cobaltstrike | 43f675239b1a3bc3803ceaddbccc5cb92ddd56000c59e3335bee1c5f476d08d3

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/12/2024, 19:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8801d335d289070c0cd46f9ae97c4c60
SHA1

509706c4e02dfcb5a8d904f3c2ec0663a931800e
SHA256

43f675239b1a3bc3803ceaddbccc5cb92ddd56000c59e3335bee1c5f476d08d3
SHA512

fdb047adf8394a9d7bd4eed66fe4a4d22a70ba656b41a6f7896f0e10d335b4e311e4ddcfbdd9ea0c42dbb774fa99dbed70f551ee05bd035b427e26b0d61aeb17
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUn:T+q56utgpPF8u/7n

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012282-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173f4-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017472-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017487-22.dat	cobalt_reflective_dll
behavioral1/files/0x003600000001706d-32.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174a2-36.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001928c-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-70.dat	cobalt_reflective_dll
behavioral1/files/0x0017000000018663-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019356-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a5-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019442-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-193.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c9-188.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ae-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946e-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946b-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944d-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019423-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019397-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936b-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019353-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-101.dat	cobalt_reflective_dll
behavioral1/files/0x000f00000001866e-98.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017525-50.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2364-0-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x000b000000012282-3.dat	xmrig
behavioral1/memory/2704-8-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x00080000000173f4-9.dat	xmrig
behavioral1/memory/2788-13-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x0007000000017472-11.dat	xmrig
behavioral1/memory/2688-20-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x0007000000017487-22.dat	xmrig
behavioral1/memory/2580-27-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/1236-35-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2364-34-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x003600000001706d-32.dat	xmrig
behavioral1/files/0x00070000000174a2-36.dat	xmrig
behavioral1/memory/2704-42-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2556-43-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2632-52-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2688-71-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2364-73-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x000500000001928c-81.dat	xmrig
behavioral1/files/0x0005000000019259-70.dat	xmrig
behavioral1/files/0x0017000000018663-69.dat	xmrig
behavioral1/files/0x0005000000019266-67.dat	xmrig
behavioral1/files/0x0005000000019356-113.dat	xmrig
behavioral1/files/0x00050000000193a5-131.dat	xmrig
behavioral1/files/0x0005000000019442-153.dat	xmrig
behavioral1/memory/1768-1104-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/1316-1001-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/1772-905-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2364-740-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2632-533-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2556-320-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x00050000000194df-193.dat	xmrig
behavioral1/files/0x00050000000194c9-188.dat	xmrig
behavioral1/files/0x00050000000194ae-183.dat	xmrig
behavioral1/files/0x000500000001946e-178.dat	xmrig
behavioral1/files/0x000500000001946b-173.dat	xmrig
behavioral1/files/0x000500000001945c-168.dat	xmrig
behavioral1/files/0x0005000000019458-163.dat	xmrig
behavioral1/files/0x000500000001944d-158.dat	xmrig
behavioral1/files/0x0005000000019438-148.dat	xmrig
behavioral1/files/0x0005000000019426-143.dat	xmrig
behavioral1/files/0x0005000000019423-138.dat	xmrig
behavioral1/files/0x0005000000019397-128.dat	xmrig
behavioral1/files/0x000500000001937b-123.dat	xmrig
behavioral1/files/0x000500000001936b-118.dat	xmrig
behavioral1/files/0x0005000000019353-109.dat	xmrig
behavioral1/memory/1768-107-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/1236-106-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x0005000000019284-105.dat	xmrig
behavioral1/memory/1316-102-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019263-101.dat	xmrig
behavioral1/memory/1772-100-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2580-99-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x000f00000001866e-98.dat	xmrig
behavioral1/memory/2924-97-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2364-96-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2316-95-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2644-89-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2384-88-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2364-78-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2788-51-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x0007000000017525-50.dat	xmrig
behavioral1/memory/2704-3421-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2788-3434-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2704	lOItHWY.exe
2788	UFLUvIy.exe
2688	TqHSzAI.exe
2580	KKdkgzg.exe
1236	ZrzvwZt.exe
2556	AlnZSkB.exe
2632	WozlNuB.exe
2384	FVHxiCi.exe
2644	yRgUXNJ.exe
2316	WqkirWn.exe
2924	cinbxrc.exe
1772	puzoElK.exe
1316	RnLdQjt.exe
1768	OKUnYcY.exe
1160	llJLZoI.exe
2848	vDmjyJX.exe
2344	ebosWNZ.exe
2136	QOSEAxV.exe
1132	CJqUmTM.exe
536	flpMZMt.exe
304	mIRcfVK.exe
2320	sSllHjW.exe
2156	esuytgS.exe
444	FSjhiQZ.exe
2956	ZeOxnNS.exe
2064	mKPeiDw.exe
2248	tZrKcsa.exe
3028	UQHEIaa.exe
2968	bJBOpoG.exe
2896	miQqvLA.exe
824	bxGVytY.exe
1852	nbYWvIj.exe
356	UDhPnJx.exe
940	XQoGKBY.exe
1140	EIQiiYX.exe
1640	gNoPoJN.exe
1336	ZkadcuC.exe
1092	bAMZdqR.exe
2352	PXTKcAl.exe
1960	wIJEdAD.exe
1264	wqoivRE.exe
396	zQeoKSO.exe
2096	BUnxvOG.exe
2220	zrOLGuY.exe
2232	QXyXwIe.exe
2636	grXjqPh.exe
2312	GtUJUpz.exe
2128	PJIHzCH.exe
2228	IrXqzdu.exe
2268	EVbOPOL.exe
1044	dBoNeEx.exe
876	gVzTjoQ.exe
2900	LoQgvgs.exe
2004	cZdNntO.exe
1576	BARuxiL.exe
2700	ZWJPWxb.exe
2760	fmtXUvW.exe
2796	DwXmksx.exe
2916	ZMHsuqv.exe
2180	plqCHAl.exe
2600	XDPilLC.exe
2568	lRHBWbN.exe
2056	TBsfJsj.exe
2652	bNZksuQ.exe

Loads dropped DLL 64 IoCs

pid	Process
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2364-0-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x000b000000012282-3.dat	upx
behavioral1/memory/2704-8-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x00080000000173f4-9.dat	upx
behavioral1/memory/2788-13-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x0007000000017472-11.dat	upx
behavioral1/memory/2688-20-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x0007000000017487-22.dat	upx
behavioral1/memory/2580-27-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2364-25-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/1236-35-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2364-34-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x003600000001706d-32.dat	upx
behavioral1/files/0x00070000000174a2-36.dat	upx
behavioral1/memory/2704-42-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2556-43-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2632-52-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2688-71-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x000500000001928c-81.dat	upx
behavioral1/files/0x0005000000019259-70.dat	upx
behavioral1/files/0x0017000000018663-69.dat	upx
behavioral1/files/0x0005000000019266-67.dat	upx
behavioral1/files/0x0005000000019356-113.dat	upx
behavioral1/files/0x00050000000193a5-131.dat	upx
behavioral1/files/0x0005000000019442-153.dat	upx
behavioral1/memory/1768-1104-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/1316-1001-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/1772-905-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2632-533-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2556-320-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x00050000000194df-193.dat	upx
behavioral1/files/0x00050000000194c9-188.dat	upx
behavioral1/files/0x00050000000194ae-183.dat	upx
behavioral1/files/0x000500000001946e-178.dat	upx
behavioral1/files/0x000500000001946b-173.dat	upx
behavioral1/files/0x000500000001945c-168.dat	upx
behavioral1/files/0x0005000000019458-163.dat	upx
behavioral1/files/0x000500000001944d-158.dat	upx
behavioral1/files/0x0005000000019438-148.dat	upx
behavioral1/files/0x0005000000019426-143.dat	upx
behavioral1/files/0x0005000000019423-138.dat	upx
behavioral1/files/0x0005000000019397-128.dat	upx
behavioral1/files/0x000500000001937b-123.dat	upx
behavioral1/files/0x000500000001936b-118.dat	upx
behavioral1/files/0x0005000000019353-109.dat	upx
behavioral1/memory/1768-107-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/1236-106-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x0005000000019284-105.dat	upx
behavioral1/memory/1316-102-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x0005000000019263-101.dat	upx
behavioral1/memory/1772-100-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2580-99-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x000f00000001866e-98.dat	upx
behavioral1/memory/2924-97-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2316-95-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2644-89-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2384-88-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2788-51-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x0007000000017525-50.dat	upx
behavioral1/memory/2704-3421-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2788-3434-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2688-3461-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2580-3498-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/1236-3531-0x000000013F900000-0x000000013FC54000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YGewxCZ.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\llJLZoI.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZQKDyQV.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XZxwmXW.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hjlvdMC.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WzJQSCL.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LWRIbEe.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yptxrKr.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VaOITur.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IOFPXtZ.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rzZamRQ.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfLjToz.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UegMaKB.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gwcsNKY.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IDAsTWC.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sAmgzEu.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FQYaHqz.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JBbsfDw.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LflzmEr.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JBpwYxW.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jaIxAVw.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yhExARz.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PYMOtuF.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YvhOmYF.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IICgCIF.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxhFnxN.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXcADPa.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jldFDvB.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RUmWPht.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YscZGvX.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GCTouuu.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yXMZgNq.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMoaqWE.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XwWWdUz.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HoFGmZF.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PkkrAnx.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mpQGszA.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PJlTKuY.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJVHzYs.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oPsxfpE.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GwxcInf.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xIvNLsh.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PHpwhXJ.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHzvtmi.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xiMMDaQ.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dmjUuRt.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EIoGKIy.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHofxJa.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNjlNBD.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xCvSEGu.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\peBCzBn.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UbIhUvZ.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UqQantS.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZMteFe.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuisYDt.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lOLxkJf.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lFNLBWi.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WORSkQt.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GRgjMhW.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbTKMrW.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdeyoSZ.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFAlVKK.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\twKtidN.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iqxYwVZ.exe	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2704	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2364 wrote to memory of 2704	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2364 wrote to memory of 2704	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2364 wrote to memory of 2788	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2364 wrote to memory of 2788	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2364 wrote to memory of 2788	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2364 wrote to memory of 2688	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2364 wrote to memory of 2688	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2364 wrote to memory of 2688	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2364 wrote to memory of 2580	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2364 wrote to memory of 2580	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2364 wrote to memory of 2580	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2364 wrote to memory of 1236	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2364 wrote to memory of 1236	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2364 wrote to memory of 1236	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2364 wrote to memory of 2556	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2364 wrote to memory of 2556	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2364 wrote to memory of 2556	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2364 wrote to memory of 2632	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2364 wrote to memory of 2632	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2364 wrote to memory of 2632	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2364 wrote to memory of 2384	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2364 wrote to memory of 2384	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2364 wrote to memory of 2384	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2364 wrote to memory of 1772	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2364 wrote to memory of 1772	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2364 wrote to memory of 1772	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2364 wrote to memory of 2644	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2364 wrote to memory of 2644	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2364 wrote to memory of 2644	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2364 wrote to memory of 1316	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2364 wrote to memory of 1316	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2364 wrote to memory of 1316	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2364 wrote to memory of 2316	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2364 wrote to memory of 2316	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2364 wrote to memory of 2316	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2364 wrote to memory of 1768	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2364 wrote to memory of 1768	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2364 wrote to memory of 1768	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2364 wrote to memory of 2924	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2364 wrote to memory of 2924	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2364 wrote to memory of 2924	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2364 wrote to memory of 1160	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2364 wrote to memory of 1160	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2364 wrote to memory of 1160	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2364 wrote to memory of 2848	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2364 wrote to memory of 2848	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2364 wrote to memory of 2848	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2364 wrote to memory of 2344	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2364 wrote to memory of 2344	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2364 wrote to memory of 2344	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2364 wrote to memory of 2136	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2364 wrote to memory of 2136	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2364 wrote to memory of 2136	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2364 wrote to memory of 1132	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2364 wrote to memory of 1132	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2364 wrote to memory of 1132	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2364 wrote to memory of 536	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2364 wrote to memory of 536	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2364 wrote to memory of 536	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2364 wrote to memory of 304	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2364 wrote to memory of 304	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2364 wrote to memory of 304	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2364 wrote to memory of 2320	2364	2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_8801d335d289070c0cd46f9ae97c4c60_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\System\lOItHWY.exe
  C:\Windows\System\lOItHWY.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\UFLUvIy.exe
  C:\Windows\System\UFLUvIy.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\TqHSzAI.exe
  C:\Windows\System\TqHSzAI.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\KKdkgzg.exe
  C:\Windows\System\KKdkgzg.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\ZrzvwZt.exe
  C:\Windows\System\ZrzvwZt.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\AlnZSkB.exe
  C:\Windows\System\AlnZSkB.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\WozlNuB.exe
  C:\Windows\System\WozlNuB.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\FVHxiCi.exe
  C:\Windows\System\FVHxiCi.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\puzoElK.exe
  C:\Windows\System\puzoElK.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\yRgUXNJ.exe
  C:\Windows\System\yRgUXNJ.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\RnLdQjt.exe
  C:\Windows\System\RnLdQjt.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\WqkirWn.exe
  C:\Windows\System\WqkirWn.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\OKUnYcY.exe
  C:\Windows\System\OKUnYcY.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\cinbxrc.exe
  C:\Windows\System\cinbxrc.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\llJLZoI.exe
  C:\Windows\System\llJLZoI.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\vDmjyJX.exe
  C:\Windows\System\vDmjyJX.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\ebosWNZ.exe
  C:\Windows\System\ebosWNZ.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\QOSEAxV.exe
  C:\Windows\System\QOSEAxV.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\CJqUmTM.exe
  C:\Windows\System\CJqUmTM.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\flpMZMt.exe
  C:\Windows\System\flpMZMt.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\mIRcfVK.exe
  C:\Windows\System\mIRcfVK.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\sSllHjW.exe
  C:\Windows\System\sSllHjW.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\esuytgS.exe
  C:\Windows\System\esuytgS.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\FSjhiQZ.exe
  C:\Windows\System\FSjhiQZ.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\ZeOxnNS.exe
  C:\Windows\System\ZeOxnNS.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\mKPeiDw.exe
  C:\Windows\System\mKPeiDw.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\tZrKcsa.exe
  C:\Windows\System\tZrKcsa.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\UQHEIaa.exe
  C:\Windows\System\UQHEIaa.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\bJBOpoG.exe
  C:\Windows\System\bJBOpoG.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\miQqvLA.exe
  C:\Windows\System\miQqvLA.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\bxGVytY.exe
  C:\Windows\System\bxGVytY.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\nbYWvIj.exe
  C:\Windows\System\nbYWvIj.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\UDhPnJx.exe
  C:\Windows\System\UDhPnJx.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\XQoGKBY.exe
  C:\Windows\System\XQoGKBY.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\EIQiiYX.exe
  C:\Windows\System\EIQiiYX.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\gNoPoJN.exe
  C:\Windows\System\gNoPoJN.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\ZkadcuC.exe
  C:\Windows\System\ZkadcuC.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\bAMZdqR.exe
  C:\Windows\System\bAMZdqR.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\PXTKcAl.exe
  C:\Windows\System\PXTKcAl.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\wIJEdAD.exe
  C:\Windows\System\wIJEdAD.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\wqoivRE.exe
  C:\Windows\System\wqoivRE.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\zQeoKSO.exe
  C:\Windows\System\zQeoKSO.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\BUnxvOG.exe
  C:\Windows\System\BUnxvOG.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\zrOLGuY.exe
  C:\Windows\System\zrOLGuY.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\QXyXwIe.exe
  C:\Windows\System\QXyXwIe.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\grXjqPh.exe
  C:\Windows\System\grXjqPh.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\GtUJUpz.exe
  C:\Windows\System\GtUJUpz.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\PJIHzCH.exe
  C:\Windows\System\PJIHzCH.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\IrXqzdu.exe
  C:\Windows\System\IrXqzdu.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\EVbOPOL.exe
  C:\Windows\System\EVbOPOL.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\dBoNeEx.exe
  C:\Windows\System\dBoNeEx.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\gVzTjoQ.exe
  C:\Windows\System\gVzTjoQ.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\LoQgvgs.exe
  C:\Windows\System\LoQgvgs.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\cZdNntO.exe
  C:\Windows\System\cZdNntO.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\BARuxiL.exe
  C:\Windows\System\BARuxiL.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\ZWJPWxb.exe
  C:\Windows\System\ZWJPWxb.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\fmtXUvW.exe
  C:\Windows\System\fmtXUvW.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\DwXmksx.exe
  C:\Windows\System\DwXmksx.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\ZMHsuqv.exe
  C:\Windows\System\ZMHsuqv.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\plqCHAl.exe
  C:\Windows\System\plqCHAl.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\XDPilLC.exe
  C:\Windows\System\XDPilLC.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\lRHBWbN.exe
  C:\Windows\System\lRHBWbN.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\TBsfJsj.exe
  C:\Windows\System\TBsfJsj.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\bNZksuQ.exe
  C:\Windows\System\bNZksuQ.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\ESUjKUz.exe
  C:\Windows\System\ESUjKUz.exe
  2⤵
  PID:2720
- C:\Windows\System\YmiBLmt.exe
  C:\Windows\System\YmiBLmt.exe
  2⤵
  PID:2008
- C:\Windows\System\LyCvudJ.exe
  C:\Windows\System\LyCvudJ.exe
  2⤵
  PID:744
- C:\Windows\System\mYhyeeY.exe
  C:\Windows\System\mYhyeeY.exe
  2⤵
  PID:2260
- C:\Windows\System\UcyUxby.exe
  C:\Windows\System\UcyUxby.exe
  2⤵
  PID:2336
- C:\Windows\System\FPndzzu.exe
  C:\Windows\System\FPndzzu.exe
  2⤵
  PID:2144
- C:\Windows\System\XIxLcit.exe
  C:\Windows\System\XIxLcit.exe
  2⤵
  PID:2020
- C:\Windows\System\YUxKAzd.exe
  C:\Windows\System\YUxKAzd.exe
  2⤵
  PID:1808
- C:\Windows\System\LvZVtWD.exe
  C:\Windows\System\LvZVtWD.exe
  2⤵
  PID:2348
- C:\Windows\System\MMqRoso.exe
  C:\Windows\System\MMqRoso.exe
  2⤵
  PID:2952
- C:\Windows\System\PLQOXLy.exe
  C:\Windows\System\PLQOXLy.exe
  2⤵
  PID:1488
- C:\Windows\System\gLJNCpx.exe
  C:\Windows\System\gLJNCpx.exe
  2⤵
  PID:3044
- C:\Windows\System\ReBkBoE.exe
  C:\Windows\System\ReBkBoE.exe
  2⤵
  PID:2996
- C:\Windows\System\Gpzdbfj.exe
  C:\Windows\System\Gpzdbfj.exe
  2⤵
  PID:2436
- C:\Windows\System\SjvWXlR.exe
  C:\Windows\System\SjvWXlR.exe
  2⤵
  PID:988
- C:\Windows\System\OxwyzwL.exe
  C:\Windows\System\OxwyzwL.exe
  2⤵
  PID:2284
- C:\Windows\System\vTsnBnO.exe
  C:\Windows\System\vTsnBnO.exe
  2⤵
  PID:1672
- C:\Windows\System\NPDDKAU.exe
  C:\Windows\System\NPDDKAU.exe
  2⤵
  PID:1792
- C:\Windows\System\JUBVaTj.exe
  C:\Windows\System\JUBVaTj.exe
  2⤵
  PID:2884
- C:\Windows\System\qdiBtdV.exe
  C:\Windows\System\qdiBtdV.exe
  2⤵
  PID:1536
- C:\Windows\System\MYteesS.exe
  C:\Windows\System\MYteesS.exe
  2⤵
  PID:2116
- C:\Windows\System\udkSUSh.exe
  C:\Windows\System\udkSUSh.exe
  2⤵
  PID:2368
- C:\Windows\System\twBrYip.exe
  C:\Windows\System\twBrYip.exe
  2⤵
  PID:2416
- C:\Windows\System\sCrvDul.exe
  C:\Windows\System\sCrvDul.exe
  2⤵
  PID:2920
- C:\Windows\System\ZotAgMb.exe
  C:\Windows\System\ZotAgMb.exe
  2⤵
  PID:1000
- C:\Windows\System\NDzyedp.exe
  C:\Windows\System\NDzyedp.exe
  2⤵
  PID:1736
- C:\Windows\System\gAcPHGc.exe
  C:\Windows\System\gAcPHGc.exe
  2⤵
  PID:2332
- C:\Windows\System\PmEVJDP.exe
  C:\Windows\System\PmEVJDP.exe
  2⤵
  PID:2912
- C:\Windows\System\TKvdYBv.exe
  C:\Windows\System\TKvdYBv.exe
  2⤵
  PID:2752
- C:\Windows\System\WekDehC.exe
  C:\Windows\System\WekDehC.exe
  2⤵
  PID:2768
- C:\Windows\System\OTkePXL.exe
  C:\Windows\System\OTkePXL.exe
  2⤵
  PID:2744
- C:\Windows\System\lZjalzv.exe
  C:\Windows\System\lZjalzv.exe
  2⤵
  PID:2092
- C:\Windows\System\sluKImK.exe
  C:\Windows\System\sluKImK.exe
  2⤵
  PID:2196
- C:\Windows\System\dXhpFPd.exe
  C:\Windows\System\dXhpFPd.exe
  2⤵
  PID:2460
- C:\Windows\System\ioVgMuz.exe
  C:\Windows\System\ioVgMuz.exe
  2⤵
  PID:1796
- C:\Windows\System\QOxaEnT.exe
  C:\Windows\System\QOxaEnT.exe
  2⤵
  PID:2840
- C:\Windows\System\UKJiezk.exe
  C:\Windows\System\UKJiezk.exe
  2⤵
  PID:320
- C:\Windows\System\sawdETw.exe
  C:\Windows\System\sawdETw.exe
  2⤵
  PID:2692
- C:\Windows\System\yqJbhyx.exe
  C:\Windows\System\yqJbhyx.exe
  2⤵
  PID:632
- C:\Windows\System\xaYSCdl.exe
  C:\Windows\System\xaYSCdl.exe
  2⤵
  PID:1404
- C:\Windows\System\YIdCjcF.exe
  C:\Windows\System\YIdCjcF.exe
  2⤵
  PID:828
- C:\Windows\System\tJwtcTu.exe
  C:\Windows\System\tJwtcTu.exe
  2⤵
  PID:696
- C:\Windows\System\eOhDogo.exe
  C:\Windows\System\eOhDogo.exe
  2⤵
  PID:2940
- C:\Windows\System\rMaVNLy.exe
  C:\Windows\System\rMaVNLy.exe
  2⤵
  PID:3000
- C:\Windows\System\BCRCHkx.exe
  C:\Windows\System\BCRCHkx.exe
  2⤵
  PID:2164
- C:\Windows\System\BCygUkY.exe
  C:\Windows\System\BCygUkY.exe
  2⤵
  PID:2376
- C:\Windows\System\MWjdria.exe
  C:\Windows\System\MWjdria.exe
  2⤵
  PID:772
- C:\Windows\System\ZJufJfw.exe
  C:\Windows\System\ZJufJfw.exe
  2⤵
  PID:2240
- C:\Windows\System\xtMKHfE.exe
  C:\Windows\System\xtMKHfE.exe
  2⤵
  PID:2288
- C:\Windows\System\qmCDsZC.exe
  C:\Windows\System\qmCDsZC.exe
  2⤵
  PID:2764
- C:\Windows\System\tgNrkdI.exe
  C:\Windows\System\tgNrkdI.exe
  2⤵
  PID:2708
- C:\Windows\System\PQmRdQR.exe
  C:\Windows\System\PQmRdQR.exe
  2⤵
  PID:2808
- C:\Windows\System\QBZBCZi.exe
  C:\Windows\System\QBZBCZi.exe
  2⤵
  PID:1484
- C:\Windows\System\TaEihcP.exe
  C:\Windows\System\TaEihcP.exe
  2⤵
  PID:2844
- C:\Windows\System\nRIhsVi.exe
  C:\Windows\System\nRIhsVi.exe
  2⤵
  PID:1920
- C:\Windows\System\utrfJYK.exe
  C:\Windows\System\utrfJYK.exe
  2⤵
  PID:2208
- C:\Windows\System\iUOBNPj.exe
  C:\Windows\System\iUOBNPj.exe
  2⤵
  PID:1512
- C:\Windows\System\JaTVdYv.exe
  C:\Windows\System\JaTVdYv.exe
  2⤵
  PID:1620
- C:\Windows\System\bYHERHO.exe
  C:\Windows\System\bYHERHO.exe
  2⤵
  PID:3068
- C:\Windows\System\HvaCOmq.exe
  C:\Windows\System\HvaCOmq.exe
  2⤵
  PID:340
- C:\Windows\System\LLvzqRV.exe
  C:\Windows\System\LLvzqRV.exe
  2⤵
  PID:3092
- C:\Windows\System\MRbQMyf.exe
  C:\Windows\System\MRbQMyf.exe
  2⤵
  PID:3112
- C:\Windows\System\StapExA.exe
  C:\Windows\System\StapExA.exe
  2⤵
  PID:3132
- C:\Windows\System\gcFsHnZ.exe
  C:\Windows\System\gcFsHnZ.exe
  2⤵
  PID:3152
- C:\Windows\System\xLimwMu.exe
  C:\Windows\System\xLimwMu.exe
  2⤵
  PID:3172
- C:\Windows\System\goBegoC.exe
  C:\Windows\System\goBegoC.exe
  2⤵
  PID:3192
- C:\Windows\System\XxlrjGV.exe
  C:\Windows\System\XxlrjGV.exe
  2⤵
  PID:3212
- C:\Windows\System\jPjGsLD.exe
  C:\Windows\System\jPjGsLD.exe
  2⤵
  PID:3232
- C:\Windows\System\qfRQsCV.exe
  C:\Windows\System\qfRQsCV.exe
  2⤵
  PID:3256
- C:\Windows\System\rPAGnLf.exe
  C:\Windows\System\rPAGnLf.exe
  2⤵
  PID:3276
- C:\Windows\System\ZXWHxge.exe
  C:\Windows\System\ZXWHxge.exe
  2⤵
  PID:3296
- C:\Windows\System\nebGcmi.exe
  C:\Windows\System\nebGcmi.exe
  2⤵
  PID:3316
- C:\Windows\System\OQZIEWd.exe
  C:\Windows\System\OQZIEWd.exe
  2⤵
  PID:3336
- C:\Windows\System\dufqqwo.exe
  C:\Windows\System\dufqqwo.exe
  2⤵
  PID:3356
- C:\Windows\System\InmDAQZ.exe
  C:\Windows\System\InmDAQZ.exe
  2⤵
  PID:3376
- C:\Windows\System\WwAJpPn.exe
  C:\Windows\System\WwAJpPn.exe
  2⤵
  PID:3396
- C:\Windows\System\AJJFzJi.exe
  C:\Windows\System\AJJFzJi.exe
  2⤵
  PID:3416
- C:\Windows\System\dMdgoOm.exe
  C:\Windows\System\dMdgoOm.exe
  2⤵
  PID:3436
- C:\Windows\System\tCTTIRq.exe
  C:\Windows\System\tCTTIRq.exe
  2⤵
  PID:3456
- C:\Windows\System\ANnBVPq.exe
  C:\Windows\System\ANnBVPq.exe
  2⤵
  PID:3476
- C:\Windows\System\JQxAqxW.exe
  C:\Windows\System\JQxAqxW.exe
  2⤵
  PID:3504
- C:\Windows\System\oGMaxcZ.exe
  C:\Windows\System\oGMaxcZ.exe
  2⤵
  PID:3524
- C:\Windows\System\rxlZCMB.exe
  C:\Windows\System\rxlZCMB.exe
  2⤵
  PID:3544
- C:\Windows\System\yXmwARR.exe
  C:\Windows\System\yXmwARR.exe
  2⤵
  PID:3564
- C:\Windows\System\tHaTVXF.exe
  C:\Windows\System\tHaTVXF.exe
  2⤵
  PID:3584
- C:\Windows\System\dMRlMDE.exe
  C:\Windows\System\dMRlMDE.exe
  2⤵
  PID:3604
- C:\Windows\System\GReduKZ.exe
  C:\Windows\System\GReduKZ.exe
  2⤵
  PID:3624
- C:\Windows\System\ydPplSm.exe
  C:\Windows\System\ydPplSm.exe
  2⤵
  PID:3644
- C:\Windows\System\ybtmIRH.exe
  C:\Windows\System\ybtmIRH.exe
  2⤵
  PID:3664
- C:\Windows\System\XTgNfOL.exe
  C:\Windows\System\XTgNfOL.exe
  2⤵
  PID:3684
- C:\Windows\System\pdZHTtd.exe
  C:\Windows\System\pdZHTtd.exe
  2⤵
  PID:3704
- C:\Windows\System\sRAAAqf.exe
  C:\Windows\System\sRAAAqf.exe
  2⤵
  PID:3724
- C:\Windows\System\xBmcMbx.exe
  C:\Windows\System\xBmcMbx.exe
  2⤵
  PID:3744
- C:\Windows\System\MbjlfWk.exe
  C:\Windows\System\MbjlfWk.exe
  2⤵
  PID:3764
- C:\Windows\System\CqYUsXC.exe
  C:\Windows\System\CqYUsXC.exe
  2⤵
  PID:3784
- C:\Windows\System\ppSedeZ.exe
  C:\Windows\System\ppSedeZ.exe
  2⤵
  PID:3804
- C:\Windows\System\WwJHzOH.exe
  C:\Windows\System\WwJHzOH.exe
  2⤵
  PID:3824
- C:\Windows\System\OZaLtxF.exe
  C:\Windows\System\OZaLtxF.exe
  2⤵
  PID:3844
- C:\Windows\System\LqTinQO.exe
  C:\Windows\System\LqTinQO.exe
  2⤵
  PID:3864
- C:\Windows\System\iMkqXXV.exe
  C:\Windows\System\iMkqXXV.exe
  2⤵
  PID:3884
- C:\Windows\System\eGVuZIp.exe
  C:\Windows\System\eGVuZIp.exe
  2⤵
  PID:3904
- C:\Windows\System\TTbTdLD.exe
  C:\Windows\System\TTbTdLD.exe
  2⤵
  PID:3924
- C:\Windows\System\zTdOOGG.exe
  C:\Windows\System\zTdOOGG.exe
  2⤵
  PID:3944
- C:\Windows\System\ZMMsBoZ.exe
  C:\Windows\System\ZMMsBoZ.exe
  2⤵
  PID:3964
- C:\Windows\System\aNYoKJX.exe
  C:\Windows\System\aNYoKJX.exe
  2⤵
  PID:3984
- C:\Windows\System\GYRFGJM.exe
  C:\Windows\System\GYRFGJM.exe
  2⤵
  PID:4004
- C:\Windows\System\rHzIxHM.exe
  C:\Windows\System\rHzIxHM.exe
  2⤵
  PID:4024
- C:\Windows\System\xiMMDaQ.exe
  C:\Windows\System\xiMMDaQ.exe
  2⤵
  PID:4044
- C:\Windows\System\xMXQIJm.exe
  C:\Windows\System\xMXQIJm.exe
  2⤵
  PID:4064
- C:\Windows\System\vyrSAxe.exe
  C:\Windows\System\vyrSAxe.exe
  2⤵
  PID:4084
- C:\Windows\System\DLhHiRF.exe
  C:\Windows\System\DLhHiRF.exe
  2⤵
  PID:1872
- C:\Windows\System\SOtiHsE.exe
  C:\Windows\System\SOtiHsE.exe
  2⤵
  PID:908
- C:\Windows\System\Dwrsygv.exe
  C:\Windows\System\Dwrsygv.exe
  2⤵
  PID:2684
- C:\Windows\System\HYxQScy.exe
  C:\Windows\System\HYxQScy.exe
  2⤵
  PID:2672
- C:\Windows\System\tpfxfiF.exe
  C:\Windows\System\tpfxfiF.exe
  2⤵
  PID:2836
- C:\Windows\System\IHOhtIr.exe
  C:\Windows\System\IHOhtIr.exe
  2⤵
  PID:904
- C:\Windows\System\RFxzzKG.exe
  C:\Windows\System\RFxzzKG.exe
  2⤵
  PID:2980
- C:\Windows\System\iUbujcI.exe
  C:\Windows\System\iUbujcI.exe
  2⤵
  PID:848
- C:\Windows\System\WWIWtrG.exe
  C:\Windows\System\WWIWtrG.exe
  2⤵
  PID:1524
- C:\Windows\System\aHZzCML.exe
  C:\Windows\System\aHZzCML.exe
  2⤵
  PID:3100
- C:\Windows\System\WbxCNSU.exe
  C:\Windows\System\WbxCNSU.exe
  2⤵
  PID:3140
- C:\Windows\System\GjgpCUi.exe
  C:\Windows\System\GjgpCUi.exe
  2⤵
  PID:3144
- C:\Windows\System\gqoIuYM.exe
  C:\Windows\System\gqoIuYM.exe
  2⤵
  PID:3208
- C:\Windows\System\XSlPlLr.exe
  C:\Windows\System\XSlPlLr.exe
  2⤵
  PID:3220
- C:\Windows\System\Hxczpsz.exe
  C:\Windows\System\Hxczpsz.exe
  2⤵
  PID:3272
- C:\Windows\System\kegxtsR.exe
  C:\Windows\System\kegxtsR.exe
  2⤵
  PID:3312
- C:\Windows\System\KqnUHhh.exe
  C:\Windows\System\KqnUHhh.exe
  2⤵
  PID:3364
- C:\Windows\System\QVkwfIk.exe
  C:\Windows\System\QVkwfIk.exe
  2⤵
  PID:3348
- C:\Windows\System\fgvXJgZ.exe
  C:\Windows\System\fgvXJgZ.exe
  2⤵
  PID:3388
- C:\Windows\System\nGEamPp.exe
  C:\Windows\System\nGEamPp.exe
  2⤵
  PID:3432
- C:\Windows\System\eXFGkde.exe
  C:\Windows\System\eXFGkde.exe
  2⤵
  PID:3472
- C:\Windows\System\VrsfMjD.exe
  C:\Windows\System\VrsfMjD.exe
  2⤵
  PID:3532
- C:\Windows\System\AgMZzmX.exe
  C:\Windows\System\AgMZzmX.exe
  2⤵
  PID:3572
- C:\Windows\System\bXQNiLx.exe
  C:\Windows\System\bXQNiLx.exe
  2⤵
  PID:3576
- C:\Windows\System\wYFYxaK.exe
  C:\Windows\System\wYFYxaK.exe
  2⤵
  PID:3596
- C:\Windows\System\hrNxlAR.exe
  C:\Windows\System\hrNxlAR.exe
  2⤵
  PID:3652
- C:\Windows\System\WjjVDQC.exe
  C:\Windows\System\WjjVDQC.exe
  2⤵
  PID:3680
- C:\Windows\System\KeliRkH.exe
  C:\Windows\System\KeliRkH.exe
  2⤵
  PID:3712
- C:\Windows\System\sJwQeNC.exe
  C:\Windows\System\sJwQeNC.exe
  2⤵
  PID:3736
- C:\Windows\System\SeBbPHd.exe
  C:\Windows\System\SeBbPHd.exe
  2⤵
  PID:3756
- C:\Windows\System\euWRCWe.exe
  C:\Windows\System\euWRCWe.exe
  2⤵
  PID:3812
- C:\Windows\System\SIxBMoJ.exe
  C:\Windows\System\SIxBMoJ.exe
  2⤵
  PID:3836
- C:\Windows\System\ERuSkXQ.exe
  C:\Windows\System\ERuSkXQ.exe
  2⤵
  PID:3880
- C:\Windows\System\pwdQsiW.exe
  C:\Windows\System\pwdQsiW.exe
  2⤵
  PID:3932
- C:\Windows\System\ACRjrMj.exe
  C:\Windows\System\ACRjrMj.exe
  2⤵
  PID:3916
- C:\Windows\System\ycVoCjh.exe
  C:\Windows\System\ycVoCjh.exe
  2⤵
  PID:3980
- C:\Windows\System\vegosuC.exe
  C:\Windows\System\vegosuC.exe
  2⤵
  PID:4012
- C:\Windows\System\bBDAjMA.exe
  C:\Windows\System\bBDAjMA.exe
  2⤵
  PID:4060
- C:\Windows\System\xEOwWHW.exe
  C:\Windows\System\xEOwWHW.exe
  2⤵
  PID:4092
- C:\Windows\System\mkIpHjr.exe
  C:\Windows\System\mkIpHjr.exe
  2⤵
  PID:2816
- C:\Windows\System\rTmUcRp.exe
  C:\Windows\System\rTmUcRp.exe
  2⤵
  PID:564
- C:\Windows\System\wCTWEGq.exe
  C:\Windows\System\wCTWEGq.exe
  2⤵
  PID:2668
- C:\Windows\System\MaTFMtQ.exe
  C:\Windows\System\MaTFMtQ.exe
  2⤵
  PID:2428
- C:\Windows\System\IxFMWxU.exe
  C:\Windows\System\IxFMWxU.exe
  2⤵
  PID:3080
- C:\Windows\System\ONibIYL.exe
  C:\Windows\System\ONibIYL.exe
  2⤵
  PID:3084
- C:\Windows\System\rANMmkE.exe
  C:\Windows\System\rANMmkE.exe
  2⤵
  PID:3200
- C:\Windows\System\bfRahKS.exe
  C:\Windows\System\bfRahKS.exe
  2⤵
  PID:3224
- C:\Windows\System\nnnYEte.exe
  C:\Windows\System\nnnYEte.exe
  2⤵
  PID:3284
- C:\Windows\System\nKCtECi.exe
  C:\Windows\System\nKCtECi.exe
  2⤵
  PID:3288
- C:\Windows\System\ZshCxKd.exe
  C:\Windows\System\ZshCxKd.exe
  2⤵
  PID:2408
- C:\Windows\System\UEzImZw.exe
  C:\Windows\System\UEzImZw.exe
  2⤵
  PID:3452
- C:\Windows\System\CiLiltT.exe
  C:\Windows\System\CiLiltT.exe
  2⤵
  PID:3492
- C:\Windows\System\IDAsTWC.exe
  C:\Windows\System\IDAsTWC.exe
  2⤵
  PID:3540
- C:\Windows\System\keVsZzW.exe
  C:\Windows\System\keVsZzW.exe
  2⤵
  PID:3580
- C:\Windows\System\cZszOmr.exe
  C:\Windows\System\cZszOmr.exe
  2⤵
  PID:3640
- C:\Windows\System\bxnfimf.exe
  C:\Windows\System\bxnfimf.exe
  2⤵
  PID:2792
- C:\Windows\System\FXrWWkH.exe
  C:\Windows\System\FXrWWkH.exe
  2⤵
  PID:3732
- C:\Windows\System\JMAxQTb.exe
  C:\Windows\System\JMAxQTb.exe
  2⤵
  PID:3800
- C:\Windows\System\UopTgYQ.exe
  C:\Windows\System\UopTgYQ.exe
  2⤵
  PID:3816
- C:\Windows\System\uKLVWwY.exe
  C:\Windows\System\uKLVWwY.exe
  2⤵
  PID:3936
- C:\Windows\System\HqVlfCC.exe
  C:\Windows\System\HqVlfCC.exe
  2⤵
  PID:3972
- C:\Windows\System\bpoFMQW.exe
  C:\Windows\System\bpoFMQW.exe
  2⤵
  PID:4040
- C:\Windows\System\tNurBHF.exe
  C:\Windows\System\tNurBHF.exe
  2⤵
  PID:4036
- C:\Windows\System\iaWmMvJ.exe
  C:\Windows\System\iaWmMvJ.exe
  2⤵
  PID:2504
- C:\Windows\System\IYEnnzF.exe
  C:\Windows\System\IYEnnzF.exe
  2⤵
  PID:2024
- C:\Windows\System\XzvAryW.exe
  C:\Windows\System\XzvAryW.exe
  2⤵
  PID:1508
- C:\Windows\System\zccbpni.exe
  C:\Windows\System\zccbpni.exe
  2⤵
  PID:3164
- C:\Windows\System\raAkdFx.exe
  C:\Windows\System\raAkdFx.exe
  2⤵
  PID:3264
- C:\Windows\System\rQxmUwU.exe
  C:\Windows\System\rQxmUwU.exe
  2⤵
  PID:3344
- C:\Windows\System\ynFuJJZ.exe
  C:\Windows\System\ynFuJJZ.exe
  2⤵
  PID:3464
- C:\Windows\System\xgRcYxw.exe
  C:\Windows\System\xgRcYxw.exe
  2⤵
  PID:3516
- C:\Windows\System\nivrbEN.exe
  C:\Windows\System\nivrbEN.exe
  2⤵
  PID:3616
- C:\Windows\System\GUXYeLi.exe
  C:\Windows\System\GUXYeLi.exe
  2⤵
  PID:3700
- C:\Windows\System\FAzeHEl.exe
  C:\Windows\System\FAzeHEl.exe
  2⤵
  PID:3792
- C:\Windows\System\PDfLMjA.exe
  C:\Windows\System\PDfLMjA.exe
  2⤵
  PID:3832
- C:\Windows\System\rqNrFcY.exe
  C:\Windows\System\rqNrFcY.exe
  2⤵
  PID:3912
- C:\Windows\System\McJoQFL.exe
  C:\Windows\System\McJoQFL.exe
  2⤵
  PID:3996
- C:\Windows\System\nSWGjuw.exe
  C:\Windows\System\nSWGjuw.exe
  2⤵
  PID:2620
- C:\Windows\System\CjBItLC.exe
  C:\Windows\System\CjBItLC.exe
  2⤵
  PID:2108
- C:\Windows\System\FboPlYL.exe
  C:\Windows\System\FboPlYL.exe
  2⤵
  PID:3148
- C:\Windows\System\QYDJIDn.exe
  C:\Windows\System\QYDJIDn.exe
  2⤵
  PID:4104
- C:\Windows\System\vpDjUix.exe
  C:\Windows\System\vpDjUix.exe
  2⤵
  PID:4124
- C:\Windows\System\RGimZdk.exe
  C:\Windows\System\RGimZdk.exe
  2⤵
  PID:4144
- C:\Windows\System\sOfCuye.exe
  C:\Windows\System\sOfCuye.exe
  2⤵
  PID:4164
- C:\Windows\System\MPxCvcG.exe
  C:\Windows\System\MPxCvcG.exe
  2⤵
  PID:4184
- C:\Windows\System\AbWdQer.exe
  C:\Windows\System\AbWdQer.exe
  2⤵
  PID:4204
- C:\Windows\System\FZIFASW.exe
  C:\Windows\System\FZIFASW.exe
  2⤵
  PID:4224
- C:\Windows\System\nfddlxi.exe
  C:\Windows\System\nfddlxi.exe
  2⤵
  PID:4244
- C:\Windows\System\xtXDluL.exe
  C:\Windows\System\xtXDluL.exe
  2⤵
  PID:4264
- C:\Windows\System\JyjEfAi.exe
  C:\Windows\System\JyjEfAi.exe
  2⤵
  PID:4284
- C:\Windows\System\cZjfVZs.exe
  C:\Windows\System\cZjfVZs.exe
  2⤵
  PID:4304
- C:\Windows\System\dKjapFV.exe
  C:\Windows\System\dKjapFV.exe
  2⤵
  PID:4324
- C:\Windows\System\TSStBjF.exe
  C:\Windows\System\TSStBjF.exe
  2⤵
  PID:4344
- C:\Windows\System\jVlGbOj.exe
  C:\Windows\System\jVlGbOj.exe
  2⤵
  PID:4368
- C:\Windows\System\XuHVSYo.exe
  C:\Windows\System\XuHVSYo.exe
  2⤵
  PID:4388
- C:\Windows\System\UwHovEA.exe
  C:\Windows\System\UwHovEA.exe
  2⤵
  PID:4408
- C:\Windows\System\VZXXTwB.exe
  C:\Windows\System\VZXXTwB.exe
  2⤵
  PID:4428
- C:\Windows\System\MWHOJzp.exe
  C:\Windows\System\MWHOJzp.exe
  2⤵
  PID:4448
- C:\Windows\System\AUkfXvo.exe
  C:\Windows\System\AUkfXvo.exe
  2⤵
  PID:4468
- C:\Windows\System\IRWeIoD.exe
  C:\Windows\System\IRWeIoD.exe
  2⤵
  PID:4488
- C:\Windows\System\XMsnXcI.exe
  C:\Windows\System\XMsnXcI.exe
  2⤵
  PID:4508
- C:\Windows\System\WPbeQFY.exe
  C:\Windows\System\WPbeQFY.exe
  2⤵
  PID:4528
- C:\Windows\System\lYvdczB.exe
  C:\Windows\System\lYvdczB.exe
  2⤵
  PID:4548
- C:\Windows\System\zJizRiT.exe
  C:\Windows\System\zJizRiT.exe
  2⤵
  PID:4568
- C:\Windows\System\iVIukeR.exe
  C:\Windows\System\iVIukeR.exe
  2⤵
  PID:4588
- C:\Windows\System\clnzseQ.exe
  C:\Windows\System\clnzseQ.exe
  2⤵
  PID:4608
- C:\Windows\System\IesZjYV.exe
  C:\Windows\System\IesZjYV.exe
  2⤵
  PID:4628
- C:\Windows\System\EKqvZbW.exe
  C:\Windows\System\EKqvZbW.exe
  2⤵
  PID:4652
- C:\Windows\System\ifLSiYE.exe
  C:\Windows\System\ifLSiYE.exe
  2⤵
  PID:4672
- C:\Windows\System\KIJSQZG.exe
  C:\Windows\System\KIJSQZG.exe
  2⤵
  PID:4692
- C:\Windows\System\vwrgQZg.exe
  C:\Windows\System\vwrgQZg.exe
  2⤵
  PID:4712
- C:\Windows\System\vdudcTA.exe
  C:\Windows\System\vdudcTA.exe
  2⤵
  PID:4732
- C:\Windows\System\pimSLAF.exe
  C:\Windows\System\pimSLAF.exe
  2⤵
  PID:4752
- C:\Windows\System\wFdtbuA.exe
  C:\Windows\System\wFdtbuA.exe
  2⤵
  PID:4772
- C:\Windows\System\vkLoQqF.exe
  C:\Windows\System\vkLoQqF.exe
  2⤵
  PID:4792
- C:\Windows\System\mGgffsQ.exe
  C:\Windows\System\mGgffsQ.exe
  2⤵
  PID:4812
- C:\Windows\System\nGaNQpB.exe
  C:\Windows\System\nGaNQpB.exe
  2⤵
  PID:4832
- C:\Windows\System\AwFzqQI.exe
  C:\Windows\System\AwFzqQI.exe
  2⤵
  PID:4852
- C:\Windows\System\wzgirNE.exe
  C:\Windows\System\wzgirNE.exe
  2⤵
  PID:4872
- C:\Windows\System\ToaEmDm.exe
  C:\Windows\System\ToaEmDm.exe
  2⤵
  PID:4892
- C:\Windows\System\sNDktWr.exe
  C:\Windows\System\sNDktWr.exe
  2⤵
  PID:4912
- C:\Windows\System\LiJilDz.exe
  C:\Windows\System\LiJilDz.exe
  2⤵
  PID:4932
- C:\Windows\System\wvQUWiW.exe
  C:\Windows\System\wvQUWiW.exe
  2⤵
  PID:4952
- C:\Windows\System\NalEvXm.exe
  C:\Windows\System\NalEvXm.exe
  2⤵
  PID:4972
- C:\Windows\System\VJbNXuL.exe
  C:\Windows\System\VJbNXuL.exe
  2⤵
  PID:4992
- C:\Windows\System\rwLDAks.exe
  C:\Windows\System\rwLDAks.exe
  2⤵
  PID:5016
- C:\Windows\System\PQtlYCS.exe
  C:\Windows\System\PQtlYCS.exe
  2⤵
  PID:5036
- C:\Windows\System\ebTwKlp.exe
  C:\Windows\System\ebTwKlp.exe
  2⤵
  PID:5056
- C:\Windows\System\ZjeoMDQ.exe
  C:\Windows\System\ZjeoMDQ.exe
  2⤵
  PID:5076
- C:\Windows\System\WORSkQt.exe
  C:\Windows\System\WORSkQt.exe
  2⤵
  PID:5096
- C:\Windows\System\XJDwSJN.exe
  C:\Windows\System\XJDwSJN.exe
  2⤵
  PID:5116
- C:\Windows\System\KSPcdOS.exe
  C:\Windows\System\KSPcdOS.exe
  2⤵
  PID:3352
- C:\Windows\System\giefJyF.exe
  C:\Windows\System\giefJyF.exe
  2⤵
  PID:3488
- C:\Windows\System\IQWFIin.exe
  C:\Windows\System\IQWFIin.exe
  2⤵
  PID:3692
- C:\Windows\System\EdaMDDE.exe
  C:\Windows\System\EdaMDDE.exe
  2⤵
  PID:3872
- C:\Windows\System\yptxrKr.exe
  C:\Windows\System\yptxrKr.exe
  2⤵
  PID:3892
- C:\Windows\System\LLQReyV.exe
  C:\Windows\System\LLQReyV.exe
  2⤵
  PID:1732
- C:\Windows\System\zHZlWNe.exe
  C:\Windows\System\zHZlWNe.exe
  2⤵
  PID:748
- C:\Windows\System\BDHvnLZ.exe
  C:\Windows\System\BDHvnLZ.exe
  2⤵
  PID:3188
- C:\Windows\System\XZGqCuA.exe
  C:\Windows\System\XZGqCuA.exe
  2⤵
  PID:4116
- C:\Windows\System\ozqjGbR.exe
  C:\Windows\System\ozqjGbR.exe
  2⤵
  PID:4160
- C:\Windows\System\RKMLEJl.exe
  C:\Windows\System\RKMLEJl.exe
  2⤵
  PID:3384
- C:\Windows\System\FzBvKWY.exe
  C:\Windows\System\FzBvKWY.exe
  2⤵
  PID:4196
- C:\Windows\System\glKvhHp.exe
  C:\Windows\System\glKvhHp.exe
  2⤵
  PID:4240
- C:\Windows\System\LDMoRoR.exe
  C:\Windows\System\LDMoRoR.exe
  2⤵
  PID:4280
- C:\Windows\System\iIPCOxx.exe
  C:\Windows\System\iIPCOxx.exe
  2⤵
  PID:4320
- C:\Windows\System\tdiWdaL.exe
  C:\Windows\System\tdiWdaL.exe
  2⤵
  PID:4352
- C:\Windows\System\ZxzaOSZ.exe
  C:\Windows\System\ZxzaOSZ.exe
  2⤵
  PID:4360
- C:\Windows\System\VChVOPk.exe
  C:\Windows\System\VChVOPk.exe
  2⤵
  PID:4420
- C:\Windows\System\kAGdnPb.exe
  C:\Windows\System\kAGdnPb.exe
  2⤵
  PID:4464
- C:\Windows\System\lcMcqDw.exe
  C:\Windows\System\lcMcqDw.exe
  2⤵
  PID:4484
- C:\Windows\System\wlJTKCn.exe
  C:\Windows\System\wlJTKCn.exe
  2⤵
  PID:4536
- C:\Windows\System\GXegPAI.exe
  C:\Windows\System\GXegPAI.exe
  2⤵
  PID:4576
- C:\Windows\System\xYJrake.exe
  C:\Windows\System\xYJrake.exe
  2⤵
  PID:2400
- C:\Windows\System\eNVnyRa.exe
  C:\Windows\System\eNVnyRa.exe
  2⤵
  PID:4604
- C:\Windows\System\ArxVCuw.exe
  C:\Windows\System\ArxVCuw.exe
  2⤵
  PID:4660
- C:\Windows\System\GGMpVBf.exe
  C:\Windows\System\GGMpVBf.exe
  2⤵
  PID:4680
- C:\Windows\System\Vwecnkl.exe
  C:\Windows\System\Vwecnkl.exe
  2⤵
  PID:4720
- C:\Windows\System\etUZPfg.exe
  C:\Windows\System\etUZPfg.exe
  2⤵
  PID:4744
- C:\Windows\System\CBjkNXH.exe
  C:\Windows\System\CBjkNXH.exe
  2⤵
  PID:4784
- C:\Windows\System\HJyFKIP.exe
  C:\Windows\System\HJyFKIP.exe
  2⤵
  PID:4804
- C:\Windows\System\oGuYGTG.exe
  C:\Windows\System\oGuYGTG.exe
  2⤵
  PID:4860
- C:\Windows\System\pHEZSYO.exe
  C:\Windows\System\pHEZSYO.exe
  2⤵
  PID:4884
- C:\Windows\System\JonIiFO.exe
  C:\Windows\System\JonIiFO.exe
  2⤵
  PID:4940
- C:\Windows\System\GKgOnyE.exe
  C:\Windows\System\GKgOnyE.exe
  2⤵
  PID:4960
- C:\Windows\System\FudilNo.exe
  C:\Windows\System\FudilNo.exe
  2⤵
  PID:4984
- C:\Windows\System\PzzKnsn.exe
  C:\Windows\System\PzzKnsn.exe
  2⤵
  PID:5032
- C:\Windows\System\iTNqaTK.exe
  C:\Windows\System\iTNqaTK.exe
  2⤵
  PID:5064
- C:\Windows\System\mMXFrvM.exe
  C:\Windows\System\mMXFrvM.exe
  2⤵
  PID:5084
- C:\Windows\System\AcXoSzs.exe
  C:\Windows\System\AcXoSzs.exe
  2⤵
  PID:3324
- C:\Windows\System\lLvsAZC.exe
  C:\Windows\System\lLvsAZC.exe
  2⤵
  PID:3444
- C:\Windows\System\ziXlGvX.exe
  C:\Windows\System\ziXlGvX.exe
  2⤵
  PID:3856
- C:\Windows\System\VkoxdMf.exe
  C:\Windows\System\VkoxdMf.exe
  2⤵
  PID:3900
- C:\Windows\System\GAHSpNr.exe
  C:\Windows\System\GAHSpNr.exe
  2⤵
  PID:436
- C:\Windows\System\LLiyfpd.exe
  C:\Windows\System\LLiyfpd.exe
  2⤵
  PID:4152
- C:\Windows\System\wfDkzDa.exe
  C:\Windows\System\wfDkzDa.exe
  2⤵
  PID:4176
- C:\Windows\System\ArwmRYt.exe
  C:\Windows\System\ArwmRYt.exe
  2⤵
  PID:4220
- C:\Windows\System\ddEMSTo.exe
  C:\Windows\System\ddEMSTo.exe
  2⤵
  PID:4292
- C:\Windows\System\spApsey.exe
  C:\Windows\System\spApsey.exe
  2⤵
  PID:4296
- C:\Windows\System\MoataZq.exe
  C:\Windows\System\MoataZq.exe
  2⤵
  PID:4424
- C:\Windows\System\uZYaqhu.exe
  C:\Windows\System\uZYaqhu.exe
  2⤵
  PID:4364
- C:\Windows\System\IUioCxS.exe
  C:\Windows\System\IUioCxS.exe
  2⤵
  PID:4496
- C:\Windows\System\DboWlYn.exe
  C:\Windows\System\DboWlYn.exe
  2⤵
  PID:4500
- C:\Windows\System\RkfLhXO.exe
  C:\Windows\System\RkfLhXO.exe
  2⤵
  PID:2076
- C:\Windows\System\orSfjJg.exe
  C:\Windows\System\orSfjJg.exe
  2⤵
  PID:4700
- C:\Windows\System\gLFjfbu.exe
  C:\Windows\System\gLFjfbu.exe
  2⤵
  PID:4636
- C:\Windows\System\JvtPWXc.exe
  C:\Windows\System\JvtPWXc.exe
  2⤵
  PID:4748
- C:\Windows\System\HFHoZPO.exe
  C:\Windows\System\HFHoZPO.exe
  2⤵
  PID:4768
- C:\Windows\System\jldFDvB.exe
  C:\Windows\System\jldFDvB.exe
  2⤵
  PID:4864
- C:\Windows\System\DzTzEjC.exe
  C:\Windows\System\DzTzEjC.exe
  2⤵
  PID:4920
- C:\Windows\System\JegWEBJ.exe
  C:\Windows\System\JegWEBJ.exe
  2⤵
  PID:4400
- C:\Windows\System\AYrnkFI.exe
  C:\Windows\System\AYrnkFI.exe
  2⤵
  PID:4980
- C:\Windows\System\UmCnYGA.exe
  C:\Windows\System\UmCnYGA.exe
  2⤵
  PID:5104
- C:\Windows\System\NbkQiAH.exe
  C:\Windows\System\NbkQiAH.exe
  2⤵
  PID:5088
- C:\Windows\System\xOVPHZB.exe
  C:\Windows\System\xOVPHZB.exe
  2⤵
  PID:4032
- C:\Windows\System\YViTDDB.exe
  C:\Windows\System\YViTDDB.exe
  2⤵
  PID:4100
- C:\Windows\System\ZXskslh.exe
  C:\Windows\System\ZXskslh.exe
  2⤵
  PID:2584
- C:\Windows\System\cWdpSxR.exe
  C:\Windows\System\cWdpSxR.exe
  2⤵
  PID:4112
- C:\Windows\System\OJfFuTG.exe
  C:\Windows\System\OJfFuTG.exe
  2⤵
  PID:4300
- C:\Windows\System\JZNdCWI.exe
  C:\Windows\System\JZNdCWI.exe
  2⤵
  PID:580
- C:\Windows\System\WaHvRwe.exe
  C:\Windows\System\WaHvRwe.exe
  2⤵
  PID:1276
- C:\Windows\System\oNbHeap.exe
  C:\Windows\System\oNbHeap.exe
  2⤵
  PID:640
- C:\Windows\System\cEpQgSq.exe
  C:\Windows\System\cEpQgSq.exe
  2⤵
  PID:3048
- C:\Windows\System\StDArAx.exe
  C:\Windows\System\StDArAx.exe
  2⤵
  PID:4444
- C:\Windows\System\PGXWuux.exe
  C:\Windows\System\PGXWuux.exe
  2⤵
  PID:4596
- C:\Windows\System\UbBadNv.exe
  C:\Windows\System\UbBadNv.exe
  2⤵
  PID:4560
- C:\Windows\System\iRWTcuM.exe
  C:\Windows\System\iRWTcuM.exe
  2⤵
  PID:4708
- C:\Windows\System\cgyBflf.exe
  C:\Windows\System\cgyBflf.exe
  2⤵
  PID:4788
- C:\Windows\System\WuTYMMO.exe
  C:\Windows\System\WuTYMMO.exe
  2⤵
  PID:4904
- C:\Windows\System\TBWNyoa.exe
  C:\Windows\System\TBWNyoa.exe
  2⤵
  PID:4988
- C:\Windows\System\aERMXNy.exe
  C:\Windows\System\aERMXNy.exe
  2⤵
  PID:5112
- C:\Windows\System\NiehkPu.exe
  C:\Windows\System\NiehkPu.exe
  2⤵
  PID:3424
- C:\Windows\System\yvsHjTQ.exe
  C:\Windows\System\yvsHjTQ.exe
  2⤵
  PID:1588
- C:\Windows\System\VqNTFLT.exe
  C:\Windows\System\VqNTFLT.exe
  2⤵
  PID:4172
- C:\Windows\System\sVXHdlk.exe
  C:\Windows\System\sVXHdlk.exe
  2⤵
  PID:4260
- C:\Windows\System\HGjHDBR.exe
  C:\Windows\System\HGjHDBR.exe
  2⤵
  PID:1940
- C:\Windows\System\FlDixJV.exe
  C:\Windows\System\FlDixJV.exe
  2⤵
  PID:592
- C:\Windows\System\cwsRSkH.exe
  C:\Windows\System\cwsRSkH.exe
  2⤵
  PID:4456
- C:\Windows\System\VdhEmzI.exe
  C:\Windows\System\VdhEmzI.exe
  2⤵
  PID:4600
- C:\Windows\System\dMrsJct.exe
  C:\Windows\System\dMrsJct.exe
  2⤵
  PID:4820
- C:\Windows\System\zkqpiIS.exe
  C:\Windows\System\zkqpiIS.exe
  2⤵
  PID:5028
- C:\Windows\System\sAyqKNz.exe
  C:\Windows\System\sAyqKNz.exe
  2⤵
  PID:5052
- C:\Windows\System\GedQuSu.exe
  C:\Windows\System\GedQuSu.exe
  2⤵
  PID:5140
- C:\Windows\System\uLKbvMj.exe
  C:\Windows\System\uLKbvMj.exe
  2⤵
  PID:5160
- C:\Windows\System\enKgvGN.exe
  C:\Windows\System\enKgvGN.exe
  2⤵
  PID:5180
- C:\Windows\System\iNMypdp.exe
  C:\Windows\System\iNMypdp.exe
  2⤵
  PID:5200
- C:\Windows\System\seCEpgf.exe
  C:\Windows\System\seCEpgf.exe
  2⤵
  PID:5224
- C:\Windows\System\MaJBKbI.exe
  C:\Windows\System\MaJBKbI.exe
  2⤵
  PID:5244
- C:\Windows\System\cywpMGD.exe
  C:\Windows\System\cywpMGD.exe
  2⤵
  PID:5264
- C:\Windows\System\ueJHQXw.exe
  C:\Windows\System\ueJHQXw.exe
  2⤵
  PID:5284
- C:\Windows\System\pcoWAWO.exe
  C:\Windows\System\pcoWAWO.exe
  2⤵
  PID:5304
- C:\Windows\System\yJTjbHu.exe
  C:\Windows\System\yJTjbHu.exe
  2⤵
  PID:5324
- C:\Windows\System\HoFGmZF.exe
  C:\Windows\System\HoFGmZF.exe
  2⤵
  PID:5344
- C:\Windows\System\rZAsgZa.exe
  C:\Windows\System\rZAsgZa.exe
  2⤵
  PID:5364
- C:\Windows\System\esAPpRf.exe
  C:\Windows\System\esAPpRf.exe
  2⤵
  PID:5384
- C:\Windows\System\KkYLcfK.exe
  C:\Windows\System\KkYLcfK.exe
  2⤵
  PID:5404
- C:\Windows\System\EQVUilE.exe
  C:\Windows\System\EQVUilE.exe
  2⤵
  PID:5424
- C:\Windows\System\ntHTwrY.exe
  C:\Windows\System\ntHTwrY.exe
  2⤵
  PID:5444
- C:\Windows\System\qdhnASE.exe
  C:\Windows\System\qdhnASE.exe
  2⤵
  PID:5464
- C:\Windows\System\qqGxtuA.exe
  C:\Windows\System\qqGxtuA.exe
  2⤵
  PID:5484
- C:\Windows\System\VUVLevZ.exe
  C:\Windows\System\VUVLevZ.exe
  2⤵
  PID:5504
- C:\Windows\System\GwEuuJX.exe
  C:\Windows\System\GwEuuJX.exe
  2⤵
  PID:5524
- C:\Windows\System\RiYQtAf.exe
  C:\Windows\System\RiYQtAf.exe
  2⤵
  PID:5544
- C:\Windows\System\KgPqyOm.exe
  C:\Windows\System\KgPqyOm.exe
  2⤵
  PID:5564
- C:\Windows\System\oVqqBax.exe
  C:\Windows\System\oVqqBax.exe
  2⤵
  PID:5584
- C:\Windows\System\OIybagk.exe
  C:\Windows\System\OIybagk.exe
  2⤵
  PID:5604
- C:\Windows\System\CWLZdAn.exe
  C:\Windows\System\CWLZdAn.exe
  2⤵
  PID:5624
- C:\Windows\System\hwqDwut.exe
  C:\Windows\System\hwqDwut.exe
  2⤵
  PID:5644
- C:\Windows\System\BBasNAe.exe
  C:\Windows\System\BBasNAe.exe
  2⤵
  PID:5664
- C:\Windows\System\hjlvdMC.exe
  C:\Windows\System\hjlvdMC.exe
  2⤵
  PID:5684
- C:\Windows\System\vXFDqHK.exe
  C:\Windows\System\vXFDqHK.exe
  2⤵
  PID:5704
- C:\Windows\System\crFGUPJ.exe
  C:\Windows\System\crFGUPJ.exe
  2⤵
  PID:5724
- C:\Windows\System\QBLhxIq.exe
  C:\Windows\System\QBLhxIq.exe
  2⤵
  PID:5744
- C:\Windows\System\twKtidN.exe
  C:\Windows\System\twKtidN.exe
  2⤵
  PID:5768
- C:\Windows\System\deDvdIv.exe
  C:\Windows\System\deDvdIv.exe
  2⤵
  PID:5788
- C:\Windows\System\yKQohAn.exe
  C:\Windows\System\yKQohAn.exe
  2⤵
  PID:5808
- C:\Windows\System\fZgMHvo.exe
  C:\Windows\System\fZgMHvo.exe
  2⤵
  PID:5828
- C:\Windows\System\ucHSeHQ.exe
  C:\Windows\System\ucHSeHQ.exe
  2⤵
  PID:5848
- C:\Windows\System\oowDPoc.exe
  C:\Windows\System\oowDPoc.exe
  2⤵
  PID:5868
- C:\Windows\System\mKqSVRy.exe
  C:\Windows\System\mKqSVRy.exe
  2⤵
  PID:5888
- C:\Windows\System\BjGoXFq.exe
  C:\Windows\System\BjGoXFq.exe
  2⤵
  PID:5908
- C:\Windows\System\GIWEHDT.exe
  C:\Windows\System\GIWEHDT.exe
  2⤵
  PID:5928
- C:\Windows\System\sMgFjzf.exe
  C:\Windows\System\sMgFjzf.exe
  2⤵
  PID:5948
- C:\Windows\System\plIPcuO.exe
  C:\Windows\System\plIPcuO.exe
  2⤵
  PID:5968
- C:\Windows\System\lyAOnAC.exe
  C:\Windows\System\lyAOnAC.exe
  2⤵
  PID:5988
- C:\Windows\System\QFqyTAK.exe
  C:\Windows\System\QFqyTAK.exe
  2⤵
  PID:6008
- C:\Windows\System\gyASwnD.exe
  C:\Windows\System\gyASwnD.exe
  2⤵
  PID:6028
- C:\Windows\System\oNcKVap.exe
  C:\Windows\System\oNcKVap.exe
  2⤵
  PID:6048
- C:\Windows\System\NrJgDan.exe
  C:\Windows\System\NrJgDan.exe
  2⤵
  PID:6068
- C:\Windows\System\scNeIBM.exe
  C:\Windows\System\scNeIBM.exe
  2⤵
  PID:6088
- C:\Windows\System\uqgCfTa.exe
  C:\Windows\System\uqgCfTa.exe
  2⤵
  PID:6108
- C:\Windows\System\wPMsFiO.exe
  C:\Windows\System\wPMsFiO.exe
  2⤵
  PID:6128
- C:\Windows\System\fRFmzaE.exe
  C:\Windows\System\fRFmzaE.exe
  2⤵
  PID:5048
- C:\Windows\System\YhyXKAS.exe
  C:\Windows\System\YhyXKAS.exe
  2⤵
  PID:4200
- C:\Windows\System\xIGEtjS.exe
  C:\Windows\System\xIGEtjS.exe
  2⤵
  PID:3008
- C:\Windows\System\piloWAa.exe
  C:\Windows\System\piloWAa.exe
  2⤵
  PID:4316
- C:\Windows\System\hPpqlsO.exe
  C:\Windows\System\hPpqlsO.exe
  2⤵
  PID:4664
- C:\Windows\System\nQJXehb.exe
  C:\Windows\System\nQJXehb.exe
  2⤵
  PID:4944
- C:\Windows\System\yFbCZLy.exe
  C:\Windows\System\yFbCZLy.exe
  2⤵
  PID:4880
- C:\Windows\System\TZTQTTH.exe
  C:\Windows\System\TZTQTTH.exe
  2⤵
  PID:5148
- C:\Windows\System\NsjmKpO.exe
  C:\Windows\System\NsjmKpO.exe
  2⤵
  PID:5176
- C:\Windows\System\bvuLAyr.exe
  C:\Windows\System\bvuLAyr.exe
  2⤵
  PID:5208
- C:\Windows\System\mSActfu.exe
  C:\Windows\System\mSActfu.exe
  2⤵
  PID:5236
- C:\Windows\System\KveLhrl.exe
  C:\Windows\System\KveLhrl.exe
  2⤵
  PID:5280
- C:\Windows\System\AYpYYco.exe
  C:\Windows\System\AYpYYco.exe
  2⤵
  PID:5332
- C:\Windows\System\txLzMUG.exe
  C:\Windows\System\txLzMUG.exe
  2⤵
  PID:5320
- C:\Windows\System\saWrJrj.exe
  C:\Windows\System\saWrJrj.exe
  2⤵
  PID:5356
- C:\Windows\System\vhruDcy.exe
  C:\Windows\System\vhruDcy.exe
  2⤵
  PID:5392
- C:\Windows\System\zkmagnP.exe
  C:\Windows\System\zkmagnP.exe
  2⤵
  PID:5432
- C:\Windows\System\HPPDpXu.exe
  C:\Windows\System\HPPDpXu.exe
  2⤵
  PID:5456
- C:\Windows\System\POTlyiA.exe
  C:\Windows\System\POTlyiA.exe
  2⤵
  PID:5500
- C:\Windows\System\rzuGnCI.exe
  C:\Windows\System\rzuGnCI.exe
  2⤵
  PID:5532
- C:\Windows\System\KpErmeD.exe
  C:\Windows\System\KpErmeD.exe
  2⤵
  PID:5580
- C:\Windows\System\EXbyPod.exe
  C:\Windows\System\EXbyPod.exe
  2⤵
  PID:5600
- C:\Windows\System\CoJFxQs.exe
  C:\Windows\System\CoJFxQs.exe
  2⤵
  PID:5632
- C:\Windows\System\XPCybKd.exe
  C:\Windows\System\XPCybKd.exe
  2⤵
  PID:5636
- C:\Windows\System\NAxkYrh.exe
  C:\Windows\System\NAxkYrh.exe
  2⤵
  PID:5700
- C:\Windows\System\BxEYswu.exe
  C:\Windows\System\BxEYswu.exe
  2⤵
  PID:5732
- C:\Windows\System\ZmfNVzc.exe
  C:\Windows\System\ZmfNVzc.exe
  2⤵
  PID:5760
- C:\Windows\System\DMJsrIb.exe
  C:\Windows\System\DMJsrIb.exe
  2⤵
  PID:5796
- C:\Windows\System\taaSLzX.exe
  C:\Windows\System\taaSLzX.exe
  2⤵
  PID:5836
- C:\Windows\System\qvNKTDC.exe
  C:\Windows\System\qvNKTDC.exe
  2⤵
  PID:5860
- C:\Windows\System\gxJclfF.exe
  C:\Windows\System\gxJclfF.exe
  2⤵
  PID:5880
- C:\Windows\System\WmzTisz.exe
  C:\Windows\System\WmzTisz.exe
  2⤵
  PID:5920
- C:\Windows\System\OOXCrJJ.exe
  C:\Windows\System\OOXCrJJ.exe
  2⤵
  PID:5980
- C:\Windows\System\mhEYvDj.exe
  C:\Windows\System\mhEYvDj.exe
  2⤵
  PID:2604
- C:\Windows\System\wFGMgBJ.exe
  C:\Windows\System\wFGMgBJ.exe
  2⤵
  PID:6000
- C:\Windows\System\mQdvofx.exe
  C:\Windows\System\mQdvofx.exe
  2⤵
  PID:6040
- C:\Windows\System\BVwKSHi.exe
  C:\Windows\System\BVwKSHi.exe
  2⤵
  PID:6084
- C:\Windows\System\xEgLgeb.exe
  C:\Windows\System\xEgLgeb.exe
  2⤵
  PID:6116
- C:\Windows\System\zUnbmND.exe
  C:\Windows\System\zUnbmND.exe
  2⤵
  PID:4212
- C:\Windows\System\lRPJRHN.exe
  C:\Windows\System\lRPJRHN.exe
  2⤵
  PID:868
- C:\Windows\System\gpVrVJj.exe
  C:\Windows\System\gpVrVJj.exe
  2⤵
  PID:2876
- C:\Windows\System\xhOHlat.exe
  C:\Windows\System\xhOHlat.exe
  2⤵
  PID:3500
- C:\Windows\System\WsaNNJJ.exe
  C:\Windows\System\WsaNNJJ.exe
  2⤵
  PID:4844
- C:\Windows\System\sUAxgkp.exe
  C:\Windows\System\sUAxgkp.exe
  2⤵
  PID:5136
- C:\Windows\System\VHasweo.exe
  C:\Windows\System\VHasweo.exe
  2⤵
  PID:5196
- C:\Windows\System\YEKIkxn.exe
  C:\Windows\System\YEKIkxn.exe
  2⤵
  PID:5256
- C:\Windows\System\FdWETVC.exe
  C:\Windows\System\FdWETVC.exe
  2⤵
  PID:2000
- C:\Windows\System\WsQiFlH.exe
  C:\Windows\System\WsQiFlH.exe
  2⤵
  PID:5376
- C:\Windows\System\EtsWlbo.exe
  C:\Windows\System\EtsWlbo.exe
  2⤵
  PID:5420
- C:\Windows\System\jPCjSYW.exe
  C:\Windows\System\jPCjSYW.exe
  2⤵
  PID:5452
- C:\Windows\System\MCaNGWk.exe
  C:\Windows\System\MCaNGWk.exe
  2⤵
  PID:5536
- C:\Windows\System\GqCVVEx.exe
  C:\Windows\System\GqCVVEx.exe
  2⤵
  PID:5556
- C:\Windows\System\vxZsQlq.exe
  C:\Windows\System\vxZsQlq.exe
  2⤵
  PID:5660
- C:\Windows\System\QntDgHN.exe
  C:\Windows\System\QntDgHN.exe
  2⤵
  PID:5676
- C:\Windows\System\IlNsNfl.exe
  C:\Windows\System\IlNsNfl.exe
  2⤵
  PID:5776
- C:\Windows\System\LeRzWoU.exe
  C:\Windows\System\LeRzWoU.exe
  2⤵
  PID:5800
- C:\Windows\System\mKLLcLW.exe
  C:\Windows\System\mKLLcLW.exe
  2⤵
  PID:5904
- C:\Windows\System\EssrCHa.exe
  C:\Windows\System\EssrCHa.exe
  2⤵
  PID:1928
- C:\Windows\System\eALLMXh.exe
  C:\Windows\System\eALLMXh.exe
  2⤵
  PID:5936
- C:\Windows\System\tzCLdlI.exe
  C:\Windows\System\tzCLdlI.exe
  2⤵
  PID:2100
- C:\Windows\System\JDiapCn.exe
  C:\Windows\System\JDiapCn.exe
  2⤵
  PID:6024
- C:\Windows\System\ZyOHSfq.exe
  C:\Windows\System\ZyOHSfq.exe
  2⤵
  PID:6080
- C:\Windows\System\uiFhztq.exe
  C:\Windows\System\uiFhztq.exe
  2⤵
  PID:6100
- C:\Windows\System\CusRKAg.exe
  C:\Windows\System\CusRKAg.exe
  2⤵
  PID:4540
- C:\Windows\System\ROMmhfe.exe
  C:\Windows\System\ROMmhfe.exe
  2⤵
  PID:2148
- C:\Windows\System\XXihUZz.exe
  C:\Windows\System\XXihUZz.exe
  2⤵
  PID:5132
- C:\Windows\System\ssFNljp.exe
  C:\Windows\System\ssFNljp.exe
  2⤵
  PID:5212
- C:\Windows\System\PJlTKuY.exe
  C:\Windows\System\PJlTKuY.exe
  2⤵
  PID:5372
- C:\Windows\System\gWBzsyK.exe
  C:\Windows\System\gWBzsyK.exe
  2⤵
  PID:5396
- C:\Windows\System\jboAWmn.exe
  C:\Windows\System\jboAWmn.exe
  2⤵
  PID:5512
- C:\Windows\System\nAXsWBS.exe
  C:\Windows\System\nAXsWBS.exe
  2⤵
  PID:5572
- C:\Windows\System\DANvqPR.exe
  C:\Windows\System\DANvqPR.exe
  2⤵
  PID:5616
- C:\Windows\System\yUkLCjg.exe
  C:\Windows\System\yUkLCjg.exe
  2⤵
  PID:5736
- C:\Windows\System\ARVlCkd.exe
  C:\Windows\System\ARVlCkd.exe
  2⤵
  PID:5864
- C:\Windows\System\Erowwrd.exe
  C:\Windows\System\Erowwrd.exe
  2⤵
  PID:5984
- C:\Windows\System\KtMJNCK.exe
  C:\Windows\System\KtMJNCK.exe
  2⤵
  PID:6016
- C:\Windows\System\zAfbUkQ.exe
  C:\Windows\System\zAfbUkQ.exe
  2⤵
  PID:2392
- C:\Windows\System\yKTtytg.exe
  C:\Windows\System\yKTtytg.exe
  2⤵
  PID:6056
- C:\Windows\System\dIDWufV.exe
  C:\Windows\System\dIDWufV.exe
  2⤵
  PID:3992
- C:\Windows\System\WENTHfu.exe
  C:\Windows\System\WENTHfu.exe
  2⤵
  PID:5152
- C:\Windows\System\MLDBbml.exe
  C:\Windows\System\MLDBbml.exe
  2⤵
  PID:5360
- C:\Windows\System\TDKgSSS.exe
  C:\Windows\System\TDKgSSS.exe
  2⤵
  PID:5220
- C:\Windows\System\YXNwPDq.exe
  C:\Windows\System\YXNwPDq.exe
  2⤵
  PID:5516
- C:\Windows\System\FuIitRv.exe
  C:\Windows\System\FuIitRv.exe
  2⤵
  PID:6164
- C:\Windows\System\emUVRym.exe
  C:\Windows\System\emUVRym.exe
  2⤵
  PID:6184
- C:\Windows\System\yAIjpgR.exe
  C:\Windows\System\yAIjpgR.exe
  2⤵
  PID:6204
- C:\Windows\System\iKqhErr.exe
  C:\Windows\System\iKqhErr.exe
  2⤵
  PID:6224
- C:\Windows\System\pSQWFbN.exe
  C:\Windows\System\pSQWFbN.exe
  2⤵
  PID:6244
- C:\Windows\System\gRwwtPB.exe
  C:\Windows\System\gRwwtPB.exe
  2⤵
  PID:6264
- C:\Windows\System\izNYxjh.exe
  C:\Windows\System\izNYxjh.exe
  2⤵
  PID:6280
- C:\Windows\System\FMcoEgp.exe
  C:\Windows\System\FMcoEgp.exe
  2⤵
  PID:6308
- C:\Windows\System\AUbmzxG.exe
  C:\Windows\System\AUbmzxG.exe
  2⤵
  PID:6328
- C:\Windows\System\GDgoGyw.exe
  C:\Windows\System\GDgoGyw.exe
  2⤵
  PID:6348
- C:\Windows\System\OuCWdXH.exe
  C:\Windows\System\OuCWdXH.exe
  2⤵
  PID:6368
- C:\Windows\System\BwYQgxU.exe
  C:\Windows\System\BwYQgxU.exe
  2⤵
  PID:6388
- C:\Windows\System\SGqufcq.exe
  C:\Windows\System\SGqufcq.exe
  2⤵
  PID:6408
- C:\Windows\System\lloeidd.exe
  C:\Windows\System\lloeidd.exe
  2⤵
  PID:6428
- C:\Windows\System\yJoadSm.exe
  C:\Windows\System\yJoadSm.exe
  2⤵
  PID:6448
- C:\Windows\System\QHmPGpO.exe
  C:\Windows\System\QHmPGpO.exe
  2⤵
  PID:6468
- C:\Windows\System\qhiLSee.exe
  C:\Windows\System\qhiLSee.exe
  2⤵
  PID:6488
- C:\Windows\System\ZPKuzxG.exe
  C:\Windows\System\ZPKuzxG.exe
  2⤵
  PID:6508
- C:\Windows\System\pSXNOSR.exe
  C:\Windows\System\pSXNOSR.exe
  2⤵
  PID:6528
- C:\Windows\System\AoPWjec.exe
  C:\Windows\System\AoPWjec.exe
  2⤵
  PID:6548
- C:\Windows\System\mquZaDl.exe
  C:\Windows\System\mquZaDl.exe
  2⤵
  PID:6568
- C:\Windows\System\npinJNY.exe
  C:\Windows\System\npinJNY.exe
  2⤵
  PID:6588
- C:\Windows\System\QSbeScK.exe
  C:\Windows\System\QSbeScK.exe
  2⤵
  PID:6608
- C:\Windows\System\bmWZfSb.exe
  C:\Windows\System\bmWZfSb.exe
  2⤵
  PID:6628
- C:\Windows\System\AHKflCY.exe
  C:\Windows\System\AHKflCY.exe
  2⤵
  PID:6648
- C:\Windows\System\MfcjgNJ.exe
  C:\Windows\System\MfcjgNJ.exe
  2⤵
  PID:6668
- C:\Windows\System\YaBhVgi.exe
  C:\Windows\System\YaBhVgi.exe
  2⤵
  PID:6688
- C:\Windows\System\kjJpmuQ.exe
  C:\Windows\System\kjJpmuQ.exe
  2⤵
  PID:6708
- C:\Windows\System\DkWqwBT.exe
  C:\Windows\System\DkWqwBT.exe
  2⤵
  PID:6728
- C:\Windows\System\KeiOqOE.exe
  C:\Windows\System\KeiOqOE.exe
  2⤵
  PID:6748
- C:\Windows\System\PYwbcBO.exe
  C:\Windows\System\PYwbcBO.exe
  2⤵
  PID:6768
- C:\Windows\System\RxJFoOv.exe
  C:\Windows\System\RxJFoOv.exe
  2⤵
  PID:6788
- C:\Windows\System\KZFrBAe.exe
  C:\Windows\System\KZFrBAe.exe
  2⤵
  PID:6808
- C:\Windows\System\lGnkemE.exe
  C:\Windows\System\lGnkemE.exe
  2⤵
  PID:6828
- C:\Windows\System\HCrRzyk.exe
  C:\Windows\System\HCrRzyk.exe
  2⤵
  PID:6848
- C:\Windows\System\MBKfktC.exe
  C:\Windows\System\MBKfktC.exe
  2⤵
  PID:6868
- C:\Windows\System\dUgoysq.exe
  C:\Windows\System\dUgoysq.exe
  2⤵
  PID:6888
- C:\Windows\System\MfoiNIm.exe
  C:\Windows\System\MfoiNIm.exe
  2⤵
  PID:6908
- C:\Windows\System\vtDRJiD.exe
  C:\Windows\System\vtDRJiD.exe
  2⤵
  PID:6928
- C:\Windows\System\IiLlntW.exe
  C:\Windows\System\IiLlntW.exe
  2⤵
  PID:6948
- C:\Windows\System\RjnsxxM.exe
  C:\Windows\System\RjnsxxM.exe
  2⤵
  PID:6996
- C:\Windows\System\SVoERbe.exe
  C:\Windows\System\SVoERbe.exe
  2⤵
  PID:7016
- C:\Windows\System\ohVXgnL.exe
  C:\Windows\System\ohVXgnL.exe
  2⤵
  PID:7036
- C:\Windows\System\ZsyXVnA.exe
  C:\Windows\System\ZsyXVnA.exe
  2⤵
  PID:7056
- C:\Windows\System\lbmTGOD.exe
  C:\Windows\System\lbmTGOD.exe
  2⤵
  PID:7080
- C:\Windows\System\lXKnCeA.exe
  C:\Windows\System\lXKnCeA.exe
  2⤵
  PID:7100
- C:\Windows\System\GJqXzir.exe
  C:\Windows\System\GJqXzir.exe
  2⤵
  PID:7128
- C:\Windows\System\wVmQNut.exe
  C:\Windows\System\wVmQNut.exe
  2⤵
  PID:7144
- C:\Windows\System\AOJNnBT.exe
  C:\Windows\System\AOJNnBT.exe
  2⤵
  PID:7160
- C:\Windows\System\lMJNoQg.exe
  C:\Windows\System\lMJNoQg.exe
  2⤵
  PID:5592
- C:\Windows\System\YfVHtWw.exe
  C:\Windows\System\YfVHtWw.exe
  2⤵
  PID:5784
- C:\Windows\System\jCwztlo.exe
  C:\Windows\System\jCwztlo.exe
  2⤵
  PID:6004
- C:\Windows\System\VsunMHG.exe
  C:\Windows\System\VsunMHG.exe
  2⤵
  PID:3304
- C:\Windows\System\UIkLpox.exe
  C:\Windows\System\UIkLpox.exe
  2⤵
  PID:1260
- C:\Windows\System\UhzSKeh.exe
  C:\Windows\System\UhzSKeh.exe
  2⤵
  PID:5128
- C:\Windows\System\jtfrdBD.exe
  C:\Windows\System\jtfrdBD.exe
  2⤵
  PID:5300
- C:\Windows\System\pBjrPaO.exe
  C:\Windows\System\pBjrPaO.exe
  2⤵
  PID:6176
- C:\Windows\System\eSeWAhV.exe
  C:\Windows\System\eSeWAhV.exe
  2⤵
  PID:6212
- C:\Windows\System\JsZdGpH.exe
  C:\Windows\System\JsZdGpH.exe
  2⤵
  PID:6252
- C:\Windows\System\yxFwDUu.exe
  C:\Windows\System\yxFwDUu.exe
  2⤵
  PID:6288
- C:\Windows\System\ZMySyAt.exe
  C:\Windows\System\ZMySyAt.exe
  2⤵
  PID:6272
- C:\Windows\System\CSqBikz.exe
  C:\Windows\System\CSqBikz.exe
  2⤵
  PID:6340
- C:\Windows\System\HilkgpD.exe
  C:\Windows\System\HilkgpD.exe
  2⤵
  PID:6384
- C:\Windows\System\SEKwSLw.exe
  C:\Windows\System\SEKwSLw.exe
  2⤵
  PID:6380
- C:\Windows\System\PkyHJxf.exe
  C:\Windows\System\PkyHJxf.exe
  2⤵
  PID:6424
- C:\Windows\System\hmFuioj.exe
  C:\Windows\System\hmFuioj.exe
  2⤵
  PID:6456
- C:\Windows\System\WNKxGqd.exe
  C:\Windows\System\WNKxGqd.exe
  2⤵
  PID:6440
- C:\Windows\System\RwPgDrR.exe
  C:\Windows\System\RwPgDrR.exe
  2⤵
  PID:6504
- C:\Windows\System\ImIYbDJ.exe
  C:\Windows\System\ImIYbDJ.exe
  2⤵
  PID:6536
- C:\Windows\System\VGYVouG.exe
  C:\Windows\System\VGYVouG.exe
  2⤵
  PID:6520
- C:\Windows\System\mgWrnuR.exe
  C:\Windows\System\mgWrnuR.exe
  2⤵
  PID:6576
- C:\Windows\System\aLPJvAb.exe
  C:\Windows\System\aLPJvAb.exe
  2⤵
  PID:5924
- C:\Windows\System\ACsGcLQ.exe
  C:\Windows\System\ACsGcLQ.exe
  2⤵
  PID:6620
- C:\Windows\System\ZfCSOdU.exe
  C:\Windows\System\ZfCSOdU.exe
  2⤵
  PID:6664
- C:\Windows\System\jtcEHkp.exe
  C:\Windows\System\jtcEHkp.exe
  2⤵
  PID:6704
- C:\Windows\System\RevVovV.exe
  C:\Windows\System\RevVovV.exe
  2⤵
  PID:2120
- C:\Windows\System\UKgYCrs.exe
  C:\Windows\System\UKgYCrs.exe
  2⤵
  PID:1804
- C:\Windows\System\xAPgtfR.exe
  C:\Windows\System\xAPgtfR.exe
  2⤵
  PID:6720
- C:\Windows\System\oncsgVP.exe
  C:\Windows\System\oncsgVP.exe
  2⤵
  PID:2324
- C:\Windows\System\BLBqTzE.exe
  C:\Windows\System\BLBqTzE.exe
  2⤵
  PID:6780
- C:\Windows\System\RqgLGVd.exe
  C:\Windows\System\RqgLGVd.exe
  2⤵
  PID:6756
- C:\Windows\System\cEpdOjb.exe
  C:\Windows\System\cEpdOjb.exe
  2⤵
  PID:6824
- C:\Windows\System\WTZxnpQ.exe
  C:\Windows\System\WTZxnpQ.exe
  2⤵
  PID:6884
- C:\Windows\System\omIHaPr.exe
  C:\Windows\System\omIHaPr.exe
  2⤵
  PID:6904
- C:\Windows\System\ZoUuhWt.exe
  C:\Windows\System\ZoUuhWt.exe
  2⤵
  PID:6916
- C:\Windows\System\MZstYbC.exe
  C:\Windows\System\MZstYbC.exe
  2⤵
  PID:6944
- C:\Windows\System\WSTFVXV.exe
  C:\Windows\System\WSTFVXV.exe
  2⤵
  PID:1600
- C:\Windows\System\YkUCUtl.exe
  C:\Windows\System\YkUCUtl.exe
  2⤵
  PID:1908
- C:\Windows\System\GYldgUR.exe
  C:\Windows\System\GYldgUR.exe
  2⤵
  PID:2944
- C:\Windows\System\KTPxxos.exe
  C:\Windows\System\KTPxxos.exe
  2⤵
  PID:1856
- C:\Windows\System\ZACsdyF.exe
  C:\Windows\System\ZACsdyF.exe
  2⤵
  PID:1552
- C:\Windows\System\ivNlizU.exe
  C:\Windows\System\ivNlizU.exe
  2⤵
  PID:7052
- C:\Windows\System\sAmgzEu.exe
  C:\Windows\System\sAmgzEu.exe
  2⤵
  PID:7092
- C:\Windows\System\FvaHLMo.exe
  C:\Windows\System\FvaHLMo.exe
  2⤵
  PID:7116
- C:\Windows\System\usMEeHh.exe
  C:\Windows\System\usMEeHh.exe
  2⤵
  PID:5716
- C:\Windows\System\MIbSxZv.exe
  C:\Windows\System\MIbSxZv.exe
  2⤵
  PID:7152
- C:\Windows\System\QOxFrgV.exe
  C:\Windows\System\QOxFrgV.exe
  2⤵
  PID:5876
- C:\Windows\System\uJNjJvc.exe
  C:\Windows\System\uJNjJvc.exe
  2⤵
  PID:3004
- C:\Windows\System\YCywSYC.exe
  C:\Windows\System\YCywSYC.exe
  2⤵
  PID:5436
- C:\Windows\System\WLHeALZ.exe
  C:\Windows\System\WLHeALZ.exe
  2⤵
  PID:6156
- C:\Windows\System\Rmcqtbk.exe
  C:\Windows\System\Rmcqtbk.exe
  2⤵
  PID:5260
- C:\Windows\System\fRfCAUv.exe
  C:\Windows\System\fRfCAUv.exe
  2⤵
  PID:6200
- C:\Windows\System\oOamKuf.exe
  C:\Windows\System\oOamKuf.exe
  2⤵
  PID:6236
- C:\Windows\System\cKVgUGj.exe
  C:\Windows\System\cKVgUGj.exe
  2⤵
  PID:6336
- C:\Windows\System\FPNhrhW.exe
  C:\Windows\System\FPNhrhW.exe
  2⤵
  PID:6400
- C:\Windows\System\JSyldgq.exe
  C:\Windows\System\JSyldgq.exe
  2⤵
  PID:6524
- C:\Windows\System\nknwNGd.exe
  C:\Windows\System\nknwNGd.exe
  2⤵
  PID:6376
- C:\Windows\System\fFYpHFI.exe
  C:\Windows\System\fFYpHFI.exe
  2⤵
  PID:6636
- C:\Windows\System\pATwVSS.exe
  C:\Windows\System\pATwVSS.exe
  2⤵
  PID:6436
- C:\Windows\System\pseaKAz.exe
  C:\Windows\System\pseaKAz.exe
  2⤵
  PID:6540
- C:\Windows\System\IICgCIF.exe
  C:\Windows\System\IICgCIF.exe
  2⤵
  PID:6600
- C:\Windows\System\WTaREbk.exe
  C:\Windows\System\WTaREbk.exe
  2⤵
  PID:6736
- C:\Windows\System\FuZLVYt.exe
  C:\Windows\System\FuZLVYt.exe
  2⤵
  PID:2984
- C:\Windows\System\uwimdGh.exe
  C:\Windows\System\uwimdGh.exe
  2⤵
  PID:6796
- C:\Windows\System\tfoPjYp.exe
  C:\Windows\System\tfoPjYp.exe
  2⤵
  PID:6804
- C:\Windows\System\rKIYoZs.exe
  C:\Windows\System\rKIYoZs.exe
  2⤵
  PID:6840
- C:\Windows\System\gUkJxwZ.exe
  C:\Windows\System\gUkJxwZ.exe
  2⤵
  PID:1368
- C:\Windows\System\jdmnMwe.exe
  C:\Windows\System\jdmnMwe.exe
  2⤵
  PID:6876
- C:\Windows\System\scervpb.exe
  C:\Windows\System\scervpb.exe
  2⤵
  PID:2528
- C:\Windows\System\LXYzSGG.exe
  C:\Windows\System\LXYzSGG.exe
  2⤵
  PID:7044
- C:\Windows\System\DEtASTo.exe
  C:\Windows\System\DEtASTo.exe
  2⤵
  PID:2188
- C:\Windows\System\UegMaKB.exe
  C:\Windows\System\UegMaKB.exe
  2⤵
  PID:1668
- C:\Windows\System\sPVKisK.exe
  C:\Windows\System\sPVKisK.exe
  2⤵
  PID:7112
- C:\Windows\System\ZJGKyOV.exe
  C:\Windows\System\ZJGKyOV.exe
  2⤵
  PID:7156
- C:\Windows\System\tkdvjIF.exe
  C:\Windows\System\tkdvjIF.exe
  2⤵
  PID:5188
- C:\Windows\System\eOrbARJ.exe
  C:\Windows\System\eOrbARJ.exe
  2⤵
  PID:5816
- C:\Windows\System\WbAxLRr.exe
  C:\Windows\System\WbAxLRr.exe
  2⤵
  PID:6476
- C:\Windows\System\oaVmVBJ.exe
  C:\Windows\System\oaVmVBJ.exe
  2⤵
  PID:6316
- C:\Windows\System\zNYCFlh.exe
  C:\Windows\System\zNYCFlh.exe
  2⤵
  PID:6136
- C:\Windows\System\sBNPbFq.exe
  C:\Windows\System\sBNPbFq.exe
  2⤵
  PID:6564
- C:\Windows\System\XUnNyjy.exe
  C:\Windows\System\XUnNyjy.exe
  2⤵
  PID:6684
- C:\Windows\System\jjFSEvl.exe
  C:\Windows\System\jjFSEvl.exe
  2⤵
  PID:6776
- C:\Windows\System\JnabIZF.exe
  C:\Windows\System\JnabIZF.exe
  2⤵
  PID:6444
- C:\Windows\System\uYWgUja.exe
  C:\Windows\System\uYWgUja.exe
  2⤵
  PID:6696
- C:\Windows\System\BbHuCfA.exe
  C:\Windows\System\BbHuCfA.exe
  2⤵
  PID:6784
- C:\Windows\System\NjUzoCg.exe
  C:\Windows\System\NjUzoCg.exe
  2⤵
  PID:6968
- C:\Windows\System\vGmHmuj.exe
  C:\Windows\System\vGmHmuj.exe
  2⤵
  PID:1980
- C:\Windows\System\UdLTPUh.exe
  C:\Windows\System\UdLTPUh.exe
  2⤵
  PID:840
- C:\Windows\System\VcBELxf.exe
  C:\Windows\System\VcBELxf.exe
  2⤵
  PID:6956
- C:\Windows\System\xCfcKqh.exe
  C:\Windows\System\xCfcKqh.exe
  2⤵
  PID:6160
- C:\Windows\System\uYPrtAP.exe
  C:\Windows\System\uYPrtAP.exe
  2⤵
  PID:7124
- C:\Windows\System\SUQUihB.exe
  C:\Windows\System\SUQUihB.exe
  2⤵
  PID:2608
- C:\Windows\System\VQgZhSO.exe
  C:\Windows\System\VQgZhSO.exe
  2⤵
  PID:6292
- C:\Windows\System\XXNoUUu.exe
  C:\Windows\System\XXNoUUu.exe
  2⤵
  PID:7032
- C:\Windows\System\HpmbOsi.exe
  C:\Windows\System\HpmbOsi.exe
  2⤵
  PID:6616
- C:\Windows\System\HvHAuye.exe
  C:\Windows\System\HvHAuye.exe
  2⤵
  PID:6604
- C:\Windows\System\RGWmvLi.exe
  C:\Windows\System\RGWmvLi.exe
  2⤵
  PID:2960
- C:\Windows\System\LQwhKGU.exe
  C:\Windows\System\LQwhKGU.exe
  2⤵
  PID:6724
- C:\Windows\System\QHTRAXp.exe
  C:\Windows\System\QHTRAXp.exe
  2⤵
  PID:6644
- C:\Windows\System\ueVxlUj.exe
  C:\Windows\System\ueVxlUj.exe
  2⤵
  PID:7012
- C:\Windows\System\voYUAKu.exe
  C:\Windows\System\voYUAKu.exe
  2⤵
  PID:5620
- C:\Windows\System\XPURsXA.exe
  C:\Windows\System\XPURsXA.exe
  2⤵
  PID:2612
- C:\Windows\System\oocufrI.exe
  C:\Windows\System\oocufrI.exe
  2⤵
  PID:7028
- C:\Windows\System\cRqfPwx.exe
  C:\Windows\System\cRqfPwx.exe
  2⤵
  PID:5192
- C:\Windows\System\rblswqc.exe
  C:\Windows\System\rblswqc.exe
  2⤵
  PID:2732
- C:\Windows\System\vKNQUhS.exe
  C:\Windows\System\vKNQUhS.exe
  2⤵
  PID:6556
- C:\Windows\System\HkgzsZW.exe
  C:\Windows\System\HkgzsZW.exe
  2⤵
  PID:752
- C:\Windows\System\hlxiWUl.exe
  C:\Windows\System\hlxiWUl.exe
  2⤵
  PID:6896
- C:\Windows\System\BfPHKhd.exe
  C:\Windows\System\BfPHKhd.exe
  2⤵
  PID:6864
- C:\Windows\System\XhPIqiz.exe
  C:\Windows\System\XhPIqiz.exe
  2⤵
  PID:1680
- C:\Windows\System\aiFKmYr.exe
  C:\Windows\System\aiFKmYr.exe
  2⤵
  PID:2192
- C:\Windows\System\mzQWtOe.exe
  C:\Windows\System\mzQWtOe.exe
  2⤵
  PID:7196
- C:\Windows\System\NToIYAt.exe
  C:\Windows\System\NToIYAt.exe
  2⤵
  PID:7212
- C:\Windows\System\YIQgqRO.exe
  C:\Windows\System\YIQgqRO.exe
  2⤵
  PID:7236
- C:\Windows\System\GRgjMhW.exe
  C:\Windows\System\GRgjMhW.exe
  2⤵
  PID:7252
- C:\Windows\System\TvJsXbz.exe
  C:\Windows\System\TvJsXbz.exe
  2⤵
  PID:7268
- C:\Windows\System\FRVyvLA.exe
  C:\Windows\System\FRVyvLA.exe
  2⤵
  PID:7292
- C:\Windows\System\BiRVFOt.exe
  C:\Windows\System\BiRVFOt.exe
  2⤵
  PID:7312
- C:\Windows\System\ndTtyiX.exe
  C:\Windows\System\ndTtyiX.exe
  2⤵
  PID:7332
- C:\Windows\System\TZjObut.exe
  C:\Windows\System\TZjObut.exe
  2⤵
  PID:7348
- C:\Windows\System\XwWWdUz.exe
  C:\Windows\System\XwWWdUz.exe
  2⤵
  PID:7368
- C:\Windows\System\oZhfXxH.exe
  C:\Windows\System\oZhfXxH.exe
  2⤵
  PID:7388
- C:\Windows\System\nGVdDVh.exe
  C:\Windows\System\nGVdDVh.exe
  2⤵
  PID:7404
- C:\Windows\System\mGUyVpJ.exe
  C:\Windows\System\mGUyVpJ.exe
  2⤵
  PID:7420
- C:\Windows\System\tnadDSu.exe
  C:\Windows\System\tnadDSu.exe
  2⤵
  PID:7440
- C:\Windows\System\lCjnGYM.exe
  C:\Windows\System\lCjnGYM.exe
  2⤵
  PID:7460
- C:\Windows\System\VoBQtIR.exe
  C:\Windows\System\VoBQtIR.exe
  2⤵
  PID:7476
- C:\Windows\System\WyyrkuU.exe
  C:\Windows\System\WyyrkuU.exe
  2⤵
  PID:7516
- C:\Windows\System\wQZJpll.exe
  C:\Windows\System\wQZJpll.exe
  2⤵
  PID:7532
- C:\Windows\System\ZJkZZyv.exe
  C:\Windows\System\ZJkZZyv.exe
  2⤵
  PID:7548
- C:\Windows\System\EZBlmlb.exe
  C:\Windows\System\EZBlmlb.exe
  2⤵
  PID:7564
- C:\Windows\System\gGyyduk.exe
  C:\Windows\System\gGyyduk.exe
  2⤵
  PID:7584
- C:\Windows\System\yNZYlZb.exe
  C:\Windows\System\yNZYlZb.exe
  2⤵
  PID:7600
- C:\Windows\System\YLjsqVI.exe
  C:\Windows\System\YLjsqVI.exe
  2⤵
  PID:7616
- C:\Windows\System\RGYSegc.exe
  C:\Windows\System\RGYSegc.exe
  2⤵
  PID:7632
- C:\Windows\System\FRzONoU.exe
  C:\Windows\System\FRzONoU.exe
  2⤵
  PID:7648
- C:\Windows\System\NSnpQmx.exe
  C:\Windows\System\NSnpQmx.exe
  2⤵
  PID:7664
- C:\Windows\System\kboAKBW.exe
  C:\Windows\System\kboAKBW.exe
  2⤵
  PID:7684
- C:\Windows\System\PtWVEux.exe
  C:\Windows\System\PtWVEux.exe
  2⤵
  PID:7736
- C:\Windows\System\zmrTJwU.exe
  C:\Windows\System\zmrTJwU.exe
  2⤵
  PID:7752
- C:\Windows\System\jrTsXyE.exe
  C:\Windows\System\jrTsXyE.exe
  2⤵
  PID:7772
- C:\Windows\System\gQuZDab.exe
  C:\Windows\System\gQuZDab.exe
  2⤵
  PID:7788
- C:\Windows\System\SMeOueu.exe
  C:\Windows\System\SMeOueu.exe
  2⤵
  PID:7804
- C:\Windows\System\uCmcKIr.exe
  C:\Windows\System\uCmcKIr.exe
  2⤵
  PID:7820
- C:\Windows\System\mPqmKjj.exe
  C:\Windows\System\mPqmKjj.exe
  2⤵
  PID:7836
- C:\Windows\System\xKioacn.exe
  C:\Windows\System\xKioacn.exe
  2⤵
  PID:7852
- C:\Windows\System\egqkkeC.exe
  C:\Windows\System\egqkkeC.exe
  2⤵
  PID:7868
- C:\Windows\System\BvDBejr.exe
  C:\Windows\System\BvDBejr.exe
  2⤵
  PID:7884
- C:\Windows\System\MpYcSIM.exe
  C:\Windows\System\MpYcSIM.exe
  2⤵
  PID:7900
- C:\Windows\System\MbIXpPy.exe
  C:\Windows\System\MbIXpPy.exe
  2⤵
  PID:7916
- C:\Windows\System\xGQXdRJ.exe
  C:\Windows\System\xGQXdRJ.exe
  2⤵
  PID:7980
- C:\Windows\System\GOFUtxB.exe
  C:\Windows\System\GOFUtxB.exe
  2⤵
  PID:8000
- C:\Windows\System\sQMRGkx.exe
  C:\Windows\System\sQMRGkx.exe
  2⤵
  PID:8016
- C:\Windows\System\jBXkIiK.exe
  C:\Windows\System\jBXkIiK.exe
  2⤵
  PID:8032
- C:\Windows\System\OyJXTpG.exe
  C:\Windows\System\OyJXTpG.exe
  2⤵
  PID:8048
- C:\Windows\System\EAjZvVG.exe
  C:\Windows\System\EAjZvVG.exe
  2⤵
  PID:8068
- C:\Windows\System\eQEtaWv.exe
  C:\Windows\System\eQEtaWv.exe
  2⤵
  PID:8084
- C:\Windows\System\jjszcfU.exe
  C:\Windows\System\jjszcfU.exe
  2⤵
  PID:8104
- C:\Windows\System\xHwOIId.exe
  C:\Windows\System\xHwOIId.exe
  2⤵
  PID:8128
- C:\Windows\System\EJKmDeQ.exe
  C:\Windows\System\EJKmDeQ.exe
  2⤵
  PID:8144
- C:\Windows\System\QxUlWTF.exe
  C:\Windows\System\QxUlWTF.exe
  2⤵
  PID:8172
- C:\Windows\System\dcwqrVs.exe
  C:\Windows\System\dcwqrVs.exe
  2⤵
  PID:8188
- C:\Windows\System\ZyVdefV.exe
  C:\Windows\System\ZyVdefV.exe
  2⤵
  PID:6560
- C:\Windows\System\NMVKizx.exe
  C:\Windows\System\NMVKizx.exe
  2⤵
  PID:7076
- C:\Windows\System\HhVCpid.exe
  C:\Windows\System\HhVCpid.exe
  2⤵
  PID:7220
- C:\Windows\System\eCaNjDD.exe
  C:\Windows\System\eCaNjDD.exe
  2⤵
  PID:7244
- C:\Windows\System\BzenceJ.exe
  C:\Windows\System\BzenceJ.exe
  2⤵
  PID:7280
- C:\Windows\System\UVRJuAw.exe
  C:\Windows\System\UVRJuAw.exe
  2⤵
  PID:7320
- C:\Windows\System\GyHxGJz.exe
  C:\Windows\System\GyHxGJz.exe
  2⤵
  PID:7376
- C:\Windows\System\QIQUmAm.exe
  C:\Windows\System\QIQUmAm.exe
  2⤵
  PID:7416
- C:\Windows\System\cpMYRpC.exe
  C:\Windows\System\cpMYRpC.exe
  2⤵
  PID:7492
- C:\Windows\System\WAKfBSV.exe
  C:\Windows\System\WAKfBSV.exe
  2⤵
  PID:7356
- C:\Windows\System\icSjTgE.exe
  C:\Windows\System\icSjTgE.exe
  2⤵
  PID:7400
- C:\Windows\System\ApBplnT.exe
  C:\Windows\System\ApBplnT.exe
  2⤵
  PID:7524
- C:\Windows\System\fkVguiG.exe
  C:\Windows\System\fkVguiG.exe
  2⤵
  PID:7560
- C:\Windows\System\aLzQawu.exe
  C:\Windows\System\aLzQawu.exe
  2⤵
  PID:7580
- C:\Windows\System\MgguFXw.exe
  C:\Windows\System\MgguFXw.exe
  2⤵
  PID:7676
- C:\Windows\System\NkyewQB.exe
  C:\Windows\System\NkyewQB.exe
  2⤵
  PID:7624
- C:\Windows\System\AENAqlY.exe
  C:\Windows\System\AENAqlY.exe
  2⤵
  PID:7704
- C:\Windows\System\UCZkYgs.exe
  C:\Windows\System\UCZkYgs.exe
  2⤵
  PID:7720
- C:\Windows\System\Besjekc.exe
  C:\Windows\System\Besjekc.exe
  2⤵
  PID:7748
- C:\Windows\System\fDwoikD.exe
  C:\Windows\System\fDwoikD.exe
  2⤵
  PID:1784
- C:\Windows\System\BFNFSsd.exe
  C:\Windows\System\BFNFSsd.exe
  2⤵
  PID:7780
- C:\Windows\System\YIJjlAO.exe
  C:\Windows\System\YIJjlAO.exe
  2⤵
  PID:7844
- C:\Windows\System\RNMakpF.exe
  C:\Windows\System\RNMakpF.exe
  2⤵
  PID:7908
- C:\Windows\System\gHXUYpr.exe
  C:\Windows\System\gHXUYpr.exe
  2⤵
  PID:7892
- C:\Windows\System\ZMGhkDY.exe
  C:\Windows\System\ZMGhkDY.exe
  2⤵
  PID:7940
- C:\Windows\System\dhQAoYQ.exe
  C:\Windows\System\dhQAoYQ.exe
  2⤵
  PID:7960
- C:\Windows\System\pMKpiRU.exe
  C:\Windows\System\pMKpiRU.exe
  2⤵
  PID:7972
- C:\Windows\System\BdvPIaY.exe
  C:\Windows\System\BdvPIaY.exe
  2⤵
  PID:7992
- C:\Windows\System\zlhBRtP.exe
  C:\Windows\System\zlhBRtP.exe
  2⤵
  PID:8028
- C:\Windows\System\RHHTjSI.exe
  C:\Windows\System\RHHTjSI.exe
  2⤵
  PID:8096
- C:\Windows\System\oNdtqtK.exe
  C:\Windows\System\oNdtqtK.exe
  2⤵
  PID:8040
- C:\Windows\System\fmxCKrT.exe
  C:\Windows\System\fmxCKrT.exe
  2⤵
  PID:8152
- C:\Windows\System\SvwuZEp.exe
  C:\Windows\System\SvwuZEp.exe
  2⤵
  PID:8120
- C:\Windows\System\VoEeKvi.exe
  C:\Windows\System\VoEeKvi.exe
  2⤵
  PID:8112
- C:\Windows\System\wFgkglh.exe
  C:\Windows\System\wFgkglh.exe
  2⤵
  PID:7228
- C:\Windows\System\quwjAvn.exe
  C:\Windows\System\quwjAvn.exe
  2⤵
  PID:7176
- C:\Windows\System\xCvSEGu.exe
  C:\Windows\System\xCvSEGu.exe
  2⤵
  PID:7284
- C:\Windows\System\hrSgRnQ.exe
  C:\Windows\System\hrSgRnQ.exe
  2⤵
  PID:7436
- C:\Windows\System\DBUVWCY.exe
  C:\Windows\System\DBUVWCY.exe
  2⤵
  PID:7456
- C:\Windows\System\eUSNHQN.exe
  C:\Windows\System\eUSNHQN.exe
  2⤵
  PID:7540
- C:\Windows\System\eKphNfR.exe
  C:\Windows\System\eKphNfR.exe
  2⤵
  PID:7640
- C:\Windows\System\RPNNFme.exe
  C:\Windows\System\RPNNFme.exe
  2⤵
  PID:7696
- C:\Windows\System\gqrQhjY.exe
  C:\Windows\System\gqrQhjY.exe
  2⤵
  PID:7700
- C:\Windows\System\WXlzEhh.exe
  C:\Windows\System\WXlzEhh.exe
  2⤵
  PID:7812
- C:\Windows\System\pSwtZLY.exe
  C:\Windows\System\pSwtZLY.exe
  2⤵
  PID:8060
- C:\Windows\System\zebYWDe.exe
  C:\Windows\System\zebYWDe.exe
  2⤵
  PID:8064
- C:\Windows\System\xmOpYlo.exe
  C:\Windows\System\xmOpYlo.exe
  2⤵
  PID:8164
- C:\Windows\System\VjIORdL.exe
  C:\Windows\System\VjIORdL.exe
  2⤵
  PID:5844
- C:\Windows\System\FSoXQmC.exe
  C:\Windows\System\FSoXQmC.exe
  2⤵
  PID:7412
- C:\Windows\System\tmiwPRo.exe
  C:\Windows\System\tmiwPRo.exe
  2⤵
  PID:7500
- C:\Windows\System\peBCzBn.exe
  C:\Windows\System\peBCzBn.exe
  2⤵
  PID:7832
- C:\Windows\System\lMqlUXA.exe
  C:\Windows\System\lMqlUXA.exe
  2⤵
  PID:7936
- C:\Windows\System\eXCqKJQ.exe
  C:\Windows\System\eXCqKJQ.exe
  2⤵
  PID:8180
- C:\Windows\System\rCncMZf.exe
  C:\Windows\System\rCncMZf.exe
  2⤵
  PID:5884
- C:\Windows\System\cpUklqP.exe
  C:\Windows\System\cpUklqP.exe
  2⤵
  PID:7328
- C:\Windows\System\pfLjjie.exe
  C:\Windows\System\pfLjjie.exe
  2⤵
  PID:7572
- C:\Windows\System\rkVxAzV.exe
  C:\Windows\System\rkVxAzV.exe
  2⤵
  PID:7556
- C:\Windows\System\XxYcXLe.exe
  C:\Windows\System\XxYcXLe.exe
  2⤵
  PID:7712
- C:\Windows\System\CWRxRMH.exe
  C:\Windows\System\CWRxRMH.exe
  2⤵
  PID:7768
- C:\Windows\System\Dtwrqtu.exe
  C:\Windows\System\Dtwrqtu.exe
  2⤵
  PID:6180
- C:\Windows\System\JbzFXpq.exe
  C:\Windows\System\JbzFXpq.exe
  2⤵
  PID:8184
- C:\Windows\System\xetcFGQ.exe
  C:\Windows\System\xetcFGQ.exe
  2⤵
  PID:5000
- C:\Windows\System\BVQxAKk.exe
  C:\Windows\System\BVQxAKk.exe
  2⤵
  PID:8076
- C:\Windows\System\fSRLGYK.exe
  C:\Windows\System\fSRLGYK.exe
  2⤵
  PID:7396
- C:\Windows\System\HetwjNK.exe
  C:\Windows\System\HetwjNK.exe
  2⤵
  PID:7660
- C:\Windows\System\xbWNiyD.exe
  C:\Windows\System\xbWNiyD.exe
  2⤵
  PID:7732
- C:\Windows\System\GATsWnr.exe
  C:\Windows\System\GATsWnr.exe
  2⤵
  PID:7860
- C:\Windows\System\DGmzqLq.exe
  C:\Windows\System\DGmzqLq.exe
  2⤵
  PID:7504
- C:\Windows\System\JJhMKGg.exe
  C:\Windows\System\JJhMKGg.exe
  2⤵
  PID:8012
- C:\Windows\System\ocsGbZe.exe
  C:\Windows\System\ocsGbZe.exe
  2⤵
  PID:7188
- C:\Windows\System\TWOJoiu.exe
  C:\Windows\System\TWOJoiu.exe
  2⤵
  PID:7344
- C:\Windows\System\PoEriog.exe
  C:\Windows\System\PoEriog.exe
  2⤵
  PID:7120
- C:\Windows\System\FvGbgXa.exe
  C:\Windows\System\FvGbgXa.exe
  2⤵
  PID:8216
- C:\Windows\System\dzkdPQq.exe
  C:\Windows\System\dzkdPQq.exe
  2⤵
  PID:8232
- C:\Windows\System\vYBORrF.exe
  C:\Windows\System\vYBORrF.exe
  2⤵
  PID:8256
- C:\Windows\System\NvBHUpL.exe
  C:\Windows\System\NvBHUpL.exe
  2⤵
  PID:8276
- C:\Windows\System\jBtszcY.exe
  C:\Windows\System\jBtszcY.exe
  2⤵
  PID:8296
- C:\Windows\System\MXJaRwQ.exe
  C:\Windows\System\MXJaRwQ.exe
  2⤵
  PID:8312
- C:\Windows\System\oSqKlpv.exe
  C:\Windows\System\oSqKlpv.exe
  2⤵
  PID:8328
- C:\Windows\System\ZmXEsYi.exe
  C:\Windows\System\ZmXEsYi.exe
  2⤵
  PID:8344
- C:\Windows\System\jUcUqZH.exe
  C:\Windows\System\jUcUqZH.exe
  2⤵
  PID:8372
- C:\Windows\System\GimdJAt.exe
  C:\Windows\System\GimdJAt.exe
  2⤵
  PID:8388
- C:\Windows\System\YGnSuqW.exe
  C:\Windows\System\YGnSuqW.exe
  2⤵
  PID:8408
- C:\Windows\System\WUtxpll.exe
  C:\Windows\System\WUtxpll.exe
  2⤵
  PID:8432
- C:\Windows\System\GUjYbKW.exe
  C:\Windows\System\GUjYbKW.exe
  2⤵
  PID:8452
- C:\Windows\System\pQjPFEA.exe
  C:\Windows\System\pQjPFEA.exe
  2⤵
  PID:8468
- C:\Windows\System\kSAoaoD.exe
  C:\Windows\System\kSAoaoD.exe
  2⤵
  PID:8512
- C:\Windows\System\bEhlOta.exe
  C:\Windows\System\bEhlOta.exe
  2⤵
  PID:8528
- C:\Windows\System\FHxupHn.exe
  C:\Windows\System\FHxupHn.exe
  2⤵
  PID:8544
- C:\Windows\System\tArARaq.exe
  C:\Windows\System\tArARaq.exe
  2⤵
  PID:8576
- C:\Windows\System\MsPhxdM.exe
  C:\Windows\System\MsPhxdM.exe
  2⤵
  PID:8592
- C:\Windows\System\WskIgIR.exe
  C:\Windows\System\WskIgIR.exe
  2⤵
  PID:8612
- C:\Windows\System\RRpeGSo.exe
  C:\Windows\System\RRpeGSo.exe
  2⤵
  PID:8640
- C:\Windows\System\kDYXEiP.exe
  C:\Windows\System\kDYXEiP.exe
  2⤵
  PID:8656
- C:\Windows\System\mXGqZDf.exe
  C:\Windows\System\mXGqZDf.exe
  2⤵
  PID:8672
- C:\Windows\System\ISpnVZe.exe
  C:\Windows\System\ISpnVZe.exe
  2⤵
  PID:8688
- C:\Windows\System\kRgVomE.exe
  C:\Windows\System\kRgVomE.exe
  2⤵
  PID:8708
- C:\Windows\System\QDZTxnM.exe
  C:\Windows\System\QDZTxnM.exe
  2⤵
  PID:8728
- C:\Windows\System\JMsYAXu.exe
  C:\Windows\System\JMsYAXu.exe
  2⤵
  PID:8760
- C:\Windows\System\BfTcKDC.exe
  C:\Windows\System\BfTcKDC.exe
  2⤵
  PID:8776
- C:\Windows\System\RxeTmkP.exe
  C:\Windows\System\RxeTmkP.exe
  2⤵
  PID:8792
- C:\Windows\System\ZUtNeaq.exe
  C:\Windows\System\ZUtNeaq.exe
  2⤵
  PID:8808
- C:\Windows\System\KyeUvFn.exe
  C:\Windows\System\KyeUvFn.exe
  2⤵
  PID:8824
- C:\Windows\System\TMACGcm.exe
  C:\Windows\System\TMACGcm.exe
  2⤵
  PID:8852
- C:\Windows\System\JwriMHW.exe
  C:\Windows\System\JwriMHW.exe
  2⤵
  PID:8868
- C:\Windows\System\UAVsBvZ.exe
  C:\Windows\System\UAVsBvZ.exe
  2⤵
  PID:8884
- C:\Windows\System\sDaPntO.exe
  C:\Windows\System\sDaPntO.exe
  2⤵
  PID:8900
- C:\Windows\System\sPexgvH.exe
  C:\Windows\System\sPexgvH.exe
  2⤵
  PID:8920
- C:\Windows\System\DGCzZWB.exe
  C:\Windows\System\DGCzZWB.exe
  2⤵
  PID:8936
- C:\Windows\System\XFDUDrE.exe
  C:\Windows\System\XFDUDrE.exe
  2⤵
  PID:8956
- C:\Windows\System\hOtKaSV.exe
  C:\Windows\System\hOtKaSV.exe
  2⤵
  PID:8980
- C:\Windows\System\JudUZwB.exe
  C:\Windows\System\JudUZwB.exe
  2⤵
  PID:8996
- C:\Windows\System\EsZLWcT.exe
  C:\Windows\System\EsZLWcT.exe
  2⤵
  PID:9016
- C:\Windows\System\GSbYLbV.exe
  C:\Windows\System\GSbYLbV.exe
  2⤵
  PID:9036
- C:\Windows\System\OmuoaTs.exe
  C:\Windows\System\OmuoaTs.exe
  2⤵
  PID:9068
- C:\Windows\System\OiRwThe.exe
  C:\Windows\System\OiRwThe.exe
  2⤵
  PID:9088
- C:\Windows\System\bwcGMKq.exe
  C:\Windows\System\bwcGMKq.exe
  2⤵
  PID:9104
- C:\Windows\System\fAtMAbX.exe
  C:\Windows\System\fAtMAbX.exe
  2⤵
  PID:9136
- C:\Windows\System\NXjdrem.exe
  C:\Windows\System\NXjdrem.exe
  2⤵
  PID:9156
- C:\Windows\System\yLiCwXg.exe
  C:\Windows\System\yLiCwXg.exe
  2⤵
  PID:9172
- C:\Windows\System\dnDhkJp.exe
  C:\Windows\System\dnDhkJp.exe
  2⤵
  PID:9204
- C:\Windows\System\DnAImtr.exe
  C:\Windows\System\DnAImtr.exe
  2⤵
  PID:8224
- C:\Windows\System\hXxpVqk.exe
  C:\Windows\System\hXxpVqk.exe
  2⤵
  PID:7956
- C:\Windows\System\cvXdQuo.exe
  C:\Windows\System\cvXdQuo.exe
  2⤵
  PID:7864
- C:\Windows\System\Qjdbbat.exe
  C:\Windows\System\Qjdbbat.exe
  2⤵
  PID:7592
- C:\Windows\System\ZpsiInS.exe
  C:\Windows\System\ZpsiInS.exe
  2⤵
  PID:8200
- C:\Windows\System\zZLPJTH.exe
  C:\Windows\System\zZLPJTH.exe
  2⤵
  PID:8284
- C:\Windows\System\bYGTpht.exe
  C:\Windows\System\bYGTpht.exe
  2⤵
  PID:8340
- C:\Windows\System\WTDHvea.exe
  C:\Windows\System\WTDHvea.exe
  2⤵
  PID:8364
- C:\Windows\System\OmBlCfR.exe
  C:\Windows\System\OmBlCfR.exe
  2⤵
  PID:8400
- C:\Windows\System\VSoudoO.exe
  C:\Windows\System\VSoudoO.exe
  2⤵
  PID:8464
- C:\Windows\System\VjkTfZN.exe
  C:\Windows\System\VjkTfZN.exe
  2⤵
  PID:8476
- C:\Windows\System\ENFAJTa.exe
  C:\Windows\System\ENFAJTa.exe
  2⤵
  PID:8488
- C:\Windows\System\nujjtbF.exe
  C:\Windows\System\nujjtbF.exe
  2⤵
  PID:8520
- C:\Windows\System\tfEuIuh.exe
  C:\Windows\System\tfEuIuh.exe
  2⤵
  PID:8552
- C:\Windows\System\mPcJjAE.exe
  C:\Windows\System\mPcJjAE.exe
  2⤵
  PID:8588
- C:\Windows\System\TtbTzIT.exe
  C:\Windows\System\TtbTzIT.exe
  2⤵
  PID:8620
- C:\Windows\System\MrJRbUD.exe
  C:\Windows\System\MrJRbUD.exe
  2⤵
  PID:8648
- C:\Windows\System\WrlZMrY.exe
  C:\Windows\System\WrlZMrY.exe
  2⤵
  PID:8720
- C:\Windows\System\wpkSRrX.exe
  C:\Windows\System\wpkSRrX.exe
  2⤵
  PID:8704
- C:\Windows\System\bxOFqSo.exe
  C:\Windows\System\bxOFqSo.exe
  2⤵
  PID:8752
- C:\Windows\System\qJwEUER.exe
  C:\Windows\System\qJwEUER.exe
  2⤵
  PID:8772
- C:\Windows\System\lEekEpy.exe
  C:\Windows\System\lEekEpy.exe
  2⤵
  PID:8804
- C:\Windows\System\gXlJwYp.exe
  C:\Windows\System\gXlJwYp.exe
  2⤵
  PID:8848
- C:\Windows\System\kdmZGyh.exe
  C:\Windows\System\kdmZGyh.exe
  2⤵
  PID:8992
- C:\Windows\System\ammgVuq.exe
  C:\Windows\System\ammgVuq.exe
  2⤵
  PID:8816
- C:\Windows\System\PVeunxe.exe
  C:\Windows\System\PVeunxe.exe
  2⤵
  PID:9112
- C:\Windows\System\COYDHgX.exe
  C:\Windows\System\COYDHgX.exe
  2⤵
  PID:8820
- C:\Windows\System\imNDxNp.exe
  C:\Windows\System\imNDxNp.exe
  2⤵
  PID:8964
- C:\Windows\System\ZQKDyQV.exe
  C:\Windows\System\ZQKDyQV.exe
  2⤵
  PID:9008
- C:\Windows\System\cgSLria.exe
  C:\Windows\System\cgSLria.exe
  2⤵
  PID:9052
- C:\Windows\System\xMrVdLL.exe
  C:\Windows\System\xMrVdLL.exe
  2⤵
  PID:9064
- C:\Windows\System\FCmQkFa.exe
  C:\Windows\System\FCmQkFa.exe
  2⤵
  PID:9152
- C:\Windows\System\eQLhizt.exe
  C:\Windows\System\eQLhizt.exe
  2⤵
  PID:9184
- C:\Windows\System\zKXVleT.exe
  C:\Windows\System\zKXVleT.exe
  2⤵
  PID:8136
- C:\Windows\System\AAkrzIZ.exe
  C:\Windows\System\AAkrzIZ.exe
  2⤵
  PID:8208
- C:\Windows\System\OEyyFDK.exe
  C:\Windows\System\OEyyFDK.exe
  2⤵
  PID:8292
- C:\Windows\System\pClmKXI.exe
  C:\Windows\System\pClmKXI.exe
  2⤵
  PID:8240
- C:\Windows\System\gmmtIEw.exe
  C:\Windows\System\gmmtIEw.exe
  2⤵
  PID:8396
- C:\Windows\System\ocajJjb.exe
  C:\Windows\System\ocajJjb.exe
  2⤵
  PID:8352
- C:\Windows\System\YcHiWWy.exe
  C:\Windows\System\YcHiWWy.exe
  2⤵
  PID:8448
- C:\Windows\System\PePzIZW.exe
  C:\Windows\System\PePzIZW.exe
  2⤵
  PID:8504
- C:\Windows\System\dunPdYE.exe
  C:\Windows\System\dunPdYE.exe
  2⤵
  PID:8584
- C:\Windows\System\uAUnQqV.exe
  C:\Windows\System\uAUnQqV.exe
  2⤵
  PID:8628
- C:\Windows\System\XeJvlDx.exe
  C:\Windows\System\XeJvlDx.exe
  2⤵
  PID:8756
- C:\Windows\System\XftqAOL.exe
  C:\Windows\System\XftqAOL.exe
  2⤵
  PID:8668
- C:\Windows\System\mvvrfGv.exe
  C:\Windows\System\mvvrfGv.exe
  2⤵
  PID:8840
- C:\Windows\System\LKuCBYC.exe
  C:\Windows\System\LKuCBYC.exe
  2⤵
  PID:8944
- C:\Windows\System\WvSFuGu.exe
  C:\Windows\System\WvSFuGu.exe
  2⤵
  PID:8988
- C:\Windows\System\szicXas.exe
  C:\Windows\System\szicXas.exe
  2⤵
  PID:9080
- C:\Windows\System\QnyVrri.exe
  C:\Windows\System\QnyVrri.exe
  2⤵
  PID:9132
- C:\Windows\System\PsOGXMO.exe
  C:\Windows\System\PsOGXMO.exe
  2⤵
  PID:9048
- C:\Windows\System\YxhFGdg.exe
  C:\Windows\System\YxhFGdg.exe
  2⤵
  PID:9180
- C:\Windows\System\OCIPhHL.exe
  C:\Windows\System\OCIPhHL.exe
  2⤵
  PID:9100
- C:\Windows\System\LvCMiFK.exe
  C:\Windows\System\LvCMiFK.exe
  2⤵
  PID:9192
- C:\Windows\System\UsDVqKa.exe
  C:\Windows\System\UsDVqKa.exe
  2⤵
  PID:9164
- C:\Windows\System\lHrZHNr.exe
  C:\Windows\System\lHrZHNr.exe
  2⤵
  PID:8384
- C:\Windows\System\YKlpviC.exe
  C:\Windows\System\YKlpviC.exe
  2⤵
  PID:8500
- C:\Windows\System\qYstBWT.exe
  C:\Windows\System\qYstBWT.exe
  2⤵
  PID:8460
- C:\Windows\System\BAjtRak.exe
  C:\Windows\System\BAjtRak.exe
  2⤵
  PID:8608
- C:\Windows\System\ObuhOzi.exe
  C:\Windows\System\ObuhOzi.exe
  2⤵
  PID:8684
- C:\Windows\System\KJgICJp.exe
  C:\Windows\System\KJgICJp.exe
  2⤵
  PID:8768
- C:\Windows\System\URIbfZc.exe
  C:\Windows\System\URIbfZc.exe
  2⤵
  PID:9028
- C:\Windows\System\ymXEVIQ.exe
  C:\Windows\System\ymXEVIQ.exe
  2⤵
  PID:9084
- C:\Windows\System\VznjrRE.exe
  C:\Windows\System\VznjrRE.exe
  2⤵
  PID:9060
- C:\Windows\System\IRViUJo.exe
  C:\Windows\System\IRViUJo.exe
  2⤵
  PID:8268
- C:\Windows\System\rrmNOoU.exe
  C:\Windows\System\rrmNOoU.exe
  2⤵
  PID:9200
- C:\Windows\System\vBUBlSD.exe
  C:\Windows\System\vBUBlSD.exe
  2⤵
  PID:8252
- C:\Windows\System\noTRcgL.exe
  C:\Windows\System\noTRcgL.exe
  2⤵
  PID:8428
- C:\Windows\System\ADzMJwa.exe
  C:\Windows\System\ADzMJwa.exe
  2⤵
  PID:8416
- C:\Windows\System\RarfSPu.exe
  C:\Windows\System\RarfSPu.exe
  2⤵
  PID:8744
- C:\Windows\System\jMXfWxv.exe
  C:\Windows\System\jMXfWxv.exe
  2⤵
  PID:8948
- C:\Windows\System\GIzVLRX.exe
  C:\Windows\System\GIzVLRX.exe
  2⤵
  PID:8976
- C:\Windows\System\ghXDwKf.exe
  C:\Windows\System\ghXDwKf.exe
  2⤵
  PID:8572
- C:\Windows\System\izpjdWA.exe
  C:\Windows\System\izpjdWA.exe
  2⤵
  PID:8600
- C:\Windows\System\gpEIkxA.exe
  C:\Windows\System\gpEIkxA.exe
  2⤵
  PID:8952
- C:\Windows\System\aswIJwx.exe
  C:\Windows\System\aswIJwx.exe
  2⤵
  PID:8892
- C:\Windows\System\pSGQPdT.exe
  C:\Windows\System\pSGQPdT.exe
  2⤵
  PID:8264
- C:\Windows\System\XobMgNt.exe
  C:\Windows\System\XobMgNt.exe
  2⤵
  PID:8880
- C:\Windows\System\vQkHNsv.exe
  C:\Windows\System\vQkHNsv.exe
  2⤵
  PID:7364
- C:\Windows\System\LAlZloP.exe
  C:\Windows\System\LAlZloP.exe
  2⤵
  PID:8896
- C:\Windows\System\JQsujOs.exe
  C:\Windows\System\JQsujOs.exe
  2⤵
  PID:8916
- C:\Windows\System\JQlzsIp.exe
  C:\Windows\System\JQlzsIp.exe
  2⤵
  PID:8564
- C:\Windows\System\MIIAqbv.exe
  C:\Windows\System\MIIAqbv.exe
  2⤵
  PID:9236
- C:\Windows\System\pvStxlG.exe
  C:\Windows\System\pvStxlG.exe
  2⤵
  PID:9252
- C:\Windows\System\uhDBVEz.exe
  C:\Windows\System\uhDBVEz.exe
  2⤵
  PID:9276
- C:\Windows\System\zrEDaDp.exe
  C:\Windows\System\zrEDaDp.exe
  2⤵
  PID:9296
- C:\Windows\System\Lbjqalv.exe
  C:\Windows\System\Lbjqalv.exe
  2⤵
  PID:9312
- C:\Windows\System\hqpUleE.exe
  C:\Windows\System\hqpUleE.exe
  2⤵
  PID:9336
- C:\Windows\System\OvIsAzz.exe
  C:\Windows\System\OvIsAzz.exe
  2⤵
  PID:9352
- C:\Windows\System\EOONtYY.exe
  C:\Windows\System\EOONtYY.exe
  2⤵
  PID:9368
- C:\Windows\System\PYMOtuF.exe
  C:\Windows\System\PYMOtuF.exe
  2⤵
  PID:9384
- C:\Windows\System\RPjmwlK.exe
  C:\Windows\System\RPjmwlK.exe
  2⤵
  PID:9412
- C:\Windows\System\oysTsEE.exe
  C:\Windows\System\oysTsEE.exe
  2⤵
  PID:9432
- C:\Windows\System\laqEcKo.exe
  C:\Windows\System\laqEcKo.exe
  2⤵
  PID:9448
- C:\Windows\System\rKZNVoe.exe
  C:\Windows\System\rKZNVoe.exe
  2⤵
  PID:9472
- C:\Windows\System\TOBNjje.exe
  C:\Windows\System\TOBNjje.exe
  2⤵
  PID:9488
- C:\Windows\System\nlCAmSA.exe
  C:\Windows\System\nlCAmSA.exe
  2⤵
  PID:9516
- C:\Windows\System\AXckTeT.exe
  C:\Windows\System\AXckTeT.exe
  2⤵
  PID:9548
- C:\Windows\System\LlGQWfd.exe
  C:\Windows\System\LlGQWfd.exe
  2⤵
  PID:9568
- C:\Windows\System\CFKGZaT.exe
  C:\Windows\System\CFKGZaT.exe
  2⤵
  PID:9584
- C:\Windows\System\pbGKBtz.exe
  C:\Windows\System\pbGKBtz.exe
  2⤵
  PID:9600
- C:\Windows\System\HBjNOrN.exe
  C:\Windows\System\HBjNOrN.exe
  2⤵
  PID:9624
- C:\Windows\System\POjDaHK.exe
  C:\Windows\System\POjDaHK.exe
  2⤵
  PID:9644
- C:\Windows\System\UvJsedt.exe
  C:\Windows\System\UvJsedt.exe
  2⤵
  PID:9660
- C:\Windows\System\UmkjWOw.exe
  C:\Windows\System\UmkjWOw.exe
  2⤵
  PID:9680
- C:\Windows\System\MaLuMKN.exe
  C:\Windows\System\MaLuMKN.exe
  2⤵
  PID:9704
- C:\Windows\System\zFIHUkA.exe
  C:\Windows\System\zFIHUkA.exe
  2⤵
  PID:9724
- C:\Windows\System\ZeUGWfG.exe
  C:\Windows\System\ZeUGWfG.exe
  2⤵
  PID:9744
- C:\Windows\System\hxwybHV.exe
  C:\Windows\System\hxwybHV.exe
  2⤵
  PID:9764
- C:\Windows\System\gERByam.exe
  C:\Windows\System\gERByam.exe
  2⤵
  PID:9784
- C:\Windows\System\uaIOCFz.exe
  C:\Windows\System\uaIOCFz.exe
  2⤵
  PID:9804
- C:\Windows\System\cSgmUTa.exe
  C:\Windows\System\cSgmUTa.exe
  2⤵
  PID:9824
- C:\Windows\System\dpHXlcz.exe
  C:\Windows\System\dpHXlcz.exe
  2⤵
  PID:9844
- C:\Windows\System\WOCXkuw.exe
  C:\Windows\System\WOCXkuw.exe
  2⤵
  PID:9864
- C:\Windows\System\AxXkerg.exe
  C:\Windows\System\AxXkerg.exe
  2⤵
  PID:9888
- C:\Windows\System\jLjDoMR.exe
  C:\Windows\System\jLjDoMR.exe
  2⤵
  PID:9908
- C:\Windows\System\kmKSocp.exe
  C:\Windows\System\kmKSocp.exe
  2⤵
  PID:9924
- C:\Windows\System\uZaYCHH.exe
  C:\Windows\System\uZaYCHH.exe
  2⤵
  PID:9944
- C:\Windows\System\ipZaFOE.exe
  C:\Windows\System\ipZaFOE.exe
  2⤵
  PID:9972
- C:\Windows\System\PrUdkBA.exe
  C:\Windows\System\PrUdkBA.exe
  2⤵
  PID:9988
- C:\Windows\System\TMDoqBj.exe
  C:\Windows\System\TMDoqBj.exe
  2⤵
  PID:10004
- C:\Windows\System\pwJSaGk.exe
  C:\Windows\System\pwJSaGk.exe
  2⤵
  PID:10024
- C:\Windows\System\dfjXWpC.exe
  C:\Windows\System\dfjXWpC.exe
  2⤵
  PID:10040
- C:\Windows\System\JVwvSJg.exe
  C:\Windows\System\JVwvSJg.exe
  2⤵
  PID:10056
- C:\Windows\System\hUGbkYx.exe
  C:\Windows\System\hUGbkYx.exe
  2⤵
  PID:10088
- C:\Windows\System\bcsvXni.exe
  C:\Windows\System\bcsvXni.exe
  2⤵
  PID:10104
- C:\Windows\System\ZLzWIDa.exe
  C:\Windows\System\ZLzWIDa.exe
  2⤵
  PID:10120
- C:\Windows\System\dsZKFDs.exe
  C:\Windows\System\dsZKFDs.exe
  2⤵
  PID:10148
- C:\Windows\System\PMpaifV.exe
  C:\Windows\System\PMpaifV.exe
  2⤵
  PID:10168
- C:\Windows\System\AdnAosi.exe
  C:\Windows\System\AdnAosi.exe
  2⤵
  PID:10188
- C:\Windows\System\DEjDFsx.exe
  C:\Windows\System\DEjDFsx.exe
  2⤵
  PID:10208
- C:\Windows\System\NEmfbfe.exe
  C:\Windows\System\NEmfbfe.exe
  2⤵
  PID:10224
- C:\Windows\System\CXehuqY.exe
  C:\Windows\System\CXehuqY.exe
  2⤵
  PID:9224
- C:\Windows\System\pUCYlWi.exe
  C:\Windows\System\pUCYlWi.exe
  2⤵
  PID:9248
- C:\Windows\System\FWILXLz.exe
  C:\Windows\System\FWILXLz.exe
  2⤵
  PID:9288
- C:\Windows\System\HutAFcQ.exe
  C:\Windows\System\HutAFcQ.exe
  2⤵
  PID:9324
- C:\Windows\System\DOGvWoF.exe
  C:\Windows\System\DOGvWoF.exe
  2⤵
  PID:9364
- C:\Windows\System\zyXMmxg.exe
  C:\Windows\System\zyXMmxg.exe
  2⤵
  PID:9400
- C:\Windows\System\MTbHIQP.exe
  C:\Windows\System\MTbHIQP.exe
  2⤵
  PID:9428
- C:\Windows\System\ElzneGn.exe
  C:\Windows\System\ElzneGn.exe
  2⤵
  PID:9464
- C:\Windows\System\uxWEXIK.exe
  C:\Windows\System\uxWEXIK.exe
  2⤵
  PID:9500
- C:\Windows\System\zONdGWY.exe
  C:\Windows\System\zONdGWY.exe
  2⤵
  PID:9484
- C:\Windows\System\MkkBESH.exe
  C:\Windows\System\MkkBESH.exe
  2⤵
  PID:9536
- C:\Windows\System\fsmYyao.exe
  C:\Windows\System\fsmYyao.exe
  2⤵
  PID:9564
- C:\Windows\System\bVRtrPF.exe
  C:\Windows\System\bVRtrPF.exe
  2⤵
  PID:9596
- C:\Windows\System\rIFpBOo.exe
  C:\Windows\System\rIFpBOo.exe
  2⤵
  PID:9620
- C:\Windows\System\VXTyuiU.exe
  C:\Windows\System\VXTyuiU.exe
  2⤵
  PID:9712
- C:\Windows\System\nEbAydC.exe
  C:\Windows\System\nEbAydC.exe
  2⤵
  PID:9732
- C:\Windows\System\WEDGCiE.exe
  C:\Windows\System\WEDGCiE.exe
  2⤵
  PID:9756
- C:\Windows\System\GnwbHJM.exe
  C:\Windows\System\GnwbHJM.exe
  2⤵
  PID:9800
- C:\Windows\System\cJNrpbe.exe
  C:\Windows\System\cJNrpbe.exe
  2⤵
  PID:9820
- C:\Windows\System\zYXIMNf.exe
  C:\Windows\System\zYXIMNf.exe
  2⤵
  PID:9836
- C:\Windows\System\IccOXDp.exe
  C:\Windows\System\IccOXDp.exe
  2⤵
  PID:9872
- C:\Windows\System\tqNwkcA.exe
  C:\Windows\System\tqNwkcA.exe
  2⤵
  PID:9896
- C:\Windows\System\mLUsdnn.exe
  C:\Windows\System\mLUsdnn.exe
  2⤵
  PID:9952
- C:\Windows\System\jShUBxB.exe
  C:\Windows\System\jShUBxB.exe
  2⤵
  PID:9940
- C:\Windows\System\dzGSrBO.exe
  C:\Windows\System\dzGSrBO.exe
  2⤵
  PID:9980
- C:\Windows\System\LRlfHhT.exe
  C:\Windows\System\LRlfHhT.exe
  2⤵
  PID:10036
- C:\Windows\System\PiLlLbj.exe
  C:\Windows\System\PiLlLbj.exe
  2⤵
  PID:10080
- C:\Windows\System\SvGiBrt.exe
  C:\Windows\System\SvGiBrt.exe
  2⤵
  PID:10016
- C:\Windows\System\PWSgtUr.exe
  C:\Windows\System\PWSgtUr.exe
  2⤵
  PID:10052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CJqUmTM.exe

Filesize
6.0MB

MD5
dcab4a519c33f95226a657a055cd3b6b

SHA1
1bbb1ac19545438bfda355f45e56818b6559b5bf

SHA256
a598a2aaceba6ecd5e74627b80aa562782de00cf2fb36f5c4311c7c9414baec7

SHA512
7fa424f2f3564bac84f626f7846baf14b2bae3fb1387385e47b58cb21e9c2ce72fcd08e8a39418d31441ec92ff440a05de72ff494020342f80ace0980b1e13ac

Download Submit
C:\Windows\system\FSjhiQZ.exe

Filesize
6.0MB

MD5
bb9b22b49bb59b91245233845f04ec1f

SHA1
272956fa2519685cc20e772e0071b73c89471a23

SHA256
5aa23b9bf37065f24f08d3f474a5136fb1596c5966156074b48da927f8f44200

SHA512
d2397cbe2d318b21840bf545e25231152fd8be145066dc455dbd8f51a73c9aebcfe4d2f536e3f2f90bf3a849128f8994b906d9c244ee3288b1d59bf169faf8bc

Download Submit
C:\Windows\system\FVHxiCi.exe

Filesize
6.0MB

MD5
5d730c3f367a243a8303953d586a7de7

SHA1
79b48a41c25769cfaeca33500bf39df8a158cb7a

SHA256
5f2b207ba6d3dc0fe85fc3273c5b01ba07b15d402a60aafb398a091b5887b33b

SHA512
e10837298dc7d0ff98f97ea49d1fe65590770d2362bcf89f12b386e78080cc61c0ca2008c1369a0320ebd2ce43f24824114ed13c3bd2ba026a4509e9a00bc2a7

Download Submit
C:\Windows\system\OKUnYcY.exe

Filesize
6.0MB

MD5
a17e506a7c20b3d12f60c3f527141db3

SHA1
bbc8c27dc81c5acc20f92e45e41da58a10015acb

SHA256
ec08aa47b91bdccf5b75c88b8884129b875fc11673641e888faa5c2da1bc2878

SHA512
dab4eab57d8b153cf97748b7b34ae8e583c19a209dd88bc75521a7c5a437ac61cd794750f098ac3c42d385eac69f43bb92e591a2d5061040e8edf894238b247e

Download Submit
C:\Windows\system\QOSEAxV.exe

Filesize
6.0MB

MD5
943865d6ca4f8833223e86c2c0bb5657

SHA1
9cdbc99281f22a0bd60ab0086cfb6dad3e9ad262

SHA256
5c2849790263bc602f48565b2dda68a1b1e837a169a0bee46c8255239ede58e6

SHA512
58ae0caef101d71704dea9ef84d5fa98f603c4daa5369a8ce40f8d83e875c80a7d5df345382742e3dbce6c8cd12d4c2d8d8f3262c09283a301350b0cb4f01fc9

Download Submit
C:\Windows\system\RnLdQjt.exe

Filesize
6.0MB

MD5
8a33ffbc5ec62627b33d257d3a732815

SHA1
502a090ae47fa699748a63148dbd47a2edb11511

SHA256
8624d0ec3c21ed35a569ac58a16488c583ef8ce93a5eb2cd0b899abe53b0ba47

SHA512
882c56a43b6f4617974335de2132c97fdd5aeecdd2d37280e6d97e4a644142730c38592c9d2ffc3a5aba212eb0741a2ce720abc88bca5d88372e6259b3e73990

Download Submit
C:\Windows\system\TqHSzAI.exe

Filesize
6.0MB

MD5
3fd3f798069591f2b511413c9fece59a

SHA1
afc2c73603724dc65880d1619c05121886400931

SHA256
64a1d30c8b459f953424bcc460443d02d8277cabaed979bb5566a684e490cfa7

SHA512
fc4d19955ccb73bb5e89c250c79f114caf0db01de5cbc4fd28a414a6f7562c39f1d4b645dee4ed1305c01d7bd59a44fd3a7bb1dc7814d5fc68a7a4ed91f9b530

Download Submit
C:\Windows\system\UQHEIaa.exe

Filesize
6.0MB

MD5
09e73c2e36dd954b93d4ab4df9710cad

SHA1
006a6f3524dcaa16a1754c8fb856fec52bc81347

SHA256
ff7940fe6af4e56dec42755b41fbe50807091e421d27419b3ff9151ee179fe54

SHA512
21b537cf8a74f7cd944bb99587e83f26bdedc74c27c4c84e1a5b27ea1007d5ae2de694051aa95153d915bc468968cbdef1992c12f206ed6adf39dc6da3bdf075

Download Submit
C:\Windows\system\WozlNuB.exe

Filesize
6.0MB

MD5
0eea165dfd823f4ee73646b7da2c162f

SHA1
2f103a6ab32ca5d598218e5306b21a6764ef402e

SHA256
b7e8daaef1beac79176f44c2880c15ac05573a885761b012261fc85f0dd3c892

SHA512
d04b12d9a9b20d23e7c6935a20056bd84ba9b181517633ebe9ad1c87101cd3d30497680b27cb6fddbe5f49455985d0c25780452f6c916657c45276f9c8f7184e

Download Submit
C:\Windows\system\ZeOxnNS.exe

Filesize
6.0MB

MD5
6263604cb61b00262d8e8cbe02c13d4a

SHA1
fe6add2f66e2919cb1001a1bcbebc04457a95372

SHA256
b5fa852a47b0c466ce5217623509c20d759276423159b21e95c9cd4877939c1b

SHA512
75691678c303ea0a2a178bb2fe276ce8edf692d5a6751e0dbb04c94f08bd7f1afb8b249431d08d956f213993eb83eca13e76a511767d381fb33c9ef4c6eb3b8c

Download Submit
C:\Windows\system\ZrzvwZt.exe

Filesize
6.0MB

MD5
d9a6096130ad37672bc715c92a19b1f3

SHA1
21887b3425f692c658b8f7b996b264d0aca95ef0

SHA256
f87adca608efba9ac138fcce4333e07dc069c5772265f79aac768bab1ec914ba

SHA512
435b6f26547ae3af18ecb90a784a8e7274f1d306605abce055ef4d56c29baed63ff317e0e44e7d32072b006fc6bcd973911d2744af0d835e09c00179bb5c7bac

Download Submit
C:\Windows\system\bJBOpoG.exe

Filesize
6.0MB

MD5
262267a8830d15ea39280781d74e15dd

SHA1
349001e7e51ba02353d861e532e448298b2c25b9

SHA256
50201e004f54400ea90757fcb3c404910a78c5dc83e26be9036f4799df1cd3e6

SHA512
6f3a767ad71b54bfadfc90dc5881d343df3073e4db5a5f05f64e72770d6e6212cf3fc05d589d6320d93e42c08e1e7c243575d6f592a08698ebcf4688b1e39f4d

Download Submit
C:\Windows\system\bxGVytY.exe

Filesize
6.0MB

MD5
2e38b80b5461ca64115161a13ceafc52

SHA1
fc47f5f3fc432be5cc875fce4b8ca4a573658e71

SHA256
0240db551ccc9697f0d38ab4fdd7d55483ccdb5d022d16a07af40980a42ee30a

SHA512
67c3a5e253f2e641c71f450f85732ede2abcbd5c56811abbf7a24e58bdde09a66da6c6a70e1cc0e88c69b40f6282a42bf7bcd0ec6a382775a901faceaa97722e

Download Submit
C:\Windows\system\ebosWNZ.exe

Filesize
6.0MB

MD5
23363cda5d6f750fd917f9ff400e8379

SHA1
8cfce4cbdd1a72379bb68fdf5f468d6ea18546c2

SHA256
46a262150df8573110da4ce93276a7845790a19a3e1fa1c210edaa1e6b781f72

SHA512
d53339b16dc8648f06c499a810c5c6a0fff6b138492a0ff242742ae7a51ac88324d2c16de2a52bf9f19cba845a6ad4499ada6f7e1a61e2e8a1c657c49e0b5ce2

Download Submit
C:\Windows\system\esuytgS.exe

Filesize
6.0MB

MD5
a3f734164aea4818c29e7c648e55595f

SHA1
dccd601502c3a11c9257a229a245a2010257e702

SHA256
06ed3eca6177633b1df6591f15309551863ef036b0002d6abf4ebceb7b79fded

SHA512
b1c794d547c35faadc5b5d33a7a7eba9dfbf830e97c505cdd82dbe5812baa1c4b11973c077cd035a348fed0cc09ac99da215ed2102ed9e6d925c92f0e4a3ecd1

Download Submit
C:\Windows\system\llJLZoI.exe

Filesize
6.0MB

MD5
8c60a954e72bdff90745578429d9aa48

SHA1
7c32fabcf59017317923ab8ec694ea636e7df7ec

SHA256
4ac449a406cda1b15acc0931bb753d3dca2da0d6be613a6cd6fbfafcbc33f374

SHA512
7953be1fa8dd782f62671890ae07c0488238ce89fd91da27f6f4e6958d4faa4d5792bb86d6c77f4303effd60593ed978f40883345abbc1118dc3437829426034

Download Submit
C:\Windows\system\mIRcfVK.exe

Filesize
6.0MB

MD5
0edbc6a5194c3130af42a02b85b526aa

SHA1
ea5dced08b1fec9727bc615c6dd33e2982338514

SHA256
77d87957ccce722e567193b7de0e8adf3ac7b2e9cca1af1c45f41d4539b3cb0f

SHA512
baba809f874beafac4fefa2f58f7c9f5228c354437a4153d34eb39276ec67a7bb79f0a45de3dfe7dcefc5f037f02ab4f0fd31c7b26295ee29597d24844e1597b

Download Submit
C:\Windows\system\mKPeiDw.exe

Filesize
6.0MB

MD5
d85e4969041790105cbeef467a493f6b

SHA1
8c08842b796d35194f48d64101ca2e00c3213e08

SHA256
1abf6574332b9c0edd3c1bd0386e5b21660a9a5edab3597760be2604147ec4b5

SHA512
5ed8c9a46eb02d2ea8a73761d3667ccd2a479d4beebded41635c6b5f1dbc9c8f089a1b1288c3dec9fe190948f8db863b45a3e3cf81ca824a05e6c210d876c67b

Download Submit
C:\Windows\system\miQqvLA.exe

Filesize
6.0MB

MD5
e1202d24310447ad1d6bd4190be0aec9

SHA1
a298f091a495f68c5e14a47993973938e8267bd9

SHA256
4ab4e104fb67a87ae225142580ce1cf7dfe8c64c49b794bfccc321ffb9904deb

SHA512
4080dfc98a2acaaf00532f320fa791bc77df261ddcb5d8d62f7cf7ec75a86ccc7d2f45649bc589cf5ca4c140277e1bf2ae40c99615deb48894e1af41f835f9e4

Download Submit
C:\Windows\system\nbYWvIj.exe

Filesize
6.0MB

MD5
8c525b10c47422bf174fce6025de7ad0

SHA1
7408e99d957c4c33cfa3daee8d83f4647c4e3a5a

SHA256
1ddf088a13536662f0b2888db78e381d6cc1420e5f986bdec0985c1c09944cc9

SHA512
23bc2deaa22c7657da49ef9889793ee71b937f68d3356a1b6551363f951520860d0f2a9c20320fa6c1f9b14c331dfec71457a697a359872a10179cfa84106d38

Download Submit
C:\Windows\system\puzoElK.exe

Filesize
6.0MB

MD5
fb30119d44f7dc523cb00881a2bb79e3

SHA1
d867d2105a9a59e4b1910703830e80b3e84a3709

SHA256
c2dbe6fab21132835a85e39a143640008d23fdebef12e0e4f86bf41b983e7648

SHA512
965c3ae6c32749977b6b064d32272a61d9debad91d75e34108e027fff2fe68a9dba669928200e9bce6c64cb2e306a5613c9218f4c4591a07c109eb328d3feb32

Download Submit
C:\Windows\system\qatlHEs.exe

Filesize
8B

MD5
4cff11d7a63b8eda00b8212eb73a61a6

SHA1
55212ccbd9de958423f1cb94b8b389d82140d27f

SHA256
3b12337388462d596724179cdce820569844bbc48886e6121bcf67be780279cb

SHA512
53c56096c560c0ee3c5d21d73a1c1995262abc0ce37d00af3bd2404d0acc56897f05f101b26927846d3f0bfb68c4ead4d47e00ef4f1aa04a15656d0c3c91c15f

Download Submit
C:\Windows\system\sSllHjW.exe

Filesize
6.0MB

MD5
7c60ec975667426ddb1722f1b6bd559c

SHA1
7b55cf7f43f9425f44662e4fa535b81f1c77f679

SHA256
df39e262769fadb36afac984e520e545b11e11bdeeb8e621e2a6d024a617dfa7

SHA512
9670d17194972a95af687c692e9625b4b0fdc1d8be6cbf72b50efba0e79cfc9e3798162fccaedf40e0267bd33c90cdb22b1233d96a6945146377683a7ab5481f

Download Submit
C:\Windows\system\tZrKcsa.exe

Filesize
6.0MB

MD5
68a289fb008ede908950ae43124cd7ff

SHA1
b8a5fd8c9ffeff3826df349ad200e7a35743f3f6

SHA256
8679f3c965356d4f4c084361d1f2a010c03332531e54a99cf4d432f9e9a5f710

SHA512
dc7ed8f608e030077add8107e2c8cdb01e22ab15f1d09a72e54d9a814a2e2102b35d9b968b0ea56eb33e5b2ca0d3c6313137145e71a34bfd2c36e059088170fc

Download Submit
C:\Windows\system\vDmjyJX.exe

Filesize
6.0MB

MD5
fe61eb0a0e6b885d9b0949da957bf2cc

SHA1
3e9e2542d98ab57bce697f03657d6bd11de97c17

SHA256
ecac96279e4e171688203c62f8b4fe09642a7e9f0b2176ce7b91800eec826230

SHA512
db17e7005839567e824052579789abfacc0028ede4a515b23545c05d3f03f41d73c9714a978c09b67bba1551748b6cd4865a2e44a41bfd8f90b685aeaa3769da

Download Submit
C:\Windows\system\yRgUXNJ.exe

Filesize
6.0MB

MD5
9c019ee720fe697b4b86a3ef9b8cae00

SHA1
8d2e67fc603945f4c0efaffff872e4c49a319e5f

SHA256
f7943cd15c872b292164d016fcf6e5fee3af94fd771a6d7b2b358e07397083dc

SHA512
515d284834e6215e7d13643005627cce06d34849e363f18da8dcd600b058a8b338aa61745c87bbb1b552fc998b783f613a65609dc85b662288886d101f228ea3

Download Submit
\Windows\system\AlnZSkB.exe

Filesize
6.0MB

MD5
2a8a311e7cb84d15c832599c918148bf

SHA1
86bf3f63231f39c4f3037f4cd9b10263500dfaaf

SHA256
03cb5f91b384feb20714bf880f8fb0dbb7f5e8550aa4f271ede6cdd7732506e9

SHA512
64ee640eb170c0439dc733a46a5f9a0bf93829240c6150f329cd7a3ed4543a1606c7c318c2c8f22a0e28becfb54ad268042bd1c9d82b7cfa6bf1852f5e9a790c

Download Submit
\Windows\system\KKdkgzg.exe

Filesize
6.0MB

MD5
b265e594c38247fa620e16b382493ae4

SHA1
357b6b72296f76c2d6ee5e8a6b89669b1a87e8d1

SHA256
5cfbdde73cb2996b211718a685340fb44fff14fbaf60dee5b27eb39a3fa23eb9

SHA512
b33f1a852c9cb847cec68477783f2b9fe06ee0073907d9bf70ff5617da164e6a31c16e70129c90eb005eec27675c7d69a86fcd2580b39f9f607d1cc1a5df3c0f

Download Submit
\Windows\system\UFLUvIy.exe

Filesize
6.0MB

MD5
c428db1461cc5680b172b54f40948837

SHA1
d88db7cdf7c6bce7aed5c45940d302f29c1f2c8c

SHA256
fe1c2f58c7eeb2ee6116064ba7fb2677f482c21e08a686b849ce901f6f761bc8

SHA512
e6cf1197b6af659f32727ac9580c83fbe95ef6e607d11ba178dfca288b4d287a795e4c0360e96a74d00885ec564859d3c2b6edbba0393d4c185ce8bd31fe46d5

Download Submit
\Windows\system\WqkirWn.exe

Filesize
6.0MB

MD5
35dd520887ea5f16ada0d393109f5a37

SHA1
24f9152701a108f4b92eef00fa4caeb2617fed37

SHA256
42f99a0e64407dd58a8665e113df4dd37b0af4e656a9adccb0d4e0d5bf63892c

SHA512
4ac98e1b1172f23ecd429d4fcfd551d0629d5cef678afeba1638a8c4b810e31f91c703e597aecc926358a6bb141dceed3ebfe36284e755ab0903d6dcd8d7d4a7

Download Submit
\Windows\system\cinbxrc.exe

Filesize
6.0MB

MD5
642953b30176d3a0defddfdc1bb9bc3d

SHA1
d081ee8a71a89b93f8cd40682a134cdb8b67e05e

SHA256
57fcf28433a80423db572a51120506a61cb4365ea9dc0ab1225a525daa663666

SHA512
b1d7c59ff04ed642289872d0c4873a64aad67777a253dc05c6aff99e029e67727a484e2e983f5193e312e3e94355183d53045a0137ed55d5659c29774079439c

Download Submit
\Windows\system\flpMZMt.exe

Filesize
6.0MB

MD5
2b155989d98cc0860c847f548de7d19d

SHA1
4e9129db9fc66a9147e10a489350705fcbd1ba0b

SHA256
97995350272fb38106abb7487eb6ebfec266774d30b0c201acdb5cd9afd8430a

SHA512
aab3d5df3aa3f759f645d8d0c0516a665db8bdfd302a1ee68edcd0e99f9119314e81642b9575bcd1d10d4110260c03a6a71e7cd1621961b8d30d89e41493bc28

Download Submit
\Windows\system\lOItHWY.exe

Filesize
6.0MB

MD5
a9fe0e18774e14789f101904008fef1b

SHA1
be1f38b6905814d42679bd150e87be210a8d73df

SHA256
341a7c9bf1fb6255af0f72eb115d1bc0b67e074550b9444ad7cf64ee3f1808bd

SHA512
86a87ac2f663af77469a6fba03585dc0cc6923fa2caa8ea84e1124b89e76d1b5082ee322839a63da075fcc3c77bf372d80daea930ff8a5979cce22ebc1b36ab6

Download Submit
memory/1236-3531-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1236-106-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1236-35-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1316-1001-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1316-102-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1316-3553-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1768-3554-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1768-1104-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1768-107-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1772-100-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1772-3552-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1772-905-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2316-95-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-3547-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-534-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2364-78-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-39-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-31-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2364-34-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2364-424-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2364-25-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2364-58-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2364-18-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2364-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/2364-0-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2364-93-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2364-637-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2364-49-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2364-740-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2364-817-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2364-91-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2364-46-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2364-96-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2364-73-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2364-94-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2384-3537-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-88-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-320-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2556-3543-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2556-43-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2580-99-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3498-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2580-27-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2632-533-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2632-52-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3538-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3546-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2644-89-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3461-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2688-20-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2688-71-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2704-8-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3421-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-42-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-51-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2788-13-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3434-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2924-3551-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2924-97-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download