cobaltstrike | 2fe5e1eaa935c71676de1f6bcb596c728c0f77991754e99d058ea99d6b023184

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

2622a44648c8383d24468c2269a4de64
SHA1

7e407bbe56187bbcaa0d285ebc694385c1f3ff6d
SHA256

2fe5e1eaa935c71676de1f6bcb596c728c0f77991754e99d058ea99d6b023184
SHA512

b49a85efe2a2baf80318788c619820704181edaeb964fdeb633a79ad52af2ef9bd6220cd6eaf332caa5617d254cf06bf9759c21f78b296f53ac65783eb7b6f29
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUW:T+q56utgpPF8u/7W

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 37 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012245-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cfd-7.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d19-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d68-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d70-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d48-19.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174bf-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019417-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d4-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941a-164.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193ec-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019399-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c8-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b7-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019280-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938b-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925d-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019220-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191fd-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019238-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-98.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190c9-94.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878d-85.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190c6-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186c8-74.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018662-62.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019436-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001867d-71.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015da1-70.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018657-55.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-53.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d78-52.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1836-0-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/files/0x000b000000012245-3.dat	xmrig
behavioral1/files/0x0008000000015cfd-7.dat	xmrig
behavioral1/files/0x0008000000015d19-9.dat	xmrig
behavioral1/memory/1480-25-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d68-22.dat	xmrig
behavioral1/files/0x0007000000015d70-26.dat	xmrig
behavioral1/files/0x0007000000015d48-19.dat	xmrig
behavioral1/files/0x00060000000174bf-45.dat	xmrig
behavioral1/files/0x0005000000019417-168.dat	xmrig
behavioral1/files/0x00050000000193d4-166.dat	xmrig
behavioral1/files/0x000500000001941a-164.dat	xmrig
behavioral1/memory/1836-725-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/files/0x00050000000193ec-157.dat	xmrig
behavioral1/files/0x00050000000193c1-152.dat	xmrig
behavioral1/files/0x0005000000019399-151.dat	xmrig
behavioral1/files/0x00050000000193c8-148.dat	xmrig
behavioral1/files/0x00050000000193b7-141.dat	xmrig
behavioral1/files/0x0005000000019280-136.dat	xmrig
behavioral1/files/0x0005000000019263-134.dat	xmrig
behavioral1/files/0x000500000001938b-132.dat	xmrig
behavioral1/memory/1836-128-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x0005000000019278-125.dat	xmrig
behavioral1/files/0x0005000000019240-120.dat	xmrig
behavioral1/files/0x000500000001925d-115.dat	xmrig
behavioral1/files/0x0005000000019220-109.dat	xmrig
behavioral1/files/0x00050000000191fd-108.dat	xmrig
behavioral1/files/0x0005000000019238-106.dat	xmrig
behavioral1/files/0x0005000000019217-98.dat	xmrig
behavioral1/files/0x00060000000190c9-94.dat	xmrig
behavioral1/memory/1836-93-0x0000000002500000-0x0000000002854000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f3-90.dat	xmrig
behavioral1/files/0x000500000001878d-85.dat	xmrig
behavioral1/files/0x00060000000190c6-82.dat	xmrig
behavioral1/memory/2916-76-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2748-75-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186c8-74.dat	xmrig
behavioral1/memory/2804-65-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x000d000000018662-62.dat	xmrig
behavioral1/files/0x0005000000019436-172.dat	xmrig
behavioral1/memory/2632-146-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2060-124-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/600-89-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2824-73-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2264-72-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001867d-71.dat	xmrig
behavioral1/files/0x0008000000015da1-70.dat	xmrig
behavioral1/memory/2520-59-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/1712-58-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/files/0x0014000000018657-55.dat	xmrig
behavioral1/files/0x000600000001749c-53.dat	xmrig
behavioral1/files/0x0009000000015d78-52.dat	xmrig
behavioral1/memory/2128-44-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2264-3814-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2748-3815-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2520-3827-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2824-3844-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/600-3845-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/1712-3843-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2128-3842-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2632-3882-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2916-3881-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/1480-3847-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2804-3846-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
600	TZEaeKy.exe
1480	ywhGfkK.exe
2128	czifQNv.exe
1712	xZVyCJq.exe
2520	xMDqVlV.exe
2804	rKMkjrx.exe
2264	MXJGFCc.exe
2824	pwYRlcI.exe
2748	gSXYdrD.exe
2060	YBjCiEj.exe
2916	rcPfmaD.exe
2632	WaSOVSY.exe
2172	dDdbbPO.exe
2716	AiPVOeB.exe
2968	xIrjXwK.exe
2792	AAkQMpH.exe
1976	TaCPTyR.exe
1440	MmFwiWw.exe
900	nOChwdK.exe
2560	rHpwqUz.exe
2524	eEpMITZ.exe
1620	nPjjcgA.exe
1012	YQzVCnL.exe
3028	XZqTBxR.exe
2644	WQxRKpM.exe
2516	pjTVkIE.exe
2688	sBIZIvQ.exe
2244	jZJswPw.exe
1788	kdLRMpS.exe
2856	GlcVRje.exe
1544	IoxpeBP.exe
2984	DdELTqt.exe
2676	wDfGoMY.exe
2196	rvgMRuO.exe
2348	WxTUEFm.exe
2340	zGSJASR.exe
2088	eedGhlt.exe
2224	HaxvWGD.exe
1912	PjHUaxr.exe
920	IfByknT.exe
1588	VGaKdNA.exe
792	NMoTvXc.exe
2592	buXoTnn.exe
2188	yYFMwyk.exe
2288	nKAEZXV.exe
2080	TZwDLxA.exe
1644	lrYadMa.exe
2428	LrMTIhK.exe
1592	rnGtqKc.exe
1720	KPXlzjy.exe
2084	URkuQHQ.exe
904	JSiMEKT.exe
2360	hCVihBF.exe
892	RHdQvAt.exe
1600	rcindpc.exe
2276	qfYklAI.exe
1708	NIedAwe.exe
952	rYxvwZb.exe
1368	FUCTqxC.exe
1764	fBqivbJ.exe
1244	eUvqhbk.exe
1288	zAduwMJ.exe
776	zzpqxAY.exe
596	ycsUBtc.exe

Loads dropped DLL 64 IoCs

pid	Process
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1836-0-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/files/0x000b000000012245-3.dat	upx
behavioral1/files/0x0008000000015cfd-7.dat	upx
behavioral1/files/0x0008000000015d19-9.dat	upx
behavioral1/memory/1480-25-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x0007000000015d68-22.dat	upx
behavioral1/files/0x0007000000015d70-26.dat	upx
behavioral1/files/0x0007000000015d48-19.dat	upx
behavioral1/files/0x00060000000174bf-45.dat	upx
behavioral1/files/0x0005000000019417-168.dat	upx
behavioral1/files/0x00050000000193d4-166.dat	upx
behavioral1/files/0x000500000001941a-164.dat	upx
behavioral1/memory/1836-725-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/files/0x00050000000193ec-157.dat	upx
behavioral1/files/0x00050000000193c1-152.dat	upx
behavioral1/files/0x0005000000019399-151.dat	upx
behavioral1/files/0x00050000000193c8-148.dat	upx
behavioral1/files/0x00050000000193b7-141.dat	upx
behavioral1/files/0x0005000000019280-136.dat	upx
behavioral1/files/0x0005000000019263-134.dat	upx
behavioral1/files/0x000500000001938b-132.dat	upx
behavioral1/files/0x0005000000019278-125.dat	upx
behavioral1/files/0x0005000000019240-120.dat	upx
behavioral1/files/0x000500000001925d-115.dat	upx
behavioral1/files/0x0005000000019220-109.dat	upx
behavioral1/files/0x00050000000191fd-108.dat	upx
behavioral1/files/0x0005000000019238-106.dat	upx
behavioral1/files/0x0005000000019217-98.dat	upx
behavioral1/files/0x00060000000190c9-94.dat	upx
behavioral1/files/0x00050000000191f3-90.dat	upx
behavioral1/files/0x000500000001878d-85.dat	upx
behavioral1/files/0x00060000000190c6-82.dat	upx
behavioral1/memory/2916-76-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2748-75-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x00050000000186c8-74.dat	upx
behavioral1/memory/2804-65-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x000d000000018662-62.dat	upx
behavioral1/files/0x0005000000019436-172.dat	upx
behavioral1/memory/2632-146-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2060-124-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/600-89-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2824-73-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2264-72-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x000500000001867d-71.dat	upx
behavioral1/files/0x0008000000015da1-70.dat	upx
behavioral1/memory/2520-59-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/1712-58-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x0014000000018657-55.dat	upx
behavioral1/files/0x000600000001749c-53.dat	upx
behavioral1/files/0x0009000000015d78-52.dat	upx
behavioral1/memory/2128-44-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2264-3814-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2748-3815-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2520-3827-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2824-3844-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/600-3845-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/1712-3843-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2128-3842-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2632-3882-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2916-3881-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/1480-3847-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2804-3846-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2060-3949-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jKlMZzy.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sEdhqSi.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VldSOAt.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwYRlcI.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pTILEZD.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zghVXdT.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sgOqqlm.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jTYjLPc.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTOIRIK.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RUsxEgN.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uAETAgx.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TZEaeKy.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cImOqrM.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MWxNFQD.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AAnxyfV.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KYzAYJR.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uxzhsgs.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kVFqwgG.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xahXdES.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YQzVCnL.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eAyrjBz.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xMeTsUc.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPOQvtV.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EATtgIi.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BdNGDUP.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fmRJIDY.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kijSEik.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWpFUhw.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NIedAwe.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OsZziLE.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aPCRihR.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dqRVlws.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fXEPhnz.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CkhhGgn.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fPrragU.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\muQqItf.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CjLBJJV.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PIZnMdF.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EdatZpY.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAHJqEb.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JTgEnLM.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eOhnRWo.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQfAOXN.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yuanaCf.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OIZDHYj.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wDfGoMY.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\erNXkVn.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fBVrczB.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ItMmVzq.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qcNYiST.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GlcVRje.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LCXHisw.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EwPPuUn.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gsUGHOM.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yZOkTca.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKDgPyr.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HefmPLP.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OZyEIVB.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWBgoIs.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KqWAOOn.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EgOHxIK.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SRZZgPR.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dWwAhkJ.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\acoFEFc.exe	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 600	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1836 wrote to memory of 600	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1836 wrote to memory of 600	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1836 wrote to memory of 1480	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1836 wrote to memory of 1480	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1836 wrote to memory of 1480	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1836 wrote to memory of 2128	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1836 wrote to memory of 2128	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1836 wrote to memory of 2128	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1836 wrote to memory of 2520	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1836 wrote to memory of 2520	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1836 wrote to memory of 2520	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1836 wrote to memory of 1712	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1836 wrote to memory of 1712	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1836 wrote to memory of 1712	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1836 wrote to memory of 2804	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1836 wrote to memory of 2804	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1836 wrote to memory of 2804	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1836 wrote to memory of 2264	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1836 wrote to memory of 2264	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1836 wrote to memory of 2264	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1836 wrote to memory of 2060	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1836 wrote to memory of 2060	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1836 wrote to memory of 2060	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1836 wrote to memory of 2824	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1836 wrote to memory of 2824	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1836 wrote to memory of 2824	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1836 wrote to memory of 3028	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1836 wrote to memory of 3028	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1836 wrote to memory of 3028	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1836 wrote to memory of 2748	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1836 wrote to memory of 2748	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1836 wrote to memory of 2748	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1836 wrote to memory of 2644	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1836 wrote to memory of 2644	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1836 wrote to memory of 2644	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1836 wrote to memory of 2916	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1836 wrote to memory of 2916	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1836 wrote to memory of 2916	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1836 wrote to memory of 2516	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1836 wrote to memory of 2516	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1836 wrote to memory of 2516	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1836 wrote to memory of 2632	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1836 wrote to memory of 2632	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1836 wrote to memory of 2632	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1836 wrote to memory of 2688	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1836 wrote to memory of 2688	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1836 wrote to memory of 2688	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1836 wrote to memory of 2172	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1836 wrote to memory of 2172	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1836 wrote to memory of 2172	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1836 wrote to memory of 2244	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1836 wrote to memory of 2244	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1836 wrote to memory of 2244	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1836 wrote to memory of 2716	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1836 wrote to memory of 2716	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1836 wrote to memory of 2716	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1836 wrote to memory of 1788	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1836 wrote to memory of 1788	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1836 wrote to memory of 1788	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1836 wrote to memory of 2968	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1836 wrote to memory of 2968	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1836 wrote to memory of 2968	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1836 wrote to memory of 2856	1836	2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-22_2622a44648c8383d24468c2269a4de64_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Windows\System\TZEaeKy.exe
  C:\Windows\System\TZEaeKy.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\ywhGfkK.exe
  C:\Windows\System\ywhGfkK.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\czifQNv.exe
  C:\Windows\System\czifQNv.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\xMDqVlV.exe
  C:\Windows\System\xMDqVlV.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\xZVyCJq.exe
  C:\Windows\System\xZVyCJq.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\rKMkjrx.exe
  C:\Windows\System\rKMkjrx.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\MXJGFCc.exe
  C:\Windows\System\MXJGFCc.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\YBjCiEj.exe
  C:\Windows\System\YBjCiEj.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\pwYRlcI.exe
  C:\Windows\System\pwYRlcI.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\XZqTBxR.exe
  C:\Windows\System\XZqTBxR.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\gSXYdrD.exe
  C:\Windows\System\gSXYdrD.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\WQxRKpM.exe
  C:\Windows\System\WQxRKpM.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\rcPfmaD.exe
  C:\Windows\System\rcPfmaD.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\pjTVkIE.exe
  C:\Windows\System\pjTVkIE.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\WaSOVSY.exe
  C:\Windows\System\WaSOVSY.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\sBIZIvQ.exe
  C:\Windows\System\sBIZIvQ.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\dDdbbPO.exe
  C:\Windows\System\dDdbbPO.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\jZJswPw.exe
  C:\Windows\System\jZJswPw.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\AiPVOeB.exe
  C:\Windows\System\AiPVOeB.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\kdLRMpS.exe
  C:\Windows\System\kdLRMpS.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\xIrjXwK.exe
  C:\Windows\System\xIrjXwK.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\GlcVRje.exe
  C:\Windows\System\GlcVRje.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\AAkQMpH.exe
  C:\Windows\System\AAkQMpH.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\DdELTqt.exe
  C:\Windows\System\DdELTqt.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\TaCPTyR.exe
  C:\Windows\System\TaCPTyR.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\wDfGoMY.exe
  C:\Windows\System\wDfGoMY.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\MmFwiWw.exe
  C:\Windows\System\MmFwiWw.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\rvgMRuO.exe
  C:\Windows\System\rvgMRuO.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\nOChwdK.exe
  C:\Windows\System\nOChwdK.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\WxTUEFm.exe
  C:\Windows\System\WxTUEFm.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\rHpwqUz.exe
  C:\Windows\System\rHpwqUz.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\zGSJASR.exe
  C:\Windows\System\zGSJASR.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\eEpMITZ.exe
  C:\Windows\System\eEpMITZ.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\eedGhlt.exe
  C:\Windows\System\eedGhlt.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\nPjjcgA.exe
  C:\Windows\System\nPjjcgA.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\HaxvWGD.exe
  C:\Windows\System\HaxvWGD.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\YQzVCnL.exe
  C:\Windows\System\YQzVCnL.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\IoxpeBP.exe
  C:\Windows\System\IoxpeBP.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\qfYklAI.exe
  C:\Windows\System\qfYklAI.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\PjHUaxr.exe
  C:\Windows\System\PjHUaxr.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\rYxvwZb.exe
  C:\Windows\System\rYxvwZb.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\IfByknT.exe
  C:\Windows\System\IfByknT.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\FUCTqxC.exe
  C:\Windows\System\FUCTqxC.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\VGaKdNA.exe
  C:\Windows\System\VGaKdNA.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\fBqivbJ.exe
  C:\Windows\System\fBqivbJ.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\NMoTvXc.exe
  C:\Windows\System\NMoTvXc.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\eUvqhbk.exe
  C:\Windows\System\eUvqhbk.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\buXoTnn.exe
  C:\Windows\System\buXoTnn.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\zAduwMJ.exe
  C:\Windows\System\zAduwMJ.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\yYFMwyk.exe
  C:\Windows\System\yYFMwyk.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\zzpqxAY.exe
  C:\Windows\System\zzpqxAY.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\nKAEZXV.exe
  C:\Windows\System\nKAEZXV.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\ycsUBtc.exe
  C:\Windows\System\ycsUBtc.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\TZwDLxA.exe
  C:\Windows\System\TZwDLxA.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\Sbehgrn.exe
  C:\Windows\System\Sbehgrn.exe
  2⤵
  PID:1648
- C:\Windows\System\lrYadMa.exe
  C:\Windows\System\lrYadMa.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\rNFBUEy.exe
  C:\Windows\System\rNFBUEy.exe
  2⤵
  PID:884
- C:\Windows\System\LrMTIhK.exe
  C:\Windows\System\LrMTIhK.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\WBOpkGm.exe
  C:\Windows\System\WBOpkGm.exe
  2⤵
  PID:2552
- C:\Windows\System\rnGtqKc.exe
  C:\Windows\System\rnGtqKc.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\xEssapK.exe
  C:\Windows\System\xEssapK.exe
  2⤵
  PID:540
- C:\Windows\System\KPXlzjy.exe
  C:\Windows\System\KPXlzjy.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\erNXkVn.exe
  C:\Windows\System\erNXkVn.exe
  2⤵
  PID:2488
- C:\Windows\System\URkuQHQ.exe
  C:\Windows\System\URkuQHQ.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\gHMcIJR.exe
  C:\Windows\System\gHMcIJR.exe
  2⤵
  PID:788
- C:\Windows\System\JSiMEKT.exe
  C:\Windows\System\JSiMEKT.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\wUxxkgU.exe
  C:\Windows\System\wUxxkgU.exe
  2⤵
  PID:636
- C:\Windows\System\hCVihBF.exe
  C:\Windows\System\hCVihBF.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\UaxJTVb.exe
  C:\Windows\System\UaxJTVb.exe
  2⤵
  PID:1968
- C:\Windows\System\RHdQvAt.exe
  C:\Windows\System\RHdQvAt.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\vJkLoLH.exe
  C:\Windows\System\vJkLoLH.exe
  2⤵
  PID:1604
- C:\Windows\System\rcindpc.exe
  C:\Windows\System\rcindpc.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\qyFwTkG.exe
  C:\Windows\System\qyFwTkG.exe
  2⤵
  PID:1424
- C:\Windows\System\NIedAwe.exe
  C:\Windows\System\NIedAwe.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\Piofrsn.exe
  C:\Windows\System\Piofrsn.exe
  2⤵
  PID:3112
- C:\Windows\System\KfIzWYH.exe
  C:\Windows\System\KfIzWYH.exe
  2⤵
  PID:3232
- C:\Windows\System\UDsaYiq.exe
  C:\Windows\System\UDsaYiq.exe
  2⤵
  PID:3252
- C:\Windows\System\zekcaxK.exe
  C:\Windows\System\zekcaxK.exe
  2⤵
  PID:3276
- C:\Windows\System\fhBdlDL.exe
  C:\Windows\System\fhBdlDL.exe
  2⤵
  PID:3292
- C:\Windows\System\hSPjLba.exe
  C:\Windows\System\hSPjLba.exe
  2⤵
  PID:3312
- C:\Windows\System\rYcQdcP.exe
  C:\Windows\System\rYcQdcP.exe
  2⤵
  PID:3328
- C:\Windows\System\xiwNDgN.exe
  C:\Windows\System\xiwNDgN.exe
  2⤵
  PID:3356
- C:\Windows\System\OzesqBI.exe
  C:\Windows\System\OzesqBI.exe
  2⤵
  PID:3376
- C:\Windows\System\TSWeOlv.exe
  C:\Windows\System\TSWeOlv.exe
  2⤵
  PID:3392
- C:\Windows\System\OHnMdRa.exe
  C:\Windows\System\OHnMdRa.exe
  2⤵
  PID:3408
- C:\Windows\System\ezjgJbU.exe
  C:\Windows\System\ezjgJbU.exe
  2⤵
  PID:3424
- C:\Windows\System\QMjZXOw.exe
  C:\Windows\System\QMjZXOw.exe
  2⤵
  PID:3448
- C:\Windows\System\OeJwvxC.exe
  C:\Windows\System\OeJwvxC.exe
  2⤵
  PID:3464
- C:\Windows\System\ejsBZym.exe
  C:\Windows\System\ejsBZym.exe
  2⤵
  PID:3480
- C:\Windows\System\bDNVnyO.exe
  C:\Windows\System\bDNVnyO.exe
  2⤵
  PID:3500
- C:\Windows\System\MlFkfil.exe
  C:\Windows\System\MlFkfil.exe
  2⤵
  PID:3516
- C:\Windows\System\UhrtxAM.exe
  C:\Windows\System\UhrtxAM.exe
  2⤵
  PID:3532
- C:\Windows\System\rAZsAYq.exe
  C:\Windows\System\rAZsAYq.exe
  2⤵
  PID:3552
- C:\Windows\System\eMorTqq.exe
  C:\Windows\System\eMorTqq.exe
  2⤵
  PID:3572
- C:\Windows\System\MITBlMD.exe
  C:\Windows\System\MITBlMD.exe
  2⤵
  PID:3588
- C:\Windows\System\esJtsoS.exe
  C:\Windows\System\esJtsoS.exe
  2⤵
  PID:3608
- C:\Windows\System\XoplfYS.exe
  C:\Windows\System\XoplfYS.exe
  2⤵
  PID:3624
- C:\Windows\System\lnnlMKc.exe
  C:\Windows\System\lnnlMKc.exe
  2⤵
  PID:3640
- C:\Windows\System\AKjpJJH.exe
  C:\Windows\System\AKjpJJH.exe
  2⤵
  PID:3656
- C:\Windows\System\CubefMM.exe
  C:\Windows\System\CubefMM.exe
  2⤵
  PID:3676
- C:\Windows\System\JtymjcM.exe
  C:\Windows\System\JtymjcM.exe
  2⤵
  PID:3692
- C:\Windows\System\KumobVY.exe
  C:\Windows\System\KumobVY.exe
  2⤵
  PID:3712
- C:\Windows\System\LUhnDHd.exe
  C:\Windows\System\LUhnDHd.exe
  2⤵
  PID:3732
- C:\Windows\System\rwvbexu.exe
  C:\Windows\System\rwvbexu.exe
  2⤵
  PID:3752
- C:\Windows\System\myhnMKk.exe
  C:\Windows\System\myhnMKk.exe
  2⤵
  PID:3768
- C:\Windows\System\VMIkvDU.exe
  C:\Windows\System\VMIkvDU.exe
  2⤵
  PID:3784
- C:\Windows\System\HEutQLn.exe
  C:\Windows\System\HEutQLn.exe
  2⤵
  PID:3800
- C:\Windows\System\mAfBbUu.exe
  C:\Windows\System\mAfBbUu.exe
  2⤵
  PID:3816
- C:\Windows\System\Eroqbje.exe
  C:\Windows\System\Eroqbje.exe
  2⤵
  PID:3832
- C:\Windows\System\dnzotOZ.exe
  C:\Windows\System\dnzotOZ.exe
  2⤵
  PID:3848
- C:\Windows\System\PgmwKjF.exe
  C:\Windows\System\PgmwKjF.exe
  2⤵
  PID:3864
- C:\Windows\System\GnZVthF.exe
  C:\Windows\System\GnZVthF.exe
  2⤵
  PID:3880
- C:\Windows\System\cSQqGsL.exe
  C:\Windows\System\cSQqGsL.exe
  2⤵
  PID:3896
- C:\Windows\System\wzZLoaj.exe
  C:\Windows\System\wzZLoaj.exe
  2⤵
  PID:3928
- C:\Windows\System\umJGqSt.exe
  C:\Windows\System\umJGqSt.exe
  2⤵
  PID:3948
- C:\Windows\System\pZrcERW.exe
  C:\Windows\System\pZrcERW.exe
  2⤵
  PID:3968
- C:\Windows\System\ZXssiIA.exe
  C:\Windows\System\ZXssiIA.exe
  2⤵
  PID:3984
- C:\Windows\System\StDlnbb.exe
  C:\Windows\System\StDlnbb.exe
  2⤵
  PID:4008
- C:\Windows\System\EDEUJgX.exe
  C:\Windows\System\EDEUJgX.exe
  2⤵
  PID:4024
- C:\Windows\System\VLNQfDh.exe
  C:\Windows\System\VLNQfDh.exe
  2⤵
  PID:4044
- C:\Windows\System\MBQBQQR.exe
  C:\Windows\System\MBQBQQR.exe
  2⤵
  PID:4064
- C:\Windows\System\syGVCUN.exe
  C:\Windows\System\syGVCUN.exe
  2⤵
  PID:4084
- C:\Windows\System\ZkBvsAc.exe
  C:\Windows\System\ZkBvsAc.exe
  2⤵
  PID:340
- C:\Windows\System\yQbIkAF.exe
  C:\Windows\System\yQbIkAF.exe
  2⤵
  PID:2772
- C:\Windows\System\WMsYgfj.exe
  C:\Windows\System\WMsYgfj.exe
  2⤵
  PID:2612
- C:\Windows\System\IEuihVZ.exe
  C:\Windows\System\IEuihVZ.exe
  2⤵
  PID:2384
- C:\Windows\System\PWzlBMx.exe
  C:\Windows\System\PWzlBMx.exe
  2⤵
  PID:2844
- C:\Windows\System\NnalQmO.exe
  C:\Windows\System\NnalQmO.exe
  2⤵
  PID:2776
- C:\Windows\System\ZhIhkpP.exe
  C:\Windows\System\ZhIhkpP.exe
  2⤵
  PID:2756
- C:\Windows\System\kwZIRnA.exe
  C:\Windows\System\kwZIRnA.exe
  2⤵
  PID:548
- C:\Windows\System\mZuoPph.exe
  C:\Windows\System\mZuoPph.exe
  2⤵
  PID:2980
- C:\Windows\System\kqzZDxw.exe
  C:\Windows\System\kqzZDxw.exe
  2⤵
  PID:2096
- C:\Windows\System\IQbBzzg.exe
  C:\Windows\System\IQbBzzg.exe
  2⤵
  PID:1932
- C:\Windows\System\Hbhzgmc.exe
  C:\Windows\System\Hbhzgmc.exe
  2⤵
  PID:1508
- C:\Windows\System\BiEDkWk.exe
  C:\Windows\System\BiEDkWk.exe
  2⤵
  PID:2268
- C:\Windows\System\QUazTwl.exe
  C:\Windows\System\QUazTwl.exe
  2⤵
  PID:1224
- C:\Windows\System\zfnReqz.exe
  C:\Windows\System\zfnReqz.exe
  2⤵
  PID:572
- C:\Windows\System\MBnyjsf.exe
  C:\Windows\System\MBnyjsf.exe
  2⤵
  PID:2436
- C:\Windows\System\gOAskqA.exe
  C:\Windows\System\gOAskqA.exe
  2⤵
  PID:1048
- C:\Windows\System\YFPQGsA.exe
  C:\Windows\System\YFPQGsA.exe
  2⤵
  PID:3132
- C:\Windows\System\ywIgelS.exe
  C:\Windows\System\ywIgelS.exe
  2⤵
  PID:3144
- C:\Windows\System\MZdfGMG.exe
  C:\Windows\System\MZdfGMG.exe
  2⤵
  PID:3164
- C:\Windows\System\QnzXDCd.exe
  C:\Windows\System\QnzXDCd.exe
  2⤵
  PID:3180
- C:\Windows\System\qHAqdqA.exe
  C:\Windows\System\qHAqdqA.exe
  2⤵
  PID:3200
- C:\Windows\System\MXAhkiW.exe
  C:\Windows\System\MXAhkiW.exe
  2⤵
  PID:3248
- C:\Windows\System\zvtUdsT.exe
  C:\Windows\System\zvtUdsT.exe
  2⤵
  PID:3284
- C:\Windows\System\tcaUBnD.exe
  C:\Windows\System\tcaUBnD.exe
  2⤵
  PID:3368
- C:\Windows\System\ZCdithh.exe
  C:\Windows\System\ZCdithh.exe
  2⤵
  PID:3432
- C:\Windows\System\weiHuGO.exe
  C:\Windows\System\weiHuGO.exe
  2⤵
  PID:3472
- C:\Windows\System\MJXexeU.exe
  C:\Windows\System\MJXexeU.exe
  2⤵
  PID:3540
- C:\Windows\System\wTDFfAQ.exe
  C:\Windows\System\wTDFfAQ.exe
  2⤵
  PID:3584
- C:\Windows\System\mgjOjLH.exe
  C:\Windows\System\mgjOjLH.exe
  2⤵
  PID:3652
- C:\Windows\System\kPpCRiw.exe
  C:\Windows\System\kPpCRiw.exe
  2⤵
  PID:3684
- C:\Windows\System\myJKwXh.exe
  C:\Windows\System\myJKwXh.exe
  2⤵
  PID:3728
- C:\Windows\System\tJiOjUG.exe
  C:\Windows\System\tJiOjUG.exe
  2⤵
  PID:3796
- C:\Windows\System\wZySqXb.exe
  C:\Windows\System\wZySqXb.exe
  2⤵
  PID:3860
- C:\Windows\System\wLttHeV.exe
  C:\Windows\System\wLttHeV.exe
  2⤵
  PID:3940
- C:\Windows\System\MoZWzoI.exe
  C:\Windows\System\MoZWzoI.exe
  2⤵
  PID:3272
- C:\Windows\System\dwVnylm.exe
  C:\Windows\System\dwVnylm.exe
  2⤵
  PID:3308
- C:\Windows\System\mefzntD.exe
  C:\Windows\System\mefzntD.exe
  2⤵
  PID:3352
- C:\Windows\System\HTuHbKU.exe
  C:\Windows\System\HTuHbKU.exe
  2⤵
  PID:3344
- C:\Windows\System\CYkiyiH.exe
  C:\Windows\System\CYkiyiH.exe
  2⤵
  PID:2864
- C:\Windows\System\XFtJyCW.exe
  C:\Windows\System\XFtJyCW.exe
  2⤵
  PID:3604
- C:\Windows\System\NLxRVXc.exe
  C:\Windows\System\NLxRVXc.exe
  2⤵
  PID:3704
- C:\Windows\System\AAnxyfV.exe
  C:\Windows\System\AAnxyfV.exe
  2⤵
  PID:3748
- C:\Windows\System\QzXQEhI.exe
  C:\Windows\System\QzXQEhI.exe
  2⤵
  PID:3812
- C:\Windows\System\CjLBJJV.exe
  C:\Windows\System\CjLBJJV.exe
  2⤵
  PID:3876
- C:\Windows\System\lyxLOMZ.exe
  C:\Windows\System\lyxLOMZ.exe
  2⤵
  PID:3920
- C:\Windows\System\YCEPOsL.exe
  C:\Windows\System\YCEPOsL.exe
  2⤵
  PID:3964
- C:\Windows\System\eVhnpdW.exe
  C:\Windows\System\eVhnpdW.exe
  2⤵
  PID:4004
- C:\Windows\System\yxsBlnH.exe
  C:\Windows\System\yxsBlnH.exe
  2⤵
  PID:4076
- C:\Windows\System\GtDELMO.exe
  C:\Windows\System\GtDELMO.exe
  2⤵
  PID:1812
- C:\Windows\System\TWMkxJk.exe
  C:\Windows\System\TWMkxJk.exe
  2⤵
  PID:2452
- C:\Windows\System\kYGsLYM.exe
  C:\Windows\System\kYGsLYM.exe
  2⤵
  PID:3600
- C:\Windows\System\aMpygAf.exe
  C:\Windows\System\aMpygAf.exe
  2⤵
  PID:3528
- C:\Windows\System\CYIzPxk.exe
  C:\Windows\System\CYIzPxk.exe
  2⤵
  PID:2712
- C:\Windows\System\lOvrqMr.exe
  C:\Windows\System\lOvrqMr.exe
  2⤵
  PID:1624
- C:\Windows\System\bqTnwxz.exe
  C:\Windows\System\bqTnwxz.exe
  2⤵
  PID:3080
- C:\Windows\System\ZqevWPG.exe
  C:\Windows\System\ZqevWPG.exe
  2⤵
  PID:1284
- C:\Windows\System\iOasXkm.exe
  C:\Windows\System\iOasXkm.exe
  2⤵
  PID:2504
- C:\Windows\System\OjStzSc.exe
  C:\Windows\System\OjStzSc.exe
  2⤵
  PID:2944
- C:\Windows\System\QLHXoRs.exe
  C:\Windows\System\QLHXoRs.exe
  2⤵
  PID:2204
- C:\Windows\System\BplRkuy.exe
  C:\Windows\System\BplRkuy.exe
  2⤵
  PID:2892
- C:\Windows\System\xzdzMZc.exe
  C:\Windows\System\xzdzMZc.exe
  2⤵
  PID:3140
- C:\Windows\System\vAYxutP.exe
  C:\Windows\System\vAYxutP.exe
  2⤵
  PID:2220
- C:\Windows\System\puhsvaT.exe
  C:\Windows\System\puhsvaT.exe
  2⤵
  PID:3324
- C:\Windows\System\cYtAUDV.exe
  C:\Windows\System\cYtAUDV.exe
  2⤵
  PID:1704
- C:\Windows\System\QbAfLgr.exe
  C:\Windows\System\QbAfLgr.exe
  2⤵
  PID:3544
- C:\Windows\System\oVGVMsA.exe
  C:\Windows\System\oVGVMsA.exe
  2⤵
  PID:3792
- C:\Windows\System\IoNyrnL.exe
  C:\Windows\System\IoNyrnL.exe
  2⤵
  PID:3300
- C:\Windows\System\IaxSuuF.exe
  C:\Windows\System\IaxSuuF.exe
  2⤵
  PID:3568
- C:\Windows\System\UZvWSMz.exe
  C:\Windows\System\UZvWSMz.exe
  2⤵
  PID:3976
- C:\Windows\System\EhBqRVr.exe
  C:\Windows\System\EhBqRVr.exe
  2⤵
  PID:3388
- C:\Windows\System\lUKJwia.exe
  C:\Windows\System\lUKJwia.exe
  2⤵
  PID:3700
- C:\Windows\System\pHZViBK.exe
  C:\Windows\System\pHZViBK.exe
  2⤵
  PID:3912
- C:\Windows\System\SNNgCah.exe
  C:\Windows\System\SNNgCah.exe
  2⤵
  PID:2744
- C:\Windows\System\pzTzKEt.exe
  C:\Windows\System\pzTzKEt.exe
  2⤵
  PID:2368
- C:\Windows\System\gxGGLEI.exe
  C:\Windows\System\gxGGLEI.exe
  2⤵
  PID:1120
- C:\Windows\System\ylvLNZL.exe
  C:\Windows\System\ylvLNZL.exe
  2⤵
  PID:3016
- C:\Windows\System\OgZXgeS.exe
  C:\Windows\System\OgZXgeS.exe
  2⤵
  PID:3364
- C:\Windows\System\mnJbOQF.exe
  C:\Windows\System\mnJbOQF.exe
  2⤵
  PID:1652
- C:\Windows\System\cavERIo.exe
  C:\Windows\System\cavERIo.exe
  2⤵
  PID:3264
- C:\Windows\System\ubBntMw.exe
  C:\Windows\System\ubBntMw.exe
  2⤵
  PID:3724
- C:\Windows\System\KZxsIYH.exe
  C:\Windows\System\KZxsIYH.exe
  2⤵
  PID:3512
- C:\Windows\System\xNpSiDN.exe
  C:\Windows\System\xNpSiDN.exe
  2⤵
  PID:3188
- C:\Windows\System\ohiRfLA.exe
  C:\Windows\System\ohiRfLA.exe
  2⤵
  PID:3744
- C:\Windows\System\HDKlVxY.exe
  C:\Windows\System\HDKlVxY.exe
  2⤵
  PID:3960
- C:\Windows\System\pYLzKAX.exe
  C:\Windows\System\pYLzKAX.exe
  2⤵
  PID:3488
- C:\Windows\System\sZrZUpr.exe
  C:\Windows\System\sZrZUpr.exe
  2⤵
  PID:3560
- C:\Windows\System\nAnxSus.exe
  C:\Windows\System\nAnxSus.exe
  2⤵
  PID:2068
- C:\Windows\System\ialbrfe.exe
  C:\Windows\System\ialbrfe.exe
  2⤵
  PID:964
- C:\Windows\System\OZoihil.exe
  C:\Windows\System\OZoihil.exe
  2⤵
  PID:1780
- C:\Windows\System\QSrDWAC.exe
  C:\Windows\System\QSrDWAC.exe
  2⤵
  PID:3040
- C:\Windows\System\qdbEvvm.exe
  C:\Windows\System\qdbEvvm.exe
  2⤵
  PID:2896
- C:\Windows\System\HtzdUiK.exe
  C:\Windows\System\HtzdUiK.exe
  2⤵
  PID:3808
- C:\Windows\System\LCXHisw.exe
  C:\Windows\System\LCXHisw.exe
  2⤵
  PID:3492
- C:\Windows\System\SlHkpAB.exe
  C:\Windows\System\SlHkpAB.exe
  2⤵
  PID:3892
- C:\Windows\System\yzgYNmX.exe
  C:\Windows\System\yzgYNmX.exe
  2⤵
  PID:3400
- C:\Windows\System\zlelipQ.exe
  C:\Windows\System\zlelipQ.exe
  2⤵
  PID:3456
- C:\Windows\System\AgNGYWA.exe
  C:\Windows\System\AgNGYWA.exe
  2⤵
  PID:1892
- C:\Windows\System\LiYLVuV.exe
  C:\Windows\System\LiYLVuV.exe
  2⤵
  PID:3240
- C:\Windows\System\OEWEASt.exe
  C:\Windows\System\OEWEASt.exe
  2⤵
  PID:4052
- C:\Windows\System\OSnTMuX.exe
  C:\Windows\System\OSnTMuX.exe
  2⤵
  PID:2852
- C:\Windows\System\rJuGNkJ.exe
  C:\Windows\System\rJuGNkJ.exe
  2⤵
  PID:2652
- C:\Windows\System\uYyMMNl.exe
  C:\Windows\System\uYyMMNl.exe
  2⤵
  PID:2604
- C:\Windows\System\XVmMHJX.exe
  C:\Windows\System\XVmMHJX.exe
  2⤵
  PID:2032
- C:\Windows\System\iJObqRx.exe
  C:\Windows\System\iJObqRx.exe
  2⤵
  PID:1476
- C:\Windows\System\ugXExWW.exe
  C:\Windows\System\ugXExWW.exe
  2⤵
  PID:2616
- C:\Windows\System\EbPihiH.exe
  C:\Windows\System\EbPihiH.exe
  2⤵
  PID:2620
- C:\Windows\System\lzYOHlF.exe
  C:\Windows\System\lzYOHlF.exe
  2⤵
  PID:2316
- C:\Windows\System\BWROVRI.exe
  C:\Windows\System\BWROVRI.exe
  2⤵
  PID:2144
- C:\Windows\System\HlFgVhY.exe
  C:\Windows\System\HlFgVhY.exe
  2⤵
  PID:1312
- C:\Windows\System\ZxMqJWM.exe
  C:\Windows\System\ZxMqJWM.exe
  2⤵
  PID:3336
- C:\Windows\System\FKDgPyr.exe
  C:\Windows\System\FKDgPyr.exe
  2⤵
  PID:1740
- C:\Windows\System\vSxrQtj.exe
  C:\Windows\System\vSxrQtj.exe
  2⤵
  PID:2176
- C:\Windows\System\BdNGDUP.exe
  C:\Windows\System\BdNGDUP.exe
  2⤵
  PID:3172
- C:\Windows\System\KVWjnax.exe
  C:\Windows\System\KVWjnax.exe
  2⤵
  PID:2380
- C:\Windows\System\BwlQOEV.exe
  C:\Windows\System\BwlQOEV.exe
  2⤵
  PID:2848
- C:\Windows\System\pugsDJw.exe
  C:\Windows\System\pugsDJw.exe
  2⤵
  PID:1840
- C:\Windows\System\XuOuQYS.exe
  C:\Windows\System\XuOuQYS.exe
  2⤵
  PID:304
- C:\Windows\System\hZfDelG.exe
  C:\Windows\System\hZfDelG.exe
  2⤵
  PID:4112
- C:\Windows\System\IKjEHyG.exe
  C:\Windows\System\IKjEHyG.exe
  2⤵
  PID:4128
- C:\Windows\System\GiaCWzP.exe
  C:\Windows\System\GiaCWzP.exe
  2⤵
  PID:4144
- C:\Windows\System\biqckDz.exe
  C:\Windows\System\biqckDz.exe
  2⤵
  PID:4160
- C:\Windows\System\YTFoSuo.exe
  C:\Windows\System\YTFoSuo.exe
  2⤵
  PID:4176
- C:\Windows\System\CAHJqEb.exe
  C:\Windows\System\CAHJqEb.exe
  2⤵
  PID:4192
- C:\Windows\System\iODXopr.exe
  C:\Windows\System\iODXopr.exe
  2⤵
  PID:4212
- C:\Windows\System\jveYNJI.exe
  C:\Windows\System\jveYNJI.exe
  2⤵
  PID:4228
- C:\Windows\System\auXExur.exe
  C:\Windows\System\auXExur.exe
  2⤵
  PID:4244
- C:\Windows\System\AjOlfCZ.exe
  C:\Windows\System\AjOlfCZ.exe
  2⤵
  PID:4260
- C:\Windows\System\JUIObKb.exe
  C:\Windows\System\JUIObKb.exe
  2⤵
  PID:4276
- C:\Windows\System\FuRpIXv.exe
  C:\Windows\System\FuRpIXv.exe
  2⤵
  PID:4292
- C:\Windows\System\juFYEAO.exe
  C:\Windows\System\juFYEAO.exe
  2⤵
  PID:4308
- C:\Windows\System\EbQandb.exe
  C:\Windows\System\EbQandb.exe
  2⤵
  PID:4324
- C:\Windows\System\HSnLICD.exe
  C:\Windows\System\HSnLICD.exe
  2⤵
  PID:4340
- C:\Windows\System\PIZnMdF.exe
  C:\Windows\System\PIZnMdF.exe
  2⤵
  PID:4356
- C:\Windows\System\XjlXTmU.exe
  C:\Windows\System\XjlXTmU.exe
  2⤵
  PID:4372
- C:\Windows\System\vMKkuor.exe
  C:\Windows\System\vMKkuor.exe
  2⤵
  PID:4388
- C:\Windows\System\ZJKfjjL.exe
  C:\Windows\System\ZJKfjjL.exe
  2⤵
  PID:4404
- C:\Windows\System\rjDeGbM.exe
  C:\Windows\System\rjDeGbM.exe
  2⤵
  PID:4420
- C:\Windows\System\EreyUku.exe
  C:\Windows\System\EreyUku.exe
  2⤵
  PID:4436
- C:\Windows\System\dSPFGfj.exe
  C:\Windows\System\dSPFGfj.exe
  2⤵
  PID:4452
- C:\Windows\System\PyjKHRw.exe
  C:\Windows\System\PyjKHRw.exe
  2⤵
  PID:4468
- C:\Windows\System\QdKWobg.exe
  C:\Windows\System\QdKWobg.exe
  2⤵
  PID:4484
- C:\Windows\System\VxSEbnx.exe
  C:\Windows\System\VxSEbnx.exe
  2⤵
  PID:4500
- C:\Windows\System\dQdzSai.exe
  C:\Windows\System\dQdzSai.exe
  2⤵
  PID:4516
- C:\Windows\System\FdEXkUh.exe
  C:\Windows\System\FdEXkUh.exe
  2⤵
  PID:4532
- C:\Windows\System\roBUnJs.exe
  C:\Windows\System\roBUnJs.exe
  2⤵
  PID:4632
- C:\Windows\System\KTEbNDZ.exe
  C:\Windows\System\KTEbNDZ.exe
  2⤵
  PID:4648
- C:\Windows\System\gBvrJLM.exe
  C:\Windows\System\gBvrJLM.exe
  2⤵
  PID:4664
- C:\Windows\System\lONrxAS.exe
  C:\Windows\System\lONrxAS.exe
  2⤵
  PID:4680
- C:\Windows\System\Rqcljcl.exe
  C:\Windows\System\Rqcljcl.exe
  2⤵
  PID:4700
- C:\Windows\System\EZXpVEP.exe
  C:\Windows\System\EZXpVEP.exe
  2⤵
  PID:4716
- C:\Windows\System\dKkLmGa.exe
  C:\Windows\System\dKkLmGa.exe
  2⤵
  PID:4732
- C:\Windows\System\rhyekat.exe
  C:\Windows\System\rhyekat.exe
  2⤵
  PID:4748
- C:\Windows\System\OHXBbgE.exe
  C:\Windows\System\OHXBbgE.exe
  2⤵
  PID:4764
- C:\Windows\System\cSupRKj.exe
  C:\Windows\System\cSupRKj.exe
  2⤵
  PID:4780
- C:\Windows\System\vDrCuUT.exe
  C:\Windows\System\vDrCuUT.exe
  2⤵
  PID:4796
- C:\Windows\System\FByULtd.exe
  C:\Windows\System\FByULtd.exe
  2⤵
  PID:4812
- C:\Windows\System\dZioMPC.exe
  C:\Windows\System\dZioMPC.exe
  2⤵
  PID:4828
- C:\Windows\System\WOJpzBI.exe
  C:\Windows\System\WOJpzBI.exe
  2⤵
  PID:4844
- C:\Windows\System\kwcURvx.exe
  C:\Windows\System\kwcURvx.exe
  2⤵
  PID:4860
- C:\Windows\System\qKcKdtV.exe
  C:\Windows\System\qKcKdtV.exe
  2⤵
  PID:4880
- C:\Windows\System\bZciXGI.exe
  C:\Windows\System\bZciXGI.exe
  2⤵
  PID:4896
- C:\Windows\System\uapnWtI.exe
  C:\Windows\System\uapnWtI.exe
  2⤵
  PID:4916
- C:\Windows\System\ACDmqNw.exe
  C:\Windows\System\ACDmqNw.exe
  2⤵
  PID:4932
- C:\Windows\System\NrpwLDv.exe
  C:\Windows\System\NrpwLDv.exe
  2⤵
  PID:4948
- C:\Windows\System\JAcjqSK.exe
  C:\Windows\System\JAcjqSK.exe
  2⤵
  PID:4964
- C:\Windows\System\okztnog.exe
  C:\Windows\System\okztnog.exe
  2⤵
  PID:4980
- C:\Windows\System\NkfEXqD.exe
  C:\Windows\System\NkfEXqD.exe
  2⤵
  PID:5000
- C:\Windows\System\ryYGpTx.exe
  C:\Windows\System\ryYGpTx.exe
  2⤵
  PID:5016
- C:\Windows\System\PXlqdqG.exe
  C:\Windows\System\PXlqdqG.exe
  2⤵
  PID:5032
- C:\Windows\System\JTgEnLM.exe
  C:\Windows\System\JTgEnLM.exe
  2⤵
  PID:5048
- C:\Windows\System\odtNAuN.exe
  C:\Windows\System\odtNAuN.exe
  2⤵
  PID:5064
- C:\Windows\System\PuGjiFw.exe
  C:\Windows\System\PuGjiFw.exe
  2⤵
  PID:5080
- C:\Windows\System\yATwKlQ.exe
  C:\Windows\System\yATwKlQ.exe
  2⤵
  PID:5096
- C:\Windows\System\yLAZoNU.exe
  C:\Windows\System\yLAZoNU.exe
  2⤵
  PID:5112
- C:\Windows\System\JsNKURg.exe
  C:\Windows\System\JsNKURg.exe
  2⤵
  PID:2640
- C:\Windows\System\YUfCQvY.exe
  C:\Windows\System\YUfCQvY.exe
  2⤵
  PID:1160
- C:\Windows\System\MTCwUpU.exe
  C:\Windows\System\MTCwUpU.exe
  2⤵
  PID:4072
- C:\Windows\System\rBvEoSX.exe
  C:\Windows\System\rBvEoSX.exe
  2⤵
  PID:2940
- C:\Windows\System\WnMQbcA.exe
  C:\Windows\System\WnMQbcA.exe
  2⤵
  PID:3648
- C:\Windows\System\HefmPLP.exe
  C:\Windows\System\HefmPLP.exe
  2⤵
  PID:2256
- C:\Windows\System\WwXrkKx.exe
  C:\Windows\System\WwXrkKx.exe
  2⤵
  PID:3120
- C:\Windows\System\IjKaouS.exe
  C:\Windows\System\IjKaouS.exe
  2⤵
  PID:2132
- C:\Windows\System\KCxDVmG.exe
  C:\Windows\System\KCxDVmG.exe
  2⤵
  PID:2780
- C:\Windows\System\gfQHhlh.exe
  C:\Windows\System\gfQHhlh.exe
  2⤵
  PID:4124
- C:\Windows\System\zRVjGPj.exe
  C:\Windows\System\zRVjGPj.exe
  2⤵
  PID:4188
- C:\Windows\System\UkXJhQR.exe
  C:\Windows\System\UkXJhQR.exe
  2⤵
  PID:3020
- C:\Windows\System\KoDauDZ.exe
  C:\Windows\System\KoDauDZ.exe
  2⤵
  PID:3404
- C:\Windows\System\VahcRUx.exe
  C:\Windows\System\VahcRUx.exe
  2⤵
  PID:4136
- C:\Windows\System\ahGHAkn.exe
  C:\Windows\System\ahGHAkn.exe
  2⤵
  PID:4200
- C:\Windows\System\pqbjJtF.exe
  C:\Windows\System\pqbjJtF.exe
  2⤵
  PID:4224
- C:\Windows\System\wMGwLpI.exe
  C:\Windows\System\wMGwLpI.exe
  2⤵
  PID:4320
- C:\Windows\System\fmRJIDY.exe
  C:\Windows\System\fmRJIDY.exe
  2⤵
  PID:4268
- C:\Windows\System\VGWPqfG.exe
  C:\Windows\System\VGWPqfG.exe
  2⤵
  PID:4332
- C:\Windows\System\ndPVLWs.exe
  C:\Windows\System\ndPVLWs.exe
  2⤵
  PID:4396
- C:\Windows\System\aowGHJY.exe
  C:\Windows\System\aowGHJY.exe
  2⤵
  PID:4460
- C:\Windows\System\ywVfsKT.exe
  C:\Windows\System\ywVfsKT.exe
  2⤵
  PID:4256
- C:\Windows\System\EgOHxIK.exe
  C:\Windows\System\EgOHxIK.exe
  2⤵
  PID:4480
- C:\Windows\System\lxyIaEc.exe
  C:\Windows\System\lxyIaEc.exe
  2⤵
  PID:2484
- C:\Windows\System\CkgtYNB.exe
  C:\Windows\System\CkgtYNB.exe
  2⤵
  PID:1748
- C:\Windows\System\eYajjAJ.exe
  C:\Windows\System\eYajjAJ.exe
  2⤵
  PID:4552
- C:\Windows\System\TbWQTiJ.exe
  C:\Windows\System\TbWQTiJ.exe
  2⤵
  PID:4568
- C:\Windows\System\TbCTBuI.exe
  C:\Windows\System\TbCTBuI.exe
  2⤵
  PID:4588
- C:\Windows\System\EBkzTnE.exe
  C:\Windows\System\EBkzTnE.exe
  2⤵
  PID:4596
- C:\Windows\System\eqfVSpn.exe
  C:\Windows\System\eqfVSpn.exe
  2⤵
  PID:1524
- C:\Windows\System\smdWLeh.exe
  C:\Windows\System\smdWLeh.exe
  2⤵
  PID:4676
- C:\Windows\System\rCMlFig.exe
  C:\Windows\System\rCMlFig.exe
  2⤵
  PID:4744
- C:\Windows\System\fntMjzT.exe
  C:\Windows\System\fntMjzT.exe
  2⤵
  PID:4808
- C:\Windows\System\ZjmJreB.exe
  C:\Windows\System\ZjmJreB.exe
  2⤵
  PID:4868
- C:\Windows\System\zdwMHyz.exe
  C:\Windows\System\zdwMHyz.exe
  2⤵
  PID:4612
- C:\Windows\System\fJiJIuY.exe
  C:\Windows\System\fJiJIuY.exe
  2⤵
  PID:4660
- C:\Windows\System\WPEscHW.exe
  C:\Windows\System\WPEscHW.exe
  2⤵
  PID:2052
- C:\Windows\System\zIAUmoy.exe
  C:\Windows\System\zIAUmoy.exe
  2⤵
  PID:2156
- C:\Windows\System\atvJiHI.exe
  C:\Windows\System\atvJiHI.exe
  2⤵
  PID:3632
- C:\Windows\System\iUeQDXY.exe
  C:\Windows\System\iUeQDXY.exe
  2⤵
  PID:4168
- C:\Windows\System\DFUEeRU.exe
  C:\Windows\System\DFUEeRU.exe
  2⤵
  PID:1616
- C:\Windows\System\BopYAsd.exe
  C:\Windows\System\BopYAsd.exe
  2⤵
  PID:3936
- C:\Windows\System\NPXYFad.exe
  C:\Windows\System\NPXYFad.exe
  2⤵
  PID:2460
- C:\Windows\System\CbXwXKT.exe
  C:\Windows\System\CbXwXKT.exe
  2⤵
  PID:3844
- C:\Windows\System\zUznuCl.exe
  C:\Windows\System\zUznuCl.exe
  2⤵
  PID:4300
- C:\Windows\System\eAyrjBz.exe
  C:\Windows\System\eAyrjBz.exe
  2⤵
  PID:4432
- C:\Windows\System\MxrAVdv.exe
  C:\Windows\System\MxrAVdv.exe
  2⤵
  PID:4240
- C:\Windows\System\OxrNZoN.exe
  C:\Windows\System\OxrNZoN.exe
  2⤵
  PID:4496
- C:\Windows\System\uxzhsgs.exe
  C:\Windows\System\uxzhsgs.exe
  2⤵
  PID:3124
- C:\Windows\System\zvEQezL.exe
  C:\Windows\System\zvEQezL.exe
  2⤵
  PID:4412
- C:\Windows\System\dZfaAbC.exe
  C:\Windows\System\dZfaAbC.exe
  2⤵
  PID:1084
- C:\Windows\System\XOEwOHg.exe
  C:\Windows\System\XOEwOHg.exe
  2⤵
  PID:2656
- C:\Windows\System\AHNHOUB.exe
  C:\Windows\System\AHNHOUB.exe
  2⤵
  PID:4580
- C:\Windows\System\XyHMbKI.exe
  C:\Windows\System\XyHMbKI.exe
  2⤵
  PID:4616
- C:\Windows\System\skTJbjA.exe
  C:\Windows\System\skTJbjA.exe
  2⤵
  PID:4672
- C:\Windows\System\dmTdmwt.exe
  C:\Windows\System\dmTdmwt.exe
  2⤵
  PID:4804
- C:\Windows\System\BzVlqSi.exe
  C:\Windows\System\BzVlqSi.exe
  2⤵
  PID:4820
- C:\Windows\System\QXVTXXw.exe
  C:\Windows\System\QXVTXXw.exe
  2⤵
  PID:4624
- C:\Windows\System\fUkMTCZ.exe
  C:\Windows\System\fUkMTCZ.exe
  2⤵
  PID:4728
- C:\Windows\System\XrkYATF.exe
  C:\Windows\System\XrkYATF.exe
  2⤵
  PID:320
- C:\Windows\System\TSqHNQP.exe
  C:\Windows\System\TSqHNQP.exe
  2⤵
  PID:1340
- C:\Windows\System\sescQiy.exe
  C:\Windows\System\sescQiy.exe
  2⤵
  PID:4892
- C:\Windows\System\HMXsDwj.exe
  C:\Windows\System\HMXsDwj.exe
  2⤵
  PID:4988
- C:\Windows\System\lrsrhVR.exe
  C:\Windows\System\lrsrhVR.exe
  2⤵
  PID:4992
- C:\Windows\System\NPcGgDq.exe
  C:\Windows\System\NPcGgDq.exe
  2⤵
  PID:5092
- C:\Windows\System\nPgCmHl.exe
  C:\Windows\System\nPgCmHl.exe
  2⤵
  PID:3160
- C:\Windows\System\JEnabjS.exe
  C:\Windows\System\JEnabjS.exe
  2⤵
  PID:1724
- C:\Windows\System\lSlnwEZ.exe
  C:\Windows\System\lSlnwEZ.exe
  2⤵
  PID:4184
- C:\Windows\System\CIzLkVW.exe
  C:\Windows\System\CIzLkVW.exe
  2⤵
  PID:4944
- C:\Windows\System\klKDEZA.exe
  C:\Windows\System\klKDEZA.exe
  2⤵
  PID:4976
- C:\Windows\System\pEVGrik.exe
  C:\Windows\System\pEVGrik.exe
  2⤵
  PID:5076
- C:\Windows\System\GfqNjcx.exe
  C:\Windows\System\GfqNjcx.exe
  2⤵
  PID:5072
- C:\Windows\System\ozdwGNm.exe
  C:\Windows\System\ozdwGNm.exe
  2⤵
  PID:2808
- C:\Windows\System\boEtfay.exe
  C:\Windows\System\boEtfay.exe
  2⤵
  PID:4108
- C:\Windows\System\lrpChkt.exe
  C:\Windows\System\lrpChkt.exe
  2⤵
  PID:4352
- C:\Windows\System\AlrHvKZ.exe
  C:\Windows\System\AlrHvKZ.exe
  2⤵
  PID:4316
- C:\Windows\System\ijHLGbk.exe
  C:\Windows\System\ijHLGbk.exe
  2⤵
  PID:2660
- C:\Windows\System\MsvNvcS.exe
  C:\Windows\System\MsvNvcS.exe
  2⤵
  PID:4528
- C:\Windows\System\tioHXJj.exe
  C:\Windows\System\tioHXJj.exe
  2⤵
  PID:4448
- C:\Windows\System\KNPZWbh.exe
  C:\Windows\System\KNPZWbh.exe
  2⤵
  PID:4540
- C:\Windows\System\GaUYBTK.exe
  C:\Windows\System\GaUYBTK.exe
  2⤵
  PID:4600
- C:\Windows\System\qjQOJiK.exe
  C:\Windows\System\qjQOJiK.exe
  2⤵
  PID:2764
- C:\Windows\System\BavoJgH.exe
  C:\Windows\System\BavoJgH.exe
  2⤵
  PID:4740
- C:\Windows\System\cvbDJDh.exe
  C:\Windows\System\cvbDJDh.exe
  2⤵
  PID:4696
- C:\Windows\System\MEfhpgM.exe
  C:\Windows\System\MEfhpgM.exe
  2⤵
  PID:4924
- C:\Windows\System\MJHDcry.exe
  C:\Windows\System\MJHDcry.exe
  2⤵
  PID:3228
- C:\Windows\System\yEdUEuE.exe
  C:\Windows\System\yEdUEuE.exe
  2⤵
  PID:2936
- C:\Windows\System\llTEmuf.exe
  C:\Windows\System\llTEmuf.exe
  2⤵
  PID:2752
- C:\Windows\System\OKfvVwb.exe
  C:\Windows\System\OKfvVwb.exe
  2⤵
  PID:4956
- C:\Windows\System\VkYFDwG.exe
  C:\Windows\System\VkYFDwG.exe
  2⤵
  PID:3564
- C:\Windows\System\DukGtYA.exe
  C:\Windows\System\DukGtYA.exe
  2⤵
  PID:5012
- C:\Windows\System\AzdWKHF.exe
  C:\Windows\System\AzdWKHF.exe
  2⤵
  PID:5040
- C:\Windows\System\WvVBJTL.exe
  C:\Windows\System\WvVBJTL.exe
  2⤵
  PID:4204
- C:\Windows\System\BtvobSd.exe
  C:\Windows\System\BtvobSd.exe
  2⤵
  PID:2736
- C:\Windows\System\ScbXyQz.exe
  C:\Windows\System\ScbXyQz.exe
  2⤵
  PID:856
- C:\Windows\System\ItCRZuU.exe
  C:\Windows\System\ItCRZuU.exe
  2⤵
  PID:2252
- C:\Windows\System\HaYfeyV.exe
  C:\Windows\System\HaYfeyV.exe
  2⤵
  PID:4792
- C:\Windows\System\ymFpwHq.exe
  C:\Windows\System\ymFpwHq.exe
  2⤵
  PID:4760
- C:\Windows\System\yhTEkQs.exe
  C:\Windows\System\yhTEkQs.exe
  2⤵
  PID:4908
- C:\Windows\System\KQJAVks.exe
  C:\Windows\System\KQJAVks.exe
  2⤵
  PID:2960
- C:\Windows\System\sUeBcQn.exe
  C:\Windows\System\sUeBcQn.exe
  2⤵
  PID:4940
- C:\Windows\System\oFjVktY.exe
  C:\Windows\System\oFjVktY.exe
  2⤵
  PID:4104
- C:\Windows\System\wAojNAT.exe
  C:\Windows\System\wAojNAT.exe
  2⤵
  PID:2928
- C:\Windows\System\UBavjIA.exe
  C:\Windows\System\UBavjIA.exe
  2⤵
  PID:4572
- C:\Windows\System\SRZZgPR.exe
  C:\Windows\System\SRZZgPR.exe
  2⤵
  PID:5060
- C:\Windows\System\xMeTsUc.exe
  C:\Windows\System\xMeTsUc.exe
  2⤵
  PID:3440
- C:\Windows\System\XRqLthv.exe
  C:\Windows\System\XRqLthv.exe
  2⤵
  PID:2064
- C:\Windows\System\ZVStEok.exe
  C:\Windows\System\ZVStEok.exe
  2⤵
  PID:4628
- C:\Windows\System\HQjILQF.exe
  C:\Windows\System\HQjILQF.exe
  2⤵
  PID:2164
- C:\Windows\System\rxOyvdj.exe
  C:\Windows\System\rxOyvdj.exe
  2⤵
  PID:868
- C:\Windows\System\FFpdyml.exe
  C:\Windows\System\FFpdyml.exe
  2⤵
  PID:4644
- C:\Windows\System\ZchmFLI.exe
  C:\Windows\System\ZchmFLI.exe
  2⤵
  PID:4544
- C:\Windows\System\GwcUmXP.exe
  C:\Windows\System\GwcUmXP.exe
  2⤵
  PID:3220
- C:\Windows\System\gtKErIx.exe
  C:\Windows\System\gtKErIx.exe
  2⤵
  PID:5128
- C:\Windows\System\tAGVJMF.exe
  C:\Windows\System\tAGVJMF.exe
  2⤵
  PID:5144
- C:\Windows\System\hENDGTk.exe
  C:\Windows\System\hENDGTk.exe
  2⤵
  PID:5160
- C:\Windows\System\TGCwKRM.exe
  C:\Windows\System\TGCwKRM.exe
  2⤵
  PID:5176
- C:\Windows\System\dApAgxs.exe
  C:\Windows\System\dApAgxs.exe
  2⤵
  PID:5192
- C:\Windows\System\sEdhqSi.exe
  C:\Windows\System\sEdhqSi.exe
  2⤵
  PID:5208
- C:\Windows\System\RsEpLYI.exe
  C:\Windows\System\RsEpLYI.exe
  2⤵
  PID:5224
- C:\Windows\System\ZKawkki.exe
  C:\Windows\System\ZKawkki.exe
  2⤵
  PID:5240
- C:\Windows\System\vJPdQOM.exe
  C:\Windows\System\vJPdQOM.exe
  2⤵
  PID:5256
- C:\Windows\System\iZLeWLl.exe
  C:\Windows\System\iZLeWLl.exe
  2⤵
  PID:5272
- C:\Windows\System\SoxZsFz.exe
  C:\Windows\System\SoxZsFz.exe
  2⤵
  PID:5288
- C:\Windows\System\hlHJznf.exe
  C:\Windows\System\hlHJznf.exe
  2⤵
  PID:5304
- C:\Windows\System\goyBvvL.exe
  C:\Windows\System\goyBvvL.exe
  2⤵
  PID:5320
- C:\Windows\System\RYBjndP.exe
  C:\Windows\System\RYBjndP.exe
  2⤵
  PID:5336
- C:\Windows\System\oqshghl.exe
  C:\Windows\System\oqshghl.exe
  2⤵
  PID:5352
- C:\Windows\System\oGhHLLI.exe
  C:\Windows\System\oGhHLLI.exe
  2⤵
  PID:5368
- C:\Windows\System\DqLRLdG.exe
  C:\Windows\System\DqLRLdG.exe
  2⤵
  PID:5384
- C:\Windows\System\CfIvXuO.exe
  C:\Windows\System\CfIvXuO.exe
  2⤵
  PID:5400
- C:\Windows\System\MjywLBb.exe
  C:\Windows\System\MjywLBb.exe
  2⤵
  PID:5416
- C:\Windows\System\iITuDGl.exe
  C:\Windows\System\iITuDGl.exe
  2⤵
  PID:5432
- C:\Windows\System\NHNzrAv.exe
  C:\Windows\System\NHNzrAv.exe
  2⤵
  PID:5448
- C:\Windows\System\SPZLJpH.exe
  C:\Windows\System\SPZLJpH.exe
  2⤵
  PID:5464
- C:\Windows\System\beOEnLd.exe
  C:\Windows\System\beOEnLd.exe
  2⤵
  PID:5480
- C:\Windows\System\ghzDCKW.exe
  C:\Windows\System\ghzDCKW.exe
  2⤵
  PID:5496
- C:\Windows\System\PSGdnSY.exe
  C:\Windows\System\PSGdnSY.exe
  2⤵
  PID:5512
- C:\Windows\System\nWQAdlA.exe
  C:\Windows\System\nWQAdlA.exe
  2⤵
  PID:5528
- C:\Windows\System\ZLWDAye.exe
  C:\Windows\System\ZLWDAye.exe
  2⤵
  PID:5544
- C:\Windows\System\lwbgIoB.exe
  C:\Windows\System\lwbgIoB.exe
  2⤵
  PID:5560
- C:\Windows\System\aRtVDAt.exe
  C:\Windows\System\aRtVDAt.exe
  2⤵
  PID:5580
- C:\Windows\System\WNIRZpK.exe
  C:\Windows\System\WNIRZpK.exe
  2⤵
  PID:5596
- C:\Windows\System\KGsjNXn.exe
  C:\Windows\System\KGsjNXn.exe
  2⤵
  PID:5612
- C:\Windows\System\wFEyvTp.exe
  C:\Windows\System\wFEyvTp.exe
  2⤵
  PID:5628
- C:\Windows\System\quadNUE.exe
  C:\Windows\System\quadNUE.exe
  2⤵
  PID:5644
- C:\Windows\System\zktddCm.exe
  C:\Windows\System\zktddCm.exe
  2⤵
  PID:5660
- C:\Windows\System\qXOrWif.exe
  C:\Windows\System\qXOrWif.exe
  2⤵
  PID:5676
- C:\Windows\System\RvHgEFi.exe
  C:\Windows\System\RvHgEFi.exe
  2⤵
  PID:5692
- C:\Windows\System\dgBPKIq.exe
  C:\Windows\System\dgBPKIq.exe
  2⤵
  PID:5708
- C:\Windows\System\dZBrTGm.exe
  C:\Windows\System\dZBrTGm.exe
  2⤵
  PID:5724
- C:\Windows\System\BvggXMn.exe
  C:\Windows\System\BvggXMn.exe
  2⤵
  PID:5740
- C:\Windows\System\XgxrBaV.exe
  C:\Windows\System\XgxrBaV.exe
  2⤵
  PID:5756
- C:\Windows\System\IUncKaA.exe
  C:\Windows\System\IUncKaA.exe
  2⤵
  PID:5772
- C:\Windows\System\pkDjdUK.exe
  C:\Windows\System\pkDjdUK.exe
  2⤵
  PID:5788
- C:\Windows\System\CslWuXD.exe
  C:\Windows\System\CslWuXD.exe
  2⤵
  PID:5804
- C:\Windows\System\AAnygYA.exe
  C:\Windows\System\AAnygYA.exe
  2⤵
  PID:5820
- C:\Windows\System\iDnaMkA.exe
  C:\Windows\System\iDnaMkA.exe
  2⤵
  PID:5836
- C:\Windows\System\kPSrMZg.exe
  C:\Windows\System\kPSrMZg.exe
  2⤵
  PID:5852
- C:\Windows\System\EDldduv.exe
  C:\Windows\System\EDldduv.exe
  2⤵
  PID:5868
- C:\Windows\System\TNwXhcb.exe
  C:\Windows\System\TNwXhcb.exe
  2⤵
  PID:5884
- C:\Windows\System\UmbSdvj.exe
  C:\Windows\System\UmbSdvj.exe
  2⤵
  PID:5900
- C:\Windows\System\EUTjKHA.exe
  C:\Windows\System\EUTjKHA.exe
  2⤵
  PID:5916
- C:\Windows\System\NvHuicw.exe
  C:\Windows\System\NvHuicw.exe
  2⤵
  PID:5932
- C:\Windows\System\YznqpKd.exe
  C:\Windows\System\YznqpKd.exe
  2⤵
  PID:5948
- C:\Windows\System\fsnJTrU.exe
  C:\Windows\System\fsnJTrU.exe
  2⤵
  PID:5964
- C:\Windows\System\jUYqPha.exe
  C:\Windows\System\jUYqPha.exe
  2⤵
  PID:5980
- C:\Windows\System\AFSiTVV.exe
  C:\Windows\System\AFSiTVV.exe
  2⤵
  PID:5996
- C:\Windows\System\DpQkaoT.exe
  C:\Windows\System\DpQkaoT.exe
  2⤵
  PID:6012
- C:\Windows\System\OsZziLE.exe
  C:\Windows\System\OsZziLE.exe
  2⤵
  PID:6028
- C:\Windows\System\haOlNxk.exe
  C:\Windows\System\haOlNxk.exe
  2⤵
  PID:6044
- C:\Windows\System\FcLAZWs.exe
  C:\Windows\System\FcLAZWs.exe
  2⤵
  PID:6060
- C:\Windows\System\BiIcpnY.exe
  C:\Windows\System\BiIcpnY.exe
  2⤵
  PID:6076
- C:\Windows\System\SmWsJmh.exe
  C:\Windows\System\SmWsJmh.exe
  2⤵
  PID:6092
- C:\Windows\System\GeGstVn.exe
  C:\Windows\System\GeGstVn.exe
  2⤵
  PID:6108
- C:\Windows\System\SMrtOba.exe
  C:\Windows\System\SMrtOba.exe
  2⤵
  PID:6124
- C:\Windows\System\HSHtgAl.exe
  C:\Windows\System\HSHtgAl.exe
  2⤵
  PID:6140
- C:\Windows\System\zwTqOfz.exe
  C:\Windows\System\zwTqOfz.exe
  2⤵
  PID:4656
- C:\Windows\System\OleswKP.exe
  C:\Windows\System\OleswKP.exe
  2⤵
  PID:5200
- C:\Windows\System\QBdUASQ.exe
  C:\Windows\System\QBdUASQ.exe
  2⤵
  PID:5264
- C:\Windows\System\asodUpl.exe
  C:\Windows\System\asodUpl.exe
  2⤵
  PID:4548
- C:\Windows\System\dFXDuEZ.exe
  C:\Windows\System\dFXDuEZ.exe
  2⤵
  PID:5104
- C:\Windows\System\GdFLZYk.exe
  C:\Windows\System\GdFLZYk.exe
  2⤵
  PID:5156
- C:\Windows\System\VPFslZW.exe
  C:\Windows\System\VPFslZW.exe
  2⤵
  PID:5220
- C:\Windows\System\HWxxGZS.exe
  C:\Windows\System\HWxxGZS.exe
  2⤵
  PID:5300
- C:\Windows\System\nUkpAAz.exe
  C:\Windows\System\nUkpAAz.exe
  2⤵
  PID:5332
- C:\Windows\System\YQVzidT.exe
  C:\Windows\System\YQVzidT.exe
  2⤵
  PID:5360
- C:\Windows\System\mNRoryN.exe
  C:\Windows\System\mNRoryN.exe
  2⤵
  PID:5460
- C:\Windows\System\LzpynKh.exe
  C:\Windows\System\LzpynKh.exe
  2⤵
  PID:5556
- C:\Windows\System\rpgxXBp.exe
  C:\Windows\System\rpgxXBp.exe
  2⤵
  PID:5520
- C:\Windows\System\PdavrBz.exe
  C:\Windows\System\PdavrBz.exe
  2⤵
  PID:5588
- C:\Windows\System\xLkDvqv.exe
  C:\Windows\System\xLkDvqv.exe
  2⤵
  PID:5376
- C:\Windows\System\DylGRve.exe
  C:\Windows\System\DylGRve.exe
  2⤵
  PID:5380
- C:\Windows\System\ECvNvSq.exe
  C:\Windows\System\ECvNvSq.exe
  2⤵
  PID:5444
- C:\Windows\System\OZyEIVB.exe
  C:\Windows\System\OZyEIVB.exe
  2⤵
  PID:5508
- C:\Windows\System\VldSOAt.exe
  C:\Windows\System\VldSOAt.exe
  2⤵
  PID:5640
- C:\Windows\System\IzPtHwn.exe
  C:\Windows\System\IzPtHwn.exe
  2⤵
  PID:5608
- C:\Windows\System\knIsKkM.exe
  C:\Windows\System\knIsKkM.exe
  2⤵
  PID:5732
- C:\Windows\System\XkIByna.exe
  C:\Windows\System\XkIByna.exe
  2⤵
  PID:5716
- C:\Windows\System\oAKrsWQ.exe
  C:\Windows\System\oAKrsWQ.exe
  2⤵
  PID:5752
- C:\Windows\System\NfMLJxe.exe
  C:\Windows\System\NfMLJxe.exe
  2⤵
  PID:5816
- C:\Windows\System\EBXmIEl.exe
  C:\Windows\System\EBXmIEl.exe
  2⤵
  PID:5876
- C:\Windows\System\whQGKXu.exe
  C:\Windows\System\whQGKXu.exe
  2⤵
  PID:5800
- C:\Windows\System\MuCgbgn.exe
  C:\Windows\System\MuCgbgn.exe
  2⤵
  PID:5972
- C:\Windows\System\HccIvdV.exe
  C:\Windows\System\HccIvdV.exe
  2⤵
  PID:5832
- C:\Windows\System\DcvJvZf.exe
  C:\Windows\System\DcvJvZf.exe
  2⤵
  PID:5892
- C:\Windows\System\JAugena.exe
  C:\Windows\System\JAugena.exe
  2⤵
  PID:5912
- C:\Windows\System\iqYxIrT.exe
  C:\Windows\System\iqYxIrT.exe
  2⤵
  PID:6100
- C:\Windows\System\bwKNEWk.exe
  C:\Windows\System\bwKNEWk.exe
  2⤵
  PID:5992
- C:\Windows\System\TNNGJpi.exe
  C:\Windows\System\TNNGJpi.exe
  2⤵
  PID:6132
- C:\Windows\System\hkGyiQP.exe
  C:\Windows\System\hkGyiQP.exe
  2⤵
  PID:5152
- C:\Windows\System\aPCRihR.exe
  C:\Windows\System\aPCRihR.exe
  2⤵
  PID:5312
- C:\Windows\System\hYqOcib.exe
  C:\Windows\System\hYqOcib.exe
  2⤵
  PID:5316
- C:\Windows\System\JKDGBSZ.exe
  C:\Windows\System\JKDGBSZ.exe
  2⤵
  PID:6088
- C:\Windows\System\xikgGJg.exe
  C:\Windows\System\xikgGJg.exe
  2⤵
  PID:6020
- C:\Windows\System\YwtbhMJ.exe
  C:\Windows\System\YwtbhMJ.exe
  2⤵
  PID:5232
- C:\Windows\System\RKdNcSn.exe
  C:\Windows\System\RKdNcSn.exe
  2⤵
  PID:5604
- C:\Windows\System\ppFhUTa.exe
  C:\Windows\System\ppFhUTa.exe
  2⤵
  PID:5236
- C:\Windows\System\LEWEJwx.exe
  C:\Windows\System\LEWEJwx.exe
  2⤵
  PID:5396
- C:\Windows\System\ZqIkABB.exe
  C:\Windows\System\ZqIkABB.exe
  2⤵
  PID:5624
- C:\Windows\System\ZvcgMVf.exe
  C:\Windows\System\ZvcgMVf.exe
  2⤵
  PID:5768
- C:\Windows\System\vbrcDGm.exe
  C:\Windows\System\vbrcDGm.exe
  2⤵
  PID:5700
- C:\Windows\System\LykAAEy.exe
  C:\Windows\System\LykAAEy.exe
  2⤵
  PID:6004
- C:\Windows\System\XcXMTQY.exe
  C:\Windows\System\XcXMTQY.exe
  2⤵
  PID:5764
- C:\Windows\System\FmjFuQE.exe
  C:\Windows\System\FmjFuQE.exe
  2⤵
  PID:5928
- C:\Windows\System\IaflRuE.exe
  C:\Windows\System\IaflRuE.exe
  2⤵
  PID:5988
- C:\Windows\System\aBWauil.exe
  C:\Windows\System\aBWauil.exe
  2⤵
  PID:5524
- C:\Windows\System\qMDEivA.exe
  C:\Windows\System\qMDEivA.exe
  2⤵
  PID:5424
- C:\Windows\System\kVFqwgG.exe
  C:\Windows\System\kVFqwgG.exe
  2⤵
  PID:5688
- C:\Windows\System\qhamfxa.exe
  C:\Windows\System\qhamfxa.exe
  2⤵
  PID:5296
- C:\Windows\System\fBVrczB.exe
  C:\Windows\System\fBVrczB.exe
  2⤵
  PID:6072
- C:\Windows\System\AwSYJSl.exe
  C:\Windows\System\AwSYJSl.exe
  2⤵
  PID:5168
- C:\Windows\System\shitLDq.exe
  C:\Windows\System\shitLDq.exe
  2⤵
  PID:5440
- C:\Windows\System\XpzOAFs.exe
  C:\Windows\System\XpzOAFs.exe
  2⤵
  PID:6052
- C:\Windows\System\damrfhT.exe
  C:\Windows\System\damrfhT.exe
  2⤵
  PID:4560
- C:\Windows\System\eTeQoZx.exe
  C:\Windows\System\eTeQoZx.exe
  2⤵
  PID:2956
- C:\Windows\System\TfAwAzd.exe
  C:\Windows\System\TfAwAzd.exe
  2⤵
  PID:5428
- C:\Windows\System\JQiecbl.exe
  C:\Windows\System\JQiecbl.exe
  2⤵
  PID:5848
- C:\Windows\System\BjBAoXI.exe
  C:\Windows\System\BjBAoXI.exe
  2⤵
  PID:5784
- C:\Windows\System\EgaxYvp.exe
  C:\Windows\System\EgaxYvp.exe
  2⤵
  PID:5672
- C:\Windows\System\FqILQog.exe
  C:\Windows\System\FqILQog.exe
  2⤵
  PID:6104
- C:\Windows\System\ighRZuR.exe
  C:\Windows\System\ighRZuR.exe
  2⤵
  PID:5568
- C:\Windows\System\RpajHwn.exe
  C:\Windows\System\RpajHwn.exe
  2⤵
  PID:5504
- C:\Windows\System\cImOqrM.exe
  C:\Windows\System\cImOqrM.exe
  2⤵
  PID:5476
- C:\Windows\System\DxeZWLI.exe
  C:\Windows\System\DxeZWLI.exe
  2⤵
  PID:6148
- C:\Windows\System\pIuieJh.exe
  C:\Windows\System\pIuieJh.exe
  2⤵
  PID:6164
- C:\Windows\System\IDbqasK.exe
  C:\Windows\System\IDbqasK.exe
  2⤵
  PID:6180
- C:\Windows\System\kOSYgbB.exe
  C:\Windows\System\kOSYgbB.exe
  2⤵
  PID:6196
- C:\Windows\System\qfyDqJD.exe
  C:\Windows\System\qfyDqJD.exe
  2⤵
  PID:6212
- C:\Windows\System\cffvkIH.exe
  C:\Windows\System\cffvkIH.exe
  2⤵
  PID:6228
- C:\Windows\System\epAQjDU.exe
  C:\Windows\System\epAQjDU.exe
  2⤵
  PID:6244
- C:\Windows\System\woHZNJj.exe
  C:\Windows\System\woHZNJj.exe
  2⤵
  PID:6260
- C:\Windows\System\rMCXDGV.exe
  C:\Windows\System\rMCXDGV.exe
  2⤵
  PID:6276
- C:\Windows\System\mQLZUwG.exe
  C:\Windows\System\mQLZUwG.exe
  2⤵
  PID:6292
- C:\Windows\System\PLUNlvP.exe
  C:\Windows\System\PLUNlvP.exe
  2⤵
  PID:6308
- C:\Windows\System\izZZLgD.exe
  C:\Windows\System\izZZLgD.exe
  2⤵
  PID:6324
- C:\Windows\System\ffmrqBf.exe
  C:\Windows\System\ffmrqBf.exe
  2⤵
  PID:6340
- C:\Windows\System\CPeHDSQ.exe
  C:\Windows\System\CPeHDSQ.exe
  2⤵
  PID:6356
- C:\Windows\System\dWwAhkJ.exe
  C:\Windows\System\dWwAhkJ.exe
  2⤵
  PID:6372
- C:\Windows\System\GUelffr.exe
  C:\Windows\System\GUelffr.exe
  2⤵
  PID:6388
- C:\Windows\System\pguLozT.exe
  C:\Windows\System\pguLozT.exe
  2⤵
  PID:6404
- C:\Windows\System\eOkYLVf.exe
  C:\Windows\System\eOkYLVf.exe
  2⤵
  PID:6420
- C:\Windows\System\utkoLLB.exe
  C:\Windows\System\utkoLLB.exe
  2⤵
  PID:6436
- C:\Windows\System\bUGtGSB.exe
  C:\Windows\System\bUGtGSB.exe
  2⤵
  PID:6452
- C:\Windows\System\zKaoLMe.exe
  C:\Windows\System\zKaoLMe.exe
  2⤵
  PID:6468
- C:\Windows\System\zghVXdT.exe
  C:\Windows\System\zghVXdT.exe
  2⤵
  PID:6488
- C:\Windows\System\EisAsOb.exe
  C:\Windows\System\EisAsOb.exe
  2⤵
  PID:6504
- C:\Windows\System\kNAHDNI.exe
  C:\Windows\System\kNAHDNI.exe
  2⤵
  PID:6520
- C:\Windows\System\kWEsuvH.exe
  C:\Windows\System\kWEsuvH.exe
  2⤵
  PID:6536
- C:\Windows\System\nahNxfa.exe
  C:\Windows\System\nahNxfa.exe
  2⤵
  PID:6552
- C:\Windows\System\sgOqqlm.exe
  C:\Windows\System\sgOqqlm.exe
  2⤵
  PID:6568
- C:\Windows\System\ItMmVzq.exe
  C:\Windows\System\ItMmVzq.exe
  2⤵
  PID:6584
- C:\Windows\System\oQSbsjr.exe
  C:\Windows\System\oQSbsjr.exe
  2⤵
  PID:6600
- C:\Windows\System\FVvoLFw.exe
  C:\Windows\System\FVvoLFw.exe
  2⤵
  PID:6616
- C:\Windows\System\tsgDgnW.exe
  C:\Windows\System\tsgDgnW.exe
  2⤵
  PID:6632
- C:\Windows\System\CkBktJn.exe
  C:\Windows\System\CkBktJn.exe
  2⤵
  PID:6648
- C:\Windows\System\soKJKAN.exe
  C:\Windows\System\soKJKAN.exe
  2⤵
  PID:6664
- C:\Windows\System\YPihtYC.exe
  C:\Windows\System\YPihtYC.exe
  2⤵
  PID:6680
- C:\Windows\System\mIGqrLu.exe
  C:\Windows\System\mIGqrLu.exe
  2⤵
  PID:6696
- C:\Windows\System\PAiyVcq.exe
  C:\Windows\System\PAiyVcq.exe
  2⤵
  PID:6712
- C:\Windows\System\ddHACKV.exe
  C:\Windows\System\ddHACKV.exe
  2⤵
  PID:6728
- C:\Windows\System\eOhnRWo.exe
  C:\Windows\System\eOhnRWo.exe
  2⤵
  PID:6744
- C:\Windows\System\EnhxTEP.exe
  C:\Windows\System\EnhxTEP.exe
  2⤵
  PID:6760
- C:\Windows\System\dFJsOiH.exe
  C:\Windows\System\dFJsOiH.exe
  2⤵
  PID:6776
- C:\Windows\System\BZmkBTs.exe
  C:\Windows\System\BZmkBTs.exe
  2⤵
  PID:6792
- C:\Windows\System\XSLiLtK.exe
  C:\Windows\System\XSLiLtK.exe
  2⤵
  PID:6808
- C:\Windows\System\kijSEik.exe
  C:\Windows\System\kijSEik.exe
  2⤵
  PID:6824
- C:\Windows\System\qcNYiST.exe
  C:\Windows\System\qcNYiST.exe
  2⤵
  PID:6840
- C:\Windows\System\gXLhzTS.exe
  C:\Windows\System\gXLhzTS.exe
  2⤵
  PID:6856
- C:\Windows\System\APlJMnh.exe
  C:\Windows\System\APlJMnh.exe
  2⤵
  PID:6872
- C:\Windows\System\KteUKex.exe
  C:\Windows\System\KteUKex.exe
  2⤵
  PID:6888
- C:\Windows\System\AJFNlwE.exe
  C:\Windows\System\AJFNlwE.exe
  2⤵
  PID:6904
- C:\Windows\System\DBfKzLN.exe
  C:\Windows\System\DBfKzLN.exe
  2⤵
  PID:6920
- C:\Windows\System\AiCBsgO.exe
  C:\Windows\System\AiCBsgO.exe
  2⤵
  PID:6936
- C:\Windows\System\xWpFUhw.exe
  C:\Windows\System\xWpFUhw.exe
  2⤵
  PID:6952
- C:\Windows\System\zWaKEIX.exe
  C:\Windows\System\zWaKEIX.exe
  2⤵
  PID:6968
- C:\Windows\System\HSVwbxM.exe
  C:\Windows\System\HSVwbxM.exe
  2⤵
  PID:6984
- C:\Windows\System\qXqmFhA.exe
  C:\Windows\System\qXqmFhA.exe
  2⤵
  PID:7000
- C:\Windows\System\tZeFuNY.exe
  C:\Windows\System\tZeFuNY.exe
  2⤵
  PID:7016
- C:\Windows\System\VKoWvMu.exe
  C:\Windows\System\VKoWvMu.exe
  2⤵
  PID:7032
- C:\Windows\System\XjNoxTc.exe
  C:\Windows\System\XjNoxTc.exe
  2⤵
  PID:7048
- C:\Windows\System\OGHfsBs.exe
  C:\Windows\System\OGHfsBs.exe
  2⤵
  PID:7064
- C:\Windows\System\hqDmBcq.exe
  C:\Windows\System\hqDmBcq.exe
  2⤵
  PID:7080
- C:\Windows\System\YKccrQi.exe
  C:\Windows\System\YKccrQi.exe
  2⤵
  PID:7096
- C:\Windows\System\UyPDEvT.exe
  C:\Windows\System\UyPDEvT.exe
  2⤵
  PID:7112
- C:\Windows\System\HgyibKH.exe
  C:\Windows\System\HgyibKH.exe
  2⤵
  PID:7128
- C:\Windows\System\TAJhoIG.exe
  C:\Windows\System\TAJhoIG.exe
  2⤵
  PID:7144
- C:\Windows\System\dTWOHTw.exe
  C:\Windows\System\dTWOHTw.exe
  2⤵
  PID:7160
- C:\Windows\System\METtmlx.exe
  C:\Windows\System\METtmlx.exe
  2⤵
  PID:5796
- C:\Windows\System\sSMRiqv.exe
  C:\Windows\System\sSMRiqv.exe
  2⤵
  PID:5924
- C:\Windows\System\wWjLjbM.exe
  C:\Windows\System\wWjLjbM.exe
  2⤵
  PID:6160
- C:\Windows\System\KjUCYeX.exe
  C:\Windows\System\KjUCYeX.exe
  2⤵
  PID:6192
- C:\Windows\System\OhFTeEr.exe
  C:\Windows\System\OhFTeEr.exe
  2⤵
  PID:6220
- C:\Windows\System\DvgquPn.exe
  C:\Windows\System\DvgquPn.exe
  2⤵
  PID:6316
- C:\Windows\System\aBPgxmP.exe
  C:\Windows\System\aBPgxmP.exe
  2⤵
  PID:6352
- C:\Windows\System\WOrjTEh.exe
  C:\Windows\System\WOrjTEh.exe
  2⤵
  PID:6412
- C:\Windows\System\CnwENCg.exe
  C:\Windows\System\CnwENCg.exe
  2⤵
  PID:6476
- C:\Windows\System\XiZIbzN.exe
  C:\Windows\System\XiZIbzN.exe
  2⤵
  PID:1944
- C:\Windows\System\wRpIilX.exe
  C:\Windows\System\wRpIilX.exe
  2⤵
  PID:6460
- C:\Windows\System\mSlGhaV.exe
  C:\Windows\System\mSlGhaV.exe
  2⤵
  PID:6272
- C:\Windows\System\MQyFeBy.exe
  C:\Windows\System\MQyFeBy.exe
  2⤵
  PID:6368
- C:\Windows\System\NYbCWwZ.exe
  C:\Windows\System\NYbCWwZ.exe
  2⤵
  PID:6544
- C:\Windows\System\LddwZcI.exe
  C:\Windows\System\LddwZcI.exe
  2⤵
  PID:816
- C:\Windows\System\MHhnkDV.exe
  C:\Windows\System\MHhnkDV.exe
  2⤵
  PID:988
- C:\Windows\System\WkeReKR.exe
  C:\Windows\System\WkeReKR.exe
  2⤵
  PID:6656
- C:\Windows\System\ggsbRms.exe
  C:\Windows\System\ggsbRms.exe
  2⤵
  PID:6720
- C:\Windows\System\mqHKGGY.exe
  C:\Windows\System\mqHKGGY.exe
  2⤵
  PID:6608
- C:\Windows\System\COazOWI.exe
  C:\Windows\System\COazOWI.exe
  2⤵
  PID:6672
- C:\Windows\System\juvUxVX.exe
  C:\Windows\System\juvUxVX.exe
  2⤵
  PID:6736
- C:\Windows\System\KAiaVBx.exe
  C:\Windows\System\KAiaVBx.exe
  2⤵
  PID:6816
- C:\Windows\System\XmwZktp.exe
  C:\Windows\System\XmwZktp.exe
  2⤵
  PID:6852
- C:\Windows\System\hxBEtph.exe
  C:\Windows\System\hxBEtph.exe
  2⤵
  PID:6912
- C:\Windows\System\EXFArWv.exe
  C:\Windows\System\EXFArWv.exe
  2⤵
  PID:6980
- C:\Windows\System\KrLQLln.exe
  C:\Windows\System\KrLQLln.exe
  2⤵
  PID:7044
- C:\Windows\System\sQQEJoW.exe
  C:\Windows\System\sQQEJoW.exe
  2⤵
  PID:7104
- C:\Windows\System\WOBrLNj.exe
  C:\Windows\System\WOBrLNj.exe
  2⤵
  PID:6068
- C:\Windows\System\CkQNbYW.exe
  C:\Windows\System\CkQNbYW.exe
  2⤵
  PID:6252
- C:\Windows\System\sxmXxba.exe
  C:\Windows\System\sxmXxba.exe
  2⤵
  PID:7152
- C:\Windows\System\tCCvrOT.exe
  C:\Windows\System\tCCvrOT.exe
  2⤵
  PID:6320
- C:\Windows\System\cddIXpS.exe
  C:\Windows\System\cddIXpS.exe
  2⤵
  PID:6960
- C:\Windows\System\PLCSoKl.exe
  C:\Windows\System\PLCSoKl.exe
  2⤵
  PID:6868
- C:\Windows\System\PClbeMh.exe
  C:\Windows\System\PClbeMh.exe
  2⤵
  PID:6964
- C:\Windows\System\kfFpjgN.exe
  C:\Windows\System\kfFpjgN.exe
  2⤵
  PID:7028
- C:\Windows\System\sPzhNYg.exe
  C:\Windows\System\sPzhNYg.exe
  2⤵
  PID:7092
- C:\Windows\System\iZMtTDM.exe
  C:\Windows\System\iZMtTDM.exe
  2⤵
  PID:6172
- C:\Windows\System\FEzLFBy.exe
  C:\Windows\System\FEzLFBy.exe
  2⤵
  PID:6256
- C:\Windows\System\AIQhuKX.exe
  C:\Windows\System\AIQhuKX.exe
  2⤵
  PID:1732
- C:\Windows\System\yQMFfSN.exe
  C:\Windows\System\yQMFfSN.exe
  2⤵
  PID:6432
- C:\Windows\System\ECotXOk.exe
  C:\Windows\System\ECotXOk.exe
  2⤵
  PID:6624
- C:\Windows\System\yTcfsFw.exe
  C:\Windows\System\yTcfsFw.exe
  2⤵
  PID:6704
- C:\Windows\System\xzZGHHu.exe
  C:\Windows\System\xzZGHHu.exe
  2⤵
  PID:6724
- C:\Windows\System\bmkGGUY.exe
  C:\Windows\System\bmkGGUY.exe
  2⤵
  PID:6692
- C:\Windows\System\QYeSPZZ.exe
  C:\Windows\System\QYeSPZZ.exe
  2⤵
  PID:6640
- C:\Windows\System\OwFYzTO.exe
  C:\Windows\System\OwFYzTO.exe
  2⤵
  PID:6788
- C:\Windows\System\CMeWEvj.exe
  C:\Windows\System\CMeWEvj.exe
  2⤵
  PID:6976
- C:\Windows\System\DmZXXkR.exe
  C:\Windows\System\DmZXXkR.exe
  2⤵
  PID:6208
- C:\Windows\System\NIRGkTy.exe
  C:\Windows\System\NIRGkTy.exe
  2⤵
  PID:6880
- C:\Windows\System\OpNpWjN.exe
  C:\Windows\System\OpNpWjN.exe
  2⤵
  PID:7040
- C:\Windows\System\LEfZXtE.exe
  C:\Windows\System\LEfZXtE.exe
  2⤵
  PID:6772
- C:\Windows\System\GSnToXn.exe
  C:\Windows\System\GSnToXn.exe
  2⤵
  PID:6864
- C:\Windows\System\TEzcSVu.exe
  C:\Windows\System\TEzcSVu.exe
  2⤵
  PID:6380
- C:\Windows\System\ehMzUIA.exe
  C:\Windows\System\ehMzUIA.exe
  2⤵
  PID:6464
- C:\Windows\System\AKWqOjA.exe
  C:\Windows\System\AKWqOjA.exe
  2⤵
  PID:6428
- C:\Windows\System\MPQilpX.exe
  C:\Windows\System\MPQilpX.exe
  2⤵
  PID:6628
- C:\Windows\System\nBNvCwh.exe
  C:\Windows\System\nBNvCwh.exe
  2⤵
  PID:6516
- C:\Windows\System\XyzsyEg.exe
  C:\Windows\System\XyzsyEg.exe
  2⤵
  PID:6832
- C:\Windows\System\CIGxWHV.exe
  C:\Windows\System\CIGxWHV.exe
  2⤵
  PID:7124
- C:\Windows\System\jWDjbOK.exe
  C:\Windows\System\jWDjbOK.exe
  2⤵
  PID:6752
- C:\Windows\System\Encdida.exe
  C:\Windows\System\Encdida.exe
  2⤵
  PID:6900
- C:\Windows\System\pYAQUit.exe
  C:\Windows\System\pYAQUit.exe
  2⤵
  PID:6396
- C:\Windows\System\AFtbOjS.exe
  C:\Windows\System\AFtbOjS.exe
  2⤵
  PID:6564
- C:\Windows\System\HGbrbKA.exe
  C:\Windows\System\HGbrbKA.exe
  2⤵
  PID:6884
- C:\Windows\System\guFsrcN.exe
  C:\Windows\System\guFsrcN.exe
  2⤵
  PID:7172
- C:\Windows\System\yXDPQTz.exe
  C:\Windows\System\yXDPQTz.exe
  2⤵
  PID:7188
- C:\Windows\System\pZGNjVv.exe
  C:\Windows\System\pZGNjVv.exe
  2⤵
  PID:7204
- C:\Windows\System\anxNRgC.exe
  C:\Windows\System\anxNRgC.exe
  2⤵
  PID:7220
- C:\Windows\System\zzbJVhf.exe
  C:\Windows\System\zzbJVhf.exe
  2⤵
  PID:7236
- C:\Windows\System\ebLLMET.exe
  C:\Windows\System\ebLLMET.exe
  2⤵
  PID:7252
- C:\Windows\System\ykKcUCT.exe
  C:\Windows\System\ykKcUCT.exe
  2⤵
  PID:7268
- C:\Windows\System\eudfPIf.exe
  C:\Windows\System\eudfPIf.exe
  2⤵
  PID:7284
- C:\Windows\System\VZZYoXk.exe
  C:\Windows\System\VZZYoXk.exe
  2⤵
  PID:7300
- C:\Windows\System\ALPjura.exe
  C:\Windows\System\ALPjura.exe
  2⤵
  PID:7316
- C:\Windows\System\PEwxror.exe
  C:\Windows\System\PEwxror.exe
  2⤵
  PID:7332
- C:\Windows\System\NXCyDwF.exe
  C:\Windows\System\NXCyDwF.exe
  2⤵
  PID:7348
- C:\Windows\System\DOQFGso.exe
  C:\Windows\System\DOQFGso.exe
  2⤵
  PID:7364
- C:\Windows\System\lljjQGO.exe
  C:\Windows\System\lljjQGO.exe
  2⤵
  PID:7380
- C:\Windows\System\wTToJJl.exe
  C:\Windows\System\wTToJJl.exe
  2⤵
  PID:7396
- C:\Windows\System\cyKewnX.exe
  C:\Windows\System\cyKewnX.exe
  2⤵
  PID:7412
- C:\Windows\System\CvmOBmF.exe
  C:\Windows\System\CvmOBmF.exe
  2⤵
  PID:7432
- C:\Windows\System\xIrKYLU.exe
  C:\Windows\System\xIrKYLU.exe
  2⤵
  PID:7448
- C:\Windows\System\PoYdVvD.exe
  C:\Windows\System\PoYdVvD.exe
  2⤵
  PID:7464
- C:\Windows\System\bQfAOXN.exe
  C:\Windows\System\bQfAOXN.exe
  2⤵
  PID:7480
- C:\Windows\System\jayFZdf.exe
  C:\Windows\System\jayFZdf.exe
  2⤵
  PID:7496
- C:\Windows\System\fltRvHz.exe
  C:\Windows\System\fltRvHz.exe
  2⤵
  PID:7512
- C:\Windows\System\mUYqUMN.exe
  C:\Windows\System\mUYqUMN.exe
  2⤵
  PID:7528
- C:\Windows\System\LOoTiEu.exe
  C:\Windows\System\LOoTiEu.exe
  2⤵
  PID:7544
- C:\Windows\System\rKOXmxx.exe
  C:\Windows\System\rKOXmxx.exe
  2⤵
  PID:7560
- C:\Windows\System\JCKDjIX.exe
  C:\Windows\System\JCKDjIX.exe
  2⤵
  PID:7576
- C:\Windows\System\qBQZYLe.exe
  C:\Windows\System\qBQZYLe.exe
  2⤵
  PID:7592
- C:\Windows\System\PilXiTp.exe
  C:\Windows\System\PilXiTp.exe
  2⤵
  PID:7608
- C:\Windows\System\wFQqJmR.exe
  C:\Windows\System\wFQqJmR.exe
  2⤵
  PID:7624
- C:\Windows\System\tKUlVzI.exe
  C:\Windows\System\tKUlVzI.exe
  2⤵
  PID:7640
- C:\Windows\System\wKISAOG.exe
  C:\Windows\System\wKISAOG.exe
  2⤵
  PID:7656
- C:\Windows\System\rvcHNPM.exe
  C:\Windows\System\rvcHNPM.exe
  2⤵
  PID:7672
- C:\Windows\System\sQyEgZI.exe
  C:\Windows\System\sQyEgZI.exe
  2⤵
  PID:7688
- C:\Windows\System\EAslYjy.exe
  C:\Windows\System\EAslYjy.exe
  2⤵
  PID:7704
- C:\Windows\System\jXuznrr.exe
  C:\Windows\System\jXuznrr.exe
  2⤵
  PID:7720
- C:\Windows\System\lExPXCN.exe
  C:\Windows\System\lExPXCN.exe
  2⤵
  PID:7736
- C:\Windows\System\rlyvcca.exe
  C:\Windows\System\rlyvcca.exe
  2⤵
  PID:7752
- C:\Windows\System\VzEFYds.exe
  C:\Windows\System\VzEFYds.exe
  2⤵
  PID:7768
- C:\Windows\System\HUPturF.exe
  C:\Windows\System\HUPturF.exe
  2⤵
  PID:7784
- C:\Windows\System\QYazLYD.exe
  C:\Windows\System\QYazLYD.exe
  2⤵
  PID:7800
- C:\Windows\System\exhVyxl.exe
  C:\Windows\System\exhVyxl.exe
  2⤵
  PID:7816
- C:\Windows\System\ULQsGts.exe
  C:\Windows\System\ULQsGts.exe
  2⤵
  PID:7832
- C:\Windows\System\owVApyw.exe
  C:\Windows\System\owVApyw.exe
  2⤵
  PID:7848
- C:\Windows\System\IyexLPL.exe
  C:\Windows\System\IyexLPL.exe
  2⤵
  PID:7864
- C:\Windows\System\NKDBSyn.exe
  C:\Windows\System\NKDBSyn.exe
  2⤵
  PID:7880
- C:\Windows\System\RrozIFc.exe
  C:\Windows\System\RrozIFc.exe
  2⤵
  PID:7896
- C:\Windows\System\ldWvzwy.exe
  C:\Windows\System\ldWvzwy.exe
  2⤵
  PID:7912
- C:\Windows\System\PQDDtPd.exe
  C:\Windows\System\PQDDtPd.exe
  2⤵
  PID:7928
- C:\Windows\System\nuDlubt.exe
  C:\Windows\System\nuDlubt.exe
  2⤵
  PID:7944
- C:\Windows\System\iSJkebS.exe
  C:\Windows\System\iSJkebS.exe
  2⤵
  PID:7968
- C:\Windows\System\DrjXxsX.exe
  C:\Windows\System\DrjXxsX.exe
  2⤵
  PID:7984
- C:\Windows\System\jEfgxOO.exe
  C:\Windows\System\jEfgxOO.exe
  2⤵
  PID:8000
- C:\Windows\System\czLicgR.exe
  C:\Windows\System\czLicgR.exe
  2⤵
  PID:8016
- C:\Windows\System\soYOvVo.exe
  C:\Windows\System\soYOvVo.exe
  2⤵
  PID:8032
- C:\Windows\System\WGSPfJR.exe
  C:\Windows\System\WGSPfJR.exe
  2⤵
  PID:8048
- C:\Windows\System\dMtTFBk.exe
  C:\Windows\System\dMtTFBk.exe
  2⤵
  PID:8064
- C:\Windows\System\KmaSJlo.exe
  C:\Windows\System\KmaSJlo.exe
  2⤵
  PID:8080
- C:\Windows\System\nMApYXv.exe
  C:\Windows\System\nMApYXv.exe
  2⤵
  PID:8096
- C:\Windows\System\EwPPuUn.exe
  C:\Windows\System\EwPPuUn.exe
  2⤵
  PID:8112
- C:\Windows\System\dqRVlws.exe
  C:\Windows\System\dqRVlws.exe
  2⤵
  PID:8128
- C:\Windows\System\KkUIotu.exe
  C:\Windows\System\KkUIotu.exe
  2⤵
  PID:8148
- C:\Windows\System\UVpIEQw.exe
  C:\Windows\System\UVpIEQw.exe
  2⤵
  PID:8164
- C:\Windows\System\VhdtNQg.exe
  C:\Windows\System\VhdtNQg.exe
  2⤵
  PID:8180
- C:\Windows\System\bPTGmDp.exe
  C:\Windows\System\bPTGmDp.exe
  2⤵
  PID:6240
- C:\Windows\System\zWoglrC.exe
  C:\Windows\System\zWoglrC.exe
  2⤵
  PID:7232
- C:\Windows\System\TyOhHtd.exe
  C:\Windows\System\TyOhHtd.exe
  2⤵
  PID:7296
- C:\Windows\System\DkCZGxh.exe
  C:\Windows\System\DkCZGxh.exe
  2⤵
  PID:7356
- C:\Windows\System\ilWPfQA.exe
  C:\Windows\System\ilWPfQA.exe
  2⤵
  PID:7456
- C:\Windows\System\GVKETsE.exe
  C:\Windows\System\GVKETsE.exe
  2⤵
  PID:7492
- C:\Windows\System\yMpuJwz.exe
  C:\Windows\System\yMpuJwz.exe
  2⤵
  PID:7488
- C:\Windows\System\JqCoBCC.exe
  C:\Windows\System\JqCoBCC.exe
  2⤵
  PID:6596
- C:\Windows\System\PaaxzkR.exe
  C:\Windows\System\PaaxzkR.exe
  2⤵
  PID:7444
- C:\Windows\System\CyTwclr.exe
  C:\Windows\System\CyTwclr.exe
  2⤵
  PID:7216
- C:\Windows\System\zGaeLHV.exe
  C:\Windows\System\zGaeLHV.exe
  2⤵
  PID:7280
- C:\Windows\System\aXtsHLb.exe
  C:\Windows\System\aXtsHLb.exe
  2⤵
  PID:7344
- C:\Windows\System\nPqvvAv.exe
  C:\Windows\System\nPqvvAv.exe
  2⤵
  PID:7476
- C:\Windows\System\rpYjUyS.exe
  C:\Windows\System\rpYjUyS.exe
  2⤵
  PID:7540
- C:\Windows\System\acoFEFc.exe
  C:\Windows\System\acoFEFc.exe
  2⤵
  PID:7616
- C:\Windows\System\UvVkeHw.exe
  C:\Windows\System\UvVkeHw.exe
  2⤵
  PID:7648
- C:\Windows\System\lrtGWty.exe
  C:\Windows\System\lrtGWty.exe
  2⤵
  PID:7600
- C:\Windows\System\UsTHJCL.exe
  C:\Windows\System\UsTHJCL.exe
  2⤵
  PID:7712
- C:\Windows\System\JLnlkay.exe
  C:\Windows\System\JLnlkay.exe
  2⤵
  PID:7604
- C:\Windows\System\hjbtrPP.exe
  C:\Windows\System\hjbtrPP.exe
  2⤵
  PID:7808
- C:\Windows\System\UobpUhx.exe
  C:\Windows\System\UobpUhx.exe
  2⤵
  PID:7876
- C:\Windows\System\hLjDtnc.exe
  C:\Windows\System\hLjDtnc.exe
  2⤵
  PID:7940
- C:\Windows\System\tyFZvIS.exe
  C:\Windows\System\tyFZvIS.exe
  2⤵
  PID:7732
- C:\Windows\System\HqQDGJc.exe
  C:\Windows\System\HqQDGJc.exe
  2⤵
  PID:7796
- C:\Windows\System\KXpDPxn.exe
  C:\Windows\System\KXpDPxn.exe
  2⤵
  PID:7860
- C:\Windows\System\ONPCJpd.exe
  C:\Windows\System\ONPCJpd.exe
  2⤵
  PID:7924
- C:\Windows\System\uQJuIAs.exe
  C:\Windows\System\uQJuIAs.exe
  2⤵
  PID:7964
- C:\Windows\System\wXPrhwv.exe
  C:\Windows\System\wXPrhwv.exe
  2⤵
  PID:7980
- C:\Windows\System\nhmsiNy.exe
  C:\Windows\System\nhmsiNy.exe
  2⤵
  PID:8104
- C:\Windows\System\IzDEXkc.exe
  C:\Windows\System\IzDEXkc.exe
  2⤵
  PID:8144
- C:\Windows\System\fXEPhnz.exe
  C:\Windows\System\fXEPhnz.exe
  2⤵
  PID:7228
- C:\Windows\System\KBSOhXo.exe
  C:\Windows\System\KBSOhXo.exe
  2⤵
  PID:7428
- C:\Windows\System\jNJzRDD.exe
  C:\Windows\System\jNJzRDD.exe
  2⤵
  PID:7212
- C:\Windows\System\hASFMhB.exe
  C:\Windows\System\hASFMhB.exe
  2⤵
  PID:7536
- C:\Windows\System\RJOPfMF.exe
  C:\Windows\System\RJOPfMF.exe
  2⤵
  PID:7664
- C:\Windows\System\oDCaBIS.exe
  C:\Windows\System\oDCaBIS.exe
  2⤵
  PID:7992
- C:\Windows\System\YzSdmYU.exe
  C:\Windows\System\YzSdmYU.exe
  2⤵
  PID:8060
- C:\Windows\System\meHnPTR.exe
  C:\Windows\System\meHnPTR.exe
  2⤵
  PID:7388
- C:\Windows\System\yDGdyda.exe
  C:\Windows\System\yDGdyda.exe
  2⤵
  PID:7276
- C:\Windows\System\qLupzOJ.exe
  C:\Windows\System\qLupzOJ.exe
  2⤵
  PID:7748
- C:\Windows\System\HgpMfoN.exe
  C:\Windows\System\HgpMfoN.exe
  2⤵
  PID:8024
- C:\Windows\System\fbfgzBp.exe
  C:\Windows\System\fbfgzBp.exe
  2⤵
  PID:6236
- C:\Windows\System\JlxsxCO.exe
  C:\Windows\System\JlxsxCO.exe
  2⤵
  PID:7844
- C:\Windows\System\cCPYfTv.exe
  C:\Windows\System\cCPYfTv.exe
  2⤵
  PID:8156
- C:\Windows\System\gllXiLt.exe
  C:\Windows\System\gllXiLt.exe
  2⤵
  PID:7248
- C:\Windows\System\fdWZQVp.exe
  C:\Windows\System\fdWZQVp.exe
  2⤵
  PID:7728
- C:\Windows\System\VBsBxaF.exe
  C:\Windows\System\VBsBxaF.exe
  2⤵
  PID:7792
- C:\Windows\System\DNutTeU.exe
  C:\Windows\System\DNutTeU.exe
  2⤵
  PID:7460
- C:\Windows\System\orModUS.exe
  C:\Windows\System\orModUS.exe
  2⤵
  PID:7508
- C:\Windows\System\PLpksne.exe
  C:\Windows\System\PLpksne.exe
  2⤵
  PID:8072
- C:\Windows\System\JGJWakA.exe
  C:\Windows\System\JGJWakA.exe
  2⤵
  PID:7952
- C:\Windows\System\HaBPDFf.exe
  C:\Windows\System\HaBPDFf.exe
  2⤵
  PID:7632
- C:\Windows\System\jikNPCy.exe
  C:\Windows\System\jikNPCy.exe
  2⤵
  PID:7936
- C:\Windows\System\CuNZRuT.exe
  C:\Windows\System\CuNZRuT.exe
  2⤵
  PID:7776
- C:\Windows\System\WLqvmVM.exe
  C:\Windows\System\WLqvmVM.exe
  2⤵
  PID:7292
- C:\Windows\System\XwrvtUJ.exe
  C:\Windows\System\XwrvtUJ.exe
  2⤵
  PID:8188
- C:\Windows\System\WhtqaHy.exe
  C:\Windows\System\WhtqaHy.exe
  2⤵
  PID:7584
- C:\Windows\System\YqHpVnN.exe
  C:\Windows\System\YqHpVnN.exe
  2⤵
  PID:7828
- C:\Windows\System\WSpdIbo.exe
  C:\Windows\System\WSpdIbo.exe
  2⤵
  PID:8040
- C:\Windows\System\jojFttd.exe
  C:\Windows\System\jojFttd.exe
  2⤵
  PID:7340
- C:\Windows\System\jTYjLPc.exe
  C:\Windows\System\jTYjLPc.exe
  2⤵
  PID:6932
- C:\Windows\System\kmlVxjx.exe
  C:\Windows\System\kmlVxjx.exe
  2⤵
  PID:7360
- C:\Windows\System\UroWTwS.exe
  C:\Windows\System\UroWTwS.exe
  2⤵
  PID:7680
- C:\Windows\System\dzBKBhx.exe
  C:\Windows\System\dzBKBhx.exe
  2⤵
  PID:7264
- C:\Windows\System\HvVTAbV.exe
  C:\Windows\System\HvVTAbV.exe
  2⤵
  PID:7200
- C:\Windows\System\dtWqlTe.exe
  C:\Windows\System\dtWqlTe.exe
  2⤵
  PID:8196
- C:\Windows\System\vkZfDUN.exe
  C:\Windows\System\vkZfDUN.exe
  2⤵
  PID:8212
- C:\Windows\System\GllDMkU.exe
  C:\Windows\System\GllDMkU.exe
  2⤵
  PID:8228
- C:\Windows\System\qeIdDkM.exe
  C:\Windows\System\qeIdDkM.exe
  2⤵
  PID:8244
- C:\Windows\System\VNMxMnN.exe
  C:\Windows\System\VNMxMnN.exe
  2⤵
  PID:8260
- C:\Windows\System\QGkCFnw.exe
  C:\Windows\System\QGkCFnw.exe
  2⤵
  PID:8276
- C:\Windows\System\SqdjOzf.exe
  C:\Windows\System\SqdjOzf.exe
  2⤵
  PID:8292
- C:\Windows\System\drYAOGf.exe
  C:\Windows\System\drYAOGf.exe
  2⤵
  PID:8308
- C:\Windows\System\PNVnprk.exe
  C:\Windows\System\PNVnprk.exe
  2⤵
  PID:8324
- C:\Windows\System\aYtEJED.exe
  C:\Windows\System\aYtEJED.exe
  2⤵
  PID:8340
- C:\Windows\System\iEUMdQn.exe
  C:\Windows\System\iEUMdQn.exe
  2⤵
  PID:8356
- C:\Windows\System\RRbqoMs.exe
  C:\Windows\System\RRbqoMs.exe
  2⤵
  PID:8372
- C:\Windows\System\bkGiSax.exe
  C:\Windows\System\bkGiSax.exe
  2⤵
  PID:8388
- C:\Windows\System\VLTBlQN.exe
  C:\Windows\System\VLTBlQN.exe
  2⤵
  PID:8404
- C:\Windows\System\IWrLhVx.exe
  C:\Windows\System\IWrLhVx.exe
  2⤵
  PID:8420
- C:\Windows\System\KYzAYJR.exe
  C:\Windows\System\KYzAYJR.exe
  2⤵
  PID:8436
- C:\Windows\System\yDXkfzn.exe
  C:\Windows\System\yDXkfzn.exe
  2⤵
  PID:8456
- C:\Windows\System\EIfgdhd.exe
  C:\Windows\System\EIfgdhd.exe
  2⤵
  PID:8472
- C:\Windows\System\pTILEZD.exe
  C:\Windows\System\pTILEZD.exe
  2⤵
  PID:8488
- C:\Windows\System\UmcyObG.exe
  C:\Windows\System\UmcyObG.exe
  2⤵
  PID:8504
- C:\Windows\System\jAaUkMQ.exe
  C:\Windows\System\jAaUkMQ.exe
  2⤵
  PID:8520
- C:\Windows\System\oIUiDXg.exe
  C:\Windows\System\oIUiDXg.exe
  2⤵
  PID:8536
- C:\Windows\System\odxvVOs.exe
  C:\Windows\System\odxvVOs.exe
  2⤵
  PID:8552
- C:\Windows\System\WVYAqko.exe
  C:\Windows\System\WVYAqko.exe
  2⤵
  PID:8568
- C:\Windows\System\rtwYFZn.exe
  C:\Windows\System\rtwYFZn.exe
  2⤵
  PID:8584
- C:\Windows\System\nJfIaUs.exe
  C:\Windows\System\nJfIaUs.exe
  2⤵
  PID:8600
- C:\Windows\System\cNvmuEf.exe
  C:\Windows\System\cNvmuEf.exe
  2⤵
  PID:8616
- C:\Windows\System\COjPPgV.exe
  C:\Windows\System\COjPPgV.exe
  2⤵
  PID:8632
- C:\Windows\System\NJTMXIk.exe
  C:\Windows\System\NJTMXIk.exe
  2⤵
  PID:8648
- C:\Windows\System\tBaQoNi.exe
  C:\Windows\System\tBaQoNi.exe
  2⤵
  PID:8664
- C:\Windows\System\sLwNsgQ.exe
  C:\Windows\System\sLwNsgQ.exe
  2⤵
  PID:8680
- C:\Windows\System\wlsAdfp.exe
  C:\Windows\System\wlsAdfp.exe
  2⤵
  PID:8696
- C:\Windows\System\syOJKtz.exe
  C:\Windows\System\syOJKtz.exe
  2⤵
  PID:8712
- C:\Windows\System\xYFQEZa.exe
  C:\Windows\System\xYFQEZa.exe
  2⤵
  PID:8728
- C:\Windows\System\hbXiXJI.exe
  C:\Windows\System\hbXiXJI.exe
  2⤵
  PID:8744
- C:\Windows\System\bNAiSah.exe
  C:\Windows\System\bNAiSah.exe
  2⤵
  PID:8760
- C:\Windows\System\CkhhGgn.exe
  C:\Windows\System\CkhhGgn.exe
  2⤵
  PID:8776
- C:\Windows\System\QvGSQzg.exe
  C:\Windows\System\QvGSQzg.exe
  2⤵
  PID:8792
- C:\Windows\System\XZacJlL.exe
  C:\Windows\System\XZacJlL.exe
  2⤵
  PID:8808
- C:\Windows\System\wlPGFYU.exe
  C:\Windows\System\wlPGFYU.exe
  2⤵
  PID:8824
- C:\Windows\System\zzNklKz.exe
  C:\Windows\System\zzNklKz.exe
  2⤵
  PID:8840
- C:\Windows\System\eLmwWTu.exe
  C:\Windows\System\eLmwWTu.exe
  2⤵
  PID:8856
- C:\Windows\System\lorxbgt.exe
  C:\Windows\System\lorxbgt.exe
  2⤵
  PID:8872
- C:\Windows\System\HnwNVnk.exe
  C:\Windows\System\HnwNVnk.exe
  2⤵
  PID:8888
- C:\Windows\System\TpnjRys.exe
  C:\Windows\System\TpnjRys.exe
  2⤵
  PID:8904
- C:\Windows\System\SpGkIiH.exe
  C:\Windows\System\SpGkIiH.exe
  2⤵
  PID:8920
- C:\Windows\System\QjaZUgd.exe
  C:\Windows\System\QjaZUgd.exe
  2⤵
  PID:8936
- C:\Windows\System\LmCvxsi.exe
  C:\Windows\System\LmCvxsi.exe
  2⤵
  PID:8952
- C:\Windows\System\iCDDFNp.exe
  C:\Windows\System\iCDDFNp.exe
  2⤵
  PID:8972
- C:\Windows\System\khRNEFF.exe
  C:\Windows\System\khRNEFF.exe
  2⤵
  PID:8988
- C:\Windows\System\xWJEzdL.exe
  C:\Windows\System\xWJEzdL.exe
  2⤵
  PID:9004
- C:\Windows\System\HKkiuXh.exe
  C:\Windows\System\HKkiuXh.exe
  2⤵
  PID:9020
- C:\Windows\System\hidqaCC.exe
  C:\Windows\System\hidqaCC.exe
  2⤵
  PID:9036
- C:\Windows\System\RUWyfYN.exe
  C:\Windows\System\RUWyfYN.exe
  2⤵
  PID:9052
- C:\Windows\System\vBnPRTW.exe
  C:\Windows\System\vBnPRTW.exe
  2⤵
  PID:9068
- C:\Windows\System\Rfzyhgj.exe
  C:\Windows\System\Rfzyhgj.exe
  2⤵
  PID:9084
- C:\Windows\System\xIkvayQ.exe
  C:\Windows\System\xIkvayQ.exe
  2⤵
  PID:9100
- C:\Windows\System\RKZpMEi.exe
  C:\Windows\System\RKZpMEi.exe
  2⤵
  PID:9116
- C:\Windows\System\TotGPYw.exe
  C:\Windows\System\TotGPYw.exe
  2⤵
  PID:9132
- C:\Windows\System\cUfhnOO.exe
  C:\Windows\System\cUfhnOO.exe
  2⤵
  PID:9148
- C:\Windows\System\UphoxlB.exe
  C:\Windows\System\UphoxlB.exe
  2⤵
  PID:9164
- C:\Windows\System\SiVpuYt.exe
  C:\Windows\System\SiVpuYt.exe
  2⤵
  PID:9180
- C:\Windows\System\XQWquCI.exe
  C:\Windows\System\XQWquCI.exe
  2⤵
  PID:9196
- C:\Windows\System\xppaZOu.exe
  C:\Windows\System\xppaZOu.exe
  2⤵
  PID:9212
- C:\Windows\System\CfIRdHQ.exe
  C:\Windows\System\CfIRdHQ.exe
  2⤵
  PID:8224
- C:\Windows\System\usEoYDE.exe
  C:\Windows\System\usEoYDE.exe
  2⤵
  PID:8092
- C:\Windows\System\yuanaCf.exe
  C:\Windows\System\yuanaCf.exe
  2⤵
  PID:8320
- C:\Windows\System\gqSSnJm.exe
  C:\Windows\System\gqSSnJm.exe
  2⤵
  PID:8384
- C:\Windows\System\phjbIPV.exe
  C:\Windows\System\phjbIPV.exe
  2⤵
  PID:7956
- C:\Windows\System\ngyQEEo.exe
  C:\Windows\System\ngyQEEo.exe
  2⤵
  PID:8480
- C:\Windows\System\XIhuJUz.exe
  C:\Windows\System\XIhuJUz.exe
  2⤵
  PID:8332
- C:\Windows\System\YcZpwOm.exe
  C:\Windows\System\YcZpwOm.exe
  2⤵
  PID:8208
- C:\Windows\System\DfryLCC.exe
  C:\Windows\System\DfryLCC.exe
  2⤵
  PID:8272
- C:\Windows\System\wFkWEuu.exe
  C:\Windows\System\wFkWEuu.exe
  2⤵
  PID:8608
- C:\Windows\System\YcFqnfQ.exe
  C:\Windows\System\YcFqnfQ.exe
  2⤵
  PID:8364
- C:\Windows\System\tjMKWIK.exe
  C:\Windows\System\tjMKWIK.exe
  2⤵
  PID:8428
- C:\Windows\System\dImXvxX.exe
  C:\Windows\System\dImXvxX.exe
  2⤵
  PID:8496
- C:\Windows\System\MeRvQwf.exe
  C:\Windows\System\MeRvQwf.exe
  2⤵
  PID:8532
- C:\Windows\System\eYuVsIA.exe
  C:\Windows\System\eYuVsIA.exe
  2⤵
  PID:8596
- C:\Windows\System\NliolBb.exe
  C:\Windows\System\NliolBb.exe
  2⤵
  PID:8676
- C:\Windows\System\PmncFBJ.exe
  C:\Windows\System\PmncFBJ.exe
  2⤵
  PID:8740
- C:\Windows\System\KJvOEwf.exe
  C:\Windows\System\KJvOEwf.exe
  2⤵
  PID:8804
- C:\Windows\System\hTvbori.exe
  C:\Windows\System\hTvbori.exe
  2⤵
  PID:8868
- C:\Windows\System\XgZiSOO.exe
  C:\Windows\System\XgZiSOO.exe
  2⤵
  PID:8928
- C:\Windows\System\DWvlWfZ.exe
  C:\Windows\System\DWvlWfZ.exe
  2⤵
  PID:8752
- C:\Windows\System\gaJRqxW.exe
  C:\Windows\System\gaJRqxW.exe
  2⤵
  PID:8820
- C:\Windows\System\sQtLpvj.exe
  C:\Windows\System\sQtLpvj.exe
  2⤵
  PID:8784
- C:\Windows\System\TYRLVzS.exe
  C:\Windows\System\TYRLVzS.exe
  2⤵
  PID:8756
- C:\Windows\System\YZBOfSo.exe
  C:\Windows\System\YZBOfSo.exe
  2⤵
  PID:8884
- C:\Windows\System\DgCxKFy.exe
  C:\Windows\System\DgCxKFy.exe
  2⤵
  PID:8944
- C:\Windows\System\lwCIJKL.exe
  C:\Windows\System\lwCIJKL.exe
  2⤵
  PID:8984
- C:\Windows\System\AOMjtQm.exe
  C:\Windows\System\AOMjtQm.exe
  2⤵
  PID:9060
- C:\Windows\System\scCtnaT.exe
  C:\Windows\System\scCtnaT.exe
  2⤵
  PID:9124
- C:\Windows\System\NgSamVA.exe
  C:\Windows\System\NgSamVA.exe
  2⤵
  PID:9016
- C:\Windows\System\sLOnIOZ.exe
  C:\Windows\System\sLOnIOZ.exe
  2⤵
  PID:9080
- C:\Windows\System\KUpbUtY.exe
  C:\Windows\System\KUpbUtY.exe
  2⤵
  PID:9188
- C:\Windows\System\bjTNJao.exe
  C:\Windows\System\bjTNJao.exe
  2⤵
  PID:8288
- C:\Windows\System\gmxdOzC.exe
  C:\Windows\System\gmxdOzC.exe
  2⤵
  PID:8516
- C:\Windows\System\gsTUcPH.exe
  C:\Windows\System\gsTUcPH.exe
  2⤵
  PID:8304
- C:\Windows\System\ZGWHDBE.exe
  C:\Windows\System\ZGWHDBE.exe
  2⤵
  PID:8560
- C:\Windows\System\HuecbEC.exe
  C:\Windows\System\HuecbEC.exe
  2⤵
  PID:9204
- C:\Windows\System\bXpQwAn.exe
  C:\Windows\System\bXpQwAn.exe
  2⤵
  PID:8576
- C:\Windows\System\nBVTYJj.exe
  C:\Windows\System\nBVTYJj.exe
  2⤵
  PID:9208
- C:\Windows\System\BnaWuKi.exe
  C:\Windows\System\BnaWuKi.exe
  2⤵
  PID:7184
- C:\Windows\System\nLgnHvv.exe
  C:\Windows\System\nLgnHvv.exe
  2⤵
  PID:8592
- C:\Windows\System\FvzMnVx.exe
  C:\Windows\System\FvzMnVx.exe
  2⤵
  PID:8708
- C:\Windows\System\bPtTHHY.exe
  C:\Windows\System\bPtTHHY.exe
  2⤵
  PID:8688
- C:\Windows\System\hAzatIq.exe
  C:\Windows\System\hAzatIq.exe
  2⤵
  PID:8996
- C:\Windows\System\HherizG.exe
  C:\Windows\System\HherizG.exe
  2⤵
  PID:8660
- C:\Windows\System\IBbwXwN.exe
  C:\Windows\System\IBbwXwN.exe
  2⤵
  PID:8980
- C:\Windows\System\IkmWKDH.exe
  C:\Windows\System\IkmWKDH.exe
  2⤵
  PID:9144
- C:\Windows\System\iOvEfHf.exe
  C:\Windows\System\iOvEfHf.exe
  2⤵
  PID:8400
- C:\Windows\System\VDSRiDf.exe
  C:\Windows\System\VDSRiDf.exe
  2⤵
  PID:9092
- C:\Windows\System\qbxaXPk.exe
  C:\Windows\System\qbxaXPk.exe
  2⤵
  PID:8724
- C:\Windows\System\cCjKXDi.exe
  C:\Windows\System\cCjKXDi.exe
  2⤵
  PID:9156
- C:\Windows\System\tIxuXgp.exe
  C:\Windows\System\tIxuXgp.exe
  2⤵
  PID:8448
- C:\Windows\System\SyElBhV.exe
  C:\Windows\System\SyElBhV.exe
  2⤵
  PID:8628
- C:\Windows\System\SAweTVZ.exe
  C:\Windows\System\SAweTVZ.exe
  2⤵
  PID:9028
- C:\Windows\System\ydInpjq.exe
  C:\Windows\System\ydInpjq.exe
  2⤵
  PID:8484
- C:\Windows\System\BSHIfQZ.exe
  C:\Windows\System\BSHIfQZ.exe
  2⤵
  PID:8644
- C:\Windows\System\pZGFItC.exe
  C:\Windows\System\pZGFItC.exe
  2⤵
  PID:8880
- C:\Windows\System\mIKZyRn.exe
  C:\Windows\System\mIKZyRn.exe
  2⤵
  PID:8396
- C:\Windows\System\hVYIAJS.exe
  C:\Windows\System\hVYIAJS.exe
  2⤵
  PID:9172
- C:\Windows\System\bbKSAyi.exe
  C:\Windows\System\bbKSAyi.exe
  2⤵
  PID:8800
- C:\Windows\System\lgrYwpY.exe
  C:\Windows\System\lgrYwpY.exe
  2⤵
  PID:8960
- C:\Windows\System\IxoCHSw.exe
  C:\Windows\System\IxoCHSw.exe
  2⤵
  PID:8964
- C:\Windows\System\xMCnBEo.exe
  C:\Windows\System\xMCnBEo.exe
  2⤵
  PID:8416
- C:\Windows\System\EvjaOnb.exe
  C:\Windows\System\EvjaOnb.exe
  2⤵
  PID:7856
- C:\Windows\System\fPrragU.exe
  C:\Windows\System\fPrragU.exe
  2⤵
  PID:9228
- C:\Windows\System\pvHFKbk.exe
  C:\Windows\System\pvHFKbk.exe
  2⤵
  PID:9244
- C:\Windows\System\jHIYqem.exe
  C:\Windows\System\jHIYqem.exe
  2⤵
  PID:9260
- C:\Windows\System\FkILRWW.exe
  C:\Windows\System\FkILRWW.exe
  2⤵
  PID:9276
- C:\Windows\System\zBpLLLK.exe
  C:\Windows\System\zBpLLLK.exe
  2⤵
  PID:9292
- C:\Windows\System\PTdfWch.exe
  C:\Windows\System\PTdfWch.exe
  2⤵
  PID:9308
- C:\Windows\System\jFsNlOI.exe
  C:\Windows\System\jFsNlOI.exe
  2⤵
  PID:9324
- C:\Windows\System\kGTUROs.exe
  C:\Windows\System\kGTUROs.exe
  2⤵
  PID:9340
- C:\Windows\System\efWdyBL.exe
  C:\Windows\System\efWdyBL.exe
  2⤵
  PID:9356
- C:\Windows\System\xoTzccX.exe
  C:\Windows\System\xoTzccX.exe
  2⤵
  PID:9372
- C:\Windows\System\ruwddSx.exe
  C:\Windows\System\ruwddSx.exe
  2⤵
  PID:9388
- C:\Windows\System\RiFBZOr.exe
  C:\Windows\System\RiFBZOr.exe
  2⤵
  PID:9404
- C:\Windows\System\kswuvPm.exe
  C:\Windows\System\kswuvPm.exe
  2⤵
  PID:9420
- C:\Windows\System\VjpPeMR.exe
  C:\Windows\System\VjpPeMR.exe
  2⤵
  PID:9436
- C:\Windows\System\MIUPJHp.exe
  C:\Windows\System\MIUPJHp.exe
  2⤵
  PID:9452
- C:\Windows\System\JkEGGma.exe
  C:\Windows\System\JkEGGma.exe
  2⤵
  PID:9468
- C:\Windows\System\nvwQtbS.exe
  C:\Windows\System\nvwQtbS.exe
  2⤵
  PID:9484
- C:\Windows\System\vHgDjYH.exe
  C:\Windows\System\vHgDjYH.exe
  2⤵
  PID:9500
- C:\Windows\System\vgRhzPe.exe
  C:\Windows\System\vgRhzPe.exe
  2⤵
  PID:9516
- C:\Windows\System\REGmruP.exe
  C:\Windows\System\REGmruP.exe
  2⤵
  PID:9532
- C:\Windows\System\kRztvqm.exe
  C:\Windows\System\kRztvqm.exe
  2⤵
  PID:9548
- C:\Windows\System\FFVKkeB.exe
  C:\Windows\System\FFVKkeB.exe
  2⤵
  PID:9564
- C:\Windows\System\OUeWyhM.exe
  C:\Windows\System\OUeWyhM.exe
  2⤵
  PID:9580
- C:\Windows\System\eHYArIc.exe
  C:\Windows\System\eHYArIc.exe
  2⤵
  PID:9596
- C:\Windows\System\UTOIRIK.exe
  C:\Windows\System\UTOIRIK.exe
  2⤵
  PID:9612
- C:\Windows\System\ymVjyHi.exe
  C:\Windows\System\ymVjyHi.exe
  2⤵
  PID:9628
- C:\Windows\System\PoLzULI.exe
  C:\Windows\System\PoLzULI.exe
  2⤵
  PID:9644
- C:\Windows\System\tYNCQZB.exe
  C:\Windows\System\tYNCQZB.exe
  2⤵
  PID:9660
- C:\Windows\System\DoTAyoH.exe
  C:\Windows\System\DoTAyoH.exe
  2⤵
  PID:9676
- C:\Windows\System\acEiHtb.exe
  C:\Windows\System\acEiHtb.exe
  2⤵
  PID:9692
- C:\Windows\System\oSdRRRt.exe
  C:\Windows\System\oSdRRRt.exe
  2⤵
  PID:9708
- C:\Windows\System\mtwYSNv.exe
  C:\Windows\System\mtwYSNv.exe
  2⤵
  PID:9724
- C:\Windows\System\hTPphfj.exe
  C:\Windows\System\hTPphfj.exe
  2⤵
  PID:9740
- C:\Windows\System\muQqItf.exe
  C:\Windows\System\muQqItf.exe
  2⤵
  PID:9756
- C:\Windows\System\MCtgwJS.exe
  C:\Windows\System\MCtgwJS.exe
  2⤵
  PID:9772
- C:\Windows\System\GeUAZtB.exe
  C:\Windows\System\GeUAZtB.exe
  2⤵
  PID:9788
- C:\Windows\System\hhpVwbZ.exe
  C:\Windows\System\hhpVwbZ.exe
  2⤵
  PID:9804
- C:\Windows\System\UAuMkXR.exe
  C:\Windows\System\UAuMkXR.exe
  2⤵
  PID:9820
- C:\Windows\System\nHlBsxF.exe
  C:\Windows\System\nHlBsxF.exe
  2⤵
  PID:9836
- C:\Windows\System\gNYvveh.exe
  C:\Windows\System\gNYvveh.exe
  2⤵
  PID:9852
- C:\Windows\System\BEmhXdV.exe
  C:\Windows\System\BEmhXdV.exe
  2⤵
  PID:9868
- C:\Windows\System\wNovyot.exe
  C:\Windows\System\wNovyot.exe
  2⤵
  PID:9884
- C:\Windows\System\WHqAVgW.exe
  C:\Windows\System\WHqAVgW.exe
  2⤵
  PID:9904
- C:\Windows\System\CPGnvSK.exe
  C:\Windows\System\CPGnvSK.exe
  2⤵
  PID:9920
- C:\Windows\System\llgcleZ.exe
  C:\Windows\System\llgcleZ.exe
  2⤵
  PID:9936
- C:\Windows\System\fhWmNFL.exe
  C:\Windows\System\fhWmNFL.exe
  2⤵
  PID:9952
- C:\Windows\System\bYriFPP.exe
  C:\Windows\System\bYriFPP.exe
  2⤵
  PID:9968
- C:\Windows\System\jreuZks.exe
  C:\Windows\System\jreuZks.exe
  2⤵
  PID:9984
- C:\Windows\System\boNKwmf.exe
  C:\Windows\System\boNKwmf.exe
  2⤵
  PID:10000
- C:\Windows\System\WPOQvtV.exe
  C:\Windows\System\WPOQvtV.exe
  2⤵
  PID:10016
- C:\Windows\System\NnvSSZS.exe
  C:\Windows\System\NnvSSZS.exe
  2⤵
  PID:10032
- C:\Windows\System\XZiFkKo.exe
  C:\Windows\System\XZiFkKo.exe
  2⤵
  PID:10048
- C:\Windows\System\rbIZgiw.exe
  C:\Windows\System\rbIZgiw.exe
  2⤵
  PID:10064
- C:\Windows\System\oSUTfNW.exe
  C:\Windows\System\oSUTfNW.exe
  2⤵
  PID:10080
- C:\Windows\System\ZrgqjHM.exe
  C:\Windows\System\ZrgqjHM.exe
  2⤵
  PID:10096
- C:\Windows\System\SBmcsWT.exe
  C:\Windows\System\SBmcsWT.exe
  2⤵
  PID:10112
- C:\Windows\System\ZMLCvFt.exe
  C:\Windows\System\ZMLCvFt.exe
  2⤵
  PID:10128
- C:\Windows\System\ytbghXP.exe
  C:\Windows\System\ytbghXP.exe
  2⤵
  PID:10144
- C:\Windows\System\zjOsFmF.exe
  C:\Windows\System\zjOsFmF.exe
  2⤵
  PID:10160
- C:\Windows\System\KFVDafk.exe
  C:\Windows\System\KFVDafk.exe
  2⤵
  PID:10176
- C:\Windows\System\aAzpPPk.exe
  C:\Windows\System\aAzpPPk.exe
  2⤵
  PID:10192
- C:\Windows\System\QhdtcCj.exe
  C:\Windows\System\QhdtcCj.exe
  2⤵
  PID:10208
- C:\Windows\System\CSmTUfr.exe
  C:\Windows\System\CSmTUfr.exe
  2⤵
  PID:10224
- C:\Windows\System\YSDvZHk.exe
  C:\Windows\System\YSDvZHk.exe
  2⤵
  PID:9220
- C:\Windows\System\aCFkpaC.exe
  C:\Windows\System\aCFkpaC.exe
  2⤵
  PID:9256
- C:\Windows\System\apXBFon.exe
  C:\Windows\System\apXBFon.exe
  2⤵
  PID:9288
- C:\Windows\System\OFpWatF.exe
  C:\Windows\System\OFpWatF.exe
  2⤵
  PID:9320
- C:\Windows\System\yZSTcht.exe
  C:\Windows\System\yZSTcht.exe
  2⤵
  PID:9160
- C:\Windows\System\aOtZaJr.exe
  C:\Windows\System\aOtZaJr.exe
  2⤵
  PID:9384
- C:\Windows\System\IzXEzLt.exe
  C:\Windows\System\IzXEzLt.exe
  2⤵
  PID:9300
- C:\Windows\System\rJoXmFD.exe
  C:\Windows\System\rJoXmFD.exe
  2⤵
  PID:9368
- C:\Windows\System\dkcAFAf.exe
  C:\Windows\System\dkcAFAf.exe
  2⤵
  PID:9416
- C:\Windows\System\MiQbLdv.exe
  C:\Windows\System\MiQbLdv.exe
  2⤵
  PID:9480
- C:\Windows\System\mSGUpHP.exe
  C:\Windows\System\mSGUpHP.exe
  2⤵
  PID:9464
- C:\Windows\System\HsKONzN.exe
  C:\Windows\System\HsKONzN.exe
  2⤵
  PID:9460
- C:\Windows\System\ftvEVsC.exe
  C:\Windows\System\ftvEVsC.exe
  2⤵
  PID:9556
- C:\Windows\System\oJhCWjh.exe
  C:\Windows\System\oJhCWjh.exe
  2⤵
  PID:9540
- C:\Windows\System\jQKYnyb.exe
  C:\Windows\System\jQKYnyb.exe
  2⤵
  PID:9608
- C:\Windows\System\JrztrfV.exe
  C:\Windows\System\JrztrfV.exe
  2⤵
  PID:9652
- C:\Windows\System\DXMJRPx.exe
  C:\Windows\System\DXMJRPx.exe
  2⤵
  PID:9700
- C:\Windows\System\juwgaqR.exe
  C:\Windows\System\juwgaqR.exe
  2⤵
  PID:9732
- C:\Windows\System\TFIxkFJ.exe
  C:\Windows\System\TFIxkFJ.exe
  2⤵
  PID:9716
- C:\Windows\System\CNgMKxy.exe
  C:\Windows\System\CNgMKxy.exe
  2⤵
  PID:9752
- C:\Windows\System\rOHphOD.exe
  C:\Windows\System\rOHphOD.exe
  2⤵
  PID:9828
- C:\Windows\System\mFUiLOT.exe
  C:\Windows\System\mFUiLOT.exe
  2⤵
  PID:9812
- C:\Windows\System\HlGNxNw.exe
  C:\Windows\System\HlGNxNw.exe
  2⤵
  PID:9880
- C:\Windows\System\kMPJAQT.exe
  C:\Windows\System\kMPJAQT.exe
  2⤵
  PID:9916
- C:\Windows\System\JaxPYHt.exe
  C:\Windows\System\JaxPYHt.exe
  2⤵
  PID:9964
- C:\Windows\System\XQgJZSv.exe
  C:\Windows\System\XQgJZSv.exe
  2⤵
  PID:9980
- C:\Windows\System\EKBEnxo.exe
  C:\Windows\System\EKBEnxo.exe
  2⤵
  PID:10012
- C:\Windows\System\KQqvKWJ.exe
  C:\Windows\System\KQqvKWJ.exe
  2⤵
  PID:10028
- C:\Windows\System\uJPtxuf.exe
  C:\Windows\System\uJPtxuf.exe
  2⤵
  PID:10092
- C:\Windows\System\XkmETHT.exe
  C:\Windows\System\XkmETHT.exe
  2⤵
  PID:10124
- C:\Windows\System\RQIvbua.exe
  C:\Windows\System\RQIvbua.exe
  2⤵
  PID:10136
- C:\Windows\System\WAbvXsv.exe
  C:\Windows\System\WAbvXsv.exe
  2⤵
  PID:10216
- C:\Windows\System\GSRvLkG.exe
  C:\Windows\System\GSRvLkG.exe
  2⤵
  PID:9012
- C:\Windows\System\yhYFCJs.exe
  C:\Windows\System\yhYFCJs.exe
  2⤵
  PID:9336
- C:\Windows\System\nhXawMz.exe
  C:\Windows\System\nhXawMz.exe
  2⤵
  PID:9140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AAkQMpH.exe

Filesize
6.0MB

MD5
85541c659c31a14b8d8ae399a55bace4

SHA1
8581bc5f62b1e774b25cea4d9932b231f3560b2b

SHA256
2edbd0d96d3d9e26a55453f798ec476a79920c8a19504056064a6059d16abd40

SHA512
17c309d8b6d2e66335f9bb1ed90586eb307d82fb381279d44c4ee9e01d7b771b5b26f366598d7c88d769e7a5fd4e615bf5a8235696080620ef311116ef1c0d3f

Download Submit
C:\Windows\system\AiPVOeB.exe

Filesize
6.0MB

MD5
8284cd56d2030797f30f23d42c82b55d

SHA1
0735b88ec5c2ff0eb74e18080ddfdcc0e2021e1c

SHA256
2edd7fcd5411bc51b285f4701f7a64d25c3724fd46b91c9d6e0b9406da5227ad

SHA512
8e91ec7dc3fce7f314ccba8010feaa2b9f2b9b731e057f03b57c0963f2817c4a2c6a46502ab8e92df472e4f1a1830992594f6e8eacb44cb9f6d11e73dc3a83bd

Download Submit
C:\Windows\system\MXJGFCc.exe

Filesize
6.0MB

MD5
d5cf5c8dfc5f2aed68a4974905a43621

SHA1
64d7a1efe767a4286c9179ef0f53a394cc61943a

SHA256
d6b68101ba6c7daf736ec808188f8f8c9375396778672030cc1fd93103641fed

SHA512
df50cc7c96c11002144f3237e052e968757ea942f227399e5cc8951c4ed7ecbaa9f3d7f682b0fe66244af8e04d0440b22f2659bd0d25d381d3339af14861b85e

Download Submit
C:\Windows\system\MmFwiWw.exe

Filesize
6.0MB

MD5
18497e3f9a6ff74bb74cd7d788382f8c

SHA1
052b9edbba45a47ef3c82d00be69510bcf06a008

SHA256
9afd0c0e6046de2c6d72a9a1212dce20618bb877b985a03a03c8b34b83e23253

SHA512
7e0a5bfbd3f748e51e5a30f63d4cec68b2b8fd4ce47197d30fcd8bfab262d3f74cfe5e57c343725fb6aa7a68a8ae77a78fe5907fc6cb1c5824b8a91b4e83a5be

Download Submit
C:\Windows\system\TaCPTyR.exe

Filesize
6.0MB

MD5
6aaf558c2deeac57edaad81a88bb2675

SHA1
aaa9c6e27e3d9fd97fb983f76b248273e0863368

SHA256
fc086a41eb1e4f00c6c899cb21d8654f3fc2370bfa9a39ac3c480a5bd1c17841

SHA512
7bfe7e4fd83abd90161e5e82b7e77f9ffabe984abf0ab8f40551d1d8c14ad9a568df7b0d680abbcf1da8e42c73ec819877daa01bee867e7e8265c310512d4c0b

Download Submit
C:\Windows\system\WaSOVSY.exe

Filesize
6.0MB

MD5
adeef13002b562d230571711e07336f9

SHA1
10dc6721948879bd0022198203a70bc6acdbad5b

SHA256
3484ce2d24c61b2574ea8f4bc768047eaa01190e7c1cce963ed43338ee08e15c

SHA512
618e52b603c37c0e6ff4d4a476e3f0939dc9581590649f35c39cd30312551b24e6cf648fc75bb454d7df4e27c83d40272e13eb12801975253d388f80d9601e9f

Download Submit
C:\Windows\system\YBjCiEj.exe

Filesize
6.0MB

MD5
c918526a8f5eb0ef0e1212cfc2a009c5

SHA1
9fcda9639406084cfaf67baec022cea08f0fe765

SHA256
83b3f03e86165db1163259828b0911b0a5473a68dd613a7cc2ac4ff0b9f85f49

SHA512
dde98ea870f9ff31641121d31b994acc81a99e9f05e6a6eaa090de21bdee3d6665eae0e03a08c6c1867ce7e8504a5b529cf572472ef63536bf915171fbc21043

Download Submit
C:\Windows\system\YQzVCnL.exe

Filesize
6.0MB

MD5
90c81d5379b81bf6c358f3a5b927edc5

SHA1
956b63986bbaa0565e5f320c0bbbd2883245ad52

SHA256
14abb645396861efe518ab14255ba49a6a4a76515e598f2e07d45c52021af4bf

SHA512
252c78f81a81c66e34e40526a40b876a273c045745c6524899cbcdace1e4ac9a67d592be87ddd44ffaf41d188485e2e5d140ad08141ab209c908c07c1419a4e6

Download Submit
C:\Windows\system\czifQNv.exe

Filesize
6.0MB

MD5
4b9ea04d565bff1a3a365d59d65f66de

SHA1
8635554c9cb1845664cdd5aac5384bb2002138e3

SHA256
c3e009256d2ecedabb59376bbf86a55fd8ab4e4e8034a5b701164db92273d3b6

SHA512
614b416fe55007cd14f0bc01e754abc7e2c276baf9200222f93089d256ca1dc1f3c07a8d6a75e63a133d9be50a29331e1a985e9e23085e252aa98798365de467

Download Submit
C:\Windows\system\dDdbbPO.exe

Filesize
6.0MB

MD5
bc0d25247d660430de022673c07a26ca

SHA1
7b7e6fdd76f68440d7a5731eb18be209c3399259

SHA256
bdd47cc58115fa2839aa90ab8d39db7276ae87f42874a52e1bed970eccc8f531

SHA512
86dd6605fa3f8ceb38a9dc0ced293e900454e6f85b8b8c0d4431975ac0e190a74ee92c8f16388117bcd05dfbb01aa8bba7b24604508114165e0eb0f22f5512f9

Download Submit
C:\Windows\system\eEpMITZ.exe

Filesize
6.0MB

MD5
b48a76de3fe3ab8e0abdc0bf0eaa8c09

SHA1
b5560b2dc33a95ccaf1acd9f1cedfa66d50195f2

SHA256
6a4298de9e78b7df3104ec14532c6b5d11d0fa98dda413bd009c980414de6e3f

SHA512
5bc8e3c2045058932c734434ae14338adcdc38eca7bd7f9d92c5e7c32018fa240e5f0be8d0facee1f53493c3a24e5710e2d2256023b2d15cb87f29a9021e8b8c

Download Submit
C:\Windows\system\gSXYdrD.exe

Filesize
6.0MB

MD5
abdbcdf5d56bb6d7f5a9b770b70b1285

SHA1
a6a2670b37f950d961409e788634e34ac16c3cf1

SHA256
f6b6d21e988693e7c876e48a933214df1b6b89706acf694bcdb82d0df6dad6d8

SHA512
964f8d6e8c3d460e035a8ce733071f046ef206136833895c76f5eeba961ab55cb04d21e8e04f7e3491253debfe425435c27e75826a94a05ea2922477451fe01c

Download Submit
C:\Windows\system\nOChwdK.exe

Filesize
6.0MB

MD5
a4f4b0cc4198153172e6db0872eede02

SHA1
cd0c8c27503691fc448e95f9be7ff9b60e4a4996

SHA256
4ff328a164dd4aab102d50b9227e61c05ab2bb1ed9fee98cf1a4baa25e98ceeb

SHA512
01a886746a187ca07ab47a5b8ceadb66b40d3c750dc186b3b1ced6bfaca26b6b06c0f2c7c702db1c91b68e7d24d7513c57c7afed3952737bea428af96ee435d0

Download Submit
C:\Windows\system\nPjjcgA.exe

Filesize
6.0MB

MD5
b457de4f362424fbd80a0c5ce5bc515b

SHA1
b105427f90acd6a7f02632ffc37241201c89d1dd

SHA256
e0d70865dfc09d04a398e2642294963560bb288d5ef2bda78fa34ca3507374fc

SHA512
5664a43d7030f6940e84f59871571c961a0d9dd92f2d54a5b9cea0c3085b67aa048a69113c46d9be0884ff645f645e43b9363c1775b29775dab0b331e34f1f09

Download Submit
C:\Windows\system\pwYRlcI.exe

Filesize
6.0MB

MD5
50e3990c6ed7a15176a4775d4147e8b2

SHA1
520aa0ad1bac89aa2bf17e2f2e5440da989edf57

SHA256
5e515880ca6c4ee8b72ff1d1d1e76f76f03271484ac8f4f97ccf0eb0230eb615

SHA512
57c554a86fdcfdbb0a8b52db0be8cd49ea03df7cfd5dfbb1b0bdf3a95cc41887df9f0b1180def4e235ecd3e3735452be978d5199b3e3bf3614c60786552c2154

Download Submit
C:\Windows\system\rHpwqUz.exe

Filesize
6.0MB

MD5
125c22a73b99c5492adf4bb882874cff

SHA1
7caa7da755984f14c2ad376bcf6c0ad2bda589b4

SHA256
4dce477ed38c48de7ebed2557e90befafb8b5c7bcf0d382b60a98921aa659174

SHA512
8871c3837ed395eb568359dfe7f2ed85092dc47744aca4489fe132ab03ed61b64ad3278d7d82963099d72cdbbebad7a9a5527bf1944e213cfd273be52bed197a

Download Submit
C:\Windows\system\rcPfmaD.exe

Filesize
6.0MB

MD5
d0d09d89f9000b0e9129adcd6e744d64

SHA1
0c53c99fafd54d10a3d556bae9cf848f92903566

SHA256
4c04d879566e53b40786dfc809c284b2ddea43179066e5bb3efcbe884aec91d6

SHA512
51266054b9a0337c9ecadc64b4ff44914bf3c6c5b3d87f361dd77834393fd694e829f5f69651f051b7b17e15aab69bbcd122aef82fc69081eba277a2784bfc50

Download Submit
C:\Windows\system\xIrjXwK.exe

Filesize
6.0MB

MD5
10812399e243ea36cf8443ba424a7fac

SHA1
5ca5a5a0e60dc51ad63f4d64c90480cb9d8cfe8e

SHA256
2ecc94f6b4ee474a33158647b67914830296267244edcfca2e79e356c52fba05

SHA512
9f72918fc0ca44449f41e31ef18e6348eaa55dc78a7ca942c1828dbdf89087634b05115d4f74789527ed8d4cdfc4785c9c4fb9612b053652fe54c1c1302f2f39

Download Submit
\Windows\system\DdELTqt.exe

Filesize
6.0MB

MD5
327c5f9cbe5672356acf98b7157e26d4

SHA1
4353ab8e1e50eb54495b667349701ebe845584fd

SHA256
b5d8f808f6c99c0f5c5280081d9208c51b8019bd16d4114b9a4de8682f255b31

SHA512
3e073c6a575d10ab303d1748e17bc6d3f26fc4c9c7fa2913966024cad5bdc76df08a2b0cfb97c2abecb81533c8baf4fbb0ee74e34d8233324ec1943df1fc3a91

Download Submit
\Windows\system\GlcVRje.exe

Filesize
6.0MB

MD5
1817bd92ec78fdc5b524151fcf1bed82

SHA1
0319d35d3493e15209273d4155ad9f87694bec07

SHA256
f6ebe1522242f42be382d009b415c2906e90d7b5e417a60bdb09240ec3db3117

SHA512
671ba37053a6e8d0cc6c62a15c9fa200cd736e96e0be560f1404ba47c7dd47c78910b1399189aaf80e47370e5f67da90b1d0a083caa4456630c797de717be621

Download Submit
\Windows\system\HaxvWGD.exe

Filesize
6.0MB

MD5
598c3812bf524537e4d059bdc209ff7a

SHA1
a5132927616b7750fc24c4d3b0060aead0efd93e

SHA256
513c88b4a3abf85941ebf86a4d6badd3638a3cae16474eea3f953e083e4eb69e

SHA512
1af8db163003ab5434b5ff640ce65b6e3fa04d8a821e518d0fe220e25afb268e1f3ff9807e7dbea1decf610b5178259dd0518a56f43f34f44d73c272f8e2143e

Download Submit
\Windows\system\TZEaeKy.exe

Filesize
6.0MB

MD5
d5c2605d1d437c6920dfe6a7e3270d55

SHA1
1215873ff08835b317b7e761e83eda089f7cb597

SHA256
d2205a5ae5759876a51b825e73f6973ffe2e9b0f5d13719bda9e277024c2b0eb

SHA512
ffe4cbf2733c3dcea582ca5244eaf184de8eede0ff47cc80430fb8123eb9dad7928596be96095c8204d8958064fd08d29906a80212033c6e1677d281e5171511

Download Submit
\Windows\system\WQxRKpM.exe

Filesize
6.0MB

MD5
82eede61b05f609de4b2d886430d815e

SHA1
e7953c4d5f8c64c4f832275da3fe7ad148892989

SHA256
d903dfa7a005a7ae8f329902ffa95ccc00446c0365fc851a1ff5f5a50a5a8541

SHA512
342b5c9267e02a44fc079228170fd7aabbb791bf320572381ce9f4e05dad4481abac2d9896f320f32d6754809c687ff4c54a96a1130e022be6d09bd0a24ed9eb

Download Submit
\Windows\system\WxTUEFm.exe

Filesize
6.0MB

MD5
059e9277dfad4db290f682299451edf4

SHA1
d2bf3b8a0bf301beefb1eec8c730fd2da6d57b0b

SHA256
ea9ee3fc1550366da4d55825e731419ca0ea03abcb13e7d9ce71e89c4400a90a

SHA512
da1d3a26eb1cf45746dee2c76209a65ed724e16aadd2f9559a6df51c507a6e213e90f1f0603aad307fc1ed93e94f7706168fe333039ac4d752c4ea6a423f58aa

Download Submit
\Windows\system\XZqTBxR.exe

Filesize
6.0MB

MD5
bd3345d4209b70b0fe74b3455c599e9e

SHA1
8def50dadddb56696a6eac404a50c911e8287f24

SHA256
7287bf2a59ef609971dee980c805600a382c60879d20e16150cd606c36db1746

SHA512
dcbe09d66bca50601695bf20584b8b9c66e4103b266c5ebeb8da28a9e1798579010f7bb6e0e50672ab36542b58296d8c3f2a61700afd95eeb7941a34158c1716

Download Submit
\Windows\system\eedGhlt.exe

Filesize
6.0MB

MD5
ea58a4c8e7899b6d0bee416f67b457bf

SHA1
45ae9122b20b3f298a69cbff50e4b8fce3880d19

SHA256
50b13ce2b3c88354fa0fecc72d0dc75e826ef6364c42661ad57b0d6bc5783f59

SHA512
671baaad8ee1eaab23a8bbc377d4d02dc1061061cf553e8a7febfb89b69e068dd4caf23b3a3cb63376d2d25e508e23ff0276478c304be0741ae04efeaef2160f

Download Submit
\Windows\system\jZJswPw.exe

Filesize
6.0MB

MD5
5e74cf56193573a9dc4f79fec8ea3f8a

SHA1
71ee6a258b6728c95a3d0ed4de4d6390c2b62252

SHA256
79e3930d1737e66cc214cce01c28e44f9ef0325566f22724dfe7c8eaec54b61f

SHA512
32acb81e58d2ee96b5d724cc28176fd1adcb3e0c78cfb85429a9eea7f92ada60748d0af9bdfb228705e8606919c58e5c876c4e840246cd8330c9b63248731a82

Download Submit
\Windows\system\kdLRMpS.exe

Filesize
6.0MB

MD5
5e5766e6709b58b923242cdb6cfef39d

SHA1
d7f6b40cfa34a32a1324ac575d577640fe881c76

SHA256
2c7407a0d0568f4d926e4941c134efc1b7c26d4dcf27a2d6ee40bf6798aca775

SHA512
e1357d7eac6c62a92274ec0a80fa8d63a6de93c6ab297255403d5d5073fbb2ac9c868a8c2ad91c5f9df607add4437d9e9f30025247211afb1afb7bebb3053931

Download Submit
\Windows\system\pjTVkIE.exe

Filesize
6.0MB

MD5
4bdfb73449d5c45293b8e949d270433f

SHA1
a44963216eeb3cadcc6995c3475b709cfba518be

SHA256
c322c2f12cf9b7aa7d41e5def975f62e6c96ee8c6f89d994609964a605fb44ee

SHA512
e40b83399b3a8bbecd70b256ca461b9879805e10dcc269f7489ea08898a5875b26c9ba63336a35d5ceb7192a514f9e5311b6b1dca207394dedbd6f4dc23506ac

Download Submit
\Windows\system\rKMkjrx.exe

Filesize
6.0MB

MD5
8ea86e0799d683bdf019feb3da3da941

SHA1
da2f9f124c1363c576ee1fb58c0bb7d9ecf63fc5

SHA256
dab62edd17de103b345da7a81c7420641fb6f2fe5b29eb3b7f4949e493176418

SHA512
87cf79995c17bc2dc12d45dca5f53d560aefac76185142bbc9205939dd83af8e508e39fd3ff91773652511bae50c3c388f6411bdf7c45a4e0ea401a58c4aa5d9

Download Submit
\Windows\system\rvgMRuO.exe

Filesize
6.0MB

MD5
f16cfb4c56e20f3fabdd2963fe48aff1

SHA1
90a6bc8310cbafb090146977acfb0dbf343ee5b3

SHA256
493f2bf97654bca5304d2a70076d0c8a0059108ffccd819c0794fd974e37083f

SHA512
1cc82d0f8718326d640d1003b2dab10cc49d8311513b206823053a8affc02e9639ee52b934584f53925b9a8dc117eb490a93187169570e3bc26b5cf31ecc3fe7

Download Submit
\Windows\system\sBIZIvQ.exe

Filesize
6.0MB

MD5
970bce46aa5ccd9816c69384d37cd8ef

SHA1
0c7ed273205a792e19d2e9a9b35cdb3a2835775c

SHA256
b3bfb0f36a316bc8d5e628b3d188b34d9448b7237e43ae188bd1c72bc2ed91b6

SHA512
85473a8be8788b28c5d58bdb107f1761868659dcd51929d9f9ed06fbd2f78c4dfa5bf82f1b43ae363b9adeaf5abe972bc6f5f7af164fccb720914a5433762d85

Download Submit
\Windows\system\wDfGoMY.exe

Filesize
6.0MB

MD5
b5e5ef5cecb3243e212164b276d75a19

SHA1
979ec68d533ed6ddf92ed857dfa998d376c2dee5

SHA256
d74aa6a08c3f02e147db0d6b0b8ec31c425815aad8cd934cf3a8deb822a143f8

SHA512
8740d28f758c9759656a69a7e2c09a6a0310af6e519077375fac5cc4dc624c42a4ef9bc6556782a0d337bbf6389e376119143a9ea7db7d04f929107e80e30a79

Download Submit
\Windows\system\xMDqVlV.exe

Filesize
6.0MB

MD5
1ae4b679fd42225cccf13049de417fce

SHA1
e311ea7d84427254a5dee5ee6271e9c51c40d5d0

SHA256
acd1623690751453184ae27c3f34f6a31e217286caffb9640fbcb0849d77ad24

SHA512
f4d43740e470ee3cd411017ae4af639dc5a03d8e21e36158fd4e47aab0e1b7bdd8c0af6e96ac0f2bcec3c3e847c97c444a140acf2ea9b383642ca6ad15c8c527

Download Submit
\Windows\system\xZVyCJq.exe

Filesize
6.0MB

MD5
740b2f40d0e3dfabe00eb9a0622a0870

SHA1
e18090cfbb8bad16e70b4b860b0d42bbdabccf7e

SHA256
98397b8c286298b7bb708bcb3829facdf02a153c4df4c5e76457b44f1fa66188

SHA512
72f641c79975546e6a6aa83afc75626dc3f19dad04f62519e0fedcf29cfcea43c06490857ffa5e7751b6176379186674796e44767fc3e4e11711d22d90e3ba46

Download Submit
\Windows\system\ywhGfkK.exe

Filesize
6.0MB

MD5
8a9ebf86e745574437623548057eab61

SHA1
b41d1472a71ad23fdfb98b113485140c3b0c5432

SHA256
13bfe2e79cebb653a08f11a1288246593a64941da5f494f7f9436d5b314f2f0e

SHA512
33a7a64fce374073f25f8c3622d7eb588ea1826401f3b6effd7153d1e5a04931c149c76f8bf325233fdda057acc6472b86326f104d6e6601b9d3fcd6bcf80e4d

Download Submit
\Windows\system\zGSJASR.exe

Filesize
6.0MB

MD5
f4fc8d4878fb10a937762542b895a9b3

SHA1
15cd27af6deebaeef2ff65d4edc7ec652027018d

SHA256
d1784b64379ff9d3fa6e83a63d4a114ffceae58605d4e07a3e53ad738cb7c649

SHA512
0f78437c51197558045a062e78c4fddeb46e71723f349e23d437b66f4f186dbca18401c27e2aeb39040a9bb9d4d4ccd22ec3c291e2760a9e1376b00924038afa

Download Submit
memory/600-89-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/600-3845-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1480-25-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1480-3847-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1712-58-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1712-3843-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1836-104-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/1836-160-0x0000000002500000-0x0000000002854000-memory.dmp

Filesize
3.3MB

Download
memory/1836-725-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1836-128-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1836-0-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1836-29-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/1836-155-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1836-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1836-140-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1836-118-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1836-93-0x0000000002500000-0x0000000002854000-memory.dmp

Filesize
3.3MB

Download
memory/1836-17-0x0000000002500000-0x0000000002854000-memory.dmp

Filesize
3.3MB

Download
memory/1836-119-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1836-111-0x0000000002500000-0x0000000002854000-memory.dmp

Filesize
3.3MB

Download
memory/1836-100-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1836-726-0x0000000002500000-0x0000000002854000-memory.dmp

Filesize
3.3MB

Download
memory/1836-69-0x0000000002500000-0x0000000002854000-memory.dmp

Filesize
3.3MB

Download
memory/1836-61-0x0000000002500000-0x0000000002854000-memory.dmp

Filesize
3.3MB

Download
memory/1836-60-0x0000000002500000-0x0000000002854000-memory.dmp

Filesize
3.3MB

Download
memory/2060-124-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-3949-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-3842-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2128-44-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2264-72-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-3814-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-59-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3827-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-146-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3882-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3815-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-75-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-65-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3846-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3844-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2824-73-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2916-3881-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-76-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download