cobaltstrike | 6bc862ee0bbca9943f4326d55e2b8c2753a09bb3b750cb715b91d4b12585b6d1

Analysis

max time kernel
148s
max time network
127s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-12-2024 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

811777a7b7c03577893f5df3b768ebd5
SHA1

279ccabf44607a0b2d2b5c14b0c3945deebd3c1e
SHA256

6bc862ee0bbca9943f4326d55e2b8c2753a09bb3b750cb715b91d4b12585b6d1
SHA512

6852c476ff6ad1b54134f6db55cbb21fd26d0ff85b301211d90f94a4826100d7627e56ecc45bdf0d656febac24509ab90787c68e85dba5f0183dd01d0f1bb828
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUh:eOl56utgpPF8u/7h

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000800000001227e-3.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001756b-12.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-10.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186b7-23.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000016fc9-34.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-87.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-197.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-202.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-97.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b28-64.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-73.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c3-50.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b05-58.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186bb-40.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2448-2-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/files/0x000800000001227e-3.dat	xmrig
behavioral1/memory/2836-11-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2448-6-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2820-15-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x000900000001756b-12.dat	xmrig
behavioral1/files/0x0002000000018334-10.dat	xmrig
behavioral1/memory/2780-22-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x00060000000186b7-23.dat	xmrig
behavioral1/memory/2960-28-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2448-38-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2836-42-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2616-43-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2784-35-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x000d000000016fc9-34.dat	xmrig
behavioral1/memory/688-52-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2224-59-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2236-75-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-87.dat	xmrig
behavioral1/memory/2148-89-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c6-77.dat	xmrig
behavioral1/files/0x0005000000019643-106.dat	xmrig
behavioral1/files/0x0005000000019761-120.dat	xmrig
behavioral1/files/0x000500000001975a-115.dat	xmrig
behavioral1/files/0x00050000000197fd-126.dat	xmrig
behavioral1/files/0x0005000000019820-131.dat	xmrig
behavioral1/files/0x0005000000019fd4-182.dat	xmrig
behavioral1/files/0x000500000001a049-197.dat	xmrig
behavioral1/memory/1776-316-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2820-614-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2224-656-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2236-682-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/1776-709-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2836-1107-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2680-724-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/3036-702-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2148-699-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/964-669-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/688-646-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2616-632-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2784-623-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2960-616-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2680-318-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2148-251-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2448-218-0x00000000022A0000-0x00000000025F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a0b6-202.dat	xmrig
behavioral1/files/0x0005000000019fdd-187.dat	xmrig
behavioral1/files/0x000500000001a03c-192.dat	xmrig
behavioral1/files/0x0005000000019e92-177.dat	xmrig
behavioral1/files/0x0005000000019d62-168.dat	xmrig
behavioral1/files/0x0005000000019d6d-172.dat	xmrig
behavioral1/files/0x0005000000019c3c-156.dat	xmrig
behavioral1/memory/3036-164-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d61-162.dat	xmrig
behavioral1/files/0x0005000000019bf6-146.dat	xmrig
behavioral1/files/0x0005000000019bf9-151.dat	xmrig
behavioral1/files/0x0005000000019bf5-142.dat	xmrig
behavioral1/files/0x000500000001998d-136.dat	xmrig
behavioral1/memory/2236-123-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2680-108-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/964-107-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/1776-99-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2224-98-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-97.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2836	afWfLWv.exe
2820	VVjciqK.exe
2780	hGJfywV.exe
2960	MeCzZof.exe
2784	qDhwXth.exe
2616	vekWnlO.exe
688	XlAujLu.exe
2224	DWEOvUt.exe
964	BHUmdOe.exe
2236	FHymOyq.exe
3036	pPaKFtS.exe
2148	QZIUatc.exe
1776	fedjaCg.exe
2680	XsGASBB.exe
2716	TDwybUN.exe
1960	hVFYLMS.exe
2008	BJrDxcP.exe
572	GBgAkjj.exe
1632	xBIVzuX.exe
1956	olraAdn.exe
460	ZufHfZr.exe
620	pPivqcj.exe
2164	vbBhHDr.exe
1912	BmAyJhZ.exe
2356	kweRffi.exe
2556	WzMCfEi.exe
2452	czKPKis.exe
1616	NyNMsnm.exe
1864	PRcLPRf.exe
1012	TATRAxM.exe
1576	uwevKUQ.exe
1728	nejrlly.exe
1468	jmcCVeQ.exe
1476	dCiefSB.exe
2308	iobusHJ.exe
3068	lWPxMSb.exe
1684	GSaIfKj.exe
748	gPTLeWh.exe
2212	PmBaMEx.exe
1932	aePGmqI.exe
2052	tMUblFE.exe
556	fUnXmEp.exe
2548	BgGfUoV.exe
1224	DUTiFrz.exe
1032	CxrvaNs.exe
772	TaGuxDs.exe
884	pFsuLSU.exe
2712	aCwiQMJ.exe
2248	STVxMIL.exe
2092	DvOAApJ.exe
1552	AYKkItq.exe
2824	WiNlVdb.exe
2628	jgvmpsr.exe
2760	aMlEKNB.exe
1936	xCKrqLG.exe
2828	WPioDrn.exe
1564	iSQWCXK.exe
924	bUHRbrG.exe
2424	hAQSZqV.exe
2936	aOzCzVe.exe
2240	zIyRhke.exe
564	Xswtdmk.exe
940	YWPnEHq.exe
876	EAcgUfU.exe

Loads dropped DLL 64 IoCs

pid	Process
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2448-2-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/files/0x000800000001227e-3.dat	upx
behavioral1/memory/2836-11-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2448-6-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2820-15-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x000900000001756b-12.dat	upx
behavioral1/files/0x0002000000018334-10.dat	upx
behavioral1/memory/2780-22-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x00060000000186b7-23.dat	upx
behavioral1/memory/2960-28-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2448-38-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2836-42-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2616-43-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2784-35-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x000d000000016fc9-34.dat	upx
behavioral1/memory/688-52-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2224-59-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2236-75-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x00050000000195c7-87.dat	upx
behavioral1/memory/2148-89-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x00050000000195c6-77.dat	upx
behavioral1/files/0x0005000000019643-106.dat	upx
behavioral1/files/0x0005000000019761-120.dat	upx
behavioral1/files/0x000500000001975a-115.dat	upx
behavioral1/files/0x00050000000197fd-126.dat	upx
behavioral1/files/0x0005000000019820-131.dat	upx
behavioral1/files/0x0005000000019fd4-182.dat	upx
behavioral1/files/0x000500000001a049-197.dat	upx
behavioral1/memory/1776-316-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2820-614-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2224-656-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2236-682-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/1776-709-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2836-1107-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2680-724-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/3036-702-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2148-699-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/964-669-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/688-646-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2616-632-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2784-623-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2960-616-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2680-318-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2148-251-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x000500000001a0b6-202.dat	upx
behavioral1/files/0x0005000000019fdd-187.dat	upx
behavioral1/files/0x000500000001a03c-192.dat	upx
behavioral1/files/0x0005000000019e92-177.dat	upx
behavioral1/files/0x0005000000019d62-168.dat	upx
behavioral1/files/0x0005000000019d6d-172.dat	upx
behavioral1/files/0x0005000000019c3c-156.dat	upx
behavioral1/memory/3036-164-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x0005000000019d61-162.dat	upx
behavioral1/files/0x0005000000019bf6-146.dat	upx
behavioral1/files/0x0005000000019bf9-151.dat	upx
behavioral1/files/0x0005000000019bf5-142.dat	upx
behavioral1/files/0x000500000001998d-136.dat	upx
behavioral1/memory/2236-123-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2680-108-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/964-107-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/1776-99-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2224-98-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x000500000001960c-97.dat	upx
behavioral1/memory/3036-82-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CDgFCdy.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dnVSfTW.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWTmynI.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hJUBJtk.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jozJlwB.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZFrqBhl.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZMZWlYB.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IEypKIR.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RGJkkwF.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MhjWyIP.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sSiRIPK.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HXBFxbB.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VHhAoaj.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\grtfwHi.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aeGmmJj.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nFJGFCS.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dkIdQDK.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wnYAIVC.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HGzgFXV.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JYfXNae.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CnTmKqT.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVZMWQx.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yFNsXLJ.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\frPziYc.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pCqzodJ.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KODCrsG.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QUtSJYq.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hVmvzQC.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zRwrnDL.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZKefue.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BHUmdOe.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KyrUzVk.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XgHqryd.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XdOBZRU.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UfzlKIP.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFkwpmM.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKsEHHP.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\agILVtK.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zIyRhke.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kgrJQto.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PVyKjqN.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FLuBOQh.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtfeJvk.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXXNaUE.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nApLYyT.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zJoVFFK.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tFlVbxD.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHjyKXH.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YmEVxiG.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QnIdDsk.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xaIwiPU.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ySWFAbP.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pXgGtFP.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sHjDGRp.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PhSfain.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dhbQNxZ.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zAlYbuK.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pJJxPZN.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXbqUgb.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JrXkZPH.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqmPQkF.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HrXEXEu.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PwhOYNW.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LNopPpf.exe	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 2836	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2448 wrote to memory of 2836	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2448 wrote to memory of 2836	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2448 wrote to memory of 2820	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2448 wrote to memory of 2820	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2448 wrote to memory of 2820	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2448 wrote to memory of 2780	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2448 wrote to memory of 2780	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2448 wrote to memory of 2780	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2448 wrote to memory of 2960	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2448 wrote to memory of 2960	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2448 wrote to memory of 2960	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2448 wrote to memory of 2784	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2448 wrote to memory of 2784	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2448 wrote to memory of 2784	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2448 wrote to memory of 2616	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2448 wrote to memory of 2616	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2448 wrote to memory of 2616	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2448 wrote to memory of 688	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2448 wrote to memory of 688	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2448 wrote to memory of 688	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2448 wrote to memory of 2224	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2448 wrote to memory of 2224	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2448 wrote to memory of 2224	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2448 wrote to memory of 964	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2448 wrote to memory of 964	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2448 wrote to memory of 964	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2448 wrote to memory of 2236	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2448 wrote to memory of 2236	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2448 wrote to memory of 2236	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2448 wrote to memory of 3036	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2448 wrote to memory of 3036	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2448 wrote to memory of 3036	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2448 wrote to memory of 2148	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2448 wrote to memory of 2148	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2448 wrote to memory of 2148	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2448 wrote to memory of 1776	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2448 wrote to memory of 1776	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2448 wrote to memory of 1776	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2448 wrote to memory of 2680	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2448 wrote to memory of 2680	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2448 wrote to memory of 2680	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2448 wrote to memory of 2716	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2448 wrote to memory of 2716	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2448 wrote to memory of 2716	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2448 wrote to memory of 1960	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2448 wrote to memory of 1960	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2448 wrote to memory of 1960	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2448 wrote to memory of 2008	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2448 wrote to memory of 2008	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2448 wrote to memory of 2008	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2448 wrote to memory of 572	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2448 wrote to memory of 572	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2448 wrote to memory of 572	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2448 wrote to memory of 1632	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2448 wrote to memory of 1632	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2448 wrote to memory of 1632	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2448 wrote to memory of 1956	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2448 wrote to memory of 1956	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2448 wrote to memory of 1956	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2448 wrote to memory of 460	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2448 wrote to memory of 460	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2448 wrote to memory of 460	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2448 wrote to memory of 620	2448	2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-18_811777a7b7c03577893f5df3b768ebd5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Windows\System\afWfLWv.exe
  C:\Windows\System\afWfLWv.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\VVjciqK.exe
  C:\Windows\System\VVjciqK.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\hGJfywV.exe
  C:\Windows\System\hGJfywV.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\MeCzZof.exe
  C:\Windows\System\MeCzZof.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\qDhwXth.exe
  C:\Windows\System\qDhwXth.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\vekWnlO.exe
  C:\Windows\System\vekWnlO.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\XlAujLu.exe
  C:\Windows\System\XlAujLu.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\DWEOvUt.exe
  C:\Windows\System\DWEOvUt.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\BHUmdOe.exe
  C:\Windows\System\BHUmdOe.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\FHymOyq.exe
  C:\Windows\System\FHymOyq.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\pPaKFtS.exe
  C:\Windows\System\pPaKFtS.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\QZIUatc.exe
  C:\Windows\System\QZIUatc.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\fedjaCg.exe
  C:\Windows\System\fedjaCg.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\XsGASBB.exe
  C:\Windows\System\XsGASBB.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\TDwybUN.exe
  C:\Windows\System\TDwybUN.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\hVFYLMS.exe
  C:\Windows\System\hVFYLMS.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\BJrDxcP.exe
  C:\Windows\System\BJrDxcP.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\GBgAkjj.exe
  C:\Windows\System\GBgAkjj.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\xBIVzuX.exe
  C:\Windows\System\xBIVzuX.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\olraAdn.exe
  C:\Windows\System\olraAdn.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\ZufHfZr.exe
  C:\Windows\System\ZufHfZr.exe
  2⤵
  - Executes dropped EXE
  PID:460
- C:\Windows\System\pPivqcj.exe
  C:\Windows\System\pPivqcj.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\vbBhHDr.exe
  C:\Windows\System\vbBhHDr.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\BmAyJhZ.exe
  C:\Windows\System\BmAyJhZ.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\kweRffi.exe
  C:\Windows\System\kweRffi.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\WzMCfEi.exe
  C:\Windows\System\WzMCfEi.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\czKPKis.exe
  C:\Windows\System\czKPKis.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\NyNMsnm.exe
  C:\Windows\System\NyNMsnm.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\PRcLPRf.exe
  C:\Windows\System\PRcLPRf.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\TATRAxM.exe
  C:\Windows\System\TATRAxM.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\uwevKUQ.exe
  C:\Windows\System\uwevKUQ.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\nejrlly.exe
  C:\Windows\System\nejrlly.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\jmcCVeQ.exe
  C:\Windows\System\jmcCVeQ.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\dCiefSB.exe
  C:\Windows\System\dCiefSB.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\iobusHJ.exe
  C:\Windows\System\iobusHJ.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\lWPxMSb.exe
  C:\Windows\System\lWPxMSb.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\GSaIfKj.exe
  C:\Windows\System\GSaIfKj.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\gPTLeWh.exe
  C:\Windows\System\gPTLeWh.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\PmBaMEx.exe
  C:\Windows\System\PmBaMEx.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\aePGmqI.exe
  C:\Windows\System\aePGmqI.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\tMUblFE.exe
  C:\Windows\System\tMUblFE.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\fUnXmEp.exe
  C:\Windows\System\fUnXmEp.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\BgGfUoV.exe
  C:\Windows\System\BgGfUoV.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\DUTiFrz.exe
  C:\Windows\System\DUTiFrz.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\CxrvaNs.exe
  C:\Windows\System\CxrvaNs.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\TaGuxDs.exe
  C:\Windows\System\TaGuxDs.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\pFsuLSU.exe
  C:\Windows\System\pFsuLSU.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\aCwiQMJ.exe
  C:\Windows\System\aCwiQMJ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\STVxMIL.exe
  C:\Windows\System\STVxMIL.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\DvOAApJ.exe
  C:\Windows\System\DvOAApJ.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\AYKkItq.exe
  C:\Windows\System\AYKkItq.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\WiNlVdb.exe
  C:\Windows\System\WiNlVdb.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\jgvmpsr.exe
  C:\Windows\System\jgvmpsr.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\aMlEKNB.exe
  C:\Windows\System\aMlEKNB.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\xCKrqLG.exe
  C:\Windows\System\xCKrqLG.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\WPioDrn.exe
  C:\Windows\System\WPioDrn.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\iSQWCXK.exe
  C:\Windows\System\iSQWCXK.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\bUHRbrG.exe
  C:\Windows\System\bUHRbrG.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\hAQSZqV.exe
  C:\Windows\System\hAQSZqV.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\aOzCzVe.exe
  C:\Windows\System\aOzCzVe.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\zIyRhke.exe
  C:\Windows\System\zIyRhke.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\Xswtdmk.exe
  C:\Windows\System\Xswtdmk.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\YWPnEHq.exe
  C:\Windows\System\YWPnEHq.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\EAcgUfU.exe
  C:\Windows\System\EAcgUfU.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\NlCRmDY.exe
  C:\Windows\System\NlCRmDY.exe
  2⤵
  PID:2368
- C:\Windows\System\tFlVbxD.exe
  C:\Windows\System\tFlVbxD.exe
  2⤵
  PID:2364
- C:\Windows\System\yyIfsby.exe
  C:\Windows\System\yyIfsby.exe
  2⤵
  PID:2284
- C:\Windows\System\DSlAmuT.exe
  C:\Windows\System\DSlAmuT.exe
  2⤵
  PID:2244
- C:\Windows\System\tqmPQkF.exe
  C:\Windows\System\tqmPQkF.exe
  2⤵
  PID:1328
- C:\Windows\System\mwjtwFX.exe
  C:\Windows\System\mwjtwFX.exe
  2⤵
  PID:1980
- C:\Windows\System\wuFBfBg.exe
  C:\Windows\System\wuFBfBg.exe
  2⤵
  PID:1952
- C:\Windows\System\AaskdHf.exe
  C:\Windows\System\AaskdHf.exe
  2⤵
  PID:1688
- C:\Windows\System\HcRFEvr.exe
  C:\Windows\System\HcRFEvr.exe
  2⤵
  PID:1680
- C:\Windows\System\VTQCwpc.exe
  C:\Windows\System\VTQCwpc.exe
  2⤵
  PID:2596
- C:\Windows\System\dtdfDhm.exe
  C:\Windows\System\dtdfDhm.exe
  2⤵
  PID:112
- C:\Windows\System\KyrUzVk.exe
  C:\Windows\System\KyrUzVk.exe
  2⤵
  PID:1560
- C:\Windows\System\tiRhXaD.exe
  C:\Windows\System\tiRhXaD.exe
  2⤵
  PID:1320
- C:\Windows\System\MiFYpvU.exe
  C:\Windows\System\MiFYpvU.exe
  2⤵
  PID:1020
- C:\Windows\System\SKwFBIQ.exe
  C:\Windows\System\SKwFBIQ.exe
  2⤵
  PID:2420
- C:\Windows\System\nhjZQfZ.exe
  C:\Windows\System\nhjZQfZ.exe
  2⤵
  PID:1808
- C:\Windows\System\ftSyQbg.exe
  C:\Windows\System\ftSyQbg.exe
  2⤵
  PID:1504
- C:\Windows\System\OzmiYyI.exe
  C:\Windows\System\OzmiYyI.exe
  2⤵
  PID:2896
- C:\Windows\System\UWSdBtV.exe
  C:\Windows\System\UWSdBtV.exe
  2⤵
  PID:1824
- C:\Windows\System\PxDezgC.exe
  C:\Windows\System\PxDezgC.exe
  2⤵
  PID:2876
- C:\Windows\System\wvQfSWa.exe
  C:\Windows\System\wvQfSWa.exe
  2⤵
  PID:2072
- C:\Windows\System\foIDLag.exe
  C:\Windows\System\foIDLag.exe
  2⤵
  PID:1240
- C:\Windows\System\ITZadtD.exe
  C:\Windows\System\ITZadtD.exe
  2⤵
  PID:2200
- C:\Windows\System\ywcWKza.exe
  C:\Windows\System\ywcWKza.exe
  2⤵
  PID:1308
- C:\Windows\System\IYjOwvB.exe
  C:\Windows\System\IYjOwvB.exe
  2⤵
  PID:2544
- C:\Windows\System\zSYdBHH.exe
  C:\Windows\System\zSYdBHH.exe
  2⤵
  PID:2108
- C:\Windows\System\iIbPQys.exe
  C:\Windows\System\iIbPQys.exe
  2⤵
  PID:2144
- C:\Windows\System\VLcmniz.exe
  C:\Windows\System\VLcmniz.exe
  2⤵
  PID:1668
- C:\Windows\System\ZbNrfbF.exe
  C:\Windows\System\ZbNrfbF.exe
  2⤵
  PID:1676
- C:\Windows\System\YEtQxbK.exe
  C:\Windows\System\YEtQxbK.exe
  2⤵
  PID:2992
- C:\Windows\System\KJhXZnI.exe
  C:\Windows\System\KJhXZnI.exe
  2⤵
  PID:1736
- C:\Windows\System\onYQoWg.exe
  C:\Windows\System\onYQoWg.exe
  2⤵
  PID:1756
- C:\Windows\System\oJykDmk.exe
  C:\Windows\System\oJykDmk.exe
  2⤵
  PID:2552
- C:\Windows\System\kgrJQto.exe
  C:\Windows\System\kgrJQto.exe
  2⤵
  PID:2584
- C:\Windows\System\BXOXdRW.exe
  C:\Windows\System\BXOXdRW.exe
  2⤵
  PID:304
- C:\Windows\System\SstiALr.exe
  C:\Windows\System\SstiALr.exe
  2⤵
  PID:3084
- C:\Windows\System\jzpGSjG.exe
  C:\Windows\System\jzpGSjG.exe
  2⤵
  PID:3108
- C:\Windows\System\azVrWJk.exe
  C:\Windows\System\azVrWJk.exe
  2⤵
  PID:3128
- C:\Windows\System\dPWnhjx.exe
  C:\Windows\System\dPWnhjx.exe
  2⤵
  PID:3148
- C:\Windows\System\itmZAdi.exe
  C:\Windows\System\itmZAdi.exe
  2⤵
  PID:3164
- C:\Windows\System\rxFMtrO.exe
  C:\Windows\System\rxFMtrO.exe
  2⤵
  PID:3184
- C:\Windows\System\DwKLipd.exe
  C:\Windows\System\DwKLipd.exe
  2⤵
  PID:3204
- C:\Windows\System\bbfHAaQ.exe
  C:\Windows\System\bbfHAaQ.exe
  2⤵
  PID:3228
- C:\Windows\System\QRfQzPU.exe
  C:\Windows\System\QRfQzPU.exe
  2⤵
  PID:3248
- C:\Windows\System\DwGHDQf.exe
  C:\Windows\System\DwGHDQf.exe
  2⤵
  PID:3268
- C:\Windows\System\oXuMOCZ.exe
  C:\Windows\System\oXuMOCZ.exe
  2⤵
  PID:3288
- C:\Windows\System\OGLpspb.exe
  C:\Windows\System\OGLpspb.exe
  2⤵
  PID:3308
- C:\Windows\System\NOjuzBL.exe
  C:\Windows\System\NOjuzBL.exe
  2⤵
  PID:3332
- C:\Windows\System\CtCguOQ.exe
  C:\Windows\System\CtCguOQ.exe
  2⤵
  PID:3352
- C:\Windows\System\qfcXkXz.exe
  C:\Windows\System\qfcXkXz.exe
  2⤵
  PID:3372
- C:\Windows\System\aLsAbgZ.exe
  C:\Windows\System\aLsAbgZ.exe
  2⤵
  PID:3392
- C:\Windows\System\bzPxkOi.exe
  C:\Windows\System\bzPxkOi.exe
  2⤵
  PID:3412
- C:\Windows\System\HytRnbo.exe
  C:\Windows\System\HytRnbo.exe
  2⤵
  PID:3436
- C:\Windows\System\CvBpOWd.exe
  C:\Windows\System\CvBpOWd.exe
  2⤵
  PID:3452
- C:\Windows\System\aiXmQeL.exe
  C:\Windows\System\aiXmQeL.exe
  2⤵
  PID:3476
- C:\Windows\System\SkOQYpE.exe
  C:\Windows\System\SkOQYpE.exe
  2⤵
  PID:3492
- C:\Windows\System\niJhMQz.exe
  C:\Windows\System\niJhMQz.exe
  2⤵
  PID:3516
- C:\Windows\System\pgccTcS.exe
  C:\Windows\System\pgccTcS.exe
  2⤵
  PID:3536
- C:\Windows\System\XWXFaYM.exe
  C:\Windows\System\XWXFaYM.exe
  2⤵
  PID:3556
- C:\Windows\System\SmeGKNx.exe
  C:\Windows\System\SmeGKNx.exe
  2⤵
  PID:3576
- C:\Windows\System\BKafJKg.exe
  C:\Windows\System\BKafJKg.exe
  2⤵
  PID:3596
- C:\Windows\System\kInNbha.exe
  C:\Windows\System\kInNbha.exe
  2⤵
  PID:3616
- C:\Windows\System\CdQbhIG.exe
  C:\Windows\System\CdQbhIG.exe
  2⤵
  PID:3640
- C:\Windows\System\jyfpddY.exe
  C:\Windows\System\jyfpddY.exe
  2⤵
  PID:3660
- C:\Windows\System\AOAknms.exe
  C:\Windows\System\AOAknms.exe
  2⤵
  PID:3680
- C:\Windows\System\uqlpjIe.exe
  C:\Windows\System\uqlpjIe.exe
  2⤵
  PID:3700
- C:\Windows\System\tITVtJJ.exe
  C:\Windows\System\tITVtJJ.exe
  2⤵
  PID:3720
- C:\Windows\System\CytRlKq.exe
  C:\Windows\System\CytRlKq.exe
  2⤵
  PID:3736
- C:\Windows\System\zsjYGur.exe
  C:\Windows\System\zsjYGur.exe
  2⤵
  PID:3760
- C:\Windows\System\CnEhbaq.exe
  C:\Windows\System\CnEhbaq.exe
  2⤵
  PID:3780
- C:\Windows\System\yXQIxxo.exe
  C:\Windows\System\yXQIxxo.exe
  2⤵
  PID:3800
- C:\Windows\System\OQLgjOC.exe
  C:\Windows\System\OQLgjOC.exe
  2⤵
  PID:3820
- C:\Windows\System\BRvIOaf.exe
  C:\Windows\System\BRvIOaf.exe
  2⤵
  PID:3840
- C:\Windows\System\mUxxWAu.exe
  C:\Windows\System\mUxxWAu.exe
  2⤵
  PID:3860
- C:\Windows\System\nkXHhRb.exe
  C:\Windows\System\nkXHhRb.exe
  2⤵
  PID:3884
- C:\Windows\System\TTAQlKb.exe
  C:\Windows\System\TTAQlKb.exe
  2⤵
  PID:3904
- C:\Windows\System\BgYuRxK.exe
  C:\Windows\System\BgYuRxK.exe
  2⤵
  PID:3924
- C:\Windows\System\uXppPwf.exe
  C:\Windows\System\uXppPwf.exe
  2⤵
  PID:3944
- C:\Windows\System\pJNLVCX.exe
  C:\Windows\System\pJNLVCX.exe
  2⤵
  PID:3964
- C:\Windows\System\DqQcdGo.exe
  C:\Windows\System\DqQcdGo.exe
  2⤵
  PID:3984
- C:\Windows\System\gzFFeRB.exe
  C:\Windows\System\gzFFeRB.exe
  2⤵
  PID:4008
- C:\Windows\System\grcXAXy.exe
  C:\Windows\System\grcXAXy.exe
  2⤵
  PID:4028
- C:\Windows\System\hwfnMUd.exe
  C:\Windows\System\hwfnMUd.exe
  2⤵
  PID:4048
- C:\Windows\System\qJPztck.exe
  C:\Windows\System\qJPztck.exe
  2⤵
  PID:4068
- C:\Windows\System\uCkYGKS.exe
  C:\Windows\System\uCkYGKS.exe
  2⤵
  PID:4088
- C:\Windows\System\QoSZuSg.exe
  C:\Windows\System\QoSZuSg.exe
  2⤵
  PID:2520
- C:\Windows\System\JTvwUcd.exe
  C:\Windows\System\JTvwUcd.exe
  2⤵
  PID:2252
- C:\Windows\System\doMgUAd.exe
  C:\Windows\System\doMgUAd.exe
  2⤵
  PID:2344
- C:\Windows\System\FcIQPGr.exe
  C:\Windows\System\FcIQPGr.exe
  2⤵
  PID:520
- C:\Windows\System\Gqmnfiu.exe
  C:\Windows\System\Gqmnfiu.exe
  2⤵
  PID:2920
- C:\Windows\System\CDgFCdy.exe
  C:\Windows\System\CDgFCdy.exe
  2⤵
  PID:1868
- C:\Windows\System\OHnQHfw.exe
  C:\Windows\System\OHnQHfw.exe
  2⤵
  PID:1292
- C:\Windows\System\KDFGvds.exe
  C:\Windows\System\KDFGvds.exe
  2⤵
  PID:2272
- C:\Windows\System\woNaYbO.exe
  C:\Windows\System\woNaYbO.exe
  2⤵
  PID:2056
- C:\Windows\System\rJcfKDU.exe
  C:\Windows\System\rJcfKDU.exe
  2⤵
  PID:1992
- C:\Windows\System\oRNVzKG.exe
  C:\Windows\System\oRNVzKG.exe
  2⤵
  PID:2268
- C:\Windows\System\xoaLvoM.exe
  C:\Windows\System\xoaLvoM.exe
  2⤵
  PID:1496
- C:\Windows\System\gIzqdIn.exe
  C:\Windows\System\gIzqdIn.exe
  2⤵
  PID:3080
- C:\Windows\System\PDgvXXZ.exe
  C:\Windows\System\PDgvXXZ.exe
  2⤵
  PID:3116
- C:\Windows\System\vNDIKGG.exe
  C:\Windows\System\vNDIKGG.exe
  2⤵
  PID:3180
- C:\Windows\System\iBfSCfG.exe
  C:\Windows\System\iBfSCfG.exe
  2⤵
  PID:3160
- C:\Windows\System\kXUEnRv.exe
  C:\Windows\System\kXUEnRv.exe
  2⤵
  PID:3200
- C:\Windows\System\XbhokoT.exe
  C:\Windows\System\XbhokoT.exe
  2⤵
  PID:3500
- C:\Windows\System\wxRuCne.exe
  C:\Windows\System\wxRuCne.exe
  2⤵
  PID:3488
- C:\Windows\System\xewmfDY.exe
  C:\Windows\System\xewmfDY.exe
  2⤵
  PID:3528
- C:\Windows\System\qKcZmiK.exe
  C:\Windows\System\qKcZmiK.exe
  2⤵
  PID:3568
- C:\Windows\System\eHrikUA.exe
  C:\Windows\System\eHrikUA.exe
  2⤵
  PID:3628
- C:\Windows\System\COgDeKF.exe
  C:\Windows\System\COgDeKF.exe
  2⤵
  PID:3648
- C:\Windows\System\mtFOMbc.exe
  C:\Windows\System\mtFOMbc.exe
  2⤵
  PID:3696
- C:\Windows\System\msbLFbN.exe
  C:\Windows\System\msbLFbN.exe
  2⤵
  PID:3744
- C:\Windows\System\rKLsAOl.exe
  C:\Windows\System\rKLsAOl.exe
  2⤵
  PID:3876
- C:\Windows\System\CgZRKtx.exe
  C:\Windows\System\CgZRKtx.exe
  2⤵
  PID:3776
- C:\Windows\System\hRsIPWM.exe
  C:\Windows\System\hRsIPWM.exe
  2⤵
  PID:3836
- C:\Windows\System\rtZiowm.exe
  C:\Windows\System\rtZiowm.exe
  2⤵
  PID:3880
- C:\Windows\System\GoVYBXx.exe
  C:\Windows\System\GoVYBXx.exe
  2⤵
  PID:3900
- C:\Windows\System\gBKmMaE.exe
  C:\Windows\System\gBKmMaE.exe
  2⤵
  PID:3896
- C:\Windows\System\ZpXuINT.exe
  C:\Windows\System\ZpXuINT.exe
  2⤵
  PID:3936
- C:\Windows\System\ORGzANh.exe
  C:\Windows\System\ORGzANh.exe
  2⤵
  PID:3976
- C:\Windows\System\XFNulur.exe
  C:\Windows\System\XFNulur.exe
  2⤵
  PID:4076
- C:\Windows\System\IOCUNiT.exe
  C:\Windows\System\IOCUNiT.exe
  2⤵
  PID:4064
- C:\Windows\System\ktrGYzS.exe
  C:\Windows\System\ktrGYzS.exe
  2⤵
  PID:1940
- C:\Windows\System\OhABQtH.exe
  C:\Windows\System\OhABQtH.exe
  2⤵
  PID:2656
- C:\Windows\System\wyhqiKw.exe
  C:\Windows\System\wyhqiKw.exe
  2⤵
  PID:2508
- C:\Windows\System\DKSjQrQ.exe
  C:\Windows\System\DKSjQrQ.exe
  2⤵
  PID:1928
- C:\Windows\System\ZxaDizg.exe
  C:\Windows\System\ZxaDizg.exe
  2⤵
  PID:2096
- C:\Windows\System\lYbevJc.exe
  C:\Windows\System\lYbevJc.exe
  2⤵
  PID:1972
- C:\Windows\System\tnSTVfJ.exe
  C:\Windows\System\tnSTVfJ.exe
  2⤵
  PID:2352
- C:\Windows\System\QVZMWQx.exe
  C:\Windows\System\QVZMWQx.exe
  2⤵
  PID:3008
- C:\Windows\System\DfiPTfv.exe
  C:\Windows\System\DfiPTfv.exe
  2⤵
  PID:3124
- C:\Windows\System\WMRrsuX.exe
  C:\Windows\System\WMRrsuX.exe
  2⤵
  PID:3216
- C:\Windows\System\iYROPjY.exe
  C:\Windows\System\iYROPjY.exe
  2⤵
  PID:3304
- C:\Windows\System\JFqDjkp.exe
  C:\Windows\System\JFqDjkp.exe
  2⤵
  PID:2900
- C:\Windows\System\HrXEXEu.exe
  C:\Windows\System\HrXEXEu.exe
  2⤵
  PID:3348
- C:\Windows\System\CxFSoxg.exe
  C:\Windows\System\CxFSoxg.exe
  2⤵
  PID:3024
- C:\Windows\System\QcbERyE.exe
  C:\Windows\System\QcbERyE.exe
  2⤵
  PID:2000
- C:\Windows\System\TbpXaIK.exe
  C:\Windows\System\TbpXaIK.exe
  2⤵
  PID:3388
- C:\Windows\System\rRnxZmu.exe
  C:\Windows\System\rRnxZmu.exe
  2⤵
  PID:2300
- C:\Windows\System\SChPVjV.exe
  C:\Windows\System\SChPVjV.exe
  2⤵
  PID:1700
- C:\Windows\System\ENhtAcq.exe
  C:\Windows\System\ENhtAcq.exe
  2⤵
  PID:1160
- C:\Windows\System\FMdFaxF.exe
  C:\Windows\System\FMdFaxF.exe
  2⤵
  PID:3428
- C:\Windows\System\LDmmSrj.exe
  C:\Windows\System\LDmmSrj.exe
  2⤵
  PID:3408
- C:\Windows\System\XgHqryd.exe
  C:\Windows\System\XgHqryd.exe
  2⤵
  PID:2724
- C:\Windows\System\MjoXwKF.exe
  C:\Windows\System\MjoXwKF.exe
  2⤵
  PID:1312
- C:\Windows\System\iUHTGYV.exe
  C:\Windows\System\iUHTGYV.exe
  2⤵
  PID:3448
- C:\Windows\System\FyuhKbp.exe
  C:\Windows\System\FyuhKbp.exe
  2⤵
  PID:3484
- C:\Windows\System\ckADQtm.exe
  C:\Windows\System\ckADQtm.exe
  2⤵
  PID:3672
- C:\Windows\System\lkonDqS.exe
  C:\Windows\System\lkonDqS.exe
  2⤵
  PID:3688
- C:\Windows\System\WMQUJed.exe
  C:\Windows\System\WMQUJed.exe
  2⤵
  PID:3708
- C:\Windows\System\xunxRyz.exe
  C:\Windows\System\xunxRyz.exe
  2⤵
  PID:3808
- C:\Windows\System\ikiLQDE.exe
  C:\Windows\System\ikiLQDE.exe
  2⤵
  PID:3812
- C:\Windows\System\CCyOyVP.exe
  C:\Windows\System\CCyOyVP.exe
  2⤵
  PID:3856
- C:\Windows\System\mGjYBSA.exe
  C:\Windows\System\mGjYBSA.exe
  2⤵
  PID:3940
- C:\Windows\System\uXfirdc.exe
  C:\Windows\System\uXfirdc.exe
  2⤵
  PID:4036
- C:\Windows\System\XscvVlq.exe
  C:\Windows\System\XscvVlq.exe
  2⤵
  PID:4080
- C:\Windows\System\oDfuhtZ.exe
  C:\Windows\System\oDfuhtZ.exe
  2⤵
  PID:2340
- C:\Windows\System\yWMfdyU.exe
  C:\Windows\System\yWMfdyU.exe
  2⤵
  PID:1800
- C:\Windows\System\FNUXAWk.exe
  C:\Windows\System\FNUXAWk.exe
  2⤵
  PID:864
- C:\Windows\System\ZMZWlYB.exe
  C:\Windows\System\ZMZWlYB.exe
  2⤵
  PID:1916
- C:\Windows\System\IVZHwhn.exe
  C:\Windows\System\IVZHwhn.exe
  2⤵
  PID:1492
- C:\Windows\System\WdZHKCJ.exe
  C:\Windows\System\WdZHKCJ.exe
  2⤵
  PID:3212
- C:\Windows\System\GGLCWLS.exe
  C:\Windows\System\GGLCWLS.exe
  2⤵
  PID:3244
- C:\Windows\System\fuXFGqY.exe
  C:\Windows\System\fuXFGqY.exe
  2⤵
  PID:3156
- C:\Windows\System\niidYUO.exe
  C:\Windows\System\niidYUO.exe
  2⤵
  PID:2372
- C:\Windows\System\BPLafPs.exe
  C:\Windows\System\BPLafPs.exe
  2⤵
  PID:3344
- C:\Windows\System\CxRtKKb.exe
  C:\Windows\System\CxRtKKb.exe
  2⤵
  PID:756
- C:\Windows\System\hnkVjHd.exe
  C:\Windows\System\hnkVjHd.exe
  2⤵
  PID:2432
- C:\Windows\System\xAJbhSk.exe
  C:\Windows\System\xAJbhSk.exe
  2⤵
  PID:2848
- C:\Windows\System\cfmjZxX.exe
  C:\Windows\System\cfmjZxX.exe
  2⤵
  PID:2744
- C:\Windows\System\XSclDER.exe
  C:\Windows\System\XSclDER.exe
  2⤵
  PID:2688
- C:\Windows\System\fJKHWyo.exe
  C:\Windows\System\fJKHWyo.exe
  2⤵
  PID:1116
- C:\Windows\System\AlCbEVd.exe
  C:\Windows\System\AlCbEVd.exe
  2⤵
  PID:3444
- C:\Windows\System\kOGCspA.exe
  C:\Windows\System\kOGCspA.exe
  2⤵
  PID:3572
- C:\Windows\System\sHjDGRp.exe
  C:\Windows\System\sHjDGRp.exe
  2⤵
  PID:3748
- C:\Windows\System\jlBOJWN.exe
  C:\Windows\System\jlBOJWN.exe
  2⤵
  PID:3712
- C:\Windows\System\YasUltz.exe
  C:\Windows\System\YasUltz.exe
  2⤵
  PID:3796
- C:\Windows\System\izKGlBJ.exe
  C:\Windows\System\izKGlBJ.exe
  2⤵
  PID:3956
- C:\Windows\System\oifVOws.exe
  C:\Windows\System\oifVOws.exe
  2⤵
  PID:3980
- C:\Windows\System\rNFTYta.exe
  C:\Windows\System\rNFTYta.exe
  2⤵
  PID:2416
- C:\Windows\System\JrdmwCH.exe
  C:\Windows\System\JrdmwCH.exe
  2⤵
  PID:1540
- C:\Windows\System\qKmwHOM.exe
  C:\Windows\System\qKmwHOM.exe
  2⤵
  PID:2256
- C:\Windows\System\BmQNeeO.exe
  C:\Windows\System\BmQNeeO.exe
  2⤵
  PID:3096
- C:\Windows\System\KuBNVxk.exe
  C:\Windows\System\KuBNVxk.exe
  2⤵
  PID:3260
- C:\Windows\System\UcMrMnv.exe
  C:\Windows\System\UcMrMnv.exe
  2⤵
  PID:2840
- C:\Windows\System\cHQKfbT.exe
  C:\Windows\System\cHQKfbT.exe
  2⤵
  PID:1988
- C:\Windows\System\NdDOiYh.exe
  C:\Windows\System\NdDOiYh.exe
  2⤵
  PID:796
- C:\Windows\System\gMvNUWF.exe
  C:\Windows\System\gMvNUWF.exe
  2⤵
  PID:1708
- C:\Windows\System\vXyCCnh.exe
  C:\Windows\System\vXyCCnh.exe
  2⤵
  PID:2684
- C:\Windows\System\IZUMzGR.exe
  C:\Windows\System\IZUMzGR.exe
  2⤵
  PID:3404
- C:\Windows\System\XFAWqVw.exe
  C:\Windows\System\XFAWqVw.exe
  2⤵
  PID:3652
- C:\Windows\System\djYgiEZ.exe
  C:\Windows\System\djYgiEZ.exe
  2⤵
  PID:3624
- C:\Windows\System\wRdEbkY.exe
  C:\Windows\System\wRdEbkY.exe
  2⤵
  PID:3656
- C:\Windows\System\reCuEBX.exe
  C:\Windows\System\reCuEBX.exe
  2⤵
  PID:2800
- C:\Windows\System\HTqWkJB.exe
  C:\Windows\System\HTqWkJB.exe
  2⤵
  PID:4044
- C:\Windows\System\UIkciwk.exe
  C:\Windows\System\UIkciwk.exe
  2⤵
  PID:2792
- C:\Windows\System\NdytYUt.exe
  C:\Windows\System\NdytYUt.exe
  2⤵
  PID:516
- C:\Windows\System\VJtGmny.exe
  C:\Windows\System\VJtGmny.exe
  2⤵
  PID:3092
- C:\Windows\System\BbxiZeW.exe
  C:\Windows\System\BbxiZeW.exe
  2⤵
  PID:1816
- C:\Windows\System\GWIAGuu.exe
  C:\Windows\System\GWIAGuu.exe
  2⤵
  PID:2004
- C:\Windows\System\rnUtoyr.exe
  C:\Windows\System\rnUtoyr.exe
  2⤵
  PID:2640
- C:\Windows\System\SPeNYSH.exe
  C:\Windows\System\SPeNYSH.exe
  2⤵
  PID:3512
- C:\Windows\System\ZZXCLME.exe
  C:\Windows\System\ZZXCLME.exe
  2⤵
  PID:2636
- C:\Windows\System\EyMwXZe.exe
  C:\Windows\System\EyMwXZe.exe
  2⤵
  PID:3916
- C:\Windows\System\qwqtmft.exe
  C:\Windows\System\qwqtmft.exe
  2⤵
  PID:2904
- C:\Windows\System\eoQPJea.exe
  C:\Windows\System\eoQPJea.exe
  2⤵
  PID:2384
- C:\Windows\System\sgLsfpJ.exe
  C:\Windows\System\sgLsfpJ.exe
  2⤵
  PID:4108
- C:\Windows\System\FEJQVxR.exe
  C:\Windows\System\FEJQVxR.exe
  2⤵
  PID:4128
- C:\Windows\System\PAPfAnq.exe
  C:\Windows\System\PAPfAnq.exe
  2⤵
  PID:4148
- C:\Windows\System\mgyXjGg.exe
  C:\Windows\System\mgyXjGg.exe
  2⤵
  PID:4164
- C:\Windows\System\WMIekAs.exe
  C:\Windows\System\WMIekAs.exe
  2⤵
  PID:4188
- C:\Windows\System\fSkakGG.exe
  C:\Windows\System\fSkakGG.exe
  2⤵
  PID:4208
- C:\Windows\System\miwnxBY.exe
  C:\Windows\System\miwnxBY.exe
  2⤵
  PID:4228
- C:\Windows\System\ZLnaTaa.exe
  C:\Windows\System\ZLnaTaa.exe
  2⤵
  PID:4248
- C:\Windows\System\PcWDZhV.exe
  C:\Windows\System\PcWDZhV.exe
  2⤵
  PID:4268
- C:\Windows\System\UwTeXGq.exe
  C:\Windows\System\UwTeXGq.exe
  2⤵
  PID:4288
- C:\Windows\System\nhRdGEj.exe
  C:\Windows\System\nhRdGEj.exe
  2⤵
  PID:4308
- C:\Windows\System\yFNsXLJ.exe
  C:\Windows\System\yFNsXLJ.exe
  2⤵
  PID:4332
- C:\Windows\System\kWTmynI.exe
  C:\Windows\System\kWTmynI.exe
  2⤵
  PID:4352
- C:\Windows\System\DkBakPn.exe
  C:\Windows\System\DkBakPn.exe
  2⤵
  PID:4372
- C:\Windows\System\wBtlHsV.exe
  C:\Windows\System\wBtlHsV.exe
  2⤵
  PID:4392
- C:\Windows\System\PhSfain.exe
  C:\Windows\System\PhSfain.exe
  2⤵
  PID:4408
- C:\Windows\System\uBKHYnd.exe
  C:\Windows\System\uBKHYnd.exe
  2⤵
  PID:4432
- C:\Windows\System\ePfWNfA.exe
  C:\Windows\System\ePfWNfA.exe
  2⤵
  PID:4452
- C:\Windows\System\hRDUNoo.exe
  C:\Windows\System\hRDUNoo.exe
  2⤵
  PID:4472
- C:\Windows\System\qHLZGOV.exe
  C:\Windows\System\qHLZGOV.exe
  2⤵
  PID:4492
- C:\Windows\System\QcCyeIk.exe
  C:\Windows\System\QcCyeIk.exe
  2⤵
  PID:4512
- C:\Windows\System\kFtHrEe.exe
  C:\Windows\System\kFtHrEe.exe
  2⤵
  PID:4532
- C:\Windows\System\aeGmmJj.exe
  C:\Windows\System\aeGmmJj.exe
  2⤵
  PID:4552
- C:\Windows\System\CnYFtNF.exe
  C:\Windows\System\CnYFtNF.exe
  2⤵
  PID:4568
- C:\Windows\System\lSFKJai.exe
  C:\Windows\System\lSFKJai.exe
  2⤵
  PID:4592
- C:\Windows\System\DqlDRSu.exe
  C:\Windows\System\DqlDRSu.exe
  2⤵
  PID:4612
- C:\Windows\System\onTqNWV.exe
  C:\Windows\System\onTqNWV.exe
  2⤵
  PID:4632
- C:\Windows\System\aLjaDzk.exe
  C:\Windows\System\aLjaDzk.exe
  2⤵
  PID:4652
- C:\Windows\System\xKRcCPd.exe
  C:\Windows\System\xKRcCPd.exe
  2⤵
  PID:4672
- C:\Windows\System\JODqriD.exe
  C:\Windows\System\JODqriD.exe
  2⤵
  PID:4696
- C:\Windows\System\XwcjpGz.exe
  C:\Windows\System\XwcjpGz.exe
  2⤵
  PID:4716
- C:\Windows\System\BGyCMjT.exe
  C:\Windows\System\BGyCMjT.exe
  2⤵
  PID:4736
- C:\Windows\System\PDkGnzH.exe
  C:\Windows\System\PDkGnzH.exe
  2⤵
  PID:4756
- C:\Windows\System\pJkaBzz.exe
  C:\Windows\System\pJkaBzz.exe
  2⤵
  PID:4776
- C:\Windows\System\ltOwBon.exe
  C:\Windows\System\ltOwBon.exe
  2⤵
  PID:4796
- C:\Windows\System\HozCYBy.exe
  C:\Windows\System\HozCYBy.exe
  2⤵
  PID:4816
- C:\Windows\System\ICYyvHi.exe
  C:\Windows\System\ICYyvHi.exe
  2⤵
  PID:4836
- C:\Windows\System\QvQjgKD.exe
  C:\Windows\System\QvQjgKD.exe
  2⤵
  PID:4856
- C:\Windows\System\ObEuTAh.exe
  C:\Windows\System\ObEuTAh.exe
  2⤵
  PID:4876
- C:\Windows\System\LTbSMxw.exe
  C:\Windows\System\LTbSMxw.exe
  2⤵
  PID:4896
- C:\Windows\System\wBwvMbj.exe
  C:\Windows\System\wBwvMbj.exe
  2⤵
  PID:4916
- C:\Windows\System\assAXPy.exe
  C:\Windows\System\assAXPy.exe
  2⤵
  PID:4936
- C:\Windows\System\BXhARTR.exe
  C:\Windows\System\BXhARTR.exe
  2⤵
  PID:4956
- C:\Windows\System\Dhaaoog.exe
  C:\Windows\System\Dhaaoog.exe
  2⤵
  PID:4976
- C:\Windows\System\yvzwCGr.exe
  C:\Windows\System\yvzwCGr.exe
  2⤵
  PID:5000
- C:\Windows\System\sMtLZeN.exe
  C:\Windows\System\sMtLZeN.exe
  2⤵
  PID:5020
- C:\Windows\System\BaORLjf.exe
  C:\Windows\System\BaORLjf.exe
  2⤵
  PID:5040
- C:\Windows\System\xcWaJbm.exe
  C:\Windows\System\xcWaJbm.exe
  2⤵
  PID:5060
- C:\Windows\System\LkWDzCe.exe
  C:\Windows\System\LkWDzCe.exe
  2⤵
  PID:5080
- C:\Windows\System\euqaCLR.exe
  C:\Windows\System\euqaCLR.exe
  2⤵
  PID:5100
- C:\Windows\System\XuBtriN.exe
  C:\Windows\System\XuBtriN.exe
  2⤵
  PID:3284
- C:\Windows\System\YonDNPu.exe
  C:\Windows\System\YonDNPu.exe
  2⤵
  PID:3192
- C:\Windows\System\STrDsEv.exe
  C:\Windows\System\STrDsEv.exe
  2⤵
  PID:1304
- C:\Windows\System\QGKPbOq.exe
  C:\Windows\System\QGKPbOq.exe
  2⤵
  PID:3564
- C:\Windows\System\mEeoeZP.exe
  C:\Windows\System\mEeoeZP.exe
  2⤵
  PID:3608
- C:\Windows\System\UnIZsID.exe
  C:\Windows\System\UnIZsID.exe
  2⤵
  PID:1780
- C:\Windows\System\heffrXL.exe
  C:\Windows\System\heffrXL.exe
  2⤵
  PID:2804
- C:\Windows\System\esECosX.exe
  C:\Windows\System\esECosX.exe
  2⤵
  PID:4116
- C:\Windows\System\dXGqgfp.exe
  C:\Windows\System\dXGqgfp.exe
  2⤵
  PID:4120
- C:\Windows\System\TyupbIm.exe
  C:\Windows\System\TyupbIm.exe
  2⤵
  PID:892
- C:\Windows\System\rVBTiAC.exe
  C:\Windows\System\rVBTiAC.exe
  2⤵
  PID:1152
- C:\Windows\System\MsWTqDs.exe
  C:\Windows\System\MsWTqDs.exe
  2⤵
  PID:2464
- C:\Windows\System\XIlEFqe.exe
  C:\Windows\System\XIlEFqe.exe
  2⤵
  PID:4348
- C:\Windows\System\YQAlKMj.exe
  C:\Windows\System\YQAlKMj.exe
  2⤵
  PID:4276
- C:\Windows\System\ejkRBLs.exe
  C:\Windows\System\ejkRBLs.exe
  2⤵
  PID:580
- C:\Windows\System\jgRGpqZ.exe
  C:\Windows\System\jgRGpqZ.exe
  2⤵
  PID:1744
- C:\Windows\System\GuYHjCG.exe
  C:\Windows\System\GuYHjCG.exe
  2⤵
  PID:4368
- C:\Windows\System\xuoXFjD.exe
  C:\Windows\System\xuoXFjD.exe
  2⤵
  PID:4416
- C:\Windows\System\oajcEqa.exe
  C:\Windows\System\oajcEqa.exe
  2⤵
  PID:4424
- C:\Windows\System\DiLXEmc.exe
  C:\Windows\System\DiLXEmc.exe
  2⤵
  PID:2168
- C:\Windows\System\apbQAKz.exe
  C:\Windows\System\apbQAKz.exe
  2⤵
  PID:4448
- C:\Windows\System\hmTojPB.exe
  C:\Windows\System\hmTojPB.exe
  2⤵
  PID:4464
- C:\Windows\System\CUURtQN.exe
  C:\Windows\System\CUURtQN.exe
  2⤵
  PID:4540
- C:\Windows\System\qrpJtDI.exe
  C:\Windows\System\qrpJtDI.exe
  2⤵
  PID:4548
- C:\Windows\System\BbqkUcP.exe
  C:\Windows\System\BbqkUcP.exe
  2⤵
  PID:4528
- C:\Windows\System\jaGqgXy.exe
  C:\Windows\System\jaGqgXy.exe
  2⤵
  PID:4588
- C:\Windows\System\ldsZkis.exe
  C:\Windows\System\ldsZkis.exe
  2⤵
  PID:4560
- C:\Windows\System\sxNMGJV.exe
  C:\Windows\System\sxNMGJV.exe
  2⤵
  PID:4668
- C:\Windows\System\SRbXOWZ.exe
  C:\Windows\System\SRbXOWZ.exe
  2⤵
  PID:4604
- C:\Windows\System\wcFjArd.exe
  C:\Windows\System\wcFjArd.exe
  2⤵
  PID:4648
- C:\Windows\System\FukChIH.exe
  C:\Windows\System\FukChIH.exe
  2⤵
  PID:4744
- C:\Windows\System\KySyGgZ.exe
  C:\Windows\System\KySyGgZ.exe
  2⤵
  PID:4724
- C:\Windows\System\GMaGsit.exe
  C:\Windows\System\GMaGsit.exe
  2⤵
  PID:4772
- C:\Windows\System\gCRNtpr.exe
  C:\Windows\System\gCRNtpr.exe
  2⤵
  PID:4824
- C:\Windows\System\OuBLdal.exe
  C:\Windows\System\OuBLdal.exe
  2⤵
  PID:4828
- C:\Windows\System\flbccOJ.exe
  C:\Windows\System\flbccOJ.exe
  2⤵
  PID:4324
- C:\Windows\System\mruCAON.exe
  C:\Windows\System\mruCAON.exe
  2⤵
  PID:5012
- C:\Windows\System\IEypKIR.exe
  C:\Windows\System\IEypKIR.exe
  2⤵
  PID:4680
- C:\Windows\System\TJAPNpC.exe
  C:\Windows\System\TJAPNpC.exe
  2⤵
  PID:5116
- C:\Windows\System\KGfJVvH.exe
  C:\Windows\System\KGfJVvH.exe
  2⤵
  PID:5112
- C:\Windows\System\qTZxaUE.exe
  C:\Windows\System\qTZxaUE.exe
  2⤵
  PID:1976
- C:\Windows\System\uYTnWJn.exe
  C:\Windows\System\uYTnWJn.exe
  2⤵
  PID:3792
- C:\Windows\System\kVjUTXs.exe
  C:\Windows\System\kVjUTXs.exe
  2⤵
  PID:3552
- C:\Windows\System\GJGFPKg.exe
  C:\Windows\System\GJGFPKg.exe
  2⤵
  PID:3676
- C:\Windows\System\RdtuSii.exe
  C:\Windows\System\RdtuSii.exe
  2⤵
  PID:4024
- C:\Windows\System\DyyHauF.exe
  C:\Windows\System\DyyHauF.exe
  2⤵
  PID:3728
- C:\Windows\System\Nwwtxtn.exe
  C:\Windows\System\Nwwtxtn.exe
  2⤵
  PID:2392
- C:\Windows\System\XxIDWhs.exe
  C:\Windows\System\XxIDWhs.exe
  2⤵
  PID:912
- C:\Windows\System\KRFJeOr.exe
  C:\Windows\System\KRFJeOr.exe
  2⤵
  PID:3144
- C:\Windows\System\HTCdUkD.exe
  C:\Windows\System\HTCdUkD.exe
  2⤵
  PID:4180
- C:\Windows\System\LpJYmQw.exe
  C:\Windows\System\LpJYmQw.exe
  2⤵
  PID:4224
- C:\Windows\System\vKXBwDN.exe
  C:\Windows\System\vKXBwDN.exe
  2⤵
  PID:2604
- C:\Windows\System\ANHZSdB.exe
  C:\Windows\System\ANHZSdB.exe
  2⤵
  PID:4236
- C:\Windows\System\hfJhHhv.exe
  C:\Windows\System\hfJhHhv.exe
  2⤵
  PID:4384
- C:\Windows\System\ZaMYZUZ.exe
  C:\Windows\System\ZaMYZUZ.exe
  2⤵
  PID:1456
- C:\Windows\System\GdFkEar.exe
  C:\Windows\System\GdFkEar.exe
  2⤵
  PID:4344
- C:\Windows\System\upyqAIi.exe
  C:\Windows\System\upyqAIi.exe
  2⤵
  PID:4316
- C:\Windows\System\DgbKyEm.exe
  C:\Windows\System\DgbKyEm.exe
  2⤵
  PID:1528
- C:\Windows\System\QeEOUeL.exe
  C:\Windows\System\QeEOUeL.exe
  2⤵
  PID:3044
- C:\Windows\System\XWvMNZZ.exe
  C:\Windows\System\XWvMNZZ.exe
  2⤵
  PID:4440
- C:\Windows\System\sqVCIIn.exe
  C:\Windows\System\sqVCIIn.exe
  2⤵
  PID:552
- C:\Windows\System\azGRcGm.exe
  C:\Windows\System\azGRcGm.exe
  2⤵
  PID:4544
- C:\Windows\System\dXTXXqx.exe
  C:\Windows\System\dXTXXqx.exe
  2⤵
  PID:4624
- C:\Windows\System\XdOBZRU.exe
  C:\Windows\System\XdOBZRU.exe
  2⤵
  PID:4644
- C:\Windows\System\CXzLFWa.exe
  C:\Windows\System\CXzLFWa.exe
  2⤵
  PID:4732
- C:\Windows\System\XkqeeEW.exe
  C:\Windows\System\XkqeeEW.exe
  2⤵
  PID:4932
- C:\Windows\System\GCYshqv.exe
  C:\Windows\System\GCYshqv.exe
  2⤵
  PID:4996
- C:\Windows\System\CWfFkbS.exe
  C:\Windows\System\CWfFkbS.exe
  2⤵
  PID:5016
- C:\Windows\System\ZcVloJq.exe
  C:\Windows\System\ZcVloJq.exe
  2⤵
  PID:2124
- C:\Windows\System\EultHKf.exe
  C:\Windows\System\EultHKf.exe
  2⤵
  PID:5096
- C:\Windows\System\TJsihTV.exe
  C:\Windows\System\TJsihTV.exe
  2⤵
  PID:3788
- C:\Windows\System\GwsBvAv.exe
  C:\Windows\System\GwsBvAv.exe
  2⤵
  PID:2952
- C:\Windows\System\HWcArlu.exe
  C:\Windows\System\HWcArlu.exe
  2⤵
  PID:1648
- C:\Windows\System\ueyYFmB.exe
  C:\Windows\System\ueyYFmB.exe
  2⤵
  PID:296
- C:\Windows\System\iEEKAlH.exe
  C:\Windows\System\iEEKAlH.exe
  2⤵
  PID:4100
- C:\Windows\System\GjzAAwn.exe
  C:\Windows\System\GjzAAwn.exe
  2⤵
  PID:1584
- C:\Windows\System\uCAOgII.exe
  C:\Windows\System\uCAOgII.exe
  2⤵
  PID:2068
- C:\Windows\System\OcNcFwq.exe
  C:\Windows\System\OcNcFwq.exe
  2⤵
  PID:1592
- C:\Windows\System\HnEZThE.exe
  C:\Windows\System\HnEZThE.exe
  2⤵
  PID:768
- C:\Windows\System\NHeVnJA.exe
  C:\Windows\System\NHeVnJA.exe
  2⤵
  PID:4484
- C:\Windows\System\xyBpPKu.exe
  C:\Windows\System\xyBpPKu.exe
  2⤵
  PID:4704
- C:\Windows\System\JCthKMj.exe
  C:\Windows\System\JCthKMj.exe
  2⤵
  PID:4784
- C:\Windows\System\mAfemWv.exe
  C:\Windows\System\mAfemWv.exe
  2⤵
  PID:4788
- C:\Windows\System\OEkWlLX.exe
  C:\Windows\System\OEkWlLX.exe
  2⤵
  PID:4904
- C:\Windows\System\UWlZnwL.exe
  C:\Windows\System\UWlZnwL.exe
  2⤵
  PID:4888
- C:\Windows\System\MQXbVik.exe
  C:\Windows\System\MQXbVik.exe
  2⤵
  PID:4948
- C:\Windows\System\cFUlZTt.exe
  C:\Windows\System\cFUlZTt.exe
  2⤵
  PID:4924
- C:\Windows\System\hJUBJtk.exe
  C:\Windows\System\hJUBJtk.exe
  2⤵
  PID:5068
- C:\Windows\System\mhtcFGi.exe
  C:\Windows\System\mhtcFGi.exe
  2⤵
  PID:4992
- C:\Windows\System\bwTOmod.exe
  C:\Windows\System\bwTOmod.exe
  2⤵
  PID:4144
- C:\Windows\System\izOefre.exe
  C:\Windows\System\izOefre.exe
  2⤵
  PID:2468
- C:\Windows\System\kMAUBKk.exe
  C:\Windows\System\kMAUBKk.exe
  2⤵
  PID:4244
- C:\Windows\System\vqbHBYc.exe
  C:\Windows\System\vqbHBYc.exe
  2⤵
  PID:4508
- C:\Windows\System\pHBwlDT.exe
  C:\Windows\System\pHBwlDT.exe
  2⤵
  PID:2260
- C:\Windows\System\WUobqsn.exe
  C:\Windows\System\WUobqsn.exe
  2⤵
  PID:4600
- C:\Windows\System\ngSYSGy.exe
  C:\Windows\System\ngSYSGy.exe
  2⤵
  PID:4844
- C:\Windows\System\rPCRCwR.exe
  C:\Windows\System\rPCRCwR.exe
  2⤵
  PID:4748
- C:\Windows\System\EfmHlke.exe
  C:\Windows\System\EfmHlke.exe
  2⤵
  PID:5108
- C:\Windows\System\bLFImjl.exe
  C:\Windows\System\bLFImjl.exe
  2⤵
  PID:4984
- C:\Windows\System\YYbvOnl.exe
  C:\Windows\System\YYbvOnl.exe
  2⤵
  PID:3892
- C:\Windows\System\QTJYyKl.exe
  C:\Windows\System\QTJYyKl.exe
  2⤵
  PID:4264
- C:\Windows\System\WAdtUut.exe
  C:\Windows\System\WAdtUut.exe
  2⤵
  PID:4628
- C:\Windows\System\aqnWZTj.exe
  C:\Windows\System\aqnWZTj.exe
  2⤵
  PID:4608
- C:\Windows\System\QMjcQmq.exe
  C:\Windows\System\QMjcQmq.exe
  2⤵
  PID:2720
- C:\Windows\System\VmQqyLP.exe
  C:\Windows\System\VmQqyLP.exe
  2⤵
  PID:4868
- C:\Windows\System\UbSoBGn.exe
  C:\Windows\System\UbSoBGn.exe
  2⤵
  PID:5056
- C:\Windows\System\icitSlW.exe
  C:\Windows\System\icitSlW.exe
  2⤵
  PID:2880
- C:\Windows\System\yhxRUKh.exe
  C:\Windows\System\yhxRUKh.exe
  2⤵
  PID:1844
- C:\Windows\System\pYGLPGS.exe
  C:\Windows\System\pYGLPGS.exe
  2⤵
  PID:3468
- C:\Windows\System\tRTcjvy.exe
  C:\Windows\System\tRTcjvy.exe
  2⤵
  PID:4968
- C:\Windows\System\RbLiXaE.exe
  C:\Windows\System\RbLiXaE.exe
  2⤵
  PID:4428
- C:\Windows\System\NUStZAR.exe
  C:\Windows\System\NUStZAR.exe
  2⤵
  PID:3220
- C:\Windows\System\vTVaiFO.exe
  C:\Windows\System\vTVaiFO.exe
  2⤵
  PID:1372
- C:\Windows\System\dnVSfTW.exe
  C:\Windows\System\dnVSfTW.exe
  2⤵
  PID:1452
- C:\Windows\System\LxEGcPB.exe
  C:\Windows\System\LxEGcPB.exe
  2⤵
  PID:2232
- C:\Windows\System\FyYutLI.exe
  C:\Windows\System\FyYutLI.exe
  2⤵
  PID:2208
- C:\Windows\System\pBUfRCa.exe
  C:\Windows\System\pBUfRCa.exe
  2⤵
  PID:5140
- C:\Windows\System\LjJUVPS.exe
  C:\Windows\System\LjJUVPS.exe
  2⤵
  PID:5168
- C:\Windows\System\csiQXxs.exe
  C:\Windows\System\csiQXxs.exe
  2⤵
  PID:5184
- C:\Windows\System\ahrUnDz.exe
  C:\Windows\System\ahrUnDz.exe
  2⤵
  PID:5204
- C:\Windows\System\YfNUhrn.exe
  C:\Windows\System\YfNUhrn.exe
  2⤵
  PID:5228
- C:\Windows\System\qNmgsxW.exe
  C:\Windows\System\qNmgsxW.exe
  2⤵
  PID:5248
- C:\Windows\System\pUTBosT.exe
  C:\Windows\System\pUTBosT.exe
  2⤵
  PID:5264
- C:\Windows\System\HSMrKVf.exe
  C:\Windows\System\HSMrKVf.exe
  2⤵
  PID:5284
- C:\Windows\System\yUzOtkU.exe
  C:\Windows\System\yUzOtkU.exe
  2⤵
  PID:5304
- C:\Windows\System\zZnYmuk.exe
  C:\Windows\System\zZnYmuk.exe
  2⤵
  PID:5324
- C:\Windows\System\pBLVkyd.exe
  C:\Windows\System\pBLVkyd.exe
  2⤵
  PID:5344
- C:\Windows\System\UfzlKIP.exe
  C:\Windows\System\UfzlKIP.exe
  2⤵
  PID:5364
- C:\Windows\System\VQySiMV.exe
  C:\Windows\System\VQySiMV.exe
  2⤵
  PID:5380
- C:\Windows\System\IOlkctz.exe
  C:\Windows\System\IOlkctz.exe
  2⤵
  PID:5396
- C:\Windows\System\WNTJJtz.exe
  C:\Windows\System\WNTJJtz.exe
  2⤵
  PID:5428
- C:\Windows\System\uXLSeUa.exe
  C:\Windows\System\uXLSeUa.exe
  2⤵
  PID:5444
- C:\Windows\System\bOsMiRG.exe
  C:\Windows\System\bOsMiRG.exe
  2⤵
  PID:5468
- C:\Windows\System\kwKCdXy.exe
  C:\Windows\System\kwKCdXy.exe
  2⤵
  PID:5484
- C:\Windows\System\vDEcvoJ.exe
  C:\Windows\System\vDEcvoJ.exe
  2⤵
  PID:5500
- C:\Windows\System\zBycgCC.exe
  C:\Windows\System\zBycgCC.exe
  2⤵
  PID:5524
- C:\Windows\System\uBcPclj.exe
  C:\Windows\System\uBcPclj.exe
  2⤵
  PID:5548
- C:\Windows\System\LTVqcqW.exe
  C:\Windows\System\LTVqcqW.exe
  2⤵
  PID:5564
- C:\Windows\System\QngJYQm.exe
  C:\Windows\System\QngJYQm.exe
  2⤵
  PID:5584
- C:\Windows\System\qAEcnOD.exe
  C:\Windows\System\qAEcnOD.exe
  2⤵
  PID:5604
- C:\Windows\System\TmKTryD.exe
  C:\Windows\System\TmKTryD.exe
  2⤵
  PID:5628
- C:\Windows\System\IrbLuWV.exe
  C:\Windows\System\IrbLuWV.exe
  2⤵
  PID:5644
- C:\Windows\System\etaHUuJ.exe
  C:\Windows\System\etaHUuJ.exe
  2⤵
  PID:5668
- C:\Windows\System\PzotraC.exe
  C:\Windows\System\PzotraC.exe
  2⤵
  PID:5684
- C:\Windows\System\kzMzaoc.exe
  C:\Windows\System\kzMzaoc.exe
  2⤵
  PID:5708
- C:\Windows\System\EDyVMRB.exe
  C:\Windows\System\EDyVMRB.exe
  2⤵
  PID:5724
- C:\Windows\System\HREwjrc.exe
  C:\Windows\System\HREwjrc.exe
  2⤵
  PID:5740
- C:\Windows\System\yQmJFvq.exe
  C:\Windows\System\yQmJFvq.exe
  2⤵
  PID:5760
- C:\Windows\System\YUeUeNQ.exe
  C:\Windows\System\YUeUeNQ.exe
  2⤵
  PID:5780
- C:\Windows\System\YSZrRbl.exe
  C:\Windows\System\YSZrRbl.exe
  2⤵
  PID:5804
- C:\Windows\System\YsIYhhv.exe
  C:\Windows\System\YsIYhhv.exe
  2⤵
  PID:5832
- C:\Windows\System\nMlVSFM.exe
  C:\Windows\System\nMlVSFM.exe
  2⤵
  PID:5848
- C:\Windows\System\cvkdbqo.exe
  C:\Windows\System\cvkdbqo.exe
  2⤵
  PID:5864
- C:\Windows\System\REGFgnB.exe
  C:\Windows\System\REGFgnB.exe
  2⤵
  PID:5880
- C:\Windows\System\QUlfklv.exe
  C:\Windows\System\QUlfklv.exe
  2⤵
  PID:5912
- C:\Windows\System\VAOjsjw.exe
  C:\Windows\System\VAOjsjw.exe
  2⤵
  PID:5928
- C:\Windows\System\BFfDAmT.exe
  C:\Windows\System\BFfDAmT.exe
  2⤵
  PID:5944
- C:\Windows\System\yFTuEEL.exe
  C:\Windows\System\yFTuEEL.exe
  2⤵
  PID:5964
- C:\Windows\System\qlADOUv.exe
  C:\Windows\System\qlADOUv.exe
  2⤵
  PID:5984
- C:\Windows\System\ROHtgiS.exe
  C:\Windows\System\ROHtgiS.exe
  2⤵
  PID:6008
- C:\Windows\System\dhbQNxZ.exe
  C:\Windows\System\dhbQNxZ.exe
  2⤵
  PID:6032
- C:\Windows\System\ylOxQiK.exe
  C:\Windows\System\ylOxQiK.exe
  2⤵
  PID:6048
- C:\Windows\System\tsvqdQc.exe
  C:\Windows\System\tsvqdQc.exe
  2⤵
  PID:6072
- C:\Windows\System\nDDdDcC.exe
  C:\Windows\System\nDDdDcC.exe
  2⤵
  PID:6088
- C:\Windows\System\FjXBYeZ.exe
  C:\Windows\System\FjXBYeZ.exe
  2⤵
  PID:6108
- C:\Windows\System\rcNyZpH.exe
  C:\Windows\System\rcNyZpH.exe
  2⤵
  PID:6124
- C:\Windows\System\TwMPxZw.exe
  C:\Windows\System\TwMPxZw.exe
  2⤵
  PID:5128
- C:\Windows\System\OjTIAWF.exe
  C:\Windows\System\OjTIAWF.exe
  2⤵
  PID:844
- C:\Windows\System\LgNjUAV.exe
  C:\Windows\System\LgNjUAV.exe
  2⤵
  PID:5152
- C:\Windows\System\ojlSIfx.exe
  C:\Windows\System\ojlSIfx.exe
  2⤵
  PID:5180
- C:\Windows\System\xjTeqxb.exe
  C:\Windows\System\xjTeqxb.exe
  2⤵
  PID:5212
- C:\Windows\System\HjXFNZE.exe
  C:\Windows\System\HjXFNZE.exe
  2⤵
  PID:5244
- C:\Windows\System\fwtznSc.exe
  C:\Windows\System\fwtznSc.exe
  2⤵
  PID:5280
- C:\Windows\System\AAmFRNm.exe
  C:\Windows\System\AAmFRNm.exe
  2⤵
  PID:5312
- C:\Windows\System\jwtpsLx.exe
  C:\Windows\System\jwtpsLx.exe
  2⤵
  PID:5372
- C:\Windows\System\jbgniuc.exe
  C:\Windows\System\jbgniuc.exe
  2⤵
  PID:5416
- C:\Windows\System\UWfpUKg.exe
  C:\Windows\System\UWfpUKg.exe
  2⤵
  PID:5356
- C:\Windows\System\kNzyvhL.exe
  C:\Windows\System\kNzyvhL.exe
  2⤵
  PID:5436
- C:\Windows\System\fkARbnB.exe
  C:\Windows\System\fkARbnB.exe
  2⤵
  PID:5464
- C:\Windows\System\xRZuRal.exe
  C:\Windows\System\xRZuRal.exe
  2⤵
  PID:5516
- C:\Windows\System\YCxIUjc.exe
  C:\Windows\System\YCxIUjc.exe
  2⤵
  PID:5556
- C:\Windows\System\VHhAoaj.exe
  C:\Windows\System\VHhAoaj.exe
  2⤵
  PID:5572
- C:\Windows\System\ETHiCFc.exe
  C:\Windows\System\ETHiCFc.exe
  2⤵
  PID:5560
- C:\Windows\System\LZONQme.exe
  C:\Windows\System\LZONQme.exe
  2⤵
  PID:5624
- C:\Windows\System\uthzlbu.exe
  C:\Windows\System\uthzlbu.exe
  2⤵
  PID:5656
- C:\Windows\System\bApUWgi.exe
  C:\Windows\System\bApUWgi.exe
  2⤵
  PID:5696
- C:\Windows\System\XtHsbPO.exe
  C:\Windows\System\XtHsbPO.exe
  2⤵
  PID:5776
- C:\Windows\System\SPfCfPe.exe
  C:\Windows\System\SPfCfPe.exe
  2⤵
  PID:5716
- C:\Windows\System\dgYVGPB.exe
  C:\Windows\System\dgYVGPB.exe
  2⤵
  PID:5816
- C:\Windows\System\QPxkOcu.exe
  C:\Windows\System\QPxkOcu.exe
  2⤵
  PID:5860
- C:\Windows\System\EwyTdaa.exe
  C:\Windows\System\EwyTdaa.exe
  2⤵
  PID:5892
- C:\Windows\System\tRUJJpM.exe
  C:\Windows\System\tRUJJpM.exe
  2⤵
  PID:5844
- C:\Windows\System\NQpVYTk.exe
  C:\Windows\System\NQpVYTk.exe
  2⤵
  PID:5972
- C:\Windows\System\TNitmFV.exe
  C:\Windows\System\TNitmFV.exe
  2⤵
  PID:5956
- C:\Windows\System\KEQbrBa.exe
  C:\Windows\System\KEQbrBa.exe
  2⤵
  PID:5980
- C:\Windows\System\YRPVHZo.exe
  C:\Windows\System\YRPVHZo.exe
  2⤵
  PID:5164
- C:\Windows\System\ySBGZBf.exe
  C:\Windows\System\ySBGZBf.exe
  2⤵
  PID:6060
- C:\Windows\System\sZZXZYc.exe
  C:\Windows\System\sZZXZYc.exe
  2⤵
  PID:6104
- C:\Windows\System\SuXpZEh.exe
  C:\Windows\System\SuXpZEh.exe
  2⤵
  PID:2856
- C:\Windows\System\ndakoRM.exe
  C:\Windows\System\ndakoRM.exe
  2⤵
  PID:1472
- C:\Windows\System\sweeHzq.exe
  C:\Windows\System\sweeHzq.exe
  2⤵
  PID:5160
- C:\Windows\System\TvGOPjc.exe
  C:\Windows\System\TvGOPjc.exe
  2⤵
  PID:5216
- C:\Windows\System\XBZQmwx.exe
  C:\Windows\System\XBZQmwx.exe
  2⤵
  PID:5236
- C:\Windows\System\czTvaWM.exe
  C:\Windows\System\czTvaWM.exe
  2⤵
  PID:5340
- C:\Windows\System\uHjyKXH.exe
  C:\Windows\System\uHjyKXH.exe
  2⤵
  PID:5352
- C:\Windows\System\TqGrGRL.exe
  C:\Windows\System\TqGrGRL.exe
  2⤵
  PID:5496
- C:\Windows\System\PREceWE.exe
  C:\Windows\System\PREceWE.exe
  2⤵
  PID:5412
- C:\Windows\System\hlrpOcb.exe
  C:\Windows\System\hlrpOcb.exe
  2⤵
  PID:5612
- C:\Windows\System\cPYFXgu.exe
  C:\Windows\System\cPYFXgu.exe
  2⤵
  PID:324
- C:\Windows\System\xdRddps.exe
  C:\Windows\System\xdRddps.exe
  2⤵
  PID:5660
- C:\Windows\System\xZPQhWT.exe
  C:\Windows\System\xZPQhWT.exe
  2⤵
  PID:5704
- C:\Windows\System\VZKmGqD.exe
  C:\Windows\System\VZKmGqD.exe
  2⤵
  PID:5772
- C:\Windows\System\uICCyeL.exe
  C:\Windows\System\uICCyeL.exe
  2⤵
  PID:5828
- C:\Windows\System\kXgLgti.exe
  C:\Windows\System\kXgLgti.exe
  2⤵
  PID:5896
- C:\Windows\System\qNzZJfW.exe
  C:\Windows\System\qNzZJfW.exe
  2⤵
  PID:5924
- C:\Windows\System\aeyLGXP.exe
  C:\Windows\System\aeyLGXP.exe
  2⤵
  PID:6020
- C:\Windows\System\pUkWnPF.exe
  C:\Windows\System\pUkWnPF.exe
  2⤵
  PID:6096
- C:\Windows\System\VSBrGLu.exe
  C:\Windows\System\VSBrGLu.exe
  2⤵
  PID:6084
- C:\Windows\System\auNggps.exe
  C:\Windows\System\auNggps.exe
  2⤵
  PID:4280
- C:\Windows\System\hmfwLYh.exe
  C:\Windows\System\hmfwLYh.exe
  2⤵
  PID:5200
- C:\Windows\System\aCiMznD.exe
  C:\Windows\System\aCiMznD.exe
  2⤵
  PID:5320
- C:\Windows\System\EKhsVbL.exe
  C:\Windows\System\EKhsVbL.exe
  2⤵
  PID:5440
- C:\Windows\System\nPWpngx.exe
  C:\Windows\System\nPWpngx.exe
  2⤵
  PID:5580
- C:\Windows\System\uAGIIst.exe
  C:\Windows\System\uAGIIst.exe
  2⤵
  PID:5736
- C:\Windows\System\OHFnfvD.exe
  C:\Windows\System\OHFnfvD.exe
  2⤵
  PID:5952
- C:\Windows\System\TRNhwVq.exe
  C:\Windows\System\TRNhwVq.exe
  2⤵
  PID:6116
- C:\Windows\System\ThuZGEj.exe
  C:\Windows\System\ThuZGEj.exe
  2⤵
  PID:6064
- C:\Windows\System\MFKylUE.exe
  C:\Windows\System\MFKylUE.exe
  2⤵
  PID:5336
- C:\Windows\System\kuAkbif.exe
  C:\Windows\System\kuAkbif.exe
  2⤵
  PID:5360
- C:\Windows\System\JDWkkZR.exe
  C:\Windows\System\JDWkkZR.exe
  2⤵
  PID:5424
- C:\Windows\System\bkJrVLk.exe
  C:\Windows\System\bkJrVLk.exe
  2⤵
  PID:5652
- C:\Windows\System\ZkNojYW.exe
  C:\Windows\System\ZkNojYW.exe
  2⤵
  PID:5796
- C:\Windows\System\SHrgEWW.exe
  C:\Windows\System\SHrgEWW.exe
  2⤵
  PID:5148
- C:\Windows\System\XtiwHzP.exe
  C:\Windows\System\XtiwHzP.exe
  2⤵
  PID:5292
- C:\Windows\System\TFkwpmM.exe
  C:\Windows\System\TFkwpmM.exe
  2⤵
  PID:5692
- C:\Windows\System\iewPSrf.exe
  C:\Windows\System\iewPSrf.exe
  2⤵
  PID:6056
- C:\Windows\System\TSsxxFn.exe
  C:\Windows\System\TSsxxFn.exe
  2⤵
  PID:632
- C:\Windows\System\uPWsJRu.exe
  C:\Windows\System\uPWsJRu.exe
  2⤵
  PID:5756
- C:\Windows\System\frPziYc.exe
  C:\Windows\System\frPziYc.exe
  2⤵
  PID:6148
- C:\Windows\System\FWkZyMf.exe
  C:\Windows\System\FWkZyMf.exe
  2⤵
  PID:6164
- C:\Windows\System\mIJYgJt.exe
  C:\Windows\System\mIJYgJt.exe
  2⤵
  PID:6188
- C:\Windows\System\CoodfgY.exe
  C:\Windows\System\CoodfgY.exe
  2⤵
  PID:6204
- C:\Windows\System\XyNFBxs.exe
  C:\Windows\System\XyNFBxs.exe
  2⤵
  PID:6224
- C:\Windows\System\rwNQOem.exe
  C:\Windows\System\rwNQOem.exe
  2⤵
  PID:6248
- C:\Windows\System\CBFDvYP.exe
  C:\Windows\System\CBFDvYP.exe
  2⤵
  PID:6268
- C:\Windows\System\niftZHE.exe
  C:\Windows\System\niftZHE.exe
  2⤵
  PID:6284
- C:\Windows\System\sBUjIMO.exe
  C:\Windows\System\sBUjIMO.exe
  2⤵
  PID:6308
- C:\Windows\System\PVyKjqN.exe
  C:\Windows\System\PVyKjqN.exe
  2⤵
  PID:6324
- C:\Windows\System\bWCXaxV.exe
  C:\Windows\System\bWCXaxV.exe
  2⤵
  PID:6356
- C:\Windows\System\GpwzMDA.exe
  C:\Windows\System\GpwzMDA.exe
  2⤵
  PID:6376
- C:\Windows\System\ZiwMbrR.exe
  C:\Windows\System\ZiwMbrR.exe
  2⤵
  PID:6392
- C:\Windows\System\XiSTsya.exe
  C:\Windows\System\XiSTsya.exe
  2⤵
  PID:6408
- C:\Windows\System\zidKjuY.exe
  C:\Windows\System\zidKjuY.exe
  2⤵
  PID:6428
- C:\Windows\System\RIANQHU.exe
  C:\Windows\System\RIANQHU.exe
  2⤵
  PID:6444
- C:\Windows\System\cdAuCWY.exe
  C:\Windows\System\cdAuCWY.exe
  2⤵
  PID:6468
- C:\Windows\System\nLPyezZ.exe
  C:\Windows\System\nLPyezZ.exe
  2⤵
  PID:6488
- C:\Windows\System\sgyJRwS.exe
  C:\Windows\System\sgyJRwS.exe
  2⤵
  PID:6504
- C:\Windows\System\BKbEYJZ.exe
  C:\Windows\System\BKbEYJZ.exe
  2⤵
  PID:6524
- C:\Windows\System\WzlCTwT.exe
  C:\Windows\System\WzlCTwT.exe
  2⤵
  PID:6544
- C:\Windows\System\sCtjVBH.exe
  C:\Windows\System\sCtjVBH.exe
  2⤵
  PID:6576
- C:\Windows\System\gDaXXpB.exe
  C:\Windows\System\gDaXXpB.exe
  2⤵
  PID:6596
- C:\Windows\System\ouNRbwO.exe
  C:\Windows\System\ouNRbwO.exe
  2⤵
  PID:6616
- C:\Windows\System\KzSBbXr.exe
  C:\Windows\System\KzSBbXr.exe
  2⤵
  PID:6636
- C:\Windows\System\QtipBVJ.exe
  C:\Windows\System\QtipBVJ.exe
  2⤵
  PID:6652
- C:\Windows\System\rqUecuh.exe
  C:\Windows\System\rqUecuh.exe
  2⤵
  PID:6680
- C:\Windows\System\YHPtKru.exe
  C:\Windows\System\YHPtKru.exe
  2⤵
  PID:6700
- C:\Windows\System\OLjEePr.exe
  C:\Windows\System\OLjEePr.exe
  2⤵
  PID:6720
- C:\Windows\System\BbqZtfq.exe
  C:\Windows\System\BbqZtfq.exe
  2⤵
  PID:6736
- C:\Windows\System\HynUJMo.exe
  C:\Windows\System\HynUJMo.exe
  2⤵
  PID:6760
- C:\Windows\System\lISgfak.exe
  C:\Windows\System\lISgfak.exe
  2⤵
  PID:6776
- C:\Windows\System\KuRrUnn.exe
  C:\Windows\System\KuRrUnn.exe
  2⤵
  PID:6796
- C:\Windows\System\csTyiQM.exe
  C:\Windows\System\csTyiQM.exe
  2⤵
  PID:6812
- C:\Windows\System\zXtAidq.exe
  C:\Windows\System\zXtAidq.exe
  2⤵
  PID:6832
- C:\Windows\System\MiManpL.exe
  C:\Windows\System\MiManpL.exe
  2⤵
  PID:6856
- C:\Windows\System\juSkazO.exe
  C:\Windows\System\juSkazO.exe
  2⤵
  PID:6872
- C:\Windows\System\OANhDRy.exe
  C:\Windows\System\OANhDRy.exe
  2⤵
  PID:6888
- C:\Windows\System\rqFORSi.exe
  C:\Windows\System\rqFORSi.exe
  2⤵
  PID:6908
- C:\Windows\System\ggsUAdO.exe
  C:\Windows\System\ggsUAdO.exe
  2⤵
  PID:6924
- C:\Windows\System\ODNpqld.exe
  C:\Windows\System\ODNpqld.exe
  2⤵
  PID:6964
- C:\Windows\System\sIBcEOd.exe
  C:\Windows\System\sIBcEOd.exe
  2⤵
  PID:6984
- C:\Windows\System\fluYeNW.exe
  C:\Windows\System\fluYeNW.exe
  2⤵
  PID:7000
- C:\Windows\System\fJCEguo.exe
  C:\Windows\System\fJCEguo.exe
  2⤵
  PID:7016
- C:\Windows\System\jfaTlGo.exe
  C:\Windows\System\jfaTlGo.exe
  2⤵
  PID:7044
- C:\Windows\System\zWwcSVw.exe
  C:\Windows\System\zWwcSVw.exe
  2⤵
  PID:7060
- C:\Windows\System\cMIhCsd.exe
  C:\Windows\System\cMIhCsd.exe
  2⤵
  PID:7084
- C:\Windows\System\RwFyQfV.exe
  C:\Windows\System\RwFyQfV.exe
  2⤵
  PID:7100
- C:\Windows\System\DmQycro.exe
  C:\Windows\System\DmQycro.exe
  2⤵
  PID:7120
- C:\Windows\System\HRlPOnL.exe
  C:\Windows\System\HRlPOnL.exe
  2⤵
  PID:7140
- C:\Windows\System\MpUIyrZ.exe
  C:\Windows\System\MpUIyrZ.exe
  2⤵
  PID:7164
- C:\Windows\System\KzULoSt.exe
  C:\Windows\System\KzULoSt.exe
  2⤵
  PID:6172
- C:\Windows\System\ZpZoNho.exe
  C:\Windows\System\ZpZoNho.exe
  2⤵
  PID:6100
- C:\Windows\System\AIkVfQn.exe
  C:\Windows\System\AIkVfQn.exe
  2⤵
  PID:6240
- C:\Windows\System\sCESBde.exe
  C:\Windows\System\sCESBde.exe
  2⤵
  PID:6216
- C:\Windows\System\Qaxutsm.exe
  C:\Windows\System\Qaxutsm.exe
  2⤵
  PID:6332
- C:\Windows\System\BmBayVs.exe
  C:\Windows\System\BmBayVs.exe
  2⤵
  PID:6296
- C:\Windows\System\bicxTQf.exe
  C:\Windows\System\bicxTQf.exe
  2⤵
  PID:6348
- C:\Windows\System\FlBymWq.exe
  C:\Windows\System\FlBymWq.exe
  2⤵
  PID:6404
- C:\Windows\System\PJqwyzW.exe
  C:\Windows\System\PJqwyzW.exe
  2⤵
  PID:6388
- C:\Windows\System\mbferdv.exe
  C:\Windows\System\mbferdv.exe
  2⤵
  PID:6480
- C:\Windows\System\ovwIXho.exe
  C:\Windows\System\ovwIXho.exe
  2⤵
  PID:6520
- C:\Windows\System\aKOemMu.exe
  C:\Windows\System\aKOemMu.exe
  2⤵
  PID:6464
- C:\Windows\System\UlbTsfA.exe
  C:\Windows\System\UlbTsfA.exe
  2⤵
  PID:6572
- C:\Windows\System\FDvoRAc.exe
  C:\Windows\System\FDvoRAc.exe
  2⤵
  PID:6536
- C:\Windows\System\QYAhQll.exe
  C:\Windows\System\QYAhQll.exe
  2⤵
  PID:6644
- C:\Windows\System\nhhTehS.exe
  C:\Windows\System\nhhTehS.exe
  2⤵
  PID:6660
- C:\Windows\System\DVMWrZC.exe
  C:\Windows\System\DVMWrZC.exe
  2⤵
  PID:6624
- C:\Windows\System\nYjdcAW.exe
  C:\Windows\System\nYjdcAW.exe
  2⤵
  PID:6708
- C:\Windows\System\XmPJDFh.exe
  C:\Windows\System\XmPJDFh.exe
  2⤵
  PID:6752
- C:\Windows\System\pmcMfQj.exe
  C:\Windows\System\pmcMfQj.exe
  2⤵
  PID:6808
- C:\Windows\System\tdZylmb.exe
  C:\Windows\System\tdZylmb.exe
  2⤵
  PID:6848
- C:\Windows\System\hjQKWMg.exe
  C:\Windows\System\hjQKWMg.exe
  2⤵
  PID:6920
- C:\Windows\System\URTEgwm.exe
  C:\Windows\System\URTEgwm.exe
  2⤵
  PID:6820
- C:\Windows\System\JrMrWob.exe
  C:\Windows\System\JrMrWob.exe
  2⤵
  PID:6932
- C:\Windows\System\jrFZyqP.exe
  C:\Windows\System\jrFZyqP.exe
  2⤵
  PID:6900
- C:\Windows\System\unepyaK.exe
  C:\Windows\System\unepyaK.exe
  2⤵
  PID:7008
- C:\Windows\System\WWsaRUX.exe
  C:\Windows\System\WWsaRUX.exe
  2⤵
  PID:7028
- C:\Windows\System\TVQeUhI.exe
  C:\Windows\System\TVQeUhI.exe
  2⤵
  PID:7056
- C:\Windows\System\bpoaMBo.exe
  C:\Windows\System\bpoaMBo.exe
  2⤵
  PID:7072
- C:\Windows\System\LDKJHBE.exe
  C:\Windows\System\LDKJHBE.exe
  2⤵
  PID:7132
- C:\Windows\System\McLTBjA.exe
  C:\Windows\System\McLTBjA.exe
  2⤵
  PID:7148
- C:\Windows\System\knMqHLb.exe
  C:\Windows\System\knMqHLb.exe
  2⤵
  PID:6160
- C:\Windows\System\tYLWlZd.exe
  C:\Windows\System\tYLWlZd.exe
  2⤵
  PID:6212
- C:\Windows\System\epDiCDU.exe
  C:\Windows\System\epDiCDU.exe
  2⤵
  PID:6260
- C:\Windows\System\HcPEHJr.exe
  C:\Windows\System\HcPEHJr.exe
  2⤵
  PID:6344
- C:\Windows\System\UKhaVUd.exe
  C:\Windows\System\UKhaVUd.exe
  2⤵
  PID:6372
- C:\Windows\System\gbCLTRS.exe
  C:\Windows\System\gbCLTRS.exe
  2⤵
  PID:6400
- C:\Windows\System\VNPTVPG.exe
  C:\Windows\System\VNPTVPG.exe
  2⤵
  PID:6456
- C:\Windows\System\sEHuJkd.exe
  C:\Windows\System\sEHuJkd.exe
  2⤵
  PID:6588
- C:\Windows\System\GTDuLbe.exe
  C:\Windows\System\GTDuLbe.exe
  2⤵
  PID:6556
- C:\Windows\System\UebqeHj.exe
  C:\Windows\System\UebqeHj.exe
  2⤵
  PID:6628
- C:\Windows\System\xVCFsOY.exe
  C:\Windows\System\xVCFsOY.exe
  2⤵
  PID:6688
- C:\Windows\System\LZcJobB.exe
  C:\Windows\System\LZcJobB.exe
  2⤵
  PID:6788
- C:\Windows\System\nOXwsFm.exe
  C:\Windows\System\nOXwsFm.exe
  2⤵
  PID:6828
- C:\Windows\System\YGLVPJI.exe
  C:\Windows\System\YGLVPJI.exe
  2⤵
  PID:6904
- C:\Windows\System\ThJRHLs.exe
  C:\Windows\System\ThJRHLs.exe
  2⤵
  PID:6936
- C:\Windows\System\eSEsBFr.exe
  C:\Windows\System\eSEsBFr.exe
  2⤵
  PID:6996
- C:\Windows\System\zSgEnAC.exe
  C:\Windows\System\zSgEnAC.exe
  2⤵
  PID:7052
- C:\Windows\System\NUpjloo.exe
  C:\Windows\System\NUpjloo.exe
  2⤵
  PID:5240
- C:\Windows\System\aOrktRE.exe
  C:\Windows\System\aOrktRE.exe
  2⤵
  PID:7092
- C:\Windows\System\dAfjbIh.exe
  C:\Windows\System\dAfjbIh.exe
  2⤵
  PID:7152
- C:\Windows\System\tpAhZyb.exe
  C:\Windows\System\tpAhZyb.exe
  2⤵
  PID:6320
- C:\Windows\System\ZFSKDSq.exe
  C:\Windows\System\ZFSKDSq.exe
  2⤵
  PID:6440
- C:\Windows\System\MjzoSCm.exe
  C:\Windows\System\MjzoSCm.exe
  2⤵
  PID:6424
- C:\Windows\System\nVQrlrC.exe
  C:\Windows\System\nVQrlrC.exe
  2⤵
  PID:6728
- C:\Windows\System\lSMLXmx.exe
  C:\Windows\System\lSMLXmx.exe
  2⤵
  PID:6768
- C:\Windows\System\vmbPihT.exe
  C:\Windows\System\vmbPihT.exe
  2⤵
  PID:6844
- C:\Windows\System\NkVSZqD.exe
  C:\Windows\System\NkVSZqD.exe
  2⤵
  PID:6868
- C:\Windows\System\TbDLFID.exe
  C:\Windows\System\TbDLFID.exe
  2⤵
  PID:6976
- C:\Windows\System\dwpItdj.exe
  C:\Windows\System\dwpItdj.exe
  2⤵
  PID:7080
- C:\Windows\System\mhhSZtf.exe
  C:\Windows\System\mhhSZtf.exe
  2⤵
  PID:7116
- C:\Windows\System\pXNSCqk.exe
  C:\Windows\System\pXNSCqk.exe
  2⤵
  PID:6276
- C:\Windows\System\tSyvijM.exe
  C:\Windows\System\tSyvijM.exe
  2⤵
  PID:6960
- C:\Windows\System\RGJkkwF.exe
  C:\Windows\System\RGJkkwF.exe
  2⤵
  PID:6340
- C:\Windows\System\CixQMQA.exe
  C:\Windows\System\CixQMQA.exe
  2⤵
  PID:6732
- C:\Windows\System\PxKwurl.exe
  C:\Windows\System\PxKwurl.exe
  2⤵
  PID:6948
- C:\Windows\System\dhNnVww.exe
  C:\Windows\System\dhNnVww.exe
  2⤵
  PID:7040
- C:\Windows\System\rwfbwUS.exe
  C:\Windows\System\rwfbwUS.exe
  2⤵
  PID:7156
- C:\Windows\System\qtApNLu.exe
  C:\Windows\System\qtApNLu.exe
  2⤵
  PID:6560
- C:\Windows\System\whIHuKN.exe
  C:\Windows\System\whIHuKN.exe
  2⤵
  PID:6712
- C:\Windows\System\OLwzuFj.exe
  C:\Windows\System\OLwzuFj.exe
  2⤵
  PID:6916
- C:\Windows\System\YytpyER.exe
  C:\Windows\System\YytpyER.exe
  2⤵
  PID:6500
- C:\Windows\System\yGejhvb.exe
  C:\Windows\System\yGejhvb.exe
  2⤵
  PID:6672
- C:\Windows\System\lBbNmGC.exe
  C:\Windows\System\lBbNmGC.exe
  2⤵
  PID:6884
- C:\Windows\System\TykXgbK.exe
  C:\Windows\System\TykXgbK.exe
  2⤵
  PID:6180
- C:\Windows\System\abnCTDP.exe
  C:\Windows\System\abnCTDP.exe
  2⤵
  PID:7036
- C:\Windows\System\bTFeVCO.exe
  C:\Windows\System\bTFeVCO.exe
  2⤵
  PID:6992
- C:\Windows\System\BwjXzTG.exe
  C:\Windows\System\BwjXzTG.exe
  2⤵
  PID:7180
- C:\Windows\System\ummgfPW.exe
  C:\Windows\System\ummgfPW.exe
  2⤵
  PID:7200
- C:\Windows\System\ZOOreCZ.exe
  C:\Windows\System\ZOOreCZ.exe
  2⤵
  PID:7220
- C:\Windows\System\tcvafHW.exe
  C:\Windows\System\tcvafHW.exe
  2⤵
  PID:7236
- C:\Windows\System\PmGaypj.exe
  C:\Windows\System\PmGaypj.exe
  2⤵
  PID:7260
- C:\Windows\System\FxRYsTZ.exe
  C:\Windows\System\FxRYsTZ.exe
  2⤵
  PID:7276
- C:\Windows\System\aAaJOEg.exe
  C:\Windows\System\aAaJOEg.exe
  2⤵
  PID:7292
- C:\Windows\System\zAlYbuK.exe
  C:\Windows\System\zAlYbuK.exe
  2⤵
  PID:7324
- C:\Windows\System\kwXYhTA.exe
  C:\Windows\System\kwXYhTA.exe
  2⤵
  PID:7340
- C:\Windows\System\BsZTzEf.exe
  C:\Windows\System\BsZTzEf.exe
  2⤵
  PID:7360
- C:\Windows\System\zfncMlY.exe
  C:\Windows\System\zfncMlY.exe
  2⤵
  PID:7380
- C:\Windows\System\zzdpINX.exe
  C:\Windows\System\zzdpINX.exe
  2⤵
  PID:7396
- C:\Windows\System\YkxefGG.exe
  C:\Windows\System\YkxefGG.exe
  2⤵
  PID:7416
- C:\Windows\System\fstkmCF.exe
  C:\Windows\System\fstkmCF.exe
  2⤵
  PID:7432
- C:\Windows\System\RtvYZIp.exe
  C:\Windows\System\RtvYZIp.exe
  2⤵
  PID:7460
- C:\Windows\System\kednCrH.exe
  C:\Windows\System\kednCrH.exe
  2⤵
  PID:7480
- C:\Windows\System\EfOeULc.exe
  C:\Windows\System\EfOeULc.exe
  2⤵
  PID:7504
- C:\Windows\System\yRcZWQz.exe
  C:\Windows\System\yRcZWQz.exe
  2⤵
  PID:7532
- C:\Windows\System\AWbfQrP.exe
  C:\Windows\System\AWbfQrP.exe
  2⤵
  PID:7548
- C:\Windows\System\iVmaksP.exe
  C:\Windows\System\iVmaksP.exe
  2⤵
  PID:7568
- C:\Windows\System\SmbmOdQ.exe
  C:\Windows\System\SmbmOdQ.exe
  2⤵
  PID:7588
- C:\Windows\System\PfMjFQY.exe
  C:\Windows\System\PfMjFQY.exe
  2⤵
  PID:7608
- C:\Windows\System\qnoUcKl.exe
  C:\Windows\System\qnoUcKl.exe
  2⤵
  PID:7628
- C:\Windows\System\RQEyJgd.exe
  C:\Windows\System\RQEyJgd.exe
  2⤵
  PID:7648
- C:\Windows\System\CZULsSq.exe
  C:\Windows\System\CZULsSq.exe
  2⤵
  PID:7668
- C:\Windows\System\RDykbUJ.exe
  C:\Windows\System\RDykbUJ.exe
  2⤵
  PID:7688
- C:\Windows\System\FJIvkyf.exe
  C:\Windows\System\FJIvkyf.exe
  2⤵
  PID:7704
- C:\Windows\System\qqymNvM.exe
  C:\Windows\System\qqymNvM.exe
  2⤵
  PID:7732
- C:\Windows\System\cbymAcp.exe
  C:\Windows\System\cbymAcp.exe
  2⤵
  PID:7748
- C:\Windows\System\gpdgXTC.exe
  C:\Windows\System\gpdgXTC.exe
  2⤵
  PID:7768
- C:\Windows\System\YQpvXBt.exe
  C:\Windows\System\YQpvXBt.exe
  2⤵
  PID:7788
- C:\Windows\System\yguDJpD.exe
  C:\Windows\System\yguDJpD.exe
  2⤵
  PID:7812
- C:\Windows\System\nFJGFCS.exe
  C:\Windows\System\nFJGFCS.exe
  2⤵
  PID:7832
- C:\Windows\System\hcbCeEu.exe
  C:\Windows\System\hcbCeEu.exe
  2⤵
  PID:7848
- C:\Windows\System\rdXQDIN.exe
  C:\Windows\System\rdXQDIN.exe
  2⤵
  PID:7868
- C:\Windows\System\BXGObkW.exe
  C:\Windows\System\BXGObkW.exe
  2⤵
  PID:7884
- C:\Windows\System\oZlFOBh.exe
  C:\Windows\System\oZlFOBh.exe
  2⤵
  PID:7904
- C:\Windows\System\WeRMpSR.exe
  C:\Windows\System\WeRMpSR.exe
  2⤵
  PID:7932
- C:\Windows\System\pCqzodJ.exe
  C:\Windows\System\pCqzodJ.exe
  2⤵
  PID:7948
- C:\Windows\System\hioUctI.exe
  C:\Windows\System\hioUctI.exe
  2⤵
  PID:7968
- C:\Windows\System\VoTBDrR.exe
  C:\Windows\System\VoTBDrR.exe
  2⤵
  PID:7984
- C:\Windows\System\qqRCbZK.exe
  C:\Windows\System\qqRCbZK.exe
  2⤵
  PID:8016
- C:\Windows\System\rmkaeow.exe
  C:\Windows\System\rmkaeow.exe
  2⤵
  PID:8032
- C:\Windows\System\BwHlpPA.exe
  C:\Windows\System\BwHlpPA.exe
  2⤵
  PID:8048
- C:\Windows\System\cwNBHGN.exe
  C:\Windows\System\cwNBHGN.exe
  2⤵
  PID:8072
- C:\Windows\System\pWmJYYw.exe
  C:\Windows\System\pWmJYYw.exe
  2⤵
  PID:8092
- C:\Windows\System\cVhOJtr.exe
  C:\Windows\System\cVhOJtr.exe
  2⤵
  PID:8112
- C:\Windows\System\cVLmcQc.exe
  C:\Windows\System\cVLmcQc.exe
  2⤵
  PID:8132
- C:\Windows\System\sGRFLZR.exe
  C:\Windows\System\sGRFLZR.exe
  2⤵
  PID:8152
- C:\Windows\System\aHvjdOd.exe
  C:\Windows\System\aHvjdOd.exe
  2⤵
  PID:8176
- C:\Windows\System\njjWInx.exe
  C:\Windows\System\njjWInx.exe
  2⤵
  PID:6804
- C:\Windows\System\lbKUwtI.exe
  C:\Windows\System\lbKUwtI.exe
  2⤵
  PID:7176
- C:\Windows\System\ypIIlIA.exe
  C:\Windows\System\ypIIlIA.exe
  2⤵
  PID:7216
- C:\Windows\System\xbWHfni.exe
  C:\Windows\System\xbWHfni.exe
  2⤵
  PID:7272
- C:\Windows\System\QfduOGv.exe
  C:\Windows\System\QfduOGv.exe
  2⤵
  PID:7284
- C:\Windows\System\MrBkKVF.exe
  C:\Windows\System\MrBkKVF.exe
  2⤵
  PID:7320
- C:\Windows\System\KyurzuT.exe
  C:\Windows\System\KyurzuT.exe
  2⤵
  PID:7352
- C:\Windows\System\FktVnIa.exe
  C:\Windows\System\FktVnIa.exe
  2⤵
  PID:7424
- C:\Windows\System\bTWodfE.exe
  C:\Windows\System\bTWodfE.exe
  2⤵
  PID:7368
- C:\Windows\System\LlxMBCl.exe
  C:\Windows\System\LlxMBCl.exe
  2⤵
  PID:7500
- C:\Windows\System\oCEVfYk.exe
  C:\Windows\System\oCEVfYk.exe
  2⤵
  PID:7456
- C:\Windows\System\RyaFmlJ.exe
  C:\Windows\System\RyaFmlJ.exe
  2⤵
  PID:7492
- C:\Windows\System\dKHYNNp.exe
  C:\Windows\System\dKHYNNp.exe
  2⤵
  PID:7544
- C:\Windows\System\acEeQfz.exe
  C:\Windows\System\acEeQfz.exe
  2⤵
  PID:7600
- C:\Windows\System\ELmKxzQ.exe
  C:\Windows\System\ELmKxzQ.exe
  2⤵
  PID:7644
- C:\Windows\System\FXxltre.exe
  C:\Windows\System\FXxltre.exe
  2⤵
  PID:7664
- C:\Windows\System\jrsUpmT.exe
  C:\Windows\System\jrsUpmT.exe
  2⤵
  PID:7712
- C:\Windows\System\Rtesvce.exe
  C:\Windows\System\Rtesvce.exe
  2⤵
  PID:7728
- C:\Windows\System\obGrKUE.exe
  C:\Windows\System\obGrKUE.exe
  2⤵
  PID:7760
- C:\Windows\System\FSzTphG.exe
  C:\Windows\System\FSzTphG.exe
  2⤵
  PID:7804
- C:\Windows\System\WAPQmLy.exe
  C:\Windows\System\WAPQmLy.exe
  2⤵
  PID:7820
- C:\Windows\System\OaWPDYY.exe
  C:\Windows\System\OaWPDYY.exe
  2⤵
  PID:7892
- C:\Windows\System\eeUpLFt.exe
  C:\Windows\System\eeUpLFt.exe
  2⤵
  PID:7912
- C:\Windows\System\myUDJdL.exe
  C:\Windows\System\myUDJdL.exe
  2⤵
  PID:7928
- C:\Windows\System\RHXZEIo.exe
  C:\Windows\System\RHXZEIo.exe
  2⤵
  PID:7940
- C:\Windows\System\YwRUvrY.exe
  C:\Windows\System\YwRUvrY.exe
  2⤵
  PID:8008
- C:\Windows\System\vMNIyHS.exe
  C:\Windows\System\vMNIyHS.exe
  2⤵
  PID:8044
- C:\Windows\System\mwmJDfI.exe
  C:\Windows\System\mwmJDfI.exe
  2⤵
  PID:8064
- C:\Windows\System\FjRZXyY.exe
  C:\Windows\System\FjRZXyY.exe
  2⤵
  PID:8100
- C:\Windows\System\KODCrsG.exe
  C:\Windows\System\KODCrsG.exe
  2⤵
  PID:8128
- C:\Windows\System\jNOmaWa.exe
  C:\Windows\System\jNOmaWa.exe
  2⤵
  PID:8160
- C:\Windows\System\DdHQSUB.exe
  C:\Windows\System\DdHQSUB.exe
  2⤵
  PID:8184
- C:\Windows\System\cJbVTom.exe
  C:\Windows\System\cJbVTom.exe
  2⤵
  PID:7212
- C:\Windows\System\uOUiKfm.exe
  C:\Windows\System\uOUiKfm.exe
  2⤵
  PID:7304
- C:\Windows\System\KgDqIAo.exe
  C:\Windows\System\KgDqIAo.exe
  2⤵
  PID:7428
- C:\Windows\System\SpgVjQu.exe
  C:\Windows\System\SpgVjQu.exe
  2⤵
  PID:7372
- C:\Windows\System\WRmVXtP.exe
  C:\Windows\System\WRmVXtP.exe
  2⤵
  PID:7440
- C:\Windows\System\BcfuSUs.exe
  C:\Windows\System\BcfuSUs.exe
  2⤵
  PID:6156
- C:\Windows\System\tTQjLgz.exe
  C:\Windows\System\tTQjLgz.exe
  2⤵
  PID:7512
- C:\Windows\System\eiWGfVX.exe
  C:\Windows\System\eiWGfVX.exe
  2⤵
  PID:7636
- C:\Windows\System\kehxwyD.exe
  C:\Windows\System\kehxwyD.exe
  2⤵
  PID:7620
- C:\Windows\System\WExxEmW.exe
  C:\Windows\System\WExxEmW.exe
  2⤵
  PID:7684
- C:\Windows\System\DsAcPXM.exe
  C:\Windows\System\DsAcPXM.exe
  2⤵
  PID:7756
- C:\Windows\System\zqptDer.exe
  C:\Windows\System\zqptDer.exe
  2⤵
  PID:7784
- C:\Windows\System\cknhrFm.exe
  C:\Windows\System\cknhrFm.exe
  2⤵
  PID:7856
- C:\Windows\System\RhCBlSV.exe
  C:\Windows\System\RhCBlSV.exe
  2⤵
  PID:7924
- C:\Windows\System\ozfqPFV.exe
  C:\Windows\System\ozfqPFV.exe
  2⤵
  PID:7964
- C:\Windows\System\LNiVFEk.exe
  C:\Windows\System\LNiVFEk.exe
  2⤵
  PID:7976
- C:\Windows\System\LcfJEef.exe
  C:\Windows\System\LcfJEef.exe
  2⤵
  PID:8108
- C:\Windows\System\aACYGKR.exe
  C:\Windows\System\aACYGKR.exe
  2⤵
  PID:7172
- C:\Windows\System\yMbHBqJ.exe
  C:\Windows\System\yMbHBqJ.exe
  2⤵
  PID:7232
- C:\Windows\System\pNeoKYH.exe
  C:\Windows\System\pNeoKYH.exe
  2⤵
  PID:7244
- C:\Windows\System\QVSbgVU.exe
  C:\Windows\System\QVSbgVU.exe
  2⤵
  PID:7256
- C:\Windows\System\CWAnbqp.exe
  C:\Windows\System\CWAnbqp.exe
  2⤵
  PID:7596
- C:\Windows\System\HLXJfvc.exe
  C:\Windows\System\HLXJfvc.exe
  2⤵
  PID:7660
- C:\Windows\System\tiHNYBy.exe
  C:\Windows\System\tiHNYBy.exe
  2⤵
  PID:7616
- C:\Windows\System\BaBemDZ.exe
  C:\Windows\System\BaBemDZ.exe
  2⤵
  PID:7880
- C:\Windows\System\aBSdLtt.exe
  C:\Windows\System\aBSdLtt.exe
  2⤵
  PID:8056
- C:\Windows\System\eEpJjZG.exe
  C:\Windows\System\eEpJjZG.exe
  2⤵
  PID:8024
- C:\Windows\System\ivsZYTm.exe
  C:\Windows\System\ivsZYTm.exe
  2⤵
  PID:8080
- C:\Windows\System\qERmcJo.exe
  C:\Windows\System\qERmcJo.exe
  2⤵
  PID:7844
- C:\Windows\System\OtuzeFs.exe
  C:\Windows\System\OtuzeFs.exe
  2⤵
  PID:8124
- C:\Windows\System\nPsmQTb.exe
  C:\Windows\System\nPsmQTb.exe
  2⤵
  PID:8084
- C:\Windows\System\gnqEdGo.exe
  C:\Windows\System\gnqEdGo.exe
  2⤵
  PID:5812
- C:\Windows\System\tIlkOTY.exe
  C:\Windows\System\tIlkOTY.exe
  2⤵
  PID:7580
- C:\Windows\System\SSFHwuR.exe
  C:\Windows\System\SSFHwuR.exe
  2⤵
  PID:7944
- C:\Windows\System\MsTRTuT.exe
  C:\Windows\System\MsTRTuT.exe
  2⤵
  PID:7740
- C:\Windows\System\fvxOZOA.exe
  C:\Windows\System\fvxOZOA.exe
  2⤵
  PID:8148
- C:\Windows\System\zUbsFlp.exe
  C:\Windows\System\zUbsFlp.exe
  2⤵
  PID:8144
- C:\Windows\System\nZDEZUn.exe
  C:\Windows\System\nZDEZUn.exe
  2⤵
  PID:7496
- C:\Windows\System\eEYCUfn.exe
  C:\Windows\System\eEYCUfn.exe
  2⤵
  PID:7564
- C:\Windows\System\ogrciQo.exe
  C:\Windows\System\ogrciQo.exe
  2⤵
  PID:7680
- C:\Windows\System\CMosBgN.exe
  C:\Windows\System\CMosBgN.exe
  2⤵
  PID:8068
- C:\Windows\System\qOOcwJr.exe
  C:\Windows\System\qOOcwJr.exe
  2⤵
  PID:8172
- C:\Windows\System\QfmpPMZ.exe
  C:\Windows\System\QfmpPMZ.exe
  2⤵
  PID:7724
- C:\Windows\System\hEwuXKx.exe
  C:\Windows\System\hEwuXKx.exe
  2⤵
  PID:7828
- C:\Windows\System\pWqBSrQ.exe
  C:\Windows\System\pWqBSrQ.exe
  2⤵
  PID:8004
- C:\Windows\System\YxEDhKG.exe
  C:\Windows\System\YxEDhKG.exe
  2⤵
  PID:7308
- C:\Windows\System\EksKEqz.exe
  C:\Windows\System\EksKEqz.exe
  2⤵
  PID:7540
- C:\Windows\System\QUtSJYq.exe
  C:\Windows\System\QUtSJYq.exe
  2⤵
  PID:8196
- C:\Windows\System\pUvRNrl.exe
  C:\Windows\System\pUvRNrl.exe
  2⤵
  PID:8220
- C:\Windows\System\YzHJfYk.exe
  C:\Windows\System\YzHJfYk.exe
  2⤵
  PID:8240
- C:\Windows\System\wIMFMMD.exe
  C:\Windows\System\wIMFMMD.exe
  2⤵
  PID:8256
- C:\Windows\System\jALjSDU.exe
  C:\Windows\System\jALjSDU.exe
  2⤵
  PID:8272
- C:\Windows\System\ENvNWWO.exe
  C:\Windows\System\ENvNWWO.exe
  2⤵
  PID:8288
- C:\Windows\System\wkIKxPZ.exe
  C:\Windows\System\wkIKxPZ.exe
  2⤵
  PID:8316
- C:\Windows\System\RqWISMW.exe
  C:\Windows\System\RqWISMW.exe
  2⤵
  PID:8332
- C:\Windows\System\rRJHoUe.exe
  C:\Windows\System\rRJHoUe.exe
  2⤵
  PID:8348
- C:\Windows\System\YrZEaRn.exe
  C:\Windows\System\YrZEaRn.exe
  2⤵
  PID:8368
- C:\Windows\System\vPriVdy.exe
  C:\Windows\System\vPriVdy.exe
  2⤵
  PID:8388
- C:\Windows\System\pcKKrTF.exe
  C:\Windows\System\pcKKrTF.exe
  2⤵
  PID:8408
- C:\Windows\System\oFxYNMd.exe
  C:\Windows\System\oFxYNMd.exe
  2⤵
  PID:8428
- C:\Windows\System\LTqpcrX.exe
  C:\Windows\System\LTqpcrX.exe
  2⤵
  PID:8460
- C:\Windows\System\MCHVFSH.exe
  C:\Windows\System\MCHVFSH.exe
  2⤵
  PID:8476
- C:\Windows\System\kwYErIB.exe
  C:\Windows\System\kwYErIB.exe
  2⤵
  PID:8496
- C:\Windows\System\hVmvzQC.exe
  C:\Windows\System\hVmvzQC.exe
  2⤵
  PID:8512
- C:\Windows\System\oMxkwcF.exe
  C:\Windows\System\oMxkwcF.exe
  2⤵
  PID:8532
- C:\Windows\System\suBDEBS.exe
  C:\Windows\System\suBDEBS.exe
  2⤵
  PID:8560
- C:\Windows\System\bNBwtFK.exe
  C:\Windows\System\bNBwtFK.exe
  2⤵
  PID:8576
- C:\Windows\System\vrvBlup.exe
  C:\Windows\System\vrvBlup.exe
  2⤵
  PID:8600
- C:\Windows\System\UpnkCOe.exe
  C:\Windows\System\UpnkCOe.exe
  2⤵
  PID:8616
- C:\Windows\System\avkmcSi.exe
  C:\Windows\System\avkmcSi.exe
  2⤵
  PID:8632
- C:\Windows\System\iejcBGZ.exe
  C:\Windows\System\iejcBGZ.exe
  2⤵
  PID:8652
- C:\Windows\System\zkWuhBh.exe
  C:\Windows\System\zkWuhBh.exe
  2⤵
  PID:8672
- C:\Windows\System\MisDZYa.exe
  C:\Windows\System\MisDZYa.exe
  2⤵
  PID:8692
- C:\Windows\System\gvOigkJ.exe
  C:\Windows\System\gvOigkJ.exe
  2⤵
  PID:8708
- C:\Windows\System\OoiDQce.exe
  C:\Windows\System\OoiDQce.exe
  2⤵
  PID:8732
- C:\Windows\System\TRcdWBi.exe
  C:\Windows\System\TRcdWBi.exe
  2⤵
  PID:8752
- C:\Windows\System\SpIhytw.exe
  C:\Windows\System\SpIhytw.exe
  2⤵
  PID:8776
- C:\Windows\System\geaUXGK.exe
  C:\Windows\System\geaUXGK.exe
  2⤵
  PID:8796
- C:\Windows\System\UnAUekl.exe
  C:\Windows\System\UnAUekl.exe
  2⤵
  PID:8816
- C:\Windows\System\qazkWzl.exe
  C:\Windows\System\qazkWzl.exe
  2⤵
  PID:8844
- C:\Windows\System\DiJbwSs.exe
  C:\Windows\System\DiJbwSs.exe
  2⤵
  PID:8860
- C:\Windows\System\ebREMdO.exe
  C:\Windows\System\ebREMdO.exe
  2⤵
  PID:8876
- C:\Windows\System\lHjKiBc.exe
  C:\Windows\System\lHjKiBc.exe
  2⤵
  PID:8896
- C:\Windows\System\fHSKXGJ.exe
  C:\Windows\System\fHSKXGJ.exe
  2⤵
  PID:8924
- C:\Windows\System\xxiiQXI.exe
  C:\Windows\System\xxiiQXI.exe
  2⤵
  PID:8944
- C:\Windows\System\CxUbgMa.exe
  C:\Windows\System\CxUbgMa.exe
  2⤵
  PID:8960
- C:\Windows\System\MgpYMXo.exe
  C:\Windows\System\MgpYMXo.exe
  2⤵
  PID:8976
- C:\Windows\System\QOySqbU.exe
  C:\Windows\System\QOySqbU.exe
  2⤵
  PID:8996
- C:\Windows\System\MafWekq.exe
  C:\Windows\System\MafWekq.exe
  2⤵
  PID:9020
- C:\Windows\System\liEsCPI.exe
  C:\Windows\System\liEsCPI.exe
  2⤵
  PID:9040
- C:\Windows\System\crLWRFK.exe
  C:\Windows\System\crLWRFK.exe
  2⤵
  PID:9060
- C:\Windows\System\cltTzup.exe
  C:\Windows\System\cltTzup.exe
  2⤵
  PID:9080
- C:\Windows\System\xpTBYJq.exe
  C:\Windows\System\xpTBYJq.exe
  2⤵
  PID:9100
- C:\Windows\System\AdyoJIz.exe
  C:\Windows\System\AdyoJIz.exe
  2⤵
  PID:9124
- C:\Windows\System\DdCBCAu.exe
  C:\Windows\System\DdCBCAu.exe
  2⤵
  PID:9140
- C:\Windows\System\OruaUTH.exe
  C:\Windows\System\OruaUTH.exe
  2⤵
  PID:9156
- C:\Windows\System\ngRDauG.exe
  C:\Windows\System\ngRDauG.exe
  2⤵
  PID:9184
- C:\Windows\System\VCogBCs.exe
  C:\Windows\System\VCogBCs.exe
  2⤵
  PID:9204
- C:\Windows\System\rmsebVJ.exe
  C:\Windows\System\rmsebVJ.exe
  2⤵
  PID:7584
- C:\Windows\System\zFkssss.exe
  C:\Windows\System\zFkssss.exe
  2⤵
  PID:8216
- C:\Windows\System\JLcgUaE.exe
  C:\Windows\System\JLcgUaE.exe
  2⤵
  PID:8252
- C:\Windows\System\mrSljlk.exe
  C:\Windows\System\mrSljlk.exe
  2⤵
  PID:8280
- C:\Windows\System\kAkvcLk.exe
  C:\Windows\System\kAkvcLk.exe
  2⤵
  PID:8380
- C:\Windows\System\PsvPLex.exe
  C:\Windows\System\PsvPLex.exe
  2⤵
  PID:8400
- C:\Windows\System\dkIdQDK.exe
  C:\Windows\System\dkIdQDK.exe
  2⤵
  PID:8364
- C:\Windows\System\vUPnocD.exe
  C:\Windows\System\vUPnocD.exe
  2⤵
  PID:8444
- C:\Windows\System\Xvxadxl.exe
  C:\Windows\System\Xvxadxl.exe
  2⤵
  PID:8468
- C:\Windows\System\PEZNNTe.exe
  C:\Windows\System\PEZNNTe.exe
  2⤵
  PID:8508
- C:\Windows\System\AgcVsIg.exe
  C:\Windows\System\AgcVsIg.exe
  2⤵
  PID:8488
- C:\Windows\System\bqBJUql.exe
  C:\Windows\System\bqBJUql.exe
  2⤵
  PID:8572
- C:\Windows\System\XvtFKRM.exe
  C:\Windows\System\XvtFKRM.exe
  2⤵
  PID:8596
- C:\Windows\System\jZLQfnk.exe
  C:\Windows\System\jZLQfnk.exe
  2⤵
  PID:8700
- C:\Windows\System\TkrfoZu.exe
  C:\Windows\System\TkrfoZu.exe
  2⤵
  PID:8748
- C:\Windows\System\MKEJckH.exe
  C:\Windows\System\MKEJckH.exe
  2⤵
  PID:8792
- C:\Windows\System\JtysdKO.exe
  C:\Windows\System\JtysdKO.exe
  2⤵
  PID:8680
- C:\Windows\System\oEerglv.exe
  C:\Windows\System\oEerglv.exe
  2⤵
  PID:8724
- C:\Windows\System\YEfJuJO.exe
  C:\Windows\System\YEfJuJO.exe
  2⤵
  PID:8812
- C:\Windows\System\jtYuJlZ.exe
  C:\Windows\System\jtYuJlZ.exe
  2⤵
  PID:8836
- C:\Windows\System\bDqqZVl.exe
  C:\Windows\System\bDqqZVl.exe
  2⤵
  PID:8852
- C:\Windows\System\YDTHiFQ.exe
  C:\Windows\System\YDTHiFQ.exe
  2⤵
  PID:8912
- C:\Windows\System\SePWmXu.exe
  C:\Windows\System\SePWmXu.exe
  2⤵
  PID:8952
- C:\Windows\System\hrFqwSh.exe
  C:\Windows\System\hrFqwSh.exe
  2⤵
  PID:8940
- C:\Windows\System\rPBteIP.exe
  C:\Windows\System\rPBteIP.exe
  2⤵
  PID:9004
- C:\Windows\System\TUoKvRO.exe
  C:\Windows\System\TUoKvRO.exe
  2⤵
  PID:9036
- C:\Windows\System\TliHmto.exe
  C:\Windows\System\TliHmto.exe
  2⤵
  PID:9056
- C:\Windows\System\GOPgyRk.exe
  C:\Windows\System\GOPgyRk.exe
  2⤵
  PID:9096
- C:\Windows\System\jReJpNE.exe
  C:\Windows\System\jReJpNE.exe
  2⤵
  PID:9132
- C:\Windows\System\nNjzHHO.exe
  C:\Windows\System\nNjzHHO.exe
  2⤵
  PID:9172
- C:\Windows\System\EGDbrFa.exe
  C:\Windows\System\EGDbrFa.exe
  2⤵
  PID:9192
- C:\Windows\System\tnycDcD.exe
  C:\Windows\System\tnycDcD.exe
  2⤵
  PID:8268
- C:\Windows\System\YJMSQLw.exe
  C:\Windows\System\YJMSQLw.exe
  2⤵
  PID:8312
- C:\Windows\System\eAxQMFi.exe
  C:\Windows\System\eAxQMFi.exe
  2⤵
  PID:8424
- C:\Windows\System\ZOYuVwG.exe
  C:\Windows\System\ZOYuVwG.exe
  2⤵
  PID:8376
- C:\Windows\System\ODdPBdf.exe
  C:\Windows\System\ODdPBdf.exe
  2⤵
  PID:8452
- C:\Windows\System\BHttMAE.exe
  C:\Windows\System\BHttMAE.exe
  2⤵
  PID:8548
- C:\Windows\System\YmEVxiG.exe
  C:\Windows\System\YmEVxiG.exe
  2⤵
  PID:8588
- C:\Windows\System\DqEeFDE.exe
  C:\Windows\System\DqEeFDE.exe
  2⤵
  PID:8592
- C:\Windows\System\wAzqULS.exe
  C:\Windows\System\wAzqULS.exe
  2⤵
  PID:8668
- C:\Windows\System\CMCCyGI.exe
  C:\Windows\System\CMCCyGI.exe
  2⤵
  PID:8760
- C:\Windows\System\SdyACzy.exe
  C:\Windows\System\SdyACzy.exe
  2⤵
  PID:8640
- C:\Windows\System\BgUESwv.exe
  C:\Windows\System\BgUESwv.exe
  2⤵
  PID:8768
- C:\Windows\System\fKsEHHP.exe
  C:\Windows\System\fKsEHHP.exe
  2⤵
  PID:8904
- C:\Windows\System\msdUpHW.exe
  C:\Windows\System\msdUpHW.exe
  2⤵
  PID:8956
- C:\Windows\System\lidRFOB.exe
  C:\Windows\System\lidRFOB.exe
  2⤵
  PID:8968
- C:\Windows\System\zMIxlMx.exe
  C:\Windows\System\zMIxlMx.exe
  2⤵
  PID:9068
- C:\Windows\System\DgbTbDD.exe
  C:\Windows\System\DgbTbDD.exe
  2⤵
  PID:9112
- C:\Windows\System\QiVVBCq.exe
  C:\Windows\System\QiVVBCq.exe
  2⤵
  PID:9180
- C:\Windows\System\KekGszB.exe
  C:\Windows\System\KekGszB.exe
  2⤵
  PID:9196
- C:\Windows\System\sLJfISB.exe
  C:\Windows\System\sLJfISB.exe
  2⤵
  PID:8304
- C:\Windows\System\HsiLnou.exe
  C:\Windows\System\HsiLnou.exe
  2⤵
  PID:8356
- C:\Windows\System\KWPxJni.exe
  C:\Windows\System\KWPxJni.exe
  2⤵
  PID:8484
- C:\Windows\System\fiqDXuS.exe
  C:\Windows\System\fiqDXuS.exe
  2⤵
  PID:8660
- C:\Windows\System\GJGjPna.exe
  C:\Windows\System\GJGjPna.exe
  2⤵
  PID:8824
- C:\Windows\System\JmqVIQw.exe
  C:\Windows\System\JmqVIQw.exe
  2⤵
  PID:8648
- C:\Windows\System\SeqYyHy.exe
  C:\Windows\System\SeqYyHy.exe
  2⤵
  PID:8808
- C:\Windows\System\pJJxPZN.exe
  C:\Windows\System\pJJxPZN.exe
  2⤵
  PID:8804
- C:\Windows\System\ufROAoJ.exe
  C:\Windows\System\ufROAoJ.exe
  2⤵
  PID:8992
- C:\Windows\System\GlTeXFW.exe
  C:\Windows\System\GlTeXFW.exe
  2⤵
  PID:9212
- C:\Windows\System\VdYHYuH.exe
  C:\Windows\System\VdYHYuH.exe
  2⤵
  PID:9168
- C:\Windows\System\wHHMVLB.exe
  C:\Windows\System\wHHMVLB.exe
  2⤵
  PID:8456
- C:\Windows\System\eQqWMZz.exe
  C:\Windows\System\eQqWMZz.exe
  2⤵
  PID:8504
- C:\Windows\System\KACPhSU.exe
  C:\Windows\System\KACPhSU.exe
  2⤵
  PID:8608
- C:\Windows\System\ZZNdQqi.exe
  C:\Windows\System\ZZNdQqi.exe
  2⤵
  PID:8688
- C:\Windows\System\JcadKbd.exe
  C:\Windows\System\JcadKbd.exe
  2⤵
  PID:9008
- C:\Windows\System\wvfQfQF.exe
  C:\Windows\System\wvfQfQF.exe
  2⤵
  PID:9116
- C:\Windows\System\IsiqLHJ.exe
  C:\Windows\System\IsiqLHJ.exe
  2⤵
  PID:8296
- C:\Windows\System\JKkjZWm.exe
  C:\Windows\System\JKkjZWm.exe
  2⤵
  PID:8528
- C:\Windows\System\TwPjWii.exe
  C:\Windows\System\TwPjWii.exe
  2⤵
  PID:8908
- C:\Windows\System\poUSJLl.exe
  C:\Windows\System\poUSJLl.exe
  2⤵
  PID:9032
- C:\Windows\System\qIwMEqh.exe
  C:\Windows\System\qIwMEqh.exe
  2⤵
  PID:9164
- C:\Windows\System\eXdwEBA.exe
  C:\Windows\System\eXdwEBA.exe
  2⤵
  PID:8360
- C:\Windows\System\TxRbmnN.exe
  C:\Windows\System\TxRbmnN.exe
  2⤵
  PID:8644
- C:\Windows\System\VcSfaNW.exe
  C:\Windows\System\VcSfaNW.exe
  2⤵
  PID:8232
- C:\Windows\System\aWUDZkf.exe
  C:\Windows\System\aWUDZkf.exe
  2⤵
  PID:9236
- C:\Windows\System\krNLBPe.exe
  C:\Windows\System\krNLBPe.exe
  2⤵
  PID:9252
- C:\Windows\System\KKxuIUa.exe
  C:\Windows\System\KKxuIUa.exe
  2⤵
  PID:9272
- C:\Windows\System\pcoKJlS.exe
  C:\Windows\System\pcoKJlS.exe
  2⤵
  PID:9288
- C:\Windows\System\DfYXEQT.exe
  C:\Windows\System\DfYXEQT.exe
  2⤵
  PID:9304
- C:\Windows\System\yleUzqk.exe
  C:\Windows\System\yleUzqk.exe
  2⤵
  PID:9320
- C:\Windows\System\KqlRxWz.exe
  C:\Windows\System\KqlRxWz.exe
  2⤵
  PID:9336
- C:\Windows\System\ldFEabA.exe
  C:\Windows\System\ldFEabA.exe
  2⤵
  PID:9352
- C:\Windows\System\eOkCDPA.exe
  C:\Windows\System\eOkCDPA.exe
  2⤵
  PID:9368
- C:\Windows\System\nepagvq.exe
  C:\Windows\System\nepagvq.exe
  2⤵
  PID:9384
- C:\Windows\System\lsxUarJ.exe
  C:\Windows\System\lsxUarJ.exe
  2⤵
  PID:9400
- C:\Windows\System\lhzGgWn.exe
  C:\Windows\System\lhzGgWn.exe
  2⤵
  PID:9420
- C:\Windows\System\pqetLfp.exe
  C:\Windows\System\pqetLfp.exe
  2⤵
  PID:9436
- C:\Windows\System\CWgxbek.exe
  C:\Windows\System\CWgxbek.exe
  2⤵
  PID:9452
- C:\Windows\System\xFJXMBB.exe
  C:\Windows\System\xFJXMBB.exe
  2⤵
  PID:9472
- C:\Windows\System\mgtkMih.exe
  C:\Windows\System\mgtkMih.exe
  2⤵
  PID:9488
- C:\Windows\System\wlNVpCE.exe
  C:\Windows\System\wlNVpCE.exe
  2⤵
  PID:9516
- C:\Windows\System\IzvpfKh.exe
  C:\Windows\System\IzvpfKh.exe
  2⤵
  PID:9536
- C:\Windows\System\VwIIZHe.exe
  C:\Windows\System\VwIIZHe.exe
  2⤵
  PID:9556
- C:\Windows\System\cnbagHH.exe
  C:\Windows\System\cnbagHH.exe
  2⤵
  PID:9580
- C:\Windows\System\DGVTpJt.exe
  C:\Windows\System\DGVTpJt.exe
  2⤵
  PID:9600
- C:\Windows\System\EBMkBjM.exe
  C:\Windows\System\EBMkBjM.exe
  2⤵
  PID:9616
- C:\Windows\System\vWqWaTn.exe
  C:\Windows\System\vWqWaTn.exe
  2⤵
  PID:9632
- C:\Windows\System\PJjqUdH.exe
  C:\Windows\System\PJjqUdH.exe
  2⤵
  PID:9648
- C:\Windows\System\ruAFgaH.exe
  C:\Windows\System\ruAFgaH.exe
  2⤵
  PID:9668
- C:\Windows\System\XpSUDRg.exe
  C:\Windows\System\XpSUDRg.exe
  2⤵
  PID:9684
- C:\Windows\System\CPvGLUu.exe
  C:\Windows\System\CPvGLUu.exe
  2⤵
  PID:9700
- C:\Windows\System\filWrMF.exe
  C:\Windows\System\filWrMF.exe
  2⤵
  PID:9720
- C:\Windows\System\WjeloFj.exe
  C:\Windows\System\WjeloFj.exe
  2⤵
  PID:9744
- C:\Windows\System\hkTqXCV.exe
  C:\Windows\System\hkTqXCV.exe
  2⤵
  PID:9760
- C:\Windows\System\wzIZyuf.exe
  C:\Windows\System\wzIZyuf.exe
  2⤵
  PID:9784
- C:\Windows\System\nULimzC.exe
  C:\Windows\System\nULimzC.exe
  2⤵
  PID:9800
- C:\Windows\System\Sjfhlxb.exe
  C:\Windows\System\Sjfhlxb.exe
  2⤵
  PID:9816
- C:\Windows\System\NDJffhw.exe
  C:\Windows\System\NDJffhw.exe
  2⤵
  PID:9832
- C:\Windows\System\QnIdDsk.exe
  C:\Windows\System\QnIdDsk.exe
  2⤵
  PID:9848
- C:\Windows\System\jCssRPE.exe
  C:\Windows\System\jCssRPE.exe
  2⤵
  PID:9864
- C:\Windows\System\bSFhVJa.exe
  C:\Windows\System\bSFhVJa.exe
  2⤵
  PID:9880
- C:\Windows\System\SQLFSxL.exe
  C:\Windows\System\SQLFSxL.exe
  2⤵
  PID:9896
- C:\Windows\System\gSzCuEm.exe
  C:\Windows\System\gSzCuEm.exe
  2⤵
  PID:9912
- C:\Windows\System\RijXwEo.exe
  C:\Windows\System\RijXwEo.exe
  2⤵
  PID:9928
- C:\Windows\System\cXtzEGM.exe
  C:\Windows\System\cXtzEGM.exe
  2⤵
  PID:9944
- C:\Windows\System\rCUxSmc.exe
  C:\Windows\System\rCUxSmc.exe
  2⤵
  PID:9960
- C:\Windows\System\vqcEWfi.exe
  C:\Windows\System\vqcEWfi.exe
  2⤵
  PID:9976
- C:\Windows\System\FLuBOQh.exe
  C:\Windows\System\FLuBOQh.exe
  2⤵
  PID:9992
- C:\Windows\System\AbGKbRB.exe
  C:\Windows\System\AbGKbRB.exe
  2⤵
  PID:10008
- C:\Windows\System\lpWyIOY.exe
  C:\Windows\System\lpWyIOY.exe
  2⤵
  PID:10024
- C:\Windows\System\nSAwfrK.exe
  C:\Windows\System\nSAwfrK.exe
  2⤵
  PID:10040
- C:\Windows\System\KLarjjp.exe
  C:\Windows\System\KLarjjp.exe
  2⤵
  PID:10056
- C:\Windows\System\MoWALvH.exe
  C:\Windows\System\MoWALvH.exe
  2⤵
  PID:10072
- C:\Windows\System\xaIwiPU.exe
  C:\Windows\System\xaIwiPU.exe
  2⤵
  PID:10088
- C:\Windows\System\eOKLUgW.exe
  C:\Windows\System\eOKLUgW.exe
  2⤵
  PID:10104
- C:\Windows\System\AXEakrf.exe
  C:\Windows\System\AXEakrf.exe
  2⤵
  PID:10120
- C:\Windows\System\mDbKWVV.exe
  C:\Windows\System\mDbKWVV.exe
  2⤵
  PID:10136
- C:\Windows\System\wnYAIVC.exe
  C:\Windows\System\wnYAIVC.exe
  2⤵
  PID:10152
- C:\Windows\System\dFynFYD.exe
  C:\Windows\System\dFynFYD.exe
  2⤵
  PID:10168
- C:\Windows\System\uVeNiZT.exe
  C:\Windows\System\uVeNiZT.exe
  2⤵
  PID:10184
- C:\Windows\System\HZDwIHc.exe
  C:\Windows\System\HZDwIHc.exe
  2⤵
  PID:10208
- C:\Windows\System\PNGpLFc.exe
  C:\Windows\System\PNGpLFc.exe
  2⤵
  PID:10224
- C:\Windows\System\mDlgsTp.exe
  C:\Windows\System\mDlgsTp.exe
  2⤵
  PID:9076
- C:\Windows\System\RgqoQto.exe
  C:\Windows\System\RgqoQto.exe
  2⤵
  PID:7900
- C:\Windows\System\AFrwMzr.exe
  C:\Windows\System\AFrwMzr.exe
  2⤵
  PID:9220
- C:\Windows\System\WTvCCBa.exe
  C:\Windows\System\WTvCCBa.exe
  2⤵
  PID:9268
- C:\Windows\System\pQfQAXY.exe
  C:\Windows\System\pQfQAXY.exe
  2⤵
  PID:9284
- C:\Windows\System\cteIMCo.exe
  C:\Windows\System\cteIMCo.exe
  2⤵
  PID:9332
- C:\Windows\System\tyXiYvZ.exe
  C:\Windows\System\tyXiYvZ.exe
  2⤵
  PID:9316
- C:\Windows\System\DRsoUxp.exe
  C:\Windows\System\DRsoUxp.exe
  2⤵
  PID:9380
- C:\Windows\System\pGNdSuW.exe
  C:\Windows\System\pGNdSuW.exe
  2⤵
  PID:9428
- C:\Windows\System\ULDJzDd.exe
  C:\Windows\System\ULDJzDd.exe
  2⤵
  PID:9444
- C:\Windows\System\oeyYhQI.exe
  C:\Windows\System\oeyYhQI.exe
  2⤵
  PID:9500
- C:\Windows\System\SBHIrTZ.exe
  C:\Windows\System\SBHIrTZ.exe
  2⤵
  PID:9484
- C:\Windows\System\zJCtLyZ.exe
  C:\Windows\System\zJCtLyZ.exe
  2⤵
  PID:9548
- C:\Windows\System\ajHOOpz.exe
  C:\Windows\System\ajHOOpz.exe
  2⤵
  PID:9528
- C:\Windows\System\JHGrXgO.exe
  C:\Windows\System\JHGrXgO.exe
  2⤵
  PID:9532
- C:\Windows\System\FfEFnAT.exe
  C:\Windows\System\FfEFnAT.exe
  2⤵
  PID:9624
- C:\Windows\System\bCNiDyN.exe
  C:\Windows\System\bCNiDyN.exe
  2⤵
  PID:9644
- C:\Windows\System\nooGRco.exe
  C:\Windows\System\nooGRco.exe
  2⤵
  PID:9680
- C:\Windows\System\rVijKkj.exe
  C:\Windows\System\rVijKkj.exe
  2⤵
  PID:9708
- C:\Windows\System\wMFBnGM.exe
  C:\Windows\System\wMFBnGM.exe
  2⤵
  PID:9732
- C:\Windows\System\FvSyOVd.exe
  C:\Windows\System\FvSyOVd.exe
  2⤵
  PID:9756
- C:\Windows\System\CkzXmGc.exe
  C:\Windows\System\CkzXmGc.exe
  2⤵
  PID:9796
- C:\Windows\System\acMdBxX.exe
  C:\Windows\System\acMdBxX.exe
  2⤵
  PID:9808
- C:\Windows\System\EcjLZfj.exe
  C:\Windows\System\EcjLZfj.exe
  2⤵
  PID:9872
- C:\Windows\System\zzvNlRw.exe
  C:\Windows\System\zzvNlRw.exe
  2⤵
  PID:9888
- C:\Windows\System\RMDfokf.exe
  C:\Windows\System\RMDfokf.exe
  2⤵
  PID:9940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BHUmdOe.exe

Filesize
6.0MB

MD5
f8af3ab0a9a771d834cd03b448c6c679

SHA1
1c8a480d074c6da27171ed22c69ae821cffd7d1d

SHA256
8bfc4d476b5bf29cf74359b529bfbabfd625f253814fa2c04e0d4ea26a702364

SHA512
8a6f3e535a14987daab763611da4e496b20c589808a17d934775ef677ada8ab7227e77d8293667be28039fd77e43b1007127adbd5ec729b3c4110e1889327e93

Download Submit
C:\Windows\system\BJrDxcP.exe

Filesize
6.0MB

MD5
0dd1d7ed4307e817843eca213af40b50

SHA1
e88709fedb80a13da828476e132aac12477c956d

SHA256
7f2413bc53a02453169a4869a75b7f5aff63ce5516434974b017adfb713d619e

SHA512
62697b06575bb6fd865a3f81d5614c9bf2008df39021211250093d9850a8f560dd3869581eada9552c71e6df4dca4227579544dc2c3b8f820aa090788c2844a9

Download Submit
C:\Windows\system\BmAyJhZ.exe

Filesize
6.0MB

MD5
09cc3d0de26cf246bb7658570f92f82e

SHA1
93129a87a7739bba25c22f72554ffa6cafbc1638

SHA256
6541c1aca3db1fc214934be9f041b89fb2d7c6ce5d28823184425de7e339681b

SHA512
bb4af549d6d6797419dcee805c31d7b8ab2d8f8449262b9ea8df9fe75aea8d3160c14fc1a0a1cb604a62a73119787e383e1b8d55f47ffd52e09b2734892a7583

Download Submit
C:\Windows\system\DWEOvUt.exe

Filesize
6.0MB

MD5
38354b2c2b0e98ea3283fd3a71747cd7

SHA1
77631e9ae40995c055eeab56ddaf4626c33eb6f4

SHA256
dbb7d2ad30df38f6d7d072c6ae8eb19b5d2075ab77d1bfee1912b78e3631d1b3

SHA512
26bb93bc90a94d4f07c73aa2a523d731afdc9ad0ab6f7d84a82313475cfda49cc24b2e56ee9e5e1363027f45298a77770d5f3bdb9bd8a9c5dd40356c660ba0a8

Download Submit
C:\Windows\system\FHymOyq.exe

Filesize
6.0MB

MD5
ff4e62cec50110af53fa9fbb9968ee11

SHA1
2e9c2abd650e29b27af1d2e24af1ba68983ca736

SHA256
e9c740b0b37541f92b934f64b9878a881acbda8aec2ed871be98bbe01661bb39

SHA512
2366d8acdff78aee30ac906bcd433c5fd2f740ed0995ccb7c1a49ef554ac607cc27bf1ad0860f0577019392d6b9c2d6557b8c71bda1904f743e7d4914d49295a

Download Submit
C:\Windows\system\GBgAkjj.exe

Filesize
6.0MB

MD5
a51505e3d75f1490b5704df23a7c7c0d

SHA1
fff3962acd98e24806313f673a10068ef64fda5f

SHA256
c35659c3aa370538eb9b7a558c45afaff4a6643b375a9a73449f0e39bd3fa557

SHA512
45174723eb9d2517cf2c832153b36debe603517ebe3eb02c8efcba7a96c95e70bb97b28769ce3c0dda2ea95c2358d8547426bb47d997bed6ee2b1e3c6c6dd52e

Download Submit
C:\Windows\system\NyNMsnm.exe

Filesize
6.0MB

MD5
27b8d658fb6120fb3b86c030689f4ad4

SHA1
89aae8fec67bcd0c02b49e1af063803fc22fe1f1

SHA256
aa7174f895a072e6bbdaf1557d6fe83e06391bd2b37acd27a8657f27b5dfef8e

SHA512
183c0c75e31d081c68ee58e8f8cfc5e168f097d80ef1b79e728f9849be3e3071c23e11d534b32233cc5de3b7e2cfa038d3dc91f6fee0d4f4d2a946baaf281ccd

Download Submit
C:\Windows\system\PRcLPRf.exe

Filesize
6.0MB

MD5
b5d052139821f325d32e4bcc0ceb9dd1

SHA1
dd677b0ea25de0b3520bef0c4bee1dc026f8be40

SHA256
0548002d3ccecea01d3976adf40bde4b9e9e21c0e7a0d5501132d9219e1e216e

SHA512
f72dc4626220e91d305e2c5f14fe80532262d5b1ee464cdc540d28bfd757444be1774c759d2fb9eb31245aed56839620c3d1cd99970e3a9795bf28ca6480789a

Download Submit
C:\Windows\system\QZIUatc.exe

Filesize
6.0MB

MD5
177864d232cdc40a2fc7fc3a84f4908e

SHA1
f8d99013b6acb27b11a6b3d4b1d7992ed140666f

SHA256
4a182d83cf9d2d9a3e0c0f5231e34a2f7f827cf78ad5b2b3a0240728f9571da7

SHA512
c58d02864c42207a75c93383ba8bece73acd316ada8b5951b3662a57d68aa42ae569b3201e32ffcc545ab1fa053e64c9e989e2d3ada139c8ec0a4f8a042ef76e

Download Submit
C:\Windows\system\TATRAxM.exe

Filesize
6.0MB

MD5
347a0df02bbe5d50fee40f30f87ebe8a

SHA1
344591e539dc7efd2a1c4e5d8568a9b294829077

SHA256
de70df513d7883f92e2db6ea190149dd1604b9b9d84f632e4899f93282008482

SHA512
a7fc7a0d170884e9578e01bb146e7bf1ddf406d4241ec23c603b7817da21903fd10b00f0261e8b35983b0b39715214e9e427bc9d18465338f97591b29101cdb4

Download Submit
C:\Windows\system\TDwybUN.exe

Filesize
6.0MB

MD5
98d9bedcd2233072a7882827af4ec366

SHA1
d88dcf1f39399d79cca924a3ccba790d18b8ffa3

SHA256
7ee01b98a2cd44cf104ceabafeb270a55c93765589315806af98568748ad9f90

SHA512
a560c6a78eeb36b575e040d3b8d1191cc42e082ca4904ca4c5e9e7241ee0e608e1e0b5020eb4bd0be0e0d8e40d711b89148b99fe1cb7f46ee19dacf7b705835c

Download Submit
C:\Windows\system\VVjciqK.exe

Filesize
6.0MB

MD5
af1a75af2709bdacc7bf1ee61aaa8d60

SHA1
2e07cad7b7a6e27eafda6db56db479566414610c

SHA256
68e770f627bcba13ea5cc2431bc084e8d6128e9d606d2ca9b3de72b449e85fa1

SHA512
18acef926a3c4716ce4448b421ae854319aad1c9809dbe61fd90c3f2e52f4d1948e3ed38fe4c33447c60be512b81c9020444f67fe7b8a6406fa52ecaae56216b

Download Submit
C:\Windows\system\WzMCfEi.exe

Filesize
6.0MB

MD5
9628112d45cbc998be1ef1b6cfa49841

SHA1
d49d84bc40449e2c1b316e8afba16f45045fdf95

SHA256
178dd59cbd32797a6afb3cf60f46056bd752362eb4265061afa5256e2dfad1a8

SHA512
f25ab878ddbeeb86b65be3d6d6b764a6160d72b6888cf2d2df6213bda7d9420653cd7b893f8a5baf21a7b4ce384517b23e20b89a08ea313feb09136e734d90d5

Download Submit
C:\Windows\system\XlAujLu.exe

Filesize
6.0MB

MD5
64f2859219e83e920ee0d8d59edf7630

SHA1
0bd4d9e9a36a077329cb8c6fe1be7b361d85d7d0

SHA256
1a1f82dcb3e855177ea6e51bf44b98784062416180b4a2e04e0782ebfe34e04d

SHA512
6ed74a1eb62eb974d1bf4ec6426fba726aa6837fc7c994440d430ee44fed3c9de50bf5afd0281a9a890a6b9f3d62ac54d21952d695360e2837d0a943e7cd4c6e

Download Submit
C:\Windows\system\XsGASBB.exe

Filesize
6.0MB

MD5
52ee972f253f27c45fec83a744fdb22e

SHA1
91a91859f11374f52ddc3cab8a35f733ce142a04

SHA256
5253bcee8f1cf0dfacb859c5de94ea7fd1f20b28a6bd3fd4a262a0dca8d50ccf

SHA512
c9c5b54c5c78080bc2b995c3ef98fa326e2d5a4e9731c92da038129bc39f499515cd395eab9292c42f0a1c298500f49db7d23e3dd65eb56beaca247de86da5d4

Download Submit
C:\Windows\system\ZufHfZr.exe

Filesize
6.0MB

MD5
27b24b2cd95f24b85e9b94d15123e0b0

SHA1
484e3a257cb04206b44593d1dba5d3285a6ea513

SHA256
5471a41ec2abd800e9992eb8fe22aa13dbd84dd05e4abd4bfa3132c844fff0c2

SHA512
1c25c09030481745883082d984ea06875c30ddb10e7ffde96df2966b2130149fce172801032671c184203d8c403af99e30072589f9427a233b3662de59daa566

Download Submit
C:\Windows\system\czKPKis.exe

Filesize
6.0MB

MD5
9327f210a945c345ee7fe02d863da8c5

SHA1
20f8531eaba61691d37a7769cea739470b8561ec

SHA256
41d68ad67ef83cf375f275d34ad471fbd6700a97554bb923f9d066160755c051

SHA512
a020eb5359d723e98b89cd218086700ecf4240872ab9c4e1b062d275641f2381462403aa9bf79f77247fd82477b53dad76a79407ee26658ef90df6697a4aaaf1

Download Submit
C:\Windows\system\fedjaCg.exe

Filesize
6.0MB

MD5
0cb59b3d7d3a3c4b16a87a8c074b7835

SHA1
5de0f75a4af85c708b60d8c246c4f85d94128989

SHA256
782da252db5d026646b3438686bb314785afabb0ac34f490e85989add39af7e9

SHA512
bcd8a19f16f6e08ee47c404d0e91656264275e0c9a06e0dd8b363e0984549e8f53cce854fc0e9b5142a5cc60411b609c63498bc2eda5d168566ba4401f1a8646

Download Submit
C:\Windows\system\hGJfywV.exe

Filesize
6.0MB

MD5
8adad622cb836cf8a52d695fc241f037

SHA1
8f807f22b72e13449dbda08bf90920e396309c3c

SHA256
e5263423cc06060a0892b3474d521c9a4072851c078a1c6d40dba8537b420ce0

SHA512
0c2063c1e979259894c710b352ea2270a9c30b91a147209efd6701a70f6d0103d5032432d319a965cee80bbb47e88b85565b81e003988bdbea9419f7b2f1593a

Download Submit
C:\Windows\system\hVFYLMS.exe

Filesize
6.0MB

MD5
6fe9038d122387f774f5a7456100aff8

SHA1
bd762a195f61f557b41defc185cb0294747479dd

SHA256
6ec0cad845b07c0c89c61879c2ed8b29c61e58cc6f19682465a9394a56902db2

SHA512
bf5b6f243ddeefd730a123d16714dea7bcf99f2c0a9dad4bc7bc152903626402f16c9cd6bf446d8825ecd1549ab46c74c0411ad9c03e0e3443cd960f73820355

Download Submit
C:\Windows\system\kweRffi.exe

Filesize
6.0MB

MD5
c02981b21cbf3d143ee98f99bd0cb5a4

SHA1
2e4206eb68da610e95020b7ae5cc137a489b9b76

SHA256
c1b85848c6a236f7dedd6e992ec8b3b8556add264b9fcf5b047756098d1b0053

SHA512
755f83b9e5ac3cb2aa860814ae69101b5e21358cdddb8133c155c8baf50274c34b4d745b8f2748e9277625da34154359cb4069ef7d7d057b0ef04c2b7ecebe32

Download Submit
C:\Windows\system\nejrlly.exe

Filesize
6.0MB

MD5
f4a411f117dc2d89d11fd08068c90a9a

SHA1
c90ec7919c36aeceed1b714b191bbabe1b84fc31

SHA256
fa668f50767751af97b6f8c9bad930331c1537c309ee6e5971695ca93c0caacb

SHA512
28c871530a377dea0fb20b7656b8d2b5e5cb03e0e6a8615e18fe24d0da1d04c9831d287f1958118b24d56ce7342abba7f4f73da961498c43297c2b57faa63426

Download Submit
C:\Windows\system\olraAdn.exe

Filesize
6.0MB

MD5
b5a51a61b3c0f993411f50fab9c27b4f

SHA1
4d0c8104eee6ba064b2b79090e28029431bb26d6

SHA256
453c18eaf4d574ce60bbe0393906e692ebfa60b96d496ceb378918ba642aabd0

SHA512
d021992a6a8f5a68a25c2aab62759fed0f662c0a6d6fdb5e6543321233b3f508fa57f8beba1791ca4b7420a3d563e5a2a64e419c3c17906659ff4b3096d81e58

Download Submit
C:\Windows\system\pPivqcj.exe

Filesize
6.0MB

MD5
613f0a78ba39c3e5b16a4beb86e35957

SHA1
06d5f43591a2dff89c9aba241318b13ebd1eeb72

SHA256
4cfb29734864aa9ad9500f633cdfde63c7704a0af6f3ff7002d8702db705528e

SHA512
12eb85fe22209815d0d4896da19221ab6b6e4a780fb7d092260589fa4bb901d2c2141ddcdabd3439979ac465847566f01f8a37dd9ca33bf7227e1879c826e22d

Download Submit
C:\Windows\system\qDhwXth.exe

Filesize
6.0MB

MD5
ff5ac23df1b4024ba99359715c34dff8

SHA1
1fbe1c6f301ded55ea84285dd25590c8b68b83a0

SHA256
aa64934af798868319fb8338823bccfadfaa91b138929c3b8589db536b211bbf

SHA512
e57a3fe1d9a497902b9d9379313caa61525ce3e48da911148dc9bc665b155644b1ec5ee42f17e113981c98bb13d919a4958b7e0566d8a78a2e85b36232ea7947

Download Submit
C:\Windows\system\uwevKUQ.exe

Filesize
6.0MB

MD5
a1e3f3ccce294fea6c1b0964e7a22a8f

SHA1
39a23a0c20dc8aa7b1f008925b32303640077c2e

SHA256
2d7a2dac3a028755e352c2255780a2c01b155518f56245377742f3c4a7f94ddb

SHA512
fa26dc0a914f2424e00ab05ce99e986e8d6666ece9f06c11560a210437c27bf2dd694b51eb50990f87847eb553f5b43ba9b5e87f968f2deca4ffb2643e9bea5e

Download Submit
C:\Windows\system\vbBhHDr.exe

Filesize
6.0MB

MD5
1ef249b990ab94d83675551184197287

SHA1
a963f975d28354ae773ddd555d2ca4cb663a7d19

SHA256
9c76c6cbbe70b197a1eea303cbb3bd12f127a964a55bc9718c936b07bc0ef428

SHA512
be26c02d201d153be814e2e366d1b3d322184d17c146625810d9c9a16244a66626e35c29b8e068949c3fe016a15f517367145e69511e93d6f3c32155a612e20b

Download Submit
C:\Windows\system\vekWnlO.exe

Filesize
6.0MB

MD5
adcec18b0ad1f8106ba8da87d25bb743

SHA1
3a2f3c90b248d7c0b61d4f67d181d14e50fa8eea

SHA256
5488da31d5e710b84708469e53bf39181bb75c2bf9e292e203ff36f8fe772f89

SHA512
aca7d00e6d73ba28910e933f983df30101ccf1e76246e1b38f117c34c8eb3b3763b6dc1a7edd8e91d721154f94260a349395bb80aabdaddc837bca87894985df

Download Submit
C:\Windows\system\xBIVzuX.exe

Filesize
6.0MB

MD5
72eaacd0466e1861013aad0fa7084c12

SHA1
a1ba80f999193affbd7e587200c850b9671ce187

SHA256
4cf710bccc8a9c954853ac17507609518c54ff5c676d23832adcabff11647619

SHA512
7322ed1456a008a2e08d22e57de2fe36b9bd6244b1fa479ef79a0cb59c55c7748f4a0d3733e608fe480a20cd16ad105a5b05dc54bb489db13441f59aec6eb41f

Download Submit
\Windows\system\MeCzZof.exe

Filesize
6.0MB

MD5
9ae2877c1b8a332e48b291ca29af6eb4

SHA1
4fd08a493d1dea0cb776d56dc2437185769be076

SHA256
9020f03767922c453448dc3c75fd4ba02c521ac54dbc0ecf67eff231a035c921

SHA512
b915fa18ecbaf8881c6424c2f16edceff6c3368e16b81892c1430d441822557793cd49d61f4cbd29560e621972895168324c4c140e1e453dba0158fc7d9d979e

Download Submit
\Windows\system\afWfLWv.exe

Filesize
6.0MB

MD5
c3d15b32f8b337b0aa8f6e01b1544b88

SHA1
88049e5e503cabc1b16bbc2d9576fb95559d284c

SHA256
7a059ddb0791cbc73dfbabf058dc787822d5832ee6b3f9befc1f89734c6f8826

SHA512
865fe74df503a29f9b2ce2bda0d56334090b5937fe3c7d1d2e7be228342985f94ed397263031c64dcdca36cc45cc1d43ceb9cf0c805d7f07f51a7db30f8b748b

Download Submit
\Windows\system\pPaKFtS.exe

Filesize
6.0MB

MD5
778e78058e3e9958387542e97fe6c287

SHA1
226ee266aedfa8fe27708e70fd8344e2dcd96841

SHA256
3fa72c4afc2ef52d6d5f6566f0ea0c1dbc6b3eafaf54bd2d5392d064ec3490eb

SHA512
964f3c4794a095252493f61b1802c0f5b4ba521fc4289d2b5268c85392e9520aebed39271988d42c3189d769c7a1086f344a7240b15bb5595cdc057c49fcf807

Download Submit
memory/688-88-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/688-52-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/688-646-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/964-669-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/964-66-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/964-107-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1776-316-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1776-709-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1776-99-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2148-251-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2148-699-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2148-89-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2224-98-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-656-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-59-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-682-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-123-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-75-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-104-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-103-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-334-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2448-218-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2448-41-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-31-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2448-47-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2448-6-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-51-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2448-16-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2448-62-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-317-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-291-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2448-70-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-55-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-84-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2448-85-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-113-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2448-112-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-20-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-94-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-0-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2448-95-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2448-38-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2448-24-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-81-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2616-632-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2616-43-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2680-724-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-108-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-318-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-1271-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2780-22-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2784-35-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2784-74-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2784-623-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2820-614-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2820-15-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2836-1107-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-11-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-42-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-65-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-28-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-616-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-164-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-702-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-82-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download