cobaltstrike | d12e27d492a96088a349c5ef70874a8c079d4b651b69f1654a30758ff82b72b0

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 06:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

36a7f62e7752170bc26f4ca8331dcc23
SHA1

947e3c228dabb5525536670087d5d53f63e2a37d
SHA256

d12e27d492a96088a349c5ef70874a8c079d4b651b69f1654a30758ff82b72b0
SHA512

4420d9c5eb920392fedf9e3a5a75ad392e2b0b32dd8d979850b000b5f409e1156b744fe385278f85c8b3d9ad0e1025198ca8dcfd6f2afa05bf203b7c6f521dfb
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUQ:eOl56utgpPF8u/7Q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012280-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d41-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d59-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d79-16.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d81-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ec4-37.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d67-77.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001610d-59.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d18-109.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-183.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-179.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-169.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-174.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-164.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-149.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ecf-139.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-154.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-144.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df3-134.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-119.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d77-114.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-104.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6b-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d54-93.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f7b-53.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4b-68.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001604c-58.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f25-46.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1968-0-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012280-6.dat	xmrig
behavioral1/files/0x0009000000015d41-8.dat	xmrig
behavioral1/files/0x0008000000015d59-12.dat	xmrig
behavioral1/files/0x0008000000015d79-16.dat	xmrig
behavioral1/files/0x0008000000015d81-32.dat	xmrig
behavioral1/files/0x0007000000015ec4-37.dat	xmrig
behavioral1/memory/2856-41-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d67-77.dat	xmrig
behavioral1/files/0x000800000001610d-59.dat	xmrig
behavioral1/memory/2732-100-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x0009000000015d18-109.dat	xmrig
behavioral1/files/0x0006000000016dea-129.dat	xmrig
behavioral1/memory/2680-703-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/1968-701-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/1968-498-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2912-410-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2856-202-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/files/0x0005000000018739-189.dat	xmrig
behavioral1/files/0x0005000000018704-183.dat	xmrig
behavioral1/files/0x00050000000186f4-179.dat	xmrig
behavioral1/files/0x00050000000186ed-169.dat	xmrig
behavioral1/files/0x00050000000186f1-174.dat	xmrig
behavioral1/files/0x000600000001755b-160.dat	xmrig
behavioral1/files/0x00050000000186e7-164.dat	xmrig
behavioral1/files/0x0006000000017497-149.dat	xmrig
behavioral1/files/0x0006000000016ecf-139.dat	xmrig
behavioral1/files/0x000600000001749c-154.dat	xmrig
behavioral1/files/0x0006000000017049-144.dat	xmrig
behavioral1/files/0x0006000000016df3-134.dat	xmrig
behavioral1/files/0x0006000000016de8-125.dat	xmrig
behavioral1/files/0x0006000000016d9f-119.dat	xmrig
behavioral1/files/0x0006000000016d77-114.dat	xmrig
behavioral1/files/0x0006000000016d6f-104.dat	xmrig
behavioral1/memory/1832-99-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2848-98-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2096-97-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d6b-95.dat	xmrig
behavioral1/files/0x0006000000016d54-93.dat	xmrig
behavioral1/memory/1968-89-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/1968-88-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2680-87-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/1968-86-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2852-85-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/3016-75-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/1968-64-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f7b-53.dat	xmrig
behavioral1/memory/1968-71-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/memory/2668-70-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/1968-69-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d4b-68.dat	xmrig
behavioral1/files/0x000800000001604c-58.dat	xmrig
behavioral1/memory/2912-49-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f25-46.dat	xmrig
behavioral1/memory/2508-36-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2096-28-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2080-26-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/1968-25-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/1652-24-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/1968-23-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/844-22-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2852-3849-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/3016-3850-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2508-3857-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2080	MnXgDmS.exe
844	fYbSmYT.exe
1652	LGuxPMg.exe
2096	wUvWAuJ.exe
2508	fIpScUg.exe
2856	pbZMXPQ.exe
2912	MvdxRrv.exe
2668	vBZGWII.exe
3016	wEAZVWU.exe
2852	Tbkiibu.exe
2680	YLTjgWI.exe
2848	bmkLKII.exe
1832	lNrHGDR.exe
2732	KqzpFBH.exe
1396	wTKjiYR.exe
948	yGQElWA.exe
400	pHdmpze.exe
1540	gHBWsxb.exe
332	THtslfY.exe
1344	USckYdt.exe
2556	eLLjmxb.exe
1412	qMIWROY.exe
2944	gQCngmW.exe
1172	zxuYrPo.exe
1076	VqcJcRK.exe
2536	pGzDwIr.exe
3000	brhBAtI.exe
828	ZHtrxQD.exe
2644	oAoLMAJ.exe
2024	unZJali.exe
1312	eiRxROn.exe
628	eVnPLvN.exe
1296	ZjLJaGl.exe
1856	BndnRkV.exe
2476	qKZlTrB.exe
1896	RSmjKoC.exe
688	QUcTVIA.exe
568	xQbIsaN.exe
1460	IIPQljY.exe
1000	PiPSMrd.exe
1668	tIntjPp.exe
1012	fNYFYOf.exe
2132	DfeQgpc.exe
2380	wOKgYhu.exe
3056	ZwZpGoc.exe
2740	hpLprKy.exe
1980	OHxXjvU.exe
888	scuPnBW.exe
1452	ttGtDiL.exe
1808	JPQEMPy.exe
2076	OWucytb.exe
2100	XOmXGiZ.exe
2592	TbzVcpT.exe
1892	srNnMPW.exe
2788	CqrKczm.exe
2896	toBXCdW.exe
1840	nxjkvlj.exe
2776	rYENlJE.exe
1256	tOLENNx.exe
2196	UvlOaJB.exe
2204	lHjOKJB.exe
2120	HLYZQaz.exe
1568	loWLdDX.exe
772	uvWzpKI.exe

Loads dropped DLL 64 IoCs

pid	Process
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1968-0-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x000b000000012280-6.dat	upx
behavioral1/files/0x0009000000015d41-8.dat	upx
behavioral1/files/0x0008000000015d59-12.dat	upx
behavioral1/files/0x0008000000015d79-16.dat	upx
behavioral1/files/0x0008000000015d81-32.dat	upx
behavioral1/files/0x0007000000015ec4-37.dat	upx
behavioral1/memory/2856-41-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/files/0x0006000000016d67-77.dat	upx
behavioral1/files/0x000800000001610d-59.dat	upx
behavioral1/memory/2732-100-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x0009000000015d18-109.dat	upx
behavioral1/files/0x0006000000016dea-129.dat	upx
behavioral1/memory/2680-703-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2912-410-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2856-202-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/files/0x0005000000018739-189.dat	upx
behavioral1/files/0x0005000000018704-183.dat	upx
behavioral1/files/0x00050000000186f4-179.dat	upx
behavioral1/files/0x00050000000186ed-169.dat	upx
behavioral1/files/0x00050000000186f1-174.dat	upx
behavioral1/files/0x000600000001755b-160.dat	upx
behavioral1/files/0x00050000000186e7-164.dat	upx
behavioral1/files/0x0006000000017497-149.dat	upx
behavioral1/files/0x0006000000016ecf-139.dat	upx
behavioral1/files/0x000600000001749c-154.dat	upx
behavioral1/files/0x0006000000017049-144.dat	upx
behavioral1/files/0x0006000000016df3-134.dat	upx
behavioral1/files/0x0006000000016de8-125.dat	upx
behavioral1/files/0x0006000000016d9f-119.dat	upx
behavioral1/files/0x0006000000016d77-114.dat	upx
behavioral1/files/0x0006000000016d6f-104.dat	upx
behavioral1/memory/1832-99-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2848-98-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2096-97-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/files/0x0006000000016d6b-95.dat	upx
behavioral1/files/0x0006000000016d54-93.dat	upx
behavioral1/memory/2680-87-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2852-85-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/3016-75-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/1968-64-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x0007000000015f7b-53.dat	upx
behavioral1/memory/2668-70-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x0006000000016d4b-68.dat	upx
behavioral1/files/0x000800000001604c-58.dat	upx
behavioral1/memory/2912-49-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/files/0x0007000000015f25-46.dat	upx
behavioral1/memory/2508-36-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2096-28-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2080-26-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/1652-24-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/844-22-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2852-3849-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/3016-3850-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2508-3857-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2080-3858-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/1832-3892-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2856-3893-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2732-3894-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2668-3926-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2096-3925-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/844-3929-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2848-3928-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/1652-3856-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\xsHGQNa.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fZHgCTT.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SXgGmIk.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iFXVfrJ.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aNMjqwp.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EvtnGCC.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MLkUMCk.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kvYOdMY.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FhKbDvp.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSeAqCn.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cyoZnCb.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IJWoazv.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BWEGNzk.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xrTLxie.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NaOAvFd.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\klAlVBS.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JhhIrPp.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GWrlGSr.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JcsyNkF.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uUVXJxZ.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\foubUuP.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwrCXUe.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qlnejpy.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iAgleLp.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OiASLvz.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kMUZIpM.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xgrTSDo.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LLgiLmn.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TqIoBSo.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIKcsPa.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mVzsmaw.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHbYaMp.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\unZJali.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TaZempJ.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eHNVvLi.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TjWKQJf.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QKBdAqo.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gQCngmW.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dvHNePJ.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Vecgohy.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BwwUhHB.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YaBKNIM.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\onOccrU.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PLaiiOG.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KbarELK.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\paeFjpS.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ttCrbBA.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZmSDSa.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vqFaUNx.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sygECbZ.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gelQcEH.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPXUkiw.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxMFlXc.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lqTLzVt.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uJIbAVw.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VqTgdSy.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LBPDJbE.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bmkLKII.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tUGjJsP.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YmRuIoc.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eHmXAjA.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wlVEjJT.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ecdPtnE.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZBarDQE.exe	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2080	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1968 wrote to memory of 2080	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1968 wrote to memory of 2080	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1968 wrote to memory of 844	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1968 wrote to memory of 844	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1968 wrote to memory of 844	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1968 wrote to memory of 1652	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1968 wrote to memory of 1652	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1968 wrote to memory of 1652	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1968 wrote to memory of 2096	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1968 wrote to memory of 2096	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1968 wrote to memory of 2096	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1968 wrote to memory of 2508	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1968 wrote to memory of 2508	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1968 wrote to memory of 2508	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1968 wrote to memory of 2856	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1968 wrote to memory of 2856	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1968 wrote to memory of 2856	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1968 wrote to memory of 2912	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1968 wrote to memory of 2912	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1968 wrote to memory of 2912	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1968 wrote to memory of 2668	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1968 wrote to memory of 2668	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1968 wrote to memory of 2668	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1968 wrote to memory of 3016	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1968 wrote to memory of 3016	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1968 wrote to memory of 3016	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1968 wrote to memory of 2848	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1968 wrote to memory of 2848	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1968 wrote to memory of 2848	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1968 wrote to memory of 2852	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1968 wrote to memory of 2852	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1968 wrote to memory of 2852	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1968 wrote to memory of 1832	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1968 wrote to memory of 1832	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1968 wrote to memory of 1832	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1968 wrote to memory of 2680	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1968 wrote to memory of 2680	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1968 wrote to memory of 2680	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1968 wrote to memory of 2732	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1968 wrote to memory of 2732	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1968 wrote to memory of 2732	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1968 wrote to memory of 1396	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1968 wrote to memory of 1396	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1968 wrote to memory of 1396	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1968 wrote to memory of 948	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1968 wrote to memory of 948	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1968 wrote to memory of 948	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1968 wrote to memory of 400	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1968 wrote to memory of 400	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1968 wrote to memory of 400	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1968 wrote to memory of 1540	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1968 wrote to memory of 1540	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1968 wrote to memory of 1540	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1968 wrote to memory of 332	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1968 wrote to memory of 332	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1968 wrote to memory of 332	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1968 wrote to memory of 1344	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1968 wrote to memory of 1344	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1968 wrote to memory of 1344	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1968 wrote to memory of 2556	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1968 wrote to memory of 2556	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1968 wrote to memory of 2556	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1968 wrote to memory of 1412	1968	2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-22_36a7f62e7752170bc26f4ca8331dcc23_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\System\MnXgDmS.exe
  C:\Windows\System\MnXgDmS.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\fYbSmYT.exe
  C:\Windows\System\fYbSmYT.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\LGuxPMg.exe
  C:\Windows\System\LGuxPMg.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\wUvWAuJ.exe
  C:\Windows\System\wUvWAuJ.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\fIpScUg.exe
  C:\Windows\System\fIpScUg.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\pbZMXPQ.exe
  C:\Windows\System\pbZMXPQ.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\MvdxRrv.exe
  C:\Windows\System\MvdxRrv.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\vBZGWII.exe
  C:\Windows\System\vBZGWII.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\wEAZVWU.exe
  C:\Windows\System\wEAZVWU.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\bmkLKII.exe
  C:\Windows\System\bmkLKII.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\Tbkiibu.exe
  C:\Windows\System\Tbkiibu.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\lNrHGDR.exe
  C:\Windows\System\lNrHGDR.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\YLTjgWI.exe
  C:\Windows\System\YLTjgWI.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\KqzpFBH.exe
  C:\Windows\System\KqzpFBH.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\wTKjiYR.exe
  C:\Windows\System\wTKjiYR.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\yGQElWA.exe
  C:\Windows\System\yGQElWA.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\pHdmpze.exe
  C:\Windows\System\pHdmpze.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\gHBWsxb.exe
  C:\Windows\System\gHBWsxb.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\THtslfY.exe
  C:\Windows\System\THtslfY.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\USckYdt.exe
  C:\Windows\System\USckYdt.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\eLLjmxb.exe
  C:\Windows\System\eLLjmxb.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\qMIWROY.exe
  C:\Windows\System\qMIWROY.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\gQCngmW.exe
  C:\Windows\System\gQCngmW.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\zxuYrPo.exe
  C:\Windows\System\zxuYrPo.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\VqcJcRK.exe
  C:\Windows\System\VqcJcRK.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\pGzDwIr.exe
  C:\Windows\System\pGzDwIr.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\brhBAtI.exe
  C:\Windows\System\brhBAtI.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\ZHtrxQD.exe
  C:\Windows\System\ZHtrxQD.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\oAoLMAJ.exe
  C:\Windows\System\oAoLMAJ.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\unZJali.exe
  C:\Windows\System\unZJali.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\eiRxROn.exe
  C:\Windows\System\eiRxROn.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\eVnPLvN.exe
  C:\Windows\System\eVnPLvN.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\ZjLJaGl.exe
  C:\Windows\System\ZjLJaGl.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\BndnRkV.exe
  C:\Windows\System\BndnRkV.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\qKZlTrB.exe
  C:\Windows\System\qKZlTrB.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\RSmjKoC.exe
  C:\Windows\System\RSmjKoC.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\QUcTVIA.exe
  C:\Windows\System\QUcTVIA.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\xQbIsaN.exe
  C:\Windows\System\xQbIsaN.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\IIPQljY.exe
  C:\Windows\System\IIPQljY.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\PiPSMrd.exe
  C:\Windows\System\PiPSMrd.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\tIntjPp.exe
  C:\Windows\System\tIntjPp.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\fNYFYOf.exe
  C:\Windows\System\fNYFYOf.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\DfeQgpc.exe
  C:\Windows\System\DfeQgpc.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\wOKgYhu.exe
  C:\Windows\System\wOKgYhu.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\ZwZpGoc.exe
  C:\Windows\System\ZwZpGoc.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\hpLprKy.exe
  C:\Windows\System\hpLprKy.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\OHxXjvU.exe
  C:\Windows\System\OHxXjvU.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\scuPnBW.exe
  C:\Windows\System\scuPnBW.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\ttGtDiL.exe
  C:\Windows\System\ttGtDiL.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\JPQEMPy.exe
  C:\Windows\System\JPQEMPy.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\OWucytb.exe
  C:\Windows\System\OWucytb.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\XOmXGiZ.exe
  C:\Windows\System\XOmXGiZ.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\TbzVcpT.exe
  C:\Windows\System\TbzVcpT.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\srNnMPW.exe
  C:\Windows\System\srNnMPW.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\CqrKczm.exe
  C:\Windows\System\CqrKczm.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\toBXCdW.exe
  C:\Windows\System\toBXCdW.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\nxjkvlj.exe
  C:\Windows\System\nxjkvlj.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\rYENlJE.exe
  C:\Windows\System\rYENlJE.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\tOLENNx.exe
  C:\Windows\System\tOLENNx.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\UvlOaJB.exe
  C:\Windows\System\UvlOaJB.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\lHjOKJB.exe
  C:\Windows\System\lHjOKJB.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\HLYZQaz.exe
  C:\Windows\System\HLYZQaz.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\loWLdDX.exe
  C:\Windows\System\loWLdDX.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\uvWzpKI.exe
  C:\Windows\System\uvWzpKI.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\oUfzpAM.exe
  C:\Windows\System\oUfzpAM.exe
  2⤵
  PID:1804
- C:\Windows\System\SLDmmim.exe
  C:\Windows\System\SLDmmim.exe
  2⤵
  PID:2084
- C:\Windows\System\kvYOdMY.exe
  C:\Windows\System\kvYOdMY.exe
  2⤵
  PID:2052
- C:\Windows\System\aUWvDwE.exe
  C:\Windows\System\aUWvDwE.exe
  2⤵
  PID:1192
- C:\Windows\System\xsHGQNa.exe
  C:\Windows\System\xsHGQNa.exe
  2⤵
  PID:1476
- C:\Windows\System\NivAkTK.exe
  C:\Windows\System\NivAkTK.exe
  2⤵
  PID:3044
- C:\Windows\System\TFuCLgI.exe
  C:\Windows\System\TFuCLgI.exe
  2⤵
  PID:676
- C:\Windows\System\gKqgzvO.exe
  C:\Windows\System\gKqgzvO.exe
  2⤵
  PID:1788
- C:\Windows\System\VbbTNuw.exe
  C:\Windows\System\VbbTNuw.exe
  2⤵
  PID:848
- C:\Windows\System\cyRxOAg.exe
  C:\Windows\System\cyRxOAg.exe
  2⤵
  PID:1456
- C:\Windows\System\pncqjXs.exe
  C:\Windows\System\pncqjXs.exe
  2⤵
  PID:1400
- C:\Windows\System\DIhcWPK.exe
  C:\Windows\System\DIhcWPK.exe
  2⤵
  PID:768
- C:\Windows\System\qCqlipb.exe
  C:\Windows\System\qCqlipb.exe
  2⤵
  PID:2400
- C:\Windows\System\fWaSjmm.exe
  C:\Windows\System\fWaSjmm.exe
  2⤵
  PID:1628
- C:\Windows\System\qFXFIhz.exe
  C:\Windows\System\qFXFIhz.exe
  2⤵
  PID:3012
- C:\Windows\System\ulRjPDN.exe
  C:\Windows\System\ulRjPDN.exe
  2⤵
  PID:1640
- C:\Windows\System\PanFLkd.exe
  C:\Windows\System\PanFLkd.exe
  2⤵
  PID:2124
- C:\Windows\System\UIJgvdt.exe
  C:\Windows\System\UIJgvdt.exe
  2⤵
  PID:880
- C:\Windows\System\WNucAUu.exe
  C:\Windows\System\WNucAUu.exe
  2⤵
  PID:2364
- C:\Windows\System\OOgspLb.exe
  C:\Windows\System\OOgspLb.exe
  2⤵
  PID:2384
- C:\Windows\System\AJJoxoL.exe
  C:\Windows\System\AJJoxoL.exe
  2⤵
  PID:2768
- C:\Windows\System\FxpXeMm.exe
  C:\Windows\System\FxpXeMm.exe
  2⤵
  PID:800
- C:\Windows\System\VaiXAXW.exe
  C:\Windows\System\VaiXAXW.exe
  2⤵
  PID:2656
- C:\Windows\System\DUMEvVW.exe
  C:\Windows\System\DUMEvVW.exe
  2⤵
  PID:1752
- C:\Windows\System\ZIeNZtb.exe
  C:\Windows\System\ZIeNZtb.exe
  2⤵
  PID:1512
- C:\Windows\System\oKfbroz.exe
  C:\Windows\System\oKfbroz.exe
  2⤵
  PID:2632
- C:\Windows\System\TvDYJwV.exe
  C:\Windows\System\TvDYJwV.exe
  2⤵
  PID:2984
- C:\Windows\System\OhOufpK.exe
  C:\Windows\System\OhOufpK.exe
  2⤵
  PID:2004
- C:\Windows\System\nqgzNmi.exe
  C:\Windows\System\nqgzNmi.exe
  2⤵
  PID:3080
- C:\Windows\System\VeEJFoz.exe
  C:\Windows\System\VeEJFoz.exe
  2⤵
  PID:3100
- C:\Windows\System\BmJFIZK.exe
  C:\Windows\System\BmJFIZK.exe
  2⤵
  PID:3120
- C:\Windows\System\JlcLDuB.exe
  C:\Windows\System\JlcLDuB.exe
  2⤵
  PID:3140
- C:\Windows\System\YqxcrMC.exe
  C:\Windows\System\YqxcrMC.exe
  2⤵
  PID:3160
- C:\Windows\System\zAEJVxd.exe
  C:\Windows\System\zAEJVxd.exe
  2⤵
  PID:3180
- C:\Windows\System\xZzUuPC.exe
  C:\Windows\System\xZzUuPC.exe
  2⤵
  PID:3196
- C:\Windows\System\hQXfAFm.exe
  C:\Windows\System\hQXfAFm.exe
  2⤵
  PID:3220
- C:\Windows\System\bRseMeh.exe
  C:\Windows\System\bRseMeh.exe
  2⤵
  PID:3236
- C:\Windows\System\vJwAcke.exe
  C:\Windows\System\vJwAcke.exe
  2⤵
  PID:3256
- C:\Windows\System\CWMPoRI.exe
  C:\Windows\System\CWMPoRI.exe
  2⤵
  PID:3272
- C:\Windows\System\ihrxJer.exe
  C:\Windows\System\ihrxJer.exe
  2⤵
  PID:3292
- C:\Windows\System\mHKZTov.exe
  C:\Windows\System\mHKZTov.exe
  2⤵
  PID:3312
- C:\Windows\System\qaHeOQt.exe
  C:\Windows\System\qaHeOQt.exe
  2⤵
  PID:3332
- C:\Windows\System\OQoTTOB.exe
  C:\Windows\System\OQoTTOB.exe
  2⤵
  PID:3356
- C:\Windows\System\iJwvCWd.exe
  C:\Windows\System\iJwvCWd.exe
  2⤵
  PID:3384
- C:\Windows\System\vOPhBML.exe
  C:\Windows\System\vOPhBML.exe
  2⤵
  PID:3404
- C:\Windows\System\eIMJKPr.exe
  C:\Windows\System\eIMJKPr.exe
  2⤵
  PID:3424
- C:\Windows\System\lLRdwGJ.exe
  C:\Windows\System\lLRdwGJ.exe
  2⤵
  PID:3444
- C:\Windows\System\FDcimnK.exe
  C:\Windows\System\FDcimnK.exe
  2⤵
  PID:3460
- C:\Windows\System\FejAAVN.exe
  C:\Windows\System\FejAAVN.exe
  2⤵
  PID:3484
- C:\Windows\System\IXYbvAx.exe
  C:\Windows\System\IXYbvAx.exe
  2⤵
  PID:3504
- C:\Windows\System\UWHKiWJ.exe
  C:\Windows\System\UWHKiWJ.exe
  2⤵
  PID:3524
- C:\Windows\System\vAEvaDr.exe
  C:\Windows\System\vAEvaDr.exe
  2⤵
  PID:3540
- C:\Windows\System\BiTVZhL.exe
  C:\Windows\System\BiTVZhL.exe
  2⤵
  PID:3556
- C:\Windows\System\YWQAZgE.exe
  C:\Windows\System\YWQAZgE.exe
  2⤵
  PID:3576
- C:\Windows\System\TnDMMpn.exe
  C:\Windows\System\TnDMMpn.exe
  2⤵
  PID:3596
- C:\Windows\System\lGewuHs.exe
  C:\Windows\System\lGewuHs.exe
  2⤵
  PID:3616
- C:\Windows\System\LPhyBNe.exe
  C:\Windows\System\LPhyBNe.exe
  2⤵
  PID:3644
- C:\Windows\System\bVUsufv.exe
  C:\Windows\System\bVUsufv.exe
  2⤵
  PID:3664
- C:\Windows\System\pHmCAGR.exe
  C:\Windows\System\pHmCAGR.exe
  2⤵
  PID:3684
- C:\Windows\System\hBqYVyp.exe
  C:\Windows\System\hBqYVyp.exe
  2⤵
  PID:3704
- C:\Windows\System\bImvoHQ.exe
  C:\Windows\System\bImvoHQ.exe
  2⤵
  PID:3720
- C:\Windows\System\jlMIJnJ.exe
  C:\Windows\System\jlMIJnJ.exe
  2⤵
  PID:3744
- C:\Windows\System\TaZempJ.exe
  C:\Windows\System\TaZempJ.exe
  2⤵
  PID:3760
- C:\Windows\System\WoUbCXW.exe
  C:\Windows\System\WoUbCXW.exe
  2⤵
  PID:3784
- C:\Windows\System\EppaQsN.exe
  C:\Windows\System\EppaQsN.exe
  2⤵
  PID:3804
- C:\Windows\System\gHRUGHC.exe
  C:\Windows\System\gHRUGHC.exe
  2⤵
  PID:3820
- C:\Windows\System\HZZSsze.exe
  C:\Windows\System\HZZSsze.exe
  2⤵
  PID:3844
- C:\Windows\System\gsukoHf.exe
  C:\Windows\System\gsukoHf.exe
  2⤵
  PID:3864
- C:\Windows\System\ZfgZhxS.exe
  C:\Windows\System\ZfgZhxS.exe
  2⤵
  PID:3884
- C:\Windows\System\itiAjHT.exe
  C:\Windows\System\itiAjHT.exe
  2⤵
  PID:3904
- C:\Windows\System\KvbAbet.exe
  C:\Windows\System\KvbAbet.exe
  2⤵
  PID:3924
- C:\Windows\System\OAmVQyN.exe
  C:\Windows\System\OAmVQyN.exe
  2⤵
  PID:3948
- C:\Windows\System\mKbhmwr.exe
  C:\Windows\System\mKbhmwr.exe
  2⤵
  PID:3964
- C:\Windows\System\klKtVLF.exe
  C:\Windows\System\klKtVLF.exe
  2⤵
  PID:3988
- C:\Windows\System\ZRakEWu.exe
  C:\Windows\System\ZRakEWu.exe
  2⤵
  PID:4008
- C:\Windows\System\hHvREqq.exe
  C:\Windows\System\hHvREqq.exe
  2⤵
  PID:4028
- C:\Windows\System\vDEtpMG.exe
  C:\Windows\System\vDEtpMG.exe
  2⤵
  PID:4044
- C:\Windows\System\fhXNzfk.exe
  C:\Windows\System\fhXNzfk.exe
  2⤵
  PID:4064
- C:\Windows\System\jPmMcrp.exe
  C:\Windows\System\jPmMcrp.exe
  2⤵
  PID:4084
- C:\Windows\System\YZhlRbb.exe
  C:\Windows\System\YZhlRbb.exe
  2⤵
  PID:448
- C:\Windows\System\KZmSDSa.exe
  C:\Windows\System\KZmSDSa.exe
  2⤵
  PID:1908
- C:\Windows\System\aqcMGmU.exe
  C:\Windows\System\aqcMGmU.exe
  2⤵
  PID:2252
- C:\Windows\System\kbaPLgR.exe
  C:\Windows\System\kbaPLgR.exe
  2⤵
  PID:708
- C:\Windows\System\YpUYxCo.exe
  C:\Windows\System\YpUYxCo.exe
  2⤵
  PID:2304
- C:\Windows\System\rNOzouJ.exe
  C:\Windows\System\rNOzouJ.exe
  2⤵
  PID:2432
- C:\Windows\System\HKKUNDk.exe
  C:\Windows\System\HKKUNDk.exe
  2⤵
  PID:2308
- C:\Windows\System\TXXSNFx.exe
  C:\Windows\System\TXXSNFx.exe
  2⤵
  PID:1680
- C:\Windows\System\OptSnXY.exe
  C:\Windows\System\OptSnXY.exe
  2⤵
  PID:1532
- C:\Windows\System\piFWMeY.exe
  C:\Windows\System\piFWMeY.exe
  2⤵
  PID:1636
- C:\Windows\System\RoJqqnI.exe
  C:\Windows\System\RoJqqnI.exe
  2⤵
  PID:2904
- C:\Windows\System\tgLNKsU.exe
  C:\Windows\System\tgLNKsU.exe
  2⤵
  PID:2664
- C:\Windows\System\zLkSLOo.exe
  C:\Windows\System\zLkSLOo.exe
  2⤵
  PID:1408
- C:\Windows\System\MdDVzMB.exe
  C:\Windows\System\MdDVzMB.exe
  2⤵
  PID:1660
- C:\Windows\System\tEwmjKD.exe
  C:\Windows\System\tEwmjKD.exe
  2⤵
  PID:3088
- C:\Windows\System\NWGZMes.exe
  C:\Windows\System\NWGZMes.exe
  2⤵
  PID:2012
- C:\Windows\System\WWTSTYF.exe
  C:\Windows\System\WWTSTYF.exe
  2⤵
  PID:3116
- C:\Windows\System\iNxDtWP.exe
  C:\Windows\System\iNxDtWP.exe
  2⤵
  PID:3176
- C:\Windows\System\MMqkhul.exe
  C:\Windows\System\MMqkhul.exe
  2⤵
  PID:3216
- C:\Windows\System\rTHwkKA.exe
  C:\Windows\System\rTHwkKA.exe
  2⤵
  PID:3252
- C:\Windows\System\BJiMwWc.exe
  C:\Windows\System\BJiMwWc.exe
  2⤵
  PID:3288
- C:\Windows\System\wRjAbIj.exe
  C:\Windows\System\wRjAbIj.exe
  2⤵
  PID:3268
- C:\Windows\System\uxukGUH.exe
  C:\Windows\System\uxukGUH.exe
  2⤵
  PID:3364
- C:\Windows\System\VQHTREi.exe
  C:\Windows\System\VQHTREi.exe
  2⤵
  PID:3348
- C:\Windows\System\gvDPuVn.exe
  C:\Windows\System\gvDPuVn.exe
  2⤵
  PID:3400
- C:\Windows\System\ISrWWOv.exe
  C:\Windows\System\ISrWWOv.exe
  2⤵
  PID:3452
- C:\Windows\System\rqBJnFx.exe
  C:\Windows\System\rqBJnFx.exe
  2⤵
  PID:3468
- C:\Windows\System\fvgJaHu.exe
  C:\Windows\System\fvgJaHu.exe
  2⤵
  PID:3480
- C:\Windows\System\YIDvhuv.exe
  C:\Windows\System\YIDvhuv.exe
  2⤵
  PID:3520
- C:\Windows\System\iuJfTKj.exe
  C:\Windows\System\iuJfTKj.exe
  2⤵
  PID:3564
- C:\Windows\System\jEduveO.exe
  C:\Windows\System\jEduveO.exe
  2⤵
  PID:3588
- C:\Windows\System\lLSEvEW.exe
  C:\Windows\System\lLSEvEW.exe
  2⤵
  PID:3552
- C:\Windows\System\okqnqCb.exe
  C:\Windows\System\okqnqCb.exe
  2⤵
  PID:3660
- C:\Windows\System\eHNVvLi.exe
  C:\Windows\System\eHNVvLi.exe
  2⤵
  PID:3700
- C:\Windows\System\GhGEKsA.exe
  C:\Windows\System\GhGEKsA.exe
  2⤵
  PID:3740
- C:\Windows\System\hYiLtGJ.exe
  C:\Windows\System\hYiLtGJ.exe
  2⤵
  PID:3768
- C:\Windows\System\HBbPllE.exe
  C:\Windows\System\HBbPllE.exe
  2⤵
  PID:3796
- C:\Windows\System\WbyLldD.exe
  C:\Windows\System\WbyLldD.exe
  2⤵
  PID:3860
- C:\Windows\System\VIMuXGu.exe
  C:\Windows\System\VIMuXGu.exe
  2⤵
  PID:3900
- C:\Windows\System\hkJSffv.exe
  C:\Windows\System\hkJSffv.exe
  2⤵
  PID:3912
- C:\Windows\System\nhjQeUb.exe
  C:\Windows\System\nhjQeUb.exe
  2⤵
  PID:3972
- C:\Windows\System\votZdrZ.exe
  C:\Windows\System\votZdrZ.exe
  2⤵
  PID:3976
- C:\Windows\System\WIMCMYf.exe
  C:\Windows\System\WIMCMYf.exe
  2⤵
  PID:4004
- C:\Windows\System\IVESkjj.exe
  C:\Windows\System\IVESkjj.exe
  2⤵
  PID:4056
- C:\Windows\System\jfgeCdM.exe
  C:\Windows\System\jfgeCdM.exe
  2⤵
  PID:2988
- C:\Windows\System\vypqhhv.exe
  C:\Windows\System\vypqhhv.exe
  2⤵
  PID:976
- C:\Windows\System\DnVnrBH.exe
  C:\Windows\System\DnVnrBH.exe
  2⤵
  PID:1996
- C:\Windows\System\ooobKYj.exe
  C:\Windows\System\ooobKYj.exe
  2⤵
  PID:3048
- C:\Windows\System\xuNosnB.exe
  C:\Windows\System\xuNosnB.exe
  2⤵
  PID:2636
- C:\Windows\System\dyPZqGA.exe
  C:\Windows\System\dyPZqGA.exe
  2⤵
  PID:1536
- C:\Windows\System\EhutqgW.exe
  C:\Windows\System\EhutqgW.exe
  2⤵
  PID:2812
- C:\Windows\System\LxBsePh.exe
  C:\Windows\System\LxBsePh.exe
  2⤵
  PID:1920
- C:\Windows\System\SLbBXrg.exe
  C:\Windows\System\SLbBXrg.exe
  2⤵
  PID:3076
- C:\Windows\System\nPoaGlC.exe
  C:\Windows\System\nPoaGlC.exe
  2⤵
  PID:3156
- C:\Windows\System\bzSZICD.exe
  C:\Windows\System\bzSZICD.exe
  2⤵
  PID:1960
- C:\Windows\System\JBOaJiC.exe
  C:\Windows\System\JBOaJiC.exe
  2⤵
  PID:3108
- C:\Windows\System\zcKUZwV.exe
  C:\Windows\System\zcKUZwV.exe
  2⤵
  PID:3096
- C:\Windows\System\zIVsKfd.exe
  C:\Windows\System\zIVsKfd.exe
  2⤵
  PID:3284
- C:\Windows\System\OJajsWv.exe
  C:\Windows\System\OJajsWv.exe
  2⤵
  PID:3300
- C:\Windows\System\klAlVBS.exe
  C:\Windows\System\klAlVBS.exe
  2⤵
  PID:3392
- C:\Windows\System\fRzEFWa.exe
  C:\Windows\System\fRzEFWa.exe
  2⤵
  PID:3496
- C:\Windows\System\FSZForX.exe
  C:\Windows\System\FSZForX.exe
  2⤵
  PID:3772
- C:\Windows\System\IYOERTi.exe
  C:\Windows\System\IYOERTi.exe
  2⤵
  PID:3792
- C:\Windows\System\FhKbDvp.exe
  C:\Windows\System\FhKbDvp.exe
  2⤵
  PID:3692
- C:\Windows\System\UOcOWve.exe
  C:\Windows\System\UOcOWve.exe
  2⤵
  PID:3628
- C:\Windows\System\dsvytGj.exe
  C:\Windows\System\dsvytGj.exe
  2⤵
  PID:3584
- C:\Windows\System\zbuHeFQ.exe
  C:\Windows\System\zbuHeFQ.exe
  2⤵
  PID:3940
- C:\Windows\System\LYoRnAh.exe
  C:\Windows\System\LYoRnAh.exe
  2⤵
  PID:4020
- C:\Windows\System\ypmMavl.exe
  C:\Windows\System\ypmMavl.exe
  2⤵
  PID:3960
- C:\Windows\System\VGSpqUA.exe
  C:\Windows\System\VGSpqUA.exe
  2⤵
  PID:4092
- C:\Windows\System\LGwGrsd.exe
  C:\Windows\System\LGwGrsd.exe
  2⤵
  PID:1972
- C:\Windows\System\twFyJkv.exe
  C:\Windows\System\twFyJkv.exe
  2⤵
  PID:3052
- C:\Windows\System\bTVPrUQ.exe
  C:\Windows\System\bTVPrUQ.exe
  2⤵
  PID:2596
- C:\Windows\System\hPOXJlw.exe
  C:\Windows\System\hPOXJlw.exe
  2⤵
  PID:2816
- C:\Windows\System\kzGvWmv.exe
  C:\Windows\System\kzGvWmv.exe
  2⤵
  PID:3204
- C:\Windows\System\IjbVUGo.exe
  C:\Windows\System\IjbVUGo.exe
  2⤵
  PID:1236
- C:\Windows\System\AlTrVit.exe
  C:\Windows\System\AlTrVit.exe
  2⤵
  PID:3324
- C:\Windows\System\vqFaUNx.exe
  C:\Windows\System\vqFaUNx.exe
  2⤵
  PID:2192
- C:\Windows\System\JKuTKEq.exe
  C:\Windows\System\JKuTKEq.exe
  2⤵
  PID:4112
- C:\Windows\System\pWotTUh.exe
  C:\Windows\System\pWotTUh.exe
  2⤵
  PID:4128
- C:\Windows\System\uRWPfma.exe
  C:\Windows\System\uRWPfma.exe
  2⤵
  PID:4152
- C:\Windows\System\xYCDaXS.exe
  C:\Windows\System\xYCDaXS.exe
  2⤵
  PID:4172
- C:\Windows\System\fQjPtba.exe
  C:\Windows\System\fQjPtba.exe
  2⤵
  PID:4196
- C:\Windows\System\XNHIixM.exe
  C:\Windows\System\XNHIixM.exe
  2⤵
  PID:4212
- C:\Windows\System\JCCOqqp.exe
  C:\Windows\System\JCCOqqp.exe
  2⤵
  PID:4236
- C:\Windows\System\cOFkqCb.exe
  C:\Windows\System\cOFkqCb.exe
  2⤵
  PID:4252
- C:\Windows\System\BaQaClD.exe
  C:\Windows\System\BaQaClD.exe
  2⤵
  PID:4276
- C:\Windows\System\smycMJY.exe
  C:\Windows\System\smycMJY.exe
  2⤵
  PID:4292
- C:\Windows\System\PmKwXDI.exe
  C:\Windows\System\PmKwXDI.exe
  2⤵
  PID:4308
- C:\Windows\System\NQNvXbn.exe
  C:\Windows\System\NQNvXbn.exe
  2⤵
  PID:4332
- C:\Windows\System\KqPXJqh.exe
  C:\Windows\System\KqPXJqh.exe
  2⤵
  PID:4356
- C:\Windows\System\KnPVCAQ.exe
  C:\Windows\System\KnPVCAQ.exe
  2⤵
  PID:4372
- C:\Windows\System\mDrcDPj.exe
  C:\Windows\System\mDrcDPj.exe
  2⤵
  PID:4396
- C:\Windows\System\ETlvqFg.exe
  C:\Windows\System\ETlvqFg.exe
  2⤵
  PID:4416
- C:\Windows\System\TzwHWeF.exe
  C:\Windows\System\TzwHWeF.exe
  2⤵
  PID:4440
- C:\Windows\System\caAscSW.exe
  C:\Windows\System\caAscSW.exe
  2⤵
  PID:4460
- C:\Windows\System\VWaTCIg.exe
  C:\Windows\System\VWaTCIg.exe
  2⤵
  PID:4480
- C:\Windows\System\yEUmNBm.exe
  C:\Windows\System\yEUmNBm.exe
  2⤵
  PID:4496
- C:\Windows\System\BwwUhHB.exe
  C:\Windows\System\BwwUhHB.exe
  2⤵
  PID:4516
- C:\Windows\System\bTNeFGh.exe
  C:\Windows\System\bTNeFGh.exe
  2⤵
  PID:4536
- C:\Windows\System\XzDYttE.exe
  C:\Windows\System\XzDYttE.exe
  2⤵
  PID:4560
- C:\Windows\System\dxrIKtI.exe
  C:\Windows\System\dxrIKtI.exe
  2⤵
  PID:4580
- C:\Windows\System\TDlQIiy.exe
  C:\Windows\System\TDlQIiy.exe
  2⤵
  PID:4600
- C:\Windows\System\nJvozAr.exe
  C:\Windows\System\nJvozAr.exe
  2⤵
  PID:4620
- C:\Windows\System\zjbTChb.exe
  C:\Windows\System\zjbTChb.exe
  2⤵
  PID:4636
- C:\Windows\System\wOmMvHW.exe
  C:\Windows\System\wOmMvHW.exe
  2⤵
  PID:4660
- C:\Windows\System\WonTtpM.exe
  C:\Windows\System\WonTtpM.exe
  2⤵
  PID:4680
- C:\Windows\System\RFGtfsZ.exe
  C:\Windows\System\RFGtfsZ.exe
  2⤵
  PID:4700
- C:\Windows\System\EogQZFH.exe
  C:\Windows\System\EogQZFH.exe
  2⤵
  PID:4716
- C:\Windows\System\RJGpHmD.exe
  C:\Windows\System\RJGpHmD.exe
  2⤵
  PID:4736
- C:\Windows\System\LBnioQv.exe
  C:\Windows\System\LBnioQv.exe
  2⤵
  PID:4756
- C:\Windows\System\ONFITub.exe
  C:\Windows\System\ONFITub.exe
  2⤵
  PID:4776
- C:\Windows\System\GtmpGPF.exe
  C:\Windows\System\GtmpGPF.exe
  2⤵
  PID:4792
- C:\Windows\System\KWixuJk.exe
  C:\Windows\System\KWixuJk.exe
  2⤵
  PID:4812
- C:\Windows\System\WJTBuAg.exe
  C:\Windows\System\WJTBuAg.exe
  2⤵
  PID:4832
- C:\Windows\System\yPxgVht.exe
  C:\Windows\System\yPxgVht.exe
  2⤵
  PID:4852
- C:\Windows\System\IuSXwmN.exe
  C:\Windows\System\IuSXwmN.exe
  2⤵
  PID:4868
- C:\Windows\System\PBMyngg.exe
  C:\Windows\System\PBMyngg.exe
  2⤵
  PID:4896
- C:\Windows\System\ZdMKvai.exe
  C:\Windows\System\ZdMKvai.exe
  2⤵
  PID:4920
- C:\Windows\System\ozSARMV.exe
  C:\Windows\System\ozSARMV.exe
  2⤵
  PID:4936
- C:\Windows\System\RCQDWmH.exe
  C:\Windows\System\RCQDWmH.exe
  2⤵
  PID:4960
- C:\Windows\System\dqLgsUm.exe
  C:\Windows\System\dqLgsUm.exe
  2⤵
  PID:4980
- C:\Windows\System\eiAxsBf.exe
  C:\Windows\System\eiAxsBf.exe
  2⤵
  PID:4996
- C:\Windows\System\oeFNbEL.exe
  C:\Windows\System\oeFNbEL.exe
  2⤵
  PID:5020
- C:\Windows\System\CssPbUk.exe
  C:\Windows\System\CssPbUk.exe
  2⤵
  PID:5040
- C:\Windows\System\yeNjSVA.exe
  C:\Windows\System\yeNjSVA.exe
  2⤵
  PID:5060
- C:\Windows\System\FftExka.exe
  C:\Windows\System\FftExka.exe
  2⤵
  PID:5080
- C:\Windows\System\rSGffVc.exe
  C:\Windows\System\rSGffVc.exe
  2⤵
  PID:5100
- C:\Windows\System\mdOFYnS.exe
  C:\Windows\System\mdOFYnS.exe
  2⤵
  PID:3244
- C:\Windows\System\LexIaUf.exe
  C:\Windows\System\LexIaUf.exe
  2⤵
  PID:3572
- C:\Windows\System\NJckBJF.exe
  C:\Windows\System\NJckBJF.exe
  2⤵
  PID:3152
- C:\Windows\System\cOLxeAW.exe
  C:\Windows\System\cOLxeAW.exe
  2⤵
  PID:3652
- C:\Windows\System\sfoaSuN.exe
  C:\Windows\System\sfoaSuN.exe
  2⤵
  PID:3716
- C:\Windows\System\lRBCxpU.exe
  C:\Windows\System\lRBCxpU.exe
  2⤵
  PID:3640
- C:\Windows\System\muUNzTt.exe
  C:\Windows\System\muUNzTt.exe
  2⤵
  PID:3536
- C:\Windows\System\TUETvhU.exe
  C:\Windows\System\TUETvhU.exe
  2⤵
  PID:3852
- C:\Windows\System\WLkzndl.exe
  C:\Windows\System\WLkzndl.exe
  2⤵
  PID:4060
- C:\Windows\System\qQLssVr.exe
  C:\Windows\System\qQLssVr.exe
  2⤵
  PID:4052
- C:\Windows\System\ewDrpdy.exe
  C:\Windows\System\ewDrpdy.exe
  2⤵
  PID:744
- C:\Windows\System\uUVXJxZ.exe
  C:\Windows\System\uUVXJxZ.exe
  2⤵
  PID:1900
- C:\Windows\System\ayLwtre.exe
  C:\Windows\System\ayLwtre.exe
  2⤵
  PID:4108
- C:\Windows\System\tEaKOuC.exe
  C:\Windows\System\tEaKOuC.exe
  2⤵
  PID:2572
- C:\Windows\System\xsgNwhw.exe
  C:\Windows\System\xsgNwhw.exe
  2⤵
  PID:3512
- C:\Windows\System\MdDKsQV.exe
  C:\Windows\System\MdDKsQV.exe
  2⤵
  PID:4120
- C:\Windows\System\cuMLWcB.exe
  C:\Windows\System\cuMLWcB.exe
  2⤵
  PID:4204
- C:\Windows\System\EmEIttx.exe
  C:\Windows\System\EmEIttx.exe
  2⤵
  PID:4208
- C:\Windows\System\wPHcWLl.exe
  C:\Windows\System\wPHcWLl.exe
  2⤵
  PID:4272
- C:\Windows\System\xWGqhUc.exe
  C:\Windows\System\xWGqhUc.exe
  2⤵
  PID:4348
- C:\Windows\System\dvHNePJ.exe
  C:\Windows\System\dvHNePJ.exe
  2⤵
  PID:4380
- C:\Windows\System\tUGjJsP.exe
  C:\Windows\System\tUGjJsP.exe
  2⤵
  PID:4316
- C:\Windows\System\lSoLgMG.exe
  C:\Windows\System\lSoLgMG.exe
  2⤵
  PID:4328
- C:\Windows\System\LADJVjJ.exe
  C:\Windows\System\LADJVjJ.exe
  2⤵
  PID:4408
- C:\Windows\System\Vecgohy.exe
  C:\Windows\System\Vecgohy.exe
  2⤵
  PID:4448
- C:\Windows\System\PSYRGde.exe
  C:\Windows\System\PSYRGde.exe
  2⤵
  PID:4508
- C:\Windows\System\fZHgCTT.exe
  C:\Windows\System\fZHgCTT.exe
  2⤵
  PID:4548
- C:\Windows\System\staRFcT.exe
  C:\Windows\System\staRFcT.exe
  2⤵
  PID:4628
- C:\Windows\System\phBNahD.exe
  C:\Windows\System\phBNahD.exe
  2⤵
  PID:4576
- C:\Windows\System\YahHVvz.exe
  C:\Windows\System\YahHVvz.exe
  2⤵
  PID:4616
- C:\Windows\System\UpQyEIb.exe
  C:\Windows\System\UpQyEIb.exe
  2⤵
  PID:4652
- C:\Windows\System\gBERXXh.exe
  C:\Windows\System\gBERXXh.exe
  2⤵
  PID:4696
- C:\Windows\System\wCyhitv.exe
  C:\Windows\System\wCyhitv.exe
  2⤵
  PID:4744
- C:\Windows\System\XAJAsyx.exe
  C:\Windows\System\XAJAsyx.exe
  2⤵
  PID:4820
- C:\Windows\System\jZlvtiS.exe
  C:\Windows\System\jZlvtiS.exe
  2⤵
  PID:4860
- C:\Windows\System\foubUuP.exe
  C:\Windows\System\foubUuP.exe
  2⤵
  PID:4808
- C:\Windows\System\THteMOz.exe
  C:\Windows\System\THteMOz.exe
  2⤵
  PID:4912
- C:\Windows\System\WpQoPIL.exe
  C:\Windows\System\WpQoPIL.exe
  2⤵
  PID:4908
- C:\Windows\System\sMfvHDG.exe
  C:\Windows\System\sMfvHDG.exe
  2⤵
  PID:4944
- C:\Windows\System\llzECit.exe
  C:\Windows\System\llzECit.exe
  2⤵
  PID:4988
- C:\Windows\System\FiygWis.exe
  C:\Windows\System\FiygWis.exe
  2⤵
  PID:5028
- C:\Windows\System\sSQAUUL.exe
  C:\Windows\System\sSQAUUL.exe
  2⤵
  PID:5016
- C:\Windows\System\BSBGrpe.exe
  C:\Windows\System\BSBGrpe.exe
  2⤵
  PID:5076
- C:\Windows\System\AySHqYV.exe
  C:\Windows\System\AySHqYV.exe
  2⤵
  PID:5092
- C:\Windows\System\WpZcmfV.exe
  C:\Windows\System\WpZcmfV.exe
  2⤵
  PID:3192
- C:\Windows\System\GfPqdbh.exe
  C:\Windows\System\GfPqdbh.exe
  2⤵
  PID:3736
- C:\Windows\System\HLSzyyb.exe
  C:\Windows\System\HLSzyyb.exe
  2⤵
  PID:3500
- C:\Windows\System\EaiNPQT.exe
  C:\Windows\System\EaiNPQT.exe
  2⤵
  PID:3892
- C:\Windows\System\wrlUwGS.exe
  C:\Windows\System\wrlUwGS.exe
  2⤵
  PID:4024
- C:\Windows\System\Lyvqcam.exe
  C:\Windows\System\Lyvqcam.exe
  2⤵
  PID:3896
- C:\Windows\System\GyLLnsz.exe
  C:\Windows\System\GyLLnsz.exe
  2⤵
  PID:764
- C:\Windows\System\zOnTrkW.exe
  C:\Windows\System\zOnTrkW.exe
  2⤵
  PID:2044
- C:\Windows\System\rpNiLtN.exe
  C:\Windows\System\rpNiLtN.exe
  2⤵
  PID:4180
- C:\Windows\System\qQLtksj.exe
  C:\Windows\System\qQLtksj.exe
  2⤵
  PID:4192
- C:\Windows\System\yPqcRYJ.exe
  C:\Windows\System\yPqcRYJ.exe
  2⤵
  PID:4268
- C:\Windows\System\TYPEkTf.exe
  C:\Windows\System\TYPEkTf.exe
  2⤵
  PID:4340
- C:\Windows\System\ORevDgd.exe
  C:\Windows\System\ORevDgd.exe
  2⤵
  PID:4324
- C:\Windows\System\LIKcsPa.exe
  C:\Windows\System\LIKcsPa.exe
  2⤵
  PID:4412
- C:\Windows\System\kmKtcfD.exe
  C:\Windows\System\kmKtcfD.exe
  2⤵
  PID:4488
- C:\Windows\System\XtpcsaF.exe
  C:\Windows\System\XtpcsaF.exe
  2⤵
  PID:4552
- C:\Windows\System\YVaGwHe.exe
  C:\Windows\System\YVaGwHe.exe
  2⤵
  PID:4592
- C:\Windows\System\BgdfRbj.exe
  C:\Windows\System\BgdfRbj.exe
  2⤵
  PID:4672
- C:\Windows\System\GVRsnWZ.exe
  C:\Windows\System\GVRsnWZ.exe
  2⤵
  PID:4712
- C:\Windows\System\ZTIoZUv.exe
  C:\Windows\System\ZTIoZUv.exe
  2⤵
  PID:4788
- C:\Windows\System\eqbLeCA.exe
  C:\Windows\System\eqbLeCA.exe
  2⤵
  PID:4772
- C:\Windows\System\ycgCITS.exe
  C:\Windows\System\ycgCITS.exe
  2⤵
  PID:4848
- C:\Windows\System\WJkgQQw.exe
  C:\Windows\System\WJkgQQw.exe
  2⤵
  PID:5136
- C:\Windows\System\sygECbZ.exe
  C:\Windows\System\sygECbZ.exe
  2⤵
  PID:5156
- C:\Windows\System\iCUcoGP.exe
  C:\Windows\System\iCUcoGP.exe
  2⤵
  PID:5176
- C:\Windows\System\vCsNZyh.exe
  C:\Windows\System\vCsNZyh.exe
  2⤵
  PID:5196
- C:\Windows\System\tSBgoLg.exe
  C:\Windows\System\tSBgoLg.exe
  2⤵
  PID:5216
- C:\Windows\System\VYstrYw.exe
  C:\Windows\System\VYstrYw.exe
  2⤵
  PID:5236
- C:\Windows\System\wZDtAtu.exe
  C:\Windows\System\wZDtAtu.exe
  2⤵
  PID:5256
- C:\Windows\System\GZOTCUx.exe
  C:\Windows\System\GZOTCUx.exe
  2⤵
  PID:5276
- C:\Windows\System\yfGdVjj.exe
  C:\Windows\System\yfGdVjj.exe
  2⤵
  PID:5296
- C:\Windows\System\qGTMabA.exe
  C:\Windows\System\qGTMabA.exe
  2⤵
  PID:5316
- C:\Windows\System\LDQBMOR.exe
  C:\Windows\System\LDQBMOR.exe
  2⤵
  PID:5336
- C:\Windows\System\oVGUQjc.exe
  C:\Windows\System\oVGUQjc.exe
  2⤵
  PID:5356
- C:\Windows\System\lRoXQzN.exe
  C:\Windows\System\lRoXQzN.exe
  2⤵
  PID:5376
- C:\Windows\System\wMDwKmt.exe
  C:\Windows\System\wMDwKmt.exe
  2⤵
  PID:5396
- C:\Windows\System\voxJTBp.exe
  C:\Windows\System\voxJTBp.exe
  2⤵
  PID:5416
- C:\Windows\System\XQnxSQG.exe
  C:\Windows\System\XQnxSQG.exe
  2⤵
  PID:5436
- C:\Windows\System\jvKvmHI.exe
  C:\Windows\System\jvKvmHI.exe
  2⤵
  PID:5456
- C:\Windows\System\hYsKweK.exe
  C:\Windows\System\hYsKweK.exe
  2⤵
  PID:5476
- C:\Windows\System\lYBIwpt.exe
  C:\Windows\System\lYBIwpt.exe
  2⤵
  PID:5496
- C:\Windows\System\JcKpchE.exe
  C:\Windows\System\JcKpchE.exe
  2⤵
  PID:5516
- C:\Windows\System\AtpyExU.exe
  C:\Windows\System\AtpyExU.exe
  2⤵
  PID:5536
- C:\Windows\System\WcAiBkI.exe
  C:\Windows\System\WcAiBkI.exe
  2⤵
  PID:5556
- C:\Windows\System\hcZGqad.exe
  C:\Windows\System\hcZGqad.exe
  2⤵
  PID:5572
- C:\Windows\System\EnocnQs.exe
  C:\Windows\System\EnocnQs.exe
  2⤵
  PID:5596
- C:\Windows\System\ChiTkXW.exe
  C:\Windows\System\ChiTkXW.exe
  2⤵
  PID:5616
- C:\Windows\System\YRzqJMA.exe
  C:\Windows\System\YRzqJMA.exe
  2⤵
  PID:5644
- C:\Windows\System\zarfYBL.exe
  C:\Windows\System\zarfYBL.exe
  2⤵
  PID:5664
- C:\Windows\System\WSUMoRG.exe
  C:\Windows\System\WSUMoRG.exe
  2⤵
  PID:5684
- C:\Windows\System\qrBwTbw.exe
  C:\Windows\System\qrBwTbw.exe
  2⤵
  PID:5708
- C:\Windows\System\QAAmRhP.exe
  C:\Windows\System\QAAmRhP.exe
  2⤵
  PID:5728
- C:\Windows\System\dAleeWH.exe
  C:\Windows\System\dAleeWH.exe
  2⤵
  PID:5752
- C:\Windows\System\MTqymoI.exe
  C:\Windows\System\MTqymoI.exe
  2⤵
  PID:5772
- C:\Windows\System\GMlMYFh.exe
  C:\Windows\System\GMlMYFh.exe
  2⤵
  PID:5796
- C:\Windows\System\SLzvQVK.exe
  C:\Windows\System\SLzvQVK.exe
  2⤵
  PID:5820
- C:\Windows\System\EgXcZFh.exe
  C:\Windows\System\EgXcZFh.exe
  2⤵
  PID:5840
- C:\Windows\System\tSYPpbP.exe
  C:\Windows\System\tSYPpbP.exe
  2⤵
  PID:5860
- C:\Windows\System\RmKXIul.exe
  C:\Windows\System\RmKXIul.exe
  2⤵
  PID:5880
- C:\Windows\System\DlwrLxD.exe
  C:\Windows\System\DlwrLxD.exe
  2⤵
  PID:5908
- C:\Windows\System\yyLYLbP.exe
  C:\Windows\System\yyLYLbP.exe
  2⤵
  PID:5928
- C:\Windows\System\xbcdCve.exe
  C:\Windows\System\xbcdCve.exe
  2⤵
  PID:5952
- C:\Windows\System\VhqsBhR.exe
  C:\Windows\System\VhqsBhR.exe
  2⤵
  PID:5976
- C:\Windows\System\JldHyAe.exe
  C:\Windows\System\JldHyAe.exe
  2⤵
  PID:5996
- C:\Windows\System\POKcJHi.exe
  C:\Windows\System\POKcJHi.exe
  2⤵
  PID:6016
- C:\Windows\System\UmWxnAc.exe
  C:\Windows\System\UmWxnAc.exe
  2⤵
  PID:6036
- C:\Windows\System\Lsmvzhy.exe
  C:\Windows\System\Lsmvzhy.exe
  2⤵
  PID:6056
- C:\Windows\System\GKtLBFO.exe
  C:\Windows\System\GKtLBFO.exe
  2⤵
  PID:6076
- C:\Windows\System\ZGoiSZF.exe
  C:\Windows\System\ZGoiSZF.exe
  2⤵
  PID:6096
- C:\Windows\System\gelQcEH.exe
  C:\Windows\System\gelQcEH.exe
  2⤵
  PID:6116
- C:\Windows\System\YRisLoz.exe
  C:\Windows\System\YRisLoz.exe
  2⤵
  PID:6136
- C:\Windows\System\mvVZGqY.exe
  C:\Windows\System\mvVZGqY.exe
  2⤵
  PID:4928
- C:\Windows\System\ZviFlfk.exe
  C:\Windows\System\ZviFlfk.exe
  2⤵
  PID:4952
- C:\Windows\System\aJtOxCf.exe
  C:\Windows\System\aJtOxCf.exe
  2⤵
  PID:5068
- C:\Windows\System\LMGroTm.exe
  C:\Windows\System\LMGroTm.exe
  2⤵
  PID:2724
- C:\Windows\System\mdxIYkJ.exe
  C:\Windows\System\mdxIYkJ.exe
  2⤵
  PID:3812
- C:\Windows\System\VerDQVp.exe
  C:\Windows\System\VerDQVp.exe
  2⤵
  PID:3672
- C:\Windows\System\IBPVqbS.exe
  C:\Windows\System\IBPVqbS.exe
  2⤵
  PID:3936
- C:\Windows\System\sSfjvFh.exe
  C:\Windows\System\sSfjvFh.exe
  2⤵
  PID:3328
- C:\Windows\System\zpwZCYo.exe
  C:\Windows\System\zpwZCYo.exe
  2⤵
  PID:3148
- C:\Windows\System\jLpCLsO.exe
  C:\Windows\System\jLpCLsO.exe
  2⤵
  PID:4224
- C:\Windows\System\KvPqIoj.exe
  C:\Windows\System\KvPqIoj.exe
  2⤵
  PID:4304
- C:\Windows\System\zfTpDrY.exe
  C:\Windows\System\zfTpDrY.exe
  2⤵
  PID:4384
- C:\Windows\System\XnLpOVA.exe
  C:\Windows\System\XnLpOVA.exe
  2⤵
  PID:4452
- C:\Windows\System\BEbzhxu.exe
  C:\Windows\System\BEbzhxu.exe
  2⤵
  PID:4668
- C:\Windows\System\hiQUdUA.exe
  C:\Windows\System\hiQUdUA.exe
  2⤵
  PID:4676
- C:\Windows\System\UqQzQjz.exe
  C:\Windows\System\UqQzQjz.exe
  2⤵
  PID:4748
- C:\Windows\System\OXMummA.exe
  C:\Windows\System\OXMummA.exe
  2⤵
  PID:4904
- C:\Windows\System\BEFOXYZ.exe
  C:\Windows\System\BEFOXYZ.exe
  2⤵
  PID:5144
- C:\Windows\System\bAVuELI.exe
  C:\Windows\System\bAVuELI.exe
  2⤵
  PID:5168
- C:\Windows\System\IRHkkIH.exe
  C:\Windows\System\IRHkkIH.exe
  2⤵
  PID:2208
- C:\Windows\System\jgaTttT.exe
  C:\Windows\System\jgaTttT.exe
  2⤵
  PID:5232
- C:\Windows\System\fQsykuR.exe
  C:\Windows\System\fQsykuR.exe
  2⤵
  PID:5292
- C:\Windows\System\LZGGdzC.exe
  C:\Windows\System\LZGGdzC.exe
  2⤵
  PID:5304
- C:\Windows\System\HvdjBhl.exe
  C:\Windows\System\HvdjBhl.exe
  2⤵
  PID:5328
- C:\Windows\System\JCgQoJz.exe
  C:\Windows\System\JCgQoJz.exe
  2⤵
  PID:5372
- C:\Windows\System\JPXUkiw.exe
  C:\Windows\System\JPXUkiw.exe
  2⤵
  PID:5392
- C:\Windows\System\eSlxyYv.exe
  C:\Windows\System\eSlxyYv.exe
  2⤵
  PID:5452
- C:\Windows\System\lGhzqrG.exe
  C:\Windows\System\lGhzqrG.exe
  2⤵
  PID:5472
- C:\Windows\System\MyYzUlX.exe
  C:\Windows\System\MyYzUlX.exe
  2⤵
  PID:5504
- C:\Windows\System\VUhyvKe.exe
  C:\Windows\System\VUhyvKe.exe
  2⤵
  PID:5528
- C:\Windows\System\SxfzxJz.exe
  C:\Windows\System\SxfzxJz.exe
  2⤵
  PID:5548
- C:\Windows\System\odFeDDp.exe
  C:\Windows\System\odFeDDp.exe
  2⤵
  PID:5604
- C:\Windows\System\vYFxXUp.exe
  C:\Windows\System\vYFxXUp.exe
  2⤵
  PID:5636
- C:\Windows\System\OYEXpaL.exe
  C:\Windows\System\OYEXpaL.exe
  2⤵
  PID:5656
- C:\Windows\System\qCSyzZD.exe
  C:\Windows\System\qCSyzZD.exe
  2⤵
  PID:5724
- C:\Windows\System\vYkNTDF.exe
  C:\Windows\System\vYkNTDF.exe
  2⤵
  PID:5760
- C:\Windows\System\OlLNKxc.exe
  C:\Windows\System\OlLNKxc.exe
  2⤵
  PID:5792
- C:\Windows\System\asCyPkd.exe
  C:\Windows\System\asCyPkd.exe
  2⤵
  PID:5828
- C:\Windows\System\mZlruRV.exe
  C:\Windows\System\mZlruRV.exe
  2⤵
  PID:5852
- C:\Windows\System\zmJZWjG.exe
  C:\Windows\System\zmJZWjG.exe
  2⤵
  PID:5896
- C:\Windows\System\VyMOIQS.exe
  C:\Windows\System\VyMOIQS.exe
  2⤵
  PID:5936
- C:\Windows\System\SMvFkTV.exe
  C:\Windows\System\SMvFkTV.exe
  2⤵
  PID:5972
- C:\Windows\System\yhKdDOj.exe
  C:\Windows\System\yhKdDOj.exe
  2⤵
  PID:6012
- C:\Windows\System\TtzwEVB.exe
  C:\Windows\System\TtzwEVB.exe
  2⤵
  PID:6044
- C:\Windows\System\gKSTkFo.exe
  C:\Windows\System\gKSTkFo.exe
  2⤵
  PID:6068
- C:\Windows\System\NrDGeTl.exe
  C:\Windows\System\NrDGeTl.exe
  2⤵
  PID:6088
- C:\Windows\System\hvcNlXi.exe
  C:\Windows\System\hvcNlXi.exe
  2⤵
  PID:6128
- C:\Windows\System\osUUkMt.exe
  C:\Windows\System\osUUkMt.exe
  2⤵
  PID:4972
- C:\Windows\System\vznykAi.exe
  C:\Windows\System\vznykAi.exe
  2⤵
  PID:5096
- C:\Windows\System\YYbHkeX.exe
  C:\Windows\System\YYbHkeX.exe
  2⤵
  PID:3800
- C:\Windows\System\mVzsmaw.exe
  C:\Windows\System\mVzsmaw.exe
  2⤵
  PID:3832
- C:\Windows\System\HDPDTiz.exe
  C:\Windows\System\HDPDTiz.exe
  2⤵
  PID:4144
- C:\Windows\System\ucKYCOE.exe
  C:\Windows\System\ucKYCOE.exe
  2⤵
  PID:4232
- C:\Windows\System\okBSbfa.exe
  C:\Windows\System\okBSbfa.exe
  2⤵
  PID:4300
- C:\Windows\System\KXQOTUR.exe
  C:\Windows\System\KXQOTUR.exe
  2⤵
  PID:4524
- C:\Windows\System\QmXVTFK.exe
  C:\Windows\System\QmXVTFK.exe
  2⤵
  PID:4688
- C:\Windows\System\ZOoGBIc.exe
  C:\Windows\System\ZOoGBIc.exe
  2⤵
  PID:4768
- C:\Windows\System\pShFLAS.exe
  C:\Windows\System\pShFLAS.exe
  2⤵
  PID:4800
- C:\Windows\System\hyhztIP.exe
  C:\Windows\System\hyhztIP.exe
  2⤵
  PID:5212
- C:\Windows\System\jRnxOZc.exe
  C:\Windows\System\jRnxOZc.exe
  2⤵
  PID:5252
- C:\Windows\System\knVaJTw.exe
  C:\Windows\System\knVaJTw.exe
  2⤵
  PID:5332
- C:\Windows\System\YmRuIoc.exe
  C:\Windows\System\YmRuIoc.exe
  2⤵
  PID:5412
- C:\Windows\System\JpPiOQn.exe
  C:\Windows\System\JpPiOQn.exe
  2⤵
  PID:5428
- C:\Windows\System\sKoQYAR.exe
  C:\Windows\System\sKoQYAR.exe
  2⤵
  PID:5468
- C:\Windows\System\YaBKNIM.exe
  C:\Windows\System\YaBKNIM.exe
  2⤵
  PID:5532
- C:\Windows\System\oFwVUuu.exe
  C:\Windows\System\oFwVUuu.exe
  2⤵
  PID:5640
- C:\Windows\System\hvNFSJI.exe
  C:\Windows\System\hvNFSJI.exe
  2⤵
  PID:5672
- C:\Windows\System\RxPHtkz.exe
  C:\Windows\System\RxPHtkz.exe
  2⤵
  PID:5780
- C:\Windows\System\JhhIrPp.exe
  C:\Windows\System\JhhIrPp.exe
  2⤵
  PID:5804
- C:\Windows\System\KFiFqqi.exe
  C:\Windows\System\KFiFqqi.exe
  2⤵
  PID:5848
- C:\Windows\System\CKVmmdE.exe
  C:\Windows\System\CKVmmdE.exe
  2⤵
  PID:5876
- C:\Windows\System\nhzovrr.exe
  C:\Windows\System\nhzovrr.exe
  2⤵
  PID:5984
- C:\Windows\System\CjXQPVo.exe
  C:\Windows\System\CjXQPVo.exe
  2⤵
  PID:6048
- C:\Windows\System\CYVroey.exe
  C:\Windows\System\CYVroey.exe
  2⤵
  PID:6112
- C:\Windows\System\lMJEXqs.exe
  C:\Windows\System\lMJEXqs.exe
  2⤵
  PID:6148
- C:\Windows\System\sdpnGFO.exe
  C:\Windows\System\sdpnGFO.exe
  2⤵
  PID:6168
- C:\Windows\System\pPzLkcZ.exe
  C:\Windows\System\pPzLkcZ.exe
  2⤵
  PID:6188
- C:\Windows\System\pwrCXUe.exe
  C:\Windows\System\pwrCXUe.exe
  2⤵
  PID:6208
- C:\Windows\System\kDxInqZ.exe
  C:\Windows\System\kDxInqZ.exe
  2⤵
  PID:6228
- C:\Windows\System\tZjQQRE.exe
  C:\Windows\System\tZjQQRE.exe
  2⤵
  PID:6248
- C:\Windows\System\eeTqeld.exe
  C:\Windows\System\eeTqeld.exe
  2⤵
  PID:6268
- C:\Windows\System\fWfxVHe.exe
  C:\Windows\System\fWfxVHe.exe
  2⤵
  PID:6288
- C:\Windows\System\NsqHfHv.exe
  C:\Windows\System\NsqHfHv.exe
  2⤵
  PID:6308
- C:\Windows\System\EkikmUA.exe
  C:\Windows\System\EkikmUA.exe
  2⤵
  PID:6328
- C:\Windows\System\SjMCRfB.exe
  C:\Windows\System\SjMCRfB.exe
  2⤵
  PID:6348
- C:\Windows\System\xRVitpp.exe
  C:\Windows\System\xRVitpp.exe
  2⤵
  PID:6368
- C:\Windows\System\gtvlvVn.exe
  C:\Windows\System\gtvlvVn.exe
  2⤵
  PID:6388
- C:\Windows\System\vlXjJeI.exe
  C:\Windows\System\vlXjJeI.exe
  2⤵
  PID:6408
- C:\Windows\System\pEEKiik.exe
  C:\Windows\System\pEEKiik.exe
  2⤵
  PID:6428
- C:\Windows\System\HTSHmMh.exe
  C:\Windows\System\HTSHmMh.exe
  2⤵
  PID:6448
- C:\Windows\System\SmjMwkE.exe
  C:\Windows\System\SmjMwkE.exe
  2⤵
  PID:6468
- C:\Windows\System\ljfmSQx.exe
  C:\Windows\System\ljfmSQx.exe
  2⤵
  PID:6488
- C:\Windows\System\EIXKbap.exe
  C:\Windows\System\EIXKbap.exe
  2⤵
  PID:6508
- C:\Windows\System\VlYmnPo.exe
  C:\Windows\System\VlYmnPo.exe
  2⤵
  PID:6528
- C:\Windows\System\JGBpecH.exe
  C:\Windows\System\JGBpecH.exe
  2⤵
  PID:6548
- C:\Windows\System\QkOjnqT.exe
  C:\Windows\System\QkOjnqT.exe
  2⤵
  PID:6568
- C:\Windows\System\kNlTGVB.exe
  C:\Windows\System\kNlTGVB.exe
  2⤵
  PID:6588
- C:\Windows\System\GTNMLoN.exe
  C:\Windows\System\GTNMLoN.exe
  2⤵
  PID:6608
- C:\Windows\System\uBApzNH.exe
  C:\Windows\System\uBApzNH.exe
  2⤵
  PID:6628
- C:\Windows\System\zLfsoyV.exe
  C:\Windows\System\zLfsoyV.exe
  2⤵
  PID:6648
- C:\Windows\System\dpnIeFW.exe
  C:\Windows\System\dpnIeFW.exe
  2⤵
  PID:6668
- C:\Windows\System\eJFOdIT.exe
  C:\Windows\System\eJFOdIT.exe
  2⤵
  PID:6688
- C:\Windows\System\wlPibQd.exe
  C:\Windows\System\wlPibQd.exe
  2⤵
  PID:6708
- C:\Windows\System\bSSSImc.exe
  C:\Windows\System\bSSSImc.exe
  2⤵
  PID:6728
- C:\Windows\System\VdoRIvg.exe
  C:\Windows\System\VdoRIvg.exe
  2⤵
  PID:6752
- C:\Windows\System\pssgaaK.exe
  C:\Windows\System\pssgaaK.exe
  2⤵
  PID:6772
- C:\Windows\System\wAjsCbs.exe
  C:\Windows\System\wAjsCbs.exe
  2⤵
  PID:6792
- C:\Windows\System\onOccrU.exe
  C:\Windows\System\onOccrU.exe
  2⤵
  PID:6812
- C:\Windows\System\UcoRKqo.exe
  C:\Windows\System\UcoRKqo.exe
  2⤵
  PID:6832
- C:\Windows\System\ewMcPUD.exe
  C:\Windows\System\ewMcPUD.exe
  2⤵
  PID:6852
- C:\Windows\System\WaANjMG.exe
  C:\Windows\System\WaANjMG.exe
  2⤵
  PID:6872
- C:\Windows\System\YNnrwme.exe
  C:\Windows\System\YNnrwme.exe
  2⤵
  PID:6892
- C:\Windows\System\aZKEcKT.exe
  C:\Windows\System\aZKEcKT.exe
  2⤵
  PID:6912
- C:\Windows\System\djfCVoL.exe
  C:\Windows\System\djfCVoL.exe
  2⤵
  PID:6932
- C:\Windows\System\lCaXnwm.exe
  C:\Windows\System\lCaXnwm.exe
  2⤵
  PID:6952
- C:\Windows\System\gvocQhE.exe
  C:\Windows\System\gvocQhE.exe
  2⤵
  PID:6972
- C:\Windows\System\QIFVQdk.exe
  C:\Windows\System\QIFVQdk.exe
  2⤵
  PID:6992
- C:\Windows\System\NsxfUmP.exe
  C:\Windows\System\NsxfUmP.exe
  2⤵
  PID:7012
- C:\Windows\System\bSeAqCn.exe
  C:\Windows\System\bSeAqCn.exe
  2⤵
  PID:7032
- C:\Windows\System\dxOINsf.exe
  C:\Windows\System\dxOINsf.exe
  2⤵
  PID:7052
- C:\Windows\System\ikpYVDn.exe
  C:\Windows\System\ikpYVDn.exe
  2⤵
  PID:7072
- C:\Windows\System\TWZOmLF.exe
  C:\Windows\System\TWZOmLF.exe
  2⤵
  PID:7092
- C:\Windows\System\cRvwnQc.exe
  C:\Windows\System\cRvwnQc.exe
  2⤵
  PID:7112
- C:\Windows\System\clmfHDJ.exe
  C:\Windows\System\clmfHDJ.exe
  2⤵
  PID:7132
- C:\Windows\System\KKmiwPB.exe
  C:\Windows\System\KKmiwPB.exe
  2⤵
  PID:7152
- C:\Windows\System\xkGpzyd.exe
  C:\Windows\System\xkGpzyd.exe
  2⤵
  PID:5056
- C:\Windows\System\eULlKqf.exe
  C:\Windows\System\eULlKqf.exe
  2⤵
  PID:5088
- C:\Windows\System\LUliFjT.exe
  C:\Windows\System\LUliFjT.exe
  2⤵
  PID:1852
- C:\Windows\System\beJBUxQ.exe
  C:\Windows\System\beJBUxQ.exe
  2⤵
  PID:4160
- C:\Windows\System\aXjaCbY.exe
  C:\Windows\System\aXjaCbY.exe
  2⤵
  PID:4596
- C:\Windows\System\NHdUgzP.exe
  C:\Windows\System\NHdUgzP.exe
  2⤵
  PID:4608
- C:\Windows\System\eKweJuz.exe
  C:\Windows\System\eKweJuz.exe
  2⤵
  PID:5164
- C:\Windows\System\VxxWnfR.exe
  C:\Windows\System\VxxWnfR.exe
  2⤵
  PID:5224
- C:\Windows\System\FxJlAOE.exe
  C:\Windows\System\FxJlAOE.exe
  2⤵
  PID:5272
- C:\Windows\System\wXPcMlm.exe
  C:\Windows\System\wXPcMlm.exe
  2⤵
  PID:5424
- C:\Windows\System\TNqwPcD.exe
  C:\Windows\System\TNqwPcD.exe
  2⤵
  PID:5488
- C:\Windows\System\TngitKS.exe
  C:\Windows\System\TngitKS.exe
  2⤵
  PID:5584
- C:\Windows\System\IFDlLHR.exe
  C:\Windows\System\IFDlLHR.exe
  2⤵
  PID:5744
- C:\Windows\System\baFFTqy.exe
  C:\Windows\System\baFFTqy.exe
  2⤵
  PID:5816
- C:\Windows\System\WSFFzgT.exe
  C:\Windows\System\WSFFzgT.exe
  2⤵
  PID:5916
- C:\Windows\System\HnJiVkN.exe
  C:\Windows\System\HnJiVkN.exe
  2⤵
  PID:6028
- C:\Windows\System\kKJcdOz.exe
  C:\Windows\System\kKJcdOz.exe
  2⤵
  PID:6064
- C:\Windows\System\cnPAAud.exe
  C:\Windows\System\cnPAAud.exe
  2⤵
  PID:6176
- C:\Windows\System\sJZkEPJ.exe
  C:\Windows\System\sJZkEPJ.exe
  2⤵
  PID:6200
- C:\Windows\System\AHKAyPG.exe
  C:\Windows\System\AHKAyPG.exe
  2⤵
  PID:6244
- C:\Windows\System\mjXFuZC.exe
  C:\Windows\System\mjXFuZC.exe
  2⤵
  PID:6276
- C:\Windows\System\yySavjA.exe
  C:\Windows\System\yySavjA.exe
  2⤵
  PID:6300
- C:\Windows\System\wqqFyRh.exe
  C:\Windows\System\wqqFyRh.exe
  2⤵
  PID:6320
- C:\Windows\System\cyoZnCb.exe
  C:\Windows\System\cyoZnCb.exe
  2⤵
  PID:6384
- C:\Windows\System\EYoUhpn.exe
  C:\Windows\System\EYoUhpn.exe
  2⤵
  PID:6416
- C:\Windows\System\hcBqPoK.exe
  C:\Windows\System\hcBqPoK.exe
  2⤵
  PID:6436
- C:\Windows\System\ZRoFFDQ.exe
  C:\Windows\System\ZRoFFDQ.exe
  2⤵
  PID:6476
- C:\Windows\System\cTvHIrV.exe
  C:\Windows\System\cTvHIrV.exe
  2⤵
  PID:6500
- C:\Windows\System\pbjWXgG.exe
  C:\Windows\System\pbjWXgG.exe
  2⤵
  PID:6544
- C:\Windows\System\HfhuuzJ.exe
  C:\Windows\System\HfhuuzJ.exe
  2⤵
  PID:6564
- C:\Windows\System\eHmXAjA.exe
  C:\Windows\System\eHmXAjA.exe
  2⤵
  PID:6600
- C:\Windows\System\pCWaQBx.exe
  C:\Windows\System\pCWaQBx.exe
  2⤵
  PID:6644
- C:\Windows\System\zUvswLH.exe
  C:\Windows\System\zUvswLH.exe
  2⤵
  PID:6696
- C:\Windows\System\EDbkVBq.exe
  C:\Windows\System\EDbkVBq.exe
  2⤵
  PID:6700
- C:\Windows\System\xtniUJu.exe
  C:\Windows\System\xtniUJu.exe
  2⤵
  PID:6740
- C:\Windows\System\yExgRLe.exe
  C:\Windows\System\yExgRLe.exe
  2⤵
  PID:6768
- C:\Windows\System\XveVATC.exe
  C:\Windows\System\XveVATC.exe
  2⤵
  PID:6800
- C:\Windows\System\gWWqWFs.exe
  C:\Windows\System\gWWqWFs.exe
  2⤵
  PID:6824
- C:\Windows\System\XJfJiMI.exe
  C:\Windows\System\XJfJiMI.exe
  2⤵
  PID:6848
- C:\Windows\System\tpgHwuH.exe
  C:\Windows\System\tpgHwuH.exe
  2⤵
  PID:6900
- C:\Windows\System\NccgTlF.exe
  C:\Windows\System\NccgTlF.exe
  2⤵
  PID:6928
- C:\Windows\System\OKSzCkA.exe
  C:\Windows\System\OKSzCkA.exe
  2⤵
  PID:6960
- C:\Windows\System\cfHtqFe.exe
  C:\Windows\System\cfHtqFe.exe
  2⤵
  PID:6984
- C:\Windows\System\fxrDIGw.exe
  C:\Windows\System\fxrDIGw.exe
  2⤵
  PID:7008
- C:\Windows\System\IJWoazv.exe
  C:\Windows\System\IJWoazv.exe
  2⤵
  PID:7068
- C:\Windows\System\ZqnClIH.exe
  C:\Windows\System\ZqnClIH.exe
  2⤵
  PID:7100
- C:\Windows\System\WwOIOwT.exe
  C:\Windows\System\WwOIOwT.exe
  2⤵
  PID:2792
- C:\Windows\System\thAoipg.exe
  C:\Windows\System\thAoipg.exe
  2⤵
  PID:7148
- C:\Windows\System\aWMtXoO.exe
  C:\Windows\System\aWMtXoO.exe
  2⤵
  PID:4968
- C:\Windows\System\goFZrDW.exe
  C:\Windows\System\goFZrDW.exe
  2⤵
  PID:3872
- C:\Windows\System\CtAcAgV.exe
  C:\Windows\System\CtAcAgV.exe
  2⤵
  PID:4492
- C:\Windows\System\TkAQgIm.exe
  C:\Windows\System\TkAQgIm.exe
  2⤵
  PID:4732
- C:\Windows\System\GqFqckL.exe
  C:\Windows\System\GqFqckL.exe
  2⤵
  PID:5192
- C:\Windows\System\KozCZiN.exe
  C:\Windows\System\KozCZiN.exe
  2⤵
  PID:5408
- C:\Windows\System\eATVnQQ.exe
  C:\Windows\System\eATVnQQ.exe
  2⤵
  PID:5508
- C:\Windows\System\DulvXKj.exe
  C:\Windows\System\DulvXKj.exe
  2⤵
  PID:5768
- C:\Windows\System\fVcOpxl.exe
  C:\Windows\System\fVcOpxl.exe
  2⤵
  PID:5988
- C:\Windows\System\weoebaI.exe
  C:\Windows\System\weoebaI.exe
  2⤵
  PID:4892
- C:\Windows\System\gRNaTje.exe
  C:\Windows\System\gRNaTje.exe
  2⤵
  PID:6184
- C:\Windows\System\ygOclOr.exe
  C:\Windows\System\ygOclOr.exe
  2⤵
  PID:6220
- C:\Windows\System\pdzgQzv.exe
  C:\Windows\System\pdzgQzv.exe
  2⤵
  PID:6280
- C:\Windows\System\FUAHGjq.exe
  C:\Windows\System\FUAHGjq.exe
  2⤵
  PID:6376
- C:\Windows\System\QVyuzDF.exe
  C:\Windows\System\QVyuzDF.exe
  2⤵
  PID:6424
- C:\Windows\System\kqQiYct.exe
  C:\Windows\System\kqQiYct.exe
  2⤵
  PID:6460
- C:\Windows\System\IoGnVkK.exe
  C:\Windows\System\IoGnVkK.exe
  2⤵
  PID:6536
- C:\Windows\System\XqkwclK.exe
  C:\Windows\System\XqkwclK.exe
  2⤵
  PID:6576
- C:\Windows\System\jrRrKJn.exe
  C:\Windows\System\jrRrKJn.exe
  2⤵
  PID:6636
- C:\Windows\System\FYovfCe.exe
  C:\Windows\System\FYovfCe.exe
  2⤵
  PID:6664
- C:\Windows\System\BEzvpVA.exe
  C:\Windows\System\BEzvpVA.exe
  2⤵
  PID:6760
- C:\Windows\System\gxdpOlW.exe
  C:\Windows\System\gxdpOlW.exe
  2⤵
  PID:6784
- C:\Windows\System\cSPzLHG.exe
  C:\Windows\System\cSPzLHG.exe
  2⤵
  PID:6808
- C:\Windows\System\YNrsSFU.exe
  C:\Windows\System\YNrsSFU.exe
  2⤵
  PID:6864
- C:\Windows\System\WTzAJvf.exe
  C:\Windows\System\WTzAJvf.exe
  2⤵
  PID:6904
- C:\Windows\System\qXXjBKP.exe
  C:\Windows\System\qXXjBKP.exe
  2⤵
  PID:6988
- C:\Windows\System\KPpDgVY.exe
  C:\Windows\System\KPpDgVY.exe
  2⤵
  PID:7004
- C:\Windows\System\KARXvzE.exe
  C:\Windows\System\KARXvzE.exe
  2⤵
  PID:7064
- C:\Windows\System\QFNLgoT.exe
  C:\Windows\System\QFNLgoT.exe
  2⤵
  PID:7088
- C:\Windows\System\aXhEKvu.exe
  C:\Windows\System\aXhEKvu.exe
  2⤵
  PID:2752
- C:\Windows\System\fLmUFRj.exe
  C:\Windows\System\fLmUFRj.exe
  2⤵
  PID:2452
- C:\Windows\System\BvvZoqs.exe
  C:\Windows\System\BvvZoqs.exe
  2⤵
  PID:4148
- C:\Windows\System\YlrIcIp.exe
  C:\Windows\System\YlrIcIp.exe
  2⤵
  PID:2260
- C:\Windows\System\XkGgLEJ.exe
  C:\Windows\System\XkGgLEJ.exe
  2⤵
  PID:5208
- C:\Windows\System\ZAquUQs.exe
  C:\Windows\System\ZAquUQs.exe
  2⤵
  PID:5716
- C:\Windows\System\wZwimNB.exe
  C:\Windows\System\wZwimNB.exe
  2⤵
  PID:5832
- C:\Windows\System\hIjtAfR.exe
  C:\Windows\System\hIjtAfR.exe
  2⤵
  PID:6092
- C:\Windows\System\AtxfSLN.exe
  C:\Windows\System\AtxfSLN.exe
  2⤵
  PID:6204
- C:\Windows\System\LMPzJHM.exe
  C:\Windows\System\LMPzJHM.exe
  2⤵
  PID:6356
- C:\Windows\System\rZdNLIo.exe
  C:\Windows\System\rZdNLIo.exe
  2⤵
  PID:6380
- C:\Windows\System\awzRuQh.exe
  C:\Windows\System\awzRuQh.exe
  2⤵
  PID:6524
- C:\Windows\System\ibQmJIB.exe
  C:\Windows\System\ibQmJIB.exe
  2⤵
  PID:6596
- C:\Windows\System\VWEapwt.exe
  C:\Windows\System\VWEapwt.exe
  2⤵
  PID:6716
- C:\Windows\System\AbySePQ.exe
  C:\Windows\System\AbySePQ.exe
  2⤵
  PID:7176
- C:\Windows\System\XSdDqhK.exe
  C:\Windows\System\XSdDqhK.exe
  2⤵
  PID:7196
- C:\Windows\System\fhpLdXA.exe
  C:\Windows\System\fhpLdXA.exe
  2⤵
  PID:7216
- C:\Windows\System\abKswna.exe
  C:\Windows\System\abKswna.exe
  2⤵
  PID:7236
- C:\Windows\System\tbDOzJZ.exe
  C:\Windows\System\tbDOzJZ.exe
  2⤵
  PID:7256
- C:\Windows\System\UtEVYan.exe
  C:\Windows\System\UtEVYan.exe
  2⤵
  PID:7276
- C:\Windows\System\zzLknzR.exe
  C:\Windows\System\zzLknzR.exe
  2⤵
  PID:7296
- C:\Windows\System\VLDEVkW.exe
  C:\Windows\System\VLDEVkW.exe
  2⤵
  PID:7320
- C:\Windows\System\fRTjMLo.exe
  C:\Windows\System\fRTjMLo.exe
  2⤵
  PID:7340
- C:\Windows\System\QytiDgy.exe
  C:\Windows\System\QytiDgy.exe
  2⤵
  PID:7360
- C:\Windows\System\wpCXqRq.exe
  C:\Windows\System\wpCXqRq.exe
  2⤵
  PID:7380
- C:\Windows\System\fPpSHnH.exe
  C:\Windows\System\fPpSHnH.exe
  2⤵
  PID:7400
- C:\Windows\System\YdGfEpz.exe
  C:\Windows\System\YdGfEpz.exe
  2⤵
  PID:7420
- C:\Windows\System\VdFAANt.exe
  C:\Windows\System\VdFAANt.exe
  2⤵
  PID:7440
- C:\Windows\System\IeHQIjm.exe
  C:\Windows\System\IeHQIjm.exe
  2⤵
  PID:7460
- C:\Windows\System\wtraUsV.exe
  C:\Windows\System\wtraUsV.exe
  2⤵
  PID:7480
- C:\Windows\System\XPtnApV.exe
  C:\Windows\System\XPtnApV.exe
  2⤵
  PID:7500
- C:\Windows\System\LlpRlWm.exe
  C:\Windows\System\LlpRlWm.exe
  2⤵
  PID:7520
- C:\Windows\System\PxXqVAX.exe
  C:\Windows\System\PxXqVAX.exe
  2⤵
  PID:7540
- C:\Windows\System\vUIFSms.exe
  C:\Windows\System\vUIFSms.exe
  2⤵
  PID:7560
- C:\Windows\System\ZHhYgCe.exe
  C:\Windows\System\ZHhYgCe.exe
  2⤵
  PID:7580
- C:\Windows\System\YjzJUPb.exe
  C:\Windows\System\YjzJUPb.exe
  2⤵
  PID:7600
- C:\Windows\System\pOfOBwF.exe
  C:\Windows\System\pOfOBwF.exe
  2⤵
  PID:7620
- C:\Windows\System\OyFUUdY.exe
  C:\Windows\System\OyFUUdY.exe
  2⤵
  PID:7640
- C:\Windows\System\CdFfsGJ.exe
  C:\Windows\System\CdFfsGJ.exe
  2⤵
  PID:7660
- C:\Windows\System\HpMnJuy.exe
  C:\Windows\System\HpMnJuy.exe
  2⤵
  PID:7680
- C:\Windows\System\mQoDTfp.exe
  C:\Windows\System\mQoDTfp.exe
  2⤵
  PID:7700
- C:\Windows\System\IUXXQaz.exe
  C:\Windows\System\IUXXQaz.exe
  2⤵
  PID:7720
- C:\Windows\System\BVPFIoF.exe
  C:\Windows\System\BVPFIoF.exe
  2⤵
  PID:7740
- C:\Windows\System\wAOJeIU.exe
  C:\Windows\System\wAOJeIU.exe
  2⤵
  PID:7760
- C:\Windows\System\BxkaynA.exe
  C:\Windows\System\BxkaynA.exe
  2⤵
  PID:7780
- C:\Windows\System\xfaqJyq.exe
  C:\Windows\System\xfaqJyq.exe
  2⤵
  PID:7800
- C:\Windows\System\vNiPdoI.exe
  C:\Windows\System\vNiPdoI.exe
  2⤵
  PID:7820
- C:\Windows\System\LghyUxN.exe
  C:\Windows\System\LghyUxN.exe
  2⤵
  PID:7840
- C:\Windows\System\IiwlYKW.exe
  C:\Windows\System\IiwlYKW.exe
  2⤵
  PID:7860
- C:\Windows\System\NJitcst.exe
  C:\Windows\System\NJitcst.exe
  2⤵
  PID:7880
- C:\Windows\System\bhDmezF.exe
  C:\Windows\System\bhDmezF.exe
  2⤵
  PID:7896
- C:\Windows\System\KulDoWR.exe
  C:\Windows\System\KulDoWR.exe
  2⤵
  PID:7920
- C:\Windows\System\RYzopWb.exe
  C:\Windows\System\RYzopWb.exe
  2⤵
  PID:7940
- C:\Windows\System\GxcmzcX.exe
  C:\Windows\System\GxcmzcX.exe
  2⤵
  PID:7960
- C:\Windows\System\QcOnbbU.exe
  C:\Windows\System\QcOnbbU.exe
  2⤵
  PID:7980
- C:\Windows\System\stYJHFk.exe
  C:\Windows\System\stYJHFk.exe
  2⤵
  PID:8000
- C:\Windows\System\RlvwjCj.exe
  C:\Windows\System\RlvwjCj.exe
  2⤵
  PID:8020
- C:\Windows\System\WCfQXUw.exe
  C:\Windows\System\WCfQXUw.exe
  2⤵
  PID:8040
- C:\Windows\System\cgpGDVm.exe
  C:\Windows\System\cgpGDVm.exe
  2⤵
  PID:8064
- C:\Windows\System\BmtuzWr.exe
  C:\Windows\System\BmtuzWr.exe
  2⤵
  PID:8080
- C:\Windows\System\gPYmDpP.exe
  C:\Windows\System\gPYmDpP.exe
  2⤵
  PID:8100
- C:\Windows\System\qGywcBm.exe
  C:\Windows\System\qGywcBm.exe
  2⤵
  PID:8120
- C:\Windows\System\bjoHVfs.exe
  C:\Windows\System\bjoHVfs.exe
  2⤵
  PID:8144
- C:\Windows\System\XJNKYoY.exe
  C:\Windows\System\XJNKYoY.exe
  2⤵
  PID:8160
- C:\Windows\System\QlEppLu.exe
  C:\Windows\System\QlEppLu.exe
  2⤵
  PID:8176
- C:\Windows\System\lEwcCQG.exe
  C:\Windows\System\lEwcCQG.exe
  2⤵
  PID:6828
- C:\Windows\System\surJJpq.exe
  C:\Windows\System\surJJpq.exe
  2⤵
  PID:6880
- C:\Windows\System\PWcbvtY.exe
  C:\Windows\System\PWcbvtY.exe
  2⤵
  PID:6908
- C:\Windows\System\iQDJgLg.exe
  C:\Windows\System\iQDJgLg.exe
  2⤵
  PID:7040
- C:\Windows\System\tfqzEOA.exe
  C:\Windows\System\tfqzEOA.exe
  2⤵
  PID:7124
- C:\Windows\System\KNRmuzJ.exe
  C:\Windows\System\KNRmuzJ.exe
  2⤵
  PID:2296
- C:\Windows\System\YVsXkYY.exe
  C:\Windows\System\YVsXkYY.exe
  2⤵
  PID:4392
- C:\Windows\System\Zmvwaeg.exe
  C:\Windows\System\Zmvwaeg.exe
  2⤵
  PID:5492
- C:\Windows\System\vSyRJsj.exe
  C:\Windows\System\vSyRJsj.exe
  2⤵
  PID:5992
- C:\Windows\System\avfGKqX.exe
  C:\Windows\System\avfGKqX.exe
  2⤵
  PID:6180
- C:\Windows\System\KexBXzh.exe
  C:\Windows\System\KexBXzh.exe
  2⤵
  PID:6420
- C:\Windows\System\zSAEZLK.exe
  C:\Windows\System\zSAEZLK.exe
  2⤵
  PID:6604
- C:\Windows\System\URXquFL.exe
  C:\Windows\System\URXquFL.exe
  2⤵
  PID:6676
- C:\Windows\System\jWrpAoY.exe
  C:\Windows\System\jWrpAoY.exe
  2⤵
  PID:7184
- C:\Windows\System\ZdgvnkR.exe
  C:\Windows\System\ZdgvnkR.exe
  2⤵
  PID:7208
- C:\Windows\System\hmRmfOU.exe
  C:\Windows\System\hmRmfOU.exe
  2⤵
  PID:7252
- C:\Windows\System\PirKTqP.exe
  C:\Windows\System\PirKTqP.exe
  2⤵
  PID:7272
- C:\Windows\System\ecdPtnE.exe
  C:\Windows\System\ecdPtnE.exe
  2⤵
  PID:7328
- C:\Windows\System\abRNxSM.exe
  C:\Windows\System\abRNxSM.exe
  2⤵
  PID:7356
- C:\Windows\System\vDAsfyO.exe
  C:\Windows\System\vDAsfyO.exe
  2⤵
  PID:7372
- C:\Windows\System\HkixHiv.exe
  C:\Windows\System\HkixHiv.exe
  2⤵
  PID:7412
- C:\Windows\System\KvJUrsn.exe
  C:\Windows\System\KvJUrsn.exe
  2⤵
  PID:7456
- C:\Windows\System\VIdsrDV.exe
  C:\Windows\System\VIdsrDV.exe
  2⤵
  PID:7476
- C:\Windows\System\WRyxWAt.exe
  C:\Windows\System\WRyxWAt.exe
  2⤵
  PID:7512
- C:\Windows\System\HZrvafM.exe
  C:\Windows\System\HZrvafM.exe
  2⤵
  PID:7568
- C:\Windows\System\kwlcGxL.exe
  C:\Windows\System\kwlcGxL.exe
  2⤵
  PID:2088
- C:\Windows\System\PrKbiIi.exe
  C:\Windows\System\PrKbiIi.exe
  2⤵
  PID:7608
- C:\Windows\System\LhQJvmI.exe
  C:\Windows\System\LhQJvmI.exe
  2⤵
  PID:7648
- C:\Windows\System\iJOTXWW.exe
  C:\Windows\System\iJOTXWW.exe
  2⤵
  PID:7692
- C:\Windows\System\uPeKArg.exe
  C:\Windows\System\uPeKArg.exe
  2⤵
  PID:7672
- C:\Windows\System\atVKdyl.exe
  C:\Windows\System\atVKdyl.exe
  2⤵
  PID:7736
- C:\Windows\System\EKhloww.exe
  C:\Windows\System\EKhloww.exe
  2⤵
  PID:7808
- C:\Windows\System\VBufMJd.exe
  C:\Windows\System\VBufMJd.exe
  2⤵
  PID:7752
- C:\Windows\System\yHXMkEo.exe
  C:\Windows\System\yHXMkEo.exe
  2⤵
  PID:7828
- C:\Windows\System\oMavcvk.exe
  C:\Windows\System\oMavcvk.exe
  2⤵
  PID:1504
- C:\Windows\System\rMyfRSj.exe
  C:\Windows\System\rMyfRSj.exe
  2⤵
  PID:7872
- C:\Windows\System\FEkCUWY.exe
  C:\Windows\System\FEkCUWY.exe
  2⤵
  PID:7912
- C:\Windows\System\rMqAZDW.exe
  C:\Windows\System\rMqAZDW.exe
  2⤵
  PID:7972
- C:\Windows\System\owUYFVU.exe
  C:\Windows\System\owUYFVU.exe
  2⤵
  PID:7956
- C:\Windows\System\UyDilcf.exe
  C:\Windows\System\UyDilcf.exe
  2⤵
  PID:2824
- C:\Windows\System\CnguUVZ.exe
  C:\Windows\System\CnguUVZ.exe
  2⤵
  PID:2676
- C:\Windows\System\sXZoUUi.exe
  C:\Windows\System\sXZoUUi.exe
  2⤵
  PID:8032
- C:\Windows\System\HdcVXrc.exe
  C:\Windows\System\HdcVXrc.exe
  2⤵
  PID:8096
- C:\Windows\System\SbRhrmP.exe
  C:\Windows\System\SbRhrmP.exe
  2⤵
  PID:8140
- C:\Windows\System\pjfJzQC.exe
  C:\Windows\System\pjfJzQC.exe
  2⤵
  PID:8136
- C:\Windows\System\Thhwdib.exe
  C:\Windows\System\Thhwdib.exe
  2⤵
  PID:8152
- C:\Windows\System\VfsaSxx.exe
  C:\Windows\System\VfsaSxx.exe
  2⤵
  PID:6868
- C:\Windows\System\FZAaLde.exe
  C:\Windows\System\FZAaLde.exe
  2⤵
  PID:6804
- C:\Windows\System\hEMdAjX.exe
  C:\Windows\System\hEMdAjX.exe
  2⤵
  PID:7028
- C:\Windows\System\SYUoXYv.exe
  C:\Windows\System\SYUoXYv.exe
  2⤵
  PID:7164
- C:\Windows\System\xFnebbd.exe
  C:\Windows\System\xFnebbd.exe
  2⤵
  PID:908
- C:\Windows\System\SeyRksk.exe
  C:\Windows\System\SeyRksk.exe
  2⤵
  PID:5588
- C:\Windows\System\HgrRISt.exe
  C:\Windows\System\HgrRISt.exe
  2⤵
  PID:5552
- C:\Windows\System\qpTiiDk.exe
  C:\Windows\System\qpTiiDk.exe
  2⤵
  PID:6260
- C:\Windows\System\PBuonPa.exe
  C:\Windows\System\PBuonPa.exe
  2⤵
  PID:6660
- C:\Windows\System\BWEGNzk.exe
  C:\Windows\System\BWEGNzk.exe
  2⤵
  PID:7228
- C:\Windows\System\cBluJsl.exe
  C:\Windows\System\cBluJsl.exe
  2⤵
  PID:7292
- C:\Windows\System\YjdBmqX.exe
  C:\Windows\System\YjdBmqX.exe
  2⤵
  PID:7376
- C:\Windows\System\LTFvNmI.exe
  C:\Windows\System\LTFvNmI.exe
  2⤵
  PID:7408
- C:\Windows\System\TWriEiW.exe
  C:\Windows\System\TWriEiW.exe
  2⤵
  PID:7392
- C:\Windows\System\hLrHNyV.exe
  C:\Windows\System\hLrHNyV.exe
  2⤵
  PID:7492
- C:\Windows\System\LQPJAnB.exe
  C:\Windows\System\LQPJAnB.exe
  2⤵
  PID:7548
- C:\Windows\System\qVNxZBJ.exe
  C:\Windows\System\qVNxZBJ.exe
  2⤵
  PID:2884
- C:\Windows\System\bYqORmk.exe
  C:\Windows\System\bYqORmk.exe
  2⤵
  PID:7688
- C:\Windows\System\XkLMtRc.exe
  C:\Windows\System\XkLMtRc.exe
  2⤵
  PID:7676
- C:\Windows\System\LYzpwyP.exe
  C:\Windows\System\LYzpwyP.exe
  2⤵
  PID:7772
- C:\Windows\System\wxMFlXc.exe
  C:\Windows\System\wxMFlXc.exe
  2⤵
  PID:7748
- C:\Windows\System\KXcPTUZ.exe
  C:\Windows\System\KXcPTUZ.exe
  2⤵
  PID:7876
- C:\Windows\System\eFRXcep.exe
  C:\Windows\System\eFRXcep.exe
  2⤵
  PID:7968
- C:\Windows\System\GjMxLMK.exe
  C:\Windows\System\GjMxLMK.exe
  2⤵
  PID:8016
- C:\Windows\System\HZvkryl.exe
  C:\Windows\System\HZvkryl.exe
  2⤵
  PID:2672
- C:\Windows\System\vAcrWhg.exe
  C:\Windows\System\vAcrWhg.exe
  2⤵
  PID:8132
- C:\Windows\System\zTVwUNN.exe
  C:\Windows\System\zTVwUNN.exe
  2⤵
  PID:8088
- C:\Windows\System\BEOXLrG.exe
  C:\Windows\System\BEOXLrG.exe
  2⤵
  PID:8112
- C:\Windows\System\IWKDktB.exe
  C:\Windows\System\IWKDktB.exe
  2⤵
  PID:6860
- C:\Windows\System\VoiyTmn.exe
  C:\Windows\System\VoiyTmn.exe
  2⤵
  PID:7128
- C:\Windows\System\kVuMyVj.exe
  C:\Windows\System\kVuMyVj.exe
  2⤵
  PID:5348
- C:\Windows\System\wSQZarh.exe
  C:\Windows\System\wSQZarh.exe
  2⤵
  PID:6324
- C:\Windows\System\UbAVyUT.exe
  C:\Windows\System\UbAVyUT.exe
  2⤵
  PID:7172
- C:\Windows\System\mHIEWQw.exe
  C:\Windows\System\mHIEWQw.exe
  2⤵
  PID:7224
- C:\Windows\System\wlVEjJT.exe
  C:\Windows\System\wlVEjJT.exe
  2⤵
  PID:7304
- C:\Windows\System\CIgxpLu.exe
  C:\Windows\System\CIgxpLu.exe
  2⤵
  PID:7436
- C:\Windows\System\HfJLelT.exe
  C:\Windows\System\HfJLelT.exe
  2⤵
  PID:7508
- C:\Windows\System\fyxVUQP.exe
  C:\Windows\System\fyxVUQP.exe
  2⤵
  PID:7612
- C:\Windows\System\vVkFYXR.exe
  C:\Windows\System\vVkFYXR.exe
  2⤵
  PID:2888
- C:\Windows\System\aLdpnEE.exe
  C:\Windows\System\aLdpnEE.exe
  2⤵
  PID:7812
- C:\Windows\System\qDefGoX.exe
  C:\Windows\System\qDefGoX.exe
  2⤵
  PID:7868
- C:\Windows\System\uLJTeDB.exe
  C:\Windows\System\uLJTeDB.exe
  2⤵
  PID:7908
- C:\Windows\System\zKntXml.exe
  C:\Windows\System\zKntXml.exe
  2⤵
  PID:7948
- C:\Windows\System\weZaijC.exe
  C:\Windows\System\weZaijC.exe
  2⤵
  PID:3340
- C:\Windows\System\sXWpQzc.exe
  C:\Windows\System\sXWpQzc.exe
  2⤵
  PID:3456
- C:\Windows\System\ZlHoBbw.exe
  C:\Windows\System\ZlHoBbw.exe
  2⤵
  PID:6924
- C:\Windows\System\lXsudgc.exe
  C:\Windows\System\lXsudgc.exe
  2⤵
  PID:7232
- C:\Windows\System\GELjEwf.exe
  C:\Windows\System\GELjEwf.exe
  2⤵
  PID:7084
- C:\Windows\System\aMWvgIv.exe
  C:\Windows\System\aMWvgIv.exe
  2⤵
  PID:7308
- C:\Windows\System\KwLTIbK.exe
  C:\Windows\System\KwLTIbK.exe
  2⤵
  PID:7636
- C:\Windows\System\zhWqYCt.exe
  C:\Windows\System\zhWqYCt.exe
  2⤵
  PID:7348
- C:\Windows\System\iQTVKYV.exe
  C:\Windows\System\iQTVKYV.exe
  2⤵
  PID:7716
- C:\Windows\System\mMLMFxr.exe
  C:\Windows\System\mMLMFxr.exe
  2⤵
  PID:2504
- C:\Windows\System\sGadPGl.exe
  C:\Windows\System\sGadPGl.exe
  2⤵
  PID:7992
- C:\Windows\System\lVjTMXK.exe
  C:\Windows\System\lVjTMXK.exe
  2⤵
  PID:8116
- C:\Windows\System\nJFIRwz.exe
  C:\Windows\System\nJFIRwz.exe
  2⤵
  PID:5012
- C:\Windows\System\tmRmKWl.exe
  C:\Windows\System\tmRmKWl.exe
  2⤵
  PID:8200
- C:\Windows\System\TJSwqlp.exe
  C:\Windows\System\TJSwqlp.exe
  2⤵
  PID:8224
- C:\Windows\System\ICKRJpD.exe
  C:\Windows\System\ICKRJpD.exe
  2⤵
  PID:8244
- C:\Windows\System\LoZwmhL.exe
  C:\Windows\System\LoZwmhL.exe
  2⤵
  PID:8264
- C:\Windows\System\YHRVwhB.exe
  C:\Windows\System\YHRVwhB.exe
  2⤵
  PID:8284
- C:\Windows\System\kNXGebC.exe
  C:\Windows\System\kNXGebC.exe
  2⤵
  PID:8304
- C:\Windows\System\iMnjmiY.exe
  C:\Windows\System\iMnjmiY.exe
  2⤵
  PID:8324
- C:\Windows\System\xpHMeoa.exe
  C:\Windows\System\xpHMeoa.exe
  2⤵
  PID:8340
- C:\Windows\System\wFdpSaB.exe
  C:\Windows\System\wFdpSaB.exe
  2⤵
  PID:8360
- C:\Windows\System\YGuRBfH.exe
  C:\Windows\System\YGuRBfH.exe
  2⤵
  PID:8376
- C:\Windows\System\KnTeJEJ.exe
  C:\Windows\System\KnTeJEJ.exe
  2⤵
  PID:8396
- C:\Windows\System\MKFiWKN.exe
  C:\Windows\System\MKFiWKN.exe
  2⤵
  PID:8416
- C:\Windows\System\vWJsiEW.exe
  C:\Windows\System\vWJsiEW.exe
  2⤵
  PID:8432
- C:\Windows\System\oYWyMRE.exe
  C:\Windows\System\oYWyMRE.exe
  2⤵
  PID:8448
- C:\Windows\System\axABlXw.exe
  C:\Windows\System\axABlXw.exe
  2⤵
  PID:8464
- C:\Windows\System\aHHMuHZ.exe
  C:\Windows\System\aHHMuHZ.exe
  2⤵
  PID:8480
- C:\Windows\System\eBmzxOg.exe
  C:\Windows\System\eBmzxOg.exe
  2⤵
  PID:8504
- C:\Windows\System\eEpvLrX.exe
  C:\Windows\System\eEpvLrX.exe
  2⤵
  PID:8524
- C:\Windows\System\mwfdZJF.exe
  C:\Windows\System\mwfdZJF.exe
  2⤵
  PID:8540
- C:\Windows\System\YKOFwIL.exe
  C:\Windows\System\YKOFwIL.exe
  2⤵
  PID:8556
- C:\Windows\System\iWYmIZD.exe
  C:\Windows\System\iWYmIZD.exe
  2⤵
  PID:8572
- C:\Windows\System\ZBarDQE.exe
  C:\Windows\System\ZBarDQE.exe
  2⤵
  PID:8588
- C:\Windows\System\KOLKBhq.exe
  C:\Windows\System\KOLKBhq.exe
  2⤵
  PID:8608
- C:\Windows\System\kqBCezD.exe
  C:\Windows\System\kqBCezD.exe
  2⤵
  PID:8624
- C:\Windows\System\FobVtkA.exe
  C:\Windows\System\FobVtkA.exe
  2⤵
  PID:8640
- C:\Windows\System\pZztZGP.exe
  C:\Windows\System\pZztZGP.exe
  2⤵
  PID:8656
- C:\Windows\System\BrPxCzi.exe
  C:\Windows\System\BrPxCzi.exe
  2⤵
  PID:8672
- C:\Windows\System\haRSlFo.exe
  C:\Windows\System\haRSlFo.exe
  2⤵
  PID:8696
- C:\Windows\System\LpDNMfJ.exe
  C:\Windows\System\LpDNMfJ.exe
  2⤵
  PID:8712
- C:\Windows\System\GTvBtLy.exe
  C:\Windows\System\GTvBtLy.exe
  2⤵
  PID:8804
- C:\Windows\System\ZkXKMzv.exe
  C:\Windows\System\ZkXKMzv.exe
  2⤵
  PID:8820
- C:\Windows\System\JuMyQwF.exe
  C:\Windows\System\JuMyQwF.exe
  2⤵
  PID:8836
- C:\Windows\System\qlnejpy.exe
  C:\Windows\System\qlnejpy.exe
  2⤵
  PID:8852
- C:\Windows\System\EQtMaHt.exe
  C:\Windows\System\EQtMaHt.exe
  2⤵
  PID:8868
- C:\Windows\System\YUGgUVe.exe
  C:\Windows\System\YUGgUVe.exe
  2⤵
  PID:8884
- C:\Windows\System\oeSdZhw.exe
  C:\Windows\System\oeSdZhw.exe
  2⤵
  PID:8900
- C:\Windows\System\EvbgRjj.exe
  C:\Windows\System\EvbgRjj.exe
  2⤵
  PID:8916
- C:\Windows\System\COQlgYr.exe
  C:\Windows\System\COQlgYr.exe
  2⤵
  PID:8932
- C:\Windows\System\GbbtHoD.exe
  C:\Windows\System\GbbtHoD.exe
  2⤵
  PID:8948
- C:\Windows\System\PrnVgXj.exe
  C:\Windows\System\PrnVgXj.exe
  2⤵
  PID:8964
- C:\Windows\System\uldbLmI.exe
  C:\Windows\System\uldbLmI.exe
  2⤵
  PID:8984
- C:\Windows\System\IrOlFmK.exe
  C:\Windows\System\IrOlFmK.exe
  2⤵
  PID:9004
- C:\Windows\System\pElfmHa.exe
  C:\Windows\System\pElfmHa.exe
  2⤵
  PID:9020
- C:\Windows\System\PsoTqAb.exe
  C:\Windows\System\PsoTqAb.exe
  2⤵
  PID:9056
- C:\Windows\System\BNwMfTX.exe
  C:\Windows\System\BNwMfTX.exe
  2⤵
  PID:9088
- C:\Windows\System\mqAfMzS.exe
  C:\Windows\System\mqAfMzS.exe
  2⤵
  PID:9104
- C:\Windows\System\ZJtvpVF.exe
  C:\Windows\System\ZJtvpVF.exe
  2⤵
  PID:9120
- C:\Windows\System\ptZUCPZ.exe
  C:\Windows\System\ptZUCPZ.exe
  2⤵
  PID:9172
- C:\Windows\System\fIELwuB.exe
  C:\Windows\System\fIELwuB.exe
  2⤵
  PID:9188
- C:\Windows\System\wufDOJi.exe
  C:\Windows\System\wufDOJi.exe
  2⤵
  PID:9204
- C:\Windows\System\vLkICuN.exe
  C:\Windows\System\vLkICuN.exe
  2⤵
  PID:6156
- C:\Windows\System\wNbIsyP.exe
  C:\Windows\System\wNbIsyP.exe
  2⤵
  PID:7532
- C:\Windows\System\rVJxHuv.exe
  C:\Windows\System\rVJxHuv.exe
  2⤵
  PID:7712
- C:\Windows\System\IXjbxaY.exe
  C:\Windows\System\IXjbxaY.exe
  2⤵
  PID:7792
- C:\Windows\System\LamTMWD.exe
  C:\Windows\System\LamTMWD.exe
  2⤵
  PID:8216
- C:\Windows\System\kwSjReb.exe
  C:\Windows\System\kwSjReb.exe
  2⤵
  PID:6748
- C:\Windows\System\drlaIvs.exe
  C:\Windows\System\drlaIvs.exe
  2⤵
  PID:8336
- C:\Windows\System\LIgvwON.exe
  C:\Windows\System\LIgvwON.exe
  2⤵
  PID:7976
- C:\Windows\System\loThGxE.exe
  C:\Windows\System\loThGxE.exe
  2⤵
  PID:3248
- C:\Windows\System\DgDqieJ.exe
  C:\Windows\System\DgDqieJ.exe
  2⤵
  PID:8196
- C:\Windows\System\qQsUCQb.exe
  C:\Windows\System\qQsUCQb.exe
  2⤵
  PID:8440
- C:\Windows\System\eDbEUjF.exe
  C:\Windows\System\eDbEUjF.exe
  2⤵
  PID:8472
- C:\Windows\System\cyZnJXF.exe
  C:\Windows\System\cyZnJXF.exe
  2⤵
  PID:8476
- C:\Windows\System\AKwrOdS.exe
  C:\Windows\System\AKwrOdS.exe
  2⤵
  PID:8356
- C:\Windows\System\WYAxiol.exe
  C:\Windows\System\WYAxiol.exe
  2⤵
  PID:8428
- C:\Windows\System\pCkZtxR.exe
  C:\Windows\System\pCkZtxR.exe
  2⤵
  PID:8492
- C:\Windows\System\qJNltQb.exe
  C:\Windows\System\qJNltQb.exe
  2⤵
  PID:8552
- C:\Windows\System\KCWYuAC.exe
  C:\Windows\System\KCWYuAC.exe
  2⤵
  PID:8584
- C:\Windows\System\TfkDVHv.exe
  C:\Windows\System\TfkDVHv.exe
  2⤵
  PID:8604
- C:\Windows\System\xjmXgxD.exe
  C:\Windows\System\xjmXgxD.exe
  2⤵
  PID:8636
- C:\Windows\System\GvGLpYg.exe
  C:\Windows\System\GvGLpYg.exe
  2⤵
  PID:8668
- C:\Windows\System\NggzyBj.exe
  C:\Windows\System\NggzyBj.exe
  2⤵
  PID:8708
- C:\Windows\System\SXzqgVI.exe
  C:\Windows\System\SXzqgVI.exe
  2⤵
  PID:8728
- C:\Windows\System\pkozkxS.exe
  C:\Windows\System\pkozkxS.exe
  2⤵
  PID:8748
- C:\Windows\System\zxDvtGi.exe
  C:\Windows\System\zxDvtGi.exe
  2⤵
  PID:8768
- C:\Windows\System\jQMEXCN.exe
  C:\Windows\System\jQMEXCN.exe
  2⤵
  PID:8792
- C:\Windows\System\GkxYRUc.exe
  C:\Windows\System\GkxYRUc.exe
  2⤵
  PID:8816
- C:\Windows\System\uhQMLSM.exe
  C:\Windows\System\uhQMLSM.exe
  2⤵
  PID:8892
- C:\Windows\System\XTBZXgY.exe
  C:\Windows\System\XTBZXgY.exe
  2⤵
  PID:8924
- C:\Windows\System\ogDwRWP.exe
  C:\Windows\System\ogDwRWP.exe
  2⤵
  PID:8928
- C:\Windows\System\ddGnOTt.exe
  C:\Windows\System\ddGnOTt.exe
  2⤵
  PID:8960
- C:\Windows\System\RJJTZcn.exe
  C:\Windows\System\RJJTZcn.exe
  2⤵
  PID:2564
- C:\Windows\System\ELCoHwk.exe
  C:\Windows\System\ELCoHwk.exe
  2⤵
  PID:8980
- C:\Windows\System\AYUpDpn.exe
  C:\Windows\System\AYUpDpn.exe
  2⤵
  PID:9036
- C:\Windows\System\Eirsaze.exe
  C:\Windows\System\Eirsaze.exe
  2⤵
  PID:9064
- C:\Windows\System\kQqoEbZ.exe
  C:\Windows\System\kQqoEbZ.exe
  2⤵
  PID:9080
- C:\Windows\System\JOSTGhv.exe
  C:\Windows\System\JOSTGhv.exe
  2⤵
  PID:328
- C:\Windows\System\oeulcGO.exe
  C:\Windows\System\oeulcGO.exe
  2⤵
  PID:9140
- C:\Windows\System\FHqZKQL.exe
  C:\Windows\System\FHqZKQL.exe
  2⤵
  PID:1684
- C:\Windows\System\NksSFNu.exe
  C:\Windows\System\NksSFNu.exe
  2⤵
  PID:2684
- C:\Windows\System\nHZKOuu.exe
  C:\Windows\System\nHZKOuu.exe
  2⤵
  PID:9156
- C:\Windows\System\sQAwFZH.exe
  C:\Windows\System\sQAwFZH.exe
  2⤵
  PID:2660
- C:\Windows\System\hTNETQg.exe
  C:\Windows\System\hTNETQg.exe
  2⤵
  PID:9160
- C:\Windows\System\yifgwja.exe
  C:\Windows\System\yifgwja.exe
  2⤵
  PID:484
- C:\Windows\System\PQxbhXP.exe
  C:\Windows\System\PQxbhXP.exe
  2⤵
  PID:560
- C:\Windows\System\dHKaclM.exe
  C:\Windows\System\dHKaclM.exe
  2⤵
  PID:9196
- C:\Windows\System\xpQpOjS.exe
  C:\Windows\System\xpQpOjS.exe
  2⤵
  PID:2116
- C:\Windows\System\DuYgqlo.exe
  C:\Windows\System\DuYgqlo.exe
  2⤵
  PID:1692
- C:\Windows\System\EJXAjyW.exe
  C:\Windows\System\EJXAjyW.exe
  2⤵
  PID:6480
- C:\Windows\System\TnjUatZ.exe
  C:\Windows\System\TnjUatZ.exe
  2⤵
  PID:1144
- C:\Windows\System\yFWLnEm.exe
  C:\Windows\System\yFWLnEm.exe
  2⤵
  PID:2640
- C:\Windows\System\cMEwCry.exe
  C:\Windows\System\cMEwCry.exe
  2⤵
  PID:9164
- C:\Windows\System\XfARoYx.exe
  C:\Windows\System\XfARoYx.exe
  2⤵
  PID:8332
- C:\Windows\System\gTWzLKy.exe
  C:\Windows\System\gTWzLKy.exe
  2⤵
  PID:7932
- C:\Windows\System\RffGCOd.exe
  C:\Windows\System\RffGCOd.exe
  2⤵
  PID:3020
- C:\Windows\System\UkfIAQZ.exe
  C:\Windows\System\UkfIAQZ.exe
  2⤵
  PID:8316
- C:\Windows\System\yWOubeY.exe
  C:\Windows\System\yWOubeY.exe
  2⤵
  PID:2936
- C:\Windows\System\MMhieeD.exe
  C:\Windows\System\MMhieeD.exe
  2⤵
  PID:8352
- C:\Windows\System\qgyXoWD.exe
  C:\Windows\System\qgyXoWD.exe
  2⤵
  PID:8516
- C:\Windows\System\iAgleLp.exe
  C:\Windows\System\iAgleLp.exe
  2⤵
  PID:8548
- C:\Windows\System\dqpnrWx.exe
  C:\Windows\System\dqpnrWx.exe
  2⤵
  PID:1004
- C:\Windows\System\WwElGDI.exe
  C:\Windows\System\WwElGDI.exe
  2⤵
  PID:8684
- C:\Windows\System\lqTLzVt.exe
  C:\Windows\System\lqTLzVt.exe
  2⤵
  PID:8704
- C:\Windows\System\tzFiqTx.exe
  C:\Windows\System\tzFiqTx.exe
  2⤵
  PID:8600
- C:\Windows\System\njefobA.exe
  C:\Windows\System\njefobA.exe
  2⤵
  PID:8724
- C:\Windows\System\AzhWpAI.exe
  C:\Windows\System\AzhWpAI.exe
  2⤵
  PID:8772
- C:\Windows\System\zEfNpZj.exe
  C:\Windows\System\zEfNpZj.exe
  2⤵
  PID:8880
- C:\Windows\System\OiASLvz.exe
  C:\Windows\System\OiASLvz.exe
  2⤵
  PID:9044
- C:\Windows\System\EzuIjnT.exe
  C:\Windows\System\EzuIjnT.exe
  2⤵
  PID:9052
- C:\Windows\System\pgBCNHd.exe
  C:\Windows\System\pgBCNHd.exe
  2⤵
  PID:9100
- C:\Windows\System\tCUEfVo.exe
  C:\Windows\System\tCUEfVo.exe
  2⤵
  PID:2020
- C:\Windows\System\aBcmwVW.exe
  C:\Windows\System\aBcmwVW.exe
  2⤵
  PID:644
- C:\Windows\System\nHdxySi.exe
  C:\Windows\System\nHdxySi.exe
  2⤵
  PID:852
- C:\Windows\System\YENgtxE.exe
  C:\Windows\System\YENgtxE.exe
  2⤵
  PID:1552
- C:\Windows\System\kTsqbqY.exe
  C:\Windows\System\kTsqbqY.exe
  2⤵
  PID:1964
- C:\Windows\System\IzSrOeN.exe
  C:\Windows\System\IzSrOeN.exe
  2⤵
  PID:8188
- C:\Windows\System\AiettDl.exe
  C:\Windows\System\AiettDl.exe
  2⤵
  PID:9168
- C:\Windows\System\ciuYvdi.exe
  C:\Windows\System\ciuYvdi.exe
  2⤵
  PID:944
- C:\Windows\System\jVPoccY.exe
  C:\Windows\System\jVPoccY.exe
  2⤵
  PID:8320
- C:\Windows\System\VxxRjFu.exe
  C:\Windows\System\VxxRjFu.exe
  2⤵
  PID:8568
- C:\Windows\System\lDtKfsD.exe
  C:\Windows\System\lDtKfsD.exe
  2⤵
  PID:1564
- C:\Windows\System\VSUhvwF.exe
  C:\Windows\System\VSUhvwF.exe
  2⤵
  PID:8300
- C:\Windows\System\hxrkOQL.exe
  C:\Windows\System\hxrkOQL.exe
  2⤵
  PID:8756
- C:\Windows\System\nQaovdE.exe
  C:\Windows\System\nQaovdE.exe
  2⤵
  PID:2900
- C:\Windows\System\fvcekhc.exe
  C:\Windows\System\fvcekhc.exe
  2⤵
  PID:8800
- C:\Windows\System\TkxoDqN.exe
  C:\Windows\System\TkxoDqN.exe
  2⤵
  PID:8876
- C:\Windows\System\NhlvtZK.exe
  C:\Windows\System\NhlvtZK.exe
  2⤵
  PID:2704
- C:\Windows\System\RUIgfDB.exe
  C:\Windows\System\RUIgfDB.exe
  2⤵
  PID:1868
- C:\Windows\System\gHolbWG.exe
  C:\Windows\System\gHolbWG.exe
  2⤵
  PID:8976
- C:\Windows\System\aNMjqwp.exe
  C:\Windows\System\aNMjqwp.exe
  2⤵
  PID:9116
- C:\Windows\System\ocVPUQA.exe
  C:\Windows\System\ocVPUQA.exe
  2⤵
  PID:9112
- C:\Windows\System\QZKOYmu.exe
  C:\Windows\System\QZKOYmu.exe
  2⤵
  PID:2164
- C:\Windows\System\qzhzwNB.exe
  C:\Windows\System\qzhzwNB.exe
  2⤵
  PID:2056
- C:\Windows\System\gixbhVD.exe
  C:\Windows\System\gixbhVD.exe
  2⤵
  PID:7668
- C:\Windows\System\RAkPkpN.exe
  C:\Windows\System\RAkPkpN.exe
  2⤵
  PID:7496
- C:\Windows\System\nmfpPHE.exe
  C:\Windows\System\nmfpPHE.exe
  2⤵
  PID:7652
- C:\Windows\System\TRrXYwv.exe
  C:\Windows\System\TRrXYwv.exe
  2⤵
  PID:8208
- C:\Windows\System\oyrSRTZ.exe
  C:\Windows\System\oyrSRTZ.exe
  2⤵
  PID:8252
- C:\Windows\System\YQpUICf.exe
  C:\Windows\System\YQpUICf.exe
  2⤵
  PID:8520
- C:\Windows\System\XmoazpC.exe
  C:\Windows\System\XmoazpC.exe
  2⤵
  PID:2272
- C:\Windows\System\CgrGfwF.exe
  C:\Windows\System\CgrGfwF.exe
  2⤵
  PID:796
- C:\Windows\System\hLqjnxu.exe
  C:\Windows\System\hLqjnxu.exe
  2⤵
  PID:8944
- C:\Windows\System\hVCfSyl.exe
  C:\Windows\System\hVCfSyl.exe
  2⤵
  PID:8940
- C:\Windows\System\LYLCdbr.exe
  C:\Windows\System\LYLCdbr.exe
  2⤵
  PID:836
- C:\Windows\System\hKLAvbm.exe
  C:\Windows\System\hKLAvbm.exe
  2⤵
  PID:672
- C:\Windows\System\XmkCSXa.exe
  C:\Windows\System\XmkCSXa.exe
  2⤵
  PID:8776
- C:\Windows\System\sybBLok.exe
  C:\Windows\System\sybBLok.exe
  2⤵
  PID:1888
- C:\Windows\System\iQQoatp.exe
  C:\Windows\System\iQQoatp.exe
  2⤵
  PID:8764
- C:\Windows\System\HDRmhbD.exe
  C:\Windows\System\HDRmhbD.exe
  2⤵
  PID:8408
- C:\Windows\System\UFPEZZV.exe
  C:\Windows\System\UFPEZZV.exe
  2⤵
  PID:9040
- C:\Windows\System\NoKBnJM.exe
  C:\Windows\System\NoKBnJM.exe
  2⤵
  PID:8392
- C:\Windows\System\oFfbyvf.exe
  C:\Windows\System\oFfbyvf.exe
  2⤵
  PID:8812
- C:\Windows\System\QpqhQRS.exe
  C:\Windows\System\QpqhQRS.exe
  2⤵
  PID:8844
- C:\Windows\System\WIOTNye.exe
  C:\Windows\System\WIOTNye.exe
  2⤵
  PID:9224
- C:\Windows\System\LyFxIde.exe
  C:\Windows\System\LyFxIde.exe
  2⤵
  PID:9240
- C:\Windows\System\eBBAPAB.exe
  C:\Windows\System\eBBAPAB.exe
  2⤵
  PID:9260
- C:\Windows\System\SwwTkKo.exe
  C:\Windows\System\SwwTkKo.exe
  2⤵
  PID:9276
- C:\Windows\System\DrordBX.exe
  C:\Windows\System\DrordBX.exe
  2⤵
  PID:9296
- C:\Windows\System\XEixwnw.exe
  C:\Windows\System\XEixwnw.exe
  2⤵
  PID:9316
- C:\Windows\System\fzjSviK.exe
  C:\Windows\System\fzjSviK.exe
  2⤵
  PID:9368
- C:\Windows\System\PIXviXS.exe
  C:\Windows\System\PIXviXS.exe
  2⤵
  PID:9392
- C:\Windows\System\ZosFEPn.exe
  C:\Windows\System\ZosFEPn.exe
  2⤵
  PID:9420
- C:\Windows\System\pZHuBMN.exe
  C:\Windows\System\pZHuBMN.exe
  2⤵
  PID:9436
- C:\Windows\System\CXeoain.exe
  C:\Windows\System\CXeoain.exe
  2⤵
  PID:9452
- C:\Windows\System\rhoLMST.exe
  C:\Windows\System\rhoLMST.exe
  2⤵
  PID:9468
- C:\Windows\System\elmSaeg.exe
  C:\Windows\System\elmSaeg.exe
  2⤵
  PID:9484
- C:\Windows\System\SHnjsHh.exe
  C:\Windows\System\SHnjsHh.exe
  2⤵
  PID:9500
- C:\Windows\System\rmNHuxp.exe
  C:\Windows\System\rmNHuxp.exe
  2⤵
  PID:9516
- C:\Windows\System\YMRzXWO.exe
  C:\Windows\System\YMRzXWO.exe
  2⤵
  PID:9540
- C:\Windows\System\kYBKLWo.exe
  C:\Windows\System\kYBKLWo.exe
  2⤵
  PID:9556
- C:\Windows\System\yMgeHTE.exe
  C:\Windows\System\yMgeHTE.exe
  2⤵
  PID:9580
- C:\Windows\System\loCaHFl.exe
  C:\Windows\System\loCaHFl.exe
  2⤵
  PID:9600
- C:\Windows\System\qemiOIk.exe
  C:\Windows\System\qemiOIk.exe
  2⤵
  PID:9632
- C:\Windows\System\kGWDuvQ.exe
  C:\Windows\System\kGWDuvQ.exe
  2⤵
  PID:9652
- C:\Windows\System\ZYRYwXg.exe
  C:\Windows\System\ZYRYwXg.exe
  2⤵
  PID:9672
- C:\Windows\System\zsPfUfT.exe
  C:\Windows\System\zsPfUfT.exe
  2⤵
  PID:9688
- C:\Windows\System\ZGUZtcb.exe
  C:\Windows\System\ZGUZtcb.exe
  2⤵
  PID:9704
- C:\Windows\System\xrTLxie.exe
  C:\Windows\System\xrTLxie.exe
  2⤵
  PID:9720
- C:\Windows\System\VTPzFUy.exe
  C:\Windows\System\VTPzFUy.exe
  2⤵
  PID:9736
- C:\Windows\System\isxbPfL.exe
  C:\Windows\System\isxbPfL.exe
  2⤵
  PID:9756
- C:\Windows\System\PLaiiOG.exe
  C:\Windows\System\PLaiiOG.exe
  2⤵
  PID:9772
- C:\Windows\System\tDiUIRP.exe
  C:\Windows\System\tDiUIRP.exe
  2⤵
  PID:9792
- C:\Windows\System\xWsMkCP.exe
  C:\Windows\System\xWsMkCP.exe
  2⤵
  PID:9808
- C:\Windows\System\HVJrNoU.exe
  C:\Windows\System\HVJrNoU.exe
  2⤵
  PID:9824
- C:\Windows\System\DpDrPlG.exe
  C:\Windows\System\DpDrPlG.exe
  2⤵
  PID:9840
- C:\Windows\System\lLXCovP.exe
  C:\Windows\System\lLXCovP.exe
  2⤵
  PID:9860
- C:\Windows\System\sYJrgpT.exe
  C:\Windows\System\sYJrgpT.exe
  2⤵
  PID:9876
- C:\Windows\System\ByYHlzo.exe
  C:\Windows\System\ByYHlzo.exe
  2⤵
  PID:9896
- C:\Windows\System\XlGTetd.exe
  C:\Windows\System\XlGTetd.exe
  2⤵
  PID:9916
- C:\Windows\System\jlIEPmc.exe
  C:\Windows\System\jlIEPmc.exe
  2⤵
  PID:9932
- C:\Windows\System\oWtxHgb.exe
  C:\Windows\System\oWtxHgb.exe
  2⤵
  PID:9948
- C:\Windows\System\zhwLiQi.exe
  C:\Windows\System\zhwLiQi.exe
  2⤵
  PID:9964
- C:\Windows\System\qZfjrMp.exe
  C:\Windows\System\qZfjrMp.exe
  2⤵
  PID:9984
- C:\Windows\System\xjBrvDg.exe
  C:\Windows\System\xjBrvDg.exe
  2⤵
  PID:10048
- C:\Windows\System\YmUkrgM.exe
  C:\Windows\System\YmUkrgM.exe
  2⤵
  PID:10064
- C:\Windows\System\KZWlYDH.exe
  C:\Windows\System\KZWlYDH.exe
  2⤵
  PID:10080
- C:\Windows\System\PokrOhj.exe
  C:\Windows\System\PokrOhj.exe
  2⤵
  PID:10096
- C:\Windows\System\vFvJdAn.exe
  C:\Windows\System\vFvJdAn.exe
  2⤵
  PID:10116
- C:\Windows\System\cHPQYRI.exe
  C:\Windows\System\cHPQYRI.exe
  2⤵
  PID:10132
- C:\Windows\System\qKFuODi.exe
  C:\Windows\System\qKFuODi.exe
  2⤵
  PID:10152
- C:\Windows\System\FfREymN.exe
  C:\Windows\System\FfREymN.exe
  2⤵
  PID:10168
- C:\Windows\System\JrzMwuL.exe
  C:\Windows\System\JrzMwuL.exe
  2⤵
  PID:10184
- C:\Windows\System\uomnrUR.exe
  C:\Windows\System\uomnrUR.exe
  2⤵
  PID:10200
- C:\Windows\System\FgDYkgp.exe
  C:\Windows\System\FgDYkgp.exe
  2⤵
  PID:10220
- C:\Windows\System\WzdYAmt.exe
  C:\Windows\System\WzdYAmt.exe
  2⤵
  PID:10236
- C:\Windows\System\tyhXCPr.exe
  C:\Windows\System\tyhXCPr.exe
  2⤵
  PID:9272
- C:\Windows\System\ILIdoxt.exe
  C:\Windows\System\ILIdoxt.exe
  2⤵
  PID:2828
- C:\Windows\System\jauJNhl.exe
  C:\Windows\System\jauJNhl.exe
  2⤵
  PID:9220
- C:\Windows\System\nIXnXKd.exe
  C:\Windows\System\nIXnXKd.exe
  2⤵
  PID:9288
- C:\Windows\System\OnJpizc.exe
  C:\Windows\System\OnJpizc.exe
  2⤵
  PID:9332
- C:\Windows\System\unnpSrg.exe
  C:\Windows\System\unnpSrg.exe
  2⤵
  PID:9348
- C:\Windows\System\emSYNkH.exe
  C:\Windows\System\emSYNkH.exe
  2⤵
  PID:9376
- C:\Windows\System\pLJRaKN.exe
  C:\Windows\System\pLJRaKN.exe
  2⤵
  PID:9404
- C:\Windows\System\ZlvqOUW.exe
  C:\Windows\System\ZlvqOUW.exe
  2⤵
  PID:9388
- C:\Windows\System\QPJdSSa.exe
  C:\Windows\System\QPJdSSa.exe
  2⤵
  PID:9524
- C:\Windows\System\rGcIDEP.exe
  C:\Windows\System\rGcIDEP.exe
  2⤵
  PID:9536
- C:\Windows\System\ttCrbBA.exe
  C:\Windows\System\ttCrbBA.exe
  2⤵
  PID:9448
- C:\Windows\System\KkVzqxV.exe
  C:\Windows\System\KkVzqxV.exe
  2⤵
  PID:9512
- C:\Windows\System\JIuyiWL.exe
  C:\Windows\System\JIuyiWL.exe
  2⤵
  PID:9620
- C:\Windows\System\oqvJlaa.exe
  C:\Windows\System\oqvJlaa.exe
  2⤵
  PID:9552
- C:\Windows\System\TrzoVFk.exe
  C:\Windows\System\TrzoVFk.exe
  2⤵
  PID:9696
- C:\Windows\System\UWpXgnM.exe
  C:\Windows\System\UWpXgnM.exe
  2⤵
  PID:9664
- C:\Windows\System\yFfpnSr.exe
  C:\Windows\System\yFfpnSr.exe
  2⤵
  PID:9644
- C:\Windows\System\orHmuPX.exe
  C:\Windows\System\orHmuPX.exe
  2⤵
  PID:9712
- C:\Windows\System\YiWfDZG.exe
  C:\Windows\System\YiWfDZG.exe
  2⤵
  PID:9752
- C:\Windows\System\CvHRdFF.exe
  C:\Windows\System\CvHRdFF.exe
  2⤵
  PID:9816
- C:\Windows\System\WXjWGZY.exe
  C:\Windows\System\WXjWGZY.exe
  2⤵
  PID:9884
- C:\Windows\System\uJIbAVw.exe
  C:\Windows\System\uJIbAVw.exe
  2⤵
  PID:9928
- C:\Windows\System\XRTIqOe.exe
  C:\Windows\System\XRTIqOe.exe
  2⤵
  PID:9940
- C:\Windows\System\bHbYaMp.exe
  C:\Windows\System\bHbYaMp.exe
  2⤵
  PID:9832
- C:\Windows\System\kMUZIpM.exe
  C:\Windows\System\kMUZIpM.exe
  2⤵
  PID:9904
- C:\Windows\System\YaZvLiB.exe
  C:\Windows\System\YaZvLiB.exe
  2⤵
  PID:9996
- C:\Windows\System\wriAJDz.exe
  C:\Windows\System\wriAJDz.exe
  2⤵
  PID:10012
- C:\Windows\System\xhGCYHU.exe
  C:\Windows\System\xhGCYHU.exe
  2⤵
  PID:10112
- C:\Windows\System\DLVymwm.exe
  C:\Windows\System\DLVymwm.exe
  2⤵
  PID:10208
- C:\Windows\System\MalTFFe.exe
  C:\Windows\System\MalTFFe.exe
  2⤵
  PID:10028
- C:\Windows\System\OusgtEK.exe
  C:\Windows\System\OusgtEK.exe
  2⤵
  PID:10104
- C:\Windows\System\BWTfSIb.exe
  C:\Windows\System\BWTfSIb.exe
  2⤵
  PID:10124
- C:\Windows\System\UOvUDAW.exe
  C:\Windows\System\UOvUDAW.exe
  2⤵
  PID:10192
- C:\Windows\System\nlFzAVW.exe
  C:\Windows\System\nlFzAVW.exe
  2⤵
  PID:10232
- C:\Windows\System\rxIitzf.exe
  C:\Windows\System\rxIitzf.exe
  2⤵
  PID:7556
- C:\Windows\System\OODeowX.exe
  C:\Windows\System\OODeowX.exe
  2⤵
  PID:8512
- C:\Windows\System\vFhymhW.exe
  C:\Windows\System\vFhymhW.exe
  2⤵
  PID:2876
- C:\Windows\System\wgKgZZh.exe
  C:\Windows\System\wgKgZZh.exe
  2⤵
  PID:9152
- C:\Windows\System\AaCizNg.exe
  C:\Windows\System\AaCizNg.exe
  2⤵
  PID:9508
- C:\Windows\System\BmiCxYu.exe
  C:\Windows\System\BmiCxYu.exe
  2⤵
  PID:9612
- C:\Windows\System\yfFomFE.exe
  C:\Windows\System\yfFomFE.exe
  2⤵
  PID:8864
- C:\Windows\System\YmEnQoL.exe
  C:\Windows\System\YmEnQoL.exe
  2⤵
  PID:9344
- C:\Windows\System\CjhJdMg.exe
  C:\Windows\System\CjhJdMg.exe
  2⤵
  PID:9728
- C:\Windows\System\YnzMGnI.exe
  C:\Windows\System\YnzMGnI.exe
  2⤵
  PID:9568
- C:\Windows\System\aFnVhJF.exe
  C:\Windows\System\aFnVhJF.exe
  2⤵
  PID:9660
- C:\Windows\System\nWeWkij.exe
  C:\Windows\System\nWeWkij.exe
  2⤵
  PID:9684
- C:\Windows\System\tVWEyOU.exe
  C:\Windows\System\tVWEyOU.exe
  2⤵
  PID:9892
- C:\Windows\System\CRnTYLM.exe
  C:\Windows\System\CRnTYLM.exe
  2⤵
  PID:10060
- C:\Windows\System\HfmnILj.exe
  C:\Windows\System\HfmnILj.exe
  2⤵
  PID:10148
- C:\Windows\System\ytHdhpw.exe
  C:\Windows\System\ytHdhpw.exe
  2⤵
  PID:8828
- C:\Windows\System\DeeHtzj.exe
  C:\Windows\System\DeeHtzj.exe
  2⤵
  PID:9640
- C:\Windows\System\gkjAyca.exe
  C:\Windows\System\gkjAyca.exe
  2⤵
  PID:10256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\KqzpFBH.exe

Filesize
6.0MB

MD5
d31b42519d967be2b33ecbde0e17813b

SHA1
88cfe6b5e4a089e5f8e3ebfc0666de4323594a44

SHA256
7b5278c749268bd76fffcd58541aaa0ecf08187926c9a2f16090548fdcd7b9a3

SHA512
8689c15c7fbfeba13133ce6de2db35a57f3af89ad18abbe5f62075f2c53b7c512026c36ca143e6746f04458b978c204969a62be7560235104b55cf063b4a74d9

Download Submit
C:\Windows\system\MnXgDmS.exe

Filesize
6.0MB

MD5
18b2f67d19ad074306b35af54181d777

SHA1
aae6f1b766ee75a150ff1cda858501c63290d150

SHA256
cf2e17a66d5fff043977b564be88441a052097a30d7ec99a45bdff465a48b1b6

SHA512
dd1388edfe9a165a7a92ba33ba67f35788b4fed39357a1cd8c2a8bd2154a9587db077b21bb2810f7f2bc0fb305bcbabf6ae1a97a2891a68fd33ddb574d580791

Download Submit
C:\Windows\system\MvdxRrv.exe

Filesize
6.0MB

MD5
1a0e2ec771d0892bfada1d4f5e4c360c

SHA1
df92acec4a2ce88c566056670709e39482aafeaf

SHA256
d809fad19854d0b25c6156575531e143da5d6c10c5a2c56aec3263353431d264

SHA512
6a7df48eb2d16a1e281c4d317c19682b1c96b59247ab04d735e462b5e1a2055431d7c199288c37ffa8dbb2b99a4e355f6bbcce783c502cb157956d4d39db9b8c

Download Submit
C:\Windows\system\THtslfY.exe

Filesize
6.0MB

MD5
90e6c3b27e9f20ce783a08bf06cff058

SHA1
74b312257d4fed663aaaa4ddcf6c5afc2430e0e8

SHA256
61288d982a3960214898a166d67a13eba9cecaec985e8acb7d05d4a370621b44

SHA512
a39766729efdf87ee69ec5fbec07c777370b2f64338c1d93bc755dce25742d86b15b2b37caf2de0a26a74d6c453cf6fcf88d34026b171511db26d10e3928a16f

Download Submit
C:\Windows\system\Tbkiibu.exe

Filesize
6.0MB

MD5
0d59fbfabc7887b71a4f47f72c0b3d5e

SHA1
e99c7e4c9da61feb3631474183a33ff02ced33d6

SHA256
123f32581240a0cfbdb775faae9f9a927abc18ed6bf9580987b63771d2623472

SHA512
47928639df3d722efc791b05ecb7dd5f6022251ba4fe90bc87820dee041cfa7ebee8ce1d1b1213e7c0c26a769d50af380a96ff5966d96b9100122217e763b3e7

Download Submit
C:\Windows\system\USckYdt.exe

Filesize
6.0MB

MD5
51c3156f91506147bafe5ce75b61524e

SHA1
203315cfc6851addc1e4ad947e2e560fea6736b0

SHA256
7753eb6056589bfc79af89a079d90fd62ec3ee968690062f5d18bfb13590bee7

SHA512
50c301f20e02adcc3cb9bf328932d939e475587a7b85cb387e14d2fc322980d61e89dd0a388db2479f2ca203d18cdf28916d9f675ca5bd8cfaa8d022ca2a62ad

Download Submit
C:\Windows\system\VqcJcRK.exe

Filesize
6.0MB

MD5
ac9b458e64485cc347d9b650ef0dbd3a

SHA1
d8f7f40711b43a15bb394a6f213a3ede0006f367

SHA256
01b2d328da78edecfaea29aa32f02abe2c6a926c7060f838dbef9aeff7528409

SHA512
09f654c6c355d0544f899260b306062b971a244eb57030810598eedf84cf9061493791a081ff9eb1127bff041aee41b6d2e97ec76edadea79c557ed81457d912

Download Submit
C:\Windows\system\ZHtrxQD.exe

Filesize
6.0MB

MD5
1a71661cbfd409b0075f4298f6e3f345

SHA1
39f07803c202d16137714930d33c0ed79ae19a30

SHA256
811ae5090cc51f2cae22a1ad0e2734a46fd9611de98f4d532710298b67d49998

SHA512
001ac91e9a53e509fe33956bfb908ad2a36009b9c5e8c7a0a923216d3543df5b09f2772396db4b33727f891bb8d845ec514e6c9c2fd4e7cd66e705e68a978ce0

Download Submit
C:\Windows\system\brhBAtI.exe

Filesize
6.0MB

MD5
a6f561d690cff77d5c29f6ec1815f4a3

SHA1
5f29d8f91735860c4a359bf9ad63b76f82f6f1a9

SHA256
b53aff04b806eca00848f68118fc3b32e20c5c1222662e633723c5b01d375b66

SHA512
c5b88a1b0f533542fdaa51e888b89dedf8adcef03690d63fffb9f3015c11e52cb1410b40e9fcfdba096b02f5942c1ab68ffe8aa946394e011e052e54e3d6f333

Download Submit
C:\Windows\system\eLLjmxb.exe

Filesize
6.0MB

MD5
243a9ec3a80c99c2ef4e6f5612696519

SHA1
6fdb98a0c5332405fec2b8f76e4a0a4710d0427e

SHA256
a2eedad46b8efb1320a61c58d90c7713ea2171c6c91d8df910d5ca5543e8c0d7

SHA512
bb7301803f9efefbe80b8aa0cfbdc7dee491a0e9952dc53ec327ce5b5e649a4c2112669c5923c395cd4a19520756f742bbbf4fa7c90cee60e26127ea9d6e9c77

Download Submit
C:\Windows\system\eVnPLvN.exe

Filesize
6.0MB

MD5
31d74f41e4feded05a4c8ba5135f7fff

SHA1
67ceda425510bb1064752ff1bf47634826ca0fa6

SHA256
c50d10d361cab87d94df5c0f17c3cd765aff881ca91f453e1da59a0ba18aedf3

SHA512
8c073a5488de4ebc77ae5c89fd641f7e5eab47fbda2e91625951872b6b66c08946b5cd453e0fc5d192f35f2f3894c7b457d6ac9d97bf15fe20fd07fd2daff421

Download Submit
C:\Windows\system\eiRxROn.exe

Filesize
6.0MB

MD5
93b14183b7ea9e66783d58f27fb41828

SHA1
eae79c634217a051daa5733dcfba420fd367ab5c

SHA256
75c86e91d5462c07c8289e0d7b72f90e18f9bf78ba0df84044ef21380d196ef8

SHA512
1097a43154bf261a4b0ab4efc9d58d8090396fe24707f5101de057e5bb744d0caef082b6d44991fb020973a9492b1edead894f5f2b43ca9298353164d706e84e

Download Submit
C:\Windows\system\fIpScUg.exe

Filesize
6.0MB

MD5
d90aa5b811ee1e9368e8c97d8e3ee630

SHA1
0d23f76a8743b5f3e54c227831e11a880c59fb17

SHA256
f2bd4eab4825f6bb68dd5d343646c809992fdd43b69afb465e7cc5010c8d474e

SHA512
0002386ef88f952a06c46e7b75ec77111cee84aad6520ece1338dbcc86c26e2eb04586b581e53bd1e18d3f1e588c3b50184f5aeeedb331ed238a0c2a639674ef

Download Submit
C:\Windows\system\gHBWsxb.exe

Filesize
6.0MB

MD5
7a90fd0987cd6e45600293fe0ea20421

SHA1
d59f776dafc1a9aacd13fcd2de9e049606db8f0b

SHA256
94490b4a741b3ecd917b8ed504a3d27606a3228636de7d4c2eb87d87d201b7b0

SHA512
3f53ea791a969d76a555209ffff637e20ce046a1c8bda9108608a1f36b63e14b92b8410c015b7874b1d374b51640a9725aa2f3d8907e7fcce3a1131d8b09988f

Download Submit
C:\Windows\system\gQCngmW.exe

Filesize
6.0MB

MD5
70f14099ecca8f8dc31c20667e1082ac

SHA1
ffee6c611a099005ae48668688412412929a338e

SHA256
327a88272f4aa0099b408efb98a0568900add96999bc11773727566bad9b37a8

SHA512
05d3355a43e13ef4121c0ed7ff116a98b1a49836130f2d7af50e5633a7a0cb5d48816e6bfcbcaffc3642e10ae5d52092c68b438f9bad21db443ec9ce3dbaa2f0

Download Submit
C:\Windows\system\lNrHGDR.exe

Filesize
6.0MB

MD5
35d7fba78d1458d9876a2f38daea1ed8

SHA1
694eb08edbfc8699fba6e453c0edd939fbe3fe3c

SHA256
a638733c06e028740db8b3803719cac275a8ee8e84e9196bcb24be713743091d

SHA512
b189059f06fafe0c2cbe705726ca7a06daea5280dfe9c4e6ce16735b6580f77b407459c83ec9d7c0fb2a37a700b4bd959874023867b3cd1fc1c655f50f0cd797

Download Submit
C:\Windows\system\oAoLMAJ.exe

Filesize
6.0MB

MD5
d105c30c26d148cc95010c62c920e7a9

SHA1
a01fe5325e08bc30e038398e5b694b749dcf993a

SHA256
645c16a869533cb0adbbeda298f9484a8bbefadb7f2f5c447911bb311ee8847e

SHA512
537ceeb3a5e6101e2de594b47d8b3375b0e3a65d914de7067eb3c89c17228ffd54550a64a0ac9aa38228c0cd2f92de863f9cc9639d4398044d5c7b298e4403cc

Download Submit
C:\Windows\system\pGzDwIr.exe

Filesize
6.0MB

MD5
83056c046cdbe6c667f0ca984ce503fa

SHA1
d675c296ad0043b37131dd039c69b8d08821ffd1

SHA256
a137f9297c8de45621ef0aa94f26826b83042e0f175175500561b32301933523

SHA512
df29f43d2a9dba91b064480f4a9a0c4342216bbac84ac0d597040c7780f315d683fbfcaf1d5a9a70a94d8e92ad54a587e9b70135af144e05745c21107806b4c8

Download Submit
C:\Windows\system\pHdmpze.exe

Filesize
6.0MB

MD5
78dd34558ab7c75b04b2dbe05da1513b

SHA1
61a3332b187c36cacd86ac75fbc2b8b47534cc06

SHA256
a3641d1774bf3e89478b1c252b7eb4cc27cbe326750efa0b3ef452f1d6fb1b19

SHA512
cbeefaba9ff93f572d3ead06a6c5aaaff458965abdf946e35f7f2ce7c8dd6fd2d42c155b5ed245f77c152ebd590a3fc43b44868da934ac04b94f990ad0fb0272

Download Submit
C:\Windows\system\qMIWROY.exe

Filesize
6.0MB

MD5
8a810fdac89502a859cfa9b2aece1741

SHA1
1fe8ba5f707681b89a7dcf5c2f20ec8eaf7e7f3e

SHA256
eb64699ea3e4e58498c9e634f8b46934f04197185fd89dafd53699ac22a518be

SHA512
13388df1cb6175c63cdbccbdf659b43444eebdaf549f18c693c690edc9fddb4bdc2926f0ab7d2d86f1d5d93d8c8f5b344912ce2a09dcc632d37523843d977199

Download Submit
C:\Windows\system\unZJali.exe

Filesize
6.0MB

MD5
1f5d820e8e9cbe3493a7fddebdf3ee38

SHA1
fa8b40ca23df8c24ab52b3ca0207777867917603

SHA256
e5d234ae6485f6debb138683182ae022e9cfa7c088fbc257c74abfde14fa629e

SHA512
bb94d38a48d6d96f2339c16824eb41ef80507bfe2c0807444b6ec59dcce03579ff11ceb026b87b069884230b5f8cca64163e289092543bece5e9255e25cbf736

Download Submit
C:\Windows\system\vBZGWII.exe

Filesize
6.0MB

MD5
ccda933b7ebb5db8656905902c88db1b

SHA1
08445ef9ca9e481c4df3f0ae98b804c607b40c7c

SHA256
ee904f17b91ec1220cba9e1d8c732db9f61f6ce272c632737d1fb9eddf9fbd4f

SHA512
3248ba8f5beeb29e9f5ad1685ad68ee6fb2bed0bad63825c07cbdf0b25b27bf1c8b540a07f593adaf88978c30b17cafeadc8b7a743cef7800814da8f14e8beb3

Download Submit
C:\Windows\system\wEAZVWU.exe

Filesize
6.0MB

MD5
b58e8531e987adc5e763cc1119073a27

SHA1
99b07f4c777cbe600359a7902d8652e0935f622b

SHA256
12a0ca42814f98d5fd9cd65cc638b5cc8319923d8670d5de13e54e5a3aad2ee1

SHA512
75dbad82e3c73d49506ef95cf888310ca3d66e73fa3d5a73b8024f418df9593b99e96b61884a6cd445f710c030575721d037f3eecee5fe5cc1839f13a82236bb

Download Submit
C:\Windows\system\wTKjiYR.exe

Filesize
6.0MB

MD5
c1dec165ced81cb5a6e1d79a49e3183e

SHA1
a2f33b3e676f4d64a713d3064d5af6ed73616ff4

SHA256
17c7215479b6d3fffeb8ea3c33952cd4356a31536126f5de8df8a6008555cf0c

SHA512
1f2d03d1b2b0157d5d1f519b7c37bd80d0a7f9b540ee8772685de06e5ea300d4954999748481f140c399593efba044692ac9258715d17ec843f743cf381745d1

Download Submit
C:\Windows\system\yGQElWA.exe

Filesize
6.0MB

MD5
72ecdbcef1d0c2c04b5696a7252bd9e1

SHA1
490ad025c4e62b1cd86202afbebed1e85541ca47

SHA256
f79b296b8ec8ef2247a31aa053dc79ff08aa27f3678bf1abcbd25cce0a6254ae

SHA512
74d12d580ab8383e87064a4f292a647aa8c4f91c244e833bd053b58db540498b34989e5aab476a7eb127ceff2d6b91440c906f368e78b8771d3a6a8f25982f3b

Download Submit
C:\Windows\system\zxuYrPo.exe

Filesize
6.0MB

MD5
dccd008c68f3626b715b4865a3dfc6fe

SHA1
a2be226b788111a697e29ccfc0ec846119e2b0bd

SHA256
55456b6c7131035758179d3d895d3befcea6cf974a898e3186e0b7a45542aad6

SHA512
6f8ffc0f1eeb25d1e51305c622d823c3c8744e400bd9e1522152f46cca9d74aa8d7d87af07d6fb165a5d3413f6021986fdd2260ae26c9839bc360a69cbb96795

Download Submit
\Windows\system\LGuxPMg.exe

Filesize
6.0MB

MD5
7776bb7263b8069d952f44ce70615275

SHA1
f02dae91a1afa84fd243dc47942feaaa7a19da4a

SHA256
b8b4f38fccb886561970aa057e76bb8867d174b48fb8fd82930b285d8d68938a

SHA512
5b3e83ea14bb24b67636af9e616c1afd017906dc9670d0b1950207cbe0ca5a799c84ca4e948341e9fc611c6390c97ef26e7e1a8a23976958d364089f5e8e1543

Download Submit
\Windows\system\YLTjgWI.exe

Filesize
6.0MB

MD5
7ed96ed771c925dc5bf27b2794b5db23

SHA1
036b4bcbab78fdd7ab4cb8e89caf3246b6cde550

SHA256
1e50b18a0baf6e2c75f71789851a3dac648551441b8790c9366cd2515c62a22d

SHA512
c06e377c8b44fb110162f40afe237e792d97828899e1ede6ef27ce7cc6f6470c967b96d15ef228fa7a98ee2e0d09e9d95024e27ff1ab3a2502e4ff2da3fec05d

Download Submit
\Windows\system\bmkLKII.exe

Filesize
6.0MB

MD5
49a5524fa1ae286554f223c21debe0ad

SHA1
efde58d4b0d0b0db3668daf666bd972cc75614d1

SHA256
6c92fac01c7ceb29ce5130b323410ce41904fb0e7125be2fe8cf29e84ede5094

SHA512
987d499fac9007f9c6efef0988a11443a733fc45e495515e6a73378bcf099e7b479ac415debf1768cb6d8c5d55fc37436fa25073b7789a7223b4ce35a2329023

Download Submit
\Windows\system\fYbSmYT.exe

Filesize
6.0MB

MD5
c674938118b728d4dcfd53cf43ae371b

SHA1
80e3101072f5b75122b9e9e7cbd341b50e54e9aa

SHA256
7bec3d092c1b7505a08f5ca229a24827b4a2764e240f5a8bdea14026d8068d1f

SHA512
6128ac173cdd7e1dcad912b6cf9bf6ee9c5a7e6cf802d2eda9dedaecaea54811680049fd6dc5b878af03199d881d198fe85be11608445d7d3a6713d57cb94bbd

Download Submit
\Windows\system\pbZMXPQ.exe

Filesize
6.0MB

MD5
3cb5978b746218384b708df2b230dddc

SHA1
df3b0674781614d23cfbb25e55c76de0a2f58950

SHA256
cdce51a834321b815983934e3ae5631e34eb59a5a649bb3d7ace13131864e300

SHA512
949106b1788e8658c0f3b05affb7956f5dccf09c40801d68f7a2d66199c675afc723457d5b4ac4af06df7617f4affe349245a55fcb193e6759370b8006fed1b3

Download Submit
\Windows\system\wUvWAuJ.exe

Filesize
6.0MB

MD5
e9269c41a89d48b7b1e61f81ecd56878

SHA1
94e295eb021d7f856b44c1edc5905f9de1776653

SHA256
02f97df098db8d54563ee6385d30bce3e0dd96c7d9a17bacd3912c95ce3abb52

SHA512
861218de2b5da30d5f6d3a6a1b2c626b224fb8f48c64d274368ac61ff941dd129d0afe25a02ab2af0881e8a365b92195eefbbed7a0c1a8abcda0be098aa353a7

Download Submit
memory/844-22-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/844-3929-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/1652-24-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1652-3856-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1832-99-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/1832-3892-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/1968-35-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1968-23-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1968-69-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/1968-40-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/1968-0-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-89-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-88-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/1968-21-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/1968-86-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/1968-498-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/1968-76-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1968-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1968-64-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-701-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/1968-71-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1968-25-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-48-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/1968-813-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/1968-585-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1968-106-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-26-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-3858-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-28-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-3925-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-97-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2508-36-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2508-3857-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3926-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2668-70-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2680-703-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3855-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2680-87-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2732-100-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3894-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-98-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3928-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2852-85-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3849-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2856-3893-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2856-202-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2856-41-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2912-49-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2912-410-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2912-3854-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/3016-3850-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/3016-75-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download