cobaltstrike | d4726d5327aee406c80c84b095fd1d081b299044ecbdb8af5353f6e183c04208

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 02:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a7758c0648d05cf849719736e44f5c14
SHA1

ec1d6c6a71fbd9c47e75cae88638e96abb25af18
SHA256

d4726d5327aee406c80c84b095fd1d081b299044ecbdb8af5353f6e183c04208
SHA512

f8d6b3eb7cdad7cda1a0b80c63dc19c18fe732c03fd2aac1f805dbbfc1e517403e3aea3c58b5f1d3908a5473033f7c3b8c386eaedf39c848331f2b7b5a7c27b7
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUy:T+q56utgpPF8u/7y

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001225f-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000164b1-10.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001678f-15.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000169f5-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016be6-25.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c03-34.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c4b-38.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001921d-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019329-53.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019369-61.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-69.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f0-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-131.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948d-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-97.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e6-89.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d1-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a8-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019371-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019345-57.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019232-49.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019214-42.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016bf7-30.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001653a-14.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/1508-0-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x000a00000001225f-3.dat	xmrig
behavioral1/files/0x00080000000164b1-10.dat	xmrig
behavioral1/files/0x000700000001678f-15.dat	xmrig
behavioral1/files/0x00070000000169f5-22.dat	xmrig
behavioral1/files/0x0007000000016be6-25.dat	xmrig
behavioral1/files/0x0009000000016c03-34.dat	xmrig
behavioral1/files/0x0009000000016c4b-38.dat	xmrig
behavioral1/files/0x000500000001921d-45.dat	xmrig
behavioral1/files/0x0005000000019329-53.dat	xmrig
behavioral1/files/0x0005000000019369-61.dat	xmrig
behavioral1/files/0x000500000001937b-69.dat	xmrig
behavioral1/files/0x00050000000193f0-93.dat	xmrig
behavioral1/files/0x000500000001958b-131.dat	xmrig
behavioral1/files/0x00050000000195c4-144.dat	xmrig
behavioral1/memory/2792-448-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/264-3866-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2604-3865-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2624-3864-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2836-3863-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2844-3862-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2696-3860-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2576-3844-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/3024-3843-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2616-3842-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2792-3841-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2776-3848-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2724-3847-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2608-3831-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2928-3704-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/1508-1435-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/264-446-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/3024-444-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2844-442-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2696-440-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2608-438-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2576-436-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2624-434-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2616-432-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2604-430-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2776-428-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2928-426-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2724-424-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2836-422-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c8-157.dat	xmrig
behavioral1/files/0x00050000000195c6-143.dat	xmrig
behavioral1/files/0x00050000000194e2-138.dat	xmrig
behavioral1/files/0x00050000000195c2-134.dat	xmrig
behavioral1/files/0x00050000000195ca-161.dat	xmrig
behavioral1/files/0x00050000000195c7-151.dat	xmrig
behavioral1/files/0x000500000001948d-125.dat	xmrig
behavioral1/files/0x000500000001945c-97.dat	xmrig
behavioral1/files/0x00050000000193e6-89.dat	xmrig
behavioral1/files/0x00050000000193d1-85.dat	xmrig
behavioral1/files/0x00050000000193a8-81.dat	xmrig
behavioral1/files/0x000500000001938e-77.dat	xmrig
behavioral1/files/0x0005000000019382-73.dat	xmrig
behavioral1/files/0x0005000000019371-65.dat	xmrig
behavioral1/files/0x0005000000019345-57.dat	xmrig
behavioral1/files/0x0005000000019232-49.dat	xmrig
behavioral1/files/0x0006000000019214-42.dat	xmrig
behavioral1/files/0x0007000000016bf7-30.dat	xmrig
behavioral1/files/0x000800000001653a-14.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2792	FwtDbRl.exe
2836	ELLXNwW.exe
2724	WscNCMP.exe
2928	OvGBqjY.exe
2776	lAsdMfj.exe
2604	gvZpufq.exe
2616	siPUykV.exe
2624	xunHLZE.exe
2576	UkAwZpg.exe
2608	lffsirW.exe
2696	ZfkNZWI.exe
2844	imjqRBq.exe
3024	cAKBSdC.exe
264	DvjldbY.exe
548	XnjHfpj.exe
1320	LiOArKL.exe
1492	cQLLzfX.exe
2292	HiIEhhd.exe
2188	shsWUzz.exe
2260	RktjOcn.exe
2180	oFQwKfd.exe
1040	IjBzbjF.exe
1440	bABzuSh.exe
2328	xiEtVuC.exe
848	NbnTLOV.exe
1992	ygWyIZs.exe
1932	wJfuesZ.exe
2424	LJTLeOb.exe
804	huOFSdr.exe
2560	PpLKAjL.exe
1680	JopPKyt.exe
2276	QbcRMns.exe
2416	deatwXO.exe
1700	RvqtGHe.exe
1360	YxPbmRf.exe
1212	FqjguoN.exe
2464	nDkfdTv.exe
2284	vgqdHVp.exe
3068	yHFSfwH.exe
1872	swMkiXc.exe
1016	lOwOeym.exe
2280	FFiglxx.exe
1364	dXBNNuK.exe
1532	YdgPtqG.exe
1612	GrKMhjg.exe
1736	RKudebo.exe
1228	pVtktaD.exe
2008	jfLkuRw.exe
892	PaOimym.exe
2400	GpgOuvc.exe
2520	SurXJZU.exe
2256	OZgNKWq.exe
2656	ZUXGgtz.exe
2040	RXNdltf.exe
288	LtiHLzW.exe
2512	FQROLSq.exe
1804	PRMJhhs.exe
2100	DjgckBc.exe
868	fJOpleg.exe
1600	fsusmHe.exe
1596	xbxSpsf.exe
2820	gOqNrvb.exe
2780	afjXlWL.exe
2740	sygNBDM.exe

Loads dropped DLL 64 IoCs

pid	Process
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1508-0-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/files/0x000a00000001225f-3.dat	upx
behavioral1/files/0x00080000000164b1-10.dat	upx
behavioral1/files/0x000700000001678f-15.dat	upx
behavioral1/files/0x00070000000169f5-22.dat	upx
behavioral1/files/0x0007000000016be6-25.dat	upx
behavioral1/files/0x0009000000016c03-34.dat	upx
behavioral1/files/0x0009000000016c4b-38.dat	upx
behavioral1/files/0x000500000001921d-45.dat	upx
behavioral1/files/0x0005000000019329-53.dat	upx
behavioral1/files/0x0005000000019369-61.dat	upx
behavioral1/files/0x000500000001937b-69.dat	upx
behavioral1/files/0x00050000000193f0-93.dat	upx
behavioral1/files/0x000500000001958b-131.dat	upx
behavioral1/files/0x00050000000195c4-144.dat	upx
behavioral1/memory/2792-448-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/264-3866-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2604-3865-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2624-3864-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2836-3863-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2844-3862-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2696-3860-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2576-3844-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/3024-3843-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2616-3842-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2792-3841-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2776-3848-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2724-3847-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2608-3831-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2928-3704-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/1508-1435-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/264-446-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/3024-444-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2844-442-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2696-440-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2608-438-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2576-436-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2624-434-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2616-432-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2604-430-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2776-428-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2928-426-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2724-424-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2836-422-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x00050000000195c8-157.dat	upx
behavioral1/files/0x00050000000195c6-143.dat	upx
behavioral1/files/0x00050000000194e2-138.dat	upx
behavioral1/files/0x00050000000195c2-134.dat	upx
behavioral1/files/0x00050000000195ca-161.dat	upx
behavioral1/files/0x00050000000195c7-151.dat	upx
behavioral1/files/0x000500000001948d-125.dat	upx
behavioral1/files/0x000500000001945c-97.dat	upx
behavioral1/files/0x00050000000193e6-89.dat	upx
behavioral1/files/0x00050000000193d1-85.dat	upx
behavioral1/files/0x00050000000193a8-81.dat	upx
behavioral1/files/0x000500000001938e-77.dat	upx
behavioral1/files/0x0005000000019382-73.dat	upx
behavioral1/files/0x0005000000019371-65.dat	upx
behavioral1/files/0x0005000000019345-57.dat	upx
behavioral1/files/0x0005000000019232-49.dat	upx
behavioral1/files/0x0006000000019214-42.dat	upx
behavioral1/files/0x0007000000016bf7-30.dat	upx
behavioral1/files/0x000800000001653a-14.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jSaNeZe.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TzOEmWo.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kizTcOu.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qxdKAQr.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvgIdoz.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpxcIAP.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXrARpz.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RsWpNmY.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGHzzty.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYyHdaZ.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fCliUJE.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVfNhdK.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpFnAHV.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oRakOQE.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TUhuiit.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lNZIwJu.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zWkpmKF.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjygnlD.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VRWKTMz.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AmscYfR.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wjPeadY.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sbHtZjl.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJibzLr.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PYpScrU.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YoXMKrb.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QajBGwS.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqaUwbk.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TaYdxSa.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wjpzXAy.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dKtrOkA.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xJbbXKQ.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gvZpufq.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IClHQvE.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OxhJJgD.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hwdWkss.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EYTDXGy.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fQgrASg.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sivVNvE.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtlOuQc.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yeniZAa.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EYIvsgZ.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DCBMuyk.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nxoKkBV.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yPcRZjg.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hJbYzld.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EXWnBRB.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kbfaQIe.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Zfchkau.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHFHDJG.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NEAOwlR.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UpPNQZZ.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\prAGETy.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zJTexol.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wHmMMpt.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QayildN.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MekNlKa.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVvTsDz.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vNrkOCG.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wyZFSLh.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HCAdNVG.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XAVtBjR.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWCwPgd.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oajuooO.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OOxCFkA.exe	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 2792	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1508 wrote to memory of 2792	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1508 wrote to memory of 2792	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1508 wrote to memory of 2836	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1508 wrote to memory of 2836	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1508 wrote to memory of 2836	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1508 wrote to memory of 2724	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1508 wrote to memory of 2724	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1508 wrote to memory of 2724	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1508 wrote to memory of 2928	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1508 wrote to memory of 2928	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1508 wrote to memory of 2928	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1508 wrote to memory of 2776	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1508 wrote to memory of 2776	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1508 wrote to memory of 2776	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1508 wrote to memory of 2604	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1508 wrote to memory of 2604	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1508 wrote to memory of 2604	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1508 wrote to memory of 2616	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1508 wrote to memory of 2616	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1508 wrote to memory of 2616	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1508 wrote to memory of 2624	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1508 wrote to memory of 2624	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1508 wrote to memory of 2624	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1508 wrote to memory of 2576	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1508 wrote to memory of 2576	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1508 wrote to memory of 2576	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1508 wrote to memory of 2608	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1508 wrote to memory of 2608	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1508 wrote to memory of 2608	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1508 wrote to memory of 2696	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1508 wrote to memory of 2696	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1508 wrote to memory of 2696	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1508 wrote to memory of 2844	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1508 wrote to memory of 2844	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1508 wrote to memory of 2844	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1508 wrote to memory of 3024	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1508 wrote to memory of 3024	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1508 wrote to memory of 3024	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1508 wrote to memory of 264	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1508 wrote to memory of 264	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1508 wrote to memory of 264	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1508 wrote to memory of 548	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1508 wrote to memory of 548	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1508 wrote to memory of 548	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1508 wrote to memory of 1320	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1508 wrote to memory of 1320	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1508 wrote to memory of 1320	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1508 wrote to memory of 1492	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1508 wrote to memory of 1492	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1508 wrote to memory of 1492	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1508 wrote to memory of 2292	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1508 wrote to memory of 2292	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1508 wrote to memory of 2292	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1508 wrote to memory of 2188	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1508 wrote to memory of 2188	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1508 wrote to memory of 2188	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1508 wrote to memory of 2260	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1508 wrote to memory of 2260	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1508 wrote to memory of 2260	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1508 wrote to memory of 2180	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1508 wrote to memory of 2180	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1508 wrote to memory of 2180	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1508 wrote to memory of 1040	1508	2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_a7758c0648d05cf849719736e44f5c14_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Windows\System\FwtDbRl.exe
  C:\Windows\System\FwtDbRl.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\ELLXNwW.exe
  C:\Windows\System\ELLXNwW.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\WscNCMP.exe
  C:\Windows\System\WscNCMP.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\OvGBqjY.exe
  C:\Windows\System\OvGBqjY.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\lAsdMfj.exe
  C:\Windows\System\lAsdMfj.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\gvZpufq.exe
  C:\Windows\System\gvZpufq.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\siPUykV.exe
  C:\Windows\System\siPUykV.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\xunHLZE.exe
  C:\Windows\System\xunHLZE.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\UkAwZpg.exe
  C:\Windows\System\UkAwZpg.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\lffsirW.exe
  C:\Windows\System\lffsirW.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\ZfkNZWI.exe
  C:\Windows\System\ZfkNZWI.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\imjqRBq.exe
  C:\Windows\System\imjqRBq.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\cAKBSdC.exe
  C:\Windows\System\cAKBSdC.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\DvjldbY.exe
  C:\Windows\System\DvjldbY.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\XnjHfpj.exe
  C:\Windows\System\XnjHfpj.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\LiOArKL.exe
  C:\Windows\System\LiOArKL.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\cQLLzfX.exe
  C:\Windows\System\cQLLzfX.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\HiIEhhd.exe
  C:\Windows\System\HiIEhhd.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\shsWUzz.exe
  C:\Windows\System\shsWUzz.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\RktjOcn.exe
  C:\Windows\System\RktjOcn.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\oFQwKfd.exe
  C:\Windows\System\oFQwKfd.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\IjBzbjF.exe
  C:\Windows\System\IjBzbjF.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\bABzuSh.exe
  C:\Windows\System\bABzuSh.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\xiEtVuC.exe
  C:\Windows\System\xiEtVuC.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\NbnTLOV.exe
  C:\Windows\System\NbnTLOV.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\wJfuesZ.exe
  C:\Windows\System\wJfuesZ.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\ygWyIZs.exe
  C:\Windows\System\ygWyIZs.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\PpLKAjL.exe
  C:\Windows\System\PpLKAjL.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\LJTLeOb.exe
  C:\Windows\System\LJTLeOb.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\JopPKyt.exe
  C:\Windows\System\JopPKyt.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\huOFSdr.exe
  C:\Windows\System\huOFSdr.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\deatwXO.exe
  C:\Windows\System\deatwXO.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\QbcRMns.exe
  C:\Windows\System\QbcRMns.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\FqjguoN.exe
  C:\Windows\System\FqjguoN.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\RvqtGHe.exe
  C:\Windows\System\RvqtGHe.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\nDkfdTv.exe
  C:\Windows\System\nDkfdTv.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\YxPbmRf.exe
  C:\Windows\System\YxPbmRf.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\vgqdHVp.exe
  C:\Windows\System\vgqdHVp.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\yHFSfwH.exe
  C:\Windows\System\yHFSfwH.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\swMkiXc.exe
  C:\Windows\System\swMkiXc.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\lOwOeym.exe
  C:\Windows\System\lOwOeym.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\FFiglxx.exe
  C:\Windows\System\FFiglxx.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\dXBNNuK.exe
  C:\Windows\System\dXBNNuK.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\GrKMhjg.exe
  C:\Windows\System\GrKMhjg.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\YdgPtqG.exe
  C:\Windows\System\YdgPtqG.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\RKudebo.exe
  C:\Windows\System\RKudebo.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\pVtktaD.exe
  C:\Windows\System\pVtktaD.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\jfLkuRw.exe
  C:\Windows\System\jfLkuRw.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\PaOimym.exe
  C:\Windows\System\PaOimym.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\GpgOuvc.exe
  C:\Windows\System\GpgOuvc.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\SurXJZU.exe
  C:\Windows\System\SurXJZU.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\ZUXGgtz.exe
  C:\Windows\System\ZUXGgtz.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\OZgNKWq.exe
  C:\Windows\System\OZgNKWq.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\RXNdltf.exe
  C:\Windows\System\RXNdltf.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\LtiHLzW.exe
  C:\Windows\System\LtiHLzW.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\FQROLSq.exe
  C:\Windows\System\FQROLSq.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\PRMJhhs.exe
  C:\Windows\System\PRMJhhs.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\fJOpleg.exe
  C:\Windows\System\fJOpleg.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\DjgckBc.exe
  C:\Windows\System\DjgckBc.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\fsusmHe.exe
  C:\Windows\System\fsusmHe.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\xbxSpsf.exe
  C:\Windows\System\xbxSpsf.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\gOqNrvb.exe
  C:\Windows\System\gOqNrvb.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\afjXlWL.exe
  C:\Windows\System\afjXlWL.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\sygNBDM.exe
  C:\Windows\System\sygNBDM.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\nxUtRXH.exe
  C:\Windows\System\nxUtRXH.exe
  2⤵
  PID:2592
- C:\Windows\System\zCkUzBN.exe
  C:\Windows\System\zCkUzBN.exe
  2⤵
  PID:3016
- C:\Windows\System\YfxnDvI.exe
  C:\Windows\System\YfxnDvI.exe
  2⤵
  PID:332
- C:\Windows\System\KiHQoUk.exe
  C:\Windows\System\KiHQoUk.exe
  2⤵
  PID:1640
- C:\Windows\System\KiNBwRL.exe
  C:\Windows\System\KiNBwRL.exe
  2⤵
  PID:1832
- C:\Windows\System\wEOZrEA.exe
  C:\Windows\System\wEOZrEA.exe
  2⤵
  PID:1644
- C:\Windows\System\LCDbHUG.exe
  C:\Windows\System\LCDbHUG.exe
  2⤵
  PID:1988
- C:\Windows\System\IFAEibI.exe
  C:\Windows\System\IFAEibI.exe
  2⤵
  PID:2768
- C:\Windows\System\nLzcztW.exe
  C:\Windows\System\nLzcztW.exe
  2⤵
  PID:2556
- C:\Windows\System\zJTexol.exe
  C:\Windows\System\zJTexol.exe
  2⤵
  PID:2644
- C:\Windows\System\rwCoBFS.exe
  C:\Windows\System\rwCoBFS.exe
  2⤵
  PID:1924
- C:\Windows\System\JeFtgMz.exe
  C:\Windows\System\JeFtgMz.exe
  2⤵
  PID:1380
- C:\Windows\System\ognPgar.exe
  C:\Windows\System\ognPgar.exe
  2⤵
  PID:2916
- C:\Windows\System\ONqdXGF.exe
  C:\Windows\System\ONqdXGF.exe
  2⤵
  PID:1092
- C:\Windows\System\kDZBxmy.exe
  C:\Windows\System\kDZBxmy.exe
  2⤵
  PID:2344
- C:\Windows\System\YeajHpe.exe
  C:\Windows\System\YeajHpe.exe
  2⤵
  PID:2956
- C:\Windows\System\bAYOeDr.exe
  C:\Windows\System\bAYOeDr.exe
  2⤵
  PID:2352
- C:\Windows\System\uHfngGe.exe
  C:\Windows\System\uHfngGe.exe
  2⤵
  PID:1692
- C:\Windows\System\ldxAglo.exe
  C:\Windows\System\ldxAglo.exe
  2⤵
  PID:448
- C:\Windows\System\DVAznNe.exe
  C:\Windows\System\DVAznNe.exe
  2⤵
  PID:856
- C:\Windows\System\kUqsXJq.exe
  C:\Windows\System\kUqsXJq.exe
  2⤵
  PID:2208
- C:\Windows\System\bQXsBCR.exe
  C:\Windows\System\bQXsBCR.exe
  2⤵
  PID:300
- C:\Windows\System\HtITZSm.exe
  C:\Windows\System\HtITZSm.exe
  2⤵
  PID:1392
- C:\Windows\System\IXjUBpU.exe
  C:\Windows\System\IXjUBpU.exe
  2⤵
  PID:1740
- C:\Windows\System\GSMpSFu.exe
  C:\Windows\System\GSMpSFu.exe
  2⤵
  PID:1876
- C:\Windows\System\oVOfMfz.exe
  C:\Windows\System\oVOfMfz.exe
  2⤵
  PID:1808
- C:\Windows\System\mtbMNta.exe
  C:\Windows\System\mtbMNta.exe
  2⤵
  PID:2364
- C:\Windows\System\qmfmINf.exe
  C:\Windows\System\qmfmINf.exe
  2⤵
  PID:3040
- C:\Windows\System\drOMaTm.exe
  C:\Windows\System\drOMaTm.exe
  2⤵
  PID:2488
- C:\Windows\System\drjxHYp.exe
  C:\Windows\System\drjxHYp.exe
  2⤵
  PID:2432
- C:\Windows\System\SihwFkA.exe
  C:\Windows\System\SihwFkA.exe
  2⤵
  PID:2660
- C:\Windows\System\GevSYau.exe
  C:\Windows\System\GevSYau.exe
  2⤵
  PID:3036
- C:\Windows\System\hdEhWbc.exe
  C:\Windows\System\hdEhWbc.exe
  2⤵
  PID:1564
- C:\Windows\System\jTSAcQa.exe
  C:\Windows\System\jTSAcQa.exe
  2⤵
  PID:1800
- C:\Windows\System\KpFefKS.exe
  C:\Windows\System\KpFefKS.exe
  2⤵
  PID:1676
- C:\Windows\System\NjlvTlF.exe
  C:\Windows\System\NjlvTlF.exe
  2⤵
  PID:2600
- C:\Windows\System\KfXfNUA.exe
  C:\Windows\System\KfXfNUA.exe
  2⤵
  PID:3008
- C:\Windows\System\srYjrkd.exe
  C:\Windows\System\srYjrkd.exe
  2⤵
  PID:2816
- C:\Windows\System\tjAhuZR.exe
  C:\Windows\System\tjAhuZR.exe
  2⤵
  PID:2632
- C:\Windows\System\qFngFsj.exe
  C:\Windows\System\qFngFsj.exe
  2⤵
  PID:1980
- C:\Windows\System\ZvCyoOz.exe
  C:\Windows\System\ZvCyoOz.exe
  2⤵
  PID:1232
- C:\Windows\System\hHSWPng.exe
  C:\Windows\System\hHSWPng.exe
  2⤵
  PID:2200
- C:\Windows\System\AlTHnmS.exe
  C:\Windows\System\AlTHnmS.exe
  2⤵
  PID:2176
- C:\Windows\System\BSSARWN.exe
  C:\Windows\System\BSSARWN.exe
  2⤵
  PID:2120
- C:\Windows\System\wHmMMpt.exe
  C:\Windows\System\wHmMMpt.exe
  2⤵
  PID:2108
- C:\Windows\System\YnMuOyB.exe
  C:\Windows\System\YnMuOyB.exe
  2⤵
  PID:1624
- C:\Windows\System\YaMcvlM.exe
  C:\Windows\System\YaMcvlM.exe
  2⤵
  PID:976
- C:\Windows\System\eWHkxeT.exe
  C:\Windows\System\eWHkxeT.exe
  2⤵
  PID:2320
- C:\Windows\System\szsGsXj.exe
  C:\Windows\System\szsGsXj.exe
  2⤵
  PID:1684
- C:\Windows\System\lMIoVjk.exe
  C:\Windows\System\lMIoVjk.exe
  2⤵
  PID:2964
- C:\Windows\System\pvCUpio.exe
  C:\Windows\System\pvCUpio.exe
  2⤵
  PID:2704
- C:\Windows\System\SWIAkcd.exe
  C:\Windows\System\SWIAkcd.exe
  2⤵
  PID:3076
- C:\Windows\System\AEpqxkR.exe
  C:\Windows\System\AEpqxkR.exe
  2⤵
  PID:3092
- C:\Windows\System\zRIPWfJ.exe
  C:\Windows\System\zRIPWfJ.exe
  2⤵
  PID:3108
- C:\Windows\System\XtUbUbn.exe
  C:\Windows\System\XtUbUbn.exe
  2⤵
  PID:3124
- C:\Windows\System\gbWsLjP.exe
  C:\Windows\System\gbWsLjP.exe
  2⤵
  PID:3140
- C:\Windows\System\XUkqVFM.exe
  C:\Windows\System\XUkqVFM.exe
  2⤵
  PID:3156
- C:\Windows\System\gWSfxin.exe
  C:\Windows\System\gWSfxin.exe
  2⤵
  PID:3172
- C:\Windows\System\VwBGEqC.exe
  C:\Windows\System\VwBGEqC.exe
  2⤵
  PID:3188
- C:\Windows\System\SvdIHpa.exe
  C:\Windows\System\SvdIHpa.exe
  2⤵
  PID:3212
- C:\Windows\System\WGVGloZ.exe
  C:\Windows\System\WGVGloZ.exe
  2⤵
  PID:3228
- C:\Windows\System\UMjiBhu.exe
  C:\Windows\System\UMjiBhu.exe
  2⤵
  PID:3244
- C:\Windows\System\yQgvIfi.exe
  C:\Windows\System\yQgvIfi.exe
  2⤵
  PID:3260
- C:\Windows\System\fKpavTp.exe
  C:\Windows\System\fKpavTp.exe
  2⤵
  PID:3276
- C:\Windows\System\mMpjOcV.exe
  C:\Windows\System\mMpjOcV.exe
  2⤵
  PID:3572
- C:\Windows\System\YZRGaot.exe
  C:\Windows\System\YZRGaot.exe
  2⤵
  PID:3588
- C:\Windows\System\cvBCQMy.exe
  C:\Windows\System\cvBCQMy.exe
  2⤵
  PID:3612
- C:\Windows\System\HjVFxMz.exe
  C:\Windows\System\HjVFxMz.exe
  2⤵
  PID:3632
- C:\Windows\System\htZZqZt.exe
  C:\Windows\System\htZZqZt.exe
  2⤵
  PID:3652
- C:\Windows\System\QsZAzFy.exe
  C:\Windows\System\QsZAzFy.exe
  2⤵
  PID:3668
- C:\Windows\System\aFtdzNj.exe
  C:\Windows\System\aFtdzNj.exe
  2⤵
  PID:3684
- C:\Windows\System\VcESeTF.exe
  C:\Windows\System\VcESeTF.exe
  2⤵
  PID:3700
- C:\Windows\System\HDTIzlX.exe
  C:\Windows\System\HDTIzlX.exe
  2⤵
  PID:3716
- C:\Windows\System\LrnFJbS.exe
  C:\Windows\System\LrnFJbS.exe
  2⤵
  PID:3740
- C:\Windows\System\smrzhVi.exe
  C:\Windows\System\smrzhVi.exe
  2⤵
  PID:3760
- C:\Windows\System\AogopTb.exe
  C:\Windows\System\AogopTb.exe
  2⤵
  PID:3776
- C:\Windows\System\HzvjrYJ.exe
  C:\Windows\System\HzvjrYJ.exe
  2⤵
  PID:3796
- C:\Windows\System\uVfNhdK.exe
  C:\Windows\System\uVfNhdK.exe
  2⤵
  PID:3820
- C:\Windows\System\CtdHTHl.exe
  C:\Windows\System\CtdHTHl.exe
  2⤵
  PID:3840
- C:\Windows\System\olhHXnT.exe
  C:\Windows\System\olhHXnT.exe
  2⤵
  PID:3860
- C:\Windows\System\uHiEcjf.exe
  C:\Windows\System\uHiEcjf.exe
  2⤵
  PID:3892
- C:\Windows\System\MglDkWp.exe
  C:\Windows\System\MglDkWp.exe
  2⤵
  PID:3912
- C:\Windows\System\cclTIgv.exe
  C:\Windows\System\cclTIgv.exe
  2⤵
  PID:3932
- C:\Windows\System\yPGKDCW.exe
  C:\Windows\System\yPGKDCW.exe
  2⤵
  PID:3948
- C:\Windows\System\kbfaQIe.exe
  C:\Windows\System\kbfaQIe.exe
  2⤵
  PID:3968
- C:\Windows\System\gjjLJGF.exe
  C:\Windows\System\gjjLJGF.exe
  2⤵
  PID:3992
- C:\Windows\System\nZVOLBK.exe
  C:\Windows\System\nZVOLBK.exe
  2⤵
  PID:4008
- C:\Windows\System\voycKdH.exe
  C:\Windows\System\voycKdH.exe
  2⤵
  PID:4032
- C:\Windows\System\zbzdTxe.exe
  C:\Windows\System\zbzdTxe.exe
  2⤵
  PID:4052
- C:\Windows\System\GGNqybb.exe
  C:\Windows\System\GGNqybb.exe
  2⤵
  PID:4068
- C:\Windows\System\YVQPrUJ.exe
  C:\Windows\System\YVQPrUJ.exe
  2⤵
  PID:4092
- C:\Windows\System\zFwGvnn.exe
  C:\Windows\System\zFwGvnn.exe
  2⤵
  PID:2484
- C:\Windows\System\wQEivab.exe
  C:\Windows\System\wQEivab.exe
  2⤵
  PID:1972
- C:\Windows\System\afqmGCI.exe
  C:\Windows\System\afqmGCI.exe
  2⤵
  PID:1792
- C:\Windows\System\loSZPXJ.exe
  C:\Windows\System\loSZPXJ.exe
  2⤵
  PID:2152
- C:\Windows\System\WDPjNrs.exe
  C:\Windows\System\WDPjNrs.exe
  2⤵
  PID:2684
- C:\Windows\System\OBakCfj.exe
  C:\Windows\System\OBakCfj.exe
  2⤵
  PID:1540
- C:\Windows\System\socVHqm.exe
  C:\Windows\System\socVHqm.exe
  2⤵
  PID:3104
- C:\Windows\System\SqrrwGf.exe
  C:\Windows\System\SqrrwGf.exe
  2⤵
  PID:3168
- C:\Windows\System\UmIKDEu.exe
  C:\Windows\System\UmIKDEu.exe
  2⤵
  PID:3236
- C:\Windows\System\zaHDtJD.exe
  C:\Windows\System\zaHDtJD.exe
  2⤵
  PID:3084
- C:\Windows\System\LgvUiXp.exe
  C:\Windows\System\LgvUiXp.exe
  2⤵
  PID:3152
- C:\Windows\System\pdhTbBm.exe
  C:\Windows\System\pdhTbBm.exe
  2⤵
  PID:3252
- C:\Windows\System\jOJwlnq.exe
  C:\Windows\System\jOJwlnq.exe
  2⤵
  PID:692
- C:\Windows\System\tzlVCbM.exe
  C:\Windows\System\tzlVCbM.exe
  2⤵
  PID:624
- C:\Windows\System\CtKuRjR.exe
  C:\Windows\System\CtKuRjR.exe
  2⤵
  PID:1588
- C:\Windows\System\jPcUlQO.exe
  C:\Windows\System\jPcUlQO.exe
  2⤵
  PID:1868
- C:\Windows\System\dEUekBV.exe
  C:\Windows\System\dEUekBV.exe
  2⤵
  PID:1112
- C:\Windows\System\uMsDvbK.exe
  C:\Windows\System\uMsDvbK.exe
  2⤵
  PID:308
- C:\Windows\System\sSARptp.exe
  C:\Windows\System\sSARptp.exe
  2⤵
  PID:2504
- C:\Windows\System\xhIfsoZ.exe
  C:\Windows\System\xhIfsoZ.exe
  2⤵
  PID:3044
- C:\Windows\System\fdiZnhZ.exe
  C:\Windows\System\fdiZnhZ.exe
  2⤵
  PID:3464
- C:\Windows\System\prbaJhZ.exe
  C:\Windows\System\prbaJhZ.exe
  2⤵
  PID:3484
- C:\Windows\System\uDZXGGi.exe
  C:\Windows\System\uDZXGGi.exe
  2⤵
  PID:3500
- C:\Windows\System\EEIimlV.exe
  C:\Windows\System\EEIimlV.exe
  2⤵
  PID:3524
- C:\Windows\System\vyiJTnm.exe
  C:\Windows\System\vyiJTnm.exe
  2⤵
  PID:3540
- C:\Windows\System\UzKUhlp.exe
  C:\Windows\System\UzKUhlp.exe
  2⤵
  PID:3556
- C:\Windows\System\lNVXOkX.exe
  C:\Windows\System\lNVXOkX.exe
  2⤵
  PID:3660
- C:\Windows\System\HALZTWv.exe
  C:\Windows\System\HALZTWv.exe
  2⤵
  PID:3732
- C:\Windows\System\JeSisvx.exe
  C:\Windows\System\JeSisvx.exe
  2⤵
  PID:3560
- C:\Windows\System\hwdWkss.exe
  C:\Windows\System\hwdWkss.exe
  2⤵
  PID:3600
- C:\Windows\System\DbdemHc.exe
  C:\Windows\System\DbdemHc.exe
  2⤵
  PID:3812
- C:\Windows\System\ddpqMCa.exe
  C:\Windows\System\ddpqMCa.exe
  2⤵
  PID:3680
- C:\Windows\System\fpFnAHV.exe
  C:\Windows\System\fpFnAHV.exe
  2⤵
  PID:3784
- C:\Windows\System\ttxWGmU.exe
  C:\Windows\System\ttxWGmU.exe
  2⤵
  PID:3832
- C:\Windows\System\yIlvynu.exe
  C:\Windows\System\yIlvynu.exe
  2⤵
  PID:3868
- C:\Windows\System\ybRitUZ.exe
  C:\Windows\System\ybRitUZ.exe
  2⤵
  PID:3900
- C:\Windows\System\sDedSNs.exe
  C:\Windows\System\sDedSNs.exe
  2⤵
  PID:3976
- C:\Windows\System\eBvgNWq.exe
  C:\Windows\System\eBvgNWq.exe
  2⤵
  PID:3928
- C:\Windows\System\sgJRxxH.exe
  C:\Windows\System\sgJRxxH.exe
  2⤵
  PID:3960
- C:\Windows\System\nuZCJka.exe
  C:\Windows\System\nuZCJka.exe
  2⤵
  PID:4064
- C:\Windows\System\wLMiZda.exe
  C:\Windows\System\wLMiZda.exe
  2⤵
  PID:4044
- C:\Windows\System\HjhqAvh.exe
  C:\Windows\System\HjhqAvh.exe
  2⤵
  PID:1452
- C:\Windows\System\QmabtKo.exe
  C:\Windows\System\QmabtKo.exe
  2⤵
  PID:4088
- C:\Windows\System\uWFuutk.exe
  C:\Windows\System\uWFuutk.exe
  2⤵
  PID:768
- C:\Windows\System\yXRhPpn.exe
  C:\Windows\System\yXRhPpn.exe
  2⤵
  PID:872
- C:\Windows\System\cmlidas.exe
  C:\Windows\System\cmlidas.exe
  2⤵
  PID:644
- C:\Windows\System\KdvFmgA.exe
  C:\Windows\System\KdvFmgA.exe
  2⤵
  PID:3136
- C:\Windows\System\wztoZMj.exe
  C:\Windows\System\wztoZMj.exe
  2⤵
  PID:3268
- C:\Windows\System\YNMmJKP.exe
  C:\Windows\System\YNMmJKP.exe
  2⤵
  PID:3184
- C:\Windows\System\BPbYXZl.exe
  C:\Windows\System\BPbYXZl.exe
  2⤵
  PID:3224
- C:\Windows\System\jPyxFoi.exe
  C:\Windows\System\jPyxFoi.exe
  2⤵
  PID:828
- C:\Windows\System\lCusuEM.exe
  C:\Windows\System\lCusuEM.exe
  2⤵
  PID:2648
- C:\Windows\System\XAVtBjR.exe
  C:\Windows\System\XAVtBjR.exe
  2⤵
  PID:1672
- C:\Windows\System\iMmowWG.exe
  C:\Windows\System\iMmowWG.exe
  2⤵
  PID:3456
- C:\Windows\System\VNvNxoK.exe
  C:\Windows\System\VNvNxoK.exe
  2⤵
  PID:1848
- C:\Windows\System\lgtEhCb.exe
  C:\Windows\System\lgtEhCb.exe
  2⤵
  PID:3584
- C:\Windows\System\FsxZVTp.exe
  C:\Windows\System\FsxZVTp.exe
  2⤵
  PID:3512
- C:\Windows\System\NSHRjCe.exe
  C:\Windows\System\NSHRjCe.exe
  2⤵
  PID:3736
- C:\Windows\System\sgtZQVg.exe
  C:\Windows\System\sgtZQVg.exe
  2⤵
  PID:3552
- C:\Windows\System\USrwTZO.exe
  C:\Windows\System\USrwTZO.exe
  2⤵
  PID:3804
- C:\Windows\System\rBIinAA.exe
  C:\Windows\System\rBIinAA.exe
  2⤵
  PID:3756
- C:\Windows\System\tufAMAa.exe
  C:\Windows\System\tufAMAa.exe
  2⤵
  PID:3604
- C:\Windows\System\zbMhxqc.exe
  C:\Windows\System\zbMhxqc.exe
  2⤵
  PID:3876
- C:\Windows\System\GqYPqwW.exe
  C:\Windows\System\GqYPqwW.exe
  2⤵
  PID:3956
- C:\Windows\System\ENPUFtS.exe
  C:\Windows\System\ENPUFtS.exe
  2⤵
  PID:4040
- C:\Windows\System\XGWaAcJ.exe
  C:\Windows\System\XGWaAcJ.exe
  2⤵
  PID:3676
- C:\Windows\System\YGLJUwr.exe
  C:\Windows\System\YGLJUwr.exe
  2⤵
  PID:3836
- C:\Windows\System\HUpSnCy.exe
  C:\Windows\System\HUpSnCy.exe
  2⤵
  PID:3884
- C:\Windows\System\MjoGuGc.exe
  C:\Windows\System\MjoGuGc.exe
  2⤵
  PID:3032
- C:\Windows\System\UsRnNvu.exe
  C:\Windows\System\UsRnNvu.exe
  2⤵
  PID:2856
- C:\Windows\System\kJibzLr.exe
  C:\Windows\System\kJibzLr.exe
  2⤵
  PID:3920
- C:\Windows\System\MUtSSdq.exe
  C:\Windows\System\MUtSSdq.exe
  2⤵
  PID:3964
- C:\Windows\System\cGBoKTX.exe
  C:\Windows\System\cGBoKTX.exe
  2⤵
  PID:2448
- C:\Windows\System\eYyWKsv.exe
  C:\Windows\System\eYyWKsv.exe
  2⤵
  PID:3496
- C:\Windows\System\JKYEHPE.exe
  C:\Windows\System\JKYEHPE.exe
  2⤵
  PID:3508
- C:\Windows\System\ZJUcXuC.exe
  C:\Windows\System\ZJUcXuC.exe
  2⤵
  PID:3548
- C:\Windows\System\uTXmqlo.exe
  C:\Windows\System\uTXmqlo.exe
  2⤵
  PID:3904
- C:\Windows\System\GFODuLl.exe
  C:\Windows\System\GFODuLl.exe
  2⤵
  PID:3120
- C:\Windows\System\rzCLIRU.exe
  C:\Windows\System\rzCLIRU.exe
  2⤵
  PID:3116
- C:\Windows\System\MYtZwkx.exe
  C:\Windows\System\MYtZwkx.exe
  2⤵
  PID:3828
- C:\Windows\System\NjTLJoZ.exe
  C:\Windows\System\NjTLJoZ.exe
  2⤵
  PID:2412
- C:\Windows\System\bWOGgnx.exe
  C:\Windows\System\bWOGgnx.exe
  2⤵
  PID:1928
- C:\Windows\System\tzGUStN.exe
  C:\Windows\System\tzGUStN.exe
  2⤵
  PID:4076
- C:\Windows\System\GbCCLkp.exe
  C:\Windows\System\GbCCLkp.exe
  2⤵
  PID:3692
- C:\Windows\System\vllzLOH.exe
  C:\Windows\System\vllzLOH.exe
  2⤵
  PID:3848
- C:\Windows\System\QxvQtHG.exe
  C:\Windows\System\QxvQtHG.exe
  2⤵
  PID:2164
- C:\Windows\System\iScrmDx.exe
  C:\Windows\System\iScrmDx.exe
  2⤵
  PID:3536
- C:\Windows\System\ZqKtHid.exe
  C:\Windows\System\ZqKtHid.exe
  2⤵
  PID:3624
- C:\Windows\System\NHOtFuy.exe
  C:\Windows\System\NHOtFuy.exe
  2⤵
  PID:3852
- C:\Windows\System\rXSvtoq.exe
  C:\Windows\System\rXSvtoq.exe
  2⤵
  PID:3444
- C:\Windows\System\kLwbAJo.exe
  C:\Windows\System\kLwbAJo.exe
  2⤵
  PID:4016
- C:\Windows\System\pAEXIKK.exe
  C:\Windows\System\pAEXIKK.exe
  2⤵
  PID:3768
- C:\Windows\System\NtiWatV.exe
  C:\Windows\System\NtiWatV.exe
  2⤵
  PID:3752
- C:\Windows\System\TeMhCkk.exe
  C:\Windows\System\TeMhCkk.exe
  2⤵
  PID:4108
- C:\Windows\System\FYrOXvC.exe
  C:\Windows\System\FYrOXvC.exe
  2⤵
  PID:4124
- C:\Windows\System\XWBOJbQ.exe
  C:\Windows\System\XWBOJbQ.exe
  2⤵
  PID:4140
- C:\Windows\System\AJTVPBQ.exe
  C:\Windows\System\AJTVPBQ.exe
  2⤵
  PID:4156
- C:\Windows\System\qNhsTru.exe
  C:\Windows\System\qNhsTru.exe
  2⤵
  PID:4172
- C:\Windows\System\MqNqxtV.exe
  C:\Windows\System\MqNqxtV.exe
  2⤵
  PID:4188
- C:\Windows\System\cMtpBiH.exe
  C:\Windows\System\cMtpBiH.exe
  2⤵
  PID:4204
- C:\Windows\System\TzOEmWo.exe
  C:\Windows\System\TzOEmWo.exe
  2⤵
  PID:4224
- C:\Windows\System\yZrAAYv.exe
  C:\Windows\System\yZrAAYv.exe
  2⤵
  PID:4240
- C:\Windows\System\PjEKxob.exe
  C:\Windows\System\PjEKxob.exe
  2⤵
  PID:4256
- C:\Windows\System\ZuxEoto.exe
  C:\Windows\System\ZuxEoto.exe
  2⤵
  PID:4272
- C:\Windows\System\WcKSjOB.exe
  C:\Windows\System\WcKSjOB.exe
  2⤵
  PID:4288
- C:\Windows\System\IdcxmYy.exe
  C:\Windows\System\IdcxmYy.exe
  2⤵
  PID:4308
- C:\Windows\System\OicoxYB.exe
  C:\Windows\System\OicoxYB.exe
  2⤵
  PID:4324
- C:\Windows\System\CRyjryR.exe
  C:\Windows\System\CRyjryR.exe
  2⤵
  PID:4340
- C:\Windows\System\AnMBoeI.exe
  C:\Windows\System\AnMBoeI.exe
  2⤵
  PID:4356
- C:\Windows\System\NzMAnHc.exe
  C:\Windows\System\NzMAnHc.exe
  2⤵
  PID:4372
- C:\Windows\System\MjmLQXf.exe
  C:\Windows\System\MjmLQXf.exe
  2⤵
  PID:4388
- C:\Windows\System\WtSaOuq.exe
  C:\Windows\System\WtSaOuq.exe
  2⤵
  PID:4404
- C:\Windows\System\APqakdT.exe
  C:\Windows\System\APqakdT.exe
  2⤵
  PID:4424
- C:\Windows\System\BSuGsED.exe
  C:\Windows\System\BSuGsED.exe
  2⤵
  PID:4468
- C:\Windows\System\gbLnILW.exe
  C:\Windows\System\gbLnILW.exe
  2⤵
  PID:4488
- C:\Windows\System\AwFUNSK.exe
  C:\Windows\System\AwFUNSK.exe
  2⤵
  PID:4516
- C:\Windows\System\IwUnqxM.exe
  C:\Windows\System\IwUnqxM.exe
  2⤵
  PID:4552
- C:\Windows\System\efPkXmk.exe
  C:\Windows\System\efPkXmk.exe
  2⤵
  PID:4568
- C:\Windows\System\haxYyrk.exe
  C:\Windows\System\haxYyrk.exe
  2⤵
  PID:4584
- C:\Windows\System\KTdabzd.exe
  C:\Windows\System\KTdabzd.exe
  2⤵
  PID:4600
- C:\Windows\System\CXJySwD.exe
  C:\Windows\System\CXJySwD.exe
  2⤵
  PID:4620
- C:\Windows\System\CmLJlGp.exe
  C:\Windows\System\CmLJlGp.exe
  2⤵
  PID:4636
- C:\Windows\System\yTIKJtP.exe
  C:\Windows\System\yTIKJtP.exe
  2⤵
  PID:4652
- C:\Windows\System\OWKtKth.exe
  C:\Windows\System\OWKtKth.exe
  2⤵
  PID:4668
- C:\Windows\System\fmFYqdP.exe
  C:\Windows\System\fmFYqdP.exe
  2⤵
  PID:4684
- C:\Windows\System\LMFfzoR.exe
  C:\Windows\System\LMFfzoR.exe
  2⤵
  PID:4700
- C:\Windows\System\aoKKwjg.exe
  C:\Windows\System\aoKKwjg.exe
  2⤵
  PID:4716
- C:\Windows\System\FnwwNvN.exe
  C:\Windows\System\FnwwNvN.exe
  2⤵
  PID:4732
- C:\Windows\System\BoYuCcE.exe
  C:\Windows\System\BoYuCcE.exe
  2⤵
  PID:4748
- C:\Windows\System\jjTylzp.exe
  C:\Windows\System\jjTylzp.exe
  2⤵
  PID:4764
- C:\Windows\System\OnuQQui.exe
  C:\Windows\System\OnuQQui.exe
  2⤵
  PID:4780
- C:\Windows\System\DCtWqyq.exe
  C:\Windows\System\DCtWqyq.exe
  2⤵
  PID:4796
- C:\Windows\System\lAcasgZ.exe
  C:\Windows\System\lAcasgZ.exe
  2⤵
  PID:4812
- C:\Windows\System\jkaIqPp.exe
  C:\Windows\System\jkaIqPp.exe
  2⤵
  PID:4828
- C:\Windows\System\eLIuMBF.exe
  C:\Windows\System\eLIuMBF.exe
  2⤵
  PID:4844
- C:\Windows\System\lJeKpFD.exe
  C:\Windows\System\lJeKpFD.exe
  2⤵
  PID:4860
- C:\Windows\System\QNbiraD.exe
  C:\Windows\System\QNbiraD.exe
  2⤵
  PID:4876
- C:\Windows\System\IKllLGR.exe
  C:\Windows\System\IKllLGR.exe
  2⤵
  PID:4892
- C:\Windows\System\JvPnDuT.exe
  C:\Windows\System\JvPnDuT.exe
  2⤵
  PID:4908
- C:\Windows\System\ifgQuPT.exe
  C:\Windows\System\ifgQuPT.exe
  2⤵
  PID:4928
- C:\Windows\System\IRxYfcv.exe
  C:\Windows\System\IRxYfcv.exe
  2⤵
  PID:4944
- C:\Windows\System\ohctAsZ.exe
  C:\Windows\System\ohctAsZ.exe
  2⤵
  PID:4960
- C:\Windows\System\mVBBMqB.exe
  C:\Windows\System\mVBBMqB.exe
  2⤵
  PID:4976
- C:\Windows\System\fWGTfOY.exe
  C:\Windows\System\fWGTfOY.exe
  2⤵
  PID:4992
- C:\Windows\System\ppgslvp.exe
  C:\Windows\System\ppgslvp.exe
  2⤵
  PID:5008
- C:\Windows\System\KsPfUVq.exe
  C:\Windows\System\KsPfUVq.exe
  2⤵
  PID:5024
- C:\Windows\System\iftiywV.exe
  C:\Windows\System\iftiywV.exe
  2⤵
  PID:5040
- C:\Windows\System\buqPAjJ.exe
  C:\Windows\System\buqPAjJ.exe
  2⤵
  PID:5056
- C:\Windows\System\CcsmLdY.exe
  C:\Windows\System\CcsmLdY.exe
  2⤵
  PID:5072
- C:\Windows\System\WJaZzZa.exe
  C:\Windows\System\WJaZzZa.exe
  2⤵
  PID:5088
- C:\Windows\System\RxQIwKu.exe
  C:\Windows\System\RxQIwKu.exe
  2⤵
  PID:5104
- C:\Windows\System\AwflwFp.exe
  C:\Windows\System\AwflwFp.exe
  2⤵
  PID:2868
- C:\Windows\System\TXrARpz.exe
  C:\Windows\System\TXrARpz.exe
  2⤵
  PID:3148
- C:\Windows\System\hmWUTJq.exe
  C:\Windows\System\hmWUTJq.exe
  2⤵
  PID:696
- C:\Windows\System\skoOsvd.exe
  C:\Windows\System\skoOsvd.exe
  2⤵
  PID:3596
- C:\Windows\System\DPmDdpx.exe
  C:\Windows\System\DPmDdpx.exe
  2⤵
  PID:3628
- C:\Windows\System\MoCXxxb.exe
  C:\Windows\System\MoCXxxb.exe
  2⤵
  PID:1188
- C:\Windows\System\JHRXaQr.exe
  C:\Windows\System\JHRXaQr.exe
  2⤵
  PID:4148
- C:\Windows\System\mNBfZxy.exe
  C:\Windows\System\mNBfZxy.exe
  2⤵
  PID:4168
- C:\Windows\System\cLtMXDL.exe
  C:\Windows\System\cLtMXDL.exe
  2⤵
  PID:4212
- C:\Windows\System\WTWfpYO.exe
  C:\Windows\System\WTWfpYO.exe
  2⤵
  PID:4300
- C:\Windows\System\yNczpRE.exe
  C:\Windows\System\yNczpRE.exe
  2⤵
  PID:4196
- C:\Windows\System\SKrlSnb.exe
  C:\Windows\System\SKrlSnb.exe
  2⤵
  PID:4248
- C:\Windows\System\VbaOLfF.exe
  C:\Windows\System\VbaOLfF.exe
  2⤵
  PID:4316
- C:\Windows\System\ugRMqwW.exe
  C:\Windows\System\ugRMqwW.exe
  2⤵
  PID:4380
- C:\Windows\System\byhrYyf.exe
  C:\Windows\System\byhrYyf.exe
  2⤵
  PID:4296
- C:\Windows\System\wjcrShc.exe
  C:\Windows\System\wjcrShc.exe
  2⤵
  PID:4396
- C:\Windows\System\higqrtL.exe
  C:\Windows\System\higqrtL.exe
  2⤵
  PID:4476
- C:\Windows\System\FYINIvf.exe
  C:\Windows\System\FYINIvf.exe
  2⤵
  PID:4436
- C:\Windows\System\TQLlqGo.exe
  C:\Windows\System\TQLlqGo.exe
  2⤵
  PID:4452
- C:\Windows\System\TETdJJq.exe
  C:\Windows\System\TETdJJq.exe
  2⤵
  PID:4528
- C:\Windows\System\katCfvt.exe
  C:\Windows\System\katCfvt.exe
  2⤵
  PID:4544
- C:\Windows\System\uKwnxAu.exe
  C:\Windows\System\uKwnxAu.exe
  2⤵
  PID:4496
- C:\Windows\System\DiOhKPA.exe
  C:\Windows\System\DiOhKPA.exe
  2⤵
  PID:4760
- C:\Windows\System\FpFtqhN.exe
  C:\Windows\System\FpFtqhN.exe
  2⤵
  PID:4776
- C:\Windows\System\PrCFAhb.exe
  C:\Windows\System\PrCFAhb.exe
  2⤵
  PID:4728
- C:\Windows\System\tAOTVhD.exe
  C:\Windows\System\tAOTVhD.exe
  2⤵
  PID:4856
- C:\Windows\System\QmFZZxm.exe
  C:\Windows\System\QmFZZxm.exe
  2⤵
  PID:4924
- C:\Windows\System\RyhwJed.exe
  C:\Windows\System\RyhwJed.exe
  2⤵
  PID:4988
- C:\Windows\System\AJtXKEg.exe
  C:\Windows\System\AJtXKEg.exe
  2⤵
  PID:5048
- C:\Windows\System\QnCPtRi.exe
  C:\Windows\System\QnCPtRi.exe
  2⤵
  PID:4904
- C:\Windows\System\QgbjFeT.exe
  C:\Windows\System\QgbjFeT.exe
  2⤵
  PID:5052
- C:\Windows\System\zQukMxz.exe
  C:\Windows\System\zQukMxz.exe
  2⤵
  PID:5000
- C:\Windows\System\BnAwVRB.exe
  C:\Windows\System\BnAwVRB.exe
  2⤵
  PID:5064
- C:\Windows\System\mUMzdRd.exe
  C:\Windows\System\mUMzdRd.exe
  2⤵
  PID:5096
- C:\Windows\System\BBDaNcl.exe
  C:\Windows\System\BBDaNcl.exe
  2⤵
  PID:5084
- C:\Windows\System\UldbxgS.exe
  C:\Windows\System\UldbxgS.exe
  2⤵
  PID:5116
- C:\Windows\System\EXIFAkE.exe
  C:\Windows\System\EXIFAkE.exe
  2⤵
  PID:4180
- C:\Windows\System\hXjAwsn.exe
  C:\Windows\System\hXjAwsn.exe
  2⤵
  PID:4184
- C:\Windows\System\iwtYYAk.exe
  C:\Windows\System\iwtYYAk.exe
  2⤵
  PID:4348
- C:\Windows\System\ctUExKs.exe
  C:\Windows\System\ctUExKs.exe
  2⤵
  PID:4420
- C:\Windows\System\MUTWpkl.exe
  C:\Windows\System\MUTWpkl.exe
  2⤵
  PID:4540
- C:\Windows\System\nVyDhmX.exe
  C:\Windows\System\nVyDhmX.exe
  2⤵
  PID:4412
- C:\Windows\System\bBQvEdf.exe
  C:\Windows\System\bBQvEdf.exe
  2⤵
  PID:4560
- C:\Windows\System\NGjnrwo.exe
  C:\Windows\System\NGjnrwo.exe
  2⤵
  PID:4268
- C:\Windows\System\DyrZAKB.exe
  C:\Windows\System\DyrZAKB.exe
  2⤵
  PID:4680
- C:\Windows\System\NMXnjjj.exe
  C:\Windows\System\NMXnjjj.exe
  2⤵
  PID:4608
- C:\Windows\System\mvZdqrn.exe
  C:\Windows\System\mvZdqrn.exe
  2⤵
  PID:4508
- C:\Windows\System\OopyBpZ.exe
  C:\Windows\System\OopyBpZ.exe
  2⤵
  PID:4756
- C:\Windows\System\xLjbYQJ.exe
  C:\Windows\System\xLjbYQJ.exe
  2⤵
  PID:4916
- C:\Windows\System\ltOyQFr.exe
  C:\Windows\System\ltOyQFr.exe
  2⤵
  PID:4772
- C:\Windows\System\FVoNgqw.exe
  C:\Windows\System\FVoNgqw.exe
  2⤵
  PID:4984
- C:\Windows\System\FCLOOKV.exe
  C:\Windows\System\FCLOOKV.exe
  2⤵
  PID:4724
- C:\Windows\System\vrOzPXD.exe
  C:\Windows\System\vrOzPXD.exe
  2⤵
  PID:3888
- C:\Windows\System\dmCEBaE.exe
  C:\Windows\System\dmCEBaE.exe
  2⤵
  PID:3988
- C:\Windows\System\qvgVlhd.exe
  C:\Windows\System\qvgVlhd.exe
  2⤵
  PID:4120
- C:\Windows\System\ovsQsYv.exe
  C:\Windows\System\ovsQsYv.exe
  2⤵
  PID:4444
- C:\Windows\System\BoOjEmS.exe
  C:\Windows\System\BoOjEmS.exe
  2⤵
  PID:4336
- C:\Windows\System\TgjTkPw.exe
  C:\Windows\System\TgjTkPw.exe
  2⤵
  PID:4524
- C:\Windows\System\tBIsuhU.exe
  C:\Windows\System\tBIsuhU.exe
  2⤵
  PID:4664
- C:\Windows\System\YwWDVXw.exe
  C:\Windows\System\YwWDVXw.exe
  2⤵
  PID:4628
- C:\Windows\System\qMbgZjR.exe
  C:\Windows\System\qMbgZjR.exe
  2⤵
  PID:5020
- C:\Windows\System\DYvSMOG.exe
  C:\Windows\System\DYvSMOG.exe
  2⤵
  PID:4696
- C:\Windows\System\yXyyYPG.exe
  C:\Windows\System\yXyyYPG.exe
  2⤵
  PID:4788
- C:\Windows\System\utvnWzc.exe
  C:\Windows\System\utvnWzc.exe
  2⤵
  PID:4164
- C:\Windows\System\jdMXPyM.exe
  C:\Windows\System\jdMXPyM.exe
  2⤵
  PID:4920
- C:\Windows\System\XuyyQkH.exe
  C:\Windows\System\XuyyQkH.exe
  2⤵
  PID:4500
- C:\Windows\System\hietgoP.exe
  C:\Windows\System\hietgoP.exe
  2⤵
  PID:5068
- C:\Windows\System\IWCwPgd.exe
  C:\Windows\System\IWCwPgd.exe
  2⤵
  PID:4332
- C:\Windows\System\pErjnZQ.exe
  C:\Windows\System\pErjnZQ.exe
  2⤵
  PID:4660
- C:\Windows\System\tcpFQbi.exe
  C:\Windows\System\tcpFQbi.exe
  2⤵
  PID:4900
- C:\Windows\System\FmbANAu.exe
  C:\Windows\System\FmbANAu.exe
  2⤵
  PID:4616
- C:\Windows\System\pSXlndv.exe
  C:\Windows\System\pSXlndv.exe
  2⤵
  PID:4200
- C:\Windows\System\gUkOJNg.exe
  C:\Windows\System\gUkOJNg.exe
  2⤵
  PID:4432
- C:\Windows\System\JPDfViZ.exe
  C:\Windows\System\JPDfViZ.exe
  2⤵
  PID:4512
- C:\Windows\System\hRDLMCh.exe
  C:\Windows\System\hRDLMCh.exe
  2⤵
  PID:4708
- C:\Windows\System\FseCLyl.exe
  C:\Windows\System\FseCLyl.exe
  2⤵
  PID:4712
- C:\Windows\System\YQMzYlT.exe
  C:\Windows\System\YQMzYlT.exe
  2⤵
  PID:5136
- C:\Windows\System\XNlWDJF.exe
  C:\Windows\System\XNlWDJF.exe
  2⤵
  PID:5156
- C:\Windows\System\lKBykAb.exe
  C:\Windows\System\lKBykAb.exe
  2⤵
  PID:5172
- C:\Windows\System\geLaPVr.exe
  C:\Windows\System\geLaPVr.exe
  2⤵
  PID:5188
- C:\Windows\System\IlzaObM.exe
  C:\Windows\System\IlzaObM.exe
  2⤵
  PID:5208
- C:\Windows\System\UFhPPUx.exe
  C:\Windows\System\UFhPPUx.exe
  2⤵
  PID:5228
- C:\Windows\System\BSNeKPJ.exe
  C:\Windows\System\BSNeKPJ.exe
  2⤵
  PID:5248
- C:\Windows\System\qcEFjTW.exe
  C:\Windows\System\qcEFjTW.exe
  2⤵
  PID:5264
- C:\Windows\System\JmmFJIg.exe
  C:\Windows\System\JmmFJIg.exe
  2⤵
  PID:5280
- C:\Windows\System\edTVYdl.exe
  C:\Windows\System\edTVYdl.exe
  2⤵
  PID:5308
- C:\Windows\System\JboRlwc.exe
  C:\Windows\System\JboRlwc.exe
  2⤵
  PID:5352
- C:\Windows\System\wHEhgQk.exe
  C:\Windows\System\wHEhgQk.exe
  2⤵
  PID:5368
- C:\Windows\System\mhKVSet.exe
  C:\Windows\System\mhKVSet.exe
  2⤵
  PID:5384
- C:\Windows\System\OuwCtEC.exe
  C:\Windows\System\OuwCtEC.exe
  2⤵
  PID:5400
- C:\Windows\System\VWERzZP.exe
  C:\Windows\System\VWERzZP.exe
  2⤵
  PID:5416
- C:\Windows\System\cykVpqc.exe
  C:\Windows\System\cykVpqc.exe
  2⤵
  PID:5432
- C:\Windows\System\dobaxhB.exe
  C:\Windows\System\dobaxhB.exe
  2⤵
  PID:5448
- C:\Windows\System\LHRMEXV.exe
  C:\Windows\System\LHRMEXV.exe
  2⤵
  PID:5468
- C:\Windows\System\JnndJvB.exe
  C:\Windows\System\JnndJvB.exe
  2⤵
  PID:5484
- C:\Windows\System\TlTBjNt.exe
  C:\Windows\System\TlTBjNt.exe
  2⤵
  PID:5500
- C:\Windows\System\GzLMfRS.exe
  C:\Windows\System\GzLMfRS.exe
  2⤵
  PID:5516
- C:\Windows\System\UfsLUqH.exe
  C:\Windows\System\UfsLUqH.exe
  2⤵
  PID:5572
- C:\Windows\System\upDUFRD.exe
  C:\Windows\System\upDUFRD.exe
  2⤵
  PID:5588
- C:\Windows\System\aYEmMcA.exe
  C:\Windows\System\aYEmMcA.exe
  2⤵
  PID:5608
- C:\Windows\System\fzHxcEH.exe
  C:\Windows\System\fzHxcEH.exe
  2⤵
  PID:5624
- C:\Windows\System\SxYksBB.exe
  C:\Windows\System\SxYksBB.exe
  2⤵
  PID:5644
- C:\Windows\System\eVSRkkL.exe
  C:\Windows\System\eVSRkkL.exe
  2⤵
  PID:5660
- C:\Windows\System\pvqPFvK.exe
  C:\Windows\System\pvqPFvK.exe
  2⤵
  PID:5676
- C:\Windows\System\FBGNCmz.exe
  C:\Windows\System\FBGNCmz.exe
  2⤵
  PID:5696
- C:\Windows\System\qtKLqot.exe
  C:\Windows\System\qtKLqot.exe
  2⤵
  PID:5716
- C:\Windows\System\RXpGnYW.exe
  C:\Windows\System\RXpGnYW.exe
  2⤵
  PID:5732
- C:\Windows\System\gLVMZPm.exe
  C:\Windows\System\gLVMZPm.exe
  2⤵
  PID:5752
- C:\Windows\System\MRWnQpp.exe
  C:\Windows\System\MRWnQpp.exe
  2⤵
  PID:5772
- C:\Windows\System\vxSNylg.exe
  C:\Windows\System\vxSNylg.exe
  2⤵
  PID:5792
- C:\Windows\System\iApBpvJ.exe
  C:\Windows\System\iApBpvJ.exe
  2⤵
  PID:5808
- C:\Windows\System\mOtnaUj.exe
  C:\Windows\System\mOtnaUj.exe
  2⤵
  PID:5828
- C:\Windows\System\nxoKkBV.exe
  C:\Windows\System\nxoKkBV.exe
  2⤵
  PID:5844
- C:\Windows\System\zwYemxT.exe
  C:\Windows\System\zwYemxT.exe
  2⤵
  PID:5864
- C:\Windows\System\QQjGuHd.exe
  C:\Windows\System\QQjGuHd.exe
  2⤵
  PID:5880
- C:\Windows\System\SzGDLpk.exe
  C:\Windows\System\SzGDLpk.exe
  2⤵
  PID:5896
- C:\Windows\System\huVhvkC.exe
  C:\Windows\System\huVhvkC.exe
  2⤵
  PID:5912
- C:\Windows\System\UcDdUyG.exe
  C:\Windows\System\UcDdUyG.exe
  2⤵
  PID:5928
- C:\Windows\System\VzGBxep.exe
  C:\Windows\System\VzGBxep.exe
  2⤵
  PID:5944
- C:\Windows\System\cdiIttr.exe
  C:\Windows\System\cdiIttr.exe
  2⤵
  PID:5960
- C:\Windows\System\WnGLUNV.exe
  C:\Windows\System\WnGLUNV.exe
  2⤵
  PID:5976
- C:\Windows\System\lifepiz.exe
  C:\Windows\System\lifepiz.exe
  2⤵
  PID:5996
- C:\Windows\System\SjpvoMX.exe
  C:\Windows\System\SjpvoMX.exe
  2⤵
  PID:6016
- C:\Windows\System\PsMPaLT.exe
  C:\Windows\System\PsMPaLT.exe
  2⤵
  PID:6032
- C:\Windows\System\RMGMfrw.exe
  C:\Windows\System\RMGMfrw.exe
  2⤵
  PID:6056
- C:\Windows\System\rcBTFJO.exe
  C:\Windows\System\rcBTFJO.exe
  2⤵
  PID:6072
- C:\Windows\System\WQTazxG.exe
  C:\Windows\System\WQTazxG.exe
  2⤵
  PID:6088
- C:\Windows\System\CcpeVuF.exe
  C:\Windows\System\CcpeVuF.exe
  2⤵
  PID:6108
- C:\Windows\System\PLVhaiI.exe
  C:\Windows\System\PLVhaiI.exe
  2⤵
  PID:6124
- C:\Windows\System\muPMNPm.exe
  C:\Windows\System\muPMNPm.exe
  2⤵
  PID:6140
- C:\Windows\System\walEHuN.exe
  C:\Windows\System\walEHuN.exe
  2⤵
  PID:3460
- C:\Windows\System\NHRBliJ.exe
  C:\Windows\System\NHRBliJ.exe
  2⤵
  PID:4676
- C:\Windows\System\cyxmVtP.exe
  C:\Windows\System\cyxmVtP.exe
  2⤵
  PID:5216
- C:\Windows\System\hTcdYHG.exe
  C:\Windows\System\hTcdYHG.exe
  2⤵
  PID:5260
- C:\Windows\System\NOcAGIs.exe
  C:\Windows\System\NOcAGIs.exe
  2⤵
  PID:5276
- C:\Windows\System\HboRije.exe
  C:\Windows\System\HboRije.exe
  2⤵
  PID:5332
- C:\Windows\System\zdDWgRz.exe
  C:\Windows\System\zdDWgRz.exe
  2⤵
  PID:5328
- C:\Windows\System\sGqmUhC.exe
  C:\Windows\System\sGqmUhC.exe
  2⤵
  PID:5348
- C:\Windows\System\zRJkDFX.exe
  C:\Windows\System\zRJkDFX.exe
  2⤵
  PID:5376
- C:\Windows\System\RMvDOkv.exe
  C:\Windows\System\RMvDOkv.exe
  2⤵
  PID:5440
- C:\Windows\System\PYpScrU.exe
  C:\Windows\System\PYpScrU.exe
  2⤵
  PID:5508
- C:\Windows\System\qJooBUP.exe
  C:\Windows\System\qJooBUP.exe
  2⤵
  PID:5492
- C:\Windows\System\nESLeuL.exe
  C:\Windows\System\nESLeuL.exe
  2⤵
  PID:5424
- C:\Windows\System\TulGpbg.exe
  C:\Windows\System\TulGpbg.exe
  2⤵
  PID:5580
- C:\Windows\System\xZGPuTG.exe
  C:\Windows\System\xZGPuTG.exe
  2⤵
  PID:5656
- C:\Windows\System\kFHMZye.exe
  C:\Windows\System\kFHMZye.exe
  2⤵
  PID:5728
- C:\Windows\System\eJQMmSb.exe
  C:\Windows\System\eJQMmSb.exe
  2⤵
  PID:5768
- C:\Windows\System\ROPMbFi.exe
  C:\Windows\System\ROPMbFi.exe
  2⤵
  PID:5872
- C:\Windows\System\EXgfCtY.exe
  C:\Windows\System\EXgfCtY.exe
  2⤵
  PID:5936
- C:\Windows\System\sZmdWcu.exe
  C:\Windows\System\sZmdWcu.exe
  2⤵
  PID:6008
- C:\Windows\System\kHlMuVD.exe
  C:\Windows\System\kHlMuVD.exe
  2⤵
  PID:6044
- C:\Windows\System\txKVjmI.exe
  C:\Windows\System\txKVjmI.exe
  2⤵
  PID:5816
- C:\Windows\System\csqylyB.exe
  C:\Windows\System\csqylyB.exe
  2⤵
  PID:5924
- C:\Windows\System\xDnIwMk.exe
  C:\Windows\System\xDnIwMk.exe
  2⤵
  PID:5988
- C:\Windows\System\FaLDdKV.exe
  C:\Windows\System\FaLDdKV.exe
  2⤵
  PID:6064
- C:\Windows\System\bBeAoaP.exe
  C:\Windows\System\bBeAoaP.exe
  2⤵
  PID:6084
- C:\Windows\System\mFfrPrW.exe
  C:\Windows\System\mFfrPrW.exe
  2⤵
  PID:6096
- C:\Windows\System\ADfNwvh.exe
  C:\Windows\System\ADfNwvh.exe
  2⤵
  PID:6136
- C:\Windows\System\wpiLPbO.exe
  C:\Windows\System\wpiLPbO.exe
  2⤵
  PID:5780
- C:\Windows\System\ffPvOsc.exe
  C:\Windows\System\ffPvOsc.exe
  2⤵
  PID:5344
- C:\Windows\System\WvxFHMF.exe
  C:\Windows\System\WvxFHMF.exe
  2⤵
  PID:5236
- C:\Windows\System\mVJaMsA.exe
  C:\Windows\System\mVJaMsA.exe
  2⤵
  PID:5316
- C:\Windows\System\WdKPiXy.exe
  C:\Windows\System\WdKPiXy.exe
  2⤵
  PID:5296
- C:\Windows\System\SSMhlcC.exe
  C:\Windows\System\SSMhlcC.exe
  2⤵
  PID:5152
- C:\Windows\System\SNwzzQV.exe
  C:\Windows\System\SNwzzQV.exe
  2⤵
  PID:5392
- C:\Windows\System\xfMOEVh.exe
  C:\Windows\System\xfMOEVh.exe
  2⤵
  PID:5524
- C:\Windows\System\aNlRzgN.exe
  C:\Windows\System\aNlRzgN.exe
  2⤵
  PID:5548
- C:\Windows\System\EYTDXGy.exe
  C:\Windows\System\EYTDXGy.exe
  2⤵
  PID:5568
- C:\Windows\System\tnlGnDi.exe
  C:\Windows\System\tnlGnDi.exe
  2⤵
  PID:5604
- C:\Windows\System\BevaOTe.exe
  C:\Windows\System\BevaOTe.exe
  2⤵
  PID:5840
- C:\Windows\System\upxdaWH.exe
  C:\Windows\System\upxdaWH.exe
  2⤵
  PID:5272
- C:\Windows\System\cugsVJw.exe
  C:\Windows\System\cugsVJw.exe
  2⤵
  PID:5364
- C:\Windows\System\dxgwHlM.exe
  C:\Windows\System\dxgwHlM.exe
  2⤵
  PID:5620
- C:\Windows\System\sSJoaZC.exe
  C:\Windows\System\sSJoaZC.exe
  2⤵
  PID:5692
- C:\Windows\System\TXrQWzK.exe
  C:\Windows\System\TXrQWzK.exe
  2⤵
  PID:5860
- C:\Windows\System\sbKiMde.exe
  C:\Windows\System\sbKiMde.exe
  2⤵
  PID:6120
- C:\Windows\System\sztNdwO.exe
  C:\Windows\System\sztNdwO.exe
  2⤵
  PID:5788
- C:\Windows\System\RtXRoQy.exe
  C:\Windows\System\RtXRoQy.exe
  2⤵
  PID:5984
- C:\Windows\System\yPcRZjg.exe
  C:\Windows\System\yPcRZjg.exe
  2⤵
  PID:5288
- C:\Windows\System\bTpMHdZ.exe
  C:\Windows\System\bTpMHdZ.exe
  2⤵
  PID:5512
- C:\Windows\System\QayildN.exe
  C:\Windows\System\QayildN.exe
  2⤵
  PID:6080
- C:\Windows\System\aBPbTHi.exe
  C:\Windows\System\aBPbTHi.exe
  2⤵
  PID:5168
- C:\Windows\System\IClHQvE.exe
  C:\Windows\System\IClHQvE.exe
  2⤵
  PID:5224
- C:\Windows\System\vMcRXIo.exe
  C:\Windows\System\vMcRXIo.exe
  2⤵
  PID:5148
- C:\Windows\System\llKxmNG.exe
  C:\Windows\System\llKxmNG.exe
  2⤵
  PID:5556
- C:\Windows\System\nyJEJuJ.exe
  C:\Windows\System\nyJEJuJ.exe
  2⤵
  PID:5836
- C:\Windows\System\ZBRbXAE.exe
  C:\Windows\System\ZBRbXAE.exe
  2⤵
  PID:6052
- C:\Windows\System\CmQCmad.exe
  C:\Windows\System\CmQCmad.exe
  2⤵
  PID:5892
- C:\Windows\System\UqKjBSb.exe
  C:\Windows\System\UqKjBSb.exe
  2⤵
  PID:5164
- C:\Windows\System\JAqinmD.exe
  C:\Windows\System\JAqinmD.exe
  2⤵
  PID:5972
- C:\Windows\System\jKDsVYl.exe
  C:\Windows\System\jKDsVYl.exe
  2⤵
  PID:5908
- C:\Windows\System\hocvYHO.exe
  C:\Windows\System\hocvYHO.exe
  2⤵
  PID:5708
- C:\Windows\System\fpZRebS.exe
  C:\Windows\System\fpZRebS.exe
  2⤵
  PID:5784
- C:\Windows\System\DkZkJLp.exe
  C:\Windows\System\DkZkJLp.exe
  2⤵
  PID:3300
- C:\Windows\System\GeooCRB.exe
  C:\Windows\System\GeooCRB.exe
  2⤵
  PID:3400
- C:\Windows\System\zmWmykJ.exe
  C:\Windows\System\zmWmykJ.exe
  2⤵
  PID:5340
- C:\Windows\System\QjMAtyt.exe
  C:\Windows\System\QjMAtyt.exe
  2⤵
  PID:6024
- C:\Windows\System\MLKlAmd.exe
  C:\Windows\System\MLKlAmd.exe
  2⤵
  PID:6164
- C:\Windows\System\lhxYKwy.exe
  C:\Windows\System\lhxYKwy.exe
  2⤵
  PID:6184
- C:\Windows\System\AJRhqjP.exe
  C:\Windows\System\AJRhqjP.exe
  2⤵
  PID:6200
- C:\Windows\System\EyJTPrb.exe
  C:\Windows\System\EyJTPrb.exe
  2⤵
  PID:6216
- C:\Windows\System\TmSBWgE.exe
  C:\Windows\System\TmSBWgE.exe
  2⤵
  PID:6232
- C:\Windows\System\TFTqfqe.exe
  C:\Windows\System\TFTqfqe.exe
  2⤵
  PID:6248
- C:\Windows\System\ZqZHjXU.exe
  C:\Windows\System\ZqZHjXU.exe
  2⤵
  PID:6268
- C:\Windows\System\eZzRqhA.exe
  C:\Windows\System\eZzRqhA.exe
  2⤵
  PID:6284
- C:\Windows\System\AOCMfZt.exe
  C:\Windows\System\AOCMfZt.exe
  2⤵
  PID:6300
- C:\Windows\System\uYkIvdm.exe
  C:\Windows\System\uYkIvdm.exe
  2⤵
  PID:6316
- C:\Windows\System\kizTcOu.exe
  C:\Windows\System\kizTcOu.exe
  2⤵
  PID:6332
- C:\Windows\System\aGQAPtX.exe
  C:\Windows\System\aGQAPtX.exe
  2⤵
  PID:6348
- C:\Windows\System\NzvsWTP.exe
  C:\Windows\System\NzvsWTP.exe
  2⤵
  PID:6364
- C:\Windows\System\tElzDzy.exe
  C:\Windows\System\tElzDzy.exe
  2⤵
  PID:6380
- C:\Windows\System\FmwyOzi.exe
  C:\Windows\System\FmwyOzi.exe
  2⤵
  PID:6396
- C:\Windows\System\XLYMuWD.exe
  C:\Windows\System\XLYMuWD.exe
  2⤵
  PID:6412
- C:\Windows\System\SdoJqxF.exe
  C:\Windows\System\SdoJqxF.exe
  2⤵
  PID:6432
- C:\Windows\System\oEziGLS.exe
  C:\Windows\System\oEziGLS.exe
  2⤵
  PID:6448
- C:\Windows\System\yMwrvya.exe
  C:\Windows\System\yMwrvya.exe
  2⤵
  PID:6464
- C:\Windows\System\hyFkpfn.exe
  C:\Windows\System\hyFkpfn.exe
  2⤵
  PID:6480
- C:\Windows\System\QCjRBAj.exe
  C:\Windows\System\QCjRBAj.exe
  2⤵
  PID:6496
- C:\Windows\System\cihxQKl.exe
  C:\Windows\System\cihxQKl.exe
  2⤵
  PID:6512
- C:\Windows\System\qGEfVRp.exe
  C:\Windows\System\qGEfVRp.exe
  2⤵
  PID:6528
- C:\Windows\System\UwoMIpv.exe
  C:\Windows\System\UwoMIpv.exe
  2⤵
  PID:6544
- C:\Windows\System\wbsZUSs.exe
  C:\Windows\System\wbsZUSs.exe
  2⤵
  PID:6560
- C:\Windows\System\bkSPtDX.exe
  C:\Windows\System\bkSPtDX.exe
  2⤵
  PID:6608
- C:\Windows\System\MhrahoY.exe
  C:\Windows\System\MhrahoY.exe
  2⤵
  PID:6628
- C:\Windows\System\NbMjHsu.exe
  C:\Windows\System\NbMjHsu.exe
  2⤵
  PID:6644
- C:\Windows\System\tMQcMRp.exe
  C:\Windows\System\tMQcMRp.exe
  2⤵
  PID:6660
- C:\Windows\System\FVwPbov.exe
  C:\Windows\System\FVwPbov.exe
  2⤵
  PID:6676
- C:\Windows\System\FyeXJoT.exe
  C:\Windows\System\FyeXJoT.exe
  2⤵
  PID:6692
- C:\Windows\System\yBiZoxz.exe
  C:\Windows\System\yBiZoxz.exe
  2⤵
  PID:6708
- C:\Windows\System\XIEJwGO.exe
  C:\Windows\System\XIEJwGO.exe
  2⤵
  PID:6724
- C:\Windows\System\XXZAFYv.exe
  C:\Windows\System\XXZAFYv.exe
  2⤵
  PID:6740
- C:\Windows\System\qOnAxzo.exe
  C:\Windows\System\qOnAxzo.exe
  2⤵
  PID:6756
- C:\Windows\System\zoXDNfP.exe
  C:\Windows\System\zoXDNfP.exe
  2⤵
  PID:6772
- C:\Windows\System\dpiElij.exe
  C:\Windows\System\dpiElij.exe
  2⤵
  PID:6788
- C:\Windows\System\twVWiSR.exe
  C:\Windows\System\twVWiSR.exe
  2⤵
  PID:6804
- C:\Windows\System\FgeYAYB.exe
  C:\Windows\System\FgeYAYB.exe
  2⤵
  PID:6820
- C:\Windows\System\HwqsIhK.exe
  C:\Windows\System\HwqsIhK.exe
  2⤵
  PID:6836
- C:\Windows\System\nLTsbTB.exe
  C:\Windows\System\nLTsbTB.exe
  2⤵
  PID:6852
- C:\Windows\System\cImmCoj.exe
  C:\Windows\System\cImmCoj.exe
  2⤵
  PID:6868
- C:\Windows\System\EVWdLEn.exe
  C:\Windows\System\EVWdLEn.exe
  2⤵
  PID:6884
- C:\Windows\System\nlxRKpd.exe
  C:\Windows\System\nlxRKpd.exe
  2⤵
  PID:6900
- C:\Windows\System\QormgsB.exe
  C:\Windows\System\QormgsB.exe
  2⤵
  PID:6916
- C:\Windows\System\fmeZppV.exe
  C:\Windows\System\fmeZppV.exe
  2⤵
  PID:6932
- C:\Windows\System\lYizRdX.exe
  C:\Windows\System\lYizRdX.exe
  2⤵
  PID:6948
- C:\Windows\System\zJtnqHg.exe
  C:\Windows\System\zJtnqHg.exe
  2⤵
  PID:6964
- C:\Windows\System\HrjqnzP.exe
  C:\Windows\System\HrjqnzP.exe
  2⤵
  PID:6980
- C:\Windows\System\QyqpJQv.exe
  C:\Windows\System\QyqpJQv.exe
  2⤵
  PID:6996
- C:\Windows\System\JuSsNwL.exe
  C:\Windows\System\JuSsNwL.exe
  2⤵
  PID:7012
- C:\Windows\System\bjxYbck.exe
  C:\Windows\System\bjxYbck.exe
  2⤵
  PID:7036
- C:\Windows\System\esxRQWU.exe
  C:\Windows\System\esxRQWU.exe
  2⤵
  PID:7052
- C:\Windows\System\vYZkifz.exe
  C:\Windows\System\vYZkifz.exe
  2⤵
  PID:7068
- C:\Windows\System\eKaQheg.exe
  C:\Windows\System\eKaQheg.exe
  2⤵
  PID:7084
- C:\Windows\System\MekNlKa.exe
  C:\Windows\System\MekNlKa.exe
  2⤵
  PID:7100
- C:\Windows\System\DwMtyOO.exe
  C:\Windows\System\DwMtyOO.exe
  2⤵
  PID:7116
- C:\Windows\System\sjziCKU.exe
  C:\Windows\System\sjziCKU.exe
  2⤵
  PID:7132
- C:\Windows\System\SomRoyG.exe
  C:\Windows\System\SomRoyG.exe
  2⤵
  PID:7148
- C:\Windows\System\xUpuivp.exe
  C:\Windows\System\xUpuivp.exe
  2⤵
  PID:7164
- C:\Windows\System\wxpAwyc.exe
  C:\Windows\System\wxpAwyc.exe
  2⤵
  PID:5616
- C:\Windows\System\KKXRlrL.exe
  C:\Windows\System\KKXRlrL.exe
  2⤵
  PID:5544
- C:\Windows\System\hjxRxyQ.exe
  C:\Windows\System\hjxRxyQ.exe
  2⤵
  PID:5640
- C:\Windows\System\tXBmIOu.exe
  C:\Windows\System\tXBmIOu.exe
  2⤵
  PID:5480
- C:\Windows\System\dzQXdSt.exe
  C:\Windows\System\dzQXdSt.exe
  2⤵
  PID:6004
- C:\Windows\System\OOxCFkA.exe
  C:\Windows\System\OOxCFkA.exe
  2⤵
  PID:6172
- C:\Windows\System\DqKrPqV.exe
  C:\Windows\System\DqKrPqV.exe
  2⤵
  PID:6160
- C:\Windows\System\vkXBfvV.exe
  C:\Windows\System\vkXBfvV.exe
  2⤵
  PID:6228
- C:\Windows\System\QsQfiGB.exe
  C:\Windows\System\QsQfiGB.exe
  2⤵
  PID:6208
- C:\Windows\System\OhFVARo.exe
  C:\Windows\System\OhFVARo.exe
  2⤵
  PID:6292
- C:\Windows\System\OzeyoCh.exe
  C:\Windows\System\OzeyoCh.exe
  2⤵
  PID:6356
- C:\Windows\System\jRKHnXF.exe
  C:\Windows\System\jRKHnXF.exe
  2⤵
  PID:6388
- C:\Windows\System\NskhOUO.exe
  C:\Windows\System\NskhOUO.exe
  2⤵
  PID:6456
- C:\Windows\System\xqwgKjt.exe
  C:\Windows\System\xqwgKjt.exe
  2⤵
  PID:6520
- C:\Windows\System\QyZxTom.exe
  C:\Windows\System\QyZxTom.exe
  2⤵
  PID:6244
- C:\Windows\System\ceKDghs.exe
  C:\Windows\System\ceKDghs.exe
  2⤵
  PID:6308
- C:\Windows\System\ubUodlE.exe
  C:\Windows\System\ubUodlE.exe
  2⤵
  PID:6372
- C:\Windows\System\XDvvZGr.exe
  C:\Windows\System\XDvvZGr.exe
  2⤵
  PID:6440
- C:\Windows\System\dhOnAll.exe
  C:\Windows\System\dhOnAll.exe
  2⤵
  PID:6536
- C:\Windows\System\iclsJXd.exe
  C:\Windows\System\iclsJXd.exe
  2⤵
  PID:1148
- C:\Windows\System\CpOTSoR.exe
  C:\Windows\System\CpOTSoR.exe
  2⤵
  PID:6624
- C:\Windows\System\cgXwgkd.exe
  C:\Windows\System\cgXwgkd.exe
  2⤵
  PID:6656
- C:\Windows\System\RzqOEsG.exe
  C:\Windows\System\RzqOEsG.exe
  2⤵
  PID:6688
- C:\Windows\System\gtwwpTK.exe
  C:\Windows\System\gtwwpTK.exe
  2⤵
  PID:6700
- C:\Windows\System\THKKhcY.exe
  C:\Windows\System\THKKhcY.exe
  2⤵
  PID:6736
- C:\Windows\System\OGaNUbr.exe
  C:\Windows\System\OGaNUbr.exe
  2⤵
  PID:6780
- C:\Windows\System\WhFZZlr.exe
  C:\Windows\System\WhFZZlr.exe
  2⤵
  PID:3384
- C:\Windows\System\qVvTsDz.exe
  C:\Windows\System\qVvTsDz.exe
  2⤵
  PID:6816
- C:\Windows\System\mjxNdCD.exe
  C:\Windows\System\mjxNdCD.exe
  2⤵
  PID:6832
- C:\Windows\System\OWUKFMg.exe
  C:\Windows\System\OWUKFMg.exe
  2⤵
  PID:6908
- C:\Windows\System\xfnnimL.exe
  C:\Windows\System\xfnnimL.exe
  2⤵
  PID:6912
- C:\Windows\System\TXZXXjw.exe
  C:\Windows\System\TXZXXjw.exe
  2⤵
  PID:6976
- C:\Windows\System\AGZtmXa.exe
  C:\Windows\System\AGZtmXa.exe
  2⤵
  PID:7048
- C:\Windows\System\PdnNBGq.exe
  C:\Windows\System\PdnNBGq.exe
  2⤵
  PID:7108
- C:\Windows\System\igykjUg.exe
  C:\Windows\System\igykjUg.exe
  2⤵
  PID:5748
- C:\Windows\System\jzSyoRY.exe
  C:\Windows\System\jzSyoRY.exe
  2⤵
  PID:6928
- C:\Windows\System\zWkpmKF.exe
  C:\Windows\System\zWkpmKF.exe
  2⤵
  PID:6992
- C:\Windows\System\cDHCNsh.exe
  C:\Windows\System\cDHCNsh.exe
  2⤵
  PID:7096
- C:\Windows\System\THoeQHf.exe
  C:\Windows\System\THoeQHf.exe
  2⤵
  PID:7160
- C:\Windows\System\YZVCjci.exe
  C:\Windows\System\YZVCjci.exe
  2⤵
  PID:5200
- C:\Windows\System\KrPhfJY.exe
  C:\Windows\System\KrPhfJY.exe
  2⤵
  PID:5888
- C:\Windows\System\IawcnIp.exe
  C:\Windows\System\IawcnIp.exe
  2⤵
  PID:6156
- C:\Windows\System\WjxmWrO.exe
  C:\Windows\System\WjxmWrO.exe
  2⤵
  PID:6420
- C:\Windows\System\ikzAgNk.exe
  C:\Windows\System\ikzAgNk.exe
  2⤵
  PID:6340
- C:\Windows\System\lgRiUrz.exe
  C:\Windows\System\lgRiUrz.exe
  2⤵
  PID:5180
- C:\Windows\System\KXbEFMA.exe
  C:\Windows\System\KXbEFMA.exe
  2⤵
  PID:6224
- C:\Windows\System\vTRSrti.exe
  C:\Windows\System\vTRSrti.exe
  2⤵
  PID:6508
- C:\Windows\System\JjsPLVp.exe
  C:\Windows\System\JjsPLVp.exe
  2⤵
  PID:6568
- C:\Windows\System\DRFbaTQ.exe
  C:\Windows\System\DRFbaTQ.exe
  2⤵
  PID:5724
- C:\Windows\System\WdrdtdL.exe
  C:\Windows\System\WdrdtdL.exe
  2⤵
  PID:6360
- C:\Windows\System\MkNmCmc.exe
  C:\Windows\System\MkNmCmc.exe
  2⤵
  PID:5764
- C:\Windows\System\jldeKAm.exe
  C:\Windows\System\jldeKAm.exe
  2⤵
  PID:6732
- C:\Windows\System\CxzvreX.exe
  C:\Windows\System\CxzvreX.exe
  2⤵
  PID:6828
- C:\Windows\System\FRBOcmh.exe
  C:\Windows\System\FRBOcmh.exe
  2⤵
  PID:6844
- C:\Windows\System\tlzLIHb.exe
  C:\Windows\System\tlzLIHb.exe
  2⤵
  PID:6892
- C:\Windows\System\YiooGhp.exe
  C:\Windows\System\YiooGhp.exe
  2⤵
  PID:7044
- C:\Windows\System\KwGpFqd.exe
  C:\Windows\System\KwGpFqd.exe
  2⤵
  PID:2796
- C:\Windows\System\wSsCyjs.exe
  C:\Windows\System\wSsCyjs.exe
  2⤵
  PID:7156
- C:\Windows\System\TUhuiit.exe
  C:\Windows\System\TUhuiit.exe
  2⤵
  PID:3372
- C:\Windows\System\tUwWArM.exe
  C:\Windows\System\tUwWArM.exe
  2⤵
  PID:6924
- C:\Windows\System\uEZmVTz.exe
  C:\Windows\System\uEZmVTz.exe
  2⤵
  PID:6344
- C:\Windows\System\etGThBX.exe
  C:\Windows\System\etGThBX.exe
  2⤵
  PID:6488
- C:\Windows\System\WwfcREL.exe
  C:\Windows\System\WwfcREL.exe
  2⤵
  PID:6668
- C:\Windows\System\KyMnXxG.exe
  C:\Windows\System\KyMnXxG.exe
  2⤵
  PID:1656
- C:\Windows\System\lTbfFSn.exe
  C:\Windows\System\lTbfFSn.exe
  2⤵
  PID:6552
- C:\Windows\System\cSdLyCv.exe
  C:\Windows\System\cSdLyCv.exe
  2⤵
  PID:6404
- C:\Windows\System\gGBYrwL.exe
  C:\Windows\System\gGBYrwL.exe
  2⤵
  PID:6812
- C:\Windows\System\CIYuheo.exe
  C:\Windows\System\CIYuheo.exe
  2⤵
  PID:2308
- C:\Windows\System\FPehbxy.exe
  C:\Windows\System\FPehbxy.exe
  2⤵
  PID:7008
- C:\Windows\System\oelQLIF.exe
  C:\Windows\System\oelQLIF.exe
  2⤵
  PID:7128
- C:\Windows\System\lYSmkKF.exe
  C:\Windows\System\lYSmkKF.exe
  2⤵
  PID:3356
- C:\Windows\System\qtpVwtV.exe
  C:\Windows\System\qtpVwtV.exe
  2⤵
  PID:6636
- C:\Windows\System\ZFcAdpB.exe
  C:\Windows\System\ZFcAdpB.exe
  2⤵
  PID:3328
- C:\Windows\System\HiXOZiG.exe
  C:\Windows\System\HiXOZiG.exe
  2⤵
  PID:7092
- C:\Windows\System\Apjcaly.exe
  C:\Windows\System\Apjcaly.exe
  2⤵
  PID:7112
- C:\Windows\System\grPImlR.exe
  C:\Windows\System\grPImlR.exe
  2⤵
  PID:2824
- C:\Windows\System\IlCvllI.exe
  C:\Windows\System\IlCvllI.exe
  2⤵
  PID:7180
- C:\Windows\System\FquiACQ.exe
  C:\Windows\System\FquiACQ.exe
  2⤵
  PID:7196
- C:\Windows\System\WiPgjcH.exe
  C:\Windows\System\WiPgjcH.exe
  2⤵
  PID:7212
- C:\Windows\System\OynwiXg.exe
  C:\Windows\System\OynwiXg.exe
  2⤵
  PID:7228
- C:\Windows\System\wpPWTPY.exe
  C:\Windows\System\wpPWTPY.exe
  2⤵
  PID:7244
- C:\Windows\System\nOIQczm.exe
  C:\Windows\System\nOIQczm.exe
  2⤵
  PID:7260
- C:\Windows\System\WJpUxrA.exe
  C:\Windows\System\WJpUxrA.exe
  2⤵
  PID:7280
- C:\Windows\System\SYRfyFM.exe
  C:\Windows\System\SYRfyFM.exe
  2⤵
  PID:7296
- C:\Windows\System\IhnWTJv.exe
  C:\Windows\System\IhnWTJv.exe
  2⤵
  PID:7312
- C:\Windows\System\hCIAdBD.exe
  C:\Windows\System\hCIAdBD.exe
  2⤵
  PID:7328
- C:\Windows\System\ixHyxMb.exe
  C:\Windows\System\ixHyxMb.exe
  2⤵
  PID:7344
- C:\Windows\System\yPDAqtr.exe
  C:\Windows\System\yPDAqtr.exe
  2⤵
  PID:7360
- C:\Windows\System\buWmAgq.exe
  C:\Windows\System\buWmAgq.exe
  2⤵
  PID:7376
- C:\Windows\System\SrXNgHy.exe
  C:\Windows\System\SrXNgHy.exe
  2⤵
  PID:7392
- C:\Windows\System\faXeANd.exe
  C:\Windows\System\faXeANd.exe
  2⤵
  PID:7408
- C:\Windows\System\lwMiWdv.exe
  C:\Windows\System\lwMiWdv.exe
  2⤵
  PID:7424
- C:\Windows\System\PTaKvJV.exe
  C:\Windows\System\PTaKvJV.exe
  2⤵
  PID:7440
- C:\Windows\System\zpjRzJV.exe
  C:\Windows\System\zpjRzJV.exe
  2⤵
  PID:7456
- C:\Windows\System\IxukXfW.exe
  C:\Windows\System\IxukXfW.exe
  2⤵
  PID:7472
- C:\Windows\System\LIXXwIc.exe
  C:\Windows\System\LIXXwIc.exe
  2⤵
  PID:7488
- C:\Windows\System\QajBGwS.exe
  C:\Windows\System\QajBGwS.exe
  2⤵
  PID:7504
- C:\Windows\System\DptDTvC.exe
  C:\Windows\System\DptDTvC.exe
  2⤵
  PID:7524
- C:\Windows\System\vsXMkQd.exe
  C:\Windows\System\vsXMkQd.exe
  2⤵
  PID:7540
- C:\Windows\System\hcHyXpR.exe
  C:\Windows\System\hcHyXpR.exe
  2⤵
  PID:7556
- C:\Windows\System\SQoGkPV.exe
  C:\Windows\System\SQoGkPV.exe
  2⤵
  PID:7572
- C:\Windows\System\eGHzzty.exe
  C:\Windows\System\eGHzzty.exe
  2⤵
  PID:7588
- C:\Windows\System\GxouDEg.exe
  C:\Windows\System\GxouDEg.exe
  2⤵
  PID:7604
- C:\Windows\System\QLfmKXG.exe
  C:\Windows\System\QLfmKXG.exe
  2⤵
  PID:7620
- C:\Windows\System\jfNKTwR.exe
  C:\Windows\System\jfNKTwR.exe
  2⤵
  PID:7636
- C:\Windows\System\IMgDANn.exe
  C:\Windows\System\IMgDANn.exe
  2⤵
  PID:7652
- C:\Windows\System\AppImSu.exe
  C:\Windows\System\AppImSu.exe
  2⤵
  PID:7668
- C:\Windows\System\tHFHDJG.exe
  C:\Windows\System\tHFHDJG.exe
  2⤵
  PID:7684
- C:\Windows\System\CRfUWhB.exe
  C:\Windows\System\CRfUWhB.exe
  2⤵
  PID:7700
- C:\Windows\System\owWgihg.exe
  C:\Windows\System\owWgihg.exe
  2⤵
  PID:7716
- C:\Windows\System\FZJcvga.exe
  C:\Windows\System\FZJcvga.exe
  2⤵
  PID:7732
- C:\Windows\System\SegKyqQ.exe
  C:\Windows\System\SegKyqQ.exe
  2⤵
  PID:7748
- C:\Windows\System\noZvITq.exe
  C:\Windows\System\noZvITq.exe
  2⤵
  PID:7764
- C:\Windows\System\gsMvCEG.exe
  C:\Windows\System\gsMvCEG.exe
  2⤵
  PID:7780
- C:\Windows\System\zxyoGmh.exe
  C:\Windows\System\zxyoGmh.exe
  2⤵
  PID:7796
- C:\Windows\System\YUjFQmN.exe
  C:\Windows\System\YUjFQmN.exe
  2⤵
  PID:7812
- C:\Windows\System\wrCQhqX.exe
  C:\Windows\System\wrCQhqX.exe
  2⤵
  PID:7828
- C:\Windows\System\aKReXbj.exe
  C:\Windows\System\aKReXbj.exe
  2⤵
  PID:7844
- C:\Windows\System\soYMrdK.exe
  C:\Windows\System\soYMrdK.exe
  2⤵
  PID:7860
- C:\Windows\System\HNqNhwO.exe
  C:\Windows\System\HNqNhwO.exe
  2⤵
  PID:7876
- C:\Windows\System\OKRoZab.exe
  C:\Windows\System\OKRoZab.exe
  2⤵
  PID:7892
- C:\Windows\System\TZLGKWO.exe
  C:\Windows\System\TZLGKWO.exe
  2⤵
  PID:7908
- C:\Windows\System\EcWaCuf.exe
  C:\Windows\System\EcWaCuf.exe
  2⤵
  PID:7924
- C:\Windows\System\SRSzdfx.exe
  C:\Windows\System\SRSzdfx.exe
  2⤵
  PID:7940
- C:\Windows\System\VNVIZvd.exe
  C:\Windows\System\VNVIZvd.exe
  2⤵
  PID:7956
- C:\Windows\System\wCSIHrx.exe
  C:\Windows\System\wCSIHrx.exe
  2⤵
  PID:7972
- C:\Windows\System\cUgMGvN.exe
  C:\Windows\System\cUgMGvN.exe
  2⤵
  PID:7988
- C:\Windows\System\NEAOwlR.exe
  C:\Windows\System\NEAOwlR.exe
  2⤵
  PID:8004
- C:\Windows\System\gQiohOV.exe
  C:\Windows\System\gQiohOV.exe
  2⤵
  PID:8020
- C:\Windows\System\imHaDco.exe
  C:\Windows\System\imHaDco.exe
  2⤵
  PID:8036
- C:\Windows\System\LzXJDHS.exe
  C:\Windows\System\LzXJDHS.exe
  2⤵
  PID:8068
- C:\Windows\System\YbUCBvJ.exe
  C:\Windows\System\YbUCBvJ.exe
  2⤵
  PID:8084
- C:\Windows\System\jDztNOB.exe
  C:\Windows\System\jDztNOB.exe
  2⤵
  PID:8100
- C:\Windows\System\uPcZLNa.exe
  C:\Windows\System\uPcZLNa.exe
  2⤵
  PID:8116
- C:\Windows\System\CWCWZJX.exe
  C:\Windows\System\CWCWZJX.exe
  2⤵
  PID:8136
- C:\Windows\System\XbPZJSa.exe
  C:\Windows\System\XbPZJSa.exe
  2⤵
  PID:8152
- C:\Windows\System\uIVMmYa.exe
  C:\Windows\System\uIVMmYa.exe
  2⤵
  PID:8168
- C:\Windows\System\TSoUqhr.exe
  C:\Windows\System\TSoUqhr.exe
  2⤵
  PID:8184
- C:\Windows\System\mOviMES.exe
  C:\Windows\System\mOviMES.exe
  2⤵
  PID:7028
- C:\Windows\System\tqaUwbk.exe
  C:\Windows\System\tqaUwbk.exe
  2⤵
  PID:6768
- C:\Windows\System\DOAWBcj.exe
  C:\Windows\System\DOAWBcj.exe
  2⤵
  PID:6196
- C:\Windows\System\yoKsoJO.exe
  C:\Windows\System\yoKsoJO.exe
  2⤵
  PID:7172
- C:\Windows\System\geMdrGu.exe
  C:\Windows\System\geMdrGu.exe
  2⤵
  PID:7236
- C:\Windows\System\OTpVNAd.exe
  C:\Windows\System\OTpVNAd.exe
  2⤵
  PID:7272
- C:\Windows\System\yNIAwAc.exe
  C:\Windows\System\yNIAwAc.exe
  2⤵
  PID:3404
- C:\Windows\System\yWYHXjn.exe
  C:\Windows\System\yWYHXjn.exe
  2⤵
  PID:7336
- C:\Windows\System\QsjDkxS.exe
  C:\Windows\System\QsjDkxS.exe
  2⤵
  PID:7220
- C:\Windows\System\vGVFVCl.exe
  C:\Windows\System\vGVFVCl.exe
  2⤵
  PID:7288
- C:\Windows\System\RNgywcf.exe
  C:\Windows\System\RNgywcf.exe
  2⤵
  PID:7356
- C:\Windows\System\zNLgNPh.exe
  C:\Windows\System\zNLgNPh.exe
  2⤵
  PID:7368
- C:\Windows\System\aEzcrei.exe
  C:\Windows\System\aEzcrei.exe
  2⤵
  PID:7404
- C:\Windows\System\HmRCElS.exe
  C:\Windows\System\HmRCElS.exe
  2⤵
  PID:7468
- C:\Windows\System\kYfURMH.exe
  C:\Windows\System\kYfURMH.exe
  2⤵
  PID:7512
- C:\Windows\System\ErUfFxb.exe
  C:\Windows\System\ErUfFxb.exe
  2⤵
  PID:7480
- C:\Windows\System\JdrqVpy.exe
  C:\Windows\System\JdrqVpy.exe
  2⤵
  PID:7520
- C:\Windows\System\NeyEngn.exe
  C:\Windows\System\NeyEngn.exe
  2⤵
  PID:7580
- C:\Windows\System\PIeUlCk.exe
  C:\Windows\System\PIeUlCk.exe
  2⤵
  PID:7564
- C:\Windows\System\rHUDlVN.exe
  C:\Windows\System\rHUDlVN.exe
  2⤵
  PID:7616
- C:\Windows\System\CnBDshU.exe
  C:\Windows\System\CnBDshU.exe
  2⤵
  PID:7568
- C:\Windows\System\pIUhOLZ.exe
  C:\Windows\System\pIUhOLZ.exe
  2⤵
  PID:7740
- C:\Windows\System\gDPNtqO.exe
  C:\Windows\System\gDPNtqO.exe
  2⤵
  PID:7596
- C:\Windows\System\uJaXjiI.exe
  C:\Windows\System\uJaXjiI.exe
  2⤵
  PID:7660
- C:\Windows\System\VOOMYAa.exe
  C:\Windows\System\VOOMYAa.exe
  2⤵
  PID:7724
- C:\Windows\System\LWKpAKS.exe
  C:\Windows\System\LWKpAKS.exe
  2⤵
  PID:7788
- C:\Windows\System\IOvdWPP.exe
  C:\Windows\System\IOvdWPP.exe
  2⤵
  PID:7964
- C:\Windows\System\hSAEJNP.exe
  C:\Windows\System\hSAEJNP.exe
  2⤵
  PID:8000
- C:\Windows\System\IXMqnEq.exe
  C:\Windows\System\IXMqnEq.exe
  2⤵
  PID:8044
- C:\Windows\System\aNobGBA.exe
  C:\Windows\System\aNobGBA.exe
  2⤵
  PID:2748
- C:\Windows\System\VNlVyrZ.exe
  C:\Windows\System\VNlVyrZ.exe
  2⤵
  PID:2744
- C:\Windows\System\UjODmvm.exe
  C:\Windows\System\UjODmvm.exe
  2⤵
  PID:7836
- C:\Windows\System\jtMRpBq.exe
  C:\Windows\System\jtMRpBq.exe
  2⤵
  PID:2852
- C:\Windows\System\hggQxeQ.exe
  C:\Windows\System\hggQxeQ.exe
  2⤵
  PID:8208
- C:\Windows\System\eHIEQeK.exe
  C:\Windows\System\eHIEQeK.exe
  2⤵
  PID:8224
- C:\Windows\System\vnCUyyU.exe
  C:\Windows\System\vnCUyyU.exe
  2⤵
  PID:8240
- C:\Windows\System\akcTURg.exe
  C:\Windows\System\akcTURg.exe
  2⤵
  PID:8256
- C:\Windows\System\RsWpNmY.exe
  C:\Windows\System\RsWpNmY.exe
  2⤵
  PID:8272
- C:\Windows\System\YRDHHTb.exe
  C:\Windows\System\YRDHHTb.exe
  2⤵
  PID:8288
- C:\Windows\System\sLRuzMM.exe
  C:\Windows\System\sLRuzMM.exe
  2⤵
  PID:8304
- C:\Windows\System\zdsNhGB.exe
  C:\Windows\System\zdsNhGB.exe
  2⤵
  PID:8320
- C:\Windows\System\JZjntjW.exe
  C:\Windows\System\JZjntjW.exe
  2⤵
  PID:8344
- C:\Windows\System\IRlDCAK.exe
  C:\Windows\System\IRlDCAK.exe
  2⤵
  PID:8404
- C:\Windows\System\UpPNQZZ.exe
  C:\Windows\System\UpPNQZZ.exe
  2⤵
  PID:8432
- C:\Windows\System\qzxCbQG.exe
  C:\Windows\System\qzxCbQG.exe
  2⤵
  PID:8448
- C:\Windows\System\lbYLFdK.exe
  C:\Windows\System\lbYLFdK.exe
  2⤵
  PID:8464
- C:\Windows\System\fHlOXWc.exe
  C:\Windows\System\fHlOXWc.exe
  2⤵
  PID:8500
- C:\Windows\System\JvyKkTe.exe
  C:\Windows\System\JvyKkTe.exe
  2⤵
  PID:8608
- C:\Windows\System\tmVWoqs.exe
  C:\Windows\System\tmVWoqs.exe
  2⤵
  PID:8728
- C:\Windows\System\MzNOdfX.exe
  C:\Windows\System\MzNOdfX.exe
  2⤵
  PID:8756
- C:\Windows\System\iRBzyJJ.exe
  C:\Windows\System\iRBzyJJ.exe
  2⤵
  PID:8772
- C:\Windows\System\AJMPESz.exe
  C:\Windows\System\AJMPESz.exe
  2⤵
  PID:8788
- C:\Windows\System\hQdBspW.exe
  C:\Windows\System\hQdBspW.exe
  2⤵
  PID:8804
- C:\Windows\System\jbqqSPd.exe
  C:\Windows\System\jbqqSPd.exe
  2⤵
  PID:8820
- C:\Windows\System\mjXBvKu.exe
  C:\Windows\System\mjXBvKu.exe
  2⤵
  PID:8840
- C:\Windows\System\qSErMka.exe
  C:\Windows\System\qSErMka.exe
  2⤵
  PID:8856
- C:\Windows\System\bCvCaFQ.exe
  C:\Windows\System\bCvCaFQ.exe
  2⤵
  PID:8872
- C:\Windows\System\qFywMvZ.exe
  C:\Windows\System\qFywMvZ.exe
  2⤵
  PID:8888
- C:\Windows\System\dfImEEe.exe
  C:\Windows\System\dfImEEe.exe
  2⤵
  PID:9032
- C:\Windows\System\xSUFVqH.exe
  C:\Windows\System\xSUFVqH.exe
  2⤵
  PID:9048
- C:\Windows\System\NYxbHSG.exe
  C:\Windows\System\NYxbHSG.exe
  2⤵
  PID:9068
- C:\Windows\System\qFcvPUg.exe
  C:\Windows\System\qFcvPUg.exe
  2⤵
  PID:9084
- C:\Windows\System\IRAreQl.exe
  C:\Windows\System\IRAreQl.exe
  2⤵
  PID:9100
- C:\Windows\System\ePwKBHp.exe
  C:\Windows\System\ePwKBHp.exe
  2⤵
  PID:9120
- C:\Windows\System\pNIuIPq.exe
  C:\Windows\System\pNIuIPq.exe
  2⤵
  PID:9136
- C:\Windows\System\TFnHVFQ.exe
  C:\Windows\System\TFnHVFQ.exe
  2⤵
  PID:9160
- C:\Windows\System\PcpqiuB.exe
  C:\Windows\System\PcpqiuB.exe
  2⤵
  PID:9176
- C:\Windows\System\XpPFAkU.exe
  C:\Windows\System\XpPFAkU.exe
  2⤵
  PID:9192
- C:\Windows\System\DSEOMrb.exe
  C:\Windows\System\DSEOMrb.exe
  2⤵
  PID:8160
- C:\Windows\System\czhvkzQ.exe
  C:\Windows\System\czhvkzQ.exe
  2⤵
  PID:6972
- C:\Windows\System\pAOwXmI.exe
  C:\Windows\System\pAOwXmI.exe
  2⤵
  PID:7208
- C:\Windows\System\QZhSaoF.exe
  C:\Windows\System\QZhSaoF.exe
  2⤵
  PID:7304
- C:\Windows\System\WxKSZEo.exe
  C:\Windows\System\WxKSZEo.exe
  2⤵
  PID:7192
- C:\Windows\System\heYWwEX.exe
  C:\Windows\System\heYWwEX.exe
  2⤵
  PID:7464
- C:\Windows\System\dZJjyeY.exe
  C:\Windows\System\dZJjyeY.exe
  2⤵
  PID:5584
- C:\Windows\System\xXYfPRP.exe
  C:\Windows\System\xXYfPRP.exe
  2⤵
  PID:7552
- C:\Windows\System\lXUqRiT.exe
  C:\Windows\System\lXUqRiT.exe
  2⤵
  PID:580
- C:\Windows\System\WVDRSPK.exe
  C:\Windows\System\WVDRSPK.exe
  2⤵
  PID:2288
- C:\Windows\System\dLCCYAg.exe
  C:\Windows\System\dLCCYAg.exe
  2⤵
  PID:7692
- C:\Windows\System\KEtWGlJ.exe
  C:\Windows\System\KEtWGlJ.exe
  2⤵
  PID:7696
- C:\Windows\System\vbgtUlv.exe
  C:\Windows\System\vbgtUlv.exe
  2⤵
  PID:7760
- C:\Windows\System\xhiFmuW.exe
  C:\Windows\System\xhiFmuW.exe
  2⤵
  PID:6600
- C:\Windows\System\JkGQwRp.exe
  C:\Windows\System\JkGQwRp.exe
  2⤵
  PID:8204
- C:\Windows\System\VzKYBGN.exe
  C:\Windows\System\VzKYBGN.exe
  2⤵
  PID:8268
- C:\Windows\System\ulkafiv.exe
  C:\Windows\System\ulkafiv.exe
  2⤵
  PID:8300
- C:\Windows\System\PBkzBUE.exe
  C:\Windows\System\PBkzBUE.exe
  2⤵
  PID:8108
- C:\Windows\System\erdnPUN.exe
  C:\Windows\System\erdnPUN.exe
  2⤵
  PID:8180
- C:\Windows\System\XKkAvfP.exe
  C:\Windows\System\XKkAvfP.exe
  2⤵
  PID:7824
- C:\Windows\System\vjqeqZm.exe
  C:\Windows\System\vjqeqZm.exe
  2⤵
  PID:8032
- C:\Windows\System\FjDDwna.exe
  C:\Windows\System\FjDDwna.exe
  2⤵
  PID:7852
- C:\Windows\System\NhloVlj.exe
  C:\Windows\System\NhloVlj.exe
  2⤵
  PID:7916
- C:\Windows\System\EYbjMqD.exe
  C:\Windows\System\EYbjMqD.exe
  2⤵
  PID:7936
- C:\Windows\System\dVTknyC.exe
  C:\Windows\System\dVTknyC.exe
  2⤵
  PID:1160
- C:\Windows\System\nLxJykT.exe
  C:\Windows\System\nLxJykT.exe
  2⤵
  PID:8028
- C:\Windows\System\MdLcDmM.exe
  C:\Windows\System\MdLcDmM.exe
  2⤵
  PID:8052
- C:\Windows\System\JupthMf.exe
  C:\Windows\System\JupthMf.exe
  2⤵
  PID:2304
- C:\Windows\System\CKPRSlO.exe
  C:\Windows\System\CKPRSlO.exe
  2⤵
  PID:8060
- C:\Windows\System\xftFFyh.exe
  C:\Windows\System\xftFFyh.exe
  2⤵
  PID:2104
- C:\Windows\System\UQZpXwU.exe
  C:\Windows\System\UQZpXwU.exe
  2⤵
  PID:8216
- C:\Windows\System\rVMqtPk.exe
  C:\Windows\System\rVMqtPk.exe
  2⤵
  PID:8280
- C:\Windows\System\ViajpQM.exe
  C:\Windows\System\ViajpQM.exe
  2⤵
  PID:8352
- C:\Windows\System\bHJGUzV.exe
  C:\Windows\System\bHJGUzV.exe
  2⤵
  PID:8368
- C:\Windows\System\Fxydizx.exe
  C:\Windows\System\Fxydizx.exe
  2⤵
  PID:8388
- C:\Windows\System\TfFHprK.exe
  C:\Windows\System\TfFHprK.exe
  2⤵
  PID:8440
- C:\Windows\System\sDQFGbN.exe
  C:\Windows\System\sDQFGbN.exe
  2⤵
  PID:8484
- C:\Windows\System\XIcoRZf.exe
  C:\Windows\System\XIcoRZf.exe
  2⤵
  PID:8480
- C:\Windows\System\TYIjdFO.exe
  C:\Windows\System\TYIjdFO.exe
  2⤵
  PID:8476
- C:\Windows\System\aeSQDqu.exe
  C:\Windows\System\aeSQDqu.exe
  2⤵
  PID:8456
- C:\Windows\System\OuNRgxn.exe
  C:\Windows\System\OuNRgxn.exe
  2⤵
  PID:8616
- C:\Windows\System\SmWHJkW.exe
  C:\Windows\System\SmWHJkW.exe
  2⤵
  PID:8520
- C:\Windows\System\pdLYkCY.exe
  C:\Windows\System\pdLYkCY.exe
  2⤵
  PID:8536
- C:\Windows\System\iWQktKz.exe
  C:\Windows\System\iWQktKz.exe
  2⤵
  PID:8560
- C:\Windows\System\QzNhxbU.exe
  C:\Windows\System\QzNhxbU.exe
  2⤵
  PID:8580
- C:\Windows\System\fUhlUQo.exe
  C:\Windows\System\fUhlUQo.exe
  2⤵
  PID:8600
- C:\Windows\System\NapzbBr.exe
  C:\Windows\System\NapzbBr.exe
  2⤵
  PID:8632
- C:\Windows\System\fKPpzRd.exe
  C:\Windows\System\fKPpzRd.exe
  2⤵
  PID:8652
- C:\Windows\System\xZVvTZM.exe
  C:\Windows\System\xZVvTZM.exe
  2⤵
  PID:8668
- C:\Windows\System\MuVQVDL.exe
  C:\Windows\System\MuVQVDL.exe
  2⤵
  PID:8684
- C:\Windows\System\CIZKZKs.exe
  C:\Windows\System\CIZKZKs.exe
  2⤵
  PID:8704
- C:\Windows\System\VvRomeP.exe
  C:\Windows\System\VvRomeP.exe
  2⤵
  PID:8412
- C:\Windows\System\kIsuQIO.exe
  C:\Windows\System\kIsuQIO.exe
  2⤵
  PID:8460
- C:\Windows\System\VguKxcx.exe
  C:\Windows\System\VguKxcx.exe
  2⤵
  PID:8780
- C:\Windows\System\ALAYrlV.exe
  C:\Windows\System\ALAYrlV.exe
  2⤵
  PID:8784
- C:\Windows\System\dwqMGOH.exe
  C:\Windows\System\dwqMGOH.exe
  2⤵
  PID:8848
- C:\Windows\System\PaktypL.exe
  C:\Windows\System\PaktypL.exe
  2⤵
  PID:8832
- C:\Windows\System\YrgVKdB.exe
  C:\Windows\System\YrgVKdB.exe
  2⤵
  PID:8864
- C:\Windows\System\TAYJZjJ.exe
  C:\Windows\System\TAYJZjJ.exe
  2⤵
  PID:8908
- C:\Windows\System\TrEOgax.exe
  C:\Windows\System\TrEOgax.exe
  2⤵
  PID:8920
- C:\Windows\System\xiSqXea.exe
  C:\Windows\System\xiSqXea.exe
  2⤵
  PID:304
- C:\Windows\System\qxdKAQr.exe
  C:\Windows\System\qxdKAQr.exe
  2⤵
  PID:8944
- C:\Windows\System\jlhYfZU.exe
  C:\Windows\System\jlhYfZU.exe
  2⤵
  PID:8960
- C:\Windows\System\pHeiOrp.exe
  C:\Windows\System\pHeiOrp.exe
  2⤵
  PID:8976
- C:\Windows\System\mXdtGph.exe
  C:\Windows\System\mXdtGph.exe
  2⤵
  PID:8992
- C:\Windows\System\GAqDkTU.exe
  C:\Windows\System\GAqDkTU.exe
  2⤵
  PID:9008
- C:\Windows\System\pIqUxVP.exe
  C:\Windows\System\pIqUxVP.exe
  2⤵
  PID:9016
- C:\Windows\System\sAtXPUx.exe
  C:\Windows\System\sAtXPUx.exe
  2⤵
  PID:9056
- C:\Windows\System\xUSLifG.exe
  C:\Windows\System\xUSLifG.exe
  2⤵
  PID:9092
- C:\Windows\System\fQgrASg.exe
  C:\Windows\System\fQgrASg.exe
  2⤵
  PID:9168
- C:\Windows\System\LJCRpxD.exe
  C:\Windows\System\LJCRpxD.exe
  2⤵
  PID:9116
- C:\Windows\System\EUOooKs.exe
  C:\Windows\System\EUOooKs.exe
  2⤵
  PID:9200
- C:\Windows\System\bDUtotp.exe
  C:\Windows\System\bDUtotp.exe
  2⤵
  PID:7204
- C:\Windows\System\Asptczg.exe
  C:\Windows\System\Asptczg.exe
  2⤵
  PID:9184
- C:\Windows\System\HlLrfIg.exe
  C:\Windows\System\HlLrfIg.exe
  2⤵
  PID:2940
- C:\Windows\System\uRVadDW.exe
  C:\Windows\System\uRVadDW.exe
  2⤵
  PID:3348
- C:\Windows\System\pGTQXib.exe
  C:\Windows\System\pGTQXib.exe
  2⤵
  PID:2988
- C:\Windows\System\qbDhoZB.exe
  C:\Windows\System\qbDhoZB.exe
  2⤵
  PID:2068
- C:\Windows\System\eVyBfKX.exe
  C:\Windows\System\eVyBfKX.exe
  2⤵
  PID:3376
- C:\Windows\System\TpCYjTY.exe
  C:\Windows\System\TpCYjTY.exe
  2⤵
  PID:2952
- C:\Windows\System\lcCbZlo.exe
  C:\Windows\System\lcCbZlo.exe
  2⤵
  PID:7548
- C:\Windows\System\yVUTcDp.exe
  C:\Windows\System\yVUTcDp.exe
  2⤵
  PID:7632
- C:\Windows\System\LRoZISl.exe
  C:\Windows\System\LRoZISl.exe
  2⤵
  PID:2712
- C:\Windows\System\zmcGvGg.exe
  C:\Windows\System\zmcGvGg.exe
  2⤵
  PID:8080
- C:\Windows\System\iNkLryd.exe
  C:\Windows\System\iNkLryd.exe
  2⤵
  PID:2476
- C:\Windows\System\ViWsXEO.exe
  C:\Windows\System\ViWsXEO.exe
  2⤵
  PID:7948
- C:\Windows\System\srAttFM.exe
  C:\Windows\System\srAttFM.exe
  2⤵
  PID:3324
- C:\Windows\System\oFAubjH.exe
  C:\Windows\System\oFAubjH.exe
  2⤵
  PID:8012
- C:\Windows\System\ELSKZCA.exe
  C:\Windows\System\ELSKZCA.exe
  2⤵
  PID:7996
- C:\Windows\System\eJlcvyN.exe
  C:\Windows\System\eJlcvyN.exe
  2⤵
  PID:2360
- C:\Windows\System\HLiOLWY.exe
  C:\Windows\System\HLiOLWY.exe
  2⤵
  PID:1616
- C:\Windows\System\aMXLoaq.exe
  C:\Windows\System\aMXLoaq.exe
  2⤵
  PID:8252
- C:\Windows\System\aapkGYl.exe
  C:\Windows\System\aapkGYl.exe
  2⤵
  PID:8312
- C:\Windows\System\iFkRjHR.exe
  C:\Windows\System\iFkRjHR.exe
  2⤵
  PID:8400
- C:\Windows\System\EiKLXBU.exe
  C:\Windows\System\EiKLXBU.exe
  2⤵
  PID:8492
- C:\Windows\System\ndUYKAH.exe
  C:\Windows\System\ndUYKAH.exe
  2⤵
  PID:8424
- C:\Windows\System\qcUQDCB.exe
  C:\Windows\System\qcUQDCB.exe
  2⤵
  PID:8588
- C:\Windows\System\sivVNvE.exe
  C:\Windows\System\sivVNvE.exe
  2⤵
  PID:8568
- C:\Windows\System\LzCyfzi.exe
  C:\Windows\System\LzCyfzi.exe
  2⤵
  PID:8680
- C:\Windows\System\ZOtcwfD.exe
  C:\Windows\System\ZOtcwfD.exe
  2⤵
  PID:8692
- C:\Windows\System\dbxNRLI.exe
  C:\Windows\System\dbxNRLI.exe
  2⤵
  PID:8624
- C:\Windows\System\pankDzE.exe
  C:\Windows\System\pankDzE.exe
  2⤵
  PID:8744
- C:\Windows\System\tuGzITI.exe
  C:\Windows\System\tuGzITI.exe
  2⤵
  PID:8828
- C:\Windows\System\hpzFykz.exe
  C:\Windows\System\hpzFykz.exe
  2⤵
  PID:8880
- C:\Windows\System\gRllaFm.exe
  C:\Windows\System\gRllaFm.exe
  2⤵
  PID:8940
- C:\Windows\System\ZlnDvNt.exe
  C:\Windows\System\ZlnDvNt.exe
  2⤵
  PID:8812
- C:\Windows\System\LqvBczU.exe
  C:\Windows\System\LqvBczU.exe
  2⤵
  PID:8952
- C:\Windows\System\hpWmInu.exe
  C:\Windows\System\hpWmInu.exe
  2⤵
  PID:9028
- C:\Windows\System\bpvrVfJ.exe
  C:\Windows\System\bpvrVfJ.exe
  2⤵
  PID:2016
- C:\Windows\System\avbPBMs.exe
  C:\Windows\System\avbPBMs.exe
  2⤵
  PID:6596
- C:\Windows\System\wSYcBzO.exe
  C:\Windows\System\wSYcBzO.exe
  2⤵
  PID:9040
- C:\Windows\System\opQjRAK.exe
  C:\Windows\System\opQjRAK.exe
  2⤵
  PID:2252
- C:\Windows\System\TpNfKbj.exe
  C:\Windows\System\TpNfKbj.exe
  2⤵
  PID:7064
- C:\Windows\System\HMTugJn.exe
  C:\Windows\System\HMTugJn.exe
  2⤵
  PID:9172
- C:\Windows\System\eTydIyk.exe
  C:\Windows\System\eTydIyk.exe
  2⤵
  PID:7256
- C:\Windows\System\KvGTlel.exe
  C:\Windows\System\KvGTlel.exe
  2⤵
  PID:7268
- C:\Windows\System\ZrrtIWT.exe
  C:\Windows\System\ZrrtIWT.exe
  2⤵
  PID:7772
- C:\Windows\System\YGbDpxp.exe
  C:\Windows\System\YGbDpxp.exe
  2⤵
  PID:3304
- C:\Windows\System\DMgTfpF.exe
  C:\Windows\System\DMgTfpF.exe
  2⤵
  PID:5032
- C:\Windows\System\hMByODT.exe
  C:\Windows\System\hMByODT.exe
  2⤵
  PID:8264
- C:\Windows\System\vNrkOCG.exe
  C:\Windows\System\vNrkOCG.exe
  2⤵
  PID:2572
- C:\Windows\System\FpcdpcX.exe
  C:\Windows\System\FpcdpcX.exe
  2⤵
  PID:8380
- C:\Windows\System\XJCreuM.exe
  C:\Windows\System\XJCreuM.exe
  2⤵
  PID:2172
- C:\Windows\System\HEkLTgG.exe
  C:\Windows\System\HEkLTgG.exe
  2⤵
  PID:7276
- C:\Windows\System\RxXxYep.exe
  C:\Windows\System\RxXxYep.exe
  2⤵
  PID:8148
- C:\Windows\System\NDkfarR.exe
  C:\Windows\System\NDkfarR.exe
  2⤵
  PID:2140
- C:\Windows\System\YTmiFTk.exe
  C:\Windows\System\YTmiFTk.exe
  2⤵
  PID:7984
- C:\Windows\System\koWVGum.exe
  C:\Windows\System\koWVGum.exe
  2⤵
  PID:8896
- C:\Windows\System\jLNgUOh.exe
  C:\Windows\System\jLNgUOh.exe
  2⤵
  PID:8364
- C:\Windows\System\xVhzVqW.exe
  C:\Windows\System\xVhzVqW.exe
  2⤵
  PID:6176
- C:\Windows\System\pTrvNju.exe
  C:\Windows\System\pTrvNju.exe
  2⤵
  PID:8576
- C:\Windows\System\XUcVQhG.exe
  C:\Windows\System\XUcVQhG.exe
  2⤵
  PID:8472
- C:\Windows\System\ENBsEVn.exe
  C:\Windows\System\ENBsEVn.exe
  2⤵
  PID:2196
- C:\Windows\System\ihBHocJ.exe
  C:\Windows\System\ihBHocJ.exe
  2⤵
  PID:8640
- C:\Windows\System\ECiRgvL.exe
  C:\Windows\System\ECiRgvL.exe
  2⤵
  PID:8676
- C:\Windows\System\jumVMQF.exe
  C:\Windows\System\jumVMQF.exe
  2⤵
  PID:8696
- C:\Windows\System\PmjaAVZ.exe
  C:\Windows\System\PmjaAVZ.exe
  2⤵
  PID:8700
- C:\Windows\System\sDiWYqv.exe
  C:\Windows\System\sDiWYqv.exe
  2⤵
  PID:8900
- C:\Windows\System\uIKYIZo.exe
  C:\Windows\System\uIKYIZo.exe
  2⤵
  PID:2664
- C:\Windows\System\QKZEfHj.exe
  C:\Windows\System\QKZEfHj.exe
  2⤵
  PID:9204
- C:\Windows\System\JsIlouU.exe
  C:\Windows\System\JsIlouU.exe
  2⤵
  PID:7252
- C:\Windows\System\wXGhZrz.exe
  C:\Windows\System\wXGhZrz.exe
  2⤵
  PID:3408
- C:\Windows\System\miFSnRz.exe
  C:\Windows\System\miFSnRz.exe
  2⤵
  PID:2636
- C:\Windows\System\KiUzEBD.exe
  C:\Windows\System\KiUzEBD.exe
  2⤵
  PID:2224
- C:\Windows\System\TaYdxSa.exe
  C:\Windows\System\TaYdxSa.exe
  2⤵
  PID:8076
- C:\Windows\System\dykMLtf.exe
  C:\Windows\System\dykMLtf.exe
  2⤵
  PID:1156
- C:\Windows\System\ieZajBb.exe
  C:\Windows\System\ieZajBb.exe
  2⤵
  PID:764
- C:\Windows\System\qPVNYzD.exe
  C:\Windows\System\qPVNYzD.exe
  2⤵
  PID:2772
- C:\Windows\System\GWIULCJ.exe
  C:\Windows\System\GWIULCJ.exe
  2⤵
  PID:8416
- C:\Windows\System\gOyNMJi.exe
  C:\Windows\System\gOyNMJi.exe
  2⤵
  PID:7820
- C:\Windows\System\dCeKujz.exe
  C:\Windows\System\dCeKujz.exe
  2⤵
  PID:8716
- C:\Windows\System\tgOgUwv.exe
  C:\Windows\System\tgOgUwv.exe
  2⤵
  PID:9080
- C:\Windows\System\peMyiEb.exe
  C:\Windows\System\peMyiEb.exe
  2⤵
  PID:8056
- C:\Windows\System\crZQQCj.exe
  C:\Windows\System\crZQQCj.exe
  2⤵
  PID:8956
- C:\Windows\System\frDrelL.exe
  C:\Windows\System\frDrelL.exe
  2⤵
  PID:6584
- C:\Windows\System\prAGETy.exe
  C:\Windows\System\prAGETy.exe
  2⤵
  PID:8532
- C:\Windows\System\KBYPdfE.exe
  C:\Windows\System\KBYPdfE.exe
  2⤵
  PID:2708
- C:\Windows\System\YYFQwci.exe
  C:\Windows\System\YYFQwci.exe
  2⤵
  PID:9232
- C:\Windows\System\bIaOrzd.exe
  C:\Windows\System\bIaOrzd.exe
  2⤵
  PID:9264
- C:\Windows\System\sSNheJC.exe
  C:\Windows\System\sSNheJC.exe
  2⤵
  PID:9312
- C:\Windows\System\nTGKOlE.exe
  C:\Windows\System\nTGKOlE.exe
  2⤵
  PID:9336
- C:\Windows\System\DZRcZNZ.exe
  C:\Windows\System\DZRcZNZ.exe
  2⤵
  PID:9356
- C:\Windows\System\qmNfbrT.exe
  C:\Windows\System\qmNfbrT.exe
  2⤵
  PID:9384
- C:\Windows\System\JCMGvCF.exe
  C:\Windows\System\JCMGvCF.exe
  2⤵
  PID:9400
- C:\Windows\System\PVkTrYH.exe
  C:\Windows\System\PVkTrYH.exe
  2⤵
  PID:9416
- C:\Windows\System\kNPjUVt.exe
  C:\Windows\System\kNPjUVt.exe
  2⤵
  PID:9444
- C:\Windows\System\tZcFvID.exe
  C:\Windows\System\tZcFvID.exe
  2⤵
  PID:9460
- C:\Windows\System\BueSiac.exe
  C:\Windows\System\BueSiac.exe
  2⤵
  PID:9480
- C:\Windows\System\yhMqESv.exe
  C:\Windows\System\yhMqESv.exe
  2⤵
  PID:9504
- C:\Windows\System\rQAFoRx.exe
  C:\Windows\System\rQAFoRx.exe
  2⤵
  PID:9528
- C:\Windows\System\OMowuDo.exe
  C:\Windows\System\OMowuDo.exe
  2⤵
  PID:9544
- C:\Windows\System\TQgWPyG.exe
  C:\Windows\System\TQgWPyG.exe
  2⤵
  PID:9560
- C:\Windows\System\OOvgngo.exe
  C:\Windows\System\OOvgngo.exe
  2⤵
  PID:9580
- C:\Windows\System\mIvXdhJ.exe
  C:\Windows\System\mIvXdhJ.exe
  2⤵
  PID:9596
- C:\Windows\System\BDQHnLG.exe
  C:\Windows\System\BDQHnLG.exe
  2⤵
  PID:9616
- C:\Windows\System\FnHodsr.exe
  C:\Windows\System\FnHodsr.exe
  2⤵
  PID:9636
- C:\Windows\System\AypjmXI.exe
  C:\Windows\System\AypjmXI.exe
  2⤵
  PID:9668
- C:\Windows\System\BPFGxqE.exe
  C:\Windows\System\BPFGxqE.exe
  2⤵
  PID:9688
- C:\Windows\System\nAvjfel.exe
  C:\Windows\System\nAvjfel.exe
  2⤵
  PID:9704
- C:\Windows\System\SgOakZk.exe
  C:\Windows\System\SgOakZk.exe
  2⤵
  PID:9720
- C:\Windows\System\flzgDJZ.exe
  C:\Windows\System\flzgDJZ.exe
  2⤵
  PID:9744
- C:\Windows\System\RGevHqx.exe
  C:\Windows\System\RGevHqx.exe
  2⤵
  PID:9764
- C:\Windows\System\EokjAev.exe
  C:\Windows\System\EokjAev.exe
  2⤵
  PID:9780
- C:\Windows\System\exSLxoW.exe
  C:\Windows\System\exSLxoW.exe
  2⤵
  PID:9804
- C:\Windows\System\CbFpCxm.exe
  C:\Windows\System\CbFpCxm.exe
  2⤵
  PID:9836
- C:\Windows\System\FrUWNpO.exe
  C:\Windows\System\FrUWNpO.exe
  2⤵
  PID:9856
- C:\Windows\System\LoyrCCj.exe
  C:\Windows\System\LoyrCCj.exe
  2⤵
  PID:9872
- C:\Windows\System\xxsxfct.exe
  C:\Windows\System\xxsxfct.exe
  2⤵
  PID:9892
- C:\Windows\System\eyBOwlc.exe
  C:\Windows\System\eyBOwlc.exe
  2⤵
  PID:9916
- C:\Windows\System\OjygnlD.exe
  C:\Windows\System\OjygnlD.exe
  2⤵
  PID:9932
- C:\Windows\System\NlKaora.exe
  C:\Windows\System\NlKaora.exe
  2⤵
  PID:9948
- C:\Windows\System\HbIAxpz.exe
  C:\Windows\System\HbIAxpz.exe
  2⤵
  PID:9964
- C:\Windows\System\iEkFzYr.exe
  C:\Windows\System\iEkFzYr.exe
  2⤵
  PID:9980
- C:\Windows\System\wyZFSLh.exe
  C:\Windows\System\wyZFSLh.exe
  2⤵
  PID:9996
- C:\Windows\System\qgWqsBE.exe
  C:\Windows\System\qgWqsBE.exe
  2⤵
  PID:10012
- C:\Windows\System\pITUdZV.exe
  C:\Windows\System\pITUdZV.exe
  2⤵
  PID:10032
- C:\Windows\System\kMAIycM.exe
  C:\Windows\System\kMAIycM.exe
  2⤵
  PID:10048
- C:\Windows\System\BflZmmR.exe
  C:\Windows\System\BflZmmR.exe
  2⤵
  PID:10088
- C:\Windows\System\QmdFkrO.exe
  C:\Windows\System\QmdFkrO.exe
  2⤵
  PID:10112
- C:\Windows\System\LWrKSeR.exe
  C:\Windows\System\LWrKSeR.exe
  2⤵
  PID:10132
- C:\Windows\System\NFDkYQn.exe
  C:\Windows\System\NFDkYQn.exe
  2⤵
  PID:10148
- C:\Windows\System\sCLYUKA.exe
  C:\Windows\System\sCLYUKA.exe
  2⤵
  PID:10164
- C:\Windows\System\dOufTBk.exe
  C:\Windows\System\dOufTBk.exe
  2⤵
  PID:10180
- C:\Windows\System\ZzMCnlD.exe
  C:\Windows\System\ZzMCnlD.exe
  2⤵
  PID:10200
- C:\Windows\System\kvKWbjH.exe
  C:\Windows\System\kvKWbjH.exe
  2⤵
  PID:10224
- C:\Windows\System\ytvvMix.exe
  C:\Windows\System\ytvvMix.exe
  2⤵
  PID:7900
- C:\Windows\System\cjsNgGw.exe
  C:\Windows\System\cjsNgGw.exe
  2⤵
  PID:1648
- C:\Windows\System\RkwpEqd.exe
  C:\Windows\System\RkwpEqd.exe
  2⤵
  PID:9188
- C:\Windows\System\jVNARNm.exe
  C:\Windows\System\jVNARNm.exe
  2⤵
  PID:9212
- C:\Windows\System\uHYSQor.exe
  C:\Windows\System\uHYSQor.exe
  2⤵
  PID:9128
- C:\Windows\System\lYoecnu.exe
  C:\Windows\System\lYoecnu.exe
  2⤵
  PID:9224
- C:\Windows\System\vsZaCfk.exe
  C:\Windows\System\vsZaCfk.exe
  2⤵
  PID:9284
- C:\Windows\System\aRhMdvL.exe
  C:\Windows\System\aRhMdvL.exe
  2⤵
  PID:9280
- C:\Windows\System\dlDMUWh.exe
  C:\Windows\System\dlDMUWh.exe
  2⤵
  PID:9364
- C:\Windows\System\OUzlfsT.exe
  C:\Windows\System\OUzlfsT.exe
  2⤵
  PID:9396
- C:\Windows\System\yZGxEFi.exe
  C:\Windows\System\yZGxEFi.exe
  2⤵
  PID:9468
- C:\Windows\System\CYuflAk.exe
  C:\Windows\System\CYuflAk.exe
  2⤵
  PID:9456
- C:\Windows\System\BtlOuQc.exe
  C:\Windows\System\BtlOuQc.exe
  2⤵
  PID:9496
- C:\Windows\System\bpOPfpF.exe
  C:\Windows\System\bpOPfpF.exe
  2⤵
  PID:9520
- C:\Windows\System\femDxyQ.exe
  C:\Windows\System\femDxyQ.exe
  2⤵
  PID:9604
- C:\Windows\System\bBpMCHr.exe
  C:\Windows\System\bBpMCHr.exe
  2⤵
  PID:9552
- C:\Windows\System\uRniAkq.exe
  C:\Windows\System\uRniAkq.exe
  2⤵
  PID:9632
- C:\Windows\System\FOiKQIw.exe
  C:\Windows\System\FOiKQIw.exe
  2⤵
  PID:9648
- C:\Windows\System\GSsdoKZ.exe
  C:\Windows\System\GSsdoKZ.exe
  2⤵
  PID:9760
- C:\Windows\System\mCbqJvw.exe
  C:\Windows\System\mCbqJvw.exe
  2⤵
  PID:9728
- C:\Windows\System\xgucrNb.exe
  C:\Windows\System\xgucrNb.exe
  2⤵
  PID:9772
- C:\Windows\System\BQBvFQz.exe
  C:\Windows\System\BQBvFQz.exe
  2⤵
  PID:9816
- C:\Windows\System\kCzGXXF.exe
  C:\Windows\System\kCzGXXF.exe
  2⤵
  PID:9824
- C:\Windows\System\lNZIwJu.exe
  C:\Windows\System\lNZIwJu.exe
  2⤵
  PID:9880
- C:\Windows\System\cWtlTjx.exe
  C:\Windows\System\cWtlTjx.exe
  2⤵
  PID:9904
- C:\Windows\System\YXxcXnM.exe
  C:\Windows\System\YXxcXnM.exe
  2⤵
  PID:9972
- C:\Windows\System\ZauFCEc.exe
  C:\Windows\System\ZauFCEc.exe
  2⤵
  PID:9956
- C:\Windows\System\ScXIWqR.exe
  C:\Windows\System\ScXIWqR.exe
  2⤵
  PID:10004
- C:\Windows\System\LQxLLOT.exe
  C:\Windows\System\LQxLLOT.exe
  2⤵
  PID:10100
- C:\Windows\System\ytLfrUg.exe
  C:\Windows\System\ytLfrUg.exe
  2⤵
  PID:10068
- C:\Windows\System\HvZfnct.exe
  C:\Windows\System\HvZfnct.exe
  2⤵
  PID:10176
- C:\Windows\System\nlAosok.exe
  C:\Windows\System\nlAosok.exe
  2⤵
  PID:10124
- C:\Windows\System\bPZrcqQ.exe
  C:\Windows\System\bPZrcqQ.exe
  2⤵
  PID:10080
- C:\Windows\System\IoyySqN.exe
  C:\Windows\System\IoyySqN.exe
  2⤵
  PID:8596
- C:\Windows\System\LWPngLn.exe
  C:\Windows\System\LWPngLn.exe
  2⤵
  PID:9244
- C:\Windows\System\QTQZaNL.exe
  C:\Windows\System\QTQZaNL.exe
  2⤵
  PID:10156
- C:\Windows\System\pmKCdcT.exe
  C:\Windows\System\pmKCdcT.exe
  2⤵
  PID:988
- C:\Windows\System\cUPdcfF.exe
  C:\Windows\System\cUPdcfF.exe
  2⤵
  PID:9308
- C:\Windows\System\UdqnwZh.exe
  C:\Windows\System\UdqnwZh.exe
  2⤵
  PID:8096
- C:\Windows\System\qxtBFIl.exe
  C:\Windows\System\qxtBFIl.exe
  2⤵
  PID:1660
- C:\Windows\System\tkOeQLQ.exe
  C:\Windows\System\tkOeQLQ.exe
  2⤵
  PID:9108
- C:\Windows\System\jBLVKxK.exe
  C:\Windows\System\jBLVKxK.exe
  2⤵
  PID:9276
- C:\Windows\System\UtRwiZp.exe
  C:\Windows\System\UtRwiZp.exe
  2⤵
  PID:9624
- C:\Windows\System\AZXGPaH.exe
  C:\Windows\System\AZXGPaH.exe
  2⤵
  PID:9344
- C:\Windows\System\jpAgRoc.exe
  C:\Windows\System\jpAgRoc.exe
  2⤵
  PID:9440
- C:\Windows\System\jyTXhqh.exe
  C:\Windows\System\jyTXhqh.exe
  2⤵
  PID:9864
- C:\Windows\System\Oafosii.exe
  C:\Windows\System\Oafosii.exe
  2⤵
  PID:9716
- C:\Windows\System\LpkHnNO.exe
  C:\Windows\System\LpkHnNO.exe
  2⤵
  PID:10056
- C:\Windows\System\OqMMSIx.exe
  C:\Windows\System\OqMMSIx.exe
  2⤵
  PID:9652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DvjldbY.exe

Filesize
6.0MB

MD5
aab90a6888b31370d89716f64c876a10

SHA1
e0a1b19dfec037d162f9c7b5e9f0b1cd1c59691e

SHA256
1f21400dcbc6be8060e2c7e6442ec30ea75bdc7107d101d1c200482c85476d5b

SHA512
f0ee82e1924a2ccf2458f74b8c46aa81a9d94fcea967c8a20bdfbd24e551427ee49b7ca20771c53bf8bc7d75ee2b13715a588217f3b9415178b38484fac054e6

Download Submit
C:\Windows\system\ELLXNwW.exe

Filesize
6.0MB

MD5
3465c55631fb5d1ff39ab884fa736c01

SHA1
3e8353eb49a3a8d36d49defea9ed07ceeb7f484f

SHA256
dc69d92803c8b5a1ff7602ae322305756500504839b3b6dc3ef6492fd690adef

SHA512
ac7e99b68a0232ec2cb1f9d92e1113d2f775a9453b6954ea2258e5f42fb39f0a5258674061a79339edd4fff11242c5ca9080e783e2f389124f67d30b19c33496

Download Submit
C:\Windows\system\HiIEhhd.exe

Filesize
6.0MB

MD5
e2573f13578ed48d41bb731ca21a722e

SHA1
7ec0fcb6890c5c676c76a574d65db83d35d27f59

SHA256
cd555ff84221c211cf4b15654a49f188fc69cf9ea9ddef0df1de15937a1321d9

SHA512
b34bfef8d3d6e47fb47fd72db17f2844d939b84954cf987c5f9b060a180330fdd938ce4736a2deb40bcf38fd5f925153d08d001e7fef375a7a2a18f814e17f08

Download Submit
C:\Windows\system\IjBzbjF.exe

Filesize
6.0MB

MD5
9f815311910e6698df1f3bbc148a1b79

SHA1
127899f473c8378d606edb956b3a1e976c3a43f9

SHA256
445ffcddaf1c3fe0d11ff91d07bdd5365ee92b3f8b2f62373681fb6ebb79cf38

SHA512
d5943481cf17c597ac1dbd96f663a3fbe7983e0aa50ec21eaf7a60cee6fb0dd13762ff52b811d7f717e55a33016a821d5e3ac03ce0375916d039b06b398deab9

Download Submit
C:\Windows\system\LJTLeOb.exe

Filesize
6.0MB

MD5
36145bdffd1bb97d5084191e05bf6245

SHA1
7d52b79dc07eda935a18a644feffe9d0b80289b7

SHA256
8b2a174b7c1dcba8c253303838144fb7803ae4755cbd8f767439caad3ec1ce4d

SHA512
ae16da9e1108a5e95eed8bd58114316c9093c9bc3c93929c52daef1e25421746dbb8481fa15c8a56c4e3b55e91d2d613e54031cab4e9332e3e5e8e032e9d319e

Download Submit
C:\Windows\system\LiOArKL.exe

Filesize
6.0MB

MD5
7a7b5dc051cc788db4f72de03f89ab43

SHA1
efe8f308e487c6b271dd710c2818197e64e00a02

SHA256
e7a83e4c8f4b0f033eec7ea1cd00f1eac41dcb1fb784ec2aba3e29db61a6c38b

SHA512
f8d0f1f2dca39bb082b7d1325d81f441d88bc5c4b655191f569722a4cb2ddb3993e8bced2ae75afe4cbf382ca86a23b27781ca50ea7ec68ce3ef222ee6dff832

Download Submit
C:\Windows\system\NbnTLOV.exe

Filesize
6.0MB

MD5
096a5fa146a9c0e282e264f2b4a53f25

SHA1
918c84609482842973a187fd34577f1cefab1283

SHA256
b788c898cf112b826670792528c89b3aed75d9d1d25519c7ad77dd8c48cee30f

SHA512
6cdce5c88ce3fdb7724127537dbfcbfc2c086df5d8109404d8287b5341b167c344dba1e3c4a8911bcded9a1d5dc5f731798775b37c7f466e73557741c1d32a42

Download Submit
C:\Windows\system\RktjOcn.exe

Filesize
6.0MB

MD5
6a27cb901b01f5da4e6fbc06f81c2f58

SHA1
897ef613588cdf6be2e8df31dcbed9beeee827ba

SHA256
0b8f1e5e67d68529af508bd6a8437992ffcf4c8e8b922db7b742ab8e4f512801

SHA512
b3665b7b959a04bb7fe3d010e929636779588a0163a60e4fbee397ae162cbae3cd0a897e367e7750272c1c0f8a0061228219b94d210b5cffbccf480c800201aa

Download Submit
C:\Windows\system\UkAwZpg.exe

Filesize
6.0MB

MD5
9368afa3d433e4a655a0da3632dd5081

SHA1
082b4026e4cb1ed20ab2ea69f4c0c5b27d5d5cde

SHA256
79cc42b784049d4550502aba83ac8f26ec42ef9cb75db1fbe331ecd5e376ed0e

SHA512
f8725932f8ac4356cc79a8d930ef3e4b419287b90c8ae5a823b5aa979162d71f26e9a5e48186d38ebb451a484d1c0c35c097c2bcd1301799e7b444ab3474c234

Download Submit
C:\Windows\system\WscNCMP.exe

Filesize
6.0MB

MD5
e1381d6c1b5af2576e594482b9f4cf00

SHA1
822476e3fb4307dcdd8b39a81057ecb726fcba44

SHA256
6276114d39834ad506e0182f097767e8f1378e2a750221cae63b518b545ff672

SHA512
1f8f7e3129681c1f30734a2e511ca8687961caab27fcfd6709d8160332e07c80cc39e055e7788c469124e64c4c6aad57f92d9369adb6c4832bb5592e552b2ba7

Download Submit
C:\Windows\system\XnjHfpj.exe

Filesize
6.0MB

MD5
93d85088953077b45abcecf08f180aa9

SHA1
9e5ae699a78825c37cf0a8f563be81c816b1a41d

SHA256
70c0819d9a12886c541fa5210bf80e6ee27b831bf025eb934fae9b59baa6cc0b

SHA512
5869e271819a7f8bb9f6c722cb1e98202a28a222d6501dfe5a86f1b3374de558aee32c909c34b101f3c8d18b00df0ce6530b32e7bb1a8649abdcf9f17d75227b

Download Submit
C:\Windows\system\ZfkNZWI.exe

Filesize
6.0MB

MD5
8302d1b41d871ed1836b95ee260f976f

SHA1
dd6275e7b00fcb2ab7d58332d876f6ffcc2ca05b

SHA256
1b13926d1afc963c0191517b282d64a2d73af80afc9cbce193c5ed5b048e9314

SHA512
1b5fba8f02c12aad7f6da5ad8561bc3ba947aa825facae940bc7e83d670ca481259d615058e287f83a587b9b990352d6b2cb85a26683fc3793521812e3f0e267

Download Submit
C:\Windows\system\bABzuSh.exe

Filesize
6.0MB

MD5
3adcb3091b70f4fdf379c57d1bacfdb6

SHA1
556ce466128119808f8b4dc6c5b6bc01bdccaf7a

SHA256
bcc3b1b57c5862fabd15212dad379c4debef82499c00c7b58d141f49ec503d4c

SHA512
01599f934fb62e4fcc20bf75a924cd7bb93740cfe5ff038739dcdb328845a345e887e80b09893ea9b0e4f1b0efe129a40384190e9fb1d7e51da5d645311cee71

Download Submit
C:\Windows\system\cAKBSdC.exe

Filesize
6.0MB

MD5
a94aa14925cb7b7371eaaa6ae6c6405c

SHA1
b2a43e0ffb43f678bfd3c5bd1e156f87e725356c

SHA256
4a1833994f349e0dba206b657fadb88dccbf394a0d0d0bc22699ad184cbb4068

SHA512
80912757e29b350514493aa4977eb6ff37e0e5d93568831c18f53ca818877b4967437383e6ac6ca2fef9bc89d0b0290fa07709e69e1c2b43737645d006b98fbe

Download Submit
C:\Windows\system\cQLLzfX.exe

Filesize
6.0MB

MD5
b75daeaf2a9a0c18f557d8f1d994b21c

SHA1
074b113c9b688a0788fbf8e0f9689aa7efbde1c3

SHA256
51a95749be476a0b2f33248767f4f95ca49b7bba0b2010a62c4364309f92020c

SHA512
3ce05fd79d1cdf362e76621c91d2eca32ab7099c36bb120407102826b057361a68e79199d57c21690c2606ceeea152b485e16575654f56e5f24fbc7eeba21126

Download Submit
C:\Windows\system\gvZpufq.exe

Filesize
6.0MB

MD5
a0f4123a7248f0b263415f6d5b0cf458

SHA1
9c0403058cf852bc0a414fb5fd4cf000b8269da1

SHA256
069e1d60c07a914cde807eea7f9cb206c6ec05ad020b4c42915d8462802f21e8

SHA512
38861048f33c4baece898adb2603a9f4c1215174ad9d3379fbd9207bf65dead7a989b91702ae52ab3149387ac63be49a3d700387f3e47384d6fe51eca788e7a5

Download Submit
C:\Windows\system\huOFSdr.exe

Filesize
6.0MB

MD5
80fb0f392298dba3d9a7222997a2c70d

SHA1
be31788304528b46146b643421f7fbd6de96e640

SHA256
49f61b0740db469aa21d39cf19afea217e96befde0f2a721a96940f50ba291aa

SHA512
ae765ac9a0d5032f6372d8caf377aa049cf633c7bf62e08ffa424fe526db0df1e57c00bd2d8b477d0ef047066185051cf5d1d220ca1a14b73a27a9be36f5ebdb

Download Submit
C:\Windows\system\imjqRBq.exe

Filesize
6.0MB

MD5
a18bdd6d98c62e83e910e5c6a56069a7

SHA1
117d058ddd0687b7d84f8898eeb219400e04a5b1

SHA256
270a251fb93ab1a7e561484d10ad539f70e9d1323d6a7d17f6640722ac014f83

SHA512
632e54a1e507023a4043cab25c5404fef6b2b6c3e24666e7068d3cfa3444c9b8ee81e7ba8e60b42c8387e8ea62c88d371bd9b9cdabe69b61fdd9555cff8d7726

Download Submit
C:\Windows\system\lAsdMfj.exe

Filesize
6.0MB

MD5
9c5a80618b5d6569c7a28d33a615cf6d

SHA1
68fc9641866cf95701e50e146b80e4a90c5f3a38

SHA256
db5fc3c9e2c5d7e920fd15c69ecafc79af805096c4f1b17006f981a7234b9300

SHA512
632b6e15090fe8a4cc96a0d8f0c73d2972d99ca09cd7f88279724bed7f0b22645c84311aea713fa27251f25ae3ec0d0eda449d38359293e47b01da43e8f65755

Download Submit
C:\Windows\system\lffsirW.exe

Filesize
6.0MB

MD5
fbb3e0d63dc398db5fe3028b8142a4a6

SHA1
d9fa2622fe5975e8421b992ccbf966895f517745

SHA256
12aacffaf6c7b7117d17f40521f57960fd3532e92b74d3426e7cd5363590cb16

SHA512
9ff708281861502b3e5cee09f453573f9739e1deb12d7b2a431d38588a00039bf587020d7f6ff1e027efb750669df2e25c28e408cbb71a2c37498d0c9d4ecae6

Download Submit
C:\Windows\system\oFQwKfd.exe

Filesize
6.0MB

MD5
ecfe36a221d799f5f13be10551e0c514

SHA1
4497e58b9026ba144f2eb7b33238ddb8969c6143

SHA256
3068e3de9ebeb3fa513f049ee588e56fbabb0eb228ec2dc97ee2a94306c6703b

SHA512
915d31c5b1a69296e7546e680569d45767e3952fc0aaf971ca9cc3479c0f12b3d77313706a808fef57da74ead9389b4adf6b0a02b15737c04912c801dbfb3bbc

Download Submit
C:\Windows\system\shsWUzz.exe

Filesize
6.0MB

MD5
01b809382df997c9b95821b25321d51f

SHA1
07a75b0b6672a3a6ddaced781edf07f03f78abfa

SHA256
b7d8bb554665e5209774d6c6f4744574e8edda45008d44dc288324e21d8cfe64

SHA512
a1ce6106029110589f2056c6f9ada07a4e05dc9897159c5577ba9598e28a46c067852894f3feadac0510fabbf0c3ae588d27b4be5ae06f92fa06966520dba75d

Download Submit
C:\Windows\system\siPUykV.exe

Filesize
6.0MB

MD5
e23f0a73a64e99b71d9dec7b6cd7d7da

SHA1
01ea610d66ad9a39f9eddbcdf0b3dba34f9ba667

SHA256
264af86241cc932b586b55f54e41789b9dcac4994fb7902efc67c5f3ab11cdfe

SHA512
e9a0bd23de993a8a170d1fb9ac6115edfcb53b60c2945c8c71b45728ad8ed6f1130df59c0be2a95a76a20c2cb09cd80191054458bdb5555e3154ca6e01d1dabd

Download Submit
C:\Windows\system\wJfuesZ.exe

Filesize
6.0MB

MD5
ce0fb684a97f7869199b769d2b0f745b

SHA1
fa10936bf11063bf783cf4d797731e82741554a4

SHA256
d62b0aae9f419e60a6ff8836aeec2880f17c3437668fc200ca1839259fe0a63a

SHA512
9f390b4085b9c937c9e587dd99b4e382ba1d006ecc36da7e22f4a84cbe7c3cb219d5f9a39994d045585f242ab9fefda99c61c83144925ce305463800c2993997

Download Submit
C:\Windows\system\xiEtVuC.exe

Filesize
6.0MB

MD5
11ab4f679cbf6e2052f36b627e73893d

SHA1
f3c5c721581ad9e69e8124b6e30e64976bacbe3b

SHA256
2dbc409fe53488e88fae94d2ca7bc8d3b16a5430dd03bf8cf9866b89e4e8c8b3

SHA512
fd07890348004af0d2998fc93aead626b1267385f0536bf5837701df0ea9ed8cc19fb25a23b325c8c50269589723d1220fc3ebb6c35610ee30ea1a08b393f142

Download Submit
C:\Windows\system\xunHLZE.exe

Filesize
6.0MB

MD5
c04e37103353b4a4777d902c0be33f5c

SHA1
b599a98faf810a4c07d8c135c4200a33ee2ebb1d

SHA256
2d4587aa3b4094b2e7aeab3c1e550bea343c5c888af1dd453304b55e2ddc9796

SHA512
ef1b12575ae60b03dec645d21690638d0efaac3ec2398851b21ae97d8789da8605129f430a981c01b957a7d1911ce488d6574ae8cddea02d6936b2076fb4f734

Download Submit
\Windows\system\FwtDbRl.exe

Filesize
6.0MB

MD5
67f2cf82df147fc16a63d1d7427a71bd

SHA1
daee604df65b3b72fdfba7e98497023039abe2e2

SHA256
c6b1ec122227283dc0cc4ec6197c75f043173d75094e9f4314e12273198b8d9f

SHA512
a4ef41b669bd80c9c1a4b6b46c48db614c609e759acfddf0637043af6afdf54ed2b2b8bfbe4182d140524a7398edeb28d8f4d72761275a0f3007eccf59be7cf9

Download Submit
\Windows\system\JopPKyt.exe

Filesize
6.0MB

MD5
659b07b4e253c990fd81d1f800a9af78

SHA1
e273c840749fc779345a1658add5aecf6365742b

SHA256
77694ac4647bf3850614be54feb113159188f074a4bd5c8b86066e0551d7260a

SHA512
2de5f5189913cac4c62c1d0f87883b5dda58f63df975ede376d0499115e7743971202f198c85b6c42c90c6397a9622f61fb4fd525d19e0b2a89817970ef5bf1e

Download Submit
\Windows\system\OvGBqjY.exe

Filesize
6.0MB

MD5
7560bde00bf62efc78f864d52a815674

SHA1
c8bd41e84ba0f59586bcdaed52c213b66dcb784f

SHA256
9779580965235cd5a58472bcd4819697bb9a5fbe4a82ce2bf2d26ef6c3f5f016

SHA512
f624cef5f892081cffa2fcae0c34e1485d84b151fac756adac9c8d8ca8865e73900374dc92a227574c60eaa252520f3d4a6eebe0925941bd32d233966a2b6c65

Download Submit
\Windows\system\PpLKAjL.exe

Filesize
6.0MB

MD5
39ba33cb2e7a4d8d247def9e2511c950

SHA1
37b75540512b61f27129b9e39440377424aeedae

SHA256
abf0c1ef21252ae8b433681d82c98fad0e8cde505de4213384118abb7ac3c000

SHA512
0fcbee21a1934c5250c35c719ef4298cb02b1fd63d664cfa924f3fa3b407fe4f2223820590e0700c5137054e1733222f099c17ebc4fa6c693cec48f608a1ad48

Download Submit
\Windows\system\QbcRMns.exe

Filesize
6.0MB

MD5
93d690d83268ad0b61c83c1d45dd7063

SHA1
b20bf9ce45267a78f033bb6e08040f6c6e931fcf

SHA256
bf0a597aa0145d8e0ac9ae8afc7a1e1e11db9ad5afb610e1728ccf84ea827160

SHA512
c9d158c3cabfd6cc0d57cad4b5bde102e826a5622d5f89ae52d7227f8437d0010f7319fc3f7825f185665d73b7a2a4a665d86ccee67f45ea1659283e9accf009

Download Submit
\Windows\system\deatwXO.exe

Filesize
6.0MB

MD5
b72c757c73caba8ce6d03bb0e63f8258

SHA1
45a0cd5433b9c76acc1d228adb48c27b0ac8994e

SHA256
25dd5dbfeeb853cf03566438991e4a7de58515fe3ec8708e75b31ad550066084

SHA512
1a716a1e849989e4d2eddc719b5e6d9baa433f1942fdee6878d65f891268c16d938db02c0f7bc7db3f5250d81ea23ac76238a4507ab5cb6c51c1cad18171b5be

Download Submit
\Windows\system\ygWyIZs.exe

Filesize
6.0MB

MD5
ec570274ca262536677461c91bce27e1

SHA1
daafaa3ab0927cc18ef0bf2423edc001eed42e0d

SHA256
003b4e7c1cf47bbae138a728a84a97853f076c8cadaf286abed6d3d2a8eb8ff3

SHA512
4a25c87373bce211298ac3d843325b0ba5c396ef224dc16b9e27fc3f0274612925e18db475d8055667b489127a37a6bae9a5031b2f96f546bdebe970d377cfb7

Download Submit
memory/264-3866-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/264-446-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1648-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-431-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/1508-384-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1508-427-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1654-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1653-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1652-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1651-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1650-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1649-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-0-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1629-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1597-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1435-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-447-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-445-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1457-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1508-443-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1547-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-441-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1548-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/1508-439-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1546-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-437-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1545-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1508-435-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1655-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-433-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-423-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-425-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-429-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-436-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3844-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-430-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3865-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2608-438-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3831-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2616-432-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3842-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3864-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2624-434-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2696-440-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3860-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-424-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3847-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3848-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2776-428-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3841-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2792-448-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2836-422-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3863-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2844-442-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2844-3862-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2928-3704-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2928-426-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/3024-444-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/3024-3843-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download