cobaltstrike | 594d8d3ffe33846e1625edf0914a7d3636a70c93ac94791327bb80145f3b4a2d

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
14-12-2024 03:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

eb317986dd866785d7790472b0434c63
SHA1

5a724e04aea8b486dd7df6d1bf78a20aa3f85c3f
SHA256

594d8d3ffe33846e1625edf0914a7d3636a70c93ac94791327bb80145f3b4a2d
SHA512

90af2c70046ad365b6afbf75c74b11f9b6e61651d1b184cfccaee5cdd6a5c8817579e03b3bd76c312d6cbfe83b3aa71f03667a7acdfce7093c468308a6c1df36
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUw:T+q56utgpPF8u/7w

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001202c-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186ed-10.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186f1-14.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186f4-18.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018704-22.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018739-25.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018744-30.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a9-49.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b9-53.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ee-61.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-74.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962d-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962b-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-102.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f0-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958e-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019512-81.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001755b-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-69.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f1-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c9-57.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019451-41.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193df-37.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193c4-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 62 IoCs

miner

resource	yara_rule
behavioral1/memory/2404-0-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x000c00000001202c-3.dat	xmrig
behavioral1/files/0x00070000000186ed-10.dat	xmrig
behavioral1/files/0x00070000000186f1-14.dat	xmrig
behavioral1/files/0x00060000000186f4-18.dat	xmrig
behavioral1/files/0x0006000000018704-22.dat	xmrig
behavioral1/files/0x0006000000018739-25.dat	xmrig
behavioral1/files/0x0006000000018744-30.dat	xmrig
behavioral1/files/0x00050000000194a9-49.dat	xmrig
behavioral1/files/0x00050000000194b9-53.dat	xmrig
behavioral1/files/0x00050000000194ee-61.dat	xmrig
behavioral1/files/0x000500000001950e-74.dat	xmrig
behavioral1/memory/316-447-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2920-490-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2904-480-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2404-1425-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2192-455-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2892-453-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2532-451-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2508-449-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2620-445-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2800-472-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2204-460-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2376-443-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/1716-441-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2596-424-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/1216-402-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x000500000001962d-130.dat	xmrig
behavioral1/files/0x000500000001962b-125.dat	xmrig
behavioral1/files/0x0005000000019629-122.dat	xmrig
behavioral1/files/0x0005000000019627-117.dat	xmrig
behavioral1/files/0x0005000000019625-114.dat	xmrig
behavioral1/files/0x0005000000019624-110.dat	xmrig
behavioral1/files/0x0005000000019623-105.dat	xmrig
behavioral1/files/0x0005000000019621-102.dat	xmrig
behavioral1/files/0x00050000000195ab-93.dat	xmrig
behavioral1/files/0x000500000001957e-85.dat	xmrig
behavioral1/files/0x00050000000195f0-97.dat	xmrig
behavioral1/files/0x000500000001958e-89.dat	xmrig
behavioral1/files/0x0005000000019512-81.dat	xmrig
behavioral1/files/0x000900000001755b-77.dat	xmrig
behavioral1/files/0x0005000000019502-69.dat	xmrig
behavioral1/files/0x00050000000194f1-65.dat	xmrig
behavioral1/files/0x00050000000194c9-57.dat	xmrig
behavioral1/files/0x0005000000019458-45.dat	xmrig
behavioral1/files/0x0005000000019451-41.dat	xmrig
behavioral1/files/0x00060000000193df-37.dat	xmrig
behavioral1/files/0x00070000000193c4-34.dat	xmrig
behavioral1/memory/2920-3699-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2532-3700-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2192-3709-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/1216-3710-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2800-3707-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/1716-3718-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2376-3768-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2620-3701-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/316-3836-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2596-3837-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2204-3838-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2904-3841-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2892-3840-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2508-3839-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1216	MYPSADj.exe
2596	STmgmwg.exe
1716	nlynSJn.exe
2376	zvGIRoL.exe
2620	yUSQBRd.exe
316	AQvUdmS.exe
2508	RagfZJK.exe
2532	vSoZxIr.exe
2892	KItmLzc.exe
2192	DHqIFVo.exe
2204	oCYQfHA.exe
2800	ECQkahY.exe
2904	GmkBDDG.exe
2920	DHXemrM.exe
2848	KuzLijm.exe
2896	qKjAYMa.exe
2696	hioWLlB.exe
2748	HROISdr.exe
2516	yIhRTEB.exe
2488	gfEDbKw.exe
1152	usKJHxn.exe
1900	DvxOjAX.exe
3068	JwkTaFg.exe
2908	bkUZkgp.exe
2972	AnkpZSH.exe
1884	UGeexMM.exe
2360	BArvjNs.exe
2012	mDFChaN.exe
2276	zyTLnhw.exe
2300	sVyFAqk.exe
2316	hTIPhSB.exe
2252	oHPQCWN.exe
1004	gbiMfRA.exe
2320	mtfcaJq.exe
2264	uAdTleZ.exe
672	ytqxtCh.exe
1904	mNYYurU.exe
1200	xEXEZoo.exe
1516	tDLcLAb.exe
1160	hGOueQV.exe
1908	CyUwDdg.exe
1296	kwATpsY.exe
1792	yXcAgNk.exe
1196	VaomRRk.exe
1044	GEwSzYv.exe
328	iJRHKFd.exe
1588	okorDXq.exe
1736	IuDasuu.exe
1476	sxESMYw.exe
1460	tvEAGcS.exe
1488	lYGgYtZ.exe
1232	zelGSKv.exe
1696	eyexClI.exe
544	NTSRtMp.exe
708	ndaiZMk.exe
1360	fyPzBPY.exe
2056	IfsAsHs.exe
2448	IWGEaIO.exe
1468	OwhuqQO.exe
564	zRxgndC.exe
2460	NMIxYpq.exe
1480	BkKwElM.exe
2436	DVylxji.exe
1868	OXOaQCI.exe

Loads dropped DLL 64 IoCs

pid	Process
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2404-0-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x000c00000001202c-3.dat	upx
behavioral1/files/0x00070000000186ed-10.dat	upx
behavioral1/files/0x00070000000186f1-14.dat	upx
behavioral1/files/0x00060000000186f4-18.dat	upx
behavioral1/files/0x0006000000018704-22.dat	upx
behavioral1/files/0x0006000000018739-25.dat	upx
behavioral1/files/0x0006000000018744-30.dat	upx
behavioral1/files/0x00050000000194a9-49.dat	upx
behavioral1/files/0x00050000000194b9-53.dat	upx
behavioral1/files/0x00050000000194ee-61.dat	upx
behavioral1/files/0x000500000001950e-74.dat	upx
behavioral1/memory/316-447-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2920-490-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2904-480-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2404-1425-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2192-455-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2892-453-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2532-451-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2508-449-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2620-445-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2800-472-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2204-460-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2376-443-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/1716-441-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2596-424-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/1216-402-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x000500000001962d-130.dat	upx
behavioral1/files/0x000500000001962b-125.dat	upx
behavioral1/files/0x0005000000019629-122.dat	upx
behavioral1/files/0x0005000000019627-117.dat	upx
behavioral1/files/0x0005000000019625-114.dat	upx
behavioral1/files/0x0005000000019624-110.dat	upx
behavioral1/files/0x0005000000019623-105.dat	upx
behavioral1/files/0x0005000000019621-102.dat	upx
behavioral1/files/0x00050000000195ab-93.dat	upx
behavioral1/files/0x000500000001957e-85.dat	upx
behavioral1/files/0x00050000000195f0-97.dat	upx
behavioral1/files/0x000500000001958e-89.dat	upx
behavioral1/files/0x0005000000019512-81.dat	upx
behavioral1/files/0x000900000001755b-77.dat	upx
behavioral1/files/0x0005000000019502-69.dat	upx
behavioral1/files/0x00050000000194f1-65.dat	upx
behavioral1/files/0x00050000000194c9-57.dat	upx
behavioral1/files/0x0005000000019458-45.dat	upx
behavioral1/files/0x0005000000019451-41.dat	upx
behavioral1/files/0x00060000000193df-37.dat	upx
behavioral1/files/0x00070000000193c4-34.dat	upx
behavioral1/memory/2920-3699-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2532-3700-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2192-3709-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/1216-3710-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2800-3707-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/1716-3718-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2376-3768-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2620-3701-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/316-3836-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2596-3837-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2204-3838-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2904-3841-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2892-3840-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2508-3839-0x000000013F520000-0x000000013F874000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\SNoNZcf.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AtTGBfE.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GlaKbxw.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bUJojHW.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GPavQSn.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\egQKPFz.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezCRuRH.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCVGDGQ.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hRKUgKN.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aDCWgiY.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UxkfOwn.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RoxjvCa.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NlBbJvr.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mTxbnmx.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSVLRaZ.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lwbvuzY.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zsTAOWt.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qNEsYEl.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mdHKEyg.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IlgSyzR.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UwRYxWk.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NTtoLRk.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NxVggca.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JHyClLT.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RdetEyu.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxXQIhO.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wzOingO.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JqAaaGR.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uUGIWZX.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uiDGcye.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WocdzEb.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fqqZIGH.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKplVsQ.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RfDqrtg.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OUtgSdg.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tKfcTsS.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PvXZLIo.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xRrctrJ.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FoCvwpa.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQQEMfA.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntOMSjS.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPcLBjt.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TSGoByu.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DKKKIvC.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jUxoXUU.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBCPFKP.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWGEaIO.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkKwElM.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EkXODTc.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MGzEsms.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxWgvMP.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iuwAIPi.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XYgrVfS.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MJrlwKz.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HYjvdLo.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mONSFWj.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kHstkit.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HZsYGDV.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ogxkXyo.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VZskSYw.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yvJnZwT.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fGeVYoJ.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ejSAlIj.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rcGqhtU.exe	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 1216	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2404 wrote to memory of 1216	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2404 wrote to memory of 1216	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2404 wrote to memory of 2596	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2404 wrote to memory of 2596	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2404 wrote to memory of 2596	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2404 wrote to memory of 1716	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2404 wrote to memory of 1716	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2404 wrote to memory of 1716	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2404 wrote to memory of 2376	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2404 wrote to memory of 2376	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2404 wrote to memory of 2376	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2404 wrote to memory of 2620	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2404 wrote to memory of 2620	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2404 wrote to memory of 2620	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2404 wrote to memory of 316	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2404 wrote to memory of 316	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2404 wrote to memory of 316	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2404 wrote to memory of 2508	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2404 wrote to memory of 2508	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2404 wrote to memory of 2508	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2404 wrote to memory of 2532	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2404 wrote to memory of 2532	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2404 wrote to memory of 2532	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2404 wrote to memory of 2892	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2404 wrote to memory of 2892	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2404 wrote to memory of 2892	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2404 wrote to memory of 2192	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2404 wrote to memory of 2192	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2404 wrote to memory of 2192	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2404 wrote to memory of 2204	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2404 wrote to memory of 2204	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2404 wrote to memory of 2204	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2404 wrote to memory of 2800	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2404 wrote to memory of 2800	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2404 wrote to memory of 2800	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2404 wrote to memory of 2904	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2404 wrote to memory of 2904	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2404 wrote to memory of 2904	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2404 wrote to memory of 2920	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2404 wrote to memory of 2920	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2404 wrote to memory of 2920	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2404 wrote to memory of 2848	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2404 wrote to memory of 2848	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2404 wrote to memory of 2848	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2404 wrote to memory of 2896	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2404 wrote to memory of 2896	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2404 wrote to memory of 2896	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2404 wrote to memory of 2696	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2404 wrote to memory of 2696	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2404 wrote to memory of 2696	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2404 wrote to memory of 2748	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2404 wrote to memory of 2748	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2404 wrote to memory of 2748	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2404 wrote to memory of 2516	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2404 wrote to memory of 2516	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2404 wrote to memory of 2516	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2404 wrote to memory of 2488	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2404 wrote to memory of 2488	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2404 wrote to memory of 2488	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2404 wrote to memory of 1152	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2404 wrote to memory of 1152	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2404 wrote to memory of 1152	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2404 wrote to memory of 1900	2404	2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-14_eb317986dd866785d7790472b0434c63_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Windows\System\MYPSADj.exe
  C:\Windows\System\MYPSADj.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\STmgmwg.exe
  C:\Windows\System\STmgmwg.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\nlynSJn.exe
  C:\Windows\System\nlynSJn.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\zvGIRoL.exe
  C:\Windows\System\zvGIRoL.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\yUSQBRd.exe
  C:\Windows\System\yUSQBRd.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\AQvUdmS.exe
  C:\Windows\System\AQvUdmS.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\RagfZJK.exe
  C:\Windows\System\RagfZJK.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\vSoZxIr.exe
  C:\Windows\System\vSoZxIr.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\KItmLzc.exe
  C:\Windows\System\KItmLzc.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\DHqIFVo.exe
  C:\Windows\System\DHqIFVo.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\oCYQfHA.exe
  C:\Windows\System\oCYQfHA.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\ECQkahY.exe
  C:\Windows\System\ECQkahY.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\GmkBDDG.exe
  C:\Windows\System\GmkBDDG.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\DHXemrM.exe
  C:\Windows\System\DHXemrM.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\KuzLijm.exe
  C:\Windows\System\KuzLijm.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\qKjAYMa.exe
  C:\Windows\System\qKjAYMa.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\hioWLlB.exe
  C:\Windows\System\hioWLlB.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\HROISdr.exe
  C:\Windows\System\HROISdr.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\yIhRTEB.exe
  C:\Windows\System\yIhRTEB.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\gfEDbKw.exe
  C:\Windows\System\gfEDbKw.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\usKJHxn.exe
  C:\Windows\System\usKJHxn.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\DvxOjAX.exe
  C:\Windows\System\DvxOjAX.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\JwkTaFg.exe
  C:\Windows\System\JwkTaFg.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\bkUZkgp.exe
  C:\Windows\System\bkUZkgp.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\AnkpZSH.exe
  C:\Windows\System\AnkpZSH.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\UGeexMM.exe
  C:\Windows\System\UGeexMM.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\BArvjNs.exe
  C:\Windows\System\BArvjNs.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\mDFChaN.exe
  C:\Windows\System\mDFChaN.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\zyTLnhw.exe
  C:\Windows\System\zyTLnhw.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\sVyFAqk.exe
  C:\Windows\System\sVyFAqk.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\hTIPhSB.exe
  C:\Windows\System\hTIPhSB.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\oHPQCWN.exe
  C:\Windows\System\oHPQCWN.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\gbiMfRA.exe
  C:\Windows\System\gbiMfRA.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\mtfcaJq.exe
  C:\Windows\System\mtfcaJq.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\uAdTleZ.exe
  C:\Windows\System\uAdTleZ.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\ytqxtCh.exe
  C:\Windows\System\ytqxtCh.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\mNYYurU.exe
  C:\Windows\System\mNYYurU.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\xEXEZoo.exe
  C:\Windows\System\xEXEZoo.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\tDLcLAb.exe
  C:\Windows\System\tDLcLAb.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\hGOueQV.exe
  C:\Windows\System\hGOueQV.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\CyUwDdg.exe
  C:\Windows\System\CyUwDdg.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\kwATpsY.exe
  C:\Windows\System\kwATpsY.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\yXcAgNk.exe
  C:\Windows\System\yXcAgNk.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\VaomRRk.exe
  C:\Windows\System\VaomRRk.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\GEwSzYv.exe
  C:\Windows\System\GEwSzYv.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\iJRHKFd.exe
  C:\Windows\System\iJRHKFd.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\okorDXq.exe
  C:\Windows\System\okorDXq.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\IuDasuu.exe
  C:\Windows\System\IuDasuu.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\sxESMYw.exe
  C:\Windows\System\sxESMYw.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\tvEAGcS.exe
  C:\Windows\System\tvEAGcS.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\lYGgYtZ.exe
  C:\Windows\System\lYGgYtZ.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\zelGSKv.exe
  C:\Windows\System\zelGSKv.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\eyexClI.exe
  C:\Windows\System\eyexClI.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\NTSRtMp.exe
  C:\Windows\System\NTSRtMp.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\ndaiZMk.exe
  C:\Windows\System\ndaiZMk.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\fyPzBPY.exe
  C:\Windows\System\fyPzBPY.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\IfsAsHs.exe
  C:\Windows\System\IfsAsHs.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\IWGEaIO.exe
  C:\Windows\System\IWGEaIO.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\OwhuqQO.exe
  C:\Windows\System\OwhuqQO.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\zRxgndC.exe
  C:\Windows\System\zRxgndC.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\NMIxYpq.exe
  C:\Windows\System\NMIxYpq.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\BkKwElM.exe
  C:\Windows\System\BkKwElM.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\DVylxji.exe
  C:\Windows\System\DVylxji.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\OXOaQCI.exe
  C:\Windows\System\OXOaQCI.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\FjYCfDt.exe
  C:\Windows\System\FjYCfDt.exe
  2⤵
  PID:896
- C:\Windows\System\LJfvnwj.exe
  C:\Windows\System\LJfvnwj.exe
  2⤵
  PID:628
- C:\Windows\System\rxDLfdn.exe
  C:\Windows\System\rxDLfdn.exe
  2⤵
  PID:2540
- C:\Windows\System\FUcuzea.exe
  C:\Windows\System\FUcuzea.exe
  2⤵
  PID:880
- C:\Windows\System\bIHhcyp.exe
  C:\Windows\System\bIHhcyp.exe
  2⤵
  PID:1544
- C:\Windows\System\bBSWTCc.exe
  C:\Windows\System\bBSWTCc.exe
  2⤵
  PID:1644
- C:\Windows\System\UUoQFQJ.exe
  C:\Windows\System\UUoQFQJ.exe
  2⤵
  PID:2640
- C:\Windows\System\GAxxCYs.exe
  C:\Windows\System\GAxxCYs.exe
  2⤵
  PID:1220
- C:\Windows\System\VOHhunn.exe
  C:\Windows\System\VOHhunn.exe
  2⤵
  PID:2604
- C:\Windows\System\wRnNNpR.exe
  C:\Windows\System\wRnNNpR.exe
  2⤵
  PID:2812
- C:\Windows\System\FWDaEQL.exe
  C:\Windows\System\FWDaEQL.exe
  2⤵
  PID:2840
- C:\Windows\System\SiEbxLZ.exe
  C:\Windows\System\SiEbxLZ.exe
  2⤵
  PID:2184
- C:\Windows\System\kdbaePv.exe
  C:\Windows\System\kdbaePv.exe
  2⤵
  PID:3016
- C:\Windows\System\vJyiIaG.exe
  C:\Windows\System\vJyiIaG.exe
  2⤵
  PID:2412
- C:\Windows\System\xldxszo.exe
  C:\Windows\System\xldxszo.exe
  2⤵
  PID:2712
- C:\Windows\System\VlYkTCr.exe
  C:\Windows\System\VlYkTCr.exe
  2⤵
  PID:1864
- C:\Windows\System\XOxUQBo.exe
  C:\Windows\System\XOxUQBo.exe
  2⤵
  PID:552
- C:\Windows\System\uLijXjr.exe
  C:\Windows\System\uLijXjr.exe
  2⤵
  PID:2980
- C:\Windows\System\jSIghyr.exe
  C:\Windows\System\jSIghyr.exe
  2⤵
  PID:3048
- C:\Windows\System\GLTExvQ.exe
  C:\Windows\System\GLTExvQ.exe
  2⤵
  PID:1080
- C:\Windows\System\lcyiRgC.exe
  C:\Windows\System\lcyiRgC.exe
  2⤵
  PID:2480
- C:\Windows\System\ldsqUIg.exe
  C:\Windows\System\ldsqUIg.exe
  2⤵
  PID:2644
- C:\Windows\System\YcUUTME.exe
  C:\Windows\System\YcUUTME.exe
  2⤵
  PID:2240
- C:\Windows\System\pKFdFfm.exe
  C:\Windows\System\pKFdFfm.exe
  2⤵
  PID:2444
- C:\Windows\System\xzyvvrn.exe
  C:\Windows\System\xzyvvrn.exe
  2⤵
  PID:1888
- C:\Windows\System\scIUAML.exe
  C:\Windows\System\scIUAML.exe
  2⤵
  PID:1416
- C:\Windows\System\mdHKEyg.exe
  C:\Windows\System\mdHKEyg.exe
  2⤵
  PID:1612
- C:\Windows\System\jQJwYln.exe
  C:\Windows\System\jQJwYln.exe
  2⤵
  PID:1840
- C:\Windows\System\bklwFgC.exe
  C:\Windows\System\bklwFgC.exe
  2⤵
  PID:1268
- C:\Windows\System\HqAEhiq.exe
  C:\Windows\System\HqAEhiq.exe
  2⤵
  PID:1720
- C:\Windows\System\vMSvaev.exe
  C:\Windows\System\vMSvaev.exe
  2⤵
  PID:2452
- C:\Windows\System\gFjvbKS.exe
  C:\Windows\System\gFjvbKS.exe
  2⤵
  PID:1892
- C:\Windows\System\fvsFVXR.exe
  C:\Windows\System\fvsFVXR.exe
  2⤵
  PID:2556
- C:\Windows\System\CQJtHTo.exe
  C:\Windows\System\CQJtHTo.exe
  2⤵
  PID:2116
- C:\Windows\System\OKkWLuk.exe
  C:\Windows\System\OKkWLuk.exe
  2⤵
  PID:2284
- C:\Windows\System\aHEjqyp.exe
  C:\Windows\System\aHEjqyp.exe
  2⤵
  PID:832
- C:\Windows\System\VuFlEFY.exe
  C:\Windows\System\VuFlEFY.exe
  2⤵
  PID:2288
- C:\Windows\System\bGfcPij.exe
  C:\Windows\System\bGfcPij.exe
  2⤵
  PID:1860
- C:\Windows\System\UYqBVqR.exe
  C:\Windows\System\UYqBVqR.exe
  2⤵
  PID:1444
- C:\Windows\System\bqdRXwJ.exe
  C:\Windows\System\bqdRXwJ.exe
  2⤵
  PID:2188
- C:\Windows\System\BndnHQf.exe
  C:\Windows\System\BndnHQf.exe
  2⤵
  PID:1456
- C:\Windows\System\epNwjNO.exe
  C:\Windows\System\epNwjNO.exe
  2⤵
  PID:1048
- C:\Windows\System\hvoWoUj.exe
  C:\Windows\System\hvoWoUj.exe
  2⤵
  PID:1584
- C:\Windows\System\fcyBynJ.exe
  C:\Windows\System\fcyBynJ.exe
  2⤵
  PID:2928
- C:\Windows\System\ntwimAX.exe
  C:\Windows\System\ntwimAX.exe
  2⤵
  PID:2248
- C:\Windows\System\mbevlMy.exe
  C:\Windows\System\mbevlMy.exe
  2⤵
  PID:2804
- C:\Windows\System\qovbRde.exe
  C:\Windows\System\qovbRde.exe
  2⤵
  PID:3028
- C:\Windows\System\sAwihGB.exe
  C:\Windows\System\sAwihGB.exe
  2⤵
  PID:2772
- C:\Windows\System\NeClAKI.exe
  C:\Windows\System\NeClAKI.exe
  2⤵
  PID:1688
- C:\Windows\System\knSybRq.exe
  C:\Windows\System\knSybRq.exe
  2⤵
  PID:2304
- C:\Windows\System\ZNzVGSi.exe
  C:\Windows\System\ZNzVGSi.exe
  2⤵
  PID:2424
- C:\Windows\System\kjJkocG.exe
  C:\Windows\System\kjJkocG.exe
  2⤵
  PID:2476
- C:\Windows\System\GlaKbxw.exe
  C:\Windows\System\GlaKbxw.exe
  2⤵
  PID:1556
- C:\Windows\System\RSOfaSl.exe
  C:\Windows\System\RSOfaSl.exe
  2⤵
  PID:236
- C:\Windows\System\WdlXrkA.exe
  C:\Windows\System\WdlXrkA.exe
  2⤵
  PID:2176
- C:\Windows\System\pJiSewk.exe
  C:\Windows\System\pJiSewk.exe
  2⤵
  PID:2236
- C:\Windows\System\iWeZwsI.exe
  C:\Windows\System\iWeZwsI.exe
  2⤵
  PID:2232
- C:\Windows\System\tJYCslh.exe
  C:\Windows\System\tJYCslh.exe
  2⤵
  PID:1928
- C:\Windows\System\YFuiNeG.exe
  C:\Windows\System\YFuiNeG.exe
  2⤵
  PID:3084
- C:\Windows\System\kpJmUII.exe
  C:\Windows\System\kpJmUII.exe
  2⤵
  PID:3100
- C:\Windows\System\NtMBGTn.exe
  C:\Windows\System\NtMBGTn.exe
  2⤵
  PID:3116
- C:\Windows\System\dEsDHRi.exe
  C:\Windows\System\dEsDHRi.exe
  2⤵
  PID:3132
- C:\Windows\System\rfQqNFe.exe
  C:\Windows\System\rfQqNFe.exe
  2⤵
  PID:3148
- C:\Windows\System\AlyKsXi.exe
  C:\Windows\System\AlyKsXi.exe
  2⤵
  PID:3164
- C:\Windows\System\KYTtNbU.exe
  C:\Windows\System\KYTtNbU.exe
  2⤵
  PID:3180
- C:\Windows\System\qDPWpVJ.exe
  C:\Windows\System\qDPWpVJ.exe
  2⤵
  PID:3196
- C:\Windows\System\WOAtpcY.exe
  C:\Windows\System\WOAtpcY.exe
  2⤵
  PID:3212
- C:\Windows\System\oHMSLFg.exe
  C:\Windows\System\oHMSLFg.exe
  2⤵
  PID:3228
- C:\Windows\System\rlYjNlu.exe
  C:\Windows\System\rlYjNlu.exe
  2⤵
  PID:3244
- C:\Windows\System\XUjPoWp.exe
  C:\Windows\System\XUjPoWp.exe
  2⤵
  PID:3260
- C:\Windows\System\wApqNuo.exe
  C:\Windows\System\wApqNuo.exe
  2⤵
  PID:3276
- C:\Windows\System\EBCKoaz.exe
  C:\Windows\System\EBCKoaz.exe
  2⤵
  PID:3292
- C:\Windows\System\PiiiXSq.exe
  C:\Windows\System\PiiiXSq.exe
  2⤵
  PID:3308
- C:\Windows\System\nOLDxUf.exe
  C:\Windows\System\nOLDxUf.exe
  2⤵
  PID:3324
- C:\Windows\System\ymKJlgT.exe
  C:\Windows\System\ymKJlgT.exe
  2⤵
  PID:3340
- C:\Windows\System\wzOingO.exe
  C:\Windows\System\wzOingO.exe
  2⤵
  PID:3356
- C:\Windows\System\oURZdya.exe
  C:\Windows\System\oURZdya.exe
  2⤵
  PID:3372
- C:\Windows\System\INiNstz.exe
  C:\Windows\System\INiNstz.exe
  2⤵
  PID:3388
- C:\Windows\System\BmJHCUZ.exe
  C:\Windows\System\BmJHCUZ.exe
  2⤵
  PID:3404
- C:\Windows\System\mQZoGbO.exe
  C:\Windows\System\mQZoGbO.exe
  2⤵
  PID:3420
- C:\Windows\System\TZvlsBi.exe
  C:\Windows\System\TZvlsBi.exe
  2⤵
  PID:3436
- C:\Windows\System\cEOzkDt.exe
  C:\Windows\System\cEOzkDt.exe
  2⤵
  PID:3452
- C:\Windows\System\SQDIglD.exe
  C:\Windows\System\SQDIglD.exe
  2⤵
  PID:3468
- C:\Windows\System\hesQyTt.exe
  C:\Windows\System\hesQyTt.exe
  2⤵
  PID:3484
- C:\Windows\System\ujSfTAm.exe
  C:\Windows\System\ujSfTAm.exe
  2⤵
  PID:3500
- C:\Windows\System\fGQGDga.exe
  C:\Windows\System\fGQGDga.exe
  2⤵
  PID:3516
- C:\Windows\System\rDxPJwM.exe
  C:\Windows\System\rDxPJwM.exe
  2⤵
  PID:3532
- C:\Windows\System\CceDNcZ.exe
  C:\Windows\System\CceDNcZ.exe
  2⤵
  PID:3548
- C:\Windows\System\rterdYb.exe
  C:\Windows\System\rterdYb.exe
  2⤵
  PID:3564
- C:\Windows\System\rzajRKi.exe
  C:\Windows\System\rzajRKi.exe
  2⤵
  PID:3580
- C:\Windows\System\KhISWFF.exe
  C:\Windows\System\KhISWFF.exe
  2⤵
  PID:3596
- C:\Windows\System\ocTtCPV.exe
  C:\Windows\System\ocTtCPV.exe
  2⤵
  PID:3612
- C:\Windows\System\ynXDHaF.exe
  C:\Windows\System\ynXDHaF.exe
  2⤵
  PID:3868
- C:\Windows\System\DJdeNqY.exe
  C:\Windows\System\DJdeNqY.exe
  2⤵
  PID:3952
- C:\Windows\System\diVvmjE.exe
  C:\Windows\System\diVvmjE.exe
  2⤵
  PID:3972
- C:\Windows\System\fDrzxAd.exe
  C:\Windows\System\fDrzxAd.exe
  2⤵
  PID:3992
- C:\Windows\System\uVMiWJp.exe
  C:\Windows\System\uVMiWJp.exe
  2⤵
  PID:4016
- C:\Windows\System\MMrDmgR.exe
  C:\Windows\System\MMrDmgR.exe
  2⤵
  PID:4032
- C:\Windows\System\kdvmJok.exe
  C:\Windows\System\kdvmJok.exe
  2⤵
  PID:4052
- C:\Windows\System\rgRJKOy.exe
  C:\Windows\System\rgRJKOy.exe
  2⤵
  PID:4068
- C:\Windows\System\iqNYvtC.exe
  C:\Windows\System\iqNYvtC.exe
  2⤵
  PID:4088
- C:\Windows\System\NiRHroO.exe
  C:\Windows\System\NiRHroO.exe
  2⤵
  PID:892
- C:\Windows\System\FsaGxVo.exe
  C:\Windows\System\FsaGxVo.exe
  2⤵
  PID:2788
- C:\Windows\System\xCLZpdS.exe
  C:\Windows\System\xCLZpdS.exe
  2⤵
  PID:1724
- C:\Windows\System\oKHYCwq.exe
  C:\Windows\System\oKHYCwq.exe
  2⤵
  PID:1964
- C:\Windows\System\vPZOyxZ.exe
  C:\Windows\System\vPZOyxZ.exe
  2⤵
  PID:2052
- C:\Windows\System\vTDiwQU.exe
  C:\Windows\System\vTDiwQU.exe
  2⤵
  PID:912
- C:\Windows\System\BxfTxIV.exe
  C:\Windows\System\BxfTxIV.exe
  2⤵
  PID:2216
- C:\Windows\System\XysHWVE.exe
  C:\Windows\System\XysHWVE.exe
  2⤵
  PID:3076
- C:\Windows\System\MiRmOGL.exe
  C:\Windows\System\MiRmOGL.exe
  2⤵
  PID:3112
- C:\Windows\System\ISHmiXR.exe
  C:\Windows\System\ISHmiXR.exe
  2⤵
  PID:3144
- C:\Windows\System\zbJvPnJ.exe
  C:\Windows\System\zbJvPnJ.exe
  2⤵
  PID:3176
- C:\Windows\System\nKZnAVQ.exe
  C:\Windows\System\nKZnAVQ.exe
  2⤵
  PID:3208
- C:\Windows\System\ZDjtBcW.exe
  C:\Windows\System\ZDjtBcW.exe
  2⤵
  PID:3224
- C:\Windows\System\HxskSER.exe
  C:\Windows\System\HxskSER.exe
  2⤵
  PID:3284
- C:\Windows\System\FjHCYLo.exe
  C:\Windows\System\FjHCYLo.exe
  2⤵
  PID:3332
- C:\Windows\System\hRKUgKN.exe
  C:\Windows\System\hRKUgKN.exe
  2⤵
  PID:3396
- C:\Windows\System\toKjZIY.exe
  C:\Windows\System\toKjZIY.exe
  2⤵
  PID:3460
- C:\Windows\System\afNynok.exe
  C:\Windows\System\afNynok.exe
  2⤵
  PID:3524
- C:\Windows\System\RtNqncu.exe
  C:\Windows\System\RtNqncu.exe
  2⤵
  PID:3320
- C:\Windows\System\xoApmpo.exe
  C:\Windows\System\xoApmpo.exe
  2⤵
  PID:3384
- C:\Windows\System\aTdRPQK.exe
  C:\Windows\System\aTdRPQK.exe
  2⤵
  PID:3556
- C:\Windows\System\uSVLRaZ.exe
  C:\Windows\System\uSVLRaZ.exe
  2⤵
  PID:3620
- C:\Windows\System\GkWCTbJ.exe
  C:\Windows\System\GkWCTbJ.exe
  2⤵
  PID:3632
- C:\Windows\System\HWoqhbo.exe
  C:\Windows\System\HWoqhbo.exe
  2⤵
  PID:3652
- C:\Windows\System\aWrckxg.exe
  C:\Windows\System\aWrckxg.exe
  2⤵
  PID:3668
- C:\Windows\System\HikopPx.exe
  C:\Windows\System\HikopPx.exe
  2⤵
  PID:3684
- C:\Windows\System\sHKugWJ.exe
  C:\Windows\System\sHKugWJ.exe
  2⤵
  PID:3704
- C:\Windows\System\wjgbBLe.exe
  C:\Windows\System\wjgbBLe.exe
  2⤵
  PID:4004
- C:\Windows\System\YdqjAQU.exe
  C:\Windows\System\YdqjAQU.exe
  2⤵
  PID:3512
- C:\Windows\System\nqULHGv.exe
  C:\Windows\System\nqULHGv.exe
  2⤵
  PID:3044
- C:\Windows\System\bpdtKHi.exe
  C:\Windows\System\bpdtKHi.exe
  2⤵
  PID:3828
- C:\Windows\System\JqAaaGR.exe
  C:\Windows\System\JqAaaGR.exe
  2⤵
  PID:3848
- C:\Windows\System\chlUkea.exe
  C:\Windows\System\chlUkea.exe
  2⤵
  PID:3964
- C:\Windows\System\pLkeqZK.exe
  C:\Windows\System\pLkeqZK.exe
  2⤵
  PID:4040
- C:\Windows\System\lnyxHzb.exe
  C:\Windows\System\lnyxHzb.exe
  2⤵
  PID:1576
- C:\Windows\System\jbADMSN.exe
  C:\Windows\System\jbADMSN.exe
  2⤵
  PID:340
- C:\Windows\System\xEweiwz.exe
  C:\Windows\System\xEweiwz.exe
  2⤵
  PID:3192
- C:\Windows\System\gGRBghM.exe
  C:\Windows\System\gGRBghM.exe
  2⤵
  PID:3492
- C:\Windows\System\DKJjAyi.exe
  C:\Windows\System\DKJjAyi.exe
  2⤵
  PID:3544
- C:\Windows\System\EXKEhGW.exe
  C:\Windows\System\EXKEhGW.exe
  2⤵
  PID:3608
- C:\Windows\System\CcMkrwP.exe
  C:\Windows\System\CcMkrwP.exe
  2⤵
  PID:3644
- C:\Windows\System\OpiguUe.exe
  C:\Windows\System\OpiguUe.exe
  2⤵
  PID:3980
- C:\Windows\System\CnFqHuH.exe
  C:\Windows\System\CnFqHuH.exe
  2⤵
  PID:4028
- C:\Windows\System\TWHNLRU.exe
  C:\Windows\System\TWHNLRU.exe
  2⤵
  PID:3444
- C:\Windows\System\hOucmVB.exe
  C:\Windows\System\hOucmVB.exe
  2⤵
  PID:3304
- C:\Windows\System\MLGdwvY.exe
  C:\Windows\System\MLGdwvY.exe
  2⤵
  PID:3160
- C:\Windows\System\cjvbqfh.exe
  C:\Windows\System\cjvbqfh.exe
  2⤵
  PID:2324
- C:\Windows\System\TjFdTPZ.exe
  C:\Windows\System\TjFdTPZ.exe
  2⤵
  PID:4064
- C:\Windows\System\uUGIWZX.exe
  C:\Windows\System\uUGIWZX.exe
  2⤵
  PID:3700
- C:\Windows\System\zNFKzHD.exe
  C:\Windows\System\zNFKzHD.exe
  2⤵
  PID:3844
- C:\Windows\System\ZBaNvei.exe
  C:\Windows\System\ZBaNvei.exe
  2⤵
  PID:4012
- C:\Windows\System\mRITNBn.exe
  C:\Windows\System\mRITNBn.exe
  2⤵
  PID:3740
- C:\Windows\System\NSPfOGE.exe
  C:\Windows\System\NSPfOGE.exe
  2⤵
  PID:3760
- C:\Windows\System\MGzEsms.exe
  C:\Windows\System\MGzEsms.exe
  2⤵
  PID:3784
- C:\Windows\System\WGvSWua.exe
  C:\Windows\System\WGvSWua.exe
  2⤵
  PID:3256
- C:\Windows\System\cSdfWJN.exe
  C:\Windows\System\cSdfWJN.exe
  2⤵
  PID:3364
- C:\Windows\System\AeHHweK.exe
  C:\Windows\System\AeHHweK.exe
  2⤵
  PID:3636
- C:\Windows\System\bHNZhjl.exe
  C:\Windows\System\bHNZhjl.exe
  2⤵
  PID:3856
- C:\Windows\System\FtjsTtx.exe
  C:\Windows\System\FtjsTtx.exe
  2⤵
  PID:1540
- C:\Windows\System\SOGZFEN.exe
  C:\Windows\System\SOGZFEN.exe
  2⤵
  PID:2500
- C:\Windows\System\NUUDtyn.exe
  C:\Windows\System\NUUDtyn.exe
  2⤵
  PID:3728
- C:\Windows\System\QbNgsUu.exe
  C:\Windows\System\QbNgsUu.exe
  2⤵
  PID:3560
- C:\Windows\System\pmfSMXS.exe
  C:\Windows\System\pmfSMXS.exe
  2⤵
  PID:3776
- C:\Windows\System\ivBLasm.exe
  C:\Windows\System\ivBLasm.exe
  2⤵
  PID:4104
- C:\Windows\System\ooMBbXx.exe
  C:\Windows\System\ooMBbXx.exe
  2⤵
  PID:4120
- C:\Windows\System\eyrZkAq.exe
  C:\Windows\System\eyrZkAq.exe
  2⤵
  PID:4140
- C:\Windows\System\txhuAkh.exe
  C:\Windows\System\txhuAkh.exe
  2⤵
  PID:4156
- C:\Windows\System\YXHAUAg.exe
  C:\Windows\System\YXHAUAg.exe
  2⤵
  PID:4172
- C:\Windows\System\uNNxRuy.exe
  C:\Windows\System\uNNxRuy.exe
  2⤵
  PID:4188
- C:\Windows\System\TPNCEXu.exe
  C:\Windows\System\TPNCEXu.exe
  2⤵
  PID:4212
- C:\Windows\System\IrVcrSF.exe
  C:\Windows\System\IrVcrSF.exe
  2⤵
  PID:4236
- C:\Windows\System\yzcJuNL.exe
  C:\Windows\System\yzcJuNL.exe
  2⤵
  PID:4252
- C:\Windows\System\qkevHRA.exe
  C:\Windows\System\qkevHRA.exe
  2⤵
  PID:4272
- C:\Windows\System\TWltJGw.exe
  C:\Windows\System\TWltJGw.exe
  2⤵
  PID:4288
- C:\Windows\System\IyuxNDy.exe
  C:\Windows\System\IyuxNDy.exe
  2⤵
  PID:4308
- C:\Windows\System\ZAWpizA.exe
  C:\Windows\System\ZAWpizA.exe
  2⤵
  PID:4328
- C:\Windows\System\NTtoLRk.exe
  C:\Windows\System\NTtoLRk.exe
  2⤵
  PID:4344
- C:\Windows\System\tawTmhx.exe
  C:\Windows\System\tawTmhx.exe
  2⤵
  PID:4368
- C:\Windows\System\fxzHvpW.exe
  C:\Windows\System\fxzHvpW.exe
  2⤵
  PID:4384
- C:\Windows\System\PVZrRac.exe
  C:\Windows\System\PVZrRac.exe
  2⤵
  PID:4436
- C:\Windows\System\WzBzbqC.exe
  C:\Windows\System\WzBzbqC.exe
  2⤵
  PID:4452
- C:\Windows\System\OLjxqHj.exe
  C:\Windows\System\OLjxqHj.exe
  2⤵
  PID:4476
- C:\Windows\System\DpvLpml.exe
  C:\Windows\System\DpvLpml.exe
  2⤵
  PID:4496
- C:\Windows\System\IPxUHyU.exe
  C:\Windows\System\IPxUHyU.exe
  2⤵
  PID:4516
- C:\Windows\System\EyKiGRc.exe
  C:\Windows\System\EyKiGRc.exe
  2⤵
  PID:4536
- C:\Windows\System\SjxFWks.exe
  C:\Windows\System\SjxFWks.exe
  2⤵
  PID:4556
- C:\Windows\System\kJsuwpy.exe
  C:\Windows\System\kJsuwpy.exe
  2⤵
  PID:4576
- C:\Windows\System\xHvlkyQ.exe
  C:\Windows\System\xHvlkyQ.exe
  2⤵
  PID:4596
- C:\Windows\System\LOcFsVd.exe
  C:\Windows\System\LOcFsVd.exe
  2⤵
  PID:4616
- C:\Windows\System\ogxkXyo.exe
  C:\Windows\System\ogxkXyo.exe
  2⤵
  PID:4636
- C:\Windows\System\LRhUokz.exe
  C:\Windows\System\LRhUokz.exe
  2⤵
  PID:4652
- C:\Windows\System\GwSUYPf.exe
  C:\Windows\System\GwSUYPf.exe
  2⤵
  PID:4676
- C:\Windows\System\QTxZjSB.exe
  C:\Windows\System\QTxZjSB.exe
  2⤵
  PID:4696
- C:\Windows\System\bXFLuds.exe
  C:\Windows\System\bXFLuds.exe
  2⤵
  PID:4720
- C:\Windows\System\bQQAcSE.exe
  C:\Windows\System\bQQAcSE.exe
  2⤵
  PID:4736
- C:\Windows\System\nCwbEKt.exe
  C:\Windows\System\nCwbEKt.exe
  2⤵
  PID:4756
- C:\Windows\System\SslobWn.exe
  C:\Windows\System\SslobWn.exe
  2⤵
  PID:4772
- C:\Windows\System\mcYFLAc.exe
  C:\Windows\System\mcYFLAc.exe
  2⤵
  PID:4792
- C:\Windows\System\wJeUqlN.exe
  C:\Windows\System\wJeUqlN.exe
  2⤵
  PID:4816
- C:\Windows\System\vTDnauH.exe
  C:\Windows\System\vTDnauH.exe
  2⤵
  PID:4836
- C:\Windows\System\KeDCcjF.exe
  C:\Windows\System\KeDCcjF.exe
  2⤵
  PID:4856
- C:\Windows\System\miIyqJL.exe
  C:\Windows\System\miIyqJL.exe
  2⤵
  PID:4872
- C:\Windows\System\eoaUzkC.exe
  C:\Windows\System\eoaUzkC.exe
  2⤵
  PID:4892
- C:\Windows\System\pSQhRFI.exe
  C:\Windows\System\pSQhRFI.exe
  2⤵
  PID:4916
- C:\Windows\System\kVjxBvk.exe
  C:\Windows\System\kVjxBvk.exe
  2⤵
  PID:4932
- C:\Windows\System\nWBAcpf.exe
  C:\Windows\System\nWBAcpf.exe
  2⤵
  PID:4956
- C:\Windows\System\hqSFXTC.exe
  C:\Windows\System\hqSFXTC.exe
  2⤵
  PID:4980
- C:\Windows\System\nAtMZah.exe
  C:\Windows\System\nAtMZah.exe
  2⤵
  PID:5000
- C:\Windows\System\EtdKQtq.exe
  C:\Windows\System\EtdKQtq.exe
  2⤵
  PID:5016
- C:\Windows\System\duUbQjU.exe
  C:\Windows\System\duUbQjU.exe
  2⤵
  PID:5040
- C:\Windows\System\cmvhsQx.exe
  C:\Windows\System\cmvhsQx.exe
  2⤵
  PID:5056
- C:\Windows\System\GTQtvow.exe
  C:\Windows\System\GTQtvow.exe
  2⤵
  PID:5080
- C:\Windows\System\aZVVnxf.exe
  C:\Windows\System\aZVVnxf.exe
  2⤵
  PID:5100
- C:\Windows\System\bUJojHW.exe
  C:\Windows\System\bUJojHW.exe
  2⤵
  PID:5116
- C:\Windows\System\ffKFpPI.exe
  C:\Windows\System\ffKFpPI.exe
  2⤵
  PID:3816
- C:\Windows\System\tcTFHuS.exe
  C:\Windows\System\tcTFHuS.exe
  2⤵
  PID:3824
- C:\Windows\System\tlUsoIj.exe
  C:\Windows\System\tlUsoIj.exe
  2⤵
  PID:3352
- C:\Windows\System\tfXmbtB.exe
  C:\Windows\System\tfXmbtB.exe
  2⤵
  PID:4132
- C:\Windows\System\YScZJtf.exe
  C:\Windows\System\YScZJtf.exe
  2⤵
  PID:3592
- C:\Windows\System\RlSYKyc.exe
  C:\Windows\System\RlSYKyc.exe
  2⤵
  PID:4200
- C:\Windows\System\qKzvxaL.exe
  C:\Windows\System\qKzvxaL.exe
  2⤵
  PID:4244
- C:\Windows\System\GSjLGMG.exe
  C:\Windows\System\GSjLGMG.exe
  2⤵
  PID:3080
- C:\Windows\System\mDGeuzn.exe
  C:\Windows\System\mDGeuzn.exe
  2⤵
  PID:3752
- C:\Windows\System\jgRwveM.exe
  C:\Windows\System\jgRwveM.exe
  2⤵
  PID:4316
- C:\Windows\System\JlFnMPy.exe
  C:\Windows\System\JlFnMPy.exe
  2⤵
  PID:4352
- C:\Windows\System\gaDefTl.exe
  C:\Windows\System\gaDefTl.exe
  2⤵
  PID:3836
- C:\Windows\System\jfbjhUR.exe
  C:\Windows\System\jfbjhUR.exe
  2⤵
  PID:4224
- C:\Windows\System\gkZIOcf.exe
  C:\Windows\System\gkZIOcf.exe
  2⤵
  PID:4392
- C:\Windows\System\AohHQRn.exe
  C:\Windows\System\AohHQRn.exe
  2⤵
  PID:4412
- C:\Windows\System\vpHouSY.exe
  C:\Windows\System\vpHouSY.exe
  2⤵
  PID:4376
- C:\Windows\System\blzsPGu.exe
  C:\Windows\System\blzsPGu.exe
  2⤵
  PID:4180
- C:\Windows\System\NxVggca.exe
  C:\Windows\System\NxVggca.exe
  2⤵
  PID:4112
- C:\Windows\System\wLBClew.exe
  C:\Windows\System\wLBClew.exe
  2⤵
  PID:4424
- C:\Windows\System\SvoMOwK.exe
  C:\Windows\System\SvoMOwK.exe
  2⤵
  PID:4380
- C:\Windows\System\wYRIDIB.exe
  C:\Windows\System\wYRIDIB.exe
  2⤵
  PID:4508
- C:\Windows\System\jcjgrvw.exe
  C:\Windows\System\jcjgrvw.exe
  2⤵
  PID:4584
- C:\Windows\System\MPAotpc.exe
  C:\Windows\System\MPAotpc.exe
  2⤵
  PID:4524
- C:\Windows\System\mwFerFf.exe
  C:\Windows\System\mwFerFf.exe
  2⤵
  PID:4624
- C:\Windows\System\tBGtppR.exe
  C:\Windows\System\tBGtppR.exe
  2⤵
  PID:4660
- C:\Windows\System\EYxWfFD.exe
  C:\Windows\System\EYxWfFD.exe
  2⤵
  PID:4712
- C:\Windows\System\PjtResc.exe
  C:\Windows\System\PjtResc.exe
  2⤵
  PID:4752
- C:\Windows\System\pfoECQD.exe
  C:\Windows\System\pfoECQD.exe
  2⤵
  PID:4688
- C:\Windows\System\JNYjBIQ.exe
  C:\Windows\System\JNYjBIQ.exe
  2⤵
  PID:4732
- C:\Windows\System\LlsPDAR.exe
  C:\Windows\System\LlsPDAR.exe
  2⤵
  PID:4784
- C:\Windows\System\YxpKjdt.exe
  C:\Windows\System\YxpKjdt.exe
  2⤵
  PID:4868
- C:\Windows\System\SSDCXvJ.exe
  C:\Windows\System\SSDCXvJ.exe
  2⤵
  PID:4944
- C:\Windows\System\MNNuHOv.exe
  C:\Windows\System\MNNuHOv.exe
  2⤵
  PID:4988
- C:\Windows\System\fQruXXD.exe
  C:\Windows\System\fQruXXD.exe
  2⤵
  PID:4812
- C:\Windows\System\OZvMbsc.exe
  C:\Windows\System\OZvMbsc.exe
  2⤵
  PID:4924
- C:\Windows\System\skgUPNK.exe
  C:\Windows\System\skgUPNK.exe
  2⤵
  PID:5028
- C:\Windows\System\bAcVgon.exe
  C:\Windows\System\bAcVgon.exe
  2⤵
  PID:5072
- C:\Windows\System\YMGAECd.exe
  C:\Windows\System\YMGAECd.exe
  2⤵
  PID:3812
- C:\Windows\System\tVLAqNq.exe
  C:\Windows\System\tVLAqNq.exe
  2⤵
  PID:4976
- C:\Windows\System\yAobfpS.exe
  C:\Windows\System\yAobfpS.exe
  2⤵
  PID:4076
- C:\Windows\System\VDgCuXV.exe
  C:\Windows\System\VDgCuXV.exe
  2⤵
  PID:3692
- C:\Windows\System\xoGBFEg.exe
  C:\Windows\System\xoGBFEg.exe
  2⤵
  PID:4284
- C:\Windows\System\MhMVrKb.exe
  C:\Windows\System\MhMVrKb.exe
  2⤵
  PID:3204
- C:\Windows\System\igVIGqy.exe
  C:\Windows\System\igVIGqy.exe
  2⤵
  PID:3316
- C:\Windows\System\EKYesEd.exe
  C:\Windows\System\EKYesEd.exe
  2⤵
  PID:3476
- C:\Windows\System\PvkoyPn.exe
  C:\Windows\System\PvkoyPn.exe
  2⤵
  PID:4320
- C:\Windows\System\oBTXsPf.exe
  C:\Windows\System\oBTXsPf.exe
  2⤵
  PID:4264
- C:\Windows\System\oeqbSve.exe
  C:\Windows\System\oeqbSve.exe
  2⤵
  PID:4304
- C:\Windows\System\mXKxNWN.exe
  C:\Windows\System\mXKxNWN.exe
  2⤵
  PID:4400
- C:\Windows\System\UVHGULx.exe
  C:\Windows\System\UVHGULx.exe
  2⤵
  PID:4116
- C:\Windows\System\lwbvuzY.exe
  C:\Windows\System\lwbvuzY.exe
  2⤵
  PID:4472
- C:\Windows\System\WOeROXo.exe
  C:\Windows\System\WOeROXo.exe
  2⤵
  PID:4568
- C:\Windows\System\ibZUlCm.exe
  C:\Windows\System\ibZUlCm.exe
  2⤵
  PID:4504
- C:\Windows\System\GlZGCaP.exe
  C:\Windows\System\GlZGCaP.exe
  2⤵
  PID:4492
- C:\Windows\System\bYsxVGA.exe
  C:\Windows\System\bYsxVGA.exe
  2⤵
  PID:4672
- C:\Windows\System\JNpTelD.exe
  C:\Windows\System\JNpTelD.exe
  2⤵
  PID:4684
- C:\Windows\System\TFZlVuu.exe
  C:\Windows\System\TFZlVuu.exe
  2⤵
  PID:4788
- C:\Windows\System\QpBKxGu.exe
  C:\Windows\System\QpBKxGu.exe
  2⤵
  PID:4764
- C:\Windows\System\iDnCDnA.exe
  C:\Windows\System\iDnCDnA.exe
  2⤵
  PID:4780
- C:\Windows\System\cxSONRk.exe
  C:\Windows\System\cxSONRk.exe
  2⤵
  PID:4992
- C:\Windows\System\hPRHVJA.exe
  C:\Windows\System\hPRHVJA.exe
  2⤵
  PID:5032
- C:\Windows\System\jHbKzfq.exe
  C:\Windows\System\jHbKzfq.exe
  2⤵
  PID:3236
- C:\Windows\System\WAqyPlL.exe
  C:\Windows\System\WAqyPlL.exe
  2⤵
  PID:5076
- C:\Windows\System\IlgSyzR.exe
  C:\Windows\System\IlgSyzR.exe
  2⤵
  PID:4128
- C:\Windows\System\LVemwTE.exe
  C:\Windows\System\LVemwTE.exe
  2⤵
  PID:3864
- C:\Windows\System\FcQTkbd.exe
  C:\Windows\System\FcQTkbd.exe
  2⤵
  PID:4196
- C:\Windows\System\gEASKEX.exe
  C:\Windows\System\gEASKEX.exe
  2⤵
  PID:4300
- C:\Windows\System\xkayHzj.exe
  C:\Windows\System\xkayHzj.exe
  2⤵
  PID:3432
- C:\Windows\System\LwHIOkX.exe
  C:\Windows\System\LwHIOkX.exe
  2⤵
  PID:4532
- C:\Windows\System\gwnqCaz.exe
  C:\Windows\System\gwnqCaz.exe
  2⤵
  PID:4484
- C:\Windows\System\EjYKNiw.exe
  C:\Windows\System\EjYKNiw.exe
  2⤵
  PID:5144
- C:\Windows\System\OLHMSgy.exe
  C:\Windows\System\OLHMSgy.exe
  2⤵
  PID:5164
- C:\Windows\System\hJVBiEa.exe
  C:\Windows\System\hJVBiEa.exe
  2⤵
  PID:5184
- C:\Windows\System\QVOeoZv.exe
  C:\Windows\System\QVOeoZv.exe
  2⤵
  PID:5204
- C:\Windows\System\oVGBJWr.exe
  C:\Windows\System\oVGBJWr.exe
  2⤵
  PID:5224
- C:\Windows\System\VRFdTXH.exe
  C:\Windows\System\VRFdTXH.exe
  2⤵
  PID:5244
- C:\Windows\System\GJgCVoN.exe
  C:\Windows\System\GJgCVoN.exe
  2⤵
  PID:5264
- C:\Windows\System\hdZKHjC.exe
  C:\Windows\System\hdZKHjC.exe
  2⤵
  PID:5280
- C:\Windows\System\ErzLZLq.exe
  C:\Windows\System\ErzLZLq.exe
  2⤵
  PID:5296
- C:\Windows\System\dvvWTaV.exe
  C:\Windows\System\dvvWTaV.exe
  2⤵
  PID:5320
- C:\Windows\System\sRFfPeV.exe
  C:\Windows\System\sRFfPeV.exe
  2⤵
  PID:5336
- C:\Windows\System\KfsKHBw.exe
  C:\Windows\System\KfsKHBw.exe
  2⤵
  PID:5360
- C:\Windows\System\VZskSYw.exe
  C:\Windows\System\VZskSYw.exe
  2⤵
  PID:5376
- C:\Windows\System\HPVTPDM.exe
  C:\Windows\System\HPVTPDM.exe
  2⤵
  PID:5392
- C:\Windows\System\krmArCR.exe
  C:\Windows\System\krmArCR.exe
  2⤵
  PID:5408
- C:\Windows\System\zdlsIvK.exe
  C:\Windows\System\zdlsIvK.exe
  2⤵
  PID:5428
- C:\Windows\System\wBYUnoD.exe
  C:\Windows\System\wBYUnoD.exe
  2⤵
  PID:5464
- C:\Windows\System\aRuDAHt.exe
  C:\Windows\System\aRuDAHt.exe
  2⤵
  PID:5480
- C:\Windows\System\PNFJMCS.exe
  C:\Windows\System\PNFJMCS.exe
  2⤵
  PID:5500
- C:\Windows\System\QahxmkK.exe
  C:\Windows\System\QahxmkK.exe
  2⤵
  PID:5528
- C:\Windows\System\AgSDtmO.exe
  C:\Windows\System\AgSDtmO.exe
  2⤵
  PID:5544
- C:\Windows\System\LoYiflP.exe
  C:\Windows\System\LoYiflP.exe
  2⤵
  PID:5560
- C:\Windows\System\IknKlnN.exe
  C:\Windows\System\IknKlnN.exe
  2⤵
  PID:5580
- C:\Windows\System\admgOkf.exe
  C:\Windows\System\admgOkf.exe
  2⤵
  PID:5596
- C:\Windows\System\DpDYaXf.exe
  C:\Windows\System\DpDYaXf.exe
  2⤵
  PID:5620
- C:\Windows\System\EywnYTk.exe
  C:\Windows\System\EywnYTk.exe
  2⤵
  PID:5640
- C:\Windows\System\QtCJjZJ.exe
  C:\Windows\System\QtCJjZJ.exe
  2⤵
  PID:5664
- C:\Windows\System\McroWxV.exe
  C:\Windows\System\McroWxV.exe
  2⤵
  PID:5680
- C:\Windows\System\yozrXBp.exe
  C:\Windows\System\yozrXBp.exe
  2⤵
  PID:5700
- C:\Windows\System\xRrctrJ.exe
  C:\Windows\System\xRrctrJ.exe
  2⤵
  PID:5716
- C:\Windows\System\GuGYnXz.exe
  C:\Windows\System\GuGYnXz.exe
  2⤵
  PID:5736
- C:\Windows\System\jiJFFRb.exe
  C:\Windows\System\jiJFFRb.exe
  2⤵
  PID:5760
- C:\Windows\System\zFvXEpb.exe
  C:\Windows\System\zFvXEpb.exe
  2⤵
  PID:5780
- C:\Windows\System\IethvTM.exe
  C:\Windows\System\IethvTM.exe
  2⤵
  PID:5800
- C:\Windows\System\VhXSjVR.exe
  C:\Windows\System\VhXSjVR.exe
  2⤵
  PID:5816
- C:\Windows\System\BisYNUl.exe
  C:\Windows\System\BisYNUl.exe
  2⤵
  PID:5848
- C:\Windows\System\JAylIIH.exe
  C:\Windows\System\JAylIIH.exe
  2⤵
  PID:5868
- C:\Windows\System\LNAemyC.exe
  C:\Windows\System\LNAemyC.exe
  2⤵
  PID:5884
- C:\Windows\System\NxfHbbL.exe
  C:\Windows\System\NxfHbbL.exe
  2⤵
  PID:5908
- C:\Windows\System\VsLTBHT.exe
  C:\Windows\System\VsLTBHT.exe
  2⤵
  PID:5924
- C:\Windows\System\CtulTjP.exe
  C:\Windows\System\CtulTjP.exe
  2⤵
  PID:5944
- C:\Windows\System\bTmpYuD.exe
  C:\Windows\System\bTmpYuD.exe
  2⤵
  PID:5960
- C:\Windows\System\SVxapRC.exe
  C:\Windows\System\SVxapRC.exe
  2⤵
  PID:5988
- C:\Windows\System\OZpwMXb.exe
  C:\Windows\System\OZpwMXb.exe
  2⤵
  PID:6008
- C:\Windows\System\nOeZlCN.exe
  C:\Windows\System\nOeZlCN.exe
  2⤵
  PID:6028
- C:\Windows\System\tibomzW.exe
  C:\Windows\System\tibomzW.exe
  2⤵
  PID:6048
- C:\Windows\System\vxdHxkl.exe
  C:\Windows\System\vxdHxkl.exe
  2⤵
  PID:6064
- C:\Windows\System\JAJtMig.exe
  C:\Windows\System\JAJtMig.exe
  2⤵
  PID:6084
- C:\Windows\System\CtPhPub.exe
  C:\Windows\System\CtPhPub.exe
  2⤵
  PID:6104
- C:\Windows\System\zXjxymT.exe
  C:\Windows\System\zXjxymT.exe
  2⤵
  PID:6124
- C:\Windows\System\XwByjML.exe
  C:\Windows\System\XwByjML.exe
  2⤵
  PID:6140
- C:\Windows\System\OVCbfPP.exe
  C:\Windows\System\OVCbfPP.exe
  2⤵
  PID:4648
- C:\Windows\System\WNeqHIB.exe
  C:\Windows\System\WNeqHIB.exe
  2⤵
  PID:4428
- C:\Windows\System\GYLGSZH.exe
  C:\Windows\System\GYLGSZH.exe
  2⤵
  PID:4908
- C:\Windows\System\HOlwZeD.exe
  C:\Windows\System\HOlwZeD.exe
  2⤵
  PID:4828
- C:\Windows\System\zTtTAgN.exe
  C:\Windows\System\zTtTAgN.exe
  2⤵
  PID:4804
- C:\Windows\System\HpguRaz.exe
  C:\Windows\System\HpguRaz.exe
  2⤵
  PID:5036
- C:\Windows\System\CZQKgTX.exe
  C:\Windows\System\CZQKgTX.exe
  2⤵
  PID:4968
- C:\Windows\System\eDVorQG.exe
  C:\Windows\System\eDVorQG.exe
  2⤵
  PID:3960
- C:\Windows\System\ODngAQL.exe
  C:\Windows\System\ODngAQL.exe
  2⤵
  PID:5092
- C:\Windows\System\FHsOZri.exe
  C:\Windows\System\FHsOZri.exe
  2⤵
  PID:5068
- C:\Windows\System\siYDbiP.exe
  C:\Windows\System\siYDbiP.exe
  2⤵
  PID:3712
- C:\Windows\System\PlESmfL.exe
  C:\Windows\System\PlESmfL.exe
  2⤵
  PID:5192
- C:\Windows\System\xErxjwV.exe
  C:\Windows\System\xErxjwV.exe
  2⤵
  PID:5240
- C:\Windows\System\qrbYjDM.exe
  C:\Windows\System\qrbYjDM.exe
  2⤵
  PID:3744
- C:\Windows\System\ridsNxO.exe
  C:\Windows\System\ridsNxO.exe
  2⤵
  PID:5172
- C:\Windows\System\bgTGCTT.exe
  C:\Windows\System\bgTGCTT.exe
  2⤵
  PID:5304
- C:\Windows\System\KPNfvDW.exe
  C:\Windows\System\KPNfvDW.exe
  2⤵
  PID:5216
- C:\Windows\System\FRSURHy.exe
  C:\Windows\System\FRSURHy.exe
  2⤵
  PID:5352
- C:\Windows\System\CsaCwKV.exe
  C:\Windows\System\CsaCwKV.exe
  2⤵
  PID:5416
- C:\Windows\System\CWPwHVD.exe
  C:\Windows\System\CWPwHVD.exe
  2⤵
  PID:5472
- C:\Windows\System\luAREnm.exe
  C:\Windows\System\luAREnm.exe
  2⤵
  PID:5524
- C:\Windows\System\xzfrkeH.exe
  C:\Windows\System\xzfrkeH.exe
  2⤵
  PID:5436
- C:\Windows\System\QnCTKxT.exe
  C:\Windows\System\QnCTKxT.exe
  2⤵
  PID:5460
- C:\Windows\System\sJCHkLp.exe
  C:\Windows\System\sJCHkLp.exe
  2⤵
  PID:5552
- C:\Windows\System\UqxkYFF.exe
  C:\Windows\System\UqxkYFF.exe
  2⤵
  PID:5628
- C:\Windows\System\czveHou.exe
  C:\Windows\System\czveHou.exe
  2⤵
  PID:5672
- C:\Windows\System\fPPjKgr.exe
  C:\Windows\System\fPPjKgr.exe
  2⤵
  PID:5616
- C:\Windows\System\JrJCIcc.exe
  C:\Windows\System\JrJCIcc.exe
  2⤵
  PID:5708
- C:\Windows\System\RDQmuRK.exe
  C:\Windows\System\RDQmuRK.exe
  2⤵
  PID:5756
- C:\Windows\System\XpZzfjb.exe
  C:\Windows\System\XpZzfjb.exe
  2⤵
  PID:5660
- C:\Windows\System\jXBnfeH.exe
  C:\Windows\System\jXBnfeH.exe
  2⤵
  PID:5732
- C:\Windows\System\NAlbxct.exe
  C:\Windows\System\NAlbxct.exe
  2⤵
  PID:2108
- C:\Windows\System\kObUoOB.exe
  C:\Windows\System\kObUoOB.exe
  2⤵
  PID:5840
- C:\Windows\System\cwqTNBZ.exe
  C:\Windows\System\cwqTNBZ.exe
  2⤵
  PID:5916
- C:\Windows\System\ARLQtoc.exe
  C:\Windows\System\ARLQtoc.exe
  2⤵
  PID:5952
- C:\Windows\System\sUTUcGO.exe
  C:\Windows\System\sUTUcGO.exe
  2⤵
  PID:5864
- C:\Windows\System\fNcPxfb.exe
  C:\Windows\System\fNcPxfb.exe
  2⤵
  PID:5936
- C:\Windows\System\aDCWgiY.exe
  C:\Windows\System\aDCWgiY.exe
  2⤵
  PID:6040
- C:\Windows\System\KFLbOTG.exe
  C:\Windows\System\KFLbOTG.exe
  2⤵
  PID:6112
- C:\Windows\System\PhjeWFK.exe
  C:\Windows\System\PhjeWFK.exe
  2⤵
  PID:5932
- C:\Windows\System\VqsQHSz.exe
  C:\Windows\System\VqsQHSz.exe
  2⤵
  PID:4668
- C:\Windows\System\hAzPFtc.exe
  C:\Windows\System\hAzPFtc.exe
  2⤵
  PID:6056
- C:\Windows\System\RyVNoAF.exe
  C:\Windows\System\RyVNoAF.exe
  2⤵
  PID:4564
- C:\Windows\System\KltBZXj.exe
  C:\Windows\System\KltBZXj.exe
  2⤵
  PID:3732
- C:\Windows\System\sPnyGuU.exe
  C:\Windows\System\sPnyGuU.exe
  2⤵
  PID:4588
- C:\Windows\System\eEthPSb.exe
  C:\Windows\System\eEthPSb.exe
  2⤵
  PID:2432
- C:\Windows\System\vSnPceW.exe
  C:\Windows\System\vSnPceW.exe
  2⤵
  PID:4904
- C:\Windows\System\IkJTihv.exe
  C:\Windows\System\IkJTihv.exe
  2⤵
  PID:5128
- C:\Windows\System\FhzHLli.exe
  C:\Windows\System\FhzHLli.exe
  2⤵
  PID:5220
- C:\Windows\System\eKkupss.exe
  C:\Windows\System\eKkupss.exe
  2⤵
  PID:4948
- C:\Windows\System\zeDljbQ.exe
  C:\Windows\System\zeDljbQ.exe
  2⤵
  PID:5384
- C:\Windows\System\HDeLNCX.exe
  C:\Windows\System\HDeLNCX.exe
  2⤵
  PID:5152
- C:\Windows\System\OKWClws.exe
  C:\Windows\System\OKWClws.exe
  2⤵
  PID:5448
- C:\Windows\System\iOLuOke.exe
  C:\Windows\System\iOLuOke.exe
  2⤵
  PID:5176
- C:\Windows\System\KffOkJo.exe
  C:\Windows\System\KffOkJo.exe
  2⤵
  PID:5744
- C:\Windows\System\lfwZGGh.exe
  C:\Windows\System\lfwZGGh.exe
  2⤵
  PID:5344
- C:\Windows\System\kAVxfbw.exe
  C:\Windows\System\kAVxfbw.exe
  2⤵
  PID:5372
- C:\Windows\System\TkFsAzb.exe
  C:\Windows\System\TkFsAzb.exe
  2⤵
  PID:5328
- C:\Windows\System\KbpdzhK.exe
  C:\Windows\System\KbpdzhK.exe
  2⤵
  PID:5492
- C:\Windows\System\wNnxouU.exe
  C:\Windows\System\wNnxouU.exe
  2⤵
  PID:5572
- C:\Windows\System\DkhFnrb.exe
  C:\Windows\System\DkhFnrb.exe
  2⤵
  PID:5768
- C:\Windows\System\aQbklNO.exe
  C:\Windows\System\aQbklNO.exe
  2⤵
  PID:5568
- C:\Windows\System\uaLPwvf.exe
  C:\Windows\System\uaLPwvf.exe
  2⤵
  PID:5996
- C:\Windows\System\RgIoSPD.exe
  C:\Windows\System\RgIoSPD.exe
  2⤵
  PID:6120
- C:\Windows\System\IKRAwPT.exe
  C:\Windows\System\IKRAwPT.exe
  2⤵
  PID:6076
- C:\Windows\System\tgIMzGX.exe
  C:\Windows\System\tgIMzGX.exe
  2⤵
  PID:5880
- C:\Windows\System\KrsMgTX.exe
  C:\Windows\System\KrsMgTX.exe
  2⤵
  PID:6100
- C:\Windows\System\FMOHrLV.exe
  C:\Windows\System\FMOHrLV.exe
  2⤵
  PID:6036
- C:\Windows\System\KPTqmjl.exe
  C:\Windows\System\KPTqmjl.exe
  2⤵
  PID:6016
- C:\Windows\System\QMlBqLO.exe
  C:\Windows\System\QMlBqLO.exe
  2⤵
  PID:6136
- C:\Windows\System\UyiGAAR.exe
  C:\Windows\System\UyiGAAR.exe
  2⤵
  PID:3772
- C:\Windows\System\IWUvPTN.exe
  C:\Windows\System\IWUvPTN.exe
  2⤵
  PID:5132
- C:\Windows\System\zsTAOWt.exe
  C:\Windows\System\zsTAOWt.exe
  2⤵
  PID:5196
- C:\Windows\System\pakWdnq.exe
  C:\Windows\System\pakWdnq.exe
  2⤵
  PID:5160
- C:\Windows\System\NjCUUsQ.exe
  C:\Windows\System\NjCUUsQ.exe
  2⤵
  PID:5612
- C:\Windows\System\XDOuRmv.exe
  C:\Windows\System\XDOuRmv.exe
  2⤵
  PID:2016
- C:\Windows\System\enrlhbQ.exe
  C:\Windows\System\enrlhbQ.exe
  2⤵
  PID:5772
- C:\Windows\System\SEMGQbE.exe
  C:\Windows\System\SEMGQbE.exe
  2⤵
  PID:5792
- C:\Windows\System\UDEraOd.exe
  C:\Windows\System\UDEraOd.exe
  2⤵
  PID:5508
- C:\Windows\System\PuBbHMi.exe
  C:\Windows\System\PuBbHMi.exe
  2⤵
  PID:5452
- C:\Windows\System\FEVzRGA.exe
  C:\Windows\System\FEVzRGA.exe
  2⤵
  PID:5260
- C:\Windows\System\YaKYXuC.exe
  C:\Windows\System\YaKYXuC.exe
  2⤵
  PID:4184
- C:\Windows\System\RjvsJPK.exe
  C:\Windows\System\RjvsJPK.exe
  2⤵
  PID:6080
- C:\Windows\System\yZsqYym.exe
  C:\Windows\System\yZsqYym.exe
  2⤵
  PID:5824
- C:\Windows\System\snLZqms.exe
  C:\Windows\System\snLZqms.exe
  2⤵
  PID:1624
- C:\Windows\System\PCRhlNM.exe
  C:\Windows\System\PCRhlNM.exe
  2⤵
  PID:4608
- C:\Windows\System\QpmYEYz.exe
  C:\Windows\System\QpmYEYz.exe
  2⤵
  PID:5212
- C:\Windows\System\uOeNljO.exe
  C:\Windows\System\uOeNljO.exe
  2⤵
  PID:5752
- C:\Windows\System\KHUdIyG.exe
  C:\Windows\System\KHUdIyG.exe
  2⤵
  PID:5048
- C:\Windows\System\xSGqtKR.exe
  C:\Windows\System\xSGqtKR.exe
  2⤵
  PID:5424
- C:\Windows\System\uwoMJjQ.exe
  C:\Windows\System\uwoMJjQ.exe
  2⤵
  PID:2708
- C:\Windows\System\TSGoByu.exe
  C:\Windows\System\TSGoByu.exe
  2⤵
  PID:4744
- C:\Windows\System\eoastmb.exe
  C:\Windows\System\eoastmb.exe
  2⤵
  PID:1732
- C:\Windows\System\wnYOhvi.exe
  C:\Windows\System\wnYOhvi.exe
  2⤵
  PID:4084
- C:\Windows\System\IcSdBFg.exe
  C:\Windows\System\IcSdBFg.exe
  2⤵
  PID:5896
- C:\Windows\System\RcTyewd.exe
  C:\Windows\System\RcTyewd.exe
  2⤵
  PID:1992
- C:\Windows\System\ociCFhr.exe
  C:\Windows\System\ociCFhr.exe
  2⤵
  PID:5876
- C:\Windows\System\OlurmHS.exe
  C:\Windows\System\OlurmHS.exe
  2⤵
  PID:6160
- C:\Windows\System\seqUAlH.exe
  C:\Windows\System\seqUAlH.exe
  2⤵
  PID:6176
- C:\Windows\System\YWxaaVG.exe
  C:\Windows\System\YWxaaVG.exe
  2⤵
  PID:6192
- C:\Windows\System\jxqGqbA.exe
  C:\Windows\System\jxqGqbA.exe
  2⤵
  PID:6208
- C:\Windows\System\uzbaklt.exe
  C:\Windows\System\uzbaklt.exe
  2⤵
  PID:6224
- C:\Windows\System\EZAekIf.exe
  C:\Windows\System\EZAekIf.exe
  2⤵
  PID:6240
- C:\Windows\System\UtjIDHI.exe
  C:\Windows\System\UtjIDHI.exe
  2⤵
  PID:6256
- C:\Windows\System\iijcyER.exe
  C:\Windows\System\iijcyER.exe
  2⤵
  PID:6272
- C:\Windows\System\mvCQzGF.exe
  C:\Windows\System\mvCQzGF.exe
  2⤵
  PID:6288
- C:\Windows\System\LQXYnKc.exe
  C:\Windows\System\LQXYnKc.exe
  2⤵
  PID:6304
- C:\Windows\System\nvCqtOL.exe
  C:\Windows\System\nvCqtOL.exe
  2⤵
  PID:6320
- C:\Windows\System\jFFtMpC.exe
  C:\Windows\System\jFFtMpC.exe
  2⤵
  PID:6336
- C:\Windows\System\lUtqSyj.exe
  C:\Windows\System\lUtqSyj.exe
  2⤵
  PID:6356
- C:\Windows\System\CAjglFf.exe
  C:\Windows\System\CAjglFf.exe
  2⤵
  PID:6372
- C:\Windows\System\WKDVJTn.exe
  C:\Windows\System\WKDVJTn.exe
  2⤵
  PID:6388
- C:\Windows\System\enoFFOO.exe
  C:\Windows\System\enoFFOO.exe
  2⤵
  PID:6404
- C:\Windows\System\VhOJHSE.exe
  C:\Windows\System\VhOJHSE.exe
  2⤵
  PID:6420
- C:\Windows\System\JHyClLT.exe
  C:\Windows\System\JHyClLT.exe
  2⤵
  PID:6436
- C:\Windows\System\OnYClZY.exe
  C:\Windows\System\OnYClZY.exe
  2⤵
  PID:6452
- C:\Windows\System\yvJnZwT.exe
  C:\Windows\System\yvJnZwT.exe
  2⤵
  PID:6468
- C:\Windows\System\imdumxF.exe
  C:\Windows\System\imdumxF.exe
  2⤵
  PID:6484
- C:\Windows\System\WAqSXNs.exe
  C:\Windows\System\WAqSXNs.exe
  2⤵
  PID:6500
- C:\Windows\System\rlKBABJ.exe
  C:\Windows\System\rlKBABJ.exe
  2⤵
  PID:6516
- C:\Windows\System\eYOqYQh.exe
  C:\Windows\System\eYOqYQh.exe
  2⤵
  PID:6532
- C:\Windows\System\SPTpJWY.exe
  C:\Windows\System\SPTpJWY.exe
  2⤵
  PID:6548
- C:\Windows\System\GPGyYlQ.exe
  C:\Windows\System\GPGyYlQ.exe
  2⤵
  PID:6564
- C:\Windows\System\yvGzeIT.exe
  C:\Windows\System\yvGzeIT.exe
  2⤵
  PID:6580
- C:\Windows\System\LDpPGuz.exe
  C:\Windows\System\LDpPGuz.exe
  2⤵
  PID:6596
- C:\Windows\System\XVpyhBF.exe
  C:\Windows\System\XVpyhBF.exe
  2⤵
  PID:6612
- C:\Windows\System\KUYTBMG.exe
  C:\Windows\System\KUYTBMG.exe
  2⤵
  PID:6628
- C:\Windows\System\DfHAtdD.exe
  C:\Windows\System\DfHAtdD.exe
  2⤵
  PID:6644
- C:\Windows\System\rpxzQEn.exe
  C:\Windows\System\rpxzQEn.exe
  2⤵
  PID:6664
- C:\Windows\System\XeNbgDK.exe
  C:\Windows\System\XeNbgDK.exe
  2⤵
  PID:6680
- C:\Windows\System\deRibbQ.exe
  C:\Windows\System\deRibbQ.exe
  2⤵
  PID:6696
- C:\Windows\System\XfpGkso.exe
  C:\Windows\System\XfpGkso.exe
  2⤵
  PID:6712
- C:\Windows\System\zzpKIZI.exe
  C:\Windows\System\zzpKIZI.exe
  2⤵
  PID:6728
- C:\Windows\System\WxKTdIB.exe
  C:\Windows\System\WxKTdIB.exe
  2⤵
  PID:6744
- C:\Windows\System\LmVQega.exe
  C:\Windows\System\LmVQega.exe
  2⤵
  PID:6760
- C:\Windows\System\FoCvwpa.exe
  C:\Windows\System\FoCvwpa.exe
  2⤵
  PID:6776
- C:\Windows\System\BXlzDnX.exe
  C:\Windows\System\BXlzDnX.exe
  2⤵
  PID:6792
- C:\Windows\System\IqTEJer.exe
  C:\Windows\System\IqTEJer.exe
  2⤵
  PID:6808
- C:\Windows\System\UxkfOwn.exe
  C:\Windows\System\UxkfOwn.exe
  2⤵
  PID:6824
- C:\Windows\System\UsWazCP.exe
  C:\Windows\System\UsWazCP.exe
  2⤵
  PID:6840
- C:\Windows\System\pvvXTRV.exe
  C:\Windows\System\pvvXTRV.exe
  2⤵
  PID:6856
- C:\Windows\System\CIaSUIU.exe
  C:\Windows\System\CIaSUIU.exe
  2⤵
  PID:6872
- C:\Windows\System\iyBVeXc.exe
  C:\Windows\System\iyBVeXc.exe
  2⤵
  PID:6888
- C:\Windows\System\yxrmFXy.exe
  C:\Windows\System\yxrmFXy.exe
  2⤵
  PID:6904
- C:\Windows\System\sHyvuZO.exe
  C:\Windows\System\sHyvuZO.exe
  2⤵
  PID:6920
- C:\Windows\System\jTdVJDU.exe
  C:\Windows\System\jTdVJDU.exe
  2⤵
  PID:6936
- C:\Windows\System\jXAvfdY.exe
  C:\Windows\System\jXAvfdY.exe
  2⤵
  PID:6952
- C:\Windows\System\fiOrfvs.exe
  C:\Windows\System\fiOrfvs.exe
  2⤵
  PID:6968
- C:\Windows\System\ZdJLVHs.exe
  C:\Windows\System\ZdJLVHs.exe
  2⤵
  PID:6984
- C:\Windows\System\tzQjVIJ.exe
  C:\Windows\System\tzQjVIJ.exe
  2⤵
  PID:7000
- C:\Windows\System\QWkDgLc.exe
  C:\Windows\System\QWkDgLc.exe
  2⤵
  PID:7016
- C:\Windows\System\gGHDHpO.exe
  C:\Windows\System\gGHDHpO.exe
  2⤵
  PID:7032
- C:\Windows\System\hmUdryz.exe
  C:\Windows\System\hmUdryz.exe
  2⤵
  PID:7048
- C:\Windows\System\uMYrXOm.exe
  C:\Windows\System\uMYrXOm.exe
  2⤵
  PID:7064
- C:\Windows\System\rgpvFoj.exe
  C:\Windows\System\rgpvFoj.exe
  2⤵
  PID:7080
- C:\Windows\System\lzcRUdl.exe
  C:\Windows\System\lzcRUdl.exe
  2⤵
  PID:7096
- C:\Windows\System\yWrEAsr.exe
  C:\Windows\System\yWrEAsr.exe
  2⤵
  PID:7112
- C:\Windows\System\hYpLfmk.exe
  C:\Windows\System\hYpLfmk.exe
  2⤵
  PID:7128
- C:\Windows\System\iDYfVYF.exe
  C:\Windows\System\iDYfVYF.exe
  2⤵
  PID:7144
- C:\Windows\System\nDOOTzC.exe
  C:\Windows\System\nDOOTzC.exe
  2⤵
  PID:7160
- C:\Windows\System\uRAnQQt.exe
  C:\Windows\System\uRAnQQt.exe
  2⤵
  PID:5292
- C:\Windows\System\nhpYnvY.exe
  C:\Windows\System\nhpYnvY.exe
  2⤵
  PID:5856
- C:\Windows\System\egQKPFz.exe
  C:\Windows\System\egQKPFz.exe
  2⤵
  PID:5404
- C:\Windows\System\NrFmuAW.exe
  C:\Windows\System\NrFmuAW.exe
  2⤵
  PID:1616
- C:\Windows\System\qhDPWtz.exe
  C:\Windows\System\qhDPWtz.exe
  2⤵
  PID:5052
- C:\Windows\System\mlmOnbC.exe
  C:\Windows\System\mlmOnbC.exe
  2⤵
  PID:6152
- C:\Windows\System\cgKIcAx.exe
  C:\Windows\System\cgKIcAx.exe
  2⤵
  PID:6184
- C:\Windows\System\LewmcwY.exe
  C:\Windows\System\LewmcwY.exe
  2⤵
  PID:6232
- C:\Windows\System\AoQnxlf.exe
  C:\Windows\System\AoQnxlf.exe
  2⤵
  PID:6264
- C:\Windows\System\mONSFWj.exe
  C:\Windows\System\mONSFWj.exe
  2⤵
  PID:2828
- C:\Windows\System\IKhDHnf.exe
  C:\Windows\System\IKhDHnf.exe
  2⤵
  PID:6268
- C:\Windows\System\cedRzVS.exe
  C:\Windows\System\cedRzVS.exe
  2⤵
  PID:6332
- C:\Windows\System\eaaZmOF.exe
  C:\Windows\System\eaaZmOF.exe
  2⤵
  PID:2364
- C:\Windows\System\GTiSWXz.exe
  C:\Windows\System\GTiSWXz.exe
  2⤵
  PID:6400
- C:\Windows\System\qgBvYlA.exe
  C:\Windows\System\qgBvYlA.exe
  2⤵
  PID:6464
- C:\Windows\System\SRwVZjo.exe
  C:\Windows\System\SRwVZjo.exe
  2⤵
  PID:6312
- C:\Windows\System\HLfFFTF.exe
  C:\Windows\System\HLfFFTF.exe
  2⤵
  PID:6384
- C:\Windows\System\mrDZtuQ.exe
  C:\Windows\System\mrDZtuQ.exe
  2⤵
  PID:6496
- C:\Windows\System\GFcLHhI.exe
  C:\Windows\System\GFcLHhI.exe
  2⤵
  PID:6448
- C:\Windows\System\hJDAkwH.exe
  C:\Windows\System\hJDAkwH.exe
  2⤵
  PID:6480
- C:\Windows\System\EAPpCKj.exe
  C:\Windows\System\EAPpCKj.exe
  2⤵
  PID:6588
- C:\Windows\System\SgtNqyo.exe
  C:\Windows\System\SgtNqyo.exe
  2⤵
  PID:6512
- C:\Windows\System\WnvQlwF.exe
  C:\Windows\System\WnvQlwF.exe
  2⤵
  PID:6544
- C:\Windows\System\MIQieqH.exe
  C:\Windows\System\MIQieqH.exe
  2⤵
  PID:6576
- C:\Windows\System\uqFxgVp.exe
  C:\Windows\System\uqFxgVp.exe
  2⤵
  PID:6640
- C:\Windows\System\gdpeRQp.exe
  C:\Windows\System\gdpeRQp.exe
  2⤵
  PID:6692
- C:\Windows\System\hgqBqAX.exe
  C:\Windows\System\hgqBqAX.exe
  2⤵
  PID:6724
- C:\Windows\System\ArfLKPh.exe
  C:\Windows\System\ArfLKPh.exe
  2⤵
  PID:6752
- C:\Windows\System\yzRZpAt.exe
  C:\Windows\System\yzRZpAt.exe
  2⤵
  PID:6784
- C:\Windows\System\RghffYb.exe
  C:\Windows\System\RghffYb.exe
  2⤵
  PID:6816
- C:\Windows\System\GMjrRed.exe
  C:\Windows\System\GMjrRed.exe
  2⤵
  PID:6804
- C:\Windows\System\rnhMNgS.exe
  C:\Windows\System\rnhMNgS.exe
  2⤵
  PID:6836
- C:\Windows\System\fHLGjpD.exe
  C:\Windows\System\fHLGjpD.exe
  2⤵
  PID:6868
- C:\Windows\System\vhmfKOf.exe
  C:\Windows\System\vhmfKOf.exe
  2⤵
  PID:6896
- C:\Windows\System\ruRSuav.exe
  C:\Windows\System\ruRSuav.exe
  2⤵
  PID:6928
- C:\Windows\System\vpGIXJR.exe
  C:\Windows\System\vpGIXJR.exe
  2⤵
  PID:6932
- C:\Windows\System\XUSnjco.exe
  C:\Windows\System\XUSnjco.exe
  2⤵
  PID:7008
- C:\Windows\System\lwyMkkY.exe
  C:\Windows\System\lwyMkkY.exe
  2⤵
  PID:6996
- C:\Windows\System\nsSSgcL.exe
  C:\Windows\System\nsSSgcL.exe
  2⤵
  PID:7024
- C:\Windows\System\gysJxhE.exe
  C:\Windows\System\gysJxhE.exe
  2⤵
  PID:7056
- C:\Windows\System\YIMGbRU.exe
  C:\Windows\System\YIMGbRU.exe
  2⤵
  PID:7108
- C:\Windows\System\ZVSTqfO.exe
  C:\Windows\System\ZVSTqfO.exe
  2⤵
  PID:7140
- C:\Windows\System\beiHceU.exe
  C:\Windows\System\beiHceU.exe
  2⤵
  PID:572
- C:\Windows\System\aqTmLZq.exe
  C:\Windows\System\aqTmLZq.exe
  2⤵
  PID:3092
- C:\Windows\System\ezCRuRH.exe
  C:\Windows\System\ezCRuRH.exe
  2⤵
  PID:2080
- C:\Windows\System\aOqCqUn.exe
  C:\Windows\System\aOqCqUn.exe
  2⤵
  PID:2720
- C:\Windows\System\EzbrIJf.exe
  C:\Windows\System\EzbrIJf.exe
  2⤵
  PID:6444
- C:\Windows\System\TzsOvEs.exe
  C:\Windows\System\TzsOvEs.exe
  2⤵
  PID:3948
- C:\Windows\System\AMuBBoc.exe
  C:\Windows\System\AMuBBoc.exe
  2⤵
  PID:6540
- C:\Windows\System\rrsnEKc.exe
  C:\Windows\System\rrsnEKc.exe
  2⤵
  PID:3984
- C:\Windows\System\DSEjyqj.exe
  C:\Windows\System\DSEjyqj.exe
  2⤵
  PID:6720
- C:\Windows\System\EhyOGZe.exe
  C:\Windows\System\EhyOGZe.exe
  2⤵
  PID:6608
- C:\Windows\System\UurxsuZ.exe
  C:\Windows\System\UurxsuZ.exe
  2⤵
  PID:6864
- C:\Windows\System\ECNUwnO.exe
  C:\Windows\System\ECNUwnO.exe
  2⤵
  PID:6916
- C:\Windows\System\IUzaDnb.exe
  C:\Windows\System\IUzaDnb.exe
  2⤵
  PID:6948
- C:\Windows\System\frjvpuO.exe
  C:\Windows\System\frjvpuO.exe
  2⤵
  PID:1856
- C:\Windows\System\tsOQoHT.exe
  C:\Windows\System\tsOQoHT.exe
  2⤵
  PID:7188
- C:\Windows\System\xTmZKQJ.exe
  C:\Windows\System\xTmZKQJ.exe
  2⤵
  PID:7204
- C:\Windows\System\HZlSJov.exe
  C:\Windows\System\HZlSJov.exe
  2⤵
  PID:7220
- C:\Windows\System\zXcdyXj.exe
  C:\Windows\System\zXcdyXj.exe
  2⤵
  PID:7236
- C:\Windows\System\UXBtYhf.exe
  C:\Windows\System\UXBtYhf.exe
  2⤵
  PID:7256
- C:\Windows\System\bqbQTmq.exe
  C:\Windows\System\bqbQTmq.exe
  2⤵
  PID:7272
- C:\Windows\System\NAbVQQi.exe
  C:\Windows\System\NAbVQQi.exe
  2⤵
  PID:7288
- C:\Windows\System\pjoLqAq.exe
  C:\Windows\System\pjoLqAq.exe
  2⤵
  PID:7304
- C:\Windows\System\IDaTmXS.exe
  C:\Windows\System\IDaTmXS.exe
  2⤵
  PID:7320
- C:\Windows\System\SesjBQM.exe
  C:\Windows\System\SesjBQM.exe
  2⤵
  PID:7336
- C:\Windows\System\vZKoeKx.exe
  C:\Windows\System\vZKoeKx.exe
  2⤵
  PID:7352
- C:\Windows\System\DKKKIvC.exe
  C:\Windows\System\DKKKIvC.exe
  2⤵
  PID:7368
- C:\Windows\System\nKwIrSA.exe
  C:\Windows\System\nKwIrSA.exe
  2⤵
  PID:7388
- C:\Windows\System\HGOMQfv.exe
  C:\Windows\System\HGOMQfv.exe
  2⤵
  PID:7404
- C:\Windows\System\wJVFWFF.exe
  C:\Windows\System\wJVFWFF.exe
  2⤵
  PID:7420
- C:\Windows\System\yWAWNXx.exe
  C:\Windows\System\yWAWNXx.exe
  2⤵
  PID:7436
- C:\Windows\System\nMyoJjE.exe
  C:\Windows\System\nMyoJjE.exe
  2⤵
  PID:7452
- C:\Windows\System\piYmkYX.exe
  C:\Windows\System\piYmkYX.exe
  2⤵
  PID:7468
- C:\Windows\System\MTugUCV.exe
  C:\Windows\System\MTugUCV.exe
  2⤵
  PID:7484
- C:\Windows\System\SYVIdFx.exe
  C:\Windows\System\SYVIdFx.exe
  2⤵
  PID:7500
- C:\Windows\System\jIPmZxO.exe
  C:\Windows\System\jIPmZxO.exe
  2⤵
  PID:7516
- C:\Windows\System\bsAeeEq.exe
  C:\Windows\System\bsAeeEq.exe
  2⤵
  PID:7532
- C:\Windows\System\vLkqicJ.exe
  C:\Windows\System\vLkqicJ.exe
  2⤵
  PID:7548
- C:\Windows\System\tMZRdRT.exe
  C:\Windows\System\tMZRdRT.exe
  2⤵
  PID:7564
- C:\Windows\System\ptnxvwp.exe
  C:\Windows\System\ptnxvwp.exe
  2⤵
  PID:7580
- C:\Windows\System\GyopUIj.exe
  C:\Windows\System\GyopUIj.exe
  2⤵
  PID:7596
- C:\Windows\System\WeuaeFG.exe
  C:\Windows\System\WeuaeFG.exe
  2⤵
  PID:7612
- C:\Windows\System\lOQJZEP.exe
  C:\Windows\System\lOQJZEP.exe
  2⤵
  PID:7628
- C:\Windows\System\piNEHit.exe
  C:\Windows\System\piNEHit.exe
  2⤵
  PID:7644
- C:\Windows\System\jQncczm.exe
  C:\Windows\System\jQncczm.exe
  2⤵
  PID:7660
- C:\Windows\System\TcFLVYQ.exe
  C:\Windows\System\TcFLVYQ.exe
  2⤵
  PID:7688
- C:\Windows\System\qWWVltn.exe
  C:\Windows\System\qWWVltn.exe
  2⤵
  PID:7716
- C:\Windows\System\OXWsaRZ.exe
  C:\Windows\System\OXWsaRZ.exe
  2⤵
  PID:7732
- C:\Windows\System\okTZnXN.exe
  C:\Windows\System\okTZnXN.exe
  2⤵
  PID:7748
- C:\Windows\System\WdqxJcs.exe
  C:\Windows\System\WdqxJcs.exe
  2⤵
  PID:7764
- C:\Windows\System\nCuqZpe.exe
  C:\Windows\System\nCuqZpe.exe
  2⤵
  PID:7788
- C:\Windows\System\LnUcyrh.exe
  C:\Windows\System\LnUcyrh.exe
  2⤵
  PID:7804
- C:\Windows\System\rSqLpsV.exe
  C:\Windows\System\rSqLpsV.exe
  2⤵
  PID:7820
- C:\Windows\System\juEVTzH.exe
  C:\Windows\System\juEVTzH.exe
  2⤵
  PID:7836
- C:\Windows\System\VDzKdqS.exe
  C:\Windows\System\VDzKdqS.exe
  2⤵
  PID:7852
- C:\Windows\System\vSyQACa.exe
  C:\Windows\System\vSyQACa.exe
  2⤵
  PID:7876
- C:\Windows\System\OILIUve.exe
  C:\Windows\System\OILIUve.exe
  2⤵
  PID:7892
- C:\Windows\System\fBhzmuo.exe
  C:\Windows\System\fBhzmuo.exe
  2⤵
  PID:7908
- C:\Windows\System\OFgOxiP.exe
  C:\Windows\System\OFgOxiP.exe
  2⤵
  PID:7924
- C:\Windows\System\ucOmTWN.exe
  C:\Windows\System\ucOmTWN.exe
  2⤵
  PID:7952
- C:\Windows\System\RmrcUOi.exe
  C:\Windows\System\RmrcUOi.exe
  2⤵
  PID:7972
- C:\Windows\System\rwMTMRk.exe
  C:\Windows\System\rwMTMRk.exe
  2⤵
  PID:7992
- C:\Windows\System\hlGzfyh.exe
  C:\Windows\System\hlGzfyh.exe
  2⤵
  PID:8008
- C:\Windows\System\HbFbxvF.exe
  C:\Windows\System\HbFbxvF.exe
  2⤵
  PID:8024
- C:\Windows\System\xtsXEGf.exe
  C:\Windows\System\xtsXEGf.exe
  2⤵
  PID:8040
- C:\Windows\System\zEvNfOm.exe
  C:\Windows\System\zEvNfOm.exe
  2⤵
  PID:8060
- C:\Windows\System\EjvollI.exe
  C:\Windows\System\EjvollI.exe
  2⤵
  PID:8076
- C:\Windows\System\vWttlTz.exe
  C:\Windows\System\vWttlTz.exe
  2⤵
  PID:8092
- C:\Windows\System\jmEZjFq.exe
  C:\Windows\System\jmEZjFq.exe
  2⤵
  PID:8108
- C:\Windows\System\vznLVSx.exe
  C:\Windows\System\vznLVSx.exe
  2⤵
  PID:8132
- C:\Windows\System\gqBPJLU.exe
  C:\Windows\System\gqBPJLU.exe
  2⤵
  PID:8152
- C:\Windows\System\APzDjbt.exe
  C:\Windows\System\APzDjbt.exe
  2⤵
  PID:8168
- C:\Windows\System\PAbXTIh.exe
  C:\Windows\System\PAbXTIh.exe
  2⤵
  PID:8184
- C:\Windows\System\mqsQVZd.exe
  C:\Windows\System\mqsQVZd.exe
  2⤵
  PID:6316
- C:\Windows\System\uDcByyz.exe
  C:\Windows\System\uDcByyz.exe
  2⤵
  PID:3940
- C:\Windows\System\HstVInI.exe
  C:\Windows\System\HstVInI.exe
  2⤵
  PID:6736
- C:\Windows\System\cHzAyKy.exe
  C:\Windows\System\cHzAyKy.exe
  2⤵
  PID:1440
- C:\Windows\System\KRATBOD.exe
  C:\Windows\System\KRATBOD.exe
  2⤵
  PID:2852
- C:\Windows\System\NDKYwwx.exe
  C:\Windows\System\NDKYwwx.exe
  2⤵
  PID:2676
- C:\Windows\System\pYJqMkL.exe
  C:\Windows\System\pYJqMkL.exe
  2⤵
  PID:6188
- C:\Windows\System\mlPtmxN.exe
  C:\Windows\System\mlPtmxN.exe
  2⤵
  PID:3908
- C:\Windows\System\SWtaixU.exe
  C:\Windows\System\SWtaixU.exe
  2⤵
  PID:3920
- C:\Windows\System\XAJgKWk.exe
  C:\Windows\System\XAJgKWk.exe
  2⤵
  PID:2680
- C:\Windows\System\ddJfVrW.exe
  C:\Windows\System\ddJfVrW.exe
  2⤵
  PID:3880
- C:\Windows\System\VznXZWw.exe
  C:\Windows\System\VznXZWw.exe
  2⤵
  PID:6800
- C:\Windows\System\AnNFWHC.exe
  C:\Windows\System\AnNFWHC.exe
  2⤵
  PID:6980
- C:\Windows\System\kHqFlHL.exe
  C:\Windows\System\kHqFlHL.exe
  2⤵
  PID:7120
- C:\Windows\System\aQffOeX.exe
  C:\Windows\System\aQffOeX.exe
  2⤵
  PID:7136
- C:\Windows\System\RjzCcAO.exe
  C:\Windows\System\RjzCcAO.exe
  2⤵
  PID:5688
- C:\Windows\System\DvcDnSx.exe
  C:\Windows\System\DvcDnSx.exe
  2⤵
  PID:6092
- C:\Windows\System\tTREeCl.exe
  C:\Windows\System\tTREeCl.exe
  2⤵
  PID:7200
- C:\Windows\System\rnlvtRu.exe
  C:\Windows\System\rnlvtRu.exe
  2⤵
  PID:6964
- C:\Windows\System\hEwWUWT.exe
  C:\Windows\System\hEwWUWT.exe
  2⤵
  PID:7244
- C:\Windows\System\UUXeMZW.exe
  C:\Windows\System\UUXeMZW.exe
  2⤵
  PID:7284
- C:\Windows\System\rXbwjcM.exe
  C:\Windows\System\rXbwjcM.exe
  2⤵
  PID:7348
- C:\Windows\System\rmeRRFB.exe
  C:\Windows\System\rmeRRFB.exe
  2⤵
  PID:7228
- C:\Windows\System\umeyYgB.exe
  C:\Windows\System\umeyYgB.exe
  2⤵
  PID:7364
- C:\Windows\System\aRnahzw.exe
  C:\Windows\System\aRnahzw.exe
  2⤵
  PID:7432
- C:\Windows\System\dcPiNYk.exe
  C:\Windows\System\dcPiNYk.exe
  2⤵
  PID:7460
- C:\Windows\System\GSMBNmF.exe
  C:\Windows\System\GSMBNmF.exe
  2⤵
  PID:7400
- C:\Windows\System\gvdgcNs.exe
  C:\Windows\System\gvdgcNs.exe
  2⤵
  PID:2688
- C:\Windows\System\UfhUKPZ.exe
  C:\Windows\System\UfhUKPZ.exe
  2⤵
  PID:7412
- C:\Windows\System\vfajeGD.exe
  C:\Windows\System\vfajeGD.exe
  2⤵
  PID:7476
- C:\Windows\System\ASFVUFY.exe
  C:\Windows\System\ASFVUFY.exe
  2⤵
  PID:7588
- C:\Windows\System\hRRzwZb.exe
  C:\Windows\System\hRRzwZb.exe
  2⤵
  PID:7624
- C:\Windows\System\ccsZSju.exe
  C:\Windows\System\ccsZSju.exe
  2⤵
  PID:7512
- C:\Windows\System\xsSKZbu.exe
  C:\Windows\System\xsSKZbu.exe
  2⤵
  PID:7576
- C:\Windows\System\hUaYdVR.exe
  C:\Windows\System\hUaYdVR.exe
  2⤵
  PID:7640
- C:\Windows\System\RGythoY.exe
  C:\Windows\System\RGythoY.exe
  2⤵
  PID:7684
- C:\Windows\System\JQQEMfA.exe
  C:\Windows\System\JQQEMfA.exe
  2⤵
  PID:7700
- C:\Windows\System\whjIYyE.exe
  C:\Windows\System\whjIYyE.exe
  2⤵
  PID:7744
- C:\Windows\System\OyUqceZ.exe
  C:\Windows\System\OyUqceZ.exe
  2⤵
  PID:7756
- C:\Windows\System\XjQdpNm.exe
  C:\Windows\System\XjQdpNm.exe
  2⤵
  PID:7828
- C:\Windows\System\uJqKknv.exe
  C:\Windows\System\uJqKknv.exe
  2⤵
  PID:7872
- C:\Windows\System\beaZTAI.exe
  C:\Windows\System\beaZTAI.exe
  2⤵
  PID:2724
- C:\Windows\System\wDOVyNS.exe
  C:\Windows\System\wDOVyNS.exe
  2⤵
  PID:1948
- C:\Windows\System\FpkmMwz.exe
  C:\Windows\System\FpkmMwz.exe
  2⤵
  PID:7780
- C:\Windows\System\EOeDooR.exe
  C:\Windows\System\EOeDooR.exe
  2⤵
  PID:7920
- C:\Windows\System\qbhRPOg.exe
  C:\Windows\System\qbhRPOg.exe
  2⤵
  PID:7940
- C:\Windows\System\AcQJQjR.exe
  C:\Windows\System\AcQJQjR.exe
  2⤵
  PID:1552
- C:\Windows\System\rbLuLmH.exe
  C:\Windows\System\rbLuLmH.exe
  2⤵
  PID:8016
- C:\Windows\System\KFgNvJD.exe
  C:\Windows\System\KFgNvJD.exe
  2⤵
  PID:8052
- C:\Windows\System\vXnOKko.exe
  C:\Windows\System\vXnOKko.exe
  2⤵
  PID:8032
- C:\Windows\System\zxfJLao.exe
  C:\Windows\System\zxfJLao.exe
  2⤵
  PID:8084
- C:\Windows\System\ZxKLgrU.exe
  C:\Windows\System\ZxKLgrU.exe
  2⤵
  PID:8124
- C:\Windows\System\valbSuI.exe
  C:\Windows\System\valbSuI.exe
  2⤵
  PID:8164
- C:\Windows\System\CAvfKeq.exe
  C:\Windows\System\CAvfKeq.exe
  2⤵
  PID:6132
- C:\Windows\System\eccwGJi.exe
  C:\Windows\System\eccwGJi.exe
  2⤵
  PID:3928
- C:\Windows\System\clKMOLR.exe
  C:\Windows\System\clKMOLR.exe
  2⤵
  PID:2160
- C:\Windows\System\fijPSQy.exe
  C:\Windows\System\fijPSQy.exe
  2⤵
  PID:1952
- C:\Windows\System\fKHJaUf.exe
  C:\Windows\System\fKHJaUf.exe
  2⤵
  PID:6252
- C:\Windows\System\RuYGZAl.exe
  C:\Windows\System\RuYGZAl.exe
  2⤵
  PID:884
- C:\Windows\System\dUfPOSB.exe
  C:\Windows\System\dUfPOSB.exe
  2⤵
  PID:6676
- C:\Windows\System\XQlftIz.exe
  C:\Windows\System\XQlftIz.exe
  2⤵
  PID:6284
- C:\Windows\System\qRJJtJd.exe
  C:\Windows\System\qRJJtJd.exe
  2⤵
  PID:2756
- C:\Windows\System\RoxjvCa.exe
  C:\Windows\System\RoxjvCa.exe
  2⤵
  PID:6300
- C:\Windows\System\ZVpfPLo.exe
  C:\Windows\System\ZVpfPLo.exe
  2⤵
  PID:6768
- C:\Windows\System\EFPmUHU.exe
  C:\Windows\System\EFPmUHU.exe
  2⤵
  PID:6992
- C:\Windows\System\FyrvSfs.exe
  C:\Windows\System\FyrvSfs.exe
  2⤵
  PID:284
- C:\Windows\System\oBylMrd.exe
  C:\Windows\System\oBylMrd.exe
  2⤵
  PID:1084
- C:\Windows\System\YODXaVe.exe
  C:\Windows\System\YODXaVe.exe
  2⤵
  PID:2136
- C:\Windows\System\EnagdiC.exe
  C:\Windows\System\EnagdiC.exe
  2⤵
  PID:7264
- C:\Windows\System\SoJKYYV.exe
  C:\Windows\System\SoJKYYV.exe
  2⤵
  PID:1508
- C:\Windows\System\SaKTWRG.exe
  C:\Windows\System\SaKTWRG.exe
  2⤵
  PID:7252
- C:\Windows\System\nooVaLn.exe
  C:\Windows\System\nooVaLn.exe
  2⤵
  PID:7444
- C:\Windows\System\HHhkgxQ.exe
  C:\Windows\System\HHhkgxQ.exe
  2⤵
  PID:7620
- C:\Windows\System\nEYClZd.exe
  C:\Windows\System\nEYClZd.exe
  2⤵
  PID:8116
- C:\Windows\System\AnGmeMW.exe
  C:\Windows\System\AnGmeMW.exe
  2⤵
  PID:2124
- C:\Windows\System\ExleWyK.exe
  C:\Windows\System\ExleWyK.exe
  2⤵
  PID:7544
- C:\Windows\System\kEoAyLu.exe
  C:\Windows\System\kEoAyLu.exe
  2⤵
  PID:7712
- C:\Windows\System\TDTcgkZ.exe
  C:\Windows\System\TDTcgkZ.exe
  2⤵
  PID:7636
- C:\Windows\System\SbBxJek.exe
  C:\Windows\System\SbBxJek.exe
  2⤵
  PID:6348
- C:\Windows\System\lsJfrup.exe
  C:\Windows\System\lsJfrup.exe
  2⤵
  PID:7776
- C:\Windows\System\VABEYIa.exe
  C:\Windows\System\VABEYIa.exe
  2⤵
  PID:7848
- C:\Windows\System\QiqKSOU.exe
  C:\Windows\System\QiqKSOU.exe
  2⤵
  PID:4880
- C:\Windows\System\GbhXQuq.exe
  C:\Windows\System\GbhXQuq.exe
  2⤵
  PID:7772
- C:\Windows\System\jVQzvFK.exe
  C:\Windows\System\jVQzvFK.exe
  2⤵
  PID:2776
- C:\Windows\System\RdetEyu.exe
  C:\Windows\System\RdetEyu.exe
  2⤵
  PID:8048
- C:\Windows\System\uIeqGDg.exe
  C:\Windows\System\uIeqGDg.exe
  2⤵
  PID:7900
- C:\Windows\System\HuzFHDJ.exe
  C:\Windows\System\HuzFHDJ.exe
  2⤵
  PID:7560
- C:\Windows\System\KaIsZCc.exe
  C:\Windows\System\KaIsZCc.exe
  2⤵
  PID:920
- C:\Windows\System\vXcRDXF.exe
  C:\Windows\System\vXcRDXF.exe
  2⤵
  PID:8100
- C:\Windows\System\keHDboK.exe
  C:\Windows\System\keHDboK.exe
  2⤵
  PID:2044
- C:\Windows\System\scdMqNu.exe
  C:\Windows\System\scdMqNu.exe
  2⤵
  PID:8000
- C:\Windows\System\uIXWBub.exe
  C:\Windows\System\uIXWBub.exe
  2⤵
  PID:6416
- C:\Windows\System\auDChnt.exe
  C:\Windows\System\auDChnt.exe
  2⤵
  PID:8160
- C:\Windows\System\fGeVYoJ.exe
  C:\Windows\System\fGeVYoJ.exe
  2⤵
  PID:7072
- C:\Windows\System\UQcvIai.exe
  C:\Windows\System\UQcvIai.exe
  2⤵
  PID:7152
- C:\Windows\System\TkdqsPg.exe
  C:\Windows\System\TkdqsPg.exe
  2⤵
  PID:7184
- C:\Windows\System\putumvY.exe
  C:\Windows\System\putumvY.exe
  2⤵
  PID:1780
- C:\Windows\System\eBCOMzR.exe
  C:\Windows\System\eBCOMzR.exe
  2⤵
  PID:5516
- C:\Windows\System\DtYtkBm.exe
  C:\Windows\System\DtYtkBm.exe
  2⤵
  PID:2940
- C:\Windows\System\EuzestO.exe
  C:\Windows\System\EuzestO.exe
  2⤵
  PID:7652
- C:\Windows\System\rSisqDz.exe
  C:\Windows\System\rSisqDz.exe
  2⤵
  PID:7676
- C:\Windows\System\EsAxIuP.exe
  C:\Windows\System\EsAxIuP.exe
  2⤵
  PID:7704
- C:\Windows\System\LnQrLjo.exe
  C:\Windows\System\LnQrLjo.exe
  2⤵
  PID:7448
- C:\Windows\System\FWRGzAY.exe
  C:\Windows\System\FWRGzAY.exe
  2⤵
  PID:7708
- C:\Windows\System\UiVwkQL.exe
  C:\Windows\System\UiVwkQL.exe
  2⤵
  PID:7156
- C:\Windows\System\TtUnfPZ.exe
  C:\Windows\System\TtUnfPZ.exe
  2⤵
  PID:7528
- C:\Windows\System\Cnhugxx.exe
  C:\Windows\System\Cnhugxx.exe
  2⤵
  PID:7384
- C:\Windows\System\VPxcrQo.exe
  C:\Windows\System\VPxcrQo.exe
  2⤵
  PID:7868
- C:\Windows\System\Ckqgoyv.exe
  C:\Windows\System\Ckqgoyv.exe
  2⤵
  PID:7904
- C:\Windows\System\ejSAlIj.exe
  C:\Windows\System\ejSAlIj.exe
  2⤵
  PID:6096
- C:\Windows\System\GUiJKBj.exe
  C:\Windows\System\GUiJKBj.exe
  2⤵
  PID:6364
- C:\Windows\System\XWMeCjt.exe
  C:\Windows\System\XWMeCjt.exe
  2⤵
  PID:7344
- C:\Windows\System\wBngwOr.exe
  C:\Windows\System\wBngwOr.exe
  2⤵
  PID:6236
- C:\Windows\System\czlJFdt.exe
  C:\Windows\System\czlJFdt.exe
  2⤵
  PID:7724
- C:\Windows\System\zSHKwkZ.exe
  C:\Windows\System\zSHKwkZ.exe
  2⤵
  PID:6560
- C:\Windows\System\BvmGmcF.exe
  C:\Windows\System\BvmGmcF.exe
  2⤵
  PID:7316
- C:\Windows\System\tGuezbU.exe
  C:\Windows\System\tGuezbU.exe
  2⤵
  PID:7556
- C:\Windows\System\YLYAdEa.exe
  C:\Windows\System\YLYAdEa.exe
  2⤵
  PID:5232
- C:\Windows\System\XYgrVfS.exe
  C:\Windows\System\XYgrVfS.exe
  2⤵
  PID:7212
- C:\Windows\System\NlgilyZ.exe
  C:\Windows\System\NlgilyZ.exe
  2⤵
  PID:7964
- C:\Windows\System\NUkPCgg.exe
  C:\Windows\System\NUkPCgg.exe
  2⤵
  PID:2784
- C:\Windows\System\jnyuSsl.exe
  C:\Windows\System\jnyuSsl.exe
  2⤵
  PID:8204
- C:\Windows\System\DLKoams.exe
  C:\Windows\System\DLKoams.exe
  2⤵
  PID:8220
- C:\Windows\System\TYkEAfb.exe
  C:\Windows\System\TYkEAfb.exe
  2⤵
  PID:8236
- C:\Windows\System\nootTNp.exe
  C:\Windows\System\nootTNp.exe
  2⤵
  PID:8252
- C:\Windows\System\AIJwRss.exe
  C:\Windows\System\AIJwRss.exe
  2⤵
  PID:8268
- C:\Windows\System\vgWXWeO.exe
  C:\Windows\System\vgWXWeO.exe
  2⤵
  PID:8284
- C:\Windows\System\yKjxEBw.exe
  C:\Windows\System\yKjxEBw.exe
  2⤵
  PID:8300
- C:\Windows\System\YFitpGc.exe
  C:\Windows\System\YFitpGc.exe
  2⤵
  PID:8316
- C:\Windows\System\okcFAFR.exe
  C:\Windows\System\okcFAFR.exe
  2⤵
  PID:8332
- C:\Windows\System\vvfPdcT.exe
  C:\Windows\System\vvfPdcT.exe
  2⤵
  PID:8348
- C:\Windows\System\sHtVwIN.exe
  C:\Windows\System\sHtVwIN.exe
  2⤵
  PID:8364
- C:\Windows\System\qgXgAud.exe
  C:\Windows\System\qgXgAud.exe
  2⤵
  PID:8380
- C:\Windows\System\aBkRcbv.exe
  C:\Windows\System\aBkRcbv.exe
  2⤵
  PID:8396
- C:\Windows\System\npFQLyi.exe
  C:\Windows\System\npFQLyi.exe
  2⤵
  PID:8412
- C:\Windows\System\NndPbMi.exe
  C:\Windows\System\NndPbMi.exe
  2⤵
  PID:8432
- C:\Windows\System\fosfObl.exe
  C:\Windows\System\fosfObl.exe
  2⤵
  PID:8452
- C:\Windows\System\ghhbeLy.exe
  C:\Windows\System\ghhbeLy.exe
  2⤵
  PID:8468
- C:\Windows\System\adeSYHv.exe
  C:\Windows\System\adeSYHv.exe
  2⤵
  PID:8484
- C:\Windows\System\TisUeaD.exe
  C:\Windows\System\TisUeaD.exe
  2⤵
  PID:8500
- C:\Windows\System\Urpnpyx.exe
  C:\Windows\System\Urpnpyx.exe
  2⤵
  PID:8516
- C:\Windows\System\kTYlAji.exe
  C:\Windows\System\kTYlAji.exe
  2⤵
  PID:8536
- C:\Windows\System\tEErPZQ.exe
  C:\Windows\System\tEErPZQ.exe
  2⤵
  PID:8560
- C:\Windows\System\ZBbBWLy.exe
  C:\Windows\System\ZBbBWLy.exe
  2⤵
  PID:8576
- C:\Windows\System\KyuSdzF.exe
  C:\Windows\System\KyuSdzF.exe
  2⤵
  PID:8592
- C:\Windows\System\znYHQSu.exe
  C:\Windows\System\znYHQSu.exe
  2⤵
  PID:8608
- C:\Windows\System\jUxoXUU.exe
  C:\Windows\System\jUxoXUU.exe
  2⤵
  PID:8624
- C:\Windows\System\igdjkMu.exe
  C:\Windows\System\igdjkMu.exe
  2⤵
  PID:8640
- C:\Windows\System\ntOMSjS.exe
  C:\Windows\System\ntOMSjS.exe
  2⤵
  PID:8656
- C:\Windows\System\IxtpycS.exe
  C:\Windows\System\IxtpycS.exe
  2⤵
  PID:8672
- C:\Windows\System\TNCpQdV.exe
  C:\Windows\System\TNCpQdV.exe
  2⤵
  PID:8688
- C:\Windows\System\UWGrGSZ.exe
  C:\Windows\System\UWGrGSZ.exe
  2⤵
  PID:8704
- C:\Windows\System\SNoNZcf.exe
  C:\Windows\System\SNoNZcf.exe
  2⤵
  PID:8720
- C:\Windows\System\wuMPIkv.exe
  C:\Windows\System\wuMPIkv.exe
  2⤵
  PID:8736
- C:\Windows\System\puhRrzE.exe
  C:\Windows\System\puhRrzE.exe
  2⤵
  PID:8752
- C:\Windows\System\lXyChPt.exe
  C:\Windows\System\lXyChPt.exe
  2⤵
  PID:8768
- C:\Windows\System\JLPmnTU.exe
  C:\Windows\System\JLPmnTU.exe
  2⤵
  PID:8784
- C:\Windows\System\ahqliht.exe
  C:\Windows\System\ahqliht.exe
  2⤵
  PID:8800
- C:\Windows\System\YMtwiII.exe
  C:\Windows\System\YMtwiII.exe
  2⤵
  PID:8816
- C:\Windows\System\TQhfxMM.exe
  C:\Windows\System\TQhfxMM.exe
  2⤵
  PID:8832
- C:\Windows\System\QIqUeaX.exe
  C:\Windows\System\QIqUeaX.exe
  2⤵
  PID:8848
- C:\Windows\System\AzgAVmT.exe
  C:\Windows\System\AzgAVmT.exe
  2⤵
  PID:8864
- C:\Windows\System\cbQknIN.exe
  C:\Windows\System\cbQknIN.exe
  2⤵
  PID:8880
- C:\Windows\System\nsGeezH.exe
  C:\Windows\System\nsGeezH.exe
  2⤵
  PID:8896
- C:\Windows\System\ySlvybF.exe
  C:\Windows\System\ySlvybF.exe
  2⤵
  PID:8912
- C:\Windows\System\LHJShEE.exe
  C:\Windows\System\LHJShEE.exe
  2⤵
  PID:8928
- C:\Windows\System\tyWLWZv.exe
  C:\Windows\System\tyWLWZv.exe
  2⤵
  PID:8944
- C:\Windows\System\BBZcHKF.exe
  C:\Windows\System\BBZcHKF.exe
  2⤵
  PID:8960
- C:\Windows\System\RIRUBjZ.exe
  C:\Windows\System\RIRUBjZ.exe
  2⤵
  PID:8976
- C:\Windows\System\MxTgWqF.exe
  C:\Windows\System\MxTgWqF.exe
  2⤵
  PID:8992
- C:\Windows\System\QTqRKHN.exe
  C:\Windows\System\QTqRKHN.exe
  2⤵
  PID:9008
- C:\Windows\System\AbXaQEB.exe
  C:\Windows\System\AbXaQEB.exe
  2⤵
  PID:9024
- C:\Windows\System\RBkgigI.exe
  C:\Windows\System\RBkgigI.exe
  2⤵
  PID:9040
- C:\Windows\System\RDbVngk.exe
  C:\Windows\System\RDbVngk.exe
  2⤵
  PID:9056
- C:\Windows\System\EiDgPmO.exe
  C:\Windows\System\EiDgPmO.exe
  2⤵
  PID:9076
- C:\Windows\System\OafSnWY.exe
  C:\Windows\System\OafSnWY.exe
  2⤵
  PID:9096
- C:\Windows\System\wZOcaVx.exe
  C:\Windows\System\wZOcaVx.exe
  2⤵
  PID:9116
- C:\Windows\System\GZIcXTJ.exe
  C:\Windows\System\GZIcXTJ.exe
  2⤵
  PID:9132
- C:\Windows\System\SLqTdUX.exe
  C:\Windows\System\SLqTdUX.exe
  2⤵
  PID:9148
- C:\Windows\System\mHknnKn.exe
  C:\Windows\System\mHknnKn.exe
  2⤵
  PID:9164
- C:\Windows\System\HxWgvMP.exe
  C:\Windows\System\HxWgvMP.exe
  2⤵
  PID:9180
- C:\Windows\System\emhOpMz.exe
  C:\Windows\System\emhOpMz.exe
  2⤵
  PID:9196
- C:\Windows\System\IFSqDdK.exe
  C:\Windows\System\IFSqDdK.exe
  2⤵
  PID:9212
- C:\Windows\System\hJxOcDP.exe
  C:\Windows\System\hJxOcDP.exe
  2⤵
  PID:2868
- C:\Windows\System\mWkDfXr.exe
  C:\Windows\System\mWkDfXr.exe
  2⤵
  PID:7572
- C:\Windows\System\rixOloC.exe
  C:\Windows\System\rixOloC.exe
  2⤵
  PID:3660
- C:\Windows\System\zjgnzPx.exe
  C:\Windows\System\zjgnzPx.exe
  2⤵
  PID:8232
- C:\Windows\System\beikdBp.exe
  C:\Windows\System\beikdBp.exe
  2⤵
  PID:7988
- C:\Windows\System\sSFjIfG.exe
  C:\Windows\System\sSFjIfG.exe
  2⤵
  PID:8212
- C:\Windows\System\UwRYxWk.exe
  C:\Windows\System\UwRYxWk.exe
  2⤵
  PID:8372
- C:\Windows\System\VpreEdu.exe
  C:\Windows\System\VpreEdu.exe
  2⤵
  PID:8244
- C:\Windows\System\tkNUZpu.exe
  C:\Windows\System\tkNUZpu.exe
  2⤵
  PID:8312
- C:\Windows\System\ztxWCXK.exe
  C:\Windows\System\ztxWCXK.exe
  2⤵
  PID:8296
- C:\Windows\System\gXGpAjh.exe
  C:\Windows\System\gXGpAjh.exe
  2⤵
  PID:8424
- C:\Windows\System\NFTqrUL.exe
  C:\Windows\System\NFTqrUL.exe
  2⤵
  PID:8492
- C:\Windows\System\yapvGQI.exe
  C:\Windows\System\yapvGQI.exe
  2⤵
  PID:8404
- C:\Windows\System\yLlnFCb.exe
  C:\Windows\System\yLlnFCb.exe
  2⤵
  PID:8448
- C:\Windows\System\MmrBVYa.exe
  C:\Windows\System\MmrBVYa.exe
  2⤵
  PID:8616
- C:\Windows\System\BAlPnHk.exe
  C:\Windows\System\BAlPnHk.exe
  2⤵
  PID:8636
- C:\Windows\System\vehlxHv.exe
  C:\Windows\System\vehlxHv.exe
  2⤵
  PID:8584
- C:\Windows\System\xRnHNTf.exe
  C:\Windows\System\xRnHNTf.exe
  2⤵
  PID:8728
- C:\Windows\System\ZFfgaTP.exe
  C:\Windows\System\ZFfgaTP.exe
  2⤵
  PID:8824
- C:\Windows\System\LcyYLIj.exe
  C:\Windows\System\LcyYLIj.exe
  2⤵
  PID:8860
- C:\Windows\System\gVxlNOk.exe
  C:\Windows\System\gVxlNOk.exe
  2⤵
  PID:8924
- C:\Windows\System\VlzUbOU.exe
  C:\Windows\System\VlzUbOU.exe
  2⤵
  PID:8988
- C:\Windows\System\IcdulEz.exe
  C:\Windows\System\IcdulEz.exe
  2⤵
  PID:8716
- C:\Windows\System\WrSgfJY.exe
  C:\Windows\System\WrSgfJY.exe
  2⤵
  PID:9016
- C:\Windows\System\bncEDhs.exe
  C:\Windows\System\bncEDhs.exe
  2⤵
  PID:8680
- C:\Windows\System\akbgPNG.exe
  C:\Windows\System\akbgPNG.exe
  2⤵
  PID:8776
- C:\Windows\System\YqcbahR.exe
  C:\Windows\System\YqcbahR.exe
  2⤵
  PID:8840
- C:\Windows\System\blQjzqb.exe
  C:\Windows\System\blQjzqb.exe
  2⤵
  PID:8908
- C:\Windows\System\uNQmcUQ.exe
  C:\Windows\System\uNQmcUQ.exe
  2⤵
  PID:8972
- C:\Windows\System\NKteTkp.exe
  C:\Windows\System\NKteTkp.exe
  2⤵
  PID:9112
- C:\Windows\System\BKDCyrq.exe
  C:\Windows\System\BKDCyrq.exe
  2⤵
  PID:8324
- C:\Windows\System\NFLnLTN.exe
  C:\Windows\System\NFLnLTN.exe
  2⤵
  PID:8276
- C:\Windows\System\KebPYBU.exe
  C:\Windows\System\KebPYBU.exe
  2⤵
  PID:3884
- C:\Windows\System\QgYSwwD.exe
  C:\Windows\System\QgYSwwD.exe
  2⤵
  PID:8376
- C:\Windows\System\cwHWEQN.exe
  C:\Windows\System\cwHWEQN.exe
  2⤵
  PID:8248
- C:\Windows\System\pMgucSX.exe
  C:\Windows\System\pMgucSX.exe
  2⤵
  PID:8444
- C:\Windows\System\UJgCnsH.exe
  C:\Windows\System\UJgCnsH.exe
  2⤵
  PID:8568
- C:\Windows\System\gmFZvqz.exe
  C:\Windows\System\gmFZvqz.exe
  2⤵
  PID:8600
- C:\Windows\System\DUuGJQS.exe
  C:\Windows\System\DUuGJQS.exe
  2⤵
  PID:8760
- C:\Windows\System\YbwhPRW.exe
  C:\Windows\System\YbwhPRW.exe
  2⤵
  PID:8920
- C:\Windows\System\VbUIPrh.exe
  C:\Windows\System\VbUIPrh.exe
  2⤵
  PID:8856
- C:\Windows\System\HKqPMWk.exe
  C:\Windows\System\HKqPMWk.exe
  2⤵
  PID:8812
- C:\Windows\System\CcLuRCB.exe
  C:\Windows\System\CcLuRCB.exe
  2⤵
  PID:8684
- C:\Windows\System\PBxbTUi.exe
  C:\Windows\System\PBxbTUi.exe
  2⤵
  PID:9064
- C:\Windows\System\aZqxfUM.exe
  C:\Windows\System\aZqxfUM.exe
  2⤵
  PID:9036
- C:\Windows\System\NceWtfE.exe
  C:\Windows\System\NceWtfE.exe
  2⤵
  PID:9128
- C:\Windows\System\xOBFyPS.exe
  C:\Windows\System\xOBFyPS.exe
  2⤵
  PID:9192
- C:\Windows\System\AjJiXKh.exe
  C:\Windows\System\AjJiXKh.exe
  2⤵
  PID:9144
- C:\Windows\System\UkRnemi.exe
  C:\Windows\System\UkRnemi.exe
  2⤵
  PID:9172
- C:\Windows\System\pprQKIk.exe
  C:\Windows\System\pprQKIk.exe
  2⤵
  PID:9208
- C:\Windows\System\iwJIbZy.exe
  C:\Windows\System\iwJIbZy.exe
  2⤵
  PID:8292
- C:\Windows\System\IXEdFTH.exe
  C:\Windows\System\IXEdFTH.exe
  2⤵
  PID:2592
- C:\Windows\System\ddimchq.exe
  C:\Windows\System\ddimchq.exe
  2⤵
  PID:8460
- C:\Windows\System\gPrjrCd.exe
  C:\Windows\System\gPrjrCd.exe
  2⤵
  PID:8480
- C:\Windows\System\aMrgaKH.exe
  C:\Windows\System\aMrgaKH.exe
  2⤵
  PID:8440
- C:\Windows\System\vCdyHsP.exe
  C:\Windows\System\vCdyHsP.exe
  2⤵
  PID:8668
- C:\Windows\System\zBKgTje.exe
  C:\Windows\System\zBKgTje.exe
  2⤵
  PID:8808
- C:\Windows\System\LZZWBeI.exe
  C:\Windows\System\LZZWBeI.exe
  2⤵
  PID:8748
- C:\Windows\System\AhcBYFl.exe
  C:\Windows\System\AhcBYFl.exe
  2⤵
  PID:8632
- C:\Windows\System\vAOiYSX.exe
  C:\Windows\System\vAOiYSX.exe
  2⤵
  PID:9156
- C:\Windows\System\YVYoCbn.exe
  C:\Windows\System\YVYoCbn.exe
  2⤵
  PID:8056
- C:\Windows\System\yNPJipj.exe
  C:\Windows\System\yNPJipj.exe
  2⤵
  PID:9032
- C:\Windows\System\qxNFRbd.exe
  C:\Windows\System\qxNFRbd.exe
  2⤵
  PID:8544
- C:\Windows\System\xNVMEcN.exe
  C:\Windows\System\xNVMEcN.exe
  2⤵
  PID:8392
- C:\Windows\System\bRWmobm.exe
  C:\Windows\System\bRWmobm.exe
  2⤵
  PID:8556
- C:\Windows\System\hhblgXk.exe
  C:\Windows\System\hhblgXk.exe
  2⤵
  PID:9004
- C:\Windows\System\XInoOIP.exe
  C:\Windows\System\XInoOIP.exe
  2⤵
  PID:8648
- C:\Windows\System\CHtvRdH.exe
  C:\Windows\System\CHtvRdH.exe
  2⤵
  PID:9224
- C:\Windows\System\CnaUJqi.exe
  C:\Windows\System\CnaUJqi.exe
  2⤵
  PID:9244
- C:\Windows\System\Zmvsvpv.exe
  C:\Windows\System\Zmvsvpv.exe
  2⤵
  PID:9260
- C:\Windows\System\HvciLaC.exe
  C:\Windows\System\HvciLaC.exe
  2⤵
  PID:9276
- C:\Windows\System\MxXQIhO.exe
  C:\Windows\System\MxXQIhO.exe
  2⤵
  PID:9292
- C:\Windows\System\vZaUnvS.exe
  C:\Windows\System\vZaUnvS.exe
  2⤵
  PID:9308
- C:\Windows\System\cBvDkXO.exe
  C:\Windows\System\cBvDkXO.exe
  2⤵
  PID:9328
- C:\Windows\System\hxCknlt.exe
  C:\Windows\System\hxCknlt.exe
  2⤵
  PID:9344
- C:\Windows\System\KvUaVxk.exe
  C:\Windows\System\KvUaVxk.exe
  2⤵
  PID:9360
- C:\Windows\System\gsCLyTP.exe
  C:\Windows\System\gsCLyTP.exe
  2⤵
  PID:9376
- C:\Windows\System\ZkwJlWV.exe
  C:\Windows\System\ZkwJlWV.exe
  2⤵
  PID:9392
- C:\Windows\System\hjVaHjL.exe
  C:\Windows\System\hjVaHjL.exe
  2⤵
  PID:9412
- C:\Windows\System\IYfSRRL.exe
  C:\Windows\System\IYfSRRL.exe
  2⤵
  PID:9436
- C:\Windows\System\TxdRvgC.exe
  C:\Windows\System\TxdRvgC.exe
  2⤵
  PID:9452
- C:\Windows\System\efBoYBY.exe
  C:\Windows\System\efBoYBY.exe
  2⤵
  PID:9508
- C:\Windows\System\HHjjBSz.exe
  C:\Windows\System\HHjjBSz.exe
  2⤵
  PID:9524
- C:\Windows\System\iSxGugD.exe
  C:\Windows\System\iSxGugD.exe
  2⤵
  PID:9588
- C:\Windows\System\QKnBavE.exe
  C:\Windows\System\QKnBavE.exe
  2⤵
  PID:9608
- C:\Windows\System\rYnhjSb.exe
  C:\Windows\System\rYnhjSb.exe
  2⤵
  PID:9624
- C:\Windows\System\usNpenr.exe
  C:\Windows\System\usNpenr.exe
  2⤵
  PID:9640
- C:\Windows\System\HAljWUI.exe
  C:\Windows\System\HAljWUI.exe
  2⤵
  PID:9656
- C:\Windows\System\gktEoBZ.exe
  C:\Windows\System\gktEoBZ.exe
  2⤵
  PID:9672
- C:\Windows\System\UWjwKGs.exe
  C:\Windows\System\UWjwKGs.exe
  2⤵
  PID:9688
- C:\Windows\System\MDJyhpW.exe
  C:\Windows\System\MDJyhpW.exe
  2⤵
  PID:9704
- C:\Windows\System\RfDqrtg.exe
  C:\Windows\System\RfDqrtg.exe
  2⤵
  PID:9720
- C:\Windows\System\WocdzEb.exe
  C:\Windows\System\WocdzEb.exe
  2⤵
  PID:9736
- C:\Windows\System\AaQvLFY.exe
  C:\Windows\System\AaQvLFY.exe
  2⤵
  PID:9752
- C:\Windows\System\lPRvWsk.exe
  C:\Windows\System\lPRvWsk.exe
  2⤵
  PID:9768
- C:\Windows\System\CsxFJSg.exe
  C:\Windows\System\CsxFJSg.exe
  2⤵
  PID:9784
- C:\Windows\System\VuAYOlk.exe
  C:\Windows\System\VuAYOlk.exe
  2⤵
  PID:9800
- C:\Windows\System\dyrkEBt.exe
  C:\Windows\System\dyrkEBt.exe
  2⤵
  PID:9816
- C:\Windows\System\ZdDcrAG.exe
  C:\Windows\System\ZdDcrAG.exe
  2⤵
  PID:9832
- C:\Windows\System\LfjteUV.exe
  C:\Windows\System\LfjteUV.exe
  2⤵
  PID:9848
- C:\Windows\System\soKVrqM.exe
  C:\Windows\System\soKVrqM.exe
  2⤵
  PID:9864
- C:\Windows\System\IbEEOSW.exe
  C:\Windows\System\IbEEOSW.exe
  2⤵
  PID:9880
- C:\Windows\System\vwpwFwV.exe
  C:\Windows\System\vwpwFwV.exe
  2⤵
  PID:9896
- C:\Windows\System\VQwQXns.exe
  C:\Windows\System\VQwQXns.exe
  2⤵
  PID:9912
- C:\Windows\System\PSzWhgD.exe
  C:\Windows\System\PSzWhgD.exe
  2⤵
  PID:9928
- C:\Windows\System\TIWvKRT.exe
  C:\Windows\System\TIWvKRT.exe
  2⤵
  PID:9952
- C:\Windows\System\tvAbXKz.exe
  C:\Windows\System\tvAbXKz.exe
  2⤵
  PID:9976
- C:\Windows\System\dQhoUns.exe
  C:\Windows\System\dQhoUns.exe
  2⤵
  PID:9992
- C:\Windows\System\vnETyWU.exe
  C:\Windows\System\vnETyWU.exe
  2⤵
  PID:10008
- C:\Windows\System\SMcUmXl.exe
  C:\Windows\System\SMcUmXl.exe
  2⤵
  PID:10024
- C:\Windows\System\xBFZole.exe
  C:\Windows\System\xBFZole.exe
  2⤵
  PID:10040
- C:\Windows\System\zuBsLrA.exe
  C:\Windows\System\zuBsLrA.exe
  2⤵
  PID:10056
- C:\Windows\System\RfZbHAS.exe
  C:\Windows\System\RfZbHAS.exe
  2⤵
  PID:10072
- C:\Windows\System\sqauMrV.exe
  C:\Windows\System\sqauMrV.exe
  2⤵
  PID:10088
- C:\Windows\System\YVjnEQS.exe
  C:\Windows\System\YVjnEQS.exe
  2⤵
  PID:10104
- C:\Windows\System\DMVmUlD.exe
  C:\Windows\System\DMVmUlD.exe
  2⤵
  PID:10120
- C:\Windows\System\CBUWyFu.exe
  C:\Windows\System\CBUWyFu.exe
  2⤵
  PID:10136
- C:\Windows\System\UQTOzcW.exe
  C:\Windows\System\UQTOzcW.exe
  2⤵
  PID:10152
- C:\Windows\System\RcHfqvf.exe
  C:\Windows\System\RcHfqvf.exe
  2⤵
  PID:10168
- C:\Windows\System\SkFExuN.exe
  C:\Windows\System\SkFExuN.exe
  2⤵
  PID:10184
- C:\Windows\System\XENOJnN.exe
  C:\Windows\System\XENOJnN.exe
  2⤵
  PID:10200
- C:\Windows\System\gRPAspR.exe
  C:\Windows\System\gRPAspR.exe
  2⤵
  PID:10216
- C:\Windows\System\LETuHjl.exe
  C:\Windows\System\LETuHjl.exe
  2⤵
  PID:9204
- C:\Windows\System\DlAaGiJ.exe
  C:\Windows\System\DlAaGiJ.exe
  2⤵
  PID:8524
- C:\Windows\System\jRxggVI.exe
  C:\Windows\System\jRxggVI.exe
  2⤵
  PID:9232
- C:\Windows\System\ZQiyjqx.exe
  C:\Windows\System\ZQiyjqx.exe
  2⤵
  PID:9236
- C:\Windows\System\lwoNKLS.exe
  C:\Windows\System\lwoNKLS.exe
  2⤵
  PID:9316
- C:\Windows\System\MnWRnWs.exe
  C:\Windows\System\MnWRnWs.exe
  2⤵
  PID:9336
- C:\Windows\System\YdXcNof.exe
  C:\Windows\System\YdXcNof.exe
  2⤵
  PID:9252
- C:\Windows\System\fXjcuqC.exe
  C:\Windows\System\fXjcuqC.exe
  2⤵
  PID:9352
- C:\Windows\System\dTCiWNo.exe
  C:\Windows\System\dTCiWNo.exe
  2⤵
  PID:9404
- C:\Windows\System\LgecUGv.exe
  C:\Windows\System\LgecUGv.exe
  2⤵
  PID:9428
- C:\Windows\System\SKUWTnH.exe
  C:\Windows\System\SKUWTnH.exe
  2⤵
  PID:9472
- C:\Windows\System\TkooWTv.exe
  C:\Windows\System\TkooWTv.exe
  2⤵
  PID:9488
- C:\Windows\System\cXnMMEW.exe
  C:\Windows\System\cXnMMEW.exe
  2⤵
  PID:9500
- C:\Windows\System\cvglfEl.exe
  C:\Windows\System\cvglfEl.exe
  2⤵
  PID:9532
- C:\Windows\System\wjvpJDw.exe
  C:\Windows\System\wjvpJDw.exe
  2⤵
  PID:9548
- C:\Windows\System\wNVOetn.exe
  C:\Windows\System\wNVOetn.exe
  2⤵
  PID:9564
- C:\Windows\System\OFkTxzA.exe
  C:\Windows\System\OFkTxzA.exe
  2⤵
  PID:1008
- C:\Windows\System\CSjEwdv.exe
  C:\Windows\System\CSjEwdv.exe
  2⤵
  PID:9616
- C:\Windows\System\eTcXIzJ.exe
  C:\Windows\System\eTcXIzJ.exe
  2⤵
  PID:9636
- C:\Windows\System\Kzdaovr.exe
  C:\Windows\System\Kzdaovr.exe
  2⤵
  PID:9684
- C:\Windows\System\IgOhtcm.exe
  C:\Windows\System\IgOhtcm.exe
  2⤵
  PID:9700
- C:\Windows\System\oqTACud.exe
  C:\Windows\System\oqTACud.exe
  2⤵
  PID:9764
- C:\Windows\System\qttOyPq.exe
  C:\Windows\System\qttOyPq.exe
  2⤵
  PID:9828
- C:\Windows\System\GwgSchF.exe
  C:\Windows\System\GwgSchF.exe
  2⤵
  PID:9888
- C:\Windows\System\RbVyfVK.exe
  C:\Windows\System\RbVyfVK.exe
  2⤵
  PID:9744
- C:\Windows\System\oxcuNZS.exe
  C:\Windows\System\oxcuNZS.exe
  2⤵
  PID:9748
- C:\Windows\System\iFXoJTE.exe
  C:\Windows\System\iFXoJTE.exe
  2⤵
  PID:9844
- C:\Windows\System\ZOgJuii.exe
  C:\Windows\System\ZOgJuii.exe
  2⤵
  PID:9936
- C:\Windows\System\zgxtENU.exe
  C:\Windows\System\zgxtENU.exe
  2⤵
  PID:9940
- C:\Windows\System\pPRiksf.exe
  C:\Windows\System\pPRiksf.exe
  2⤵
  PID:10000
- C:\Windows\System\TCuWxAe.exe
  C:\Windows\System\TCuWxAe.exe
  2⤵
  PID:10036
- C:\Windows\System\ZUvNRcU.exe
  C:\Windows\System\ZUvNRcU.exe
  2⤵
  PID:10016
- C:\Windows\System\KTcxcBU.exe
  C:\Windows\System\KTcxcBU.exe
  2⤵
  PID:10080
- C:\Windows\System\LUajYaT.exe
  C:\Windows\System\LUajYaT.exe
  2⤵
  PID:10096
- C:\Windows\System\PBWygnx.exe
  C:\Windows\System\PBWygnx.exe
  2⤵
  PID:10164
- C:\Windows\System\gfivlDL.exe
  C:\Windows\System\gfivlDL.exe
  2⤵
  PID:10196
- C:\Windows\System\TQfeoYH.exe
  C:\Windows\System\TQfeoYH.exe
  2⤵
  PID:10212
- C:\Windows\System\VZpRiEr.exe
  C:\Windows\System\VZpRiEr.exe
  2⤵
  PID:8700
- C:\Windows\System\IKgqZcp.exe
  C:\Windows\System\IKgqZcp.exe
  2⤵
  PID:9072
- C:\Windows\System\comQYNg.exe
  C:\Windows\System\comQYNg.exe
  2⤵
  PID:8308
- C:\Windows\System\jLJGEly.exe
  C:\Windows\System\jLJGEly.exe
  2⤵
  PID:9288
- C:\Windows\System\rhedpUX.exe
  C:\Windows\System\rhedpUX.exe
  2⤵
  PID:9256
- C:\Windows\System\NefHHPN.exe
  C:\Windows\System\NefHHPN.exe
  2⤵
  PID:9600
- C:\Windows\System\sCVGDGQ.exe
  C:\Windows\System\sCVGDGQ.exe
  2⤵
  PID:9432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AQvUdmS.exe

Filesize
6.0MB

MD5
e8a5f2dcd11c4b52c64db75922de9da5

SHA1
26a43cfacd37c683ba89d2957dc2bb5e5de52b72

SHA256
8cb36b976025538f57d6c83fa651601dccd1163d832e9823dde33c57f09af6bf

SHA512
c18a49a17bb0509d4d66794282e69a6342c7e24ab8e5429290fc0b8ac113acd56cc6650797560e3239dabddd27e06d7dbdaa1a711b08ba3000526a542252b0f8

Download Submit
C:\Windows\system\AnkpZSH.exe

Filesize
6.0MB

MD5
0bb434734990673567755924b108f7d2

SHA1
450d4286c1b335e17b3686a2221d88745d22dad2

SHA256
5178e2f4b3432537c286eb4627912b0830dbc0615541a7a11d9b8f473204d33f

SHA512
6c33c3e41a809c54f27b351fb9b489f2b309f345168da381bd623edabb39caedf1a52108d48154977dd703e408e00c3ee6846fa53965f8c7e7ff9a32e962ead3

Download Submit
C:\Windows\system\BArvjNs.exe

Filesize
6.0MB

MD5
0d8a765345c23cbbfb1252dee6c7f91f

SHA1
8a4c1614f4d91e2ec1e922b5cb55c7899ea89ff7

SHA256
d59e0999b3244a63149922cd79cd0ac6458ae9855983df5cc0cca4c308ee9d46

SHA512
630d7ab215a6908b8decd13130387f38be53f3e07518424cf356060e9ae66e06e8897bde27b45f4495456fc90fbeedb892c77221437c6f3c98d54b9f0f73f378

Download Submit
C:\Windows\system\DHXemrM.exe

Filesize
6.0MB

MD5
36bdb8ea3367605c847fd128a1c6fa6a

SHA1
91925d1181665c614cf6b7a860c03c3a39b18857

SHA256
bc1af26befe2bc1b8e8c8efc867b719d438417bce0ff22654dba819374399187

SHA512
6a1b5c2704f1c0b2ab0d294be1513991259d407242d9311dcd5395a1701a43033fd28e4612b24abaec60bf08f4f20fb61be526a46413c91cc5859fc45ace8692

Download Submit
C:\Windows\system\DHqIFVo.exe

Filesize
6.0MB

MD5
40038f61685eb67857fa79ff72ea1d98

SHA1
8f763243c97d991bc38697a235f2b4fc26c05031

SHA256
be7fea2ad1012992a5712380eacdb6f32e88bd8aba32729cc338ac77b4aa23d0

SHA512
da787d99f61eb86763ea5f5124053db98ef1b05628bb303b1a71a7d63bcb909145a77c8064ad1795372cfc4410100b26da27cb20953993ddde656b3f9acf3db2

Download Submit
C:\Windows\system\DvxOjAX.exe

Filesize
6.0MB

MD5
68e68900c9cd312a36c21f5606663227

SHA1
940b1d59b8d3f621fd60932e362afc93adb9c82e

SHA256
97597913876034c5267bc93bdea7c92ee8176b9256e38d982bac9bba72155b3b

SHA512
ba29c10ba99b356bb4d80754995f174b1c68bb8c44016c0cdbafea77108caf3c316280f76afd9634e938bb992fc75cfbfd9efc2aef0f0db7e1a0164f6040f71b

Download Submit
C:\Windows\system\ECQkahY.exe

Filesize
6.0MB

MD5
d6a07379cd33ff35580a53221169320c

SHA1
9a89e00233bf25e9ebbdae7eb98c128299fcb14c

SHA256
32f8e82657017bf29d114add4b1243543e5c95009159d7dd4629e4d25d4b85ba

SHA512
5267400374cd0b54862dd7e5b92e18d1c685f021dda6eaf96f1ec209993307b0c2fc319d38295610e97f9d4566cc8a6a99c65761f2ae6332c6e476f284afc4d8

Download Submit
C:\Windows\system\GmkBDDG.exe

Filesize
6.0MB

MD5
6d3c2f2855e1adb2878a86cda1fc7460

SHA1
0c81c8ee64057f42de61edfa1f3c4d12d7b00b77

SHA256
a2be7d8f34d79c7e02a4eba2c6902d435a76937dcf7ae0fad32d6c7d946495f3

SHA512
215a5297c53691d6c2cc5a0d3d5dc9c4943d6fa4780b8939b14d061f952f44466cb413f2a559a9e43c1dcb374cf7aefe4a80bed263c216b8faa750d5f777dd8c

Download Submit
C:\Windows\system\HROISdr.exe

Filesize
6.0MB

MD5
0a715c353d54ea815173d5b85a494a0a

SHA1
e852113304a66a5bbfca99257317877470f0bd67

SHA256
ae6d297b80b52e6ee2704f24b3a0a1078882cc1018d8d6f704eae9725abe3820

SHA512
c0de35a2078062c5d7cbbacba33986dc910809011f5bd34e9f7e055bee92c238e9249ab47b641af42fd467e352c3c438e4f2d10b1b93b04daf8ad1b7c181a896

Download Submit
C:\Windows\system\JwkTaFg.exe

Filesize
6.0MB

MD5
8bebbad8cb8fddf2710a249b36569959

SHA1
6025385c50b1eb7e57dc44f09f99224973b9c649

SHA256
2f376bdeed49a263eef324445a41bef0cfb5cd63fd6594814b9fc9b0c21f71ec

SHA512
c0422b58adfa75b7cfd1297d10597e919ffc27629ae77bf0a3180207f9b68cc7f3f356f0aee2f62b596286dbe419cc62757b54d12dd9174691b9b2e967f36892

Download Submit
C:\Windows\system\KItmLzc.exe

Filesize
6.0MB

MD5
a02ba1ca65afc299d7c3b4409151e550

SHA1
b5af39a38426c0be1a7cc97731dedf0cad851e1a

SHA256
87ffe9e25744589f1c38092a238fbbfe536a9bc958fac2e7f64d89f034100152

SHA512
74a151807b56319b1a6a4a0a08bbd1d85236d25596f52f8883c31e161e5b909e45f72e05a581321e33485ba381555ee4195fb52c6822ba853af63c9445737590

Download Submit
C:\Windows\system\KuzLijm.exe

Filesize
6.0MB

MD5
fb3976323d3c4ed1e7270b78ea57e464

SHA1
cef9309e64e0c0c1679696e8a1f9242ec7fd88d6

SHA256
dffe7c51a2af282493415a371cc500690e5fc00e3bd57dddbca64909319d3049

SHA512
290e255fe2f7764a1932ad2b99b2bd4f911d58d65897e50114fecf99835fd4f9406d9eeff9b05642f7d324cbfa1414b4b39461d254dbd7d9ede8aeac92a6fa6b

Download Submit
C:\Windows\system\RagfZJK.exe

Filesize
6.0MB

MD5
8b7396a84a439135183bdd3fcc48a683

SHA1
261472dabdf8d71adaa096332ea579e6825ba5de

SHA256
1c67de26fff4d2686652f6de9acbd2aed2c78a8ccd84275d61975c618e35f0b0

SHA512
0aea36242420075bffc669b6f2c8f330be1276e790f803200e601d0f8f5f0c8016384aa8eb6b53a06bbc5842b715c53a7ae477791b7e5cc4b89dffbe74605912

Download Submit
C:\Windows\system\STmgmwg.exe

Filesize
6.0MB

MD5
cfc5114211d203841891f1e37b6bb302

SHA1
ff153abc727d2813264880349cab6a945db147c4

SHA256
6ad2a4f97931e3a41778fc2cb82e2bcdd0ae1d4d4490de25fec8aec30ec27fc1

SHA512
f260420f9ca437549c0970911ea769c0ebb6d0915827810533c455e17232803eed17f2663f97fea4759e8706f7eb33061fc372cf52f9d90a60b872eaad08f15f

Download Submit
C:\Windows\system\UGeexMM.exe

Filesize
6.0MB

MD5
4e165bb8e8766af6798ccaa165f00472

SHA1
f3caa3f481c21af62630912c0dc261a88c39c918

SHA256
046ec50aa92493613d246e7c482e96ad98c2190b95edbf3349cff4c211945b8e

SHA512
cd0c0802593dcf54ab202256c3f010c8fc87408d3dc2a284a51ba76a77a2ed72d6822cc75f355749f73fada5e2a3851abc5d3d388ae470f8578fc71826d6559b

Download Submit
C:\Windows\system\bkUZkgp.exe

Filesize
6.0MB

MD5
371f0167044bb6fa5b4ac453774e16e8

SHA1
99152050396b00c549ac1f0ecab7dd9bdcc2012c

SHA256
90b1a64378c471370bce3ff5fd0c4986170419645622e4c79eaae94128b4eed4

SHA512
19b2404207baaa304165f373e44fad72484142d54b6d127032023ad68d6ce1df6a3a168b6ead8bfad112538dcc3a79364bcfd99159ca435908c03b4d095c002e

Download Submit
C:\Windows\system\gfEDbKw.exe

Filesize
6.0MB

MD5
b50c2d77b426a9ea389961656021358e

SHA1
ca5d2e436dcde899ff7494364f92ae2ee42119f7

SHA256
b0fb12c4ccd29043e5b4d4e37dd82c659846475d526a16f699eedd83ea18189c

SHA512
256de6a9b2b5b537917a6adc4c02a2438c9c9489e5a659da28e159c9537ff382de37df85f765d5465a86ef0323ff999df0835ff21f1a00a0125a98fa86e3d041

Download Submit
C:\Windows\system\hTIPhSB.exe

Filesize
6.0MB

MD5
ec5d8ac908b6996c620042304f9d975b

SHA1
9e230da14974c2256c8184f3bd8686381c2c483c

SHA256
0ca44edf838586da375f82468fd4bfe2fe10ca95e86f8a3d8f27afefd7599852

SHA512
6cb3e7682aff9f963640d97c22236b56313b15a5e364276639ca5cc3aa85d2b7eb8cd503a3ba5eeb33a5790de3c9cc00d287fce59fdc8cc44bcd1a04a9800737

Download Submit
C:\Windows\system\hioWLlB.exe

Filesize
6.0MB

MD5
d2e8b94f14b4c70888d1042f4ed3a11c

SHA1
72723a2e44067e4654536878b765f13e4c2abb1b

SHA256
c79e692d1621b11c72ac225aaeb8ae7685ed3697db50d0de3bbd758ceed837d2

SHA512
1d8702a818da7c8a965df69dd9877ce372d987f96a2f34ef9efc46a2969086a550cbe1b53c9a83610da60c43ea955af178ecca595db0573812d34b9951b8f59c

Download Submit
C:\Windows\system\mDFChaN.exe

Filesize
6.0MB

MD5
540b7b0b64e351a527702d00c258b1e7

SHA1
e3086204527bcdae93c555b31e9cdd94d706dab5

SHA256
e1e836f6eb762ab134fbf54e21f7f27cf66a924c246401109fc3308b1a25af2d

SHA512
ac128b5251d9874b5cf3fbefd2e4b470414d78d51ed2569ea7f4d796d70f3e40a8d2ed1329a2ca2d8525aaf7e315f0d491a1a3c13aa398bc477906c74f4b7832

Download Submit
C:\Windows\system\nlynSJn.exe

Filesize
6.0MB

MD5
cb46d65219dbe2792781be385bac30d0

SHA1
3a80a2d7867c9b7c907aa27b2e94ce12f5e3e0b2

SHA256
3ba4aae645998149068541abec5e0ec6b10ef5d3a6699a2d88b3fa804a7924a6

SHA512
1ac113460d6a24feee74cad8de03efa820fb645be52e13242e76f035483de2ed378529bccdbee052886895f5bd8a765445c40c20070f4c66e47f5c82285f40bf

Download Submit
C:\Windows\system\oCYQfHA.exe

Filesize
6.0MB

MD5
3e0309dacd3f575f159b0a62b5daabd4

SHA1
3322175e702e2e7b6192e75f1a72b6d53a4ec434

SHA256
bf5a7902f599e1e8a3b99af1cb410d84ef33bcaab883db5a5b6c5f8a5c4ecca7

SHA512
4f8c8dc4e0edcd04a65331bf0344f38f7c2f1706304d843e7b8b5579ba33684da1fd2d4e3e623ca2d8886c98d56690404e1bd6de2694125dfb599bd537a63d24

Download Submit
C:\Windows\system\oHPQCWN.exe

Filesize
6.0MB

MD5
b5030306ee75d763040e3c7ccc3b4e4c

SHA1
8cb9f95f0cb1a52f9f30199be1539ea182a6a913

SHA256
8cb400ed10868117c54dfc52fe30f04d5f5a59033ab2b99c979c09165e978f90

SHA512
2cf596f8c481a13c033971fb46ddb73cc6c2ffdd409a4d22690e2ae44e76da52456e3ed120a859b987c98b83beb126a290db73c7a39cc06d552c44b898a1e678

Download Submit
C:\Windows\system\qKjAYMa.exe

Filesize
6.0MB

MD5
1e06bbbbc6f95a816a56455cd2ba6e46

SHA1
c087a51b07cb76bb7b0c36b5e2ef8d604325a556

SHA256
ed4e552c4c1391d564c7e608990a7d52f1c55c655c0fc26da648edf0ad6c70b7

SHA512
f94f8b3d47248641875c36d5e4a1ca764413a298af30253650165634ad7762083fabc18510b9e92a96b142679315ef5d192d78a4e6af5eb01408fe089a311101

Download Submit
C:\Windows\system\sVyFAqk.exe

Filesize
6.0MB

MD5
af4978c027760d23d15374472953ccef

SHA1
34e9d85c0554c9d19004de634486c3a8952d64ac

SHA256
d71bb39502c68fe14b47cebcb0cead894827417fd8a31461860a3df37d4dc092

SHA512
b1a87ee84d276aac5191f3e868ac46f3c0bf88df30bc9bede2ec2330790eea40205daeaa208f72e87a4c5733ea4df42544eda50106fb5210f91cf2466b879eef

Download Submit
C:\Windows\system\usKJHxn.exe

Filesize
6.0MB

MD5
ced5a871364055fe55951aae2a4ff5bf

SHA1
6e90655b846d69c3bdfb3252450d642d78e2d3ae

SHA256
d6c80ee19999de601576db54cbc773b20b49ad7b7c0c357e73fc2eb8d1791f83

SHA512
19efef1f01af10d46e5d82fea43706bd1fd7e3e661b03a433ffdb4b80dc142d59003ee54aa72e78e2f74114eb97cdac5e59a85d2c65c3f3398abe9642ba93db9

Download Submit
C:\Windows\system\vSoZxIr.exe

Filesize
6.0MB

MD5
21ad1ae881ae3f592a9529f4ed8104a0

SHA1
46a952567ba022a82f822367cf79547074308932

SHA256
59ca2c3ea8751cbb714b5879cc6df31f3b38e237452cefcf4d9fa009aee36c25

SHA512
805b9440a1d4e195102f5a3963926bbc132c03952b26b4e03366fb2e1758e757bd716bd9bed4a4b246a88da06b367c59714f4f0d287c7a4865581976f7aa468e

Download Submit
C:\Windows\system\yIhRTEB.exe

Filesize
6.0MB

MD5
cf25395d7f4db2718c19efa19654b7e4

SHA1
9f14aa790e1859f57ed7c2debfc453ba8ad806bf

SHA256
313e428525dcf596d2f2db43948d22150219c24b10e7428ce6efe22f116d96a5

SHA512
184297d6e46d3232a8be014b93c6526ab13f922386b27f1a4d31b05976b8d11ae50f28fdfaead59a3994935e729011da8d83a0d4773bd3429e724b37119a9438

Download Submit
C:\Windows\system\yUSQBRd.exe

Filesize
6.0MB

MD5
d025de70ef4fcaa94c2f16961aee13a2

SHA1
337a7d4ac7e4b921b8e90e51e5fdb8f159faa659

SHA256
7889a1fb02e21165e436a5a284bf49caf99d3dd6e64b0db5f1e6cef9d434e692

SHA512
c15dde8377b2edfe01ea9df98e7078d32af86e715578d0a662d34cdb2607b12b20aa47e5c9d8aa3a5e787ba0f6004473cc7f911a976f4b1bf4b0e4ec43148dcf

Download Submit
C:\Windows\system\zvGIRoL.exe

Filesize
6.0MB

MD5
4db66e27b4994619a203151dfbfaf3df

SHA1
db5b3db796108d8d5dd65de387b3e57e535e92bb

SHA256
2a6e95608870a60e2a9cc346e14e4fa4cbcf3017dfba06ca79efbb59842a4d72

SHA512
047d7a1b5ae2f4827df9dacbd3515aaa17c9ee6864d06e394431fe827263999d573b59d5804cdb51b9a059a4309d0f32257b863152b94c1c990d14cd60c4271e

Download Submit
C:\Windows\system\zyTLnhw.exe

Filesize
6.0MB

MD5
7d5706cb80f14f55313a4491a209c9cb

SHA1
94cc9ec23f282c291e652e8efd89ebb155f439bf

SHA256
e7494f085c2297b1d105d8563ba0b009b586834ad177ac441730650bd9ba8cf7

SHA512
db94090e14efe081b3519c298d7f59fda84182bbd6a12b0bb8c6662f9cf399e9e9afefae15f6655efa918b7a1d624b47e7fca892994efd46f42a7be8051e5fa9

Download Submit
\Windows\system\MYPSADj.exe

Filesize
6.0MB

MD5
c4e9ab6f812cfd53800c2296b524b46c

SHA1
c1c9819d0d8908b5dcac7611a584fa24f42c7a18

SHA256
e22fb647f576d52ec96e8c9a4b7c4f650237dc80da92a64a7422ece15412849c

SHA512
f5443d25caa091c0e713fd3539ac706a7a865080974fa92f33c0e0839eccc22f71d44a0220a945678c2b0477888d1934fcce86715b613e76a7db75ca52c393eb

Download Submit
memory/316-447-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/316-3836-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1216-3710-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1216-402-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1716-3718-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-441-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-455-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-3709-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-460-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-3838-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-3768-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-443-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1562-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-452-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2404-477-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2404-462-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2404-493-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-444-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2404-498-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2404-442-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2404-448-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2404-440-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2404-457-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-487-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2404-450-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1544-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2404-446-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1543-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2404-454-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1425-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1426-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1548-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1553-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1554-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1555-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1556-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1557-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1558-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1560-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1561-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2404-0-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1607-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1559-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2508-449-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2508-3839-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2532-3700-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-451-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-424-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3837-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2620-3701-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2620-445-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2800-472-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3707-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2892-453-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3840-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-480-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-3841-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-490-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-3699-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download