cobaltstrike | 2bac2c97a604e4efafbacc0707469e994ae08d961c6147df8745df508800ee96

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 05:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b2081b4ea25d2c5bae159753c430a8d6
SHA1

b2b0df38b902d7fdcb14af0ffaf02cb9275e8a1a
SHA256

2bac2c97a604e4efafbacc0707469e994ae08d961c6147df8745df508800ee96
SHA512

58bc23db05b6665031760cf453c37a8a8fcdb53fdfe6a673900ed55b48369a61849a6ddb47c2bcf5ec0d07f7225be7f4f7b3a7748f7a39e90fe22f243d941481
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUO:T+q56utgpPF8u/7O

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0005000000010300-6.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001757f-17.dat	cobalt_reflective_dll
behavioral1/files/0x0016000000018676-30.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018696-39.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019479-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964a-195.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019642-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953e-178.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d7-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947d-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019485-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019640-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019513-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-93.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-72.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000187a2-69.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019278-61.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018697-48.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174a6-24.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001746a-14.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2796-0-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x0005000000010300-6.dat	xmrig
behavioral1/memory/2796-8-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2528-9-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x000700000001757f-17.dat	xmrig
behavioral1/files/0x0016000000018676-30.dat	xmrig
behavioral1/memory/2804-37-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2796-38-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2772-50-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x0006000000018696-39.dat	xmrig
behavioral1/files/0x0005000000019365-76.dat	xmrig
behavioral1/memory/2888-81-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2772-84-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/584-105-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x0005000000019479-141.dat	xmrig
behavioral1/files/0x000500000001964a-195.dat	xmrig
behavioral1/memory/2796-388-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2888-516-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/584-1079-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/1160-953-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/1976-705-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2696-270-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019642-188.dat	xmrig
behavioral1/files/0x000500000001950e-182.dat	xmrig
behavioral1/files/0x000500000001953e-178.dat	xmrig
behavioral1/files/0x00050000000194d7-171.dat	xmrig
behavioral1/files/0x000500000001947d-162.dat	xmrig
behavioral1/files/0x000500000001946a-159.dat	xmrig
behavioral1/files/0x0005000000019485-156.dat	xmrig
behavioral1/files/0x0005000000019640-186.dat	xmrig
behavioral1/files/0x000500000001945b-150.dat	xmrig
behavioral1/files/0x0005000000019513-176.dat	xmrig
behavioral1/files/0x00050000000193c1-138.dat	xmrig
behavioral1/files/0x00050000000194df-166.dat	xmrig
behavioral1/files/0x0005000000019450-127.dat	xmrig
behavioral1/files/0x0005000000019446-117.dat	xmrig
behavioral1/memory/2480-111-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x00050000000193b3-108.dat	xmrig
behavioral1/files/0x00050000000193a4-100.dat	xmrig
behavioral1/files/0x0005000000019465-131.dat	xmrig
behavioral1/files/0x0005000000019433-116.dat	xmrig
behavioral1/memory/2796-115-0x0000000002270000-0x00000000025C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019387-93.dat	xmrig
behavioral1/memory/1976-89-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2796-88-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x0005000000019377-86.dat	xmrig
behavioral1/memory/2696-74-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2808-73-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/files/0x0005000000019319-72.dat	xmrig
behavioral1/memory/2480-70-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x00070000000187a2-69.dat	xmrig
behavioral1/memory/2320-68-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x0006000000019278-61.dat	xmrig
behavioral1/memory/2648-58-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2532-51-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x0008000000018697-48.dat	xmrig
behavioral1/memory/2808-29-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2572-27-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x00080000000174a6-24.dat	xmrig
behavioral1/memory/2648-21-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x000800000001746a-14.dat	xmrig
behavioral1/memory/2320-4176-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2572-4180-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/1976-4187-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2528	lEzelGE.exe
2648	jkHtOWd.exe
2572	GEKFlCQ.exe
2808	loRnCBC.exe
2804	XRQvyEB.exe
2772	EJXoaCe.exe
2532	aEZTklT.exe
2320	JrduXJz.exe
2480	VYIvvaN.exe
2696	zHdgPZr.exe
2888	VuEPbyl.exe
1976	sgJgPdM.exe
1160	nTITAtN.exe
584	HixLPaC.exe
560	jwpRlId.exe
1920	clqKoDd.exe
888	HjSRhUT.exe
1808	oQijWie.exe
2220	lmnLhCe.exe
2836	MXOAjeP.exe
1816	RyGAesU.exe
552	wiEfepF.exe
2132	qRkZIUm.exe
2820	azhuTjX.exe
3056	mdZEApb.exe
2744	mwQNzbl.exe
2108	jODxDAK.exe
1284	FoVAdec.exe
1200	leSzzjS.exe
896	ciFxOBP.exe
2988	NDOEHKi.exe
2388	gNeaPGZ.exe
2252	mqnzOAu.exe
1328	bLPUbSc.exe
1384	sptbJLf.exe
1308	SDIjVkd.exe
2084	gJLylZo.exe
1660	oFCWwFU.exe
2236	cPRSOua.exe
2800	cIyiAVi.exe
1040	nqpPMtd.exe
2024	TLHCYXO.exe
2032	BzRxfhN.exe
1000	EXoWhaA.exe
2028	Iodnhln.exe
2840	xQKFDOr.exe
1980	ZCJdXiW.exe
1744	MZINOcA.exe
2008	PoyXwil.exe
2932	IBOaJBG.exe
2856	GukkJfI.exe
2812	mdBTcVH.exe
1588	EzYIyme.exe
1556	FkyTnQL.exe
2564	mJoRqke.exe
2544	WseSBxk.exe
2596	QGAiNYe.exe
2336	OtyLXQj.exe
2408	PDaLLjo.exe
576	uKhxNIQ.exe
1684	DfaQnTK.exe
1592	UzBGVLq.exe
2372	XQOcCyI.exe
1512	rQkeaqO.exe

Loads dropped DLL 64 IoCs

pid	Process
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2796-0-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x0005000000010300-6.dat	upx
behavioral1/memory/2528-9-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x000700000001757f-17.dat	upx
behavioral1/files/0x0016000000018676-30.dat	upx
behavioral1/memory/2804-37-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2796-38-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2772-50-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x0006000000018696-39.dat	upx
behavioral1/files/0x0005000000019365-76.dat	upx
behavioral1/memory/2888-81-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2772-84-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/584-105-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x0005000000019479-141.dat	upx
behavioral1/files/0x000500000001964a-195.dat	upx
behavioral1/memory/2888-516-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/584-1079-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/1160-953-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/1976-705-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2696-270-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x0005000000019642-188.dat	upx
behavioral1/files/0x000500000001950e-182.dat	upx
behavioral1/files/0x000500000001953e-178.dat	upx
behavioral1/files/0x00050000000194d7-171.dat	upx
behavioral1/files/0x000500000001947d-162.dat	upx
behavioral1/files/0x000500000001946a-159.dat	upx
behavioral1/files/0x0005000000019485-156.dat	upx
behavioral1/files/0x0005000000019640-186.dat	upx
behavioral1/files/0x000500000001945b-150.dat	upx
behavioral1/files/0x0005000000019513-176.dat	upx
behavioral1/files/0x00050000000193c1-138.dat	upx
behavioral1/files/0x00050000000194df-166.dat	upx
behavioral1/files/0x0005000000019450-127.dat	upx
behavioral1/files/0x0005000000019446-117.dat	upx
behavioral1/memory/2480-111-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x00050000000193b3-108.dat	upx
behavioral1/files/0x00050000000193a4-100.dat	upx
behavioral1/files/0x0005000000019465-131.dat	upx
behavioral1/files/0x0005000000019433-116.dat	upx
behavioral1/files/0x0005000000019387-93.dat	upx
behavioral1/memory/1976-89-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x0005000000019377-86.dat	upx
behavioral1/memory/2696-74-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2808-73-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/files/0x0005000000019319-72.dat	upx
behavioral1/memory/2480-70-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x00070000000187a2-69.dat	upx
behavioral1/memory/2320-68-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x0006000000019278-61.dat	upx
behavioral1/memory/2648-58-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2532-51-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x0008000000018697-48.dat	upx
behavioral1/memory/2808-29-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2572-27-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x00080000000174a6-24.dat	upx
behavioral1/memory/2648-21-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x000800000001746a-14.dat	upx
behavioral1/memory/2320-4176-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2572-4180-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/1976-4187-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2808-4188-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2532-4189-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/584-4201-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2648-4202-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\KnrgNrZ.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tyqhGVf.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WZRLXtN.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TNXkQkv.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zFDZOob.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNMslDz.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eRUsjxg.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rLbWUKa.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\udYRdEM.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lczBlCt.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FnRHOPW.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TwskPYj.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhRHTPJ.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FxuyTYe.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\buPNozD.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Sskqyfy.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ztKjaHy.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oUqsNGV.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FdIMmmb.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AcUPXfS.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUDtfXu.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ogkyODi.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MJIxLpl.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RbOuIlw.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MBKflHC.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VNBIFtU.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZtSSoLx.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtYcZJD.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QeTBHSw.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hvGkJXV.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QYnyBuR.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAkeyyz.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DtvbWVX.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wrgznPy.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HohXsXr.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AyFegBm.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ibSmlEA.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GqOAVWJ.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mivuFRl.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCVAsyK.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EGrKlzO.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JpOklkn.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UWRNheW.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFrAzca.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ciFxOBP.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nRtJuSd.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnvynNW.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sBhxYiP.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gceVgkl.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YcRHYAT.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gAwFCCt.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyVUPlO.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YxpSSHA.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LdNmOli.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lXTxAQI.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HhMtpZb.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fotzOVN.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gXvXduc.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lvfBTAS.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oOsLxPL.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNBynvb.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gEpZWpy.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NqrpozX.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aqzRjSO.exe	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 2528	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2796 wrote to memory of 2528	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2796 wrote to memory of 2528	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2796 wrote to memory of 2648	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2796 wrote to memory of 2648	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2796 wrote to memory of 2648	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2796 wrote to memory of 2572	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2796 wrote to memory of 2572	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2796 wrote to memory of 2572	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2796 wrote to memory of 2808	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2796 wrote to memory of 2808	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2796 wrote to memory of 2808	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2796 wrote to memory of 2804	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2796 wrote to memory of 2804	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2796 wrote to memory of 2804	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2796 wrote to memory of 2772	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2796 wrote to memory of 2772	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2796 wrote to memory of 2772	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2796 wrote to memory of 2532	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2796 wrote to memory of 2532	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2796 wrote to memory of 2532	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2796 wrote to memory of 2480	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2796 wrote to memory of 2480	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2796 wrote to memory of 2480	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2796 wrote to memory of 2320	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2796 wrote to memory of 2320	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2796 wrote to memory of 2320	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2796 wrote to memory of 2696	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2796 wrote to memory of 2696	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2796 wrote to memory of 2696	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2796 wrote to memory of 2888	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2796 wrote to memory of 2888	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2796 wrote to memory of 2888	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2796 wrote to memory of 1976	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2796 wrote to memory of 1976	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2796 wrote to memory of 1976	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2796 wrote to memory of 1160	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2796 wrote to memory of 1160	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2796 wrote to memory of 1160	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2796 wrote to memory of 584	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2796 wrote to memory of 584	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2796 wrote to memory of 584	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2796 wrote to memory of 560	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2796 wrote to memory of 560	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2796 wrote to memory of 560	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2796 wrote to memory of 2220	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2796 wrote to memory of 2220	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2796 wrote to memory of 2220	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2796 wrote to memory of 1920	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2796 wrote to memory of 1920	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2796 wrote to memory of 1920	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2796 wrote to memory of 1816	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2796 wrote to memory of 1816	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2796 wrote to memory of 1816	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2796 wrote to memory of 888	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2796 wrote to memory of 888	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2796 wrote to memory of 888	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2796 wrote to memory of 552	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2796 wrote to memory of 552	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2796 wrote to memory of 552	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2796 wrote to memory of 1808	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2796 wrote to memory of 1808	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2796 wrote to memory of 1808	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2796 wrote to memory of 2820	2796	2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-22_b2081b4ea25d2c5bae159753c430a8d6_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Windows\System\lEzelGE.exe
  C:\Windows\System\lEzelGE.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\jkHtOWd.exe
  C:\Windows\System\jkHtOWd.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\GEKFlCQ.exe
  C:\Windows\System\GEKFlCQ.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\loRnCBC.exe
  C:\Windows\System\loRnCBC.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\XRQvyEB.exe
  C:\Windows\System\XRQvyEB.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\EJXoaCe.exe
  C:\Windows\System\EJXoaCe.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\aEZTklT.exe
  C:\Windows\System\aEZTklT.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\VYIvvaN.exe
  C:\Windows\System\VYIvvaN.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\JrduXJz.exe
  C:\Windows\System\JrduXJz.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\zHdgPZr.exe
  C:\Windows\System\zHdgPZr.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\VuEPbyl.exe
  C:\Windows\System\VuEPbyl.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\sgJgPdM.exe
  C:\Windows\System\sgJgPdM.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\nTITAtN.exe
  C:\Windows\System\nTITAtN.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\HixLPaC.exe
  C:\Windows\System\HixLPaC.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\jwpRlId.exe
  C:\Windows\System\jwpRlId.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\lmnLhCe.exe
  C:\Windows\System\lmnLhCe.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\clqKoDd.exe
  C:\Windows\System\clqKoDd.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\RyGAesU.exe
  C:\Windows\System\RyGAesU.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\HjSRhUT.exe
  C:\Windows\System\HjSRhUT.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\wiEfepF.exe
  C:\Windows\System\wiEfepF.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\oQijWie.exe
  C:\Windows\System\oQijWie.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\azhuTjX.exe
  C:\Windows\System\azhuTjX.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\MXOAjeP.exe
  C:\Windows\System\MXOAjeP.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\mdZEApb.exe
  C:\Windows\System\mdZEApb.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\qRkZIUm.exe
  C:\Windows\System\qRkZIUm.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\jODxDAK.exe
  C:\Windows\System\jODxDAK.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\mwQNzbl.exe
  C:\Windows\System\mwQNzbl.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\leSzzjS.exe
  C:\Windows\System\leSzzjS.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\FoVAdec.exe
  C:\Windows\System\FoVAdec.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\gNeaPGZ.exe
  C:\Windows\System\gNeaPGZ.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\ciFxOBP.exe
  C:\Windows\System\ciFxOBP.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\mqnzOAu.exe
  C:\Windows\System\mqnzOAu.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\NDOEHKi.exe
  C:\Windows\System\NDOEHKi.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\sptbJLf.exe
  C:\Windows\System\sptbJLf.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\bLPUbSc.exe
  C:\Windows\System\bLPUbSc.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\gJLylZo.exe
  C:\Windows\System\gJLylZo.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\SDIjVkd.exe
  C:\Windows\System\SDIjVkd.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\oFCWwFU.exe
  C:\Windows\System\oFCWwFU.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\cPRSOua.exe
  C:\Windows\System\cPRSOua.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\cIyiAVi.exe
  C:\Windows\System\cIyiAVi.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\nqpPMtd.exe
  C:\Windows\System\nqpPMtd.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\TLHCYXO.exe
  C:\Windows\System\TLHCYXO.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\BzRxfhN.exe
  C:\Windows\System\BzRxfhN.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\EXoWhaA.exe
  C:\Windows\System\EXoWhaA.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\Iodnhln.exe
  C:\Windows\System\Iodnhln.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\xQKFDOr.exe
  C:\Windows\System\xQKFDOr.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\ZCJdXiW.exe
  C:\Windows\System\ZCJdXiW.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\MZINOcA.exe
  C:\Windows\System\MZINOcA.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\PoyXwil.exe
  C:\Windows\System\PoyXwil.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\IBOaJBG.exe
  C:\Windows\System\IBOaJBG.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\GukkJfI.exe
  C:\Windows\System\GukkJfI.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\mdBTcVH.exe
  C:\Windows\System\mdBTcVH.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\EzYIyme.exe
  C:\Windows\System\EzYIyme.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\FkyTnQL.exe
  C:\Windows\System\FkyTnQL.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\mJoRqke.exe
  C:\Windows\System\mJoRqke.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\WseSBxk.exe
  C:\Windows\System\WseSBxk.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\QGAiNYe.exe
  C:\Windows\System\QGAiNYe.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\PDaLLjo.exe
  C:\Windows\System\PDaLLjo.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\OtyLXQj.exe
  C:\Windows\System\OtyLXQj.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\uKhxNIQ.exe
  C:\Windows\System\uKhxNIQ.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\DfaQnTK.exe
  C:\Windows\System\DfaQnTK.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\UzBGVLq.exe
  C:\Windows\System\UzBGVLq.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\XQOcCyI.exe
  C:\Windows\System\XQOcCyI.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\GVfiXWC.exe
  C:\Windows\System\GVfiXWC.exe
  2⤵
  PID:3020
- C:\Windows\System\rQkeaqO.exe
  C:\Windows\System\rQkeaqO.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\FdiyZbu.exe
  C:\Windows\System\FdiyZbu.exe
  2⤵
  PID:1448
- C:\Windows\System\UGXbnyh.exe
  C:\Windows\System\UGXbnyh.exe
  2⤵
  PID:1944
- C:\Windows\System\gUGgMQg.exe
  C:\Windows\System\gUGgMQg.exe
  2⤵
  PID:1868
- C:\Windows\System\JzCDHIG.exe
  C:\Windows\System\JzCDHIG.exe
  2⤵
  PID:1596
- C:\Windows\System\XfiTWyc.exe
  C:\Windows\System\XfiTWyc.exe
  2⤵
  PID:3016
- C:\Windows\System\TwskPYj.exe
  C:\Windows\System\TwskPYj.exe
  2⤵
  PID:3048
- C:\Windows\System\JNsSlxq.exe
  C:\Windows\System\JNsSlxq.exe
  2⤵
  PID:1084
- C:\Windows\System\fROtLhG.exe
  C:\Windows\System\fROtLhG.exe
  2⤵
  PID:1152
- C:\Windows\System\YEpBIBD.exe
  C:\Windows\System\YEpBIBD.exe
  2⤵
  PID:868
- C:\Windows\System\MrfiSmk.exe
  C:\Windows\System\MrfiSmk.exe
  2⤵
  PID:1524
- C:\Windows\System\GFiqPOv.exe
  C:\Windows\System\GFiqPOv.exe
  2⤵
  PID:2068
- C:\Windows\System\ZbSvlkT.exe
  C:\Windows\System\ZbSvlkT.exe
  2⤵
  PID:2948
- C:\Windows\System\tuswEWw.exe
  C:\Windows\System\tuswEWw.exe
  2⤵
  PID:2512
- C:\Windows\System\WMmLchN.exe
  C:\Windows\System\WMmLchN.exe
  2⤵
  PID:1712
- C:\Windows\System\pfVFGMf.exe
  C:\Windows\System\pfVFGMf.exe
  2⤵
  PID:2960
- C:\Windows\System\dkoumPG.exe
  C:\Windows\System\dkoumPG.exe
  2⤵
  PID:2248
- C:\Windows\System\EaMzhhw.exe
  C:\Windows\System\EaMzhhw.exe
  2⤵
  PID:880
- C:\Windows\System\PrJqVDo.exe
  C:\Windows\System\PrJqVDo.exe
  2⤵
  PID:2920
- C:\Windows\System\EhEMfiJ.exe
  C:\Windows\System\EhEMfiJ.exe
  2⤵
  PID:872
- C:\Windows\System\SZfHWGg.exe
  C:\Windows\System\SZfHWGg.exe
  2⤵
  PID:1704
- C:\Windows\System\cFJigOc.exe
  C:\Windows\System\cFJigOc.exe
  2⤵
  PID:2168
- C:\Windows\System\ZrTyXiE.exe
  C:\Windows\System\ZrTyXiE.exe
  2⤵
  PID:1580
- C:\Windows\System\rCwpmtt.exe
  C:\Windows\System\rCwpmtt.exe
  2⤵
  PID:2624
- C:\Windows\System\PwTitaO.exe
  C:\Windows\System\PwTitaO.exe
  2⤵
  PID:2956
- C:\Windows\System\SlPgAhR.exe
  C:\Windows\System\SlPgAhR.exe
  2⤵
  PID:2884
- C:\Windows\System\sirnnBr.exe
  C:\Windows\System\sirnnBr.exe
  2⤵
  PID:2904
- C:\Windows\System\WjVkFWq.exe
  C:\Windows\System\WjVkFWq.exe
  2⤵
  PID:1440
- C:\Windows\System\sLzJRGA.exe
  C:\Windows\System\sLzJRGA.exe
  2⤵
  PID:1036
- C:\Windows\System\lKDdKyQ.exe
  C:\Windows\System\lKDdKyQ.exe
  2⤵
  PID:564
- C:\Windows\System\llrUGbT.exe
  C:\Windows\System\llrUGbT.exe
  2⤵
  PID:944
- C:\Windows\System\eTIZiSj.exe
  C:\Windows\System\eTIZiSj.exe
  2⤵
  PID:2088
- C:\Windows\System\zIrzhIp.exe
  C:\Windows\System\zIrzhIp.exe
  2⤵
  PID:1956
- C:\Windows\System\yMlKtff.exe
  C:\Windows\System\yMlKtff.exe
  2⤵
  PID:3076
- C:\Windows\System\pQSzvOf.exe
  C:\Windows\System\pQSzvOf.exe
  2⤵
  PID:3092
- C:\Windows\System\uTQnQbz.exe
  C:\Windows\System\uTQnQbz.exe
  2⤵
  PID:3116
- C:\Windows\System\CiFGqCG.exe
  C:\Windows\System\CiFGqCG.exe
  2⤵
  PID:3140
- C:\Windows\System\ARigMyi.exe
  C:\Windows\System\ARigMyi.exe
  2⤵
  PID:3156
- C:\Windows\System\fqqsbJC.exe
  C:\Windows\System\fqqsbJC.exe
  2⤵
  PID:3176
- C:\Windows\System\pnymcsU.exe
  C:\Windows\System\pnymcsU.exe
  2⤵
  PID:3196
- C:\Windows\System\eooMyqD.exe
  C:\Windows\System\eooMyqD.exe
  2⤵
  PID:3212
- C:\Windows\System\akiSQgu.exe
  C:\Windows\System\akiSQgu.exe
  2⤵
  PID:3240
- C:\Windows\System\XgiTqiY.exe
  C:\Windows\System\XgiTqiY.exe
  2⤵
  PID:3260
- C:\Windows\System\oHDukAf.exe
  C:\Windows\System\oHDukAf.exe
  2⤵
  PID:3284
- C:\Windows\System\vdxIvYz.exe
  C:\Windows\System\vdxIvYz.exe
  2⤵
  PID:3300
- C:\Windows\System\sQvDjVx.exe
  C:\Windows\System\sQvDjVx.exe
  2⤵
  PID:3320
- C:\Windows\System\CrqHbCX.exe
  C:\Windows\System\CrqHbCX.exe
  2⤵
  PID:3344
- C:\Windows\System\TvySzcw.exe
  C:\Windows\System\TvySzcw.exe
  2⤵
  PID:3360
- C:\Windows\System\sxkwKEP.exe
  C:\Windows\System\sxkwKEP.exe
  2⤵
  PID:3384
- C:\Windows\System\jAeWeSg.exe
  C:\Windows\System\jAeWeSg.exe
  2⤵
  PID:3404
- C:\Windows\System\fFAvyIr.exe
  C:\Windows\System\fFAvyIr.exe
  2⤵
  PID:3424
- C:\Windows\System\FhaHCYE.exe
  C:\Windows\System\FhaHCYE.exe
  2⤵
  PID:3440
- C:\Windows\System\hQAPprX.exe
  C:\Windows\System\hQAPprX.exe
  2⤵
  PID:3464
- C:\Windows\System\rLbWUKa.exe
  C:\Windows\System\rLbWUKa.exe
  2⤵
  PID:3484
- C:\Windows\System\UAXZuQG.exe
  C:\Windows\System\UAXZuQG.exe
  2⤵
  PID:3500
- C:\Windows\System\QMaURZw.exe
  C:\Windows\System\QMaURZw.exe
  2⤵
  PID:3524
- C:\Windows\System\zoVpxaE.exe
  C:\Windows\System\zoVpxaE.exe
  2⤵
  PID:3540
- C:\Windows\System\UhKFUKP.exe
  C:\Windows\System\UhKFUKP.exe
  2⤵
  PID:3564
- C:\Windows\System\STwzvDJ.exe
  C:\Windows\System\STwzvDJ.exe
  2⤵
  PID:3580
- C:\Windows\System\VPLDqrf.exe
  C:\Windows\System\VPLDqrf.exe
  2⤵
  PID:3604
- C:\Windows\System\IttSVqM.exe
  C:\Windows\System\IttSVqM.exe
  2⤵
  PID:3620
- C:\Windows\System\jvcrHrI.exe
  C:\Windows\System\jvcrHrI.exe
  2⤵
  PID:3644
- C:\Windows\System\cgZTXyo.exe
  C:\Windows\System\cgZTXyo.exe
  2⤵
  PID:3664
- C:\Windows\System\FGrYKVI.exe
  C:\Windows\System\FGrYKVI.exe
  2⤵
  PID:3684
- C:\Windows\System\oyVdoyy.exe
  C:\Windows\System\oyVdoyy.exe
  2⤵
  PID:3704
- C:\Windows\System\QeTBHSw.exe
  C:\Windows\System\QeTBHSw.exe
  2⤵
  PID:3724
- C:\Windows\System\uRnbNRa.exe
  C:\Windows\System\uRnbNRa.exe
  2⤵
  PID:3740
- C:\Windows\System\yEDSAAh.exe
  C:\Windows\System\yEDSAAh.exe
  2⤵
  PID:3760
- C:\Windows\System\XCesvqm.exe
  C:\Windows\System\XCesvqm.exe
  2⤵
  PID:3784
- C:\Windows\System\yRqFuCA.exe
  C:\Windows\System\yRqFuCA.exe
  2⤵
  PID:3804
- C:\Windows\System\rtjkWgq.exe
  C:\Windows\System\rtjkWgq.exe
  2⤵
  PID:3824
- C:\Windows\System\efZTyUC.exe
  C:\Windows\System\efZTyUC.exe
  2⤵
  PID:3844
- C:\Windows\System\bSTTLWT.exe
  C:\Windows\System\bSTTLWT.exe
  2⤵
  PID:3864
- C:\Windows\System\ZVTIQHj.exe
  C:\Windows\System\ZVTIQHj.exe
  2⤵
  PID:3880
- C:\Windows\System\tgrLIpP.exe
  C:\Windows\System\tgrLIpP.exe
  2⤵
  PID:3896
- C:\Windows\System\mUvswwF.exe
  C:\Windows\System\mUvswwF.exe
  2⤵
  PID:3920
- C:\Windows\System\hvGkJXV.exe
  C:\Windows\System\hvGkJXV.exe
  2⤵
  PID:3944
- C:\Windows\System\eVnMCVh.exe
  C:\Windows\System\eVnMCVh.exe
  2⤵
  PID:3964
- C:\Windows\System\rOwEArf.exe
  C:\Windows\System\rOwEArf.exe
  2⤵
  PID:3984
- C:\Windows\System\SCuNXhE.exe
  C:\Windows\System\SCuNXhE.exe
  2⤵
  PID:4004
- C:\Windows\System\WGujxvp.exe
  C:\Windows\System\WGujxvp.exe
  2⤵
  PID:4024
- C:\Windows\System\lLknrJr.exe
  C:\Windows\System\lLknrJr.exe
  2⤵
  PID:4044
- C:\Windows\System\RYOBgMh.exe
  C:\Windows\System\RYOBgMh.exe
  2⤵
  PID:4068
- C:\Windows\System\vGpcqwH.exe
  C:\Windows\System\vGpcqwH.exe
  2⤵
  PID:4084
- C:\Windows\System\lXlxooZ.exe
  C:\Windows\System\lXlxooZ.exe
  2⤵
  PID:604
- C:\Windows\System\SyONKuI.exe
  C:\Windows\System\SyONKuI.exe
  2⤵
  PID:296
- C:\Windows\System\thYkVDr.exe
  C:\Windows\System\thYkVDr.exe
  2⤵
  PID:2848
- C:\Windows\System\RsqjucA.exe
  C:\Windows\System\RsqjucA.exe
  2⤵
  PID:288
- C:\Windows\System\POueksQ.exe
  C:\Windows\System\POueksQ.exe
  2⤵
  PID:2212
- C:\Windows\System\pMqFRJQ.exe
  C:\Windows\System\pMqFRJQ.exe
  2⤵
  PID:2548
- C:\Windows\System\ucQmWCC.exe
  C:\Windows\System\ucQmWCC.exe
  2⤵
  PID:2672
- C:\Windows\System\bvpcURw.exe
  C:\Windows\System\bvpcURw.exe
  2⤵
  PID:1700
- C:\Windows\System\RELUZhU.exe
  C:\Windows\System\RELUZhU.exe
  2⤵
  PID:2020
- C:\Windows\System\iiwkzbF.exe
  C:\Windows\System\iiwkzbF.exe
  2⤵
  PID:1896
- C:\Windows\System\RbOuIlw.exe
  C:\Windows\System\RbOuIlw.exe
  2⤵
  PID:3044
- C:\Windows\System\fErhBTJ.exe
  C:\Windows\System\fErhBTJ.exe
  2⤵
  PID:1948
- C:\Windows\System\AcUPXfS.exe
  C:\Windows\System\AcUPXfS.exe
  2⤵
  PID:2044
- C:\Windows\System\unXGRly.exe
  C:\Windows\System\unXGRly.exe
  2⤵
  PID:2736
- C:\Windows\System\MBKflHC.exe
  C:\Windows\System\MBKflHC.exe
  2⤵
  PID:1052
- C:\Windows\System\QAiEgdB.exe
  C:\Windows\System\QAiEgdB.exe
  2⤵
  PID:1672
- C:\Windows\System\PdRCRyf.exe
  C:\Windows\System\PdRCRyf.exe
  2⤵
  PID:3152
- C:\Windows\System\ibSmlEA.exe
  C:\Windows\System\ibSmlEA.exe
  2⤵
  PID:3136
- C:\Windows\System\oLgSlIT.exe
  C:\Windows\System\oLgSlIT.exe
  2⤵
  PID:3224
- C:\Windows\System\OsFXSin.exe
  C:\Windows\System\OsFXSin.exe
  2⤵
  PID:3272
- C:\Windows\System\IgjMljT.exe
  C:\Windows\System\IgjMljT.exe
  2⤵
  PID:3308
- C:\Windows\System\NOcnzzP.exe
  C:\Windows\System\NOcnzzP.exe
  2⤵
  PID:3312
- C:\Windows\System\WeqqcHT.exe
  C:\Windows\System\WeqqcHT.exe
  2⤵
  PID:3340
- C:\Windows\System\mOqqfuw.exe
  C:\Windows\System\mOqqfuw.exe
  2⤵
  PID:3396
- C:\Windows\System\TAqORFY.exe
  C:\Windows\System\TAqORFY.exe
  2⤵
  PID:3380
- C:\Windows\System\uOISzVE.exe
  C:\Windows\System\uOISzVE.exe
  2⤵
  PID:3448
- C:\Windows\System\zasYkKy.exe
  C:\Windows\System\zasYkKy.exe
  2⤵
  PID:3520
- C:\Windows\System\nRtJuSd.exe
  C:\Windows\System\nRtJuSd.exe
  2⤵
  PID:3496
- C:\Windows\System\bNesSfc.exe
  C:\Windows\System\bNesSfc.exe
  2⤵
  PID:3536
- C:\Windows\System\kXLbJNZ.exe
  C:\Windows\System\kXLbJNZ.exe
  2⤵
  PID:3600
- C:\Windows\System\eFWzzFe.exe
  C:\Windows\System\eFWzzFe.exe
  2⤵
  PID:3612
- C:\Windows\System\crGzJgn.exe
  C:\Windows\System\crGzJgn.exe
  2⤵
  PID:3676
- C:\Windows\System\qKakzaR.exe
  C:\Windows\System\qKakzaR.exe
  2⤵
  PID:3712
- C:\Windows\System\EhsJyUe.exe
  C:\Windows\System\EhsJyUe.exe
  2⤵
  PID:3752
- C:\Windows\System\WqfVSxg.exe
  C:\Windows\System\WqfVSxg.exe
  2⤵
  PID:3732
- C:\Windows\System\TcEvzTl.exe
  C:\Windows\System\TcEvzTl.exe
  2⤵
  PID:3780
- C:\Windows\System\RFSDSpB.exe
  C:\Windows\System\RFSDSpB.exe
  2⤵
  PID:3812
- C:\Windows\System\aUcNQUW.exe
  C:\Windows\System\aUcNQUW.exe
  2⤵
  PID:3872
- C:\Windows\System\QSgZyhM.exe
  C:\Windows\System\QSgZyhM.exe
  2⤵
  PID:3908
- C:\Windows\System\zzMNgGA.exe
  C:\Windows\System\zzMNgGA.exe
  2⤵
  PID:3928
- C:\Windows\System\lXeFKpK.exe
  C:\Windows\System\lXeFKpK.exe
  2⤵
  PID:3992
- C:\Windows\System\FaXzqJM.exe
  C:\Windows\System\FaXzqJM.exe
  2⤵
  PID:4032
- C:\Windows\System\UIXxxzL.exe
  C:\Windows\System\UIXxxzL.exe
  2⤵
  PID:4040
- C:\Windows\System\lQpfZTO.exe
  C:\Windows\System\lQpfZTO.exe
  2⤵
  PID:4060
- C:\Windows\System\BITYrro.exe
  C:\Windows\System\BITYrro.exe
  2⤵
  PID:484
- C:\Windows\System\QjOOlEx.exe
  C:\Windows\System\QjOOlEx.exe
  2⤵
  PID:380
- C:\Windows\System\aAcgliT.exe
  C:\Windows\System\aAcgliT.exe
  2⤵
  PID:2228
- C:\Windows\System\rGdXcEw.exe
  C:\Windows\System\rGdXcEw.exe
  2⤵
  PID:2852
- C:\Windows\System\nVBzKjT.exe
  C:\Windows\System\nVBzKjT.exe
  2⤵
  PID:2676
- C:\Windows\System\ENifUKC.exe
  C:\Windows\System\ENifUKC.exe
  2⤵
  PID:2928
- C:\Windows\System\vezorMG.exe
  C:\Windows\System\vezorMG.exe
  2⤵
  PID:2472
- C:\Windows\System\pJlWjFb.exe
  C:\Windows\System\pJlWjFb.exe
  2⤵
  PID:2268
- C:\Windows\System\TeMCRMX.exe
  C:\Windows\System\TeMCRMX.exe
  2⤵
  PID:2916
- C:\Windows\System\zEsAGAM.exe
  C:\Windows\System\zEsAGAM.exe
  2⤵
  PID:3100
- C:\Windows\System\qqeheHr.exe
  C:\Windows\System\qqeheHr.exe
  2⤵
  PID:3232
- C:\Windows\System\eusmSXQ.exe
  C:\Windows\System\eusmSXQ.exe
  2⤵
  PID:3220
- C:\Windows\System\potUcrD.exe
  C:\Windows\System\potUcrD.exe
  2⤵
  PID:3296
- C:\Windows\System\KGiMpOv.exe
  C:\Windows\System\KGiMpOv.exe
  2⤵
  PID:3472
- C:\Windows\System\ojuZhWv.exe
  C:\Windows\System\ojuZhWv.exe
  2⤵
  PID:3336
- C:\Windows\System\IxkaGIM.exe
  C:\Windows\System\IxkaGIM.exe
  2⤵
  PID:3436
- C:\Windows\System\ZjRzKoT.exe
  C:\Windows\System\ZjRzKoT.exe
  2⤵
  PID:3516
- C:\Windows\System\GtrpUcb.exe
  C:\Windows\System\GtrpUcb.exe
  2⤵
  PID:3592
- C:\Windows\System\MKCyvge.exe
  C:\Windows\System\MKCyvge.exe
  2⤵
  PID:3636
- C:\Windows\System\pNdAOWT.exe
  C:\Windows\System\pNdAOWT.exe
  2⤵
  PID:3576
- C:\Windows\System\RKSAyVP.exe
  C:\Windows\System\RKSAyVP.exe
  2⤵
  PID:3820
- C:\Windows\System\TlXcxjh.exe
  C:\Windows\System\TlXcxjh.exe
  2⤵
  PID:3696
- C:\Windows\System\tqOmVMs.exe
  C:\Windows\System\tqOmVMs.exe
  2⤵
  PID:3852
- C:\Windows\System\RrxnWiC.exe
  C:\Windows\System\RrxnWiC.exe
  2⤵
  PID:3888
- C:\Windows\System\raKzMzw.exe
  C:\Windows\System\raKzMzw.exe
  2⤵
  PID:3996
- C:\Windows\System\aXzgQIc.exe
  C:\Windows\System\aXzgQIc.exe
  2⤵
  PID:4080
- C:\Windows\System\iPsClNA.exe
  C:\Windows\System\iPsClNA.exe
  2⤵
  PID:2844
- C:\Windows\System\WOMnJgw.exe
  C:\Windows\System\WOMnJgw.exe
  2⤵
  PID:2440
- C:\Windows\System\bIxZMek.exe
  C:\Windows\System\bIxZMek.exe
  2⤵
  PID:2272
- C:\Windows\System\OAtOMMw.exe
  C:\Windows\System\OAtOMMw.exe
  2⤵
  PID:1540
- C:\Windows\System\UbtUGso.exe
  C:\Windows\System\UbtUGso.exe
  2⤵
  PID:4108
- C:\Windows\System\uydzzOb.exe
  C:\Windows\System\uydzzOb.exe
  2⤵
  PID:4124
- C:\Windows\System\kCZunuh.exe
  C:\Windows\System\kCZunuh.exe
  2⤵
  PID:4140
- C:\Windows\System\KXDvrDe.exe
  C:\Windows\System\KXDvrDe.exe
  2⤵
  PID:4160
- C:\Windows\System\QrhKngl.exe
  C:\Windows\System\QrhKngl.exe
  2⤵
  PID:4192
- C:\Windows\System\IPLxBvV.exe
  C:\Windows\System\IPLxBvV.exe
  2⤵
  PID:4216
- C:\Windows\System\CYmIoYc.exe
  C:\Windows\System\CYmIoYc.exe
  2⤵
  PID:4236
- C:\Windows\System\nFSUHvH.exe
  C:\Windows\System\nFSUHvH.exe
  2⤵
  PID:4256
- C:\Windows\System\xqBQEVb.exe
  C:\Windows\System\xqBQEVb.exe
  2⤵
  PID:4272
- C:\Windows\System\lwlawux.exe
  C:\Windows\System\lwlawux.exe
  2⤵
  PID:4300
- C:\Windows\System\tDrQdFa.exe
  C:\Windows\System\tDrQdFa.exe
  2⤵
  PID:4316
- C:\Windows\System\OxLGRej.exe
  C:\Windows\System\OxLGRej.exe
  2⤵
  PID:4360
- C:\Windows\System\KogPaeX.exe
  C:\Windows\System\KogPaeX.exe
  2⤵
  PID:4384
- C:\Windows\System\bMKlwJG.exe
  C:\Windows\System\bMKlwJG.exe
  2⤵
  PID:4404
- C:\Windows\System\AHSqyRs.exe
  C:\Windows\System\AHSqyRs.exe
  2⤵
  PID:4420
- C:\Windows\System\YixEdKi.exe
  C:\Windows\System\YixEdKi.exe
  2⤵
  PID:4444
- C:\Windows\System\DQWxpLr.exe
  C:\Windows\System\DQWxpLr.exe
  2⤵
  PID:4468
- C:\Windows\System\vIHtVXK.exe
  C:\Windows\System\vIHtVXK.exe
  2⤵
  PID:4484
- C:\Windows\System\qnpYrSm.exe
  C:\Windows\System\qnpYrSm.exe
  2⤵
  PID:4504
- C:\Windows\System\SPbawPb.exe
  C:\Windows\System\SPbawPb.exe
  2⤵
  PID:4524
- C:\Windows\System\BhSAjYN.exe
  C:\Windows\System\BhSAjYN.exe
  2⤵
  PID:4540
- C:\Windows\System\JsfHlBY.exe
  C:\Windows\System\JsfHlBY.exe
  2⤵
  PID:4556
- C:\Windows\System\hNOmVVj.exe
  C:\Windows\System\hNOmVVj.exe
  2⤵
  PID:4576
- C:\Windows\System\lWpoyPd.exe
  C:\Windows\System\lWpoyPd.exe
  2⤵
  PID:4592
- C:\Windows\System\OuWcISk.exe
  C:\Windows\System\OuWcISk.exe
  2⤵
  PID:4612
- C:\Windows\System\LZgkpEt.exe
  C:\Windows\System\LZgkpEt.exe
  2⤵
  PID:4632
- C:\Windows\System\udYRdEM.exe
  C:\Windows\System\udYRdEM.exe
  2⤵
  PID:4648
- C:\Windows\System\pAYavoO.exe
  C:\Windows\System\pAYavoO.exe
  2⤵
  PID:4688
- C:\Windows\System\WNvtwWi.exe
  C:\Windows\System\WNvtwWi.exe
  2⤵
  PID:4708
- C:\Windows\System\oNBynvb.exe
  C:\Windows\System\oNBynvb.exe
  2⤵
  PID:4724
- C:\Windows\System\HDlLLpx.exe
  C:\Windows\System\HDlLLpx.exe
  2⤵
  PID:4744
- C:\Windows\System\TzznGyS.exe
  C:\Windows\System\TzznGyS.exe
  2⤵
  PID:4764
- C:\Windows\System\vGOjgYL.exe
  C:\Windows\System\vGOjgYL.exe
  2⤵
  PID:4780
- C:\Windows\System\KPOvWMf.exe
  C:\Windows\System\KPOvWMf.exe
  2⤵
  PID:4796
- C:\Windows\System\kDczzYc.exe
  C:\Windows\System\kDczzYc.exe
  2⤵
  PID:4820
- C:\Windows\System\xFPdZFv.exe
  C:\Windows\System\xFPdZFv.exe
  2⤵
  PID:4836
- C:\Windows\System\fJUXxqI.exe
  C:\Windows\System\fJUXxqI.exe
  2⤵
  PID:4856
- C:\Windows\System\fyKsGRE.exe
  C:\Windows\System\fyKsGRE.exe
  2⤵
  PID:4872
- C:\Windows\System\IthYQfI.exe
  C:\Windows\System\IthYQfI.exe
  2⤵
  PID:4892
- C:\Windows\System\tXmJbPO.exe
  C:\Windows\System\tXmJbPO.exe
  2⤵
  PID:4908
- C:\Windows\System\ldPzhsF.exe
  C:\Windows\System\ldPzhsF.exe
  2⤵
  PID:4928
- C:\Windows\System\kNjmmYX.exe
  C:\Windows\System\kNjmmYX.exe
  2⤵
  PID:4960
- C:\Windows\System\aAmsruo.exe
  C:\Windows\System\aAmsruo.exe
  2⤵
  PID:4980
- C:\Windows\System\PjCeMgc.exe
  C:\Windows\System\PjCeMgc.exe
  2⤵
  PID:5004
- C:\Windows\System\lUDtfXu.exe
  C:\Windows\System\lUDtfXu.exe
  2⤵
  PID:5020
- C:\Windows\System\BzCkCea.exe
  C:\Windows\System\BzCkCea.exe
  2⤵
  PID:5048
- C:\Windows\System\rZZcavd.exe
  C:\Windows\System\rZZcavd.exe
  2⤵
  PID:5064
- C:\Windows\System\xSNAxKg.exe
  C:\Windows\System\xSNAxKg.exe
  2⤵
  PID:5088
- C:\Windows\System\DOkiAKB.exe
  C:\Windows\System\DOkiAKB.exe
  2⤵
  PID:5108
- C:\Windows\System\UgxZwzJ.exe
  C:\Windows\System\UgxZwzJ.exe
  2⤵
  PID:2996
- C:\Windows\System\jHbSTmq.exe
  C:\Windows\System\jHbSTmq.exe
  2⤵
  PID:3208
- C:\Windows\System\wLnJgBO.exe
  C:\Windows\System\wLnJgBO.exe
  2⤵
  PID:3416
- C:\Windows\System\EEPFMuj.exe
  C:\Windows\System\EEPFMuj.exe
  2⤵
  PID:3588
- C:\Windows\System\ikGYWBN.exe
  C:\Windows\System\ikGYWBN.exe
  2⤵
  PID:3700
- C:\Windows\System\ixqKTRd.exe
  C:\Windows\System\ixqKTRd.exe
  2⤵
  PID:4076
- C:\Windows\System\agQaBkx.exe
  C:\Windows\System\agQaBkx.exe
  2⤵
  PID:4056
- C:\Windows\System\LmcQdlj.exe
  C:\Windows\System\LmcQdlj.exe
  2⤵
  PID:1992
- C:\Windows\System\GqOAVWJ.exe
  C:\Windows\System\GqOAVWJ.exe
  2⤵
  PID:2328
- C:\Windows\System\lNtSBvW.exe
  C:\Windows\System\lNtSBvW.exe
  2⤵
  PID:4116
- C:\Windows\System\AHGYTOL.exe
  C:\Windows\System\AHGYTOL.exe
  2⤵
  PID:4200
- C:\Windows\System\HnZBSfK.exe
  C:\Windows\System\HnZBSfK.exe
  2⤵
  PID:3292
- C:\Windows\System\lnvynNW.exe
  C:\Windows\System\lnvynNW.exe
  2⤵
  PID:3252
- C:\Windows\System\auZPeWg.exe
  C:\Windows\System\auZPeWg.exe
  2⤵
  PID:3460
- C:\Windows\System\Fczvnnu.exe
  C:\Windows\System\Fczvnnu.exe
  2⤵
  PID:3672
- C:\Windows\System\vyQievB.exe
  C:\Windows\System\vyQievB.exe
  2⤵
  PID:3796
- C:\Windows\System\pFwrkkk.exe
  C:\Windows\System\pFwrkkk.exe
  2⤵
  PID:4296
- C:\Windows\System\HfmkcWm.exe
  C:\Windows\System\HfmkcWm.exe
  2⤵
  PID:4188
- C:\Windows\System\cbxiVbd.exe
  C:\Windows\System\cbxiVbd.exe
  2⤵
  PID:4268
- C:\Windows\System\tuSdpfp.exe
  C:\Windows\System\tuSdpfp.exe
  2⤵
  PID:4344
- C:\Windows\System\gNxKPCH.exe
  C:\Windows\System\gNxKPCH.exe
  2⤵
  PID:4400
- C:\Windows\System\phioSVB.exe
  C:\Windows\System\phioSVB.exe
  2⤵
  PID:4476
- C:\Windows\System\QUOlHiU.exe
  C:\Windows\System\QUOlHiU.exe
  2⤵
  PID:3892
- C:\Windows\System\lczBlCt.exe
  C:\Windows\System\lczBlCt.exe
  2⤵
  PID:4136
- C:\Windows\System\NywDZdU.exe
  C:\Windows\System\NywDZdU.exe
  2⤵
  PID:4312
- C:\Windows\System\pVeYXIi.exe
  C:\Windows\System\pVeYXIi.exe
  2⤵
  PID:4452
- C:\Windows\System\kwFjvTb.exe
  C:\Windows\System\kwFjvTb.exe
  2⤵
  PID:4460
- C:\Windows\System\DjkKyrW.exe
  C:\Windows\System\DjkKyrW.exe
  2⤵
  PID:4516
- C:\Windows\System\kkxdeRP.exe
  C:\Windows\System\kkxdeRP.exe
  2⤵
  PID:4620
- C:\Windows\System\neTnSEE.exe
  C:\Windows\System\neTnSEE.exe
  2⤵
  PID:4664
- C:\Windows\System\xSiNbfG.exe
  C:\Windows\System\xSiNbfG.exe
  2⤵
  PID:4608
- C:\Windows\System\bdExcVn.exe
  C:\Windows\System\bdExcVn.exe
  2⤵
  PID:4568
- C:\Windows\System\JQrDLrr.exe
  C:\Windows\System\JQrDLrr.exe
  2⤵
  PID:4644
- C:\Windows\System\czjLWaX.exe
  C:\Windows\System\czjLWaX.exe
  2⤵
  PID:4716
- C:\Windows\System\dAwHpIp.exe
  C:\Windows\System\dAwHpIp.exe
  2⤵
  PID:4760
- C:\Windows\System\qZpPumI.exe
  C:\Windows\System\qZpPumI.exe
  2⤵
  PID:4864
- C:\Windows\System\SUTLWrf.exe
  C:\Windows\System\SUTLWrf.exe
  2⤵
  PID:4696
- C:\Windows\System\oZAGaZh.exe
  C:\Windows\System\oZAGaZh.exe
  2⤵
  PID:4812
- C:\Windows\System\AOmCjim.exe
  C:\Windows\System\AOmCjim.exe
  2⤵
  PID:4884
- C:\Windows\System\CJeEbly.exe
  C:\Windows\System\CJeEbly.exe
  2⤵
  PID:4948
- C:\Windows\System\UPPOBwW.exe
  C:\Windows\System\UPPOBwW.exe
  2⤵
  PID:4776
- C:\Windows\System\iDeTZgK.exe
  C:\Windows\System\iDeTZgK.exe
  2⤵
  PID:4996
- C:\Windows\System\iJuJJuZ.exe
  C:\Windows\System\iJuJJuZ.exe
  2⤵
  PID:5044
- C:\Windows\System\llbuJZx.exe
  C:\Windows\System\llbuJZx.exe
  2⤵
  PID:4808
- C:\Windows\System\YNzrXfx.exe
  C:\Windows\System\YNzrXfx.exe
  2⤵
  PID:5072
- C:\Windows\System\nmKCTZP.exe
  C:\Windows\System\nmKCTZP.exe
  2⤵
  PID:4972
- C:\Windows\System\nnCyLhD.exe
  C:\Windows\System\nnCyLhD.exe
  2⤵
  PID:448
- C:\Windows\System\ZCVAsyK.exe
  C:\Windows\System\ZCVAsyK.exe
  2⤵
  PID:3816
- C:\Windows\System\UKctXHx.exe
  C:\Windows\System\UKctXHx.exe
  2⤵
  PID:2752
- C:\Windows\System\zetRNCm.exe
  C:\Windows\System\zetRNCm.exe
  2⤵
  PID:3420
- C:\Windows\System\HoSpAMJ.exe
  C:\Windows\System\HoSpAMJ.exe
  2⤵
  PID:3188
- C:\Windows\System\wOiwvQO.exe
  C:\Windows\System\wOiwvQO.exe
  2⤵
  PID:4156
- C:\Windows\System\DewsgTr.exe
  C:\Windows\System\DewsgTr.exe
  2⤵
  PID:2416
- C:\Windows\System\iGUetyO.exe
  C:\Windows\System\iGUetyO.exe
  2⤵
  PID:4212
- C:\Windows\System\dUeybFM.exe
  C:\Windows\System\dUeybFM.exe
  2⤵
  PID:4232
- C:\Windows\System\nGqmQVK.exe
  C:\Windows\System\nGqmQVK.exe
  2⤵
  PID:3856
- C:\Windows\System\Bdjjcfk.exe
  C:\Windows\System\Bdjjcfk.exe
  2⤵
  PID:3776
- C:\Windows\System\zFoJXdo.exe
  C:\Windows\System\zFoJXdo.exe
  2⤵
  PID:4180
- C:\Windows\System\TqHdhqh.exe
  C:\Windows\System\TqHdhqh.exe
  2⤵
  PID:4336
- C:\Windows\System\tgaGvWe.exe
  C:\Windows\System\tgaGvWe.exe
  2⤵
  PID:4100
- C:\Windows\System\XSnRyCu.exe
  C:\Windows\System\XSnRyCu.exe
  2⤵
  PID:4176
- C:\Windows\System\CLonwRI.exe
  C:\Windows\System\CLonwRI.exe
  2⤵
  PID:4588
- C:\Windows\System\TJoXDUH.exe
  C:\Windows\System\TJoXDUH.exe
  2⤵
  PID:4536
- C:\Windows\System\SdKHLqB.exe
  C:\Windows\System\SdKHLqB.exe
  2⤵
  PID:4380
- C:\Windows\System\ogkyODi.exe
  C:\Windows\System\ogkyODi.exe
  2⤵
  PID:4656
- C:\Windows\System\VFJKqMM.exe
  C:\Windows\System\VFJKqMM.exe
  2⤵
  PID:4600
- C:\Windows\System\sWGDLVO.exe
  C:\Windows\System\sWGDLVO.exe
  2⤵
  PID:4792
- C:\Windows\System\BXLxQXh.exe
  C:\Windows\System\BXLxQXh.exe
  2⤵
  PID:4920
- C:\Windows\System\mgjrwRu.exe
  C:\Windows\System\mgjrwRu.exe
  2⤵
  PID:4976
- C:\Windows\System\sRnIzDE.exe
  C:\Windows\System\sRnIzDE.exe
  2⤵
  PID:4944
- C:\Windows\System\JgtAKyv.exe
  C:\Windows\System\JgtAKyv.exe
  2⤵
  PID:5056
- C:\Windows\System\AQdZSsF.exe
  C:\Windows\System\AQdZSsF.exe
  2⤵
  PID:5076
- C:\Windows\System\fWCwopw.exe
  C:\Windows\System\fWCwopw.exe
  2⤵
  PID:4992
- C:\Windows\System\bflSTvu.exe
  C:\Windows\System\bflSTvu.exe
  2⤵
  PID:5016
- C:\Windows\System\joLONeL.exe
  C:\Windows\System\joLONeL.exe
  2⤵
  PID:5100
- C:\Windows\System\lIplrgF.exe
  C:\Windows\System\lIplrgF.exe
  2⤵
  PID:4020
- C:\Windows\System\jrHJOCT.exe
  C:\Windows\System\jrHJOCT.exe
  2⤵
  PID:3084
- C:\Windows\System\qsTPYVB.exe
  C:\Windows\System\qsTPYVB.exe
  2⤵
  PID:4284
- C:\Windows\System\ncktKRN.exe
  C:\Windows\System\ncktKRN.exe
  2⤵
  PID:3356
- C:\Windows\System\YQbfDcx.exe
  C:\Windows\System\YQbfDcx.exe
  2⤵
  PID:4356
- C:\Windows\System\qodQQgm.exe
  C:\Windows\System\qodQQgm.exe
  2⤵
  PID:4172
- C:\Windows\System\VjUmqKp.exe
  C:\Windows\System\VjUmqKp.exe
  2⤵
  PID:4432
- C:\Windows\System\fotzOVN.exe
  C:\Windows\System\fotzOVN.exe
  2⤵
  PID:4500
- C:\Windows\System\YJtbZNk.exe
  C:\Windows\System\YJtbZNk.exe
  2⤵
  PID:5140
- C:\Windows\System\jlLmiCH.exe
  C:\Windows\System\jlLmiCH.exe
  2⤵
  PID:5160
- C:\Windows\System\CZsRjly.exe
  C:\Windows\System\CZsRjly.exe
  2⤵
  PID:5180
- C:\Windows\System\oLyCLiP.exe
  C:\Windows\System\oLyCLiP.exe
  2⤵
  PID:5200
- C:\Windows\System\dxFSXzI.exe
  C:\Windows\System\dxFSXzI.exe
  2⤵
  PID:5220
- C:\Windows\System\OMFCJKf.exe
  C:\Windows\System\OMFCJKf.exe
  2⤵
  PID:5240
- C:\Windows\System\RFWXNTN.exe
  C:\Windows\System\RFWXNTN.exe
  2⤵
  PID:5260
- C:\Windows\System\EMMpQSA.exe
  C:\Windows\System\EMMpQSA.exe
  2⤵
  PID:5280
- C:\Windows\System\CmSSVgm.exe
  C:\Windows\System\CmSSVgm.exe
  2⤵
  PID:5296
- C:\Windows\System\XSNfxpW.exe
  C:\Windows\System\XSNfxpW.exe
  2⤵
  PID:5320
- C:\Windows\System\mivuFRl.exe
  C:\Windows\System\mivuFRl.exe
  2⤵
  PID:5340
- C:\Windows\System\QYomLFo.exe
  C:\Windows\System\QYomLFo.exe
  2⤵
  PID:5356
- C:\Windows\System\JBeucrQ.exe
  C:\Windows\System\JBeucrQ.exe
  2⤵
  PID:5372
- C:\Windows\System\oNBqUBI.exe
  C:\Windows\System\oNBqUBI.exe
  2⤵
  PID:5396
- C:\Windows\System\BzGGdTG.exe
  C:\Windows\System\BzGGdTG.exe
  2⤵
  PID:5416
- C:\Windows\System\plMhaTz.exe
  C:\Windows\System\plMhaTz.exe
  2⤵
  PID:5444
- C:\Windows\System\PPBgsSo.exe
  C:\Windows\System\PPBgsSo.exe
  2⤵
  PID:5464
- C:\Windows\System\mmACZYZ.exe
  C:\Windows\System\mmACZYZ.exe
  2⤵
  PID:5480
- C:\Windows\System\VNBIFtU.exe
  C:\Windows\System\VNBIFtU.exe
  2⤵
  PID:5500
- C:\Windows\System\OYfcsnN.exe
  C:\Windows\System\OYfcsnN.exe
  2⤵
  PID:5524
- C:\Windows\System\xyuHPnz.exe
  C:\Windows\System\xyuHPnz.exe
  2⤵
  PID:5544
- C:\Windows\System\TlTKRGD.exe
  C:\Windows\System\TlTKRGD.exe
  2⤵
  PID:5560
- C:\Windows\System\JkHgtgV.exe
  C:\Windows\System\JkHgtgV.exe
  2⤵
  PID:5580
- C:\Windows\System\zOaGyQx.exe
  C:\Windows\System\zOaGyQx.exe
  2⤵
  PID:5604
- C:\Windows\System\WCqFxDz.exe
  C:\Windows\System\WCqFxDz.exe
  2⤵
  PID:5620
- C:\Windows\System\EhocxBo.exe
  C:\Windows\System\EhocxBo.exe
  2⤵
  PID:5640
- C:\Windows\System\grpGezy.exe
  C:\Windows\System\grpGezy.exe
  2⤵
  PID:5656
- C:\Windows\System\XmZadgF.exe
  C:\Windows\System\XmZadgF.exe
  2⤵
  PID:5676
- C:\Windows\System\itVupgj.exe
  C:\Windows\System\itVupgj.exe
  2⤵
  PID:5700
- C:\Windows\System\TxUxjpU.exe
  C:\Windows\System\TxUxjpU.exe
  2⤵
  PID:5720
- C:\Windows\System\lbDXXdL.exe
  C:\Windows\System\lbDXXdL.exe
  2⤵
  PID:5744
- C:\Windows\System\TfzavuP.exe
  C:\Windows\System\TfzavuP.exe
  2⤵
  PID:5764
- C:\Windows\System\DPKaRVb.exe
  C:\Windows\System\DPKaRVb.exe
  2⤵
  PID:5780
- C:\Windows\System\NYKIQdQ.exe
  C:\Windows\System\NYKIQdQ.exe
  2⤵
  PID:5800
- C:\Windows\System\RLNOubj.exe
  C:\Windows\System\RLNOubj.exe
  2⤵
  PID:5824
- C:\Windows\System\kAifoHR.exe
  C:\Windows\System\kAifoHR.exe
  2⤵
  PID:5840
- C:\Windows\System\vaexgzh.exe
  C:\Windows\System\vaexgzh.exe
  2⤵
  PID:5856
- C:\Windows\System\axtzuQB.exe
  C:\Windows\System\axtzuQB.exe
  2⤵
  PID:5872
- C:\Windows\System\whBqQte.exe
  C:\Windows\System\whBqQte.exe
  2⤵
  PID:5896
- C:\Windows\System\ZHeymnV.exe
  C:\Windows\System\ZHeymnV.exe
  2⤵
  PID:5916
- C:\Windows\System\irvCOgG.exe
  C:\Windows\System\irvCOgG.exe
  2⤵
  PID:5932
- C:\Windows\System\EYdZIiw.exe
  C:\Windows\System\EYdZIiw.exe
  2⤵
  PID:5952
- C:\Windows\System\GphbkJK.exe
  C:\Windows\System\GphbkJK.exe
  2⤵
  PID:5980
- C:\Windows\System\pWcKhCM.exe
  C:\Windows\System\pWcKhCM.exe
  2⤵
  PID:6004
- C:\Windows\System\cBMyomc.exe
  C:\Windows\System\cBMyomc.exe
  2⤵
  PID:6020
- C:\Windows\System\CJtQWTf.exe
  C:\Windows\System\CJtQWTf.exe
  2⤵
  PID:6040
- C:\Windows\System\VhowyDA.exe
  C:\Windows\System\VhowyDA.exe
  2⤵
  PID:6060
- C:\Windows\System\EGrKlzO.exe
  C:\Windows\System\EGrKlzO.exe
  2⤵
  PID:6080
- C:\Windows\System\MvUqwry.exe
  C:\Windows\System\MvUqwry.exe
  2⤵
  PID:6100
- C:\Windows\System\hQEuExo.exe
  C:\Windows\System\hQEuExo.exe
  2⤵
  PID:6116
- C:\Windows\System\TRSdvjC.exe
  C:\Windows\System\TRSdvjC.exe
  2⤵
  PID:6136
- C:\Windows\System\DkqmdMb.exe
  C:\Windows\System\DkqmdMb.exe
  2⤵
  PID:4464
- C:\Windows\System\ppDRlzU.exe
  C:\Windows\System\ppDRlzU.exe
  2⤵
  PID:4756
- C:\Windows\System\qPXcVvz.exe
  C:\Windows\System\qPXcVvz.exe
  2⤵
  PID:4492
- C:\Windows\System\wnBFynR.exe
  C:\Windows\System\wnBFynR.exe
  2⤵
  PID:2216
- C:\Windows\System\zFDZOob.exe
  C:\Windows\System\zFDZOob.exe
  2⤵
  PID:5012
- C:\Windows\System\gkmOjvo.exe
  C:\Windows\System\gkmOjvo.exe
  2⤵
  PID:4936
- C:\Windows\System\kGngdrB.exe
  C:\Windows\System\kGngdrB.exe
  2⤵
  PID:3940
- C:\Windows\System\DLgEUGd.exe
  C:\Windows\System\DLgEUGd.exe
  2⤵
  PID:2516
- C:\Windows\System\cGWeHpP.exe
  C:\Windows\System\cGWeHpP.exe
  2⤵
  PID:4916
- C:\Windows\System\JpOklkn.exe
  C:\Windows\System\JpOklkn.exe
  2⤵
  PID:3692
- C:\Windows\System\YspasfZ.exe
  C:\Windows\System\YspasfZ.exe
  2⤵
  PID:3640
- C:\Windows\System\XpdMlrn.exe
  C:\Windows\System\XpdMlrn.exe
  2⤵
  PID:4440
- C:\Windows\System\HGrqeKd.exe
  C:\Windows\System\HGrqeKd.exe
  2⤵
  PID:4104
- C:\Windows\System\bsamEBc.exe
  C:\Windows\System\bsamEBc.exe
  2⤵
  PID:5152
- C:\Windows\System\tRpuCPF.exe
  C:\Windows\System\tRpuCPF.exe
  2⤵
  PID:5136
- C:\Windows\System\PnXwrjf.exe
  C:\Windows\System\PnXwrjf.exe
  2⤵
  PID:5216
- C:\Windows\System\uUibpjZ.exe
  C:\Windows\System\uUibpjZ.exe
  2⤵
  PID:5232
- C:\Windows\System\jxjXFNe.exe
  C:\Windows\System\jxjXFNe.exe
  2⤵
  PID:5276
- C:\Windows\System\pPAKwvi.exe
  C:\Windows\System\pPAKwvi.exe
  2⤵
  PID:5288
- C:\Windows\System\TMemhPK.exe
  C:\Windows\System\TMemhPK.exe
  2⤵
  PID:5332
- C:\Windows\System\IxidbNt.exe
  C:\Windows\System\IxidbNt.exe
  2⤵
  PID:5384
- C:\Windows\System\RPqcUXu.exe
  C:\Windows\System\RPqcUXu.exe
  2⤵
  PID:5368
- C:\Windows\System\CAkeyyz.exe
  C:\Windows\System\CAkeyyz.exe
  2⤵
  PID:2424
- C:\Windows\System\enZjvxZ.exe
  C:\Windows\System\enZjvxZ.exe
  2⤵
  PID:5452
- C:\Windows\System\fdlLsTs.exe
  C:\Windows\System\fdlLsTs.exe
  2⤵
  PID:5512
- C:\Windows\System\vrchNSs.exe
  C:\Windows\System\vrchNSs.exe
  2⤵
  PID:5492
- C:\Windows\System\siZjYqR.exe
  C:\Windows\System\siZjYqR.exe
  2⤵
  PID:5556
- C:\Windows\System\xRAFlIb.exe
  C:\Windows\System\xRAFlIb.exe
  2⤵
  PID:5592
- C:\Windows\System\CvapiRx.exe
  C:\Windows\System\CvapiRx.exe
  2⤵
  PID:5568
- C:\Windows\System\qRAjBZH.exe
  C:\Windows\System\qRAjBZH.exe
  2⤵
  PID:5668
- C:\Windows\System\JTZcgDk.exe
  C:\Windows\System\JTZcgDk.exe
  2⤵
  PID:5612
- C:\Windows\System\XRrPcfe.exe
  C:\Windows\System\XRrPcfe.exe
  2⤵
  PID:5692
- C:\Windows\System\YNcqDrK.exe
  C:\Windows\System\YNcqDrK.exe
  2⤵
  PID:5796
- C:\Windows\System\rveVYLZ.exe
  C:\Windows\System\rveVYLZ.exe
  2⤵
  PID:5732
- C:\Windows\System\igefcfQ.exe
  C:\Windows\System\igefcfQ.exe
  2⤵
  PID:2464
- C:\Windows\System\zzdpbFS.exe
  C:\Windows\System\zzdpbFS.exe
  2⤵
  PID:5908
- C:\Windows\System\qrJYvnE.exe
  C:\Windows\System\qrJYvnE.exe
  2⤵
  PID:5816
- C:\Windows\System\sjOxUEu.exe
  C:\Windows\System\sjOxUEu.exe
  2⤵
  PID:5948
- C:\Windows\System\OXykzSi.exe
  C:\Windows\System\OXykzSi.exe
  2⤵
  PID:5852
- C:\Windows\System\CIPQHzQ.exe
  C:\Windows\System\CIPQHzQ.exe
  2⤵
  PID:5964
- C:\Windows\System\SPlAMzq.exe
  C:\Windows\System\SPlAMzq.exe
  2⤵
  PID:6032
- C:\Windows\System\mPYugcy.exe
  C:\Windows\System\mPYugcy.exe
  2⤵
  PID:6112
- C:\Windows\System\AKrTmda.exe
  C:\Windows\System\AKrTmda.exe
  2⤵
  PID:4552
- C:\Windows\System\uasRfgx.exe
  C:\Windows\System\uasRfgx.exe
  2⤵
  PID:6128
- C:\Windows\System\PTCiZON.exe
  C:\Windows\System\PTCiZON.exe
  2⤵
  PID:2816
- C:\Windows\System\sxhGyhx.exe
  C:\Windows\System\sxhGyhx.exe
  2⤵
  PID:6096
- C:\Windows\System\rsgzhIn.exe
  C:\Windows\System\rsgzhIn.exe
  2⤵
  PID:4852
- C:\Windows\System\tpAQpzU.exe
  C:\Windows\System\tpAQpzU.exe
  2⤵
  PID:4148
- C:\Windows\System\POynyuH.exe
  C:\Windows\System\POynyuH.exe
  2⤵
  PID:1536
- C:\Windows\System\flWjySS.exe
  C:\Windows\System\flWjySS.exe
  2⤵
  PID:2348
- C:\Windows\System\dixEPni.exe
  C:\Windows\System\dixEPni.exe
  2⤵
  PID:4736
- C:\Windows\System\dbPfqlO.exe
  C:\Windows\System\dbPfqlO.exe
  2⤵
  PID:4328
- C:\Windows\System\wnfBVja.exe
  C:\Windows\System\wnfBVja.exe
  2⤵
  PID:4352
- C:\Windows\System\IQeikUa.exe
  C:\Windows\System\IQeikUa.exe
  2⤵
  PID:5132
- C:\Windows\System\JhXlnfA.exe
  C:\Windows\System\JhXlnfA.exe
  2⤵
  PID:5236
- C:\Windows\System\LIkAApR.exe
  C:\Windows\System\LIkAApR.exe
  2⤵
  PID:5304
- C:\Windows\System\ReUBdtL.exe
  C:\Windows\System\ReUBdtL.exe
  2⤵
  PID:5348
- C:\Windows\System\lBmOdUM.exe
  C:\Windows\System\lBmOdUM.exe
  2⤵
  PID:5404
- C:\Windows\System\YXFwiRx.exe
  C:\Windows\System\YXFwiRx.exe
  2⤵
  PID:5408
- C:\Windows\System\ZZqfPOC.exe
  C:\Windows\System\ZZqfPOC.exe
  2⤵
  PID:5432
- C:\Windows\System\WOWmXEa.exe
  C:\Windows\System\WOWmXEa.exe
  2⤵
  PID:5496
- C:\Windows\System\vngFTNA.exe
  C:\Windows\System\vngFTNA.exe
  2⤵
  PID:5628
- C:\Windows\System\QWpYQGV.exe
  C:\Windows\System\QWpYQGV.exe
  2⤵
  PID:5572
- C:\Windows\System\giIzxjM.exe
  C:\Windows\System\giIzxjM.exe
  2⤵
  PID:5712
- C:\Windows\System\QSovYMN.exe
  C:\Windows\System\QSovYMN.exe
  2⤵
  PID:5788
- C:\Windows\System\VYFyIye.exe
  C:\Windows\System\VYFyIye.exe
  2⤵
  PID:5736
- C:\Windows\System\SwPHhzC.exe
  C:\Windows\System\SwPHhzC.exe
  2⤵
  PID:5912
- C:\Windows\System\IWVsLVZ.exe
  C:\Windows\System\IWVsLVZ.exe
  2⤵
  PID:5924
- C:\Windows\System\gzkXGpu.exe
  C:\Windows\System\gzkXGpu.exe
  2⤵
  PID:5884
- C:\Windows\System\tyqhGVf.exe
  C:\Windows\System\tyqhGVf.exe
  2⤵
  PID:6028
- C:\Windows\System\YzCCrqK.exe
  C:\Windows\System\YzCCrqK.exe
  2⤵
  PID:6072
- C:\Windows\System\yamDAKa.exe
  C:\Windows\System\yamDAKa.exe
  2⤵
  PID:4496
- C:\Windows\System\kKjydYS.exe
  C:\Windows\System\kKjydYS.exe
  2⤵
  PID:6056
- C:\Windows\System\FUFkImP.exe
  C:\Windows\System\FUFkImP.exe
  2⤵
  PID:6152
- C:\Windows\System\DtvbWVX.exe
  C:\Windows\System\DtvbWVX.exe
  2⤵
  PID:6172
- C:\Windows\System\riTyhpW.exe
  C:\Windows\System\riTyhpW.exe
  2⤵
  PID:6192
- C:\Windows\System\wIkGaKd.exe
  C:\Windows\System\wIkGaKd.exe
  2⤵
  PID:6212
- C:\Windows\System\MpdTLMT.exe
  C:\Windows\System\MpdTLMT.exe
  2⤵
  PID:6232
- C:\Windows\System\Syvhwgx.exe
  C:\Windows\System\Syvhwgx.exe
  2⤵
  PID:6252
- C:\Windows\System\expgqAd.exe
  C:\Windows\System\expgqAd.exe
  2⤵
  PID:6272
- C:\Windows\System\oEHzAsd.exe
  C:\Windows\System\oEHzAsd.exe
  2⤵
  PID:6292
- C:\Windows\System\gDpPBgr.exe
  C:\Windows\System\gDpPBgr.exe
  2⤵
  PID:6312
- C:\Windows\System\sSewmpZ.exe
  C:\Windows\System\sSewmpZ.exe
  2⤵
  PID:6332
- C:\Windows\System\tCCRRLt.exe
  C:\Windows\System\tCCRRLt.exe
  2⤵
  PID:6352
- C:\Windows\System\NWSDOeS.exe
  C:\Windows\System\NWSDOeS.exe
  2⤵
  PID:6372
- C:\Windows\System\WXgYZUm.exe
  C:\Windows\System\WXgYZUm.exe
  2⤵
  PID:6392
- C:\Windows\System\cTIUTvH.exe
  C:\Windows\System\cTIUTvH.exe
  2⤵
  PID:6412
- C:\Windows\System\QZpioAi.exe
  C:\Windows\System\QZpioAi.exe
  2⤵
  PID:6432
- C:\Windows\System\WgvUKnG.exe
  C:\Windows\System\WgvUKnG.exe
  2⤵
  PID:6452
- C:\Windows\System\HfbRwCt.exe
  C:\Windows\System\HfbRwCt.exe
  2⤵
  PID:6472
- C:\Windows\System\SgHSUBe.exe
  C:\Windows\System\SgHSUBe.exe
  2⤵
  PID:6492
- C:\Windows\System\JZTnnyG.exe
  C:\Windows\System\JZTnnyG.exe
  2⤵
  PID:6512
- C:\Windows\System\cmealyz.exe
  C:\Windows\System\cmealyz.exe
  2⤵
  PID:6532
- C:\Windows\System\SvhTNfj.exe
  C:\Windows\System\SvhTNfj.exe
  2⤵
  PID:6552
- C:\Windows\System\bSKilye.exe
  C:\Windows\System\bSKilye.exe
  2⤵
  PID:6572
- C:\Windows\System\ufYYKUN.exe
  C:\Windows\System\ufYYKUN.exe
  2⤵
  PID:6592
- C:\Windows\System\FEqbbBR.exe
  C:\Windows\System\FEqbbBR.exe
  2⤵
  PID:6612
- C:\Windows\System\dxmDiTG.exe
  C:\Windows\System\dxmDiTG.exe
  2⤵
  PID:6632
- C:\Windows\System\HcvyOSt.exe
  C:\Windows\System\HcvyOSt.exe
  2⤵
  PID:6652
- C:\Windows\System\RqzFCTO.exe
  C:\Windows\System\RqzFCTO.exe
  2⤵
  PID:6672
- C:\Windows\System\xGBQfqk.exe
  C:\Windows\System\xGBQfqk.exe
  2⤵
  PID:6692
- C:\Windows\System\zhRHTPJ.exe
  C:\Windows\System\zhRHTPJ.exe
  2⤵
  PID:6712
- C:\Windows\System\YDwEbJy.exe
  C:\Windows\System\YDwEbJy.exe
  2⤵
  PID:6732
- C:\Windows\System\opOEBzD.exe
  C:\Windows\System\opOEBzD.exe
  2⤵
  PID:6752
- C:\Windows\System\sDhDZEs.exe
  C:\Windows\System\sDhDZEs.exe
  2⤵
  PID:6772
- C:\Windows\System\RXDLErL.exe
  C:\Windows\System\RXDLErL.exe
  2⤵
  PID:6792
- C:\Windows\System\BmQKwgw.exe
  C:\Windows\System\BmQKwgw.exe
  2⤵
  PID:6812
- C:\Windows\System\KRiKEAS.exe
  C:\Windows\System\KRiKEAS.exe
  2⤵
  PID:6836
- C:\Windows\System\BcUWVhb.exe
  C:\Windows\System\BcUWVhb.exe
  2⤵
  PID:6856
- C:\Windows\System\lEVfOLz.exe
  C:\Windows\System\lEVfOLz.exe
  2⤵
  PID:6876
- C:\Windows\System\cDKajXZ.exe
  C:\Windows\System\cDKajXZ.exe
  2⤵
  PID:6896
- C:\Windows\System\CzRTQJG.exe
  C:\Windows\System\CzRTQJG.exe
  2⤵
  PID:6916
- C:\Windows\System\gXvXduc.exe
  C:\Windows\System\gXvXduc.exe
  2⤵
  PID:6936
- C:\Windows\System\azOmcdZ.exe
  C:\Windows\System\azOmcdZ.exe
  2⤵
  PID:6956
- C:\Windows\System\xovOCdj.exe
  C:\Windows\System\xovOCdj.exe
  2⤵
  PID:6976
- C:\Windows\System\QQxUias.exe
  C:\Windows\System\QQxUias.exe
  2⤵
  PID:6996
- C:\Windows\System\kJWWbdP.exe
  C:\Windows\System\kJWWbdP.exe
  2⤵
  PID:7016
- C:\Windows\System\jVIRtHm.exe
  C:\Windows\System\jVIRtHm.exe
  2⤵
  PID:7036
- C:\Windows\System\gEpZWpy.exe
  C:\Windows\System\gEpZWpy.exe
  2⤵
  PID:7056
- C:\Windows\System\dEVbXjo.exe
  C:\Windows\System\dEVbXjo.exe
  2⤵
  PID:7076
- C:\Windows\System\FhLbdwQ.exe
  C:\Windows\System\FhLbdwQ.exe
  2⤵
  PID:7096
- C:\Windows\System\dnJpACj.exe
  C:\Windows\System\dnJpACj.exe
  2⤵
  PID:7116
- C:\Windows\System\gVOypiy.exe
  C:\Windows\System\gVOypiy.exe
  2⤵
  PID:7140
- C:\Windows\System\UWRNheW.exe
  C:\Windows\System\UWRNheW.exe
  2⤵
  PID:7160
- C:\Windows\System\lvfBTAS.exe
  C:\Windows\System\lvfBTAS.exe
  2⤵
  PID:3768
- C:\Windows\System\UQOyJqR.exe
  C:\Windows\System\UQOyJqR.exe
  2⤵
  PID:5040
- C:\Windows\System\RPiqhUA.exe
  C:\Windows\System\RPiqhUA.exe
  2⤵
  PID:4340
- C:\Windows\System\SozTvdf.exe
  C:\Windows\System\SozTvdf.exe
  2⤵
  PID:5192
- C:\Windows\System\NLBExTl.exe
  C:\Windows\System\NLBExTl.exe
  2⤵
  PID:5316
- C:\Windows\System\HeIqFDV.exe
  C:\Windows\System\HeIqFDV.exe
  2⤵
  PID:5252
- C:\Windows\System\weRTVGh.exe
  C:\Windows\System\weRTVGh.exe
  2⤵
  PID:5412
- C:\Windows\System\nflioLw.exe
  C:\Windows\System\nflioLw.exe
  2⤵
  PID:5472
- C:\Windows\System\GCkNllG.exe
  C:\Windows\System\GCkNllG.exe
  2⤵
  PID:5596
- C:\Windows\System\GsgyIKO.exe
  C:\Windows\System\GsgyIKO.exe
  2⤵
  PID:5688
- C:\Windows\System\jzOYdBt.exe
  C:\Windows\System\jzOYdBt.exe
  2⤵
  PID:5752
- C:\Windows\System\pSPYylT.exe
  C:\Windows\System\pSPYylT.exe
  2⤵
  PID:6124
- C:\Windows\System\YahSMRg.exe
  C:\Windows\System\YahSMRg.exe
  2⤵
  PID:5988
- C:\Windows\System\MBVpAQe.exe
  C:\Windows\System\MBVpAQe.exe
  2⤵
  PID:2720
- C:\Windows\System\bODBYCR.exe
  C:\Windows\System\bODBYCR.exe
  2⤵
  PID:5960
- C:\Windows\System\bGxLfHY.exe
  C:\Windows\System\bGxLfHY.exe
  2⤵
  PID:6092
- C:\Windows\System\aTmAUcF.exe
  C:\Windows\System\aTmAUcF.exe
  2⤵
  PID:6168
- C:\Windows\System\GaHFsBD.exe
  C:\Windows\System\GaHFsBD.exe
  2⤵
  PID:6180
- C:\Windows\System\TntoLKD.exe
  C:\Windows\System\TntoLKD.exe
  2⤵
  PID:6204
- C:\Windows\System\OcCWkof.exe
  C:\Windows\System\OcCWkof.exe
  2⤵
  PID:6248
- C:\Windows\System\FiTfPqu.exe
  C:\Windows\System\FiTfPqu.exe
  2⤵
  PID:6288
- C:\Windows\System\NgTPGEh.exe
  C:\Windows\System\NgTPGEh.exe
  2⤵
  PID:6328
- C:\Windows\System\YedDLvI.exe
  C:\Windows\System\YedDLvI.exe
  2⤵
  PID:6360
- C:\Windows\System\WKmHrYu.exe
  C:\Windows\System\WKmHrYu.exe
  2⤵
  PID:6380
- C:\Windows\System\wowuItj.exe
  C:\Windows\System\wowuItj.exe
  2⤵
  PID:6404
- C:\Windows\System\PVRlSkm.exe
  C:\Windows\System\PVRlSkm.exe
  2⤵
  PID:6428
- C:\Windows\System\BWwixhI.exe
  C:\Windows\System\BWwixhI.exe
  2⤵
  PID:6460
- C:\Windows\System\bHTKxpj.exe
  C:\Windows\System\bHTKxpj.exe
  2⤵
  PID:6484
- C:\Windows\System\zuxgyeC.exe
  C:\Windows\System\zuxgyeC.exe
  2⤵
  PID:6520
- C:\Windows\System\rDdknGZ.exe
  C:\Windows\System\rDdknGZ.exe
  2⤵
  PID:6560
- C:\Windows\System\EeQGabg.exe
  C:\Windows\System\EeQGabg.exe
  2⤵
  PID:6600
- C:\Windows\System\LciVOoT.exe
  C:\Windows\System\LciVOoT.exe
  2⤵
  PID:6628
- C:\Windows\System\MJIxLpl.exe
  C:\Windows\System\MJIxLpl.exe
  2⤵
  PID:6660
- C:\Windows\System\HKYMFjT.exe
  C:\Windows\System\HKYMFjT.exe
  2⤵
  PID:6688
- C:\Windows\System\IwzEDCu.exe
  C:\Windows\System\IwzEDCu.exe
  2⤵
  PID:6720
- C:\Windows\System\qtGmDDv.exe
  C:\Windows\System\qtGmDDv.exe
  2⤵
  PID:6760
- C:\Windows\System\dmfwcPS.exe
  C:\Windows\System\dmfwcPS.exe
  2⤵
  PID:6800
- C:\Windows\System\tfKhhvc.exe
  C:\Windows\System\tfKhhvc.exe
  2⤵
  PID:6820
- C:\Windows\System\JMBLDEy.exe
  C:\Windows\System\JMBLDEy.exe
  2⤵
  PID:6864
- C:\Windows\System\dWxKuBQ.exe
  C:\Windows\System\dWxKuBQ.exe
  2⤵
  PID:6888
- C:\Windows\System\SBsGVDk.exe
  C:\Windows\System\SBsGVDk.exe
  2⤵
  PID:6932
- C:\Windows\System\TwyrwRA.exe
  C:\Windows\System\TwyrwRA.exe
  2⤵
  PID:6948
- C:\Windows\System\BKmUIQr.exe
  C:\Windows\System\BKmUIQr.exe
  2⤵
  PID:7004
- C:\Windows\System\lMwuRcG.exe
  C:\Windows\System\lMwuRcG.exe
  2⤵
  PID:7032
- C:\Windows\System\RyVJyhZ.exe
  C:\Windows\System\RyVJyhZ.exe
  2⤵
  PID:7072
- C:\Windows\System\EKTWEYS.exe
  C:\Windows\System\EKTWEYS.exe
  2⤵
  PID:7104
- C:\Windows\System\kIrXmyP.exe
  C:\Windows\System\kIrXmyP.exe
  2⤵
  PID:7128
- C:\Windows\System\BBwHuNk.exe
  C:\Windows\System\BBwHuNk.exe
  2⤵
  PID:7156
- C:\Windows\System\HlwJZDB.exe
  C:\Windows\System\HlwJZDB.exe
  2⤵
  PID:3476
- C:\Windows\System\rTnnpwc.exe
  C:\Windows\System\rTnnpwc.exe
  2⤵
  PID:5148
- C:\Windows\System\AdstefU.exe
  C:\Windows\System\AdstefU.exe
  2⤵
  PID:5256
- C:\Windows\System\NnkYueT.exe
  C:\Windows\System\NnkYueT.exe
  2⤵
  PID:2560
- C:\Windows\System\hvMbCGv.exe
  C:\Windows\System\hvMbCGv.exe
  2⤵
  PID:1924
- C:\Windows\System\hrnbkxm.exe
  C:\Windows\System\hrnbkxm.exe
  2⤵
  PID:1916
- C:\Windows\System\eGXaFSs.exe
  C:\Windows\System\eGXaFSs.exe
  2⤵
  PID:5888
- C:\Windows\System\GzPoCvM.exe
  C:\Windows\System\GzPoCvM.exe
  2⤵
  PID:5880
- C:\Windows\System\RLvMxag.exe
  C:\Windows\System\RLvMxag.exe
  2⤵
  PID:5772
- C:\Windows\System\nvTxtoW.exe
  C:\Windows\System\nvTxtoW.exe
  2⤵
  PID:4684
- C:\Windows\System\buPNozD.exe
  C:\Windows\System\buPNozD.exe
  2⤵
  PID:6208
- C:\Windows\System\BNMslDz.exe
  C:\Windows\System\BNMslDz.exe
  2⤵
  PID:6280
- C:\Windows\System\zmrBzog.exe
  C:\Windows\System\zmrBzog.exe
  2⤵
  PID:6340
- C:\Windows\System\wTDYgoQ.exe
  C:\Windows\System\wTDYgoQ.exe
  2⤵
  PID:6344
- C:\Windows\System\pHtdDdH.exe
  C:\Windows\System\pHtdDdH.exe
  2⤵
  PID:6368
- C:\Windows\System\mzkjQjo.exe
  C:\Windows\System\mzkjQjo.exe
  2⤵
  PID:2460
- C:\Windows\System\RQalvnj.exe
  C:\Windows\System\RQalvnj.exe
  2⤵
  PID:6488
- C:\Windows\System\pmCJWev.exe
  C:\Windows\System\pmCJWev.exe
  2⤵
  PID:6540
- C:\Windows\System\KSrcDut.exe
  C:\Windows\System\KSrcDut.exe
  2⤵
  PID:6548
- C:\Windows\System\gyVUPlO.exe
  C:\Windows\System\gyVUPlO.exe
  2⤵
  PID:6608
- C:\Windows\System\wqHhyMY.exe
  C:\Windows\System\wqHhyMY.exe
  2⤵
  PID:6604
- C:\Windows\System\pXmpjwT.exe
  C:\Windows\System\pXmpjwT.exe
  2⤵
  PID:6704
- C:\Windows\System\ydJEAPs.exe
  C:\Windows\System\ydJEAPs.exe
  2⤵
  PID:2784
- C:\Windows\System\pDVkLJV.exe
  C:\Windows\System\pDVkLJV.exe
  2⤵
  PID:6744
- C:\Windows\System\FxuyTYe.exe
  C:\Windows\System\FxuyTYe.exe
  2⤵
  PID:6804
- C:\Windows\System\ZXMdxdx.exe
  C:\Windows\System\ZXMdxdx.exe
  2⤵
  PID:6908
- C:\Windows\System\VxmdYUq.exe
  C:\Windows\System\VxmdYUq.exe
  2⤵
  PID:6952
- C:\Windows\System\qLaWguM.exe
  C:\Windows\System\qLaWguM.exe
  2⤵
  PID:2568
- C:\Windows\System\qvPKoWo.exe
  C:\Windows\System\qvPKoWo.exe
  2⤵
  PID:7028
- C:\Windows\System\OehUhfS.exe
  C:\Windows\System\OehUhfS.exe
  2⤵
  PID:7088
- C:\Windows\System\AwNkFJU.exe
  C:\Windows\System\AwNkFJU.exe
  2⤵
  PID:4752
- C:\Windows\System\xYDLhmT.exe
  C:\Windows\System\xYDLhmT.exe
  2⤵
  PID:3800
- C:\Windows\System\NLnPlOu.exe
  C:\Windows\System\NLnPlOu.exe
  2⤵
  PID:5392
- C:\Windows\System\pcOFFOf.exe
  C:\Windows\System\pcOFFOf.exe
  2⤵
  PID:5328
- C:\Windows\System\WSDKKYE.exe
  C:\Windows\System\WSDKKYE.exe
  2⤵
  PID:5868
- C:\Windows\System\LbICSeQ.exe
  C:\Windows\System\LbICSeQ.exe
  2⤵
  PID:6200
- C:\Windows\System\mXwvYVe.exe
  C:\Windows\System\mXwvYVe.exe
  2⤵
  PID:5832
- C:\Windows\System\trdWYoR.exe
  C:\Windows\System\trdWYoR.exe
  2⤵
  PID:6224
- C:\Windows\System\GHngMzP.exe
  C:\Windows\System\GHngMzP.exe
  2⤵
  PID:6408
- C:\Windows\System\xlapWOS.exe
  C:\Windows\System\xlapWOS.exe
  2⤵
  PID:6384
- C:\Windows\System\MCZPZjI.exe
  C:\Windows\System\MCZPZjI.exe
  2⤵
  PID:6448
- C:\Windows\System\azTsKna.exe
  C:\Windows\System\azTsKna.exe
  2⤵
  PID:6588
- C:\Windows\System\FrkDRQX.exe
  C:\Windows\System\FrkDRQX.exe
  2⤵
  PID:1508
- C:\Windows\System\XOQPkJY.exe
  C:\Windows\System\XOQPkJY.exe
  2⤵
  PID:6504
- C:\Windows\System\TCPQOvB.exe
  C:\Windows\System\TCPQOvB.exe
  2⤵
  PID:7064
- C:\Windows\System\uhsiobr.exe
  C:\Windows\System\uhsiobr.exe
  2⤵
  PID:6748
- C:\Windows\System\rNeIIox.exe
  C:\Windows\System\rNeIIox.exe
  2⤵
  PID:6912
- C:\Windows\System\pKdzpXO.exe
  C:\Windows\System\pKdzpXO.exe
  2⤵
  PID:6992
- C:\Windows\System\pEsSEeT.exe
  C:\Windows\System\pEsSEeT.exe
  2⤵
  PID:6984
- C:\Windows\System\pSRoHmv.exe
  C:\Windows\System\pSRoHmv.exe
  2⤵
  PID:2376
- C:\Windows\System\YxpSSHA.exe
  C:\Windows\System\YxpSSHA.exe
  2⤵
  PID:5552
- C:\Windows\System\gfjHTxO.exe
  C:\Windows\System\gfjHTxO.exe
  2⤵
  PID:7180
- C:\Windows\System\AKxMXmq.exe
  C:\Windows\System\AKxMXmq.exe
  2⤵
  PID:7200
- C:\Windows\System\MTbqiIt.exe
  C:\Windows\System\MTbqiIt.exe
  2⤵
  PID:7224
- C:\Windows\System\YlaOLdz.exe
  C:\Windows\System\YlaOLdz.exe
  2⤵
  PID:7244
- C:\Windows\System\piIlTAT.exe
  C:\Windows\System\piIlTAT.exe
  2⤵
  PID:7264
- C:\Windows\System\Iodhffg.exe
  C:\Windows\System\Iodhffg.exe
  2⤵
  PID:7284
- C:\Windows\System\gbJMdxU.exe
  C:\Windows\System\gbJMdxU.exe
  2⤵
  PID:7304
- C:\Windows\System\Zswbawk.exe
  C:\Windows\System\Zswbawk.exe
  2⤵
  PID:7324
- C:\Windows\System\mXsFkNl.exe
  C:\Windows\System\mXsFkNl.exe
  2⤵
  PID:7344
- C:\Windows\System\pXlelqk.exe
  C:\Windows\System\pXlelqk.exe
  2⤵
  PID:7364
- C:\Windows\System\RUOeCFY.exe
  C:\Windows\System\RUOeCFY.exe
  2⤵
  PID:7380
- C:\Windows\System\ouUFiql.exe
  C:\Windows\System\ouUFiql.exe
  2⤵
  PID:7396
- C:\Windows\System\MZuPFmh.exe
  C:\Windows\System\MZuPFmh.exe
  2⤵
  PID:7420
- C:\Windows\System\TDdFQgc.exe
  C:\Windows\System\TDdFQgc.exe
  2⤵
  PID:7440
- C:\Windows\System\vTwTYru.exe
  C:\Windows\System\vTwTYru.exe
  2⤵
  PID:7460
- C:\Windows\System\TFrAzca.exe
  C:\Windows\System\TFrAzca.exe
  2⤵
  PID:7484
- C:\Windows\System\MGpfXRt.exe
  C:\Windows\System\MGpfXRt.exe
  2⤵
  PID:7504
- C:\Windows\System\MVoiXrs.exe
  C:\Windows\System\MVoiXrs.exe
  2⤵
  PID:7524
- C:\Windows\System\WRjAcNu.exe
  C:\Windows\System\WRjAcNu.exe
  2⤵
  PID:7544
- C:\Windows\System\oNGQvhp.exe
  C:\Windows\System\oNGQvhp.exe
  2⤵
  PID:7564
- C:\Windows\System\gluvjFH.exe
  C:\Windows\System\gluvjFH.exe
  2⤵
  PID:7580
- C:\Windows\System\HuuHWBR.exe
  C:\Windows\System\HuuHWBR.exe
  2⤵
  PID:7596
- C:\Windows\System\ZlxStcS.exe
  C:\Windows\System\ZlxStcS.exe
  2⤵
  PID:7624
- C:\Windows\System\QCtUeex.exe
  C:\Windows\System\QCtUeex.exe
  2⤵
  PID:7644
- C:\Windows\System\puZLWOm.exe
  C:\Windows\System\puZLWOm.exe
  2⤵
  PID:7660
- C:\Windows\System\deDzSBN.exe
  C:\Windows\System\deDzSBN.exe
  2⤵
  PID:7688
- C:\Windows\System\XjivNXH.exe
  C:\Windows\System\XjivNXH.exe
  2⤵
  PID:7708
- C:\Windows\System\LzTqIjx.exe
  C:\Windows\System\LzTqIjx.exe
  2⤵
  PID:7728
- C:\Windows\System\rWfABtJ.exe
  C:\Windows\System\rWfABtJ.exe
  2⤵
  PID:7748
- C:\Windows\System\CunOiAn.exe
  C:\Windows\System\CunOiAn.exe
  2⤵
  PID:7768
- C:\Windows\System\cswtWYx.exe
  C:\Windows\System\cswtWYx.exe
  2⤵
  PID:7788
- C:\Windows\System\KcspnhM.exe
  C:\Windows\System\KcspnhM.exe
  2⤵
  PID:7808
- C:\Windows\System\YhhnfZI.exe
  C:\Windows\System\YhhnfZI.exe
  2⤵
  PID:7828
- C:\Windows\System\XYBhJNc.exe
  C:\Windows\System\XYBhJNc.exe
  2⤵
  PID:7848
- C:\Windows\System\GiMUSRP.exe
  C:\Windows\System\GiMUSRP.exe
  2⤵
  PID:7868
- C:\Windows\System\BcXnmTD.exe
  C:\Windows\System\BcXnmTD.exe
  2⤵
  PID:7888
- C:\Windows\System\KWBSfQY.exe
  C:\Windows\System\KWBSfQY.exe
  2⤵
  PID:7908
- C:\Windows\System\WtNcxhr.exe
  C:\Windows\System\WtNcxhr.exe
  2⤵
  PID:7928
- C:\Windows\System\MTCVlGE.exe
  C:\Windows\System\MTCVlGE.exe
  2⤵
  PID:7944
- C:\Windows\System\vTaqNQN.exe
  C:\Windows\System\vTaqNQN.exe
  2⤵
  PID:7968
- C:\Windows\System\QYnyBuR.exe
  C:\Windows\System\QYnyBuR.exe
  2⤵
  PID:7988
- C:\Windows\System\osBhdUu.exe
  C:\Windows\System\osBhdUu.exe
  2⤵
  PID:8008
- C:\Windows\System\zhocnyE.exe
  C:\Windows\System\zhocnyE.exe
  2⤵
  PID:8028
- C:\Windows\System\PaRJVez.exe
  C:\Windows\System\PaRJVez.exe
  2⤵
  PID:8048
- C:\Windows\System\XhNvhFh.exe
  C:\Windows\System\XhNvhFh.exe
  2⤵
  PID:8068
- C:\Windows\System\qHqQiBS.exe
  C:\Windows\System\qHqQiBS.exe
  2⤵
  PID:8088
- C:\Windows\System\VWkOBoX.exe
  C:\Windows\System\VWkOBoX.exe
  2⤵
  PID:8108
- C:\Windows\System\xoSZTTC.exe
  C:\Windows\System\xoSZTTC.exe
  2⤵
  PID:8128
- C:\Windows\System\JXADSHK.exe
  C:\Windows\System\JXADSHK.exe
  2⤵
  PID:8148
- C:\Windows\System\FSVWfwE.exe
  C:\Windows\System\FSVWfwE.exe
  2⤵
  PID:8168
- C:\Windows\System\oJgFoUY.exe
  C:\Windows\System\oJgFoUY.exe
  2⤵
  PID:8188
- C:\Windows\System\ZoWLLib.exe
  C:\Windows\System\ZoWLLib.exe
  2⤵
  PID:5516
- C:\Windows\System\hCyXWkb.exe
  C:\Windows\System\hCyXWkb.exe
  2⤵
  PID:5992
- C:\Windows\System\YRvVqwh.exe
  C:\Windows\System\YRvVqwh.exe
  2⤵
  PID:6240
- C:\Windows\System\itEIVQO.exe
  C:\Windows\System\itEIVQO.exe
  2⤵
  PID:600
- C:\Windows\System\cXQkybZ.exe
  C:\Windows\System\cXQkybZ.exe
  2⤵
  PID:1164
- C:\Windows\System\kpGfjDh.exe
  C:\Windows\System\kpGfjDh.exe
  2⤵
  PID:6564
- C:\Windows\System\eJRjQox.exe
  C:\Windows\System\eJRjQox.exe
  2⤵
  PID:2096
- C:\Windows\System\ABidxhn.exe
  C:\Windows\System\ABidxhn.exe
  2⤵
  PID:6780
- C:\Windows\System\AJXsdTj.exe
  C:\Windows\System\AJXsdTj.exe
  2⤵
  PID:4012
- C:\Windows\System\xPcUafY.exe
  C:\Windows\System\xPcUafY.exe
  2⤵
  PID:3236
- C:\Windows\System\mJHVxHS.exe
  C:\Windows\System\mJHVxHS.exe
  2⤵
  PID:7092
- C:\Windows\System\RLcBNXL.exe
  C:\Windows\System\RLcBNXL.exe
  2⤵
  PID:7232
- C:\Windows\System\rUOLmsk.exe
  C:\Windows\System\rUOLmsk.exe
  2⤵
  PID:7236
- C:\Windows\System\KWCQzhd.exe
  C:\Windows\System\KWCQzhd.exe
  2⤵
  PID:7220
- C:\Windows\System\mGjUylP.exe
  C:\Windows\System\mGjUylP.exe
  2⤵
  PID:7256
- C:\Windows\System\LlfHTCc.exe
  C:\Windows\System\LlfHTCc.exe
  2⤵
  PID:7352
- C:\Windows\System\EauGrNt.exe
  C:\Windows\System\EauGrNt.exe
  2⤵
  PID:7388
- C:\Windows\System\wMiFqrZ.exe
  C:\Windows\System\wMiFqrZ.exe
  2⤵
  PID:7432
- C:\Windows\System\DIcugBZ.exe
  C:\Windows\System\DIcugBZ.exe
  2⤵
  PID:7412
- C:\Windows\System\eOuTFQL.exe
  C:\Windows\System\eOuTFQL.exe
  2⤵
  PID:7472
- C:\Windows\System\opyOBxa.exe
  C:\Windows\System\opyOBxa.exe
  2⤵
  PID:7512
- C:\Windows\System\EiCxzsE.exe
  C:\Windows\System\EiCxzsE.exe
  2⤵
  PID:7500
- C:\Windows\System\UXJUBEZ.exe
  C:\Windows\System\UXJUBEZ.exe
  2⤵
  PID:7540
- C:\Windows\System\qUmppbT.exe
  C:\Windows\System\qUmppbT.exe
  2⤵
  PID:7576
- C:\Windows\System\ZxrpShc.exe
  C:\Windows\System\ZxrpShc.exe
  2⤵
  PID:7612
- C:\Windows\System\tbkDNgQ.exe
  C:\Windows\System\tbkDNgQ.exe
  2⤵
  PID:7672
- C:\Windows\System\MKNbWvu.exe
  C:\Windows\System\MKNbWvu.exe
  2⤵
  PID:7696
- C:\Windows\System\bYvytld.exe
  C:\Windows\System\bYvytld.exe
  2⤵
  PID:7736
- C:\Windows\System\FotaIBV.exe
  C:\Windows\System\FotaIBV.exe
  2⤵
  PID:7760
- C:\Windows\System\FzRbfQr.exe
  C:\Windows\System\FzRbfQr.exe
  2⤵
  PID:7800
- C:\Windows\System\HaVNCsb.exe
  C:\Windows\System\HaVNCsb.exe
  2⤵
  PID:7824
- C:\Windows\System\ivARuaj.exe
  C:\Windows\System\ivARuaj.exe
  2⤵
  PID:7876
- C:\Windows\System\oxPMMrP.exe
  C:\Windows\System\oxPMMrP.exe
  2⤵
  PID:7880
- C:\Windows\System\EOcrSUH.exe
  C:\Windows\System\EOcrSUH.exe
  2⤵
  PID:7904
- C:\Windows\System\XBAYFTL.exe
  C:\Windows\System\XBAYFTL.exe
  2⤵
  PID:7956
- C:\Windows\System\HgVaTTC.exe
  C:\Windows\System\HgVaTTC.exe
  2⤵
  PID:8000
- C:\Windows\System\pdLbxOe.exe
  C:\Windows\System\pdLbxOe.exe
  2⤵
  PID:8036
- C:\Windows\System\XfRHiQh.exe
  C:\Windows\System\XfRHiQh.exe
  2⤵
  PID:8076
- C:\Windows\System\yAzMuKp.exe
  C:\Windows\System\yAzMuKp.exe
  2⤵
  PID:8064
- C:\Windows\System\UhVlcHc.exe
  C:\Windows\System\UhVlcHc.exe
  2⤵
  PID:8096
- C:\Windows\System\mLvYlsb.exe
  C:\Windows\System\mLvYlsb.exe
  2⤵
  PID:8164
- C:\Windows\System\PIGRmnn.exe
  C:\Windows\System\PIGRmnn.exe
  2⤵
  PID:8184
- C:\Windows\System\spHFovM.exe
  C:\Windows\System\spHFovM.exe
  2⤵
  PID:6184
- C:\Windows\System\EbMjtMP.exe
  C:\Windows\System\EbMjtMP.exe
  2⤵
  PID:6420
- C:\Windows\System\hFuyEMx.exe
  C:\Windows\System\hFuyEMx.exe
  2⤵
  PID:992
- C:\Windows\System\NAvfajX.exe
  C:\Windows\System\NAvfajX.exe
  2⤵
  PID:6788
- C:\Windows\System\YczJRSX.exe
  C:\Windows\System\YczJRSX.exe
  2⤵
  PID:6904
- C:\Windows\System\jEHnuzd.exe
  C:\Windows\System\jEHnuzd.exe
  2⤵
  PID:6848
- C:\Windows\System\OEfQeOL.exe
  C:\Windows\System\OEfQeOL.exe
  2⤵
  PID:7172
- C:\Windows\System\CvCjIMF.exe
  C:\Windows\System\CvCjIMF.exe
  2⤵
  PID:7196
- C:\Windows\System\giXrRJz.exe
  C:\Windows\System\giXrRJz.exe
  2⤵
  PID:7280
- C:\Windows\System\NbCqgLg.exe
  C:\Windows\System\NbCqgLg.exe
  2⤵
  PID:7356
- C:\Windows\System\biXrypG.exe
  C:\Windows\System\biXrypG.exe
  2⤵
  PID:7300
- C:\Windows\System\DCOjRcW.exe
  C:\Windows\System\DCOjRcW.exe
  2⤵
  PID:7392
- C:\Windows\System\pDPBzPW.exe
  C:\Windows\System\pDPBzPW.exe
  2⤵
  PID:7452
- C:\Windows\System\zmMDDWR.exe
  C:\Windows\System\zmMDDWR.exe
  2⤵
  PID:7556
- C:\Windows\System\CZHwEeZ.exe
  C:\Windows\System\CZHwEeZ.exe
  2⤵
  PID:7604
- C:\Windows\System\QsPnaWh.exe
  C:\Windows\System\QsPnaWh.exe
  2⤵
  PID:7652
- C:\Windows\System\rAXuesP.exe
  C:\Windows\System\rAXuesP.exe
  2⤵
  PID:7620
- C:\Windows\System\qlchgWL.exe
  C:\Windows\System\qlchgWL.exe
  2⤵
  PID:7740
- C:\Windows\System\PYgrtGX.exe
  C:\Windows\System\PYgrtGX.exe
  2⤵
  PID:7844
- C:\Windows\System\IwHOWrU.exe
  C:\Windows\System\IwHOWrU.exe
  2⤵
  PID:7840
- C:\Windows\System\jVytSEE.exe
  C:\Windows\System\jVytSEE.exe
  2⤵
  PID:7896
- C:\Windows\System\KOnckGM.exe
  C:\Windows\System\KOnckGM.exe
  2⤵
  PID:8016
- C:\Windows\System\BWEfefe.exe
  C:\Windows\System\BWEfefe.exe
  2⤵
  PID:8080
- C:\Windows\System\LGrArXT.exe
  C:\Windows\System\LGrArXT.exe
  2⤵
  PID:8136
- C:\Windows\System\aNMJJHC.exe
  C:\Windows\System\aNMJJHC.exe
  2⤵
  PID:8180
- C:\Windows\System\nEbnzQX.exe
  C:\Windows\System\nEbnzQX.exe
  2⤵
  PID:8140
- C:\Windows\System\zlRQIDR.exe
  C:\Windows\System\zlRQIDR.exe
  2⤵
  PID:1504
- C:\Windows\System\KBmbBMa.exe
  C:\Windows\System\KBmbBMa.exe
  2⤵
  PID:6508
- C:\Windows\System\ZjPqiJI.exe
  C:\Windows\System\ZjPqiJI.exe
  2⤵
  PID:2788
- C:\Windows\System\BFhzEfJ.exe
  C:\Windows\System\BFhzEfJ.exe
  2⤵
  PID:7024
- C:\Windows\System\ShKFBlt.exe
  C:\Windows\System\ShKFBlt.exe
  2⤵
  PID:7260
- C:\Windows\System\NqrpozX.exe
  C:\Windows\System\NqrpozX.exe
  2⤵
  PID:7376
- C:\Windows\System\BOLlQSQ.exe
  C:\Windows\System\BOLlQSQ.exe
  2⤵
  PID:7408
- C:\Windows\System\NgdXGbv.exe
  C:\Windows\System\NgdXGbv.exe
  2⤵
  PID:7404
- C:\Windows\System\imMcnGT.exe
  C:\Windows\System\imMcnGT.exe
  2⤵
  PID:7532
- C:\Windows\System\qenwhkI.exe
  C:\Windows\System\qenwhkI.exe
  2⤵
  PID:7668
- C:\Windows\System\jYlgDRH.exe
  C:\Windows\System\jYlgDRH.exe
  2⤵
  PID:7720
- C:\Windows\System\JvYkqle.exe
  C:\Windows\System\JvYkqle.exe
  2⤵
  PID:7952
- C:\Windows\System\dcbXRii.exe
  C:\Windows\System\dcbXRii.exe
  2⤵
  PID:7212
- C:\Windows\System\utIoBvN.exe
  C:\Windows\System\utIoBvN.exe
  2⤵
  PID:2432
- C:\Windows\System\XpZQAyN.exe
  C:\Windows\System\XpZQAyN.exe
  2⤵
  PID:976
- C:\Windows\System\FnCHouW.exe
  C:\Windows\System\FnCHouW.exe
  2⤵
  PID:8116
- C:\Windows\System\yoMZJOu.exe
  C:\Windows\System\yoMZJOu.exe
  2⤵
  PID:6740
- C:\Windows\System\UiiQYyz.exe
  C:\Windows\System\UiiQYyz.exe
  2⤵
  PID:7312
- C:\Windows\System\KhVwxHE.exe
  C:\Windows\System\KhVwxHE.exe
  2⤵
  PID:7208
- C:\Windows\System\aDeEZFh.exe
  C:\Windows\System\aDeEZFh.exe
  2⤵
  PID:2684
- C:\Windows\System\zAkPAWD.exe
  C:\Windows\System\zAkPAWD.exe
  2⤵
  PID:7640
- C:\Windows\System\SYebXaJ.exe
  C:\Windows\System\SYebXaJ.exe
  2⤵
  PID:7476
- C:\Windows\System\KpHKEsp.exe
  C:\Windows\System\KpHKEsp.exe
  2⤵
  PID:8212
- C:\Windows\System\BlAmeSb.exe
  C:\Windows\System\BlAmeSb.exe
  2⤵
  PID:8232
- C:\Windows\System\SOMLOfj.exe
  C:\Windows\System\SOMLOfj.exe
  2⤵
  PID:8252
- C:\Windows\System\zsOBGEh.exe
  C:\Windows\System\zsOBGEh.exe
  2⤵
  PID:8272
- C:\Windows\System\BSmAaGQ.exe
  C:\Windows\System\BSmAaGQ.exe
  2⤵
  PID:8292
- C:\Windows\System\WzgyhQT.exe
  C:\Windows\System\WzgyhQT.exe
  2⤵
  PID:8312
- C:\Windows\System\EZKNxMp.exe
  C:\Windows\System\EZKNxMp.exe
  2⤵
  PID:8332
- C:\Windows\System\AWTGOri.exe
  C:\Windows\System\AWTGOri.exe
  2⤵
  PID:8352
- C:\Windows\System\fZHvsQk.exe
  C:\Windows\System\fZHvsQk.exe
  2⤵
  PID:8372
- C:\Windows\System\vDuvxsv.exe
  C:\Windows\System\vDuvxsv.exe
  2⤵
  PID:8392
- C:\Windows\System\dvxNNSR.exe
  C:\Windows\System\dvxNNSR.exe
  2⤵
  PID:8412
- C:\Windows\System\mWngCVs.exe
  C:\Windows\System\mWngCVs.exe
  2⤵
  PID:8432
- C:\Windows\System\TdcFnoW.exe
  C:\Windows\System\TdcFnoW.exe
  2⤵
  PID:8452
- C:\Windows\System\RBQKDcX.exe
  C:\Windows\System\RBQKDcX.exe
  2⤵
  PID:8472
- C:\Windows\System\XnoEUXB.exe
  C:\Windows\System\XnoEUXB.exe
  2⤵
  PID:8492
- C:\Windows\System\zcymBdg.exe
  C:\Windows\System\zcymBdg.exe
  2⤵
  PID:8512
- C:\Windows\System\IEASZuA.exe
  C:\Windows\System\IEASZuA.exe
  2⤵
  PID:8532
- C:\Windows\System\tmvGzUy.exe
  C:\Windows\System\tmvGzUy.exe
  2⤵
  PID:8552
- C:\Windows\System\bkAjuEo.exe
  C:\Windows\System\bkAjuEo.exe
  2⤵
  PID:8568
- C:\Windows\System\bEXlsrW.exe
  C:\Windows\System\bEXlsrW.exe
  2⤵
  PID:8588
- C:\Windows\System\tvlBGtr.exe
  C:\Windows\System\tvlBGtr.exe
  2⤵
  PID:8612
- C:\Windows\System\OhOabKZ.exe
  C:\Windows\System\OhOabKZ.exe
  2⤵
  PID:8632
- C:\Windows\System\wYhjDPL.exe
  C:\Windows\System\wYhjDPL.exe
  2⤵
  PID:8656
- C:\Windows\System\GLaIyBk.exe
  C:\Windows\System\GLaIyBk.exe
  2⤵
  PID:8676
- C:\Windows\System\WrbFRbT.exe
  C:\Windows\System\WrbFRbT.exe
  2⤵
  PID:8696
- C:\Windows\System\fTVKzGf.exe
  C:\Windows\System\fTVKzGf.exe
  2⤵
  PID:8716
- C:\Windows\System\vNPrByZ.exe
  C:\Windows\System\vNPrByZ.exe
  2⤵
  PID:8732
- C:\Windows\System\Dcrygpf.exe
  C:\Windows\System\Dcrygpf.exe
  2⤵
  PID:8748
- C:\Windows\System\pZNHTyU.exe
  C:\Windows\System\pZNHTyU.exe
  2⤵
  PID:8764
- C:\Windows\System\bSgNADQ.exe
  C:\Windows\System\bSgNADQ.exe
  2⤵
  PID:8780
- C:\Windows\System\LBLJCtk.exe
  C:\Windows\System\LBLJCtk.exe
  2⤵
  PID:8800
- C:\Windows\System\tSeHYeU.exe
  C:\Windows\System\tSeHYeU.exe
  2⤵
  PID:8816
- C:\Windows\System\uFiTNMg.exe
  C:\Windows\System\uFiTNMg.exe
  2⤵
  PID:8860
- C:\Windows\System\gIGGGmH.exe
  C:\Windows\System\gIGGGmH.exe
  2⤵
  PID:8876
- C:\Windows\System\MvvIsPK.exe
  C:\Windows\System\MvvIsPK.exe
  2⤵
  PID:8892
- C:\Windows\System\hFTvAFK.exe
  C:\Windows\System\hFTvAFK.exe
  2⤵
  PID:8908
- C:\Windows\System\lRPXWsr.exe
  C:\Windows\System\lRPXWsr.exe
  2⤵
  PID:8924
- C:\Windows\System\bVxyWYH.exe
  C:\Windows\System\bVxyWYH.exe
  2⤵
  PID:8940
- C:\Windows\System\OhAJYLq.exe
  C:\Windows\System\OhAJYLq.exe
  2⤵
  PID:8956
- C:\Windows\System\sBcUpbs.exe
  C:\Windows\System\sBcUpbs.exe
  2⤵
  PID:8972
- C:\Windows\System\NVOnnxQ.exe
  C:\Windows\System\NVOnnxQ.exe
  2⤵
  PID:8988
- C:\Windows\System\aAEmFTj.exe
  C:\Windows\System\aAEmFTj.exe
  2⤵
  PID:9004
- C:\Windows\System\sydoLYz.exe
  C:\Windows\System\sydoLYz.exe
  2⤵
  PID:9020
- C:\Windows\System\ViFKScT.exe
  C:\Windows\System\ViFKScT.exe
  2⤵
  PID:9036
- C:\Windows\System\jYRgenR.exe
  C:\Windows\System\jYRgenR.exe
  2⤵
  PID:9052
- C:\Windows\System\NKsUEql.exe
  C:\Windows\System\NKsUEql.exe
  2⤵
  PID:9068
- C:\Windows\System\FqbwQtn.exe
  C:\Windows\System\FqbwQtn.exe
  2⤵
  PID:9084
- C:\Windows\System\gceVgkl.exe
  C:\Windows\System\gceVgkl.exe
  2⤵
  PID:9100
- C:\Windows\System\hnaOXjf.exe
  C:\Windows\System\hnaOXjf.exe
  2⤵
  PID:9116
- C:\Windows\System\TFZraiL.exe
  C:\Windows\System\TFZraiL.exe
  2⤵
  PID:9132
- C:\Windows\System\knJAGIH.exe
  C:\Windows\System\knJAGIH.exe
  2⤵
  PID:7636
- C:\Windows\System\uPmdLmP.exe
  C:\Windows\System\uPmdLmP.exe
  2⤵
  PID:7964
- C:\Windows\System\ncTbUhl.exe
  C:\Windows\System\ncTbUhl.exe
  2⤵
  PID:7744
- C:\Windows\System\GDxkOEJ.exe
  C:\Windows\System\GDxkOEJ.exe
  2⤵
  PID:7980
- C:\Windows\System\bzafTvY.exe
  C:\Windows\System\bzafTvY.exe
  2⤵
  PID:8156
- C:\Windows\System\XEXCKsc.exe
  C:\Windows\System\XEXCKsc.exe
  2⤵
  PID:5672
- C:\Windows\System\ZfkoQum.exe
  C:\Windows\System\ZfkoQum.exe
  2⤵
  PID:5124
- C:\Windows\System\iYzOKye.exe
  C:\Windows\System\iYzOKye.exe
  2⤵
  PID:2616
- C:\Windows\System\HtvTqPA.exe
  C:\Windows\System\HtvTqPA.exe
  2⤵
  PID:2524
- C:\Windows\System\APcQlGT.exe
  C:\Windows\System\APcQlGT.exe
  2⤵
  PID:7428
- C:\Windows\System\AGFtXey.exe
  C:\Windows\System\AGFtXey.exe
  2⤵
  PID:8240
- C:\Windows\System\dRSGeQt.exe
  C:\Windows\System\dRSGeQt.exe
  2⤵
  PID:8260
- C:\Windows\System\Sskqyfy.exe
  C:\Windows\System\Sskqyfy.exe
  2⤵
  PID:8320
- C:\Windows\System\dvFzlBM.exe
  C:\Windows\System\dvFzlBM.exe
  2⤵
  PID:8304
- C:\Windows\System\OBvzcwj.exe
  C:\Windows\System\OBvzcwj.exe
  2⤵
  PID:8348
- C:\Windows\System\EjaHxCF.exe
  C:\Windows\System\EjaHxCF.exe
  2⤵
  PID:2900
- C:\Windows\System\HWCtaOD.exe
  C:\Windows\System\HWCtaOD.exe
  2⤵
  PID:8388
- C:\Windows\System\GZuotAT.exe
  C:\Windows\System\GZuotAT.exe
  2⤵
  PID:8464
- C:\Windows\System\SgDGzZI.exe
  C:\Windows\System\SgDGzZI.exe
  2⤵
  PID:8548
- C:\Windows\System\UxFuZiR.exe
  C:\Windows\System\UxFuZiR.exe
  2⤵
  PID:8576
- C:\Windows\System\yeKrgre.exe
  C:\Windows\System\yeKrgre.exe
  2⤵
  PID:8640
- C:\Windows\System\bjRMTby.exe
  C:\Windows\System\bjRMTby.exe
  2⤵
  PID:8664
- C:\Windows\System\dqVoevK.exe
  C:\Windows\System\dqVoevK.exe
  2⤵
  PID:8692
- C:\Windows\System\czCBewv.exe
  C:\Windows\System\czCBewv.exe
  2⤵
  PID:8712
- C:\Windows\System\wrgznPy.exe
  C:\Windows\System\wrgznPy.exe
  2⤵
  PID:8744
- C:\Windows\System\RtekYAk.exe
  C:\Windows\System\RtekYAk.exe
  2⤵
  PID:3204
- C:\Windows\System\SxkVyjK.exe
  C:\Windows\System\SxkVyjK.exe
  2⤵
  PID:8856
- C:\Windows\System\RMPkDNs.exe
  C:\Windows\System\RMPkDNs.exe
  2⤵
  PID:8888
- C:\Windows\System\AcIijFP.exe
  C:\Windows\System\AcIijFP.exe
  2⤵
  PID:8904
- C:\Windows\System\BPdSVUP.exe
  C:\Windows\System\BPdSVUP.exe
  2⤵
  PID:8952
- C:\Windows\System\IowxtWh.exe
  C:\Windows\System\IowxtWh.exe
  2⤵
  PID:2652
- C:\Windows\System\zmHrNiU.exe
  C:\Windows\System\zmHrNiU.exe
  2⤵
  PID:9012
- C:\Windows\System\IKBTsVm.exe
  C:\Windows\System\IKBTsVm.exe
  2⤵
  PID:9028
- C:\Windows\System\TlRBBOO.exe
  C:\Windows\System\TlRBBOO.exe
  2⤵
  PID:9076
- C:\Windows\System\xpXwoby.exe
  C:\Windows\System\xpXwoby.exe
  2⤵
  PID:2640
- C:\Windows\System\wssgiZM.exe
  C:\Windows\System\wssgiZM.exe
  2⤵
  PID:9124
- C:\Windows\System\ztKjaHy.exe
  C:\Windows\System\ztKjaHy.exe
  2⤵
  PID:692
- C:\Windows\System\BSfQhmN.exe
  C:\Windows\System\BSfQhmN.exe
  2⤵
  PID:9156
- C:\Windows\System\Cxefosw.exe
  C:\Windows\System\Cxefosw.exe
  2⤵
  PID:9176
- C:\Windows\System\mdljkzv.exe
  C:\Windows\System\mdljkzv.exe
  2⤵
  PID:9188
- C:\Windows\System\GSwvhYb.exe
  C:\Windows\System\GSwvhYb.exe
  2⤵
  PID:9212
- C:\Windows\System\EbSnmxR.exe
  C:\Windows\System\EbSnmxR.exe
  2⤵
  PID:1908
- C:\Windows\System\AdACjht.exe
  C:\Windows\System\AdACjht.exe
  2⤵
  PID:2396
- C:\Windows\System\FtwcRUg.exe
  C:\Windows\System\FtwcRUg.exe
  2⤵
  PID:1972
- C:\Windows\System\AiOPITb.exe
  C:\Windows\System\AiOPITb.exe
  2⤵
  PID:7572
- C:\Windows\System\wPUOfcw.exe
  C:\Windows\System\wPUOfcw.exe
  2⤵
  PID:2556
- C:\Windows\System\ePXwros.exe
  C:\Windows\System\ePXwros.exe
  2⤵
  PID:1520
- C:\Windows\System\QQCdfVw.exe
  C:\Windows\System\QQCdfVw.exe
  2⤵
  PID:3060
- C:\Windows\System\rYaRYIP.exe
  C:\Windows\System\rYaRYIP.exe
  2⤵
  PID:1696
- C:\Windows\System\GbGZayw.exe
  C:\Windows\System\GbGZayw.exe
  2⤵
  PID:8248
- C:\Windows\System\eBQdIZf.exe
  C:\Windows\System\eBQdIZf.exe
  2⤵
  PID:8328
- C:\Windows\System\XDwoAGk.exe
  C:\Windows\System\XDwoAGk.exe
  2⤵
  PID:8300
- C:\Windows\System\MEKQNxa.exe
  C:\Windows\System\MEKQNxa.exe
  2⤵
  PID:1716
- C:\Windows\System\cOIZJTo.exe
  C:\Windows\System\cOIZJTo.exe
  2⤵
  PID:1888
- C:\Windows\System\SWTWVWp.exe
  C:\Windows\System\SWTWVWp.exe
  2⤵
  PID:2780
- C:\Windows\System\ZBPEhEY.exe
  C:\Windows\System\ZBPEhEY.exe
  2⤵
  PID:2324
- C:\Windows\System\ZeyIHNb.exe
  C:\Windows\System\ZeyIHNb.exe
  2⤵
  PID:8468
- C:\Windows\System\GnOGKLV.exe
  C:\Windows\System\GnOGKLV.exe
  2⤵
  PID:8444
- C:\Windows\System\EfIDfKk.exe
  C:\Windows\System\EfIDfKk.exe
  2⤵
  PID:3068
- C:\Windows\System\QbrxJFE.exe
  C:\Windows\System\QbrxJFE.exe
  2⤵
  PID:1248
- C:\Windows\System\VnuBWRF.exe
  C:\Windows\System\VnuBWRF.exe
  2⤵
  PID:8524
- C:\Windows\System\GcuRMWR.exe
  C:\Windows\System\GcuRMWR.exe
  2⤵
  PID:8668
- C:\Windows\System\GuqNpni.exe
  C:\Windows\System\GuqNpni.exe
  2⤵
  PID:8564
- C:\Windows\System\iUaZVTI.exe
  C:\Windows\System\iUaZVTI.exe
  2⤵
  PID:2144
- C:\Windows\System\siPUJTV.exe
  C:\Windows\System\siPUJTV.exe
  2⤵
  PID:8600
- C:\Windows\System\ckwXHbu.exe
  C:\Windows\System\ckwXHbu.exe
  2⤵
  PID:8760
- C:\Windows\System\rnZurPp.exe
  C:\Windows\System\rnZurPp.exe
  2⤵
  PID:8848
- C:\Windows\System\SxpcTzy.exe
  C:\Windows\System\SxpcTzy.exe
  2⤵
  PID:4292
- C:\Windows\System\aiEYEWm.exe
  C:\Windows\System\aiEYEWm.exe
  2⤵
  PID:8948
- C:\Windows\System\LKuJzqY.exe
  C:\Windows\System\LKuJzqY.exe
  2⤵
  PID:9092
- C:\Windows\System\HtZmiEq.exe
  C:\Windows\System\HtZmiEq.exe
  2⤵
  PID:9172
- C:\Windows\System\byfhTdS.exe
  C:\Windows\System\byfhTdS.exe
  2⤵
  PID:8868
- C:\Windows\System\wGJcVmJ.exe
  C:\Windows\System\wGJcVmJ.exe
  2⤵
  PID:9152
- C:\Windows\System\GEklBla.exe
  C:\Windows\System\GEklBla.exe
  2⤵
  PID:9208
- C:\Windows\System\YWCNLix.exe
  C:\Windows\System\YWCNLix.exe
  2⤵
  PID:2832
- C:\Windows\System\vtapJTT.exe
  C:\Windows\System\vtapJTT.exe
  2⤵
  PID:2016
- C:\Windows\System\WZRLXtN.exe
  C:\Windows\System\WZRLXtN.exe
  2⤵
  PID:9204
- C:\Windows\System\oFHyBNi.exe
  C:\Windows\System\oFHyBNi.exe
  2⤵
  PID:1692
- C:\Windows\System\ytKisfK.exe
  C:\Windows\System\ytKisfK.exe
  2⤵
  PID:8124
- C:\Windows\System\gxUWQcE.exe
  C:\Windows\System\gxUWQcE.exe
  2⤵
  PID:2504
- C:\Windows\System\OdddbBx.exe
  C:\Windows\System\OdddbBx.exe
  2⤵
  PID:4288
- C:\Windows\System\SDsRmuG.exe
  C:\Windows\System\SDsRmuG.exe
  2⤵
  PID:7360
- C:\Windows\System\fBEkxUJ.exe
  C:\Windows\System\fBEkxUJ.exe
  2⤵
  PID:8200
- C:\Windows\System\WyGWzlA.exe
  C:\Windows\System\WyGWzlA.exe
  2⤵
  PID:572
- C:\Windows\System\oHWozts.exe
  C:\Windows\System\oHWozts.exe
  2⤵
  PID:908
- C:\Windows\System\hgMCdAZ.exe
  C:\Windows\System\hgMCdAZ.exe
  2⤵
  PID:8440
- C:\Windows\System\IThOgFL.exe
  C:\Windows\System\IThOgFL.exe
  2⤵
  PID:8424
- C:\Windows\System\hMZVWnk.exe
  C:\Windows\System\hMZVWnk.exe
  2⤵
  PID:8840
- C:\Windows\System\CeShatl.exe
  C:\Windows\System\CeShatl.exe
  2⤵
  PID:8916
- C:\Windows\System\WUkNyFH.exe
  C:\Windows\System\WUkNyFH.exe
  2⤵
  PID:2056
- C:\Windows\System\IMsBNCM.exe
  C:\Windows\System\IMsBNCM.exe
  2⤵
  PID:8724
- C:\Windows\System\cuOZpiQ.exe
  C:\Windows\System\cuOZpiQ.exe
  2⤵
  PID:8448
- C:\Windows\System\LOeJopJ.exe
  C:\Windows\System\LOeJopJ.exe
  2⤵
  PID:9168
- C:\Windows\System\XdhWOMj.exe
  C:\Windows\System\XdhWOMj.exe
  2⤵
  PID:9200
- C:\Windows\System\mhCBxOi.exe
  C:\Windows\System\mhCBxOi.exe
  2⤵
  PID:8964
- C:\Windows\System\iTSKZTT.exe
  C:\Windows\System\iTSKZTT.exe
  2⤵
  PID:932
- C:\Windows\System\EDvPFCG.exe
  C:\Windows\System\EDvPFCG.exe
  2⤵
  PID:9148
- C:\Windows\System\PrSntQh.exe
  C:\Windows\System\PrSntQh.exe
  2⤵
  PID:2492
- C:\Windows\System\YuhioTP.exe
  C:\Windows\System\YuhioTP.exe
  2⤵
  PID:1676
- C:\Windows\System\GurFVts.exe
  C:\Windows\System\GurFVts.exe
  2⤵
  PID:9160
- C:\Windows\System\LTwtMtO.exe
  C:\Windows\System\LTwtMtO.exe
  2⤵
  PID:8264
- C:\Windows\System\aXUMNUs.exe
  C:\Windows\System\aXUMNUs.exe
  2⤵
  PID:1864
- C:\Windows\System\rjeAend.exe
  C:\Windows\System\rjeAend.exe
  2⤵
  PID:8932
- C:\Windows\System\iTwZtsb.exe
  C:\Windows\System\iTwZtsb.exe
  2⤵
  PID:408
- C:\Windows\System\whgamTe.exe
  C:\Windows\System\whgamTe.exe
  2⤵
  PID:8228
- C:\Windows\System\qvfCQHS.exe
  C:\Windows\System\qvfCQHS.exe
  2⤵
  PID:8380
- C:\Windows\System\GUeTBCX.exe
  C:\Windows\System\GUeTBCX.exe
  2⤵
  PID:8740
- C:\Windows\System\nXslAaz.exe
  C:\Windows\System\nXslAaz.exe
  2⤵
  PID:9080
- C:\Windows\System\vXaOcjC.exe
  C:\Windows\System\vXaOcjC.exe
  2⤵
  PID:536
- C:\Windows\System\aqzRjSO.exe
  C:\Windows\System\aqzRjSO.exe
  2⤵
  PID:8624
- C:\Windows\System\DWfwsqB.exe
  C:\Windows\System\DWfwsqB.exe
  2⤵
  PID:8504
- C:\Windows\System\cpkVMaM.exe
  C:\Windows\System\cpkVMaM.exe
  2⤵
  PID:8344
- C:\Windows\System\LdNmOli.exe
  C:\Windows\System\LdNmOli.exe
  2⤵
  PID:876
- C:\Windows\System\xGntDpH.exe
  C:\Windows\System\xGntDpH.exe
  2⤵
  PID:7536
- C:\Windows\System\FnRHOPW.exe
  C:\Windows\System\FnRHOPW.exe
  2⤵
  PID:9140
- C:\Windows\System\yDnmEJH.exe
  C:\Windows\System\yDnmEJH.exe
  2⤵
  PID:2308
- C:\Windows\System\PEiKhji.exe
  C:\Windows\System\PEiKhji.exe
  2⤵
  PID:9228
- C:\Windows\System\YuJpZoq.exe
  C:\Windows\System\YuJpZoq.exe
  2⤵
  PID:9244
- C:\Windows\System\fgmTCJD.exe
  C:\Windows\System\fgmTCJD.exe
  2⤵
  PID:9260
- C:\Windows\System\BaInNEN.exe
  C:\Windows\System\BaInNEN.exe
  2⤵
  PID:9276
- C:\Windows\System\AoKcEfp.exe
  C:\Windows\System\AoKcEfp.exe
  2⤵
  PID:9292
- C:\Windows\System\HhdQtsn.exe
  C:\Windows\System\HhdQtsn.exe
  2⤵
  PID:9308
- C:\Windows\System\oUqsNGV.exe
  C:\Windows\System\oUqsNGV.exe
  2⤵
  PID:9324
- C:\Windows\System\XiziDdg.exe
  C:\Windows\System\XiziDdg.exe
  2⤵
  PID:9364
- C:\Windows\System\adrzHej.exe
  C:\Windows\System\adrzHej.exe
  2⤵
  PID:9380
- C:\Windows\System\rDdlBAf.exe
  C:\Windows\System\rDdlBAf.exe
  2⤵
  PID:9400
- C:\Windows\System\UJZKRuV.exe
  C:\Windows\System\UJZKRuV.exe
  2⤵
  PID:9468
- C:\Windows\System\qriBbvM.exe
  C:\Windows\System\qriBbvM.exe
  2⤵
  PID:9484
- C:\Windows\System\MAFASDK.exe
  C:\Windows\System\MAFASDK.exe
  2⤵
  PID:9504
- C:\Windows\System\DqLHzOu.exe
  C:\Windows\System\DqLHzOu.exe
  2⤵
  PID:9524
- C:\Windows\System\ddPRjgr.exe
  C:\Windows\System\ddPRjgr.exe
  2⤵
  PID:9544
- C:\Windows\System\huazZEy.exe
  C:\Windows\System\huazZEy.exe
  2⤵
  PID:9568
- C:\Windows\System\raHqvwM.exe
  C:\Windows\System\raHqvwM.exe
  2⤵
  PID:9584
- C:\Windows\System\iqxvWkm.exe
  C:\Windows\System\iqxvWkm.exe
  2⤵
  PID:9604
- C:\Windows\System\jwwVUtv.exe
  C:\Windows\System\jwwVUtv.exe
  2⤵
  PID:9624
- C:\Windows\System\WQsjjTu.exe
  C:\Windows\System\WQsjjTu.exe
  2⤵
  PID:9640
- C:\Windows\System\DBEKYtE.exe
  C:\Windows\System\DBEKYtE.exe
  2⤵
  PID:9656
- C:\Windows\System\pijIgvS.exe
  C:\Windows\System\pijIgvS.exe
  2⤵
  PID:9672
- C:\Windows\System\IAylDjX.exe
  C:\Windows\System\IAylDjX.exe
  2⤵
  PID:9688
- C:\Windows\System\pPaeQXr.exe
  C:\Windows\System\pPaeQXr.exe
  2⤵
  PID:9704
- C:\Windows\System\IWlRHPo.exe
  C:\Windows\System\IWlRHPo.exe
  2⤵
  PID:9720
- C:\Windows\System\eWekNux.exe
  C:\Windows\System\eWekNux.exe
  2⤵
  PID:9740
- C:\Windows\System\ouemKBF.exe
  C:\Windows\System\ouemKBF.exe
  2⤵
  PID:9764
- C:\Windows\System\xgPPisi.exe
  C:\Windows\System\xgPPisi.exe
  2⤵
  PID:9780
- C:\Windows\System\ZHoyZYR.exe
  C:\Windows\System\ZHoyZYR.exe
  2⤵
  PID:9796
- C:\Windows\System\XOMsXjg.exe
  C:\Windows\System\XOMsXjg.exe
  2⤵
  PID:9812
- C:\Windows\System\qwepQUF.exe
  C:\Windows\System\qwepQUF.exe
  2⤵
  PID:9828
- C:\Windows\System\rWHNlAH.exe
  C:\Windows\System\rWHNlAH.exe
  2⤵
  PID:9844
- C:\Windows\System\IZfWYym.exe
  C:\Windows\System\IZfWYym.exe
  2⤵
  PID:9860
- C:\Windows\System\ajXYQNS.exe
  C:\Windows\System\ajXYQNS.exe
  2⤵
  PID:9876
- C:\Windows\System\EdSOoap.exe
  C:\Windows\System\EdSOoap.exe
  2⤵
  PID:9896
- C:\Windows\System\UelLVEB.exe
  C:\Windows\System\UelLVEB.exe
  2⤵
  PID:9912
- C:\Windows\System\DsliNPm.exe
  C:\Windows\System\DsliNPm.exe
  2⤵
  PID:9928
- C:\Windows\System\VQoTXxb.exe
  C:\Windows\System\VQoTXxb.exe
  2⤵
  PID:9944
- C:\Windows\System\CxhRmyY.exe
  C:\Windows\System\CxhRmyY.exe
  2⤵
  PID:9960
- C:\Windows\System\yKFVcNl.exe
  C:\Windows\System\yKFVcNl.exe
  2⤵
  PID:9976
- C:\Windows\System\OhTelMT.exe
  C:\Windows\System\OhTelMT.exe
  2⤵
  PID:9992
- C:\Windows\System\LxYJAFK.exe
  C:\Windows\System\LxYJAFK.exe
  2⤵
  PID:10008
- C:\Windows\System\dSaCTYL.exe
  C:\Windows\System\dSaCTYL.exe
  2⤵
  PID:10048
- C:\Windows\System\nkaaFiF.exe
  C:\Windows\System\nkaaFiF.exe
  2⤵
  PID:10064
- C:\Windows\System\IKRaGAX.exe
  C:\Windows\System\IKRaGAX.exe
  2⤵
  PID:10080
- C:\Windows\System\otMeRAk.exe
  C:\Windows\System\otMeRAk.exe
  2⤵
  PID:10096
- C:\Windows\System\iprlMry.exe
  C:\Windows\System\iprlMry.exe
  2⤵
  PID:10112
- C:\Windows\System\uWCrqmH.exe
  C:\Windows\System\uWCrqmH.exe
  2⤵
  PID:10128
- C:\Windows\System\gttkaHW.exe
  C:\Windows\System\gttkaHW.exe
  2⤵
  PID:10144
- C:\Windows\System\nPdUWiK.exe
  C:\Windows\System\nPdUWiK.exe
  2⤵
  PID:10160
- C:\Windows\System\uycWjGF.exe
  C:\Windows\System\uycWjGF.exe
  2⤵
  PID:10176
- C:\Windows\System\YxNaJae.exe
  C:\Windows\System\YxNaJae.exe
  2⤵
  PID:10192
- C:\Windows\System\pfFCMmM.exe
  C:\Windows\System\pfFCMmM.exe
  2⤵
  PID:10208
- C:\Windows\System\lXTxAQI.exe
  C:\Windows\System\lXTxAQI.exe
  2⤵
  PID:10224
- C:\Windows\System\PqtlQnI.exe
  C:\Windows\System\PqtlQnI.exe
  2⤵
  PID:9252
- C:\Windows\System\wzJLsgp.exe
  C:\Windows\System\wzJLsgp.exe
  2⤵
  PID:9288
- C:\Windows\System\HMRAwSe.exe
  C:\Windows\System\HMRAwSe.exe
  2⤵
  PID:8844
- C:\Windows\System\YcRHYAT.exe
  C:\Windows\System\YcRHYAT.exe
  2⤵
  PID:9184
- C:\Windows\System\lBAFMfy.exe
  C:\Windows\System\lBAFMfy.exe
  2⤵
  PID:9348
- C:\Windows\System\WbQCbOd.exe
  C:\Windows\System\WbQCbOd.exe
  2⤵
  PID:9372
- C:\Windows\System\hzQyULj.exe
  C:\Windows\System\hzQyULj.exe
  2⤵
  PID:9332
- C:\Windows\System\ZtSSoLx.exe
  C:\Windows\System\ZtSSoLx.exe
  2⤵
  PID:9336
- C:\Windows\System\YMnMuti.exe
  C:\Windows\System\YMnMuti.exe
  2⤵
  PID:9388
- C:\Windows\System\lDmnBZE.exe
  C:\Windows\System\lDmnBZE.exe
  2⤵
  PID:9412
- C:\Windows\System\HocMsuW.exe
  C:\Windows\System\HocMsuW.exe
  2⤵
  PID:9436
- C:\Windows\System\XIiMXqO.exe
  C:\Windows\System\XIiMXqO.exe
  2⤵
  PID:9444
- C:\Windows\System\VOzeWzd.exe
  C:\Windows\System\VOzeWzd.exe
  2⤵
  PID:9464
- C:\Windows\System\zkPLfbx.exe
  C:\Windows\System\zkPLfbx.exe
  2⤵
  PID:9500
- C:\Windows\System\XVDfmxN.exe
  C:\Windows\System\XVDfmxN.exe
  2⤵
  PID:9516
- C:\Windows\System\WHCnvfU.exe
  C:\Windows\System\WHCnvfU.exe
  2⤵
  PID:9592
- C:\Windows\System\XUxaAmY.exe
  C:\Windows\System\XUxaAmY.exe
  2⤵
  PID:9580
- C:\Windows\System\kYCanur.exe
  C:\Windows\System\kYCanur.exe
  2⤵
  PID:9668
- C:\Windows\System\MwSeHDN.exe
  C:\Windows\System\MwSeHDN.exe
  2⤵
  PID:9620
- C:\Windows\System\LodMMvX.exe
  C:\Windows\System\LodMMvX.exe
  2⤵
  PID:9760
- C:\Windows\System\wkqNJME.exe
  C:\Windows\System\wkqNJME.exe
  2⤵
  PID:9904
- C:\Windows\System\eioyoSN.exe
  C:\Windows\System\eioyoSN.exe
  2⤵
  PID:9652
- C:\Windows\System\PwfTkTF.exe
  C:\Windows\System\PwfTkTF.exe
  2⤵
  PID:9756
- C:\Windows\System\LUNRmTJ.exe
  C:\Windows\System\LUNRmTJ.exe
  2⤵
  PID:9852
- C:\Windows\System\PBGPUbD.exe
  C:\Windows\System\PBGPUbD.exe
  2⤵
  PID:9892
- C:\Windows\System\vSorstb.exe
  C:\Windows\System\vSorstb.exe
  2⤵
  PID:9956
- C:\Windows\System\lrhauhW.exe
  C:\Windows\System\lrhauhW.exe
  2⤵
  PID:10020
- C:\Windows\System\FdIMmmb.exe
  C:\Windows\System\FdIMmmb.exe
  2⤵
  PID:9968
- C:\Windows\System\cLGOcNc.exe
  C:\Windows\System\cLGOcNc.exe
  2⤵
  PID:10000
- C:\Windows\System\Gvcqnbx.exe
  C:\Windows\System\Gvcqnbx.exe
  2⤵
  PID:10092
- C:\Windows\System\CSTTRII.exe
  C:\Windows\System\CSTTRII.exe
  2⤵
  PID:10156
- C:\Windows\System\BRzRSrC.exe
  C:\Windows\System\BRzRSrC.exe
  2⤵
  PID:10188
- C:\Windows\System\TNXkQkv.exe
  C:\Windows\System\TNXkQkv.exe
  2⤵
  PID:9224
- C:\Windows\System\VRvwtgl.exe
  C:\Windows\System\VRvwtgl.exe
  2⤵
  PID:9048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\FoVAdec.exe

Filesize
6.0MB

MD5
42fcd453661f30388a4a21cc47fc5398

SHA1
e0b29e711a0b04c0a9ec8eea05fb1e337ee5b54d

SHA256
362669747d3ada6c6a09d4cc21c73879a35050a61cf5fc96d049de0ceb59d90a

SHA512
ace6b1501582f646b1ccc8e1cc045453dacc134f7c4deb832c839d69288fc0978fc71fb90efe23e27242a1caf44e220823beee9cfe070df8292acae9c9ace888

Download Submit
C:\Windows\system\GEKFlCQ.exe

Filesize
6.0MB

MD5
ee6f88ebd5ef7c4ba251234201d8972c

SHA1
d5d1107c20d009b2320e54789d74632a0622c60e

SHA256
d20b5284c6fdab2a141844d5e6bc34be1b83ee19b2d2426ecaa4ebd64fef659a

SHA512
69e71627b264a53d9ae92df4bf162257398042382c357a3aa3c15b4f4e44f760b42d91a3bb8fd09998da02ed951cf3a632406fe08869f1a59a2691a7ba1a3158

Download Submit
C:\Windows\system\HixLPaC.exe

Filesize
6.0MB

MD5
7e0e9613e174207cb0cb6c652cff0f46

SHA1
547c01738d73277cd3835c1093d67ba94b89b372

SHA256
c35327bbaa0f7606aa897460800641a526e601ad969252b462c380f33af39d46

SHA512
ded49e048e2466ce18a30610d349b140221ac23b61dfad765c06043eaa25027dda6029a2ae6b45b5b78e9f2b4ba2e74c08135a70f240571f21d49f23cd9fe084

Download Submit
C:\Windows\system\HjSRhUT.exe

Filesize
6.0MB

MD5
17d0afcb4d1765fbfcb5d08d2041e9cf

SHA1
b2f73d81f8d3e29093d77bd0b594c25074e0a8a1

SHA256
6ecfea969d7aae8c960282896058f4a675a8284b46fb7801487258df43330549

SHA512
324a31ea10d0c796cde2efb65fbd326d559f39fab6df0a0d1486d258a88d9c4ba9b99555e067ae45341752203684b77d419083b9e0a8b0ca9174b0e41da3128c

Download Submit
C:\Windows\system\JrduXJz.exe

Filesize
6.0MB

MD5
6de2619f6ad4e453bfae76d74b1ae3c9

SHA1
f965a4cdd62a482ff70c404caee3130007364086

SHA256
3ec93e1aa5be23bd9634c9148dbf54554bd8073d2e77648ebbb3a77cb5b9db74

SHA512
0b59d0a64a8009ee4352c37816aa3d11241abced17f307ab669f66f09214b51c60b01797fcfccfdedcf982967dc51acaa926850e19510c5d58d0c0a411d7aedd

Download Submit
C:\Windows\system\MXOAjeP.exe

Filesize
6.0MB

MD5
77d2899317153c6e794537aaf5091382

SHA1
41510ff3336d76ffb5b647056d487f92dea31681

SHA256
fcf4d3141edad02857542c6e362381fead363f73612d8433e2339ac9bbf658ca

SHA512
0f1e8f8f92cf2f4897d793536aac2c137ae30401f59d5fd68b8e7b8b86e4fd7725734a5135d12db1048a856991ef1ccf0828a05508547ded4fdd4273e85c23ec

Download Submit
C:\Windows\system\NDOEHKi.exe

Filesize
6.0MB

MD5
9d12af23af6033936bc7882f03ac1b80

SHA1
f28b993ba13ba70d356a1b8c94aa3ab08d0158b2

SHA256
aeb8d73db79f15f03bc4200bd8cf7601a9bd00788acd051dbce52d7d618b639d

SHA512
9902870fabfd007ad8f23b233cde96788fe09f38a5e4bd0213652081cfd9ddf9267cf2276de5f31d895f347c0143736749b830ec684c1ab824f883c41db1ca5d

Download Submit
C:\Windows\system\VYIvvaN.exe

Filesize
6.0MB

MD5
72f6c757d8e8e2e8563ff1d6c146270d

SHA1
8e54842637e497dea8d8d66a2aaf261ea8ba41f2

SHA256
97448f7b9ddfd5a62930ebd548c0950cad94f569e3704bd1be6ca6fb53aca17b

SHA512
f9d4a3acaae6e5b274b739da0715073f05d2842398ec1705a5c4448f23bccf6a0cda4930912d598a5c225701ab35b49a4e6e74d2f93f907ca6b23c3afa525ab5

Download Submit
C:\Windows\system\aEZTklT.exe

Filesize
6.0MB

MD5
ce5bf84ccee7341cf39bc3510951e50a

SHA1
3a429b389d2c4205c06042d834918110df0090c3

SHA256
b26a600c16e8d8d0e0c32e1f8d18b0603e02b6fabba0798c89d8b162630a3f24

SHA512
a913799455f12b9be788ab2c72dd2b383fb2fb811cfc51e7d6357b2f7a2943e7bb21c2f6a4bbd924bf7cf808415e5423f8ab5fa6e5d15b1f51275abc164b8e42

Download Submit
C:\Windows\system\azhuTjX.exe

Filesize
6.0MB

MD5
208b4eea8e6fe6f2675c854e127bb078

SHA1
c9e984941654affe97475667c5d5fb95ac866d34

SHA256
5cb9fce495786cd325dcfc42b2679ce484cbfdbd51bd8f94750704c0a43193b6

SHA512
c38c906556af376f4eab72d2409ca14eb65d5e62efca2000ea7fd774807589cee50b629ef654362498bfa989b729e77108e91de77ba5152b8781e9e2240ca8d6

Download Submit
C:\Windows\system\ciFxOBP.exe

Filesize
6.0MB

MD5
3aaf25251b092a535cba02175f668f6e

SHA1
1ab851debf6ab94811408c1269792415327fdfe2

SHA256
797cbe4f81f33da7fa28d641c8c6b3ae4bdbfe05d411d3e2e9d445317f7f3d02

SHA512
1a13e68cec9fc50454a3a24766de3ff53adcf4a8da6a58b1bee6ff4acb4081d388218ee001dc1dbe55b477aa72c0c42ade472d1a4c65024187438b808dd2a016

Download Submit
C:\Windows\system\clqKoDd.exe

Filesize
6.0MB

MD5
0775b5ed2b9927aa81f2950cd578a0b6

SHA1
cc6559592129dc139a4a2441cc6250360dd5dfd2

SHA256
b6fec70ade90ad3d722dadfe5181e067131edad1937c2c169fd8a7eba558b507

SHA512
f147ad3028977aa7645c3ecc533f97d58254a99490b093d60a78f8346d9579515dfc27cb70b0f1db0bff4e180904c2d207cc9bea20f0823e980fc37f4dbdbecb

Download Submit
C:\Windows\system\jODxDAK.exe

Filesize
6.0MB

MD5
176e08f951c4b482babbfd922ca9b90b

SHA1
93e70ed235de215675742441856b7356484e6d6a

SHA256
aa803b7561a07bafea05955258a5cd5b96d7e6315e6e32a4000c34d47aeddec1

SHA512
156584add555060b1f03abc06da306c8985425d6c78465124bbe34aba948120ac33551a7af00f1b648279e85c0e194c158b75c02492978ab6a5380f1a8ab9dbb

Download Submit
C:\Windows\system\jkHtOWd.exe

Filesize
6.0MB

MD5
e0d467ca2b077da8df0dc2c921154a3f

SHA1
6a1d9193597cbb8ebec506ff72ff42ca9d32f197

SHA256
aa615494963c19597ab6a66b93b7f51ad18a6d24cbae2aa3832fc68f335a5e9c

SHA512
ae3d0bc10d943b4e38423da8c8f1fe84288b500a759ee07e2763e5e2adcc420918992f66e8dfc0d99b5a8133c773db94fef4f04e4b4e4b653d565afa6b83eee9

Download Submit
C:\Windows\system\jwpRlId.exe

Filesize
6.0MB

MD5
85440d92f081d41ecf219a821ec5593e

SHA1
fecdc1c9abb35ff0d120e31d137880ea933e65e9

SHA256
9dbcc7b9dd80f7700ec5c8ef35fafddcc8acb728191bb2727f205f1a88d985ff

SHA512
ceb21e63a387221bd6e664244afa5d2d4dc478f01f9678846f4e53eba1ba2eff5fc842b8d6894a01e8df0261fb406f9538e6a8e5e1f2080afe703621423ec5b6

Download Submit
C:\Windows\system\lEzelGE.exe

Filesize
6.0MB

MD5
3779408d7fbb891b3a250e32e8a5ac12

SHA1
e7742e71ca75f10bbc2823320a934cce55bd6c46

SHA256
5c79c63d30d5289dc5f584c292b4ee18fc1210143b0d0c5ad4ac9d3ad3146a44

SHA512
d74a49e6337e14d64673095fd3e9d1e9bb41c395f049516cfed5f35a798146d19ac476237984ba5df9e528ceae0216a5e1d0f5bf540c300c8b6bb3de4465b1dd

Download Submit
C:\Windows\system\leSzzjS.exe

Filesize
6.0MB

MD5
7a48f575d046ce3fdcce06739dd28422

SHA1
4ee524cbb8f20f23be34dcde0ce4257caf59cc8a

SHA256
d698be5b5445cdaef34a3c5e002b940341732253931f3b5f121e5fde5175a078

SHA512
7ecc3b3547a71d7db1c3e7c326fd44a26116935c87479fcec3e418896e4f1b8754b3fee3dd7faecaeb095ee362c0501809bd8fce9915231ff9c10f6da4343855

Download Submit
C:\Windows\system\lmnLhCe.exe

Filesize
6.0MB

MD5
df396e68e3ed50804926a462c7c9c094

SHA1
9ad539a857c7f50bc0c5171a52791b3fcca4be4f

SHA256
bb7d050ec039ab7b391b4d7c988c38d6268c97d4574b508032f87c32bbf9f0e2

SHA512
0f563305cc452925d8df2ada7bfd03bc606d72187164d2536c3b8ff3469a09b7f0ea10577e66421d45f7ed6cf2ca6c589bda79a3580b322909f547a19a56637a

Download Submit
C:\Windows\system\loRnCBC.exe

Filesize
6.0MB

MD5
ff94e9097e8cfd703547619fcb5c725e

SHA1
46fa0274dcf3aff01ba17dc9d1c11343e622473b

SHA256
f9df34f88250f7d5a9c451c5329a691c53bcc2a157f5f1c6d15c43693481bfc0

SHA512
1e1362c99117577ee5a9f4d2399fee7669728038864b8cb3f097a654fec4c55d2ba9f114acb941e76e274b1c7292d759eb41476f1756bb56304b5eaa899acad1

Download Submit
C:\Windows\system\mdZEApb.exe

Filesize
6.0MB

MD5
608ce26d3f0034912c234f08fb0fec24

SHA1
427bb2e85844dc6a45fdaff023243df35a26c365

SHA256
54571e4fb54c88c7be71c1305576216fd1f711b93a5dfdc073fcbdf79b7a020d

SHA512
7159a77545806a011e3b3197669f5f292b4b3add301b71998dd39a122c93a2addc01c67bf74e2b27c1a037c33aafbdf2f16ab87c28bfe24d10e02493925bb65b

Download Submit
C:\Windows\system\mwQNzbl.exe

Filesize
6.0MB

MD5
ce3857e74383658aca0443905a4450cf

SHA1
c6da2359f432f63606e147837edff3bcdddd49cb

SHA256
ac09473bbcef78ff020c06f24e7d8f44f5ec3cd96953792ae9c695bedafb5555

SHA512
b76536544e9089ac5bf815aa7e3fd53601832d6df920a4ab4e3b43247dec362bf5b8dd8da820b68415077356bba2516e509a782037d0831ed337dcb63d16dd11

Download Submit
C:\Windows\system\nTITAtN.exe

Filesize
6.0MB

MD5
1ab635393bfebe471bbb8b71c498c888

SHA1
dc976fd181182ac033b39be133a72ae0de6d6b9f

SHA256
9ead6a973362e12447cc0bde3d925360c81185af4b4c9c0eb6fcd490ad2963cb

SHA512
3e2c26a882322da47b4e82ec6e1fd6640db191366d69ea8a6dbc5c54cbac46a8d365a9bd90dfbdffe3e964317e01eecf92e5361729e9bcea4e0e82af2dc24af2

Download Submit
C:\Windows\system\oQijWie.exe

Filesize
6.0MB

MD5
81bf8566abb7c5e55d4a239d8ae7d169

SHA1
d2aac646adcf0bf3d553651af896b57852512e88

SHA256
fad8e6d2ebeadda51cceb522a330cd7ed3383145b94f98d905dbb4d088531979

SHA512
b93a08d8e04d5f275c940ba45e7677f441515c99f1dbc8199b89a4af3e30faec4e7f81557f2955100860f2246a1fbfc64d72e5b61c183852434dc680da053a8c

Download Submit
C:\Windows\system\qRkZIUm.exe

Filesize
6.0MB

MD5
f8d0efd911d8696ecbbcd89acf4a73bd

SHA1
48aaa68a9faee65b702f2c69709ac71f79858c9a

SHA256
50ef3a409e1b7de373c5b0a196c57cd959267f7c3c818cb92809ce469161448c

SHA512
3e960b792a87b264925f26868382166ef08e2a00a6c6e2a1540b1c0c18e137c104f50bf9fd57918423b2afab452a9ded3290a3f33e6150e89d6baf9e3f2cf9b0

Download Submit
C:\Windows\system\sgJgPdM.exe

Filesize
6.0MB

MD5
d100049f1bd13c306258091788aec8e8

SHA1
9e7c3150fe6147cf8249d04264ddd2e99cd392f2

SHA256
497643ff078e5106b2941ef9d2fa2903109bc787465347ef8ce7a6e664aa4caa

SHA512
5ff4ee2cdbcfe0f3136e61b3843ca23fceb6952f8ad150896b287ff9fac15aea496b0dd0869d077b2d5499f03e763e0c403e00a315cbbde4db959ab38e74cb6f

Download Submit
C:\Windows\system\wiEfepF.exe

Filesize
6.0MB

MD5
5eb10836114ba918106c90237f578c66

SHA1
c7550e2bc83725fc433dd52c515c3d9e2d61cb87

SHA256
be21a40bee51b1ce592a8eda1e0af841e331bc73a31850478643b5746df71026

SHA512
070764ae4558cc38a5b616e631507046fe2c49df6e0f9f7ba5c9bc9bc89b29464ce48ae60d0d01fdfa289bcd26d3d8532884530106fe136835e292f4bc227d70

Download Submit
C:\Windows\system\zHdgPZr.exe

Filesize
6.0MB

MD5
90cc976e040d048cdf47a3e8409060d0

SHA1
d7ae88e199b76d48af94d74f1cf91355223200b2

SHA256
b54c9e91fe717747a3ecb795e6738604dda947d4b8f7899f4d8cb6579835216d

SHA512
8181c13d71ea6a4ca409c695f8892029964c0b906c45049ce1aca18e08ee0e88f7e881c48b04d19bef60bcc5afa021eeed25b9ed543c71659c2acfb249fa9acb

Download Submit
\Windows\system\EJXoaCe.exe

Filesize
6.0MB

MD5
4055bc2f7af90146865c3942e6a48fb6

SHA1
fde830cbc7ce142f69c1bc52236a79f1b5ff3a2b

SHA256
219eea1a0f4b036d33e366aae99680535ba36c9693d757f25edfde63b61abac0

SHA512
fcedca0ed4d85588cac4cf9f8cf7a7038741b5d2805a7e3ab6368b3f27a06c97dfac5ff0edb4e5cf493a3d6ccad0a25b84a6846be562186da0837878b2c0428a

Download Submit
\Windows\system\RyGAesU.exe

Filesize
6.0MB

MD5
2054cb217a0dd48419ef5e199b0ac655

SHA1
348cef2a35143193f3635b652655149d5f6a7605

SHA256
5812522521730a79e37957a8f1b1eae50632781157fba706676f54c965418e57

SHA512
450379b987160a826197cd62e6fae4e4038490cc0a57836fb0b73e277229609dcb3a1a1bdeb9670a688bb36e9ec66500f3855c13806f771afaf6910c2c0b1749

Download Submit
\Windows\system\VuEPbyl.exe

Filesize
6.0MB

MD5
98494cf7b21805068ec5d99812122c39

SHA1
3e53d8dc7725c983424036aa505fb3b664eaf95f

SHA256
b82f983ba24285243014cf14a503ec3191a7027b4cc27c70540ecd4cfdf5fd39

SHA512
d7e93957377c80e419e42a6e8a13ef90b150c686e7d96443a1155fc47ed2b26c645a62995f20e91dde796ff7841807f38f9abc9fae9ccec37842487234117135

Download Submit
\Windows\system\XRQvyEB.exe

Filesize
6.0MB

MD5
541bfb57bb9d90d00f038722bfad6fe8

SHA1
933ba07472678a9d89d9ba19d4be90fb76a8acca

SHA256
2882b801c45fe8f690ce4e0280898a45b6a526bb4d73706ccc9a05c60a801903

SHA512
fb85b3e13b2ea6826c92ac6ae786287749b471344eb4af70627f0613b41765550d78f3b4d1e89f29227f92fa477e0567c7e00a188ec7c3317ec83d82524b8be9

Download Submit
\Windows\system\gNeaPGZ.exe

Filesize
6.0MB

MD5
2e3ede978012b024f155c9834c4b1372

SHA1
a51e8c8d38f1bb1dc393f502bb328d30ded380fd

SHA256
23c0517c60b793b74d70b7952703d2b959de4972ed3937f0992be4c389074743

SHA512
7acdeda927200e54d5cd9fa3e9107a38d920bfe0452b4e1f728fe06ccb66d50879383014ba8a800a38d360424ac4f58478389892c451ce7c3f61f38aad3fdb8e

Download Submit
\Windows\system\mqnzOAu.exe

Filesize
6.0MB

MD5
a43cc3b2f56dc864f4edd4031b5bc51e

SHA1
4091662565540cdd2c9013cabe020c196dd2da9f

SHA256
90fe58791e1bc1f6e2cc096cebaa0103ad7264cde6a8d67af73f2144db55d7a3

SHA512
c153b0dad65f0600cd379614d1e51c63dd905574864b251f3a2d1a7dd88c0c13222d15956b7c3329c0f1b7ec69b044f6986990151e55367ef1f6f744f44ac828

Download Submit
memory/584-1079-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/584-105-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/584-4201-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1160-953-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1160-4185-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-4187-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-89-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-705-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-4176-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2320-68-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2480-4184-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2480-70-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2480-111-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2528-4182-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2528-9-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2532-4189-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2532-51-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2572-27-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2572-4180-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2648-58-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-4202-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-21-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-270-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-74-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-4200-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-84-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2772-4203-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2772-50-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2796-115-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-63-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-42-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2796-88-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2796-67-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-97-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2796-47-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2796-35-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2796-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/2796-98-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2796-25-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2796-0-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2796-23-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-591-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-1078-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2796-13-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-2698-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-8-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2796-388-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2796-79-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2796-64-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2796-38-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2796-60-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2804-37-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2804-4183-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2808-4188-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2808-29-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2808-73-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2888-81-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2888-4186-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2888-516-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download