cobaltstrike | 918961ccf3aa3e491cb2c649d35019affa0dfb2088fca26e6402577f216c45dd

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
19-12-2024 07:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

31af61a38e7dc604b063b9e637d9c642
SHA1

ae1e1ebec82480f486732daf1cdf942302336b18
SHA256

918961ccf3aa3e491cb2c649d35019affa0dfb2088fca26e6402577f216c45dd
SHA512

ba20c35b666401625c778724cd65aa739f676018e82627d8d643ca72e3c034f504e4d0297c3fd7d92c543fa51b8bcbeb5db08ea0d1d2c85dd04223d683b614de
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUs:T+q56utgpPF8u/7s

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012281-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016de8-9.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016dea-11.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958e-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019512-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019509-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ee-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b9-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b6-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019250-123.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017497-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a9-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019451-102.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a6-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-84.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017049-34.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f1-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c9-119.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016df3-22.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-50.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001749c-49.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2464-0-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x000c000000012281-3.dat	xmrig
behavioral1/memory/2364-8-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016de8-9.dat	xmrig
behavioral1/files/0x0009000000016dea-11.dat	xmrig
behavioral1/files/0x0005000000019502-137.dat	xmrig
behavioral1/memory/2820-320-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2464-1159-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/888-1024-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2228-1022-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2812-917-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2464-915-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2972-704-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2936-321-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2564-319-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ab-163.dat	xmrig
behavioral1/files/0x000500000001957e-155.dat	xmrig
behavioral1/files/0x000500000001950e-154.dat	xmrig
behavioral1/files/0x000500000001958e-160.dat	xmrig
behavioral1/files/0x0005000000019512-150.dat	xmrig
behavioral1/files/0x0005000000019509-142.dat	xmrig
behavioral1/files/0x00050000000194ee-132.dat	xmrig
behavioral1/files/0x00050000000194b9-131.dat	xmrig
behavioral1/files/0x0005000000019458-130.dat	xmrig
behavioral1/files/0x00050000000193df-129.dat	xmrig
behavioral1/files/0x00050000000193b6-128.dat	xmrig
behavioral1/files/0x0005000000019360-127.dat	xmrig
behavioral1/files/0x0005000000019297-126.dat	xmrig
behavioral1/files/0x0005000000019278-125.dat	xmrig
behavioral1/files/0x0006000000019250-123.dat	xmrig
behavioral1/files/0x0007000000017497-122.dat	xmrig
behavioral1/memory/3052-114-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a9-112.dat	xmrig
behavioral1/memory/888-104-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019451-102.dat	xmrig
behavioral1/memory/2812-94-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c4-93.dat	xmrig
behavioral1/files/0x00050000000193a6-86.dat	xmrig
behavioral1/files/0x000500000001933f-84.dat	xmrig
behavioral1/memory/2364-77-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2972-70-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2464-60-0x00000000022C0000-0x0000000002614000-memory.dmp	xmrig
behavioral1/memory/2936-42-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2820-35-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/files/0x0007000000017049-34.dat	xmrig
behavioral1/files/0x00050000000194f1-135.dat	xmrig
behavioral1/files/0x00050000000194c9-119.dat	xmrig
behavioral1/files/0x0008000000016df3-22.dat	xmrig
behavioral1/memory/2464-99-0x00000000022C0000-0x0000000002614000-memory.dmp	xmrig
behavioral1/memory/2228-98-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2464-81-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2464-66-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x0005000000019284-65.dat	xmrig
behavioral1/memory/3068-64-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2884-56-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019269-50.dat	xmrig
behavioral1/files/0x000700000001749c-49.dat	xmrig
behavioral1/memory/2564-21-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/3052-14-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2884-3297-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2820-3319-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/3052-3327-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/3068-3324-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2564-3338-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2364	MytIGKv.exe
3052	UvaHDGw.exe
2564	LyuAXEe.exe
2820	NrONyhe.exe
2936	uYWRULE.exe
3068	XETavzP.exe
2884	RvEzHwI.exe
2972	iNbARSB.exe
2812	GsuHjIX.exe
2228	GQSMVWN.exe
888	HBaUwoK.exe
816	qbOnoEO.exe
1996	uIMIJBR.exe
1388	Iiptwwx.exe
2104	dCbHUQs.exe
2696	aUfSWOL.exe
2828	zmhaOZK.exe
2720	cZOUjfM.exe
2348	IbgdfaC.exe
2372	qZWLsKv.exe
2036	JoEJzeT.exe
1636	QqYLJlk.exe
580	xuFVZeX.exe
1000	cMTXhcW.exe
2892	HIrKpji.exe
644	pBDMaWw.exe
2052	tHBGFJY.exe
780	nFkVKln.exe
2336	QjKdKZa.exe
1144	nxrjRsT.exe
2280	xWEuihb.exe
1308	UzONUQA.exe
1612	AVhaAqv.exe
1716	ywCHJHj.exe
1268	vrBoSby.exe
1820	IVknxUy.exe
1500	aZBqFOt.exe
1640	ttzowzp.exe
2516	pDSbXFk.exe
1484	FXoHYvr.exe
1016	IJsnxDG.exe
1684	UzDZNkF.exe
2780	FITnktP.exe
2288	vMbrJfE.exe
2032	QjrkwVZ.exe
2532	LisdlJt.exe
2524	NToFlll.exe
280	CKkELom.exe
308	KkSSceg.exe
2060	ZLlGaPk.exe
1812	NAMNEoR.exe
1480	fGfuLwG.exe
2092	LBzfrab.exe
2124	XONSnmR.exe
1592	xkRByPH.exe
1796	VtURYhA.exe
2100	PPOWjwP.exe
2168	eLOTvlw.exe
2604	RLCFFev.exe
1660	VSVZRFi.exe
2772	OOWnEmD.exe
2476	tjfKOMj.exe
2488	rKiUIrh.exe
2964	dAQNIoW.exe

Loads dropped DLL 64 IoCs

pid	Process
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2464-0-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x000c000000012281-3.dat	upx
behavioral1/memory/2364-8-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/files/0x0008000000016de8-9.dat	upx
behavioral1/files/0x0009000000016dea-11.dat	upx
behavioral1/files/0x0005000000019502-137.dat	upx
behavioral1/memory/2820-320-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/888-1024-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2228-1022-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2812-917-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2972-704-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2936-321-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2564-319-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x00050000000195ab-163.dat	upx
behavioral1/files/0x000500000001957e-155.dat	upx
behavioral1/files/0x000500000001950e-154.dat	upx
behavioral1/files/0x000500000001958e-160.dat	upx
behavioral1/files/0x0005000000019512-150.dat	upx
behavioral1/files/0x0005000000019509-142.dat	upx
behavioral1/files/0x00050000000194ee-132.dat	upx
behavioral1/files/0x00050000000194b9-131.dat	upx
behavioral1/files/0x0005000000019458-130.dat	upx
behavioral1/files/0x00050000000193df-129.dat	upx
behavioral1/files/0x00050000000193b6-128.dat	upx
behavioral1/files/0x0005000000019360-127.dat	upx
behavioral1/files/0x0005000000019297-126.dat	upx
behavioral1/files/0x0005000000019278-125.dat	upx
behavioral1/files/0x0006000000019250-123.dat	upx
behavioral1/files/0x0007000000017497-122.dat	upx
behavioral1/memory/3052-114-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/files/0x00050000000194a9-112.dat	upx
behavioral1/memory/888-104-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x0005000000019451-102.dat	upx
behavioral1/memory/2812-94-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x00050000000193c4-93.dat	upx
behavioral1/files/0x00050000000193a6-86.dat	upx
behavioral1/files/0x000500000001933f-84.dat	upx
behavioral1/memory/2364-77-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2972-70-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2936-42-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2820-35-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x0007000000017049-34.dat	upx
behavioral1/files/0x00050000000194f1-135.dat	upx
behavioral1/files/0x00050000000194c9-119.dat	upx
behavioral1/files/0x0008000000016df3-22.dat	upx
behavioral1/memory/2228-98-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2464-66-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x0005000000019284-65.dat	upx
behavioral1/memory/3068-64-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2884-56-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x0005000000019269-50.dat	upx
behavioral1/files/0x000700000001749c-49.dat	upx
behavioral1/memory/2564-21-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/3052-14-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2884-3297-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2820-3319-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/3052-3327-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/3068-3324-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2564-3338-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2364-3331-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2936-3348-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2972-3437-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2812-3441-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2228-3444-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\iBWyadE.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vsdDKEM.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eSXQKxt.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFWtRzk.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRLzsEo.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kOWnAcI.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kROxLlf.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KBcbaax.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wNuWPEG.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KhqlTsw.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GbQWBGI.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kVazcjc.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bsKdEgJ.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKabaQW.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ebyVzFp.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XirigDu.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cPYnAtw.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DaFVTOG.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IuAQyKz.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oUTDqKJ.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pDgxCaG.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OsLUuRz.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PdJGLxK.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zWESwkI.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zGWwpgV.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QWMDZBJ.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\itOkRNR.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FaOIavv.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHDToqq.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kibcuFS.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NlKtGjO.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DxxgoBZ.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GczSmwq.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZsbfyCm.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MkdCBvL.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YrFLeIN.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NjwKuiE.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHceAHA.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CpLVdZD.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TCXeExo.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWFeCSb.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vIcUeTN.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eRePIJy.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gDUGSNm.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGttyqo.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nwTxhiY.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tuKaORz.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UUAdmVW.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NAMNEoR.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TZuwPad.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uiJhSRR.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QFBWyrp.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WpewbKK.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mzDDFrt.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nvWDAYT.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCAjxdk.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezbSKZc.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ncuOuZR.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHHUgcN.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JYZFBkJ.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TtMcrqs.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zyavOhO.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGNEYqp.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hHLovhk.exe	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 2364	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2464 wrote to memory of 2364	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2464 wrote to memory of 2364	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2464 wrote to memory of 3052	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2464 wrote to memory of 3052	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2464 wrote to memory of 3052	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2464 wrote to memory of 2564	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2464 wrote to memory of 2564	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2464 wrote to memory of 2564	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2464 wrote to memory of 2820	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2464 wrote to memory of 2820	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2464 wrote to memory of 2820	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2464 wrote to memory of 2936	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2464 wrote to memory of 2936	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2464 wrote to memory of 2936	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2464 wrote to memory of 2104	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2464 wrote to memory of 2104	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2464 wrote to memory of 2104	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2464 wrote to memory of 3068	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2464 wrote to memory of 3068	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2464 wrote to memory of 3068	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2464 wrote to memory of 2696	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2464 wrote to memory of 2696	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2464 wrote to memory of 2696	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2464 wrote to memory of 2884	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2464 wrote to memory of 2884	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2464 wrote to memory of 2884	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2464 wrote to memory of 2828	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2464 wrote to memory of 2828	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2464 wrote to memory of 2828	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2464 wrote to memory of 2972	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2464 wrote to memory of 2972	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2464 wrote to memory of 2972	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2464 wrote to memory of 2720	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2464 wrote to memory of 2720	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2464 wrote to memory of 2720	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2464 wrote to memory of 2812	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2464 wrote to memory of 2812	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2464 wrote to memory of 2812	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2464 wrote to memory of 2348	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2464 wrote to memory of 2348	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2464 wrote to memory of 2348	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2464 wrote to memory of 2228	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2464 wrote to memory of 2228	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2464 wrote to memory of 2228	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2464 wrote to memory of 2372	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2464 wrote to memory of 2372	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2464 wrote to memory of 2372	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2464 wrote to memory of 888	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2464 wrote to memory of 888	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2464 wrote to memory of 888	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2464 wrote to memory of 2036	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2464 wrote to memory of 2036	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2464 wrote to memory of 2036	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2464 wrote to memory of 816	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2464 wrote to memory of 816	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2464 wrote to memory of 816	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2464 wrote to memory of 1636	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2464 wrote to memory of 1636	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2464 wrote to memory of 1636	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2464 wrote to memory of 1996	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2464 wrote to memory of 1996	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2464 wrote to memory of 1996	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2464 wrote to memory of 580	2464	2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-19_31af61a38e7dc604b063b9e637d9c642_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Windows\System\MytIGKv.exe
  C:\Windows\System\MytIGKv.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\UvaHDGw.exe
  C:\Windows\System\UvaHDGw.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\LyuAXEe.exe
  C:\Windows\System\LyuAXEe.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\NrONyhe.exe
  C:\Windows\System\NrONyhe.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\uYWRULE.exe
  C:\Windows\System\uYWRULE.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\dCbHUQs.exe
  C:\Windows\System\dCbHUQs.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\XETavzP.exe
  C:\Windows\System\XETavzP.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\aUfSWOL.exe
  C:\Windows\System\aUfSWOL.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\RvEzHwI.exe
  C:\Windows\System\RvEzHwI.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\zmhaOZK.exe
  C:\Windows\System\zmhaOZK.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\iNbARSB.exe
  C:\Windows\System\iNbARSB.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\cZOUjfM.exe
  C:\Windows\System\cZOUjfM.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\GsuHjIX.exe
  C:\Windows\System\GsuHjIX.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\IbgdfaC.exe
  C:\Windows\System\IbgdfaC.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\GQSMVWN.exe
  C:\Windows\System\GQSMVWN.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\qZWLsKv.exe
  C:\Windows\System\qZWLsKv.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\HBaUwoK.exe
  C:\Windows\System\HBaUwoK.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\JoEJzeT.exe
  C:\Windows\System\JoEJzeT.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\qbOnoEO.exe
  C:\Windows\System\qbOnoEO.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\QqYLJlk.exe
  C:\Windows\System\QqYLJlk.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\uIMIJBR.exe
  C:\Windows\System\uIMIJBR.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\xuFVZeX.exe
  C:\Windows\System\xuFVZeX.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\Iiptwwx.exe
  C:\Windows\System\Iiptwwx.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\cMTXhcW.exe
  C:\Windows\System\cMTXhcW.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\HIrKpji.exe
  C:\Windows\System\HIrKpji.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\tHBGFJY.exe
  C:\Windows\System\tHBGFJY.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\pBDMaWw.exe
  C:\Windows\System\pBDMaWw.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\QjKdKZa.exe
  C:\Windows\System\QjKdKZa.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\nFkVKln.exe
  C:\Windows\System\nFkVKln.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\nxrjRsT.exe
  C:\Windows\System\nxrjRsT.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\xWEuihb.exe
  C:\Windows\System\xWEuihb.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\UzONUQA.exe
  C:\Windows\System\UzONUQA.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\AVhaAqv.exe
  C:\Windows\System\AVhaAqv.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\ywCHJHj.exe
  C:\Windows\System\ywCHJHj.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\vrBoSby.exe
  C:\Windows\System\vrBoSby.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\IVknxUy.exe
  C:\Windows\System\IVknxUy.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\aZBqFOt.exe
  C:\Windows\System\aZBqFOt.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\ttzowzp.exe
  C:\Windows\System\ttzowzp.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\pDSbXFk.exe
  C:\Windows\System\pDSbXFk.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\FXoHYvr.exe
  C:\Windows\System\FXoHYvr.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\IJsnxDG.exe
  C:\Windows\System\IJsnxDG.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\UzDZNkF.exe
  C:\Windows\System\UzDZNkF.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\FITnktP.exe
  C:\Windows\System\FITnktP.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\vMbrJfE.exe
  C:\Windows\System\vMbrJfE.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\QjrkwVZ.exe
  C:\Windows\System\QjrkwVZ.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\LisdlJt.exe
  C:\Windows\System\LisdlJt.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\NToFlll.exe
  C:\Windows\System\NToFlll.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\CKkELom.exe
  C:\Windows\System\CKkELom.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\KkSSceg.exe
  C:\Windows\System\KkSSceg.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\ZLlGaPk.exe
  C:\Windows\System\ZLlGaPk.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\NAMNEoR.exe
  C:\Windows\System\NAMNEoR.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\fGfuLwG.exe
  C:\Windows\System\fGfuLwG.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\LBzfrab.exe
  C:\Windows\System\LBzfrab.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\XONSnmR.exe
  C:\Windows\System\XONSnmR.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\xkRByPH.exe
  C:\Windows\System\xkRByPH.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\VtURYhA.exe
  C:\Windows\System\VtURYhA.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\PPOWjwP.exe
  C:\Windows\System\PPOWjwP.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\eLOTvlw.exe
  C:\Windows\System\eLOTvlw.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\RLCFFev.exe
  C:\Windows\System\RLCFFev.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\VSVZRFi.exe
  C:\Windows\System\VSVZRFi.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\OOWnEmD.exe
  C:\Windows\System\OOWnEmD.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\tjfKOMj.exe
  C:\Windows\System\tjfKOMj.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\rKiUIrh.exe
  C:\Windows\System\rKiUIrh.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\dAQNIoW.exe
  C:\Windows\System\dAQNIoW.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\WmlicHS.exe
  C:\Windows\System\WmlicHS.exe
  2⤵
  PID:2724
- C:\Windows\System\kzqaehv.exe
  C:\Windows\System\kzqaehv.exe
  2⤵
  PID:2944
- C:\Windows\System\kjgPfsH.exe
  C:\Windows\System\kjgPfsH.exe
  2⤵
  PID:1052
- C:\Windows\System\ShWzFlt.exe
  C:\Windows\System\ShWzFlt.exe
  2⤵
  PID:1420
- C:\Windows\System\hDeNBqq.exe
  C:\Windows\System\hDeNBqq.exe
  2⤵
  PID:2000
- C:\Windows\System\jiELxqG.exe
  C:\Windows\System\jiELxqG.exe
  2⤵
  PID:1156
- C:\Windows\System\oytJWUI.exe
  C:\Windows\System\oytJWUI.exe
  2⤵
  PID:1536
- C:\Windows\System\vKhZGoa.exe
  C:\Windows\System\vKhZGoa.exe
  2⤵
  PID:2024
- C:\Windows\System\bJzeslP.exe
  C:\Windows\System\bJzeslP.exe
  2⤵
  PID:896
- C:\Windows\System\TOspYaC.exe
  C:\Windows\System\TOspYaC.exe
  2⤵
  PID:2248
- C:\Windows\System\pDgxCaG.exe
  C:\Windows\System\pDgxCaG.exe
  2⤵
  PID:636
- C:\Windows\System\kLsTkwe.exe
  C:\Windows\System\kLsTkwe.exe
  2⤵
  PID:2172
- C:\Windows\System\KLsItnU.exe
  C:\Windows\System\KLsItnU.exe
  2⤵
  PID:2184
- C:\Windows\System\wkWwuTz.exe
  C:\Windows\System\wkWwuTz.exe
  2⤵
  PID:1424
- C:\Windows\System\pmdKsRX.exe
  C:\Windows\System\pmdKsRX.exe
  2⤵
  PID:2408
- C:\Windows\System\gemizRE.exe
  C:\Windows\System\gemizRE.exe
  2⤵
  PID:3088
- C:\Windows\System\BfQhMvu.exe
  C:\Windows\System\BfQhMvu.exe
  2⤵
  PID:3108
- C:\Windows\System\wCUQeMg.exe
  C:\Windows\System\wCUQeMg.exe
  2⤵
  PID:3128
- C:\Windows\System\KNiouhr.exe
  C:\Windows\System\KNiouhr.exe
  2⤵
  PID:3148
- C:\Windows\System\DVkeIGF.exe
  C:\Windows\System\DVkeIGF.exe
  2⤵
  PID:3168
- C:\Windows\System\qkKPVCQ.exe
  C:\Windows\System\qkKPVCQ.exe
  2⤵
  PID:3184
- C:\Windows\System\aVjroHt.exe
  C:\Windows\System\aVjroHt.exe
  2⤵
  PID:3208
- C:\Windows\System\RwiFqJS.exe
  C:\Windows\System\RwiFqJS.exe
  2⤵
  PID:3228
- C:\Windows\System\fQxmRVT.exe
  C:\Windows\System\fQxmRVT.exe
  2⤵
  PID:3248
- C:\Windows\System\kdMllnG.exe
  C:\Windows\System\kdMllnG.exe
  2⤵
  PID:3264
- C:\Windows\System\PflezqM.exe
  C:\Windows\System\PflezqM.exe
  2⤵
  PID:3284
- C:\Windows\System\PrJmget.exe
  C:\Windows\System\PrJmget.exe
  2⤵
  PID:3308
- C:\Windows\System\QkitSDt.exe
  C:\Windows\System\QkitSDt.exe
  2⤵
  PID:3324
- C:\Windows\System\ofyyALD.exe
  C:\Windows\System\ofyyALD.exe
  2⤵
  PID:3344
- C:\Windows\System\wirqfNg.exe
  C:\Windows\System\wirqfNg.exe
  2⤵
  PID:3364
- C:\Windows\System\DyBfbPx.exe
  C:\Windows\System\DyBfbPx.exe
  2⤵
  PID:3388
- C:\Windows\System\CmsfCWj.exe
  C:\Windows\System\CmsfCWj.exe
  2⤵
  PID:3404
- C:\Windows\System\KvuNsBA.exe
  C:\Windows\System\KvuNsBA.exe
  2⤵
  PID:3428
- C:\Windows\System\EQQbTuZ.exe
  C:\Windows\System\EQQbTuZ.exe
  2⤵
  PID:3448
- C:\Windows\System\FPexIDW.exe
  C:\Windows\System\FPexIDW.exe
  2⤵
  PID:3468
- C:\Windows\System\OCVNGon.exe
  C:\Windows\System\OCVNGon.exe
  2⤵
  PID:3484
- C:\Windows\System\cVsWTPk.exe
  C:\Windows\System\cVsWTPk.exe
  2⤵
  PID:3504
- C:\Windows\System\jBpAncB.exe
  C:\Windows\System\jBpAncB.exe
  2⤵
  PID:3528
- C:\Windows\System\xpABikp.exe
  C:\Windows\System\xpABikp.exe
  2⤵
  PID:3544
- C:\Windows\System\MAorytl.exe
  C:\Windows\System\MAorytl.exe
  2⤵
  PID:3560
- C:\Windows\System\UXGgJJN.exe
  C:\Windows\System\UXGgJJN.exe
  2⤵
  PID:3584
- C:\Windows\System\TseMvDe.exe
  C:\Windows\System\TseMvDe.exe
  2⤵
  PID:3604
- C:\Windows\System\MAMANDy.exe
  C:\Windows\System\MAMANDy.exe
  2⤵
  PID:3628
- C:\Windows\System\GechieC.exe
  C:\Windows\System\GechieC.exe
  2⤵
  PID:3648
- C:\Windows\System\FyHWkXN.exe
  C:\Windows\System\FyHWkXN.exe
  2⤵
  PID:3664
- C:\Windows\System\dEdqUHJ.exe
  C:\Windows\System\dEdqUHJ.exe
  2⤵
  PID:3692
- C:\Windows\System\RjIXqsS.exe
  C:\Windows\System\RjIXqsS.exe
  2⤵
  PID:3708
- C:\Windows\System\PZgrviR.exe
  C:\Windows\System\PZgrviR.exe
  2⤵
  PID:3728
- C:\Windows\System\QVcxCAZ.exe
  C:\Windows\System\QVcxCAZ.exe
  2⤵
  PID:3748
- C:\Windows\System\JxDbwpE.exe
  C:\Windows\System\JxDbwpE.exe
  2⤵
  PID:3772
- C:\Windows\System\rZuQVee.exe
  C:\Windows\System\rZuQVee.exe
  2⤵
  PID:3788
- C:\Windows\System\GnzWzcV.exe
  C:\Windows\System\GnzWzcV.exe
  2⤵
  PID:3812
- C:\Windows\System\KnOiYCY.exe
  C:\Windows\System\KnOiYCY.exe
  2⤵
  PID:3832
- C:\Windows\System\dTgtsCt.exe
  C:\Windows\System\dTgtsCt.exe
  2⤵
  PID:3852
- C:\Windows\System\dxpsfhN.exe
  C:\Windows\System\dxpsfhN.exe
  2⤵
  PID:3868
- C:\Windows\System\VJVVaSg.exe
  C:\Windows\System\VJVVaSg.exe
  2⤵
  PID:3892
- C:\Windows\System\jYagiyX.exe
  C:\Windows\System\jYagiyX.exe
  2⤵
  PID:3912
- C:\Windows\System\LIbrGlV.exe
  C:\Windows\System\LIbrGlV.exe
  2⤵
  PID:3932
- C:\Windows\System\WyRPAsR.exe
  C:\Windows\System\WyRPAsR.exe
  2⤵
  PID:3952
- C:\Windows\System\jrVwpIt.exe
  C:\Windows\System\jrVwpIt.exe
  2⤵
  PID:3968
- C:\Windows\System\FAuCpYa.exe
  C:\Windows\System\FAuCpYa.exe
  2⤵
  PID:3992
- C:\Windows\System\wlvAHCo.exe
  C:\Windows\System\wlvAHCo.exe
  2⤵
  PID:4008
- C:\Windows\System\yYYtzYN.exe
  C:\Windows\System\yYYtzYN.exe
  2⤵
  PID:4032
- C:\Windows\System\zJTSvIq.exe
  C:\Windows\System\zJTSvIq.exe
  2⤵
  PID:4052
- C:\Windows\System\RGjedud.exe
  C:\Windows\System\RGjedud.exe
  2⤵
  PID:4068
- C:\Windows\System\QalcXBU.exe
  C:\Windows\System\QalcXBU.exe
  2⤵
  PID:4092
- C:\Windows\System\zSDmEZS.exe
  C:\Windows\System\zSDmEZS.exe
  2⤵
  PID:2848
- C:\Windows\System\IQQmrEk.exe
  C:\Windows\System\IQQmrEk.exe
  2⤵
  PID:2736
- C:\Windows\System\bcRIrGu.exe
  C:\Windows\System\bcRIrGu.exe
  2⤵
  PID:2480
- C:\Windows\System\VoPkuDj.exe
  C:\Windows\System\VoPkuDj.exe
  2⤵
  PID:840
- C:\Windows\System\nIqaxYI.exe
  C:\Windows\System\nIqaxYI.exe
  2⤵
  PID:1212
- C:\Windows\System\MOcPjSf.exe
  C:\Windows\System\MOcPjSf.exe
  2⤵
  PID:2608
- C:\Windows\System\lrjasoG.exe
  C:\Windows\System\lrjasoG.exe
  2⤵
  PID:2672
- C:\Windows\System\FRUUeAI.exe
  C:\Windows\System\FRUUeAI.exe
  2⤵
  PID:1816
- C:\Windows\System\jUSCcKu.exe
  C:\Windows\System\jUSCcKu.exe
  2⤵
  PID:276
- C:\Windows\System\dNAcMRZ.exe
  C:\Windows\System\dNAcMRZ.exe
  2⤵
  PID:1764
- C:\Windows\System\NlqwLCM.exe
  C:\Windows\System\NlqwLCM.exe
  2⤵
  PID:912
- C:\Windows\System\hLSwcOk.exe
  C:\Windows\System\hLSwcOk.exe
  2⤵
  PID:2648
- C:\Windows\System\xsipfjZ.exe
  C:\Windows\System\xsipfjZ.exe
  2⤵
  PID:1264
- C:\Windows\System\kuaIYBI.exe
  C:\Windows\System\kuaIYBI.exe
  2⤵
  PID:1692
- C:\Windows\System\zSDIORd.exe
  C:\Windows\System\zSDIORd.exe
  2⤵
  PID:1284
- C:\Windows\System\FIviPPI.exe
  C:\Windows\System\FIviPPI.exe
  2⤵
  PID:2404
- C:\Windows\System\iBfRpOb.exe
  C:\Windows\System\iBfRpOb.exe
  2⤵
  PID:2716
- C:\Windows\System\aEOfyNr.exe
  C:\Windows\System\aEOfyNr.exe
  2⤵
  PID:3080
- C:\Windows\System\AjlRfNy.exe
  C:\Windows\System\AjlRfNy.exe
  2⤵
  PID:3076
- C:\Windows\System\UQbMSuL.exe
  C:\Windows\System\UQbMSuL.exe
  2⤵
  PID:3120
- C:\Windows\System\sdhaXkk.exe
  C:\Windows\System\sdhaXkk.exe
  2⤵
  PID:3136
- C:\Windows\System\lTToXqD.exe
  C:\Windows\System\lTToXqD.exe
  2⤵
  PID:3192
- C:\Windows\System\DvfRfua.exe
  C:\Windows\System\DvfRfua.exe
  2⤵
  PID:3240
- C:\Windows\System\wNuWPEG.exe
  C:\Windows\System\wNuWPEG.exe
  2⤵
  PID:3224
- C:\Windows\System\gwoHguU.exe
  C:\Windows\System\gwoHguU.exe
  2⤵
  PID:3256
- C:\Windows\System\altiFDV.exe
  C:\Windows\System\altiFDV.exe
  2⤵
  PID:3304
- C:\Windows\System\ZgcePRt.exe
  C:\Windows\System\ZgcePRt.exe
  2⤵
  PID:3360
- C:\Windows\System\VvaHYUu.exe
  C:\Windows\System\VvaHYUu.exe
  2⤵
  PID:3384
- C:\Windows\System\DTAqQrg.exe
  C:\Windows\System\DTAqQrg.exe
  2⤵
  PID:3416
- C:\Windows\System\QsXkqEF.exe
  C:\Windows\System\QsXkqEF.exe
  2⤵
  PID:3460
- C:\Windows\System\ODhijAR.exe
  C:\Windows\System\ODhijAR.exe
  2⤵
  PID:3492
- C:\Windows\System\hdOISiB.exe
  C:\Windows\System\hdOISiB.exe
  2⤵
  PID:3556
- C:\Windows\System\OSnCrcs.exe
  C:\Windows\System\OSnCrcs.exe
  2⤵
  PID:3572
- C:\Windows\System\gPwBeSo.exe
  C:\Windows\System\gPwBeSo.exe
  2⤵
  PID:3612
- C:\Windows\System\FoYBuSB.exe
  C:\Windows\System\FoYBuSB.exe
  2⤵
  PID:3616
- C:\Windows\System\WlBuBsZ.exe
  C:\Windows\System\WlBuBsZ.exe
  2⤵
  PID:3680
- C:\Windows\System\OAjcnpe.exe
  C:\Windows\System\OAjcnpe.exe
  2⤵
  PID:3724
- C:\Windows\System\GcBzanh.exe
  C:\Windows\System\GcBzanh.exe
  2⤵
  PID:3760
- C:\Windows\System\uieoQVg.exe
  C:\Windows\System\uieoQVg.exe
  2⤵
  PID:3796
- C:\Windows\System\BAWrOsV.exe
  C:\Windows\System\BAWrOsV.exe
  2⤵
  PID:3820
- C:\Windows\System\ZqOtwuH.exe
  C:\Windows\System\ZqOtwuH.exe
  2⤵
  PID:3828
- C:\Windows\System\ZdfBmIJ.exe
  C:\Windows\System\ZdfBmIJ.exe
  2⤵
  PID:3888
- C:\Windows\System\ZvDtpSA.exe
  C:\Windows\System\ZvDtpSA.exe
  2⤵
  PID:3928
- C:\Windows\System\ZjNKloG.exe
  C:\Windows\System\ZjNKloG.exe
  2⤵
  PID:3904
- C:\Windows\System\BIOrbhm.exe
  C:\Windows\System\BIOrbhm.exe
  2⤵
  PID:4004
- C:\Windows\System\niUNsMa.exe
  C:\Windows\System\niUNsMa.exe
  2⤵
  PID:4016
- C:\Windows\System\TmhxOVq.exe
  C:\Windows\System\TmhxOVq.exe
  2⤵
  PID:4024
- C:\Windows\System\AKFfIMn.exe
  C:\Windows\System\AKFfIMn.exe
  2⤵
  PID:4088
- C:\Windows\System\gIVCurY.exe
  C:\Windows\System\gIVCurY.exe
  2⤵
  PID:1532
- C:\Windows\System\yUCzPrt.exe
  C:\Windows\System\yUCzPrt.exe
  2⤵
  PID:448
- C:\Windows\System\oDVYOSj.exe
  C:\Windows\System\oDVYOSj.exe
  2⤵
  PID:340
- C:\Windows\System\DpdrERZ.exe
  C:\Windows\System\DpdrERZ.exe
  2⤵
  PID:2756
- C:\Windows\System\jLvQMCn.exe
  C:\Windows\System\jLvQMCn.exe
  2⤵
  PID:2016
- C:\Windows\System\JPFtugD.exe
  C:\Windows\System\JPFtugD.exe
  2⤵
  PID:2072
- C:\Windows\System\FKcwAKH.exe
  C:\Windows\System\FKcwAKH.exe
  2⤵
  PID:2616
- C:\Windows\System\gXTHHho.exe
  C:\Windows\System\gXTHHho.exe
  2⤵
  PID:1488
- C:\Windows\System\zAgUQTJ.exe
  C:\Windows\System\zAgUQTJ.exe
  2⤵
  PID:3124
- C:\Windows\System\DxCIPRx.exe
  C:\Windows\System\DxCIPRx.exe
  2⤵
  PID:484
- C:\Windows\System\vECIuGM.exe
  C:\Windows\System\vECIuGM.exe
  2⤵
  PID:3176
- C:\Windows\System\MmJUEzK.exe
  C:\Windows\System\MmJUEzK.exe
  2⤵
  PID:2876
- C:\Windows\System\iLkhNQG.exe
  C:\Windows\System\iLkhNQG.exe
  2⤵
  PID:3296
- C:\Windows\System\IIpzbBc.exe
  C:\Windows\System\IIpzbBc.exe
  2⤵
  PID:3156
- C:\Windows\System\RUAMVfQ.exe
  C:\Windows\System\RUAMVfQ.exe
  2⤵
  PID:3380
- C:\Windows\System\bzJaxFz.exe
  C:\Windows\System\bzJaxFz.exe
  2⤵
  PID:3280
- C:\Windows\System\GAZsRyj.exe
  C:\Windows\System\GAZsRyj.exe
  2⤵
  PID:3476
- C:\Windows\System\rQAjRBv.exe
  C:\Windows\System\rQAjRBv.exe
  2⤵
  PID:3412
- C:\Windows\System\jptfqDl.exe
  C:\Windows\System\jptfqDl.exe
  2⤵
  PID:3596
- C:\Windows\System\ByLzZSq.exe
  C:\Windows\System\ByLzZSq.exe
  2⤵
  PID:3536
- C:\Windows\System\vYpMmXZ.exe
  C:\Windows\System\vYpMmXZ.exe
  2⤵
  PID:3656
- C:\Windows\System\XpCZmYa.exe
  C:\Windows\System\XpCZmYa.exe
  2⤵
  PID:3736
- C:\Windows\System\dmysnyN.exe
  C:\Windows\System\dmysnyN.exe
  2⤵
  PID:3780
- C:\Windows\System\mqzqmqJ.exe
  C:\Windows\System\mqzqmqJ.exe
  2⤵
  PID:3864
- C:\Windows\System\gIgKjHM.exe
  C:\Windows\System\gIgKjHM.exe
  2⤵
  PID:3764
- C:\Windows\System\XYCjcEn.exe
  C:\Windows\System\XYCjcEn.exe
  2⤵
  PID:3908
- C:\Windows\System\muEVHJG.exe
  C:\Windows\System\muEVHJG.exe
  2⤵
  PID:3980
- C:\Windows\System\oqFOFFt.exe
  C:\Windows\System\oqFOFFt.exe
  2⤵
  PID:4064
- C:\Windows\System\KPFiFQc.exe
  C:\Windows\System\KPFiFQc.exe
  2⤵
  PID:2220
- C:\Windows\System\AgGWFGa.exe
  C:\Windows\System\AgGWFGa.exe
  2⤵
  PID:1004
- C:\Windows\System\LaZRYpc.exe
  C:\Windows\System\LaZRYpc.exe
  2⤵
  PID:2272
- C:\Windows\System\uHjUGCC.exe
  C:\Windows\System\uHjUGCC.exe
  2⤵
  PID:2580
- C:\Windows\System\NbUhddZ.exe
  C:\Windows\System\NbUhddZ.exe
  2⤵
  PID:2568
- C:\Windows\System\DAhFrrY.exe
  C:\Windows\System\DAhFrrY.exe
  2⤵
  PID:1600
- C:\Windows\System\mFsfxLi.exe
  C:\Windows\System\mFsfxLi.exe
  2⤵
  PID:3244
- C:\Windows\System\LRCmowN.exe
  C:\Windows\System\LRCmowN.exe
  2⤵
  PID:3444
- C:\Windows\System\coGpbrm.exe
  C:\Windows\System\coGpbrm.exe
  2⤵
  PID:4100
- C:\Windows\System\iFWBVgp.exe
  C:\Windows\System\iFWBVgp.exe
  2⤵
  PID:4116
- C:\Windows\System\TZlwZPi.exe
  C:\Windows\System\TZlwZPi.exe
  2⤵
  PID:4144
- C:\Windows\System\MezdcXa.exe
  C:\Windows\System\MezdcXa.exe
  2⤵
  PID:4164
- C:\Windows\System\zDPFwrh.exe
  C:\Windows\System\zDPFwrh.exe
  2⤵
  PID:4184
- C:\Windows\System\sYiGLJY.exe
  C:\Windows\System\sYiGLJY.exe
  2⤵
  PID:4204
- C:\Windows\System\ZnSrfYq.exe
  C:\Windows\System\ZnSrfYq.exe
  2⤵
  PID:4220
- C:\Windows\System\raHmzCk.exe
  C:\Windows\System\raHmzCk.exe
  2⤵
  PID:4240
- C:\Windows\System\LQwKcvL.exe
  C:\Windows\System\LQwKcvL.exe
  2⤵
  PID:4256
- C:\Windows\System\sQShPPc.exe
  C:\Windows\System\sQShPPc.exe
  2⤵
  PID:4280
- C:\Windows\System\vuTkgNS.exe
  C:\Windows\System\vuTkgNS.exe
  2⤵
  PID:4304
- C:\Windows\System\RaMjvqD.exe
  C:\Windows\System\RaMjvqD.exe
  2⤵
  PID:4324
- C:\Windows\System\zLvWzak.exe
  C:\Windows\System\zLvWzak.exe
  2⤵
  PID:4344
- C:\Windows\System\MSJfBrq.exe
  C:\Windows\System\MSJfBrq.exe
  2⤵
  PID:4364
- C:\Windows\System\VyMwtxN.exe
  C:\Windows\System\VyMwtxN.exe
  2⤵
  PID:4384
- C:\Windows\System\CZzBGiB.exe
  C:\Windows\System\CZzBGiB.exe
  2⤵
  PID:4400
- C:\Windows\System\dnRlcBv.exe
  C:\Windows\System\dnRlcBv.exe
  2⤵
  PID:4420
- C:\Windows\System\DCxfbur.exe
  C:\Windows\System\DCxfbur.exe
  2⤵
  PID:4444
- C:\Windows\System\sZYsjhT.exe
  C:\Windows\System\sZYsjhT.exe
  2⤵
  PID:4460
- C:\Windows\System\yqZKOgz.exe
  C:\Windows\System\yqZKOgz.exe
  2⤵
  PID:4488
- C:\Windows\System\GbUNkFi.exe
  C:\Windows\System\GbUNkFi.exe
  2⤵
  PID:4504
- C:\Windows\System\qwpapoc.exe
  C:\Windows\System\qwpapoc.exe
  2⤵
  PID:4524
- C:\Windows\System\xbDnQaZ.exe
  C:\Windows\System\xbDnQaZ.exe
  2⤵
  PID:4544
- C:\Windows\System\KaCDGAn.exe
  C:\Windows\System\KaCDGAn.exe
  2⤵
  PID:4564
- C:\Windows\System\zaPxqlb.exe
  C:\Windows\System\zaPxqlb.exe
  2⤵
  PID:4584
- C:\Windows\System\CyQXKXo.exe
  C:\Windows\System\CyQXKXo.exe
  2⤵
  PID:4600
- C:\Windows\System\rccuOZT.exe
  C:\Windows\System\rccuOZT.exe
  2⤵
  PID:4620
- C:\Windows\System\GZfqxEM.exe
  C:\Windows\System\GZfqxEM.exe
  2⤵
  PID:4640
- C:\Windows\System\kqQkNaR.exe
  C:\Windows\System\kqQkNaR.exe
  2⤵
  PID:4672
- C:\Windows\System\bLnmusc.exe
  C:\Windows\System\bLnmusc.exe
  2⤵
  PID:4688
- C:\Windows\System\VybmFsI.exe
  C:\Windows\System\VybmFsI.exe
  2⤵
  PID:4712
- C:\Windows\System\LoBOSGt.exe
  C:\Windows\System\LoBOSGt.exe
  2⤵
  PID:4732
- C:\Windows\System\JyjNAap.exe
  C:\Windows\System\JyjNAap.exe
  2⤵
  PID:4752
- C:\Windows\System\EMmJnyU.exe
  C:\Windows\System\EMmJnyU.exe
  2⤵
  PID:4768
- C:\Windows\System\TlRZJBv.exe
  C:\Windows\System\TlRZJBv.exe
  2⤵
  PID:4788
- C:\Windows\System\AlYeQax.exe
  C:\Windows\System\AlYeQax.exe
  2⤵
  PID:4812
- C:\Windows\System\iYrNJik.exe
  C:\Windows\System\iYrNJik.exe
  2⤵
  PID:4828
- C:\Windows\System\IoiiRZg.exe
  C:\Windows\System\IoiiRZg.exe
  2⤵
  PID:4848
- C:\Windows\System\FuqqIZz.exe
  C:\Windows\System\FuqqIZz.exe
  2⤵
  PID:4868
- C:\Windows\System\hdhVPSY.exe
  C:\Windows\System\hdhVPSY.exe
  2⤵
  PID:4892
- C:\Windows\System\vLyqvPy.exe
  C:\Windows\System\vLyqvPy.exe
  2⤵
  PID:4912
- C:\Windows\System\QhsYxiw.exe
  C:\Windows\System\QhsYxiw.exe
  2⤵
  PID:4932
- C:\Windows\System\PmiHBcc.exe
  C:\Windows\System\PmiHBcc.exe
  2⤵
  PID:4948
- C:\Windows\System\dHVTQdh.exe
  C:\Windows\System\dHVTQdh.exe
  2⤵
  PID:4968
- C:\Windows\System\YQcqYjL.exe
  C:\Windows\System\YQcqYjL.exe
  2⤵
  PID:4988
- C:\Windows\System\LwrlBpn.exe
  C:\Windows\System\LwrlBpn.exe
  2⤵
  PID:5004
- C:\Windows\System\DIZyToR.exe
  C:\Windows\System\DIZyToR.exe
  2⤵
  PID:5028
- C:\Windows\System\CRLzsEo.exe
  C:\Windows\System\CRLzsEo.exe
  2⤵
  PID:5052
- C:\Windows\System\cvRcOga.exe
  C:\Windows\System\cvRcOga.exe
  2⤵
  PID:5072
- C:\Windows\System\ajhSZIk.exe
  C:\Windows\System\ajhSZIk.exe
  2⤵
  PID:5092
- C:\Windows\System\KGjUZGk.exe
  C:\Windows\System\KGjUZGk.exe
  2⤵
  PID:5112
- C:\Windows\System\Livlzxj.exe
  C:\Windows\System\Livlzxj.exe
  2⤵
  PID:960
- C:\Windows\System\IWjuHtU.exe
  C:\Windows\System\IWjuHtU.exe
  2⤵
  PID:3352
- C:\Windows\System\uQTTqRC.exe
  C:\Windows\System\uQTTqRC.exe
  2⤵
  PID:2140
- C:\Windows\System\fCyYwFS.exe
  C:\Windows\System\fCyYwFS.exe
  2⤵
  PID:3676
- C:\Windows\System\vRNKNxx.exe
  C:\Windows\System\vRNKNxx.exe
  2⤵
  PID:3860
- C:\Windows\System\APnEWXr.exe
  C:\Windows\System\APnEWXr.exe
  2⤵
  PID:3576
- C:\Windows\System\LuqMkHG.exe
  C:\Windows\System\LuqMkHG.exe
  2⤵
  PID:3740
- C:\Windows\System\bCdUeUo.exe
  C:\Windows\System\bCdUeUo.exe
  2⤵
  PID:4080
- C:\Windows\System\NKHFFqG.exe
  C:\Windows\System\NKHFFqG.exe
  2⤵
  PID:1280
- C:\Windows\System\CghUSTJ.exe
  C:\Windows\System\CghUSTJ.exe
  2⤵
  PID:3976
- C:\Windows\System\oALEHsB.exe
  C:\Windows\System\oALEHsB.exe
  2⤵
  PID:3064
- C:\Windows\System\GyrBJPU.exe
  C:\Windows\System\GyrBJPU.exe
  2⤵
  PID:3236
- C:\Windows\System\LuySAwP.exe
  C:\Windows\System\LuySAwP.exe
  2⤵
  PID:3160
- C:\Windows\System\lfmFKvs.exe
  C:\Windows\System\lfmFKvs.exe
  2⤵
  PID:4160
- C:\Windows\System\OdhzxCt.exe
  C:\Windows\System\OdhzxCt.exe
  2⤵
  PID:4200
- C:\Windows\System\VMwrarq.exe
  C:\Windows\System\VMwrarq.exe
  2⤵
  PID:4236
- C:\Windows\System\DKfUGyM.exe
  C:\Windows\System\DKfUGyM.exe
  2⤵
  PID:4140
- C:\Windows\System\uNjyeBx.exe
  C:\Windows\System\uNjyeBx.exe
  2⤵
  PID:4312
- C:\Windows\System\MSNyRPw.exe
  C:\Windows\System\MSNyRPw.exe
  2⤵
  PID:4216
- C:\Windows\System\vpAaMLU.exe
  C:\Windows\System\vpAaMLU.exe
  2⤵
  PID:4352
- C:\Windows\System\roOKmnO.exe
  C:\Windows\System\roOKmnO.exe
  2⤵
  PID:4296
- C:\Windows\System\lOrAiRx.exe
  C:\Windows\System\lOrAiRx.exe
  2⤵
  PID:4336
- C:\Windows\System\wLdFBOB.exe
  C:\Windows\System\wLdFBOB.exe
  2⤵
  PID:4376
- C:\Windows\System\pHegVoE.exe
  C:\Windows\System\pHegVoE.exe
  2⤵
  PID:4380
- C:\Windows\System\ddanIDA.exe
  C:\Windows\System\ddanIDA.exe
  2⤵
  PID:4480
- C:\Windows\System\WLwJxgL.exe
  C:\Windows\System\WLwJxgL.exe
  2⤵
  PID:4516
- C:\Windows\System\xEleTSL.exe
  C:\Windows\System\xEleTSL.exe
  2⤵
  PID:4592
- C:\Windows\System\FKMCuAO.exe
  C:\Windows\System\FKMCuAO.exe
  2⤵
  PID:4536
- C:\Windows\System\kyzrKrl.exe
  C:\Windows\System\kyzrKrl.exe
  2⤵
  PID:4580
- C:\Windows\System\YwtkgwI.exe
  C:\Windows\System\YwtkgwI.exe
  2⤵
  PID:4648
- C:\Windows\System\vbaGRik.exe
  C:\Windows\System\vbaGRik.exe
  2⤵
  PID:4720
- C:\Windows\System\jhEPAGu.exe
  C:\Windows\System\jhEPAGu.exe
  2⤵
  PID:4724
- C:\Windows\System\uoBIUCO.exe
  C:\Windows\System\uoBIUCO.exe
  2⤵
  PID:4700
- C:\Windows\System\NKHlhJH.exe
  C:\Windows\System\NKHlhJH.exe
  2⤵
  PID:4836
- C:\Windows\System\IUgtvnW.exe
  C:\Windows\System\IUgtvnW.exe
  2⤵
  PID:4744
- C:\Windows\System\XCIpnPE.exe
  C:\Windows\System\XCIpnPE.exe
  2⤵
  PID:4820
- C:\Windows\System\zCKpmqc.exe
  C:\Windows\System\zCKpmqc.exe
  2⤵
  PID:4860
- C:\Windows\System\Wolstgs.exe
  C:\Windows\System\Wolstgs.exe
  2⤵
  PID:4924
- C:\Windows\System\FAkEKOB.exe
  C:\Windows\System\FAkEKOB.exe
  2⤵
  PID:4964
- C:\Windows\System\UjxWAbV.exe
  C:\Windows\System\UjxWAbV.exe
  2⤵
  PID:4944
- C:\Windows\System\vjVVGQD.exe
  C:\Windows\System\vjVVGQD.exe
  2⤵
  PID:5044
- C:\Windows\System\TCXeExo.exe
  C:\Windows\System\TCXeExo.exe
  2⤵
  PID:5016
- C:\Windows\System\BRKvgsw.exe
  C:\Windows\System\BRKvgsw.exe
  2⤵
  PID:5060
- C:\Windows\System\xkqHNdP.exe
  C:\Windows\System\xkqHNdP.exe
  2⤵
  PID:3464
- C:\Windows\System\LzeyEui.exe
  C:\Windows\System\LzeyEui.exe
  2⤵
  PID:3400
- C:\Windows\System\xeRlKov.exe
  C:\Windows\System\xeRlKov.exe
  2⤵
  PID:3568
- C:\Windows\System\OsLUuRz.exe
  C:\Windows\System\OsLUuRz.exe
  2⤵
  PID:3516
- C:\Windows\System\XIzfuWM.exe
  C:\Windows\System\XIzfuWM.exe
  2⤵
  PID:3984
- C:\Windows\System\rOtFXzc.exe
  C:\Windows\System\rOtFXzc.exe
  2⤵
  PID:2548
- C:\Windows\System\ksuyjOM.exe
  C:\Windows\System\ksuyjOM.exe
  2⤵
  PID:4000
- C:\Windows\System\uroOqnI.exe
  C:\Windows\System\uroOqnI.exe
  2⤵
  PID:1628
- C:\Windows\System\psrAoJt.exe
  C:\Windows\System\psrAoJt.exe
  2⤵
  PID:848
- C:\Windows\System\zAfkqMC.exe
  C:\Windows\System\zAfkqMC.exe
  2⤵
  PID:4264
- C:\Windows\System\hnNlPsb.exe
  C:\Windows\System\hnNlPsb.exe
  2⤵
  PID:3084
- C:\Windows\System\vVfcQTr.exe
  C:\Windows\System\vVfcQTr.exe
  2⤵
  PID:4248
- C:\Windows\System\WcvbPnj.exe
  C:\Windows\System\WcvbPnj.exe
  2⤵
  PID:4288
- C:\Windows\System\SZNdgrt.exe
  C:\Windows\System\SZNdgrt.exe
  2⤵
  PID:4172
- C:\Windows\System\xAPTMSs.exe
  C:\Windows\System\xAPTMSs.exe
  2⤵
  PID:4332
- C:\Windows\System\lVzZNgC.exe
  C:\Windows\System\lVzZNgC.exe
  2⤵
  PID:4500
- C:\Windows\System\aFBUoGA.exe
  C:\Windows\System\aFBUoGA.exe
  2⤵
  PID:4636
- C:\Windows\System\gsohJEW.exe
  C:\Windows\System\gsohJEW.exe
  2⤵
  PID:4632
- C:\Windows\System\OIsKqoP.exe
  C:\Windows\System\OIsKqoP.exe
  2⤵
  PID:4680
- C:\Windows\System\MTobOYH.exe
  C:\Windows\System\MTobOYH.exe
  2⤵
  PID:4704
- C:\Windows\System\UnmhStM.exe
  C:\Windows\System\UnmhStM.exe
  2⤵
  PID:4748
- C:\Windows\System\zorOJpY.exe
  C:\Windows\System\zorOJpY.exe
  2⤵
  PID:4888
- C:\Windows\System\jzJCdDK.exe
  C:\Windows\System\jzJCdDK.exe
  2⤵
  PID:4908
- C:\Windows\System\vMFBIBJ.exe
  C:\Windows\System\vMFBIBJ.exe
  2⤵
  PID:4904
- C:\Windows\System\AQYISmo.exe
  C:\Windows\System\AQYISmo.exe
  2⤵
  PID:5048
- C:\Windows\System\XOYEIVz.exe
  C:\Windows\System\XOYEIVz.exe
  2⤵
  PID:5132
- C:\Windows\System\EzyEGpG.exe
  C:\Windows\System\EzyEGpG.exe
  2⤵
  PID:5152
- C:\Windows\System\pxaBEBE.exe
  C:\Windows\System\pxaBEBE.exe
  2⤵
  PID:5172
- C:\Windows\System\xPjgSSD.exe
  C:\Windows\System\xPjgSSD.exe
  2⤵
  PID:5192
- C:\Windows\System\YvDqBOE.exe
  C:\Windows\System\YvDqBOE.exe
  2⤵
  PID:5212
- C:\Windows\System\DAWkkrT.exe
  C:\Windows\System\DAWkkrT.exe
  2⤵
  PID:5232
- C:\Windows\System\vufKPnH.exe
  C:\Windows\System\vufKPnH.exe
  2⤵
  PID:5252
- C:\Windows\System\GBWSSrk.exe
  C:\Windows\System\GBWSSrk.exe
  2⤵
  PID:5272
- C:\Windows\System\wTJDszt.exe
  C:\Windows\System\wTJDszt.exe
  2⤵
  PID:5292
- C:\Windows\System\ICfPMfe.exe
  C:\Windows\System\ICfPMfe.exe
  2⤵
  PID:5312
- C:\Windows\System\CwYIieP.exe
  C:\Windows\System\CwYIieP.exe
  2⤵
  PID:5332
- C:\Windows\System\HUutqSr.exe
  C:\Windows\System\HUutqSr.exe
  2⤵
  PID:5352
- C:\Windows\System\iEQTKGY.exe
  C:\Windows\System\iEQTKGY.exe
  2⤵
  PID:5372
- C:\Windows\System\YFyCpvC.exe
  C:\Windows\System\YFyCpvC.exe
  2⤵
  PID:5392
- C:\Windows\System\YSKtBjc.exe
  C:\Windows\System\YSKtBjc.exe
  2⤵
  PID:5412
- C:\Windows\System\VeGyeXF.exe
  C:\Windows\System\VeGyeXF.exe
  2⤵
  PID:5432
- C:\Windows\System\oEQQdGw.exe
  C:\Windows\System\oEQQdGw.exe
  2⤵
  PID:5456
- C:\Windows\System\XxcPsVY.exe
  C:\Windows\System\XxcPsVY.exe
  2⤵
  PID:5472
- C:\Windows\System\CYUpQqd.exe
  C:\Windows\System\CYUpQqd.exe
  2⤵
  PID:5496
- C:\Windows\System\AXwJJLN.exe
  C:\Windows\System\AXwJJLN.exe
  2⤵
  PID:5520
- C:\Windows\System\nLAmbFD.exe
  C:\Windows\System\nLAmbFD.exe
  2⤵
  PID:5540
- C:\Windows\System\xOpdDWv.exe
  C:\Windows\System\xOpdDWv.exe
  2⤵
  PID:5560
- C:\Windows\System\zoGXIkR.exe
  C:\Windows\System\zoGXIkR.exe
  2⤵
  PID:5580
- C:\Windows\System\LpUYVta.exe
  C:\Windows\System\LpUYVta.exe
  2⤵
  PID:5600
- C:\Windows\System\TANdtju.exe
  C:\Windows\System\TANdtju.exe
  2⤵
  PID:5624
- C:\Windows\System\dEzFDFp.exe
  C:\Windows\System\dEzFDFp.exe
  2⤵
  PID:5644
- C:\Windows\System\bLjRwGG.exe
  C:\Windows\System\bLjRwGG.exe
  2⤵
  PID:5664
- C:\Windows\System\omaapbZ.exe
  C:\Windows\System\omaapbZ.exe
  2⤵
  PID:5684
- C:\Windows\System\lwtZWzQ.exe
  C:\Windows\System\lwtZWzQ.exe
  2⤵
  PID:5704
- C:\Windows\System\wQJlbVa.exe
  C:\Windows\System\wQJlbVa.exe
  2⤵
  PID:5724
- C:\Windows\System\HpemBQF.exe
  C:\Windows\System\HpemBQF.exe
  2⤵
  PID:5744
- C:\Windows\System\JDYqnke.exe
  C:\Windows\System\JDYqnke.exe
  2⤵
  PID:5764
- C:\Windows\System\uDwRBjJ.exe
  C:\Windows\System\uDwRBjJ.exe
  2⤵
  PID:5784
- C:\Windows\System\maaxPJp.exe
  C:\Windows\System\maaxPJp.exe
  2⤵
  PID:5804
- C:\Windows\System\upMBOWY.exe
  C:\Windows\System\upMBOWY.exe
  2⤵
  PID:5824
- C:\Windows\System\vmYaCAb.exe
  C:\Windows\System\vmYaCAb.exe
  2⤵
  PID:5844
- C:\Windows\System\QrTkNxV.exe
  C:\Windows\System\QrTkNxV.exe
  2⤵
  PID:5864
- C:\Windows\System\qhGLJFt.exe
  C:\Windows\System\qhGLJFt.exe
  2⤵
  PID:5884
- C:\Windows\System\VtvxwLn.exe
  C:\Windows\System\VtvxwLn.exe
  2⤵
  PID:5904
- C:\Windows\System\dByIzUo.exe
  C:\Windows\System\dByIzUo.exe
  2⤵
  PID:5924
- C:\Windows\System\xTqspse.exe
  C:\Windows\System\xTqspse.exe
  2⤵
  PID:5944
- C:\Windows\System\iqyJYll.exe
  C:\Windows\System\iqyJYll.exe
  2⤵
  PID:5964
- C:\Windows\System\jKYCVAg.exe
  C:\Windows\System\jKYCVAg.exe
  2⤵
  PID:5984
- C:\Windows\System\kAQcVeQ.exe
  C:\Windows\System\kAQcVeQ.exe
  2⤵
  PID:6004
- C:\Windows\System\xOqrjhN.exe
  C:\Windows\System\xOqrjhN.exe
  2⤵
  PID:6024
- C:\Windows\System\uNSCKXz.exe
  C:\Windows\System\uNSCKXz.exe
  2⤵
  PID:6044
- C:\Windows\System\KzcDKxI.exe
  C:\Windows\System\KzcDKxI.exe
  2⤵
  PID:6064
- C:\Windows\System\NMTBJlp.exe
  C:\Windows\System\NMTBJlp.exe
  2⤵
  PID:6084
- C:\Windows\System\mAvJHoU.exe
  C:\Windows\System\mAvJHoU.exe
  2⤵
  PID:6104
- C:\Windows\System\gosZzYI.exe
  C:\Windows\System\gosZzYI.exe
  2⤵
  PID:6124
- C:\Windows\System\BEPQTOM.exe
  C:\Windows\System\BEPQTOM.exe
  2⤵
  PID:3008
- C:\Windows\System\NIVmJor.exe
  C:\Windows\System\NIVmJor.exe
  2⤵
  PID:5012
- C:\Windows\System\COWlldK.exe
  C:\Windows\System\COWlldK.exe
  2⤵
  PID:3292
- C:\Windows\System\VlrtGRg.exe
  C:\Windows\System\VlrtGRg.exe
  2⤵
  PID:3552
- C:\Windows\System\IraHsRm.exe
  C:\Windows\System\IraHsRm.exe
  2⤵
  PID:2304
- C:\Windows\System\gpRujlh.exe
  C:\Windows\System\gpRujlh.exe
  2⤵
  PID:1712
- C:\Windows\System\vhHcKPA.exe
  C:\Windows\System\vhHcKPA.exe
  2⤵
  PID:4128
- C:\Windows\System\BxxtdCs.exe
  C:\Windows\System\BxxtdCs.exe
  2⤵
  PID:4156
- C:\Windows\System\UuvwzQt.exe
  C:\Windows\System\UuvwzQt.exe
  2⤵
  PID:4228
- C:\Windows\System\zIcsyzL.exe
  C:\Windows\System\zIcsyzL.exe
  2⤵
  PID:4392
- C:\Windows\System\tpXcABL.exe
  C:\Windows\System\tpXcABL.exe
  2⤵
  PID:4452
- C:\Windows\System\ROPZTha.exe
  C:\Windows\System\ROPZTha.exe
  2⤵
  PID:4520
- C:\Windows\System\IJCkZUg.exe
  C:\Windows\System\IJCkZUg.exe
  2⤵
  PID:4572
- C:\Windows\System\jwnPtMM.exe
  C:\Windows\System\jwnPtMM.exe
  2⤵
  PID:4764
- C:\Windows\System\pHFznfo.exe
  C:\Windows\System\pHFznfo.exe
  2⤵
  PID:4840
- C:\Windows\System\ogMympN.exe
  C:\Windows\System\ogMympN.exe
  2⤵
  PID:4884
- C:\Windows\System\WcGutnE.exe
  C:\Windows\System\WcGutnE.exe
  2⤵
  PID:5040
- C:\Windows\System\QksltSb.exe
  C:\Windows\System\QksltSb.exe
  2⤵
  PID:5124
- C:\Windows\System\yfUHDnM.exe
  C:\Windows\System\yfUHDnM.exe
  2⤵
  PID:5148
- C:\Windows\System\rDPvAHP.exe
  C:\Windows\System\rDPvAHP.exe
  2⤵
  PID:5180
- C:\Windows\System\bTlBBZJ.exe
  C:\Windows\System\bTlBBZJ.exe
  2⤵
  PID:5224
- C:\Windows\System\dnlPAoy.exe
  C:\Windows\System\dnlPAoy.exe
  2⤵
  PID:5280
- C:\Windows\System\TqSeeZE.exe
  C:\Windows\System\TqSeeZE.exe
  2⤵
  PID:5300
- C:\Windows\System\nDHnWhc.exe
  C:\Windows\System\nDHnWhc.exe
  2⤵
  PID:5340
- C:\Windows\System\ZCzwYZD.exe
  C:\Windows\System\ZCzwYZD.exe
  2⤵
  PID:5344
- C:\Windows\System\uQqkFXX.exe
  C:\Windows\System\uQqkFXX.exe
  2⤵
  PID:5440
- C:\Windows\System\XVJKuai.exe
  C:\Windows\System\XVJKuai.exe
  2⤵
  PID:5444
- C:\Windows\System\xYBWtqS.exe
  C:\Windows\System\xYBWtqS.exe
  2⤵
  PID:5468
- C:\Windows\System\yKVghVI.exe
  C:\Windows\System\yKVghVI.exe
  2⤵
  PID:5528
- C:\Windows\System\iBJhpkQ.exe
  C:\Windows\System\iBJhpkQ.exe
  2⤵
  PID:5552
- C:\Windows\System\RYbrWba.exe
  C:\Windows\System\RYbrWba.exe
  2⤵
  PID:5588
- C:\Windows\System\rYzJScX.exe
  C:\Windows\System\rYzJScX.exe
  2⤵
  PID:5612
- C:\Windows\System\AojBlnz.exe
  C:\Windows\System\AojBlnz.exe
  2⤵
  PID:5656
- C:\Windows\System\xJYkRQH.exe
  C:\Windows\System\xJYkRQH.exe
  2⤵
  PID:5696
- C:\Windows\System\pfyELHb.exe
  C:\Windows\System\pfyELHb.exe
  2⤵
  PID:5736
- C:\Windows\System\brPzPRS.exe
  C:\Windows\System\brPzPRS.exe
  2⤵
  PID:5776
- C:\Windows\System\KfGtAgb.exe
  C:\Windows\System\KfGtAgb.exe
  2⤵
  PID:5820
- C:\Windows\System\pOgeEKk.exe
  C:\Windows\System\pOgeEKk.exe
  2⤵
  PID:5840
- C:\Windows\System\imlqEli.exe
  C:\Windows\System\imlqEli.exe
  2⤵
  PID:5880
- C:\Windows\System\yqnfewi.exe
  C:\Windows\System\yqnfewi.exe
  2⤵
  PID:5932
- C:\Windows\System\FlEXofD.exe
  C:\Windows\System\FlEXofD.exe
  2⤵
  PID:5952
- C:\Windows\System\KMCMRup.exe
  C:\Windows\System\KMCMRup.exe
  2⤵
  PID:6012
- C:\Windows\System\LmRnais.exe
  C:\Windows\System\LmRnais.exe
  2⤵
  PID:6040
- C:\Windows\System\uhzguHr.exe
  C:\Windows\System\uhzguHr.exe
  2⤵
  PID:6072
- C:\Windows\System\TGJgJlU.exe
  C:\Windows\System\TGJgJlU.exe
  2⤵
  PID:6076
- C:\Windows\System\afArdel.exe
  C:\Windows\System\afArdel.exe
  2⤵
  PID:6116
- C:\Windows\System\icUDnWu.exe
  C:\Windows\System\icUDnWu.exe
  2⤵
  PID:5104
- C:\Windows\System\faEsApO.exe
  C:\Windows\System\faEsApO.exe
  2⤵
  PID:3524
- C:\Windows\System\TlEmUja.exe
  C:\Windows\System\TlEmUja.exe
  2⤵
  PID:2764
- C:\Windows\System\KhqlTsw.exe
  C:\Windows\System\KhqlTsw.exe
  2⤵
  PID:4192
- C:\Windows\System\fSpfpqA.exe
  C:\Windows\System\fSpfpqA.exe
  2⤵
  PID:4252
- C:\Windows\System\vvpYvts.exe
  C:\Windows\System\vvpYvts.exe
  2⤵
  PID:4560
- C:\Windows\System\ldqBdML.exe
  C:\Windows\System\ldqBdML.exe
  2⤵
  PID:4476
- C:\Windows\System\vopFdHr.exe
  C:\Windows\System\vopFdHr.exe
  2⤵
  PID:4696
- C:\Windows\System\UXocKtC.exe
  C:\Windows\System\UXocKtC.exe
  2⤵
  PID:4784
- C:\Windows\System\YuVcJgr.exe
  C:\Windows\System\YuVcJgr.exe
  2⤵
  PID:5160
- C:\Windows\System\PfNlFlT.exe
  C:\Windows\System\PfNlFlT.exe
  2⤵
  PID:5208
- C:\Windows\System\CBHCQFg.exe
  C:\Windows\System\CBHCQFg.exe
  2⤵
  PID:5220
- C:\Windows\System\usHekAY.exe
  C:\Windows\System\usHekAY.exe
  2⤵
  PID:5320
- C:\Windows\System\vulynUM.exe
  C:\Windows\System\vulynUM.exe
  2⤵
  PID:5328
- C:\Windows\System\KjLqZoU.exe
  C:\Windows\System\KjLqZoU.exe
  2⤵
  PID:5388
- C:\Windows\System\fLMiTKa.exe
  C:\Windows\System\fLMiTKa.exe
  2⤵
  PID:5484
- C:\Windows\System\iEqzEXu.exe
  C:\Windows\System\iEqzEXu.exe
  2⤵
  PID:5512
- C:\Windows\System\dpYzFWJ.exe
  C:\Windows\System\dpYzFWJ.exe
  2⤵
  PID:5616
- C:\Windows\System\zJaAsVq.exe
  C:\Windows\System\zJaAsVq.exe
  2⤵
  PID:5660
- C:\Windows\System\uAyWFxr.exe
  C:\Windows\System\uAyWFxr.exe
  2⤵
  PID:5720
- C:\Windows\System\Zeiyfrq.exe
  C:\Windows\System\Zeiyfrq.exe
  2⤵
  PID:5792
- C:\Windows\System\duGtYIK.exe
  C:\Windows\System\duGtYIK.exe
  2⤵
  PID:5832
- C:\Windows\System\nBHCGxS.exe
  C:\Windows\System\nBHCGxS.exe
  2⤵
  PID:5920
- C:\Windows\System\qgNcLQQ.exe
  C:\Windows\System\qgNcLQQ.exe
  2⤵
  PID:6156
- C:\Windows\System\bRoiCtr.exe
  C:\Windows\System\bRoiCtr.exe
  2⤵
  PID:6176
- C:\Windows\System\JXhKCDK.exe
  C:\Windows\System\JXhKCDK.exe
  2⤵
  PID:6200
- C:\Windows\System\UXKoymt.exe
  C:\Windows\System\UXKoymt.exe
  2⤵
  PID:6220
- C:\Windows\System\HKboSbH.exe
  C:\Windows\System\HKboSbH.exe
  2⤵
  PID:6240
- C:\Windows\System\zJTlMCg.exe
  C:\Windows\System\zJTlMCg.exe
  2⤵
  PID:6260
- C:\Windows\System\HwKIzJE.exe
  C:\Windows\System\HwKIzJE.exe
  2⤵
  PID:6280
- C:\Windows\System\LjAmlyn.exe
  C:\Windows\System\LjAmlyn.exe
  2⤵
  PID:6300
- C:\Windows\System\ZchKxif.exe
  C:\Windows\System\ZchKxif.exe
  2⤵
  PID:6320
- C:\Windows\System\nMEzgQp.exe
  C:\Windows\System\nMEzgQp.exe
  2⤵
  PID:6340
- C:\Windows\System\GSjecIo.exe
  C:\Windows\System\GSjecIo.exe
  2⤵
  PID:6360
- C:\Windows\System\GlmiPKK.exe
  C:\Windows\System\GlmiPKK.exe
  2⤵
  PID:6380
- C:\Windows\System\RaGxgdj.exe
  C:\Windows\System\RaGxgdj.exe
  2⤵
  PID:6400
- C:\Windows\System\nVofVhb.exe
  C:\Windows\System\nVofVhb.exe
  2⤵
  PID:6420
- C:\Windows\System\GYwhMgp.exe
  C:\Windows\System\GYwhMgp.exe
  2⤵
  PID:6440
- C:\Windows\System\UuuxPOf.exe
  C:\Windows\System\UuuxPOf.exe
  2⤵
  PID:6460
- C:\Windows\System\TrZTnFX.exe
  C:\Windows\System\TrZTnFX.exe
  2⤵
  PID:6480
- C:\Windows\System\iMFPgJS.exe
  C:\Windows\System\iMFPgJS.exe
  2⤵
  PID:6500
- C:\Windows\System\MQEYPCf.exe
  C:\Windows\System\MQEYPCf.exe
  2⤵
  PID:6520
- C:\Windows\System\eyqIzKJ.exe
  C:\Windows\System\eyqIzKJ.exe
  2⤵
  PID:6540
- C:\Windows\System\bJzBLnU.exe
  C:\Windows\System\bJzBLnU.exe
  2⤵
  PID:6560
- C:\Windows\System\oYbAHPf.exe
  C:\Windows\System\oYbAHPf.exe
  2⤵
  PID:6580
- C:\Windows\System\yalGxuE.exe
  C:\Windows\System\yalGxuE.exe
  2⤵
  PID:6600
- C:\Windows\System\dXOagWU.exe
  C:\Windows\System\dXOagWU.exe
  2⤵
  PID:6620
- C:\Windows\System\HnYYGlt.exe
  C:\Windows\System\HnYYGlt.exe
  2⤵
  PID:6640
- C:\Windows\System\UFoEOQN.exe
  C:\Windows\System\UFoEOQN.exe
  2⤵
  PID:6660
- C:\Windows\System\UEZjCuO.exe
  C:\Windows\System\UEZjCuO.exe
  2⤵
  PID:6680
- C:\Windows\System\RjPUKgq.exe
  C:\Windows\System\RjPUKgq.exe
  2⤵
  PID:6700
- C:\Windows\System\iviNrPR.exe
  C:\Windows\System\iviNrPR.exe
  2⤵
  PID:6720
- C:\Windows\System\CCpCDOO.exe
  C:\Windows\System\CCpCDOO.exe
  2⤵
  PID:6740
- C:\Windows\System\MCImodz.exe
  C:\Windows\System\MCImodz.exe
  2⤵
  PID:6760
- C:\Windows\System\zwkxIUw.exe
  C:\Windows\System\zwkxIUw.exe
  2⤵
  PID:6780
- C:\Windows\System\CudcwDg.exe
  C:\Windows\System\CudcwDg.exe
  2⤵
  PID:6804
- C:\Windows\System\bdMEtGz.exe
  C:\Windows\System\bdMEtGz.exe
  2⤵
  PID:6824
- C:\Windows\System\ZcNiHXH.exe
  C:\Windows\System\ZcNiHXH.exe
  2⤵
  PID:6844
- C:\Windows\System\zmdtNoO.exe
  C:\Windows\System\zmdtNoO.exe
  2⤵
  PID:6864
- C:\Windows\System\tCRrwXE.exe
  C:\Windows\System\tCRrwXE.exe
  2⤵
  PID:6884
- C:\Windows\System\xjdbKZq.exe
  C:\Windows\System\xjdbKZq.exe
  2⤵
  PID:6904
- C:\Windows\System\DgumWQy.exe
  C:\Windows\System\DgumWQy.exe
  2⤵
  PID:6924
- C:\Windows\System\QAngtXL.exe
  C:\Windows\System\QAngtXL.exe
  2⤵
  PID:6944
- C:\Windows\System\mCZggIO.exe
  C:\Windows\System\mCZggIO.exe
  2⤵
  PID:6964
- C:\Windows\System\kOWnAcI.exe
  C:\Windows\System\kOWnAcI.exe
  2⤵
  PID:6984
- C:\Windows\System\RqBoMHP.exe
  C:\Windows\System\RqBoMHP.exe
  2⤵
  PID:7004
- C:\Windows\System\SbwiLRR.exe
  C:\Windows\System\SbwiLRR.exe
  2⤵
  PID:7024
- C:\Windows\System\zSNpTOi.exe
  C:\Windows\System\zSNpTOi.exe
  2⤵
  PID:7044
- C:\Windows\System\SIQNuYZ.exe
  C:\Windows\System\SIQNuYZ.exe
  2⤵
  PID:7064
- C:\Windows\System\QQkMTmu.exe
  C:\Windows\System\QQkMTmu.exe
  2⤵
  PID:7084
- C:\Windows\System\nyQSgUL.exe
  C:\Windows\System\nyQSgUL.exe
  2⤵
  PID:7104
- C:\Windows\System\lhIRpXB.exe
  C:\Windows\System\lhIRpXB.exe
  2⤵
  PID:7124
- C:\Windows\System\AlEZBJH.exe
  C:\Windows\System\AlEZBJH.exe
  2⤵
  PID:7144
- C:\Windows\System\zjSAlKq.exe
  C:\Windows\System\zjSAlKq.exe
  2⤵
  PID:7164
- C:\Windows\System\fuCbThs.exe
  C:\Windows\System\fuCbThs.exe
  2⤵
  PID:5936
- C:\Windows\System\lGwNNmF.exe
  C:\Windows\System\lGwNNmF.exe
  2⤵
  PID:6032
- C:\Windows\System\GBkrGHS.exe
  C:\Windows\System\GBkrGHS.exe
  2⤵
  PID:6120
- C:\Windows\System\XdhWAKn.exe
  C:\Windows\System\XdhWAKn.exe
  2⤵
  PID:356
- C:\Windows\System\rUnKQjQ.exe
  C:\Windows\System\rUnKQjQ.exe
  2⤵
  PID:4060
- C:\Windows\System\hcUWaEi.exe
  C:\Windows\System\hcUWaEi.exe
  2⤵
  PID:4020
- C:\Windows\System\IlevMNR.exe
  C:\Windows\System\IlevMNR.exe
  2⤵
  PID:4436
- C:\Windows\System\ynyKHwm.exe
  C:\Windows\System\ynyKHwm.exe
  2⤵
  PID:4576
- C:\Windows\System\bxBXagP.exe
  C:\Windows\System\bxBXagP.exe
  2⤵
  PID:5080
- C:\Windows\System\UcFzlTn.exe
  C:\Windows\System\UcFzlTn.exe
  2⤵
  PID:5228
- C:\Windows\System\PoWinCQ.exe
  C:\Windows\System\PoWinCQ.exe
  2⤵
  PID:5268
- C:\Windows\System\PdJGLxK.exe
  C:\Windows\System\PdJGLxK.exe
  2⤵
  PID:5360
- C:\Windows\System\wAljfES.exe
  C:\Windows\System\wAljfES.exe
  2⤵
  PID:5424
- C:\Windows\System\aZaFAYR.exe
  C:\Windows\System\aZaFAYR.exe
  2⤵
  PID:5548
- C:\Windows\System\tDcMBFC.exe
  C:\Windows\System\tDcMBFC.exe
  2⤵
  PID:5640
- C:\Windows\System\OdGknjv.exe
  C:\Windows\System\OdGknjv.exe
  2⤵
  PID:5760
- C:\Windows\System\skpEyvz.exe
  C:\Windows\System\skpEyvz.exe
  2⤵
  PID:2556
- C:\Windows\System\lAUGgKa.exe
  C:\Windows\System\lAUGgKa.exe
  2⤵
  PID:5892
- C:\Windows\System\wkDiBEj.exe
  C:\Windows\System\wkDiBEj.exe
  2⤵
  PID:6164
- C:\Windows\System\HVgngdV.exe
  C:\Windows\System\HVgngdV.exe
  2⤵
  PID:6236
- C:\Windows\System\XVFwgWu.exe
  C:\Windows\System\XVFwgWu.exe
  2⤵
  PID:6268
- C:\Windows\System\DWsoeEL.exe
  C:\Windows\System\DWsoeEL.exe
  2⤵
  PID:6296
- C:\Windows\System\jiBtZrb.exe
  C:\Windows\System\jiBtZrb.exe
  2⤵
  PID:6328
- C:\Windows\System\dglnKKX.exe
  C:\Windows\System\dglnKKX.exe
  2⤵
  PID:6352
- C:\Windows\System\FxzCGOi.exe
  C:\Windows\System\FxzCGOi.exe
  2⤵
  PID:6396
- C:\Windows\System\SxLmKWr.exe
  C:\Windows\System\SxLmKWr.exe
  2⤵
  PID:6436
- C:\Windows\System\DSxbBnz.exe
  C:\Windows\System\DSxbBnz.exe
  2⤵
  PID:6456
- C:\Windows\System\VHiQWRe.exe
  C:\Windows\System\VHiQWRe.exe
  2⤵
  PID:6488
- C:\Windows\System\WFAMIZh.exe
  C:\Windows\System\WFAMIZh.exe
  2⤵
  PID:6492
- C:\Windows\System\waADPjZ.exe
  C:\Windows\System\waADPjZ.exe
  2⤵
  PID:6532
- C:\Windows\System\nseBZQV.exe
  C:\Windows\System\nseBZQV.exe
  2⤵
  PID:6588
- C:\Windows\System\xVoTSBx.exe
  C:\Windows\System\xVoTSBx.exe
  2⤵
  PID:6616
- C:\Windows\System\nJlYzHB.exe
  C:\Windows\System\nJlYzHB.exe
  2⤵
  PID:6648
- C:\Windows\System\IHUfsaN.exe
  C:\Windows\System\IHUfsaN.exe
  2⤵
  PID:6672
- C:\Windows\System\kyQlexp.exe
  C:\Windows\System\kyQlexp.exe
  2⤵
  PID:6692
- C:\Windows\System\RCZCQGM.exe
  C:\Windows\System\RCZCQGM.exe
  2⤵
  PID:6732
- C:\Windows\System\REWFGOw.exe
  C:\Windows\System\REWFGOw.exe
  2⤵
  PID:6768
- C:\Windows\System\KoOyTjY.exe
  C:\Windows\System\KoOyTjY.exe
  2⤵
  PID:6812
- C:\Windows\System\UmQTmbf.exe
  C:\Windows\System\UmQTmbf.exe
  2⤵
  PID:6836
- C:\Windows\System\ywkQpre.exe
  C:\Windows\System\ywkQpre.exe
  2⤵
  PID:6880
- C:\Windows\System\ZwmrBSw.exe
  C:\Windows\System\ZwmrBSw.exe
  2⤵
  PID:6896
- C:\Windows\System\VeOvwdv.exe
  C:\Windows\System\VeOvwdv.exe
  2⤵
  PID:6932
- C:\Windows\System\yUfwxlT.exe
  C:\Windows\System\yUfwxlT.exe
  2⤵
  PID:6972
- C:\Windows\System\sNpwKSW.exe
  C:\Windows\System\sNpwKSW.exe
  2⤵
  PID:7012
- C:\Windows\System\MdMzKhK.exe
  C:\Windows\System\MdMzKhK.exe
  2⤵
  PID:7016
- C:\Windows\System\aFpZRFu.exe
  C:\Windows\System\aFpZRFu.exe
  2⤵
  PID:7080
- C:\Windows\System\BhZnyyg.exe
  C:\Windows\System\BhZnyyg.exe
  2⤵
  PID:7092
- C:\Windows\System\drKAoAB.exe
  C:\Windows\System\drKAoAB.exe
  2⤵
  PID:7152
- C:\Windows\System\fxWfsDj.exe
  C:\Windows\System\fxWfsDj.exe
  2⤵
  PID:6060
- C:\Windows\System\csREWwk.exe
  C:\Windows\System\csREWwk.exe
  2⤵
  PID:6056
- C:\Windows\System\FTiMUpe.exe
  C:\Windows\System\FTiMUpe.exe
  2⤵
  PID:3320
- C:\Windows\System\zeFJYPg.exe
  C:\Windows\System\zeFJYPg.exe
  2⤵
  PID:3920
- C:\Windows\System\WTTKAtH.exe
  C:\Windows\System\WTTKAtH.exe
  2⤵
  PID:4684
- C:\Windows\System\pPeEIne.exe
  C:\Windows\System\pPeEIne.exe
  2⤵
  PID:4152
- C:\Windows\System\CoyQYVp.exe
  C:\Windows\System\CoyQYVp.exe
  2⤵
  PID:4824
- C:\Windows\System\cucKzYU.exe
  C:\Windows\System\cucKzYU.exe
  2⤵
  PID:5260
- C:\Windows\System\RMRKiDu.exe
  C:\Windows\System\RMRKiDu.exe
  2⤵
  PID:5508
- C:\Windows\System\ZjDvfHg.exe
  C:\Windows\System\ZjDvfHg.exe
  2⤵
  PID:5800
- C:\Windows\System\gYyfFnV.exe
  C:\Windows\System\gYyfFnV.exe
  2⤵
  PID:5692
- C:\Windows\System\srMkPgp.exe
  C:\Windows\System\srMkPgp.exe
  2⤵
  PID:2712
- C:\Windows\System\ODrtiGH.exe
  C:\Windows\System\ODrtiGH.exe
  2⤵
  PID:6252
- C:\Windows\System\ZWYpqfE.exe
  C:\Windows\System\ZWYpqfE.exe
  2⤵
  PID:6184
- C:\Windows\System\uiWYnfY.exe
  C:\Windows\System\uiWYnfY.exe
  2⤵
  PID:6256
- C:\Windows\System\XdUGFfk.exe
  C:\Windows\System\XdUGFfk.exe
  2⤵
  PID:6408
- C:\Windows\System\VQfwyzA.exe
  C:\Windows\System\VQfwyzA.exe
  2⤵
  PID:2700
- C:\Windows\System\ZsbfyCm.exe
  C:\Windows\System\ZsbfyCm.exe
  2⤵
  PID:6376
- C:\Windows\System\pgOVVXR.exe
  C:\Windows\System\pgOVVXR.exe
  2⤵
  PID:6536
- C:\Windows\System\yGMdvxY.exe
  C:\Windows\System\yGMdvxY.exe
  2⤵
  PID:920
- C:\Windows\System\yKGohId.exe
  C:\Windows\System\yKGohId.exe
  2⤵
  PID:6508
- C:\Windows\System\SQJWOKk.exe
  C:\Windows\System\SQJWOKk.exe
  2⤵
  PID:6712
- C:\Windows\System\WPNEjZz.exe
  C:\Windows\System\WPNEjZz.exe
  2⤵
  PID:6628
- C:\Windows\System\BCCssvE.exe
  C:\Windows\System\BCCssvE.exe
  2⤵
  PID:6772
- C:\Windows\System\jkZqlYK.exe
  C:\Windows\System\jkZqlYK.exe
  2⤵
  PID:6756
- C:\Windows\System\jRWmQtz.exe
  C:\Windows\System\jRWmQtz.exe
  2⤵
  PID:6976
- C:\Windows\System\NZHVvyY.exe
  C:\Windows\System\NZHVvyY.exe
  2⤵
  PID:7052
- C:\Windows\System\xGZSslU.exe
  C:\Windows\System\xGZSslU.exe
  2⤵
  PID:7132
- C:\Windows\System\uUuJHZO.exe
  C:\Windows\System\uUuJHZO.exe
  2⤵
  PID:6900
- C:\Windows\System\GVeOmUo.exe
  C:\Windows\System\GVeOmUo.exe
  2⤵
  PID:5972
- C:\Windows\System\PAShvss.exe
  C:\Windows\System\PAShvss.exe
  2⤵
  PID:4628
- C:\Windows\System\ZIJVzRh.exe
  C:\Windows\System\ZIJVzRh.exe
  2⤵
  PID:5324
- C:\Windows\System\yelbbqX.exe
  C:\Windows\System\yelbbqX.exe
  2⤵
  PID:7160
- C:\Windows\System\bTANGAS.exe
  C:\Windows\System\bTANGAS.exe
  2⤵
  PID:5384
- C:\Windows\System\UJgOMSQ.exe
  C:\Windows\System\UJgOMSQ.exe
  2⤵
  PID:6336
- C:\Windows\System\HAzlWer.exe
  C:\Windows\System\HAzlWer.exe
  2⤵
  PID:4876
- C:\Windows\System\DkkdbNF.exe
  C:\Windows\System\DkkdbNF.exe
  2⤵
  PID:3500
- C:\Windows\System\nqDGEka.exe
  C:\Windows\System\nqDGEka.exe
  2⤵
  PID:4940
- C:\Windows\System\IlgVtpY.exe
  C:\Windows\System\IlgVtpY.exe
  2⤵
  PID:5576
- C:\Windows\System\sfxBWGe.exe
  C:\Windows\System\sfxBWGe.exe
  2⤵
  PID:6448
- C:\Windows\System\jvPKHGN.exe
  C:\Windows\System\jvPKHGN.exe
  2⤵
  PID:6668
- C:\Windows\System\wsBwmvr.exe
  C:\Windows\System\wsBwmvr.exe
  2⤵
  PID:6196
- C:\Windows\System\jWRHuau.exe
  C:\Windows\System\jWRHuau.exe
  2⤵
  PID:6548
- C:\Windows\System\uSDKhnw.exe
  C:\Windows\System\uSDKhnw.exe
  2⤵
  PID:7060
- C:\Windows\System\NsFQDPX.exe
  C:\Windows\System\NsFQDPX.exe
  2⤵
  PID:6960
- C:\Windows\System\tMEjgOK.exe
  C:\Windows\System\tMEjgOK.exe
  2⤵
  PID:6516
- C:\Windows\System\VUZtBRQ.exe
  C:\Windows\System\VUZtBRQ.exe
  2⤵
  PID:4440
- C:\Windows\System\cnmQpzk.exe
  C:\Windows\System\cnmQpzk.exe
  2⤵
  PID:6860
- C:\Windows\System\HikHggg.exe
  C:\Windows\System\HikHggg.exe
  2⤵
  PID:2452
- C:\Windows\System\TxqfMDN.exe
  C:\Windows\System\TxqfMDN.exe
  2⤵
  PID:5204
- C:\Windows\System\HnZiSXi.exe
  C:\Windows\System\HnZiSXi.exe
  2⤵
  PID:7180
- C:\Windows\System\opEBjTG.exe
  C:\Windows\System\opEBjTG.exe
  2⤵
  PID:7208
- C:\Windows\System\qOLWzop.exe
  C:\Windows\System\qOLWzop.exe
  2⤵
  PID:7232
- C:\Windows\System\sXpsSFR.exe
  C:\Windows\System\sXpsSFR.exe
  2⤵
  PID:7248
- C:\Windows\System\qUmHQIm.exe
  C:\Windows\System\qUmHQIm.exe
  2⤵
  PID:7272
- C:\Windows\System\BxtyYKR.exe
  C:\Windows\System\BxtyYKR.exe
  2⤵
  PID:7288
- C:\Windows\System\cseeAwk.exe
  C:\Windows\System\cseeAwk.exe
  2⤵
  PID:7308
- C:\Windows\System\odYzJWJ.exe
  C:\Windows\System\odYzJWJ.exe
  2⤵
  PID:7336
- C:\Windows\System\tYmSxdf.exe
  C:\Windows\System\tYmSxdf.exe
  2⤵
  PID:7352
- C:\Windows\System\DmniZnP.exe
  C:\Windows\System\DmniZnP.exe
  2⤵
  PID:7376
- C:\Windows\System\TXmiwmh.exe
  C:\Windows\System\TXmiwmh.exe
  2⤵
  PID:7392
- C:\Windows\System\xmiJQsO.exe
  C:\Windows\System\xmiJQsO.exe
  2⤵
  PID:7412
- C:\Windows\System\sBbVSUc.exe
  C:\Windows\System\sBbVSUc.exe
  2⤵
  PID:7436
- C:\Windows\System\uaMXTPP.exe
  C:\Windows\System\uaMXTPP.exe
  2⤵
  PID:7452
- C:\Windows\System\HjcoXde.exe
  C:\Windows\System\HjcoXde.exe
  2⤵
  PID:7476
- C:\Windows\System\SMcizeg.exe
  C:\Windows\System\SMcizeg.exe
  2⤵
  PID:7496
- C:\Windows\System\ZhysXVs.exe
  C:\Windows\System\ZhysXVs.exe
  2⤵
  PID:7512
- C:\Windows\System\DbsvOeT.exe
  C:\Windows\System\DbsvOeT.exe
  2⤵
  PID:7536
- C:\Windows\System\meJJBVu.exe
  C:\Windows\System\meJJBVu.exe
  2⤵
  PID:7552
- C:\Windows\System\jTrQBaM.exe
  C:\Windows\System\jTrQBaM.exe
  2⤵
  PID:7568
- C:\Windows\System\esYSAIT.exe
  C:\Windows\System\esYSAIT.exe
  2⤵
  PID:7596
- C:\Windows\System\BzxBNAZ.exe
  C:\Windows\System\BzxBNAZ.exe
  2⤵
  PID:7612
- C:\Windows\System\zcyefpG.exe
  C:\Windows\System\zcyefpG.exe
  2⤵
  PID:7636
- C:\Windows\System\MYSeVOq.exe
  C:\Windows\System\MYSeVOq.exe
  2⤵
  PID:7652
- C:\Windows\System\svRAYmH.exe
  C:\Windows\System\svRAYmH.exe
  2⤵
  PID:7676
- C:\Windows\System\vovIMqL.exe
  C:\Windows\System\vovIMqL.exe
  2⤵
  PID:7696
- C:\Windows\System\lBheUjn.exe
  C:\Windows\System\lBheUjn.exe
  2⤵
  PID:7716
- C:\Windows\System\pNDZLYO.exe
  C:\Windows\System\pNDZLYO.exe
  2⤵
  PID:7736
- C:\Windows\System\ERLRZot.exe
  C:\Windows\System\ERLRZot.exe
  2⤵
  PID:7752
- C:\Windows\System\wUJFXCr.exe
  C:\Windows\System\wUJFXCr.exe
  2⤵
  PID:7772
- C:\Windows\System\LJFBGtG.exe
  C:\Windows\System\LJFBGtG.exe
  2⤵
  PID:7792
- C:\Windows\System\rKwpqlf.exe
  C:\Windows\System\rKwpqlf.exe
  2⤵
  PID:7816
- C:\Windows\System\QSXiFsL.exe
  C:\Windows\System\QSXiFsL.exe
  2⤵
  PID:7836
- C:\Windows\System\oOgovUD.exe
  C:\Windows\System\oOgovUD.exe
  2⤵
  PID:7860
- C:\Windows\System\KYGASUF.exe
  C:\Windows\System\KYGASUF.exe
  2⤵
  PID:7880
- C:\Windows\System\KSeqjwx.exe
  C:\Windows\System\KSeqjwx.exe
  2⤵
  PID:7900
- C:\Windows\System\qxCjxAW.exe
  C:\Windows\System\qxCjxAW.exe
  2⤵
  PID:7916
- C:\Windows\System\YxRWYep.exe
  C:\Windows\System\YxRWYep.exe
  2⤵
  PID:7936
- C:\Windows\System\CNZkxBn.exe
  C:\Windows\System\CNZkxBn.exe
  2⤵
  PID:7956
- C:\Windows\System\cnSbapP.exe
  C:\Windows\System\cnSbapP.exe
  2⤵
  PID:7972
- C:\Windows\System\mpIxRja.exe
  C:\Windows\System\mpIxRja.exe
  2⤵
  PID:7996
- C:\Windows\System\CjwhmXk.exe
  C:\Windows\System\CjwhmXk.exe
  2⤵
  PID:8012
- C:\Windows\System\loKFOVW.exe
  C:\Windows\System\loKFOVW.exe
  2⤵
  PID:8028
- C:\Windows\System\owfutVp.exe
  C:\Windows\System\owfutVp.exe
  2⤵
  PID:8048
- C:\Windows\System\brGXFOD.exe
  C:\Windows\System\brGXFOD.exe
  2⤵
  PID:8072
- C:\Windows\System\VkzGbWu.exe
  C:\Windows\System\VkzGbWu.exe
  2⤵
  PID:8088
- C:\Windows\System\DkguVlF.exe
  C:\Windows\System\DkguVlF.exe
  2⤵
  PID:8108
- C:\Windows\System\XCezawm.exe
  C:\Windows\System\XCezawm.exe
  2⤵
  PID:8124
- C:\Windows\System\oMkyfoz.exe
  C:\Windows\System\oMkyfoz.exe
  2⤵
  PID:8152
- C:\Windows\System\quifNXo.exe
  C:\Windows\System\quifNXo.exe
  2⤵
  PID:8168
- C:\Windows\System\ZjODsud.exe
  C:\Windows\System\ZjODsud.exe
  2⤵
  PID:6016
- C:\Windows\System\LhigQzH.exe
  C:\Windows\System\LhigQzH.exe
  2⤵
  PID:6892
- C:\Windows\System\OQqTwuW.exe
  C:\Windows\System\OQqTwuW.exe
  2⤵
  PID:7040
- C:\Windows\System\NnrNaVW.exe
  C:\Windows\System\NnrNaVW.exe
  2⤵
  PID:6228
- C:\Windows\System\hsItgfC.exe
  C:\Windows\System\hsItgfC.exe
  2⤵
  PID:6916
- C:\Windows\System\YMyhmBr.exe
  C:\Windows\System\YMyhmBr.exe
  2⤵
  PID:5816
- C:\Windows\System\dQOukWT.exe
  C:\Windows\System\dQOukWT.exe
  2⤵
  PID:5184
- C:\Windows\System\zHxbZKx.exe
  C:\Windows\System\zHxbZKx.exe
  2⤵
  PID:5380
- C:\Windows\System\apftqrx.exe
  C:\Windows\System\apftqrx.exe
  2⤵
  PID:5572
- C:\Windows\System\kkzOPZZ.exe
  C:\Windows\System\kkzOPZZ.exe
  2⤵
  PID:1740
- C:\Windows\System\QVXKkKb.exe
  C:\Windows\System\QVXKkKb.exe
  2⤵
  PID:6472
- C:\Windows\System\IquCvka.exe
  C:\Windows\System\IquCvka.exe
  2⤵
  PID:7172
- C:\Windows\System\TScWiLJ.exe
  C:\Windows\System\TScWiLJ.exe
  2⤵
  PID:6528
- C:\Windows\System\rjSdwfu.exe
  C:\Windows\System\rjSdwfu.exe
  2⤵
  PID:7280
- C:\Windows\System\FarfbqJ.exe
  C:\Windows\System\FarfbqJ.exe
  2⤵
  PID:7332
- C:\Windows\System\BWYkDYa.exe
  C:\Windows\System\BWYkDYa.exe
  2⤵
  PID:7228
- C:\Windows\System\xZrlLNR.exe
  C:\Windows\System\xZrlLNR.exe
  2⤵
  PID:7400
- C:\Windows\System\aVkxuws.exe
  C:\Windows\System\aVkxuws.exe
  2⤵
  PID:7268
- C:\Windows\System\IiuNeJk.exe
  C:\Windows\System\IiuNeJk.exe
  2⤵
  PID:7448
- C:\Windows\System\KzZFZnw.exe
  C:\Windows\System\KzZFZnw.exe
  2⤵
  PID:7388
- C:\Windows\System\rjZgFDT.exe
  C:\Windows\System\rjZgFDT.exe
  2⤵
  PID:7524
- C:\Windows\System\deslZuL.exe
  C:\Windows\System\deslZuL.exe
  2⤵
  PID:7604
- C:\Windows\System\zPxfJeg.exe
  C:\Windows\System\zPxfJeg.exe
  2⤵
  PID:7464
- C:\Windows\System\VRJfFVG.exe
  C:\Windows\System\VRJfFVG.exe
  2⤵
  PID:7508
- C:\Windows\System\ORGThpj.exe
  C:\Windows\System\ORGThpj.exe
  2⤵
  PID:7684
- C:\Windows\System\LKfVobw.exe
  C:\Windows\System\LKfVobw.exe
  2⤵
  PID:7580
- C:\Windows\System\QWMDZBJ.exe
  C:\Windows\System\QWMDZBJ.exe
  2⤵
  PID:7628
- C:\Windows\System\sytbCWQ.exe
  C:\Windows\System\sytbCWQ.exe
  2⤵
  PID:7660
- C:\Windows\System\uUdJMJf.exe
  C:\Windows\System\uUdJMJf.exe
  2⤵
  PID:7764
- C:\Windows\System\UPhOQwQ.exe
  C:\Windows\System\UPhOQwQ.exe
  2⤵
  PID:7804
- C:\Windows\System\wyvgIjo.exe
  C:\Windows\System\wyvgIjo.exe
  2⤵
  PID:7848
- C:\Windows\System\BujkGJt.exe
  C:\Windows\System\BujkGJt.exe
  2⤵
  PID:7924
- C:\Windows\System\aRNqOAu.exe
  C:\Windows\System\aRNqOAu.exe
  2⤵
  PID:7784
- C:\Windows\System\IyoPPTL.exe
  C:\Windows\System\IyoPPTL.exe
  2⤵
  PID:7708
- C:\Windows\System\mjpbuuR.exe
  C:\Windows\System\mjpbuuR.exe
  2⤵
  PID:7824
- C:\Windows\System\GNMmaqn.exe
  C:\Windows\System\GNMmaqn.exe
  2⤵
  PID:8084
- C:\Windows\System\YCChRAo.exe
  C:\Windows\System\YCChRAo.exe
  2⤵
  PID:8160
- C:\Windows\System\YDMvuIB.exe
  C:\Windows\System\YDMvuIB.exe
  2⤵
  PID:7908
- C:\Windows\System\gVEVtGq.exe
  C:\Windows\System\gVEVtGq.exe
  2⤵
  PID:2768
- C:\Windows\System\NBDffpL.exe
  C:\Windows\System\NBDffpL.exe
  2⤵
  PID:7120
- C:\Windows\System\uYBIQng.exe
  C:\Windows\System\uYBIQng.exe
  2⤵
  PID:2804
- C:\Windows\System\kibcuFS.exe
  C:\Windows\System\kibcuFS.exe
  2⤵
  PID:7988
- C:\Windows\System\QEtjmLO.exe
  C:\Windows\System\QEtjmLO.exe
  2⤵
  PID:8056
- C:\Windows\System\PnxKVsC.exe
  C:\Windows\System\PnxKVsC.exe
  2⤵
  PID:8100
- C:\Windows\System\LgyuHLh.exe
  C:\Windows\System\LgyuHLh.exe
  2⤵
  PID:8180
- C:\Windows\System\hZjaBuE.exe
  C:\Windows\System\hZjaBuE.exe
  2⤵
  PID:6788
- C:\Windows\System\WnhvPVL.exe
  C:\Windows\System\WnhvPVL.exe
  2⤵
  PID:6468
- C:\Windows\System\FdIvsQE.exe
  C:\Windows\System\FdIvsQE.exe
  2⤵
  PID:7192
- C:\Windows\System\LLVtWyd.exe
  C:\Windows\System\LLVtWyd.exe
  2⤵
  PID:7220
- C:\Windows\System\tvPmFgr.exe
  C:\Windows\System\tvPmFgr.exe
  2⤵
  PID:7264
- C:\Windows\System\Hwtkvqt.exe
  C:\Windows\System\Hwtkvqt.exe
  2⤵
  PID:7316
- C:\Windows\System\FBybTXL.exe
  C:\Windows\System\FBybTXL.exe
  2⤵
  PID:7344
- C:\Windows\System\QtICXPb.exe
  C:\Windows\System\QtICXPb.exe
  2⤵
  PID:7372
- C:\Windows\System\thztIMD.exe
  C:\Windows\System\thztIMD.exe
  2⤵
  PID:7504
- C:\Windows\System\pHRMcwz.exe
  C:\Windows\System\pHRMcwz.exe
  2⤵
  PID:7428
- C:\Windows\System\hyggMBq.exe
  C:\Windows\System\hyggMBq.exe
  2⤵
  PID:7432
- C:\Windows\System\KUDTcbv.exe
  C:\Windows\System\KUDTcbv.exe
  2⤵
  PID:7608
- C:\Windows\System\WxMyxjs.exe
  C:\Windows\System\WxMyxjs.exe
  2⤵
  PID:7800
- C:\Windows\System\sCjiFCa.exe
  C:\Windows\System\sCjiFCa.exe
  2⤵
  PID:7624
- C:\Windows\System\hkvOlOE.exe
  C:\Windows\System\hkvOlOE.exe
  2⤵
  PID:3688
- C:\Windows\System\MYUpAtR.exe
  C:\Windows\System\MYUpAtR.exe
  2⤵
  PID:7712
- C:\Windows\System\sXyWivi.exe
  C:\Windows\System\sXyWivi.exe
  2⤵
  PID:7932
- C:\Windows\System\qftagQU.exe
  C:\Windows\System\qftagQU.exe
  2⤵
  PID:8040
- C:\Windows\System\kuhcJRT.exe
  C:\Windows\System\kuhcJRT.exe
  2⤵
  PID:6372
- C:\Windows\System\ZYRPMmA.exe
  C:\Windows\System\ZYRPMmA.exe
  2⤵
  PID:8116
- C:\Windows\System\iLBNVoC.exe
  C:\Windows\System\iLBNVoC.exe
  2⤵
  PID:7952
- C:\Windows\System\NIJCGdA.exe
  C:\Windows\System\NIJCGdA.exe
  2⤵
  PID:8020
- C:\Windows\System\sXfjNjJ.exe
  C:\Windows\System\sXfjNjJ.exe
  2⤵
  PID:8024
- C:\Windows\System\qTBIjpg.exe
  C:\Windows\System\qTBIjpg.exe
  2⤵
  PID:536
- C:\Windows\System\ssZmJjn.exe
  C:\Windows\System\ssZmJjn.exe
  2⤵
  PID:2236
- C:\Windows\System\PlzdTmO.exe
  C:\Windows\System\PlzdTmO.exe
  2⤵
  PID:3720
- C:\Windows\System\qWrQiFc.exe
  C:\Windows\System\qWrQiFc.exe
  2⤵
  PID:5452
- C:\Windows\System\PqMIdCP.exe
  C:\Windows\System\PqMIdCP.exe
  2⤵
  PID:7116
- C:\Windows\System\WfvxOly.exe
  C:\Windows\System\WfvxOly.exe
  2⤵
  PID:2816
- C:\Windows\System\IaKNqIK.exe
  C:\Windows\System\IaKNqIK.exe
  2⤵
  PID:1472
- C:\Windows\System\BqViorF.exe
  C:\Windows\System\BqViorF.exe
  2⤵
  PID:2792
- C:\Windows\System\dBLtyqD.exe
  C:\Windows\System\dBLtyqD.exe
  2⤵
  PID:7216
- C:\Windows\System\MncUPFD.exe
  C:\Windows\System\MncUPFD.exe
  2⤵
  PID:6316
- C:\Windows\System\OosMBBq.exe
  C:\Windows\System\OosMBBq.exe
  2⤵
  PID:7484
- C:\Windows\System\GbQWBGI.exe
  C:\Windows\System\GbQWBGI.exe
  2⤵
  PID:7564
- C:\Windows\System\owRBiRu.exe
  C:\Windows\System\owRBiRu.exe
  2⤵
  PID:7472
- C:\Windows\System\zZHLXQO.exe
  C:\Windows\System\zZHLXQO.exe
  2⤵
  PID:7548
- C:\Windows\System\bFQtjUP.exe
  C:\Windows\System\bFQtjUP.exe
  2⤵
  PID:7520
- C:\Windows\System\jhTLicQ.exe
  C:\Windows\System\jhTLicQ.exe
  2⤵
  PID:7300
- C:\Windows\System\UgVqrjH.exe
  C:\Windows\System\UgVqrjH.exe
  2⤵
  PID:1908
- C:\Windows\System\jmGYEkm.exe
  C:\Windows\System\jmGYEkm.exe
  2⤵
  PID:7672
- C:\Windows\System\ENAHabz.exe
  C:\Windows\System\ENAHabz.exe
  2⤵
  PID:8036
- C:\Windows\System\joSknLn.exe
  C:\Windows\System\joSknLn.exe
  2⤵
  PID:7968
- C:\Windows\System\nwUdxft.exe
  C:\Windows\System\nwUdxft.exe
  2⤵
  PID:964
- C:\Windows\System\gpnldwJ.exe
  C:\Windows\System\gpnldwJ.exe
  2⤵
  PID:7748
- C:\Windows\System\ewfAzAH.exe
  C:\Windows\System\ewfAzAH.exe
  2⤵
  PID:1896
- C:\Windows\System\YvcqADu.exe
  C:\Windows\System\YvcqADu.exe
  2⤵
  PID:7948
- C:\Windows\System\cHLmGVu.exe
  C:\Windows\System\cHLmGVu.exe
  2⤵
  PID:2436
- C:\Windows\System\fsEkTkA.exe
  C:\Windows\System\fsEkTkA.exe
  2⤵
  PID:6872
- C:\Windows\System\iSfbREj.exe
  C:\Windows\System\iSfbREj.exe
  2⤵
  PID:3848
- C:\Windows\System\ncuOuZR.exe
  C:\Windows\System\ncuOuZR.exe
  2⤵
  PID:3824
- C:\Windows\System\gqAkCdd.exe
  C:\Windows\System\gqAkCdd.exe
  2⤵
  PID:2596
- C:\Windows\System\FjpuivB.exe
  C:\Windows\System\FjpuivB.exe
  2⤵
  PID:2344
- C:\Windows\System\AYHNwnj.exe
  C:\Windows\System\AYHNwnj.exe
  2⤵
  PID:6736
- C:\Windows\System\lPZhbzt.exe
  C:\Windows\System\lPZhbzt.exe
  2⤵
  PID:7644
- C:\Windows\System\JLzbNUo.exe
  C:\Windows\System\JLzbNUo.exe
  2⤵
  PID:1808
- C:\Windows\System\FBcCHln.exe
  C:\Windows\System\FBcCHln.exe
  2⤵
  PID:6208
- C:\Windows\System\PVTCyqw.exe
  C:\Windows\System\PVTCyqw.exe
  2⤵
  PID:2952
- C:\Windows\System\mTHKqlt.exe
  C:\Windows\System\mTHKqlt.exe
  2⤵
  PID:316
- C:\Windows\System\pPuMkBk.exe
  C:\Windows\System\pPuMkBk.exe
  2⤵
  PID:320
- C:\Windows\System\mmfPyjU.exe
  C:\Windows\System\mmfPyjU.exe
  2⤵
  PID:7528
- C:\Windows\System\cneLRdf.exe
  C:\Windows\System\cneLRdf.exe
  2⤵
  PID:1604
- C:\Windows\System\ibuJBgd.exe
  C:\Windows\System\ibuJBgd.exe
  2⤵
  PID:7648
- C:\Windows\System\nuMDViv.exe
  C:\Windows\System\nuMDViv.exe
  2⤵
  PID:556
- C:\Windows\System\FBpostp.exe
  C:\Windows\System\FBpostp.exe
  2⤵
  PID:3744
- C:\Windows\System\OSKTVvB.exe
  C:\Windows\System\OSKTVvB.exe
  2⤵
  PID:1680
- C:\Windows\System\BbcJqQz.exe
  C:\Windows\System\BbcJqQz.exe
  2⤵
  PID:7260
- C:\Windows\System\RXSEcbi.exe
  C:\Windows\System\RXSEcbi.exe
  2⤵
  PID:268
- C:\Windows\System\jnYxVMU.exe
  C:\Windows\System\jnYxVMU.exe
  2⤵
  PID:2844
- C:\Windows\System\RLWHzOY.exe
  C:\Windows\System\RLWHzOY.exe
  2⤵
  PID:1572
- C:\Windows\System\HGYZmak.exe
  C:\Windows\System\HGYZmak.exe
  2⤵
  PID:7728
- C:\Windows\System\xIAEJxU.exe
  C:\Windows\System\xIAEJxU.exe
  2⤵
  PID:2860
- C:\Windows\System\zYWOUZo.exe
  C:\Windows\System\zYWOUZo.exe
  2⤵
  PID:684
- C:\Windows\System\MYGakRB.exe
  C:\Windows\System\MYGakRB.exe
  2⤵
  PID:1380
- C:\Windows\System\EvMTcMe.exe
  C:\Windows\System\EvMTcMe.exe
  2⤵
  PID:7876
- C:\Windows\System\LyeGKkr.exe
  C:\Windows\System\LyeGKkr.exe
  2⤵
  PID:7200
- C:\Windows\System\DpVGyVO.exe
  C:\Windows\System\DpVGyVO.exe
  2⤵
  PID:3988
- C:\Windows\System\uaQIhAm.exe
  C:\Windows\System\uaQIhAm.exe
  2⤵
  PID:2316
- C:\Windows\System\fZkTOEa.exe
  C:\Windows\System\fZkTOEa.exe
  2⤵
  PID:2760
- C:\Windows\System\XKbfxRL.exe
  C:\Windows\System\XKbfxRL.exe
  2⤵
  PID:2752
- C:\Windows\System\GTUyFAu.exe
  C:\Windows\System\GTUyFAu.exe
  2⤵
  PID:8220
- C:\Windows\System\UcWNGsw.exe
  C:\Windows\System\UcWNGsw.exe
  2⤵
  PID:8256
- C:\Windows\System\VJEpiPo.exe
  C:\Windows\System\VJEpiPo.exe
  2⤵
  PID:8272
- C:\Windows\System\xMCYksI.exe
  C:\Windows\System\xMCYksI.exe
  2⤵
  PID:8288
- C:\Windows\System\EwcKWhX.exe
  C:\Windows\System\EwcKWhX.exe
  2⤵
  PID:8304
- C:\Windows\System\GBnDLTu.exe
  C:\Windows\System\GBnDLTu.exe
  2⤵
  PID:8320
- C:\Windows\System\vPSjbDJ.exe
  C:\Windows\System\vPSjbDJ.exe
  2⤵
  PID:8336
- C:\Windows\System\pSKPzHp.exe
  C:\Windows\System\pSKPzHp.exe
  2⤵
  PID:8352
- C:\Windows\System\KSyGDjE.exe
  C:\Windows\System\KSyGDjE.exe
  2⤵
  PID:8368
- C:\Windows\System\fIszDbT.exe
  C:\Windows\System\fIszDbT.exe
  2⤵
  PID:8384
- C:\Windows\System\NAFRkRx.exe
  C:\Windows\System\NAFRkRx.exe
  2⤵
  PID:8400
- C:\Windows\System\GjXpmsy.exe
  C:\Windows\System\GjXpmsy.exe
  2⤵
  PID:8416
- C:\Windows\System\IEzkTRd.exe
  C:\Windows\System\IEzkTRd.exe
  2⤵
  PID:8432
- C:\Windows\System\NMAifCN.exe
  C:\Windows\System\NMAifCN.exe
  2⤵
  PID:8448
- C:\Windows\System\LmNTQdU.exe
  C:\Windows\System\LmNTQdU.exe
  2⤵
  PID:8464
- C:\Windows\System\CqnHjVc.exe
  C:\Windows\System\CqnHjVc.exe
  2⤵
  PID:8480
- C:\Windows\System\izJVFaF.exe
  C:\Windows\System\izJVFaF.exe
  2⤵
  PID:8496
- C:\Windows\System\OpWIshZ.exe
  C:\Windows\System\OpWIshZ.exe
  2⤵
  PID:8512
- C:\Windows\System\eVZkPlh.exe
  C:\Windows\System\eVZkPlh.exe
  2⤵
  PID:8528
- C:\Windows\System\MkdCBvL.exe
  C:\Windows\System\MkdCBvL.exe
  2⤵
  PID:8544
- C:\Windows\System\KViDVwh.exe
  C:\Windows\System\KViDVwh.exe
  2⤵
  PID:8560
- C:\Windows\System\EJgqDNa.exe
  C:\Windows\System\EJgqDNa.exe
  2⤵
  PID:8620
- C:\Windows\System\CgneKyQ.exe
  C:\Windows\System\CgneKyQ.exe
  2⤵
  PID:8636
- C:\Windows\System\FktwqvF.exe
  C:\Windows\System\FktwqvF.exe
  2⤵
  PID:8652
- C:\Windows\System\OcDVJEg.exe
  C:\Windows\System\OcDVJEg.exe
  2⤵
  PID:8668
- C:\Windows\System\ZBncJBB.exe
  C:\Windows\System\ZBncJBB.exe
  2⤵
  PID:8684
- C:\Windows\System\jIMRhyv.exe
  C:\Windows\System\jIMRhyv.exe
  2⤵
  PID:8700
- C:\Windows\System\lwByAbA.exe
  C:\Windows\System\lwByAbA.exe
  2⤵
  PID:8716
- C:\Windows\System\VaYpPkX.exe
  C:\Windows\System\VaYpPkX.exe
  2⤵
  PID:8732
- C:\Windows\System\UCcywic.exe
  C:\Windows\System\UCcywic.exe
  2⤵
  PID:8748
- C:\Windows\System\QUZpNqY.exe
  C:\Windows\System\QUZpNqY.exe
  2⤵
  PID:8764
- C:\Windows\System\dBByxew.exe
  C:\Windows\System\dBByxew.exe
  2⤵
  PID:8780
- C:\Windows\System\IZxnWHA.exe
  C:\Windows\System\IZxnWHA.exe
  2⤵
  PID:8796
- C:\Windows\System\fYUabbf.exe
  C:\Windows\System\fYUabbf.exe
  2⤵
  PID:8812
- C:\Windows\System\fIxboKH.exe
  C:\Windows\System\fIxboKH.exe
  2⤵
  PID:8828
- C:\Windows\System\DHglSxt.exe
  C:\Windows\System\DHglSxt.exe
  2⤵
  PID:8848
- C:\Windows\System\EyqluZh.exe
  C:\Windows\System\EyqluZh.exe
  2⤵
  PID:8864
- C:\Windows\System\Hdsktax.exe
  C:\Windows\System\Hdsktax.exe
  2⤵
  PID:8880
- C:\Windows\System\hORtbzm.exe
  C:\Windows\System\hORtbzm.exe
  2⤵
  PID:8896
- C:\Windows\System\EfsCpRW.exe
  C:\Windows\System\EfsCpRW.exe
  2⤵
  PID:8912
- C:\Windows\System\MhKqDAa.exe
  C:\Windows\System\MhKqDAa.exe
  2⤵
  PID:8928
- C:\Windows\System\KcqStDM.exe
  C:\Windows\System\KcqStDM.exe
  2⤵
  PID:8944
- C:\Windows\System\DdDZDtB.exe
  C:\Windows\System\DdDZDtB.exe
  2⤵
  PID:8960
- C:\Windows\System\kDGGvyd.exe
  C:\Windows\System\kDGGvyd.exe
  2⤵
  PID:8976
- C:\Windows\System\khrhQCc.exe
  C:\Windows\System\khrhQCc.exe
  2⤵
  PID:8996
- C:\Windows\System\OQkFYCc.exe
  C:\Windows\System\OQkFYCc.exe
  2⤵
  PID:9012
- C:\Windows\System\THZxtMs.exe
  C:\Windows\System\THZxtMs.exe
  2⤵
  PID:9028
- C:\Windows\System\CnmjYKD.exe
  C:\Windows\System\CnmjYKD.exe
  2⤵
  PID:9044
- C:\Windows\System\pBQAJge.exe
  C:\Windows\System\pBQAJge.exe
  2⤵
  PID:9060
- C:\Windows\System\mUYDJxZ.exe
  C:\Windows\System\mUYDJxZ.exe
  2⤵
  PID:9076
- C:\Windows\System\lTpHFlN.exe
  C:\Windows\System\lTpHFlN.exe
  2⤵
  PID:9092
- C:\Windows\System\MfVMOOb.exe
  C:\Windows\System\MfVMOOb.exe
  2⤵
  PID:9108
- C:\Windows\System\AKabaQW.exe
  C:\Windows\System\AKabaQW.exe
  2⤵
  PID:9124
- C:\Windows\System\YfNjrVD.exe
  C:\Windows\System\YfNjrVD.exe
  2⤵
  PID:9140
- C:\Windows\System\OXFVrsC.exe
  C:\Windows\System\OXFVrsC.exe
  2⤵
  PID:9156
- C:\Windows\System\JNsZVDf.exe
  C:\Windows\System\JNsZVDf.exe
  2⤵
  PID:9172
- C:\Windows\System\TssrElY.exe
  C:\Windows\System\TssrElY.exe
  2⤵
  PID:9188
- C:\Windows\System\mvzEhcy.exe
  C:\Windows\System\mvzEhcy.exe
  2⤵
  PID:9204
- C:\Windows\System\THwChTJ.exe
  C:\Windows\System\THwChTJ.exe
  2⤵
  PID:332
- C:\Windows\System\VYwvWUI.exe
  C:\Windows\System\VYwvWUI.exe
  2⤵
  PID:6920
- C:\Windows\System\XHKVJEB.exe
  C:\Windows\System\XHKVJEB.exe
  2⤵
  PID:1832
- C:\Windows\System\lemvPWZ.exe
  C:\Windows\System\lemvPWZ.exe
  2⤵
  PID:7744
- C:\Windows\System\qfspvlI.exe
  C:\Windows\System\qfspvlI.exe
  2⤵
  PID:8068
- C:\Windows\System\SXfBGes.exe
  C:\Windows\System\SXfBGes.exe
  2⤵
  PID:1508
- C:\Windows\System\htEUUgH.exe
  C:\Windows\System\htEUUgH.exe
  2⤵
  PID:8208
- C:\Windows\System\AfzcBsl.exe
  C:\Windows\System\AfzcBsl.exe
  2⤵
  PID:1724
- C:\Windows\System\xXfadaf.exe
  C:\Windows\System\xXfadaf.exe
  2⤵
  PID:8440
- C:\Windows\System\ymaTLOw.exe
  C:\Windows\System\ymaTLOw.exe
  2⤵
  PID:8316
- C:\Windows\System\dzPLtzW.exe
  C:\Windows\System\dzPLtzW.exe
  2⤵
  PID:8552
- C:\Windows\System\reeVofA.exe
  C:\Windows\System\reeVofA.exe
  2⤵
  PID:8284
- C:\Windows\System\fNCYxSp.exe
  C:\Windows\System\fNCYxSp.exe
  2⤵
  PID:8628
- C:\Windows\System\QGTFIak.exe
  C:\Windows\System\QGTFIak.exe
  2⤵
  PID:8664
- C:\Windows\System\dLlPdZU.exe
  C:\Windows\System\dLlPdZU.exe
  2⤵
  PID:8728
- C:\Windows\System\rLVNgsm.exe
  C:\Windows\System\rLVNgsm.exe
  2⤵
  PID:8604
- C:\Windows\System\LZLdDRY.exe
  C:\Windows\System\LZLdDRY.exe
  2⤵
  PID:8644
- C:\Windows\System\yVonaog.exe
  C:\Windows\System\yVonaog.exe
  2⤵
  PID:8712
- C:\Windows\System\JZDSdiu.exe
  C:\Windows\System\JZDSdiu.exe
  2⤵
  PID:5992
- C:\Windows\System\vvDgYig.exe
  C:\Windows\System\vvDgYig.exe
  2⤵
  PID:8892
- C:\Windows\System\eqLqUFT.exe
  C:\Windows\System\eqLqUFT.exe
  2⤵
  PID:8648
- C:\Windows\System\jqHVoBj.exe
  C:\Windows\System\jqHVoBj.exe
  2⤵
  PID:8940
- C:\Windows\System\qbQIdmu.exe
  C:\Windows\System\qbQIdmu.exe
  2⤵
  PID:9020
- C:\Windows\System\WwkEcay.exe
  C:\Windows\System\WwkEcay.exe
  2⤵
  PID:8876
- C:\Windows\System\hLxtDwf.exe
  C:\Windows\System\hLxtDwf.exe
  2⤵
  PID:9008
- C:\Windows\System\GofaqUP.exe
  C:\Windows\System\GofaqUP.exe
  2⤵
  PID:9164
- C:\Windows\System\tuqwUtn.exe
  C:\Windows\System\tuqwUtn.exe
  2⤵
  PID:9100
- C:\Windows\System\yGyhiZB.exe
  C:\Windows\System\yGyhiZB.exe
  2⤵
  PID:8140
- C:\Windows\System\pbNKRYo.exe
  C:\Windows\System\pbNKRYo.exe
  2⤵
  PID:9184
- C:\Windows\System\kehdWgS.exe
  C:\Windows\System\kehdWgS.exe
  2⤵
  PID:9148
- C:\Windows\System\quuMPYX.exe
  C:\Windows\System\quuMPYX.exe
  2⤵
  PID:680
- C:\Windows\System\kAukYUR.exe
  C:\Windows\System\kAukYUR.exe
  2⤵
  PID:1028
- C:\Windows\System\HouNFyR.exe
  C:\Windows\System\HouNFyR.exe
  2⤵
  PID:8204
- C:\Windows\System\gIjDyyG.exe
  C:\Windows\System\gIjDyyG.exe
  2⤵
  PID:8460
- C:\Windows\System\sCOwiVY.exe
  C:\Windows\System\sCOwiVY.exe
  2⤵
  PID:8428
- C:\Windows\System\AUMmAjx.exe
  C:\Windows\System\AUMmAjx.exe
  2⤵
  PID:8536
- C:\Windows\System\CqwnpwO.exe
  C:\Windows\System\CqwnpwO.exe
  2⤵
  PID:8840
- C:\Windows\System\KKTeRrT.exe
  C:\Windows\System\KKTeRrT.exe
  2⤵
  PID:8572
- C:\Windows\System\JfcQHEV.exe
  C:\Windows\System\JfcQHEV.exe
  2⤵
  PID:8328
- C:\Windows\System\nBBFbZi.exe
  C:\Windows\System\nBBFbZi.exe
  2⤵
  PID:8332
- C:\Windows\System\bfgjHkH.exe
  C:\Windows\System\bfgjHkH.exe
  2⤵
  PID:8600
- C:\Windows\System\bULKYHF.exe
  C:\Windows\System\bULKYHF.exe
  2⤵
  PID:8616
- C:\Windows\System\TVMbUHo.exe
  C:\Windows\System\TVMbUHo.exe
  2⤵
  PID:8776
- C:\Windows\System\rqKJUrn.exe
  C:\Windows\System\rqKJUrn.exe
  2⤵
  PID:8792
- C:\Windows\System\SimnJBk.exe
  C:\Windows\System\SimnJBk.exe
  2⤵
  PID:8952
- C:\Windows\System\WFmwCGK.exe
  C:\Windows\System\WFmwCGK.exe
  2⤵
  PID:8860
- C:\Windows\System\fNeIeeg.exe
  C:\Windows\System\fNeIeeg.exe
  2⤵
  PID:8744
- C:\Windows\System\HxReBpj.exe
  C:\Windows\System\HxReBpj.exe
  2⤵
  PID:9024
- C:\Windows\System\qFLXVyj.exe
  C:\Windows\System\qFLXVyj.exe
  2⤵
  PID:8988
- C:\Windows\System\wPohBCB.exe
  C:\Windows\System\wPohBCB.exe
  2⤵
  PID:8844
- C:\Windows\System\gDjzuem.exe
  C:\Windows\System\gDjzuem.exe
  2⤵
  PID:9200
- C:\Windows\System\FdlIuFi.exe
  C:\Windows\System\FdlIuFi.exe
  2⤵
  PID:7688
- C:\Windows\System\hIPPYdn.exe
  C:\Windows\System\hIPPYdn.exe
  2⤵
  PID:2928
- C:\Windows\System\wugDkTN.exe
  C:\Windows\System\wugDkTN.exe
  2⤵
  PID:7584
- C:\Windows\System\nuGZORY.exe
  C:\Windows\System\nuGZORY.exe
  2⤵
  PID:1440
- C:\Windows\System\VEeCiQn.exe
  C:\Windows\System\VEeCiQn.exe
  2⤵
  PID:8200
- C:\Windows\System\rJJktHo.exe
  C:\Windows\System\rJJktHo.exe
  2⤵
  PID:8396
- C:\Windows\System\YgyiIpk.exe
  C:\Windows\System\YgyiIpk.exe
  2⤵
  PID:8380
- C:\Windows\System\tXvtLSH.exe
  C:\Windows\System\tXvtLSH.exe
  2⤵
  PID:8412
- C:\Windows\System\wwGAJGm.exe
  C:\Windows\System\wwGAJGm.exe
  2⤵
  PID:8300
- C:\Windows\System\btkaQRU.exe
  C:\Windows\System\btkaQRU.exe
  2⤵
  PID:8540
- C:\Windows\System\QFBWyrp.exe
  C:\Windows\System\QFBWyrp.exe
  2⤵
  PID:8956
- C:\Windows\System\gksyCUZ.exe
  C:\Windows\System\gksyCUZ.exe
  2⤵
  PID:8824
- C:\Windows\System\bpAmnzd.exe
  C:\Windows\System\bpAmnzd.exe
  2⤵
  PID:2908
- C:\Windows\System\UOkUoDS.exe
  C:\Windows\System\UOkUoDS.exe
  2⤵
  PID:8240
- C:\Windows\System\VKPqSSU.exe
  C:\Windows\System\VKPqSSU.exe
  2⤵
  PID:8760
- C:\Windows\System\GETMVkH.exe
  C:\Windows\System\GETMVkH.exe
  2⤵
  PID:8568
- C:\Windows\System\VIGvdOw.exe
  C:\Windows\System\VIGvdOw.exe
  2⤵
  PID:9104
- C:\Windows\System\GBuiLUP.exe
  C:\Windows\System\GBuiLUP.exe
  2⤵
  PID:9068
- C:\Windows\System\oHrntAW.exe
  C:\Windows\System\oHrntAW.exe
  2⤵
  PID:8508
- C:\Windows\System\hTGsBfH.exe
  C:\Windows\System\hTGsBfH.exe
  2⤵
  PID:8692
- C:\Windows\System\QZQexyF.exe
  C:\Windows\System\QZQexyF.exe
  2⤵
  PID:8596
- C:\Windows\System\tUXWwOM.exe
  C:\Windows\System\tUXWwOM.exe
  2⤵
  PID:7732
- C:\Windows\System\tnjzxyk.exe
  C:\Windows\System\tnjzxyk.exe
  2⤵
  PID:8360
- C:\Windows\System\ycLLZtX.exe
  C:\Windows\System\ycLLZtX.exe
  2⤵
  PID:8836
- C:\Windows\System\uIYVzaq.exe
  C:\Windows\System\uIYVzaq.exe
  2⤵
  PID:8808
- C:\Windows\System\VflGFEV.exe
  C:\Windows\System\VflGFEV.exe
  2⤵
  PID:9228
- C:\Windows\System\iKsnCxG.exe
  C:\Windows\System\iKsnCxG.exe
  2⤵
  PID:9244
- C:\Windows\System\duqmBfl.exe
  C:\Windows\System\duqmBfl.exe
  2⤵
  PID:9260
- C:\Windows\System\Svynraf.exe
  C:\Windows\System\Svynraf.exe
  2⤵
  PID:9276
- C:\Windows\System\YRRZwqx.exe
  C:\Windows\System\YRRZwqx.exe
  2⤵
  PID:9292
- C:\Windows\System\HcTHubv.exe
  C:\Windows\System\HcTHubv.exe
  2⤵
  PID:9308
- C:\Windows\System\FHHUgcN.exe
  C:\Windows\System\FHHUgcN.exe
  2⤵
  PID:9324
- C:\Windows\System\TetoMZQ.exe
  C:\Windows\System\TetoMZQ.exe
  2⤵
  PID:9340
- C:\Windows\System\HYwfqon.exe
  C:\Windows\System\HYwfqon.exe
  2⤵
  PID:9364
- C:\Windows\System\nwLPPWd.exe
  C:\Windows\System\nwLPPWd.exe
  2⤵
  PID:9380
- C:\Windows\System\WtcsZAA.exe
  C:\Windows\System\WtcsZAA.exe
  2⤵
  PID:9396
- C:\Windows\System\UWGPlAF.exe
  C:\Windows\System\UWGPlAF.exe
  2⤵
  PID:9412
- C:\Windows\System\PPhzskU.exe
  C:\Windows\System\PPhzskU.exe
  2⤵
  PID:9428
- C:\Windows\System\BBzPXgo.exe
  C:\Windows\System\BBzPXgo.exe
  2⤵
  PID:9444
- C:\Windows\System\fHFQQXb.exe
  C:\Windows\System\fHFQQXb.exe
  2⤵
  PID:9544
- C:\Windows\System\hLmJUcR.exe
  C:\Windows\System\hLmJUcR.exe
  2⤵
  PID:9560
- C:\Windows\System\WXlMDgQ.exe
  C:\Windows\System\WXlMDgQ.exe
  2⤵
  PID:9580
- C:\Windows\System\vcixHuh.exe
  C:\Windows\System\vcixHuh.exe
  2⤵
  PID:9604
- C:\Windows\System\oAuAPaq.exe
  C:\Windows\System\oAuAPaq.exe
  2⤵
  PID:9620
- C:\Windows\System\TNVbdLi.exe
  C:\Windows\System\TNVbdLi.exe
  2⤵
  PID:9636
- C:\Windows\System\qGttyqo.exe
  C:\Windows\System\qGttyqo.exe
  2⤵
  PID:9656
- C:\Windows\System\Edsbzwd.exe
  C:\Windows\System\Edsbzwd.exe
  2⤵
  PID:9676
- C:\Windows\System\LkPfyjT.exe
  C:\Windows\System\LkPfyjT.exe
  2⤵
  PID:9692
- C:\Windows\System\wMpTDKH.exe
  C:\Windows\System\wMpTDKH.exe
  2⤵
  PID:9708
- C:\Windows\System\kEBeMJV.exe
  C:\Windows\System\kEBeMJV.exe
  2⤵
  PID:9724
- C:\Windows\System\VJZlyVV.exe
  C:\Windows\System\VJZlyVV.exe
  2⤵
  PID:9740
- C:\Windows\System\AtyzoUR.exe
  C:\Windows\System\AtyzoUR.exe
  2⤵
  PID:9756
- C:\Windows\System\bsmDXlT.exe
  C:\Windows\System\bsmDXlT.exe
  2⤵
  PID:9772
- C:\Windows\System\adIDDKp.exe
  C:\Windows\System\adIDDKp.exe
  2⤵
  PID:9788
- C:\Windows\System\UjUyxQJ.exe
  C:\Windows\System\UjUyxQJ.exe
  2⤵
  PID:9804
- C:\Windows\System\VKhVmqU.exe
  C:\Windows\System\VKhVmqU.exe
  2⤵
  PID:9820
- C:\Windows\System\QQPsLUV.exe
  C:\Windows\System\QQPsLUV.exe
  2⤵
  PID:9836
- C:\Windows\System\oGGGTOe.exe
  C:\Windows\System\oGGGTOe.exe
  2⤵
  PID:9852
- C:\Windows\System\wJTetoU.exe
  C:\Windows\System\wJTetoU.exe
  2⤵
  PID:9880
- C:\Windows\System\ImRbHXX.exe
  C:\Windows\System\ImRbHXX.exe
  2⤵
  PID:9896
- C:\Windows\System\kFJtqwD.exe
  C:\Windows\System\kFJtqwD.exe
  2⤵
  PID:9912
- C:\Windows\System\JcrZozz.exe
  C:\Windows\System\JcrZozz.exe
  2⤵
  PID:9928
- C:\Windows\System\KQNeGQK.exe
  C:\Windows\System\KQNeGQK.exe
  2⤵
  PID:9944
- C:\Windows\System\HLMlGeH.exe
  C:\Windows\System\HLMlGeH.exe
  2⤵
  PID:9960
- C:\Windows\System\FywpLbT.exe
  C:\Windows\System\FywpLbT.exe
  2⤵
  PID:9976
- C:\Windows\System\MmbyyCi.exe
  C:\Windows\System\MmbyyCi.exe
  2⤵
  PID:9992
- C:\Windows\System\KIeqaYJ.exe
  C:\Windows\System\KIeqaYJ.exe
  2⤵
  PID:10008
- C:\Windows\System\GPqoddp.exe
  C:\Windows\System\GPqoddp.exe
  2⤵
  PID:10024
- C:\Windows\System\fsQCXIn.exe
  C:\Windows\System\fsQCXIn.exe
  2⤵
  PID:10040
- C:\Windows\System\JTiVTdG.exe
  C:\Windows\System\JTiVTdG.exe
  2⤵
  PID:10056
- C:\Windows\System\ltJeUBJ.exe
  C:\Windows\System\ltJeUBJ.exe
  2⤵
  PID:10072
- C:\Windows\System\heNjCgC.exe
  C:\Windows\System\heNjCgC.exe
  2⤵
  PID:10088
- C:\Windows\System\WhKjfWx.exe
  C:\Windows\System\WhKjfWx.exe
  2⤵
  PID:10104
- C:\Windows\System\QzOlLBW.exe
  C:\Windows\System\QzOlLBW.exe
  2⤵
  PID:10120
- C:\Windows\System\WnBDYKt.exe
  C:\Windows\System\WnBDYKt.exe
  2⤵
  PID:10136
- C:\Windows\System\edWPAdW.exe
  C:\Windows\System\edWPAdW.exe
  2⤵
  PID:10152
- C:\Windows\System\MedHSyu.exe
  C:\Windows\System\MedHSyu.exe
  2⤵
  PID:10168
- C:\Windows\System\wggOLnA.exe
  C:\Windows\System\wggOLnA.exe
  2⤵
  PID:10184
- C:\Windows\System\qiNyJjh.exe
  C:\Windows\System\qiNyJjh.exe
  2⤵
  PID:10200
- C:\Windows\System\kwkHtof.exe
  C:\Windows\System\kwkHtof.exe
  2⤵
  PID:10216
- C:\Windows\System\qFkVaQg.exe
  C:\Windows\System\qFkVaQg.exe
  2⤵
  PID:10236
- C:\Windows\System\skfQpiZ.exe
  C:\Windows\System\skfQpiZ.exe
  2⤵
  PID:8216
- C:\Windows\System\RWXEEin.exe
  C:\Windows\System\RWXEEin.exe
  2⤵
  PID:1980
- C:\Windows\System\CieJNEA.exe
  C:\Windows\System\CieJNEA.exe
  2⤵
  PID:8756
- C:\Windows\System\XuxEegz.exe
  C:\Windows\System\XuxEegz.exe
  2⤵
  PID:9220
- C:\Windows\System\vTqWlvn.exe
  C:\Windows\System\vTqWlvn.exe
  2⤵
  PID:9272
- C:\Windows\System\cqbdWcw.exe
  C:\Windows\System\cqbdWcw.exe
  2⤵
  PID:9316
- C:\Windows\System\JRCnHwe.exe
  C:\Windows\System\JRCnHwe.exe
  2⤵
  PID:9348
- C:\Windows\System\RHMvKEQ.exe
  C:\Windows\System\RHMvKEQ.exe
  2⤵
  PID:9392
- C:\Windows\System\bVGfEsJ.exe
  C:\Windows\System\bVGfEsJ.exe
  2⤵
  PID:9672
- C:\Windows\System\LAJcFVB.exe
  C:\Windows\System\LAJcFVB.exe
  2⤵
  PID:9720
- C:\Windows\System\yZymRTi.exe
  C:\Windows\System\yZymRTi.exe
  2⤵
  PID:9848
- C:\Windows\System\EjsEPNa.exe
  C:\Windows\System\EjsEPNa.exe
  2⤵
  PID:9876
- C:\Windows\System\kzTpagQ.exe
  C:\Windows\System\kzTpagQ.exe
  2⤵
  PID:9920
- C:\Windows\System\JjJtAVK.exe
  C:\Windows\System\JjJtAVK.exe
  2⤵
  PID:10016
- C:\Windows\System\odEmETz.exe
  C:\Windows\System\odEmETz.exe
  2⤵
  PID:9972
- C:\Windows\System\jWFeCSb.exe
  C:\Windows\System\jWFeCSb.exe
  2⤵
  PID:10064
- C:\Windows\System\IuDZwae.exe
  C:\Windows\System\IuDZwae.exe
  2⤵
  PID:10048
- C:\Windows\System\ZJjkXDo.exe
  C:\Windows\System\ZJjkXDo.exe
  2⤵
  PID:10132
- C:\Windows\System\oCzypZJ.exe
  C:\Windows\System\oCzypZJ.exe
  2⤵
  PID:10232
- C:\Windows\System\GKgCsaW.exe
  C:\Windows\System\GKgCsaW.exe
  2⤵
  PID:9388
- C:\Windows\System\NVaEmVX.exe
  C:\Windows\System\NVaEmVX.exe
  2⤵
  PID:9236
- C:\Windows\System\VvRdHmS.exe
  C:\Windows\System\VvRdHmS.exe
  2⤵
  PID:10212
- C:\Windows\System\xaFMSRl.exe
  C:\Windows\System\xaFMSRl.exe
  2⤵
  PID:9268
- C:\Windows\System\IMljGZs.exe
  C:\Windows\System\IMljGZs.exe
  2⤵
  PID:9336
- C:\Windows\System\UkrksTU.exe
  C:\Windows\System\UkrksTU.exe
  2⤵
  PID:9372
- C:\Windows\System\JjyqCsV.exe
  C:\Windows\System\JjyqCsV.exe
  2⤵
  PID:9452
- C:\Windows\System\GXRJqaF.exe
  C:\Windows\System\GXRJqaF.exe
  2⤵
  PID:9476
- C:\Windows\System\FJNabbW.exe
  C:\Windows\System\FJNabbW.exe
  2⤵
  PID:9492
- C:\Windows\System\snHJnbS.exe
  C:\Windows\System\snHJnbS.exe
  2⤵
  PID:9632
- C:\Windows\System\ennQokU.exe
  C:\Windows\System\ennQokU.exe
  2⤵
  PID:9512
- C:\Windows\System\Jxwdfis.exe
  C:\Windows\System\Jxwdfis.exe
  2⤵
  PID:9524
- C:\Windows\System\KAACGoM.exe
  C:\Windows\System\KAACGoM.exe
  2⤵
  PID:9552
- C:\Windows\System\APQjbYP.exe
  C:\Windows\System\APQjbYP.exe
  2⤵
  PID:9568
- C:\Windows\System\QmnAALt.exe
  C:\Windows\System\QmnAALt.exe
  2⤵
  PID:9616
- C:\Windows\System\gQBLcTe.exe
  C:\Windows\System\gQBLcTe.exe
  2⤵
  PID:9644
- C:\Windows\System\pavpBFu.exe
  C:\Windows\System\pavpBFu.exe
  2⤵
  PID:9652
- C:\Windows\System\wNDDtpV.exe
  C:\Windows\System\wNDDtpV.exe
  2⤵
  PID:9812
- C:\Windows\System\aaarqMx.exe
  C:\Windows\System\aaarqMx.exe
  2⤵
  PID:9732
- C:\Windows\System\OZzvKZu.exe
  C:\Windows\System\OZzvKZu.exe
  2⤵
  PID:9868
- C:\Windows\System\CfudijX.exe
  C:\Windows\System\CfudijX.exe
  2⤵
  PID:9904
- C:\Windows\System\HzwIchZ.exe
  C:\Windows\System\HzwIchZ.exe
  2⤵
  PID:10036
- C:\Windows\System\ZlkjZaI.exe
  C:\Windows\System\ZlkjZaI.exe
  2⤵
  PID:9764
- C:\Windows\System\RTxhlmC.exe
  C:\Windows\System\RTxhlmC.exe
  2⤵
  PID:10096
- C:\Windows\System\HAIsgvx.exe
  C:\Windows\System\HAIsgvx.exe
  2⤵
  PID:9888
- C:\Windows\System\yFUWIhJ.exe
  C:\Windows\System\yFUWIhJ.exe
  2⤵
  PID:10020
- C:\Windows\System\QWHMqJv.exe
  C:\Windows\System\QWHMqJv.exe
  2⤵
  PID:10196
- C:\Windows\System\SVEyiCJ.exe
  C:\Windows\System\SVEyiCJ.exe
  2⤵
  PID:1008
- C:\Windows\System\qMljIYB.exe
  C:\Windows\System\qMljIYB.exe
  2⤵
  PID:9304
- C:\Windows\System\IwgPHNK.exe
  C:\Windows\System\IwgPHNK.exe
  2⤵
  PID:8252
- C:\Windows\System\qAIRopk.exe
  C:\Windows\System\qAIRopk.exe
  2⤵
  PID:9424
- C:\Windows\System\mWMFAPf.exe
  C:\Windows\System\mWMFAPf.exe
  2⤵
  PID:9488
- C:\Windows\System\JFeoXoW.exe
  C:\Windows\System\JFeoXoW.exe
  2⤵
  PID:9536
- C:\Windows\System\KbWeBIq.exe
  C:\Windows\System\KbWeBIq.exe
  2⤵
  PID:10080
- C:\Windows\System\cDrUbRK.exe
  C:\Windows\System\cDrUbRK.exe
  2⤵
  PID:9352
- C:\Windows\System\rpmFqar.exe
  C:\Windows\System\rpmFqar.exe
  2⤵
  PID:9504
- C:\Windows\System\MXzMopl.exe
  C:\Windows\System\MXzMopl.exe
  2⤵
  PID:9556
- C:\Windows\System\eqlFGXM.exe
  C:\Windows\System\eqlFGXM.exe
  2⤵
  PID:9752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\GQSMVWN.exe

Filesize
6.0MB

MD5
114b0a84d7bb26bd606219074240068a

SHA1
77c81cb962ae2d6f891e5b01c25b22a832a41f2e

SHA256
9a7189cfaea2b86abb4a0b6240b2884910a05f65d957ffbbc1503806231c5bb5

SHA512
eb237029c92a4ce2f99f64825cb21ab5c1c19af6729a8f7699d00b620a298e26b5991580083adcb45645cff49007625f79a81b0466dba6ef2be6c8313ceb001f

Download Submit
C:\Windows\system\GsuHjIX.exe

Filesize
6.0MB

MD5
2ce023d7d6a316f97a562f59c34bfa84

SHA1
c620756720fccba8606f397f9591decd18f51d02

SHA256
9bfd129c887ece08fdeafbe4ffce33fa3f88e2da5d843116f95f6b6e10c780ee

SHA512
ce0ecab1b640b4919cd8c9cfe239ee103ff7534aa129ab7f3b99ae096baa1fdc208a587af46e4b04567755b8ca01b3298173afabedf47736c5b3b5004df76e2a

Download Submit
C:\Windows\system\HBaUwoK.exe

Filesize
6.0MB

MD5
094424acc41f167125c0c08179d29bbb

SHA1
51aa869a93630d8ba9b79b53727d1a8233cec6f7

SHA256
5d23ff48c710cc69e85a1943da0a0cd95361d33cfe25ede8cd525916fd412eca

SHA512
1610958d772e4dee828cf712fa3309bf8a39c7a73514a46f5418283fe8e2bbe7bf2f31f75542ba614fd567bae8e9e625811889bb719a4c8a55eaac18505fb261

Download Submit
C:\Windows\system\HIrKpji.exe

Filesize
6.0MB

MD5
704608f5463fd0de43470acc0c25df2a

SHA1
f96ca7b30d40fde344a968cfceed1f935550f58e

SHA256
4db9f90e1cf63a90003ce2f25405456e326c733234aaf2a072d7dd0e576a06b3

SHA512
28de8646ef39422664bf5adb384189e7540d71ffb4180662706998a8c03587480deb01ea112280468417cfb68f4e32eda38bdb383a90fe7c7ef55b7c698f0dd5

Download Submit
C:\Windows\system\IbgdfaC.exe

Filesize
6.0MB

MD5
a4efeb28f70350f5c3b11ff8b284188b

SHA1
9e2b07215d86c0c9573bf1cbbbe93caee4bf1714

SHA256
ef8b5b45f8b8412ece8392844fdf5901330967a9062511696fa895a55716973b

SHA512
e4fb83bce0a7fc0e24114cc604fab8a099e0c20e1e4e3844273fb5dc904c6b0433fbab616c5ba48e3e0f019374790e742fda3a1d12053bb13fe2118305e7c99e

Download Submit
C:\Windows\system\Iiptwwx.exe

Filesize
6.0MB

MD5
954a625986f573f74625936c56611a18

SHA1
f9b90d1b2f7409764940e368668ea3c2a1838a9b

SHA256
9028e5df672e3cbb8cefe4c662acfecee2d584ecb6231590a63e6d25fc4eb677

SHA512
edb4f6efc8ff3eec6f5813989055976b140e2b1d2e9fa16e8622fd9541acf4c96edcd7759aeb3a5b98399fcd49303f1880b8eda210718b4b22be38c44d3103b9

Download Submit
C:\Windows\system\JoEJzeT.exe

Filesize
6.0MB

MD5
8b9598fbbd8ba1610997548e5b29db65

SHA1
e67abc020cf94d1da4c98fb4ae09a018c6e7389f

SHA256
ac7d1f9ea43b858f306cc7b9fe302ab27dbc68754e9b224b6133d84cd0216909

SHA512
386e20400b09200f71ef4f53b961d46ea687ce24d398b6f39fa11efbe71ee158b55947b6ac71cfe32a0ff0fc69831a9157507cc9ded06a135fa0a7897179363d

Download Submit
C:\Windows\system\LyuAXEe.exe

Filesize
6.0MB

MD5
48b209bf23263f1c5938df717f3113d7

SHA1
761086e8342d13882e2aab42323eb35650cc134c

SHA256
12d0fd0ba729674c8bfde958fbe66edfb1c33bf207fcd1bbc6186d902b69350c

SHA512
285ffa8bf717663dcd67b9e19cce34911a1eb7e93bbfee9a3f45dafc11821a2138fd574dd442a2906af06495d72729a6c0c9119fc5156633be03e6197fcc6eb1

Download Submit
C:\Windows\system\QjKdKZa.exe

Filesize
6.0MB

MD5
0a27fadd70dc39f456578deaa447faf8

SHA1
41b6674ee5ab5ff285509fd43cc3224668b34804

SHA256
75a1585aacdf7336f9930b5f3568c726cc460f31b268549fdc4effc29e3e7f80

SHA512
d5766ec10a5b225627da8e65805a294eb43ff52f53ff91df364384c3ac0bf09f975f3235f45f7c80c22fa34e7840a2ddd90b8031ef76e55c66672bb82de069ea

Download Submit
C:\Windows\system\QqYLJlk.exe

Filesize
6.0MB

MD5
fb1c5ffcc5019c45eaf6f2ecae3b6791

SHA1
6e68e536999d255cf5e5dc3eeb80e0ba4b67d9fd

SHA256
ca2e6d94f84b7be704e86dfa026608022cfa43192f29b459c4fc273d1bb38bde

SHA512
4fef558220d08f239f4d6e061241ad7e17e710cbf588a0486883a756fa09e0d4b8c9694ca0e06f3fdd09d85f9a8bcfbf6690e1294a08a368c81dd7175f75a28e

Download Submit
C:\Windows\system\RvEzHwI.exe

Filesize
6.0MB

MD5
6134a1ab289fa4ea7db5eefc9fe93725

SHA1
1795fe2e60bbc497eec49d58f9e19098e9029132

SHA256
a1e91a11ace6c575b055b8121e570a6cf39d0a8870ee0599b280c8f148985332

SHA512
7850c4c47eb0bb7843216202cb167fb46ac2b76643a815ba64b6c448567069cb3721a28d9154db244ecb3d67e7e75ea0bcf9316373fb65413d1b5f3219eb58ae

Download Submit
C:\Windows\system\TVaIagg.exe

Filesize
8B

MD5
df291bcdb8ebdc7240b14dd827f6398f

SHA1
5affc65a790ce656995e39f445b2dfa1d6848c65

SHA256
144f1bfac73422bcb8b83c7b1273e93e2b5f3245068bd656105f2fca31b15f7d

SHA512
e56b89dd2f235ef75da5439f19ca2d42261b414efc1d93983268accfee6e54dd7508bb12579c397372b6b2bfa70f21e2b1f411642303fd76c261a57c09a175d9

Download Submit
C:\Windows\system\UzONUQA.exe

Filesize
6.0MB

MD5
da874868dcc34f31b159ebb64c088800

SHA1
40ff9e85803cb62bb03924bfb2c7f29b8c893e51

SHA256
6e2b097edf7849d6b3e9751a09515c4b6adef0c9c2894fea1ac385bd80a10a79

SHA512
f72673ab7ea42466fc747c302e3df585f73ad5c0815a3323f36c28c63faf675cbdfcb6da5073cd4def76cd6c20f31369b18344347990601eca14669dcf9aaad5

Download Submit
C:\Windows\system\XETavzP.exe

Filesize
6.0MB

MD5
303d1883d29c9b73a84ebb87ee0fc95c

SHA1
6b566bff1d2897fcbe7f79914e897a9a712d5ffe

SHA256
9c7a1896a0e5f067c943edda6380781c4563ba6e107d4b67a28ab475c662254b

SHA512
4ca8c529aa3e6f011e2cf20580466534b15b7c6a5df5ef0da010c85fc7dd7405ff23b8e5b377c537f9f3f761d3ef7775ae684d5ed500d72be2a29a240eb7eb27

Download Submit
C:\Windows\system\aUfSWOL.exe

Filesize
6.0MB

MD5
be3171bbd2c8abdd63a22663698ed733

SHA1
3c52c27dcd2a5a8227a6e25281ab84d264028bd5

SHA256
ca77503a3bca94127bf04fdb01aad420e2b54b272d85bf6734c208d2e9b4a1a2

SHA512
28eab2b109e21ed45fc01a34b6b006ef99f4a12c6bcac57ed8cb962ed4db8c8ee53e6edcc62cece78b56ae845acb964abd85c9527d259fd88637cd152b11d081

Download Submit
C:\Windows\system\cMTXhcW.exe

Filesize
6.0MB

MD5
fca6a3c02d42076886a0bfa51fb02b7f

SHA1
93ffad75230100dd0365d436c37d404df5945d3b

SHA256
383c7d160b9c7ae89281302baa46956b8afe6ec3c40ae21108a6d264d8b94d66

SHA512
2a24c7b2bb6bcaa655b6bcbf0aa731ca7efbb0f147d8a486185890a1f042bed80510469ab7c7be3dff6345d1bdf5765947efde8a26e79bfc0d7e969fc864afe2

Download Submit
C:\Windows\system\cZOUjfM.exe

Filesize
6.0MB

MD5
88c8aefd52f67706b93d0e3864f270fd

SHA1
b6451ea5e262dbb1ee05a57ad5c2160c17b7c2a1

SHA256
ddd6e8891b6ee0feddd7338fd9d4eb6d44a1228bf198bfc2266608497a851048

SHA512
44bef47993f55522bfaf5e9a3ae1c5dcbddf6d1c6e9d55e5c69ee3a87c3c91be203de84fb5ae4380eadb5fffc069f89d9ef95455f705ca14b1850f2f2ac64149

Download Submit
C:\Windows\system\dCbHUQs.exe

Filesize
6.0MB

MD5
e3100c5c61a6193562d29067c697b843

SHA1
b001caaee85b2f2212fd19625cf451a733729a4e

SHA256
bda00be2703014689a8f1aa7b0412cae4ff96e19808dff43ceae4d6e32aabbf2

SHA512
efbe2646b90a98a5139d57d1334e04799e4ded1fa0bc398d1c8307916faf6bfc1aa9b2a12e3a1a9e6f7d71423429341c224148f7f74698c2e983f31d7dbd2c24

Download Submit
C:\Windows\system\iNbARSB.exe

Filesize
6.0MB

MD5
fdf74b508f1a56508c14e0417f60c9bc

SHA1
d11378a8b2ed5300ed01eb0a3fab71ecfcb11251

SHA256
ab6fc97f235530fbde317ed5f379459ff6054a39950c53ef1a40d1a2ce91f5fc

SHA512
013ddc5391df1004a20b3c6da2753c7baaa76db7dee40792a9752bbf8b8b6ed72bdd3d64ab8410bcaac681fa874f36228d0a8d065cd49dad236557f58f3a7d8b

Download Submit
C:\Windows\system\nFkVKln.exe

Filesize
6.0MB

MD5
7d56db5861c162032f1f45ae1e9983e0

SHA1
b94586a45164d0e02651a8945de618317938ccfe

SHA256
0a4bcd6528b666577f55e8d5de06b18f627ba15885498d734323bc8984d9044c

SHA512
ecc0613c18f053ae06d22e5c2b672d4d589d751e1bc8607de6ec276137eb25e8856d780b75defdc27f0eb5d80bc99262b126c1b607cfb5e1ba514f89276d04ff

Download Submit
C:\Windows\system\nxrjRsT.exe

Filesize
6.0MB

MD5
423128210d5a915ef27e02bd85c6ef6b

SHA1
53736d47d35fe75d97016e7e6f2195032b132cb0

SHA256
b015ca17c098ae856f20d69747ad2e58bfb1f0d0ba5b84ce5d972ccbd2782828

SHA512
3179fb9621e7934b205ddfbd132d04f7d0d567b2bd82051998e5ff338f9bf7db59ba3b841dfbb32eeb953d682c05458d95bd4c33b0d621e11febccccad5cf679

Download Submit
C:\Windows\system\pBDMaWw.exe

Filesize
6.0MB

MD5
00d642a538d76ccabbd8258442ea130c

SHA1
185aa119d08cccdd1108fe1537100776954f08e5

SHA256
4dc3f3572f6db0eff1ed5783cc183529153587958b42c5aefcd76d19ce8d1e7a

SHA512
5c1b1eab5d33b192a5d8146859b01160e99b5ab6fd0a6d0c26ed853749430724d8c0df84e0c8b122c56daadaa7adbbe2c3aadf7086fe57f7f538bf2c685314d9

Download Submit
C:\Windows\system\qZWLsKv.exe

Filesize
6.0MB

MD5
64e21a77a8c9a527a0ef6a78a4d75fac

SHA1
e031f9f5026b129fcc60d91b5074831c2ac1cfa3

SHA256
28dfee8b28abc2c8d89087054ba62a7c23d26b00be72fc26994052cc04e62461

SHA512
a5c09ed90fb92ba0b0200facf7efbcc564021555bf9caa6aa4f864fd55b75764ca5792bdedf691758083f8818905780654753b37a632e92a72a03cbcc969a1af

Download Submit
C:\Windows\system\qbOnoEO.exe

Filesize
6.0MB

MD5
95693a730a064175e109b363b5aa769d

SHA1
ed7150302503a8d168e50456095b949c188edbc8

SHA256
de0911595f961f1006e750a9af8e6cd43c4c04b6afbb761b65850f75e84d21e1

SHA512
d67111256c0099c011ff5979a02267552711781c63633b1469f340d2995e52369c2404aaab71a6541e12619fcfdf8f3cc5113bbb679d8932fd8cfe142e74026a

Download Submit
C:\Windows\system\uIMIJBR.exe

Filesize
6.0MB

MD5
df869661bbbe41abca61fc9222bb6274

SHA1
ed2454be9276e7be1c60b04f37600fce3a6db38e

SHA256
52eadb28a5ead3446ea7b1a9c13469ba68c2a0b6e565fe791d080da166773833

SHA512
cf41729a419b4303ac4c3390b13f31f984c49f5960e521c24a53a92e9fff4139edfd0fb4c74b49c2f3b9ce011b69795bc142efb268cd0fbdbfe06113924bc08c

Download Submit
C:\Windows\system\uYWRULE.exe

Filesize
6.0MB

MD5
2d28f1ca2c99864871ee5f7b45d6af6c

SHA1
ea6f0dfe4fcb1527f804150951c1edb212e41af6

SHA256
9d54a5abbd3344886993c32a766e8579b6fe81900d9e09d7dd26ddf134fabab3

SHA512
b5a120e710bd1c5dbb47d6a50ae068061602a6f3498b4c170f4eb453c031343797f695339e57c47c13c5091c7e5989118b7c3ee0c575cb117a387e4a826c37cd

Download Submit
C:\Windows\system\xWEuihb.exe

Filesize
6.0MB

MD5
7da74555b888c8ab9edf839d26ffa69b

SHA1
db18cd38d71f89a1b32b8dee723265cf32562a3d

SHA256
12229b454ea1439b87ba14d0c41deed9024fdc9c4dabaf258215997ed9ff3443

SHA512
8055e1c4f79f64e30886bc7d636fb70b6226063c1bdfa69726e1a8731130e0d62680b3c16e93d30b9162cebb763d5af32c67e9ccb8f9dd7fa34fde04726b926b

Download Submit
C:\Windows\system\xuFVZeX.exe

Filesize
6.0MB

MD5
d65adfdc491d9dfefc623cad9ca5abb2

SHA1
16c7eaab27223e13af7509b8b069bc58133cc594

SHA256
7c675d09895911918d3512482ef6017fa363ec877bcbb9a5583f653097938762

SHA512
3e7a04c90dba11faa66827391c2a417e0d21cbe05f27b0aa6920d3116bd7cdd8ccfed4a15f1cebcf91f52d6062dbf7d069f2092a03f9a3ea59c40a5292c0eb39

Download Submit
C:\Windows\system\zmhaOZK.exe

Filesize
6.0MB

MD5
fa69f65c2aa06ef442560811b6c71a65

SHA1
631ac30f9cbdff1d3485d9c270060b21a5b32305

SHA256
4fdf1f88b49a0bd7ba5e6cf3382550cc4bc8d885ff49a844273ccba7681e64d8

SHA512
c966caa9f8263b8aa629ec22e9a38ba863c54bafc23bea94a820f2276d7396597d579847f509466e89a701ef37b5e440a2ae9487f9b1d90e4fe431fa49adadd7

Download Submit
\Windows\system\MytIGKv.exe

Filesize
6.0MB

MD5
7a1943da225273a9b2331eef9706e738

SHA1
8f33215f96af7a99163bbc1bc29d1d035a6af733

SHA256
a1860d6ca0fda659690a38c430213380537dc01e458db75ed4c72cb6d3b38c8a

SHA512
9f37f4c1794ad536511888f6fc1199683b278cf94d820338424fee999471738bb858b7af11d5cc0f7116bf1255e1cc91b5df53123f8ef89021fbcb50f87c0ab4

Download Submit
\Windows\system\NrONyhe.exe

Filesize
6.0MB

MD5
e97729e0e375269fa699ad7282194a3a

SHA1
98d69150ecf3620902cee659f32882c02600a45e

SHA256
6fcc2eedad9e509031b8d3c14abeef88aa4901294f7aff309923dfb3b82f40a6

SHA512
e5a12239a93e0c097b05f9868c70b08669a9913f9ddec8dae074904a5782b011502781711f403ef29ff561260f293bc59e4c69e1c28b70a09cb0a6f67ed89e7a

Download Submit
\Windows\system\UvaHDGw.exe

Filesize
6.0MB

MD5
61d69dbbcf2f4faf7386ecb2ee30fe1b

SHA1
3dddcb138536650e274f1bba02750ee123275e92

SHA256
262ad59cb949a05a74c8a9945a888ff1b95df5fbceda06426af3fff908e77fe6

SHA512
57f36089b8c346aba82f437374f62d1653c819e6ac593bfc606b6f8b34a53124d7494060b86cd468e1b8fcf0c808d38ff8f879573021047322f2a9aebd28bcfd

Download Submit
\Windows\system\tHBGFJY.exe

Filesize
6.0MB

MD5
4a4c6f2a1663d4c6283a316c6349007d

SHA1
710378e9fdc0130274d962356f278f839be2ffb3

SHA256
2f989a6c7772971aca3afb17d7670544100b4165c4e9a5ef54e300debd2ba2c5

SHA512
dc5ddd482f9bd9c1ce1eadbdbc81d780d1141f354cf426fecc6bf025ed5ca3ae3dd11df6b8507f05bad3a1761296e5e1fb591032771d97752b2dd535aeff2a80

Download Submit
memory/888-1024-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/888-3448-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/888-104-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2228-98-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-1022-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-3444-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-77-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-3331-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-8-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2464-53-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2464-0-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2464-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2464-19-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2464-29-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2464-423-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2464-1159-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2464-60-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2464-48-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2464-1023-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2464-489-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2464-703-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2464-1154-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2464-118-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2464-109-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2464-108-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2464-823-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2464-99-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2464-915-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2464-81-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2464-66-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2464-916-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2464-52-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2464-12-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2464-55-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3338-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2564-21-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2564-319-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2812-94-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2812-917-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3441-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2820-35-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2820-320-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3319-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2884-56-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3297-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3348-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2936-42-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2936-321-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2972-704-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2972-3437-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2972-70-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/3052-14-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-3327-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-114-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-3324-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-64-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download