windows\System\HISXUXy.exe
  C:\Windows\System\HISXUXy.exe
  2⤵
  PID:9404
- C:\Windows\System\lZgPvle.exe
  C:\Windows\System\lZgPvle.exe
  2⤵
  PID:9508
- C:\Windows\System\qIyxhrJ.exe
  C:\Windows\System\qIyxhrJ.exe
  2⤵
  PID:9592
- C:\Windows\System\HGFVVSX.exe
  C:\Windows\System\HGFVVSX.exe
  2⤵
  PID:9624
- C:\Windows\System\Wonsrrw.exe
  C:\Windows\System\Wonsrrw.exe
  2⤵
  PID:9568
- C:\Windows\System\nnrCucf.exe
  C:\Windows\System\nnrCucf.exe
  2⤵
  PID:9824
- C:\Windows\System\BGyWXjw.exe
  C:\Windows\System\BGyWXjw.exe
  2⤵
  PID:9804
- C:\Windows\System\tNouFNm.exe
  C:\Windows\System\tNouFNm.exe
  2⤵
  PID:9720
- C:\Windows\System\SZwbdLM.exe
  C:\Windows\System\SZwbdLM.exe
  2⤵
  PID:9828
- C:\Windows\System\BcDBHUH.exe
  C:\Windows\System\BcDBHUH.exe
  2⤵
  PID:9832
- C:\Windows\System\ZFurRvX.exe
  C:\Windows\System\ZFurRvX.exe
  2⤵
  PID:9836
- C:\Windows\System\xwaXYQl.exe
  C:\Windows\System\xwaXYQl.exe
  2⤵
  PID:9872
- C:\Windows\System\ZOxBNZq.exe
  C:\Windows\System\ZOxBNZq.exe
  2⤵
  PID:9900
- C:\Windows\System\NwXcyor.exe
  C:\Windows\System\NwXcyor.exe
  2⤵
  PID:9964
- C:\Windows\System\eTeRbzy.exe
  C:\Windows\System\eTeRbzy.exe
  2⤵
  PID:10000
- C:\Windows\System\hTnjwaV.exe
  C:\Windows\System\hTnjwaV.exe
  2⤵
  PID:10072
- C:\Windows\System\PDyxaEM.exe
  C:\Windows\System\PDyxaEM.exe
  2⤵
  PID:9904
- C:\Windows\System\WwUOzDS.exe
  C:\Windows\System\WwUOzDS.exe
  2⤵
  PID:10080
- C:\Windows\System\VKoAqLp.exe
  C:\Windows\System\VKoAqLp.exe
  2⤵
  PID:9956
- C:\Windows\System\sZCUDiN.exe
  C:\Windows\System\sZCUDiN.exe
  2⤵
  PID:10012
- C:\Windows\System\ZQvBVSJ.exe
  C:\Windows\System\ZQvBVSJ.exe
  2⤵
  PID:10056
- C:\Windows\System\cqxqWmX.exe
  C:\Windows\System\cqxqWmX.exe
  2⤵
  PID:10084
- C:\Windows\System\bMPVNnn.exe
  C:\Windows\System\bMPVNnn.exe
  2⤵
  PID:10224
- C:\Windows\System\TvGPaVD.exe
  C:\Windows\System\TvGPaVD.exe
  2⤵
  PID:10112
- C:\Windows\System\bVZsVxj.exe
  C:\Windows\System\bVZsVxj.exe
  2⤵
  PID:10116
- C:\Windows\System\QbxSUgB.exe
  C:\Windows\System\QbxSUgB.exe
  2⤵
  PID:10136
- C:\Windows\System\vCFaIRI.exe
  C:\Windows\System\vCFaIRI.exe
  2⤵
  PID:10176
- C:\Windows\System\RoISRDf.exe
  C:\Windows\System\RoISRDf.exe
  2⤵
  PID:9320
- C:\Windows\System\CEGTakR.exe
  C:\Windows\System\CEGTakR.exe
  2⤵
  PID:9456
- C:\Windows\System\PioIsfC.exe
  C:\Windows\System\PioIsfC.exe
  2⤵
  PID:9492
- C:\Windows\System\xSHRjcG.exe
  C:\Windows\System\xSHRjcG.exe
  2⤵
  PID:9256
- C:\Windows\System\bvKMEEx.exe
  C:\Windows\System\bvKMEEx.exe
  2⤵
  PID:9988
- C:\Windows\System\gvTNFYY.exe
  C:\Windows\System\gvTNFYY.exe
  2⤵
  PID:9808
- C:\Windows\System\RFJShAx.exe
  C:\Windows\System\RFJShAx.exe
  2⤵
  PID:9524
- C:\Windows\System\OrDTNFJ.exe
  C:\Windows\System\OrDTNFJ.exe
  2⤵
  PID:9736
- C:\Windows\System\fHPEUAu.exe
  C:\Windows\System\fHPEUAu.exe
  2⤵
  PID:9712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AwcxGWh.exe

Filesize
6.0MB

MD5
2ba186dfa06f5e289703cd0c45d610a3

SHA1
22dc44a3c784b23f9ea455c13ffad9e1103e4922

SHA256
ca6389ee148f4e7efa6a1e351f0247738973c144bdec9709515e06dbc88ee9bb

SHA512
e77163ebe54fdec9f5b50f9609998f80775f37b51fcd7e1bb38dfe6caf26c73c0330e41d96758cb3ebb784fe0c2f9b8beafb3bd7ce0fda8f12cf8c1e251096bb

Download Submit
C:\Windows\system\PfocHMu.exe

Filesize
6.0MB

MD5
b8fbf584d5c9d8be12f92cb1ce24885e

SHA1
fa701fcb3c8d21c143ece3f230fa87c13040b4f9

SHA256
70ef3f95bb1a69c70fabbe8a31dd24287b5eca6dc7261b8a8b7009437d109cf1

SHA512
ddaf12e299fd504f1eb8b3a0840183de7435d7574e1bea02ad0ab5f2e4bea41570871d02ad7a85c32535855b023dca9c3f13e41381ee753e4ea159f6ee6407ac

Download Submit
C:\Windows\system\QuLeUQt.exe

Filesize
6.0MB

MD5
2b957616fc11a90e9bc38c8de547e5c8

SHA1
4902396c7bb922feda573e292aff5d15b4778753

SHA256
1f2eaf508693d0273f324c5dfd769eaf8bada50cecaddd9fbf967505984a1b4b

SHA512
a316eeaf9ba094702adac51e679ebe49d4dce5d9b3815fe80c8ba31c5597f97e5c0452b37836b92de25cfdc7e4d7f86af724d637cb8e0cc03136e6aa49849ea2

Download Submit
C:\Windows\system\QwYKkqz.exe

Filesize
6.0MB

MD5
0f1e669840fbcb4cbeb8f7ada64a1ae3

SHA1
8a53d5a39167e05c2a4dd4796eb0efd6ba8ee00b

SHA256
6afe1a90a9cabd4c4fc73f31b8d571452c006968d521e0d51acd611cd0d6c0ec

SHA512
6bae839926e979c811d4b0fa29fc3bdf2a6d6836bf65f488f8f554d5507af51a48f09e4c94c8b0c3594a576028aad4918fd7485fa8c92b3debab3bcd8d4bc552

Download Submit
C:\Windows\system\SBkdQVc.exe

Filesize
6.0MB

MD5
cc52d181b568f9b540dc5a5527fd861c

SHA1
be04038abe1251da06dca976e3b562c8f5bb3615

SHA256
29953242a309474327144fdf009110bba04b6ac5096c5bf8f373dc61827fc168

SHA512
5cd3079bf9848b6f4504aa3503b5ccf50ee601e857d5277816755b8b017e957e53593b8abf353fd9b64fbb9d6cc2f217cebb81e6eb339f36ccb7cb59de966c7d

Download Submit
C:\Windows\system\SuJvNLv.exe

Filesize
6.0MB

MD5
17e1097467462a13726ab221a3e8b3f6

SHA1
5d125bad873c22d9bbd1e57072d60f633d02d156

SHA256
eac4484a7e3ff6bbab2842e6181f4375da033b5052aa4cf8c1884b039289e63e

SHA512
ca1c11aa045ee115abd880922420cd12baaa83ee7d1d88733e388c1396b17ee9fe006894da46a3c1f4d66b6780e1b8803fa4856545a0abbbcc685bac08a9a0f1

Download Submit
C:\Windows\system\Uxrgwez.exe

Filesize
6.0MB

MD5
d517e842e42b4a18e168f0ed95403d55

SHA1
8aed761fcbfacd8c2dd6876632f6a4cb49aa52bd

SHA256
0ebe66b1032b434cbe514c6ccf3a5394b61b206145b5178a84b59331ea03fb39

SHA512
049fed3278294e66c00cfeb234a12770fb79ecddace2291894f1b58f0966c871220fdbea7506000ecf7ecf3271b799b0ebce6870d0d15a9e1c0e0c08355c8497

Download Submit
C:\Windows\system\ZVXLijp.exe

Filesize
6.0MB

MD5
703cfe8e99ba12c27e74a56ca087c4ef

SHA1
3ce94dd58fc0709ca7b09c6ab3ab587a0d9922af

SHA256
4a6ff64fabf93f990cf40c7667d7ba3af6f292e0d8e43343ddb466a4864604b5

SHA512
8469593b7f211d2af4898c075fca35b3109f49f60f9a3f9497dc5ed2e44581e8ab15d56f0ef446ca9f07be89979136e27b10544dcfb02930a445fafbea859a17

Download Submit
C:\Windows\system\ZlxClbA.exe

Filesize
6.0MB

MD5
2792940abba99caa07e4678eceec843a

SHA1
5794dbcebd7b46fdac126766b43364f719514190

SHA256
49c11a6b1887d900115e6d3d3e81cd315a618afc15b47888e8e746ebf42f567b

SHA512
4acf9988dfee85528fec57c207a37db6b30434269bd56daa5959d4bc2c766ec9b956cf4321133b4d295ba4c461294998e7769d62b6d77fa518811a888630abc7

Download Submit
C:\Windows\system\bvXLHOn.exe

Filesize
6.0MB

MD5
a19697919b0dc2bcb7a458e68cc4649a

SHA1
e1b7c7e065bd4812bdd67833d5c26d93147e3ed3

SHA256
de6d2e2878bd1fadba9c5dc3b23115bc835cd408c7530d2dc96df86900bd5858

SHA512
2517a8c0d3090bd38eed8f7c52d00a36f4e89e90ef1cd5141981fadbb5f86942917327f6907c141114aa14c7a34d8169b6eb4250faa2e9b86b6f088cd15c44f0

Download Submit
C:\Windows\system\gpDUhfG.exe

Filesize
6.0MB

MD5
78b407c94b11788729aeb670d1ce6e05

SHA1
c186e57b6e5a385e1bc51cff558019966e426d35

SHA256
1a95fe855ba5e4c56b209a81920eaecc44933b67ab86a8ef1ca98e35d64227b5

SHA512
df20cd12864c4d7ed6881a5342167f789afb794f38ac39e722005d465b30bbdf163111d21e5b7619336fabeaf9e2749f4d36cf50a635ef00c87753ea4d56316c

Download Submit
C:\Windows\system\kvxGcaG.exe

Filesize
6.0MB

MD5
dbc44462a7b9b610f1fda15c0c1c7361

SHA1
16a7508d3c7066acb01231fc2497bfbe43f3c529

SHA256
ae82ff7f2dc671b37fb286f7bfc561ff6ac2b9088f1158e337a33312133529b8

SHA512
bfed98b4dde7cb8949ef2013998c47004f7cfae20f995e10e9b537fa578644eb11793346aba1d3029799536e586c21b533e579c9298fd4cc9ddaa6f781db2997

Download Submit
C:\Windows\system\kwHYAsl.exe

Filesize
6.0MB

MD5
fdcf3f18a51b5d4cae0ec9e322c01797

SHA1
90dd49012f1eb9cacf03f898df20ad5f300374e7

SHA256
2cdd74dc4030146b4a5c6d0168b9d2416d70097909ed9e880c432d35c72ee37d

SHA512
c9fb050dcc1178cb5f966a427f23e8dd6df6baea042a4632c172ea6ebf1870a9094a6587f6b3413485aa0c0d0b3ea6448f6794d65e884195c9a6a32cb3b3a1fc

Download Submit
C:\Windows\system\lCVglla.exe

Filesize
6.0MB

MD5
e73afd5c949629dd92f092ab64981fb7

SHA1
5c29e023d10bf61684773db4c8a4ea9caedc6316

SHA256
97ea7e5e4c97b2a69b4329d53590ff0e2c91717c3c50505e58529c841a2b6c9c

SHA512
0c18bd6f659637f6fe89cf57bf383e47ed3fe10146cfbe30dc70b9a2aadb7f249806f7fb4a9032ecd92d04123e08966ba8c8d22a64106657e4d73c8b01a834f0

Download Submit
C:\Windows\system\lKsDjDz.exe

Filesize
6.0MB

MD5
900fb617c64f7533911b4c72e81433e3

SHA1
d32ef730ee86504d615f2917863ad135b454d8df

SHA256
6841054eef18222d77fe74f0623c1b5ad2cc28eba3bdd2daf39163d50f9b9f81

SHA512
fb6848ea55395449ed72466c90cca6bd69e0cd97cce45d7d759b27005e7500a8834c9e1322b1e8e20de382e6ab24d2acb0ae1b6e991e5758b4adbc642f7270e7

Download Submit
C:\Windows\system\ozCtHFj.exe

Filesize
6.0MB

MD5
3ebc2a4ada69cbf1a86e09d8750cac51

SHA1
9e13851d8ca1c7c9035297c73b4233e1237b5037

SHA256
209684ba2d63e0d821cabd5dd13ada5d1d49b87a4a16d9f1a57489e6f7c56693

SHA512
0f904eec0630c0f9457ff3c9d5a03cbd44d39ac6225f368b661cef884e6fdc7420be1050fec4dfb5ec6bacfae49a0f363722e09d38f52e4ba0c1f22f13baf7cf

Download Submit
C:\Windows\system\pSuoLhd.exe

Filesize
6.0MB

MD5
bf623971209c48bfd9c3905e52fef08d

SHA1
bcd6101db6f940d674da4f240039922cf951e9bc

SHA256
8c3e8601b9f1163506db536153a5422752ea811eb05992bc945a8391376db517

SHA512
dcc929ed496d36380e9459055ebec0aa5c532118458be5092f5f000eee71b9d3ced1ae9bfd7deee7d03077eab64a93175cfef94aa327d7e09493b7c11ded8602

Download Submit
C:\Windows\system\pyzxOjD.exe

Filesize
6.0MB

MD5
12ee27732404585abc6a3cdd06951d63

SHA1
c5b58400de1a80f7701b5d7e6a6f947d1e66f185

SHA256
30ca0b8ce180dfaace6113f3ea6990b9e81b57373e7bb9acfaac122e96f929aa

SHA512
3640997c46c9533ced76244947061c485059158616c8c8da6ca6c44fed5a6f363349b964730922f4369840b497157a4fd97574f27d1c8a35de0d38c182f34eac

Download Submit
C:\Windows\system\sRDAUYY.exe

Filesize
6.0MB

MD5
1b27fb1c82a0d66a57def6ef17f4cc14

SHA1
d2555934fcc089b362fbe75c97d99dc3118412d5

SHA256
4365962dbf686b04e3af44401ad4b1741498d016c420721b85e23cfc3b0919b7

SHA512
cfb2fe6b7ba8d22dd9b527e99ac7ac53182e4c279731aac01462baeee8292b318c2f8e476df32e1b9b6ec0f54daad088e14a29d0cd3166a574c90938c49a7cbc

Download Submit
C:\Windows\system\xFVINTW.exe

Filesize
6.0MB

MD5
ee841edfa217f69451a4145b62916a5c

SHA1
a3b194537a744237cd12f5abcac3982bae27d7f6

SHA256
bdb3176d75abd615a78212223174b989644df6b29134f7108041e99c13993e34

SHA512
d829e189f8dc4b651ea5b8004e1d288988da0f600ee7fb477bf7954400304e71cf4505fbfbcd1b3fe239c252aac0725d29e1b25ae22e12600bf3e21db38785fc

Download Submit
C:\Windows\system\xlQfoOG.exe

Filesize
6.0MB

MD5
69e2eec4aa08d3fa2ba506f6ecde8fc6

SHA1
1026c9228acd8f4235985422a059075547d666a3

SHA256
8bf3b26bd57ad267c664d41108b6d7712a73ddaec671cf4092916e89d73d4ce3

SHA512
17791fced80175a7e061431138bc0dc483569883506c3e287688615c13a8c3fc354352f62fe5df106f70eea1f7713759bcb56426905b2d2a993596c07804d46b

Download Submit
\Windows\system\AfHwSpH.exe

Filesize
6.0MB

MD5
6a06b3b7440dcaea05e70d6d6592e30b

SHA1
c0f0f07a198a24e1f3a860d84427c370b19daf8c

SHA256
d6ac829404e5b884401ada67ada78434e9ae0507dd49270acd444f74598fcdce

SHA512
b6d35aaafd4c5c3d50d4a218cb1ce434a8bf49e9c9bb7459136b48f1d6b9950c0fd97b4bc3e7860d58472c09f4dd74a966d99ec1b106d0a8158bb5537ab62cd6

Download Submit
\Windows\system\DuPVBYn.exe

Filesize
6.0MB

MD5
dc34462126c15eb463608e1b4e95eac9

SHA1
7ee15e63a7546d87ca06673cdbf75f59b1ae776d

SHA256
1a9fa36bbaa9192a05d5f78fe86d5a4f7e285f07c2cc446595cfe250a9ee9510

SHA512
466c6445cff71ff515db48dce62c1c6fc3a4ebe58d9975046ae0d1fbb48a274a1d7528ff64e1129d081149280f128939a1f8f59325986971eae497a9d833dc74

Download Submit
\Windows\system\SJHBTTH.exe

Filesize
6.0MB

MD5
f03f60bc3a3177b7f620ca7ae47aea24

SHA1
73d262f3911ca9ccbc4685d45681db353def2a6c

SHA256
409d1e50359f3f0a9b8322de4f1672fc879e9f70a4eb4bcb75d1e6b9a5dabb97

SHA512
9b9d87a3966b5603e6664bb33b46bd3b4e7b68a1397ceb9a9bcc51d822706424a765cf03cf068b26b3b33c173030f4728b67996a9de6120a2da1b4b1a90ce8f5

Download Submit
\Windows\system\SQrMHoM.exe

Filesize
6.0MB

MD5
c7613579947514eb7984c117e9c33230

SHA1
626275727d19fbd29e946a7e4d6f1508093c0351

SHA256
66a684fc2ec6597be192fc6b8ab42974d863572bfa9b1c02ea6329a2cce45916

SHA512
0d5bd5756b259fa11b6cf4e2bd57aaad9361c8229dbc18e3ab56dd9d66142adc512ade37c4568d495c1ef393a2cc6609a9f10b70bc719d338cc1b33feaebdc19

Download Submit
\Windows\system\TpNBzsy.exe

Filesize
6.0MB

MD5
6591aba4c49ea1abd9a83c4b137bef20

SHA1
11158aafb36ee77faae9634418d7bb12a2f0cfd6

SHA256
89d3ac55c06b76492d2b51323ad673f8157a9fbaa0ac47b38e01b84b3ebf651e

SHA512
437cb6d7c176d95e9d89dd6b5e996e33b697e11d457459c9fdc78cb935a733422352ccca2de4ab04bffc388e0be6101ffff00c8767d56e4297fddf5fddc30b78

Download Submit
\Windows\system\UrVlJsP.exe

Filesize
6.0MB

MD5
c3a14c4bb1e0e3c8936ca612315c855d

SHA1
aa1e58e33ab9b52e758066e7b682c0002fbe752c

SHA256
1c86c1158d43e9fb23eb81cd76c6d969335cbab5169fc69329aac3f01a11e118

SHA512
6b782c574a7fdda4ee690f6354de41c56999d81b7d55215079bfb3b0bc397ecfea6aed65e49ed7f0766d49515b44b015df63c4e6c1ce6fa2ee9ea7c2b9afe42e

Download Submit
\Windows\system\WZyqvyo.exe

Filesize
6.0MB

MD5
f4583b79542eec255d11b0da3d74ad77

SHA1
41b03739f808fefdb2ad0e1a7e3a8ce0594ca8da

SHA256
ffeaeabffe428bc708d32bacac4658d6d1c9e23d22937d0fa5192b86e83d4580

SHA512
8833a1e9725111d7b36d2cd05e738bf0072240848a01adb145687d252441aa9e75a280a0df091646486af17622b5ea2aea1f6df3c9ec9cdbe849a445bdad735c

Download Submit
\Windows\system\cBuhUYm.exe

Filesize
6.0MB

MD5
b7b46a421d9badb9e8af1e3a6f8fda91

SHA1
5988630845f15773b79c291833a8816eaaa2604c

SHA256
ad292232e02b2d6c2e00b723eff836d23f9609d0ecd51e2fc81946cb32a2cb86

SHA512
04c13f62ae46c02178391536d42891b73fd656f7f13371e4890d0bf3222c9432469b994d0751a86d5616ac3227c795b84502c8da8dd2d4e2af1e5091e4a30dec

Download Submit
\Windows\system\ppKAGEk.exe

Filesize
6.0MB

MD5
56c77c390bec2a2922ca6eac1eaab1b3

SHA1
3cbc0d1427049c95a50c7292dc0e7f4eaf6eb65e

SHA256
cc0d11a582d0b53a28c49bb4d7e6b66997661d0074ff130109495f7e78fae38b

SHA512
806d88f582dfd639fa01f028e2d4027f6e7bd9c3d9a2954808ba766da8cb6a379c94e874ca972e29968f9cfeb2efd21349d139630df2207c31eedb4c61dfd8cc

Download Submit
\Windows\system\yHgVTaf.exe

Filesize
6.0MB

MD5
dc33033496da3e101e78d444d60ecfaf

SHA1
ae9250e48cd744f6584d4cfa94eb2129de720647

SHA256
ae462008a2536831ac005392a75a4b800629213eca4dd6625b9f1a83757f8749

SHA512
f5140ef4da5f191ff8c1194fb91e724e67ad7894b2076b888f81bf2e75bf3318ce1a00fa9b8e5a1ba2d3ed7315fed209cb11a746fba50dde4c5eff511d43fdee

Download Submit
\Windows\system\yVpDbOH.exe

Filesize
6.0MB

MD5
4f050dd6a274e821fec6fc33702d3e0f

SHA1
1aa322690135327c356e89e896d82becffeb9d42

SHA256
f9d8c201de95963b90e96b5ccbb08534fab528ecfa62577e3f8ce5edfe965694

SHA512
e1c9f40e5d8128d9bc5ac85437869501bb28b57b42eabe821bfb1bce1bccd1c3db7d81296c9abd22e1d2ddd45a776f552489d298de8b361fcea0bc4371f57041

Download Submit
memory/396-3775-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/396-309-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/396-94-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/540-76-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/540-567-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/540-68-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/540-83-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/540-37-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/540-103-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/540-22-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/540-105-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/540-0-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/540-18-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/540-55-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/540-28-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/540-51-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/540-108-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/540-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/540-32-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/540-379-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/896-33-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/896-3741-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/896-90-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/1500-86-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/1500-124-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/1500-3757-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/1628-473-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-3773-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-98-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-3732-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1740-72-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1740-20-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2316-7-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2316-3710-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2316-41-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2320-13-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2320-3707-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2320-58-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2516-74-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-3753-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-78-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3770-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2564-80-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3765-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2604-26-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3721-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-82-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3725-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2756-44-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3761-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2780-56-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/3020-3748-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-64-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download