cobaltstrike | 7657fc9a735a6f7faf9fca6f6e9ae6895e2d2d9e495e59f54e16a752b9c44419

Analysis

max time kernel
146s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 05:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b4db8ec940502c376017460de72eb186
SHA1

53c3db8c444b6a94ee036d20d6793409a48dfe9e
SHA256

7657fc9a735a6f7faf9fca6f6e9ae6895e2d2d9e495e59f54e16a752b9c44419
SHA512

94303e0139782cbe3505ab82732f32a1010b279971be1c7731e067c3df805f9076465a303c98c1475c8d97cf5a567e97e94dc3eec43b82886af62bc4ff055d2b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUn:T+q56utgpPF8u/7n

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00070000000120fc-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019394-8.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b8-21.dat	cobalt_reflective_dll
behavioral1/files/0x0031000000018bbf-28.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019490-55.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195bb-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a404-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a438-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44d-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47d-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a479-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a475-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47b-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a473-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46b-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a469-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a459-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a457-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44f-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-71.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194eb-61.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019489-38.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001948c-49.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019470-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2992-0-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x00070000000120fc-6.dat	xmrig
behavioral1/files/0x0008000000019394-8.dat	xmrig
behavioral1/memory/2992-12-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2956-15-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x00070000000193b8-21.dat	xmrig
behavioral1/files/0x0031000000018bbf-28.dat	xmrig
behavioral1/memory/2920-37-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2748-51-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019490-55.dat	xmrig
behavioral1/files/0x00070000000195bb-75.dat	xmrig
behavioral1/memory/2796-65-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2076-83-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x000500000001a404-109.dat	xmrig
behavioral1/files/0x000500000001a438-113.dat	xmrig
behavioral1/files/0x000500000001a44d-118.dat	xmrig
behavioral1/files/0x000500000001a463-134.dat	xmrig
behavioral1/files/0x000500000001a47d-173.dat	xmrig
behavioral1/memory/2076-330-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2236-918-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/3016-919-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/1824-921-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2920-920-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2956-1076-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2672-924-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/896-449-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2992-448-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/984-337-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a479-167.dat	xmrig
behavioral1/files/0x000500000001a475-160.dat	xmrig
behavioral1/files/0x000500000001a471-155.dat	xmrig
behavioral1/files/0x000500000001a47b-170.dat	xmrig
behavioral1/files/0x000500000001a46d-147.dat	xmrig
behavioral1/files/0x000500000001a477-166.dat	xmrig
behavioral1/files/0x000500000001a473-158.dat	xmrig
behavioral1/files/0x000500000001a46f-150.dat	xmrig
behavioral1/files/0x000500000001a46b-142.dat	xmrig
behavioral1/files/0x000500000001a469-139.dat	xmrig
behavioral1/files/0x000500000001a459-130.dat	xmrig
behavioral1/files/0x000500000001a457-126.dat	xmrig
behavioral1/files/0x000500000001a44f-122.dat	xmrig
behavioral1/files/0x000500000001a400-106.dat	xmrig
behavioral1/files/0x000500000001a3f8-94.dat	xmrig
behavioral1/memory/896-101-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3fd-100.dat	xmrig
behavioral1/memory/2992-99-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2748-91-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/984-89-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3ab-82.dat	xmrig
behavioral1/memory/2672-81-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/1936-79-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3f6-86.dat	xmrig
behavioral1/memory/2820-57-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2992-56-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2180-74-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2992-72-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a309-71.dat	xmrig
behavioral1/memory/1824-70-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/files/0x00080000000194eb-61.dat	xmrig
behavioral1/memory/2992-43-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2672-42-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x0006000000019489-38.dat	xmrig
behavioral1/files/0x000600000001948c-49.dat	xmrig
behavioral1/files/0x0007000000019470-33.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2236	pwUEnUL.exe
2956	VuEPZYj.exe
3016	dbLYiJL.exe
1824	MqnzHLC.exe
2920	sINiYPg.exe
2672	pmMXlqc.exe
2748	KMvZXFX.exe
2820	mzpxzdb.exe
2796	VfzBLJz.exe
2180	qlelOtq.exe
1936	lUzkyen.exe
2076	dlzHBcp.exe
984	daTEEAn.exe
896	cQDzphH.exe
2816	qVpLltq.exe
2128	IPcRUhd.exe
2444	pMtPkaN.exe
2108	NROyRND.exe
3032	zFGypEr.exe
2736	FbGVXtQ.exe
2504	wlFVTYn.exe
2932	rAmVALB.exe
1176	sYyQlzc.exe
1932	THqsfED.exe
2220	eZtfKbk.exe
2292	jqMCCHt.exe
2708	XsMZKZN.exe
2576	rJWLmIn.exe
396	TYhpPzV.exe
2520	fLfAlcJ.exe
1592	AfjAQMK.exe
1096	mxKDgyL.exe
760	KFqFwTK.exe
1724	mfDgxlJ.exe
2232	odbEtmb.exe
1076	mdIPqdN.exe
1900	rXbqjad.exe
1992	bEFOpmc.exe
792	GpHtQDP.exe
2724	RlAJzPZ.exe
1552	OLPnMUN.exe
676	JtUEFUH.exe
112	gSeBuRU.exe
1384	kXmqxLu.exe
2384	HIczyKF.exe
2028	qKWDWWt.exe
1848	iHpthej.exe
948	uxBwMCk.exe
1572	MWDNXAn.exe
2388	JHsZOdK.exe
776	TMPsXtM.exe
1768	wbbnmMG.exe
584	UJhZwQo.exe
2600	dmDMSUU.exe
2412	nkJRFmL.exe
1756	KkyHNqR.exe
2880	wZsMUxZ.exe
2168	KiUiwGU.exe
2764	QpyEALv.exe
2620	MuFiwvp.exe
2012	ZIRsISh.exe
3036	qsXQVKe.exe
2340	fXQAdxN.exe
2704	VZTqgaO.exe

Loads dropped DLL 64 IoCs

pid	Process
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2992-0-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x00070000000120fc-6.dat	upx
behavioral1/files/0x0008000000019394-8.dat	upx
behavioral1/memory/2956-15-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x00070000000193b8-21.dat	upx
behavioral1/files/0x0031000000018bbf-28.dat	upx
behavioral1/memory/2920-37-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2748-51-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x0006000000019490-55.dat	upx
behavioral1/files/0x00070000000195bb-75.dat	upx
behavioral1/memory/2796-65-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2076-83-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x000500000001a404-109.dat	upx
behavioral1/files/0x000500000001a438-113.dat	upx
behavioral1/files/0x000500000001a44d-118.dat	upx
behavioral1/files/0x000500000001a463-134.dat	upx
behavioral1/files/0x000500000001a47d-173.dat	upx
behavioral1/memory/2076-330-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2236-918-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/3016-919-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/1824-921-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2920-920-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2956-1076-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2672-924-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/896-449-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/984-337-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/files/0x000500000001a479-167.dat	upx
behavioral1/files/0x000500000001a475-160.dat	upx
behavioral1/files/0x000500000001a471-155.dat	upx
behavioral1/files/0x000500000001a47b-170.dat	upx
behavioral1/files/0x000500000001a46d-147.dat	upx
behavioral1/files/0x000500000001a477-166.dat	upx
behavioral1/files/0x000500000001a473-158.dat	upx
behavioral1/files/0x000500000001a46f-150.dat	upx
behavioral1/files/0x000500000001a46b-142.dat	upx
behavioral1/files/0x000500000001a469-139.dat	upx
behavioral1/files/0x000500000001a459-130.dat	upx
behavioral1/files/0x000500000001a457-126.dat	upx
behavioral1/files/0x000500000001a44f-122.dat	upx
behavioral1/files/0x000500000001a400-106.dat	upx
behavioral1/files/0x000500000001a3f8-94.dat	upx
behavioral1/memory/896-101-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/files/0x000500000001a3fd-100.dat	upx
behavioral1/memory/2748-91-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/984-89-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/files/0x000500000001a3ab-82.dat	upx
behavioral1/memory/2672-81-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/1936-79-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/files/0x000500000001a3f6-86.dat	upx
behavioral1/memory/2820-57-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2180-74-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x000500000001a309-71.dat	upx
behavioral1/memory/1824-70-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/files/0x00080000000194eb-61.dat	upx
behavioral1/memory/2992-43-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2672-42-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x0006000000019489-38.dat	upx
behavioral1/files/0x000600000001948c-49.dat	upx
behavioral1/files/0x0007000000019470-33.dat	upx
behavioral1/memory/1824-29-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/3016-24-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2236-16-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2748-1313-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2820-1433-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wlFVTYn.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XvFyEWk.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EZFyGTO.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfUTCaK.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LfAKFXp.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xBCPrfC.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JAuJrrG.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Juksdvs.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JcLJUiX.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iMfjJDg.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mJrOfAi.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XROfVfU.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OXpZzXP.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YOlAOTM.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQdIvls.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RgxKqqh.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jNqaVRD.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gkaRgJY.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFHHTzr.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKCtmbj.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AaByHKC.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JnFrMoX.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GIoUsXh.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qABUQAU.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SAUnAtq.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kERWadK.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sFudCpa.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OLPnMUN.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xvLFVXR.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HXqBDWy.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OgxncLT.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KkyHNqR.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RTeItdK.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TOwdUFF.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxhQuJo.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fjarFDg.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\egCHZnp.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vvYoRWf.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvONkrB.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FdTlPId.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PWqyMUl.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PdxFZFp.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FfNfuoC.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lisUmMJ.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OzkJILO.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qzfGzfO.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mdIPqdN.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dwHSXxt.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hYLTBvv.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pifxIaC.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JHsZOdK.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VZTqgaO.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rjXSUVs.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AOoyUbH.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UQhyHnc.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KYkVrlk.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZzzXQM.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUNRzqM.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XekFbIY.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dpIiTTz.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pCdNXYy.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bWliDZX.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\otfobyG.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cDkbXNK.exe	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 2236	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2992 wrote to memory of 2236	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2992 wrote to memory of 2236	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2992 wrote to memory of 2956	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2992 wrote to memory of 2956	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2992 wrote to memory of 2956	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2992 wrote to memory of 3016	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2992 wrote to memory of 3016	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2992 wrote to memory of 3016	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2992 wrote to memory of 1824	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2992 wrote to memory of 1824	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2992 wrote to memory of 1824	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2992 wrote to memory of 2920	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2992 wrote to memory of 2920	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2992 wrote to memory of 2920	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2992 wrote to memory of 2672	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2992 wrote to memory of 2672	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2992 wrote to memory of 2672	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2992 wrote to memory of 2748	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2992 wrote to memory of 2748	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2992 wrote to memory of 2748	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2992 wrote to memory of 2820	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2992 wrote to memory of 2820	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2992 wrote to memory of 2820	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2992 wrote to memory of 2796	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2992 wrote to memory of 2796	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2992 wrote to memory of 2796	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2992 wrote to memory of 1936	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2992 wrote to memory of 1936	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2992 wrote to memory of 1936	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2992 wrote to memory of 2180	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2992 wrote to memory of 2180	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2992 wrote to memory of 2180	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2992 wrote to memory of 2076	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2992 wrote to memory of 2076	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2992 wrote to memory of 2076	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2992 wrote to memory of 984	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2992 wrote to memory of 984	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2992 wrote to memory of 984	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2992 wrote to memory of 896	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2992 wrote to memory of 896	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2992 wrote to memory of 896	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2992 wrote to memory of 2816	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2992 wrote to memory of 2816	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2992 wrote to memory of 2816	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2992 wrote to memory of 2128	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2992 wrote to memory of 2128	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2992 wrote to memory of 2128	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2992 wrote to memory of 2444	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2992 wrote to memory of 2444	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2992 wrote to memory of 2444	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2992 wrote to memory of 2108	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2992 wrote to memory of 2108	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2992 wrote to memory of 2108	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2992 wrote to memory of 3032	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2992 wrote to memory of 3032	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2992 wrote to memory of 3032	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2992 wrote to memory of 2736	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2992 wrote to memory of 2736	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2992 wrote to memory of 2736	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2992 wrote to memory of 2504	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2992 wrote to memory of 2504	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2992 wrote to memory of 2504	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2992 wrote to memory of 2932	2992	2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-22_b4db8ec940502c376017460de72eb186_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Windows\System\pwUEnUL.exe
  C:\Windows\System\pwUEnUL.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\VuEPZYj.exe
  C:\Windows\System\VuEPZYj.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\dbLYiJL.exe
  C:\Windows\System\dbLYiJL.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\MqnzHLC.exe
  C:\Windows\System\MqnzHLC.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\sINiYPg.exe
  C:\Windows\System\sINiYPg.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\pmMXlqc.exe
  C:\Windows\System\pmMXlqc.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\KMvZXFX.exe
  C:\Windows\System\KMvZXFX.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\mzpxzdb.exe
  C:\Windows\System\mzpxzdb.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\VfzBLJz.exe
  C:\Windows\System\VfzBLJz.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\lUzkyen.exe
  C:\Windows\System\lUzkyen.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\qlelOtq.exe
  C:\Windows\System\qlelOtq.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\dlzHBcp.exe
  C:\Windows\System\dlzHBcp.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\daTEEAn.exe
  C:\Windows\System\daTEEAn.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\cQDzphH.exe
  C:\Windows\System\cQDzphH.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\qVpLltq.exe
  C:\Windows\System\qVpLltq.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\IPcRUhd.exe
  C:\Windows\System\IPcRUhd.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\pMtPkaN.exe
  C:\Windows\System\pMtPkaN.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\NROyRND.exe
  C:\Windows\System\NROyRND.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\zFGypEr.exe
  C:\Windows\System\zFGypEr.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\FbGVXtQ.exe
  C:\Windows\System\FbGVXtQ.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\wlFVTYn.exe
  C:\Windows\System\wlFVTYn.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\rAmVALB.exe
  C:\Windows\System\rAmVALB.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\sYyQlzc.exe
  C:\Windows\System\sYyQlzc.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\THqsfED.exe
  C:\Windows\System\THqsfED.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\eZtfKbk.exe
  C:\Windows\System\eZtfKbk.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\jqMCCHt.exe
  C:\Windows\System\jqMCCHt.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\XsMZKZN.exe
  C:\Windows\System\XsMZKZN.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\rJWLmIn.exe
  C:\Windows\System\rJWLmIn.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\TYhpPzV.exe
  C:\Windows\System\TYhpPzV.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\odbEtmb.exe
  C:\Windows\System\odbEtmb.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\fLfAlcJ.exe
  C:\Windows\System\fLfAlcJ.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\mdIPqdN.exe
  C:\Windows\System\mdIPqdN.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\AfjAQMK.exe
  C:\Windows\System\AfjAQMK.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\rXbqjad.exe
  C:\Windows\System\rXbqjad.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\mxKDgyL.exe
  C:\Windows\System\mxKDgyL.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\bEFOpmc.exe
  C:\Windows\System\bEFOpmc.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\KFqFwTK.exe
  C:\Windows\System\KFqFwTK.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\iHpthej.exe
  C:\Windows\System\iHpthej.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\mfDgxlJ.exe
  C:\Windows\System\mfDgxlJ.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\uxBwMCk.exe
  C:\Windows\System\uxBwMCk.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\GpHtQDP.exe
  C:\Windows\System\GpHtQDP.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\MWDNXAn.exe
  C:\Windows\System\MWDNXAn.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\RlAJzPZ.exe
  C:\Windows\System\RlAJzPZ.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\JHsZOdK.exe
  C:\Windows\System\JHsZOdK.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\OLPnMUN.exe
  C:\Windows\System\OLPnMUN.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\TMPsXtM.exe
  C:\Windows\System\TMPsXtM.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\JtUEFUH.exe
  C:\Windows\System\JtUEFUH.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\wbbnmMG.exe
  C:\Windows\System\wbbnmMG.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\gSeBuRU.exe
  C:\Windows\System\gSeBuRU.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\UJhZwQo.exe
  C:\Windows\System\UJhZwQo.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\kXmqxLu.exe
  C:\Windows\System\kXmqxLu.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\dmDMSUU.exe
  C:\Windows\System\dmDMSUU.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\HIczyKF.exe
  C:\Windows\System\HIczyKF.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\nkJRFmL.exe
  C:\Windows\System\nkJRFmL.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\qKWDWWt.exe
  C:\Windows\System\qKWDWWt.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\KkyHNqR.exe
  C:\Windows\System\KkyHNqR.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\wZsMUxZ.exe
  C:\Windows\System\wZsMUxZ.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\KiUiwGU.exe
  C:\Windows\System\KiUiwGU.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\QpyEALv.exe
  C:\Windows\System\QpyEALv.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\MuFiwvp.exe
  C:\Windows\System\MuFiwvp.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\ZIRsISh.exe
  C:\Windows\System\ZIRsISh.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\qsXQVKe.exe
  C:\Windows\System\qsXQVKe.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\fXQAdxN.exe
  C:\Windows\System\fXQAdxN.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\zkcAFyt.exe
  C:\Windows\System\zkcAFyt.exe
  2⤵
  PID:3024
- C:\Windows\System\VZTqgaO.exe
  C:\Windows\System\VZTqgaO.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\Uancbsu.exe
  C:\Windows\System\Uancbsu.exe
  2⤵
  PID:2304
- C:\Windows\System\oumjoPN.exe
  C:\Windows\System\oumjoPN.exe
  2⤵
  PID:2484
- C:\Windows\System\ceUrIQg.exe
  C:\Windows\System\ceUrIQg.exe
  2⤵
  PID:560
- C:\Windows\System\AvvcFrh.exe
  C:\Windows\System\AvvcFrh.exe
  2⤵
  PID:2480
- C:\Windows\System\gkzgAIb.exe
  C:\Windows\System\gkzgAIb.exe
  2⤵
  PID:1500
- C:\Windows\System\mwPcwJc.exe
  C:\Windows\System\mwPcwJc.exe
  2⤵
  PID:1084
- C:\Windows\System\VLsetIM.exe
  C:\Windows\System\VLsetIM.exe
  2⤵
  PID:2680
- C:\Windows\System\dAWYcfJ.exe
  C:\Windows\System\dAWYcfJ.exe
  2⤵
  PID:2280
- C:\Windows\System\VEIQUIO.exe
  C:\Windows\System\VEIQUIO.exe
  2⤵
  PID:1960
- C:\Windows\System\BWVGCxI.exe
  C:\Windows\System\BWVGCxI.exe
  2⤵
  PID:2160
- C:\Windows\System\qABUQAU.exe
  C:\Windows\System\qABUQAU.exe
  2⤵
  PID:1240
- C:\Windows\System\RGbeXGU.exe
  C:\Windows\System\RGbeXGU.exe
  2⤵
  PID:1132
- C:\Windows\System\BEsEcVK.exe
  C:\Windows\System\BEsEcVK.exe
  2⤵
  PID:1680
- C:\Windows\System\YfzNRHD.exe
  C:\Windows\System\YfzNRHD.exe
  2⤵
  PID:1852
- C:\Windows\System\XPIGjUJ.exe
  C:\Windows\System\XPIGjUJ.exe
  2⤵
  PID:1720
- C:\Windows\System\rlCAMMn.exe
  C:\Windows\System\rlCAMMn.exe
  2⤵
  PID:892
- C:\Windows\System\HFfNKmN.exe
  C:\Windows\System\HFfNKmN.exe
  2⤵
  PID:1120
- C:\Windows\System\RtRxxRl.exe
  C:\Windows\System\RtRxxRl.exe
  2⤵
  PID:1524
- C:\Windows\System\lmzbNzr.exe
  C:\Windows\System\lmzbNzr.exe
  2⤵
  PID:2560
- C:\Windows\System\FOBHDit.exe
  C:\Windows\System\FOBHDit.exe
  2⤵
  PID:1780
- C:\Windows\System\PtWZydN.exe
  C:\Windows\System\PtWZydN.exe
  2⤵
  PID:1704
- C:\Windows\System\XSVAeQM.exe
  C:\Windows\System\XSVAeQM.exe
  2⤵
  PID:2224
- C:\Windows\System\ITGaFtC.exe
  C:\Windows\System\ITGaFtC.exe
  2⤵
  PID:928
- C:\Windows\System\dwHSXxt.exe
  C:\Windows\System\dwHSXxt.exe
  2⤵
  PID:2876
- C:\Windows\System\nCpVcQw.exe
  C:\Windows\System\nCpVcQw.exe
  2⤵
  PID:2976
- C:\Windows\System\fKCtmbj.exe
  C:\Windows\System\fKCtmbj.exe
  2⤵
  PID:1476
- C:\Windows\System\gbqMoMJ.exe
  C:\Windows\System\gbqMoMJ.exe
  2⤵
  PID:3048
- C:\Windows\System\OoDJpzx.exe
  C:\Windows\System\OoDJpzx.exe
  2⤵
  PID:2836
- C:\Windows\System\RzjZfbp.exe
  C:\Windows\System\RzjZfbp.exe
  2⤵
  PID:2528
- C:\Windows\System\vDvSvtf.exe
  C:\Windows\System\vDvSvtf.exe
  2⤵
  PID:980
- C:\Windows\System\WMFUjSa.exe
  C:\Windows\System\WMFUjSa.exe
  2⤵
  PID:236
- C:\Windows\System\TbMOtik.exe
  C:\Windows\System\TbMOtik.exe
  2⤵
  PID:2500
- C:\Windows\System\HcQgdrs.exe
  C:\Windows\System\HcQgdrs.exe
  2⤵
  PID:2400
- C:\Windows\System\XwwnLVk.exe
  C:\Windows\System\XwwnLVk.exe
  2⤵
  PID:1740
- C:\Windows\System\qDsGJnm.exe
  C:\Windows\System\qDsGJnm.exe
  2⤵
  PID:704
- C:\Windows\System\DSZKcbs.exe
  C:\Windows\System\DSZKcbs.exe
  2⤵
  PID:2488
- C:\Windows\System\XsxhMtA.exe
  C:\Windows\System\XsxhMtA.exe
  2⤵
  PID:2684
- C:\Windows\System\vhLWIAC.exe
  C:\Windows\System\vhLWIAC.exe
  2⤵
  PID:1168
- C:\Windows\System\klhqPKD.exe
  C:\Windows\System\klhqPKD.exe
  2⤵
  PID:1928
- C:\Windows\System\PIqjzzh.exe
  C:\Windows\System\PIqjzzh.exe
  2⤵
  PID:2248
- C:\Windows\System\VVgcQuk.exe
  C:\Windows\System\VVgcQuk.exe
  2⤵
  PID:1584
- C:\Windows\System\WcOdmep.exe
  C:\Windows\System\WcOdmep.exe
  2⤵
  PID:964
- C:\Windows\System\bIeELsZ.exe
  C:\Windows\System\bIeELsZ.exe
  2⤵
  PID:2728
- C:\Windows\System\qgRjfEC.exe
  C:\Windows\System\qgRjfEC.exe
  2⤵
  PID:1708
- C:\Windows\System\pSHQDhn.exe
  C:\Windows\System\pSHQDhn.exe
  2⤵
  PID:1612
- C:\Windows\System\GvEGcny.exe
  C:\Windows\System\GvEGcny.exe
  2⤵
  PID:2768
- C:\Windows\System\AnPvUTL.exe
  C:\Windows\System\AnPvUTL.exe
  2⤵
  PID:1844
- C:\Windows\System\FHtKaDY.exe
  C:\Windows\System\FHtKaDY.exe
  2⤵
  PID:1388
- C:\Windows\System\mFRFVHu.exe
  C:\Windows\System\mFRFVHu.exe
  2⤵
  PID:1836
- C:\Windows\System\TTYaFif.exe
  C:\Windows\System\TTYaFif.exe
  2⤵
  PID:2240
- C:\Windows\System\oEZdUjt.exe
  C:\Windows\System\oEZdUjt.exe
  2⤵
  PID:3092
- C:\Windows\System\yrwscvM.exe
  C:\Windows\System\yrwscvM.exe
  2⤵
  PID:3108
- C:\Windows\System\fROhXkW.exe
  C:\Windows\System\fROhXkW.exe
  2⤵
  PID:3124
- C:\Windows\System\OiloduV.exe
  C:\Windows\System\OiloduV.exe
  2⤵
  PID:3192
- C:\Windows\System\MHYOctT.exe
  C:\Windows\System\MHYOctT.exe
  2⤵
  PID:3220
- C:\Windows\System\AaByHKC.exe
  C:\Windows\System\AaByHKC.exe
  2⤵
  PID:3236
- C:\Windows\System\MpVfBWN.exe
  C:\Windows\System\MpVfBWN.exe
  2⤵
  PID:3260
- C:\Windows\System\lpAXEZH.exe
  C:\Windows\System\lpAXEZH.exe
  2⤵
  PID:3280
- C:\Windows\System\SxtNIBW.exe
  C:\Windows\System\SxtNIBW.exe
  2⤵
  PID:3296
- C:\Windows\System\TJGBCrk.exe
  C:\Windows\System\TJGBCrk.exe
  2⤵
  PID:3312
- C:\Windows\System\DEenZph.exe
  C:\Windows\System\DEenZph.exe
  2⤵
  PID:3344
- C:\Windows\System\SKZtvzu.exe
  C:\Windows\System\SKZtvzu.exe
  2⤵
  PID:3364
- C:\Windows\System\hxdgBFQ.exe
  C:\Windows\System\hxdgBFQ.exe
  2⤵
  PID:3384
- C:\Windows\System\mZaAMpz.exe
  C:\Windows\System\mZaAMpz.exe
  2⤵
  PID:3400
- C:\Windows\System\jAnsSic.exe
  C:\Windows\System\jAnsSic.exe
  2⤵
  PID:3420
- C:\Windows\System\RtGwcYJ.exe
  C:\Windows\System\RtGwcYJ.exe
  2⤵
  PID:3440
- C:\Windows\System\iVAXtGI.exe
  C:\Windows\System\iVAXtGI.exe
  2⤵
  PID:3456
- C:\Windows\System\fbeEULA.exe
  C:\Windows\System\fbeEULA.exe
  2⤵
  PID:3480
- C:\Windows\System\zwnNSkq.exe
  C:\Windows\System\zwnNSkq.exe
  2⤵
  PID:3496
- C:\Windows\System\MESMVTl.exe
  C:\Windows\System\MESMVTl.exe
  2⤵
  PID:3516
- C:\Windows\System\vwmpiTy.exe
  C:\Windows\System\vwmpiTy.exe
  2⤵
  PID:3540
- C:\Windows\System\zJwAhWX.exe
  C:\Windows\System\zJwAhWX.exe
  2⤵
  PID:3560
- C:\Windows\System\BFyWLdI.exe
  C:\Windows\System\BFyWLdI.exe
  2⤵
  PID:3576
- C:\Windows\System\NQgAEYa.exe
  C:\Windows\System\NQgAEYa.exe
  2⤵
  PID:3596
- C:\Windows\System\JzaJqpu.exe
  C:\Windows\System\JzaJqpu.exe
  2⤵
  PID:3620
- C:\Windows\System\Mkdnrjc.exe
  C:\Windows\System\Mkdnrjc.exe
  2⤵
  PID:3636
- C:\Windows\System\QgAumDy.exe
  C:\Windows\System\QgAumDy.exe
  2⤵
  PID:3656
- C:\Windows\System\jlvEcnk.exe
  C:\Windows\System\jlvEcnk.exe
  2⤵
  PID:3680
- C:\Windows\System\tlQlXDf.exe
  C:\Windows\System\tlQlXDf.exe
  2⤵
  PID:3704
- C:\Windows\System\zaKtLep.exe
  C:\Windows\System\zaKtLep.exe
  2⤵
  PID:3724
- C:\Windows\System\puNWRWy.exe
  C:\Windows\System\puNWRWy.exe
  2⤵
  PID:3740
- C:\Windows\System\oulZOqR.exe
  C:\Windows\System\oulZOqR.exe
  2⤵
  PID:3768
- C:\Windows\System\jEioSXP.exe
  C:\Windows\System\jEioSXP.exe
  2⤵
  PID:3788
- C:\Windows\System\CEhbMOq.exe
  C:\Windows\System\CEhbMOq.exe
  2⤵
  PID:3808
- C:\Windows\System\JaxVIvi.exe
  C:\Windows\System\JaxVIvi.exe
  2⤵
  PID:3828
- C:\Windows\System\sojfHCp.exe
  C:\Windows\System\sojfHCp.exe
  2⤵
  PID:3848
- C:\Windows\System\BzbnJRn.exe
  C:\Windows\System\BzbnJRn.exe
  2⤵
  PID:3868
- C:\Windows\System\GCbirMO.exe
  C:\Windows\System\GCbirMO.exe
  2⤵
  PID:3888
- C:\Windows\System\KEyxQQa.exe
  C:\Windows\System\KEyxQQa.exe
  2⤵
  PID:3908
- C:\Windows\System\mcIOBdk.exe
  C:\Windows\System\mcIOBdk.exe
  2⤵
  PID:3932
- C:\Windows\System\mICpjGn.exe
  C:\Windows\System\mICpjGn.exe
  2⤵
  PID:3952
- C:\Windows\System\VxrUwKD.exe
  C:\Windows\System\VxrUwKD.exe
  2⤵
  PID:3972
- C:\Windows\System\vkhWZxI.exe
  C:\Windows\System\vkhWZxI.exe
  2⤵
  PID:3992
- C:\Windows\System\FqNbdvy.exe
  C:\Windows\System\FqNbdvy.exe
  2⤵
  PID:4012
- C:\Windows\System\aciEZVq.exe
  C:\Windows\System\aciEZVq.exe
  2⤵
  PID:4032
- C:\Windows\System\vvYoRWf.exe
  C:\Windows\System\vvYoRWf.exe
  2⤵
  PID:4052
- C:\Windows\System\CrfBlPx.exe
  C:\Windows\System\CrfBlPx.exe
  2⤵
  PID:4072
- C:\Windows\System\RsaNowD.exe
  C:\Windows\System\RsaNowD.exe
  2⤵
  PID:4092
- C:\Windows\System\qmVDmuj.exe
  C:\Windows\System\qmVDmuj.exe
  2⤵
  PID:2952
- C:\Windows\System\HtUBibM.exe
  C:\Windows\System\HtUBibM.exe
  2⤵
  PID:2892
- C:\Windows\System\lkPqrFV.exe
  C:\Windows\System\lkPqrFV.exe
  2⤵
  PID:1548
- C:\Windows\System\dyRnjII.exe
  C:\Windows\System\dyRnjII.exe
  2⤵
  PID:2660
- C:\Windows\System\mmHutKt.exe
  C:\Windows\System\mmHutKt.exe
  2⤵
  PID:752
- C:\Windows\System\BmrENwj.exe
  C:\Windows\System\BmrENwj.exe
  2⤵
  PID:3084
- C:\Windows\System\npimSDr.exe
  C:\Windows\System\npimSDr.exe
  2⤵
  PID:1752
- C:\Windows\System\sVaTjRw.exe
  C:\Windows\System\sVaTjRw.exe
  2⤵
  PID:1156
- C:\Windows\System\TFCTHvM.exe
  C:\Windows\System\TFCTHvM.exe
  2⤵
  PID:364
- C:\Windows\System\ZKZIsWd.exe
  C:\Windows\System\ZKZIsWd.exe
  2⤵
  PID:3132
- C:\Windows\System\FWCXTRj.exe
  C:\Windows\System\FWCXTRj.exe
  2⤵
  PID:3204
- C:\Windows\System\ANOlXrF.exe
  C:\Windows\System\ANOlXrF.exe
  2⤵
  PID:3172
- C:\Windows\System\gXTZDdG.exe
  C:\Windows\System\gXTZDdG.exe
  2⤵
  PID:3188
- C:\Windows\System\kHebNGR.exe
  C:\Windows\System\kHebNGR.exe
  2⤵
  PID:3256
- C:\Windows\System\EjRTQsq.exe
  C:\Windows\System\EjRTQsq.exe
  2⤵
  PID:3324
- C:\Windows\System\BYyjLoP.exe
  C:\Windows\System\BYyjLoP.exe
  2⤵
  PID:3372
- C:\Windows\System\BiubpDf.exe
  C:\Windows\System\BiubpDf.exe
  2⤵
  PID:3408
- C:\Windows\System\gIQsQzD.exe
  C:\Windows\System\gIQsQzD.exe
  2⤵
  PID:3308
- C:\Windows\System\YymNwjW.exe
  C:\Windows\System\YymNwjW.exe
  2⤵
  PID:3360
- C:\Windows\System\EGiVsOe.exe
  C:\Windows\System\EGiVsOe.exe
  2⤵
  PID:3396
- C:\Windows\System\tAsoAqs.exe
  C:\Windows\System\tAsoAqs.exe
  2⤵
  PID:3488
- C:\Windows\System\RtNfNjD.exe
  C:\Windows\System\RtNfNjD.exe
  2⤵
  PID:3532
- C:\Windows\System\VBKnQis.exe
  C:\Windows\System\VBKnQis.exe
  2⤵
  PID:3504
- C:\Windows\System\OnTDNTt.exe
  C:\Windows\System\OnTDNTt.exe
  2⤵
  PID:3604
- C:\Windows\System\tvUEMBF.exe
  C:\Windows\System\tvUEMBF.exe
  2⤵
  PID:3552
- C:\Windows\System\iaLFffe.exe
  C:\Windows\System\iaLFffe.exe
  2⤵
  PID:3628
- C:\Windows\System\WWvyNmY.exe
  C:\Windows\System\WWvyNmY.exe
  2⤵
  PID:3688
- C:\Windows\System\ehtvlSM.exe
  C:\Windows\System\ehtvlSM.exe
  2⤵
  PID:3676
- C:\Windows\System\boLjvEd.exe
  C:\Windows\System\boLjvEd.exe
  2⤵
  PID:3716
- C:\Windows\System\hQSWUiE.exe
  C:\Windows\System\hQSWUiE.exe
  2⤵
  PID:3752
- C:\Windows\System\qHAKiQl.exe
  C:\Windows\System\qHAKiQl.exe
  2⤵
  PID:3816
- C:\Windows\System\KWPzKkf.exe
  C:\Windows\System\KWPzKkf.exe
  2⤵
  PID:3836
- C:\Windows\System\RviUZhU.exe
  C:\Windows\System\RviUZhU.exe
  2⤵
  PID:3764
- C:\Windows\System\poGWtWO.exe
  C:\Windows\System\poGWtWO.exe
  2⤵
  PID:3880
- C:\Windows\System\pbPSNBN.exe
  C:\Windows\System\pbPSNBN.exe
  2⤵
  PID:3948
- C:\Windows\System\zXITyiv.exe
  C:\Windows\System\zXITyiv.exe
  2⤵
  PID:3980
- C:\Windows\System\NmaOAoo.exe
  C:\Windows\System\NmaOAoo.exe
  2⤵
  PID:4008
- C:\Windows\System\eYQXRiq.exe
  C:\Windows\System\eYQXRiq.exe
  2⤵
  PID:4048
- C:\Windows\System\AMhKEKB.exe
  C:\Windows\System\AMhKEKB.exe
  2⤵
  PID:4044
- C:\Windows\System\sogdjSa.exe
  C:\Windows\System\sogdjSa.exe
  2⤵
  PID:1604
- C:\Windows\System\qpmaALq.exe
  C:\Windows\System\qpmaALq.exe
  2⤵
  PID:2636
- C:\Windows\System\PLGyQDz.exe
  C:\Windows\System\PLGyQDz.exe
  2⤵
  PID:2212
- C:\Windows\System\kCeHTWv.exe
  C:\Windows\System\kCeHTWv.exe
  2⤵
  PID:3120
- C:\Windows\System\UGPGnvG.exe
  C:\Windows\System\UGPGnvG.exe
  2⤵
  PID:2148
- C:\Windows\System\uYlOBss.exe
  C:\Windows\System\uYlOBss.exe
  2⤵
  PID:3140
- C:\Windows\System\FmsmWGA.exe
  C:\Windows\System\FmsmWGA.exe
  2⤵
  PID:3104
- C:\Windows\System\PAUCBKJ.exe
  C:\Windows\System\PAUCBKJ.exe
  2⤵
  PID:1456
- C:\Windows\System\OEaQBKt.exe
  C:\Windows\System\OEaQBKt.exe
  2⤵
  PID:3252
- C:\Windows\System\iuwNnLz.exe
  C:\Windows\System\iuwNnLz.exe
  2⤵
  PID:3232
- C:\Windows\System\eXtOzGO.exe
  C:\Windows\System\eXtOzGO.exe
  2⤵
  PID:3352
- C:\Windows\System\traxFXQ.exe
  C:\Windows\System\traxFXQ.exe
  2⤵
  PID:3304
- C:\Windows\System\GgrSshG.exe
  C:\Windows\System\GgrSshG.exe
  2⤵
  PID:3428
- C:\Windows\System\KshpCkv.exe
  C:\Windows\System\KshpCkv.exe
  2⤵
  PID:3472
- C:\Windows\System\tjSpvUw.exe
  C:\Windows\System\tjSpvUw.exe
  2⤵
  PID:3616
- C:\Windows\System\ZDjQprm.exe
  C:\Windows\System\ZDjQprm.exe
  2⤵
  PID:3592
- C:\Windows\System\lcHesyM.exe
  C:\Windows\System\lcHesyM.exe
  2⤵
  PID:3672
- C:\Windows\System\aLQCMEp.exe
  C:\Windows\System\aLQCMEp.exe
  2⤵
  PID:3796
- C:\Windows\System\zTvsZvE.exe
  C:\Windows\System\zTvsZvE.exe
  2⤵
  PID:3748
- C:\Windows\System\WopDKsg.exe
  C:\Windows\System\WopDKsg.exe
  2⤵
  PID:3824
- C:\Windows\System\psaZfzO.exe
  C:\Windows\System\psaZfzO.exe
  2⤵
  PID:3924
- C:\Windows\System\VxoByjo.exe
  C:\Windows\System\VxoByjo.exe
  2⤵
  PID:3968
- C:\Windows\System\Jemulni.exe
  C:\Windows\System\Jemulni.exe
  2⤵
  PID:4068
- C:\Windows\System\VqiPuGt.exe
  C:\Windows\System\VqiPuGt.exe
  2⤵
  PID:4088
- C:\Windows\System\uOlFmpt.exe
  C:\Windows\System\uOlFmpt.exe
  2⤵
  PID:4108
- C:\Windows\System\sQovOmS.exe
  C:\Windows\System\sQovOmS.exe
  2⤵
  PID:4128
- C:\Windows\System\ccQupdQ.exe
  C:\Windows\System\ccQupdQ.exe
  2⤵
  PID:4148
- C:\Windows\System\VikAdCz.exe
  C:\Windows\System\VikAdCz.exe
  2⤵
  PID:4168
- C:\Windows\System\RTeItdK.exe
  C:\Windows\System\RTeItdK.exe
  2⤵
  PID:4188
- C:\Windows\System\sRIMANu.exe
  C:\Windows\System\sRIMANu.exe
  2⤵
  PID:4208
- C:\Windows\System\tXThzHa.exe
  C:\Windows\System\tXThzHa.exe
  2⤵
  PID:4232
- C:\Windows\System\TCRJqSh.exe
  C:\Windows\System\TCRJqSh.exe
  2⤵
  PID:4248
- C:\Windows\System\YcqTtnN.exe
  C:\Windows\System\YcqTtnN.exe
  2⤵
  PID:4272
- C:\Windows\System\YYtmKIs.exe
  C:\Windows\System\YYtmKIs.exe
  2⤵
  PID:4292
- C:\Windows\System\QSNtWYC.exe
  C:\Windows\System\QSNtWYC.exe
  2⤵
  PID:4312
- C:\Windows\System\CifeeDo.exe
  C:\Windows\System\CifeeDo.exe
  2⤵
  PID:4332
- C:\Windows\System\cSOQSHt.exe
  C:\Windows\System\cSOQSHt.exe
  2⤵
  PID:4352
- C:\Windows\System\fcUJcml.exe
  C:\Windows\System\fcUJcml.exe
  2⤵
  PID:4372
- C:\Windows\System\wfRBrKL.exe
  C:\Windows\System\wfRBrKL.exe
  2⤵
  PID:4388
- C:\Windows\System\WSyzFlY.exe
  C:\Windows\System\WSyzFlY.exe
  2⤵
  PID:4408
- C:\Windows\System\jzpvvyS.exe
  C:\Windows\System\jzpvvyS.exe
  2⤵
  PID:4432
- C:\Windows\System\HbNwise.exe
  C:\Windows\System\HbNwise.exe
  2⤵
  PID:4452
- C:\Windows\System\LCNZymM.exe
  C:\Windows\System\LCNZymM.exe
  2⤵
  PID:4472
- C:\Windows\System\qdNdFQq.exe
  C:\Windows\System\qdNdFQq.exe
  2⤵
  PID:4496
- C:\Windows\System\HgWKqAn.exe
  C:\Windows\System\HgWKqAn.exe
  2⤵
  PID:4512
- C:\Windows\System\pqLgHvb.exe
  C:\Windows\System\pqLgHvb.exe
  2⤵
  PID:4536
- C:\Windows\System\ZofsHKa.exe
  C:\Windows\System\ZofsHKa.exe
  2⤵
  PID:4556
- C:\Windows\System\CCwhIkt.exe
  C:\Windows\System\CCwhIkt.exe
  2⤵
  PID:4576
- C:\Windows\System\vVSurzK.exe
  C:\Windows\System\vVSurzK.exe
  2⤵
  PID:4596
- C:\Windows\System\OoZjsyY.exe
  C:\Windows\System\OoZjsyY.exe
  2⤵
  PID:4616
- C:\Windows\System\spKOYWy.exe
  C:\Windows\System\spKOYWy.exe
  2⤵
  PID:4640
- C:\Windows\System\rATiwEs.exe
  C:\Windows\System\rATiwEs.exe
  2⤵
  PID:4660
- C:\Windows\System\JSfhvii.exe
  C:\Windows\System\JSfhvii.exe
  2⤵
  PID:4680
- C:\Windows\System\YUdUWCx.exe
  C:\Windows\System\YUdUWCx.exe
  2⤵
  PID:4700
- C:\Windows\System\uvONkrB.exe
  C:\Windows\System\uvONkrB.exe
  2⤵
  PID:4720
- C:\Windows\System\VjpRYBg.exe
  C:\Windows\System\VjpRYBg.exe
  2⤵
  PID:4740
- C:\Windows\System\TsIUtPk.exe
  C:\Windows\System\TsIUtPk.exe
  2⤵
  PID:4760
- C:\Windows\System\VNXERZd.exe
  C:\Windows\System\VNXERZd.exe
  2⤵
  PID:4776
- C:\Windows\System\PKCuTYC.exe
  C:\Windows\System\PKCuTYC.exe
  2⤵
  PID:4796
- C:\Windows\System\MudHHKh.exe
  C:\Windows\System\MudHHKh.exe
  2⤵
  PID:4820
- C:\Windows\System\gpMCeqF.exe
  C:\Windows\System\gpMCeqF.exe
  2⤵
  PID:4836
- C:\Windows\System\GBSRUxQ.exe
  C:\Windows\System\GBSRUxQ.exe
  2⤵
  PID:4852
- C:\Windows\System\qPDvBHN.exe
  C:\Windows\System\qPDvBHN.exe
  2⤵
  PID:4876
- C:\Windows\System\WnEdzRI.exe
  C:\Windows\System\WnEdzRI.exe
  2⤵
  PID:4900
- C:\Windows\System\GtYhEvV.exe
  C:\Windows\System\GtYhEvV.exe
  2⤵
  PID:4916
- C:\Windows\System\EqEAeCu.exe
  C:\Windows\System\EqEAeCu.exe
  2⤵
  PID:4940
- C:\Windows\System\yvtvvSk.exe
  C:\Windows\System\yvtvvSk.exe
  2⤵
  PID:4964
- C:\Windows\System\yAmkQiM.exe
  C:\Windows\System\yAmkQiM.exe
  2⤵
  PID:4984
- C:\Windows\System\LTshpAA.exe
  C:\Windows\System\LTshpAA.exe
  2⤵
  PID:5004
- C:\Windows\System\fECiJxI.exe
  C:\Windows\System\fECiJxI.exe
  2⤵
  PID:936
- C:\Windows\System\kltTJTM.exe
  C:\Windows\System\kltTJTM.exe
  2⤵
  PID:3080
- C:\Windows\System\wbILGMv.exe
  C:\Windows\System\wbILGMv.exe
  2⤵
  PID:2368
- C:\Windows\System\QfTUZle.exe
  C:\Windows\System\QfTUZle.exe
  2⤵
  PID:3320
- C:\Windows\System\wWRPkBc.exe
  C:\Windows\System\wWRPkBc.exe
  2⤵
  PID:3416
- C:\Windows\System\ugDnclY.exe
  C:\Windows\System\ugDnclY.exe
  2⤵
  PID:3436
- C:\Windows\System\LKGpiEC.exe
  C:\Windows\System\LKGpiEC.exe
  2⤵
  PID:3392
- C:\Windows\System\vYuuAuv.exe
  C:\Windows\System\vYuuAuv.exe
  2⤵
  PID:3648
- C:\Windows\System\amHOhPS.exe
  C:\Windows\System\amHOhPS.exe
  2⤵
  PID:3512
- C:\Windows\System\FTctPNz.exe
  C:\Windows\System\FTctPNz.exe
  2⤵
  PID:3784
- C:\Windows\System\IqKFkdR.exe
  C:\Windows\System\IqKFkdR.exe
  2⤵
  PID:3736
- C:\Windows\System\ApDDayL.exe
  C:\Windows\System\ApDDayL.exe
  2⤵
  PID:3960
- C:\Windows\System\smJnenM.exe
  C:\Windows\System\smJnenM.exe
  2⤵
  PID:3876
- C:\Windows\System\ATTDEkA.exe
  C:\Windows\System\ATTDEkA.exe
  2⤵
  PID:4104
- C:\Windows\System\APZpDlE.exe
  C:\Windows\System\APZpDlE.exe
  2⤵
  PID:4164
- C:\Windows\System\mBxawQn.exe
  C:\Windows\System\mBxawQn.exe
  2⤵
  PID:4140
- C:\Windows\System\ErfJUMG.exe
  C:\Windows\System\ErfJUMG.exe
  2⤵
  PID:4180
- C:\Windows\System\YACNgWq.exe
  C:\Windows\System\YACNgWq.exe
  2⤵
  PID:4220
- C:\Windows\System\PDxMxMg.exe
  C:\Windows\System\PDxMxMg.exe
  2⤵
  PID:4256
- C:\Windows\System\XUgTqmJ.exe
  C:\Windows\System\XUgTqmJ.exe
  2⤵
  PID:4328
- C:\Windows\System\gJHgtWx.exe
  C:\Windows\System\gJHgtWx.exe
  2⤵
  PID:4360
- C:\Windows\System\QdwhyTh.exe
  C:\Windows\System\QdwhyTh.exe
  2⤵
  PID:4364
- C:\Windows\System\rUntmxt.exe
  C:\Windows\System\rUntmxt.exe
  2⤵
  PID:4384
- C:\Windows\System\jeueXER.exe
  C:\Windows\System\jeueXER.exe
  2⤵
  PID:4428
- C:\Windows\System\hVjoEvV.exe
  C:\Windows\System\hVjoEvV.exe
  2⤵
  PID:4480
- C:\Windows\System\ujJbFSa.exe
  C:\Windows\System\ujJbFSa.exe
  2⤵
  PID:4520
- C:\Windows\System\gIguHBW.exe
  C:\Windows\System\gIguHBW.exe
  2⤵
  PID:4564
- C:\Windows\System\BbTFtvR.exe
  C:\Windows\System\BbTFtvR.exe
  2⤵
  PID:4572
- C:\Windows\System\zrOCyFI.exe
  C:\Windows\System\zrOCyFI.exe
  2⤵
  PID:4608
- C:\Windows\System\viyvWVf.exe
  C:\Windows\System\viyvWVf.exe
  2⤵
  PID:4656
- C:\Windows\System\xyLORRd.exe
  C:\Windows\System\xyLORRd.exe
  2⤵
  PID:4688
- C:\Windows\System\OFRKgFi.exe
  C:\Windows\System\OFRKgFi.exe
  2⤵
  PID:4708
- C:\Windows\System\qvSIOOu.exe
  C:\Windows\System\qvSIOOu.exe
  2⤵
  PID:4732
- C:\Windows\System\COMmmkh.exe
  C:\Windows\System\COMmmkh.exe
  2⤵
  PID:4772
- C:\Windows\System\TOwdUFF.exe
  C:\Windows\System\TOwdUFF.exe
  2⤵
  PID:4788
- C:\Windows\System\dHJYIOz.exe
  C:\Windows\System\dHJYIOz.exe
  2⤵
  PID:4844
- C:\Windows\System\vvTOqWB.exe
  C:\Windows\System\vvTOqWB.exe
  2⤵
  PID:4860
- C:\Windows\System\MJjJlFT.exe
  C:\Windows\System\MJjJlFT.exe
  2⤵
  PID:4908
- C:\Windows\System\GwyhqRy.exe
  C:\Windows\System\GwyhqRy.exe
  2⤵
  PID:4928
- C:\Windows\System\MtUIkLF.exe
  C:\Windows\System\MtUIkLF.exe
  2⤵
  PID:4980
- C:\Windows\System\tlIpLLl.exe
  C:\Windows\System\tlIpLLl.exe
  2⤵
  PID:4996
- C:\Windows\System\tWsCwiB.exe
  C:\Windows\System\tWsCwiB.exe
  2⤵
  PID:1744
- C:\Windows\System\eUfVWWK.exe
  C:\Windows\System\eUfVWWK.exe
  2⤵
  PID:5048
- C:\Windows\System\DRGecLu.exe
  C:\Windows\System\DRGecLu.exe
  2⤵
  PID:5056
- C:\Windows\System\ktlTXkb.exe
  C:\Windows\System\ktlTXkb.exe
  2⤵
  PID:2348
- C:\Windows\System\FBxOsZJ.exe
  C:\Windows\System\FBxOsZJ.exe
  2⤵
  PID:2588
- C:\Windows\System\BZKtHTI.exe
  C:\Windows\System\BZKtHTI.exe
  2⤵
  PID:2604
- C:\Windows\System\hfwOcPp.exe
  C:\Windows\System\hfwOcPp.exe
  2⤵
  PID:5084
- C:\Windows\System\ZIAGDnj.exe
  C:\Windows\System\ZIAGDnj.exe
  2⤵
  PID:5092
- C:\Windows\System\EIoDbeU.exe
  C:\Windows\System\EIoDbeU.exe
  2⤵
  PID:2924
- C:\Windows\System\jYXvIpC.exe
  C:\Windows\System\jYXvIpC.exe
  2⤵
  PID:1924
- C:\Windows\System\QyarKRw.exe
  C:\Windows\System\QyarKRw.exe
  2⤵
  PID:3020
- C:\Windows\System\Penxkqu.exe
  C:\Windows\System\Penxkqu.exe
  2⤵
  PID:2320
- C:\Windows\System\BNrQLBh.exe
  C:\Windows\System\BNrQLBh.exe
  2⤵
  PID:2948
- C:\Windows\System\ATiFAha.exe
  C:\Windows\System\ATiFAha.exe
  2⤵
  PID:2496
- C:\Windows\System\WCDuuLw.exe
  C:\Windows\System\WCDuuLw.exe
  2⤵
  PID:3060
- C:\Windows\System\XVDiNIi.exe
  C:\Windows\System\XVDiNIi.exe
  2⤵
  PID:1700
- C:\Windows\System\FUpuYtd.exe
  C:\Windows\System\FUpuYtd.exe
  2⤵
  PID:2080
- C:\Windows\System\pUTVjAu.exe
  C:\Windows\System\pUTVjAu.exe
  2⤵
  PID:3336
- C:\Windows\System\QudGXbe.exe
  C:\Windows\System\QudGXbe.exe
  2⤵
  PID:692
- C:\Windows\System\DnwRDOD.exe
  C:\Windows\System\DnwRDOD.exe
  2⤵
  PID:3468
- C:\Windows\System\lgMbogL.exe
  C:\Windows\System\lgMbogL.exe
  2⤵
  PID:3700
- C:\Windows\System\OkGGlkp.exe
  C:\Windows\System\OkGGlkp.exe
  2⤵
  PID:3568
- C:\Windows\System\Dmhkvfz.exe
  C:\Windows\System\Dmhkvfz.exe
  2⤵
  PID:3864
- C:\Windows\System\otwLiVe.exe
  C:\Windows\System\otwLiVe.exe
  2⤵
  PID:3632
- C:\Windows\System\MINJrlt.exe
  C:\Windows\System\MINJrlt.exe
  2⤵
  PID:2288
- C:\Windows\System\pUEeyiH.exe
  C:\Windows\System\pUEeyiH.exe
  2⤵
  PID:4124
- C:\Windows\System\NHVnoPj.exe
  C:\Windows\System\NHVnoPj.exe
  2⤵
  PID:4176
- C:\Windows\System\ClUxEbu.exe
  C:\Windows\System\ClUxEbu.exe
  2⤵
  PID:2808
- C:\Windows\System\elVhujl.exe
  C:\Windows\System\elVhujl.exe
  2⤵
  PID:4216
- C:\Windows\System\WQcpifp.exe
  C:\Windows\System\WQcpifp.exe
  2⤵
  PID:4260
- C:\Windows\System\NzIBEri.exe
  C:\Windows\System\NzIBEri.exe
  2⤵
  PID:4308
- C:\Windows\System\GaqNysr.exe
  C:\Windows\System\GaqNysr.exe
  2⤵
  PID:1972
- C:\Windows\System\KjgtGkK.exe
  C:\Windows\System\KjgtGkK.exe
  2⤵
  PID:2064
- C:\Windows\System\aPMkRyH.exe
  C:\Windows\System\aPMkRyH.exe
  2⤵
  PID:2408
- C:\Windows\System\GjzbhBU.exe
  C:\Windows\System\GjzbhBU.exe
  2⤵
  PID:4464
- C:\Windows\System\rsExXQQ.exe
  C:\Windows\System\rsExXQQ.exe
  2⤵
  PID:4508
- C:\Windows\System\qzlIEkK.exe
  C:\Windows\System\qzlIEkK.exe
  2⤵
  PID:4584
- C:\Windows\System\LqfLgON.exe
  C:\Windows\System\LqfLgON.exe
  2⤵
  PID:4636
- C:\Windows\System\lZIYpxU.exe
  C:\Windows\System\lZIYpxU.exe
  2⤵
  PID:4648
- C:\Windows\System\vDqvMlt.exe
  C:\Windows\System\vDqvMlt.exe
  2⤵
  PID:4736
- C:\Windows\System\ylenbhO.exe
  C:\Windows\System\ylenbhO.exe
  2⤵
  PID:2276
- C:\Windows\System\VtpnaiR.exe
  C:\Windows\System\VtpnaiR.exe
  2⤵
  PID:4768
- C:\Windows\System\DjsEISN.exe
  C:\Windows\System\DjsEISN.exe
  2⤵
  PID:4892
- C:\Windows\System\BNMsYIJ.exe
  C:\Windows\System\BNMsYIJ.exe
  2⤵
  PID:4828
- C:\Windows\System\HrFHpjG.exe
  C:\Windows\System\HrFHpjG.exe
  2⤵
  PID:4912
- C:\Windows\System\XaRikgI.exe
  C:\Windows\System\XaRikgI.exe
  2⤵
  PID:4992
- C:\Windows\System\mJEHRIw.exe
  C:\Windows\System\mJEHRIw.exe
  2⤵
  PID:1760
- C:\Windows\System\eqWHiEP.exe
  C:\Windows\System\eqWHiEP.exe
  2⤵
  PID:2324
- C:\Windows\System\VSCFCLi.exe
  C:\Windows\System\VSCFCLi.exe
  2⤵
  PID:1144
- C:\Windows\System\QTUCOjZ.exe
  C:\Windows\System\QTUCOjZ.exe
  2⤵
  PID:2972
- C:\Windows\System\NLYOHzM.exe
  C:\Windows\System\NLYOHzM.exe
  2⤵
  PID:2020
- C:\Windows\System\YlOhQAp.exe
  C:\Windows\System\YlOhQAp.exe
  2⤵
  PID:2616
- C:\Windows\System\RcffwEC.exe
  C:\Windows\System\RcffwEC.exe
  2⤵
  PID:3148
- C:\Windows\System\xkKlMBb.exe
  C:\Windows\System\xkKlMBb.exe
  2⤵
  PID:2780
- C:\Windows\System\tofxikn.exe
  C:\Windows\System\tofxikn.exe
  2⤵
  PID:2056
- C:\Windows\System\lnwgipV.exe
  C:\Windows\System\lnwgipV.exe
  2⤵
  PID:388
- C:\Windows\System\SLhrcGo.exe
  C:\Windows\System\SLhrcGo.exe
  2⤵
  PID:2624
- C:\Windows\System\YrumQJR.exe
  C:\Windows\System\YrumQJR.exe
  2⤵
  PID:5016
- C:\Windows\System\iDRkPKP.exe
  C:\Windows\System\iDRkPKP.exe
  2⤵
  PID:3068
- C:\Windows\System\pCjEqZB.exe
  C:\Windows\System\pCjEqZB.exe
  2⤵
  PID:3536
- C:\Windows\System\ORdHuKh.exe
  C:\Windows\System\ORdHuKh.exe
  2⤵
  PID:3328
- C:\Windows\System\siNamAE.exe
  C:\Windows\System\siNamAE.exe
  2⤵
  PID:3152
- C:\Windows\System\HmlymDM.exe
  C:\Windows\System\HmlymDM.exe
  2⤵
  PID:4120
- C:\Windows\System\NhFtAyi.exe
  C:\Windows\System\NhFtAyi.exe
  2⤵
  PID:4024
- C:\Windows\System\IjskSjg.exe
  C:\Windows\System\IjskSjg.exe
  2⤵
  PID:2476
- C:\Windows\System\KsCTCTg.exe
  C:\Windows\System\KsCTCTg.exe
  2⤵
  PID:4136
- C:\Windows\System\LJitiNc.exe
  C:\Windows\System\LJitiNc.exe
  2⤵
  PID:4288
- C:\Windows\System\UsUaqzn.exe
  C:\Windows\System\UsUaqzn.exe
  2⤵
  PID:4304
- C:\Windows\System\uSosJDL.exe
  C:\Windows\System\uSosJDL.exe
  2⤵
  PID:4400
- C:\Windows\System\pdPxhfV.exe
  C:\Windows\System\pdPxhfV.exe
  2⤵
  PID:4404
- C:\Windows\System\amUAVqQ.exe
  C:\Windows\System\amUAVqQ.exe
  2⤵
  PID:4420
- C:\Windows\System\Juksdvs.exe
  C:\Windows\System\Juksdvs.exe
  2⤵
  PID:4488
- C:\Windows\System\gJoeOaS.exe
  C:\Windows\System\gJoeOaS.exe
  2⤵
  PID:4592
- C:\Windows\System\FfNfuoC.exe
  C:\Windows\System\FfNfuoC.exe
  2⤵
  PID:4692
- C:\Windows\System\svwIAfz.exe
  C:\Windows\System\svwIAfz.exe
  2⤵
  PID:4888
- C:\Windows\System\XtlOjhU.exe
  C:\Windows\System\XtlOjhU.exe
  2⤵
  PID:4952
- C:\Windows\System\eSYNspf.exe
  C:\Windows\System\eSYNspf.exe
  2⤵
  PID:5000
- C:\Windows\System\TItSBRY.exe
  C:\Windows\System\TItSBRY.exe
  2⤵
  PID:2192
- C:\Windows\System\WDtuBxE.exe
  C:\Windows\System\WDtuBxE.exe
  2⤵
  PID:5096
- C:\Windows\System\AOoyUbH.exe
  C:\Windows\System\AOoyUbH.exe
  2⤵
  PID:5040
- C:\Windows\System\ZBlCbci.exe
  C:\Windows\System\ZBlCbci.exe
  2⤵
  PID:1976
- C:\Windows\System\iSYQdVj.exe
  C:\Windows\System\iSYQdVj.exe
  2⤵
  PID:2772
- C:\Windows\System\mVrxsHO.exe
  C:\Windows\System\mVrxsHO.exe
  2⤵
  PID:1172
- C:\Windows\System\hqIrnMA.exe
  C:\Windows\System\hqIrnMA.exe
  2⤵
  PID:2116
- C:\Windows\System\fygIShS.exe
  C:\Windows\System\fygIShS.exe
  2⤵
  PID:4116
- C:\Windows\System\nkkApOz.exe
  C:\Windows\System\nkkApOz.exe
  2⤵
  PID:3292
- C:\Windows\System\FcwHZyv.exe
  C:\Windows\System\FcwHZyv.exe
  2⤵
  PID:3608
- C:\Windows\System\MLjjBMP.exe
  C:\Windows\System\MLjjBMP.exe
  2⤵
  PID:4284
- C:\Windows\System\vJnOJkK.exe
  C:\Windows\System\vJnOJkK.exe
  2⤵
  PID:4348
- C:\Windows\System\uesEmHm.exe
  C:\Windows\System\uesEmHm.exe
  2⤵
  PID:4884
- C:\Windows\System\nYcQzYG.exe
  C:\Windows\System\nYcQzYG.exe
  2⤵
  PID:2656
- C:\Windows\System\LwGLEPk.exe
  C:\Windows\System\LwGLEPk.exe
  2⤵
  PID:4632
- C:\Windows\System\lszuKUQ.exe
  C:\Windows\System\lszuKUQ.exe
  2⤵
  PID:3100
- C:\Windows\System\uSheaiV.exe
  C:\Windows\System\uSheaiV.exe
  2⤵
  PID:4004
- C:\Windows\System\YJYtDKc.exe
  C:\Windows\System\YJYtDKc.exe
  2⤵
  PID:2912
- C:\Windows\System\aXOKsdT.exe
  C:\Windows\System\aXOKsdT.exe
  2⤵
  PID:4504
- C:\Windows\System\yNPchLq.exe
  C:\Windows\System\yNPchLq.exe
  2⤵
  PID:2608
- C:\Windows\System\opohDTr.exe
  C:\Windows\System\opohDTr.exe
  2⤵
  PID:3116
- C:\Windows\System\cXAJCrT.exe
  C:\Windows\System\cXAJCrT.exe
  2⤵
  PID:2308
- C:\Windows\System\IVCKrtd.exe
  C:\Windows\System\IVCKrtd.exe
  2⤵
  PID:4524
- C:\Windows\System\HVLOKIX.exe
  C:\Windows\System\HVLOKIX.exe
  2⤵
  PID:4712
- C:\Windows\System\zfHgUZC.exe
  C:\Windows\System\zfHgUZC.exe
  2⤵
  PID:3164
- C:\Windows\System\JsUOiwq.exe
  C:\Windows\System\JsUOiwq.exe
  2⤵
  PID:4756
- C:\Windows\System\draHdts.exe
  C:\Windows\System\draHdts.exe
  2⤵
  PID:5128
- C:\Windows\System\ItEeOtE.exe
  C:\Windows\System\ItEeOtE.exe
  2⤵
  PID:5148
- C:\Windows\System\aLScMed.exe
  C:\Windows\System\aLScMed.exe
  2⤵
  PID:5168
- C:\Windows\System\vkBaHVy.exe
  C:\Windows\System\vkBaHVy.exe
  2⤵
  PID:5188
- C:\Windows\System\LZPdvnB.exe
  C:\Windows\System\LZPdvnB.exe
  2⤵
  PID:5204
- C:\Windows\System\auHStLx.exe
  C:\Windows\System\auHStLx.exe
  2⤵
  PID:5220
- C:\Windows\System\kKeYFFs.exe
  C:\Windows\System\kKeYFFs.exe
  2⤵
  PID:5236
- C:\Windows\System\bjNdmUA.exe
  C:\Windows\System\bjNdmUA.exe
  2⤵
  PID:5252
- C:\Windows\System\mIpwuZf.exe
  C:\Windows\System\mIpwuZf.exe
  2⤵
  PID:5268
- C:\Windows\System\GNJLbhj.exe
  C:\Windows\System\GNJLbhj.exe
  2⤵
  PID:5284
- C:\Windows\System\onhbTRz.exe
  C:\Windows\System\onhbTRz.exe
  2⤵
  PID:5300
- C:\Windows\System\dJiQSiJ.exe
  C:\Windows\System\dJiQSiJ.exe
  2⤵
  PID:5316
- C:\Windows\System\qSdNfoL.exe
  C:\Windows\System\qSdNfoL.exe
  2⤵
  PID:5332
- C:\Windows\System\bPVFDXL.exe
  C:\Windows\System\bPVFDXL.exe
  2⤵
  PID:5348
- C:\Windows\System\LVnVKGS.exe
  C:\Windows\System\LVnVKGS.exe
  2⤵
  PID:5364
- C:\Windows\System\uKIYrFx.exe
  C:\Windows\System\uKIYrFx.exe
  2⤵
  PID:5380
- C:\Windows\System\DYvHwsr.exe
  C:\Windows\System\DYvHwsr.exe
  2⤵
  PID:5396
- C:\Windows\System\bMMpZWn.exe
  C:\Windows\System\bMMpZWn.exe
  2⤵
  PID:5412
- C:\Windows\System\IplcRfv.exe
  C:\Windows\System\IplcRfv.exe
  2⤵
  PID:5428
- C:\Windows\System\XRKisFJ.exe
  C:\Windows\System\XRKisFJ.exe
  2⤵
  PID:5468
- C:\Windows\System\QcfiWVN.exe
  C:\Windows\System\QcfiWVN.exe
  2⤵
  PID:5484
- C:\Windows\System\fmonpjm.exe
  C:\Windows\System\fmonpjm.exe
  2⤵
  PID:5504
- C:\Windows\System\IPQaGAR.exe
  C:\Windows\System\IPQaGAR.exe
  2⤵
  PID:5520
- C:\Windows\System\PpQbzgH.exe
  C:\Windows\System\PpQbzgH.exe
  2⤵
  PID:5536
- C:\Windows\System\BeTcnYd.exe
  C:\Windows\System\BeTcnYd.exe
  2⤵
  PID:5552
- C:\Windows\System\UfWGetQ.exe
  C:\Windows\System\UfWGetQ.exe
  2⤵
  PID:5568
- C:\Windows\System\SMGXjPm.exe
  C:\Windows\System\SMGXjPm.exe
  2⤵
  PID:5584
- C:\Windows\System\LfAKFXp.exe
  C:\Windows\System\LfAKFXp.exe
  2⤵
  PID:5604
- C:\Windows\System\GXFyIDw.exe
  C:\Windows\System\GXFyIDw.exe
  2⤵
  PID:5620
- C:\Windows\System\HgMUDrn.exe
  C:\Windows\System\HgMUDrn.exe
  2⤵
  PID:5636
- C:\Windows\System\mUvlvEr.exe
  C:\Windows\System\mUvlvEr.exe
  2⤵
  PID:5652
- C:\Windows\System\KRCqNBE.exe
  C:\Windows\System\KRCqNBE.exe
  2⤵
  PID:5668
- C:\Windows\System\aqIXKyg.exe
  C:\Windows\System\aqIXKyg.exe
  2⤵
  PID:5684
- C:\Windows\System\uVgUEby.exe
  C:\Windows\System\uVgUEby.exe
  2⤵
  PID:5700
- C:\Windows\System\eqUpdmF.exe
  C:\Windows\System\eqUpdmF.exe
  2⤵
  PID:5716
- C:\Windows\System\YEDIMDs.exe
  C:\Windows\System\YEDIMDs.exe
  2⤵
  PID:5732
- C:\Windows\System\BIazCoD.exe
  C:\Windows\System\BIazCoD.exe
  2⤵
  PID:5748
- C:\Windows\System\TXijbJj.exe
  C:\Windows\System\TXijbJj.exe
  2⤵
  PID:5764
- C:\Windows\System\icrQCOm.exe
  C:\Windows\System\icrQCOm.exe
  2⤵
  PID:5780
- C:\Windows\System\oaxNsBB.exe
  C:\Windows\System\oaxNsBB.exe
  2⤵
  PID:5796
- C:\Windows\System\AZCoIRf.exe
  C:\Windows\System\AZCoIRf.exe
  2⤵
  PID:5812
- C:\Windows\System\WpUCCVn.exe
  C:\Windows\System\WpUCCVn.exe
  2⤵
  PID:5828
- C:\Windows\System\MoxMNKK.exe
  C:\Windows\System\MoxMNKK.exe
  2⤵
  PID:5892
- C:\Windows\System\AZtbNSV.exe
  C:\Windows\System\AZtbNSV.exe
  2⤵
  PID:5908
- C:\Windows\System\YNBAsuW.exe
  C:\Windows\System\YNBAsuW.exe
  2⤵
  PID:5924
- C:\Windows\System\RyMneaT.exe
  C:\Windows\System\RyMneaT.exe
  2⤵
  PID:5968
- C:\Windows\System\eTwqVqK.exe
  C:\Windows\System\eTwqVqK.exe
  2⤵
  PID:5984
- C:\Windows\System\FmWymXL.exe
  C:\Windows\System\FmWymXL.exe
  2⤵
  PID:6000
- C:\Windows\System\APiciCi.exe
  C:\Windows\System\APiciCi.exe
  2⤵
  PID:6016
- C:\Windows\System\vCIMqEj.exe
  C:\Windows\System\vCIMqEj.exe
  2⤵
  PID:6032
- C:\Windows\System\ygSnxKU.exe
  C:\Windows\System\ygSnxKU.exe
  2⤵
  PID:6048
- C:\Windows\System\jLHHpEw.exe
  C:\Windows\System\jLHHpEw.exe
  2⤵
  PID:6064
- C:\Windows\System\YlqBMca.exe
  C:\Windows\System\YlqBMca.exe
  2⤵
  PID:6080
- C:\Windows\System\kAGtDAC.exe
  C:\Windows\System\kAGtDAC.exe
  2⤵
  PID:6100
- C:\Windows\System\tetWeqJ.exe
  C:\Windows\System\tetWeqJ.exe
  2⤵
  PID:6116
- C:\Windows\System\RqHZGpw.exe
  C:\Windows\System\RqHZGpw.exe
  2⤵
  PID:6132
- C:\Windows\System\VwaloAx.exe
  C:\Windows\System\VwaloAx.exe
  2⤵
  PID:856
- C:\Windows\System\rLVgEcv.exe
  C:\Windows\System\rLVgEcv.exe
  2⤵
  PID:1020
- C:\Windows\System\xIcovOq.exe
  C:\Windows\System\xIcovOq.exe
  2⤵
  PID:4144
- C:\Windows\System\JLtNUhq.exe
  C:\Windows\System\JLtNUhq.exe
  2⤵
  PID:2092
- C:\Windows\System\aGHEsYG.exe
  C:\Windows\System\aGHEsYG.exe
  2⤵
  PID:1536
- C:\Windows\System\vLpfNmX.exe
  C:\Windows\System\vLpfNmX.exe
  2⤵
  PID:568
- C:\Windows\System\isCeEBs.exe
  C:\Windows\System\isCeEBs.exe
  2⤵
  PID:5144
- C:\Windows\System\PuwcOEA.exe
  C:\Windows\System\PuwcOEA.exe
  2⤵
  PID:2852
- C:\Windows\System\vtyqYAd.exe
  C:\Windows\System\vtyqYAd.exe
  2⤵
  PID:2024
- C:\Windows\System\lkQpwnB.exe
  C:\Windows\System\lkQpwnB.exe
  2⤵
  PID:5156
- C:\Windows\System\HboXYyr.exe
  C:\Windows\System\HboXYyr.exe
  2⤵
  PID:5216
- C:\Windows\System\vqWPgPP.exe
  C:\Windows\System\vqWPgPP.exe
  2⤵
  PID:5200
- C:\Windows\System\MvlOWMy.exe
  C:\Windows\System\MvlOWMy.exe
  2⤵
  PID:5276
- C:\Windows\System\VaRcXOm.exe
  C:\Windows\System\VaRcXOm.exe
  2⤵
  PID:5292
- C:\Windows\System\fJtxxic.exe
  C:\Windows\System\fJtxxic.exe
  2⤵
  PID:5244
- C:\Windows\System\CUxvnmR.exe
  C:\Windows\System\CUxvnmR.exe
  2⤵
  PID:5360
- C:\Windows\System\qPSmbkj.exe
  C:\Windows\System\qPSmbkj.exe
  2⤵
  PID:5392
- C:\Windows\System\EOYxooh.exe
  C:\Windows\System\EOYxooh.exe
  2⤵
  PID:5424
- C:\Windows\System\LJmHKJw.exe
  C:\Windows\System\LJmHKJw.exe
  2⤵
  PID:5496
- C:\Windows\System\krNdrtx.exe
  C:\Windows\System\krNdrtx.exe
  2⤵
  PID:5480
- C:\Windows\System\KGmpZZh.exe
  C:\Windows\System\KGmpZZh.exe
  2⤵
  PID:5532
- C:\Windows\System\QrIWcJo.exe
  C:\Windows\System\QrIWcJo.exe
  2⤵
  PID:5548
- C:\Windows\System\vyvJcUB.exe
  C:\Windows\System\vyvJcUB.exe
  2⤵
  PID:5596
- C:\Windows\System\cLrDEKM.exe
  C:\Windows\System\cLrDEKM.exe
  2⤵
  PID:5612
- C:\Windows\System\xiXMTVc.exe
  C:\Windows\System\xiXMTVc.exe
  2⤵
  PID:5648
- C:\Windows\System\ipDXqzT.exe
  C:\Windows\System\ipDXqzT.exe
  2⤵
  PID:5696
- C:\Windows\System\cQpVZph.exe
  C:\Windows\System\cQpVZph.exe
  2⤵
  PID:5676
- C:\Windows\System\nAjWOCe.exe
  C:\Windows\System\nAjWOCe.exe
  2⤵
  PID:5740
- C:\Windows\System\dZgcxnn.exe
  C:\Windows\System\dZgcxnn.exe
  2⤵
  PID:5820
- C:\Windows\System\ksDxJTl.exe
  C:\Windows\System\ksDxJTl.exe
  2⤵
  PID:5744
- C:\Windows\System\RLRnaRo.exe
  C:\Windows\System\RLRnaRo.exe
  2⤵
  PID:5756
- C:\Windows\System\JcLJUiX.exe
  C:\Windows\System\JcLJUiX.exe
  2⤵
  PID:5600
- C:\Windows\System\ohZQIFf.exe
  C:\Windows\System\ohZQIFf.exe
  2⤵
  PID:5868
- C:\Windows\System\yefUPsl.exe
  C:\Windows\System\yefUPsl.exe
  2⤵
  PID:5888
- C:\Windows\System\dOSdyau.exe
  C:\Windows\System\dOSdyau.exe
  2⤵
  PID:5904
- C:\Windows\System\qexRCgF.exe
  C:\Windows\System\qexRCgF.exe
  2⤵
  PID:5992
- C:\Windows\System\thFymtG.exe
  C:\Windows\System\thFymtG.exe
  2⤵
  PID:6024
- C:\Windows\System\wzdiDPG.exe
  C:\Windows\System\wzdiDPG.exe
  2⤵
  PID:6088
- C:\Windows\System\RfKddXV.exe
  C:\Windows\System\RfKddXV.exe
  2⤵
  PID:5976
- C:\Windows\System\DbHgdGZ.exe
  C:\Windows\System\DbHgdGZ.exe
  2⤵
  PID:6012
- C:\Windows\System\RahAPha.exe
  C:\Windows\System\RahAPha.exe
  2⤵
  PID:6076
- C:\Windows\System\JnGnyxi.exe
  C:\Windows\System\JnGnyxi.exe
  2⤵
  PID:6140
- C:\Windows\System\HHsiuHr.exe
  C:\Windows\System\HHsiuHr.exe
  2⤵
  PID:2316
- C:\Windows\System\baLOGzT.exe
  C:\Windows\System\baLOGzT.exe
  2⤵
  PID:3056
- C:\Windows\System\UOlMwNi.exe
  C:\Windows\System\UOlMwNi.exe
  2⤵
  PID:5196
- C:\Windows\System\wiJAQzS.exe
  C:\Windows\System\wiJAQzS.exe
  2⤵
  PID:5140
- C:\Windows\System\sPMVvVg.exe
  C:\Windows\System\sPMVvVg.exe
  2⤵
  PID:5212
- C:\Windows\System\PlUpTdG.exe
  C:\Windows\System\PlUpTdG.exe
  2⤵
  PID:5356
- C:\Windows\System\QVgXWSy.exe
  C:\Windows\System\QVgXWSy.exe
  2⤵
  PID:5260
- C:\Windows\System\pYZKgOl.exe
  C:\Windows\System\pYZKgOl.exe
  2⤵
  PID:5296
- C:\Windows\System\xkWLyag.exe
  C:\Windows\System\xkWLyag.exe
  2⤵
  PID:5544
- C:\Windows\System\NmwSJbu.exe
  C:\Windows\System\NmwSJbu.exe
  2⤵
  PID:5184
- C:\Windows\System\gOuucOx.exe
  C:\Windows\System\gOuucOx.exe
  2⤵
  PID:5516
- C:\Windows\System\WuVVsSq.exe
  C:\Windows\System\WuVVsSq.exe
  2⤵
  PID:5852
- C:\Windows\System\mJTgpOS.exe
  C:\Windows\System\mJTgpOS.exe
  2⤵
  PID:5884
- C:\Windows\System\CbWFXFI.exe
  C:\Windows\System\CbWFXFI.exe
  2⤵
  PID:5660
- C:\Windows\System\MzqwArg.exe
  C:\Windows\System\MzqwArg.exe
  2⤵
  PID:5792
- C:\Windows\System\YdsKPOW.exe
  C:\Windows\System\YdsKPOW.exe
  2⤵
  PID:5864
- C:\Windows\System\uQfZRpZ.exe
  C:\Windows\System\uQfZRpZ.exe
  2⤵
  PID:6060
- C:\Windows\System\LmjYIXo.exe
  C:\Windows\System\LmjYIXo.exe
  2⤵
  PID:4672
- C:\Windows\System\EGVnXqq.exe
  C:\Windows\System\EGVnXqq.exe
  2⤵
  PID:2284
- C:\Windows\System\CpaSefr.exe
  C:\Windows\System\CpaSefr.exe
  2⤵
  PID:6028
- C:\Windows\System\MGfnNci.exe
  C:\Windows\System\MGfnNci.exe
  2⤵
  PID:5492
- C:\Windows\System\AjcVEys.exe
  C:\Windows\System\AjcVEys.exe
  2⤵
  PID:6008
- C:\Windows\System\MXWPaDK.exe
  C:\Windows\System\MXWPaDK.exe
  2⤵
  PID:5728
- C:\Windows\System\JolsOug.exe
  C:\Windows\System\JolsOug.exe
  2⤵
  PID:6072
- C:\Windows\System\yhBVNRn.exe
  C:\Windows\System\yhBVNRn.exe
  2⤵
  PID:5124
- C:\Windows\System\SAUnAtq.exe
  C:\Windows\System\SAUnAtq.exe
  2⤵
  PID:5376
- C:\Windows\System\aRWuLEI.exe
  C:\Windows\System\aRWuLEI.exe
  2⤵
  PID:5836
- C:\Windows\System\cXcrebB.exe
  C:\Windows\System\cXcrebB.exe
  2⤵
  PID:2612
- C:\Windows\System\iYskveP.exe
  C:\Windows\System\iYskveP.exe
  2⤵
  PID:6044
- C:\Windows\System\TIezOBX.exe
  C:\Windows\System\TIezOBX.exe
  2⤵
  PID:5964
- C:\Windows\System\dwnawBV.exe
  C:\Windows\System\dwnawBV.exe
  2⤵
  PID:6160
- C:\Windows\System\vKALyCo.exe
  C:\Windows\System\vKALyCo.exe
  2⤵
  PID:6176
- C:\Windows\System\gduhepA.exe
  C:\Windows\System\gduhepA.exe
  2⤵
  PID:6192
- C:\Windows\System\uZkZqMy.exe
  C:\Windows\System\uZkZqMy.exe
  2⤵
  PID:6208
- C:\Windows\System\yJSAENn.exe
  C:\Windows\System\yJSAENn.exe
  2⤵
  PID:6224
- C:\Windows\System\wDMbKET.exe
  C:\Windows\System\wDMbKET.exe
  2⤵
  PID:6240
- C:\Windows\System\zIbbyFF.exe
  C:\Windows\System\zIbbyFF.exe
  2⤵
  PID:6256
- C:\Windows\System\GgXZIdC.exe
  C:\Windows\System\GgXZIdC.exe
  2⤵
  PID:6272
- C:\Windows\System\SbLvCrY.exe
  C:\Windows\System\SbLvCrY.exe
  2⤵
  PID:6288
- C:\Windows\System\oLszcMz.exe
  C:\Windows\System\oLszcMz.exe
  2⤵
  PID:6304
- C:\Windows\System\yHcVeAz.exe
  C:\Windows\System\yHcVeAz.exe
  2⤵
  PID:6320
- C:\Windows\System\fbYwhCY.exe
  C:\Windows\System\fbYwhCY.exe
  2⤵
  PID:6336
- C:\Windows\System\XxWhDDY.exe
  C:\Windows\System\XxWhDDY.exe
  2⤵
  PID:6352
- C:\Windows\System\dIrNGfz.exe
  C:\Windows\System\dIrNGfz.exe
  2⤵
  PID:6368
- C:\Windows\System\kyVNdox.exe
  C:\Windows\System\kyVNdox.exe
  2⤵
  PID:6384
- C:\Windows\System\wQdXREb.exe
  C:\Windows\System\wQdXREb.exe
  2⤵
  PID:6400
- C:\Windows\System\uBDGIeP.exe
  C:\Windows\System\uBDGIeP.exe
  2⤵
  PID:6416
- C:\Windows\System\KYkVrlk.exe
  C:\Windows\System\KYkVrlk.exe
  2⤵
  PID:6432
- C:\Windows\System\wxhQuJo.exe
  C:\Windows\System\wxhQuJo.exe
  2⤵
  PID:6448
- C:\Windows\System\MctcajG.exe
  C:\Windows\System\MctcajG.exe
  2⤵
  PID:6468
- C:\Windows\System\zRhmEVg.exe
  C:\Windows\System\zRhmEVg.exe
  2⤵
  PID:6484
- C:\Windows\System\gwnpPlf.exe
  C:\Windows\System\gwnpPlf.exe
  2⤵
  PID:6500
- C:\Windows\System\EnsUpPH.exe
  C:\Windows\System\EnsUpPH.exe
  2⤵
  PID:6516
- C:\Windows\System\xCznAtk.exe
  C:\Windows\System\xCznAtk.exe
  2⤵
  PID:6532
- C:\Windows\System\KIMWKuX.exe
  C:\Windows\System\KIMWKuX.exe
  2⤵
  PID:6548
- C:\Windows\System\lkWiHpu.exe
  C:\Windows\System\lkWiHpu.exe
  2⤵
  PID:6564
- C:\Windows\System\IdPNOUZ.exe
  C:\Windows\System\IdPNOUZ.exe
  2⤵
  PID:6580
- C:\Windows\System\dawDdIf.exe
  C:\Windows\System\dawDdIf.exe
  2⤵
  PID:6596
- C:\Windows\System\aqYSsPs.exe
  C:\Windows\System\aqYSsPs.exe
  2⤵
  PID:6612
- C:\Windows\System\EbuWVig.exe
  C:\Windows\System\EbuWVig.exe
  2⤵
  PID:6628
- C:\Windows\System\CEbpmew.exe
  C:\Windows\System\CEbpmew.exe
  2⤵
  PID:6644
- C:\Windows\System\RwWLwra.exe
  C:\Windows\System\RwWLwra.exe
  2⤵
  PID:6660
- C:\Windows\System\dneznCY.exe
  C:\Windows\System\dneznCY.exe
  2⤵
  PID:6676
- C:\Windows\System\SVCyAMv.exe
  C:\Windows\System\SVCyAMv.exe
  2⤵
  PID:6692
- C:\Windows\System\sxQgoHr.exe
  C:\Windows\System\sxQgoHr.exe
  2⤵
  PID:6708
- C:\Windows\System\SNjBNOW.exe
  C:\Windows\System\SNjBNOW.exe
  2⤵
  PID:6724
- C:\Windows\System\RffpeXy.exe
  C:\Windows\System\RffpeXy.exe
  2⤵
  PID:6740
- C:\Windows\System\UGAfCtI.exe
  C:\Windows\System\UGAfCtI.exe
  2⤵
  PID:6756
- C:\Windows\System\rZzzXQM.exe
  C:\Windows\System\rZzzXQM.exe
  2⤵
  PID:6772
- C:\Windows\System\keRhdTj.exe
  C:\Windows\System\keRhdTj.exe
  2⤵
  PID:6788
- C:\Windows\System\glkVCeH.exe
  C:\Windows\System\glkVCeH.exe
  2⤵
  PID:6804
- C:\Windows\System\aqZueFk.exe
  C:\Windows\System\aqZueFk.exe
  2⤵
  PID:6820
- C:\Windows\System\iRUAtdg.exe
  C:\Windows\System\iRUAtdg.exe
  2⤵
  PID:6836
- C:\Windows\System\OdIoeoa.exe
  C:\Windows\System\OdIoeoa.exe
  2⤵
  PID:6852
- C:\Windows\System\Xrxknvk.exe
  C:\Windows\System\Xrxknvk.exe
  2⤵
  PID:6868
- C:\Windows\System\LIjdjMY.exe
  C:\Windows\System\LIjdjMY.exe
  2⤵
  PID:6884
- C:\Windows\System\wfRqIcG.exe
  C:\Windows\System\wfRqIcG.exe
  2⤵
  PID:6900
- C:\Windows\System\FWukrIB.exe
  C:\Windows\System\FWukrIB.exe
  2⤵
  PID:6916
- C:\Windows\System\jJXKcvh.exe
  C:\Windows\System\jJXKcvh.exe
  2⤵
  PID:6940
- C:\Windows\System\YQSoUsZ.exe
  C:\Windows\System\YQSoUsZ.exe
  2⤵
  PID:6960
- C:\Windows\System\OxSFvEc.exe
  C:\Windows\System\OxSFvEc.exe
  2⤵
  PID:6976
- C:\Windows\System\fXLHdCL.exe
  C:\Windows\System\fXLHdCL.exe
  2⤵
  PID:6992
- C:\Windows\System\lazJuJu.exe
  C:\Windows\System\lazJuJu.exe
  2⤵
  PID:7008
- C:\Windows\System\FvCWrJi.exe
  C:\Windows\System\FvCWrJi.exe
  2⤵
  PID:7024
- C:\Windows\System\GBYoYHH.exe
  C:\Windows\System\GBYoYHH.exe
  2⤵
  PID:7040
- C:\Windows\System\oyAZbYR.exe
  C:\Windows\System\oyAZbYR.exe
  2⤵
  PID:7056
- C:\Windows\System\bvkCFJe.exe
  C:\Windows\System\bvkCFJe.exe
  2⤵
  PID:7072
- C:\Windows\System\NArhwhF.exe
  C:\Windows\System\NArhwhF.exe
  2⤵
  PID:7088
- C:\Windows\System\riaRgzn.exe
  C:\Windows\System\riaRgzn.exe
  2⤵
  PID:7104
- C:\Windows\System\zfykWVu.exe
  C:\Windows\System\zfykWVu.exe
  2⤵
  PID:7120
- C:\Windows\System\YwgIHNW.exe
  C:\Windows\System\YwgIHNW.exe
  2⤵
  PID:7144
- C:\Windows\System\rkIgNMq.exe
  C:\Windows\System\rkIgNMq.exe
  2⤵
  PID:7160
- C:\Windows\System\PbZOOgO.exe
  C:\Windows\System\PbZOOgO.exe
  2⤵
  PID:6172
- C:\Windows\System\kIfppcj.exe
  C:\Windows\System\kIfppcj.exe
  2⤵
  PID:5712
- C:\Windows\System\GsVIqjP.exe
  C:\Windows\System\GsVIqjP.exe
  2⤵
  PID:5788
- C:\Windows\System\GYpSUtD.exe
  C:\Windows\System\GYpSUtD.exe
  2⤵
  PID:6188
- C:\Windows\System\ZHckVvI.exe
  C:\Windows\System\ZHckVvI.exe
  2⤵
  PID:5920
- C:\Windows\System\ZljaOkX.exe
  C:\Windows\System\ZljaOkX.exe
  2⤵
  PID:5680
- C:\Windows\System\tuZdlTS.exe
  C:\Windows\System\tuZdlTS.exe
  2⤵
  PID:6252
- C:\Windows\System\OJoVrFK.exe
  C:\Windows\System\OJoVrFK.exe
  2⤵
  PID:6492
- C:\Windows\System\BlYNphr.exe
  C:\Windows\System\BlYNphr.exe
  2⤵
  PID:6316
- C:\Windows\System\gXgzkeg.exe
  C:\Windows\System\gXgzkeg.exe
  2⤵
  PID:6344
- C:\Windows\System\qUkmHQF.exe
  C:\Windows\System\qUkmHQF.exe
  2⤵
  PID:6380
- C:\Windows\System\CKsNTBO.exe
  C:\Windows\System\CKsNTBO.exe
  2⤵
  PID:6444
- C:\Windows\System\xfHBHrI.exe
  C:\Windows\System\xfHBHrI.exe
  2⤵
  PID:6588
- C:\Windows\System\doIopuh.exe
  C:\Windows\System\doIopuh.exe
  2⤵
  PID:6508
- C:\Windows\System\SwAdoHU.exe
  C:\Windows\System\SwAdoHU.exe
  2⤵
  PID:6684
- C:\Windows\System\uSrWebc.exe
  C:\Windows\System\uSrWebc.exe
  2⤵
  PID:6720
- C:\Windows\System\XsONWYp.exe
  C:\Windows\System\XsONWYp.exe
  2⤵
  PID:6784
- C:\Windows\System\WLlihAb.exe
  C:\Windows\System\WLlihAb.exe
  2⤵
  PID:6604
- C:\Windows\System\vlsnnip.exe
  C:\Windows\System\vlsnnip.exe
  2⤵
  PID:6672
- C:\Windows\System\ImvDEUF.exe
  C:\Windows\System\ImvDEUF.exe
  2⤵
  PID:6732
- C:\Windows\System\LeKNMZr.exe
  C:\Windows\System\LeKNMZr.exe
  2⤵
  PID:6848
- C:\Windows\System\DqEBjjM.exe
  C:\Windows\System\DqEBjjM.exe
  2⤵
  PID:6828
- C:\Windows\System\XtMIfpr.exe
  C:\Windows\System\XtMIfpr.exe
  2⤵
  PID:6908
- C:\Windows\System\oEsEbPM.exe
  C:\Windows\System\oEsEbPM.exe
  2⤵
  PID:6864
- C:\Windows\System\UJyFbiP.exe
  C:\Windows\System\UJyFbiP.exe
  2⤵
  PID:6948
- C:\Windows\System\CrbJIGR.exe
  C:\Windows\System\CrbJIGR.exe
  2⤵
  PID:6972
- C:\Windows\System\JxwHCBK.exe
  C:\Windows\System\JxwHCBK.exe
  2⤵
  PID:7016
- C:\Windows\System\iCcsiqV.exe
  C:\Windows\System\iCcsiqV.exe
  2⤵
  PID:7080
- C:\Windows\System\jVRUMuu.exe
  C:\Windows\System\jVRUMuu.exe
  2⤵
  PID:7064
- C:\Windows\System\fXnmSUo.exe
  C:\Windows\System\fXnmSUo.exe
  2⤵
  PID:7100
- C:\Windows\System\YSJuJrG.exe
  C:\Windows\System\YSJuJrG.exe
  2⤵
  PID:7116
- C:\Windows\System\XdFYNEo.exe
  C:\Windows\System\XdFYNEo.exe
  2⤵
  PID:7136
- C:\Windows\System\ANudnDU.exe
  C:\Windows\System\ANudnDU.exe
  2⤵
  PID:6204
- C:\Windows\System\pQQNUOE.exe
  C:\Windows\System\pQQNUOE.exe
  2⤵
  PID:6112
- C:\Windows\System\ICcJAfn.exe
  C:\Windows\System\ICcJAfn.exe
  2⤵
  PID:6236
- C:\Windows\System\gqZNqBo.exe
  C:\Windows\System\gqZNqBo.exe
  2⤵
  PID:5628
- C:\Windows\System\MzpQojO.exe
  C:\Windows\System\MzpQojO.exe
  2⤵
  PID:6152
- C:\Windows\System\tGgrmDK.exe
  C:\Windows\System\tGgrmDK.exe
  2⤵
  PID:6268
- C:\Windows\System\zscSvKa.exe
  C:\Windows\System\zscSvKa.exe
  2⤵
  PID:6280
- C:\Windows\System\MWAruaA.exe
  C:\Windows\System\MWAruaA.exe
  2⤵
  PID:6392
- C:\Windows\System\kiZdudU.exe
  C:\Windows\System\kiZdudU.exe
  2⤵
  PID:6284
- C:\Windows\System\jvWurKy.exe
  C:\Windows\System\jvWurKy.exe
  2⤵
  PID:6412
- C:\Windows\System\bLwtgZb.exe
  C:\Windows\System\bLwtgZb.exe
  2⤵
  PID:6428
- C:\Windows\System\IHszYNr.exe
  C:\Windows\System\IHszYNr.exe
  2⤵
  PID:6540
- C:\Windows\System\iAHTJPD.exe
  C:\Windows\System\iAHTJPD.exe
  2⤵
  PID:6656
- C:\Windows\System\WYQUhks.exe
  C:\Windows\System\WYQUhks.exe
  2⤵
  PID:6572
- C:\Windows\System\WzfWaoE.exe
  C:\Windows\System\WzfWaoE.exe
  2⤵
  PID:6796
- C:\Windows\System\PLVPEux.exe
  C:\Windows\System\PLVPEux.exe
  2⤵
  PID:6780
- C:\Windows\System\sjBMvTj.exe
  C:\Windows\System\sjBMvTj.exe
  2⤵
  PID:6844
- C:\Windows\System\OZLobQv.exe
  C:\Windows\System\OZLobQv.exe
  2⤵
  PID:6896
- C:\Windows\System\OwMOtqU.exe
  C:\Windows\System\OwMOtqU.exe
  2⤵
  PID:7048
- C:\Windows\System\VSrGswU.exe
  C:\Windows\System\VSrGswU.exe
  2⤵
  PID:7000
- C:\Windows\System\RvZLedx.exe
  C:\Windows\System\RvZLedx.exe
  2⤵
  PID:7156
- C:\Windows\System\ThERjEw.exe
  C:\Windows\System\ThERjEw.exe
  2⤵
  PID:7140
- C:\Windows\System\wVvrMdr.exe
  C:\Windows\System\wVvrMdr.exe
  2⤵
  PID:5848
- C:\Windows\System\OyErhro.exe
  C:\Windows\System\OyErhro.exe
  2⤵
  PID:4676
- C:\Windows\System\FrbhXqu.exe
  C:\Windows\System\FrbhXqu.exe
  2⤵
  PID:5876
- C:\Windows\System\yVXRULG.exe
  C:\Windows\System\yVXRULG.exe
  2⤵
  PID:6424
- C:\Windows\System\NhWQGmw.exe
  C:\Windows\System\NhWQGmw.exe
  2⤵
  PID:6496
- C:\Windows\System\DrJVytk.exe
  C:\Windows\System\DrJVytk.exe
  2⤵
  PID:6480
- C:\Windows\System\HFgexgu.exe
  C:\Windows\System\HFgexgu.exe
  2⤵
  PID:6456
- C:\Windows\System\nvWypos.exe
  C:\Windows\System\nvWypos.exe
  2⤵
  PID:6984
- C:\Windows\System\nxcuGjB.exe
  C:\Windows\System\nxcuGjB.exe
  2⤵
  PID:5592
- C:\Windows\System\zaYrJXp.exe
  C:\Windows\System\zaYrJXp.exe
  2⤵
  PID:6376
- C:\Windows\System\mVAJNXW.exe
  C:\Windows\System\mVAJNXW.exe
  2⤵
  PID:6640
- C:\Windows\System\zEifIzr.exe
  C:\Windows\System\zEifIzr.exe
  2⤵
  PID:7152
- C:\Windows\System\rxvFmTw.exe
  C:\Windows\System\rxvFmTw.exe
  2⤵
  PID:6860
- C:\Windows\System\QtmCNmH.exe
  C:\Windows\System\QtmCNmH.exe
  2⤵
  PID:6300
- C:\Windows\System\tqQuSwi.exe
  C:\Windows\System\tqQuSwi.exe
  2⤵
  PID:2256
- C:\Windows\System\LuqtEbL.exe
  C:\Windows\System\LuqtEbL.exe
  2⤵
  PID:7180
- C:\Windows\System\zRniDXU.exe
  C:\Windows\System\zRniDXU.exe
  2⤵
  PID:7196
- C:\Windows\System\zxEdqWH.exe
  C:\Windows\System\zxEdqWH.exe
  2⤵
  PID:7212
- C:\Windows\System\cKjHBqV.exe
  C:\Windows\System\cKjHBqV.exe
  2⤵
  PID:7228
- C:\Windows\System\vyXhzLn.exe
  C:\Windows\System\vyXhzLn.exe
  2⤵
  PID:7244
- C:\Windows\System\hDmTBVA.exe
  C:\Windows\System\hDmTBVA.exe
  2⤵
  PID:7260
- C:\Windows\System\xBCPrfC.exe
  C:\Windows\System\xBCPrfC.exe
  2⤵
  PID:7276
- C:\Windows\System\HkuXWJB.exe
  C:\Windows\System\HkuXWJB.exe
  2⤵
  PID:7292
- C:\Windows\System\sSlrbip.exe
  C:\Windows\System\sSlrbip.exe
  2⤵
  PID:7308
- C:\Windows\System\bhlxJXk.exe
  C:\Windows\System\bhlxJXk.exe
  2⤵
  PID:7324
- C:\Windows\System\npEQAGc.exe
  C:\Windows\System\npEQAGc.exe
  2⤵
  PID:7340
- C:\Windows\System\ruGCfJq.exe
  C:\Windows\System\ruGCfJq.exe
  2⤵
  PID:7356
- C:\Windows\System\hJEChpj.exe
  C:\Windows\System\hJEChpj.exe
  2⤵
  PID:7372
- C:\Windows\System\AyGKTVm.exe
  C:\Windows\System\AyGKTVm.exe
  2⤵
  PID:7388
- C:\Windows\System\ogFdwgX.exe
  C:\Windows\System\ogFdwgX.exe
  2⤵
  PID:7408
- C:\Windows\System\WlzsdEv.exe
  C:\Windows\System\WlzsdEv.exe
  2⤵
  PID:7428
- C:\Windows\System\fkDPvPd.exe
  C:\Windows\System\fkDPvPd.exe
  2⤵
  PID:7444
- C:\Windows\System\JTujxiW.exe
  C:\Windows\System\JTujxiW.exe
  2⤵
  PID:7460
- C:\Windows\System\cGNckEr.exe
  C:\Windows\System\cGNckEr.exe
  2⤵
  PID:7476
- C:\Windows\System\yHLqKbr.exe
  C:\Windows\System\yHLqKbr.exe
  2⤵
  PID:7492
- C:\Windows\System\RfFEobe.exe
  C:\Windows\System\RfFEobe.exe
  2⤵
  PID:7508
- C:\Windows\System\jLEhgEI.exe
  C:\Windows\System\jLEhgEI.exe
  2⤵
  PID:7524
- C:\Windows\System\lShbKNn.exe
  C:\Windows\System\lShbKNn.exe
  2⤵
  PID:7540
- C:\Windows\System\xajUoOC.exe
  C:\Windows\System\xajUoOC.exe
  2⤵
  PID:7556
- C:\Windows\System\ZNbTsef.exe
  C:\Windows\System\ZNbTsef.exe
  2⤵
  PID:7572
- C:\Windows\System\EZFyGTO.exe
  C:\Windows\System\EZFyGTO.exe
  2⤵
  PID:7588
- C:\Windows\System\LrTVuha.exe
  C:\Windows\System\LrTVuha.exe
  2⤵
  PID:7604
- C:\Windows\System\MpxxgtE.exe
  C:\Windows\System\MpxxgtE.exe
  2⤵
  PID:7620
- C:\Windows\System\jDxAbqv.exe
  C:\Windows\System\jDxAbqv.exe
  2⤵
  PID:7636
- C:\Windows\System\OFCkaWN.exe
  C:\Windows\System\OFCkaWN.exe
  2⤵
  PID:7652
- C:\Windows\System\YPTYLGq.exe
  C:\Windows\System\YPTYLGq.exe
  2⤵
  PID:7668
- C:\Windows\System\wPbPKZY.exe
  C:\Windows\System\wPbPKZY.exe
  2⤵
  PID:7688
- C:\Windows\System\TwBjswW.exe
  C:\Windows\System\TwBjswW.exe
  2⤵
  PID:7704
- C:\Windows\System\DTLkEus.exe
  C:\Windows\System\DTLkEus.exe
  2⤵
  PID:7720
- C:\Windows\System\EQoqXij.exe
  C:\Windows\System\EQoqXij.exe
  2⤵
  PID:7736
- C:\Windows\System\uiBvqqI.exe
  C:\Windows\System\uiBvqqI.exe
  2⤵
  PID:7752
- C:\Windows\System\vLYmBOo.exe
  C:\Windows\System\vLYmBOo.exe
  2⤵
  PID:7768
- C:\Windows\System\quMnnwp.exe
  C:\Windows\System\quMnnwp.exe
  2⤵
  PID:7784
- C:\Windows\System\oghbRpT.exe
  C:\Windows\System\oghbRpT.exe
  2⤵
  PID:7800
- C:\Windows\System\SjHsnkR.exe
  C:\Windows\System\SjHsnkR.exe
  2⤵
  PID:7816
- C:\Windows\System\SxtqCHm.exe
  C:\Windows\System\SxtqCHm.exe
  2⤵
  PID:7832
- C:\Windows\System\sSTlRPQ.exe
  C:\Windows\System\sSTlRPQ.exe
  2⤵
  PID:7848
- C:\Windows\System\gPwnjTx.exe
  C:\Windows\System\gPwnjTx.exe
  2⤵
  PID:7864
- C:\Windows\System\JSpuxTk.exe
  C:\Windows\System\JSpuxTk.exe
  2⤵
  PID:7880
- C:\Windows\System\czMLHNy.exe
  C:\Windows\System\czMLHNy.exe
  2⤵
  PID:7896
- C:\Windows\System\lgFEUtq.exe
  C:\Windows\System\lgFEUtq.exe
  2⤵
  PID:7912
- C:\Windows\System\bDmsMxY.exe
  C:\Windows\System\bDmsMxY.exe
  2⤵
  PID:7928
- C:\Windows\System\jfVXDJh.exe
  C:\Windows\System\jfVXDJh.exe
  2⤵
  PID:7944
- C:\Windows\System\OQCojgR.exe
  C:\Windows\System\OQCojgR.exe
  2⤵
  PID:7960
- C:\Windows\System\wLKmmvk.exe
  C:\Windows\System\wLKmmvk.exe
  2⤵
  PID:7976
- C:\Windows\System\UKlLJMw.exe
  C:\Windows\System\UKlLJMw.exe
  2⤵
  PID:7992
- C:\Windows\System\GcyCxjs.exe
  C:\Windows\System\GcyCxjs.exe
  2⤵
  PID:8008
- C:\Windows\System\OztxGfE.exe
  C:\Windows\System\OztxGfE.exe
  2⤵
  PID:8024
- C:\Windows\System\uDsvcKJ.exe
  C:\Windows\System\uDsvcKJ.exe
  2⤵
  PID:8040
- C:\Windows\System\nBNFraX.exe
  C:\Windows\System\nBNFraX.exe
  2⤵
  PID:8056
- C:\Windows\System\PQLeEgb.exe
  C:\Windows\System\PQLeEgb.exe
  2⤵
  PID:8072
- C:\Windows\System\XfmLSWB.exe
  C:\Windows\System\XfmLSWB.exe
  2⤵
  PID:8088
- C:\Windows\System\YqbQxDY.exe
  C:\Windows\System\YqbQxDY.exe
  2⤵
  PID:8104
- C:\Windows\System\WBFtnmr.exe
  C:\Windows\System\WBFtnmr.exe
  2⤵
  PID:8120
- C:\Windows\System\zPuHwPb.exe
  C:\Windows\System\zPuHwPb.exe
  2⤵
  PID:8136
- C:\Windows\System\MTUOboI.exe
  C:\Windows\System\MTUOboI.exe
  2⤵
  PID:8156
- C:\Windows\System\TfeoYys.exe
  C:\Windows\System\TfeoYys.exe
  2⤵
  PID:8172
- C:\Windows\System\vhVdSYr.exe
  C:\Windows\System\vhVdSYr.exe
  2⤵
  PID:8188
- C:\Windows\System\kbsFwIn.exe
  C:\Windows\System\kbsFwIn.exe
  2⤵
  PID:6716
- C:\Windows\System\lYqCfqu.exe
  C:\Windows\System\lYqCfqu.exe
  2⤵
  PID:6476
- C:\Windows\System\RAMkkUw.exe
  C:\Windows\System\RAMkkUw.exe
  2⤵
  PID:6184
- C:\Windows\System\FRtvmtD.exe
  C:\Windows\System\FRtvmtD.exe
  2⤵
  PID:7236
- C:\Windows\System\qGElsYA.exe
  C:\Windows\System\qGElsYA.exe
  2⤵
  PID:7192
- C:\Windows\System\crJobhm.exe
  C:\Windows\System\crJobhm.exe
  2⤵
  PID:7272
- C:\Windows\System\vWNitxS.exe
  C:\Windows\System\vWNitxS.exe
  2⤵
  PID:7256
- C:\Windows\System\GryOajO.exe
  C:\Windows\System\GryOajO.exe
  2⤵
  PID:7396
- C:\Windows\System\JGCrnqw.exe
  C:\Windows\System\JGCrnqw.exe
  2⤵
  PID:7320
- C:\Windows\System\xNSMapb.exe
  C:\Windows\System\xNSMapb.exe
  2⤵
  PID:7384
- C:\Windows\System\hulxqRA.exe
  C:\Windows\System\hulxqRA.exe
  2⤵
  PID:7468
- C:\Windows\System\bWliDZX.exe
  C:\Windows\System\bWliDZX.exe
  2⤵
  PID:7536
- C:\Windows\System\OfhyfEc.exe
  C:\Windows\System\OfhyfEc.exe
  2⤵
  PID:2336
- C:\Windows\System\inCVxvc.exe
  C:\Windows\System\inCVxvc.exe
  2⤵
  PID:7424
- C:\Windows\System\wxUUVTd.exe
  C:\Windows\System\wxUUVTd.exe
  2⤵
  PID:2088
- C:\Windows\System\hciPcKt.exe
  C:\Windows\System\hciPcKt.exe
  2⤵
  PID:7632
- C:\Windows\System\RdqJCeT.exe
  C:\Windows\System\RdqJCeT.exe
  2⤵
  PID:960
- C:\Windows\System\KAHIrFU.exe
  C:\Windows\System\KAHIrFU.exe
  2⤵
  PID:7552
- C:\Windows\System\YJqJrEx.exe
  C:\Windows\System\YJqJrEx.exe
  2⤵
  PID:7644
- C:\Windows\System\DBfjPpd.exe
  C:\Windows\System\DBfjPpd.exe
  2⤵
  PID:7676
- C:\Windows\System\hzLzAcQ.exe
  C:\Windows\System\hzLzAcQ.exe
  2⤵
  PID:7700
- C:\Windows\System\prOGPmp.exe
  C:\Windows\System\prOGPmp.exe
  2⤵
  PID:7712
- C:\Windows\System\QdxmjqI.exe
  C:\Windows\System\QdxmjqI.exe
  2⤵
  PID:7780
- C:\Windows\System\ROUdBoz.exe
  C:\Windows\System\ROUdBoz.exe
  2⤵
  PID:7844
- C:\Windows\System\CgWfJWt.exe
  C:\Windows\System\CgWfJWt.exe
  2⤵
  PID:7828
- C:\Windows\System\LpnzDzp.exe
  C:\Windows\System\LpnzDzp.exe
  2⤵
  PID:7792
- C:\Windows\System\KgzSGFt.exe
  C:\Windows\System\KgzSGFt.exe
  2⤵
  PID:7936
- C:\Windows\System\VTKjwSs.exe
  C:\Windows\System\VTKjwSs.exe
  2⤵
  PID:7860
- C:\Windows\System\mjiuYrl.exe
  C:\Windows\System\mjiuYrl.exe
  2⤵
  PID:7924
- C:\Windows\System\emUKBHm.exe
  C:\Windows\System\emUKBHm.exe
  2⤵
  PID:7984
- C:\Windows\System\tiWSSJC.exe
  C:\Windows\System\tiWSSJC.exe
  2⤵
  PID:8036
- C:\Windows\System\Kqjrftl.exe
  C:\Windows\System\Kqjrftl.exe
  2⤵
  PID:8016
- C:\Windows\System\fcRodXU.exe
  C:\Windows\System\fcRodXU.exe
  2⤵
  PID:8128
- C:\Windows\System\ZCntkgQ.exe
  C:\Windows\System\ZCntkgQ.exe
  2⤵
  PID:8112
- C:\Windows\System\JVpCpnN.exe
  C:\Windows\System\JVpCpnN.exe
  2⤵
  PID:8148
- C:\Windows\System\HUxnTVk.exe
  C:\Windows\System\HUxnTVk.exe
  2⤵
  PID:6528
- C:\Windows\System\CqsRcNF.exe
  C:\Windows\System\CqsRcNF.exe
  2⤵
  PID:6200
- C:\Windows\System\hSGCSfE.exe
  C:\Windows\System\hSGCSfE.exe
  2⤵
  PID:7224
- C:\Windows\System\cuNQjBO.exe
  C:\Windows\System\cuNQjBO.exe
  2⤵
  PID:2980
- C:\Windows\System\WrNkijT.exe
  C:\Windows\System\WrNkijT.exe
  2⤵
  PID:7364
- C:\Windows\System\CnDHbZx.exe
  C:\Windows\System\CnDHbZx.exe
  2⤵
  PID:7288
- C:\Windows\System\OqqOwKN.exe
  C:\Windows\System\OqqOwKN.exe
  2⤵
  PID:7532
- C:\Windows\System\HcWbAsF.exe
  C:\Windows\System\HcWbAsF.exe
  2⤵
  PID:2536
- C:\Windows\System\TELdLDL.exe
  C:\Windows\System\TELdLDL.exe
  2⤵
  PID:7440
- C:\Windows\System\QpKlMEK.exe
  C:\Windows\System\QpKlMEK.exe
  2⤵
  PID:7648
- C:\Windows\System\glmbPgx.exe
  C:\Windows\System\glmbPgx.exe
  2⤵
  PID:8152
- C:\Windows\System\rtcVhPb.exe
  C:\Windows\System\rtcVhPb.exe
  2⤵
  PID:7484
- C:\Windows\System\rTsqnbt.exe
  C:\Windows\System\rTsqnbt.exe
  2⤵
  PID:7904
- C:\Windows\System\OzlCqNs.exe
  C:\Windows\System\OzlCqNs.exe
  2⤵
  PID:7764
- C:\Windows\System\BUMywkX.exe
  C:\Windows\System\BUMywkX.exe
  2⤵
  PID:7968
- C:\Windows\System\fRQUcxa.exe
  C:\Windows\System\fRQUcxa.exe
  2⤵
  PID:7908
- C:\Windows\System\pDnAnrX.exe
  C:\Windows\System\pDnAnrX.exe
  2⤵
  PID:8068
- C:\Windows\System\YgiLnVI.exe
  C:\Windows\System\YgiLnVI.exe
  2⤵
  PID:8032
- C:\Windows\System\jHBCDgr.exe
  C:\Windows\System\jHBCDgr.exe
  2⤵
  PID:8052
- C:\Windows\System\ESYtdix.exe
  C:\Windows\System\ESYtdix.exe
  2⤵
  PID:8184
- C:\Windows\System\ESECEom.exe
  C:\Windows\System\ESECEom.exe
  2⤵
  PID:7172
- C:\Windows\System\DpeQQzH.exe
  C:\Windows\System\DpeQQzH.exe
  2⤵
  PID:7368
- C:\Windows\System\mxSxwbM.exe
  C:\Windows\System\mxSxwbM.exe
  2⤵
  PID:7520
- C:\Windows\System\ueRPnfh.exe
  C:\Windows\System\ueRPnfh.exe
  2⤵
  PID:7332
- C:\Windows\System\NqTwGMk.exe
  C:\Windows\System\NqTwGMk.exe
  2⤵
  PID:7568
- C:\Windows\System\BHShuNc.exe
  C:\Windows\System\BHShuNc.exe
  2⤵
  PID:1664
- C:\Windows\System\OpRRBBx.exe
  C:\Windows\System\OpRRBBx.exe
  2⤵
  PID:7456
- C:\Windows\System\XGaYDoq.exe
  C:\Windows\System\XGaYDoq.exe
  2⤵
  PID:7612
- C:\Windows\System\PjfQaUs.exe
  C:\Windows\System\PjfQaUs.exe
  2⤵
  PID:8048
- C:\Windows\System\AUcbUXL.exe
  C:\Windows\System\AUcbUXL.exe
  2⤵
  PID:7204
- C:\Windows\System\LnaJYQY.exe
  C:\Windows\System\LnaJYQY.exe
  2⤵
  PID:7132
- C:\Windows\System\eCzRMdw.exe
  C:\Windows\System\eCzRMdw.exe
  2⤵
  PID:1212
- C:\Windows\System\mfKjkUi.exe
  C:\Windows\System\mfKjkUi.exe
  2⤵
  PID:7920
- C:\Windows\System\oVNDbwk.exe
  C:\Windows\System\oVNDbwk.exe
  2⤵
  PID:7812
- C:\Windows\System\nEqamxy.exe
  C:\Windows\System\nEqamxy.exe
  2⤵
  PID:8116
- C:\Windows\System\mrMgGAS.exe
  C:\Windows\System\mrMgGAS.exe
  2⤵
  PID:8004
- C:\Windows\System\lgCtVLX.exe
  C:\Windows\System\lgCtVLX.exe
  2⤵
  PID:8196
- C:\Windows\System\CxiNaCN.exe
  C:\Windows\System\CxiNaCN.exe
  2⤵
  PID:8212
- C:\Windows\System\HZXITGI.exe
  C:\Windows\System\HZXITGI.exe
  2⤵
  PID:8228
- C:\Windows\System\pVPqyEG.exe
  C:\Windows\System\pVPqyEG.exe
  2⤵
  PID:8244
- C:\Windows\System\egHpovo.exe
  C:\Windows\System\egHpovo.exe
  2⤵
  PID:8260
- C:\Windows\System\Fsyqfgm.exe
  C:\Windows\System\Fsyqfgm.exe
  2⤵
  PID:8276
- C:\Windows\System\xoeBsZO.exe
  C:\Windows\System\xoeBsZO.exe
  2⤵
  PID:8292
- C:\Windows\System\okCvkYf.exe
  C:\Windows\System\okCvkYf.exe
  2⤵
  PID:8308
- C:\Windows\System\oMlGvcI.exe
  C:\Windows\System\oMlGvcI.exe
  2⤵
  PID:8324
- C:\Windows\System\fhkhezt.exe
  C:\Windows\System\fhkhezt.exe
  2⤵
  PID:8340
- C:\Windows\System\cUobOqC.exe
  C:\Windows\System\cUobOqC.exe
  2⤵
  PID:8356
- C:\Windows\System\hWNMQTF.exe
  C:\Windows\System\hWNMQTF.exe
  2⤵
  PID:8372
- C:\Windows\System\yVWvvwV.exe
  C:\Windows\System\yVWvvwV.exe
  2⤵
  PID:8388
- C:\Windows\System\jPRQVPC.exe
  C:\Windows\System\jPRQVPC.exe
  2⤵
  PID:8404
- C:\Windows\System\PpJtmik.exe
  C:\Windows\System\PpJtmik.exe
  2⤵
  PID:8420
- C:\Windows\System\JNrRECP.exe
  C:\Windows\System\JNrRECP.exe
  2⤵
  PID:8436
- C:\Windows\System\LlGcLdy.exe
  C:\Windows\System\LlGcLdy.exe
  2⤵
  PID:8452
- C:\Windows\System\sLiUUMO.exe
  C:\Windows\System\sLiUUMO.exe
  2⤵
  PID:8468
- C:\Windows\System\sxcJBUa.exe
  C:\Windows\System\sxcJBUa.exe
  2⤵
  PID:8484
- C:\Windows\System\dZgPvYu.exe
  C:\Windows\System\dZgPvYu.exe
  2⤵
  PID:8504
- C:\Windows\System\sgeQRpg.exe
  C:\Windows\System\sgeQRpg.exe
  2⤵
  PID:8520
- C:\Windows\System\ZVqKkff.exe
  C:\Windows\System\ZVqKkff.exe
  2⤵
  PID:8536
- C:\Windows\System\HXqBDWy.exe
  C:\Windows\System\HXqBDWy.exe
  2⤵
  PID:8552
- C:\Windows\System\qgiywHe.exe
  C:\Windows\System\qgiywHe.exe
  2⤵
  PID:8568
- C:\Windows\System\tVXvfFo.exe
  C:\Windows\System\tVXvfFo.exe
  2⤵
  PID:8584
- C:\Windows\System\WbYnCED.exe
  C:\Windows\System\WbYnCED.exe
  2⤵
  PID:8600
- C:\Windows\System\DWiKGgx.exe
  C:\Windows\System\DWiKGgx.exe
  2⤵
  PID:8616
- C:\Windows\System\oLCzpCw.exe
  C:\Windows\System\oLCzpCw.exe
  2⤵
  PID:8632
- C:\Windows\System\pALPzLJ.exe
  C:\Windows\System\pALPzLJ.exe
  2⤵
  PID:8648
- C:\Windows\System\gkGMLJr.exe
  C:\Windows\System\gkGMLJr.exe
  2⤵
  PID:8664
- C:\Windows\System\EYmjLBc.exe
  C:\Windows\System\EYmjLBc.exe
  2⤵
  PID:8680
- C:\Windows\System\PwTyGaN.exe
  C:\Windows\System\PwTyGaN.exe
  2⤵
  PID:8696
- C:\Windows\System\taUwqbM.exe
  C:\Windows\System\taUwqbM.exe
  2⤵
  PID:8712
- C:\Windows\System\pBDVAUI.exe
  C:\Windows\System\pBDVAUI.exe
  2⤵
  PID:8728
- C:\Windows\System\hRRgbXo.exe
  C:\Windows\System\hRRgbXo.exe
  2⤵
  PID:8744
- C:\Windows\System\IBUJqhf.exe
  C:\Windows\System\IBUJqhf.exe
  2⤵
  PID:8760
- C:\Windows\System\Xqbtgfj.exe
  C:\Windows\System\Xqbtgfj.exe
  2⤵
  PID:8776
- C:\Windows\System\hbfzZvN.exe
  C:\Windows\System\hbfzZvN.exe
  2⤵
  PID:8792
- C:\Windows\System\JlcjeHd.exe
  C:\Windows\System\JlcjeHd.exe
  2⤵
  PID:8808
- C:\Windows\System\ZLLHnDC.exe
  C:\Windows\System\ZLLHnDC.exe
  2⤵
  PID:8824
- C:\Windows\System\RKFJCyS.exe
  C:\Windows\System\RKFJCyS.exe
  2⤵
  PID:8840
- C:\Windows\System\cwSaSYS.exe
  C:\Windows\System\cwSaSYS.exe
  2⤵
  PID:8856
- C:\Windows\System\LhzefPl.exe
  C:\Windows\System\LhzefPl.exe
  2⤵
  PID:8872
- C:\Windows\System\mhcrhZw.exe
  C:\Windows\System\mhcrhZw.exe
  2⤵
  PID:8888
- C:\Windows\System\BiGkOKl.exe
  C:\Windows\System\BiGkOKl.exe
  2⤵
  PID:8904
- C:\Windows\System\gkaRgJY.exe
  C:\Windows\System\gkaRgJY.exe
  2⤵
  PID:8920
- C:\Windows\System\ubfbgPm.exe
  C:\Windows\System\ubfbgPm.exe
  2⤵
  PID:8936
- C:\Windows\System\BzjBuED.exe
  C:\Windows\System\BzjBuED.exe
  2⤵
  PID:8952
- C:\Windows\System\jHxPwIP.exe
  C:\Windows\System\jHxPwIP.exe
  2⤵
  PID:8968
- C:\Windows\System\ijegRdq.exe
  C:\Windows\System\ijegRdq.exe
  2⤵
  PID:8984
- C:\Windows\System\xlPuYXC.exe
  C:\Windows\System\xlPuYXC.exe
  2⤵
  PID:9000
- C:\Windows\System\fJtVFdi.exe
  C:\Windows\System\fJtVFdi.exe
  2⤵
  PID:9016
- C:\Windows\System\brpeYRr.exe
  C:\Windows\System\brpeYRr.exe
  2⤵
  PID:9040
- C:\Windows\System\dudULPO.exe
  C:\Windows\System\dudULPO.exe
  2⤵
  PID:9060
- C:\Windows\System\aWEMTwH.exe
  C:\Windows\System\aWEMTwH.exe
  2⤵
  PID:9084
- C:\Windows\System\bfGLLKz.exe
  C:\Windows\System\bfGLLKz.exe
  2⤵
  PID:9104
- C:\Windows\System\dyrYOIi.exe
  C:\Windows\System\dyrYOIi.exe
  2⤵
  PID:9120
- C:\Windows\System\brZzymN.exe
  C:\Windows\System\brZzymN.exe
  2⤵
  PID:9136
- C:\Windows\System\sAfbvtE.exe
  C:\Windows\System\sAfbvtE.exe
  2⤵
  PID:9156
- C:\Windows\System\sYBbEUR.exe
  C:\Windows\System\sYBbEUR.exe
  2⤵
  PID:8364
- C:\Windows\System\qeMiMhc.exe
  C:\Windows\System\qeMiMhc.exe
  2⤵
  PID:7680
- C:\Windows\System\dLoKNog.exe
  C:\Windows\System\dLoKNog.exe
  2⤵
  PID:8448
- C:\Windows\System\DsNxoSm.exe
  C:\Windows\System\DsNxoSm.exe
  2⤵
  PID:8464
- C:\Windows\System\DtwvVGp.exe
  C:\Windows\System\DtwvVGp.exe
  2⤵
  PID:8516
- C:\Windows\System\pcEvDxY.exe
  C:\Windows\System\pcEvDxY.exe
  2⤵
  PID:8576
- C:\Windows\System\vRTyiVe.exe
  C:\Windows\System\vRTyiVe.exe
  2⤵
  PID:8492
- C:\Windows\System\orqhpvs.exe
  C:\Windows\System\orqhpvs.exe
  2⤵
  PID:8532
- C:\Windows\System\fUwaazU.exe
  C:\Windows\System\fUwaazU.exe
  2⤵
  PID:8772
- C:\Windows\System\pidifIo.exe
  C:\Windows\System\pidifIo.exe
  2⤵
  PID:8836
- C:\Windows\System\nnhnGlp.exe
  C:\Windows\System\nnhnGlp.exe
  2⤵
  PID:8784
- C:\Windows\System\NUNRzqM.exe
  C:\Windows\System\NUNRzqM.exe
  2⤵
  PID:8868
- C:\Windows\System\wxWdVwT.exe
  C:\Windows\System\wxWdVwT.exe
  2⤵
  PID:8928
- C:\Windows\System\VrXMOIE.exe
  C:\Windows\System\VrXMOIE.exe
  2⤵
  PID:8916
- C:\Windows\System\lAImLbW.exe
  C:\Windows\System\lAImLbW.exe
  2⤵
  PID:8976
- C:\Windows\System\uOxDezT.exe
  C:\Windows\System\uOxDezT.exe
  2⤵
  PID:8996
- C:\Windows\System\vOSXBXS.exe
  C:\Windows\System\vOSXBXS.exe
  2⤵
  PID:9024
- C:\Windows\System\syNmRvY.exe
  C:\Windows\System\syNmRvY.exe
  2⤵
  PID:9100
- C:\Windows\System\WmtBDTU.exe
  C:\Windows\System\WmtBDTU.exe
  2⤵
  PID:8548
- C:\Windows\System\bevXkrX.exe
  C:\Windows\System\bevXkrX.exe
  2⤵
  PID:9180
- C:\Windows\System\SzVKTOR.exe
  C:\Windows\System\SzVKTOR.exe
  2⤵
  PID:9076
- C:\Windows\System\mzzntzL.exe
  C:\Windows\System\mzzntzL.exe
  2⤵
  PID:9048
- C:\Windows\System\VAGrUKC.exe
  C:\Windows\System\VAGrUKC.exe
  2⤵
  PID:9144
- C:\Windows\System\NvxlMoF.exe
  C:\Windows\System\NvxlMoF.exe
  2⤵
  PID:9128
- C:\Windows\System\iKMvqgr.exe
  C:\Windows\System\iKMvqgr.exe
  2⤵
  PID:9164
- C:\Windows\System\KWfvvsf.exe
  C:\Windows\System\KWfvvsf.exe
  2⤵
  PID:9196
- C:\Windows\System\KCgXXNx.exe
  C:\Windows\System\KCgXXNx.exe
  2⤵
  PID:9212
- C:\Windows\System\GMqcZVK.exe
  C:\Windows\System\GMqcZVK.exe
  2⤵
  PID:7404
- C:\Windows\System\sTGkwgk.exe
  C:\Windows\System\sTGkwgk.exe
  2⤵
  PID:8100
- C:\Windows\System\OuEObaQ.exe
  C:\Windows\System\OuEObaQ.exe
  2⤵
  PID:8224
- C:\Windows\System\paAcssQ.exe
  C:\Windows\System\paAcssQ.exe
  2⤵
  PID:8252
- C:\Windows\System\kDWcmWU.exe
  C:\Windows\System\kDWcmWU.exe
  2⤵
  PID:8284
- C:\Windows\System\dklhVhv.exe
  C:\Windows\System\dklhVhv.exe
  2⤵
  PID:8348
- C:\Windows\System\MhRYCQr.exe
  C:\Windows\System\MhRYCQr.exe
  2⤵
  PID:8336
- C:\Windows\System\LOCqBau.exe
  C:\Windows\System\LOCqBau.exe
  2⤵
  PID:8720
- C:\Windows\System\aCoUrAx.exe
  C:\Windows\System\aCoUrAx.exe
  2⤵
  PID:7504
- C:\Windows\System\AOpbmKs.exe
  C:\Windows\System\AOpbmKs.exe
  2⤵
  PID:8592
- C:\Windows\System\ywJxSLO.exe
  C:\Windows\System\ywJxSLO.exe
  2⤵
  PID:8676
- C:\Windows\System\gQJoznS.exe
  C:\Windows\System\gQJoznS.exe
  2⤵
  PID:8740
- C:\Windows\System\cNbtlnd.exe
  C:\Windows\System\cNbtlnd.exe
  2⤵
  PID:8852
- C:\Windows\System\qWsUPDV.exe
  C:\Windows\System\qWsUPDV.exe
  2⤵
  PID:8692
- C:\Windows\System\iRQsgRn.exe
  C:\Windows\System\iRQsgRn.exe
  2⤵
  PID:8768
- C:\Windows\System\DYVebGs.exe
  C:\Windows\System\DYVebGs.exe
  2⤵
  PID:8564
- C:\Windows\System\gcIvswW.exe
  C:\Windows\System\gcIvswW.exe
  2⤵
  PID:8820
- C:\Windows\System\eiTgvPo.exe
  C:\Windows\System\eiTgvPo.exe
  2⤵
  PID:8416
- C:\Windows\System\ohYfxmQ.exe
  C:\Windows\System\ohYfxmQ.exe
  2⤵
  PID:8900
- C:\Windows\System\FbMdsBK.exe
  C:\Windows\System\FbMdsBK.exe
  2⤵
  PID:9032
- C:\Windows\System\pDOIYBt.exe
  C:\Windows\System\pDOIYBt.exe
  2⤵
  PID:8208
- C:\Windows\System\QNHyGyn.exe
  C:\Windows\System\QNHyGyn.exe
  2⤵
  PID:9080
- C:\Windows\System\GySWzoi.exe
  C:\Windows\System\GySWzoi.exe
  2⤵
  PID:9152
- C:\Windows\System\CqEaBVU.exe
  C:\Windows\System\CqEaBVU.exe
  2⤵
  PID:8288
- C:\Windows\System\eSUjkCO.exe
  C:\Windows\System\eSUjkCO.exe
  2⤵
  PID:8444
- C:\Windows\System\FZgDiWg.exe
  C:\Windows\System\FZgDiWg.exe
  2⤵
  PID:8660
- C:\Windows\System\LGZckUw.exe
  C:\Windows\System\LGZckUw.exe
  2⤵
  PID:8240
- C:\Windows\System\FSCWJXz.exe
  C:\Windows\System\FSCWJXz.exe
  2⤵
  PID:8612
- C:\Windows\System\YddJiqH.exe
  C:\Windows\System\YddJiqH.exe
  2⤵
  PID:8832
- C:\Windows\System\obkkvHH.exe
  C:\Windows\System\obkkvHH.exe
  2⤵
  PID:8752
- C:\Windows\System\FJQmKJh.exe
  C:\Windows\System\FJQmKJh.exe
  2⤵
  PID:8964
- C:\Windows\System\XROfVfU.exe
  C:\Windows\System\XROfVfU.exe
  2⤵
  PID:9012
- C:\Windows\System\XymPVUO.exe
  C:\Windows\System\XymPVUO.exe
  2⤵
  PID:8204
- C:\Windows\System\KInQxDu.exe
  C:\Windows\System\KInQxDu.exe
  2⤵
  PID:8544
- C:\Windows\System\RTaDOZA.exe
  C:\Windows\System\RTaDOZA.exe
  2⤵
  PID:8480
- C:\Windows\System\xvLFVXR.exe
  C:\Windows\System\xvLFVXR.exe
  2⤵
  PID:9068
- C:\Windows\System\dFxGDsv.exe
  C:\Windows\System\dFxGDsv.exe
  2⤵
  PID:8816
- C:\Windows\System\McSpQYu.exe
  C:\Windows\System\McSpQYu.exe
  2⤵
  PID:8800
- C:\Windows\System\OurWtGI.exe
  C:\Windows\System\OurWtGI.exe
  2⤵
  PID:8352
- C:\Windows\System\TlCwzGl.exe
  C:\Windows\System\TlCwzGl.exe
  2⤵
  PID:8980
- C:\Windows\System\NKTszbz.exe
  C:\Windows\System\NKTszbz.exe
  2⤵
  PID:8948
- C:\Windows\System\xUVNqEi.exe
  C:\Windows\System\xUVNqEi.exe
  2⤵
  PID:9204
- C:\Windows\System\GYcqNUO.exe
  C:\Windows\System\GYcqNUO.exe
  2⤵
  PID:7268
- C:\Windows\System\YGNgYrg.exe
  C:\Windows\System\YGNgYrg.exe
  2⤵
  PID:9232
- C:\Windows\System\YdZoFvu.exe
  C:\Windows\System\YdZoFvu.exe
  2⤵
  PID:9248
- C:\Windows\System\mWszGUi.exe
  C:\Windows\System\mWszGUi.exe
  2⤵
  PID:9264
- C:\Windows\System\YqAhzDD.exe
  C:\Windows\System\YqAhzDD.exe
  2⤵
  PID:9280
- C:\Windows\System\GxjAmPR.exe
  C:\Windows\System\GxjAmPR.exe
  2⤵
  PID:9296
- C:\Windows\System\DbmJZLP.exe
  C:\Windows\System\DbmJZLP.exe
  2⤵
  PID:9312
- C:\Windows\System\vPSgsUb.exe
  C:\Windows\System\vPSgsUb.exe
  2⤵
  PID:9328
- C:\Windows\System\XtwLFsA.exe
  C:\Windows\System\XtwLFsA.exe
  2⤵
  PID:9344
- C:\Windows\System\CnEiiOl.exe
  C:\Windows\System\CnEiiOl.exe
  2⤵
  PID:9360
- C:\Windows\System\oNrSTLb.exe
  C:\Windows\System\oNrSTLb.exe
  2⤵
  PID:9376
- C:\Windows\System\ndHCahI.exe
  C:\Windows\System\ndHCahI.exe
  2⤵
  PID:9392
- C:\Windows\System\yAdHVMa.exe
  C:\Windows\System\yAdHVMa.exe
  2⤵
  PID:9408
- C:\Windows\System\OgxncLT.exe
  C:\Windows\System\OgxncLT.exe
  2⤵
  PID:9424
- C:\Windows\System\AfgKCxk.exe
  C:\Windows\System\AfgKCxk.exe
  2⤵
  PID:9440
- C:\Windows\System\bFopzdF.exe
  C:\Windows\System\bFopzdF.exe
  2⤵
  PID:9456
- C:\Windows\System\MUKWzuM.exe
  C:\Windows\System\MUKWzuM.exe
  2⤵
  PID:9472
- C:\Windows\System\xBnojzh.exe
  C:\Windows\System\xBnojzh.exe
  2⤵
  PID:9488
- C:\Windows\System\SanzkiX.exe
  C:\Windows\System\SanzkiX.exe
  2⤵
  PID:9504
- C:\Windows\System\JaagaeV.exe
  C:\Windows\System\JaagaeV.exe
  2⤵
  PID:9520
- C:\Windows\System\QFAICyU.exe
  C:\Windows\System\QFAICyU.exe
  2⤵
  PID:9536
- C:\Windows\System\MTdczrv.exe
  C:\Windows\System\MTdczrv.exe
  2⤵
  PID:9552
- C:\Windows\System\iQWjqtT.exe
  C:\Windows\System\iQWjqtT.exe
  2⤵
  PID:9568
- C:\Windows\System\hbPchZZ.exe
  C:\Windows\System\hbPchZZ.exe
  2⤵
  PID:9584
- C:\Windows\System\dzcaXEV.exe
  C:\Windows\System\dzcaXEV.exe
  2⤵
  PID:9600
- C:\Windows\System\rKQvcDk.exe
  C:\Windows\System\rKQvcDk.exe
  2⤵
  PID:9620
- C:\Windows\System\xaOYbIm.exe
  C:\Windows\System\xaOYbIm.exe
  2⤵
  PID:9636
- C:\Windows\System\YwDzZiG.exe
  C:\Windows\System\YwDzZiG.exe
  2⤵
  PID:9652
- C:\Windows\System\WMwwKcd.exe
  C:\Windows\System\WMwwKcd.exe
  2⤵
  PID:9668
- C:\Windows\System\cvJVnYl.exe
  C:\Windows\System\cvJVnYl.exe
  2⤵
  PID:9684
- C:\Windows\System\wyZZHgq.exe
  C:\Windows\System\wyZZHgq.exe
  2⤵
  PID:9700
- C:\Windows\System\uuAlHYF.exe
  C:\Windows\System\uuAlHYF.exe
  2⤵
  PID:9716
- C:\Windows\System\NgNSWMY.exe
  C:\Windows\System\NgNSWMY.exe
  2⤵
  PID:9732
- C:\Windows\System\PInakFO.exe
  C:\Windows\System\PInakFO.exe
  2⤵
  PID:9748
- C:\Windows\System\qePzUjY.exe
  C:\Windows\System\qePzUjY.exe
  2⤵
  PID:9764
- C:\Windows\System\KlDPlDQ.exe
  C:\Windows\System\KlDPlDQ.exe
  2⤵
  PID:9780
- C:\Windows\System\pxloBXx.exe
  C:\Windows\System\pxloBXx.exe
  2⤵
  PID:9796
- C:\Windows\System\zwLdguo.exe
  C:\Windows\System\zwLdguo.exe
  2⤵
  PID:9812
- C:\Windows\System\RvLjmSL.exe
  C:\Windows\System\RvLjmSL.exe
  2⤵
  PID:9828
- C:\Windows\System\vnfGsaQ.exe
  C:\Windows\System\vnfGsaQ.exe
  2⤵
  PID:9844
- C:\Windows\System\hGayczz.exe
  C:\Windows\System\hGayczz.exe
  2⤵
  PID:9860
- C:\Windows\System\zLihcOl.exe
  C:\Windows\System\zLihcOl.exe
  2⤵
  PID:9876
- C:\Windows\System\TvXkjTI.exe
  C:\Windows\System\TvXkjTI.exe
  2⤵
  PID:9892
- C:\Windows\System\nDZZWsf.exe
  C:\Windows\System\nDZZWsf.exe
  2⤵
  PID:9908
- C:\Windows\System\SCySNiV.exe
  C:\Windows\System\SCySNiV.exe
  2⤵
  PID:9924
- C:\Windows\System\tcMsWup.exe
  C:\Windows\System\tcMsWup.exe
  2⤵
  PID:9940
- C:\Windows\System\QJgEcHb.exe
  C:\Windows\System\QJgEcHb.exe
  2⤵
  PID:9956
- C:\Windows\System\SPRTuac.exe
  C:\Windows\System\SPRTuac.exe
  2⤵
  PID:9972
- C:\Windows\System\NRvdLGN.exe
  C:\Windows\System\NRvdLGN.exe
  2⤵
  PID:9988
- C:\Windows\System\fWbSCLP.exe
  C:\Windows\System\fWbSCLP.exe
  2⤵
  PID:10004
- C:\Windows\System\fSAGFFK.exe
  C:\Windows\System\fSAGFFK.exe
  2⤵
  PID:10020
- C:\Windows\System\gNifoPJ.exe
  C:\Windows\System\gNifoPJ.exe
  2⤵
  PID:10036
- C:\Windows\System\zlTYnla.exe
  C:\Windows\System\zlTYnla.exe
  2⤵
  PID:10052
- C:\Windows\System\urjmBQj.exe
  C:\Windows\System\urjmBQj.exe
  2⤵
  PID:10068
- C:\Windows\System\SVeuqRW.exe
  C:\Windows\System\SVeuqRW.exe
  2⤵
  PID:10084
- C:\Windows\System\VXYQVmY.exe
  C:\Windows\System\VXYQVmY.exe
  2⤵
  PID:10100
- C:\Windows\System\GTgPhMz.exe
  C:\Windows\System\GTgPhMz.exe
  2⤵
  PID:10116
- C:\Windows\System\vEahGQN.exe
  C:\Windows\System\vEahGQN.exe
  2⤵
  PID:10132
- C:\Windows\System\iMfjJDg.exe
  C:\Windows\System\iMfjJDg.exe
  2⤵
  PID:10148
- C:\Windows\System\ZrVvMuI.exe
  C:\Windows\System\ZrVvMuI.exe
  2⤵
  PID:10164
- C:\Windows\System\iLKpEaC.exe
  C:\Windows\System\iLKpEaC.exe
  2⤵
  PID:10184
- C:\Windows\System\nRaThRi.exe
  C:\Windows\System\nRaThRi.exe
  2⤵
  PID:10200
- C:\Windows\System\UwwuAal.exe
  C:\Windows\System\UwwuAal.exe
  2⤵
  PID:10216
- C:\Windows\System\qsiIAMS.exe
  C:\Windows\System\qsiIAMS.exe
  2⤵
  PID:10232
- C:\Windows\System\mKDNyMV.exe
  C:\Windows\System\mKDNyMV.exe
  2⤵
  PID:9240
- C:\Windows\System\BVvVfoa.exe
  C:\Windows\System\BVvVfoa.exe
  2⤵
  PID:8320
- C:\Windows\System\pdUGrzH.exe
  C:\Windows\System\pdUGrzH.exe
  2⤵
  PID:9276
- C:\Windows\System\nTOwxyq.exe
  C:\Windows\System\nTOwxyq.exe
  2⤵
  PID:9340
- C:\Windows\System\LLQbRXY.exe
  C:\Windows\System\LLQbRXY.exe
  2⤵
  PID:9228
- C:\Windows\System\WTQhMKV.exe
  C:\Windows\System\WTQhMKV.exe
  2⤵
  PID:9436
- C:\Windows\System\SFGNbFa.exe
  C:\Windows\System\SFGNbFa.exe
  2⤵
  PID:9288
- C:\Windows\System\KeCmMvY.exe
  C:\Windows\System\KeCmMvY.exe
  2⤵
  PID:9356
- C:\Windows\System\DKvhbGh.exe
  C:\Windows\System\DKvhbGh.exe
  2⤵
  PID:9420
- C:\Windows\System\vrwraNX.exe
  C:\Windows\System\vrwraNX.exe
  2⤵
  PID:9496
- C:\Windows\System\yZNzuZJ.exe
  C:\Windows\System\yZNzuZJ.exe
  2⤵
  PID:9480
- C:\Windows\System\RPBZPTW.exe
  C:\Windows\System\RPBZPTW.exe
  2⤵
  PID:9596
- C:\Windows\System\kERWadK.exe
  C:\Windows\System\kERWadK.exe
  2⤵
  PID:9548
- C:\Windows\System\ItbBIpD.exe
  C:\Windows\System\ItbBIpD.exe
  2⤵
  PID:9580
- C:\Windows\System\zbLRwAM.exe
  C:\Windows\System\zbLRwAM.exe
  2⤵
  PID:9628
- C:\Windows\System\zIbuNUk.exe
  C:\Windows\System\zIbuNUk.exe
  2⤵
  PID:9664
- C:\Windows\System\iUstxjW.exe
  C:\Windows\System\iUstxjW.exe
  2⤵
  PID:9728
- C:\Windows\System\OgsTuzi.exe
  C:\Windows\System\OgsTuzi.exe
  2⤵
  PID:9708
- C:\Windows\System\aqubiso.exe
  C:\Windows\System\aqubiso.exe
  2⤵
  PID:9744
- C:\Windows\System\JJXNFYn.exe
  C:\Windows\System\JJXNFYn.exe
  2⤵
  PID:9820
- C:\Windows\System\RtiLMbc.exe
  C:\Windows\System\RtiLMbc.exe
  2⤵
  PID:9884
- C:\Windows\System\QSARpKX.exe
  C:\Windows\System\QSARpKX.exe
  2⤵
  PID:9920
- C:\Windows\System\MXDevvx.exe
  C:\Windows\System\MXDevvx.exe
  2⤵
  PID:9868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\FbGVXtQ.exe

Filesize
6.0MB

MD5
3dbad0f7a40016beca5b04df7a0305bf

SHA1
c3fdb5999713182f597075a2ec1dcfa15ecb08b9

SHA256
a6fc89438a40dc4da8fcfde8ff0ec68f0c18fca97f79da9e6c6f02cb30dad8ac

SHA512
3c6172408f433c11d23883fc9078552e460303c48dd058fec2192dac95f6f4f9eaaf4857aa8a07e041635cd95ff4a5db878447d02480248eb3aa274c6d8836c2

Download Submit
C:\Windows\system\IPcRUhd.exe

Filesize
6.0MB

MD5
d987d8fb2c4f59b118e093a3cb0dbe2b

SHA1
90d5596ffd37369543766f5ee14c766c5ff2f75d

SHA256
8b912ec89912ba1827282a717bd985d6025db752baf63e28aa0008c3558ebf80

SHA512
1bcbc5c262fad3970b1040f4705984c139fe53859ad1b32ddeb582dc26d50695a179f21d1cd0c18b1c5427f599176177e04c8fc070855945d237b76a37d6e150

Download Submit
C:\Windows\system\KMvZXFX.exe

Filesize
6.0MB

MD5
8f256f915f69b652d5c6c9d206b67572

SHA1
5fc7545a6c6fcef478f333c47a0655d897f08f4b

SHA256
7f43ec834f59867284cad2918f85cb1340bb8e0376af726e534977f6fbf8ee95

SHA512
05de97fd67091313b69d0734c62426760842756e1c43a3fa9dc96c763c1e2494c9dbb244ffc7689d8ebdc343853ee8670b6be199e1faacb28ffa76c946fe173e

Download Submit
C:\Windows\system\MqnzHLC.exe

Filesize
6.0MB

MD5
197fda6ac988cd410f543a44f3c37306

SHA1
899d3e5006c66e941e4203506c4523f5d30eae5c

SHA256
03141bd6b08bc6da3561cd69e59dd6dbb38131b2a296ed49b9444849c4f64ecb

SHA512
4143b1525ab102e173ba2a50c342148d8171fe9171925c4636f12164570e4f6d59b6128355317b6319ad18d9c199b7741f1294e84216a7fb3d4898eb09268419

Download Submit
C:\Windows\system\NROyRND.exe

Filesize
6.0MB

MD5
db74310088e0f17d746012de5e09ba41

SHA1
f5f59accc6523f82f7d3891a563299369bd3e7c0

SHA256
15d1d2e6fa3c6465e573c3a082508b9c6fe9aa60d27b1b7a44e9234cc53e629f

SHA512
fe01eeaa62a2539da9cf0bc195602fc79e55aa68b8d61ba57ecc74e9a9ede527a0700b70759fee701fcee521b89f6f7e4318617866c5d0642a25c15e2ea6eabc

Download Submit
C:\Windows\system\THqsfED.exe

Filesize
6.0MB

MD5
04a86777d6336ff164eba72db329d1ce

SHA1
959296113e087baf629978c424d3ef3f712daaf9

SHA256
2da8ac230debc3e3dc523be5dc0f2085d9e3cc1d1810e013c30430e017ca4c20

SHA512
60996df093db1ff717600467bcbff23fabde3153144e11ba971537170e76287ef1f06adeadba753ddf786be71c8fb68e7858b70c349f225313a389bf6f4e4af7

Download Submit
C:\Windows\system\TYhpPzV.exe

Filesize
6.0MB

MD5
f10de403d3737b940af7822ed0e6034e

SHA1
6f7c1f3e0d7c23cc6ae5fd80a268ebaac7aa2652

SHA256
d2dd62916da183c6e0f2486b1a53a7f6d35f588ba8b9fa4150f3046c6eb0358b

SHA512
08c2439c23e665d40499636b7718fd1220dba72ca64e61c9b03da262544ef5add44d6e22eafe135e582a584dce78e3d3a1b22b1781fafc507754a50aaad941a2

Download Submit
C:\Windows\system\VfzBLJz.exe

Filesize
6.0MB

MD5
ba516dd59df8db60f8bb931aa8749d22

SHA1
8a5473981c022128e923dace5da4e09a7d70bf6e

SHA256
ef1a38d7d6d6038f7da20411cc66570ef966341893bea0f8aba550a55da8a9cd

SHA512
71d7df928d06899f50457835353ce2a5f5e93dcf86bf976ef4f8490034a571e78135b551dfeeac67f3bf6acea4ca4745ebcee6bdda70278eadd27591228ac80c

Download Submit
C:\Windows\system\XsMZKZN.exe

Filesize
6.0MB

MD5
713e2146ac9205886e6bde9fb43cbaf0

SHA1
0e489fa03bb36d21631eaae5f80fac86529fb3c5

SHA256
d325e8659bd894fe4e4602480f93681d0406e6e37b8c6ded0fa785022191e201

SHA512
3c38678f209954923b507d6c34968dd4c218d72be4627b0c78b3aff03f50a5d548bcb039c2aac0fc5a5931f0daaec39fd48817b7ba298284324db0707be6f014

Download Submit
C:\Windows\system\cQDzphH.exe

Filesize
6.0MB

MD5
9ab269b1a9ed0b0b75a178e9f5e16447

SHA1
d613a95bca25c35b4dd66df133bfcd566fa7931b

SHA256
1f34892f40e38a5e2260ccedba3465c7d9dcf91911be292563809556c0b1e80b

SHA512
2f65b6903be3c4ff2785969a71aa6c245d9ed744fd4e97219d673d976918b1b3686c94a1452aa97f07bd13ed8fb28262014a863a9acb5d03a731870bc11233fd

Download Submit
C:\Windows\system\daTEEAn.exe

Filesize
6.0MB

MD5
8e1e013040252c9c3f5e8287fab06d55

SHA1
2aa64af4ace1fecbdb3d033ee187001520af2ffd

SHA256
736cdca26cd322fbac778b15ca4d582f6825966b329500aad5032dbb7913fd6a

SHA512
ca3f04fb86bee2fc8d807e341326d0b5accd3ef034a77fa2566270a25e1a01920da7e77aca5b60cd6d6b5f0d281df33791ffe5c1e46a0e198268583ef091f17d

Download Submit
C:\Windows\system\dbLYiJL.exe

Filesize
6.0MB

MD5
9fb95e0aa9c4ed9661f888043574874e

SHA1
97fc54508e23eec6b0d2238e2b2ef41d3c8269aa

SHA256
0a93d61ab36a17152dd379c06a70b91ea0324f018b4b55a4657494142d45159f

SHA512
e9ec8591686c56389586fd293772fb2c1082f99fddb6e595e25acfb8d6a279699bbaaa3b44358e37199e5b69eb0fbcee5774d59e66bcaf6c0ea96a279be03bdb

Download Submit
C:\Windows\system\dlzHBcp.exe

Filesize
6.0MB

MD5
3086c6a1601bd096a5b53bdfaa1168e2

SHA1
9cc37b2357b0a02465ee3a2f878b17461c4e3b55

SHA256
702798d1d74add92ec6b55f21362319aea1d690e63f63206b749c73720051152

SHA512
9e2ab250c635df9c5c915450773b3a0f78e2c63eb793ef50cbbeab233899992f640425f9d6ded2863afc1206ff14ab97595ea5595924f97a10a19c50cabdeb81

Download Submit
C:\Windows\system\eZtfKbk.exe

Filesize
6.0MB

MD5
b006faabce922ec75df15b198c0df404

SHA1
6a14ae5244efb8f3b0053cce2f180d8295c71544

SHA256
400aaeb4d0c10afcf04f424a80cb10a1fc68c9887d33fb8999911ceed5f056c3

SHA512
310d733c4619eccfab61bd8a079364bc58628d65abcc35826a3c89b49d743e924efd4fe5b43f1e6db6ade359c9084460d6360a494a0860af5b543ee061a0fc8a

Download Submit
C:\Windows\system\fLfAlcJ.exe

Filesize
6.0MB

MD5
4ee0803dca46700feb7827a89662de1b

SHA1
41a1eeedcdde1f05cecbad9524ad36851ac581d2

SHA256
569fe13513a283ef151c116cd380523de9842cd1a0439c941cfbb08e7e2bc68f

SHA512
517f04ea2ba20d022b2b80ac0cc7b016ddf0ea0cb030eef041bfd981893f7f285c8df49946976288a2cdd989e3511148d42f0dca6b98391ddb2b9bd06ac95466

Download Submit
C:\Windows\system\jqMCCHt.exe

Filesize
6.0MB

MD5
6d0185f66810f63ea0040cadd254a989

SHA1
4f74da7d319661116b3a183f8d9a694f4c745095

SHA256
f783d19c01ef7313329fc5d67ba155a5bf96a523aafea0a1ba9df5164edd50da

SHA512
234f8ec701571c4d92f2cfe5d17cd76c159232df718cdb18bf9da5240286cc032ccf1e970367e593190e7ae331677cf1dcf9cfb72d76393212097c20577c35f3

Download Submit
C:\Windows\system\lUzkyen.exe

Filesize
6.0MB

MD5
481a4e769cd4a91a50d5e36cc834d6dd

SHA1
aebe2d79dfb7d26c24c45aa527141e5209ea2ff1

SHA256
81b1b77582d580894da93462853cad5263b093146890a3728ecf6abc2cd670b1

SHA512
474c9690c6815c67f3d9c0a7bd5e3a514f463dbfacf8357be6f7ea6d4c108de8e9920c56ae894cbef496c3e5dbfa7ba76560dfe53b5a64b38dd7cc08548721ca

Download Submit
C:\Windows\system\mzpxzdb.exe

Filesize
6.0MB

MD5
6b7f1377e418215641e8271ab709357f

SHA1
c90602a42c88ce753da6fdc7dfe3ff5b8a6722bc

SHA256
344cc0ac5f1a3b247db68d572b0ecce63414376fea5b9efdb6f9cb87c25f3e2b

SHA512
2e81cab5855b3d603ad8ee107d63d4a280199077d01d8cf1bc248a55990ec73a14b2c885e2d2c7040e088da23dbc55d2e142a366c9e67f17cb9ebd1fb3df9397

Download Submit
C:\Windows\system\pMtPkaN.exe

Filesize
6.0MB

MD5
9cc4be9dabc5c9450c7e6d7c82def57b

SHA1
a5bbbbafe860632da86307a7e9dab49e71e63dbf

SHA256
e4a97f8c34e8c508ea3a0a905e8d0def55fa1c0e97d8e0de9de93d6d8220bbcf

SHA512
92a243c46a5d2f2154fc753747a4b8155bb7e0c576abdfd9b1b010600f1c7bc8af641dd40ac2f1052e64c2f6844e690f5956b5ea4086b15cb26aac952ac4daf4

Download Submit
C:\Windows\system\pwUEnUL.exe

Filesize
6.0MB

MD5
52eec9b7cf7bbe54144457efe15e5be5

SHA1
50db9f9a94df2ccf3dd8838b9c57d1425cff4989

SHA256
013b41f4eda1e220d93e7749737f4a3c728ae2bc0eba8b5e97e885335707ede0

SHA512
f13089d56a82c78943cdd2f8db64b1b12f0ded56515f8b105c2b003cba69a07c65f60d9b80e873440d2bbd02a1eeb9dd23b2ba8d654bb7e098839b601bc50df9

Download Submit
C:\Windows\system\qVpLltq.exe

Filesize
6.0MB

MD5
c836e1cb3d5b2e47e45dff7c2e12ed99

SHA1
711ba6c4199a3360005a870dd4f537fe3cdf4885

SHA256
eeb674ddc8407c6ecf0f82b13695e4b37f85cbc638dee9bef15acda771da80ee

SHA512
8aadaf14a8a4cdc549e2fa4c655405bae1b976ab76d22f1d1d557212601da57ace45a1baa94a9e4600d42ee285fff4487bdcb1dffb75a4ad45d3391f608cd126

Download Submit
C:\Windows\system\qlelOtq.exe

Filesize
6.0MB

MD5
7ff05181485a4f61ea510eea1c898af1

SHA1
71c00fc0559580d66a5284b22fabc11dbe37f778

SHA256
e98b424383604f6f986a837423bdb2bbbcaf8b64eb3d3f87404faba53f77c541

SHA512
91ce13e6b71a77a8c245980b3c7e2eb507effb73b283f1e7a77a0800245edf0f90803765d7f433793049d056553cec3024698e79b2595bc36ea6d36281d978fe

Download Submit
C:\Windows\system\rAmVALB.exe

Filesize
6.0MB

MD5
79bfade9df7fbf6d5cdff26252426824

SHA1
05c0336cb4818fe1c319d939c94419faf54d7bd6

SHA256
10c0f70565987499b66d33331d0e19aad56fba520a382222b4ab0f80587dcbe2

SHA512
58694ae92d7a7c88d55aaa093929c056136f6b04771fcf929c0059a0468297d0e43b07252b90e1cc58bdc384b8c16684812cab3fb94f312f844b44fcdc61c9b9

Download Submit
C:\Windows\system\rJWLmIn.exe

Filesize
6.0MB

MD5
d2a9cb5e52bd2347360f6e6fe763f884

SHA1
a82c3a3f948b6735fccdb74fe1d79e1f61eefdeb

SHA256
0b4f500270efea647f5338256f75947ff989c5f077ad7b2c08a425bc1c75ca69

SHA512
b96f83bd249078f6459de624cb4c7aa02fe7812210f177f38a1b92865a1a37aee474768cfe9c680d1ea198deb9329d197de8094e8036d2c9bee52e9b91232ae7

Download Submit
C:\Windows\system\sINiYPg.exe

Filesize
6.0MB

MD5
9600d2209e972817fea80f8279e1f490

SHA1
f165b130cb5ed9125edd68835f261e179fc5ee0e

SHA256
24ff2b9faab211d75d1b9c942970543594e1ba13f5c33e25f50b337d71a04277

SHA512
21332731557a74080bdb1e3d00d86e797753bbf2bb8146c865088ce4e0d8d8860d2bec228a101bca20ea625e6c491448d940c05dc27bdf14c87da3e147e59e3d

Download Submit
C:\Windows\system\sYyQlzc.exe

Filesize
6.0MB

MD5
6a6b212405ab3d72cf266739834667f6

SHA1
43dd1baa232f237e35703d8d3c852b2f4ca2046d

SHA256
299ef07efdb90e7d1bee1031f101e726a2492432b590f4814388a9832a00d7dd

SHA512
e65bf47457cc7aebdc85fb8d623457bb9242ae94b98c8a29ec3d6121d0e75fc32b7c740e64192eb0b42399ca8f854881733713f4c841debdceb1bdcd834beaad

Download Submit
C:\Windows\system\wlFVTYn.exe

Filesize
6.0MB

MD5
0917b396b8887d4180ab59a1c8c06d32

SHA1
63cb9cac0f66dc861d7987f7bfb62bf0a2d40951

SHA256
2854f557979acb34d9ab99d573616409de23afb2f143fb6ecbcc079dfdbb2ed3

SHA512
05521be30f20e3cfc886ad2d56ff47b41925c3eb8696a7dc86cb1eafce1bd522f55596931a0c93d051f49375bc3a6c595fdbe2080bc678aad765b54ea36d6af2

Download Submit
C:\Windows\system\zFGypEr.exe

Filesize
6.0MB

MD5
633d509003ee2c7e165e4511a2648481

SHA1
282a53bc8830f311a61813854f25dc943297be34

SHA256
7f40f7360c423b0354240c7af6ef51a3629a118a64c710b89535ecb63c1d400e

SHA512
d418c19d2cf690893d3f9ffb3428f97c39766958619b0647ff1699a8f6d88ab972546c4d51b118b2bd7b2356dbb7efa597069b63a91f4cd20f55f5e483468e01

Download Submit
\Windows\system\AfjAQMK.exe

Filesize
6.0MB

MD5
f451fcf1f0fcd7907323d610446ad720

SHA1
7002177958210b29035eeb8b724683c8e5936986

SHA256
bb25acf555ffb21ed547e7dd83cf2f2648eea62ce35d9c048a77a0e126e5578e

SHA512
90904930a15954e12079ffb18b891377dcde26a3624d40592f7eca9a3d752a856c74ef7ce78f872de1d302fc70acb9df52633d61124a943cb29d2c31a00eae98

Download Submit
\Windows\system\VuEPZYj.exe

Filesize
6.0MB

MD5
489c969913cbee4bd91a2db30003f620

SHA1
3188d6d79fcae5f25930b98aaf55d7e7b9d2f4aa

SHA256
cd9fff6c5538954b17c94bbc729c85da28bbd3ad8fde7c89bb6abc2296eb84a2

SHA512
dffd610800a04e7da9c3d13ec165525c852cabd6e9baea0e4ff30bc41bfe4a9abcc46a2239bb4176825f7f75f1c919caf19373b96e96a59b4f9fcab7fc283898

Download Submit
\Windows\system\mdIPqdN.exe

Filesize
6.0MB

MD5
132224e14a45b6eeb6ba6b3586b1a26a

SHA1
005cd6e7c94e1e07602834e4d3368dfe1252c634

SHA256
19359f68d62697c721e172f94a55b087ba266fd390bce1217e35ac4659679c01

SHA512
56a6387063807b2bfc3d6a1755a5d7f6fc978938276b46360f96d841b19adcfb189b3091c94a65174fac566a388549e6a172e1eec760736fb0a53e9f0f17fe24

Download Submit
\Windows\system\odbEtmb.exe

Filesize
6.0MB

MD5
1363c123874739f301f9500f4d8cf296

SHA1
1f89befd9777b3635067c454324c32ad28436395

SHA256
e3226211e5f9bff20f086ad12c161a696fb9ee63252a8afdd700a451410c1e78

SHA512
cceb2f25a00780955a4653bdf4d244bd0e3c52fa55490376d3fabf49f0ef3c3e40e89c106c8ee6a5829ee966d25f938c0ef099f2a9cc8b8d6ec8fcf6614d03bf

Download Submit
\Windows\system\pmMXlqc.exe

Filesize
6.0MB

MD5
fb536c93083974d9b0f74778993abdb6

SHA1
4e3318eceeb8d57ff0bb73c6f0a16281aa786583

SHA256
1af22903155fe8032fefe7b3cf7db30ad4cc5fc028eb53c45168e486b2152ef1

SHA512
7aec3bcbd112661277a989bb7bc22cfaf7354566cfff0adbf251699390640895ecfd6e7b7625c8058f5e29c607f3041e0d0fde217a7fd061bdac516199a68a68

Download Submit
\Windows\system\rXbqjad.exe

Filesize
6.0MB

MD5
fac2a8f2169627019e029700f5b3e4be

SHA1
855aecc3eb33631647060e4eb7297757a1192fe5

SHA256
77a0a6bed77577f8f5352650054815b01d71180d93484639c3d1399425c376ec

SHA512
2c494ef79ae35ebbe6f05baebc7311bfe004efaa8405556f03854ee8c709541dd67a31b808b3c0d46a985ec696683461a6d4e9ed83e9274cd47e43779579922d

Download Submit
memory/896-449-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/896-1436-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/896-101-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/984-337-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/984-89-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/984-1437-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1824-70-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/1824-921-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/1824-29-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/1936-1434-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1936-79-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-330-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2076-1435-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2076-83-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2180-74-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2180-1439-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2236-918-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-16-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-924-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2672-42-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2672-81-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2748-51-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-91-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-1313-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-65-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2796-1438-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2820-1433-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2820-57-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2920-920-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2920-37-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2956-15-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-1076-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-119-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-27-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2992-50-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-43-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2992-0-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2992-41-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-72-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-73-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2992-36-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2992-14-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-56-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2992-62-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2992-102-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2992-20-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2992-80-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2992-88-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-448-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2992-90-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-99-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2992-12-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/3016-24-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/3016-919-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download