cobaltstrike | 284b07315ed0c47112468238adc36b6d8ad14505498e2ce77d93695ad6b8b4fb

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 05:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

1f9e3494a96feace0cf0ff1e3b262a09
SHA1

536848d55f0a924698ed3e1c6dc08db197aa5062
SHA256

284b07315ed0c47112468238adc36b6d8ad14505498e2ce77d93695ad6b8b4fb
SHA512

346c9328493843665c938754718482b48a4e2d4c116182c0c1dd9b31285f93aad1265124c534ac5f13a1d7fbee1e85e21130a5b1f7067b1099423a4c7a188641
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUm:T+q56utgpPF8u/7m

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000e000000012267-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d2c-11.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016d64-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d69-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016fc9-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016fe5-40.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000170f8-47.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001756e-54.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-68.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-73.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-91.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-197.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-112.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-103.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2240-0-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/files/0x000e000000012267-3.dat	xmrig
behavioral1/files/0x0009000000016d2c-11.dat	xmrig
behavioral1/memory/1104-15-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2616-13-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2240-4-0x00000000022B0000-0x0000000002604000-memory.dmp	xmrig
behavioral1/files/0x000a000000016d64-10.dat	xmrig
behavioral1/files/0x0008000000016d69-25.dat	xmrig
behavioral1/memory/2760-28-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2220-38-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2616-37-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x0007000000016fc9-35.dat	xmrig
behavioral1/files/0x0007000000016fe5-40.dat	xmrig
behavioral1/memory/2240-34-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2864-33-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2832-46-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x00070000000170f8-47.dat	xmrig
behavioral1/memory/2952-53-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x000800000001756e-54.dat	xmrig
behavioral1/memory/3000-61-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2760-60-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2240-64-0x00000000022B0000-0x0000000002604000-memory.dmp	xmrig
behavioral1/memory/2220-63-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2832-65-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2952-66-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/3000-67-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x00050000000195b3-68.dat	xmrig
behavioral1/memory/2708-72-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/files/0x00050000000195b7-73.dat	xmrig
behavioral1/memory/2204-83-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/1832-86-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x00050000000195bb-82.dat	xmrig
behavioral1/memory/2240-79-0x00000000022B0000-0x0000000002604000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c1-93.dat	xmrig
behavioral1/memory/2980-97-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x00050000000195bd-91.dat	xmrig
behavioral1/memory/2240-89-0x00000000022B0000-0x0000000002604000-memory.dmp	xmrig
behavioral1/memory/2240-88-0x00000000022B0000-0x0000000002604000-memory.dmp	xmrig
behavioral1/memory/2708-108-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/692-104-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-121.dat	xmrig
behavioral1/files/0x000500000001960c-126.dat	xmrig
behavioral1/files/0x0005000000019643-131.dat	xmrig
behavioral1/files/0x000500000001975a-136.dat	xmrig
behavioral1/files/0x0005000000019761-141.dat	xmrig
behavioral1/files/0x0005000000019820-151.dat	xmrig
behavioral1/files/0x0005000000019bf5-163.dat	xmrig
behavioral1/files/0x0005000000019d62-185.dat	xmrig
behavioral1/files/0x0005000000019e92-197.dat	xmrig
behavioral1/memory/692-658-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2760-1357-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2832-1359-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2616-1360-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/3000-1090-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2952-1030-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2220-1007-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2864-988-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/1104-842-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2980-320-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2012-251-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d6d-192.dat	xmrig
behavioral1/files/0x0005000000019c3c-177.dat	xmrig
behavioral1/files/0x0005000000019d61-183.dat	xmrig
behavioral1/files/0x0005000000019bf6-167.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2616	cDceKDt.exe
1104	AcpBkDY.exe
2760	RvDxuvn.exe
2864	WfPzZLg.exe
2220	svWktys.exe
2832	lGlkBXo.exe
2952	fCUIbOS.exe
3000	EZWdRmy.exe
2708	ooAzZZf.exe
2204	sYdxVSc.exe
1832	EuRXeZl.exe
2012	gWdZvDS.exe
2980	OHiqbMj.exe
692	NVODeNA.exe
2944	yijbTjL.exe
1772	dwoIDFX.exe
2024	KUdbuxB.exe
1660	MyysZfb.exe
2004	GKifdFM.exe
2288	gmPqeJA.exe
3012	OvrcxyD.exe
2636	zgAOKxk.exe
2268	dxcLbOC.exe
2100	mdNfbvf.exe
2484	KGYKunz.exe
1928	SyaMGXW.exe
108	jApznhc.exe
1816	cvepikc.exe
1512	oDrXDuS.exe
1752	TiZdRWS.exe
1784	SJEdZeg.exe
1728	sQZmvYC.exe
2088	bqnNOeS.exe
864	EmoiloU.exe
908	ZllgNoF.exe
1432	mFRyFMV.exe
2640	xlWModD.exe
2164	iGSpuxA.exe
1584	xnhoeOn.exe
1912	GmSWvuK.exe
1892	duzdGJE.exe
1768	ofQRYOr.exe
572	QLYreGh.exe
1092	oZbAKXH.exe
2244	ybiIOeQ.exe
900	lvUbBfG.exe
264	hgGNtiT.exe
1824	CWVuuzB.exe
1604	tHaxPhr.exe
2604	FIjvCPR.exe
2632	BFLaRlM.exe
2104	UkDpMTg.exe
3044	GNWPchp.exe
584	zvaugIO.exe
2828	MeRrlUI.exe
2788	MnLbQAd.exe
2844	viZiNbN.exe
2888	HMDyFvQ.exe
2920	AwODXbC.exe
888	ychWiov.exe
516	CgVRpyi.exe
2712	QdnlHmQ.exe
2732	bJNeEWR.exe
2672	UiEXevU.exe

Loads dropped DLL 64 IoCs

pid	Process
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2240-0-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/files/0x000e000000012267-3.dat	upx
behavioral1/files/0x0009000000016d2c-11.dat	upx
behavioral1/memory/1104-15-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2616-13-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x000a000000016d64-10.dat	upx
behavioral1/files/0x0008000000016d69-25.dat	upx
behavioral1/memory/2760-28-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2220-38-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2616-37-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x0007000000016fc9-35.dat	upx
behavioral1/files/0x0007000000016fe5-40.dat	upx
behavioral1/memory/2240-34-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2864-33-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2832-46-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x00070000000170f8-47.dat	upx
behavioral1/memory/2952-53-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/files/0x000800000001756e-54.dat	upx
behavioral1/memory/3000-61-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2760-60-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2220-63-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2832-65-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2952-66-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/3000-67-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x00050000000195b3-68.dat	upx
behavioral1/memory/2708-72-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/files/0x00050000000195b7-73.dat	upx
behavioral1/memory/2204-83-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/1832-86-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x00050000000195bb-82.dat	upx
behavioral1/files/0x00050000000195c1-93.dat	upx
behavioral1/memory/2980-97-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x00050000000195bd-91.dat	upx
behavioral1/memory/2240-88-0x00000000022B0000-0x0000000002604000-memory.dmp	upx
behavioral1/memory/2708-108-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/692-104-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x00050000000195c7-121.dat	upx
behavioral1/files/0x000500000001960c-126.dat	upx
behavioral1/files/0x0005000000019643-131.dat	upx
behavioral1/files/0x000500000001975a-136.dat	upx
behavioral1/files/0x0005000000019761-141.dat	upx
behavioral1/files/0x0005000000019820-151.dat	upx
behavioral1/files/0x0005000000019bf5-163.dat	upx
behavioral1/files/0x0005000000019d62-185.dat	upx
behavioral1/files/0x0005000000019e92-197.dat	upx
behavioral1/memory/692-658-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2760-1357-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2832-1359-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2616-1360-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/3000-1090-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2952-1030-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2220-1007-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2864-988-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/1104-842-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2980-320-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2012-251-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x0005000000019d6d-192.dat	upx
behavioral1/files/0x0005000000019c3c-177.dat	upx
behavioral1/files/0x0005000000019d61-183.dat	upx
behavioral1/files/0x0005000000019bf6-167.dat	upx
behavioral1/files/0x0005000000019bf9-172.dat	upx
behavioral1/files/0x000500000001998d-157.dat	upx
behavioral1/memory/1832-154-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x00050000000197fd-146.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\sYdxVSc.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yoYAGcp.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bcvGPSr.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGZrOGt.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IonBMzn.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZzJDeVW.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nTocqAb.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mxdPAuK.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxtrtBq.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bdbeBMa.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YvRJiNq.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\smrorwF.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uxwalAi.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cVMMCKm.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VCcuVqv.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZqEddfQ.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jDMjyrw.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vVJrrzL.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uRbdnZX.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFIvDDR.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dNJxVnB.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnGAKNU.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbMyQLX.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BJBqvgC.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SrquAAO.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BUrAArM.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CcwmDBO.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NuIaVHP.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vSLKNaU.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IJYmLWX.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JvIxSIt.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHxJqam.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfSLHyR.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPfEdcl.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nvaLOsV.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QSTkoHu.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aEoABGA.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LyqFcCE.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lymQEuH.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezwHeQv.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\URybOrO.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hqzoaAP.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FUuVrQh.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nsEmHaU.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jgBjpPv.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WsjyTSh.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kjLxsSy.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BTQOxcR.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wFrVwOE.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UJYYsoN.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wsWiyQs.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpsydMh.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VUEzuYR.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wTlfSwv.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HBPgcYk.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OgihIzy.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MdfYXGa.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qhInOhn.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BWFyAHM.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zjONVIJ.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Tookzuu.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MuYHQNZ.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cyiBqMY.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qZnUkzH.exe	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2616	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2240 wrote to memory of 2616	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2240 wrote to memory of 2616	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2240 wrote to memory of 1104	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2240 wrote to memory of 1104	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2240 wrote to memory of 1104	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2240 wrote to memory of 2760	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2240 wrote to memory of 2760	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2240 wrote to memory of 2760	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2240 wrote to memory of 2864	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2240 wrote to memory of 2864	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2240 wrote to memory of 2864	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2240 wrote to memory of 2220	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2240 wrote to memory of 2220	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2240 wrote to memory of 2220	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2240 wrote to memory of 2832	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2240 wrote to memory of 2832	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2240 wrote to memory of 2832	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2240 wrote to memory of 2952	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2240 wrote to memory of 2952	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2240 wrote to memory of 2952	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2240 wrote to memory of 3000	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2240 wrote to memory of 3000	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2240 wrote to memory of 3000	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2240 wrote to memory of 2708	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2240 wrote to memory of 2708	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2240 wrote to memory of 2708	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2240 wrote to memory of 2204	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2240 wrote to memory of 2204	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2240 wrote to memory of 2204	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2240 wrote to memory of 1832	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2240 wrote to memory of 1832	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2240 wrote to memory of 1832	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2240 wrote to memory of 2012	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2240 wrote to memory of 2012	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2240 wrote to memory of 2012	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2240 wrote to memory of 2980	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2240 wrote to memory of 2980	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2240 wrote to memory of 2980	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2240 wrote to memory of 692	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2240 wrote to memory of 692	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2240 wrote to memory of 692	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2240 wrote to memory of 2944	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2240 wrote to memory of 2944	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2240 wrote to memory of 2944	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2240 wrote to memory of 1772	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2240 wrote to memory of 1772	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2240 wrote to memory of 1772	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2240 wrote to memory of 2024	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2240 wrote to memory of 2024	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2240 wrote to memory of 2024	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2240 wrote to memory of 1660	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2240 wrote to memory of 1660	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2240 wrote to memory of 1660	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2240 wrote to memory of 2004	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2240 wrote to memory of 2004	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2240 wrote to memory of 2004	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2240 wrote to memory of 2288	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2240 wrote to memory of 2288	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2240 wrote to memory of 2288	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2240 wrote to memory of 3012	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2240 wrote to memory of 3012	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2240 wrote to memory of 3012	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2240 wrote to memory of 2636	2240	2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-22_1f9e3494a96feace0cf0ff1e3b262a09_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\System\cDceKDt.exe
  C:\Windows\System\cDceKDt.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\AcpBkDY.exe
  C:\Windows\System\AcpBkDY.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\RvDxuvn.exe
  C:\Windows\System\RvDxuvn.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\WfPzZLg.exe
  C:\Windows\System\WfPzZLg.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\svWktys.exe
  C:\Windows\System\svWktys.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\lGlkBXo.exe
  C:\Windows\System\lGlkBXo.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\fCUIbOS.exe
  C:\Windows\System\fCUIbOS.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\EZWdRmy.exe
  C:\Windows\System\EZWdRmy.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\ooAzZZf.exe
  C:\Windows\System\ooAzZZf.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\sYdxVSc.exe
  C:\Windows\System\sYdxVSc.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\EuRXeZl.exe
  C:\Windows\System\EuRXeZl.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\gWdZvDS.exe
  C:\Windows\System\gWdZvDS.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\OHiqbMj.exe
  C:\Windows\System\OHiqbMj.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\NVODeNA.exe
  C:\Windows\System\NVODeNA.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\yijbTjL.exe
  C:\Windows\System\yijbTjL.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\dwoIDFX.exe
  C:\Windows\System\dwoIDFX.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\KUdbuxB.exe
  C:\Windows\System\KUdbuxB.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\MyysZfb.exe
  C:\Windows\System\MyysZfb.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\GKifdFM.exe
  C:\Windows\System\GKifdFM.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\gmPqeJA.exe
  C:\Windows\System\gmPqeJA.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\OvrcxyD.exe
  C:\Windows\System\OvrcxyD.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\zgAOKxk.exe
  C:\Windows\System\zgAOKxk.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\dxcLbOC.exe
  C:\Windows\System\dxcLbOC.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\mdNfbvf.exe
  C:\Windows\System\mdNfbvf.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\KGYKunz.exe
  C:\Windows\System\KGYKunz.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\SyaMGXW.exe
  C:\Windows\System\SyaMGXW.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\jApznhc.exe
  C:\Windows\System\jApznhc.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\cvepikc.exe
  C:\Windows\System\cvepikc.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\oDrXDuS.exe
  C:\Windows\System\oDrXDuS.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\TiZdRWS.exe
  C:\Windows\System\TiZdRWS.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\SJEdZeg.exe
  C:\Windows\System\SJEdZeg.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\sQZmvYC.exe
  C:\Windows\System\sQZmvYC.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\bqnNOeS.exe
  C:\Windows\System\bqnNOeS.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\EmoiloU.exe
  C:\Windows\System\EmoiloU.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\ZllgNoF.exe
  C:\Windows\System\ZllgNoF.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\mFRyFMV.exe
  C:\Windows\System\mFRyFMV.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\xlWModD.exe
  C:\Windows\System\xlWModD.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\iGSpuxA.exe
  C:\Windows\System\iGSpuxA.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\xnhoeOn.exe
  C:\Windows\System\xnhoeOn.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\GmSWvuK.exe
  C:\Windows\System\GmSWvuK.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\duzdGJE.exe
  C:\Windows\System\duzdGJE.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\ofQRYOr.exe
  C:\Windows\System\ofQRYOr.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\QLYreGh.exe
  C:\Windows\System\QLYreGh.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\oZbAKXH.exe
  C:\Windows\System\oZbAKXH.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\ybiIOeQ.exe
  C:\Windows\System\ybiIOeQ.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\lvUbBfG.exe
  C:\Windows\System\lvUbBfG.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\hgGNtiT.exe
  C:\Windows\System\hgGNtiT.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\CWVuuzB.exe
  C:\Windows\System\CWVuuzB.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\tHaxPhr.exe
  C:\Windows\System\tHaxPhr.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\FIjvCPR.exe
  C:\Windows\System\FIjvCPR.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\BFLaRlM.exe
  C:\Windows\System\BFLaRlM.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\UkDpMTg.exe
  C:\Windows\System\UkDpMTg.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\GNWPchp.exe
  C:\Windows\System\GNWPchp.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\zvaugIO.exe
  C:\Windows\System\zvaugIO.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\MeRrlUI.exe
  C:\Windows\System\MeRrlUI.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\MnLbQAd.exe
  C:\Windows\System\MnLbQAd.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\viZiNbN.exe
  C:\Windows\System\viZiNbN.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\HMDyFvQ.exe
  C:\Windows\System\HMDyFvQ.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\AwODXbC.exe
  C:\Windows\System\AwODXbC.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\ychWiov.exe
  C:\Windows\System\ychWiov.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\CgVRpyi.exe
  C:\Windows\System\CgVRpyi.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\QdnlHmQ.exe
  C:\Windows\System\QdnlHmQ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\bJNeEWR.exe
  C:\Windows\System\bJNeEWR.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\UiEXevU.exe
  C:\Windows\System\UiEXevU.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\OeKsRPm.exe
  C:\Windows\System\OeKsRPm.exe
  2⤵
  PID:2748
- C:\Windows\System\CWkNBfJ.exe
  C:\Windows\System\CWkNBfJ.exe
  2⤵
  PID:2568
- C:\Windows\System\ZtsehdP.exe
  C:\Windows\System\ZtsehdP.exe
  2⤵
  PID:1664
- C:\Windows\System\dLPJlDP.exe
  C:\Windows\System\dLPJlDP.exe
  2⤵
  PID:2376
- C:\Windows\System\dQJeRvp.exe
  C:\Windows\System\dQJeRvp.exe
  2⤵
  PID:1496
- C:\Windows\System\eqGdiJZ.exe
  C:\Windows\System\eqGdiJZ.exe
  2⤵
  PID:2020
- C:\Windows\System\lTRHHQE.exe
  C:\Windows\System\lTRHHQE.exe
  2⤵
  PID:2000
- C:\Windows\System\gzkczQA.exe
  C:\Windows\System\gzkczQA.exe
  2⤵
  PID:2776
- C:\Windows\System\mFbZeNO.exe
  C:\Windows\System\mFbZeNO.exe
  2⤵
  PID:2428
- C:\Windows\System\ZiRtYXT.exe
  C:\Windows\System\ZiRtYXT.exe
  2⤵
  PID:2252
- C:\Windows\System\aWKgkzA.exe
  C:\Windows\System\aWKgkzA.exe
  2⤵
  PID:2236
- C:\Windows\System\JzbOztw.exe
  C:\Windows\System\JzbOztw.exe
  2⤵
  PID:1868
- C:\Windows\System\iGDSZYK.exe
  C:\Windows\System\iGDSZYK.exe
  2⤵
  PID:1700
- C:\Windows\System\RaSkotx.exe
  C:\Windows\System\RaSkotx.exe
  2⤵
  PID:1164
- C:\Windows\System\AfvYLXa.exe
  C:\Windows\System\AfvYLXa.exe
  2⤵
  PID:1284
- C:\Windows\System\gzLTJym.exe
  C:\Windows\System\gzLTJym.exe
  2⤵
  PID:1736
- C:\Windows\System\QQFZVBX.exe
  C:\Windows\System\QQFZVBX.exe
  2⤵
  PID:1932
- C:\Windows\System\WIOADlW.exe
  C:\Windows\System\WIOADlW.exe
  2⤵
  PID:2436
- C:\Windows\System\RRyWvkv.exe
  C:\Windows\System\RRyWvkv.exe
  2⤵
  PID:580
- C:\Windows\System\MERnwWe.exe
  C:\Windows\System\MERnwWe.exe
  2⤵
  PID:2312
- C:\Windows\System\qPjRkTV.exe
  C:\Windows\System\qPjRkTV.exe
  2⤵
  PID:1500
- C:\Windows\System\IRWNfey.exe
  C:\Windows\System\IRWNfey.exe
  2⤵
  PID:2540
- C:\Windows\System\wECUDZU.exe
  C:\Windows\System\wECUDZU.exe
  2⤵
  PID:820
- C:\Windows\System\yHgKtvT.exe
  C:\Windows\System\yHgKtvT.exe
  2⤵
  PID:784
- C:\Windows\System\WFBqtMv.exe
  C:\Windows\System\WFBqtMv.exe
  2⤵
  PID:2472
- C:\Windows\System\zcIdOHB.exe
  C:\Windows\System\zcIdOHB.exe
  2⤵
  PID:2432
- C:\Windows\System\CFYLfai.exe
  C:\Windows\System\CFYLfai.exe
  2⤵
  PID:2388
- C:\Windows\System\lWqdTbE.exe
  C:\Windows\System\lWqdTbE.exe
  2⤵
  PID:2532
- C:\Windows\System\xCiflAA.exe
  C:\Windows\System\xCiflAA.exe
  2⤵
  PID:2620
- C:\Windows\System\UqrwMje.exe
  C:\Windows\System\UqrwMje.exe
  2⤵
  PID:368
- C:\Windows\System\fSxjapn.exe
  C:\Windows\System\fSxjapn.exe
  2⤵
  PID:2764
- C:\Windows\System\eikxJqC.exe
  C:\Windows\System\eikxJqC.exe
  2⤵
  PID:2812
- C:\Windows\System\vVJrrzL.exe
  C:\Windows\System\vVJrrzL.exe
  2⤵
  PID:2872
- C:\Windows\System\sdMwOin.exe
  C:\Windows\System\sdMwOin.exe
  2⤵
  PID:2676
- C:\Windows\System\xUPWgcz.exe
  C:\Windows\System\xUPWgcz.exe
  2⤵
  PID:2752
- C:\Windows\System\aoYEXUt.exe
  C:\Windows\System\aoYEXUt.exe
  2⤵
  PID:3040
- C:\Windows\System\bFkKBRU.exe
  C:\Windows\System\bFkKBRU.exe
  2⤵
  PID:524
- C:\Windows\System\ReuzxHy.exe
  C:\Windows\System\ReuzxHy.exe
  2⤵
  PID:1080
- C:\Windows\System\fKURuAh.exe
  C:\Windows\System\fKURuAh.exe
  2⤵
  PID:1992
- C:\Windows\System\sFYicCm.exe
  C:\Windows\System\sFYicCm.exe
  2⤵
  PID:1996
- C:\Windows\System\HdFCvIt.exe
  C:\Windows\System\HdFCvIt.exe
  2⤵
  PID:1344
- C:\Windows\System\pUnRsLC.exe
  C:\Windows\System\pUnRsLC.exe
  2⤵
  PID:1908
- C:\Windows\System\pjbGtYo.exe
  C:\Windows\System\pjbGtYo.exe
  2⤵
  PID:1980
- C:\Windows\System\EMPwDlI.exe
  C:\Windows\System\EMPwDlI.exe
  2⤵
  PID:1068
- C:\Windows\System\RXRaTAZ.exe
  C:\Windows\System\RXRaTAZ.exe
  2⤵
  PID:272
- C:\Windows\System\FPmbMie.exe
  C:\Windows\System\FPmbMie.exe
  2⤵
  PID:1540
- C:\Windows\System\XdSyncm.exe
  C:\Windows\System\XdSyncm.exe
  2⤵
  PID:1648
- C:\Windows\System\BZKFBXp.exe
  C:\Windows\System\BZKFBXp.exe
  2⤵
  PID:2564
- C:\Windows\System\EfJAseS.exe
  C:\Windows\System\EfJAseS.exe
  2⤵
  PID:1724
- C:\Windows\System\lvPZrjS.exe
  C:\Windows\System\lvPZrjS.exe
  2⤵
  PID:2324
- C:\Windows\System\WZwjeFi.exe
  C:\Windows\System\WZwjeFi.exe
  2⤵
  PID:1796
- C:\Windows\System\JSFDxtP.exe
  C:\Windows\System\JSFDxtP.exe
  2⤵
  PID:1688
- C:\Windows\System\jgBjpPv.exe
  C:\Windows\System\jgBjpPv.exe
  2⤵
  PID:2956
- C:\Windows\System\ppPaLWB.exe
  C:\Windows\System\ppPaLWB.exe
  2⤵
  PID:2792
- C:\Windows\System\zDVOqmE.exe
  C:\Windows\System\zDVOqmE.exe
  2⤵
  PID:2716
- C:\Windows\System\nujTuPX.exe
  C:\Windows\System\nujTuPX.exe
  2⤵
  PID:2728
- C:\Windows\System\ObEVsON.exe
  C:\Windows\System\ObEVsON.exe
  2⤵
  PID:2384
- C:\Windows\System\JGoCmTS.exe
  C:\Windows\System\JGoCmTS.exe
  2⤵
  PID:2576
- C:\Windows\System\HBPgcYk.exe
  C:\Windows\System\HBPgcYk.exe
  2⤵
  PID:2332
- C:\Windows\System\nBDBIaa.exe
  C:\Windows\System\nBDBIaa.exe
  2⤵
  PID:1972
- C:\Windows\System\BgxKzld.exe
  C:\Windows\System\BgxKzld.exe
  2⤵
  PID:2264
- C:\Windows\System\ZmXrvZj.exe
  C:\Windows\System\ZmXrvZj.exe
  2⤵
  PID:940
- C:\Windows\System\FbxZPjG.exe
  C:\Windows\System\FbxZPjG.exe
  2⤵
  PID:1412
- C:\Windows\System\WECRONY.exe
  C:\Windows\System\WECRONY.exe
  2⤵
  PID:2320
- C:\Windows\System\ytoSIeh.exe
  C:\Windows\System\ytoSIeh.exe
  2⤵
  PID:552
- C:\Windows\System\gjspZjS.exe
  C:\Windows\System\gjspZjS.exe
  2⤵
  PID:1240
- C:\Windows\System\rRzODLL.exe
  C:\Windows\System\rRzODLL.exe
  2⤵
  PID:1756
- C:\Windows\System\mSZAton.exe
  C:\Windows\System\mSZAton.exe
  2⤵
  PID:2904
- C:\Windows\System\DHGTwrS.exe
  C:\Windows\System\DHGTwrS.exe
  2⤵
  PID:2900
- C:\Windows\System\eOqYrsE.exe
  C:\Windows\System\eOqYrsE.exe
  2⤵
  PID:2028
- C:\Windows\System\bwhubpZ.exe
  C:\Windows\System\bwhubpZ.exe
  2⤵
  PID:2964
- C:\Windows\System\JAHWjnW.exe
  C:\Windows\System\JAHWjnW.exe
  2⤵
  PID:1460
- C:\Windows\System\EafQwXy.exe
  C:\Windows\System\EafQwXy.exe
  2⤵
  PID:836
- C:\Windows\System\aeTstUW.exe
  C:\Windows\System\aeTstUW.exe
  2⤵
  PID:1716
- C:\Windows\System\QJfLhmj.exe
  C:\Windows\System\QJfLhmj.exe
  2⤵
  PID:772
- C:\Windows\System\IZVdgeH.exe
  C:\Windows\System\IZVdgeH.exe
  2⤵
  PID:2524
- C:\Windows\System\zjONVIJ.exe
  C:\Windows\System\zjONVIJ.exe
  2⤵
  PID:1600
- C:\Windows\System\BArevHY.exe
  C:\Windows\System\BArevHY.exe
  2⤵
  PID:2912
- C:\Windows\System\ncvKMZh.exe
  C:\Windows\System\ncvKMZh.exe
  2⤵
  PID:804
- C:\Windows\System\DdDeOvB.exe
  C:\Windows\System\DdDeOvB.exe
  2⤵
  PID:3092
- C:\Windows\System\YAMlBTn.exe
  C:\Windows\System\YAMlBTn.exe
  2⤵
  PID:3112
- C:\Windows\System\xojXAvK.exe
  C:\Windows\System\xojXAvK.exe
  2⤵
  PID:3132
- C:\Windows\System\hqAoAOT.exe
  C:\Windows\System\hqAoAOT.exe
  2⤵
  PID:3152
- C:\Windows\System\nvPxyRG.exe
  C:\Windows\System\nvPxyRG.exe
  2⤵
  PID:3172
- C:\Windows\System\vpIFLhy.exe
  C:\Windows\System\vpIFLhy.exe
  2⤵
  PID:3188
- C:\Windows\System\zmPlcma.exe
  C:\Windows\System\zmPlcma.exe
  2⤵
  PID:3212
- C:\Windows\System\SGRegLq.exe
  C:\Windows\System\SGRegLq.exe
  2⤵
  PID:3232
- C:\Windows\System\DsxfCwv.exe
  C:\Windows\System\DsxfCwv.exe
  2⤵
  PID:3256
- C:\Windows\System\zkizsSy.exe
  C:\Windows\System\zkizsSy.exe
  2⤵
  PID:3280
- C:\Windows\System\epUcJTz.exe
  C:\Windows\System\epUcJTz.exe
  2⤵
  PID:3300
- C:\Windows\System\FgwQlAn.exe
  C:\Windows\System\FgwQlAn.exe
  2⤵
  PID:3320
- C:\Windows\System\lKZuJVB.exe
  C:\Windows\System\lKZuJVB.exe
  2⤵
  PID:3340
- C:\Windows\System\qTKOyaA.exe
  C:\Windows\System\qTKOyaA.exe
  2⤵
  PID:3360
- C:\Windows\System\suSoMZX.exe
  C:\Windows\System\suSoMZX.exe
  2⤵
  PID:3384
- C:\Windows\System\ScBzrnt.exe
  C:\Windows\System\ScBzrnt.exe
  2⤵
  PID:3404
- C:\Windows\System\MbMPdUO.exe
  C:\Windows\System\MbMPdUO.exe
  2⤵
  PID:3424
- C:\Windows\System\oMTewrn.exe
  C:\Windows\System\oMTewrn.exe
  2⤵
  PID:3444
- C:\Windows\System\EfJQJVm.exe
  C:\Windows\System\EfJQJVm.exe
  2⤵
  PID:3464
- C:\Windows\System\YBnYikc.exe
  C:\Windows\System\YBnYikc.exe
  2⤵
  PID:3484
- C:\Windows\System\loffSby.exe
  C:\Windows\System\loffSby.exe
  2⤵
  PID:3504
- C:\Windows\System\JLQrZaM.exe
  C:\Windows\System\JLQrZaM.exe
  2⤵
  PID:3524
- C:\Windows\System\SrquAAO.exe
  C:\Windows\System\SrquAAO.exe
  2⤵
  PID:3548
- C:\Windows\System\MNmTOMk.exe
  C:\Windows\System\MNmTOMk.exe
  2⤵
  PID:3564
- C:\Windows\System\MDgGQvt.exe
  C:\Windows\System\MDgGQvt.exe
  2⤵
  PID:3588
- C:\Windows\System\MEyLaRM.exe
  C:\Windows\System\MEyLaRM.exe
  2⤵
  PID:3608
- C:\Windows\System\jzbTGYl.exe
  C:\Windows\System\jzbTGYl.exe
  2⤵
  PID:3628
- C:\Windows\System\cJHNDvy.exe
  C:\Windows\System\cJHNDvy.exe
  2⤵
  PID:3648
- C:\Windows\System\LMmWstC.exe
  C:\Windows\System\LMmWstC.exe
  2⤵
  PID:3672
- C:\Windows\System\RZZnDNa.exe
  C:\Windows\System\RZZnDNa.exe
  2⤵
  PID:3692
- C:\Windows\System\UaVHXjk.exe
  C:\Windows\System\UaVHXjk.exe
  2⤵
  PID:3712
- C:\Windows\System\wixIqjT.exe
  C:\Windows\System\wixIqjT.exe
  2⤵
  PID:3728
- C:\Windows\System\RRdvTcP.exe
  C:\Windows\System\RRdvTcP.exe
  2⤵
  PID:3752
- C:\Windows\System\trMACFj.exe
  C:\Windows\System\trMACFj.exe
  2⤵
  PID:3772
- C:\Windows\System\yUKyiXn.exe
  C:\Windows\System\yUKyiXn.exe
  2⤵
  PID:3792
- C:\Windows\System\cYXCeqX.exe
  C:\Windows\System\cYXCeqX.exe
  2⤵
  PID:3808
- C:\Windows\System\yZjiKWI.exe
  C:\Windows\System\yZjiKWI.exe
  2⤵
  PID:3828
- C:\Windows\System\EtRjlNM.exe
  C:\Windows\System\EtRjlNM.exe
  2⤵
  PID:3852
- C:\Windows\System\qOIWDSa.exe
  C:\Windows\System\qOIWDSa.exe
  2⤵
  PID:3872
- C:\Windows\System\AHlzPrG.exe
  C:\Windows\System\AHlzPrG.exe
  2⤵
  PID:3892
- C:\Windows\System\eIkimWE.exe
  C:\Windows\System\eIkimWE.exe
  2⤵
  PID:3916
- C:\Windows\System\rEPQbIC.exe
  C:\Windows\System\rEPQbIC.exe
  2⤵
  PID:3932
- C:\Windows\System\AVbhqbH.exe
  C:\Windows\System\AVbhqbH.exe
  2⤵
  PID:3968
- C:\Windows\System\SfSLHyR.exe
  C:\Windows\System\SfSLHyR.exe
  2⤵
  PID:3988
- C:\Windows\System\mLsoiTe.exe
  C:\Windows\System\mLsoiTe.exe
  2⤵
  PID:4008
- C:\Windows\System\MeOnDhH.exe
  C:\Windows\System\MeOnDhH.exe
  2⤵
  PID:4028
- C:\Windows\System\IonBMzn.exe
  C:\Windows\System\IonBMzn.exe
  2⤵
  PID:4048
- C:\Windows\System\mGlleWE.exe
  C:\Windows\System\mGlleWE.exe
  2⤵
  PID:4068
- C:\Windows\System\QPWysGQ.exe
  C:\Windows\System\QPWysGQ.exe
  2⤵
  PID:4088
- C:\Windows\System\FoeBYfh.exe
  C:\Windows\System\FoeBYfh.exe
  2⤵
  PID:2044
- C:\Windows\System\jJSHQbX.exe
  C:\Windows\System\jJSHQbX.exe
  2⤵
  PID:2132
- C:\Windows\System\pXXhYWG.exe
  C:\Windows\System\pXXhYWG.exe
  2⤵
  PID:1968
- C:\Windows\System\eiYEWQN.exe
  C:\Windows\System\eiYEWQN.exe
  2⤵
  PID:2092
- C:\Windows\System\RAlItUu.exe
  C:\Windows\System\RAlItUu.exe
  2⤵
  PID:3080
- C:\Windows\System\EjCcVew.exe
  C:\Windows\System\EjCcVew.exe
  2⤵
  PID:2816
- C:\Windows\System\jJNPHwn.exe
  C:\Windows\System\jJNPHwn.exe
  2⤵
  PID:3128
- C:\Windows\System\rHoiquc.exe
  C:\Windows\System\rHoiquc.exe
  2⤵
  PID:3144
- C:\Windows\System\HHacDTP.exe
  C:\Windows\System\HHacDTP.exe
  2⤵
  PID:3180
- C:\Windows\System\cECmgZF.exe
  C:\Windows\System\cECmgZF.exe
  2⤵
  PID:3220
- C:\Windows\System\SOnNUcG.exe
  C:\Windows\System\SOnNUcG.exe
  2⤵
  PID:3244
- C:\Windows\System\imSReFw.exe
  C:\Windows\System\imSReFw.exe
  2⤵
  PID:3296
- C:\Windows\System\VeTkksY.exe
  C:\Windows\System\VeTkksY.exe
  2⤵
  PID:3328
- C:\Windows\System\WmLCTrR.exe
  C:\Windows\System\WmLCTrR.exe
  2⤵
  PID:3368
- C:\Windows\System\OJeFxVr.exe
  C:\Windows\System\OJeFxVr.exe
  2⤵
  PID:1644
- C:\Windows\System\DRlgZgI.exe
  C:\Windows\System\DRlgZgI.exe
  2⤵
  PID:3412
- C:\Windows\System\jEWexAN.exe
  C:\Windows\System\jEWexAN.exe
  2⤵
  PID:3440
- C:\Windows\System\EWTBnSU.exe
  C:\Windows\System\EWTBnSU.exe
  2⤵
  PID:3472
- C:\Windows\System\xOopbIu.exe
  C:\Windows\System\xOopbIu.exe
  2⤵
  PID:3496
- C:\Windows\System\xSEdeKk.exe
  C:\Windows\System\xSEdeKk.exe
  2⤵
  PID:3540
- C:\Windows\System\BUrAArM.exe
  C:\Windows\System\BUrAArM.exe
  2⤵
  PID:3584
- C:\Windows\System\dEcaGXg.exe
  C:\Windows\System\dEcaGXg.exe
  2⤵
  PID:3604
- C:\Windows\System\yNihKCX.exe
  C:\Windows\System\yNihKCX.exe
  2⤵
  PID:3600
- C:\Windows\System\dKHgGUO.exe
  C:\Windows\System\dKHgGUO.exe
  2⤵
  PID:3668
- C:\Windows\System\wvvRUPy.exe
  C:\Windows\System\wvvRUPy.exe
  2⤵
  PID:3708
- C:\Windows\System\VzOPCzw.exe
  C:\Windows\System\VzOPCzw.exe
  2⤵
  PID:3748
- C:\Windows\System\seuzaKh.exe
  C:\Windows\System\seuzaKh.exe
  2⤵
  PID:3784
- C:\Windows\System\UJYYsoN.exe
  C:\Windows\System\UJYYsoN.exe
  2⤵
  PID:3804
- C:\Windows\System\ABoViMJ.exe
  C:\Windows\System\ABoViMJ.exe
  2⤵
  PID:3864
- C:\Windows\System\KOkOVGG.exe
  C:\Windows\System\KOkOVGG.exe
  2⤵
  PID:3840
- C:\Windows\System\YThjwTz.exe
  C:\Windows\System\YThjwTz.exe
  2⤵
  PID:3884
- C:\Windows\System\vpmblJa.exe
  C:\Windows\System\vpmblJa.exe
  2⤵
  PID:3960
- C:\Windows\System\tXceTRk.exe
  C:\Windows\System\tXceTRk.exe
  2⤵
  PID:3912
- C:\Windows\System\uKnECXx.exe
  C:\Windows\System\uKnECXx.exe
  2⤵
  PID:3980
- C:\Windows\System\VEgROZV.exe
  C:\Windows\System\VEgROZV.exe
  2⤵
  PID:4020
- C:\Windows\System\uAJAeER.exe
  C:\Windows\System\uAJAeER.exe
  2⤵
  PID:4060
- C:\Windows\System\bblXUeM.exe
  C:\Windows\System\bblXUeM.exe
  2⤵
  PID:1616
- C:\Windows\System\NXaiYrb.exe
  C:\Windows\System\NXaiYrb.exe
  2⤵
  PID:2112
- C:\Windows\System\DDUGDyB.exe
  C:\Windows\System\DDUGDyB.exe
  2⤵
  PID:2468
- C:\Windows\System\zPeMKPF.exe
  C:\Windows\System\zPeMKPF.exe
  2⤵
  PID:1764
- C:\Windows\System\bkWyJxA.exe
  C:\Windows\System\bkWyJxA.exe
  2⤵
  PID:3120
- C:\Windows\System\FwZFHhf.exe
  C:\Windows\System\FwZFHhf.exe
  2⤵
  PID:3196
- C:\Windows\System\GhpjIGJ.exe
  C:\Windows\System\GhpjIGJ.exe
  2⤵
  PID:3240
- C:\Windows\System\sbNUCHi.exe
  C:\Windows\System\sbNUCHi.exe
  2⤵
  PID:3332
- C:\Windows\System\xieTZPj.exe
  C:\Windows\System\xieTZPj.exe
  2⤵
  PID:1576
- C:\Windows\System\xOOpLfv.exe
  C:\Windows\System\xOOpLfv.exe
  2⤵
  PID:3392
- C:\Windows\System\cTkkSMR.exe
  C:\Windows\System\cTkkSMR.exe
  2⤵
  PID:3456
- C:\Windows\System\dcClgtS.exe
  C:\Windows\System\dcClgtS.exe
  2⤵
  PID:1948
- C:\Windows\System\ZLGScGh.exe
  C:\Windows\System\ZLGScGh.exe
  2⤵
  PID:3536
- C:\Windows\System\zcCthHw.exe
  C:\Windows\System\zcCthHw.exe
  2⤵
  PID:3572
- C:\Windows\System\PoYRNKM.exe
  C:\Windows\System\PoYRNKM.exe
  2⤵
  PID:3644
- C:\Windows\System\MsQWzUG.exe
  C:\Windows\System\MsQWzUG.exe
  2⤵
  PID:3700
- C:\Windows\System\WsjyTSh.exe
  C:\Windows\System\WsjyTSh.exe
  2⤵
  PID:3824
- C:\Windows\System\NMtsfsM.exe
  C:\Windows\System\NMtsfsM.exe
  2⤵
  PID:3836
- C:\Windows\System\kUhsRdB.exe
  C:\Windows\System\kUhsRdB.exe
  2⤵
  PID:3948
- C:\Windows\System\qPfEdcl.exe
  C:\Windows\System\qPfEdcl.exe
  2⤵
  PID:3996
- C:\Windows\System\utKFfgN.exe
  C:\Windows\System\utKFfgN.exe
  2⤵
  PID:3952
- C:\Windows\System\PrkPdDt.exe
  C:\Windows\System\PrkPdDt.exe
  2⤵
  PID:4024
- C:\Windows\System\WUfOqUy.exe
  C:\Windows\System\WUfOqUy.exe
  2⤵
  PID:776
- C:\Windows\System\wwVRpdw.exe
  C:\Windows\System\wwVRpdw.exe
  2⤵
  PID:1964
- C:\Windows\System\sWpbClS.exe
  C:\Windows\System\sWpbClS.exe
  2⤵
  PID:3108
- C:\Windows\System\mOnKZvl.exe
  C:\Windows\System\mOnKZvl.exe
  2⤵
  PID:3224
- C:\Windows\System\NAdiyzT.exe
  C:\Windows\System\NAdiyzT.exe
  2⤵
  PID:3376
- C:\Windows\System\gVnqopn.exe
  C:\Windows\System\gVnqopn.exe
  2⤵
  PID:2284
- C:\Windows\System\DLXqQpT.exe
  C:\Windows\System\DLXqQpT.exe
  2⤵
  PID:3580
- C:\Windows\System\HalEJkM.exe
  C:\Windows\System\HalEJkM.exe
  2⤵
  PID:3476
- C:\Windows\System\IjlkjoV.exe
  C:\Windows\System\IjlkjoV.exe
  2⤵
  PID:3544
- C:\Windows\System\daetISF.exe
  C:\Windows\System\daetISF.exe
  2⤵
  PID:3780
- C:\Windows\System\YMdfpVe.exe
  C:\Windows\System\YMdfpVe.exe
  2⤵
  PID:3904
- C:\Windows\System\VcKVram.exe
  C:\Windows\System\VcKVram.exe
  2⤵
  PID:3984
- C:\Windows\System\pNZowFq.exe
  C:\Windows\System\pNZowFq.exe
  2⤵
  PID:4004
- C:\Windows\System\BAuaAMN.exe
  C:\Windows\System\BAuaAMN.exe
  2⤵
  PID:2452
- C:\Windows\System\ihoxbOn.exe
  C:\Windows\System\ihoxbOn.exe
  2⤵
  PID:3140
- C:\Windows\System\uEiTeKj.exe
  C:\Windows\System\uEiTeKj.exe
  2⤵
  PID:3200
- C:\Windows\System\hukzyzY.exe
  C:\Windows\System\hukzyzY.exe
  2⤵
  PID:3308
- C:\Windows\System\bsnqUen.exe
  C:\Windows\System\bsnqUen.exe
  2⤵
  PID:4112
- C:\Windows\System\ooBeVYy.exe
  C:\Windows\System\ooBeVYy.exe
  2⤵
  PID:4132
- C:\Windows\System\TMbirKX.exe
  C:\Windows\System\TMbirKX.exe
  2⤵
  PID:4152
- C:\Windows\System\ffkZLMu.exe
  C:\Windows\System\ffkZLMu.exe
  2⤵
  PID:4172
- C:\Windows\System\zbkNMRy.exe
  C:\Windows\System\zbkNMRy.exe
  2⤵
  PID:4196
- C:\Windows\System\poEgJSw.exe
  C:\Windows\System\poEgJSw.exe
  2⤵
  PID:4216
- C:\Windows\System\YaDGpwD.exe
  C:\Windows\System\YaDGpwD.exe
  2⤵
  PID:4240
- C:\Windows\System\aoCtRbd.exe
  C:\Windows\System\aoCtRbd.exe
  2⤵
  PID:4260
- C:\Windows\System\NolVCqS.exe
  C:\Windows\System\NolVCqS.exe
  2⤵
  PID:4280
- C:\Windows\System\XGIzHAU.exe
  C:\Windows\System\XGIzHAU.exe
  2⤵
  PID:4300
- C:\Windows\System\uiwgJan.exe
  C:\Windows\System\uiwgJan.exe
  2⤵
  PID:4320
- C:\Windows\System\dcAJUcd.exe
  C:\Windows\System\dcAJUcd.exe
  2⤵
  PID:4340
- C:\Windows\System\TvfEkZt.exe
  C:\Windows\System\TvfEkZt.exe
  2⤵
  PID:4360
- C:\Windows\System\jqrpBGA.exe
  C:\Windows\System\jqrpBGA.exe
  2⤵
  PID:4380
- C:\Windows\System\MohFOHV.exe
  C:\Windows\System\MohFOHV.exe
  2⤵
  PID:4400
- C:\Windows\System\IexVigq.exe
  C:\Windows\System\IexVigq.exe
  2⤵
  PID:4420
- C:\Windows\System\BZbrLSy.exe
  C:\Windows\System\BZbrLSy.exe
  2⤵
  PID:4440
- C:\Windows\System\qWYiMed.exe
  C:\Windows\System\qWYiMed.exe
  2⤵
  PID:4460
- C:\Windows\System\cedJXRv.exe
  C:\Windows\System\cedJXRv.exe
  2⤵
  PID:4480
- C:\Windows\System\dpxYuFE.exe
  C:\Windows\System\dpxYuFE.exe
  2⤵
  PID:4504
- C:\Windows\System\nOuHWsh.exe
  C:\Windows\System\nOuHWsh.exe
  2⤵
  PID:4524
- C:\Windows\System\oOtfpRa.exe
  C:\Windows\System\oOtfpRa.exe
  2⤵
  PID:4544
- C:\Windows\System\AwLbTdn.exe
  C:\Windows\System\AwLbTdn.exe
  2⤵
  PID:4564
- C:\Windows\System\aBflMFm.exe
  C:\Windows\System\aBflMFm.exe
  2⤵
  PID:4584
- C:\Windows\System\KgnmmHp.exe
  C:\Windows\System\KgnmmHp.exe
  2⤵
  PID:4608
- C:\Windows\System\XaAGlDo.exe
  C:\Windows\System\XaAGlDo.exe
  2⤵
  PID:4628
- C:\Windows\System\sEtwJol.exe
  C:\Windows\System\sEtwJol.exe
  2⤵
  PID:4652
- C:\Windows\System\dLlqwKz.exe
  C:\Windows\System\dLlqwKz.exe
  2⤵
  PID:4672
- C:\Windows\System\QRJmXoY.exe
  C:\Windows\System\QRJmXoY.exe
  2⤵
  PID:4692
- C:\Windows\System\kjLxsSy.exe
  C:\Windows\System\kjLxsSy.exe
  2⤵
  PID:4712
- C:\Windows\System\YwNReSl.exe
  C:\Windows\System\YwNReSl.exe
  2⤵
  PID:4732
- C:\Windows\System\ioBcHNL.exe
  C:\Windows\System\ioBcHNL.exe
  2⤵
  PID:4752
- C:\Windows\System\sXUAEHv.exe
  C:\Windows\System\sXUAEHv.exe
  2⤵
  PID:4776
- C:\Windows\System\dglnSav.exe
  C:\Windows\System\dglnSav.exe
  2⤵
  PID:4800
- C:\Windows\System\xyIQAkI.exe
  C:\Windows\System\xyIQAkI.exe
  2⤵
  PID:4820
- C:\Windows\System\jULdCwN.exe
  C:\Windows\System\jULdCwN.exe
  2⤵
  PID:4840
- C:\Windows\System\SRYaAeA.exe
  C:\Windows\System\SRYaAeA.exe
  2⤵
  PID:4860
- C:\Windows\System\QPYcLyx.exe
  C:\Windows\System\QPYcLyx.exe
  2⤵
  PID:4880
- C:\Windows\System\NVzAWgQ.exe
  C:\Windows\System\NVzAWgQ.exe
  2⤵
  PID:4900
- C:\Windows\System\ezyWibd.exe
  C:\Windows\System\ezyWibd.exe
  2⤵
  PID:4916
- C:\Windows\System\SPpTqdi.exe
  C:\Windows\System\SPpTqdi.exe
  2⤵
  PID:4944
- C:\Windows\System\YFarsgO.exe
  C:\Windows\System\YFarsgO.exe
  2⤵
  PID:4964
- C:\Windows\System\nelnwNI.exe
  C:\Windows\System\nelnwNI.exe
  2⤵
  PID:4988
- C:\Windows\System\TdAnIeG.exe
  C:\Windows\System\TdAnIeG.exe
  2⤵
  PID:5004
- C:\Windows\System\vpsanrC.exe
  C:\Windows\System\vpsanrC.exe
  2⤵
  PID:5028
- C:\Windows\System\FbcfASl.exe
  C:\Windows\System\FbcfASl.exe
  2⤵
  PID:5048
- C:\Windows\System\XDuFKXV.exe
  C:\Windows\System\XDuFKXV.exe
  2⤵
  PID:5068
- C:\Windows\System\PfFkvWz.exe
  C:\Windows\System\PfFkvWz.exe
  2⤵
  PID:5088
- C:\Windows\System\xiCHBqU.exe
  C:\Windows\System\xiCHBqU.exe
  2⤵
  PID:5112
- C:\Windows\System\toZifKj.exe
  C:\Windows\System\toZifKj.exe
  2⤵
  PID:3512
- C:\Windows\System\zInHjZA.exe
  C:\Windows\System\zInHjZA.exe
  2⤵
  PID:3744
- C:\Windows\System\vyZAuat.exe
  C:\Windows\System\vyZAuat.exe
  2⤵
  PID:3880
- C:\Windows\System\UQNeXnP.exe
  C:\Windows\System\UQNeXnP.exe
  2⤵
  PID:4076
- C:\Windows\System\MuIYOeq.exe
  C:\Windows\System\MuIYOeq.exe
  2⤵
  PID:2972
- C:\Windows\System\fRWpIYs.exe
  C:\Windows\System\fRWpIYs.exe
  2⤵
  PID:3288
- C:\Windows\System\DxZxdXv.exe
  C:\Windows\System\DxZxdXv.exe
  2⤵
  PID:4104
- C:\Windows\System\CqYbzqy.exe
  C:\Windows\System\CqYbzqy.exe
  2⤵
  PID:4140
- C:\Windows\System\EFnSsee.exe
  C:\Windows\System\EFnSsee.exe
  2⤵
  PID:3380
- C:\Windows\System\RwBrqAV.exe
  C:\Windows\System\RwBrqAV.exe
  2⤵
  PID:4192
- C:\Windows\System\ezwHeQv.exe
  C:\Windows\System\ezwHeQv.exe
  2⤵
  PID:4208
- C:\Windows\System\gDPZcbp.exe
  C:\Windows\System\gDPZcbp.exe
  2⤵
  PID:4276
- C:\Windows\System\niqHzGz.exe
  C:\Windows\System\niqHzGz.exe
  2⤵
  PID:4308
- C:\Windows\System\JTJDPXN.exe
  C:\Windows\System\JTJDPXN.exe
  2⤵
  PID:4348
- C:\Windows\System\lvqHaix.exe
  C:\Windows\System\lvqHaix.exe
  2⤵
  PID:4368
- C:\Windows\System\uRbdnZX.exe
  C:\Windows\System\uRbdnZX.exe
  2⤵
  PID:4392
- C:\Windows\System\GjVmuEg.exe
  C:\Windows\System\GjVmuEg.exe
  2⤵
  PID:4412
- C:\Windows\System\aOWTkmP.exe
  C:\Windows\System\aOWTkmP.exe
  2⤵
  PID:4472
- C:\Windows\System\XMnbiYi.exe
  C:\Windows\System\XMnbiYi.exe
  2⤵
  PID:4520
- C:\Windows\System\wTZSsGE.exe
  C:\Windows\System\wTZSsGE.exe
  2⤵
  PID:4532
- C:\Windows\System\lkGvfOt.exe
  C:\Windows\System\lkGvfOt.exe
  2⤵
  PID:4556
- C:\Windows\System\wwqLNeh.exe
  C:\Windows\System\wwqLNeh.exe
  2⤵
  PID:4580
- C:\Windows\System\DbxgeGL.exe
  C:\Windows\System\DbxgeGL.exe
  2⤵
  PID:4644
- C:\Windows\System\MbWLyYz.exe
  C:\Windows\System\MbWLyYz.exe
  2⤵
  PID:4684
- C:\Windows\System\WqusFGB.exe
  C:\Windows\System\WqusFGB.exe
  2⤵
  PID:4708
- C:\Windows\System\VPocIoE.exe
  C:\Windows\System\VPocIoE.exe
  2⤵
  PID:4760
- C:\Windows\System\HYRqnLY.exe
  C:\Windows\System\HYRqnLY.exe
  2⤵
  PID:4744
- C:\Windows\System\aRJexKc.exe
  C:\Windows\System\aRJexKc.exe
  2⤵
  PID:4792
- C:\Windows\System\kGwxuTz.exe
  C:\Windows\System\kGwxuTz.exe
  2⤵
  PID:4828
- C:\Windows\System\ELWSofm.exe
  C:\Windows\System\ELWSofm.exe
  2⤵
  PID:4888
- C:\Windows\System\tLiOUye.exe
  C:\Windows\System\tLiOUye.exe
  2⤵
  PID:4924
- C:\Windows\System\VEhUrdo.exe
  C:\Windows\System\VEhUrdo.exe
  2⤵
  PID:4952
- C:\Windows\System\hdBbBMB.exe
  C:\Windows\System\hdBbBMB.exe
  2⤵
  PID:4976
- C:\Windows\System\ryjkFqp.exe
  C:\Windows\System\ryjkFqp.exe
  2⤵
  PID:4996
- C:\Windows\System\IDoLthC.exe
  C:\Windows\System\IDoLthC.exe
  2⤵
  PID:5056
- C:\Windows\System\nsEmHaU.exe
  C:\Windows\System\nsEmHaU.exe
  2⤵
  PID:5096
- C:\Windows\System\qtadhfX.exe
  C:\Windows\System\qtadhfX.exe
  2⤵
  PID:5100
- C:\Windows\System\CoVpOIh.exe
  C:\Windows\System\CoVpOIh.exe
  2⤵
  PID:3520
- C:\Windows\System\oEvkZei.exe
  C:\Windows\System\oEvkZei.exe
  2⤵
  PID:3760
- C:\Windows\System\xUAFTIv.exe
  C:\Windows\System\xUAFTIv.exe
  2⤵
  PID:2660
- C:\Windows\System\HGVIhIM.exe
  C:\Windows\System\HGVIhIM.exe
  2⤵
  PID:2664
- C:\Windows\System\RFIvDDR.exe
  C:\Windows\System\RFIvDDR.exe
  2⤵
  PID:4120
- C:\Windows\System\heGgukD.exe
  C:\Windows\System\heGgukD.exe
  2⤵
  PID:4124
- C:\Windows\System\lVOuOBS.exe
  C:\Windows\System\lVOuOBS.exe
  2⤵
  PID:4204
- C:\Windows\System\FynuhKe.exe
  C:\Windows\System\FynuhKe.exe
  2⤵
  PID:4296
- C:\Windows\System\rFSxIrb.exe
  C:\Windows\System\rFSxIrb.exe
  2⤵
  PID:4388
- C:\Windows\System\mkjUtoc.exe
  C:\Windows\System\mkjUtoc.exe
  2⤵
  PID:3024
- C:\Windows\System\aTetDpW.exe
  C:\Windows\System\aTetDpW.exe
  2⤵
  PID:4428
- C:\Windows\System\zxiJlge.exe
  C:\Windows\System\zxiJlge.exe
  2⤵
  PID:4516
- C:\Windows\System\fmhsZAD.exe
  C:\Windows\System\fmhsZAD.exe
  2⤵
  PID:4560
- C:\Windows\System\gGhjDyC.exe
  C:\Windows\System\gGhjDyC.exe
  2⤵
  PID:4624
- C:\Windows\System\vxQhWky.exe
  C:\Windows\System\vxQhWky.exe
  2⤵
  PID:4720
- C:\Windows\System\mHakTkb.exe
  C:\Windows\System\mHakTkb.exe
  2⤵
  PID:4664
- C:\Windows\System\wsWiyQs.exe
  C:\Windows\System\wsWiyQs.exe
  2⤵
  PID:4796
- C:\Windows\System\KQSHOod.exe
  C:\Windows\System\KQSHOod.exe
  2⤵
  PID:4832
- C:\Windows\System\WONRtHX.exe
  C:\Windows\System\WONRtHX.exe
  2⤵
  PID:4896
- C:\Windows\System\Tookzuu.exe
  C:\Windows\System\Tookzuu.exe
  2⤵
  PID:2572
- C:\Windows\System\EDZnSvq.exe
  C:\Windows\System\EDZnSvq.exe
  2⤵
  PID:5024
- C:\Windows\System\crvivcA.exe
  C:\Windows\System\crvivcA.exe
  2⤵
  PID:5044
- C:\Windows\System\koaODOv.exe
  C:\Windows\System\koaODOv.exe
  2⤵
  PID:1924
- C:\Windows\System\KwiKGSk.exe
  C:\Windows\System\KwiKGSk.exe
  2⤵
  PID:3680
- C:\Windows\System\cVBRpPi.exe
  C:\Windows\System\cVBRpPi.exe
  2⤵
  PID:3908
- C:\Windows\System\UUtpyEo.exe
  C:\Windows\System\UUtpyEo.exe
  2⤵
  PID:3316
- C:\Windows\System\couaNYJ.exe
  C:\Windows\System\couaNYJ.exe
  2⤵
  PID:4164
- C:\Windows\System\TEjETWt.exe
  C:\Windows\System\TEjETWt.exe
  2⤵
  PID:1180
- C:\Windows\System\OqatRhZ.exe
  C:\Windows\System\OqatRhZ.exe
  2⤵
  PID:4468
- C:\Windows\System\sBgDDjD.exe
  C:\Windows\System\sBgDDjD.exe
  2⤵
  PID:4312
- C:\Windows\System\wayVxpZ.exe
  C:\Windows\System\wayVxpZ.exe
  2⤵
  PID:4500
- C:\Windows\System\PFYvPyD.exe
  C:\Windows\System\PFYvPyD.exe
  2⤵
  PID:4680
- C:\Windows\System\AyIFrtE.exe
  C:\Windows\System\AyIFrtE.exe
  2⤵
  PID:4724
- C:\Windows\System\zSCCaqC.exe
  C:\Windows\System\zSCCaqC.exe
  2⤵
  PID:4808
- C:\Windows\System\WapLWNp.exe
  C:\Windows\System\WapLWNp.exe
  2⤵
  PID:1208
- C:\Windows\System\QpzEVvh.exe
  C:\Windows\System\QpzEVvh.exe
  2⤵
  PID:4980
- C:\Windows\System\rJfuSQK.exe
  C:\Windows\System\rJfuSQK.exe
  2⤵
  PID:4928
- C:\Windows\System\aMvHBVi.exe
  C:\Windows\System\aMvHBVi.exe
  2⤵
  PID:3028
- C:\Windows\System\roksrGu.exe
  C:\Windows\System\roksrGu.exe
  2⤵
  PID:5084
- C:\Windows\System\CcwmDBO.exe
  C:\Windows\System\CcwmDBO.exe
  2⤵
  PID:2868
- C:\Windows\System\VPlXOhy.exe
  C:\Windows\System\VPlXOhy.exe
  2⤵
  PID:4332
- C:\Windows\System\dWCvetf.exe
  C:\Windows\System\dWCvetf.exe
  2⤵
  PID:4268
- C:\Windows\System\MrroiiE.exe
  C:\Windows\System\MrroiiE.exe
  2⤵
  PID:4356
- C:\Windows\System\yFrGwhp.exe
  C:\Windows\System\yFrGwhp.exe
  2⤵
  PID:1976
- C:\Windows\System\gARmaxY.exe
  C:\Windows\System\gARmaxY.exe
  2⤵
  PID:4616
- C:\Windows\System\dNJxVnB.exe
  C:\Windows\System\dNJxVnB.exe
  2⤵
  PID:4848
- C:\Windows\System\KVMJMTF.exe
  C:\Windows\System\KVMJMTF.exe
  2⤵
  PID:3736
- C:\Windows\System\DEkzxxr.exe
  C:\Windows\System\DEkzxxr.exe
  2⤵
  PID:1960
- C:\Windows\System\xtSyYBq.exe
  C:\Windows\System\xtSyYBq.exe
  2⤵
  PID:4512
- C:\Windows\System\OlhLZAh.exe
  C:\Windows\System\OlhLZAh.exe
  2⤵
  PID:396
- C:\Windows\System\dayiYnF.exe
  C:\Windows\System\dayiYnF.exe
  2⤵
  PID:960
- C:\Windows\System\tBGdWpp.exe
  C:\Windows\System\tBGdWpp.exe
  2⤵
  PID:4236
- C:\Windows\System\rFkIwQu.exe
  C:\Windows\System\rFkIwQu.exe
  2⤵
  PID:2960
- C:\Windows\System\QrOonNx.exe
  C:\Windows\System\QrOonNx.exe
  2⤵
  PID:1696
- C:\Windows\System\imssFbW.exe
  C:\Windows\System\imssFbW.exe
  2⤵
  PID:3396
- C:\Windows\System\VeHPQGY.exe
  C:\Windows\System\VeHPQGY.exe
  2⤵
  PID:1504
- C:\Windows\System\VAQGxAO.exe
  C:\Windows\System\VAQGxAO.exe
  2⤵
  PID:2416
- C:\Windows\System\TvRLFkT.exe
  C:\Windows\System\TvRLFkT.exe
  2⤵
  PID:4128
- C:\Windows\System\XwbSAjc.exe
  C:\Windows\System\XwbSAjc.exe
  2⤵
  PID:2316
- C:\Windows\System\FjQqcPM.exe
  C:\Windows\System\FjQqcPM.exe
  2⤵
  PID:4640
- C:\Windows\System\mycVwNx.exe
  C:\Windows\System\mycVwNx.exe
  2⤵
  PID:1808
- C:\Windows\System\uyPTxLR.exe
  C:\Windows\System\uyPTxLR.exe
  2⤵
  PID:4748
- C:\Windows\System\sJfQOIe.exe
  C:\Windows\System\sJfQOIe.exe
  2⤵
  PID:1732
- C:\Windows\System\KJKpJrt.exe
  C:\Windows\System\KJKpJrt.exe
  2⤵
  PID:4704
- C:\Windows\System\ZCcHDer.exe
  C:\Windows\System\ZCcHDer.exe
  2⤵
  PID:4772
- C:\Windows\System\aSNmZvK.exe
  C:\Windows\System\aSNmZvK.exe
  2⤵
  PID:4212
- C:\Windows\System\mQOFADf.exe
  C:\Windows\System\mQOFADf.exe
  2⤵
  PID:1032
- C:\Windows\System\LdXRvaX.exe
  C:\Windows\System\LdXRvaX.exe
  2⤵
  PID:1640
- C:\Windows\System\QmHyxIb.exe
  C:\Windows\System\QmHyxIb.exe
  2⤵
  PID:4648
- C:\Windows\System\ARriZER.exe
  C:\Windows\System\ARriZER.exe
  2⤵
  PID:4476
- C:\Windows\System\PotydOg.exe
  C:\Windows\System\PotydOg.exe
  2⤵
  PID:4256
- C:\Windows\System\gmaICrj.exe
  C:\Windows\System\gmaICrj.exe
  2⤵
  PID:4108
- C:\Windows\System\fFFcNYc.exe
  C:\Windows\System\fFFcNYc.exe
  2⤵
  PID:2984
- C:\Windows\System\rWGkBPd.exe
  C:\Windows\System\rWGkBPd.exe
  2⤵
  PID:5124
- C:\Windows\System\QzkHDNC.exe
  C:\Windows\System\QzkHDNC.exe
  2⤵
  PID:5148
- C:\Windows\System\ZIcLvWx.exe
  C:\Windows\System\ZIcLvWx.exe
  2⤵
  PID:5168
- C:\Windows\System\EXCJjdn.exe
  C:\Windows\System\EXCJjdn.exe
  2⤵
  PID:5184
- C:\Windows\System\frnippZ.exe
  C:\Windows\System\frnippZ.exe
  2⤵
  PID:5204
- C:\Windows\System\RmCAeZD.exe
  C:\Windows\System\RmCAeZD.exe
  2⤵
  PID:5228
- C:\Windows\System\CHPAnHa.exe
  C:\Windows\System\CHPAnHa.exe
  2⤵
  PID:5248
- C:\Windows\System\rebTglc.exe
  C:\Windows\System\rebTglc.exe
  2⤵
  PID:5264
- C:\Windows\System\uvfrlMZ.exe
  C:\Windows\System\uvfrlMZ.exe
  2⤵
  PID:5284
- C:\Windows\System\dZxcwYm.exe
  C:\Windows\System\dZxcwYm.exe
  2⤵
  PID:5300
- C:\Windows\System\bFatKtW.exe
  C:\Windows\System\bFatKtW.exe
  2⤵
  PID:5320
- C:\Windows\System\bNQwowx.exe
  C:\Windows\System\bNQwowx.exe
  2⤵
  PID:5340
- C:\Windows\System\LsdvbBk.exe
  C:\Windows\System\LsdvbBk.exe
  2⤵
  PID:5360
- C:\Windows\System\eeqWSln.exe
  C:\Windows\System\eeqWSln.exe
  2⤵
  PID:5380
- C:\Windows\System\deveYkn.exe
  C:\Windows\System\deveYkn.exe
  2⤵
  PID:5396
- C:\Windows\System\phOdYsS.exe
  C:\Windows\System\phOdYsS.exe
  2⤵
  PID:5428
- C:\Windows\System\SLaFwqM.exe
  C:\Windows\System\SLaFwqM.exe
  2⤵
  PID:5444
- C:\Windows\System\GOCeKxE.exe
  C:\Windows\System\GOCeKxE.exe
  2⤵
  PID:5460
- C:\Windows\System\pyHpiyC.exe
  C:\Windows\System\pyHpiyC.exe
  2⤵
  PID:5476
- C:\Windows\System\ghYZIDA.exe
  C:\Windows\System\ghYZIDA.exe
  2⤵
  PID:5500
- C:\Windows\System\rTjHpys.exe
  C:\Windows\System\rTjHpys.exe
  2⤵
  PID:5524
- C:\Windows\System\NuIaVHP.exe
  C:\Windows\System\NuIaVHP.exe
  2⤵
  PID:5544
- C:\Windows\System\cNwfmXu.exe
  C:\Windows\System\cNwfmXu.exe
  2⤵
  PID:5560
- C:\Windows\System\atVwwFf.exe
  C:\Windows\System\atVwwFf.exe
  2⤵
  PID:5580
- C:\Windows\System\EMpGRFf.exe
  C:\Windows\System\EMpGRFf.exe
  2⤵
  PID:5604
- C:\Windows\System\kCOLZVR.exe
  C:\Windows\System\kCOLZVR.exe
  2⤵
  PID:5632
- C:\Windows\System\FPwFNwA.exe
  C:\Windows\System\FPwFNwA.exe
  2⤵
  PID:5648
- C:\Windows\System\kymXzeR.exe
  C:\Windows\System\kymXzeR.exe
  2⤵
  PID:5664
- C:\Windows\System\wlVhohr.exe
  C:\Windows\System\wlVhohr.exe
  2⤵
  PID:5680
- C:\Windows\System\XAAxoeK.exe
  C:\Windows\System\XAAxoeK.exe
  2⤵
  PID:5708
- C:\Windows\System\RxxTUqm.exe
  C:\Windows\System\RxxTUqm.exe
  2⤵
  PID:5724
- C:\Windows\System\levdMWf.exe
  C:\Windows\System\levdMWf.exe
  2⤵
  PID:5744
- C:\Windows\System\OswazsY.exe
  C:\Windows\System\OswazsY.exe
  2⤵
  PID:5764
- C:\Windows\System\RlLkueI.exe
  C:\Windows\System\RlLkueI.exe
  2⤵
  PID:5788
- C:\Windows\System\OJKNalK.exe
  C:\Windows\System\OJKNalK.exe
  2⤵
  PID:5804
- C:\Windows\System\EqgWAaP.exe
  C:\Windows\System\EqgWAaP.exe
  2⤵
  PID:5824
- C:\Windows\System\iXHApMR.exe
  C:\Windows\System\iXHApMR.exe
  2⤵
  PID:5840
- C:\Windows\System\QOsYKtH.exe
  C:\Windows\System\QOsYKtH.exe
  2⤵
  PID:5860
- C:\Windows\System\NphYHCj.exe
  C:\Windows\System\NphYHCj.exe
  2⤵
  PID:5892
- C:\Windows\System\DPvFVEw.exe
  C:\Windows\System\DPvFVEw.exe
  2⤵
  PID:5912
- C:\Windows\System\sRAIvXb.exe
  C:\Windows\System\sRAIvXb.exe
  2⤵
  PID:5928
- C:\Windows\System\FmqVudR.exe
  C:\Windows\System\FmqVudR.exe
  2⤵
  PID:5944
- C:\Windows\System\pFMgafl.exe
  C:\Windows\System\pFMgafl.exe
  2⤵
  PID:5972
- C:\Windows\System\nzjepBC.exe
  C:\Windows\System\nzjepBC.exe
  2⤵
  PID:5992
- C:\Windows\System\XCigvxk.exe
  C:\Windows\System\XCigvxk.exe
  2⤵
  PID:6008
- C:\Windows\System\mRVKnQI.exe
  C:\Windows\System\mRVKnQI.exe
  2⤵
  PID:6024
- C:\Windows\System\AtWFSYq.exe
  C:\Windows\System\AtWFSYq.exe
  2⤵
  PID:6044
- C:\Windows\System\DbgtdsK.exe
  C:\Windows\System\DbgtdsK.exe
  2⤵
  PID:6068
- C:\Windows\System\JRJrkWH.exe
  C:\Windows\System\JRJrkWH.exe
  2⤵
  PID:6088
- C:\Windows\System\lUNoRzq.exe
  C:\Windows\System\lUNoRzq.exe
  2⤵
  PID:6108
- C:\Windows\System\iGtdmNr.exe
  C:\Windows\System\iGtdmNr.exe
  2⤵
  PID:6132
- C:\Windows\System\LaUrLzC.exe
  C:\Windows\System\LaUrLzC.exe
  2⤵
  PID:3944
- C:\Windows\System\jYKcxIn.exe
  C:\Windows\System\jYKcxIn.exe
  2⤵
  PID:5156
- C:\Windows\System\ZsoSrjM.exe
  C:\Windows\System\ZsoSrjM.exe
  2⤵
  PID:5212
- C:\Windows\System\JIeJuho.exe
  C:\Windows\System\JIeJuho.exe
  2⤵
  PID:5224
- C:\Windows\System\piJHgtQ.exe
  C:\Windows\System\piJHgtQ.exe
  2⤵
  PID:5260
- C:\Windows\System\BpdckcS.exe
  C:\Windows\System\BpdckcS.exe
  2⤵
  PID:5336
- C:\Windows\System\xAimatk.exe
  C:\Windows\System\xAimatk.exe
  2⤵
  PID:5332
- C:\Windows\System\tGfiBbt.exe
  C:\Windows\System\tGfiBbt.exe
  2⤵
  PID:5376
- C:\Windows\System\mPVjYLz.exe
  C:\Windows\System\mPVjYLz.exe
  2⤵
  PID:5412
- C:\Windows\System\mIveUvU.exe
  C:\Windows\System\mIveUvU.exe
  2⤵
  PID:5424
- C:\Windows\System\BotFFwW.exe
  C:\Windows\System\BotFFwW.exe
  2⤵
  PID:5484
- C:\Windows\System\JWBHvnS.exe
  C:\Windows\System\JWBHvnS.exe
  2⤵
  PID:5512
- C:\Windows\System\kiuOcGN.exe
  C:\Windows\System\kiuOcGN.exe
  2⤵
  PID:5520
- C:\Windows\System\UnKeISu.exe
  C:\Windows\System\UnKeISu.exe
  2⤵
  PID:5572
- C:\Windows\System\fbxqoYt.exe
  C:\Windows\System\fbxqoYt.exe
  2⤵
  PID:5552
- C:\Windows\System\fgwbolI.exe
  C:\Windows\System\fgwbolI.exe
  2⤵
  PID:5624
- C:\Windows\System\QXqEqJB.exe
  C:\Windows\System\QXqEqJB.exe
  2⤵
  PID:5696
- C:\Windows\System\idcuDHu.exe
  C:\Windows\System\idcuDHu.exe
  2⤵
  PID:5732
- C:\Windows\System\ERlaubo.exe
  C:\Windows\System\ERlaubo.exe
  2⤵
  PID:5716
- C:\Windows\System\sMQOgxv.exe
  C:\Windows\System\sMQOgxv.exe
  2⤵
  PID:5760
- C:\Windows\System\zCKLJCH.exe
  C:\Windows\System\zCKLJCH.exe
  2⤵
  PID:5812
- C:\Windows\System\QMruedg.exe
  C:\Windows\System\QMruedg.exe
  2⤵
  PID:5852
- C:\Windows\System\qMplsfr.exe
  C:\Windows\System\qMplsfr.exe
  2⤵
  PID:5832
- C:\Windows\System\rgnESvO.exe
  C:\Windows\System\rgnESvO.exe
  2⤵
  PID:5880
- C:\Windows\System\tsUiDfi.exe
  C:\Windows\System\tsUiDfi.exe
  2⤵
  PID:5924
- C:\Windows\System\alENbYS.exe
  C:\Windows\System\alENbYS.exe
  2⤵
  PID:5952
- C:\Windows\System\JSgcHBS.exe
  C:\Windows\System\JSgcHBS.exe
  2⤵
  PID:5984
- C:\Windows\System\oUMsCdx.exe
  C:\Windows\System\oUMsCdx.exe
  2⤵
  PID:6020
- C:\Windows\System\HbtAxgu.exe
  C:\Windows\System\HbtAxgu.exe
  2⤵
  PID:6040
- C:\Windows\System\oklktUv.exe
  C:\Windows\System\oklktUv.exe
  2⤵
  PID:6084
- C:\Windows\System\LkFUcAF.exe
  C:\Windows\System\LkFUcAF.exe
  2⤵
  PID:6124
- C:\Windows\System\Ampezvr.exe
  C:\Windows\System\Ampezvr.exe
  2⤵
  PID:5160
- C:\Windows\System\ULzlEYU.exe
  C:\Windows\System\ULzlEYU.exe
  2⤵
  PID:5200
- C:\Windows\System\dGRQPke.exe
  C:\Windows\System\dGRQPke.exe
  2⤵
  PID:5240
- C:\Windows\System\fgPDseV.exe
  C:\Windows\System\fgPDseV.exe
  2⤵
  PID:5372
- C:\Windows\System\ZowsJmG.exe
  C:\Windows\System\ZowsJmG.exe
  2⤵
  PID:5352
- C:\Windows\System\cyvWjym.exe
  C:\Windows\System\cyvWjym.exe
  2⤵
  PID:5496
- C:\Windows\System\JxmsXsV.exe
  C:\Windows\System\JxmsXsV.exe
  2⤵
  PID:5516
- C:\Windows\System\RaLNCTX.exe
  C:\Windows\System\RaLNCTX.exe
  2⤵
  PID:5600
- C:\Windows\System\anvhbKu.exe
  C:\Windows\System\anvhbKu.exe
  2⤵
  PID:5596
- C:\Windows\System\XcIIkbV.exe
  C:\Windows\System\XcIIkbV.exe
  2⤵
  PID:5660
- C:\Windows\System\BrfHfOB.exe
  C:\Windows\System\BrfHfOB.exe
  2⤵
  PID:5736
- C:\Windows\System\IBdekxR.exe
  C:\Windows\System\IBdekxR.exe
  2⤵
  PID:5672
- C:\Windows\System\pnGAKNU.exe
  C:\Windows\System\pnGAKNU.exe
  2⤵
  PID:5776
- C:\Windows\System\GaWbNAI.exe
  C:\Windows\System\GaWbNAI.exe
  2⤵
  PID:5876
- C:\Windows\System\kIgAIAM.exe
  C:\Windows\System\kIgAIAM.exe
  2⤵
  PID:4492
- C:\Windows\System\UXuWDPZ.exe
  C:\Windows\System\UXuWDPZ.exe
  2⤵
  PID:5920
- C:\Windows\System\HTXoCGz.exe
  C:\Windows\System\HTXoCGz.exe
  2⤵
  PID:5132
- C:\Windows\System\LxifvhE.exe
  C:\Windows\System\LxifvhE.exe
  2⤵
  PID:6076
- C:\Windows\System\CtwNSXG.exe
  C:\Windows\System\CtwNSXG.exe
  2⤵
  PID:5176
- C:\Windows\System\TIeZqSr.exe
  C:\Windows\System\TIeZqSr.exe
  2⤵
  PID:5244
- C:\Windows\System\FJtfGVx.exe
  C:\Windows\System\FJtfGVx.exe
  2⤵
  PID:5312
- C:\Windows\System\dkOLGnJ.exe
  C:\Windows\System\dkOLGnJ.exe
  2⤵
  PID:5356
- C:\Windows\System\QkINDfQ.exe
  C:\Windows\System\QkINDfQ.exe
  2⤵
  PID:5420
- C:\Windows\System\QFJeEZz.exe
  C:\Windows\System\QFJeEZz.exe
  2⤵
  PID:5656
- C:\Windows\System\ufLTgBk.exe
  C:\Windows\System\ufLTgBk.exe
  2⤵
  PID:5644
- C:\Windows\System\PiKRGxU.exe
  C:\Windows\System\PiKRGxU.exe
  2⤵
  PID:5800
- C:\Windows\System\QmqYUTB.exe
  C:\Windows\System\QmqYUTB.exe
  2⤵
  PID:5868
- C:\Windows\System\vKnqLOi.exe
  C:\Windows\System\vKnqLOi.exe
  2⤵
  PID:5940
- C:\Windows\System\hRlBpPq.exe
  C:\Windows\System\hRlBpPq.exe
  2⤵
  PID:6056
- C:\Windows\System\BMCQTlW.exe
  C:\Windows\System\BMCQTlW.exe
  2⤵
  PID:1356
- C:\Windows\System\sKLiewG.exe
  C:\Windows\System\sKLiewG.exe
  2⤵
  PID:1916
- C:\Windows\System\sMyovdR.exe
  C:\Windows\System\sMyovdR.exe
  2⤵
  PID:5144
- C:\Windows\System\rPPHvEW.exe
  C:\Windows\System\rPPHvEW.exe
  2⤵
  PID:5276
- C:\Windows\System\fnoWTWx.exe
  C:\Windows\System\fnoWTWx.exe
  2⤵
  PID:5408
- C:\Windows\System\GPspROW.exe
  C:\Windows\System\GPspROW.exe
  2⤵
  PID:5508
- C:\Windows\System\jJaactG.exe
  C:\Windows\System\jJaactG.exe
  2⤵
  PID:5848
- C:\Windows\System\nQanbWJ.exe
  C:\Windows\System\nQanbWJ.exe
  2⤵
  PID:5772
- C:\Windows\System\VUEzuYR.exe
  C:\Windows\System\VUEzuYR.exe
  2⤵
  PID:6004
- C:\Windows\System\BfKYdlZ.exe
  C:\Windows\System\BfKYdlZ.exe
  2⤵
  PID:6140
- C:\Windows\System\sAfAhQD.exe
  C:\Windows\System\sAfAhQD.exe
  2⤵
  PID:840
- C:\Windows\System\GJtmEkA.exe
  C:\Windows\System\GJtmEkA.exe
  2⤵
  PID:5388
- C:\Windows\System\fonRPhk.exe
  C:\Windows\System\fonRPhk.exe
  2⤵
  PID:5784
- C:\Windows\System\SAXXAbl.exe
  C:\Windows\System\SAXXAbl.exe
  2⤵
  PID:5872
- C:\Windows\System\oDvTlBT.exe
  C:\Windows\System\oDvTlBT.exe
  2⤵
  PID:5616
- C:\Windows\System\JCwLdtD.exe
  C:\Windows\System\JCwLdtD.exe
  2⤵
  PID:6104
- C:\Windows\System\BKkryMd.exe
  C:\Windows\System\BKkryMd.exe
  2⤵
  PID:5884
- C:\Windows\System\umloyRe.exe
  C:\Windows\System\umloyRe.exe
  2⤵
  PID:5328
- C:\Windows\System\ijOCZMY.exe
  C:\Windows\System\ijOCZMY.exe
  2⤵
  PID:2172
- C:\Windows\System\OPOLTwb.exe
  C:\Windows\System\OPOLTwb.exe
  2⤵
  PID:2544
- C:\Windows\System\yTOvtTl.exe
  C:\Windows\System\yTOvtTl.exe
  2⤵
  PID:6168
- C:\Windows\System\ajJLqLk.exe
  C:\Windows\System\ajJLqLk.exe
  2⤵
  PID:6184
- C:\Windows\System\rrmsMwd.exe
  C:\Windows\System\rrmsMwd.exe
  2⤵
  PID:6200
- C:\Windows\System\qhNdCFa.exe
  C:\Windows\System\qhNdCFa.exe
  2⤵
  PID:6220
- C:\Windows\System\MrGjcjR.exe
  C:\Windows\System\MrGjcjR.exe
  2⤵
  PID:6244
- C:\Windows\System\dvbxCrn.exe
  C:\Windows\System\dvbxCrn.exe
  2⤵
  PID:6260
- C:\Windows\System\uoMChsl.exe
  C:\Windows\System\uoMChsl.exe
  2⤵
  PID:6284
- C:\Windows\System\gmJaidN.exe
  C:\Windows\System\gmJaidN.exe
  2⤵
  PID:6304
- C:\Windows\System\FGyhGos.exe
  C:\Windows\System\FGyhGos.exe
  2⤵
  PID:6324
- C:\Windows\System\LfZoslF.exe
  C:\Windows\System\LfZoslF.exe
  2⤵
  PID:6340
- C:\Windows\System\QEviTkq.exe
  C:\Windows\System\QEviTkq.exe
  2⤵
  PID:6360
- C:\Windows\System\wSxaKrg.exe
  C:\Windows\System\wSxaKrg.exe
  2⤵
  PID:6388
- C:\Windows\System\ZfSysJB.exe
  C:\Windows\System\ZfSysJB.exe
  2⤵
  PID:6408
- C:\Windows\System\jLOnsCH.exe
  C:\Windows\System\jLOnsCH.exe
  2⤵
  PID:6424
- C:\Windows\System\qmECORn.exe
  C:\Windows\System\qmECORn.exe
  2⤵
  PID:6448
- C:\Windows\System\bVINfIH.exe
  C:\Windows\System\bVINfIH.exe
  2⤵
  PID:6464
- C:\Windows\System\fVJHweS.exe
  C:\Windows\System\fVJHweS.exe
  2⤵
  PID:6488
- C:\Windows\System\iNPzmTi.exe
  C:\Windows\System\iNPzmTi.exe
  2⤵
  PID:6504
- C:\Windows\System\WQgzKlL.exe
  C:\Windows\System\WQgzKlL.exe
  2⤵
  PID:6528
- C:\Windows\System\QowGkoY.exe
  C:\Windows\System\QowGkoY.exe
  2⤵
  PID:6544
- C:\Windows\System\WhGXlHR.exe
  C:\Windows\System\WhGXlHR.exe
  2⤵
  PID:6568
- C:\Windows\System\HgwuDTG.exe
  C:\Windows\System\HgwuDTG.exe
  2⤵
  PID:6584
- C:\Windows\System\pvvQzYD.exe
  C:\Windows\System\pvvQzYD.exe
  2⤵
  PID:6608
- C:\Windows\System\VtbsoLJ.exe
  C:\Windows\System\VtbsoLJ.exe
  2⤵
  PID:6624
- C:\Windows\System\lRRjVRb.exe
  C:\Windows\System\lRRjVRb.exe
  2⤵
  PID:6640
- C:\Windows\System\BIZygSk.exe
  C:\Windows\System\BIZygSk.exe
  2⤵
  PID:6668
- C:\Windows\System\ZlrNPQw.exe
  C:\Windows\System\ZlrNPQw.exe
  2⤵
  PID:6688
- C:\Windows\System\BZLrlmX.exe
  C:\Windows\System\BZLrlmX.exe
  2⤵
  PID:6708
- C:\Windows\System\QVDgcaE.exe
  C:\Windows\System\QVDgcaE.exe
  2⤵
  PID:6732
- C:\Windows\System\eZhVfHc.exe
  C:\Windows\System\eZhVfHc.exe
  2⤵
  PID:6752
- C:\Windows\System\GNBtcXf.exe
  C:\Windows\System\GNBtcXf.exe
  2⤵
  PID:6772
- C:\Windows\System\RrVtcGn.exe
  C:\Windows\System\RrVtcGn.exe
  2⤵
  PID:6792
- C:\Windows\System\NTktjGq.exe
  C:\Windows\System\NTktjGq.exe
  2⤵
  PID:6816
- C:\Windows\System\ELdTbYh.exe
  C:\Windows\System\ELdTbYh.exe
  2⤵
  PID:6852
- C:\Windows\System\jtOSeoE.exe
  C:\Windows\System\jtOSeoE.exe
  2⤵
  PID:6868
- C:\Windows\System\XyuyuWU.exe
  C:\Windows\System\XyuyuWU.exe
  2⤵
  PID:6884
- C:\Windows\System\kzbHEyt.exe
  C:\Windows\System\kzbHEyt.exe
  2⤵
  PID:6904
- C:\Windows\System\wIRxCWd.exe
  C:\Windows\System\wIRxCWd.exe
  2⤵
  PID:6920
- C:\Windows\System\pIBlTDm.exe
  C:\Windows\System\pIBlTDm.exe
  2⤵
  PID:6940
- C:\Windows\System\vwEZocL.exe
  C:\Windows\System\vwEZocL.exe
  2⤵
  PID:6972
- C:\Windows\System\sQFUwXn.exe
  C:\Windows\System\sQFUwXn.exe
  2⤵
  PID:6992
- C:\Windows\System\JBeSNPv.exe
  C:\Windows\System\JBeSNPv.exe
  2⤵
  PID:7008
- C:\Windows\System\IxrJvnH.exe
  C:\Windows\System\IxrJvnH.exe
  2⤵
  PID:7032
- C:\Windows\System\JZcmhlY.exe
  C:\Windows\System\JZcmhlY.exe
  2⤵
  PID:7052
- C:\Windows\System\PolZsVx.exe
  C:\Windows\System\PolZsVx.exe
  2⤵
  PID:7068
- C:\Windows\System\PwjfLvt.exe
  C:\Windows\System\PwjfLvt.exe
  2⤵
  PID:7084
- C:\Windows\System\LsbNpVy.exe
  C:\Windows\System\LsbNpVy.exe
  2⤵
  PID:7104
- C:\Windows\System\UPvcmrw.exe
  C:\Windows\System\UPvcmrw.exe
  2⤵
  PID:7124
- C:\Windows\System\VTgrksC.exe
  C:\Windows\System\VTgrksC.exe
  2⤵
  PID:7144
- C:\Windows\System\AuGlzzq.exe
  C:\Windows\System\AuGlzzq.exe
  2⤵
  PID:7164
- C:\Windows\System\iQuyrYP.exe
  C:\Windows\System\iQuyrYP.exe
  2⤵
  PID:5220
- C:\Windows\System\nQJGRQs.exe
  C:\Windows\System\nQJGRQs.exe
  2⤵
  PID:6036
- C:\Windows\System\SFgtgzl.exe
  C:\Windows\System\SFgtgzl.exe
  2⤵
  PID:6228
- C:\Windows\System\RDpIVag.exe
  C:\Windows\System\RDpIVag.exe
  2⤵
  PID:6208
- C:\Windows\System\VpjYsGX.exe
  C:\Windows\System\VpjYsGX.exe
  2⤵
  PID:6268
- C:\Windows\System\FmQMDSt.exe
  C:\Windows\System\FmQMDSt.exe
  2⤵
  PID:6292
- C:\Windows\System\OGgdfIS.exe
  C:\Windows\System\OGgdfIS.exe
  2⤵
  PID:6332
- C:\Windows\System\ZQShtWf.exe
  C:\Windows\System\ZQShtWf.exe
  2⤵
  PID:6372
- C:\Windows\System\grqgjjE.exe
  C:\Windows\System\grqgjjE.exe
  2⤵
  PID:6404
- C:\Windows\System\gKrQoRp.exe
  C:\Windows\System\gKrQoRp.exe
  2⤵
  PID:6432
- C:\Windows\System\TUfInNp.exe
  C:\Windows\System\TUfInNp.exe
  2⤵
  PID:6472
- C:\Windows\System\YvRJiNq.exe
  C:\Windows\System\YvRJiNq.exe
  2⤵
  PID:6500
- C:\Windows\System\PvbbaTu.exe
  C:\Windows\System\PvbbaTu.exe
  2⤵
  PID:6524
- C:\Windows\System\ikZyJih.exe
  C:\Windows\System\ikZyJih.exe
  2⤵
  PID:6560
- C:\Windows\System\rEWUpry.exe
  C:\Windows\System\rEWUpry.exe
  2⤵
  PID:6592
- C:\Windows\System\CpahBiE.exe
  C:\Windows\System\CpahBiE.exe
  2⤵
  PID:6636
- C:\Windows\System\bzEogGp.exe
  C:\Windows\System\bzEogGp.exe
  2⤵
  PID:6664
- C:\Windows\System\WhBZInu.exe
  C:\Windows\System\WhBZInu.exe
  2⤵
  PID:6716
- C:\Windows\System\FLTVaQw.exe
  C:\Windows\System\FLTVaQw.exe
  2⤵
  PID:6700
- C:\Windows\System\QBiqUMu.exe
  C:\Windows\System\QBiqUMu.exe
  2⤵
  PID:6748
- C:\Windows\System\hLbxnzp.exe
  C:\Windows\System\hLbxnzp.exe
  2⤵
  PID:1216
- C:\Windows\System\OhVEoMM.exe
  C:\Windows\System\OhVEoMM.exe
  2⤵
  PID:6808
- C:\Windows\System\cMpCTbB.exe
  C:\Windows\System\cMpCTbB.exe
  2⤵
  PID:1952
- C:\Windows\System\yRftuYi.exe
  C:\Windows\System\yRftuYi.exe
  2⤵
  PID:6832
- C:\Windows\System\khIDCQh.exe
  C:\Windows\System\khIDCQh.exe
  2⤵
  PID:6892
- C:\Windows\System\UEdRqEU.exe
  C:\Windows\System\UEdRqEU.exe
  2⤵
  PID:6916
- C:\Windows\System\gWoPzGs.exe
  C:\Windows\System\gWoPzGs.exe
  2⤵
  PID:6936
- C:\Windows\System\TIMEiRe.exe
  C:\Windows\System\TIMEiRe.exe
  2⤵
  PID:6980
- C:\Windows\System\UQjGJEj.exe
  C:\Windows\System\UQjGJEj.exe
  2⤵
  PID:7004
- C:\Windows\System\jOwIqgL.exe
  C:\Windows\System\jOwIqgL.exe
  2⤵
  PID:7044
- C:\Windows\System\BYKWJPO.exe
  C:\Windows\System\BYKWJPO.exe
  2⤵
  PID:7100
- C:\Windows\System\hQxbSxH.exe
  C:\Windows\System\hQxbSxH.exe
  2⤵
  PID:7080
- C:\Windows\System\dqTOuPI.exe
  C:\Windows\System\dqTOuPI.exe
  2⤵
  PID:6176
- C:\Windows\System\xMnmdLc.exe
  C:\Windows\System\xMnmdLc.exe
  2⤵
  PID:6196
- C:\Windows\System\KfzLqYT.exe
  C:\Windows\System\KfzLqYT.exe
  2⤵
  PID:6312
- C:\Windows\System\GBUsOGa.exe
  C:\Windows\System\GBUsOGa.exe
  2⤵
  PID:6320
- C:\Windows\System\HznwEvw.exe
  C:\Windows\System\HznwEvw.exe
  2⤵
  PID:6256
- C:\Windows\System\HJlywxO.exe
  C:\Windows\System\HJlywxO.exe
  2⤵
  PID:6356
- C:\Windows\System\mCffASy.exe
  C:\Windows\System\mCffASy.exe
  2⤵
  PID:6444
- C:\Windows\System\vCunMwS.exe
  C:\Windows\System\vCunMwS.exe
  2⤵
  PID:6496
- C:\Windows\System\DCQIYov.exe
  C:\Windows\System\DCQIYov.exe
  2⤵
  PID:6480
- C:\Windows\System\PzDHwBc.exe
  C:\Windows\System\PzDHwBc.exe
  2⤵
  PID:6656
- C:\Windows\System\GCBbSzE.exe
  C:\Windows\System\GCBbSzE.exe
  2⤵
  PID:6552
- C:\Windows\System\RZAOUPE.exe
  C:\Windows\System\RZAOUPE.exe
  2⤵
  PID:6728
- C:\Windows\System\SIYhCxA.exe
  C:\Windows\System\SIYhCxA.exe
  2⤵
  PID:6764
- C:\Windows\System\jVpBFLP.exe
  C:\Windows\System\jVpBFLP.exe
  2⤵
  PID:6860
- C:\Windows\System\Zqhsbxq.exe
  C:\Windows\System\Zqhsbxq.exe
  2⤵
  PID:6932
- C:\Windows\System\FtBqlHO.exe
  C:\Windows\System\FtBqlHO.exe
  2⤵
  PID:928
- C:\Windows\System\LsXCQWs.exe
  C:\Windows\System\LsXCQWs.exe
  2⤵
  PID:6844
- C:\Windows\System\gnSLHxt.exe
  C:\Windows\System\gnSLHxt.exe
  2⤵
  PID:6740
- C:\Windows\System\PcqfSZx.exe
  C:\Windows\System\PcqfSZx.exe
  2⤵
  PID:6956
- C:\Windows\System\BaAgUdW.exe
  C:\Windows\System\BaAgUdW.exe
  2⤵
  PID:6652
- C:\Windows\System\FcvsDYS.exe
  C:\Windows\System\FcvsDYS.exe
  2⤵
  PID:5556
- C:\Windows\System\JyXyMOG.exe
  C:\Windows\System\JyXyMOG.exe
  2⤵
  PID:7120
- C:\Windows\System\duLxWQk.exe
  C:\Windows\System\duLxWQk.exe
  2⤵
  PID:7132
- C:\Windows\System\IJZBTlu.exe
  C:\Windows\System\IJZBTlu.exe
  2⤵
  PID:6420
- C:\Windows\System\WihEdZQ.exe
  C:\Windows\System\WihEdZQ.exe
  2⤵
  PID:6596
- C:\Windows\System\UhWkVsI.exe
  C:\Windows\System\UhWkVsI.exe
  2⤵
  PID:6604
- C:\Windows\System\PBmuomU.exe
  C:\Windows\System\PBmuomU.exe
  2⤵
  PID:6880
- C:\Windows\System\vQMRilY.exe
  C:\Windows\System\vQMRilY.exe
  2⤵
  PID:7020
- C:\Windows\System\UdrrAHd.exe
  C:\Windows\System\UdrrAHd.exe
  2⤵
  PID:6984
- C:\Windows\System\zJosQFK.exe
  C:\Windows\System\zJosQFK.exe
  2⤵
  PID:6964
- C:\Windows\System\GYzwFIB.exe
  C:\Windows\System\GYzwFIB.exe
  2⤵
  PID:6912
- C:\Windows\System\ZlDFIuw.exe
  C:\Windows\System\ZlDFIuw.exe
  2⤵
  PID:6300
- C:\Windows\System\CdgUIzA.exe
  C:\Windows\System\CdgUIzA.exe
  2⤵
  PID:7152
- C:\Windows\System\qgUyAlc.exe
  C:\Windows\System\qgUyAlc.exe
  2⤵
  PID:6396
- C:\Windows\System\oXWfYaF.exe
  C:\Windows\System\oXWfYaF.exe
  2⤵
  PID:7160
- C:\Windows\System\qNeWLfG.exe
  C:\Windows\System\qNeWLfG.exe
  2⤵
  PID:6616
- C:\Windows\System\pVKwUCJ.exe
  C:\Windows\System\pVKwUCJ.exe
  2⤵
  PID:7000
- C:\Windows\System\oZtiknv.exe
  C:\Windows\System\oZtiknv.exe
  2⤵
  PID:976
- C:\Windows\System\IvRFvyj.exe
  C:\Windows\System\IvRFvyj.exe
  2⤵
  PID:6252
- C:\Windows\System\bfNAmfb.exe
  C:\Windows\System\bfNAmfb.exe
  2⤵
  PID:6368
- C:\Windows\System\smrorwF.exe
  C:\Windows\System\smrorwF.exe
  2⤵
  PID:6116
- C:\Windows\System\SyNaQwp.exe
  C:\Windows\System\SyNaQwp.exe
  2⤵
  PID:6620
- C:\Windows\System\ZMhjqXt.exe
  C:\Windows\System\ZMhjqXt.exe
  2⤵
  PID:7096
- C:\Windows\System\AyqoRUa.exe
  C:\Windows\System\AyqoRUa.exe
  2⤵
  PID:6804
- C:\Windows\System\bvDFgER.exe
  C:\Windows\System\bvDFgER.exe
  2⤵
  PID:6720
- C:\Windows\System\fYSsRFf.exe
  C:\Windows\System\fYSsRFf.exe
  2⤵
  PID:6192
- C:\Windows\System\XpFhNCp.exe
  C:\Windows\System\XpFhNCp.exe
  2⤵
  PID:7180
- C:\Windows\System\ADiZJWS.exe
  C:\Windows\System\ADiZJWS.exe
  2⤵
  PID:7196
- C:\Windows\System\oUorgol.exe
  C:\Windows\System\oUorgol.exe
  2⤵
  PID:7212
- C:\Windows\System\wSMjHYv.exe
  C:\Windows\System\wSMjHYv.exe
  2⤵
  PID:7228
- C:\Windows\System\HdbbjVO.exe
  C:\Windows\System\HdbbjVO.exe
  2⤵
  PID:7244
- C:\Windows\System\bEmuhZg.exe
  C:\Windows\System\bEmuhZg.exe
  2⤵
  PID:7260
- C:\Windows\System\SjuRhtS.exe
  C:\Windows\System\SjuRhtS.exe
  2⤵
  PID:7292
- C:\Windows\System\APCIYry.exe
  C:\Windows\System\APCIYry.exe
  2⤵
  PID:7324
- C:\Windows\System\CfzXTQu.exe
  C:\Windows\System\CfzXTQu.exe
  2⤵
  PID:7344
- C:\Windows\System\ZqIiNSs.exe
  C:\Windows\System\ZqIiNSs.exe
  2⤵
  PID:7368
- C:\Windows\System\obGfjDb.exe
  C:\Windows\System\obGfjDb.exe
  2⤵
  PID:7388
- C:\Windows\System\uORWqLX.exe
  C:\Windows\System\uORWqLX.exe
  2⤵
  PID:7408
- C:\Windows\System\IWUDfnb.exe
  C:\Windows\System\IWUDfnb.exe
  2⤵
  PID:7428
- C:\Windows\System\rcMpDEE.exe
  C:\Windows\System\rcMpDEE.exe
  2⤵
  PID:7444
- C:\Windows\System\kHJeAiJ.exe
  C:\Windows\System\kHJeAiJ.exe
  2⤵
  PID:7464
- C:\Windows\System\nAeiHNn.exe
  C:\Windows\System\nAeiHNn.exe
  2⤵
  PID:7484
- C:\Windows\System\ZHvuTer.exe
  C:\Windows\System\ZHvuTer.exe
  2⤵
  PID:7500
- C:\Windows\System\rDaDilO.exe
  C:\Windows\System\rDaDilO.exe
  2⤵
  PID:7524
- C:\Windows\System\VWMcpyl.exe
  C:\Windows\System\VWMcpyl.exe
  2⤵
  PID:7556
- C:\Windows\System\VwxSmtZ.exe
  C:\Windows\System\VwxSmtZ.exe
  2⤵
  PID:7572
- C:\Windows\System\qiKuWFN.exe
  C:\Windows\System\qiKuWFN.exe
  2⤵
  PID:7588
- C:\Windows\System\REtEYuj.exe
  C:\Windows\System\REtEYuj.exe
  2⤵
  PID:7608
- C:\Windows\System\wYapfkD.exe
  C:\Windows\System\wYapfkD.exe
  2⤵
  PID:7632
- C:\Windows\System\rLtkOmc.exe
  C:\Windows\System\rLtkOmc.exe
  2⤵
  PID:7648
- C:\Windows\System\xMcrLVc.exe
  C:\Windows\System\xMcrLVc.exe
  2⤵
  PID:7672
- C:\Windows\System\QcTMWXp.exe
  C:\Windows\System\QcTMWXp.exe
  2⤵
  PID:7688
- C:\Windows\System\CWtacDy.exe
  C:\Windows\System\CWtacDy.exe
  2⤵
  PID:7704
- C:\Windows\System\gKDoIST.exe
  C:\Windows\System\gKDoIST.exe
  2⤵
  PID:7736
- C:\Windows\System\NxqKPlg.exe
  C:\Windows\System\NxqKPlg.exe
  2⤵
  PID:7752
- C:\Windows\System\ALgpxuQ.exe
  C:\Windows\System\ALgpxuQ.exe
  2⤵
  PID:7768
- C:\Windows\System\dCOiVxa.exe
  C:\Windows\System\dCOiVxa.exe
  2⤵
  PID:7784
- C:\Windows\System\mNvJJkr.exe
  C:\Windows\System\mNvJJkr.exe
  2⤵
  PID:7808
- C:\Windows\System\sReEfSo.exe
  C:\Windows\System\sReEfSo.exe
  2⤵
  PID:7824
- C:\Windows\System\IfBCfZw.exe
  C:\Windows\System\IfBCfZw.exe
  2⤵
  PID:7856
- C:\Windows\System\otuhwwE.exe
  C:\Windows\System\otuhwwE.exe
  2⤵
  PID:7876
- C:\Windows\System\kMZFgmM.exe
  C:\Windows\System\kMZFgmM.exe
  2⤵
  PID:7892
- C:\Windows\System\nvaLOsV.exe
  C:\Windows\System\nvaLOsV.exe
  2⤵
  PID:7916
- C:\Windows\System\evpSswG.exe
  C:\Windows\System\evpSswG.exe
  2⤵
  PID:7932
- C:\Windows\System\QoGwDCJ.exe
  C:\Windows\System\QoGwDCJ.exe
  2⤵
  PID:7952
- C:\Windows\System\cjTCdVg.exe
  C:\Windows\System\cjTCdVg.exe
  2⤵
  PID:7968
- C:\Windows\System\MVUwhqf.exe
  C:\Windows\System\MVUwhqf.exe
  2⤵
  PID:7996
- C:\Windows\System\RFcdqSA.exe
  C:\Windows\System\RFcdqSA.exe
  2⤵
  PID:8016
- C:\Windows\System\JysZhjY.exe
  C:\Windows\System\JysZhjY.exe
  2⤵
  PID:8040
- C:\Windows\System\KeIfmqp.exe
  C:\Windows\System\KeIfmqp.exe
  2⤵
  PID:8056
- C:\Windows\System\jFVaePW.exe
  C:\Windows\System\jFVaePW.exe
  2⤵
  PID:8080
- C:\Windows\System\YXjZMsW.exe
  C:\Windows\System\YXjZMsW.exe
  2⤵
  PID:8096
- C:\Windows\System\QdbPcol.exe
  C:\Windows\System\QdbPcol.exe
  2⤵
  PID:8116
- C:\Windows\System\FcXEwsn.exe
  C:\Windows\System\FcXEwsn.exe
  2⤵
  PID:8136
- C:\Windows\System\xJiHXhN.exe
  C:\Windows\System\xJiHXhN.exe
  2⤵
  PID:8156
- C:\Windows\System\IQMOPrE.exe
  C:\Windows\System\IQMOPrE.exe
  2⤵
  PID:8176
- C:\Windows\System\qxbioqp.exe
  C:\Windows\System\qxbioqp.exe
  2⤵
  PID:7040
- C:\Windows\System\rgrnbgy.exe
  C:\Windows\System\rgrnbgy.exe
  2⤵
  PID:6240
- C:\Windows\System\SoegrWJ.exe
  C:\Windows\System\SoegrWJ.exe
  2⤵
  PID:7208
- C:\Windows\System\zNskAJU.exe
  C:\Windows\System\zNskAJU.exe
  2⤵
  PID:7188
- C:\Windows\System\fKWigIp.exe
  C:\Windows\System\fKWigIp.exe
  2⤵
  PID:7284
- C:\Windows\System\kiUDrxw.exe
  C:\Windows\System\kiUDrxw.exe
  2⤵
  PID:7332
- C:\Windows\System\BBCKNWt.exe
  C:\Windows\System\BBCKNWt.exe
  2⤵
  PID:7316
- C:\Windows\System\fXwcAGZ.exe
  C:\Windows\System\fXwcAGZ.exe
  2⤵
  PID:7352
- C:\Windows\System\RTeEHOp.exe
  C:\Windows\System\RTeEHOp.exe
  2⤵
  PID:7380
- C:\Windows\System\OGOmsgi.exe
  C:\Windows\System\OGOmsgi.exe
  2⤵
  PID:7404
- C:\Windows\System\kCUqMtp.exe
  C:\Windows\System\kCUqMtp.exe
  2⤵
  PID:6632
- C:\Windows\System\fDdPLkh.exe
  C:\Windows\System\fDdPLkh.exe
  2⤵
  PID:7532
- C:\Windows\System\xArRDHm.exe
  C:\Windows\System\xArRDHm.exe
  2⤵
  PID:7512
- C:\Windows\System\AZcFpUo.exe
  C:\Windows\System\AZcFpUo.exe
  2⤵
  PID:7548
- C:\Windows\System\FWYACOt.exe
  C:\Windows\System\FWYACOt.exe
  2⤵
  PID:7564
- C:\Windows\System\plChGwZ.exe
  C:\Windows\System\plChGwZ.exe
  2⤵
  PID:7624
- C:\Windows\System\NUOKxyQ.exe
  C:\Windows\System\NUOKxyQ.exe
  2⤵
  PID:7664
- C:\Windows\System\ZDodWab.exe
  C:\Windows\System\ZDodWab.exe
  2⤵
  PID:7700
- C:\Windows\System\lmsXbGj.exe
  C:\Windows\System\lmsXbGj.exe
  2⤵
  PID:7724
- C:\Windows\System\KqDqpDa.exe
  C:\Windows\System\KqDqpDa.exe
  2⤵
  PID:7748
- C:\Windows\System\qzYGbwl.exe
  C:\Windows\System\qzYGbwl.exe
  2⤵
  PID:7780
- C:\Windows\System\rnRULdE.exe
  C:\Windows\System\rnRULdE.exe
  2⤵
  PID:7836
- C:\Windows\System\uxwalAi.exe
  C:\Windows\System\uxwalAi.exe
  2⤵
  PID:7852
- C:\Windows\System\ZkhBAZN.exe
  C:\Windows\System\ZkhBAZN.exe
  2⤵
  PID:7864
- C:\Windows\System\tXCWLbx.exe
  C:\Windows\System\tXCWLbx.exe
  2⤵
  PID:7872
- C:\Windows\System\jkNkoXO.exe
  C:\Windows\System\jkNkoXO.exe
  2⤵
  PID:7904
- C:\Windows\System\cxxuLIN.exe
  C:\Windows\System\cxxuLIN.exe
  2⤵
  PID:7948
- C:\Windows\System\waSQamu.exe
  C:\Windows\System\waSQamu.exe
  2⤵
  PID:7988
- C:\Windows\System\jxLsARo.exe
  C:\Windows\System\jxLsARo.exe
  2⤵
  PID:8028
- C:\Windows\System\BZWLrau.exe
  C:\Windows\System\BZWLrau.exe
  2⤵
  PID:8048
- C:\Windows\System\oeAzpvG.exe
  C:\Windows\System\oeAzpvG.exe
  2⤵
  PID:8076
- C:\Windows\System\fqLFvbz.exe
  C:\Windows\System\fqLFvbz.exe
  2⤵
  PID:8088
- C:\Windows\System\dJaSGlp.exe
  C:\Windows\System\dJaSGlp.exe
  2⤵
  PID:8144
- C:\Windows\System\ksAQbxA.exe
  C:\Windows\System\ksAQbxA.exe
  2⤵
  PID:8172
- C:\Windows\System\OgihIzy.exe
  C:\Windows\System\OgihIzy.exe
  2⤵
  PID:7024
- C:\Windows\System\ZRwjEtD.exe
  C:\Windows\System\ZRwjEtD.exe
  2⤵
  PID:6828
- C:\Windows\System\sFRHZnk.exe
  C:\Windows\System\sFRHZnk.exe
  2⤵
  PID:7204
- C:\Windows\System\XjqoTkB.exe
  C:\Windows\System\XjqoTkB.exe
  2⤵
  PID:7252
- C:\Windows\System\PCAFmma.exe
  C:\Windows\System\PCAFmma.exe
  2⤵
  PID:7312
- C:\Windows\System\MuYHQNZ.exe
  C:\Windows\System\MuYHQNZ.exe
  2⤵
  PID:7436
- C:\Windows\System\FcxPTzo.exe
  C:\Windows\System\FcxPTzo.exe
  2⤵
  PID:7460
- C:\Windows\System\vgyektf.exe
  C:\Windows\System\vgyektf.exe
  2⤵
  PID:7508
- C:\Windows\System\ETfFWDv.exe
  C:\Windows\System\ETfFWDv.exe
  2⤵
  PID:7628
- C:\Windows\System\UDiIQKP.exe
  C:\Windows\System\UDiIQKP.exe
  2⤵
  PID:7540
- C:\Windows\System\LxwMEDp.exe
  C:\Windows\System\LxwMEDp.exe
  2⤵
  PID:7620
- C:\Windows\System\xwaQwlC.exe
  C:\Windows\System\xwaQwlC.exe
  2⤵
  PID:7764
- C:\Windows\System\CUzFROT.exe
  C:\Windows\System\CUzFROT.exe
  2⤵
  PID:7848
- C:\Windows\System\ydFHeUk.exe
  C:\Windows\System\ydFHeUk.exe
  2⤵
  PID:7960
- C:\Windows\System\OMDrTej.exe
  C:\Windows\System\OMDrTej.exe
  2⤵
  PID:8024
- C:\Windows\System\nBwohiM.exe
  C:\Windows\System\nBwohiM.exe
  2⤵
  PID:8092
- C:\Windows\System\YEQVVfs.exe
  C:\Windows\System\YEQVVfs.exe
  2⤵
  PID:8188
- C:\Windows\System\gCsfbwi.exe
  C:\Windows\System\gCsfbwi.exe
  2⤵
  PID:8148
- C:\Windows\System\dAsCwrB.exe
  C:\Windows\System\dAsCwrB.exe
  2⤵
  PID:6440
- C:\Windows\System\vOMmqou.exe
  C:\Windows\System\vOMmqou.exe
  2⤵
  PID:7280
- C:\Windows\System\pUSTRSH.exe
  C:\Windows\System\pUSTRSH.exe
  2⤵
  PID:7516
- C:\Windows\System\dpySNgX.exe
  C:\Windows\System\dpySNgX.exe
  2⤵
  PID:7492
- C:\Windows\System\MPNKdUg.exe
  C:\Windows\System\MPNKdUg.exe
  2⤵
  PID:7568
- C:\Windows\System\GWlILmL.exe
  C:\Windows\System\GWlILmL.exe
  2⤵
  PID:7300
- C:\Windows\System\rzZVPIc.exe
  C:\Windows\System\rzZVPIc.exe
  2⤵
  PID:7680
- C:\Windows\System\tcjIlXU.exe
  C:\Windows\System\tcjIlXU.exe
  2⤵
  PID:7472
- C:\Windows\System\CuPDsuf.exe
  C:\Windows\System\CuPDsuf.exe
  2⤵
  PID:7800
- C:\Windows\System\tagifcE.exe
  C:\Windows\System\tagifcE.exe
  2⤵
  PID:7888
- C:\Windows\System\oSdGhlq.exe
  C:\Windows\System\oSdGhlq.exe
  2⤵
  PID:7940
- C:\Windows\System\lYllaKy.exe
  C:\Windows\System\lYllaKy.exe
  2⤵
  PID:8072
- C:\Windows\System\SGErnRF.exe
  C:\Windows\System\SGErnRF.exe
  2⤵
  PID:8112
- C:\Windows\System\MYJBLxS.exe
  C:\Windows\System\MYJBLxS.exe
  2⤵
  PID:7304
- C:\Windows\System\NjLIMlU.exe
  C:\Windows\System\NjLIMlU.exe
  2⤵
  PID:7544
- C:\Windows\System\FvkdgTa.exe
  C:\Windows\System\FvkdgTa.exe
  2⤵
  PID:7476
- C:\Windows\System\wLdJmMS.exe
  C:\Windows\System\wLdJmMS.exe
  2⤵
  PID:7796
- C:\Windows\System\gqcDtvx.exe
  C:\Windows\System\gqcDtvx.exe
  2⤵
  PID:7744
- C:\Windows\System\kyKlrYQ.exe
  C:\Windows\System\kyKlrYQ.exe
  2⤵
  PID:8108
- C:\Windows\System\GzjmWnh.exe
  C:\Windows\System\GzjmWnh.exe
  2⤵
  PID:7980
- C:\Windows\System\GKKWAgZ.exe
  C:\Windows\System\GKKWAgZ.exe
  2⤵
  PID:8064
- C:\Windows\System\IXUfECe.exe
  C:\Windows\System\IXUfECe.exe
  2⤵
  PID:7480
- C:\Windows\System\YmUDYUI.exe
  C:\Windows\System\YmUDYUI.exe
  2⤵
  PID:7644
- C:\Windows\System\IimxLws.exe
  C:\Windows\System\IimxLws.exe
  2⤵
  PID:8012
- C:\Windows\System\icHeTgw.exe
  C:\Windows\System\icHeTgw.exe
  2⤵
  PID:7308
- C:\Windows\System\ZdwRWjJ.exe
  C:\Windows\System\ZdwRWjJ.exe
  2⤵
  PID:8004
- C:\Windows\System\SzDUkhD.exe
  C:\Windows\System\SzDUkhD.exe
  2⤵
  PID:7908
- C:\Windows\System\sjaLzhK.exe
  C:\Windows\System\sjaLzhK.exe
  2⤵
  PID:7584
- C:\Windows\System\TWhMyUf.exe
  C:\Windows\System\TWhMyUf.exe
  2⤵
  PID:8204
- C:\Windows\System\ddrZyGY.exe
  C:\Windows\System\ddrZyGY.exe
  2⤵
  PID:8224
- C:\Windows\System\EsCLRkc.exe
  C:\Windows\System\EsCLRkc.exe
  2⤵
  PID:8240
- C:\Windows\System\TiDdjEI.exe
  C:\Windows\System\TiDdjEI.exe
  2⤵
  PID:8256
- C:\Windows\System\NuOUrCy.exe
  C:\Windows\System\NuOUrCy.exe
  2⤵
  PID:8288
- C:\Windows\System\vppXdUy.exe
  C:\Windows\System\vppXdUy.exe
  2⤵
  PID:8304
- C:\Windows\System\ZYRmTpn.exe
  C:\Windows\System\ZYRmTpn.exe
  2⤵
  PID:8320
- C:\Windows\System\FyhsPPa.exe
  C:\Windows\System\FyhsPPa.exe
  2⤵
  PID:8336
- C:\Windows\System\Tyopyfb.exe
  C:\Windows\System\Tyopyfb.exe
  2⤵
  PID:8356
- C:\Windows\System\GfYnhOk.exe
  C:\Windows\System\GfYnhOk.exe
  2⤵
  PID:8372
- C:\Windows\System\FucpxlD.exe
  C:\Windows\System\FucpxlD.exe
  2⤵
  PID:8388
- C:\Windows\System\ahdjQxA.exe
  C:\Windows\System\ahdjQxA.exe
  2⤵
  PID:8408
- C:\Windows\System\sIsXBvU.exe
  C:\Windows\System\sIsXBvU.exe
  2⤵
  PID:8424
- C:\Windows\System\KkkDRAp.exe
  C:\Windows\System\KkkDRAp.exe
  2⤵
  PID:8440
- C:\Windows\System\NJZhsma.exe
  C:\Windows\System\NJZhsma.exe
  2⤵
  PID:8456
- C:\Windows\System\yVHUQzJ.exe
  C:\Windows\System\yVHUQzJ.exe
  2⤵
  PID:8472
- C:\Windows\System\KlhGbAh.exe
  C:\Windows\System\KlhGbAh.exe
  2⤵
  PID:8488
- C:\Windows\System\OgCPFLk.exe
  C:\Windows\System\OgCPFLk.exe
  2⤵
  PID:8504
- C:\Windows\System\HwoaQAP.exe
  C:\Windows\System\HwoaQAP.exe
  2⤵
  PID:8520
- C:\Windows\System\pYRGTpC.exe
  C:\Windows\System\pYRGTpC.exe
  2⤵
  PID:8536
- C:\Windows\System\KNwShom.exe
  C:\Windows\System\KNwShom.exe
  2⤵
  PID:8552
- C:\Windows\System\bidEWWF.exe
  C:\Windows\System\bidEWWF.exe
  2⤵
  PID:8576
- C:\Windows\System\wvQFuxD.exe
  C:\Windows\System\wvQFuxD.exe
  2⤵
  PID:8596
- C:\Windows\System\ywkrreP.exe
  C:\Windows\System\ywkrreP.exe
  2⤵
  PID:8636
- C:\Windows\System\lwKnIHi.exe
  C:\Windows\System\lwKnIHi.exe
  2⤵
  PID:8652
- C:\Windows\System\VKqxpjd.exe
  C:\Windows\System\VKqxpjd.exe
  2⤵
  PID:8668
- C:\Windows\System\sWfuTCy.exe
  C:\Windows\System\sWfuTCy.exe
  2⤵
  PID:8684
- C:\Windows\System\FmetFGS.exe
  C:\Windows\System\FmetFGS.exe
  2⤵
  PID:8700
- C:\Windows\System\rXNrkPi.exe
  C:\Windows\System\rXNrkPi.exe
  2⤵
  PID:8716
- C:\Windows\System\hMbhlHx.exe
  C:\Windows\System\hMbhlHx.exe
  2⤵
  PID:8732
- C:\Windows\System\yjvoLjQ.exe
  C:\Windows\System\yjvoLjQ.exe
  2⤵
  PID:8748
- C:\Windows\System\nPFZaKK.exe
  C:\Windows\System\nPFZaKK.exe
  2⤵
  PID:8764
- C:\Windows\System\UNJURkK.exe
  C:\Windows\System\UNJURkK.exe
  2⤵
  PID:8784
- C:\Windows\System\QSTkoHu.exe
  C:\Windows\System\QSTkoHu.exe
  2⤵
  PID:8800
- C:\Windows\System\hczWqDH.exe
  C:\Windows\System\hczWqDH.exe
  2⤵
  PID:8820
- C:\Windows\System\GagDtEx.exe
  C:\Windows\System\GagDtEx.exe
  2⤵
  PID:8840
- C:\Windows\System\JfdoKtq.exe
  C:\Windows\System\JfdoKtq.exe
  2⤵
  PID:8856
- C:\Windows\System\fLgwRTc.exe
  C:\Windows\System\fLgwRTc.exe
  2⤵
  PID:8872
- C:\Windows\System\FXXbBtN.exe
  C:\Windows\System\FXXbBtN.exe
  2⤵
  PID:8888
- C:\Windows\System\oxQEJtv.exe
  C:\Windows\System\oxQEJtv.exe
  2⤵
  PID:8904
- C:\Windows\System\kHYCKus.exe
  C:\Windows\System\kHYCKus.exe
  2⤵
  PID:8920
- C:\Windows\System\cyiBqMY.exe
  C:\Windows\System\cyiBqMY.exe
  2⤵
  PID:8936
- C:\Windows\System\QbjLSCW.exe
  C:\Windows\System\QbjLSCW.exe
  2⤵
  PID:8956
- C:\Windows\System\vnlGUme.exe
  C:\Windows\System\vnlGUme.exe
  2⤵
  PID:8972
- C:\Windows\System\fXbZlfD.exe
  C:\Windows\System\fXbZlfD.exe
  2⤵
  PID:8988
- C:\Windows\System\tTOQNfh.exe
  C:\Windows\System\tTOQNfh.exe
  2⤵
  PID:9004
- C:\Windows\System\gLHDVfq.exe
  C:\Windows\System\gLHDVfq.exe
  2⤵
  PID:9020
- C:\Windows\System\qnNQCvV.exe
  C:\Windows\System\qnNQCvV.exe
  2⤵
  PID:9036
- C:\Windows\System\QOmvNoN.exe
  C:\Windows\System\QOmvNoN.exe
  2⤵
  PID:9052
- C:\Windows\System\SMKorcP.exe
  C:\Windows\System\SMKorcP.exe
  2⤵
  PID:9068
- C:\Windows\System\tweHwUP.exe
  C:\Windows\System\tweHwUP.exe
  2⤵
  PID:9088
- C:\Windows\System\sEyJuMz.exe
  C:\Windows\System\sEyJuMz.exe
  2⤵
  PID:9104
- C:\Windows\System\zYftrCZ.exe
  C:\Windows\System\zYftrCZ.exe
  2⤵
  PID:9124
- C:\Windows\System\tHqWmZl.exe
  C:\Windows\System\tHqWmZl.exe
  2⤵
  PID:9140
- C:\Windows\System\KMShJcW.exe
  C:\Windows\System\KMShJcW.exe
  2⤵
  PID:9156
- C:\Windows\System\vLFgOaq.exe
  C:\Windows\System\vLFgOaq.exe
  2⤵
  PID:9172
- C:\Windows\System\sjgEZOZ.exe
  C:\Windows\System\sjgEZOZ.exe
  2⤵
  PID:9188
- C:\Windows\System\OLEsCfe.exe
  C:\Windows\System\OLEsCfe.exe
  2⤵
  PID:9204
- C:\Windows\System\MdfYXGa.exe
  C:\Windows\System\MdfYXGa.exe
  2⤵
  PID:8196
- C:\Windows\System\JzlvOoj.exe
  C:\Windows\System\JzlvOoj.exe
  2⤵
  PID:8212
- C:\Windows\System\edKcbrY.exe
  C:\Windows\System\edKcbrY.exe
  2⤵
  PID:8248
- C:\Windows\System\gOqoHzy.exe
  C:\Windows\System\gOqoHzy.exe
  2⤵
  PID:8276
- C:\Windows\System\JAdtaJv.exe
  C:\Windows\System\JAdtaJv.exe
  2⤵
  PID:8312
- C:\Windows\System\WydCBsY.exe
  C:\Windows\System\WydCBsY.exe
  2⤵
  PID:8344
- C:\Windows\System\djGERqK.exe
  C:\Windows\System\djGERqK.exe
  2⤵
  PID:8364
- C:\Windows\System\naldPJn.exe
  C:\Windows\System\naldPJn.exe
  2⤵
  PID:8400
- C:\Windows\System\QcyKVRd.exe
  C:\Windows\System\QcyKVRd.exe
  2⤵
  PID:8452
- C:\Windows\System\rMrbAqp.exe
  C:\Windows\System\rMrbAqp.exe
  2⤵
  PID:8480
- C:\Windows\System\uyDfiRJ.exe
  C:\Windows\System\uyDfiRJ.exe
  2⤵
  PID:8500
- C:\Windows\System\zJPRmDP.exe
  C:\Windows\System\zJPRmDP.exe
  2⤵
  PID:8560
- C:\Windows\System\jbmbdZR.exe
  C:\Windows\System\jbmbdZR.exe
  2⤵
  PID:8584
- C:\Windows\System\fdZFTqm.exe
  C:\Windows\System\fdZFTqm.exe
  2⤵
  PID:8632
- C:\Windows\System\JXzqfTB.exe
  C:\Windows\System\JXzqfTB.exe
  2⤵
  PID:8628
- C:\Windows\System\UFDLgEz.exe
  C:\Windows\System\UFDLgEz.exe
  2⤵
  PID:8680
- C:\Windows\System\OZpyyGd.exe
  C:\Windows\System\OZpyyGd.exe
  2⤵
  PID:8660
- C:\Windows\System\MLqpEoC.exe
  C:\Windows\System\MLqpEoC.exe
  2⤵
  PID:8756
- C:\Windows\System\VLSnuLL.exe
  C:\Windows\System\VLSnuLL.exe
  2⤵
  PID:8772
- C:\Windows\System\ZlPCiJU.exe
  C:\Windows\System\ZlPCiJU.exe
  2⤵
  PID:8796
- C:\Windows\System\NclMjng.exe
  C:\Windows\System\NclMjng.exe
  2⤵
  PID:8836
- C:\Windows\System\shTAjBh.exe
  C:\Windows\System\shTAjBh.exe
  2⤵
  PID:8884
- C:\Windows\System\jwfWpAx.exe
  C:\Windows\System\jwfWpAx.exe
  2⤵
  PID:8948
- C:\Windows\System\ugfrkXD.exe
  C:\Windows\System\ugfrkXD.exe
  2⤵
  PID:8896
- C:\Windows\System\FqAHEWM.exe
  C:\Windows\System\FqAHEWM.exe
  2⤵
  PID:8932
- C:\Windows\System\yyHDhhZ.exe
  C:\Windows\System\yyHDhhZ.exe
  2⤵
  PID:9044
- C:\Windows\System\PXKrhTC.exe
  C:\Windows\System\PXKrhTC.exe
  2⤵
  PID:9032
- C:\Windows\System\JLmvpAS.exe
  C:\Windows\System\JLmvpAS.exe
  2⤵
  PID:9064
- C:\Windows\System\fxQFDuh.exe
  C:\Windows\System\fxQFDuh.exe
  2⤵
  PID:9084
- C:\Windows\System\TSYYiAD.exe
  C:\Windows\System\TSYYiAD.exe
  2⤵
  PID:9120
- C:\Windows\System\RrZWMrL.exe
  C:\Windows\System\RrZWMrL.exe
  2⤵
  PID:9152
- C:\Windows\System\SRMtbvl.exe
  C:\Windows\System\SRMtbvl.exe
  2⤵
  PID:9196
- C:\Windows\System\pXUqoEA.exe
  C:\Windows\System\pXUqoEA.exe
  2⤵
  PID:8200
- C:\Windows\System\vSLKNaU.exe
  C:\Windows\System\vSLKNaU.exe
  2⤵
  PID:7224
- C:\Windows\System\aGivgFx.exe
  C:\Windows\System\aGivgFx.exe
  2⤵
  PID:8284
- C:\Windows\System\SnReIwz.exe
  C:\Windows\System\SnReIwz.exe
  2⤵
  PID:8776
- C:\Windows\System\JObsZHz.exe
  C:\Windows\System\JObsZHz.exe
  2⤵
  PID:8416
- C:\Windows\System\ueEpquR.exe
  C:\Windows\System\ueEpquR.exe
  2⤵
  PID:8384
- C:\Windows\System\aEoABGA.exe
  C:\Windows\System\aEoABGA.exe
  2⤵
  PID:8532
- C:\Windows\System\McKBTfK.exe
  C:\Windows\System\McKBTfK.exe
  2⤵
  PID:8620
- C:\Windows\System\DBUbmje.exe
  C:\Windows\System\DBUbmje.exe
  2⤵
  PID:8676
- C:\Windows\System\qxFjpks.exe
  C:\Windows\System\qxFjpks.exe
  2⤵
  PID:8740
- C:\Windows\System\fgzwsCB.exe
  C:\Windows\System\fgzwsCB.exe
  2⤵
  PID:8792
- C:\Windows\System\XWZKvuJ.exe
  C:\Windows\System\XWZKvuJ.exe
  2⤵
  PID:8868
- C:\Windows\System\YBMNaiI.exe
  C:\Windows\System\YBMNaiI.exe
  2⤵
  PID:9000
- C:\Windows\System\hRqLGwh.exe
  C:\Windows\System\hRqLGwh.exe
  2⤵
  PID:9096
- C:\Windows\System\RhcRLwT.exe
  C:\Windows\System\RhcRLwT.exe
  2⤵
  PID:9112
- C:\Windows\System\qDfoAAy.exe
  C:\Windows\System\qDfoAAy.exe
  2⤵
  PID:9148
- C:\Windows\System\CRmEYnv.exe
  C:\Windows\System\CRmEYnv.exe
  2⤵
  PID:8280
- C:\Windows\System\CMBEehP.exe
  C:\Windows\System\CMBEehP.exe
  2⤵
  PID:8296
- C:\Windows\System\qDZzTiA.exe
  C:\Windows\System\qDZzTiA.exe
  2⤵
  PID:8516
- C:\Windows\System\qtChpaR.exe
  C:\Windows\System\qtChpaR.exe
  2⤵
  PID:8468
- C:\Windows\System\UEBNIQO.exe
  C:\Windows\System\UEBNIQO.exe
  2⤵
  PID:8612
- C:\Windows\System\pmxhmqF.exe
  C:\Windows\System\pmxhmqF.exe
  2⤵
  PID:2512
- C:\Windows\System\qguixvI.exe
  C:\Windows\System\qguixvI.exe
  2⤵
  PID:8572
- C:\Windows\System\cogVYBq.exe
  C:\Windows\System\cogVYBq.exe
  2⤵
  PID:8728
- C:\Windows\System\tLaKzUm.exe
  C:\Windows\System\tLaKzUm.exe
  2⤵
  PID:8984
- C:\Windows\System\PKlELmY.exe
  C:\Windows\System\PKlELmY.exe
  2⤵
  PID:9100
- C:\Windows\System\hVNaeCm.exe
  C:\Windows\System\hVNaeCm.exe
  2⤵
  PID:9212
- C:\Windows\System\PfpROTt.exe
  C:\Windows\System\PfpROTt.exe
  2⤵
  PID:8380
- C:\Windows\System\LyqFcCE.exe
  C:\Windows\System\LyqFcCE.exe
  2⤵
  PID:8512
- C:\Windows\System\DUCYhns.exe
  C:\Windows\System\DUCYhns.exe
  2⤵
  PID:2876
- C:\Windows\System\bzMRYsc.exe
  C:\Windows\System\bzMRYsc.exe
  2⤵
  PID:8828
- C:\Windows\System\WcxrQup.exe
  C:\Windows\System\WcxrQup.exe
  2⤵
  PID:8648
- C:\Windows\System\BluIZkY.exe
  C:\Windows\System\BluIZkY.exe
  2⤵
  PID:8812
- C:\Windows\System\KPZHHwt.exe
  C:\Windows\System\KPZHHwt.exe
  2⤵
  PID:9012
- C:\Windows\System\kONyssN.exe
  C:\Windows\System\kONyssN.exe
  2⤵
  PID:9136
- C:\Windows\System\nyZnWye.exe
  C:\Windows\System\nyZnWye.exe
  2⤵
  PID:8592
- C:\Windows\System\jNKHlEo.exe
  C:\Windows\System\jNKHlEo.exe
  2⤵
  PID:1436
- C:\Windows\System\jUQisok.exe
  C:\Windows\System\jUQisok.exe
  2⤵
  PID:8880
- C:\Windows\System\sVUkzZJ.exe
  C:\Windows\System\sVUkzZJ.exe
  2⤵
  PID:9224
- C:\Windows\System\QrwPoeX.exe
  C:\Windows\System\QrwPoeX.exe
  2⤵
  PID:9240
- C:\Windows\System\gnIkonG.exe
  C:\Windows\System\gnIkonG.exe
  2⤵
  PID:9256
- C:\Windows\System\RQioQIm.exe
  C:\Windows\System\RQioQIm.exe
  2⤵
  PID:9276
- C:\Windows\System\ergbDLJ.exe
  C:\Windows\System\ergbDLJ.exe
  2⤵
  PID:9292
- C:\Windows\System\kTHeBLw.exe
  C:\Windows\System\kTHeBLw.exe
  2⤵
  PID:9308
- C:\Windows\System\rCbBZne.exe
  C:\Windows\System\rCbBZne.exe
  2⤵
  PID:9324
- C:\Windows\System\MDIzEEX.exe
  C:\Windows\System\MDIzEEX.exe
  2⤵
  PID:9340
- C:\Windows\System\gyAfDny.exe
  C:\Windows\System\gyAfDny.exe
  2⤵
  PID:9356
- C:\Windows\System\ZgRUPrk.exe
  C:\Windows\System\ZgRUPrk.exe
  2⤵
  PID:9372
- C:\Windows\System\EWXDFUe.exe
  C:\Windows\System\EWXDFUe.exe
  2⤵
  PID:9388
- C:\Windows\System\jXxesfz.exe
  C:\Windows\System\jXxesfz.exe
  2⤵
  PID:9408
- C:\Windows\System\QRqkEQD.exe
  C:\Windows\System\QRqkEQD.exe
  2⤵
  PID:9428
- C:\Windows\System\cVMMCKm.exe
  C:\Windows\System\cVMMCKm.exe
  2⤵
  PID:9464
- C:\Windows\System\IHMJDCs.exe
  C:\Windows\System\IHMJDCs.exe
  2⤵
  PID:9484
- C:\Windows\System\UwjiJCq.exe
  C:\Windows\System\UwjiJCq.exe
  2⤵
  PID:9500
- C:\Windows\System\yJWMTbs.exe
  C:\Windows\System\yJWMTbs.exe
  2⤵
  PID:9520
- C:\Windows\System\oRQocFm.exe
  C:\Windows\System\oRQocFm.exe
  2⤵
  PID:9540
- C:\Windows\System\kGtbeLc.exe
  C:\Windows\System\kGtbeLc.exe
  2⤵
  PID:9556
- C:\Windows\System\gNzwpdQ.exe
  C:\Windows\System\gNzwpdQ.exe
  2⤵
  PID:9572
- C:\Windows\System\KcQRGEP.exe
  C:\Windows\System\KcQRGEP.exe
  2⤵
  PID:9592
- C:\Windows\System\bdEpFmB.exe
  C:\Windows\System\bdEpFmB.exe
  2⤵
  PID:9616
- C:\Windows\System\Jvjmcxw.exe
  C:\Windows\System\Jvjmcxw.exe
  2⤵
  PID:9636
- C:\Windows\System\WMjiekR.exe
  C:\Windows\System\WMjiekR.exe
  2⤵
  PID:9652
- C:\Windows\System\aXVMebU.exe
  C:\Windows\System\aXVMebU.exe
  2⤵
  PID:9676
- C:\Windows\System\tQvWtQG.exe
  C:\Windows\System\tQvWtQG.exe
  2⤵
  PID:9692
- C:\Windows\System\GLGKvjC.exe
  C:\Windows\System\GLGKvjC.exe
  2⤵
  PID:9708
- C:\Windows\System\VNKmcKe.exe
  C:\Windows\System\VNKmcKe.exe
  2⤵
  PID:9724
- C:\Windows\System\LdfZNBR.exe
  C:\Windows\System\LdfZNBR.exe
  2⤵
  PID:9740
- C:\Windows\System\rjyCPph.exe
  C:\Windows\System\rjyCPph.exe
  2⤵
  PID:9760
- C:\Windows\System\GxXodVD.exe
  C:\Windows\System\GxXodVD.exe
  2⤵
  PID:9792
- C:\Windows\System\IcmRTMW.exe
  C:\Windows\System\IcmRTMW.exe
  2⤵
  PID:9876
- C:\Windows\System\GtesUBf.exe
  C:\Windows\System\GtesUBf.exe
  2⤵
  PID:9892
- C:\Windows\System\qhInOhn.exe
  C:\Windows\System\qhInOhn.exe
  2⤵
  PID:9908
- C:\Windows\System\GprqVKs.exe
  C:\Windows\System\GprqVKs.exe
  2⤵
  PID:9924
- C:\Windows\System\BmZJgDr.exe
  C:\Windows\System\BmZJgDr.exe
  2⤵
  PID:9944
- C:\Windows\System\poHxTFi.exe
  C:\Windows\System\poHxTFi.exe
  2⤵
  PID:9960
- C:\Windows\System\kEfOjBK.exe
  C:\Windows\System\kEfOjBK.exe
  2⤵
  PID:9976
- C:\Windows\System\edwjIUp.exe
  C:\Windows\System\edwjIUp.exe
  2⤵
  PID:9996
- C:\Windows\System\qObMbMl.exe
  C:\Windows\System\qObMbMl.exe
  2⤵
  PID:10012
- C:\Windows\System\qFCfOXe.exe
  C:\Windows\System\qFCfOXe.exe
  2⤵
  PID:10028
- C:\Windows\System\SQzvkjZ.exe
  C:\Windows\System\SQzvkjZ.exe
  2⤵
  PID:10056
- C:\Windows\System\FJLMxZU.exe
  C:\Windows\System\FJLMxZU.exe
  2⤵
  PID:10088
- C:\Windows\System\lXuVGAo.exe
  C:\Windows\System\lXuVGAo.exe
  2⤵
  PID:10104
- C:\Windows\System\JUcfZzv.exe
  C:\Windows\System\JUcfZzv.exe
  2⤵
  PID:10120
- C:\Windows\System\nJssoed.exe
  C:\Windows\System\nJssoed.exe
  2⤵
  PID:10140
- C:\Windows\System\qxiwRqB.exe
  C:\Windows\System\qxiwRqB.exe
  2⤵
  PID:10160
- C:\Windows\System\GilLbYg.exe
  C:\Windows\System\GilLbYg.exe
  2⤵
  PID:10176
- C:\Windows\System\Usggvzw.exe
  C:\Windows\System\Usggvzw.exe
  2⤵
  PID:10196
- C:\Windows\System\wJVniwH.exe
  C:\Windows\System\wJVniwH.exe
  2⤵
  PID:10220
- C:\Windows\System\aMgbgQM.exe
  C:\Windows\System\aMgbgQM.exe
  2⤵
  PID:8328
- C:\Windows\System\TDhDOkB.exe
  C:\Windows\System\TDhDOkB.exe
  2⤵
  PID:8928
- C:\Windows\System\CCfQBtY.exe
  C:\Windows\System\CCfQBtY.exe
  2⤵
  PID:8252
- C:\Windows\System\ZVWaAGp.exe
  C:\Windows\System\ZVWaAGp.exe
  2⤵
  PID:9268
- C:\Windows\System\ucxLIDN.exe
  C:\Windows\System\ucxLIDN.exe
  2⤵
  PID:9288
- C:\Windows\System\OEIwaXI.exe
  C:\Windows\System\OEIwaXI.exe
  2⤵
  PID:9320
- C:\Windows\System\SUdVmin.exe
  C:\Windows\System\SUdVmin.exe
  2⤵
  PID:9380
- C:\Windows\System\YxNzyzB.exe
  C:\Windows\System\YxNzyzB.exe
  2⤵
  PID:9400
- C:\Windows\System\rcwLBvW.exe
  C:\Windows\System\rcwLBvW.exe
  2⤵
  PID:9448
- C:\Windows\System\pwyfPkb.exe
  C:\Windows\System\pwyfPkb.exe
  2⤵
  PID:9492
- C:\Windows\System\BTQOxcR.exe
  C:\Windows\System\BTQOxcR.exe
  2⤵
  PID:9564
- C:\Windows\System\SMKJDSG.exe
  C:\Windows\System\SMKJDSG.exe
  2⤵
  PID:9628
- C:\Windows\System\kukLglD.exe
  C:\Windows\System\kukLglD.exe
  2⤵
  PID:9608
- C:\Windows\System\anGjDbm.exe
  C:\Windows\System\anGjDbm.exe
  2⤵
  PID:9672
- C:\Windows\System\ghYvTPm.exe
  C:\Windows\System\ghYvTPm.exe
  2⤵
  PID:9732
- C:\Windows\System\YxSKuJR.exe
  C:\Windows\System\YxSKuJR.exe
  2⤵
  PID:9736
- C:\Windows\System\pAQtexu.exe
  C:\Windows\System\pAQtexu.exe
  2⤵
  PID:9800
- C:\Windows\System\LOSQGyD.exe
  C:\Windows\System\LOSQGyD.exe
  2⤵
  PID:9832
- C:\Windows\System\gjZhozi.exe
  C:\Windows\System\gjZhozi.exe
  2⤵
  PID:9856
- C:\Windows\System\tAxuPOJ.exe
  C:\Windows\System\tAxuPOJ.exe
  2⤵
  PID:9780
- C:\Windows\System\qZnUkzH.exe
  C:\Windows\System\qZnUkzH.exe
  2⤵
  PID:9900
- C:\Windows\System\zhzSKwd.exe
  C:\Windows\System\zhzSKwd.exe
  2⤵
  PID:9904
- C:\Windows\System\TenqxTK.exe
  C:\Windows\System\TenqxTK.exe
  2⤵
  PID:9932
- C:\Windows\System\QHIungu.exe
  C:\Windows\System\QHIungu.exe
  2⤵
  PID:9988
- C:\Windows\System\bdjLTFn.exe
  C:\Windows\System\bdjLTFn.exe
  2⤵
  PID:10004
- C:\Windows\System\CBlvdHH.exe
  C:\Windows\System\CBlvdHH.exe
  2⤵
  PID:10040
- C:\Windows\System\JcrjSoA.exe
  C:\Windows\System\JcrjSoA.exe
  2⤵
  PID:10068
- C:\Windows\System\AqSRoMc.exe
  C:\Windows\System\AqSRoMc.exe
  2⤵
  PID:10112
- C:\Windows\System\NTIvAnh.exe
  C:\Windows\System\NTIvAnh.exe
  2⤵
  PID:10148
- C:\Windows\System\DIjARUR.exe
  C:\Windows\System\DIjARUR.exe
  2⤵
  PID:10184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AcpBkDY.exe

Filesize
6.0MB

MD5
c346a92f0645e33f9a06df80c1f7fbaf

SHA1
8a792aca56adf55d6eaf0b85345732a926238e19

SHA256
ebf58eb28a289543e880fcb51bdab70bcd05fcff370f0619c9204517c7781564

SHA512
9970bae210932398c36f2eed8b9593fc6aac0e518165e16386a870b138c73a831a21b2bfc327c8d815272e82f9858f7120070d816f384135c7775ede3b09c46d

Download Submit
C:\Windows\system\EuRXeZl.exe

Filesize
6.0MB

MD5
8920e46bbb4be86cd524804a9e2049c8

SHA1
0e610fb9171cce1e17578b4be5beaa2f31dc4eeb

SHA256
27ca95dcde1a27c025be5c518f8b97917dd0d99a78fa1e4cc98a1f577dc43eb4

SHA512
499bbc879894031dc12c0e3619c59e1c60879a1ed667c5b35529839766d49dbfb15d618057556724f988a8c035668df44cb8519a42738265f1688a004847202e

Download Submit
C:\Windows\system\GKifdFM.exe

Filesize
6.0MB

MD5
2cce49a5db3b593ac172f2d651bd2d96

SHA1
cc3fc82e9cc9261e02ae38c830941cfa9cd8aab2

SHA256
0810fc5738f1329b1bab8361c73fa4921aad721233fa4211d33dd79e7ed7afd0

SHA512
76b98cfe883579db70f2b06fb2526d8243a66464abe932d33f23ff8be2bc30a3541c013173c103e9557e70fca00f0eb0ad01bd70954f47a89c9a00f7cae9bba8

Download Submit
C:\Windows\system\KGYKunz.exe

Filesize
6.0MB

MD5
c3b27b64069a034ea4cb906e7923874d

SHA1
2803217f36ce4f3025368556bb2a409ab5d2fda1

SHA256
6594e96a4208ee2e2f0da36fa9f8f0576de09775407722700eb1dc89629308bb

SHA512
4a3461883a21f778e1685baacd30d3c8ef9e28223d8202f30c3d4d42a4e9241b78981aa0caeaa15514b84a9e8784051b4ac277299e3d20bdced9c2fd424b4cfc

Download Submit
C:\Windows\system\KUdbuxB.exe

Filesize
6.0MB

MD5
aeceb8ab08b3a56963983c709462cc45

SHA1
9a5a46713944aa0f557a7e95c9d6fbaa8fc126e9

SHA256
63f7606fddc1723d96507c59cd1d547031f18dca992144af4edf4e5e852954c1

SHA512
d94ab91bb0ce277c475e616fe4da000a9962f1ece093bb0659331daa7574e632383e7e092ab762eeb5ed79775b5a7e3d471783a7df0e542b27f5d746a5219d48

Download Submit
C:\Windows\system\MyysZfb.exe

Filesize
6.0MB

MD5
c1d8d2affe0d918a87451ba4387d6333

SHA1
7422ae04d6d53173894b7f23559ff82d9d732678

SHA256
c4756ca3a7f03d4a30affbe434ae472d26d2f72fdb7dfd00b0e2392178eb3e65

SHA512
0d87d6e4e9d53ff7991c942a159bfabd2f77c35bf4a75c1db1a3e5502bfc63d85e3e3d87493687b72af636c4128ea7da917b1b5be52218c25117cc7329b0e13b

Download Submit
C:\Windows\system\NVODeNA.exe

Filesize
6.0MB

MD5
4144dba7a741796d3a490729c4192e42

SHA1
92c359eb1a91b4270ba42271caa0a7c88c18db67

SHA256
08d0650d24cca87ecff5bf515d3fc64909288432d2287848da200caf70bd4567

SHA512
0f08efbe9a7c94e7e9b470cf9408dcf16bf73b3208890ec19b5ff45238075da5f208237d474f0eebe7a91961221f0cebf48491072b22a4be78338a8bee174947

Download Submit
C:\Windows\system\OvrcxyD.exe

Filesize
6.0MB

MD5
7c91605f99893bb81ee70411388613e0

SHA1
d6b017010fa7adaf7b8b8cfc38cb0ba396cc78f8

SHA256
1eca66e95f2079ba7a252f99143ead79126513149b8134ba7b7cdd15c78eddad

SHA512
f7b7c3c56b702c8ccc92cd510f8dfb686e66dafdb01ed825aa57e20ce0781fab37f9a78cda2de5d4e0f56ca1dc1663f861fa50600b0a3b2fe7406d6bee4b852d

Download Submit
C:\Windows\system\RvDxuvn.exe

Filesize
6.0MB

MD5
9393e0fd1e1c6abc3ea6a31043e74c4b

SHA1
7ac04b71667b10ab2827f6e4ec6be57550babc5e

SHA256
e873e0e124f084ce9d9ceaa78c397d6d84f5486603b04be00a0c300b4ffb283d

SHA512
a3c271640db4eb70628ad0e7ed0798568ef87864fd239e1cde1a7bacf8985320b62356496bed4a8281f0a948af2666e0e842bf88fe1bda4ec7075a711e422d7c

Download Submit
C:\Windows\system\SJEdZeg.exe

Filesize
6.0MB

MD5
b2e7ff72abed01fcd3feff69edd636ba

SHA1
11f1200930dfe3bf841b32cad4d47ea4a2e3b908

SHA256
09d44266e7b712a6473cf7a2b9b69f702b426870fea9643dabbac986d44abd79

SHA512
f30ce81857f803a8756f72cb24caf09ae57dbbfe1b025d90b949e660e9a7d95bf83f6443ad9590261e4ba4992b717f99b42d85a40b3016e78b6e7cbf9a2d4d3d

Download Submit
C:\Windows\system\SyaMGXW.exe

Filesize
6.0MB

MD5
96d32f1bbe4d84cf8596d7d7ee00bef0

SHA1
9dfa0920fc03b7382a5e3f2862b9d720f0d549dd

SHA256
761dc3f3f34c5d78dcc05acf6789cd800808ee7a167a96c15cc7c0572c6f4714

SHA512
c222e46330d33e969187331a3d17ad61bbf1e367bb0fa08113d718840a03a2c50ab62d8f32d39abdc1254dff8a73ed4c9bcf4946dd8f800db1fdcee2faf38f72

Download Submit
C:\Windows\system\WfPzZLg.exe

Filesize
6.0MB

MD5
5f4c0fe93389b64ae08021da230dfeda

SHA1
92735b3f374f7105f4984d6656fb70b28ac6122c

SHA256
930baca02f65c587267f0f317cb7e68a8fb682fc9a638ac64a9489ef321b50ef

SHA512
82769992814dc77c80aa5a0ecaebb795ce295691608e4c11324d428d5571512c559510bc40c241e1a483c6cde948b839b39fe6f156290040d4ba56ffae0230ce

Download Submit
C:\Windows\system\cvepikc.exe

Filesize
6.0MB

MD5
4ba0645c843b5319b2f0857d9c396ce4

SHA1
714e7280ba77ce0b885b832a805e5db69ddc92e9

SHA256
e69c6aa25f1f5a18d4f0e75440d33e14025e78b1a72bf779f872694738944e40

SHA512
a41e4e9ccff563c761fd8cb3ddaa1bed7fcba9cd63edb16a9f747217bab56bcd7e3abbc3ffd83dfef3a66c0f96d81f3e20d3cb00e1e7cdba53d35c4f3125bf17

Download Submit
C:\Windows\system\dwoIDFX.exe

Filesize
6.0MB

MD5
2cee5c460af8ba142b3a18cd73a15e3c

SHA1
df1c1e9f5b190c6439d8c9aa054aeeca01ff14e2

SHA256
1b112df2b3a35706e93e8c3a86a511f67787ad8264fbc5fcf655dae79c6fcecc

SHA512
413ae764410230bd2acec4d46467d743cd279ae57977498959294c00e2caffcd9537d01b4ce6a829cb063c519de949bb8ca1526d40bc2db30d6bcf7891013590

Download Submit
C:\Windows\system\dxcLbOC.exe

Filesize
6.0MB

MD5
e4501950427f79e998bde7f735b89977

SHA1
6ebad907dc55988793f6ada9600ebe0b538ad057

SHA256
1f47f53a016e740cd73ee8632f55495b26d99b60ad111517e75580238d3789dd

SHA512
74ecfde99c6af896306c7c07574a58fef8084be1ee203dbaaa5b259fa2e3ed17353f633227d6cf2fe8021c06ca159ea22ecacc78c4e6013c89ef9093851f79ea

Download Submit
C:\Windows\system\gWdZvDS.exe

Filesize
6.0MB

MD5
3060f7b2e4b0830abbaa1322fc90450c

SHA1
24dfd77a9a7e9120d4f7b61605b0c56540f2a080

SHA256
ac03f6fb1dd6838585a8b74d12660b99d9ce4afc490d0e47cdb213522b497049

SHA512
ec8f3cf5c59cc086b88fdd96255218ef89283cc90ca0e9d87407b4c82c3e870456f0cee7f39c9e72d2ed3267c90efea52107ebd3da8aab7edd9d139d683590c7

Download Submit
C:\Windows\system\gmPqeJA.exe

Filesize
6.0MB

MD5
344ae6541e9db7a33f248c7a4bfe9f3a

SHA1
ea4bad3b7e45cdc7a40a0cedd6222f2fd08a7de7

SHA256
d64d53e081ecd0650632c0c8b371cf9864a3c67e93d0d4c5eab247b4323d198b

SHA512
4ece022fc37cddd35130b414b44dce07cb63bc4d03623679dd296e68d201e3ec049f21bfbe2bb28e83a51e0b0627467b6d521f596508a5f38786818042907172

Download Submit
C:\Windows\system\jApznhc.exe

Filesize
6.0MB

MD5
b116a96a71f994101aba51b5e665f301

SHA1
1c9ded7235c5ce64da96a25e8b3e560d531384ee

SHA256
e47b03da0ab0c1fb06f78feb23262cef2b052c5cb8c4fbb83d7c734a7841c8f2

SHA512
210f4e6183369b36b562e2981841114ef860426ae29fa4822cad125322aa82e5f58306024e77f25234bb45c9859e6b527978edbdedb01a47f95c8a318a1e4b22

Download Submit
C:\Windows\system\mdNfbvf.exe

Filesize
6.0MB

MD5
d47cd90252716c4980a17b67eb5e9659

SHA1
c89b59045352e6444ea868e4c24ef4c687f6bc7e

SHA256
a2d2dff4ad034dc7257dde77fd08118715e541917a0ee234deeae74bcec4953c

SHA512
f922dc1b40b641421e886a788f48fda0b55e1d61c0bb07e73162f30862192dcb88d8ea261ec20391b580a669d01e4af28454e8afb96929b551a371ddc21a4419

Download Submit
C:\Windows\system\oDrXDuS.exe

Filesize
6.0MB

MD5
f6c15ef2a5143c873d3ed45d54100280

SHA1
11ca24ea2c3728779b09a874341224b0a1552a84

SHA256
a0c7efe30063a122c9ae6429252f934aad1e8aaa47b7c6db61971eaec3e2c1bb

SHA512
857af9728b305c42df55823801c10c90e7d52cb11ebccc1fa9e48dce02c6045f52976cdc3bd6528a9976d1e1b451560390d13d55154837a82447ed0144494f92

Download Submit
C:\Windows\system\sQZmvYC.exe

Filesize
6.0MB

MD5
2a634089b3c3d554d7f1db4b7ca4f74e

SHA1
a3f6887a09a0f1e317c01b57107061f35479b6cf

SHA256
fa8e06da85283996b9ddc70fd5b50d4f4d02737d81ef90286d90c6a12107490a

SHA512
6d0a663c602b10c97e036584c3f1e3a5978768e07ea3e1e7694f538247e78f03938b74d6ba2acb126f9be39b1bd5802ca49a5ac6988374998a1abe7c7ae84521

Download Submit
C:\Windows\system\svWktys.exe

Filesize
6.0MB

MD5
077249ecf7259d7de4aec734ffedbecb

SHA1
8f62e985d87a11227e62d3df08a52dc2cd55ca8e

SHA256
f9dc5fb0c85e9d25a667a32ddcf45997cb0fdeb77e6a0ed84d5b108810f44c97

SHA512
d840c27a824c05c094466626ee3f81f79717bd47e4919677a4b3b3f62e8852113744e91a253bb728fd278a2a8da5671a13c893fd6cd3d6f73770e571f5d84319

Download Submit
C:\Windows\system\yijbTjL.exe

Filesize
6.0MB

MD5
3062b290ccf79cce31effdb29f2195d1

SHA1
d6ca0b914e421e7536a506db7d5b7e016ee8b242

SHA256
938198f6e5330bd11a6d87682902b4e0e4f46cb51612e3c16ebeda38d4ee4062

SHA512
9a4de7bdd861641e7c3b561f98c3ca556110c6585acd53c38cb6b79f605ef6a0622e680b6d75d14dc3d7b0fc7f11b40a12fb5e456762651fade5c067514e4405

Download Submit
C:\Windows\system\zgAOKxk.exe

Filesize
6.0MB

MD5
41291009a69267521b88ecd3aeed398b

SHA1
3ff4ef94368dc241a980ab00abaf7451ee203016

SHA256
bfbe881f75707446b6694636a655554fcd7bf87ce8bce3396bd19d95ad0f33ed

SHA512
f70d982eeb4a0b3a63c38ab08fa65875e3d5878ccdf3b848543dda57782e28e2c323b7da9799a59b1c7a1e4109cd9eeeb9737671d8385c412758a0c1e3ddd0d9

Download Submit
\Windows\system\EZWdRmy.exe

Filesize
6.0MB

MD5
e546aa9e60b27ad81e5df56d705444b5

SHA1
40dc1b0b1ebd3c22150352b9f42460c6e03d5d70

SHA256
0c55668a842fc56caedf6abb81f1b3d7d49332a8d2a735b6fbd72d8622d72d47

SHA512
4f7965f55260366abf51bea5a27135455320aff7ccf6688ea31bbe3c4a20a205b9cf11dbe405626fb99ac6c542f9464acfedf463487d3adbb09567ab8fa61e3b

Download Submit
\Windows\system\OHiqbMj.exe

Filesize
6.0MB

MD5
bb48424ffd9f111af1cf6fef27f547bb

SHA1
04cfff5552917d2053e3e3ee111463d71654e21b

SHA256
d055d40a5f1afdee4ae55604207b3c27e1e05a24e0852f774faaafdfb6aed96a

SHA512
b542f3a837bd4722d142365b283292e4c0e46b3ab90f9c4230d1f57ae6c8f18bdb828ca1d1c2c03a446728652a806081a6882b790e049feeabba936c98ff958e

Download Submit
\Windows\system\TiZdRWS.exe

Filesize
6.0MB

MD5
ff441c85d7dce6d95124337187ea84fb

SHA1
355e3e772e6ddd73142585c2b74403a9b02aef92

SHA256
e90e9e20a4644718498f63bc6c1b59425b2a9eca224b3f48e04fe43f09f39dff

SHA512
e5d16052441249e66136abd96ac61022bc04962093a26a8d921542287003f8f47195d7f9efc6834830201ce3af6c3f714a8947cf85eb5a6b414bfd147aae2904

Download Submit
\Windows\system\cDceKDt.exe

Filesize
6.0MB

MD5
dbaa40b726a440778d298025441f1754

SHA1
72f2b73bbd89ecf9cf623991b24c36693db9ac23

SHA256
f12a329fb9c564f922639622d1da99ce4ad3d400cc3c21a1807ce50ee8dc81e7

SHA512
5186270b81fa0c3e5eadfef14c24effc66b300060bc54caaa9a02dcd03ae7e8724be010e5f70e99369379b28789c4955b966217afa7ddd2042a46439e3aca8ac

Download Submit
\Windows\system\fCUIbOS.exe

Filesize
6.0MB

MD5
7ae652fd303749e503259c7d33338790

SHA1
09149727a8aa50153d9a9046c051ab1b132f810d

SHA256
839536a476aac397609a66242b37d6d8a8de402c5f25e669d2d09d2c0633b561

SHA512
e800d250636c54c8467f83b6f80e777dd6f6c12efd7e2ff406661757dcb7e825d681bd9364a9b47e57a336eb6c79dbc51d4fbc3e8559e54d612725bdf1d7549d

Download Submit
\Windows\system\lGlkBXo.exe

Filesize
6.0MB

MD5
6eae63a0ab27948f21bda631337cf3f9

SHA1
08e5abaf79de8a5e9535ad82dc5c5ffcb9977339

SHA256
e68dc3ee21a5e74c8944d26ab28f48699477eafcb0f5cfd80b2f1bbd95f8051e

SHA512
f81755786a8f9067885db3c7d1c001d70f35052e7f7fcff64c56dfe49b7a25bc1426489c1abdfa334e5e93e41a9ef76a5f9d97cc77762767dd964e400efd0500

Download Submit
\Windows\system\ooAzZZf.exe

Filesize
6.0MB

MD5
2bc41d92176ae5d4ff610f1a3aade33f

SHA1
1dbce517082c664b17840450f59717fc1c73a71a

SHA256
56bdf86437dab3cd5e061e0ba27594b47e1e95f3986a60f5f51e0a18faa9b92e

SHA512
c3a5d9633c1b8479b5e429e4193ceb13ae2ae96ffc676a7703f48ade5cc7d9856a07dd512dc581329dff687ea32177aa6aed4d466ae4b756aefb10bc5ce4cc90

Download Submit
\Windows\system\sYdxVSc.exe

Filesize
6.0MB

MD5
b3e0950b660c1274c011db78d364bcab

SHA1
1a5140b8a012064da93824ef2f88e2a097ceb6c1

SHA256
d1c40bbbda4c4ef883cd38d4024465d8dc8db8ad8c25e24bb13699c8cfbddcc2

SHA512
83a05c048379cd6ed479fc491c9cb09ea0745ea057b7d09877f24b4a66db3e25265007a0055b270b275e8593b56c1ac28e063d28136dee00310d65a872861fa2

Download Submit
memory/692-1365-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/692-104-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/692-658-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1104-15-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1104-842-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1832-1363-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/1832-154-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/1832-86-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2012-251-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-2215-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-1362-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-83-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-38-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-63-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1007-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2240-50-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2240-361-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2240-88-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2240-89-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2240-95-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2240-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2240-79-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2240-16-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2240-4-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2240-101-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2240-109-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2240-64-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2240-55-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2240-20-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2240-36-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2240-34-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2240-31-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2240-0-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2240-59-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2240-44-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2616-1360-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2616-13-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2616-37-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2708-108-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2708-72-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1361-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2760-28-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2760-1357-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2760-60-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2832-1359-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2832-65-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2832-46-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2864-988-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2864-33-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2952-66-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-1030-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-53-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1364-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2980-320-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2980-97-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/3000-1090-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/3000-67-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/3000-61-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download