cobaltstrike | 93905bb85e8586a78a412853857d2db4e2beeaf12820e4757be7edb751162a17

Analysis

max time kernel
127s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-12-2024 02:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

fc6f73c9a32c241349acf89183a1512c
SHA1

2832659c8f674441bb9c5f5b1b721eed91ed4f94
SHA256

93905bb85e8586a78a412853857d2db4e2beeaf12820e4757be7edb751162a17
SHA512

469a530ded5a1210eb43391241bdf4bd40be15fe42e1ae9acecc8040cc4a5b717d6c7956751b16da649c9b2a3f17767f7f22d24c904f2f4089f4c0e9eaf2105b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUu:T+q56utgpPF8u/7u

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012280-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001660e-7.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ca0-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c89-26.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-57.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-69.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-101.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-97.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-84.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-82.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-65.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-61.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-53.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017570-49.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d22-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cab-32.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cf0-41.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016890-15.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral1/memory/2188-0-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x000a000000012280-3.dat	xmrig
behavioral1/memory/2708-20-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x000800000001660e-7.dat	xmrig
behavioral1/memory/2804-22-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016ca0-28.dat	xmrig
behavioral1/files/0x0007000000016c89-26.dat	xmrig
behavioral1/files/0x00060000000175f7-57.dat	xmrig
behavioral1/files/0x0005000000018706-69.dat	xmrig
behavioral1/files/0x000500000001927a-125.dat	xmrig
behavioral1/memory/2188-2339-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/files/0x0005000000019358-141.dat	xmrig
behavioral1/files/0x0005000000019354-137.dat	xmrig
behavioral1/files/0x00050000000192a1-133.dat	xmrig
behavioral1/files/0x0005000000019299-129.dat	xmrig
behavioral1/files/0x0005000000019274-121.dat	xmrig
behavioral1/files/0x0005000000019261-117.dat	xmrig
behavioral1/files/0x000500000001924f-113.dat	xmrig
behavioral1/files/0x0005000000019237-109.dat	xmrig
behavioral1/files/0x0005000000019203-105.dat	xmrig
behavioral1/files/0x0006000000019056-101.dat	xmrig
behavioral1/files/0x0006000000018fdf-97.dat	xmrig
behavioral1/files/0x0006000000018d83-93.dat	xmrig
behavioral1/files/0x000500000001871c-84.dat	xmrig
behavioral1/files/0x0006000000018be7-82.dat	xmrig
behavioral1/files/0x0006000000018d7b-88.dat	xmrig
behavioral1/files/0x0005000000018745-81.dat	xmrig
behavioral1/files/0x000500000001870c-73.dat	xmrig
behavioral1/files/0x0005000000018697-65.dat	xmrig
behavioral1/files/0x000d000000018683-61.dat	xmrig
behavioral1/files/0x00060000000175f1-53.dat	xmrig
behavioral1/files/0x0008000000017570-49.dat	xmrig
behavioral1/files/0x0008000000016d22-46.dat	xmrig
behavioral1/files/0x0007000000016cab-32.dat	xmrig
behavioral1/files/0x0009000000016cf0-41.dat	xmrig
behavioral1/memory/2896-40-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2944-31-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2712-18-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016890-15.dat	xmrig
behavioral1/memory/1152-2354-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2572-2369-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2708-3094-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2712-3080-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/1152-3318-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2896-3464-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2572-3587-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2944-3610-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2188-3665-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2804-4573-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2712	WUCqqhy.exe
2708	yanUVVG.exe
2804	VqJAtgB.exe
2944	OkBLJRa.exe
2896	YgRAzAF.exe
2844	nvfglTj.exe
1152	EJetSkJ.exe
2572	qCEmfom.exe
2628	JMGmTqI.exe
2240	MpMUJTN.exe
1732	eWyxnAY.exe
1360	NCiZgZX.exe
2880	zmcEdmF.exe
2900	PzYzVLO.exe
3016	fMdwHIJ.exe
2444	xoUQbms.exe
2352	VMtTYnP.exe
1244	TAHyCcM.exe
1040	wZpdPhk.exe
2348	MsANwYI.exe
2868	DQuTQKN.exe
2876	FkFsBZl.exe
2272	cWIHXof.exe
1396	YQInqPs.exe
332	ajJgwsf.exe
2812	zQTBSDr.exe
856	vZFdvty.exe
1140	kjrjYuy.exe
2036	uSZVyuj.exe
2264	ZtRNCGW.exe
2416	VahfRaA.exe
2080	AEzSaXd.exe
448	cJFUGzO.exe
1944	lAzCSJf.exe
2128	gcRjtRB.exe
1056	gkKUPyD.exe
2164	vfvhZXK.exe
840	dvfQcqu.exe
1316	TSgvpfD.exe
1988	voXmnym.exe
2040	PyNdOMe.exe
1868	AyDQUdX.exe
920	jsIlevq.exe
568	XWHazrD.exe
784	TPGspmi.exe
1812	qzIScva.exe
1552	FcSnuqm.exe
1368	XHtyArn.exe
776	BJULEkU.exe
1248	CCeBClc.exe
1728	zWvUucC.exe
1864	JEIQNBt.exe
356	NlEJNDd.exe
1196	chIPgqx.exe
2324	owlAcEJ.exe
2100	WNXiJTd.exe
844	CquXlfB.exe
2484	ierOcKw.exe
1000	TgfOwgr.exe
2512	YZpTdIz.exe
996	njiDEkl.exe
2336	ImVxdyQ.exe
1976	FtDqhiD.exe
888	VxsaqVP.exe

Loads dropped DLL 64 IoCs

pid	Process
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 48 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2188-0-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x000a000000012280-3.dat	upx
behavioral1/memory/2708-20-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x000800000001660e-7.dat	upx
behavioral1/memory/2804-22-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x0007000000016ca0-28.dat	upx
behavioral1/files/0x0007000000016c89-26.dat	upx
behavioral1/files/0x00060000000175f7-57.dat	upx
behavioral1/files/0x0005000000018706-69.dat	upx
behavioral1/files/0x000500000001927a-125.dat	upx
behavioral1/files/0x0005000000019358-141.dat	upx
behavioral1/files/0x0005000000019354-137.dat	upx
behavioral1/files/0x00050000000192a1-133.dat	upx
behavioral1/files/0x0005000000019299-129.dat	upx
behavioral1/files/0x0005000000019274-121.dat	upx
behavioral1/files/0x0005000000019261-117.dat	upx
behavioral1/files/0x000500000001924f-113.dat	upx
behavioral1/files/0x0005000000019237-109.dat	upx
behavioral1/files/0x0005000000019203-105.dat	upx
behavioral1/files/0x0006000000019056-101.dat	upx
behavioral1/files/0x0006000000018fdf-97.dat	upx
behavioral1/files/0x0006000000018d83-93.dat	upx
behavioral1/files/0x000500000001871c-84.dat	upx
behavioral1/files/0x0006000000018be7-82.dat	upx
behavioral1/files/0x0006000000018d7b-88.dat	upx
behavioral1/files/0x0005000000018745-81.dat	upx
behavioral1/files/0x000500000001870c-73.dat	upx
behavioral1/files/0x0005000000018697-65.dat	upx
behavioral1/files/0x000d000000018683-61.dat	upx
behavioral1/files/0x00060000000175f1-53.dat	upx
behavioral1/files/0x0008000000017570-49.dat	upx
behavioral1/files/0x0008000000016d22-46.dat	upx
behavioral1/files/0x0007000000016cab-32.dat	upx
behavioral1/files/0x0009000000016cf0-41.dat	upx
behavioral1/memory/2896-40-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/2944-31-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2712-18-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x0008000000016890-15.dat	upx
behavioral1/memory/1152-2354-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2572-2369-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2708-3094-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2712-3080-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/1152-3318-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2896-3464-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/2572-3587-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2944-3610-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2188-3665-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2804-4573-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\KOshfVS.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HmpkfPG.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqIrDxT.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oLFgxvW.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ANcDuoS.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QWQlJKq.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\djTmJIh.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQAVdpQ.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sSOtPNv.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AEyFJCh.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjrhStD.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaWWnwR.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aIAgzhe.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pVWlRBD.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CMRgGwp.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JUicVbR.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LAExnkW.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Htenqpq.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\glynHCh.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbxuoBb.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HZfVERF.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YVcSWLF.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hTwFpet.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DHHCYzx.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VbHSXEU.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\durinLS.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Tdqjmsr.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EnEZtwf.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVqlJeo.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OgPlRMC.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hYjtffd.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMxtEhr.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KBhFSbM.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kCPltTh.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OMrLeCm.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dKFFMOS.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BHRtICs.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zywGtjm.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zOdlICo.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TqMcKhh.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RTjzQkh.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rHdVsEi.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bRQoSKf.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJpQxgA.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mbaWBaX.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHWETZP.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OPRBMOg.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VMzsijf.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rDIzOHe.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yRrHxHw.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zJwIrpC.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cEecKzP.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AIUzKtQ.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dCsLSWo.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xoUQbms.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\duTtBbl.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jnCLYru.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yOgTEJd.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZawGcDW.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yMOtPuE.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdwwSyg.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cidgFFq.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QaxEPFe.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TBMZQpo.exe	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2712	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2188 wrote to memory of 2712	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2188 wrote to memory of 2712	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2188 wrote to memory of 2804	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2188 wrote to memory of 2804	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2188 wrote to memory of 2804	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2188 wrote to memory of 2708	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2188 wrote to memory of 2708	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2188 wrote to memory of 2708	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2188 wrote to memory of 2944	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2188 wrote to memory of 2944	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2188 wrote to memory of 2944	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2188 wrote to memory of 2896	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2188 wrote to memory of 2896	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2188 wrote to memory of 2896	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2188 wrote to memory of 1152	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2188 wrote to memory of 1152	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2188 wrote to memory of 1152	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2188 wrote to memory of 2844	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2188 wrote to memory of 2844	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2188 wrote to memory of 2844	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2188 wrote to memory of 2572	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2188 wrote to memory of 2572	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2188 wrote to memory of 2572	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2188 wrote to memory of 2628	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2188 wrote to memory of 2628	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2188 wrote to memory of 2628	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2188 wrote to memory of 2240	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2188 wrote to memory of 2240	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2188 wrote to memory of 2240	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2188 wrote to memory of 1732	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2188 wrote to memory of 1732	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2188 wrote to memory of 1732	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2188 wrote to memory of 1360	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2188 wrote to memory of 1360	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2188 wrote to memory of 1360	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2188 wrote to memory of 2880	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2188 wrote to memory of 2880	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2188 wrote to memory of 2880	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2188 wrote to memory of 2900	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2188 wrote to memory of 2900	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2188 wrote to memory of 2900	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2188 wrote to memory of 3016	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2188 wrote to memory of 3016	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2188 wrote to memory of 3016	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2188 wrote to memory of 2352	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2188 wrote to memory of 2352	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2188 wrote to memory of 2352	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2188 wrote to memory of 2444	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2188 wrote to memory of 2444	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2188 wrote to memory of 2444	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2188 wrote to memory of 1040	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2188 wrote to memory of 1040	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2188 wrote to memory of 1040	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2188 wrote to memory of 1244	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2188 wrote to memory of 1244	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2188 wrote to memory of 1244	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2188 wrote to memory of 2348	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2188 wrote to memory of 2348	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2188 wrote to memory of 2348	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2188 wrote to memory of 2868	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2188 wrote to memory of 2868	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2188 wrote to memory of 2868	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2188 wrote to memory of 2876	2188	2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-19_fc6f73c9a32c241349acf89183a1512c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\System\WUCqqhy.exe
  C:\Windows\System\WUCqqhy.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\VqJAtgB.exe
  C:\Windows\System\VqJAtgB.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\yanUVVG.exe
  C:\Windows\System\yanUVVG.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\OkBLJRa.exe
  C:\Windows\System\OkBLJRa.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\YgRAzAF.exe
  C:\Windows\System\YgRAzAF.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\EJetSkJ.exe
  C:\Windows\System\EJetSkJ.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\nvfglTj.exe
  C:\Windows\System\nvfglTj.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\qCEmfom.exe
  C:\Windows\System\qCEmfom.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\JMGmTqI.exe
  C:\Windows\System\JMGmTqI.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\MpMUJTN.exe
  C:\Windows\System\MpMUJTN.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\eWyxnAY.exe
  C:\Windows\System\eWyxnAY.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\NCiZgZX.exe
  C:\Windows\System\NCiZgZX.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\zmcEdmF.exe
  C:\Windows\System\zmcEdmF.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\PzYzVLO.exe
  C:\Windows\System\PzYzVLO.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\fMdwHIJ.exe
  C:\Windows\System\fMdwHIJ.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\VMtTYnP.exe
  C:\Windows\System\VMtTYnP.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\xoUQbms.exe
  C:\Windows\System\xoUQbms.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\wZpdPhk.exe
  C:\Windows\System\wZpdPhk.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\TAHyCcM.exe
  C:\Windows\System\TAHyCcM.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\MsANwYI.exe
  C:\Windows\System\MsANwYI.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\DQuTQKN.exe
  C:\Windows\System\DQuTQKN.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\FkFsBZl.exe
  C:\Windows\System\FkFsBZl.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\cWIHXof.exe
  C:\Windows\System\cWIHXof.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\YQInqPs.exe
  C:\Windows\System\YQInqPs.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\ajJgwsf.exe
  C:\Windows\System\ajJgwsf.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\zQTBSDr.exe
  C:\Windows\System\zQTBSDr.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\vZFdvty.exe
  C:\Windows\System\vZFdvty.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\kjrjYuy.exe
  C:\Windows\System\kjrjYuy.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\uSZVyuj.exe
  C:\Windows\System\uSZVyuj.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\ZtRNCGW.exe
  C:\Windows\System\ZtRNCGW.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\VahfRaA.exe
  C:\Windows\System\VahfRaA.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\AEzSaXd.exe
  C:\Windows\System\AEzSaXd.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\cJFUGzO.exe
  C:\Windows\System\cJFUGzO.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\lAzCSJf.exe
  C:\Windows\System\lAzCSJf.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\gcRjtRB.exe
  C:\Windows\System\gcRjtRB.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\gkKUPyD.exe
  C:\Windows\System\gkKUPyD.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\vfvhZXK.exe
  C:\Windows\System\vfvhZXK.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\dvfQcqu.exe
  C:\Windows\System\dvfQcqu.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\TSgvpfD.exe
  C:\Windows\System\TSgvpfD.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\voXmnym.exe
  C:\Windows\System\voXmnym.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\PyNdOMe.exe
  C:\Windows\System\PyNdOMe.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\AyDQUdX.exe
  C:\Windows\System\AyDQUdX.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\jsIlevq.exe
  C:\Windows\System\jsIlevq.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\XWHazrD.exe
  C:\Windows\System\XWHazrD.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\TPGspmi.exe
  C:\Windows\System\TPGspmi.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\qzIScva.exe
  C:\Windows\System\qzIScva.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\FcSnuqm.exe
  C:\Windows\System\FcSnuqm.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\XHtyArn.exe
  C:\Windows\System\XHtyArn.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\BJULEkU.exe
  C:\Windows\System\BJULEkU.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\CCeBClc.exe
  C:\Windows\System\CCeBClc.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\zWvUucC.exe
  C:\Windows\System\zWvUucC.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\JEIQNBt.exe
  C:\Windows\System\JEIQNBt.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\NlEJNDd.exe
  C:\Windows\System\NlEJNDd.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\chIPgqx.exe
  C:\Windows\System\chIPgqx.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\owlAcEJ.exe
  C:\Windows\System\owlAcEJ.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\WNXiJTd.exe
  C:\Windows\System\WNXiJTd.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\CquXlfB.exe
  C:\Windows\System\CquXlfB.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\ierOcKw.exe
  C:\Windows\System\ierOcKw.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\TgfOwgr.exe
  C:\Windows\System\TgfOwgr.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\YZpTdIz.exe
  C:\Windows\System\YZpTdIz.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\njiDEkl.exe
  C:\Windows\System\njiDEkl.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\ImVxdyQ.exe
  C:\Windows\System\ImVxdyQ.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\FtDqhiD.exe
  C:\Windows\System\FtDqhiD.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\VxsaqVP.exe
  C:\Windows\System\VxsaqVP.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\mnnxdYt.exe
  C:\Windows\System\mnnxdYt.exe
  2⤵
  PID:1964
- C:\Windows\System\RgUylIN.exe
  C:\Windows\System\RgUylIN.exe
  2⤵
  PID:1688
- C:\Windows\System\qJEUTXp.exe
  C:\Windows\System\qJEUTXp.exe
  2⤵
  PID:1304
- C:\Windows\System\LojYuWP.exe
  C:\Windows\System\LojYuWP.exe
  2⤵
  PID:2244
- C:\Windows\System\uoPOrvO.exe
  C:\Windows\System\uoPOrvO.exe
  2⤵
  PID:1588
- C:\Windows\System\GNwRFeW.exe
  C:\Windows\System\GNwRFeW.exe
  2⤵
  PID:2696
- C:\Windows\System\OPQwdWy.exe
  C:\Windows\System\OPQwdWy.exe
  2⤵
  PID:2684
- C:\Windows\System\yqMyPPr.exe
  C:\Windows\System\yqMyPPr.exe
  2⤵
  PID:2784
- C:\Windows\System\OMBEXVl.exe
  C:\Windows\System\OMBEXVl.exe
  2⤵
  PID:2956
- C:\Windows\System\WygKKyb.exe
  C:\Windows\System\WygKKyb.exe
  2⤵
  PID:2552
- C:\Windows\System\IMiGApw.exe
  C:\Windows\System\IMiGApw.exe
  2⤵
  PID:2720
- C:\Windows\System\dKFFMOS.exe
  C:\Windows\System\dKFFMOS.exe
  2⤵
  PID:1912
- C:\Windows\System\XEjlLHu.exe
  C:\Windows\System\XEjlLHu.exe
  2⤵
  PID:1532
- C:\Windows\System\iGghgAv.exe
  C:\Windows\System\iGghgAv.exe
  2⤵
  PID:1704
- C:\Windows\System\djfuPZA.exe
  C:\Windows\System\djfuPZA.exe
  2⤵
  PID:2924
- C:\Windows\System\GetWKSD.exe
  C:\Windows\System\GetWKSD.exe
  2⤵
  PID:2280
- C:\Windows\System\SstSYWR.exe
  C:\Windows\System\SstSYWR.exe
  2⤵
  PID:1380
- C:\Windows\System\mrxBsAV.exe
  C:\Windows\System\mrxBsAV.exe
  2⤵
  PID:1548
- C:\Windows\System\dBXCMHK.exe
  C:\Windows\System\dBXCMHK.exe
  2⤵
  PID:1416
- C:\Windows\System\ATAkkbQ.exe
  C:\Windows\System\ATAkkbQ.exe
  2⤵
  PID:1956
- C:\Windows\System\pzfukOK.exe
  C:\Windows\System\pzfukOK.exe
  2⤵
  PID:2536
- C:\Windows\System\FsoXxwb.exe
  C:\Windows\System\FsoXxwb.exe
  2⤵
  PID:2260
- C:\Windows\System\JUqFSns.exe
  C:\Windows\System\JUqFSns.exe
  2⤵
  PID:1004
- C:\Windows\System\FdpFkoO.exe
  C:\Windows\System\FdpFkoO.exe
  2⤵
  PID:1084
- C:\Windows\System\CQpznYd.exe
  C:\Windows\System\CQpznYd.exe
  2⤵
  PID:2360
- C:\Windows\System\sutXiqk.exe
  C:\Windows\System\sutXiqk.exe
  2⤵
  PID:1972
- C:\Windows\System\AYWBfdc.exe
  C:\Windows\System\AYWBfdc.exe
  2⤵
  PID:956
- C:\Windows\System\eFrsmbY.exe
  C:\Windows\System\eFrsmbY.exe
  2⤵
  PID:2508
- C:\Windows\System\LEtlFRZ.exe
  C:\Windows\System\LEtlFRZ.exe
  2⤵
  PID:916
- C:\Windows\System\mKzvTUR.exe
  C:\Windows\System\mKzvTUR.exe
  2⤵
  PID:2152
- C:\Windows\System\QCfQmKu.exe
  C:\Windows\System\QCfQmKu.exe
  2⤵
  PID:1772
- C:\Windows\System\hwjeRPZ.exe
  C:\Windows\System\hwjeRPZ.exe
  2⤵
  PID:3000
- C:\Windows\System\chwYNwI.exe
  C:\Windows\System\chwYNwI.exe
  2⤵
  PID:2480
- C:\Windows\System\msGaUgX.exe
  C:\Windows\System\msGaUgX.exe
  2⤵
  PID:2312
- C:\Windows\System\YMOyteh.exe
  C:\Windows\System\YMOyteh.exe
  2⤵
  PID:2596
- C:\Windows\System\xYivRpr.exe
  C:\Windows\System\xYivRpr.exe
  2⤵
  PID:2124
- C:\Windows\System\fbKgwTi.exe
  C:\Windows\System\fbKgwTi.exe
  2⤵
  PID:3084
- C:\Windows\System\jDEIvWX.exe
  C:\Windows\System\jDEIvWX.exe
  2⤵
  PID:3104
- C:\Windows\System\QhWLVOs.exe
  C:\Windows\System\QhWLVOs.exe
  2⤵
  PID:3156
- C:\Windows\System\LCahdLP.exe
  C:\Windows\System\LCahdLP.exe
  2⤵
  PID:3368
- C:\Windows\System\bQJTSns.exe
  C:\Windows\System\bQJTSns.exe
  2⤵
  PID:3388
- C:\Windows\System\lrNfiRV.exe
  C:\Windows\System\lrNfiRV.exe
  2⤵
  PID:3408
- C:\Windows\System\UaWWnwR.exe
  C:\Windows\System\UaWWnwR.exe
  2⤵
  PID:3428
- C:\Windows\System\BtdupDk.exe
  C:\Windows\System\BtdupDk.exe
  2⤵
  PID:3448
- C:\Windows\System\XXUAZBP.exe
  C:\Windows\System\XXUAZBP.exe
  2⤵
  PID:3468
- C:\Windows\System\zlZrGAV.exe
  C:\Windows\System\zlZrGAV.exe
  2⤵
  PID:3488
- C:\Windows\System\TYKifsH.exe
  C:\Windows\System\TYKifsH.exe
  2⤵
  PID:3504
- C:\Windows\System\SFSMZPF.exe
  C:\Windows\System\SFSMZPF.exe
  2⤵
  PID:3528
- C:\Windows\System\uKbGVdD.exe
  C:\Windows\System\uKbGVdD.exe
  2⤵
  PID:3548
- C:\Windows\System\ZBBjJyR.exe
  C:\Windows\System\ZBBjJyR.exe
  2⤵
  PID:3572
- C:\Windows\System\CAubeFt.exe
  C:\Windows\System\CAubeFt.exe
  2⤵
  PID:3592
- C:\Windows\System\pgGsWWE.exe
  C:\Windows\System\pgGsWWE.exe
  2⤵
  PID:3612
- C:\Windows\System\WYnlccR.exe
  C:\Windows\System\WYnlccR.exe
  2⤵
  PID:3632
- C:\Windows\System\TWpTJyK.exe
  C:\Windows\System\TWpTJyK.exe
  2⤵
  PID:3652
- C:\Windows\System\aWLYBqI.exe
  C:\Windows\System\aWLYBqI.exe
  2⤵
  PID:3668
- C:\Windows\System\kvGWBnA.exe
  C:\Windows\System\kvGWBnA.exe
  2⤵
  PID:3688
- C:\Windows\System\UmbUbak.exe
  C:\Windows\System\UmbUbak.exe
  2⤵
  PID:3712
- C:\Windows\System\ZQSPcSr.exe
  C:\Windows\System\ZQSPcSr.exe
  2⤵
  PID:3728
- C:\Windows\System\iTidIdr.exe
  C:\Windows\System\iTidIdr.exe
  2⤵
  PID:3752
- C:\Windows\System\EGdkWxJ.exe
  C:\Windows\System\EGdkWxJ.exe
  2⤵
  PID:3772
- C:\Windows\System\NviNFtI.exe
  C:\Windows\System\NviNFtI.exe
  2⤵
  PID:3792
- C:\Windows\System\KpPfhcA.exe
  C:\Windows\System\KpPfhcA.exe
  2⤵
  PID:3812
- C:\Windows\System\EGnZEwt.exe
  C:\Windows\System\EGnZEwt.exe
  2⤵
  PID:3832
- C:\Windows\System\VBROoKu.exe
  C:\Windows\System\VBROoKu.exe
  2⤵
  PID:3848
- C:\Windows\System\GvUxGfn.exe
  C:\Windows\System\GvUxGfn.exe
  2⤵
  PID:3872
- C:\Windows\System\QeWgMOZ.exe
  C:\Windows\System\QeWgMOZ.exe
  2⤵
  PID:3892
- C:\Windows\System\mvEkEPo.exe
  C:\Windows\System\mvEkEPo.exe
  2⤵
  PID:3908
- C:\Windows\System\cJpQQLb.exe
  C:\Windows\System\cJpQQLb.exe
  2⤵
  PID:3928
- C:\Windows\System\BEQNVzc.exe
  C:\Windows\System\BEQNVzc.exe
  2⤵
  PID:3952
- C:\Windows\System\YtMeaYq.exe
  C:\Windows\System\YtMeaYq.exe
  2⤵
  PID:3968
- C:\Windows\System\UxePgTI.exe
  C:\Windows\System\UxePgTI.exe
  2⤵
  PID:3992
- C:\Windows\System\DqOTfnh.exe
  C:\Windows\System\DqOTfnh.exe
  2⤵
  PID:4012
- C:\Windows\System\AJpQxgA.exe
  C:\Windows\System\AJpQxgA.exe
  2⤵
  PID:4032
- C:\Windows\System\lPPNXHr.exe
  C:\Windows\System\lPPNXHr.exe
  2⤵
  PID:4048
- C:\Windows\System\IewmpPN.exe
  C:\Windows\System\IewmpPN.exe
  2⤵
  PID:4072
- C:\Windows\System\kXcUByJ.exe
  C:\Windows\System\kXcUByJ.exe
  2⤵
  PID:4088
- C:\Windows\System\QxhXMNg.exe
  C:\Windows\System\QxhXMNg.exe
  2⤵
  PID:2688
- C:\Windows\System\QyJtxRT.exe
  C:\Windows\System\QyJtxRT.exe
  2⤵
  PID:3048
- C:\Windows\System\ePayFwg.exe
  C:\Windows\System\ePayFwg.exe
  2⤵
  PID:2396
- C:\Windows\System\wzoxLan.exe
  C:\Windows\System\wzoxLan.exe
  2⤵
  PID:1776
- C:\Windows\System\juqimkD.exe
  C:\Windows\System\juqimkD.exe
  2⤵
  PID:2824
- C:\Windows\System\OgPlRMC.exe
  C:\Windows\System\OgPlRMC.exe
  2⤵
  PID:2744
- C:\Windows\System\GkCmWrJ.exe
  C:\Windows\System\GkCmWrJ.exe
  2⤵
  PID:1156
- C:\Windows\System\srFZumS.exe
  C:\Windows\System\srFZumS.exe
  2⤵
  PID:1088
- C:\Windows\System\clsafoI.exe
  C:\Windows\System\clsafoI.exe
  2⤵
  PID:3052
- C:\Windows\System\AKUMfub.exe
  C:\Windows\System\AKUMfub.exe
  2⤵
  PID:1484
- C:\Windows\System\hAFQLxw.exe
  C:\Windows\System\hAFQLxw.exe
  2⤵
  PID:3092
- C:\Windows\System\XowomCl.exe
  C:\Windows\System\XowomCl.exe
  2⤵
  PID:2952
- C:\Windows\System\tsDnbDS.exe
  C:\Windows\System\tsDnbDS.exe
  2⤵
  PID:2300
- C:\Windows\System\xUuoiCa.exe
  C:\Windows\System\xUuoiCa.exe
  2⤵
  PID:1996
- C:\Windows\System\eKzYXzf.exe
  C:\Windows\System\eKzYXzf.exe
  2⤵
  PID:3120
- C:\Windows\System\HkLjyMc.exe
  C:\Windows\System\HkLjyMc.exe
  2⤵
  PID:3076
- C:\Windows\System\tSItspk.exe
  C:\Windows\System\tSItspk.exe
  2⤵
  PID:2776
- C:\Windows\System\uQJwnpC.exe
  C:\Windows\System\uQJwnpC.exe
  2⤵
  PID:2632
- C:\Windows\System\nXGYuNc.exe
  C:\Windows\System\nXGYuNc.exe
  2⤵
  PID:3152
- C:\Windows\System\IsOGjFq.exe
  C:\Windows\System\IsOGjFq.exe
  2⤵
  PID:3236
- C:\Windows\System\oqbyjNm.exe
  C:\Windows\System\oqbyjNm.exe
  2⤵
  PID:3216
- C:\Windows\System\lqnGNdX.exe
  C:\Windows\System\lqnGNdX.exe
  2⤵
  PID:3200
- C:\Windows\System\FYewgVZ.exe
  C:\Windows\System\FYewgVZ.exe
  2⤵
  PID:3304
- C:\Windows\System\OKLEgPK.exe
  C:\Windows\System\OKLEgPK.exe
  2⤵
  PID:3288
- C:\Windows\System\JCYSnYy.exe
  C:\Windows\System\JCYSnYy.exe
  2⤵
  PID:3264
- C:\Windows\System\RYyTVdu.exe
  C:\Windows\System\RYyTVdu.exe
  2⤵
  PID:3244
- C:\Windows\System\wtohCrz.exe
  C:\Windows\System\wtohCrz.exe
  2⤵
  PID:3324
- C:\Windows\System\RbbcLiR.exe
  C:\Windows\System\RbbcLiR.exe
  2⤵
  PID:3344
- C:\Windows\System\erSObVB.exe
  C:\Windows\System\erSObVB.exe
  2⤵
  PID:3360
- C:\Windows\System\fjNeiXa.exe
  C:\Windows\System\fjNeiXa.exe
  2⤵
  PID:3384
- C:\Windows\System\LnaXIDY.exe
  C:\Windows\System\LnaXIDY.exe
  2⤵
  PID:3420
- C:\Windows\System\SgUwJGM.exe
  C:\Windows\System\SgUwJGM.exe
  2⤵
  PID:3476
- C:\Windows\System\haGIDRB.exe
  C:\Windows\System\haGIDRB.exe
  2⤵
  PID:3512
- C:\Windows\System\bkGDmpm.exe
  C:\Windows\System\bkGDmpm.exe
  2⤵
  PID:3556
- C:\Windows\System\IUfjJFD.exe
  C:\Windows\System\IUfjJFD.exe
  2⤵
  PID:3544
- C:\Windows\System\Tdqjmsr.exe
  C:\Windows\System\Tdqjmsr.exe
  2⤵
  PID:3604
- C:\Windows\System\zcrPAhN.exe
  C:\Windows\System\zcrPAhN.exe
  2⤵
  PID:3628
- C:\Windows\System\xoLJEZq.exe
  C:\Windows\System\xoLJEZq.exe
  2⤵
  PID:3680
- C:\Windows\System\bigVlYk.exe
  C:\Windows\System\bigVlYk.exe
  2⤵
  PID:3700
- C:\Windows\System\cBtHUSW.exe
  C:\Windows\System\cBtHUSW.exe
  2⤵
  PID:3740
- C:\Windows\System\AuthUaN.exe
  C:\Windows\System\AuthUaN.exe
  2⤵
  PID:3744
- C:\Windows\System\OFDFLCO.exe
  C:\Windows\System\OFDFLCO.exe
  2⤵
  PID:3788
- C:\Windows\System\dgPPRIk.exe
  C:\Windows\System\dgPPRIk.exe
  2⤵
  PID:3844
- C:\Windows\System\HApTcHH.exe
  C:\Windows\System\HApTcHH.exe
  2⤵
  PID:3856
- C:\Windows\System\NQVUqVD.exe
  C:\Windows\System\NQVUqVD.exe
  2⤵
  PID:3916
- C:\Windows\System\uyEFXWn.exe
  C:\Windows\System\uyEFXWn.exe
  2⤵
  PID:3936
- C:\Windows\System\jMIhkPA.exe
  C:\Windows\System\jMIhkPA.exe
  2⤵
  PID:3964
- C:\Windows\System\XbxuoBb.exe
  C:\Windows\System\XbxuoBb.exe
  2⤵
  PID:4008
- C:\Windows\System\ANcDuoS.exe
  C:\Windows\System\ANcDuoS.exe
  2⤵
  PID:4028
- C:\Windows\System\wutfIhH.exe
  C:\Windows\System\wutfIhH.exe
  2⤵
  PID:4064
- C:\Windows\System\OMFKYoG.exe
  C:\Windows\System\OMFKYoG.exe
  2⤵
  PID:1872
- C:\Windows\System\qohyhMt.exe
  C:\Windows\System\qohyhMt.exe
  2⤵
  PID:1752
- C:\Windows\System\ChuUUho.exe
  C:\Windows\System\ChuUUho.exe
  2⤵
  PID:2092
- C:\Windows\System\LazanRm.exe
  C:\Windows\System\LazanRm.exe
  2⤵
  PID:1980
- C:\Windows\System\ZYvttcN.exe
  C:\Windows\System\ZYvttcN.exe
  2⤵
  PID:2172
- C:\Windows\System\oLkqMON.exe
  C:\Windows\System\oLkqMON.exe
  2⤵
  PID:580
- C:\Windows\System\ZOfwIJu.exe
  C:\Windows\System\ZOfwIJu.exe
  2⤵
  PID:3096
- C:\Windows\System\iTPewlB.exe
  C:\Windows\System\iTPewlB.exe
  2⤵
  PID:2468
- C:\Windows\System\msNMMUI.exe
  C:\Windows\System\msNMMUI.exe
  2⤵
  PID:2296
- C:\Windows\System\yJfXiYf.exe
  C:\Windows\System\yJfXiYf.exe
  2⤵
  PID:2088
- C:\Windows\System\hzaLFpa.exe
  C:\Windows\System\hzaLFpa.exe
  2⤵
  PID:2176
- C:\Windows\System\LnMcgdv.exe
  C:\Windows\System\LnMcgdv.exe
  2⤵
  PID:3176
- C:\Windows\System\VOyjKKK.exe
  C:\Windows\System\VOyjKKK.exe
  2⤵
  PID:3220
- C:\Windows\System\HZfVERF.exe
  C:\Windows\System\HZfVERF.exe
  2⤵
  PID:3292
- C:\Windows\System\qKyJwzm.exe
  C:\Windows\System\qKyJwzm.exe
  2⤵
  PID:3256
- C:\Windows\System\PzLzYkp.exe
  C:\Windows\System\PzLzYkp.exe
  2⤵
  PID:3252
- C:\Windows\System\goShcSA.exe
  C:\Windows\System\goShcSA.exe
  2⤵
  PID:3276
- C:\Windows\System\wPdYMYs.exe
  C:\Windows\System\wPdYMYs.exe
  2⤵
  PID:3440
- C:\Windows\System\MxgppSd.exe
  C:\Windows\System\MxgppSd.exe
  2⤵
  PID:3456
- C:\Windows\System\rcYxiNw.exe
  C:\Windows\System\rcYxiNw.exe
  2⤵
  PID:3524
- C:\Windows\System\HDMvvAl.exe
  C:\Windows\System\HDMvvAl.exe
  2⤵
  PID:3460
- C:\Windows\System\rEGxBDP.exe
  C:\Windows\System\rEGxBDP.exe
  2⤵
  PID:3588
- C:\Windows\System\JafeSqH.exe
  C:\Windows\System\JafeSqH.exe
  2⤵
  PID:3644
- C:\Windows\System\WWIfWrK.exe
  C:\Windows\System\WWIfWrK.exe
  2⤵
  PID:3696
- C:\Windows\System\VxdNpLG.exe
  C:\Windows\System\VxdNpLG.exe
  2⤵
  PID:3800
- C:\Windows\System\QfxLkSd.exe
  C:\Windows\System\QfxLkSd.exe
  2⤵
  PID:3764
- C:\Windows\System\cQJGpdO.exe
  C:\Windows\System\cQJGpdO.exe
  2⤵
  PID:3900
- C:\Windows\System\Ndxupnw.exe
  C:\Windows\System\Ndxupnw.exe
  2⤵
  PID:3860
- C:\Windows\System\SnxATNq.exe
  C:\Windows\System\SnxATNq.exe
  2⤵
  PID:3988
- C:\Windows\System\MIwoHXy.exe
  C:\Windows\System\MIwoHXy.exe
  2⤵
  PID:4080
- C:\Windows\System\RKVdjiz.exe
  C:\Windows\System\RKVdjiz.exe
  2⤵
  PID:1696
- C:\Windows\System\OsAjgGi.exe
  C:\Windows\System\OsAjgGi.exe
  2⤵
  PID:2052
- C:\Windows\System\txyGqXY.exe
  C:\Windows\System\txyGqXY.exe
  2⤵
  PID:2968
- C:\Windows\System\YvjWAcz.exe
  C:\Windows\System\YvjWAcz.exe
  2⤵
  PID:1940
- C:\Windows\System\AgspOQq.exe
  C:\Windows\System\AgspOQq.exe
  2⤵
  PID:696
- C:\Windows\System\yAKLVGA.exe
  C:\Windows\System\yAKLVGA.exe
  2⤵
  PID:2168
- C:\Windows\System\ZbgjvAd.exe
  C:\Windows\System\ZbgjvAd.exe
  2⤵
  PID:3168
- C:\Windows\System\KYRTpYI.exe
  C:\Windows\System\KYRTpYI.exe
  2⤵
  PID:2316
- C:\Windows\System\VgEFJGC.exe
  C:\Windows\System\VgEFJGC.exe
  2⤵
  PID:3308
- C:\Windows\System\vPgcQcT.exe
  C:\Windows\System\vPgcQcT.exe
  2⤵
  PID:3272
- C:\Windows\System\wOzhpno.exe
  C:\Windows\System\wOzhpno.exe
  2⤵
  PID:3316
- C:\Windows\System\BjcGAWj.exe
  C:\Windows\System\BjcGAWj.exe
  2⤵
  PID:3356
- C:\Windows\System\YUvDhWs.exe
  C:\Windows\System\YUvDhWs.exe
  2⤵
  PID:3600
- C:\Windows\System\LPwlDdR.exe
  C:\Windows\System\LPwlDdR.exe
  2⤵
  PID:3568
- C:\Windows\System\vbMXcqn.exe
  C:\Windows\System\vbMXcqn.exe
  2⤵
  PID:3660
- C:\Windows\System\zJwIrpC.exe
  C:\Windows\System\zJwIrpC.exe
  2⤵
  PID:3824
- C:\Windows\System\cEecKzP.exe
  C:\Windows\System\cEecKzP.exe
  2⤵
  PID:3984
- C:\Windows\System\THwwXoK.exe
  C:\Windows\System\THwwXoK.exe
  2⤵
  PID:4044
- C:\Windows\System\FCBzmYC.exe
  C:\Windows\System\FCBzmYC.exe
  2⤵
  PID:2724
- C:\Windows\System\SFNWjuj.exe
  C:\Windows\System\SFNWjuj.exe
  2⤵
  PID:4084
- C:\Windows\System\TDrzBYG.exe
  C:\Windows\System\TDrzBYG.exe
  2⤵
  PID:3020
- C:\Windows\System\zyborNk.exe
  C:\Windows\System\zyborNk.exe
  2⤵
  PID:4116
- C:\Windows\System\yStIwnM.exe
  C:\Windows\System\yStIwnM.exe
  2⤵
  PID:4136
- C:\Windows\System\TPtjEdi.exe
  C:\Windows\System\TPtjEdi.exe
  2⤵
  PID:4156
- C:\Windows\System\QaxEPFe.exe
  C:\Windows\System\QaxEPFe.exe
  2⤵
  PID:4176
- C:\Windows\System\JZNyAkw.exe
  C:\Windows\System\JZNyAkw.exe
  2⤵
  PID:4196
- C:\Windows\System\enjjCVk.exe
  C:\Windows\System\enjjCVk.exe
  2⤵
  PID:4220
- C:\Windows\System\wMegYlC.exe
  C:\Windows\System\wMegYlC.exe
  2⤵
  PID:4236
- C:\Windows\System\JbPmLnD.exe
  C:\Windows\System\JbPmLnD.exe
  2⤵
  PID:4260
- C:\Windows\System\UeUjXQQ.exe
  C:\Windows\System\UeUjXQQ.exe
  2⤵
  PID:4276
- C:\Windows\System\ehgBbiy.exe
  C:\Windows\System\ehgBbiy.exe
  2⤵
  PID:4300
- C:\Windows\System\aCOKole.exe
  C:\Windows\System\aCOKole.exe
  2⤵
  PID:4320
- C:\Windows\System\ljRBaYe.exe
  C:\Windows\System\ljRBaYe.exe
  2⤵
  PID:4336
- C:\Windows\System\WMsxLZY.exe
  C:\Windows\System\WMsxLZY.exe
  2⤵
  PID:4356
- C:\Windows\System\kXudpMZ.exe
  C:\Windows\System\kXudpMZ.exe
  2⤵
  PID:4380
- C:\Windows\System\dzEqXkY.exe
  C:\Windows\System\dzEqXkY.exe
  2⤵
  PID:4396
- C:\Windows\System\BHRtICs.exe
  C:\Windows\System\BHRtICs.exe
  2⤵
  PID:4416
- C:\Windows\System\hBOAJNT.exe
  C:\Windows\System\hBOAJNT.exe
  2⤵
  PID:4440
- C:\Windows\System\plURyZu.exe
  C:\Windows\System\plURyZu.exe
  2⤵
  PID:4456
- C:\Windows\System\QaAaOtO.exe
  C:\Windows\System\QaAaOtO.exe
  2⤵
  PID:4480
- C:\Windows\System\wMpOKnJ.exe
  C:\Windows\System\wMpOKnJ.exe
  2⤵
  PID:4496
- C:\Windows\System\gCgggBq.exe
  C:\Windows\System\gCgggBq.exe
  2⤵
  PID:4520
- C:\Windows\System\EXcrZMb.exe
  C:\Windows\System\EXcrZMb.exe
  2⤵
  PID:4540
- C:\Windows\System\GzyMlOy.exe
  C:\Windows\System\GzyMlOy.exe
  2⤵
  PID:4560
- C:\Windows\System\BezrueO.exe
  C:\Windows\System\BezrueO.exe
  2⤵
  PID:4576
- C:\Windows\System\ReQrkQU.exe
  C:\Windows\System\ReQrkQU.exe
  2⤵
  PID:4600
- C:\Windows\System\Auugyfc.exe
  C:\Windows\System\Auugyfc.exe
  2⤵
  PID:4616
- C:\Windows\System\GszstHV.exe
  C:\Windows\System\GszstHV.exe
  2⤵
  PID:4636
- C:\Windows\System\jueHwjE.exe
  C:\Windows\System\jueHwjE.exe
  2⤵
  PID:4660
- C:\Windows\System\EhBsojz.exe
  C:\Windows\System\EhBsojz.exe
  2⤵
  PID:4676
- C:\Windows\System\EGyBZwi.exe
  C:\Windows\System\EGyBZwi.exe
  2⤵
  PID:4696
- C:\Windows\System\NOGLECi.exe
  C:\Windows\System\NOGLECi.exe
  2⤵
  PID:4720
- C:\Windows\System\MtHhqTt.exe
  C:\Windows\System\MtHhqTt.exe
  2⤵
  PID:4740
- C:\Windows\System\BAghTIv.exe
  C:\Windows\System\BAghTIv.exe
  2⤵
  PID:4756
- C:\Windows\System\fajrgut.exe
  C:\Windows\System\fajrgut.exe
  2⤵
  PID:4776
- C:\Windows\System\aHMymkH.exe
  C:\Windows\System\aHMymkH.exe
  2⤵
  PID:4796
- C:\Windows\System\QWQlJKq.exe
  C:\Windows\System\QWQlJKq.exe
  2⤵
  PID:4820
- C:\Windows\System\JagtEbg.exe
  C:\Windows\System\JagtEbg.exe
  2⤵
  PID:4836
- C:\Windows\System\MrFpdIa.exe
  C:\Windows\System\MrFpdIa.exe
  2⤵
  PID:4856
- C:\Windows\System\KtaWxul.exe
  C:\Windows\System\KtaWxul.exe
  2⤵
  PID:4876
- C:\Windows\System\yRrHxHw.exe
  C:\Windows\System\yRrHxHw.exe
  2⤵
  PID:4900
- C:\Windows\System\ulPpgZb.exe
  C:\Windows\System\ulPpgZb.exe
  2⤵
  PID:4916
- C:\Windows\System\vzTsehu.exe
  C:\Windows\System\vzTsehu.exe
  2⤵
  PID:4936
- C:\Windows\System\RthASSr.exe
  C:\Windows\System\RthASSr.exe
  2⤵
  PID:4956
- C:\Windows\System\bBeJFUH.exe
  C:\Windows\System\bBeJFUH.exe
  2⤵
  PID:4980
- C:\Windows\System\NMzoOBR.exe
  C:\Windows\System\NMzoOBR.exe
  2⤵
  PID:5000
- C:\Windows\System\qpCeRQj.exe
  C:\Windows\System\qpCeRQj.exe
  2⤵
  PID:5020
- C:\Windows\System\qMXqVcB.exe
  C:\Windows\System\qMXqVcB.exe
  2⤵
  PID:5040
- C:\Windows\System\jHdzSjx.exe
  C:\Windows\System\jHdzSjx.exe
  2⤵
  PID:5060
- C:\Windows\System\sJFrWBi.exe
  C:\Windows\System\sJFrWBi.exe
  2⤵
  PID:5080
- C:\Windows\System\txslmIn.exe
  C:\Windows\System\txslmIn.exe
  2⤵
  PID:5096
- C:\Windows\System\WgDIjZA.exe
  C:\Windows\System\WgDIjZA.exe
  2⤵
  PID:680
- C:\Windows\System\CRMoGFT.exe
  C:\Windows\System\CRMoGFT.exe
  2⤵
  PID:2912
- C:\Windows\System\YOvTwWs.exe
  C:\Windows\System\YOvTwWs.exe
  2⤵
  PID:2452
- C:\Windows\System\rUXnVGg.exe
  C:\Windows\System\rUXnVGg.exe
  2⤵
  PID:3188
- C:\Windows\System\qTDFBWW.exe
  C:\Windows\System\qTDFBWW.exe
  2⤵
  PID:3192
- C:\Windows\System\nxwnpee.exe
  C:\Windows\System\nxwnpee.exe
  2⤵
  PID:3436
- C:\Windows\System\JiygrRk.exe
  C:\Windows\System\JiygrRk.exe
  2⤵
  PID:3676
- C:\Windows\System\lqygwrv.exe
  C:\Windows\System\lqygwrv.exe
  2⤵
  PID:3704
- C:\Windows\System\QGpeyqj.exe
  C:\Windows\System\QGpeyqj.exe
  2⤵
  PID:3864
- C:\Windows\System\xWRMYhK.exe
  C:\Windows\System\xWRMYhK.exe
  2⤵
  PID:4060
- C:\Windows\System\WwLnmyo.exe
  C:\Windows\System\WwLnmyo.exe
  2⤵
  PID:4112
- C:\Windows\System\yszMrcf.exe
  C:\Windows\System\yszMrcf.exe
  2⤵
  PID:4124
- C:\Windows\System\qjnpTtD.exe
  C:\Windows\System\qjnpTtD.exe
  2⤵
  PID:4152
- C:\Windows\System\LscIzGR.exe
  C:\Windows\System\LscIzGR.exe
  2⤵
  PID:4192
- C:\Windows\System\mbaWBaX.exe
  C:\Windows\System\mbaWBaX.exe
  2⤵
  PID:4212
- C:\Windows\System\qukGnUk.exe
  C:\Windows\System\qukGnUk.exe
  2⤵
  PID:4248
- C:\Windows\System\CONGGHZ.exe
  C:\Windows\System\CONGGHZ.exe
  2⤵
  PID:4284
- C:\Windows\System\iyYEmuH.exe
  C:\Windows\System\iyYEmuH.exe
  2⤵
  PID:4292
- C:\Windows\System\bBwUmGt.exe
  C:\Windows\System\bBwUmGt.exe
  2⤵
  PID:4348
- C:\Windows\System\zUAypuN.exe
  C:\Windows\System\zUAypuN.exe
  2⤵
  PID:4392
- C:\Windows\System\zglIysj.exe
  C:\Windows\System\zglIysj.exe
  2⤵
  PID:4424
- C:\Windows\System\inyyesj.exe
  C:\Windows\System\inyyesj.exe
  2⤵
  PID:4448
- C:\Windows\System\YVcSWLF.exe
  C:\Windows\System\YVcSWLF.exe
  2⤵
  PID:4488
- C:\Windows\System\ORXFeeI.exe
  C:\Windows\System\ORXFeeI.exe
  2⤵
  PID:4508
- C:\Windows\System\BWIheHx.exe
  C:\Windows\System\BWIheHx.exe
  2⤵
  PID:4536
- C:\Windows\System\LQMzSgm.exe
  C:\Windows\System\LQMzSgm.exe
  2⤵
  PID:4592
- C:\Windows\System\IkctJgU.exe
  C:\Windows\System\IkctJgU.exe
  2⤵
  PID:4632
- C:\Windows\System\Rnhuxfn.exe
  C:\Windows\System\Rnhuxfn.exe
  2⤵
  PID:4656
- C:\Windows\System\SARCQgY.exe
  C:\Windows\System\SARCQgY.exe
  2⤵
  PID:4704
- C:\Windows\System\IDUgFyC.exe
  C:\Windows\System\IDUgFyC.exe
  2⤵
  PID:4716
- C:\Windows\System\IgrHjCp.exe
  C:\Windows\System\IgrHjCp.exe
  2⤵
  PID:4732
- C:\Windows\System\LAUejMT.exe
  C:\Windows\System\LAUejMT.exe
  2⤵
  PID:4768
- C:\Windows\System\oLFgxvW.exe
  C:\Windows\System\oLFgxvW.exe
  2⤵
  PID:4832
- C:\Windows\System\UUBJjrJ.exe
  C:\Windows\System\UUBJjrJ.exe
  2⤵
  PID:4848
- C:\Windows\System\litEFdV.exe
  C:\Windows\System\litEFdV.exe
  2⤵
  PID:4884
- C:\Windows\System\lMIUIHJ.exe
  C:\Windows\System\lMIUIHJ.exe
  2⤵
  PID:4912
- C:\Windows\System\AEVNcKh.exe
  C:\Windows\System\AEVNcKh.exe
  2⤵
  PID:4948
- C:\Windows\System\FeFSJKe.exe
  C:\Windows\System\FeFSJKe.exe
  2⤵
  PID:4972
- C:\Windows\System\CtvCwsl.exe
  C:\Windows\System\CtvCwsl.exe
  2⤵
  PID:5036
- C:\Windows\System\hsUtuEu.exe
  C:\Windows\System\hsUtuEu.exe
  2⤵
  PID:5056
- C:\Windows\System\lEMpDIL.exe
  C:\Windows\System\lEMpDIL.exe
  2⤵
  PID:5072
- C:\Windows\System\lIweIMY.exe
  C:\Windows\System\lIweIMY.exe
  2⤵
  PID:2216
- C:\Windows\System\mBUiaVW.exe
  C:\Windows\System\mBUiaVW.exe
  2⤵
  PID:1600
- C:\Windows\System\hhWcwwm.exe
  C:\Windows\System\hhWcwwm.exe
  2⤵
  PID:1716
- C:\Windows\System\pYAeUCU.exe
  C:\Windows\System\pYAeUCU.exe
  2⤵
  PID:3340
- C:\Windows\System\oeKolTE.exe
  C:\Windows\System\oeKolTE.exe
  2⤵
  PID:3500
- C:\Windows\System\CWSmTnq.exe
  C:\Windows\System\CWSmTnq.exe
  2⤵
  PID:3924
- C:\Windows\System\sfOIUZu.exe
  C:\Windows\System\sfOIUZu.exe
  2⤵
  PID:3840
- C:\Windows\System\djTmJIh.exe
  C:\Windows\System\djTmJIh.exe
  2⤵
  PID:2472
- C:\Windows\System\UawBgfx.exe
  C:\Windows\System\UawBgfx.exe
  2⤵
  PID:4232
- C:\Windows\System\bveIiSw.exe
  C:\Windows\System\bveIiSw.exe
  2⤵
  PID:4228
- C:\Windows\System\YWOGyLx.exe
  C:\Windows\System\YWOGyLx.exe
  2⤵
  PID:4272
- C:\Windows\System\hJckZgZ.exe
  C:\Windows\System\hJckZgZ.exe
  2⤵
  PID:4352
- C:\Windows\System\oUCaWLF.exe
  C:\Windows\System\oUCaWLF.exe
  2⤵
  PID:4372
- C:\Windows\System\ZUrLfsq.exe
  C:\Windows\System\ZUrLfsq.exe
  2⤵
  PID:4432
- C:\Windows\System\ifHAkJL.exe
  C:\Windows\System\ifHAkJL.exe
  2⤵
  PID:4428
- C:\Windows\System\tMLaTEj.exe
  C:\Windows\System\tMLaTEj.exe
  2⤵
  PID:4504
- C:\Windows\System\KgwNiwv.exe
  C:\Windows\System\KgwNiwv.exe
  2⤵
  PID:4624
- C:\Windows\System\lmDvnwq.exe
  C:\Windows\System\lmDvnwq.exe
  2⤵
  PID:4652
- C:\Windows\System\gNjkJNc.exe
  C:\Windows\System\gNjkJNc.exe
  2⤵
  PID:4692
- C:\Windows\System\JixWmRP.exe
  C:\Windows\System\JixWmRP.exe
  2⤵
  PID:4736
- C:\Windows\System\ZAKHRcu.exe
  C:\Windows\System\ZAKHRcu.exe
  2⤵
  PID:4772
- C:\Windows\System\MJWEeBw.exe
  C:\Windows\System\MJWEeBw.exe
  2⤵
  PID:4808
- C:\Windows\System\EGMocCk.exe
  C:\Windows\System\EGMocCk.exe
  2⤵
  PID:4928
- C:\Windows\System\KpafHsT.exe
  C:\Windows\System\KpafHsT.exe
  2⤵
  PID:4924
- C:\Windows\System\ZReHIph.exe
  C:\Windows\System\ZReHIph.exe
  2⤵
  PID:4996
- C:\Windows\System\xTuUmnP.exe
  C:\Windows\System\xTuUmnP.exe
  2⤵
  PID:5032
- C:\Windows\System\CEfDHJb.exe
  C:\Windows\System\CEfDHJb.exe
  2⤵
  PID:5112
- C:\Windows\System\lesIyUa.exe
  C:\Windows\System\lesIyUa.exe
  2⤵
  PID:2064
- C:\Windows\System\JoTYPxe.exe
  C:\Windows\System\JoTYPxe.exe
  2⤵
  PID:3268
- C:\Windows\System\QHubWBA.exe
  C:\Windows\System\QHubWBA.exe
  2⤵
  PID:4104
- C:\Windows\System\gsJVndg.exe
  C:\Windows\System\gsJVndg.exe
  2⤵
  PID:4172
- C:\Windows\System\ohmevrW.exe
  C:\Windows\System\ohmevrW.exe
  2⤵
  PID:4184
- C:\Windows\System\EqWINpa.exe
  C:\Windows\System\EqWINpa.exe
  2⤵
  PID:4344
- C:\Windows\System\KaSlLcd.exe
  C:\Windows\System\KaSlLcd.exe
  2⤵
  PID:4404
- C:\Windows\System\CIiUnij.exe
  C:\Windows\System\CIiUnij.exe
  2⤵
  PID:4468
- C:\Windows\System\MdDxjBH.exe
  C:\Windows\System\MdDxjBH.exe
  2⤵
  PID:4516
- C:\Windows\System\vGGwqAj.exe
  C:\Windows\System\vGGwqAj.exe
  2⤵
  PID:4644
- C:\Windows\System\oeMhPAX.exe
  C:\Windows\System\oeMhPAX.exe
  2⤵
  PID:4668
- C:\Windows\System\ItmRZeB.exe
  C:\Windows\System\ItmRZeB.exe
  2⤵
  PID:2756
- C:\Windows\System\tiGqtle.exe
  C:\Windows\System\tiGqtle.exe
  2⤵
  PID:4868
- C:\Windows\System\FRlQIrZ.exe
  C:\Windows\System\FRlQIrZ.exe
  2⤵
  PID:5028
- C:\Windows\System\hTwFpet.exe
  C:\Windows\System\hTwFpet.exe
  2⤵
  PID:5124
- C:\Windows\System\IatGlZy.exe
  C:\Windows\System\IatGlZy.exe
  2⤵
  PID:5144
- C:\Windows\System\wKjRVVk.exe
  C:\Windows\System\wKjRVVk.exe
  2⤵
  PID:5164
- C:\Windows\System\xkhUyIx.exe
  C:\Windows\System\xkhUyIx.exe
  2⤵
  PID:5184
- C:\Windows\System\KYlsMWf.exe
  C:\Windows\System\KYlsMWf.exe
  2⤵
  PID:5204
- C:\Windows\System\wosJkrL.exe
  C:\Windows\System\wosJkrL.exe
  2⤵
  PID:5220
- C:\Windows\System\jraydYG.exe
  C:\Windows\System\jraydYG.exe
  2⤵
  PID:5244
- C:\Windows\System\rdauOuj.exe
  C:\Windows\System\rdauOuj.exe
  2⤵
  PID:5264
- C:\Windows\System\tslzAeD.exe
  C:\Windows\System\tslzAeD.exe
  2⤵
  PID:5284
- C:\Windows\System\SQAVdpQ.exe
  C:\Windows\System\SQAVdpQ.exe
  2⤵
  PID:5300
- C:\Windows\System\ABInBKt.exe
  C:\Windows\System\ABInBKt.exe
  2⤵
  PID:5324
- C:\Windows\System\nIvxYmC.exe
  C:\Windows\System\nIvxYmC.exe
  2⤵
  PID:5344
- C:\Windows\System\QaoZlUU.exe
  C:\Windows\System\QaoZlUU.exe
  2⤵
  PID:5364
- C:\Windows\System\CPfjLsO.exe
  C:\Windows\System\CPfjLsO.exe
  2⤵
  PID:5384
- C:\Windows\System\zgCUSsM.exe
  C:\Windows\System\zgCUSsM.exe
  2⤵
  PID:5400
- C:\Windows\System\VgcZcEZ.exe
  C:\Windows\System\VgcZcEZ.exe
  2⤵
  PID:5424
- C:\Windows\System\eoLCQLP.exe
  C:\Windows\System\eoLCQLP.exe
  2⤵
  PID:5444
- C:\Windows\System\yWAfRZR.exe
  C:\Windows\System\yWAfRZR.exe
  2⤵
  PID:5464
- C:\Windows\System\kcluGmF.exe
  C:\Windows\System\kcluGmF.exe
  2⤵
  PID:5484
- C:\Windows\System\ZXIauND.exe
  C:\Windows\System\ZXIauND.exe
  2⤵
  PID:5504
- C:\Windows\System\IeBWfJT.exe
  C:\Windows\System\IeBWfJT.exe
  2⤵
  PID:5524
- C:\Windows\System\DahKNaV.exe
  C:\Windows\System\DahKNaV.exe
  2⤵
  PID:5544
- C:\Windows\System\vVigDIs.exe
  C:\Windows\System\vVigDIs.exe
  2⤵
  PID:5564
- C:\Windows\System\cakwAbY.exe
  C:\Windows\System\cakwAbY.exe
  2⤵
  PID:5584
- C:\Windows\System\XZIfGSx.exe
  C:\Windows\System\XZIfGSx.exe
  2⤵
  PID:5604
- C:\Windows\System\lOXxcgi.exe
  C:\Windows\System\lOXxcgi.exe
  2⤵
  PID:5624
- C:\Windows\System\FquRnHH.exe
  C:\Windows\System\FquRnHH.exe
  2⤵
  PID:5644
- C:\Windows\System\PQeYWKt.exe
  C:\Windows\System\PQeYWKt.exe
  2⤵
  PID:5664
- C:\Windows\System\Qkjmugi.exe
  C:\Windows\System\Qkjmugi.exe
  2⤵
  PID:5684
- C:\Windows\System\rjbFIZz.exe
  C:\Windows\System\rjbFIZz.exe
  2⤵
  PID:5704
- C:\Windows\System\nTeIdOe.exe
  C:\Windows\System\nTeIdOe.exe
  2⤵
  PID:5724
- C:\Windows\System\iIrOShm.exe
  C:\Windows\System\iIrOShm.exe
  2⤵
  PID:5744
- C:\Windows\System\xekmLAb.exe
  C:\Windows\System\xekmLAb.exe
  2⤵
  PID:5760
- C:\Windows\System\KrcmSaL.exe
  C:\Windows\System\KrcmSaL.exe
  2⤵
  PID:5784
- C:\Windows\System\GVSoZvO.exe
  C:\Windows\System\GVSoZvO.exe
  2⤵
  PID:5804
- C:\Windows\System\qTOrNzA.exe
  C:\Windows\System\qTOrNzA.exe
  2⤵
  PID:5824
- C:\Windows\System\miqppJT.exe
  C:\Windows\System\miqppJT.exe
  2⤵
  PID:5844
- C:\Windows\System\DZyoqvQ.exe
  C:\Windows\System\DZyoqvQ.exe
  2⤵
  PID:5864
- C:\Windows\System\NYipJpa.exe
  C:\Windows\System\NYipJpa.exe
  2⤵
  PID:5884
- C:\Windows\System\LiuJMct.exe
  C:\Windows\System\LiuJMct.exe
  2⤵
  PID:5900
- C:\Windows\System\AtggBGq.exe
  C:\Windows\System\AtggBGq.exe
  2⤵
  PID:5924
- C:\Windows\System\FjgcPMw.exe
  C:\Windows\System\FjgcPMw.exe
  2⤵
  PID:5944
- C:\Windows\System\PGyPTbO.exe
  C:\Windows\System\PGyPTbO.exe
  2⤵
  PID:5964
- C:\Windows\System\spwGNty.exe
  C:\Windows\System\spwGNty.exe
  2⤵
  PID:5984
- C:\Windows\System\BFZYNNv.exe
  C:\Windows\System\BFZYNNv.exe
  2⤵
  PID:6004
- C:\Windows\System\EKJzmIr.exe
  C:\Windows\System\EKJzmIr.exe
  2⤵
  PID:6024
- C:\Windows\System\VHRgZXZ.exe
  C:\Windows\System\VHRgZXZ.exe
  2⤵
  PID:6044
- C:\Windows\System\NdSGNjg.exe
  C:\Windows\System\NdSGNjg.exe
  2⤵
  PID:6064
- C:\Windows\System\OxPDWDg.exe
  C:\Windows\System\OxPDWDg.exe
  2⤵
  PID:6084
- C:\Windows\System\hYjtffd.exe
  C:\Windows\System\hYjtffd.exe
  2⤵
  PID:6104
- C:\Windows\System\CrEbSLf.exe
  C:\Windows\System\CrEbSLf.exe
  2⤵
  PID:6124
- C:\Windows\System\mcuwqIt.exe
  C:\Windows\System\mcuwqIt.exe
  2⤵
  PID:3068
- C:\Windows\System\hkczWLQ.exe
  C:\Windows\System\hkczWLQ.exe
  2⤵
  PID:1948
- C:\Windows\System\BeweeMx.exe
  C:\Windows\System\BeweeMx.exe
  2⤵
  PID:3820
- C:\Windows\System\UJQIaXo.exe
  C:\Windows\System\UJQIaXo.exe
  2⤵
  PID:4144
- C:\Windows\System\ghSFziS.exe
  C:\Windows\System\ghSFziS.exe
  2⤵
  PID:4328
- C:\Windows\System\EKilZUl.exe
  C:\Windows\System\EKilZUl.exe
  2⤵
  PID:4476
- C:\Windows\System\yJOKgPO.exe
  C:\Windows\System\yJOKgPO.exe
  2⤵
  PID:4368
- C:\Windows\System\MmBAGjp.exe
  C:\Windows\System\MmBAGjp.exe
  2⤵
  PID:4748
- C:\Windows\System\iwQNAJg.exe
  C:\Windows\System\iwQNAJg.exe
  2⤵
  PID:4872
- C:\Windows\System\umorEvj.exe
  C:\Windows\System\umorEvj.exe
  2⤵
  PID:4864
- C:\Windows\System\AHWETZP.exe
  C:\Windows\System\AHWETZP.exe
  2⤵
  PID:4908
- C:\Windows\System\LrkxuBz.exe
  C:\Windows\System\LrkxuBz.exe
  2⤵
  PID:5160
- C:\Windows\System\mDxRqCj.exe
  C:\Windows\System\mDxRqCj.exe
  2⤵
  PID:5176
- C:\Windows\System\OOYsHKH.exe
  C:\Windows\System\OOYsHKH.exe
  2⤵
  PID:5228
- C:\Windows\System\RdnVPfx.exe
  C:\Windows\System\RdnVPfx.exe
  2⤵
  PID:5252
- C:\Windows\System\OIgjnGZ.exe
  C:\Windows\System\OIgjnGZ.exe
  2⤵
  PID:5312
- C:\Windows\System\hCBwIsO.exe
  C:\Windows\System\hCBwIsO.exe
  2⤵
  PID:5316
- C:\Windows\System\tueOiHF.exe
  C:\Windows\System\tueOiHF.exe
  2⤵
  PID:5356
- C:\Windows\System\HaUliNW.exe
  C:\Windows\System\HaUliNW.exe
  2⤵
  PID:5376
- C:\Windows\System\tdtBKlO.exe
  C:\Windows\System\tdtBKlO.exe
  2⤵
  PID:5420
- C:\Windows\System\ZEPUVpE.exe
  C:\Windows\System\ZEPUVpE.exe
  2⤵
  PID:5460
- C:\Windows\System\tJaPdIA.exe
  C:\Windows\System\tJaPdIA.exe
  2⤵
  PID:5492
- C:\Windows\System\XWYuMuv.exe
  C:\Windows\System\XWYuMuv.exe
  2⤵
  PID:5516
- C:\Windows\System\ccDrhIu.exe
  C:\Windows\System\ccDrhIu.exe
  2⤵
  PID:5560
- C:\Windows\System\xCEwJIV.exe
  C:\Windows\System\xCEwJIV.exe
  2⤵
  PID:5572
- C:\Windows\System\WvPkOUL.exe
  C:\Windows\System\WvPkOUL.exe
  2⤵
  PID:5620
- C:\Windows\System\jdUAHSF.exe
  C:\Windows\System\jdUAHSF.exe
  2⤵
  PID:5680
- C:\Windows\System\KnAXwYB.exe
  C:\Windows\System\KnAXwYB.exe
  2⤵
  PID:5712
- C:\Windows\System\sLWsdOq.exe
  C:\Windows\System\sLWsdOq.exe
  2⤵
  PID:5700
- C:\Windows\System\OeBiZZU.exe
  C:\Windows\System\OeBiZZU.exe
  2⤵
  PID:5756
- C:\Windows\System\yVZkXOo.exe
  C:\Windows\System\yVZkXOo.exe
  2⤵
  PID:5796
- C:\Windows\System\mvlbIwC.exe
  C:\Windows\System\mvlbIwC.exe
  2⤵
  PID:5840
- C:\Windows\System\AinZobw.exe
  C:\Windows\System\AinZobw.exe
  2⤵
  PID:2764
- C:\Windows\System\oOlhSbi.exe
  C:\Windows\System\oOlhSbi.exe
  2⤵
  PID:5876
- C:\Windows\System\bDtbsGl.exe
  C:\Windows\System\bDtbsGl.exe
  2⤵
  PID:5912
- C:\Windows\System\cokyAPv.exe
  C:\Windows\System\cokyAPv.exe
  2⤵
  PID:5952
- C:\Windows\System\xfsOPOo.exe
  C:\Windows\System\xfsOPOo.exe
  2⤵
  PID:5992
- C:\Windows\System\vnEyLWl.exe
  C:\Windows\System\vnEyLWl.exe
  2⤵
  PID:6016
- C:\Windows\System\YDhUmDc.exe
  C:\Windows\System\YDhUmDc.exe
  2⤵
  PID:6052
- C:\Windows\System\sSOtPNv.exe
  C:\Windows\System\sSOtPNv.exe
  2⤵
  PID:6080
- C:\Windows\System\CPLPgAF.exe
  C:\Windows\System\CPLPgAF.exe
  2⤵
  PID:6120
- C:\Windows\System\TQfjeRy.exe
  C:\Windows\System\TQfjeRy.exe
  2⤵
  PID:5092
- C:\Windows\System\DHHCYzx.exe
  C:\Windows\System\DHHCYzx.exe
  2⤵
  PID:896
- C:\Windows\System\NpynrgR.exe
  C:\Windows\System\NpynrgR.exe
  2⤵
  PID:2792
- C:\Windows\System\aONuUti.exe
  C:\Windows\System\aONuUti.exe
  2⤵
  PID:4548
- C:\Windows\System\uVOCtRx.exe
  C:\Windows\System\uVOCtRx.exe
  2⤵
  PID:4568
- C:\Windows\System\psOgqks.exe
  C:\Windows\System\psOgqks.exe
  2⤵
  PID:4828
- C:\Windows\System\FlifVDY.exe
  C:\Windows\System\FlifVDY.exe
  2⤵
  PID:5016
- C:\Windows\System\HYWrima.exe
  C:\Windows\System\HYWrima.exe
  2⤵
  PID:2760
- C:\Windows\System\MzIEbGD.exe
  C:\Windows\System\MzIEbGD.exe
  2⤵
  PID:5212
- C:\Windows\System\RzfoMaW.exe
  C:\Windows\System\RzfoMaW.exe
  2⤵
  PID:5236
- C:\Windows\System\dodDBRX.exe
  C:\Windows\System\dodDBRX.exe
  2⤵
  PID:5360
- C:\Windows\System\OHaKNKC.exe
  C:\Windows\System\OHaKNKC.exe
  2⤵
  PID:5408
- C:\Windows\System\aROkwnN.exe
  C:\Windows\System\aROkwnN.exe
  2⤵
  PID:5452
- C:\Windows\System\xaufqnm.exe
  C:\Windows\System\xaufqnm.exe
  2⤵
  PID:5536
- C:\Windows\System\txaLvaO.exe
  C:\Windows\System\txaLvaO.exe
  2⤵
  PID:5596
- C:\Windows\System\uIDSWld.exe
  C:\Windows\System\uIDSWld.exe
  2⤵
  PID:5612
- C:\Windows\System\ErQBgfj.exe
  C:\Windows\System\ErQBgfj.exe
  2⤵
  PID:5676
- C:\Windows\System\iSaywQS.exe
  C:\Windows\System\iSaywQS.exe
  2⤵
  PID:5692
- C:\Windows\System\oidUIZd.exe
  C:\Windows\System\oidUIZd.exe
  2⤵
  PID:5780
- C:\Windows\System\jzBtWhL.exe
  C:\Windows\System\jzBtWhL.exe
  2⤵
  PID:5836
- C:\Windows\System\KrjcQaE.exe
  C:\Windows\System\KrjcQaE.exe
  2⤵
  PID:5892
- C:\Windows\System\rKlBUTd.exe
  C:\Windows\System\rKlBUTd.exe
  2⤵
  PID:5908
- C:\Windows\System\EIPeSIM.exe
  C:\Windows\System\EIPeSIM.exe
  2⤵
  PID:6000
- C:\Windows\System\HhROfpf.exe
  C:\Windows\System\HhROfpf.exe
  2⤵
  PID:6036
- C:\Windows\System\jYuqMiR.exe
  C:\Windows\System\jYuqMiR.exe
  2⤵
  PID:6140
- C:\Windows\System\gydclwX.exe
  C:\Windows\System\gydclwX.exe
  2⤵
  PID:4204
- C:\Windows\System\ceKNGyZ.exe
  C:\Windows\System\ceKNGyZ.exe
  2⤵
  PID:4308
- C:\Windows\System\WEhhfUH.exe
  C:\Windows\System\WEhhfUH.exe
  2⤵
  PID:2548
- C:\Windows\System\fCTLlQz.exe
  C:\Windows\System\fCTLlQz.exe
  2⤵
  PID:4952
- C:\Windows\System\drySLnj.exe
  C:\Windows\System\drySLnj.exe
  2⤵
  PID:5136
- C:\Windows\System\tGLsRle.exe
  C:\Windows\System\tGLsRle.exe
  2⤵
  PID:5296
- C:\Windows\System\hULpuUb.exe
  C:\Windows\System\hULpuUb.exe
  2⤵
  PID:5380
- C:\Windows\System\TITGunk.exe
  C:\Windows\System\TITGunk.exe
  2⤵
  PID:5476
- C:\Windows\System\NgWzcxN.exe
  C:\Windows\System\NgWzcxN.exe
  2⤵
  PID:5640
- C:\Windows\System\AiSuRdO.exe
  C:\Windows\System\AiSuRdO.exe
  2⤵
  PID:5672
- C:\Windows\System\UxwxvSv.exe
  C:\Windows\System\UxwxvSv.exe
  2⤵
  PID:6156
- C:\Windows\System\HXNFqtI.exe
  C:\Windows\System\HXNFqtI.exe
  2⤵
  PID:6176
- C:\Windows\System\dJhebxH.exe
  C:\Windows\System\dJhebxH.exe
  2⤵
  PID:6196
- C:\Windows\System\dMDINIj.exe
  C:\Windows\System\dMDINIj.exe
  2⤵
  PID:6216
- C:\Windows\System\glynHCh.exe
  C:\Windows\System\glynHCh.exe
  2⤵
  PID:6236
- C:\Windows\System\OPRBMOg.exe
  C:\Windows\System\OPRBMOg.exe
  2⤵
  PID:6256
- C:\Windows\System\gXjRAFH.exe
  C:\Windows\System\gXjRAFH.exe
  2⤵
  PID:6276
- C:\Windows\System\KhFWhls.exe
  C:\Windows\System\KhFWhls.exe
  2⤵
  PID:6296
- C:\Windows\System\wiyXMqe.exe
  C:\Windows\System\wiyXMqe.exe
  2⤵
  PID:6316
- C:\Windows\System\iorJbgE.exe
  C:\Windows\System\iorJbgE.exe
  2⤵
  PID:6336
- C:\Windows\System\PJwigmh.exe
  C:\Windows\System\PJwigmh.exe
  2⤵
  PID:6356
- C:\Windows\System\ufkbVUQ.exe
  C:\Windows\System\ufkbVUQ.exe
  2⤵
  PID:6376
- C:\Windows\System\jJpWDNf.exe
  C:\Windows\System\jJpWDNf.exe
  2⤵
  PID:6396
- C:\Windows\System\mPIzrAb.exe
  C:\Windows\System\mPIzrAb.exe
  2⤵
  PID:6416
- C:\Windows\System\NZYFaUE.exe
  C:\Windows\System\NZYFaUE.exe
  2⤵
  PID:6436
- C:\Windows\System\ReyPkMl.exe
  C:\Windows\System\ReyPkMl.exe
  2⤵
  PID:6456
- C:\Windows\System\BVbjWNL.exe
  C:\Windows\System\BVbjWNL.exe
  2⤵
  PID:6476
- C:\Windows\System\OVIxLBI.exe
  C:\Windows\System\OVIxLBI.exe
  2⤵
  PID:6496
- C:\Windows\System\uCTAYad.exe
  C:\Windows\System\uCTAYad.exe
  2⤵
  PID:6516
- C:\Windows\System\xiTVGjT.exe
  C:\Windows\System\xiTVGjT.exe
  2⤵
  PID:6536
- C:\Windows\System\nhPmUQX.exe
  C:\Windows\System\nhPmUQX.exe
  2⤵
  PID:6556
- C:\Windows\System\duTtBbl.exe
  C:\Windows\System\duTtBbl.exe
  2⤵
  PID:6576
- C:\Windows\System\oPwMaTp.exe
  C:\Windows\System\oPwMaTp.exe
  2⤵
  PID:6596
- C:\Windows\System\WkyJvuS.exe
  C:\Windows\System\WkyJvuS.exe
  2⤵
  PID:6616
- C:\Windows\System\AEyFJCh.exe
  C:\Windows\System\AEyFJCh.exe
  2⤵
  PID:6636
- C:\Windows\System\LOljpmF.exe
  C:\Windows\System\LOljpmF.exe
  2⤵
  PID:6656
- C:\Windows\System\UWUVCxY.exe
  C:\Windows\System\UWUVCxY.exe
  2⤵
  PID:6676
- C:\Windows\System\cmEghYb.exe
  C:\Windows\System\cmEghYb.exe
  2⤵
  PID:6696
- C:\Windows\System\VQAMshL.exe
  C:\Windows\System\VQAMshL.exe
  2⤵
  PID:6716
- C:\Windows\System\loFcoEH.exe
  C:\Windows\System\loFcoEH.exe
  2⤵
  PID:6736
- C:\Windows\System\lmarDWc.exe
  C:\Windows\System\lmarDWc.exe
  2⤵
  PID:6756
- C:\Windows\System\WQjJOen.exe
  C:\Windows\System\WQjJOen.exe
  2⤵
  PID:6776
- C:\Windows\System\nHpahVs.exe
  C:\Windows\System\nHpahVs.exe
  2⤵
  PID:6796
- C:\Windows\System\LOlURGF.exe
  C:\Windows\System\LOlURGF.exe
  2⤵
  PID:6820
- C:\Windows\System\DDpIdRX.exe
  C:\Windows\System\DDpIdRX.exe
  2⤵
  PID:6840
- C:\Windows\System\KPhuJQD.exe
  C:\Windows\System\KPhuJQD.exe
  2⤵
  PID:6860
- C:\Windows\System\UyfwMYX.exe
  C:\Windows\System\UyfwMYX.exe
  2⤵
  PID:6880
- C:\Windows\System\TwgmlhR.exe
  C:\Windows\System\TwgmlhR.exe
  2⤵
  PID:6900
- C:\Windows\System\ZoIEuuo.exe
  C:\Windows\System\ZoIEuuo.exe
  2⤵
  PID:6920
- C:\Windows\System\MOJTiUG.exe
  C:\Windows\System\MOJTiUG.exe
  2⤵
  PID:6940
- C:\Windows\System\qXwTRdN.exe
  C:\Windows\System\qXwTRdN.exe
  2⤵
  PID:6960
- C:\Windows\System\geExRva.exe
  C:\Windows\System\geExRva.exe
  2⤵
  PID:6980
- C:\Windows\System\BGFjbds.exe
  C:\Windows\System\BGFjbds.exe
  2⤵
  PID:7000
- C:\Windows\System\ezoUqWa.exe
  C:\Windows\System\ezoUqWa.exe
  2⤵
  PID:7020
- C:\Windows\System\fTiMdsu.exe
  C:\Windows\System\fTiMdsu.exe
  2⤵
  PID:7040
- C:\Windows\System\BVcCXrP.exe
  C:\Windows\System\BVcCXrP.exe
  2⤵
  PID:7060
- C:\Windows\System\RYRhRpy.exe
  C:\Windows\System\RYRhRpy.exe
  2⤵
  PID:7080
- C:\Windows\System\iTihdig.exe
  C:\Windows\System\iTihdig.exe
  2⤵
  PID:7100
- C:\Windows\System\DNPRmtq.exe
  C:\Windows\System\DNPRmtq.exe
  2⤵
  PID:7120
- C:\Windows\System\SUhEDkX.exe
  C:\Windows\System\SUhEDkX.exe
  2⤵
  PID:7140
- C:\Windows\System\lZfgPHA.exe
  C:\Windows\System\lZfgPHA.exe
  2⤵
  PID:7160
- C:\Windows\System\MgkOdxB.exe
  C:\Windows\System\MgkOdxB.exe
  2⤵
  PID:5716
- C:\Windows\System\QHBeGKT.exe
  C:\Windows\System\QHBeGKT.exe
  2⤵
  PID:5856
- C:\Windows\System\YIeSrqi.exe
  C:\Windows\System\YIeSrqi.exe
  2⤵
  PID:5896
- C:\Windows\System\QehpUyC.exe
  C:\Windows\System\QehpUyC.exe
  2⤵
  PID:6020
- C:\Windows\System\jINjEcp.exe
  C:\Windows\System\jINjEcp.exe
  2⤵
  PID:2328
- C:\Windows\System\qmqegLw.exe
  C:\Windows\System\qmqegLw.exe
  2⤵
  PID:4572
- C:\Windows\System\tPYbDrE.exe
  C:\Windows\System\tPYbDrE.exe
  2⤵
  PID:5140
- C:\Windows\System\QzjEzrP.exe
  C:\Windows\System\QzjEzrP.exe
  2⤵
  PID:5240
- C:\Windows\System\kdDzEBt.exe
  C:\Windows\System\kdDzEBt.exe
  2⤵
  PID:5432
- C:\Windows\System\jVKLvnp.exe
  C:\Windows\System\jVKLvnp.exe
  2⤵
  PID:5496
- C:\Windows\System\tBhJaIl.exe
  C:\Windows\System\tBhJaIl.exe
  2⤵
  PID:6164
- C:\Windows\System\vMHyxus.exe
  C:\Windows\System\vMHyxus.exe
  2⤵
  PID:6204
- C:\Windows\System\OBNhRXT.exe
  C:\Windows\System\OBNhRXT.exe
  2⤵
  PID:6208
- C:\Windows\System\ExGVJiy.exe
  C:\Windows\System\ExGVJiy.exe
  2⤵
  PID:6228
- C:\Windows\System\kMDkOXP.exe
  C:\Windows\System\kMDkOXP.exe
  2⤵
  PID:6272
- C:\Windows\System\pWIZUSj.exe
  C:\Windows\System\pWIZUSj.exe
  2⤵
  PID:6308
- C:\Windows\System\GQpRasW.exe
  C:\Windows\System\GQpRasW.exe
  2⤵
  PID:6364
- C:\Windows\System\DNvnIQD.exe
  C:\Windows\System\DNvnIQD.exe
  2⤵
  PID:6392
- C:\Windows\System\UPWMWtY.exe
  C:\Windows\System\UPWMWtY.exe
  2⤵
  PID:6424
- C:\Windows\System\zwFGJpH.exe
  C:\Windows\System\zwFGJpH.exe
  2⤵
  PID:6448
- C:\Windows\System\jtBlVIh.exe
  C:\Windows\System\jtBlVIh.exe
  2⤵
  PID:6492
- C:\Windows\System\lAoFqzZ.exe
  C:\Windows\System\lAoFqzZ.exe
  2⤵
  PID:6524
- C:\Windows\System\KAeevwL.exe
  C:\Windows\System\KAeevwL.exe
  2⤵
  PID:6544
- C:\Windows\System\fqtDyCq.exe
  C:\Windows\System\fqtDyCq.exe
  2⤵
  PID:6604
- C:\Windows\System\FxHIQZP.exe
  C:\Windows\System\FxHIQZP.exe
  2⤵
  PID:6588
- C:\Windows\System\curhjCU.exe
  C:\Windows\System\curhjCU.exe
  2⤵
  PID:6648
- C:\Windows\System\UCImgOv.exe
  C:\Windows\System\UCImgOv.exe
  2⤵
  PID:6692
- C:\Windows\System\ttuOBvg.exe
  C:\Windows\System\ttuOBvg.exe
  2⤵
  PID:6724
- C:\Windows\System\LrdGuOn.exe
  C:\Windows\System\LrdGuOn.exe
  2⤵
  PID:6752
- C:\Windows\System\cSaTyRJ.exe
  C:\Windows\System\cSaTyRJ.exe
  2⤵
  PID:6804
- C:\Windows\System\KOshfVS.exe
  C:\Windows\System\KOshfVS.exe
  2⤵
  PID:6828
- C:\Windows\System\efBaZyB.exe
  C:\Windows\System\efBaZyB.exe
  2⤵
  PID:6852
- C:\Windows\System\ZYkefqV.exe
  C:\Windows\System\ZYkefqV.exe
  2⤵
  PID:6876
- C:\Windows\System\iWAxFMU.exe
  C:\Windows\System\iWAxFMU.exe
  2⤵
  PID:6908
- C:\Windows\System\sdUdTzV.exe
  C:\Windows\System\sdUdTzV.exe
  2⤵
  PID:6968
- C:\Windows\System\niJKBNq.exe
  C:\Windows\System\niJKBNq.exe
  2⤵
  PID:7012
- C:\Windows\System\zgKPQTi.exe
  C:\Windows\System\zgKPQTi.exe
  2⤵
  PID:7028
- C:\Windows\System\MPuAIYj.exe
  C:\Windows\System\MPuAIYj.exe
  2⤵
  PID:7052
- C:\Windows\System\fCiSKEX.exe
  C:\Windows\System\fCiSKEX.exe
  2⤵
  PID:7072
- C:\Windows\System\HKHozOX.exe
  C:\Windows\System\HKHozOX.exe
  2⤵
  PID:7128
- C:\Windows\System\dByUcUo.exe
  C:\Windows\System\dByUcUo.exe
  2⤵
  PID:5792
- C:\Windows\System\jFybtys.exe
  C:\Windows\System\jFybtys.exe
  2⤵
  PID:5936
- C:\Windows\System\sTCNTcl.exe
  C:\Windows\System\sTCNTcl.exe
  2⤵
  PID:900
- C:\Windows\System\QvjYCRb.exe
  C:\Windows\System\QvjYCRb.exe
  2⤵
  PID:3364
- C:\Windows\System\TQkGPak.exe
  C:\Windows\System\TQkGPak.exe
  2⤵
  PID:4988
- C:\Windows\System\mPHXmam.exe
  C:\Windows\System\mPHXmam.exe
  2⤵
  PID:5292
- C:\Windows\System\LABIWhr.exe
  C:\Windows\System\LABIWhr.exe
  2⤵
  PID:5636
- C:\Windows\System\ACAyVmV.exe
  C:\Windows\System\ACAyVmV.exe
  2⤵
  PID:6168
- C:\Windows\System\EgiCQaC.exe
  C:\Windows\System\EgiCQaC.exe
  2⤵
  PID:6252
- C:\Windows\System\kBRcItO.exe
  C:\Windows\System\kBRcItO.exe
  2⤵
  PID:6304
- C:\Windows\System\ZjrhStD.exe
  C:\Windows\System\ZjrhStD.exe
  2⤵
  PID:6408
- C:\Windows\System\foipfTP.exe
  C:\Windows\System\foipfTP.exe
  2⤵
  PID:6404
- C:\Windows\System\jldeNzh.exe
  C:\Windows\System\jldeNzh.exe
  2⤵
  PID:6444
- C:\Windows\System\ImuftUI.exe
  C:\Windows\System\ImuftUI.exe
  2⤵
  PID:6508
- C:\Windows\System\WFSFgqu.exe
  C:\Windows\System\WFSFgqu.exe
  2⤵
  PID:6548
- C:\Windows\System\lvoCdlb.exe
  C:\Windows\System\lvoCdlb.exe
  2⤵
  PID:6652
- C:\Windows\System\gdlACMv.exe
  C:\Windows\System\gdlACMv.exe
  2⤵
  PID:6728
- C:\Windows\System\UgyNuLy.exe
  C:\Windows\System\UgyNuLy.exe
  2⤵
  PID:6712
- C:\Windows\System\LBUPmbc.exe
  C:\Windows\System\LBUPmbc.exe
  2⤵
  PID:6784
- C:\Windows\System\WazEyHW.exe
  C:\Windows\System\WazEyHW.exe
  2⤵
  PID:6832
- C:\Windows\System\IwLFnCZ.exe
  C:\Windows\System\IwLFnCZ.exe
  2⤵
  PID:6928
- C:\Windows\System\AtbYqNr.exe
  C:\Windows\System\AtbYqNr.exe
  2⤵
  PID:6992
- C:\Windows\System\BlnVbdE.exe
  C:\Windows\System\BlnVbdE.exe
  2⤵
  PID:7048
- C:\Windows\System\ClJVPSt.exe
  C:\Windows\System\ClJVPSt.exe
  2⤵
  PID:7056
- C:\Windows\System\dEQxwjI.exe
  C:\Windows\System\dEQxwjI.exe
  2⤵
  PID:7116
- C:\Windows\System\dWWISqG.exe
  C:\Windows\System\dWWISqG.exe
  2⤵
  PID:7152
- C:\Windows\System\BaUCZLc.exe
  C:\Windows\System\BaUCZLc.exe
  2⤵
  PID:5972
- C:\Windows\System\yQTKuAh.exe
  C:\Windows\System\yQTKuAh.exe
  2⤵
  PID:5412
- C:\Windows\System\pYEMbhL.exe
  C:\Windows\System\pYEMbhL.exe
  2⤵
  PID:5696
- C:\Windows\System\jnCLYru.exe
  C:\Windows\System\jnCLYru.exe
  2⤵
  PID:6192
- C:\Windows\System\uqldihn.exe
  C:\Windows\System\uqldihn.exe
  2⤵
  PID:6264
- C:\Windows\System\vvEsxul.exe
  C:\Windows\System\vvEsxul.exe
  2⤵
  PID:6348
- C:\Windows\System\MUBXGaQ.exe
  C:\Windows\System\MUBXGaQ.exe
  2⤵
  PID:6572
- C:\Windows\System\lXOHJlW.exe
  C:\Windows\System\lXOHJlW.exe
  2⤵
  PID:6568
- C:\Windows\System\JSRUffP.exe
  C:\Windows\System\JSRUffP.exe
  2⤵
  PID:6684
- C:\Windows\System\gbYVWwk.exe
  C:\Windows\System\gbYVWwk.exe
  2⤵
  PID:6744
- C:\Windows\System\jasyzJj.exe
  C:\Windows\System\jasyzJj.exe
  2⤵
  PID:6892
- C:\Windows\System\GIuyecr.exe
  C:\Windows\System\GIuyecr.exe
  2⤵
  PID:6936
- C:\Windows\System\oyddggV.exe
  C:\Windows\System\oyddggV.exe
  2⤵
  PID:7096
- C:\Windows\System\ossbnFS.exe
  C:\Windows\System\ossbnFS.exe
  2⤵
  PID:7076
- C:\Windows\System\NrifTlO.exe
  C:\Windows\System\NrifTlO.exe
  2⤵
  PID:6012
- C:\Windows\System\hfhaHwP.exe
  C:\Windows\System\hfhaHwP.exe
  2⤵
  PID:7176
- C:\Windows\System\AeanXhY.exe
  C:\Windows\System\AeanXhY.exe
  2⤵
  PID:7200
- C:\Windows\System\fnFCWjh.exe
  C:\Windows\System\fnFCWjh.exe
  2⤵
  PID:7220
- C:\Windows\System\kPdazlt.exe
  C:\Windows\System\kPdazlt.exe
  2⤵
  PID:7240
- C:\Windows\System\kkBYMhY.exe
  C:\Windows\System\kkBYMhY.exe
  2⤵
  PID:7260
- C:\Windows\System\hlBhwuU.exe
  C:\Windows\System\hlBhwuU.exe
  2⤵
  PID:7280
- C:\Windows\System\nsTLZMR.exe
  C:\Windows\System\nsTLZMR.exe
  2⤵
  PID:7300
- C:\Windows\System\OeuZTrS.exe
  C:\Windows\System\OeuZTrS.exe
  2⤵
  PID:7320
- C:\Windows\System\dHtHhmb.exe
  C:\Windows\System\dHtHhmb.exe
  2⤵
  PID:7340
- C:\Windows\System\PcLFUxY.exe
  C:\Windows\System\PcLFUxY.exe
  2⤵
  PID:7360
- C:\Windows\System\LBvzQEh.exe
  C:\Windows\System\LBvzQEh.exe
  2⤵
  PID:7380
- C:\Windows\System\VJkypEz.exe
  C:\Windows\System\VJkypEz.exe
  2⤵
  PID:7400
- C:\Windows\System\IyPOSuj.exe
  C:\Windows\System\IyPOSuj.exe
  2⤵
  PID:7420
- C:\Windows\System\hEwcEgj.exe
  C:\Windows\System\hEwcEgj.exe
  2⤵
  PID:7440
- C:\Windows\System\ueYNskE.exe
  C:\Windows\System\ueYNskE.exe
  2⤵
  PID:7460
- C:\Windows\System\rgPIkPI.exe
  C:\Windows\System\rgPIkPI.exe
  2⤵
  PID:7476
- C:\Windows\System\UAlmUYI.exe
  C:\Windows\System\UAlmUYI.exe
  2⤵
  PID:7504
- C:\Windows\System\QHcQpZB.exe
  C:\Windows\System\QHcQpZB.exe
  2⤵
  PID:7524
- C:\Windows\System\okkTmQo.exe
  C:\Windows\System\okkTmQo.exe
  2⤵
  PID:7544
- C:\Windows\System\Daejaoe.exe
  C:\Windows\System\Daejaoe.exe
  2⤵
  PID:7564
- C:\Windows\System\aVmPGnm.exe
  C:\Windows\System\aVmPGnm.exe
  2⤵
  PID:7584
- C:\Windows\System\HXJPMSg.exe
  C:\Windows\System\HXJPMSg.exe
  2⤵
  PID:7604
- C:\Windows\System\tqHpRix.exe
  C:\Windows\System\tqHpRix.exe
  2⤵
  PID:7624
- C:\Windows\System\EKewWGx.exe
  C:\Windows\System\EKewWGx.exe
  2⤵
  PID:7644
- C:\Windows\System\dYEIkZM.exe
  C:\Windows\System\dYEIkZM.exe
  2⤵
  PID:7664
- C:\Windows\System\gRxedhv.exe
  C:\Windows\System\gRxedhv.exe
  2⤵
  PID:7684
- C:\Windows\System\mEuttGT.exe
  C:\Windows\System\mEuttGT.exe
  2⤵
  PID:7704
- C:\Windows\System\UmikyZo.exe
  C:\Windows\System\UmikyZo.exe
  2⤵
  PID:7724
- C:\Windows\System\nClrDZt.exe
  C:\Windows\System\nClrDZt.exe
  2⤵
  PID:7744
- C:\Windows\System\fneylYR.exe
  C:\Windows\System\fneylYR.exe
  2⤵
  PID:7764
- C:\Windows\System\hPwKDZB.exe
  C:\Windows\System\hPwKDZB.exe
  2⤵
  PID:7784
- C:\Windows\System\zZilLBi.exe
  C:\Windows\System\zZilLBi.exe
  2⤵
  PID:7804
- C:\Windows\System\AhfZphw.exe
  C:\Windows\System\AhfZphw.exe
  2⤵
  PID:7820
- C:\Windows\System\gmNMDqB.exe
  C:\Windows\System\gmNMDqB.exe
  2⤵
  PID:7844
- C:\Windows\System\aXftIhD.exe
  C:\Windows\System\aXftIhD.exe
  2⤵
  PID:7868
- C:\Windows\System\FlemSIK.exe
  C:\Windows\System\FlemSIK.exe
  2⤵
  PID:7888
- C:\Windows\System\bwdsxVz.exe
  C:\Windows\System\bwdsxVz.exe
  2⤵
  PID:7908
- C:\Windows\System\roJCYto.exe
  C:\Windows\System\roJCYto.exe
  2⤵
  PID:7924
- C:\Windows\System\NlcPxpa.exe
  C:\Windows\System\NlcPxpa.exe
  2⤵
  PID:7948
- C:\Windows\System\bmZxxvh.exe
  C:\Windows\System\bmZxxvh.exe
  2⤵
  PID:7968
- C:\Windows\System\lKTYkEo.exe
  C:\Windows\System\lKTYkEo.exe
  2⤵
  PID:7988
- C:\Windows\System\XhCsMMJ.exe
  C:\Windows\System\XhCsMMJ.exe
  2⤵
  PID:8008
- C:\Windows\System\hyXPmWz.exe
  C:\Windows\System\hyXPmWz.exe
  2⤵
  PID:8024
- C:\Windows\System\GnhLntF.exe
  C:\Windows\System\GnhLntF.exe
  2⤵
  PID:8048
- C:\Windows\System\DRKgJrs.exe
  C:\Windows\System\DRKgJrs.exe
  2⤵
  PID:8068
- C:\Windows\System\kDFtyCJ.exe
  C:\Windows\System\kDFtyCJ.exe
  2⤵
  PID:8088
- C:\Windows\System\YWNDBcR.exe
  C:\Windows\System\YWNDBcR.exe
  2⤵
  PID:8108
- C:\Windows\System\wWzVjbG.exe
  C:\Windows\System\wWzVjbG.exe
  2⤵
  PID:8124
- C:\Windows\System\dOwgUxT.exe
  C:\Windows\System\dOwgUxT.exe
  2⤵
  PID:8148
- C:\Windows\System\NHdxHFv.exe
  C:\Windows\System\NHdxHFv.exe
  2⤵
  PID:8168
- C:\Windows\System\uaQErzZ.exe
  C:\Windows\System\uaQErzZ.exe
  2⤵
  PID:8188
- C:\Windows\System\gYRHkxv.exe
  C:\Windows\System\gYRHkxv.exe
  2⤵
  PID:5372
- C:\Windows\System\yfRsUIl.exe
  C:\Windows\System\yfRsUIl.exe
  2⤵
  PID:5600
- C:\Windows\System\sWINTCV.exe
  C:\Windows\System\sWINTCV.exe
  2⤵
  PID:6468
- C:\Windows\System\RgyqUPD.exe
  C:\Windows\System\RgyqUPD.exe
  2⤵
  PID:6608
- C:\Windows\System\yNbXIkA.exe
  C:\Windows\System\yNbXIkA.exe
  2⤵
  PID:6788
- C:\Windows\System\TXfylul.exe
  C:\Windows\System\TXfylul.exe
  2⤵
  PID:6888
- C:\Windows\System\yBETjfi.exe
  C:\Windows\System\yBETjfi.exe
  2⤵
  PID:6956
- C:\Windows\System\mKjBmwE.exe
  C:\Windows\System\mKjBmwE.exe
  2⤵
  PID:5740
- C:\Windows\System\PAgmvue.exe
  C:\Windows\System\PAgmvue.exe
  2⤵
  PID:2392
- C:\Windows\System\NrIzCYo.exe
  C:\Windows\System\NrIzCYo.exe
  2⤵
  PID:7208
- C:\Windows\System\MOUIIIe.exe
  C:\Windows\System\MOUIIIe.exe
  2⤵
  PID:7232
- C:\Windows\System\XXIWYQk.exe
  C:\Windows\System\XXIWYQk.exe
  2⤵
  PID:7272
- C:\Windows\System\uRhgbSq.exe
  C:\Windows\System\uRhgbSq.exe
  2⤵
  PID:7316
- C:\Windows\System\PqMvvQP.exe
  C:\Windows\System\PqMvvQP.exe
  2⤵
  PID:7328
- C:\Windows\System\icJRXHZ.exe
  C:\Windows\System\icJRXHZ.exe
  2⤵
  PID:7388
- C:\Windows\System\pCXjDyX.exe
  C:\Windows\System\pCXjDyX.exe
  2⤵
  PID:7428
- C:\Windows\System\AdblqrD.exe
  C:\Windows\System\AdblqrD.exe
  2⤵
  PID:7472
- C:\Windows\System\AIUzKtQ.exe
  C:\Windows\System\AIUzKtQ.exe
  2⤵
  PID:7484
- C:\Windows\System\sDsdAoM.exe
  C:\Windows\System\sDsdAoM.exe
  2⤵
  PID:7520
- C:\Windows\System\yexVGqL.exe
  C:\Windows\System\yexVGqL.exe
  2⤵
  PID:7536
- C:\Windows\System\MPmySuW.exe
  C:\Windows\System\MPmySuW.exe
  2⤵
  PID:7592
- C:\Windows\System\yOgTEJd.exe
  C:\Windows\System\yOgTEJd.exe
  2⤵
  PID:7632
- C:\Windows\System\HFpEwpi.exe
  C:\Windows\System\HFpEwpi.exe
  2⤵
  PID:7672
- C:\Windows\System\TfftemK.exe
  C:\Windows\System\TfftemK.exe
  2⤵
  PID:7676
- C:\Windows\System\iIxBmYr.exe
  C:\Windows\System\iIxBmYr.exe
  2⤵
  PID:7720
- C:\Windows\System\dWLaBNz.exe
  C:\Windows\System\dWLaBNz.exe
  2⤵
  PID:7740
- C:\Windows\System\gDtJQGC.exe
  C:\Windows\System\gDtJQGC.exe
  2⤵
  PID:7792
- C:\Windows\System\YBLvJyd.exe
  C:\Windows\System\YBLvJyd.exe
  2⤵
  PID:7836
- C:\Windows\System\vMxtEhr.exe
  C:\Windows\System\vMxtEhr.exe
  2⤵
  PID:7852
- C:\Windows\System\abuJNGH.exe
  C:\Windows\System\abuJNGH.exe
  2⤵
  PID:7864
- C:\Windows\System\OUDcDgy.exe
  C:\Windows\System\OUDcDgy.exe
  2⤵
  PID:7920
- C:\Windows\System\uKudQIS.exe
  C:\Windows\System\uKudQIS.exe
  2⤵
  PID:7944
- C:\Windows\System\fFWJioM.exe
  C:\Windows\System\fFWJioM.exe
  2⤵
  PID:7976
- C:\Windows\System\WrLGHKJ.exe
  C:\Windows\System\WrLGHKJ.exe
  2⤵
  PID:8032
- C:\Windows\System\mVLevqc.exe
  C:\Windows\System\mVLevqc.exe
  2⤵
  PID:2580
- C:\Windows\System\HpbIieq.exe
  C:\Windows\System\HpbIieq.exe
  2⤵
  PID:8084
- C:\Windows\System\NLQcnov.exe
  C:\Windows\System\NLQcnov.exe
  2⤵
  PID:8116
- C:\Windows\System\PkbwAov.exe
  C:\Windows\System\PkbwAov.exe
  2⤵
  PID:8144
- C:\Windows\System\WecvLTq.exe
  C:\Windows\System\WecvLTq.exe
  2⤵
  PID:5276
- C:\Windows\System\AYNrfMb.exe
  C:\Windows\System\AYNrfMb.exe
  2⤵
  PID:5580
- C:\Windows\System\soYIegm.exe
  C:\Windows\System\soYIegm.exe
  2⤵
  PID:6368
- C:\Windows\System\BQMsPFQ.exe
  C:\Windows\System\BQMsPFQ.exe
  2⤵
  PID:6564
- C:\Windows\System\LXLGtyV.exe
  C:\Windows\System\LXLGtyV.exe
  2⤵
  PID:6896
- C:\Windows\System\KBhFSbM.exe
  C:\Windows\System\KBhFSbM.exe
  2⤵
  PID:6136
- C:\Windows\System\NAxBBVC.exe
  C:\Windows\System\NAxBBVC.exe
  2⤵
  PID:5960
- C:\Windows\System\UqmRwgQ.exe
  C:\Windows\System\UqmRwgQ.exe
  2⤵
  PID:7216
- C:\Windows\System\wwZXbUJ.exe
  C:\Windows\System\wwZXbUJ.exe
  2⤵
  PID:7268
- C:\Windows\System\yZvaUpk.exe
  C:\Windows\System\yZvaUpk.exe
  2⤵
  PID:7312
- C:\Windows\System\HLUccph.exe
  C:\Windows\System\HLUccph.exe
  2⤵
  PID:7352
- C:\Windows\System\QBIldvj.exe
  C:\Windows\System\QBIldvj.exe
  2⤵
  PID:3040
- C:\Windows\System\oJVqGCK.exe
  C:\Windows\System\oJVqGCK.exe
  2⤵
  PID:7452
- C:\Windows\System\IkhWzZL.exe
  C:\Windows\System\IkhWzZL.exe
  2⤵
  PID:7552
- C:\Windows\System\ZFfWLSL.exe
  C:\Windows\System\ZFfWLSL.exe
  2⤵
  PID:7572
- C:\Windows\System\eFIAAMF.exe
  C:\Windows\System\eFIAAMF.exe
  2⤵
  PID:7596
- C:\Windows\System\gUTNhLz.exe
  C:\Windows\System\gUTNhLz.exe
  2⤵
  PID:7680
- C:\Windows\System\pemHrzd.exe
  C:\Windows\System\pemHrzd.exe
  2⤵
  PID:7760
- C:\Windows\System\DiQadLE.exe
  C:\Windows\System\DiQadLE.exe
  2⤵
  PID:7752
- C:\Windows\System\XAYwlCt.exe
  C:\Windows\System\XAYwlCt.exe
  2⤵
  PID:2856
- C:\Windows\System\jasrKFn.exe
  C:\Windows\System\jasrKFn.exe
  2⤵
  PID:7860
- C:\Windows\System\sEIAZyw.exe
  C:\Windows\System\sEIAZyw.exe
  2⤵
  PID:7964
- C:\Windows\System\RLoNRbm.exe
  C:\Windows\System\RLoNRbm.exe
  2⤵
  PID:7980
- C:\Windows\System\MgeyHXs.exe
  C:\Windows\System\MgeyHXs.exe
  2⤵
  PID:8020
- C:\Windows\System\uYlhooL.exe
  C:\Windows\System\uYlhooL.exe
  2⤵
  PID:8120
- C:\Windows\System\njMSVUC.exe
  C:\Windows\System\njMSVUC.exe
  2⤵
  PID:8164
- C:\Windows\System\meaITZC.exe
  C:\Windows\System\meaITZC.exe
  2⤵
  PID:2672
- C:\Windows\System\LGCpvmJ.exe
  C:\Windows\System\LGCpvmJ.exe
  2⤵
  PID:8184
- C:\Windows\System\VuDfJiS.exe
  C:\Windows\System\VuDfJiS.exe
  2⤵
  PID:2624
- C:\Windows\System\XTtLSUW.exe
  C:\Windows\System\XTtLSUW.exe
  2⤵
  PID:6632
- C:\Windows\System\CiObtTM.exe
  C:\Windows\System\CiObtTM.exe
  2⤵
  PID:2584
- C:\Windows\System\ZbhqmnW.exe
  C:\Windows\System\ZbhqmnW.exe
  2⤵
  PID:5772
- C:\Windows\System\tcZXuDd.exe
  C:\Windows\System\tcZXuDd.exe
  2⤵
  PID:7212
- C:\Windows\System\BkgMOwR.exe
  C:\Windows\System\BkgMOwR.exe
  2⤵
  PID:7296
- C:\Windows\System\PfxjMWD.exe
  C:\Windows\System\PfxjMWD.exe
  2⤵
  PID:600
- C:\Windows\System\mtVTCEi.exe
  C:\Windows\System\mtVTCEi.exe
  2⤵
  PID:872
- C:\Windows\System\gvfZRUh.exe
  C:\Windows\System\gvfZRUh.exe
  2⤵
  PID:7456
- C:\Windows\System\GMRTCuY.exe
  C:\Windows\System\GMRTCuY.exe
  2⤵
  PID:7532
- C:\Windows\System\MOTSYtS.exe
  C:\Windows\System\MOTSYtS.exe
  2⤵
  PID:2816
- C:\Windows\System\YZTJJzM.exe
  C:\Windows\System\YZTJJzM.exe
  2⤵
  PID:2440
- C:\Windows\System\ihfFsFL.exe
  C:\Windows\System\ihfFsFL.exe
  2⤵
  PID:7772
- C:\Windows\System\pEwXHON.exe
  C:\Windows\System\pEwXHON.exe
  2⤵
  PID:2532
- C:\Windows\System\oFxrXzE.exe
  C:\Windows\System\oFxrXzE.exe
  2⤵
  PID:1048
- C:\Windows\System\OjGerRZ.exe
  C:\Windows\System\OjGerRZ.exe
  2⤵
  PID:7960
- C:\Windows\System\ziVghBW.exe
  C:\Windows\System\ziVghBW.exe
  2⤵
  PID:7900
- C:\Windows\System\ZSsJNyL.exe
  C:\Windows\System\ZSsJNyL.exe
  2⤵
  PID:8044
- C:\Windows\System\QeyLsvb.exe
  C:\Windows\System\QeyLsvb.exe
  2⤵
  PID:8140
- C:\Windows\System\SFDBlnB.exe
  C:\Windows\System\SFDBlnB.exe
  2⤵
  PID:2932
- C:\Windows\System\umRYUSN.exe
  C:\Windows\System\umRYUSN.exe
  2⤵
  PID:2916
- C:\Windows\System\kctWQxE.exe
  C:\Windows\System\kctWQxE.exe
  2⤵
  PID:1488
- C:\Windows\System\PQqCpgd.exe
  C:\Windows\System\PQqCpgd.exe
  2⤵
  PID:2112
- C:\Windows\System\RIyGEYb.exe
  C:\Windows\System\RIyGEYb.exe
  2⤵
  PID:1012
- C:\Windows\System\WPbocrk.exe
  C:\Windows\System\WPbocrk.exe
  2⤵
  PID:328
- C:\Windows\System\vCsXIXd.exe
  C:\Windows\System\vCsXIXd.exe
  2⤵
  PID:2964
- C:\Windows\System\NXJTQJf.exe
  C:\Windows\System\NXJTQJf.exe
  2⤵
  PID:7416
- C:\Windows\System\fjtnvMR.exe
  C:\Windows\System\fjtnvMR.exe
  2⤵
  PID:7576
- C:\Windows\System\qwcpEcE.exe
  C:\Windows\System\qwcpEcE.exe
  2⤵
  PID:7700
- C:\Windows\System\qWbTxpN.exe
  C:\Windows\System\qWbTxpN.exe
  2⤵
  PID:7732
- C:\Windows\System\DtvlHbM.exe
  C:\Windows\System\DtvlHbM.exe
  2⤵
  PID:2236
- C:\Windows\System\PLEhEvY.exe
  C:\Windows\System\PLEhEvY.exe
  2⤵
  PID:7932
- C:\Windows\System\AhLIFWK.exe
  C:\Windows\System\AhLIFWK.exe
  2⤵
  PID:6428
- C:\Windows\System\xQMqcUh.exe
  C:\Windows\System\xQMqcUh.exe
  2⤵
  PID:848
- C:\Windows\System\swZchQm.exe
  C:\Windows\System\swZchQm.exe
  2⤵
  PID:6628
- C:\Windows\System\QdDZXCc.exe
  C:\Windows\System\QdDZXCc.exe
  2⤵
  PID:2604
- C:\Windows\System\yOAFEna.exe
  C:\Windows\System\yOAFEna.exe
  2⤵
  PID:7796
- C:\Windows\System\JUicVbR.exe
  C:\Windows\System\JUicVbR.exe
  2⤵
  PID:1256
- C:\Windows\System\ITTjkpq.exe
  C:\Windows\System\ITTjkpq.exe
  2⤵
  PID:1132
- C:\Windows\System\oFXZfRk.exe
  C:\Windows\System\oFXZfRk.exe
  2⤵
  PID:8016
- C:\Windows\System\ftcJAzw.exe
  C:\Windows\System\ftcJAzw.exe
  2⤵
  PID:1028
- C:\Windows\System\bYilrVK.exe
  C:\Windows\System\bYilrVK.exe
  2⤵
  PID:2364
- C:\Windows\System\PrCRLPT.exe
  C:\Windows\System\PrCRLPT.exe
  2⤵
  PID:1744
- C:\Windows\System\kESflLz.exe
  C:\Windows\System\kESflLz.exe
  2⤵
  PID:3044
- C:\Windows\System\SgbKUvw.exe
  C:\Windows\System\SgbKUvw.exe
  2⤵
  PID:2736
- C:\Windows\System\lOmrgNp.exe
  C:\Windows\System\lOmrgNp.exe
  2⤵
  PID:7016
- C:\Windows\System\RhWRYpI.exe
  C:\Windows\System\RhWRYpI.exe
  2⤵
  PID:3024
- C:\Windows\System\DapyIPE.exe
  C:\Windows\System\DapyIPE.exe
  2⤵
  PID:6332
- C:\Windows\System\BqywqjR.exe
  C:\Windows\System\BqywqjR.exe
  2⤵
  PID:8200
- C:\Windows\System\aZSzbLn.exe
  C:\Windows\System\aZSzbLn.exe
  2⤵
  PID:8220
- C:\Windows\System\fQkzCPe.exe
  C:\Windows\System\fQkzCPe.exe
  2⤵
  PID:8240
- C:\Windows\System\SJSjusl.exe
  C:\Windows\System\SJSjusl.exe
  2⤵
  PID:8260
- C:\Windows\System\wqeLPCG.exe
  C:\Windows\System\wqeLPCG.exe
  2⤵
  PID:8276
- C:\Windows\System\HpAuqYf.exe
  C:\Windows\System\HpAuqYf.exe
  2⤵
  PID:8292
- C:\Windows\System\wnDQwsx.exe
  C:\Windows\System\wnDQwsx.exe
  2⤵
  PID:8308
- C:\Windows\System\SKcMbWz.exe
  C:\Windows\System\SKcMbWz.exe
  2⤵
  PID:8324
- C:\Windows\System\FvMLXYB.exe
  C:\Windows\System\FvMLXYB.exe
  2⤵
  PID:8348
- C:\Windows\System\Vrdjqmp.exe
  C:\Windows\System\Vrdjqmp.exe
  2⤵
  PID:8364
- C:\Windows\System\boANDlG.exe
  C:\Windows\System\boANDlG.exe
  2⤵
  PID:8380
- C:\Windows\System\ELMjQQi.exe
  C:\Windows\System\ELMjQQi.exe
  2⤵
  PID:8396
- C:\Windows\System\YswiBFL.exe
  C:\Windows\System\YswiBFL.exe
  2⤵
  PID:8412
- C:\Windows\System\unKwRuv.exe
  C:\Windows\System\unKwRuv.exe
  2⤵
  PID:8428
- C:\Windows\System\XQrbjDU.exe
  C:\Windows\System\XQrbjDU.exe
  2⤵
  PID:8480
- C:\Windows\System\NYqueKl.exe
  C:\Windows\System\NYqueKl.exe
  2⤵
  PID:8508
- C:\Windows\System\VsPIhOy.exe
  C:\Windows\System\VsPIhOy.exe
  2⤵
  PID:8524
- C:\Windows\System\hDMhgIp.exe
  C:\Windows\System\hDMhgIp.exe
  2⤵
  PID:8540
- C:\Windows\System\rphnWft.exe
  C:\Windows\System\rphnWft.exe
  2⤵
  PID:8556
- C:\Windows\System\OQXxdeT.exe
  C:\Windows\System\OQXxdeT.exe
  2⤵
  PID:8572
- C:\Windows\System\xClSZRV.exe
  C:\Windows\System\xClSZRV.exe
  2⤵
  PID:8588
- C:\Windows\System\XAJMqeu.exe
  C:\Windows\System\XAJMqeu.exe
  2⤵
  PID:8604
- C:\Windows\System\bDCLLpn.exe
  C:\Windows\System\bDCLLpn.exe
  2⤵
  PID:8620
- C:\Windows\System\wiJwqNs.exe
  C:\Windows\System\wiJwqNs.exe
  2⤵
  PID:8636
- C:\Windows\System\nxrpYaL.exe
  C:\Windows\System\nxrpYaL.exe
  2⤵
  PID:8652
- C:\Windows\System\cGbnCcD.exe
  C:\Windows\System\cGbnCcD.exe
  2⤵
  PID:8668
- C:\Windows\System\snIAXdg.exe
  C:\Windows\System\snIAXdg.exe
  2⤵
  PID:8684
- C:\Windows\System\CefycZB.exe
  C:\Windows\System\CefycZB.exe
  2⤵
  PID:8700
- C:\Windows\System\jmLMHdB.exe
  C:\Windows\System\jmLMHdB.exe
  2⤵
  PID:8716
- C:\Windows\System\eBkAjDp.exe
  C:\Windows\System\eBkAjDp.exe
  2⤵
  PID:8736
- C:\Windows\System\bereiGU.exe
  C:\Windows\System\bereiGU.exe
  2⤵
  PID:8752
- C:\Windows\System\eRalgri.exe
  C:\Windows\System\eRalgri.exe
  2⤵
  PID:8768
- C:\Windows\System\OOBxvGP.exe
  C:\Windows\System\OOBxvGP.exe
  2⤵
  PID:8784
- C:\Windows\System\cnPfROC.exe
  C:\Windows\System\cnPfROC.exe
  2⤵
  PID:8800
- C:\Windows\System\yEAEWAY.exe
  C:\Windows\System\yEAEWAY.exe
  2⤵
  PID:8816
- C:\Windows\System\CazVPkU.exe
  C:\Windows\System\CazVPkU.exe
  2⤵
  PID:8832
- C:\Windows\System\CZHHrAU.exe
  C:\Windows\System\CZHHrAU.exe
  2⤵
  PID:8848
- C:\Windows\System\qRaEdBv.exe
  C:\Windows\System\qRaEdBv.exe
  2⤵
  PID:8864
- C:\Windows\System\kCPltTh.exe
  C:\Windows\System\kCPltTh.exe
  2⤵
  PID:8880
- C:\Windows\System\eKQuvdf.exe
  C:\Windows\System\eKQuvdf.exe
  2⤵
  PID:8896
- C:\Windows\System\EwRFPsd.exe
  C:\Windows\System\EwRFPsd.exe
  2⤵
  PID:8912
- C:\Windows\System\dgcNoPY.exe
  C:\Windows\System\dgcNoPY.exe
  2⤵
  PID:8928
- C:\Windows\System\MJNVsVn.exe
  C:\Windows\System\MJNVsVn.exe
  2⤵
  PID:8944
- C:\Windows\System\tIkSHpB.exe
  C:\Windows\System\tIkSHpB.exe
  2⤵
  PID:9004
- C:\Windows\System\EXotJpm.exe
  C:\Windows\System\EXotJpm.exe
  2⤵
  PID:9024
- C:\Windows\System\YWrRivA.exe
  C:\Windows\System\YWrRivA.exe
  2⤵
  PID:9040
- C:\Windows\System\fPpHmdb.exe
  C:\Windows\System\fPpHmdb.exe
  2⤵
  PID:9056
- C:\Windows\System\KbzAptx.exe
  C:\Windows\System\KbzAptx.exe
  2⤵
  PID:9072
- C:\Windows\System\vVHzHFC.exe
  C:\Windows\System\vVHzHFC.exe
  2⤵
  PID:9088
- C:\Windows\System\iYOJnii.exe
  C:\Windows\System\iYOJnii.exe
  2⤵
  PID:9104
- C:\Windows\System\EDFMWkl.exe
  C:\Windows\System\EDFMWkl.exe
  2⤵
  PID:9124
- C:\Windows\System\hDDRXrf.exe
  C:\Windows\System\hDDRXrf.exe
  2⤵
  PID:9144
- C:\Windows\System\zywGtjm.exe
  C:\Windows\System\zywGtjm.exe
  2⤵
  PID:9160
- C:\Windows\System\rSluKUC.exe
  C:\Windows\System\rSluKUC.exe
  2⤵
  PID:9180
- C:\Windows\System\YADHUye.exe
  C:\Windows\System\YADHUye.exe
  2⤵
  PID:9196
- C:\Windows\System\makeOjt.exe
  C:\Windows\System\makeOjt.exe
  2⤵
  PID:9212
- C:\Windows\System\erfBXzV.exe
  C:\Windows\System\erfBXzV.exe
  2⤵
  PID:1524
- C:\Windows\System\rYgwuai.exe
  C:\Windows\System\rYgwuai.exe
  2⤵
  PID:8216
- C:\Windows\System\ghuVdZt.exe
  C:\Windows\System\ghuVdZt.exe
  2⤵
  PID:7184
- C:\Windows\System\fQiTjpF.exe
  C:\Windows\System\fQiTjpF.exe
  2⤵
  PID:1100
- C:\Windows\System\eJlRrcF.exe
  C:\Windows\System\eJlRrcF.exe
  2⤵
  PID:8196
- C:\Windows\System\BPrEUnG.exe
  C:\Windows\System\BPrEUnG.exe
  2⤵
  PID:8332
- C:\Windows\System\CJRnajI.exe
  C:\Windows\System\CJRnajI.exe
  2⤵
  PID:8404
- C:\Windows\System\LJNoDjW.exe
  C:\Windows\System\LJNoDjW.exe
  2⤵
  PID:8388
- C:\Windows\System\JBTgfiE.exe
  C:\Windows\System\JBTgfiE.exe
  2⤵
  PID:8304
- C:\Windows\System\FGgOMgN.exe
  C:\Windows\System\FGgOMgN.exe
  2⤵
  PID:8316
- C:\Windows\System\kSbdzBB.exe
  C:\Windows\System\kSbdzBB.exe
  2⤵
  PID:8440
- C:\Windows\System\yzAZxLH.exe
  C:\Windows\System\yzAZxLH.exe
  2⤵
  PID:8456
- C:\Windows\System\krwskXJ.exe
  C:\Windows\System\krwskXJ.exe
  2⤵
  PID:8464
- C:\Windows\System\qvgiOOC.exe
  C:\Windows\System\qvgiOOC.exe
  2⤵
  PID:8488
- C:\Windows\System\sVKtZlN.exe
  C:\Windows\System\sVKtZlN.exe
  2⤵
  PID:8504
- C:\Windows\System\lsLUygy.exe
  C:\Windows\System\lsLUygy.exe
  2⤵
  PID:8584
- C:\Windows\System\zFxJrms.exe
  C:\Windows\System\zFxJrms.exe
  2⤵
  PID:8676
- C:\Windows\System\loqdlCB.exe
  C:\Windows\System\loqdlCB.exe
  2⤵
  PID:8564
- C:\Windows\System\HvjJIsz.exe
  C:\Windows\System\HvjJIsz.exe
  2⤵
  PID:8628
- C:\Windows\System\uiMdXdQ.exe
  C:\Windows\System\uiMdXdQ.exe
  2⤵
  PID:8496
- C:\Windows\System\oeZOeHT.exe
  C:\Windows\System\oeZOeHT.exe
  2⤵
  PID:8696
- C:\Windows\System\SSHSCts.exe
  C:\Windows\System\SSHSCts.exe
  2⤵
  PID:8796
- C:\Windows\System\JEZUtNJ.exe
  C:\Windows\System\JEZUtNJ.exe
  2⤵
  PID:8888
- C:\Windows\System\MJgHlCJ.exe
  C:\Windows\System\MJgHlCJ.exe
  2⤵
  PID:8776
- C:\Windows\System\VbHSXEU.exe
  C:\Windows\System\VbHSXEU.exe
  2⤵
  PID:8808
- C:\Windows\System\WUQOxcq.exe
  C:\Windows\System\WUQOxcq.exe
  2⤵
  PID:8908
- C:\Windows\System\GkObfsH.exe
  C:\Windows\System\GkObfsH.exe
  2⤵
  PID:8872
- C:\Windows\System\KrNRSkK.exe
  C:\Windows\System\KrNRSkK.exe
  2⤵
  PID:8968
- C:\Windows\System\kfMqoMh.exe
  C:\Windows\System\kfMqoMh.exe
  2⤵
  PID:9012
- C:\Windows\System\ekIDVBw.exe
  C:\Windows\System\ekIDVBw.exe
  2⤵
  PID:9000
- C:\Windows\System\LAExnkW.exe
  C:\Windows\System\LAExnkW.exe
  2⤵
  PID:9036
- C:\Windows\System\tSklRcb.exe
  C:\Windows\System\tSklRcb.exe
  2⤵
  PID:9064
- C:\Windows\System\CMAatEI.exe
  C:\Windows\System\CMAatEI.exe
  2⤵
  PID:9080
- C:\Windows\System\ukxhjwp.exe
  C:\Windows\System\ukxhjwp.exe
  2⤵
  PID:9192
- C:\Windows\System\durinLS.exe
  C:\Windows\System\durinLS.exe
  2⤵
  PID:9140
- C:\Windows\System\CkTShCg.exe
  C:\Windows\System\CkTShCg.exe
  2⤵
  PID:7348
- C:\Windows\System\lBuXfKg.exe
  C:\Windows\System\lBuXfKg.exe
  2⤵
  PID:8212
- C:\Windows\System\xpLVWdN.exe
  C:\Windows\System\xpLVWdN.exe
  2⤵
  PID:7696
- C:\Windows\System\LEDAuZe.exe
  C:\Windows\System\LEDAuZe.exe
  2⤵
  PID:8272
- C:\Windows\System\zOdlICo.exe
  C:\Windows\System\zOdlICo.exe
  2⤵
  PID:8424
- C:\Windows\System\kPfMnxL.exe
  C:\Windows\System\kPfMnxL.exe
  2⤵
  PID:7396
- C:\Windows\System\uBDPPVQ.exe
  C:\Windows\System\uBDPPVQ.exe
  2⤵
  PID:8236
- C:\Windows\System\xuBtgHK.exe
  C:\Windows\System\xuBtgHK.exe
  2⤵
  PID:8444
- C:\Windows\System\NAQvIMG.exe
  C:\Windows\System\NAQvIMG.exe
  2⤵
  PID:8472
- C:\Windows\System\vAdjxTb.exe
  C:\Windows\System\vAdjxTb.exe
  2⤵
  PID:8516
- C:\Windows\System\PoOqbqW.exe
  C:\Windows\System\PoOqbqW.exe
  2⤵
  PID:8728
- C:\Windows\System\xMBrzNB.exe
  C:\Windows\System\xMBrzNB.exe
  2⤵
  PID:8596
- C:\Windows\System\orAeJPY.exe
  C:\Windows\System\orAeJPY.exe
  2⤵
  PID:8724
- C:\Windows\System\eycATrc.exe
  C:\Windows\System\eycATrc.exe
  2⤵
  PID:8760
- C:\Windows\System\rfCxKyt.exe
  C:\Windows\System\rfCxKyt.exe
  2⤵
  PID:8892
- C:\Windows\System\BWePIjU.exe
  C:\Windows\System\BWePIjU.exe
  2⤵
  PID:8744
- C:\Windows\System\pSfIERA.exe
  C:\Windows\System\pSfIERA.exe
  2⤵
  PID:8960
- C:\Windows\System\zBKNNHh.exe
  C:\Windows\System\zBKNNHh.exe
  2⤵
  PID:9100
- C:\Windows\System\bxNriHQ.exe
  C:\Windows\System\bxNriHQ.exe
  2⤵
  PID:9156
- C:\Windows\System\GZXvXWR.exe
  C:\Windows\System\GZXvXWR.exe
  2⤵
  PID:7492
- C:\Windows\System\rmNDmty.exe
  C:\Windows\System\rmNDmty.exe
  2⤵
  PID:8284
- C:\Windows\System\lnXhgLq.exe
  C:\Windows\System\lnXhgLq.exe
  2⤵
  PID:8460
- C:\Windows\System\jFMHVCL.exe
  C:\Windows\System\jFMHVCL.exe
  2⤵
  PID:9120
- C:\Windows\System\RJboyWt.exe
  C:\Windows\System\RJboyWt.exe
  2⤵
  PID:8764
- C:\Windows\System\ZawGcDW.exe
  C:\Windows\System\ZawGcDW.exe
  2⤵
  PID:9208
- C:\Windows\System\akKgCZX.exe
  C:\Windows\System\akKgCZX.exe
  2⤵
  PID:8876
- C:\Windows\System\jnMsjVV.exe
  C:\Windows\System\jnMsjVV.exe
  2⤵
  PID:9176
- C:\Windows\System\fmjeVez.exe
  C:\Windows\System\fmjeVez.exe
  2⤵
  PID:8132
- C:\Windows\System\BJEzGyC.exe
  C:\Windows\System\BJEzGyC.exe
  2⤵
  PID:8536
- C:\Windows\System\EmiAZWl.exe
  C:\Windows\System\EmiAZWl.exe
  2⤵
  PID:8952
- C:\Windows\System\TSDluyh.exe
  C:\Windows\System\TSDluyh.exe
  2⤵
  PID:8996
- C:\Windows\System\eKoZORH.exe
  C:\Windows\System\eKoZORH.exe
  2⤵
  PID:8356
- C:\Windows\System\dAvJvVh.exe
  C:\Windows\System\dAvJvVh.exe
  2⤵
  PID:8520
- C:\Windows\System\csBdTJi.exe
  C:\Windows\System\csBdTJi.exe
  2⤵
  PID:8920
- C:\Windows\System\PSLZriA.exe
  C:\Windows\System\PSLZriA.exe
  2⤵
  PID:9016
- C:\Windows\System\vNZIdNY.exe
  C:\Windows\System\vNZIdNY.exe
  2⤵
  PID:9112
- C:\Windows\System\FUXlRIo.exe
  C:\Windows\System\FUXlRIo.exe
  2⤵
  PID:8976
- C:\Windows\System\lFNCWpB.exe
  C:\Windows\System\lFNCWpB.exe
  2⤵
  PID:1700
- C:\Windows\System\Htenqpq.exe
  C:\Windows\System\Htenqpq.exe
  2⤵
  PID:8644
- C:\Windows\System\iHRKlMN.exe
  C:\Windows\System\iHRKlMN.exe
  2⤵
  PID:8288
- C:\Windows\System\NZDsSRw.exe
  C:\Windows\System\NZDsSRw.exe
  2⤵
  PID:9228
- C:\Windows\System\boZyApR.exe
  C:\Windows\System\boZyApR.exe
  2⤵
  PID:9244
- C:\Windows\System\XQPShmS.exe
  C:\Windows\System\XQPShmS.exe
  2⤵
  PID:9260
- C:\Windows\System\lkbPoVA.exe
  C:\Windows\System\lkbPoVA.exe
  2⤵
  PID:9276
- C:\Windows\System\jEYEMqx.exe
  C:\Windows\System\jEYEMqx.exe
  2⤵
  PID:9292
- C:\Windows\System\tbudTbr.exe
  C:\Windows\System\tbudTbr.exe
  2⤵
  PID:9316
- C:\Windows\System\ENwcCgo.exe
  C:\Windows\System\ENwcCgo.exe
  2⤵
  PID:9416
- C:\Windows\System\daABegU.exe
  C:\Windows\System\daABegU.exe
  2⤵
  PID:9432
- C:\Windows\System\pPziPsc.exe
  C:\Windows\System\pPziPsc.exe
  2⤵
  PID:9448
- C:\Windows\System\CcIqmhB.exe
  C:\Windows\System\CcIqmhB.exe
  2⤵
  PID:9464
- C:\Windows\System\IJiYGpv.exe
  C:\Windows\System\IJiYGpv.exe
  2⤵
  PID:9480
- C:\Windows\System\yNgjBWg.exe
  C:\Windows\System\yNgjBWg.exe
  2⤵
  PID:9500
- C:\Windows\System\yOtcvYa.exe
  C:\Windows\System\yOtcvYa.exe
  2⤵
  PID:9520
- C:\Windows\System\xYsryyU.exe
  C:\Windows\System\xYsryyU.exe
  2⤵
  PID:9556
- C:\Windows\System\LKNZHWV.exe
  C:\Windows\System\LKNZHWV.exe
  2⤵
  PID:9576
- C:\Windows\System\COyoHTR.exe
  C:\Windows\System\COyoHTR.exe
  2⤵
  PID:9592
- C:\Windows\System\WTowQGf.exe
  C:\Windows\System\WTowQGf.exe
  2⤵
  PID:9612
- C:\Windows\System\PrtJjkK.exe
  C:\Windows\System\PrtJjkK.exe
  2⤵
  PID:9628
- C:\Windows\System\KjFzcRH.exe
  C:\Windows\System\KjFzcRH.exe
  2⤵
  PID:9644
- C:\Windows\System\aKDElhz.exe
  C:\Windows\System\aKDElhz.exe
  2⤵
  PID:9708
- C:\Windows\System\qRFTInr.exe
  C:\Windows\System\qRFTInr.exe
  2⤵
  PID:9724
- C:\Windows\System\loFqTxn.exe
  C:\Windows\System\loFqTxn.exe
  2⤵
  PID:9740
- C:\Windows\System\QcIIaTt.exe
  C:\Windows\System\QcIIaTt.exe
  2⤵
  PID:9756
- C:\Windows\System\spRMeps.exe
  C:\Windows\System\spRMeps.exe
  2⤵
  PID:9772
- C:\Windows\System\zzQfkui.exe
  C:\Windows\System\zzQfkui.exe
  2⤵
  PID:9788
- C:\Windows\System\tYfuewD.exe
  C:\Windows\System\tYfuewD.exe
  2⤵
  PID:9804
- C:\Windows\System\BIgLFkJ.exe
  C:\Windows\System\BIgLFkJ.exe
  2⤵
  PID:9820
- C:\Windows\System\xAvssGn.exe
  C:\Windows\System\xAvssGn.exe
  2⤵
  PID:9836
- C:\Windows\System\KWbAkee.exe
  C:\Windows\System\KWbAkee.exe
  2⤵
  PID:9852
- C:\Windows\System\ZOReNnR.exe
  C:\Windows\System\ZOReNnR.exe
  2⤵
  PID:9868
- C:\Windows\System\XtcqmbU.exe
  C:\Windows\System\XtcqmbU.exe
  2⤵
  PID:9884
- C:\Windows\System\aPMXVOA.exe
  C:\Windows\System\aPMXVOA.exe
  2⤵
  PID:9900
- C:\Windows\System\wXOTxQq.exe
  C:\Windows\System\wXOTxQq.exe
  2⤵
  PID:9916
- C:\Windows\System\DWducIs.exe
  C:\Windows\System\DWducIs.exe
  2⤵
  PID:9936
- C:\Windows\System\UzgLLcq.exe
  C:\Windows\System\UzgLLcq.exe
  2⤵
  PID:9952
- C:\Windows\System\QIouize.exe
  C:\Windows\System\QIouize.exe
  2⤵
  PID:9968
- C:\Windows\System\sXfyvhm.exe
  C:\Windows\System\sXfyvhm.exe
  2⤵
  PID:9984
- C:\Windows\System\oRPtway.exe
  C:\Windows\System\oRPtway.exe
  2⤵
  PID:10012
- C:\Windows\System\pfospUJ.exe
  C:\Windows\System\pfospUJ.exe
  2⤵
  PID:10028
- C:\Windows\System\LbDZGtO.exe
  C:\Windows\System\LbDZGtO.exe
  2⤵
  PID:10044
- C:\Windows\System\KygwIsJ.exe
  C:\Windows\System\KygwIsJ.exe
  2⤵
  PID:10060
- C:\Windows\System\TPXeZul.exe
  C:\Windows\System\TPXeZul.exe
  2⤵
  PID:10076
- C:\Windows\System\QXmJynF.exe
  C:\Windows\System\QXmJynF.exe
  2⤵
  PID:10092
- C:\Windows\System\UwGdGjK.exe
  C:\Windows\System\UwGdGjK.exe
  2⤵
  PID:10108
- C:\Windows\System\dYRTilH.exe
  C:\Windows\System\dYRTilH.exe
  2⤵
  PID:10124
- C:\Windows\System\ueJtKwo.exe
  C:\Windows\System\ueJtKwo.exe
  2⤵
  PID:10144
- C:\Windows\System\UUjnoKa.exe
  C:\Windows\System\UUjnoKa.exe
  2⤵
  PID:10160
- C:\Windows\System\hnclORW.exe
  C:\Windows\System\hnclORW.exe
  2⤵
  PID:10176
- C:\Windows\System\ZmaKrqD.exe
  C:\Windows\System\ZmaKrqD.exe
  2⤵
  PID:10192
- C:\Windows\System\jiCKGHM.exe
  C:\Windows\System\jiCKGHM.exe
  2⤵
  PID:10208
- C:\Windows\System\QwgmYXk.exe
  C:\Windows\System\QwgmYXk.exe
  2⤵
  PID:10228
- C:\Windows\System\ylUfIVU.exe
  C:\Windows\System\ylUfIVU.exe
  2⤵
  PID:8904
- C:\Windows\System\xgeEYjk.exe
  C:\Windows\System\xgeEYjk.exe
  2⤵
  PID:8436
- C:\Windows\System\rDNhsUn.exe
  C:\Windows\System\rDNhsUn.exe
  2⤵
  PID:9268
- C:\Windows\System\aUOkwNe.exe
  C:\Windows\System\aUOkwNe.exe
  2⤵
  PID:9116
- C:\Windows\System\medRDKK.exe
  C:\Windows\System\medRDKK.exe
  2⤵
  PID:9300
- C:\Windows\System\EewicZU.exe
  C:\Windows\System\EewicZU.exe
  2⤵
  PID:9324
- C:\Windows\System\XmYIuoE.exe
  C:\Windows\System\XmYIuoE.exe
  2⤵
  PID:9332
- C:\Windows\System\qtBWCdf.exe
  C:\Windows\System\qtBWCdf.exe
  2⤵
  PID:9348
- C:\Windows\System\oDdnGXe.exe
  C:\Windows\System\oDdnGXe.exe
  2⤵
  PID:9388
- C:\Windows\System\ZiEzLnH.exe
  C:\Windows\System\ZiEzLnH.exe
  2⤵
  PID:9488
- C:\Windows\System\MyzvTnA.exe
  C:\Windows\System\MyzvTnA.exe
  2⤵
  PID:9476
- C:\Windows\System\EdtzzoO.exe
  C:\Windows\System\EdtzzoO.exe
  2⤵
  PID:9456
- C:\Windows\System\CUSHWNS.exe
  C:\Windows\System\CUSHWNS.exe
  2⤵
  PID:9528
- C:\Windows\System\wxvRJSU.exe
  C:\Windows\System\wxvRJSU.exe
  2⤵
  PID:9544
- C:\Windows\System\PHYQQce.exe
  C:\Windows\System\PHYQQce.exe
  2⤵
  PID:9588
- C:\Windows\System\upcifby.exe
  C:\Windows\System\upcifby.exe
  2⤵
  PID:9384
- C:\Windows\System\MkoTITp.exe
  C:\Windows\System\MkoTITp.exe
  2⤵
  PID:9620
- C:\Windows\System\ybsAWJS.exe
  C:\Windows\System\ybsAWJS.exe
  2⤵
  PID:9568
- C:\Windows\System\uznISvs.exe
  C:\Windows\System\uznISvs.exe
  2⤵
  PID:9608
- C:\Windows\System\Usylgeh.exe
  C:\Windows\System\Usylgeh.exe
  2⤵
  PID:9660
- C:\Windows\System\QwQVKha.exe
  C:\Windows\System\QwQVKha.exe
  2⤵
  PID:9676
- C:\Windows\System\TtQhtnn.exe
  C:\Windows\System\TtQhtnn.exe
  2⤵
  PID:9700
- C:\Windows\System\epHTuRO.exe
  C:\Windows\System\epHTuRO.exe
  2⤵
  PID:9736
- C:\Windows\System\cOUWyai.exe
  C:\Windows\System\cOUWyai.exe
  2⤵
  PID:9832
- C:\Windows\System\yfzdGNm.exe
  C:\Windows\System\yfzdGNm.exe
  2⤵
  PID:9764
- C:\Windows\System\JxJaFjY.exe
  C:\Windows\System\JxJaFjY.exe
  2⤵
  PID:9876
- C:\Windows\System\MpdyXmA.exe
  C:\Windows\System\MpdyXmA.exe
  2⤵
  PID:9912
- C:\Windows\System\LxOSfbH.exe
  C:\Windows\System\LxOSfbH.exe
  2⤵
  PID:9896
- C:\Windows\System\RjQUfyY.exe
  C:\Windows\System\RjQUfyY.exe
  2⤵
  PID:9932
- C:\Windows\System\CoQVMjo.exe
  C:\Windows\System\CoQVMjo.exe
  2⤵
  PID:10000
- C:\Windows\System\ZmxplSk.exe
  C:\Windows\System\ZmxplSk.exe
  2⤵
  PID:10052
- C:\Windows\System\IxNbHOa.exe
  C:\Windows\System\IxNbHOa.exe
  2⤵
  PID:10088
- C:\Windows\System\cymipKH.exe
  C:\Windows\System\cymipKH.exe
  2⤵
  PID:10036
- C:\Windows\System\WXdIvsH.exe
  C:\Windows\System\WXdIvsH.exe
  2⤵
  PID:10132
- C:\Windows\System\zlDwHFd.exe
  C:\Windows\System\zlDwHFd.exe
  2⤵
  PID:10152
- C:\Windows\System\FZUuPiQ.exe
  C:\Windows\System\FZUuPiQ.exe
  2⤵
  PID:10188
- C:\Windows\System\YGxTpMz.exe
  C:\Windows\System\YGxTpMz.exe
  2⤵
  PID:10220
- C:\Windows\System\rMSawGm.exe
  C:\Windows\System\rMSawGm.exe
  2⤵
  PID:9032
- C:\Windows\System\PCTCtvn.exe
  C:\Windows\System\PCTCtvn.exe
  2⤵
  PID:9236
- C:\Windows\System\IGEEIxq.exe
  C:\Windows\System\IGEEIxq.exe
  2⤵
  PID:9424
- C:\Windows\System\YUPyQzO.exe
  C:\Windows\System\YUPyQzO.exe
  2⤵
  PID:9340
- C:\Windows\System\aarYorh.exe
  C:\Windows\System\aarYorh.exe
  2⤵
  PID:9408
- C:\Windows\System\vZwFAFC.exe
  C:\Windows\System\vZwFAFC.exe
  2⤵
  PID:9368
- C:\Windows\System\tFBSHEf.exe
  C:\Windows\System\tFBSHEf.exe
  2⤵
  PID:9372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AEzSaXd.exe

Filesize
6.0MB

MD5
e508f49d06b470fd10ff7a0908fa12ae

SHA1
9f793519101dead7c0c62610ca4034875b26fee9

SHA256
0123df7986bcc9c70b3c85c053b8d651e29b175b6fb198c8d43bbbfbd89bd6c4

SHA512
9f81f484b3a4e55c4305fb69419b0309b066caf9593df27f9808896d15d7425180977ace7f12b980c09085782ce8cadf5a9dd23015d604929fef5d1c8348c654

Download Submit
C:\Windows\system\DQuTQKN.exe

Filesize
6.0MB

MD5
1b031fd6c2b087a5f62e9db3fc340307

SHA1
4d7b8ed4c2a26f861cec7fb08097c45838c03875

SHA256
152933555a9828c008f9248170f3d45a098abfaaab4ec07f33264e0bb7611061

SHA512
6450da9be602802772d6cc3692353bc5be41492fded4628a679064bb0c97600b1e6d55491c4ff57ee42a2b447467f5ae0928348282a3be0bb6d8e2d3c5b97a62

Download Submit
C:\Windows\system\FkFsBZl.exe

Filesize
6.0MB

MD5
377f35ae1936a1d4f2ed1cea09a88de2

SHA1
d66e26f5db77d2bee142aab02cbdb3b6abad4a0f

SHA256
0988cac70be8af0a3d7b0896fbc95e6143d548364f3e85c4ca96dee0cb9b3027

SHA512
7fd13f314b6e0fdf52d1def44cf61582334edf6471e63d3f9b0fe93cb1b8fd267b9304536a4c4e4cd02dd2c92452b20284e39323129ea46f812e7980abf8cd35

Download Submit
C:\Windows\system\JMGmTqI.exe

Filesize
6.0MB

MD5
0fa19fb4404738c868bdb189267ffeab

SHA1
59db55e5f9804ef9537794e471f97cfe7ea3d784

SHA256
79854bc8611d14e351e2933bfc98e71f57582a9ea4143eb0eaf85ae4445c1ef0

SHA512
1ac22afb9e81a04f2198ec692d71534e23f0cf77c55d82dea695832dd1518aa9e6f6420d93c331e38f2bd41b838e61853e99ab80b44049d7aca8fa6a6c971039

Download Submit
C:\Windows\system\MpMUJTN.exe

Filesize
6.0MB

MD5
e854c28d84767875017053b60af99191

SHA1
3d0d818bc329d0c1eff7f82ad26ff2e157ecafc5

SHA256
a7272b85533da2dc40c9a9f1d256acc17a12bf5a0aecf6bf4d663162d7858548

SHA512
530119bc68ea2b4257193483c14119dfa4746516e365217129ce7b8c926ad93f810ec7016d6dad6935d4c14a9b88009ea7ae4182a9441e74a70ed20f6a4bc9da

Download Submit
C:\Windows\system\MsANwYI.exe

Filesize
6.0MB

MD5
60a2039d0580e7b7217ada0f0fcf3598

SHA1
6675a3f5812914ddef750009648028b305fdc4c0

SHA256
7ebcbae1e8bd171abe5bdde630ff4f4a638fbf1c7bce1e53925a624da27d60cf

SHA512
c2b5b527c41dcbd7a2c7158a05ff7c06506025a44eb7ca32efad50367aff9b6f70897ae02786b47a521a570feee5205aea7848578f1a9f1d9cc936bd3afd0016

Download Submit
C:\Windows\system\NCiZgZX.exe

Filesize
6.0MB

MD5
421abe3f51d116b3f28aa5c7e7fd3f72

SHA1
c5f0a409bd08e444a4ab9c36976960d27ecdcab9

SHA256
312c7918ca97100150f4575822fb066c17fa6aa27386e2b4120da84349851f25

SHA512
0f204ff1287cf112aaba7222b97cb90d3453f4a519ba852d9526f9e469446588ddf9bf82dcd11f7ffab7b466ad4aa5c193aa6c7d98056061e4f5c4878f995bd6

Download Submit
C:\Windows\system\OkBLJRa.exe

Filesize
6.0MB

MD5
ce3ef903ca7fe1c320de127941051699

SHA1
3ddd361537d8e84cd8bab7ec1d6a0e6ddab30cfe

SHA256
15ee5cdd5c44788592e8da07b4644ece46b13c56f3192c04f0260d0c8e8931c1

SHA512
19a76acb8bad8391c4681208be87136786904ffd312b06ebae2a3d8e46e8d55187ec06314b9b3b60dc9570404aff5d6309689345a3b7fb6c4b7b02f6c19bb84e

Download Submit
C:\Windows\system\PzYzVLO.exe

Filesize
6.0MB

MD5
c69fd0f2391a1a45db6f126b4eff7e0c

SHA1
dc8dc0f5d0531a65d4b76a5efb20fc135b853987

SHA256
a854e992b597623091b5101417f94d826428404e7513801297b683cafbc62c3b

SHA512
fd2652efb02539c2a9c6f9926a7958c23d0ef6814cb0014b9e3d3963a6dfb7135c4fd69c0faf1c8e0d2ea738d6505be90467499fdc516736faaba8c408a90408

Download Submit
C:\Windows\system\TAHyCcM.exe

Filesize
6.0MB

MD5
4ca664a34d8885b91560f23b2e1b4a10

SHA1
ea57b6ee0ad0ccfdfa3e7b2740096f2ca3199f86

SHA256
7e131f3e88add7959ffee72b288a40b78879dac8064b6739b7542b96d2354829

SHA512
024523c97f90443f24f45dcc5d872817a4a2899a37dec6e5a6ad90d978e8cc7aea85ecad2d29430d3426e6f3fd360bf8c349a77db5c624679bb92ab458dcdd75

Download Submit
C:\Windows\system\VMtTYnP.exe

Filesize
6.0MB

MD5
48b9ad14c8a7e1a3046904387a8120f6

SHA1
58b2aaa216b87e1dead9dad1a6d81071addf81a3

SHA256
3c95ed58d82e17b629346352009857f5386fb9fcc5d2b51fc05e167a8d68aca8

SHA512
480efffbca6dbf3ca0d1ca12816af1c31817c9f93f53820f0eaf4bae1db95d48aa1f3dd5a5731af150040e24a622b47562bafbde7953795e4dedb60a4a47bd81

Download Submit
C:\Windows\system\VahfRaA.exe

Filesize
6.0MB

MD5
08eb07aea44fb3d953748be30468960c

SHA1
27d7ad5f2116bf40ef122d91011afc74a952a800

SHA256
6de685edb58bef65d29d606611ee77ae86fa45804d0aa844221284ac829b2d3f

SHA512
93275a8839b5da285343d410b90abd2125b9d9e89f49068f3354a4ae883c13369f30d0049064916974fca2430179dfba805efd1e60028ba236af77c838be47bf

Download Submit
C:\Windows\system\VqJAtgB.exe

Filesize
6.0MB

MD5
af2f40dfba563cd09a36300bf77c71f8

SHA1
4de835dd6f1249ce0c68ee5f3d5d22da17fdbb82

SHA256
adea8f869b94a054345fbd10fd205b92415e5b63e64193b1c7b6ba4481509df2

SHA512
1ef9c6cfc0f9e996e4ed3679a0e3979e69c5dab901cb9619f4248b98843bfb799dc962261d0ecec09ea97bfd601619c854f7277c9b2970161807566e9677f9e0

Download Submit
C:\Windows\system\YQInqPs.exe

Filesize
6.0MB

MD5
ffa04f6d60a485751515b1917ea0036e

SHA1
15be38caf9d00845a862cadb6b79f13106e45cdd

SHA256
37985a88e94264d8640fef22b3b73db14aa0cc12c0629db13f2ed05a5bfce3a1

SHA512
19d6b70f164356d2358640824784319a2878f477dc275ec2e5cd8a64d667b49b9fb9bbc406fd638356e847aae9566067af609db5ac60c121b9514e67ade325ee

Download Submit
C:\Windows\system\ZtRNCGW.exe

Filesize
6.0MB

MD5
8981a11d2e98ff365ddce0acd11e4930

SHA1
96e627d1a9b3b56f9c76f08036d8136ab989e8d0

SHA256
8462c263f9c26f7fb48110a03fb802c9732001cad6a741d6282cd5a795e96aa9

SHA512
9a731a3d8ebee4765f79576fb3113e0e07759e6e2cc35121e0427300102e00aff2049b94a5384c9cd6b08fde1579964ea817b751febb25674d3d310d4679a6c9

Download Submit
C:\Windows\system\ajJgwsf.exe

Filesize
6.0MB

MD5
4d139e9f95b6f21907b96bf7f54dfd47

SHA1
0b228633b78a3268cc6a45a6712c758790db5b86

SHA256
86f9bc15b99669b176c288ffe7b646ffbe41a15cd43f8a292d2ed3caa7701352

SHA512
b3ff8f4fcef8423633c2c35bef508dc14b22011736272491e241e3a71d4716e8a4115d911898a231c6a43a92eaf63bdd79732d5fb4b2323d0d25dbe0d119fbc6

Download Submit
C:\Windows\system\cWIHXof.exe

Filesize
6.0MB

MD5
ad085ebff9e29d4b32da3c9ad4ba5c1d

SHA1
9bad48a7f9cc245390a678c10bafbc41aed7b771

SHA256
8955d331ec1c59074591350b0fe8324ad62250c73670b0b0c1319418e380ca83

SHA512
5d5c42503f448e58a2a083a51c27d7b4ef324ea42b7d2a555c44d7a59f6294ed7f38da1a66f999aff379f0d811521748aa294969b6ff0310a345ce8d98f2e14b

Download Submit
C:\Windows\system\eWyxnAY.exe

Filesize
6.0MB

MD5
95d99fc1159994027fe9819198c8bbd1

SHA1
966a98e04c2427f112eae1027cecc3908314e5ba

SHA256
3fa2a1ab3a425a76838fb85d6b1c4b537f059b72d1d9bca161f1230615d8584f

SHA512
7dcf2c48d539d596f098cc6e10d5cf8d5b7b64c900604d7016a61e77717f1e95cf3ae9c225876c5837e44b55d90d335bbb97dbf182224b516b8973787a78fce5

Download Submit
C:\Windows\system\fMdwHIJ.exe

Filesize
6.0MB

MD5
b6bd7b4bed288031fb5ab7373b5405e6

SHA1
0e1f1adfdb10d44372ad0c1fb759b0a4fcec7169

SHA256
b26bf59a1e576dacd45d6e478adfa0778302f9dc1175129048841c7214954ca5

SHA512
15356aaf725c0b403b80d95b4c61d205dcaaf34a73a53478813c41d25e5263d297aa27f5958e8500b18f9a8c329491be245ea28c14c25d9a1dcab9549949220f

Download Submit
C:\Windows\system\kjrjYuy.exe

Filesize
6.0MB

MD5
1e2f588987836d24fedead22984f3a5f

SHA1
b483711ab2112e31797416695125948c9b672313

SHA256
91f07f31cb30f02a58ab551b95ae7ea9e0d75b269fe5455d3ff33c29ead611c6

SHA512
2f3a99482e5ec7dba47abf55de22ea45dbbeb838ff6800b7cf31e97341e33f68ff93393e9ec63dbc941937b4e3a613f3958fc4b475b07e7b719f98446978df21

Download Submit
C:\Windows\system\nvfglTj.exe

Filesize
6.0MB

MD5
e888fc4e93fa52df10f9bf0ca2b2c4bb

SHA1
6f6193eaf1f2807a129d7a8d68d229247e0364d3

SHA256
08b889c72082e7f310c9b5eca8dbcefff83f88fcaadb93b11acaff9eca356d6f

SHA512
ed7138c25ecb36ced3b66c918723eb190048464d62b04049df93f1e7743fc9aa9e84ac17c0db7cf7c9f402eafa1ea38a0f3a92b841b51326c3b02298e319614a

Download Submit
C:\Windows\system\qCEmfom.exe

Filesize
6.0MB

MD5
524ea507cabbe6b995d6da6aadd559e8

SHA1
f913d774e0644ef6450067a68f7ae23155e40b00

SHA256
bf6dfdf119fe53251d5453723bfcb0a3d60548dd792d47960fe15ac3434d9806

SHA512
8ec67d6c0cd24f3b5bf855ad414794c827e9ec8dd2be5d59ea14d461ec77839df6d21d0a5f75ac2c6c1bcffde63aaf7106be16cfbe0a6807258aa6a4163d0339

Download Submit
C:\Windows\system\uSZVyuj.exe

Filesize
6.0MB

MD5
9ec8800a606802993e0e425c9c04e5b2

SHA1
2b4e1f847632d7459236b648420b5bc5c9d98426

SHA256
05b7d1c81ba9a6a31bb459755a17a798f5888ab8b3627374601fc814e60144e4

SHA512
76a34bce0b37b8fde7f18a1ce15f05a6924bc30091de537d13d72b2764ff0645f1649ca994881e748df63c26e086df1ad52e0abfbcd112ec03058d69538a5394

Download Submit
C:\Windows\system\vZFdvty.exe

Filesize
6.0MB

MD5
09e0eee810e9cacba9093aaaac8a3545

SHA1
76288c38419c350a3060ba4fb7d94385912c6893

SHA256
6335d5708639289237f41430ab3a799874ead558e942136d560da608da0b1eb3

SHA512
da05b145c82ece4564e9ad4a4a865adb1f8344dc6e57a529a9dcc697f33f15c9282c0418d43da52bb4955e520435520bbc2d01787eeae8dd135bbbb89e711b79

Download Submit
C:\Windows\system\xoUQbms.exe

Filesize
6.0MB

MD5
8cf0aec8232d189a7eca57eafd39cab0

SHA1
2af6dc7560890062b366670d2018f3fc1223dae5

SHA256
faad6d081a8895567976a77fc46dd8a11a7b634f56f1f6277e364d2643c4b9dd

SHA512
f072767725310517069e23a5a2fcbc3a47a770ca295a0201f90c6b4c9311f8061475c1940ec251445ec296d2053a1c1229c6e90c9f909776e90bf3fd0e4f00d3

Download Submit
C:\Windows\system\yanUVVG.exe

Filesize
6.0MB

MD5
47908470d12cb3ff9493ccbbdd11237b

SHA1
6fd39c69e30fc5600fab7c3394597aecae356ebf

SHA256
8ac187d1f0ad6b60ff5e9f2c5b44a87b7674f9bc07c079e1b83e7f2fa9a4a524

SHA512
3604ed65fc6fbf021cf3e0c98a5e6027e2262bf0bc27736e70f75fdfcdba7def5c0c74df3fd41da30149b836783a0a6b5237d7e6a9dc05816b088fbbc353e7fb

Download Submit
C:\Windows\system\zQTBSDr.exe

Filesize
6.0MB

MD5
43bb56b47e42db8d19d3fe4b132f70f4

SHA1
161d25022774b9deed7e85f237b338f0e8d5f401

SHA256
8dc949bfcd69c5d63fdaac4050fe34155f8d05c2829a56076f9907956f0b74c1

SHA512
c90e57c8b3f3df6ce491ec96d5a4295666e88afc567126405a58cee4bdd1bcfbc46ed4611546a94006bb71cdd8a4dbee918f1d6b0fe72ffd28d302e1619f8e15

Download Submit
C:\Windows\system\zmcEdmF.exe

Filesize
6.0MB

MD5
a42e76621cec6235c44174b011a73a50

SHA1
3807d16bd204c9f48708ba21c12ef378ee3d04ef

SHA256
b79965fdf6d5ce8fa51c52b104212cb288b624b74834742dee138778712147fc

SHA512
6e9c09747cb77b9233bc81fe96579d7beeb475b94115aa9c704924a56bb8b995e0345fe7811746985d9a79e3fac365d612260bb21f811a24ac66852b3ed1f686

Download Submit
\Windows\system\EJetSkJ.exe

Filesize
6.0MB

MD5
1763160ed5e049af23186bc2d01af0b8

SHA1
3bae196a7a25b043faf1d335c419ee0354acf054

SHA256
2e41666898514d4e1cbad1ef8463427eec67bb3d14bb7338b5897562c58dbdea

SHA512
901b78e0e1005a5e40d2edac6e93614e086df2f42ded5ce26eaecb2ae8c637856a70e08a8dd63c1eed65775237788253933d328891d826c0edaf8d467208e80c

Download Submit
\Windows\system\WUCqqhy.exe

Filesize
6.0MB

MD5
3a9e801f5da344b06266450e827c9524

SHA1
5da823641109b5be98a0da39cbd554af4d8026b4

SHA256
3cfec45a8e609fd1401d18b2775099a2134b2a7481a421f0b192e91c4ab326cf

SHA512
9a3b883991a2f0dae48cf06bafe02f52d1619b2f851ed889ab6139dd2ca5d34da560d18d03d938ae820b8a5ee5cb7d4f01fa9d59048c5415bda2fd4b0145bebc

Download Submit
\Windows\system\YgRAzAF.exe

Filesize
6.0MB

MD5
248cad9854858ddcdbd066ee23bb982b

SHA1
49ead18d8a78a1ecc6eca05a1a554864bc832932

SHA256
b4dc7db2cfb815589f9e695b8882028048626ef797c85f23212b281e5991ea42

SHA512
81bf8f6e1afb19546fca9e73c99969daf98271c671838223e178f455d15f1fa14ef85d161fcad17f26cf90ce2d494efc7fdf7ef1dfcd06f24d7b968ee6a9c831

Download Submit
\Windows\system\wZpdPhk.exe

Filesize
6.0MB

MD5
e509cdbcf1e78ba8e7a1d35ab5342a9f

SHA1
0f4ab3298542ad0abc8669c5a0876fd4d3009d22

SHA256
d664e8d5d919e500c8de7c25eb4e33b5fe9e3f433eb73ae2ba4686148cb94c4f

SHA512
256a2aed510af78f7c53098df63a8dfb2f70c7d57717c82fad11e5a06225bb8e1ec0f6ac9e960e49c2f013acf96d87bfbea18913584b0da0b93eac7ab9fa2581

Download Submit
memory/1152-2354-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/1152-3318-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2188-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2188-2339-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2188-36-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2188-9-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2188-27-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2188-0-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2188-3665-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2188-2357-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2188-21-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2188-4820-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2188-4631-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2188-13-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2188-2338-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2572-3587-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2369-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3094-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2708-20-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3080-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-18-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-4573-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-22-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-3464-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-40-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-31-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2944-3610-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download