cobaltstrike | 4a3d2a2fa12fa696bc81c9c4a74071ec9c34ed949de04d2aa3db5813840fc170

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 07:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

73a3dacd3d12c7229f448c26142623dc
SHA1

f83e55a0cb7140d376e3e7161599e927913252f3
SHA256

4a3d2a2fa12fa696bc81c9c4a74071ec9c34ed949de04d2aa3db5813840fc170
SHA512

2dce7dab07e6500731c7af1177f9e8fd96e67331c1c5c9058838da76d75f5ea08223e97f626dd9fd5e45477f72396625e45b99b2776d27b0bc86418ab541d748
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUq:T+q56utgpPF8u/7q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001686c-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c95-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ce1-33.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c73-22.dat	cobalt_reflective_dll
behavioral1/files/0x0015000000018676-64.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-159.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-139.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-144.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-134.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174c3-112.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-111.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017403-108.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-98.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-73.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-119.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d47-47.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018696-85.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001757f-83.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a6-81.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001746a-80.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0d-72.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 61 IoCs

miner

resource	yara_rule
behavioral1/memory/2408-0-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-3.dat	xmrig
behavioral1/memory/2408-8-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/316-9-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x000800000001686c-10.dat	xmrig
behavioral1/files/0x0007000000016c95-28.dat	xmrig
behavioral1/memory/3020-29-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016ce1-33.dat	xmrig
behavioral1/memory/2780-27-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c73-22.dat	xmrig
behavioral1/memory/2440-21-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/files/0x0015000000018676-64.dat	xmrig
behavioral1/files/0x00050000000191f6-149.dat	xmrig
behavioral1/files/0x0005000000019259-164.dat	xmrig
behavioral1/files/0x000500000001929a-186.dat	xmrig
behavioral1/memory/3020-910-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2440-496-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2408-251-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019275-179.dat	xmrig
behavioral1/files/0x0005000000019278-183.dat	xmrig
behavioral1/files/0x0005000000019268-170.dat	xmrig
behavioral1/files/0x000500000001926c-173.dat	xmrig
behavioral1/files/0x0005000000019240-159.dat	xmrig
behavioral1/files/0x00060000000190e1-139.dat	xmrig
behavioral1/files/0x0006000000018f65-129.dat	xmrig
behavioral1/files/0x0005000000019217-154.dat	xmrig
behavioral1/files/0x00050000000191d2-144.dat	xmrig
behavioral1/files/0x000600000001904c-134.dat	xmrig
behavioral1/files/0x00060000000174c3-112.dat	xmrig
behavioral1/files/0x0006000000017488-111.dat	xmrig
behavioral1/files/0x0008000000017403-108.dat	xmrig
behavioral1/memory/3028-107-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/3060-106-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/1656-103-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2708-102-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2768-101-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2624-100-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018c34-98.dat	xmrig
behavioral1/files/0x0005000000018697-73.dat	xmrig
behavioral1/files/0x0006000000018c44-119.dat	xmrig
behavioral1/memory/2408-48-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d47-47.dat	xmrig
behavioral1/memory/3008-46-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2212-91-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x00050000000187a2-86.dat	xmrig
behavioral1/files/0x0005000000018696-85.dat	xmrig
behavioral1/files/0x000600000001757f-83.dat	xmrig
behavioral1/files/0x00060000000174a6-81.dat	xmrig
behavioral1/files/0x000600000001746a-80.dat	xmrig
behavioral1/files/0x0007000000016d0d-72.dat	xmrig
behavioral1/memory/2440-4003-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2768-4004-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2212-4006-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2780-4010-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2708-4009-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/316-4008-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/3028-4007-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/3008-4005-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/3060-4012-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2624-4011-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/3020-4013-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
316	jQerNNx.exe
2440	kGXRgPu.exe
2780	yoFVHcM.exe
3020	FiAxPFx.exe
3008	AURoKdf.exe
2212	OphbOoX.exe
3060	XMcTffa.exe
3028	ZdLXvrk.exe
2624	Gjqnhoc.exe
2768	MrLtccA.exe
2708	TUPaiRz.exe
1656	hkcHquJ.exe
2136	vCXBWtk.exe
2188	BsDKdYs.exe
2756	QHOYSTC.exe
2912	SisEkNc.exe
848	SpRyIcH.exe
2776	RKyKCUX.exe
2528	fRxXOKM.exe
1352	uDYaZuW.exe
1652	buPLHUm.exe
1436	ltdowNX.exe
1792	VZVljaL.exe
1784	GRLIZth.exe
2024	OPVtBfv.exe
1976	mMFSwiD.exe
2872	FDSFIMQ.exe
2868	SPtYSWZ.exe
2196	yqKbolR.exe
2816	tALJYDD.exe
2672	yABeZGq.exe
448	GIHewYw.exe
604	jwLUlRg.exe
1300	EoKEXtW.exe
1000	XJqdsOq.exe
688	JgQDNsG.exe
2744	JVrkmQo.exe
2344	KotyiVm.exe
1808	QbvAmRg.exe
1560	QvXKflT.exe
2208	TbsqZFP.exe
1288	XYDxgDz.exe
792	aJqCSSc.exe
2276	OYlCauq.exe
1036	iuuoPPC.exe
2348	TIIFRvI.exe
1636	YCLZCXf.exe
2144	KtHGBdw.exe
996	CKTvymT.exe
1996	YfzmtKh.exe
1508	tEybdFX.exe
1788	PaoUSfz.exe
1836	bUzfwmP.exe
1724	DoZbHGU.exe
1580	lDbqDwu.exe
2936	fsafVeE.exe
2420	jLCgmoP.exe
2888	GlyEAwx.exe
2184	LyEnTwP.exe
2600	MuIppGu.exe
2520	TlRpaaX.exe
2560	HndcABv.exe
648	AcWwFvp.exe
2004	qNyjCBN.exe

Loads dropped DLL 64 IoCs

pid	Process
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2408-0-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/files/0x0007000000012118-3.dat	upx
behavioral1/memory/316-9-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x000800000001686c-10.dat	upx
behavioral1/files/0x0007000000016c95-28.dat	upx
behavioral1/memory/3020-29-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x0007000000016ce1-33.dat	upx
behavioral1/memory/2780-27-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x0008000000016c73-22.dat	upx
behavioral1/memory/2440-21-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/files/0x0015000000018676-64.dat	upx
behavioral1/files/0x00050000000191f6-149.dat	upx
behavioral1/files/0x0005000000019259-164.dat	upx
behavioral1/files/0x000500000001929a-186.dat	upx
behavioral1/memory/3020-910-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2440-496-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2408-251-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/files/0x0005000000019275-179.dat	upx
behavioral1/files/0x0005000000019278-183.dat	upx
behavioral1/files/0x0005000000019268-170.dat	upx
behavioral1/files/0x000500000001926c-173.dat	upx
behavioral1/files/0x0005000000019240-159.dat	upx
behavioral1/files/0x00060000000190e1-139.dat	upx
behavioral1/files/0x0006000000018f65-129.dat	upx
behavioral1/files/0x0005000000019217-154.dat	upx
behavioral1/files/0x00050000000191d2-144.dat	upx
behavioral1/files/0x000600000001904c-134.dat	upx
behavioral1/files/0x00060000000174c3-112.dat	upx
behavioral1/files/0x0006000000017488-111.dat	upx
behavioral1/files/0x0008000000017403-108.dat	upx
behavioral1/memory/3028-107-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/3060-106-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/1656-103-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2708-102-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2768-101-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2624-100-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x0006000000018c34-98.dat	upx
behavioral1/files/0x0005000000018697-73.dat	upx
behavioral1/files/0x0006000000018c44-119.dat	upx
behavioral1/files/0x0009000000016d47-47.dat	upx
behavioral1/memory/3008-46-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2212-91-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x00050000000187a2-86.dat	upx
behavioral1/files/0x0005000000018696-85.dat	upx
behavioral1/files/0x000600000001757f-83.dat	upx
behavioral1/files/0x00060000000174a6-81.dat	upx
behavioral1/files/0x000600000001746a-80.dat	upx
behavioral1/files/0x0007000000016d0d-72.dat	upx
behavioral1/memory/2440-4003-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2768-4004-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2212-4006-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2780-4010-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2708-4009-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/316-4008-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/3028-4007-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/3008-4005-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/3060-4012-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2624-4011-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/3020-4013-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pKmwHLK.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCELPYX.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ddXetjN.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVQPGLz.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ikbKNpv.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNssHBl.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DJrdNgp.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mxgZrZb.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSnRIMj.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gDHqRlB.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QeZwRJf.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LAyuKoY.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hlRXZoL.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KasxUrT.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FjwFosC.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gYUIckj.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yoFVHcM.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXZMDiY.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kFItFTr.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aPAAUiH.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSpNHkI.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TUPaiRz.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OyxjiKx.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mgzKYZV.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rbOuvYF.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHGurBH.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sXEyCic.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HHEYmtK.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AUXWeFU.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eHJJaVh.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YopwtjT.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mMWQDwL.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUPyEnW.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jzIbsEb.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nnghuTl.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UnWjCWP.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OWrfFux.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vODmPcF.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FunbNJh.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FoqobwE.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AyOYAlD.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPwtsBT.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CCNiaFH.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kvwXbPF.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wbaIrdY.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XVfmIVv.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bmoypFq.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WRZLDhg.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jcMBeQm.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\arQXzbl.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qKtpKoc.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ytkpxtb.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PmdhZCr.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTJlLYs.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fCQkUdB.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHHVwye.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YPASVsb.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aAVXYWt.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cduqJkM.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqIAfjv.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWnxToR.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GkrFIVv.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SisEkNc.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fsafVeE.exe	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 316	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2408 wrote to memory of 316	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2408 wrote to memory of 316	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2408 wrote to memory of 2440	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2408 wrote to memory of 2440	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2408 wrote to memory of 2440	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2408 wrote to memory of 2780	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2408 wrote to memory of 2780	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2408 wrote to memory of 2780	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2408 wrote to memory of 3020	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2408 wrote to memory of 3020	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2408 wrote to memory of 3020	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2408 wrote to memory of 3008	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2408 wrote to memory of 3008	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2408 wrote to memory of 3008	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2408 wrote to memory of 3060	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2408 wrote to memory of 3060	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2408 wrote to memory of 3060	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2408 wrote to memory of 2212	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2408 wrote to memory of 2212	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2408 wrote to memory of 2212	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2408 wrote to memory of 2136	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2408 wrote to memory of 2136	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2408 wrote to memory of 2136	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2408 wrote to memory of 3028	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2408 wrote to memory of 3028	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2408 wrote to memory of 3028	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2408 wrote to memory of 2188	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2408 wrote to memory of 2188	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2408 wrote to memory of 2188	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2408 wrote to memory of 2624	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2408 wrote to memory of 2624	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2408 wrote to memory of 2624	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2408 wrote to memory of 2756	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2408 wrote to memory of 2756	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2408 wrote to memory of 2756	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2408 wrote to memory of 2768	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2408 wrote to memory of 2768	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2408 wrote to memory of 2768	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2408 wrote to memory of 2912	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2408 wrote to memory of 2912	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2408 wrote to memory of 2912	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2408 wrote to memory of 2708	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2408 wrote to memory of 2708	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2408 wrote to memory of 2708	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2408 wrote to memory of 2776	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2408 wrote to memory of 2776	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2408 wrote to memory of 2776	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2408 wrote to memory of 1656	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2408 wrote to memory of 1656	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2408 wrote to memory of 1656	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2408 wrote to memory of 2528	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2408 wrote to memory of 2528	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2408 wrote to memory of 2528	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2408 wrote to memory of 848	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2408 wrote to memory of 848	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2408 wrote to memory of 848	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2408 wrote to memory of 1352	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2408 wrote to memory of 1352	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2408 wrote to memory of 1352	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2408 wrote to memory of 1652	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2408 wrote to memory of 1652	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2408 wrote to memory of 1652	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2408 wrote to memory of 1436	2408	2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_73a3dacd3d12c7229f448c26142623dc_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Windows\System\jQerNNx.exe
  C:\Windows\System\jQerNNx.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\kGXRgPu.exe
  C:\Windows\System\kGXRgPu.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\yoFVHcM.exe
  C:\Windows\System\yoFVHcM.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\FiAxPFx.exe
  C:\Windows\System\FiAxPFx.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\AURoKdf.exe
  C:\Windows\System\AURoKdf.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\XMcTffa.exe
  C:\Windows\System\XMcTffa.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\OphbOoX.exe
  C:\Windows\System\OphbOoX.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\vCXBWtk.exe
  C:\Windows\System\vCXBWtk.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\ZdLXvrk.exe
  C:\Windows\System\ZdLXvrk.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\BsDKdYs.exe
  C:\Windows\System\BsDKdYs.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\Gjqnhoc.exe
  C:\Windows\System\Gjqnhoc.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\QHOYSTC.exe
  C:\Windows\System\QHOYSTC.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\MrLtccA.exe
  C:\Windows\System\MrLtccA.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\SisEkNc.exe
  C:\Windows\System\SisEkNc.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\TUPaiRz.exe
  C:\Windows\System\TUPaiRz.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\RKyKCUX.exe
  C:\Windows\System\RKyKCUX.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\hkcHquJ.exe
  C:\Windows\System\hkcHquJ.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\fRxXOKM.exe
  C:\Windows\System\fRxXOKM.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\SpRyIcH.exe
  C:\Windows\System\SpRyIcH.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\uDYaZuW.exe
  C:\Windows\System\uDYaZuW.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\buPLHUm.exe
  C:\Windows\System\buPLHUm.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\ltdowNX.exe
  C:\Windows\System\ltdowNX.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\VZVljaL.exe
  C:\Windows\System\VZVljaL.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\GRLIZth.exe
  C:\Windows\System\GRLIZth.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\OPVtBfv.exe
  C:\Windows\System\OPVtBfv.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\mMFSwiD.exe
  C:\Windows\System\mMFSwiD.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\FDSFIMQ.exe
  C:\Windows\System\FDSFIMQ.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\SPtYSWZ.exe
  C:\Windows\System\SPtYSWZ.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\yqKbolR.exe
  C:\Windows\System\yqKbolR.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\tALJYDD.exe
  C:\Windows\System\tALJYDD.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\yABeZGq.exe
  C:\Windows\System\yABeZGq.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\GIHewYw.exe
  C:\Windows\System\GIHewYw.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\jwLUlRg.exe
  C:\Windows\System\jwLUlRg.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\EoKEXtW.exe
  C:\Windows\System\EoKEXtW.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\XJqdsOq.exe
  C:\Windows\System\XJqdsOq.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\JgQDNsG.exe
  C:\Windows\System\JgQDNsG.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\JVrkmQo.exe
  C:\Windows\System\JVrkmQo.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\KotyiVm.exe
  C:\Windows\System\KotyiVm.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\QbvAmRg.exe
  C:\Windows\System\QbvAmRg.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\QvXKflT.exe
  C:\Windows\System\QvXKflT.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\TbsqZFP.exe
  C:\Windows\System\TbsqZFP.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\XYDxgDz.exe
  C:\Windows\System\XYDxgDz.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\aJqCSSc.exe
  C:\Windows\System\aJqCSSc.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\OYlCauq.exe
  C:\Windows\System\OYlCauq.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\iuuoPPC.exe
  C:\Windows\System\iuuoPPC.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\TIIFRvI.exe
  C:\Windows\System\TIIFRvI.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\YCLZCXf.exe
  C:\Windows\System\YCLZCXf.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\KtHGBdw.exe
  C:\Windows\System\KtHGBdw.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\CKTvymT.exe
  C:\Windows\System\CKTvymT.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\YfzmtKh.exe
  C:\Windows\System\YfzmtKh.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\tEybdFX.exe
  C:\Windows\System\tEybdFX.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\bUzfwmP.exe
  C:\Windows\System\bUzfwmP.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\PaoUSfz.exe
  C:\Windows\System\PaoUSfz.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\lDbqDwu.exe
  C:\Windows\System\lDbqDwu.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\DoZbHGU.exe
  C:\Windows\System\DoZbHGU.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\jLCgmoP.exe
  C:\Windows\System\jLCgmoP.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\fsafVeE.exe
  C:\Windows\System\fsafVeE.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\GlyEAwx.exe
  C:\Windows\System\GlyEAwx.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\LyEnTwP.exe
  C:\Windows\System\LyEnTwP.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\MuIppGu.exe
  C:\Windows\System\MuIppGu.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\TlRpaaX.exe
  C:\Windows\System\TlRpaaX.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\HndcABv.exe
  C:\Windows\System\HndcABv.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\AcWwFvp.exe
  C:\Windows\System\AcWwFvp.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\qNyjCBN.exe
  C:\Windows\System\qNyjCBN.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\hWxMqqW.exe
  C:\Windows\System\hWxMqqW.exe
  2⤵
  PID:2688
- C:\Windows\System\GDMPFAQ.exe
  C:\Windows\System\GDMPFAQ.exe
  2⤵
  PID:2752
- C:\Windows\System\CAqgFuW.exe
  C:\Windows\System\CAqgFuW.exe
  2⤵
  PID:2532
- C:\Windows\System\zHVbnlW.exe
  C:\Windows\System\zHVbnlW.exe
  2⤵
  PID:1296
- C:\Windows\System\dgTiJJi.exe
  C:\Windows\System\dgTiJJi.exe
  2⤵
  PID:1920
- C:\Windows\System\EtSVdBO.exe
  C:\Windows\System\EtSVdBO.exe
  2⤵
  PID:1744
- C:\Windows\System\aRFmuCw.exe
  C:\Windows\System\aRFmuCw.exe
  2⤵
  PID:2000
- C:\Windows\System\gVVHqdp.exe
  C:\Windows\System\gVVHqdp.exe
  2⤵
  PID:2844
- C:\Windows\System\cLLjEOL.exe
  C:\Windows\System\cLLjEOL.exe
  2⤵
  PID:1092
- C:\Windows\System\rvWzzZs.exe
  C:\Windows\System\rvWzzZs.exe
  2⤵
  PID:788
- C:\Windows\System\eDIzGQt.exe
  C:\Windows\System\eDIzGQt.exe
  2⤵
  PID:1664
- C:\Windows\System\qSHerKs.exe
  C:\Windows\System\qSHerKs.exe
  2⤵
  PID:816
- C:\Windows\System\UJZOpAN.exe
  C:\Windows\System\UJZOpAN.exe
  2⤵
  PID:1872
- C:\Windows\System\IptLGow.exe
  C:\Windows\System\IptLGow.exe
  2⤵
  PID:1320
- C:\Windows\System\aKtlJwA.exe
  C:\Windows\System\aKtlJwA.exe
  2⤵
  PID:2008
- C:\Windows\System\ADAzMgD.exe
  C:\Windows\System\ADAzMgD.exe
  2⤵
  PID:2168
- C:\Windows\System\SIFTtii.exe
  C:\Windows\System\SIFTtii.exe
  2⤵
  PID:2240
- C:\Windows\System\TJehUOB.exe
  C:\Windows\System\TJehUOB.exe
  2⤵
  PID:880
- C:\Windows\System\iWckzLO.exe
  C:\Windows\System\iWckzLO.exe
  2⤵
  PID:764
- C:\Windows\System\pophWqG.exe
  C:\Windows\System\pophWqG.exe
  2⤵
  PID:2152
- C:\Windows\System\VAwAllj.exe
  C:\Windows\System\VAwAllj.exe
  2⤵
  PID:1604
- C:\Windows\System\KcLhgCH.exe
  C:\Windows\System\KcLhgCH.exe
  2⤵
  PID:2056
- C:\Windows\System\pJHsCoB.exe
  C:\Windows\System\pJHsCoB.exe
  2⤵
  PID:2080
- C:\Windows\System\lzNvmAL.exe
  C:\Windows\System\lzNvmAL.exe
  2⤵
  PID:1752
- C:\Windows\System\twTyRuD.exe
  C:\Windows\System\twTyRuD.exe
  2⤵
  PID:2160
- C:\Windows\System\LaxgjDT.exe
  C:\Windows\System\LaxgjDT.exe
  2⤵
  PID:1708
- C:\Windows\System\LqhOaEN.exe
  C:\Windows\System\LqhOaEN.exe
  2⤵
  PID:2748
- C:\Windows\System\tgpiaQQ.exe
  C:\Windows\System\tgpiaQQ.exe
  2⤵
  PID:3044
- C:\Windows\System\fjAwBEI.exe
  C:\Windows\System\fjAwBEI.exe
  2⤵
  PID:1532
- C:\Windows\System\vnedlXA.exe
  C:\Windows\System\vnedlXA.exe
  2⤵
  PID:1332
- C:\Windows\System\YoIYWfr.exe
  C:\Windows\System\YoIYWfr.exe
  2⤵
  PID:3040
- C:\Windows\System\Cqwdpyi.exe
  C:\Windows\System\Cqwdpyi.exe
  2⤵
  PID:1812
- C:\Windows\System\ZsTrHyf.exe
  C:\Windows\System\ZsTrHyf.exe
  2⤵
  PID:2832
- C:\Windows\System\gchobmv.exe
  C:\Windows\System\gchobmv.exe
  2⤵
  PID:1716
- C:\Windows\System\xAlzAlv.exe
  C:\Windows\System\xAlzAlv.exe
  2⤵
  PID:1852
- C:\Windows\System\LDOmXbZ.exe
  C:\Windows\System\LDOmXbZ.exe
  2⤵
  PID:2256
- C:\Windows\System\tihCRSc.exe
  C:\Windows\System\tihCRSc.exe
  2⤵
  PID:1384
- C:\Windows\System\lTztmHw.exe
  C:\Windows\System\lTztmHw.exe
  2⤵
  PID:2264
- C:\Windows\System\VzCBhMF.exe
  C:\Windows\System\VzCBhMF.exe
  2⤵
  PID:3084
- C:\Windows\System\figGGVK.exe
  C:\Windows\System\figGGVK.exe
  2⤵
  PID:3100
- C:\Windows\System\EpvAluG.exe
  C:\Windows\System\EpvAluG.exe
  2⤵
  PID:3116
- C:\Windows\System\ZNuFimh.exe
  C:\Windows\System\ZNuFimh.exe
  2⤵
  PID:3132
- C:\Windows\System\eSopcMu.exe
  C:\Windows\System\eSopcMu.exe
  2⤵
  PID:3148
- C:\Windows\System\XLBDfzR.exe
  C:\Windows\System\XLBDfzR.exe
  2⤵
  PID:3164
- C:\Windows\System\PzGTera.exe
  C:\Windows\System\PzGTera.exe
  2⤵
  PID:3180
- C:\Windows\System\AwcPGQk.exe
  C:\Windows\System\AwcPGQk.exe
  2⤵
  PID:3196
- C:\Windows\System\saGFKEK.exe
  C:\Windows\System\saGFKEK.exe
  2⤵
  PID:3212
- C:\Windows\System\kvwXbPF.exe
  C:\Windows\System\kvwXbPF.exe
  2⤵
  PID:3228
- C:\Windows\System\fhpEaNe.exe
  C:\Windows\System\fhpEaNe.exe
  2⤵
  PID:3244
- C:\Windows\System\BqKiBCE.exe
  C:\Windows\System\BqKiBCE.exe
  2⤵
  PID:3264
- C:\Windows\System\CIbajlZ.exe
  C:\Windows\System\CIbajlZ.exe
  2⤵
  PID:3280
- C:\Windows\System\qvhQSpN.exe
  C:\Windows\System\qvhQSpN.exe
  2⤵
  PID:3324
- C:\Windows\System\tEUosTN.exe
  C:\Windows\System\tEUosTN.exe
  2⤵
  PID:3344
- C:\Windows\System\jUTUopE.exe
  C:\Windows\System\jUTUopE.exe
  2⤵
  PID:3360
- C:\Windows\System\eknNKpm.exe
  C:\Windows\System\eknNKpm.exe
  2⤵
  PID:3380
- C:\Windows\System\nwfQlvl.exe
  C:\Windows\System\nwfQlvl.exe
  2⤵
  PID:3396
- C:\Windows\System\hdXaxbQ.exe
  C:\Windows\System\hdXaxbQ.exe
  2⤵
  PID:3416
- C:\Windows\System\fYSGcnO.exe
  C:\Windows\System\fYSGcnO.exe
  2⤵
  PID:3436
- C:\Windows\System\tqLIayV.exe
  C:\Windows\System\tqLIayV.exe
  2⤵
  PID:3500
- C:\Windows\System\RUrXgGm.exe
  C:\Windows\System\RUrXgGm.exe
  2⤵
  PID:3524
- C:\Windows\System\DdhgSqF.exe
  C:\Windows\System\DdhgSqF.exe
  2⤵
  PID:3540
- C:\Windows\System\cKzftds.exe
  C:\Windows\System\cKzftds.exe
  2⤵
  PID:3560
- C:\Windows\System\OSzHPYL.exe
  C:\Windows\System\OSzHPYL.exe
  2⤵
  PID:3580
- C:\Windows\System\xsLCvZE.exe
  C:\Windows\System\xsLCvZE.exe
  2⤵
  PID:3600
- C:\Windows\System\QwGLdGT.exe
  C:\Windows\System\QwGLdGT.exe
  2⤵
  PID:3620
- C:\Windows\System\GuBIkto.exe
  C:\Windows\System\GuBIkto.exe
  2⤵
  PID:3644
- C:\Windows\System\garwzFT.exe
  C:\Windows\System\garwzFT.exe
  2⤵
  PID:3660
- C:\Windows\System\WYYzrvT.exe
  C:\Windows\System\WYYzrvT.exe
  2⤵
  PID:3684
- C:\Windows\System\dqdMQEn.exe
  C:\Windows\System\dqdMQEn.exe
  2⤵
  PID:3700
- C:\Windows\System\HWBUzXl.exe
  C:\Windows\System\HWBUzXl.exe
  2⤵
  PID:3728
- C:\Windows\System\CGHChDV.exe
  C:\Windows\System\CGHChDV.exe
  2⤵
  PID:3744
- C:\Windows\System\wCgBYGH.exe
  C:\Windows\System\wCgBYGH.exe
  2⤵
  PID:3760
- C:\Windows\System\odgBYsi.exe
  C:\Windows\System\odgBYsi.exe
  2⤵
  PID:3776
- C:\Windows\System\BNdDdKj.exe
  C:\Windows\System\BNdDdKj.exe
  2⤵
  PID:3804
- C:\Windows\System\xtymMBc.exe
  C:\Windows\System\xtymMBc.exe
  2⤵
  PID:3820
- C:\Windows\System\ysyWuMr.exe
  C:\Windows\System\ysyWuMr.exe
  2⤵
  PID:3840
- C:\Windows\System\fqzHvIg.exe
  C:\Windows\System\fqzHvIg.exe
  2⤵
  PID:3864
- C:\Windows\System\XRQwDrs.exe
  C:\Windows\System\XRQwDrs.exe
  2⤵
  PID:3880
- C:\Windows\System\OpSqKdx.exe
  C:\Windows\System\OpSqKdx.exe
  2⤵
  PID:3908
- C:\Windows\System\SSpLLUq.exe
  C:\Windows\System\SSpLLUq.exe
  2⤵
  PID:3928
- C:\Windows\System\MtryeoP.exe
  C:\Windows\System\MtryeoP.exe
  2⤵
  PID:3948
- C:\Windows\System\lXXnfGH.exe
  C:\Windows\System\lXXnfGH.exe
  2⤵
  PID:3968
- C:\Windows\System\gJbZEHr.exe
  C:\Windows\System\gJbZEHr.exe
  2⤵
  PID:3988
- C:\Windows\System\FunbNJh.exe
  C:\Windows\System\FunbNJh.exe
  2⤵
  PID:4008
- C:\Windows\System\qYYBknV.exe
  C:\Windows\System\qYYBknV.exe
  2⤵
  PID:4028
- C:\Windows\System\sbMYzKm.exe
  C:\Windows\System\sbMYzKm.exe
  2⤵
  PID:4044
- C:\Windows\System\idsVMtT.exe
  C:\Windows\System\idsVMtT.exe
  2⤵
  PID:4064
- C:\Windows\System\THockwo.exe
  C:\Windows\System\THockwo.exe
  2⤵
  PID:4088
- C:\Windows\System\iiDfAcX.exe
  C:\Windows\System\iiDfAcX.exe
  2⤵
  PID:1516
- C:\Windows\System\TLpJfVJ.exe
  C:\Windows\System\TLpJfVJ.exe
  2⤵
  PID:892
- C:\Windows\System\dgBGSIX.exe
  C:\Windows\System\dgBGSIX.exe
  2⤵
  PID:2372
- C:\Windows\System\xWTCtKI.exe
  C:\Windows\System\xWTCtKI.exe
  2⤵
  PID:1820
- C:\Windows\System\kTaRUgd.exe
  C:\Windows\System\kTaRUgd.exe
  2⤵
  PID:2740
- C:\Windows\System\bmoypFq.exe
  C:\Windows\System\bmoypFq.exe
  2⤵
  PID:2852
- C:\Windows\System\XRbhJTT.exe
  C:\Windows\System\XRbhJTT.exe
  2⤵
  PID:3092
- C:\Windows\System\UTRUopm.exe
  C:\Windows\System\UTRUopm.exe
  2⤵
  PID:2104
- C:\Windows\System\chdeUBS.exe
  C:\Windows\System\chdeUBS.exe
  2⤵
  PID:320
- C:\Windows\System\yWIfcjq.exe
  C:\Windows\System\yWIfcjq.exe
  2⤵
  PID:3024
- C:\Windows\System\lyscOIv.exe
  C:\Windows\System\lyscOIv.exe
  2⤵
  PID:3160
- C:\Windows\System\OSyjIcR.exe
  C:\Windows\System\OSyjIcR.exe
  2⤵
  PID:3252
- C:\Windows\System\haiLJwG.exe
  C:\Windows\System\haiLJwG.exe
  2⤵
  PID:2960
- C:\Windows\System\IDLxlEZ.exe
  C:\Windows\System\IDLxlEZ.exe
  2⤵
  PID:3296
- C:\Windows\System\xkjYAne.exe
  C:\Windows\System\xkjYAne.exe
  2⤵
  PID:324
- C:\Windows\System\kDcZfir.exe
  C:\Windows\System\kDcZfir.exe
  2⤵
  PID:2324
- C:\Windows\System\DYrspRh.exe
  C:\Windows\System\DYrspRh.exe
  2⤵
  PID:2628
- C:\Windows\System\qvNdpew.exe
  C:\Windows\System\qvNdpew.exe
  2⤵
  PID:3388
- C:\Windows\System\oBSVyju.exe
  C:\Windows\System\oBSVyju.exe
  2⤵
  PID:3372
- C:\Windows\System\VubOKxb.exe
  C:\Windows\System\VubOKxb.exe
  2⤵
  PID:1596
- C:\Windows\System\EDmerwj.exe
  C:\Windows\System\EDmerwj.exe
  2⤵
  PID:3336
- C:\Windows\System\BFWnLcQ.exe
  C:\Windows\System\BFWnLcQ.exe
  2⤵
  PID:3236
- C:\Windows\System\QzIzpNB.exe
  C:\Windows\System\QzIzpNB.exe
  2⤵
  PID:3144
- C:\Windows\System\OPernZh.exe
  C:\Windows\System\OPernZh.exe
  2⤵
  PID:3076
- C:\Windows\System\lkZwRHl.exe
  C:\Windows\System\lkZwRHl.exe
  2⤵
  PID:3452
- C:\Windows\System\xnphvzB.exe
  C:\Windows\System\xnphvzB.exe
  2⤵
  PID:3472
- C:\Windows\System\qKABDRZ.exe
  C:\Windows\System\qKABDRZ.exe
  2⤵
  PID:3520
- C:\Windows\System\vHVufvm.exe
  C:\Windows\System\vHVufvm.exe
  2⤵
  PID:3496
- C:\Windows\System\xWtNAjB.exe
  C:\Windows\System\xWtNAjB.exe
  2⤵
  PID:3596
- C:\Windows\System\BChMtAx.exe
  C:\Windows\System\BChMtAx.exe
  2⤵
  PID:3572
- C:\Windows\System\FoqobwE.exe
  C:\Windows\System\FoqobwE.exe
  2⤵
  PID:3636
- C:\Windows\System\zcTYurZ.exe
  C:\Windows\System\zcTYurZ.exe
  2⤵
  PID:3672
- C:\Windows\System\kTCOjhg.exe
  C:\Windows\System\kTCOjhg.exe
  2⤵
  PID:3716
- C:\Windows\System\fjyTgrF.exe
  C:\Windows\System\fjyTgrF.exe
  2⤵
  PID:3696
- C:\Windows\System\CJuoahU.exe
  C:\Windows\System\CJuoahU.exe
  2⤵
  PID:3796
- C:\Windows\System\fWIqjcJ.exe
  C:\Windows\System\fWIqjcJ.exe
  2⤵
  PID:3772
- C:\Windows\System\NMlObeB.exe
  C:\Windows\System\NMlObeB.exe
  2⤵
  PID:3836
- C:\Windows\System\CKUXYxh.exe
  C:\Windows\System\CKUXYxh.exe
  2⤵
  PID:3876
- C:\Windows\System\CJawgbn.exe
  C:\Windows\System\CJawgbn.exe
  2⤵
  PID:3916
- C:\Windows\System\sXslyyF.exe
  C:\Windows\System\sXslyyF.exe
  2⤵
  PID:3920
- C:\Windows\System\sjZQEBc.exe
  C:\Windows\System\sjZQEBc.exe
  2⤵
  PID:3940
- C:\Windows\System\CkfdAPC.exe
  C:\Windows\System\CkfdAPC.exe
  2⤵
  PID:3976
- C:\Windows\System\WnYXToR.exe
  C:\Windows\System\WnYXToR.exe
  2⤵
  PID:4040
- C:\Windows\System\GmNhiTx.exe
  C:\Windows\System\GmNhiTx.exe
  2⤵
  PID:4084
- C:\Windows\System\FHmJRFS.exe
  C:\Windows\System\FHmJRFS.exe
  2⤵
  PID:2384
- C:\Windows\System\LsudjXJ.exe
  C:\Windows\System\LsudjXJ.exe
  2⤵
  PID:2176
- C:\Windows\System\kfHoHni.exe
  C:\Windows\System\kfHoHni.exe
  2⤵
  PID:1728
- C:\Windows\System\XrWLnrj.exe
  C:\Windows\System\XrWLnrj.exe
  2⤵
  PID:1816
- C:\Windows\System\pYkwQgF.exe
  C:\Windows\System\pYkwQgF.exe
  2⤵
  PID:1780
- C:\Windows\System\NJULtsg.exe
  C:\Windows\System\NJULtsg.exe
  2⤵
  PID:1648
- C:\Windows\System\vGtJHKR.exe
  C:\Windows\System\vGtJHKR.exe
  2⤵
  PID:3124
- C:\Windows\System\uIgTaMq.exe
  C:\Windows\System\uIgTaMq.exe
  2⤵
  PID:3220
- C:\Windows\System\OyxjiKx.exe
  C:\Windows\System\OyxjiKx.exe
  2⤵
  PID:2164
- C:\Windows\System\fKhCYwo.exe
  C:\Windows\System\fKhCYwo.exe
  2⤵
  PID:3308
- C:\Windows\System\fQowPxe.exe
  C:\Windows\System\fQowPxe.exe
  2⤵
  PID:3316
- C:\Windows\System\fgjnPFz.exe
  C:\Windows\System\fgjnPFz.exe
  2⤵
  PID:3424
- C:\Windows\System\vmYOCFs.exe
  C:\Windows\System\vmYOCFs.exe
  2⤵
  PID:3276
- C:\Windows\System\PsdIwHH.exe
  C:\Windows\System\PsdIwHH.exe
  2⤵
  PID:3272
- C:\Windows\System\KrySuXz.exe
  C:\Windows\System\KrySuXz.exe
  2⤵
  PID:3080
- C:\Windows\System\eAASEeg.exe
  C:\Windows\System\eAASEeg.exe
  2⤵
  PID:1388
- C:\Windows\System\KullUWC.exe
  C:\Windows\System\KullUWC.exe
  2⤵
  PID:3492
- C:\Windows\System\zTTUGNW.exe
  C:\Windows\System\zTTUGNW.exe
  2⤵
  PID:3556
- C:\Windows\System\ghqvtpR.exe
  C:\Windows\System\ghqvtpR.exe
  2⤵
  PID:3568
- C:\Windows\System\gCuyDIb.exe
  C:\Windows\System\gCuyDIb.exe
  2⤵
  PID:3632
- C:\Windows\System\bAdviAL.exe
  C:\Windows\System\bAdviAL.exe
  2⤵
  PID:3656
- C:\Windows\System\GDNmcrC.exe
  C:\Windows\System\GDNmcrC.exe
  2⤵
  PID:3788
- C:\Windows\System\RswKGtg.exe
  C:\Windows\System\RswKGtg.exe
  2⤵
  PID:3740
- C:\Windows\System\WYfEeqv.exe
  C:\Windows\System\WYfEeqv.exe
  2⤵
  PID:3892
- C:\Windows\System\NNsVPkg.exe
  C:\Windows\System\NNsVPkg.exe
  2⤵
  PID:3936
- C:\Windows\System\LmfpzOT.exe
  C:\Windows\System\LmfpzOT.exe
  2⤵
  PID:4004
- C:\Windows\System\sLXOcRx.exe
  C:\Windows\System\sLXOcRx.exe
  2⤵
  PID:4076
- C:\Windows\System\iTdrLow.exe
  C:\Windows\System\iTdrLow.exe
  2⤵
  PID:4060
- C:\Windows\System\dWuwgWN.exe
  C:\Windows\System\dWuwgWN.exe
  2⤵
  PID:2112
- C:\Windows\System\zgEiPZL.exe
  C:\Windows\System\zgEiPZL.exe
  2⤵
  PID:1156
- C:\Windows\System\YuIdELF.exe
  C:\Windows\System\YuIdELF.exe
  2⤵
  PID:2464
- C:\Windows\System\nnJBREw.exe
  C:\Windows\System\nnJBREw.exe
  2⤵
  PID:3192
- C:\Windows\System\EoUcXvH.exe
  C:\Windows\System\EoUcXvH.exe
  2⤵
  PID:2544
- C:\Windows\System\grWjrPL.exe
  C:\Windows\System\grWjrPL.exe
  2⤵
  PID:3320
- C:\Windows\System\lWqJCAc.exe
  C:\Windows\System\lWqJCAc.exe
  2⤵
  PID:3368
- C:\Windows\System\tGhRoXn.exe
  C:\Windows\System\tGhRoXn.exe
  2⤵
  PID:2368
- C:\Windows\System\HXSOobQ.exe
  C:\Windows\System\HXSOobQ.exe
  2⤵
  PID:3112
- C:\Windows\System\epkhNWW.exe
  C:\Windows\System\epkhNWW.exe
  2⤵
  PID:3532
- C:\Windows\System\lvZESul.exe
  C:\Windows\System\lvZESul.exe
  2⤵
  PID:4104
- C:\Windows\System\NCsGNLi.exe
  C:\Windows\System\NCsGNLi.exe
  2⤵
  PID:4120
- C:\Windows\System\AyOYAlD.exe
  C:\Windows\System\AyOYAlD.exe
  2⤵
  PID:4136
- C:\Windows\System\EuCsqyB.exe
  C:\Windows\System\EuCsqyB.exe
  2⤵
  PID:4152
- C:\Windows\System\OJDKYEQ.exe
  C:\Windows\System\OJDKYEQ.exe
  2⤵
  PID:4168
- C:\Windows\System\jrAKwwr.exe
  C:\Windows\System\jrAKwwr.exe
  2⤵
  PID:4184
- C:\Windows\System\dHSsDfc.exe
  C:\Windows\System\dHSsDfc.exe
  2⤵
  PID:4200
- C:\Windows\System\kDJMmUJ.exe
  C:\Windows\System\kDJMmUJ.exe
  2⤵
  PID:4220
- C:\Windows\System\FXZMDiY.exe
  C:\Windows\System\FXZMDiY.exe
  2⤵
  PID:4236
- C:\Windows\System\tcyGbYz.exe
  C:\Windows\System\tcyGbYz.exe
  2⤵
  PID:4252
- C:\Windows\System\VpChcEC.exe
  C:\Windows\System\VpChcEC.exe
  2⤵
  PID:4292
- C:\Windows\System\pERdhef.exe
  C:\Windows\System\pERdhef.exe
  2⤵
  PID:4316
- C:\Windows\System\hRoaUIj.exe
  C:\Windows\System\hRoaUIj.exe
  2⤵
  PID:4332
- C:\Windows\System\ZCELPYX.exe
  C:\Windows\System\ZCELPYX.exe
  2⤵
  PID:4380
- C:\Windows\System\QBcFFPk.exe
  C:\Windows\System\QBcFFPk.exe
  2⤵
  PID:4396
- C:\Windows\System\RsmLOUL.exe
  C:\Windows\System\RsmLOUL.exe
  2⤵
  PID:4412
- C:\Windows\System\eruEDdC.exe
  C:\Windows\System\eruEDdC.exe
  2⤵
  PID:4432
- C:\Windows\System\zBHOcmV.exe
  C:\Windows\System\zBHOcmV.exe
  2⤵
  PID:4452
- C:\Windows\System\PmdhZCr.exe
  C:\Windows\System\PmdhZCr.exe
  2⤵
  PID:4468
- C:\Windows\System\VqCRfDv.exe
  C:\Windows\System\VqCRfDv.exe
  2⤵
  PID:4484
- C:\Windows\System\LNcXYJW.exe
  C:\Windows\System\LNcXYJW.exe
  2⤵
  PID:4500
- C:\Windows\System\pjBrCvc.exe
  C:\Windows\System\pjBrCvc.exe
  2⤵
  PID:4516
- C:\Windows\System\oXTWWah.exe
  C:\Windows\System\oXTWWah.exe
  2⤵
  PID:4536
- C:\Windows\System\VNwCdCa.exe
  C:\Windows\System\VNwCdCa.exe
  2⤵
  PID:4564
- C:\Windows\System\jTuFgMq.exe
  C:\Windows\System\jTuFgMq.exe
  2⤵
  PID:4584
- C:\Windows\System\eJxoMjm.exe
  C:\Windows\System\eJxoMjm.exe
  2⤵
  PID:4604
- C:\Windows\System\PyIKbyw.exe
  C:\Windows\System\PyIKbyw.exe
  2⤵
  PID:4624
- C:\Windows\System\wbaIrdY.exe
  C:\Windows\System\wbaIrdY.exe
  2⤵
  PID:4676
- C:\Windows\System\TtdEMFH.exe
  C:\Windows\System\TtdEMFH.exe
  2⤵
  PID:4692
- C:\Windows\System\BRFsbMZ.exe
  C:\Windows\System\BRFsbMZ.exe
  2⤵
  PID:4716
- C:\Windows\System\bweoSrs.exe
  C:\Windows\System\bweoSrs.exe
  2⤵
  PID:4736
- C:\Windows\System\xrYPqTf.exe
  C:\Windows\System\xrYPqTf.exe
  2⤵
  PID:4752
- C:\Windows\System\IRnEvPB.exe
  C:\Windows\System\IRnEvPB.exe
  2⤵
  PID:4772
- C:\Windows\System\AYPicfM.exe
  C:\Windows\System\AYPicfM.exe
  2⤵
  PID:4788
- C:\Windows\System\rsLHGXQ.exe
  C:\Windows\System\rsLHGXQ.exe
  2⤵
  PID:4812
- C:\Windows\System\pUIOLsB.exe
  C:\Windows\System\pUIOLsB.exe
  2⤵
  PID:4828
- C:\Windows\System\JAxNHzD.exe
  C:\Windows\System\JAxNHzD.exe
  2⤵
  PID:4852
- C:\Windows\System\UQheZPC.exe
  C:\Windows\System\UQheZPC.exe
  2⤵
  PID:4880
- C:\Windows\System\TcXHqpN.exe
  C:\Windows\System\TcXHqpN.exe
  2⤵
  PID:4896
- C:\Windows\System\wbattte.exe
  C:\Windows\System\wbattte.exe
  2⤵
  PID:4920
- C:\Windows\System\yzhueIk.exe
  C:\Windows\System\yzhueIk.exe
  2⤵
  PID:4936
- C:\Windows\System\YvXGyig.exe
  C:\Windows\System\YvXGyig.exe
  2⤵
  PID:4952
- C:\Windows\System\FPqJJBh.exe
  C:\Windows\System\FPqJJBh.exe
  2⤵
  PID:4968
- C:\Windows\System\vsRmLCm.exe
  C:\Windows\System\vsRmLCm.exe
  2⤵
  PID:4984
- C:\Windows\System\vLXLtnk.exe
  C:\Windows\System\vLXLtnk.exe
  2⤵
  PID:5004
- C:\Windows\System\oYRDHpM.exe
  C:\Windows\System\oYRDHpM.exe
  2⤵
  PID:5020
- C:\Windows\System\GGeggDD.exe
  C:\Windows\System\GGeggDD.exe
  2⤵
  PID:5036
- C:\Windows\System\RlNKCaw.exe
  C:\Windows\System\RlNKCaw.exe
  2⤵
  PID:5068
- C:\Windows\System\VfASEfv.exe
  C:\Windows\System\VfASEfv.exe
  2⤵
  PID:5088
- C:\Windows\System\skFgPgP.exe
  C:\Windows\System\skFgPgP.exe
  2⤵
  PID:5108
- C:\Windows\System\YyCRoNu.exe
  C:\Windows\System\YyCRoNu.exe
  2⤵
  PID:3640
- C:\Windows\System\ZfBFxhJ.exe
  C:\Windows\System\ZfBFxhJ.exe
  2⤵
  PID:3848
- C:\Windows\System\BdRaGWS.exe
  C:\Windows\System\BdRaGWS.exe
  2⤵
  PID:1712
- C:\Windows\System\slPFQrJ.exe
  C:\Windows\System\slPFQrJ.exe
  2⤵
  PID:3484
- C:\Windows\System\iAAfIXB.exe
  C:\Windows\System\iAAfIXB.exe
  2⤵
  PID:2108
- C:\Windows\System\MYPpSEa.exe
  C:\Windows\System\MYPpSEa.exe
  2⤵
  PID:3356
- C:\Windows\System\zBfdHTV.exe
  C:\Windows\System\zBfdHTV.exe
  2⤵
  PID:3428
- C:\Windows\System\IgNRILc.exe
  C:\Windows\System\IgNRILc.exe
  2⤵
  PID:3508
- C:\Windows\System\ulWVJat.exe
  C:\Windows\System\ulWVJat.exe
  2⤵
  PID:4176
- C:\Windows\System\mgzKYZV.exe
  C:\Windows\System\mgzKYZV.exe
  2⤵
  PID:4244
- C:\Windows\System\mtsoHUx.exe
  C:\Windows\System\mtsoHUx.exe
  2⤵
  PID:4300
- C:\Windows\System\VUOgTBg.exe
  C:\Windows\System\VUOgTBg.exe
  2⤵
  PID:1688
- C:\Windows\System\rjDeOzr.exe
  C:\Windows\System\rjDeOzr.exe
  2⤵
  PID:2728
- C:\Windows\System\FJfUjfX.exe
  C:\Windows\System\FJfUjfX.exe
  2⤵
  PID:4344
- C:\Windows\System\mcTWXWR.exe
  C:\Windows\System\mcTWXWR.exe
  2⤵
  PID:4364
- C:\Windows\System\VyaIrrV.exe
  C:\Windows\System\VyaIrrV.exe
  2⤵
  PID:4408
- C:\Windows\System\rbOuvYF.exe
  C:\Windows\System\rbOuvYF.exe
  2⤵
  PID:4480
- C:\Windows\System\kwYHtfh.exe
  C:\Windows\System\kwYHtfh.exe
  2⤵
  PID:4556
- C:\Windows\System\VbJzNaz.exe
  C:\Windows\System\VbJzNaz.exe
  2⤵
  PID:4268
- C:\Windows\System\CwGxKIH.exe
  C:\Windows\System\CwGxKIH.exe
  2⤵
  PID:4288
- C:\Windows\System\ebmvkCw.exe
  C:\Windows\System\ebmvkCw.exe
  2⤵
  PID:4228
- C:\Windows\System\GiQCZiS.exe
  C:\Windows\System\GiQCZiS.exe
  2⤵
  PID:4132
- C:\Windows\System\DfqKZrA.exe
  C:\Windows\System\DfqKZrA.exe
  2⤵
  PID:4600
- C:\Windows\System\nZHrPfd.exe
  C:\Windows\System\nZHrPfd.exe
  2⤵
  PID:4648
- C:\Windows\System\zgrEuhf.exe
  C:\Windows\System\zgrEuhf.exe
  2⤵
  PID:4656
- C:\Windows\System\mjHoUqB.exe
  C:\Windows\System\mjHoUqB.exe
  2⤵
  PID:4708
- C:\Windows\System\TnQVkIh.exe
  C:\Windows\System\TnQVkIh.exe
  2⤵
  PID:4780
- C:\Windows\System\vzVaatv.exe
  C:\Windows\System\vzVaatv.exe
  2⤵
  PID:4524
- C:\Windows\System\JwbtSzQ.exe
  C:\Windows\System\JwbtSzQ.exe
  2⤵
  PID:4580
- C:\Windows\System\nkeHFRq.exe
  C:\Windows\System\nkeHFRq.exe
  2⤵
  PID:4496
- C:\Windows\System\Ozqnddu.exe
  C:\Windows\System\Ozqnddu.exe
  2⤵
  PID:4868
- C:\Windows\System\oIQJVmp.exe
  C:\Windows\System\oIQJVmp.exe
  2⤵
  PID:4728
- C:\Windows\System\AWJqQck.exe
  C:\Windows\System\AWJqQck.exe
  2⤵
  PID:4904
- C:\Windows\System\JbrAsrp.exe
  C:\Windows\System\JbrAsrp.exe
  2⤵
  PID:4948
- C:\Windows\System\RyTjAFB.exe
  C:\Windows\System\RyTjAFB.exe
  2⤵
  PID:4808
- C:\Windows\System\uLWBwBm.exe
  C:\Windows\System\uLWBwBm.exe
  2⤵
  PID:5016
- C:\Windows\System\zHGurBH.exe
  C:\Windows\System\zHGurBH.exe
  2⤵
  PID:5064
- C:\Windows\System\PQefftk.exe
  C:\Windows\System\PQefftk.exe
  2⤵
  PID:4840
- C:\Windows\System\jhrnKxt.exe
  C:\Windows\System\jhrnKxt.exe
  2⤵
  PID:5100
- C:\Windows\System\NgOZlpY.exe
  C:\Windows\System\NgOZlpY.exe
  2⤵
  PID:3856
- C:\Windows\System\EMCWObv.exe
  C:\Windows\System\EMCWObv.exe
  2⤵
  PID:2436
- C:\Windows\System\imwUCrU.exe
  C:\Windows\System\imwUCrU.exe
  2⤵
  PID:2824
- C:\Windows\System\PoWxJuN.exe
  C:\Windows\System\PoWxJuN.exe
  2⤵
  PID:900
- C:\Windows\System\PvsFIfa.exe
  C:\Windows\System\PvsFIfa.exe
  2⤵
  PID:5116
- C:\Windows\System\PEKrMJb.exe
  C:\Windows\System\PEKrMJb.exe
  2⤵
  PID:3480
- C:\Windows\System\sVfWsrA.exe
  C:\Windows\System\sVfWsrA.exe
  2⤵
  PID:3468
- C:\Windows\System\YDKORKG.exe
  C:\Windows\System\YDKORKG.exe
  2⤵
  PID:4116
- C:\Windows\System\zAdXxkb.exe
  C:\Windows\System\zAdXxkb.exe
  2⤵
  PID:4212
- C:\Windows\System\kZtjECF.exe
  C:\Windows\System\kZtjECF.exe
  2⤵
  PID:4024
- C:\Windows\System\PqNABOZ.exe
  C:\Windows\System\PqNABOZ.exe
  2⤵
  PID:4304
- C:\Windows\System\IlsuCEg.exe
  C:\Windows\System\IlsuCEg.exe
  2⤵
  PID:4404
- C:\Windows\System\LfTRvVP.exe
  C:\Windows\System\LfTRvVP.exe
  2⤵
  PID:4444
- C:\Windows\System\FGgXpXz.exe
  C:\Windows\System\FGgXpXz.exe
  2⤵
  PID:4276
- C:\Windows\System\XBUxbjD.exe
  C:\Windows\System\XBUxbjD.exe
  2⤵
  PID:4280
- C:\Windows\System\qqRbayn.exe
  C:\Windows\System\qqRbayn.exe
  2⤵
  PID:4160
- C:\Windows\System\ryckjgD.exe
  C:\Windows\System\ryckjgD.exe
  2⤵
  PID:2428
- C:\Windows\System\jnvYDdq.exe
  C:\Windows\System\jnvYDdq.exe
  2⤵
  PID:4392
- C:\Windows\System\VigqAyd.exe
  C:\Windows\System\VigqAyd.exe
  2⤵
  PID:4744
- C:\Windows\System\vFStgnO.exe
  C:\Windows\System\vFStgnO.exe
  2⤵
  PID:4572
- C:\Windows\System\LUogBPz.exe
  C:\Windows\System\LUogBPz.exe
  2⤵
  PID:4860
- C:\Windows\System\tSAXAMs.exe
  C:\Windows\System\tSAXAMs.exe
  2⤵
  PID:4760
- C:\Windows\System\qmKetGJ.exe
  C:\Windows\System\qmKetGJ.exe
  2⤵
  PID:4916
- C:\Windows\System\wpsxWOw.exe
  C:\Windows\System\wpsxWOw.exe
  2⤵
  PID:5012
- C:\Windows\System\nnVBQtD.exe
  C:\Windows\System\nnVBQtD.exe
  2⤵
  PID:5060
- C:\Windows\System\ahpVFfW.exe
  C:\Windows\System\ahpVFfW.exe
  2⤵
  PID:3736
- C:\Windows\System\XgJknHm.exe
  C:\Windows\System\XgJknHm.exe
  2⤵
  PID:5000
- C:\Windows\System\UfJDXGj.exe
  C:\Windows\System\UfJDXGj.exe
  2⤵
  PID:3996
- C:\Windows\System\ECcveYU.exe
  C:\Windows\System\ECcveYU.exe
  2⤵
  PID:3692
- C:\Windows\System\NnlQyek.exe
  C:\Windows\System\NnlQyek.exe
  2⤵
  PID:4052
- C:\Windows\System\PynfHMT.exe
  C:\Windows\System\PynfHMT.exe
  2⤵
  PID:3904
- C:\Windows\System\MvelAwv.exe
  C:\Windows\System\MvelAwv.exe
  2⤵
  PID:4036
- C:\Windows\System\DpczXQP.exe
  C:\Windows\System\DpczXQP.exe
  2⤵
  PID:4512
- C:\Windows\System\bxoCpCa.exe
  C:\Windows\System\bxoCpCa.exe
  2⤵
  PID:4100
- C:\Windows\System\IOSkIeD.exe
  C:\Windows\System\IOSkIeD.exe
  2⤵
  PID:4448
- C:\Windows\System\pQLwPKL.exe
  C:\Windows\System\pQLwPKL.exe
  2⤵
  PID:4260
- C:\Windows\System\wpjqiQQ.exe
  C:\Windows\System\wpjqiQQ.exe
  2⤵
  PID:4704
- C:\Windows\System\ljLnDWb.exe
  C:\Windows\System\ljLnDWb.exe
  2⤵
  PID:4576
- C:\Windows\System\gnzjBpV.exe
  C:\Windows\System\gnzjBpV.exe
  2⤵
  PID:4724
- C:\Windows\System\KXeclLc.exe
  C:\Windows\System\KXeclLc.exe
  2⤵
  PID:4912
- C:\Windows\System\LPbYbas.exe
  C:\Windows\System\LPbYbas.exe
  2⤵
  PID:4796
- C:\Windows\System\dUrrTmh.exe
  C:\Windows\System\dUrrTmh.exe
  2⤵
  PID:4932
- C:\Windows\System\FWsYTbG.exe
  C:\Windows\System\FWsYTbG.exe
  2⤵
  PID:3300
- C:\Windows\System\AeRyWaD.exe
  C:\Windows\System\AeRyWaD.exe
  2⤵
  PID:5140
- C:\Windows\System\uZlgZld.exe
  C:\Windows\System\uZlgZld.exe
  2⤵
  PID:5160
- C:\Windows\System\ocVXcIX.exe
  C:\Windows\System\ocVXcIX.exe
  2⤵
  PID:5180
- C:\Windows\System\HHEYmtK.exe
  C:\Windows\System\HHEYmtK.exe
  2⤵
  PID:5200
- C:\Windows\System\MBswQVe.exe
  C:\Windows\System\MBswQVe.exe
  2⤵
  PID:5220
- C:\Windows\System\TTdWdhj.exe
  C:\Windows\System\TTdWdhj.exe
  2⤵
  PID:5240
- C:\Windows\System\VFgEhzF.exe
  C:\Windows\System\VFgEhzF.exe
  2⤵
  PID:5260
- C:\Windows\System\ovHpuWv.exe
  C:\Windows\System\ovHpuWv.exe
  2⤵
  PID:5280
- C:\Windows\System\mBOtyOc.exe
  C:\Windows\System\mBOtyOc.exe
  2⤵
  PID:5300
- C:\Windows\System\DHCUODV.exe
  C:\Windows\System\DHCUODV.exe
  2⤵
  PID:5320
- C:\Windows\System\jXxKuqR.exe
  C:\Windows\System\jXxKuqR.exe
  2⤵
  PID:5340
- C:\Windows\System\AeTLsPQ.exe
  C:\Windows\System\AeTLsPQ.exe
  2⤵
  PID:5360
- C:\Windows\System\UmtGgyg.exe
  C:\Windows\System\UmtGgyg.exe
  2⤵
  PID:5380
- C:\Windows\System\VpTZkwR.exe
  C:\Windows\System\VpTZkwR.exe
  2⤵
  PID:5400
- C:\Windows\System\kENoASf.exe
  C:\Windows\System\kENoASf.exe
  2⤵
  PID:5420
- C:\Windows\System\vFidpfa.exe
  C:\Windows\System\vFidpfa.exe
  2⤵
  PID:5440
- C:\Windows\System\MLYhiMU.exe
  C:\Windows\System\MLYhiMU.exe
  2⤵
  PID:5460
- C:\Windows\System\GBvnGTe.exe
  C:\Windows\System\GBvnGTe.exe
  2⤵
  PID:5480
- C:\Windows\System\yAoDTkN.exe
  C:\Windows\System\yAoDTkN.exe
  2⤵
  PID:5500
- C:\Windows\System\YSsvWdg.exe
  C:\Windows\System\YSsvWdg.exe
  2⤵
  PID:5520
- C:\Windows\System\WCVBFCu.exe
  C:\Windows\System\WCVBFCu.exe
  2⤵
  PID:5540
- C:\Windows\System\QEyjqZe.exe
  C:\Windows\System\QEyjqZe.exe
  2⤵
  PID:5560
- C:\Windows\System\hVgjuCh.exe
  C:\Windows\System\hVgjuCh.exe
  2⤵
  PID:5580
- C:\Windows\System\xmQKMmk.exe
  C:\Windows\System\xmQKMmk.exe
  2⤵
  PID:5600
- C:\Windows\System\YTEcVqD.exe
  C:\Windows\System\YTEcVqD.exe
  2⤵
  PID:5620
- C:\Windows\System\fDntKCZ.exe
  C:\Windows\System\fDntKCZ.exe
  2⤵
  PID:5640
- C:\Windows\System\rtUjsqG.exe
  C:\Windows\System\rtUjsqG.exe
  2⤵
  PID:5660
- C:\Windows\System\htrZjzU.exe
  C:\Windows\System\htrZjzU.exe
  2⤵
  PID:5680
- C:\Windows\System\zjBcDJa.exe
  C:\Windows\System\zjBcDJa.exe
  2⤵
  PID:5700
- C:\Windows\System\LiZeSVq.exe
  C:\Windows\System\LiZeSVq.exe
  2⤵
  PID:5720
- C:\Windows\System\AUXWeFU.exe
  C:\Windows\System\AUXWeFU.exe
  2⤵
  PID:5740
- C:\Windows\System\vABnXTO.exe
  C:\Windows\System\vABnXTO.exe
  2⤵
  PID:5760
- C:\Windows\System\tSlORcK.exe
  C:\Windows\System\tSlORcK.exe
  2⤵
  PID:5780
- C:\Windows\System\yBeozQe.exe
  C:\Windows\System\yBeozQe.exe
  2⤵
  PID:5800
- C:\Windows\System\vJrEDQF.exe
  C:\Windows\System\vJrEDQF.exe
  2⤵
  PID:5820
- C:\Windows\System\SteNDal.exe
  C:\Windows\System\SteNDal.exe
  2⤵
  PID:5840
- C:\Windows\System\xgMqPcF.exe
  C:\Windows\System\xgMqPcF.exe
  2⤵
  PID:5860
- C:\Windows\System\AuEQPSD.exe
  C:\Windows\System\AuEQPSD.exe
  2⤵
  PID:5880
- C:\Windows\System\BCQfypi.exe
  C:\Windows\System\BCQfypi.exe
  2⤵
  PID:5900
- C:\Windows\System\jEdPXdF.exe
  C:\Windows\System\jEdPXdF.exe
  2⤵
  PID:5920
- C:\Windows\System\QvrFjvh.exe
  C:\Windows\System\QvrFjvh.exe
  2⤵
  PID:5940
- C:\Windows\System\xTvsjJM.exe
  C:\Windows\System\xTvsjJM.exe
  2⤵
  PID:5960
- C:\Windows\System\OeFnHEg.exe
  C:\Windows\System\OeFnHEg.exe
  2⤵
  PID:5980
- C:\Windows\System\LaCSmSs.exe
  C:\Windows\System\LaCSmSs.exe
  2⤵
  PID:6000
- C:\Windows\System\iZPcaFf.exe
  C:\Windows\System\iZPcaFf.exe
  2⤵
  PID:6020
- C:\Windows\System\jcHwfFX.exe
  C:\Windows\System\jcHwfFX.exe
  2⤵
  PID:6040
- C:\Windows\System\AbnkAVX.exe
  C:\Windows\System\AbnkAVX.exe
  2⤵
  PID:6060
- C:\Windows\System\DSvnvXI.exe
  C:\Windows\System\DSvnvXI.exe
  2⤵
  PID:6080
- C:\Windows\System\vjsuvgB.exe
  C:\Windows\System\vjsuvgB.exe
  2⤵
  PID:6100
- C:\Windows\System\LBxNsYs.exe
  C:\Windows\System\LBxNsYs.exe
  2⤵
  PID:6120
- C:\Windows\System\luUeMPA.exe
  C:\Windows\System\luUeMPA.exe
  2⤵
  PID:6140
- C:\Windows\System\iUzxBUH.exe
  C:\Windows\System\iUzxBUH.exe
  2⤵
  PID:4216
- C:\Windows\System\FfuMGuH.exe
  C:\Windows\System\FfuMGuH.exe
  2⤵
  PID:4016
- C:\Windows\System\boFyFwH.exe
  C:\Windows\System\boFyFwH.exe
  2⤵
  PID:296
- C:\Windows\System\TPeNZrZ.exe
  C:\Windows\System\TPeNZrZ.exe
  2⤵
  PID:4352
- C:\Windows\System\gcqyMFF.exe
  C:\Windows\System\gcqyMFF.exe
  2⤵
  PID:2124
- C:\Windows\System\gPxiqjx.exe
  C:\Windows\System\gPxiqjx.exe
  2⤵
  PID:2308
- C:\Windows\System\mpoBvPR.exe
  C:\Windows\System\mpoBvPR.exe
  2⤵
  PID:4464
- C:\Windows\System\BgUuvYe.exe
  C:\Windows\System\BgUuvYe.exe
  2⤵
  PID:4844
- C:\Windows\System\ddXetjN.exe
  C:\Windows\System\ddXetjN.exe
  2⤵
  PID:4928
- C:\Windows\System\ttFecIU.exe
  C:\Windows\System\ttFecIU.exe
  2⤵
  PID:2820
- C:\Windows\System\VEWZzcb.exe
  C:\Windows\System\VEWZzcb.exe
  2⤵
  PID:5152
- C:\Windows\System\TqPpIWA.exe
  C:\Windows\System\TqPpIWA.exe
  2⤵
  PID:5192
- C:\Windows\System\XVfmIVv.exe
  C:\Windows\System\XVfmIVv.exe
  2⤵
  PID:5216
- C:\Windows\System\dZXCqBu.exe
  C:\Windows\System\dZXCqBu.exe
  2⤵
  PID:5252
- C:\Windows\System\AcLbRKO.exe
  C:\Windows\System\AcLbRKO.exe
  2⤵
  PID:5316
- C:\Windows\System\zBBFQEj.exe
  C:\Windows\System\zBBFQEj.exe
  2⤵
  PID:5328
- C:\Windows\System\UzMGdMY.exe
  C:\Windows\System\UzMGdMY.exe
  2⤵
  PID:5368
- C:\Windows\System\liKJwMf.exe
  C:\Windows\System\liKJwMf.exe
  2⤵
  PID:2680
- C:\Windows\System\QBVjTit.exe
  C:\Windows\System\QBVjTit.exe
  2⤵
  PID:5428
- C:\Windows\System\WdZSRaR.exe
  C:\Windows\System\WdZSRaR.exe
  2⤵
  PID:5432
- C:\Windows\System\XnajjjR.exe
  C:\Windows\System\XnajjjR.exe
  2⤵
  PID:5472
- C:\Windows\System\yMWPEyW.exe
  C:\Windows\System\yMWPEyW.exe
  2⤵
  PID:5492
- C:\Windows\System\nZjPzNZ.exe
  C:\Windows\System\nZjPzNZ.exe
  2⤵
  PID:5536
- C:\Windows\System\LohNVnt.exe
  C:\Windows\System\LohNVnt.exe
  2⤵
  PID:5588
- C:\Windows\System\pnEnNKA.exe
  C:\Windows\System\pnEnNKA.exe
  2⤵
  PID:5628
- C:\Windows\System\yjptMnM.exe
  C:\Windows\System\yjptMnM.exe
  2⤵
  PID:5648
- C:\Windows\System\cpMWXtx.exe
  C:\Windows\System\cpMWXtx.exe
  2⤵
  PID:5672
- C:\Windows\System\fmSVRkb.exe
  C:\Windows\System\fmSVRkb.exe
  2⤵
  PID:5708
- C:\Windows\System\dTrvplA.exe
  C:\Windows\System\dTrvplA.exe
  2⤵
  PID:5732
- C:\Windows\System\pUolMqo.exe
  C:\Windows\System\pUolMqo.exe
  2⤵
  PID:5776
- C:\Windows\System\NiBVVXc.exe
  C:\Windows\System\NiBVVXc.exe
  2⤵
  PID:2508
- C:\Windows\System\OeUTylO.exe
  C:\Windows\System\OeUTylO.exe
  2⤵
  PID:5816
- C:\Windows\System\hrhbnln.exe
  C:\Windows\System\hrhbnln.exe
  2⤵
  PID:5848
- C:\Windows\System\RmGflkl.exe
  C:\Windows\System\RmGflkl.exe
  2⤵
  PID:5872
- C:\Windows\System\IBoLRVo.exe
  C:\Windows\System\IBoLRVo.exe
  2⤵
  PID:5896
- C:\Windows\System\VJqiXFF.exe
  C:\Windows\System\VJqiXFF.exe
  2⤵
  PID:5928
- C:\Windows\System\qjShZRo.exe
  C:\Windows\System\qjShZRo.exe
  2⤵
  PID:5988
- C:\Windows\System\eTJlLYs.exe
  C:\Windows\System\eTJlLYs.exe
  2⤵
  PID:5972
- C:\Windows\System\PCCxVdC.exe
  C:\Windows\System\PCCxVdC.exe
  2⤵
  PID:6068
- C:\Windows\System\JKxskBW.exe
  C:\Windows\System\JKxskBW.exe
  2⤵
  PID:6108
- C:\Windows\System\KnuXbPB.exe
  C:\Windows\System\KnuXbPB.exe
  2⤵
  PID:3768
- C:\Windows\System\OXMWjMP.exe
  C:\Windows\System\OXMWjMP.exe
  2⤵
  PID:2856
- C:\Windows\System\wceVRHR.exe
  C:\Windows\System\wceVRHR.exe
  2⤵
  PID:664
- C:\Windows\System\aauBqZx.exe
  C:\Windows\System\aauBqZx.exe
  2⤵
  PID:4672
- C:\Windows\System\roWgvaL.exe
  C:\Windows\System\roWgvaL.exe
  2⤵
  PID:3352
- C:\Windows\System\ugYbumv.exe
  C:\Windows\System\ugYbumv.exe
  2⤵
  PID:4620
- C:\Windows\System\rBwOHbM.exe
  C:\Windows\System\rBwOHbM.exe
  2⤵
  PID:4552
- C:\Windows\System\rJhaTQG.exe
  C:\Windows\System\rJhaTQG.exe
  2⤵
  PID:5136
- C:\Windows\System\EZodzWy.exe
  C:\Windows\System\EZodzWy.exe
  2⤵
  PID:4944
- C:\Windows\System\zkouOfx.exe
  C:\Windows\System\zkouOfx.exe
  2⤵
  PID:5208
- C:\Windows\System\BjlFWan.exe
  C:\Windows\System\BjlFWan.exe
  2⤵
  PID:5172
- C:\Windows\System\FHCOnSP.exe
  C:\Windows\System\FHCOnSP.exe
  2⤵
  PID:5276
- C:\Windows\System\PahSCuC.exe
  C:\Windows\System\PahSCuC.exe
  2⤵
  PID:2432
- C:\Windows\System\PuWeIkM.exe
  C:\Windows\System\PuWeIkM.exe
  2⤵
  PID:5332
- C:\Windows\System\SQygTjw.exe
  C:\Windows\System\SQygTjw.exe
  2⤵
  PID:5392
- C:\Windows\System\YmYJCXc.exe
  C:\Windows\System\YmYJCXc.exe
  2⤵
  PID:2500
- C:\Windows\System\iMrBXDl.exe
  C:\Windows\System\iMrBXDl.exe
  2⤵
  PID:5468
- C:\Windows\System\vInurBA.exe
  C:\Windows\System\vInurBA.exe
  2⤵
  PID:5556
- C:\Windows\System\lBbAZIv.exe
  C:\Windows\System\lBbAZIv.exe
  2⤵
  PID:5676
- C:\Windows\System\gcqHggn.exe
  C:\Windows\System\gcqHggn.exe
  2⤵
  PID:5748
- C:\Windows\System\kEPhGvu.exe
  C:\Windows\System\kEPhGvu.exe
  2⤵
  PID:2492
- C:\Windows\System\wbVfihC.exe
  C:\Windows\System\wbVfihC.exe
  2⤵
  PID:5912
- C:\Windows\System\GnyWEyD.exe
  C:\Windows\System\GnyWEyD.exe
  2⤵
  PID:6116
- C:\Windows\System\mOgChok.exe
  C:\Windows\System\mOgChok.exe
  2⤵
  PID:3628
- C:\Windows\System\cTjzgIU.exe
  C:\Windows\System\cTjzgIU.exe
  2⤵
  PID:5128
- C:\Windows\System\ZSqIYUN.exe
  C:\Windows\System\ZSqIYUN.exe
  2⤵
  PID:5308
- C:\Windows\System\ozMPeLn.exe
  C:\Windows\System\ozMPeLn.exe
  2⤵
  PID:5436
- C:\Windows\System\WHlFTwi.exe
  C:\Windows\System\WHlFTwi.exe
  2⤵
  PID:6160
- C:\Windows\System\NjivGjz.exe
  C:\Windows\System\NjivGjz.exe
  2⤵
  PID:6176
- C:\Windows\System\ZkkpYaO.exe
  C:\Windows\System\ZkkpYaO.exe
  2⤵
  PID:6196
- C:\Windows\System\XDZXVbd.exe
  C:\Windows\System\XDZXVbd.exe
  2⤵
  PID:6212
- C:\Windows\System\FabWHUK.exe
  C:\Windows\System\FabWHUK.exe
  2⤵
  PID:6236
- C:\Windows\System\VNeoqyw.exe
  C:\Windows\System\VNeoqyw.exe
  2⤵
  PID:6252
- C:\Windows\System\TJMYQaH.exe
  C:\Windows\System\TJMYQaH.exe
  2⤵
  PID:6272
- C:\Windows\System\lPDMjMK.exe
  C:\Windows\System\lPDMjMK.exe
  2⤵
  PID:6292
- C:\Windows\System\vcoZiCA.exe
  C:\Windows\System\vcoZiCA.exe
  2⤵
  PID:6312
- C:\Windows\System\DFnKkKk.exe
  C:\Windows\System\DFnKkKk.exe
  2⤵
  PID:6332
- C:\Windows\System\QhHsVne.exe
  C:\Windows\System\QhHsVne.exe
  2⤵
  PID:6352
- C:\Windows\System\tedpafE.exe
  C:\Windows\System\tedpafE.exe
  2⤵
  PID:6440
- C:\Windows\System\LoLsqfn.exe
  C:\Windows\System\LoLsqfn.exe
  2⤵
  PID:6460
- C:\Windows\System\kSkwUkE.exe
  C:\Windows\System\kSkwUkE.exe
  2⤵
  PID:6484
- C:\Windows\System\huPzVbe.exe
  C:\Windows\System\huPzVbe.exe
  2⤵
  PID:6504
- C:\Windows\System\LovlENn.exe
  C:\Windows\System\LovlENn.exe
  2⤵
  PID:6520
- C:\Windows\System\GTKROmn.exe
  C:\Windows\System\GTKROmn.exe
  2⤵
  PID:6536
- C:\Windows\System\PkKuAkP.exe
  C:\Windows\System\PkKuAkP.exe
  2⤵
  PID:6560
- C:\Windows\System\PbEnSRx.exe
  C:\Windows\System\PbEnSRx.exe
  2⤵
  PID:6576
- C:\Windows\System\CtUINUA.exe
  C:\Windows\System\CtUINUA.exe
  2⤵
  PID:6604
- C:\Windows\System\zJrWLHS.exe
  C:\Windows\System\zJrWLHS.exe
  2⤵
  PID:6624
- C:\Windows\System\sfAaMRu.exe
  C:\Windows\System\sfAaMRu.exe
  2⤵
  PID:6644
- C:\Windows\System\vfNrqhL.exe
  C:\Windows\System\vfNrqhL.exe
  2⤵
  PID:6664
- C:\Windows\System\AnwxhlZ.exe
  C:\Windows\System\AnwxhlZ.exe
  2⤵
  PID:6684
- C:\Windows\System\BuOyQLi.exe
  C:\Windows\System\BuOyQLi.exe
  2⤵
  PID:6704
- C:\Windows\System\pGSTAlO.exe
  C:\Windows\System\pGSTAlO.exe
  2⤵
  PID:6724
- C:\Windows\System\uGauxOv.exe
  C:\Windows\System\uGauxOv.exe
  2⤵
  PID:6744
- C:\Windows\System\ztOauLD.exe
  C:\Windows\System\ztOauLD.exe
  2⤵
  PID:6764
- C:\Windows\System\zIqvMgI.exe
  C:\Windows\System\zIqvMgI.exe
  2⤵
  PID:6784
- C:\Windows\System\sKoiEab.exe
  C:\Windows\System\sKoiEab.exe
  2⤵
  PID:6804
- C:\Windows\System\ycsobeT.exe
  C:\Windows\System\ycsobeT.exe
  2⤵
  PID:6824
- C:\Windows\System\lCMxkuC.exe
  C:\Windows\System\lCMxkuC.exe
  2⤵
  PID:6844
- C:\Windows\System\TPdqFsH.exe
  C:\Windows\System\TPdqFsH.exe
  2⤵
  PID:6864
- C:\Windows\System\bYOSxSJ.exe
  C:\Windows\System\bYOSxSJ.exe
  2⤵
  PID:6884
- C:\Windows\System\NcszlFi.exe
  C:\Windows\System\NcszlFi.exe
  2⤵
  PID:6904
- C:\Windows\System\eHJJaVh.exe
  C:\Windows\System\eHJJaVh.exe
  2⤵
  PID:6924
- C:\Windows\System\YgTnDmx.exe
  C:\Windows\System\YgTnDmx.exe
  2⤵
  PID:6944
- C:\Windows\System\yxeldVF.exe
  C:\Windows\System\yxeldVF.exe
  2⤵
  PID:6964
- C:\Windows\System\TkPLwFH.exe
  C:\Windows\System\TkPLwFH.exe
  2⤵
  PID:6984
- C:\Windows\System\TySHMVN.exe
  C:\Windows\System\TySHMVN.exe
  2⤵
  PID:7004
- C:\Windows\System\UXNcaNt.exe
  C:\Windows\System\UXNcaNt.exe
  2⤵
  PID:7024
- C:\Windows\System\hgKrDAA.exe
  C:\Windows\System\hgKrDAA.exe
  2⤵
  PID:7044
- C:\Windows\System\hONtPrR.exe
  C:\Windows\System\hONtPrR.exe
  2⤵
  PID:7064
- C:\Windows\System\kMrUJjD.exe
  C:\Windows\System\kMrUJjD.exe
  2⤵
  PID:7084
- C:\Windows\System\bdIWseQ.exe
  C:\Windows\System\bdIWseQ.exe
  2⤵
  PID:7104
- C:\Windows\System\CCGklSl.exe
  C:\Windows\System\CCGklSl.exe
  2⤵
  PID:7124
- C:\Windows\System\xDEAxTP.exe
  C:\Windows\System\xDEAxTP.exe
  2⤵
  PID:7144
- C:\Windows\System\UocxUUT.exe
  C:\Windows\System\UocxUUT.exe
  2⤵
  PID:7164
- C:\Windows\System\tOfEJES.exe
  C:\Windows\System\tOfEJES.exe
  2⤵
  PID:5592
- C:\Windows\System\MOCTcZW.exe
  C:\Windows\System\MOCTcZW.exe
  2⤵
  PID:5976
- C:\Windows\System\eqEMlpL.exe
  C:\Windows\System\eqEMlpL.exe
  2⤵
  PID:1044
- C:\Windows\System\HUawfPR.exe
  C:\Windows\System\HUawfPR.exe
  2⤵
  PID:2496
- C:\Windows\System\nrZtUEF.exe
  C:\Windows\System\nrZtUEF.exe
  2⤵
  PID:5516
- C:\Windows\System\JJIwigY.exe
  C:\Windows\System\JJIwigY.exe
  2⤵
  PID:5616
- C:\Windows\System\smksZhA.exe
  C:\Windows\System\smksZhA.exe
  2⤵
  PID:5752
- C:\Windows\System\vzuyjRs.exe
  C:\Windows\System\vzuyjRs.exe
  2⤵
  PID:6248
- C:\Windows\System\QzIdRjN.exe
  C:\Windows\System\QzIdRjN.exe
  2⤵
  PID:6288
- C:\Windows\System\mDpMlAo.exe
  C:\Windows\System\mDpMlAo.exe
  2⤵
  PID:5876
- C:\Windows\System\SzYhANI.exe
  C:\Windows\System\SzYhANI.exe
  2⤵
  PID:5992
- C:\Windows\System\HkEDGcg.exe
  C:\Windows\System\HkEDGcg.exe
  2⤵
  PID:6052
- C:\Windows\System\ULbztuI.exe
  C:\Windows\System\ULbztuI.exe
  2⤵
  PID:2992
- C:\Windows\System\JuPUYuw.exe
  C:\Windows\System\JuPUYuw.exe
  2⤵
  PID:6224
- C:\Windows\System\cEeLQGW.exe
  C:\Windows\System\cEeLQGW.exe
  2⤵
  PID:6344
- C:\Windows\System\milJagL.exe
  C:\Windows\System\milJagL.exe
  2⤵
  PID:6268
- C:\Windows\System\EXHQKOt.exe
  C:\Windows\System\EXHQKOt.exe
  2⤵
  PID:6184
- C:\Windows\System\bOXIobd.exe
  C:\Windows\System\bOXIobd.exe
  2⤵
  PID:4208
- C:\Windows\System\LAyuKoY.exe
  C:\Windows\System\LAyuKoY.exe
  2⤵
  PID:5652
- C:\Windows\System\fcngEoT.exe
  C:\Windows\System\fcngEoT.exe
  2⤵
  PID:5348
- C:\Windows\System\CMhEtXV.exe
  C:\Windows\System\CMhEtXV.exe
  2⤵
  PID:4000
- C:\Windows\System\VbauQuM.exe
  C:\Windows\System\VbauQuM.exe
  2⤵
  PID:4424
- C:\Windows\System\wQnJRcg.exe
  C:\Windows\System\wQnJRcg.exe
  2⤵
  PID:6372
- C:\Windows\System\mCagJaN.exe
  C:\Windows\System\mCagJaN.exe
  2⤵
  PID:6392
- C:\Windows\System\afASaKL.exe
  C:\Windows\System\afASaKL.exe
  2⤵
  PID:6412
- C:\Windows\System\jJiLwVl.exe
  C:\Windows\System\jJiLwVl.exe
  2⤵
  PID:6428
- C:\Windows\System\HuGzjPF.exe
  C:\Windows\System\HuGzjPF.exe
  2⤵
  PID:6452
- C:\Windows\System\tWgbkSt.exe
  C:\Windows\System\tWgbkSt.exe
  2⤵
  PID:6492
- C:\Windows\System\ISkVwQL.exe
  C:\Windows\System\ISkVwQL.exe
  2⤵
  PID:6544
- C:\Windows\System\OjkJoAm.exe
  C:\Windows\System\OjkJoAm.exe
  2⤵
  PID:6532
- C:\Windows\System\jYdfnrb.exe
  C:\Windows\System\jYdfnrb.exe
  2⤵
  PID:6592
- C:\Windows\System\iMcFUXl.exe
  C:\Windows\System\iMcFUXl.exe
  2⤵
  PID:6620
- C:\Windows\System\FwcbUGA.exe
  C:\Windows\System\FwcbUGA.exe
  2⤵
  PID:6672
- C:\Windows\System\YeJcznq.exe
  C:\Windows\System\YeJcznq.exe
  2⤵
  PID:6692
- C:\Windows\System\VThZaTg.exe
  C:\Windows\System\VThZaTg.exe
  2⤵
  PID:6716
- C:\Windows\System\kpmKJoA.exe
  C:\Windows\System\kpmKJoA.exe
  2⤵
  PID:6760
- C:\Windows\System\FWvIkWL.exe
  C:\Windows\System\FWvIkWL.exe
  2⤵
  PID:6776
- C:\Windows\System\iJhRbRm.exe
  C:\Windows\System\iJhRbRm.exe
  2⤵
  PID:6812
- C:\Windows\System\jGmFEYX.exe
  C:\Windows\System\jGmFEYX.exe
  2⤵
  PID:6852
- C:\Windows\System\GRBuyve.exe
  C:\Windows\System\GRBuyve.exe
  2⤵
  PID:6912
- C:\Windows\System\ugPWTDT.exe
  C:\Windows\System\ugPWTDT.exe
  2⤵
  PID:6916
- C:\Windows\System\BBHtukk.exe
  C:\Windows\System\BBHtukk.exe
  2⤵
  PID:6936
- C:\Windows\System\JRiNRJz.exe
  C:\Windows\System\JRiNRJz.exe
  2⤵
  PID:6992
- C:\Windows\System\EzEusvS.exe
  C:\Windows\System\EzEusvS.exe
  2⤵
  PID:7040
- C:\Windows\System\avieGeC.exe
  C:\Windows\System\avieGeC.exe
  2⤵
  PID:7072
- C:\Windows\System\DYeJnTS.exe
  C:\Windows\System\DYeJnTS.exe
  2⤵
  PID:7120
- C:\Windows\System\LhmwhtW.exe
  C:\Windows\System\LhmwhtW.exe
  2⤵
  PID:7132
- C:\Windows\System\wkiQdbg.exe
  C:\Windows\System\wkiQdbg.exe
  2⤵
  PID:7136
- C:\Windows\System\tLnphUv.exe
  C:\Windows\System\tLnphUv.exe
  2⤵
  PID:5572
- C:\Windows\System\uyUxIqJ.exe
  C:\Windows\System\uyUxIqJ.exe
  2⤵
  PID:6012
- C:\Windows\System\WFgDqJU.exe
  C:\Windows\System\WFgDqJU.exe
  2⤵
  PID:5568
- C:\Windows\System\XvNEDue.exe
  C:\Windows\System\XvNEDue.exe
  2⤵
  PID:5788
- C:\Windows\System\AzQANKt.exe
  C:\Windows\System\AzQANKt.exe
  2⤵
  PID:6280
- C:\Windows\System\GEOHDnS.exe
  C:\Windows\System\GEOHDnS.exe
  2⤵
  PID:6284
- C:\Windows\System\gNOIqVp.exe
  C:\Windows\System\gNOIqVp.exe
  2⤵
  PID:6036
- C:\Windows\System\WBAmiNI.exe
  C:\Windows\System\WBAmiNI.exe
  2⤵
  PID:6056
- C:\Windows\System\NePKsem.exe
  C:\Windows\System\NePKsem.exe
  2⤵
  PID:2968
- C:\Windows\System\AcMXqxN.exe
  C:\Windows\System\AcMXqxN.exe
  2⤵
  PID:6328
- C:\Windows\System\RthuCvT.exe
  C:\Windows\System\RthuCvT.exe
  2⤵
  PID:6264
- C:\Windows\System\YuhNMwh.exe
  C:\Windows\System\YuhNMwh.exe
  2⤵
  PID:6152
- C:\Windows\System\tWCwnzK.exe
  C:\Windows\System\tWCwnzK.exe
  2⤵
  PID:6232
- C:\Windows\System\OzwHUCz.exe
  C:\Windows\System\OzwHUCz.exe
  2⤵
  PID:5712
- C:\Windows\System\BVQPGLz.exe
  C:\Windows\System\BVQPGLz.exe
  2⤵
  PID:5236
- C:\Windows\System\MyyJyxX.exe
  C:\Windows\System\MyyJyxX.exe
  2⤵
  PID:6384
- C:\Windows\System\zdJqvKQ.exe
  C:\Windows\System\zdJqvKQ.exe
  2⤵
  PID:6420
- C:\Windows\System\hFWRtAe.exe
  C:\Windows\System\hFWRtAe.exe
  2⤵
  PID:6456
- C:\Windows\System\zWLApsG.exe
  C:\Windows\System\zWLApsG.exe
  2⤵
  PID:6568
- C:\Windows\System\KHdLZHh.exe
  C:\Windows\System\KHdLZHh.exe
  2⤵
  PID:6500
- C:\Windows\System\IVQCtgG.exe
  C:\Windows\System\IVQCtgG.exe
  2⤵
  PID:6612
- C:\Windows\System\TVxfiWx.exe
  C:\Windows\System\TVxfiWx.exe
  2⤵
  PID:6680
- C:\Windows\System\LaMCEmd.exe
  C:\Windows\System\LaMCEmd.exe
  2⤵
  PID:6740
- C:\Windows\System\bROWzEE.exe
  C:\Windows\System\bROWzEE.exe
  2⤵
  PID:3724
- C:\Windows\System\PNLzzXd.exe
  C:\Windows\System\PNLzzXd.exe
  2⤵
  PID:6876
- C:\Windows\System\aPVsHFu.exe
  C:\Windows\System\aPVsHFu.exe
  2⤵
  PID:6840
- C:\Windows\System\NssgmHO.exe
  C:\Windows\System\NssgmHO.exe
  2⤵
  PID:6820
- C:\Windows\System\QzeTkLT.exe
  C:\Windows\System\QzeTkLT.exe
  2⤵
  PID:7020
- C:\Windows\System\nYdagwA.exe
  C:\Windows\System\nYdagwA.exe
  2⤵
  PID:7056
- C:\Windows\System\dPHRFsF.exe
  C:\Windows\System\dPHRFsF.exe
  2⤵
  PID:7076
- C:\Windows\System\GkWFlGU.exe
  C:\Windows\System\GkWFlGU.exe
  2⤵
  PID:4532
- C:\Windows\System\JucxRov.exe
  C:\Windows\System\JucxRov.exe
  2⤵
  PID:5456
- C:\Windows\System\CBWbCcO.exe
  C:\Windows\System\CBWbCcO.exe
  2⤵
  PID:5292
- C:\Windows\System\aeagNyE.exe
  C:\Windows\System\aeagNyE.exe
  2⤵
  PID:5692
- C:\Windows\System\aqKZaJe.exe
  C:\Windows\System\aqKZaJe.exe
  2⤵
  PID:2964
- C:\Windows\System\qrAdwRz.exe
  C:\Windows\System\qrAdwRz.exe
  2⤵
  PID:2976
- C:\Windows\System\xfocntx.exe
  C:\Windows\System\xfocntx.exe
  2⤵
  PID:2272
- C:\Windows\System\QwmHnyD.exe
  C:\Windows\System\QwmHnyD.exe
  2⤵
  PID:6300
- C:\Windows\System\oSnRIMj.exe
  C:\Windows\System\oSnRIMj.exe
  2⤵
  PID:6220
- C:\Windows\System\IBPeigB.exe
  C:\Windows\System\IBPeigB.exe
  2⤵
  PID:5148
- C:\Windows\System\NaxemEf.exe
  C:\Windows\System\NaxemEf.exe
  2⤵
  PID:6368
- C:\Windows\System\NezWuce.exe
  C:\Windows\System\NezWuce.exe
  2⤵
  PID:6472
- C:\Windows\System\vPmgcuR.exe
  C:\Windows\System\vPmgcuR.exe
  2⤵
  PID:6480
- C:\Windows\System\JZHoMJP.exe
  C:\Windows\System\JZHoMJP.exe
  2⤵
  PID:6496
- C:\Windows\System\bBuLJpv.exe
  C:\Windows\System\bBuLJpv.exe
  2⤵
  PID:6736
- C:\Windows\System\oGFpyxX.exe
  C:\Windows\System\oGFpyxX.exe
  2⤵
  PID:6880
- C:\Windows\System\xRLgiLW.exe
  C:\Windows\System\xRLgiLW.exe
  2⤵
  PID:6940
- C:\Windows\System\qILeTvD.exe
  C:\Windows\System\qILeTvD.exe
  2⤵
  PID:6960
- C:\Windows\System\XcNxzSD.exe
  C:\Windows\System\XcNxzSD.exe
  2⤵
  PID:6972
- C:\Windows\System\fkCvyho.exe
  C:\Windows\System\fkCvyho.exe
  2⤵
  PID:5796
- C:\Windows\System\goXcRQj.exe
  C:\Windows\System\goXcRQj.exe
  2⤵
  PID:2516
- C:\Windows\System\pzXHtwD.exe
  C:\Windows\System\pzXHtwD.exe
  2⤵
  PID:6132
- C:\Windows\System\YopwtjT.exe
  C:\Windows\System\YopwtjT.exe
  2⤵
  PID:7176
- C:\Windows\System\gearrZh.exe
  C:\Windows\System\gearrZh.exe
  2⤵
  PID:7196
- C:\Windows\System\GcqzEvC.exe
  C:\Windows\System\GcqzEvC.exe
  2⤵
  PID:7216
- C:\Windows\System\cbphWUe.exe
  C:\Windows\System\cbphWUe.exe
  2⤵
  PID:7236
- C:\Windows\System\KxgyEgj.exe
  C:\Windows\System\KxgyEgj.exe
  2⤵
  PID:7256
- C:\Windows\System\rVrVDSS.exe
  C:\Windows\System\rVrVDSS.exe
  2⤵
  PID:7276
- C:\Windows\System\IZoaTbT.exe
  C:\Windows\System\IZoaTbT.exe
  2⤵
  PID:7292
- C:\Windows\System\wTimiAa.exe
  C:\Windows\System\wTimiAa.exe
  2⤵
  PID:7316
- C:\Windows\System\uugeCnk.exe
  C:\Windows\System\uugeCnk.exe
  2⤵
  PID:7336
- C:\Windows\System\wwwbmaf.exe
  C:\Windows\System\wwwbmaf.exe
  2⤵
  PID:7356
- C:\Windows\System\elUFZFk.exe
  C:\Windows\System\elUFZFk.exe
  2⤵
  PID:7372
- C:\Windows\System\kaGpKOi.exe
  C:\Windows\System\kaGpKOi.exe
  2⤵
  PID:7396
- C:\Windows\System\Wzmvlhx.exe
  C:\Windows\System\Wzmvlhx.exe
  2⤵
  PID:7416
- C:\Windows\System\xwcBCQq.exe
  C:\Windows\System\xwcBCQq.exe
  2⤵
  PID:7436
- C:\Windows\System\PbPQSfa.exe
  C:\Windows\System\PbPQSfa.exe
  2⤵
  PID:7452
- C:\Windows\System\IucHKIR.exe
  C:\Windows\System\IucHKIR.exe
  2⤵
  PID:7472
- C:\Windows\System\ZWyXWht.exe
  C:\Windows\System\ZWyXWht.exe
  2⤵
  PID:7492
- C:\Windows\System\IXqozhK.exe
  C:\Windows\System\IXqozhK.exe
  2⤵
  PID:7516
- C:\Windows\System\cIVltvp.exe
  C:\Windows\System\cIVltvp.exe
  2⤵
  PID:7536
- C:\Windows\System\TpBfXDM.exe
  C:\Windows\System\TpBfXDM.exe
  2⤵
  PID:7556
- C:\Windows\System\qIyAXgK.exe
  C:\Windows\System\qIyAXgK.exe
  2⤵
  PID:7576
- C:\Windows\System\MyHNcBO.exe
  C:\Windows\System\MyHNcBO.exe
  2⤵
  PID:7596
- C:\Windows\System\yVKwBhR.exe
  C:\Windows\System\yVKwBhR.exe
  2⤵
  PID:7616
- C:\Windows\System\rCgCMhY.exe
  C:\Windows\System\rCgCMhY.exe
  2⤵
  PID:7640
- C:\Windows\System\MAWXlGM.exe
  C:\Windows\System\MAWXlGM.exe
  2⤵
  PID:7660
- C:\Windows\System\yCOFsIm.exe
  C:\Windows\System\yCOFsIm.exe
  2⤵
  PID:7680
- C:\Windows\System\QlUVMMh.exe
  C:\Windows\System\QlUVMMh.exe
  2⤵
  PID:7700
- C:\Windows\System\BReQOFM.exe
  C:\Windows\System\BReQOFM.exe
  2⤵
  PID:7720
- C:\Windows\System\NiGjPJQ.exe
  C:\Windows\System\NiGjPJQ.exe
  2⤵
  PID:7740
- C:\Windows\System\YKUhthL.exe
  C:\Windows\System\YKUhthL.exe
  2⤵
  PID:7760
- C:\Windows\System\lLVODKl.exe
  C:\Windows\System\lLVODKl.exe
  2⤵
  PID:7776
- C:\Windows\System\FoFGMHX.exe
  C:\Windows\System\FoFGMHX.exe
  2⤵
  PID:7800
- C:\Windows\System\RvtpRGD.exe
  C:\Windows\System\RvtpRGD.exe
  2⤵
  PID:7820
- C:\Windows\System\kjWtHlZ.exe
  C:\Windows\System\kjWtHlZ.exe
  2⤵
  PID:7840
- C:\Windows\System\qoYUYwB.exe
  C:\Windows\System\qoYUYwB.exe
  2⤵
  PID:7860
- C:\Windows\System\QYdbHbB.exe
  C:\Windows\System\QYdbHbB.exe
  2⤵
  PID:7884
- C:\Windows\System\tOSdasI.exe
  C:\Windows\System\tOSdasI.exe
  2⤵
  PID:7904
- C:\Windows\System\ybEqXMt.exe
  C:\Windows\System\ybEqXMt.exe
  2⤵
  PID:7924
- C:\Windows\System\uikeuEU.exe
  C:\Windows\System\uikeuEU.exe
  2⤵
  PID:7940
- C:\Windows\System\ktgvLKh.exe
  C:\Windows\System\ktgvLKh.exe
  2⤵
  PID:7964
- C:\Windows\System\vhgrWMI.exe
  C:\Windows\System\vhgrWMI.exe
  2⤵
  PID:7980
- C:\Windows\System\UbQtHCh.exe
  C:\Windows\System\UbQtHCh.exe
  2⤵
  PID:8004
- C:\Windows\System\XzancmF.exe
  C:\Windows\System\XzancmF.exe
  2⤵
  PID:8024
- C:\Windows\System\JrJnMuQ.exe
  C:\Windows\System\JrJnMuQ.exe
  2⤵
  PID:8044
- C:\Windows\System\TVEGLfF.exe
  C:\Windows\System\TVEGLfF.exe
  2⤵
  PID:8064
- C:\Windows\System\PvTRNEO.exe
  C:\Windows\System\PvTRNEO.exe
  2⤵
  PID:8084
- C:\Windows\System\qAgFyJh.exe
  C:\Windows\System\qAgFyJh.exe
  2⤵
  PID:8104
- C:\Windows\System\Zhmulna.exe
  C:\Windows\System\Zhmulna.exe
  2⤵
  PID:8124
- C:\Windows\System\UHqFgRd.exe
  C:\Windows\System\UHqFgRd.exe
  2⤵
  PID:8144
- C:\Windows\System\esORDXA.exe
  C:\Windows\System\esORDXA.exe
  2⤵
  PID:8164
- C:\Windows\System\TCmiPzM.exe
  C:\Windows\System\TCmiPzM.exe
  2⤵
  PID:8184
- C:\Windows\System\rtaqHEc.exe
  C:\Windows\System\rtaqHEc.exe
  2⤵
  PID:2616
- C:\Windows\System\XnKZsKe.exe
  C:\Windows\System\XnKZsKe.exe
  2⤵
  PID:5452
- C:\Windows\System\HrinAEz.exe
  C:\Windows\System\HrinAEz.exe
  2⤵
  PID:5248
- C:\Windows\System\plRDNQJ.exe
  C:\Windows\System\plRDNQJ.exe
  2⤵
  PID:6380
- C:\Windows\System\sKyNRMw.exe
  C:\Windows\System\sKyNRMw.exe
  2⤵
  PID:6584
- C:\Windows\System\aRnopbv.exe
  C:\Windows\System\aRnopbv.exe
  2⤵
  PID:6796
- C:\Windows\System\RddaMHJ.exe
  C:\Windows\System\RddaMHJ.exe
  2⤵
  PID:6896
- C:\Windows\System\mMWQDwL.exe
  C:\Windows\System\mMWQDwL.exe
  2⤵
  PID:7112
- C:\Windows\System\ANnZlyJ.exe
  C:\Windows\System\ANnZlyJ.exe
  2⤵
  PID:6980
- C:\Windows\System\JuzukzD.exe
  C:\Windows\System\JuzukzD.exe
  2⤵
  PID:7192
- C:\Windows\System\enZXkZr.exe
  C:\Windows\System\enZXkZr.exe
  2⤵
  PID:2948
- C:\Windows\System\NtckUjn.exe
  C:\Windows\System\NtckUjn.exe
  2⤵
  PID:7212
- C:\Windows\System\SrxnXpM.exe
  C:\Windows\System\SrxnXpM.exe
  2⤵
  PID:7244
- C:\Windows\System\sfByMHk.exe
  C:\Windows\System\sfByMHk.exe
  2⤵
  PID:7252
- C:\Windows\System\FNktlyF.exe
  C:\Windows\System\FNktlyF.exe
  2⤵
  PID:7348
- C:\Windows\System\gImwhDi.exe
  C:\Windows\System\gImwhDi.exe
  2⤵
  PID:7380
- C:\Windows\System\XGzFVEP.exe
  C:\Windows\System\XGzFVEP.exe
  2⤵
  PID:7424
- C:\Windows\System\mVRJuxg.exe
  C:\Windows\System\mVRJuxg.exe
  2⤵
  PID:7460
- C:\Windows\System\eyUmgOV.exe
  C:\Windows\System\eyUmgOV.exe
  2⤵
  PID:7444
- C:\Windows\System\NRwkWbz.exe
  C:\Windows\System\NRwkWbz.exe
  2⤵
  PID:7480
- C:\Windows\System\sXEyCic.exe
  C:\Windows\System\sXEyCic.exe
  2⤵
  PID:7532
- C:\Windows\System\vCQTSDq.exe
  C:\Windows\System\vCQTSDq.exe
  2⤵
  PID:7548
- C:\Windows\System\tXyWXBG.exe
  C:\Windows\System\tXyWXBG.exe
  2⤵
  PID:7564
- C:\Windows\System\Bfuhyxb.exe
  C:\Windows\System\Bfuhyxb.exe
  2⤵
  PID:7604
- C:\Windows\System\hJEwqYE.exe
  C:\Windows\System\hJEwqYE.exe
  2⤵
  PID:7676
- C:\Windows\System\LhVSzmx.exe
  C:\Windows\System\LhVSzmx.exe
  2⤵
  PID:7696
- C:\Windows\System\GvHDEVO.exe
  C:\Windows\System\GvHDEVO.exe
  2⤵
  PID:7748
- C:\Windows\System\OJJPKrJ.exe
  C:\Windows\System\OJJPKrJ.exe
  2⤵
  PID:7792
- C:\Windows\System\MLkiSOm.exe
  C:\Windows\System\MLkiSOm.exe
  2⤵
  PID:7768
- C:\Windows\System\vebXfTF.exe
  C:\Windows\System\vebXfTF.exe
  2⤵
  PID:2100
- C:\Windows\System\JUCRwMA.exe
  C:\Windows\System\JUCRwMA.exe
  2⤵
  PID:7880
- C:\Windows\System\TKNptpj.exe
  C:\Windows\System\TKNptpj.exe
  2⤵
  PID:7912
- C:\Windows\System\gFXSvtn.exe
  C:\Windows\System\gFXSvtn.exe
  2⤵
  PID:7948
- C:\Windows\System\ZglqrOk.exe
  C:\Windows\System\ZglqrOk.exe
  2⤵
  PID:7992
- C:\Windows\System\GzZAxHg.exe
  C:\Windows\System\GzZAxHg.exe
  2⤵
  PID:7996
- C:\Windows\System\AdeLzyn.exe
  C:\Windows\System\AdeLzyn.exe
  2⤵
  PID:8036
- C:\Windows\System\OBjrlfW.exe
  C:\Windows\System\OBjrlfW.exe
  2⤵
  PID:8080
- C:\Windows\System\AWnALoz.exe
  C:\Windows\System\AWnALoz.exe
  2⤵
  PID:8092
- C:\Windows\System\wYVDJGX.exe
  C:\Windows\System\wYVDJGX.exe
  2⤵
  PID:8116
- C:\Windows\System\jTEXrhB.exe
  C:\Windows\System\jTEXrhB.exe
  2⤵
  PID:8136
- C:\Windows\System\vcgHSTo.exe
  C:\Windows\System\vcgHSTo.exe
  2⤵
  PID:6304
- C:\Windows\System\uVsNcRK.exe
  C:\Windows\System\uVsNcRK.exe
  2⤵
  PID:5196
- C:\Windows\System\YPASVsb.exe
  C:\Windows\System\YPASVsb.exe
  2⤵
  PID:6408
- C:\Windows\System\gxkSpCY.exe
  C:\Windows\System\gxkSpCY.exe
  2⤵
  PID:6588
- C:\Windows\System\XYQAQEW.exe
  C:\Windows\System\XYQAQEW.exe
  2⤵
  PID:6952
- C:\Windows\System\QHRFIIY.exe
  C:\Windows\System\QHRFIIY.exe
  2⤵
  PID:908
- C:\Windows\System\BwHrlca.exe
  C:\Windows\System\BwHrlca.exe
  2⤵
  PID:6172
- C:\Windows\System\gKZheaH.exe
  C:\Windows\System\gKZheaH.exe
  2⤵
  PID:5808
- C:\Windows\System\uvaiiIB.exe
  C:\Windows\System\uvaiiIB.exe
  2⤵
  PID:7268
- C:\Windows\System\WRZLDhg.exe
  C:\Windows\System\WRZLDhg.exe
  2⤵
  PID:7344
- C:\Windows\System\EwUWDWj.exe
  C:\Windows\System\EwUWDWj.exe
  2⤵
  PID:7392
- C:\Windows\System\LtlxKQK.exe
  C:\Windows\System\LtlxKQK.exe
  2⤵
  PID:7364
- C:\Windows\System\jpSTYGM.exe
  C:\Windows\System\jpSTYGM.exe
  2⤵
  PID:7464
- C:\Windows\System\oYdqjHE.exe
  C:\Windows\System\oYdqjHE.exe
  2⤵
  PID:7500
- C:\Windows\System\vZIBXZb.exe
  C:\Windows\System\vZIBXZb.exe
  2⤵
  PID:2896
- C:\Windows\System\kUaVXiL.exe
  C:\Windows\System\kUaVXiL.exe
  2⤵
  PID:7552
- C:\Windows\System\uQYiZjo.exe
  C:\Windows\System\uQYiZjo.exe
  2⤵
  PID:7628
- C:\Windows\System\edropvK.exe
  C:\Windows\System\edropvK.exe
  2⤵
  PID:7728
- C:\Windows\System\cAzsoAJ.exe
  C:\Windows\System\cAzsoAJ.exe
  2⤵
  PID:2632
- C:\Windows\System\DXYrBPP.exe
  C:\Windows\System\DXYrBPP.exe
  2⤵
  PID:7832
- C:\Windows\System\vRjKIFO.exe
  C:\Windows\System\vRjKIFO.exe
  2⤵
  PID:2664
- C:\Windows\System\RbCoQAF.exe
  C:\Windows\System\RbCoQAF.exe
  2⤵
  PID:7784
- C:\Windows\System\nTPJcNT.exe
  C:\Windows\System\nTPJcNT.exe
  2⤵
  PID:7972
- C:\Windows\System\OJNeEIn.exe
  C:\Windows\System\OJNeEIn.exe
  2⤵
  PID:7816
- C:\Windows\System\fSTjmuI.exe
  C:\Windows\System\fSTjmuI.exe
  2⤵
  PID:8100
- C:\Windows\System\kfTNeQT.exe
  C:\Windows\System\kfTNeQT.exe
  2⤵
  PID:6308
- C:\Windows\System\TePpVER.exe
  C:\Windows\System\TePpVER.exe
  2⤵
  PID:7876
- C:\Windows\System\DoCgIQx.exe
  C:\Windows\System\DoCgIQx.exe
  2⤵
  PID:7988
- C:\Windows\System\JfNhGwH.exe
  C:\Windows\System\JfNhGwH.exe
  2⤵
  PID:8032
- C:\Windows\System\jWmVQlD.exe
  C:\Windows\System\jWmVQlD.exe
  2⤵
  PID:8060
- C:\Windows\System\KquKgll.exe
  C:\Windows\System\KquKgll.exe
  2⤵
  PID:8140
- C:\Windows\System\KaYDMCq.exe
  C:\Windows\System\KaYDMCq.exe
  2⤵
  PID:5288
- C:\Windows\System\SvGaCEw.exe
  C:\Windows\System\SvGaCEw.exe
  2⤵
  PID:7428
- C:\Windows\System\JbBHZhK.exe
  C:\Windows\System\JbBHZhK.exe
  2⤵
  PID:7488
- C:\Windows\System\TmuhMoZ.exe
  C:\Windows\System\TmuhMoZ.exe
  2⤵
  PID:7668
- C:\Windows\System\KTunZMi.exe
  C:\Windows\System\KTunZMi.exe
  2⤵
  PID:7732
- C:\Windows\System\dXrYtaf.exe
  C:\Windows\System\dXrYtaf.exe
  2⤵
  PID:7900
- C:\Windows\System\BmgBDZV.exe
  C:\Windows\System\BmgBDZV.exe
  2⤵
  PID:7852
- C:\Windows\System\MPRfXos.exe
  C:\Windows\System\MPRfXos.exe
  2⤵
  PID:7412
- C:\Windows\System\hWnxToR.exe
  C:\Windows\System\hWnxToR.exe
  2⤵
  PID:7172
- C:\Windows\System\UujOYiw.exe
  C:\Windows\System\UujOYiw.exe
  2⤵
  PID:7952
- C:\Windows\System\JMilBuv.exe
  C:\Windows\System\JMilBuv.exe
  2⤵
  PID:7632
- C:\Windows\System\GbwcLlb.exe
  C:\Windows\System\GbwcLlb.exe
  2⤵
  PID:8012
- C:\Windows\System\fCGwDuz.exe
  C:\Windows\System\fCGwDuz.exe
  2⤵
  PID:7228
- C:\Windows\System\CAOivMY.exe
  C:\Windows\System\CAOivMY.exe
  2⤵
  PID:7324
- C:\Windows\System\gDHqRlB.exe
  C:\Windows\System\gDHqRlB.exe
  2⤵
  PID:7568
- C:\Windows\System\hlRXZoL.exe
  C:\Windows\System\hlRXZoL.exe
  2⤵
  PID:5696
- C:\Windows\System\TbhUDih.exe
  C:\Windows\System\TbhUDih.exe
  2⤵
  PID:2652
- C:\Windows\System\SRZgRAX.exe
  C:\Windows\System\SRZgRAX.exe
  2⤵
  PID:2260
- C:\Windows\System\OhoAyMQ.exe
  C:\Windows\System\OhoAyMQ.exe
  2⤵
  PID:5632
- C:\Windows\System\MbYLZlT.exe
  C:\Windows\System\MbYLZlT.exe
  2⤵
  PID:6900
- C:\Windows\System\SMgwoTP.exe
  C:\Windows\System\SMgwoTP.exe
  2⤵
  PID:8052
- C:\Windows\System\YvIsfAG.exe
  C:\Windows\System\YvIsfAG.exe
  2⤵
  PID:2572
- C:\Windows\System\qaKgmbR.exe
  C:\Windows\System\qaKgmbR.exe
  2⤵
  PID:1700
- C:\Windows\System\SAfeKUg.exe
  C:\Windows\System\SAfeKUg.exe
  2⤵
  PID:7352
- C:\Windows\System\VywEGYg.exe
  C:\Windows\System\VywEGYg.exe
  2⤵
  PID:7184
- C:\Windows\System\zqHquhX.exe
  C:\Windows\System\zqHquhX.exe
  2⤵
  PID:7592
- C:\Windows\System\jrITgRk.exe
  C:\Windows\System\jrITgRk.exe
  2⤵
  PID:4748
- C:\Windows\System\cWiRCzZ.exe
  C:\Windows\System\cWiRCzZ.exe
  2⤵
  PID:2396
- C:\Windows\System\fCQkUdB.exe
  C:\Windows\System\fCQkUdB.exe
  2⤵
  PID:1576
- C:\Windows\System\PbuUQNe.exe
  C:\Windows\System\PbuUQNe.exe
  2⤵
  PID:7304
- C:\Windows\System\eVnjTRl.exe
  C:\Windows\System\eVnjTRl.exe
  2⤵
  PID:1768
- C:\Windows\System\GkrFIVv.exe
  C:\Windows\System\GkrFIVv.exe
  2⤵
  PID:924
- C:\Windows\System\ZNFprLb.exe
  C:\Windows\System\ZNFprLb.exe
  2⤵
  PID:5372
- C:\Windows\System\ugMNhYB.exe
  C:\Windows\System\ugMNhYB.exe
  2⤵
  PID:2932
- C:\Windows\System\ifuRGlG.exe
  C:\Windows\System\ifuRGlG.exe
  2⤵
  PID:2760
- C:\Windows\System\SNaJfvI.exe
  C:\Windows\System\SNaJfvI.exe
  2⤵
  PID:1704
- C:\Windows\System\kfePzdg.exe
  C:\Windows\System\kfePzdg.exe
  2⤵
  PID:7624
- C:\Windows\System\gvsWVyw.exe
  C:\Windows\System\gvsWVyw.exe
  2⤵
  PID:7328
- C:\Windows\System\nGWbmjZ.exe
  C:\Windows\System\nGWbmjZ.exe
  2⤵
  PID:2996
- C:\Windows\System\UfVYAIO.exe
  C:\Windows\System\UfVYAIO.exe
  2⤵
  PID:8056
- C:\Windows\System\kWFlIpG.exe
  C:\Windows\System\kWFlIpG.exe
  2⤵
  PID:6556
- C:\Windows\System\JzFewbS.exe
  C:\Windows\System\JzFewbS.exe
  2⤵
  PID:2984
- C:\Windows\System\GOcsEjO.exe
  C:\Windows\System\GOcsEjO.exe
  2⤵
  PID:8204
- C:\Windows\System\uqjsSee.exe
  C:\Windows\System\uqjsSee.exe
  2⤵
  PID:8240
- C:\Windows\System\VswdROY.exe
  C:\Windows\System\VswdROY.exe
  2⤵
  PID:8256
- C:\Windows\System\RogKRHJ.exe
  C:\Windows\System\RogKRHJ.exe
  2⤵
  PID:8272
- C:\Windows\System\HXJWPgd.exe
  C:\Windows\System\HXJWPgd.exe
  2⤵
  PID:8316
- C:\Windows\System\UqVlTBL.exe
  C:\Windows\System\UqVlTBL.exe
  2⤵
  PID:8332
- C:\Windows\System\rcTaLYY.exe
  C:\Windows\System\rcTaLYY.exe
  2⤵
  PID:8352
- C:\Windows\System\Nqefyzh.exe
  C:\Windows\System\Nqefyzh.exe
  2⤵
  PID:8368
- C:\Windows\System\Zemhhvy.exe
  C:\Windows\System\Zemhhvy.exe
  2⤵
  PID:8384
- C:\Windows\System\WCRUWjs.exe
  C:\Windows\System\WCRUWjs.exe
  2⤵
  PID:8404
- C:\Windows\System\aenDHzR.exe
  C:\Windows\System\aenDHzR.exe
  2⤵
  PID:8420
- C:\Windows\System\HNtmrcx.exe
  C:\Windows\System\HNtmrcx.exe
  2⤵
  PID:8436
- C:\Windows\System\TEQMzZB.exe
  C:\Windows\System\TEQMzZB.exe
  2⤵
  PID:8452
- C:\Windows\System\XsLSvXc.exe
  C:\Windows\System\XsLSvXc.exe
  2⤵
  PID:8468
- C:\Windows\System\sbxZaBp.exe
  C:\Windows\System\sbxZaBp.exe
  2⤵
  PID:8484
- C:\Windows\System\BjTyRUo.exe
  C:\Windows\System\BjTyRUo.exe
  2⤵
  PID:8500
- C:\Windows\System\IhwYyna.exe
  C:\Windows\System\IhwYyna.exe
  2⤵
  PID:8516
- C:\Windows\System\MAeRMmS.exe
  C:\Windows\System\MAeRMmS.exe
  2⤵
  PID:8532
- C:\Windows\System\jzEFfSR.exe
  C:\Windows\System\jzEFfSR.exe
  2⤵
  PID:8548
- C:\Windows\System\qBselZQ.exe
  C:\Windows\System\qBselZQ.exe
  2⤵
  PID:8596
- C:\Windows\System\FPnFyhQ.exe
  C:\Windows\System\FPnFyhQ.exe
  2⤵
  PID:8612
- C:\Windows\System\NdqVJYI.exe
  C:\Windows\System\NdqVJYI.exe
  2⤵
  PID:8632
- C:\Windows\System\GvivDIo.exe
  C:\Windows\System\GvivDIo.exe
  2⤵
  PID:8648
- C:\Windows\System\mdjUnYK.exe
  C:\Windows\System\mdjUnYK.exe
  2⤵
  PID:8664
- C:\Windows\System\ZfjwsIH.exe
  C:\Windows\System\ZfjwsIH.exe
  2⤵
  PID:8680
- C:\Windows\System\xvlZABI.exe
  C:\Windows\System\xvlZABI.exe
  2⤵
  PID:8696
- C:\Windows\System\ddfPili.exe
  C:\Windows\System\ddfPili.exe
  2⤵
  PID:8712
- C:\Windows\System\INAMhEw.exe
  C:\Windows\System\INAMhEw.exe
  2⤵
  PID:8728
- C:\Windows\System\fSMmtuv.exe
  C:\Windows\System\fSMmtuv.exe
  2⤵
  PID:8744
- C:\Windows\System\DIecTuA.exe
  C:\Windows\System\DIecTuA.exe
  2⤵
  PID:8760
- C:\Windows\System\KEcSexS.exe
  C:\Windows\System\KEcSexS.exe
  2⤵
  PID:8776
- C:\Windows\System\uLBCFHY.exe
  C:\Windows\System\uLBCFHY.exe
  2⤵
  PID:8792
- C:\Windows\System\zlbDZRh.exe
  C:\Windows\System\zlbDZRh.exe
  2⤵
  PID:8808
- C:\Windows\System\nZRRmPi.exe
  C:\Windows\System\nZRRmPi.exe
  2⤵
  PID:8824
- C:\Windows\System\iLKNbbv.exe
  C:\Windows\System\iLKNbbv.exe
  2⤵
  PID:8840
- C:\Windows\System\kFItFTr.exe
  C:\Windows\System\kFItFTr.exe
  2⤵
  PID:8856
- C:\Windows\System\covPPFj.exe
  C:\Windows\System\covPPFj.exe
  2⤵
  PID:8872
- C:\Windows\System\UdodtQa.exe
  C:\Windows\System\UdodtQa.exe
  2⤵
  PID:8892
- C:\Windows\System\YLHzivt.exe
  C:\Windows\System\YLHzivt.exe
  2⤵
  PID:8908
- C:\Windows\System\CVzRzrp.exe
  C:\Windows\System\CVzRzrp.exe
  2⤵
  PID:8928
- C:\Windows\System\wAPFGvU.exe
  C:\Windows\System\wAPFGvU.exe
  2⤵
  PID:8944
- C:\Windows\System\nzigEPE.exe
  C:\Windows\System\nzigEPE.exe
  2⤵
  PID:8960
- C:\Windows\System\zgtetJi.exe
  C:\Windows\System\zgtetJi.exe
  2⤵
  PID:8976
- C:\Windows\System\aSwypcH.exe
  C:\Windows\System\aSwypcH.exe
  2⤵
  PID:8992
- C:\Windows\System\ngrIVum.exe
  C:\Windows\System\ngrIVum.exe
  2⤵
  PID:9096
- C:\Windows\System\KaLutFa.exe
  C:\Windows\System\KaLutFa.exe
  2⤵
  PID:9180
- C:\Windows\System\ixokIPu.exe
  C:\Windows\System\ixokIPu.exe
  2⤵
  PID:9196
- C:\Windows\System\DUCjMrf.exe
  C:\Windows\System\DUCjMrf.exe
  2⤵
  PID:9212
- C:\Windows\System\tBgPDYC.exe
  C:\Windows\System\tBgPDYC.exe
  2⤵
  PID:3464
- C:\Windows\System\DVosdLv.exe
  C:\Windows\System\DVosdLv.exe
  2⤵
  PID:1452
- C:\Windows\System\HLQXYvH.exe
  C:\Windows\System\HLQXYvH.exe
  2⤵
  PID:2016
- C:\Windows\System\LXBcbAQ.exe
  C:\Windows\System\LXBcbAQ.exe
  2⤵
  PID:7920
- C:\Windows\System\AkBTTIc.exe
  C:\Windows\System\AkBTTIc.exe
  2⤵
  PID:2360
- C:\Windows\System\HrmKXQZ.exe
  C:\Windows\System\HrmKXQZ.exe
  2⤵
  PID:2592
- C:\Windows\System\xVFCsuc.exe
  C:\Windows\System\xVFCsuc.exe
  2⤵
  PID:8284
- C:\Windows\System\qlqErsR.exe
  C:\Windows\System\qlqErsR.exe
  2⤵
  PID:8300
- C:\Windows\System\ScYOGGw.exe
  C:\Windows\System\ScYOGGw.exe
  2⤵
  PID:8264
- C:\Windows\System\oTDuFYx.exe
  C:\Windows\System\oTDuFYx.exe
  2⤵
  PID:8348
- C:\Windows\System\NquWDrT.exe
  C:\Windows\System\NquWDrT.exe
  2⤵
  PID:8496
- C:\Windows\System\wQYMMJh.exe
  C:\Windows\System\wQYMMJh.exe
  2⤵
  PID:8432
- C:\Windows\System\wGmrHuS.exe
  C:\Windows\System\wGmrHuS.exe
  2⤵
  PID:8556
- C:\Windows\System\PZaVkBz.exe
  C:\Windows\System\PZaVkBz.exe
  2⤵
  PID:8376
- C:\Windows\System\koCiEoc.exe
  C:\Windows\System\koCiEoc.exe
  2⤵
  PID:8480
- C:\Windows\System\ZIqxJpL.exe
  C:\Windows\System\ZIqxJpL.exe
  2⤵
  PID:8544
- C:\Windows\System\mvYAPCP.exe
  C:\Windows\System\mvYAPCP.exe
  2⤵
  PID:8568
- C:\Windows\System\qAsDpdQ.exe
  C:\Windows\System\qAsDpdQ.exe
  2⤵
  PID:8580
- C:\Windows\System\NvdffSa.exe
  C:\Windows\System\NvdffSa.exe
  2⤵
  PID:8676
- C:\Windows\System\uaGlQgt.exe
  C:\Windows\System\uaGlQgt.exe
  2⤵
  PID:8620
- C:\Windows\System\emWPjYl.exe
  C:\Windows\System\emWPjYl.exe
  2⤵
  PID:8692
- C:\Windows\System\dWCotZa.exe
  C:\Windows\System\dWCotZa.exe
  2⤵
  PID:8736
- C:\Windows\System\GnrPBBz.exe
  C:\Windows\System\GnrPBBz.exe
  2⤵
  PID:8880
- C:\Windows\System\UdCOhxx.exe
  C:\Windows\System\UdCOhxx.exe
  2⤵
  PID:8772
- C:\Windows\System\PLJnhIX.exe
  C:\Windows\System\PLJnhIX.exe
  2⤵
  PID:8952
- C:\Windows\System\OhVDbgL.exe
  C:\Windows\System\OhVDbgL.exe
  2⤵
  PID:8836
- C:\Windows\System\RqHcMbM.exe
  C:\Windows\System\RqHcMbM.exe
  2⤵
  PID:8804
- C:\Windows\System\LbXCADV.exe
  C:\Windows\System\LbXCADV.exe
  2⤵
  PID:8936
- C:\Windows\System\yFwyBde.exe
  C:\Windows\System\yFwyBde.exe
  2⤵
  PID:9068
- C:\Windows\System\WvXOTyD.exe
  C:\Windows\System\WvXOTyD.exe
  2⤵
  PID:9044
- C:\Windows\System\ULFcpes.exe
  C:\Windows\System\ULFcpes.exe
  2⤵
  PID:9116
- C:\Windows\System\XVtinPM.exe
  C:\Windows\System\XVtinPM.exe
  2⤵
  PID:9120
- C:\Windows\System\XnKKnLD.exe
  C:\Windows\System\XnKKnLD.exe
  2⤵
  PID:9136
- C:\Windows\System\ConiPCw.exe
  C:\Windows\System\ConiPCw.exe
  2⤵
  PID:9148
- C:\Windows\System\sjVdcEe.exe
  C:\Windows\System\sjVdcEe.exe
  2⤵
  PID:2720
- C:\Windows\System\WXfhxvb.exe
  C:\Windows\System\WXfhxvb.exe
  2⤵
  PID:2692
- C:\Windows\System\IBiWjLA.exe
  C:\Windows\System\IBiWjLA.exe
  2⤵
  PID:2200
- C:\Windows\System\bkPYrMt.exe
  C:\Windows\System\bkPYrMt.exe
  2⤵
  PID:8200
- C:\Windows\System\UWNmXLn.exe
  C:\Windows\System\UWNmXLn.exe
  2⤵
  PID:8212
- C:\Windows\System\zcTwebB.exe
  C:\Windows\System\zcTwebB.exe
  2⤵
  PID:1668
- C:\Windows\System\cVFgYLu.exe
  C:\Windows\System\cVFgYLu.exe
  2⤵
  PID:8280
- C:\Windows\System\IDHzrBX.exe
  C:\Windows\System\IDHzrBX.exe
  2⤵
  PID:9064
- C:\Windows\System\JdywaUZ.exe
  C:\Windows\System\JdywaUZ.exe
  2⤵
  PID:8392
- C:\Windows\System\lFyvmXH.exe
  C:\Windows\System\lFyvmXH.exe
  2⤵
  PID:8492
- C:\Windows\System\CTnRmyo.exe
  C:\Windows\System\CTnRmyo.exe
  2⤵
  PID:8604
- C:\Windows\System\pPwtsBT.exe
  C:\Windows\System\pPwtsBT.exe
  2⤵
  PID:8572
- C:\Windows\System\hLkiqjZ.exe
  C:\Windows\System\hLkiqjZ.exe
  2⤵
  PID:8644
- C:\Windows\System\YgFzOjB.exe
  C:\Windows\System\YgFzOjB.exe
  2⤵
  PID:8784
- C:\Windows\System\jddqaIB.exe
  C:\Windows\System\jddqaIB.exe
  2⤵
  PID:8752
- C:\Windows\System\OkZfPDN.exe
  C:\Windows\System\OkZfPDN.exe
  2⤵
  PID:8820
- C:\Windows\System\KdNYDHk.exe
  C:\Windows\System\KdNYDHk.exe
  2⤵
  PID:8688
- C:\Windows\System\doaoVLg.exe
  C:\Windows\System\doaoVLg.exe
  2⤵
  PID:8848
- C:\Windows\System\MaKeEFG.exe
  C:\Windows\System\MaKeEFG.exe
  2⤵
  PID:9024
- C:\Windows\System\ikbKNpv.exe
  C:\Windows\System\ikbKNpv.exe
  2⤵
  PID:8984
- C:\Windows\System\wleOTab.exe
  C:\Windows\System\wleOTab.exe
  2⤵
  PID:9000
- C:\Windows\System\OichcYU.exe
  C:\Windows\System\OichcYU.exe
  2⤵
  PID:8956
- C:\Windows\System\yqySjCX.exe
  C:\Windows\System\yqySjCX.exe
  2⤵
  PID:9088
- C:\Windows\System\zYrXXYx.exe
  C:\Windows\System\zYrXXYx.exe
  2⤵
  PID:9092
- C:\Windows\System\pIFCeBM.exe
  C:\Windows\System\pIFCeBM.exe
  2⤵
  PID:9128
- C:\Windows\System\jzIbsEb.exe
  C:\Windows\System\jzIbsEb.exe
  2⤵
  PID:1628
- C:\Windows\System\NNaVfTK.exe
  C:\Windows\System\NNaVfTK.exe
  2⤵
  PID:8292
- C:\Windows\System\xrAtlSH.exe
  C:\Windows\System\xrAtlSH.exe
  2⤵
  PID:9204
- C:\Windows\System\KmkPEDX.exe
  C:\Windows\System\KmkPEDX.exe
  2⤵
  PID:1128
- C:\Windows\System\IezXqUf.exe
  C:\Windows\System\IezXqUf.exe
  2⤵
  PID:8588
- C:\Windows\System\qiTAeEK.exe
  C:\Windows\System\qiTAeEK.exe
  2⤵
  PID:8396
- C:\Windows\System\MNssHBl.exe
  C:\Windows\System\MNssHBl.exe
  2⤵
  PID:8916
- C:\Windows\System\BqCLnUO.exe
  C:\Windows\System\BqCLnUO.exe
  2⤵
  PID:8708
- C:\Windows\System\HVszsoc.exe
  C:\Windows\System\HVszsoc.exe
  2⤵
  PID:9052
- C:\Windows\System\bMipKWW.exe
  C:\Windows\System\bMipKWW.exe
  2⤵
  PID:8340
- C:\Windows\System\rAFPYsd.exe
  C:\Windows\System\rAFPYsd.exe
  2⤵
  PID:8660
- C:\Windows\System\FTWeXNK.exe
  C:\Windows\System\FTWeXNK.exe
  2⤵
  PID:8900
- C:\Windows\System\cWCpgqm.exe
  C:\Windows\System\cWCpgqm.exe
  2⤵
  PID:9084
- C:\Windows\System\UoiqSbQ.exe
  C:\Windows\System\UoiqSbQ.exe
  2⤵
  PID:9056
- C:\Windows\System\wKJcFny.exe
  C:\Windows\System\wKJcFny.exe
  2⤵
  PID:9076
- C:\Windows\System\LNkKabD.exe
  C:\Windows\System\LNkKabD.exe
  2⤵
  PID:2400
- C:\Windows\System\fAolPYL.exe
  C:\Windows\System\fAolPYL.exe
  2⤵
  PID:8400
- C:\Windows\System\azroobE.exe
  C:\Windows\System\azroobE.exe
  2⤵
  PID:9192
- C:\Windows\System\cmEamKT.exe
  C:\Windows\System\cmEamKT.exe
  2⤵
  PID:8476
- C:\Windows\System\wxDJtoN.exe
  C:\Windows\System\wxDJtoN.exe
  2⤵
  PID:9228
- C:\Windows\System\PKBwpeU.exe
  C:\Windows\System\PKBwpeU.exe
  2⤵
  PID:9244
- C:\Windows\System\MqzcqZa.exe
  C:\Windows\System\MqzcqZa.exe
  2⤵
  PID:9268
- C:\Windows\System\zrzoiyv.exe
  C:\Windows\System\zrzoiyv.exe
  2⤵
  PID:9284
- C:\Windows\System\aAVXYWt.exe
  C:\Windows\System\aAVXYWt.exe
  2⤵
  PID:9300
- C:\Windows\System\zXkAQaH.exe
  C:\Windows\System\zXkAQaH.exe
  2⤵
  PID:9316
- C:\Windows\System\XravmvC.exe
  C:\Windows\System\XravmvC.exe
  2⤵
  PID:9336
- C:\Windows\System\pgabwWe.exe
  C:\Windows\System\pgabwWe.exe
  2⤵
  PID:9360
- C:\Windows\System\HIQEcoV.exe
  C:\Windows\System\HIQEcoV.exe
  2⤵
  PID:9376
- C:\Windows\System\ZgzKUae.exe
  C:\Windows\System\ZgzKUae.exe
  2⤵
  PID:9400
- C:\Windows\System\gSEITWL.exe
  C:\Windows\System\gSEITWL.exe
  2⤵
  PID:9416
- C:\Windows\System\rgyeYgO.exe
  C:\Windows\System\rgyeYgO.exe
  2⤵
  PID:9440
- C:\Windows\System\efuSclj.exe
  C:\Windows\System\efuSclj.exe
  2⤵
  PID:9456
- C:\Windows\System\KLdxNYY.exe
  C:\Windows\System\KLdxNYY.exe
  2⤵
  PID:9472
- C:\Windows\System\WrOOGgC.exe
  C:\Windows\System\WrOOGgC.exe
  2⤵
  PID:9488
- C:\Windows\System\NqENvVZ.exe
  C:\Windows\System\NqENvVZ.exe
  2⤵
  PID:9504
- C:\Windows\System\omhzlJq.exe
  C:\Windows\System\omhzlJq.exe
  2⤵
  PID:9520
- C:\Windows\System\XUIRcmI.exe
  C:\Windows\System\XUIRcmI.exe
  2⤵
  PID:9536
- C:\Windows\System\FOPIpgG.exe
  C:\Windows\System\FOPIpgG.exe
  2⤵
  PID:9552
- C:\Windows\System\lgPFZpW.exe
  C:\Windows\System\lgPFZpW.exe
  2⤵
  PID:9568
- C:\Windows\System\yTsaxgy.exe
  C:\Windows\System\yTsaxgy.exe
  2⤵
  PID:9584
- C:\Windows\System\xjupmBs.exe
  C:\Windows\System\xjupmBs.exe
  2⤵
  PID:9604
- C:\Windows\System\YTUhTVp.exe
  C:\Windows\System\YTUhTVp.exe
  2⤵
  PID:9624
- C:\Windows\System\VVIvGQc.exe
  C:\Windows\System\VVIvGQc.exe
  2⤵
  PID:9700
- C:\Windows\System\mkfcsjp.exe
  C:\Windows\System\mkfcsjp.exe
  2⤵
  PID:9760
- C:\Windows\System\pfMaJxA.exe
  C:\Windows\System\pfMaJxA.exe
  2⤵
  PID:9780
- C:\Windows\System\CBXEoPA.exe
  C:\Windows\System\CBXEoPA.exe
  2⤵
  PID:9796
- C:\Windows\System\IZSOCsK.exe
  C:\Windows\System\IZSOCsK.exe
  2⤵
  PID:9812
- C:\Windows\System\CQHrphJ.exe
  C:\Windows\System\CQHrphJ.exe
  2⤵
  PID:9828
- C:\Windows\System\OERGYDk.exe
  C:\Windows\System\OERGYDk.exe
  2⤵
  PID:9844
- C:\Windows\System\jcMBeQm.exe
  C:\Windows\System\jcMBeQm.exe
  2⤵
  PID:9860
- C:\Windows\System\nBWZaIs.exe
  C:\Windows\System\nBWZaIs.exe
  2⤵
  PID:9876
- C:\Windows\System\gmVRQBa.exe
  C:\Windows\System\gmVRQBa.exe
  2⤵
  PID:9892
- C:\Windows\System\MOndKJn.exe
  C:\Windows\System\MOndKJn.exe
  2⤵
  PID:9908
- C:\Windows\System\grSwwjy.exe
  C:\Windows\System\grSwwjy.exe
  2⤵
  PID:9924
- C:\Windows\System\lDnSkKr.exe
  C:\Windows\System\lDnSkKr.exe
  2⤵
  PID:9940
- C:\Windows\System\QkmRZSo.exe
  C:\Windows\System\QkmRZSo.exe
  2⤵
  PID:9956
- C:\Windows\System\pawKtXC.exe
  C:\Windows\System\pawKtXC.exe
  2⤵
  PID:9972
- C:\Windows\System\JBrSkyl.exe
  C:\Windows\System\JBrSkyl.exe
  2⤵
  PID:9988
- C:\Windows\System\ERNPGOq.exe
  C:\Windows\System\ERNPGOq.exe
  2⤵
  PID:10004
- C:\Windows\System\DVdsooj.exe
  C:\Windows\System\DVdsooj.exe
  2⤵
  PID:10020
- C:\Windows\System\Lfrmhxj.exe
  C:\Windows\System\Lfrmhxj.exe
  2⤵
  PID:10036
- C:\Windows\System\DzFXhSk.exe
  C:\Windows\System\DzFXhSk.exe
  2⤵
  PID:10052
- C:\Windows\System\tJCUJPW.exe
  C:\Windows\System\tJCUJPW.exe
  2⤵
  PID:10068
- C:\Windows\System\shGEORX.exe
  C:\Windows\System\shGEORX.exe
  2⤵
  PID:10084
- C:\Windows\System\UrsAgUF.exe
  C:\Windows\System\UrsAgUF.exe
  2⤵
  PID:10112
- C:\Windows\System\jwoPbbO.exe
  C:\Windows\System\jwoPbbO.exe
  2⤵
  PID:10132
- C:\Windows\System\nnghuTl.exe
  C:\Windows\System\nnghuTl.exe
  2⤵
  PID:10148
- C:\Windows\System\iToJQsS.exe
  C:\Windows\System\iToJQsS.exe
  2⤵
  PID:10164
- C:\Windows\System\fReUqkf.exe
  C:\Windows\System\fReUqkf.exe
  2⤵
  PID:10180
- C:\Windows\System\qteIzxA.exe
  C:\Windows\System\qteIzxA.exe
  2⤵
  PID:10196
- C:\Windows\System\KxHaJBz.exe
  C:\Windows\System\KxHaJBz.exe
  2⤵
  PID:10224
- C:\Windows\System\gUKiOPQ.exe
  C:\Windows\System\gUKiOPQ.exe
  2⤵
  PID:9028
- C:\Windows\System\KHAuRBb.exe
  C:\Windows\System\KHAuRBb.exe
  2⤵
  PID:8524
- C:\Windows\System\oFwZsXh.exe
  C:\Windows\System\oFwZsXh.exe
  2⤵
  PID:8832
- C:\Windows\System\GkAUpAH.exe
  C:\Windows\System\GkAUpAH.exe
  2⤵
  PID:9104
- C:\Windows\System\hFavypr.exe
  C:\Windows\System\hFavypr.exe
  2⤵
  PID:8560
- C:\Windows\System\nzAvsXX.exe
  C:\Windows\System\nzAvsXX.exe
  2⤵
  PID:9252
- C:\Windows\System\tKUCfhq.exe
  C:\Windows\System\tKUCfhq.exe
  2⤵
  PID:9296
- C:\Windows\System\cKOEtZz.exe
  C:\Windows\System\cKOEtZz.exe
  2⤵
  PID:9368
- C:\Windows\System\jOoEleL.exe
  C:\Windows\System\jOoEleL.exe
  2⤵
  PID:9448
- C:\Windows\System\iGEiQAT.exe
  C:\Windows\System\iGEiQAT.exe
  2⤵
  PID:9512
- C:\Windows\System\dJXXTid.exe
  C:\Windows\System\dJXXTid.exe
  2⤵
  PID:9276
- C:\Windows\System\VpZCkQl.exe
  C:\Windows\System\VpZCkQl.exe
  2⤵
  PID:9348
- C:\Windows\System\mxgZrZb.exe
  C:\Windows\System\mxgZrZb.exe
  2⤵
  PID:9388
- C:\Windows\System\tQDqkqF.exe
  C:\Windows\System\tQDqkqF.exe
  2⤵
  PID:9428
- C:\Windows\System\WseobJL.exe
  C:\Windows\System\WseobJL.exe
  2⤵
  PID:9468
- C:\Windows\System\NbwieLm.exe
  C:\Windows\System\NbwieLm.exe
  2⤵
  PID:9532
- C:\Windows\System\kFfFQkn.exe
  C:\Windows\System\kFfFQkn.exe
  2⤵
  PID:9596
- C:\Windows\System\iCneRxb.exe
  C:\Windows\System\iCneRxb.exe
  2⤵
  PID:9632
- C:\Windows\System\ZgEELQb.exe
  C:\Windows\System\ZgEELQb.exe
  2⤵
  PID:9616
- C:\Windows\System\UlnpEMA.exe
  C:\Windows\System\UlnpEMA.exe
  2⤵
  PID:9640
- C:\Windows\System\oEIYrfg.exe
  C:\Windows\System\oEIYrfg.exe
  2⤵
  PID:9656
- C:\Windows\System\rcTQmdf.exe
  C:\Windows\System\rcTQmdf.exe
  2⤵
  PID:9672
- C:\Windows\System\dQcEeIB.exe
  C:\Windows\System\dQcEeIB.exe
  2⤵
  PID:9688
- C:\Windows\System\RQTDnDl.exe
  C:\Windows\System\RQTDnDl.exe
  2⤵
  PID:9712
- C:\Windows\System\cAHPvxe.exe
  C:\Windows\System\cAHPvxe.exe
  2⤵
  PID:9732
- C:\Windows\System\gWDgUhl.exe
  C:\Windows\System\gWDgUhl.exe
  2⤵
  PID:9748
- C:\Windows\System\DKTbyBb.exe
  C:\Windows\System\DKTbyBb.exe
  2⤵
  PID:9808
- C:\Windows\System\yGxotVM.exe
  C:\Windows\System\yGxotVM.exe
  2⤵
  PID:9820
- C:\Windows\System\bUNiOQO.exe
  C:\Windows\System\bUNiOQO.exe
  2⤵
  PID:9884
- C:\Windows\System\MDKkELE.exe
  C:\Windows\System\MDKkELE.exe
  2⤵
  PID:9980
- C:\Windows\System\XlNuUFY.exe
  C:\Windows\System\XlNuUFY.exe
  2⤵
  PID:10032
- C:\Windows\System\xkQqbrw.exe
  C:\Windows\System\xkQqbrw.exe
  2⤵
  PID:9904
- C:\Windows\System\BMqxtWj.exe
  C:\Windows\System\BMqxtWj.exe
  2⤵
  PID:10080
- C:\Windows\System\gVechfM.exe
  C:\Windows\System\gVechfM.exe
  2⤵
  PID:10100
- C:\Windows\System\FCPFzAu.exe
  C:\Windows\System\FCPFzAu.exe
  2⤵
  PID:10104
- C:\Windows\System\yEFmmdZ.exe
  C:\Windows\System\yEFmmdZ.exe
  2⤵
  PID:10176
- C:\Windows\System\SVWqOHp.exe
  C:\Windows\System\SVWqOHp.exe
  2⤵
  PID:10220
- C:\Windows\System\sHvZPtr.exe
  C:\Windows\System\sHvZPtr.exe
  2⤵
  PID:10120
- C:\Windows\System\XNVXvrr.exe
  C:\Windows\System\XNVXvrr.exe
  2⤵
  PID:10160
- C:\Windows\System\JbADLyp.exe
  C:\Windows\System\JbADLyp.exe
  2⤵
  PID:10236
- C:\Windows\System\QpTQviF.exe
  C:\Windows\System\QpTQviF.exe
  2⤵
  PID:9220
- C:\Windows\System\qiTpLfU.exe
  C:\Windows\System\qiTpLfU.exe
  2⤵
  PID:9152
- C:\Windows\System\oWazZJD.exe
  C:\Windows\System\oWazZJD.exe
  2⤵
  PID:9412
- C:\Windows\System\vqPdZdb.exe
  C:\Windows\System\vqPdZdb.exe
  2⤵
  PID:9312
- C:\Windows\System\WHmZSwO.exe
  C:\Windows\System\WHmZSwO.exe
  2⤵
  PID:9548
- C:\Windows\System\lYwZxdM.exe
  C:\Windows\System\lYwZxdM.exe
  2⤵
  PID:9464
- C:\Windows\System\jAkCcXW.exe
  C:\Windows\System\jAkCcXW.exe
  2⤵
  PID:9612
- C:\Windows\System\SXvHAYq.exe
  C:\Windows\System\SXvHAYq.exe
  2⤵
  PID:9740
- C:\Windows\System\arQXzbl.exe
  C:\Windows\System\arQXzbl.exe
  2⤵
  PID:1008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AURoKdf.exe

Filesize
6.0MB

MD5
cadc0e90965cd066fa42a059e0a68a80

SHA1
e4f18348668ac9a442fed45b0d0b6944f16ae5cc

SHA256
4d180ddbd5b2d06b6b378a0e9b759e5f5bb4f3b1ea14dae02f48f46d498d8a39

SHA512
9c9e8eb01211ec7235a073507d224ac6006f6b3df8e366c935c7bbf76e423e8b67ba4f3af84f90d7616be3d6630678ee21ef1adce208fdc889e428a2798a6813

Download Submit
C:\Windows\system\BsDKdYs.exe

Filesize
6.0MB

MD5
bd3aa76323bbc7ebf20e92494b59c41a

SHA1
cd28732bbedf5c17807dc1cb1546c107c55255f4

SHA256
3930144d2497ffa07a99d33229a0dbeae7f9793e4a9564f4a77db1cd4a6de718

SHA512
b632c83f5bd3106ca9eff19d1421a316101be098a73d64a8cf8d39f2dc3513ebb725e2d03da95e33f532072b1cff605b1f296b997c9b1a5ab0701dce22472ec3

Download Submit
C:\Windows\system\FDSFIMQ.exe

Filesize
6.0MB

MD5
929c99af1dd8d3f505b247743f0c0307

SHA1
4253527d4bf122e38cafa86dc8588597119a1862

SHA256
b25d0dbc6d3c77dfffcb7b3757843db31dfc8610e2ad234a089a3f010a207a2e

SHA512
f2b43a7db09bfa4563f1a0d742fe37d412feb405e1a2c51d0ecdc0dedece65056cd0979e97b31eee263a5963797ebf9f1ebbb1232ecc06f5aa510dc85feccba7

Download Submit
C:\Windows\system\FiAxPFx.exe

Filesize
6.0MB

MD5
90f25db88c3e8e5eb91dad9c5d4045b0

SHA1
0998271479708e75dbfd1e378771bb2f2f887bde

SHA256
84f1c765143b7fbd0457d77d7f8fbee4a1ac8eba435da797d430fd2e0eec93b8

SHA512
5c8cd59f5f6dfc455301e85d61224c4bd358593937da68106b18ed4af9139b6f903354ee9463d1abebd7634dd1493c3be26911b248de4bf04434ae03f0f27803

Download Submit
C:\Windows\system\GRLIZth.exe

Filesize
6.0MB

MD5
b05edce2bcaf429a651733b6074db661

SHA1
8e2b204ad2be65ee16f56b64d04545613a3208ae

SHA256
e4b432a341619ecf29bc2ce6b57aa96eb3ae5019abf51762c6dbaaa336ec2e88

SHA512
9bc5b6e14d733936ba177f2895553c84521328254a06ad58a24241cec73bd4fc5a1a9502b0d330e28278646e51653a1d030a8c33939b02da4ddf6fbb53d409bd

Download Submit
C:\Windows\system\Gjqnhoc.exe

Filesize
6.0MB

MD5
a2c08af5ef67834bd060db276a65d4cf

SHA1
a926afc863f0c249a240e6f7aee0883ebc2100f0

SHA256
c0359e99103cf65b0feb7aa7481be0f11cc5b28c5a7dc4bfeb4c1dbdf5ce474f

SHA512
b2200d848c5a421d1ec2cb6c3acd9e5cfd2f887ea91c1b28007e73175faf73ee00199ae9bab462ef61c7279b2f135af0558855055d84422b06abce5f9758fd81

Download Submit
C:\Windows\system\MrLtccA.exe

Filesize
6.0MB

MD5
0f29bd3694cfec91f04322040db5ced9

SHA1
c239f54d02c0f52d975c680faa9e8e1113266e56

SHA256
7af3271a3d140e84439142f2100ad1b0cd9101d2525120ec8eb78b49d3728d3d

SHA512
832704faaa64572a9524354deb81457fb5aca23311d967ed13337fb6461758ca8acd289a7343ac0c384f8633fbba7a289b4df014c97d8ffaa404ea3375687ef5

Download Submit
C:\Windows\system\OPVtBfv.exe

Filesize
6.0MB

MD5
b6728bdec053e05fe7909dce0f64cdd9

SHA1
ddf6ac0d7079ec0208bd8ceddfa479a8f892a38b

SHA256
ba1abe7bba3dec311847a661dcb6ea2da4b44f0627aa1c55384df914c5a5f95a

SHA512
dc20d2733d8d1387f447102b36aa53a3b1f230920e1c86f8ddf674fef8765d36f1299de25e97175ea7b7ce76360849244f2be37b3c02bf22d554e16597d4e335

Download Submit
C:\Windows\system\OphbOoX.exe

Filesize
6.0MB

MD5
34c9d2847fd3626e65d8df3f54f4c9ea

SHA1
5544f2a23e704bb5c87ee1eebf21d88be3bcbd9a

SHA256
37a8c168a24f21f060ed1cc98c616d8a6e8b818ed79de0ce39960602170b12ba

SHA512
accb5b350f64743a26f9a6b317580dc8ad8072b30d6b4d7f98fe9c08a21d64b3bc7aef81b1d80433e4a2aa8374a9b2850cfbc5978423a351bc5f7a6597c523ed

Download Submit
C:\Windows\system\QHOYSTC.exe

Filesize
6.0MB

MD5
620b3fa2e3f5778d361612f4147737d7

SHA1
c6207d4c00d3697ca00a582aed13e952c9475ed2

SHA256
7716e2353c0802303b148de032e0b6b2889674a77dc1ebf5e4da0d73502b493d

SHA512
90f9d843c57073994a77ff3381975962bd02de33ad5fc0eb4ae15b79b8654082bb5de7b58d7e524755c407fbd6dca7043536fada53fcfa5647575f8879dfdf9c

Download Submit
C:\Windows\system\SPtYSWZ.exe

Filesize
6.0MB

MD5
7deeb1a6d335b303924ff9f304ea8efb

SHA1
582729bf9272ec04edb4bf1f68f449ae6fd95723

SHA256
e1346472befa6d1c2efa4fe66900091c80d48c1542a98a96cb0494db870151fc

SHA512
8473092c03d9dda1ad6fbe7b2005fc12f568553b55e952e4c7466fe1c3f8602558e8695c6658731cbb560720176ec9f3be0f209c6aa31ee6ece9abdb75cded74

Download Submit
C:\Windows\system\SpRyIcH.exe

Filesize
6.0MB

MD5
b9ce99672d2a7c785c17ea6b1329d21e

SHA1
6d1ac90f55ec919773d4cb901d784bcbf75c645f

SHA256
47849d4aa076fa031b9a05f53a8d175abf4f9f56cd175394a15c458fb6d7e148

SHA512
17907f7bebf3ba4afbf9293ee73fe5ed0c9d69bf1ca741aac987991a1effa02c37ecef168f0e7061785ba71ab7488ecb53fcb4cc63e6ca38742bc3a27a07b7fa

Download Submit
C:\Windows\system\TUPaiRz.exe

Filesize
6.0MB

MD5
207f47db5827e3cebec4e89d9bf671af

SHA1
fc04e37ee62b307896c1b0dcc9caebda135ed7ea

SHA256
990b4db35591bd86479c7fed823f05001da586cd3993f6fbe391e31b98a729e0

SHA512
3acfaf251d0cb8eb304d650594124b316cc967c92870e03b76b7a4a1776b08103b5f629044324d26edc6d44256a35d657a039ed1eb3eb188294918646d89dfed

Download Submit
C:\Windows\system\VZVljaL.exe

Filesize
6.0MB

MD5
66cb6b80ccf493d95c27d6c969b32a3d

SHA1
08b1525d2ab8987d9c1d0689fe61795fc8a7596c

SHA256
9338414f522203e005b725aac494fe16b452b69b199ccd27e20f027adadf3ce2

SHA512
8790d5d504641047a00d6171de9f0c576bedfeea720bc5c3029ee1829e80ceec83643994894a952bca0f2e622c84cb668406999bfcf964dc82e0c9e535a4dee6

Download Submit
C:\Windows\system\XMcTffa.exe

Filesize
6.0MB

MD5
a837bf26fba53dc5a673f4be06bbef41

SHA1
51cb40c832ee6a372257af33c16586ef13b2ba74

SHA256
551af46618592a02f16e2ef27715cb966f6d92437f43a693ab0082e48aef707c

SHA512
fd50cc4d0125b9839497da19a0a3317ca9b6e0b34aa2ebdf0e2b92070fd83a7f0a623c6ac8063180b091d27cd2feadbc1530c375a7d89606fb6de3a55b20d39d

Download Submit
C:\Windows\system\ZdLXvrk.exe

Filesize
6.0MB

MD5
cbd084be698c3b521021331749453260

SHA1
2a586d5219635212f5b2b839c3853a2d4027328f

SHA256
aac50ebfac427e28356a5a5ff7dfecc4b1a4eacacce81e59435bcbb20df3a898

SHA512
7f8df9c41485545484415290cc1ed82ff8bee276ee1412792e222c834059347639d1b107ac6dfc5a49963e20c7fae0f84881acacbf46c1fc03d87110c76c7f03

Download Submit
C:\Windows\system\buPLHUm.exe

Filesize
6.0MB

MD5
efc3c35fe4023525ec5fc899233d5a55

SHA1
52bf82fdc0b92aa9ca03ac912b08f0f524136d34

SHA256
1595f65bf382bdf719d215035b457c35a502d1861e0736839a81fde06958f1fb

SHA512
c53a0264ad4285d7b77c4489de02781390222ee740bd104c02f0decad791a3c52729f504e911ea5c9bbabea18c026660dd6c9d0c6b8d072f70b2e8f860d84ac4

Download Submit
C:\Windows\system\hkcHquJ.exe

Filesize
6.0MB

MD5
53e02c8c34f004bf7a08415983dafa5e

SHA1
c973c61a4590b9bb92557a5f8fbc9517bd0899b0

SHA256
65a4ffe52a5e5f7395b6bdc8411ecb5f83a5efa36fef1108365263472d906280

SHA512
f7238b530d8fbda9d6a03092c3cadfea31de9d8f14f123be7864b5d9c64abefc39ded890bfe14a5fb3a73900bbe43c44aaa14ff8820493d872e4e0c046e45d51

Download Submit
C:\Windows\system\ltdowNX.exe

Filesize
6.0MB

MD5
0b484854b864f12d2c34f8db874e2aec

SHA1
3be79320f684cbdc9548d3de55fa354010e4736b

SHA256
d8522c4119e46bb1778ea188b6318f96331784e6c9bfd53a0f08983444de858c

SHA512
29579680e6e0b4a8adf0794631acdc8c208b5aa5726b61de784e2c5a91b34f15555ac93f849046e69c2338b3785aa09083f0f0d20118cdf2698c71fb7de41656

Download Submit
C:\Windows\system\mMFSwiD.exe

Filesize
6.0MB

MD5
0fc25bf592d6bc06672a0039986a4602

SHA1
eab51fca38ca15521a52f8282f0619810721de9a

SHA256
603b05fe59f777c2248e17f0d57efd41762e4648be1065fce4e36274902f89d6

SHA512
69dba64809b6393b2697fd0051a8a65b0c791cd52f4a71c14e980ff9c1c73a77ffb299c60d8b62466a7aabd3f287ab1eed2732ddf82c9058da1c28e02efe0b81

Download Submit
C:\Windows\system\tALJYDD.exe

Filesize
6.0MB

MD5
6ecabfa6ddceb6c694e66b82157463cb

SHA1
b62898aceb47f2c6d77cec919b5dedfce37063b9

SHA256
aaf7932c5b45ee13872203691acecd81f81cf2dc6d67760a144d8a4988043817

SHA512
0494359780e81cb54e741b1c944e571bb2f41829142504d5564066017822cba84f6eed61049e0ccb77754832e7e2c850b2f31f0cbe9aeec6565df996039a08f1

Download Submit
C:\Windows\system\uDYaZuW.exe

Filesize
6.0MB

MD5
60ef855088dcc5925144e4870e703de1

SHA1
e12806030f57600e1addd872fdb2e842b4ba1760

SHA256
97a6c73ccb3e415c8bc1836ad6ea1629fc09d8d06182b903dd2d15ed78fee01c

SHA512
6da8f2a1a23dc338828ec75ecfa2aa207db374a15db883f0751e5f72de27298bdafbfc03edee2765959d0a8a8b5a8840861e330bb8ed4fbccd039a4041316198

Download Submit
C:\Windows\system\vCXBWtk.exe

Filesize
6.0MB

MD5
4ab8c5d56307eb45a4a0891f442612b5

SHA1
a543b4cb0559d7ca164d35a7df5fe0160b8e8b40

SHA256
a2b6552c1034112f3c2d5772505ccab276be4c4ea136b9c372df8553ab6040f6

SHA512
19e858fab27f32cede2b1113565e8d09eaea7de1146737f25f6efa75b429e64a786fb4d06b6f9e098bf9f7787433c4d51cc938b94f08585c1115c441dfbb431f

Download Submit
C:\Windows\system\yABeZGq.exe

Filesize
6.0MB

MD5
3a4edd78c6877c26d682d4e5c42d4edc

SHA1
8bb175acd7e9665d1b140d78ea655a6a3ac42c08

SHA256
96ab8cfd691564ab31ed104e0d3524d443461d3ff8a7b338281c561b091959e8

SHA512
10ad61ea58c68ea74a10ef2649f1b6234b73ec5e2bd9711f14fc9b7958a559eada771e36addee5a071c4ed40afc6ea439f5f051573761edde0e743e31533cf70

Download Submit
C:\Windows\system\yoFVHcM.exe

Filesize
6.0MB

MD5
447b99f738f6159876259609bdc05148

SHA1
05dda5700c37e4c203292c12d913fcd9ad9b48f8

SHA256
58894d31fc674b4eee99bc2625c4ba88f653532c495300c6c1048feac9af9ecf

SHA512
d177fd934395872f553d708a347ece0b374a09af90634b04183014578d0234b456c69d35a56a3b7079108abcd699460ba2017e8fdef1d90ac4817a21b603c10c

Download Submit
C:\Windows\system\yqKbolR.exe

Filesize
6.0MB

MD5
c4de9340a727ead83f7230e96cfe670b

SHA1
0d3ac0e2a12053e6f62ff22cacc5b79a913cb79c

SHA256
9bec4cd293723c67adbfd67968688dd6aa9245fdab883cf059eeaad1b6584e56

SHA512
a5587722e40728b034a07525f3aceda600ae956781a22515cd5597f87df1caf041f9c216024d454796b02dbdccc11d7d6b6189d0c8b9ff97e2c478afc49a75f5

Download Submit
\Windows\system\GIHewYw.exe

Filesize
6.0MB

MD5
7a164a881a19b5e26dca76a745b82763

SHA1
2789672ad177fe3f46fc69a4ca947127f1213db2

SHA256
d88dda51019959d68b25abea6ce58d904e0b47743bb35dd7cde05492cbfe93d6

SHA512
0c20e9d9354570f38278306ef2c1d6482a16cfd983d77fc5aed9432111f5233ad8107e7b9ab3abdb8fbbdedb80175773b952944caa92700d6b99a0782aa882b0

Download Submit
\Windows\system\RKyKCUX.exe

Filesize
6.0MB

MD5
e5b5f66720382861b3fa85f1ae5adedb

SHA1
203cc4e941f9587180e9fb7288d4e355b89ade07

SHA256
e233a894ae7cf08ac4608e5c77020c5feee84bf5d4cd3e8b9227a1e26075936b

SHA512
2c338cacd5ee34fccdb84c81f94b374289db2741b8a8a19a03fff8d366d00e00a03856e7fe83805ba0b2001add6c48dc387ce3b20db54f09d66b58ce81605a98

Download Submit
\Windows\system\SisEkNc.exe

Filesize
6.0MB

MD5
de457979546e7c0a94d6ad465f3788df

SHA1
575f59d3234071b3f0982e256ec2a58395b8caf4

SHA256
a2e56fd7c311e67426708e5cb5d062b8889c64d91407ccbba77722696476289f

SHA512
23afa6540e24261bc5bf27cd2dd7a6f3e75a15ba7436cffd639f52e704a6ae9879b3e851dd06096cc6c5a89e0e9f319dc4a1c0026ff3c1baa83fb64b14c9f7fe

Download Submit
\Windows\system\fRxXOKM.exe

Filesize
6.0MB

MD5
40650a73b28f1713e2ec865d50b82a07

SHA1
7bc592cbb7fca144c35564202693a89bcd387aa0

SHA256
2f1b39809908814a672acaf3dadfca16faf297ea93f16244c77ed7a22fcf72f3

SHA512
c8ba384360696630275d96f09434b126aca3a90e1767be3e7b7d831d84c1f8bd9f9fc709ad2312f76feb28cc3aad4d416d1eba111031ba366d9f65f8dfe0e01a

Download Submit
\Windows\system\jQerNNx.exe

Filesize
6.0MB

MD5
014cb8167fc07cfee413f12c2a6bd818

SHA1
643224afdb9f20524fb509a66cac211874e503da

SHA256
36abff3f02280e112c44262560eec5db6bcdd7bc08956a8c44f74e35b217c7fb

SHA512
57e7661c0407f896fee2fb78f08c6fba79b82595eb66d026996c85aea255c81feef63226b8f6aee0df0cd8037c9633982910308fec5da441917b7e40ebdd5bb5

Download Submit
\Windows\system\kGXRgPu.exe

Filesize
6.0MB

MD5
64283cb15df032da438811eaefe20b8d

SHA1
96c20ad972efd8fa5155f857b22391afeaec9913

SHA256
1aa2968f718dce87f861630c5b92b021fa40cff74a0f0acc3e22e98a7d1f4f06

SHA512
571ed83feab6b86fa38943de32409cff728ac95f83db74663b6c582908e539827e6031249fe6606094735500b15e38149341e7ffef377a30c6bb85b034671e48

Download Submit
memory/316-9-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/316-4008-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-103-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2212-91-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-4006-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-93-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2408-92-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2408-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2408-8-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-42-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2408-105-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2408-104-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2408-71-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2408-17-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-79-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-26-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-99-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2408-911-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2408-1018-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2408-1019-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-48-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-1198-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2408-23-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-97-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2408-96-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2408-95-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2408-94-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-0-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-251-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-1125-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2440-4003-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-496-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-21-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4011-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-100-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-4009-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-102-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-4004-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-101-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-4010-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-27-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-4005-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-46-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-910-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-29-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-4013-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-107-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/3028-4007-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/3060-106-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-4012-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download