cobaltstrike | 03b98974ccf26715e555a4c1309db3234b63ad4f1e1bcefa7fc58c4beaa497ee

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 04:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e068d75239226cd2a044d88dcd088df8
SHA1

ffb15c51c5db92966747d8efa4418fc5b009557d
SHA256

03b98974ccf26715e555a4c1309db3234b63ad4f1e1bcefa7fc58c4beaa497ee
SHA512

25c9317b456debca56f38f9554e8c4b6fae3c05df3301900592bb8e2364b74e3216cbc71082ef4732a8fa757d64f0f78790e3d1c5614df69f658fda2ba608246
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU5:T+q56utgpPF8u/75

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b0000000122ea-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016db5-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd0-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016de4-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016eb8-28.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-198.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-195.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-175.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-170.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-97.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-80.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017400-65.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000190e1-72.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001707c-57.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d58-49.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016edb-39.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/540-0-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x000b0000000122ea-3.dat	xmrig
behavioral1/memory/540-6-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016db5-9.dat	xmrig
behavioral1/memory/2320-14-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x0008000000016dd0-11.dat	xmrig
behavioral1/memory/1248-21-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/540-18-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016de4-26.dat	xmrig
behavioral1/memory/1668-27-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2316-40-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2764-41-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/files/0x0007000000016eb8-28.dat	xmrig
behavioral1/memory/2804-59-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2568-74-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f6-88.dat	xmrig
behavioral1/memory/2540-107-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/files/0x0005000000019259-115.dat	xmrig
behavioral1/files/0x000500000001929a-135.dat	xmrig
behavioral1/files/0x000500000001946a-198.dat	xmrig
behavioral1/memory/1500-764-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2556-574-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2576-402-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2568-217-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x0005000000019465-195.dat	xmrig
behavioral1/files/0x000500000001945b-190.dat	xmrig
behavioral1/files/0x0005000000019450-185.dat	xmrig
behavioral1/files/0x0005000000019446-180.dat	xmrig
behavioral1/files/0x0005000000019433-175.dat	xmrig
behavioral1/files/0x00050000000193c1-170.dat	xmrig
behavioral1/files/0x00050000000193b3-165.dat	xmrig
behavioral1/files/0x00050000000193a4-160.dat	xmrig
behavioral1/files/0x0005000000019387-155.dat	xmrig
behavioral1/files/0x0005000000019377-150.dat	xmrig
behavioral1/files/0x0005000000019365-145.dat	xmrig
behavioral1/files/0x0005000000019319-140.dat	xmrig
behavioral1/files/0x0005000000019278-130.dat	xmrig
behavioral1/files/0x0005000000019275-125.dat	xmrig
behavioral1/files/0x000500000001926c-120.dat	xmrig
behavioral1/memory/1328-108-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019240-106.dat	xmrig
behavioral1/memory/1500-99-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2804-98-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019217-97.dat	xmrig
behavioral1/memory/2556-90-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2780-89-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2576-82-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2764-81-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/files/0x00050000000191d2-80.dat	xmrig
behavioral1/memory/2540-67-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/1668-66-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x0008000000017400-65.dat	xmrig
behavioral1/memory/2652-73-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x00080000000190e1-72.dat	xmrig
behavioral1/memory/1248-58-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x000700000001707c-57.dat	xmrig
behavioral1/memory/2780-51-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2320-50-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d58-49.dat	xmrig
behavioral1/memory/2652-34-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/540-33-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x0007000000016edb-39.dat	xmrig
behavioral1/memory/1328-2348-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2316-3632-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2316	LyXhAeB.exe
2320	XSBCbHi.exe
1248	zKdJGpb.exe
1668	wJixAMq.exe
2652	PLVmokj.exe
2764	rOlNYxl.exe
2780	xXxwqjA.exe
2804	pYBjJkx.exe
2540	AHXlPHy.exe
2568	UCnFyPI.exe
2576	ofJkDXL.exe
2556	XaGyqXL.exe
1500	JjNplOg.exe
1328	BAUaQZC.exe
2828	mpiQPRx.exe
760	IpZEIYA.exe
496	VQNivKO.exe
2552	RsEwPhl.exe
2856	wzGnbWX.exe
2100	XDVqAqh.exe
2240	QJUfDty.exe
2120	YsaxLBl.exe
1244	SJYdEun.exe
408	ySfwKmy.exe
2712	nWHIkXD.exe
1956	IkBowhF.exe
680	Zdphqfi.exe
1232	KCgZlPJ.exe
1736	EfVvSPg.exe
1876	HTlYAtH.exe
1048	yfTzEzv.exe
2908	YBhNEpk.exe
1376	sDpNYHS.exe
2080	IWWlJBU.exe
1016	hrZQtOy.exe
1780	qrwogwq.exe
2440	YSWxvOa.exe
2924	KKoMFZG.exe
2236	yXIAkDQ.exe
1572	bWeesnw.exe
756	VdqCwZy.exe
2276	TcfbPWO.exe
556	hEgdfji.exe
1688	KAJLFoi.exe
1252	lhBSCWS.exe
2168	WZZOMin.exe
3008	aQILXld.exe
2040	JZesqYP.exe
2328	hFHdYcS.exe
3052	jKEwMOm.exe
2900	szvkNfT.exe
2668	jiGUiCK.exe
2520	jVCHHpO.exe
2544	SxLqdPt.exe
2972	NKFYdQl.exe
1600	UhDFAdK.exe
2720	nXvSVBf.exe
2832	bWRuaxu.exe
2956	fnLfaUt.exe
2152	MKKOdQs.exe
2156	FSopypP.exe
2096	ZpojjsK.exe
1100	kXMoVob.exe
956	bJAeGTF.exe

Loads dropped DLL 64 IoCs

pid	Process
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/540-0-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x000b0000000122ea-3.dat	upx
behavioral1/memory/540-6-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x0009000000016db5-9.dat	upx
behavioral1/memory/2320-14-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x0008000000016dd0-11.dat	upx
behavioral1/memory/1248-21-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x0008000000016de4-26.dat	upx
behavioral1/memory/1668-27-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2316-40-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2764-41-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/files/0x0007000000016eb8-28.dat	upx
behavioral1/memory/2804-59-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2568-74-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x00050000000191f6-88.dat	upx
behavioral1/memory/2540-107-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/files/0x0005000000019259-115.dat	upx
behavioral1/files/0x000500000001929a-135.dat	upx
behavioral1/files/0x000500000001946a-198.dat	upx
behavioral1/memory/1500-764-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2556-574-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2576-402-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2568-217-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x0005000000019465-195.dat	upx
behavioral1/files/0x000500000001945b-190.dat	upx
behavioral1/files/0x0005000000019450-185.dat	upx
behavioral1/files/0x0005000000019446-180.dat	upx
behavioral1/files/0x0005000000019433-175.dat	upx
behavioral1/files/0x00050000000193c1-170.dat	upx
behavioral1/files/0x00050000000193b3-165.dat	upx
behavioral1/files/0x00050000000193a4-160.dat	upx
behavioral1/files/0x0005000000019387-155.dat	upx
behavioral1/files/0x0005000000019377-150.dat	upx
behavioral1/files/0x0005000000019365-145.dat	upx
behavioral1/files/0x0005000000019319-140.dat	upx
behavioral1/files/0x0005000000019278-130.dat	upx
behavioral1/files/0x0005000000019275-125.dat	upx
behavioral1/files/0x000500000001926c-120.dat	upx
behavioral1/memory/1328-108-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x0005000000019240-106.dat	upx
behavioral1/memory/1500-99-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2804-98-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x0005000000019217-97.dat	upx
behavioral1/memory/2556-90-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2780-89-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2576-82-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2764-81-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/files/0x00050000000191d2-80.dat	upx
behavioral1/memory/2540-67-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/1668-66-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x0008000000017400-65.dat	upx
behavioral1/memory/2652-73-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x00080000000190e1-72.dat	upx
behavioral1/memory/1248-58-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x000700000001707c-57.dat	upx
behavioral1/memory/2780-51-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2320-50-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x0009000000016d58-49.dat	upx
behavioral1/memory/2652-34-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/540-33-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x0007000000016edb-39.dat	upx
behavioral1/memory/1328-2348-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2316-3632-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2320-3674-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\mpuLsib.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MksFtJv.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTBGeCv.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pBNjjeS.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\noZpmyv.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JtUVHvH.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LdkDcob.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OMxjOes.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nNgZrQs.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tyyzPtq.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DMuGWIa.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pajfusc.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DVbJdBK.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TAmivmS.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KggdWnz.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BqSdVRj.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xuoZaAA.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vqqptRW.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BSNckdl.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oKexnHC.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dKwbhok.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pqVFusr.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpMMllf.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\caOrKMm.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MfItfvQ.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wrXIyqj.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EgwMXCO.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYEgWyR.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cnhkyJs.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHrRaaz.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PwpVAwc.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IBHGPEo.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OkBlLtU.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RUpWtou.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lDxdYJa.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Gmmubsu.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hTfgxev.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fbkIKcH.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnmqmTk.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WWeiAxL.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rbaZCqL.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DrXrTfc.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ireUWjq.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GatKGlV.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DYWsrqG.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ihHNJtZ.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UqpngFX.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgVGybz.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvhOOcE.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\laUMzKw.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HUGLiHG.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXDThCz.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sxRRIXq.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VAURRnw.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zOVHJTR.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dwSBgof.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ysoRcEb.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHOBiTC.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZAMKjrp.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oQhZgGe.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gABAmOG.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pWveRnh.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdOlRAn.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KxKMBUZ.exe	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 2316	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 540 wrote to memory of 2316	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 540 wrote to memory of 2316	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 540 wrote to memory of 2320	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 540 wrote to memory of 2320	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 540 wrote to memory of 2320	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 540 wrote to memory of 1248	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 540 wrote to memory of 1248	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 540 wrote to memory of 1248	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 540 wrote to memory of 1668	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 540 wrote to memory of 1668	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 540 wrote to memory of 1668	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 540 wrote to memory of 2652	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 540 wrote to memory of 2652	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 540 wrote to memory of 2652	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 540 wrote to memory of 2764	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 540 wrote to memory of 2764	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 540 wrote to memory of 2764	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 540 wrote to memory of 2780	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 540 wrote to memory of 2780	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 540 wrote to memory of 2780	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 540 wrote to memory of 2804	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 540 wrote to memory of 2804	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 540 wrote to memory of 2804	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 540 wrote to memory of 2540	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 540 wrote to memory of 2540	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 540 wrote to memory of 2540	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 540 wrote to memory of 2568	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 540 wrote to memory of 2568	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 540 wrote to memory of 2568	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 540 wrote to memory of 2576	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 540 wrote to memory of 2576	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 540 wrote to memory of 2576	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 540 wrote to memory of 2556	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 540 wrote to memory of 2556	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 540 wrote to memory of 2556	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 540 wrote to memory of 1500	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 540 wrote to memory of 1500	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 540 wrote to memory of 1500	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 540 wrote to memory of 1328	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 540 wrote to memory of 1328	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 540 wrote to memory of 1328	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 540 wrote to memory of 2828	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 540 wrote to memory of 2828	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 540 wrote to memory of 2828	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 540 wrote to memory of 760	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 540 wrote to memory of 760	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 540 wrote to memory of 760	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 540 wrote to memory of 496	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 540 wrote to memory of 496	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 540 wrote to memory of 496	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 540 wrote to memory of 2552	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 540 wrote to memory of 2552	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 540 wrote to memory of 2552	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 540 wrote to memory of 2856	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 540 wrote to memory of 2856	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 540 wrote to memory of 2856	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 540 wrote to memory of 2100	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 540 wrote to memory of 2100	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 540 wrote to memory of 2100	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 540 wrote to memory of 2240	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 540 wrote to memory of 2240	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 540 wrote to memory of 2240	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 540 wrote to memory of 2120	540	2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_e068d75239226cd2a044d88dcd088df8_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:540
- C:\Windows\System\LyXhAeB.exe
  C:\Windows\System\LyXhAeB.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\XSBCbHi.exe
  C:\Windows\System\XSBCbHi.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\zKdJGpb.exe
  C:\Windows\System\zKdJGpb.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\wJixAMq.exe
  C:\Windows\System\wJixAMq.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\PLVmokj.exe
  C:\Windows\System\PLVmokj.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\rOlNYxl.exe
  C:\Windows\System\rOlNYxl.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\xXxwqjA.exe
  C:\Windows\System\xXxwqjA.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\pYBjJkx.exe
  C:\Windows\System\pYBjJkx.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\AHXlPHy.exe
  C:\Windows\System\AHXlPHy.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\UCnFyPI.exe
  C:\Windows\System\UCnFyPI.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\ofJkDXL.exe
  C:\Windows\System\ofJkDXL.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\XaGyqXL.exe
  C:\Windows\System\XaGyqXL.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\JjNplOg.exe
  C:\Windows\System\JjNplOg.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\BAUaQZC.exe
  C:\Windows\System\BAUaQZC.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\mpiQPRx.exe
  C:\Windows\System\mpiQPRx.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\IpZEIYA.exe
  C:\Windows\System\IpZEIYA.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\VQNivKO.exe
  C:\Windows\System\VQNivKO.exe
  2⤵
  - Executes dropped EXE
  PID:496
- C:\Windows\System\RsEwPhl.exe
  C:\Windows\System\RsEwPhl.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\wzGnbWX.exe
  C:\Windows\System\wzGnbWX.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\XDVqAqh.exe
  C:\Windows\System\XDVqAqh.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\QJUfDty.exe
  C:\Windows\System\QJUfDty.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\YsaxLBl.exe
  C:\Windows\System\YsaxLBl.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\SJYdEun.exe
  C:\Windows\System\SJYdEun.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\ySfwKmy.exe
  C:\Windows\System\ySfwKmy.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\nWHIkXD.exe
  C:\Windows\System\nWHIkXD.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\IkBowhF.exe
  C:\Windows\System\IkBowhF.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\Zdphqfi.exe
  C:\Windows\System\Zdphqfi.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\KCgZlPJ.exe
  C:\Windows\System\KCgZlPJ.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\EfVvSPg.exe
  C:\Windows\System\EfVvSPg.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\HTlYAtH.exe
  C:\Windows\System\HTlYAtH.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\yfTzEzv.exe
  C:\Windows\System\yfTzEzv.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\YBhNEpk.exe
  C:\Windows\System\YBhNEpk.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\sDpNYHS.exe
  C:\Windows\System\sDpNYHS.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\IWWlJBU.exe
  C:\Windows\System\IWWlJBU.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\hrZQtOy.exe
  C:\Windows\System\hrZQtOy.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\qrwogwq.exe
  C:\Windows\System\qrwogwq.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\YSWxvOa.exe
  C:\Windows\System\YSWxvOa.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\KKoMFZG.exe
  C:\Windows\System\KKoMFZG.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\yXIAkDQ.exe
  C:\Windows\System\yXIAkDQ.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\bWeesnw.exe
  C:\Windows\System\bWeesnw.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\VdqCwZy.exe
  C:\Windows\System\VdqCwZy.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\TcfbPWO.exe
  C:\Windows\System\TcfbPWO.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\hEgdfji.exe
  C:\Windows\System\hEgdfji.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\KAJLFoi.exe
  C:\Windows\System\KAJLFoi.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\lhBSCWS.exe
  C:\Windows\System\lhBSCWS.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\WZZOMin.exe
  C:\Windows\System\WZZOMin.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\aQILXld.exe
  C:\Windows\System\aQILXld.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\JZesqYP.exe
  C:\Windows\System\JZesqYP.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\hFHdYcS.exe
  C:\Windows\System\hFHdYcS.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\jKEwMOm.exe
  C:\Windows\System\jKEwMOm.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\szvkNfT.exe
  C:\Windows\System\szvkNfT.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\jiGUiCK.exe
  C:\Windows\System\jiGUiCK.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\jVCHHpO.exe
  C:\Windows\System\jVCHHpO.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\SxLqdPt.exe
  C:\Windows\System\SxLqdPt.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\NKFYdQl.exe
  C:\Windows\System\NKFYdQl.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\UhDFAdK.exe
  C:\Windows\System\UhDFAdK.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\nXvSVBf.exe
  C:\Windows\System\nXvSVBf.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\bWRuaxu.exe
  C:\Windows\System\bWRuaxu.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\fnLfaUt.exe
  C:\Windows\System\fnLfaUt.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\MKKOdQs.exe
  C:\Windows\System\MKKOdQs.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\FSopypP.exe
  C:\Windows\System\FSopypP.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\ZpojjsK.exe
  C:\Windows\System\ZpojjsK.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\kXMoVob.exe
  C:\Windows\System\kXMoVob.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\bJAeGTF.exe
  C:\Windows\System\bJAeGTF.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\clPGyTu.exe
  C:\Windows\System\clPGyTu.exe
  2⤵
  PID:1860
- C:\Windows\System\kuGtGCG.exe
  C:\Windows\System\kuGtGCG.exe
  2⤵
  PID:992
- C:\Windows\System\CQdiKOu.exe
  C:\Windows\System\CQdiKOu.exe
  2⤵
  PID:620
- C:\Windows\System\ZSZQLlu.exe
  C:\Windows\System\ZSZQLlu.exe
  2⤵
  PID:1536
- C:\Windows\System\vEZXvRo.exe
  C:\Windows\System\vEZXvRo.exe
  2⤵
  PID:876
- C:\Windows\System\sttVZBO.exe
  C:\Windows\System\sttVZBO.exe
  2⤵
  PID:2184
- C:\Windows\System\lHikfiu.exe
  C:\Windows\System\lHikfiu.exe
  2⤵
  PID:2216
- C:\Windows\System\lxSghgW.exe
  C:\Windows\System\lxSghgW.exe
  2⤵
  PID:2068
- C:\Windows\System\yhjuvcL.exe
  C:\Windows\System\yhjuvcL.exe
  2⤵
  PID:1004
- C:\Windows\System\oiEaxYU.exe
  C:\Windows\System\oiEaxYU.exe
  2⤵
  PID:2948
- C:\Windows\System\ghRyNFc.exe
  C:\Windows\System\ghRyNFc.exe
  2⤵
  PID:880
- C:\Windows\System\CyiAlIE.exe
  C:\Windows\System\CyiAlIE.exe
  2⤵
  PID:1592
- C:\Windows\System\weMbugh.exe
  C:\Windows\System\weMbugh.exe
  2⤵
  PID:2060
- C:\Windows\System\CBGxfFd.exe
  C:\Windows\System\CBGxfFd.exe
  2⤵
  PID:2696
- C:\Windows\System\tmgiAmY.exe
  C:\Windows\System\tmgiAmY.exe
  2⤵
  PID:2636
- C:\Windows\System\CplBsrE.exe
  C:\Windows\System\CplBsrE.exe
  2⤵
  PID:2800
- C:\Windows\System\JpCPVUc.exe
  C:\Windows\System\JpCPVUc.exe
  2⤵
  PID:2740
- C:\Windows\System\GdDTagS.exe
  C:\Windows\System\GdDTagS.exe
  2⤵
  PID:2992
- C:\Windows\System\RshjhUy.exe
  C:\Windows\System\RshjhUy.exe
  2⤵
  PID:1156
- C:\Windows\System\VpiuBHw.exe
  C:\Windows\System\VpiuBHw.exe
  2⤵
  PID:2612
- C:\Windows\System\aycsqNE.exe
  C:\Windows\System\aycsqNE.exe
  2⤵
  PID:2132
- C:\Windows\System\NxyYzCf.exe
  C:\Windows\System\NxyYzCf.exe
  2⤵
  PID:860
- C:\Windows\System\Stnulzj.exe
  C:\Windows\System\Stnulzj.exe
  2⤵
  PID:2412
- C:\Windows\System\NAkWOqm.exe
  C:\Windows\System\NAkWOqm.exe
  2⤵
  PID:1968
- C:\Windows\System\ZAhMkSJ.exe
  C:\Windows\System\ZAhMkSJ.exe
  2⤵
  PID:1384
- C:\Windows\System\cikPJbC.exe
  C:\Windows\System\cikPJbC.exe
  2⤵
  PID:316
- C:\Windows\System\ldHalRl.exe
  C:\Windows\System\ldHalRl.exe
  2⤵
  PID:3080
- C:\Windows\System\lttLdTU.exe
  C:\Windows\System\lttLdTU.exe
  2⤵
  PID:3100
- C:\Windows\System\KkFObEL.exe
  C:\Windows\System\KkFObEL.exe
  2⤵
  PID:3120
- C:\Windows\System\oUYyEGQ.exe
  C:\Windows\System\oUYyEGQ.exe
  2⤵
  PID:3140
- C:\Windows\System\gnRgsFL.exe
  C:\Windows\System\gnRgsFL.exe
  2⤵
  PID:3160
- C:\Windows\System\EQtqXft.exe
  C:\Windows\System\EQtqXft.exe
  2⤵
  PID:3180
- C:\Windows\System\PhtqKPz.exe
  C:\Windows\System\PhtqKPz.exe
  2⤵
  PID:3200
- C:\Windows\System\LKHsKVp.exe
  C:\Windows\System\LKHsKVp.exe
  2⤵
  PID:3216
- C:\Windows\System\qGJBHQT.exe
  C:\Windows\System\qGJBHQT.exe
  2⤵
  PID:3244
- C:\Windows\System\HXiPpmG.exe
  C:\Windows\System\HXiPpmG.exe
  2⤵
  PID:3260
- C:\Windows\System\LxjhymC.exe
  C:\Windows\System\LxjhymC.exe
  2⤵
  PID:3284
- C:\Windows\System\oJGEMtb.exe
  C:\Windows\System\oJGEMtb.exe
  2⤵
  PID:3300
- C:\Windows\System\VoOOMQY.exe
  C:\Windows\System\VoOOMQY.exe
  2⤵
  PID:3324
- C:\Windows\System\LPvYnIL.exe
  C:\Windows\System\LPvYnIL.exe
  2⤵
  PID:3344
- C:\Windows\System\OgrdLUF.exe
  C:\Windows\System\OgrdLUF.exe
  2⤵
  PID:3364
- C:\Windows\System\mGFyzek.exe
  C:\Windows\System\mGFyzek.exe
  2⤵
  PID:3384
- C:\Windows\System\YYmzlQl.exe
  C:\Windows\System\YYmzlQl.exe
  2⤵
  PID:3404
- C:\Windows\System\vYJuTjx.exe
  C:\Windows\System\vYJuTjx.exe
  2⤵
  PID:3420
- C:\Windows\System\tYwARcF.exe
  C:\Windows\System\tYwARcF.exe
  2⤵
  PID:3444
- C:\Windows\System\FwDqKAQ.exe
  C:\Windows\System\FwDqKAQ.exe
  2⤵
  PID:3464
- C:\Windows\System\MIdgxGI.exe
  C:\Windows\System\MIdgxGI.exe
  2⤵
  PID:3484
- C:\Windows\System\yycDDqv.exe
  C:\Windows\System\yycDDqv.exe
  2⤵
  PID:3500
- C:\Windows\System\uWDRORQ.exe
  C:\Windows\System\uWDRORQ.exe
  2⤵
  PID:3524
- C:\Windows\System\pLTwFmx.exe
  C:\Windows\System\pLTwFmx.exe
  2⤵
  PID:3544
- C:\Windows\System\DwFISiT.exe
  C:\Windows\System\DwFISiT.exe
  2⤵
  PID:3564
- C:\Windows\System\OvCIoSV.exe
  C:\Windows\System\OvCIoSV.exe
  2⤵
  PID:3584
- C:\Windows\System\VUrvuoT.exe
  C:\Windows\System\VUrvuoT.exe
  2⤵
  PID:3604
- C:\Windows\System\LVGFbgf.exe
  C:\Windows\System\LVGFbgf.exe
  2⤵
  PID:3620
- C:\Windows\System\fTBGeCv.exe
  C:\Windows\System\fTBGeCv.exe
  2⤵
  PID:3644
- C:\Windows\System\IkdfPtO.exe
  C:\Windows\System\IkdfPtO.exe
  2⤵
  PID:3664
- C:\Windows\System\MKdshuj.exe
  C:\Windows\System\MKdshuj.exe
  2⤵
  PID:3684
- C:\Windows\System\vKebHWm.exe
  C:\Windows\System\vKebHWm.exe
  2⤵
  PID:3704
- C:\Windows\System\HpsrRer.exe
  C:\Windows\System\HpsrRer.exe
  2⤵
  PID:3728
- C:\Windows\System\BKzuZyd.exe
  C:\Windows\System\BKzuZyd.exe
  2⤵
  PID:3748
- C:\Windows\System\ZHhFVLm.exe
  C:\Windows\System\ZHhFVLm.exe
  2⤵
  PID:3768
- C:\Windows\System\lrYaigN.exe
  C:\Windows\System\lrYaigN.exe
  2⤵
  PID:3788
- C:\Windows\System\OSGRnWX.exe
  C:\Windows\System\OSGRnWX.exe
  2⤵
  PID:3812
- C:\Windows\System\jTVdagt.exe
  C:\Windows\System\jTVdagt.exe
  2⤵
  PID:3832
- C:\Windows\System\zburijv.exe
  C:\Windows\System\zburijv.exe
  2⤵
  PID:3852
- C:\Windows\System\ImgIBvg.exe
  C:\Windows\System\ImgIBvg.exe
  2⤵
  PID:3872
- C:\Windows\System\IbwEflv.exe
  C:\Windows\System\IbwEflv.exe
  2⤵
  PID:3892
- C:\Windows\System\bNJTpnq.exe
  C:\Windows\System\bNJTpnq.exe
  2⤵
  PID:3912
- C:\Windows\System\RBIZohf.exe
  C:\Windows\System\RBIZohf.exe
  2⤵
  PID:3932
- C:\Windows\System\GqzAJZD.exe
  C:\Windows\System\GqzAJZD.exe
  2⤵
  PID:3952
- C:\Windows\System\eyxMSFA.exe
  C:\Windows\System\eyxMSFA.exe
  2⤵
  PID:3972
- C:\Windows\System\qjyqNCC.exe
  C:\Windows\System\qjyqNCC.exe
  2⤵
  PID:3992
- C:\Windows\System\xNoCqwP.exe
  C:\Windows\System\xNoCqwP.exe
  2⤵
  PID:4012
- C:\Windows\System\bPMTGHt.exe
  C:\Windows\System\bPMTGHt.exe
  2⤵
  PID:4032
- C:\Windows\System\SjWiPRy.exe
  C:\Windows\System\SjWiPRy.exe
  2⤵
  PID:4052
- C:\Windows\System\lDeVXqh.exe
  C:\Windows\System\lDeVXqh.exe
  2⤵
  PID:4072
- C:\Windows\System\VqsWccE.exe
  C:\Windows\System\VqsWccE.exe
  2⤵
  PID:4092
- C:\Windows\System\DpJyYIA.exe
  C:\Windows\System\DpJyYIA.exe
  2⤵
  PID:2072
- C:\Windows\System\IKQSwTX.exe
  C:\Windows\System\IKQSwTX.exe
  2⤵
  PID:888
- C:\Windows\System\mosWhMX.exe
  C:\Windows\System\mosWhMX.exe
  2⤵
  PID:1404
- C:\Windows\System\DBBWolS.exe
  C:\Windows\System\DBBWolS.exe
  2⤵
  PID:2872
- C:\Windows\System\FidAxZZ.exe
  C:\Windows\System\FidAxZZ.exe
  2⤵
  PID:2564
- C:\Windows\System\hiHAwFG.exe
  C:\Windows\System\hiHAwFG.exe
  2⤵
  PID:396
- C:\Windows\System\DIEWNwX.exe
  C:\Windows\System\DIEWNwX.exe
  2⤵
  PID:1908
- C:\Windows\System\wzPHxHn.exe
  C:\Windows\System\wzPHxHn.exe
  2⤵
  PID:2108
- C:\Windows\System\yBEaLcl.exe
  C:\Windows\System\yBEaLcl.exe
  2⤵
  PID:1332
- C:\Windows\System\PvXlBnn.exe
  C:\Windows\System\PvXlBnn.exe
  2⤵
  PID:1524
- C:\Windows\System\qHOBiTC.exe
  C:\Windows\System\qHOBiTC.exe
  2⤵
  PID:3048
- C:\Windows\System\UcTwcBs.exe
  C:\Windows\System\UcTwcBs.exe
  2⤵
  PID:3088
- C:\Windows\System\TxHPeWq.exe
  C:\Windows\System\TxHPeWq.exe
  2⤵
  PID:3092
- C:\Windows\System\oxlZRWu.exe
  C:\Windows\System\oxlZRWu.exe
  2⤵
  PID:3156
- C:\Windows\System\cSfsEOH.exe
  C:\Windows\System\cSfsEOH.exe
  2⤵
  PID:3192
- C:\Windows\System\HEKuprY.exe
  C:\Windows\System\HEKuprY.exe
  2⤵
  PID:3212
- C:\Windows\System\ejlTWAZ.exe
  C:\Windows\System\ejlTWAZ.exe
  2⤵
  PID:3256
- C:\Windows\System\KFWvcPf.exe
  C:\Windows\System\KFWvcPf.exe
  2⤵
  PID:3312
- C:\Windows\System\joQULXk.exe
  C:\Windows\System\joQULXk.exe
  2⤵
  PID:3352
- C:\Windows\System\FuCGYow.exe
  C:\Windows\System\FuCGYow.exe
  2⤵
  PID:3336
- C:\Windows\System\kKckkcf.exe
  C:\Windows\System\kKckkcf.exe
  2⤵
  PID:3400
- C:\Windows\System\pYIkeBx.exe
  C:\Windows\System\pYIkeBx.exe
  2⤵
  PID:3436
- C:\Windows\System\JBFVYEu.exe
  C:\Windows\System\JBFVYEu.exe
  2⤵
  PID:3476
- C:\Windows\System\ZwIlXNE.exe
  C:\Windows\System\ZwIlXNE.exe
  2⤵
  PID:3516
- C:\Windows\System\WtivptA.exe
  C:\Windows\System\WtivptA.exe
  2⤵
  PID:3552
- C:\Windows\System\gwOnmFT.exe
  C:\Windows\System\gwOnmFT.exe
  2⤵
  PID:3572
- C:\Windows\System\KdTGxzf.exe
  C:\Windows\System\KdTGxzf.exe
  2⤵
  PID:3576
- C:\Windows\System\LVNKpWb.exe
  C:\Windows\System\LVNKpWb.exe
  2⤵
  PID:3636
- C:\Windows\System\rYsuYPs.exe
  C:\Windows\System\rYsuYPs.exe
  2⤵
  PID:3652
- C:\Windows\System\yEshUbq.exe
  C:\Windows\System\yEshUbq.exe
  2⤵
  PID:3696
- C:\Windows\System\VfixJHY.exe
  C:\Windows\System\VfixJHY.exe
  2⤵
  PID:3756
- C:\Windows\System\EoDcVVg.exe
  C:\Windows\System\EoDcVVg.exe
  2⤵
  PID:3760
- C:\Windows\System\dAsJadd.exe
  C:\Windows\System\dAsJadd.exe
  2⤵
  PID:3780
- C:\Windows\System\rLkBTbL.exe
  C:\Windows\System\rLkBTbL.exe
  2⤵
  PID:3820
- C:\Windows\System\dndnoWg.exe
  C:\Windows\System\dndnoWg.exe
  2⤵
  PID:3888
- C:\Windows\System\kIJAnvW.exe
  C:\Windows\System\kIJAnvW.exe
  2⤵
  PID:3928
- C:\Windows\System\yIZFXQw.exe
  C:\Windows\System\yIZFXQw.exe
  2⤵
  PID:3960
- C:\Windows\System\IBHGPEo.exe
  C:\Windows\System\IBHGPEo.exe
  2⤵
  PID:3944
- C:\Windows\System\hJYzxrf.exe
  C:\Windows\System\hJYzxrf.exe
  2⤵
  PID:4004
- C:\Windows\System\CPMIBqJ.exe
  C:\Windows\System\CPMIBqJ.exe
  2⤵
  PID:4024
- C:\Windows\System\Vgbmrdg.exe
  C:\Windows\System\Vgbmrdg.exe
  2⤵
  PID:4084
- C:\Windows\System\emWfttA.exe
  C:\Windows\System\emWfttA.exe
  2⤵
  PID:1680
- C:\Windows\System\zynDtsz.exe
  C:\Windows\System\zynDtsz.exe
  2⤵
  PID:1032
- C:\Windows\System\pLhtkXv.exe
  C:\Windows\System\pLhtkXv.exe
  2⤵
  PID:2312
- C:\Windows\System\teuqMMp.exe
  C:\Windows\System\teuqMMp.exe
  2⤵
  PID:2432
- C:\Windows\System\tPcAFZC.exe
  C:\Windows\System\tPcAFZC.exe
  2⤵
  PID:324
- C:\Windows\System\jciAXcR.exe
  C:\Windows\System\jciAXcR.exe
  2⤵
  PID:1768
- C:\Windows\System\zAcKNcX.exe
  C:\Windows\System\zAcKNcX.exe
  2⤵
  PID:1188
- C:\Windows\System\MrNhXnY.exe
  C:\Windows\System\MrNhXnY.exe
  2⤵
  PID:2368
- C:\Windows\System\QTlobIT.exe
  C:\Windows\System\QTlobIT.exe
  2⤵
  PID:3096
- C:\Windows\System\FMmiSXm.exe
  C:\Windows\System\FMmiSXm.exe
  2⤵
  PID:3208
- C:\Windows\System\qyeDIYk.exe
  C:\Windows\System\qyeDIYk.exe
  2⤵
  PID:3308
- C:\Windows\System\iWtMZDb.exe
  C:\Windows\System\iWtMZDb.exe
  2⤵
  PID:3360
- C:\Windows\System\VRnnomW.exe
  C:\Windows\System\VRnnomW.exe
  2⤵
  PID:3296
- C:\Windows\System\huLImlN.exe
  C:\Windows\System\huLImlN.exe
  2⤵
  PID:3392
- C:\Windows\System\iGXtNTc.exe
  C:\Windows\System\iGXtNTc.exe
  2⤵
  PID:3452
- C:\Windows\System\RqCjzqk.exe
  C:\Windows\System\RqCjzqk.exe
  2⤵
  PID:3536
- C:\Windows\System\HnRLAIB.exe
  C:\Windows\System\HnRLAIB.exe
  2⤵
  PID:3632
- C:\Windows\System\XRzECWT.exe
  C:\Windows\System\XRzECWT.exe
  2⤵
  PID:3660
- C:\Windows\System\gIPVLlr.exe
  C:\Windows\System\gIPVLlr.exe
  2⤵
  PID:3680
- C:\Windows\System\cHIqCsQ.exe
  C:\Windows\System\cHIqCsQ.exe
  2⤵
  PID:3720
- C:\Windows\System\HFRPvnS.exe
  C:\Windows\System\HFRPvnS.exe
  2⤵
  PID:3776
- C:\Windows\System\hHZKMPt.exe
  C:\Windows\System\hHZKMPt.exe
  2⤵
  PID:3880
- C:\Windows\System\hayOKOd.exe
  C:\Windows\System\hayOKOd.exe
  2⤵
  PID:3968
- C:\Windows\System\haOKIsP.exe
  C:\Windows\System\haOKIsP.exe
  2⤵
  PID:4020
- C:\Windows\System\nLJOGhV.exe
  C:\Windows\System\nLJOGhV.exe
  2⤵
  PID:4048
- C:\Windows\System\QovVXDa.exe
  C:\Windows\System\QovVXDa.exe
  2⤵
  PID:4080
- C:\Windows\System\trmZSDI.exe
  C:\Windows\System\trmZSDI.exe
  2⤵
  PID:2364
- C:\Windows\System\XzbmGUe.exe
  C:\Windows\System\XzbmGUe.exe
  2⤵
  PID:2284
- C:\Windows\System\fHpXPwZ.exe
  C:\Windows\System\fHpXPwZ.exe
  2⤵
  PID:2136
- C:\Windows\System\iCBgrdi.exe
  C:\Windows\System\iCBgrdi.exe
  2⤵
  PID:3152
- C:\Windows\System\bkieRkM.exe
  C:\Windows\System\bkieRkM.exe
  2⤵
  PID:3132
- C:\Windows\System\QHTTJBK.exe
  C:\Windows\System\QHTTJBK.exe
  2⤵
  PID:3276
- C:\Windows\System\lblkMhS.exe
  C:\Windows\System\lblkMhS.exe
  2⤵
  PID:3236
- C:\Windows\System\eOnNszZ.exe
  C:\Windows\System\eOnNszZ.exe
  2⤵
  PID:3456
- C:\Windows\System\nOEDJjl.exe
  C:\Windows\System\nOEDJjl.exe
  2⤵
  PID:3440
- C:\Windows\System\RDlMonP.exe
  C:\Windows\System\RDlMonP.exe
  2⤵
  PID:2020
- C:\Windows\System\dunQagk.exe
  C:\Windows\System\dunQagk.exe
  2⤵
  PID:3600
- C:\Windows\System\RFLkNyZ.exe
  C:\Windows\System\RFLkNyZ.exe
  2⤵
  PID:3692
- C:\Windows\System\rpdXPlK.exe
  C:\Windows\System\rpdXPlK.exe
  2⤵
  PID:3828
- C:\Windows\System\cYoMeBm.exe
  C:\Windows\System\cYoMeBm.exe
  2⤵
  PID:4112
- C:\Windows\System\ZGEueBz.exe
  C:\Windows\System\ZGEueBz.exe
  2⤵
  PID:4132
- C:\Windows\System\sLPfMwk.exe
  C:\Windows\System\sLPfMwk.exe
  2⤵
  PID:4152
- C:\Windows\System\hoFGMEU.exe
  C:\Windows\System\hoFGMEU.exe
  2⤵
  PID:4172
- C:\Windows\System\bLBtmkP.exe
  C:\Windows\System\bLBtmkP.exe
  2⤵
  PID:4192
- C:\Windows\System\DSPvRXY.exe
  C:\Windows\System\DSPvRXY.exe
  2⤵
  PID:4212
- C:\Windows\System\zhmGKGN.exe
  C:\Windows\System\zhmGKGN.exe
  2⤵
  PID:4232
- C:\Windows\System\trxjAeP.exe
  C:\Windows\System\trxjAeP.exe
  2⤵
  PID:4252
- C:\Windows\System\NUQNkOA.exe
  C:\Windows\System\NUQNkOA.exe
  2⤵
  PID:4272
- C:\Windows\System\rSjQbWT.exe
  C:\Windows\System\rSjQbWT.exe
  2⤵
  PID:4292
- C:\Windows\System\wLExBpF.exe
  C:\Windows\System\wLExBpF.exe
  2⤵
  PID:4312
- C:\Windows\System\kdNbZVU.exe
  C:\Windows\System\kdNbZVU.exe
  2⤵
  PID:4332
- C:\Windows\System\oTeUVLV.exe
  C:\Windows\System\oTeUVLV.exe
  2⤵
  PID:4352
- C:\Windows\System\qxOhMJx.exe
  C:\Windows\System\qxOhMJx.exe
  2⤵
  PID:4372
- C:\Windows\System\DHyvkHm.exe
  C:\Windows\System\DHyvkHm.exe
  2⤵
  PID:4392
- C:\Windows\System\pkaxicq.exe
  C:\Windows\System\pkaxicq.exe
  2⤵
  PID:4412
- C:\Windows\System\pvZXyLh.exe
  C:\Windows\System\pvZXyLh.exe
  2⤵
  PID:4432
- C:\Windows\System\HDMIWUq.exe
  C:\Windows\System\HDMIWUq.exe
  2⤵
  PID:4452
- C:\Windows\System\LpKQhkf.exe
  C:\Windows\System\LpKQhkf.exe
  2⤵
  PID:4472
- C:\Windows\System\vlcuHtf.exe
  C:\Windows\System\vlcuHtf.exe
  2⤵
  PID:4492
- C:\Windows\System\FFrAtse.exe
  C:\Windows\System\FFrAtse.exe
  2⤵
  PID:4512
- C:\Windows\System\jrpJcUz.exe
  C:\Windows\System\jrpJcUz.exe
  2⤵
  PID:4532
- C:\Windows\System\QCDldse.exe
  C:\Windows\System\QCDldse.exe
  2⤵
  PID:4556
- C:\Windows\System\lahSuBx.exe
  C:\Windows\System\lahSuBx.exe
  2⤵
  PID:4576
- C:\Windows\System\PmlXXrq.exe
  C:\Windows\System\PmlXXrq.exe
  2⤵
  PID:4592
- C:\Windows\System\KXIcuBh.exe
  C:\Windows\System\KXIcuBh.exe
  2⤵
  PID:4616
- C:\Windows\System\clvDRhG.exe
  C:\Windows\System\clvDRhG.exe
  2⤵
  PID:4636
- C:\Windows\System\zCOOtIi.exe
  C:\Windows\System\zCOOtIi.exe
  2⤵
  PID:4656
- C:\Windows\System\GHCuLQl.exe
  C:\Windows\System\GHCuLQl.exe
  2⤵
  PID:4676
- C:\Windows\System\VlfeWXT.exe
  C:\Windows\System\VlfeWXT.exe
  2⤵
  PID:4700
- C:\Windows\System\RhTqXiF.exe
  C:\Windows\System\RhTqXiF.exe
  2⤵
  PID:4720
- C:\Windows\System\ARgYuqS.exe
  C:\Windows\System\ARgYuqS.exe
  2⤵
  PID:4740
- C:\Windows\System\BhQfzjG.exe
  C:\Windows\System\BhQfzjG.exe
  2⤵
  PID:4756
- C:\Windows\System\jaWCrvK.exe
  C:\Windows\System\jaWCrvK.exe
  2⤵
  PID:4780
- C:\Windows\System\NurLPHB.exe
  C:\Windows\System\NurLPHB.exe
  2⤵
  PID:4800
- C:\Windows\System\xwsyelM.exe
  C:\Windows\System\xwsyelM.exe
  2⤵
  PID:4820
- C:\Windows\System\bzBqeMk.exe
  C:\Windows\System\bzBqeMk.exe
  2⤵
  PID:4840
- C:\Windows\System\Ygaouef.exe
  C:\Windows\System\Ygaouef.exe
  2⤵
  PID:4860
- C:\Windows\System\EtTFxDB.exe
  C:\Windows\System\EtTFxDB.exe
  2⤵
  PID:4884
- C:\Windows\System\araFiHm.exe
  C:\Windows\System\araFiHm.exe
  2⤵
  PID:4904
- C:\Windows\System\gPeAYyQ.exe
  C:\Windows\System\gPeAYyQ.exe
  2⤵
  PID:4924
- C:\Windows\System\VNEFoTC.exe
  C:\Windows\System\VNEFoTC.exe
  2⤵
  PID:4944
- C:\Windows\System\qfyMUEp.exe
  C:\Windows\System\qfyMUEp.exe
  2⤵
  PID:4964
- C:\Windows\System\cUsjXei.exe
  C:\Windows\System\cUsjXei.exe
  2⤵
  PID:4984
- C:\Windows\System\vYcWcXA.exe
  C:\Windows\System\vYcWcXA.exe
  2⤵
  PID:5004
- C:\Windows\System\yThavYP.exe
  C:\Windows\System\yThavYP.exe
  2⤵
  PID:5024
- C:\Windows\System\yNFVftl.exe
  C:\Windows\System\yNFVftl.exe
  2⤵
  PID:5044
- C:\Windows\System\kyRnpuj.exe
  C:\Windows\System\kyRnpuj.exe
  2⤵
  PID:5068
- C:\Windows\System\MGFCrzp.exe
  C:\Windows\System\MGFCrzp.exe
  2⤵
  PID:5088
- C:\Windows\System\EPAWHOw.exe
  C:\Windows\System\EPAWHOw.exe
  2⤵
  PID:5108
- C:\Windows\System\ufqxlko.exe
  C:\Windows\System\ufqxlko.exe
  2⤵
  PID:3980
- C:\Windows\System\EXEjPBp.exe
  C:\Windows\System\EXEjPBp.exe
  2⤵
  PID:4064
- C:\Windows\System\AdgQmZk.exe
  C:\Windows\System\AdgQmZk.exe
  2⤵
  PID:4060
- C:\Windows\System\UFbKbko.exe
  C:\Windows\System\UFbKbko.exe
  2⤵
  PID:3056
- C:\Windows\System\KKzmjCU.exe
  C:\Windows\System\KKzmjCU.exe
  2⤵
  PID:2608
- C:\Windows\System\iBpHSCD.exe
  C:\Windows\System\iBpHSCD.exe
  2⤵
  PID:1740
- C:\Windows\System\uzsPxqD.exe
  C:\Windows\System\uzsPxqD.exe
  2⤵
  PID:3268
- C:\Windows\System\vaEWlil.exe
  C:\Windows\System\vaEWlil.exe
  2⤵
  PID:3676
- C:\Windows\System\BJoqStR.exe
  C:\Windows\System\BJoqStR.exe
  2⤵
  PID:3840
- C:\Windows\System\TWKZOjT.exe
  C:\Windows\System\TWKZOjT.exe
  2⤵
  PID:4128
- C:\Windows\System\Zueajby.exe
  C:\Windows\System\Zueajby.exe
  2⤵
  PID:4108
- C:\Windows\System\VGwsvJY.exe
  C:\Windows\System\VGwsvJY.exe
  2⤵
  PID:4144
- C:\Windows\System\lPAfxOC.exe
  C:\Windows\System\lPAfxOC.exe
  2⤵
  PID:4208
- C:\Windows\System\GatKGlV.exe
  C:\Windows\System\GatKGlV.exe
  2⤵
  PID:4248
- C:\Windows\System\njobCPy.exe
  C:\Windows\System\njobCPy.exe
  2⤵
  PID:4228
- C:\Windows\System\cYvcSsW.exe
  C:\Windows\System\cYvcSsW.exe
  2⤵
  PID:4320
- C:\Windows\System\gbdPNsC.exe
  C:\Windows\System\gbdPNsC.exe
  2⤵
  PID:4300
- C:\Windows\System\ptSJylA.exe
  C:\Windows\System\ptSJylA.exe
  2⤵
  PID:4360
- C:\Windows\System\yfSrVzN.exe
  C:\Windows\System\yfSrVzN.exe
  2⤵
  PID:4404
- C:\Windows\System\oRJclrO.exe
  C:\Windows\System\oRJclrO.exe
  2⤵
  PID:4440
- C:\Windows\System\qPseiQE.exe
  C:\Windows\System\qPseiQE.exe
  2⤵
  PID:4428
- C:\Windows\System\kamaCKs.exe
  C:\Windows\System\kamaCKs.exe
  2⤵
  PID:4464
- C:\Windows\System\FIcOjyk.exe
  C:\Windows\System\FIcOjyk.exe
  2⤵
  PID:4504
- C:\Windows\System\TWWLLbt.exe
  C:\Windows\System\TWWLLbt.exe
  2⤵
  PID:4568
- C:\Windows\System\thDWlos.exe
  C:\Windows\System\thDWlos.exe
  2⤵
  PID:4600
- C:\Windows\System\jHTnYkd.exe
  C:\Windows\System\jHTnYkd.exe
  2⤵
  PID:4624
- C:\Windows\System\XpLObOY.exe
  C:\Windows\System\XpLObOY.exe
  2⤵
  PID:4652
- C:\Windows\System\QBDWAcJ.exe
  C:\Windows\System\QBDWAcJ.exe
  2⤵
  PID:4688
- C:\Windows\System\GaOAbnj.exe
  C:\Windows\System\GaOAbnj.exe
  2⤵
  PID:4708
- C:\Windows\System\KcwWjVh.exe
  C:\Windows\System\KcwWjVh.exe
  2⤵
  PID:4764
- C:\Windows\System\WzVIERN.exe
  C:\Windows\System\WzVIERN.exe
  2⤵
  PID:4792
- C:\Windows\System\gCmfhGg.exe
  C:\Windows\System\gCmfhGg.exe
  2⤵
  PID:4828
- C:\Windows\System\UjOLYcX.exe
  C:\Windows\System\UjOLYcX.exe
  2⤵
  PID:4852
- C:\Windows\System\WdpQFzg.exe
  C:\Windows\System\WdpQFzg.exe
  2⤵
  PID:4892
- C:\Windows\System\PGkrByZ.exe
  C:\Windows\System\PGkrByZ.exe
  2⤵
  PID:4916
- C:\Windows\System\thPBCus.exe
  C:\Windows\System\thPBCus.exe
  2⤵
  PID:4972
- C:\Windows\System\RpUiXKv.exe
  C:\Windows\System\RpUiXKv.exe
  2⤵
  PID:4956
- C:\Windows\System\idetXnj.exe
  C:\Windows\System\idetXnj.exe
  2⤵
  PID:5000
- C:\Windows\System\mlZblEO.exe
  C:\Windows\System\mlZblEO.exe
  2⤵
  PID:5056
- C:\Windows\System\Dvprnwy.exe
  C:\Windows\System\Dvprnwy.exe
  2⤵
  PID:5104
- C:\Windows\System\xAIZBbD.exe
  C:\Windows\System\xAIZBbD.exe
  2⤵
  PID:1672
- C:\Windows\System\hjttFtK.exe
  C:\Windows\System\hjttFtK.exe
  2⤵
  PID:2960
- C:\Windows\System\uzeHmnO.exe
  C:\Windows\System\uzeHmnO.exe
  2⤵
  PID:1720
- C:\Windows\System\NkWNone.exe
  C:\Windows\System\NkWNone.exe
  2⤵
  PID:1632
- C:\Windows\System\gnRHqLR.exe
  C:\Windows\System\gnRHqLR.exe
  2⤵
  PID:3428
- C:\Windows\System\QqvLTjj.exe
  C:\Windows\System\QqvLTjj.exe
  2⤵
  PID:3948
- C:\Windows\System\mZhcyHw.exe
  C:\Windows\System\mZhcyHw.exe
  2⤵
  PID:3808
- C:\Windows\System\PHwcZNB.exe
  C:\Windows\System\PHwcZNB.exe
  2⤵
  PID:3764
- C:\Windows\System\svTOBim.exe
  C:\Windows\System\svTOBim.exe
  2⤵
  PID:4204
- C:\Windows\System\SPjldao.exe
  C:\Windows\System\SPjldao.exe
  2⤵
  PID:4280
- C:\Windows\System\XjCxTcv.exe
  C:\Windows\System\XjCxTcv.exe
  2⤵
  PID:4340
- C:\Windows\System\ObVlMvh.exe
  C:\Windows\System\ObVlMvh.exe
  2⤵
  PID:4264
- C:\Windows\System\TPsFDBT.exe
  C:\Windows\System\TPsFDBT.exe
  2⤵
  PID:4408
- C:\Windows\System\cZFKsda.exe
  C:\Windows\System\cZFKsda.exe
  2⤵
  PID:4468
- C:\Windows\System\MXRdwvb.exe
  C:\Windows\System\MXRdwvb.exe
  2⤵
  PID:4520
- C:\Windows\System\jyTKIiP.exe
  C:\Windows\System\jyTKIiP.exe
  2⤵
  PID:4508
- C:\Windows\System\staVXRV.exe
  C:\Windows\System\staVXRV.exe
  2⤵
  PID:4548
- C:\Windows\System\drCppgZ.exe
  C:\Windows\System\drCppgZ.exe
  2⤵
  PID:4628
- C:\Windows\System\OEQwSEa.exe
  C:\Windows\System\OEQwSEa.exe
  2⤵
  PID:4728
- C:\Windows\System\cqMdkqK.exe
  C:\Windows\System\cqMdkqK.exe
  2⤵
  PID:4816
- C:\Windows\System\fNmfNPE.exe
  C:\Windows\System\fNmfNPE.exe
  2⤵
  PID:4848
- C:\Windows\System\SSfawAz.exe
  C:\Windows\System\SSfawAz.exe
  2⤵
  PID:4872
- C:\Windows\System\LolRcbH.exe
  C:\Windows\System\LolRcbH.exe
  2⤵
  PID:4896
- C:\Windows\System\oFNUfgJ.exe
  C:\Windows\System\oFNUfgJ.exe
  2⤵
  PID:4976
- C:\Windows\System\VzYqzoz.exe
  C:\Windows\System\VzYqzoz.exe
  2⤵
  PID:5096
- C:\Windows\System\PlcwbPS.exe
  C:\Windows\System\PlcwbPS.exe
  2⤵
  PID:5084
- C:\Windows\System\nihQIUs.exe
  C:\Windows\System\nihQIUs.exe
  2⤵
  PID:1728
- C:\Windows\System\ICInLXW.exe
  C:\Windows\System\ICInLXW.exe
  2⤵
  PID:2888
- C:\Windows\System\bYCrXHd.exe
  C:\Windows\System\bYCrXHd.exe
  2⤵
  PID:1604
- C:\Windows\System\LzfZnTT.exe
  C:\Windows\System\LzfZnTT.exe
  2⤵
  PID:3860
- C:\Windows\System\FWDalUk.exe
  C:\Windows\System\FWDalUk.exe
  2⤵
  PID:4100
- C:\Windows\System\NqOPNHM.exe
  C:\Windows\System\NqOPNHM.exe
  2⤵
  PID:4240
- C:\Windows\System\bMMMoFK.exe
  C:\Windows\System\bMMMoFK.exe
  2⤵
  PID:4304
- C:\Windows\System\QMCutCc.exe
  C:\Windows\System\QMCutCc.exe
  2⤵
  PID:4444
- C:\Windows\System\MskieJu.exe
  C:\Windows\System\MskieJu.exe
  2⤵
  PID:4612
- C:\Windows\System\YeRqpgd.exe
  C:\Windows\System\YeRqpgd.exe
  2⤵
  PID:4668
- C:\Windows\System\XSXdnyA.exe
  C:\Windows\System\XSXdnyA.exe
  2⤵
  PID:4716
- C:\Windows\System\jYwiCaO.exe
  C:\Windows\System\jYwiCaO.exe
  2⤵
  PID:896
- C:\Windows\System\aQNezFO.exe
  C:\Windows\System\aQNezFO.exe
  2⤵
  PID:4808
- C:\Windows\System\sUkhSqU.exe
  C:\Windows\System\sUkhSqU.exe
  2⤵
  PID:5140
- C:\Windows\System\bLMoLiu.exe
  C:\Windows\System\bLMoLiu.exe
  2⤵
  PID:5160
- C:\Windows\System\xIQKfKw.exe
  C:\Windows\System\xIQKfKw.exe
  2⤵
  PID:5180
- C:\Windows\System\nfmPhPw.exe
  C:\Windows\System\nfmPhPw.exe
  2⤵
  PID:5196
- C:\Windows\System\TYcymKh.exe
  C:\Windows\System\TYcymKh.exe
  2⤵
  PID:5220
- C:\Windows\System\SwUyBjP.exe
  C:\Windows\System\SwUyBjP.exe
  2⤵
  PID:5240
- C:\Windows\System\aCKSkjL.exe
  C:\Windows\System\aCKSkjL.exe
  2⤵
  PID:5260
- C:\Windows\System\dDxWYrb.exe
  C:\Windows\System\dDxWYrb.exe
  2⤵
  PID:5280
- C:\Windows\System\AMnWqsw.exe
  C:\Windows\System\AMnWqsw.exe
  2⤵
  PID:5300
- C:\Windows\System\UTufhuh.exe
  C:\Windows\System\UTufhuh.exe
  2⤵
  PID:5320
- C:\Windows\System\KuiySgq.exe
  C:\Windows\System\KuiySgq.exe
  2⤵
  PID:5340
- C:\Windows\System\YQFOJyd.exe
  C:\Windows\System\YQFOJyd.exe
  2⤵
  PID:5360
- C:\Windows\System\uFUrBOj.exe
  C:\Windows\System\uFUrBOj.exe
  2⤵
  PID:5380
- C:\Windows\System\dzlwwzp.exe
  C:\Windows\System\dzlwwzp.exe
  2⤵
  PID:5396
- C:\Windows\System\YASBZdd.exe
  C:\Windows\System\YASBZdd.exe
  2⤵
  PID:5420
- C:\Windows\System\YSyIIbl.exe
  C:\Windows\System\YSyIIbl.exe
  2⤵
  PID:5440
- C:\Windows\System\pTlBCnt.exe
  C:\Windows\System\pTlBCnt.exe
  2⤵
  PID:5460
- C:\Windows\System\vAGabDV.exe
  C:\Windows\System\vAGabDV.exe
  2⤵
  PID:5480
- C:\Windows\System\tKwwilB.exe
  C:\Windows\System\tKwwilB.exe
  2⤵
  PID:5500
- C:\Windows\System\QoREIOC.exe
  C:\Windows\System\QoREIOC.exe
  2⤵
  PID:5520
- C:\Windows\System\yuEnNee.exe
  C:\Windows\System\yuEnNee.exe
  2⤵
  PID:5540
- C:\Windows\System\xKKjovZ.exe
  C:\Windows\System\xKKjovZ.exe
  2⤵
  PID:5560
- C:\Windows\System\HtuBMrS.exe
  C:\Windows\System\HtuBMrS.exe
  2⤵
  PID:5580
- C:\Windows\System\hiXWNyX.exe
  C:\Windows\System\hiXWNyX.exe
  2⤵
  PID:5600
- C:\Windows\System\IsHleXy.exe
  C:\Windows\System\IsHleXy.exe
  2⤵
  PID:5620
- C:\Windows\System\HfUYmki.exe
  C:\Windows\System\HfUYmki.exe
  2⤵
  PID:5640
- C:\Windows\System\EaBMPKg.exe
  C:\Windows\System\EaBMPKg.exe
  2⤵
  PID:5660
- C:\Windows\System\MwxQZwm.exe
  C:\Windows\System\MwxQZwm.exe
  2⤵
  PID:5680
- C:\Windows\System\TuZVmJa.exe
  C:\Windows\System\TuZVmJa.exe
  2⤵
  PID:5700
- C:\Windows\System\gsRrsWc.exe
  C:\Windows\System\gsRrsWc.exe
  2⤵
  PID:5720
- C:\Windows\System\CzOrJSp.exe
  C:\Windows\System\CzOrJSp.exe
  2⤵
  PID:5740
- C:\Windows\System\cQMwzzC.exe
  C:\Windows\System\cQMwzzC.exe
  2⤵
  PID:5760
- C:\Windows\System\rLgENoI.exe
  C:\Windows\System\rLgENoI.exe
  2⤵
  PID:5780
- C:\Windows\System\yprmvHY.exe
  C:\Windows\System\yprmvHY.exe
  2⤵
  PID:5800
- C:\Windows\System\bZYOYTD.exe
  C:\Windows\System\bZYOYTD.exe
  2⤵
  PID:5820
- C:\Windows\System\NImphKr.exe
  C:\Windows\System\NImphKr.exe
  2⤵
  PID:5840
- C:\Windows\System\TFHfrXB.exe
  C:\Windows\System\TFHfrXB.exe
  2⤵
  PID:5860
- C:\Windows\System\bmvwXgK.exe
  C:\Windows\System\bmvwXgK.exe
  2⤵
  PID:5880
- C:\Windows\System\BaPxLyg.exe
  C:\Windows\System\BaPxLyg.exe
  2⤵
  PID:5900
- C:\Windows\System\hFplObL.exe
  C:\Windows\System\hFplObL.exe
  2⤵
  PID:5920
- C:\Windows\System\aNJXRRr.exe
  C:\Windows\System\aNJXRRr.exe
  2⤵
  PID:5940
- C:\Windows\System\ljVDizD.exe
  C:\Windows\System\ljVDizD.exe
  2⤵
  PID:5960
- C:\Windows\System\OUOFmZo.exe
  C:\Windows\System\OUOFmZo.exe
  2⤵
  PID:5980
- C:\Windows\System\SBrapTq.exe
  C:\Windows\System\SBrapTq.exe
  2⤵
  PID:6000
- C:\Windows\System\tITBhzj.exe
  C:\Windows\System\tITBhzj.exe
  2⤵
  PID:6020
- C:\Windows\System\RDqJhhA.exe
  C:\Windows\System\RDqJhhA.exe
  2⤵
  PID:6044
- C:\Windows\System\mTwtIkI.exe
  C:\Windows\System\mTwtIkI.exe
  2⤵
  PID:6064
- C:\Windows\System\fzrvInE.exe
  C:\Windows\System\fzrvInE.exe
  2⤵
  PID:6084
- C:\Windows\System\OBTxtRP.exe
  C:\Windows\System\OBTxtRP.exe
  2⤵
  PID:6104
- C:\Windows\System\YHWULhM.exe
  C:\Windows\System\YHWULhM.exe
  2⤵
  PID:6124
- C:\Windows\System\XWZQNRO.exe
  C:\Windows\System\XWZQNRO.exe
  2⤵
  PID:4980
- C:\Windows\System\VMWGqRG.exe
  C:\Windows\System\VMWGqRG.exe
  2⤵
  PID:5116
- C:\Windows\System\CkZhkFt.exe
  C:\Windows\System\CkZhkFt.exe
  2⤵
  PID:5064
- C:\Windows\System\UAkaptz.exe
  C:\Windows\System\UAkaptz.exe
  2⤵
  PID:3924
- C:\Windows\System\qIJTVSR.exe
  C:\Windows\System\qIJTVSR.exe
  2⤵
  PID:3964
- C:\Windows\System\dKLdvyE.exe
  C:\Windows\System\dKLdvyE.exe
  2⤵
  PID:4164
- C:\Windows\System\xRgbDga.exe
  C:\Windows\System\xRgbDga.exe
  2⤵
  PID:4400
- C:\Windows\System\PvUEvnl.exe
  C:\Windows\System\PvUEvnl.exe
  2⤵
  PID:356
- C:\Windows\System\NhzqTpw.exe
  C:\Windows\System\NhzqTpw.exe
  2⤵
  PID:4524
- C:\Windows\System\iflyGJo.exe
  C:\Windows\System\iflyGJo.exe
  2⤵
  PID:4584
- C:\Windows\System\BzaFjxs.exe
  C:\Windows\System\BzaFjxs.exe
  2⤵
  PID:4552
- C:\Windows\System\hsoHJOV.exe
  C:\Windows\System\hsoHJOV.exe
  2⤵
  PID:5132
- C:\Windows\System\PROeSOt.exe
  C:\Windows\System\PROeSOt.exe
  2⤵
  PID:5156
- C:\Windows\System\WYcrQHF.exe
  C:\Windows\System\WYcrQHF.exe
  2⤵
  PID:2756
- C:\Windows\System\ZTXFYdj.exe
  C:\Windows\System\ZTXFYdj.exe
  2⤵
  PID:5192
- C:\Windows\System\YjxWpqX.exe
  C:\Windows\System\YjxWpqX.exe
  2⤵
  PID:5236
- C:\Windows\System\qkUXjjL.exe
  C:\Windows\System\qkUXjjL.exe
  2⤵
  PID:5272
- C:\Windows\System\SMhPRaN.exe
  C:\Windows\System\SMhPRaN.exe
  2⤵
  PID:5316
- C:\Windows\System\lnpxbSN.exe
  C:\Windows\System\lnpxbSN.exe
  2⤵
  PID:5368
- C:\Windows\System\mSWonZR.exe
  C:\Windows\System\mSWonZR.exe
  2⤵
  PID:5372
- C:\Windows\System\KxanzSf.exe
  C:\Windows\System\KxanzSf.exe
  2⤵
  PID:4288
- C:\Windows\System\SIAZfEa.exe
  C:\Windows\System\SIAZfEa.exe
  2⤵
  PID:5436
- C:\Windows\System\uEdsnma.exe
  C:\Windows\System\uEdsnma.exe
  2⤵
  PID:5476
- C:\Windows\System\WplqLRM.exe
  C:\Windows\System\WplqLRM.exe
  2⤵
  PID:5508
- C:\Windows\System\xwPEKTv.exe
  C:\Windows\System\xwPEKTv.exe
  2⤵
  PID:5532
- C:\Windows\System\YjOHEAg.exe
  C:\Windows\System\YjOHEAg.exe
  2⤵
  PID:5556
- C:\Windows\System\aWIOXdL.exe
  C:\Windows\System\aWIOXdL.exe
  2⤵
  PID:5592
- C:\Windows\System\lHdfEXV.exe
  C:\Windows\System\lHdfEXV.exe
  2⤵
  PID:5628
- C:\Windows\System\ONDZfic.exe
  C:\Windows\System\ONDZfic.exe
  2⤵
  PID:5676
- C:\Windows\System\KHdgfFM.exe
  C:\Windows\System\KHdgfFM.exe
  2⤵
  PID:5708
- C:\Windows\System\zOPOJZT.exe
  C:\Windows\System\zOPOJZT.exe
  2⤵
  PID:5732
- C:\Windows\System\tGSbqzk.exe
  C:\Windows\System\tGSbqzk.exe
  2⤵
  PID:5756
- C:\Windows\System\ahYwxrR.exe
  C:\Windows\System\ahYwxrR.exe
  2⤵
  PID:5808
- C:\Windows\System\nJduhJk.exe
  C:\Windows\System\nJduhJk.exe
  2⤵
  PID:5812
- C:\Windows\System\ukFxhUm.exe
  C:\Windows\System\ukFxhUm.exe
  2⤵
  PID:5856
- C:\Windows\System\rdSePYa.exe
  C:\Windows\System\rdSePYa.exe
  2⤵
  PID:5888
- C:\Windows\System\GotnuxW.exe
  C:\Windows\System\GotnuxW.exe
  2⤵
  PID:5908
- C:\Windows\System\BBuEBgH.exe
  C:\Windows\System\BBuEBgH.exe
  2⤵
  PID:5932
- C:\Windows\System\xgODAPi.exe
  C:\Windows\System\xgODAPi.exe
  2⤵
  PID:5976
- C:\Windows\System\RfIcQAu.exe
  C:\Windows\System\RfIcQAu.exe
  2⤵
  PID:6008
- C:\Windows\System\wEEuITr.exe
  C:\Windows\System\wEEuITr.exe
  2⤵
  PID:6032
- C:\Windows\System\NlMwlra.exe
  C:\Windows\System\NlMwlra.exe
  2⤵
  PID:6080
- C:\Windows\System\LdjiZpo.exe
  C:\Windows\System\LdjiZpo.exe
  2⤵
  PID:6112
- C:\Windows\System\cCTWxYj.exe
  C:\Windows\System\cCTWxYj.exe
  2⤵
  PID:6136
- C:\Windows\System\nFUQAHk.exe
  C:\Windows\System\nFUQAHk.exe
  2⤵
  PID:4912
- C:\Windows\System\qwojnnj.exe
  C:\Windows\System\qwojnnj.exe
  2⤵
  PID:3332
- C:\Windows\System\wBmslra.exe
  C:\Windows\System\wBmslra.exe
  2⤵
  PID:2980
- C:\Windows\System\bzzXOLQ.exe
  C:\Windows\System\bzzXOLQ.exe
  2⤵
  PID:3412
- C:\Windows\System\QxzSlMG.exe
  C:\Windows\System\QxzSlMG.exe
  2⤵
  PID:4244
- C:\Windows\System\igtSAJM.exe
  C:\Windows\System\igtSAJM.exe
  2⤵
  PID:4632
- C:\Windows\System\SAwrSpa.exe
  C:\Windows\System\SAwrSpa.exe
  2⤵
  PID:4748
- C:\Windows\System\cYzaqmU.exe
  C:\Windows\System\cYzaqmU.exe
  2⤵
  PID:5148
- C:\Windows\System\dEIRCoH.exe
  C:\Windows\System\dEIRCoH.exe
  2⤵
  PID:2760
- C:\Windows\System\mlKobki.exe
  C:\Windows\System\mlKobki.exe
  2⤵
  PID:5252
- C:\Windows\System\SScKSNf.exe
  C:\Windows\System\SScKSNf.exe
  2⤵
  PID:5296
- C:\Windows\System\ENsnFML.exe
  C:\Windows\System\ENsnFML.exe
  2⤵
  PID:5292
- C:\Windows\System\QfgNqqi.exe
  C:\Windows\System\QfgNqqi.exe
  2⤵
  PID:5408
- C:\Windows\System\autZIVz.exe
  C:\Windows\System\autZIVz.exe
  2⤵
  PID:5392
- C:\Windows\System\YrhjzFp.exe
  C:\Windows\System\YrhjzFp.exe
  2⤵
  PID:5452
- C:\Windows\System\jDbKEUa.exe
  C:\Windows\System\jDbKEUa.exe
  2⤵
  PID:5472
- C:\Windows\System\wrGKlfD.exe
  C:\Windows\System\wrGKlfD.exe
  2⤵
  PID:5572
- C:\Windows\System\YtSMOjd.exe
  C:\Windows\System\YtSMOjd.exe
  2⤵
  PID:1628
- C:\Windows\System\wbjKeLQ.exe
  C:\Windows\System\wbjKeLQ.exe
  2⤵
  PID:5648
- C:\Windows\System\pfbfypS.exe
  C:\Windows\System\pfbfypS.exe
  2⤵
  PID:5712
- C:\Windows\System\MMQXmbe.exe
  C:\Windows\System\MMQXmbe.exe
  2⤵
  PID:2532
- C:\Windows\System\aZHQtVR.exe
  C:\Windows\System\aZHQtVR.exe
  2⤵
  PID:5816
- C:\Windows\System\vSCTeEK.exe
  C:\Windows\System\vSCTeEK.exe
  2⤵
  PID:5848
- C:\Windows\System\WaWdWyY.exe
  C:\Windows\System\WaWdWyY.exe
  2⤵
  PID:5868
- C:\Windows\System\ZmvLkrl.exe
  C:\Windows\System\ZmvLkrl.exe
  2⤵
  PID:5916
- C:\Windows\System\RZdvjYo.exe
  C:\Windows\System\RZdvjYo.exe
  2⤵
  PID:5952
- C:\Windows\System\tZtGoCw.exe
  C:\Windows\System\tZtGoCw.exe
  2⤵
  PID:6012
- C:\Windows\System\iOMMHvW.exe
  C:\Windows\System\iOMMHvW.exe
  2⤵
  PID:6076
- C:\Windows\System\nbqqPsU.exe
  C:\Windows\System\nbqqPsU.exe
  2⤵
  PID:6132
- C:\Windows\System\iSVYfmc.exe
  C:\Windows\System\iSVYfmc.exe
  2⤵
  PID:2352
- C:\Windows\System\NsCsiZV.exe
  C:\Windows\System\NsCsiZV.exe
  2⤵
  PID:3556
- C:\Windows\System\vMmzkGC.exe
  C:\Windows\System\vMmzkGC.exe
  2⤵
  PID:3032
- C:\Windows\System\NSEcPMG.exe
  C:\Windows\System\NSEcPMG.exe
  2⤵
  PID:4324
- C:\Windows\System\TRtULZU.exe
  C:\Windows\System\TRtULZU.exe
  2⤵
  PID:2588
- C:\Windows\System\WUfBAol.exe
  C:\Windows\System\WUfBAol.exe
  2⤵
  PID:5188
- C:\Windows\System\gPneMgq.exe
  C:\Windows\System\gPneMgq.exe
  2⤵
  PID:5276
- C:\Windows\System\ULeLWEy.exe
  C:\Windows\System\ULeLWEy.exe
  2⤵
  PID:5376
- C:\Windows\System\dhJZyXM.exe
  C:\Windows\System\dhJZyXM.exe
  2⤵
  PID:5416
- C:\Windows\System\pSLRhFn.exe
  C:\Windows\System\pSLRhFn.exe
  2⤵
  PID:5528
- C:\Windows\System\PDpCfQf.exe
  C:\Windows\System\PDpCfQf.exe
  2⤵
  PID:5588
- C:\Windows\System\xBNtPcx.exe
  C:\Windows\System\xBNtPcx.exe
  2⤵
  PID:5652
- C:\Windows\System\wLkceRh.exe
  C:\Windows\System\wLkceRh.exe
  2⤵
  PID:5672
- C:\Windows\System\gipJuDg.exe
  C:\Windows\System\gipJuDg.exe
  2⤵
  PID:2528
- C:\Windows\System\GHcyZvA.exe
  C:\Windows\System\GHcyZvA.exe
  2⤵
  PID:5892
- C:\Windows\System\xMNJFyL.exe
  C:\Windows\System\xMNJFyL.exe
  2⤵
  PID:5968
- C:\Windows\System\fCmJQds.exe
  C:\Windows\System\fCmJQds.exe
  2⤵
  PID:6028
- C:\Windows\System\cDMKlrQ.exe
  C:\Windows\System\cDMKlrQ.exe
  2⤵
  PID:6116
- C:\Windows\System\KgTOmrq.exe
  C:\Windows\System\KgTOmrq.exe
  2⤵
  PID:5032
- C:\Windows\System\upAiyeo.exe
  C:\Windows\System\upAiyeo.exe
  2⤵
  PID:1544
- C:\Windows\System\RuFOdPr.exe
  C:\Windows\System\RuFOdPr.exe
  2⤵
  PID:3024
- C:\Windows\System\doxiPzX.exe
  C:\Windows\System\doxiPzX.exe
  2⤵
  PID:5268
- C:\Windows\System\thBBHOS.exe
  C:\Windows\System\thBBHOS.exe
  2⤵
  PID:5332
- C:\Windows\System\HHCrDBt.exe
  C:\Windows\System\HHCrDBt.exe
  2⤵
  PID:6156
- C:\Windows\System\FrSQeJk.exe
  C:\Windows\System\FrSQeJk.exe
  2⤵
  PID:6176
- C:\Windows\System\cWZYRUM.exe
  C:\Windows\System\cWZYRUM.exe
  2⤵
  PID:6196
- C:\Windows\System\JjMwpGX.exe
  C:\Windows\System\JjMwpGX.exe
  2⤵
  PID:6216
- C:\Windows\System\XEJBVFB.exe
  C:\Windows\System\XEJBVFB.exe
  2⤵
  PID:6236
- C:\Windows\System\arytemm.exe
  C:\Windows\System\arytemm.exe
  2⤵
  PID:6256
- C:\Windows\System\zmwsAuC.exe
  C:\Windows\System\zmwsAuC.exe
  2⤵
  PID:6276
- C:\Windows\System\NOotOVL.exe
  C:\Windows\System\NOotOVL.exe
  2⤵
  PID:6296
- C:\Windows\System\cfcLctB.exe
  C:\Windows\System\cfcLctB.exe
  2⤵
  PID:6316
- C:\Windows\System\keeQigt.exe
  C:\Windows\System\keeQigt.exe
  2⤵
  PID:6336
- C:\Windows\System\bsRkQIX.exe
  C:\Windows\System\bsRkQIX.exe
  2⤵
  PID:6356
- C:\Windows\System\FHygIuJ.exe
  C:\Windows\System\FHygIuJ.exe
  2⤵
  PID:6376
- C:\Windows\System\bauXDyu.exe
  C:\Windows\System\bauXDyu.exe
  2⤵
  PID:6400
- C:\Windows\System\lDhmVLs.exe
  C:\Windows\System\lDhmVLs.exe
  2⤵
  PID:6420
- C:\Windows\System\ywhPPlM.exe
  C:\Windows\System\ywhPPlM.exe
  2⤵
  PID:6440
- C:\Windows\System\upCBFAi.exe
  C:\Windows\System\upCBFAi.exe
  2⤵
  PID:6460
- C:\Windows\System\CDLypZJ.exe
  C:\Windows\System\CDLypZJ.exe
  2⤵
  PID:6480
- C:\Windows\System\KhIkLbc.exe
  C:\Windows\System\KhIkLbc.exe
  2⤵
  PID:6500
- C:\Windows\System\IvJArUF.exe
  C:\Windows\System\IvJArUF.exe
  2⤵
  PID:6520
- C:\Windows\System\JQqYQVd.exe
  C:\Windows\System\JQqYQVd.exe
  2⤵
  PID:6540
- C:\Windows\System\PStyiBf.exe
  C:\Windows\System\PStyiBf.exe
  2⤵
  PID:6560
- C:\Windows\System\Uvpmnpc.exe
  C:\Windows\System\Uvpmnpc.exe
  2⤵
  PID:6580
- C:\Windows\System\HeEIMRb.exe
  C:\Windows\System\HeEIMRb.exe
  2⤵
  PID:6604
- C:\Windows\System\tsGDlfA.exe
  C:\Windows\System\tsGDlfA.exe
  2⤵
  PID:6624
- C:\Windows\System\CEbIMIc.exe
  C:\Windows\System\CEbIMIc.exe
  2⤵
  PID:6644
- C:\Windows\System\IfkKoUK.exe
  C:\Windows\System\IfkKoUK.exe
  2⤵
  PID:6664
- C:\Windows\System\eKzxxit.exe
  C:\Windows\System\eKzxxit.exe
  2⤵
  PID:6684
- C:\Windows\System\iJteiWd.exe
  C:\Windows\System\iJteiWd.exe
  2⤵
  PID:6704
- C:\Windows\System\CgnbCHI.exe
  C:\Windows\System\CgnbCHI.exe
  2⤵
  PID:6724
- C:\Windows\System\hecMfMu.exe
  C:\Windows\System\hecMfMu.exe
  2⤵
  PID:6744
- C:\Windows\System\jgJqhtJ.exe
  C:\Windows\System\jgJqhtJ.exe
  2⤵
  PID:6764
- C:\Windows\System\dnwbrHK.exe
  C:\Windows\System\dnwbrHK.exe
  2⤵
  PID:6784
- C:\Windows\System\ZhRONJi.exe
  C:\Windows\System\ZhRONJi.exe
  2⤵
  PID:6804
- C:\Windows\System\djPvQey.exe
  C:\Windows\System\djPvQey.exe
  2⤵
  PID:6824
- C:\Windows\System\mIOYAFs.exe
  C:\Windows\System\mIOYAFs.exe
  2⤵
  PID:6844
- C:\Windows\System\sOjnZkM.exe
  C:\Windows\System\sOjnZkM.exe
  2⤵
  PID:6864
- C:\Windows\System\WUwZbae.exe
  C:\Windows\System\WUwZbae.exe
  2⤵
  PID:6884
- C:\Windows\System\exhjSCr.exe
  C:\Windows\System\exhjSCr.exe
  2⤵
  PID:6904
- C:\Windows\System\JonUYAp.exe
  C:\Windows\System\JonUYAp.exe
  2⤵
  PID:6924
- C:\Windows\System\fynObJt.exe
  C:\Windows\System\fynObJt.exe
  2⤵
  PID:6944
- C:\Windows\System\Okzwyok.exe
  C:\Windows\System\Okzwyok.exe
  2⤵
  PID:6964
- C:\Windows\System\JhaLIPt.exe
  C:\Windows\System\JhaLIPt.exe
  2⤵
  PID:6984
- C:\Windows\System\ARapqyL.exe
  C:\Windows\System\ARapqyL.exe
  2⤵
  PID:7004
- C:\Windows\System\KlajvPK.exe
  C:\Windows\System\KlajvPK.exe
  2⤵
  PID:7024
- C:\Windows\System\Ggyjowc.exe
  C:\Windows\System\Ggyjowc.exe
  2⤵
  PID:7044
- C:\Windows\System\wpwgVwX.exe
  C:\Windows\System\wpwgVwX.exe
  2⤵
  PID:7064
- C:\Windows\System\orJLvjG.exe
  C:\Windows\System\orJLvjG.exe
  2⤵
  PID:7084
- C:\Windows\System\aXgOIFS.exe
  C:\Windows\System\aXgOIFS.exe
  2⤵
  PID:7104
- C:\Windows\System\HZtezWI.exe
  C:\Windows\System\HZtezWI.exe
  2⤵
  PID:7124
- C:\Windows\System\qmYLHmE.exe
  C:\Windows\System\qmYLHmE.exe
  2⤵
  PID:7144
- C:\Windows\System\ZBwjDKT.exe
  C:\Windows\System\ZBwjDKT.exe
  2⤵
  PID:7164
- C:\Windows\System\FeCHyOg.exe
  C:\Windows\System\FeCHyOg.exe
  2⤵
  PID:1268
- C:\Windows\System\fhcFDLN.exe
  C:\Windows\System\fhcFDLN.exe
  2⤵
  PID:5568
- C:\Windows\System\iEaVmen.exe
  C:\Windows\System\iEaVmen.exe
  2⤵
  PID:5768
- C:\Windows\System\vKCFUFh.exe
  C:\Windows\System\vKCFUFh.exe
  2⤵
  PID:1412
- C:\Windows\System\BaWnDby.exe
  C:\Windows\System\BaWnDby.exe
  2⤵
  PID:5996
- C:\Windows\System\auRBnSP.exe
  C:\Windows\System\auRBnSP.exe
  2⤵
  PID:6100
- C:\Windows\System\ZxGwELt.exe
  C:\Windows\System\ZxGwELt.exe
  2⤵
  PID:5052
- C:\Windows\System\dsMYsnm.exe
  C:\Windows\System\dsMYsnm.exe
  2⤵
  PID:4832
- C:\Windows\System\vrCrPoO.exe
  C:\Windows\System\vrCrPoO.exe
  2⤵
  PID:5216
- C:\Windows\System\kaFBWbp.exe
  C:\Windows\System\kaFBWbp.exe
  2⤵
  PID:6172
- C:\Windows\System\AjrEFJm.exe
  C:\Windows\System\AjrEFJm.exe
  2⤵
  PID:6204
- C:\Windows\System\kbaNgZo.exe
  C:\Windows\System\kbaNgZo.exe
  2⤵
  PID:6232
- C:\Windows\System\oTcrETQ.exe
  C:\Windows\System\oTcrETQ.exe
  2⤵
  PID:6272
- C:\Windows\System\gbhZoDg.exe
  C:\Windows\System\gbhZoDg.exe
  2⤵
  PID:6292
- C:\Windows\System\yJaIrQK.exe
  C:\Windows\System\yJaIrQK.exe
  2⤵
  PID:6332
- C:\Windows\System\lhJlhzX.exe
  C:\Windows\System\lhJlhzX.exe
  2⤵
  PID:6372
- C:\Windows\System\EKvWicX.exe
  C:\Windows\System\EKvWicX.exe
  2⤵
  PID:6408
- C:\Windows\System\DAAxRbR.exe
  C:\Windows\System\DAAxRbR.exe
  2⤵
  PID:6448
- C:\Windows\System\fPtKfwa.exe
  C:\Windows\System\fPtKfwa.exe
  2⤵
  PID:6472
- C:\Windows\System\exzcDWZ.exe
  C:\Windows\System\exzcDWZ.exe
  2⤵
  PID:6516
- C:\Windows\System\cdDbEYX.exe
  C:\Windows\System\cdDbEYX.exe
  2⤵
  PID:6548
- C:\Windows\System\BZRPmea.exe
  C:\Windows\System\BZRPmea.exe
  2⤵
  PID:6600
- C:\Windows\System\bTEdUDF.exe
  C:\Windows\System\bTEdUDF.exe
  2⤵
  PID:1044
- C:\Windows\System\MDvEEMI.exe
  C:\Windows\System\MDvEEMI.exe
  2⤵
  PID:6636
- C:\Windows\System\fqLpRpn.exe
  C:\Windows\System\fqLpRpn.exe
  2⤵
  PID:6680
- C:\Windows\System\ZAMKjrp.exe
  C:\Windows\System\ZAMKjrp.exe
  2⤵
  PID:6712
- C:\Windows\System\RYVvSjo.exe
  C:\Windows\System\RYVvSjo.exe
  2⤵
  PID:6752
- C:\Windows\System\MKOJbZp.exe
  C:\Windows\System\MKOJbZp.exe
  2⤵
  PID:6780
- C:\Windows\System\oMMIpTJ.exe
  C:\Windows\System\oMMIpTJ.exe
  2⤵
  PID:6812
- C:\Windows\System\JrdRTWX.exe
  C:\Windows\System\JrdRTWX.exe
  2⤵
  PID:6836
- C:\Windows\System\wmvHvAB.exe
  C:\Windows\System\wmvHvAB.exe
  2⤵
  PID:6856
- C:\Windows\System\kTqWvae.exe
  C:\Windows\System\kTqWvae.exe
  2⤵
  PID:6912
- C:\Windows\System\bSdUEUP.exe
  C:\Windows\System\bSdUEUP.exe
  2⤵
  PID:6936
- C:\Windows\System\QHOTzru.exe
  C:\Windows\System\QHOTzru.exe
  2⤵
  PID:6972
- C:\Windows\System\SDabheC.exe
  C:\Windows\System\SDabheC.exe
  2⤵
  PID:7000
- C:\Windows\System\InXSusK.exe
  C:\Windows\System\InXSusK.exe
  2⤵
  PID:7040
- C:\Windows\System\OSYxSEi.exe
  C:\Windows\System\OSYxSEi.exe
  2⤵
  PID:7060
- C:\Windows\System\lDklBpa.exe
  C:\Windows\System\lDklBpa.exe
  2⤵
  PID:7096
- C:\Windows\System\ZMObpKK.exe
  C:\Windows\System\ZMObpKK.exe
  2⤵
  PID:7132
- C:\Windows\System\uNkdZlr.exe
  C:\Windows\System\uNkdZlr.exe
  2⤵
  PID:7156
- C:\Windows\System\OitFmpP.exe
  C:\Windows\System\OitFmpP.exe
  2⤵
  PID:5576
- C:\Windows\System\CMTCsiT.exe
  C:\Windows\System\CMTCsiT.exe
  2⤵
  PID:5692
- C:\Windows\System\uwOrfAb.exe
  C:\Windows\System\uwOrfAb.exe
  2⤵
  PID:308
- C:\Windows\System\CiswMrp.exe
  C:\Windows\System\CiswMrp.exe
  2⤵
  PID:2036
- C:\Windows\System\fjFhAzM.exe
  C:\Windows\System\fjFhAzM.exe
  2⤵
  PID:2988
- C:\Windows\System\DATTzMx.exe
  C:\Windows\System\DATTzMx.exe
  2⤵
  PID:6208
- C:\Windows\System\zFuQICk.exe
  C:\Windows\System\zFuQICk.exe
  2⤵
  PID:6188
- C:\Windows\System\MTelHdg.exe
  C:\Windows\System\MTelHdg.exe
  2⤵
  PID:6252
- C:\Windows\System\bVdlXqw.exe
  C:\Windows\System\bVdlXqw.exe
  2⤵
  PID:6352
- C:\Windows\System\VWEbCvR.exe
  C:\Windows\System\VWEbCvR.exe
  2⤵
  PID:6416
- C:\Windows\System\UUKrYMq.exe
  C:\Windows\System\UUKrYMq.exe
  2⤵
  PID:6456
- C:\Windows\System\itryySC.exe
  C:\Windows\System\itryySC.exe
  2⤵
  PID:6492
- C:\Windows\System\DNWhkSB.exe
  C:\Windows\System\DNWhkSB.exe
  2⤵
  PID:6536
- C:\Windows\System\VmtWkIs.exe
  C:\Windows\System\VmtWkIs.exe
  2⤵
  PID:6640
- C:\Windows\System\qINHihM.exe
  C:\Windows\System\qINHihM.exe
  2⤵
  PID:6692
- C:\Windows\System\xKJzSav.exe
  C:\Windows\System\xKJzSav.exe
  2⤵
  PID:6760
- C:\Windows\System\eRoeYTy.exe
  C:\Windows\System\eRoeYTy.exe
  2⤵
  PID:6800
- C:\Windows\System\qCsbyDA.exe
  C:\Windows\System\qCsbyDA.exe
  2⤵
  PID:6776
- C:\Windows\System\aTETZGt.exe
  C:\Windows\System\aTETZGt.exe
  2⤵
  PID:6872
- C:\Windows\System\KQJttuw.exe
  C:\Windows\System\KQJttuw.exe
  2⤵
  PID:6932
- C:\Windows\System\LLQkcLM.exe
  C:\Windows\System\LLQkcLM.exe
  2⤵
  PID:6992
- C:\Windows\System\qQZtyfL.exe
  C:\Windows\System\qQZtyfL.exe
  2⤵
  PID:7072
- C:\Windows\System\VXWDZrK.exe
  C:\Windows\System\VXWDZrK.exe
  2⤵
  PID:7092
- C:\Windows\System\OkBlLtU.exe
  C:\Windows\System\OkBlLtU.exe
  2⤵
  PID:7136
- C:\Windows\System\LTEnUhl.exe
  C:\Windows\System\LTEnUhl.exe
  2⤵
  PID:5772
- C:\Windows\System\DVfFYVS.exe
  C:\Windows\System\DVfFYVS.exe
  2⤵
  PID:5876
- C:\Windows\System\kIWqObd.exe
  C:\Windows\System\kIWqObd.exe
  2⤵
  PID:4564
- C:\Windows\System\KJGwhje.exe
  C:\Windows\System\KJGwhje.exe
  2⤵
  PID:6184
- C:\Windows\System\bgINaZx.exe
  C:\Windows\System\bgINaZx.exe
  2⤵
  PID:6248
- C:\Windows\System\MnzFPae.exe
  C:\Windows\System\MnzFPae.exe
  2⤵
  PID:6328
- C:\Windows\System\NgGYZwx.exe
  C:\Windows\System\NgGYZwx.exe
  2⤵
  PID:6508
- C:\Windows\System\ZFkmjhv.exe
  C:\Windows\System\ZFkmjhv.exe
  2⤵
  PID:3724
- C:\Windows\System\NZLEHYq.exe
  C:\Windows\System\NZLEHYq.exe
  2⤵
  PID:6612
- C:\Windows\System\aftEqDg.exe
  C:\Windows\System\aftEqDg.exe
  2⤵
  PID:6696
- C:\Windows\System\gzaNEoY.exe
  C:\Windows\System\gzaNEoY.exe
  2⤵
  PID:6732
- C:\Windows\System\IgIHEHw.exe
  C:\Windows\System\IgIHEHw.exe
  2⤵
  PID:6952
- C:\Windows\System\ypenZuN.exe
  C:\Windows\System\ypenZuN.exe
  2⤵
  PID:6976
- C:\Windows\System\XkzGnaH.exe
  C:\Windows\System\XkzGnaH.exe
  2⤵
  PID:1944
- C:\Windows\System\ZXpNetF.exe
  C:\Windows\System\ZXpNetF.exe
  2⤵
  PID:7076
- C:\Windows\System\APBPfzA.exe
  C:\Windows\System\APBPfzA.exe
  2⤵
  PID:5832
- C:\Windows\System\jfUPlqn.exe
  C:\Windows\System\jfUPlqn.exe
  2⤵
  PID:5080
- C:\Windows\System\GQeudvu.exe
  C:\Windows\System\GQeudvu.exe
  2⤵
  PID:2028
- C:\Windows\System\pJdJKih.exe
  C:\Windows\System\pJdJKih.exe
  2⤵
  PID:6308
- C:\Windows\System\qnbvkWs.exe
  C:\Windows\System\qnbvkWs.exe
  2⤵
  PID:6436
- C:\Windows\System\JpFbMCv.exe
  C:\Windows\System\JpFbMCv.exe
  2⤵
  PID:6572
- C:\Windows\System\LZwSTsY.exe
  C:\Windows\System\LZwSTsY.exe
  2⤵
  PID:6596
- C:\Windows\System\XxeAGMr.exe
  C:\Windows\System\XxeAGMr.exe
  2⤵
  PID:6840
- C:\Windows\System\NGcUhLz.exe
  C:\Windows\System\NGcUhLz.exe
  2⤵
  PID:1948
- C:\Windows\System\JbxSibp.exe
  C:\Windows\System\JbxSibp.exe
  2⤵
  PID:7180
- C:\Windows\System\axhTHah.exe
  C:\Windows\System\axhTHah.exe
  2⤵
  PID:7200
- C:\Windows\System\hOeEukt.exe
  C:\Windows\System\hOeEukt.exe
  2⤵
  PID:7220
- C:\Windows\System\zGUueYa.exe
  C:\Windows\System\zGUueYa.exe
  2⤵
  PID:7240
- C:\Windows\System\gmXIyZK.exe
  C:\Windows\System\gmXIyZK.exe
  2⤵
  PID:7260
- C:\Windows\System\oaFOcYp.exe
  C:\Windows\System\oaFOcYp.exe
  2⤵
  PID:7280
- C:\Windows\System\dThjDSo.exe
  C:\Windows\System\dThjDSo.exe
  2⤵
  PID:7300
- C:\Windows\System\XqLZtaY.exe
  C:\Windows\System\XqLZtaY.exe
  2⤵
  PID:7324
- C:\Windows\System\xWngLDw.exe
  C:\Windows\System\xWngLDw.exe
  2⤵
  PID:7344
- C:\Windows\System\cZHvwMO.exe
  C:\Windows\System\cZHvwMO.exe
  2⤵
  PID:7364
- C:\Windows\System\ZWcTpEc.exe
  C:\Windows\System\ZWcTpEc.exe
  2⤵
  PID:7384
- C:\Windows\System\RHTLCAF.exe
  C:\Windows\System\RHTLCAF.exe
  2⤵
  PID:7404
- C:\Windows\System\xlyzkDX.exe
  C:\Windows\System\xlyzkDX.exe
  2⤵
  PID:7424
- C:\Windows\System\hJLWRHj.exe
  C:\Windows\System\hJLWRHj.exe
  2⤵
  PID:7444
- C:\Windows\System\oiHWuqc.exe
  C:\Windows\System\oiHWuqc.exe
  2⤵
  PID:7464
- C:\Windows\System\SYmWQqa.exe
  C:\Windows\System\SYmWQqa.exe
  2⤵
  PID:7484
- C:\Windows\System\GwPrJTE.exe
  C:\Windows\System\GwPrJTE.exe
  2⤵
  PID:7504
- C:\Windows\System\YFjijfn.exe
  C:\Windows\System\YFjijfn.exe
  2⤵
  PID:7524
- C:\Windows\System\xsTmhBn.exe
  C:\Windows\System\xsTmhBn.exe
  2⤵
  PID:7544
- C:\Windows\System\SPleURh.exe
  C:\Windows\System\SPleURh.exe
  2⤵
  PID:7564
- C:\Windows\System\sQFHGpD.exe
  C:\Windows\System\sQFHGpD.exe
  2⤵
  PID:7584
- C:\Windows\System\CgbwcqY.exe
  C:\Windows\System\CgbwcqY.exe
  2⤵
  PID:7604
- C:\Windows\System\zvSxUEA.exe
  C:\Windows\System\zvSxUEA.exe
  2⤵
  PID:7624
- C:\Windows\System\pBNjjeS.exe
  C:\Windows\System\pBNjjeS.exe
  2⤵
  PID:7644
- C:\Windows\System\PuNVLck.exe
  C:\Windows\System\PuNVLck.exe
  2⤵
  PID:7664
- C:\Windows\System\XcRSrPx.exe
  C:\Windows\System\XcRSrPx.exe
  2⤵
  PID:7684
- C:\Windows\System\edReZyp.exe
  C:\Windows\System\edReZyp.exe
  2⤵
  PID:7704
- C:\Windows\System\kkAujAP.exe
  C:\Windows\System\kkAujAP.exe
  2⤵
  PID:7728
- C:\Windows\System\ihJBakb.exe
  C:\Windows\System\ihJBakb.exe
  2⤵
  PID:7744
- C:\Windows\System\FPdbMkb.exe
  C:\Windows\System\FPdbMkb.exe
  2⤵
  PID:7768
- C:\Windows\System\KMFMUxJ.exe
  C:\Windows\System\KMFMUxJ.exe
  2⤵
  PID:7788
- C:\Windows\System\FTInvXJ.exe
  C:\Windows\System\FTInvXJ.exe
  2⤵
  PID:7808
- C:\Windows\System\vXXgzQV.exe
  C:\Windows\System\vXXgzQV.exe
  2⤵
  PID:7828
- C:\Windows\System\wrxFdbx.exe
  C:\Windows\System\wrxFdbx.exe
  2⤵
  PID:7848
- C:\Windows\System\dHmpIRj.exe
  C:\Windows\System\dHmpIRj.exe
  2⤵
  PID:7868
- C:\Windows\System\JrWNaNM.exe
  C:\Windows\System\JrWNaNM.exe
  2⤵
  PID:7888
- C:\Windows\System\vUwXpAg.exe
  C:\Windows\System\vUwXpAg.exe
  2⤵
  PID:7908
- C:\Windows\System\ZtoatJA.exe
  C:\Windows\System\ZtoatJA.exe
  2⤵
  PID:7928
- C:\Windows\System\bAoYAzZ.exe
  C:\Windows\System\bAoYAzZ.exe
  2⤵
  PID:7948
- C:\Windows\System\noZpmyv.exe
  C:\Windows\System\noZpmyv.exe
  2⤵
  PID:7968
- C:\Windows\System\KiEqkcu.exe
  C:\Windows\System\KiEqkcu.exe
  2⤵
  PID:7988
- C:\Windows\System\qNFrmFt.exe
  C:\Windows\System\qNFrmFt.exe
  2⤵
  PID:8008
- C:\Windows\System\IBHKEon.exe
  C:\Windows\System\IBHKEon.exe
  2⤵
  PID:8028
- C:\Windows\System\uNGGpRq.exe
  C:\Windows\System\uNGGpRq.exe
  2⤵
  PID:8048
- C:\Windows\System\nnVkCde.exe
  C:\Windows\System\nnVkCde.exe
  2⤵
  PID:8068
- C:\Windows\System\SVSHSup.exe
  C:\Windows\System\SVSHSup.exe
  2⤵
  PID:8092
- C:\Windows\System\vwRFPvC.exe
  C:\Windows\System\vwRFPvC.exe
  2⤵
  PID:8112
- C:\Windows\System\AODZExF.exe
  C:\Windows\System\AODZExF.exe
  2⤵
  PID:8132
- C:\Windows\System\EQenNdR.exe
  C:\Windows\System\EQenNdR.exe
  2⤵
  PID:8152
- C:\Windows\System\efZRvFl.exe
  C:\Windows\System\efZRvFl.exe
  2⤵
  PID:8172
- C:\Windows\System\BQwheeG.exe
  C:\Windows\System\BQwheeG.exe
  2⤵
  PID:7052
- C:\Windows\System\wcclmps.exe
  C:\Windows\System\wcclmps.exe
  2⤵
  PID:5492
- C:\Windows\System\CgJZfzD.exe
  C:\Windows\System\CgJZfzD.exe
  2⤵
  PID:5608
- C:\Windows\System\RUpWtou.exe
  C:\Windows\System\RUpWtou.exe
  2⤵
  PID:1804
- C:\Windows\System\zBgQQfO.exe
  C:\Windows\System\zBgQQfO.exe
  2⤵
  PID:6452
- C:\Windows\System\CJYKJuy.exe
  C:\Windows\System\CJYKJuy.exe
  2⤵
  PID:6892
- C:\Windows\System\rfTLroz.exe
  C:\Windows\System\rfTLroz.exe
  2⤵
  PID:3028
- C:\Windows\System\oowgNSm.exe
  C:\Windows\System\oowgNSm.exe
  2⤵
  PID:7192
- C:\Windows\System\XhCYAYT.exe
  C:\Windows\System\XhCYAYT.exe
  2⤵
  PID:7212
- C:\Windows\System\GsZRUij.exe
  C:\Windows\System\GsZRUij.exe
  2⤵
  PID:7276
- C:\Windows\System\FNcXEKC.exe
  C:\Windows\System\FNcXEKC.exe
  2⤵
  PID:7296
- C:\Windows\System\dqdYbWx.exe
  C:\Windows\System\dqdYbWx.exe
  2⤵
  PID:7312
- C:\Windows\System\rmzHYMK.exe
  C:\Windows\System\rmzHYMK.exe
  2⤵
  PID:7336
- C:\Windows\System\Exliyrw.exe
  C:\Windows\System\Exliyrw.exe
  2⤵
  PID:7400
- C:\Windows\System\wyJJlme.exe
  C:\Windows\System\wyJJlme.exe
  2⤵
  PID:7412
- C:\Windows\System\SziRMsz.exe
  C:\Windows\System\SziRMsz.exe
  2⤵
  PID:7472
- C:\Windows\System\WLMboAI.exe
  C:\Windows\System\WLMboAI.exe
  2⤵
  PID:7492
- C:\Windows\System\aMwyczT.exe
  C:\Windows\System\aMwyczT.exe
  2⤵
  PID:7516
- C:\Windows\System\XtFVnJB.exe
  C:\Windows\System\XtFVnJB.exe
  2⤵
  PID:7552
- C:\Windows\System\MmyDgmv.exe
  C:\Windows\System\MmyDgmv.exe
  2⤵
  PID:7572
- C:\Windows\System\AIjlQyE.exe
  C:\Windows\System\AIjlQyE.exe
  2⤵
  PID:7576
- C:\Windows\System\tdrFLNk.exe
  C:\Windows\System\tdrFLNk.exe
  2⤵
  PID:7636
- C:\Windows\System\QQJOoCE.exe
  C:\Windows\System\QQJOoCE.exe
  2⤵
  PID:7660
- C:\Windows\System\yoLDanM.exe
  C:\Windows\System\yoLDanM.exe
  2⤵
  PID:7692
- C:\Windows\System\FGkippe.exe
  C:\Windows\System\FGkippe.exe
  2⤵
  PID:7752
- C:\Windows\System\UAAbNkj.exe
  C:\Windows\System\UAAbNkj.exe
  2⤵
  PID:7740
- C:\Windows\System\OrHzaEB.exe
  C:\Windows\System\OrHzaEB.exe
  2⤵
  PID:7784
- C:\Windows\System\hIrfvRo.exe
  C:\Windows\System\hIrfvRo.exe
  2⤵
  PID:7816
- C:\Windows\System\CjAuMss.exe
  C:\Windows\System\CjAuMss.exe
  2⤵
  PID:7824
- C:\Windows\System\HfusVaj.exe
  C:\Windows\System\HfusVaj.exe
  2⤵
  PID:7856
- C:\Windows\System\HxCUjmt.exe
  C:\Windows\System\HxCUjmt.exe
  2⤵
  PID:7896
- C:\Windows\System\NWjDqyk.exe
  C:\Windows\System\NWjDqyk.exe
  2⤵
  PID:7936
- C:\Windows\System\UrVvCZm.exe
  C:\Windows\System\UrVvCZm.exe
  2⤵
  PID:7976
- C:\Windows\System\HZgrssZ.exe
  C:\Windows\System\HZgrssZ.exe
  2⤵
  PID:8000
- C:\Windows\System\gcRvABo.exe
  C:\Windows\System\gcRvABo.exe
  2⤵
  PID:8024
- C:\Windows\System\tnVTrtm.exe
  C:\Windows\System\tnVTrtm.exe
  2⤵
  PID:8076
- C:\Windows\System\blRIWoG.exe
  C:\Windows\System\blRIWoG.exe
  2⤵
  PID:8080
- C:\Windows\System\EAMyvax.exe
  C:\Windows\System\EAMyvax.exe
  2⤵
  PID:2648
- C:\Windows\System\XoyQCKw.exe
  C:\Windows\System\XoyQCKw.exe
  2⤵
  PID:8148
- C:\Windows\System\EOdLgAX.exe
  C:\Windows\System\EOdLgAX.exe
  2⤵
  PID:8164
- C:\Windows\System\xkhhYtj.exe
  C:\Windows\System\xkhhYtj.exe
  2⤵
  PID:7152
- C:\Windows\System\DdvWyeb.exe
  C:\Windows\System\DdvWyeb.exe
  2⤵
  PID:2772
- C:\Windows\System\TVDWsti.exe
  C:\Windows\System\TVDWsti.exe
  2⤵
  PID:2748
- C:\Windows\System\uSTHzbp.exe
  C:\Windows\System\uSTHzbp.exe
  2⤵
  PID:6700
- C:\Windows\System\pPIevsr.exe
  C:\Windows\System\pPIevsr.exe
  2⤵
  PID:6796
- C:\Windows\System\jEfnFjQ.exe
  C:\Windows\System\jEfnFjQ.exe
  2⤵
  PID:7172
- C:\Windows\System\IgkRyxs.exe
  C:\Windows\System\IgkRyxs.exe
  2⤵
  PID:7248
- C:\Windows\System\BZFPQdk.exe
  C:\Windows\System\BZFPQdk.exe
  2⤵
  PID:7256
- C:\Windows\System\IFxKCPB.exe
  C:\Windows\System\IFxKCPB.exe
  2⤵
  PID:7288
- C:\Windows\System\dopRZRF.exe
  C:\Windows\System\dopRZRF.exe
  2⤵
  PID:7372
- C:\Windows\System\VIAbbHV.exe
  C:\Windows\System\VIAbbHV.exe
  2⤵
  PID:7452
- C:\Windows\System\mtkruCu.exe
  C:\Windows\System\mtkruCu.exe
  2⤵
  PID:2264
- C:\Windows\System\INWWzkT.exe
  C:\Windows\System\INWWzkT.exe
  2⤵
  PID:7512
- C:\Windows\System\enNNfKg.exe
  C:\Windows\System\enNNfKg.exe
  2⤵
  PID:7476
- C:\Windows\System\BfeAbnK.exe
  C:\Windows\System\BfeAbnK.exe
  2⤵
  PID:2852
- C:\Windows\System\bpLGgrV.exe
  C:\Windows\System\bpLGgrV.exe
  2⤵
  PID:7632
- C:\Windows\System\AtaJZas.exe
  C:\Windows\System\AtaJZas.exe
  2⤵
  PID:7596
- C:\Windows\System\Pklwvrn.exe
  C:\Windows\System\Pklwvrn.exe
  2⤵
  PID:7616
- C:\Windows\System\WKCtXvp.exe
  C:\Windows\System\WKCtXvp.exe
  2⤵
  PID:644
- C:\Windows\System\MeTRUKY.exe
  C:\Windows\System\MeTRUKY.exe
  2⤵
  PID:7700
- C:\Windows\System\RHQcVkU.exe
  C:\Windows\System\RHQcVkU.exe
  2⤵
  PID:2512
- C:\Windows\System\dHdukfU.exe
  C:\Windows\System\dHdukfU.exe
  2⤵
  PID:7844
- C:\Windows\System\buKSqqg.exe
  C:\Windows\System\buKSqqg.exe
  2⤵
  PID:7924
- C:\Windows\System\YopqABb.exe
  C:\Windows\System\YopqABb.exe
  2⤵
  PID:2824
- C:\Windows\System\WEiUqBn.exe
  C:\Windows\System\WEiUqBn.exe
  2⤵
  PID:7980
- C:\Windows\System\pqVFusr.exe
  C:\Windows\System\pqVFusr.exe
  2⤵
  PID:8036
- C:\Windows\System\JqCPuHr.exe
  C:\Windows\System\JqCPuHr.exe
  2⤵
  PID:8064
- C:\Windows\System\VCWZOHI.exe
  C:\Windows\System\VCWZOHI.exe
  2⤵
  PID:8104
- C:\Windows\System\PDPvoYg.exe
  C:\Windows\System\PDPvoYg.exe
  2⤵
  PID:484
- C:\Windows\System\HoLiDzq.exe
  C:\Windows\System\HoLiDzq.exe
  2⤵
  PID:6880
- C:\Windows\System\XhnyXue.exe
  C:\Windows\System\XhnyXue.exe
  2⤵
  PID:7032
- C:\Windows\System\oACbHSW.exe
  C:\Windows\System\oACbHSW.exe
  2⤵
  PID:7196
- C:\Windows\System\mnmZsXZ.exe
  C:\Windows\System\mnmZsXZ.exe
  2⤵
  PID:7236
- C:\Windows\System\POpSTOB.exe
  C:\Windows\System\POpSTOB.exe
  2⤵
  PID:7308
- C:\Windows\System\DFKRcfy.exe
  C:\Windows\System\DFKRcfy.exe
  2⤵
  PID:2388
- C:\Windows\System\UznOdIl.exe
  C:\Windows\System\UznOdIl.exe
  2⤵
  PID:752
- C:\Windows\System\FjsMUBj.exe
  C:\Windows\System\FjsMUBj.exe
  2⤵
  PID:7592
- C:\Windows\System\OEGdoKC.exe
  C:\Windows\System\OEGdoKC.exe
  2⤵
  PID:7496
- C:\Windows\System\vYjcGpH.exe
  C:\Windows\System\vYjcGpH.exe
  2⤵
  PID:1564
- C:\Windows\System\olzcCHT.exe
  C:\Windows\System\olzcCHT.exe
  2⤵
  PID:576
- C:\Windows\System\TKZuBNw.exe
  C:\Windows\System\TKZuBNw.exe
  2⤵
  PID:2752
- C:\Windows\System\WxiWcSL.exe
  C:\Windows\System\WxiWcSL.exe
  2⤵
  PID:7836
- C:\Windows\System\hXjMVGl.exe
  C:\Windows\System\hXjMVGl.exe
  2⤵
  PID:7956
- C:\Windows\System\NhdnuHk.exe
  C:\Windows\System\NhdnuHk.exe
  2⤵
  PID:2984
- C:\Windows\System\KuxjSVC.exe
  C:\Windows\System\KuxjSVC.exe
  2⤵
  PID:8040
- C:\Windows\System\VlneStJ.exe
  C:\Windows\System\VlneStJ.exe
  2⤵
  PID:2732
- C:\Windows\System\YMWsQlg.exe
  C:\Windows\System\YMWsQlg.exe
  2⤵
  PID:2584
- C:\Windows\System\GymAEMz.exe
  C:\Windows\System\GymAEMz.exe
  2⤵
  PID:1340
- C:\Windows\System\lBeNnar.exe
  C:\Windows\System\lBeNnar.exe
  2⤵
  PID:1972
- C:\Windows\System\DcjSzdN.exe
  C:\Windows\System\DcjSzdN.exe
  2⤵
  PID:7316
- C:\Windows\System\WKQwxLU.exe
  C:\Windows\System\WKQwxLU.exe
  2⤵
  PID:1532
- C:\Windows\System\iaFicHU.exe
  C:\Windows\System\iaFicHU.exe
  2⤵
  PID:2844
- C:\Windows\System\rppXawp.exe
  C:\Windows\System\rppXawp.exe
  2⤵
  PID:2304
- C:\Windows\System\MXzrSnJ.exe
  C:\Windows\System\MXzrSnJ.exe
  2⤵
  PID:7804
- C:\Windows\System\lAbxHhq.exe
  C:\Windows\System\lAbxHhq.exe
  2⤵
  PID:7676
- C:\Windows\System\dXzuevT.exe
  C:\Windows\System\dXzuevT.exe
  2⤵
  PID:7876
- C:\Windows\System\PbIcmCi.exe
  C:\Windows\System\PbIcmCi.exe
  2⤵
  PID:3064
- C:\Windows\System\UywfaKY.exe
  C:\Windows\System\UywfaKY.exe
  2⤵
  PID:1148
- C:\Windows\System\mJRsErD.exe
  C:\Windows\System\mJRsErD.exe
  2⤵
  PID:7672
- C:\Windows\System\NNsCdwk.exe
  C:\Windows\System\NNsCdwk.exe
  2⤵
  PID:7176
- C:\Windows\System\oovYvaR.exe
  C:\Windows\System\oovYvaR.exe
  2⤵
  PID:7860
- C:\Windows\System\SyjnMMy.exe
  C:\Windows\System\SyjnMMy.exe
  2⤵
  PID:2860
- C:\Windows\System\opRfgcL.exe
  C:\Windows\System\opRfgcL.exe
  2⤵
  PID:7652
- C:\Windows\System\vQAguIn.exe
  C:\Windows\System\vQAguIn.exe
  2⤵
  PID:7380
- C:\Windows\System\IRDqdPd.exe
  C:\Windows\System\IRDqdPd.exe
  2⤵
  PID:2372
- C:\Windows\System\ORXdowb.exe
  C:\Windows\System\ORXdowb.exe
  2⤵
  PID:8124
- C:\Windows\System\XdEEjIH.exe
  C:\Windows\System\XdEEjIH.exe
  2⤵
  PID:7920
- C:\Windows\System\PjGuYws.exe
  C:\Windows\System\PjGuYws.exe
  2⤵
  PID:7780
- C:\Windows\System\CXbNDMe.exe
  C:\Windows\System\CXbNDMe.exe
  2⤵
  PID:2864
- C:\Windows\System\UueMrht.exe
  C:\Windows\System\UueMrht.exe
  2⤵
  PID:7944
- C:\Windows\System\hmKReCb.exe
  C:\Windows\System\hmKReCb.exe
  2⤵
  PID:7536
- C:\Windows\System\QnCPkOZ.exe
  C:\Windows\System\QnCPkOZ.exe
  2⤵
  PID:1512
- C:\Windows\System\oNijKmC.exe
  C:\Windows\System\oNijKmC.exe
  2⤵
  PID:6224
- C:\Windows\System\aDiIOkh.exe
  C:\Windows\System\aDiIOkh.exe
  2⤵
  PID:2032
- C:\Windows\System\qBEUJYU.exe
  C:\Windows\System\qBEUJYU.exe
  2⤵
  PID:8060
- C:\Windows\System\jOZydQb.exe
  C:\Windows\System\jOZydQb.exe
  2⤵
  PID:6412
- C:\Windows\System\XSoJXsN.exe
  C:\Windows\System\XSoJXsN.exe
  2⤵
  PID:8204
- C:\Windows\System\jzkLQzm.exe
  C:\Windows\System\jzkLQzm.exe
  2⤵
  PID:8232
- C:\Windows\System\BHpGYGW.exe
  C:\Windows\System\BHpGYGW.exe
  2⤵
  PID:8248
- C:\Windows\System\XZVeXHM.exe
  C:\Windows\System\XZVeXHM.exe
  2⤵
  PID:8264
- C:\Windows\System\ICKrwLN.exe
  C:\Windows\System\ICKrwLN.exe
  2⤵
  PID:8280
- C:\Windows\System\YNtcspW.exe
  C:\Windows\System\YNtcspW.exe
  2⤵
  PID:8296
- C:\Windows\System\otDyMAi.exe
  C:\Windows\System\otDyMAi.exe
  2⤵
  PID:8328
- C:\Windows\System\osaGomK.exe
  C:\Windows\System\osaGomK.exe
  2⤵
  PID:8344
- C:\Windows\System\RfLzQfc.exe
  C:\Windows\System\RfLzQfc.exe
  2⤵
  PID:8360
- C:\Windows\System\cFbYOIO.exe
  C:\Windows\System\cFbYOIO.exe
  2⤵
  PID:8376
- C:\Windows\System\vqcQeTb.exe
  C:\Windows\System\vqcQeTb.exe
  2⤵
  PID:8400
- C:\Windows\System\xRklqnQ.exe
  C:\Windows\System\xRklqnQ.exe
  2⤵
  PID:8420
- C:\Windows\System\UdLqlwZ.exe
  C:\Windows\System\UdLqlwZ.exe
  2⤵
  PID:8436
- C:\Windows\System\XqMRyeK.exe
  C:\Windows\System\XqMRyeK.exe
  2⤵
  PID:8476
- C:\Windows\System\nxAeZQc.exe
  C:\Windows\System\nxAeZQc.exe
  2⤵
  PID:8496
- C:\Windows\System\JScTduS.exe
  C:\Windows\System\JScTduS.exe
  2⤵
  PID:8512
- C:\Windows\System\WeRLgAk.exe
  C:\Windows\System\WeRLgAk.exe
  2⤵
  PID:8552
- C:\Windows\System\eWlnGSQ.exe
  C:\Windows\System\eWlnGSQ.exe
  2⤵
  PID:8568
- C:\Windows\System\JZlwish.exe
  C:\Windows\System\JZlwish.exe
  2⤵
  PID:8584
- C:\Windows\System\vZcDxlh.exe
  C:\Windows\System\vZcDxlh.exe
  2⤵
  PID:8608
- C:\Windows\System\effaTtD.exe
  C:\Windows\System\effaTtD.exe
  2⤵
  PID:8632
- C:\Windows\System\IaCqpGG.exe
  C:\Windows\System\IaCqpGG.exe
  2⤵
  PID:8648
- C:\Windows\System\NRngpbA.exe
  C:\Windows\System\NRngpbA.exe
  2⤵
  PID:8668
- C:\Windows\System\fJbqKah.exe
  C:\Windows\System\fJbqKah.exe
  2⤵
  PID:8684
- C:\Windows\System\dthmYhN.exe
  C:\Windows\System\dthmYhN.exe
  2⤵
  PID:8700
- C:\Windows\System\CUulPTt.exe
  C:\Windows\System\CUulPTt.exe
  2⤵
  PID:8724
- C:\Windows\System\zDmKWsc.exe
  C:\Windows\System\zDmKWsc.exe
  2⤵
  PID:8744
- C:\Windows\System\JvDcUFF.exe
  C:\Windows\System\JvDcUFF.exe
  2⤵
  PID:8760
- C:\Windows\System\xcScViv.exe
  C:\Windows\System\xcScViv.exe
  2⤵
  PID:8784
- C:\Windows\System\vjtkLyv.exe
  C:\Windows\System\vjtkLyv.exe
  2⤵
  PID:8800
- C:\Windows\System\FSMUzmL.exe
  C:\Windows\System\FSMUzmL.exe
  2⤵
  PID:8824
- C:\Windows\System\qdFfrlh.exe
  C:\Windows\System\qdFfrlh.exe
  2⤵
  PID:8844
- C:\Windows\System\LnenYpB.exe
  C:\Windows\System\LnenYpB.exe
  2⤵
  PID:8864
- C:\Windows\System\MRORJsc.exe
  C:\Windows\System\MRORJsc.exe
  2⤵
  PID:8880
- C:\Windows\System\IHoBjMo.exe
  C:\Windows\System\IHoBjMo.exe
  2⤵
  PID:8896
- C:\Windows\System\qIWjfMg.exe
  C:\Windows\System\qIWjfMg.exe
  2⤵
  PID:8912
- C:\Windows\System\aZheMkU.exe
  C:\Windows\System\aZheMkU.exe
  2⤵
  PID:8940
- C:\Windows\System\CqkUXdH.exe
  C:\Windows\System\CqkUXdH.exe
  2⤵
  PID:8976
- C:\Windows\System\NVgesAB.exe
  C:\Windows\System\NVgesAB.exe
  2⤵
  PID:8992
- C:\Windows\System\gpcwnlQ.exe
  C:\Windows\System\gpcwnlQ.exe
  2⤵
  PID:9008
- C:\Windows\System\OmKdFWU.exe
  C:\Windows\System\OmKdFWU.exe
  2⤵
  PID:9032
- C:\Windows\System\TijYYaR.exe
  C:\Windows\System\TijYYaR.exe
  2⤵
  PID:9048
- C:\Windows\System\TtGMKYf.exe
  C:\Windows\System\TtGMKYf.exe
  2⤵
  PID:9064
- C:\Windows\System\MUCxCOE.exe
  C:\Windows\System\MUCxCOE.exe
  2⤵
  PID:9080
- C:\Windows\System\YaGTsjI.exe
  C:\Windows\System\YaGTsjI.exe
  2⤵
  PID:9096
- C:\Windows\System\CRJPeoD.exe
  C:\Windows\System\CRJPeoD.exe
  2⤵
  PID:9116
- C:\Windows\System\PyUynEX.exe
  C:\Windows\System\PyUynEX.exe
  2⤵
  PID:9136
- C:\Windows\System\lAVoWuK.exe
  C:\Windows\System\lAVoWuK.exe
  2⤵
  PID:9160
- C:\Windows\System\dGhZeim.exe
  C:\Windows\System\dGhZeim.exe
  2⤵
  PID:9180
- C:\Windows\System\jdJVaAs.exe
  C:\Windows\System\jdJVaAs.exe
  2⤵
  PID:8140
- C:\Windows\System\ZcKFxmB.exe
  C:\Windows\System\ZcKFxmB.exe
  2⤵
  PID:8216
- C:\Windows\System\VCcrIqY.exe
  C:\Windows\System\VCcrIqY.exe
  2⤵
  PID:8292
- C:\Windows\System\cgvWuSD.exe
  C:\Windows\System\cgvWuSD.exe
  2⤵
  PID:8340
- C:\Windows\System\JCWPpeH.exe
  C:\Windows\System\JCWPpeH.exe
  2⤵
  PID:8200
- C:\Windows\System\hNyzjdJ.exe
  C:\Windows\System\hNyzjdJ.exe
  2⤵
  PID:8308
- C:\Windows\System\ZznUkIS.exe
  C:\Windows\System\ZznUkIS.exe
  2⤵
  PID:8356
- C:\Windows\System\GLJWTbI.exe
  C:\Windows\System\GLJWTbI.exe
  2⤵
  PID:8392
- C:\Windows\System\YDorWZz.exe
  C:\Windows\System\YDorWZz.exe
  2⤵
  PID:8412
- C:\Windows\System\QbClGXh.exe
  C:\Windows\System\QbClGXh.exe
  2⤵
  PID:8456
- C:\Windows\System\GOSbdNj.exe
  C:\Windows\System\GOSbdNj.exe
  2⤵
  PID:8468
- C:\Windows\System\AbFWxRX.exe
  C:\Windows\System\AbFWxRX.exe
  2⤵
  PID:8504
- C:\Windows\System\TlcOHUN.exe
  C:\Windows\System\TlcOHUN.exe
  2⤵
  PID:8528
- C:\Windows\System\eefesKN.exe
  C:\Windows\System\eefesKN.exe
  2⤵
  PID:8576
- C:\Windows\System\YSxxvej.exe
  C:\Windows\System\YSxxvej.exe
  2⤵
  PID:8600
- C:\Windows\System\FwNaUWe.exe
  C:\Windows\System\FwNaUWe.exe
  2⤵
  PID:8532
- C:\Windows\System\YvgyyPy.exe
  C:\Windows\System\YvgyyPy.exe
  2⤵
  PID:8680
- C:\Windows\System\qMmKgOe.exe
  C:\Windows\System\qMmKgOe.exe
  2⤵
  PID:8692
- C:\Windows\System\KqWnetz.exe
  C:\Windows\System\KqWnetz.exe
  2⤵
  PID:8792
- C:\Windows\System\KSocGtC.exe
  C:\Windows\System\KSocGtC.exe
  2⤵
  PID:8904
- C:\Windows\System\WousTYG.exe
  C:\Windows\System\WousTYG.exe
  2⤵
  PID:8740
- C:\Windows\System\MELRFyA.exe
  C:\Windows\System\MELRFyA.exe
  2⤵
  PID:8820
- C:\Windows\System\LRChDCA.exe
  C:\Windows\System\LRChDCA.exe
  2⤵
  PID:8932
- C:\Windows\System\nbFonwe.exe
  C:\Windows\System\nbFonwe.exe
  2⤵
  PID:8772
- C:\Windows\System\fqlHAyR.exe
  C:\Windows\System\fqlHAyR.exe
  2⤵
  PID:8956
- C:\Windows\System\IYnFYIN.exe
  C:\Windows\System\IYnFYIN.exe
  2⤵
  PID:9004
- C:\Windows\System\hDHFVEd.exe
  C:\Windows\System\hDHFVEd.exe
  2⤵
  PID:9072
- C:\Windows\System\zhJzjPJ.exe
  C:\Windows\System\zhJzjPJ.exe
  2⤵
  PID:9144
- C:\Windows\System\JAgIoJN.exe
  C:\Windows\System\JAgIoJN.exe
  2⤵
  PID:9020
- C:\Windows\System\bkNjZbL.exe
  C:\Windows\System\bkNjZbL.exe
  2⤵
  PID:9016
- C:\Windows\System\aRvRjxU.exe
  C:\Windows\System\aRvRjxU.exe
  2⤵
  PID:9124
- C:\Windows\System\MInxxBy.exe
  C:\Windows\System\MInxxBy.exe
  2⤵
  PID:9060
- C:\Windows\System\UtDZebf.exe
  C:\Windows\System\UtDZebf.exe
  2⤵
  PID:9132
- C:\Windows\System\SnEtcqL.exe
  C:\Windows\System\SnEtcqL.exe
  2⤵
  PID:7640
- C:\Windows\System\sZRYPiV.exe
  C:\Windows\System\sZRYPiV.exe
  2⤵
  PID:7800
- C:\Windows\System\PJtKhgd.exe
  C:\Windows\System\PJtKhgd.exe
  2⤵
  PID:8336
- C:\Windows\System\SFtCdrU.exe
  C:\Windows\System\SFtCdrU.exe
  2⤵
  PID:8320
- C:\Windows\System\cFMjbtn.exe
  C:\Windows\System\cFMjbtn.exe
  2⤵
  PID:8388
- C:\Windows\System\nVBWlQN.exe
  C:\Windows\System\nVBWlQN.exe
  2⤵
  PID:8524
- C:\Windows\System\VjlZAaG.exe
  C:\Windows\System\VjlZAaG.exe
  2⤵
  PID:8644
- C:\Windows\System\pPOOKaT.exe
  C:\Windows\System\pPOOKaT.exe
  2⤵
  PID:8756
- C:\Windows\System\sxLKBzk.exe
  C:\Windows\System\sxLKBzk.exe
  2⤵
  PID:8548
- C:\Windows\System\MCKRblw.exe
  C:\Windows\System\MCKRblw.exe
  2⤵
  PID:8624
- C:\Windows\System\kvidfnB.exe
  C:\Windows\System\kvidfnB.exe
  2⤵
  PID:8832
- C:\Windows\System\UAKWdVH.exe
  C:\Windows\System\UAKWdVH.exe
  2⤵
  PID:8840
- C:\Windows\System\sFBATki.exe
  C:\Windows\System\sFBATki.exe
  2⤵
  PID:8936
- C:\Windows\System\kYnZiDG.exe
  C:\Windows\System\kYnZiDG.exe
  2⤵
  PID:8852
- C:\Windows\System\ixbAboO.exe
  C:\Windows\System\ixbAboO.exe
  2⤵
  PID:9044
- C:\Windows\System\aNJcxUl.exe
  C:\Windows\System\aNJcxUl.exe
  2⤵
  PID:9196
- C:\Windows\System\JvcxQjY.exe
  C:\Windows\System\JvcxQjY.exe
  2⤵
  PID:9104
- C:\Windows\System\QnNCTNy.exe
  C:\Windows\System\QnNCTNy.exe
  2⤵
  PID:9188
- C:\Windows\System\skizTmY.exe
  C:\Windows\System\skizTmY.exe
  2⤵
  PID:9176
- C:\Windows\System\aevhNxQ.exe
  C:\Windows\System\aevhNxQ.exe
  2⤵
  PID:8316
- C:\Windows\System\HwIhsMk.exe
  C:\Windows\System\HwIhsMk.exe
  2⤵
  PID:8416
- C:\Windows\System\uvhOOcE.exe
  C:\Windows\System\uvhOOcE.exe
  2⤵
  PID:8464
- C:\Windows\System\wYysduB.exe
  C:\Windows\System\wYysduB.exe
  2⤵
  PID:8592
- C:\Windows\System\YGXRSMb.exe
  C:\Windows\System\YGXRSMb.exe
  2⤵
  PID:8752
- C:\Windows\System\WcOPDTP.exe
  C:\Windows\System\WcOPDTP.exe
  2⤵
  PID:8888
- C:\Windows\System\JtUVHvH.exe
  C:\Windows\System\JtUVHvH.exe
  2⤵
  PID:9152
- C:\Windows\System\ZvMSRoP.exe
  C:\Windows\System\ZvMSRoP.exe
  2⤵
  PID:8952
- C:\Windows\System\UCxtCvV.exe
  C:\Windows\System\UCxtCvV.exe
  2⤵
  PID:8260
- C:\Windows\System\nLjdEuV.exe
  C:\Windows\System\nLjdEuV.exe
  2⤵
  PID:9000
- C:\Windows\System\Wtjldun.exe
  C:\Windows\System\Wtjldun.exe
  2⤵
  PID:8272
- C:\Windows\System\gFPjRUB.exe
  C:\Windows\System\gFPjRUB.exe
  2⤵
  PID:9208
- C:\Windows\System\OUfrwKB.exe
  C:\Windows\System\OUfrwKB.exe
  2⤵
  PID:8604
- C:\Windows\System\AlEpQco.exe
  C:\Windows\System\AlEpQco.exe
  2⤵
  PID:8920
- C:\Windows\System\ylPDjtz.exe
  C:\Windows\System\ylPDjtz.exe
  2⤵
  PID:9156
- C:\Windows\System\hmoWFow.exe
  C:\Windows\System\hmoWFow.exe
  2⤵
  PID:8288
- C:\Windows\System\aSxEIBS.exe
  C:\Windows\System\aSxEIBS.exe
  2⤵
  PID:8808
- C:\Windows\System\qRHELMi.exe
  C:\Windows\System\qRHELMi.exe
  2⤵
  PID:8372
- C:\Windows\System\DcBdzsT.exe
  C:\Windows\System\DcBdzsT.exe
  2⤵
  PID:9212
- C:\Windows\System\ByDPMMv.exe
  C:\Windows\System\ByDPMMv.exe
  2⤵
  PID:8664
- C:\Windows\System\yxxLJfv.exe
  C:\Windows\System\yxxLJfv.exe
  2⤵
  PID:7460
- C:\Windows\System\LdkDcob.exe
  C:\Windows\System\LdkDcob.exe
  2⤵
  PID:8448
- C:\Windows\System\fQxtiez.exe
  C:\Windows\System\fQxtiez.exe
  2⤵
  PID:9092
- C:\Windows\System\BDlJSkL.exe
  C:\Windows\System\BDlJSkL.exe
  2⤵
  PID:9232
- C:\Windows\System\IUAjKno.exe
  C:\Windows\System\IUAjKno.exe
  2⤵
  PID:9252
- C:\Windows\System\cXuenwr.exe
  C:\Windows\System\cXuenwr.exe
  2⤵
  PID:9288
- C:\Windows\System\mECnwwA.exe
  C:\Windows\System\mECnwwA.exe
  2⤵
  PID:9304
- C:\Windows\System\qlFbhZQ.exe
  C:\Windows\System\qlFbhZQ.exe
  2⤵
  PID:9328
- C:\Windows\System\yOaCQIg.exe
  C:\Windows\System\yOaCQIg.exe
  2⤵
  PID:9348
- C:\Windows\System\ncVCbtt.exe
  C:\Windows\System\ncVCbtt.exe
  2⤵
  PID:9364
- C:\Windows\System\fDbxqGV.exe
  C:\Windows\System\fDbxqGV.exe
  2⤵
  PID:9388
- C:\Windows\System\AMYAqnW.exe
  C:\Windows\System\AMYAqnW.exe
  2⤵
  PID:9404
- C:\Windows\System\EZZrJCt.exe
  C:\Windows\System\EZZrJCt.exe
  2⤵
  PID:9424
- C:\Windows\System\iPXAUbj.exe
  C:\Windows\System\iPXAUbj.exe
  2⤵
  PID:9444
- C:\Windows\System\EYEpEON.exe
  C:\Windows\System\EYEpEON.exe
  2⤵
  PID:9464
- C:\Windows\System\ByHuvQJ.exe
  C:\Windows\System\ByHuvQJ.exe
  2⤵
  PID:9488
- C:\Windows\System\IQXvOLd.exe
  C:\Windows\System\IQXvOLd.exe
  2⤵
  PID:9508
- C:\Windows\System\hsomBBf.exe
  C:\Windows\System\hsomBBf.exe
  2⤵
  PID:9528
- C:\Windows\System\LAaqMeI.exe
  C:\Windows\System\LAaqMeI.exe
  2⤵
  PID:9548
- C:\Windows\System\WjdAjKS.exe
  C:\Windows\System\WjdAjKS.exe
  2⤵
  PID:9564
- C:\Windows\System\UEviMkH.exe
  C:\Windows\System\UEviMkH.exe
  2⤵
  PID:9588
- C:\Windows\System\qXZgqhA.exe
  C:\Windows\System\qXZgqhA.exe
  2⤵
  PID:9604
- C:\Windows\System\rZJyHQN.exe
  C:\Windows\System\rZJyHQN.exe
  2⤵
  PID:9628
- C:\Windows\System\UDZkOkq.exe
  C:\Windows\System\UDZkOkq.exe
  2⤵
  PID:9644
- C:\Windows\System\todUPuY.exe
  C:\Windows\System\todUPuY.exe
  2⤵
  PID:9668
- C:\Windows\System\lDxdYJa.exe
  C:\Windows\System\lDxdYJa.exe
  2⤵
  PID:9684
- C:\Windows\System\ISpfepX.exe
  C:\Windows\System\ISpfepX.exe
  2⤵
  PID:9708
- C:\Windows\System\IKFVFne.exe
  C:\Windows\System\IKFVFne.exe
  2⤵
  PID:9724
- C:\Windows\System\ldewjHV.exe
  C:\Windows\System\ldewjHV.exe
  2⤵
  PID:9740
- C:\Windows\System\DFVsqdQ.exe
  C:\Windows\System\DFVsqdQ.exe
  2⤵
  PID:9756
- C:\Windows\System\MfItfvQ.exe
  C:\Windows\System\MfItfvQ.exe
  2⤵
  PID:9772
- C:\Windows\System\eNVlimf.exe
  C:\Windows\System\eNVlimf.exe
  2⤵
  PID:9796
- C:\Windows\System\fHlwdft.exe
  C:\Windows\System\fHlwdft.exe
  2⤵
  PID:9820
- C:\Windows\System\pARuDSY.exe
  C:\Windows\System\pARuDSY.exe
  2⤵
  PID:9836
- C:\Windows\System\yUaHajY.exe
  C:\Windows\System\yUaHajY.exe
  2⤵
  PID:9852
- C:\Windows\System\vcHGwkE.exe
  C:\Windows\System\vcHGwkE.exe
  2⤵
  PID:9876
- C:\Windows\System\mepztte.exe
  C:\Windows\System\mepztte.exe
  2⤵
  PID:9892
- C:\Windows\System\dwluSMf.exe
  C:\Windows\System\dwluSMf.exe
  2⤵
  PID:9928
- C:\Windows\System\TVLSxJS.exe
  C:\Windows\System\TVLSxJS.exe
  2⤵
  PID:9944
- C:\Windows\System\QGQiDpB.exe
  C:\Windows\System\QGQiDpB.exe
  2⤵
  PID:9960
- C:\Windows\System\KggdWnz.exe
  C:\Windows\System\KggdWnz.exe
  2⤵
  PID:9980
- C:\Windows\System\vuyQkLT.exe
  C:\Windows\System\vuyQkLT.exe
  2⤵
  PID:10008
- C:\Windows\System\IFjDfMS.exe
  C:\Windows\System\IFjDfMS.exe
  2⤵
  PID:10028
- C:\Windows\System\ehpbxkI.exe
  C:\Windows\System\ehpbxkI.exe
  2⤵
  PID:10052
- C:\Windows\System\HsPGLih.exe
  C:\Windows\System\HsPGLih.exe
  2⤵
  PID:10068
- C:\Windows\System\TEkekGh.exe
  C:\Windows\System\TEkekGh.exe
  2⤵
  PID:10092
- C:\Windows\System\RXcyKev.exe
  C:\Windows\System\RXcyKev.exe
  2⤵
  PID:10112
- C:\Windows\System\BqSdVRj.exe
  C:\Windows\System\BqSdVRj.exe
  2⤵
  PID:10128
- C:\Windows\System\BxaPJYC.exe
  C:\Windows\System\BxaPJYC.exe
  2⤵
  PID:10152
- C:\Windows\System\BRINXuD.exe
  C:\Windows\System\BRINXuD.exe
  2⤵
  PID:10168
- C:\Windows\System\kHXjBLD.exe
  C:\Windows\System\kHXjBLD.exe
  2⤵
  PID:10192
- C:\Windows\System\quBAlNV.exe
  C:\Windows\System\quBAlNV.exe
  2⤵
  PID:10208
- C:\Windows\System\vRWbomb.exe
  C:\Windows\System\vRWbomb.exe
  2⤵
  PID:10228
- C:\Windows\System\xcFZkzc.exe
  C:\Windows\System\xcFZkzc.exe
  2⤵
  PID:9172
- C:\Windows\System\kZbefZg.exe
  C:\Windows\System\kZbefZg.exe
  2⤵
  PID:8640
- C:\Windows\System\VTEflBF.exe
  C:\Windows\System\VTEflBF.exe
  2⤵
  PID:8428
- C:\Windows\System\EjlDLim.exe
  C:\Windows\System\EjlDLim.exe
  2⤵
  PID:9248
- C:\Windows\System\yYgVhrK.exe
  C:\Windows\System\yYgVhrK.exe
  2⤵
  PID:9264
- C:\Windows\System\hclMezI.exe
  C:\Windows\System\hclMezI.exe
  2⤵
  PID:9312
- C:\Windows\System\mlrcyzZ.exe
  C:\Windows\System\mlrcyzZ.exe
  2⤵
  PID:9340
- C:\Windows\System\vvjsWLJ.exe
  C:\Windows\System\vvjsWLJ.exe
  2⤵
  PID:9396
- C:\Windows\System\SZLBwBA.exe
  C:\Windows\System\SZLBwBA.exe
  2⤵
  PID:9416
- C:\Windows\System\yDZVwIc.exe
  C:\Windows\System\yDZVwIc.exe
  2⤵
  PID:9472
- C:\Windows\System\mClGtbL.exe
  C:\Windows\System\mClGtbL.exe
  2⤵
  PID:9496
- C:\Windows\System\HOafODZ.exe
  C:\Windows\System\HOafODZ.exe
  2⤵
  PID:9520
- C:\Windows\System\uyzBBFl.exe
  C:\Windows\System\uyzBBFl.exe
  2⤵
  PID:9560
- C:\Windows\System\iKooolU.exe
  C:\Windows\System\iKooolU.exe
  2⤵
  PID:9580
- C:\Windows\System\PCXnWrv.exe
  C:\Windows\System\PCXnWrv.exe
  2⤵
  PID:9612
- C:\Windows\System\HKFsbvn.exe
  C:\Windows\System\HKFsbvn.exe
  2⤵
  PID:9636
- C:\Windows\System\xwsewrG.exe
  C:\Windows\System\xwsewrG.exe
  2⤵
  PID:9660
- C:\Windows\System\dMIEcSA.exe
  C:\Windows\System\dMIEcSA.exe
  2⤵
  PID:9704
- C:\Windows\System\NHiZnjb.exe
  C:\Windows\System\NHiZnjb.exe
  2⤵
  PID:9768
- C:\Windows\System\ILVbPAT.exe
  C:\Windows\System\ILVbPAT.exe
  2⤵
  PID:9816
- C:\Windows\System\xulcANM.exe
  C:\Windows\System\xulcANM.exe
  2⤵
  PID:9888
- C:\Windows\System\vDLUfEv.exe
  C:\Windows\System\vDLUfEv.exe
  2⤵
  PID:9868
- C:\Windows\System\qwpsela.exe
  C:\Windows\System\qwpsela.exe
  2⤵
  PID:9920
- C:\Windows\System\PYqpCtY.exe
  C:\Windows\System\PYqpCtY.exe
  2⤵
  PID:9912
- C:\Windows\System\gazBKxB.exe
  C:\Windows\System\gazBKxB.exe
  2⤵
  PID:9968
- C:\Windows\System\VJTbQTu.exe
  C:\Windows\System\VJTbQTu.exe
  2⤵
  PID:9952
- C:\Windows\System\gqNlMFb.exe
  C:\Windows\System\gqNlMFb.exe
  2⤵
  PID:10020
- C:\Windows\System\zCIgRSf.exe
  C:\Windows\System\zCIgRSf.exe
  2⤵
  PID:10060
- C:\Windows\System\uSbZwWd.exe
  C:\Windows\System\uSbZwWd.exe
  2⤵
  PID:10108
- C:\Windows\System\gpgYICN.exe
  C:\Windows\System\gpgYICN.exe
  2⤵
  PID:10124
- C:\Windows\System\aPacOFm.exe
  C:\Windows\System\aPacOFm.exe
  2⤵
  PID:10176
- C:\Windows\System\beCTEul.exe
  C:\Windows\System\beCTEul.exe
  2⤵
  PID:10216
- C:\Windows\System\AemXfRq.exe
  C:\Windows\System\AemXfRq.exe
  2⤵
  PID:10236
- C:\Windows\System\hssKini.exe
  C:\Windows\System\hssKini.exe
  2⤵
  PID:9244
- C:\Windows\System\PSiEkqb.exe
  C:\Windows\System\PSiEkqb.exe
  2⤵
  PID:9300
- C:\Windows\System\cfGNIvf.exe
  C:\Windows\System\cfGNIvf.exe
  2⤵
  PID:8276
- C:\Windows\System\UVgpnLz.exe
  C:\Windows\System\UVgpnLz.exe
  2⤵
  PID:9360
- C:\Windows\System\yDiiSue.exe
  C:\Windows\System\yDiiSue.exe
  2⤵
  PID:9376
- C:\Windows\System\RcbPAmm.exe
  C:\Windows\System\RcbPAmm.exe
  2⤵
  PID:9460
- C:\Windows\System\kUgOpYN.exe
  C:\Windows\System\kUgOpYN.exe
  2⤵
  PID:9544
- C:\Windows\System\oBKbxkL.exe
  C:\Windows\System\oBKbxkL.exe
  2⤵
  PID:9584
- C:\Windows\System\RgdHoRr.exe
  C:\Windows\System\RgdHoRr.exe
  2⤵
  PID:9280
- C:\Windows\System\zfouTcL.exe
  C:\Windows\System\zfouTcL.exe
  2⤵
  PID:9664
- C:\Windows\System\bHAgqHu.exe
  C:\Windows\System\bHAgqHu.exe
  2⤵
  PID:9752
- C:\Windows\System\vGNCrlD.exe
  C:\Windows\System\vGNCrlD.exe
  2⤵
  PID:9848
- C:\Windows\System\rHZrTTP.exe
  C:\Windows\System\rHZrTTP.exe
  2⤵
  PID:9908
- C:\Windows\System\boOBDRZ.exe
  C:\Windows\System\boOBDRZ.exe
  2⤵
  PID:9976
- C:\Windows\System\FnpeABh.exe
  C:\Windows\System\FnpeABh.exe
  2⤵
  PID:9988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AHXlPHy.exe

Filesize
6.0MB

MD5
f095b0b628a723f3937b679d9b6bb189

SHA1
1cfcc7a5a3a3c718374266799310ae66d54dd535

SHA256
9bf93453edf8f893d9d112106641364e2b2e6956c18aa8d1ff9dc56bc3627790

SHA512
5183ab8f32b88422b6496fe9d276e8a008138499e55e9411a61d04ca797ba8fc7d1ec5fb4843feb7235e6cc186a7726bc881e5f58262898b7c4bf70fb4070699

Download Submit
C:\Windows\system\BAUaQZC.exe

Filesize
6.0MB

MD5
a4c5d6d66a8335ba28fef2a6cb892f70

SHA1
ca5fd5266f3c27eb2552f98d3666774688f7c720

SHA256
e2ff7613a55e96377817053fdf3dd0653aff3ec7fc4bdb677f1e8b9997798451

SHA512
688dcd15589e2880456a379ae04e54f2f18d6dfac6c904fe5b508567c0e20dd9ebbd346df8aed34c3010a74d5eb551ee9a1e65570fc08dd6ba74ebaf94758a96

Download Submit
C:\Windows\system\EfVvSPg.exe

Filesize
6.0MB

MD5
5f317fc807f364dc85333c1a4a07f689

SHA1
217b0ee2ff20958d09d06a62108657fdcc7fa50c

SHA256
e3f64f6c49aca2b62287e993543a763ba2db1542e848f1f166ea4b7b9006f683

SHA512
5e34821c9a9e7b3a58eddd3e307ae37658ab39b524ee8090a1f67543b21c48b684cbdc1c1ce729c25b166e2d2dd3cc2178b255d1edacfaa78104c4b1f221d776

Download Submit
C:\Windows\system\HTlYAtH.exe

Filesize
6.0MB

MD5
4c931e3981c675aebc80134764cec75e

SHA1
7b9707ed159ce320f5ab908ec6be6af165d9b8d4

SHA256
2a07bc92b3eedc395dde7e67aa0df6d99a05cc38552d9e8e01be3f1ad4c7d901

SHA512
9e54d07db3e2ab78b0d0729775ba483493e73da5cf64db78d6f87b09bdd3d3ca7c91105a0a3d74ef8096ca2a65a9ad1511bde86d01cfab249741674c1562cf7e

Download Submit
C:\Windows\system\IkBowhF.exe

Filesize
6.0MB

MD5
e81326c1c78bce569c2c9e1e2e400e61

SHA1
f94f9bbea686564811e2e4a24cd719761bcae68c

SHA256
92e5c1123c90fe0ede108f59502f0a7f3d4084a155aceaf9e06de816293570eb

SHA512
41d163209fdc5b2414095a2d90c2fb17fc445d5a06e862f1897f876e8372bce6848483f77c78aca0f415059865bcf1c4ab84e3a6e6a9f7f00cbf769266b0952c

Download Submit
C:\Windows\system\IpZEIYA.exe

Filesize
6.0MB

MD5
5a82edefacf8bb8e6eda38f102366279

SHA1
b0fd5042d196889269e1bd71c9bd0cb6a5968de7

SHA256
4948fb867f9f9687e4d63edb25eff57e50806bc9c9379e7e354f9f6edf47dfde

SHA512
5bc9d4e1da48300fbedc9f9dccaa1cea9c10b95fcf856ce0c255ca134185cf4c285ad098d02ffc399519a6275f9ab7cd587ad1a820f196f6992f41f44caad8dd

Download Submit
C:\Windows\system\JjNplOg.exe

Filesize
6.0MB

MD5
3d0d61437eb3dbf024dc07f2ffbc1df4

SHA1
e551089a0d2126eb4e6dd079f6574129cf6350f4

SHA256
49d0baefd855b0ba61f8c8be1eae219abec469b3fef187df13048a34f09acdb5

SHA512
2fb5d7b5fa4172a519a64c2e3d2dd976b3c7b0eeba7825dba62f177882850cc96ef8f1b5703fd9246ddb71850b6327ecb15ecb108ac7e7b803ed90468d79cf84

Download Submit
C:\Windows\system\KCgZlPJ.exe

Filesize
6.0MB

MD5
81cd565807e5e596f3ea5230019ab3d0

SHA1
496260d99cbd6f2ce593bca9c02fc29e343e13c5

SHA256
d3bcd7c2c753da132537e21551d1ec0c97de7ba6a529ab82f3b2793b291e3d14

SHA512
74b64219c0f9b4cf44ea9cc564da27571c2614db62d659f02e9bea3cb1c845f5c522a3c59bef3863081272fe0bd2fa447949520e6c1fef9906df4ffb2e964cbb

Download Submit
C:\Windows\system\QJUfDty.exe

Filesize
6.0MB

MD5
8c9a41996865019a9aeccbeff9bf6e0c

SHA1
6a2696198983c4df25febebcf181ec7dbd904dbe

SHA256
2c1d0f30dc91798e2917ddf288a0ba0344d872f8b2edf34f5da1a2583dafa239

SHA512
257cc790f1d5ff481fa036f9636e2110204f4de6dd021bdeae768f1e67f7e7e9d34b5c299b4f70f356434bda2d3363ad563adaf69aa3be4a08c0d977e3f1e231

Download Submit
C:\Windows\system\RsEwPhl.exe

Filesize
6.0MB

MD5
b7ec2cea0aa905267274d1f320c01368

SHA1
9ae934b83b72c8f099ccc4292a71d6972d91eafe

SHA256
8dfcea6196cfcd680d74c0e0b98fb92abe02e23e1451e1c230f22a74b91f7209

SHA512
7e878d449e2de60940ad2a6912646d45cb29ad69a71929c05e6d4623146725dc7861fa0d56e97acfb4d8756cd27c5ea2ccfa94211a001ee5f75cfeaaf8f5fe0a

Download Submit
C:\Windows\system\SJYdEun.exe

Filesize
6.0MB

MD5
13848f66df535ff1844a303c923cebcc

SHA1
40be63911ab1d2cc546ae263cfa457a615ae042a

SHA256
6032d86434617c3d3cb790b0d439ec92f2383b621feb8cf1092dce6727dd5876

SHA512
8edff02f96183b24195f6ae852edccd4038741f196693574a5a046c02bcd6c41fb37b7267000b65697ec81743cb2cd48f0b4240a97c522fd9f8d104e5353c6b6

Download Submit
C:\Windows\system\UCnFyPI.exe

Filesize
6.0MB

MD5
ab614285db3cab116e5cf0a3b54654ab

SHA1
df200848734e26c87bd61d76d34e968e08e39cbb

SHA256
3cf6e6062731b027b8a8befc8e5fe32f60ea8c4b1058043c7cc07f9b4dc0668d

SHA512
9f341b7feaed1726029a70d75c3f238ca7d4f0fa1d00f096cc92017dfca57a92bfcddad9c60ec80e19ec5fe59393176ab3e37a0b9b953521ae577038fdebb655

Download Submit
C:\Windows\system\VQNivKO.exe

Filesize
6.0MB

MD5
0c5c27915133ce0d4bb8f4d557cda6dc

SHA1
8673e2557ceaad8604d5a744cc5e5e79bc19ee1a

SHA256
ad04432cd6b35d4904301343e9144f33f0810a25335acd8efaad52fa9f1ca26e

SHA512
4460ccd63a8c84cb3c4b3aec66751a5b4322db158655263c8ae72c30c75a48654326f9e1e38ab46cdd9287a505a2ab19b7a484ed9451d3225a93ae19f2409289

Download Submit
C:\Windows\system\XDVqAqh.exe

Filesize
6.0MB

MD5
0a31db3bda1737a91f88503c688295ff

SHA1
e4ee726fa0bf033502d364117da6afb3afb1a42b

SHA256
eecf991715e050199f79386d797dc9a075ef762f44022c90e5351dbea52fd6c8

SHA512
d6750fed35de50c2886812497ee0586265f36d68c9747305e61d550e5789fb94720f3538186288a7ae10122272a81c6762f52996805943bc092ac17152d44cf4

Download Submit
C:\Windows\system\XaGyqXL.exe

Filesize
6.0MB

MD5
bf6f2a9a99a9d6cf0aed80a7822ed614

SHA1
6da76a3d3ad6a3ba3e0e22949eae074744b0636c

SHA256
56dd2562b68f0a68edd3f5cbef52f3a68957081565d30453845f2d61e6cc47ff

SHA512
63321a5a6b3127f3d501864579c86704dae94f38949f7031f840da5062c8fdb6a8b0f4413302ec1112e1a32f8e8883f13cbad98ec9f2656ffa3fd1f1eee93235

Download Submit
C:\Windows\system\YsaxLBl.exe

Filesize
6.0MB

MD5
3a6ac861c8fe1fcb57ab086c26274a1d

SHA1
227e4507ab2698cb7909764be91e823706494ae1

SHA256
2735a0301946df30318fe9264f74089abd458c04602e96c00bc1adb35ac63104

SHA512
cc45df72c827e443f0b53237b85ded72f961c7b8aec4c5c5c9b10b653ac3ccc2ee837e6499a75263ce728a8e0d8e4e1c59b018524529434af6285cce67c36d16

Download Submit
C:\Windows\system\Zdphqfi.exe

Filesize
6.0MB

MD5
2aa52288545a11966d3694c4b7f3b632

SHA1
8f8e2b15ac16637613dfcf5f964814862551c6a7

SHA256
516b0320ef8be657fe6ed51af3f209055527704fc34c1f74d3bb688ecfed06a2

SHA512
60264fb1c1b975de8328f3bd61c5c2d8bce2262662c7e60cb88cbda85e20134d6e903fe258f1dc9b4a3d581195af534483e5bcbc84392179fe90c0f7ce68d44a

Download Submit
C:\Windows\system\mGMEdCE.exe

Filesize
8B

MD5
5f2a961acf27f98734426395ca459b13

SHA1
f4361fda9d6f0d257eb8b16f437b07fbcb5e70c7

SHA256
c0db544382d067ad8a84933742200215bd469f54e265de50d613eb85cae73416

SHA512
4b21f11bb3269f293a187974763ea724dd38ecc4a235b8e070aeff271fc11b158c960ca3d3ad113eee01310ae3b8779e47211cb90d49f14faf1f751afa218701

Download Submit
C:\Windows\system\mpiQPRx.exe

Filesize
6.0MB

MD5
b1f90ac1e9df376e4eccc1b654dafc23

SHA1
ad708cc0eff9197fb0a450c8651a1744f2ba98b0

SHA256
251b1c36ba170e84cccf95aa9845ab532dd08937e407a7ea606c7a237e82c80b

SHA512
9a2e1ad3f1c178d5cf61685cb9d9b1b098bea2093b683f3dcc4c3f23abe903aa2bb74e9090b043311640afe6417c98c01b6d3167fbb0ceb07d19a09f9be2b74f

Download Submit
C:\Windows\system\nWHIkXD.exe

Filesize
6.0MB

MD5
b279a13ee91097cdaa7c8a4ccb8fff01

SHA1
a02f41cfbd28cf903f356e513c2ceb77bf1856f3

SHA256
7b714af3920dd6a27569d475f1e0abb3693b4b7bdda7501e51f9000d3f223506

SHA512
d9b2097912564c7b69574fbe073242589bdbbf4fdab332fd80ce3052eedd107545b1ef9e89e69a5ec28e6e2a930b5215172527b5f7505c6d9e0bbf3fb5e01366

Download Submit
C:\Windows\system\ofJkDXL.exe

Filesize
6.0MB

MD5
07cf6a7c4aa3cd10f9a76f3e4ea557a3

SHA1
d858a93d93cf1d87524fec60a58d15f9548136f5

SHA256
15fcd5aa67eda23c0a1fc8744a1c8c9c738cbb7304c055b69184c1b889714d7d

SHA512
ee22e73f7259566b2a478cae928c5d31c965880d9c7184797c72d46e3c2f58f39e14424736ca9734ec1c747dae65b570bf199242ab39a3b839216a7fd45b4f7f

Download Submit
C:\Windows\system\pYBjJkx.exe

Filesize
6.0MB

MD5
c38ab6a6d5bfbc262bce5e371ddb0f06

SHA1
6534877c2e4acbfe9275826a3ea0136fbf55053c

SHA256
e2b28cb2996125c3c23630e9f44a3e946eb0d017438d14af34e1faa0151c7e68

SHA512
0d5a0826ea5f5658a273de5baf6e1324d1fbdf1b78a80ec50f707a95c3c1e09d04a57b144141dca30810e2cf28756c1965d4e6592bbaa00936ac1570f50a439d

Download Submit
C:\Windows\system\rOlNYxl.exe

Filesize
6.0MB

MD5
5ee86372ba9a3648a413b3b75f88e1a6

SHA1
42229648105ca5084fc4cff2a2c5246d77f4f7ae

SHA256
1787b6feda50f21fd907a097716037eb9e0616b043efd42404234e9bc2737ed1

SHA512
8b751c4e3496744c2d6f1b00d7dceee8a09bb978f1bb50dc9ee00752e4ffd58613c36b9ae73ba59efc6d218dc34e15d8d52ecacda9d925f992a0b506d2fb0ef7

Download Submit
C:\Windows\system\wJixAMq.exe

Filesize
6.0MB

MD5
c4e98d186593b506575183f1009df7bd

SHA1
cdcc3a650333295faa136ba586741014d23f4f3d

SHA256
91af722af65b56679df16af05835f12ad97b36ff2955cf9509b46d43db3f972e

SHA512
195f2e12fd227a08e54192f4cbdf0f70d5df0600e06fb73fa470566958941e432212814eda5f98cd4c21e075412710ae4f3b00524a1a6b27540cc1bd3c601e6b

Download Submit
C:\Windows\system\wzGnbWX.exe

Filesize
6.0MB

MD5
91c15826f325ea737bd9869dc262e139

SHA1
8566a305f0b67b028f09e465a8abe4b1f62f3536

SHA256
b4538fa1ef9bf3c0e69f12ada3f173d189e0a93487532bd3e6ea3ec48a207b6e

SHA512
6e38d3c5ee45dc073a71a3acf14d6b4193a4ff8ea88dc5217e44ef1cc5c2bfca13a6d9d15aa2dd1df5bbe9e19328d78cbb95b0d5bcd9c573e37c68e4100fa831

Download Submit
C:\Windows\system\xXxwqjA.exe

Filesize
6.0MB

MD5
a48afe7853172652a4866fc49a887ef9

SHA1
04c50f3b90a5d43d70f75f014c256e016c422ef2

SHA256
719ba8816f9ea92cd47615baa3875fc429c01750fe8e708da4f057805d11a28f

SHA512
d582f310ddfa4dec762bacf2b52b6d4a961b10ffcefadf306052fab5f90a380bd131ec5339b7e5429484c9010217c6d67a78156e18141c7f302fa3756766a68c

Download Submit
C:\Windows\system\ySfwKmy.exe

Filesize
6.0MB

MD5
f4e22adbfddf436c591f18157b684ac1

SHA1
643b3cfb7d68b707d7bfcacb0407b1cb6bf59f09

SHA256
6c99e2fc3d0cc992b8e90b4125e3c94f357b69eaab8377c7a1bc1fcbe8b579a4

SHA512
fe101eaba2a3fa5e2b8301ee2bb28ffeafa7c9e8a8b7021eaac6fb36c8fedbde4a6bd60a5e1cc977245b6d8a80b8c02bdb3e3be1b28b526eea45fb425fe0068a

Download Submit
C:\Windows\system\yfTzEzv.exe

Filesize
6.0MB

MD5
dbdba0e5ad893037f45253a1e672266b

SHA1
5ff13f7588d024bd676d6f4968215719f6c14756

SHA256
beb16f552667fc1ff43ac8ec11214bd6c8ddb9969772c3e5e31be68e5388a788

SHA512
ebc76bc1b5820640c8a94ab3805d59666d8d2e2bcd6705cb55440ef88b5ff5ef20861b439c1155a14d1f80102fa187fd73adf0c46dcf9347ad267414d4eb91f8

Download Submit
C:\Windows\system\zKdJGpb.exe

Filesize
6.0MB

MD5
0bb4aa3f6db49308c726eae9edf18964

SHA1
c2c607198bb3c6fa3361495e309ea9edcc436099

SHA256
d2da145792aeb42c07ad5c34403a6afc81f7b43923d93fc8234c0a6d0c329e02

SHA512
5e5ca1c2aca0f484b0652f49ad25d67123a2f08cf38316822a812d3a4edf88802354c2c2dc426c3eea9afe10e0c37d9ad72fe2c486e1161cb86ab11f787e454e

Download Submit
\Windows\system\LyXhAeB.exe

Filesize
6.0MB

MD5
0d5d0a68261a1fa73a6341070959fd77

SHA1
230c60c6684eb8ecf752df71c628685636d71291

SHA256
876e4ed4d2d3850a3a8e1bb5dc6e21047debe80c8a781b0758a86dd5e246438b

SHA512
66cc3c4aa8280abbc4cfd9574ff004ff2e43f7955a4669b43e513164dacfecf47954ee8d8a6c03fe81c15f8c09b4a75a1cb9ecf58107b6eaf9c0946664b18bda

Download Submit
\Windows\system\PLVmokj.exe

Filesize
6.0MB

MD5
8faf07211ed36c29ac6dc04e48632e4d

SHA1
89b48c6c609d1d26eeb95443c709e0e1de5e418d

SHA256
87114cf58861ce48964f1f3091cf275e4bec9b2a84f9f11c45a8c0ab8526d9da

SHA512
94f04a77a657ca40f9821f7daedc8b63b95b684a783e8013447244d919ed6ded261f1c32ea81bcebcb7c61b70bf37b214d46ab5b7a0bb218185d1ddff4d452ee

Download Submit
\Windows\system\XSBCbHi.exe

Filesize
6.0MB

MD5
3ccee8483d0bc4628a89f27296292972

SHA1
a5bc6095ace79dc3b19d9e311549b4746d60f8d1

SHA256
d8147a8944c95d88febda9cf486f5690cfb34d375129327dda9ec884b1d8440c

SHA512
408b6a55526f105c3cd77e91a57e8c6ee19fac6d80abd3e21d3b7dd0b59b1c30ba52e9a72f272e04e908c5ce720935b63f40c9ba76cbf6f6e10d3816575b6a44

Download Submit
\Windows\system\YBhNEpk.exe

Filesize
6.0MB

MD5
e69d1229bbc574d968bf4b7431660bbe

SHA1
ddedec75d549e57f91bba6fcda33a610a96ec6ee

SHA256
a15cde177c2b31cbfe2aeb5bb844fb6aab1c2889a7fea297e0839d7bf7223c08

SHA512
0348c058f1825f097b53b7063f3c4ddcddf0f93fb84ae5a70805999d0f628c7bf6172765ff7518ad500f7682721e6e97ff804cd184ad2a007f5769c560ef69d9

Download Submit
memory/540-104-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/540-6-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/540-311-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/540-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/540-475-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/540-2437-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/540-669-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/540-29-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/540-862-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/540-33-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/540-46-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/540-54-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/540-12-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/540-70-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/540-113-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/540-112-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/540-62-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/540-36-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/540-0-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/540-103-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/540-18-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/540-78-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/540-23-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/540-95-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/540-94-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/540-86-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/1248-5363-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/1248-58-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/1248-21-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/1328-108-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1328-2348-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1328-3752-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1500-764-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1500-3793-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1500-99-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1668-66-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/1668-27-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/1668-3699-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2316-40-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-3632-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-14-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2320-3674-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2320-50-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2540-107-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2540-67-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2540-3767-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2556-90-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2556-574-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2556-3749-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2568-217-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2568-74-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3721-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2576-402-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2576-82-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3779-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2652-73-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2652-34-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3738-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3702-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2764-41-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2764-81-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3717-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2780-51-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2780-89-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3724-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-59-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-98-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download